Remove strike-register code from QuicCryptoServerConfig

net/quic/core/crypto/quic_crypto_server_config.h

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef NET_QUIC_CRYPTO_QUIC_CRYPTO_SERVER_CONFIG_H_
 #define NET_QUIC_CRYPTO_QUIC_CRYPTO_SERVER_CONFIG_H_
 
 #include <stddef.h>
 #include <stdint.h>
 
@@ skipping 23 matching lines @@
 
 class CryptoHandshakeMessage;
 class EphemeralKeySource;
 class KeyExchange;
 class ProofSource;
 class QuicClock;
 class QuicDecrypter;
 class QuicEncrypter;
 class QuicRandom;
 class QuicServerConfigProtobuf;
-class StrikeRegister;
-class StrikeRegisterClient;
 struct QuicSignedServerConfig;
 
 // ClientHelloInfo contains information about a client hello message that is
 // only kept for as long as it's being processed.
 struct ClientHelloInfo {
   ClientHelloInfo(const IPAddress& in_client_ip, QuicWallTime in_now);
   ClientHelloInfo(const ClientHelloInfo& other);
   ~ClientHelloInfo();
 
   // Inputs to EvaluateClientHello.
@@ skipping 322 matching lines @@
       const CachedNetworkParameters* cached_network_params,
       const QuicTagVector& connection_options,
       std::unique_ptr<BuildServerConfigUpdateMessageResultCallback> cb) const;
 
   // SetEphemeralKeySource installs an object that can cache ephemeral keys for
   // a short period of time. This object takes ownership of
   // |ephemeral_key_source|. If not set then ephemeral keys will be generated
   // per-connection.
   void SetEphemeralKeySource(EphemeralKeySource* ephemeral_key_source);
 
-  // Install an externally created StrikeRegisterClient for use to
-  // interact with the strike register.  This object takes ownership
-  // of the |strike_register_client|.
-  void SetStrikeRegisterClient(StrikeRegisterClient* strike_register_client);
-
   // set_replay_protection controls whether replay protection is enabled. If
   // replay protection is disabled then no strike registers are needed and
   // frontends can share an orbit value without a shared strike-register.
   // However, an attacker can duplicate a handshake and cause a client's
   // request to be processed twice.
   void set_replay_protection(bool on);
 
   // set_chlo_multiplier specifies the multiple of the CHLO message size
   // that a REJ message must stay under when the client doesn't present a
   // valid source-address token.
   void set_chlo_multiplier(size_t multiplier);
 
-  // set_strike_register_no_startup_period configures the strike register to
-  // not have a startup period.
-  void set_strike_register_no_startup_period();
-
-  // set_strike_register_max_entries sets the maximum number of entries that
-  // the internal strike register will hold. If the strike register fills up
-  // then the oldest entries (by the client's clock) will be dropped.
-  void set_strike_register_max_entries(uint32_t max_entries);
-
-  // set_strike_register_window_secs sets the number of seconds around the
-  // current time that the strike register will attempt to be authoritative
-  // for. Setting a larger value allows for greater client clock-skew, but
-  // means that the quiescent startup period must be longer.
-  void set_strike_register_window_secs(uint32_t window_secs);
-
   // set_source_address_token_future_secs sets the number of seconds into the
   // future that source-address tokens will be accepted from. Since
   // source-address tokens are authenticated, this should only happen if
   // another, valid server has clock-skew.
   void set_source_address_token_future_secs(uint32_t future_secs);
 
   // set_source_address_token_lifetime_secs sets the number of seconds that a
   // source-address token will be valid for.
   void set_source_address_token_lifetime_secs(uint32_t lifetime_secs);
 
-  // set_server_nonce_strike_register_max_entries sets the number of entries in
-  // the server-nonce strike-register. This is used to record that server nonce
-  // values have been used. If the number of entries is too small then clients
-  // which are depending on server nonces may fail to handshake because their
-  // nonce has expired in the amount of time it took to go from the server to
-  // the client and back.
-  void set_server_nonce_strike_register_max_entries(uint32_t max_entries);
-
-  // set_server_nonce_strike_register_window_secs sets the number of seconds
-  // around the current time that the server-nonce strike-register will accept
-  // nonces from. Setting a larger value allows for clients to delay follow-up
-  // client hellos for longer and still use server nonces as proofs of
-  // uniqueness.
-  void set_server_nonce_strike_register_window_secs(uint32_t window_secs);
-
   // set_enable_serving_sct enables or disables serving signed cert timestamp
   // (RFC6962) in server hello.
   void set_enable_serving_sct(bool enable_serving_sct);
 
   // Set and take ownership of the callback to invoke on primary config changes.
   void AcquirePrimaryConfigChangedCb(
       std::unique_ptr<PrimaryConfigChangedCallback> cb);
 
