[trafficserver] branch quic-latest updated: support stateless retry token in transport parameters

zwoop Thu, 07 Sep 2017 10:11:05 -0700

This is an automated email from the ASF dual-hosted git repository.

zwoop pushed a commit to branch quic-latest
in repository https://gitbox.apache.org/repos/asf/trafficserver.git



The following commit(s) were added to refs/heads/quic-latest by this push:
     new 27fca42  support stateless retry token in transport parameters
27fca42 is described below

commit 27fca42498de9d55d54dd53ca07d6f5858f5fca4
Author: scw00 <sc...@apache.org>
AuthorDate: Wed Sep 6 10:59:41 2017 +0800

    support stateless retry token in transport parameters
---
 iocore/net/P_QUICNetVConnection.h                  |  2 ++
 iocore/net/QUICNetVConnection.cc                   |  5 +++-
 iocore/net/quic/QUICHandshake.cc                   |  5 +++-
 iocore/net/quic/QUICHandshake.h                    |  4 +++-
 iocore/net/quic/QUICTransportParameters.cc         | 15 ++++++++++++
 iocore/net/quic/QUICTransportParameters.h          |  2 ++
 iocore/net/quic/QUICTypes.h                        | 23 ++++++++++++++++++
 .../net/quic/test/test_QUICTransportParameters.cc  | 28 ++++++++++++++--------
 8 files changed, 71 insertions(+), 13 deletions(-)

diff --git a/iocore/net/P_QUICNetVConnection.h 
b/iocore/net/P_QUICNetVConnection.h
index 3937017..1216f43 100644
--- a/iocore/net/P_QUICNetVConnection.h
+++ b/iocore/net/P_QUICNetVConnection.h
@@ -240,6 +240,8 @@ private:
   QUICApplication *_create_application();
   void _init_flow_control_params(const std::shared_ptr<const 
QUICTransportParameters> &local_tp,
                                  const std::shared_ptr<const 
QUICTransportParameters> &remote_tp);
+
+  QUICStatelessToken _token;
 };
 
 extern ClassAllocator<QUICNetVConnection> quicNetVCAllocator;
diff --git a/iocore/net/QUICNetVConnection.cc b/iocore/net/QUICNetVConnection.cc
index d6b233c..fce4ad8 100644
--- a/iocore/net/QUICNetVConnection.cc
+++ b/iocore/net/QUICNetVConnection.cc
@@ -49,6 +49,7 @@
 static constexpr uint32_t MINIMUM_MTU               = 1280;
 static constexpr uint32_t MAX_PACKET_OVERHEAD       = 25; // Max long header 
len(17) + FNV-1a hash len(8)
 static constexpr uint32_t MAX_STREAM_FRAME_OVERHEAD = 15;
+static constexpr char STATELESS_RETRY_TOKEN_KEY[]   = 
"stateless_token_retry_key";
 
 ClassAllocator<QUICNetVConnection> quicNetVCAllocator("quicNetVCAllocator");
 
@@ -95,7 +96,9 @@ void
 QUICNetVConnection::start(SSL_CTX *ssl_ctx)
 {
   // Version 0x00000001 uses stream 0 for cryptographic handshake with TLS 
1.3, but newer version may not
-  this->_handshake_handler = new QUICHandshake(this, ssl_ctx);
+  this->_token.gen_token(STATELESS_RETRY_TOKEN_KEY, _quic_connection_id ^ id);
+
+  this->_handshake_handler = new QUICHandshake(this, ssl_ctx, 
this->_token.get());
   this->_application_map   = new QUICApplicationMap();
   this->_application_map->set(STREAM_ID_FOR_HANDSHAKE, 
this->_handshake_handler);
 
diff --git a/iocore/net/quic/QUICHandshake.cc b/iocore/net/quic/QUICHandshake.cc
index 85455fc..ef82f75 100644
--- a/iocore/net/quic/QUICHandshake.cc
+++ b/iocore/net/quic/QUICHandshake.cc
@@ -54,7 +54,7 @@ static constexpr int UDP_MAXIMUM_PAYLOAD_SIZE = 65527;
 // TODO: fix size
 static constexpr int MAX_HANDSHAKE_MSG_LEN = 65527;
 
