Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(504)

Side by Side Diff: net/quic/core/crypto/quic_crypto_server_config.cc

Issue 2516033003: Landing Recent QUIC changes until Mon Nov 14 04:43:50 2016 +0000 (Closed)
Patch Set: Remove unused UpdatePacketGapSentHistogram() function. Created 4 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/quic/core/crypto/quic_crypto_server_config.h" 5 #include "net/quic/core/crypto/quic_crypto_server_config.h"
6 6
7 #include <stdlib.h> 7 #include <stdlib.h>
8 8
9 #include <algorithm> 9 #include <algorithm>
10 #include <memory> 10 #include <memory>
11 11
12 #include "base/macros.h" 12 #include "base/macros.h"
13 #include "base/memory/ref_counted.h" 13 #include "base/memory/ref_counted.h"
14 #include "crypto/hkdf.h" 14 #include "crypto/hkdf.h"
15 #include "crypto/secure_hash.h" 15 #include "crypto/secure_hash.h"
16 #include "net/base/ip_address.h" 16 #include "net/base/ip_address.h"
17 #include "net/quic/core/crypto/aes_128_gcm_12_decrypter.h" 17 #include "net/quic/core/crypto/aes_128_gcm_12_decrypter.h"
18 #include "net/quic/core/crypto/aes_128_gcm_12_encrypter.h" 18 #include "net/quic/core/crypto/aes_128_gcm_12_encrypter.h"
19 #include "net/quic/core/crypto/cert_compressor.h" 19 #include "net/quic/core/crypto/cert_compressor.h"
20 #include "net/quic/core/crypto/chacha20_poly1305_encrypter.h" 20 #include "net/quic/core/crypto/chacha20_poly1305_encrypter.h"
21 #include "net/quic/core/crypto/channel_id.h" 21 #include "net/quic/core/crypto/channel_id.h"
22 #include "net/quic/core/crypto/crypto_framer.h" 22 #include "net/quic/core/crypto/crypto_framer.h"
23 #include "net/quic/core/crypto/crypto_handshake_message.h" 23 #include "net/quic/core/crypto/crypto_handshake_message.h"
24 #include "net/quic/core/crypto/crypto_server_config_protobuf.h" 24 #include "net/quic/core/crypto/crypto_server_config_protobuf.h"
25 #include "net/quic/core/crypto/crypto_utils.h" 25 #include "net/quic/core/crypto/crypto_utils.h"
26 #include "net/quic/core/crypto/curve25519_key_exchange.h" 26 #include "net/quic/core/crypto/curve25519_key_exchange.h"
27 #include "net/quic/core/crypto/ephemeral_key_source.h" 27 #include "net/quic/core/crypto/ephemeral_key_source.h"
28 #include "net/quic/core/crypto/key_exchange.h" 28 #include "net/quic/core/crypto/key_exchange.h"
29 #include "net/quic/core/crypto/local_strike_register_client.h"
30 #include "net/quic/core/crypto/p256_key_exchange.h" 29 #include "net/quic/core/crypto/p256_key_exchange.h"
31 #include "net/quic/core/crypto/proof_source.h" 30 #include "net/quic/core/crypto/proof_source.h"
32 #include "net/quic/core/crypto/quic_decrypter.h" 31 #include "net/quic/core/crypto/quic_decrypter.h"
33 #include "net/quic/core/crypto/quic_encrypter.h" 32 #include "net/quic/core/crypto/quic_encrypter.h"
34 #include "net/quic/core/crypto/quic_random.h" 33 #include "net/quic/core/crypto/quic_random.h"
35 #include "net/quic/core/crypto/strike_register.h"
36 #include "net/quic/core/crypto/strike_register_client.h"
37 #include "net/quic/core/proto/source_address_token.pb.h" 34 #include "net/quic/core/proto/source_address_token.pb.h"
38 #include "net/quic/core/quic_bug_tracker.h" 35 #include "net/quic/core/quic_bug_tracker.h"
39 #include "net/quic/core/quic_clock.h" 36 #include "net/quic/core/quic_clock.h"
40 #include "net/quic/core/quic_flags.h" 37 #include "net/quic/core/quic_flags.h"
41 #include "net/quic/core/quic_protocol.h" 38 #include "net/quic/core/quic_protocol.h"
42 #include "net/quic/core/quic_socket_address_coder.h" 39 #include "net/quic/core/quic_socket_address_coder.h"
43 #include "net/quic/core/quic_utils.h" 40 #include "net/quic/core/quic_utils.h"
44 41
45 using base::StringPiece; 42 using base::StringPiece;
46 using crypto::SecureHash; 43 using crypto::SecureHash;
(...skipping 60 matching lines...) Expand 10 before | Expand all | Expand 10 after
107 done_cb_ = nullptr; 104 done_cb_ = nullptr;
108 } 105 }
109 106
110 private: 107 private:
111 scoped_refptr<ValidateClientHelloResultCallback::Result> result_; 108 scoped_refptr<ValidateClientHelloResultCallback::Result> result_;
112 std::unique_ptr<ValidateClientHelloResultCallback>* done_cb_; 109 std::unique_ptr<ValidateClientHelloResultCallback>* done_cb_;
113 110
114 DISALLOW_COPY_AND_ASSIGN(ValidateClientHelloHelper); 111 DISALLOW_COPY_AND_ASSIGN(ValidateClientHelloHelper);
115 }; 112 };
116 113
117 class VerifyNonceIsValidAndUniqueCallback
118 : public StrikeRegisterClient::ResultCallback {
119 public:
120 VerifyNonceIsValidAndUniqueCallback(
121 scoped_refptr<ValidateClientHelloResultCallback::Result> result,
122 std::unique_ptr<ProofSource::Details> proof_source_details,
123 std::unique_ptr<ValidateClientHelloResultCallback> done_cb)
124 : result_(std::move(result)),
125 proof_source_details_(std::move(proof_source_details)),
126 done_cb_(std::move(done_cb)) {}
127
128 protected:
129 void RunImpl(bool nonce_is_valid_and_unique,
130 InsertStatus nonce_error) override {
131 DVLOG(1) << "Using client nonce, unique: " << nonce_is_valid_and_unique
132 << " nonce_error: " << nonce_error;
133 if (!nonce_is_valid_and_unique) {
134 HandshakeFailureReason client_nonce_error;
135 switch (nonce_error) {
136 case NONCE_INVALID_FAILURE:
137 client_nonce_error = CLIENT_NONCE_INVALID_FAILURE;
138 break;
139 case NONCE_NOT_UNIQUE_FAILURE:
140 client_nonce_error = CLIENT_NONCE_NOT_UNIQUE_FAILURE;
141 break;
142 case NONCE_INVALID_ORBIT_FAILURE:
143 client_nonce_error = CLIENT_NONCE_INVALID_ORBIT_FAILURE;
144 break;
145 case NONCE_INVALID_TIME_FAILURE:
146 client_nonce_error = CLIENT_NONCE_INVALID_TIME_FAILURE;
147 break;
148 case STRIKE_REGISTER_TIMEOUT:
149 client_nonce_error = CLIENT_NONCE_STRIKE_REGISTER_TIMEOUT;
150 break;
151 case STRIKE_REGISTER_FAILURE:
152 client_nonce_error = CLIENT_NONCE_STRIKE_REGISTER_FAILURE;
153 break;
154 case NONCE_UNKNOWN_FAILURE:
155 client_nonce_error = CLIENT_NONCE_UNKNOWN_FAILURE;
156 break;
157 case NONCE_OK:
158 default:
159 QUIC_BUG << "Unexpected client nonce error: " << nonce_error;
160 client_nonce_error = CLIENT_NONCE_UNKNOWN_FAILURE;
161 break;
162 }
163 result_->info.reject_reasons.push_back(client_nonce_error);
164 }
165 done_cb_->Run(result_, std::move(proof_source_details_));
166 }
167
168 private:
169 scoped_refptr<ValidateClientHelloResultCallback::Result> result_;
170 std::unique_ptr<ProofSource::Details> proof_source_details_;
171 std::unique_ptr<ValidateClientHelloResultCallback> done_cb_;
172
173 DISALLOW_COPY_AND_ASSIGN(VerifyNonceIsValidAndUniqueCallback);
174 };
175
176 // static 114 // static
177 const char QuicCryptoServerConfig::TESTING[] = "secret string for testing"; 115 const char QuicCryptoServerConfig::TESTING[] = "secret string for testing";
178 116
179 ClientHelloInfo::ClientHelloInfo(const IPAddress& in_client_ip, 117 ClientHelloInfo::ClientHelloInfo(const IPAddress& in_client_ip,
180 QuicWallTime in_now) 118 QuicWallTime in_now)
181 : client_ip(in_client_ip), now(in_now), valid_source_address_token(false) {} 119 : client_ip(in_client_ip), now(in_now), valid_source_address_token(false) {}
182 120
183 ClientHelloInfo::ClientHelloInfo(const ClientHelloInfo& other) = default; 121 ClientHelloInfo::ClientHelloInfo(const ClientHelloInfo& other) = default;
184 122
185 ClientHelloInfo::~ClientHelloInfo() {} 123 ClientHelloInfo::~ClientHelloInfo() {}
(...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after
218 156
219 QuicCryptoServerConfig::QuicCryptoServerConfig( 157 QuicCryptoServerConfig::QuicCryptoServerConfig(
220 StringPiece source_address_token_secret, 158 StringPiece source_address_token_secret,
221 QuicRandom* server_nonce_entropy, 159 QuicRandom* server_nonce_entropy,
222 std::unique_ptr<ProofSource> proof_source) 160 std::unique_ptr<ProofSource> proof_source)
223 : replay_protection_(true), 161 : replay_protection_(true),
224 chlo_multiplier_(kMultiplier), 162 chlo_multiplier_(kMultiplier),
225 configs_lock_(), 163 configs_lock_(),
226 primary_config_(nullptr), 164 primary_config_(nullptr),
227 next_config_promotion_time_(QuicWallTime::Zero()), 165 next_config_promotion_time_(QuicWallTime::Zero()),
228 server_nonce_strike_register_lock_(),
229 proof_source_(std::move(proof_source)), 166 proof_source_(std::move(proof_source)),
230 strike_register_no_startup_period_(false),
231 strike_register_max_entries_(1 << 10),
232 strike_register_window_secs_(600),
233 source_address_token_future_secs_(3600), 167 source_address_token_future_secs_(3600),
234 source_address_token_lifetime_secs_(86400), 168 source_address_token_lifetime_secs_(86400),
235 server_nonce_strike_register_max_entries_(1 << 10),
236 server_nonce_strike_register_window_secs_(120),
237 enable_serving_sct_(false), 169 enable_serving_sct_(false),
238 rejection_observer_(nullptr) { 170 rejection_observer_(nullptr) {
239 DCHECK(proof_source_.get()); 171 DCHECK(proof_source_.get());
240 source_address_token_boxer_.SetKeys( 172 source_address_token_boxer_.SetKeys(
241 {DeriveSourceAddressTokenKey(source_address_token_secret)}); 173 {DeriveSourceAddressTokenKey(source_address_token_secret)});
242 174
243 // Generate a random key and orbit for server nonces. 175 // Generate a random key and orbit for server nonces.
