You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by ma...@apache.org on 2017/12/19 02:20:50 UTC
[trafficserver] branch quic-latest updated (48f5acb -> 703471b)
This is an automated email from the ASF dual-hosted git repository.
maskit pushed a change to branch quic-latest
in repository https://gitbox.apache.org/repos/asf/trafficserver.git.
from 48f5acb Update tests for version negotiation
new 6616b37 Print generated keys and IVs with extra care
new 703471b Fix a check for INITIAL_MAX_STREAM_ID_UNI
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
iocore/net/quic/QUICCrypto.cc | 32 ++++++++++++++++++++++++++++++
iocore/net/quic/QUICTransportParameters.cc | 2 +-
2 files changed, 33 insertions(+), 1 deletion(-)
--
To stop receiving notification emails like this one, please contact
['"commits@trafficserver.apache.org" <co...@trafficserver.apache.org>'].
[trafficserver] 01/02: Print generated keys and IVs with extra care
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
maskit pushed a commit to branch quic-latest
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
commit 6616b3798fd4e9cbcd5327304b766628c093e74d
Author: Masakazu Kitajo <ma...@apache.org>
AuthorDate: Tue Dec 19 11:16:26 2017 +0900
Print generated keys and IVs with extra care
Keys and IVs will be logged if you specify vv_quic_crypto (double v).
---
iocore/net/quic/QUICCrypto.cc | 32 ++++++++++++++++++++++++++++++++
1 file changed, 32 insertions(+)
diff --git a/iocore/net/quic/QUICCrypto.cc b/iocore/net/quic/QUICCrypto.cc
index 77b38e8..558e45a 100644
--- a/iocore/net/quic/QUICCrypto.cc
+++ b/iocore/net/quic/QUICCrypto.cc
@@ -34,6 +34,18 @@
constexpr static char tag[] = "quic_crypto";
+static void
+to_hex(uint8_t *out, uint8_t *in, int in_len)
+{
+ for (int i = 0; i < in_len; ++i) {
+ int u4 = in[i] / 16;
+ int l4 = in[i] % 16;
+ out [i * 2] = (u4 < 10) ? ('0' + u4) : ('A' + u4 - 10);
+ out [i * 2 + 1] = (l4 < 10) ? ('0' + l4) : ('A' + l4 - 10);
+ }
+ out[in_len * 2] = 0;
+}
+
//
// QUICPacketProtection
//
@@ -161,11 +173,22 @@ QUICCryptoTls::is_handshake_finished() const
int
QUICCryptoTls::initialize_key_materials(QUICConnectionId cid)
{
+
// Generate keys
+ uint8_t print_buf[512];
std::unique_ptr<KeyMaterial> km;
km = this->_keygen_for_client.generate(cid);
+ to_hex(print_buf, km->key, km->key_len);
+ Debug("vv_quic_crypto", "client key 0x%s", print_buf);
+ to_hex(print_buf, km->iv, km->iv_len);
+ Debug("vv_quic_crypto", "client iv 0x%s", print_buf);
this->_client_pp->set_key(std::move(km), QUICKeyPhase::CLEARTEXT);
+
km = this->_keygen_for_server.generate(cid);
+ to_hex(print_buf, km->key, km->key_len);
+ Debug("vv_quic_crypto", "server key 0x%s", print_buf);
+ to_hex(print_buf, km->iv, km->iv_len);
+ Debug("vv_quic_crypto", "server iv 0x%s", print_buf);
this->_server_pp->set_key(std::move(km), QUICKeyPhase::CLEARTEXT);
// Update algorithm
@@ -197,10 +220,19 @@ QUICCryptoTls::update_key_materials()
}
// Generate keys
+ uint8_t print_buf[512];
std::unique_ptr<KeyMaterial> km;
km = this->_keygen_for_client.generate(this->_ssl);
+ to_hex(print_buf, km->key, km->key_len);
+ Debug("vv_quic_crypto", "client key 0x%s", print_buf);
+ to_hex(print_buf, km->iv, km->iv_len);
+ Debug("vv_quic_crypto", "client iv 0x%s", print_buf);
this->_client_pp->set_key(std::move(km), next_key_phase);
km = this->_keygen_for_server.generate(this->_ssl);
+ to_hex(print_buf, km->key, km->key_len);
+ Debug("vv_quic_crypto", "server key 0x%s", print_buf);
+ to_hex(print_buf, km->iv, km->iv_len);
+ Debug("vv_quic_crypto", "server iv 0x%s", print_buf);
this->_server_pp->set_key(std::move(km), next_key_phase);
// Update algorithm
--
To stop receiving notification emails like this one, please contact
"commits@trafficserver.apache.org" <co...@trafficserver.apache.org>.
[trafficserver] 02/02: Fix a check for INITIAL_MAX_STREAM_ID_UNI
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
maskit pushed a commit to branch quic-latest
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
commit 703471b24d6e29057b7a6b52754fa7f4ec9d46a9
Author: Masakazu Kitajo <ma...@apache.org>
AuthorDate: Tue Dec 19 11:18:40 2017 +0900
Fix a check for INITIAL_MAX_STREAM_ID_UNI
---
iocore/net/quic/QUICTransportParameters.cc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/iocore/net/quic/QUICTransportParameters.cc b/iocore/net/quic/QUICTransportParameters.cc
index b2e61dc..2e486d7 100644
--- a/iocore/net/quic/QUICTransportParameters.cc
+++ b/iocore/net/quic/QUICTransportParameters.cc
@@ -432,7 +432,7 @@ QUICTransportParametersInEncryptedExtensions::_validate_parameters() const
}
}
- if (auto p = this->_parameters.find(QUICTransportParameterId::INITIAL_MAX_STREAM_ID_UNI) != this->_parameters.end()) {
+ if ((ite = this->_parameters.find(QUICTransportParameterId::INITIAL_MAX_STREAM_ID_UNI)) != this->_parameters.end()) {
if (ite->second->len() != 4) {
return -1;
}
--
To stop receiving notification emails like this one, please contact
"commits@trafficserver.apache.org" <co...@trafficserver.apache.org>.