aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/plugins/quic/CMakeLists.txt4
-rw-r--r--src/plugins/quic/error.c6
-rw-r--r--src/plugins/quic/quic.c224
-rw-r--r--src/plugins/quic/quic.h32
-rw-r--r--src/plugins/quic/quic_crypto.c684
-rw-r--r--src/plugins/quic/quic_crypto.h17
-rw-r--r--src/plugins/tlspicotls/pico_vpp_crypto.c37
7 files changed, 388 insertions, 616 deletions
diff --git a/src/plugins/quic/CMakeLists.txt b/src/plugins/quic/CMakeLists.txt
index 859b6d98c4c..35d72c21685 100644
--- a/src/plugins/quic/CMakeLists.txt
+++ b/src/plugins/quic/CMakeLists.txt
@@ -1,5 +1,5 @@
-# Copyright (c) 2019 Cisco
+# Copyright (c) 2021 Cisco
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at:
@@ -13,7 +13,7 @@
# limitations under the License.
unset(QUIC_LINK_LIBRARIES)
-set(EXPECTED_QUICLY_VERSION "0.1.0-vpp")
+set(EXPECTED_QUICLY_VERSION "0.1.2-vpp")
find_path(QUICLY_INCLUDE_DIR NAMES quicly.h)
find_path(PICOTLS_INCLUDE_DIR NAMES picotls.h)
diff --git a/src/plugins/quic/error.c b/src/plugins/quic/error.c
index ed2ca111e83..3fc8584e4fd 100644
--- a/src/plugins/quic/error.c
+++ b/src/plugins/quic/error.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2019 Cisco and/or its affiliates.
+ * Copyright (c) 2021 Cisco and/or its affiliates.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at:
@@ -62,8 +62,8 @@ quic_format_err (u8 * s, va_list * args)
case QUICLY_TRANSPORT_ERROR_INTERNAL:
s = format (s, "QUICLY_TRANSPORT_ERROR_INTERNAL");
break;
- case QUICLY_TRANSPORT_ERROR_SERVER_BUSY:
- s = format (s, "QUICLY_TRANSPORT_ERROR_SERVER_BUSY");
+ case QUICLY_TRANSPORT_ERROR_CONNECTION_REFUSED:
+ s = format (s, "QUICLY_TRANSPORT_ERROR_CONNECTION_REFUSED");
break;
case QUICLY_TRANSPORT_ERROR_FLOW_CONTROL:
s = format (s, "QUICLY_TRANSPORT_ERROR_FLOW_CONTROL");
diff --git a/src/plugins/quic/quic.c b/src/plugins/quic/quic.c
index 7f879cc582e..b120a46f7e8 100644
--- a/src/plugins/quic/quic.c
+++ b/src/plugins/quic/quic.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2019 Cisco and/or its affiliates.
+ * Copyright (c) 2021 Cisco and/or its affiliates.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at:
@@ -51,7 +51,7 @@ static int quic_reset_connection (u64 udp_session_handle,
static void quic_proto_on_close (u32 ctx_index, u32 thread_index);
static quicly_stream_open_t on_stream_open;
-static quicly_closed_by_peer_t on_closed_by_peer;
+static quicly_closed_by_remote_t on_closed_by_remote;
static quicly_now_t quicly_vpp_now_cb;
/* Crypto contexts */
@@ -91,33 +91,6 @@ quic_crypto_context_free_if_needed (crypto_context_t * crctx, u8 thread_index)
pool_put (qm->wrk_ctx[thread_index].crypto_ctx_pool, crctx);
}
-static quicly_datagram_t *
-quic_alloc_packet (quicly_packet_allocator_t * self, size_t payloadsize)
-{
- quicly_datagram_t *packet;
- if ((packet =
- clib_mem_alloc (sizeof (*packet) + payloadsize +
- sizeof (quic_encrypt_cb_ctx))) == NULL)
- return NULL;
- packet->data.base =
