| Index: net/quic/core/crypto/quic_crypto_server_config.cc
|
| diff --git a/net/quic/core/crypto/quic_crypto_server_config.cc b/net/quic/core/crypto/quic_crypto_server_config.cc
|
| index 46b3a6fb1247504b982b320b6cd5c12965d050f0..8ff8bc771d01f9e057f57b6e959fdd7fa9c2e786 100644
|
| --- a/net/quic/core/crypto/quic_crypto_server_config.cc
|
| +++ b/net/quic/core/crypto/quic_crypto_server_config.cc
|
| @@ -26,14 +26,11 @@
|
| #include "net/quic/core/crypto/curve25519_key_exchange.h"
|
| #include "net/quic/core/crypto/ephemeral_key_source.h"
|
| #include "net/quic/core/crypto/key_exchange.h"
|
| -#include "net/quic/core/crypto/local_strike_register_client.h"
|
| #include "net/quic/core/crypto/p256_key_exchange.h"
|
| #include "net/quic/core/crypto/proof_source.h"
|
| #include "net/quic/core/crypto/quic_decrypter.h"
|
| #include "net/quic/core/crypto/quic_encrypter.h"
|
| #include "net/quic/core/crypto/quic_random.h"
|
| -#include "net/quic/core/crypto/strike_register.h"
|
| -#include "net/quic/core/crypto/strike_register_client.h"
|
| #include "net/quic/core/proto/source_address_token.pb.h"
|
| #include "net/quic/core/quic_bug_tracker.h"
|
| #include "net/quic/core/quic_clock.h"
|
| @@ -114,65 +111,6 @@ class ValidateClientHelloHelper {
|
| DISALLOW_COPY_AND_ASSIGN(ValidateClientHelloHelper);
|
| };
|
|
|
| -class VerifyNonceIsValidAndUniqueCallback
|
| - : public StrikeRegisterClient::ResultCallback {
|
| - public:
|
| - VerifyNonceIsValidAndUniqueCallback(
|
| - scoped_refptr<ValidateClientHelloResultCallback::Result> result,
|
| - std::unique_ptr<ProofSource::Details> proof_source_details,
|
| - std::unique_ptr<ValidateClientHelloResultCallback> done_cb)
|
| - : result_(std::move(result)),
|
| - proof_source_details_(std::move(proof_source_details)),
|
| - done_cb_(std::move(done_cb)) {}
|
| -
|
| - protected:
|
| - void RunImpl(bool nonce_is_valid_and_unique,
|
| - InsertStatus nonce_error) override {
|
| - DVLOG(1) << "Using client nonce, unique: " << nonce_is_valid_and_unique
|
| - << " nonce_error: " << nonce_error;
|
| - if (!nonce_is_valid_and_unique) {
|
| - HandshakeFailureReason client_nonce_error;
|
| - switch (nonce_error) {
|
| - case NONCE_INVALID_FAILURE:
|
| - client_nonce_error = CLIENT_NONCE_INVALID_FAILURE;
|
| - break;
|
| - case NONCE_NOT_UNIQUE_FAILURE:
|
| - client_nonce_error = CLIENT_NONCE_NOT_UNIQUE_FAILURE;
|
| - break;
|
| - case NONCE_INVALID_ORBIT_FAILURE:
|
| - client_nonce_error = CLIENT_NONCE_INVALID_ORBIT_FAILURE;
|
| - break;
|
| - case NONCE_INVALID_TIME_FAILURE:
|
| - client_nonce_error = CLIENT_NONCE_INVALID_TIME_FAILURE;
|
| - break;
|
| - case STRIKE_REGISTER_TIMEOUT:
|
| - client_nonce_error = CLIENT_NONCE_STRIKE_REGISTER_TIMEOUT;
|
| - break;
|
| - case STRIKE_REGISTER_FAILURE:
|
| - client_nonce_error = CLIENT_NONCE_STRIKE_REGISTER_FAILURE;
|
| - break;
|
| - case NONCE_UNKNOWN_FAILURE:
|
| - client_nonce_error = CLIENT_NONCE_UNKNOWN_FAILURE;
|
| - break;
|
| - case NONCE_OK:
|
| - default:
|
| - QUIC_BUG << "Unexpected client nonce error: " << nonce_error;
|
| - client_nonce_error = CLIENT_NONCE_UNKNOWN_FAILURE;
|
| - break;
|
| - }
|
| - result_->info.reject_reasons.push_back(client_nonce_error);
|
| - }
|
| - done_cb_->Run(result_, std::move(proof_source_details_));
|
| - }
|
| -
|
| - private:
|
| - scoped_refptr<ValidateClientHelloResultCallback::Result> result_;
|
| - std::unique_ptr<ProofSource::Details> proof_source_details_;
