Landing Recent QUIC changes until Mon Nov 14 04:43:50 2016 +0000

net/quic/core/crypto/quic_crypto_server_config.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/quic/core/crypto/quic_crypto_server_config.h"
 
 #include <stdlib.h>
 
 #include <algorithm>
 #include <memory>
 
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
 #include "crypto/hkdf.h"
 #include "crypto/secure_hash.h"
 #include "net/base/ip_address.h"
 #include "net/quic/core/crypto/aes_128_gcm_12_decrypter.h"
 #include "net/quic/core/crypto/aes_128_gcm_12_encrypter.h"
 #include "net/quic/core/crypto/cert_compressor.h"
 #include "net/quic/core/crypto/chacha20_poly1305_encrypter.h"
 #include "net/quic/core/crypto/channel_id.h"
 #include "net/quic/core/crypto/crypto_framer.h"
 #include "net/quic/core/crypto/crypto_handshake_message.h"
 #include "net/quic/core/crypto/crypto_server_config_protobuf.h"
 #include "net/quic/core/crypto/crypto_utils.h"
 #include "net/quic/core/crypto/curve25519_key_exchange.h"
 #include "net/quic/core/crypto/ephemeral_key_source.h"
 #include "net/quic/core/crypto/key_exchange.h"
-#include "net/quic/core/crypto/local_strike_register_client.h"
 #include "net/quic/core/crypto/p256_key_exchange.h"
 #include "net/quic/core/crypto/proof_source.h"
 #include "net/quic/core/crypto/quic_decrypter.h"
 #include "net/quic/core/crypto/quic_encrypter.h"
 #include "net/quic/core/crypto/quic_random.h"
-#include "net/quic/core/crypto/strike_register.h"
-#include "net/quic/core/crypto/strike_register_client.h"
 #include "net/quic/core/proto/source_address_token.pb.h"
 #include "net/quic/core/quic_bug_tracker.h"
 #include "net/quic/core/quic_clock.h"
 #include "net/quic/core/quic_flags.h"
 #include "net/quic/core/quic_protocol.h"
 #include "net/quic/core/quic_socket_address_coder.h"
 #include "net/quic/core/quic_utils.h"
 
 using base::StringPiece;
 using crypto::SecureHash;
@@ skipping 60 matching lines @@
     done_cb_ = nullptr;
   }
 
  private:
   scoped_refptr<ValidateClientHelloResultCallback::Result> result_;
   std::unique_ptr<ValidateClientHelloResultCallback>* done_cb_;
 
   DISALLOW_COPY_AND_ASSIGN(ValidateClientHelloHelper);
 };
 
-class VerifyNonceIsValidAndUniqueCallback
-    : public StrikeRegisterClient::ResultCallback {
- public:
-  VerifyNonceIsValidAndUniqueCallback(
-      scoped_refptr<ValidateClientHelloResultCallback::Result> result,
-      std::unique_ptr<ProofSource::Details> proof_source_details,
-      std::unique_ptr<ValidateClientHelloResultCallback> done_cb)
-      : result_(std::move(result)),
-        proof_source_details_(std::move(proof_source_details)),
-        done_cb_(std::move(done_cb)) {}
-
- protected:
-  void RunImpl(bool nonce_is_valid_and_unique,
-               InsertStatus nonce_error) override {
-    DVLOG(1) << "Using client nonce, unique: " << nonce_is_valid_and_unique
-             << " nonce_error: " << nonce_error;
-    if (!nonce_is_valid_and_unique) {
-      HandshakeFailureReason client_nonce_error;
-      switch (nonce_error) {
-        case NONCE_INVALID_FAILURE:
-          client_nonce_error = CLIENT_NONCE_INVALID_FAILURE;
-          break;
-        case NONCE_NOT_UNIQUE_FAILURE:
-          client_nonce_error = CLIENT_NONCE_NOT_UNIQUE_FAILURE;
-          break;
-        case NONCE_INVALID_ORBIT_FAILURE:
-          client_nonce_error = CLIENT_NONCE_INVALID_ORBIT_FAILURE;
-          break;
-        case NONCE_INVALID_TIME_FAILURE:
-          client_nonce_error = CLIENT_NONCE_INVALID_TIME_FAILURE;
-          break;
-        case STRIKE_REGISTER_TIMEOUT:
-          client_nonce_error = CLIENT_NONCE_STRIKE_REGISTER_TIMEOUT;
-          break;
-        case STRIKE_REGISTER_FAILURE:
-          client_nonce_error = CLIENT_NONCE_STRIKE_REGISTER_FAILURE;
-          break;
-        case NONCE_UNKNOWN_FAILURE:
-          client_nonce_error = CLIENT_NONCE_UNKNOWN_FAILURE;
-          break;
-        case NONCE_OK:
-        default:
-          QUIC_BUG << "Unexpected client nonce error: " << nonce_error;
-          client_nonce_error = CLIENT_NONCE_UNKNOWN_FAILURE;
-          break;
-      }
-      result_->info.reject_reasons.push_back(client_nonce_error);
-    }
-    done_cb_->Run(result_, std::move(proof_source_details_));
-  }
-
- private:
-  scoped_refptr<ValidateClientHelloResultCallback::Result> result_;
-  std::unique_ptr<ProofSource::Details> proof_source_details_;
-  std::unique_ptr<ValidateClientHelloResultCallback> done_cb_;
-
-  DISALLOW_COPY_AND_ASSIGN(VerifyNonceIsValidAndUniqueCallback);
-};
-
 // static
 const char QuicCryptoServerConfig::TESTING[] = "secret string for testing";
 
 ClientHelloInfo::ClientHelloInfo(const IPAddress& in_client_ip,
                                  QuicWallTime in_now)
     : client_ip(in_client_ip), now(in_now), valid_source_address_token(false) {}
 
 ClientHelloInfo::ClientHelloInfo(const ClientHelloInfo& other) = default;
 
 ClientHelloInfo::~ClientHelloInfo() {}
@@ skipping 32 matching lines @@
 
 QuicCryptoServerConfig::QuicCryptoServerConfig(
     StringPiece source_address_token_secret,
     QuicRandom* server_nonce_entropy,
     std::unique_ptr<ProofSource> proof_source)
     : replay_protection_(true),
       chlo_multiplier_(kMultiplier),
       configs_lock_(),
       primary_config_(nullptr),
       next_config_promotion_time_(QuicWallTime::Zero()),
-      server_nonce_strike_register_lock_(),
       proof_source_(std::move(proof_source)),
-      strike_register_no_startup_period_(false),
-      strike_register_max_entries_(1 << 10),
-      strike_register_window_secs_(600),
       source_address_token_future_secs_(3600),
       source_address_token_lifetime_secs_(86400),
-      server_nonce_strike_register_max_entries_(1 << 10),
-      server_nonce_strike_register_window_secs_(120),
       enable_serving_sct_(false),
       rejection_observer_(nullptr) {
   DCHECK(proof_source_.get());
   source_address_token_boxer_.SetKeys(
       {DeriveSourceAddressTokenKey(source_address_token_secret)});
 
   // Generate a random key and orbit for server nonces.
   server_nonce_entropy->RandBytes(server_nonce_orbit_,
                                   sizeof(server_nonce_orbit_));
   const size_t key_size = server_nonce_boxer_.GetKeySize();
@@ skipping 160 matching lines @@
 }
 
