| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/quic/crypto/quic_crypto_client_config.h" | 5 #include "net/quic/crypto/quic_crypto_client_config.h" |
| 6 | 6 |
| 7 #include "base/stl_util.h" | 7 #include "base/stl_util.h" |
| 8 #include "base/strings/string_util.h" | 8 #include "base/strings/string_util.h" |
| 9 #include "net/quic/crypto/cert_compressor.h" | 9 #include "net/quic/crypto/cert_compressor.h" |
| 10 #include "net/quic/crypto/chacha20_poly1305_encrypter.h" | 10 #include "net/quic/crypto/chacha20_poly1305_encrypter.h" |
| (...skipping 426 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 437 } | 437 } |
| 438 | 438 |
| 439 if (!out_params->client_key_exchange->CalculateSharedKey( | 439 if (!out_params->client_key_exchange->CalculateSharedKey( |
| 440 public_value, &out_params->initial_premaster_secret)) { | 440 public_value, &out_params->initial_premaster_secret)) { |
| 441 *error_details = "Key exchange failure"; | 441 *error_details = "Key exchange failure"; |
| 442 return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER; | 442 return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER; |
| 443 } | 443 } |
| 444 out->SetStringPiece(kPUBS, out_params->client_key_exchange->public_value()); | 444 out->SetStringPiece(kPUBS, out_params->client_key_exchange->public_value()); |
| 445 | 445 |
| 446 bool do_channel_id = false; | 446 bool do_channel_id = false; |
| 447 if (channel_id_signer_.get()) { | 447 if (channel_id_source_.get()) { |
| 448 const QuicTag* their_proof_demands; | 448 const QuicTag* their_proof_demands; |
| 449 size_t num_their_proof_demands; | 449 size_t num_their_proof_demands; |
| 450 if (scfg->GetTaglist(kPDMD, &their_proof_demands, | 450 if (scfg->GetTaglist(kPDMD, &their_proof_demands, |
| 451 &num_their_proof_demands) == QUIC_NO_ERROR) { | 451 &num_their_proof_demands) == QUIC_NO_ERROR) { |
| 452 for (size_t i = 0; i < num_their_proof_demands; i++) { | 452 for (size_t i = 0; i < num_their_proof_demands; i++) { |
| 453 if (their_proof_demands[i] == kCHID) { | 453 if (their_proof_demands[i] == kCHID) { |
| 454 do_channel_id = true; | 454 do_channel_id = true; |
| 455 break; | 455 break; |
| 456 } | 456 } |
| 457 } | 457 } |
| (...skipping 13 matching lines...) Expand all Loading... |
| 471 string hkdf_input; | 471 string hkdf_input; |
| 472 const QuicData& client_hello_serialized = out->GetSerialized(); | 472 const QuicData& client_hello_serialized = out->GetSerialized(); |
| 473 hkdf_input.append(QuicCryptoConfig::kCETVLabel, | 473 hkdf_input.append(QuicCryptoConfig::kCETVLabel, |
| 474 strlen(QuicCryptoConfig::kCETVLabel) + 1); | 474 strlen(QuicCryptoConfig::kCETVLabel) + 1); |
| 475 hkdf_input.append(reinterpret_cast<char*>(&connection_id), | 475 hkdf_input.append(reinterpret_cast<char*>(&connection_id), |
| 476 sizeof(connection_id)); | 476 sizeof(connection_id)); |
| 477 hkdf_input.append(client_hello_serialized.data(), | 477 hkdf_input.append(client_hello_serialized.data(), |
| 478 client_hello_serialized.length()); | 478 client_hello_serialized.length()); |
| 479 hkdf_input.append(cached->server_config()); | 479 hkdf_input.append(cached->server_config()); |
| 480 | 480 |
| 481 string key, signature; | 481 scoped_ptr<ChannelIDKey> channel_id_key; |
| 482 if (!channel_id_signer_->Sign(server_id.host(), hkdf_input, | 482 if (!channel_id_source_->GetChannelIDKey(server_id.host(), |
| 483 &key, &signature)) { | 483 &channel_id_key)) { |
| 484 *error_details = "Channel ID lookup failed"; |
| 485 return QUIC_INVALID_CHANNEL_ID_SIGNATURE; |
| 486 } |
