| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/quic/core/crypto/quic_crypto_server_config.h" | 5 #include "net/quic/core/crypto/quic_crypto_server_config.h" |
| 6 | 6 |
| 7 #include <stdlib.h> | 7 #include <stdlib.h> |
| 8 | 8 |
| 9 #include <algorithm> | 9 #include <algorithm> |
| 10 #include <memory> | 10 #include <memory> |
| (...skipping 497 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 508 std::unique_ptr<ValidateClientHelloResultCallback> done_cb) const { | 508 std::unique_ptr<ValidateClientHelloResultCallback> done_cb) const { |
| 509 const QuicWallTime now(clock->WallNow()); | 509 const QuicWallTime now(clock->WallNow()); |
| 510 | 510 |
| 511 scoped_refptr<ValidateClientHelloResultCallback::Result> result( | 511 scoped_refptr<ValidateClientHelloResultCallback::Result> result( |
| 512 new ValidateClientHelloResultCallback::Result(client_hello, client_ip, | 512 new ValidateClientHelloResultCallback::Result(client_hello, client_ip, |
| 513 now)); | 513 now)); |
| 514 | 514 |
| 515 StringPiece requested_scid; | 515 StringPiece requested_scid; |
| 516 client_hello.GetStringPiece(kSCID, &requested_scid); | 516 client_hello.GetStringPiece(kSCID, &requested_scid); |
| 517 | 517 |
| 518 uint8_t primary_orbit[kOrbitSize]; | |
| 519 scoped_refptr<Config> requested_config; | 518 scoped_refptr<Config> requested_config; |
| 520 scoped_refptr<Config> primary_config; | 519 scoped_refptr<Config> primary_config; |
| 521 { | 520 { |
| 522 base::AutoLock locked(configs_lock_); | 521 base::AutoLock locked(configs_lock_); |
| 523 | 522 |
| 524 if (!primary_config_.get()) { | 523 if (!primary_config_.get()) { |
| 525 result->error_code = QUIC_CRYPTO_INTERNAL_ERROR; | 524 result->error_code = QUIC_CRYPTO_INTERNAL_ERROR; |
| 526 result->error_details = "No configurations loaded"; | 525 result->error_details = "No configurations loaded"; |
| 527 } else { | 526 } else { |
| 528 if (!next_config_promotion_time_.IsZero() && | 527 if (!next_config_promotion_time_.IsZero() && |
| 529 next_config_promotion_time_.IsAfter(now)) { | 528 next_config_promotion_time_.IsAfter(now)) { |
| 530 SelectNewPrimaryConfig(now); | 529 SelectNewPrimaryConfig(now); |
| 531 DCHECK(primary_config_.get()); | 530 DCHECK(primary_config_.get()); |
| 532 DCHECK_EQ(configs_.find(primary_config_->id)->second, primary_config_); | 531 DCHECK_EQ(configs_.find(primary_config_->id)->second, primary_config_); |
| 533 } | 532 } |
| 534 | |
| 535 memcpy(primary_orbit, primary_config_->orbit, sizeof(primary_orbit)); | |
| 536 } | 533 } |
| 537 | 534 |
| 538 requested_config = GetConfigWithScid(requested_scid); | 535 requested_config = GetConfigWithScid(requested_scid); |
| 539 primary_config = primary_config_; | 536 primary_config = primary_config_; |
| 540 crypto_proof->config = primary_config_; | 537 crypto_proof->config = primary_config_; |
| 541 } | 538 } |
| 542 | 539 |
| 543 if (result->error_code == QUIC_NO_ERROR) { | 540 if (result->error_code == QUIC_NO_ERROR) { |
| 544 // QUIC requires a new proof for each CHLO so clear any existing proof. | 541 // QUIC requires a new proof for each CHLO so clear any existing proof. |
| 545 crypto_proof->chain = nullptr; | 542 crypto_proof->chain = nullptr; |
| 546 crypto_proof->signature = ""; | 543 crypto_proof->signature = ""; |
| 547 crypto_proof->cert_sct = ""; | 544 crypto_proof->cert_sct = ""; |
