Add QuicStringPiece which is actually StringPiece.

net/quic/core/crypto/quic_crypto_server_config.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/quic/core/crypto/quic_crypto_server_config.h"
 
 #include <stdlib.h>
 
 #include <algorithm>
 #include <memory>
@@ skipping 23 matching lines @@
 #include "net/quic/core/quic_socket_address_coder.h"
 #include "net/quic/core/quic_utils.h"
 #include "net/quic/platform/api/quic_bug_tracker.h"
 #include "net/quic/platform/api/quic_clock.h"
 #include "net/quic/platform/api/quic_hostname_utils.h"
 #include "net/quic/platform/api/quic_logging.h"
 #include "net/quic/platform/api/quic_reference_counted.h"
 #include "net/quic/platform/api/quic_text_utils.h"
 #include "third_party/boringssl/src/include/openssl/sha.h"
 
-using base::StringPiece;
 using std::string;
 
 namespace net {
 
 namespace {
 
 // kMultiplier is the multiple of the CHLO message size that a REJ message
 // must stay under when the client doesn't present a valid source-address
 // token. This is used to protect QUIC from amplification attacks.
 // TODO(rch): Reduce this to 2 again once b/25933682 is fixed.
 const size_t kMultiplier = 3;
 
 const int kMaxTokenAddresses = 4;
 
-string DeriveSourceAddressTokenKey(StringPiece source_address_token_secret) {
-  crypto::HKDF hkdf(source_address_token_secret, StringPiece() /* no salt */,
-                    "QUIC source address token key",
-                    CryptoSecretBoxer::GetKeySize(), 0 /* no fixed IV needed */,
-                    0 /* no subkey secret */);
+string DeriveSourceAddressTokenKey(
+    QuicStringPiece source_address_token_secret) {
+  crypto::HKDF hkdf(
+      source_address_token_secret, QuicStringPiece() /* no salt */,
+      "QUIC source address token key", CryptoSecretBoxer::GetKeySize(),
+      0 /* no fixed IV needed */, 0 /* no subkey secret */);
   return hkdf.server_write_key().as_string();
 }
 
 }  // namespace
 
 class ValidateClientHelloHelper {
  public:
   // Note: stores a pointer to a unique_ptr, and std::moves the unique_ptr when
   // ValidationComplete is called.
   ValidateClientHelloHelper(
@@ skipping 67 matching lines @@
     : expiry_time(QuicWallTime::Zero()),
       channel_id_enabled(false),
       p256(false) {}
 
 QuicCryptoServerConfig::ConfigOptions::ConfigOptions(
     const ConfigOptions& other) = default;
 
 QuicCryptoServerConfig::ConfigOptions::~ConfigOptions() {}
 
 QuicCryptoServerConfig::QuicCryptoServerConfig(
-    StringPiece source_address_token_secret,
+    QuicStringPiece source_address_token_secret,
     QuicRandom* server_nonce_entropy,
     std::unique_ptr<ProofSource> proof_source)
     : replay_protection_(true),
       chlo_multiplier_(kMultiplier),
       configs_lock_(),
       primary_config_(nullptr),
       next_config_promotion_time_(QuicWallTime::Zero()),
       proof_source_(std::move(proof_source)),
       source_address_token_future_secs_(3600),
       source_address_token_lifetime_secs_(86400),
@@ skipping 20 matching lines @@
 std::unique_ptr<QuicServerConfigProtobuf>
 QuicCryptoServerConfig::GenerateConfig(QuicRandom* rand,
                                        const QuicClock* clock,
                                        const ConfigOptions& options) {
   CryptoHandshakeMessage msg;
 
   const string curve25519_private_key =
       Curve25519KeyExchange::NewPrivateKey(rand);
   std::unique_ptr<Curve25519KeyExchange> curve25519(
       Curve25519KeyExchange::New(curve25519_private_key));
-  StringPiece curve25519_public_value = curve25519->public_value();
+  QuicStringPiece curve25519_public_value = curve25519->public_value();
 
