Add connection_options argument to ProofSource::GetProof

net/quic/core/crypto/quic_crypto_server_config.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/quic/core/crypto/quic_crypto_server_config.h"
 
 #include <stdlib.h>
 
 #include <algorithm>
 #include <memory>
@@ skipping 726 matching lines @@
 
   if (!ClientDemandsX509Proof(client_hello)) {
     helper.Fail(QUIC_UNSUPPORTED_PROOF_DEMAND, "Missing or invalid PDMD");
     return;
   }
   DCHECK(proof_source_.get());
   string chlo_hash;
   CryptoUtils::HashHandshakeMessage(client_hello, &chlo_hash);
   // No need to get a new proof if one was already generated.
   if (!crypto_proof->chain) {
+    const QuicTag* tag_ptr;
+    size_t num_tags;
+    QuicTagVector connection_options;
+    if (client_hello.GetTaglist(kCOPT, &tag_ptr, &num_tags) == QUIC_NO_ERROR) {
+      connection_options.assign(tag_ptr, tag_ptr + num_tags);
+    }
     if (FLAGS_enable_async_get_proof) {
       std::unique_ptr<ProcessClientHelloCallback> cb(
           new ProcessClientHelloCallback(
               this, validate_chlo_result, reject_only, connection_id,
               client_address, version, supported_versions,
               use_stateless_rejects, server_designated_connection_id, clock,
               rand, compressed_certs_cache, params, crypto_proof,
               total_framing_overhead, chlo_packet_size, requested_config,
               primary_config, std::move(done_cb)));
       proof_source_->GetProof(server_ip, info.sni.as_string(),
                               primary_config->serialized, version, chlo_hash,
-                              std::move(cb));
+                              connection_options, std::move(cb));
       helper.DetachCallback();
       return;
     }
 
-    if (!proof_source_->GetProof(server_ip, info.sni.as_string(),
-                                 primary_config->serialized, version, chlo_hash,
-                                 &crypto_proof->chain, &crypto_proof->signature,
-                                 &crypto_proof->cert_sct)) {
+    if (!proof_source_->GetProof(
+            server_ip, info.sni.as_string(), primary_config->serialized,
+            version, chlo_hash, connection_options, &crypto_proof->chain,
+            &crypto_proof->signature, &crypto_proof->cert_sct)) {
       helper.Fail(QUIC_HANDSHAKE_FAILED, "Missing or invalid crypto proof.");
       return;
     }
   }
 
   helper.DetachCallback();
   ProcessClientHelloAfterGetProof(
       /* found_error = */ false, *validate_chlo_result, reject_only,
       connection_id, client_address, version, supported_versions,
       use_stateless_rejects, server_designated_connection_id, clock, rand,
@@ skipping 530 matching lines @@
     // No valid source address token.
     found_error = true;
   }
 
   bool get_proof_failed = false;
   string serialized_config = primary_config->serialized;
   string chlo_hash;
   CryptoUtils::HashHandshakeMessage(client_hello, &chlo_hash);
   bool need_proof = true;
   need_proof = !crypto_proof->chain;
+  const QuicTag* tag_ptr;
+  size_t num_tags;
+  QuicTagVector connection_options;
+  if (client_hello.GetTaglist(kCOPT, &tag_ptr, &num_tags) == QUIC_NO_ERROR) {
+    connection_options.assign(tag_ptr, tag_ptr + num_tags);
+  }
   if (FLAGS_enable_async_get_proof) {
     if (need_proof) {
       // Make an async call to GetProof and setup the callback to trampoline
       // back into EvaluateClientHelloAfterGetProof
       std::unique_ptr<EvaluateClientHelloCallback> cb(
           new EvaluateClientHelloCallback(
               *this, found_error, server_ip, version, requested_config,
               primary_config, crypto_proof, client_hello_state,
               std::move(done_cb)));
       proof_source_->GetProof(server_ip, info->sni.as_string(),
                               serialized_config, version, chlo_hash,
-                              std::move(cb));
+                              connection_options, std::move(cb));
       helper.DetachCallback();
       return;
     }
   }
 
   // No need to get a new proof if one was already generated.
   if (need_proof &&
-      !proof_source_->GetProof(server_ip, info->sni.as_string(),
-                               serialized_config, version, chlo_hash,
-                               &crypto_proof->chain, &crypto_proof->signature,
-                               &crypto_proof->cert_sct)) {
+      !proof_source_->GetProof(
+          server_ip, info->sni.as_string(), serialized_config, version,
+          chlo_hash, connection_options, &crypto_proof->chain,
+          &crypto_proof->signature, &crypto_proof->cert_sct)) {
     get_proof_failed = true;
   }
 
