| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/quic/crypto/quic_crypto_server_config.h" | 5 #include "net/quic/crypto/quic_crypto_server_config.h" |
| 6 | 6 |
| 7 #include <stdlib.h> | 7 #include <stdlib.h> |
| 8 #include <algorithm> | 8 #include <algorithm> |
| 9 | 9 |
| 10 #include "base/stl_util.h" | 10 #include "base/stl_util.h" |
| (...skipping 434 matching lines...) Loading... |
| 445 it->second->primary_time = config->primary_time; | 445 it->second->primary_time = config->primary_time; |
| 446 it->second->priority = config->priority; | 446 it->second->priority = config->priority; |
| 447 new_configs.insert(*it); | 447 new_configs.insert(*it); |
| 448 } else { | 448 } else { |
| 449 VLOG(1) << "Adding scid: " << base::HexEncode( | 449 VLOG(1) << "Adding scid: " << base::HexEncode( |
| 450 config->id.data(), config->id.size()) | 450 config->id.data(), config->id.size()) |
| 451 << " orbit: " << base::HexEncode( | 451 << " orbit: " << base::HexEncode( |
| 452 reinterpret_cast<const char *>(config->orbit), kOrbitSize) | 452 reinterpret_cast<const char *>(config->orbit), kOrbitSize) |
| 453 << " primary_time " << config->primary_time.ToUNIXSeconds() | 453 << " primary_time " << config->primary_time.ToUNIXSeconds() |
| 454 << " priority " << config->priority; | 454 << " priority " << config->priority; |
| 455 new_configs.insert(make_pair(config->id, config)); | 455 new_configs.insert(std::make_pair(config->id, config)); |
| 456 } | 456 } |
| 457 } | 457 } |
| 458 | 458 |
| 459 configs_.swap(new_configs); | 459 configs_.swap(new_configs); |
| 460 SelectNewPrimaryConfig(now); | 460 SelectNewPrimaryConfig(now); |
| 461 DCHECK(primary_config_.get()); | 461 DCHECK(primary_config_.get()); |
| 462 DCHECK_EQ(configs_.find(primary_config_->id)->second, primary_config_); | 462 DCHECK_EQ(configs_.find(primary_config_->id)->second, primary_config_); |
| 463 } | 463 } |
| 464 | 464 |
| 465 return ok; | 465 return ok; |
| (...skipping 211 matching lines...) Loading... |
| 677 | 677 |
| 678 CrypterPair crypters; | 678 CrypterPair crypters; |
| 679 if (!CryptoUtils::DeriveKeys(params->initial_premaster_secret, params->aead, | 679 if (!CryptoUtils::DeriveKeys(params->initial_premaster_secret, params->aead, |
| 680 info.client_nonce, info.server_nonce, | 680 info.client_nonce, info.server_nonce, |
| 681 hkdf_input, CryptoUtils::SERVER, &crypters, | 681 hkdf_input, CryptoUtils::SERVER, &crypters, |
| 682 nullptr /* subkey secret */)) { | 682 nullptr /* subkey secret */)) { |
| 683 *error_details = "Symmetric key setup failed"; | 683 *error_details = "Symmetric key setup failed"; |
| 684 return QUIC_CRYPTO_SYMMETRIC_KEY_SETUP_FAILED; | 684 return QUIC_CRYPTO_SYMMETRIC_KEY_SETUP_FAILED; |
| 685 } | 685 } |
| 686 | 686 |
| 687 scoped_ptr<QuicData> cetv_plaintext(crypters.decrypter->DecryptPacket( | 687 char plaintext[kMaxPacketSize]; |
| 688 size_t plaintext_length = 0; |
| 689 const bool success = crypters.decrypter->DecryptPacket( |
| 688 0 /* sequence number */, StringPiece() /* associated data */, | 690 0 /* sequence number */, StringPiece() /* associated data */, |
| 689 cetv_ciphertext)); | 691 cetv_ciphertext, plaintext, &plaintext_length, kMaxPacketSize); |
| 690 if (!cetv_plaintext.get()) { | 692 if (!success) { |
| 691 *error_details = "CETV decryption failure"; | 693 *error_details = "CETV decryption failure"; |
