Clang format slam.

net/quic/crypto/quic_crypto_client_config.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/quic/crypto/quic_crypto_client_config.h"
 
 #include "base/stl_util.h"
 #include "base/strings/string_util.h"
 #include "net/quic/crypto/cert_compressor.h"
 #include "net/quic/crypto/chacha20_poly1305_encrypter.h"
@@ skipping 10 matching lines @@
 
 using base::StringPiece;
 using std::find;
 using std::make_pair;
 using std::map;
 using std::string;
 using std::vector;
 
 namespace net {
 
-QuicCryptoClientConfig::QuicCryptoClientConfig()
-    : disable_ecdsa_(false) {}
+QuicCryptoClientConfig::QuicCryptoClientConfig() : disable_ecdsa_(false) {
+}
 
 QuicCryptoClientConfig::~QuicCryptoClientConfig() {
   STLDeleteValues(&cached_states_);
 }
 
 QuicCryptoClientConfig::CachedState::CachedState()
-    : server_config_valid_(false),
-      generation_counter_(0) {}
+    : server_config_valid_(false), generation_counter_(0) {
+}
 
-QuicCryptoClientConfig::CachedState::~CachedState() {}
+QuicCryptoClientConfig::CachedState::~CachedState() {
+}
 
 bool QuicCryptoClientConfig::CachedState::IsComplete(QuicWallTime now) const {
   if (server_config_.empty() || !server_config_valid_) {
     return false;
   }
 
   const CryptoHandshakeMessage* scfg = GetServerConfig();
   if (!scfg) {
     // Should be impossible short of cache corruption.
     DCHECK(false);
@@ skipping 20 matching lines @@
   }
 
   if (!scfg_.get()) {
     scfg_.reset(CryptoFramer::ParseMessage(server_config_));
     DCHECK(scfg_.get());
   }
   return scfg_.get();
 }
 
 QuicErrorCode QuicCryptoClientConfig::CachedState::SetServerConfig(
-    StringPiece server_config, QuicWallTime now, string* error_details) {
+    StringPiece server_config,
+    QuicWallTime now,
+    string* error_details) {
   const bool matches_existing = server_config == server_config_;
 
   // Even if the new server config matches the existing one, we still wish to
   // reject it if it has expired.
   scoped_ptr<CryptoHandshakeMessage> new_scfg_storage;
   const CryptoHandshakeMessage* new_scfg;
 
   if (!matches_existing) {
     new_scfg_storage.reset(CryptoFramer::ParseMessage(server_config));
     new_scfg = new_scfg_storage.get();
@@ skipping 87 matching lines @@
     const vector<string>& certs,
     StringPiece signature,
     QuicWallTime now) {
   DCHECK(server_config_.empty());
 
   if (server_config.empty()) {
     return false;
   }
 
   string error_details;
-  QuicErrorCode error = SetServerConfig(server_config, now,
-                                        &error_details);
+  QuicErrorCode error = SetServerConfig(server_config, now, &error_details);
   if (error != QUIC_NO_ERROR) {
     DVLOG(1) << "SetServerConfig failed with " << error_details;
     return false;
   }
 
   signature.CopyToString(&server_config_sig_);
   source_address_token.CopyToString(&source_address_token_);
   certs_ = certs;
   return true;
 }
 
 const string& QuicCryptoClientConfig::CachedState::server_config() const {
   return server_config_;
 }
 
-const string&
-QuicCryptoClientConfig::CachedState::source_address_token() const {
+const string& QuicCryptoClientConfig::CachedState::source_address_token()
+    const {
   return source_address_token_;
 }
 
 const vector<string>& QuicCryptoClientConfig::CachedState::certs() const {
   return certs_;
 }
 
 const string& QuicCryptoClientConfig::CachedState::signature() const {
   return server_config_sig_;
 }
@@ skipping 57 matching lines @@
   }
 
