Automated g4 rollback of changelist 242988047.
*** Reason for rollback ***
Revert as this change is not easily compatible in chromium.
*** Original change description ***
Add new methods to QuicFramer for controlling decrypters
This CL is a roll forward of cl/242758726. I had to make test-only changes to fix the broken test //third_party/quic/core:tls_handshaker_test.
gfe-relnote: Protected behind QUIC_VERSION_99 and quic_supports_tls_handshake
***
PiperOrigin-RevId: 243273832
Change-Id: I84b0ae565dcb5ceed2351fc37ad195c229d09488
diff --git a/quic/core/http/quic_spdy_client_session_test.cc b/quic/core/http/quic_spdy_client_session_test.cc
index 9a99ca7..4e1dc9e 100644
--- a/quic/core/http/quic_spdy_client_session_test.cc
+++ b/quic/core/http/quic_spdy_client_session_test.cc
@@ -489,22 +489,13 @@
EXPECT_CALL(*connection_, OnError(_)).Times(1);
// Verify that a decryptable packet with bad frames does close the connection.
- QuicConnectionId destination_connection_id =
- session_->connection()->connection_id();
- QuicConnectionId source_connection_id = EmptyQuicConnectionId();
+ QuicConnectionId connection_id = session_->connection()->connection_id();
QuicFramerPeer::SetLastSerializedConnectionId(
- QuicConnectionPeer::GetFramer(connection_), destination_connection_id);
+ QuicConnectionPeer::GetFramer(connection_), connection_id);
ParsedQuicVersionVector versions = {GetParam()};
- bool version_flag = false;
- QuicConnectionIdIncluded scid_included = CONNECTION_ID_ABSENT;
- if (GetParam().transport_version > QUIC_VERSION_43) {
- version_flag = true;
- source_connection_id = destination_connection_id;
- scid_included = CONNECTION_ID_PRESENT;
- }
std::unique_ptr<QuicEncryptedPacket> packet(ConstructMisFramedEncryptedPacket(
- destination_connection_id, source_connection_id, version_flag, false, 100,
- "data", CONNECTION_ID_ABSENT, scid_included, PACKET_4BYTE_PACKET_NUMBER,
+ connection_id, EmptyQuicConnectionId(), false, false, 100, "data",
+ CONNECTION_ID_ABSENT, CONNECTION_ID_ABSENT, PACKET_4BYTE_PACKET_NUMBER,
&versions, Perspective::IS_SERVER));
std::unique_ptr<QuicReceivedPacket> received(
ConstructReceivedPacket(*packet, QuicTime::Zero()));
diff --git a/quic/core/quic_connection.cc b/quic/core/quic_connection.cc
index 307104d..8546076 100644
--- a/quic/core/quic_connection.cc
+++ b/quic/core/quic_connection.cc
@@ -388,7 +388,8 @@
}
QUIC_DLOG(INFO) << ENDPOINT
<< "Created connection with connection_id: " << connection_id
- << " and version: " << ParsedQuicVersionToString(version());
+ << " and version: "
+ << QuicVersionToString(transport_version());
QUIC_BUG_IF(!QuicUtils::IsConnectionIdValidForVersion(connection_id,
transport_version()))
@@ -2883,20 +2884,6 @@
}
}
-void QuicConnection::InstallDecrypter(
- EncryptionLevel level,
- std::unique_ptr<QuicDecrypter> decrypter) {
- framer_.InstallDecrypter(level, std::move(decrypter));
- if (!undecryptable_packets_.empty() &&
- !process_undecryptable_packets_alarm_->IsSet()) {
- process_undecryptable_packets_alarm_->Set(clock_->ApproximateNow());
- }
-}
-
-void QuicConnection::RemoveDecrypter(EncryptionLevel level) {
- framer_.RemoveDecrypter(level);
-}
-
const QuicDecrypter* QuicConnection::decrypter() const {
return framer_.decrypter();
}
@@ -3920,13 +3907,6 @@
return packet_generator_.GetGuaranteedLargestMessagePayload();
}
-uint32_t QuicConnection::cipher_id() const {
- if (version().KnowsWhichDecrypterToUse()) {
- return framer_.GetDecrypter(last_decrypted_packet_level_)->cipher_id();
- }
- return framer_.decrypter()->cipher_id();
-}
-
bool QuicConnection::ShouldSetAckAlarm() const {
DCHECK(ack_frame_updated());
if (ack_alarm_->IsSet()) {
diff --git a/quic/core/quic_connection.h b/quic/core/quic_connection.h
index d13458d..602361e 100644
--- a/quic/core/quic_connection.h
+++ b/quic/core/quic_connection.h
@@ -672,10 +672,6 @@
std::unique_ptr<QuicDecrypter> decrypter,
bool latch_once_used);
- void InstallDecrypter(EncryptionLevel level,
- std::unique_ptr<QuicDecrypter> decrypter);
- void RemoveDecrypter(EncryptionLevel level);
-
const QuicDecrypter* decrypter() const;
const QuicDecrypter* alternative_decrypter() const;
@@ -769,8 +765,8 @@
// connection ID lengths do not change.
QuicPacketLength GetGuaranteedLargestMessagePayload() const;
- // Returns the id of the cipher last used for decrypting packets.
- uint32_t cipher_id() const;
+ // Return the id of the cipher of the primary decrypter of the framer.
+ uint32_t cipher_id() const { return framer_.decrypter()->cipher_id(); }
std::vector<std::unique_ptr<QuicEncryptedPacket>>* termination_packets() {
return termination_packets_.get();
diff --git a/quic/core/quic_connection_test.cc b/quic/core/quic_connection_test.cc
index 4072ecd..cd53edf 100644
--- a/quic/core/quic_connection_test.cc
+++ b/quic/core/quic_connection_test.cc
@@ -5,15 +5,14 @@
#include "net/third_party/quiche/src/quic/core/quic_connection.h"
#include <errno.h>
-
#include <memory>
#include <ostream>
-#include <string>
#include <utility>
+#include <string>
+
#include "net/third_party/quiche/src/quic/core/congestion_control/loss_detection_interface.h"
#include "net/third_party/quiche/src/quic/core/congestion_control/send_algorithm_interface.h"
-#include "net/third_party/quiche/src/quic/core/crypto/null_decrypter.h"
#include "net/third_party/quiche/src/quic/core/crypto/null_encrypter.h"
#include "net/third_party/quiche/src/quic/core/crypto/quic_decrypter.h"
#include "net/third_party/quiche/src/quic/core/crypto/quic_encrypter.h"
@@ -359,21 +358,8 @@
}
if (use_tagging_decrypter_) {
- if (framer_.framer()->version().KnowsWhichDecrypterToUse()) {
- framer_.framer()->InstallDecrypter(ENCRYPTION_INITIAL,
- QuicMakeUnique<TaggingDecrypter>());
- framer_.framer()->InstallDecrypter(ENCRYPTION_ZERO_RTT,
- QuicMakeUnique<TaggingDecrypter>());
- framer_.framer()->InstallDecrypter(ENCRYPTION_FORWARD_SECURE,
- QuicMakeUnique<TaggingDecrypter>());
- } else {
- framer_.framer()->SetDecrypter(ENCRYPTION_INITIAL,
- QuicMakeUnique<TaggingDecrypter>());
- }
- } else if (framer_.framer()->version().KnowsWhichDecrypterToUse()) {
- framer_.framer()->InstallDecrypter(
- ENCRYPTION_FORWARD_SECURE,
- QuicMakeUnique<NullDecrypter>(Perspective::IS_SERVER));
+ framer_.framer()->SetDecrypter(ENCRYPTION_INITIAL,
+ QuicMakeUnique<TaggingDecrypter>());
}
EXPECT_TRUE(framer_.ProcessPacket(packet));
if (block_on_next_write_) {
@@ -981,12 +967,6 @@
.WillRepeatedly(Return(QuicTime::Zero()));
EXPECT_CALL(*loss_algorithm_, DetectLosses(_, _, _, _, _, _))
.Times(AnyNumber());
-
- if (connection_.version().KnowsWhichDecrypterToUse()) {
- connection_.InstallDecrypter(
- ENCRYPTION_FORWARD_SECURE,
- QuicMakeUnique<NullDecrypter>(Perspective::IS_CLIENT));
- }
}
QuicConnectionTest(const QuicConnectionTest&) = delete;
@@ -1014,16 +994,6 @@
void use_tagging_decrypter() { writer_->use_tagging_decrypter(); }
- void SetDecrypter(EncryptionLevel level,
- std::unique_ptr<QuicDecrypter> decrypter) {
- if (connection_.version().KnowsWhichDecrypterToUse()) {
- connection_.InstallDecrypter(level, std::move(decrypter));
- connection_.RemoveDecrypter(ENCRYPTION_INITIAL);
- } else {
- connection_.SetDecrypter(level, std::move(decrypter));
- }
- }
-
void ProcessPacket(uint64_t number) {
EXPECT_CALL(visitor_, OnStreamFrame(_)).Times(1);
ProcessDataPacket(number);
@@ -1078,11 +1048,8 @@
void ForceProcessFramePacket(QuicFrame frame) {
QuicFrames frames;
frames.push_back(QuicFrame(frame));
- bool send_version = connection_.perspective() == Perspective::IS_SERVER;
- if (connection_.version().KnowsWhichDecrypterToUse()) {
- send_version = true;
- }
- QuicPacketCreatorPeer::SetSendVersionInPacket(&peer_creator_, send_version);
+ QuicPacketCreatorPeer::SetSendVersionInPacket(
+ &peer_creator_, connection_.perspective() == Perspective::IS_SERVER);
QuicPacketHeader header;
QuicPacketCreatorPeer::FillPacketHeader(&peer_creator_, &header);
char encrypted_buffer[kMaxOutgoingPacketSize];
@@ -1114,16 +1081,6 @@
peer_framer_.perspective() == Perspective::IS_SERVER) {
header.destination_connection_id_included = CONNECTION_ID_ABSENT;
}
- if (level == ENCRYPTION_INITIAL &&
- peer_framer_.version().KnowsWhichDecrypterToUse()) {
- header.version_flag = true;
- header.retry_token_length_length = VARIABLE_LENGTH_INTEGER_LENGTH_1;
- header.length_length = VARIABLE_LENGTH_INTEGER_LENGTH_2;
- if (peer_framer_.perspective() == Perspective::IS_SERVER) {
- header.source_connection_id = connection_id_;
- header.source_connection_id_included = CONNECTION_ID_PRESENT;
- }
- }
header.packet_number = QuicPacketNumber(number);
QuicFrames frames;
frames.push_back(frame);
@@ -1137,16 +1094,9 @@
QuicPacketCreatorPeer::GetEncryptionLevel(&peer_creator_),
QuicMakeUnique<TaggingEncrypter>(0x01));
// Set the corresponding decrypter.
