Google Git
Sign in
quiche/quiche/d061ef17c7d35c69c1dcdc80b8cafc14d6ff078b^!/./quic
commit
d061ef17c7d35c69c1dcdc80b8cafc14d6ff078b
[log]
author
mattm <mattm@google.com>
Fri Oct 23 11:21:31 2020 -0700
committer
Copybara-Service <copybara-worker@google.com>
Fri Oct 23 11:22:06 2020 -0700
tree
99fd614f672eda967daedb351cb4f9ecad3ba4fe
parent
8a2b602e58bf959b0a9023b816c7b1c100a1c188 [diff]
Add QuicFramer::PotentialPeerKeyUpdateAttemptCount() method.

Returns the count of packets received that appeared to attempt a key
update but failed decryption which have been received since the last
successfully decrypted packet.

PiperOrigin-RevId: 338710571
Change-Id: Iaae901269d6bffaf441a31a4a51540aa94c84b73

diff --git a/quic/core/quic_connection.cc b/quic/core/quic_connection.cc
index 71bb8be..a7f63dd 100644
--- a/quic/core/quic_connection.cc
+++ b/quic/core/quic_connection.cc

@@ -3721,6 +3721,10 @@
           GetLargestAckedPacket() < lowest_packet_sent_in_current_key_phase_);
 }
 
+QuicPacketCount QuicConnection::PotentialPeerKeyUpdateAttemptCount() const {
+  return framer_.PotentialPeerKeyUpdateAttemptCount();
+}
+
 bool QuicConnection::InitiateKeyUpdate(KeyUpdateReason reason) {
   QUIC_DLOG(INFO) << ENDPOINT << "InitiateKeyUpdate";
   if (!IsKeyUpdateAllowed()) {

diff --git a/quic/core/quic_connection.h b/quic/core/quic_connection.h
index a3da511..31988d2 100644
--- a/quic/core/quic_connection.h
+++ b/quic/core/quic_connection.h

@@ -828,6 +828,11 @@
   // none of these packets have been acked.
   bool HaveSentPacketsInCurrentKeyPhaseButNoneAcked() const;
 
+  // Returns the count of packets received that appeared to attempt a key
+  // update but failed decryption that have been received since the last
+  // successfully decrypted packet.
+  QuicPacketCount PotentialPeerKeyUpdateAttemptCount() const;
+
   // Increment the key phase. It is a bug to call this when IsKeyUpdateAllowed()
   // is false. Returns false on error.
   bool InitiateKeyUpdate(KeyUpdateReason reason);

diff --git a/quic/core/quic_framer.cc b/quic/core/quic_framer.cc
index 39be55e..cfa56c2 100644
--- a/quic/core/quic_framer.cc
+++ b/quic/core/quic_framer.cc

@@ -414,6 +414,7 @@
       last_timestamp_(QuicTime::Delta::Zero()),
       support_key_update_for_connection_(false),
       current_key_phase_bit_(false),
+      potential_peer_key_update_attempt_count_(0),
       first_sending_packet_number_(FirstSendingPacketNumber()),
       data_producer_(nullptr),
       infer_packet_header_type_from_version_(perspective ==
@@ -4282,6 +4283,10 @@
   return true;
 }
 
+QuicPacketCount QuicFramer::PotentialPeerKeyUpdateAttemptCount() const {
+  return potential_peer_key_update_attempt_count_;
+}
+
 const QuicDecrypter* QuicFramer::GetDecrypter(EncryptionLevel level) const {
   DCHECK(version_.KnowsWhichDecrypterToUse());
   return decrypter_[level].get();
@@ -4717,6 +4722,7 @@
           QUIC_DVLOG(1) << ENDPOINT << "packet " << header.packet_number
                         << " attempt_key_update=true";
           attempt_key_update = true;
+          potential_peer_key_update_attempt_count_++;
           decrypter = next_decrypter_.get();
         } else {
           if (previous_decrypter_) {
@@ -4752,6 +4758,7 @@
   if (success) {
     visitor_->OnDecryptedPacket(level);
     *decrypted_level = level;
+    potential_peer_key_update_attempt_count_ = 0;
     if (attempt_key_update) {
       if (!DoKeyUpdate(KeyUpdateReason::kRemote)) {
         set_detailed_error("Key update failed due to internal error");

diff --git a/quic/core/quic_framer.h b/quic/core/quic_framer.h
index 5d9bf46..86c8882 100644
--- a/quic/core/quic_framer.h
+++ b/quic/core/quic_framer.h

