OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/quic/core/crypto/quic_crypto_server_config.h" | 5 #include "net/quic/core/crypto/quic_crypto_server_config.h" |
6 | 6 |
7 #include <stdlib.h> | 7 #include <stdlib.h> |
8 | 8 |
9 #include <algorithm> | 9 #include <algorithm> |
10 #include <memory> | 10 #include <memory> |
(...skipping 539 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
550 explicit ProcessClientHelloHelper( | 550 explicit ProcessClientHelloHelper( |
551 std::unique_ptr<ProcessClientHelloResultCallback>* done_cb) | 551 std::unique_ptr<ProcessClientHelloResultCallback>* done_cb) |
552 : done_cb_(done_cb) {} | 552 : done_cb_(done_cb) {} |
553 | 553 |
554 ~ProcessClientHelloHelper() { | 554 ~ProcessClientHelloHelper() { |
555 QUIC_BUG_IF(done_cb_ != nullptr) | 555 QUIC_BUG_IF(done_cb_ != nullptr) |
556 << "Deleting ProcessClientHelloHelper with a pending callback."; | 556 << "Deleting ProcessClientHelloHelper with a pending callback."; |
557 } | 557 } |
558 | 558 |
559 void Fail(QuicErrorCode error, const string& error_details) { | 559 void Fail(QuicErrorCode error, const string& error_details) { |
560 (*done_cb_)->Run(error, error_details, nullptr, nullptr); | 560 (*done_cb_)->Run(error, error_details, nullptr, nullptr, nullptr); |
561 DetachCallback(); | 561 DetachCallback(); |
562 } | 562 } |
563 | 563 |
564 void Succeed(std::unique_ptr<CryptoHandshakeMessage> message, | 564 void Succeed(std::unique_ptr<CryptoHandshakeMessage> message, |
565 std::unique_ptr<DiversificationNonce> diversification_nonce) { | 565 std::unique_ptr<DiversificationNonce> diversification_nonce, |
| 566 std::unique_ptr<ProofSource::Details> proof_source_details) { |
566 (*done_cb_)->Run(QUIC_NO_ERROR, string(), std::move(message), | 567 (*done_cb_)->Run(QUIC_NO_ERROR, string(), std::move(message), |
567 std::move(diversification_nonce)); | 568 std::move(diversification_nonce), |
| 569 std::move(proof_source_details)); |
568 DetachCallback(); | 570 DetachCallback(); |
569 } | 571 } |
570 | 572 |
571 void DetachCallback() { | 573 void DetachCallback() { |
572 QUIC_BUG_IF(done_cb_ == nullptr) << "Callback already detached."; | 574 QUIC_BUG_IF(done_cb_ == nullptr) << "Callback already detached."; |
573 done_cb_ = nullptr; | 575 done_cb_ = nullptr; |
574 } | 576 } |
575 | 577 |
576 private: | 578 private: |
577 std::unique_ptr<ProcessClientHelloResultCallback>* done_cb_; | 579 std::unique_ptr<ProcessClientHelloResultCallback>* done_cb_; |
(...skipping 47 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
625 const scoped_refptr<ProofSource::Chain>& chain, | 627 const scoped_refptr<ProofSource::Chain>& chain, |
626 const string& signature, | 628 const string& signature, |
627 const string& leaf_cert_sct, | 629 const string& leaf_cert_sct, |
628 std::unique_ptr<ProofSource::Details> details) override { | 630 std::unique_ptr<ProofSource::Details> details) override { |
629 if (ok) { | 631 if (ok) { |
630 crypto_proof_->chain = chain; | 632 crypto_proof_->chain = chain; |
631 crypto_proof_->signature = signature; | 633 crypto_proof_->signature = signature; |
632 crypto_proof_->cert_sct = leaf_cert_sct; | 634 crypto_proof_->cert_sct = leaf_cert_sct; |
633 } | 635 } |
634 config_->ProcessClientHelloAfterGetProof( | 636 config_->ProcessClientHelloAfterGetProof( |
635 !ok, *validate_chlo_result_, reject_only_, connection_id_, | 637 !ok, std::move(details), *validate_chlo_result_, reject_only_, |