244 server_nonce_entropy->RandBytes(server_nonce_orbit_, 176 server_nonce_entropy->RandBytes(server_nonce_orbit_,
245 sizeof(server_nonce_orbit_)); 177 sizeof(server_nonce_orbit_));
246 const size_t key_size = server_nonce_boxer_.GetKeySize(); 178 const size_t key_size = server_nonce_boxer_.GetKeySize();
(...skipping 160 matching lines...) Expand 10 before | Expand all | Expand 10 after
407 } 339 }
408 340
409 CryptoHandshakeMessage* QuicCryptoServerConfig::AddDefaultConfig( 341 CryptoHandshakeMessage* QuicCryptoServerConfig::AddDefaultConfig(
410 QuicRandom* rand, 342 QuicRandom* rand,
411 const QuicClock* clock, 343 const QuicClock* clock,
412 const ConfigOptions& options) { 344 const ConfigOptions& options) {
413 return AddConfig(GenerateConfig(rand, clock, options), clock->WallNow()); 345 return AddConfig(GenerateConfig(rand, clock, options), clock->WallNow());
414 } 346 }
415 347
416 bool QuicCryptoServerConfig::SetConfigs( 348 bool QuicCryptoServerConfig::SetConfigs(
417 const vector<std::unique_ptr<QuicServerConfigProtobuf>>& protobufs, 349 const std::vector<std::unique_ptr<QuicServerConfigProtobuf>>& protobufs,
418 const QuicWallTime now) { 350 const QuicWallTime now) {
419 vector<scoped_refptr<Config>> parsed_configs; 351 std::vector<scoped_refptr<Config>> parsed_configs;
420 bool ok = true; 352 bool ok = true;
421 353
422 for (auto& protobuf : protobufs) { 354 for (auto& protobuf : protobufs) {
423 scoped_refptr<Config> config(ParseConfigProtobuf(protobuf)); 355 scoped_refptr<Config> config(ParseConfigProtobuf(protobuf));
424 if (!config.get()) { 356 if (!config.get()) {
425 ok = false; 357 ok = false;
426 break; 358 break;
427 } 359 }
428 360
429 parsed_configs.push_back(config); 361 parsed_configs.push_back(config);
430 } 362 }
431 363
432 if (parsed_configs.empty()) { 364 if (parsed_configs.empty()) {
433 LOG(WARNING) << "New config list is empty."; 365 LOG(WARNING) << "New config list is empty.";
434 ok = false; 366 ok = false;
435 } 367 }
436 368
437 if (!ok) { 369 if (!ok) {
438 LOG(WARNING) << "Rejecting QUIC configs because of above errors"; 370 LOG(WARNING) << "Rejecting QUIC configs because of above errors";
439 } else { 371 } else {
440 VLOG(1) << "Updating configs:"; 372 VLOG(1) << "Updating configs:";
441 373
442 base::AutoLock locked(configs_lock_); 374 base::AutoLock locked(configs_lock_);
443 ConfigMap new_configs; 375 ConfigMap new_configs;
444 376
445 for (vector<scoped_refptr<Config>>::const_iterator i = 377 for (std::vector<scoped_refptr<Config>>::const_iterator i =
446 parsed_configs.begin(); 378 parsed_configs.begin();
447 i != parsed_configs.end(); ++i) { 379 i != parsed_configs.end(); ++i) {
448 scoped_refptr<Config> config = *i; 380 scoped_refptr<Config> config = *i;
449 381
450 ConfigMap::iterator it = configs_.find(config->id); 382 ConfigMap::iterator it = configs_.find(config->id);
451 if (it != configs_.end()) { 383 if (it != configs_.end()) {
452 VLOG(1) << "Keeping scid: " << QuicUtils::HexEncode(config->id) 384 VLOG(1) << "Keeping scid: " << QuicUtils::HexEncode(config->id)
453 << " orbit: " 385 << " orbit: "
454 << QuicUtils::HexEncode( 386 << QuicUtils::HexEncode(
455 reinterpret_cast<const char*>(config->orbit), kOrbitSize) 387 reinterpret_cast<const char*>(config->orbit), kOrbitSize)
(...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after
493 scids->push_back(it->first); 425 scids->push_back(it->first);
494 } 426 }
495 } 427 }
496 428
497 void QuicCryptoServerConfig::ValidateClientHello( 429 void QuicCryptoServerConfig::ValidateClientHello(
498 const CryptoHandshakeMessage& client_hello, 430 const CryptoHandshakeMessage& client_hello,
499 const IPAddress& client_ip, 431 const IPAddress& client_ip,
500 const IPAddress& server_ip, 432 const IPAddress& server_ip,
501 QuicVersion version, 433 QuicVersion version,
502 const QuicClock* clock, 434 const QuicClock* clock,
503 scoped_refptr<QuicCryptoProof> crypto_proof, 435 scoped_refptr<QuicSignedServerConfig> signed_config,
504 std::unique_ptr<ValidateClientHelloResultCallback> done_cb) const { 436 std::unique_ptr<ValidateClientHelloResultCallback> done_cb) const {
505 const QuicWallTime now(clock->WallNow()); 437 const QuicWallTime now(clock->WallNow());
506 438
507 scoped_refptr<ValidateClientHelloResultCallback::Result> result( 439 scoped_refptr<ValidateClientHelloResultCallback::Result> result(
508 new ValidateClientHelloResultCallback::Result(client_hello, client_ip, 440 new ValidateClientHelloResultCallback::Result(client_hello, client_ip,
509 now)); 441 now));
510 442
511 StringPiece requested_scid; 443 StringPiece requested_scid;
512 client_hello.GetStringPiece(kSCID, &requested_scid); 444 client_hello.GetStringPiece(kSCID, &requested_scid);
513 445
514 scoped_refptr<Config> requested_config; 446 scoped_refptr<Config> requested_config;
515 scoped_refptr<Config> primary_config; 447 scoped_refptr<Config> primary_config;
516 { 448 {
517 base::AutoLock locked(configs_lock_); 449 base::AutoLock locked(configs_lock_);
518 450
519 if (!primary_config_.get()) { 451 if (!primary_config_.get()) {
520 result->error_code = QUIC_CRYPTO_INTERNAL_ERROR; 452 result->error_code = QUIC_CRYPTO_INTERNAL_ERROR;
521 result->error_details = "No configurations loaded"; 453 result->error_details = "No configurations loaded";
522 } else { 454 } else {
523 if (!next_config_promotion_time_.IsZero() && 455 if (!next_config_promotion_time_.IsZero() &&
524 next_config_promotion_time_.IsAfter(now)) { 456 next_config_promotion_time_.IsAfter(now)) {
525 SelectNewPrimaryConfig(now); 457 SelectNewPrimaryConfig(now);
526 DCHECK(primary_config_.get()); 458 DCHECK(primary_config_.get());
527 DCHECK_EQ(configs_.find(primary_config_->id)->second, primary_config_); 459 DCHECK_EQ(configs_.find(primary_config_->id)->second, primary_config_);
528 } 460 }
529 } 461 }
530 462
531 requested_config = GetConfigWithScid(requested_scid); 463 requested_config = GetConfigWithScid(requested_scid);
532 primary_config = primary_config_; 464 primary_config = primary_config_;
533 crypto_proof->config = primary_config_; 465 signed_config->config = primary_config_;
534 } 466 }
535 467
536 if (result->error_code == QUIC_NO_ERROR) { 468 if (result->error_code == QUIC_NO_ERROR) {
537 // QUIC requires a new proof for each CHLO so clear any existing proof. 469 // QUIC requires a new proof for each CHLO so clear any existing proof.
538 crypto_proof->chain = nullptr; 470 signed_config->chain = nullptr;
539 crypto_proof->signature = ""; 471 signed_config->signature = "";
540 crypto_proof->cert_sct = ""; 472 signed_config->cert_sct = "";
541 EvaluateClientHello(server_ip, version, requested_config, primary_config, 473 EvaluateClientHello(server_ip, version, requested_config, primary_config,
542 crypto_proof, result, std::move(done_cb)); 474 signed_config, result, std::move(done_cb));
543 } else { 475 } else {
544 done_cb->Run(result, /* details = */ nullptr); 476 done_cb->Run(result, /* details = */ nullptr);
545 } 477 }
546 } 478 }
547 479
548 class ProcessClientHelloHelper { 480 class ProcessClientHelloHelper {
549 public: 481 public:
550 explicit ProcessClientHelloHelper( 482 explicit ProcessClientHelloHelper(
551 std::unique_ptr<ProcessClientHelloResultCallback>* done_cb) 483 std::unique_ptr<ProcessClientHelloResultCallback>* done_cb)
552 : done_cb_(done_cb) {} 484 : done_cb_(done_cb) {}
(...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after
590 QuicConnectionId connection_id, 522 QuicConnectionId connection_id,
591 const IPEndPoint& client_address, 523 const IPEndPoint& client_address,
592 QuicVersion version, 524 QuicVersion version,
593 const QuicVersionVector& supported_versions, 525 const QuicVersionVector& supported_versions,
594 bool use_stateless_rejects, 526 bool use_stateless_rejects,
595 QuicConnectionId server_designated_connection_id, 527 QuicConnectionId server_designated_connection_id,
596 const QuicClock* clock, 528 const QuicClock* clock,
597 QuicRandom* rand, 529 QuicRandom* rand,
598 QuicCompressedCertsCache* compressed_certs_cache, 530 QuicCompressedCertsCache* compressed_certs_cache,
599 scoped_refptr<QuicCryptoNegotiatedParameters> params, 531 scoped_refptr<QuicCryptoNegotiatedParameters> params,
600 scoped_refptr<QuicCryptoProof> crypto_proof, 532 scoped_refptr<QuicSignedServerConfig> signed_config,
601 QuicByteCount total_framing_overhead, 533 QuicByteCount total_framing_overhead,
602 QuicByteCount chlo_packet_size, 534 QuicByteCount chlo_packet_size,
603 const scoped_refptr<QuicCryptoServerConfig::Config>& requested_config, 535 const scoped_refptr<QuicCryptoServerConfig::Config>& requested_config,
604 const scoped_refptr<QuicCryptoServerConfig::Config>& primary_config, 536 const scoped_refptr<QuicCryptoServerConfig::Config>& primary_config,
605 std::unique_ptr<ProcessClientHelloResultCallback> done_cb) 537 std::unique_ptr<ProcessClientHelloResultCallback> done_cb)
606 : config_(config), 538 : config_(config),
607 validate_chlo_result_(std::move(validate_chlo_result)), 539 validate_chlo_result_(std::move(validate_chlo_result)),
608 reject_only_(reject_only), 540 reject_only_(reject_only),
609 connection_id_(connection_id), 541 connection_id_(connection_id),
610 client_address_(client_address), 542 client_address_(client_address),
611 version_(version), 543 version_(version),
612 supported_versions_(supported_versions), 544 supported_versions_(supported_versions),
613 use_stateless_rejects_(use_stateless_rejects), 545 use_stateless_rejects_(use_stateless_rejects),
614 server_designated_connection_id_(server_designated_connection_id), 546 server_designated_connection_id_(server_designated_connection_id),
615 clock_(clock), 547 clock_(clock),
616 rand_(rand), 548 rand_(rand),
617 compressed_certs_cache_(compressed_certs_cache), 549 compressed_certs_cache_(compressed_certs_cache),
618 params_(params), 550 params_(params),
619 crypto_proof_(crypto_proof), 551 signed_config_(signed_config),
620 total_framing_overhead_(total_framing_overhead), 552 total_framing_overhead_(total_framing_overhead),
621 chlo_packet_size_(chlo_packet_size), 553 chlo_packet_size_(chlo_packet_size),
622 requested_config_(requested_config), 554 requested_config_(requested_config),
623 primary_config_(primary_config), 555 primary_config_(primary_config),
624 done_cb_(std::move(done_cb)) {} 556 done_cb_(std::move(done_cb)) {}
625 557
626 void Run(bool ok, 558 void Run(bool ok,
627 const scoped_refptr<ProofSource::Chain>& chain, 559 const scoped_refptr<ProofSource::Chain>& chain,
628 const string& signature, 560 const QuicCryptoProof& proof,
629 const string& leaf_cert_sct,
630 std::unique_ptr<ProofSource::Details> details) override { 561 std::unique_ptr<ProofSource::Details> details) override {
631 if (ok) { 562 if (ok) {
632 crypto_proof_->chain = chain; 563 signed_config_->chain = chain;
633 crypto_proof_->signature = signature; 564 signed_config_->signature = proof.signature;
634 crypto_proof_->cert_sct = leaf_cert_sct; 565 signed_config_->cert_sct = proof.leaf_cert_scts;
566 signed_config_->send_expect_ct_header = proof.send_expect_ct_header;
635 } 567 }
636 config_->ProcessClientHelloAfterGetProof( 568 config_->ProcessClientHelloAfterGetProof(
637 !ok, std::move(details), *validate_chlo_result_, reject_only_, 569 !ok, std::move(details), *validate_chlo_result_, reject_only_,
638 connection_id_, client_address_, version_, supported_versions_, 570 connection_id_, client_address_, version_, supported_versions_,
