Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(12)

Side by Side Diff: net/quic/core/crypto/quic_crypto_server_config.cc

Issue 2463093003: Landing Recent QUIC changes until Sat Oct 29 14:59:35. (Closed)
Patch Set: add change to quiartc_session_test.cc Created 4 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/quic/core/crypto/quic_crypto_server_config.h" 5 #include "net/quic/core/crypto/quic_crypto_server_config.h"
6 6
7 #include <stdlib.h> 7 #include <stdlib.h>
8 8
9 #include <algorithm> 9 #include <algorithm>
10 #include <memory> 10 #include <memory>
(...skipping 539 matching lines...) Expand 10 before | Expand all | Expand 10 after
550 explicit ProcessClientHelloHelper( 550 explicit ProcessClientHelloHelper(
551 std::unique_ptr<ProcessClientHelloResultCallback>* done_cb) 551 std::unique_ptr<ProcessClientHelloResultCallback>* done_cb)
552 : done_cb_(done_cb) {} 552 : done_cb_(done_cb) {}
553 553
554 ~ProcessClientHelloHelper() { 554 ~ProcessClientHelloHelper() {
555 QUIC_BUG_IF(done_cb_ != nullptr) 555 QUIC_BUG_IF(done_cb_ != nullptr)
556 << "Deleting ProcessClientHelloHelper with a pending callback."; 556 << "Deleting ProcessClientHelloHelper with a pending callback.";
557 } 557 }
558 558
559 void Fail(QuicErrorCode error, const string& error_details) { 559 void Fail(QuicErrorCode error, const string& error_details) {
560 (*done_cb_)->Run(error, error_details, nullptr, nullptr); 560 (*done_cb_)->Run(error, error_details, nullptr, nullptr, nullptr);
561 DetachCallback(); 561 DetachCallback();
562 } 562 }
563 563
564 void Succeed(std::unique_ptr<CryptoHandshakeMessage> message, 564 void Succeed(std::unique_ptr<CryptoHandshakeMessage> message,
565 std::unique_ptr<DiversificationNonce> diversification_nonce) { 565 std::unique_ptr<DiversificationNonce> diversification_nonce,
566 std::unique_ptr<ProofSource::Details> proof_source_details) {
566 (*done_cb_)->Run(QUIC_NO_ERROR, string(), std::move(message), 567 (*done_cb_)->Run(QUIC_NO_ERROR, string(), std::move(message),
567 std::move(diversification_nonce)); 568 std::move(diversification_nonce),
569 std::move(proof_source_details));
568 DetachCallback(); 570 DetachCallback();
569 } 571 }
570 572
571 void DetachCallback() { 573 void DetachCallback() {
572 QUIC_BUG_IF(done_cb_ == nullptr) << "Callback already detached."; 574 QUIC_BUG_IF(done_cb_ == nullptr) << "Callback already detached.";
573 done_cb_ = nullptr; 575 done_cb_ = nullptr;
574 } 576 }
575 577
576 private: 578 private:
577 std::unique_ptr<ProcessClientHelloResultCallback>* done_cb_; 579 std::unique_ptr<ProcessClientHelloResultCallback>* done_cb_;
(...skipping 47 matching lines...) Expand 10 before | Expand all | Expand 10 after
625 const scoped_refptr<ProofSource::Chain>& chain, 627 const scoped_refptr<ProofSource::Chain>& chain,
626 const string& signature, 628 const string& signature,
627 const string& leaf_cert_sct, 629 const string& leaf_cert_sct,
628 std::unique_ptr<ProofSource::Details> details) override { 630 std::unique_ptr<ProofSource::Details> details) override {
629 if (ok) { 631 if (ok) {
630 crypto_proof_->chain = chain; 632 crypto_proof_->chain = chain;
631 crypto_proof_->signature = signature; 633 crypto_proof_->signature = signature;
632 crypto_proof_->cert_sct = leaf_cert_sct; 634 crypto_proof_->cert_sct = leaf_cert_sct;
633 } 635 }
634 config_->ProcessClientHelloAfterGetProof( 636 config_->ProcessClientHelloAfterGetProof(
