Reject reasons from strike register when nonce validation fails.

net/quic/crypto/strike_register.h

 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef NET_QUIC_CRYPTO_STRIKE_REGISTER_H_
 #define NET_QUIC_CRYPTO_STRIKE_REGISTER_H_
 
 #include <set>
 #include <utility>
 #include <vector>
 
 #include "base/basictypes.h"
 #include "base/memory/scoped_ptr.h"
 #include "net/base/net_export.h"
 
 namespace net {
 
+// InsertStatus enum values cannot be changed, they need to be stable.
+enum InsertStatus {
+  NONCE_OK = 0,
+  // The default error value for nonce verification failures from strike
+  // register (covers old strike registers and unknown failures).
+  NONCE_UNKNOWN_FAILURE = 1,
+  // Decrypted nonce had incorrect length.
+  NONCE_INVALID_FAILURE = 2,
+  // Nonce is not unique.
+  NONCE_NOT_UNIQUE_FAILURE = 3,
+  // Nonce's orbit is invalid or incorrect.
+  NONCE_INVALID_ORBIT_FAILURE = 4,
+  // Nonce's timestamp is not in the strike register's valid time range.
+  NONCE_INVALID_TIME_FAILURE = 5,
+  // Strike register's RPC call timed out, nonce couldn't be verified.
+  STRIKE_REGISTER_TIMEOUT = 6,
+  // Strike register is down, nonce couldn't be verified.
+  STRIKE_REGISTER_FAILURE = 7,
+};
+
 // A StrikeRegister is critbit tree which stores a set of observed nonces.
 // We use a critbit tree because:
 //   1) It's immune to algorithmic complexity attacks. If we had used a hash
 //      tree, an attacker could send us a series of values which stretch out one
 //      of the hash chains, causing us to do much more work than normal.
 //   2) We can write it to use a fixed block of memory: avoiding fragmentation
 //      issues and so forth. (We might be able to do that with the STL
 //      algorithms and a custom allocator, but I don't want to go there.)
 //   3) It's simple (compared to balanced binary trees) and doesn't involve
 //      bouncing nearly as many cache lines around.
@@ skipping 72 matching lines @@
 
   ~StrikeRegister();
 
   void Reset();
 
   // |Insert| queries to see if |nonce| is
   //   a) for the wrong orbit
   //   b) before the current horizon
   //   c) outside of the valid time window
   //   d) already in the set of observed nonces
-  // and returns false if any of these are true. It is also free to return
-  // false for other reasons as it's always safe to reject an nonce.
+  // and returns the failure reason if any of these are true. It is also free to
+  // return failure reason for other reasons as it's always safe to reject an
+  // nonce.
   //
   // nonces are:
   //   4 bytes of timestamp (UNIX epoch seconds)
   //   8 bytes of orbit value (a cluster id)
   //   20 bytes of random data
   //
-  // Otherwise, it inserts |nonce| into the observed set and returns true.
-  bool Insert(const uint8 nonce[32], uint32 current_time);
+  // Otherwise, it inserts |nonce| into the observed set and returns NONCE_OK.
+  InsertStatus Insert(const uint8 nonce[32], uint32 current_time);
 
   // orbit returns a pointer to the 8-byte orbit value for this
   // strike-register.
   const uint8* orbit() const;
 
   // Time window for which the strike register has complete information.
   uint32 GetCurrentValidWindowSecs(uint32 current_time_external) const;
 
   // This is a debugging aid which checks the tree for sanity.
   void Validate();
@@ skipping 60 matching lines @@
   // this header.
   InternalNode* internal_nodes_;
   scoped_ptr<uint8[]> external_nodes_;
 
   DISALLOW_COPY_AND_ASSIGN(StrikeRegister);
 };
 
 }  // namespace net
 
 #endif  // NET_QUIC_CRYPTO_STRIKE_REGISTER_H_