| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/quic/crypto/quic_crypto_server_config.h" | 5 #include "net/quic/crypto/quic_crypto_server_config.h" |
| 6 | 6 |
| 7 #include <stdlib.h> | 7 #include <stdlib.h> |
| 8 #include <algorithm> | 8 #include <algorithm> |
| 9 | 9 |
| 10 #include "base/stl_util.h" | 10 #include "base/stl_util.h" |
| (...skipping 1157 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1168 const size_t kREJOverheadBytes = 166; | 1168 const size_t kREJOverheadBytes = 166; |
| 1169 // kMultiplier is the multiple of the CHLO message size that a REJ message | 1169 // kMultiplier is the multiple of the CHLO message size that a REJ message |
| 1170 // must stay under when the client doesn't present a valid source-address | 1170 // must stay under when the client doesn't present a valid source-address |
| 1171 // token. | 1171 // token. |
| 1172 const size_t kMultiplier = 2; | 1172 const size_t kMultiplier = 2; |
| 1173 // max_unverified_size is the number of bytes that the certificate chain | 1173 // max_unverified_size is the number of bytes that the certificate chain |
| 1174 // and signature can consume before we will demand a valid source-address | 1174 // and signature can consume before we will demand a valid source-address |
| 1175 // token. | 1175 // token. |
| 1176 const size_t max_unverified_size = | 1176 const size_t max_unverified_size = |
| 1177 client_hello.size() * kMultiplier - kREJOverheadBytes; | 1177 client_hello.size() * kMultiplier - kREJOverheadBytes; |
| 1178 COMPILE_ASSERT(kClientHelloMinimumSize * kMultiplier >= kREJOverheadBytes, | 1178 static_assert(kClientHelloMinimumSize * kMultiplier >= kREJOverheadBytes, |
| 1179 overhead_calculation_may_underflow); | 1179 "overhead calculation may overflow"); |
| 1180 if (info.valid_source_address_token || | 1180 if (info.valid_source_address_token || |
| 1181 signature.size() + compressed.size() < max_unverified_size) { | 1181 signature.size() + compressed.size() < max_unverified_size) { |
| 1182 out->SetStringPiece(kCertificateTag, compressed); | 1182 out->SetStringPiece(kCertificateTag, compressed); |
| 1183 out->SetStringPiece(kPROF, signature); | 1183 out->SetStringPiece(kPROF, signature); |
| 1184 } | 1184 } |
| 1185 } | 1185 } |
| 1186 | 1186 |
| 1187 scoped_refptr<QuicCryptoServerConfig::Config> | 1187 scoped_refptr<QuicCryptoServerConfig::Config> |
| 1188 QuicCryptoServerConfig::ParseConfigProtobuf( | 1188 QuicCryptoServerConfig::ParseConfigProtobuf( |
| 1189 QuicServerConfigProtobuf* protobuf) { | 1189 QuicServerConfigProtobuf* protobuf) { |
| (...skipping 54 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1244 if (!msg->GetStringPiece(kORBT, &orbit)) { | 1244 if (!msg->GetStringPiece(kORBT, &orbit)) { |
| 1245 LOG(WARNING) << "Server config message is missing ORBT"; | 1245 LOG(WARNING) << "Server config message is missing ORBT"; |
| 1246 return nullptr; | 1246 return nullptr; |
| 1247 } | 1247 } |
| 1248 | 1248 |
| 1249 if (orbit.size() != kOrbitSize) { | 1249 if (orbit.size() != kOrbitSize) { |
| 1250 LOG(WARNING) << "Orbit value in server config is the wrong length." | 1250 LOG(WARNING) << "Orbit value in server config is the wrong length." |
