Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(625)

Unified Diff: net/quic/core/crypto/quic_crypto_server_config.cc

Issue 2463093003: Landing Recent QUIC changes until Sat Oct 29 14:59:35. (Closed)
Patch Set: add change to quiartc_session_test.cc Created 4 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/quic/core/crypto/quic_crypto_server_config.h ('k') | net/quic/core/quic_crypto_client_stream_test.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/quic/core/crypto/quic_crypto_server_config.cc
diff --git a/net/quic/core/crypto/quic_crypto_server_config.cc b/net/quic/core/crypto/quic_crypto_server_config.cc
index 527cced5e37fcfcc32fc29b9a5d28f0fd3c540dd..dcc925f3920ca14b2a86b635bc7779a2df15a265 100644
--- a/net/quic/core/crypto/quic_crypto_server_config.cc
+++ b/net/quic/core/crypto/quic_crypto_server_config.cc
@@ -557,14 +557,16 @@ class ProcessClientHelloHelper {
}
void Fail(QuicErrorCode error, const string& error_details) {
- (*done_cb_)->Run(error, error_details, nullptr, nullptr);
+ (*done_cb_)->Run(error, error_details, nullptr, nullptr, nullptr);
DetachCallback();
}
void Succeed(std::unique_ptr<CryptoHandshakeMessage> message,
- std::unique_ptr<DiversificationNonce> diversification_nonce) {
+ std::unique_ptr<DiversificationNonce> diversification_nonce,
+ std::unique_ptr<ProofSource::Details> proof_source_details) {
(*done_cb_)->Run(QUIC_NO_ERROR, string(), std::move(message),
- std::move(diversification_nonce));
+ std::move(diversification_nonce),
+ std::move(proof_source_details));
DetachCallback();
}
@@ -632,9 +634,9 @@ class QuicCryptoServerConfig::ProcessClientHelloCallback
crypto_proof_->cert_sct = leaf_cert_sct;
}
config_->ProcessClientHelloAfterGetProof(
- !ok, *validate_chlo_result_, reject_only_, connection_id_,
- client_address_, version_, supported_versions_, use_stateless_rejects_,
- server_designated_connection_id_, clock_, rand_,
+ !ok, std::move(details), *validate_chlo_result_, reject_only_,
+ connection_id_, client_address_, version_, supported_versions_,
+ use_stateless_rejects_, server_designated_connection_id_, clock_, rand_,
compressed_certs_cache_, params_, crypto_proof_,
total_framing_overhead_, chlo_packet_size_, requested_config_,
primary_config_, std::move(done_cb_));
@@ -742,8 +744,15 @@ void QuicCryptoServerConfig::ProcessClientHello(
DCHECK(proof_source_.get());
string chlo_hash;
CryptoUtils::HashHandshakeMessage(client_hello, &chlo_hash);
+
// No need to get a new proof if one was already generated.
if (!crypto_proof->chain) {
+ const QuicTag* tag_ptr;
+ size_t num_tags;
+ QuicTagVector connection_options;
+ if (client_hello.GetTaglist(kCOPT, &tag_ptr, &num_tags) == QUIC_NO_ERROR) {
+ connection_options.assign(tag_ptr, tag_ptr + num_tags);
+ }
if (FLAGS_enable_async_get_proof) {
std::unique_ptr<ProcessClientHelloCallback> cb(
new ProcessClientHelloCallback(
@@ -755,15 +764,15 @@ void QuicCryptoServerConfig::ProcessClientHello(
primary_config, std::move(done_cb)));
proof_source_->GetProof(server_ip, info.sni.as_string(),
primary_config->serialized, version, chlo_hash,
- std::move(cb));
+ connection_options, std::move(cb));
helper.DetachCallback();
return;
}
- if (!proof_source_->GetProof(server_ip, info.sni.as_string(),
- primary_config->serialized, version, chlo_hash,
- &crypto_proof->chain, &crypto_proof->signature,
- &crypto_proof->cert_sct)) {
+ if (!proof_source_->GetProof(
+ server_ip, info.sni.as_string(), primary_config->serialized,
+ version, chlo_hash, connection_options, &crypto_proof->chain,
+ &crypto_proof->signature, &crypto_proof->cert_sct)) {
helper.Fail(QUIC_HANDSHAKE_FAILED, "Missing or invalid crypto proof.");
return;
}
@@ -771,15 +780,17 @@ void QuicCryptoServerConfig::ProcessClientHello(
helper.DetachCallback();
ProcessClientHelloAfterGetProof(
- /* found_error = */ false, *validate_chlo_result, reject_only,
- connection_id, client_address, version, supported_versions,
- use_stateless_rejects, server_designated_connection_id, clock, rand,
- compressed_certs_cache, params, crypto_proof, total_framing_overhead,
- chlo_packet_size, requested_config, primary_config, std::move(done_cb));
+ /* found_error = */ false, /* proof_source_details = */ nullptr,
+ *validate_chlo_result, reject_only, connection_id, client_address,
+ version, supported_versions, use_stateless_rejects,
+ server_designated_connection_id, clock, rand, compressed_certs_cache,
+ params, crypto_proof, total_framing_overhead, chlo_packet_size,
+ requested_config, primary_config, std::move(done_cb));
}
void QuicCryptoServerConfig::ProcessClientHelloAfterGetProof(
bool found_error,
+ std::unique_ptr<ProofSource::Details> proof_source_details,
