gfe-relnote: Stop using SetDefaultEncryptionLevel in TLS handshake. Instead, use OnOneRttKeysAvailable. Refactor only, no functional change expected, not protected.
PiperOrigin-RevId: 301928754
Change-Id: I8751cb610f1454fc2d61646c50a1fbed8dae926c
diff --git a/quic/core/handshaker_delegate_interface.h b/quic/core/handshaker_delegate_interface.h
index 03b3af9..0e8e045 100644
--- a/quic/core/handshaker_delegate_interface.h
+++ b/quic/core/handshaker_delegate_interface.h
@@ -30,9 +30,14 @@
EncryptionLevel level,
std::unique_ptr<QuicEncrypter> encrypter) = 0;
- // Called to set default encryption level to |level|.
+ // Called to set default encryption level to |level|. Only used in QUIC
+ // crypto.
virtual void SetDefaultEncryptionLevel(EncryptionLevel level) = 0;
+ // Called when both 1-RTT read and write keys are available. Only used in TLS
+ // handshake.
+ virtual void OnOneRttKeysAvailable() = 0;
+
// Called to discard old decryption keys to stop processing packets of
// encryption |level|.
virtual void DiscardOldDecryptionKey(EncryptionLevel level) = 0;
diff --git a/quic/core/http/quic_spdy_session.cc b/quic/core/http/quic_spdy_session.cc
index 8467797..d545b05 100644
--- a/quic/core/http/quic_spdy_session.cc
+++ b/quic/core/http/quic_spdy_session.cc
@@ -764,6 +764,11 @@
SendInitialData();
}
+void QuicSpdySession::OnOneRttKeysAvailable() {
+ QuicSession::OnOneRttKeysAvailable();
+ SendInitialData();
+}
+
// True if there are open HTTP requests.
bool QuicSpdySession::ShouldKeepConnectionAlive() const {
if (!VersionUsesHttp3(transport_version())) {
diff --git a/quic/core/http/quic_spdy_session.h b/quic/core/http/quic_spdy_session.h
index e7fa037..d1136ff 100644
--- a/quic/core/http/quic_spdy_session.h
+++ b/quic/core/http/quic_spdy_session.h
@@ -323,6 +323,7 @@
QuicReferenceCountedPointer<QuicAckListenerInterface> ack_listener);
void SetDefaultEncryptionLevel(quic::EncryptionLevel level) override;
+ void OnOneRttKeysAvailable() override;
// Optional, enables instrumentation related to go/quic-hpack.
void SetHpackEncoderDebugVisitor(
diff --git a/quic/core/http/quic_spdy_session_test.cc b/quic/core/http/quic_spdy_session_test.cc
index b14db0b..a7c36d7 100644
--- a/quic/core/http/quic_spdy_session_test.cc
+++ b/quic/core/http/quic_spdy_session_test.cc
@@ -105,7 +105,12 @@
}
EXPECT_THAT(error, IsQuicNoError());
session()->OnConfigNegotiated();
- session()->SetDefaultEncryptionLevel(ENCRYPTION_FORWARD_SECURE);
+ if (session()->connection()->version().handshake_protocol ==
+ PROTOCOL_TLS1_3) {
+ session()->OnOneRttKeysAvailable();
+ } else {
+ session()->SetDefaultEncryptionLevel(ENCRYPTION_FORWARD_SECURE);
+ }
session()->DiscardOldEncryptionKey(ENCRYPTION_INITIAL);
}
diff --git a/quic/core/http/quic_spdy_stream_test.cc b/quic/core/http/quic_spdy_stream_test.cc
index 707964c..eef43cd 100644
--- a/quic/core/http/quic_spdy_stream_test.cc
+++ b/quic/core/http/quic_spdy_stream_test.cc
@@ -89,7 +89,12 @@
}
EXPECT_THAT(error, IsQuicNoError());
session()->OnConfigNegotiated();
- session()->SetDefaultEncryptionLevel(ENCRYPTION_FORWARD_SECURE);
+ if (session()->connection()->version().handshake_protocol ==
+ PROTOCOL_TLS1_3) {
+ session()->OnOneRttKeysAvailable();
+ } else {
+ session()->SetDefaultEncryptionLevel(ENCRYPTION_FORWARD_SECURE);
+ }
session()->DiscardOldEncryptionKey(ENCRYPTION_INITIAL);
}
diff --git a/quic/core/quic_session.cc b/quic/core/quic_session.cc
