Let QuicCryptoServerConfig::NewSourceAddressToken QuicCryptoServerConfig:: ParseSourceAddressToken take CryptoSecretBoxer instead of Config. Refactoring only.
PiperOrigin-RevId: 346088505
Change-Id: I4027ad87a222084bd0f1d70fd81df0082a92c04f
diff --git a/quic/core/crypto/quic_crypto_server_config.cc b/quic/core/crypto/quic_crypto_server_config.cc
index 3995c58..b9a8b00 100644
--- a/quic/core/crypto/quic_crypto_server_config.cc
+++ b/quic/core/crypto/quic_crypto_server_config.cc
@@ -1001,7 +1001,7 @@
out->SetVersionVector(kVER, context->supported_versions());
out->SetStringPiece(
kSourceAddressTokenTag,
- NewSourceAddressToken(*configs.requested,
+ NewSourceAddressToken(*configs.requested->source_address_token_boxer,
context->info().source_address_tokens,
context->client_address().host(), context->rand(),
context->info().now, nullptr));
@@ -1235,7 +1235,8 @@
Config& config =
configs.requested != nullptr ? *configs.requested : *configs.primary;
source_address_token_error =
- ParseSourceAddressToken(config, srct, &info->source_address_tokens);
+ ParseSourceAddressToken(*config.source_address_token_boxer, srct,
+ &info->source_address_tokens);
if (source_address_token_error == HANDSHAKE_OK) {
source_address_token_error = ValidateSourceAddressTokens(
@@ -1326,8 +1327,9 @@
serialized = primary_config_->serialized;
common_cert_sets = primary_config_->common_cert_sets;
source_address_token = NewSourceAddressToken(
- *primary_config_, previous_source_address_tokens, client_address.host(),
- rand, clock->WallNow(), cached_network_params);
+ *primary_config_->source_address_token_boxer,
+ previous_source_address_tokens, client_address.host(), rand,
+ clock->WallNow(), cached_network_params);
}
CryptoHandshakeMessage message;
@@ -1438,8 +1440,9 @@
out->SetStringPiece(
kSourceAddressTokenTag,
NewSourceAddressToken(
- config, context.info().source_address_tokens,
- context.info().client_ip, context.rand(), context.info().now,
+ *config.source_address_token_boxer,
+ context.info().source_address_tokens, context.info().client_ip,
+ context.rand(), context.info().now,
&context.validate_chlo_result()->cached_network_params));
out->SetValue(kSTTL, config.expiry_time.AbsoluteDifference(now).ToSeconds());
if (replay_protection_) {
@@ -1718,7 +1721,7 @@
}
std::string QuicCryptoServerConfig::NewSourceAddressToken(
- const Config& config,
+ const CryptoSecretBoxer& crypto_secret_boxer,
const SourceAddressTokens& previous_tokens,
const QuicIpAddress& ip,
QuicRandom* rand,
@@ -1751,8 +1754,8 @@
*(source_address_tokens.add_tokens()) = token;
}
- return config.source_address_token_boxer->Box(
- rand, source_address_tokens.SerializeAsString());
+ return crypto_secret_boxer.Box(rand,
+ source_address_tokens.SerializeAsString());
}
int QuicCryptoServerConfig::NumberOfConfigs() const {
@@ -1786,12 +1789,12 @@
}
HandshakeFailureReason QuicCryptoServerConfig::ParseSourceAddressToken(
- const Config& config,
+ const CryptoSecretBoxer& crypto_secret_boxer,
absl::string_view token,
SourceAddressTokens* tokens) const {
std::string storage;
absl::string_view plaintext;
- if (!config.source_address_token_boxer->Unbox(token, &storage, &plaintext)) {
+ if (!crypto_secret_boxer.Unbox(token, &storage, &plaintext)) {
return SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE;
}
diff --git a/quic/core/crypto/quic_crypto_server_config.h b/quic/core/crypto/quic_crypto_server_config.h
index 7fae412..cb19b46 100644
--- a/quic/core/crypto/quic_crypto_server_config.h
+++ b/quic/core/crypto/quic_crypto_server_config.h
@@ -748,7 +748,7 @@
// NewSourceAddressToken returns a fresh source address token for the given
// IP address. |cached_network_params| is optional, and can be nullptr.
std::string NewSourceAddressToken(
- const Config& config,
+ const CryptoSecretBoxer& crypto_secret_boxer,
const SourceAddressTokens& previous_tokens,
const QuicIpAddress& ip,
QuicRandom* rand,
@@ -760,7 +760,7 @@
// Returns HANDSHAKE_OK if |token| could be parsed, or the reason for the
// failure.
HandshakeFailureReason ParseSourceAddressToken(
- const Config& config,
+ const CryptoSecretBoxer& crypto_secret_boxer,
absl::string_view token,
SourceAddressTokens* tokens) const;
diff --git a/quic/test_tools/quic_crypto_server_config_peer.cc b/quic/test_tools/quic_crypto_server_config_peer.cc
index 64fd271..38f0e50 100644
--- a/quic/test_tools/quic_crypto_server_config_peer.cc
+++ b/quic/test_tools/quic_crypto_server_config_peer.cc
@@ -46,9 +46,9 @@
QuicRandom* rand,
QuicWallTime now,
CachedNetworkParameters* cached_network_params) {
- return server_config_->NewSourceAddressToken(*GetConfig(config_id),
- previous_tokens, ip, rand, now,
- cached_network_params);
+ return server_config_->NewSourceAddressToken(
+ *GetConfig(config_id)->source_address_token_boxer, previous_tokens, ip,
+ rand, now, cached_network_params);
}
HandshakeFailureReason QuicCryptoServerConfigPeer::ValidateSourceAddressTokens(
@@ -59,7 +59,7 @@
CachedNetworkParameters* cached_network_params) {
SourceAddressTokens tokens;
HandshakeFailureReason reason = server_config_->ParseSourceAddressToken(
- *GetConfig(config_id), srct, &tokens);
+ *GetConfig(config_id)->source_address_token_boxer, srct, &tokens);
if (reason != HANDSHAKE_OK) {
return reason;
}
@@ -75,7 +75,7 @@
QuicWallTime now) {
SourceAddressTokens tokens;
HandshakeFailureReason parse_status = server_config_->ParseSourceAddressToken(
- *GetPrimaryConfig(), token, &tokens);
+ *GetPrimaryConfig()->source_address_token_boxer, token, &tokens);
if (HANDSHAKE_OK != parse_status) {
return parse_status;
}