Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(212)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/quic/quic_crypto_server_stream.cc

Issue 698703003: Delay a QUIC server's use of the FORWARD_SECURE encrypter until the (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@Change_QUIC_Reno_congestion_controller_78728349
Patch Set: Created 6 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/quic/quic_connection_test.cc ('k') | net/quic/quic_flags.h » ('j') | net/quic/quic_flags.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/quic/quic_crypto_server_stream.h" 5 #include "net/quic/quic_crypto_server_stream.h"
6 6
7 #include "base/base64.h" 7 #include "base/base64.h"
8 #include "crypto/secure_hash.h" 8 #include "crypto/secure_hash.h"
9 #include "net/quic/crypto/crypto_protocol.h" 9 #include "net/quic/crypto/crypto_protocol.h"
10 #include "net/quic/crypto/crypto_utils.h" 10 #include "net/quic/crypto/crypto_utils.h"
11 #include "net/quic/crypto/quic_crypto_server_config.h" 11 #include "net/quic/crypto/quic_crypto_server_config.h"
12 #include "net/quic/crypto/source_address_token.h" 12 #include "net/quic/crypto/source_address_token.h"
13 #include "net/quic/quic_config.h" 13 #include "net/quic/quic_config.h"
14 #include "net/quic/quic_flags.h"
14 #include "net/quic/quic_protocol.h" 15 #include "net/quic/quic_protocol.h"
15 #include "net/quic/quic_session.h" 16 #include "net/quic/quic_session.h"
16 17
17 namespace net { 18 namespace net {
18 19
19 void ServerHelloNotifier::OnAckNotification( 20 void ServerHelloNotifier::OnAckNotification(
20 int num_original_packets, 21 int num_original_packets,
21 int num_original_bytes, 22 int num_original_bytes,
22 int num_retransmitted_packets, 23 int num_retransmitted_packets,
23 int num_retransmitted_bytes, 24 int num_retransmitted_bytes,
(...skipping 88 matching lines...) Expand 10 before | Expand all | Expand 10 after
112 config->ToHandshakeMessage(&reply); 113 config->ToHandshakeMessage(&reply);
113 114
114 // Receiving a full CHLO implies the client is prepared to decrypt with 115 // Receiving a full CHLO implies the client is prepared to decrypt with
115 // the new server write key. We can start to encrypt with the new server 116 // the new server write key. We can start to encrypt with the new server
116 // write key. 117 // write key.
117 // 118 //
118 // NOTE: the SHLO will be encrypted with the new server write key. 119 // NOTE: the SHLO will be encrypted with the new server write key.
119 session()->connection()->SetEncrypter( 120 session()->connection()->SetEncrypter(
120 ENCRYPTION_INITIAL, 121 ENCRYPTION_INITIAL,
121 crypto_negotiated_params_.initial_crypters.encrypter.release()); 122 crypto_negotiated_params_.initial_crypters.encrypter.release());
122 session()->connection()->SetDefaultEncryptionLevel( 123 session()->connection()->SetDefaultEncryptionLevel(ENCRYPTION_INITIAL);
123 ENCRYPTION_INITIAL);
124 // Set the decrypter immediately so that we no longer accept unencrypted 124 // Set the decrypter immediately so that we no longer accept unencrypted
125 // packets. 125 // packets.
126 session()->connection()->SetDecrypter( 126 session()->connection()->SetDecrypter(
127 crypto_negotiated_params_.initial_crypters.decrypter.release(), 127 crypto_negotiated_params_.initial_crypters.decrypter.release(),
128 ENCRYPTION_INITIAL); 128 ENCRYPTION_INITIAL);
129 129
130 // We want to be notified when the SHLO is ACKed so that we can disable 130 // We want to be notified when the SHLO is ACKed so that we can disable
131 // HANDSHAKE_MODE in the sent packet manager. 131 // HANDSHAKE_MODE in the sent packet manager.
132 if (session()->connection()->version() <= QUIC_VERSION_21) { 132 if (session()->connection()->version() <= QUIC_VERSION_21) {
133 SendHandshakeMessage(reply); 133 SendHandshakeMessage(reply);
134 } else { 134 } else {
135 scoped_refptr<ServerHelloNotifier> server_hello_notifier( 135 scoped_refptr<ServerHelloNotifier> server_hello_notifier(
136 new ServerHelloNotifier(this)); 136 new ServerHelloNotifier(this));
137 SendHandshakeMessage(reply, server_hello_notifier.get()); 137 SendHandshakeMessage(reply, server_hello_notifier.get());
138 } 138 }
139 139
140 session()->connection()->SetEncrypter( 140 session()->connection()->SetEncrypter(
141 ENCRYPTION_FORWARD_SECURE, 141 ENCRYPTION_FORWARD_SECURE,
142 crypto_negotiated_params_.forward_secure_crypters.encrypter.release()); 142 crypto_negotiated_params_.forward_secure_crypters.encrypter.release());
143 session()->connection()->SetDefaultEncryptionLevel( 143 if (!FLAGS_enable_quic_delay_forward_security) {
144 ENCRYPTION_FORWARD_SECURE); 144 session()->connection()->SetDefaultEncryptionLevel(
145 ENCRYPTION_FORWARD_SECURE);
146 }
145 session()->connection()->SetAlternativeDecrypter( 147 session()->connection()->SetAlternativeDecrypter(
146 crypto_negotiated_params_.forward_secure_crypters.decrypter.release(), 148 crypto_negotiated_params_.forward_secure_crypters.decrypter.release(),
147 ENCRYPTION_FORWARD_SECURE, false /* don't latch */); 149 ENCRYPTION_FORWARD_SECURE, false /* don't latch */);
148 150
149 encryption_established_ = true; 151 encryption_established_ = true;
150 handshake_confirmed_ = true; 152 handshake_confirmed_ = true;
151 session()->OnCryptoHandshakeEvent(QuicSession::HANDSHAKE_CONFIRMED); 153 session()->OnCryptoHandshakeEvent(QuicSession::HANDSHAKE_CONFIRMED);
152 } 154 }
153 155
154 void QuicCryptoServerStream::SendServerConfigUpdate( 156 void QuicCryptoServerStream::SendServerConfigUpdate(
(...skipping 101 matching lines...) Expand 10 before | Expand all | Expand 10 after
256 258
257 void QuicCryptoServerStream::ValidateCallback::RunImpl( 259 void QuicCryptoServerStream::ValidateCallback::RunImpl(
258 const CryptoHandshakeMessage& client_hello, 260 const CryptoHandshakeMessage& client_hello,
259 const Result& result) { 261 const Result& result) {
260 if (parent_ != nullptr) { 262 if (parent_ != nullptr) {
261 parent_->FinishProcessingHandshakeMessage(client_hello, result); 263 parent_->FinishProcessingHandshakeMessage(client_hello, result);
262 } 264 }
263 } 265 }
264 266
265 } // namespace net 267 } // namespace net
OLDNEW
« no previous file with comments | « net/quic/quic_connection_test.cc ('k') | net/quic/quic_flags.h » ('j') | net/quic/quic_flags.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698