 CryptoHandshakeMessage* QuicCryptoServerConfig::AddDefaultConfig(
     QuicRandom* rand,
     const QuicClock* clock,
     const ConfigOptions& options) {
   return AddConfig(GenerateConfig(rand, clock, options), clock->WallNow());
 }
 
 bool QuicCryptoServerConfig::SetConfigs(
-    const vector<std::unique_ptr<QuicServerConfigProtobuf>>& protobufs,
+    const std::vector<std::unique_ptr<QuicServerConfigProtobuf>>& protobufs,
     const QuicWallTime now) {
-  vector<scoped_refptr<Config>> parsed_configs;
+  std::vector<scoped_refptr<Config>> parsed_configs;
   bool ok = true;
 
   for (auto& protobuf : protobufs) {
     scoped_refptr<Config> config(ParseConfigProtobuf(protobuf));
     if (!config.get()) {
       ok = false;
       break;
     }
 
     parsed_configs.push_back(config);
   }
 
   if (parsed_configs.empty()) {
     LOG(WARNING) << "New config list is empty.";
     ok = false;
   }
 
   if (!ok) {
     LOG(WARNING) << "Rejecting QUIC configs because of above errors";
   } else {
     VLOG(1) << "Updating configs:";
 
     base::AutoLock locked(configs_lock_);
     ConfigMap new_configs;
 
-    for (vector<scoped_refptr<Config>>::const_iterator i =
+    for (std::vector<scoped_refptr<Config>>::const_iterator i =
              parsed_configs.begin();
          i != parsed_configs.end(); ++i) {
       scoped_refptr<Config> config = *i;
 
       ConfigMap::iterator it = configs_.find(config->id);
       if (it != configs_.end()) {
         VLOG(1) << "Keeping scid: " << QuicUtils::HexEncode(config->id)
                 << " orbit: "
                 << QuicUtils::HexEncode(
                        reinterpret_cast<const char*>(config->orbit), kOrbitSize)
@@ skipping 37 matching lines @@
     scids->push_back(it->first);
   }
 }
 
 void QuicCryptoServerConfig::ValidateClientHello(
     const CryptoHandshakeMessage& client_hello,
     const IPAddress& client_ip,
     const IPAddress& server_ip,
     QuicVersion version,
     const QuicClock* clock,
-    scoped_refptr<QuicCryptoProof> crypto_proof,
+    scoped_refptr<QuicSignedServerConfig> signed_config,
     std::unique_ptr<ValidateClientHelloResultCallback> done_cb) const {
   const QuicWallTime now(clock->WallNow());
 
   scoped_refptr<ValidateClientHelloResultCallback::Result> result(
       new ValidateClientHelloResultCallback::Result(client_hello, client_ip,
                                                     now));
 
   StringPiece requested_scid;
   client_hello.GetStringPiece(kSCID, &requested_scid);
 
   scoped_refptr<Config> requested_config;
   scoped_refptr<Config> primary_config;
   {
     base::AutoLock locked(configs_lock_);
 
     if (!primary_config_.get()) {
       result->error_code = QUIC_CRYPTO_INTERNAL_ERROR;
       result->error_details = "No configurations loaded";
     } else {
       if (!next_config_promotion_time_.IsZero() &&
           next_config_promotion_time_.IsAfter(now)) {
         SelectNewPrimaryConfig(now);
         DCHECK(primary_config_.get());
         DCHECK_EQ(configs_.find(primary_config_->id)->second, primary_config_);
       }
     }
 
     requested_config = GetConfigWithScid(requested_scid);
     primary_config = primary_config_;
-    crypto_proof->config = primary_config_;
+    signed_config->config = primary_config_;
   }
 
   if (result->error_code == QUIC_NO_ERROR) {
     // QUIC requires a new proof for each CHLO so clear any existing proof.
-    crypto_proof->chain = nullptr;
-    crypto_proof->signature = "";
-    crypto_proof->cert_sct = "";
+    signed_config->chain = nullptr;
+    signed_config->signature = "";
+    signed_config->cert_sct = "";
     EvaluateClientHello(server_ip, version, requested_config, primary_config,
-                        crypto_proof, result, std::move(done_cb));
+                        signed_config, result, std::move(done_cb));
   } else {
     done_cb->Run(result, /* details = */ nullptr);
   }
 }
 
 class ProcessClientHelloHelper {
  public:
   explicit ProcessClientHelloHelper(
       std::unique_ptr<ProcessClientHelloResultCallback>* done_cb)
       : done_cb_(done_cb) {}
@@ skipping 37 matching lines @@
       QuicConnectionId connection_id,
       const IPEndPoint& client_address,
       QuicVersion version,
       const QuicVersionVector& supported_versions,
       bool use_stateless_rejects,
       QuicConnectionId server_designated_connection_id,
       const QuicClock* clock,
       QuicRandom* rand,
       QuicCompressedCertsCache* compressed_certs_cache,
       scoped_refptr<QuicCryptoNegotiatedParameters> params,
-      scoped_refptr<QuicCryptoProof> crypto_proof,
+      scoped_refptr<QuicSignedServerConfig> signed_config,
       QuicByteCount total_framing_overhead,
       QuicByteCount chlo_packet_size,
       const scoped_refptr<QuicCryptoServerConfig::Config>& requested_config,
       const scoped_refptr<QuicCryptoServerConfig::Config>& primary_config,
       std::unique_ptr<ProcessClientHelloResultCallback> done_cb)
       : config_(config),
         validate_chlo_result_(std::move(validate_chlo_result)),
         reject_only_(reject_only),
         connection_id_(connection_id),
         client_address_(client_address),
         version_(version),
         supported_versions_(supported_versions),
         use_stateless_rejects_(use_stateless_rejects),
         server_designated_connection_id_(server_designated_connection_id),
         clock_(clock),
         rand_(rand),
         compressed_certs_cache_(compressed_certs_cache),
         params_(params),
-        crypto_proof_(crypto_proof),
+        signed_config_(signed_config),
         total_framing_overhead_(total_framing_overhead),
         chlo_packet_size_(chlo_packet_size),
         requested_config_(requested_config),
         primary_config_(primary_config),
         done_cb_(std::move(done_cb)) {}
 
   void Run(bool ok,
            const scoped_refptr<ProofSource::Chain>& chain,
-           const string& signature,
-           const string& leaf_cert_sct,
+           const QuicCryptoProof& proof,
            std::unique_ptr<ProofSource::Details> details) override {
     if (ok) {
-      crypto_proof_->chain = chain;
-      crypto_proof_->signature = signature;
-      crypto_proof_->cert_sct = leaf_cert_sct;
+      signed_config_->chain = chain;
+      signed_config_->signature = proof.signature;
+      signed_config_->cert_sct = proof.leaf_cert_scts;
+      signed_config_->send_expect_ct_header = proof.send_expect_ct_header;
     }
     config_->ProcessClientHelloAfterGetProof(
         !ok, std::move(details), *validate_chlo_result_, reject_only_,
         connection_id_, client_address_, version_, supported_versions_,
         use_stateless_rejects_, server_designated_connection_id_, clock_, rand_,
-        compressed_certs_cache_, params_, crypto_proof_,
+        compressed_certs_cache_, params_, signed_config_,
         total_framing_overhead_, chlo_packet_size_, requested_config_,
         primary_config_, std::move(done_cb_));
   }
 
