Allow to specific dcid when creating a client side connection

Motivation:

Sometimes the user want to have control over generating the dcid when creating a new client side connection. This was not possible before.

Modification:

- Only use dcid for local transport params when the connection is for server side
- Use provided odcid as dcid on the client side when given and if not just randomly generate one

Result:

More flexible usage possible

Author: normanmaurer

quiche/include/quiche.h

@@ -317,7 +317,7 @@ ssize_t quiche_retry(const uint8_t *scid, size_t scid_len,
 bool quiche_version_is_supported(uint32_t version);
 
 quiche_conn *quiche_conn_new_with_tls(const uint8_t *scid, size_t scid_len,
-                                      const uint8_t *odcid, size_t odcid_len,
+                                      const uint8_t *dcid, size_t dcid_len,
                                       const struct sockaddr *local, socklen_t local_len,
                                       const struct sockaddr *peer, socklen_t peer_len,
                                       const quiche_config *config, void *ssl,

quiche/src/ffi.rs

@@ -606,16 +606,16 @@ pub extern "C" fn quiche_retry(
 
 #[no_mangle]
 pub extern "C" fn quiche_conn_new_with_tls(
-    scid: *const u8, scid_len: size_t, odcid: *const u8, odcid_len: size_t,
+    scid: *const u8, scid_len: size_t, dcid: *const u8, dcid_len: size_t,
     local: &sockaddr, local_len: socklen_t, peer: &sockaddr, peer_len: socklen_t,
     config: &Config, ssl: *mut c_void, is_server: bool,
 ) -> *mut Connection {
     let scid = unsafe { slice::from_raw_parts(scid, scid_len) };
     let scid = ConnectionId::from_ref(scid);
 
-    let odcid = if !odcid.is_null() && odcid_len > 0 {
+    let dcid = if !dcid.is_null() && dcid_len > 0 {
         Some(ConnectionId::from_ref(unsafe {
-            slice::from_raw_parts(odcid, odcid_len)
+            slice::from_raw_parts(dcid, dcid_len)
         }))
     } else {
         None
@@ -628,7 +628,7 @@ pub extern "C" fn quiche_conn_new_with_tls(
 
     match Connection::with_tls(
         &scid,
-        odcid.as_ref(),
+        dcid.as_ref(),
         local,
         peer,
         config,

quiche/src/lib.rs

@@ -1771,6 +1771,25 @@ pub fn connect(
     Ok(conn)
 }
 
+/// Creates a new client-side connection using the given dcid initially.
+///
+/// The `scid` parameter is used as the connection's source connection ID,
+/// while the optional `server_name` parameter is used to verify the peer's
+/// certificate.
+#[inline]
+pub fn connect_with_dcid(
+    server_name: Option<&str>, scid: &ConnectionId, dcid: &ConnectionId,
+    local: SocketAddr, peer: SocketAddr, config: &mut Config,
+) -> Result<Connection> {
+    let mut conn = Connection::new(scid, Some(dcid), local, peer, config, false)?;
+
+    if let Some(server_name) = server_name {
+        conn.handshake.set_host_name(server_name)?;
+    }
+
+    Ok(conn)
+}
+
 /// Creates a new client-side connection, with a custom buffer generation
 /// method.
 ///
@@ -1790,6 +1809,25 @@ pub fn connect_with_buffer_factory<F: BufFactory>(
     Ok(conn)
 }
 
+/// Creates a new client-side connection, with a custom buffer generation
+/// method using the given dcid initially.
+///
+/// The buffers generated can be anything that can be drereferenced as a byte
+/// slice. See [`connect`] and [`BufFactory`] for more info.
+#[inline]
+pub fn connect_with_dcid_and_buffer_factory<F: BufFactory>(
+    server_name: Option<&str>, scid: &ConnectionId, dcid: &ConnectionId,
+    local: SocketAddr, peer: SocketAddr, config: &mut Config,
+) -> Result<Connection<F>> {
+    let mut conn = Connection::new(scid, Some(dcid), local, peer, config, false)?;
+
+    if let Some(server_name) = server_name {
+        conn.handshake.set_host_name(server_name)?;
+    }
+
+    Ok(conn)
+}
+
 /// Writes a version negotiation packet.
 ///
 /// The `scid` and `dcid` parameters are the source connection ID and the
@@ -1974,15 +2012,15 @@ impl Default for QlogInfo {
 
 impl<F: BufFactory> Connection<F> {
     fn new(
-        scid: &ConnectionId, odcid: Option<&ConnectionId>, local: SocketAddr,
+        scid: &ConnectionId, dcid: Option<&ConnectionId>, local: SocketAddr,
         peer: SocketAddr, config: &mut Config, is_server: bool,
     ) -> Result<Connection<F>> {
         let tls = config.tls_ctx.new_handshake()?;
-        Connection::with_tls(scid, odcid, local, peer, config, tls, is_server)
+        Connection::with_tls(scid, dcid, local, peer, config, tls, is_server)
     }
 
     fn with_tls(
-        scid: &ConnectionId, odcid: Option<&ConnectionId>, local: SocketAddr,
+        scid: &ConnectionId, dcid: Option<&ConnectionId>, local: SocketAddr,
         peer: SocketAddr, config: &Config, tls: tls::Handshake, is_server: bool,
     ) -> Result<Connection<F>> {
         let max_rx_data = config.local_transport_params.initial_max_data;
@@ -2008,7 +2046,7 @@ impl<F: BufFactory> Connection<F> {
         );
 
         // If we did stateless retry assume the peer's address is verified.
-        path.verified_peer_address = odcid.is_some();
+        path.verified_peer_address = is_server && dcid.is_some();
         // Assume clients validate the server's address implicitly.
         path.peer_verified_local_address = is_server;
 
@@ -2185,14 +2223,19 @@ impl<F: BufFactory> Connection<F> {
             max_amplification_factor: config.max_amplification_factor,
         };
 
-        if let Some(odcid) = odcid {
-            conn.local_transport_params
-                .original_destination_connection_id = Some(odcid.to_vec().into());
+        // If this is a connection for a server we need to use the odcid to encode
+        // it to the local transport parameters.
+        if is_server {
+            if let Some(dcid) = dcid {
+                conn.local_transport_params
+                    .original_destination_connection_id =
+                    Some(dcid.to_vec().into());
 
-            conn.local_transport_params.retry_source_connection_id =
-                Some(conn.ids.get_scid(0)?.cid.to_vec().into());
+                conn.local_transport_params.retry_source_connection_id =
+                    Some(conn.ids.get_scid(0)?.cid.to_vec().into());
 
-            conn.did_retry = true;
+                conn.did_retry = true;
+            }
         }
 
         conn.local_transport_params.initial_source_connection_id =
@@ -2205,11 +2248,18 @@ impl<F: BufFactory> Connection<F> {
 
         conn.encode_transport_params()?;
 
-        // Derive initial secrets for the client. We can do this here because
-        // we already generated the random destination connection ID.
         if !is_server {
-            let mut dcid = [0; 16];
-            rand::rand_bytes(&mut dcid[..]);
+            let dcid = if let Some(dcid) = dcid {
+                // We already had an dcid generated for us, use it.
+                dcid.to_vec()
+            } else {
+                // Derive initial secrets for the client. We can do this here
+                // because we already generated the random
+                // destination connection ID.
+                let mut dcid = [0; 16];
+                rand::rand_bytes(&mut dcid[..]);
+                dcid.to_vec()
+            };
 
             let (aead_open, aead_seal) = crypto::derive_initial_key_material(
                 &dcid,