Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(515)

Issue 1904213002: QUIC: support diversified keys with version 33. (Closed)

Created:
4 years, 8 months ago by Ryan Hamilton
Modified:
4 years, 8 months ago
CC:
chromium-reviews, cbentzel+watch_chromium.org
Base URL:
https://chromium.googlesource.com/chromium/src.git@hkdf
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

QUIC: support diversified keys with version 33. Before we can disable strike registers we have to deal with the fact that two different QUIC servers may then encrypt different messages under the same key. Since the nonce is a counter, that would be fatal. With this change we allow servers to include a nonce in the public header of packets. This is complicated, somewhat, by the fact that version negotiation doesn't easily bubble up to the crypto layer: a client that supports version 33 might be called upon to process a packet encrypted with this new scheme, or a packet encrypted with the old scheme if speaking to an older server. Thus the decryptors can handle either scheme and will latch to one or the other after processing their first packet. Since we have run out of flags in the public header, the two bits currently assigned to indicate the length of the connection ID are split. Bit three remains as an indication of the connection ID length, which can now only be zero or eight bytes. Bit two is repurposed to indicate the presence of a 32-byte nonce that is inserted before the packet number. In order to accomodate older clients that will be setting bit two to indicate an eight-byte connection ID we exploit the fact that nonces can only be sent from server to client. Thus server framers ignore bit two, for now, when parsing. Merge internal change: 119745591 Committed: https://crrev.com/012834cfe167e8b18c5ab4cac40ac42c39ca769f Cr-Commit-Position: refs/heads/master@{#389665}

