You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by ma...@apache.org on 2017/11/29 03:02:28 UTC
[trafficserver] branch quic-latest updated: Update stateless reset
packet format
This is an automated email from the ASF dual-hosted git repository.
maskit pushed a commit to branch quic-latest
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/quic-latest by this push:
new ae2835c Update stateless reset packet format
ae2835c is described below
commit ae2835c859a4295da7615c30a87c8fb3ef80df16
Author: Masakazu Kitajo <ma...@apache.org>
AuthorDate: Wed Nov 29 12:01:45 2017 +0900
Update stateless reset packet format
---
iocore/net/QUICNetVConnection.cc | 2 +-
iocore/net/QUICPacketHandler.cc | 2 +-
iocore/net/quic/QUICHandshake.cc | 2 +-
iocore/net/quic/QUICPacket.cc | 50 ++++++++++++--------------
iocore/net/quic/QUICPacket.h | 6 +---
iocore/net/quic/QUICTransportParameters.cc | 7 ++++
iocore/net/quic/QUICTransportParameters.h | 1 +
iocore/net/quic/QUICTypes.cc | 15 ++++++++
iocore/net/quic/QUICTypes.h | 22 ++++--------
iocore/net/quic/test/test_QUICPacketFactory.cc | 3 +-
10 files changed, 58 insertions(+), 52 deletions(-)
diff --git a/iocore/net/QUICNetVConnection.cc b/iocore/net/QUICNetVConnection.cc
index 3bcb7f5..ed4b6c1 100644
--- a/iocore/net/QUICNetVConnection.cc
+++ b/iocore/net/QUICNetVConnection.cc
@@ -92,7 +92,7 @@ QUICNetVConnection::start(SSL_CTX *ssl_ctx)
// Version 0x00000001 uses stream 0 for cryptographic handshake with TLS 1.3, but newer version may not
{
QUICConfig::scoped_config params;
- this->_token.gen_token(_quic_connection_id ^ params->server_id());
+ this->_token.generate(_quic_connection_id ^ params->server_id());
}
this->_handshake_handler = new QUICHandshake(this, ssl_ctx, this->_token);
diff --git a/iocore/net/QUICPacketHandler.cc b/iocore/net/QUICPacketHandler.cc
index 8dc8104..afc88fd 100644
--- a/iocore/net/QUICPacketHandler.cc
+++ b/iocore/net/QUICPacketHandler.cc
@@ -139,7 +139,7 @@ QUICPacketHandler::_recv_packet(int event, UDPPacket *udpPacket)
QUICStatelessToken token;
{
QUICConfig::scoped_config params;
- token.gen_token(cid ^ params->server_id());
+ token.generate(cid ^ params->server_id());
}
auto packet = QUICPacketFactory::create_stateless_reset_packet(cid, token);
this->send_packet(*packet, udpPacket->getConnection(), con.addr, 1200);
diff --git a/iocore/net/quic/QUICHandshake.cc b/iocore/net/quic/QUICHandshake.cc
index 2a3b75e..052f0ed 100644
--- a/iocore/net/quic/QUICHandshake.cc
+++ b/iocore/net/quic/QUICHandshake.cc
@@ -299,7 +299,7 @@ QUICHandshake::_load_local_transport_parameters()
params->no_activity_timeout_in(), sizeof(uint16_t))));
tp->add(QUICTransportParameterId::STATELESS_RETRY_TOKEN,
- std::unique_ptr<QUICTransportParameterValue>(new QUICTransportParameterValue(this->_token.get_u64(), 16)));
+ std::unique_ptr<QUICTransportParameterValue>(new QUICTransportParameterValue(this->_token.buf(), 16)));
tp->add_version(QUIC_SUPPORTED_VERSIONS[0]);
// MAYs
diff --git a/iocore/net/quic/QUICPacket.cc b/iocore/net/quic/QUICPacket.cc
index d3290d9..0fc3f27 100644
--- a/iocore/net/quic/QUICPacket.cc
+++ b/iocore/net/quic/QUICPacket.cc
@@ -487,24 +487,6 @@ QUICPacket::QUICPacket(QUICPacketHeader *header, ats_unique_buf payload, size_t
this->_is_retransmittable = retransmittable;
}
-QUICPacket::QUICPacket(QUICPacketType type, QUICConnectionId connection_id, QUICStatelessToken stateless_reset_token)
-{
- const uint8_t *token = stateless_reset_token.get_u8();
- QUICPacketNumber fake_packet_number = token[0];
- QUICPacketNumber fake_base_packet_number = token[0];
- ats_unique_buf fake_payload = ats_unique_malloc(15 + 8);
- memcpy(fake_payload.get(), token + 1, 15);
- // Append random bytes
- std::random_device rnd;
