Update from https://crrev.com/309415

net/quic/crypto/quic_crypto_server_config.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/quic/crypto/quic_crypto_server_config.h"
 
 #include <stdlib.h>
 #include <algorithm>
 
 #include "base/stl_util.h"
@@ skipping 32 matching lines @@
 using crypto::SecureHash;
 using std::map;
 using std::sort;
 using std::string;
 using std::vector;
 
 namespace net {
 
 namespace {
 
+const size_t kMaxTokenAddresses = 4;
+
 string DeriveSourceAddressTokenKey(StringPiece source_address_token_secret) {
   crypto::HKDF hkdf(source_address_token_secret,
                     StringPiece() /* no salt */,
                     "QUIC source address token key",
                     CryptoSecretBoxer::GetKeySize(),
                     0 /* no fixed IV needed */,
                     0 /* no subkey secret */);
   return hkdf.server_write_key().as_string();
 }
 
@@ skipping 695 matching lines @@
     return QUIC_CRYPTO_SYMMETRIC_KEY_SETUP_FAILED;
   }
 
   out->set_tag(kSHLO);
   QuicTagVector supported_version_tags;
   for (size_t i = 0; i < supported_versions.size(); ++i) {
     supported_version_tags.push_back
         (QuicVersionToQuicTag(supported_versions[i]));
   }
   out->SetVector(kVER, supported_version_tags);
-  out->SetStringPiece(kSourceAddressTokenTag,
-                      NewSourceAddressToken(*requested_config.get(),
-                                            client_address,
-                                            rand,
-                                            info.now,
-                                            nullptr));
+  out->SetStringPiece(
+      kSourceAddressTokenTag,
+      NewSourceAddressToken(*requested_config.get(), info.source_address_tokens,
+                            client_address, rand, info.now, nullptr));
   QuicSocketAddressCoder address_coder(client_address);
   out->SetStringPiece(kCADR, address_coder.Encode());
   out->SetStringPiece(kPUBS, forward_secure_public_value);
 
   return QUIC_NO_ERROR;
 }
 
 scoped_refptr<QuicCryptoServerConfig::Config>
 QuicCryptoServerConfig::GetConfigWithScid(StringPiece requested_scid) const {
   // In Chromium, we will dead lock if the lock is held by the current thread.
@@ skipping 149 matching lines @@
       info->reject_reasons.push_back(SERVER_CONFIG_INCHOATE_HELLO_FAILURE);
     }
     // No server config with the requested ID.
     helper.ValidationComplete(QUIC_NO_ERROR, "");
     return;
   }
 
   HandshakeFailureReason source_address_token_error;
   StringPiece srct;
   if (client_hello.GetStringPiece(kSourceAddressTokenTag, &srct)) {
-    source_address_token_error =
-        ValidateSourceAddressToken(*requested_config.get(),
-                                   srct,
-                                   info->client_ip,
-                                   info->now,
-                                   &client_hello_state->cached_network_params);
+    if (!FLAGS_quic_use_multiple_address_in_source_tokens) {
+      source_address_token_error = ValidateSourceAddressToken(
+          *requested_config.get(), srct, info->client_ip, info->now,
+          &client_hello_state->cached_network_params);
+    } else {
+      source_address_token_error = ParseSourceAddressToken(
+          *requested_config.get(), srct, &info->source_address_tokens);
+
+      if (source_address_token_error == HANDSHAKE_OK) {
+        source_address_token_error = ValidateSourceAddressTokens(
+            info->source_address_tokens, info->client_ip, info->now,
+            &client_hello_state->cached_network_params);
+      }
+    }
     info->valid_source_address_token =
         (source_address_token_error == HANDSHAKE_OK);
   } else {
     source_address_token_error = SOURCE_ADDRESS_TOKEN_INVALID_FAILURE;
   }
 
   bool found_error = false;
   if (source_address_token_error != HANDSHAKE_OK) {
     info->reject_reasons.push_back(source_address_token_error);
     // No valid source address token.
@@ skipping 69 matching lines @@
   }
 
   strike_register_client->VerifyNonceIsValidAndUnique(
       info->client_nonce,
       info->now,
       new VerifyNonceIsValidAndUniqueCallback(client_hello_state, done_cb));
   helper.StartedAsyncCallback();
 }
 
 bool QuicCryptoServerConfig::BuildServerConfigUpdateMessage(
+    const SourceAddressTokens& previous_source_address_tokens,
     const IPEndPoint& server_ip,
     const IPEndPoint& client_ip,
     const QuicClock* clock,
     QuicRandom* rand,
     const QuicCryptoNegotiatedParameters& params,
     const CachedNetworkParameters* cached_network_params,
     CryptoHandshakeMessage* out) const {
   base::AutoLock locked(configs_lock_);
   out->set_tag(kSCUP);
   out->SetStringPiece(kSCFG, primary_config_->serialized);
-  out->SetStringPiece(kSourceAddressTokenTag,
-                      NewSourceAddressToken(*primary_config_.get(),
-                                            client_ip,
-                                            rand,
-                                            clock->WallNow(),
-                                            cached_network_params));
+  out->SetStringPiece(
+      kSourceAddressTokenTag,
+      NewSourceAddressToken(*primary_config_.get(),
+                            previous_source_address_tokens, client_ip, rand,
+                            clock->WallNow(), cached_network_params));
 
