Internal QUICHE change PiperOrigin-RevId: 303167545 Change-Id: I20aa9d5fe3afc7f18725ea1b2a1fef1b911c1b9a
diff --git a/quic/core/crypto/proof_source.h b/quic/core/crypto/proof_source.h index da28612..e208b94 100644 --- a/quic/core/crypto/proof_source.h +++ b/quic/core/crypto/proof_source.h
@@ -85,7 +85,13 @@ // // |signature| contains the signature of the data provided to // ComputeTlsSignature. Its value is undefined if |ok| is false. - virtual void Run(bool ok, std::string signature) = 0; + // + // |details| holds a pointer to an object representing the statistics, if + // any, gathered during the operation of ComputeTlsSignature. If no stats + // are available, this will be nullptr. + virtual void Run(bool ok, + std::string signature, + std::unique_ptr<Details> details) = 0; private: SignatureCallback(const SignatureCallback&) = delete;
diff --git a/quic/core/quic_crypto_client_handshaker_test.cc b/quic/core/quic_crypto_client_handshaker_test.cc index 30dcbfc..9274b7e 100644 --- a/quic/core/quic_crypto_client_handshaker_test.cc +++ b/quic/core/quic_crypto_client_handshaker_test.cc
@@ -99,7 +99,7 @@ uint16_t /*signature_algorit*/, quiche::QuicheStringPiece /*in*/, std::unique_ptr<SignatureCallback> callback) override { - callback->Run(true, "Dummy signature"); + callback->Run(true, "Dummy signature", /*details=*/nullptr); } };
diff --git a/quic/core/tls_server_handshaker.cc b/quic/core/tls_server_handshaker.cc index e10c067..ced2bd4 100644 --- a/quic/core/tls_server_handshaker.cc +++ b/quic/core/tls_server_handshaker.cc
@@ -21,13 +21,16 @@ TlsServerHandshaker* handshaker) : handshaker_(handshaker) {} -void TlsServerHandshaker::SignatureCallback::Run(bool ok, - std::string signature) { +void TlsServerHandshaker::SignatureCallback::Run( + bool ok, + std::string signature, + std::unique_ptr<ProofSource::Details> details) { if (handshaker_ == nullptr) { return; } if (ok) { handshaker_->cert_verify_sig_ = std::move(signature); + handshaker_->proof_source_details_ = std::move(details); } State last_state = handshaker_->state_; handshaker_->state_ = STATE_SIGNATURE_COMPLETE; @@ -414,7 +417,8 @@ return SSL_TLSEXT_ERR_ALERT_FATAL; } - QUIC_LOG(INFO) << "Set " << chain->certs.size() << " certs for server"; + QUIC_LOG(INFO) << "Set " << chain->certs.size() << " certs for server " + << "with hostname " << hostname_; return SSL_TLSEXT_ERR_OK; }
diff --git a/quic/core/tls_server_handshaker.h b/quic/core/tls_server_handshaker.h index 22baf16..22ae45d 100644 --- a/quic/core/tls_server_handshaker.h +++ b/quic/core/tls_server_handshaker.h
@@ -71,6 +71,10 @@ return &tls_connection_; } + ProofSource::Details* proof_source_details() const { + return proof_source_details_.get(); + } + virtual void ProcessAdditionalTransportParameters( const TransportParameters& /*params*/) {} @@ -109,7 +113,9 @@ : public ProofSource::SignatureCallback { public: explicit SignatureCallback(TlsServerHandshaker* handshaker); - void Run(bool ok, std::string signature) override; + void Run(bool ok, + std::string signature, + std::unique_ptr<ProofSource::Details> details) override; // If called, Cancel causes the pending callback to be a no-op. void Cancel(); @@ -142,6 +148,7 @@ std::string hostname_; std::string cert_verify_sig_; + std::unique_ptr<ProofSource::Details> proof_source_details_; // Used to hold the ENCRYPTION_FORWARD_SECURE read secret until the handshake // is complete. This is temporary until
diff --git a/quic/qbone/qbone_session_test.cc b/quic/qbone/qbone_session_test.cc index 629d281..7ea1c51 100644 --- a/quic/qbone/qbone_session_test.cc +++ b/quic/qbone/qbone_session_test.cc
@@ -100,7 +100,7 @@ uint16_t signature_algorithm, quiche::QuicheStringPiece in, std::unique_ptr<SignatureCallback> callback) override { - callback->Run(true, "Signature"); + callback->Run(true, "Signature", /*details=*/nullptr); } private:
