Allow Configuration of Stateless Retry Key #5112
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
nibanks
reviewed
May 21, 2025
nibanks
reviewed
May 21, 2025
nibanks
reviewed
May 21, 2025
nibanks
reviewed
May 21, 2025
nibanks
reviewed
May 21, 2025
nibanks
reviewed
May 21, 2025
nibanks
reviewed
May 21, 2025
nibanks
reviewed
May 21, 2025
nibanks
reviewed
May 21, 2025
nibanks
reviewed
May 21, 2025
anrossi
commented
May 22, 2025
Cargo - windows-latestThe rust bindings need to be updated. Please apply ( diff --git a/src/rs/ffi/win_bindings.rs b/src/rs/ffi/win_bindings.rs
index 5b5a00e..ff0bfe3 100644
--- a/src/rs/ffi/win_bindings.rs
+++ b/src/rs/ffi/win_bindings.rs
@@ -168,6 +168,7 @@ pub const QUIC_PARAM_GLOBAL_LIBRARY_GIT_HASH: u32 = 16777224;
pub const QUIC_PARAM_GLOBAL_EXECUTION_CONFIG: u32 = 16777225;
pub const QUIC_PARAM_GLOBAL_TLS_PROVIDER: u32 = 16777226;
pub const QUIC_PARAM_GLOBAL_STATELESS_RESET_KEY: u32 = 16777227;
+pub const QUIC_PARAM_GLOBAL_STATELESS_RETRY_CONFIG: u32 = 16777228;
pub const QUIC_PARAM_CONFIGURATION_SETTINGS: u32 = 50331648;
pub const QUIC_PARAM_CONFIGURATION_TICKET_KEYS: u32 = 50331649;
pub const QUIC_PARAM_CONFIGURATION_VERSION_SETTINGS: u32 = 50331650;
@@ -4848,6 +4849,34 @@ const _: () = {
["Offset of field: QUIC_STREAM_STATISTICS::StreamBlockedByAppUs"]
[::std::mem::offset_of!(QUIC_STREAM_STATISTICS, StreamBlockedByAppUs) - 56usize];
};
+pub const QUIC_AEAD_ALGORITHM_TYPE_QUIC_AEAD_ALGORITHM_AES_128_GCM: QUIC_AEAD_ALGORITHM_TYPE = 0;
+pub const QUIC_AEAD_ALGORITHM_TYPE_QUIC_AEAD_ALGORITHM_AES_256_GCM: QUIC_AEAD_ALGORITHM_TYPE = 1;
+pub const QUIC_AEAD_ALGORITHM_TYPE_QUIC_AEAD_ALGORITHM_CHACHA20_POLY1305: QUIC_AEAD_ALGORITHM_TYPE =
+ 2;
+pub type QUIC_AEAD_ALGORITHM_TYPE = ::std::os::raw::c_int;
+#[repr(C)]
+#[derive(Debug, Copy, Clone)]
+pub struct QUIC_STATELESS_RETRY_CONFIG {
+ pub Algorithm: QUIC_AEAD_ALGORITHM_TYPE,
+ pub RotationMs: u32,
+ pub SecretLength: u32,
+ pub Secret: [u8; 1usize],
+}
+#[allow(clippy::unnecessary_operation, clippy::identity_op)]
+const _: () = {
+ ["Size of QUIC_STATELESS_RETRY_CONFIG"]
+ [::std::mem::size_of::<QUIC_STATELESS_RETRY_CONFIG>() - 16usize];
+ ["Alignment of QUIC_STATELESS_RETRY_CONFIG"]
+ [::std::mem::align_of::<QUIC_STATELESS_RETRY_CONFIG>() - 4usize];
+ ["Offset of field: QUIC_STATELESS_RETRY_CONFIG::Algorithm"]
+ [::std::mem::offset_of!(QUIC_STATELESS_RETRY_CONFIG, Algorithm) - 0usize];
+ ["Offset of field: QUIC_STATELESS_RETRY_CONFIG::RotationMs"]
+ [::std::mem::offset_of!(QUIC_STATELESS_RETRY_CONFIG, RotationMs) - 4usize];
+ ["Offset of field: QUIC_STATELESS_RETRY_CONFIG::SecretLength"]
+ [::std::mem::offset_of!(QUIC_STATELESS_RETRY_CONFIG, SecretLength) - 8usize];
+ ["Offset of field: QUIC_STATELESS_RETRY_CONFIG::Secret"]
+ [::std::mem::offset_of!(QUIC_STATELESS_RETRY_CONFIG, Secret) - 12usize];
+};
pub type QUIC_SET_CONTEXT_FN = ::std::option::Option<
unsafe extern "C" fn(Handle: HQUIC, Context: *mut ::std::os::raw::c_void),
>; |
