Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(460)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/quic/crypto/crypto_protocol.h

Issue 14287009: Land Recent QUIC Changes (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Merge with Tot Created 7 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/quic/crypto/crypto_handshake.cc ('k') | net/quic/crypto/crypto_server_config_protobuf.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/quic/crypto/crypto_protocol.h
diff --git a/net/quic/crypto/crypto_protocol.h b/net/quic/crypto/crypto_protocol.h
index dd684400cb92af9518fb03eb992c0a8abfc702c2..3e22e7b5816e3d4c8a39293d0e63010c0b9604ef 100644
--- a/net/quic/crypto/crypto_protocol.h
+++ b/net/quic/crypto/crypto_protocol.h
@@ -10,10 +10,18 @@
#include <vector>
#include "base/basictypes.h"
-#include "base/logging.h"
#include "net/base/net_export.h"
-#include "net/quic/quic_protocol.h"
-#include "net/quic/quic_time.h"
+
+// Version and Crypto tags are written to the wire with a big-endian
+// representation of the name of the tag. For example
+// the client hello tag (CHLO) will be written as the
+// following 4 bytes: 'C' 'H' 'L' 'O'. Since it is
+// stored in memory as a little endian uint32, we need
+// to reverse the order of the bytes.
+//
+// We use a macro to ensure that no static initialisers are created. Use the
+// QuicTag function in normal code.
+#define TAG(a, b, c, d) ((d << 24) + (c << 16) + (b << 8) + a)
namespace net {
@@ -23,47 +31,49 @@ typedef std::string ServerConfigID;
typedef std::map<CryptoTag, std::string> CryptoTagValueMap;
typedef std::vector<CryptoTag> CryptoTagVector;
-const CryptoTag kCHLO = MAKE_TAG('C', 'H', 'L', 'O'); // Client hello
-const CryptoTag kSHLO = MAKE_TAG('S', 'H', 'L', 'O'); // Server hello
-const CryptoTag kSCFG = MAKE_TAG('S', 'C', 'F', 'G'); // Server config
-const CryptoTag kREJ = MAKE_TAG('R', 'E', 'J', '\0'); // Reject
+const CryptoTag kCHLO = TAG('C', 'H', 'L', 'O'); // Client hello
+const CryptoTag kSHLO = TAG('S', 'H', 'L', 'O'); // Server hello
+const CryptoTag kSCFG = TAG('S', 'C', 'F', 'G'); // Server config
+const CryptoTag kREJ = TAG('R', 'E', 'J', '\0'); // Reject
// Key exchange methods
-const CryptoTag kP256 = MAKE_TAG('P', '2', '5', '6'); // ECDH, Curve P-256
-const CryptoTag kC255 = MAKE_TAG('C', '2', '5', '5'); // ECDH, Curve25519
+const CryptoTag kP256 = TAG('P', '2', '5', '6'); // ECDH, Curve P-256
+const CryptoTag kC255 = TAG('C', '2', '5', '5'); // ECDH, Curve25519
// AEAD algorithms
-const CryptoTag kNULL = MAKE_TAG('N', 'U', 'L', 'L'); // null algorithm
-const CryptoTag kAESG = MAKE_TAG('A', 'E', 'S', 'G'); // AES128 + GCM
+const CryptoTag kNULL = TAG('N', 'U', 'L', 'L'); // null algorithm
+const CryptoTag kAESG = TAG('A', 'E', 'S', 'G'); // AES128 + GCM
// Congestion control feedback types
-const CryptoTag kQBIC = MAKE_TAG('Q', 'B', 'I', 'C'); // TCP cubic
-const CryptoTag kINAR = MAKE_TAG('I', 'N', 'A', 'R'); // Inter arrival
+const CryptoTag kQBIC = TAG('Q', 'B', 'I', 'C'); // TCP cubic
+const CryptoTag kINAR = TAG('I', 'N', 'A', 'R'); // Inter arrival
// Proof types (i.e. certificate types)
-const CryptoTag kX509 = MAKE_TAG('X', '5', '0', '9'); // X.509 certificate
