QUIC - minor reorg of QuicCryptoClientStream::DoHandshakeLoop.

net/quic/quic_crypto_client_stream.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/quic/quic_crypto_client_stream.h"
 
 #include "base/metrics/histogram.h"
 #include "net/quic/crypto/crypto_protocol.h"
 #include "net/quic/crypto/crypto_utils.h"
 #include "net/quic/crypto/null_encrypter.h"
@@ skipping 157 matching lines @@
 
 // kMaxClientHellos is the maximum number of times that we'll send a client
 // hello. The value 3 accounts for:
 //   * One failure due to an incorrect or missing source-address token.
 //   * One failure due the server's certificate chain being unavailible and the
 //     server being unwilling to send it without a valid source-address token.
 static const int kMaxClientHellos = 3;
 
 void QuicCryptoClientStream::DoHandshakeLoop(
     const CryptoHandshakeMessage* in) {
-  CryptoHandshakeMessage out;
-  QuicErrorCode error;
-  string error_details;
   QuicCryptoClientConfig::CachedState* cached =
       crypto_config_->LookupOrCreate(server_id_);
 
   for (;;) {
     const State state = next_state_;
     next_state_ = STATE_IDLE;
     switch (state) {
-      case STATE_INITIALIZE: {
-        if (!cached->IsEmpty() && !cached->signature().empty() &&
-            server_id_.is_https()) {
-          // Note that we verify the proof even if the cached proof is valid.
-          // This allows us to respond to CA trust changes or certificate
-          // expiration because it may have been a while since we last verified
-          // the proof.
-          DCHECK(crypto_config_->proof_verifier());
-          // If the cached state needs to be verified, do it now.
-          next_state_ = STATE_VERIFY_PROOF;
-        } else {
-          next_state_ = STATE_GET_CHANNEL_ID;
-        }
+      case STATE_INITIALIZE:
+        DoInitialize(cached);
         break;
-      }
-      case STATE_SEND_CHLO: {
-        // Send the client hello in plaintext.
-        session()->connection()->SetDefaultEncryptionLevel(ENCRYPTION_NONE);
-        if (num_client_hellos_ > kMaxClientHellos) {
-          CloseConnection(QUIC_CRYPTO_TOO_MANY_REJECTS);
-          return;
-        }
-        num_client_hellos_++;
-
-        if (!cached->IsComplete(session()->connection()->clock()->WallNow())) {
-          crypto_config_->FillInchoateClientHello(
-              server_id_,
-              session()->connection()->supported_versions().front(),
-              cached, &crypto_negotiated_params_, &out);
-          // Pad the inchoate client hello to fill up a packet.
-          const size_t kFramingOverhead = 50;  // A rough estimate.
-          const size_t max_packet_size =
-              session()->connection()->max_packet_length();
-          if (max_packet_size <= kFramingOverhead) {
-            DLOG(DFATAL) << "max_packet_length (" << max_packet_size
-                         << ") has no room for framing overhead.";
-            CloseConnection(QUIC_INTERNAL_ERROR);
-            return;
-          }
-          if (kClientHelloMinimumSize > max_packet_size - kFramingOverhead) {
-            DLOG(DFATAL) << "Client hello won't fit in a single packet.";
-            CloseConnection(QUIC_INTERNAL_ERROR);
-            return;
-          }
-          out.set_minimum_size(max_packet_size - kFramingOverhead);
-          next_state_ = STATE_RECV_REJ;
-          SendHandshakeMessage(out);
-          return;
-        }
-        session()->config()->ToHandshakeMessage(&out);
-        error = crypto_config_->FillClientHello(
-            server_id_,
-            session()->connection()->connection_id(),
-            session()->connection()->supported_versions().front(),
-            cached,
-            session()->connection()->clock()->WallNow(),
-            session()->connection()->random_generator(),
-            channel_id_key_.get(),
-            &crypto_negotiated_params_,
-            &out,
-            &error_details);
-        if (error != QUIC_NO_ERROR) {
-          // Flush the cached config so that, if it's bad, the server has a
-          // chance to send us another in the future.
-          cached->InvalidateServerConfig();
-          CloseConnectionWithDetails(error, error_details);
-          return;
-        }
-        channel_id_sent_ = (channel_id_key_.get() != NULL);
-        if (cached->proof_verify_details()) {
-          client_session()->OnProofVerifyDetailsAvailable(