- (uint8_t *) packet + sizeof (*packet) + sizeof (quic_encrypt_cb_ctx);
- quic_encrypt_cb_ctx *encrypt_cb_ctx =
- (quic_encrypt_cb_ctx *) ((uint8_t *) packet + sizeof (*packet));
-
- clib_memset (encrypt_cb_ctx, 0, sizeof (*encrypt_cb_ctx));
- return packet;
-}
-
-static void
-quic_free_packet (quicly_packet_allocator_t * self,
- quicly_datagram_t * packet)
-{
- clib_mem_free (packet);
-}
-
-quicly_packet_allocator_t quic_packet_allocator =
- { quic_alloc_packet, quic_free_packet };
-
static int
quic_app_cert_key_pair_delete_callback (app_cert_key_pair_t * ckpair)
{
@@ -213,6 +186,35 @@ quic_set_max_packets_per_key_fn (vlib_main_t * vm,
return 0;
}
+static clib_error_t *
+quic_set_cc_fn (vlib_main_t *vm, unformat_input_t *input,
+ vlib_cli_command_t *cmd)
+{
+ unformat_input_t _line_input, *line_input = &_line_input;
+ quic_main_t *qm = &quic_main;
+ clib_error_t *e = 0;
+
+ if (!unformat_user (input, unformat_line_input, line_input))
+ return 0;
+
+ while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
+ {
+ if (unformat (line_input, "reno"))
+ qm->default_quic_cc = QUIC_CC_RENO;
+ else if (unformat (line_input, "cubic"))
+ qm->default_quic_cc = QUIC_CC_CUBIC;
+ else
+ {
+ e = clib_error_return (0, "unknown input '%U'",
+ format_unformat_error, line_input);
+ goto done;
+ }
+ }
+done:
+ unformat_free (line_input);
+ return e;
+}
+
static void
quic_release_crypto_context (u32 crypto_context_index, u8 thread_index)
{
@@ -261,21 +263,29 @@ quic_init_crypto_context (crypto_context_t * crctx, quic_ctx_t * ctx)
ptls_ctx->encrypt_ticket = &qm->session_cache.super;
clib_memcpy (quicly_ctx, &quicly_spec_context, sizeof (quicly_context_t));
- quicly_ctx->max_packet_size = QUIC_MAX_PACKET_SIZE;
quicly_ctx->max_packets_per_key = qm->max_packets_per_key;
quicly_ctx->tls = ptls_ctx;
quicly_ctx->stream_open = &on_stream_open;
- quicly_ctx->closed_by_peer = &on_closed_by_peer;
+ quicly_ctx->closed_by_remote = &on_closed_by_remote;
quicly_ctx->now = &quicly_vpp_now_cb;
quicly_amend_ptls_context (quicly_ctx->tls);
- quicly_ctx->packet_allocator = &quic_packet_allocator;
- quicly_ctx->crypto_engine = &quic_crypto_engine;
+ if (qm->vnet_crypto_enabled &&
+ qm->default_crypto_engine == CRYPTO_ENGINE_VPP)
+ quicly_ctx->crypto_engine = &quic_crypto_engine;
+ else
+ quicly_ctx->crypto_engine = &quicly_default_crypto_engine;
+
quicly_ctx->transport_params.max_data = QUIC_INT_MAX;
quicly_ctx->transport_params.max_streams_uni = (uint64_t) 1 << 60;
quicly_ctx->transport_params.max_streams_bidi = (uint64_t) 1 << 60;
quicly_ctx->transport_params.max_idle_timeout = qm->connection_timeout;
+ if (qm->default_quic_cc == QUIC_CC_CUBIC)
+ quicly_ctx->init_cc = &quicly_cc_cubic_init;
+ else if (qm->default_quic_cc == QUIC_CC_RENO)
+ quicly_ctx->init_cc = &quicly_cc_reno_init;
+
app = application_get (ctx->parent_app_id);
quicly_ctx->transport_params.max_stream_data.bidi_local =
app->sm_properties.rx_fifo_size - 1;