|
| - std::unique_ptr<ValidateClientHelloResultCallback> done_cb_;
|
| -
|
| - DISALLOW_COPY_AND_ASSIGN(VerifyNonceIsValidAndUniqueCallback);
|
| -};
|
| -
|
| // static
|
| const char QuicCryptoServerConfig::TESTING[] = "secret string for testing";
|
|
|
| @@ -225,15 +163,9 @@ QuicCryptoServerConfig::QuicCryptoServerConfig(
|
| configs_lock_(),
|
| primary_config_(nullptr),
|
| next_config_promotion_time_(QuicWallTime::Zero()),
|
| - server_nonce_strike_register_lock_(),
|
| proof_source_(std::move(proof_source)),
|
| - strike_register_no_startup_period_(false),
|
| - strike_register_max_entries_(1 << 10),
|
| - strike_register_window_secs_(600),
|
| source_address_token_future_secs_(3600),
|
| source_address_token_lifetime_secs_(86400),
|
| - server_nonce_strike_register_max_entries_(1 << 10),
|
| - server_nonce_strike_register_window_secs_(120),
|
| enable_serving_sct_(false),
|
| rejection_observer_(nullptr) {
|
| DCHECK(proof_source_.get());
|
| @@ -1782,22 +1714,6 @@ QuicCryptoServerConfig::ParseConfigProtobuf(
|
| "orbit has incorrect size");
|
| memcpy(config->orbit, orbit.data(), sizeof(config->orbit));
|
|
|
| - {
|
| - StrikeRegisterClient* strike_register_client;
|
| - {
|
| - base::AutoLock locked(strike_register_client_lock_);
|
| - strike_register_client = strike_register_client_.get();
|
| - }
|
| -
|
| - if (strike_register_client != nullptr &&
|
| - !strike_register_client->IsKnownOrbit(orbit)) {
|
| - LOG(WARNING)
|
| - << "Rejecting server config with orbit that the strike register "
|
| - "client doesn't know about.";
|
| - return nullptr;
|
| - }
|
| - }
|
| -
|
| if (kexs_len != protobuf->key_size()) {
|
| LOG(WARNING) << "Server config has " << kexs_len
|
| << " key exchange methods configured, but "
|
| @@ -1888,13 +1804,6 @@ void QuicCryptoServerConfig::SetEphemeralKeySource(
|
| ephemeral_key_source_.reset(ephemeral_key_source);
|
| }
|
|
|
| -void QuicCryptoServerConfig::SetStrikeRegisterClient(
|
| - StrikeRegisterClient* strike_register_client) {
|
| - base::AutoLock locker(strike_register_client_lock_);
|
| - DCHECK(!strike_register_client_.get());
|
| - strike_register_client_.reset(strike_register_client);
|
| -}
|
| -
|
| void QuicCryptoServerConfig::set_replay_protection(bool on) {
|
| replay_protection_ = on;
|
| }
|
| @@ -1903,26 +1812,6 @@ void QuicCryptoServerConfig::set_chlo_multiplier(size_t multiplier) {
|
| chlo_multiplier_ = multiplier;
|
| }
|
|
|
| -void QuicCryptoServerConfig::set_strike_register_no_startup_period() {
|
| - base::AutoLock locker(strike_register_client_lock_);
|
| - DCHECK(!strike_register_client_.get());
|
| - strike_register_no_startup_period_ = true;
|
| -}
|
| -
|
| -void QuicCryptoServerConfig::set_strike_register_max_entries(
|
| - uint32_t max_entries) {
|
| - base::AutoLock locker(strike_register_client_lock_);
|
| - DCHECK(!strike_register_client_.get());
|
| - strike_register_max_entries_ = max_entries;
|
| -}
|
| -
|
| -void QuicCryptoServerConfig::set_strike_register_window_secs(
|
| - uint32_t window_secs) {
|
| - base::AutoLock locker(strike_register_client_lock_);
|
| - DCHECK(!strike_register_client_.get());
|
| - strike_register_window_secs_ = window_secs;
|
| -}
|
| -
|
| void QuicCryptoServerConfig::set_source_address_token_future_secs(
|
| uint32_t future_secs) {
|
| source_address_token_future_secs_ = future_secs;
|
| @@ -1933,18 +1822,6 @@ void QuicCryptoServerConfig::set_source_address_token_lifetime_secs(
