commit 133b86884871bb8d77677c416da5b749f62582a2
author fayang <fayang@google.com> Tue Dec 08 05:50:33 2020 -0800
committer Copybara-Service <copybara-worker@google.com> Tue Dec 08 05:51:28 2020 -0800
tree f18b322e1bb14ba459edf829959c9e9361ae3fd2
parent e903c0f1c45b0c5325adee5a54280c2bbad9e431

Support token based address validation in IETF QUIC.

Protected by FLAGS_quic_reloadable_flag_quic_enable_token_based_address_validation.

PiperOrigin-RevId: 346305075
Change-Id: I65c7ad821518b1c33c96018928cad03f010056f8

quic/core/tls_client_handshaker.cc

diff --git a/quic/core/tls_client_handshaker.cc b/quic/core/tls_client_handshaker.cc
index 6ea06b8..7e7c5fe 100644
--- a/quic/core/tls_client_handshaker.cc
+++ b/quic/core/tls_client_handshaker.cc
@@ -39,7 +39,16 @@
       pre_shared_key_(crypto_config->pre_shared_key()),
       crypto_negotiated_params_(new QuicCryptoNegotiatedParameters),
       has_application_state_(has_application_state),
-      tls_connection_(crypto_config->ssl_ctx(), this) {}
+      crypto_config_(crypto_config),
+      tls_connection_(crypto_config->ssl_ctx(), this) {
+  if (GetQuicReloadableFlag(quic_enable_token_based_address_validation)) {
+    std::string token =
+        crypto_config->LookupOrCreate(server_id)->source_address_token();
+    if (!token.empty()) {
+      session->SetSourceAddressTokenToSend(token);
+    }
+  }
+}
 
 TlsClientHandshaker::~TlsClientHandshaker() {}
 
@@ -346,6 +355,15 @@
   OnHandshakeConfirmed();
 }
 
+void TlsClientHandshaker::OnNewTokenReceived(absl::string_view token) {
+  if (token.empty()) {
+    return;
+  }
+  QuicCryptoClientConfig::CachedState* cached =
+      crypto_config_->LookupOrCreate(server_id_);
+  cached->set_source_address_token(token);
+}
+
 void TlsClientHandshaker::SetWriteSecret(
     EncryptionLevel level,
     const SSL_CIPHER* cipher,