- if (connection_.version().KnowsWhichDecrypterToUse()) {
- connection_.InstallDecrypter(
- QuicPacketCreatorPeer::GetEncryptionLevel(&peer_creator_),
- QuicMakeUnique<StrictTaggingDecrypter>(0x01));
- connection_.RemoveDecrypter(ENCRYPTION_INITIAL);
- } else {
- connection_.SetDecrypter(
- QuicPacketCreatorPeer::GetEncryptionLevel(&peer_creator_),
- QuicMakeUnique<StrictTaggingDecrypter>(0x01));
- }
+ connection_.SetDecrypter(
+ QuicPacketCreatorPeer::GetEncryptionLevel(&peer_creator_),
+ QuicMakeUnique<StrictTaggingDecrypter>(0x01));
}
char buffer[kMaxOutgoingPacketSize];
@@ -3012,8 +2962,8 @@
EXPECT_CALL(visitor_, OnStreamFrame(_)).Times(1);
peer_framer_.SetEncrypter(ENCRYPTION_FORWARD_SECURE,
QuicMakeUnique<TaggingEncrypter>(0x01));
- SetDecrypter(ENCRYPTION_FORWARD_SECURE,
- QuicMakeUnique<StrictTaggingDecrypter>(0x01));
+ connection_.SetDecrypter(ENCRYPTION_FORWARD_SECURE,
+ QuicMakeUnique<StrictTaggingDecrypter>(0x01));
ProcessDataPacketAtLevel(2, false, ENCRYPTION_FORWARD_SECURE);
EXPECT_EQ(0u, connection_.NumQueuedPackets());
@@ -3438,7 +3388,7 @@
1, stream_id, QUIC_ERROR_PROCESSING_STREAM, 14)));
}
EXPECT_EQ(1u, writer_->frame_count());
- ASSERT_EQ(1u, writer_->rst_stream_frames().size());
+ EXPECT_EQ(1u, writer_->rst_stream_frames().size());
EXPECT_EQ(stream_id, writer_->rst_stream_frames().front().stream_id);
}
@@ -4250,8 +4200,8 @@
// Transition to the new encryption state and process another encrypted packet
// which should result in the original packet being processed.
- SetDecrypter(ENCRYPTION_ZERO_RTT,
- QuicMakeUnique<StrictTaggingDecrypter>(tag));
+ connection_.SetDecrypter(ENCRYPTION_ZERO_RTT,
+ QuicMakeUnique<StrictTaggingDecrypter>(tag));
connection_.SetDefaultEncryptionLevel(ENCRYPTION_ZERO_RTT);
connection_.SetEncrypter(ENCRYPTION_ZERO_RTT,
QuicMakeUnique<TaggingEncrypter>(tag));
@@ -4324,8 +4274,8 @@
// Transition to the new encryption state and process another encrypted packet
// which should result in the original packets being processed.
EXPECT_FALSE(connection_.GetProcessUndecryptablePacketsAlarm()->IsSet());
- SetDecrypter(ENCRYPTION_ZERO_RTT,
- QuicMakeUnique<StrictTaggingDecrypter>(tag));
+ connection_.SetDecrypter(ENCRYPTION_ZERO_RTT,
+ QuicMakeUnique<StrictTaggingDecrypter>(tag));
EXPECT_TRUE(connection_.GetProcessUndecryptablePacketsAlarm()->IsSet());
connection_.SetDefaultEncryptionLevel(ENCRYPTION_ZERO_RTT);
connection_.SetEncrypter(ENCRYPTION_ZERO_RTT,
@@ -5658,8 +5608,8 @@
EXPECT_CALL(visitor_, OnSuccessfulVersionNegotiation(_));
EXPECT_FALSE(connection_.GetAckAlarm()->IsSet());
const uint8_t tag = 0x07;
- SetDecrypter(ENCRYPTION_ZERO_RTT,
- QuicMakeUnique<StrictTaggingDecrypter>(tag));
+ connection_.SetDecrypter(ENCRYPTION_ZERO_RTT,
+ QuicMakeUnique<StrictTaggingDecrypter>(tag));
peer_framer_.SetEncrypter(ENCRYPTION_ZERO_RTT,
QuicMakeUnique<TaggingEncrypter>(tag));
// Process a packet from the non-crypto stream.
@@ -5700,8 +5650,8 @@
EXPECT_CALL(visitor_, OnSuccessfulVersionNegotiation(_));
EXPECT_FALSE(connection_.GetAckAlarm()->IsSet());
const uint8_t tag = 0x07;
- SetDecrypter(ENCRYPTION_ZERO_RTT,
- QuicMakeUnique<StrictTaggingDecrypter>(tag));
+ connection_.SetDecrypter(ENCRYPTION_ZERO_RTT,
+ QuicMakeUnique<StrictTaggingDecrypter>(tag));
peer_framer_.SetEncrypter(ENCRYPTION_ZERO_RTT,
QuicMakeUnique<TaggingEncrypter>(tag));
// Process a packet from the non-crypto stream.
@@ -5781,8 +5731,8 @@
EXPECT_CALL(visitor_, OnSuccessfulVersionNegotiation(_));
EXPECT_FALSE(connection_.GetAckAlarm()->IsSet());
const uint8_t tag = 0x07;
- SetDecrypter(ENCRYPTION_ZERO_RTT,
- QuicMakeUnique<StrictTaggingDecrypter>(tag));
+ connection_.SetDecrypter(ENCRYPTION_ZERO_RTT,
+ QuicMakeUnique<StrictTaggingDecrypter>(tag));
peer_framer_.SetEncrypter(ENCRYPTION_ZERO_RTT,
QuicMakeUnique<TaggingEncrypter>(tag));
// Process a packet from the non-crypto stream.
@@ -5843,8 +5793,8 @@
EXPECT_CALL(visitor_, OnSuccessfulVersionNegotiation(_));
EXPECT_FALSE(connection_.GetAckAlarm()->IsSet());
const uint8_t tag = 0x07;
- SetDecrypter(ENCRYPTION_ZERO_RTT,
- QuicMakeUnique<StrictTaggingDecrypter>(tag));
+ connection_.SetDecrypter(ENCRYPTION_ZERO_RTT,
+ QuicMakeUnique<StrictTaggingDecrypter>(tag));
peer_framer_.SetEncrypter(ENCRYPTION_ZERO_RTT,
QuicMakeUnique<TaggingEncrypter>(tag));
// Process a packet from the non-crypto stream.
@@ -5981,8 +5931,8 @@
EXPECT_CALL(visitor_, OnSuccessfulVersionNegotiation(_));
EXPECT_FALSE(connection_.GetAckAlarm()->IsSet());
const uint8_t tag = 0x07;
- SetDecrypter(ENCRYPTION_ZERO_RTT,
- QuicMakeUnique<StrictTaggingDecrypter>(tag));
+ connection_.SetDecrypter(ENCRYPTION_ZERO_RTT,
+ QuicMakeUnique<StrictTaggingDecrypter>(tag));
peer_framer_.SetEncrypter(ENCRYPTION_ZERO_RTT,
QuicMakeUnique<TaggingEncrypter>(tag));
// Process a packet from the non-crypto stream.
@@ -6037,8 +5987,8 @@
EXPECT_CALL(visitor_, OnSuccessfulVersionNegotiation(_));
EXPECT_FALSE(connection_.GetAckAlarm()->IsSet());
const uint8_t tag = 0x07;
- SetDecrypter(ENCRYPTION_ZERO_RTT,
- QuicMakeUnique<StrictTaggingDecrypter>(tag));
+ connection_.SetDecrypter(ENCRYPTION_ZERO_RTT,
+ QuicMakeUnique<StrictTaggingDecrypter>(tag));
peer_framer_.SetEncrypter(ENCRYPTION_ZERO_RTT,
QuicMakeUnique<TaggingEncrypter>(tag));
// Process a packet from the non-crypto stream.
@@ -6098,8 +6048,8 @@
EXPECT_CALL(visitor_, OnSuccessfulVersionNegotiation(_));
EXPECT_FALSE(connection_.GetAckAlarm()->IsSet());
const uint8_t tag = 0x07;
- SetDecrypter(ENCRYPTION_ZERO_RTT,
- QuicMakeUnique<StrictTaggingDecrypter>(tag));
+ connection_.SetDecrypter(ENCRYPTION_ZERO_RTT,
+ QuicMakeUnique<StrictTaggingDecrypter>(tag));
peer_framer_.SetEncrypter(ENCRYPTION_ZERO_RTT,
QuicMakeUnique<TaggingEncrypter>(tag));
// Process a packet from the non-crypto stream.
@@ -6165,8 +6115,8 @@
EXPECT_CALL(visitor_, OnSuccessfulVersionNegotiation(_));
EXPECT_FALSE(connection_.GetAckAlarm()->IsSet());
const uint8_t tag = 0x07;
- SetDecrypter(ENCRYPTION_ZERO_RTT,
- QuicMakeUnique<StrictTaggingDecrypter>(tag));
+ connection_.SetDecrypter(ENCRYPTION_ZERO_RTT,
+ QuicMakeUnique<StrictTaggingDecrypter>(tag));
peer_framer_.SetEncrypter(ENCRYPTION_ZERO_RTT,
QuicMakeUnique<TaggingEncrypter>(tag));
// Process a packet from the non-crypto stream.
