| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/quic/crypto/quic_crypto_server_config.h" | 5 #include "net/quic/crypto/quic_crypto_server_config.h" |
| 6 | 6 |
| 7 #include <stdlib.h> | 7 #include <stdlib.h> |
| 8 #include <algorithm> | 8 #include <algorithm> |
| 9 | 9 |
| 10 #include "base/stl_util.h" | 10 #include "base/stl_util.h" |
| (...skipping 647 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 658 client_hello_serialized.length()); | 658 client_hello_serialized.length()); |
| 659 hkdf_suffix.append(requested_config->serialized); | 659 hkdf_suffix.append(requested_config->serialized); |
| 660 | 660 |
| 661 StringPiece cetv_ciphertext; | 661 StringPiece cetv_ciphertext; |
| 662 if (requested_config->channel_id_enabled && | 662 if (requested_config->channel_id_enabled && |
| 663 client_hello.GetStringPiece(kCETV, &cetv_ciphertext)) { | 663 client_hello.GetStringPiece(kCETV, &cetv_ciphertext)) { |
| 664 CryptoHandshakeMessage client_hello_copy(client_hello); | 664 CryptoHandshakeMessage client_hello_copy(client_hello); |
| 665 client_hello_copy.Erase(kCETV); | 665 client_hello_copy.Erase(kCETV); |
| 666 client_hello_copy.Erase(kPAD); | 666 client_hello_copy.Erase(kPAD); |
| 667 | 667 |
| 668 const QuicData& client_hello_serialized = client_hello_copy.GetSerialized(); | 668 const QuicData& client_hello_copy_serialized = |
| 669 client_hello_copy.GetSerialized(); |
| 669 string hkdf_input; | 670 string hkdf_input; |
| 670 hkdf_input.append(QuicCryptoConfig::kCETVLabel, | 671 hkdf_input.append(QuicCryptoConfig::kCETVLabel, |
| 671 strlen(QuicCryptoConfig::kCETVLabel) + 1); | 672 strlen(QuicCryptoConfig::kCETVLabel) + 1); |
| 672 hkdf_input.append(reinterpret_cast<char*>(&connection_id), | 673 hkdf_input.append(reinterpret_cast<char*>(&connection_id), |
| 673 sizeof(connection_id)); | 674 sizeof(connection_id)); |
| 674 hkdf_input.append(client_hello_serialized.data(), | 675 hkdf_input.append(client_hello_copy_serialized.data(), |
| 675 client_hello_serialized.length()); | 676 client_hello_copy_serialized.length()); |
| 676 hkdf_input.append(requested_config->serialized); | 677 hkdf_input.append(requested_config->serialized); |
| 677 | 678 |
| 678 CrypterPair crypters; | 679 CrypterPair crypters; |
| 679 if (!CryptoUtils::DeriveKeys(params->initial_premaster_secret, params->aead, | 680 if (!CryptoUtils::DeriveKeys(params->initial_premaster_secret, params->aead, |
| 680 info.client_nonce, info.server_nonce, | 681 info.client_nonce, info.server_nonce, |
| 681 hkdf_input, CryptoUtils::SERVER, &crypters, | 682 hkdf_input, CryptoUtils::SERVER, &crypters, |
| 682 nullptr /* subkey secret */)) { | 683 nullptr /* subkey secret */)) { |
| 683 *error_details = "Symmetric key setup failed"; | 684 *error_details = "Symmetric key setup failed"; |
| 684 return QUIC_CRYPTO_SYMMETRIC_KEY_SETUP_FAILED; | 685 return QUIC_CRYPTO_SYMMETRIC_KEY_SETUP_FAILED; |
| 685 } | 686 } |
| (...skipping 640 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1326 " private key."; | 1327 " private key."; |
| 1327 return nullptr; | 1328 return nullptr; |
| 1328 } | 1329 } |
| 1329 break; | 1330 break; |
| 1330 default: | 1331 default: |
| 1331 LOG(WARNING) << "Server config message contains unknown key exchange " | 1332 LOG(WARNING) << "Server config message contains unknown key exchange " |
| 1332 "method: " << tag; | 1333 "method: " << tag; |
| 1333 return nullptr; | 1334 return nullptr; |
| 1334 } | 1335 } |
| 1335 | 1336 |
| 1336 for (vector<KeyExchange*>::const_iterator i = config->key_exchanges.begin(); | 1337 for (vector<KeyExchange*>::const_iterator j = config->key_exchanges.begin(); |
| 1337 i != config->key_exchanges.end(); ++i) { | 1338 j != config->key_exchanges.end(); ++j) { |
| 1338 if ((*i)->tag() == tag) { | 1339 if ((*j)->tag() == tag) { |
| 1339 LOG(WARNING) << "Duplicate key exchange in config: " << tag; | 1340 LOG(WARNING) << "Duplicate key exchange in config: " << tag; |
| 1340 return nullptr; | 1341 return nullptr; |
| 1341 } | 1342 } |
| 1342 } | 1343 } |
| 1343 | 1344 |