  private:
   const QuicCryptoServerConfig* config_;
   const scoped_refptr<ValidateClientHelloResultCallback::Result>
       validate_chlo_result_;
   const bool reject_only_;
   const QuicConnectionId connection_id_;
   const IPEndPoint client_address_;
   const QuicVersion version_;
   const QuicVersionVector supported_versions_;
   const bool use_stateless_rejects_;
   const QuicConnectionId server_designated_connection_id_;
   const QuicClock* const clock_;
   QuicRandom* const rand_;
   QuicCompressedCertsCache* compressed_certs_cache_;
   scoped_refptr<QuicCryptoNegotiatedParameters> params_;
-  scoped_refptr<QuicCryptoProof> crypto_proof_;
+  scoped_refptr<QuicSignedServerConfig> signed_config_;
   const QuicByteCount total_framing_overhead_;
   const QuicByteCount chlo_packet_size_;
   const scoped_refptr<QuicCryptoServerConfig::Config> requested_config_;
   const scoped_refptr<QuicCryptoServerConfig::Config> primary_config_;
   std::unique_ptr<ProcessClientHelloResultCallback> done_cb_;
 };
 
 void QuicCryptoServerConfig::ProcessClientHello(
     scoped_refptr<ValidateClientHelloResultCallback::Result>
         validate_chlo_result,
     bool reject_only,
     QuicConnectionId connection_id,
     const IPAddress& server_ip,
     const IPEndPoint& client_address,
     QuicVersion version,
     const QuicVersionVector& supported_versions,
     bool use_stateless_rejects,
     QuicConnectionId server_designated_connection_id,
     const QuicClock* clock,
     QuicRandom* rand,
     QuicCompressedCertsCache* compressed_certs_cache,
     scoped_refptr<QuicCryptoNegotiatedParameters> params,
-    scoped_refptr<QuicCryptoProof> crypto_proof,
+    scoped_refptr<QuicSignedServerConfig> signed_config,
     QuicByteCount total_framing_overhead,
     QuicByteCount chlo_packet_size,
     std::unique_ptr<ProcessClientHelloResultCallback> done_cb) const {
   DCHECK(done_cb);
 
   ProcessClientHelloHelper helper(&done_cb);
 
   const CryptoHandshakeMessage& client_hello =
       validate_chlo_result->client_hello;
   const ClientHelloInfo& info = validate_chlo_result->info;
@@ skipping 21 matching lines @@
     } else {
       if (!next_config_promotion_time_.IsZero() &&
           next_config_promotion_time_.IsAfter(now)) {
         SelectNewPrimaryConfig(now);
         DCHECK(primary_config_.get());
         DCHECK_EQ(configs_.find(primary_config_->id)->second, primary_config_);
       }
 
       // Use the config that the client requested in order to do key-agreement.
       // Otherwise give it a copy of |primary_config_| to use.
-      primary_config = crypto_proof->config;
+      primary_config = signed_config->config;
       requested_config = GetConfigWithScid(requested_scid);
     }
   }
   if (no_primary_config) {
     helper.Fail(QUIC_CRYPTO_INTERNAL_ERROR, "No configurations loaded");
     return;
   }
 
   if (validate_chlo_result->error_code != QUIC_NO_ERROR) {
     helper.Fail(validate_chlo_result->error_code,
                 validate_chlo_result->error_details);
     return;
   }
 
   if (!ClientDemandsX509Proof(client_hello)) {
     helper.Fail(QUIC_UNSUPPORTED_PROOF_DEMAND, "Missing or invalid PDMD");
     return;
   }
   DCHECK(proof_source_.get());
   string chlo_hash;
   CryptoUtils::HashHandshakeMessage(client_hello, &chlo_hash);
 
   // No need to get a new proof if one was already generated.
-  if (!crypto_proof->chain) {
+  if (!signed_config->chain) {
     const QuicTag* tag_ptr;
     size_t num_tags;
     QuicTagVector connection_options;
     if (client_hello.GetTaglist(kCOPT, &tag_ptr, &num_tags) == QUIC_NO_ERROR) {
       connection_options.assign(tag_ptr, tag_ptr + num_tags);
     }
     if (FLAGS_enable_async_get_proof) {
       std::unique_ptr<ProcessClientHelloCallback> cb(
           new ProcessClientHelloCallback(
               this, validate_chlo_result, reject_only, connection_id,
               client_address, version, supported_versions,
               use_stateless_rejects, server_designated_connection_id, clock,
-              rand, compressed_certs_cache, params, crypto_proof,
+              rand, compressed_certs_cache, params, signed_config,
               total_framing_overhead, chlo_packet_size, requested_config,
               primary_config, std::move(done_cb)));
       proof_source_->GetProof(server_ip, info.sni.as_string(),
                               primary_config->serialized, version, chlo_hash,
                               connection_options, std::move(cb));
       helper.DetachCallback();
       return;
     }
 
-    if (!proof_source_->GetProof(
-            server_ip, info.sni.as_string(), primary_config->serialized,
-            version, chlo_hash, connection_options, &crypto_proof->chain,
-            &crypto_proof->signature, &crypto_proof->cert_sct)) {
+    QuicCryptoProof proof;
+    if (!proof_source_->GetProof(server_ip, info.sni.as_string(),
+                                 primary_config->serialized, version, chlo_hash,
+                                 connection_options, &signed_config->chain,
+                                 &proof)) {
       helper.Fail(QUIC_HANDSHAKE_FAILED, "Missing or invalid crypto proof.");
       return;
     }
+    signed_config->signature = proof.signature;
+    signed_config->cert_sct = proof.leaf_cert_scts;
   }
 
   helper.DetachCallback();
   ProcessClientHelloAfterGetProof(
       /* found_error = */ false, /* proof_source_details = */ nullptr,
       *validate_chlo_result, reject_only, connection_id, client_address,
       version, supported_versions, use_stateless_rejects,
       server_designated_connection_id, clock, rand, compressed_certs_cache,
-      params, crypto_proof, total_framing_overhead, chlo_packet_size,
+      params, signed_config, total_framing_overhead, chlo_packet_size,
       requested_config, primary_config, std::move(done_cb));
 }
 
 void QuicCryptoServerConfig::ProcessClientHelloAfterGetProof(
     bool found_error,
     std::unique_ptr<ProofSource::Details> proof_source_details,
     const ValidateClientHelloResultCallback::Result& validate_chlo_result,
     bool reject_only,
     QuicConnectionId connection_id,
     const IPEndPoint& client_address,
     QuicVersion version,
     const QuicVersionVector& supported_versions,
     bool use_stateless_rejects,
     QuicConnectionId server_designated_connection_id,
     const QuicClock* clock,
     QuicRandom* rand,
     QuicCompressedCertsCache* compressed_certs_cache,
     scoped_refptr<QuicCryptoNegotiatedParameters> params,
-    scoped_refptr<QuicCryptoProof> crypto_proof,
+    scoped_refptr<QuicSignedServerConfig> signed_config,
     QuicByteCount total_framing_overhead,
     QuicByteCount chlo_packet_size,
     const scoped_refptr<Config>& requested_config,
     const scoped_refptr<Config>& primary_config,
     std::unique_ptr<ProcessClientHelloResultCallback> done_cb) const {
   ProcessClientHelloHelper helper(&done_cb);
 
   if (found_error) {
     helper.Fail(QUIC_HANDSHAKE_FAILED, "Failed to get proof");
     return;
   }
 
   const CryptoHandshakeMessage& client_hello =
       validate_chlo_result.client_hello;
   const ClientHelloInfo& info = validate_chlo_result.info;
   std::unique_ptr<DiversificationNonce> out_diversification_nonce(
       new DiversificationNonce);
 
