Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(291)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/quic/core/crypto/quic_crypto_server_config.h

Issue 2513113002: Remove strike-register code from QuicCryptoServerConfig (Closed)
Patch Set: Created 4 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/quic/core/crypto/crypto_server_test.cc ('k') | net/quic/core/crypto/quic_crypto_server_config.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/quic/core/crypto/quic_crypto_server_config.h
diff --git a/net/quic/core/crypto/quic_crypto_server_config.h b/net/quic/core/crypto/quic_crypto_server_config.h
index 6ccbbc0e405dd0829a6241bf69281b24d64aa8cc..cdef26a790dc6bc2d3497cf14ebdb9d010bdd7a4 100644
--- a/net/quic/core/crypto/quic_crypto_server_config.h
+++ b/net/quic/core/crypto/quic_crypto_server_config.h
@@ -41,8 +41,6 @@ class QuicDecrypter;
class QuicEncrypter;
class QuicRandom;
class QuicServerConfigProtobuf;
-class StrikeRegister;
-class StrikeRegisterClient;
struct QuicSignedServerConfig;
// ClientHelloInfo contains information about a client hello message that is
@@ -385,11 +383,6 @@ class NET_EXPORT_PRIVATE QuicCryptoServerConfig {
// per-connection.
void SetEphemeralKeySource(EphemeralKeySource* ephemeral_key_source);
- // Install an externally created StrikeRegisterClient for use to
- // interact with the strike register. This object takes ownership
- // of the |strike_register_client|.
- void SetStrikeRegisterClient(StrikeRegisterClient* strike_register_client);
-
// set_replay_protection controls whether replay protection is enabled. If
// replay protection is disabled then no strike registers are needed and
// frontends can share an orbit value without a shared strike-register.
@@ -402,21 +395,6 @@ class NET_EXPORT_PRIVATE QuicCryptoServerConfig {
// valid source-address token.
void set_chlo_multiplier(size_t multiplier);
- // set_strike_register_no_startup_period configures the strike register to
- // not have a startup period.
- void set_strike_register_no_startup_period();
-
- // set_strike_register_max_entries sets the maximum number of entries that
- // the internal strike register will hold. If the strike register fills up
- // then the oldest entries (by the client's clock) will be dropped.
- void set_strike_register_max_entries(uint32_t max_entries);
-
- // set_strike_register_window_secs sets the number of seconds around the
- // current time that the strike register will attempt to be authoritative
- // for. Setting a larger value allows for greater client clock-skew, but
- // means that the quiescent startup period must be longer.
- void set_strike_register_window_secs(uint32_t window_secs);
-
// set_source_address_token_future_secs sets the number of seconds into the
// future that source-address tokens will be accepted from. Since
// source-address tokens are authenticated, this should only happen if
@@ -427,21 +405,6 @@ class NET_EXPORT_PRIVATE QuicCryptoServerConfig {
// source-address token will be valid for.
void set_source_address_token_lifetime_secs(uint32_t lifetime_secs);
- // set_server_nonce_strike_register_max_entries sets the number of entries in
- // the server-nonce strike-register. This is used to record that server nonce
- // values have been used. If the number of entries is too small then clients
- // which are depending on server nonces may fail to handshake because their
- // nonce has expired in the amount of time it took to go from the server to
- // the client and back.
- void set_server_nonce_strike_register_max_entries(uint32_t max_entries);
-
- // set_server_nonce_strike_register_window_secs sets the number of seconds
- // around the current time that the server-nonce strike-register will accept
- // nonces from. Setting a larger value allows for clients to delay follow-up
- // client hellos for longer and still use server nonces as proofs of
- // uniqueness.
- void set_server_nonce_strike_register_window_secs(uint32_t window_secs);
-
// set_enable_serving_sct enables or disables serving signed cert timestamp
// (RFC6962) in server hello.
void set_enable_serving_sct(bool enable_serving_sct);
@@ -692,15 +655,6 @@ class NET_EXPORT_PRIVATE QuicCryptoServerConfig {
// NewServerNonce generates and encrypts a random nonce.
std::string NewServerNonce(QuicRandom* rand, QuicWallTime now) const;
- // ValidateServerNonce decrypts |token| and verifies that it hasn't been
- // previously used and is recent enough that it is plausible that it was part
- // of a very recently provided rejection ("recent" will be on the order of
- // 10-30 seconds). If so, it records that it has been used and returns
- // HANDSHAKE_OK. Otherwise it returns the reason for failure.
- HandshakeFailureReason ValidateServerNonce(
- base::StringPiece echoed_server_nonce,
- QuicWallTime now) const;
-
// ValidateExpectedLeafCertificate checks the |client_hello| to see if it has
// an XLCT tag, and if so, verifies that its value matches the hash of the
// server's leaf certificate. The certs field of |crypto_proof| is used to
@@ -797,12 +751,6 @@ class NET_EXPORT_PRIVATE QuicCryptoServerConfig {
// Callback to invoke when the primary config changes.
std::unique_ptr<PrimaryConfigChangedCallback> primary_config_changed_cb_;
- // Protects access to the pointer held by strike_register_client_.
- mutable base::Lock strike_register_client_lock_;
- // strike_register_ contains a data structure that keeps track of previously
- // observed client nonces in order to prevent replay attacks.
- mutable std::unique_ptr<StrikeRegisterClient> strike_register_client_;
-
// Used to protect the source-address tokens that are given to clients.
CryptoSecretBoxer source_address_token_boxer_;
@@ -815,12 +763,6 @@ class NET_EXPORT_PRIVATE QuicCryptoServerConfig {
// cookies).
uint8_t server_nonce_orbit_[8];
- mutable base::Lock server_nonce_strike_register_lock_;
- // server_nonce_strike_register_ contains a data structure that keeps track of
- // previously observed server nonces from this server, in order to prevent
- // replay attacks.
- mutable std::unique_ptr<StrikeRegister> server_nonce_strike_register_;
-
// proof_source_ contains an object that can provide certificate chains and
// signatures.
std::unique_ptr<ProofSource> proof_source_;
@@ -831,13 +773,8 @@ class NET_EXPORT_PRIVATE QuicCryptoServerConfig {
// These fields store configuration values. See the comments for their
// respective setter functions.
- bool strike_register_no_startup_period_;
- uint32_t strike_register_max_entries_;
- uint32_t strike_register_window_secs_;
uint32_t source_address_token_future_secs_;
uint32_t source_address_token_lifetime_secs_;
- uint32_t server_nonce_strike_register_max_entries_;
- uint32_t server_nonce_strike_register_window_secs_;
// Enable serving SCT or not.
bool enable_serving_sct_;
« no previous file with comments | « net/quic/core/crypto/crypto_server_test.cc ('k') | net/quic/core/crypto/quic_crypto_server_config.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698