| OLD | NEW |
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/quic/core/crypto/quic_crypto_server_config.h" | 5 #include "net/quic/core/crypto/quic_crypto_server_config.h" |
| 6 | 6 |
| 7 #include <stdlib.h> | 7 #include <stdlib.h> |
| 8 | 8 |
| 9 #include <algorithm> | 9 #include <algorithm> |
| 10 #include <memory> | 10 #include <memory> |
| (...skipping 482 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 493 scids->push_back(it->first); | 493 scids->push_back(it->first); |
| 494 } | 494 } |
| 495 } | 495 } |
| 496 | 496 |
| 497 void QuicCryptoServerConfig::ValidateClientHello( | 497 void QuicCryptoServerConfig::ValidateClientHello( |
| 498 const CryptoHandshakeMessage& client_hello, | 498 const CryptoHandshakeMessage& client_hello, |
| 499 const IPAddress& client_ip, | 499 const IPAddress& client_ip, |
| 500 const IPAddress& server_ip, | 500 const IPAddress& server_ip, |
| 501 QuicVersion version, | 501 QuicVersion version, |
| 502 const QuicClock* clock, | 502 const QuicClock* clock, |
| 503 QuicCryptoProof* crypto_proof, | 503 scoped_refptr<QuicCryptoProof> crypto_proof, |
| 504 std::unique_ptr<ValidateClientHelloResultCallback> done_cb) const { | 504 std::unique_ptr<ValidateClientHelloResultCallback> done_cb) const { |
| 505 const QuicWallTime now(clock->WallNow()); | 505 const QuicWallTime now(clock->WallNow()); |
| 506 | 506 |
| 507 scoped_refptr<ValidateClientHelloResultCallback::Result> result( | 507 scoped_refptr<ValidateClientHelloResultCallback::Result> result( |
| 508 new ValidateClientHelloResultCallback::Result(client_hello, client_ip, | 508 new ValidateClientHelloResultCallback::Result(client_hello, client_ip, |
| 509 now)); | 509 now)); |
| 510 | 510 |
| 511 StringPiece requested_scid; | 511 StringPiece requested_scid; |
| 512 client_hello.GetStringPiece(kSCID, &requested_scid); | 512 client_hello.GetStringPiece(kSCID, &requested_scid); |
| 513 | 513 |
| (...skipping 73 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 587 bool reject_only, | 587 bool reject_only, |
| 588 QuicConnectionId connection_id, | 588 QuicConnectionId connection_id, |
| 589 const IPEndPoint& client_address, | 589 const IPEndPoint& client_address, |
| 590 QuicVersion version, | 590 QuicVersion version, |
| 591 const QuicVersionVector& supported_versions, | 591 const QuicVersionVector& supported_versions, |
| 592 bool use_stateless_rejects, | 592 bool use_stateless_rejects, |
| 593 QuicConnectionId server_designated_connection_id, | 593 QuicConnectionId server_designated_connection_id, |
| 594 const QuicClock* clock, | 594 const QuicClock* clock, |
| 595 QuicRandom* rand, | 595 QuicRandom* rand, |
| 596 QuicCompressedCertsCache* compressed_certs_cache, | 596 QuicCompressedCertsCache* compressed_certs_cache, |
| 597 QuicCryptoNegotiatedParameters* params, | 597 scoped_refptr<QuicCryptoNegotiatedParameters> params, |
| 598 QuicCryptoProof* crypto_proof, | 598 scoped_refptr<QuicCryptoProof> crypto_proof, |
| 599 QuicByteCount total_framing_overhead, | 599 QuicByteCount total_framing_overhead, |
| 600 QuicByteCount chlo_packet_size, | 600 QuicByteCount chlo_packet_size, |
| 601 const scoped_refptr<QuicCryptoServerConfig::Config>& requested_config, | 601 const scoped_refptr<QuicCryptoServerConfig::Config>& requested_config, |
