OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/quic/crypto/quic_crypto_server_config.h" | 5 #include "net/quic/crypto/quic_crypto_server_config.h" |
6 | 6 |
7 #include <stdlib.h> | 7 #include <stdlib.h> |
8 #include <algorithm> | 8 #include <algorithm> |
9 | 9 |
10 #include "base/stl_util.h" | 10 #include "base/stl_util.h" |
(...skipping 585 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
596 *error_details = validate_chlo_result.error_details; | 596 *error_details = validate_chlo_result.error_details; |
597 return validate_chlo_result.error_code; | 597 return validate_chlo_result.error_code; |
598 } | 598 } |
599 | 599 |
600 out->Clear(); | 600 out->Clear(); |
601 | 601 |
602 if (!info.valid_source_address_token || | 602 if (!info.valid_source_address_token || |
603 !info.client_nonce_well_formed || | 603 !info.client_nonce_well_formed || |
604 !info.unique || | 604 !info.unique || |
605 !requested_config.get()) { | 605 !requested_config.get()) { |
606 BuildRejection(*primary_config, client_hello, info, rand, params, out); | 606 BuildRejection( |
| 607 *primary_config.get(), client_hello, info, rand, params, out); |
607 return QUIC_NO_ERROR; | 608 return QUIC_NO_ERROR; |
608 } | 609 } |
609 | 610 |
610 const QuicTag* their_aeads; | 611 const QuicTag* their_aeads; |
611 const QuicTag* their_key_exchanges; | 612 const QuicTag* their_key_exchanges; |
612 size_t num_their_aeads, num_their_key_exchanges; | 613 size_t num_their_aeads, num_their_key_exchanges; |
613 if (client_hello.GetTaglist(kAEAD, &their_aeads, | 614 if (client_hello.GetTaglist(kAEAD, &their_aeads, |
614 &num_their_aeads) != QUIC_NO_ERROR || | 615 &num_their_aeads) != QUIC_NO_ERROR || |
615 client_hello.GetTaglist(kKEXS, &their_key_exchanges, | 616 client_hello.GetTaglist(kKEXS, &their_key_exchanges, |
616 &num_their_key_exchanges) != QUIC_NO_ERROR || | 617 &num_their_key_exchanges) != QUIC_NO_ERROR || |
(...skipping 148 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
765 return QUIC_CRYPTO_SYMMETRIC_KEY_SETUP_FAILED; | 766 return QUIC_CRYPTO_SYMMETRIC_KEY_SETUP_FAILED; |
766 } | 767 } |
767 | 768 |
768 out->set_tag(kSHLO); | 769 out->set_tag(kSHLO); |
769 QuicTagVector supported_version_tags; | 770 QuicTagVector supported_version_tags; |
770 for (size_t i = 0; i < supported_versions.size(); ++i) { | 771 for (size_t i = 0; i < supported_versions.size(); ++i) { |
771 supported_version_tags.push_back | 772 supported_version_tags.push_back |
772 (QuicVersionToQuicTag(supported_versions[i])); | 773 (QuicVersionToQuicTag(supported_versions[i])); |
773 } | 774 } |
774 out->SetVector(kVER, supported_version_tags); | 775 out->SetVector(kVER, supported_version_tags); |
775 out->SetStringPiece(kSourceAddressTokenTag, | 776 out->SetStringPiece( |
776 NewSourceAddressToken( | 777 kSourceAddressTokenTag, |
777 *requested_config, | 778 NewSourceAddressToken( |
778 client_address, | 779 *requested_config.get(), client_address, rand, info.now, NULL)); |
779 rand, | |
780 info.now, | |
781 NULL)); | |
782 QuicSocketAddressCoder address_coder(client_address); | 780 QuicSocketAddressCoder address_coder(client_address); |
783 out->SetStringPiece(kCADR, address_coder.Encode()); | 781 out->SetStringPiece(kCADR, address_coder.Encode()); |
784 out->SetStringPiece(kPUBS, forward_secure_public_value); | 782 out->SetStringPiece(kPUBS, forward_secure_public_value); |
