Implement handshake done and cipher dropping.

Summary: This implements the handshake done signal and also cipher dropping. Reviewed By: yangchi Differential Revision: D19584922 fbshipit-source-id: a98bec8f1076393b051ff65a2d8aae7d572b42f5
2025-11-09 10:00:57 +03:00 · 2020-02-27 12:16:23 -08:00
parent 49d262c84c
commit 472e40a902
26 changed files with 405 additions and 311 deletions
--- a/quic/server/state/ServerStateMachine.cpp
+++ b/quic/server/state/ServerStateMachine.cpp
@@ -242,25 +242,28 @@ void updateHandshakeState(QuicServerConnectionState& conn) {
  }
  auto handshakeWriteCipher = handshakeLayer->getHandshakeWriteCipher();
  auto handshakeReadCipher = handshakeLayer->getHandshakeReadCipher();
-  if (handshakeWriteCipher) {
-    conn.handshakeWriteCipher = std::move(handshakeWriteCipher);
-  }
-  if (handshakeReadCipher) {
-    conn.readCodec->setHandshakeReadCipher(std::move(handshakeReadCipher));
-  }
  auto handshakeWriteHeaderCipher =
      handshakeLayer->getHandshakeWriteHeaderCipher();
  auto handshakeReadHeaderCipher =
      handshakeLayer->getHandshakeReadHeaderCipher();
-  if (handshakeWriteHeaderCipher) {
+  if (handshakeWriteCipher) {
+    CHECK(
+        handshakeReadCipher && handshakeWriteHeaderCipher &&
+        handshakeReadHeaderCipher);
+    conn.handshakeWriteCipher = std::move(handshakeWriteCipher);
    conn.handshakeWriteHeaderCipher = std::move(handshakeWriteHeaderCipher);
-  }
-  if (handshakeReadHeaderCipher) {
+    conn.readCodec->setHandshakeReadCipher(std::move(handshakeReadCipher));
    conn.readCodec->setHandshakeHeaderCipher(
        std::move(handshakeReadHeaderCipher));
  }
  if (handshakeLayer->isHandshakeDone()) {
-    conn.readCodec->onHandshakeDone(Clock::now());
+    CHECK(conn.oneRttWriteCipher);
+    if (conn.handshakeWriteCipher) {
+      handshakeConfirmed(conn);
+      if (conn.version == QuicVersion::QUIC_DRAFT) {
+        sendSimpleFrame(conn, HandshakeDoneFrame());
+      }
+    }
  }
 }

@@ -969,6 +972,14 @@ void onServerReadDataFromOpen(
        }
      }
    }
+    // If we've processed a handshake packet, we can dicard the initial cipher.
+    if (encryptionLevel == EncryptionLevel::Handshake) {
+      conn.initialWriteCipher.reset();
+      conn.initialHeaderCipher.reset();
+      conn.readCodec->setInitialReadCipher(nullptr);
+      conn.readCodec->setInitialHeaderCipher(nullptr);
+      cancelCryptoStream(conn.cryptoState->initialStream);
+    }

    // Update writable limit before processing the handshake data. This is so
    // that if we haven't decided whether or not to validate the peer, we won't