Issue 17385010: OpenSSL/NSS implementation of ProofVerfifier.

Issue 17385010: OpenSSL/NSS implementation of ProofVerfifier. (Closed)

Created:
7 years, 6 months ago by ramant (doing other things)

Modified:
7 years, 5 months ago

Reviewers:
wtc, agl, Ryan Hamilton, agl2

CC:
chromium-reviews, cbentzel+watch_chromium.org, Ryan Hamilton, agl

Base URL:
svn://svn.chromium.org/chrome/trunk/src

Visibility:
Public.

More Reviews

Description

OpenSSL/NSS implementation of ProofVerfifier. Changes to make ProofVerifier asynchronous. Each QuicSession's ProofVerifier is used to verify the signature and cert chain. Implemented generation counter in QuicCryptoClientConfig's CachedState in case certs change when we are verifying the Proof. Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=209946

Patch Set 1 #

Patch Set 2 : added known answer test from wtc #

Total comments: 6

Patch Set 3 : Fixed wtc's comment #

Patch Set 4 : NSS implementation of Proof Verifier's signature #

Patch Set 5 : Enabled Async ProofVerfier in the main code path #

Patch Set 6 : Fix compiler error #

Total comments: 50

Patch Set 7 : Merged wtc's changes from TOT #

Total comments: 6

Patch Set 8 : Proof Verification for ECDSA certs from wtc #

Patch Set 9 : Implemented agl's comments #

Total comments: 41

Patch Set 10 : Implement generation counter and wtc/agl's comments #

Total comments: 10

Patch Set 11 : Moved error_details and generation_counter into QuicCryptoClientStream. #

Total comments: 4

Patch Set 12 : added quic_ in front of all QUIC specific .crt file names and added them to net/ssl/certificates #

Total comments: 39

Patch Set 13 : Disable ECDSA signature testing on Windows XP #

Patch Set 14 : Dont check ECDSA signature on WIN7 or lower versions #

Patch Set 15 : Disabled ECDSA test on windows #

Total comments: 4

Created: 7 years, 5 months ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+1137 lines, -50 lines)			Patch
M	crypto/ec_signature_creator_unittest.cc	View	1 2 3 4 5 6 7	1 chunk	+13 lines, -3 lines	0 comments	Download
M	crypto/signature_verifier_openssl.cc	View	1 2 3 4 5 6 7	2 chunks	+13 lines, -2 lines	0 comments	Download
M	net/data/ssl/certificates/README	View	1 2 3 4 5 6 7 8 9 10 11	1 chunk	+5 lines, -0 lines	0 comments	Download
A	net/data/ssl/certificates/quic_intermediate.crt	View	1 2 3 4 5 6 7 8 9 10 11	1 chunk	+53 lines, -0 lines	0 comments	Download
A	net/data/ssl/certificates/quic_proof_verify.crt	View	1 2 3 4 5 6 7 8 9 10 11	1 chunk	+106 lines, -0 lines	0 comments	Download
A	net/data/ssl/certificates/quic_test.example.com.crt	View	1 2 3 4 5 6 7 8 9 10 11	1 chunk	+56 lines, -0 lines	0 comments	Download
A	net/data/ssl/certificates/quic_test_ecc.example.com.crt	View	1 2 3 4 5 6 7 8 9 10 11	1 chunk	+50 lines, -0 lines	0 comments	Download
M	net/net.gyp	View	1 2 3 4 5 6	4 chunks	+5 lines, -0 lines	0 comments	Download
M	net/quic/crypto/crypto_handshake.h	View	1 2 3 4 5 6 7 8 9	3 chunks	+8 lines, -3 lines	0 comments	Download
M	net/quic/crypto/crypto_handshake.cc	View	1 2 3 4 5 6 7 8 9	6 chunks	+10 lines, -2 lines	0 comments	Download
M	net/quic/crypto/proof_test.cc	View	1 2 3 4 5 6 7 8 9 10 11 12 13 14	2 chunks	+337 lines, -11 lines	4 comments	Download
M	net/quic/crypto/proof_verifier.h	View	1 2 3 4 5 6 7 8 9 10	2 chunks	+12 lines, -8 lines	0 comments	Download
A	net/quic/crypto/proof_verifier_chromium.h	View	1 2 3 4 5 6 7 8 9 10	1 chunk	+89 lines, -0 lines	0 comments	Download
A	net/quic/crypto/proof_verifier_chromium.cc	View	1 2 3 4 5 6 7 8 9 10	1 chunk	+240 lines, -0 lines	0 comments	Download
M	net/quic/quic_crypto_client_stream.h	View	1 2 3 4 5 6 7 8 9 10	2 chunks	+13 lines, -1 line	0 comments	Download
M	net/quic/quic_crypto_client_stream.cc	View	1 2 3 4 5 6 7 8 9 10	8 chunks	+58 lines, -20 lines	0 comments	Download
M	net/quic/quic_session.h	View	1 2 3 4 5 6 7 8 9	3 chunks	+10 lines, -0 lines	0 comments	Download
M	net/quic/quic_session.cc	View	1 2 3 4 5 6 7 8 9	2 chunks	+11 lines, -0 lines	0 comments	Download
A	net/quic/test_tools/crypto_test_utils_chromium.cc	View	1 2 3 4 5 6 7 8 9 10 11	1 chunk	+48 lines, -0 lines	0 comments	Download

Messages

Total messages: 27 (0 generated)

Expand Messages | Collapse Messages

wtc

Review comments on patch set 2: Thanks for writing the CL. https://codereview.chromium.org/17385010/diff/2001/net/net.gyp File net/net.gyp (right): ...

7 years, 6 months ago (2013-06-19 19:44:36 UTC) #1

ramant (doing other things)

Many many thanks Wan-Teh. It is really awesome/great to see these tests working. https://chromiumcodereview.appspot.com/17385010/diff/2001/net/net.gyp File ...

7 years, 6 months ago (2013-06-19 19:58:20 UTC) #2

wtc

Patch set 3 LGTM, with the understanding that this is just an experiment, not for ...

7 years, 6 months ago (2013-06-19 23:12:17 UTC) #3

wtc

Review comments on patch set 6: Please update the CL's description to describe the new ...

