Land Recent QUIC changes.

net/quic/crypto/crypto_server_config.cc

 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/quic/crypto/crypto_server_config.h"
 
 #include "base/stl_util.h"
 #include "crypto/hkdf.h"
 #include "crypto/secure_hash.h"
 #include "net/quic/crypto/aes_128_gcm_decrypter.h"
@@ skipping 34 matching lines @@
     // obtain two source address tokens with the same nonce. This occurs with
     // probability 0.5 after 2**48 values. We assume that obtaining 2**48
     // source address tokens is not possible: at a rate of 10M packets per
     // second, it would still take the attacker a year to obtain the needed
     // number of packets.
     //
     // TODO(agl): switch to an encrypter with a larger nonce space (i.e.
     // Salsa20+Poly1305).
     : strike_register_lock_(),
       source_address_token_encrypter_(new Aes128GcmEncrypter),
-      source_address_token_decrypter_(new Aes128GcmDecrypter) {
+      source_address_token_decrypter_(new Aes128GcmDecrypter),
+      strike_register_max_entries_(1 << 10),
+      strike_register_window_secs_(600),
+      source_address_token_future_secs_(3600),
+      source_address_token_lifetime_secs_(86400) {
   crypto::HKDF hkdf(source_address_token_secret, StringPiece() /* no salt */,
                     "QUIC source address token key",
                     source_address_token_encrypter_->GetKeySize(),
                     0 /* no fixed IV needed */);
   source_address_token_encrypter_->SetKey(hkdf.server_write_key());
   source_address_token_decrypter_->SetKey(hkdf.server_write_key());
 }
 
 QuicCryptoServerConfig::~QuicCryptoServerConfig() {
   STLDeleteValues(&configs_);
 }
 
 // static
 QuicServerConfigProtobuf* QuicCryptoServerConfig::DefaultConfig(
     QuicRandom* rand,
     const QuicClock* clock,
-    const CryptoHandshakeMessage& extra_tags,
     uint64 expiry_time)  {
   CryptoHandshakeMessage msg;
 
   const string curve25519_private_key =
       Curve25519KeyExchange::NewPrivateKey(rand);
   scoped_ptr<Curve25519KeyExchange> curve25519(
       Curve25519KeyExchange::New(curve25519_private_key));
   StringPiece curve25519_public_value = curve25519->public_value();
 
   const string p256_private_key = P256KeyExchange::NewPrivateKey();
@@ skipping 11 matching lines @@
   encoded_public_values.push_back(p256_public_value.size() >> 8);
   encoded_public_values.push_back(p256_public_value.size() >> 16);
   encoded_public_values.append(p256_public_value.data(),
                                p256_public_value.size());
 
   msg.set_tag(kSCFG);
   msg.SetTaglist(kKEXS, kC255, kP256, 0);
   msg.SetTaglist(kAEAD, kAESG, 0);
   msg.SetValue(kVERS, static_cast<uint16>(0));
   msg.SetStringPiece(kPUBS, encoded_public_values);
-  msg.Insert(extra_tags.tag_value_map().begin(),
-             extra_tags.tag_value_map().end());
 
   if (expiry_time == 0) {
     const QuicWallTime now = clock->WallNow();
     const QuicWallTime expiry = now.Add(QuicTime::Delta::FromSeconds(
         60 * 60 * 24 * 180 /* 180 days, ~six months */));
     const uint64 expiry_seconds = expiry.ToUNIXSeconds();
     msg.SetValue(kEXPY, expiry_seconds);
   } else {
     msg.SetValue(kEXPY, expiry_time);
   }
@@ skipping 154 matching lines @@
 
   configs_[id] = config.release();
   active_config_ = id;
 
   return msg.release();
 }
 
 CryptoHandshakeMessage* QuicCryptoServerConfig::AddDefaultConfig(
     QuicRandom* rand,
     const QuicClock* clock,
-    const CryptoHandshakeMessage& extra_tags,
     uint64 expiry_time) {
-  scoped_ptr<QuicServerConfigProtobuf> config(DefaultConfig(
-      rand, clock, extra_tags, expiry_time));
+  scoped_ptr<QuicServerConfigProtobuf> config(
+      DefaultConfig(rand, clock, expiry_time));
   return AddConfig(config.get());
 }
 
 QuicErrorCode QuicCryptoServerConfig::ProcessClientHello(
     const CryptoHandshakeMessage& client_hello,
     QuicGuid guid,
     const IPEndPoint& client_ip,
     const QuicClock* clock,
     QuicRandom* rand,
     QuicCryptoNegotiatedParameters *params,
@@ skipping 33 matching lines @@
 
   StringPiece client_nonce;
   bool client_nonce_well_formed = false;
   if (client_hello.GetStringPiece(kNONC, &client_nonce) &&
       client_nonce.size() == kNonceSize) {
     client_nonce_well_formed = true;
     base::AutoLock auto_lock(strike_register_lock_);
 
     if (strike_register_.get() == NULL) {
       strike_register_.reset(new StrikeRegister(
-          // TODO(agl): these magic numbers should come from config.
-          1024 /* max entries */,
+          strike_register_max_entries_,
           static_cast<uint32>(now.ToUNIXSeconds()),
-          600 /* window secs */, config->orbit));
+          strike_register_window_secs_,
+          config->orbit));
     }
     unique_by_strike_register = strike_register_->Insert(
         reinterpret_cast<const uint8*>(client_nonce.data()),
         static_cast<uint32>(now.ToUNIXSeconds()));
   }
 