Patch Set 1 #

Patch Set 2 : git cl format #

Patch Set 3 : Rebase #

Patch Set 4 : Rebase #

Patch Set 5 : Rebase #

Unified diffs Side-by-side diffs Delta from patch set Stats (+900 lines, -573 lines) Patch
M net/quic/crypto/aead_base_decrypter.h View 2 chunks +3 lines, -0 lines 0 comments Download
M net/quic/crypto/aead_base_decrypter.cc View 1 2 3 4 4 chunks +41 lines, -1 line 0 comments Download
M net/quic/crypto/crypto_server_test.cc View 1 2 3 3 chunks +13 lines, -5 lines 0 comments Download
M net/quic/crypto/crypto_utils.h View 2 chunks +52 lines, -0 lines 0 comments Download
M net/quic/crypto/crypto_utils.cc View 1 2 3 3 chunks +60 lines, -12 lines 0 comments Download
M net/quic/crypto/null_decrypter.h View 1 chunk +2 lines, -0 lines 0 comments Download
M net/quic/crypto/null_decrypter.cc View 1 chunk +10 lines, -0 lines 0 comments Download
M net/quic/crypto/quic_crypto_client_config.h View 1 chunk +1 line, -0 lines 0 comments Download
M net/quic/crypto/quic_crypto_client_config.cc View 1 2 3 4 chunks +12 lines, -2 lines 0 comments Download
M net/quic/crypto/quic_crypto_client_config_test.cc View 1 chunk +2 lines, -2 lines 0 comments Download
M net/quic/crypto/quic_crypto_server_config.h View 2 chunks +6 lines, -1 line 0 comments Download
M net/quic/crypto/quic_crypto_server_config.cc View 1 2 3 4 chunks +16 lines, -3 lines 0 comments Download
M net/quic/crypto/quic_decrypter.h View 2 chunks +24 lines, -0 lines 0 comments Download
M net/quic/crypto/quic_decrypter.cc View 2 chunks +20 lines, -0 lines 0 comments Download
M net/quic/p2p/quic_p2p_crypto_config.cc View 1 chunk +2 lines, -2 lines 0 comments Download
M net/quic/quic_connection.h View 1 2 3 1 chunk +5 lines, -0 lines 0 comments Download
M net/quic/quic_connection.cc View 1 2 3 2 chunks +6 lines, -0 lines 0 comments Download
M net/quic/quic_connection_test.cc View 1 2 3 4 chunks +17 lines, -28 lines 0 comments Download
M net/quic/quic_crypto_client_stream.cc View 1 2 3 1 chunk +1 line, -0 lines 0 comments Download
M net/quic/quic_crypto_server_stream.h View 1 2 3 1 chunk +1 line, -0 lines 0 comments Download
M net/quic/quic_crypto_server_stream.cc View 1 2 3 5 chunks +9 lines, -4 lines 0 comments Download
M net/quic/quic_crypto_server_stream_test.cc View 1 2 3 1 chunk +1 line, -5 lines 0 comments Download
M net/quic/quic_framer.h View 2 chunks +3 lines, -0 lines 0 comments Download
M net/quic/quic_framer.cc View 1 2 3 8 chunks +56 lines, -64 lines 0 comments Download
M net/quic/quic_framer_test.cc View 137 chunks +286 lines, -259 lines 0 comments Download
M net/quic/quic_packet_creator.h View 1 2 3 4 chunks +14 lines, -0 lines 0 comments Download
M net/quic/quic_packet_creator.cc View 1 2 3 7 chunks +28 lines, -7 lines 0 comments Download
M net/quic/quic_packet_creator_test.cc View 1 2 3 5 chunks +10 lines, -12 lines 0 comments Download
M net/quic/quic_packet_generator.h View 1 chunk +5 lines, -0 lines 0 comments Download
M net/quic/quic_packet_generator.cc View 2 chunks +5 lines, -4 lines 0 comments Download
M net/quic/quic_packet_generator_test.cc View 1 2 3 2 chunks +6 lines, -18 lines 0 comments Download
M net/quic/quic_protocol.h View 13 chunks +34 lines, -12 lines 0 comments Download
M net/quic/quic_protocol.cc View 9 chunks +27 lines, -16 lines 0 comments Download
M net/quic/reliable_quic_stream_test.cc View 1 2 3 2 chunks +8 lines, -6 lines 0 comments Download
M net/quic/test_tools/crypto_test_utils.h View 1 2 3 2 chunks +25 lines, -24 lines 0 comments Download
M net/quic/test_tools/crypto_test_utils.cc View 1 2 3 4 3 chunks +44 lines, -36 lines 0 comments Download
M net/quic/test_tools/quic_config_peer.cc View 1 chunk +1 line, -0 lines 0 comments Download
M net/quic/test_tools/quic_test_utils.h View 1 2 3 1 chunk +1 line, -0 lines 0 comments Download
M net/quic/test_tools/quic_test_utils.cc View 1 2 3 5 chunks +7 lines, -4 lines 0 comments Download
M net/quic/test_tools/simple_quic_framer.h View 1 chunk +2 lines, -0 lines 0 comments Download
M net/quic/test_tools/simple_quic_framer.cc View 1 2 3 1 chunk +4 lines, -0 lines 0 comments Download
M net/tools/quic/end_to_end_test.cc View 1 2 3 4 chunks +27 lines, -33 lines 0 comments Download
M net/tools/quic/quic_dispatcher_test.cc View 1 2 3 2 chunks +3 lines, -13 lines 0 comments Download

Depends on Patchset:

Messages

Total messages: 14 (7 generated)
Ryan Hamilton
I did this out-of-band because it was tricky
4 years, 8 months ago (2016-04-21 21:28:31 UTC) #2
ramant (doing other things)
lgtm
4 years, 8 months ago (2016-04-21 21:41:29 UTC) #3
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1904213002/60001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1904213002/60001
4 years, 8 months ago (2016-04-25 21:00:11 UTC) #6
commit-bot: I haz the power
Try jobs failed on following builders: ios_rel_device_gn on tryserver.chromium.mac (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.mac/builders/ios_rel_device_gn/builds/24711) ios_rel_device_ninja on tryserver.chromium.mac (JOB_FAILED, ...
4 years, 8 months ago (2016-04-25 21:05:20 UTC) #8
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1904213002/80001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1904213002/80001
4 years, 8 months ago (2016-04-26 00:07:46 UTC) #11
commit-bot: I haz the power
Committed patchset #5 (id:80001)
4 years, 8 months ago (2016-04-26 02:06:50 UTC) #12
commit-bot: I haz the power
4 years, 8 months ago (2016-04-26 02:08:18 UTC) #14
Message was sent while issue was closed.
Patchset 5 (id:??) landed as
https://crrev.com/012834cfe167e8b18c5ab4cac40ac42c39ca769f
Cr-Commit-Position: refs/heads/master@{#389665}

Powered by Google App Engine
This is Rietveld 408576698