| 548 EvaluateClientHello(server_ip, version, primary_orbit, requested_config, | 545 EvaluateClientHello(server_ip, version, requested_config, primary_config, |
| 549 primary_config, crypto_proof, result, | 546 crypto_proof, result, std::move(done_cb)); |
| 550 std::move(done_cb)); | |
| 551 } else { | 547 } else { |
| 552 done_cb->Run(result, /* details = */ nullptr); | 548 done_cb->Run(result, /* details = */ nullptr); |
| 553 } | 549 } |
| 554 } | 550 } |
| 555 | 551 |
| 556 class ProcessClientHelloHelper { | 552 class ProcessClientHelloHelper { |
| 557 public: | 553 public: |
| 558 explicit ProcessClientHelloHelper( | 554 explicit ProcessClientHelloHelper( |
| 559 std::unique_ptr<ProcessClientHelloResultCallback>* done_cb) | 555 std::unique_ptr<ProcessClientHelloResultCallback>* done_cb) |
| 560 : done_cb_(done_cb) {} | 556 : done_cb_(done_cb) {} |
| (...skipping 17 matching lines...) Expand all Loading... |
| 578 | 574 |
| 579 void DetachCallback() { | 575 void DetachCallback() { |
| 580 QUIC_BUG_IF(done_cb_ == nullptr) << "Callback already detached."; | 576 QUIC_BUG_IF(done_cb_ == nullptr) << "Callback already detached."; |
| 581 done_cb_ = nullptr; | 577 done_cb_ = nullptr; |
| 582 } | 578 } |
| 583 | 579 |
| 584 private: | 580 private: |
| 585 std::unique_ptr<ProcessClientHelloResultCallback>* done_cb_; | 581 std::unique_ptr<ProcessClientHelloResultCallback>* done_cb_; |
| 586 }; | 582 }; |
| 587 | 583 |
| 584 class QuicCryptoServerConfig::ProcessClientHelloCallback |
| 585 : public ProofSource::Callback { |
| 586 public: |
| 587 ProcessClientHelloCallback( |
| 588 const QuicCryptoServerConfig* config, |
| 589 scoped_refptr<ValidateClientHelloResultCallback::Result> |
| 590 validate_chlo_result, |
| 591 bool reject_only, |
| 592 QuicConnectionId connection_id, |
| 593 const IPEndPoint& client_address, |
| 594 QuicVersion version, |
| 595 const QuicVersionVector& supported_versions, |
| 596 bool use_stateless_rejects, |
| 597 QuicConnectionId server_designated_connection_id, |
| 598 const QuicClock* clock, |
| 599 QuicRandom* rand, |
| 600 QuicCompressedCertsCache* compressed_certs_cache, |
| 601 QuicCryptoNegotiatedParameters* params, |
| 602 QuicCryptoProof* crypto_proof, |
| 603 QuicByteCount total_framing_overhead, |
| 604 QuicByteCount chlo_packet_size, |
| 605 const scoped_refptr<QuicCryptoServerConfig::Config>& requested_config, |
| 606 const scoped_refptr<QuicCryptoServerConfig::Config>& primary_config, |
| 607 std::unique_ptr<ProcessClientHelloResultCallback> done_cb) |
| 608 : config_(config), |
| 609 validate_chlo_result_(std::move(validate_chlo_result)), |
| 610 reject_only_(reject_only), |
| 611 connection_id_(connection_id), |
| 612 client_address_(client_address), |
| 613 version_(version), |
| 614 supported_versions_(supported_versions), |
| 615 use_stateless_rejects_(use_stateless_rejects), |
| 616 server_designated_connection_id_(server_designated_connection_id), |
| 617 clock_(clock), |
| 618 rand_(rand), |
| 619 compressed_certs_cache_(compressed_certs_cache), |
| 620 params_(params), |
| 621 crypto_proof_(crypto_proof), |
| 622 total_framing_overhead_(total_framing_overhead), |
| 623 chlo_packet_size_(chlo_packet_size), |
| 624 requested_config_(requested_config), |
| 625 primary_config_(primary_config), |
| 626 done_cb_(std::move(done_cb)) {} |
| 627 |
| 628 void Run(bool ok, |
| 629 const scoped_refptr<ProofSource::Chain>& chain, |
| 630 const string& signature, |
