Do QUIC Key Update when approaching AEAD Confidentiality Limit, and close connection if reached.
Protected by FLAGS_quic_reloadable_flag_quic_enable_aead_limits.
PiperOrigin-RevId: 337581109
Change-Id: Ie021fd42be174cfb1c069159ecca0bf34bd99731
diff --git a/quic/core/quic_error_codes.cc b/quic/core/quic_error_codes.cc
index 63d96f1..75bbebd 100644
--- a/quic/core/quic_error_codes.cc
+++ b/quic/core/quic_error_codes.cc
@@ -233,6 +233,8 @@
RETURN_STRING_LITERAL(QUIC_ZERO_RTT_RESUMPTION_LIMIT_REDUCED);
RETURN_STRING_LITERAL(QUIC_SILENT_IDLE_TIMEOUT);
RETURN_STRING_LITERAL(QUIC_MISSING_WRITE_KEYS);
+ RETURN_STRING_LITERAL(QUIC_KEY_UPDATE_ERROR);
+ RETURN_STRING_LITERAL(QUIC_AEAD_LIMIT_REACHED);
RETURN_STRING_LITERAL(QUIC_LAST_ERROR);
// Intentionally have no default case, so we'll break the build
@@ -271,6 +273,8 @@
RETURN_STRING_LITERAL(PROTOCOL_VIOLATION);
RETURN_STRING_LITERAL(INVALID_TOKEN);
RETURN_STRING_LITERAL(CRYPTO_BUFFER_EXCEEDED);
+ RETURN_STRING_LITERAL(KEY_UPDATE_ERROR);
+ RETURN_STRING_LITERAL(AEAD_LIMIT_REACHED);
// CRYPTO_ERROR is handled in the if before this switch, these cases do not
// change behavior and are only here to make the compiler happy.
case CRYPTO_ERROR_FIRST:
@@ -634,6 +638,10 @@
return {true, static_cast<uint64_t>(PROTOCOL_VIOLATION)};
case QUIC_MISSING_WRITE_KEYS:
return {true, static_cast<uint64_t>(INTERNAL_ERROR)};
+ case QUIC_KEY_UPDATE_ERROR:
+ return {true, static_cast<uint64_t>(KEY_UPDATE_ERROR)};
+ case QUIC_AEAD_LIMIT_REACHED:
+ return {true, static_cast<uint64_t>(AEAD_LIMIT_REACHED)};
case QUIC_LAST_ERROR:
return {false, static_cast<uint64_t>(QUIC_LAST_ERROR)};
}