@@ -547,6 +547,10 @@
   void DiscardPreviousOneRttKeys();
   // Update the key phase.
   bool DoKeyUpdate(KeyUpdateReason reason);
+  // Returns the count of packets received that appeared to attempt a key
+  // update but failed decryption which have been received since the last
+  // successfully decrypted packet.
+  QuicPacketCount PotentialPeerKeyUpdateAttemptCount() const;
 
   const QuicDecrypter* GetDecrypter(EncryptionLevel level) const;
   const QuicDecrypter* decrypter() const;
@@ -1104,6 +1108,10 @@
   // locally initiated key update but before the first packet from the peer in
   // the new key phase is received.
   QuicPacketNumber current_key_phase_first_received_packet_number_;
+  // Counts the number of packets received that might have been failed key
+  // update attempts. Reset to zero every time a packet is successfully
+  // decrypted.
+  QuicPacketCount potential_peer_key_update_attempt_count_;
   // Decrypter for the previous key phase. Will be null if in the first key
   // phase or previous keys have been discarded.
   std::unique_ptr<QuicDecrypter> previous_decrypter_;

diff --git a/quic/core/quic_framer_test.cc b/quic/core/quic_framer_test.cc
index ab61814..2fbab61 100644
--- a/quic/core/quic_framer_test.cc
+++ b/quic/core/quic_framer_test.cc

@@ -14925,6 +14925,7 @@
   EXPECT_EQ(0u, visitor_.key_update_count());
   EXPECT_EQ(0, visitor_.derive_next_key_count_);
   EXPECT_EQ(1, visitor_.decrypted_first_packet_in_key_phase_count_);
+  EXPECT_EQ(0u, framer_.PotentialPeerKeyUpdateAttemptCount());
 
   header.packet_number += 1;
   QuicFramerPeer::SetPerspective(&framer_, Perspective::IS_CLIENT);
@@ -14940,6 +14941,7 @@
   EXPECT_EQ(0u, visitor_.key_update_count());
   EXPECT_EQ(1, visitor_.derive_next_key_count_);
   EXPECT_EQ(1, visitor_.decrypted_first_packet_in_key_phase_count_);
+  EXPECT_EQ(1u, framer_.PotentialPeerKeyUpdateAttemptCount());
 
   header.packet_number += 1;
   QuicFramerPeer::SetPerspective(&framer_, Perspective::IS_CLIENT);
@@ -14954,6 +14956,7 @@
   EXPECT_EQ(0u, visitor_.key_update_count());
   EXPECT_EQ(1, visitor_.derive_next_key_count_);
   EXPECT_EQ(1, visitor_.decrypted_first_packet_in_key_phase_count_);
+  EXPECT_EQ(2u, framer_.PotentialPeerKeyUpdateAttemptCount());
 
   header.packet_number += 1;
   QuicFramerPeer::SetPerspective(&framer_, Perspective::IS_CLIENT);
@@ -14968,6 +14971,22 @@
   EXPECT_EQ(0u, visitor_.key_update_count());
   EXPECT_EQ(1, visitor_.derive_next_key_count_);
   EXPECT_EQ(1, visitor_.decrypted_first_packet_in_key_phase_count_);
+  EXPECT_EQ(2u, framer_.PotentialPeerKeyUpdateAttemptCount());
+
+  header.packet_number += 1;
+  QuicFramerPeer::SetPerspective(&framer_, Perspective::IS_CLIENT);
+  data = BuildDataPacket(header, frames);
+  ASSERT_TRUE(data != nullptr);
+  encrypted = EncryptPacketWithTagAndPhase(*data, 0, false);
+  ASSERT_TRUE(encrypted);
+  QuicFramerPeer::SetPerspective(&framer_, Perspective::IS_SERVER);
+  // Packet with phase=0 and key=0, should process and reset
+  // potential_peer_key_update_attempt_count_.
+  EXPECT_TRUE(framer_.ProcessPacket(*encrypted));
+  EXPECT_EQ(0u, visitor_.key_update_count());
+  EXPECT_EQ(1, visitor_.derive_next_key_count_);
+  EXPECT_EQ(1, visitor_.decrypted_first_packet_in_key_phase_count_);
+  EXPECT_EQ(0u, framer_.PotentialPeerKeyUpdateAttemptCount());
 }
 
 TEST_P(QuicFramerTest, KeyUpdateReceivedWhenNotEnabled) {