7 years, 6 months ago (2013-06-24 22:36:56 UTC) #4

Review comments on patch set 6:

Please update the CL's description to describe the new code.

https://codereview.chromium.org/17385010/diff/53001/net/data/ssl/certificates...
File net/data/ssl/certificates/proof_verify.crt (right):

https://codereview.chromium.org/17385010/diff/53001/net/data/ssl/certificates...
net/data/ssl/certificates/proof_verify.crt:1: Certificate:

Please add a comment to net/data/ssl/certificates/README to
describe what this certificate file is for.

https://codereview.chromium.org/17385010/diff/53001/net/quic/crypto/proof_tes...
File net/quic/crypto/proof_test.cc (right):

https://codereview.chromium.org/17385010/diff/53001/net/quic/crypto/proof_tes...
net/quic/crypto/proof_test.cc:282: }

Please use the following code for this new unit test. You need to
add the certificate files test_ecc.example.com.crt and
intermediate.crt to net/data/ssl/certificates.

static string PEMCertFileToDER(const string& file_name) {
  base::FilePath certs_dir = GetTestCertsDirectory();
  scoped_refptr<X509Certificate> cert =
      ImportCertFromFile(certs_dir, file_name);
  CHECK_NE(static_cast<X509Certificate*>(NULL), cert);

  string der_bytes;
  CHECK(X509Certificate::GetDEREncoded(cert->os_cert_handle(), &der_bytes));
  return der_bytes;
}

// A known answer test that allows us to test ProofVerifier without a working
// ProofSource.
TEST(Proof, VerifyECDSAKnownAnswerTest) {
  // These sample signatures were generated by running the Proof.Verify test
  // (modified to use ECDSA for signing proofs) and dumping the bytes of the
  // |signature| output of ProofSource::GetProof().
  static const unsigned char signature_data_0[] = {
    0x30, 0x45, 0x02, 0x20, 0x15, 0xb7, 0x9f, 0xe3, 0xd9, 0x7a,
    0x3c, 0x3b, 0x18, 0xb0, 0xdb, 0x60, 0x23, 0x56, 0xa0, 0x06,
    0x4e, 0x70, 0xa3, 0xf7, 0x4b, 0xe5, 0x0d, 0x69, 0xf0, 0x35,
    0x8c, 0xae, 0xb5, 0x54, 0x32, 0xe9, 0x02, 0x21, 0x00, 0xf7,
    0xe3, 0x06, 0x99, 0x16, 0x56, 0x7e, 0xab, 0x33, 0x53, 0x0d,
    0xde, 0xbe, 0xef, 0x6d, 0xb0, 0xc7, 0xa6, 0x63, 0xaf, 0x8d,
    0xab, 0x34, 0xa9, 0xc0, 0x63, 0x88, 0x47, 0x17, 0x4c, 0x4c,
    0x04,
  };
  static const unsigned char signature_data_1[] = {
    0x30, 0x44, 0x02, 0x20, 0x69, 0x60, 0x55, 0xbb, 0x11, 0x93,
    0x6a, 0xdc, 0x9b, 0x61, 0x2c, 0x60, 0x19, 0xbc, 0x15, 0x55,
    0xcf, 0xf2, 0x8e, 0x2e, 0x27, 0x0b, 0x69, 0xef, 0x33, 0x25,
    0x1e, 0x5d, 0x8c, 0x00, 0x11, 0xef, 0x02, 0x20, 0x0c, 0x26,
    0xfe, 0x0b, 0x06, 0x8f, 0xe8, 0xe2, 0x02, 0x63, 0xe5, 0x43,
    0x0d, 0xc9, 0x80, 0x4d, 0xe9, 0x6f, 0x6e, 0x18, 0xdb, 0xb0,
    0x04, 0x2a, 0x45, 0x37, 0x1a, 0x60, 0x0e, 0xc6, 0xc4, 0x8f,
  };
  static const unsigned char signature_data_2[] = {
    0x30, 0x45, 0x02, 0x21, 0x00, 0xd5, 0x43, 0x36, 0x60, 0x50,
    0xce, 0xe0, 0x00, 0x51, 0x02, 0x84, 0x95, 0x51, 0x47, 0xaf,
    0xe4, 0xf9, 0xe1, 0x23, 0xae, 0x21, 0xb4, 0x98, 0xd1, 0xa3,
    0x5f, 0x3b, 0xf3, 0x6a, 0x65, 0x44, 0x6b, 0x02, 0x20, 0x30,
    0x7e, 0xb4, 0xea, 0xf0, 0xda, 0xdb, 0xbd, 0x38, 0xb9, 0x7a,
    0x5d, 0x12, 0x04, 0x0e, 0xc2, 0xf0, 0xb1, 0x0e, 0x25, 0xf8,
    0x0a, 0x27, 0xa3, 0x16, 0x94, 0xac, 0x1e, 0xb8, 0x6e, 0x00,
    0x05,
  };

  TestCompletionCallback callback;
  scoped_ptr<ProofVerifier> verifier(
      CryptoTestUtils::ProofVerifierForTesting());

  const string server_config = "server config bytes";
  const string hostname = "test.example.com";

  vector<string> certs(2);
  certs[0] = PEMCertFileToDER("test_ecc.example.com.crt");
  certs[1] = PEMCertFileToDER("intermediate.crt");

  // Signatures are nondeterministic, so we test multiple signatures on the
  ...
  <<<Use your code here.>>>
}

https://codereview.chromium.org/17385010/diff/53001/net/quic/crypto/proof_ver...
File net/quic/crypto/proof_verifier.h (right):

https://codereview.chromium.org/17385010/diff/53001/net/quic/crypto/proof_ver...
net/quic/crypto/proof_verifier.h:26: // the problem and returns ERR_FAILED.

"returns ERR_FAILED" should replace the "returns false" on the previous line.

We also need to add comments to document the |callback| argument and the
async behavior (the function may return ERR_IO_PENDING, in which case the
|callback| will be run with the final OK/ERR_FAILED result when the proof is
verified).

https://codereview.chromium.org/17385010/diff/53001/net/quic/crypto/proof_ver...
net/quic/crypto/proof_verifier.h:37: const CompletionCallback& callback,

The |callback| argument seems to be the last argument by convention.
Could you check some other methods in net that take a |callback| argument?
Thanks.

https://codereview.chromium.org/17385010/diff/53001/net/quic/crypto/proof_ver...
File net/quic/crypto/proof_verifier_chromium.cc (right):

https://codereview.chromium.org/17385010/diff/53001/net/quic/crypto/proof_ver...
net/quic/crypto/proof_verifier_chromium.cc:53: // We call VerifySignature first
to avoid copying of server_config data.

server_config => server_config and signature.

Remove "data".

https://codereview.chromium.org/17385010/diff/53001/net/quic/crypto/proof_ver...
net/quic/crypto/proof_verifier_chromium.cc:66: // TODO(rtenneti): do we need to
save the original |error|?

I suggest saving the original |error| in string form in |*error_details|.
Something like:

    *error_details = "Failed to verify certificate chain: error " +
                     ErrorToString(error);
    error = ERR_FAILED;

But, this whole thing (lines 64-68) should be moved to DoVerifyCertComplete().

https://codereview.chromium.org/17385010/diff/53001/net/quic/crypto/proof_ver...
net/quic/crypto/proof_verifier_chromium.cc:79: // Convert certs to X509.

X509 => X509Certificate

https://codereview.chromium.org/17385010/diff/53001/net/quic/crypto/proof_ver...
net/quic/crypto/proof_verifier_chromium.cc:88: return ERR_FAILED;

ERR_FAILED => ERR_CERT_INVALID

https://codereview.chromium.org/17385010/diff/53001/net/quic/crypto/proof_ver...
net/quic/crypto/proof_verifier_chromium.cc:123:
base::ResetAndReturn(&callback_).Run(rv >= OK ? OK : ERR_FAILED);

We should pass just |rv| to Run(). The error code mapping should be done
in DoVerifyCertComplete().

https://codereview.chromium.org/17385010/diff/53001/net/quic/crypto/proof_ver...
net/quic/crypto/proof_verifier_chromium.cc:130: // TODO(rtenneti): Are the
following flags correct??

