Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(87)

Side by Side Diff: net/quic/crypto/quic_crypto_server_config.cc

Issue 816543004: Update from https://crrev.com/308996 (Closed) Base URL: git@github.com:domokit/mojo.git@master
Patch Set: Created 6 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/quic/crypto/quic_crypto_server_config.h ('k') | net/quic/quic_connection_stats.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/quic/crypto/quic_crypto_server_config.h" 5 #include "net/quic/crypto/quic_crypto_server_config.h"
6 6
7 #include <stdlib.h> 7 #include <stdlib.h>
8 #include <algorithm> 8 #include <algorithm>
9 9
10 #include "base/stl_util.h" 10 #include "base/stl_util.h"
(...skipping 499 matching lines...) Expand 10 before | Expand all | Expand 10 after
510 if (result->error_code == QUIC_NO_ERROR) { 510 if (result->error_code == QUIC_NO_ERROR) {
511 EvaluateClientHello(primary_orbit, requested_config, result, done_cb); 511 EvaluateClientHello(primary_orbit, requested_config, result, done_cb);
512 } else { 512 } else {
513 done_cb->Run(result); 513 done_cb->Run(result);
514 } 514 }
515 } 515 }
516 516
517 QuicErrorCode QuicCryptoServerConfig::ProcessClientHello( 517 QuicErrorCode QuicCryptoServerConfig::ProcessClientHello(
518 const ValidateClientHelloResultCallback::Result& validate_chlo_result, 518 const ValidateClientHelloResultCallback::Result& validate_chlo_result,
519 QuicConnectionId connection_id, 519 QuicConnectionId connection_id,
520 IPEndPoint client_address, 520 const IPEndPoint& server_ip,
521 const IPEndPoint& client_address,
521 QuicVersion version, 522 QuicVersion version,
522 const QuicVersionVector& supported_versions, 523 const QuicVersionVector& supported_versions,
523 const QuicClock* clock, 524 const QuicClock* clock,
524 QuicRandom* rand, 525 QuicRandom* rand,
525 QuicCryptoNegotiatedParameters *params, 526 QuicCryptoNegotiatedParameters* params,
526 CryptoHandshakeMessage* out, 527 CryptoHandshakeMessage* out,
527 string* error_details) const { 528 string* error_details) const {
528 DCHECK(error_details); 529 DCHECK(error_details);
529 530
530 const CryptoHandshakeMessage& client_hello = 531 const CryptoHandshakeMessage& client_hello =
531 validate_chlo_result.client_hello; 532 validate_chlo_result.client_hello;
532 const ClientHelloInfo& info = validate_chlo_result.info; 533 const ClientHelloInfo& info = validate_chlo_result.info;
533 534
534 // If the client's preferred version is not the version we are currently 535 // If the client's preferred version is not the version we are currently
535 // speaking, then the client went through a version negotiation. In this 536 // speaking, then the client went through a version negotiation. In this
(...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after
586 *error_details = validate_chlo_result.error_details; 587 *error_details = validate_chlo_result.error_details;
587 return validate_chlo_result.error_code; 588 return validate_chlo_result.error_code;
588 } 589 }
589 590
590 out->Clear(); 591 out->Clear();
591 592
592 if (!info.valid_source_address_token || 593 if (!info.valid_source_address_token ||
593 !info.client_nonce_well_formed || 594 !info.client_nonce_well_formed ||
594 !info.unique || 595 !info.unique ||
595 !requested_config.get()) { 596 !requested_config.get()) {
596 BuildRejection(*primary_config.get(), client_hello, info, 597 BuildRejection(server_ip, *primary_config.get(), client_hello, info,
597 validate_chlo_result.cached_network_params, rand, params, 598 validate_chlo_result.cached_network_params, rand, params,
598 out); 599 out);