635 !ok, *validate_chlo_result_, reject_only_, connection_id_, 637 !ok, std::move(details), *validate_chlo_result_, reject_only_,
636 client_address_, version_, supported_versions_, use_stateless_rejects_, 638 connection_id_, client_address_, version_, supported_versions_,
637 server_designated_connection_id_, clock_, rand_, 639 use_stateless_rejects_, server_designated_connection_id_, clock_, rand_,
638 compressed_certs_cache_, params_, crypto_proof_, 640 compressed_certs_cache_, params_, crypto_proof_,
639 total_framing_overhead_, chlo_packet_size_, requested_config_, 641 total_framing_overhead_, chlo_packet_size_, requested_config_,
640 primary_config_, std::move(done_cb_)); 642 primary_config_, std::move(done_cb_));
641 } 643 }
642 644
643 private: 645 private:
644 const QuicCryptoServerConfig* config_; 646 const QuicCryptoServerConfig* config_;
645 const scoped_refptr<ValidateClientHelloResultCallback::Result> 647 const scoped_refptr<ValidateClientHelloResultCallback::Result>
646 validate_chlo_result_; 648 validate_chlo_result_;
647 const bool reject_only_; 649 const bool reject_only_;
(...skipping 87 matching lines...) Expand 10 before | Expand all | Expand 10 after
735 return; 737 return;
736 } 738 }
737 739
738 if (!ClientDemandsX509Proof(client_hello)) { 740 if (!ClientDemandsX509Proof(client_hello)) {
739 helper.Fail(QUIC_UNSUPPORTED_PROOF_DEMAND, "Missing or invalid PDMD"); 741 helper.Fail(QUIC_UNSUPPORTED_PROOF_DEMAND, "Missing or invalid PDMD");
740 return; 742 return;
741 } 743 }
742 DCHECK(proof_source_.get()); 744 DCHECK(proof_source_.get());
743 string chlo_hash; 745 string chlo_hash;
744 CryptoUtils::HashHandshakeMessage(client_hello, &chlo_hash); 746 CryptoUtils::HashHandshakeMessage(client_hello, &chlo_hash);
747
745 // No need to get a new proof if one was already generated. 748 // No need to get a new proof if one was already generated.
746 if (!crypto_proof->chain) { 749 if (!crypto_proof->chain) {
750 const QuicTag* tag_ptr;
751 size_t num_tags;
752 QuicTagVector connection_options;
753 if (client_hello.GetTaglist(kCOPT, &tag_ptr, &num_tags) == QUIC_NO_ERROR) {
754 connection_options.assign(tag_ptr, tag_ptr + num_tags);
755 }
747 if (FLAGS_enable_async_get_proof) { 756 if (FLAGS_enable_async_get_proof) {
748 std::unique_ptr<ProcessClientHelloCallback> cb( 757 std::unique_ptr<ProcessClientHelloCallback> cb(
749 new ProcessClientHelloCallback( 758 new ProcessClientHelloCallback(
750 this, validate_chlo_result, reject_only, connection_id, 759 this, validate_chlo_result, reject_only, connection_id,
751 client_address, version, supported_versions, 760 client_address, version, supported_versions,
752 use_stateless_rejects, server_designated_connection_id, clock, 761 use_stateless_rejects, server_designated_connection_id, clock,
753 rand, compressed_certs_cache, params, crypto_proof, 762 rand, compressed_certs_cache, params, crypto_proof,
754 total_framing_overhead, chlo_packet_size, requested_config, 763 total_framing_overhead, chlo_packet_size, requested_config,
755 primary_config, std::move(done_cb))); 764 primary_config, std::move(done_cb)));
756 proof_source_->GetProof(server_ip, info.sni.as_string(), 765 proof_source_->GetProof(server_ip, info.sni.as_string(),
757 primary_config->serialized, version, chlo_hash, 766 primary_config->serialized, version, chlo_hash,
758 std::move(cb)); 767 connection_options, std::move(cb));
759 helper.DetachCallback(); 768 helper.DetachCallback();
760 return; 769 return;
761 } 770 }
762 771
