DTLS: Add server side stateless and CID QoL API #8224
Conversation
julek-wolfssl
commented
Nov 25, 2024
julek-wolfssl
commented
- wolfDTLS_accept_stateless - statelessly listen for incoming connections
- wolfSSL_inject - insert data into WOLFSSL object
- wolfSSL_SSL(Enable|Disable)Read - enable/disable reading from IO
- wolfSSL_get_wfd - get the write side file descriptor
- wolfSSL_dtls_set_pending_peer - set the pending peer that will be upgraded to regular peer when we successfully de-protect a DTLS record
- wolfSSL_dtls_get0_peer - zero copy access to the peer address
- wolfSSL_is_stateful - boolean to check if we have entered stateful processing
- wolfSSL_dtls_cid_get0_rx - zero copy access to the rx cid
- wolfSSL_dtls_cid_get0_tx - zero copy access to the tx cid
- wolfSSL_dtls_cid_parse - extract cid from a datagram/message
julek-wolfssl
force-pushed
the
dtls-server-demux
branch
from
023cc55
to
86376db
Compare
julek-wolfssl
force-pushed
the
dtls-server-demux
branch
3 times, most recently
from
9b95077
to
baa7738
Compare
- wolfDTLS_accept_stateless - statelessly listen for incoming connections - wolfSSL_inject - insert data into WOLFSSL object - wolfSSL_SSL(Enable|Disable)Read - enable/disable reading from IO - wolfSSL_get_wfd - get the write side file descriptor - wolfSSL_dtls_set_pending_peer - set the pending peer that will be upgraded to regular peer when we successfully de-protect a DTLS record - wolfSSL_dtls_get0_peer - zero copy access to the peer address - wolfSSL_is_stateful - boolean to check if we have entered stateful processing - wolfSSL_dtls_cid_get0_rx - zero copy access to the rx cid - wolfSSL_dtls_cid_get0_tx - zero copy access to the tx cid - wolfSSL_dtls_cid_parse - extract cid from a datagram/message
There was a problem hiding this comment.
I think this is a big step in the right direction but there are things unclear. These comments are considering wolfSSL/wolfssl-examples#472 as the user of the changes in this PR.
-
what's the purpose of splitting the fd in write and read?
-
I don't get why we should use the pendingPeer and the example doesn't use it. It looks complicate and there is code that get hit after we copy the pendingPeer to the current Peer that it doesn't look doing nothing other than flipping the processPendingRecord bit.
-
I don't see much gain in using wolfSSL_accept_stateless.
AFAIU it just boils down in a) disabling read so that it can return before reading from the socket and b) to return after a good CH. a) avoids dropping other peer messages that can be received in the EmbedRecvFrom. But, as shown in the example, the server has already to read the messages itself outside of the wolfSSL to do proper demux. I wonder if then this is superfluous.
I would suggest of using a custom internal field like the pendingPeer, but called, as you suggested, currentRecordPeer.
Until the ssl is stateless, this is set on recvfrom, but no filtering happens bc of this.
It's used as the destination of the HRR/HVR and to compute the cookie.
It's not used anywhere else and it's not automatically copied over the other peer.
This way an ssl object can be used to reply to the CHs w/o cookies.
If we got a CH w/ valid cookie we can then leverage our existing goodch callback to set the right peer for sending and continue the connection.
If the application wants to demux, it needs to manage the reading from the socket itself anyway.
Just to recap, my suggestion are:
- In EmbedRecvFrom to set a "peer to send the HRR/HRV" to if we are in a stateless
- Application needs to use ChGoodCB to set the proper peer (is it already like this?)
- Make clear that application needs to manage the read itself if it wants to demux over a single socket
The new APIs (inject, parse_cid) allows the application to manage the connection with a good tradeoff of complexity and control imo.
| /*! | ||
| \ingroup IO | ||
|
|
||
| \brief |
| \brief Get the ConnectionID used by the other peer. See RFC 9146 and RFC | ||
| 9147. | ||
|
|
||
| \return WOLFSSL_SUCCESS if ConnectionID was correctly copied, error code |
There was a problem hiding this comment.
ConnectionID is not copied.
| if (msgSz < DTLS_RECORD_HEADER_SZ + cidSz) | ||
| return; | ||
| /* content type(1) + version(2) + epoch(2) + sequence(6) */ | ||
| *cid = msg + ENUM_LEN + VERSION_SZ + OPAQUE16_LEN + OPAQUE16_LEN + | ||
| OPAQUE32_LEN; |
There was a problem hiding this comment.
why the calculation of lengths are different between the check and the parsing?
| int result = DtlsMsgPoolSend(ssl, 0); | ||
| int result; | ||
| #ifdef WOLFSSL_DTLS13 | ||
| if (IsAtLeastTLSv1_3(ssl->version)) |
There was a problem hiding this comment.
Is this change related to the feature or is a general fix?
|
|
||
| if (ssl->buffers.dtlsCtx.peer.sa != NULL && | ||
| ssl->buffers.dtlsCtx.peer.sz == peerSz && | ||
| XMEMCMP(ssl->buffers.dtlsCtx.peer.sa, peer, peerSz) == 0) { |
There was a problem hiding this comment.
This is not the correct way to compare sockaddr structure, see sockAddrEqual
| if (ssl->buffers.inputBuffer.length - *inOutIdx < | ||
| (word32)cidSz + LENGTH_SZ) | ||
| return LENGTH_ERROR; | ||
| if (cidSz > DTLS_CID_MAX_SIZE || | ||
| wolfSSL_dtls_cid_get_rx(ssl, cid, cidSz) != WOLFSSL_SUCCESS) | ||
| if (cidSz != DtlsGetCidRxSize(ssl) || |
There was a problem hiding this comment.
is this check redundant? we set cidSz to DtlsGetCidRxSize() before
|
|
||
| WOLFSSL_ENTER("wolfSSL_read_internal"); | ||
|
|
||
| if (ssl == NULL || data == NULL || sz <= 0) |
| int wolfSSL_dtls_cid_max_size(void) | ||
| { | ||
| return DTLS_CID_MAX_SIZE; | ||
| } | ||
|
|
||
| void wolfSSL_dtls_cid_parse(const unsigned char* msg, unsigned int msgSz, |
There was a problem hiding this comment.
return WOLFSSL_SUCCESS or WOLFSSL_FAILURE.
| \sa wolfSSL_dtls_set_peer | ||
| \sa wolfSSL_dtls | ||
| */ | ||
| int wolfSSL_dtls_get0_peer(WOLFSSL* ssl, const void** peer, unsigned int* peerSz); |
There was a problem hiding this comment.
don't expose the internal cid.
Prefer to add an API to compare to the ssl cid object if afraid of performance loss of copying the cid.
(like wolfSSL_dtls_cid_cmp(WOLFSSL*ssl,byte *cid, int cidSz))
julek-wolfssl
force-pushed
the
dtls-server-demux
branch
from
baa7738
to
935227a
Compare