   StringPiece server_nonce;
   client_hello.GetStringPiece(kServerNonceTag, &server_nonce);
   const bool server_nonce_matches = server_nonce == params->server_nonce;
 
@@ skipping 43 matching lines @@
           break;
         }
 
         StringPiece their_common_set_hashes;
         StringPiece their_cached_cert_hashes;
         client_hello.GetStringPiece(kCCS, &their_common_set_hashes);
         client_hello.GetStringPiece(kCCRT, &their_cached_cert_hashes);
 
         const string compressed = CertCompressor::CompressChain(
             *certs, their_common_set_hashes, their_cached_cert_hashes,
-            config->common_cert_set_.get());
+            config->common_cert_sets.get());
 
         // kMaxUnverifiedSize is the number of bytes that the certificate chain
         // and signature can consume before we will demand a valid
         // source-address token.
         static const size_t kMaxUnverifiedSize = 400;
         if (valid_source_address_token ||
             signature.size() + compressed.size() < kMaxUnverifiedSize) {
           out->SetStringPiece(kCertificateTag, compressed);
           out->SetStringPiece(kPROF, signature);
         }
@@ skipping 11 matching lines @@
                               &num_their_aeads) != QUIC_NO_ERROR ||
       client_hello.GetTaglist(kKEXS, &their_key_exchanges,
                               &num_their_key_exchanges) != QUIC_NO_ERROR ||
       num_their_aeads != 1 ||
       num_their_key_exchanges != 1) {
     *error_details = "Missing or invalid AEAD or KEXS";
     return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER;
   }
 
   size_t key_exchange_index;
-  if (!CryptoUtils::FindMutualTag(config->aead, their_aeads, num_their_aeads,
-                                  CryptoUtils::LOCAL_PRIORITY, &params->aead,
-                                  NULL) ||
-      !CryptoUtils::FindMutualTag(
+  if (!QuicUtils::FindMutualTag(config->aead, their_aeads, num_their_aeads,
+                                QuicUtils::LOCAL_PRIORITY, &params->aead,
+                                NULL) ||
+      !QuicUtils::FindMutualTag(
           config->kexs, their_key_exchanges, num_their_key_exchanges,
-          CryptoUtils::LOCAL_PRIORITY, &params->key_exchange,
+          QuicUtils::LOCAL_PRIORITY, &params->key_exchange,
           &key_exchange_index)) {
     *error_details = "Unsupported AEAD or KEXS";
     return QUIC_CRYPTO_NO_SUPPORT;
   }
 
   StringPiece public_value;
   if (!client_hello.GetStringPiece(kPUBS, &public_value)) {
     *error_details = "Missing public value";
     return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER;
   }
@@ skipping 64 matching lines @@
 
 void QuicCryptoServerConfig::SetProofSource(ProofSource* proof_source) {
   proof_source_.reset(proof_source);
 }
 
 void QuicCryptoServerConfig::SetEphemeralKeySource(
     EphemeralKeySource* ephemeral_key_source) {
   ephemeral_key_source_.reset(ephemeral_key_source);
 }
 
+void QuicCryptoServerConfig::set_strike_register_max_entries(
+    uint32 max_entries) {
+  DCHECK(!strike_register_.get());
+  strike_register_max_entries_ = max_entries;
+}
+
+void QuicCryptoServerConfig::set_strike_register_window_secs(
+    uint32 window_secs) {
+  DCHECK(!strike_register_.get());
+  strike_register_window_secs_ = window_secs;
+}
+
+void QuicCryptoServerConfig::set_source_address_token_future_secs(
+    uint32 future_secs) {
+  source_address_token_future_secs_ = future_secs;
+}
+
+void QuicCryptoServerConfig::set_source_address_token_lifetime_secs(
+    uint32 lifetime_secs) {
+  source_address_token_lifetime_secs_ = lifetime_secs;
+}
+
 string QuicCryptoServerConfig::NewSourceAddressToken(
     const IPEndPoint& ip,
     QuicRandom* rand,
     QuicWallTime now) const {
   SourceAddressToken source_address_token;
   source_address_token.set_ip(ip.ToString());
   source_address_token.set_timestamp(now.ToUNIXSeconds());
 
   string plaintext = source_address_token.SerializeAsString();
   char nonce[12];
@@ skipping 57 matching lines @@
 
   if (source_address_token.ip() != ip.ToString()) {
     // It's for a different IP address.
     return false;
   }
 
   const QuicWallTime timestamp(
       QuicWallTime::FromUNIXSeconds(source_address_token.timestamp()));
   const QuicTime::Delta delta(now.AbsoluteDifference(timestamp));
 
-  // TODO(agl): consider whether and how these magic values should be moved to
-  // a config.
-  if (now.IsBefore(timestamp) && delta.ToSeconds() > 3600) {
-    // We only allow timestamps to be from an hour in the future.
+  if (now.IsBefore(timestamp) &&
+      delta.ToSeconds() > source_address_token_future_secs_) {
     return false;
   }
 
-  if (now.IsAfter(timestamp) && delta.ToSeconds() > 86400) {
-    // We allow one day into the past.
+  if (now.IsAfter(timestamp) &&
+      delta.ToSeconds() > source_address_token_lifetime_secs_) {
     return false;
   }
 
   return true;
 }
 
 QuicCryptoServerConfig::Config::Config() {}
 
 QuicCryptoServerConfig::Config::~Config() { STLDeleteElements(&key_exchanges); }
 
 }  // namespace net