   string encoded_public_values;
   // First three bytes encode the length of the public value.
   DCHECK_LT(curve25519_public_value.size(), (1U << 24));
   encoded_public_values.push_back(
       static_cast<char>(curve25519_public_value.size()));
   encoded_public_values.push_back(
       static_cast<char>(curve25519_public_value.size() >> 8));
   encoded_public_values.push_back(
       static_cast<char>(curve25519_public_value.size() >> 16));
   encoded_public_values.append(curve25519_public_value.data(),
                                curve25519_public_value.size());
 
   string p256_private_key;
   if (options.p256) {
     p256_private_key = P256KeyExchange::NewPrivateKey();
     std::unique_ptr<P256KeyExchange> p256(
         P256KeyExchange::New(p256_private_key));
-    StringPiece p256_public_value = p256->public_value();
+    QuicStringPiece p256_public_value = p256->public_value();
 
     DCHECK_LT(p256_public_value.size(), (1U << 24));
     encoded_public_values.push_back(
         static_cast<char>(p256_public_value.size()));
     encoded_public_values.push_back(
         static_cast<char>(p256_public_value.size() >> 8));
     encoded_public_values.push_back(
         static_cast<char>(p256_public_value.size() >> 16));
     encoded_public_values.append(p256_public_value.data(),
                                  p256_public_value.size());
@@ skipping 18 matching lines @@
     msg.SetValue(kEXPY, options.expiry_time.ToUNIXSeconds());
   }
 
   char orbit_bytes[kOrbitSize];
   if (options.orbit.size() == sizeof(orbit_bytes)) {
     memcpy(orbit_bytes, options.orbit.data(), sizeof(orbit_bytes));
   } else {
     DCHECK(options.orbit.empty());
     rand->RandBytes(orbit_bytes, sizeof(orbit_bytes));
   }
-  msg.SetStringPiece(kORBT, StringPiece(orbit_bytes, sizeof(orbit_bytes)));
+  msg.SetStringPiece(kORBT, QuicStringPiece(orbit_bytes, sizeof(orbit_bytes)));
 
   if (options.channel_id_enabled) {
     msg.SetVector(kPDMD, QuicTagVector{kCHID});
   }
 
   if (!options.token_binding_params.empty()) {
     msg.SetVector(kTBKP, options.token_binding_params);
   }
 
   if (options.id.empty()) {
     // We need to ensure that the SCID changes whenever the server config does
     // thus we make it a hash of the rest of the server config.
     std::unique_ptr<QuicData> serialized(
         CryptoFramer::ConstructHandshakeMessage(msg));
 
     uint8_t scid_bytes[SHA256_DIGEST_LENGTH];
     SHA256(reinterpret_cast<const uint8_t*>(serialized->data()),
            serialized->length(), scid_bytes);
     // The SCID is a truncated SHA-256 digest.
     static_assert(16 <= SHA256_DIGEST_LENGTH, "SCID length too high.");
     msg.SetStringPiece(
-        kSCID, StringPiece(reinterpret_cast<const char*>(scid_bytes), 16));
+        kSCID, QuicStringPiece(reinterpret_cast<const char*>(scid_bytes), 16));
   } else {
     msg.SetStringPiece(kSCID, options.id);
   }
   // Don't put new tags below this point. The SCID generation should hash over
   // everything but itself and so extra tags should be added prior to the
   // preceding if block.
 
   std::unique_ptr<QuicData> serialized(
       CryptoFramer::ConstructHandshakeMessage(msg));
 
@@ skipping 150 matching lines @@
     QuicVersion version,
     const QuicClock* clock,
     QuicReferenceCountedPointer<QuicSignedServerConfig> signed_config,
     std::unique_ptr<ValidateClientHelloResultCallback> done_cb) const {
   const QuicWallTime now(clock->WallNow());
 
