Skip to content

Commit

Permalink
Add config for retry. (#36)
Browse files Browse the repository at this point in the history
  • Loading branch information
xiaofei0800 authored Nov 15, 2023
1 parent 04f39f3 commit aa04fdf
Show file tree
Hide file tree
Showing 7 changed files with 40 additions and 16 deletions.
5 changes: 5 additions & 0 deletions apps/src/bin/tquic_server.rs
Original file line number Diff line number Diff line change
Expand Up @@ -86,6 +86,10 @@ pub struct ServerOpt {
#[clap(long, value_name = "STR")]
pub address_token_key: Option<String>,

/// Enable stateless retry.
#[clap(long)]
pub enable_retry: bool,

/// Disable stateless reset.
#[clap(long)]
pub disable_stateless_reset: bool,
Expand Down Expand Up @@ -150,6 +154,7 @@ impl Server {
config.set_recv_udp_payload_size(option.recv_udp_payload_size);
config.set_send_udp_payload_size(option.send_udp_payload_size);
config.set_max_handshake_timeout(option.handshake_timeout);
config.enable_retry(option.enable_retry);
config.enable_stateless_reset(!option.disable_stateless_reset);
config.set_max_handshake_timeout(option.handshake_timeout);
config.set_max_idle_timeout(option.idle_timeout);
Expand Down
5 changes: 5 additions & 0 deletions include/tquic.h
Original file line number Diff line number Diff line change
Expand Up @@ -397,6 +397,11 @@ int quic_config_set_address_token_key(struct quic_config_t *config,
const uint8_t *token_keys,
size_t token_keys_len);

/**
* Set whether stateless retry is allowed. Default is not allowed.
*/
void quic_config_enable_retry(struct quic_config_t *config, bool enabled);

/**
* Set the length of source cid. The length should not be greater than 20.
*/
Expand Down
2 changes: 1 addition & 1 deletion interop/run_endpoint.sh
Original file line number Diff line number Diff line change
Expand Up @@ -79,7 +79,7 @@ elif [ "$ROLE" == "server" ]; then
SERVER_ARGS="-c /certs/cert.pem -k /certs/priv.key --listen [::]:443 --root $ROOT_DIR --keylog-file $SSLKEYLOGFILE"
case $TESTCASE in
retry)
SERVER_ARGS="$SERVER_ARGS --address-token-key=test"
SERVER_ARGS="$SERVER_ARGS --enable-retry"
;;
*)
;;
Expand Down
10 changes: 1 addition & 9 deletions src/connection/connection.rs
Original file line number Diff line number Diff line change
Expand Up @@ -297,14 +297,6 @@ impl Connection {
conn.flags.insert(DerivedInitialSecrets);
}

// Prepare resume address token if needed
if is_server && conf.retry {
let token = AddressToken::new_resume_token(remote);
if let Ok(token) = token.encode(&conf.address_token_key[0]) {
conn.token = Some(token);
}
}

if !conf.max_handshake_timeout.is_zero() {
conn.timers.set(
Timer::Handshake,
Expand All @@ -313,7 +305,7 @@ impl Connection {
}

// Prepare resume address token if needed
if is_server && conf.retry {
if is_server {
let token = AddressToken::new_resume_token(remote);
if let Ok(token) = token.encode(&conf.address_token_key[0]) {
conn.token = Some(token);
Expand Down
4 changes: 2 additions & 2 deletions src/endpoint.rs
Original file line number Diff line number Diff line change
Expand Up @@ -1749,7 +1749,7 @@ mod tests {

let cli_conf = TestPair::new_test_config(false)?;
let mut srv_conf = TestPair::new_test_config(true)?;
srv_conf.set_address_token_key(vec![[1; 16]])?;
srv_conf.enable_retry(true);

let mut case_conf = CaseConf::default();
case_conf.handshake_only = true;
Expand Down Expand Up @@ -1785,7 +1785,7 @@ mod tests {

let cli_conf = TestPair::new_test_config(false)?;
let mut srv_conf = TestPair::new_test_config(true)?;
srv_conf.set_address_token_key(vec![token_key])?;
srv_conf.enable_retry(true);

let mut case_conf = CaseConf::default();
case_conf.handshake_only = true;
Expand Down
6 changes: 6 additions & 0 deletions src/ffi.rs
Original file line number Diff line number Diff line change
Expand Up @@ -279,6 +279,12 @@ pub extern "C" fn quic_config_set_address_token_key(
}
}

/// Set whether stateless retry is allowed. Default is not allowed.
#[no_mangle]
pub extern "C" fn quic_config_enable_retry(config: &mut Config, enabled: bool) {
config.enable_retry(enabled);
}

/// Set the length of source cid. The length should not be greater than 20.
#[no_mangle]
pub extern "C" fn quic_config_set_cid_len(config: &mut Config, v: u8) {
Expand Down
24 changes: 20 additions & 4 deletions src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -393,7 +393,7 @@ impl Config {
retry: false,
stateless_reset: true,
address_token_lifetime: Duration::from_secs(86400),
address_token_key: vec![],
address_token_key: Self::rand_address_token_key()?,
reset_token_key,
cid_len: 8,
send_batch_size: 64,
Expand Down Expand Up @@ -542,22 +542,29 @@ impl Config {
self.address_token_lifetime = Duration::from_secs(seconds);
}

/// Set the key for address token generation. It also enables retry.
/// Set the key for address token generation.
pub fn set_address_token_key(&mut self, keys: Vec<[u8; 16]>) -> Result<()> {
if keys.is_empty() {
return Err(Error::InvalidConfig("address token key empty".into()));
}

let mut address_token_key = vec![];
for key in keys {
// AES-128 uses a 128-bit key length
let key = UnboundKey::new(&aead::AES_128_GCM, &key).map_err(|_| Error::CryptoFail)?;
let key = LessSafeKey::new(key);
self.address_token_key.push(key);
address_token_key.push(key);
}
self.retry = true;
self.address_token_key = address_token_key;

Ok(())
}

/// Set whether stateless retry is allowed. Default is not allowed.
pub fn enable_retry(&mut self, enable_retry: bool) {
self.retry = enable_retry;
}

/// Set whether stateless reset is allowed.
pub fn enable_stateless_reset(&mut self, enable_stateless_reset: bool) {
self.stateless_reset = enable_stateless_reset;
Expand Down Expand Up @@ -586,6 +593,15 @@ impl Config {
self.tls_config_selector = Some(tls_config_selector);
}

/// Generate random address token key.
fn rand_address_token_key() -> Result<Vec<LessSafeKey>> {
let mut key = [0_u8; 16];
rand::thread_rng().fill_bytes(&mut key);
Ok(vec![LessSafeKey::new(
UnboundKey::new(&aead::AES_128_GCM, &key).map_err(|_| Error::CryptoFail)?,
)])
}

/// Create new tls session.
fn new_tls_session(
&mut self,
Expand Down

0 comments on commit aa04fdf

Please sign in to comment.