Google Git
Sign in
quiche / quiche.git / c1bbfe64c68dfc9db2dcf760122cfbf701cfe97a^! / . / quic / core / quic_connection_test.cc
commitc1bbfe64c68dfc9db2dcf760122cfbf701cfe97a[log] [tgz]
authornharper <nharper@google.com>Fri Sep 27 16:48:40 2019 -0700
committerCopybara-Service <copybara-worker@google.com>Tue Oct 01 12:55:56 2019 -0700
tree78b4bd094cfd263b9c40f7847bbadf1c49224a2b
parentf1e3e4abecfc2ce6346e981cb5dc8c51336ab2f2 [diff] [blame]
Use 16-byte auth tags when initial obfuscators are used

QuicFramer assumes that the auth tag is the same length for all encryption
levels. In Google QUIC crypto versions where initial obfuscators are used,
we should use IETF style crypters (different nonce/IV construction and 16
byte instead of 12 byte auth tags).

gfe-relnote: Change encryption used in QUIC. Protected by quic_enable_version_99
PiperOrigin-RevId: 271674606
Change-Id: Ic7736908068eeee8077bd3a17ec4f8b4112254f9

diff --git a/quic/core/quic_connection_test.cc b/quic/core/quic_connection_test.cc
index 2f8f6a7..f65f0cd 100644
--- a/quic/core/quic_connection_test.cc
+++ b/quic/core/quic_connection_test.cc

@@ -4796,6 +4796,17 @@
   EXPECT_EQ(new_mtu, mtu_probe_size);
   EXPECT_EQ(QuicPacketNumber(1u), creator_->packet_number());
 
+  // QuicFramer::GetMaxPlaintextSize uses the smallest max plaintext size across
+  // all encrypters. The initial encrypter used with IETF QUIC has a 16-byte
+  // overhead, while the NullEncrypter used throughout this test has a 12-byte
+  // overhead. This test tests behavior that relies on computing the packet size
+  // correctly, so by unsetting the initial encrypter, we avoid having a
+  // mismatch between the overheads for the encrypters used. In non-test
+  // scenarios all encrypters used for a given connection have the same
+  // overhead, either 12 bytes for ones using Google QUIC crypto, or 16 bytes
+  // for ones using TLS.
+  connection_.SetEncrypter(ENCRYPTION_INITIAL, nullptr);
+
   // Send more than MTU worth of data.  No acknowledgement was received so far,
   // so the MTU should be at its old value.
   const std::string data(kDefaultMaxPacketSize + 1, '.');
@@ -4851,8 +4862,7 @@
   // scenarios all encrypters used for a given connection have the same
   // overhead, either 12 bytes for ones using Google QUIC crypto, or 16 bytes
   // for ones using TLS.
-  QuicConnectionPeer::GetFramer(&connection_)
-      ->SetEncrypter(ENCRYPTION_INITIAL, nullptr);
+  connection_.SetEncrypter(ENCRYPTION_INITIAL, nullptr);
 
   connection_.EnablePathMtuDiscovery(send_algorithm_);
 
@@ -4993,8 +5003,7 @@
   // scenarios all encrypters used for a given connection have the same
   // overhead, either 12 bytes for ones using Google QUIC crypto, or 16 bytes
   // for ones using TLS.
-  QuicConnectionPeer::GetFramer(&connection_)
-      ->SetEncrypter(ENCRYPTION_INITIAL, nullptr);
+  connection_.SetEncrypter(ENCRYPTION_INITIAL, nullptr);
 
   const QuicByteCount mtu_limit = kMtuDiscoveryTargetPacketSizeHigh - 1;
   writer_->set_max_packet_size(mtu_limit);