   QuicReferenceCountedPointer<ValidateClientHelloResultCallback::Result> result(
       new ValidateClientHelloResultCallback::Result(client_hello, client_ip,
                                                     now));
 
-  StringPiece requested_scid;
+  QuicStringPiece requested_scid;
   client_hello.GetStringPiece(kSCID, &requested_scid);
 
   QuicReferenceCountedPointer<Config> requested_config;
   QuicReferenceCountedPointer<Config> primary_config;
   {
     QuicReaderMutexLock locked(&configs_lock_);
 
     if (!primary_config_.get()) {
       result->error_code = QUIC_CRYPTO_INTERNAL_ERROR;
       result->error_details = "No configurations loaded";
@@ skipping 179 matching lines @@
   const ClientHelloInfo& info = validate_chlo_result->info;
 
   string error_details;
   QuicErrorCode valid = CryptoUtils::ValidateClientHello(
       client_hello, version, supported_versions, &error_details);
   if (valid != QUIC_NO_ERROR) {
     helper.Fail(valid, error_details);
     return;
   }
 
-  StringPiece requested_scid;
+  QuicStringPiece requested_scid;
   client_hello.GetStringPiece(kSCID, &requested_scid);
   const QuicWallTime now(clock->WallNow());
 
   QuicReferenceCountedPointer<Config> requested_config;
   QuicReferenceCountedPointer<Config> primary_config;
   bool no_primary_config = false;
   {
     QuicReaderMutexLock locked(&configs_lock_);
 
     if (!primary_config_) {
@@ skipping 96 matching lines @@
     helper.Fail(QUIC_HANDSHAKE_FAILED, "Failed to get proof");
     return;
   }
 
   const CryptoHandshakeMessage& client_hello =
       validate_chlo_result.client_hello;
   const ClientHelloInfo& info = validate_chlo_result.info;
   std::unique_ptr<DiversificationNonce> out_diversification_nonce(
       new DiversificationNonce);
 
-  StringPiece cert_sct;
+  QuicStringPiece cert_sct;
   if (client_hello.GetStringPiece(kCertificateSCTTag, &cert_sct) &&
       cert_sct.empty()) {
     params->sct_supported_by_client = true;
   }
 
   std::unique_ptr<CryptoHandshakeMessage> out(new CryptoHandshakeMessage);
   if (!info.reject_reasons.empty() || !requested_config.get()) {
     BuildRejection(version, clock->WallNow(), *primary_config, client_hello,
                    info, validate_chlo_result.cached_network_params,
                    use_stateless_rejects, server_designated_connection_id, rand,
@@ skipping 48 matching lines @@
                               nullptr)) {
           break;
         }
       default:
         helper.Fail(QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER,
                     "Invalid Token Binding key parameter");
         return;
     }
   }
 
-  StringPiece public_value;
+  QuicStringPiece public_value;
   if (!client_hello.GetStringPiece(kPUBS, &public_value)) {
     helper.Fail(QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER, "Missing public value");
     return;
   }
 
   const KeyExchange* key_exchange =
       requested_config->key_exchanges[key_exchange_index].get();
   if (!key_exchange->CalculateSharedKey(public_value,
                                         &params->initial_premaster_secret)) {
     helper.Fail(QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER, "Invalid public value");
@@ skipping 16 matching lines @@
   hkdf_suffix.append(client_hello_serialized.data(),
                      client_hello_serialized.length());
   hkdf_suffix.append(requested_config->serialized);
   DCHECK(proof_source_.get());
   if (signed_config->chain->certs.empty()) {
     helper.Fail(QUIC_CRYPTO_INTERNAL_ERROR, "Failed to get certs");
     return;
   }
   hkdf_suffix.append(signed_config->chain->certs.at(0));
 
