Google Git
Sign in
chromium / chromium / src.git / 74bda14a9f7d490da4c473e0f8307bfe780d67cd^! / . / net / quic / quic_http_stream_test.cc
commit74bda14a9f7d490da4c473e0f8307bfe780d67cd[log] [tgz]
author[email protected] <[email protected]@0039d316-1c4b-4281-b951-d872f2087c98>Sun Mar 31 02:49:11 2013
committer[email protected] <[email protected]@0039d316-1c4b-4281-b951-d872f2087c98>Sun Mar 31 02:49:11 2013
treeacccae63a7efccbc7247c2493c292c9febfe954d
parent5e9e96aae1a78860b984124519f720163fc52a33 [diff] [blame]
Add support for P-256 key exchange in crypto handshake.

Merge internal change: 44173744

Add default return to avoid crashing when we get an unknown
error code from the peer. 

Merge internal change: 44160057

Fix incorrect DCHECK while serializing version negotiation
packet.

Merge internal change: 44156166

Reorder the addends in GetPacketHeaderSize to match the order
of the public header fields.

Merge internal change: 44153020

Changing retransmission and retransmittable data boolean flags
to enums.

Merge internal change: 44071662

Remove methods from QuicTime for converting to/from
microseconds and milliseconds since the epoch for QuicTime is
unspecified.  (It wraps TimeTicks in Chromium). 

Merge internal change: 44069965

Change InterArrival feedback message to traffic in delta since
the "start" of the connection instead of a delta since the epoch.

One step closer to being able to remove QuicTime::To/FromMicroseconds
since those methods don't "do the right thing".

Merge internal change: 44037996

Changing kForce into an enum.

Merge internal change: 44024887

Cleanups from landing P-256 key exchange in Chromium.

Merge internal change: 44023801

Fix for std::vector in QuicPacketPublicHeader's memory
corruption by memset.

Merge internal change: 44022862

Merging cleanup changes from chromium.

Merge internal change: 44009665

Plug in the new decrypter and encrypter after the new keys have
been derived.

This is a first cut, as some details on changing the encryption
keys still need to be worked out.  Our interim solution is
permissive trial decryption, which allows the peer to encrypt
with the wrong key, either using the new key too early or using
the null key for too long.  The latter will leak confidential
information, so we err on the side of using the new key too early.

WARNING: the interim solution protects against eavesdroppers, but
is vulberable to active attackers.

Merge internal change: 44006658

Start tracking server and client stream resets and export them
via varz.

Merge internal change: 43971847

Pull out RstStreamFrame error code from QuicErrorCode so that
they don't appear in the tracked ConnectionClose error map.

This will also help in tracking RstStream error codes separately.

Merge internal change: 43968620

Adding Client/Server logging to all LOGS/DLOGs Not bothering
with VLOGs/DVLOGS unless it's requested.

Merge internal change: 43948596

crypto: step 5. 

This change implements source-address tokens at the server and has the client 
echo them. Source address tokens are opaque (to the client) bytestrings that 
prove ownership of an IP address. In order to prevent amplification attacks, 
the server demands that the client have a valid source address token for the IP 
address that it's claiming to come from and that the token is reasonably 
recent. 

Since we already have it implemented, this code uses AES-GCM to encrypt and 
authenticate the tokens with a fixed, dummy secret (for now). In the future, 
the secret will be derived from the primary, private key in the same way that 
SessionTicket keys used to be. 

The QuicEncrypter/Decrypter code was written to be quite specific to the task 
of encrypting and decrypting packets and, as part of this, it exposed only 64 
bits of the AEAD nonce. 

Since all GFEs will share the same token secret, and they'll all create tokens 
with random nonces, that runs an unacceptably high risk of an attacker 
obtaining two tokens with the same nonce. 

Thus this change also reworks the QuicEncrypter/Decrypter so that the full 
nonce is exposed and thus we can use 96-bit nonces. That's still not completely 
wonderful but, at 10Mpps an attacker would still take a year to obtain a pair 
of nonces, so it's good enough for a while at least. 

Merge internal change: 43893806 

[email protected]


Review URL: https://chromiumcodereview.appspot.com/13282004

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@191569 0039d316-1c4b-4281-b951-d872f2087c98

diff --git a/net/quic/quic_http_stream_test.cc b/net/quic/quic_http_stream_test.cc
index 7f4fef70..34165d6 100644
--- a/net/quic/quic_http_stream_test.cc
+++ b/net/quic/quic_http_stream_test.cc

@@ -121,6 +121,7 @@
         framer_(kQuicVersion1,
                 QuicDecrypter::Create(kNULL),
                 QuicEncrypter::Create(kNULL),
+                QuicTime::Zero(),
                 false),
         creator_(guid_, &framer_, &random_, false) {
     IPAddressNumber ip;
@@ -249,7 +250,7 @@
       QuicStreamId stream_id) {
     InitializeHeader(sequence_number, false);
 
-    QuicRstStreamFrame rst(stream_id, QUIC_NO_ERROR);
+    QuicRstStreamFrame rst(stream_id, QUIC_STREAM_NO_ERROR);
     return ConstructPacket(header_, QuicFrame(&rst));
   }