Let's start with the following:
  int flags = CertVerifier::VERIFY_REV_CHECKING_ENABLED |
              CertVerifier::VERIFY_CERT_IO_ENABLED;

https://codereview.chromium.org/17385010/diff/53001/net/quic/crypto/proof_ver...
File net/quic/crypto/proof_verifier_chromium.h (right):

https://codereview.chromium.org/17385010/diff/53001/net/quic/crypto/proof_ver...
net/quic/crypto/proof_verifier_chromium.h:30: typedef struct CERTCertificateStr
CERTCertificate;

Delete these two lines. They are NSS-specific.

https://codereview.chromium.org/17385010/diff/53001/net/quic/crypto/proof_ver...
net/quic/crypto/proof_verifier_chromium.h:46: // TODO(rtenneti): Do we need
completed_cert_verification??

The completed_cert_verification() method doesn't seem necessary.

https://codereview.chromium.org/17385010/diff/53001/net/quic/crypto/proof_ver...
net/quic/crypto/proof_verifier_chromium.h:61: void OnVerifyCertIOComplete(int
result);

These two functions can be named simply DoLoop(int result)
and OnIOComplete(int result).

https://codereview.chromium.org/17385010/diff/53001/net/quic/crypto/proof_ver...
net/quic/crypto/proof_verifier_chromium.h:69: 

Delete one blank line.

https://codereview.chromium.org/17385010/diff/53001/net/quic/crypto/proof_ver...
net/quic/crypto/proof_verifier_chromium.h:83: CertVerifyResult
server_cert_verify_result_;

Remove "server_" from the member's name.

https://codereview.chromium.org/17385010/diff/53001/net/quic/crypto/proof_ver...
net/quic/crypto/proof_verifier_chromium.h:86: scoped_refptr<X509Certificate>
server_cert_;

It may be sufficient to just name this member |cert_|.

https://codereview.chromium.org/17385010/diff/53001/net/quic/crypto/proof_ver...
net/quic/crypto/proof_verifier_chromium.h:88: State next_cert_state_;

This member can be named simply next_state_.

https://codereview.chromium.org/17385010/diff/53001/net/quic/quic_crypto_clie...
File net/quic/quic_crypto_client_stream.cc (right):

https://codereview.chromium.org/17385010/diff/53001/net/quic/quic_crypto_clie...
net/quic/quic_crypto_client_stream.cc:150: // asynchronous.

Delete this TODO comment because it's done.

https://codereview.chromium.org/17385010/diff/53001/net/quic/quic_crypto_clie...
net/quic/quic_crypto_client_stream.cc:158: &error_details);

Ideally we should set next_state_ to a state that handles
the completion of verifier->VerifyProof(). That is the
convention of the state machines in net.

https://codereview.chromium.org/17385010/diff/53001/net/quic/quic_crypto_clie...
net/quic/quic_crypto_client_stream.cc:162: } else {

Nit: omit the "else" after a break statement.

https://codereview.chromium.org/17385010/diff/53001/net/quic/quic_crypto_clie...
net/quic/quic_crypto_client_stream.cc:175: next_state_ = STATE_SEND_CHLO;

It is possible to use additional states to avoid duplicating this code
(lines 172-175) in two states (this state and the
STATE_PROOF_VERIFICATION_COMPLETED
below). The tricky part is how to deal with the cached->SetProofValid() call.

https://codereview.chromium.org/17385010/diff/53001/net/quic/quic_crypto_clie...
net/quic/quic_crypto_client_stream.cc:254:
CloseConnectionWithDetails(QUIC_PROOF_INVALID, "Proof invalid:");

The error_details string is incomplete: "Proof invalid:". It is missing
the actual error details.

I think this code (lines 253-256) should be moved to the code that handles
the STATE_PROOF_VERIFICATION_COMPLETED. This requires passing |result| to
DoHandshakeLoop(). Is it easy to do that?

https://codereview.chromium.org/17385010/diff/53001/net/quic/test_tools/crypt...
File net/quic/test_tools/crypto_test_utils_chromium.cc (right):

https://codereview.chromium.org/17385010/diff/53001/net/quic/test_tools/crypt...
net/quic/test_tools/crypto_test_utils_chromium.cc:31: void
InstallRootCertificate() {

This method should just be inlined in the constructor. This doesn't need
to be a public method.

https://codereview.chromium.org/17385010/diff/53001/net/quic/test_tools/crypt...
net/quic/test_tools/crypto_test_utils_chromium.cc:34: "proof_verify.crt");

The root certificate file name should ideally be passed in as an
argument.

https://codereview.chromium.org/17385010/diff/53001/net/quic/test_tools/crypt...
net/quic/test_tools/crypto_test_utils_chromium.cc:40:
scoped_refptr<X509Certificate> root_cert_;

Remove the root_cert_ member. The scoped_root_ member will acquire a
reference to the root cert. See the |cert_| member of the ScopedTestRoot
class in net/cert/test_root_certs.h.

ramant (doing other things)

Hi Wan-Teh, Made all the changes you have suggested. Could you please take another look? ...

7 years, 5 months ago (2013-06-28 19:16:56 UTC) #5

Hi Wan-Teh,
  Made all the changes you have suggested. Could you please take another look?

thanks
raman

https://codereview.chromium.org/17385010/diff/53001/net/data/ssl/certificates...
File net/data/ssl/certificates/proof_verify.crt (right):

https://codereview.chromium.org/17385010/diff/53001/net/data/ssl/certificates...
net/data/ssl/certificates/proof_verify.crt:1: Certificate:
On 2013/06/24 22:36:56, wtc wrote:
> 
> Please add a comment to net/data/ssl/certificates/README to
> describe what this certificate file is for.

Done.

https://codereview.chromium.org/17385010/diff/53001/net/quic/crypto/proof_tes...
File net/quic/crypto/proof_test.cc (right):