-QUICHandshake::QUICHandshake(QUICConnection *qc, SSL_CTX *ssl_ctx) : 
QUICApplication(qc)
+QUICHandshake::QUICHandshake(QUICConnection *qc, SSL_CTX *ssl_ctx, INK_MD5 
token) : QUICApplication(qc), _token(token)
 {
   this->_ssl = SSL_new(ssl_ctx);
   SSL_set_ex_data(this->_ssl, QUIC::ssl_quic_qc_index, qc);
@@ -257,6 +257,9 @@ QUICHandshake::_load_local_transport_parameters()
   tp->add(QUICTransportParameterId::IDLE_TIMEOUT, 
std::unique_ptr<QUICTransportParameterValue>(new QUICTransportParameterValue(
                                                     
params->no_activity_timeout_in(), sizeof(uint16_t))));
 
+  tp->add(QUICTransportParameterId::STATELESS_RETRY_TOKEN,
+          std::unique_ptr<QUICTransportParameterValue>(new 
QUICTransportParameterValue(this->_token.u64, 16)));
+
   tp->add_version(QUIC_SUPPORTED_VERSIONS[0]);
   // MAYs
   // 
this->_local_transport_parameters.add(QUICTransportParameterId::TRUNCATE_CONNECTION_ID,
 {});
diff --git a/iocore/net/quic/QUICHandshake.h b/iocore/net/quic/QUICHandshake.h
index 61baa4a..e8866d6 100644
--- a/iocore/net/quic/QUICHandshake.h
+++ b/iocore/net/quic/QUICHandshake.h
@@ -50,7 +50,7 @@ class SSLNextProtocolSet;
 class QUICHandshake : public QUICApplication
 {
 public:
-  QUICHandshake(QUICConnection *qc, SSL_CTX *ssl_ctx);
+  QUICHandshake(QUICConnection *qc, SSL_CTX *ssl_ctx, INK_MD5 token);
   ~QUICHandshake();
 
   QUICError start(const QUICPacket *initial_packet, QUICPacketFactory 
*packet_factory);
@@ -87,4 +87,6 @@ private:
   QUICError _process_client_hello();
   QUICError _process_client_finished();
   QUICError _process_handshake_complete();
+
+  INK_MD5 _token;
 };
diff --git a/iocore/net/quic/QUICTransportParameters.cc 
b/iocore/net/quic/QUICTransportParameters.cc
index 50c149f..2debfac 100644
--- a/iocore/net/quic/QUICTransportParameters.cc
+++ b/iocore/net/quic/QUICTransportParameters.cc
@@ -44,6 +44,21 @@ 
QUICTransportParameterValue::QUICTransportParameterValue(uint64_t raw_data, uint
   this->_len = len;
 };
 
+QUICTransportParameterValue::QUICTransportParameterValue(uint64_t raw_data[2], 
uint16_t l)
+{
+  this->_data = ats_unique_malloc(l);
+  size_t len  = 0;
+  if (l > 8) {
+    QUICTypeUtil::write_uint_as_nbytes(raw_data[0], 8, this->_data.get(), 
&len);
+    this->_len += len;
+    QUICTypeUtil::write_uint_as_nbytes(raw_data[1], l - 8, this->_data.get() + 
8, &len);
+    this->_len += len;
+  } else {
+    QUICTypeUtil::write_uint_as_nbytes(raw_data[0], l, this->_data.get(), 
&len);
+    this->_len += len;
+  }
+}
+
 const uint8_t *
 QUICTransportParameterValue::data() const
 {
diff --git a/iocore/net/quic/QUICTransportParameters.h 
b/iocore/net/quic/QUICTransportParameters.h
index 87d8af6..63923b0 100644
--- a/iocore/net/quic/QUICTransportParameters.h
+++ b/iocore/net/quic/QUICTransportParameters.h
@@ -40,6 +40,7 @@ public:
     IDLE_TIMEOUT,
     TRUNCATE_CONNECTION_ID,
     MAX_PACKET_SIZE,
+    STATELESS_RETRY_TOKEN,
   };
 