| 602 const scoped_refptr<QuicCryptoServerConfig::Config>& primary_config, | 602 const scoped_refptr<QuicCryptoServerConfig::Config>& primary_config, |
| 603 std::unique_ptr<ProcessClientHelloResultCallback> done_cb) | 603 std::unique_ptr<ProcessClientHelloResultCallback> done_cb) |
| 604 : config_(config), | 604 : config_(config), |
| 605 validate_chlo_result_(std::move(validate_chlo_result)), | 605 validate_chlo_result_(std::move(validate_chlo_result)), |
| 606 reject_only_(reject_only), | 606 reject_only_(reject_only), |
| 607 connection_id_(connection_id), | 607 connection_id_(connection_id), |
| 608 client_address_(client_address), | 608 client_address_(client_address), |
| (...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 647 const bool reject_only_; | 647 const bool reject_only_; |
| 648 const QuicConnectionId connection_id_; | 648 const QuicConnectionId connection_id_; |
| 649 const IPEndPoint client_address_; | 649 const IPEndPoint client_address_; |
| 650 const QuicVersion version_; | 650 const QuicVersion version_; |
| 651 const QuicVersionVector supported_versions_; | 651 const QuicVersionVector supported_versions_; |
| 652 const bool use_stateless_rejects_; | 652 const bool use_stateless_rejects_; |
| 653 const QuicConnectionId server_designated_connection_id_; | 653 const QuicConnectionId server_designated_connection_id_; |
| 654 const QuicClock* const clock_; | 654 const QuicClock* const clock_; |
| 655 QuicRandom* const rand_; | 655 QuicRandom* const rand_; |
| 656 QuicCompressedCertsCache* compressed_certs_cache_; | 656 QuicCompressedCertsCache* compressed_certs_cache_; |
| 657 QuicCryptoNegotiatedParameters* params_; | 657 scoped_refptr<QuicCryptoNegotiatedParameters> params_; |
| 658 QuicCryptoProof* crypto_proof_; | 658 scoped_refptr<QuicCryptoProof> crypto_proof_; |
| 659 const QuicByteCount total_framing_overhead_; | 659 const QuicByteCount total_framing_overhead_; |
| 660 const QuicByteCount chlo_packet_size_; | 660 const QuicByteCount chlo_packet_size_; |
| 661 const scoped_refptr<QuicCryptoServerConfig::Config> requested_config_; | 661 const scoped_refptr<QuicCryptoServerConfig::Config> requested_config_; |
| 662 const scoped_refptr<QuicCryptoServerConfig::Config> primary_config_; | 662 const scoped_refptr<QuicCryptoServerConfig::Config> primary_config_; |
| 663 std::unique_ptr<ProcessClientHelloResultCallback> done_cb_; | 663 std::unique_ptr<ProcessClientHelloResultCallback> done_cb_; |
| 664 }; | 664 }; |
| 665 | 665 |
| 666 void QuicCryptoServerConfig::ProcessClientHello( | 666 void QuicCryptoServerConfig::ProcessClientHello( |
| 667 scoped_refptr<ValidateClientHelloResultCallback::Result> | 667 scoped_refptr<ValidateClientHelloResultCallback::Result> |
| 668 validate_chlo_result, | 668 validate_chlo_result, |
| 669 bool reject_only, | 669 bool reject_only, |
| 670 QuicConnectionId connection_id, | 670 QuicConnectionId connection_id, |
| 671 const IPAddress& server_ip, | 671 const IPAddress& server_ip, |
| 672 const IPEndPoint& client_address, | 672 const IPEndPoint& client_address, |
| 673 QuicVersion version, | 673 QuicVersion version, |
| 674 const QuicVersionVector& supported_versions, | 674 const QuicVersionVector& supported_versions, |