https://codereview.chromium.org/17385010/diff/53001/net/quic/crypto/proof_tes...
net/quic/crypto/proof_test.cc:282: }
On 2013/06/24 22:36:56, wtc wrote:
> 
> Please use the following code for this new unit test. You need to
> add the certificate files test_ecc.example.com.crt and
> intermediate.crt to net/data/ssl/certificates.
> 
> static string PEMCertFileToDER(const string& file_name) {
>   base::FilePath certs_dir = GetTestCertsDirectory();
>   scoped_refptr<X509Certificate> cert =
>       ImportCertFromFile(certs_dir, file_name);
>   CHECK_NE(static_cast<X509Certificate*>(NULL), cert);
> 
>   string der_bytes;
>   CHECK(X509Certificate::GetDEREncoded(cert->os_cert_handle(), &der_bytes));
>   return der_bytes;
> }
> 
> // A known answer test that allows us to test ProofVerifier without a working
> // ProofSource.
> TEST(Proof, VerifyECDSAKnownAnswerTest) {
>   // These sample signatures were generated by running the Proof.Verify test
>   // (modified to use ECDSA for signing proofs) and dumping the bytes of the
>   // |signature| output of ProofSource::GetProof().
>   static const unsigned char signature_data_0[] = {
>     0x30, 0x45, 0x02, 0x20, 0x15, 0xb7, 0x9f, 0xe3, 0xd9, 0x7a,
>     0x3c, 0x3b, 0x18, 0xb0, 0xdb, 0x60, 0x23, 0x56, 0xa0, 0x06,
>     0x4e, 0x70, 0xa3, 0xf7, 0x4b, 0xe5, 0x0d, 0x69, 0xf0, 0x35,
>     0x8c, 0xae, 0xb5, 0x54, 0x32, 0xe9, 0x02, 0x21, 0x00, 0xf7,
>     0xe3, 0x06, 0x99, 0x16, 0x56, 0x7e, 0xab, 0x33, 0x53, 0x0d,
>     0xde, 0xbe, 0xef, 0x6d, 0xb0, 0xc7, 0xa6, 0x63, 0xaf, 0x8d,
>     0xab, 0x34, 0xa9, 0xc0, 0x63, 0x88, 0x47, 0x17, 0x4c, 0x4c,
>     0x04,
>   };
>   static const unsigned char signature_data_1[] = {
>     0x30, 0x44, 0x02, 0x20, 0x69, 0x60, 0x55, 0xbb, 0x11, 0x93,
>     0x6a, 0xdc, 0x9b, 0x61, 0x2c, 0x60, 0x19, 0xbc, 0x15, 0x55,
>     0xcf, 0xf2, 0x8e, 0x2e, 0x27, 0x0b, 0x69, 0xef, 0x33, 0x25,
>     0x1e, 0x5d, 0x8c, 0x00, 0x11, 0xef, 0x02, 0x20, 0x0c, 0x26,
>     0xfe, 0x0b, 0x06, 0x8f, 0xe8, 0xe2, 0x02, 0x63, 0xe5, 0x43,
>     0x0d, 0xc9, 0x80, 0x4d, 0xe9, 0x6f, 0x6e, 0x18, 0xdb, 0xb0,
>     0x04, 0x2a, 0x45, 0x37, 0x1a, 0x60, 0x0e, 0xc6, 0xc4, 0x8f,
>   };
>   static const unsigned char signature_data_2[] = {
>     0x30, 0x45, 0x02, 0x21, 0x00, 0xd5, 0x43, 0x36, 0x60, 0x50,
>     0xce, 0xe0, 0x00, 0x51, 0x02, 0x84, 0x95, 0x51, 0x47, 0xaf,
>     0xe4, 0xf9, 0xe1, 0x23, 0xae, 0x21, 0xb4, 0x98, 0xd1, 0xa3,
>     0x5f, 0x3b, 0xf3, 0x6a, 0x65, 0x44, 0x6b, 0x02, 0x20, 0x30,
>     0x7e, 0xb4, 0xea, 0xf0, 0xda, 0xdb, 0xbd, 0x38, 0xb9, 0x7a,
>     0x5d, 0x12, 0x04, 0x0e, 0xc2, 0xf0, 0xb1, 0x0e, 0x25, 0xf8,
>     0x0a, 0x27, 0xa3, 0x16, 0x94, 0xac, 0x1e, 0xb8, 0x6e, 0x00,
>     0x05,
>   };
> 
>   TestCompletionCallback callback;
>   scoped_ptr<ProofVerifier> verifier(
>       CryptoTestUtils::ProofVerifierForTesting());
> 
>   const string server_config = "server config bytes";
>   const string hostname = "test.example.com";
> 
>   vector<string> certs(2);
>   certs[0] = PEMCertFileToDER("test_ecc.example.com.crt");
>   certs[1] = PEMCertFileToDER("intermediate.crt");
> 
>   // Signatures are nondeterministic, so we test multiple signatures on the
>   ...
>   <<<Use your code here.>>>
> }

I have used the latest code from you for the above test. Hope that is ok.

Done.

https://codereview.chromium.org/17385010/diff/53001/net/quic/crypto/proof_ver...
File net/quic/crypto/proof_verifier.h (right):

https://codereview.chromium.org/17385010/diff/53001/net/quic/crypto/proof_ver...
net/quic/crypto/proof_verifier.h:26: // the problem and returns ERR_FAILED.
On 2013/06/24 22:36:56, wtc wrote:
> 
> "returns ERR_FAILED" should replace the "returns false" on the previous line.
> 
> We also need to add comments to document the |callback| argument and the
> async behavior (the function may return ERR_IO_PENDING, in which case the
> |callback| will be run with the final OK/ERR_FAILED result when the proof is
> verified).

Done.

https://codereview.chromium.org/17385010/diff/53001/net/quic/crypto/proof_ver...
net/quic/crypto/proof_verifier.h:37: const CompletionCallback& callback,
On 2013/06/24 22:36:56, wtc wrote:
> 
> The |callback| argument seems to be the last argument by convention.
> Could you check some other methods in net that take a |callback| argument?
> Thanks.

./socket/client_socket_pool_manager.h:106, socet_test_util.h and others don't
seem to follow that convention (they have callback argument in the middle).
Should I change it? thanks.

https://codereview.chromium.org/17385010/diff/53001/net/quic/crypto/proof_ver...
File net/quic/crypto/proof_verifier_chromium.cc (right):

https://codereview.chromium.org/17385010/diff/53001/net/quic/crypto/proof_ver...
net/quic/crypto/proof_verifier_chromium.cc:53: // We call VerifySignature first
to avoid copying of server_config data.
On 2013/06/24 22:36:56, wtc wrote:
> 
> server_config => server_config and signature.
> 
> Remove "data".

Done.

https://codereview.chromium.org/17385010/diff/53001/net/quic/crypto/proof_ver...
net/quic/crypto/proof_verifier_chromium.cc:66: // TODO(rtenneti): do we need to
save the original |error|?
On 2013/06/24 22:36:56, wtc wrote:
> 
> I suggest saving the original |error| in string form in |*error_details|.
> Something like:
> 
>     *error_details = "Failed to verify certificate chain: error " +
>                      ErrorToString(error);
>     error = ERR_FAILED;
> 
> But, this whole thing (lines 64-68) should be moved to DoVerifyCertComplete().

Done.

https://codereview.chromium.org/17385010/diff/53001/net/quic/crypto/proof_ver...
net/quic/crypto/proof_verifier_chromium.cc:79: // Convert certs to X509.
On 2013/06/24 22:36:56, wtc wrote:
> 
> X509 => X509Certificate

Done.

https://codereview.chromium.org/17385010/diff/53001/net/quic/crypto/proof_ver...
net/quic/crypto/proof_verifier_chromium.cc:88: return ERR_FAILED;
On 2013/06/24 22:36:56, wtc wrote:
> 
> ERR_FAILED => ERR_CERT_INVALID

Done.

https://codereview.chromium.org/17385010/diff/53001/net/quic/crypto/proof_ver...
net/quic/crypto/proof_verifier_chromium.cc:123:
base::ResetAndReturn(&callback_).Run(rv >= OK ? OK : ERR_FAILED);
On 2013/06/24 22:36:56, wtc wrote:
> 
> We should pass just |rv| to Run(). The error code mapping should be done
> in DoVerifyCertComplete().

