Key update support: Add support for initiating periodic key updates for both client and server [4/x]

Summary: Allow the server/client transport to initiate periodic key update. It's defaulted to being disabled. The new logic for initiating and verifying a key update was handled correctly by the peer is consolidated in QuicTransportFunctions. Reviewed By: mjoras Differential Revision: D53109624 fbshipit-source-id: 0c3a944978fc0e0a84252da953dc116aa7c26379
2025-11-09 10:00:57 +03:00 · 2024-02-01 15:41:27 -08:00
parent da3e5e3821
commit aeacf40ae8
14 changed files with 312 additions and 31 deletions
--- a/quic/server/state/ServerStateMachine.cpp
+++ b/quic/server/state/ServerStateMachine.cpp
@@ -1018,17 +1018,6 @@ void onServerReadDataFromOpen(
      }
    }

-    if (conn.readCodec->getCurrentOneRttReadPhase() != conn.oneRttWritePhase) {
-      // Peer has initiated a key update.
-      updateOneRttWriteCipher(
-          conn,
-          conn.serverHandshakeLayer->getNextOneRttWriteCipher(),
-          conn.readCodec->getCurrentOneRttReadPhase());
-
-      conn.readCodec->setNextOneRttReadCipher(
-          conn.serverHandshakeLayer->getNextOneRttReadCipher());
-    }
-
    auto& ackState = getAckState(conn, packetNumberSpace);
    uint64_t distanceFromExpectedPacketNum = addPacketToAckState(
        conn, ackState, packetNum, readData.udpPacket.timings);
@@ -1053,9 +1042,12 @@ void onServerReadDataFromOpen(
              conn,
              packetNumberSpace,
              ackFrame,
-              [&](const OutstandingPacketWrapper&,
+              [&](const OutstandingPacketWrapper& outstandingPacket,
                  const QuicWriteFrame& packetFrame,
                  const ReadAckFrame&) {
+                maybeVerifyPendingKeyUpdate(
+                    conn, outstandingPacket, regularPacket);
+
                switch (packetFrame.type()) {
                  case QuicWriteFrame::Type::WriteStreamFrame: {
                    const WriteStreamFrame& frame =
@@ -1310,6 +1302,8 @@ void onServerReadDataFromOpen(
      handshakeConfirmed(conn);
    }

+    maybeHandleIncomingKeyUpdate(conn);
+
    // Update writable limit before processing the handshake data. This is so
    // that if we haven't decided whether or not to validate the peer, we won't
    // increase the limit.