Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(297)

Side by Side Diff: net/quic/core/crypto/quic_crypto_client_config.cc

Issue 2534303002: Make QuicCryptoClientConfig only cache server configs for 1 week. (Closed)
Patch Set: Fix Created 4 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | net/quic/core/crypto/quic_crypto_client_config_test.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/quic/core/crypto/quic_crypto_client_config.h" 5 #include "net/quic/core/crypto/quic_crypto_client_config.h"
6 6
7 #include <algorithm>
7 #include <memory> 8 #include <memory>
8 9
9 #include "base/memory/ptr_util.h" 10 #include "base/memory/ptr_util.h"
10 #include "base/metrics/histogram_macros.h" 11 #include "base/metrics/histogram_macros.h"
11 #include "base/stl_util.h" 12 #include "base/stl_util.h"
12 #include "base/strings/string_util.h" 13 #include "base/strings/string_util.h"
13 #include "net/quic/core/crypto/cert_compressor.h" 14 #include "net/quic/core/crypto/cert_compressor.h"
14 #include "net/quic/core/crypto/chacha20_poly1305_encrypter.h" 15 #include "net/quic/core/crypto/chacha20_poly1305_encrypter.h"
15 #include "net/quic/core/crypto/channel_id.h" 16 #include "net/quic/core/crypto/channel_id.h"
16 #include "net/quic/core/crypto/common_cert_set.h" 17 #include "net/quic/core/crypto/common_cert_set.h"
(...skipping 63 matching lines...) Expand 10 before | Expand all | Expand 10 after
80 } 81 }
81 82
82 const CryptoHandshakeMessage* scfg = GetServerConfig(); 83 const CryptoHandshakeMessage* scfg = GetServerConfig();
83 if (!scfg) { 84 if (!scfg) {
84 // Should be impossible short of cache corruption. 85 // Should be impossible short of cache corruption.
85 DCHECK(false); 86 DCHECK(false);
86 RecordInchoateClientHelloReason(SERVER_CONFIG_CORRUPTED); 87 RecordInchoateClientHelloReason(SERVER_CONFIG_CORRUPTED);
87 return false; 88 return false;
88 } 89 }
89 90
90 if (now.IsAfter(expiration_time_)) { 91 if (now.IsBefore(expiration_time_)) {
91 UMA_HISTOGRAM_CUSTOM_TIMES( 92 return true;
92 "Net.QuicClientHelloServerConfig.InvalidDuration",
93 base::TimeDelta::FromSeconds(now.ToUNIXSeconds() -
94 expiration_time_.ToUNIXSeconds()),
95 base::TimeDelta::FromMinutes(1), base::TimeDelta::FromDays(20), 50);
96 RecordInchoateClientHelloReason(SERVER_CONFIG_EXPIRED);
97 return false;
98 } 93 }
99 94
100 return true; 95 UMA_HISTOGRAM_CUSTOM_TIMES(
96 "Net.QuicClientHelloServerConfig.InvalidDuration",
97 base::TimeDelta::FromSeconds(now.ToUNIXSeconds() -
98 expiration_time_.ToUNIXSeconds()),
99 base::TimeDelta::FromMinutes(1), base::TimeDelta::FromDays(20), 50);
100 RecordInchoateClientHelloReason(SERVER_CONFIG_EXPIRED);
101 return false;
101 } 102 }
102 103
103 bool QuicCryptoClientConfig::CachedState::IsEmpty() const { 104 bool QuicCryptoClientConfig::CachedState::IsEmpty() const {
104 return server_config_.empty(); 105 return server_config_.empty();
105 } 106 }
106 107
107 const CryptoHandshakeMessage* 108 const CryptoHandshakeMessage*
108 QuicCryptoClientConfig::CachedState::GetServerConfig() const { 109 QuicCryptoClientConfig::CachedState::GetServerConfig() const {
109 if (server_config_.empty()) { 110 if (server_config_.empty()) {
110 return nullptr; 111 return nullptr;
(...skipping 607 matching lines...) Expand 10 before | Expand all | Expand 10 after
718 719
719 StringPiece scfg; 720 StringPiece scfg;
720 if (!message.GetStringPiece(kSCFG, &scfg)) { 721 if (!message.GetStringPiece(kSCFG, &scfg)) {
721 *error_details = "Missing SCFG"; 722 *error_details = "Missing SCFG";
722 return QUIC_CRYPTO_MESSAGE_PARAMETER_NOT_FOUND; 723 return QUIC_CRYPTO_MESSAGE_PARAMETER_NOT_FOUND;
723 } 724 }
724 725
725 QuicWallTime expiration_time = QuicWallTime::Zero(); 726 QuicWallTime expiration_time = QuicWallTime::Zero();
726 uint64_t expiry_seconds; 727 uint64_t expiry_seconds;
727 if (message.GetUint64(kSTTL, &expiry_seconds) == QUIC_NO_ERROR) { 728 if (message.GetUint64(kSTTL, &expiry_seconds) == QUIC_NO_ERROR) {
728 expiration_time = now.Add(QuicTime::Delta::FromSeconds(expiry_seconds)); 729 // Only cache configs for a maximum of 1 week.
730 expiration_time = now.Add(QuicTime::Delta::FromSeconds(
731 std::min(expiry_seconds, kNumSecondsPerWeek)));
729 } 732 }
730 733
731 CachedState::ServerConfigState state = 734 CachedState::ServerConfigState state =
732 cached->SetServerConfig(scfg, now, expiration_time, error_details); 735 cached->SetServerConfig(scfg, now, expiration_time, error_details);
733 if (state == CachedState::SERVER_CONFIG_EXPIRED) { 736 if (state == CachedState::SERVER_CONFIG_EXPIRED) {
734 return QUIC_CRYPTO_SERVER_CONFIG_EXPIRED; 737 return QUIC_CRYPTO_SERVER_CONFIG_EXPIRED;
735 } 738 }
736 // TODO(rtenneti): Return more specific error code than returning 739 // TODO(rtenneti): Return more specific error code than returning
737 // QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER. 740 // QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER.
738 if (state != CachedState::SERVER_CONFIG_VALID) { 741 if (state != CachedState::SERVER_CONFIG_VALID) {
(...skipping 234 matching lines...) Expand 10 before | Expand all | Expand 10 after
973 } 976 }
974 977
975 // Update canonical version to point at the "most recent" entry. 978 // Update canonical version to point at the "most recent" entry.
976 canonical_server_map_[suffix_server_id] = server_id; 979 canonical_server_map_[suffix_server_id] = server_id;
977 980
978 server_state->InitializeFrom(*canonical_state); 981 server_state->InitializeFrom(*canonical_state);
979 return true; 982 return true;
980 } 983 }
981 984
982 } // namespace net 985 } // namespace net
OLDNEW
« no previous file with comments | « no previous file | net/quic/core/crypto/quic_crypto_client_config_test.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698