Done.

https://codereview.chromium.org/17385010/diff/53001/net/quic/crypto/proof_ver...
net/quic/crypto/proof_verifier_chromium.cc:130: // TODO(rtenneti): Are the
following flags correct??
On 2013/06/24 22:36:56, wtc wrote:
> 
> Let's start with the following:
>   int flags = CertVerifier::VERIFY_REV_CHECKING_ENABLED |
>               CertVerifier::VERIFY_CERT_IO_ENABLED;

Done.

https://codereview.chromium.org/17385010/diff/53001/net/quic/crypto/proof_ver...
File net/quic/crypto/proof_verifier_chromium.h (right):

https://codereview.chromium.org/17385010/diff/53001/net/quic/crypto/proof_ver...
net/quic/crypto/proof_verifier_chromium.h:30: typedef struct CERTCertificateStr
CERTCertificate;
On 2013/06/24 22:36:56, wtc wrote:
> 
> Delete these two lines. They are NSS-specific.

Done.

https://codereview.chromium.org/17385010/diff/53001/net/quic/crypto/proof_ver...
net/quic/crypto/proof_verifier_chromium.h:46: // TODO(rtenneti): Do we need
completed_cert_verification??
On 2013/06/24 22:36:56, wtc wrote:
> 
> The completed_cert_verification() method doesn't seem necessary.

Done.

https://codereview.chromium.org/17385010/diff/53001/net/quic/crypto/proof_ver...
net/quic/crypto/proof_verifier_chromium.h:61: void OnVerifyCertIOComplete(int
result);
On 2013/06/24 22:36:56, wtc wrote:
> 
> These two functions can be named simply DoLoop(int result)
> and OnIOComplete(int result).

Done.

https://codereview.chromium.org/17385010/diff/53001/net/quic/crypto/proof_ver...
net/quic/crypto/proof_verifier_chromium.h:69: 
On 2013/06/24 22:36:56, wtc wrote:
> 
> Delete one blank line.

Done.

https://codereview.chromium.org/17385010/diff/53001/net/quic/crypto/proof_ver...
net/quic/crypto/proof_verifier_chromium.h:83: CertVerifyResult
server_cert_verify_result_;
On 2013/06/24 22:36:56, wtc wrote:
> 
> Remove "server_" from the member's name.

Done.

https://codereview.chromium.org/17385010/diff/53001/net/quic/crypto/proof_ver...
net/quic/crypto/proof_verifier_chromium.h:86: scoped_refptr<X509Certificate>
server_cert_;
On 2013/06/24 22:36:56, wtc wrote:
> 
> It may be sufficient to just name this member |cert_|.

Done.

https://codereview.chromium.org/17385010/diff/53001/net/quic/crypto/proof_ver...
net/quic/crypto/proof_verifier_chromium.h:88: State next_cert_state_;
On 2013/06/24 22:36:56, wtc wrote:
> 
> This member can be named simply next_state_.

Done.

https://codereview.chromium.org/17385010/diff/53001/net/quic/quic_crypto_clie...
File net/quic/quic_crypto_client_stream.cc (right):

https://codereview.chromium.org/17385010/diff/53001/net/quic/quic_crypto_clie...
net/quic/quic_crypto_client_stream.cc:150: // asynchronous.
On 2013/06/24 22:36:56, wtc wrote:
> 
> Delete this TODO comment because it's done.

Done.

https://codereview.chromium.org/17385010/diff/53001/net/quic/quic_crypto_clie...
net/quic/quic_crypto_client_stream.cc:158: &error_details);
On 2013/06/24 22:36:56, wtc wrote:
> 
> Ideally we should set next_state_ to a state that handles
> the completion of verifier->VerifyProof(). That is the
> convention of the state machines in net.

Done.

https://codereview.chromium.org/17385010/diff/53001/net/quic/quic_crypto_clie...
net/quic/quic_crypto_client_stream.cc:162: } else {
On 2013/06/24 22:36:56, wtc wrote:
> 
> Nit: omit the "else" after a break statement.

Done.

https://codereview.chromium.org/17385010/diff/53001/net/quic/quic_crypto_clie...
net/quic/quic_crypto_client_stream.cc:175: next_state_ = STATE_SEND_CHLO;
On 2013/06/24 22:36:56, wtc wrote:
> 
> It is possible to use additional states to avoid duplicating this code
> (lines 172-175) in two states (this state and the
> STATE_PROOF_VERIFICATION_COMPLETED
> below). The tricky part is how to deal with the cached->SetProofValid() call.

Done.

https://codereview.chromium.org/17385010/diff/53001/net/quic/quic_crypto_clie...
net/quic/quic_crypto_client_stream.cc:254:
CloseConnectionWithDetails(QUIC_PROOF_INVALID, "Proof invalid:");
On 2013/06/24 22:36:56, wtc wrote:
> 
> The error_details string is incomplete: "Proof invalid:". It is missing
> the actual error details.
> 
> I think this code (lines 253-256) should be moved to the code that handles
> the STATE_PROOF_VERIFICATION_COMPLETED. This requires passing |result| to
> DoHandshakeLoop(). Is it easy to do that?

Done.

https://codereview.chromium.org/17385010/diff/53001/net/quic/test_tools/crypt...
File net/quic/test_tools/crypto_test_utils_chromium.cc (right):

https://codereview.chromium.org/17385010/diff/53001/net/quic/test_tools/crypt...
net/quic/test_tools/crypto_test_utils_chromium.cc:31: void
InstallRootCertificate() {
On 2013/06/24 22:36:56, wtc wrote:
> 
> This method should just be inlined in the constructor. This doesn't need
> to be a public method.

Done.

https://codereview.chromium.org/17385010/diff/53001/net/quic/test_tools/crypt...
net/quic/test_tools/crypto_test_utils_chromium.cc:34: "proof_verify.crt");
On 2013/06/24 22:36:56, wtc wrote:
> 
> The root certificate file name should ideally be passed in as an
> argument.

Done.

https://codereview.chromium.org/17385010/diff/53001/net/quic/test_tools/crypt...
net/quic/test_tools/crypto_test_utils_chromium.cc:40:
scoped_refptr<X509Certificate> root_cert_;
On 2013/06/24 22:36:56, wtc wrote:
> 
> Remove the root_cert_ member. The scoped_root_ member will acquire a
> reference to the root cert. See the |cert_| member of the ScopedTestRoot
> class in net/cert/test_root_certs.h.

Done.

ramant (doing other things)

agl@: This CL has Async Proof Verification code. Will upload another CL that has QUIC ...

7 years, 5 months ago (2013-06-28 19:20:49 UTC) #6

agl2

https://codereview.chromium.org/17385010/diff/79024/net/quic/quic_crypto_client_stream.cc File net/quic/quic_crypto_client_stream.cc (right): https://codereview.chromium.org/17385010/diff/79024/net/quic/quic_crypto_client_stream.cc#newcode153 net/quic/quic_crypto_client_stream.cc:153: base::Bind(&QuicCryptoClientStream::VerifyProofCompleted, likewise, base::Bind can't be used in this code ...

7 years, 5 months ago (2013-06-28 20:30:09 UTC) #7

ramant (doing other things)

Thanks agl2 for the comments. Fixed the state machine. PTAL. thanks very much. https://codereview.chromium.org/17385010/diff/79024/net/quic/quic_crypto_client_stream.cc File ...