639 use_stateless_rejects_, server_designated_connection_id_, clock_, rand_, 571 use_stateless_rejects_, server_designated_connection_id_, clock_, rand_,
640 compressed_certs_cache_, params_, crypto_proof_, 572 compressed_certs_cache_, params_, signed_config_,
641 total_framing_overhead_, chlo_packet_size_, requested_config_, 573 total_framing_overhead_, chlo_packet_size_, requested_config_,
642 primary_config_, std::move(done_cb_)); 574 primary_config_, std::move(done_cb_));
643 } 575 }
644 576
645 private: 577 private:
646 const QuicCryptoServerConfig* config_; 578 const QuicCryptoServerConfig* config_;
647 const scoped_refptr<ValidateClientHelloResultCallback::Result> 579 const scoped_refptr<ValidateClientHelloResultCallback::Result>
648 validate_chlo_result_; 580 validate_chlo_result_;
649 const bool reject_only_; 581 const bool reject_only_;
650 const QuicConnectionId connection_id_; 582 const QuicConnectionId connection_id_;
651 const IPEndPoint client_address_; 583 const IPEndPoint client_address_;
652 const QuicVersion version_; 584 const QuicVersion version_;
653 const QuicVersionVector supported_versions_; 585 const QuicVersionVector supported_versions_;
654 const bool use_stateless_rejects_; 586 const bool use_stateless_rejects_;
655 const QuicConnectionId server_designated_connection_id_; 587 const QuicConnectionId server_designated_connection_id_;
656 const QuicClock* const clock_; 588 const QuicClock* const clock_;
657 QuicRandom* const rand_; 589 QuicRandom* const rand_;
658 QuicCompressedCertsCache* compressed_certs_cache_; 590 QuicCompressedCertsCache* compressed_certs_cache_;
659 scoped_refptr<QuicCryptoNegotiatedParameters> params_; 591 scoped_refptr<QuicCryptoNegotiatedParameters> params_;
660 scoped_refptr<QuicCryptoProof> crypto_proof_; 592 scoped_refptr<QuicSignedServerConfig> signed_config_;
661 const QuicByteCount total_framing_overhead_; 593 const QuicByteCount total_framing_overhead_;
662 const QuicByteCount chlo_packet_size_; 594 const QuicByteCount chlo_packet_size_;
663 const scoped_refptr<QuicCryptoServerConfig::Config> requested_config_; 595 const scoped_refptr<QuicCryptoServerConfig::Config> requested_config_;
664 const scoped_refptr<QuicCryptoServerConfig::Config> primary_config_; 596 const scoped_refptr<QuicCryptoServerConfig::Config> primary_config_;
665 std::unique_ptr<ProcessClientHelloResultCallback> done_cb_; 597 std::unique_ptr<ProcessClientHelloResultCallback> done_cb_;
666 }; 598 };
667 599
668 void QuicCryptoServerConfig::ProcessClientHello( 600 void QuicCryptoServerConfig::ProcessClientHello(
669 scoped_refptr<ValidateClientHelloResultCallback::Result> 601 scoped_refptr<ValidateClientHelloResultCallback::Result>
670 validate_chlo_result, 602 validate_chlo_result,
671 bool reject_only, 603 bool reject_only,
672 QuicConnectionId connection_id, 604 QuicConnectionId connection_id,
673 const IPAddress& server_ip, 605 const IPAddress& server_ip,
674 const IPEndPoint& client_address, 606 const IPEndPoint& client_address,
675 QuicVersion version, 607 QuicVersion version,
676 const QuicVersionVector& supported_versions, 608 const QuicVersionVector& supported_versions,
677 bool use_stateless_rejects, 609 bool use_stateless_rejects,
678 QuicConnectionId server_designated_connection_id, 610 QuicConnectionId server_designated_connection_id,
679 const QuicClock* clock, 611 const QuicClock* clock,
680 QuicRandom* rand, 612 QuicRandom* rand,
681 QuicCompressedCertsCache* compressed_certs_cache, 613 QuicCompressedCertsCache* compressed_certs_cache,
682 scoped_refptr<QuicCryptoNegotiatedParameters> params, 614 scoped_refptr<QuicCryptoNegotiatedParameters> params,
683 scoped_refptr<QuicCryptoProof> crypto_proof, 615 scoped_refptr<QuicSignedServerConfig> signed_config,
684 QuicByteCount total_framing_overhead, 616 QuicByteCount total_framing_overhead,
685 QuicByteCount chlo_packet_size, 617 QuicByteCount chlo_packet_size,
686 std::unique_ptr<ProcessClientHelloResultCallback> done_cb) const { 618 std::unique_ptr<ProcessClientHelloResultCallback> done_cb) const {
687 DCHECK(done_cb); 619 DCHECK(done_cb);
688 620
689 ProcessClientHelloHelper helper(&done_cb); 621 ProcessClientHelloHelper helper(&done_cb);
690 622
691 const CryptoHandshakeMessage& client_hello = 623 const CryptoHandshakeMessage& client_hello =
692 validate_chlo_result->client_hello; 624 validate_chlo_result->client_hello;
693 const ClientHelloInfo& info = validate_chlo_result->info; 625 const ClientHelloInfo& info = validate_chlo_result->info;
(...skipping 21 matching lines...) Expand all
715 } else { 647 } else {
716 if (!next_config_promotion_time_.IsZero() && 648 if (!next_config_promotion_time_.IsZero() &&
717 next_config_promotion_time_.IsAfter(now)) { 649 next_config_promotion_time_.IsAfter(now)) {
718 SelectNewPrimaryConfig(now); 650 SelectNewPrimaryConfig(now);
719 DCHECK(primary_config_.get()); 651 DCHECK(primary_config_.get());
720 DCHECK_EQ(configs_.find(primary_config_->id)->second, primary_config_); 652 DCHECK_EQ(configs_.find(primary_config_->id)->second, primary_config_);
721 } 653 }
722 654
723 // Use the config that the client requested in order to do key-agreement. 655 // Use the config that the client requested in order to do key-agreement.
724 // Otherwise give it a copy of |primary_config_| to use. 656 // Otherwise give it a copy of |primary_config_| to use.
725 primary_config = crypto_proof->config; 657 primary_config = signed_config->config;
726 requested_config = GetConfigWithScid(requested_scid); 658 requested_config = GetConfigWithScid(requested_scid);
727 } 659 }
728 } 660 }
729 if (no_primary_config) { 661 if (no_primary_config) {
730 helper.Fail(QUIC_CRYPTO_INTERNAL_ERROR, "No configurations loaded"); 662 helper.Fail(QUIC_CRYPTO_INTERNAL_ERROR, "No configurations loaded");
731 return; 663 return;
732 } 664 }
733 665
734 if (validate_chlo_result->error_code != QUIC_NO_ERROR) { 666 if (validate_chlo_result->error_code != QUIC_NO_ERROR) {
735 helper.Fail(validate_chlo_result->error_code, 667 helper.Fail(validate_chlo_result->error_code,
736 validate_chlo_result->error_details); 668 validate_chlo_result->error_details);
737 return; 669 return;
738 } 670 }
739 671
740 if (!ClientDemandsX509Proof(client_hello)) { 672 if (!ClientDemandsX509Proof(client_hello)) {
741 helper.Fail(QUIC_UNSUPPORTED_PROOF_DEMAND, "Missing or invalid PDMD"); 673 helper.Fail(QUIC_UNSUPPORTED_PROOF_DEMAND, "Missing or invalid PDMD");
742 return; 674 return;
743 } 675 }
744 DCHECK(proof_source_.get()); 676 DCHECK(proof_source_.get());
745 string chlo_hash; 677 string chlo_hash;
746 CryptoUtils::HashHandshakeMessage(client_hello, &chlo_hash); 678 CryptoUtils::HashHandshakeMessage(client_hello, &chlo_hash);
747 679
748 // No need to get a new proof if one was already generated. 680 // No need to get a new proof if one was already generated.
749 if (!crypto_proof->chain) { 681 if (!signed_config->chain) {
750 const QuicTag* tag_ptr; 682 const QuicTag* tag_ptr;
751 size_t num_tags; 683 size_t num_tags;
752 QuicTagVector connection_options; 684 QuicTagVector connection_options;
753 if (client_hello.GetTaglist(kCOPT, &tag_ptr, &num_tags) == QUIC_NO_ERROR) { 685 if (client_hello.GetTaglist(kCOPT, &tag_ptr, &num_tags) == QUIC_NO_ERROR) {
754 connection_options.assign(tag_ptr, tag_ptr + num_tags); 686 connection_options.assign(tag_ptr, tag_ptr + num_tags);
755 } 687 }
756 if (FLAGS_enable_async_get_proof) { 688 if (FLAGS_enable_async_get_proof) {
757 std::unique_ptr<ProcessClientHelloCallback> cb( 689 std::unique_ptr<ProcessClientHelloCallback> cb(
758 new ProcessClientHelloCallback( 690 new ProcessClientHelloCallback(
759 this, validate_chlo_result, reject_only, connection_id, 691 this, validate_chlo_result, reject_only, connection_id,
760 client_address, version, supported_versions, 692 client_address, version, supported_versions,
761 use_stateless_rejects, server_designated_connection_id, clock, 693 use_stateless_rejects, server_designated_connection_id, clock,
762 rand, compressed_certs_cache, params, crypto_proof, 694 rand, compressed_certs_cache, params, signed_config,
763 total_framing_overhead, chlo_packet_size, requested_config, 695 total_framing_overhead, chlo_packet_size, requested_config,
764 primary_config, std::move(done_cb))); 696 primary_config, std::move(done_cb)));
765 proof_source_->GetProof(server_ip, info.sni.as_string(), 697 proof_source_->GetProof(server_ip, info.sni.as_string(),
766 primary_config->serialized, version, chlo_hash, 698 primary_config->serialized, version, chlo_hash,
767 connection_options, std::move(cb)); 699 connection_options, std::move(cb));
768 helper.DetachCallback(); 700 helper.DetachCallback();
769 return; 701 return;
770 } 702 }
771 703
772 if (!proof_source_->GetProof( 704 QuicCryptoProof proof;
773 server_ip, info.sni.as_string(), primary_config->serialized, 705 if (!proof_source_->GetProof(server_ip, info.sni.as_string(),
774 version, chlo_hash, connection_options, &crypto_proof->chain, 706 primary_config->serialized, version, chlo_hash,
775 &crypto_proof->signature, &crypto_proof->cert_sct)) { 707 connection_options, &signed_config->chain,
708 &proof)) {
776 helper.Fail(QUIC_HANDSHAKE_FAILED, "Missing or invalid crypto proof."); 709 helper.Fail(QUIC_HANDSHAKE_FAILED, "Missing or invalid crypto proof.");
777 return; 710 return;
778 } 711 }
712 signed_config->signature = proof.signature;
713 signed_config->cert_sct = proof.leaf_cert_scts;
779 } 714 }
780 715
781 helper.DetachCallback(); 716 helper.DetachCallback();
782 ProcessClientHelloAfterGetProof( 717 ProcessClientHelloAfterGetProof(
783 /* found_error = */ false, /* proof_source_details = */ nullptr, 718 /* found_error = */ false, /* proof_source_details = */ nullptr,
784 *validate_chlo_result, reject_only, connection_id, client_address, 719 *validate_chlo_result, reject_only, connection_id, client_address,
785 version, supported_versions, use_stateless_rejects, 720 version, supported_versions, use_stateless_rejects,
786 server_designated_connection_id, clock, rand, compressed_certs_cache, 721 server_designated_connection_id, clock, rand, compressed_certs_cache,
787 params, crypto_proof, total_framing_overhead, chlo_packet_size, 722 params, signed_config, total_framing_overhead, chlo_packet_size,
788 requested_config, primary_config, std::move(done_cb)); 723 requested_config, primary_config, std::move(done_cb));
789 } 724 }
790 725
791 void QuicCryptoServerConfig::ProcessClientHelloAfterGetProof( 726 void QuicCryptoServerConfig::ProcessClientHelloAfterGetProof(
792 bool found_error, 727 bool found_error,
793 std::unique_ptr<ProofSource::Details> proof_source_details, 728 std::unique_ptr<ProofSource::Details> proof_source_details,
794 const ValidateClientHelloResultCallback::Result& validate_chlo_result, 729 const ValidateClientHelloResultCallback::Result& validate_chlo_result,
795 bool reject_only, 730 bool reject_only,
796 QuicConnectionId connection_id, 731 QuicConnectionId connection_id,
797 const IPEndPoint& client_address, 732 const IPEndPoint& client_address,
798 QuicVersion version, 733 QuicVersion version,
799 const QuicVersionVector& supported_versions, 734 const QuicVersionVector& supported_versions,
800 bool use_stateless_rejects, 735 bool use_stateless_rejects,
801 QuicConnectionId server_designated_connection_id, 736 QuicConnectionId server_designated_connection_id,
802 const QuicClock* clock, 737 const QuicClock* clock,
803 QuicRandom* rand, 738 QuicRandom* rand,
804 QuicCompressedCertsCache* compressed_certs_cache, 739 QuicCompressedCertsCache* compressed_certs_cache,