index 32e01cb..468bdec 100644
--- a/quic/core/quic_session.cc
+++ b/quic/core/quic_session.cc
@@ -1334,6 +1334,7 @@
}
void QuicSession::SetDefaultEncryptionLevel(EncryptionLevel level) {
+ DCHECK_EQ(PROTOCOL_QUIC_CRYPTO, connection_->version().handshake_protocol);
QUIC_DVLOG(1) << ENDPOINT << "Set default encryption level to "
<< EncryptionLevelToString(level);
connection()->SetDefaultEncryptionLevel(level);
@@ -1353,19 +1354,8 @@
case ENCRYPTION_HANDSHAKE:
break;
case ENCRYPTION_FORWARD_SECURE:
- if (connection_->version().handshake_protocol == PROTOCOL_TLS1_3) {
- QUIC_BUG_IF(!GetCryptoStream()->crypto_negotiated_params().cipher_suite)
- << ENDPOINT
- << "Handshake confirmed without cipher suite negotiation.";
- }
QUIC_BUG_IF(!config_.negotiated())
<< ENDPOINT << "Handshake confirmed without parameter negotiation.";
- if (connection()->version().HasHandshakeDone() &&
- perspective_ == Perspective::IS_SERVER) {
- // Server sends HANDSHAKE_DONE to signal confirmation of the handshake
- // to the client.
- control_frame_manager_.WriteOrBufferHandshakeDone();
- }
if (!GetQuicReloadableFlag(quic_bw_sampler_app_limited_starting_value)) {
connection_->ResetHasNonAppLimitedSampleAfterHandshakeCompletion();
}
@@ -1376,6 +1366,27 @@
}
}
+void QuicSession::OnOneRttKeysAvailable() {
+ DCHECK_EQ(PROTOCOL_TLS1_3, connection_->version().handshake_protocol);
+ QUIC_DVLOG(1) << ENDPOINT << "Set default encryption level to "
+ << EncryptionLevelToString(ENCRYPTION_FORWARD_SECURE);
+ connection()->SetDefaultEncryptionLevel(ENCRYPTION_FORWARD_SECURE);
+
+ QUIC_BUG_IF(!GetCryptoStream()->crypto_negotiated_params().cipher_suite)
+ << ENDPOINT << "Handshake completes without cipher suite negotiation.";
+ QUIC_BUG_IF(!config_.negotiated())
+ << ENDPOINT << "Handshake completes without parameter negotiation.";
+ if (connection()->version().HasHandshakeDone() &&
+ perspective_ == Perspective::IS_SERVER) {
+ // Server sends HANDSHAKE_DONE to signal confirmation of the handshake
+ // to the client.
+ control_frame_manager_.WriteOrBufferHandshakeDone();
+ }
+ if (!GetQuicReloadableFlag(quic_bw_sampler_app_limited_starting_value)) {
+ connection_->ResetHasNonAppLimitedSampleAfterHandshakeCompletion();
+ }
+}
+
void QuicSession::DiscardOldDecryptionKey(EncryptionLevel level) {
if (!connection()->version().KnowsWhichDecrypterToUse()) {
return;
diff --git a/quic/core/quic_session.h b/quic/core/quic_session.h
index 37c00f7..06dfd0a 100644
--- a/quic/core/quic_session.h
+++ b/quic/core/quic_session.h
@@ -242,6 +242,7 @@
EncryptionLevel level,
std::unique_ptr<QuicEncrypter> encrypter) override;
void SetDefaultEncryptionLevel(EncryptionLevel level) override;
+ void OnOneRttKeysAvailable() override;
void DiscardOldDecryptionKey(EncryptionLevel level) override;
void DiscardOldEncryptionKey(EncryptionLevel level) override;
void NeuterUnencryptedData() override;
diff --git a/quic/core/quic_session_test.cc b/quic/core/quic_session_test.cc
index e3289e9..25237c4 100644
--- a/quic/core/quic_session_test.cc
+++ b/quic/core/quic_session_test.cc
@@ -91,7 +91,12 @@
}
EXPECT_THAT(error, IsQuicNoError());
session()->OnConfigNegotiated();
- session()->SetDefaultEncryptionLevel(ENCRYPTION_FORWARD_SECURE);
+ if (session()->connection()->version().handshake_protocol ==
+ PROTOCOL_TLS1_3) {
+ session()->OnOneRttKeysAvailable();
+ } else {