   // Returns the number of configs this object owns.
   int NumberOfConfigs() const;
@@ skipping 230 matching lines @@
   // Returns HANDSHAKE_OK if the source address token in |token| is a timely
   // token given that the current time is |now|. Otherwise it returns the
   // reason for failure.
   HandshakeFailureReason ValidateSourceAddressTokenTimestamp(
       const SourceAddressToken& token,
       QuicWallTime now) const;
 
   // NewServerNonce generates and encrypts a random nonce.
   std::string NewServerNonce(QuicRandom* rand, QuicWallTime now) const;
 
-  // ValidateServerNonce decrypts |token| and verifies that it hasn't been
-  // previously used and is recent enough that it is plausible that it was part
-  // of a very recently provided rejection ("recent" will be on the order of
-  // 10-30 seconds). If so, it records that it has been used and returns
-  // HANDSHAKE_OK. Otherwise it returns the reason for failure.
-  HandshakeFailureReason ValidateServerNonce(
-      base::StringPiece echoed_server_nonce,
-      QuicWallTime now) const;
-
   // ValidateExpectedLeafCertificate checks the |client_hello| to see if it has
   // an XLCT tag, and if so, verifies that its value matches the hash of the
   // server's leaf certificate. The certs field of |crypto_proof| is used to
   // compare against the XLCT value.  This method returns true if the XLCT tag
   // is not present, or if the XLCT tag is present and valid. It returns false
   // otherwise.
   bool ValidateExpectedLeafCertificate(
       const CryptoHandshakeMessage& client_hello,
       const QuicSignedServerConfig& crypto_proof) const;
 
@@ skipping 76 matching lines @@
   ConfigMap configs_;
   // primary_config_ points to a Config (which is also in |configs_|) which is
   // the primary config - i.e. the one that we'll give out to new clients.
   mutable scoped_refptr<Config> primary_config_;
   // next_config_promotion_time_ contains the nearest, future time when an
   // active config will be promoted to primary.
   mutable QuicWallTime next_config_promotion_time_;
   // Callback to invoke when the primary config changes.
   std::unique_ptr<PrimaryConfigChangedCallback> primary_config_changed_cb_;
 
-  // Protects access to the pointer held by strike_register_client_.
-  mutable base::Lock strike_register_client_lock_;
-  // strike_register_ contains a data structure that keeps track of previously
-  // observed client nonces in order to prevent replay attacks.
-  mutable std::unique_ptr<StrikeRegisterClient> strike_register_client_;
-
   // Used to protect the source-address tokens that are given to clients.
   CryptoSecretBoxer source_address_token_boxer_;
 
   // server_nonce_boxer_ is used to encrypt and validate suggested server
   // nonces.
   CryptoSecretBoxer server_nonce_boxer_;
 
   // server_nonce_orbit_ contains the random, per-server orbit values that this
   // server will use to generate server nonces (the moral equivalent of a SYN
   // cookies).
   uint8_t server_nonce_orbit_[8];
 
-  mutable base::Lock server_nonce_strike_register_lock_;
-  // server_nonce_strike_register_ contains a data structure that keeps track of
-  // previously observed server nonces from this server, in order to prevent
-  // replay attacks.
-  mutable std::unique_ptr<StrikeRegister> server_nonce_strike_register_;
-
   // proof_source_ contains an object that can provide certificate chains and
   // signatures.
   std::unique_ptr<ProofSource> proof_source_;
 
   // ephemeral_key_source_ contains an object that caches ephemeral keys for a
   // short period of time.
   std::unique_ptr<EphemeralKeySource> ephemeral_key_source_;
 
   // These fields store configuration values. See the comments for their
   // respective setter functions.
-  bool strike_register_no_startup_period_;
-  uint32_t strike_register_max_entries_;
-  uint32_t strike_register_window_secs_;
   uint32_t source_address_token_future_secs_;
   uint32_t source_address_token_lifetime_secs_;
-  uint32_t server_nonce_strike_register_max_entries_;
-  uint32_t server_nonce_strike_register_window_secs_;
 
   // Enable serving SCT or not.
   bool enable_serving_sct_;
 
   // Does not own this observer.
   RejectionObserver* rejection_observer_;
 
   DISALLOW_COPY_AND_ASSIGN(QuicCryptoServerConfig);
 };
 
@@ skipping 19 matching lines @@
   bool send_expect_ct_header;
 
  private:
   friend class base::RefCounted<QuicSignedServerConfig>;
   virtual ~QuicSignedServerConfig();
 };
 
 }  // namespace net
 
 #endif  // NET_QUIC_CRYPTO_QUIC_CRYPTO_SERVER_CONFIG_H_