805 scoped_refptr<QuicCryptoNegotiatedParameters> params, 740 scoped_refptr<QuicCryptoNegotiatedParameters> params,
806 scoped_refptr<QuicCryptoProof> crypto_proof, 741 scoped_refptr<QuicSignedServerConfig> signed_config,
807 QuicByteCount total_framing_overhead, 742 QuicByteCount total_framing_overhead,
808 QuicByteCount chlo_packet_size, 743 QuicByteCount chlo_packet_size,
809 const scoped_refptr<Config>& requested_config, 744 const scoped_refptr<Config>& requested_config,
810 const scoped_refptr<Config>& primary_config, 745 const scoped_refptr<Config>& primary_config,
811 std::unique_ptr<ProcessClientHelloResultCallback> done_cb) const { 746 std::unique_ptr<ProcessClientHelloResultCallback> done_cb) const {
812 ProcessClientHelloHelper helper(&done_cb); 747 ProcessClientHelloHelper helper(&done_cb);
813 748
814 if (found_error) { 749 if (found_error) {
815 helper.Fail(QUIC_HANDSHAKE_FAILED, "Failed to get proof"); 750 helper.Fail(QUIC_HANDSHAKE_FAILED, "Failed to get proof");
816 return; 751 return;
817 } 752 }
818 753
819 const CryptoHandshakeMessage& client_hello = 754 const CryptoHandshakeMessage& client_hello =
820 validate_chlo_result.client_hello; 755 validate_chlo_result.client_hello;
821 const ClientHelloInfo& info = validate_chlo_result.info; 756 const ClientHelloInfo& info = validate_chlo_result.info;
822 std::unique_ptr<DiversificationNonce> out_diversification_nonce( 757 std::unique_ptr<DiversificationNonce> out_diversification_nonce(
823 new DiversificationNonce); 758 new DiversificationNonce);
824 759
825 StringPiece cert_sct; 760 StringPiece cert_sct;
826 if (client_hello.GetStringPiece(kCertificateSCTTag, &cert_sct) && 761 if (client_hello.GetStringPiece(kCertificateSCTTag, &cert_sct) &&
827 cert_sct.empty()) { 762 cert_sct.empty()) {
828 params->sct_supported_by_client = true; 763 params->sct_supported_by_client = true;
829 } 764 }
830 765
831 std::unique_ptr<CryptoHandshakeMessage> out(new CryptoHandshakeMessage); 766 std::unique_ptr<CryptoHandshakeMessage> out(new CryptoHandshakeMessage);
832 if (!info.reject_reasons.empty() || !requested_config.get()) { 767 if (!info.reject_reasons.empty() || !requested_config.get()) {
833 BuildRejection(version, clock->WallNow(), *primary_config, client_hello, 768 BuildRejection(version, clock->WallNow(), *primary_config, client_hello,
834 info, validate_chlo_result.cached_network_params, 769 info, validate_chlo_result.cached_network_params,
835 use_stateless_rejects, server_designated_connection_id, rand, 770 use_stateless_rejects, server_designated_connection_id, rand,
836 compressed_certs_cache, params, *crypto_proof, 771 compressed_certs_cache, params, *signed_config,
837 total_framing_overhead, chlo_packet_size, out.get()); 772 total_framing_overhead, chlo_packet_size, out.get());
838 if (FLAGS_quic_export_rej_for_all_rejects && 773 if (FLAGS_quic_export_rej_for_all_rejects &&
839 rejection_observer_ != nullptr) { 774 rejection_observer_ != nullptr) {
840 rejection_observer_->OnRejectionBuilt(info.reject_reasons, out.get()); 775 rejection_observer_->OnRejectionBuilt(info.reject_reasons, out.get());
841 } 776 }
842 helper.Succeed(std::move(out), std::move(out_diversification_nonce), 777 helper.Succeed(std::move(out), std::move(out_diversification_nonce),
843 std::move(proof_source_details)); 778 std::move(proof_source_details));
844 return; 779 return;
845 } 780 }
846 781
(...skipping 10 matching lines...) Expand all
857 QUIC_NO_ERROR || 792 QUIC_NO_ERROR ||
858 client_hello.GetTaglist(kKEXS, &their_key_exchanges, 793 client_hello.GetTaglist(kKEXS, &their_key_exchanges,
859 &num_their_key_exchanges) != QUIC_NO_ERROR || 794 &num_their_key_exchanges) != QUIC_NO_ERROR ||
860 num_their_aeads != 1 || num_their_key_exchanges != 1) { 795 num_their_aeads != 1 || num_their_key_exchanges != 1) {
861 helper.Fail(QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER, 796 helper.Fail(QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER,
862 "Missing or invalid AEAD or KEXS"); 797 "Missing or invalid AEAD or KEXS");
863 return; 798 return;
864 } 799 }
865 800
866 size_t key_exchange_index; 801 size_t key_exchange_index;
867 if (!QuicUtils::FindMutualTag(requested_config->aead, their_aeads, 802 if (!FindMutualQuicTag(requested_config->aead, their_aeads, num_their_aeads,
868 num_their_aeads, QuicUtils::LOCAL_PRIORITY, 803 &params->aead, nullptr) ||
869 &params->aead, nullptr) || 804 !FindMutualQuicTag(requested_config->kexs, their_key_exchanges,
870 !QuicUtils::FindMutualTag(requested_config->kexs, their_key_exchanges, 805 num_their_key_exchanges, &params->key_exchange,
871 num_their_key_exchanges, 806 &key_exchange_index)) {
872 QuicUtils::LOCAL_PRIORITY,
873 &params->key_exchange, &key_exchange_index)) {
874 helper.Fail(QUIC_CRYPTO_NO_SUPPORT, "Unsupported AEAD or KEXS"); 807 helper.Fail(QUIC_CRYPTO_NO_SUPPORT, "Unsupported AEAD or KEXS");
875 return; 808 return;
876 } 809 }
877 810
878 if (!requested_config->tb_key_params.empty()) { 811 if (!requested_config->tb_key_params.empty()) {
879 const QuicTag* their_tbkps; 812 const QuicTag* their_tbkps;
880 size_t num_their_tbkps; 813 size_t num_their_tbkps;
881 switch (client_hello.GetTaglist(kTBKP, &their_tbkps, &num_their_tbkps)) { 814 switch (client_hello.GetTaglist(kTBKP, &their_tbkps, &num_their_tbkps)) {
882 case QUIC_CRYPTO_MESSAGE_PARAMETER_NOT_FOUND: 815 case QUIC_CRYPTO_MESSAGE_PARAMETER_NOT_FOUND:
883 break; 816 break;
884 case QUIC_NO_ERROR: 817 case QUIC_NO_ERROR:
885 if (QuicUtils::FindMutualTag( 818 if (FindMutualQuicTag(requested_config->tb_key_params, their_tbkps,
886 requested_config->tb_key_params, their_tbkps, num_their_tbkps, 819 num_their_tbkps, &params->token_binding_key_param,
887 QuicUtils::LOCAL_PRIORITY, &params->token_binding_key_param, 820 nullptr)) {
888 nullptr)) {
889 break; 821 break;
890 } 822 }
891 default: 823 default:
892 helper.Fail(QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER, 824 helper.Fail(QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER,
893 "Invalid Token Binding key parameter"); 825 "Invalid Token Binding key parameter");
894 return; 826 return;
895 } 827 }
896 } 828 }
897 829
898 StringPiece public_value; 830 StringPiece public_value;
(...skipping 20 matching lines...) Expand all
919 string hkdf_suffix; 851 string hkdf_suffix;
920 const QuicData& client_hello_serialized = client_hello.GetSerialized(); 852 const QuicData& client_hello_serialized = client_hello.GetSerialized();
921 hkdf_suffix.reserve(sizeof(connection_id) + client_hello_serialized.length() + 853 hkdf_suffix.reserve(sizeof(connection_id) + client_hello_serialized.length() +
922 requested_config->serialized.size()); 854 requested_config->serialized.size());
923 hkdf_suffix.append(reinterpret_cast<char*>(&connection_id), 855 hkdf_suffix.append(reinterpret_cast<char*>(&connection_id),
924 sizeof(connection_id)); 856 sizeof(connection_id));
925 hkdf_suffix.append(client_hello_serialized.data(), 857 hkdf_suffix.append(client_hello_serialized.data(),
926 client_hello_serialized.length()); 858 client_hello_serialized.length());
927 hkdf_suffix.append(requested_config->serialized); 859 hkdf_suffix.append(requested_config->serialized);
928 DCHECK(proof_source_.get()); 860 DCHECK(proof_source_.get());
929 if (crypto_proof->chain->certs.empty()) { 861 if (signed_config->chain->certs.empty()) {
930 helper.Fail(QUIC_CRYPTO_INTERNAL_ERROR, "Failed to get certs"); 862 helper.Fail(QUIC_CRYPTO_INTERNAL_ERROR, "Failed to get certs");
931 return; 863 return;
932 } 864 }
933 hkdf_suffix.append(crypto_proof->chain->certs.at(0)); 865 hkdf_suffix.append(signed_config->chain->certs.at(0));
934 866
935 StringPiece cetv_ciphertext; 867 StringPiece cetv_ciphertext;
936 if (requested_config->channel_id_enabled && 868 if (requested_config->channel_id_enabled &&
937 client_hello.GetStringPiece(kCETV, &cetv_ciphertext)) { 869 client_hello.GetStringPiece(kCETV, &cetv_ciphertext)) {
938 CryptoHandshakeMessage client_hello_copy(client_hello); 870 CryptoHandshakeMessage client_hello_copy(client_hello);
939 client_hello_copy.Erase(kCETV); 871 client_hello_copy.Erase(kCETV);
940 client_hello_copy.Erase(kPAD); 872 client_hello_copy.Erase(kPAD);
941 873
942 const QuicData& client_hello_copy_serialized = 874 const QuicData& client_hello_copy_serialized =
943 client_hello_copy.GetSerialized(); 875 client_hello_copy.GetSerialized();
(...skipping 47 matching lines...) Expand 10 before | Expand all | Expand 10 after
991 params->channel_id = key.as_string(); 923 params->channel_id = key.as_string();
992 } 924 }
993 } 925 }
994 926
995 string hkdf_input; 927 string hkdf_input;
996 size_t label_len = strlen(QuicCryptoConfig::kInitialLabel) + 1; 928 size_t label_len = strlen(QuicCryptoConfig::kInitialLabel) + 1;
997 hkdf_input.reserve(label_len + hkdf_suffix.size()); 929 hkdf_input.reserve(label_len + hkdf_suffix.size());
998 hkdf_input.append(QuicCryptoConfig::kInitialLabel, label_len); 930 hkdf_input.append(QuicCryptoConfig::kInitialLabel, label_len);
999 hkdf_input.append(hkdf_suffix); 931 hkdf_input.append(hkdf_suffix);
1000 932
933 rand->RandBytes(out_diversification_nonce->data(),
934 out_diversification_nonce->size());
1001 CryptoUtils::Diversification diversification = 935 CryptoUtils::Diversification diversification =
1002 CryptoUtils::Diversification::Never(); 936 CryptoUtils::Diversification::Now(out_diversification_nonce.get());
1003 if (version > QUIC_VERSION_32) {
1004 rand->RandBytes(out_diversification_nonce->data(),
1005 out_diversification_nonce->size());
1006 diversification =
1007 CryptoUtils::Diversification::Now(out_diversification_nonce.get());
1008 }
1009
1010 if (!CryptoUtils::DeriveKeys(params->initial_premaster_secret, params->aead, 937 if (!CryptoUtils::DeriveKeys(params->initial_premaster_secret, params->aead,
1011 info.client_nonce, info.server_nonce, hkdf_input, 938 info.client_nonce, info.server_nonce, hkdf_input,
1012 Perspective::IS_SERVER, diversification, 939 Perspective::IS_SERVER, diversification,
1013 &params->initial_crypters, 940 &params->initial_crypters,
1014 &params->initial_subkey_secret)) { 941 &params->initial_subkey_secret)) {
1015 helper.Fail(QUIC_CRYPTO_SYMMETRIC_KEY_SETUP_FAILED, 942 helper.Fail(QUIC_CRYPTO_SYMMETRIC_KEY_SETUP_FAILED,
1016 "Symmetric key setup failed"); 943 "Symmetric key setup failed");
1017 return; 944 return;
1018 } 945 }
1019 946
(...skipping 90 matching lines...) Expand 10 before | Expand all | Expand 10 after
1110 // Primary times are equal, sort backwards by priority. 1037 // Primary times are equal, sort backwards by priority.
1111 return a->priority < b->priority; 1038 return a->priority < b->priority;
1112 } else { 1039 } else {
1113 // Primary times and priorities are equal, sort by config id. 1040 // Primary times and priorities are equal, sort by config id.
1114 return a->id < b->id; 1041 return a->id < b->id;
1115 } 1042 }
1116 } 1043 }
1117 1044
1118 void QuicCryptoServerConfig::SelectNewPrimaryConfig( 1045 void QuicCryptoServerConfig::SelectNewPrimaryConfig(
1119 const QuicWallTime now) const { 1046 const QuicWallTime now) const {
1120 vector<scoped_refptr<Config>> configs; 1047 std::vector<scoped_refptr<Config>> configs;
1121 configs.reserve(configs_.size()); 1048 configs.reserve(configs_.size());
1122 1049
1123 for (ConfigMap::const_iterator it = configs_.begin(); it != configs_.end(); 1050 for (ConfigMap::const_iterator it = configs_.begin(); it != configs_.end();
1124 ++it) { 1051 ++it) {
1125 // TODO(avd) Exclude expired configs? 1052 // TODO(avd) Exclude expired configs?