@@ -6252,8 +6202,8 @@
EXPECT_CALL(visitor_, OnSuccessfulVersionNegotiation(_));
EXPECT_FALSE(connection_.GetAckAlarm()->IsSet());
const uint8_t tag = 0x07;
- SetDecrypter(ENCRYPTION_ZERO_RTT,
- QuicMakeUnique<StrictTaggingDecrypter>(tag));
+ connection_.SetDecrypter(ENCRYPTION_ZERO_RTT,
+ QuicMakeUnique<StrictTaggingDecrypter>(tag));
peer_framer_.SetEncrypter(ENCRYPTION_ZERO_RTT,
QuicMakeUnique<TaggingEncrypter>(tag));
// Process a packet from the non-crypto stream.
@@ -6323,8 +6273,8 @@
EXPECT_CALL(visitor_, OnSuccessfulVersionNegotiation(_));
EXPECT_FALSE(connection_.GetAckAlarm()->IsSet());
const uint8_t tag = 0x07;
- SetDecrypter(ENCRYPTION_ZERO_RTT,
- QuicMakeUnique<StrictTaggingDecrypter>(tag));
+ connection_.SetDecrypter(ENCRYPTION_ZERO_RTT,
+ QuicMakeUnique<StrictTaggingDecrypter>(tag));
peer_framer_.SetEncrypter(ENCRYPTION_ZERO_RTT,
QuicMakeUnique<TaggingEncrypter>(tag));
// Process a packet from the non-crypto stream.
@@ -6494,8 +6444,8 @@
EXPECT_CALL(visitor_, OnStreamFrame(_));
peer_framer_.SetEncrypter(ENCRYPTION_FORWARD_SECURE,
QuicMakeUnique<TaggingEncrypter>(0x01));
- SetDecrypter(ENCRYPTION_FORWARD_SECURE,
- QuicMakeUnique<StrictTaggingDecrypter>(0x01));
+ connection_.SetDecrypter(ENCRYPTION_FORWARD_SECURE,
+ QuicMakeUnique<StrictTaggingDecrypter>(0x01));
ProcessDataPacketAtLevel(1, false, ENCRYPTION_FORWARD_SECURE);
connection_.SendStreamDataWithString(
GetNthClientInitiatedStreamId(1, connection_.transport_version()), "foo",
@@ -8780,8 +8730,8 @@
EXPECT_TRUE(connection_.GetAckAlarm()->IsSet());
peer_framer_.SetEncrypter(ENCRYPTION_ZERO_RTT,
QuicMakeUnique<TaggingEncrypter>(0x02));
- SetDecrypter(ENCRYPTION_ZERO_RTT,
- QuicMakeUnique<StrictTaggingDecrypter>(0x02));
+ connection_.SetDecrypter(ENCRYPTION_ZERO_RTT,
+ QuicMakeUnique<StrictTaggingDecrypter>(0x02));
connection_.SetEncrypter(ENCRYPTION_INITIAL,
QuicMakeUnique<TaggingEncrypter>(0x02));
// Receives packet 1000 in application data.
@@ -8808,8 +8758,8 @@
peer_framer_.SetEncrypter(ENCRYPTION_FORWARD_SECURE,
QuicMakeUnique<TaggingEncrypter>(0x02));
- SetDecrypter(ENCRYPTION_FORWARD_SECURE,
- QuicMakeUnique<StrictTaggingDecrypter>(0x02));
+ connection_.SetDecrypter(ENCRYPTION_FORWARD_SECURE,
+ QuicMakeUnique<StrictTaggingDecrypter>(0x02));
// Verify zero rtt and forward secure packets get acked in the same packet.
EXPECT_CALL(*send_algorithm_, OnPacketSent(_, _, _, _, _)).Times(1);
ProcessDataPacketAtLevel(1003, false, ENCRYPTION_FORWARD_SECURE);
@@ -8828,8 +8778,8 @@
EXPECT_TRUE(connection_.GetAckAlarm()->IsSet());
peer_framer_.SetEncrypter(ENCRYPTION_ZERO_RTT,
QuicMakeUnique<TaggingEncrypter>(0x02));
- SetDecrypter(ENCRYPTION_ZERO_RTT,
- QuicMakeUnique<StrictTaggingDecrypter>(0x02));
+ connection_.SetDecrypter(ENCRYPTION_ZERO_RTT,
+ QuicMakeUnique<StrictTaggingDecrypter>(0x02));
connection_.SetEncrypter(ENCRYPTION_INITIAL,
QuicMakeUnique<TaggingEncrypter>(0x02));
// Receives packet 1000 in application data.
diff --git a/quic/core/quic_crypto_client_handshaker.cc b/quic/core/quic_crypto_client_handshaker.cc
index d6c9af4..013ab3f 100644
--- a/quic/core/quic_crypto_client_handshaker.cc
+++ b/quic/core/quic_crypto_client_handshaker.cc
@@ -375,16 +375,10 @@
crypto_config_->pad_full_hello());
SendHandshakeMessage(out);
// Be prepared to decrypt with the new server write key.
- if (session()->connection()->version().KnowsWhichDecrypterToUse()) {
- session()->connection()->InstallDecrypter(
- ENCRYPTION_ZERO_RTT,
- std::move(crypto_negotiated_params_->initial_crypters.decrypter));
- } else {
- session()->connection()->SetAlternativeDecrypter(
- ENCRYPTION_ZERO_RTT,
- std::move(crypto_negotiated_params_->initial_crypters.decrypter),
- true /* latch once used */);
- }
+ session()->connection()->SetAlternativeDecrypter(
+ ENCRYPTION_ZERO_RTT,
+ std::move(crypto_negotiated_params_->initial_crypters.decrypter),
+ true /* latch once used */);
// Send subsequent packets under encryption on the assumption that the
// server will accept the handshake.
session()->connection()->SetEncrypter(
@@ -590,8 +584,10 @@
// to see whether the response was a reject, and if so, move on to
// the reject-processing state.
if ((in->tag() == kREJ) || (in->tag() == kSREJ)) {
- // A reject message must be sent in ENCRYPTION_INITIAL.
- if (session()->connection()->last_decrypted_level() != ENCRYPTION_INITIAL) {
+ // alternative_decrypter will be nullptr if the original alternative
+ // decrypter latched and became the primary decrypter. That happens
+ // if we received a message encrypted with the INITIAL key.
+ if (session()->connection()->alternative_decrypter() == nullptr) {
// The rejection was sent encrypted!
stream_->CloseConnectionWithDetails(
QUIC_CRYPTO_ENCRYPTION_LEVEL_INCORRECT, "encrypted REJ message");
@@ -607,7 +603,10 @@
return;
}
- if (session()->connection()->last_decrypted_level() == ENCRYPTION_INITIAL) {
+ // alternative_decrypter will be nullptr if the original alternative
+ // decrypter latched and became the primary decrypter. That happens
+ // if we received a message encrypted with the INITIAL key.
+ if (session()->connection()->alternative_decrypter() != nullptr) {
// The server hello was sent without encryption.
stream_->CloseConnectionWithDetails(QUIC_CRYPTO_ENCRYPTION_LEVEL_INCORRECT,
"unencrypted SHLO message");
@@ -639,14 +638,9 @@
// has been floated that the server shouldn't send packets encrypted
// with the FORWARD_SECURE key until it receives a FORWARD_SECURE
// packet from the client.
- if (session()->connection()->version().KnowsWhichDecrypterToUse()) {
- session()->connection()->InstallDecrypter(ENCRYPTION_FORWARD_SECURE,
- std::move(crypters->decrypter));
- } else {
- session()->connection()->SetAlternativeDecrypter(
- ENCRYPTION_FORWARD_SECURE, std::move(crypters->decrypter),
- false /* don't latch */);
- }
+ session()->connection()->SetAlternativeDecrypter(
+ ENCRYPTION_FORWARD_SECURE, std::move(crypters->decrypter),
+ false /* don't latch */);
session()->connection()->SetEncrypter(ENCRYPTION_FORWARD_SECURE,
std::move(crypters->encrypter));
session()->connection()->SetDefaultEncryptionLevel(ENCRYPTION_FORWARD_SECURE);
diff --git a/quic/core/quic_crypto_server_handshaker.cc b/quic/core/quic_crypto_server_handshaker.cc
index c0e61ef..cd3cce9 100644
--- a/quic/core/quic_crypto_server_handshaker.cc
+++ b/quic/core/quic_crypto_server_handshaker.cc
@@ -230,16 +230,9 @@
session()->connection()->SetDefaultEncryptionLevel(ENCRYPTION_ZERO_RTT);
// Set the decrypter immediately so that we no longer accept unencrypted
// packets.
