| Index: net/quic/crypto/crypto_handshake.h
|
| diff --git a/net/quic/crypto/crypto_handshake.h b/net/quic/crypto/crypto_handshake.h
|
| index 624471eb016f923aca09df4d5fdc7e59bd5629ac..6b6c3202ea6ebc05b5dba6762a3ef7f03661e315 100644
|
| --- a/net/quic/crypto/crypto_handshake.h
|
| +++ b/net/quic/crypto/crypto_handshake.h
|
| @@ -18,10 +18,9 @@
|
|
|
| namespace net {
|
|
|
| -class CommonCertSet;
|
| +class CommonCertSets;
|
| class KeyExchange;
|
| class ProofVerifier;
|
| -class QuicClock;
|
| class QuicDecrypter;
|
| class QuicEncrypter;
|
| class QuicRandom;
|
| @@ -45,14 +44,14 @@ class NET_EXPORT_PRIVATE CryptoHandshakeMessage {
|
|
|
| // SetValue sets an element with the given tag to the raw, memory contents of
|
| // |v|.
|
| - template<class T> void SetValue(CryptoTag tag, const T& v) {
|
| - tag_value_map_[tag] = std::string(reinterpret_cast<const char*>(&v),
|
| - sizeof(v));
|
| + template<class T> void SetValue(QuicTag tag, const T& v) {
|
| + tag_value_map_[tag] =
|
| + std::string(reinterpret_cast<const char*>(&v), sizeof(v));
|
| }
|
|
|
| // SetVector sets an element with the given tag to the raw contents of an
|
| // array of elements in |v|.
|
| - template<class T> void SetVector(CryptoTag tag, const std::vector<T>& v) {
|
| + template<class T> void SetVector(QuicTag tag, const std::vector<T>& v) {
|
| if (v.empty()) {
|
| tag_value_map_[tag] = std::string();
|
| } else {
|
| @@ -62,40 +61,41 @@ class NET_EXPORT_PRIVATE CryptoHandshakeMessage {
|
| }
|
|
|
| // Returns the message tag.
|
| - CryptoTag tag() const { return tag_; }
|
| + QuicTag tag() const { return tag_; }
|
| // Sets the message tag.
|
| - void set_tag(CryptoTag tag) { tag_ = tag; }
|
| + void set_tag(QuicTag tag) { tag_ = tag; }
|
|
|
| - const CryptoTagValueMap& tag_value_map() const { return tag_value_map_; }
|
| + const QuicTagValueMap& tag_value_map() const { return tag_value_map_; }
|
|
|
| - void Insert(CryptoTagValueMap::const_iterator begin,
|
| - CryptoTagValueMap::const_iterator end);
|
| + void Insert(QuicTagValueMap::const_iterator begin,
|
| + QuicTagValueMap::const_iterator end);
|
|
|
| // SetTaglist sets an element with the given tag to contain a list of tags,
|
| // passed as varargs. The argument list must be terminated with a 0 element.
|
| - void SetTaglist(CryptoTag tag, ...);
|
| + void SetTaglist(QuicTag tag, ...);
|
|
|
| - void SetStringPiece(CryptoTag tag, base::StringPiece value);
|
| + void SetStringPiece(QuicTag tag, base::StringPiece value);
|
|
|
| // GetTaglist finds an element with the given tag containing zero or more
|
| // tags. If such a tag doesn't exist, it returns false. Otherwise it sets
|
| // |out_tags| and |out_len| to point to the array of tags and returns true.
|
| // The array points into the CryptoHandshakeMessage and is valid only for as
|
| // long as the CryptoHandshakeMessage exists and is not modified.
|
| - QuicErrorCode GetTaglist(CryptoTag tag, const CryptoTag** out_tags,
|
| + QuicErrorCode GetTaglist(QuicTag tag, const QuicTag** out_tags,
|
| size_t* out_len) const;
|
|
|
| - bool GetStringPiece(CryptoTag tag, base::StringPiece* out) const;
|
| + bool GetStringPiece(QuicTag tag, base::StringPiece* out) const;
|
|
|
| - // GetNthValue16 interprets the value with the given tag to be a series of
|
| - // 16-bit length prefixed values and it returns the subvalue with the given
|
| + // GetNthValue24 interprets the value with the given tag to be a series of
|
| + // 24-bit, length prefixed values and it returns the subvalue with the given
|
| // index.
