diff options
Diffstat (limited to 'chromium/net/quic/crypto/crypto_utils.h')
-rw-r--r-- | chromium/net/quic/crypto/crypto_utils.h | 69 |
1 files changed, 69 insertions, 0 deletions
diff --git a/chromium/net/quic/crypto/crypto_utils.h b/chromium/net/quic/crypto/crypto_utils.h new file mode 100644 index 00000000000..6dfce2a58e3 --- /dev/null +++ b/chromium/net/quic/crypto/crypto_utils.h @@ -0,0 +1,69 @@ +// Copyright (c) 2013 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. +// +// Some helpers for quic crypto + +#ifndef NET_QUIC_CRYPTO_CRYPTO_UTILS_H_ +#define NET_QUIC_CRYPTO_CRYPTO_UTILS_H_ + +#include <string> + +#include "base/strings/string_piece.h" +#include "net/base/net_export.h" +#include "net/quic/crypto/crypto_handshake.h" +#include "net/quic/crypto/crypto_protocol.h" +#include "net/quic/quic_protocol.h" +#include "net/quic/quic_time.h" + +namespace net { + +class QuicTime; +class QuicRandom; +struct QuicCryptoNegotiatedParameters; + +class NET_EXPORT_PRIVATE CryptoUtils { + public: + enum Perspective { + SERVER, + CLIENT, + }; + + // Generates the connection nonce. The nonce is formed as: + // <4 bytes> current time + // <8 bytes> |orbit| (or random if |orbit| is empty) + // <20 bytes> random + static void GenerateNonce(QuicWallTime now, + QuicRandom* random_generator, + base::StringPiece orbit, + std::string* nonce); + + // Returns true if the sni is valid, false otherwise. + // (1) disallow IP addresses; + // (2) check that the hostname contains valid characters only; and + // (3) contains at least one dot. + static bool IsValidSNI(base::StringPiece sni); + + // Convert hostname to lowercase and remove the trailing '.'. + // Returns |hostname|. NormalizeHostname() doesn't support IP address + // literals. IsValidSNI() should be called before calling NormalizeHostname(). + static std::string NormalizeHostname(const char* hostname); + + // DeriveKeys populates |out->encrypter| and |out->decrypter| given the + // contents of |premaster_secret|, |client_nonce|, |server_nonce| and + // |hkdf_input|. |aead| determines which cipher will be used. |perspective| + // controls whether the server's keys are assigned to |encrypter| or + // |decrypter|. |server_nonce| is optional and, if non-empty, is mixed into + // the key derivation. + static void DeriveKeys(base::StringPiece premaster_secret, + QuicTag aead, + base::StringPiece client_nonce, + base::StringPiece server_nonce, + const std::string& hkdf_input, + Perspective perspective, + CrypterPair* out); +}; + +} // namespace net + +#endif // NET_QUIC_CRYPTO_CRYPTO_UTILS_H_ |