Google Git
Sign in
quiche / quiche.git / 5988293d0494cd3dda59c0ef2147cdb2cf63ee75^! / . / quic / core / crypto / quic_crypto_server_config.h
commit5988293d0494cd3dda59c0ef2147cdb2cf63ee75[log] [tgz]
authorQUICHE team <quiche-dev@google.com>Wed Mar 27 11:02:17 2019 -0700
committerCopybara-Service <copybara-worker@google.com>Wed Mar 27 11:03:01 2019 -0700
tree54773fb73892d36be9e210372e57e3362eb452d3
parent67cb9df62453ee118720e1b5ba6aed93a601b62c [diff] [blame]
Enable GFE to run without QUIC ServerConfig private keys

This CL connects the remaining wires so that GFE can run with Leto as its only way of accessing ServerConfig private keys.  In the event that Leto is not accessible, GFE will send a REJ containing the fallback ServerConfig (which is unique to that GFE), allowing the handshake to complete at the cost of one additional round-trip to the client.

gfe-relnote: Allow GFE to serve QUIC without ServerConfig private keys present.  Protected by gfe2_restart_flag_dont_fetch_quic_private_keys_from_leto and gfe2_reloadable_flag_send_quic_fallback_server_config_on_leto_error.
PiperOrigin-RevId: 240599020
Change-Id: If396c55db617dfeb8c4f2362761a72711d05baa5

diff --git a/quic/core/crypto/quic_crypto_server_config.h b/quic/core/crypto/quic_crypto_server_config.h
index 91fe60d..7f3f947 100644
--- a/quic/core/crypto/quic_crypto_server_config.h
+++ b/quic/core/crypto/quic_crypto_server_config.h

@@ -697,6 +697,28 @@
       std::unique_ptr<ProcessClientHelloContext> context,
       const Configs& configs) const;
 
+  // Send a REJ which contains a different ServerConfig than the one the client
+  // originally used.  This is necessary in cases where we discover in the
+  // middle of the handshake that the private key for the ServerConfig the
+  // client used is not accessible.
+  void SendRejectWithFallbackConfig(
+      std::unique_ptr<ProcessClientHelloContext> context,
+      QuicReferenceCountedPointer<Config> fallback_config) const;
+
+  // Callback class for bridging between SendRejectWithFallbackConfig and
+  // SendRejectWithFallbackConfigAfterGetProof.
+  class SendRejectWithFallbackConfigCallback;
+  friend class SendRejectWithFallbackConfigCallback;
+
+  // Portion of ProcessClientHello which executes after GetProof in the case
+  // where we have received a CHLO but need to reject it due to the ServerConfig
+  // private keys being inaccessible.
+  void SendRejectWithFallbackConfigAfterGetProof(
+      bool found_error,
+      std::unique_ptr<ProofSource::Details> proof_source_details,
+      std::unique_ptr<ProcessClientHelloContext> context,
+      QuicReferenceCountedPointer<Config> fallback_config) const;
+
   // BuildRejectionAndRecordStats calls |BuildRejection| below and also informs
   // the RejectionObserver.
   void BuildRejectionAndRecordStats(const ProcessClientHelloContext& context,