-  StringPiece cetv_ciphertext;
+  QuicStringPiece cetv_ciphertext;
   if (requested_config->channel_id_enabled &&
       client_hello.GetStringPiece(kCETV, &cetv_ciphertext)) {
     CryptoHandshakeMessage client_hello_copy(client_hello);
     client_hello_copy.Erase(kCETV);
     client_hello_copy.Erase(kPAD);
 
     const QuicData& client_hello_copy_serialized =
         client_hello_copy.GetSerialized();
     string hkdf_input;
     hkdf_input.append(QuicCryptoConfig::kCETVLabel,
@@ skipping 12 matching lines @@
                                  &crypters, nullptr /* subkey secret */)) {
       helper.Fail(QUIC_CRYPTO_SYMMETRIC_KEY_SETUP_FAILED,
                   "Symmetric key setup failed");
       return;
     }
 
     char plaintext[kMaxPacketSize];
     size_t plaintext_length = 0;
     const bool success = crypters.decrypter->DecryptPacket(
         QUIC_VERSION_35, 0 /* packet number */,
-        StringPiece() /* associated data */, cetv_ciphertext, plaintext,
+        QuicStringPiece() /* associated data */, cetv_ciphertext, plaintext,
         &plaintext_length, kMaxPacketSize);
     if (!success) {
       helper.Fail(QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER,
                   "CETV decryption failure");
       return;
     }
-    std::unique_ptr<CryptoHandshakeMessage> cetv(
-        CryptoFramer::ParseMessage(StringPiece(plaintext, plaintext_length)));
+    std::unique_ptr<CryptoHandshakeMessage> cetv(CryptoFramer::ParseMessage(
+        QuicStringPiece(plaintext, plaintext_length)));
     if (!cetv.get()) {
       helper.Fail(QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER, "CETV parse error");
       return;
     }
 
-    StringPiece key, signature;
+    QuicStringPiece key, signature;
     if (cetv->GetStringPiece(kCIDK, &key) &&
         cetv->GetStringPiece(kCIDS, &signature)) {
       if (!ChannelIDVerifier::Verify(key, hkdf_input, signature)) {
         helper.Fail(QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER,
                     "ChannelID signature failure");
         return;
       }
 
       params->channel_id = key.as_string();
     }
@@ skipping 74 matching lines @@
                             client_address.host(), rand, info.now, nullptr));
   QuicSocketAddressCoder address_coder(client_address);
   out->SetStringPiece(kCADR, address_coder.Encode());
   out->SetStringPiece(kPUBS, forward_secure_public_value);
 
   helper.Succeed(std::move(out), std::move(out_diversification_nonce),
                  std::move(proof_source_details));
 }
 
 QuicReferenceCountedPointer<QuicCryptoServerConfig::Config>
-QuicCryptoServerConfig::GetConfigWithScid(StringPiece requested_scid) const {
+QuicCryptoServerConfig::GetConfigWithScid(
+    QuicStringPiece requested_scid) const {
   configs_lock_.AssertReaderHeld();
 
   if (!requested_scid.empty()) {
     ConfigMap::const_iterator it = configs_.find(requested_scid.as_string());
     if (it != configs_.end()) {
       // We'll use the config that the client requested in order to do
       // key-agreement.
       return QuicReferenceCountedPointer<Config>(it->second);
     }
   }
@@ skipping 181 matching lines @@
   if (client_hello.GetStringPiece(kSNI, &info->sni) &&
       !QuicHostnameUtils::IsValidSNI(info->sni)) {
     helper.ValidationComplete(QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER,
                               "Invalid SNI name", nullptr);
     return;
   }
 
   client_hello.GetStringPiece(kUAID, &info->user_agent_id);
 