| 675 bool use_stateless_rejects, | 675 bool use_stateless_rejects, |
| 676 QuicConnectionId server_designated_connection_id, | 676 QuicConnectionId server_designated_connection_id, |
| 677 const QuicClock* clock, | 677 const QuicClock* clock, |
| 678 QuicRandom* rand, | 678 QuicRandom* rand, |
| 679 QuicCompressedCertsCache* compressed_certs_cache, | 679 QuicCompressedCertsCache* compressed_certs_cache, |
| 680 QuicCryptoNegotiatedParameters* params, | 680 scoped_refptr<QuicCryptoNegotiatedParameters> params, |
| 681 QuicCryptoProof* crypto_proof, | 681 scoped_refptr<QuicCryptoProof> crypto_proof, |
| 682 QuicByteCount total_framing_overhead, | 682 QuicByteCount total_framing_overhead, |
| 683 QuicByteCount chlo_packet_size, | 683 QuicByteCount chlo_packet_size, |
| 684 std::unique_ptr<ProcessClientHelloResultCallback> done_cb) const { | 684 std::unique_ptr<ProcessClientHelloResultCallback> done_cb) const { |
| 685 DCHECK(done_cb); | 685 DCHECK(done_cb); |
| 686 | 686 |
| 687 ProcessClientHelloHelper helper(&done_cb); | 687 ProcessClientHelloHelper helper(&done_cb); |
| 688 | 688 |
| 689 const CryptoHandshakeMessage& client_hello = | 689 const CryptoHandshakeMessage& client_hello = |
| 690 validate_chlo_result->client_hello; | 690 validate_chlo_result->client_hello; |
| 691 const ClientHelloInfo& info = validate_chlo_result->info; | 691 const ClientHelloInfo& info = validate_chlo_result->info; |
| (...skipping 92 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 784 bool reject_only, | 784 bool reject_only, |
| 785 QuicConnectionId connection_id, | 785 QuicConnectionId connection_id, |
| 786 const IPEndPoint& client_address, | 786 const IPEndPoint& client_address, |
| 787 QuicVersion version, | 787 QuicVersion version, |
| 788 const QuicVersionVector& supported_versions, | 788 const QuicVersionVector& supported_versions, |
| 789 bool use_stateless_rejects, | 789 bool use_stateless_rejects, |
| 790 QuicConnectionId server_designated_connection_id, | 790 QuicConnectionId server_designated_connection_id, |
| 791 const QuicClock* clock, | 791 const QuicClock* clock, |
| 792 QuicRandom* rand, | 792 QuicRandom* rand, |
| 793 QuicCompressedCertsCache* compressed_certs_cache, | 793 QuicCompressedCertsCache* compressed_certs_cache, |
| 794 QuicCryptoNegotiatedParameters* params, | 794 scoped_refptr<QuicCryptoNegotiatedParameters> params, |
| 795 QuicCryptoProof* crypto_proof, | 795 scoped_refptr<QuicCryptoProof> crypto_proof, |
| 796 QuicByteCount total_framing_overhead, | 796 QuicByteCount total_framing_overhead, |
| 797 QuicByteCount chlo_packet_size, | 797 QuicByteCount chlo_packet_size, |
| 798 const scoped_refptr<Config>& requested_config, | 798 const scoped_refptr<Config>& requested_config, |
| 799 const scoped_refptr<Config>& primary_config, | 799 const scoped_refptr<Config>& primary_config, |
| 800 std::unique_ptr<ProcessClientHelloResultCallback> done_cb) const { | 800 std::unique_ptr<ProcessClientHelloResultCallback> done_cb) const { |
| 801 ProcessClientHelloHelper helper(&done_cb); | 801 ProcessClientHelloHelper helper(&done_cb); |
| 802 | 802 |
| 803 if (found_error) { | 803 if (found_error) { |