- if (session()->connection()->version().KnowsWhichDecrypterToUse()) {
- session()->connection()->InstallDecrypter(
- ENCRYPTION_ZERO_RTT,
- std::move(crypto_negotiated_params_->initial_crypters.decrypter));
- session()->connection()->RemoveDecrypter(ENCRYPTION_INITIAL);
- } else {
- session()->connection()->SetDecrypter(
- ENCRYPTION_ZERO_RTT,
- std::move(crypto_negotiated_params_->initial_crypters.decrypter));
- }
+ session()->connection()->SetDecrypter(
+ ENCRYPTION_ZERO_RTT,
+ std::move(crypto_negotiated_params_->initial_crypters.decrypter));
session()->connection()->SetDiversificationNonce(*diversification_nonce);
session()->connection()->set_fully_pad_crypto_hadshake_packets(
@@ -251,17 +244,10 @@
std::move(crypto_negotiated_params_->forward_secure_crypters.encrypter));
session()->connection()->SetDefaultEncryptionLevel(ENCRYPTION_FORWARD_SECURE);
- if (session()->connection()->version().KnowsWhichDecrypterToUse()) {
- session()->connection()->InstallDecrypter(
- ENCRYPTION_FORWARD_SECURE,
- std::move(
- crypto_negotiated_params_->forward_secure_crypters.decrypter));
- } else {
- session()->connection()->SetAlternativeDecrypter(
- ENCRYPTION_FORWARD_SECURE,
- std::move(crypto_negotiated_params_->forward_secure_crypters.decrypter),
- false /* don't latch */);
- }
+ session()->connection()->SetAlternativeDecrypter(
+ ENCRYPTION_FORWARD_SECURE,
+ std::move(crypto_negotiated_params_->forward_secure_crypters.decrypter),
+ false /* don't latch */);
encryption_established_ = true;
handshake_confirmed_ = true;
diff --git a/quic/core/quic_framer.cc b/quic/core/quic_framer.cc
index 0e30453..f99b60f 100644
--- a/quic/core/quic_framer.cc
+++ b/quic/core/quic_framer.cc
@@ -346,32 +346,6 @@
return NUM_PACKET_NUMBER_SPACES;
}
-EncryptionLevel GetEncryptionLevel(const QuicPacketHeader& header) {
- switch (header.form) {
- case GOOGLE_QUIC_PACKET:
- QUIC_BUG << "Cannot determine EncryptionLevel from Google QUIC header";
- break;
- case IETF_QUIC_SHORT_HEADER_PACKET:
- return ENCRYPTION_FORWARD_SECURE;
- case IETF_QUIC_LONG_HEADER_PACKET:
- switch (header.long_packet_type) {
- case INITIAL:
- return ENCRYPTION_INITIAL;
- case HANDSHAKE:
- return ENCRYPTION_HANDSHAKE;
- case ZERO_RTT_PROTECTED:
- return ENCRYPTION_ZERO_RTT;
- case VERSION_NEGOTIATION:
- case RETRY:
- case INVALID_PACKET_TYPE:
- QUIC_BUG << "No encryption used with type "
- << QuicUtils::QuicLongHeaderTypetoString(
- header.long_packet_type);
- }
- }
- return NUM_ENCRYPTION_LEVELS;
-}
-
QuicStringPiece TruncateErrorString(QuicStringPiece error) {
if (error.length() <= kMaxErrorStringLength) {
return error;
@@ -3887,7 +3861,6 @@
std::unique_ptr<QuicDecrypter> decrypter) {
DCHECK_EQ(alternative_decrypter_level_, NUM_ENCRYPTION_LEVELS);
DCHECK_GE(level, decrypter_level_);
- DCHECK(!version_.KnowsWhichDecrypterToUse());
decrypter_[decrypter_level_] = nullptr;
decrypter_[level] = std::move(decrypter);
decrypter_level_ = level;
@@ -3898,7 +3871,6 @@
std::unique_ptr<QuicDecrypter> decrypter,
bool latch_once_used) {
DCHECK_NE(level, decrypter_level_);
- DCHECK(!version_.KnowsWhichDecrypterToUse());
if (alternative_decrypter_level_ != NUM_ENCRYPTION_LEVELS) {
decrypter_[alternative_decrypter_level_] = nullptr;
}
@@ -3907,22 +3879,6 @@
alternative_decrypter_latch_ = latch_once_used;
}
-void QuicFramer::InstallDecrypter(EncryptionLevel level,
- std::unique_ptr<QuicDecrypter> decrypter) {
- DCHECK(version_.KnowsWhichDecrypterToUse());
- decrypter_[level] = std::move(decrypter);
-}
-
-void QuicFramer::RemoveDecrypter(EncryptionLevel level) {
- DCHECK(version_.KnowsWhichDecrypterToUse());
- decrypter_[level] = nullptr;
-}
-
-const QuicDecrypter* QuicFramer::GetDecrypter(EncryptionLevel level) const {
- DCHECK(version_.KnowsWhichDecrypterToUse());
- return decrypter_[level].get();
-}
-
const QuicDecrypter* QuicFramer::decrypter() const {
return decrypter_[decrypter_level_].get();
}
@@ -4018,31 +3974,18 @@
size_t buffer_length,
size_t* decrypted_length,
EncryptionLevel* decrypted_level) {
- EncryptionLevel level = decrypter_level_;
- QuicDecrypter* decrypter = decrypter_[level].get();
+ DCHECK(decrypter_[decrypter_level_] != nullptr);
QuicDecrypter* alternative_decrypter = nullptr;
- if (version().KnowsWhichDecrypterToUse()) {
- level = GetEncryptionLevel(header);
- decrypter = decrypter_[level].get();
- if (decrypter == nullptr) {
- return false;
- }
- if (level == ENCRYPTION_ZERO_RTT &&
- perspective_ == Perspective::IS_CLIENT && header.nonce != nullptr) {
- decrypter->SetDiversificationNonce(*header.nonce);
- }
- } else if (alternative_decrypter_level_ != NUM_ENCRYPTION_LEVELS) {
+ if (alternative_decrypter_level_ != NUM_ENCRYPTION_LEVELS) {
alternative_decrypter = decrypter_[alternative_decrypter_level_].get();
}
- DCHECK(decrypter != nullptr);
-
- bool success = decrypter->DecryptPacket(
+ bool success = decrypter_[decrypter_level_]->DecryptPacket(
header.packet_number.ToUint64(), associated_data, encrypted,
decrypted_buffer, decrypted_length, buffer_length);
if (success) {
- visitor_->OnDecryptedPacket(level);
- *decrypted_level = level;
+ visitor_->OnDecryptedPacket(decrypter_level_);
+ *decrypted_level = decrypter_level_;
} else if (alternative_decrypter != nullptr) {
if (header.nonce != nullptr) {
DCHECK_EQ(perspective_, Perspective::IS_CLIENT);
diff --git a/quic/core/quic_framer.h b/quic/core/quic_framer.h
index 8d2fd93..fc189b2 100644
--- a/quic/core/quic_framer.h
+++ b/quic/core/quic_framer.h
@@ -475,11 +475,6 @@
std::unique_ptr<QuicDecrypter> decrypter,
bool latch_once_used);
- void InstallDecrypter(EncryptionLevel level,
- std::unique_ptr<QuicDecrypter> decrypter);
- void RemoveDecrypter(EncryptionLevel level);
-
- const QuicDecrypter* GetDecrypter(EncryptionLevel level) const;
const QuicDecrypter* decrypter() const;
const QuicDecrypter* alternative_decrypter() const;
diff --git a/quic/core/quic_framer_test.cc b/quic/core/quic_framer_test.cc
index 4cb837e..bc1dc5c 100644
--- a/quic/core/quic_framer_test.cc
+++ b/quic/core/quic_framer_test.cc
@@ -456,13 +456,8 @@
kQuicDefaultConnectionIdLength) {
SetQuicFlag(&FLAGS_quic_supports_tls_handshake, true);
framer_.set_version(version_);
- if (framer_.version().KnowsWhichDecrypterToUse()) {
- framer_.InstallDecrypter(ENCRYPTION_INITIAL,
- std::unique_ptr<QuicDecrypter>(decrypter_));
- } else {
- framer_.SetDecrypter(ENCRYPTION_INITIAL,
- std::unique_ptr<QuicDecrypter>(decrypter_));
- }
+ framer_.SetDecrypter(ENCRYPTION_INITIAL,
+ std::unique_ptr<QuicDecrypter>(decrypter_));
framer_.SetEncrypter(ENCRYPTION_INITIAL,
std::unique_ptr<QuicEncrypter>(encrypter_));
@@ -470,14 +465,6 @@
framer_.InferPacketHeaderTypeFromVersion();
}
- void SetDecrypterLevel(EncryptionLevel level) {
- if (!framer_.version().KnowsWhichDecrypterToUse()) {
- return;
- }
- decrypter_ = new TestDecrypter();
- framer_.InstallDecrypter(level, std::unique_ptr<QuicDecrypter>(decrypter_));
- }
-
// Helper function to get unsigned char representation of the handshake
// protocol byte of the current QUIC version number.
unsigned char GetQuicVersionProtocolByte() {
@@ -816,7 +803,6 @@
}
TEST_P(QuicFramerTest, LargePacket) {
- SetDecrypterLevel(ENCRYPTION_FORWARD_SECURE);
// clang-format off
unsigned char packet[kMaxIncomingPacketSize + 1] = {
// public flags (8 byte connection_id)
@@ -974,7 +960,6 @@
}
TEST_P(QuicFramerTest, PacketHeaderWith0ByteConnectionId) {
- SetDecrypterLevel(ENCRYPTION_FORWARD_SECURE);
QuicFramerPeer::SetLastSerializedConnectionId(&framer_,
FramerTestConnectionId());
QuicFramerPeer::SetPerspective(&framer_, Perspective::IS_CLIENT);
@@ -1030,7 +1015,6 @@
}
TEST_P(QuicFramerTest, PacketHeaderWithVersionFlag) {
- SetDecrypterLevel(ENCRYPTION_ZERO_RTT);
// clang-format off
PacketFragments packet = {
// public flags (0 byte connection_id)
@@ -1130,7 +1114,6 @@
}
TEST_P(QuicFramerTest, PacketHeaderWith4BytePacketNumber) {
- SetDecrypterLevel(ENCRYPTION_FORWARD_SECURE);
QuicFramerPeer::SetLargestPacketNumber(&framer_, kPacketNumber - 2);
// clang-format off
@@ -1190,7 +1173,6 @@
}
TEST_P(QuicFramerTest, PacketHeaderWith2BytePacketNumber) {
- SetDecrypterLevel(ENCRYPTION_FORWARD_SECURE);
QuicFramerPeer::SetLargestPacketNumber(&framer_, kPacketNumber - 2);
// clang-format off
@@ -1251,7 +1233,6 @@
}
TEST_P(QuicFramerTest, PacketHeaderWith1BytePacketNumber) {
- SetDecrypterLevel(ENCRYPTION_FORWARD_SECURE);
QuicFramerPeer::SetLargestPacketNumber(&framer_, kPacketNumber - 2);
// clang-format off
@@ -1313,7 +1294,6 @@
}
TEST_P(QuicFramerTest, PacketNumberDecreasesThenIncreases) {
- SetDecrypterLevel(ENCRYPTION_FORWARD_SECURE);
// Test the case when a packet is received from the past and future packet
// numbers are still calculated relative to the largest received packet.