   CachedState* cached = new CachedState;
   cached_states_.insert(make_pair(server_id, cached));
   PopulateFromCanonicalConfig(server_id, cached);
   return cached;
 }
 
 void QuicCryptoClientConfig::ClearCachedStates() {
   for (CachedStateMap::const_iterator it = cached_states_.begin();
-       it != cached_states_.end(); ++it) {
+       it != cached_states_.end();
+       ++it) {
     it->second->Clear();
   }
 }
 
 void QuicCryptoClientConfig::FillInchoateClientHello(
     const QuicServerId& server_id,
     const QuicVersion preferred_version,
     const CachedState* cached,
     QuicCryptoNegotiatedParameters* out_params,
     CryptoHandshakeMessage* out) const {
@@ skipping 25 matching lines @@
 
   const vector<string>& certs = cached->certs();
   // We save |certs| in the QuicCryptoNegotiatedParameters so that, if the
   // client config is being used for multiple connections, another connection
   // doesn't update the cached certificates and cause us to be unable to
   // process the server's compressed certificate chain.
   out_params->cached_certs = certs;
   if (!certs.empty()) {
     vector<uint64> hashes;
     hashes.reserve(certs.size());
-    for (vector<string>::const_iterator i = certs.begin();
-         i != certs.end(); ++i) {
+    for (vector<string>::const_iterator i = certs.begin(); i != certs.end();
+         ++i) {
       hashes.push_back(QuicUtils::FNV1a_64_Hash(i->data(), i->size()));
     }
     out->SetVector(kCCRT, hashes);
   }
 }
 
 QuicErrorCode QuicCryptoClientConfig::FillClientHello(
     const QuicServerId& server_id,
     QuicConnectionId connection_id,
     const QuicVersion preferred_version,
     uint32 initial_flow_control_window_bytes,
     const CachedState* cached,
     QuicWallTime now,
     QuicRandom* rand,
     QuicCryptoNegotiatedParameters* out_params,
     CryptoHandshakeMessage* out,
     string* error_details) const {
   DCHECK(error_details != NULL);
 
-  FillInchoateClientHello(server_id, preferred_version, cached,
-                          out_params, out);
+  FillInchoateClientHello(
+      server_id, preferred_version, cached, out_params, out);
 
   // Set initial receive window for flow control.
   out->SetValue(kIFCW, initial_flow_control_window_bytes);
 
   const CryptoHandshakeMessage* scfg = cached->GetServerConfig();
   if (!scfg) {
     // This should never happen as our caller should have checked
     // cached->IsComplete() before calling this function.
     *error_details = "Handshake not ready";
     return QUIC_CRYPTO_INTERNAL_ERROR;
   }
 
   StringPiece scid;
   if (!scfg->GetStringPiece(kSCID, &scid)) {
     *error_details = "SCFG missing SCID";
     return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER;
   }
   out->SetStringPiece(kSCID, scid);
 
   const QuicTag* their_aeads;
   const QuicTag* their_key_exchanges;
   size_t num_their_aeads, num_their_key_exchanges;
-  if (scfg->GetTaglist(kAEAD, &their_aeads,
-                       &num_their_aeads) != QUIC_NO_ERROR ||
-      scfg->GetTaglist(kKEXS, &their_key_exchanges,
-                       &num_their_key_exchanges) != QUIC_NO_ERROR) {
+  if (scfg->GetTaglist(kAEAD, &their_aeads, &num_their_aeads) !=
+          QUIC_NO_ERROR ||
+      scfg->GetTaglist(kKEXS, &their_key_exchanges, &num_their_key_exchanges) !=
+          QUIC_NO_ERROR) {
     *error_details = "Missing AEAD or KEXS";
     return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER;
   }
 
   // AEAD: the work loads on the client and server are symmetric. Since the
   // client is more likely to be CPU-constrained, break the tie by favoring
   // the client's preference.
   // Key exchange: the client does more work than the server, so favor the
   // client's preference.
   size_t key_exchange_index;
-  if (!QuicUtils::FindMutualTag(
-          aead, their_aeads, num_their_aeads, QuicUtils::LOCAL_PRIORITY,
-          &out_params->aead, NULL) ||
-      !QuicUtils::FindMutualTag(
-          kexs, their_key_exchanges, num_their_key_exchanges,
-          QuicUtils::LOCAL_PRIORITY, &out_params->key_exchange,
-          &key_exchange_index)) {
+  if (!QuicUtils::FindMutualTag(aead,
+                                their_aeads,
+                                num_their_aeads,
+                                QuicUtils::LOCAL_PRIORITY,
+                                &out_params->aead,
+                                NULL) ||
+      !QuicUtils::FindMutualTag(kexs,
+                                their_key_exchanges,
+                                num_their_key_exchanges,
+                                QuicUtils::LOCAL_PRIORITY,
+                                &out_params->key_exchange,
+                                &key_exchange_index)) {
     *error_details = "Unsupported AEAD or KEXS";
     return QUIC_CRYPTO_NO_SUPPORT;
   }
   out->SetTaglist(kAEAD, out_params->aead, 0);
   out->SetTaglist(kKEXS, out_params->key_exchange, 0);
 
