commit 546cc453efd0b1f1aa63687fddd7c8f9a2218fce
author zhongyi <zhongyi@google.com> Fri Apr 12 15:27:49 2019 -0700
committer Copybara-Service <copybara-worker@google.com> Fri Apr 12 15:28:24 2019 -0700
tree a95ba671478294b776f69f0a04e89f009e2da92e
parent 9e84364c1893473f994688884920e9a32d7e02df

Add new methods to QuicFramer for controlling decrypters

This CL is a roll forward of cl/243273832. David had to make test-only changes to fix the broken test //third_party/quic/core:tls_handshaker_test. And the chromium patch is ready.

gfe-relnote: Protected behind QUIC_VERSION_99 and quic_supports_tls_handshake
PiperOrigin-RevId: 243344023
Change-Id: Ia845325b55557d4d8811d6641ae5b50bdf2aed45

quic/core/quic_crypto_server_handshaker.cc

diff --git a/quic/core/quic_crypto_server_handshaker.cc b/quic/core/quic_crypto_server_handshaker.cc
index cd3cce9..c0e61ef 100644
--- a/quic/core/quic_crypto_server_handshaker.cc
+++ b/quic/core/quic_crypto_server_handshaker.cc
@@ -230,9 +230,16 @@
   session()->connection()->SetDefaultEncryptionLevel(ENCRYPTION_ZERO_RTT);
   // Set the decrypter immediately so that we no longer accept unencrypted
   // packets.
-  session()->connection()->SetDecrypter(
-      ENCRYPTION_ZERO_RTT,
-      std::move(crypto_negotiated_params_->initial_crypters.decrypter));
+  if (session()->connection()->version().KnowsWhichDecrypterToUse()) {
+    session()->connection()->InstallDecrypter(
+        ENCRYPTION_ZERO_RTT,
+        std::move(crypto_negotiated_params_->initial_crypters.decrypter));
+    session()->connection()->RemoveDecrypter(ENCRYPTION_INITIAL);
+  } else {
+    session()->connection()->SetDecrypter(
+        ENCRYPTION_ZERO_RTT,
+        std::move(crypto_negotiated_params_->initial_crypters.decrypter));
+  }
   session()->connection()->SetDiversificationNonce(*diversification_nonce);
 
   session()->connection()->set_fully_pad_crypto_hadshake_packets(
@@ -244,10 +251,17 @@
       std::move(crypto_negotiated_params_->forward_secure_crypters.encrypter));
   session()->connection()->SetDefaultEncryptionLevel(ENCRYPTION_FORWARD_SECURE);
 
-  session()->connection()->SetAlternativeDecrypter(
-      ENCRYPTION_FORWARD_SECURE,
-      std::move(crypto_negotiated_params_->forward_secure_crypters.decrypter),
-      false /* don't latch */);
+  if (session()->connection()->version().KnowsWhichDecrypterToUse()) {
+    session()->connection()->InstallDecrypter(
+        ENCRYPTION_FORWARD_SECURE,
+        std::move(
+            crypto_negotiated_params_->forward_secure_crypters.decrypter));
+  } else {
+    session()->connection()->SetAlternativeDecrypter(
+        ENCRYPTION_FORWARD_SECURE,
+        std::move(crypto_negotiated_params_->forward_secure_crypters.decrypter),
+        false /* don't latch */);
+  }
 
   encryption_established_ = true;
   handshake_confirmed_ = true;