| OLD | NEW |
|---|
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef NET_QUIC_CRYPTO_CRYPTO_SERVER_CONFIG_H_ | 5 #ifndef NET_QUIC_CRYPTO_CRYPTO_SERVER_CONFIG_H_ |
| 6 #define NET_QUIC_CRYPTO_CRYPTO_SERVER_CONFIG_H_ | 6 #define NET_QUIC_CRYPTO_CRYPTO_SERVER_CONFIG_H_ |
| 7 | 7 |
| 8 #include <map> | 8 #include <map> |
| 9 #include <string> | 9 #include <string> |
| 10 #include <vector> | 10 #include <vector> |
| (...skipping 124 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 135 // SetProofSource installs |proof_source| as the ProofSource for handshakes. | 135 // SetProofSource installs |proof_source| as the ProofSource for handshakes. |
| 136 // This object takes ownership of |proof_source|. | 136 // This object takes ownership of |proof_source|. |
| 137 void SetProofSource(ProofSource* proof_source); | 137 void SetProofSource(ProofSource* proof_source); |
| 138 | 138 |
| 139 // SetEphemeralKeySource installs an object that can cache ephemeral keys for | 139 // SetEphemeralKeySource installs an object that can cache ephemeral keys for |
| 140 // a short period of time. This object takes ownership of | 140 // a short period of time. This object takes ownership of |
| 141 // |ephemeral_key_source|. If not set then ephemeral keys will be generated | 141 // |ephemeral_key_source|. If not set then ephemeral keys will be generated |
| 142 // per-connection. | 142 // per-connection. |
| 143 void SetEphemeralKeySource(EphemeralKeySource* ephemeral_key_source); | 143 void SetEphemeralKeySource(EphemeralKeySource* ephemeral_key_source); |
| 144 | 144 |
| 145 // set_replay_protection controls whether replay protection is enabled. If |
| 146 // replay protection is disabled then no strike registers are needed and |
| 147 // frontends can share an orbit value without a shared strike-register. |
| 148 // However, an attacker can duplicate a handshake and cause a client's |
| 149 // request to be processed twice. |
| 150 void set_replay_protection(bool on); |
| 151 |
| 145 // set_strike_register_max_entries sets the maximum number of entries that | 152 // set_strike_register_max_entries sets the maximum number of entries that |
| 146 // the internal strike register will hold. If the strike register fills up | 153 // the internal strike register will hold. If the strike register fills up |
| 147 // then the oldest entries (by the client's clock) will be dropped. | 154 // then the oldest entries (by the client's clock) will be dropped. |
| 148 void set_strike_register_max_entries(uint32 max_entries); | 155 void set_strike_register_max_entries(uint32 max_entries); |
| 149 | 156 |
| 150 // set_strike_register_window_secs sets the number of seconds around the | 157 // set_strike_register_window_secs sets the number of seconds around the |
| 151 // current time that the strike register will attempt to be authoritative | 158 // current time that the strike register will attempt to be authoritative |
| 152 // for. Setting a larger value allows for greater client clock-skew, but | 159 // for. Setting a larger value allows for greater client clock-skew, but |
| 153 // means that the quiescent startup period must be longer. | 160 // means that the quiescent startup period must be longer. |
| 154 void set_strike_register_window_secs(uint32 window_secs); | 161 void set_strike_register_window_secs(uint32 window_secs); |
| (...skipping 63 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 218 // will not be promoted at a specific time. | 225 // will not be promoted at a specific time. |
| 219 QuicWallTime primary_time; | 226 QuicWallTime primary_time; |
| 220 | 227 |
| 221 private: | 228 private: |
| 222 friend class base::RefCounted<Config>; | 229 friend class base::RefCounted<Config>; |
| 223 virtual ~Config(); | 230 virtual ~Config(); |
| 224 | 231 |
| 225 DISALLOW_COPY_AND_ASSIGN(Config); | 232 DISALLOW_COPY_AND_ASSIGN(Config); |
| 226 }; | 233 }; |
| 227 | 234 |
| 235 typedef std::map<ServerConfigID, scoped_refptr<Config> > ConfigMap; |
| 236 |
| 228 // ConfigPrimaryTimeLessThan returns true if a->primary_time < | 237 // ConfigPrimaryTimeLessThan returns true if a->primary_time < |
| 229 // b->primary_time. | 238 // b->primary_time. |
| 230 static bool ConfigPrimaryTimeLessThan(const scoped_refptr<Config>& a, | 239 static bool ConfigPrimaryTimeLessThan(const scoped_refptr<Config>& a, |
| 231 const scoped_refptr<Config>& b); | 240 const scoped_refptr<Config>& b); |
| 232 | 241 |
| 233 // SelectNewPrimaryConfig reevaluates the primary config based on the | 242 // SelectNewPrimaryConfig reevaluates the primary config based on the |
| 234 // "primary_time" deadlines contained in each. | 243 // "primary_time" deadlines contained in each. |
