| Index: net/quic/crypto/crypto_handshake.h
|
| diff --git a/net/quic/crypto/crypto_handshake.h b/net/quic/crypto/crypto_handshake.h
|
| index c5c90320a4c5b39f6d85654da1d715a2bd7b0a4b..3839a2154656f69617d593249347cd8cb094fb45 100644
|
| --- a/net/quic/crypto/crypto_handshake.h
|
| +++ b/net/quic/crypto/crypto_handshake.h
|
| @@ -26,49 +26,54 @@ enum HandshakeFailureReason {
|
|
|
| // Failure reasons for an invalid client nonce in CHLO.
|
| //
|
| + // The default error value for nonce verification failures from strike
|
| + // register (covers old strike registers and unknown failures).
|
| + CLIENT_NONCE_UNKNOWN_FAILURE = 1,
|
| // Client nonce had incorrect length.
|
| - CLIENT_NONCE_INVALID_FAILURE = 1,
|
| + CLIENT_NONCE_INVALID_FAILURE = 2,
|
| // Client nonce is not unique.
|
| - CLIENT_NONCE_NOT_UNIQUE_FAILURE = 2,
|
| + CLIENT_NONCE_NOT_UNIQUE_FAILURE = 3,
|
| // Client orbit is invalid or incorrect.
|
| - CLIENT_NONCE_INVALID_ORBIT_FAILURE = 3,
|
| + CLIENT_NONCE_INVALID_ORBIT_FAILURE = 4,
|
| // Client nonce's timestamp is not in the strike register's valid time range.
|
| - CLIENT_NONCE_INVALID_TIME_FAILURE = 4,
|
| - // Client nonce verification has failed because strike register is down.
|
| - CLIENT_NONCE_NO_STRIKE_REGISTER_FAILURE = 5,
|
| + CLIENT_NONCE_INVALID_TIME_FAILURE = 5,
|
| + // Strike register's RPC call timed out, client nonce couldn't be verified.
|
| + CLIENT_NONCE_STRIKE_REGISTER_TIMEOUT = 6,
|
| + // Strike register is down, client nonce couldn't be verified.
|
| + CLIENT_NONCE_STRIKE_REGISTER_FAILURE = 7,
|
|
|
| // Failure reasons for an invalid server nonce in CHLO.
|
| //
|
| // Unbox of server nonce failed.
|
| - SERVER_NONCE_DECRYPTION_FAILURE = 6,
|
| + SERVER_NONCE_DECRYPTION_FAILURE = 8,
|
| // Decrypted server nonce had incorrect length.
|
| - SERVER_NONCE_INVALID_FAILURE = 7,
|
| + SERVER_NONCE_INVALID_FAILURE = 9,
|
| // Server nonce is not unique.
|
| - SERVER_NONCE_NOT_UNIQUE_FAILURE = 8,
|
| + SERVER_NONCE_NOT_UNIQUE_FAILURE = 10,
|
| // Server nonce's timestamp is not in the strike register's valid time range.
|
| - SERVER_NONCE_INVALID_TIME_FAILURE = 9,
|
| + SERVER_NONCE_INVALID_TIME_FAILURE = 11,
|
|
|
| // Failure reasons for an invalid server config in CHLO.
|
| //
|
| // Missing Server config id (kSCID) tag.
|
| - SERVER_CONFIG_INCHOATE_HELLO_FAILURE = 10,
|
| + SERVER_CONFIG_INCHOATE_HELLO_FAILURE = 12,
|
| // Couldn't find the Server config id (kSCID).
|
| - SERVER_CONFIG_UNKNOWN_CONFIG_FAILURE = 11,
|
| + SERVER_CONFIG_UNKNOWN_CONFIG_FAILURE = 13,
|
|
|
| // Failure reasons for an invalid source-address token.
|
| //
|
| // Missing Source-address token (kSourceAddressTokenTag) tag.
|
| - SOURCE_ADDRESS_TOKEN_INVALID_FAILURE = 12,
|
| + SOURCE_ADDRESS_TOKEN_INVALID_FAILURE = 14,
|
| // Unbox of Source-address token failed.
|
| - SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE = 13,
|
| + SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE = 15,
|
| // Couldn't parse the unbox'ed Source-address token.
|
| - SOURCE_ADDRESS_TOKEN_PARSE_FAILURE = 14,
|
| + SOURCE_ADDRESS_TOKEN_PARSE_FAILURE = 16,
|
| // Source-address token is for a different IP address.
|
| - SOURCE_ADDRESS_TOKEN_DIFFERENT_IP_ADDRESS_FAILURE = 15,
|
| + SOURCE_ADDRESS_TOKEN_DIFFERENT_IP_ADDRESS_FAILURE = 17,
|
| // The source-address token has a timestamp in the future.
|
| - SOURCE_ADDRESS_TOKEN_CLOCK_SKEW_FAILURE = 16,
|
| + SOURCE_ADDRESS_TOKEN_CLOCK_SKEW_FAILURE = 18,
|
| // The source-address token has expired.
|
| - SOURCE_ADDRESS_TOKEN_EXPIRED_FAILURE = 17,
|
| + SOURCE_ADDRESS_TOKEN_EXPIRED_FAILURE = 19,
|
|
|
| MAX_FAILURE_REASON,
|
| };
|
|
|
Chromium Code Reviews
Issue 388333005:
Reject reasons from strike register when nonce validation fails. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src