763 if (!proof_source_->GetProof(server_ip, info.sni.as_string(), 772 if (!proof_source_->GetProof(
764 primary_config->serialized, version, chlo_hash, 773 server_ip, info.sni.as_string(), primary_config->serialized,
765 &crypto_proof->chain, &crypto_proof->signature, 774 version, chlo_hash, connection_options, &crypto_proof->chain,
766 &crypto_proof->cert_sct)) { 775 &crypto_proof->signature, &crypto_proof->cert_sct)) {
767 helper.Fail(QUIC_HANDSHAKE_FAILED, "Missing or invalid crypto proof."); 776 helper.Fail(QUIC_HANDSHAKE_FAILED, "Missing or invalid crypto proof.");
768 return; 777 return;
769 } 778 }
770 } 779 }
771 780
772 helper.DetachCallback(); 781 helper.DetachCallback();
773 ProcessClientHelloAfterGetProof( 782 ProcessClientHelloAfterGetProof(
774 /* found_error = */ false, *validate_chlo_result, reject_only, 783 /* found_error = */ false, /* proof_source_details = */ nullptr,
775 connection_id, client_address, version, supported_versions, 784 *validate_chlo_result, reject_only, connection_id, client_address,
776 use_stateless_rejects, server_designated_connection_id, clock, rand, 785 version, supported_versions, use_stateless_rejects,
777 compressed_certs_cache, params, crypto_proof, total_framing_overhead, 786 server_designated_connection_id, clock, rand, compressed_certs_cache,
778 chlo_packet_size, requested_config, primary_config, std::move(done_cb)); 787 params, crypto_proof, total_framing_overhead, chlo_packet_size,
788 requested_config, primary_config, std::move(done_cb));
779 } 789 }
780 790
781 void QuicCryptoServerConfig::ProcessClientHelloAfterGetProof( 791 void QuicCryptoServerConfig::ProcessClientHelloAfterGetProof(
782 bool found_error, 792 bool found_error,
793 std::unique_ptr<ProofSource::Details> proof_source_details,
783 const ValidateClientHelloResultCallback::Result& validate_chlo_result, 794 const ValidateClientHelloResultCallback::Result& validate_chlo_result,
784 bool reject_only, 795 bool reject_only,
785 QuicConnectionId connection_id, 796 QuicConnectionId connection_id,
786 const IPEndPoint& client_address, 797 const IPEndPoint& client_address,
787 QuicVersion version, 798 QuicVersion version,
788 const QuicVersionVector& supported_versions, 799 const QuicVersionVector& supported_versions,
789 bool use_stateless_rejects, 800 bool use_stateless_rejects,
790 QuicConnectionId server_designated_connection_id, 801 QuicConnectionId server_designated_connection_id,
791 const QuicClock* clock, 802 const QuicClock* clock,
792 QuicRandom* rand, 803 QuicRandom* rand,
(...skipping 28 matching lines...) Expand all
821 if (!info.reject_reasons.empty() || !requested_config.get()) { 832 if (!info.reject_reasons.empty() || !requested_config.get()) {
822 BuildRejection(version, clock->WallNow(), *primary_config, client_hello, 833 BuildRejection(version, clock->WallNow(), *primary_config, client_hello,
823 info, validate_chlo_result.cached_network_params, 834 info, validate_chlo_result.cached_network_params,
824 use_stateless_rejects, server_designated_connection_id, rand, 835 use_stateless_rejects, server_designated_connection_id, rand,
825 compressed_certs_cache, params, *crypto_proof, 836 compressed_certs_cache, params, *crypto_proof,
826 total_framing_overhead, chlo_packet_size, out.get()); 837 total_framing_overhead, chlo_packet_size, out.get());
827 if (FLAGS_quic_export_rej_for_all_rejects && 838 if (FLAGS_quic_export_rej_for_all_rejects &&
828 rejection_observer_ != nullptr) { 839 rejection_observer_ != nullptr) {
