You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by ma...@apache.org on 2018/02/19 02:49:54 UTC
[trafficserver] branch quic-latest updated (e4c3201 -> b609843)
This is an automated email from the ASF dual-hosted git repository.
maskit pushed a change to branch quic-latest
in repository https://gitbox.apache.org/repos/asf/trafficserver.git.
from e4c3201 QUIC: Push closed conn into closed queue
new 365581b Update QUIC version to draft-09
new 9e3d622 Don't send transport parameters on NEW_SESSION_TIKECT messages
new b609843 Update labels for key generation
The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
iocore/net/QUICNetProcessor.cc | 3 +--
iocore/net/quic/QUICHandshake.cc | 23 ++---------------------
iocore/net/quic/QUICHandshake.h | 2 +-
iocore/net/quic/QUICKeyGenerator.cc | 8 ++++----
iocore/net/quic/QUICTransportParameters.cc | 6 +-----
iocore/net/quic/QUICTypes.h | 2 +-
iocore/net/quic/test/test_QUICKeyGenerator.cc | 12 ++++++------
iocore/net/quic/test/test_QUICPacketFactory.cc | 2 +-
lib/ts/HKDF.cc | 4 ++--
9 files changed, 19 insertions(+), 43 deletions(-)
--
To stop receiving notification emails like this one, please contact
maskit@apache.org.
[trafficserver] 03/03: Update labels for key generation
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
maskit pushed a commit to branch quic-latest
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
commit b6098434a09a1ad8a86ac6125092a6c8c1827b59
Author: Masakazu Kitajo <ma...@apache.org>
AuthorDate: Mon Feb 19 11:45:58 2018 +0900
Update labels for key generation
---
iocore/net/quic/QUICKeyGenerator.cc | 8 ++++----
iocore/net/quic/test/test_QUICKeyGenerator.cc | 12 ++++++------
lib/ts/HKDF.cc | 4 ++--
3 files changed, 12 insertions(+), 12 deletions(-)
diff --git a/iocore/net/quic/QUICKeyGenerator.cc b/iocore/net/quic/QUICKeyGenerator.cc
index c07d137..06ba3b4 100644
--- a/iocore/net/quic/QUICKeyGenerator.cc
+++ b/iocore/net/quic/QUICKeyGenerator.cc
@@ -29,10 +29,10 @@
constexpr static uint8_t QUIC_VERSION_1_SALT[] = {
0xaf, 0xc8, 0x24, 0xec, 0x5f, 0xc7, 0x7e, 0xca, 0x1e, 0x9d, 0x36, 0xf3, 0x7f, 0xb2, 0xd4, 0x65, 0x18, 0xc3, 0x66, 0x39,
};
-constexpr static ts::string_view LABEL_FOR_CLIENT_CLEARTEXT_SECRET("QUIC client handshake secret"_sv);
-constexpr static ts::string_view LABEL_FOR_SERVER_CLEARTEXT_SECRET("QUIC server handshake secret"_sv);
-constexpr static ts::string_view LABEL_FOR_CLIENT_PP_SECRET("EXPORTER-QUIC client 1-RTT Secret"_sv);
-constexpr static ts::string_view LABEL_FOR_SERVER_PP_SECRET("EXPORTER-QUIC server 1-RTT Secret"_sv);
+constexpr static ts::string_view LABEL_FOR_CLIENT_CLEARTEXT_SECRET("client hs"_sv);
+constexpr static ts::string_view LABEL_FOR_SERVER_CLEARTEXT_SECRET("server hs"_sv);
+constexpr static ts::string_view LABEL_FOR_CLIENT_PP_SECRET("EXPORTER-QUIC client 1rtt"_sv);
