Chromium Code Reviews Chromium Code Reviews
Issue 23019005:
Clear the QUIC cached proof when a client receives a REJ w/o a PROF tag. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/quic/crypto/crypto_handshake.h" | 5 #include "net/quic/crypto/crypto_handshake.h" |
| 6 | 6 |
| 7 #include <ctype.h> | 7 #include <ctype.h> |
| 8 | 8 |
| 9 #include "base/memory/scoped_ptr.h" | 9 #include "base/memory/scoped_ptr.h" |
| 10 #include "base/stl_util.h" | 10 #include "base/stl_util.h" |
| (...skipping 452 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 463 if (!has_changed) { | 463 if (!has_changed) { |
| 464 return; | 464 return; |
| 465 } | 465 } |
| 466 | 466 |
| 467 // If the proof has changed then it needs to be revalidated. | 467 // If the proof has changed then it needs to be revalidated. |
| 468 SetProofInvalid(); | 468 SetProofInvalid(); |
| 469 certs_ = certs; | 469 certs_ = certs; |
| 470 server_config_sig_ = signature.as_string(); | 470 server_config_sig_ = signature.as_string(); |
| 471 } | 471 } |
| 472 | 472 |
| 473 void QuicCryptoClientConfig::CachedState::ClearProof() { | |
| 474 SetProofInvalid(); | |
| 475 certs_.clear(); | |
| 476 server_config_sig_.clear(); | |
| 477 } | |
| 478 | |
| 473 void QuicCryptoClientConfig::CachedState::SetProofValid() { | 479 void QuicCryptoClientConfig::CachedState::SetProofValid() { |
| 474 server_config_valid_ = true; | 480 server_config_valid_ = true; |
| 475 } | 481 } |
| 476 | 482 |
| 477 void QuicCryptoClientConfig::CachedState::SetProofInvalid() { | 483 void QuicCryptoClientConfig::CachedState::SetProofInvalid() { |
| 478 server_config_valid_ = false; | 484 server_config_valid_ = false; |
| 479 ++generation_counter_; | 485 ++generation_counter_; |
| 480 } | 486 } |
| 481 | 487 |
| 482 const string& QuicCryptoClientConfig::CachedState::server_config() const { | 488 const string& QuicCryptoClientConfig::CachedState::server_config() const { |
| (...skipping 332 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 815 if (rej.GetStringPiece(kSourceAddressTokenTag, &token)) { | 821 if (rej.GetStringPiece(kSourceAddressTokenTag, &token)) { |
| 816 cached->set_source_address_token(token); | 822 cached->set_source_address_token(token); |
| 817 } | 823 } |
| 818 | 824 |
| 819 StringPiece nonce; | 825 StringPiece nonce; |
| 820 if (rej.GetStringPiece(kServerNonceTag, &nonce)) { | 826 if (rej.GetStringPiece(kServerNonceTag, &nonce)) { |
| 821 out_params->server_nonce = nonce.as_string(); | 827 out_params->server_nonce = nonce.as_string(); |
| 822 } | 828 } |
| 823 | 829 |
| 824 StringPiece proof, cert_bytes; | 830 StringPiece proof, cert_bytes; |
| 825 if (rej.GetStringPiece(kPROF, &proof) && | 831 bool has_proof = rej.GetStringPiece(kPROF, &proof); |
| 826 rej.GetStringPiece(kCertificateTag, &cert_bytes)) { | 832 bool has_cert = rej.GetStringPiece(kCertificateTag, &cert_bytes); |
| 833 if (has_proof && has_cert) { | |
| 827 vector<string> certs; | 834 vector<string> certs; |
| 828 if (!CertCompressor::DecompressChain(cert_bytes, out_params->cached_certs, | 835 if (!CertCompressor::DecompressChain(cert_bytes, out_params->cached_certs, |
| 829 common_cert_sets, &certs)) { | 836 common_cert_sets, &certs)) { |
| 830 *error_details = "Certificate data invalid"; | 837 *error_details = "Certificate data invalid"; |
|
wtc
2013/08/15 16:33:05
It seems that we should also call cached->ClearPro
| |
| 831 return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER; | 838 return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER; |
| 832 } | 839 } |
| 833 | 840 |
| 834 cached->SetProof(certs, proof); | 841 cached->SetProof(certs, proof); |
| 842 } else { | |
| 843 cached->ClearProof(); | |
| 844 if (has_proof && !has_cert) { | |
| 845 *error_details = "Certificate missing"; | |
| 846 return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER; | |
| 847 } | |
| 848 | |
| 849 if (!has_proof && has_cert) { | |
| 850 *error_details = "Proof missing"; | |
| 851 return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER; | |
| 852 } | |
| 835 } | 853 } |
| 836 | 854 |
| 837 return QUIC_NO_ERROR; | 855 return QUIC_NO_ERROR; |
| 838 } | 856 } |
| 839 | 857 |
| 840 QuicErrorCode QuicCryptoClientConfig::ProcessServerHello( | 858 QuicErrorCode QuicCryptoClientConfig::ProcessServerHello( |
| 841 const CryptoHandshakeMessage& server_hello, | 859 const CryptoHandshakeMessage& server_hello, |
| 842 QuicGuid guid, | 860 QuicGuid guid, |
| 843 QuicCryptoNegotiatedParameters* out_params, | 861 QuicCryptoNegotiatedParameters* out_params, |
| 844 string* error_details) { | 862 string* error_details) { |
| (...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 888 | 906 |
| 889 ChannelIDSigner* QuicCryptoClientConfig::channel_id_signer() const { | 907 ChannelIDSigner* QuicCryptoClientConfig::channel_id_signer() const { |
| 890 return channel_id_signer_.get(); | 908 return channel_id_signer_.get(); |
| 891 } | 909 } |
| 892 | 910 |
| 893 void QuicCryptoClientConfig::SetChannelIDSigner(ChannelIDSigner* signer) { | 911 void QuicCryptoClientConfig::SetChannelIDSigner(ChannelIDSigner* signer) { |
| 894 channel_id_signer_.reset(signer); | 912 channel_id_signer_.reset(signer); |
| 895 } | 913 } |
| 896 | 914 |
| 897 } // namespace net | 915 } // namespace net |
| OLD | NEW |