| 487 string key = channel_id_key->SerializeKey(); |
| 488 string signature; |
| 489 if (!channel_id_key->Sign(hkdf_input, &signature)) { |
| 484 *error_details = "Channel ID signature failed"; | 490 *error_details = "Channel ID signature failed"; |
| 485 return QUIC_INVALID_CHANNEL_ID_SIGNATURE; | 491 return QUIC_INVALID_CHANNEL_ID_SIGNATURE; |
| 486 } | 492 } |
| 487 | 493 |
| 488 cetv.SetStringPiece(kCIDK, key); | 494 cetv.SetStringPiece(kCIDK, key); |
| 489 cetv.SetStringPiece(kCIDS, signature); | 495 cetv.SetStringPiece(kCIDS, signature); |
| 490 | 496 |
| 491 CrypterPair crypters; | 497 CrypterPair crypters; |
| 492 if (!CryptoUtils::DeriveKeys(out_params->initial_premaster_secret, | 498 if (!CryptoUtils::DeriveKeys(out_params->initial_premaster_secret, |
| 493 out_params->aead, out_params->client_nonce, | 499 out_params->aead, out_params->client_nonce, |
| (...skipping 182 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 676 } | 682 } |
| 677 | 683 |
| 678 ProofVerifier* QuicCryptoClientConfig::proof_verifier() const { | 684 ProofVerifier* QuicCryptoClientConfig::proof_verifier() const { |
| 679 return proof_verifier_.get(); | 685 return proof_verifier_.get(); |
| 680 } | 686 } |
| 681 | 687 |
| 682 void QuicCryptoClientConfig::SetProofVerifier(ProofVerifier* verifier) { | 688 void QuicCryptoClientConfig::SetProofVerifier(ProofVerifier* verifier) { |
| 683 proof_verifier_.reset(verifier); | 689 proof_verifier_.reset(verifier); |
| 684 } | 690 } |
| 685 | 691 |
| 686 ChannelIDSigner* QuicCryptoClientConfig::channel_id_signer() const { | 692 ChannelIDSource* QuicCryptoClientConfig::channel_id_source() const { |
| 687 return channel_id_signer_.get(); | 693 return channel_id_source_.get(); |
| 688 } | 694 } |
| 689 | 695 |
| 690 void QuicCryptoClientConfig::SetChannelIDSigner(ChannelIDSigner* signer) { | 696 void QuicCryptoClientConfig::SetChannelIDSource(ChannelIDSource* source) { |
| 691 channel_id_signer_.reset(signer); | 697 channel_id_source_.reset(source); |
| 692 } | 698 } |
| 693 | 699 |
| 694 void QuicCryptoClientConfig::InitializeFrom( | 700 void QuicCryptoClientConfig::InitializeFrom( |
| 695 const QuicServerId& server_id, | 701 const QuicServerId& server_id, |
| 696 const QuicServerId& canonical_server_id, | 702 const QuicServerId& canonical_server_id, |
| 697 QuicCryptoClientConfig* canonical_crypto_config) { | 703 QuicCryptoClientConfig* canonical_crypto_config) { |
| 698 CachedState* canonical_cached = | 704 CachedState* canonical_cached = |
| 699 canonical_crypto_config->LookupOrCreate(canonical_server_id); | 705 canonical_crypto_config->LookupOrCreate(canonical_server_id); |
| 700 if (!canonical_cached->proof_valid()) { | 706 if (!canonical_cached->proof_valid()) { |
| 701 return; | 707 return; |
| (...skipping 52 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 754 return; | 760 return; |
| 755 } | 761 } |
| 756 | 762 |
| 757 // Update canonical version to point at the "most recent" entry. | 763 // Update canonical version to point at the "most recent" entry. |
| 758 canonical_server_map_[suffix_server_id] = server_id; | 764 canonical_server_map_[suffix_server_id] = server_id; |
| 759 | 765 |
| 760 server_state->InitializeFrom(*canonical_state); | 766 server_state->InitializeFrom(*canonical_state); |
| 761 } | 767 } |
| 762 | 768 |
| 763 } // namespace net | 769 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 300223007:
Break ChannelIDSigner into two classes: ChannelIDKey and ChannelIDSource. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master