| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/quic/chromium/crypto/proof_source_chromium.h" | 5 #include "net/quic/chromium/crypto/proof_source_chromium.h" |
| 6 | 6 |
| 7 #include "base/strings/string_number_conversions.h" | 7 #include "base/strings/string_number_conversions.h" |
| 8 #include "crypto/openssl_util.h" | 8 #include "crypto/openssl_util.h" |
| 9 #include "net/quic/core/crypto/crypto_protocol.h" | 9 #include "net/quic/core/crypto/crypto_protocol.h" |
| 10 #include "third_party/boringssl/src/include/openssl/digest.h" | 10 #include "third_party/boringssl/src/include/openssl/digest.h" |
| (...skipping 67 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 78 } | 78 } |
| 79 | 79 |
| 80 bool ProofSourceChromium::GetProof( | 80 bool ProofSourceChromium::GetProof( |
| 81 const IPAddress& server_ip, | 81 const IPAddress& server_ip, |
| 82 const string& hostname, | 82 const string& hostname, |
| 83 const string& server_config, | 83 const string& server_config, |
| 84 QuicVersion quic_version, | 84 QuicVersion quic_version, |
| 85 base::StringPiece chlo_hash, | 85 base::StringPiece chlo_hash, |
| 86 const QuicTagVector& /* connection_options */, | 86 const QuicTagVector& /* connection_options */, |
| 87 scoped_refptr<ProofSource::Chain>* out_chain, | 87 scoped_refptr<ProofSource::Chain>* out_chain, |
| 88 string* out_signature, | 88 QuicCryptoProof* proof) { |
| 89 string* out_leaf_cert_sct) { | 89 DCHECK(proof != nullptr); |
| 90 DCHECK(private_key_.get()) << " this: " << this; | 90 DCHECK(private_key_.get()) << " this: " << this; |
| 91 | 91 |
| 92 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); | 92 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); |
| 93 bssl::ScopedEVP_MD_CTX sign_context; | 93 bssl::ScopedEVP_MD_CTX sign_context; |
| 94 EVP_PKEY_CTX* pkey_ctx; | 94 EVP_PKEY_CTX* pkey_ctx; |
| 95 | 95 |
| 96 uint32_t len_tmp = chlo_hash.length(); | 96 uint32_t len_tmp = chlo_hash.length(); |
| 97 if (!EVP_DigestSignInit(sign_context.get(), &pkey_ctx, EVP_sha256(), nullptr, | 97 if (!EVP_DigestSignInit(sign_context.get(), &pkey_ctx, EVP_sha256(), nullptr, |
| 98 private_key_->key()) || | 98 private_key_->key()) || |
| 99 !EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING) || | 99 !EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING) || |
| (...skipping 18 matching lines...) Expand all Loading... |
| 118 size_t len = 0; | 118 size_t len = 0; |
| 119 if (!EVP_DigestSignFinal(sign_context.get(), nullptr, &len)) { | 119 if (!EVP_DigestSignFinal(sign_context.get(), nullptr, &len)) { |
| 120 return false; | 120 return false; |
| 121 } | 121 } |
| 122 std::vector<uint8_t> signature(len); | 122 std::vector<uint8_t> signature(len); |
| 123 // Sign it. | 123 // Sign it. |
| 124 if (!EVP_DigestSignFinal(sign_context.get(), signature.data(), &len)) { | 124 if (!EVP_DigestSignFinal(sign_context.get(), signature.data(), &len)) { |
| 125 return false; | 125 return false; |
| 126 } | 126 } |
| 127 signature.resize(len); | 127 signature.resize(len); |
| 128 out_signature->assign(reinterpret_cast<const char*>(signature.data()), | 128 proof->signature.assign(reinterpret_cast<const char*>(signature.data()), |
| 129 signature.size()); | 129 signature.size()); |
| 130 *out_chain = chain_; | 130 *out_chain = chain_; |
| 131 VLOG(1) << "signature: " | 131 VLOG(1) << "signature: " |
| 132 << base::HexEncode(out_signature->data(), out_signature->size()); | 132 << base::HexEncode(proof->signature.data(), proof->signature.size()); |
| 133 *out_leaf_cert_sct = signed_certificate_timestamp_; | 133 proof->leaf_cert_scts = signed_certificate_timestamp_; |
| 134 return true; | 134 return true; |
| 135 } | 135 } |
| 136 | 136 |
| 137 void ProofSourceChromium::GetProof(const IPAddress& server_ip, | 137 void ProofSourceChromium::GetProof(const IPAddress& server_ip, |
| 138 const std::string& hostname, | 138 const std::string& hostname, |
| 139 const std::string& server_config, | 139 const std::string& server_config, |
| 140 QuicVersion quic_version, | 140 QuicVersion quic_version, |
| 141 base::StringPiece chlo_hash, | 141 base::StringPiece chlo_hash, |
| 142 const QuicTagVector& connection_options, | 142 const QuicTagVector& connection_options, |
| 143 std::unique_ptr<Callback> callback) { | 143 std::unique_ptr<Callback> callback) { |
| 144 // As a transitional implementation, just call the synchronous version of | 144 // As a transitional implementation, just call the synchronous version of |
| 145 // GetProof, then invoke the callback with the results and destroy it. | 145 // GetProof, then invoke the callback with the results and destroy it. |
| 146 scoped_refptr<ProofSource::Chain> chain; | 146 scoped_refptr<ProofSource::Chain> chain; |
| 147 string signature; | 147 string signature; |
| 148 string leaf_cert_sct; | 148 string leaf_cert_sct; |
| 149 const bool ok = | 149 QuicCryptoProof out_proof; |
| 150 GetProof(server_ip, hostname, server_config, quic_version, chlo_hash, | 150 const bool ok = GetProof(server_ip, hostname, server_config, quic_version, |
| 151 connection_options, &chain, &signature, &leaf_cert_sct); | 151 chlo_hash, connection_options, &chain, &out_proof); |
| 152 callback->Run(ok, chain, signature, leaf_cert_sct, nullptr /* details */); | 152 callback->Run(ok, chain, out_proof, nullptr /* details */); |
| 153 } | 153 } |
| 154 | 154 |
| 155 } // namespace net | 155 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2516033003:
Landing Recent QUIC changes until Mon Nov 14 04:43:50 2016 +0000 (Closed)