1126 configs.push_back(it->second); 1053 configs.push_back(it->second);
1127 } 1054 }
1128 1055
1129 if (configs.empty()) { 1056 if (configs.empty()) {
1130 if (primary_config_.get()) { 1057 if (primary_config_.get()) {
(...skipping 70 matching lines...) Expand 10 before | Expand all | Expand 10 after
1201 class QuicCryptoServerConfig::EvaluateClientHelloCallback 1128 class QuicCryptoServerConfig::EvaluateClientHelloCallback
1202 : public ProofSource::Callback { 1129 : public ProofSource::Callback {
1203 public: 1130 public:
1204 EvaluateClientHelloCallback( 1131 EvaluateClientHelloCallback(
1205 const QuicCryptoServerConfig& config, 1132 const QuicCryptoServerConfig& config,
1206 bool found_error, 1133 bool found_error,
1207 const IPAddress& server_ip, 1134 const IPAddress& server_ip,
1208 QuicVersion version, 1135 QuicVersion version,
1209 scoped_refptr<QuicCryptoServerConfig::Config> requested_config, 1136 scoped_refptr<QuicCryptoServerConfig::Config> requested_config,
1210 scoped_refptr<QuicCryptoServerConfig::Config> primary_config, 1137 scoped_refptr<QuicCryptoServerConfig::Config> primary_config,
1211 scoped_refptr<QuicCryptoProof> crypto_proof, 1138 scoped_refptr<QuicSignedServerConfig> signed_config,
1212 scoped_refptr<ValidateClientHelloResultCallback::Result> 1139 scoped_refptr<ValidateClientHelloResultCallback::Result>
1213 client_hello_state, 1140 client_hello_state,
1214 std::unique_ptr<ValidateClientHelloResultCallback> done_cb) 1141 std::unique_ptr<ValidateClientHelloResultCallback> done_cb)
1215 : config_(config), 1142 : config_(config),
1216 found_error_(found_error), 1143 found_error_(found_error),
1217 server_ip_(server_ip), 1144 server_ip_(server_ip),
1218 version_(version), 1145 version_(version),
1219 requested_config_(std::move(requested_config)), 1146 requested_config_(std::move(requested_config)),
1220 primary_config_(std::move(primary_config)), 1147 primary_config_(std::move(primary_config)),
1221 crypto_proof_(crypto_proof), 1148 signed_config_(signed_config),
1222 client_hello_state_(std::move(client_hello_state)), 1149 client_hello_state_(std::move(client_hello_state)),
1223 done_cb_(std::move(done_cb)) {} 1150 done_cb_(std::move(done_cb)) {}
1224 1151
1225 void Run(bool ok, 1152 void Run(bool ok,
1226 const scoped_refptr<ProofSource::Chain>& chain, 1153 const scoped_refptr<ProofSource::Chain>& chain,
1227 const string& signature, 1154 const QuicCryptoProof& proof,
1228 const string& leaf_cert_sct,
1229 std::unique_ptr<ProofSource::Details> details) override { 1155 std::unique_ptr<ProofSource::Details> details) override {
1230 if (ok) { 1156 if (ok) {
1231 crypto_proof_->chain = chain; 1157 signed_config_->chain = chain;
1232 crypto_proof_->signature = signature; 1158 signed_config_->signature = proof.signature;
1233 crypto_proof_->cert_sct = leaf_cert_sct; 1159 signed_config_->cert_sct = proof.leaf_cert_scts;
1160 signed_config_->send_expect_ct_header = proof.send_expect_ct_header;
1234 } 1161 }
1235 config_.EvaluateClientHelloAfterGetProof( 1162 config_.EvaluateClientHelloAfterGetProof(
1236 found_error_, server_ip_, version_, requested_config_, primary_config_, 1163 found_error_, server_ip_, version_, requested_config_, primary_config_,
1237 crypto_proof_, std::move(details), !ok, client_hello_state_, 1164 signed_config_, std::move(details), !ok, client_hello_state_,
1238 std::move(done_cb_)); 1165 std::move(done_cb_));
1239 } 1166 }
1240 1167
1241 private: 1168 private:
1242 const QuicCryptoServerConfig& config_; 1169 const QuicCryptoServerConfig& config_;
1243 const bool found_error_; 1170 const bool found_error_;
1244 const IPAddress& server_ip_; 1171 const IPAddress& server_ip_;
1245 const QuicVersion version_; 1172 const QuicVersion version_;
1246 const scoped_refptr<QuicCryptoServerConfig::Config> requested_config_; 1173 const scoped_refptr<QuicCryptoServerConfig::Config> requested_config_;
1247 const scoped_refptr<QuicCryptoServerConfig::Config> primary_config_; 1174 const scoped_refptr<QuicCryptoServerConfig::Config> primary_config_;
1248 scoped_refptr<QuicCryptoProof> crypto_proof_; 1175 scoped_refptr<QuicSignedServerConfig> signed_config_;
1249 scoped_refptr<ValidateClientHelloResultCallback::Result> client_hello_state_; 1176 scoped_refptr<ValidateClientHelloResultCallback::Result> client_hello_state_;
1250 std::unique_ptr<ValidateClientHelloResultCallback> done_cb_; 1177 std::unique_ptr<ValidateClientHelloResultCallback> done_cb_;
1251 }; 1178 };
1252 1179
1253 void QuicCryptoServerConfig::EvaluateClientHello( 1180 void QuicCryptoServerConfig::EvaluateClientHello(
1254 const IPAddress& server_ip, 1181 const IPAddress& server_ip,
1255 QuicVersion version, 1182 QuicVersion version,
1256 scoped_refptr<Config> requested_config, 1183 scoped_refptr<Config> requested_config,
1257 scoped_refptr<Config> primary_config, 1184 scoped_refptr<Config> primary_config,
1258 scoped_refptr<QuicCryptoProof> crypto_proof, 1185 scoped_refptr<QuicSignedServerConfig> signed_config,
1259 scoped_refptr<ValidateClientHelloResultCallback::Result> client_hello_state, 1186 scoped_refptr<ValidateClientHelloResultCallback::Result> client_hello_state,
1260 std::unique_ptr<ValidateClientHelloResultCallback> done_cb) const { 1187 std::unique_ptr<ValidateClientHelloResultCallback> done_cb) const {
1261 ValidateClientHelloHelper helper(client_hello_state, &done_cb); 1188 ValidateClientHelloHelper helper(client_hello_state, &done_cb);
1262 1189
1263 const CryptoHandshakeMessage& client_hello = client_hello_state->client_hello; 1190 const CryptoHandshakeMessage& client_hello = client_hello_state->client_hello;
1264 ClientHelloInfo* info = &(client_hello_state->info); 1191 ClientHelloInfo* info = &(client_hello_state->info);
1265 1192
1266 if (client_hello.size() < kClientHelloMinimumSize) { 1193 if (client_hello.size() < kClientHelloMinimumSize) {
1267 helper.ValidationComplete(QUIC_CRYPTO_INVALID_VALUE_LENGTH, 1194 helper.ValidationComplete(QUIC_CRYPTO_INVALID_VALUE_LENGTH,
1268 "Client hello too small", nullptr); 1195 "Client hello too small", nullptr);
(...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after
1320 info->reject_reasons.push_back(source_address_token_error); 1247 info->reject_reasons.push_back(source_address_token_error);
1321 // No valid source address token. 1248 // No valid source address token.
1322 found_error = true; 1249 found_error = true;
1323 } 1250 }
1324 1251
1325 bool get_proof_failed = false; 1252 bool get_proof_failed = false;
1326 string serialized_config = primary_config->serialized; 1253 string serialized_config = primary_config->serialized;
1327 string chlo_hash; 1254 string chlo_hash;
1328 CryptoUtils::HashHandshakeMessage(client_hello, &chlo_hash); 1255 CryptoUtils::HashHandshakeMessage(client_hello, &chlo_hash);
1329 bool need_proof = true; 1256 bool need_proof = true;
1330 need_proof = !crypto_proof->chain; 1257 need_proof = !signed_config->chain;
1331 const QuicTag* tag_ptr; 1258 const QuicTag* tag_ptr;
1332 size_t num_tags; 1259 size_t num_tags;
1333 QuicTagVector connection_options; 1260 QuicTagVector connection_options;
1334 if (client_hello.GetTaglist(kCOPT, &tag_ptr, &num_tags) == QUIC_NO_ERROR) { 1261 if (client_hello.GetTaglist(kCOPT, &tag_ptr, &num_tags) == QUIC_NO_ERROR) {
1335 connection_options.assign(tag_ptr, tag_ptr + num_tags); 1262 connection_options.assign(tag_ptr, tag_ptr + num_tags);
1336 } 1263 }
1337 if (FLAGS_enable_async_get_proof) { 1264 if (FLAGS_enable_async_get_proof) {
1338 if (need_proof) { 1265 if (need_proof) {
1339 // Make an async call to GetProof and setup the callback to trampoline 1266 // Make an async call to GetProof and setup the callback to trampoline
1340 // back into EvaluateClientHelloAfterGetProof 1267 // back into EvaluateClientHelloAfterGetProof
1341 std::unique_ptr<EvaluateClientHelloCallback> cb( 1268 std::unique_ptr<EvaluateClientHelloCallback> cb(
1342 new EvaluateClientHelloCallback( 1269 new EvaluateClientHelloCallback(
1343 *this, found_error, server_ip, version, requested_config, 1270 *this, found_error, server_ip, version, requested_config,
1344 primary_config, crypto_proof, client_hello_state, 1271 primary_config, signed_config, client_hello_state,
1345 std::move(done_cb))); 1272 std::move(done_cb)));
1346 proof_source_->GetProof(server_ip, info->sni.as_string(), 1273 proof_source_->GetProof(server_ip, info->sni.as_string(),
1347 serialized_config, version, chlo_hash, 1274 serialized_config, version, chlo_hash,
1348 connection_options, std::move(cb)); 1275 connection_options, std::move(cb));
1349 helper.DetachCallback(); 1276 helper.DetachCallback();
1350 return; 1277 return;
1351 } 1278 }
1352 } 1279 }
1353 1280
1354 // No need to get a new proof if one was already generated. 1281 // No need to get a new proof if one was already generated.
1355 if (need_proof && 1282 if (need_proof) {
1356 !proof_source_->GetProof( 1283 QuicCryptoProof proof;
1357 server_ip, info->sni.as_string(), serialized_config, version, 1284
1358 chlo_hash, connection_options, &crypto_proof->chain, 1285 if (proof_source_->GetProof(
1359 &crypto_proof->signature, &crypto_proof->cert_sct)) { 1286 server_ip, info->sni.as_string(), serialized_config, version,
1360 get_proof_failed = true; 1287 chlo_hash, connection_options, &signed_config->chain, &proof)) {
1288 signed_config->signature = proof.signature;
1289 signed_config->cert_sct = proof.leaf_cert_scts;
1290 } else {
1291 get_proof_failed = true;
1292 }
1361 } 1293 }
1362 1294
1363 // Details are null because the synchronous version of GetProof does not 1295 // Details are null because the synchronous version of GetProof does not
1364 // return any stats. Eventually the synchronous codepath will be eliminated. 1296 // return any stats. Eventually the synchronous codepath will be eliminated.
1365 EvaluateClientHelloAfterGetProof( 1297 EvaluateClientHelloAfterGetProof(
1366 found_error, server_ip, version, requested_config, primary_config, 1298 found_error, server_ip, version, requested_config, primary_config,
1367 crypto_proof, nullptr /* proof_source_details */, get_proof_failed, 1299 signed_config, nullptr /* proof_source_details */, get_proof_failed,
1368 client_hello_state, std::move(done_cb)); 1300 client_hello_state, std::move(done_cb));
1369 helper.DetachCallback(); 1301 helper.DetachCallback();
1370 } 1302 }
1371 1303
1372 void QuicCryptoServerConfig::EvaluateClientHelloAfterGetProof( 1304 void QuicCryptoServerConfig::EvaluateClientHelloAfterGetProof(
1373 bool found_error, 1305 bool found_error,
1374 const IPAddress& server_ip, 1306 const IPAddress& server_ip,
1375 QuicVersion version, 1307 QuicVersion version,
1376 scoped_refptr<Config> requested_config, 1308 scoped_refptr<Config> requested_config,
1377 scoped_refptr<Config> primary_config, 1309 scoped_refptr<Config> primary_config,
1378 scoped_refptr<QuicCryptoProof> crypto_proof, 1310 scoped_refptr<QuicSignedServerConfig> signed_config,
1379 std::unique_ptr<ProofSource::Details> proof_source_details, 1311 std::unique_ptr<ProofSource::Details> proof_source_details,
1380 bool get_proof_failed, 1312 bool get_proof_failed,
1381 scoped_refptr<ValidateClientHelloResultCallback::Result> client_hello_state, 1313 scoped_refptr<ValidateClientHelloResultCallback::Result> client_hello_state,
1382 std::unique_ptr<ValidateClientHelloResultCallback> done_cb) const { 1314 std::unique_ptr<ValidateClientHelloResultCallback> done_cb) const {
1383 ValidateClientHelloHelper helper(client_hello_state, &done_cb); 1315 ValidateClientHelloHelper helper(client_hello_state, &done_cb);
1384 const CryptoHandshakeMessage& client_hello = client_hello_state->client_hello; 1316 const CryptoHandshakeMessage& client_hello = client_hello_state->client_hello;
1385 ClientHelloInfo* info = &(client_hello_state->info); 1317 ClientHelloInfo* info = &(client_hello_state->info);
1386 1318
1387 if (get_proof_failed) { 1319 if (get_proof_failed) {
1388 found_error = true;
1389 info->reject_reasons.push_back(SERVER_CONFIG_UNKNOWN_CONFIG_FAILURE); 1320 info->reject_reasons.push_back(SERVER_CONFIG_UNKNOWN_CONFIG_FAILURE);
1390 } 1321 }
1391 1322
1392 if (!ValidateExpectedLeafCertificate(client_hello, *crypto_proof)) { 1323 if (!ValidateExpectedLeafCertificate(client_hello, *signed_config)) {
1393 found_error = true;
1394 info->reject_reasons.push_back(INVALID_EXPECTED_LEAF_CERTIFICATE); 1324 info->reject_reasons.push_back(INVALID_EXPECTED_LEAF_CERTIFICATE);
1395 } 1325 }
1396 1326
1397 if (info->client_nonce.size() != kNonceSize) { 1327 if (info->client_nonce.size() != kNonceSize) {
1398 info->reject_reasons.push_back(CLIENT_NONCE_INVALID_FAILURE); 1328 info->reject_reasons.push_back(CLIENT_NONCE_INVALID_FAILURE);
1399 // Invalid client nonce. 1329 // Invalid client nonce.