QuicPacketHeader header;
@@ -1380,7 +1360,6 @@
}
TEST_P(QuicFramerTest, PacketWithDiversificationNonce) {
- SetDecrypterLevel(ENCRYPTION_ZERO_RTT);
// clang-format off
unsigned char packet[] = {
// public flags: includes nonce flag
@@ -1550,7 +1529,6 @@
}
TEST_P(QuicFramerTest, PaddingFrame) {
- SetDecrypterLevel(ENCRYPTION_FORWARD_SECURE);
// clang-format off
unsigned char packet[] = {
// public flags (8 byte connection_id)
@@ -1695,7 +1673,6 @@
}
TEST_P(QuicFramerTest, StreamFrame) {
- SetDecrypterLevel(ENCRYPTION_FORWARD_SECURE);
// clang-format off
PacketFragments packet = {
// public flags (8 byte connection_id)
@@ -1852,7 +1829,6 @@
if (framer_.transport_version() != QUIC_VERSION_99) {
return;
}
- SetDecrypterLevel(ENCRYPTION_FORWARD_SECURE);
// clang-format off
PacketFragments packet = {
// type (short header, 4 byte packet number)
@@ -1906,18 +1882,11 @@
return;
}
QuicFramerPeer::SetPerspective(&framer_, Perspective::IS_CLIENT);
+ framer_.SetDecrypter(ENCRYPTION_INITIAL,
+ QuicMakeUnique<NullDecrypter>(Perspective::IS_CLIENT));
decrypter_ = new test::TestDecrypter();
- if (framer_.version().KnowsWhichDecrypterToUse()) {
- framer_.InstallDecrypter(ENCRYPTION_INITIAL, QuicMakeUnique<NullDecrypter>(
- Perspective::IS_CLIENT));
- framer_.InstallDecrypter(ENCRYPTION_ZERO_RTT,
- std::unique_ptr<QuicDecrypter>(decrypter_));
- } else {
- framer_.SetDecrypter(ENCRYPTION_INITIAL,
- QuicMakeUnique<NullDecrypter>(Perspective::IS_CLIENT));
- framer_.SetAlternativeDecrypter(
- ENCRYPTION_ZERO_RTT, std::unique_ptr<QuicDecrypter>(decrypter_), false);
- }
+ framer_.SetAlternativeDecrypter(
+ ENCRYPTION_ZERO_RTT, std::unique_ptr<QuicDecrypter>(decrypter_), false);
// clang-format off
unsigned char packet[] = {
@@ -2062,7 +2031,6 @@
}
TEST_P(QuicFramerTest, StreamFrame2ByteStreamId) {
- SetDecrypterLevel(ENCRYPTION_FORWARD_SECURE);
// clang-format off
PacketFragments packet = {
// public flags (8 byte connection_id)
@@ -2214,7 +2182,6 @@
}
TEST_P(QuicFramerTest, StreamFrame1ByteStreamId) {
- SetDecrypterLevel(ENCRYPTION_FORWARD_SECURE);
// clang-format off
PacketFragments packet = {
// public flags (8 byte connection_id)
@@ -2366,7 +2333,6 @@
}
TEST_P(QuicFramerTest, StreamFrameWithVersion) {
- SetDecrypterLevel(ENCRYPTION_ZERO_RTT);
// clang-format off
PacketFragments packet = {
// public flags (version, 8 byte connection_id)
@@ -2556,7 +2522,6 @@
}
TEST_P(QuicFramerTest, RejectPacket) {
- SetDecrypterLevel(ENCRYPTION_FORWARD_SECURE);
visitor_.accept_packet_ = false;
// clang-format off
@@ -2702,7 +2667,6 @@
}
TEST_P(QuicFramerTest, AckFrameOneAckBlock) {
- SetDecrypterLevel(ENCRYPTION_FORWARD_SECURE);
// clang-format off
PacketFragments packet = {
// public flags (8 byte connection_id)
@@ -2854,7 +2818,6 @@
// and handles the case where the first ack block is larger than the
// largest_acked packet.
TEST_P(QuicFramerTest, FirstAckFrameUnderflow) {
- SetDecrypterLevel(ENCRYPTION_FORWARD_SECURE);
// clang-format off
PacketFragments packet = {
// public flags (8 byte connection_id)
@@ -2989,7 +2952,6 @@
// for now, only v99
return;
}
- SetDecrypterLevel(ENCRYPTION_FORWARD_SECURE);
// clang-format off
PacketFragments packet99 = {
// type (short header, 4 byte packet number)
@@ -3047,7 +3009,6 @@
// for now, only v99
return;
}
- SetDecrypterLevel(ENCRYPTION_FORWARD_SECURE);
// clang-format off
PacketFragments packet99 = {
// type (short header, 4 byte packet number)
@@ -3103,7 +3064,6 @@
// for now, only v99
return;
}
- SetDecrypterLevel(ENCRYPTION_FORWARD_SECURE);
// clang-format off
PacketFragments packet99 = {
// type (short header, 4 byte packet number)
@@ -3153,7 +3113,6 @@
// for now, only v99
return;
}
- SetDecrypterLevel(ENCRYPTION_FORWARD_SECURE);
// clang-format off
PacketFragments packet99 = {
// type (short header, 4 byte packet number)
@@ -3202,7 +3161,6 @@
// for now, only v99
return;
}
- SetDecrypterLevel(ENCRYPTION_FORWARD_SECURE);
// clang-format off
PacketFragments packet99 = {
// type (short header, 4 byte packet number)
@@ -3401,7 +3359,6 @@
}
TEST_P(QuicFramerTest, AckFrameOneAckBlockMaxLength) {
- SetDecrypterLevel(ENCRYPTION_FORWARD_SECURE);
// clang-format off
PacketFragments packet = {
// public flags (8 byte connection_id)
@@ -3544,7 +3501,6 @@
// Tests ability to handle multiple ackblocks after the first ack
// block. Non-version-99 tests include multiple timestamps as well.
TEST_P(QuicFramerTest, AckFrameTwoTimeStampsMultipleAckBlocks) {
- SetDecrypterLevel(ENCRYPTION_FORWARD_SECURE);
// clang-format off
PacketFragments packet = {
// public flags (8 byte connection_id)
@@ -4178,7 +4134,6 @@
}
TEST_P(QuicFramerTest, RstStreamFrame) {
- SetDecrypterLevel(ENCRYPTION_FORWARD_SECURE);
// clang-format off
PacketFragments packet = {
// public flags (8 byte connection_id)
@@ -4304,7 +4259,6 @@
}
TEST_P(QuicFramerTest, ConnectionCloseFrame) {
- SetDecrypterLevel(ENCRYPTION_FORWARD_SECURE);
// clang-format off
PacketFragments packet = {
// public flags (8 byte connection_id)
@@ -4457,7 +4411,6 @@
// This frame does not exist in versions other than 99.
return;
}
- SetDecrypterLevel(ENCRYPTION_FORWARD_SECURE);
// clang-format off
PacketFragments packet99 = {
@@ -4736,7 +4689,6 @@
// This frame is available only in version 99.
return;
}
- SetDecrypterLevel(ENCRYPTION_FORWARD_SECURE);
// clang-format off
PacketFragments packet99 = {
// type (short header, 4 byte packet number)
@@ -4780,7 +4732,6 @@
// This frame available only in version 99.
return;
}
- SetDecrypterLevel(ENCRYPTION_FORWARD_SECURE);
// clang-format off
PacketFragments packet99 = {
// type (short header, 4 byte packet number)
@@ -4822,7 +4773,6 @@
}
TEST_P(QuicFramerTest, BlockedFrame) {
- SetDecrypterLevel(ENCRYPTION_FORWARD_SECURE);
// clang-format off
PacketFragments packet = {
// public flags (8 byte connection_id)
@@ -4932,7 +4882,6 @@
}
TEST_P(QuicFramerTest, PingFrame) {
- SetDecrypterLevel(ENCRYPTION_FORWARD_SECURE);
// clang-format off
unsigned char packet[] = {
// public flags (8 byte connection_id)
@@ -5016,7 +4965,6 @@
if (framer_.transport_version() <= QUIC_VERSION_44) {
return;
}
- SetDecrypterLevel(ENCRYPTION_FORWARD_SECURE);
// clang-format off
PacketFragments packet45 = {
// type (short header, 4 byte packet number)
@@ -5319,18 +5267,11 @@
return;
}
QuicFramerPeer::SetPerspective(&framer_, Perspective::IS_CLIENT);
+ framer_.SetDecrypter(ENCRYPTION_INITIAL,
+ QuicMakeUnique<NullDecrypter>(Perspective::IS_CLIENT));
decrypter_ = new test::TestDecrypter();
- if (framer_.version().KnowsWhichDecrypterToUse()) {
- framer_.InstallDecrypter(ENCRYPTION_INITIAL, QuicMakeUnique<NullDecrypter>(
- Perspective::IS_CLIENT));
- framer_.InstallDecrypter(ENCRYPTION_ZERO_RTT,
- std::unique_ptr<QuicDecrypter>(decrypter_));
- } else {
- framer_.SetDecrypter(ENCRYPTION_INITIAL,
- QuicMakeUnique<NullDecrypter>(Perspective::IS_CLIENT));
- framer_.SetAlternativeDecrypter(
- ENCRYPTION_ZERO_RTT, std::unique_ptr<QuicDecrypter>(decrypter_), false);
- }
+ framer_.SetAlternativeDecrypter(
+ ENCRYPTION_ZERO_RTT, std::unique_ptr<QuicDecrypter>(decrypter_), false);
// This packet cannot be decrypted because diversification nonce is missing.