   StringPiece cert_sct;
   if (client_hello.GetStringPiece(kCertificateSCTTag, &cert_sct) &&
       cert_sct.empty()) {
     params->sct_supported_by_client = true;
   }
 
   std::unique_ptr<CryptoHandshakeMessage> out(new CryptoHandshakeMessage);
   if (!info.reject_reasons.empty() || !requested_config.get()) {
     BuildRejection(version, clock->WallNow(), *primary_config, client_hello,
                    info, validate_chlo_result.cached_network_params,
                    use_stateless_rejects, server_designated_connection_id, rand,
-                   compressed_certs_cache, params, *crypto_proof,
+                   compressed_certs_cache, params, *signed_config,
                    total_framing_overhead, chlo_packet_size, out.get());
     if (FLAGS_quic_export_rej_for_all_rejects &&
         rejection_observer_ != nullptr) {
       rejection_observer_->OnRejectionBuilt(info.reject_reasons, out.get());
     }
     helper.Succeed(std::move(out), std::move(out_diversification_nonce),
                    std::move(proof_source_details));
     return;
   }
 
@@ skipping 10 matching lines @@
           QUIC_NO_ERROR ||
       client_hello.GetTaglist(kKEXS, &their_key_exchanges,
                               &num_their_key_exchanges) != QUIC_NO_ERROR ||
       num_their_aeads != 1 || num_their_key_exchanges != 1) {
     helper.Fail(QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER,
                 "Missing or invalid AEAD or KEXS");
     return;
   }
 
   size_t key_exchange_index;
-  if (!QuicUtils::FindMutualTag(requested_config->aead, their_aeads,
-                                num_their_aeads, QuicUtils::LOCAL_PRIORITY,
-                                &params->aead, nullptr) ||
-      !QuicUtils::FindMutualTag(requested_config->kexs, their_key_exchanges,
-                                num_their_key_exchanges,
-                                QuicUtils::LOCAL_PRIORITY,
-                                &params->key_exchange, &key_exchange_index)) {
+  if (!FindMutualQuicTag(requested_config->aead, their_aeads, num_their_aeads,
+                         &params->aead, nullptr) ||
+      !FindMutualQuicTag(requested_config->kexs, their_key_exchanges,
+                         num_their_key_exchanges, &params->key_exchange,
+                         &key_exchange_index)) {
     helper.Fail(QUIC_CRYPTO_NO_SUPPORT, "Unsupported AEAD or KEXS");
     return;
   }
 
   if (!requested_config->tb_key_params.empty()) {
     const QuicTag* their_tbkps;
     size_t num_their_tbkps;
     switch (client_hello.GetTaglist(kTBKP, &their_tbkps, &num_their_tbkps)) {
       case QUIC_CRYPTO_MESSAGE_PARAMETER_NOT_FOUND:
         break;
       case QUIC_NO_ERROR:
-        if (QuicUtils::FindMutualTag(
-                requested_config->tb_key_params, their_tbkps, num_their_tbkps,
-                QuicUtils::LOCAL_PRIORITY, &params->token_binding_key_param,
-                nullptr)) {
+        if (FindMutualQuicTag(requested_config->tb_key_params, their_tbkps,
+                              num_their_tbkps, &params->token_binding_key_param,
+                              nullptr)) {
           break;
         }
       default:
         helper.Fail(QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER,
                     "Invalid Token Binding key parameter");
         return;
     }
   }
 
   StringPiece public_value;
@@ skipping 20 matching lines @@
   string hkdf_suffix;
   const QuicData& client_hello_serialized = client_hello.GetSerialized();
   hkdf_suffix.reserve(sizeof(connection_id) + client_hello_serialized.length() +
                       requested_config->serialized.size());
   hkdf_suffix.append(reinterpret_cast<char*>(&connection_id),
                      sizeof(connection_id));
   hkdf_suffix.append(client_hello_serialized.data(),
                      client_hello_serialized.length());
   hkdf_suffix.append(requested_config->serialized);
   DCHECK(proof_source_.get());
-  if (crypto_proof->chain->certs.empty()) {
+  if (signed_config->chain->certs.empty()) {
     helper.Fail(QUIC_CRYPTO_INTERNAL_ERROR, "Failed to get certs");
     return;
   }
-  hkdf_suffix.append(crypto_proof->chain->certs.at(0));
+  hkdf_suffix.append(signed_config->chain->certs.at(0));
 
   StringPiece cetv_ciphertext;
   if (requested_config->channel_id_enabled &&
       client_hello.GetStringPiece(kCETV, &cetv_ciphertext)) {
     CryptoHandshakeMessage client_hello_copy(client_hello);
     client_hello_copy.Erase(kCETV);
     client_hello_copy.Erase(kPAD);
 
     const QuicData& client_hello_copy_serialized =
         client_hello_copy.GetSerialized();
@@ skipping 47 matching lines @@
       params->channel_id = key.as_string();
     }
   }
 
   string hkdf_input;
   size_t label_len = strlen(QuicCryptoConfig::kInitialLabel) + 1;
   hkdf_input.reserve(label_len + hkdf_suffix.size());
   hkdf_input.append(QuicCryptoConfig::kInitialLabel, label_len);
   hkdf_input.append(hkdf_suffix);
 
+  rand->RandBytes(out_diversification_nonce->data(),
+                  out_diversification_nonce->size());
   CryptoUtils::Diversification diversification =
-      CryptoUtils::Diversification::Never();
-  if (version > QUIC_VERSION_32) {
-    rand->RandBytes(out_diversification_nonce->data(),
-                    out_diversification_nonce->size());
-    diversification =
-        CryptoUtils::Diversification::Now(out_diversification_nonce.get());
-  }
-
+      CryptoUtils::Diversification::Now(out_diversification_nonce.get());
   if (!CryptoUtils::DeriveKeys(params->initial_premaster_secret, params->aead,
                                info.client_nonce, info.server_nonce, hkdf_input,
                                Perspective::IS_SERVER, diversification,
                                &params->initial_crypters,
                                &params->initial_subkey_secret)) {
     helper.Fail(QUIC_CRYPTO_SYMMETRIC_KEY_SETUP_FAILED,
                 "Symmetric key setup failed");
     return;
   }
 
@@ skipping 90 matching lines @@
     // Primary times are equal, sort backwards by priority.
     return a->priority < b->priority;
   } else {
     // Primary times and priorities are equal, sort by config id.
     return a->id < b->id;
   }
 }
 
 void QuicCryptoServerConfig::SelectNewPrimaryConfig(
     const QuicWallTime now) const {
-  vector<scoped_refptr<Config>> configs;
+  std::vector<scoped_refptr<Config>> configs;
   configs.reserve(configs_.size());
 
   for (ConfigMap::const_iterator it = configs_.begin(); it != configs_.end();
        ++it) {
     // TODO(avd) Exclude expired configs?
     configs.push_back(it->second);
   }
 
   if (configs.empty()) {
     if (primary_config_.get()) {
@@ skipping 70 matching lines @@
 class QuicCryptoServerConfig::EvaluateClientHelloCallback
     : public ProofSource::Callback {
  public:
   EvaluateClientHelloCallback(
       const QuicCryptoServerConfig& config,
       bool found_error,
       const IPAddress& server_ip,
       QuicVersion version,
       scoped_refptr<QuicCryptoServerConfig::Config> requested_config,
       scoped_refptr<QuicCryptoServerConfig::Config> primary_config,
-      scoped_refptr<QuicCryptoProof> crypto_proof,
+      scoped_refptr<QuicSignedServerConfig> signed_config,
       scoped_refptr<ValidateClientHelloResultCallback::Result>
           client_hello_state,
       std::unique_ptr<ValidateClientHelloResultCallback> done_cb)
       : config_(config),
         found_error_(found_error),
         server_ip_(server_ip),
         version_(version),
         requested_config_(std::move(requested_config)),
         primary_config_(std::move(primary_config)),
-        crypto_proof_(crypto_proof),
+        signed_config_(signed_config),
         client_hello_state_(std::move(client_hello_state)),
         done_cb_(std::move(done_cb)) {}
 
