net/quic/crypto/strike_register.h - Issue 388333005: Reject reasons from strike register when nonce validation fails.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/quic/crypto/strike_register.h

Issue 388333005: Reject reasons from strike register when nonce validation fails. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Created 6 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/quic/crypto/strike_register.h

diff --git a/net/quic/crypto/strike_register.h b/net/quic/crypto/strike_register.h

index 6a69827e381c1077366957e632799e83f6eb16e0..8acc27234ccb6c461ec3074eef5efd37e0154a9e 100644

--- a/net/quic/crypto/strike_register.h

+++ b/net/quic/crypto/strike_register.h

@@ -15,6 +15,26 @@

namespace net {

+// InsertStatus enum values cannot be changed, they need to be stable.

+enum InsertStatus {

+ NONCE_OK = 0,

+ // The default error value for nonce verification failures from strike

+ // register (covers old strike registers and unknown failures).

+ NONCE_UNKNOWN_FAILURE = 1,

+ // Decrypted nonce had incorrect length.

+ NONCE_INVALID_FAILURE = 2,

+ // Nonce is not unique.

+ NONCE_NOT_UNIQUE_FAILURE = 3,

+ // Nonce's orbit is invalid or incorrect.

+ NONCE_INVALID_ORBIT_FAILURE = 4,

+ // Nonce's timestamp is not in the strike register's valid time range.

+ NONCE_INVALID_TIME_FAILURE = 5,

+ // Strike register's RPC call timed out, nonce couldn't be verified.

+ STRIKE_REGISTER_TIMEOUT = 6,

+ // Strike register is down, nonce couldn't be verified.

+ STRIKE_REGISTER_FAILURE = 7,

+};

// A StrikeRegister is critbit tree which stores a set of observed nonces.

// We use a critbit tree because:

// 1) It's immune to algorithmic complexity attacks. If we had used a hash

@@ -107,16 +127,17 @@ class NET_EXPORT_PRIVATE StrikeRegister {

// b) before the current horizon

// c) outside of the valid time window

// d) already in the set of observed nonces

- // and returns false if any of these are true. It is also free to return

- // false for other reasons as it's always safe to reject an nonce.

+ // and returns the failure reason if any of these are true. It is also free to

+ // return failure reason for other reasons as it's always safe to reject an

+ // nonce.

// nonces are:

// 4 bytes of timestamp (UNIX epoch seconds)

// 8 bytes of orbit value (a cluster id)

// 20 bytes of random data

- // Otherwise, it inserts |nonce| into the observed set and returns true.

- bool Insert(const uint8 nonce[32], uint32 current_time);

+ // Otherwise, it inserts |nonce| into the observed set and returns NONCE_OK.

+ InsertStatus Insert(const uint8 nonce[32], uint32 current_time);

// orbit returns a pointer to the 8-byte orbit value for this

// strike-register.

« net/quic/crypto/quic_crypto_server_config.cc ('K') | « net/quic/crypto/quic_crypto_server_config.cc ('k') | net/quic/crypto/strike_register.cc » ('j') | no next file with comments »