- for (int i = 15; i < 23; ++i) {
- fake_payload.get()[i] = rnd() & 0xFF;
- }
- // TODO stateless packet format changed
- this->_header =
- QUICPacketHeader::build(type, connection_id, fake_packet_number, fake_base_packet_number, std::move(fake_payload), 15 + 8);
- this->_is_retransmittable = false;
-}
-
QUICPacket::~QUICPacket()
{
if (this->_header->has_version()) {
@@ -715,7 +697,7 @@ QUICPacketFactory::create_version_negotiation_packet(const QUICPacket *packet_se
QUICPacketHeader *header = QUICPacketHeader::build(QUICPacketType::VERSION_NEGOTIATION, packet_sent_by_client->connection_id(),
packet_sent_by_client->packet_number(), base_packet_number,
packet_sent_by_client->version(), std::move(versions), len);
- return this->_create_unprotected_packet(header);
+ return QUICPacketFactory::_create_unprotected_packet(header);
}
QUICPacketUPtr
@@ -750,6 +732,28 @@ QUICPacketFactory::create_client_initial_packet(QUICConnectionId connection_id,
}
QUICPacketUPtr
+QUICPacketFactory::create_stateless_reset_packet(QUICConnectionId connection_id, QUICStatelessToken stateless_reset_token)
+{
+ std::random_device rnd;
+
+ uint8_t random_packet_number = static_cast<uint8_t>(rnd() & 0xFF);
+ size_t payload_len = static_cast<uint8_t>(rnd() & 0xFF);
+ ats_unique_buf payload = ats_unique_malloc(payload_len + 16);
+ uint8_t *naked_payload = payload.get();
+
+ // Generate random octets
+ for (int i = payload_len - 1; i >= 0; --i) {
+ naked_payload[i] = static_cast<uint8_t>(rnd() & 0xFF);
+ }
+ // Copy stateless reset token into payload
+ memcpy(naked_payload + payload_len - 16, stateless_reset_token.buf(), 16);
+
+ QUICPacketHeader *header = QUICPacketHeader::build(QUICPacketType::STATELESS_RESET, connection_id, random_packet_number, 0,
+ std::move(payload), payload_len);
+ return QUICPacketFactory::_create_unprotected_packet(header);
+}
+
+QUICPacketUPtr
QUICPacketFactory::_create_unprotected_packet(QUICPacketHeader *header)
{
ats_unique_buf cleartext = ats_unique_malloc(2048);
@@ -780,14 +784,6 @@ QUICPacketFactory::_create_encrypted_packet(QUICPacketHeader *header)
return QUICPacketUPtr(packet, &QUICPacketDeleter::delete_packet);
}
-QUICPacketUPtr
-QUICPacketFactory::create_stateless_reset_packet(QUICConnectionId connection_id, QUICStatelessToken stateless_reset_token)
-{
- QUICPacket *packet = quicPacketAllocator.alloc();
- new (packet) QUICPacket(QUICPacketType::STATELESS_RESET, connection_id, stateless_reset_token);
- return QUICPacketUPtr(packet, &QUICPacketDeleter::delete_packet);
-}
-
void
QUICPacketFactory::set_version(QUICVersion negotiated_version)
{
diff --git a/iocore/net/quic/QUICPacket.h b/iocore/net/quic/QUICPacket.h
index d57f12e..cc42d32 100644
--- a/iocore/net/quic/QUICPacket.h
+++ b/iocore/net/quic/QUICPacket.h
@@ -208,10 +208,6 @@ public:
*/
QUICPacket(QUICPacketHeader *header, ats_unique_buf payload, size_t payload_len, bool retransmittable);
- /*
- * Creates a QUICpacket for stateless reset
- */
- QUICPacket(QUICPacketType type, QUICConnectionId connection_id, QUICStatelessToken stateless_reset_token);
~QUICPacket();
QUICPacketType type() const;
@@ -309,6 +305,6 @@ private:
QUICCrypto *_crypto = nullptr;
QUICPacketNumberGenerator _packet_number_generator;
- QUICPacketUPtr _create_unprotected_packet(QUICPacketHeader *header);
+ static QUICPacketUPtr _create_unprotected_packet(QUICPacketHeader *header);
QUICPacketUPtr _create_encrypted_packet(QUICPacketHeader *header);
};
diff --git a/iocore/net/quic/QUICTransportParameters.cc b/iocore/net/quic/QUICTransportParameters.cc
index 2ca7176..f8dac04 100644
--- a/iocore/net/quic/QUICTransportParameters.cc
+++ b/iocore/net/quic/QUICTransportParameters.cc
@@ -36,6 +36,13 @@ static constexpr int TRANSPORT_PARAMETERS_MAXIMUM_SIZE = 65535;
