Chromium Code Reviews Chromium Code Reviews
Issue 17385010:
OpenSSL/NSS implementation of ProofVerfifier. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef NET_QUIC_CRYPTO_CRYPTO_HANDSHAKE_H_ | 5 #ifndef NET_QUIC_CRYPTO_CRYPTO_HANDSHAKE_H_ |
| 6 #define NET_QUIC_CRYPTO_CRYPTO_HANDSHAKE_H_ | 6 #define NET_QUIC_CRYPTO_CRYPTO_HANDSHAKE_H_ |
| 7 | 7 |
| 8 #include <map> | 8 #include <map> |
| 9 #include <string> | 9 #include <string> |
| 10 #include <vector> | 10 #include <vector> |
| (...skipping 255 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 266 // SetProofValid records that the certificate chain and signature have been | 266 // SetProofValid records that the certificate chain and signature have been |
| 267 // validated and that it's safe to assume that the server is legitimate. | 267 // validated and that it's safe to assume that the server is legitimate. |
| 268 // (Note: this does not check the chain or signature.) | 268 // (Note: this does not check the chain or signature.) |
| 269 void SetProofValid(); | 269 void SetProofValid(); |
| 270 | 270 |
| 271 const std::string& server_config() const; | 271 const std::string& server_config() const; |
| 272 const std::string& source_address_token() const; | 272 const std::string& source_address_token() const; |
| 273 const std::vector<std::string>& certs() const; | 273 const std::vector<std::string>& certs() const; |
| 274 const std::string& signature() const; | 274 const std::string& signature() const; |
| 275 bool proof_valid() const; | 275 bool proof_valid() const; |
| 276 uint64 generation_counter() const; | |
| 276 | 277 |
| 277 void set_source_address_token(base::StringPiece token); | 278 void set_source_address_token(base::StringPiece token); |
| 278 | 279 |
| 279 private: | 280 private: |
| 280 std::string server_config_id_; // An opaque id from the server. | 281 std::string server_config_id_; // An opaque id from the server. |
| 281 std::string server_config_; // A serialized handshake message. | 282 std::string server_config_; // A serialized handshake message. |
| 282 std::string source_address_token_; // An opaque proof of IP ownership. | 283 std::string source_address_token_; // An opaque proof of IP ownership. |
| 283 std::vector<std::string> certs_; // A list of certificates in leaf-first | 284 std::vector<std::string> certs_; // A list of certificates in leaf-first |
| 284 // order. | 285 // order. |
| 285 std::string server_config_sig_; // A signature of |server_config_|. | 286 std::string server_config_sig_; // A signature of |server_config_|. |
| 286 bool server_config_valid_; // true if |server_config_| is correctly signed | 287 bool server_config_valid_; // True if |server_config_| is correctly |
| 287 // and |certs_| has been validated. | 288 // signed and |certs_| has been |
| 289 // validated. | |
| 290 uint64 generation_counter_; // Generation counter associated with | |
| 291 // the |server_config_|, |certs_| and | |
| 292 // |server_config_sig_| combination. | |
|
wtc
2013/07/03 00:20:26
Nit: it would be nice to point out that generation
ramant (doing other things)
2013/07/03 05:46:34
Done.