|
| - QuicErrorCode GetNthValue16(CryptoTag tag,
|
| + QuicErrorCode GetNthValue24(QuicTag tag,
|
| unsigned index,
|
| base::StringPiece* out) const;
|
| - bool GetString(CryptoTag tag, std::string* out) const;
|
| - QuicErrorCode GetUint16(CryptoTag tag, uint16* out) const;
|
| - QuicErrorCode GetUint32(CryptoTag tag, uint32* out) const;
|
| + bool GetString(QuicTag tag, std::string* out) const;
|
| + QuicErrorCode GetUint16(QuicTag tag, uint16* out) const;
|
| + QuicErrorCode GetUint32(QuicTag tag, uint32* out) const;
|
| + QuicErrorCode GetUint64(QuicTag tag, uint64* out) const;
|
|
|
| // DebugString returns a multi-line, string representation of the message
|
| // suitable for including in debug output.
|
| @@ -109,18 +109,26 @@ class NET_EXPORT_PRIVATE CryptoHandshakeMessage {
|
| //
|
| // If used to copy integers then this assumes that the machine is
|
| // little-endian.
|
| - QuicErrorCode GetPOD(CryptoTag tag, void* out, size_t len) const;
|
| + QuicErrorCode GetPOD(QuicTag tag, void* out, size_t len) const;
|
|
|
| std::string DebugStringInternal(size_t indent) const;
|
|
|
| - CryptoTag tag_;
|
| - CryptoTagValueMap tag_value_map_;
|
| + QuicTag tag_;
|
| + QuicTagValueMap tag_value_map_;
|
|
|
| // The serialized form of the handshake message. This member is constructed
|
| // lasily.
|
| mutable scoped_ptr<QuicData> serialized_;
|
| };
|
|
|
| +// A CrypterPair contains the encrypter and decrypter for an encryption level.
|
| +struct NET_EXPORT_PRIVATE CrypterPair {
|
| + CrypterPair();
|
| + ~CrypterPair();
|
| + scoped_ptr<QuicEncrypter> encrypter;
|
| + scoped_ptr<QuicDecrypter> decrypter;
|
| +};
|
| +
|
| // Parameters negotiated by the crypto handshake.
|
| struct NET_EXPORT_PRIVATE QuicCryptoNegotiatedParameters {
|
| // Initializes the members to 0 or empty values.
|
| @@ -128,16 +136,26 @@ struct NET_EXPORT_PRIVATE QuicCryptoNegotiatedParameters {
|
| ~QuicCryptoNegotiatedParameters();
|
|
|
| uint16 version;
|
| - CryptoTag key_exchange;
|
| - CryptoTag aead;
|
| - std::string premaster_secret;
|
| - scoped_ptr<QuicEncrypter> encrypter;
|
| - scoped_ptr<QuicDecrypter> decrypter;
|
| + QuicTag key_exchange;
|
| + QuicTag aead;
|
| + std::string initial_premaster_secret;
|
| + std::string forward_secure_premaster_secret;
|
| + CrypterPair initial_crypters;
|
| + CrypterPair forward_secure_crypters;
|
| std::string server_config_id;
|
| + std::string client_nonce;
|
| std::string server_nonce;
|
| + // hkdf_input_suffix contains the HKDF input following the label: the GUID,
|
| + // client hello and server config. This is only populated in the client
|
| + // because only the client needs to derive the forward secure keys at a later
|
| + // time from the initial keys.
|
| + std::string hkdf_input_suffix;
|
| // cached_certs contains the cached certificates that a client used when
|
| // sending a client hello.
|
| std::vector<std::string> cached_certs;
|
| + // client_key_exchange is used by clients to store the ephemeral KeyExchange
|
| + // for the connection.
|
| + scoped_ptr<KeyExchange> client_key_exchange;
|
| };
|
|
|
| // QuicCryptoConfig contains common configuration between clients and servers.
|
| @@ -149,9 +167,15 @@ class NET_EXPORT_PRIVATE QuicCryptoConfig {
|
| CONFIG_VERSION = 0,
|
| };
|
|
|
| - // kLabel is constant that is used in key derivation to tie the resulting key
|
| - // to this protocol.