   if (proof_source_ == nullptr) {
     // Insecure QUIC, can send SCFG without proof.
     return true;
   }
 
   const vector<string>* certs;
   string signature;
   if (!proof_source_->GetProof(
           server_ip, params.sni, primary_config_->serialized,
@@ skipping 15 matching lines @@
     const IPEndPoint& server_ip,
     const Config& config,
     const CryptoHandshakeMessage& client_hello,
     const ClientHelloInfo& info,
     const CachedNetworkParameters& cached_network_params,
     QuicRandom* rand,
     QuicCryptoNegotiatedParameters* params,
     CryptoHandshakeMessage* out) const {
   out->set_tag(kREJ);
   out->SetStringPiece(kSCFG, config.serialized);
-  out->SetStringPiece(kSourceAddressTokenTag,
-                      NewSourceAddressToken(
-                          config,
-                          info.client_ip,
-                          rand,
-                          info.now,
-                          &cached_network_params));
+  out->SetStringPiece(
+      kSourceAddressTokenTag,
+      NewSourceAddressToken(config, info.source_address_tokens, info.client_ip,
+                            rand, info.now, &cached_network_params));
   if (replay_protection_) {
     out->SetStringPiece(kServerNonceTag, NewServerNonce(rand, info.now));
   }
 
   if (FLAGS_send_quic_crypto_reject_reason) {
     // Send client the reject reason for debugging purposes.
     DCHECK_LT(0u, info.reject_reasons.size());
     out->SetVector(kRREJ, info.reject_reasons);
   }
 
@@ skipping 299 matching lines @@
 }
 
 void QuicCryptoServerConfig::AcquirePrimaryConfigChangedCb(
     PrimaryConfigChangedCallback* cb) {
   base::AutoLock locked(configs_lock_);
   primary_config_changed_cb_.reset(cb);
 }
 
 string QuicCryptoServerConfig::NewSourceAddressToken(
     const Config& config,
+    const SourceAddressTokens& previous_tokens,
     const IPEndPoint& ip,
     QuicRandom* rand,
     QuicWallTime now,
     const CachedNetworkParameters* cached_network_params) const {
   IPAddressNumber ip_address = ip.address();
   if (ip.GetSockAddrFamily() == AF_INET) {
     ip_address = ConvertIPv4NumberToIPv6Number(ip_address);
   }
-  SourceAddressToken source_address_token;
-  source_address_token.set_ip(IPAddressToPackedString(ip_address));
-  source_address_token.set_timestamp(now.ToUNIXSeconds());
+  SourceAddressTokens source_address_tokens;
+  SourceAddressToken* source_address_token = source_address_tokens.add_tokens();
+  source_address_token->set_ip(IPAddressToPackedString(ip_address));
+  source_address_token->set_timestamp(now.ToUNIXSeconds());
   if (cached_network_params != nullptr) {
-    source_address_token.set_cached_network_parameters(*cached_network_params);
+    *(source_address_token->mutable_cached_network_parameters()) =
+        *cached_network_params;
+  }
+
+  if (!FLAGS_quic_use_multiple_address_in_source_tokens) {
+    return config.source_address_token_boxer->Box(
+        rand, source_address_token->SerializeAsString());
+  }
+
+  // Append previous tokens.
+  for (size_t i = 0; i < previous_tokens.tokens_size(); i++) {
+    const SourceAddressToken& token = previous_tokens.tokens(i);
+    if (source_address_tokens.tokens_size() > kMaxTokenAddresses) {
+      break;
+    }
+
+    if (token.ip() == source_address_token->ip()) {
+      // It's for the same IP address.
+      continue;
+    }
+
+    if (ValidateSourceAddressTokenTimestamp(token, now) != HANDSHAKE_OK) {
+      continue;
+    }
+
+    *(source_address_tokens.add_tokens()) = token;
   }
 
   return config.source_address_token_boxer->Box(
-      rand, source_address_token.SerializeAsString());
+      rand, source_address_tokens.SerializeAsString());
 }
 
 bool QuicCryptoServerConfig::HasProofSource() const {
   return proof_source_ != nullptr;
 }
 