| 631 const string& leaf_cert_sct, |
| 632 std::unique_ptr<ProofSource::Details> details) override { |
| 633 if (ok) { |
| 634 crypto_proof_->chain = chain; |
| 635 crypto_proof_->signature = signature; |
| 636 crypto_proof_->cert_sct = leaf_cert_sct; |
| 637 } |
| 638 config_->ProcessClientHelloAfterGetProof( |
| 639 !ok, *validate_chlo_result_, reject_only_, connection_id_, |
| 640 client_address_, version_, supported_versions_, use_stateless_rejects_, |
| 641 server_designated_connection_id_, clock_, rand_, |
| 642 compressed_certs_cache_, params_, crypto_proof_, |
| 643 total_framing_overhead_, chlo_packet_size_, requested_config_, |
| 644 primary_config_, std::move(done_cb_)); |
| 645 } |
| 646 |
| 647 private: |
| 648 const QuicCryptoServerConfig* config_; |
| 649 const scoped_refptr<ValidateClientHelloResultCallback::Result> |
| 650 validate_chlo_result_; |
| 651 const bool reject_only_; |
| 652 const QuicConnectionId connection_id_; |
| 653 const IPEndPoint client_address_; |
| 654 const QuicVersion version_; |
| 655 const QuicVersionVector supported_versions_; |
| 656 const bool use_stateless_rejects_; |
| 657 const QuicConnectionId server_designated_connection_id_; |
| 658 const QuicClock* const clock_; |
| 659 QuicRandom* const rand_; |
| 660 QuicCompressedCertsCache* compressed_certs_cache_; |
| 661 QuicCryptoNegotiatedParameters* params_; |
| 662 QuicCryptoProof* crypto_proof_; |
| 663 const QuicByteCount total_framing_overhead_; |
| 664 const QuicByteCount chlo_packet_size_; |
| 665 const scoped_refptr<QuicCryptoServerConfig::Config> requested_config_; |
| 666 const scoped_refptr<QuicCryptoServerConfig::Config> primary_config_; |
| 667 std::unique_ptr<ProcessClientHelloResultCallback> done_cb_; |
| 668 }; |
| 669 |
| 588 void QuicCryptoServerConfig::ProcessClientHello( | 670 void QuicCryptoServerConfig::ProcessClientHello( |
| 589 scoped_refptr<ValidateClientHelloResultCallback::Result> | 671 scoped_refptr<ValidateClientHelloResultCallback::Result> |
| 590 validate_chlo_result, | 672 validate_chlo_result, |
| 591 bool reject_only, | 673 bool reject_only, |
| 592 QuicConnectionId connection_id, | 674 QuicConnectionId connection_id, |
| 593 const IPAddress& server_ip, | 675 const IPAddress& server_ip, |
| 594 const IPEndPoint& client_address, | 676 const IPEndPoint& client_address, |
| 595 QuicVersion version, | 677 QuicVersion version, |
| 596 const QuicVersionVector& supported_versions, | 678 const QuicVersionVector& supported_versions, |
| 597 bool use_stateless_rejects, | 679 bool use_stateless_rejects, |
| (...skipping 61 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 659 | 741 |
| 660 if (!ClientDemandsX509Proof(client_hello)) { | 742 if (!ClientDemandsX509Proof(client_hello)) { |
| 661 helper.Fail(QUIC_UNSUPPORTED_PROOF_DEMAND, "Missing or invalid PDMD"); | 743 helper.Fail(QUIC_UNSUPPORTED_PROOF_DEMAND, "Missing or invalid PDMD"); |
| 662 return; | 744 return; |
| 663 } | 745 } |
| 664 DCHECK(proof_source_.get()); | 746 DCHECK(proof_source_.get()); |
| 665 string chlo_hash; | 747 string chlo_hash; |
| 666 CryptoUtils::HashHandshakeMessage(client_hello, &chlo_hash); | 748 CryptoUtils::HashHandshakeMessage(client_hello, &chlo_hash); |
| 667 // No need to get a new proof if one was already generated. | 749 // No need to get a new proof if one was already generated. |
| 668 if (!crypto_proof->chain) { | 750 if (!crypto_proof->chain) { |
