BASELINE: Update Chromium to 47.0.2526.109

Also adds sources for CDM.

Change-Id: Id1c834411de135c71deb23b884f2dce902190136
Reviewed-by: Michael Brüning <michael.bruning@theqtcompany.com>

16 files changed, 172 insertions, 37 deletions

diff --git a/chromium/net/quic/crypto/crypto_protocol.h b/chromium/net/quic/crypto/crypto_protocol.h
index 6d56198ce82..ff238ec2fab 100644
--- a/chromium/net/quic/crypto/crypto_protocol.h
+++ b/chromium/net/quic/crypto/crypto_protocol.h
@@ -166,6 +166,9 @@ const QuicTag kRSEQ = TAG('R', 'S', 'E', 'Q');   // Rejected packet number
 
 // Universal tags
 const QuicTag kPAD  = TAG('P', 'A', 'D', '\0');  // Padding
+
+// Sent by clients with the fix to crbug/566156
+const QuicTag kFIXD = TAG('F', 'I', 'X', 'D');   // Client hello
 // clang-format on
 
 // These tags have a special form so that they appear either at the beginning
diff --git a/chromium/net/quic/crypto/quic_crypto_client_config_test.cc b/chromium/net/quic/crypto/quic_crypto_client_config_test.cc
index 0e1ea792f86..804a96316f5 100644
--- a/chromium/net/quic/crypto/quic_crypto_client_config_test.cc
+++ b/chromium/net/quic/crypto/quic_crypto_client_config_test.cc
@@ -6,6 +6,7 @@
 
 #include "net/quic/crypto/proof_verifier.h"
 #include "net/quic/quic_server_id.h"
+#include "net/quic/test_tools/crypto_test_utils.h"
 #include "net/quic/test_tools/mock_random.h"
 #include "net/quic/test_tools/quic_test_utils.h"
 #include "testing/gtest/include/gtest/gtest.h"
@@ -350,43 +351,9 @@ TEST(QuicCryptoClientConfigTest, ClearCachedStates) {
   EXPECT_EQ(2u, cleared_cache->generation_counter());
 }
 
-// Creates a minimal dummy reject message that will pass the client-config
-// validation tests.
-void FillInDummyReject(CryptoHandshakeMessage* rej, bool reject_is_stateless) {
-  if (reject_is_stateless) {
-    rej->set_tag(kSREJ);
-  } else {
-    rej->set_tag(kREJ);
-  }
-
-  // Minimum SCFG that passes config validation checks.
-  // clang-format off
-  unsigned char scfg[] = {
-    // SCFG
-    0x53, 0x43, 0x46, 0x47,
-    // num entries
-    0x01, 0x00,
-    // padding
-    0x00, 0x00,
-    // EXPY
-    0x45, 0x58, 0x50, 0x59,
-    // EXPY end offset
-    0x08, 0x00, 0x00, 0x00,
-    // Value
-    '1',  '2',  '3',  '4',
-    '5',  '6',  '7',  '8'
-  };
-  // clang-format on
-  rej->SetValue(kSCFG, scfg);
-  rej->SetStringPiece(kServerNonceTag, "SERVER_NONCE");
-  vector<QuicTag> reject_reasons;
-  reject_reasons.push_back(CLIENT_NONCE_INVALID_FAILURE);
-  rej->SetVector(kRREJ, reject_reasons);
-}
-
 TEST(QuicCryptoClientConfigTest, ProcessReject) {
   CryptoHandshakeMessage rej;
-  FillInDummyReject(&rej, /* stateless */ false);
+  CryptoTestUtils::FillInDummyReject(&rej, /* stateless */ false);
 
   // Now process the rejection.
   QuicCryptoClientConfig::CachedState cached;
@@ -404,7 +371,7 @@ TEST(QuicCryptoClientConfigTest, ProcessReject) {
 TEST(QuicCryptoClientConfigTest, ProcessStatelessReject) {
   // Create a dummy reject message and mark it as stateless.
   CryptoHandshakeMessage rej;
-  FillInDummyReject(&rej, /* stateless */ true);
+  CryptoTestUtils::FillInDummyReject(&rej, /* stateless */ true);
   const QuicConnectionId kConnectionId = 0xdeadbeef;
   const string server_nonce = "SERVER_NONCE";
   rej.SetValue(kRCID, kConnectionId);
@@ -428,7 +395,7 @@ TEST(QuicCryptoClientConfigTest, BadlyFormattedStatelessReject) {
   // Create a dummy reject message and mark it as stateless.  Do not
   // add an server-designated connection-id.
   CryptoHandshakeMessage rej;
-  FillInDummyReject(&rej, /* stateless */ true);
+  CryptoTestUtils::FillInDummyReject(&rej, /* stateless */ true);
 