const ValidateClientHelloResultCallback::Result& validate_chlo_result,
bool reject_only,
QuicConnectionId connection_id,
@@ -828,12 +839,14 @@ void QuicCryptoServerConfig::ProcessClientHelloAfterGetProof(
rejection_observer_ != nullptr) {
rejection_observer_->OnRejectionBuilt(info.reject_reasons, out.get());
}
- helper.Succeed(std::move(out), std::move(out_diversification_nonce));
+ helper.Succeed(std::move(out), std::move(out_diversification_nonce),
+ std::move(proof_source_details));
return;
}
if (reject_only) {
- helper.Succeed(std::move(out), std::move(out_diversification_nonce));
+ helper.Succeed(std::move(out), std::move(out_diversification_nonce),
+ std::move(proof_source_details));
return;
}
@@ -1061,7 +1074,8 @@ void QuicCryptoServerConfig::ProcessClientHelloAfterGetProof(
out->SetStringPiece(kCADR, address_coder.Encode());
out->SetStringPiece(kPUBS, forward_secure_public_value);
- helper.Succeed(std::move(out), std::move(out_diversification_nonce));
+ helper.Succeed(std::move(out), std::move(out_diversification_nonce),
+ std::move(proof_source_details));
}
scoped_refptr<QuicCryptoServerConfig::Config>
@@ -1314,6 +1328,12 @@ void QuicCryptoServerConfig::EvaluateClientHello(
CryptoUtils::HashHandshakeMessage(client_hello, &chlo_hash);
bool need_proof = true;
need_proof = !crypto_proof->chain;
+ const QuicTag* tag_ptr;
+ size_t num_tags;
+ QuicTagVector connection_options;
+ if (client_hello.GetTaglist(kCOPT, &tag_ptr, &num_tags) == QUIC_NO_ERROR) {
+ connection_options.assign(tag_ptr, tag_ptr + num_tags);
+ }
if (FLAGS_enable_async_get_proof) {
if (need_proof) {
// Make an async call to GetProof and setup the callback to trampoline
@@ -1325,7 +1345,7 @@ void QuicCryptoServerConfig::EvaluateClientHello(
std::move(done_cb)));
proof_source_->GetProof(server_ip, info->sni.as_string(),
serialized_config, version, chlo_hash,
- std::move(cb));
+ connection_options, std::move(cb));
helper.DetachCallback();
return;
}
@@ -1333,10 +1353,10 @@ void QuicCryptoServerConfig::EvaluateClientHello(
// No need to get a new proof if one was already generated.
if (need_proof &&
- !proof_source_->GetProof(server_ip, info->sni.as_string(),
- serialized_config, version, chlo_hash,
- &crypto_proof->chain, &crypto_proof->signature,
- &crypto_proof->cert_sct)) {
+ !proof_source_->GetProof(
+ server_ip, info->sni.as_string(), serialized_config, version,
+ chlo_hash, connection_options, &crypto_proof->chain,
+ &crypto_proof->signature, &crypto_proof->cert_sct)) {
get_proof_failed = true;
}
@@ -1473,6 +1493,7 @@ bool QuicCryptoServerConfig::BuildServerConfigUpdateMessage(
QuicCompressedCertsCache* compressed_certs_cache,
const QuicCryptoNegotiatedParameters& params,
const CachedNetworkParameters* cached_network_params,
+ const QuicTagVector& connection_options,
CryptoHandshakeMessage* out) const {
string serialized;
string source_address_token;
@@ -1498,7 +1519,8 @@ bool QuicCryptoServerConfig::BuildServerConfigUpdateMessage(
string signature;
string cert_sct;
if (!proof_source_->GetProof(server_ip, params.sni, serialized, version,
- chlo_hash, &chain, &signature, &cert_sct)) {
+ chlo_hash, connection_options, &chain,
+ &signature, &cert_sct)) {
DVLOG(1) << "Server: failed to get proof.";
return false;
}
@@ -1531,6 +1553,7 @@ void QuicCryptoServerConfig::BuildServerConfigUpdateMessage(
QuicCompressedCertsCache* compressed_certs_cache,
const QuicCryptoNegotiatedParameters& params,
const CachedNetworkParameters* cached_network_params,
+ const QuicTagVector& connection_options,
std::unique_ptr<BuildServerConfigUpdateMessageResultCallback> cb) const {
string serialized;
string source_address_token;
@@ -1554,8 +1577,14 @@ void QuicCryptoServerConfig::BuildServerConfigUpdateMessage(
this, version, compressed_certs_cache, common_cert_sets, params,
std::move(message), std::move(cb)));
+ // Note: We unconditionally use the async variant of GetProof here, unlike
+ // elsewhere in this file where we check for the kSYNC tag in the CHLO for the
+ // connection before deciding. This call is not in the critical serving path,
+ // and so should not have much impact on the experiments associated with that
+ // tag (plus it would be a chore to plumb information about the tag down to
+ // here).
proof_source_->GetProof(server_ip, params.sni, serialized, version, chlo_hash,
- std::move(proof_source_cb));
+ connection_options, std::move(proof_source_cb));
}
QuicCryptoServerConfig::BuildServerConfigUpdateMessageProofSourceCallback::
« no previous file with comments | « net/quic/core/crypto/quic_crypto_server_config.h ('k') | net/quic/core/quic_crypto_client_stream_test.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698