| 751 if (FLAGS_enable_async_get_proof) { |
| 752 std::unique_ptr<ProcessClientHelloCallback> cb( |
| 753 new ProcessClientHelloCallback( |
| 754 this, validate_chlo_result, reject_only, connection_id, |
| 755 client_address, version, supported_versions, |
| 756 use_stateless_rejects, server_designated_connection_id, clock, |
| 757 rand, compressed_certs_cache, params, crypto_proof, |
| 758 total_framing_overhead, chlo_packet_size, requested_config, |
| 759 primary_config, std::move(done_cb))); |
| 760 proof_source_->GetProof(server_ip, info.sni.as_string(), |
| 761 primary_config->serialized, version, chlo_hash, |
| 762 std::move(cb)); |
| 763 helper.DetachCallback(); |
| 764 return; |
| 765 } |
| 766 |
| 669 if (!proof_source_->GetProof(server_ip, info.sni.as_string(), | 767 if (!proof_source_->GetProof(server_ip, info.sni.as_string(), |
| 670 primary_config->serialized, version, chlo_hash, | 768 primary_config->serialized, version, chlo_hash, |
| 671 &crypto_proof->chain, &crypto_proof->signature, | 769 &crypto_proof->chain, &crypto_proof->signature, |
| 672 &crypto_proof->cert_sct)) { | 770 &crypto_proof->cert_sct)) { |
| 673 helper.Fail(QUIC_HANDSHAKE_FAILED, "Failed to get proof"); | 771 helper.Fail(QUIC_HANDSHAKE_FAILED, ""); |
| 674 return; | 772 return; |
| 675 } | 773 } |
| 676 } | 774 } |
| 677 | 775 |
| 678 // Note: this split exists to facilitate a future change in which the async | |
| 679 // version of GetProof will be called. | |
| 680 helper.DetachCallback(); | 776 helper.DetachCallback(); |
| 681 ProcessClientHelloAfterGetProof( | 777 ProcessClientHelloAfterGetProof( |
| 682 *validate_chlo_result, reject_only, connection_id, client_address, | 778 /* found_error = */ false, *validate_chlo_result, reject_only, |
| 683 version, supported_versions, use_stateless_rejects, | 779 connection_id, client_address, version, supported_versions, |
| 684 server_designated_connection_id, clock, rand, compressed_certs_cache, | 780 use_stateless_rejects, server_designated_connection_id, clock, rand, |
| 685 params, crypto_proof, total_framing_overhead, chlo_packet_size, | 781 compressed_certs_cache, params, crypto_proof, total_framing_overhead, |
| 686 requested_config, primary_config, std::move(done_cb)); | 782 chlo_packet_size, requested_config, primary_config, std::move(done_cb)); |
| 687 } | 783 } |
| 688 | 784 |
| 689 void QuicCryptoServerConfig::ProcessClientHelloAfterGetProof( | 785 void QuicCryptoServerConfig::ProcessClientHelloAfterGetProof( |
| 786 bool found_error, |
| 690 const ValidateClientHelloResultCallback::Result& validate_chlo_result, | 787 const ValidateClientHelloResultCallback::Result& validate_chlo_result, |
| 691 bool reject_only, | 788 bool reject_only, |
| 692 QuicConnectionId connection_id, | 789 QuicConnectionId connection_id, |
| 693 const IPEndPoint& client_address, | 790 const IPEndPoint& client_address, |
| 694 QuicVersion version, | 791 QuicVersion version, |
| 695 const QuicVersionVector& supported_versions, | 792 const QuicVersionVector& supported_versions, |
| 696 bool use_stateless_rejects, | 793 bool use_stateless_rejects, |
| 697 QuicConnectionId server_designated_connection_id, | 794 QuicConnectionId server_designated_connection_id, |
| 698 const QuicClock* clock, | 795 const QuicClock* clock, |
| 699 QuicRandom* rand, | 796 QuicRandom* rand, |