diff --git a/quic/quartc/quartc_crypto_helpers.cc b/quic/quartc/quartc_crypto_helpers.cc index e3b96ad..1a02845 100644 --- a/quic/quartc/quartc_crypto_helpers.cc +++ b/quic/quartc/quartc_crypto_helpers.cc
@@ -39,7 +39,7 @@ uint16_t /*signature_algorithm*/, quiche::QuicheStringPiece /*in*/, std::unique_ptr<SignatureCallback> callback) { - callback->Run(true, "Dummy signature"); + callback->Run(true, "Dummy signature", /*details=*/nullptr); } QuicAsyncStatus InsecureProofVerifier::VerifyProof(
diff --git a/quic/test_tools/failing_proof_source.cc b/quic/test_tools/failing_proof_source.cc index b71c6fd..1f52476 100644 --- a/quic/test_tools/failing_proof_source.cc +++ b/quic/test_tools/failing_proof_source.cc
@@ -30,7 +30,7 @@ uint16_t /*signature_algorithm*/, quiche::QuicheStringPiece /*in*/, std::unique_ptr<SignatureCallback> callback) { - callback->Run(false, ""); + callback->Run(false, "", nullptr); } } // namespace test
diff --git a/quic/test_tools/quic_test_client.cc b/quic/test_tools/quic_test_client.cc index 1f95d22..5ddc879 100644 --- a/quic/test_tools/quic_test_client.cc +++ b/quic/test_tools/quic_test_client.cc
@@ -57,6 +57,44 @@ std::string* error_details, std::unique_ptr<ProofVerifyDetails>* details, std::unique_ptr<ProofVerifierCallback> callback) override { + QuicAsyncStatus process_certs_result = ProcessCerts(certs, cert_sct); + if (process_certs_result != QUIC_SUCCESS) { + return process_certs_result; + } + + if (!verifier_) { + return QUIC_SUCCESS; + } + + return verifier_->VerifyProof(hostname, port, server_config, + transport_version, chlo_hash, certs, cert_sct, + signature, context, error_details, details, + std::move(callback)); + } + + QuicAsyncStatus VerifyCertChain( + const std::string& /*hostname*/, + const std::vector<std::string>& certs, + const std::string& /*ocsp_response*/, + const std::string& cert_sct, + const ProofVerifyContext* /*context*/, + std::string* /*error_details*/, + std::unique_ptr<ProofVerifyDetails>* /*details*/, + std::unique_ptr<ProofVerifierCallback> /*callback*/) override { + return ProcessCerts(certs, cert_sct); + } + + std::unique_ptr<ProofVerifyContext> CreateDefaultContext() override { + return verifier_ != nullptr ? verifier_->CreateDefaultContext() : nullptr; + } + + const std::string& common_name() const { return common_name_; } + + const std::string& cert_sct() const { return cert_sct_; } + + private: + QuicAsyncStatus ProcessCerts(const std::vector<std::string>& certs, + const std::string& cert_sct) { common_name_.clear(); if (certs.empty()) { return QUIC_FAILURE; @@ -79,38 +117,9 @@ common_name_ = buf; cert_sct_ = cert_sct; - - if (!verifier_) { - return QUIC_SUCCESS; - } - - return verifier_->VerifyProof(hostname, port, server_config, - transport_version, chlo_hash, certs, cert_sct, - signature, context, error_details, details, - std::move(callback)); - } - - QuicAsyncStatus VerifyCertChain( - const std::string& /*hostname*/, - const std::vector<std::string>& /*certs*/, - const std::string& /*ocsp_response*/, - const std::string& /*cert_sct*/, - const ProofVerifyContext* /*context*/, - std::string* /*error_details*/, - std::unique_ptr<ProofVerifyDetails>* /*details*/, - std::unique_ptr<ProofVerifierCallback> /*callback*/) override { return QUIC_SUCCESS; } - std::unique_ptr<ProofVerifyContext> CreateDefaultContext() override { - return verifier_ != nullptr ? verifier_->CreateDefaultContext() : nullptr; - } - - const std::string& common_name() const { return common_name_; } - - const std::string& cert_sct() const { return cert_sct_; } - - private: std::unique_ptr<ProofVerifier> verifier_; std::string common_name_; std::string cert_sct_;