Change the prototype of ChannelIDSource::GetChannelIDKey() to allow an

net/quic/crypto/quic_crypto_client_config.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/quic/crypto/quic_crypto_client_config.h"
 
 #include "base/stl_util.h"
 #include "base/strings/string_util.h"
 #include "net/quic/crypto/cert_compressor.h"
 #include "net/quic/crypto/chacha20_poly1305_encrypter.h"
@@ skipping 332 matching lines @@
 }
 
 QuicErrorCode QuicCryptoClientConfig::FillClientHello(
     const QuicServerId& server_id,
     QuicConnectionId connection_id,
     const QuicVersion preferred_version,
     uint32 initial_flow_control_window_bytes,
     const CachedState* cached,
     QuicWallTime now,
     QuicRandom* rand,
+    const ChannelIDKey* channel_id_key,
     QuicCryptoNegotiatedParameters* out_params,
     CryptoHandshakeMessage* out,
     string* error_details) const {
   DCHECK(error_details != NULL);
 
   FillInchoateClientHello(server_id, preferred_version, cached,
                           out_params, out);
 
   // Set initial receive window for flow control.
   out->SetValue(kIFCW, initial_flow_control_window_bytes);
@@ skipping 77 matching lines @@
       return QUIC_CRYPTO_INTERNAL_ERROR;
   }
 
   if (!out_params->client_key_exchange->CalculateSharedKey(
           public_value, &out_params->initial_premaster_secret)) {
     *error_details = "Key exchange failure";
     return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER;
   }
   out->SetStringPiece(kPUBS, out_params->client_key_exchange->public_value());
 
-  bool do_channel_id = false;
-  if (channel_id_source_.get()) {
-    const QuicTag* their_proof_demands;
-    size_t num_their_proof_demands;
-    if (scfg->GetTaglist(kPDMD, &their_proof_demands,
-                         &num_their_proof_demands) == QUIC_NO_ERROR) {
-      for (size_t i = 0; i < num_their_proof_demands; i++) {
-        if (their_proof_demands[i] == kCHID) {
-          do_channel_id = true;
-          break;
-        }
-      }
-    }
-  }
-
-  if (do_channel_id) {
+  if (channel_id_key) {
     // In order to calculate the encryption key for the CETV block we need to
     // serialise the client hello as it currently is (i.e. without the CETV
     // block). For this, the client hello is serialized without padding.
     const size_t orig_min_size = out->minimum_size();
     out->set_minimum_size(0);
 
     CryptoHandshakeMessage cetv;
     cetv.set_tag(kCETV);
 
     string hkdf_input;
     const QuicData& client_hello_serialized = out->GetSerialized();
     hkdf_input.append(QuicCryptoConfig::kCETVLabel,
                       strlen(QuicCryptoConfig::kCETVLabel) + 1);
     hkdf_input.append(reinterpret_cast<char*>(&connection_id),
                       sizeof(connection_id));
     hkdf_input.append(client_hello_serialized.data(),
                       client_hello_serialized.length());
     hkdf_input.append(cached->server_config());
 
-    scoped_ptr<ChannelIDKey> channel_id_key;
-    if (!channel_id_source_->GetChannelIDKey(server_id.host(),
-                                             &channel_id_key)) {
-      *error_details = "Channel ID lookup failed";
-      return QUIC_INVALID_CHANNEL_ID_SIGNATURE;
-    }
     string key = channel_id_key->SerializeKey();
     string signature;
     if (!channel_id_key->Sign(hkdf_input, &signature)) {
       *error_details = "Channel ID signature failed";
       return QUIC_INVALID_CHANNEL_ID_SIGNATURE;
     }
 
     cetv.SetStringPiece(kCIDK, key);
     cetv.SetStringPiece(kCIDS, signature);
 
@@ skipping 15 matching lines @@
       *error_details = "Packet encryption failed";
       return QUIC_ENCRYPTION_FAILURE;
     }
 
     out->SetStringPiece(kCETV, cetv_ciphertext->AsStringPiece());
     out->MarkDirty();
 
     out->set_minimum_size(orig_min_size);
   }
 
+  // Derive the symmetric keys and set up the encrypters and decrypters.
+  // Set the following members of out_params:
+  //   out_params->hkdf_input_suffix
+  //   out_params->initial_crypters
   out_params->hkdf_input_suffix.clear();
   out_params->hkdf_input_suffix.append(reinterpret_cast<char*>(&connection_id),
                                        sizeof(connection_id));
   const QuicData& client_hello_serialized = out->GetSerialized();
   out_params->hkdf_input_suffix.append(client_hello_serialized.data(),
                                        client_hello_serialized.length());
   out_params->hkdf_input_suffix.append(cached->server_config());
 
   string hkdf_input;
   const size_t label_len = strlen(QuicCryptoConfig::kInitialLabel) + 1;
@@ skipping 228 matching lines @@
     return;
   }
 
   // Update canonical version to point at the "most recent" entry.
   canonical_server_map_[suffix_server_id] = server_id;
 
   server_state->InitializeFrom(*canonical_state);
 }
 
 }  // namespace net