QUIC: retransmit packets with the correct encryption.

net/quic/quic_connection.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/quic/quic_connection.h"
 
 #include <algorithm>
 
 #include "base/logging.h"
 #include "base/stl_util.h"
@@ skipping 61 matching lines @@
 }  // namespace
 
 #define ENDPOINT (is_server_ ? "Server: " : " Client: ")
 
 QuicConnection::QuicConnection(QuicGuid guid,
                                IPEndPoint address,
                                QuicConnectionHelperInterface* helper,
                                bool is_server)
     : helper_(helper),
       framer_(kQuicVersion1,
-              QuicDecrypter::Create(kNULL),
-              QuicEncrypter::Create(kNULL),
               helper->GetClock()->ApproximateNow(),
               is_server),
+      encryption_level_(ENCRYPTION_NONE),
       clock_(helper->GetClock()),
       random_generator_(helper->GetRandomGenerator()),
       guid_(guid),
       peer_address_(address),
       largest_seen_packet_with_ack_(0),
       peer_largest_observed_packet_(0),
       least_packet_awaited_by_peer_(1),
       peer_least_packet_awaiting_ack_(0),
       handling_retransmission_timeout_(false),
       write_blocked_(false),
@@ skipping 48 matching lines @@
     return false;
   }
 
   // Right now we only support kQuicVersion1 so it's okay not to
   // update the framer and quic_version_. When start supporting more
   // versions please update both.
   return true;
 }
 
 void QuicConnection::OnError(QuicFramer* framer) {
-  if (!connected_) {
+  // Packets that we cannot decrypt are dropped.
+  // TODO(rch): add stats to measure this.
+  if (!connected_ || framer->error() == QUIC_DECRYPTION_FAILURE) {
     return;
   }
   SendConnectionClose(framer->error());
 }
 
 void QuicConnection::OnPacket() {
   // TODO(satyamshekhar): Validate packet before updating the time
   // since it affects the timeout of the connection.
   time_of_last_received_packet_ = clock_->Now();
   DVLOG(1) << "time of last received packet: "
@@ skipping 555 matching lines @@
     debug_visitor_->OnPacketReceived(self_address, peer_address, packet);
   }
   last_packet_revived_ = false;
   last_size_ = packet.length();
   last_self_address_ = self_address;
   last_peer_address_ = peer_address;
 
   stats_.bytes_received += packet.length();
   ++stats_.packets_received;
 
-  framer_.ProcessPacket(packet);
+  if (!framer_.ProcessPacket(packet)) {
+    return;
+  }
   MaybeProcessRevivedPacket();
 }
 
 bool QuicConnection::OnCanWrite() {
   write_blocked_ = false;
 
   WriteQueuedPackets();
 
   // Sending queued packets may have caused the socket to become write blocked,
   // or the congestion manager to prohibit sending.  If we've sent everything
@@ skipping 22 matching lines @@
   DCHECK(!write_blocked_);
 
   size_t num_queued_packets = queued_packets_.size() + 1;
   QueuedPacketList::iterator packet_iterator = queued_packets_.begin();
   while (!write_blocked_ && packet_iterator != queued_packets_.end()) {
     // Ensure that from one iteration of this loop to the next we
     // succeeded in sending a packet so we don't infinitely loop.
     // TODO(rch): clean up and close the connection if we really hit this.
     DCHECK_LT(queued_packets_.size(), num_queued_packets);
     num_queued_packets = queued_packets_.size();
-    if (WritePacket(packet_iterator->sequence_number,
+    if (WritePacket(packet_iterator->encryption_level,
+                    packet_iterator->sequence_number,
                     packet_iterator->packet,
                     packet_iterator->retransmittable,
                     NO_FORCE)) {
       packet_iterator = queued_packets_.erase(packet_iterator);
     } else {
       // Continue, because some queued packets may still be writable.
       // This can happen if a retransmit send fail.
       ++packet_iterator;
     }
   }
@@ skipping 92 matching lines @@
                                        retransmission_info));
   // Remove info with old sequence number.
   unacked_packets_.erase(unacked_it);
   retransmission_map_.erase(retransmission_it);
   DVLOG(1) << "Retransmitting unacked packet " << sequence_number << " as "
            << serialized_packet.sequence_number;
   DCHECK(unacked_packets_.empty() ||
          unacked_packets_.rbegin()->first < serialized_packet.sequence_number);
   unacked_packets_.insert(make_pair(serialized_packet.sequence_number,
                                     unacked));
-  SendOrQueuePacket(serialized_packet.sequence_number,
+  SendOrQueuePacket(unacked->encryption_level(),
+                    serialized_packet.sequence_number,
                     serialized_packet.packet,
                     serialized_packet.entropy_hash,
                     HAS_RETRANSMITTABLE_DATA);
 }
 