-              *cached->proof_verify_details());
-        }
-        next_state_ = STATE_RECV_SHLO;
-        SendHandshakeMessage(out);
-        // Be prepared to decrypt with the new server write key.
-        session()->connection()->SetAlternativeDecrypter(
-            crypto_negotiated_params_.initial_crypters.decrypter.release(),
-            ENCRYPTION_INITIAL,
-            true /* latch once used */);
-        // Send subsequent packets under encryption on the assumption that the
-        // server will accept the handshake.
-        session()->connection()->SetEncrypter(
-            ENCRYPTION_INITIAL,
-            crypto_negotiated_params_.initial_crypters.encrypter.release());
-        session()->connection()->SetDefaultEncryptionLevel(
-            ENCRYPTION_INITIAL);
-        if (!encryption_established_) {
-          encryption_established_ = true;
-          session()->OnCryptoHandshakeEvent(
-              QuicSession::ENCRYPTION_FIRST_ESTABLISHED);
-        } else {
-          session()->OnCryptoHandshakeEvent(
-              QuicSession::ENCRYPTION_REESTABLISHED);
-        }
+      case STATE_SEND_CHLO:
+        DoSendCHLO(in, cached);
         return;
-      }
       case STATE_RECV_REJ:
-        // We sent a dummy CHLO because we didn't have enough information to
-        // perform a handshake, or we sent a full hello that the server
-        // rejected. Here we hope to have a REJ that contains the information
-        // that we need.
-        if (in->tag() != kREJ) {
-          CloseConnectionWithDetails(QUIC_INVALID_CRYPTO_MESSAGE_TYPE,
-                                     "Expected REJ");
-          return;
-        }
-        error = crypto_config_->ProcessRejection(
-            *in, session()->connection()->clock()->WallNow(), cached,
-            server_id_.is_https(), &crypto_negotiated_params_, &error_details);
-        if (error != QUIC_NO_ERROR) {
-          CloseConnectionWithDetails(error, error_details);
-          return;
-        }
-        if (!cached->proof_valid()) {
-          if (!server_id_.is_https()) {
-            // We don't check the certificates for insecure QUIC connections.
-            SetCachedProofValid(cached);
-          } else if (!cached->signature().empty()) {
-            // Note that we only verify the proof if the cached proof is not
-            // valid. If the cached proof is valid here, someone else must have
-            // just added the server config to the cache and verified the proof,
-            // so we can assume no CA trust changes or certificate expiration
-            // has happened since then.
-            next_state_ = STATE_VERIFY_PROOF;
-            break;
-          }
-        }
-        next_state_ = STATE_GET_CHANNEL_ID;
+        DoReceiveREJ(in, cached);
         break;
       case STATE_VERIFY_PROOF: {
         if (QUIC_PENDING == DoVerifyProof(cached)) {
           return;
         }
         break;
       }
       case STATE_VERIFY_PROOF_COMPLETE:
-        if (QUIC_PROOF_INVALID == DoVerifyProofComplete(cached)) {
-          return;
-        }
+        DoVerifyProofComplete(cached);
         break;
       case STATE_GET_CHANNEL_ID: {
-        next_state_ = STATE_GET_CHANNEL_ID_COMPLETE;
-        channel_id_key_.reset();
-        if (!RequiresChannelID(cached)) {
-          next_state_ = STATE_SEND_CHLO;
-          break;
-        }
-
-        ChannelIDSourceCallbackImpl* channel_id_source_callback =
-            new ChannelIDSourceCallbackImpl(this);
-        QuicAsyncStatus status =
-            crypto_config_->channel_id_source()->GetChannelIDKey(
-                server_id_.host(), &channel_id_key_,
-                channel_id_source_callback);
-
-        switch (status) {
-          case QUIC_PENDING:
-            channel_id_source_callback_ = channel_id_source_callback;
-            DVLOG(1) << "Looking up channel ID";
-            return;
-          case QUIC_FAILURE:
-            delete channel_id_source_callback;
-            CloseConnectionWithDetails(QUIC_INVALID_CHANNEL_ID_SIGNATURE,
-                                       "Channel ID lookup failed");
-            return;
-          case QUIC_SUCCESS:
-            delete channel_id_source_callback;
-            break;
+        if (QUIC_SUCCESS != DoGetChannelID(cached)) {

[agl, 2014/09/19 17:26:52]

In other cases you have changed returns into next_state_ = STATE_DONE. Why is
this one different?