829 rejection_observer_->OnRejectionBuilt(info.reject_reasons, out.get()); 840 rejection_observer_->OnRejectionBuilt(info.reject_reasons, out.get());
830 } 841 }
831 helper.Succeed(std::move(out), std::move(out_diversification_nonce)); 842 helper.Succeed(std::move(out), std::move(out_diversification_nonce),
843 std::move(proof_source_details));
832 return; 844 return;
833 } 845 }
834 846
835 if (reject_only) { 847 if (reject_only) {
836 helper.Succeed(std::move(out), std::move(out_diversification_nonce)); 848 helper.Succeed(std::move(out), std::move(out_diversification_nonce),
849 std::move(proof_source_details));
837 return; 850 return;
838 } 851 }
839 852
840 const QuicTag* their_aeads; 853 const QuicTag* their_aeads;
841 const QuicTag* their_key_exchanges; 854 const QuicTag* their_key_exchanges;
842 size_t num_their_aeads, num_their_key_exchanges; 855 size_t num_their_aeads, num_their_key_exchanges;
843 if (client_hello.GetTaglist(kAEAD, &their_aeads, &num_their_aeads) != 856 if (client_hello.GetTaglist(kAEAD, &their_aeads, &num_their_aeads) !=
844 QUIC_NO_ERROR || 857 QUIC_NO_ERROR ||
845 client_hello.GetTaglist(kKEXS, &their_key_exchanges, 858 client_hello.GetTaglist(kKEXS, &their_key_exchanges,
846 &num_their_key_exchanges) != QUIC_NO_ERROR || 859 &num_their_key_exchanges) != QUIC_NO_ERROR ||
(...skipping 207 matching lines...) Expand 10 before | Expand all | Expand 10 after
1054 } 1067 }
1055 out->SetVector(kVER, supported_version_tags); 1068 out->SetVector(kVER, supported_version_tags);
1056 out->SetStringPiece( 1069 out->SetStringPiece(
1057 kSourceAddressTokenTag, 1070 kSourceAddressTokenTag,
1058 NewSourceAddressToken(*requested_config.get(), info.source_address_tokens, 1071 NewSourceAddressToken(*requested_config.get(), info.source_address_tokens,
1059 client_address.address(), rand, info.now, nullptr)); 1072 client_address.address(), rand, info.now, nullptr));
1060 QuicSocketAddressCoder address_coder(client_address); 1073 QuicSocketAddressCoder address_coder(client_address);
1061 out->SetStringPiece(kCADR, address_coder.Encode()); 1074 out->SetStringPiece(kCADR, address_coder.Encode());
1062 out->SetStringPiece(kPUBS, forward_secure_public_value); 1075 out->SetStringPiece(kPUBS, forward_secure_public_value);
1063 1076
1064 helper.Succeed(std::move(out), std::move(out_diversification_nonce)); 1077 helper.Succeed(std::move(out), std::move(out_diversification_nonce),
1078 std::move(proof_source_details));
1065 } 1079 }
1066 1080
1067 scoped_refptr<QuicCryptoServerConfig::Config> 1081 scoped_refptr<QuicCryptoServerConfig::Config>
1068 QuicCryptoServerConfig::GetConfigWithScid(StringPiece requested_scid) const { 1082 QuicCryptoServerConfig::GetConfigWithScid(StringPiece requested_scid) const {
1069 // In Chromium, we will dead lock if the lock is held by the current thread. 1083 // In Chromium, we will dead lock if the lock is held by the current thread.
1070 // Chromium doesn't have AssertReaderHeld API call. 1084 // Chromium doesn't have AssertReaderHeld API call.
1071 // configs_lock_.AssertReaderHeld(); 1085 // configs_lock_.AssertReaderHeld();
1072 1086
1073 if (!requested_scid.empty()) { 1087 if (!requested_scid.empty()) {
1074 ConfigMap::const_iterator it = configs_.find(requested_scid.as_string()); 1088 ConfigMap::const_iterator it = configs_.find(requested_scid.as_string());
(...skipping 232 matching lines...) Expand 10 before | Expand all | Expand 10 after
1307 // No valid source address token. 1321 // No valid source address token.