   // Now process the rejection.
   QuicCryptoClientConfig::CachedState cached;
diff --git a/chromium/net/quic/quic_connection.cc b/chromium/net/quic/quic_connection.cc
index 261230b062a..a3fa3d93313 100644
--- a/chromium/net/quic/quic_connection.cc
+++ b/chromium/net/quic/quic_connection.cc
@@ -1132,6 +1132,12 @@ QuicConsumedData QuicConnection::SendStreamData(
     LOG(DFATAL) << "Attempt to send empty stream frame";
     return QuicConsumedData(0, false);
   }
+  if (FLAGS_quic_never_write_unencrypted_data && id != kCryptoStreamId &&
+      encryption_level_ == ENCRYPTION_NONE) {
+    LOG(DFATAL) << "Cannot send stream data without encryption.";
+    CloseConnection(QUIC_UNENCRYPTED_STREAM_DATA, false);
+    return QuicConsumedData(0, false);
+  }
 
   // Opportunistically bundle an ack with every outgoing packet.
   // Particularly, we want to bundle with handshake packets since we don't know
diff --git a/chromium/net/quic/quic_connection_test.cc b/chromium/net/quic/quic_connection_test.cc
index 388070efa9c..13128011b45 100644
--- a/chromium/net/quic/quic_connection_test.cc
+++ b/chromium/net/quic/quic_connection_test.cc
@@ -17,6 +17,7 @@
 #include "net/quic/crypto/quic_decrypter.h"
 #include "net/quic/crypto/quic_encrypter.h"
 #include "net/quic/quic_ack_notifier.h"
+#include "net/quic/quic_flags.h"
 #include "net/quic/quic_protocol.h"
 #include "net/quic/quic_utils.h"
 #include "net/quic/test_tools/mock_clock.h"
@@ -719,6 +720,9 @@ class QuicConnectionTest : public ::testing::TestWithParam<TestParams> {
         .WillRepeatedly(Return(QuicTime::Zero()));
     EXPECT_CALL(*loss_algorithm_, DetectLostPackets(_, _, _, _))
         .WillRepeatedly(Return(PacketNumberSet()));
+    // TODO(ianswett): Fix QuicConnectionTests so they don't attempt to write
+    // non-crypto stream data at ENCRYPTION_NONE.
+    FLAGS_quic_never_write_unencrypted_data = false;
   }
 
   QuicVersion version() { return GetParam().version; }
@@ -4810,6 +4814,15 @@ TEST_P(QuicConnectionTest, DoNotSendGoAwayTwice) {
   connection_.SendGoAway(QUIC_PEER_GOING_AWAY, kHeadersStreamId, "Going Away.");
 }
 
+TEST_P(QuicConnectionTest, SendingUnencryptedStreamDataFails) {
+  FLAGS_quic_never_write_unencrypted_data = true;
+  EXPECT_CALL(visitor_,
+              OnConnectionClosed(QUIC_UNENCRYPTED_STREAM_DATA, false));
+  EXPECT_DFATAL(connection_.SendStreamDataWithString(3, "", 0, kFin, nullptr),
+                "Cannot send stream data without encryption.");
+  EXPECT_FALSE(connection_.connected());
+}
+
 }  // namespace
 }  // namespace test
 }  // namespace net
diff --git a/chromium/net/quic/quic_crypto_client_stream.cc b/chromium/net/quic/quic_crypto_client_stream.cc
index d4ea4bab337..c5742da2c2e 100644
--- a/chromium/net/quic/quic_crypto_client_stream.cc
+++ b/chromium/net/quic/quic_crypto_client_stream.cc
@@ -4,6 +4,8 @@
 
 #include "net/quic/quic_crypto_client_stream.h"
 
