OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/quic/core/crypto/quic_crypto_server_config.h" | 5 #include "net/quic/core/crypto/quic_crypto_server_config.h" |
6 | 6 |
7 #include <stdlib.h> | 7 #include <stdlib.h> |
8 | 8 |
9 #include <algorithm> | 9 #include <algorithm> |
10 #include <memory> | 10 #include <memory> |
(...skipping 539 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
550 explicit ProcessClientHelloHelper( | 550 explicit ProcessClientHelloHelper( |
551 std::unique_ptr<ProcessClientHelloResultCallback>* done_cb) | 551 std::unique_ptr<ProcessClientHelloResultCallback>* done_cb) |
552 : done_cb_(done_cb) {} | 552 : done_cb_(done_cb) {} |
553 | 553 |
554 ~ProcessClientHelloHelper() { | 554 ~ProcessClientHelloHelper() { |
555 QUIC_BUG_IF(done_cb_ != nullptr) | 555 QUIC_BUG_IF(done_cb_ != nullptr) |
556 << "Deleting ProcessClientHelloHelper with a pending callback."; | 556 << "Deleting ProcessClientHelloHelper with a pending callback."; |
557 } | 557 } |
558 | 558 |
559 void Fail(QuicErrorCode error, const string& error_details) { | 559 void Fail(QuicErrorCode error, const string& error_details) { |
560 (*done_cb_)->Run(error, error_details, nullptr, nullptr); | 560 (*done_cb_)->Run(error, error_details, nullptr, nullptr, nullptr); |
561 DetachCallback(); | 561 DetachCallback(); |
562 } | 562 } |
563 | 563 |
564 void Succeed(std::unique_ptr<CryptoHandshakeMessage> message, | 564 void Succeed(std::unique_ptr<CryptoHandshakeMessage> message, |
565 std::unique_ptr<DiversificationNonce> diversification_nonce) { | 565 std::unique_ptr<DiversificationNonce> diversification_nonce, |
| 566 std::unique_ptr<ProofSource::Details> proof_source_details) { |
566 (*done_cb_)->Run(QUIC_NO_ERROR, string(), std::move(message), | 567 (*done_cb_)->Run(QUIC_NO_ERROR, string(), std::move(message), |
567 std::move(diversification_nonce)); | 568 std::move(diversification_nonce), |
| 569 std::move(proof_source_details)); |
568 DetachCallback(); | 570 DetachCallback(); |
569 } | 571 } |
570 | 572 |
571 void DetachCallback() { | 573 void DetachCallback() { |
572 QUIC_BUG_IF(done_cb_ == nullptr) << "Callback already detached."; | 574 QUIC_BUG_IF(done_cb_ == nullptr) << "Callback already detached."; |
573 done_cb_ = nullptr; | 575 done_cb_ = nullptr; |
574 } | 576 } |
575 | 577 |
576 private: | 578 private: |
577 std::unique_ptr<ProcessClientHelloResultCallback>* done_cb_; | 579 std::unique_ptr<ProcessClientHelloResultCallback>* done_cb_; |
(...skipping 47 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
625 const scoped_refptr<ProofSource::Chain>& chain, | 627 const scoped_refptr<ProofSource::Chain>& chain, |
626 const string& signature, | 628 const string& signature, |
627 const string& leaf_cert_sct, | 629 const string& leaf_cert_sct, |
628 std::unique_ptr<ProofSource::Details> details) override { | 630 std::unique_ptr<ProofSource::Details> details) override { |
629 if (ok) { | 631 if (ok) { |
630 crypto_proof_->chain = chain; | 632 crypto_proof_->chain = chain; |
631 crypto_proof_->signature = signature; | 633 crypto_proof_->signature = signature; |
632 crypto_proof_->cert_sct = leaf_cert_sct; | 634 crypto_proof_->cert_sct = leaf_cert_sct; |
633 } | 635 } |
634 config_->ProcessClientHelloAfterGetProof( | 636 config_->ProcessClientHelloAfterGetProof( |
635 !ok, *validate_chlo_result_, reject_only_, connection_id_, | 637 !ok, std::move(details), *validate_chlo_result_, reject_only_, |
636 client_address_, version_, supported_versions_, use_stateless_rejects_, | 638 connection_id_, client_address_, version_, supported_versions_, |
637 server_designated_connection_id_, clock_, rand_, | 639 use_stateless_rejects_, server_designated_connection_id_, clock_, rand_, |
638 compressed_certs_cache_, params_, crypto_proof_, | 640 compressed_certs_cache_, params_, crypto_proof_, |
639 total_framing_overhead_, chlo_packet_size_, requested_config_, | 641 total_framing_overhead_, chlo_packet_size_, requested_config_, |
640 primary_config_, std::move(done_cb_)); | 642 primary_config_, std::move(done_cb_)); |
641 } | 643 } |
642 | 644 |