7 years, 5 months ago (2013-06-29 04:08:43 UTC) #8

Thanks agl2 for the comments. Fixed the state machine. PTAL. thanks very much.

https://codereview.chromium.org/17385010/diff/79024/net/quic/quic_crypto_clie...
File net/quic/quic_crypto_client_stream.cc (right):

https://codereview.chromium.org/17385010/diff/79024/net/quic/quic_crypto_clie...
net/quic/quic_crypto_client_stream.cc:153:
base::Bind(&QuicCryptoClientStream::VerifyProofCompleted,
On 2013/06/28 20:30:09, agl2 wrote:
> likewise, base::Bind can't be used in this code either, sadly.

Will use internal API call here.

https://codereview.chromium.org/17385010/diff/79024/net/quic/quic_crypto_clie...
net/quic/quic_crypto_client_stream.cc:171: cached->SetProofValid();
On 2013/06/28 20:30:09, agl2 wrote:
> This is insecure:
> 
> In the time that a proof was being verified, another connection to the same
> origin may have started and receive different certificates. Thus the proof
that
> this line is marking as valid may not be the proof that was passed to
> VerifyProof.
> 
> verifier needs to implement a cache (I think there already is one under the
> covers so that should be a no-op). I think there needs to be a
> STATE_PROOF_VERIFY containing just the VerifyProof call. If VerifyProof needs
to
> block then the handshake state machine should return to STATE_PROOF_VERIFY and
> call VerifyProof again. If the certs have changed, then it'll verify the new
> ones. If they are the same then it'll hit the cache and return immediately.

Done.

https://codereview.chromium.org/17385010/diff/79024/net/quic/quic_crypto_clie...
File net/quic/quic_crypto_client_stream.h (right):

https://codereview.chromium.org/17385010/diff/79024/net/quic/quic_crypto_clie...
net/quic/quic_crypto_client_stream.h:61:
base::WeakPtrFactory<QuicCryptoClientStream> weak_factory_;
On 2013/06/28 20:30:09, agl2 wrote:
> This code needs to work in google3 as well. I think concepts like
WeakPtrFactory
> don't exist there.

Will not port this CL back. Will use google3 API calls if/when we port this code
back.

agl

https://codereview.chromium.org/17385010/diff/102001/net/quic/crypto/proof_test.cc File net/quic/crypto/proof_test.cc (right): https://codereview.chromium.org/17385010/diff/102001/net/quic/crypto/proof_test.cc#newcode104 net/quic/crypto/proof_test.cc:104: // sLen = hLen The #if 0 block should ...

7 years, 5 months ago (2013-07-01 16:23:18 UTC) #9

wtc

Review comments on patch set 9: ramant: I reviewed everything except quic_crypto_client_stream.cc. I will review ...

7 years, 5 months ago (2013-07-02 00:56:38 UTC) #10

ramant (doing other things)

Hi Wan-Teh and Adam, Made all the changes you/rch have suggested. IMO, this is not ...

7 years, 5 months ago (2013-07-02 14:19:50 UTC) #11

Hi Wan-Teh and Adam,
  Made all the changes you/rch have suggested. IMO, this is not the final
version. Would appreciate if you could take another look at this CL.

thanks very much,
raman

https://codereview.chromium.org/17385010/diff/102001/net/data/ssl/certificate...
File net/data/ssl/certificates/README (right):

https://codereview.chromium.org/17385010/diff/102001/net/data/ssl/certificate...
net/data/ssl/certificates/README:216: - intermediate.crt
On 2013/07/02 00:56:38, wtc wrote:
> 
> Since most of these certificate files have rather generic names, I now think
> we should just add them to the net/quic/crypto/testdata directory, similar to
> the internal source tree.
> 
> Is it easy to do this?

Done.

https://codereview.chromium.org/17385010/diff/102001/net/quic/crypto/proof_te...
File net/quic/crypto/proof_test.cc (right):

https://codereview.chromium.org/17385010/diff/102001/net/quic/crypto/proof_te...
net/quic/crypto/proof_test.cc:104: // sLen = hLen
On 2013/07/01 16:23:18, agl wrote:
> The #if 0 block should probably either be removed, or the comment should be
> expanded to explain why it's being kept around.

Added a comment.

Done.

https://codereview.chromium.org/17385010/diff/102001/net/quic/crypto/proof_te...
net/quic/crypto/proof_test.cc:226: rv = callback.WaitForResult();
On 2013/07/02 00:56:38, wtc wrote:
> 
> Nit: this can be rewritten more compactly as
>   rv = callback.GetResult(rv);

Done.

https://codereview.chromium.org/17385010/diff/102001/net/quic/crypto/proof_te...
net/quic/crypto/proof_test.cc:228: ASSERT_EQ("", verifier->error_details());
On 2013/07/02 00:56:38, wtc wrote:
> 
> Nit: add blank lines between these tests. Specifically, add a blank line
> after each ASSERT_EQ("", verifier->error_details()).

Done.

https://codereview.chromium.org/17385010/diff/102001/net/quic/crypto/proof_ve...
File net/quic/crypto/proof_verifier.h (right):

https://codereview.chromium.org/17385010/diff/102001/net/quic/crypto/proof_ve...
net/quic/crypto/proof_verifier.h:41: virtual std::string error_details() = 0;
On 2013/07/02 00:56:38, wtc wrote:
> 
> |error_details| should still be an output argument of VerifyProof().
> VerifyProof() can return an output (in addition to the 'int' result)
> asynchronously. The caller needs to make sure the memory pointed to
> by |error_details| remains valid until VerifyProof() completes or is
> aborted.
> 
> This reminds me that the ProofVerifier destructor needs to abort a
> pending VerifyProof() operation.

For |error_details| to be valid until ProofVerifier, stored errors in
|error_details| on ProofVerifier for both synchronous and asynchronous calls.
The other choice is to store the error details in |session|. Hope this is ok.

We call ~SingleRequestCertVerifier and it does a CancelRequest.
Done.

https://codereview.chromium.org/17385010/diff/102001/net/quic/crypto/proof_ve...
File net/quic/crypto/proof_verifier_chromium.cc (right):

https://codereview.chromium.org/17385010/diff/102001/net/quic/crypto/proof_ve...
net/quic/crypto/proof_verifier_chromium.cc:35: cert_(NULL),
On 2013/07/02 00:56:38, wtc wrote:
> 
> This initializer is not necessary because |cert_| is a scoped_refptr,
> whose default constructor is equivalent to this initializer.

Done.

https://codereview.chromium.org/17385010/diff/102001/net/quic/crypto/proof_ve...
net/quic/crypto/proof_verifier_chromium.cc:60: vector<StringPiece>
v(certs.size());
On 2013/07/02 00:56:38, wtc wrote:
> 
> Nit: "v" seems too short. How about |pieces| or |cert_pieces|?

Done.

https://codereview.chromium.org/17385010/diff/102001/net/quic/crypto/proof_ve...
net/quic/crypto/proof_verifier_chromium.cc:68: return ERR_CERT_INVALID;
On 2013/07/02 00:56:38, wtc wrote:
> 
> We need to return ERR_FAILED because ProofVerifier::VerifyProof
> is documented to return OK or ERR_FAILED.