   StringPiece public_value;
   if (scfg->GetNthValue24(kPUBS, key_exchange_index, &public_value) !=
-          QUIC_NO_ERROR) {
+      QUIC_NO_ERROR) {
     *error_details = "Missing public value";
     return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER;
   }
 
   StringPiece orbit;
   if (!scfg->GetStringPiece(kORBT, &orbit) || orbit.size() != kOrbitSize) {
     *error_details = "SCFG missing OBIT";
     return QUIC_CRYPTO_MESSAGE_PARAMETER_NOT_FOUND;
   }
 
   CryptoUtils::GenerateNonce(now, rand, orbit, &out_params->client_nonce);
   out->SetStringPiece(kNONC, out_params->client_nonce);
   if (!out_params->server_nonce.empty()) {
     out->SetStringPiece(kServerNonceTag, out_params->server_nonce);
   }
 
   switch (out_params->key_exchange) {
     case kC255:
       out_params->client_key_exchange.reset(Curve25519KeyExchange::New(
           Curve25519KeyExchange::NewPrivateKey(rand)));
       break;
     case kP256:
-      out_params->client_key_exchange.reset(P256KeyExchange::New(
-          P256KeyExchange::NewPrivateKey()));
+      out_params->client_key_exchange.reset(
+          P256KeyExchange::New(P256KeyExchange::NewPrivateKey()));
       break;
     default:
       DCHECK(false);
       *error_details = "Configured to support an unknown key exchange";
       return QUIC_CRYPTO_INTERNAL_ERROR;
   }
 
   if (!out_params->client_key_exchange->CalculateSharedKey(
           public_value, &out_params->initial_premaster_secret)) {
     *error_details = "Key exchange failure";
     return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER;
   }
   out->SetStringPiece(kPUBS, out_params->client_key_exchange->public_value());
 
   bool do_channel_id = false;
   if (channel_id_signer_.get()) {
     const QuicTag* their_proof_demands;
     size_t num_their_proof_demands;
-    if (scfg->GetTaglist(kPDMD, &their_proof_demands,
+    if (scfg->GetTaglist(kPDMD,
+                         &their_proof_demands,
                          &num_their_proof_demands) == QUIC_NO_ERROR) {
       for (size_t i = 0; i < num_their_proof_demands; i++) {
         if (their_proof_demands[i] == kCHID) {
           do_channel_id = true;
           break;
         }
       }
     }
   }
 
@@ skipping 11 matching lines @@
     const QuicData& client_hello_serialized = out->GetSerialized();
     hkdf_input.append(QuicCryptoConfig::kCETVLabel,
                       strlen(QuicCryptoConfig::kCETVLabel) + 1);
     hkdf_input.append(reinterpret_cast<char*>(&connection_id),
                       sizeof(connection_id));
     hkdf_input.append(client_hello_serialized.data(),
                       client_hello_serialized.length());
     hkdf_input.append(cached->server_config());
 
     string key, signature;
-    if (!channel_id_signer_->Sign(server_id.host(), hkdf_input,
-                                  &key, &signature)) {
+    if (!channel_id_signer_->Sign(
+            server_id.host(), hkdf_input, &key, &signature)) {
       *error_details = "Channel ID signature failed";
       return QUIC_INVALID_CHANNEL_ID_SIGNATURE;
     }
 
     cetv.SetStringPiece(kCIDK, key);
     cetv.SetStringPiece(kCIDS, signature);
 
