You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by ma...@apache.org on 2018/03/13 01:26:32 UTC

[trafficserver] branch quic-latest updated: Add logs around encrypting and decrypting

This is an automated email from the ASF dual-hosted git repository.

maskit pushed a commit to branch quic-latest
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/quic-latest by this push:
     new ca73ea9  Add logs around encrypting and decrypting
ca73ea9 is described below

commit ca73ea98ac4618c464c6c27d478dfc2a52388783
Author: Masakazu Kitajo <ma...@apache.org>
AuthorDate: Tue Mar 13 10:26:03 2018 +0900

    Add logs around encrypting and decrypting
---
 iocore/net/quic/Mock.h            |  6 +-----
 iocore/net/quic/QUICDebugNames.cc | 17 +++++++++++++++++
 iocore/net/quic/QUICDebugNames.h  |  1 +
 iocore/net/quic/QUICPacket.cc     |  4 ++--
 iocore/net/quic/QUICTLS.cc        | 14 +++++++++++++-
 5 files changed, 34 insertions(+), 8 deletions(-)

diff --git a/iocore/net/quic/Mock.h b/iocore/net/quic/Mock.h
index f916ded..31a9fd4 100644
--- a/iocore/net/quic/Mock.h
+++ b/iocore/net/quic/Mock.h
@@ -476,11 +476,7 @@ public:
     return true;
   }
 
-  bool
-  is_key_derived(QUICKeyPhase /* key_phase */) const override
-  {
-    return true;
-  }
+  bool is_key_derived(QUICKeyPhase /* key_phase */) const override { return true; }
 
   int
   initialize_key_materials(QUICConnectionId cid) override
diff --git a/iocore/net/quic/QUICDebugNames.cc b/iocore/net/quic/QUICDebugNames.cc
index 088cd0b..f7ec117 100644
--- a/iocore/net/quic/QUICDebugNames.cc
+++ b/iocore/net/quic/QUICDebugNames.cc
@@ -208,3 +208,20 @@ QUICDebugNames::stream_state(QUICStreamState state)
     return "UNKNOWN";
   }
 }
+
+const char *
+QUICDebugNames::key_phase(QUICKeyPhase phase)
+{
+  switch (phase) {
+  case QUICKeyPhase::PHASE_0:
+    return "PHASE_0";
+  case QUICKeyPhase::PHASE_1:
+    return "PHASE_1";
+  case QUICKeyPhase::CLEARTEXT:
+    return "CLEARTEXT";
+  case QUICKeyPhase::ZERORTT:
+    return "ZERORTT";
+  default:
+    return "UNKNOWN";
+  }
+}
diff --git a/iocore/net/quic/QUICDebugNames.h b/iocore/net/quic/QUICDebugNames.h
index 093e81d..bb4e7d7 100644
--- a/iocore/net/quic/QUICDebugNames.h
+++ b/iocore/net/quic/QUICDebugNames.h
@@ -38,4 +38,5 @@ public:
   static const char *transport_parameter_id(QUICTransportParameterId id);
   static const char *stream_state(QUICStreamState state);
   static const char *quic_event(int event);
+  static const char *key_phase(QUICKeyPhase phase);
 };
diff --git a/iocore/net/quic/QUICPacket.cc b/iocore/net/quic/QUICPacket.cc
index 1fcc8a2..659e826 100644
--- a/iocore/net/quic/QUICPacket.cc
+++ b/iocore/net/quic/QUICPacket.cc
@@ -672,7 +672,7 @@ QUICPacketFactory::create(ats_unique_buf buf, size_t len, QUICPacketNumber base_
     memcpy(plain_txt.get(), header->payload(), header->payload_size());
     plain_txt_len = header->payload_size();
   } else {
-    Debug("quic_packet", "Decrypting %s packet", QUICDebugNames::packet_type(header->type()));
+    Debug("quic_packet", "Decrypting %s packet #%" PRIu64, QUICDebugNames::packet_type(header->type()), header->packet_number());
     switch (header->type()) {
     case QUICPacketType::VERSION_NEGOTIATION:
     case QUICPacketType::STATELESS_RESET:
@@ -847,7 +847,7 @@ QUICPacketFactory::_create_encrypted_packet(QUICPacketHeaderUPtr header, bool re
   ats_unique_buf cipher_txt = ats_unique_malloc(max_cipher_txt_len);
   size_t cipher_txt_len     = 0;
 
