Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(343)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/quic/crypto/quic_crypto_server_config.cc

Issue 423333002: Implement QUIC key extraction. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Fix one std::string in quic_crypto_stream.h Created 6 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« crypto/hkdf.h ('K') | « net/quic/crypto/quic_crypto_client_config.cc ('k') | net/quic/quic_crypto_stream.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/quic/crypto/quic_crypto_server_config.h" 5 #include "net/quic/crypto/quic_crypto_server_config.h"
6 6
7 #include <stdlib.h> 7 #include <stdlib.h>
8 #include <algorithm> 8 #include <algorithm>
9 9
10 #include "base/stl_util.h" 10 #include "base/stl_util.h"
(...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after
47 47
48 namespace net { 48 namespace net {
49 49
50 namespace { 50 namespace {
51 51
52 string DeriveSourceAddressTokenKey(StringPiece source_address_token_secret) { 52 string DeriveSourceAddressTokenKey(StringPiece source_address_token_secret) {
53 crypto::HKDF hkdf(source_address_token_secret, 53 crypto::HKDF hkdf(source_address_token_secret,
54 StringPiece() /* no salt */, 54 StringPiece() /* no salt */,
55 "QUIC source address token key", 55 "QUIC source address token key",
56 CryptoSecretBoxer::GetKeySize(), 56 CryptoSecretBoxer::GetKeySize(),
57 0 /* no fixed IV needed */); 57 0 /* no fixed IV needed */,
58 0 /* no subkey secret */);
58 return hkdf.server_write_key().as_string(); 59 return hkdf.server_write_key().as_string();
59 } 60 }
60 61
61 } // namespace 62 } // namespace
62 63
63 // ClientHelloInfo contains information about a client hello message that is 64 // ClientHelloInfo contains information about a client hello message that is
64 // only kept for as long as it's being processed. 65 // only kept for as long as it's being processed.
65 struct ClientHelloInfo { 66 struct ClientHelloInfo {
66 ClientHelloInfo(const IPEndPoint& in_client_ip, QuicWallTime in_now) 67 ClientHelloInfo(const IPEndPoint& in_client_ip, QuicWallTime in_now)
67 : client_ip(in_client_ip), 68 : client_ip(in_client_ip),
(...skipping 607 matching lines...) Expand 10 before | Expand all | Expand 10 after
675 strlen(QuicCryptoConfig::kCETVLabel) + 1); 676 strlen(QuicCryptoConfig::kCETVLabel) + 1);
676 hkdf_input.append(reinterpret_cast<char*>(&connection_id), 677 hkdf_input.append(reinterpret_cast<char*>(&connection_id),
677 sizeof(connection_id)); 678 sizeof(connection_id));
678 hkdf_input.append(client_hello_serialized.data(), 679 hkdf_input.append(client_hello_serialized.data(),
679 client_hello_serialized.length()); 680 client_hello_serialized.length());
680 hkdf_input.append(requested_config->serialized); 681 hkdf_input.append(requested_config->serialized);
681 682
682 CrypterPair crypters; 683 CrypterPair crypters;
683 if (!CryptoUtils::DeriveKeys(params->initial_premaster_secret, params->aead, 684 if (!CryptoUtils::DeriveKeys(params->initial_premaster_secret, params->aead,
684 info.client_nonce, info.server_nonce, 685 info.client_nonce, info.server_nonce,
685 hkdf_input, CryptoUtils::SERVER, &crypters)) { 686 hkdf_input, CryptoUtils::SERVER, &crypters,
687 NULL /* subkey secret */)) {
686 *error_details = "Symmetric key setup failed"; 688 *error_details = "Symmetric key setup failed";
687 return QUIC_CRYPTO_SYMMETRIC_KEY_SETUP_FAILED; 689 return QUIC_CRYPTO_SYMMETRIC_KEY_SETUP_FAILED;
688 } 690 }
689 691
690 scoped_ptr<QuicData> cetv_plaintext(crypters.decrypter->DecryptPacket( 692 scoped_ptr<QuicData> cetv_plaintext(crypters.decrypter->DecryptPacket(
691 0 /* sequence number */, StringPiece() /* associated data */, 693 0 /* sequence number */, StringPiece() /* associated data */,
692 cetv_ciphertext)); 694 cetv_ciphertext));
693 if (!cetv_plaintext.get()) { 695 if (!cetv_plaintext.get()) {
694 *error_details = "CETV decryption failure"; 696 *error_details = "CETV decryption failure";
695 return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER; 697 return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER;
(...skipping 20 matching lines...) Expand all
716 718
717 string hkdf_input; 719 string hkdf_input;
718 size_t label_len = strlen(QuicCryptoConfig::kInitialLabel) + 1; 720 size_t label_len = strlen(QuicCryptoConfig::kInitialLabel) + 1;
