| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/quic/core/crypto/quic_crypto_server_config.h" | 5 #include "net/quic/core/crypto/quic_crypto_server_config.h" |
| 6 | 6 |
| 7 #include <stdlib.h> | 7 #include <stdlib.h> |
| 8 | 8 |
| 9 #include <algorithm> | 9 #include <algorithm> |
| 10 #include <memory> | 10 #include <memory> |
| (...skipping 756 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 767 params->sct_supported_by_client = true; | 767 params->sct_supported_by_client = true; |
| 768 } | 768 } |
| 769 | 769 |
| 770 std::unique_ptr<CryptoHandshakeMessage> out(new CryptoHandshakeMessage); | 770 std::unique_ptr<CryptoHandshakeMessage> out(new CryptoHandshakeMessage); |
| 771 if (!info.reject_reasons.empty() || !requested_config.get()) { | 771 if (!info.reject_reasons.empty() || !requested_config.get()) { |
| 772 BuildRejection(version, clock->WallNow(), *primary_config, client_hello, | 772 BuildRejection(version, clock->WallNow(), *primary_config, client_hello, |
| 773 info, validate_chlo_result.cached_network_params, | 773 info, validate_chlo_result.cached_network_params, |
| 774 use_stateless_rejects, server_designated_connection_id, rand, | 774 use_stateless_rejects, server_designated_connection_id, rand, |
| 775 compressed_certs_cache, params, *signed_config, | 775 compressed_certs_cache, params, *signed_config, |
| 776 total_framing_overhead, chlo_packet_size, out.get()); | 776 total_framing_overhead, chlo_packet_size, out.get()); |
| 777 if (FLAGS_quic_reloadable_flag_quic_export_rej_for_all_rejects && | 777 if (rejection_observer_ != nullptr) { |
| 778 rejection_observer_ != nullptr) { | |
| 779 rejection_observer_->OnRejectionBuilt(info.reject_reasons, out.get()); | 778 rejection_observer_->OnRejectionBuilt(info.reject_reasons, out.get()); |
| 780 } | 779 } |
| 781 helper.Succeed(std::move(out), std::move(out_diversification_nonce), | 780 helper.Succeed(std::move(out), std::move(out_diversification_nonce), |
| 782 std::move(proof_source_details)); | 781 std::move(proof_source_details)); |
| 783 return; | 782 return; |
| 784 } | 783 } |
| 785 | 784 |
| 786 if (reject_only) { | 785 if (reject_only) { |
| 787 helper.Succeed(std::move(out), std::move(out_diversification_nonce), | 786 helper.Succeed(std::move(out), std::move(out_diversification_nonce), |
| 788 std::move(proof_source_details)); | 787 std::move(proof_source_details)); |
| (...skipping 531 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1320 client_hello_state, | 1319 client_hello_state, |
| 1321 std::unique_ptr<ValidateClientHelloResultCallback> done_cb) const { | 1320 std::unique_ptr<ValidateClientHelloResultCallback> done_cb) const { |
| 1322 ValidateClientHelloHelper helper(client_hello_state, &done_cb); | 1321 ValidateClientHelloHelper helper(client_hello_state, &done_cb); |
| 1323 const CryptoHandshakeMessage& client_hello = client_hello_state->client_hello; | 1322 const CryptoHandshakeMessage& client_hello = client_hello_state->client_hello; |
| 1324 ClientHelloInfo* info = &(client_hello_state->info); | 1323 ClientHelloInfo* info = &(client_hello_state->info); |
| 1325 | 1324 |
| 1326 if (get_proof_failed) { | 1325 if (get_proof_failed) { |
| 1327 info->reject_reasons.push_back(SERVER_CONFIG_UNKNOWN_CONFIG_FAILURE); | 1326 info->reject_reasons.push_back(SERVER_CONFIG_UNKNOWN_CONFIG_FAILURE); |
| 1328 } | 1327 } |
| 1329 | 1328 |
| 1330 if (!ValidateExpectedLeafCertificate(client_hello, *signed_config)) { | 1329 if (signed_config->chain != nullptr && |
| 1330 !ValidateExpectedLeafCertificate(client_hello, |
| 1331 signed_config->chain->certs)) { |
| 1331 info->reject_reasons.push_back(INVALID_EXPECTED_LEAF_CERTIFICATE); | 1332 info->reject_reasons.push_back(INVALID_EXPECTED_LEAF_CERTIFICATE); |
| 1332 } | 1333 } |
| 1333 | 1334 |