   void Run(bool ok,
            const scoped_refptr<ProofSource::Chain>& chain,
-           const string& signature,
-           const string& leaf_cert_sct,
+           const QuicCryptoProof& proof,
            std::unique_ptr<ProofSource::Details> details) override {
     if (ok) {
-      crypto_proof_->chain = chain;
-      crypto_proof_->signature = signature;
-      crypto_proof_->cert_sct = leaf_cert_sct;
+      signed_config_->chain = chain;
+      signed_config_->signature = proof.signature;
+      signed_config_->cert_sct = proof.leaf_cert_scts;
+      signed_config_->send_expect_ct_header = proof.send_expect_ct_header;
     }
     config_.EvaluateClientHelloAfterGetProof(
         found_error_, server_ip_, version_, requested_config_, primary_config_,
-        crypto_proof_, std::move(details), !ok, client_hello_state_,
+        signed_config_, std::move(details), !ok, client_hello_state_,
         std::move(done_cb_));
   }
 
  private:
   const QuicCryptoServerConfig& config_;
   const bool found_error_;
   const IPAddress& server_ip_;
   const QuicVersion version_;
   const scoped_refptr<QuicCryptoServerConfig::Config> requested_config_;
   const scoped_refptr<QuicCryptoServerConfig::Config> primary_config_;
-  scoped_refptr<QuicCryptoProof> crypto_proof_;
+  scoped_refptr<QuicSignedServerConfig> signed_config_;
   scoped_refptr<ValidateClientHelloResultCallback::Result> client_hello_state_;
   std::unique_ptr<ValidateClientHelloResultCallback> done_cb_;
 };
 
 void QuicCryptoServerConfig::EvaluateClientHello(
     const IPAddress& server_ip,
     QuicVersion version,
     scoped_refptr<Config> requested_config,
     scoped_refptr<Config> primary_config,
-    scoped_refptr<QuicCryptoProof> crypto_proof,
+    scoped_refptr<QuicSignedServerConfig> signed_config,
     scoped_refptr<ValidateClientHelloResultCallback::Result> client_hello_state,
     std::unique_ptr<ValidateClientHelloResultCallback> done_cb) const {
   ValidateClientHelloHelper helper(client_hello_state, &done_cb);
 
   const CryptoHandshakeMessage& client_hello = client_hello_state->client_hello;
   ClientHelloInfo* info = &(client_hello_state->info);
 
   if (client_hello.size() < kClientHelloMinimumSize) {
     helper.ValidationComplete(QUIC_CRYPTO_INVALID_VALUE_LENGTH,
                               "Client hello too small", nullptr);
@@ skipping 51 matching lines @@
     info->reject_reasons.push_back(source_address_token_error);
     // No valid source address token.
     found_error = true;
   }
 
   bool get_proof_failed = false;
   string serialized_config = primary_config->serialized;
   string chlo_hash;
   CryptoUtils::HashHandshakeMessage(client_hello, &chlo_hash);
   bool need_proof = true;
-  need_proof = !crypto_proof->chain;
+  need_proof = !signed_config->chain;
   const QuicTag* tag_ptr;
   size_t num_tags;
   QuicTagVector connection_options;
   if (client_hello.GetTaglist(kCOPT, &tag_ptr, &num_tags) == QUIC_NO_ERROR) {
     connection_options.assign(tag_ptr, tag_ptr + num_tags);
   }
   if (FLAGS_enable_async_get_proof) {
     if (need_proof) {
       // Make an async call to GetProof and setup the callback to trampoline
       // back into EvaluateClientHelloAfterGetProof
       std::unique_ptr<EvaluateClientHelloCallback> cb(
           new EvaluateClientHelloCallback(
               *this, found_error, server_ip, version, requested_config,
-              primary_config, crypto_proof, client_hello_state,
+              primary_config, signed_config, client_hello_state,
               std::move(done_cb)));
       proof_source_->GetProof(server_ip, info->sni.as_string(),
                               serialized_config, version, chlo_hash,
                               connection_options, std::move(cb));
       helper.DetachCallback();
       return;
     }
   }
 
   // No need to get a new proof if one was already generated.
-  if (need_proof &&
-      !proof_source_->GetProof(
-          server_ip, info->sni.as_string(), serialized_config, version,
-          chlo_hash, connection_options, &crypto_proof->chain,
-          &crypto_proof->signature, &crypto_proof->cert_sct)) {
-    get_proof_failed = true;
+  if (need_proof) {
+    QuicCryptoProof proof;
+
+    if (proof_source_->GetProof(
+            server_ip, info->sni.as_string(), serialized_config, version,
+            chlo_hash, connection_options, &signed_config->chain, &proof)) {
+      signed_config->signature = proof.signature;
+      signed_config->cert_sct = proof.leaf_cert_scts;
+    } else {
+      get_proof_failed = true;
+    }
   }
 
   // Details are null because the synchronous version of GetProof does not
   // return any stats.  Eventually the synchronous codepath will be eliminated.
   EvaluateClientHelloAfterGetProof(
       found_error, server_ip, version, requested_config, primary_config,
-      crypto_proof, nullptr /* proof_source_details */, get_proof_failed,
+      signed_config, nullptr /* proof_source_details */, get_proof_failed,
       client_hello_state, std::move(done_cb));
   helper.DetachCallback();
 }
 
 void QuicCryptoServerConfig::EvaluateClientHelloAfterGetProof(
     bool found_error,
     const IPAddress& server_ip,
     QuicVersion version,
     scoped_refptr<Config> requested_config,
     scoped_refptr<Config> primary_config,
-    scoped_refptr<QuicCryptoProof> crypto_proof,
+    scoped_refptr<QuicSignedServerConfig> signed_config,
     std::unique_ptr<ProofSource::Details> proof_source_details,
     bool get_proof_failed,
     scoped_refptr<ValidateClientHelloResultCallback::Result> client_hello_state,
     std::unique_ptr<ValidateClientHelloResultCallback> done_cb) const {
   ValidateClientHelloHelper helper(client_hello_state, &done_cb);
   const CryptoHandshakeMessage& client_hello = client_hello_state->client_hello;
   ClientHelloInfo* info = &(client_hello_state->info);
 
   if (get_proof_failed) {
-    found_error = true;
     info->reject_reasons.push_back(SERVER_CONFIG_UNKNOWN_CONFIG_FAILURE);
   }
 
-  if (!ValidateExpectedLeafCertificate(client_hello, *crypto_proof)) {
-    found_error = true;
+  if (!ValidateExpectedLeafCertificate(client_hello, *signed_config)) {
     info->reject_reasons.push_back(INVALID_EXPECTED_LEAF_CERTIFICATE);
   }
 
   if (info->client_nonce.size() != kNonceSize) {
     info->reject_reasons.push_back(CLIENT_NONCE_INVALID_FAILURE);
     // Invalid client nonce.
     LOG(ERROR) << "Invalid client nonce: " << client_hello.DebugString();
     DVLOG(1) << "Invalid client nonce.";
-    found_error = true;
   }
 
   // Server nonce is optional, and used for key derivation if present.
   client_hello.GetStringPiece(kServerNonceTag, &info->server_nonce);
 