+#include <vector>
+
 #include "base/metrics/histogram_macros.h"
 #include "base/profiler/scoped_tracker.h"
 #include "net/quic/crypto/crypto_protocol.h"
@@ -15,9 +17,30 @@
 #include "net/quic/quic_session.h"
 
 using std::string;
+using std::vector;
 
 namespace net {
 
+namespace {
+
+void AppendFixed(CryptoHandshakeMessage* message) {
+  vector<QuicTag> tags;
+  tags.push_back(kFIXD);
+
+  const QuicTag* received_tags;
+  size_t received_tags_length;
+  QuicErrorCode error =
+      message->GetTaglist(kCOPT, &received_tags, &received_tags_length);
+  if (error == QUIC_NO_ERROR) {
+    for (size_t i = 0; i < received_tags_length; ++i) {
+      tags.push_back(received_tags[i]);
+    }
+  }
+  message->SetVector(kCOPT, tags);
+}
+
+}  // namespace
+
 QuicCryptoClientStream::ChannelIDSourceCallbackImpl::
 ChannelIDSourceCallbackImpl(QuicCryptoClientStream* stream)
     : stream_(stream) {}
@@ -256,6 +279,7 @@ void QuicCryptoClientStream::DoSendCHLO(
 
   // Send the client hello in plaintext.
   session()->connection()->SetDefaultEncryptionLevel(ENCRYPTION_NONE);
+  encryption_established_ = false;
   if (num_client_hellos_ > kMaxClientHellos) {
     CloseConnection(QUIC_CRYPTO_TOO_MANY_REJECTS);
     return;
@@ -268,6 +292,12 @@ void QuicCryptoClientStream::DoSendCHLO(
   // Send all the options, regardless of whether we're sending an
   // inchoate or subsequent hello.
   session()->config()->ToHandshakeMessage(&out);
+
+  // This block and function should be removed after removing QUIC_VERSION_25.
+  if (FLAGS_quic_require_fix) {
+    AppendFixed(&out);
+  }
+
   if (!cached->IsComplete(session()->connection()->clock()->WallNow())) {
     crypto_config_->FillInchoateClientHello(
         server_id_,
diff --git a/chromium/net/quic/quic_crypto_server_stream.cc b/chromium/net/quic/quic_crypto_server_stream.cc
index f50ab9e8b37..fe1157b4f57 100644
--- a/chromium/net/quic/quic_crypto_server_stream.cc
+++ b/chromium/net/quic/quic_crypto_server_stream.cc
@@ -20,6 +20,24 @@ using std::string;
 
 namespace net {
 
+namespace {
+bool HasFixedTag(const CryptoHandshakeMessage& message) {
+  const QuicTag* received_tags;
+  size_t received_tags_length;
+  QuicErrorCode error =
+      message.GetTaglist(kCOPT, &received_tags, &received_tags_length);
+  if (error == QUIC_NO_ERROR) {
+    DCHECK(received_tags);
+    for (size_t i = 0; i < received_tags_length; ++i) {
+      if (received_tags[i] == kFIXD) {
+        return true;
+      }
+    }
+  }
+  return false;
+}
+}  // namespace
+
 void ServerHelloNotifier::OnAckNotification(
     int num_retransmitted_packets,
     int num_retransmitted_bytes,
@@ -57,6 +75,12 @@ void QuicCryptoServerStream::OnHandshakeMessage(
   QuicCryptoStream::OnHandshakeMessage(message);
   ++num_handshake_messages_;
 
+  // This block should be removed with support for QUIC_VERSION_25.
+  if (FLAGS_quic_require_fix && !HasFixedTag(message)) {
+    CloseConnection(QUIC_CRYPTO_MESSAGE_PARAMETER_NOT_FOUND);
+    return;
+  }
+
   // Do not process handshake messages after the handshake is confirmed.
   if (handshake_confirmed_) {
     CloseConnection(QUIC_CRYPTO_MESSAGE_AFTER_HANDSHAKE_COMPLETE);
diff --git a/chromium/net/quic/quic_crypto_server_stream_test.cc b/chromium/net/quic/quic_crypto_server_stream_test.cc
index 5a999ed1f51..7a205137f06 100644
--- a/chromium/net/quic/quic_crypto_server_stream_test.cc
+++ b/chromium/net/quic/quic_crypto_server_stream_test.cc
@@ -363,6 +363,7 @@ TEST_P(QuicCryptoServerStreamTest, ZeroRTT) {
 }
 
 TEST_P(QuicCryptoServerStreamTest, MessageAfterHandshake) {
+  FLAGS_quic_require_fix = false;
   CompleteCryptoHandshake();
   EXPECT_CALL(
       *server_connection_,
@@ -375,6 +376,7 @@ TEST_P(QuicCryptoServerStreamTest, MessageAfterHandshake) {
 }
 
