Renumber HandshakeFailureReason enums so that there are no big gaps.

net/quic/crypto/crypto_handshake.h

Index: net/quic/crypto/crypto_handshake.h
diff --git a/net/quic/crypto/crypto_handshake.h b/net/quic/crypto/crypto_handshake.h
index be137ee3c7ec91a616db26d1b8ee36acd62c0f8a..45b74a57a22985b3642f19a0a62de05e231ad5d3 100644
--- a/net/quic/crypto/crypto_handshake.h
+++ b/net/quic/crypto/crypto_handshake.h
@@ -19,46 +19,67 @@ class KeyExchange;
 class QuicDecrypter;
 class QuicEncrypter;
 
+// HandshakeFailureReason enum values are uploaded to UMA, they cannot be
+// changed.
 enum HandshakeFailureReason {
   HANDSHAKE_OK = 0,
 
   // Failure reasons for an invalid client nonce in CHLO.
   //
   // TODO(rtenneti): Implement capturing of error from strike register.
-  CLIENT_NONCE_UNKNOWN_FAILURE = 100,
+  CLIENT_NONCE_UNKNOWN_FAILURE = 1,
   // Invalid client nonce. A possible reason, client nonce had incorrect length.
-  CLIENT_NONCE_INVALID_FAILURE,
+  CLIENT_NONCE_INVALID_FAILURE = 2,
+  // Client orbit is not valid.
+  CLIENT_NONCE_INVALID_ORBIT_FAILURE = 3,
+  // Client nonce's timestamp is not in the strike register's valid time range.
+  CLIENT_NONCE_INVALID_TIME_FAILURE = 4,
+  // Client nonce verification has failed because strike register is down.
+  CLIENT_NONCE_NO_STRIKE_REGISTER_FAILURE = 5,
 
   // Failure reasons for an invalid server nonce in CHLO.
-  SERVER_NONCE_INVALID_FAILURE = 200,  // Nonce had incorrect length.
-  SERVER_NONCE_DECRYPTION_FAILURE,     // Unbox of nonce failed.
-  SERVER_NONCE_NOT_UNIQUE_FAILURE,     // Nonce is not unique.
+  //
+  SERVER_NONCE_INVALID_FAILURE = 6,        // Nonce had incorrect length.
+  SERVER_NONCE_DECRYPTION_FAILURE = 7,     // Unbox of nonce failed.
+  SERVER_NONCE_NOT_UNIQUE_FAILURE = 8,     // Nonce is not unique.
+  // Server orbit is not valid.
+  SERVER_NONCE_INVALID_ORBIT_FAILURE = 9,
+  // Server nonce's timestamp is not in the strike register's valid time range.
+  SERVER_NONCE_INVALID_TIME_FAILURE = 10,
+  // Server nonce verification has failed because strike register is down.
+  SERVER_NONCE_NO_STRIKE_REGISTER_FAILURE = 11,
 
   // Failure reasons for an invalid server config in CHLO.
   //
   // Missing Server config id (kSCID) tag.
-  SERVER_CONFIG_INCHOATE_HELLO_FAILURE = 300,
+  SERVER_CONFIG_INCHOATE_HELLO_FAILURE = 12,
   // GetConfigWithScid couldn't find the Server config id (kSCID).
-  SERVER_CONFIG_UNKNOWN_CONFIG_FAILURE,
+  SERVER_CONFIG_UNKNOWN_CONFIG_FAILURE = 13,
 
   // Failure reasons for an invalid source-address token.
   //
   // Missing Source-address token (kSourceAddressTokenTag) tag.
-  SOURCE_ADDRESS_TOKEN_INVALID_FAILURE = 400,
+  SOURCE_ADDRESS_TOKEN_INVALID_FAILURE = 14,
   // Unbox of Source-address token failed.
-  SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE,
+  SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE = 15,
   // Couldn't parse the unbox'ed Source-address token.
-  SOURCE_ADDRESS_TOKEN_PARSE_FAILURE,
+  SOURCE_ADDRESS_TOKEN_PARSE_FAILURE = 16,
   // Source-address token is for a different IP address.
-  SOURCE_ADDRESS_TOKEN_DIFFERENT_IP_ADDRESS_FAILURE,
+  SOURCE_ADDRESS_TOKEN_DIFFERENT_IP_ADDRESS_FAILURE = 17,
   // The difference between the time in source-address token and |now| is more
   // than |source_address_token_future_secs_|.
-  SOURCE_ADDRESS_TOKEN_CLOCK_SKEW_FAILURE,
+  SOURCE_ADDRESS_TOKEN_CLOCK_SKEW_FAILURE = 18,
   // The difference between the time in source-address token and |now| is more
   // than |source_address_token_lifetime_secs_|.
-  SOURCE_ADDRESS_TOKEN_EXPIRED_FAILURE,
+  SOURCE_ADDRESS_TOKEN_EXPIRED_FAILURE = 19,
+
+  MAX_FAILURE_REASONS,
 };
 
+// These errors will be packed into an uint32 and HANDSHAKE_OK is not used in
+// UMA histograms.
+COMPILE_ASSERT(MAX_FAILURE_REASONS <= 32, failure_reason_out_of_sync);
+
 // A CrypterPair contains the encrypter and decrypter for an encryption level.
 struct NET_EXPORT_PRIVATE CrypterPair {
   CrypterPair();