| 692 return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER; | 694 return QUIC_PACKET_TOO_LARGE; |
| 693 } | 695 } |
| 694 | 696 scoped_ptr<CryptoHandshakeMessage> cetv( |
| 695 scoped_ptr<CryptoHandshakeMessage> cetv(CryptoFramer::ParseMessage( | 697 CryptoFramer::ParseMessage(StringPiece(plaintext, plaintext_length))); |
| 696 cetv_plaintext->AsStringPiece())); | |
| 697 if (!cetv.get()) { | 698 if (!cetv.get()) { |
| 698 *error_details = "CETV parse error"; | 699 *error_details = "CETV parse error"; |
| 699 return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER; | 700 return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER; |
| 700 } | 701 } |
| 701 | 702 |
| 702 StringPiece key, signature; | 703 StringPiece key, signature; |
| 703 if (cetv->GetStringPiece(kCIDK, &key) && | 704 if (cetv->GetStringPiece(kCIDK, &key) && |
| 704 cetv->GetStringPiece(kCIDS, &signature)) { | 705 cetv->GetStringPiece(kCIDS, &signature)) { |
| 705 if (!ChannelIDVerifier::Verify(key, hkdf_input, signature)) { | 706 if (!ChannelIDVerifier::Verify(key, hkdf_input, signature)) { |
| 706 *error_details = "ChannelID signature failure"; | 707 *error_details = "ChannelID signature failure"; |
| (...skipping 121 matching lines...) Loading... |
| 828 | 829 |
| 829 if (configs.empty()) { | 830 if (configs.empty()) { |
| 830 if (primary_config_.get()) { | 831 if (primary_config_.get()) { |
| 831 LOG(DFATAL) << "No valid QUIC server config. Keeping the current config."; | 832 LOG(DFATAL) << "No valid QUIC server config. Keeping the current config."; |
| 832 } else { | 833 } else { |
| 833 LOG(DFATAL) << "No valid QUIC server config."; | 834 LOG(DFATAL) << "No valid QUIC server config."; |
| 834 } | 835 } |
| 835 return; | 836 return; |
| 836 } | 837 } |
| 837 | 838 |
| 838 sort(configs.begin(), configs.end(), ConfigPrimaryTimeLessThan); | 839 std::sort(configs.begin(), configs.end(), ConfigPrimaryTimeLessThan); |
| 839 | 840 |
| 840 Config* best_candidate = configs[0].get(); | 841 Config* best_candidate = configs[0].get(); |
| 841 | 842 |
| 842 for (size_t i = 0; i < configs.size(); ++i) { | 843 for (size_t i = 0; i < configs.size(); ++i) { |
| 843 const scoped_refptr<Config> config(configs[i]); | 844 const scoped_refptr<Config> config(configs[i]); |
| 844 if (!config->primary_time.IsAfter(now)) { | 845 if (!config->primary_time.IsAfter(now)) { |
| 845 if (config->primary_time.IsAfter(best_candidate->primary_time)) { | 846 if (config->primary_time.IsAfter(best_candidate->primary_time)) { |
| 846 best_candidate = config.get(); | 847 best_candidate = config.get(); |
| 847 } | 848 } |
| 848 continue; | 849 continue; |
| (...skipping 841 matching lines...) Loading... |
| 1690 QuicCryptoServerConfig::Config::Config() | 1691 QuicCryptoServerConfig::Config::Config() |
| 1691 : channel_id_enabled(false), | 1692 : channel_id_enabled(false), |
| 1692 is_primary(false), | 1693 is_primary(false), |
| 1693 primary_time(QuicWallTime::Zero()), | 1694 primary_time(QuicWallTime::Zero()), |
| 1694 priority(0), | 1695 priority(0), |
| 1695 source_address_token_boxer(nullptr) {} | 1696 source_address_token_boxer(nullptr) {} |
| 1696 | 1697 |
| 1697 QuicCryptoServerConfig::Config::~Config() { STLDeleteElements(&key_exchanges); } | 1698 QuicCryptoServerConfig::Config::~Config() { STLDeleteElements(&key_exchanges); } |
| 1698 | 1699 |
| 1699 } // namespace net | 1700 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews