OLD | NEW |
---|---|
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/quic/crypto/crypto_handshake.h" | 5 #include "net/quic/crypto/crypto_handshake.h" |
6 | 6 |
7 #include <ctype.h> | 7 #include <ctype.h> |
8 | 8 |
9 #include "base/memory/scoped_ptr.h" | 9 #include "base/memory/scoped_ptr.h" |
10 #include "base/stl_util.h" | 10 #include "base/stl_util.h" |
(...skipping 339 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
350 | 350 |
351 QuicCryptoConfig::~QuicCryptoConfig() {} | 351 QuicCryptoConfig::~QuicCryptoConfig() {} |
352 | 352 |
353 QuicCryptoClientConfig::QuicCryptoClientConfig() {} | 353 QuicCryptoClientConfig::QuicCryptoClientConfig() {} |
354 | 354 |
355 QuicCryptoClientConfig::~QuicCryptoClientConfig() { | 355 QuicCryptoClientConfig::~QuicCryptoClientConfig() { |
356 STLDeleteValues(&cached_states_); | 356 STLDeleteValues(&cached_states_); |
357 } | 357 } |
358 | 358 |
359 QuicCryptoClientConfig::CachedState::CachedState() | 359 QuicCryptoClientConfig::CachedState::CachedState() |
360 : server_config_valid_(false) {} | 360 : server_config_valid_(false), |
361 generation_counter_(0) {} | |
361 | 362 |
362 QuicCryptoClientConfig::CachedState::~CachedState() {} | 363 QuicCryptoClientConfig::CachedState::~CachedState() {} |
363 | 364 |
364 bool QuicCryptoClientConfig::CachedState::IsComplete(QuicWallTime now) const { | 365 bool QuicCryptoClientConfig::CachedState::IsComplete(QuicWallTime now) const { |
365 if (server_config_.empty() || !server_config_valid_) { | 366 if (server_config_.empty() || !server_config_valid_) { |
366 return false; | 367 return false; |
367 } | 368 } |
368 | 369 |
369 const CryptoHandshakeMessage* scfg = GetServerConfig(); | 370 const CryptoHandshakeMessage* scfg = GetServerConfig(); |
370 if (!scfg) { | 371 if (!scfg) { |
(...skipping 52 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
423 } | 424 } |
424 | 425 |
425 if (now.ToUNIXSeconds() >= expiry_seconds) { | 426 if (now.ToUNIXSeconds() >= expiry_seconds) { |
426 *error_details = "SCFG has expired"; | 427 *error_details = "SCFG has expired"; |
427 return QUIC_CRYPTO_SERVER_CONFIG_EXPIRED; | 428 return QUIC_CRYPTO_SERVER_CONFIG_EXPIRED; |
428 } | 429 } |
429 | 430 |
430 if (!matches_existing) { | 431 if (!matches_existing) { |
431 server_config_ = server_config.as_string(); | 432 server_config_ = server_config.as_string(); |
432 server_config_valid_ = false; | 433 server_config_valid_ = false; |
434 ++generation_counter_; | |
433 scfg_.reset(new_scfg_storage.release()); | 435 scfg_.reset(new_scfg_storage.release()); |
434 } | 436 } |
435 return QUIC_NO_ERROR; | 437 return QUIC_NO_ERROR; |
436 } | 438 } |
437 | 439 |
438 void QuicCryptoClientConfig::CachedState::InvalidateServerConfig() { | 440 void QuicCryptoClientConfig::CachedState::InvalidateServerConfig() { |
439 server_config_.clear(); | 441 server_config_.clear(); |
440 scfg_.reset(); | 442 scfg_.reset(); |
441 server_config_valid_ = false; | 443 server_config_valid_ = false; |
444 ++generation_counter_; | |
442 } | 445 } |
443 | 446 |
444 void QuicCryptoClientConfig::CachedState::SetProof(const vector<string>& certs, | 447 void QuicCryptoClientConfig::CachedState::SetProof(const vector<string>& certs, |
445 StringPiece signature) { | 448 StringPiece signature) { |
446 bool has_changed = | 449 bool has_changed = |
447 signature != server_config_sig_ || certs_.size() != certs.size(); | 450 signature != server_config_sig_ || certs_.size() != certs.size(); |
448 | 451 |
449 if (!has_changed) { | 452 if (!has_changed) { |
450 for (size_t i = 0; i < certs_.size(); i++) { | 453 for (size_t i = 0; i < certs_.size(); i++) { |
451 if (certs_[i] != certs[i]) { | 454 if (certs_[i] != certs[i]) { |
452 has_changed = true; | 455 has_changed = true; |
453 break; | 456 break; |
454 } | 457 } |
455 } | 458 } |
456 } | 459 } |
457 | 460 |
458 if (!has_changed) { | 461 if (!has_changed) { |
459 return; | 462 return; |
460 } | 463 } |
461 | 464 |
462 // If the proof has changed then it needs to be revalidated. | 465 // If the proof has changed then it needs to be revalidated. |
463 server_config_valid_ = false; | 466 server_config_valid_ = false; |
467 ++generation_counter_; | |
wtc
2013/07/03 00:20:26
It may be a good idea to create a function, say Se
ramant (doing other things)
2013/07/03 05:46:34
Done.
| |
464 certs_ = certs; | 468 certs_ = certs; |
465 server_config_sig_ = signature.as_string(); | 469 server_config_sig_ = signature.as_string(); |
466 } | 470 } |
467 | 471 |
468 void QuicCryptoClientConfig::CachedState::SetProofValid() { | 472 void QuicCryptoClientConfig::CachedState::SetProofValid() { |
469 server_config_valid_ = true; | 473 server_config_valid_ = true; |
470 } | 474 } |
471 | 475 |
472 const string& QuicCryptoClientConfig::CachedState::server_config() const { | 476 const string& QuicCryptoClientConfig::CachedState::server_config() const { |
473 return server_config_; | 477 return server_config_; |
474 } | 478 } |
475 | 479 |
476 const string& | 480 const string& |
477 QuicCryptoClientConfig::CachedState::source_address_token() const { | 481 QuicCryptoClientConfig::CachedState::source_address_token() const { |
478 return source_address_token_; | 482 return source_address_token_; |
479 } | 483 } |
480 | 484 |
481 const vector<string>& QuicCryptoClientConfig::CachedState::certs() const { | 485 const vector<string>& QuicCryptoClientConfig::CachedState::certs() const { |
482 return certs_; | 486 return certs_; |
483 } | 487 } |
484 | 488 |
485 const string& QuicCryptoClientConfig::CachedState::signature() const { | 489 const string& QuicCryptoClientConfig::CachedState::signature() const { |
486 return server_config_sig_; | 490 return server_config_sig_; |
487 } | 491 } |
488 | 492 |
489 bool QuicCryptoClientConfig::CachedState::proof_valid() const { | 493 bool QuicCryptoClientConfig::CachedState::proof_valid() const { |
490 return server_config_valid_; | 494 return server_config_valid_; |
491 } | 495 } |
492 | 496 |
497 uint64 QuicCryptoClientConfig::CachedState::generation_counter() const { | |
498 return generation_counter_; | |
499 } | |
500 | |
493 void QuicCryptoClientConfig::CachedState::set_source_address_token( | 501 void QuicCryptoClientConfig::CachedState::set_source_address_token( |
494 StringPiece token) { | 502 StringPiece token) { |
495 source_address_token_ = token.as_string(); | 503 source_address_token_ = token.as_string(); |
496 } | 504 } |
497 | 505 |
498 void QuicCryptoClientConfig::SetDefaults() { | 506 void QuicCryptoClientConfig::SetDefaults() { |
499 // Version must be 0. | 507 // Version must be 0. |
500 // TODO(agl): this version stuff is obsolete now. | 508 // TODO(agl): this version stuff is obsolete now. |
501 version = QuicCryptoConfig::CONFIG_VERSION; | 509 version = QuicCryptoConfig::CONFIG_VERSION; |
502 | 510 |
(...skipping 326 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
829 hkdf_input.append(out_params->hkdf_input_suffix); | 837 hkdf_input.append(out_params->hkdf_input_suffix); |
830 | 838 |
831 CryptoUtils::DeriveKeys( | 839 CryptoUtils::DeriveKeys( |
832 out_params->forward_secure_premaster_secret, out_params->aead, | 840 out_params->forward_secure_premaster_secret, out_params->aead, |
833 out_params->client_nonce, out_params->server_nonce, hkdf_input, | 841 out_params->client_nonce, out_params->server_nonce, hkdf_input, |
834 CryptoUtils::CLIENT, &out_params->forward_secure_crypters); | 842 CryptoUtils::CLIENT, &out_params->forward_secure_crypters); |
835 | 843 |
836 return QUIC_NO_ERROR; | 844 return QUIC_NO_ERROR; |
837 } | 845 } |
838 | 846 |
839 const ProofVerifier* QuicCryptoClientConfig::proof_verifier() const { | 847 ProofVerifier* QuicCryptoClientConfig::proof_verifier() const { |
840 return proof_verifier_.get(); | 848 return proof_verifier_.get(); |
841 } | 849 } |
842 | 850 |
843 void QuicCryptoClientConfig::SetProofVerifier(ProofVerifier* verifier) { | 851 void QuicCryptoClientConfig::SetProofVerifier(ProofVerifier* verifier) { |
844 proof_verifier_.reset(verifier); | 852 proof_verifier_.reset(verifier); |
845 } | 853 } |
846 | 854 |
847 ChannelIDSigner* QuicCryptoClientConfig::channel_id_signer() const { | 855 ChannelIDSigner* QuicCryptoClientConfig::channel_id_signer() const { |
848 return channel_id_signer_.get(); | 856 return channel_id_signer_.get(); |
849 } | 857 } |
850 | 858 |
851 void QuicCryptoClientConfig::SetChannelIDSigner(ChannelIDSigner* signer) { | 859 void QuicCryptoClientConfig::SetChannelIDSigner(ChannelIDSigner* signer) { |
852 channel_id_signer_.reset(signer); | 860 channel_id_signer_.reset(signer); |
853 } | 861 } |
854 | 862 |
855 } // namespace net | 863 } // namespace net |
OLD | NEW |