Let QuicCryptoServerConfig::NewSourceAddressToken QuicCryptoServerConfig:: ParseSourceAddressToken take CryptoSecretBoxer instead of Config. Refactoring only. PiperOrigin-RevId: 346088505 Change-Id: I4027ad87a222084bd0f1d70fd81df0082a92c04f
diff --git a/quic/core/crypto/quic_crypto_server_config.cc b/quic/core/crypto/quic_crypto_server_config.cc index 3995c58..b9a8b00 100644 --- a/quic/core/crypto/quic_crypto_server_config.cc +++ b/quic/core/crypto/quic_crypto_server_config.cc
@@ -1001,7 +1001,7 @@ out->SetVersionVector(kVER, context->supported_versions()); out->SetStringPiece( kSourceAddressTokenTag, - NewSourceAddressToken(*configs.requested, + NewSourceAddressToken(*configs.requested->source_address_token_boxer, context->info().source_address_tokens, context->client_address().host(), context->rand(), context->info().now, nullptr)); @@ -1235,7 +1235,8 @@ Config& config = configs.requested != nullptr ? *configs.requested : *configs.primary; source_address_token_error = - ParseSourceAddressToken(config, srct, &info->source_address_tokens); + ParseSourceAddressToken(*config.source_address_token_boxer, srct, + &info->source_address_tokens); if (source_address_token_error == HANDSHAKE_OK) { source_address_token_error = ValidateSourceAddressTokens( @@ -1326,8 +1327,9 @@ serialized = primary_config_->serialized; common_cert_sets = primary_config_->common_cert_sets; source_address_token = NewSourceAddressToken( - *primary_config_, previous_source_address_tokens, client_address.host(), - rand, clock->WallNow(), cached_network_params); + *primary_config_->source_address_token_boxer, + previous_source_address_tokens, client_address.host(), rand, + clock->WallNow(), cached_network_params); } CryptoHandshakeMessage message; @@ -1438,8 +1440,9 @@ out->SetStringPiece( kSourceAddressTokenTag, NewSourceAddressToken( - config, context.info().source_address_tokens, - context.info().client_ip, context.rand(), context.info().now, + *config.source_address_token_boxer, + context.info().source_address_tokens, context.info().client_ip, + context.rand(), context.info().now, &context.validate_chlo_result()->cached_network_params)); out->SetValue(kSTTL, config.expiry_time.AbsoluteDifference(now).ToSeconds()); if (replay_protection_) { @@ -1718,7 +1721,7 @@ } std::string QuicCryptoServerConfig::NewSourceAddressToken( - const Config& config, + const CryptoSecretBoxer& crypto_secret_boxer, const SourceAddressTokens& previous_tokens, const QuicIpAddress& ip, QuicRandom* rand, @@ -1751,8 +1754,8 @@ *(source_address_tokens.add_tokens()) = token; } - return config.source_address_token_boxer->Box( - rand, source_address_tokens.SerializeAsString()); + return crypto_secret_boxer.Box(rand, + source_address_tokens.SerializeAsString()); } int QuicCryptoServerConfig::NumberOfConfigs() const { @@ -1786,12 +1789,12 @@ } HandshakeFailureReason QuicCryptoServerConfig::ParseSourceAddressToken( - const Config& config, + const CryptoSecretBoxer& crypto_secret_boxer, absl::string_view token, SourceAddressTokens* tokens) const { std::string storage; absl::string_view plaintext; - if (!config.source_address_token_boxer->Unbox(token, &storage, &plaintext)) { + if (!crypto_secret_boxer.Unbox(token, &storage, &plaintext)) { return SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE; }
diff --git a/quic/core/crypto/quic_crypto_server_config.h b/quic/core/crypto/quic_crypto_server_config.h index 7fae412..cb19b46 100644 --- a/quic/core/crypto/quic_crypto_server_config.h +++ b/quic/core/crypto/quic_crypto_server_config.h
@@ -748,7 +748,7 @@ // NewSourceAddressToken returns a fresh source address token for the given // IP address. |cached_network_params| is optional, and can be nullptr. std::string NewSourceAddressToken( - const Config& config, + const CryptoSecretBoxer& crypto_secret_boxer, const SourceAddressTokens& previous_tokens, const QuicIpAddress& ip, QuicRandom* rand, @@ -760,7 +760,7 @@ // Returns HANDSHAKE_OK if |token| could be parsed, or the reason for the // failure. HandshakeFailureReason ParseSourceAddressToken( - const Config& config, + const CryptoSecretBoxer& crypto_secret_boxer, absl::string_view token, SourceAddressTokens* tokens) const;
diff --git a/quic/test_tools/quic_crypto_server_config_peer.cc b/quic/test_tools/quic_crypto_server_config_peer.cc index 64fd271..38f0e50 100644 --- a/quic/test_tools/quic_crypto_server_config_peer.cc +++ b/quic/test_tools/quic_crypto_server_config_peer.cc
@@ -46,9 +46,9 @@ QuicRandom* rand, QuicWallTime now, CachedNetworkParameters* cached_network_params) { - return server_config_->NewSourceAddressToken(*GetConfig(config_id), - previous_tokens, ip, rand, now, - cached_network_params); + return server_config_->NewSourceAddressToken( + *GetConfig(config_id)->source_address_token_boxer, previous_tokens, ip, + rand, now, cached_network_params); } HandshakeFailureReason QuicCryptoServerConfigPeer::ValidateSourceAddressTokens( @@ -59,7 +59,7 @@ CachedNetworkParameters* cached_network_params) { SourceAddressTokens tokens; HandshakeFailureReason reason = server_config_->ParseSourceAddressToken( - *GetConfig(config_id), srct, &tokens); + *GetConfig(config_id)->source_address_token_boxer, srct, &tokens); if (reason != HANDSHAKE_OK) { return reason; } @@ -75,7 +75,7 @@ QuicWallTime now) { SourceAddressTokens tokens; HandshakeFailureReason parse_status = server_config_->ParseSourceAddressToken( - *GetPrimaryConfig(), token, &tokens); + *GetPrimaryConfig()->source_address_token_boxer, token, &tokens); if (HANDSHAKE_OK != parse_status) { return parse_status; }