     CrypterPair crypters;
     if (!CryptoUtils::DeriveKeys(out_params->initial_premaster_secret,
-                                 out_params->aead, out_params->client_nonce,
-                                 out_params->server_nonce, hkdf_input,
-                                 CryptoUtils::CLIENT, &crypters)) {
+                                 out_params->aead,
+                                 out_params->client_nonce,
+                                 out_params->server_nonce,
+                                 hkdf_input,
+                                 CryptoUtils::CLIENT,
+                                 &crypters)) {
       *error_details = "Symmetric key setup failed";
       return QUIC_CRYPTO_SYMMETRIC_KEY_SETUP_FAILED;
     }
 
     const QuicData& cetv_plaintext = cetv.GetSerialized();
-    scoped_ptr<QuicData> cetv_ciphertext(crypters.encrypter->EncryptPacket(
-        0 /* sequence number */,
-        StringPiece() /* associated data */,
-        cetv_plaintext.AsStringPiece()));
+    scoped_ptr<QuicData> cetv_ciphertext(
+        crypters.encrypter->EncryptPacket(0 /* sequence number */,
+                                          StringPiece() /* associated data */,
+                                          cetv_plaintext.AsStringPiece()));
     if (!cetv_ciphertext.get()) {
       *error_details = "Packet encryption failed";
       return QUIC_ENCRYPTION_FAILURE;
     }
 
     out->SetStringPiece(kCETV, cetv_ciphertext->AsStringPiece());
     out->MarkDirty();
 
     out->set_minimum_size(orig_min_size);
   }
 
   out_params->hkdf_input_suffix.clear();
   out_params->hkdf_input_suffix.append(reinterpret_cast<char*>(&connection_id),
                                        sizeof(connection_id));
   const QuicData& client_hello_serialized = out->GetSerialized();
   out_params->hkdf_input_suffix.append(client_hello_serialized.data(),
                                        client_hello_serialized.length());
   out_params->hkdf_input_suffix.append(cached->server_config());
 
   string hkdf_input;
   const size_t label_len = strlen(QuicCryptoConfig::kInitialLabel) + 1;
   hkdf_input.reserve(label_len + out_params->hkdf_input_suffix.size());
   hkdf_input.append(QuicCryptoConfig::kInitialLabel, label_len);
   hkdf_input.append(out_params->hkdf_input_suffix);
 
-  if (!CryptoUtils::DeriveKeys(
-           out_params->initial_premaster_secret, out_params->aead,
-           out_params->client_nonce, out_params->server_nonce, hkdf_input,
-           CryptoUtils::CLIENT, &out_params->initial_crypters)) {
+  if (!CryptoUtils::DeriveKeys(out_params->initial_premaster_secret,
+                               out_params->aead,
+                               out_params->client_nonce,
+                               out_params->server_nonce,
+                               hkdf_input,
+                               CryptoUtils::CLIENT,
+                               &out_params->initial_crypters)) {
     *error_details = "Symmetric key setup failed";
     return QUIC_CRYPTO_SYMMETRIC_KEY_SETUP_FAILED;
   }
 
   return QUIC_NO_ERROR;
 }
 
 QuicErrorCode QuicCryptoClientConfig::ProcessRejection(
     const CryptoHandshakeMessage& rej,
     QuicWallTime now,
@@ skipping 26 matching lines @@
   StringPiece nonce;
   if (rej.GetStringPiece(kServerNonceTag, &nonce)) {
     out_params->server_nonce = nonce.as_string();
   }
 
   StringPiece proof, cert_bytes;
   bool has_proof = rej.GetStringPiece(kPROF, &proof);
   bool has_cert = rej.GetStringPiece(kCertificateTag, &cert_bytes);
   if (has_proof && has_cert) {
     vector<string> certs;
-    if (!CertCompressor::DecompressChain(cert_bytes, out_params->cached_certs,
-                                         common_cert_sets, &certs)) {
+    if (!CertCompressor::DecompressChain(
+            cert_bytes, out_params->cached_certs, common_cert_sets, &certs)) {
       *error_details = "Certificate data invalid";
       return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER;
     }
 
     cached->SetProof(certs, proof);
   } else {
     cached->ClearProof();
     if (has_proof && !has_cert) {
       *error_details = "Certificate missing";
       return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER;
@@ skipping 18 matching lines @@
   DCHECK(error_details != NULL);
 
   if (server_hello.tag() != kSHLO) {
     *error_details = "Bad tag";
     return QUIC_INVALID_CRYPTO_MESSAGE_TYPE;
   }
 
   const QuicTag* supported_version_tags;
   size_t num_supported_versions;
 