1308 found_error = true; 1322 found_error = true;
1309 } 1323 }
1310 1324
1311 bool get_proof_failed = false; 1325 bool get_proof_failed = false;
1312 string serialized_config = primary_config->serialized; 1326 string serialized_config = primary_config->serialized;
1313 string chlo_hash; 1327 string chlo_hash;
1314 CryptoUtils::HashHandshakeMessage(client_hello, &chlo_hash); 1328 CryptoUtils::HashHandshakeMessage(client_hello, &chlo_hash);
1315 bool need_proof = true; 1329 bool need_proof = true;
1316 need_proof = !crypto_proof->chain; 1330 need_proof = !crypto_proof->chain;
1331 const QuicTag* tag_ptr;
1332 size_t num_tags;
1333 QuicTagVector connection_options;
1334 if (client_hello.GetTaglist(kCOPT, &tag_ptr, &num_tags) == QUIC_NO_ERROR) {
1335 connection_options.assign(tag_ptr, tag_ptr + num_tags);
1336 }
1317 if (FLAGS_enable_async_get_proof) { 1337 if (FLAGS_enable_async_get_proof) {
1318 if (need_proof) { 1338 if (need_proof) {
1319 // Make an async call to GetProof and setup the callback to trampoline 1339 // Make an async call to GetProof and setup the callback to trampoline
1320 // back into EvaluateClientHelloAfterGetProof 1340 // back into EvaluateClientHelloAfterGetProof
1321 std::unique_ptr<EvaluateClientHelloCallback> cb( 1341 std::unique_ptr<EvaluateClientHelloCallback> cb(
1322 new EvaluateClientHelloCallback( 1342 new EvaluateClientHelloCallback(
1323 *this, found_error, server_ip, version, requested_config, 1343 *this, found_error, server_ip, version, requested_config,
1324 primary_config, crypto_proof, client_hello_state, 1344 primary_config, crypto_proof, client_hello_state,
1325 std::move(done_cb))); 1345 std::move(done_cb)));
1326 proof_source_->GetProof(server_ip, info->sni.as_string(), 1346 proof_source_->GetProof(server_ip, info->sni.as_string(),
1327 serialized_config, version, chlo_hash, 1347 serialized_config, version, chlo_hash,
1328 std::move(cb)); 1348 connection_options, std::move(cb));
1329 helper.DetachCallback(); 1349 helper.DetachCallback();
1330 return; 1350 return;
1331 } 1351 }
1332 } 1352 }
1333 1353
1334 // No need to get a new proof if one was already generated. 1354 // No need to get a new proof if one was already generated.
1335 if (need_proof && 1355 if (need_proof &&
1336 !proof_source_->GetProof(server_ip, info->sni.as_string(), 1356 !proof_source_->GetProof(
1337 serialized_config, version, chlo_hash, 1357 server_ip, info->sni.as_string(), serialized_config, version,
1338 &crypto_proof->chain, &crypto_proof->signature, 1358 chlo_hash, connection_options, &crypto_proof->chain,
1339 &crypto_proof->cert_sct)) { 1359 &crypto_proof->signature, &crypto_proof->cert_sct)) {
1340 get_proof_failed = true; 1360 get_proof_failed = true;
1341 } 1361 }
1342 1362
1343 // Details are null because the synchronous version of GetProof does not 1363 // Details are null because the synchronous version of GetProof does not
1344 // return any stats. Eventually the synchronous codepath will be eliminated. 1364 // return any stats. Eventually the synchronous codepath will be eliminated.
1345 EvaluateClientHelloAfterGetProof( 1365 EvaluateClientHelloAfterGetProof(
1346 found_error, server_ip, version, requested_config, primary_config, 1366 found_error, server_ip, version, requested_config, primary_config,
1347 crypto_proof, nullptr /* proof_source_details */, get_proof_failed, 1367 crypto_proof, nullptr /* proof_source_details */, get_proof_failed,
1348 client_hello_state, std::move(done_cb)); 1368 client_hello_state, std::move(done_cb));
1349 helper.DetachCallback(); 1369 helper.DetachCallback();
(...skipping 116 matching lines...) Expand 10 before | Expand all | Expand 10 after
1466 QuicVersion version, 1486 QuicVersion version,
1467 StringPiece chlo_hash, 1487 StringPiece chlo_hash,
1468 const SourceAddressTokens& previous_source_address_tokens, 1488 const SourceAddressTokens& previous_source_address_tokens,
1469 const IPAddress& server_ip, 1489 const IPAddress& server_ip,
1470 const IPAddress& client_ip, 1490 const IPAddress& client_ip,
1471 const QuicClock* clock, 1491 const QuicClock* clock,
1472 QuicRandom* rand, 1492 QuicRandom* rand,
