commit | f03456ceb0db4f11696f304325e55fddc9567797 | [log] [tgz] |
---|---|---|
author | QUICHE team <quiche-dev@google.com> | Thu Mar 21 08:54:47 2019 -0700 |
committer | Copybara-Service <copybara-worker@google.com> | Thu Mar 21 08:55:11 2019 -0700 |
tree | 0da910bd7edeedbf3255a41c622485fc42ca12d2 | |
parent | b23daa7bf1f6e704b6699703348015bcf76b03e2 [diff] |
Teach QUIC about the concept of "fallback" key exchange In the Leto world, GFE's QUIC stack will be configured with a bunch of ServerConfigs whose private keys live remotely, on the Leto server. Each GFE will also generate a ServerConfig with a local keypair, to which it will fall back in a Leto outage. The QUIC stack will need to be able to distinguish the fallback ServerConfig from the others. This CL takes a step in that direction, by adding an 'is_fallback' argument to KeyExchangeSource::Create, which instructs it not to create a Leto-aware KeyExchange, but a local one. For non-Leto-configured GFEs, this argument is simply ignored, since all KeyExchanges will already be local. This CL also modifies the LetoKeyExchange infrastructure to behave reasonably if the private key passed to KeyExchangeSource::Create is empty (i.e. the private key lives remotely on Leto and is not mirrored on the GFE). This CL is not flag-protected. The changes are all no-ops in the GFE for the following reasons: - The is_fallback argument is currently set to false everywhere in the GFE. - The private_key argument is always set in the GFE. Subsequent CLs will change these arguments, and *those* will be flag-protected. gfe-relnote: Adding codepaths not yet reachable in the GFE. Not flag-protected. PiperOrigin-RevId: 239603863 Change-Id: I34fc2311559db2221a26c83d8c6dfa05954b5fd5
QUICHE (QUIC, Http/2, Etc) is Google‘s implementation of QUIC and related protocols. It powers Chromium as well as Google’s QUIC servers and some other projects.
The code is currently in process of being moved from https://cs.chromium.org/chromium/src/net/third_party/ into this repository. Please excuse our appearance while we're under construction.