[ramant (doing other things), 2014/09/19 21:25:25]

In DoGetChannelID and DoVerifyProof we shouldn't modify next_state_ to
STATE_DONE when there is IO_PENDING (next_state_ should remain as ...COMPLETE).

Need to change for loop to exit if the return value is ERR_IO_PENDING and we
could change DoGetChannelID and DoVerifyProof to return ERR_IO_PENDING when it
wants to exit from the for loop, but leave the next_state_ as ...COMPLETE. (I
hadn't modified the forever for loop in this CL). 

I am not feeling well. Will modify the code and upload it asap.

thanks,
raman

+          return;
         }
         break;
       }
       case STATE_GET_CHANNEL_ID_COMPLETE:
-        if (!channel_id_key_.get()) {
-          CloseConnectionWithDetails(QUIC_INVALID_CHANNEL_ID_SIGNATURE,
-                                     "Channel ID lookup failed");
-          return;
-        }
-        next_state_ = STATE_SEND_CHLO;
+        DoGetChannelIDComplete();
         break;
-      case STATE_RECV_SHLO: {
-        // We sent a CHLO that we expected to be accepted and now we're hoping
-        // for a SHLO from the server to confirm that.
-        if (in->tag() == kREJ) {
-          // alternative_decrypter will be NULL if the original alternative
-          // decrypter latched and became the primary decrypter. That happens
-          // if we received a message encrypted with the INITIAL key.
-          if (session()->connection()->alternative_decrypter() == NULL) {
-            // The rejection was sent encrypted!
-            CloseConnectionWithDetails(QUIC_CRYPTO_ENCRYPTION_LEVEL_INCORRECT,
-                                       "encrypted REJ message");
-            return;
-          }
-          next_state_ = STATE_RECV_REJ;
-          break;
-        }
-        if (in->tag() != kSHLO) {
-          CloseConnectionWithDetails(QUIC_INVALID_CRYPTO_MESSAGE_TYPE,
-                                     "Expected SHLO or REJ");
-          return;
-        }
-        // alternative_decrypter will be NULL if the original alternative
-        // decrypter latched and became the primary decrypter. That happens
-        // if we received a message encrypted with the INITIAL key.
-        if (session()->connection()->alternative_decrypter() != NULL) {
-          // The server hello was sent without encryption.
-          CloseConnectionWithDetails(QUIC_CRYPTO_ENCRYPTION_LEVEL_INCORRECT,
-                                     "unencrypted SHLO message");
-          return;
-        }
-        error = crypto_config_->ProcessServerHello(
-            *in, session()->connection()->connection_id(),
-            session()->connection()->server_supported_versions(),
-            cached, &crypto_negotiated_params_, &error_details);
-
-        if (error != QUIC_NO_ERROR) {
-          CloseConnectionWithDetails(
-              error, "Server hello invalid: " + error_details);
-          return;
-        }
-        error =
-            session()->config()->ProcessPeerHello(*in, SERVER, &error_details);
-        if (error != QUIC_NO_ERROR) {
-          CloseConnectionWithDetails(
-              error, "Server hello invalid: " + error_details);
-          return;
-        }
-        session()->OnConfigNegotiated();
-
-        CrypterPair* crypters =
-            &crypto_negotiated_params_.forward_secure_crypters;
-        // TODO(agl): we don't currently latch this decrypter because the idea
-        // has been floated that the server shouldn't send packets encrypted
-        // with the FORWARD_SECURE key until it receives a FORWARD_SECURE
-        // packet from the client.
-        session()->connection()->SetAlternativeDecrypter(
-            crypters->decrypter.release(), ENCRYPTION_FORWARD_SECURE,
-            false /* don't latch */);
-        session()->connection()->SetEncrypter(
-            ENCRYPTION_FORWARD_SECURE, crypters->encrypter.release());
-        session()->connection()->SetDefaultEncryptionLevel(
-            ENCRYPTION_FORWARD_SECURE);
-
-        handshake_confirmed_ = true;
-        session()->OnCryptoHandshakeEvent(QuicSession::HANDSHAKE_CONFIRMED);
-        session()->connection()->OnHandshakeComplete();
-        return;
-      }
+      case STATE_RECV_SHLO:
+        DoReceiveSHLO(in, cached);
+        break;
       case STATE_IDLE:
         // This means that the peer sent us a message that we weren't expecting.
         CloseConnection(QUIC_INVALID_CRYPTO_MESSAGE_TYPE);
         return;
       case STATE_INITIALIZE_SCUP:
         DoInitializeServerConfigUpdate(cached);
         break;
-      case STATE_VERIFY_PROOF_DONE:
+      case STATE_DONE:
         return;  // We are done.
     }
   }
 }
 