636 client_address_, version_, supported_versions_, use_stateless_rejects_, | 638 connection_id_, client_address_, version_, supported_versions_, |
637 server_designated_connection_id_, clock_, rand_, | 639 use_stateless_rejects_, server_designated_connection_id_, clock_, rand_, |
638 compressed_certs_cache_, params_, crypto_proof_, | 640 compressed_certs_cache_, params_, crypto_proof_, |
639 total_framing_overhead_, chlo_packet_size_, requested_config_, | 641 total_framing_overhead_, chlo_packet_size_, requested_config_, |
640 primary_config_, std::move(done_cb_)); | 642 primary_config_, std::move(done_cb_)); |
641 } | 643 } |
642 | 644 |
643 private: | 645 private: |
644 const QuicCryptoServerConfig* config_; | 646 const QuicCryptoServerConfig* config_; |
645 const scoped_refptr<ValidateClientHelloResultCallback::Result> | 647 const scoped_refptr<ValidateClientHelloResultCallback::Result> |
646 validate_chlo_result_; | 648 validate_chlo_result_; |
647 const bool reject_only_; | 649 const bool reject_only_; |
(...skipping 87 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
735 return; | 737 return; |
736 } | 738 } |
737 | 739 |
738 if (!ClientDemandsX509Proof(client_hello)) { | 740 if (!ClientDemandsX509Proof(client_hello)) { |
739 helper.Fail(QUIC_UNSUPPORTED_PROOF_DEMAND, "Missing or invalid PDMD"); | 741 helper.Fail(QUIC_UNSUPPORTED_PROOF_DEMAND, "Missing or invalid PDMD"); |
740 return; | 742 return; |
741 } | 743 } |
742 DCHECK(proof_source_.get()); | 744 DCHECK(proof_source_.get()); |
743 string chlo_hash; | 745 string chlo_hash; |
744 CryptoUtils::HashHandshakeMessage(client_hello, &chlo_hash); | 746 CryptoUtils::HashHandshakeMessage(client_hello, &chlo_hash); |
| 747 |
745 // No need to get a new proof if one was already generated. | 748 // No need to get a new proof if one was already generated. |
746 if (!crypto_proof->chain) { | 749 if (!crypto_proof->chain) { |
| 750 const QuicTag* tag_ptr; |
| 751 size_t num_tags; |
| 752 QuicTagVector connection_options; |
| 753 if (client_hello.GetTaglist(kCOPT, &tag_ptr, &num_tags) == QUIC_NO_ERROR) { |
| 754 connection_options.assign(tag_ptr, tag_ptr + num_tags); |
| 755 } |
747 if (FLAGS_enable_async_get_proof) { | 756 if (FLAGS_enable_async_get_proof) { |
748 std::unique_ptr<ProcessClientHelloCallback> cb( | 757 std::unique_ptr<ProcessClientHelloCallback> cb( |
749 new ProcessClientHelloCallback( | 758 new ProcessClientHelloCallback( |
750 this, validate_chlo_result, reject_only, connection_id, | 759 this, validate_chlo_result, reject_only, connection_id, |
751 client_address, version, supported_versions, | 760 client_address, version, supported_versions, |
752 use_stateless_rejects, server_designated_connection_id, clock, | 761 use_stateless_rejects, server_designated_connection_id, clock, |
753 rand, compressed_certs_cache, params, crypto_proof, | 762 rand, compressed_certs_cache, params, crypto_proof, |
754 total_framing_overhead, chlo_packet_size, requested_config, | 763 total_framing_overhead, chlo_packet_size, requested_config, |
755 primary_config, std::move(done_cb))); | 764 primary_config, std::move(done_cb))); |
756 proof_source_->GetProof(server_ip, info.sni.as_string(), | 765 proof_source_->GetProof(server_ip, info.sni.as_string(), |
757 primary_config->serialized, version, chlo_hash, | 766 primary_config->serialized, version, chlo_hash, |
