diff options
| author | rtenneti@chromium.org <rtenneti@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-03-31 02:49:11 +0000 |
|---|---|---|
| committer | rtenneti@chromium.org <rtenneti@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-03-31 02:49:11 +0000 |
| commit | 74bda14a9f7d490da4c473e0f8307bfe780d67cd (patch) | |
| tree | acccae63a7efccbc7247c2493c292c9febfe954d /crypto/hkdf.cc | |
| parent | 5e9e96aae1a78860b984124519f720163fc52a33 (diff) | |
| download | chromium_src-74bda14a9f7d490da4c473e0f8307bfe780d67cd.zip chromium_src-74bda14a9f7d490da4c473e0f8307bfe780d67cd.tar.gz chromium_src-74bda14a9f7d490da4c473e0f8307bfe780d67cd.tar.bz2 | |
Add support for P-256 key exchange in crypto handshake.
Merge internal change: 44173744
Add default return to avoid crashing when we get an unknown
error code from the peer.
Merge internal change: 44160057
Fix incorrect DCHECK while serializing version negotiation
packet.
Merge internal change: 44156166
Reorder the addends in GetPacketHeaderSize to match the order
of the public header fields.
Merge internal change: 44153020
Changing retransmission and retransmittable data boolean flags
to enums.
Merge internal change: 44071662
Remove methods from QuicTime for converting to/from
microseconds and milliseconds since the epoch for QuicTime is
unspecified. (It wraps TimeTicks in Chromium).
Merge internal change: 44069965
Change InterArrival feedback message to traffic in delta since
the "start" of the connection instead of a delta since the epoch.
One step closer to being able to remove QuicTime::To/FromMicroseconds
since those methods don't "do the right thing".
Merge internal change: 44037996
Changing kForce into an enum.
Merge internal change: 44024887
Cleanups from landing P-256 key exchange in Chromium.
Merge internal change: 44023801
Fix for std::vector in QuicPacketPublicHeader's memory
corruption by memset.
Merge internal change: 44022862
Merging cleanup changes from chromium.
Merge internal change: 44009665
Plug in the new decrypter and encrypter after the new keys have
been derived.
This is a first cut, as some details on changing the encryption
keys still need to be worked out. Our interim solution is
permissive trial decryption, which allows the peer to encrypt
with the wrong key, either using the new key too early or using
the null key for too long. The latter will leak confidential
information, so we err on the side of using the new key too early.
WARNING: the interim solution protects against eavesdroppers, but
is vulberable to active attackers.
Merge internal change: 44006658
Start tracking server and client stream resets and export them
via varz.
Merge internal change: 43971847
Pull out RstStreamFrame error code from QuicErrorCode so that
they don't appear in the tracked ConnectionClose error map.
This will also help in tracking RstStream error codes separately.
Merge internal change: 43968620
Adding Client/Server logging to all LOGS/DLOGs Not bothering
with VLOGs/DVLOGS unless it's requested.
Merge internal change: 43948596
crypto: step 5.
This change implements source-address tokens at the server and has the client
echo them. Source address tokens are opaque (to the client) bytestrings that
prove ownership of an IP address. In order to prevent amplification attacks,
the server demands that the client have a valid source address token for the IP
address that it's claiming to come from and that the token is reasonably
recent.
Since we already have it implemented, this code uses AES-GCM to encrypt and
authenticate the tokens with a fixed, dummy secret (for now). In the future,
the secret will be derived from the primary, private key in the same way that
SessionTicket keys used to be.
The QuicEncrypter/Decrypter code was written to be quite specific to the task
of encrypting and decrypting packets and, as part of this, it exposed only 64
bits of the AEAD nonce.
Since all GFEs will share the same token secret, and they'll all create tokens
with random nonces, that runs an unacceptably high risk of an attacker
obtaining two tokens with the same nonce.
Thus this change also reworks the QuicEncrypter/Decrypter so that the full
nonce is exposed and thus we can use 96-bit nonces. That's still not completely
wonderful but, at 10Mpps an attacker would still take a year to obtain a pair
of nonces, so it's good enough for a while at least.
Merge internal change: 43893806
R=rch@chromium.org
Review URL: https://chromiumcodereview.appspot.com/13282004
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@191569 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'crypto/hkdf.cc')
| -rw-r--r-- | crypto/hkdf.cc | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/crypto/hkdf.cc b/crypto/hkdf.cc index 48babe25..1cd8468 100644 --- a/crypto/hkdf.cc +++ b/crypto/hkdf.cc @@ -75,7 +75,7 @@ HKDF::HKDF(const base::StringPiece& secret, // On Windows, when the size of output_ is zero, dereference of 0'th element // results in a crash. C++11 solves this problem by adding a data() getter // method to std::vector. - if (key_bytes_to_generate > 0) { + if (key_bytes_to_generate) { client_write_key_ = base::StringPiece(reinterpret_cast<char*>(&output_[j]), key_bytes_to_generate); j += key_bytes_to_generate; @@ -84,7 +84,7 @@ HKDF::HKDF(const base::StringPiece& secret, j += key_bytes_to_generate; } - if (iv_bytes_to_generate > 0) { + if (iv_bytes_to_generate) { client_write_iv_ = base::StringPiece(reinterpret_cast<char*>(&output_[j]), iv_bytes_to_generate); j += iv_bytes_to_generate; |