| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/quic/crypto/quic_crypto_client_config.h" | 5 #include "net/quic/crypto/quic_crypto_client_config.h" |
| 6 | 6 |
| 7 #include "base/metrics/sparse_histogram.h" | 7 #include "base/metrics/sparse_histogram.h" |
| 8 #include "base/stl_util.h" | 8 #include "base/stl_util.h" |
| 9 #include "base/strings/string_util.h" | 9 #include "base/strings/string_util.h" |
| 10 #include "net/quic/crypto/cert_compressor.h" | 10 #include "net/quic/crypto/cert_compressor.h" |
| (...skipping 511 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 522 out_params->initial_premaster_secret, out_params->aead, | 522 out_params->initial_premaster_secret, out_params->aead, |
| 523 out_params->client_nonce, out_params->server_nonce, hkdf_input, | 523 out_params->client_nonce, out_params->server_nonce, hkdf_input, |
| 524 CryptoUtils::CLIENT, &out_params->initial_crypters)) { | 524 CryptoUtils::CLIENT, &out_params->initial_crypters)) { |
| 525 *error_details = "Symmetric key setup failed"; | 525 *error_details = "Symmetric key setup failed"; |
| 526 return QUIC_CRYPTO_SYMMETRIC_KEY_SETUP_FAILED; | 526 return QUIC_CRYPTO_SYMMETRIC_KEY_SETUP_FAILED; |
| 527 } | 527 } |
| 528 | 528 |
| 529 return QUIC_NO_ERROR; | 529 return QUIC_NO_ERROR; |
| 530 } | 530 } |
| 531 | 531 |
| 532 QuicErrorCode QuicCryptoClientConfig::ProcessRejection( | 532 QuicErrorCode QuicCryptoClientConfig::CacheNewServerConfig( |
| 533 const CryptoHandshakeMessage& rej, | 533 const CryptoHandshakeMessage& message, |
| 534 QuicWallTime now, | 534 QuicWallTime now, |
| 535 CachedState* cached, | 535 CachedState* cached, |
| 536 QuicCryptoNegotiatedParameters* out_params, | 536 QuicCryptoNegotiatedParameters* out_params, |
| 537 string* error_details) { | 537 string* error_details) { |
| 538 DCHECK(error_details != NULL); | 538 DCHECK(error_details != NULL); |
| 539 | 539 |
| 540 if (rej.tag() != kREJ) { | |
| 541 *error_details = "Message is not REJ"; | |
| 542 return QUIC_CRYPTO_INTERNAL_ERROR; | |
| 543 } | |
| 544 | |
| 545 StringPiece scfg; | 540 StringPiece scfg; |
| 546 if (!rej.GetStringPiece(kSCFG, &scfg)) { | 541 if (!message.GetStringPiece(kSCFG, &scfg)) { |
| 547 *error_details = "Missing SCFG"; | 542 *error_details = "Missing SCFG"; |
| 548 return QUIC_CRYPTO_MESSAGE_PARAMETER_NOT_FOUND; | 543 return QUIC_CRYPTO_MESSAGE_PARAMETER_NOT_FOUND; |
| 549 } | 544 } |
| 550 | 545 |
| 551 QuicErrorCode error = cached->SetServerConfig(scfg, now, error_details); | 546 QuicErrorCode error = cached->SetServerConfig(scfg, now, error_details); |
| 552 if (error != QUIC_NO_ERROR) { | 547 if (error != QUIC_NO_ERROR) { |
| 553 return error; | 548 return error; |
| 554 } | 549 } |
| 555 | 550 |
| 556 StringPiece token; | 551 StringPiece token; |
| 557 if (rej.GetStringPiece(kSourceAddressTokenTag, &token)) { | 552 if (message.GetStringPiece(kSourceAddressTokenTag, &token)) { |
| 558 cached->set_source_address_token(token); | 553 cached->set_source_address_token(token); |
| 559 } | 554 } |
| 560 | 555 |
| 561 StringPiece nonce; | |
| 562 if (rej.GetStringPiece(kServerNonceTag, &nonce)) { | |
| 563 out_params->server_nonce = nonce.as_string(); | |
| 564 } | |
| 565 | |
| 566 StringPiece proof, cert_bytes; | 556 StringPiece proof, cert_bytes; |
| 567 bool has_proof = rej.GetStringPiece(kPROF, &proof); | 557 bool has_proof = message.GetStringPiece(kPROF, &proof); |
| 568 bool has_cert = rej.GetStringPiece(kCertificateTag, &cert_bytes); | 558 bool has_cert = message.GetStringPiece(kCertificateTag, &cert_bytes); |
| 569 if (has_proof && has_cert) { | 559 if (has_proof && has_cert) { |
| 570 vector<string> certs; | 560 vector<string> certs; |
| 571 if (!CertCompressor::DecompressChain(cert_bytes, out_params->cached_certs, | 561 if (!CertCompressor::DecompressChain(cert_bytes, out_params->cached_certs, |