643 private: | 645 private: |
644 const QuicCryptoServerConfig* config_; | 646 const QuicCryptoServerConfig* config_; |
645 const scoped_refptr<ValidateClientHelloResultCallback::Result> | 647 const scoped_refptr<ValidateClientHelloResultCallback::Result> |
646 validate_chlo_result_; | 648 validate_chlo_result_; |
647 const bool reject_only_; | 649 const bool reject_only_; |
(...skipping 122 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
770 server_ip, info.sni.as_string(), primary_config->serialized, | 772 server_ip, info.sni.as_string(), primary_config->serialized, |
771 version, chlo_hash, connection_options, &crypto_proof->chain, | 773 version, chlo_hash, connection_options, &crypto_proof->chain, |
772 &crypto_proof->signature, &crypto_proof->cert_sct)) { | 774 &crypto_proof->signature, &crypto_proof->cert_sct)) { |
773 helper.Fail(QUIC_HANDSHAKE_FAILED, "Missing or invalid crypto proof."); | 775 helper.Fail(QUIC_HANDSHAKE_FAILED, "Missing or invalid crypto proof."); |
774 return; | 776 return; |
775 } | 777 } |
776 } | 778 } |
777 | 779 |
778 helper.DetachCallback(); | 780 helper.DetachCallback(); |
779 ProcessClientHelloAfterGetProof( | 781 ProcessClientHelloAfterGetProof( |
780 /* found_error = */ false, *validate_chlo_result, reject_only, | 782 /* found_error = */ false, /* proof_source_details = */ nullptr, |
781 connection_id, client_address, version, supported_versions, | 783 *validate_chlo_result, reject_only, connection_id, client_address, |
782 use_stateless_rejects, server_designated_connection_id, clock, rand, | 784 version, supported_versions, use_stateless_rejects, |
783 compressed_certs_cache, params, crypto_proof, total_framing_overhead, | 785 server_designated_connection_id, clock, rand, compressed_certs_cache, |
784 chlo_packet_size, requested_config, primary_config, std::move(done_cb)); | 786 params, crypto_proof, total_framing_overhead, chlo_packet_size, |
| 787 requested_config, primary_config, std::move(done_cb)); |
785 } | 788 } |
786 | 789 |
787 void QuicCryptoServerConfig::ProcessClientHelloAfterGetProof( | 790 void QuicCryptoServerConfig::ProcessClientHelloAfterGetProof( |
788 bool found_error, | 791 bool found_error, |
| 792 std::unique_ptr<ProofSource::Details> proof_source_details, |
789 const ValidateClientHelloResultCallback::Result& validate_chlo_result, | 793 const ValidateClientHelloResultCallback::Result& validate_chlo_result, |
790 bool reject_only, | 794 bool reject_only, |
791 QuicConnectionId connection_id, | 795 QuicConnectionId connection_id, |
792 const IPEndPoint& client_address, | 796 const IPEndPoint& client_address, |
793 QuicVersion version, | 797 QuicVersion version, |
794 const QuicVersionVector& supported_versions, | 798 const QuicVersionVector& supported_versions, |
795 bool use_stateless_rejects, | 799 bool use_stateless_rejects, |
796 QuicConnectionId server_designated_connection_id, | 800 QuicConnectionId server_designated_connection_id, |
797 const QuicClock* clock, | 801 const QuicClock* clock, |
798 QuicRandom* rand, | 802 QuicRandom* rand, |
(...skipping 28 matching lines...) Expand all Loading... |
827 if (!info.reject_reasons.empty() || !requested_config.get()) { | 831 if (!info.reject_reasons.empty() || !requested_config.get()) { |
828 BuildRejection(version, clock->WallNow(), *primary_config, client_hello, | 832 BuildRejection(version, clock->WallNow(), *primary_config, client_hello, |
829 info, validate_chlo_result.cached_network_params, | 833 info, validate_chlo_result.cached_network_params, |
830 use_stateless_rejects, server_designated_connection_id, rand, | 834 use_stateless_rejects, server_designated_connection_id, rand, |
831 compressed_certs_cache, params, *crypto_proof, | 835 compressed_certs_cache, params, *crypto_proof, |
832 total_framing_overhead, chlo_packet_size, out.get()); | 836 total_framing_overhead, chlo_packet_size, out.get()); |
833 if (FLAGS_quic_export_rej_for_all_rejects && | 837 if (FLAGS_quic_export_rej_for_all_rejects && |
834 rejection_observer_ != nullptr) { | 838 rejection_observer_ != nullptr) { |
