net/quic/crypto/quic_crypto_server_config.cc - Issue 388333005: Reject reasons from strike register when nonce validation fails.

Side by Side Diff: net/quic/crypto/quic_crypto_server_config.cc

Issue 388333005: Reject reasons from strike register when nonce validation fails. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Updating with TOT Created 6 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright 2013 The Chromium Authors. All rights reserved.	1 // Copyright 2013 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/quic/crypto/quic_crypto_server_config.h"	5 #include "net/quic/crypto/quic_crypto_server_config.h"

6	6

7 #include <stdlib.h>	7 #include <stdlib.h>

8 #include <algorithm>	8 #include <algorithm>

9	9

10 #include "base/stl_util.h"	10 #include "base/stl_util.h"

(...skipping 130 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
141 class VerifyNonceIsValidAndUniqueCallback	141 class VerifyNonceIsValidAndUniqueCallback

142 : public StrikeRegisterClient::ResultCallback {	142 : public StrikeRegisterClient::ResultCallback {

143 public:	143 public:

144 VerifyNonceIsValidAndUniqueCallback(	144 VerifyNonceIsValidAndUniqueCallback(

145 ValidateClientHelloResultCallback::Result* result,	145 ValidateClientHelloResultCallback::Result* result,

146 ValidateClientHelloResultCallback* done_cb)	146 ValidateClientHelloResultCallback* done_cb)

147 : result_(result), done_cb_(done_cb) {	147 : result_(result), done_cb_(done_cb) {

148 }	148 }

149	149

150 protected:	150 protected:

151 virtual void RunImpl(bool nonce_is_valid_and_unique) OVERRIDE {	151 virtual void RunImpl(bool nonce_is_valid_and_unique,

152 DVLOG(1) << "Using client nonce, unique: " << nonce_is_valid_and_unique;	152 InsertStatus nonce_error) OVERRIDE {

	153 DVLOG(1) << "Using client nonce, unique: " << nonce_is_valid_and_unique

	154 << " nonce_error: " << nonce_error;

153 result_->info.unique = nonce_is_valid_and_unique;	155 result_->info.unique = nonce_is_valid_and_unique;

154 // TODO(rtenneti): Implement capturing of error from strike register.

155 // Temporarily treat them as CLIENT_NONCE_INVALID_FAILURE.

156 if (!nonce_is_valid_and_unique) {	156 if (!nonce_is_valid_and_unique) {

157 result_->info.reject_reasons.push_back(CLIENT_NONCE_INVALID_FAILURE);	157 HandshakeFailureReason client_nonce_error;

	158 switch (nonce_error) {

	159 case NONCE_INVALID_FAILURE:

	160 client_nonce_error = CLIENT_NONCE_INVALID_FAILURE;

	161 break;

	162 case NONCE_NOT_UNIQUE_FAILURE:

	163 client_nonce_error = CLIENT_NONCE_NOT_UNIQUE_FAILURE;

	164 break;

	165 case NONCE_INVALID_ORBIT_FAILURE:

	166 client_nonce_error = CLIENT_NONCE_INVALID_ORBIT_FAILURE;

	167 break;

	168 case NONCE_INVALID_TIME_FAILURE:

	169 client_nonce_error = CLIENT_NONCE_INVALID_TIME_FAILURE;

	170 break;

	171 case STRIKE_REGISTER_TIMEOUT:

	172 client_nonce_error = CLIENT_NONCE_STRIKE_REGISTER_TIMEOUT;

	173 break;

	174 case STRIKE_REGISTER_FAILURE:

	175 client_nonce_error = CLIENT_NONCE_STRIKE_REGISTER_FAILURE;

	176 break;

	177 case NONCE_OK:

	178 case NONCE_UNKNOWN_FAILURE:

	179 default:

	180 LOG(WARNING) << "Unexpected nonce error: " << nonce_error;

	181 client_nonce_error = CLIENT_NONCE_UNKNOWN_FAILURE;

	182 break;

	183 }

	184 result_->info.reject_reasons.push_back(client_nonce_error);

158 }	185 }

159 done_cb_->Run(result_);	186 done_cb_->Run(result_);

160 }	187 }

161	188

162 private:	189 private:

163 ValidateClientHelloResultCallback::Result* result_;	190 ValidateClientHelloResultCallback::Result* result_;

164 ValidateClientHelloResultCallback* done_cb_;	191 ValidateClientHelloResultCallback* done_cb_;

165	192

166 DISALLOW_COPY_AND_ASSIGN(VerifyNonceIsValidAndUniqueCallback);	193 DISALLOW_COPY_AND_ASSIGN(VerifyNonceIsValidAndUniqueCallback);

167 };	194 };

(...skipping 1265 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1433 }	1460 }