+constexpr static ts::string_view LABEL_FOR_SERVER_PP_SECRET("EXPORTER-QUIC server 1rtt"_sv);
constexpr static ts::string_view LABEL_FOR_KEY("key"_sv);
constexpr static ts::string_view LABEL_FOR_IV("iv"_sv);
diff --git a/iocore/net/quic/test/test_QUICKeyGenerator.cc b/iocore/net/quic/test/test_QUICKeyGenerator.cc
index 4930a1c..f364f0c 100644
--- a/iocore/net/quic/test/test_QUICKeyGenerator.cc
+++ b/iocore/net/quic/test/test_QUICKeyGenerator.cc
@@ -57,9 +57,9 @@ TEST_CASE("QUICKeyGenerator", "[quic]")
QUICKeyGenerator keygen(QUICKeyGenerator::Context::CLIENT);
QUICConnectionId cid = 0x8394c8f03e515708;
- uint8_t expected_client_key[] = {0x9e, 0xdc, 0x91, 0xd5, 0x51, 0x8c, 0x1e, 0x6b,
- 0x2f, 0x80, 0x2b, 0xd1, 0xc8, 0xad, 0x59, 0x23};
- uint8_t expected_client_iv[] = {0x78, 0xc4, 0x90, 0xe2, 0xe4, 0x22, 0x62, 0x0b, 0x4e, 0xc1, 0xce, 0xc3};
+ uint8_t expected_client_key[] = {0x6b, 0x6a, 0xbc, 0x50, 0xf7, 0xac, 0x46, 0xd1,
+ 0x10, 0x8c, 0x19, 0xcc, 0x63, 0x64, 0xbd, 0xe3};
+ uint8_t expected_client_iv[] = {0xb1, 0xf9, 0xa7, 0xe2, 0x7c, 0xc2, 0x33, 0xbb, 0x99, 0xe2, 0x03, 0x71};
std::unique_ptr<KeyMaterial> actual_km = keygen.generate(cid);
@@ -74,9 +74,9 @@ TEST_CASE("QUICKeyGenerator", "[quic]")
QUICKeyGenerator keygen(QUICKeyGenerator::Context::SERVER);
QUICConnectionId cid = 0x8394c8f03e515708;
- uint8_t expected_server_key[] = {0xa2, 0xaa, 0x67, 0xd4, 0x32, 0x13, 0xba, 0x8d,
- 0x55, 0xf5, 0x76, 0x84, 0xb7, 0x1c, 0x0f, 0xc0};
- uint8_t expected_server_iv[] = {0xa2, 0x6a, 0xa2, 0x24, 0x5c, 0x4f, 0x76, 0x24, 0xa9, 0x5b, 0x0a, 0xbd};
+ uint8_t expected_server_key[] = {0x9e, 0xe7, 0xe8, 0x57, 0x72, 0x00, 0x59, 0xaf,
+ 0x30, 0x11, 0xfb, 0x26, 0xe1, 0x21, 0x42, 0xc9};
+ uint8_t expected_server_iv[] = {0xd5, 0xee, 0xe8, 0xb5, 0x7c, 0x9e, 0xc7, 0xc4, 0xbe, 0x98, 0x4a, 0xa5};
std::unique_ptr<KeyMaterial> actual_km = keygen.generate(cid);
diff --git a/lib/ts/HKDF.cc b/lib/ts/HKDF.cc
index 91f5b94..5971ce1 100644
--- a/lib/ts/HKDF.cc
+++ b/lib/ts/HKDF.cc
@@ -35,8 +35,8 @@ HKDF::expand_label(uint8_t *dst, size_t *dst_len, const uint8_t *secret, size_t
hkdf_label[0] = (length >> 8) & 0xFF;
hkdf_label[1] = length & 0xFF;
hkdf_label_len += 2;
- // "tls13 " + Label
- hkdf_label_len += sprintf(reinterpret_cast<char *>(hkdf_label + hkdf_label_len), "%ctls13 %.*s", static_cast<int>(6 + label_len),
+ // "QUIC " + Label
+ hkdf_label_len += sprintf(reinterpret_cast<char *>(hkdf_label + hkdf_label_len), "%cQUIC %.*s", static_cast<int>(5 + label_len),
static_cast<int>(label_len), label);
// Hash Value
hkdf_label_len += sprintf(reinterpret_cast<char *>(hkdf_label + hkdf_label_len), "%c%.*s", static_cast<int>(hash_value_len),
--
To stop receiving notification emails like this one, please contact
maskit@apache.org.