Done.

https://codereview.chromium.org/17385010/diff/102001/net/quic/crypto/proof_ve...
net/quic/crypto/proof_verifier_chromium.cc:91: return DoLoop(OK);
On 2013/07/02 00:56:38, wtc wrote:
> 
> I suggest removing the VerifyChain() function and just inlining these two
lines
> at the only call site.

Done.

https://codereview.chromium.org/17385010/diff/102001/net/quic/crypto/proof_ve...
net/quic/crypto/proof_verifier_chromium.cc:151: // Exit DoLoop and return the
result to the caller to ProofVerify.
On 2013/07/02 00:56:38, wtc wrote:
> 
> Typo: ProofVerify => VerifyProof

Done.

https://codereview.chromium.org/17385010/diff/102001/net/quic/crypto/proof_ve...
net/quic/crypto/proof_verifier_chromium.cc:230: DLOG(WARNING) << "VerifyFinal
success";
On 2013/07/02 00:56:38, wtc wrote:
> 
> This should be DLOG(INFO), or should be removed.

Done.

https://codereview.chromium.org/17385010/diff/102001/net/quic/crypto/proof_ve...
File net/quic/crypto/proof_verifier_chromium.h (right):

https://codereview.chromium.org/17385010/diff/102001/net/quic/crypto/proof_ve...
net/quic/crypto/proof_verifier_chromium.h:71: CertVerifyResult
cert_verify_result_;
On 2013/07/01 16:23:18, agl wrote:
> These members suggest that you're going to have to create a new ProofVerifier
> for every connection, is that the plan? I think that needs more changes than
you
> have made because the ProofVerifier is still attached to the
> QuicCryptoClientConfig and many connections share the same
> QuicCryptoClientConfig.
> 
> Rather, I think you need one ProofVerifier per process (i.e. it's a global),
and
> this state needs to be wrapped up in an internal object that's created for
each
> call to VerifyProof.

We thought we would have one ProofVerifier per Session. Added a TODO to support
multiple requests for one ProofVerifier per process. Added a DCHECK that we
don't have multiple requests for one ProofVerifier.

https://codereview.chromium.org/17385010/diff/102001/net/quic/crypto/proof_ve...
net/quic/crypto/proof_verifier_chromium.h:79: BoundNetLog net_log_;
On 2013/07/02 00:56:38, wtc wrote:
> 
> The net_log_ member probably should be initialized by an argument to the
> constructor.
> 
> Take SSLClientSocketNSS for an example. Its net_log_ member is initialized by
> the
> NetLog of the transport_socket input to the constructor.

Done.

https://codereview.chromium.org/17385010/diff/102001/net/quic/quic_crypto_cli...
File net/quic/quic_crypto_client_stream.cc (right):

https://codereview.chromium.org/17385010/diff/102001/net/quic/quic_crypto_cli...
net/quic/quic_crypto_client_stream.cc:167: next_state_ =
STATE_PROOF_VERIFICATION_COMPLETED;
On 2013/07/01 16:23:18, agl wrote:
> This needs to be STATE_PROOF_VERIFY I think, and that would mean that result
> needs to be checked on entry to STATE_PROOF_VERIFY.
> 
> (Because the cached->SetProofValid must correspond to the cached->certs()
given
> to VerifyProof, and cached->certs() may have changed between
STATE_PROOF_VERIFY
> and STATE_PROOF_VERIFICATION_COMPLETED.)
> 
> That also means that VerifyProof must not return ERR_IO_PENDING if asked the
> same question twice. If that's not possible then the cache could be
implemented
> here by adding a generation counter to CachedState and remembering which
> generation was verified.

Implemented generation_counter.

Didn't change the next_state_. Got the error_details from ProofVerifier for
synchronous and asynchronous calls. Kept the error_details in ProofVerifier
(from ownership point of view). Another choice is to store it in session().

Done.

https://codereview.chromium.org/17385010/diff/102001/net/quic/quic_crypto_cli...
File net/quic/quic_crypto_client_stream.h (right):

https://codereview.chromium.org/17385010/diff/102001/net/quic/quic_crypto_cli...
net/quic/quic_crypto_client_stream.h:51: STATE_PROOF_VERIFICATION_COMPLETED,
On 2013/07/02 00:56:38, wtc wrote:
> 
> Nit: these two states should be named STATE_VERIFY_PROOF and
> STATE_VERIFY_PROOF_COMPLETE by our convention.

Done.

https://codereview.chromium.org/17385010/diff/102001/net/quic/quic_crypto_cli...
net/quic/quic_crypto_client_stream.h:59: void VerifyProofCompleted(int result);
On 2013/07/02 00:56:38, wtc wrote:
> 
> Nit: this method probably should be named OnVerifyProofComplete
> by our convention.

Done.

https://codereview.chromium.org/17385010/diff/102001/net/quic/test_tools/cryp...
File net/quic/test_tools/crypto_test_utils_chromium.cc (right):

https://codereview.chromium.org/17385010/diff/102001/net/quic/test_tools/cryp...
net/quic/test_tools/crypto_test_utils_chromium.cc:8: #include "base/logging.h"
On 2013/07/02 00:56:38, wtc wrote:
> 
> "base/logging.h" doesn't seem necessary...

Done.

https://codereview.chromium.org/17385010/diff/102001/net/quic/test_tools/cryp...
net/quic/test_tools/crypto_test_utils_chromium.cc:17: #include
"testing/gtest/include/gtest/gtest.h"
On 2013/07/02 00:56:38, wtc wrote:
> 
> "testing/gtest/include/gtest/gtest.h" doesn't seem necessary.

Done.

https://codereview.chromium.org/17385010/diff/102001/net/quic/test_tools/cryp...
net/quic/test_tools/crypto_test_utils_chromium.cc:26: const std::string&
cert_file)
On 2013/07/02 00:56:38, wtc wrote:
> 
> This constructor does not need to be marked "explicit" because it has
> two arguments.

Done.

agl

https://codereview.chromium.org/17385010/diff/129001/net/quic/crypto/proof_verifier_chromium.cc File net/quic/crypto/proof_verifier_chromium.cc (right): https://codereview.chromium.org/17385010/diff/129001/net/quic/crypto/proof_verifier_chromium.cc#newcode141 net/quic/crypto/proof_verifier_chromium.cc:141: int flags = CertVerifier::VERIFY_REV_CHECKING_ENABLED | I would remove both ...

7 years, 5 months ago (2013-07-02 15:20:08 UTC) #12

Ryan Hamilton

lgtm https://codereview.chromium.org/17385010/diff/102001/net/quic/crypto/proof_verifier.h File net/quic/crypto/proof_verifier.h (right): https://codereview.chromium.org/17385010/diff/102001/net/quic/crypto/proof_verifier.h#newcode41 net/quic/crypto/proof_verifier.h:41: virtual std::string error_details() = 0; On 2013/07/02 14:19:50, ...

7 years, 5 months ago (2013-07-02 16:24:50 UTC) #13

ramant (doing other things)

Could you please take another look? thanks much. https://codereview.chromium.org/17385010/diff/129001/net/quic/crypto/proof_verifier_chromium.cc File net/quic/crypto/proof_verifier_chromium.cc (right): https://codereview.chromium.org/17385010/diff/129001/net/quic/crypto/proof_verifier_chromium.cc#newcode141 net/quic/crypto/proof_verifier_chromium.cc:141: int ...