QuicEncryptedPacket encrypted(AsChars(packet), QUIC_ARRAYSIZE(packet), false);
EXPECT_TRUE(framer_.ProcessPacket(encrypted));
@@ -5356,18 +5297,11 @@
return;
}
QuicFramerPeer::SetPerspective(&framer_, Perspective::IS_CLIENT);
+ framer_.SetDecrypter(ENCRYPTION_INITIAL,
+ QuicMakeUnique<NullDecrypter>(Perspective::IS_CLIENT));
decrypter_ = new test::TestDecrypter();
- if (framer_.version().KnowsWhichDecrypterToUse()) {
- framer_.InstallDecrypter(ENCRYPTION_INITIAL, QuicMakeUnique<NullDecrypter>(
- Perspective::IS_CLIENT));
- framer_.InstallDecrypter(ENCRYPTION_ZERO_RTT,
- std::unique_ptr<QuicDecrypter>(decrypter_));
- } else {
- framer_.SetDecrypter(ENCRYPTION_INITIAL,
- QuicMakeUnique<NullDecrypter>(Perspective::IS_CLIENT));
- framer_.SetAlternativeDecrypter(
- ENCRYPTION_ZERO_RTT, std::unique_ptr<QuicDecrypter>(decrypter_), false);
- }
+ framer_.SetAlternativeDecrypter(
+ ENCRYPTION_ZERO_RTT, std::unique_ptr<QuicDecrypter>(decrypter_), false);
// This packet cannot be decrypted because diversification nonce is missing.
QuicEncryptedPacket encrypted(AsChars(packet), QUIC_ARRAYSIZE(packet), false);
EXPECT_FALSE(framer_.ProcessPacket(encrypted));
@@ -6273,7 +6207,6 @@
// CRYPTO frames aren't supported prior to v46.
return;
}
- SetDecrypterLevel(ENCRYPTION_FORWARD_SECURE);
// clang-format off
PacketFragments packet = {
@@ -9529,7 +9462,6 @@
}
TEST_P(QuicFramerTest, StopPacketProcessing) {
- SetDecrypterLevel(ENCRYPTION_FORWARD_SECURE);
// clang-format off
unsigned char packet[] = {
// public flags (8 byte connection_id)
@@ -9724,14 +9656,10 @@
TEST_P(QuicFramerTest, ConstructEncryptedPacket) {
// Since we are using ConstructEncryptedPacket, we have to set the framer's
// crypto to be Null.
- if (framer_.version().KnowsWhichDecrypterToUse()) {
- framer_.InstallDecrypter(
- ENCRYPTION_FORWARD_SECURE,
- QuicMakeUnique<NullDecrypter>(framer_.perspective()));
- } else {
- framer_.SetDecrypter(ENCRYPTION_INITIAL,
- QuicMakeUnique<NullDecrypter>(framer_.perspective()));
- }
+ framer_.SetDecrypter(ENCRYPTION_INITIAL,
+ QuicMakeUnique<NullDecrypter>(framer_.perspective()));
+ framer_.SetEncrypter(ENCRYPTION_INITIAL,
+ QuicMakeUnique<NullEncrypter>(framer_.perspective()));
ParsedQuicVersionVector versions;
versions.push_back(framer_.version());
std::unique_ptr<QuicEncryptedPacket> packet(ConstructEncryptedPacket(
@@ -9766,16 +9694,10 @@
// Verify that the packet returned by ConstructMisFramedEncryptedPacket()
// does cause the framer to return an error.
TEST_P(QuicFramerTest, ConstructMisFramedEncryptedPacket) {
- SetDecrypterLevel(ENCRYPTION_FORWARD_SECURE);
// Since we are using ConstructEncryptedPacket, we have to set the framer's
// crypto to be Null.
- if (framer_.version().KnowsWhichDecrypterToUse()) {
- framer_.InstallDecrypter(ENCRYPTION_INITIAL, QuicMakeUnique<NullDecrypter>(
- framer_.perspective()));
- } else {
- framer_.SetDecrypter(ENCRYPTION_INITIAL,
- QuicMakeUnique<NullDecrypter>(framer_.perspective()));
- }
+ framer_.SetDecrypter(ENCRYPTION_INITIAL,
+ QuicMakeUnique<NullDecrypter>(framer_.perspective()));
framer_.SetEncrypter(ENCRYPTION_INITIAL,
QuicMakeUnique<NullEncrypter>(framer_.perspective()));
ParsedQuicVersionVector versions;
@@ -9948,7 +9870,6 @@
if (framer_.transport_version() != QUIC_VERSION_99) {
return;
}
- SetDecrypterLevel(ENCRYPTION_FORWARD_SECURE);
// clang-format off
PacketFragments packet99 = {
@@ -10031,7 +9952,6 @@
if (framer_.transport_version() != QUIC_VERSION_99) {
return;
}
- SetDecrypterLevel(ENCRYPTION_FORWARD_SECURE);
// clang-format off
PacketFragments packet99 = {
@@ -10119,7 +10039,6 @@
if (framer_.transport_version() != QUIC_VERSION_99) {
return;
}
- SetDecrypterLevel(ENCRYPTION_FORWARD_SECURE);
// clang-format off
PacketFragments packet99 = {
@@ -10167,7 +10086,6 @@
if (framer_.transport_version() != QUIC_VERSION_99) {
return;
}
- SetDecrypterLevel(ENCRYPTION_FORWARD_SECURE);
// clang-format off
PacketFragments packet99 = {
@@ -10218,7 +10136,6 @@
if (framer_.transport_version() != QUIC_VERSION_99) {
return;
}
- SetDecrypterLevel(ENCRYPTION_FORWARD_SECURE);
// clang-format off
PacketFragments packet99 = {
@@ -10267,7 +10184,6 @@
if (framer_.transport_version() != QUIC_VERSION_99) {
return;
}
- SetDecrypterLevel(ENCRYPTION_FORWARD_SECURE);
// clang-format off
PacketFragments packet99 = {
@@ -10321,7 +10237,6 @@
if (framer_.transport_version() != QUIC_VERSION_99) {
return;
}
- SetDecrypterLevel(ENCRYPTION_FORWARD_SECURE);
// clang-format off
unsigned char packet99[] = {
@@ -10365,7 +10280,6 @@
if (framer_.transport_version() != QUIC_VERSION_99) {
return;
}
- SetDecrypterLevel(ENCRYPTION_FORWARD_SECURE);
// clang-format off
unsigned char packet99[] = {
@@ -10415,7 +10329,6 @@
if (framer_.transport_version() != QUIC_VERSION_99) {
return;
}
- SetDecrypterLevel(ENCRYPTION_FORWARD_SECURE);
// clang-format off
unsigned char packet99[] = {
@@ -10460,7 +10373,6 @@
if (framer_.transport_version() != QUIC_VERSION_99) {
return;
}
- SetDecrypterLevel(ENCRYPTION_FORWARD_SECURE);
// clang-format off
unsigned char packet99[] = {
@@ -10508,7 +10420,6 @@
if (framer_.transport_version() != QUIC_VERSION_99) {
return;
}
- SetDecrypterLevel(ENCRYPTION_FORWARD_SECURE);
// clang-format off
unsigned char packet99[] = {
@@ -10538,7 +10449,6 @@
if (framer_.transport_version() != QUIC_VERSION_99) {
return;
}
- SetDecrypterLevel(ENCRYPTION_FORWARD_SECURE);
// clang-format off
PacketFragments packet99 = {
@@ -10591,7 +10501,6 @@
if (framer_.transport_version() != QUIC_VERSION_99) {
return;
}
- SetDecrypterLevel(ENCRYPTION_FORWARD_SECURE);
// clang-format off
PacketFragments packet99 = {
@@ -10639,7 +10548,6 @@
if (framer_.transport_version() != QUIC_VERSION_99) {
return;
}
- SetDecrypterLevel(ENCRYPTION_FORWARD_SECURE);
// clang-format off
PacketFragments packet99 = {
@@ -10688,7 +10596,6 @@
if (framer_.transport_version() != QUIC_VERSION_99) {
return;
}
- SetDecrypterLevel(ENCRYPTION_FORWARD_SECURE);
// clang-format off
PacketFragments packet99 = {
@@ -10740,7 +10647,6 @@
if (framer_.transport_version() != QUIC_VERSION_99) {
return;
}
- SetDecrypterLevel(ENCRYPTION_FORWARD_SECURE);
// clang-format off
unsigned char packet99[] = {
@@ -10775,7 +10681,6 @@
if (framer_.transport_version() != QUIC_VERSION_99) {
return;
}
- SetDecrypterLevel(ENCRYPTION_FORWARD_SECURE);
// clang-format off
unsigned char packet99[] = {
@@ -11175,7 +11080,6 @@
// This frame is only for version 99.
return;
}
- SetDecrypterLevel(ENCRYPTION_FORWARD_SECURE);
// clang-format off
PacketFragments packet99 = {
// type (short header, 4 byte packet number)
@@ -11231,7 +11135,6 @@
// This frame is only for version 99.
return;
}
- SetDecrypterLevel(ENCRYPTION_FORWARD_SECURE);
// clang-format off
PacketFragments packet99 = {
// type (short header, 4 byte packet number)
@@ -11289,7 +11192,6 @@
// The NEW_CONNECTION_ID frame is only for version 99.
return;
}
- SetDecrypterLevel(ENCRYPTION_FORWARD_SECURE);
// clang-format off
PacketFragments packet99 = {
// type (short header, 4 byte packet number)
@@ -11382,7 +11284,6 @@
// This frame is only for version 99.