   HandshakeFailureReason source_address_token_error = MAX_FAILURE_REASON;
-  StringPiece srct;
+  QuicStringPiece srct;
   if (client_hello.GetStringPiece(kSourceAddressTokenTag, &srct)) {
     Config& config =
         requested_config != nullptr ? *requested_config : *primary_config;
     source_address_token_error =
         ParseSourceAddressToken(config, srct, &info->source_address_tokens);
 
     if (source_address_token_error == HANDSHAKE_OK) {
       source_address_token_error = ValidateSourceAddressTokens(
           info->source_address_tokens, info->client_ip, info->now,
           &client_hello_state->cached_network_params);
     }
     info->valid_source_address_token =
         (source_address_token_error == HANDSHAKE_OK);
   } else {
     source_address_token_error = SOURCE_ADDRESS_TOKEN_INVALID_FAILURE;
   }
 
   if (!requested_config.get()) {
-    StringPiece requested_scid;
+    QuicStringPiece requested_scid;
     if (client_hello.GetStringPiece(kSCID, &requested_scid)) {
       info->reject_reasons.push_back(SERVER_CONFIG_UNKNOWN_CONFIG_FAILURE);
     } else {
       info->reject_reasons.push_back(SERVER_CONFIG_INCHOATE_HELLO_FAILURE);
     }
     // No server config with the requested ID.
     helper.ValidationComplete(QUIC_NO_ERROR, "", nullptr);
     return;
   }
 
@@ skipping 90 matching lines @@
   // for DoS reasons then we must reject the CHLO.
   if (FLAGS_quic_reloadable_flag_quic_require_handshake_confirmation &&
       info->server_nonce.empty()) {
     info->reject_reasons.push_back(SERVER_NONCE_REQUIRED_FAILURE);
   }
   helper.ValidationComplete(QUIC_NO_ERROR, "", std::move(proof_source_details));
 }
 
 void QuicCryptoServerConfig::BuildServerConfigUpdateMessage(
     QuicVersion version,
-    StringPiece chlo_hash,
+    QuicStringPiece chlo_hash,
     const SourceAddressTokens& previous_source_address_tokens,
     const QuicSocketAddress& server_address,
     const QuicIpAddress& client_ip,
     const QuicClock* clock,
     QuicRandom* rand,
     QuicCompressedCertsCache* compressed_certs_cache,
     const QuicCryptoNegotiatedParameters& params,
     const CachedNetworkParameters* cached_network_params,
     const QuicTagVector& connection_options,
     std::unique_ptr<BuildServerConfigUpdateMessageResultCallback> cb) const {
@@ skipping 140 matching lines @@
   // Send client the reject reason for debugging purposes.
   DCHECK_LT(0u, info.reject_reasons.size());
   out->SetVector(kRREJ, info.reject_reasons);
 
   // The client may have requested a certificate chain.
   if (!ClientDemandsX509Proof(client_hello)) {
     QUIC_BUG << "x509 certificates not supported in proof demand";
     return;
   }
 
-  StringPiece client_common_set_hashes;
+  QuicStringPiece client_common_set_hashes;
   if (client_hello.GetStringPiece(kCCS, &client_common_set_hashes)) {
     params->client_common_set_hashes = client_common_set_hashes.as_string();
   }
 
-  StringPiece client_cached_cert_hashes;
+  QuicStringPiece client_cached_cert_hashes;
   if (client_hello.GetStringPiece(kCCRT, &client_cached_cert_hashes)) {
     params->client_cached_cert_hashes = client_cached_cert_hashes.as_string();
   }
 
   const string compressed =
       CompressChain(compressed_certs_cache, signed_config.chain,
                     params->client_common_set_hashes,
                     params->client_cached_cert_hashes, config.common_cert_sets);
 
   DCHECK_GT(chlo_packet_size, client_hello.size());
@@ skipping 78 matching lines @@
   config->serialized = protobuf->config();
   config->source_address_token_boxer = &source_address_token_boxer_;
 
   if (protobuf->has_primary_time()) {
     config->primary_time =
         QuicWallTime::FromUNIXSeconds(protobuf->primary_time());
   }
 
   config->priority = protobuf->priority();
 