-  if (server_hello.GetTaglist(kVER, &supported_version_tags,
+  if (server_hello.GetTaglist(kVER,
+                              &supported_version_tags,
                               &num_supported_versions) != QUIC_NO_ERROR) {
     *error_details = "server hello missing version list";
     return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER;
   }
   if (!negotiated_versions.empty()) {
     bool mismatch = num_supported_versions != negotiated_versions.size();
     for (size_t i = 0; i < num_supported_versions && !mismatch; ++i) {
       mismatch = QuicTagToQuicVersion(supported_version_tags[i]) !=
-          negotiated_versions[i];
+                 negotiated_versions[i];
     }
     // The server sent a list of supported versions, and the connection
     // reports that there was a version negotiation during the handshake.
-      // Ensure that these two lists are identical.
+    // Ensure that these two lists are identical.
     if (mismatch) {
       *error_details = "Downgrade attack detected";
       return QUIC_VERSION_NEGOTIATION_MISMATCH;
     }
   }
 
   // Learn about updated source address tokens.
   StringPiece token;
   if (server_hello.GetStringPiece(kSourceAddressTokenTag, &token)) {
     cached->set_source_address_token(token);
@@ skipping 13 matching lines @@
     *error_details = "Key exchange failure";
     return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER;
   }
 
   string hkdf_input;
   const size_t label_len = strlen(QuicCryptoConfig::kForwardSecureLabel) + 1;
   hkdf_input.reserve(label_len + out_params->hkdf_input_suffix.size());
   hkdf_input.append(QuicCryptoConfig::kForwardSecureLabel, label_len);
   hkdf_input.append(out_params->hkdf_input_suffix);
 
-  if (!CryptoUtils::DeriveKeys(
-           out_params->forward_secure_premaster_secret, out_params->aead,
-           out_params->client_nonce, out_params->server_nonce, hkdf_input,
-           CryptoUtils::CLIENT, &out_params->forward_secure_crypters)) {
+  if (!CryptoUtils::DeriveKeys(out_params->forward_secure_premaster_secret,
+                               out_params->aead,
+                               out_params->client_nonce,
+                               out_params->server_nonce,
+                               hkdf_input,
+                               CryptoUtils::CLIENT,
+                               &out_params->forward_secure_crypters)) {
     *error_details = "Symmetric key setup failed";
     return QUIC_CRYPTO_SYMMETRIC_KEY_SETUP_FAILED;
   }
 
   return QUIC_NO_ERROR;
 }
 
 ProofVerifier* QuicCryptoClientConfig::proof_verifier() const {
   return proof_verifier_.get();
 }
@@ skipping 49 matching lines @@
   DCHECK(server_state->IsEmpty());
   size_t i = 0;
   for (; i < canoncial_suffixes_.size(); ++i) {
     if (EndsWith(server_id.host(), canoncial_suffixes_[i], false)) {
       break;
     }
   }
   if (i == canoncial_suffixes_.size())
     return;
 
-  QuicServerId suffix_server_id(canoncial_suffixes_[i], server_id.port(),
+  QuicServerId suffix_server_id(canoncial_suffixes_[i],
+                                server_id.port(),
                                 server_id.is_https(),
                                 server_id.privacy_mode());
   if (!ContainsKey(canonical_server_map_, suffix_server_id)) {
     // This is the first host we've seen which matches the suffix, so make it
     // canonical.
     canonical_server_map_[suffix_server_id] = server_id;
     return;
   }
 
   const QuicServerId& canonical_server_id =
       canonical_server_map_[suffix_server_id];
   CachedState* canonical_state = cached_states_[canonical_server_id];
   if (!canonical_state->proof_valid()) {
     return;
   }
 
   // Update canonical version to point at the "most recent" entry.
   canonical_server_map_[suffix_server_id] = server_id;
 
   server_state->InitializeFrom(*canonical_state);
 }
 
 }  // namespace net