| 804 helper.Fail(QUIC_HANDSHAKE_FAILED, "Failed to get proof"); | 804 helper.Fail(QUIC_HANDSHAKE_FAILED, "Failed to get proof"); |
| 805 return; | 805 return; |
| (...skipping 381 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1187 class QuicCryptoServerConfig::EvaluateClientHelloCallback | 1187 class QuicCryptoServerConfig::EvaluateClientHelloCallback |
| 1188 : public ProofSource::Callback { | 1188 : public ProofSource::Callback { |
| 1189 public: | 1189 public: |
| 1190 EvaluateClientHelloCallback( | 1190 EvaluateClientHelloCallback( |
| 1191 const QuicCryptoServerConfig& config, | 1191 const QuicCryptoServerConfig& config, |
| 1192 bool found_error, | 1192 bool found_error, |
| 1193 const IPAddress& server_ip, | 1193 const IPAddress& server_ip, |
| 1194 QuicVersion version, | 1194 QuicVersion version, |
| 1195 scoped_refptr<QuicCryptoServerConfig::Config> requested_config, | 1195 scoped_refptr<QuicCryptoServerConfig::Config> requested_config, |
| 1196 scoped_refptr<QuicCryptoServerConfig::Config> primary_config, | 1196 scoped_refptr<QuicCryptoServerConfig::Config> primary_config, |
| 1197 QuicCryptoProof* crypto_proof, | 1197 scoped_refptr<QuicCryptoProof> crypto_proof, |
| 1198 scoped_refptr<ValidateClientHelloResultCallback::Result> | 1198 scoped_refptr<ValidateClientHelloResultCallback::Result> |
| 1199 client_hello_state, | 1199 client_hello_state, |
| 1200 std::unique_ptr<ValidateClientHelloResultCallback> done_cb) | 1200 std::unique_ptr<ValidateClientHelloResultCallback> done_cb) |
| 1201 : config_(config), | 1201 : config_(config), |
| 1202 found_error_(found_error), | 1202 found_error_(found_error), |
| 1203 server_ip_(server_ip), | 1203 server_ip_(server_ip), |
| 1204 version_(version), | 1204 version_(version), |
| 1205 requested_config_(std::move(requested_config)), | 1205 requested_config_(std::move(requested_config)), |
| 1206 primary_config_(std::move(primary_config)), | 1206 primary_config_(std::move(primary_config)), |
| 1207 crypto_proof_(crypto_proof), | 1207 crypto_proof_(crypto_proof), |
| (...skipping 16 matching lines...) Expand all Loading... |
| 1224 std::move(done_cb_)); | 1224 std::move(done_cb_)); |
| 1225 } | 1225 } |
| 1226 | 1226 |
| 1227 private: | 1227 private: |
| 1228 const QuicCryptoServerConfig& config_; | 1228 const QuicCryptoServerConfig& config_; |
| 1229 const bool found_error_; | 1229 const bool found_error_; |
| 1230 const IPAddress& server_ip_; | 1230 const IPAddress& server_ip_; |
| 1231 const QuicVersion version_; | 1231 const QuicVersion version_; |
| 1232 const scoped_refptr<QuicCryptoServerConfig::Config> requested_config_; | 1232 const scoped_refptr<QuicCryptoServerConfig::Config> requested_config_; |
| 1233 const scoped_refptr<QuicCryptoServerConfig::Config> primary_config_; | 1233 const scoped_refptr<QuicCryptoServerConfig::Config> primary_config_; |
| 1234 QuicCryptoProof* crypto_proof_; | 1234 scoped_refptr<QuicCryptoProof> crypto_proof_; |
| 1235 scoped_refptr<ValidateClientHelloResultCallback::Result> client_hello_state_; | 1235 scoped_refptr<ValidateClientHelloResultCallback::Result> client_hello_state_; |
| 1236 std::unique_ptr<ValidateClientHelloResultCallback> done_cb_; | 1236 std::unique_ptr<ValidateClientHelloResultCallback> done_cb_; |
| 1237 }; | 1237 }; |
| 1238 | 1238 |
