QUIC Key Update support
Handles key updates initiated remotely and also adds a QuicConnection method to initiate a key update, but this method is currently only called in tests.
Protected by FLAGS_quic_reloadable_flag_quic_key_update_supported.
PiperOrigin-RevId: 336385088
Change-Id: If74d032e1d34e5392312f4b619d28c9f93a95265
diff --git a/quic/core/tls_handshaker.h b/quic/core/tls_handshaker.h
index ef3ade1..077e373 100644
--- a/quic/core/tls_handshaker.h
+++ b/quic/core/tls_handshaker.h
@@ -48,6 +48,8 @@
CryptoMessageParser* crypto_message_parser() { return this; }
size_t BufferSizeLimitForLevel(EncryptionLevel level) const;
ssl_early_data_reason_t EarlyDataReason() const;
+ std::unique_ptr<QuicDecrypter> AdvanceKeysAndCreateCurrentOneRttDecrypter();
+ std::unique_ptr<QuicEncrypter> CreateCurrentOneRttEncrypter();
protected:
virtual void AdvanceHandshake() = 0;
@@ -104,6 +106,14 @@
QuicErrorCode parser_error_ = QUIC_NO_ERROR;
std::string parser_error_detail_;
+
+ // The most recently derived 1-RTT read and write secrets, which are updated
+ // on each key update.
+ std::vector<uint8_t> latest_read_secret_;
+ std::vector<uint8_t> latest_write_secret_;
+ // 1-RTT header protection keys, which are not changed during key update.
+ std::vector<uint8_t> one_rtt_read_header_protection_key_;
+ std::vector<uint8_t> one_rtt_write_header_protection_key_;
};
} // namespace quic
