OLD | NEW |
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_QUIC_CRYPTO_CRYPTO_SERVER_CONFIG_H_ | 5 #ifndef NET_QUIC_CRYPTO_CRYPTO_SERVER_CONFIG_H_ |
6 #define NET_QUIC_CRYPTO_CRYPTO_SERVER_CONFIG_H_ | 6 #define NET_QUIC_CRYPTO_CRYPTO_SERVER_CONFIG_H_ |
7 | 7 |
8 #include "base/memory/scoped_ptr.h" | 8 #include "base/memory/scoped_ptr.h" |
9 #include "base/strings/string_piece.h" | 9 #include "base/strings/string_piece.h" |
10 #include "base/synchronization/lock.h" | 10 #include "base/synchronization/lock.h" |
(...skipping 122 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
133 // set_source_address_token_future_secs sets the number of seconds into the | 133 // set_source_address_token_future_secs sets the number of seconds into the |
134 // future that source-address tokens will be accepted from. Since | 134 // future that source-address tokens will be accepted from. Since |
135 // source-address tokens are authenticated, this should only happen if | 135 // source-address tokens are authenticated, this should only happen if |
136 // another, valid server has clock-skew. | 136 // another, valid server has clock-skew. |
137 void set_source_address_token_future_secs(uint32 future_secs); | 137 void set_source_address_token_future_secs(uint32 future_secs); |
138 | 138 |
139 // set_source_address_token_lifetime_secs sets the number of seconds that a | 139 // set_source_address_token_lifetime_secs sets the number of seconds that a |
140 // source-address token will be valid for. | 140 // source-address token will be valid for. |
141 void set_source_address_token_lifetime_secs(uint32 lifetime_secs); | 141 void set_source_address_token_lifetime_secs(uint32 lifetime_secs); |
142 | 142 |
| 143 // set_server_nonce_strike_register_max_entries sets the number of entries in |
| 144 // the server-nonce strike-register. This is used to record that server nonce |
| 145 // values have been used. If the number of entries is too small then clients |
| 146 // which are depending on server nonces may fail to handshake because their |
| 147 // nonce has expired in the amount of time it took to go from the server to |
| 148 // the client and back. |
| 149 void set_server_nonce_strike_register_max_entries(uint32 max_entries); |
| 150 |
| 151 // set_server_nonce_strike_register_window_secs sets the number of seconds |
| 152 // around the current time that the server-nonce strike-register will accept |
| 153 // nonces from. Setting a larger value allows for clients to delay follow-up |
| 154 // client hellos for longer and still use server nonces as proofs of |
| 155 // uniqueness. |
| 156 void set_server_nonce_strike_register_window_secs(uint32 window_secs); |
| 157 |
143 private: | 158 private: |
144 friend class test::QuicCryptoServerConfigPeer; | 159 friend class test::QuicCryptoServerConfigPeer; |
145 | 160 |
146 // Config represents a server config: a collection of preferences and | 161 // Config represents a server config: a collection of preferences and |
147 // Diffie-Hellman public values. | 162 // Diffie-Hellman public values. |
148 struct Config : public QuicCryptoConfig { | 163 struct Config : public QuicCryptoConfig { |
149 Config(); | 164 Config(); |
150 ~Config(); | 165 ~Config(); |
151 | 166 |
152 // serialized contains the bytes of this server config, suitable for sending | 167 // serialized contains the bytes of this server config, suitable for sending |
(...skipping 87 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
240 uint32 strike_register_window_secs_; | 255 uint32 strike_register_window_secs_; |
241 uint32 source_address_token_future_secs_; | 256 uint32 source_address_token_future_secs_; |
242 uint32 source_address_token_lifetime_secs_; | 257 uint32 source_address_token_lifetime_secs_; |
243 uint32 server_nonce_strike_register_max_entries_; | 258 uint32 server_nonce_strike_register_max_entries_; |
244 uint32 server_nonce_strike_register_window_secs_; | 259 uint32 server_nonce_strike_register_window_secs_; |
245 }; | 260 }; |
246 | 261 |
247 } // namespace net | 262 } // namespace net |
248 | 263 |
249 #endif // NET_QUIC_CRYPTO_CRYPTO_SERVER_CONFIG_H_ | 264 #endif // NET_QUIC_CRYPTO_CRYPTO_SERVER_CONFIG_H_ |
OLD | NEW |