| |
| 288 | 293 |
| 289 // scfg contains the cached, parsed value of |server_config|. | 294 // scfg contains the cached, parsed value of |server_config|. |
| 290 mutable scoped_ptr<CryptoHandshakeMessage> scfg_; | 295 mutable scoped_ptr<CryptoHandshakeMessage> scfg_; |
| 291 }; | 296 }; |
| 292 | 297 |
| 293 QuicCryptoClientConfig(); | 298 QuicCryptoClientConfig(); |
| 294 ~QuicCryptoClientConfig(); | 299 ~QuicCryptoClientConfig(); |
| 295 | 300 |
| 296 // Sets the members to reasonable, default values. | 301 // Sets the members to reasonable, default values. |
| 297 void SetDefaults(); | 302 void SetDefaults(); |
| (...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 341 | 346 |
| 342 // ProcessServerHello processes the message in |server_hello|, writes the | 347 // ProcessServerHello processes the message in |server_hello|, writes the |
| 343 // negotiated parameters to |out_params| and returns QUIC_NO_ERROR. If | 348 // negotiated parameters to |out_params| and returns QUIC_NO_ERROR. If |
| 344 // |server_hello| is unacceptable then it puts an error message in | 349 // |server_hello| is unacceptable then it puts an error message in |
| 345 // |error_details| and returns an error code. | 350 // |error_details| and returns an error code. |
| 346 QuicErrorCode ProcessServerHello(const CryptoHandshakeMessage& server_hello, | 351 QuicErrorCode ProcessServerHello(const CryptoHandshakeMessage& server_hello, |
| 347 QuicGuid guid, | 352 QuicGuid guid, |
| 348 QuicCryptoNegotiatedParameters* out_params, | 353 QuicCryptoNegotiatedParameters* out_params, |
| 349 std::string* error_details); | 354 std::string* error_details); |
| 350 | 355 |
| 351 const ProofVerifier* proof_verifier() const; | 356 ProofVerifier* proof_verifier() const; |
| 352 | 357 |
| 353 // SetProofVerifier takes ownership of a |ProofVerifier| that clients are | 358 // SetProofVerifier takes ownership of a |ProofVerifier| that clients are |
| 354 // free to use in order to verify certificate chains from servers. If a | 359 // free to use in order to verify certificate chains from servers. If a |
| 355 // ProofVerifier is set then the client will request a certificate chain from | 360 // ProofVerifier is set then the client will request a certificate chain from |
| 356 // the server. | 361 // the server. |
| 357 void SetProofVerifier(ProofVerifier* verifier); | 362 void SetProofVerifier(ProofVerifier* verifier); |
| 358 | 363 |
| 359 ChannelIDSigner* channel_id_signer() const; | 364 ChannelIDSigner* channel_id_signer() const; |
| 360 | 365 |
| 361 // SetChannelIDSigner sets a ChannelIDSigner that will be called when the | 366 // SetChannelIDSigner sets a ChannelIDSigner that will be called when the |
| 362 // server supports channel IDs to sign a message proving possession of the | 367 // server supports channel IDs to sign a message proving possession of the |
| 363 // given ChannelID. This object takes ownership of |signer|. | 368 // given ChannelID. This object takes ownership of |signer|. |
| 364 void SetChannelIDSigner(ChannelIDSigner* signer); | 369 void SetChannelIDSigner(ChannelIDSigner* signer); |
| 365 | 370 |
| 366 private: | 371 private: |
| 367 // cached_states_ maps from the server hostname to the cached information | 372 // cached_states_ maps from the server hostname to the cached information |
| 368 // about that server. | 373 // about that server. |
| 369 std::map<std::string, CachedState*> cached_states_; | 374 std::map<std::string, CachedState*> cached_states_; |
| 370 | 375 |
| 371 scoped_ptr<ProofVerifier> proof_verifier_; | 376 scoped_ptr<ProofVerifier> proof_verifier_; |
| 372 scoped_ptr<ChannelIDSigner> channel_id_signer_; | 377 scoped_ptr<ChannelIDSigner> channel_id_signer_; |
| 373 | 378 |
| 374 DISALLOW_COPY_AND_ASSIGN(QuicCryptoClientConfig); | 379 DISALLOW_COPY_AND_ASSIGN(QuicCryptoClientConfig); |
| 375 }; | 380 }; |
| 376 | 381 |
| 377 } // namespace net | 382 } // namespace net |
| 378 | 383 |
| 379 #endif // NET_QUIC_CRYPTO_CRYPTO_HANDSHAKE_H_ | 384 #endif // NET_QUIC_CRYPTO_CRYPTO_HANDSHAKE_H_ |
| OLD | NEW |