Cargo - windows-latestThe rust bindings need to be updated. Please apply ( diff --git a/src/rs/ffi/win_bindings.rs b/src/rs/ffi/win_bindings.rs
index 5b5a00e..ff0bfe3 100644
--- a/src/rs/ffi/win_bindings.rs
+++ b/src/rs/ffi/win_bindings.rs
@@ -168,6 +168,7 @@ pub const QUIC_PARAM_GLOBAL_LIBRARY_GIT_HASH: u32 = 16777224;
pub const QUIC_PARAM_GLOBAL_EXECUTION_CONFIG: u32 = 16777225;
pub const QUIC_PARAM_GLOBAL_TLS_PROVIDER: u32 = 16777226;
pub const QUIC_PARAM_GLOBAL_STATELESS_RESET_KEY: u32 = 16777227;
+pub const QUIC_PARAM_GLOBAL_STATELESS_RETRY_CONFIG: u32 = 16777228;
pub const QUIC_PARAM_CONFIGURATION_SETTINGS: u32 = 50331648;
pub const QUIC_PARAM_CONFIGURATION_TICKET_KEYS: u32 = 50331649;
pub const QUIC_PARAM_CONFIGURATION_VERSION_SETTINGS: u32 = 50331650;
@@ -4848,6 +4849,34 @@ const _: () = {
["Offset of field: QUIC_STREAM_STATISTICS::StreamBlockedByAppUs"]
[::std::mem::offset_of!(QUIC_STREAM_STATISTICS, StreamBlockedByAppUs) - 56usize];
};
+pub const QUIC_AEAD_ALGORITHM_TYPE_QUIC_AEAD_ALGORITHM_AES_128_GCM: QUIC_AEAD_ALGORITHM_TYPE = 0;
+pub const QUIC_AEAD_ALGORITHM_TYPE_QUIC_AEAD_ALGORITHM_AES_256_GCM: QUIC_AEAD_ALGORITHM_TYPE = 1;
+pub const QUIC_AEAD_ALGORITHM_TYPE_QUIC_AEAD_ALGORITHM_CHACHA20_POLY1305: QUIC_AEAD_ALGORITHM_TYPE =
+ 2;
+pub type QUIC_AEAD_ALGORITHM_TYPE = ::std::os::raw::c_int;
+#[repr(C)]
+#[derive(Debug, Copy, Clone)]
+pub struct QUIC_STATELESS_RETRY_CONFIG {
+ pub Algorithm: QUIC_AEAD_ALGORITHM_TYPE,
+ pub RotationMs: u32,
+ pub SecretLength: u32,
+ pub Secret: [u8; 1usize],
+}
+#[allow(clippy::unnecessary_operation, clippy::identity_op)]
+const _: () = {
+ ["Size of QUIC_STATELESS_RETRY_CONFIG"]
+ [::std::mem::size_of::<QUIC_STATELESS_RETRY_CONFIG>() - 16usize];
+ ["Alignment of QUIC_STATELESS_RETRY_CONFIG"]
+ [::std::mem::align_of::<QUIC_STATELESS_RETRY_CONFIG>() - 4usize];
+ ["Offset of field: QUIC_STATELESS_RETRY_CONFIG::Algorithm"]
+ [::std::mem::offset_of!(QUIC_STATELESS_RETRY_CONFIG, Algorithm) - 0usize];
+ ["Offset of field: QUIC_STATELESS_RETRY_CONFIG::RotationMs"]
+ [::std::mem::offset_of!(QUIC_STATELESS_RETRY_CONFIG, RotationMs) - 4usize];
+ ["Offset of field: QUIC_STATELESS_RETRY_CONFIG::SecretLength"]
+ [::std::mem::offset_of!(QUIC_STATELESS_RETRY_CONFIG, SecretLength) - 8usize];
+ ["Offset of field: QUIC_STATELESS_RETRY_CONFIG::Secret"]
+ [::std::mem::offset_of!(QUIC_STATELESS_RETRY_CONFIG, Secret) - 12usize];
+};
pub type QUIC_SET_CONTEXT_FN = ::std::option::Option<
unsafe extern "C" fn(Handle: HQUIC, Context: *mut ::std::os::raw::c_void),
>; |
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #5112 +/- ##
==========================================
- Coverage 87.19% 86.96% -0.24%
==========================================
Files 59 59
Lines 18086 18183 +97
==========================================
+ Hits 15770 15812 +42
- Misses 2316 2371 +55 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
nibanks
reviewed
May 23, 2025
nibanks
reviewed
May 23, 2025
nibanks
reviewed
May 23, 2025
