quic: handle StatelessResetToken update following ngtcp2 1.22 update

jasnell · jasnell · commit 7c7acdcb4d86 · 2026-04-09T10:42:11.000-07:00
diff --git a/src/quic/packet.cc b/src/quic/packet.cc
@@ -160,7 +160,7 @@ Packet::Ptr Packet::CreateStatelessResetPacket(
   if (!packet) return packet;
   ngtcp2_vec vec = *packet;
 
-  ssize_t nwrite = ngtcp2_pkt_write_stateless_reset(
+  auto nwrite = ngtcp2_pkt_write_stateless_reset2(
       vec.base, pktlen, token, random, kRandlen);
   if (nwrite <= static_cast<ssize_t>(kMinStatelessResetLen)) return Ptr();
 
diff --git a/src/quic/session.cc b/src/quic/session.cc
@@ -216,7 +216,7 @@ void ngtcp2_debug_log(void* user_data, const char* fmt, ...) {
   va_end(ap);
 }
 
-template <typename Opt, PreferredAddress::Policy Opt::*member>
+template <typename Opt, PreferredAddress::Policy Opt::* member>
 bool SetOption(Environment* env,
                Opt* options,
                const Local<Object>& object,
@@ -231,7 +231,7 @@ bool SetOption(Environment* env,
   return true;
 }
 
-template <typename Opt, TLSContext::Options Opt::*member>
+template <typename Opt, TLSContext::Options Opt::* member>
 bool SetOption(Environment* env,
                Opt* options,
                const Local<Object>& object,
@@ -246,7 +246,7 @@ bool SetOption(Environment* env,
   return true;
 }
 
-template <typename Opt, TransportParams::Options Opt::*member>
+template <typename Opt, TransportParams::Options Opt::* member>
 bool SetOption(Environment* env,
                Opt* options,
                const Local<Object>& object,
@@ -261,7 +261,7 @@ bool SetOption(Environment* env,
   return true;
 }
 
-template <typename Opt, ngtcp2_cc_algo Opt::*member>
+template <typename Opt, ngtcp2_cc_algo Opt::* member>
 bool SetOption(Environment* env,
                Opt* options,
                const Local<Object>& object,
@@ -626,9 +626,9 @@ struct Session::Impl final : public MemoryRetainer {
         ngtcp2_conn_get_scid(*session_, nullptr));
     ngtcp2_conn_get_scid(*session_, cids.out());
 
-    MaybeStackBuffer<ngtcp2_cid_token, 10> tokens(
-        ngtcp2_conn_get_active_dcid(*session_, nullptr));
-    ngtcp2_conn_get_active_dcid(*session_, tokens.out());
+    MaybeStackBuffer<ngtcp2_cid_token2, 10> tokens(
+        ngtcp2_conn_get_active_dcid2(*session_, nullptr));
+    ngtcp2_conn_get_active_dcid2(*session_, tokens.out());
 
     endpoint->DisassociateCID(config_.dcid);
     endpoint->DisassociateCID(config_.preferred_address_cid);
@@ -640,7 +640,7 @@ struct Session::Impl final : public MemoryRetainer {
     for (size_t n = 0; n < tokens.length(); n++) {
       if (tokens[n].token_present) {
         endpoint->DisassociateStatelessResetToken(
-            StatelessResetToken(tokens[n].token));
+            StatelessResetToken(&tokens[n].token));
       }
     }
 
