OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/quic/core/crypto/quic_crypto_server_config.h" | 5 #include "net/quic/core/crypto/quic_crypto_server_config.h" |
6 | 6 |
7 #include <stdlib.h> | 7 #include <stdlib.h> |
8 | 8 |
9 #include <algorithm> | 9 #include <algorithm> |
10 #include <memory> | 10 #include <memory> |
(...skipping 1309 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1320 client_hello_state, | 1320 client_hello_state, |
1321 std::unique_ptr<ValidateClientHelloResultCallback> done_cb) const { | 1321 std::unique_ptr<ValidateClientHelloResultCallback> done_cb) const { |
1322 ValidateClientHelloHelper helper(client_hello_state, &done_cb); | 1322 ValidateClientHelloHelper helper(client_hello_state, &done_cb); |
1323 const CryptoHandshakeMessage& client_hello = client_hello_state->client_hello; | 1323 const CryptoHandshakeMessage& client_hello = client_hello_state->client_hello; |
1324 ClientHelloInfo* info = &(client_hello_state->info); | 1324 ClientHelloInfo* info = &(client_hello_state->info); |
1325 | 1325 |
1326 if (get_proof_failed) { | 1326 if (get_proof_failed) { |
1327 info->reject_reasons.push_back(SERVER_CONFIG_UNKNOWN_CONFIG_FAILURE); | 1327 info->reject_reasons.push_back(SERVER_CONFIG_UNKNOWN_CONFIG_FAILURE); |
1328 } | 1328 } |
1329 | 1329 |
1330 if (!ValidateExpectedLeafCertificate(client_hello, *signed_config)) { | 1330 if (signed_config->chain != nullptr && |
| 1331 !ValidateExpectedLeafCertificate(client_hello, |
| 1332 signed_config->chain->certs)) { |
1331 info->reject_reasons.push_back(INVALID_EXPECTED_LEAF_CERTIFICATE); | 1333 info->reject_reasons.push_back(INVALID_EXPECTED_LEAF_CERTIFICATE); |
1332 } | 1334 } |
1333 | 1335 |
1334 if (info->client_nonce.size() != kNonceSize) { | 1336 if (info->client_nonce.size() != kNonceSize) { |
1335 info->reject_reasons.push_back(CLIENT_NONCE_INVALID_FAILURE); | 1337 info->reject_reasons.push_back(CLIENT_NONCE_INVALID_FAILURE); |
1336 // Invalid client nonce. | 1338 // Invalid client nonce. |
1337 LOG(ERROR) << "Invalid client nonce: " << client_hello.DebugString(); | 1339 LOG(ERROR) << "Invalid client nonce: " << client_hello.DebugString(); |
1338 DVLOG(1) << "Invalid client nonce."; | 1340 DVLOG(1) << "Invalid client nonce."; |
1339 } | 1341 } |
1340 | 1342 |
(...skipping 638 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1979 rand->RandBytes(&server_nonce[sizeof(timestamp)], | 1981 rand->RandBytes(&server_nonce[sizeof(timestamp)], |
1980 sizeof(server_nonce) - sizeof(timestamp)); | 1982 sizeof(server_nonce) - sizeof(timestamp)); |
1981 | 1983 |
1982 return server_nonce_boxer_.Box( | 1984 return server_nonce_boxer_.Box( |
1983 rand, | 1985 rand, |
1984 StringPiece(reinterpret_cast<char*>(server_nonce), sizeof(server_nonce))); | 1986 StringPiece(reinterpret_cast<char*>(server_nonce), sizeof(server_nonce))); |
1985 } | 1987 } |
1986 | 1988 |
1987 bool QuicCryptoServerConfig::ValidateExpectedLeafCertificate( | 1989 bool QuicCryptoServerConfig::ValidateExpectedLeafCertificate( |
1988 const CryptoHandshakeMessage& client_hello, | 1990 const CryptoHandshakeMessage& client_hello, |
1989 const QuicSignedServerConfig& signed_config) const { | 1991 const std::vector<string>& certs) const { |
1990 if (signed_config.chain->certs.empty()) { | 1992 if (certs.empty()) { |
1991 return false; | 1993 return false; |
1992 } | 1994 } |
1993 | 1995 |
1994 uint64_t hash_from_client; | 1996 uint64_t hash_from_client; |
1995 if (client_hello.GetUint64(kXLCT, &hash_from_client) != QUIC_NO_ERROR) { | 1997 if (client_hello.GetUint64(kXLCT, &hash_from_client) != QUIC_NO_ERROR) { |
1996 return false; | 1998 return false; |
1997 } | 1999 } |
1998 return CryptoUtils::ComputeLeafCertHash(signed_config.chain->certs.at(0)) == | 2000 return CryptoUtils::ComputeLeafCertHash(certs.at(0)) == hash_from_client; |
1999 hash_from_client; | |
2000 } | 2001 } |
2001 | 2002 |
2002 bool QuicCryptoServerConfig::ClientDemandsX509Proof( | 2003 bool QuicCryptoServerConfig::ClientDemandsX509Proof( |
2003 const CryptoHandshakeMessage& client_hello) const { | 2004 const CryptoHandshakeMessage& client_hello) const { |
2004 const QuicTag* their_proof_demands; | 2005 const QuicTag* their_proof_demands; |
2005 size_t num_their_proof_demands; | 2006 size_t num_their_proof_demands; |
2006 | 2007 |
2007 if (client_hello.GetTaglist(kPDMD, &their_proof_demands, | 2008 if (client_hello.GetTaglist(kPDMD, &their_proof_demands, |
2008 &num_their_proof_demands) != QUIC_NO_ERROR) { | 2009 &num_their_proof_demands) != QUIC_NO_ERROR) { |
2009 return false; | 2010 return false; |
(...skipping 15 matching lines...) Expand all Loading... |
2025 expiry_time(QuicWallTime::Zero()), | 2026 expiry_time(QuicWallTime::Zero()), |
2026 priority(0), | 2027 priority(0), |
2027 source_address_token_boxer(nullptr) {} | 2028 source_address_token_boxer(nullptr) {} |
2028 | 2029 |
2029 QuicCryptoServerConfig::Config::~Config() {} | 2030 QuicCryptoServerConfig::Config::~Config() {} |
2030 | 2031 |
2031 QuicSignedServerConfig::QuicSignedServerConfig() {} | 2032 QuicSignedServerConfig::QuicSignedServerConfig() {} |
2032 QuicSignedServerConfig::~QuicSignedServerConfig() {} | 2033 QuicSignedServerConfig::~QuicSignedServerConfig() {} |
2033 | 2034 |
2034 } // namespace net | 2035 } // namespace net |
OLD | NEW |