QuicConnectionId::Hash adoption of SipHash
This CL rolls back cl/258561852 which was itself a rollback of cl/258413870. QuicConnectionIdTest.Hash was failing on 32bit platforms and has now been fixed.
Instead of simply XORing the connection ID bits, QuicConnectionId::Hash now uses SipHash with a random key generated once per process lifetime. This prevents attackers from crafting connection IDs to make them all land in the same data structure hash bucket.
gfe-relnote: QuicConnectionId uses SipHash, protected by gfe2_restart_flag_quic_connection_id_use_siphash
PiperOrigin-RevId: 258782229
Change-Id: I019c85ba2cde0447764306b87f12323d6867acb0
diff --git a/quic/core/quic_connection_id.h b/quic/core/quic_connection_id.h
index 4b76f31..6b1b0bc 100644
--- a/quic/core/quic_connection_id.h
+++ b/quic/core/quic_connection_id.h
@@ -72,6 +72,11 @@
bool IsEmpty() const;
// Hash() is required to use connection IDs as keys in hash tables.
+ // During the lifetime of a process, the output of Hash() is guaranteed to be
+ // the same for connection IDs that are equal to one another. Note however
+ // that this property is not guaranteed across process lifetimes. This makes
+ // Hash() suitable for data structures such as hash tables but not for sending
+ // a hash over the network.
size_t Hash() const;
// Generates an ASCII string that represents
@@ -112,6 +117,11 @@
QUIC_EXPORT_PRIVATE QuicConnectionId EmptyQuicConnectionId();
// QuicConnectionIdHash can be passed as hash argument to hash tables.
+// During the lifetime of a process, the output of QuicConnectionIdHash is
+// guaranteed to be the same for connection IDs that are equal to one another.
+// Note however that this property is not guaranteed across process lifetimes.
+// This makes QuicConnectionIdHash suitable for data structures such as hash
+// tables but not for sending a hash over the network.
class QuicConnectionIdHash {
public:
size_t operator()(QuicConnectionId const& connection_id) const noexcept {