-void QuicCryptoClientStream::DoInitializeServerConfigUpdate(
+void QuicCryptoClientStream::DoInitialize(
     QuicCryptoClientConfig::CachedState* cached) {
-  if (!server_id_.is_https()) {
-    // We don't check the certificates for insecure QUIC connections.
-    SetCachedProofValid(cached);
-    next_state_ = STATE_VERIFY_PROOF_DONE;
+  if (!cached->IsEmpty() && !cached->signature().empty() &&
+      server_id_.is_https()) {
+    // Note that we verify the proof even if the cached proof is valid.
+    // This allows us to respond to CA trust changes or certificate
+    // expiration because it may have been a while since we last verified
+    // the proof.
+    DCHECK(crypto_config_->proof_verifier());
+    // If the cached state needs to be verified, do it now.
+    next_state_ = STATE_VERIFY_PROOF;
+  } else {
+    next_state_ = STATE_GET_CHANNEL_ID;
+  }
+}
+
+void QuicCryptoClientStream::DoSendCHLO(
+    const CryptoHandshakeMessage* in,
+    QuicCryptoClientConfig::CachedState* cached) {
+  // Send the client hello in plaintext.
+  session()->connection()->SetDefaultEncryptionLevel(ENCRYPTION_NONE);
+  if (num_client_hellos_ > kMaxClientHellos) {
+    CloseConnection(QUIC_CRYPTO_TOO_MANY_REJECTS);
     return;
   }
-  if (!cached->IsEmpty() && !cached->signature().empty()) {
-    // Note that we verify the proof even if the cached proof is valid.
-    DCHECK(crypto_config_->proof_verifier());
-    next_state_ = STATE_VERIFY_PROOF;
+  num_client_hellos_++;
+
+  CryptoHandshakeMessage out;
+  if (!cached->IsComplete(session()->connection()->clock()->WallNow())) {
+    crypto_config_->FillInchoateClientHello(
+        server_id_,
+        session()->connection()->supported_versions().front(),
+        cached, &crypto_negotiated_params_, &out);
+    // Pad the inchoate client hello to fill up a packet.
+    const size_t kFramingOverhead = 50;  // A rough estimate.
+    const size_t max_packet_size =
+        session()->connection()->max_packet_length();
+    if (max_packet_size <= kFramingOverhead) {
+      DLOG(DFATAL) << "max_packet_length (" << max_packet_size
+                   << ") has no room for framing overhead.";
+      CloseConnection(QUIC_INTERNAL_ERROR);
+      return;
+    }
+    if (kClientHelloMinimumSize > max_packet_size - kFramingOverhead) {
+      DLOG(DFATAL) << "Client hello won't fit in a single packet.";
+      CloseConnection(QUIC_INTERNAL_ERROR);
+      return;
+    }
+    out.set_minimum_size(max_packet_size - kFramingOverhead);
+    next_state_ = STATE_RECV_REJ;
+    SendHandshakeMessage(out);
+    return;
   }
+
+  session()->config()->ToHandshakeMessage(&out);
+  string error_details;
+  QuicErrorCode error = crypto_config_->FillClientHello(
+      server_id_,
+      session()->connection()->connection_id(),
+      session()->connection()->supported_versions().front(),
+      cached,
+      session()->connection()->clock()->WallNow(),
+      session()->connection()->random_generator(),
+      channel_id_key_.get(),
+      &crypto_negotiated_params_,
+      &out,
+      &error_details);
+  if (error != QUIC_NO_ERROR) {
+    // Flush the cached config so that, if it's bad, the server has a
+    // chance to send us another in the future.
+    cached->InvalidateServerConfig();
+    CloseConnectionWithDetails(error, error_details);
+    return;
+  }
+  channel_id_sent_ = (channel_id_key_.get() != NULL);
+  if (cached->proof_verify_details()) {
+    client_session()->OnProofVerifyDetailsAvailable(
+        *cached->proof_verify_details());
+  }
+  next_state_ = STATE_RECV_SHLO;
+  SendHandshakeMessage(out);
+  // Be prepared to decrypt with the new server write key.
+  session()->connection()->SetAlternativeDecrypter(
+      crypto_negotiated_params_.initial_crypters.decrypter.release(),
+      ENCRYPTION_INITIAL,
+      true /* latch once used */);
+  // Send subsequent packets under encryption on the assumption that the
+  // server will accept the handshake.
+  session()->connection()->SetEncrypter(
+      ENCRYPTION_INITIAL,
+      crypto_negotiated_params_.initial_crypters.encrypter.release());
+  session()->connection()->SetDefaultEncryptionLevel(
+      ENCRYPTION_INITIAL);
+  if (!encryption_established_) {
+    encryption_established_ = true;
+    session()->OnCryptoHandshakeEvent(
+        QuicSession::ENCRYPTION_FIRST_ESTABLISHED);
+  } else {
+    session()->OnCryptoHandshakeEvent(
+        QuicSession::ENCRYPTION_REESTABLISHED);
+  }
+}
+
+void QuicCryptoClientStream::DoReceiveREJ(
+    const CryptoHandshakeMessage* in,
+    QuicCryptoClientConfig::CachedState* cached) {
+  // We sent a dummy CHLO because we didn't have enough information to
+  // perform a handshake, or we sent a full hello that the server
+  // rejected. Here we hope to have a REJ that contains the information
+  // that we need.
+  if (in->tag() != kREJ) {
+    next_state_ = STATE_DONE;
+    CloseConnectionWithDetails(QUIC_INVALID_CRYPTO_MESSAGE_TYPE,
+                               "Expected REJ");
+    return;
+  }
+  string error_details;
+  QuicErrorCode error = crypto_config_->ProcessRejection(
+      *in, session()->connection()->clock()->WallNow(), cached,
+      server_id_.is_https(), &crypto_negotiated_params_, &error_details);
+  if (error != QUIC_NO_ERROR) {
+    next_state_ = STATE_DONE;
+    CloseConnectionWithDetails(error, error_details);
+    return;
+  }
+  if (!cached->proof_valid()) {
+    if (!server_id_.is_https()) {
+      // We don't check the certificates for insecure QUIC connections.
+      SetCachedProofValid(cached);
+    } else if (!cached->signature().empty()) {
+      // Note that we only verify the proof if the cached proof is not
+      // valid. If the cached proof is valid here, someone else must have
+      // just added the server config to the cache and verified the proof,
+      // so we can assume no CA trust changes or certificate expiration
+      // has happened since then.
+      next_state_ = STATE_VERIFY_PROOF;
+      return;
+    }
+  }
+  next_state_ = STATE_GET_CHANNEL_ID;
 }
 
