Update Quic AES confidentiality limits for 2^11 max packet size in updated draft.
Protected by FLAGS_quic_reloadable_flag_quic_enable_aead_limits.
PiperOrigin-RevId: 337879467
Change-Id: I18401d093f8796bbcaac3bd58890ce3508f2ced5
diff --git a/quic/core/crypto/aes_base_encrypter.cc b/quic/core/crypto/aes_base_encrypter.cc
index f4a152f..6e998f8 100644
--- a/quic/core/crypto/aes_base_encrypter.cc
+++ b/quic/core/crypto/aes_base_encrypter.cc
@@ -36,12 +36,12 @@
}
QuicPacketCount AesBaseEncrypter::GetConfidentialityLimit() const {
- // For AEAD_AES_128_GCM and AEAD_AES_256_GCM, the confidentiality limit is
- // 2^25 encrypted packets.
- // https://quicwg.org/base-drafts/draft-ietf-quic-tls.html#name-limits-on-aead-usage
- static_assert(kMaxOutgoingPacketSize < 16384,
+ // For AEAD_AES_128_GCM and AEAD_AES_256_GCM ... endpoints that do not send
+ // packets larger than 2^11 bytes cannot protect more than 2^28 packets.
+ // https://quicwg.org/base-drafts/draft-ietf-quic-tls.html#name-confidentiality-limit
+ static_assert(kMaxOutgoingPacketSize <= 2048,
"This key limit requires limits on encryption payload sizes");
- return 33554432U;
+ return 268435456U;
}
} // namespace quic