| 700 QuicCompressedCertsCache* compressed_certs_cache, | 797 QuicCompressedCertsCache* compressed_certs_cache, |
| 701 QuicCryptoNegotiatedParameters* params, | 798 QuicCryptoNegotiatedParameters* params, |
| 702 QuicCryptoProof* crypto_proof, | 799 QuicCryptoProof* crypto_proof, |
| 703 QuicByteCount total_framing_overhead, | 800 QuicByteCount total_framing_overhead, |
| 704 QuicByteCount chlo_packet_size, | 801 QuicByteCount chlo_packet_size, |
| 705 const scoped_refptr<Config>& requested_config, | 802 const scoped_refptr<Config>& requested_config, |
| 706 const scoped_refptr<Config>& primary_config, | 803 const scoped_refptr<Config>& primary_config, |
| 707 std::unique_ptr<ProcessClientHelloResultCallback> done_cb) const { | 804 std::unique_ptr<ProcessClientHelloResultCallback> done_cb) const { |
| 708 ProcessClientHelloHelper helper(&done_cb); | 805 ProcessClientHelloHelper helper(&done_cb); |
| 709 | 806 |
| 807 if (found_error) { |
| 808 helper.Fail(QUIC_HANDSHAKE_FAILED, "Failed to get proof"); |
| 809 return; |
| 810 } |
| 811 |
| 710 const CryptoHandshakeMessage& client_hello = | 812 const CryptoHandshakeMessage& client_hello = |
| 711 validate_chlo_result.client_hello; | 813 validate_chlo_result.client_hello; |
| 712 const ClientHelloInfo& info = validate_chlo_result.info; | 814 const ClientHelloInfo& info = validate_chlo_result.info; |
| 713 std::unique_ptr<DiversificationNonce> out_diversification_nonce( | 815 std::unique_ptr<DiversificationNonce> out_diversification_nonce( |
| 714 new DiversificationNonce); | 816 new DiversificationNonce); |
| 715 | 817 |
| 716 StringPiece cert_sct; | 818 StringPiece cert_sct; |
| 717 if (client_hello.GetStringPiece(kCertificateSCTTag, &cert_sct) && | 819 if (client_hello.GetStringPiece(kCertificateSCTTag, &cert_sct) && |
| 718 cert_sct.empty()) { | 820 cert_sct.empty()) { |
| 719 params->sct_supported_by_client = true; | 821 params->sct_supported_by_client = true; |
| (...skipping 367 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1087 } | 1189 } |
| 1088 | 1190 |
| 1089 class QuicCryptoServerConfig::EvaluateClientHelloCallback | 1191 class QuicCryptoServerConfig::EvaluateClientHelloCallback |
| 1090 : public ProofSource::Callback { | 1192 : public ProofSource::Callback { |
| 1091 public: | 1193 public: |
| 1092 EvaluateClientHelloCallback( | 1194 EvaluateClientHelloCallback( |
| 1093 const QuicCryptoServerConfig& config, | 1195 const QuicCryptoServerConfig& config, |
| 1094 bool found_error, | 1196 bool found_error, |
| 1095 const IPAddress& server_ip, | 1197 const IPAddress& server_ip, |
| 1096 QuicVersion version, | 1198 QuicVersion version, |
| 1097 const uint8_t* primary_orbit, | |
| 1098 scoped_refptr<QuicCryptoServerConfig::Config> requested_config, | 1199 scoped_refptr<QuicCryptoServerConfig::Config> requested_config, |
| 1099 scoped_refptr<QuicCryptoServerConfig::Config> primary_config, | 1200 scoped_refptr<QuicCryptoServerConfig::Config> primary_config, |
| 1100 QuicCryptoProof* crypto_proof, | 1201 QuicCryptoProof* crypto_proof, |
| 1101 scoped_refptr<ValidateClientHelloResultCallback::Result> | 1202 scoped_refptr<ValidateClientHelloResultCallback::Result> |
| 1102 client_hello_state, | 1203 client_hello_state, |
| 1103 std::unique_ptr<ValidateClientHelloResultCallback> done_cb) | 1204 std::unique_ptr<ValidateClientHelloResultCallback> done_cb) |
| 1104 : config_(config), | 1205 : config_(config), |
| 1105 found_error_(found_error), | 1206 found_error_(found_error), |
