OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/quic/core/crypto/quic_crypto_server_config.h" | 5 #include "net/quic/core/crypto/quic_crypto_server_config.h" |
6 | 6 |
7 #include <stdlib.h> | 7 #include <stdlib.h> |
8 | 8 |
9 #include <algorithm> | 9 #include <algorithm> |
10 #include <memory> | 10 #include <memory> |
(...skipping 726 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
737 return; | 737 return; |
738 } | 738 } |
739 | 739 |
740 if (!ClientDemandsX509Proof(client_hello)) { | 740 if (!ClientDemandsX509Proof(client_hello)) { |
741 helper.Fail(QUIC_UNSUPPORTED_PROOF_DEMAND, "Missing or invalid PDMD"); | 741 helper.Fail(QUIC_UNSUPPORTED_PROOF_DEMAND, "Missing or invalid PDMD"); |
742 return; | 742 return; |
743 } | 743 } |
744 DCHECK(proof_source_.get()); | 744 DCHECK(proof_source_.get()); |
745 string chlo_hash; | 745 string chlo_hash; |
746 CryptoUtils::HashHandshakeMessage(client_hello, &chlo_hash); | 746 CryptoUtils::HashHandshakeMessage(client_hello, &chlo_hash); |
| 747 |
747 // No need to get a new proof if one was already generated. | 748 // No need to get a new proof if one was already generated. |
748 if (!crypto_proof->chain) { | 749 if (!crypto_proof->chain) { |
749 const QuicTag* tag_ptr; | 750 const QuicTag* tag_ptr; |
750 size_t num_tags; | 751 size_t num_tags; |
751 QuicTagVector connection_options; | 752 QuicTagVector connection_options; |
752 if (client_hello.GetTaglist(kCOPT, &tag_ptr, &num_tags) == QUIC_NO_ERROR) { | 753 if (client_hello.GetTaglist(kCOPT, &tag_ptr, &num_tags) == QUIC_NO_ERROR) { |
753 connection_options.assign(tag_ptr, tag_ptr + num_tags); | 754 connection_options.assign(tag_ptr, tag_ptr + num_tags); |
754 } | 755 } |
755 if (FLAGS_enable_async_get_proof) { | 756 if (FLAGS_enable_async_get_proof) { |
756 std::unique_ptr<ProcessClientHelloCallback> cb( | 757 std::unique_ptr<ProcessClientHelloCallback> cb( |
(...skipping 812 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1569 CryptoHandshakeMessage message; | 1570 CryptoHandshakeMessage message; |
1570 message.set_tag(kSCUP); | 1571 message.set_tag(kSCUP); |
1571 message.SetStringPiece(kSCFG, serialized); | 1572 message.SetStringPiece(kSCFG, serialized); |
1572 message.SetStringPiece(kSourceAddressTokenTag, source_address_token); | 1573 message.SetStringPiece(kSourceAddressTokenTag, source_address_token); |
1573 | 1574 |
1574 std::unique_ptr<BuildServerConfigUpdateMessageProofSourceCallback> | 1575 std::unique_ptr<BuildServerConfigUpdateMessageProofSourceCallback> |
1575 proof_source_cb(new BuildServerConfigUpdateMessageProofSourceCallback( | 1576 proof_source_cb(new BuildServerConfigUpdateMessageProofSourceCallback( |
1576 this, version, compressed_certs_cache, common_cert_sets, params, | 1577 this, version, compressed_certs_cache, common_cert_sets, params, |
1577 std::move(message), std::move(cb))); | 1578 std::move(message), std::move(cb))); |
1578 | 1579 |
| 1580 // Note: We unconditionally use the async variant of GetProof here, unlike |
| 1581 // elsewhere in this file where we check for the kSYNC tag in the CHLO for the |
| 1582 // connection before deciding. This call is not in the critical serving path, |
| 1583 // and so should not have much impact on the experiments associated with that |
| 1584 // tag (plus it would be a chore to plumb information about the tag down to |
| 1585 // here). |
1579 proof_source_->GetProof(server_ip, params.sni, serialized, version, chlo_hash, | 1586 proof_source_->GetProof(server_ip, params.sni, serialized, version, chlo_hash, |
1580 connection_options, std::move(proof_source_cb)); | 1587 connection_options, std::move(proof_source_cb)); |
1581 } | 1588 } |
1582 | 1589 |
1583 QuicCryptoServerConfig::BuildServerConfigUpdateMessageProofSourceCallback:: | 1590 QuicCryptoServerConfig::BuildServerConfigUpdateMessageProofSourceCallback:: |
1584 ~BuildServerConfigUpdateMessageProofSourceCallback() {} | 1591 ~BuildServerConfigUpdateMessageProofSourceCallback() {} |
1585 | 1592 |
1586 QuicCryptoServerConfig::BuildServerConfigUpdateMessageProofSourceCallback:: | 1593 QuicCryptoServerConfig::BuildServerConfigUpdateMessageProofSourceCallback:: |
1587 BuildServerConfigUpdateMessageProofSourceCallback( | 1594 BuildServerConfigUpdateMessageProofSourceCallback( |
1588 const QuicCryptoServerConfig* config, | 1595 const QuicCryptoServerConfig* config, |
(...skipping 678 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2267 priority(0), | 2274 priority(0), |
2268 source_address_token_boxer(nullptr) {} | 2275 source_address_token_boxer(nullptr) {} |
2269 | 2276 |
2270 QuicCryptoServerConfig::Config::~Config() { | 2277 QuicCryptoServerConfig::Config::~Config() { |
2271 } | 2278 } |
2272 | 2279 |
2273 QuicCryptoProof::QuicCryptoProof() {} | 2280 QuicCryptoProof::QuicCryptoProof() {} |
2274 QuicCryptoProof::~QuicCryptoProof() {} | 2281 QuicCryptoProof::~QuicCryptoProof() {} |
2275 | 2282 |
2276 } // namespace net | 2283 } // namespace net |
OLD | NEW |