835 rejection_observer_->OnRejectionBuilt(info.reject_reasons, out.get()); | 839 rejection_observer_->OnRejectionBuilt(info.reject_reasons, out.get()); |
836 } | 840 } |
837 helper.Succeed(std::move(out), std::move(out_diversification_nonce)); | 841 helper.Succeed(std::move(out), std::move(out_diversification_nonce), |
| 842 std::move(proof_source_details)); |
838 return; | 843 return; |
839 } | 844 } |
840 | 845 |
841 if (reject_only) { | 846 if (reject_only) { |
842 helper.Succeed(std::move(out), std::move(out_diversification_nonce)); | 847 helper.Succeed(std::move(out), std::move(out_diversification_nonce), |
| 848 std::move(proof_source_details)); |
843 return; | 849 return; |
844 } | 850 } |
845 | 851 |
846 const QuicTag* their_aeads; | 852 const QuicTag* their_aeads; |
847 const QuicTag* their_key_exchanges; | 853 const QuicTag* their_key_exchanges; |
848 size_t num_their_aeads, num_their_key_exchanges; | 854 size_t num_their_aeads, num_their_key_exchanges; |
849 if (client_hello.GetTaglist(kAEAD, &their_aeads, &num_their_aeads) != | 855 if (client_hello.GetTaglist(kAEAD, &their_aeads, &num_their_aeads) != |
850 QUIC_NO_ERROR || | 856 QUIC_NO_ERROR || |
851 client_hello.GetTaglist(kKEXS, &their_key_exchanges, | 857 client_hello.GetTaglist(kKEXS, &their_key_exchanges, |
852 &num_their_key_exchanges) != QUIC_NO_ERROR || | 858 &num_their_key_exchanges) != QUIC_NO_ERROR || |
(...skipping 207 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1060 } | 1066 } |
1061 out->SetVector(kVER, supported_version_tags); | 1067 out->SetVector(kVER, supported_version_tags); |
1062 out->SetStringPiece( | 1068 out->SetStringPiece( |
1063 kSourceAddressTokenTag, | 1069 kSourceAddressTokenTag, |
1064 NewSourceAddressToken(*requested_config.get(), info.source_address_tokens, | 1070 NewSourceAddressToken(*requested_config.get(), info.source_address_tokens, |
1065 client_address.address(), rand, info.now, nullptr)); | 1071 client_address.address(), rand, info.now, nullptr)); |
1066 QuicSocketAddressCoder address_coder(client_address); | 1072 QuicSocketAddressCoder address_coder(client_address); |
1067 out->SetStringPiece(kCADR, address_coder.Encode()); | 1073 out->SetStringPiece(kCADR, address_coder.Encode()); |
1068 out->SetStringPiece(kPUBS, forward_secure_public_value); | 1074 out->SetStringPiece(kPUBS, forward_secure_public_value); |
1069 | 1075 |
1070 helper.Succeed(std::move(out), std::move(out_diversification_nonce)); | 1076 helper.Succeed(std::move(out), std::move(out_diversification_nonce), |
| 1077 std::move(proof_source_details)); |
1071 } | 1078 } |
1072 | 1079 |
1073 scoped_refptr<QuicCryptoServerConfig::Config> | 1080 scoped_refptr<QuicCryptoServerConfig::Config> |
1074 QuicCryptoServerConfig::GetConfigWithScid(StringPiece requested_scid) const { | 1081 QuicCryptoServerConfig::GetConfigWithScid(StringPiece requested_scid) const { |
1075 // In Chromium, we will dead lock if the lock is held by the current thread. | 1082 // In Chromium, we will dead lock if the lock is held by the current thread. |
1076 // Chromium doesn't have AssertReaderHeld API call. | 1083 // Chromium doesn't have AssertReaderHeld API call. |
1077 // configs_lock_.AssertReaderHeld(); | 1084 // configs_lock_.AssertReaderHeld(); |
1078 | 1085 |
1079 if (!requested_scid.empty()) { | 1086 if (!requested_scid.empty()) { |
1080 ConfigMap::const_iterator it = configs_.find(requested_scid.as_string()); | 1087 ConfigMap::const_iterator it = configs_.find(requested_scid.as_string()); |
(...skipping 1179 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2260 priority(0), | 2267 priority(0), |
2261 source_address_token_boxer(nullptr) {} | 2268 source_address_token_boxer(nullptr) {} |
2262 | 2269 |
2263 QuicCryptoServerConfig::Config::~Config() { | 2270 QuicCryptoServerConfig::Config::~Config() { |
2264 } | 2271 } |
2265 | 2272 |
2266 QuicCryptoProof::QuicCryptoProof() {} | 2273 QuicCryptoProof::QuicCryptoProof() {} |
2267 QuicCryptoProof::~QuicCryptoProof() {} | 2274 QuicCryptoProof::~QuicCryptoProof() {} |
2268 | 2275 |
2269 } // namespace net | 2276 } // namespace net |
OLD | NEW |