 bool QuicConnection::CanWrite(Retransmission retransmission,
                               HasRetransmittableData retransmittable) {
   // TODO(ianswett): If the packet is a retransmit, the current send alarm may
   // be too long.
   if (write_blocked_ || helper_->IsSendAlarmSet()) {
@@ skipping 42 matching lines @@
   // Do not set the retransmisson alarm if we're already handling the
   // retransmission alarm because the retransmission alarm will be reset when
   // OnRetransmissionTimeout completes.
   if (!handling_retransmission_timeout_) {
     helper_->SetRetransmissionAlarm(retransmission_delay);
   }
   // TODO(satyamshekhar): restore packet reordering with Ian's TODO in
   // SendStreamData().
 }
 
-bool QuicConnection::WritePacket(QuicPacketSequenceNumber sequence_number,
+bool QuicConnection::WritePacket(EncryptionLevel level,
+                                 QuicPacketSequenceNumber sequence_number,
                                  QuicPacket* packet,
                                  HasRetransmittableData retransmittable,
                                  Force forced) {
   if (!connected_) {
     DLOG(INFO) << ENDPOINT
                << "Not sending packet as connection is disconnected.";
     delete packet;
     // Returning true because we deleted the packet and the caller shouldn't
     // delete it again.
     return true;
   }
 
   Retransmission retransmission = IsRetransmission(sequence_number) ?
       IS_RETRANSMISSION : NOT_RETRANSMISSION;
   // If we are not forced and we can't write, then simply return false;
   if (forced == NO_FORCE && !CanWrite(retransmission, retransmittable)) {
     return false;
   }
 
   scoped_ptr<QuicEncryptedPacket> encrypted(
-      framer_.EncryptPacket(sequence_number, *packet));
+      framer_.EncryptPacket(level, sequence_number, *packet));
   DLOG(INFO) << ENDPOINT << "Sending packet number " << sequence_number
              << " : " << (packet->is_fec_packet() ? "FEC " :
                  (retransmittable == HAS_RETRANSMITTABLE_DATA
                       ? "data bearing " : " ack only "))
              << " Packet length:" << packet->length();
 
   DCHECK(encrypted->length() <= kMaxPacketSize)
       << "Packet " << sequence_number << " will not be read; too large: "
       << packet->length() << " " << encrypted->length() << " "
       << outgoing_ack_ << " forced: " << (forced == FORCE ? "yes" : "no");
@@ skipping 34 matching lines @@
   delete packet;
   return true;
 }
 
 bool QuicConnection::OnSerializedPacket(
     const SerializedPacket& serialized_packet) {
   if (serialized_packet.retransmittable_frames != NULL) {
     DCHECK(unacked_packets_.empty() ||
            unacked_packets_.rbegin()->first <
                serialized_packet.sequence_number);
+    // Retransmitted frames will be sent with the same encryption level as the
+    // original.
+    serialized_packet.retransmittable_frames->set_encryption_level(
+        encryption_level_);
     unacked_packets_.insert(
         make_pair(serialized_packet.sequence_number,
                   serialized_packet.retransmittable_frames));
     // All unacked packets might be retransmitted.
     retransmission_map_.insert(
         make_pair(serialized_packet.sequence_number,
                   RetransmissionInfo(serialized_packet.sequence_number)));
   }
-  return SendOrQueuePacket(serialized_packet.sequence_number,
+  return SendOrQueuePacket(encryption_level_,
+                           serialized_packet.sequence_number,
                            serialized_packet.packet,
                            serialized_packet.entropy_hash,
                            serialized_packet.retransmittable_frames != NULL ?
                                HAS_RETRANSMITTABLE_DATA :
                                NO_RETRANSMITTABLE_DATA);
 }
 
