Land Recent QUIC Changes.

net/quic/crypto/quic_crypto_server_config.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/quic/crypto/quic_crypto_server_config.h"
 
 #include <stdlib.h>
 #include <algorithm>
 
 #include "base/stl_util.h"
@@ skipping 585 matching lines @@
     *error_details = validate_chlo_result.error_details;
     return validate_chlo_result.error_code;
   }
 
   out->Clear();
 
   if (!info.valid_source_address_token ||
       !info.client_nonce_well_formed ||
       !info.unique ||
       !requested_config.get()) {
-    BuildRejection(*primary_config, client_hello, info, rand, out);
+    BuildRejection(*primary_config, client_hello, info, rand, params, out);
     return QUIC_NO_ERROR;
   }
 
   const QuicTag* their_aeads;
   const QuicTag* their_key_exchanges;
   size_t num_their_aeads, num_their_key_exchanges;
   if (client_hello.GetTaglist(kAEAD, &their_aeads,
                               &num_their_aeads) != QUIC_NO_ERROR ||
       client_hello.GetTaglist(kKEXS, &their_key_exchanges,
                               &num_their_key_exchanges) != QUIC_NO_ERROR ||
@@ skipping 415 matching lines @@
     strike_register_client = strike_register_client_.get();
   }
 
   strike_register_client->VerifyNonceIsValidAndUnique(
       info->client_nonce,
       info->now,
       new VerifyNonceIsValidAndUniqueCallback(client_hello_state, done_cb));
   helper.StartedAsyncCallback();
 }
 
+bool QuicCryptoServerConfig::BuildServerConfigUpdateMessage(
+    const IPEndPoint& client_ip,
+    const QuicClock* clock,
+    QuicRandom* rand,
+    const QuicCryptoNegotiatedParameters& params,
+    CryptoHandshakeMessage* out) const {
+  base::AutoLock locked(configs_lock_);
+  out->set_tag(kSCUP);
+  out->SetStringPiece(kSCFG, primary_config_->serialized);
+  out->SetStringPiece(kSourceAddressTokenTag,
+                      NewSourceAddressToken(*primary_config_,
+                                            client_ip,
+                                            rand,
+                                            clock->WallNow()));
+
+  if (proof_source_ == NULL) {
+    // Insecure QUIC, can send SCFG without proof.
+    return true;
+  }
+
+  const vector<string>* certs;
+  string signature;
+  if (!proof_source_->GetProof(params.sni, primary_config_->serialized,
+                               params.x509_ecdsa_supported, &certs,
+                               &signature)) {
+    DVLOG(1) << "Server: failed to get proof.";
+    return false;
+  }
+
+  const string compressed = CertCompressor::CompressChain(
+      *certs, params.client_common_set_hashes, params.client_cached_cert_hashes,
+      primary_config_->common_cert_sets);
+
+  out->SetStringPiece(kCertificateTag, compressed);
+  out->SetStringPiece(kPROF, signature);
+  return true;
+}
+
 void QuicCryptoServerConfig::BuildRejection(
     const Config& config,
     const CryptoHandshakeMessage& client_hello,
     const ClientHelloInfo& info,
     QuicRandom* rand,
+    QuicCryptoNegotiatedParameters *params,
     CryptoHandshakeMessage* out) const {
   out->set_tag(kREJ);
   out->SetStringPiece(kSCFG, config.serialized);
   out->SetStringPiece(kSourceAddressTokenTag,
                       NewSourceAddressToken(
                           config,
                           info.client_ip,
                           rand,
                           info.now));
   if (replay_protection_) {
@@ skipping 10 matching lines @@
   const QuicTag* their_proof_demands;
   size_t num_their_proof_demands;
 
   if (proof_source_.get() == NULL ||
       client_hello.GetTaglist(kPDMD, &their_proof_demands,
                               &num_their_proof_demands) !=
           QUIC_NO_ERROR) {
     return;
   }
 
-  bool x509_supported = false, x509_ecdsa_supported = false;
+  bool x509_supported = false;
   for (size_t i = 0; i < num_their_proof_demands; i++) {
     switch (their_proof_demands[i]) {
       case kX509:
         x509_supported = true;
-        x509_ecdsa_supported = true;
+        params->x509_ecdsa_supported = true;
         break;
       case kX59R:
         x509_supported = true;
         break;
     }
   }
 
   if (!x509_supported) {
     return;
   }
 
   const vector<string>* certs;
   string signature;
   if (!proof_source_->GetProof(info.sni.as_string(), config.serialized,
-                               x509_ecdsa_supported, &certs, &signature)) {
+                               params->x509_ecdsa_supported, &certs,
+                               &signature)) {
     return;
   }
 
-  StringPiece their_common_set_hashes;
-  StringPiece their_cached_cert_hashes;
-  client_hello.GetStringPiece(kCCS, &their_common_set_hashes);
-  client_hello.GetStringPiece(kCCRT, &their_cached_cert_hashes);
+  StringPiece client_common_set_hashes;
+  if (client_hello.GetStringPiece(kCCS, &client_common_set_hashes)) {
+    params->client_common_set_hashes = client_common_set_hashes.as_string();
+  }
+
+  StringPiece client_cached_cert_hashes;
+  if (client_hello.GetStringPiece(kCCRT, &client_cached_cert_hashes)) {
+    params->client_cached_cert_hashes = client_cached_cert_hashes.as_string();
+  }
 
   const string compressed = CertCompressor::CompressChain(
-      *certs, their_common_set_hashes, their_cached_cert_hashes,
-      config.common_cert_sets);
+      *certs, params->client_common_set_hashes,
+      params->client_cached_cert_hashes, config.common_cert_sets);
 
   // kREJOverheadBytes is a very rough estimate of how much of a REJ
   // message is taken up by things other than the certificates.
   // STK: 56 bytes
   // SNO: 56 bytes
   // SCFG
   //   SCID: 16 bytes
   //   PUBS: 38 bytes
   const size_t kREJOverheadBytes = 166;
   // kMultiplier is the multiple of the CHLO message size that a REJ message
@@ skipping 390 matching lines @@
 QuicCryptoServerConfig::Config::Config()
     : channel_id_enabled(false),
       is_primary(false),
       primary_time(QuicWallTime::Zero()),
       priority(0),
       source_address_token_boxer(NULL) {}
 
 QuicCryptoServerConfig::Config::~Config() { STLDeleteElements(&key_exchanges); }
 
 }  // namespace net