| 1334 if (info->client_nonce.size() != kNonceSize) { | 1335 if (info->client_nonce.size() != kNonceSize) { |
| 1335 info->reject_reasons.push_back(CLIENT_NONCE_INVALID_FAILURE); | 1336 info->reject_reasons.push_back(CLIENT_NONCE_INVALID_FAILURE); |
| 1336 // Invalid client nonce. | 1337 // Invalid client nonce. |
| 1337 LOG(ERROR) << "Invalid client nonce: " << client_hello.DebugString(); | 1338 LOG(ERROR) << "Invalid client nonce: " << client_hello.DebugString(); |
| 1338 DVLOG(1) << "Invalid client nonce."; | 1339 DVLOG(1) << "Invalid client nonce."; |
| 1339 } | 1340 } |
| 1340 | 1341 |
| (...skipping 638 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1979 rand->RandBytes(&server_nonce[sizeof(timestamp)], | 1980 rand->RandBytes(&server_nonce[sizeof(timestamp)], |
| 1980 sizeof(server_nonce) - sizeof(timestamp)); | 1981 sizeof(server_nonce) - sizeof(timestamp)); |
| 1981 | 1982 |
| 1982 return server_nonce_boxer_.Box( | 1983 return server_nonce_boxer_.Box( |
| 1983 rand, | 1984 rand, |
| 1984 StringPiece(reinterpret_cast<char*>(server_nonce), sizeof(server_nonce))); | 1985 StringPiece(reinterpret_cast<char*>(server_nonce), sizeof(server_nonce))); |
| 1985 } | 1986 } |
| 1986 | 1987 |
| 1987 bool QuicCryptoServerConfig::ValidateExpectedLeafCertificate( | 1988 bool QuicCryptoServerConfig::ValidateExpectedLeafCertificate( |
| 1988 const CryptoHandshakeMessage& client_hello, | 1989 const CryptoHandshakeMessage& client_hello, |
| 1989 const QuicSignedServerConfig& signed_config) const { | 1990 const std::vector<string>& certs) const { |
| 1990 if (signed_config.chain->certs.empty()) { | 1991 if (certs.empty()) { |
| 1991 return false; | 1992 return false; |
| 1992 } | 1993 } |
| 1993 | 1994 |
| 1994 uint64_t hash_from_client; | 1995 uint64_t hash_from_client; |
| 1995 if (client_hello.GetUint64(kXLCT, &hash_from_client) != QUIC_NO_ERROR) { | 1996 if (client_hello.GetUint64(kXLCT, &hash_from_client) != QUIC_NO_ERROR) { |
| 1996 return false; | 1997 return false; |
| 1997 } | 1998 } |
| 1998 return CryptoUtils::ComputeLeafCertHash(signed_config.chain->certs.at(0)) == | 1999 return CryptoUtils::ComputeLeafCertHash(certs.at(0)) == hash_from_client; |
| 1999 hash_from_client; | |
| 2000 } | 2000 } |
| 2001 | 2001 |
| 2002 bool QuicCryptoServerConfig::ClientDemandsX509Proof( | 2002 bool QuicCryptoServerConfig::ClientDemandsX509Proof( |
| 2003 const CryptoHandshakeMessage& client_hello) const { | 2003 const CryptoHandshakeMessage& client_hello) const { |
| 2004 const QuicTag* their_proof_demands; | 2004 const QuicTag* their_proof_demands; |
| 2005 size_t num_their_proof_demands; | 2005 size_t num_their_proof_demands; |
| 2006 | 2006 |
| 2007 if (client_hello.GetTaglist(kPDMD, &their_proof_demands, | 2007 if (client_hello.GetTaglist(kPDMD, &their_proof_demands, |
| 2008 &num_their_proof_demands) != QUIC_NO_ERROR) { | 2008 &num_their_proof_demands) != QUIC_NO_ERROR) { |
| 2009 return false; | 2009 return false; |
| (...skipping 15 matching lines...) Expand all Loading... |
| 2025 expiry_time(QuicWallTime::Zero()), | 2025 expiry_time(QuicWallTime::Zero()), |
| 2026 priority(0), | 2026 priority(0), |
| 2027 source_address_token_boxer(nullptr) {} | 2027 source_address_token_boxer(nullptr) {} |
| 2028 | 2028 |
| 2029 QuicCryptoServerConfig::Config::~Config() {} | 2029 QuicCryptoServerConfig::Config::~Config() {} |
| 2030 | 2030 |
| 2031 QuicSignedServerConfig::QuicSignedServerConfig() {} | 2031 QuicSignedServerConfig::QuicSignedServerConfig() {} |
| 2032 QuicSignedServerConfig::~QuicSignedServerConfig() {} | 2032 QuicSignedServerConfig::~QuicSignedServerConfig() {} |
| 2033 | 2033 |
| 2034 } // namespace net | 2034 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2621793002:
Landing Recent QUIC changes until Jan 6 14:42:13 2017 (Closed)