-bool QuicConnection::SendOrQueuePacket(QuicPacketSequenceNumber sequence_number,
+bool QuicConnection::SendOrQueuePacket(EncryptionLevel level,
+                                       QuicPacketSequenceNumber sequence_number,
                                        QuicPacket* packet,
                                        QuicPacketEntropyHash entropy_hash,
                                        HasRetransmittableData retransmittable) {
   entropy_manager_.RecordSentPacketEntropyHash(sequence_number, entropy_hash);
-  if (!WritePacket(sequence_number, packet, retransmittable, NO_FORCE)) {
-    queued_packets_.push_back(QueuedPacket(sequence_number, packet,
+  if (!WritePacket(level, sequence_number, packet, retransmittable, NO_FORCE)) {
+    queued_packets_.push_back(QueuedPacket(sequence_number, packet, level,
                                            retransmittable));
     return false;
   }
   return true;
 }
 
 bool QuicConnection::ShouldSimulateLostPacket() {
   // TODO(rch): enable this
   return false;
   /*
@@ skipping 69 matching lines @@
 
   if (retransmission_timeouts_.empty()) {
     return QuicTime::Zero();
   }
 
   // We have packets remaining.  Return the absolute RTO of the oldest packet
   // on the list.
   return retransmission_timeouts_.top().scheduled_time;
 }
 
-void QuicConnection::ChangeEncrypter(QuicEncrypter* encrypter) {
-  framer_.set_encrypter(encrypter);
+void QuicConnection::SetEncrypter(EncryptionLevel level,
+                                  QuicEncrypter* encrypter) {
+  framer_.SetEncrypter(level, encrypter);
 }
 
-void QuicConnection::PushDecrypter(QuicDecrypter* decrypter) {
-  framer_.push_decrypter(decrypter);
+const QuicEncrypter* QuicConnection::encrypter(EncryptionLevel level) const {
+  return framer_.encrypter(level);
 }
 
-void QuicConnection::PopDecrypter() {
-  framer_.pop_decrypter();
+void QuicConnection::SetDefaultEncryptionLevel(
+    EncryptionLevel level) {
+  encryption_level_ = level;
+}
+
+void QuicConnection::SetDecrypter(QuicDecrypter* decrypter) {
+  framer_.SetDecrypter(decrypter);
+}
+
+void QuicConnection::SetAlternativeDecrypter(QuicDecrypter* decrypter,
+                                             bool latch_once_used) {
+  framer_.SetAlternativeDecrypter(decrypter, latch_once_used);
+}
+
+const QuicDecrypter* QuicConnection::decrypter() const {
+  return framer_.decrypter();
+}
+
+const QuicDecrypter* QuicConnection::alternative_decrypter() const {
+  return framer_.alternative_decrypter();
 }
 
 void QuicConnection::MaybeProcessRevivedPacket() {
   QuicFecGroup* group = GetFecGroup();
   if (group == NULL || !group->CanRevive()) {
     return;
   }
   QuicPacketHeader revived_header;
   char revived_payload[kMaxPacketSize];
   size_t len = group->Revive(&revived_header, revived_payload, kMaxPacketSize);
@@ skipping 44 matching lines @@
   frame.ack_frame = outgoing_ack_;
 
   SerializedPacket serialized_packet =
       packet_creator_.SerializeConnectionClose(&frame);
 
   // We need to update the sent entrophy hash for all sent packets.
   entropy_manager_.RecordSentPacketEntropyHash(
       serialized_packet.sequence_number,
       serialized_packet.entropy_hash);
 
-  WritePacket(serialized_packet.sequence_number,
+  WritePacket(encryption_level_,
+              serialized_packet.sequence_number,
               serialized_packet.packet,
               serialized_packet.retransmittable_frames != NULL ?
                   HAS_RETRANSMITTABLE_DATA : NO_RETRANSMITTABLE_DATA,
               FORCE);
 }
 
 void QuicConnection::SendConnectionCloseWithDetails(QuicErrorCode error,
                                                     const string& details) {
   SendConnectionClosePacket(error, details);
   CloseConnection(error, false);
@@ skipping 50 matching lines @@
            << " delta:" << delta.ToMicroseconds();
   if (delta >= timeout_) {
     SendConnectionClose(QUIC_CONNECTION_TIMED_OUT);
     return true;
   }
   helper_->SetTimeoutAlarm(timeout_.Subtract(delta));
   return false;
 }
 
 }  // namespace net