|
| source_address_token_lifetime_secs_ = lifetime_secs;
|
| }
|
|
|
| -void QuicCryptoServerConfig::set_server_nonce_strike_register_max_entries(
|
| - uint32_t max_entries) {
|
| - DCHECK(!server_nonce_strike_register_.get());
|
| - server_nonce_strike_register_max_entries_ = max_entries;
|
| -}
|
| -
|
| -void QuicCryptoServerConfig::set_server_nonce_strike_register_window_secs(
|
| - uint32_t window_secs) {
|
| - DCHECK(!server_nonce_strike_register_.get());
|
| - server_nonce_strike_register_window_secs_ = window_secs;
|
| -}
|
| -
|
| void QuicCryptoServerConfig::set_enable_serving_sct(bool enable_serving_sct) {
|
| enable_serving_sct_ = enable_serving_sct;
|
| }
|
| @@ -2099,66 +1976,6 @@ string QuicCryptoServerConfig::NewServerNonce(QuicRandom* rand,
|
| StringPiece(reinterpret_cast<char*>(server_nonce), sizeof(server_nonce)));
|
| }
|
|
|
| -HandshakeFailureReason QuicCryptoServerConfig::ValidateServerNonce(
|
| - StringPiece token,
|
| - QuicWallTime now) const {
|
| - string storage;
|
| - StringPiece plaintext;
|
| - if (!server_nonce_boxer_.Unbox(token, &storage, &plaintext)) {
|
| - return SERVER_NONCE_DECRYPTION_FAILURE;
|
| - }
|
| -
|
| - // plaintext contains:
|
| - // uint32_t timestamp
|
| - // uint8_t[20] random bytes
|
| -
|
| - if (plaintext.size() != kServerNoncePlaintextSize) {
|
| - // This should never happen because the value decrypted correctly.
|
| - QUIC_BUG << "Seemingly valid server nonce had incorrect length.";
|
| - return SERVER_NONCE_INVALID_FAILURE;
|
| - }
|
| -
|
| - uint8_t server_nonce[32];
|
| - memcpy(server_nonce, plaintext.data(), 4);
|
| - memcpy(server_nonce + 4, server_nonce_orbit_, sizeof(server_nonce_orbit_));
|
| - memcpy(server_nonce + 4 + sizeof(server_nonce_orbit_), plaintext.data() + 4,
|
| - 20);
|
| - static_assert(4 + sizeof(server_nonce_orbit_) + 20 == sizeof(server_nonce),
|
| - "bad nonce buffer length");
|
| -
|
| - InsertStatus nonce_error;
|
| - {
|
| - base::AutoLock auto_lock(server_nonce_strike_register_lock_);
|
| - if (server_nonce_strike_register_.get() == nullptr) {
|
| - server_nonce_strike_register_.reset(new StrikeRegister(
|
| - server_nonce_strike_register_max_entries_,
|
| - static_cast<uint32_t>(now.ToUNIXSeconds()),
|
| - server_nonce_strike_register_window_secs_, server_nonce_orbit_,
|
| - StrikeRegister::NO_STARTUP_PERIOD_NEEDED));
|
| - }
|
| - nonce_error = server_nonce_strike_register_->Insert(
|
| - server_nonce, static_cast<uint32_t>(now.ToUNIXSeconds()));
|
| - }
|
| -
|
| - switch (nonce_error) {
|
| - case NONCE_OK:
|
| - return HANDSHAKE_OK;
|
| - case NONCE_INVALID_FAILURE:
|
| - case NONCE_INVALID_ORBIT_FAILURE:
|
| - return SERVER_NONCE_INVALID_FAILURE;
|
| - case NONCE_NOT_UNIQUE_FAILURE:
|
| - return SERVER_NONCE_NOT_UNIQUE_FAILURE;
|
| - case NONCE_INVALID_TIME_FAILURE:
|
| - return SERVER_NONCE_INVALID_TIME_FAILURE;
|
| - case NONCE_UNKNOWN_FAILURE:
|
| - case STRIKE_REGISTER_TIMEOUT:
|
| - case STRIKE_REGISTER_FAILURE:
|
| - default:
|
| - QUIC_BUG << "Unexpected server nonce error: " << nonce_error;
|
| - return SERVER_NONCE_NOT_UNIQUE_FAILURE;
|
| - }
|
| -}
|
| -
|
| bool QuicCryptoServerConfig::ValidateExpectedLeafCertificate(
|
| const CryptoHandshakeMessage& client_hello,
|
| const QuicSignedServerConfig& signed_config) const {
|
|
|
Chromium Code Reviews
Issue 2513113002:
Remove strike-register code from QuicCryptoServerConfig (Closed)