758 std::move(cb)); | 767 connection_options, std::move(cb)); |
759 helper.DetachCallback(); | 768 helper.DetachCallback(); |
760 return; | 769 return; |
761 } | 770 } |
762 | 771 |
763 if (!proof_source_->GetProof(server_ip, info.sni.as_string(), | 772 if (!proof_source_->GetProof( |
764 primary_config->serialized, version, chlo_hash, | 773 server_ip, info.sni.as_string(), primary_config->serialized, |
765 &crypto_proof->chain, &crypto_proof->signature, | 774 version, chlo_hash, connection_options, &crypto_proof->chain, |
766 &crypto_proof->cert_sct)) { | 775 &crypto_proof->signature, &crypto_proof->cert_sct)) { |
767 helper.Fail(QUIC_HANDSHAKE_FAILED, "Missing or invalid crypto proof."); | 776 helper.Fail(QUIC_HANDSHAKE_FAILED, "Missing or invalid crypto proof."); |
768 return; | 777 return; |
769 } | 778 } |
770 } | 779 } |
771 | 780 |
772 helper.DetachCallback(); | 781 helper.DetachCallback(); |
773 ProcessClientHelloAfterGetProof( | 782 ProcessClientHelloAfterGetProof( |
774 /* found_error = */ false, *validate_chlo_result, reject_only, | 783 /* found_error = */ false, /* proof_source_details = */ nullptr, |
775 connection_id, client_address, version, supported_versions, | 784 *validate_chlo_result, reject_only, connection_id, client_address, |
776 use_stateless_rejects, server_designated_connection_id, clock, rand, | 785 version, supported_versions, use_stateless_rejects, |
777 compressed_certs_cache, params, crypto_proof, total_framing_overhead, | 786 server_designated_connection_id, clock, rand, compressed_certs_cache, |
778 chlo_packet_size, requested_config, primary_config, std::move(done_cb)); | 787 params, crypto_proof, total_framing_overhead, chlo_packet_size, |
| 788 requested_config, primary_config, std::move(done_cb)); |
779 } | 789 } |
780 | 790 |
781 void QuicCryptoServerConfig::ProcessClientHelloAfterGetProof( | 791 void QuicCryptoServerConfig::ProcessClientHelloAfterGetProof( |
782 bool found_error, | 792 bool found_error, |
| 793 std::unique_ptr<ProofSource::Details> proof_source_details, |
783 const ValidateClientHelloResultCallback::Result& validate_chlo_result, | 794 const ValidateClientHelloResultCallback::Result& validate_chlo_result, |
784 bool reject_only, | 795 bool reject_only, |
785 QuicConnectionId connection_id, | 796 QuicConnectionId connection_id, |
786 const IPEndPoint& client_address, | 797 const IPEndPoint& client_address, |
787 QuicVersion version, | 798 QuicVersion version, |
788 const QuicVersionVector& supported_versions, | 799 const QuicVersionVector& supported_versions, |
789 bool use_stateless_rejects, | 800 bool use_stateless_rejects, |
790 QuicConnectionId server_designated_connection_id, | 801 QuicConnectionId server_designated_connection_id, |
791 const QuicClock* clock, | 802 const QuicClock* clock, |
792 QuicRandom* rand, | 803 QuicRandom* rand, |
(...skipping 28 matching lines...) Expand all Loading... |
821 if (!info.reject_reasons.empty() || !requested_config.get()) { | 832 if (!info.reject_reasons.empty() || !requested_config.get()) { |
822 BuildRejection(version, clock->WallNow(), *primary_config, client_hello, | 833 BuildRejection(version, clock->WallNow(), *primary_config, client_hello, |
823 info, validate_chlo_result.cached_network_params, | 834 info, validate_chlo_result.cached_network_params, |
824 use_stateless_rejects, server_designated_connection_id, rand, | 835 use_stateless_rejects, server_designated_connection_id, rand, |
