Add support for retry integrity tag This CL adds support for the retry integrity tag which was added in draft-25. It increases resilience to network errors and makes retry injection by attackers harder. This changes the wire-format of T050 and T099/draft-25 which are both disabled. gfe-relnote: support retry integrity tag, client-only, not flag-protected PiperOrigin-RevId: 292044658 Change-Id: Ib62a4d58cb761dce284c36b450816ad9151e4062

commit: 278efaec3531ef0554ec209bd66cb8ebb5ada7a5 [log] [tgz]
author: dschinazi <dschinazi@google.com> Tue Jan 28 17:03:09 2020 -0800
committer: Copybara-Service <copybara-worker@google.com> Tue Jan 28 17:03:50 2020 -0800
tree: fa2bad1be26938f294e4c6dea4c65e936115458c
parent: 18773d637c1db1f7e1d23b4bd38b4589d6f73b39 [diff] [blame]
diff --git a/quic/core/quic_constants.h b/quic/core/quic_constants.h
index c4a83b3..15f0abb 100644
--- a/quic/core/quic_constants.h
+++ b/quic/core/quic_constants.h

@@ -105,6 +105,10 @@
 // Number of bytes reserved for version number in the packet header.
 const size_t kQuicVersionSize = 4;
 
+// Length of the retry integrity tag in bytes.
+// https://tools.ietf.org/html/draft-ietf-quic-transport-25#section-17.2.5
+const size_t kRetryIntegrityTagLength = 16;
+
 // Signifies that the QuicPacket will contain version of the protocol.
 const bool kIncludeVersion = true;
 // Signifies that the QuicPacket will include a diversification nonce.
commit	278efaec3531ef0554ec209bd66cb8ebb5ada7a5	[log] [tgz]
author	dschinazi <dschinazi@google.com>	Tue Jan 28 17:03:09 2020 -0800
committer	Copybara-Service <copybara-worker@google.com>	Tue Jan 28 17:03:50 2020 -0800
tree	fa2bad1be26938f294e4c6dea4c65e936115458c
parent	18773d637c1db1f7e1d23b4bd38b4589d6f73b39 [diff] [blame]