Cargo - ubuntu-latestThe rust bindings need to be updated. Please apply ( diff --git a/src/rs/ffi/linux_bindings.rs b/src/rs/ffi/linux_bindings.rs
index cf4039b..01b44d4 100644
--- a/src/rs/ffi/linux_bindings.rs
+++ b/src/rs/ffi/linux_bindings.rs
@@ -175,6 +175,7 @@ pub const QUIC_PARAM_GLOBAL_EXECUTION_CONFIG: u32 = 16777225;
pub const QUIC_PARAM_GLOBAL_TLS_PROVIDER: u32 = 16777226;
pub const QUIC_PARAM_GLOBAL_STATELESS_RESET_KEY: u32 = 16777227;
pub const QUIC_PARAM_GLOBAL_STATISTICS_V2_SIZES: u32 = 16777228;
+pub const QUIC_PARAM_GLOBAL_STATELESS_RETRY_CONFIG: u32 = 16777229;
pub const QUIC_PARAM_CONFIGURATION_SETTINGS: u32 = 50331648;
pub const QUIC_PARAM_CONFIGURATION_TICKET_KEYS: u32 = 50331649;
pub const QUIC_PARAM_CONFIGURATION_VERSION_SETTINGS: u32 = 50331650;
@@ -4884,6 +4885,34 @@ const _: () = {
["Offset of field: QUIC_STREAM_STATISTICS::StreamBlockedByAppUs"]
[::std::mem::offset_of!(QUIC_STREAM_STATISTICS, StreamBlockedByAppUs) - 56usize];
};
+pub const QUIC_AEAD_ALGORITHM_TYPE_QUIC_AEAD_ALGORITHM_AES_128_GCM: QUIC_AEAD_ALGORITHM_TYPE = 0;
+pub const QUIC_AEAD_ALGORITHM_TYPE_QUIC_AEAD_ALGORITHM_AES_256_GCM: QUIC_AEAD_ALGORITHM_TYPE = 1;
+pub const QUIC_AEAD_ALGORITHM_TYPE_QUIC_AEAD_ALGORITHM_CHACHA20_POLY1305: QUIC_AEAD_ALGORITHM_TYPE =
+ 2;
+pub type QUIC_AEAD_ALGORITHM_TYPE = ::std::os::raw::c_uint;
+#[repr(C)]
+#[derive(Debug, Copy, Clone)]
+pub struct QUIC_STATELESS_RETRY_CONFIG {
+ pub Algorithm: QUIC_AEAD_ALGORITHM_TYPE,
+ pub RotationMs: u32,
+ pub SecretLength: u32,
+ pub Secret: *const u8,
+}
+#[allow(clippy::unnecessary_operation, clippy::identity_op)]
+const _: () = {
+ ["Size of QUIC_STATELESS_RETRY_CONFIG"]
+ [::std::mem::size_of::<QUIC_STATELESS_RETRY_CONFIG>() - 24usize];
+ ["Alignment of QUIC_STATELESS_RETRY_CONFIG"]
+ [::std::mem::align_of::<QUIC_STATELESS_RETRY_CONFIG>() - 8usize];
+ ["Offset of field: QUIC_STATELESS_RETRY_CONFIG::Algorithm"]
+ [::std::mem::offset_of!(QUIC_STATELESS_RETRY_CONFIG, Algorithm) - 0usize];
+ ["Offset of field: QUIC_STATELESS_RETRY_CONFIG::RotationMs"]
+ [::std::mem::offset_of!(QUIC_STATELESS_RETRY_CONFIG, RotationMs) - 4usize];
+ ["Offset of field: QUIC_STATELESS_RETRY_CONFIG::SecretLength"]
+ [::std::mem::offset_of!(QUIC_STATELESS_RETRY_CONFIG, SecretLength) - 8usize];
+ ["Offset of field: QUIC_STATELESS_RETRY_CONFIG::Secret"]
+ [::std::mem::offset_of!(QUIC_STATELESS_RETRY_CONFIG, Secret) - 16usize];
+};
pub type QUIC_SET_CONTEXT_FN = ::std::option::Option<
unsafe extern "C" fn(Handle: HQUIC, Context: *mut ::std::os::raw::c_void),
>; |
nibanks
reviewed
Jun 14, 2025
guhetier
reviewed
Jun 17, 2025
nibanks
reviewed
Jun 17, 2025
nibanks
reviewed
Jun 17, 2025
nibanks
reviewed
Jun 17, 2025
guhetier
reviewed
Jun 19, 2025
guhetier
reviewed
Jun 19, 2025
guhetier
approved these changes
Jun 20, 2025
sm-msft
reviewed
Jun 20, 2025
|
|
||
| The AEAD algorithm used for protecting the retry token. Must be one of the following constants: | ||
|
|
||
| Constant | Key Length |
There was a problem hiding this comment.