@@ -874,7 +874,7 @@ struct Session::Impl final : public MemoryRetainer {
                            ngtcp2_connection_id_status_type type,
                            uint64_t seq,
                            const ngtcp2_cid* cid,
-                           const uint8_t* token,
+                           const ngtcp2_stateless_reset_token* token,
                            void* user_data) {
     NGTCP2_CALLBACK_SCOPE(session)
     std::optional<StatelessResetToken> maybe_reset_token;
@@ -946,7 +946,7 @@ struct Session::Impl final : public MemoryRetainer {
 
   static int on_get_new_cid(ngtcp2_conn* conn,
                             ngtcp2_cid* cid,
-                            uint8_t* token,
+                            ngtcp2_stateless_reset_token* token,
                             size_t cidlen,
                             void* user_data) {
     NGTCP2_CALLBACK_SCOPE(session)
@@ -1043,7 +1043,7 @@ struct Session::Impl final : public MemoryRetainer {
   }
 
   static int on_receive_stateless_reset(ngtcp2_conn* conn,
-                                        const ngtcp2_pkt_stateless_reset* sr,
+                                        const ngtcp2_pkt_stateless_reset2* sr,
                                         void* user_data) {
     NGTCP2_CALLBACK_SCOPE(session)
     session->impl_->state_->stateless_reset = 1;
@@ -1212,12 +1212,12 @@ struct Session::Impl final : public MemoryRetainer {
       on_acknowledge_stream_data_offset,
       nullptr,
       on_stream_close,
-      on_receive_stateless_reset,
+      nullptr,  // recv_stateless_reset (deprecated, use v2 below)
       ngtcp2_crypto_recv_retry_cb,
       on_extend_max_streams_bidi,
       on_extend_max_streams_uni,
       on_rand,
-      on_get_new_cid,
+      nullptr,  // get_new_connection_id (deprecated, use v2 below)
       on_remove_connection_id,
       ngtcp2_crypto_update_key_cb,
       on_path_validation,
@@ -1226,7 +1226,7 @@ struct Session::Impl final : public MemoryRetainer {
       on_extend_max_remote_streams_bidi,
       on_extend_max_remote_streams_uni,
       on_extend_max_stream_data,
-      on_cid_status,
+      nullptr,  // dcid_status (deprecated, use v2 below)
       on_handshake_confirmed,
       on_receive_new_token,
       ngtcp2_crypto_delete_crypto_aead_ctx_cb,
@@ -1241,9 +1241,9 @@ struct Session::Impl final : public MemoryRetainer {
       nullptr,
       on_early_data_rejected,
       on_begin_path_validation,
-      nullptr,
-      nullptr,
-      nullptr,
+      on_receive_stateless_reset,
+      on_get_new_cid,
+      on_cid_status,
       nullptr};
 
   static constexpr ngtcp2_callbacks SERVER = {
@@ -1259,12 +1259,12 @@ struct Session::Impl final : public MemoryRetainer {
       on_acknowledge_stream_data_offset,
       nullptr,
       on_stream_close,
-      on_receive_stateless_reset,
+      nullptr,  // recv_stateless_reset (deprecated, use v2 below)
       nullptr,
       on_extend_max_streams_bidi,
       on_extend_max_streams_uni,
       on_rand,
-      on_get_new_cid,
+      nullptr,  // get_new_connection_id (deprecated, use v2 below)
       on_remove_connection_id,
       ngtcp2_crypto_update_key_cb,
       on_path_validation,
@@ -1273,7 +1273,7 @@ struct Session::Impl final : public MemoryRetainer {
       on_extend_max_remote_streams_bidi,
       on_extend_max_remote_streams_uni,
       on_extend_max_stream_data,
-      on_cid_status,
+      nullptr,  // dcid_status (deprecated, use v2 below)
       nullptr,
       nullptr,
       ngtcp2_crypto_delete_crypto_aead_ctx_cb,
@@ -1288,9 +1288,9 @@ struct Session::Impl final : public MemoryRetainer {
       on_receive_tx_key,
       on_early_data_rejected,
       on_begin_path_validation,
-      nullptr,
-      nullptr,
-      nullptr,
+      on_receive_stateless_reset,
+      on_get_new_cid,
+      on_cid_status,
       nullptr};
 };
 