| 1344 config->key_exchanges.push_back(ka.release()); | 1345 config->key_exchanges.push_back(ka.release()); |
| 1345 } | 1346 } |
| 1346 | 1347 |
| 1347 return config; | 1348 return config; |
| 1348 } | 1349 } |
| (...skipping 122 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1471 const Config& config, | 1472 const Config& config, |
| 1472 StringPiece token, | 1473 StringPiece token, |
| 1473 SourceAddressTokens* tokens) const { | 1474 SourceAddressTokens* tokens) const { |
| 1474 string storage; | 1475 string storage; |
| 1475 StringPiece plaintext; | 1476 StringPiece plaintext; |
| 1476 if (!config.source_address_token_boxer->Unbox(token, &storage, &plaintext)) { | 1477 if (!config.source_address_token_boxer->Unbox(token, &storage, &plaintext)) { |
| 1477 return SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE; | 1478 return SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE; |
| 1478 } | 1479 } |
| 1479 | 1480 |
| 1480 if (!FLAGS_quic_use_multiple_address_in_source_tokens) { | 1481 if (!FLAGS_quic_use_multiple_address_in_source_tokens) { |
| 1481 SourceAddressToken token; | 1482 SourceAddressToken source_address_token; |
| 1482 if (!token.ParseFromArray(plaintext.data(), plaintext.size())) { | 1483 if (!source_address_token.ParseFromArray(plaintext.data(), |
| 1484 plaintext.size())) { |
| 1483 return SOURCE_ADDRESS_TOKEN_PARSE_FAILURE; | 1485 return SOURCE_ADDRESS_TOKEN_PARSE_FAILURE; |
| 1484 } | 1486 } |
| 1485 *(tokens->add_tokens()) = token; | 1487 *(tokens->add_tokens()) = source_address_token; |
| 1486 return HANDSHAKE_OK; | 1488 return HANDSHAKE_OK; |
| 1487 } | 1489 } |
| 1488 | 1490 |
| 1489 if (!tokens->ParseFromArray(plaintext.data(), plaintext.size())) { | 1491 if (!tokens->ParseFromArray(plaintext.data(), plaintext.size())) { |
| 1490 // Some clients might still be using the old source token format so | 1492 // Some clients might still be using the old source token format so |
| 1491 // attempt to parse that format. | 1493 // attempt to parse that format. |
| 1492 // TODO(rch): remove this code once the new format is ubiquitous. | 1494 // TODO(rch): remove this code once the new format is ubiquitous. |
| 1493 SourceAddressToken token; | 1495 SourceAddressToken source_address_token; |
| 1494 if (!token.ParseFromArray(plaintext.data(), plaintext.size())) { | 1496 if (!source_address_token.ParseFromArray(plaintext.data(), |
| 1497 plaintext.size())) { |
| 1495 return SOURCE_ADDRESS_TOKEN_PARSE_FAILURE; | 1498 return SOURCE_ADDRESS_TOKEN_PARSE_FAILURE; |
| 1496 } | 1499 } |
| 1497 *tokens->add_tokens() = token; | 1500 *tokens->add_tokens() = source_address_token; |
| 1498 } | 1501 } |
| 1499 | 1502 |
| 1500 return HANDSHAKE_OK; | 1503 return HANDSHAKE_OK; |
| 1501 } | 1504 } |
| 1502 | 1505 |
| 1503 HandshakeFailureReason QuicCryptoServerConfig::ValidateSourceAddressToken( | 1506 HandshakeFailureReason QuicCryptoServerConfig::ValidateSourceAddressToken( |
| 1504 const Config& config, | 1507 const Config& config, |
| 1505 StringPiece token, | 1508 StringPiece token, |
| 1506 const IPEndPoint& ip, | 1509 const IPEndPoint& ip, |
| 1507 QuicWallTime now, | 1510 QuicWallTime now, |
| (...skipping 183 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1691 QuicCryptoServerConfig::Config::Config() | 1694 QuicCryptoServerConfig::Config::Config() |
| 1692 : channel_id_enabled(false), | 1695 : channel_id_enabled(false), |
| 1693 is_primary(false), | 1696 is_primary(false), |
| 1694 primary_time(QuicWallTime::Zero()), | 1697 primary_time(QuicWallTime::Zero()), |
| 1695 priority(0), | 1698 priority(0), |
| 1696 source_address_token_boxer(nullptr) {} | 1699 source_address_token_boxer(nullptr) {} |
| 1697 | 1700 |
| 1698 QuicCryptoServerConfig::Config::~Config() { STLDeleteElements(&key_exchanges); } | 1701 QuicCryptoServerConfig::Config::~Config() { STLDeleteElements(&key_exchanges); } |
| 1699 | 1702 |
| 1700 } // namespace net | 1703 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 941933002:
win vs2015: fix variable shadowing warnings in net/quic (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master