| 1251 " Got " << orbit.size() << " want " << kOrbitSize; | 1251 " Got " << orbit.size() << " want " << kOrbitSize; |
| 1252 return nullptr; | 1252 return nullptr; |
| 1253 } | 1253 } |
| 1254 COMPILE_ASSERT(sizeof(config->orbit) == kOrbitSize, orbit_incorrect_size); | 1254 static_assert(sizeof(config->orbit) == kOrbitSize, |
| 1255 "orbit has incorrect size"); |
| 1255 memcpy(config->orbit, orbit.data(), sizeof(config->orbit)); | 1256 memcpy(config->orbit, orbit.data(), sizeof(config->orbit)); |
| 1256 | 1257 |
| 1257 { | 1258 { |
| 1258 StrikeRegisterClient* strike_register_client; | 1259 StrikeRegisterClient* strike_register_client; |
| 1259 { | 1260 { |
| 1260 base::AutoLock locked(strike_register_client_lock_); | 1261 base::AutoLock locked(strike_register_client_lock_); |
| 1261 strike_register_client = strike_register_client_.get(); | 1262 strike_register_client = strike_register_client_.get(); |
| 1262 } | 1263 } |
| 1263 | 1264 |
| 1264 if (strike_register_client != nullptr && | 1265 if (strike_register_client != nullptr && |
| (...skipping 343 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1608 // kServerNoncePlaintextSize is the number of bytes in an unencrypted server | 1609 // kServerNoncePlaintextSize is the number of bytes in an unencrypted server |
| 1609 // nonce. | 1610 // nonce. |
| 1610 static const size_t kServerNoncePlaintextSize = | 1611 static const size_t kServerNoncePlaintextSize = |
| 1611 4 /* timestamp */ + 20 /* random bytes */; | 1612 4 /* timestamp */ + 20 /* random bytes */; |
| 1612 | 1613 |
| 1613 string QuicCryptoServerConfig::NewServerNonce(QuicRandom* rand, | 1614 string QuicCryptoServerConfig::NewServerNonce(QuicRandom* rand, |
| 1614 QuicWallTime now) const { | 1615 QuicWallTime now) const { |
| 1615 const uint32 timestamp = static_cast<uint32>(now.ToUNIXSeconds()); | 1616 const uint32 timestamp = static_cast<uint32>(now.ToUNIXSeconds()); |
| 1616 | 1617 |
| 1617 uint8 server_nonce[kServerNoncePlaintextSize]; | 1618 uint8 server_nonce[kServerNoncePlaintextSize]; |
| 1618 COMPILE_ASSERT(sizeof(server_nonce) > sizeof(timestamp), nonce_too_small); | 1619 static_assert(sizeof(server_nonce) > sizeof(timestamp), "nonce too small"); |
| 1619 server_nonce[0] = static_cast<uint8>(timestamp >> 24); | 1620 server_nonce[0] = static_cast<uint8>(timestamp >> 24); |
| 1620 server_nonce[1] = static_cast<uint8>(timestamp >> 16); | 1621 server_nonce[1] = static_cast<uint8>(timestamp >> 16); |
| 1621 server_nonce[2] = static_cast<uint8>(timestamp >> 8); | 1622 server_nonce[2] = static_cast<uint8>(timestamp >> 8); |
| 1622 server_nonce[3] = static_cast<uint8>(timestamp); | 1623 server_nonce[3] = static_cast<uint8>(timestamp); |
| 1623 rand->RandBytes(&server_nonce[sizeof(timestamp)], | 1624 rand->RandBytes(&server_nonce[sizeof(timestamp)], |
| 1624 sizeof(server_nonce) - sizeof(timestamp)); | 1625 sizeof(server_nonce) - sizeof(timestamp)); |
| 1625 | 1626 |
| 1626 return server_nonce_boxer_.Box( | 1627 return server_nonce_boxer_.Box( |
| 1627 rand, | 1628 rand, |
| 1628 StringPiece(reinterpret_cast<char*>(server_nonce), sizeof(server_nonce))); | 1629 StringPiece(reinterpret_cast<char*>(server_nonce), sizeof(server_nonce))); |
| (...skipping 16 matching lines...) Expand all Loading... |
| 1645 // This should never happen because the value decrypted correctly. | 1646 // This should never happen because the value decrypted correctly. |
| 1646 LOG(DFATAL) << "Seemingly valid server nonce had incorrect length."; | 1647 LOG(DFATAL) << "Seemingly valid server nonce had incorrect length."; |
| 1647 return SERVER_NONCE_INVALID_FAILURE; | 1648 return SERVER_NONCE_INVALID_FAILURE; |
| 1648 } | 1649 } |
| 1649 | 1650 |
| 1650 uint8 server_nonce[32]; | 1651 uint8 server_nonce[32]; |
| 1651 memcpy(server_nonce, plaintext.data(), 4); | 1652 memcpy(server_nonce, plaintext.data(), 4); |
| 1652 memcpy(server_nonce + 4, server_nonce_orbit_, sizeof(server_nonce_orbit_)); | 1653 memcpy(server_nonce + 4, server_nonce_orbit_, sizeof(server_nonce_orbit_)); |
| 1653 memcpy(server_nonce + 4 + sizeof(server_nonce_orbit_), plaintext.data() + 4, | 1654 memcpy(server_nonce + 4 + sizeof(server_nonce_orbit_), plaintext.data() + 4, |
| 1654 20); | 1655 20); |
| 1655 COMPILE_ASSERT(4 + sizeof(server_nonce_orbit_) + 20 == sizeof(server_nonce), | 1656 static_assert(4 + sizeof(server_nonce_orbit_) + 20 == sizeof(server_nonce), |
| 1656 bad_nonce_buffer_length); | 1657 "bad nonce buffer length"); |
| 1657 | 1658 |
| 1658 InsertStatus nonce_error; | 1659 InsertStatus nonce_error; |
| 1659 { | 1660 { |
| 1660 base::AutoLock auto_lock(server_nonce_strike_register_lock_); | 1661 base::AutoLock auto_lock(server_nonce_strike_register_lock_); |
| 1661 if (server_nonce_strike_register_.get() == nullptr) { | 1662 if (server_nonce_strike_register_.get() == nullptr) { |
| 1662 server_nonce_strike_register_.reset(new StrikeRegister( | 1663 server_nonce_strike_register_.reset(new StrikeRegister( |
| 1663 server_nonce_strike_register_max_entries_, | 1664 server_nonce_strike_register_max_entries_, |
| 1664 static_cast<uint32>(now.ToUNIXSeconds()), | 1665 static_cast<uint32>(now.ToUNIXSeconds()), |
| 1665 server_nonce_strike_register_window_secs_, server_nonce_orbit_, | 1666 server_nonce_strike_register_window_secs_, server_nonce_orbit_, |
| 1666 StrikeRegister::NO_STARTUP_PERIOD_NEEDED)); | 1667 StrikeRegister::NO_STARTUP_PERIOD_NEEDED)); |
| (...skipping 24 matching lines...) Expand all Loading... |
| 1691 QuicCryptoServerConfig::Config::Config() | 1692 QuicCryptoServerConfig::Config::Config() |
| 1692 : channel_id_enabled(false), | 1693 : channel_id_enabled(false), |
| 1693 is_primary(false), | 1694 is_primary(false), |
| 1694 primary_time(QuicWallTime::Zero()), | 1695 primary_time(QuicWallTime::Zero()), |
| 1695 priority(0), | 1696 priority(0), |
| 1696 source_address_token_boxer(nullptr) {} | 1697 source_address_token_boxer(nullptr) {} |
| 1697 | 1698 |
| 1698 QuicCryptoServerConfig::Config::~Config() { STLDeleteElements(&key_exchanges); } | 1699 QuicCryptoServerConfig::Config::~Config() { STLDeleteElements(&key_exchanges); } |
| 1699 | 1700 |
| 1700 } // namespace net | 1701 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 826973002:
replace COMPILE_ASSERT with static_assert in net/ (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master