| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/quic/quic_crypto_server_stream.h" | 5 #include "net/quic/quic_crypto_server_stream.h" |
| 6 | 6 |
| 7 #include "net/quic/crypto/crypto_protocol.h" | 7 #include "net/quic/crypto/crypto_protocol.h" |
| 8 #include "net/quic/crypto/crypto_server_config.h" | 8 #include "net/quic/crypto/crypto_server_config.h" |
| 9 #include "net/quic/crypto/crypto_utils.h" | 9 #include "net/quic/crypto/crypto_utils.h" |
| 10 #include "net/quic/quic_config.h" | 10 #include "net/quic/quic_config.h" |
| (...skipping 22 matching lines...) Expand all Loading... |
| 33 return; | 33 return; |
| 34 } | 34 } |
| 35 | 35 |
| 36 if (message.tag() != kCHLO) { | 36 if (message.tag() != kCHLO) { |
| 37 CloseConnection(QUIC_INVALID_CRYPTO_MESSAGE_TYPE); | 37 CloseConnection(QUIC_INVALID_CRYPTO_MESSAGE_TYPE); |
| 38 return; | 38 return; |
| 39 } | 39 } |
| 40 | 40 |
| 41 string error_details; | 41 string error_details; |
| 42 CryptoHandshakeMessage reply; | 42 CryptoHandshakeMessage reply; |
| 43 crypto_config_.ProcessClientHello( | 43 QuicErrorCode error = crypto_config_.ProcessClientHello( |
| 44 message, session()->connection()->guid(), | 44 message, session()->connection()->guid(), |
| 45 session()->connection()->peer_address(), | 45 session()->connection()->peer_address(), |
| 46 session()->connection()->clock()->NowAsDeltaSinceUnixEpoch(), | 46 session()->connection()->clock(), |
| 47 session()->connection()->random_generator(), | 47 session()->connection()->random_generator(), |
| 48 &crypto_negotiated_params_, &reply, &error_details); | 48 &crypto_negotiated_params_, &reply, &error_details); |
| 49 | 49 |
| 50 if (reply.tag() == kSHLO) { | 50 if (error != QUIC_NO_ERROR) { |
| 51 // If we are returning a SHLO then we accepted the handshake. | 51 CloseConnectionWithDetails(error, error_details); |
| 52 QuicErrorCode error = config_.ProcessFinalPeerHandshake( | 52 return; |
| 53 message, CryptoUtils::LOCAL_PRIORITY, &negotiated_params_, | |
| 54 &error_details); | |
| 55 if (error != QUIC_NO_ERROR) { | |
| 56 CloseConnectionWithDetails(error, error_details); | |
| 57 return; | |
| 58 } | |
| 59 | |
| 60 // Receiving a full CHLO implies the client is prepared to decrypt with | |
| 61 // the new server write key. We can start to encrypt with the new server | |
| 62 // write key. | |
| 63 // | |
| 64 // NOTE: the SHLO will be encrypted with the new server write key. | |
| 65 session()->connection()->SetEncrypter( | |
| 66 ENCRYPTION_INITIAL, | |
| 67 crypto_negotiated_params_.encrypter.release()); | |
| 68 session()->connection()->SetDefaultEncryptionLevel( | |
| 69 ENCRYPTION_INITIAL); | |
| 70 // Set the decrypter immediately so that we no longer accept unencrypted | |
| 71 // packets. | |
| 72 session()->connection()->SetDecrypter( | |
| 73 crypto_negotiated_params_.decrypter.release()); | |
| 74 encryption_established_ = true; | |
| 75 handshake_confirmed_ = true; | |
| 76 session()->OnCryptoHandshakeEvent(QuicSession::HANDSHAKE_CONFIRMED); | |
| 77 } | 53 } |
| 78 | 54 |
| 55 if (reply.tag() != kSHLO) { |
| 56 SendHandshakeMessage(reply); |
| 57 return; |
| 58 } |
| 59 |
| 60 // If we are returning a SHLO then we accepted the handshake. |
| 61 error = config_.ProcessFinalPeerHandshake( |
| 62 message, CryptoUtils::LOCAL_PRIORITY, &negotiated_params_, |
| 63 &error_details); |
| 64 if (error != QUIC_NO_ERROR) { |
| 65 CloseConnectionWithDetails(error, error_details); |
| 66 return; |
| 67 } |
| 68 |
| 69 // Receiving a full CHLO implies the client is prepared to decrypt with |
| 70 // the new server write key. We can start to encrypt with the new server |
| 71 // write key. |
| 72 // |
| 73 // NOTE: the SHLO will be encrypted with the new server write key. |
| 74 session()->connection()->SetEncrypter( |
| 75 ENCRYPTION_INITIAL, |
| 76 crypto_negotiated_params_.initial_crypters.encrypter.release()); |
| 77 session()->connection()->SetDefaultEncryptionLevel( |
| 78 ENCRYPTION_INITIAL); |
| 79 // Set the decrypter immediately so that we no longer accept unencrypted |
| 80 // packets. |
| 81 session()->connection()->SetDecrypter( |
| 82 crypto_negotiated_params_.initial_crypters.decrypter.release()); |
| 79 SendHandshakeMessage(reply); | 83 SendHandshakeMessage(reply); |
| 80 return; | |
| 81 } | |
| 82 | 84 |
| 83 const QuicNegotiatedParameters& | 85 session()->connection()->SetEncrypter( |
| 84 QuicCryptoServerStream::negotiated_params() const { | 86 ENCRYPTION_FORWARD_SECURE, |
| 85 return negotiated_params_; | 87 crypto_negotiated_params_.forward_secure_crypters.encrypter.release()); |
| 86 } | 88 session()->connection()->SetDefaultEncryptionLevel( |
| 89 ENCRYPTION_FORWARD_SECURE); |
| 90 session()->connection()->SetAlternativeDecrypter( |
| 91 crypto_negotiated_params_.forward_secure_crypters.decrypter.release(), |
| 92 false /* don't latch */); |
| 87 | 93 |
| 88 const QuicCryptoNegotiatedParameters& | 94 encryption_established_ = true; |
| 89 QuicCryptoServerStream::crypto_negotiated_params() const { | 95 handshake_confirmed_ = true; |
| 90 return crypto_negotiated_params_; | 96 session()->OnCryptoHandshakeEvent(QuicSession::HANDSHAKE_CONFIRMED); |
| 91 } | 97 } |
| 92 | 98 |
| 93 } // namespace net | 99 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