|
| - static const char kLabel[];
|
| + // kInitialLabel is a constant that is used when deriving the initial
|
| + // (non-forward secure) keys for the connection in order to tie the resulting
|
| + // key to this protocol.
|
| + static const char kInitialLabel[];
|
| +
|
| + // kForwardSecureLabel is a constant that is used when deriving the forward
|
| + // secure keys for the connection in order to tie the resulting key to this
|
| + // protocol.
|
| + static const char kForwardSecureLabel[];
|
|
|
| QuicCryptoConfig();
|
| ~QuicCryptoConfig();
|
| @@ -160,11 +184,11 @@ class NET_EXPORT_PRIVATE QuicCryptoConfig {
|
| uint16 version;
|
| // Key exchange methods. The following two members' values correspond by
|
| // index.
|
| - CryptoTagVector kexs;
|
| + QuicTagVector kexs;
|
| // Authenticated encryption with associated data (AEAD) algorithms.
|
| - CryptoTagVector aead;
|
| + QuicTagVector aead;
|
|
|
| - scoped_ptr<CommonCertSet> common_cert_set_;
|
| + scoped_ptr<CommonCertSets> common_cert_set_;
|
|
|
| private:
|
| DISALLOW_COPY_AND_ASSIGN(QuicCryptoConfig);
|
| @@ -215,12 +239,12 @@ class NET_EXPORT_PRIVATE QuicCryptoClientConfig : public QuicCryptoConfig {
|
| void set_source_address_token(base::StringPiece token);
|
|
|
| private:
|
| - std::string server_config_id_; // An opaque id from the server.
|
| - std::string server_config_; // A serialized handshake message.
|
| + std::string server_config_id_; // An opaque id from the server.
|
| + std::string server_config_; // A serialized handshake message.
|
| std::string source_address_token_; // An opaque proof of IP ownership.
|
| - std::vector<std::string> certs_; // A list of certificates in leaf-first
|
| - // order.
|
| - std::string server_config_sig_; // A signature of |server_config_|.
|
| + std::vector<std::string> certs_; // A list of certificates in leaf-first
|
| + // order.
|
| + std::string server_config_sig_; // A signature of |server_config_|.
|
| bool server_config_valid_; // true if |server_config_| is correctly signed
|
| // and |certs_| has been validated.
|
|
|
| @@ -240,7 +264,9 @@ class NET_EXPORT_PRIVATE QuicCryptoClientConfig : public QuicCryptoConfig {
|
|
|
| // FillInchoateClientHello sets |out| to be a CHLO message that elicits a
|
| // source-address token or SCFG from a server. If |cached| is non-NULL, the
|
| - // source-address token will be taken from it.
|
| + // source-address token will be taken from it. |out_params| is used in order
|
| + // to store the cached certs that were sent as hints to the server in
|
| + // |out_params->cached_certs|.
|
| void FillInchoateClientHello(const std::string& server_hostname,
|
| const CachedState* cached,
|
| QuicCryptoNegotiatedParameters* out_params,
|
| @@ -257,7 +283,7 @@ class NET_EXPORT_PRIVATE QuicCryptoClientConfig : public QuicCryptoConfig {
|
| QuicErrorCode FillClientHello(const std::string& server_hostname,
|
| QuicGuid guid,
|
| const CachedState* cached,
|
| - const QuicClock* clock,
|
| + QuicWallTime now,
|
| QuicRandom* rand,
|
| QuicCryptoNegotiatedParameters* out_params,
|
| CryptoHandshakeMessage* out,
|
| @@ -278,7 +304,7 @@ class NET_EXPORT_PRIVATE QuicCryptoClientConfig : public QuicCryptoConfig {
|
| // |server_hello| is unacceptable then it puts an error message in
|
| // |error_details| and returns an error code.
|
| QuicErrorCode ProcessServerHello(const CryptoHandshakeMessage& server_hello,
|
| - const std::string& nonce,
|
| + QuicGuid guid,
|
| QuicCryptoNegotiatedParameters* out_params,
|
| std::string* error_details);
|
|
|
|
|
Chromium Code Reviews