| 1106 server_ip_(server_ip), | 1207 server_ip_(server_ip), |
| 1107 version_(version), | 1208 version_(version), |
| 1108 primary_orbit_(primary_orbit), | |
| 1109 requested_config_(std::move(requested_config)), | 1209 requested_config_(std::move(requested_config)), |
| 1110 primary_config_(std::move(primary_config)), | 1210 primary_config_(std::move(primary_config)), |
| 1111 crypto_proof_(crypto_proof), | 1211 crypto_proof_(crypto_proof), |
| 1112 client_hello_state_(std::move(client_hello_state)), | 1212 client_hello_state_(std::move(client_hello_state)), |
| 1113 done_cb_(std::move(done_cb)) {} | 1213 done_cb_(std::move(done_cb)) {} |
| 1114 | 1214 |
| 1115 void Run(bool ok, | 1215 void Run(bool ok, |
| 1116 const scoped_refptr<ProofSource::Chain>& chain, | 1216 const scoped_refptr<ProofSource::Chain>& chain, |
| 1117 const string& signature, | 1217 const string& signature, |
| 1118 const string& leaf_cert_sct, | 1218 const string& leaf_cert_sct, |
| 1119 std::unique_ptr<ProofSource::Details> details) override { | 1219 std::unique_ptr<ProofSource::Details> details) override { |
| 1120 if (ok) { | 1220 if (ok) { |
| 1121 crypto_proof_->chain = chain; | 1221 crypto_proof_->chain = chain; |
| 1122 crypto_proof_->signature = signature; | 1222 crypto_proof_->signature = signature; |
| 1123 crypto_proof_->cert_sct = leaf_cert_sct; | 1223 crypto_proof_->cert_sct = leaf_cert_sct; |
| 1124 } | 1224 } |
| 1125 config_.EvaluateClientHelloAfterGetProof( | 1225 config_.EvaluateClientHelloAfterGetProof( |
| 1126 found_error_, server_ip_, version_, primary_orbit_, requested_config_, | 1226 found_error_, server_ip_, version_, requested_config_, primary_config_, |
| 1127 primary_config_, crypto_proof_, std::move(details), !ok, | 1227 crypto_proof_, std::move(details), !ok, client_hello_state_, |
| 1128 client_hello_state_, std::move(done_cb_)); | 1228 std::move(done_cb_)); |
| 1129 } | 1229 } |
| 1130 | 1230 |
| 1131 private: | 1231 private: |
| 1132 const QuicCryptoServerConfig& config_; | 1232 const QuicCryptoServerConfig& config_; |
| 1133 const bool found_error_; | 1233 const bool found_error_; |
| 1134 const IPAddress& server_ip_; | 1234 const IPAddress& server_ip_; |
| 1135 const QuicVersion version_; | 1235 const QuicVersion version_; |
| 1136 const uint8_t* primary_orbit_; | |
| 1137 const scoped_refptr<QuicCryptoServerConfig::Config> requested_config_; | 1236 const scoped_refptr<QuicCryptoServerConfig::Config> requested_config_; |
| 1138 const scoped_refptr<QuicCryptoServerConfig::Config> primary_config_; | 1237 const scoped_refptr<QuicCryptoServerConfig::Config> primary_config_; |
| 1139 QuicCryptoProof* crypto_proof_; | 1238 QuicCryptoProof* crypto_proof_; |
| 1140 scoped_refptr<ValidateClientHelloResultCallback::Result> client_hello_state_; | 1239 scoped_refptr<ValidateClientHelloResultCallback::Result> client_hello_state_; |
| 1141 std::unique_ptr<ValidateClientHelloResultCallback> done_cb_; | 1240 std::unique_ptr<ValidateClientHelloResultCallback> done_cb_; |
| 1142 }; | 1241 }; |
| 1143 | 1242 |
| 1144 void QuicCryptoServerConfig::EvaluateClientHello( | 1243 void QuicCryptoServerConfig::EvaluateClientHello( |
| 1145 const IPAddress& server_ip, | 1244 const IPAddress& server_ip, |
| 1146 QuicVersion version, | 1245 QuicVersion version, |
| 1147 const uint8_t* primary_orbit, | |