785 | 783 |
786 return QUIC_NO_ERROR; | 784 return QUIC_NO_ERROR; |
787 } | 785 } |
788 | 786 |
789 scoped_refptr<QuicCryptoServerConfig::Config> | 787 scoped_refptr<QuicCryptoServerConfig::Config> |
790 QuicCryptoServerConfig::GetConfigWithScid(StringPiece requested_scid) const { | 788 QuicCryptoServerConfig::GetConfigWithScid(StringPiece requested_scid) const { |
791 // In Chromium, we will dead lock if the lock is held by the current thread. | 789 // In Chromium, we will dead lock if the lock is held by the current thread. |
(...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
838 if (primary_config_.get()) { | 836 if (primary_config_.get()) { |
839 LOG(DFATAL) << "No valid QUIC server config. Keeping the current config."; | 837 LOG(DFATAL) << "No valid QUIC server config. Keeping the current config."; |
840 } else { | 838 } else { |
841 LOG(DFATAL) << "No valid QUIC server config."; | 839 LOG(DFATAL) << "No valid QUIC server config."; |
842 } | 840 } |
843 return; | 841 return; |
844 } | 842 } |
845 | 843 |
846 sort(configs.begin(), configs.end(), ConfigPrimaryTimeLessThan); | 844 sort(configs.begin(), configs.end(), ConfigPrimaryTimeLessThan); |
847 | 845 |
848 Config* best_candidate = configs[0]; | 846 Config* best_candidate = configs[0].get(); |
849 | 847 |
850 for (size_t i = 0; i < configs.size(); ++i) { | 848 for (size_t i = 0; i < configs.size(); ++i) { |
851 const scoped_refptr<Config> config(configs[i]); | 849 const scoped_refptr<Config> config(configs[i]); |
852 if (!config->primary_time.IsAfter(now)) { | 850 if (!config->primary_time.IsAfter(now)) { |
853 if (config->primary_time.IsAfter(best_candidate->primary_time)) { | 851 if (config->primary_time.IsAfter(best_candidate->primary_time)) { |
854 best_candidate = config; | 852 best_candidate = config.get(); |
855 } | 853 } |
856 continue; | 854 continue; |
857 } | 855 } |
858 | 856 |
859 // This is the first config with a primary_time in the future. Thus the | 857 // This is the first config with a primary_time in the future. Thus the |
860 // previous Config should be the primary and this one should determine the | 858 // previous Config should be the primary and this one should determine the |
861 // next_config_promotion_time_. | 859 // next_config_promotion_time_. |
862 scoped_refptr<Config> new_primary(best_candidate); | 860 scoped_refptr<Config> new_primary(best_candidate); |
863 if (i == 0) { | 861 if (i == 0) { |
864 // We need the primary_time of the next config. | 862 // We need the primary_time of the next config. |
(...skipping 76 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
941 info->reject_reasons.push_back(SERVER_CONFIG_INCHOATE_HELLO_FAILURE); | 939 info->reject_reasons.push_back(SERVER_CONFIG_INCHOATE_HELLO_FAILURE); |
942 } | 940 } |
943 // No server config with the requested ID. | 941 // No server config with the requested ID. |
944 helper.ValidationComplete(QUIC_NO_ERROR, ""); | 942 helper.ValidationComplete(QUIC_NO_ERROR, ""); |
945 return; | 943 return; |
946 } | 944 } |
947 | 945 |
948 HandshakeFailureReason source_address_token_error; | 946 HandshakeFailureReason source_address_token_error; |
949 StringPiece srct; | 947 StringPiece srct; |
950 if (client_hello.GetStringPiece(kSourceAddressTokenTag, &srct)) { | 948 if (client_hello.GetStringPiece(kSourceAddressTokenTag, &srct)) { |