-  if (version > QUIC_VERSION_32) {
-    DVLOG(1) << "No 0-RTT replay protection in QUIC_VERSION_33 and higher.";
-    // If the server nonce is empty and we're requiring handshake confirmation
-    // for DoS reasons then we must reject the CHLO.
-    if (FLAGS_quic_require_handshake_confirmation &&
-        info->server_nonce.empty()) {
-      info->reject_reasons.push_back(SERVER_NONCE_REQUIRED_FAILURE);
-    }
-    helper.ValidationComplete(QUIC_NO_ERROR, "",
-                              std::move(proof_source_details));
-    return;
+  DVLOG(1) << "No 0-RTT replay protection in QUIC_VERSION_33 and higher.";
+  // If the server nonce is empty and we're requiring handshake confirmation
+  // for DoS reasons then we must reject the CHLO.
+  if (FLAGS_quic_require_handshake_confirmation && info->server_nonce.empty()) {
+    info->reject_reasons.push_back(SERVER_NONCE_REQUIRED_FAILURE);
   }
-
-  if (!replay_protection_) {
-    DVLOG(1) << "No replay protection.";
-    helper.ValidationComplete(QUIC_NO_ERROR, "",
-                              std::move(proof_source_details));
-    return;
-  }
-
-  if (!info->server_nonce.empty()) {
-    // If the server nonce is present, use it to establish uniqueness.
-    HandshakeFailureReason server_nonce_error =
-        ValidateServerNonce(info->server_nonce, info->now);
-    bool is_unique = server_nonce_error == HANDSHAKE_OK;
-    if (!is_unique) {
-      info->reject_reasons.push_back(server_nonce_error);
-    }
-    DVLOG(1) << "Using server nonce, unique: " << is_unique;
-    helper.ValidationComplete(QUIC_NO_ERROR, "",
-                              std::move(proof_source_details));
-    return;
-  }
-  // If we hit this block, the server nonce was empty.  If we're requiring
-  // handshake confirmation for DoS reasons and there's no server nonce present,
-  // reject the CHLO.
-  if (FLAGS_quic_require_handshake_confirmation ||
-      FLAGS_quic_require_handshake_confirmation_pre33) {
-    info->reject_reasons.push_back(SERVER_NONCE_REQUIRED_FAILURE);
-    helper.ValidationComplete(QUIC_NO_ERROR, "",
-                              std::move(proof_source_details));
-    return;
-  }
-
-  // We want to contact strike register only if there are no errors because it
-  // is a RPC call and is expensive.
-  if (found_error) {
-    helper.ValidationComplete(QUIC_NO_ERROR, "",
-                              std::move(proof_source_details));
-    return;
-  }
-
-  // Use the client nonce to establish uniqueness.
-  StrikeRegisterClient* strike_register_client;
-  {
-    base::AutoLock locked(strike_register_client_lock_);
-    strike_register_client = strike_register_client_.get();
-  }
-
-  if (!strike_register_client) {
-    // Either a valid server nonces or a strike register is required.
-    // Since neither are present, reject the handshake which will send a
-    // server nonce to the client.
-    info->reject_reasons.push_back(SERVER_NONCE_REQUIRED_FAILURE);
-    helper.ValidationComplete(QUIC_NO_ERROR, "",
-                              std::move(proof_source_details));
-    return;
-  }
-
-  strike_register_client->VerifyNonceIsValidAndUnique(
-      info->client_nonce, info->now,
-      new VerifyNonceIsValidAndUniqueCallback(client_hello_state,
-                                              std::move(proof_source_details),
-                                              std::move(done_cb)));
-  helper.DetachCallback();
+  helper.ValidationComplete(QUIC_NO_ERROR, "", std::move(proof_source_details));
 }
 
 bool QuicCryptoServerConfig::BuildServerConfigUpdateMessage(
     QuicVersion version,
     StringPiece chlo_hash,
     const SourceAddressTokens& previous_source_address_tokens,
     const IPAddress& server_ip,
     const IPAddress& client_ip,
     const QuicClock* clock,
     QuicRandom* rand,
@@ skipping 16 matching lines @@
         clock->WallNow(), cached_network_params);
   }
 
   out->set_tag(kSCUP);
   out->SetStringPiece(kSCFG, serialized);
   out->SetStringPiece(kSourceAddressTokenTag, source_address_token);
   out->SetValue(kSTTL,
                 expiry_time.AbsoluteDifference(clock->WallNow()).ToSeconds());
 
   scoped_refptr<ProofSource::Chain> chain;
-  string signature;
-  string cert_sct;
+  QuicCryptoProof proof;
   if (!proof_source_->GetProof(server_ip, params.sni, serialized, version,
-                               chlo_hash, connection_options, &chain,
-                               &signature, &cert_sct)) {
+                               chlo_hash, connection_options, &chain, &proof)) {
     DVLOG(1) << "Server: failed to get proof.";
     return false;
   }
 
   const string compressed = CompressChain(
       compressed_certs_cache, chain, params.client_common_set_hashes,
       params.client_cached_cert_hashes, common_cert_sets);
 
   out->SetStringPiece(kCertificateTag, compressed);
-  out->SetStringPiece(kPROF, signature);
+  out->SetStringPiece(kPROF, proof.signature);
   if (params.sct_supported_by_client && enable_serving_sct_) {
-    if (cert_sct.empty()) {
+    if (proof.leaf_cert_scts.empty()) {
       DLOG(WARNING) << "SCT is expected but it is empty. sni: " << params.sni
                     << " server_ip: " << server_ip.ToString();
     } else {
-      out->SetStringPiece(kCertificateSCTTag, cert_sct);
+      out->SetStringPiece(kCertificateSCTTag, proof.leaf_cert_scts);
     }
   }
   return true;
 }
 
 void QuicCryptoServerConfig::BuildServerConfigUpdateMessage(
     QuicVersion version,
     StringPiece chlo_hash,
     const SourceAddressTokens& previous_source_address_tokens,
     const IPAddress& server_ip,
@@ skipping 55 matching lines @@
       common_cert_sets_(common_cert_sets),
       client_common_set_hashes_(params.client_common_set_hashes),
       client_cached_cert_hashes_(params.client_cached_cert_hashes),
       sct_supported_by_client_(params.sct_supported_by_client),
       message_(std::move(message)),
       cb_(std::move(cb)) {}
 
 void QuicCryptoServerConfig::BuildServerConfigUpdateMessageProofSourceCallback::
     Run(bool ok,
         const scoped_refptr<ProofSource::Chain>& chain,
-        const string& signature,
-        const string& leaf_cert_sct,
+        const QuicCryptoProof& proof,
         std::unique_ptr<ProofSource::Details> details) {
   config_->FinishBuildServerConfigUpdateMessage(
       version_, compressed_certs_cache_, common_cert_sets_,
       client_common_set_hashes_, client_cached_cert_hashes_,
-      sct_supported_by_client_, ok, chain, signature, leaf_cert_sct,
-      std::move(details), std::move(message_), std::move(cb_));
+      sct_supported_by_client_, ok, chain, proof.signature,
+      proof.leaf_cert_scts, std::move(details), std::move(message_),
+      std::move(cb_));
 }
 
 void QuicCryptoServerConfig::FinishBuildServerConfigUpdateMessage(
     QuicVersion version,
     QuicCompressedCertsCache* compressed_certs_cache,
     const CommonCertSets* common_cert_sets,
     const string& client_common_set_hashes,
     const string& client_cached_cert_hashes,
     bool sct_supported_by_client,
     bool ok,
@@ skipping 30 matching lines @@
     QuicWallTime now,
     const Config& config,
     const CryptoHandshakeMessage& client_hello,
     const ClientHelloInfo& info,
     const CachedNetworkParameters& cached_network_params,
     bool use_stateless_rejects,
     QuicConnectionId server_designated_connection_id,
     QuicRandom* rand,
     QuicCompressedCertsCache* compressed_certs_cache,
     scoped_refptr<QuicCryptoNegotiatedParameters> params,
-    const QuicCryptoProof& crypto_proof,
+    const QuicSignedServerConfig& signed_config,
     QuicByteCount total_framing_overhead,
     QuicByteCount chlo_packet_size,
     CryptoHandshakeMessage* out) const {
   if (FLAGS_enable_quic_stateless_reject_support && use_stateless_rejects) {
     DVLOG(1) << "QUIC Crypto server config returning stateless reject "
              << "with server-designated connection ID "
              << server_designated_connection_id;
     out->set_tag(kSREJ);
     out->SetValue(kRCID, server_designated_connection_id);
   } else {
@@ skipping 23 matching lines @@
   if (client_hello.GetStringPiece(kCCS, &client_common_set_hashes)) {
     params->client_common_set_hashes = client_common_set_hashes.as_string();
   }
 