 QuicAsyncStatus QuicCryptoClientStream::DoVerifyProof(
     QuicCryptoClientConfig::CachedState* cached) {
   ProofVerifier* verifier = crypto_config_->proof_verifier();
   DCHECK(verifier);
   next_state_ = STATE_VERIFY_PROOF_COMPLETE;
   generation_counter_ = cached->generation_counter();
 
   ProofVerifierCallbackImpl* proof_verify_callback =
@@ skipping 20 matching lines @@
       delete proof_verify_callback;
       break;
     case QUIC_SUCCESS:
       delete proof_verify_callback;
       verify_ok_ = true;
       break;
   }
   return status;
 }
 
-QuicErrorCode QuicCryptoClientStream::DoVerifyProofComplete(
+void QuicCryptoClientStream::DoVerifyProofComplete(
     QuicCryptoClientConfig::CachedState* cached) {
   if (!verify_ok_) {
+    next_state_ = STATE_DONE;
     client_session()->OnProofVerifyDetailsAvailable(*verify_details_);
     UMA_HISTOGRAM_BOOLEAN("Net.QuicVerifyProofFailed.HandshakeConfirmed",
                           handshake_confirmed());
     CloseConnectionWithDetails(
         QUIC_PROOF_INVALID, "Proof invalid: " + verify_error_details_);
-    return QUIC_PROOF_INVALID;
+    return;
   }
 