+ session()->SetDefaultEncryptionLevel(ENCRYPTION_FORWARD_SECURE);
+ }
session()->DiscardOldEncryptionKey(ENCRYPTION_INITIAL);
}
diff --git a/quic/core/tls_client_handshaker.cc b/quic/core/tls_client_handshaker.cc
index 4600986..3782ab5 100644
--- a/quic/core/tls_client_handshaker.cc
+++ b/quic/core/tls_client_handshaker.cc
@@ -400,7 +400,7 @@
crypto_negotiated_params_->peer_signature_algorithm =
SSL_get_peer_signature_algorithm(ssl());
- handshaker_delegate()->SetDefaultEncryptionLevel(ENCRYPTION_FORWARD_SECURE);
+ handshaker_delegate()->OnOneRttKeysAvailable();
}
enum ssl_verify_result_t TlsClientHandshaker::VerifyCert(uint8_t* out_alert) {
diff --git a/quic/core/tls_server_handshaker.cc b/quic/core/tls_server_handshaker.cc
index 346e872..715a200 100644
--- a/quic/core/tls_server_handshaker.cc
+++ b/quic/core/tls_server_handshaker.cc
@@ -310,7 +310,7 @@
app_data_read_secret_.clear();
}
- handshaker_delegate()->SetDefaultEncryptionLevel(ENCRYPTION_FORWARD_SECURE);
+ handshaker_delegate()->OnOneRttKeysAvailable();
handshaker_delegate()->DiscardOldEncryptionKey(ENCRYPTION_HANDSHAKE);
handshaker_delegate()->DiscardOldDecryptionKey(ENCRYPTION_HANDSHAKE);
}
diff --git a/quic/quartc/quartc_session.cc b/quic/quartc/quartc_session.cc
index 6715ee2..a93f410 100644
--- a/quic/quartc/quartc_session.cc
+++ b/quic/quartc/quartc_session.cc
@@ -185,6 +185,18 @@
}
}
+void QuartcSession::OnOneRttKeysAvailable() {
+ QuicSession::OnOneRttKeysAvailable();
+ // On the server, handshake confirmed is the first time when you can start
+ // writing packets.
+ DCHECK(IsEncryptionEstablished());
+ DCHECK(OneRttKeysAvailable());
+
+ DCHECK(session_delegate_);
+ session_delegate_->OnConnectionWritable();
+ session_delegate_->OnCryptoHandshakeComplete();
+}
+
void QuartcSession::CancelStream(QuicStreamId stream_id) {
ResetStream(stream_id, QuicRstStreamErrorCode::QUIC_STREAM_CANCELLED);
}
diff --git a/quic/quartc/quartc_session.h b/quic/quartc/quartc_session.h
index 7d0c773..db988a0 100644
--- a/quic/quartc/quartc_session.h
+++ b/quic/quartc/quartc_session.h
@@ -75,6 +75,7 @@
}
void SetDefaultEncryptionLevel(EncryptionLevel level) override;
+ void OnOneRttKeysAvailable() override;
// QuicConnectionVisitorInterface overrides.
void OnCongestionWindowChange(QuicTime now) override;
diff --git a/quic/quic_transport/quic_transport_client_session.cc b/quic/quic_transport/quic_transport_client_session.cc
index ae15371..a35d084 100644
--- a/quic/quic_transport/quic_transport_client_session.cc
+++ b/quic/quic_transport/quic_transport_client_session.cc
@@ -104,6 +104,11 @@
}
}
+void QuicTransportClientSession::OnOneRttKeysAvailable() {
+ QuicSession::OnOneRttKeysAvailable();
+ SendClientIndication();
+}
+
QuicTransportStream*
QuicTransportClientSession::AcceptIncomingBidirectionalStream() {
if (incoming_bidirectional_streams_.empty()) {
diff --git a/quic/quic_transport/quic_transport_client_session.h b/quic/quic_transport/quic_transport_client_session.h
index e4cc15d..56b29e4 100644
--- a/quic/quic_transport/quic_transport_client_session.h
+++ b/quic/quic_transport/quic_transport_client_session.h
@@ -95,6 +95,7 @@
}
void SetDefaultEncryptionLevel(EncryptionLevel level) override;
+ void OnOneRttKeysAvailable() override;
void OnMessageReceived(quiche::QuicheStringPiece message) override;
// Return the earliest incoming stream that has been received by the session