| 1148 scoped_refptr<Config> requested_config, | 1246 scoped_refptr<Config> requested_config, |
| 1149 scoped_refptr<Config> primary_config, | 1247 scoped_refptr<Config> primary_config, |
| 1150 QuicCryptoProof* crypto_proof, | 1248 QuicCryptoProof* crypto_proof, |
| 1151 scoped_refptr<ValidateClientHelloResultCallback::Result> client_hello_state, | 1249 scoped_refptr<ValidateClientHelloResultCallback::Result> client_hello_state, |
| 1152 std::unique_ptr<ValidateClientHelloResultCallback> done_cb) const { | 1250 std::unique_ptr<ValidateClientHelloResultCallback> done_cb) const { |
| 1153 ValidateClientHelloHelper helper(client_hello_state, &done_cb); | 1251 ValidateClientHelloHelper helper(client_hello_state, &done_cb); |
| 1154 | 1252 |
| 1155 const CryptoHandshakeMessage& client_hello = client_hello_state->client_hello; | 1253 const CryptoHandshakeMessage& client_hello = client_hello_state->client_hello; |
| 1156 ClientHelloInfo* info = &(client_hello_state->info); | 1254 ClientHelloInfo* info = &(client_hello_state->info); |
| 1157 | 1255 |
| (...skipping 61 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1219 string chlo_hash; | 1317 string chlo_hash; |
| 1220 CryptoUtils::HashHandshakeMessage(client_hello, &chlo_hash); | 1318 CryptoUtils::HashHandshakeMessage(client_hello, &chlo_hash); |
| 1221 bool need_proof = true; | 1319 bool need_proof = true; |
| 1222 need_proof = !crypto_proof->chain; | 1320 need_proof = !crypto_proof->chain; |
| 1223 if (FLAGS_enable_async_get_proof) { | 1321 if (FLAGS_enable_async_get_proof) { |
| 1224 if (need_proof) { | 1322 if (need_proof) { |
| 1225 // Make an async call to GetProof and setup the callback to trampoline | 1323 // Make an async call to GetProof and setup the callback to trampoline |
| 1226 // back into EvaluateClientHelloAfterGetProof | 1324 // back into EvaluateClientHelloAfterGetProof |
| 1227 std::unique_ptr<EvaluateClientHelloCallback> cb( | 1325 std::unique_ptr<EvaluateClientHelloCallback> cb( |
| 1228 new EvaluateClientHelloCallback( | 1326 new EvaluateClientHelloCallback( |
| 1229 *this, found_error, server_ip, version, primary_orbit, | 1327 *this, found_error, server_ip, version, requested_config, |
| 1230 requested_config, primary_config, crypto_proof, | 1328 primary_config, crypto_proof, client_hello_state, |
| 1231 client_hello_state, std::move(done_cb))); | 1329 std::move(done_cb))); |
| 1232 proof_source_->GetProof(server_ip, info->sni.as_string(), | 1330 proof_source_->GetProof(server_ip, info->sni.as_string(), |
| 1233 serialized_config, version, chlo_hash, | 1331 serialized_config, version, chlo_hash, |
| 1234 std::move(cb)); | 1332 std::move(cb)); |
| 1235 helper.DetachCallback(); | 1333 helper.DetachCallback(); |
| 1236 return; | 1334 return; |
| 1237 } | 1335 } |
| 1238 } | 1336 } |
| 1239 | 1337 |
| 1240 // No need to get a new proof if one was already generated. | 1338 // No need to get a new proof if one was already generated. |
| 1241 if (need_proof && | 1339 if (need_proof && |
| 1242 !proof_source_->GetProof(server_ip, info->sni.as_string(), | 1340 !proof_source_->GetProof(server_ip, info->sni.as_string(), |
| 1243 serialized_config, version, chlo_hash, | 1341 serialized_config, version, chlo_hash, |
| 1244 &crypto_proof->chain, &crypto_proof->signature, | 1342 &crypto_proof->chain, &crypto_proof->signature, |
| 1245 &crypto_proof->cert_sct)) { | 1343 &crypto_proof->cert_sct)) { |