   // Details are null because the synchronous version of GetProof does not
   // return any stats.  Eventually the synchronous codepath will be eliminated.
   EvaluateClientHelloAfterGetProof(
       found_error, server_ip, version, requested_config, primary_config,
       crypto_proof, nullptr /* proof_source_details */, get_proof_failed,
       client_hello_state, std::move(done_cb));
   helper.DetachCallback();
@@ skipping 116 matching lines @@
     QuicVersion version,
     StringPiece chlo_hash,
     const SourceAddressTokens& previous_source_address_tokens,
     const IPAddress& server_ip,
     const IPAddress& client_ip,
     const QuicClock* clock,
     QuicRandom* rand,
     QuicCompressedCertsCache* compressed_certs_cache,
     const QuicCryptoNegotiatedParameters& params,
     const CachedNetworkParameters* cached_network_params,
+    const QuicTagVector& connection_options,
     CryptoHandshakeMessage* out) const {
   string serialized;
   string source_address_token;
   QuicWallTime expiry_time = QuicWallTime::Zero();
   const CommonCertSets* common_cert_sets;
   {
     base::AutoLock locked(configs_lock_);
     serialized = primary_config_->serialized;
     common_cert_sets = primary_config_->common_cert_sets;
     expiry_time = primary_config_->expiry_time;
     source_address_token = NewSourceAddressToken(
         *primary_config_, previous_source_address_tokens, client_ip, rand,
         clock->WallNow(), cached_network_params);
   }
 
   out->set_tag(kSCUP);
   out->SetStringPiece(kSCFG, serialized);
   out->SetStringPiece(kSourceAddressTokenTag, source_address_token);
   out->SetValue(kSTTL,
                 expiry_time.AbsoluteDifference(clock->WallNow()).ToSeconds());
 
   scoped_refptr<ProofSource::Chain> chain;
   string signature;
   string cert_sct;
   if (!proof_source_->GetProof(server_ip, params.sni, serialized, version,
-                               chlo_hash, &chain, &signature, &cert_sct)) {
+                               chlo_hash, connection_options, &chain,
+                               &signature, &cert_sct)) {
     DVLOG(1) << "Server: failed to get proof.";
     return false;
   }
 
   const string compressed = CompressChain(
       compressed_certs_cache, chain, params.client_common_set_hashes,
       params.client_cached_cert_hashes, common_cert_sets);
 
   out->SetStringPiece(kCertificateTag, compressed);
   out->SetStringPiece(kPROF, signature);
@@ skipping 12 matching lines @@
     QuicVersion version,
     StringPiece chlo_hash,
     const SourceAddressTokens& previous_source_address_tokens,
     const IPAddress& server_ip,
     const IPAddress& client_ip,
     const QuicClock* clock,
     QuicRandom* rand,
     QuicCompressedCertsCache* compressed_certs_cache,
     const QuicCryptoNegotiatedParameters& params,
     const CachedNetworkParameters* cached_network_params,
+    const QuicTagVector& connection_options,
     std::unique_ptr<BuildServerConfigUpdateMessageResultCallback> cb) const {
   string serialized;
   string source_address_token;
   const CommonCertSets* common_cert_sets;
   {
     base::AutoLock locked(configs_lock_);
     serialized = primary_config_->serialized;
     common_cert_sets = primary_config_->common_cert_sets;
     source_address_token = NewSourceAddressToken(
         *primary_config_, previous_source_address_tokens, client_ip, rand,
         clock->WallNow(), cached_network_params);
   }
 
   CryptoHandshakeMessage message;
   message.set_tag(kSCUP);
   message.SetStringPiece(kSCFG, serialized);
   message.SetStringPiece(kSourceAddressTokenTag, source_address_token);
 
   std::unique_ptr<BuildServerConfigUpdateMessageProofSourceCallback>
       proof_source_cb(new BuildServerConfigUpdateMessageProofSourceCallback(
           this, version, compressed_certs_cache, common_cert_sets, params,
           std::move(message), std::move(cb)));
 
   proof_source_->GetProof(server_ip, params.sni, serialized, version, chlo_hash,
-                          std::move(proof_source_cb));
+                          connection_options, std::move(proof_source_cb));
 }
 
 QuicCryptoServerConfig::BuildServerConfigUpdateMessageProofSourceCallback::
     ~BuildServerConfigUpdateMessageProofSourceCallback() {}
 
 QuicCryptoServerConfig::BuildServerConfigUpdateMessageProofSourceCallback::
     BuildServerConfigUpdateMessageProofSourceCallback(
         const QuicCryptoServerConfig* config,
         QuicVersion version,
         QuicCompressedCertsCache* compressed_certs_cache,
@@ skipping 676 matching lines @@
       priority(0),
       source_address_token_boxer(nullptr) {}
 
 QuicCryptoServerConfig::Config::~Config() {
 }
 
 QuicCryptoProof::QuicCryptoProof() {}
 QuicCryptoProof::~QuicCryptoProof() {}
 
 }  // namespace net