1 files changed, 10 insertions, 1 deletions

diff --git a/net/quic/crypto/crypto_protocol.h b/net/quic/crypto/crypto_protocol.h
index c32884a..52f0dde 100644
--- a/net/quic/crypto/crypto_protocol.h
+++ b/net/quic/crypto/crypto_protocol.h
@@ -39,7 +39,7 @@ const QuicTag kC255 = TAG('C', '2', '5', '5');  // ECDH, Curve25519
 
 // AEAD algorithms
 const QuicTag kNULL = TAG('N', 'U', 'L', 'L');  // null algorithm
-const QuicTag kAESG = TAG('A', 'E', 'S', 'G');  // AES128 + GCM
+const QuicTag kAESG = TAG('A', 'E', 'S', 'G');  // AES128 + GCM-12
 
 // Congestion control feedback types
 const QuicTag kQBIC = TAG('Q', 'B', 'I', 'C');  // TCP cubic
@@ -72,6 +72,9 @@ const QuicTag kCCS  = TAG('C', 'C', 'S', 0);    // Common certificate set
 const QuicTag kCCRT = TAG('C', 'C', 'R', 'T');  // Cached certificate
 const QuicTag kEXPY = TAG('E', 'X', 'P', 'Y');  // Expiry
 
+// Universal tags
+const QuicTag kPAD  = TAG('P', 'A', 'D', '\0'); // Padding
+
 // These tags have a special form so that they appear either at the beginning
 // or the end of a handshake message. Since handshake messages are sorted by
 // tag value, the tags with 0 at the end will sort first and those with 255 at
@@ -105,6 +108,12 @@ const size_t kOrbitSize = 8;  // Number of bytes in an orbit value.
 // any cross-protocol attacks on the signature.
 const char kProofSignatureLabel[] = "QUIC server config signature";
 
+// kClientHelloMinimumSize is the minimum size of a client hello. Client hellos
+// will have PAD tags added in order to ensure this minimum is met and client
+// hellos smaller than this will be an error. This minimum size reduces the
+// amplification factor of any mirror DoS attack.
+const size_t kClientHelloMinimumSize = 512;
+
 }  // namespace net
 
 #endif  // NET_QUIC_CRYPTO_CRYPTO_PROTOCOL_H_