825 compressed_certs_cache, params, *crypto_proof, | 836 compressed_certs_cache, params, *crypto_proof, |
826 total_framing_overhead, chlo_packet_size, out.get()); | 837 total_framing_overhead, chlo_packet_size, out.get()); |
827 if (FLAGS_quic_export_rej_for_all_rejects && | 838 if (FLAGS_quic_export_rej_for_all_rejects && |
828 rejection_observer_ != nullptr) { | 839 rejection_observer_ != nullptr) { |
829 rejection_observer_->OnRejectionBuilt(info.reject_reasons, out.get()); | 840 rejection_observer_->OnRejectionBuilt(info.reject_reasons, out.get()); |
830 } | 841 } |
831 helper.Succeed(std::move(out), std::move(out_diversification_nonce)); | 842 helper.Succeed(std::move(out), std::move(out_diversification_nonce), |
| 843 std::move(proof_source_details)); |
832 return; | 844 return; |
833 } | 845 } |
834 | 846 |
835 if (reject_only) { | 847 if (reject_only) { |
836 helper.Succeed(std::move(out), std::move(out_diversification_nonce)); | 848 helper.Succeed(std::move(out), std::move(out_diversification_nonce), |
| 849 std::move(proof_source_details)); |
837 return; | 850 return; |
838 } | 851 } |
839 | 852 |
840 const QuicTag* their_aeads; | 853 const QuicTag* their_aeads; |
841 const QuicTag* their_key_exchanges; | 854 const QuicTag* their_key_exchanges; |
842 size_t num_their_aeads, num_their_key_exchanges; | 855 size_t num_their_aeads, num_their_key_exchanges; |
843 if (client_hello.GetTaglist(kAEAD, &their_aeads, &num_their_aeads) != | 856 if (client_hello.GetTaglist(kAEAD, &their_aeads, &num_their_aeads) != |
844 QUIC_NO_ERROR || | 857 QUIC_NO_ERROR || |
845 client_hello.GetTaglist(kKEXS, &their_key_exchanges, | 858 client_hello.GetTaglist(kKEXS, &their_key_exchanges, |
846 &num_their_key_exchanges) != QUIC_NO_ERROR || | 859 &num_their_key_exchanges) != QUIC_NO_ERROR || |
(...skipping 207 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1054 } | 1067 } |
1055 out->SetVector(kVER, supported_version_tags); | 1068 out->SetVector(kVER, supported_version_tags); |
1056 out->SetStringPiece( | 1069 out->SetStringPiece( |
1057 kSourceAddressTokenTag, | 1070 kSourceAddressTokenTag, |
1058 NewSourceAddressToken(*requested_config.get(), info.source_address_tokens, | 1071 NewSourceAddressToken(*requested_config.get(), info.source_address_tokens, |
1059 client_address.address(), rand, info.now, nullptr)); | 1072 client_address.address(), rand, info.now, nullptr)); |
1060 QuicSocketAddressCoder address_coder(client_address); | 1073 QuicSocketAddressCoder address_coder(client_address); |
1061 out->SetStringPiece(kCADR, address_coder.Encode()); | 1074 out->SetStringPiece(kCADR, address_coder.Encode()); |
1062 out->SetStringPiece(kPUBS, forward_secure_public_value); | 1075 out->SetStringPiece(kPUBS, forward_secure_public_value); |
1063 | 1076 |
1064 helper.Succeed(std::move(out), std::move(out_diversification_nonce)); | 1077 helper.Succeed(std::move(out), std::move(out_diversification_nonce), |
| 1078 std::move(proof_source_details)); |
1065 } | 1079 } |
1066 | 1080 |
1067 scoped_refptr<QuicCryptoServerConfig::Config> | 1081 scoped_refptr<QuicCryptoServerConfig::Config> |
1068 QuicCryptoServerConfig::GetConfigWithScid(StringPiece requested_scid) const { | 1082 QuicCryptoServerConfig::GetConfigWithScid(StringPiece requested_scid) const { |