+HandshakeFailureReason QuicCryptoServerConfig::ParseSourceAddressToken(
+    const Config& config,
+    StringPiece token,
+    SourceAddressTokens* tokens) const {
+  string storage;
+  StringPiece plaintext;
+  if (!config.source_address_token_boxer->Unbox(token, &storage, &plaintext)) {
+    return SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE;
+  }
+
+  if (!FLAGS_quic_use_multiple_address_in_source_tokens) {
+    SourceAddressToken token;
+    if (!token.ParseFromArray(plaintext.data(), plaintext.size())) {
+      return SOURCE_ADDRESS_TOKEN_PARSE_FAILURE;
+    }
+    *(tokens->add_tokens()) = token;
+    return HANDSHAKE_OK;
+  }
+
+  if (!tokens->ParseFromArray(plaintext.data(), plaintext.size())) {
+    // Some clients might still be using the old source token format so
+    // attempt to parse that format.
+    // TODO(rch): remove this code once the new format is ubiquitous.
+    SourceAddressToken token;
+    if (!token.ParseFromArray(plaintext.data(), plaintext.size())) {
+      return SOURCE_ADDRESS_TOKEN_PARSE_FAILURE;
+    }
+    *tokens->add_tokens() = token;
+  }
+
+  return HANDSHAKE_OK;
+}
+
 HandshakeFailureReason QuicCryptoServerConfig::ValidateSourceAddressToken(
     const Config& config,
     StringPiece token,
     const IPEndPoint& ip,
     QuicWallTime now,
     CachedNetworkParameters* cached_network_params) const {
   string storage;
   StringPiece plaintext;
   if (!config.source_address_token_boxer->Unbox(token, &storage, &plaintext)) {
     return SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE;
@@ skipping 28 matching lines @@
     return SOURCE_ADDRESS_TOKEN_EXPIRED_FAILURE;
   }
 
   if (source_address_token.has_cached_network_parameters()) {
     *cached_network_params = source_address_token.cached_network_parameters();
   }
 
   return HANDSHAKE_OK;
 }
 
+HandshakeFailureReason QuicCryptoServerConfig::ValidateSourceAddressTokens(
+    const SourceAddressTokens& source_address_tokens,
+    const IPEndPoint& ip,
+    QuicWallTime now,
+    CachedNetworkParameters* cached_network_params) const {
+  HandshakeFailureReason reason =
+      SOURCE_ADDRESS_TOKEN_DIFFERENT_IP_ADDRESS_FAILURE;
+  for (size_t i = 0; i < source_address_tokens.tokens_size(); i++) {
+    const SourceAddressToken& token = source_address_tokens.tokens(i);
+    reason = ValidateSingleSourceAddressToken(token, ip, now);
+    if (reason == HANDSHAKE_OK) {
+      if (token.has_cached_network_parameters()) {
+        *cached_network_params = token.cached_network_parameters();
+      }
+      break;
+    }
+  }
+  return reason;
+}
+
+HandshakeFailureReason QuicCryptoServerConfig::ValidateSingleSourceAddressToken(
+    const SourceAddressToken& source_address_token,
+    const IPEndPoint& ip,
+    QuicWallTime now) const {
+  IPAddressNumber ip_address = ip.address();
+  if (ip.GetSockAddrFamily() == AF_INET) {
+    ip_address = ConvertIPv4NumberToIPv6Number(ip_address);
+  }
+  if (source_address_token.ip() != IPAddressToPackedString(ip_address)) {
+    // It's for a different IP address.
+    return SOURCE_ADDRESS_TOKEN_DIFFERENT_IP_ADDRESS_FAILURE;
+  }
+
+  return ValidateSourceAddressTokenTimestamp(source_address_token, now);
+}
+
+HandshakeFailureReason
+QuicCryptoServerConfig::ValidateSourceAddressTokenTimestamp(
+    const SourceAddressToken& source_address_token,
+    QuicWallTime now) const {
+  const QuicWallTime timestamp(
+      QuicWallTime::FromUNIXSeconds(source_address_token.timestamp()));
+  const QuicTime::Delta delta(now.AbsoluteDifference(timestamp));
+
+  if (now.IsBefore(timestamp) &&
+      delta.ToSeconds() > source_address_token_future_secs_) {
+    return SOURCE_ADDRESS_TOKEN_CLOCK_SKEW_FAILURE;
+  }
+
+  if (now.IsAfter(timestamp) &&
+      delta.ToSeconds() > source_address_token_lifetime_secs_) {
+    return SOURCE_ADDRESS_TOKEN_EXPIRED_FAILURE;
+  }
+
+  return HANDSHAKE_OK;
+}
+
 // kServerNoncePlaintextSize is the number of bytes in an unencrypted server
 // nonce.
 static const size_t kServerNoncePlaintextSize =
     4 /* timestamp */ + 20 /* random bytes */;
 
 string QuicCryptoServerConfig::NewServerNonce(QuicRandom* rand,
                                               QuicWallTime now) const {
   const uint32 timestamp = static_cast<uint32>(now.ToUNIXSeconds());
 
   uint8 server_nonce[kServerNoncePlaintextSize];
@@ skipping 73 matching lines @@
 QuicCryptoServerConfig::Config::Config()
     : channel_id_enabled(false),
       is_primary(false),
       primary_time(QuicWallTime::Zero()),
       priority(0),
       source_address_token_boxer(nullptr) {}
 
 QuicCryptoServerConfig::Config::~Config() { STLDeleteElements(&key_exchanges); }
 
 }  // namespace net