+const CryptoTag kX509 = TAG('X', '5', '0', '9'); // X.509 certificate
// Client hello tags
-const CryptoTag kVERS = MAKE_TAG('V', 'E', 'R', 'S'); // Version
-const CryptoTag kNONC = MAKE_TAG('N', 'O', 'N', 'C'); // The connection nonce
-const CryptoTag kSSID = MAKE_TAG('S', 'S', 'I', 'D'); // Session ID
-const CryptoTag kKEXS = MAKE_TAG('K', 'E', 'X', 'S'); // Key exchange methods
-const CryptoTag kAEAD = MAKE_TAG('A', 'E', 'A', 'D'); // Authenticated
- // encryption algorithms
-const CryptoTag kCGST = MAKE_TAG('C', 'G', 'S', 'T'); // Congestion control
- // feedback types
-const CryptoTag kICSL = MAKE_TAG('I', 'C', 'S', 'L'); // Idle connection state
- // lifetime
-const CryptoTag kKATO = MAKE_TAG('K', 'A', 'T', 'O'); // Keepalive timeout
-const CryptoTag kSNI = MAKE_TAG('S', 'N', 'I', '\0'); // Server name
- // indication
-const CryptoTag kPUBS = MAKE_TAG('P', 'U', 'B', 'S'); // Public key values
-const CryptoTag kSCID = MAKE_TAG('S', 'C', 'I', 'D'); // Server config id
-const CryptoTag kSRCT = MAKE_TAG('S', 'R', 'C', 'T'); // Source-address token
-const CryptoTag kORBT = MAKE_TAG('O', 'B', 'I', 'T'); // Server orbit.
-const CryptoTag kPDMD = MAKE_TAG('P', 'D', 'M', 'D'); // Proof demand.
-const CryptoTag kCERT = MAKE_TAG('C', 'E', 'R', 'T'); // Certificate chain
-const CryptoTag kPROF = MAKE_TAG('P', 'R', 'O', 'F'); // Proof (signature).
+const CryptoTag kVERS = TAG('V', 'E', 'R', 'S'); // Version
+const CryptoTag kNONC = TAG('N', 'O', 'N', 'C'); // The connection nonce
+const CryptoTag kSSID = TAG('S', 'S', 'I', 'D'); // Session ID
+const CryptoTag kKEXS = TAG('K', 'E', 'X', 'S'); // Key exchange methods
+const CryptoTag kAEAD = TAG('A', 'E', 'A', 'D'); // Authenticated
+ // encryption algorithms
+const CryptoTag kCGST = TAG('C', 'G', 'S', 'T'); // Congestion control
+ // feedback types
+const CryptoTag kICSL = TAG('I', 'C', 'S', 'L'); // Idle connection state
+ // lifetime
+const CryptoTag kKATO = TAG('K', 'A', 'T', 'O'); // Keepalive timeout
+const CryptoTag kSNI = TAG('S', 'N', 'I', '\0'); // Server name
+ // indication
+const CryptoTag kPUBS = TAG('P', 'U', 'B', 'S'); // Public key values
+const CryptoTag kSCID = TAG('S', 'C', 'I', 'D'); // Server config id
+const CryptoTag kSRCT = TAG('S', 'R', 'C', 'T'); // Source-address token
+const CryptoTag kORBT = TAG('O', 'B', 'I', 'T'); // Server orbit.
+const CryptoTag kPDMD = TAG('P', 'D', 'M', 'D'); // Proof demand.
+const CryptoTag kCERT = TAG('C', 'E', 'R', 'T'); // Certificate chain
+const CryptoTag kPROF = TAG('P', 'R', 'O', 'F'); // Proof (signature).
+
+#undef TAG
const size_t kMaxEntries = 16; // Max number of entries in a message.
@@ -71,6 +81,10 @@ const size_t kNonceSize = 32; // Size in bytes of the connection nonce.
const size_t kOrbitSize = 8; // Number of bytes in an orbit value.
+// kProofSignatureLabel is prepended to server configs before signing to avoid
+// any cross-protocol attacks on the signature.
+const char kProofSignatureLabel[] = "QUIC server config signature";
+
} // namespace net
#endif // NET_QUIC_CRYPTO_CRYPTO_PROTOCOL_H_
« no previous file with comments | « net/quic/crypto/crypto_handshake.cc ('k') | net/quic/crypto/crypto_server_config_protobuf.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698