@@ -2497,7 +2497,7 @@ void Session::DatagramReceived(const uint8_t* data,
 
 void Session::GenerateNewConnectionId(ngtcp2_cid* cid,
                                       size_t len,
-                                      uint8_t* token) {
+                                      ngtcp2_stateless_reset_token* token) {
   DCHECK(!is_destroyed());
   CID cid_ = impl_->config_.options.cid_factory->GenerateInto(cid, len);
   Debug(this, "Generated new connection id %s", cid_);
diff --git a/src/quic/session.h b/src/quic/session.h
@@ -501,7 +501,9 @@ class Session final : public AsyncWrap, private SessionTicket::AppData::Source {
   void DatagramReceived(const uint8_t* data,
                         size_t datalen,
                         DatagramReceivedFlags flag);
-  void GenerateNewConnectionId(ngtcp2_cid* cid, size_t len, uint8_t* token);
+  void GenerateNewConnectionId(ngtcp2_cid* cid,
+                               size_t len,
+                               ngtcp2_stateless_reset_token* token);
   bool HandshakeCompleted();
   void HandshakeConfirmed();
   void SelectPreferredAddress(PreferredAddress* preferredAddress);
diff --git a/src/quic/tokens.cc b/src/quic/tokens.cc
@@ -61,42 +61,61 @@ std::string TokenSecret::ToString() const {
 // ============================================================================
 // StatelessResetToken
 
-StatelessResetToken::StatelessResetToken() : ptr_(nullptr), buf_() {}
+StatelessResetToken::StatelessResetToken()
+    : ngtcp2_stateless_reset_token(), ptr_(nullptr) {}
 
-StatelessResetToken::StatelessResetToken(const uint8_t* token) : ptr_(token) {}
+StatelessResetToken::StatelessResetToken(const uint8_t* token)
+    : ptr_(reinterpret_cast<const ngtcp2_stateless_reset_token*>(token)) {}
+
+StatelessResetToken::StatelessResetToken(
+    const ngtcp2_stateless_reset_token* token)
+    : ptr_(token) {}
 
 StatelessResetToken::StatelessResetToken(const TokenSecret& secret,
                                          const CID& cid)
-    : ptr_(buf_) {
+    : ptr_(this) {
   CHECK_EQ(ngtcp2_crypto_generate_stateless_reset_token(
-               buf_, secret, kStatelessTokenLen, cid),
+               data, secret, kStatelessTokenLen, cid),
            0);
 }
 
 StatelessResetToken::StatelessResetToken(uint8_t* token,
                                          const TokenSecret& secret,
                                          const CID& cid)
-    : ptr_(token) {
+    : ptr_(reinterpret_cast<const ngtcp2_stateless_reset_token*>(token)) {
   CHECK_EQ(ngtcp2_crypto_generate_stateless_reset_token(
                token, secret, kStatelessTokenLen, cid),
            0);
 }
 
+StatelessResetToken::StatelessResetToken(ngtcp2_stateless_reset_token* token,
+                                         const TokenSecret& secret,
+                                         const CID& cid)
+    : ptr_(token) {
+  CHECK_EQ(ngtcp2_crypto_generate_stateless_reset_token(
+               token->data, secret, kStatelessTokenLen, cid),
+           0);
+}
+
 StatelessResetToken::StatelessResetToken(const StatelessResetToken& other)
-    : ptr_(buf_) {
+    : ngtcp2_stateless_reset_token(), ptr_(this) {
   if (other) {
-    memcpy(buf_, other.ptr_, kStatelessTokenLen);
+    memcpy(data, other.ptr_->data, kStatelessTokenLen);
   } else {
     ptr_ = nullptr;
   }
 }
 
 StatelessResetToken::operator const uint8_t*() const {
-  return ptr_ != nullptr ? ptr_ : buf_;
+  return ptr_ != nullptr ? ptr_->data : data;
+}
+
+StatelessResetToken::operator const ngtcp2_stateless_reset_token*() const {
+  return ptr_;
 }
 
 StatelessResetToken::operator const char*() const {
-  return reinterpret_cast<const char*>(ptr_ != nullptr ? ptr_ : buf_);
+  return reinterpret_cast<const char*>(ptr_ != nullptr ? ptr_->data : data);
 }
 