1069 // In Chromium, we will dead lock if the lock is held by the current thread. | 1083 // In Chromium, we will dead lock if the lock is held by the current thread. |
1070 // Chromium doesn't have AssertReaderHeld API call. | 1084 // Chromium doesn't have AssertReaderHeld API call. |
1071 // configs_lock_.AssertReaderHeld(); | 1085 // configs_lock_.AssertReaderHeld(); |
1072 | 1086 |
1073 if (!requested_scid.empty()) { | 1087 if (!requested_scid.empty()) { |
1074 ConfigMap::const_iterator it = configs_.find(requested_scid.as_string()); | 1088 ConfigMap::const_iterator it = configs_.find(requested_scid.as_string()); |
(...skipping 232 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1307 // No valid source address token. | 1321 // No valid source address token. |
1308 found_error = true; | 1322 found_error = true; |
1309 } | 1323 } |
1310 | 1324 |
1311 bool get_proof_failed = false; | 1325 bool get_proof_failed = false; |
1312 string serialized_config = primary_config->serialized; | 1326 string serialized_config = primary_config->serialized; |
1313 string chlo_hash; | 1327 string chlo_hash; |
1314 CryptoUtils::HashHandshakeMessage(client_hello, &chlo_hash); | 1328 CryptoUtils::HashHandshakeMessage(client_hello, &chlo_hash); |
1315 bool need_proof = true; | 1329 bool need_proof = true; |
1316 need_proof = !crypto_proof->chain; | 1330 need_proof = !crypto_proof->chain; |
| 1331 const QuicTag* tag_ptr; |
| 1332 size_t num_tags; |
| 1333 QuicTagVector connection_options; |
| 1334 if (client_hello.GetTaglist(kCOPT, &tag_ptr, &num_tags) == QUIC_NO_ERROR) { |
| 1335 connection_options.assign(tag_ptr, tag_ptr + num_tags); |
| 1336 } |
1317 if (FLAGS_enable_async_get_proof) { | 1337 if (FLAGS_enable_async_get_proof) { |
1318 if (need_proof) { | 1338 if (need_proof) { |
1319 // Make an async call to GetProof and setup the callback to trampoline | 1339 // Make an async call to GetProof and setup the callback to trampoline |
1320 // back into EvaluateClientHelloAfterGetProof | 1340 // back into EvaluateClientHelloAfterGetProof |
1321 std::unique_ptr<EvaluateClientHelloCallback> cb( | 1341 std::unique_ptr<EvaluateClientHelloCallback> cb( |
1322 new EvaluateClientHelloCallback( | 1342 new EvaluateClientHelloCallback( |
1323 *this, found_error, server_ip, version, requested_config, | 1343 *this, found_error, server_ip, version, requested_config, |
1324 primary_config, crypto_proof, client_hello_state, | 1344 primary_config, crypto_proof, client_hello_state, |
1325 std::move(done_cb))); | 1345 std::move(done_cb))); |
1326 proof_source_->GetProof(server_ip, info->sni.as_string(), | 1346 proof_source_->GetProof(server_ip, info->sni.as_string(), |
1327 serialized_config, version, chlo_hash, | 1347 serialized_config, version, chlo_hash, |
1328 std::move(cb)); | 1348 connection_options, std::move(cb)); |
1329 helper.DetachCallback(); | 1349 helper.DetachCallback(); |
1330 return; | 1350 return; |
1331 } | 1351 } |
1332 } | 1352 } |
1333 | 1353 |
1334 // No need to get a new proof if one was already generated. | 1354 // No need to get a new proof if one was already generated. |
1335 if (need_proof && | 1355 if (need_proof && |
1336 !proof_source_->GetProof(server_ip, info->sni.as_string(), | 1356 !proof_source_->GetProof( |
1337 serialized_config, version, chlo_hash, | 1357 server_ip, info->sni.as_string(), serialized_config, version, |
1338 &crypto_proof->chain, &crypto_proof->signature, | 1358 chlo_hash, connection_options, &crypto_proof->chain, |