1434	1461

1435 uint8 server_nonce[32];	1462 uint8 server_nonce[32];

1436 memcpy(server_nonce, plaintext.data(), 4);	1463 memcpy(server_nonce, plaintext.data(), 4);

1437 memcpy(server_nonce + 4, server_nonce_orbit_, sizeof(server_nonce_orbit_));	1464 memcpy(server_nonce + 4, server_nonce_orbit_, sizeof(server_nonce_orbit_));

1438 memcpy(server_nonce + 4 + sizeof(server_nonce_orbit_), plaintext.data() + 4,	1465 memcpy(server_nonce + 4 + sizeof(server_nonce_orbit_), plaintext.data() + 4,

1439 20);	1466 20);

1440 COMPILE_ASSERT(4 + sizeof(server_nonce_orbit_) + 20 == sizeof(server_nonce),	1467 COMPILE_ASSERT(4 + sizeof(server_nonce_orbit_) + 20 == sizeof(server_nonce),

1441 bad_nonce_buffer_length);	1468 bad_nonce_buffer_length);

1442	1469

1443 bool is_unique;	1470 InsertStatus nonce_error;

1444 {	1471 {

1445 base::AutoLock auto_lock(server_nonce_strike_register_lock_);	1472 base::AutoLock auto_lock(server_nonce_strike_register_lock_);

1446 if (server_nonce_strike_register_.get() == NULL) {	1473 if (server_nonce_strike_register_.get() == NULL) {

1447 server_nonce_strike_register_.reset(new StrikeRegister(	1474 server_nonce_strike_register_.reset(new StrikeRegister(

1448 server_nonce_strike_register_max_entries_,	1475 server_nonce_strike_register_max_entries_,

1449 static_cast<uint32>(now.ToUNIXSeconds()),	1476 static_cast<uint32>(now.ToUNIXSeconds()),

1450 server_nonce_strike_register_window_secs_, server_nonce_orbit_,	1477 server_nonce_strike_register_window_secs_, server_nonce_orbit_,

1451 StrikeRegister::NO_STARTUP_PERIOD_NEEDED));	1478 StrikeRegister::NO_STARTUP_PERIOD_NEEDED));

1452 }	1479 }

1453 is_unique = server_nonce_strike_register_->Insert(	1480 nonce_error = server_nonce_strike_register_->Insert(

1454 server_nonce, static_cast<uint32>(now.ToUNIXSeconds()));	1481 server_nonce, static_cast<uint32>(now.ToUNIXSeconds()));

1455 }	1482 }

1456	1483

1457 return is_unique ? HANDSHAKE_OK : SERVER_NONCE_NOT_UNIQUE_FAILURE;	1484 switch (nonce_error) {

	1485 case NONCE_OK:

	1486 return HANDSHAKE_OK;

	1487 case NONCE_INVALID_FAILURE:

	1488 return SERVER_NONCE_INVALID_FAILURE;

	1489 case NONCE_NOT_UNIQUE_FAILURE:

	1490 return SERVER_NONCE_NOT_UNIQUE_FAILURE;

	1491 case NONCE_INVALID_TIME_FAILURE:

	1492 return SERVER_NONCE_INVALID_TIME_FAILURE;

	1493 case NONCE_UNKNOWN_FAILURE:

	1494 case NONCE_INVALID_ORBIT_FAILURE:

	1495 case STRIKE_REGISTER_TIMEOUT:

	1496 case STRIKE_REGISTER_FAILURE:

	1497 default:

	1498 LOG(WARNING) << "Unexpected nonce error: " << nonce_error;

	1499 return SERVER_NONCE_NOT_UNIQUE_FAILURE;

	1500 }

1458 }	1501 }

1459	1502

1460 QuicCryptoServerConfig::Config::Config()	1503 QuicCryptoServerConfig::Config::Config()

1461 : channel_id_enabled(false),	1504 : channel_id_enabled(false),

1462 is_primary(false),	1505 is_primary(false),

1463 primary_time(QuicWallTime::Zero()),	1506 primary_time(QuicWallTime::Zero()),

1464 priority(0),	1507 priority(0),

1465 source_address_token_boxer(NULL) {}	1508 source_address_token_boxer(NULL) {}

1466	1509

1467 QuicCryptoServerConfig::Config::~Config() { STLDeleteElements(&key_exchanges); }	1510 QuicCryptoServerConfig::Config::~Config() { STLDeleteElements(&key_exchanges); }

1468	1511

1469 } // namespace net	1512 } // namespace net

OLD	NEW

« no previous file with comments | « net/quic/crypto/local_strike_register_client_test.cc ('k') | net/quic/crypto/strike_register.h » ('j') | no next file with comments »