Disable QUIC trial decryption in V44 and above
gfe-relnote: Protected by reloadable flag quic_v44_disable_trial_decryption
PiperOrigin-RevId: 246159430
Change-Id: I7a1845d0a38555ce774dd58372f4ba19b12e777c
diff --git a/quic/core/quic_framer_test.cc b/quic/core/quic_framer_test.cc
index dd4a701..0437118 100644
--- a/quic/core/quic_framer_test.cc
+++ b/quic/core/quic_framer_test.cc
@@ -3252,6 +3252,7 @@
// not arise.
return;
}
+ SetDecrypterLevel(ENCRYPTION_FORWARD_SECURE);
// clang-format off
PacketFragments packet = {
@@ -3833,6 +3834,7 @@
}
TEST_P(QuicFramerTest, AckFrameTimeStampDeltaTooHigh) {
+ SetDecrypterLevel(ENCRYPTION_FORWARD_SECURE);
// clang-format off
unsigned char packet[] = {
// public flags (8 byte connection_id)
@@ -3924,6 +3926,7 @@
}
TEST_P(QuicFramerTest, AckFrameTimeStampSecondDeltaTooHigh) {
+ SetDecrypterLevel(ENCRYPTION_FORWARD_SECURE);
// clang-format off
unsigned char packet[] = {
// public flags (8 byte connection_id)
@@ -4030,6 +4033,7 @@
if (version_.transport_version == QUIC_VERSION_99) {
return;
}
+ SetDecrypterLevel(ENCRYPTION_FORWARD_SECURE);
// clang-format off
PacketFragments packet = {
// public flags (8 byte connection_id)
@@ -4113,6 +4117,7 @@
if (version_.transport_version == QUIC_VERSION_99) {
return;
}
+ SetDecrypterLevel(ENCRYPTION_FORWARD_SECURE);
// clang-format off
unsigned char packet[] = {
// public flags (8 byte connection_id)
@@ -4509,6 +4514,7 @@
// This frame is not supported in version 99.
return;
}
+ SetDecrypterLevel(ENCRYPTION_FORWARD_SECURE);
// clang-format off
PacketFragments packet = {
// public flags (8 byte connection_id)
@@ -4634,6 +4640,7 @@
// for Version 99 equivalents.
return;
}
+ SetDecrypterLevel(ENCRYPTION_FORWARD_SECURE);
// clang-format off
PacketFragments packet = {
// public flags (8 byte connection_id)
@@ -9402,6 +9409,7 @@
// effectively unlimited
return;
}
+ SetDecrypterLevel(ENCRYPTION_FORWARD_SECURE);
QuicPacketHeader header;
header.destination_connection_id = FramerTestConnectionId();
@@ -9441,6 +9449,7 @@
// effectively unlimited
return;
}
+ SetDecrypterLevel(ENCRYPTION_FORWARD_SECURE);
QuicPacketHeader header;
header.destination_connection_id = FramerTestConnectionId();
@@ -9481,6 +9490,7 @@
// effectively unlimited
return;
}
+ SetDecrypterLevel(ENCRYPTION_FORWARD_SECURE);
QuicPacketHeader header;
header.destination_connection_id = FramerTestConnectionId();
@@ -9758,12 +9768,12 @@
// Verify that the packet returned by ConstructMisFramedEncryptedPacket()
// does cause the framer to return an error.
TEST_P(QuicFramerTest, ConstructMisFramedEncryptedPacket) {
- SetDecrypterLevel(ENCRYPTION_FORWARD_SECURE);
// Since we are using ConstructEncryptedPacket, we have to set the framer's
// crypto to be Null.
if (framer_.version().KnowsWhichDecrypterToUse()) {
- framer_.InstallDecrypter(ENCRYPTION_INITIAL, QuicMakeUnique<NullDecrypter>(
- framer_.perspective()));
+ framer_.InstallDecrypter(
+ ENCRYPTION_FORWARD_SECURE,
+ QuicMakeUnique<NullDecrypter>(framer_.perspective()));
} else {
framer_.SetDecrypter(ENCRYPTION_INITIAL,
QuicMakeUnique<NullDecrypter>(framer_.perspective()));
@@ -13077,17 +13087,33 @@
{"Unable to read protocol version.",
{QUIC_VERSION_BYTES}},
// connection_id length
+ {"Illegal long header type value.",
+ {0x00}},
+ };
+ // clang-format on
+
+ // clang-format off
+ PacketFragments packet45 = {
+ // public flags (IETF Retry packet, 0-length original destination CID)
+ {"Unable to read type.",
+ {0xf0}},
+ // version tag
+ {"Unable to read protocol version.",
+ {QUIC_VERSION_BYTES}},
+ // connection_id length
{"Not yet supported IETF RETRY packet received.",
{0x00}},
};
// clang-format on
+ PacketFragments& fragments =
+ framer_.transport_version() > QUIC_VERSION_44 ? packet45 : packet;
std::unique_ptr<QuicEncryptedPacket> encrypted(
- AssemblePacketFromFragments(packet));
+ AssemblePacketFromFragments(fragments));
EXPECT_FALSE(framer_.ProcessPacket(*encrypted));
EXPECT_EQ(QUIC_INVALID_PACKET_HEADER, framer_.error());
- CheckFramingBoundaries(packet, QUIC_INVALID_PACKET_HEADER);
+ CheckFramingBoundaries(fragments, QUIC_INVALID_PACKET_HEADER);
}
TEST_P(QuicFramerTest, RetryPacketRejectedWithMultiplePacketNumberSpaces) {