1339 &crypto_proof->cert_sct)) { | 1359 &crypto_proof->signature, &crypto_proof->cert_sct)) { |
1340 get_proof_failed = true; | 1360 get_proof_failed = true; |
1341 } | 1361 } |
1342 | 1362 |
1343 // Details are null because the synchronous version of GetProof does not | 1363 // Details are null because the synchronous version of GetProof does not |
1344 // return any stats. Eventually the synchronous codepath will be eliminated. | 1364 // return any stats. Eventually the synchronous codepath will be eliminated. |
1345 EvaluateClientHelloAfterGetProof( | 1365 EvaluateClientHelloAfterGetProof( |
1346 found_error, server_ip, version, requested_config, primary_config, | 1366 found_error, server_ip, version, requested_config, primary_config, |
1347 crypto_proof, nullptr /* proof_source_details */, get_proof_failed, | 1367 crypto_proof, nullptr /* proof_source_details */, get_proof_failed, |
1348 client_hello_state, std::move(done_cb)); | 1368 client_hello_state, std::move(done_cb)); |
1349 helper.DetachCallback(); | 1369 helper.DetachCallback(); |
(...skipping 116 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1466 QuicVersion version, | 1486 QuicVersion version, |
1467 StringPiece chlo_hash, | 1487 StringPiece chlo_hash, |
1468 const SourceAddressTokens& previous_source_address_tokens, | 1488 const SourceAddressTokens& previous_source_address_tokens, |
1469 const IPAddress& server_ip, | 1489 const IPAddress& server_ip, |
1470 const IPAddress& client_ip, | 1490 const IPAddress& client_ip, |
1471 const QuicClock* clock, | 1491 const QuicClock* clock, |
1472 QuicRandom* rand, | 1492 QuicRandom* rand, |
1473 QuicCompressedCertsCache* compressed_certs_cache, | 1493 QuicCompressedCertsCache* compressed_certs_cache, |
1474 const QuicCryptoNegotiatedParameters& params, | 1494 const QuicCryptoNegotiatedParameters& params, |
1475 const CachedNetworkParameters* cached_network_params, | 1495 const CachedNetworkParameters* cached_network_params, |
| 1496 const QuicTagVector& connection_options, |
1476 CryptoHandshakeMessage* out) const { | 1497 CryptoHandshakeMessage* out) const { |
1477 string serialized; | 1498 string serialized; |
1478 string source_address_token; | 1499 string source_address_token; |
1479 QuicWallTime expiry_time = QuicWallTime::Zero(); | 1500 QuicWallTime expiry_time = QuicWallTime::Zero(); |
1480 const CommonCertSets* common_cert_sets; | 1501 const CommonCertSets* common_cert_sets; |
1481 { | 1502 { |
1482 base::AutoLock locked(configs_lock_); | 1503 base::AutoLock locked(configs_lock_); |
1483 serialized = primary_config_->serialized; | 1504 serialized = primary_config_->serialized; |
1484 common_cert_sets = primary_config_->common_cert_sets; | 1505 common_cert_sets = primary_config_->common_cert_sets; |
1485 expiry_time = primary_config_->expiry_time; | 1506 expiry_time = primary_config_->expiry_time; |
1486 source_address_token = NewSourceAddressToken( | 1507 source_address_token = NewSourceAddressToken( |
1487 *primary_config_, previous_source_address_tokens, client_ip, rand, | 1508 *primary_config_, previous_source_address_tokens, client_ip, rand, |
1488 clock->WallNow(), cached_network_params); | 1509 clock->WallNow(), cached_network_params); |
1489 } | 1510 } |
1490 | 1511 |
1491 out->set_tag(kSCUP); | 1512 out->set_tag(kSCUP); |
1492 out->SetStringPiece(kSCFG, serialized); | 1513 out->SetStringPiece(kSCFG, serialized); |