   StringPiece client_cached_cert_hashes;
   if (client_hello.GetStringPiece(kCCRT, &client_cached_cert_hashes)) {
     params->client_cached_cert_hashes = client_cached_cert_hashes.as_string();
   }
 
   const string compressed =
-      CompressChain(compressed_certs_cache, crypto_proof.chain,
+      CompressChain(compressed_certs_cache, signed_config.chain,
                     params->client_common_set_hashes,
                     params->client_cached_cert_hashes, config.common_cert_sets);
 
   DCHECK_GT(chlo_packet_size, client_hello.size());
   // kREJOverheadBytes is a very rough estimate of how much of a REJ
   // message is taken up by things other than the certificates.
   // STK: 56 bytes
   // SNO: 56 bytes
   // SCFG
   //   SCID: 16 bytes
   //   PUBS: 38 bytes
   const size_t kREJOverheadBytes = 166;
   // max_unverified_size is the number of bytes that the certificate chain,
   // signature, and (optionally) signed certificate timestamp can consume before
   // we will demand a valid source-address token.
   const size_t max_unverified_size =
       chlo_multiplier_ * (chlo_packet_size - total_framing_overhead) -
       kREJOverheadBytes;
   static_assert(kClientHelloMinimumSize * kMultiplier >= kREJOverheadBytes,
                 "overhead calculation may underflow");
   bool should_return_sct =
       params->sct_supported_by_client && enable_serving_sct_;
-  const size_t sct_size = should_return_sct ? crypto_proof.cert_sct.size() : 0;
+  const size_t sct_size = should_return_sct ? signed_config.cert_sct.size() : 0;
   const size_t total_size =
-      crypto_proof.signature.size() + compressed.size() + sct_size;
+      signed_config.signature.size() + compressed.size() + sct_size;
   if (info.valid_source_address_token || total_size < max_unverified_size) {
     out->SetStringPiece(kCertificateTag, compressed);
-    out->SetStringPiece(kPROF, crypto_proof.signature);
+    out->SetStringPiece(kPROF, signed_config.signature);
     if (should_return_sct) {
-      if (crypto_proof.cert_sct.empty()) {
+      if (signed_config.cert_sct.empty()) {
         DLOG(WARNING) << "SCT is expected but it is empty.";
       } else {
-        out->SetStringPiece(kCertificateSCTTag, crypto_proof.cert_sct);
+        out->SetStringPiece(kCertificateSCTTag, signed_config.cert_sct);
       }
     }
   } else {
     DLOG(WARNING) << "Sending inchoate REJ for hostname: " << info.sni
-                  << " signature: " << crypto_proof.signature.size()
+                  << " signature: " << signed_config.signature.size()
                   << " cert: " << compressed.size() << " sct:" << sct_size
                   << " total: " << total_size
                   << " max: " << max_unverified_size;
   }
 }
 
 string QuicCryptoServerConfig::CompressChain(
     QuicCompressedCertsCache* compressed_certs_cache,
     const scoped_refptr<ProofSource::Chain>& chain,
     const string& client_common_set_hashes,
@@ skipping 46 matching lines @@
     return nullptr;
   }
   config->id = scid.as_string();
 
   const QuicTag* aead_tags;
   size_t aead_len;
   if (msg->GetTaglist(kAEAD, &aead_tags, &aead_len) != QUIC_NO_ERROR) {
     LOG(WARNING) << "Server config message is missing AEAD";
     return nullptr;
   }
-  config->aead = vector<QuicTag>(aead_tags, aead_tags + aead_len);
+  config->aead = std::vector<QuicTag>(aead_tags, aead_tags + aead_len);
 
   const QuicTag* kexs_tags;
   size_t kexs_len;
   if (msg->GetTaglist(kKEXS, &kexs_tags, &kexs_len) != QUIC_NO_ERROR) {
     LOG(WARNING) << "Server config message is missing KEXS";
     return nullptr;
   }
 
   const QuicTag* tbkp_tags;
   size_t tbkp_len;
   QuicErrorCode err;
   if ((err = msg->GetTaglist(kTBKP, &tbkp_tags, &tbkp_len)) !=
           QUIC_CRYPTO_MESSAGE_PARAMETER_NOT_FOUND &&
       err != QUIC_NO_ERROR) {
     LOG(WARNING) << "Server config message is missing or has invalid TBKP";
     return nullptr;
   }
-  config->tb_key_params = vector<QuicTag>(tbkp_tags, tbkp_tags + tbkp_len);
+  config->tb_key_params = std::vector<QuicTag>(tbkp_tags, tbkp_tags + tbkp_len);
 
   StringPiece orbit;
   if (!msg->GetStringPiece(kORBT, &orbit)) {
     LOG(WARNING) << "Server config message is missing ORBT";
     return nullptr;
   }
 
   if (orbit.size() != kOrbitSize) {
     LOG(WARNING) << "Orbit value in server config is the wrong length."
                     " Got "
                  << orbit.size() << " want " << kOrbitSize;
     return nullptr;
   }
   static_assert(sizeof(config->orbit) == kOrbitSize,
                 "orbit has incorrect size");
   memcpy(config->orbit, orbit.data(), sizeof(config->orbit));
 
-  {
-    StrikeRegisterClient* strike_register_client;
-    {
-      base::AutoLock locked(strike_register_client_lock_);
-      strike_register_client = strike_register_client_.get();
-    }
-
-    if (strike_register_client != nullptr &&
-        !strike_register_client->IsKnownOrbit(orbit)) {
-      LOG(WARNING)
-          << "Rejecting server config with orbit that the strike register "
-             "client doesn't know about.";
-      return nullptr;
-    }
-  }
-
   if (kexs_len != protobuf->key_size()) {
     LOG(WARNING) << "Server config has " << kexs_len
                  << " key exchange methods configured, but "
                  << protobuf->key_size() << " private keys";
     return nullptr;
   }
 
   const QuicTag* proof_demand_tags;
   size_t num_proof_demand_tags;
   if (msg->GetTaglist(kPDMD, &proof_demand_tags, &num_proof_demand_tags) ==
@@ skipping 70 matching lines @@
   config->expiry_time = QuicWallTime::FromUNIXSeconds(expiry_seconds);
 
   return config;
 }
 
 void QuicCryptoServerConfig::SetEphemeralKeySource(
     EphemeralKeySource* ephemeral_key_source) {
   ephemeral_key_source_.reset(ephemeral_key_source);
 }
 