 TEST_P(QuicCryptoServerStreamTest, BadMessageType) {
+  FLAGS_quic_require_fix = false;
   message_.set_tag(kSHLO);
   ConstructHandshakeMessage();
   EXPECT_CALL(*server_connection_,
diff --git a/chromium/net/quic/quic_flags.cc b/chromium/net/quic/quic_flags.cc
index dcbc230fc1b..c897b54ee84 100644
--- a/chromium/net/quic/quic_flags.cc
+++ b/chromium/net/quic/quic_flags.cc
@@ -73,3 +73,13 @@ bool FLAGS_reset_cubic_epoch_when_app_limited = true;
 // If true, use an interval set as the internal representation of a packet queue
 // instead of a set.
 bool FLAGS_quic_packet_queue_use_interval_set = true;
+
+// If true, QUIC sessions will write block streams that attempt to write
+// unencrypted data.
+bool FLAGS_quic_block_unencrypted_writes = true;
+
+// If true, Close the connection instead of writing unencrypted stream data.
+bool FLAGS_quic_never_write_unencrypted_data = true;
+
+// If true, reject any incoming QUIC which does not have the FIXD tag.
+bool FLAGS_quic_require_fix = true;
diff --git a/chromium/net/quic/quic_flags.h b/chromium/net/quic/quic_flags.h
index ec4cd5a02cd..b6f1993367f 100644
--- a/chromium/net/quic/quic_flags.h
+++ b/chromium/net/quic/quic_flags.h
@@ -26,5 +26,8 @@ NET_EXPORT_PRIVATE extern bool FLAGS_send_goaway_after_client_migration;
 NET_EXPORT_PRIVATE extern bool FLAGS_quic_close_connection_out_of_order_sending;
 NET_EXPORT_PRIVATE extern bool FLAGS_reset_cubic_epoch_when_app_limited;
 NET_EXPORT_PRIVATE extern bool FLAGS_quic_packet_queue_use_interval_set;
+NET_EXPORT_PRIVATE extern bool FLAGS_quic_block_unencrypted_writes;
+NET_EXPORT_PRIVATE extern bool FLAGS_quic_never_write_unencrypted_data;
+NET_EXPORT_PRIVATE extern bool FLAGS_quic_require_fix;
 
 #endif  // NET_QUIC_QUIC_FLAGS_H_
diff --git a/chromium/net/quic/quic_session.cc b/chromium/net/quic/quic_session.cc
index fe375bf69b1..890f5a25f18 100644
--- a/chromium/net/quic/quic_session.cc
+++ b/chromium/net/quic/quic_session.cc
@@ -296,6 +296,12 @@ QuicConsumedData QuicSession::WritevData(
     bool fin,
     FecProtection fec_protection,
     QuicAckNotifier::DelegateInterface* ack_notifier_delegate) {
+  if (FLAGS_quic_block_unencrypted_writes && !IsEncryptionEstablished() &&
+      id != kCryptoStreamId) {
+    // Do not let streams write without encryption. The calling stream will end
+    // up write blocked until OnCanWrite is next called.
+    return QuicConsumedData(0, false);
+  }
   return connection_->SendStreamData(id, iov, offset, fin, fec_protection,
                                      ack_notifier_delegate);
 }
@@ -519,12 +525,20 @@ void QuicSession::OnCryptoHandshakeEvent(CryptoHandshakeEvent event) {
     // TODO(satyamshekhar): Move the logic of setting the encrypter/decrypter
     // to QuicSession since it is the glue.
     case ENCRYPTION_FIRST_ESTABLISHED:
+      // Given any streams blocked by encryption a chance to write.
+      if (FLAGS_quic_block_unencrypted_writes) {
+        OnCanWrite();
+      }
       break;
 
     case ENCRYPTION_REESTABLISHED:
       // Retransmit originally packets that were sent, since they can't be
       // decrypted by the peer.
       connection_->RetransmitUnackedPackets(ALL_INITIAL_RETRANSMISSION);
+      // Given any streams blocked by encryption a chance to write.
+      if (FLAGS_quic_block_unencrypted_writes) {
+        OnCanWrite();
+      }
       break;
 