1493 out->SetStringPiece(kSourceAddressTokenTag, source_address_token); | 1514 out->SetStringPiece(kSourceAddressTokenTag, source_address_token); |
1494 out->SetValue(kSTTL, | 1515 out->SetValue(kSTTL, |
1495 expiry_time.AbsoluteDifference(clock->WallNow()).ToSeconds()); | 1516 expiry_time.AbsoluteDifference(clock->WallNow()).ToSeconds()); |
1496 | 1517 |
1497 scoped_refptr<ProofSource::Chain> chain; | 1518 scoped_refptr<ProofSource::Chain> chain; |
1498 string signature; | 1519 string signature; |
1499 string cert_sct; | 1520 string cert_sct; |
1500 if (!proof_source_->GetProof(server_ip, params.sni, serialized, version, | 1521 if (!proof_source_->GetProof(server_ip, params.sni, serialized, version, |
1501 chlo_hash, &chain, &signature, &cert_sct)) { | 1522 chlo_hash, connection_options, &chain, |
| 1523 &signature, &cert_sct)) { |
1502 DVLOG(1) << "Server: failed to get proof."; | 1524 DVLOG(1) << "Server: failed to get proof."; |
1503 return false; | 1525 return false; |
1504 } | 1526 } |
1505 | 1527 |
1506 const string compressed = CompressChain( | 1528 const string compressed = CompressChain( |
1507 compressed_certs_cache, chain, params.client_common_set_hashes, | 1529 compressed_certs_cache, chain, params.client_common_set_hashes, |
1508 params.client_cached_cert_hashes, common_cert_sets); | 1530 params.client_cached_cert_hashes, common_cert_sets); |
1509 | 1531 |
1510 out->SetStringPiece(kCertificateTag, compressed); | 1532 out->SetStringPiece(kCertificateTag, compressed); |
1511 out->SetStringPiece(kPROF, signature); | 1533 out->SetStringPiece(kPROF, signature); |
(...skipping 12 matching lines...) Expand all Loading... |
1524 QuicVersion version, | 1546 QuicVersion version, |
1525 StringPiece chlo_hash, | 1547 StringPiece chlo_hash, |
1526 const SourceAddressTokens& previous_source_address_tokens, | 1548 const SourceAddressTokens& previous_source_address_tokens, |
1527 const IPAddress& server_ip, | 1549 const IPAddress& server_ip, |
1528 const IPAddress& client_ip, | 1550 const IPAddress& client_ip, |
1529 const QuicClock* clock, | 1551 const QuicClock* clock, |
1530 QuicRandom* rand, | 1552 QuicRandom* rand, |
1531 QuicCompressedCertsCache* compressed_certs_cache, | 1553 QuicCompressedCertsCache* compressed_certs_cache, |
1532 const QuicCryptoNegotiatedParameters& params, | 1554 const QuicCryptoNegotiatedParameters& params, |
1533 const CachedNetworkParameters* cached_network_params, | 1555 const CachedNetworkParameters* cached_network_params, |
| 1556 const QuicTagVector& connection_options, |
1534 std::unique_ptr<BuildServerConfigUpdateMessageResultCallback> cb) const { | 1557 std::unique_ptr<BuildServerConfigUpdateMessageResultCallback> cb) const { |
1535 string serialized; | 1558 string serialized; |
1536 string source_address_token; | 1559 string source_address_token; |
1537 const CommonCertSets* common_cert_sets; | 1560 const CommonCertSets* common_cert_sets; |
1538 { | 1561 { |
1539 base::AutoLock locked(configs_lock_); | 1562 base::AutoLock locked(configs_lock_); |
1540 serialized = primary_config_->serialized; | 1563 serialized = primary_config_->serialized; |
1541 common_cert_sets = primary_config_->common_cert_sets; | 1564 common_cert_sets = primary_config_->common_cert_sets; |
1542 source_address_token = NewSourceAddressToken( | 1565 source_address_token = NewSourceAddressToken( |