@@ -283,6 +293,7 @@ quic_init_crypto_context (crypto_context_t * crctx, quic_ctx_t * ctx)
app->sm_properties.tx_fifo_size - 1;
quicly_ctx->transport_params.max_stream_data.uni = QUIC_INT_MAX;
+ quicly_ctx->transport_params.max_udp_payload_size = QUIC_MAX_PACKET_SIZE;
if (!app->quic_iv_set)
{
ptls_openssl_random_bytes (app->quic_iv, QUIC_IV_LEN - 1);
@@ -632,7 +643,8 @@ quic_connection_closed (quic_ctx_t * ctx)
}
static int
-quic_send_datagram (session_t * udp_session, quicly_datagram_t * packet)
+quic_send_datagram (session_t *udp_session, struct iovec *packet,
+ quicly_address_t *dest, quicly_address_t *src)
{
u32 max_enqueue;
session_dgram_hdr_t hdr;
@@ -640,7 +652,7 @@ quic_send_datagram (session_t * udp_session, quicly_datagram_t * packet)
svm_fifo_t *f;
transport_connection_t *tc;
- len = packet->data.len;
+ len = packet->iov_len;
f = udp_session->tx_fifo;
tc = session_get_transport (udp_session);
max_enqueue = svm_fifo_max_enqueue (f);
@@ -661,15 +673,15 @@ quic_send_datagram (session_t * udp_session, quicly_datagram_t * packet)
/* Read dest address from quicly-provided sockaddr */
if (hdr.is_ip4)
{
- QUIC_ASSERT (packet->dest.sa.sa_family == AF_INET);
- struct sockaddr_in *sa4 = (struct sockaddr_in *) &packet->dest.sa;
+ QUIC_ASSERT (dest->sa.sa_family == AF_INET);
+ struct sockaddr_in *sa4 = (struct sockaddr_in *) &dest->sa;
hdr.rmt_port = sa4->sin_port;
hdr.rmt_ip.ip4.as_u32 = sa4->sin_addr.s_addr;
}
else
{
- QUIC_ASSERT (packet->dest.sa.sa_family == AF_INET6);
- struct sockaddr_in6 *sa6 = (struct sockaddr_in6 *) &packet->dest.sa;
+ QUIC_ASSERT (dest->sa.sa_family == AF_INET6);
+ struct sockaddr_in6 *sa6 = (struct sockaddr_in6 *) &dest->sa;
hdr.rmt_port = sa6->sin6_port;
clib_memcpy (&hdr.rmt_ip.ip6, &sa6->sin6_addr, 16);
}
@@ -680,7 +692,7 @@ quic_send_datagram (session_t * udp_session, quicly_datagram_t * packet)
QUIC_ERR ("Not enough space to enqueue header");
return QUIC_ERROR_FULL_FIFO;
}
- ret = svm_fifo_enqueue (f, len, packet->data.base);
+ ret = svm_fifo_enqueue (f, len, packet->iov_base);
if (ret != len)
{
QUIC_ERR ("Not enough space to enqueue payload");
@@ -695,14 +707,18 @@ quic_send_datagram (session_t * udp_session, quicly_datagram_t * packet)
static int
quic_send_packets (quic_ctx_t * ctx)
{
- quic_main_t *qm = &quic_main;
- quicly_datagram_t *packets[QUIC_SEND_PACKET_VEC_SIZE];
+ struct iovec packets[QUIC_SEND_PACKET_VEC_SIZE];
+ uint8_t
+ buf[QUIC_SEND_PACKET_VEC_SIZE * quic_get_quicly_ctx_from_ctx (ctx)
+ ->transport_params.max_udp_payload_size];
session_t *udp_session;
quicly_conn_t *conn;
size_t num_packets, i, max_packets;
- quicly_packet_allocator_t *pa;
+ quicly_address_t dest, src;
+
+ num_packets = QUIC_SEND_PACKET_VEC_SIZE;
+
int err = 0;
- u32 thread_index = vlib_get_thread_index ();
/* We have sctx, get qctx */
if (quic_ctx_is_stream (ctx))
@@ -723,26 +739,23 @@ quic_send_packets (quic_ctx_t * ctx)
if (quic_sendable_packet_count (udp_session) < 2)
goto stop_sending;