| 1246 get_proof_failed = true; | 1344 get_proof_failed = true; |
| 1247 } | 1345 } |
| 1248 | 1346 |
| 1249 // Details are null because the synchronous version of GetProof does not | 1347 // Details are null because the synchronous version of GetProof does not |
| 1250 // return any stats. Eventually the synchronous codepath will be eliminated. | 1348 // return any stats. Eventually the synchronous codepath will be eliminated. |
| 1251 EvaluateClientHelloAfterGetProof( | 1349 EvaluateClientHelloAfterGetProof( |
| 1252 found_error, server_ip, version, primary_orbit, requested_config, | 1350 found_error, server_ip, version, requested_config, primary_config, |
| 1253 primary_config, crypto_proof, nullptr /* proof_source_details */, | 1351 crypto_proof, nullptr /* proof_source_details */, get_proof_failed, |
| 1254 get_proof_failed, client_hello_state, std::move(done_cb)); | 1352 client_hello_state, std::move(done_cb)); |
| 1255 helper.DetachCallback(); | 1353 helper.DetachCallback(); |
| 1256 } | 1354 } |
| 1257 | 1355 |
| 1258 void QuicCryptoServerConfig::EvaluateClientHelloAfterGetProof( | 1356 void QuicCryptoServerConfig::EvaluateClientHelloAfterGetProof( |
| 1259 bool found_error, | 1357 bool found_error, |
| 1260 const IPAddress& server_ip, | 1358 const IPAddress& server_ip, |
| 1261 QuicVersion version, | 1359 QuicVersion version, |
| 1262 const uint8_t* primary_orbit, | |
| 1263 scoped_refptr<Config> requested_config, | 1360 scoped_refptr<Config> requested_config, |
| 1264 scoped_refptr<Config> primary_config, | 1361 scoped_refptr<Config> primary_config, |
| 1265 QuicCryptoProof* crypto_proof, | 1362 QuicCryptoProof* crypto_proof, |
| 1266 std::unique_ptr<ProofSource::Details> proof_source_details, | 1363 std::unique_ptr<ProofSource::Details> proof_source_details, |
| 1267 bool get_proof_failed, | 1364 bool get_proof_failed, |
| 1268 scoped_refptr<ValidateClientHelloResultCallback::Result> client_hello_state, | 1365 scoped_refptr<ValidateClientHelloResultCallback::Result> client_hello_state, |
| 1269 std::unique_ptr<ValidateClientHelloResultCallback> done_cb) const { | 1366 std::unique_ptr<ValidateClientHelloResultCallback> done_cb) const { |
| 1270 ValidateClientHelloHelper helper(client_hello_state, &done_cb); | 1367 ValidateClientHelloHelper helper(client_hello_state, &done_cb); |
| 1271 const CryptoHandshakeMessage& client_hello = client_hello_state->client_hello; | 1368 const CryptoHandshakeMessage& client_hello = client_hello_state->client_hello; |
| 1272 ClientHelloInfo* info = &(client_hello_state->info); | 1369 ClientHelloInfo* info = &(client_hello_state->info); |
| (...skipping 879 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2152 priority(0), | 2249 priority(0), |
| 2153 source_address_token_boxer(nullptr) {} | 2250 source_address_token_boxer(nullptr) {} |
| 2154 | 2251 |
| 2155 QuicCryptoServerConfig::Config::~Config() { | 2252 QuicCryptoServerConfig::Config::~Config() { |
| 2156 base::STLDeleteElements(&key_exchanges); | 2253 base::STLDeleteElements(&key_exchanges); |
| 2157 } | 2254 } |
| 2158 | 2255 |
| 2159 QuicCryptoProof::QuicCryptoProof() {} | 2256 QuicCryptoProof::QuicCryptoProof() {} |
| 2160 QuicCryptoProof::~QuicCryptoProof() {} | 2257 QuicCryptoProof::~QuicCryptoProof() {} |
| 2161 } // namespace net | 2258 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2430973004:
Landing Recent QUIC changes until 10:38 AM, Oct 17, 2016 UTC-4 (Closed)