return;
}
- SetDecrypterLevel(ENCRYPTION_FORWARD_SECURE);
// clang-format off
PacketFragments packet = {
// type (short header, 4 byte packet number)
@@ -11475,7 +11376,6 @@
if (framer_.transport_version() != QUIC_VERSION_99) {
return;
}
- SetDecrypterLevel(ENCRYPTION_FORWARD_SECURE);
// clang-format off
PacketFragments packet99 = {
@@ -11563,7 +11463,6 @@
if (framer_.transport_version() != QUIC_VERSION_99) {
return;
}
- SetDecrypterLevel(ENCRYPTION_FORWARD_SECURE);
// clang-format off
PacketFragments packet99 = {
@@ -11646,7 +11545,6 @@
if (framer_.transport_version() != QUIC_VERSION_99) {
return;
}
- SetDecrypterLevel(ENCRYPTION_FORWARD_SECURE);
// clang-format off
PacketFragments packet99 = {
@@ -11812,7 +11710,6 @@
if (framer_.transport_version() != QUIC_VERSION_99) {
return;
}
- SetDecrypterLevel(ENCRYPTION_FORWARD_SECURE);
// clang-format off
PacketFragments packet = {
// type (short header, 4 byte packet number)
@@ -11844,7 +11741,6 @@
if (framer_.transport_version() != QUIC_VERSION_99) {
return;
}
- SetDecrypterLevel(ENCRYPTION_FORWARD_SECURE);
// clang-format off
PacketFragments packet = {
@@ -11877,7 +11773,6 @@
if (framer_.transport_version() != QUIC_VERSION_99) {
return;
}
- SetDecrypterLevel(ENCRYPTION_FORWARD_SECURE);
// clang-format off
PacketFragments packet = {
@@ -11910,7 +11805,6 @@
if (framer_.transport_version() != QUIC_VERSION_99) {
return;
}
- SetDecrypterLevel(ENCRYPTION_FORWARD_SECURE);
// clang-format off
PacketFragments packet = {
// type (short header, 4 byte packet number)
@@ -11946,7 +11840,6 @@
if (framer_.transport_version() != QUIC_VERSION_99) {
return;
}
- SetDecrypterLevel(ENCRYPTION_FORWARD_SECURE);
// clang-format off
PacketFragments packet = {
@@ -11979,7 +11872,6 @@
if (framer_.transport_version() != QUIC_VERSION_99) {
return;
}
- SetDecrypterLevel(ENCRYPTION_FORWARD_SECURE);
// clang-format off
PacketFragments packet = {
@@ -12012,7 +11904,6 @@
if (framer_.transport_version() != QUIC_VERSION_99) {
return;
}
- SetDecrypterLevel(ENCRYPTION_FORWARD_SECURE);
// clang-format off
PacketFragments packet = {
// type (short header, 4 byte packet number)
@@ -12048,7 +11939,6 @@
if (framer_.transport_version() != QUIC_VERSION_99) {
return;
}
- SetDecrypterLevel(ENCRYPTION_FORWARD_SECURE);
// clang-format off
PacketFragments packets[] = {
@@ -12449,7 +12339,6 @@
// This frame is only for version 99.
return;
}
- SetDecrypterLevel(ENCRYPTION_FORWARD_SECURE);
// clang-format off
PacketFragments packet99 = {
// type (short header, 4 byte packet number)
@@ -12530,7 +12419,6 @@
}
TEST_P(QuicFramerTest, AckFrameWithInvalidLargestObserved) {
- SetDecrypterLevel(ENCRYPTION_FORWARD_SECURE);
// clang-format off
unsigned char packet[] = {
// public flags (8 byte connection_id)
@@ -12631,7 +12519,6 @@
}
TEST_P(QuicFramerTest, FirstAckBlockJustUnderFlow) {
- SetDecrypterLevel(ENCRYPTION_FORWARD_SECURE);
// clang-format off
unsigned char packet[] = {
// public flags (8 byte connection_id)
@@ -12734,7 +12621,6 @@
}
TEST_P(QuicFramerTest, ThirdAckBlockJustUnderflow) {
- SetDecrypterLevel(ENCRYPTION_FORWARD_SECURE);
// clang-format off
unsigned char packet[] = {
// public flags (8 byte connection_id)
@@ -12883,7 +12769,6 @@
if (!QuicVersionHasLongHeaderLengths(framer_.transport_version())) {
return;
}
- SetDecrypterLevel(ENCRYPTION_ZERO_RTT);
// clang-format off
unsigned char packet[] = {
// first coalesced packet
@@ -12978,7 +12863,6 @@
if (!QuicVersionHasLongHeaderLengths(framer_.transport_version())) {
return;
}
- SetDecrypterLevel(ENCRYPTION_ZERO_RTT);
// clang-format off
unsigned char packet[] = {
// first coalesced packet
@@ -13061,7 +12945,6 @@
if (!QuicVersionHasLongHeaderLengths(framer_.transport_version())) {
return;
}
- SetDecrypterLevel(ENCRYPTION_ZERO_RTT);
// clang-format off
unsigned char packet[] = {
// first coalesced packet
@@ -13122,7 +13005,6 @@
if (framer_.transport_version() < QUIC_VERSION_46) {
return;
}
- SetDecrypterLevel(ENCRYPTION_FORWARD_SECURE);
char connection_id_bytes[9] = {0xFE, 0xDC, 0xBA, 0x98, 0x76,
0x54, 0x32, 0x10, 0x42};
QuicConnectionId connection_id(connection_id_bytes,
@@ -13163,7 +13045,6 @@
if (framer_.transport_version() < QUIC_VERSION_46) {
return;
}
- SetDecrypterLevel(ENCRYPTION_ZERO_RTT);
framer_.SetShouldUpdateExpectedConnectionIdLength(true);
// clang-format off
@@ -13218,7 +13099,6 @@
EXPECT_EQ(visitor_.header_.get()->packet_number,
QuicPacketNumber(UINT64_C(0x12345678)));
- SetDecrypterLevel(ENCRYPTION_FORWARD_SECURE);
// clang-format off
unsigned char short_header_packet[] = {
// type (short header, 4 byte packet number)
@@ -13286,13 +13166,7 @@
};
// clang-format on
- if (framer_.version().KnowsWhichDecrypterToUse()) {
- framer_.InstallDecrypter(ENCRYPTION_ZERO_RTT,
- QuicMakeUnique<TestDecrypter>());
- framer_.RemoveDecrypter(ENCRYPTION_INITIAL);
- } else {
- framer_.SetDecrypter(ENCRYPTION_ZERO_RTT, QuicMakeUnique<TestDecrypter>());
- }
+ framer_.SetDecrypter(ENCRYPTION_ZERO_RTT, QuicMakeUnique<TestDecrypter>());
if (!QuicVersionHasLongHeaderLengths(framer_.transport_version())) {
EXPECT_TRUE(framer_.ProcessPacket(
QuicEncryptedPacket(AsChars(long_header_packet),
@@ -13328,14 +13202,8 @@
QuicEncryptedPacket short_header_encrypted(
AsChars(short_header_packet), QUIC_ARRAYSIZE(short_header_packet), false);
- if (framer_.version().KnowsWhichDecrypterToUse()) {
- framer_.InstallDecrypter(ENCRYPTION_FORWARD_SECURE,
- QuicMakeUnique<TestDecrypter>());
- framer_.RemoveDecrypter(ENCRYPTION_ZERO_RTT);
- } else {
- framer_.SetDecrypter(ENCRYPTION_FORWARD_SECURE,
- QuicMakeUnique<TestDecrypter>());
- }
+ framer_.SetDecrypter(ENCRYPTION_FORWARD_SECURE,
+ QuicMakeUnique<TestDecrypter>());
EXPECT_TRUE(framer_.ProcessPacket(short_header_encrypted));
EXPECT_EQ(QUIC_NO_ERROR, framer_.error());
diff --git a/quic/core/quic_packet_creator_test.cc b/quic/core/quic_packet_creator_test.cc
index 2b71b06..b642c9f 100644
--- a/quic/core/quic_packet_creator_test.cc
+++ b/quic/core/quic_packet_creator_test.cc
@@ -9,7 +9,6 @@
#include <ostream>
#include <string>
-#include "net/third_party/quiche/src/quic/core/crypto/null_decrypter.h"
#include "net/third_party/quiche/src/quic/core/crypto/null_encrypter.h"
#include "net/third_party/quiche/src/quic/core/crypto/quic_decrypter.h"
#include "net/third_party/quiche/src/quic/core/crypto/quic_encrypter.h"
@@ -165,17 +164,6 @@
client_framer_.set_visitor(&framer_visitor_);
server_framer_.set_visitor(&framer_visitor_);
client_framer_.set_data_producer(&producer_);
- if (server_framer_.version().KnowsWhichDecrypterToUse()) {
- server_framer_.InstallDecrypter(
- ENCRYPTION_ZERO_RTT,
- QuicMakeUnique<NullDecrypter>(Perspective::IS_SERVER));
- server_framer_.InstallDecrypter(
- ENCRYPTION_HANDSHAKE,
- QuicMakeUnique<NullDecrypter>(Perspective::IS_SERVER));
- server_framer_.InstallDecrypter(
- ENCRYPTION_FORWARD_SECURE,
- QuicMakeUnique<NullDecrypter>(Perspective::IS_SERVER));
- }
}
~QuicPacketCreatorTest() override {
diff --git a/quic/core/quic_packet_generator_test.cc b/quic/core/quic_packet_generator_test.cc
index 1e12424..223383a 100644
--- a/quic/core/quic_packet_generator_test.cc
+++ b/quic/core/quic_packet_generator_test.cc
@@ -9,7 +9,6 @@
#include <string>
#include "net/third_party/quiche/src/quic/core/crypto/crypto_protocol.h"
-#include "net/third_party/quiche/src/quic/core/crypto/null_decrypter.h"
#include "net/third_party/quiche/src/quic/core/crypto/null_encrypter.h"
#include "net/third_party/quiche/src/quic/core/crypto/quic_decrypter.h"
#include "net/third_party/quiche/src/quic/core/crypto/quic_encrypter.h"
@@ -216,11 +215,6 @@
QuicMakeUnique<NullEncrypter>(Perspective::IS_CLIENT));
creator_->set_encryption_level(ENCRYPTION_FORWARD_SECURE);
framer_.set_data_producer(&producer_);
- if (simple_framer_.framer()->version().KnowsWhichDecrypterToUse()) {
- simple_framer_.framer()->InstallDecrypter(
- ENCRYPTION_FORWARD_SECURE,
- QuicMakeUnique<NullDecrypter>(Perspective::IS_SERVER));
- }
generator_.AttachPacketFlusher();
}
diff --git a/quic/core/quic_versions.cc b/quic/core/quic_versions.cc
index ef2657c..fa9f640 100644
--- a/quic/core/quic_versions.cc
+++ b/quic/core/quic_versions.cc
@@ -37,11 +37,6 @@
}
}
-bool ParsedQuicVersion::KnowsWhichDecrypterToUse() const {
- return transport_version == QUIC_VERSION_99 ||
- handshake_protocol == PROTOCOL_TLS1_3;
-}
-
std::ostream& operator<<(std::ostream& os, const ParsedQuicVersion& version) {
os << ParsedQuicVersionToString(version);
return os;
diff --git a/quic/core/quic_versions.h b/quic/core/quic_versions.h
index 160adeb..cc780b4 100644
--- a/quic/core/quic_versions.h
+++ b/quic/core/quic_versions.h
@@ -145,8 +145,6 @@
return handshake_protocol != other.handshake_protocol ||
transport_version != other.transport_version;
}
-
- bool KnowsWhichDecrypterToUse() const;
};
QUIC_EXPORT_PRIVATE ParsedQuicVersion UnsupportedQuicVersion();
diff --git a/quic/core/tls_client_handshaker.cc b/quic/core/tls_client_handshaker.cc
index 932d537..5081a48 100644
--- a/quic/core/tls_client_handshaker.cc
+++ b/quic/core/tls_client_handshaker.cc
@@ -73,8 +73,8 @@
session()->connection_id(), &crypters);
session()->connection()->SetEncrypter(ENCRYPTION_INITIAL,
std::move(crypters.encrypter));
- session()->connection()->InstallDecrypter(ENCRYPTION_INITIAL,
- std::move(crypters.decrypter));
+ session()->connection()->SetDecrypter(ENCRYPTION_INITIAL,
+ std::move(crypters.decrypter));
state_ = STATE_HANDSHAKE_RUNNING;
// Configure certificate verification.