   // Check if generation_counter has changed between STATE_VERIFY_PROOF and
   // STATE_VERIFY_PROOF_COMPLETE state changes.
   if (generation_counter_ != cached->generation_counter()) {
     next_state_ = STATE_VERIFY_PROOF;
   } else {
     SetCachedProofValid(cached);
     cached->SetProofVerifyDetails(verify_details_.release());
     if (!handshake_confirmed()) {
       next_state_ = STATE_GET_CHANNEL_ID;
     } else {
-      next_state_ = STATE_VERIFY_PROOF_DONE;
+      next_state_ = STATE_DONE;
     }
   }
-  return QUIC_NO_ERROR;
+}
+
+QuicAsyncStatus QuicCryptoClientStream::DoGetChannelID(
+    QuicCryptoClientConfig::CachedState* cached) {
+  next_state_ = STATE_GET_CHANNEL_ID_COMPLETE;
+  channel_id_key_.reset();
+  if (!RequiresChannelID(cached)) {
+    next_state_ = STATE_SEND_CHLO;
+    return QUIC_SUCCESS;
+  }
+
+  ChannelIDSourceCallbackImpl* channel_id_source_callback =
+      new ChannelIDSourceCallbackImpl(this);
+  QuicAsyncStatus status =
+      crypto_config_->channel_id_source()->GetChannelIDKey(
+          server_id_.host(), &channel_id_key_,
+          channel_id_source_callback);
+
+  switch (status) {
+    case QUIC_PENDING:
+      channel_id_source_callback_ = channel_id_source_callback;
+      DVLOG(1) << "Looking up channel ID";
+      break;
+    case QUIC_FAILURE:
+      delete channel_id_source_callback;
+      CloseConnectionWithDetails(QUIC_INVALID_CHANNEL_ID_SIGNATURE,
+                                 "Channel ID lookup failed");
+      break;
+    case QUIC_SUCCESS:
+      delete channel_id_source_callback;
+      break;
+  }
+  return status;
+}
+
+void QuicCryptoClientStream::DoGetChannelIDComplete() {
+  if (!channel_id_key_.get()) {
+    next_state_ = STATE_DONE;
+    CloseConnectionWithDetails(QUIC_INVALID_CHANNEL_ID_SIGNATURE,
+                               "Channel ID lookup failed");
+  } else {
+    next_state_ = STATE_SEND_CHLO;
+  }
+}
+
+void QuicCryptoClientStream::DoReceiveSHLO(
+    const CryptoHandshakeMessage* in,
+    QuicCryptoClientConfig::CachedState* cached) {
+  // We sent a CHLO that we expected to be accepted and now we're hoping
+  // for a SHLO from the server to confirm that.
+  if (in->tag() == kREJ) {
+    // alternative_decrypter will be NULL if the original alternative
+    // decrypter latched and became the primary decrypter. That happens
+    // if we received a message encrypted with the INITIAL key.
+    if (session()->connection()->alternative_decrypter() == NULL) {
+      next_state_ = STATE_DONE;
+      // The rejection was sent encrypted!
+      CloseConnectionWithDetails(QUIC_CRYPTO_ENCRYPTION_LEVEL_INCORRECT,
+                                 "encrypted REJ message");
+      return;
+    }
+    next_state_ = STATE_RECV_REJ;
+    return;
+  }
+
+  next_state_ = STATE_DONE;
+  if (in->tag() != kSHLO) {
+    CloseConnectionWithDetails(QUIC_INVALID_CRYPTO_MESSAGE_TYPE,
+                               "Expected SHLO or REJ");
+    return;
+  }
+
+  // alternative_decrypter will be NULL if the original alternative