599 return QUIC_NO_ERROR; 600 return QUIC_NO_ERROR;
600 } 601 }
601 602
602 const QuicTag* their_aeads; 603 const QuicTag* their_aeads;
603 const QuicTag* their_key_exchanges; 604 const QuicTag* their_key_exchanges;
604 size_t num_their_aeads, num_their_key_exchanges; 605 size_t num_their_aeads, num_their_key_exchanges;
605 if (client_hello.GetTaglist(kAEAD, &their_aeads, 606 if (client_hello.GetTaglist(kAEAD, &their_aeads,
606 &num_their_aeads) != QUIC_NO_ERROR || 607 &num_their_aeads) != QUIC_NO_ERROR ||
(...skipping 420 matching lines...) Expand 10 before | Expand all | Expand 10 after
1027 } 1028 }
1028 1029
1029 strike_register_client->VerifyNonceIsValidAndUnique( 1030 strike_register_client->VerifyNonceIsValidAndUnique(
1030 info->client_nonce, 1031 info->client_nonce,
1031 info->now, 1032 info->now,
1032 new VerifyNonceIsValidAndUniqueCallback(client_hello_state, done_cb)); 1033 new VerifyNonceIsValidAndUniqueCallback(client_hello_state, done_cb));
1033 helper.StartedAsyncCallback(); 1034 helper.StartedAsyncCallback();
1034 } 1035 }
1035 1036
1036 bool QuicCryptoServerConfig::BuildServerConfigUpdateMessage( 1037 bool QuicCryptoServerConfig::BuildServerConfigUpdateMessage(
1038 const IPEndPoint& server_ip,
1037 const IPEndPoint& client_ip, 1039 const IPEndPoint& client_ip,
1038 const QuicClock* clock, 1040 const QuicClock* clock,
1039 QuicRandom* rand, 1041 QuicRandom* rand,
1040 const QuicCryptoNegotiatedParameters& params, 1042 const QuicCryptoNegotiatedParameters& params,
1041 const CachedNetworkParameters* cached_network_params, 1043 const CachedNetworkParameters* cached_network_params,
1042 CryptoHandshakeMessage* out) const { 1044 CryptoHandshakeMessage* out) const {
1043 base::AutoLock locked(configs_lock_); 1045 base::AutoLock locked(configs_lock_);
1044 out->set_tag(kSCUP); 1046 out->set_tag(kSCUP);
1045 out->SetStringPiece(kSCFG, primary_config_->serialized); 1047 out->SetStringPiece(kSCFG, primary_config_->serialized);
1046 out->SetStringPiece(kSourceAddressTokenTag, 1048 out->SetStringPiece(kSourceAddressTokenTag,
1047 NewSourceAddressToken(*primary_config_.get(), 1049 NewSourceAddressToken(*primary_config_.get(),
1048 client_ip, 1050 client_ip,
1049 rand, 1051 rand,
1050 clock->WallNow(), 1052 clock->WallNow(),
1051 cached_network_params)); 1053 cached_network_params));
1052 1054
1053 if (proof_source_ == nullptr) { 1055 if (proof_source_ == nullptr) {
1054 // Insecure QUIC, can send SCFG without proof. 1056 // Insecure QUIC, can send SCFG without proof.
1055 return true; 1057 return true;
1056 } 1058 }
1057 1059
1058 const vector<string>* certs; 1060 const vector<string>* certs;
1059 string signature; 1061 string signature;
1060 if (!proof_source_->GetProof(params.sni, primary_config_->serialized, 1062 if (!proof_source_->GetProof(
1061 params.x509_ecdsa_supported, &certs, 1063 server_ip, params.sni, primary_config_->serialized,
1062 &signature)) { 1064 params.x509_ecdsa_supported, &certs, &signature)) {
1063 DVLOG(1) << "Server: failed to get proof."; 1065 DVLOG(1) << "Server: failed to get proof.";
1064 return false; 1066 return false;
1065 } 1067 }
1066 1068
1067 const string compressed = CertCompressor::CompressChain( 1069 const string compressed = CertCompressor::CompressChain(
1068 *certs, params.client_common_set_hashes, params.client_cached_cert_hashes, 1070 *certs, params.client_common_set_hashes, params.client_cached_cert_hashes,
1069 primary_config_->common_cert_sets); 1071 primary_config_->common_cert_sets);
1070 1072
1071 out->SetStringPiece(kCertificateTag, compressed); 1073 out->SetStringPiece(kCertificateTag, compressed);