// TODO(nharper): This only verifies certs on initial connection, not on
diff --git a/quic/core/tls_handshaker.cc b/quic/core/tls_handshaker.cc
index 3a45f36..c6394b8 100644
--- a/quic/core/tls_handshaker.cc
+++ b/quic/core/tls_handshaker.cc
@@ -205,8 +205,22 @@
const std::vector<uint8_t>& write_secret) {
std::unique_ptr<QuicEncrypter> encrypter = CreateEncrypter(write_secret);
session()->connection()->SetEncrypter(level, std::move(encrypter));
- std::unique_ptr<QuicDecrypter> decrypter = CreateDecrypter(read_secret);
- session()->connection()->InstallDecrypter(level, std::move(decrypter));
+ if (level != ENCRYPTION_FORWARD_SECURE) {
+ std::unique_ptr<QuicDecrypter> decrypter = CreateDecrypter(read_secret);
+ session()->connection()->SetDecrypter(level, std::move(decrypter));
+ } else {
+ // When forward-secure read keys are available, they get set as the
+ // alternative decrypter instead of the primary decrypter. One reason for
+ // this is that after the forward secure keys become available, the server
+ // still has crypto handshake messages to read at the handshake encryption
+ // level, meaning that both the ENCRYPTION_ZERO_RTT and
+ // ENCRYPTION_FORWARD_SECURE decrypters need to be available. (Tests also
+ // assume that an alternative decrypter gets set, so at some point we need
+ // to call SetAlternativeDecrypter.)
+ std::unique_ptr<QuicDecrypter> decrypter = CreateDecrypter(read_secret);
+ session()->connection()->SetAlternativeDecrypter(
+ level, std::move(decrypter), /*latch_once_used*/ true);
+ }
}
void TlsHandshaker::WriteMessage(EncryptionLevel level, QuicStringPiece data) {
diff --git a/quic/core/tls_handshaker_test.cc b/quic/core/tls_handshaker_test.cc
index a7b2aa8..6aa83d2 100644
--- a/quic/core/tls_handshaker_test.cc
+++ b/quic/core/tls_handshaker_test.cc
@@ -263,31 +263,15 @@
}
}
-ParsedQuicVersionVector AllTlsSupportedVersions() {
- SetQuicReloadableFlag(quic_enable_version_99, true);
- SetQuicFlag(&FLAGS_quic_supports_tls_handshake, true);
- ParsedQuicVersionVector supported_versions;
- for (QuicTransportVersion version : kSupportedTransportVersions) {
- if (!QuicVersionUsesCryptoFrames(version)) {
- // The TLS handshake is only deployable if CRYPTO frames are also used.
- continue;
- }
- supported_versions.push_back(ParsedQuicVersion(PROTOCOL_TLS1_3, version));
- }
- return supported_versions;
-}
-
class TlsHandshakerTest : public QuicTest {
public:
TlsHandshakerTest()
: client_conn_(new MockQuicConnection(&conn_helper_,
&alarm_factory_,
- Perspective::IS_CLIENT,
- AllTlsSupportedVersions())),
+ Perspective::IS_CLIENT)),
server_conn_(new MockQuicConnection(&conn_helper_,
&alarm_factory_,
- Perspective::IS_SERVER,
- AllTlsSupportedVersions())),
+ Perspective::IS_SERVER)),
client_session_(client_conn_, /*create_mock_crypto_stream=*/false),
server_session_(server_conn_, /*create_mock_crypto_stream=*/false) {
client_stream_ = new TestQuicCryptoClientStream(&client_session_);
diff --git a/quic/core/tls_server_handshaker.cc b/quic/core/tls_server_handshaker.cc
index ec254b5..96e1802 100644
--- a/quic/core/tls_server_handshaker.cc
+++ b/quic/core/tls_server_handshaker.cc
@@ -63,16 +63,14 @@
: TlsHandshaker(stream, session, ssl_ctx),
proof_source_(proof_source),
crypto_negotiated_params_(new QuicCryptoNegotiatedParameters) {
- DCHECK_EQ(PROTOCOL_TLS1_3,
- session->connection()->version().handshake_protocol);
CrypterPair crypters;
CryptoUtils::CreateTlsInitialCrypters(
Perspective::IS_SERVER, session->connection()->transport_version(),
session->connection_id(), &crypters);
session->connection()->SetEncrypter(ENCRYPTION_INITIAL,
std::move(crypters.encrypter));
- session->connection()->InstallDecrypter(ENCRYPTION_INITIAL,
- std::move(crypters.decrypter));
+ session->connection()->SetDecrypter(ENCRYPTION_INITIAL,
+ std::move(crypters.decrypter));
// Configure the SSL to be a server.
SSL_set_accept_state(ssl());
diff --git a/quic/test_tools/crypto_test_utils.cc b/quic/test_tools/crypto_test_utils.cc
index 63154b9..af33d4e 100644
--- a/quic/test_tools/crypto_test_utils.cc
+++ b/quic/test_tools/crypto_test_utils.cc
@@ -749,11 +749,6 @@
void CompareCrypters(const QuicEncrypter* encrypter,
const QuicDecrypter* decrypter,
std::string label) {
- if (encrypter == nullptr || decrypter == nullptr) {
- ADD_FAILURE() << "Expected non-null crypters; have " << encrypter << " and "
- << decrypter;
- return;
- }
QuicStringPiece encrypter_key = encrypter->GetKey();
QuicStringPiece encrypter_iv = encrypter->GetNoncePrefix();
QuicStringPiece decrypter_key = decrypter->GetKey();
diff --git a/quic/test_tools/quic_test_utils.cc b/quic/test_tools/quic_test_utils.cc
index 2de1491..cd54eb8 100644
--- a/quic/test_tools/quic_test_utils.cc
+++ b/quic/test_tools/quic_test_utils.cc
@@ -499,7 +499,7 @@
: QuicSession(connection,
nullptr,
DefaultQuicConfig(),
- connection->supported_versions()) {
+ CurrentSupportedVersions()) {
if (create_mock_crypto_stream) {
crypto_stream_ = QuicMakeUnique<MockQuicCryptoStream>(this);
}
@@ -923,11 +923,6 @@
header.reset_flag = reset_flag;
header.packet_number_length = packet_number_length;
header.packet_number = QuicPacketNumber(packet_number);
- if (QuicVersionHasLongHeaderLengths((*versions)[0].transport_version) &&
- version_flag) {
- header.retry_token_length_length = VARIABLE_LENGTH_INTEGER_LENGTH_1;
- header.length_length = VARIABLE_LENGTH_INTEGER_LENGTH_2;
- }
QuicFrame frame(QuicStreamFrame(1, false, 0, QuicStringPiece(data)));
QuicFrames frames;
frames.push_back(frame);
@@ -946,7 +941,8 @@
GetIncludedDestinationConnectionIdLength(header),
GetIncludedSourceConnectionIdLength(header), version_flag,
false /* no diversification nonce */, packet_number_length,
- header.retry_token_length_length, 0, header.length_length)] = 0x1F;
+ VARIABLE_LENGTH_INTEGER_LENGTH_0, 0, VARIABLE_LENGTH_INTEGER_LENGTH_0)] =
+ 0x1F;
char* buffer = new char[kMaxOutgoingPacketSize];
size_t encrypted_length =
diff --git a/quic/test_tools/simulator/quic_endpoint.cc b/quic/test_tools/simulator/quic_endpoint.cc
index 9e5c3fa..1072724 100644
--- a/quic/test_tools/simulator/quic_endpoint.cc
+++ b/quic/test_tools/simulator/quic_endpoint.cc
@@ -86,14 +86,8 @@
connection_.set_visitor(this);
connection_.SetEncrypter(ENCRYPTION_FORWARD_SECURE,
QuicMakeUnique<NullEncrypter>(perspective));
- if (connection_.version().KnowsWhichDecrypterToUse()) {
- connection_.InstallDecrypter(ENCRYPTION_FORWARD_SECURE,
- QuicMakeUnique<NullDecrypter>(perspective));
- connection_.RemoveDecrypter(ENCRYPTION_INITIAL);
- } else {
- connection_.SetDecrypter(ENCRYPTION_FORWARD_SECURE,
- QuicMakeUnique<NullDecrypter>(perspective));
- }
+ connection_.SetDecrypter(ENCRYPTION_FORWARD_SECURE,
+ QuicMakeUnique<NullDecrypter>(perspective));
connection_.SetDefaultEncryptionLevel(ENCRYPTION_FORWARD_SECURE);
if (perspective == Perspective::IS_SERVER) {
// Skip version negotiation.
