QUIC Crypto - return the reasons for reject message. Reject reason

net/quic/crypto/quic_crypto_server_config.h

Index: net/quic/crypto/quic_crypto_server_config.h
diff --git a/net/quic/crypto/quic_crypto_server_config.h b/net/quic/crypto/quic_crypto_server_config.h
index 566e60d562832654eb9932ddabc8bd32c8b723c1..8b7528cef578d11d9ada22bc9e098ce06c687c0b 100644
--- a/net/quic/crypto/quic_crypto_server_config.h
+++ b/net/quic/crypto/quic_crypto_server_config.h
@@ -40,6 +40,33 @@ namespace test {
 class QuicCryptoServerConfigPeer;
 }  // namespace test
 
+enum HandshakeFailureReason {
+  // Failure reasons from strike register.
+  // TODO(rtenneti): Implement capturing of error from strike register.

[wtc, 2014/06/19 00:13:25]

I think line 44 should be deleted (seems very similar to line 48), and line 45
should be moved right after line 48.

[ramant (doing other things), 2014/06/19 01:57:35]

Done.

+  HANDSHAKE_OK = 0,
+
+  // Failure reasons for an invalid client nonce.
+  CLIENT_NONCE_UNKNOWN_FAILURE = 100,
+  CLIENT_NONCE_INVALID_FAILURE,

[wtc, 2014/06/19 00:13:25]

It seems that we should have a CLIENT_NONCE_NOT_UNIQUE_FAILURE

[ramant (doing other things), 2014/06/19 01:57:35]

Will add it in the next CL when we verify client_nonce via strike register
(after making changes in the internal source
tree).

+
+  // Failure reasons for an invalid server nonce.
+  SERVER_NONCE_INVALID_FAILURE = 200,
+  SERVER_NONCE_DECRYPTION_FAILURE,
+  SERVER_NONCE_NOT_UNIQUE_FAILURE,
+
+  // Failure reasons for an invalid server config.
+  SERVER_CONFIG_INCHOATE_HELLO_FAILURE = 300,
+  SERVER_CONFIG_UNKNOWN_CONFIG_FAILURE,
+
+  // Failure reasons for an invalid source adddress token.
+  SOURCE_ADDRESS_TOKEN_INVALID_FAILURE = 400,
+  SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE,
+  SOURCE_ADDRESS_TOKEN_PARSE_FAILURE,
+  SOURCE_ADDRESS_TOKEN_DIFFERENT_IP_ADDRESS_FAILURE,
+  SOURCE_ADDRESS_TOKEN_CLOCK_SKEW_FAILURE,
+  SOURCE_ADDRESS_TOKEN_EXPIRED_FAILURE,

[wtc, 2014/06/19 00:13:25]

Nit: these enum values should be documented with one-sentence comments.

[ramant (doing other things), 2014/06/19 01:57:35]

Will do in the next CL (will add the comments in the internal source tree).

+};
+
 // Hook that allows application code to subscribe to primary config changes.
 class PrimaryConfigChangedCallback {
  public:
@@ -385,13 +412,13 @@ class NET_EXPORT_PRIVATE QuicCryptoServerConfig {
                                     QuicRandom* rand,
                                     QuicWallTime now) const;
 
-  // ValidateSourceAddressToken returns true if the source address token in
-  // |token| is a valid and timely token for the IP address |ip| given that the
-  // current time is |now|.
-  bool ValidateSourceAddressToken(const Config& config,
-                                  base::StringPiece token,
-                                  const IPEndPoint& ip,
-                                  QuicWallTime now) const;
+  // ValidateSourceAddressToken returns HANDSHAKE_OK if the source address token
+  // in |token| is a valid and timely token for the IP address |ip| given that
+  // the current time is |now|. Otherwise it returns the reason for failure.
+  HandshakeFailureReason ValidateSourceAddressToken(const Config& config,
+                                                    base::StringPiece token,
+                                                    const IPEndPoint& ip,
+                                                    QuicWallTime now) const;
 
   // NewServerNonce generates and encrypts a random nonce.
   std::string NewServerNonce(QuicRandom* rand, QuicWallTime now) const;
@@ -399,10 +426,11 @@ class NET_EXPORT_PRIVATE QuicCryptoServerConfig {
   // ValidateServerNonce decrypts |token| and verifies that it hasn't been
   // previously used and is recent enough that it is plausible that it was part
   // of a very recently provided rejection ("recent" will be on the order of
-  // 10-30 seconds). If so, it records that it has been used and returns true.
-  // Otherwise it returns false.
-  bool ValidateServerNonce(base::StringPiece echoed_server_nonce,
-                           QuicWallTime now) const;
+  // 10-30 seconds). If so, it records that it has been used and returns
+  // HANDSHAKE_OK. Otherwise it returns the reason for failure.
+  HandshakeFailureReason ValidateServerNonce(
+      base::StringPiece echoed_server_nonce,
+      QuicWallTime now) const;
 
   // replay_protection_ controls whether the server enforces that handshakes
   // aren't replays.