| 235 void SelectNewPrimaryConfig(QuicWallTime now) const; | 244 void SelectNewPrimaryConfig(QuicWallTime now) const; |
| 236 | 245 |
| 237 // EvaluateClientHello checks |client_hello| for gross errors and determines | 246 // EvaluateClientHello checks |client_hello| for gross errors and determines |
| (...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 273 std::string NewServerNonce(QuicRandom* rand, QuicWallTime now) const; | 282 std::string NewServerNonce(QuicRandom* rand, QuicWallTime now) const; |
| 274 | 283 |
| 275 // ValidateServerNonce decrypts |token| and verifies that it hasn't been | 284 // ValidateServerNonce decrypts |token| and verifies that it hasn't been |
| 276 // previously used and is recent enough that it is plausible that it was part | 285 // previously used and is recent enough that it is plausible that it was part |
| 277 // of a very recently provided rejection ("recent" will be on the order of | 286 // of a very recently provided rejection ("recent" will be on the order of |
| 278 // 10-30 seconds). If so, it records that it has been used and returns true. | 287 // 10-30 seconds). If so, it records that it has been used and returns true. |
| 279 // Otherwise it returns false. | 288 // Otherwise it returns false. |
| 280 bool ValidateServerNonce(base::StringPiece echoed_server_nonce, | 289 bool ValidateServerNonce(base::StringPiece echoed_server_nonce, |
| 281 QuicWallTime now) const; | 290 QuicWallTime now) const; |
| 282 | 291 |
| 292 // replay_protection_ controls whether the server enforces that handshakes |
| 293 // aren't replays. |
| 294 bool replay_protection_; |
| 295 |
| 283 // configs_ satisfies the following invariants: | 296 // configs_ satisfies the following invariants: |
| 284 // 1) configs_.empty() <-> primary_config_ == NULL | 297 // 1) configs_.empty() <-> primary_config_ == NULL |
| 285 // 2) primary_config_ != NULL -> primary_config_->is_primary | 298 // 2) primary_config_ != NULL -> primary_config_->is_primary |
| 286 // 3) ∀ c∈configs_, c->is_primary <-> c == primary_config_ | 299 // 3) ∀ c∈configs_, c->is_primary <-> c == primary_config_ |
| 287 mutable base::Lock configs_lock_; | 300 mutable base::Lock configs_lock_; |
| 288 // configs_ contains all active server configs. It's expected that there are | 301 // configs_ contains all active server configs. It's expected that there are |
| 289 // about half-a-dozen configs active at any one time. | 302 // about half-a-dozen configs active at any one time. |
| 290 typedef std::map<ServerConfigID, scoped_refptr<Config> > ConfigMap; | |
| 291 ConfigMap configs_; | 303 ConfigMap configs_; |
| 292 // primary_config_ points to a Config (which is also in |configs_|) which is | 304 // primary_config_ points to a Config (which is also in |configs_|) which is |
| 293 // the primary config - i.e. the one that we'll give out to new clients. | 305 // the primary config - i.e. the one that we'll give out to new clients. |
| 294 mutable scoped_refptr<Config> primary_config_; | 306 mutable scoped_refptr<Config> primary_config_; |
| 295 // next_config_promotion_time_ contains the nearest, future time when an | 307 // next_config_promotion_time_ contains the nearest, future time when an |
| 296 // active config will be promoted to primary. | 308 // active config will be promoted to primary. |
| 297 mutable QuicWallTime next_config_promotion_time_; | 309 mutable QuicWallTime next_config_promotion_time_; |
| 298 | 310 |
| 299 mutable base::Lock strike_register_lock_; | 311 mutable base::Lock strike_register_lock_; |
| 300 // strike_register_ contains a data structure that keeps track of previously | 312 // strike_register_ contains a data structure that keeps track of previously |
| (...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 334 uint32 strike_register_window_secs_; | 346 uint32 strike_register_window_secs_; |
| 335 uint32 source_address_token_future_secs_; | 347 uint32 source_address_token_future_secs_; |
| 336 uint32 source_address_token_lifetime_secs_; | 348 uint32 source_address_token_lifetime_secs_; |
| 337 uint32 server_nonce_strike_register_max_entries_; | 349 uint32 server_nonce_strike_register_max_entries_; |
| 338 uint32 server_nonce_strike_register_window_secs_; | 350 uint32 server_nonce_strike_register_window_secs_; |
| 339 }; | 351 }; |
| 340 | 352 |
| 341 } // namespace net | 353 } // namespace net |
| 342 | 354 |
| 343 #endif // NET_QUIC_CRYPTO_CRYPTO_SERVER_CONFIG_H_ | 355 #endif // NET_QUIC_CRYPTO_CRYPTO_SERVER_CONFIG_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 17302002:
Land Recent QUIC changes. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src