You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@trafficserver.apache.org by ma...@apache.org on 2017/12/19 02:20:50 UTC

[trafficserver] branch quic-latest updated (48f5acb -> 703471b)

This is an automated email from the ASF dual-hosted git repository.

maskit pushed a change to branch quic-latest
in repository https://gitbox.apache.org/repos/asf/trafficserver.git.


    from 48f5acb  Update tests for version negotiation
     new 6616b37  Print generated keys and IVs with extra care
     new 703471b  Fix a check for INITIAL_MAX_STREAM_ID_UNI

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 iocore/net/quic/QUICCrypto.cc              | 32 ++++++++++++++++++++++++++++++
 iocore/net/quic/QUICTransportParameters.cc |  2 +-
 2 files changed, 33 insertions(+), 1 deletion(-)

-- 
To stop receiving notification emails like this one, please contact
['"commits@trafficserver.apache.org" <co...@trafficserver.apache.org>'].

[trafficserver] 01/02: Print generated keys and IVs with extra care

Posted by ma...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

maskit pushed a commit to branch quic-latest
in repository https://gitbox.apache.org/repos/asf/trafficserver.git

commit 6616b3798fd4e9cbcd5327304b766628c093e74d
Author: Masakazu Kitajo <ma...@apache.org>
AuthorDate: Tue Dec 19 11:16:26 2017 +0900

    Print generated keys and IVs with extra care
    
    Keys and IVs will be logged if you specify vv_quic_crypto (double v).
---
 iocore/net/quic/QUICCrypto.cc | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/iocore/net/quic/QUICCrypto.cc b/iocore/net/quic/QUICCrypto.cc
index 77b38e8..558e45a 100644
--- a/iocore/net/quic/QUICCrypto.cc
+++ b/iocore/net/quic/QUICCrypto.cc
@@ -34,6 +34,18 @@
 
 constexpr static char tag[] = "quic_crypto";
 
+static void
+to_hex(uint8_t *out, uint8_t *in, int in_len)
+{
+  for (int i = 0; i < in_len; ++i) {
+    int u4 = in[i] / 16;
+    int l4 = in[i] % 16;
+    out [i * 2]     = (u4 < 10) ? ('0' + u4) : ('A' + u4 - 10);
+    out [i * 2 + 1] = (l4 < 10) ? ('0' + l4) : ('A' + l4 - 10);
+  }
+  out[in_len * 2] = 0;
+}
+
 //
 // QUICPacketProtection
 //
@@ -161,11 +173,22 @@ QUICCryptoTls::is_handshake_finished() const
 int
 QUICCryptoTls::initialize_key_materials(QUICConnectionId cid)
 {
+
   // Generate keys
+  uint8_t print_buf[512];
   std::unique_ptr<KeyMaterial> km;
   km = this->_keygen_for_client.generate(cid);
+  to_hex(print_buf, km->key, km->key_len);
+  Debug("vv_quic_crypto", "client key 0x%s", print_buf);
+  to_hex(print_buf, km->iv, km->iv_len);
+  Debug("vv_quic_crypto", "client iv 0x%s", print_buf);
   this->_client_pp->set_key(std::move(km), QUICKeyPhase::CLEARTEXT);
+
   km = this->_keygen_for_server.generate(cid);
+  to_hex(print_buf, km->key, km->key_len);
+  Debug("vv_quic_crypto", "server key 0x%s", print_buf);
+  to_hex(print_buf, km->iv, km->iv_len);
+  Debug("vv_quic_crypto", "server iv 0x%s", print_buf);
   this->_server_pp->set_key(std::move(km), QUICKeyPhase::CLEARTEXT);
 
   // Update algorithm
@@ -197,10 +220,19 @@ QUICCryptoTls::update_key_materials()
   }
 
   // Generate keys
+  uint8_t print_buf[512];
   std::unique_ptr<KeyMaterial> km;
   km = this->_keygen_for_client.generate(this->_ssl);
+  to_hex(print_buf, km->key, km->key_len);
+  Debug("vv_quic_crypto", "client key 0x%s", print_buf);
+  to_hex(print_buf, km->iv, km->iv_len);
+  Debug("vv_quic_crypto", "client iv 0x%s", print_buf);
   this->_client_pp->set_key(std::move(km), next_key_phase);
   km = this->_keygen_for_server.generate(this->_ssl);
+  to_hex(print_buf, km->key, km->key_len);
+  Debug("vv_quic_crypto", "server key 0x%s", print_buf);
+  to_hex(print_buf, km->iv, km->iv_len);
+  Debug("vv_quic_crypto", "server iv 0x%s", print_buf);
   this->_server_pp->set_key(std::move(km), next_key_phase);
 
   // Update algorithm

-- 
To stop receiving notification emails like this one, please contact
"commits@trafficserver.apache.org" <co...@trafficserver.apache.org>.

[trafficserver] 02/02: Fix a check for INITIAL_MAX_STREAM_ID_UNI

Posted by ma...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

maskit pushed a commit to branch quic-latest
in repository https://gitbox.apache.org/repos/asf/trafficserver.git

commit 703471b24d6e29057b7a6b52754fa7f4ec9d46a9
Author: Masakazu Kitajo <ma...@apache.org>
AuthorDate: Tue Dec 19 11:18:40 2017 +0900

    Fix a check for INITIAL_MAX_STREAM_ID_UNI
---
 iocore/net/quic/QUICTransportParameters.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/iocore/net/quic/QUICTransportParameters.cc b/iocore/net/quic/QUICTransportParameters.cc
index b2e61dc..2e486d7 100644
--- a/iocore/net/quic/QUICTransportParameters.cc
+++ b/iocore/net/quic/QUICTransportParameters.cc
@@ -432,7 +432,7 @@ QUICTransportParametersInEncryptedExtensions::_validate_parameters() const
     }
   }
 
-  if (auto p = this->_parameters.find(QUICTransportParameterId::INITIAL_MAX_STREAM_ID_UNI) != this->_parameters.end()) {
+  if ((ite = this->_parameters.find(QUICTransportParameterId::INITIAL_MAX_STREAM_ID_UNI)) != this->_parameters.end()) {
     if (ite->second->len() != 4) {
       return -1;
     }

-- 
To stop receiving notification emails like this one, please contact
"commits@trafficserver.apache.org" <co...@trafficserver.apache.org>.