[trafficserver] 01/03: Update QUIC version to draft-09
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
maskit pushed a commit to branch quic-latest
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
commit 365581b4857a16d4153cf984167b564e8599691b
Author: Masakazu Kitajo <ma...@apache.org>
AuthorDate: Mon Feb 19 11:38:37 2018 +0900
Update QUIC version to draft-09
---
iocore/net/quic/QUICTypes.h | 2 +-
iocore/net/quic/test/test_QUICPacketFactory.cc | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/iocore/net/quic/QUICTypes.h b/iocore/net/quic/QUICTypes.h
index 384c13b..8ab5248 100644
--- a/iocore/net/quic/QUICTypes.h
+++ b/iocore/net/quic/QUICTypes.h
@@ -58,7 +58,7 @@ using QUICOffset = uint64_t;
// Note: You also need to update tests for VersionNegotiationPacket creation, if you change the number of versions
// Prefix for drafts (0xff000000) + draft number
constexpr QUICVersion QUIC_SUPPORTED_VERSIONS[] = {
- 0xff000008,
+ 0xff000009,
};
constexpr QUICStreamId STREAM_ID_FOR_HANDSHAKE = 0;
diff --git a/iocore/net/quic/test/test_QUICPacketFactory.cc b/iocore/net/quic/test/test_QUICPacketFactory.cc
index db29759..c328abe 100644
--- a/iocore/net/quic/test/test_QUICPacketFactory.cc
+++ b/iocore/net/quic/test/test_QUICPacketFactory.cc
@@ -51,7 +51,7 @@ TEST_CASE("QUICPacketFactory_Create_VersionNegotiationPacket", "[quic]")
CHECK(packet->connection_id() == client_initial_packet.connection_id());
CHECK(packet->packet_number() == client_initial_packet.packet_number());
CHECK(packet->version() == 0x00);
- CHECK(memcmp(packet->payload(), "\xff\x00\x00\x08", 4) == 0);
+ CHECK(memcmp(packet->payload(), "\xff\x00\x00\x09", 4) == 0);
}
TEST_CASE("QUICPacketFactory_Create_Handshake", "[quic]")
--
To stop receiving notification emails like this one, please contact
maskit@apache.org.
[trafficserver] 02/03: Don't send transport parameters on
NEW_SESSION_TIKECT messages
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
maskit pushed a commit to branch quic-latest
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
commit 9e3d6220f37eb5e225aeb4c6f796dfe0549e9fb6
Author: Masakazu Kitajo <ma...@apache.org>
AuthorDate: Mon Feb 19 11:42:31 2018 +0900
Don't send transport parameters on NEW_SESSION_TIKECT messages
---
iocore/net/QUICNetProcessor.cc | 3 +--
iocore/net/quic/QUICHandshake.cc | 23 ++---------------------
iocore/net/quic/QUICHandshake.h | 2 +-
iocore/net/quic/QUICTransportParameters.cc | 6 +-----
4 files changed, 5 insertions(+), 29 deletions(-)
diff --git a/iocore/net/QUICNetProcessor.cc b/iocore/net/QUICNetProcessor.cc
index 979af87..1ab0027 100644
--- a/iocore/net/QUICNetProcessor.cc
+++ b/iocore/net/QUICNetProcessor.cc
@@ -86,8 +86,7 @@ QUICNetProcessor::start(int, size_t stacksize)
SSL_CTX_set_alpn_select_cb(this->_ssl_ctx, QUIC::ssl_select_next_protocol, nullptr);
SSL_CTX_add_custom_ext(this->_ssl_ctx, QUICTransportParametersHandler::TRANSPORT_PARAMETER_ID,
- SSL_EXT_TLS_ONLY | SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS |
- SSL_EXT_TLS1_3_NEW_SESSION_TICKET,
+ SSL_EXT_TLS_ONLY | SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS,
&QUICTransportParametersHandler::add, &QUICTransportParametersHandler::free, nullptr,
&QUICTransportParametersHandler::parse, nullptr);
diff --git a/iocore/net/quic/QUICHandshake.cc b/iocore/net/quic/QUICHandshake.cc
index 3f48a6d..9014d8d 100644
--- a/iocore/net/quic/QUICHandshake.cc
+++ b/iocore/net/quic/QUICHandshake.cc
