OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/quic/chromium/crypto/proof_source_chromium.h" | 5 #include "net/quic/chromium/crypto/proof_source_chromium.h" |
6 | 6 |
7 #include "base/strings/string_number_conversions.h" | 7 #include "base/strings/string_number_conversions.h" |
8 #include "crypto/openssl_util.h" | 8 #include "crypto/openssl_util.h" |
9 #include "net/quic/core/crypto/crypto_protocol.h" | 9 #include "net/quic/core/crypto/crypto_protocol.h" |
10 #include "third_party/boringssl/src/include/openssl/digest.h" | 10 #include "third_party/boringssl/src/include/openssl/digest.h" |
(...skipping 59 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
70 return true; | 70 return true; |
71 | 71 |
72 if (!base::ReadFileToString(sct_path, &signed_certificate_timestamp_)) { | 72 if (!base::ReadFileToString(sct_path, &signed_certificate_timestamp_)) { |
73 DLOG(FATAL) << "Unable to read signed certificate timestamp."; | 73 DLOG(FATAL) << "Unable to read signed certificate timestamp."; |
74 return false; | 74 return false; |
75 } | 75 } |
76 | 76 |
77 return true; | 77 return true; |
78 } | 78 } |
79 | 79 |
80 bool ProofSourceChromium::GetProof(const IPAddress& server_ip, | 80 bool ProofSourceChromium::GetProof( |
81 const string& hostname, | 81 const IPAddress& server_ip, |
82 const string& server_config, | 82 const string& hostname, |
83 QuicVersion quic_version, | 83 const string& server_config, |
84 base::StringPiece chlo_hash, | 84 QuicVersion quic_version, |
85 scoped_refptr<ProofSource::Chain>* out_chain, | 85 base::StringPiece chlo_hash, |
86 string* out_signature, | 86 const QuicTagVector& /* connection_options */, |
87 string* out_leaf_cert_sct) { | 87 scoped_refptr<ProofSource::Chain>* out_chain, |
| 88 string* out_signature, |
| 89 string* out_leaf_cert_sct) { |
88 DCHECK(private_key_.get()) << " this: " << this; | 90 DCHECK(private_key_.get()) << " this: " << this; |
89 | 91 |
90 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); | 92 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); |
91 bssl::ScopedEVP_MD_CTX sign_context; | 93 bssl::ScopedEVP_MD_CTX sign_context; |
92 EVP_PKEY_CTX* pkey_ctx; | 94 EVP_PKEY_CTX* pkey_ctx; |
93 | 95 |
94 uint32_t len_tmp = chlo_hash.length(); | 96 uint32_t len_tmp = chlo_hash.length(); |
95 if (!EVP_DigestSignInit(sign_context.get(), &pkey_ctx, EVP_sha256(), nullptr, | 97 if (!EVP_DigestSignInit(sign_context.get(), &pkey_ctx, EVP_sha256(), nullptr, |
96 private_key_->key()) || | 98 private_key_->key()) || |
97 !EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING) || | 99 !EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING) || |
(...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
130 << base::HexEncode(out_signature->data(), out_signature->size()); | 132 << base::HexEncode(out_signature->data(), out_signature->size()); |
131 *out_leaf_cert_sct = signed_certificate_timestamp_; | 133 *out_leaf_cert_sct = signed_certificate_timestamp_; |
132 return true; | 134 return true; |
133 } | 135 } |
134 | 136 |
135 void ProofSourceChromium::GetProof(const IPAddress& server_ip, | 137 void ProofSourceChromium::GetProof(const IPAddress& server_ip, |
136 const std::string& hostname, | 138 const std::string& hostname, |
137 const std::string& server_config, | 139 const std::string& server_config, |
138 QuicVersion quic_version, | 140 QuicVersion quic_version, |
139 base::StringPiece chlo_hash, | 141 base::StringPiece chlo_hash, |
| 142 const QuicTagVector& connection_options, |
140 std::unique_ptr<Callback> callback) { | 143 std::unique_ptr<Callback> callback) { |
141 // As a transitional implementation, just call the synchronous version of | 144 // As a transitional implementation, just call the synchronous version of |
142 // GetProof, then invoke the callback with the results and destroy it. | 145 // GetProof, then invoke the callback with the results and destroy it. |
143 scoped_refptr<ProofSource::Chain> chain; | 146 scoped_refptr<ProofSource::Chain> chain; |
144 string signature; | 147 string signature; |
145 string leaf_cert_sct; | 148 string leaf_cert_sct; |
146 const bool ok = GetProof(server_ip, hostname, server_config, quic_version, | 149 const bool ok = |
147 chlo_hash, &chain, &signature, &leaf_cert_sct); | 150 GetProof(server_ip, hostname, server_config, quic_version, chlo_hash, |
| 151 connection_options, &chain, &signature, &leaf_cert_sct); |
148 callback->Run(ok, chain, signature, leaf_cert_sct, nullptr /* details */); | 152 callback->Run(ok, chain, signature, leaf_cert_sct, nullptr /* details */); |
149 } | 153 } |
150 | 154 |
151 } // namespace net | 155 } // namespace net |
OLD | NEW |