You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by ma...@apache.org on 2018/02/01 02:05:13 UTC
[trafficserver] branch quic-latest updated: Add
QUICCrypto::is_key_derived()
This is an automated email from the ASF dual-hosted git repository.
masaori pushed a commit to branch quic-latest
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/quic-latest by this push:
new 56bf2d3 Add QUICCrypto::is_key_derived()
56bf2d3 is described below
commit 56bf2d39e085a183a751c1e50a654b6c48108643
Author: Masaori Koshiba <ma...@apache.org>
AuthorDate: Thu Feb 1 11:01:19 2018 +0900
Add QUICCrypto::is_key_derived()
---
iocore/net/quic/Mock.h | 6 ++++++
iocore/net/quic/QUICCrypto.cc | 6 ++++++
iocore/net/quic/QUICCrypto.h | 1 +
iocore/net/quic/QUICCryptoTls.h | 1 +
iocore/net/quic/QUICHandshake.cc | 3 +--
iocore/net/quic/QUICPacket.cc | 6 +++---
6 files changed, 18 insertions(+), 5 deletions(-)
diff --git a/iocore/net/quic/Mock.h b/iocore/net/quic/Mock.h
index 5a5aa76..50697e3 100644
--- a/iocore/net/quic/Mock.h
+++ b/iocore/net/quic/Mock.h
@@ -476,6 +476,12 @@ public:
return true;
}
+ bool
+ is_key_derived() const override
+ {
+ return true;
+ }
+
int
initialize_key_materials(QUICConnectionId cid) override
{
diff --git a/iocore/net/quic/QUICCrypto.cc b/iocore/net/quic/QUICCrypto.cc
index fcba8ca..a09c5d6 100644
--- a/iocore/net/quic/QUICCrypto.cc
+++ b/iocore/net/quic/QUICCrypto.cc
@@ -160,6 +160,12 @@ QUICCryptoTls::handshake(uint8_t *out, size_t &out_len, size_t max_out_len, cons
bool
QUICCryptoTls::is_handshake_finished() const
{
+ return SSL_is_init_finished(this->_ssl);
+}
+
+bool
+QUICCryptoTls::is_key_derived() const
+{
return (this->_client_pp->key_phase() != QUICKeyPhase::CLEARTEXT && this->_server_pp->key_phase() != QUICKeyPhase::CLEARTEXT);
}
diff --git a/iocore/net/quic/QUICCrypto.h b/iocore/net/quic/QUICCrypto.h
index 6e9f048..6ab434f 100644
--- a/iocore/net/quic/QUICCrypto.h
+++ b/iocore/net/quic/QUICCrypto.h
@@ -50,6 +50,7 @@ public:
virtual int handshake(uint8_t *out, size_t &out_len, size_t max_out_len, const uint8_t *in, size_t in_len) = 0;
virtual bool is_handshake_finished() const = 0;
+ virtual bool is_key_derived() const = 0;
virtual int initialize_key_materials(QUICConnectionId cid) = 0;
virtual int update_key_materials() = 0;
virtual bool encrypt(uint8_t *cipher, size_t &cipher_len, size_t max_cipher_len, const uint8_t *plain, size_t plain_len,
diff --git a/iocore/net/quic/QUICCryptoTls.h b/iocore/net/quic/QUICCryptoTls.h
index 884992a..c42ec26 100644
--- a/iocore/net/quic/QUICCryptoTls.h
+++ b/iocore/net/quic/QUICCryptoTls.h
@@ -44,6 +44,7 @@ public:
int handshake(uint8_t *out, size_t &out_len, size_t max_out_len, const uint8_t *in, size_t in_len) override;
bool is_handshake_finished() const override;
+ bool is_key_derived() const override;
int initialize_key_materials(QUICConnectionId cid) override;
int update_key_materials() override;
bool encrypt(uint8_t *cipher, size_t &cipher_len, size_t max_cipher_len, const uint8_t *plain, size_t plain_len, uint64_t pkt_num,
diff --git a/iocore/net/quic/QUICHandshake.cc b/iocore/net/quic/QUICHandshake.cc
index 78009c9..3f48a6d 100644
--- a/iocore/net/quic/QUICHandshake.cc
+++ b/iocore/net/quic/QUICHandshake.cc
@@ -328,8 +328,7 @@ QUICHandshake::state_key_exchange(int event, Event *data)
QUICErrorUPtr error = QUICErrorUPtr(new QUICNoError());
switch (event) {
case QUIC_EVENT_HANDSHAKE_PACKET_WRITE_COMPLETE: {
- QUICCryptoTls *crypto_tls = dynamic_cast<QUICCryptoTls *>(this->_crypto);
- if (crypto_tls && SSL_is_init_finished(crypto_tls->ssl_handle())) {
+ if (this->_crypto->is_handshake_finished()) {
int res = this->_complete_handshake();
if (!res) {
this->_abort_handshake(QUICTransErrorCode::TLS_HANDSHAKE_FAILED);
diff --git a/iocore/net/quic/QUICPacket.cc b/iocore/net/quic/QUICPacket.cc
index 10c5347..114eb6e 100644
--- a/iocore/net/quic/QUICPacket.cc
+++ b/iocore/net/quic/QUICPacket.cc
@@ -672,7 +672,7 @@ QUICPacketFactory::create(ats_unique_buf buf, size_t len, QUICPacketNumber base_
result = QUICPacketCreationResult::SUCCESS;
break;
case QUICPacketType::PROTECTED:
- if (this->_crypto->is_handshake_finished()) {
+ if (this->_crypto->is_key_derived()) {
if (this->_crypto->decrypt(plain_txt.get(), plain_txt_len, max_plain_txt_len, header->payload(), header->payload_size(),
header->packet_number(), header->buf(), header->size(), header->key_phase())) {
result = QUICPacketCreationResult::SUCCESS;
@@ -684,7 +684,7 @@ QUICPacketFactory::create(ats_unique_buf buf, size_t len, QUICPacketNumber base_
}
break;
case QUICPacketType::INITIAL:
- if (!this->_crypto->is_handshake_finished()) {
+ if (!this->_crypto->is_key_derived()) {
if (QUICTypeUtil::is_supported_version(header->version())) {
if (this->_crypto->decrypt(plain_txt.get(), plain_txt_len, max_plain_txt_len, header->payload(), header->payload_size(),
header->packet_number(), header->buf(), header->size(), QUICKeyPhase::CLEARTEXT)) {
@@ -700,7 +700,7 @@ QUICPacketFactory::create(ats_unique_buf buf, size_t len, QUICPacketNumber base_
}
break;
case QUICPacketType::HANDSHAKE:
- if (!this->_crypto->is_handshake_finished()) {
+ if (!this->_crypto->is_key_derived()) {
if (this->_crypto->decrypt(plain_txt.get(), plain_txt_len, max_plain_txt_len, header->payload(), header->payload_size(),
header->packet_number(), header->buf(), header->size(), QUICKeyPhase::CLEARTEXT)) {
result = QUICPacketCreationResult::SUCCESS;
--
To stop receiving notification emails like this one, please contact
masaori@apache.org.