| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/quic/core/crypto/quic_crypto_client_config.h" | 5 #include "net/quic/core/crypto/quic_crypto_client_config.h" |
| 6 | 6 |
| 7 #include <algorithm> |
| 7 #include <memory> | 8 #include <memory> |
| 8 | 9 |
| 9 #include "base/memory/ptr_util.h" | 10 #include "base/memory/ptr_util.h" |
| 10 #include "base/metrics/histogram_macros.h" | 11 #include "base/metrics/histogram_macros.h" |
| 11 #include "base/stl_util.h" | 12 #include "base/stl_util.h" |
| 12 #include "base/strings/string_util.h" | 13 #include "base/strings/string_util.h" |
| 13 #include "net/quic/core/crypto/cert_compressor.h" | 14 #include "net/quic/core/crypto/cert_compressor.h" |
| 14 #include "net/quic/core/crypto/chacha20_poly1305_encrypter.h" | 15 #include "net/quic/core/crypto/chacha20_poly1305_encrypter.h" |
| 15 #include "net/quic/core/crypto/channel_id.h" | 16 #include "net/quic/core/crypto/channel_id.h" |
| 16 #include "net/quic/core/crypto/common_cert_set.h" | 17 #include "net/quic/core/crypto/common_cert_set.h" |
| 17 #include "net/quic/core/crypto/crypto_framer.h" | 18 #include "net/quic/core/crypto/crypto_framer.h" |
| 18 #include "net/quic/core/crypto/crypto_utils.h" | 19 #include "net/quic/core/crypto/crypto_utils.h" |
| 19 #include "net/quic/core/crypto/curve25519_key_exchange.h" | 20 #include "net/quic/core/crypto/curve25519_key_exchange.h" |
| 20 #include "net/quic/core/crypto/key_exchange.h" | 21 #include "net/quic/core/crypto/key_exchange.h" |
| 21 #include "net/quic/core/crypto/p256_key_exchange.h" | 22 #include "net/quic/core/crypto/p256_key_exchange.h" |
| 22 #include "net/quic/core/crypto/proof_verifier.h" | 23 #include "net/quic/core/crypto/proof_verifier.h" |
| 23 #include "net/quic/core/crypto/quic_encrypter.h" | 24 #include "net/quic/core/crypto/quic_encrypter.h" |
| 24 #include "net/quic/core/crypto/quic_random.h" | 25 #include "net/quic/core/crypto/quic_random.h" |
| 25 #include "net/quic/core/quic_bug_tracker.h" | 26 #include "net/quic/core/quic_bug_tracker.h" |
| 26 #include "net/quic/core/quic_flags.h" | 27 #include "net/quic/core/quic_flags.h" |
| 28 #include "net/quic/core/quic_time.h" |
| 27 #include "net/quic/core/quic_utils.h" | 29 #include "net/quic/core/quic_utils.h" |
| 28 | 30 |
| 29 using base::StringPiece; | 31 using base::StringPiece; |
| 30 using std::string; | 32 using std::string; |
| 31 | 33 |
| 32 namespace net { | 34 namespace net { |
| 33 | 35 |
| 34 namespace { | 36 namespace { |
| 35 | 37 |
| 36 // Tracks the reason (the state of the server config) for sending inchoate | 38 // Tracks the reason (the state of the server config) for sending inchoate |
| (...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 80 } | 82 } |
| 81 | 83 |
| 82 const CryptoHandshakeMessage* scfg = GetServerConfig(); | 84 const CryptoHandshakeMessage* scfg = GetServerConfig(); |
| 83 if (!scfg) { | 85 if (!scfg) { |
| 84 // Should be impossible short of cache corruption. | 86 // Should be impossible short of cache corruption. |
| 85 DCHECK(false); | 87 DCHECK(false); |
| 86 RecordInchoateClientHelloReason(SERVER_CONFIG_CORRUPTED); | 88 RecordInchoateClientHelloReason(SERVER_CONFIG_CORRUPTED); |
| 87 return false; | 89 return false; |
| 88 } | 90 } |
| 89 | 91 |
| 90 if (now.IsAfter(expiration_time_)) { | 92 if (now.IsBefore(expiration_time_)) { |
| 91 UMA_HISTOGRAM_CUSTOM_TIMES( | 93 return true; |
| 92 "Net.QuicClientHelloServerConfig.InvalidDuration", | |
| 93 base::TimeDelta::FromSeconds(now.ToUNIXSeconds() - | |
| 94 expiration_time_.ToUNIXSeconds()), | |
| 95 base::TimeDelta::FromMinutes(1), base::TimeDelta::FromDays(20), 50); | |
| 96 RecordInchoateClientHelloReason(SERVER_CONFIG_EXPIRED); | |