-  Debug("quic_packet", "Encrypting %s packet", QUICDebugNames::packet_type(header->type()));
+  Debug("quic_packet", "Encrypting %s packet #%" PRIu64, QUICDebugNames::packet_type(header->type()), header->packet_number());
   QUICPacket *packet = nullptr;
   if (this->_hs_protocol->encrypt(cipher_txt.get(), cipher_txt_len, max_cipher_txt_len, header->payload(), header->payload_size(),
                                   header->packet_number(), header->buf(), header->size(), header->key_phase())) {
diff --git a/iocore/net/quic/QUICTLS.cc b/iocore/net/quic/QUICTLS.cc
index 67a6942..7baa193 100644
--- a/iocore/net/quic/QUICTLS.cc
+++ b/iocore/net/quic/QUICTLS.cc
@@ -22,6 +22,7 @@
  */
 
 #include "QUICTLS.h"
+#include "QUICDebugNames.h"
 
 #include <openssl/err.h>
 #include <openssl/ssl.h>
@@ -131,6 +132,7 @@ int
 QUICTLS::initialize_key_materials(QUICConnectionId cid)
 {
   // Generate keys
+  Debug(tag, "Generating %s keys", QUICDebugNames::key_phase(QUICKeyPhase::CLEARTEXT));
   uint8_t print_buf[512];
   std::unique_ptr<KeyMaterial> km;
   km = this->_keygen_for_client.generate(cid);
@@ -182,6 +184,7 @@ QUICTLS::update_key_materials()
   }
 
   // Generate keys
+  Debug(tag, "Generating %s keys", QUICDebugNames::key_phase(next_key_phase));
   uint8_t print_buf[512];
   std::unique_ptr<KeyMaterial> km;
   km = this->_keygen_for_client.generate(this->_ssl);
@@ -226,6 +229,7 @@ void
 QUICTLS::_generate_0rtt_key()
 {
   // Generate key material for 0-RTT
+  Debug(tag, "Generating %s keys", QUICDebugNames::key_phase(QUICKeyPhase::ZERORTT));
   std::unique_ptr<KeyMaterial> km;
   km = this->_keygen_for_client.generate_0rtt(this->_ssl);
   if (is_debug_tag_set("vv_quic_crypto")) {
@@ -249,6 +253,7 @@ QUICTLS::encrypt(uint8_t *cipher, size_t &cipher_len, size_t max_cipher_len, con
                  uint64_t pkt_num, const uint8_t *ad, size_t ad_len, QUICKeyPhase phase) const
 {
   QUICPacketProtection *pp = nullptr;
+  Debug(tag, "Encrypting packet using %s key", QUICDebugNames::key_phase(phase));
 
   switch (this->_netvc_context) {
   case NET_VCONNECTION_IN: {
@@ -267,10 +272,15 @@ QUICTLS::encrypt(uint8_t *cipher, size_t &cipher_len, size_t max_cipher_len, con
   size_t tag_len        = this->_get_aead_tag_len();
   const KeyMaterial *km = pp->get_key(phase);
   if (!km) {
+    Debug(tag, "Failed to encrypt a packet: keys for %s is not ready", QUICDebugNames::key_phase(phase));
     return false;
   }
 
-  return _encrypt(cipher, cipher_len, max_cipher_len, plain, plain_len, pkt_num, ad, ad_len, *km, tag_len);
+  bool ret = _encrypt(cipher, cipher_len, max_cipher_len, plain, plain_len, pkt_num, ad, ad_len, *km, tag_len);
+  if (!ret) {
+    Debug(tag, "Failed to encrypt a packet: pkt_num=%" PRIu64, pkt_num);
+  }
+  return ret;
 }
 
 bool
@@ -278,6 +288,7 @@ QUICTLS::decrypt(uint8_t *plain, size_t &plain_len, size_t max_plain_len, const
                  uint64_t pkt_num, const uint8_t *ad, size_t ad_len, QUICKeyPhase phase) const
 {
   QUICPacketProtection *pp = nullptr;
+  Debug(tag, "Decrypting packet using %s key", QUICDebugNames::key_phase(phase));
 
   switch (this->_netvc_context) {
   case NET_VCONNECTION_IN: {
@@ -296,6 +307,7 @@ QUICTLS::decrypt(uint8_t *plain, size_t &plain_len, size_t max_plain_len, const
   size_t tag_len        = this->_get_aead_tag_len();
   const KeyMaterial *km = pp->get_key(phase);
   if (!km) {
+    Debug(tag, "Failed to decrypt a packet: keys for %s is not ready", QUICDebugNames::key_phase(phase));
     return false;
   }
   bool ret = _decrypt(plain, plain_len, max_plain_len, cipher, cipher_len, pkt_num, ad, ad_len, *km, tag_len);

-- 
To stop receiving notification emails like this one, please contact
maskit@apache.org.