| 1239 void QuicCryptoServerConfig::EvaluateClientHello( | 1239 void QuicCryptoServerConfig::EvaluateClientHello( |
| 1240 const IPAddress& server_ip, | 1240 const IPAddress& server_ip, |
| 1241 QuicVersion version, | 1241 QuicVersion version, |
| 1242 scoped_refptr<Config> requested_config, | 1242 scoped_refptr<Config> requested_config, |
| 1243 scoped_refptr<Config> primary_config, | 1243 scoped_refptr<Config> primary_config, |
| 1244 QuicCryptoProof* crypto_proof, | 1244 scoped_refptr<QuicCryptoProof> crypto_proof, |
| 1245 scoped_refptr<ValidateClientHelloResultCallback::Result> client_hello_state, | 1245 scoped_refptr<ValidateClientHelloResultCallback::Result> client_hello_state, |
| 1246 std::unique_ptr<ValidateClientHelloResultCallback> done_cb) const { | 1246 std::unique_ptr<ValidateClientHelloResultCallback> done_cb) const { |
| 1247 ValidateClientHelloHelper helper(client_hello_state, &done_cb); | 1247 ValidateClientHelloHelper helper(client_hello_state, &done_cb); |
| 1248 | 1248 |
| 1249 const CryptoHandshakeMessage& client_hello = client_hello_state->client_hello; | 1249 const CryptoHandshakeMessage& client_hello = client_hello_state->client_hello; |
| 1250 ClientHelloInfo* info = &(client_hello_state->info); | 1250 ClientHelloInfo* info = &(client_hello_state->info); |
| 1251 | 1251 |
| 1252 if (client_hello.size() < kClientHelloMinimumSize) { | 1252 if (client_hello.size() < kClientHelloMinimumSize) { |
| 1253 helper.ValidationComplete(QUIC_CRYPTO_INVALID_VALUE_LENGTH, | 1253 helper.ValidationComplete(QUIC_CRYPTO_INVALID_VALUE_LENGTH, |
| 1254 "Client hello too small", nullptr); | 1254 "Client hello too small", nullptr); |
| (...skipping 93 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1348 client_hello_state, std::move(done_cb)); | 1348 client_hello_state, std::move(done_cb)); |
| 1349 helper.DetachCallback(); | 1349 helper.DetachCallback(); |
| 1350 } | 1350 } |
| 1351 | 1351 |
| 1352 void QuicCryptoServerConfig::EvaluateClientHelloAfterGetProof( | 1352 void QuicCryptoServerConfig::EvaluateClientHelloAfterGetProof( |
| 1353 bool found_error, | 1353 bool found_error, |
| 1354 const IPAddress& server_ip, | 1354 const IPAddress& server_ip, |
| 1355 QuicVersion version, | 1355 QuicVersion version, |
| 1356 scoped_refptr<Config> requested_config, | 1356 scoped_refptr<Config> requested_config, |
| 1357 scoped_refptr<Config> primary_config, | 1357 scoped_refptr<Config> primary_config, |
| 1358 QuicCryptoProof* crypto_proof, | 1358 scoped_refptr<QuicCryptoProof> crypto_proof, |
| 1359 std::unique_ptr<ProofSource::Details> proof_source_details, | 1359 std::unique_ptr<ProofSource::Details> proof_source_details, |
| 1360 bool get_proof_failed, | 1360 bool get_proof_failed, |
| 1361 scoped_refptr<ValidateClientHelloResultCallback::Result> client_hello_state, | 1361 scoped_refptr<ValidateClientHelloResultCallback::Result> client_hello_state, |
| 1362 std::unique_ptr<ValidateClientHelloResultCallback> done_cb) const { | 1362 std::unique_ptr<ValidateClientHelloResultCallback> done_cb) const { |
| 1363 ValidateClientHelloHelper helper(client_hello_state, &done_cb); | 1363 ValidateClientHelloHelper helper(client_hello_state, &done_cb); |