| 97 return false; | |
| 98 } | 94 } |
| 99 | 95 |
| 100 return true; | 96 UMA_HISTOGRAM_CUSTOM_TIMES( |
| 97 "Net.QuicClientHelloServerConfig.InvalidDuration", |
| 98 base::TimeDelta::FromSeconds(now.ToUNIXSeconds() - |
| 99 expiration_time_.ToUNIXSeconds()), |
| 100 base::TimeDelta::FromMinutes(1), base::TimeDelta::FromDays(20), 50); |
| 101 RecordInchoateClientHelloReason(SERVER_CONFIG_EXPIRED); |
| 102 return false; |
| 101 } | 103 } |
| 102 | 104 |
| 103 bool QuicCryptoClientConfig::CachedState::IsEmpty() const { | 105 bool QuicCryptoClientConfig::CachedState::IsEmpty() const { |
| 104 return server_config_.empty(); | 106 return server_config_.empty(); |
| 105 } | 107 } |
| 106 | 108 |
| 107 const CryptoHandshakeMessage* | 109 const CryptoHandshakeMessage* |
| 108 QuicCryptoClientConfig::CachedState::GetServerConfig() const { | 110 QuicCryptoClientConfig::CachedState::GetServerConfig() const { |
| 109 if (server_config_.empty()) { | 111 if (server_config_.empty()) { |
| 110 return nullptr; | 112 return nullptr; |
| (...skipping 619 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 730 | 732 |
| 731 StringPiece scfg; | 733 StringPiece scfg; |
| 732 if (!message.GetStringPiece(kSCFG, &scfg)) { | 734 if (!message.GetStringPiece(kSCFG, &scfg)) { |
| 733 *error_details = "Missing SCFG"; | 735 *error_details = "Missing SCFG"; |
| 734 return QUIC_CRYPTO_MESSAGE_PARAMETER_NOT_FOUND; | 736 return QUIC_CRYPTO_MESSAGE_PARAMETER_NOT_FOUND; |
| 735 } | 737 } |
| 736 | 738 |
| 737 QuicWallTime expiration_time = QuicWallTime::Zero(); | 739 QuicWallTime expiration_time = QuicWallTime::Zero(); |
| 738 uint64_t expiry_seconds; | 740 uint64_t expiry_seconds; |
| 739 if (message.GetUint64(kSTTL, &expiry_seconds) == QUIC_NO_ERROR) { | 741 if (message.GetUint64(kSTTL, &expiry_seconds) == QUIC_NO_ERROR) { |
| 740 expiration_time = now.Add(QuicTime::Delta::FromSeconds(expiry_seconds)); | 742 // Only cache configs for a maximum of 1 week. |
| 743 expiration_time = now.Add(QuicTime::Delta::FromSeconds( |
| 744 std::min(expiry_seconds, kNumSecondsPerWeek))); |
| 741 } | 745 } |
| 742 | 746 |
| 743 CachedState::ServerConfigState state = | 747 CachedState::ServerConfigState state = |
| 744 cached->SetServerConfig(scfg, now, expiration_time, error_details); | 748 cached->SetServerConfig(scfg, now, expiration_time, error_details); |
| 745 if (state == CachedState::SERVER_CONFIG_EXPIRED) { | 749 if (state == CachedState::SERVER_CONFIG_EXPIRED) { |
| 746 return QUIC_CRYPTO_SERVER_CONFIG_EXPIRED; | 750 return QUIC_CRYPTO_SERVER_CONFIG_EXPIRED; |
| 747 } | 751 } |
| 748 // TODO(rtenneti): Return more specific error code than returning | 752 // TODO(rtenneti): Return more specific error code than returning |
| 749 // QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER. | 753 // QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER. |
| 750 if (state != CachedState::SERVER_CONFIG_VALID) { | 754 if (state != CachedState::SERVER_CONFIG_VALID) { |
| (...skipping 234 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 985 } | 989 } |
| 986 | 990 |
| 987 // Update canonical version to point at the "most recent" entry. | 991 // Update canonical version to point at the "most recent" entry. |
| 988 canonical_server_map_[suffix_server_id] = server_id; | 992 canonical_server_map_[suffix_server_id] = server_id; |
| 989 | 993 |
| 990 server_state->InitializeFrom(*canonical_state); | 994 server_state->InitializeFrom(*canonical_state); |
| 991 return true; | 995 return true; |
| 992 } | 996 } |
| 993 | 997 |
| 994 } // namespace net | 998 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2541163005:
[m56 merge] Make QuicCryptoClientConfig only cache server configs for 1 week. (Closed)