+  // decrypter latched and became the primary decrypter. That happens
+  // if we received a message encrypted with the INITIAL key.
+  if (session()->connection()->alternative_decrypter() != NULL) {
+    // The server hello was sent without encryption.
+    CloseConnectionWithDetails(QUIC_CRYPTO_ENCRYPTION_LEVEL_INCORRECT,
+                               "unencrypted SHLO message");
+    return;
+  }
+
+  string error_details;
+  QuicErrorCode error = crypto_config_->ProcessServerHello(
+      *in, session()->connection()->connection_id(),
+      session()->connection()->server_supported_versions(),
+      cached, &crypto_negotiated_params_, &error_details);
+
+  if (error != QUIC_NO_ERROR) {
+    CloseConnectionWithDetails(error, "Server hello invalid: " + error_details);
+    return;
+  }
+  error = session()->config()->ProcessPeerHello(*in, SERVER, &error_details);
+  if (error != QUIC_NO_ERROR) {
+    CloseConnectionWithDetails(error, "Server hello invalid: " + error_details);
+    return;
+  }
+  session()->OnConfigNegotiated();
+
+  CrypterPair* crypters = &crypto_negotiated_params_.forward_secure_crypters;
+  // TODO(agl): we don't currently latch this decrypter because the idea
+  // has been floated that the server shouldn't send packets encrypted
+  // with the FORWARD_SECURE key until it receives a FORWARD_SECURE
+  // packet from the client.
+  session()->connection()->SetAlternativeDecrypter(
+      crypters->decrypter.release(), ENCRYPTION_FORWARD_SECURE,
+      false /* don't latch */);
+  session()->connection()->SetEncrypter(
+      ENCRYPTION_FORWARD_SECURE, crypters->encrypter.release());
+  session()->connection()->SetDefaultEncryptionLevel(
+      ENCRYPTION_FORWARD_SECURE);
+
+  handshake_confirmed_ = true;
+  session()->OnCryptoHandshakeEvent(QuicSession::HANDSHAKE_CONFIRMED);
+  session()->connection()->OnHandshakeComplete();
+}
+
+void QuicCryptoClientStream::DoInitializeServerConfigUpdate(
+    QuicCryptoClientConfig::CachedState* cached) {
+  if (!server_id_.is_https()) {
+    // We don't check the certificates for insecure QUIC connections.
+    SetCachedProofValid(cached);
+    next_state_ = STATE_DONE;
+    return;
+  }
+  if (!cached->IsEmpty() && !cached->signature().empty()) {
+    // Note that we verify the proof even if the cached proof is valid.
+    DCHECK(crypto_config_->proof_verifier());
+    next_state_ = STATE_VERIFY_PROOF;
+    return;
+  }
+  UMA_HISTOGRAM_COUNTS("Net.QuicNumServerConfigUpdateMessagesIgnored", 1);
+  next_state_ = STATE_DONE;
 }
 
 void QuicCryptoClientStream::SetCachedProofValid(
     QuicCryptoClientConfig::CachedState* cached) {
   cached->SetProofValid();
   client_session()->OnProofValid(*cached);
 }
 
 bool QuicCryptoClientStream::RequiresChannelID(
     QuicCryptoClientConfig::CachedState* cached) {
@@ skipping 18 matching lines @@
     }
   }
   return false;
 }
 
 QuicClientSessionBase* QuicCryptoClientStream::client_session() {
   return reinterpret_cast<QuicClientSessionBase*>(session());
 }
 
 }  // namespace net