| 1364 const CryptoHandshakeMessage& client_hello = client_hello_state->client_hello; | 1364 const CryptoHandshakeMessage& client_hello = client_hello_state->client_hello; |
| 1365 ClientHelloInfo* info = &(client_hello_state->info); | 1365 ClientHelloInfo* info = &(client_hello_state->info); |
| 1366 | 1366 |
| 1367 if (get_proof_failed) { | 1367 if (get_proof_failed) { |
| 1368 found_error = true; | 1368 found_error = true; |
| (...skipping 264 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1633 QuicVersion version, | 1633 QuicVersion version, |
| 1634 QuicWallTime now, | 1634 QuicWallTime now, |
| 1635 const Config& config, | 1635 const Config& config, |
| 1636 const CryptoHandshakeMessage& client_hello, | 1636 const CryptoHandshakeMessage& client_hello, |
| 1637 const ClientHelloInfo& info, | 1637 const ClientHelloInfo& info, |
| 1638 const CachedNetworkParameters& cached_network_params, | 1638 const CachedNetworkParameters& cached_network_params, |
| 1639 bool use_stateless_rejects, | 1639 bool use_stateless_rejects, |
| 1640 QuicConnectionId server_designated_connection_id, | 1640 QuicConnectionId server_designated_connection_id, |
| 1641 QuicRandom* rand, | 1641 QuicRandom* rand, |
| 1642 QuicCompressedCertsCache* compressed_certs_cache, | 1642 QuicCompressedCertsCache* compressed_certs_cache, |
| 1643 QuicCryptoNegotiatedParameters* params, | 1643 scoped_refptr<QuicCryptoNegotiatedParameters> params, |
| 1644 const QuicCryptoProof& crypto_proof, | 1644 const QuicCryptoProof& crypto_proof, |
| 1645 QuicByteCount total_framing_overhead, | 1645 QuicByteCount total_framing_overhead, |
| 1646 QuicByteCount chlo_packet_size, | 1646 QuicByteCount chlo_packet_size, |
| 1647 CryptoHandshakeMessage* out) const { | 1647 CryptoHandshakeMessage* out) const { |
| 1648 if (FLAGS_enable_quic_stateless_reject_support && use_stateless_rejects) { | 1648 if (FLAGS_enable_quic_stateless_reject_support && use_stateless_rejects) { |
| 1649 DVLOG(1) << "QUIC Crypto server config returning stateless reject " | 1649 DVLOG(1) << "QUIC Crypto server config returning stateless reject " |
| 1650 << "with server-designated connection ID " | 1650 << "with server-designated connection ID " |
| 1651 << server_designated_connection_id; | 1651 << server_designated_connection_id; |
| 1652 out->set_tag(kSREJ); | 1652 out->set_tag(kSREJ); |
| 1653 out->SetValue(kRCID, server_designated_connection_id); | 1653 out->SetValue(kRCID, server_designated_connection_id); |
| (...skipping 589 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2243 primary_time(QuicWallTime::Zero()), | 2243 primary_time(QuicWallTime::Zero()), |
| 2244 expiry_time(QuicWallTime::Zero()), | 2244 expiry_time(QuicWallTime::Zero()), |
| 2245 priority(0), | 2245 priority(0), |
| 2246 source_address_token_boxer(nullptr) {} | 2246 source_address_token_boxer(nullptr) {} |
| 2247 | 2247 |
| 2248 QuicCryptoServerConfig::Config::~Config() { | 2248 QuicCryptoServerConfig::Config::~Config() { |
| 2249 } | 2249 } |
| 2250 | 2250 |
| 2251 QuicCryptoProof::QuicCryptoProof() {} | 2251 QuicCryptoProof::QuicCryptoProof() {} |
| 2252 QuicCryptoProof::~QuicCryptoProof() {} | 2252 QuicCryptoProof::~QuicCryptoProof() {} |
| 2253 |
| 2253 } // namespace net | 2254 } // namespace net |
| OLD | NEW |