1473 QuicCompressedCertsCache* compressed_certs_cache, 1493 QuicCompressedCertsCache* compressed_certs_cache,
1474 const QuicCryptoNegotiatedParameters& params, 1494 const QuicCryptoNegotiatedParameters& params,
1475 const CachedNetworkParameters* cached_network_params, 1495 const CachedNetworkParameters* cached_network_params,
1496 const QuicTagVector& connection_options,
1476 CryptoHandshakeMessage* out) const { 1497 CryptoHandshakeMessage* out) const {
1477 string serialized; 1498 string serialized;
1478 string source_address_token; 1499 string source_address_token;
1479 QuicWallTime expiry_time = QuicWallTime::Zero(); 1500 QuicWallTime expiry_time = QuicWallTime::Zero();
1480 const CommonCertSets* common_cert_sets; 1501 const CommonCertSets* common_cert_sets;
1481 { 1502 {
1482 base::AutoLock locked(configs_lock_); 1503 base::AutoLock locked(configs_lock_);
1483 serialized = primary_config_->serialized; 1504 serialized = primary_config_->serialized;
1484 common_cert_sets = primary_config_->common_cert_sets; 1505 common_cert_sets = primary_config_->common_cert_sets;
1485 expiry_time = primary_config_->expiry_time; 1506 expiry_time = primary_config_->expiry_time;
1486 source_address_token = NewSourceAddressToken( 1507 source_address_token = NewSourceAddressToken(
1487 *primary_config_, previous_source_address_tokens, client_ip, rand, 1508 *primary_config_, previous_source_address_tokens, client_ip, rand,
1488 clock->WallNow(), cached_network_params); 1509 clock->WallNow(), cached_network_params);
1489 } 1510 }
1490 1511
1491 out->set_tag(kSCUP); 1512 out->set_tag(kSCUP);
1492 out->SetStringPiece(kSCFG, serialized); 1513 out->SetStringPiece(kSCFG, serialized);
1493 out->SetStringPiece(kSourceAddressTokenTag, source_address_token); 1514 out->SetStringPiece(kSourceAddressTokenTag, source_address_token);
1494 out->SetValue(kSTTL, 1515 out->SetValue(kSTTL,
1495 expiry_time.AbsoluteDifference(clock->WallNow()).ToSeconds()); 1516 expiry_time.AbsoluteDifference(clock->WallNow()).ToSeconds());
1496 1517
1497 scoped_refptr<ProofSource::Chain> chain; 1518 scoped_refptr<ProofSource::Chain> chain;
1498 string signature; 1519 string signature;
1499 string cert_sct; 1520 string cert_sct;
1500 if (!proof_source_->GetProof(server_ip, params.sni, serialized, version, 1521 if (!proof_source_->GetProof(server_ip, params.sni, serialized, version,
1501 chlo_hash, &chain, &signature, &cert_sct)) { 1522 chlo_hash, connection_options, &chain,
1523 &signature, &cert_sct)) {
1502 DVLOG(1) << "Server: failed to get proof."; 1524 DVLOG(1) << "Server: failed to get proof.";
1503 return false; 1525 return false;
1504 } 1526 }
1505 1527
1506 const string compressed = CompressChain( 1528 const string compressed = CompressChain(
1507 compressed_certs_cache, chain, params.client_common_set_hashes, 1529 compressed_certs_cache, chain, params.client_common_set_hashes,
1508 params.client_cached_cert_hashes, common_cert_sets); 1530 params.client_cached_cert_hashes, common_cert_sets);
1509 1531
1510 out->SetStringPiece(kCertificateTag, compressed); 1532 out->SetStringPiece(kCertificateTag, compressed);
1511 out->SetStringPiece(kPROF, signature); 1533 out->SetStringPiece(kPROF, signature);
(...skipping 12 matching lines...) Expand all
1524 QuicVersion version, 1546 QuicVersion version,
1525 StringPiece chlo_hash, 1547 StringPiece chlo_hash,
1526 const SourceAddressTokens& previous_source_address_tokens, 1548 const SourceAddressTokens& previous_source_address_tokens,
1527 const IPAddress& server_ip, 1549 const IPAddress& server_ip,
1528 const IPAddress& client_ip, 1550 const IPAddress& client_ip,
1529 const QuicClock* clock, 1551 const QuicClock* clock,
1530 QuicRandom* rand, 1552 QuicRandom* rand,
1531 QuicCompressedCertsCache* compressed_certs_cache, 1553 QuicCompressedCertsCache* compressed_certs_cache,
1532 const QuicCryptoNegotiatedParameters& params, 1554 const QuicCryptoNegotiatedParameters& params,
1533 const CachedNetworkParameters* cached_network_params, 1555 const CachedNetworkParameters* cached_network_params,
1556 const QuicTagVector& connection_options,
1534 std::unique_ptr<BuildServerConfigUpdateMessageResultCallback> cb) const { 1557 std::unique_ptr<BuildServerConfigUpdateMessageResultCallback> cb) const {