1400 LOG(ERROR) << "Invalid client nonce: " << client_hello.DebugString(); 1330 LOG(ERROR) << "Invalid client nonce: " << client_hello.DebugString();
1401 DVLOG(1) << "Invalid client nonce."; 1331 DVLOG(1) << "Invalid client nonce.";
1402 found_error = true;
1403 } 1332 }
1404 1333
1405 // Server nonce is optional, and used for key derivation if present. 1334 // Server nonce is optional, and used for key derivation if present.
1406 client_hello.GetStringPiece(kServerNonceTag, &info->server_nonce); 1335 client_hello.GetStringPiece(kServerNonceTag, &info->server_nonce);
1407 1336
1408 if (version > QUIC_VERSION_32) { 1337 DVLOG(1) << "No 0-RTT replay protection in QUIC_VERSION_33 and higher.";
1409 DVLOG(1) << "No 0-RTT replay protection in QUIC_VERSION_33 and higher."; 1338 // If the server nonce is empty and we're requiring handshake confirmation
1410 // If the server nonce is empty and we're requiring handshake confirmation 1339 // for DoS reasons then we must reject the CHLO.
1411 // for DoS reasons then we must reject the CHLO. 1340 if (FLAGS_quic_require_handshake_confirmation && info->server_nonce.empty()) {
1412 if (FLAGS_quic_require_handshake_confirmation && 1341 info->reject_reasons.push_back(SERVER_NONCE_REQUIRED_FAILURE);
1413 info->server_nonce.empty()) {
1414 info->reject_reasons.push_back(SERVER_NONCE_REQUIRED_FAILURE);
1415 }
1416 helper.ValidationComplete(QUIC_NO_ERROR, "",
1417 std::move(proof_source_details));
1418 return;
1419 } 1342 }
1420 1343 helper.ValidationComplete(QUIC_NO_ERROR, "", std::move(proof_source_details));
1421 if (!replay_protection_) {
1422 DVLOG(1) << "No replay protection.";
1423 helper.ValidationComplete(QUIC_NO_ERROR, "",
1424 std::move(proof_source_details));
1425 return;
1426 }
1427
1428 if (!info->server_nonce.empty()) {
1429 // If the server nonce is present, use it to establish uniqueness.
1430 HandshakeFailureReason server_nonce_error =
1431 ValidateServerNonce(info->server_nonce, info->now);
1432 bool is_unique = server_nonce_error == HANDSHAKE_OK;
1433 if (!is_unique) {
1434 info->reject_reasons.push_back(server_nonce_error);
1435 }
1436 DVLOG(1) << "Using server nonce, unique: " << is_unique;
1437 helper.ValidationComplete(QUIC_NO_ERROR, "",
1438 std::move(proof_source_details));
1439 return;
1440 }
1441 // If we hit this block, the server nonce was empty. If we're requiring
1442 // handshake confirmation for DoS reasons and there's no server nonce present,
1443 // reject the CHLO.
1444 if (FLAGS_quic_require_handshake_confirmation ||
1445 FLAGS_quic_require_handshake_confirmation_pre33) {
1446 info->reject_reasons.push_back(SERVER_NONCE_REQUIRED_FAILURE);
1447 helper.ValidationComplete(QUIC_NO_ERROR, "",
1448 std::move(proof_source_details));
1449 return;
1450 }
1451
1452 // We want to contact strike register only if there are no errors because it
1453 // is a RPC call and is expensive.
1454 if (found_error) {
1455 helper.ValidationComplete(QUIC_NO_ERROR, "",
1456 std::move(proof_source_details));
1457 return;
1458 }
1459
1460 // Use the client nonce to establish uniqueness.
1461 StrikeRegisterClient* strike_register_client;
1462 {
1463 base::AutoLock locked(strike_register_client_lock_);
1464 strike_register_client = strike_register_client_.get();
1465 }
1466
1467 if (!strike_register_client) {
1468 // Either a valid server nonces or a strike register is required.
1469 // Since neither are present, reject the handshake which will send a
1470 // server nonce to the client.
1471 info->reject_reasons.push_back(SERVER_NONCE_REQUIRED_FAILURE);
1472 helper.ValidationComplete(QUIC_NO_ERROR, "",
1473 std::move(proof_source_details));
1474 return;
1475 }
1476
1477 strike_register_client->VerifyNonceIsValidAndUnique(
1478 info->client_nonce, info->now,
1479 new VerifyNonceIsValidAndUniqueCallback(client_hello_state,
1480 std::move(proof_source_details),
1481 std::move(done_cb)));
1482 helper.DetachCallback();
1483 } 1344 }
1484 1345
1485 bool QuicCryptoServerConfig::BuildServerConfigUpdateMessage( 1346 bool QuicCryptoServerConfig::BuildServerConfigUpdateMessage(
1486 QuicVersion version, 1347 QuicVersion version,
1487 StringPiece chlo_hash, 1348 StringPiece chlo_hash,
1488 const SourceAddressTokens& previous_source_address_tokens, 1349 const SourceAddressTokens& previous_source_address_tokens,
1489 const IPAddress& server_ip, 1350 const IPAddress& server_ip,
1490 const IPAddress& client_ip, 1351 const IPAddress& client_ip,
1491 const QuicClock* clock, 1352 const QuicClock* clock,
1492 QuicRandom* rand, 1353 QuicRandom* rand,
(...skipping 16 matching lines...) Expand all
1509 clock->WallNow(), cached_network_params); 1370 clock->WallNow(), cached_network_params);
1510 } 1371 }
1511 1372
1512 out->set_tag(kSCUP); 1373 out->set_tag(kSCUP);
1513 out->SetStringPiece(kSCFG, serialized); 1374 out->SetStringPiece(kSCFG, serialized);
1514 out->SetStringPiece(kSourceAddressTokenTag, source_address_token); 1375 out->SetStringPiece(kSourceAddressTokenTag, source_address_token);
1515 out->SetValue(kSTTL, 1376 out->SetValue(kSTTL,
1516 expiry_time.AbsoluteDifference(clock->WallNow()).ToSeconds()); 1377 expiry_time.AbsoluteDifference(clock->WallNow()).ToSeconds());
1517 1378
1518 scoped_refptr<ProofSource::Chain> chain; 1379 scoped_refptr<ProofSource::Chain> chain;
1519 string signature; 1380 QuicCryptoProof proof;
1520 string cert_sct;
1521 if (!proof_source_->GetProof(server_ip, params.sni, serialized, version, 1381 if (!proof_source_->GetProof(server_ip, params.sni, serialized, version,
1522 chlo_hash, connection_options, &chain, 1382 chlo_hash, connection_options, &chain, &proof)) {
1523 &signature, &cert_sct)) {
1524 DVLOG(1) << "Server: failed to get proof."; 1383 DVLOG(1) << "Server: failed to get proof.";
1525 return false; 1384 return false;
1526 } 1385 }
1527 1386
1528 const string compressed = CompressChain( 1387 const string compressed = CompressChain(
1529 compressed_certs_cache, chain, params.client_common_set_hashes, 1388 compressed_certs_cache, chain, params.client_common_set_hashes,
1530 params.client_cached_cert_hashes, common_cert_sets); 1389 params.client_cached_cert_hashes, common_cert_sets);
1531 1390
1532 out->SetStringPiece(kCertificateTag, compressed); 1391 out->SetStringPiece(kCertificateTag, compressed);
1533 out->SetStringPiece(kPROF, signature); 1392 out->SetStringPiece(kPROF, proof.signature);
1534 if (params.sct_supported_by_client && enable_serving_sct_) { 1393 if (params.sct_supported_by_client && enable_serving_sct_) {
1535 if (cert_sct.empty()) { 1394 if (proof.leaf_cert_scts.empty()) {
1536 DLOG(WARNING) << "SCT is expected but it is empty. sni: " << params.sni 1395 DLOG(WARNING) << "SCT is expected but it is empty. sni: " << params.sni
1537 << " server_ip: " << server_ip.ToString(); 1396 << " server_ip: " << server_ip.ToString();
1538 } else { 1397 } else {
1539 out->SetStringPiece(kCertificateSCTTag, cert_sct); 1398 out->SetStringPiece(kCertificateSCTTag, proof.leaf_cert_scts);
1540 } 1399 }
1541 } 1400 }
1542 return true; 1401 return true;
1543 } 1402 }
1544 1403
1545 void QuicCryptoServerConfig::BuildServerConfigUpdateMessage( 1404 void QuicCryptoServerConfig::BuildServerConfigUpdateMessage(
1546 QuicVersion version, 1405 QuicVersion version,
1547 StringPiece chlo_hash, 1406 StringPiece chlo_hash,
1548 const SourceAddressTokens& previous_source_address_tokens, 1407 const SourceAddressTokens& previous_source_address_tokens,
1549 const IPAddress& server_ip, 1408 const IPAddress& server_ip,
(...skipping 55 matching lines...) Expand 10 before | Expand all | Expand 10 after
1605 common_cert_sets_(common_cert_sets), 1464 common_cert_sets_(common_cert_sets),
1606 client_common_set_hashes_(params.client_common_set_hashes), 1465 client_common_set_hashes_(params.client_common_set_hashes),
1607 client_cached_cert_hashes_(params.client_cached_cert_hashes), 1466 client_cached_cert_hashes_(params.client_cached_cert_hashes),
1608 sct_supported_by_client_(params.sct_supported_by_client), 1467 sct_supported_by_client_(params.sct_supported_by_client),
1609 message_(std::move(message)), 1468 message_(std::move(message)),
1610 cb_(std::move(cb)) {} 1469 cb_(std::move(cb)) {}
1611 1470
1612 void QuicCryptoServerConfig::BuildServerConfigUpdateMessageProofSourceCallback:: 1471 void QuicCryptoServerConfig::BuildServerConfigUpdateMessageProofSourceCallback::
1613 Run(bool ok, 1472 Run(bool ok,
1614 const scoped_refptr<ProofSource::Chain>& chain, 1473 const scoped_refptr<ProofSource::Chain>& chain,
1615 const string& signature, 1474 const QuicCryptoProof& proof,
1616 const string& leaf_cert_sct,
1617 std::unique_ptr<ProofSource::Details> details) { 1475 std::unique_ptr<ProofSource::Details> details) {
1618 config_->FinishBuildServerConfigUpdateMessage( 1476 config_->FinishBuildServerConfigUpdateMessage(
1619 version_, compressed_certs_cache_, common_cert_sets_, 1477 version_, compressed_certs_cache_, common_cert_sets_,
1620 client_common_set_hashes_, client_cached_cert_hashes_, 1478 client_common_set_hashes_, client_cached_cert_hashes_,
1621 sct_supported_by_client_, ok, chain, signature, leaf_cert_sct, 1479 sct_supported_by_client_, ok, chain, proof.signature,
1622 std::move(details), std::move(message_), std::move(cb_)); 1480 proof.leaf_cert_scts, std::move(details), std::move(message_),
1481 std::move(cb_));
1623 } 1482 }
1624 1483
1625 void QuicCryptoServerConfig::FinishBuildServerConfigUpdateMessage( 1484 void QuicCryptoServerConfig::FinishBuildServerConfigUpdateMessage(
1626 QuicVersion version, 1485 QuicVersion version,
1627 QuicCompressedCertsCache* compressed_certs_cache, 1486 QuicCompressedCertsCache* compressed_certs_cache,
1628 const CommonCertSets* common_cert_sets, 1487 const CommonCertSets* common_cert_sets,
1629 const string& client_common_set_hashes, 1488 const string& client_common_set_hashes,