| 572 common_cert_sets, &certs)) { | 562 common_cert_sets, &certs)) { |
| 573 *error_details = "Certificate data invalid"; | 563 *error_details = "Certificate data invalid"; |
| 574 return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER; | 564 return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER; |
| 575 } | 565 } |
| 576 | 566 |
| 577 cached->SetProof(certs, proof); | 567 cached->SetProof(certs, proof); |
| 578 } else { | 568 } else { |
| 579 cached->ClearProof(); | 569 cached->ClearProof(); |
| 580 if (has_proof && !has_cert) { | 570 if (has_proof && !has_cert) { |
| 581 *error_details = "Certificate missing"; | 571 *error_details = "Certificate missing"; |
| 582 return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER; | 572 return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER; |
| 583 } | 573 } |
| 584 | 574 |
| 585 if (!has_proof && has_cert) { | 575 if (!has_proof && has_cert) { |
| 586 *error_details = "Proof missing"; | 576 *error_details = "Proof missing"; |
| 587 return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER; | 577 return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER; |
| 588 } | 578 } |
| 589 } | 579 } |
| 590 | 580 |
| 581 return QUIC_NO_ERROR; |
| 582 } |
| 583 |
| 584 QuicErrorCode QuicCryptoClientConfig::ProcessRejection( |
| 585 const CryptoHandshakeMessage& rej, |
| 586 QuicWallTime now, |
| 587 CachedState* cached, |
| 588 QuicCryptoNegotiatedParameters* out_params, |
| 589 string* error_details) { |
| 590 DCHECK(error_details != NULL); |
| 591 |
| 592 if (rej.tag() != kREJ) { |
| 593 *error_details = "Message is not REJ"; |
| 594 return QUIC_CRYPTO_INTERNAL_ERROR; |
| 595 } |
| 596 |
| 597 QuicErrorCode error = |
| 598 CacheNewServerConfig(rej, now, cached, out_params, error_details); |
| 599 if (error != QUIC_NO_ERROR) { |
| 600 return error; |
| 601 } |
| 602 |
| 603 StringPiece nonce; |
| 604 if (rej.GetStringPiece(kServerNonceTag, &nonce)) { |
| 605 out_params->server_nonce = nonce.as_string(); |
| 606 } |
| 607 |
| 591 const uint32* reject_reasons; | 608 const uint32* reject_reasons; |
| 592 size_t num_reject_reasons; | 609 size_t num_reject_reasons; |
| 593 COMPILE_ASSERT(sizeof(QuicTag) == sizeof(uint32), header_out_of_sync); | 610 COMPILE_ASSERT(sizeof(QuicTag) == sizeof(uint32), header_out_of_sync); |
| 594 if (rej.GetTaglist(kRREJ, &reject_reasons, | 611 if (rej.GetTaglist(kRREJ, &reject_reasons, |
| 595 &num_reject_reasons) == QUIC_NO_ERROR) { | 612 &num_reject_reasons) == QUIC_NO_ERROR) { |
| 596 uint32 packed_error = 0; | 613 uint32 packed_error = 0; |
| 597 for (size_t i = 0; i < num_reject_reasons; ++i) { | 614 for (size_t i = 0; i < num_reject_reasons; ++i) { |
| 598 // HANDSHAKE_OK is 0 and don't report that as error. | 615 // HANDSHAKE_OK is 0 and don't report that as error. |
| 599 if (reject_reasons[i] == HANDSHAKE_OK || reject_reasons[i] >= 32) { | 616 if (reject_reasons[i] == HANDSHAKE_OK || reject_reasons[i] >= 32) { |
| 600 continue; | 617 continue; |
| (...skipping 164 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 765 return; | 782 return; |
| 766 } | 783 } |
| 767 | 784 |
| 768 // Update canonical version to point at the "most recent" entry. | 785 // Update canonical version to point at the "most recent" entry. |
| 769 canonical_server_map_[suffix_server_id] = server_id; | 786 canonical_server_map_[suffix_server_id] = server_id; |
| 770 | 787 |
| 771 server_state->InitializeFrom(*canonical_state); | 788 server_state->InitializeFrom(*canonical_state); |
| 772 } | 789 } |
| 773 | 790 |
| 774 } // namespace net | 791 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 398623003:
To be used in internal change: 70123647 when processing a mid-connection (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src