@@ -247,28 +247,9 @@ QUICHandshake::set_transport_parameters(std::shared_ptr<QUICTransportParametersI
}
std::shared_ptr<const QUICTransportParameters>
-QUICHandshake::local_transport_parameters(bool with_version)
+QUICHandshake::local_transport_parameters()
{
- if (with_version) {
- return this->_local_transport_parameters;
- } else {
- QUICConfig::scoped_config params;
- QUICTransportParametersInNewSessionTicket *tp = new QUICTransportParametersInNewSessionTicket();
-
- // MUSTs
- tp->set(QUICTransportParameterId::INITIAL_MAX_STREAM_DATA, params->initial_max_stream_data());
- tp->set(QUICTransportParameterId::INITIAL_MAX_DATA, params->initial_max_data());
- tp->set(QUICTransportParameterId::IDLE_TIMEOUT, static_cast<uint16_t>(params->no_activity_timeout_in()));
- tp->set(QUICTransportParameterId::STATELESS_RESET_TOKEN, this->_reset_token.buf(), QUICStatelessResetToken::LEN);
-
- // MAYs
- tp->set(QUICTransportParameterId::INITIAL_MAX_STREAM_ID_BIDI, params->initial_max_stream_id_bidi_in());
- tp->set(QUICTransportParameterId::INITIAL_MAX_STREAM_ID_UNI, params->initial_max_stream_id_uni_in());
- // this->_local_transport_parameters.add(QUICTransportParameterId::OMIT_CONNECTION_ID, {});
- // this->_local_transport_parameters.add(QUICTransportParameterId::MAX_PACKET_SIZE, {{0x00, 0x00}, 2});
-
- return std::unique_ptr<QUICTransportParameters>(tp);
- }
+ return this->_local_transport_parameters;
}
std::shared_ptr<const QUICTransportParameters>
diff --git a/iocore/net/quic/QUICHandshake.h b/iocore/net/quic/QUICHandshake.h
index 4a83225..770f172 100644
--- a/iocore/net/quic/QUICHandshake.h
+++ b/iocore/net/quic/QUICHandshake.h
@@ -76,7 +76,7 @@ public:
QUICVersion negotiated_version();
const char *negotiated_cipher_suite();
void negotiated_application_name(const uint8_t **name, unsigned int *len);
- std::shared_ptr<const QUICTransportParameters> local_transport_parameters(bool with_version = true);
+ std::shared_ptr<const QUICTransportParameters> local_transport_parameters();
std::shared_ptr<const QUICTransportParameters> remote_transport_parameters();
bool is_version_negotiated();
diff --git a/iocore/net/quic/QUICTransportParameters.cc b/iocore/net/quic/QUICTransportParameters.cc
index f2b03cb..bf524ec 100644
--- a/iocore/net/quic/QUICTransportParameters.cc
+++ b/iocore/net/quic/QUICTransportParameters.cc
@@ -563,8 +563,7 @@ QUICTransportParametersHandler::add(SSL *s, unsigned int ext_type, unsigned int
{
QUICHandshake *hs = static_cast<QUICHandshake *>(SSL_get_ex_data(s, QUIC::ssl_quic_hs_index));
*out = reinterpret_cast<const unsigned char *>(ats_malloc(TRANSPORT_PARAMETERS_MAXIMUM_SIZE));
- bool with_version = (context != SSL_EXT_TLS1_3_NEW_SESSION_TICKET);
- hs->local_transport_parameters(with_version)->store(const_cast<uint8_t *>(*out), reinterpret_cast<uint16_t *>(outlen));
+ hs->local_transport_parameters()->store(const_cast<uint8_t *>(*out), reinterpret_cast<uint16_t *>(outlen));
return 1;
}
@@ -588,9 +587,6 @@ QUICTransportParametersHandler::parse(SSL *s, unsigned int ext_type, unsigned in
case SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS:
hs->set_transport_parameters(std::make_shared<QUICTransportParametersInEncryptedExtensions>(in, inlen));
break;
- case SSL_EXT_TLS1_3_NEW_SESSION_TICKET:
- hs->set_transport_parameters(std::make_shared<QUICTransportParametersInNewSessionTicket>(in, inlen));
- break;
default:
// Do nothing
break;
--
To stop receiving notification emails like this one, please contact
maskit@apache.org.