1630 const string& client_cached_cert_hashes, 1489 const string& client_cached_cert_hashes,
1631 bool sct_supported_by_client, 1490 bool sct_supported_by_client,
1632 bool ok, 1491 bool ok,
(...skipping 30 matching lines...) Expand all
1663 QuicWallTime now, 1522 QuicWallTime now,
1664 const Config& config, 1523 const Config& config,
1665 const CryptoHandshakeMessage& client_hello, 1524 const CryptoHandshakeMessage& client_hello,
1666 const ClientHelloInfo& info, 1525 const ClientHelloInfo& info,
1667 const CachedNetworkParameters& cached_network_params, 1526 const CachedNetworkParameters& cached_network_params,
1668 bool use_stateless_rejects, 1527 bool use_stateless_rejects,
1669 QuicConnectionId server_designated_connection_id, 1528 QuicConnectionId server_designated_connection_id,
1670 QuicRandom* rand, 1529 QuicRandom* rand,
1671 QuicCompressedCertsCache* compressed_certs_cache, 1530 QuicCompressedCertsCache* compressed_certs_cache,
1672 scoped_refptr<QuicCryptoNegotiatedParameters> params, 1531 scoped_refptr<QuicCryptoNegotiatedParameters> params,
1673 const QuicCryptoProof& crypto_proof, 1532 const QuicSignedServerConfig& signed_config,
1674 QuicByteCount total_framing_overhead, 1533 QuicByteCount total_framing_overhead,
1675 QuicByteCount chlo_packet_size, 1534 QuicByteCount chlo_packet_size,
1676 CryptoHandshakeMessage* out) const { 1535 CryptoHandshakeMessage* out) const {
1677 if (FLAGS_enable_quic_stateless_reject_support && use_stateless_rejects) { 1536 if (FLAGS_enable_quic_stateless_reject_support && use_stateless_rejects) {
1678 DVLOG(1) << "QUIC Crypto server config returning stateless reject " 1537 DVLOG(1) << "QUIC Crypto server config returning stateless reject "
1679 << "with server-designated connection ID " 1538 << "with server-designated connection ID "
1680 << server_designated_connection_id; 1539 << server_designated_connection_id;
1681 out->set_tag(kSREJ); 1540 out->set_tag(kSREJ);
1682 out->SetValue(kRCID, server_designated_connection_id); 1541 out->SetValue(kRCID, server_designated_connection_id);
1683 } else { 1542 } else {
(...skipping 23 matching lines...) Expand all
1707 if (client_hello.GetStringPiece(kCCS, &client_common_set_hashes)) { 1566 if (client_hello.GetStringPiece(kCCS, &client_common_set_hashes)) {
1708 params->client_common_set_hashes = client_common_set_hashes.as_string(); 1567 params->client_common_set_hashes = client_common_set_hashes.as_string();
1709 } 1568 }
1710 1569
1711 StringPiece client_cached_cert_hashes; 1570 StringPiece client_cached_cert_hashes;
1712 if (client_hello.GetStringPiece(kCCRT, &client_cached_cert_hashes)) { 1571 if (client_hello.GetStringPiece(kCCRT, &client_cached_cert_hashes)) {
1713 params->client_cached_cert_hashes = client_cached_cert_hashes.as_string(); 1572 params->client_cached_cert_hashes = client_cached_cert_hashes.as_string();
1714 } 1573 }
1715 1574
1716 const string compressed = 1575 const string compressed =
1717 CompressChain(compressed_certs_cache, crypto_proof.chain, 1576 CompressChain(compressed_certs_cache, signed_config.chain,
1718 params->client_common_set_hashes, 1577 params->client_common_set_hashes,
1719 params->client_cached_cert_hashes, config.common_cert_sets); 1578 params->client_cached_cert_hashes, config.common_cert_sets);
1720 1579
1721 DCHECK_GT(chlo_packet_size, client_hello.size()); 1580 DCHECK_GT(chlo_packet_size, client_hello.size());
1722 // kREJOverheadBytes is a very rough estimate of how much of a REJ 1581 // kREJOverheadBytes is a very rough estimate of how much of a REJ
1723 // message is taken up by things other than the certificates. 1582 // message is taken up by things other than the certificates.
1724 // STK: 56 bytes 1583 // STK: 56 bytes
1725 // SNO: 56 bytes 1584 // SNO: 56 bytes
1726 // SCFG 1585 // SCFG
1727 // SCID: 16 bytes 1586 // SCID: 16 bytes
1728 // PUBS: 38 bytes 1587 // PUBS: 38 bytes
1729 const size_t kREJOverheadBytes = 166; 1588 const size_t kREJOverheadBytes = 166;
1730 // max_unverified_size is the number of bytes that the certificate chain, 1589 // max_unverified_size is the number of bytes that the certificate chain,
1731 // signature, and (optionally) signed certificate timestamp can consume before 1590 // signature, and (optionally) signed certificate timestamp can consume before
1732 // we will demand a valid source-address token. 1591 // we will demand a valid source-address token.
1733 const size_t max_unverified_size = 1592 const size_t max_unverified_size =
1734 chlo_multiplier_ * (chlo_packet_size - total_framing_overhead) - 1593 chlo_multiplier_ * (chlo_packet_size - total_framing_overhead) -
1735 kREJOverheadBytes; 1594 kREJOverheadBytes;
1736 static_assert(kClientHelloMinimumSize * kMultiplier >= kREJOverheadBytes, 1595 static_assert(kClientHelloMinimumSize * kMultiplier >= kREJOverheadBytes,
1737 "overhead calculation may underflow"); 1596 "overhead calculation may underflow");
1738 bool should_return_sct = 1597 bool should_return_sct =
1739 params->sct_supported_by_client && enable_serving_sct_; 1598 params->sct_supported_by_client && enable_serving_sct_;
1740 const size_t sct_size = should_return_sct ? crypto_proof.cert_sct.size() : 0; 1599 const size_t sct_size = should_return_sct ? signed_config.cert_sct.size() : 0;
1741 const size_t total_size = 1600 const size_t total_size =
1742 crypto_proof.signature.size() + compressed.size() + sct_size; 1601 signed_config.signature.size() + compressed.size() + sct_size;
1743 if (info.valid_source_address_token || total_size < max_unverified_size) { 1602 if (info.valid_source_address_token || total_size < max_unverified_size) {
1744 out->SetStringPiece(kCertificateTag, compressed); 1603 out->SetStringPiece(kCertificateTag, compressed);
1745 out->SetStringPiece(kPROF, crypto_proof.signature); 1604 out->SetStringPiece(kPROF, signed_config.signature);
1746 if (should_return_sct) { 1605 if (should_return_sct) {
1747 if (crypto_proof.cert_sct.empty()) { 1606 if (signed_config.cert_sct.empty()) {
1748 DLOG(WARNING) << "SCT is expected but it is empty."; 1607 DLOG(WARNING) << "SCT is expected but it is empty.";
1749 } else { 1608 } else {
1750 out->SetStringPiece(kCertificateSCTTag, crypto_proof.cert_sct); 1609 out->SetStringPiece(kCertificateSCTTag, signed_config.cert_sct);
1751 } 1610 }
1752 } 1611 }
1753 } else { 1612 } else {
1754 DLOG(WARNING) << "Sending inchoate REJ for hostname: " << info.sni 1613 DLOG(WARNING) << "Sending inchoate REJ for hostname: " << info.sni
1755 << " signature: " << crypto_proof.signature.size() 1614 << " signature: " << signed_config.signature.size()
1756 << " cert: " << compressed.size() << " sct:" << sct_size 1615 << " cert: " << compressed.size() << " sct:" << sct_size
1757 << " total: " << total_size 1616 << " total: " << total_size
1758 << " max: " << max_unverified_size; 1617 << " max: " << max_unverified_size;
1759 } 1618 }
1760 } 1619 }
1761 1620
1762 string QuicCryptoServerConfig::CompressChain( 1621 string QuicCryptoServerConfig::CompressChain(
1763 QuicCompressedCertsCache* compressed_certs_cache, 1622 QuicCompressedCertsCache* compressed_certs_cache,
1764 const scoped_refptr<ProofSource::Chain>& chain, 1623 const scoped_refptr<ProofSource::Chain>& chain,
1765 const string& client_common_set_hashes, 1624 const string& client_common_set_hashes,
(...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after
1812 return nullptr; 1671 return nullptr;
1813 } 1672 }
1814 config->id = scid.as_string(); 1673 config->id = scid.as_string();
1815 1674
1816 const QuicTag* aead_tags; 1675 const QuicTag* aead_tags;
1817 size_t aead_len; 1676 size_t aead_len;
1818 if (msg->GetTaglist(kAEAD, &aead_tags, &aead_len) != QUIC_NO_ERROR) { 1677 if (msg->GetTaglist(kAEAD, &aead_tags, &aead_len) != QUIC_NO_ERROR) {
1819 LOG(WARNING) << "Server config message is missing AEAD"; 1678 LOG(WARNING) << "Server config message is missing AEAD";
1820 return nullptr; 1679 return nullptr;
1821 } 1680 }
1822 config->aead = vector<QuicTag>(aead_tags, aead_tags + aead_len); 1681 config->aead = std::vector<QuicTag>(aead_tags, aead_tags + aead_len);
1823 1682
1824 const QuicTag* kexs_tags; 1683 const QuicTag* kexs_tags;
1825 size_t kexs_len; 1684 size_t kexs_len;
1826 if (msg->GetTaglist(kKEXS, &kexs_tags, &kexs_len) != QUIC_NO_ERROR) { 1685 if (msg->GetTaglist(kKEXS, &kexs_tags, &kexs_len) != QUIC_NO_ERROR) {
1827 LOG(WARNING) << "Server config message is missing KEXS"; 1686 LOG(WARNING) << "Server config message is missing KEXS";
1828 return nullptr; 1687 return nullptr;
1829 } 1688 }
1830 1689
1831 const QuicTag* tbkp_tags; 1690 const QuicTag* tbkp_tags;
1832 size_t tbkp_len; 1691 size_t tbkp_len;
1833 QuicErrorCode err; 1692 QuicErrorCode err;
1834 if ((err = msg->GetTaglist(kTBKP, &tbkp_tags, &tbkp_len)) != 1693 if ((err = msg->GetTaglist(kTBKP, &tbkp_tags, &tbkp_len)) !=
1835 QUIC_CRYPTO_MESSAGE_PARAMETER_NOT_FOUND && 1694 QUIC_CRYPTO_MESSAGE_PARAMETER_NOT_FOUND &&
1836 err != QUIC_NO_ERROR) { 1695 err != QUIC_NO_ERROR) {
1837 LOG(WARNING) << "Server config message is missing or has invalid TBKP"; 1696 LOG(WARNING) << "Server config message is missing or has invalid TBKP";
1838 return nullptr; 1697 return nullptr;
1839 } 1698 }
1840 config->tb_key_params = vector<QuicTag>(tbkp_tags, tbkp_tags + tbkp_len); 1699 config->tb_key_params = std::vector<QuicTag>(tbkp_tags, tbkp_tags + tbkp_len);
1841 1700
1842 StringPiece orbit; 1701 StringPiece orbit;
1843 if (!msg->GetStringPiece(kORBT, &orbit)) { 1702 if (!msg->GetStringPiece(kORBT, &orbit)) {
1844 LOG(WARNING) << "Server config message is missing ORBT"; 1703 LOG(WARNING) << "Server config message is missing ORBT";
1845 return nullptr; 1704 return nullptr;
1846 } 1705 }
1847 1706
1848 if (orbit.size() != kOrbitSize) { 1707 if (orbit.size() != kOrbitSize) {
1849 LOG(WARNING) << "Orbit value in server config is the wrong length." 1708 LOG(WARNING) << "Orbit value in server config is the wrong length."