7 years, 5 months ago (2013-07-02 19:45:51 UTC) #14

Could you please take another look? thanks much.

https://codereview.chromium.org/17385010/diff/129001/net/quic/crypto/proof_ve...
File net/quic/crypto/proof_verifier_chromium.cc (right):

https://codereview.chromium.org/17385010/diff/129001/net/quic/crypto/proof_ve...
net/quic/crypto/proof_verifier_chromium.cc:141: int flags =
CertVerifier::VERIFY_REV_CHECKING_ENABLED |
On 2013/07/02 15:20:08, agl wrote:
> I would remove both of these.
> 
> VERIFY_REV_CHECKING_ENABLED is disabled by default in Chrome, although it's an
> option in the UI. Plumbing that option in would be nice, but not critical.
> 
> Without rev checking, VERIFY_CERT_IO_ENABLED is a hangover for broken HTTPS
> sites and we should try and start a new world with QUIC :)
> 

Done.

https://codereview.chromium.org/17385010/diff/129001/net/quic/quic_crypto_cli...
File net/quic/quic_crypto_client_stream.cc (right):

https://codereview.chromium.org/17385010/diff/129001/net/quic/quic_crypto_cli...
net/quic/quic_crypto_client_stream.cc:153: // cached->signature is empty then we
don't check the certificates.
On 2013/07/02 15:20:08, agl wrote:
> We can receive multiple REJ in a handshake. At the moment, if a REJ comes in
> with no signature then we'll go to STATE_VERIFY_PROOF_COMPLETED and end up
> calling cached->SetProofValid. i.e. sending no certificates would be accepted
by
> this code.

Reorganized the code. Could you take another look.

https://codereview.chromium.org/17385010/diff/129001/net/quic/quic_crypto_cli...
net/quic/quic_crypto_client_stream.cc:160:
DCHECK_EQ(verifier->generation_counter(), 0u);
On 2013/07/02 15:20:08, agl wrote:
> Why should the generation counter always be zero? We might end up verifying
> several proofs.

Done.

https://codereview.chromium.org/17385010/diff/129001/net/quic/quic_crypto_cli...
net/quic/quic_crypto_client_stream.cc:189:
CloseConnectionWithDetails(QUIC_PROOF_INVALID,
On 2013/07/02 15:20:08, agl wrote:
> The generation counter changing isn't an error. We should just loop back to
> STATE_VERIFY_PROOF.

Done.

https://codereview.chromium.org/17385010/diff/129001/net/quic/quic_crypto_cli...
net/quic/quic_crypto_client_stream.cc:270: DVLOG(1) << "VerifyProof completed: "
<< result;
On 2013/07/02 15:20:08, agl wrote:
> Is it ensured that this callback is always made on the same thread? If so,
could
> you comment that?

Added the comment to VerifyProof.

Done.

agl

LGTM https://codereview.chromium.org/17385010/diff/158001/net/quic/crypto/crypto_handshake.h File net/quic/crypto/crypto_handshake.h (right): https://codereview.chromium.org/17385010/diff/158001/net/quic/crypto/crypto_handshake.h#newcode356 net/quic/crypto/crypto_handshake.h:356: ProofVerifier* proof_verifier() const; It seems that removing this ...

7 years, 5 months ago (2013-07-02 20:41:31 UTC) #15

ramant (doing other things)

Will land after wtc's review. thanks very much Adam. https://codereview.chromium.org/17385010/diff/158001/net/quic/crypto/crypto_handshake.h File net/quic/crypto/crypto_handshake.h (right): https://codereview.chromium.org/17385010/diff/158001/net/quic/crypto/crypto_handshake.h#newcode356 net/quic/crypto/crypto_handshake.h:356: ...

7 years, 5 months ago (2013-07-02 21:22:20 UTC) #16

commit-bot: I haz the power

CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/rtenneti@chromium.org/17385010/170001

7 years, 5 months ago (2013-07-02 23:12:22 UTC) #17

wtc

Patch set 12 LGTM. You can make the changes I suggested in a follow-up CL. ...

7 years, 5 months ago (2013-07-03 00:20:26 UTC) #18

commit-bot: I haz the power

Retried try job too often on win_rel for step(s) net_unittests http://build.chromium.org/p/tryserver.chromium/buildstatus?builder=win_rel&number=172142

7 years, 5 months ago (2013-07-03 02:10:08 UTC) #19

commit-bot: I haz the power

CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/rtenneti@chromium.org/17385010/201001

7 years, 5 months ago (2013-07-03 02:10:18 UTC) #20

commit-bot: I haz the power

Sorry for I got bad news for ya. Compile failed with a clobber build on ...

7 years, 5 months ago (2013-07-03 03:18:31 UTC) #21

commit-bot: I haz the power

CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/rtenneti@chromium.org/17385010/213002

7 years, 5 months ago (2013-07-03 04:10:39 UTC) #22

ramant (doing other things)

Implemented changes suggested by wtc in the following CL. https://codereview.chromium.org/18033005 https://chromiumcodereview.appspot.com/17385010/diff/170001/net/data/ssl/certificates/README File net/data/ssl/certificates/README (right): https://chromiumcodereview.appspot.com/17385010/diff/170001/net/data/ssl/certificates/README#newcode219 ...

7 years, 5 months ago (2013-07-03 05:46:33 UTC) #23

commit-bot: I haz the power

CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/rtenneti@chromium.org/17385010/228001

7 years, 5 months ago (2013-07-03 07:45:14 UTC) #24

wtc

Patch set 15 LGTM. https://chromiumcodereview.appspot.com/17385010/diff/170001/net/quic/quic_crypto_client_stream.cc File net/quic/quic_crypto_client_stream.cc (right): https://chromiumcodereview.appspot.com/17385010/diff/170001/net/quic/quic_crypto_client_stream.cc#newcode73 net/quic/quic_crypto_client_stream.cc:73: case STATE_SEND_CHLO: { On 2013/07/03 ...

7 years, 5 months ago (2013-07-03 18:50:23 UTC) #26

ramant (doing other things)

7 years, 5 months ago (2013-07-03 20:15:20 UTC) #27

Message was sent while issue was closed.

Made the changes in CL https://chromiumcodereview.appspot.com/18033005/.

thanks
raman

https://chromiumcodereview.appspot.com/17385010/diff/228001/net/quic/crypto/p...
File net/quic/crypto/proof_test.cc (right):

https://chromiumcodereview.appspot.com/17385010/diff/228001/net/quic/crypto/p...
net/quic/crypto/proof_test.cc:18: #endif
On 2013/07/03 18:50:23, wtc wrote:
> 
> This should be removed because it is not used in the final
> version.

Done.

https://chromiumcodereview.appspot.com/17385010/diff/228001/net/quic/crypto/p...
net/quic/crypto/proof_test.cc:267: // TODO(rtenneti): Enable
VerifyECDSAKnownAnswerTest on win_rel and XP.
On 2013/07/03 18:50:23, wtc wrote:
> 
> on win_rel and XP => on Windows
> 
> It would be nice to describe what the problem is.

Done.

Expand Messages | Collapse Messages