 StatelessResetToken::operator bool() const {
@@ -109,7 +128,7 @@ bool StatelessResetToken::operator==(const StatelessResetToken& other) const {
       (ptr_ != nullptr && other.ptr_ == nullptr)) {
     return false;
   }
-  return CRYPTO_memcmp(ptr_, other.ptr_, kStatelessTokenLen) == 0;
+  return CRYPTO_memcmp(ptr_->data, other.ptr_->data, kStatelessTokenLen) == 0;
 }
 
 bool StatelessResetToken::operator!=(const StatelessResetToken& other) const {
@@ -128,7 +147,7 @@ std::string StatelessResetToken::ToString() const {
 size_t StatelessResetToken::Hash::operator()(
     const StatelessResetToken& token) const {
   if (token.ptr_ == nullptr) return 0;
-  return HashBytes(token.ptr_, kStatelessTokenLen);
+  return HashBytes(token.ptr_->data, kStatelessTokenLen);
 }
 
 StatelessResetToken StatelessResetToken::kInvalid;
diff --git a/src/quic/tokens.h b/src/quic/tokens.h
@@ -70,38 +70,44 @@ class TokenSecret final : public MemoryRetainer {
 //
 // StatlessResetTokens are always kStatelessTokenLen bytes,
 // as are the secrets used to generate the token.
-class StatelessResetToken final : public MemoryRetainer {
+class StatelessResetToken final : public ngtcp2_stateless_reset_token,
+                                  public MemoryRetainer {
  public:
   static constexpr int kStatelessTokenLen = NGTCP2_STATELESS_RESET_TOKENLEN;
 
   StatelessResetToken();
 
   // Generates a stateless reset token using HKDF with the cid and token secret
   // as input. The token secret is either provided by user code when an Endpoint
-  // is created or is generated randomly.
+  // is created or is generated randomly. The token is stored in the inherited
+  // ngtcp2_stateless_reset_token::data and ptr_ is set to this.
   StatelessResetToken(const TokenSecret& secret, const CID& cid);
 
-  // Generates a stateless reset token using the given token storage.
+  // Generates a stateless reset token into the given external storage.
   // The StatelessResetToken wraps the token and does not take ownership.
-  // The token storage must be at least kStatelessTokenLen bytes in length.
-  // The length is not verified so care must be taken when using this
-  // constructor.
   StatelessResetToken(uint8_t* token,
                       const TokenSecret& secret,
                       const CID& cid);
 
+  // Generates a stateless reset token into the given external storage.
+  // The StatelessResetToken wraps the token and does not take ownership.
+  StatelessResetToken(ngtcp2_stateless_reset_token* token,
+                      const TokenSecret& secret,
+                      const CID& cid);
+
   // Wraps the given token. Does not take over ownership of the token storage.
-  // The token must be at least kStatelessTokenLen bytes in length.
-  // The length is not verified so care must be taken when using this
-  // constructor.
   explicit StatelessResetToken(const uint8_t* token);
 
+  // Wraps the given token. Does not take over ownership of the token storage.
+  explicit StatelessResetToken(const ngtcp2_stateless_reset_token* token);
+
   StatelessResetToken(const StatelessResetToken& other);
   DISALLOW_MOVE(StatelessResetToken)
 
   std::string ToString() const;
 
   operator const uint8_t*() const;
+  operator const ngtcp2_stateless_reset_token*() const;
   operator bool() const;
 
   bool operator==(const StatelessResetToken& other) const;
@@ -124,8 +130,7 @@ class StatelessResetToken final : public MemoryRetainer {
  private:
   operator const char*() const;
 
-  const uint8_t* ptr_;
-  uint8_t buf_[NGTCP2_STATELESS_RESET_TOKENLEN];
+  const ngtcp2_stateless_reset_token* ptr_;
 };
 
 // A RETRY packet communicates a retry token to the client. Retry tokens are
