Use 16-byte auth tags when initial obfuscators are used
QuicFramer assumes that the auth tag is the same length for all encryption
levels. In Google QUIC crypto versions where initial obfuscators are used,
we should use IETF style crypters (different nonce/IV construction and 16
byte instead of 12 byte auth tags).
gfe-relnote: Change encryption used in QUIC. Protected by quic_enable_version_99
PiperOrigin-RevId: 271674606
Change-Id: Ic7736908068eeee8077bd3a17ec4f8b4112254f9
diff --git a/quic/core/crypto/quic_decrypter.cc b/quic/core/crypto/quic_decrypter.cc
index 2fb1deb..5802231 100644
--- a/quic/core/crypto/quic_decrypter.cc
+++ b/quic/core/crypto/quic_decrypter.cc
@@ -22,12 +22,22 @@
namespace quic {
// static
-std::unique_ptr<QuicDecrypter> QuicDecrypter::Create(QuicTag algorithm) {
+std::unique_ptr<QuicDecrypter> QuicDecrypter::Create(
+ const ParsedQuicVersion& version,
+ QuicTag algorithm) {
switch (algorithm) {
case kAESG:
- return std::make_unique<Aes128Gcm12Decrypter>();
+ if (version.UsesInitialObfuscators()) {
+ return std::make_unique<Aes128GcmDecrypter>();
+ } else {
+ return std::make_unique<Aes128Gcm12Decrypter>();
+ }
case kCC20:
- return std::make_unique<ChaCha20Poly1305Decrypter>();
+ if (version.UsesInitialObfuscators()) {
+ return std::make_unique<ChaCha20Poly1305TlsDecrypter>();
+ } else {
+ return std::make_unique<ChaCha20Poly1305Decrypter>();
+ }
default:
QUIC_LOG(FATAL) << "Unsupported algorithm: " << algorithm;
return nullptr;