Allow QUIC Key Update on first received 1-RTT packet As per the specification, the first key update is allowed even if we haven't decrypted any packets: <<An endpoint MUST NOT initiate a key update prior to having confirmed the handshake (Section 4.1.2). An endpoint MUST NOT initiate a subsequent key update unless it has received an acknowledgment for a packet that was sent protected with keys from the current key phase.>> This issue was found during the IETF 110 hackathon, as another implementation was performing a key update immediately post handshake. Protected by FLAGS_quic_reloadable_flag_quic_fix_key_update_on_first_packet. PiperOrigin-RevId: 360781943 Change-Id: I678cd85ffdd4d014184fa6db86e8c42c64c421cd

commit: 947c8cf32db7e05b31b10d359e9480bf8aa58e28 [log] [tgz]
author: dschinazi <dschinazi@google.com> Wed Mar 03 16:20:39 2021 -0800
committer: Copybara-Service <copybara-worker@google.com> Wed Mar 03 16:21:14 2021 -0800
tree: 04d093ae790992808a5c8831453c0e8d4aad12fe
parent: d6cf8bd92f80f3e001d491304937ff9a97ce02d3 [diff] [blame]
diff --git a/quic/core/quic_framer.h b/quic/core/quic_framer.h
index 0307594..fe395ce 100644
--- a/quic/core/quic_framer.h
+++ b/quic/core/quic_framer.h

@@ -1117,6 +1117,8 @@
   // The value of the current key phase bit, which is toggled when the keys are
   // changed.
   bool current_key_phase_bit_;
+  // Whether we have performed a key update at least once.
+  bool key_update_performed_ = false;
   // Tracks the first packet received in the current key phase. Will be
   // uninitialized before the first one-RTT packet has been received or after a
   // locally initiated key update but before the first packet from the peer in
commit	947c8cf32db7e05b31b10d359e9480bf8aa58e28	[log] [tgz]
author	dschinazi <dschinazi@google.com>	Wed Mar 03 16:20:39 2021 -0800
committer	Copybara-Service <copybara-worker@google.com>	Wed Mar 03 16:21:14 2021 -0800
tree	04d093ae790992808a5c8831453c0e8d4aad12fe
parent	d6cf8bd92f80f3e001d491304937ff9a97ce02d3 [diff] [blame]