1072 out->SetStringPiece(kPROF, signature); 1074 out->SetStringPiece(kPROF, signature);
1073 return true; 1075 return true;
1074 } 1076 }
1075 1077
1076 void QuicCryptoServerConfig::BuildRejection( 1078 void QuicCryptoServerConfig::BuildRejection(
1079 const IPEndPoint& server_ip,
1077 const Config& config, 1080 const Config& config,
1078 const CryptoHandshakeMessage& client_hello, 1081 const CryptoHandshakeMessage& client_hello,
1079 const ClientHelloInfo& info, 1082 const ClientHelloInfo& info,
1080 const CachedNetworkParameters& cached_network_params, 1083 const CachedNetworkParameters& cached_network_params,
1081 QuicRandom* rand, 1084 QuicRandom* rand,
1082 QuicCryptoNegotiatedParameters *params, 1085 QuicCryptoNegotiatedParameters* params,
1083 CryptoHandshakeMessage* out) const { 1086 CryptoHandshakeMessage* out) const {
1084 out->set_tag(kREJ); 1087 out->set_tag(kREJ);
1085 out->SetStringPiece(kSCFG, config.serialized); 1088 out->SetStringPiece(kSCFG, config.serialized);
1086 out->SetStringPiece(kSourceAddressTokenTag, 1089 out->SetStringPiece(kSourceAddressTokenTag,
1087 NewSourceAddressToken( 1090 NewSourceAddressToken(
1088 config, 1091 config,
1089 info.client_ip, 1092 info.client_ip,
1090 rand, 1093 rand,
1091 info.now, 1094 info.now,
1092 &cached_network_params)); 1095 &cached_network_params));
(...skipping 30 matching lines...) Expand all
1123 break; 1126 break;
1124 } 1127 }
1125 } 1128 }
1126 1129
1127 if (!x509_supported) { 1130 if (!x509_supported) {
1128 return; 1131 return;
1129 } 1132 }
1130 1133
1131 const vector<string>* certs; 1134 const vector<string>* certs;
1132 string signature; 1135 string signature;
1133 if (!proof_source_->GetProof(info.sni.as_string(), config.serialized, 1136 if (!proof_source_->GetProof(server_ip, info.sni.as_string(),
1134 params->x509_ecdsa_supported, &certs, 1137 config.serialized, params->x509_ecdsa_supported,
1135 &signature)) { 1138 &certs, &signature)) {
1136 return; 1139 return;
1137 } 1140 }
1138 1141
1139 StringPiece client_common_set_hashes; 1142 StringPiece client_common_set_hashes;
1140 if (client_hello.GetStringPiece(kCCS, &client_common_set_hashes)) { 1143 if (client_hello.GetStringPiece(kCCS, &client_common_set_hashes)) {
1141 params->client_common_set_hashes = client_common_set_hashes.as_string(); 1144 params->client_common_set_hashes = client_common_set_hashes.as_string();
1142 } 1145 }
1143 1146
1144 StringPiece client_cached_cert_hashes; 1147 StringPiece client_cached_cert_hashes;
1145 if (client_hello.GetStringPiece(kCCRT, &client_cached_cert_hashes)) { 1148 if (client_hello.GetStringPiece(kCCRT, &client_cached_cert_hashes)) {
(...skipping 420 matching lines...) Expand 10 before | Expand all | Expand 10 after
1566 QuicCryptoServerConfig::Config::Config() 1569 QuicCryptoServerConfig::Config::Config()
1567 : channel_id_enabled(false), 1570 : channel_id_enabled(false),
1568 is_primary(false), 1571 is_primary(false),
1569 primary_time(QuicWallTime::Zero()), 1572 primary_time(QuicWallTime::Zero()),
1570 priority(0), 1573 priority(0),
1571 source_address_token_boxer(nullptr) {} 1574 source_address_token_boxer(nullptr) {}
1572 1575
1573 QuicCryptoServerConfig::Config::~Config() { STLDeleteElements(&key_exchanges); } 1576 QuicCryptoServerConfig::Config::~Config() { STLDeleteElements(&key_exchanges); }
1574 1577
1575 } // namespace net 1578 } // namespace net
OLDNEW
« no previous file with comments | « net/quic/crypto/quic_crypto_server_config.h ('k') | net/quic/quic_connection_stats.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698