Should this be "key size" to match the description of "SecretLength" below?
sm-msft
reviewed
Jun 20, 2025
| The interval to rotate the retry key. 30,000ms is the default. | ||
|
|
||
| `SecretLength` | ||
|
|
There was a problem hiding this comment.
SecretLengthBytes to disambiguate between the bits used in algorithm name and the bytes required to be passed here?
sm-msft
reviewed
Jun 20, 2025
|
|
||
| `RotationMs` | ||
|
|
||
| The interval to rotate the retry key. 30,000ms is the default. |
There was a problem hiding this comment.
I am just curious about the default value here - 30 second key rotation seems too frequent. Does this stem from requirements or something we do in practice?
sm-msft
reviewed
Jun 20, 2025
| @@ -144,15 +157,19 @@ QuicPartitionGetStatelessRetryKeyForTimestamp( | |||
| ) | |||
| { | |||
| const int64_t Now = CxPlatTimeEpochMs64(); | |||
There was a problem hiding this comment.
Unrelated to your PR, but this code is susceptible to issues arising from system clock rollback. This should use CxPlatTimeUs64() instead of CxPlatTimeEpochMs64.
This applies to all functions that access QuicPartitionGetCurrentStatelessRetryKey() function.
There was a problem hiding this comment.
This time is required to be synchronized across all load balanced machines to allow for distributed encryption and decryption.
sm-msft
reviewed
Jun 20, 2025
| AlgSecretLen); | ||
| return QUIC_STATUS_INVALID_PARAMETER; | ||
| } | ||
| CXPLAT_DBG_ASSERT(AlgSecretLen <= sizeof(MsQuicLib.StatelessRetry.BaseSecret)); |
There was a problem hiding this comment.
We could make this FRE assert due to potential implication of the condition not being met.
sm-msft
reviewed
Jun 20, 2025
| CXPLAT_DBG_ASSERT(AlgSecretLen <= sizeof(MsQuicLib.StatelessRetry.BaseSecret)); | ||
|
|
||
| CxPlatDispatchRwLockAcquireExclusive(&MsQuicLib.StatelessRetry.Lock, PrevIrql); | ||
| if (Config->Secret != MsQuicLib.StatelessRetry.BaseSecret) { |
There was a problem hiding this comment.
Can we return an error under this condition?
sm-msft
reviewed
Jun 20, 2025
| const int64_t CurrentKeyIndex = Now / QUIC_STATELESS_RETRY_KEY_LIFETIME_MS; | ||
| const int64_t KeyIndex = Timestamp / QUIC_STATELESS_RETRY_KEY_LIFETIME_MS; | ||
| CxPlatDispatchRwLockAcquireShared(&MsQuicLib.StatelessRetry.Lock, PrevIrql); | ||
| const int64_t CurrentKeyIndex = Now / MsQuicLib.StatelessRetry.KeyRotationMs; |
There was a problem hiding this comment.
How would this indexing be impacted if the settings change a small key rotation interval to a large key rotation interval?
sm-msft
reviewed
Jun 20, 2025
sm-msft
reviewed
Jun 20, 2025
| @@ -334,6 +345,78 @@ QuicPerfCounterSnapShot( | |||
| sizeof(PerfCounterSamples)); | |||
| } | |||
|
|
|||
| _IRQL_requires_max_(PASSIVE_LEVEL) | |||
| void | |||
| QuicLibraryLoadRetryConfig( | |||
There was a problem hiding this comment.
Msg'd Anthony separately about this function.
There was a problem hiding this comment.
For the sake of the review, it'd be awesome to have a quick summary of what the discussion was about and what the conclusion was :)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Add a new Global SetParam to set the Stateless Retry key, algorithm, and key rotation interval.
Fixes #5005.
Testing
New tests added covering the invalid parameter cases.
Documentation
Settings.md was updated to describe the new parameter.