     case HANDSHAKE_CONFIRMED:
diff --git a/chromium/net/quic/quic_session_test.cc b/chromium/net/quic/quic_session_test.cc
index 706b426aa76..c49936577ae 100644
--- a/chromium/net/quic/quic_session_test.cc
+++ b/chromium/net/quic/quic_session_test.cc
@@ -13,6 +13,7 @@
 #include "base/strings/string_number_conversions.h"
 #include "net/quic/crypto/crypto_protocol.h"
 #include "net/quic/quic_crypto_stream.h"
+#include "net/quic/quic_flags.h"
 #include "net/quic/quic_protocol.h"
 #include "net/quic/quic_utils.h"
 #include "net/quic/reliable_quic_stream.h"
@@ -223,6 +224,9 @@ class QuicSessionTestBase : public ::testing::TestWithParam<QuicVersion> {
         "EFFlEYHsBQ98rXImL8ySDycdLEFvBPdtctPmWCfTxwmoSMLHU2SCVDhbqMWU5b0yr"
         "JBCScs_ejbKaqBDoB7ZGxTvqlrB__2ZmnHHjCr8RgMRtKNtIeuZAo ";
     connection_->AdvanceTime(QuicTime::Delta::FromSeconds(1));
+    // TODO(ianswett): Fix QuicSessionTests so they don't attempt to write
+    // non-crypto stream data at ENCRYPTION_NONE.
+    FLAGS_quic_never_write_unencrypted_data = false;
   }
 
   void CheckClosedStreams() {
@@ -391,6 +395,10 @@ TEST_P(QuicSessionTestServer, OnCanWrite) {
 }
 
 TEST_P(QuicSessionTestServer, OnCanWriteBundlesStreams) {
+  // Encryption needs to be established before data can be sent.
+  CryptoHandshakeMessage msg;
+  session_.GetCryptoStream()->OnHandshakeMessage(msg);
+
   // Drive congestion control manually.
   MockSendAlgorithm* send_algorithm = new StrictMock<MockSendAlgorithm>;
   QuicConnectionPeer::SetSendAlgorithm(session_.connection(), send_algorithm);
diff --git a/chromium/net/quic/test_tools/crypto_test_utils.cc b/chromium/net/quic/test_tools/crypto_test_utils.cc
index 409a042bc35..0ab55f1f399 100644
--- a/chromium/net/quic/test_tools/crypto_test_utils.cc
+++ b/chromium/net/quic/test_tools/crypto_test_utils.cc
@@ -398,6 +398,40 @@ CommonCertSets* CryptoTestUtils::MockCommonCertSets(StringPiece cert,
   return new class MockCommonCertSets(cert, hash, index);
 }
 
+// static
+void CryptoTestUtils::FillInDummyReject(CryptoHandshakeMessage* rej,
+                                        bool reject_is_stateless) {
+  if (reject_is_stateless) {
+    rej->set_tag(kSREJ);
+  } else {
+    rej->set_tag(kREJ);
+  }
+
+  // Minimum SCFG that passes config validation checks.
+  // clang-format off
+  unsigned char scfg[] = {
+    // SCFG
+    0x53, 0x43, 0x46, 0x47,
+    // num entries
+    0x01, 0x00,
+    // padding
+    0x00, 0x00,
+    // EXPY
+    0x45, 0x58, 0x50, 0x59,
+    // EXPY end offset
+    0x08, 0x00, 0x00, 0x00,
+    // Value
+    '1',  '2',  '3',  '4',
+    '5',  '6',  '7',  '8'
+  };
+  // clang-format on
+  rej->SetValue(kSCFG, scfg);
+  rej->SetStringPiece(kServerNonceTag, "SERVER_NONCE");
+  vector<QuicTag> reject_reasons;
+  reject_reasons.push_back(CLIENT_NONCE_INVALID_FAILURE);
+  rej->SetVector(kRREJ, reject_reasons);
+}
+
 void CryptoTestUtils::CompareClientAndServerKeys(
     QuicCryptoClientStream* client,
     QuicCryptoServerStream* server) {
diff --git a/chromium/net/quic/test_tools/crypto_test_utils.h b/chromium/net/quic/test_tools/crypto_test_utils.h
index 78aec5cca42..38fadaea0ce 100644
--- a/chromium/net/quic/test_tools/crypto_test_utils.h
+++ b/chromium/net/quic/test_tools/crypto_test_utils.h
@@ -147,6 +147,12 @@ class CryptoTestUtils {
                                             uint64 hash,
                                             uint32 index);
 