   explicit operator bool() const { return true; }
@@ -68,6 +69,7 @@ class QUICTransportParameterValue
 public:
   QUICTransportParameterValue(ats_unique_buf d, uint16_t l);
   QUICTransportParameterValue(uint64_t raw_data, uint16_t l);
+  QUICTransportParameterValue(uint64_t raw_data[2], uint16_t l);
 
   const uint8_t *data() const;
   uint16_t len() const;
diff --git a/iocore/net/quic/QUICTypes.h b/iocore/net/quic/QUICTypes.h
index 5c3f9c2..cd2f21b 100644
--- a/iocore/net/quic/QUICTypes.h
+++ b/iocore/net/quic/QUICTypes.h
@@ -37,6 +37,7 @@
 #include <memory>
 #include <random>
 #include <cstdint>
+#include "ts/INK_MD5.h"
 #include "ts/ink_memory.h"
 
 // These magical defines should be removed when we implement seriously
@@ -149,6 +150,28 @@ struct QUICError {
   const char *msg;
 };
 
+class QUICStatelessToken
+{
+public:
+  void
+  gen_token(const char *key, uint64_t data)
+  {
+    MD5Context ctx;
+    ctx.update(key, strlen(key));
+    ctx.update(reinterpret_cast<void *>(&data), 8);
+    ctx.finalize(_md5);
+  }
+
+  const INK_MD5
+  get() const
+  {
+    return _md5;
+  }
+
+private:
+  INK_MD5 _md5;
+};
+
 class QUICConnectionId
 {
 public:
diff --git a/iocore/net/quic/test/test_QUICTransportParameters.cc 
b/iocore/net/quic/test/test_QUICTransportParameters.cc
index adf3daf..b65e406 100644
--- a/iocore/net/quic/test/test_QUICTransportParameters.cc
+++ b/iocore/net/quic/test/test_QUICTransportParameters.cc
@@ -79,15 +79,19 @@ TEST_CASE("QUICTransportParametersInClientHello_write", 
"[quic]")
   uint16_t len;
 
   uint8_t expected[] = {
-    0x01, 0x02, 0x03, 0x04, // negotiated version
-    0x05, 0x06, 0x07, 0x08, // iinitial version
-    0x00, 0x0e,             // size of parameters
-    0x00, 0x00,             // parameter id
-    0x00, 0x04,             // length of value
-    0x11, 0x22, 0x33, 0x44, // value
-    0x00, 0x05,             // parameter id
-    0x00, 0x02,             // length of value
-    0xab, 0xcd,             // value
+    0x01, 0x02, 0x03, 0x04,                         // negotiated version
+    0x05, 0x06, 0x07, 0x08,                         // iinitial version
+    0x00, 0x22,                                     // size of parameters
+    0x00, 0x00,                                     // parameter id
+    0x00, 0x04,                                     // length of value
+    0x11, 0x22, 0x33, 0x44,                         // value
+    0x00, 0x05,                                     // parameter id
+    0x00, 0x02,                                     // length of value
+    0xab, 0xcd,                                     // value
+    0x00, 0x06,                                     // parameter id
+    0x00, 0x10,                                     // length of value
+    0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, // value
+    0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, // value
   };
 
   QUICTransportParametersInClientHello params_in_ch(0x01020304, 0x05060708);
@@ -102,8 +106,12 @@ TEST_CASE("QUICTransportParametersInClientHello_write", 
"[quic]")
     QUICTransportParameterId::MAX_PACKET_SIZE,
     std::unique_ptr<QUICTransportParameterValue>(new 
QUICTransportParameterValue(max_packet_size, sizeof(max_packet_size))));
 
+  uint64_t stateless_retry_token[2] = {0x0011223344556677, 0x0011223344556677};
+  params_in_ch.add(QUICTransportParameterId::STATELESS_RETRY_TOKEN,
+                   std::unique_ptr<QUICTransportParameterValue>(new 
QUICTransportParameterValue(stateless_retry_token, 16)));
+
   params_in_ch.store(buf, &len);
-  CHECK(len == 24);
+  CHECK(len == 44);
   CHECK(memcmp(buf, expected, len) == 0);
 }
 

-- 
To stop receiving notification emails like this one, please contact
['"commits@trafficserver.apache.org" <commits@trafficserver.apache.org>'].

[trafficserver] branch quic-latest updated: support stateless retry token in transport parameters

Reply via email to