1850 " Got " 1709 " Got "
1851 << orbit.size() << " want " << kOrbitSize; 1710 << orbit.size() << " want " << kOrbitSize;
1852 return nullptr; 1711 return nullptr;
1853 } 1712 }
1854 static_assert(sizeof(config->orbit) == kOrbitSize, 1713 static_assert(sizeof(config->orbit) == kOrbitSize,
1855 "orbit has incorrect size"); 1714 "orbit has incorrect size");
1856 memcpy(config->orbit, orbit.data(), sizeof(config->orbit)); 1715 memcpy(config->orbit, orbit.data(), sizeof(config->orbit));
1857 1716
1858 {
1859 StrikeRegisterClient* strike_register_client;
1860 {
1861 base::AutoLock locked(strike_register_client_lock_);
1862 strike_register_client = strike_register_client_.get();
1863 }
1864
1865 if (strike_register_client != nullptr &&
1866 !strike_register_client->IsKnownOrbit(orbit)) {
1867 LOG(WARNING)
1868 << "Rejecting server config with orbit that the strike register "
1869 "client doesn't know about.";
1870 return nullptr;
1871 }
1872 }
1873
1874 if (kexs_len != protobuf->key_size()) { 1717 if (kexs_len != protobuf->key_size()) {
1875 LOG(WARNING) << "Server config has " << kexs_len 1718 LOG(WARNING) << "Server config has " << kexs_len
1876 << " key exchange methods configured, but " 1719 << " key exchange methods configured, but "
1877 << protobuf->key_size() << " private keys"; 1720 << protobuf->key_size() << " private keys";
1878 return nullptr; 1721 return nullptr;
1879 } 1722 }
1880 1723
1881 const QuicTag* proof_demand_tags; 1724 const QuicTag* proof_demand_tags;
1882 size_t num_proof_demand_tags; 1725 size_t num_proof_demand_tags;
1883 if (msg->GetTaglist(kPDMD, &proof_demand_tags, &num_proof_demand_tags) == 1726 if (msg->GetTaglist(kPDMD, &proof_demand_tags, &num_proof_demand_tags) ==
(...skipping 70 matching lines...) Expand 10 before | Expand all | Expand 10 after
1954 config->expiry_time = QuicWallTime::FromUNIXSeconds(expiry_seconds); 1797 config->expiry_time = QuicWallTime::FromUNIXSeconds(expiry_seconds);
1955 1798
1956 return config; 1799 return config;
1957 } 1800 }
1958 1801
1959 void QuicCryptoServerConfig::SetEphemeralKeySource( 1802 void QuicCryptoServerConfig::SetEphemeralKeySource(
1960 EphemeralKeySource* ephemeral_key_source) { 1803 EphemeralKeySource* ephemeral_key_source) {
1961 ephemeral_key_source_.reset(ephemeral_key_source); 1804 ephemeral_key_source_.reset(ephemeral_key_source);
1962 } 1805 }
1963 1806
1964 void QuicCryptoServerConfig::SetStrikeRegisterClient(
1965 StrikeRegisterClient* strike_register_client) {
1966 base::AutoLock locker(strike_register_client_lock_);
1967 DCHECK(!strike_register_client_.get());
1968 strike_register_client_.reset(strike_register_client);
1969 }
1970
1971 void QuicCryptoServerConfig::set_replay_protection(bool on) { 1807 void QuicCryptoServerConfig::set_replay_protection(bool on) {
1972 replay_protection_ = on; 1808 replay_protection_ = on;
1973 } 1809 }
1974 1810
1975 void QuicCryptoServerConfig::set_chlo_multiplier(size_t multiplier) { 1811 void QuicCryptoServerConfig::set_chlo_multiplier(size_t multiplier) {
1976 chlo_multiplier_ = multiplier; 1812 chlo_multiplier_ = multiplier;
1977 } 1813 }
1978 1814
1979 void QuicCryptoServerConfig::set_strike_register_no_startup_period() {
1980 base::AutoLock locker(strike_register_client_lock_);
1981 DCHECK(!strike_register_client_.get());
1982 strike_register_no_startup_period_ = true;
1983 }
1984
1985 void QuicCryptoServerConfig::set_strike_register_max_entries(
1986 uint32_t max_entries) {
1987 base::AutoLock locker(strike_register_client_lock_);
1988 DCHECK(!strike_register_client_.get());
1989 strike_register_max_entries_ = max_entries;
1990 }
1991
1992 void QuicCryptoServerConfig::set_strike_register_window_secs(
1993 uint32_t window_secs) {
1994 base::AutoLock locker(strike_register_client_lock_);
1995 DCHECK(!strike_register_client_.get());
1996 strike_register_window_secs_ = window_secs;
1997 }
1998
1999 void QuicCryptoServerConfig::set_source_address_token_future_secs( 1815 void QuicCryptoServerConfig::set_source_address_token_future_secs(
2000 uint32_t future_secs) { 1816 uint32_t future_secs) {
2001 source_address_token_future_secs_ = future_secs; 1817 source_address_token_future_secs_ = future_secs;
2002 } 1818 }
2003 1819
2004 void QuicCryptoServerConfig::set_source_address_token_lifetime_secs( 1820 void QuicCryptoServerConfig::set_source_address_token_lifetime_secs(
2005 uint32_t lifetime_secs) { 1821 uint32_t lifetime_secs) {
2006 source_address_token_lifetime_secs_ = lifetime_secs; 1822 source_address_token_lifetime_secs_ = lifetime_secs;
2007 } 1823 }
2008 1824
2009 void QuicCryptoServerConfig::set_server_nonce_strike_register_max_entries(
2010 uint32_t max_entries) {
2011 DCHECK(!server_nonce_strike_register_.get());
2012 server_nonce_strike_register_max_entries_ = max_entries;
2013 }
2014
2015 void QuicCryptoServerConfig::set_server_nonce_strike_register_window_secs(
2016 uint32_t window_secs) {
2017 DCHECK(!server_nonce_strike_register_.get());
2018 server_nonce_strike_register_window_secs_ = window_secs;
2019 }
2020
2021 void QuicCryptoServerConfig::set_enable_serving_sct(bool enable_serving_sct) { 1825 void QuicCryptoServerConfig::set_enable_serving_sct(bool enable_serving_sct) {
2022 enable_serving_sct_ = enable_serving_sct; 1826 enable_serving_sct_ = enable_serving_sct;
2023 } 1827 }
2024 1828
2025 void QuicCryptoServerConfig::AcquirePrimaryConfigChangedCb( 1829 void QuicCryptoServerConfig::AcquirePrimaryConfigChangedCb(
2026 std::unique_ptr<PrimaryConfigChangedCallback> cb) { 1830 std::unique_ptr<PrimaryConfigChangedCallback> cb) {
2027 base::AutoLock locked(configs_lock_); 1831 base::AutoLock locked(configs_lock_);
2028 primary_config_changed_cb_ = std::move(cb); 1832 primary_config_changed_cb_ = std::move(cb);
2029 } 1833 }
2030 1834
(...skipping 134 matching lines...) Expand 10 before | Expand all | Expand 10 after
2165 server_nonce[2] = static_cast<uint8_t>(timestamp >> 8); 1969 server_nonce[2] = static_cast<uint8_t>(timestamp >> 8);
2166 server_nonce[3] = static_cast<uint8_t>(timestamp); 1970 server_nonce[3] = static_cast<uint8_t>(timestamp);
2167 rand->RandBytes(&server_nonce[sizeof(timestamp)], 1971 rand->RandBytes(&server_nonce[sizeof(timestamp)],
2168 sizeof(server_nonce) - sizeof(timestamp)); 1972 sizeof(server_nonce) - sizeof(timestamp));
2169 1973
2170 return server_nonce_boxer_.Box( 1974 return server_nonce_boxer_.Box(
2171 rand, 1975 rand,
2172 StringPiece(reinterpret_cast<char*>(server_nonce), sizeof(server_nonce))); 1976 StringPiece(reinterpret_cast<char*>(server_nonce), sizeof(server_nonce)));
2173 } 1977 }
2174 1978
2175 HandshakeFailureReason QuicCryptoServerConfig::ValidateServerNonce(
2176 StringPiece token,
2177 QuicWallTime now) const {
2178 string storage;
2179 StringPiece plaintext;
2180 if (!server_nonce_boxer_.Unbox(token, &storage, &plaintext)) {
2181 return SERVER_NONCE_DECRYPTION_FAILURE;
2182 }
2183
2184 // plaintext contains:
2185 // uint32_t timestamp
2186 // uint8_t[20] random bytes
2187
2188 if (plaintext.size() != kServerNoncePlaintextSize) {
2189 // This should never happen because the value decrypted correctly.
2190 QUIC_BUG << "Seemingly valid server nonce had incorrect length.";
2191 return SERVER_NONCE_INVALID_FAILURE;
2192 }
2193
2194 uint8_t server_nonce[32];
2195 memcpy(server_nonce, plaintext.data(), 4);
2196 memcpy(server_nonce + 4, server_nonce_orbit_, sizeof(server_nonce_orbit_));
2197 memcpy(server_nonce + 4 + sizeof(server_nonce_orbit_), plaintext.data() + 4,
2198 20);
2199 static_assert(4 + sizeof(server_nonce_orbit_) + 20 == sizeof(server_nonce),
2200 "bad nonce buffer length");
2201
2202 InsertStatus nonce_error;
2203 {
2204 base::AutoLock auto_lock(server_nonce_strike_register_lock_);
2205 if (server_nonce_strike_register_.get() == nullptr) {
2206 server_nonce_strike_register_.reset(new StrikeRegister(
2207 server_nonce_strike_register_max_entries_,
2208 static_cast<uint32_t>(now.ToUNIXSeconds()),
2209 server_nonce_strike_register_window_secs_, server_nonce_orbit_,
2210 StrikeRegister::NO_STARTUP_PERIOD_NEEDED));
2211 }
2212 nonce_error = server_nonce_strike_register_->Insert(
2213 server_nonce, static_cast<uint32_t>(now.ToUNIXSeconds()));
2214 }
2215
2216 switch (nonce_error) {
2217 case NONCE_OK:
2218 return HANDSHAKE_OK;
2219 case NONCE_INVALID_FAILURE:
2220 case NONCE_INVALID_ORBIT_FAILURE:
2221 return SERVER_NONCE_INVALID_FAILURE;
2222 case NONCE_NOT_UNIQUE_FAILURE:
2223 return SERVER_NONCE_NOT_UNIQUE_FAILURE;
2224 case NONCE_INVALID_TIME_FAILURE:
2225 return SERVER_NONCE_INVALID_TIME_FAILURE;
2226 case NONCE_UNKNOWN_FAILURE:
2227 case STRIKE_REGISTER_TIMEOUT:
2228 case STRIKE_REGISTER_FAILURE:
2229 default:
2230 QUIC_BUG << "Unexpected server nonce error: " << nonce_error;
2231 return SERVER_NONCE_NOT_UNIQUE_FAILURE;
2232 }
2233 }
2234
2235 bool QuicCryptoServerConfig::ValidateExpectedLeafCertificate( 1979 bool QuicCryptoServerConfig::ValidateExpectedLeafCertificate(
2236 const CryptoHandshakeMessage& client_hello, 1980 const CryptoHandshakeMessage& client_hello,
2237 const QuicCryptoProof& crypto_proof) const { 1981 const QuicSignedServerConfig& signed_config) const {
2238 if (crypto_proof.chain->certs.empty()) { 1982 if (signed_config.chain->certs.empty()) {
2239 return false; 1983 return false;
2240 } 1984 }
2241 1985
2242 uint64_t hash_from_client; 1986 uint64_t hash_from_client;
2243 if (client_hello.GetUint64(kXLCT, &hash_from_client) != QUIC_NO_ERROR) { 1987 if (client_hello.GetUint64(kXLCT, &hash_from_client) != QUIC_NO_ERROR) {
2244 return false; 1988 return false;
2245 } 1989 }
2246 return CryptoUtils::ComputeLeafCertHash(crypto_proof.chain->certs.at(0)) == 1990 return CryptoUtils::ComputeLeafCertHash(signed_config.chain->certs.at(0)) ==
2247 hash_from_client; 1991 hash_from_client;
2248 } 1992 }
2249 1993
2250 bool QuicCryptoServerConfig::ClientDemandsX509Proof( 1994 bool QuicCryptoServerConfig::ClientDemandsX509Proof(
2251 const CryptoHandshakeMessage& client_hello) const { 1995 const CryptoHandshakeMessage& client_hello) const {
2252 const QuicTag* their_proof_demands; 1996 const QuicTag* their_proof_demands;
2253 size_t num_their_proof_demands; 1997 size_t num_their_proof_demands;
2254 1998
2255 if (client_hello.GetTaglist(kPDMD, &their_proof_demands, 1999 if (client_hello.GetTaglist(kPDMD, &their_proof_demands,
2256 &num_their_proof_demands) != QUIC_NO_ERROR) { 2000 &num_their_proof_demands) != QUIC_NO_ERROR) {
(...skipping 13 matching lines...) Expand all
2270 : channel_id_enabled(false), 2014 : channel_id_enabled(false),
2271 is_primary(false), 2015 is_primary(false),
2272 primary_time(QuicWallTime::Zero()), 2016 primary_time(QuicWallTime::Zero()),
2273 expiry_time(QuicWallTime::Zero()), 2017 expiry_time(QuicWallTime::Zero()),
2274 priority(0), 2018 priority(0),
2275 source_address_token_boxer(nullptr) {} 2019 source_address_token_boxer(nullptr) {}
2276 2020
2277 QuicCryptoServerConfig::Config::~Config() { 2021 QuicCryptoServerConfig::Config::~Config() {
2278 } 2022 }
2279 2023
2280 QuicCryptoProof::QuicCryptoProof() {} 2024 QuicSignedServerConfig::QuicSignedServerConfig()
2281 QuicCryptoProof::~QuicCryptoProof() {} 2025 : send_expect_ct_header(false) {}
2026 QuicSignedServerConfig::~QuicSignedServerConfig() {}
2282 2027
2283 } // namespace net 2028 } // namespace net
OLDNEW
« no previous file with comments | « net/quic/core/crypto/quic_crypto_server_config.h ('k') | net/quic/core/crypto/quic_crypto_server_config_test.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698