+  // Creates a minimal dummy reject message that will pass the client-config
+  // validation tests. This will include a server config, but no certs, proof
+  // source address token, or server nonce.
+  static void FillInDummyReject(CryptoHandshakeMessage* rej,
+                                bool reject_is_stateless);
+
   // ParseTag returns a QuicTag from parsing |tagstr|. |tagstr| may either be
   // in the format "EXMP" (i.e. ASCII format), or "#11223344" (an explicit hex
   // format). It CHECK fails if there's a parse error.
diff --git a/chromium/net/quic/test_tools/mock_crypto_client_stream.cc b/chromium/net/quic/test_tools/mock_crypto_client_stream.cc
index 290693933fd..c54ccff7a0c 100644
--- a/chromium/net/quic/test_tools/mock_crypto_client_stream.cc
+++ b/chromium/net/quic/test_tools/mock_crypto_client_stream.cc
@@ -5,6 +5,7 @@
 #include "net/quic/test_tools/mock_crypto_client_stream.h"
 
 #include "net/quic/crypto/quic_decrypter.h"
+#include "net/quic/crypto/quic_encrypter.h"
 #include "net/quic/quic_client_session_base.h"
 #include "net/quic/quic_server_id.h"
 #include "testing/gtest/include/gtest/gtest.h"
@@ -40,6 +41,9 @@ void MockCryptoClientStream::CryptoConnect() {
       handshake_confirmed_ = false;
       session()->connection()->SetDecrypter(ENCRYPTION_INITIAL,
                                             QuicDecrypter::Create(kNULL));
+      session()->connection()->SetEncrypter(ENCRYPTION_INITIAL,
+                                            QuicEncrypter::Create(kNULL));
+      session()->connection()->SetDefaultEncryptionLevel(ENCRYPTION_INITIAL);
       session()->OnCryptoHandshakeEvent(
           QuicSession::ENCRYPTION_FIRST_ESTABLISHED);
       break;
@@ -56,6 +60,10 @@ void MockCryptoClientStream::CryptoConnect() {
       SetConfigNegotiated();
       session()->connection()->SetDecrypter(ENCRYPTION_FORWARD_SECURE,
                                             QuicDecrypter::Create(kNULL));
+      session()->connection()->SetEncrypter(ENCRYPTION_FORWARD_SECURE,
+                                            QuicEncrypter::Create(kNULL));
+      session()->connection()->SetDefaultEncryptionLevel(
+          ENCRYPTION_FORWARD_SECURE);
       session()->OnCryptoHandshakeEvent(QuicSession::HANDSHAKE_CONFIRMED);
       break;
     }
diff --git a/chromium/net/quic/test_tools/quic_packet_creator_peer.cc b/chromium/net/quic/test_tools/quic_packet_creator_peer.cc
index b5c94141678..2437fa0493c 100644
--- a/chromium/net/quic/test_tools/quic_packet_creator_peer.cc
+++ b/chromium/net/quic/test_tools/quic_packet_creator_peer.cc
@@ -52,5 +52,11 @@ void QuicPacketCreatorPeer::SetPacketNumber(QuicPacketCreator* creator,
   creator->packet_number_ = s;
 }
 
+// static
+EncryptionLevel QuicPacketCreatorPeer::GetEncryptionLevel(
+    QuicPacketCreator* creator) {
+  return creator->encryption_level_;
+}
+
 }  // namespace test
 }  // namespace net
diff --git a/chromium/net/quic/test_tools/quic_packet_creator_peer.h b/chromium/net/quic/test_tools/quic_packet_creator_peer.h
index 83efcb250a9..05f0d96594b 100644
--- a/chromium/net/quic/test_tools/quic_packet_creator_peer.h
+++ b/chromium/net/quic/test_tools/quic_packet_creator_peer.h
@@ -29,6 +29,7 @@ class QuicPacketCreatorPeer {
   static QuicPacketNumberLength NextPacketNumberLength(
       QuicPacketCreator* creator);
   static void SetPacketNumber(QuicPacketCreator* creator, QuicPacketNumber s);
+  static EncryptionLevel GetEncryptionLevel(QuicPacketCreator* creator);
 
  private:
   DISALLOW_COPY_AND_ASSIGN(QuicPacketCreatorPeer);