You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by ma...@apache.org on 2018/03/13 01:26:32 UTC
[trafficserver] branch quic-latest updated: Add logs around
encrypting and decrypting
This is an automated email from the ASF dual-hosted git repository.
maskit pushed a commit to branch quic-latest
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/quic-latest by this push:
new ca73ea9 Add logs around encrypting and decrypting
ca73ea9 is described below
commit ca73ea98ac4618c464c6c27d478dfc2a52388783
Author: Masakazu Kitajo <ma...@apache.org>
AuthorDate: Tue Mar 13 10:26:03 2018 +0900
Add logs around encrypting and decrypting
---
iocore/net/quic/Mock.h | 6 +-----
iocore/net/quic/QUICDebugNames.cc | 17 +++++++++++++++++
iocore/net/quic/QUICDebugNames.h | 1 +
iocore/net/quic/QUICPacket.cc | 4 ++--
iocore/net/quic/QUICTLS.cc | 14 +++++++++++++-
5 files changed, 34 insertions(+), 8 deletions(-)
diff --git a/iocore/net/quic/Mock.h b/iocore/net/quic/Mock.h
index f916ded..31a9fd4 100644
--- a/iocore/net/quic/Mock.h
+++ b/iocore/net/quic/Mock.h
@@ -476,11 +476,7 @@ public:
return true;
}
- bool
- is_key_derived(QUICKeyPhase /* key_phase */) const override
- {
- return true;
- }
+ bool is_key_derived(QUICKeyPhase /* key_phase */) const override { return true; }
int
initialize_key_materials(QUICConnectionId cid) override
diff --git a/iocore/net/quic/QUICDebugNames.cc b/iocore/net/quic/QUICDebugNames.cc
index 088cd0b..f7ec117 100644
--- a/iocore/net/quic/QUICDebugNames.cc
+++ b/iocore/net/quic/QUICDebugNames.cc
@@ -208,3 +208,20 @@ QUICDebugNames::stream_state(QUICStreamState state)
return "UNKNOWN";
}
}
+
+const char *
+QUICDebugNames::key_phase(QUICKeyPhase phase)
+{
+ switch (phase) {
+ case QUICKeyPhase::PHASE_0:
+ return "PHASE_0";
+ case QUICKeyPhase::PHASE_1:
+ return "PHASE_1";
+ case QUICKeyPhase::CLEARTEXT:
+ return "CLEARTEXT";
+ case QUICKeyPhase::ZERORTT:
+ return "ZERORTT";
+ default:
+ return "UNKNOWN";
+ }
+}
diff --git a/iocore/net/quic/QUICDebugNames.h b/iocore/net/quic/QUICDebugNames.h
index 093e81d..bb4e7d7 100644
--- a/iocore/net/quic/QUICDebugNames.h
+++ b/iocore/net/quic/QUICDebugNames.h
@@ -38,4 +38,5 @@ public:
static const char *transport_parameter_id(QUICTransportParameterId id);
static const char *stream_state(QUICStreamState state);
static const char *quic_event(int event);
+ static const char *key_phase(QUICKeyPhase phase);
};
diff --git a/iocore/net/quic/QUICPacket.cc b/iocore/net/quic/QUICPacket.cc
index 1fcc8a2..659e826 100644
--- a/iocore/net/quic/QUICPacket.cc
+++ b/iocore/net/quic/QUICPacket.cc
@@ -672,7 +672,7 @@ QUICPacketFactory::create(ats_unique_buf buf, size_t len, QUICPacketNumber base_
memcpy(plain_txt.get(), header->payload(), header->payload_size());
plain_txt_len = header->payload_size();
} else {
- Debug("quic_packet", "Decrypting %s packet", QUICDebugNames::packet_type(header->type()));
+ Debug("quic_packet", "Decrypting %s packet #%" PRIu64, QUICDebugNames::packet_type(header->type()), header->packet_number());
switch (header->type()) {
case QUICPacketType::VERSION_NEGOTIATION:
case QUICPacketType::STATELESS_RESET:
@@ -847,7 +847,7 @@ QUICPacketFactory::_create_encrypted_packet(QUICPacketHeaderUPtr header, bool re
ats_unique_buf cipher_txt = ats_unique_malloc(max_cipher_txt_len);
size_t cipher_txt_len = 0;
- Debug("quic_packet", "Encrypting %s packet", QUICDebugNames::packet_type(header->type()));