719 hkdf_input.reserve(label_len + hkdf_suffix.size()); 721 hkdf_input.reserve(label_len + hkdf_suffix.size());
720 hkdf_input.append(QuicCryptoConfig::kInitialLabel, label_len); 722 hkdf_input.append(QuicCryptoConfig::kInitialLabel, label_len);
721 hkdf_input.append(hkdf_suffix); 723 hkdf_input.append(hkdf_suffix);
722 724
723 if (!CryptoUtils::DeriveKeys(params->initial_premaster_secret, params->aead, 725 if (!CryptoUtils::DeriveKeys(params->initial_premaster_secret, params->aead,
724 info.client_nonce, info.server_nonce, hkdf_input, 726 info.client_nonce, info.server_nonce, hkdf_input,
725 CryptoUtils::SERVER, 727 CryptoUtils::SERVER,
726 &params->initial_crypters)) { 728 &params->initial_crypters,
729 NULL /* subkey secret */)) {
727 *error_details = "Symmetric key setup failed"; 730 *error_details = "Symmetric key setup failed";
728 return QUIC_CRYPTO_SYMMETRIC_KEY_SETUP_FAILED; 731 return QUIC_CRYPTO_SYMMETRIC_KEY_SETUP_FAILED;
729 } 732 }
730 733
731 string forward_secure_public_value; 734 string forward_secure_public_value;
732 if (ephemeral_key_source_.get()) { 735 if (ephemeral_key_source_.get()) {
733 params->forward_secure_premaster_secret = 736 params->forward_secure_premaster_secret =
734 ephemeral_key_source_->CalculateForwardSecureKey( 737 ephemeral_key_source_->CalculateForwardSecureKey(
735 key_exchange, rand, clock->ApproximateNow(), public_value, 738 key_exchange, rand, clock->ApproximateNow(), public_value,
736 &forward_secure_public_value); 739 &forward_secure_public_value);
(...skipping 12 matching lines...) Expand all
749 string forward_secure_hkdf_input; 752 string forward_secure_hkdf_input;
750 label_len = strlen(QuicCryptoConfig::kForwardSecureLabel) + 1; 753 label_len = strlen(QuicCryptoConfig::kForwardSecureLabel) + 1;
751 forward_secure_hkdf_input.reserve(label_len + hkdf_suffix.size()); 754 forward_secure_hkdf_input.reserve(label_len + hkdf_suffix.size());
752 forward_secure_hkdf_input.append(QuicCryptoConfig::kForwardSecureLabel, 755 forward_secure_hkdf_input.append(QuicCryptoConfig::kForwardSecureLabel,
753 label_len); 756 label_len);
754 forward_secure_hkdf_input.append(hkdf_suffix); 757 forward_secure_hkdf_input.append(hkdf_suffix);
755 758
756 if (!CryptoUtils::DeriveKeys( 759 if (!CryptoUtils::DeriveKeys(
757 params->forward_secure_premaster_secret, params->aead, 760 params->forward_secure_premaster_secret, params->aead,
758 info.client_nonce, info.server_nonce, forward_secure_hkdf_input, 761 info.client_nonce, info.server_nonce, forward_secure_hkdf_input,
759 CryptoUtils::SERVER, &params->forward_secure_crypters)) { 762 CryptoUtils::SERVER, &params->forward_secure_crypters,
763 &params->subkey_secret)) {
760 *error_details = "Symmetric key setup failed"; 764 *error_details = "Symmetric key setup failed";
761 return QUIC_CRYPTO_SYMMETRIC_KEY_SETUP_FAILED; 765 return QUIC_CRYPTO_SYMMETRIC_KEY_SETUP_FAILED;
762 } 766 }
763 767
764 out->set_tag(kSHLO); 768 out->set_tag(kSHLO);
765 QuicTagVector supported_version_tags; 769 QuicTagVector supported_version_tags;
766 for (size_t i = 0; i < supported_versions.size(); ++i) { 770 for (size_t i = 0; i < supported_versions.size(); ++i) {
767 supported_version_tags.push_back 771 supported_version_tags.push_back
768 (QuicVersionToQuicTag(supported_versions[i])); 772 (QuicVersionToQuicTag(supported_versions[i]));
769 } 773 }
(...skipping 735 matching lines...) Expand 10 before | Expand all | Expand 10 after
1505 QuicCryptoServerConfig::Config::Config() 1509 QuicCryptoServerConfig::Config::Config()
1506 : channel_id_enabled(false), 1510 : channel_id_enabled(false),
1507 is_primary(false), 1511 is_primary(false),
1508 primary_time(QuicWallTime::Zero()), 1512 primary_time(QuicWallTime::Zero()),
1509 priority(0), 1513 priority(0),
1510 source_address_token_boxer(NULL) {} 1514 source_address_token_boxer(NULL) {}
1511 1515
1512 QuicCryptoServerConfig::Config::~Config() { STLDeleteElements(&key_exchanges); } 1516 QuicCryptoServerConfig::Config::~Config() { STLDeleteElements(&key_exchanges); }
1513 1517
1514 } // namespace net 1518 } // namespace net
OLDNEW
« crypto/hkdf.h ('K') | « net/quic/crypto/quic_crypto_client_config.cc ('k') | net/quic/quic_crypto_stream.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698