951 source_address_token_error = | 949 source_address_token_error = ValidateSourceAddressToken( |
952 ValidateSourceAddressToken(*requested_config, | 950 *requested_config.get(), srct, info->client_ip, info->now); |
953 srct, | |
954 info->client_ip, | |
955 info->now); | |
956 info->valid_source_address_token = | 951 info->valid_source_address_token = |
957 (source_address_token_error == HANDSHAKE_OK); | 952 (source_address_token_error == HANDSHAKE_OK); |
958 } else { | 953 } else { |
959 source_address_token_error = SOURCE_ADDRESS_TOKEN_INVALID_FAILURE; | 954 source_address_token_error = SOURCE_ADDRESS_TOKEN_INVALID_FAILURE; |
960 } | 955 } |
961 | 956 |
962 bool found_error = false; | 957 bool found_error = false; |
963 if (source_address_token_error != HANDSHAKE_OK) { | 958 if (source_address_token_error != HANDSHAKE_OK) { |
964 info->reject_reasons.push_back(source_address_token_error); | 959 info->reject_reasons.push_back(source_address_token_error); |
965 // No valid source address token. | 960 // No valid source address token. |
(...skipping 79 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1045 const IPEndPoint& client_ip, | 1040 const IPEndPoint& client_ip, |
1046 const QuicClock* clock, | 1041 const QuicClock* clock, |
1047 QuicRandom* rand, | 1042 QuicRandom* rand, |
1048 const QuicCryptoNegotiatedParameters& params, | 1043 const QuicCryptoNegotiatedParameters& params, |
1049 const CachedNetworkParameters* cached_network_params, | 1044 const CachedNetworkParameters* cached_network_params, |
1050 CryptoHandshakeMessage* out) const { | 1045 CryptoHandshakeMessage* out) const { |
1051 base::AutoLock locked(configs_lock_); | 1046 base::AutoLock locked(configs_lock_); |
1052 out->set_tag(kSCUP); | 1047 out->set_tag(kSCUP); |
1053 out->SetStringPiece(kSCFG, primary_config_->serialized); | 1048 out->SetStringPiece(kSCFG, primary_config_->serialized); |
1054 out->SetStringPiece(kSourceAddressTokenTag, | 1049 out->SetStringPiece(kSourceAddressTokenTag, |
1055 NewSourceAddressToken(*primary_config_, | 1050 NewSourceAddressToken(*primary_config_.get(), |
1056 client_ip, | 1051 client_ip, |
1057 rand, | 1052 rand, |
1058 clock->WallNow(), | 1053 clock->WallNow(), |
1059 cached_network_params)); | 1054 cached_network_params)); |
1060 | 1055 |
1061 if (proof_source_ == NULL) { | 1056 if (proof_source_ == NULL) { |
1062 // Insecure QUIC, can send SCFG without proof. | 1057 // Insecure QUIC, can send SCFG without proof. |
1063 return true; | 1058 return true; |
1064 } | 1059 } |
1065 | 1060 |
(...skipping 498 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1564 QuicCryptoServerConfig::Config::Config() | 1559 QuicCryptoServerConfig::Config::Config() |
1565 : channel_id_enabled(false), | 1560 : channel_id_enabled(false), |
1566 is_primary(false), | 1561 is_primary(false), |
1567 primary_time(QuicWallTime::Zero()), | 1562 primary_time(QuicWallTime::Zero()), |
1568 priority(0), | 1563 priority(0), |
1569 source_address_token_boxer(NULL) {} | 1564 source_address_token_boxer(NULL) {} |
1570 | 1565 |
1571 QuicCryptoServerConfig::Config::~Config() { STLDeleteElements(&key_exchanges); } | 1566 QuicCryptoServerConfig::Config::~Config() { STLDeleteElements(&key_exchanges); } |
1572 | 1567 |
1573 } // namespace net | 1568 } // namespace net |
OLD | NEW |