QUIC: if client provides an STK which includes CachedNetworkParams, then

net/quic/crypto/quic_crypto_server_config.h

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef NET_QUIC_CRYPTO_QUIC_CRYPTO_SERVER_CONFIG_H_
 #define NET_QUIC_CRYPTO_QUIC_CRYPTO_SERVER_CONFIG_H_
 
 #include <map>
 #include <string>
 #include <vector>
@@ skipping 18 matching lines @@
 class KeyExchange;
 class ProofSource;
 class QuicClock;
 class QuicDecrypter;
 class QuicEncrypter;
 class QuicRandom;
 class QuicServerConfigProtobuf;
 class StrikeRegister;
 class StrikeRegisterClient;
 
-struct ClientHelloInfo;
+// ClientHelloInfo contains information about a client hello message that is
+// only kept for as long as it's being processed.
+struct ClientHelloInfo {
+  ClientHelloInfo(const IPEndPoint& in_client_ip, QuicWallTime in_now);
+  ~ClientHelloInfo();
+
+  // Inputs to EvaluateClientHello.
+  const IPEndPoint client_ip;
+  const QuicWallTime now;
+
+  // Outputs from EvaluateClientHello.
+  bool valid_source_address_token;
+  bool client_nonce_well_formed;
+  bool unique;
+  base::StringPiece sni;
+  base::StringPiece client_nonce;
+  base::StringPiece server_nonce;
+  base::StringPiece user_agent_id;
+
+  // Errors from EvaluateClientHello.
+  std::vector<uint32> reject_reasons;
+  COMPILE_ASSERT(sizeof(QuicTag) == sizeof(uint32), header_out_of_sync);
+};
 
 namespace test {
 class QuicCryptoServerConfigPeer;
 }  // namespace test
 
 // Hook that allows application code to subscribe to primary config changes.
 class PrimaryConfigChangedCallback {
  public:
   PrimaryConfigChangedCallback();
   virtual ~PrimaryConfigChangedCallback();
   virtual void Run(const std::string& scid) = 0;
 
  private:
   DISALLOW_COPY_AND_ASSIGN(PrimaryConfigChangedCallback);
 };
 
 // Callback used to accept the result of the |client_hello| validation step.
 class NET_EXPORT_PRIVATE ValidateClientHelloResultCallback {
  public:
   // Opaque token that holds information about the client_hello and
   // its validity.  Can be interpreted by calling ProcessClientHello.
-  struct Result;
+  struct Result {
+    Result(const CryptoHandshakeMessage& in_client_hello,
+           IPEndPoint in_client_ip,
+           QuicWallTime in_now);
+    ~Result();
+
+    CryptoHandshakeMessage client_hello;
+    ClientHelloInfo info;
+    QuicErrorCode error_code;
+    std::string error_details;
+
+    // Populated if the CHLO STK contained a CachedNetworkParameters proto.
+    CachedNetworkParameters cached_network_params;
+  };
 
   ValidateClientHelloResultCallback();
   virtual ~ValidateClientHelloResultCallback();
   void Run(const Result* result);
 
  protected:
   virtual void RunImpl(const CryptoHandshakeMessage& client_hello,
                        const Result& result) = 0;
 
  private:
@@ skipping 307 matching lines @@
       const uint8* primary_orbit,
       scoped_refptr<Config> requested_config,
       ValidateClientHelloResultCallback::Result* client_hello_state,
       ValidateClientHelloResultCallback* done_cb) const;
 
   // BuildRejection sets |out| to be a REJ message in reply to |client_hello|.
   void BuildRejection(
       const Config& config,
       const CryptoHandshakeMessage& client_hello,
       const ClientHelloInfo& info,
+      const CachedNetworkParameters& cached_network_params,
       QuicRandom* rand,
       QuicCryptoNegotiatedParameters *params,
       CryptoHandshakeMessage* out) const;
 
   // ParseConfigProtobuf parses the given config protobuf and returns a
   // scoped_refptr<Config> if successful. The caller adopts the reference to the
   // Config. On error, ParseConfigProtobuf returns nullptr.
   scoped_refptr<Config> ParseConfigProtobuf(QuicServerConfigProtobuf* protobuf);
 
   // NewSourceAddressToken returns a fresh source address token for the given
   // IP address. |cached_network_params| is optional, and can be nullptr.
   std::string NewSourceAddressToken(
       const Config& config,
       const IPEndPoint& ip,
       QuicRandom* rand,
       QuicWallTime now,
       const CachedNetworkParameters* cached_network_params) const;
 
   // ValidateSourceAddressToken returns HANDSHAKE_OK if the source address token
   // in |token| is a valid and timely token for the IP address |ip| given that
   // the current time is |now|. Otherwise it returns the reason for failure.
-  HandshakeFailureReason ValidateSourceAddressToken(const Config& config,
-                                                    base::StringPiece token,
-                                                    const IPEndPoint& ip,
-                                                    QuicWallTime now) const;
+  // |cached_network_params| is populated if |token| contains a
+  // CachedNetworkParameters proto.
+  HandshakeFailureReason ValidateSourceAddressToken(
+      const Config& config,
+      base::StringPiece token,
+      const IPEndPoint& ip,
+      QuicWallTime now,
+      CachedNetworkParameters* cached_network_params) const;
 
   // NewServerNonce generates and encrypts a random nonce.
   std::string NewServerNonce(QuicRandom* rand, QuicWallTime now) const;
 
   // ValidateServerNonce decrypts |token| and verifies that it hasn't been
   // previously used and is recent enough that it is plausible that it was part
   // of a very recently provided rejection ("recent" will be on the order of
   // 10-30 seconds). If so, it records that it has been used and returns
   // HANDSHAKE_OK. Otherwise it returns the reason for failure.
   HandshakeFailureReason ValidateServerNonce(
@@ skipping 64 matching lines @@
   uint32 source_address_token_lifetime_secs_;
   uint32 server_nonce_strike_register_max_entries_;
   uint32 server_nonce_strike_register_window_secs_;
 
   DISALLOW_COPY_AND_ASSIGN(QuicCryptoServerConfig);
 };
 
 }  // namespace net
 
 #endif  // NET_QUIC_CRYPTO_QUIC_CRYPTO_SERVER_CONFIG_H_