| OLD | NEW |
|---|
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/quic/crypto/crypto_utils.h" | 5 #include "net/quic/crypto/crypto_utils.h" |
| 6 | 6 |
| 7 #include "crypto/hkdf.h" | 7 #include "crypto/hkdf.h" |
| 8 #include "net/base/net_util.h" | 8 #include "net/base/net_util.h" |
| 9 #include "net/quic/crypto/crypto_handshake.h" | 9 #include "net/quic/crypto/crypto_handshake.h" |
| 10 #include "net/quic/crypto/crypto_protocol.h" | 10 #include "net/quic/crypto/crypto_protocol.h" |
| (...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 47 // static | 47 // static |
| 48 bool CryptoUtils::IsValidSNI(StringPiece sni) { | 48 bool CryptoUtils::IsValidSNI(StringPiece sni) { |
| 49 // TODO(rtenneti): Support RFC2396 hostname. | 49 // TODO(rtenneti): Support RFC2396 hostname. |
| 50 // NOTE: Microsoft does NOT enforce this spec, so if we throw away hostnames | 50 // NOTE: Microsoft does NOT enforce this spec, so if we throw away hostnames |
| 51 // based on the above spec, we may be losing some hostnames that windows | 51 // based on the above spec, we may be losing some hostnames that windows |
| 52 // would consider valid. By far the most common hostname character NOT | 52 // would consider valid. By far the most common hostname character NOT |
| 53 // accepted by the above spec is '_'. | 53 // accepted by the above spec is '_'. |
| 54 url::CanonHostInfo host_info; | 54 url::CanonHostInfo host_info; |
| 55 string canonicalized_host(CanonicalizeHost(sni.as_string(), &host_info)); | 55 string canonicalized_host(CanonicalizeHost(sni.as_string(), &host_info)); |
| 56 return !host_info.IsIPAddress() && | 56 return !host_info.IsIPAddress() && |
| 57 IsCanonicalizedHostCompliant(canonicalized_host, std::string()) && | 57 IsCanonicalizedHostCompliant(canonicalized_host, std::string()) && |
| 58 sni.find_last_of('.') != string::npos; | 58 sni.find_last_of('.') != string::npos; |
| 59 } | 59 } |
| 60 | 60 |
| 61 // static | 61 // static |
| 62 string CryptoUtils::NormalizeHostname(const char* hostname) { | 62 string CryptoUtils::NormalizeHostname(const char* hostname) { |
| 63 url::CanonHostInfo host_info; | 63 url::CanonHostInfo host_info; |
| 64 string host(CanonicalizeHost(hostname, &host_info)); | 64 string host(CanonicalizeHost(hostname, &host_info)); |
| 65 | 65 |
| 66 // Walk backwards over the string, stopping at the first trailing dot. | 66 // Walk backwards over the string, stopping at the first trailing dot. |
| 67 size_t host_end = host.length(); | 67 size_t host_end = host.length(); |
| 68 while (host_end != 0 && host[host_end - 1] == '.') { | 68 while (host_end != 0 && host[host_end - 1] == '.') { |
| (...skipping 20 matching lines...) Expand all Loading... |
| 89 size_t key_bytes = out->encrypter->GetKeySize(); | 89 size_t key_bytes = out->encrypter->GetKeySize(); |
| 90 size_t nonce_prefix_bytes = out->encrypter->GetNoncePrefixSize(); | 90 size_t nonce_prefix_bytes = out->encrypter->GetNoncePrefixSize(); |
| 91 | 91 |
| 92 StringPiece nonce = client_nonce; | 92 StringPiece nonce = client_nonce; |
| 93 string nonce_storage; | 93 string nonce_storage; |
| 94 if (!server_nonce.empty()) { | 94 if (!server_nonce.empty()) { |
| 95 nonce_storage = client_nonce.as_string() + server_nonce.as_string(); | 95 nonce_storage = client_nonce.as_string() + server_nonce.as_string(); |
| 96 nonce = nonce_storage; | 96 nonce = nonce_storage; |
| 97 } | 97 } |
| 98 | 98 |
| 99 crypto::HKDF hkdf(premaster_secret, nonce, hkdf_input, key_bytes, | 99 crypto::HKDF hkdf( |
| 100 nonce_prefix_bytes); | 100 premaster_secret, nonce, hkdf_input, key_bytes, nonce_prefix_bytes); |
| 101 if (perspective == SERVER) { | 101 if (perspective == SERVER) { |
| 102 if (!out->encrypter->SetKey(hkdf.server_write_key()) || | 102 if (!out->encrypter->SetKey(hkdf.server_write_key()) || |
| 103 !out->encrypter->SetNoncePrefix(hkdf.server_write_iv()) || | 103 !out->encrypter->SetNoncePrefix(hkdf.server_write_iv()) || |
| 104 !out->decrypter->SetKey(hkdf.client_write_key()) || | 104 !out->decrypter->SetKey(hkdf.client_write_key()) || |
| 105 !out->decrypter->SetNoncePrefix(hkdf.client_write_iv())) { | 105 !out->decrypter->SetNoncePrefix(hkdf.client_write_iv())) { |
| 106 return false; | 106 return false; |
| 107 } | 107 } |
| 108 } else { | 108 } else { |
| 109 if (!out->encrypter->SetKey(hkdf.client_write_key()) || | 109 if (!out->encrypter->SetKey(hkdf.client_write_key()) || |
| 110 !out->encrypter->SetNoncePrefix(hkdf.client_write_iv()) || | 110 !out->encrypter->SetNoncePrefix(hkdf.client_write_iv()) || |
| 111 !out->decrypter->SetKey(hkdf.server_write_key()) || | 111 !out->decrypter->SetKey(hkdf.server_write_key()) || |
| 112 !out->decrypter->SetNoncePrefix(hkdf.server_write_iv())) { | 112 !out->decrypter->SetNoncePrefix(hkdf.server_write_iv())) { |
| 113 return false; | 113 return false; |
| 114 } | 114 } |
| 115 } | 115 } |
| 116 | 116 |
| 117 return true; | 117 return true; |
| 118 } | 118 } |
| 119 | 119 |
| 120 } // namespace net | 120 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