1543 *primary_config_, previous_source_address_tokens, client_ip, rand, | 1566 *primary_config_, previous_source_address_tokens, client_ip, rand, |
1544 clock->WallNow(), cached_network_params); | 1567 clock->WallNow(), cached_network_params); |
1545 } | 1568 } |
1546 | 1569 |
1547 CryptoHandshakeMessage message; | 1570 CryptoHandshakeMessage message; |
1548 message.set_tag(kSCUP); | 1571 message.set_tag(kSCUP); |
1549 message.SetStringPiece(kSCFG, serialized); | 1572 message.SetStringPiece(kSCFG, serialized); |
1550 message.SetStringPiece(kSourceAddressTokenTag, source_address_token); | 1573 message.SetStringPiece(kSourceAddressTokenTag, source_address_token); |
1551 | 1574 |
1552 std::unique_ptr<BuildServerConfigUpdateMessageProofSourceCallback> | 1575 std::unique_ptr<BuildServerConfigUpdateMessageProofSourceCallback> |
1553 proof_source_cb(new BuildServerConfigUpdateMessageProofSourceCallback( | 1576 proof_source_cb(new BuildServerConfigUpdateMessageProofSourceCallback( |
1554 this, version, compressed_certs_cache, common_cert_sets, params, | 1577 this, version, compressed_certs_cache, common_cert_sets, params, |
1555 std::move(message), std::move(cb))); | 1578 std::move(message), std::move(cb))); |
1556 | 1579 |
| 1580 // Note: We unconditionally use the async variant of GetProof here, unlike |
| 1581 // elsewhere in this file where we check for the kSYNC tag in the CHLO for the |
| 1582 // connection before deciding. This call is not in the critical serving path, |
| 1583 // and so should not have much impact on the experiments associated with that |
| 1584 // tag (plus it would be a chore to plumb information about the tag down to |
| 1585 // here). |
1557 proof_source_->GetProof(server_ip, params.sni, serialized, version, chlo_hash, | 1586 proof_source_->GetProof(server_ip, params.sni, serialized, version, chlo_hash, |
1558 std::move(proof_source_cb)); | 1587 connection_options, std::move(proof_source_cb)); |
1559 } | 1588 } |
1560 | 1589 |
1561 QuicCryptoServerConfig::BuildServerConfigUpdateMessageProofSourceCallback:: | 1590 QuicCryptoServerConfig::BuildServerConfigUpdateMessageProofSourceCallback:: |
1562 ~BuildServerConfigUpdateMessageProofSourceCallback() {} | 1591 ~BuildServerConfigUpdateMessageProofSourceCallback() {} |
1563 | 1592 |
1564 QuicCryptoServerConfig::BuildServerConfigUpdateMessageProofSourceCallback:: | 1593 QuicCryptoServerConfig::BuildServerConfigUpdateMessageProofSourceCallback:: |
1565 BuildServerConfigUpdateMessageProofSourceCallback( | 1594 BuildServerConfigUpdateMessageProofSourceCallback( |
1566 const QuicCryptoServerConfig* config, | 1595 const QuicCryptoServerConfig* config, |
1567 QuicVersion version, | 1596 QuicVersion version, |
1568 QuicCompressedCertsCache* compressed_certs_cache, | 1597 QuicCompressedCertsCache* compressed_certs_cache, |
(...skipping 676 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2245 priority(0), | 2274 priority(0), |
2246 source_address_token_boxer(nullptr) {} | 2275 source_address_token_boxer(nullptr) {} |
2247 | 2276 |
2248 QuicCryptoServerConfig::Config::~Config() { | 2277 QuicCryptoServerConfig::Config::~Config() { |
2249 } | 2278 } |
2250 | 2279 |
2251 QuicCryptoProof::QuicCryptoProof() {} | 2280 QuicCryptoProof::QuicCryptoProof() {} |
2252 QuicCryptoProof::~QuicCryptoProof() {} | 2281 QuicCryptoProof::~QuicCryptoProof() {} |
2253 | 2282 |
2254 } // namespace net | 2283 } // namespace net |
OLD | NEW |