QUIC: retransmit packets with the correct encryption.

net/quic/quic_crypto_client_stream.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/quic/quic_crypto_client_stream.h"
 
 #include "net/quic/crypto/crypto_protocol.h"
 #include "net/quic/crypto/crypto_utils.h"
+#include "net/quic/crypto/null_encrypter.h"
 #include "net/quic/crypto/proof_verifier.h"
 #include "net/quic/quic_protocol.h"
 #include "net/quic/quic_session.h"
 
 namespace net {
 
 QuicCryptoClientStream::QuicCryptoClientStream(
     const string& server_hostname,
     const QuicConfig& config,
     QuicSession* session,
     QuicCryptoClientConfig* crypto_config)
     : QuicCryptoStream(session),
       next_state_(STATE_IDLE),
       num_client_hellos_(0),
       config_(config),
       crypto_config_(crypto_config),
-      decrypter_pushed_(false),
       server_hostname_(server_hostname) {
 }
 
 QuicCryptoClientStream::~QuicCryptoClientStream() {
 }
 
 void QuicCryptoClientStream::OnHandshakeMessage(
     const CryptoHandshakeMessage& message) {
   DoHandshakeLoop(&message);
 }
@@ skipping 75 matching lines @@
             *scfg, CryptoUtils::PEER_PRIORITY, &negotiated_params_,
             &error_details);
         if (error != QUIC_NO_ERROR) {
           CloseConnectionWithDetails(error, error_details);
           return;
         }
         next_state_ = STATE_RECV_SHLO;
         DLOG(INFO) << "Client Sending: " << out.DebugString();
         SendHandshakeMessage(out);
         // Be prepared to decrypt with the new server write key.
-        session()->connection()->PushDecrypter(
-            crypto_negotiated_params_.decrypter.release());
-        decrypter_pushed_ = true;
+        session()->connection()->SetAlternativeDecrypter(
+            crypto_negotiated_params_.decrypter.release(),
+            true /* latch once used */);
+        // Send subsequent packets under encryption on the assumption that the
+        // server will accept the handshake.
+        session()->connection()->SetEncrypter(
+            ENCRYPTION_INITIAL,
+            crypto_negotiated_params_.encrypter.release());
+        session()->connection()->SetDefaultEncryptionLevel(
+            ENCRYPTION_INITIAL);
+        if (!encryption_established_) {
+          session()->OnCryptoHandshakeEvent(
+              QuicSession::ENCRYPTION_FIRST_ESTABLISHED);
+          encryption_established_ = true;
+        } else {
+          session()->OnCryptoHandshakeEvent(
+              QuicSession::ENCRYPTION_REESTABLISHED);
+        }
         return;
       }
       case STATE_RECV_REJ:
         // We sent a dummy CHLO because we didn't have enough information to
         // perform a handshake, or we sent a full hello that the server
         // rejected. Here we hope to have a REJ that contains the information
         // that we need.
         if (in->tag() != kREJ) {
           CloseConnectionWithDetails(QUIC_INVALID_CRYPTO_MESSAGE_TYPE,
                                      "Expected REJ");
@@ skipping 19 matching lines @@
                                        cached->certs(),
                                        cached->signature(),
                                        &error_details)) {
               CloseConnectionWithDetails(QUIC_PROOF_INVALID,
                                          "Proof invalid: " + error_details);
               return;
             }
             cached->SetProofValid();
           }
         }
-        // Clear any new server write key that we may have set before.
-        if (decrypter_pushed_) {
-          session()->connection()->PopDecrypter();
-          decrypter_pushed_ = false;
-        }
+        // Send the subsequent client hello in plaintext.
+        session()->connection()->SetDefaultEncryptionLevel(
+            ENCRYPTION_NONE);
         next_state_ = STATE_SEND_CHLO;
         break;
       case STATE_RECV_SHLO:
         // We sent a CHLO that we expected to be accepted and now we're hoping
         // for a SHLO from the server to confirm that.
         if (in->tag() == kREJ) {
           next_state_ = STATE_RECV_REJ;
           break;
         }
         if (in->tag() != kSHLO) {
           CloseConnectionWithDetails(QUIC_INVALID_CRYPTO_MESSAGE_TYPE,
                                      "Expected SHLO or REJ");
           return;
         }
-        // Receiving SHLO implies the server must have processed our full
-        // CHLO and is ready to decrypt with the new client write key.  We
-        // can start to encrypt with the new client write key.
-        // TODO(wtc): when we support 0-RTT, we will need to change the
-        // encrypter when we send a full CHLO because we will be sending
-        // application data immediately after.
-        session()->connection()->ChangeEncrypter(
-            crypto_negotiated_params_.encrypter.release());
-        SetHandshakeComplete(QUIC_NO_ERROR);
+        // TODO(agl): enable this once the tests are corrected to permit it.
+        // DCHECK(session()->connection()->alternative_decrypter() == NULL);
+        handshake_confirmed_ = true;
+        session()->OnCryptoHandshakeEvent(QuicSession::HANDSHAKE_CONFIRMED);
         return;
       case STATE_IDLE:
         // This means that the peer sent us a message that we weren't expecting.
         CloseConnection(QUIC_INVALID_CRYPTO_MESSAGE_TYPE);
         return;
     }
   }
 }
 
 }  // namespace net