This change introduces a way to tie source address token keys to specific QUIC server configs

net/quic/crypto/crypto_server_config_protobuf.h

Index: net/quic/crypto/crypto_server_config_protobuf.h
diff --git a/net/quic/crypto/crypto_server_config_protobuf.h b/net/quic/crypto/crypto_server_config_protobuf.h
index 5f31832f89ca74bcbfe47626415fdc707502285f..57ebfb048478efc4b2bf2ab63ae30003c2a2f767 100644
--- a/net/quic/crypto/crypto_server_config_protobuf.h
+++ b/net/quic/crypto/crypto_server_config_protobuf.h
@@ -61,7 +61,7 @@ class NET_EXPORT_PRIVATE QuicServerConfigProtobuf {
   }
 
   void set_config(base::StringPiece config) {
-    config_ = config.as_string();
+    config.CopyToString(&config_);
   }
 
   QuicServerConfigProtobuf::PrivateKey* add_key() {
@@ -89,7 +89,7 @@ class NET_EXPORT_PRIVATE QuicServerConfigProtobuf {
     return priority_ > 0;
   }
 
-  int64 priority() const {
+  uint64 priority() const {
     return priority_;
   }
 
@@ -97,6 +97,20 @@ class NET_EXPORT_PRIVATE QuicServerConfigProtobuf {
     priority_ = priority;
   }
 
+  bool has_source_address_token_secret_override() const {
+    return !source_address_token_secret_override_.empty();
+  }
+
+  std::string source_address_token_secret_override() const {
+    return source_address_token_secret_override_;
+  }
+
+  void set_source_address_token_secret_override(
+      base::StringPiece source_address_token_secret_override) {
+    source_address_token_secret_override.CopyToString(
+        &source_address_token_secret_override_);
+  }
+
  private:
   std::vector<PrivateKey*> keys_;
 
@@ -112,6 +126,11 @@ class NET_EXPORT_PRIVATE QuicServerConfigProtobuf {
   // primary config.
   uint64 priority_;
 
+  // Optional override to the secret used to box/unbox source address
+  // tokens when talking to clients that select this server config.
+  // It can be of any length as it is fed into a KDF before use.
+  std::string source_address_token_secret_override_;
+
   DISALLOW_COPY_AND_ASSIGN(QuicServerConfigProtobuf);
 };