1535 string serialized; 1558 string serialized;
1536 string source_address_token; 1559 string source_address_token;
1537 const CommonCertSets* common_cert_sets; 1560 const CommonCertSets* common_cert_sets;
1538 { 1561 {
1539 base::AutoLock locked(configs_lock_); 1562 base::AutoLock locked(configs_lock_);
1540 serialized = primary_config_->serialized; 1563 serialized = primary_config_->serialized;
1541 common_cert_sets = primary_config_->common_cert_sets; 1564 common_cert_sets = primary_config_->common_cert_sets;
1542 source_address_token = NewSourceAddressToken( 1565 source_address_token = NewSourceAddressToken(
1543 *primary_config_, previous_source_address_tokens, client_ip, rand, 1566 *primary_config_, previous_source_address_tokens, client_ip, rand,
1544 clock->WallNow(), cached_network_params); 1567 clock->WallNow(), cached_network_params);
1545 } 1568 }
1546 1569
1547 CryptoHandshakeMessage message; 1570 CryptoHandshakeMessage message;
1548 message.set_tag(kSCUP); 1571 message.set_tag(kSCUP);
1549 message.SetStringPiece(kSCFG, serialized); 1572 message.SetStringPiece(kSCFG, serialized);
1550 message.SetStringPiece(kSourceAddressTokenTag, source_address_token); 1573 message.SetStringPiece(kSourceAddressTokenTag, source_address_token);
1551 1574
1552 std::unique_ptr<BuildServerConfigUpdateMessageProofSourceCallback> 1575 std::unique_ptr<BuildServerConfigUpdateMessageProofSourceCallback>
1553 proof_source_cb(new BuildServerConfigUpdateMessageProofSourceCallback( 1576 proof_source_cb(new BuildServerConfigUpdateMessageProofSourceCallback(
1554 this, version, compressed_certs_cache, common_cert_sets, params, 1577 this, version, compressed_certs_cache, common_cert_sets, params,
1555 std::move(message), std::move(cb))); 1578 std::move(message), std::move(cb)));
1556 1579
1580 // Note: We unconditionally use the async variant of GetProof here, unlike
1581 // elsewhere in this file where we check for the kSYNC tag in the CHLO for the
1582 // connection before deciding. This call is not in the critical serving path,
1583 // and so should not have much impact on the experiments associated with that
1584 // tag (plus it would be a chore to plumb information about the tag down to
1585 // here).
1557 proof_source_->GetProof(server_ip, params.sni, serialized, version, chlo_hash, 1586 proof_source_->GetProof(server_ip, params.sni, serialized, version, chlo_hash,
1558 std::move(proof_source_cb)); 1587 connection_options, std::move(proof_source_cb));
1559 } 1588 }
1560 1589
1561 QuicCryptoServerConfig::BuildServerConfigUpdateMessageProofSourceCallback:: 1590 QuicCryptoServerConfig::BuildServerConfigUpdateMessageProofSourceCallback::
1562 ~BuildServerConfigUpdateMessageProofSourceCallback() {} 1591 ~BuildServerConfigUpdateMessageProofSourceCallback() {}
1563 1592
1564 QuicCryptoServerConfig::BuildServerConfigUpdateMessageProofSourceCallback:: 1593 QuicCryptoServerConfig::BuildServerConfigUpdateMessageProofSourceCallback::
1565 BuildServerConfigUpdateMessageProofSourceCallback( 1594 BuildServerConfigUpdateMessageProofSourceCallback(
1566 const QuicCryptoServerConfig* config, 1595 const QuicCryptoServerConfig* config,
1567 QuicVersion version, 1596 QuicVersion version,
1568 QuicCompressedCertsCache* compressed_certs_cache, 1597 QuicCompressedCertsCache* compressed_certs_cache,
(...skipping 676 matching lines...) Expand 10 before | Expand all | Expand 10 after
2245 priority(0), 2274 priority(0),
2246 source_address_token_boxer(nullptr) {} 2275 source_address_token_boxer(nullptr) {}
2247 2276
2248 QuicCryptoServerConfig::Config::~Config() { 2277 QuicCryptoServerConfig::Config::~Config() {
2249 } 2278 }
2250 2279
2251 QuicCryptoProof::QuicCryptoProof() {} 2280 QuicCryptoProof::QuicCryptoProof() {}
2252 QuicCryptoProof::~QuicCryptoProof() {} 2281 QuicCryptoProof::~QuicCryptoProof() {}
2253 2282
2254 } // namespace net 2283 } // namespace net
OLDNEW
« no previous file with comments | « net/quic/core/crypto/quic_crypto_server_config.h ('k') | net/quic/core/quic_crypto_client_stream_test.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698