+ Debug("quic_packet", "Encrypting %s packet #%" PRIu64, QUICDebugNames::packet_type(header->type()), header->packet_number());
QUICPacket *packet = nullptr;
if (this->_hs_protocol->encrypt(cipher_txt.get(), cipher_txt_len, max_cipher_txt_len, header->payload(), header->payload_size(),
header->packet_number(), header->buf(), header->size(), header->key_phase())) {
diff --git a/iocore/net/quic/QUICTLS.cc b/iocore/net/quic/QUICTLS.cc
index 67a6942..7baa193 100644
--- a/iocore/net/quic/QUICTLS.cc
+++ b/iocore/net/quic/QUICTLS.cc
@@ -22,6 +22,7 @@
*/
#include "QUICTLS.h"
+#include "QUICDebugNames.h"
#include <openssl/err.h>
#include <openssl/ssl.h>
@@ -131,6 +132,7 @@ int
QUICTLS::initialize_key_materials(QUICConnectionId cid)
{
// Generate keys
+ Debug(tag, "Generating %s keys", QUICDebugNames::key_phase(QUICKeyPhase::CLEARTEXT));
uint8_t print_buf[512];
std::unique_ptr<KeyMaterial> km;
km = this->_keygen_for_client.generate(cid);
@@ -182,6 +184,7 @@ QUICTLS::update_key_materials()
}
// Generate keys
+ Debug(tag, "Generating %s keys", QUICDebugNames::key_phase(next_key_phase));
uint8_t print_buf[512];
std::unique_ptr<KeyMaterial> km;
km = this->_keygen_for_client.generate(this->_ssl);
@@ -226,6 +229,7 @@ void
QUICTLS::_generate_0rtt_key()
{
// Generate key material for 0-RTT
+ Debug(tag, "Generating %s keys", QUICDebugNames::key_phase(QUICKeyPhase::ZERORTT));
std::unique_ptr<KeyMaterial> km;
km = this->_keygen_for_client.generate_0rtt(this->_ssl);
if (is_debug_tag_set("vv_quic_crypto")) {
@@ -249,6 +253,7 @@ QUICTLS::encrypt(uint8_t *cipher, size_t &cipher_len, size_t max_cipher_len, con
uint64_t pkt_num, const uint8_t *ad, size_t ad_len, QUICKeyPhase phase) const
{
QUICPacketProtection *pp = nullptr;
+ Debug(tag, "Encrypting packet using %s key", QUICDebugNames::key_phase(phase));
switch (this->_netvc_context) {
case NET_VCONNECTION_IN: {
@@ -267,10 +272,15 @@ QUICTLS::encrypt(uint8_t *cipher, size_t &cipher_len, size_t max_cipher_len, con
size_t tag_len = this->_get_aead_tag_len();
const KeyMaterial *km = pp->get_key(phase);
if (!km) {
+ Debug(tag, "Failed to encrypt a packet: keys for %s is not ready", QUICDebugNames::key_phase(phase));
return false;
}
- return _encrypt(cipher, cipher_len, max_cipher_len, plain, plain_len, pkt_num, ad, ad_len, *km, tag_len);
+ bool ret = _encrypt(cipher, cipher_len, max_cipher_len, plain, plain_len, pkt_num, ad, ad_len, *km, tag_len);
+ if (!ret) {
+ Debug(tag, "Failed to encrypt a packet: pkt_num=%" PRIu64, pkt_num);
+ }
+ return ret;
}
bool
@@ -278,6 +288,7 @@ QUICTLS::decrypt(uint8_t *plain, size_t &plain_len, size_t max_plain_len, const
uint64_t pkt_num, const uint8_t *ad, size_t ad_len, QUICKeyPhase phase) const
{
QUICPacketProtection *pp = nullptr;
+ Debug(tag, "Decrypting packet using %s key", QUICDebugNames::key_phase(phase));
switch (this->_netvc_context) {
case NET_VCONNECTION_IN: {
@@ -296,6 +307,7 @@ QUICTLS::decrypt(uint8_t *plain, size_t &plain_len, size_t max_plain_len, const
size_t tag_len = this->_get_aead_tag_len();
const KeyMaterial *km = pp->get_key(phase);
if (!km) {
+ Debug(tag, "Failed to decrypt a packet: keys for %s is not ready", QUICDebugNames::key_phase(phase));
return false;
}
bool ret = _decrypt(plain, plain_len, max_plain_len, cipher, cipher_len, pkt_num, ad, ad_len, *km, tag_len);
--
To stop receiving notification emails like this one, please contact
maskit@apache.org.