//
QUICTransportParameterValue::QUICTransportParameterValue(ats_unique_buf d, uint16_t l) : _data(std::move(d)), _len(l){};
+QUICTransportParameterValue::QUICTransportParameterValue(const uint8_t *raw_data, uint16_t l)
+{
+ this->_data = ats_unique_malloc(l);
+ this->_len = l;
+ memcpy(this->_data.get(), raw_data, l);
+}
+
QUICTransportParameterValue::QUICTransportParameterValue(uint64_t raw_data, uint16_t l)
{
this->_data = ats_unique_malloc(l);
diff --git a/iocore/net/quic/QUICTransportParameters.h b/iocore/net/quic/QUICTransportParameters.h
index ba53a15..12c4892 100644
--- a/iocore/net/quic/QUICTransportParameters.h
+++ b/iocore/net/quic/QUICTransportParameters.h
@@ -68,6 +68,7 @@ class QUICTransportParameterValue
{
public:
QUICTransportParameterValue(ats_unique_buf d, uint16_t l);
+ QUICTransportParameterValue(const uint8_t *raw_data, uint16_t l);
QUICTransportParameterValue(uint64_t raw_data, uint16_t l);
QUICTransportParameterValue(const uint64_t raw_data[2], uint16_t l);
diff --git a/iocore/net/quic/QUICTypes.cc b/iocore/net/quic/QUICTypes.cc
index 27fa72c..0e152cd 100644
--- a/iocore/net/quic/QUICTypes.cc
+++ b/iocore/net/quic/QUICTypes.cc
@@ -147,6 +147,21 @@ QUICTypeUtil::write_uint_as_nbytes(uint64_t value, uint8_t n, uint8_t *buf, size
*len = n;
}
+void
+QUICStatelessToken::_gen_token(uint64_t data)
+{
+ INK_MD5 _md5;
+ static constexpr char STATELESS_RETRY_TOKEN_KEY[] = "stateless_token_retry_key";
+ MD5Context ctx;
+ ctx.update(STATELESS_RETRY_TOKEN_KEY, strlen(STATELESS_RETRY_TOKEN_KEY));
+ ctx.update(reinterpret_cast<void *>(&data), 8);
+ ctx.finalize(_md5);
+
+ size_t dummy;
+ QUICTypeUtil::write_uint_as_nbytes(_md5.u64[0], 8, _token, &dummy);
+ QUICTypeUtil::write_uint_as_nbytes(_md5.u64[1], 8, _token + 8, &dummy);
+}
+
uint16_t
QUICError::code()
{
diff --git a/iocore/net/quic/QUICTypes.h b/iocore/net/quic/QUICTypes.h
index e4fd5ad..23eb3c0 100644
--- a/iocore/net/quic/QUICTypes.h
+++ b/iocore/net/quic/QUICTypes.h
@@ -205,29 +205,21 @@ class QUICStatelessToken
{
public:
void
- gen_token(uint64_t data)
+ generate(uint64_t data)
{
- static constexpr char STATELESS_RETRY_TOKEN_KEY[] = "stateless_token_retry_key";
- MD5Context ctx;
- ctx.update(STATELESS_RETRY_TOKEN_KEY, strlen(STATELESS_RETRY_TOKEN_KEY));
- ctx.update(reinterpret_cast<void *>(&data), 8);
- ctx.finalize(_md5);
+ this->_gen_token(data);
}
const uint8_t *
- get_u8() const
+ buf() const
{
- return _md5.u8;
- }
-
- const uint64_t *
- get_u64() const
- {
- return _md5.u64;
+ return _token;
}
private:
- INK_MD5 _md5;
+ uint8_t _token[16] = {0};
+
+ void _gen_token(uint64_t data);
};
class QUICConnectionId
diff --git a/iocore/net/quic/test/test_QUICPacketFactory.cc b/iocore/net/quic/test/test_QUICPacketFactory.cc
index 4a5f2f9..8b7d3a0 100644
--- a/iocore/net/quic/test/test_QUICPacketFactory.cc
+++ b/iocore/net/quic/test/test_QUICPacketFactory.cc
@@ -78,7 +78,7 @@ TEST_CASE("QUICPacketFactory_Create_StatelessResetPacket", "[quic]")
MockQUICCrypto crypto;
factory.set_crypto_module(&crypto);
QUICStatelessToken token;
- token.gen_token(12345);
+ token.generate(12345);
uint8_t expected_output[] = {
0x41, // 0CK0001
0x00, 0x00, 0x00, 0x00, 0x01, 0x02, 0x03, 0x04, // Connection ID
@@ -92,5 +92,4 @@ TEST_CASE("QUICPacketFactory_Create_StatelessResetPacket", "[quic]")
QUICPacketUPtr packet = factory.create_stateless_reset_packet(0x01020304, token);
CHECK(packet->type() == QUICPacketType::STATELESS_RESET);
CHECK(packet->connection_id() == 0x01020304);
- CHECK(packet->packet_number() == token.get_u8()[0]);
}
--
To stop receiving notification emails like this one, please contact
['"commits@trafficserver.apache.org" <co...@trafficserver.apache.org>'].