Skip to content

Commit

Permalink
Set key update threshold for thrift server
Browse files Browse the repository at this point in the history 
Summary:
- Adding `keyUpdateThreshold` to FizzHandshakeOptions to allow thrift server to configure Key Update options
- Using thrift flag `thrift_key_update_threshold` to allow customization for different services and rollout

Reviewed By: frqiu

Differential Revision: D51900139

fbshipit-source-id: 6717d57500d5ff3a769635c0ba665f5a722f8d87
  • Loading branch information
@facebook-github-bot
Huilin Chen authored and facebook-github-bot committed Dec 19, 2023
1 parent dee44ad commit 4ffd57f
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 0 deletions.
1 change: 1 addition & 0 deletions wangle/acceptor/FizzAcceptorHandshakeHelper.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -92,6 +92,7 @@ AsyncFizzServer::UniquePtr FizzAcceptorHandshakeHelper::createFizzServer(
AsyncFizzServer::UniquePtr fizzServer(new AsyncFizzServer(
std::move(asyncTransport), fizzContext, extensions, options));
fizzServer->setHandshakeRecordAlignedReads(handshakeRecordAlignedReads_);
fizzServer->setRekeyAfterWriting(keyUpdateThreshold_);

return fizzServer;
}
Expand Down
12 changes: 12 additions & 0 deletions wangle/acceptor/FizzAcceptorHandshakeHelper.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -185,6 +185,15 @@ class FizzHandshakeOptions {
return *this;
}

/**
* setkeyUpdateThreshold_ configures the server to initiate a key update
* after encrypting a certain number of bytes using the same key.
*/
FizzHandshakeOptions& setkeyUpdateThreshold(size_t flag) {
keyUpdateThreshold_ = flag;
return *this;
}

/**
* `setPreferIoUringSocket` controls whether the accepted client connection
* should be handled with an io_uring based transport.
Expand All @@ -206,6 +215,7 @@ class FizzHandshakeOptions {
nullptr};
FizzLoggingCallback* loggingCallback_{nullptr};
bool handshakeRecordAlignedReads_{false};
size_t keyUpdateThreshold_{0};
bool preferIoUringSocket_{false};
friend class FizzAcceptorHandshakeHelper;
};
Expand Down Expand Up @@ -234,6 +244,7 @@ class FizzAcceptorHandshakeHelper
tinfo_(tinfo),
loggingCallback_(options.loggingCallback_),
handshakeRecordAlignedReads_(options.handshakeRecordAlignedReads_),
keyUpdateThreshold_(options.keyUpdateThreshold_),
preferIoUringSocket_(options.preferIoUringSocket_),
transportOptions_(transportOptions) {
DCHECK(context_);
Expand Down Expand Up @@ -312,6 +323,7 @@ class FizzAcceptorHandshakeHelper
wangle::SSLErrorEnum sslError_{wangle::SSLErrorEnum::NO_ERROR};
FizzLoggingCallback* loggingCallback_;
bool handshakeRecordAlignedReads_{false};
size_t keyUpdateThreshold_{0};

fizz::server::AttemptVersionFallback fallback_;
bool preferIoUringSocket_{false};
Expand Down

0 comments on commit 4ffd57f

Please sign in to comment.