-void QuicCryptoServerConfig::SetStrikeRegisterClient(
-    StrikeRegisterClient* strike_register_client) {
-  base::AutoLock locker(strike_register_client_lock_);
-  DCHECK(!strike_register_client_.get());
-  strike_register_client_.reset(strike_register_client);
-}
-
 void QuicCryptoServerConfig::set_replay_protection(bool on) {
   replay_protection_ = on;
 }
 
 void QuicCryptoServerConfig::set_chlo_multiplier(size_t multiplier) {
   chlo_multiplier_ = multiplier;
 }
 
-void QuicCryptoServerConfig::set_strike_register_no_startup_period() {
-  base::AutoLock locker(strike_register_client_lock_);
-  DCHECK(!strike_register_client_.get());
-  strike_register_no_startup_period_ = true;
-}
-
-void QuicCryptoServerConfig::set_strike_register_max_entries(
-    uint32_t max_entries) {
-  base::AutoLock locker(strike_register_client_lock_);
-  DCHECK(!strike_register_client_.get());
-  strike_register_max_entries_ = max_entries;
-}
-
-void QuicCryptoServerConfig::set_strike_register_window_secs(
-    uint32_t window_secs) {
-  base::AutoLock locker(strike_register_client_lock_);
-  DCHECK(!strike_register_client_.get());
-  strike_register_window_secs_ = window_secs;
-}
-
 void QuicCryptoServerConfig::set_source_address_token_future_secs(
     uint32_t future_secs) {
   source_address_token_future_secs_ = future_secs;
 }
 
 void QuicCryptoServerConfig::set_source_address_token_lifetime_secs(
     uint32_t lifetime_secs) {
   source_address_token_lifetime_secs_ = lifetime_secs;
 }
 
-void QuicCryptoServerConfig::set_server_nonce_strike_register_max_entries(
-    uint32_t max_entries) {
-  DCHECK(!server_nonce_strike_register_.get());
-  server_nonce_strike_register_max_entries_ = max_entries;
-}
-
-void QuicCryptoServerConfig::set_server_nonce_strike_register_window_secs(
-    uint32_t window_secs) {
-  DCHECK(!server_nonce_strike_register_.get());
-  server_nonce_strike_register_window_secs_ = window_secs;
-}
-
 void QuicCryptoServerConfig::set_enable_serving_sct(bool enable_serving_sct) {
   enable_serving_sct_ = enable_serving_sct;
 }
 
 void QuicCryptoServerConfig::AcquirePrimaryConfigChangedCb(
     std::unique_ptr<PrimaryConfigChangedCallback> cb) {
   base::AutoLock locked(configs_lock_);
   primary_config_changed_cb_ = std::move(cb);
 }
 
@@ skipping 134 matching lines @@
   server_nonce[2] = static_cast<uint8_t>(timestamp >> 8);
   server_nonce[3] = static_cast<uint8_t>(timestamp);
   rand->RandBytes(&server_nonce[sizeof(timestamp)],
                   sizeof(server_nonce) - sizeof(timestamp));
 
   return server_nonce_boxer_.Box(
       rand,
       StringPiece(reinterpret_cast<char*>(server_nonce), sizeof(server_nonce)));
 }
 
-HandshakeFailureReason QuicCryptoServerConfig::ValidateServerNonce(
-    StringPiece token,
-    QuicWallTime now) const {
-  string storage;
-  StringPiece plaintext;
-  if (!server_nonce_boxer_.Unbox(token, &storage, &plaintext)) {
-    return SERVER_NONCE_DECRYPTION_FAILURE;
-  }
-
-  // plaintext contains:
-  //   uint32_t timestamp
-  //   uint8_t[20] random bytes
-
-  if (plaintext.size() != kServerNoncePlaintextSize) {
-    // This should never happen because the value decrypted correctly.
-    QUIC_BUG << "Seemingly valid server nonce had incorrect length.";
-    return SERVER_NONCE_INVALID_FAILURE;
-  }
-
-  uint8_t server_nonce[32];
-  memcpy(server_nonce, plaintext.data(), 4);
-  memcpy(server_nonce + 4, server_nonce_orbit_, sizeof(server_nonce_orbit_));
-  memcpy(server_nonce + 4 + sizeof(server_nonce_orbit_), plaintext.data() + 4,
-         20);
-  static_assert(4 + sizeof(server_nonce_orbit_) + 20 == sizeof(server_nonce),
-                "bad nonce buffer length");
-
-  InsertStatus nonce_error;
-  {
-    base::AutoLock auto_lock(server_nonce_strike_register_lock_);
-    if (server_nonce_strike_register_.get() == nullptr) {
-      server_nonce_strike_register_.reset(new StrikeRegister(
-          server_nonce_strike_register_max_entries_,
-          static_cast<uint32_t>(now.ToUNIXSeconds()),
-          server_nonce_strike_register_window_secs_, server_nonce_orbit_,
-          StrikeRegister::NO_STARTUP_PERIOD_NEEDED));
-    }
-    nonce_error = server_nonce_strike_register_->Insert(
-        server_nonce, static_cast<uint32_t>(now.ToUNIXSeconds()));
-  }
-
-  switch (nonce_error) {
-    case NONCE_OK:
-      return HANDSHAKE_OK;
-    case NONCE_INVALID_FAILURE:
-    case NONCE_INVALID_ORBIT_FAILURE:
-      return SERVER_NONCE_INVALID_FAILURE;
-    case NONCE_NOT_UNIQUE_FAILURE:
-      return SERVER_NONCE_NOT_UNIQUE_FAILURE;
-    case NONCE_INVALID_TIME_FAILURE:
-      return SERVER_NONCE_INVALID_TIME_FAILURE;
-    case NONCE_UNKNOWN_FAILURE:
-    case STRIKE_REGISTER_TIMEOUT:
-    case STRIKE_REGISTER_FAILURE:
-    default:
-      QUIC_BUG << "Unexpected server nonce error: " << nonce_error;
-      return SERVER_NONCE_NOT_UNIQUE_FAILURE;
-  }
-}
-
 bool QuicCryptoServerConfig::ValidateExpectedLeafCertificate(
     const CryptoHandshakeMessage& client_hello,
-    const QuicCryptoProof& crypto_proof) const {
-  if (crypto_proof.chain->certs.empty()) {
+    const QuicSignedServerConfig& signed_config) const {
+  if (signed_config.chain->certs.empty()) {
     return false;
   }
 
   uint64_t hash_from_client;
   if (client_hello.GetUint64(kXLCT, &hash_from_client) != QUIC_NO_ERROR) {
     return false;
   }
-  return CryptoUtils::ComputeLeafCertHash(crypto_proof.chain->certs.at(0)) ==
+  return CryptoUtils::ComputeLeafCertHash(signed_config.chain->certs.at(0)) ==
          hash_from_client;
 }
 
 bool QuicCryptoServerConfig::ClientDemandsX509Proof(
     const CryptoHandshakeMessage& client_hello) const {
   const QuicTag* their_proof_demands;
   size_t num_their_proof_demands;
 
   if (client_hello.GetTaglist(kPDMD, &their_proof_demands,
                               &num_their_proof_demands) != QUIC_NO_ERROR) {
@@ skipping 13 matching lines @@
     : channel_id_enabled(false),
       is_primary(false),
       primary_time(QuicWallTime::Zero()),
       expiry_time(QuicWallTime::Zero()),
       priority(0),
       source_address_token_boxer(nullptr) {}
 
 QuicCryptoServerConfig::Config::~Config() {
 }
 
-QuicCryptoProof::QuicCryptoProof() {}
-QuicCryptoProof::~QuicCryptoProof() {}
+QuicSignedServerConfig::QuicSignedServerConfig()
+    : send_expect_ct_header(false) {}
+QuicSignedServerConfig::~QuicSignedServerConfig() {}
 
 }  // namespace net