Add knobs that enable QBONE to use IETF QUIC.
Particularly,
1) --qbone_server_support_h3_loas defined in gfe_quic_dispatcher.cc enables QBONE server to support both gQUIC & IETF QUIC.
2) --qbone_client_use_h3_loas defined in bonnet_server.cc makes QBONE client to use IETF QUIC exclusively.
These two flags are set up assuming:
1) --qbone_server_support_h3_loas can be enabled for all servers.
2) --qbone_client_support_h3_loas can then be enabled gradually for all clients.
And the two flags should not be enabled until the following TODOs are done:
1) Add a special ProofSource that provides fake certificate.
2) Add code and test that handles messages/streams before LOAS2 authentication is done on the client side.
3) Set the idle timeout correctly in between TLS handshake done and LOAS2 handshake done.
PiperOrigin-RevId: 415266155
diff --git a/quic/core/quic_crypto_stream.h b/quic/core/quic_crypto_stream.h
index 86b6913..08cb189 100644
--- a/quic/core/quic_crypto_stream.h
+++ b/quic/core/quic_crypto_stream.h
@@ -245,6 +245,10 @@
virtual void OnDataAvailableInSequencer(QuicStreamSequencer* sequencer,
EncryptionLevel level);
+ QuicStreamSequencer* GetStreamSequencerForLevel(EncryptionLevel level) {
+ return &substreams_[level].sequencer;
+ }
+
private:
// Data sent and received in CRYPTO frames is sent at multiple encryption
// levels. Some of the state for the single logical crypto stream is split
diff --git a/quic/core/quic_error_codes.cc b/quic/core/quic_error_codes.cc
index 74922c3..c7da0ae 100644
--- a/quic/core/quic_error_codes.cc
+++ b/quic/core/quic_error_codes.cc
@@ -279,6 +279,7 @@
RETURN_STRING_LITERAL(QUIC_TLS_UNEXPECTED_KEYING_MATERIAL_EXPORT_LABEL);
RETURN_STRING_LITERAL(QUIC_TLS_KEYING_MATERIAL_EXPORTS_MISMATCH);
RETURN_STRING_LITERAL(QUIC_TLS_KEYING_MATERIAL_EXPORT_NOT_AVAILABLE);
+ RETURN_STRING_LITERAL(QUIC_UNEXPECTED_DATA_BEFORE_ENCRYPTION_ESTABLISHED);
RETURN_STRING_LITERAL(QUIC_LAST_ERROR);
// Intentionally have no default case, so we'll break the build
@@ -784,6 +785,8 @@
return {true, static_cast<uint64_t>(PROTOCOL_VIOLATION)};
case QUIC_TLS_KEYING_MATERIAL_EXPORT_NOT_AVAILABLE:
return {true, static_cast<uint64_t>(PROTOCOL_VIOLATION)};
+ case QUIC_UNEXPECTED_DATA_BEFORE_ENCRYPTION_ESTABLISHED:
+ return {true, static_cast<uint64_t>(PROTOCOL_VIOLATION)};
case QUIC_LAST_ERROR:
return {false, static_cast<uint64_t>(QUIC_LAST_ERROR)};
}
diff --git a/quic/core/quic_error_codes.h b/quic/core/quic_error_codes.h
index 218b12f..0ecef01 100644
--- a/quic/core/quic_error_codes.h
+++ b/quic/core/quic_error_codes.h
@@ -608,9 +608,10 @@
QUIC_TLS_UNEXPECTED_KEYING_MATERIAL_EXPORT_LABEL = 208,
QUIC_TLS_KEYING_MATERIAL_EXPORTS_MISMATCH = 209,
QUIC_TLS_KEYING_MATERIAL_EXPORT_NOT_AVAILABLE = 210,
+ QUIC_UNEXPECTED_DATA_BEFORE_ENCRYPTION_ESTABLISHED = 211,
// No error. Used as bound while iterating.
- QUIC_LAST_ERROR = 211,
+ QUIC_LAST_ERROR = 212,
};
// QuicErrorCodes is encoded as four octets on-the-wire when doing Google QUIC,
// or a varint62 when doing IETF QUIC. Ensure that its value does not exceed
diff --git a/quic/qbone/qbone_server_session.h b/quic/qbone/qbone_server_session.h
index f5af8b4..f398f06 100644
--- a/quic/qbone/qbone_server_session.h
+++ b/quic/qbone/qbone_server_session.h
@@ -82,9 +82,10 @@
// The packet processor.
QbonePacketProcessor processor_;
- private:
// Config for QUIC crypto server stream, used by the server.
const QuicCryptoServerConfig* quic_crypto_server_config_;
+
+ private:
// Used by QUIC crypto server stream to track most recently compressed certs.
QuicCompressedCertsCache* compressed_certs_cache_;
// This helper is needed when create QuicCryptoServerStream.