-  StringPiece scid;
+  QuicStringPiece scid;
   if (!msg->GetStringPiece(kSCID, &scid)) {
     QUIC_LOG(WARNING) << "Server config message is missing SCID";
     return nullptr;
   }
   config->id = scid.as_string();
 
   const QuicTag* aead_tags;
   size_t aead_len;
   if (msg->GetTaglist(kAEAD, &aead_tags, &aead_len) != QUIC_NO_ERROR) {
     QUIC_LOG(WARNING) << "Server config message is missing AEAD";
@@ skipping 12 matching lines @@
   size_t tbkp_len;
   QuicErrorCode err;
   if ((err = msg->GetTaglist(kTBKP, &tbkp_tags, &tbkp_len)) !=
           QUIC_CRYPTO_MESSAGE_PARAMETER_NOT_FOUND &&
       err != QUIC_NO_ERROR) {
     QUIC_LOG(WARNING) << "Server config message is missing or has invalid TBKP";
     return nullptr;
   }
   config->tb_key_params = std::vector<QuicTag>(tbkp_tags, tbkp_tags + tbkp_len);
 
-  StringPiece orbit;
+  QuicStringPiece orbit;
   if (!msg->GetStringPiece(kORBT, &orbit)) {
     QUIC_LOG(WARNING) << "Server config message is missing ORBT";
     return nullptr;
   }
 
   if (orbit.size() != kOrbitSize) {
     QUIC_LOG(WARNING) << "Orbit value in server config is the wrong length."
                          " Got "
                       << orbit.size() << " want " << kOrbitSize;
     return nullptr;
@@ skipping 158 matching lines @@
       rand, source_address_tokens.SerializeAsString());
 }
 
 int QuicCryptoServerConfig::NumberOfConfigs() const {
   QuicReaderMutexLock locked(&configs_lock_);
   return configs_.size();
 }
 
 HandshakeFailureReason QuicCryptoServerConfig::ParseSourceAddressToken(
     const Config& config,
-    StringPiece token,
+    QuicStringPiece token,
     SourceAddressTokens* tokens) const {
   string storage;
-  StringPiece plaintext;
+  QuicStringPiece plaintext;
   if (!config.source_address_token_boxer->Unbox(token, &storage, &plaintext)) {
     return SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE;
   }
 
   if (!tokens->ParseFromArray(plaintext.data(), plaintext.size())) {
     // Some clients might still be using the old source token format so
     // attempt to parse that format.
     // TODO(rch): remove this code once the new format is ubiquitous.
     SourceAddressToken token;
     if (!token.ParseFromArray(plaintext.data(), plaintext.size())) {
@@ skipping 69 matching lines @@
   uint8_t server_nonce[kServerNoncePlaintextSize];
   static_assert(sizeof(server_nonce) > sizeof(timestamp), "nonce too small");
   server_nonce[0] = static_cast<uint8_t>(timestamp >> 24);
   server_nonce[1] = static_cast<uint8_t>(timestamp >> 16);
   server_nonce[2] = static_cast<uint8_t>(timestamp >> 8);
   server_nonce[3] = static_cast<uint8_t>(timestamp);
   rand->RandBytes(&server_nonce[sizeof(timestamp)],
                   sizeof(server_nonce) - sizeof(timestamp));
 
   return server_nonce_boxer_.Box(
-      rand,
-      StringPiece(reinterpret_cast<char*>(server_nonce), sizeof(server_nonce)));
+      rand, QuicStringPiece(reinterpret_cast<char*>(server_nonce),
+                            sizeof(server_nonce)));
 }
 
 bool QuicCryptoServerConfig::ValidateExpectedLeafCertificate(
     const CryptoHandshakeMessage& client_hello,
     const std::vector<string>& certs) const {
   if (certs.empty()) {
     return false;
   }
 
   uint64_t hash_from_client;
@@ skipping 29 matching lines @@
       expiry_time(QuicWallTime::Zero()),
       priority(0),
       source_address_token_boxer(nullptr) {}
 
 QuicCryptoServerConfig::Config::~Config() {}
 
 QuicSignedServerConfig::QuicSignedServerConfig() {}
 QuicSignedServerConfig::~QuicSignedServerConfig() {}
 
 }  // namespace net