- pa = quic_get_quicly_ctx_from_ctx (ctx)->packet_allocator;
do
{
max_packets = quic_sendable_packet_count (udp_session);
if (max_packets < 2)
break;
num_packets = max_packets;
- if ((err = quicly_send (conn, packets, &num_packets)))
+ if ((err = quicly_send (conn, &dest, &src, packets, &num_packets, buf,
+ sizeof (buf))))
goto quicly_error;
- quic_crypto_batch_tx_packets (&qm->wrk_ctx
- [thread_index].crypto_context_batch);
-
for (i = 0; i != num_packets; ++i)
{
- quic_crypto_finalize_send_packet (packets[i]);
- if ((err = quic_send_datagram (udp_session, packets[i])))
+
+ if ((err =
+ quic_send_datagram (udp_session, &packets[i], &dest, &src)))
goto quicly_error;
- pa->free_packet (pa, packets[i]);
}
}
while (num_packets > 0 && num_packets == max_packets);
@@ -1043,9 +1056,9 @@ quic_on_stream_open (quicly_stream_open_t * self, quicly_stream_t * stream)
}
static void
-quic_on_closed_by_peer (quicly_closed_by_peer_t * self, quicly_conn_t * conn,
- int code, uint64_t frame_type,
- const char *reason, size_t reason_len)
+quic_on_closed_by_remote (quicly_closed_by_remote_t *self, quicly_conn_t *conn,
+ int code, uint64_t frame_type, const char *reason,
+ size_t reason_len)
{
quic_ctx_t *ctx = quic_get_conn_ctx (conn);
#if QUIC_DEBUG >= 2
@@ -1760,7 +1773,7 @@ quic_udp_session_connected_callback (u32 quic_app_index, u32 ctx_index,
session_t * udp_session,
session_error_t err)
{
- QUIC_DBG (2, "QSession is now connected (id %u)",
+ QUIC_DBG (2, "UDP Session is now connected (id %u)",
udp_session->session_index);
/* This should always be called before quic_connect returns since UDP always
* connects instantly. */
@@ -1793,8 +1806,7 @@ quic_udp_session_connected_callback (u32 quic_app_index, u32 ctx_index,
ctx->c_thread_index = thread_index;
ctx->c_c_index = ctx_index;
- QUIC_DBG (2, "Quic connect returned %u. New ctx [%u]%x",
- is_fail, thread_index, (ctx) ? ctx_index : ~0);
+ QUIC_DBG (2, "New ctx [%u]%x", thread_index, (ctx) ? ctx_index : ~0);
ctx->udp_session_handle = session_handle (udp_session);
udp_session->opaque = ctx_index;
@@ -2131,19 +2143,31 @@ quic_reset_connection (u64 udp_session_handle, quic_rx_packet_ctx_t * pctx)
* CID, ... */
QUIC_DBG (2, "Sending stateless reset");
int rv;
- quicly_datagram_t *dgram;
session_t *udp_session;
quicly_context_t *quicly_ctx;
if (pctx->packet.cid.dest.plaintext.node_id != 0
|| pctx->packet.cid.dest.plaintext.thread_id != 0)
return 0;
quicly_ctx = quic_get_quicly_ctx_from_udp (udp_session_handle);
- dgram = quicly_send_stateless_reset (quicly_ctx, &pctx->sa, NULL,
- &pctx->packet.cid.dest.plaintext);
- if (dgram == NULL)
+ quic_ctx_t *qctx = quic_ctx_get (pctx->ctx_index, pctx->thread_index);
+
+ quicly_address_t src;
+ uint8_t payload[quicly_ctx->transport_params.max_udp_payload_size];
+ size_t payload_len =
+ quicly_send_stateless_reset (quicly_ctx, &src.sa, payload);
+ if (payload_len == 0)
return 1;
+
+ struct iovec packet;
+ packet.iov_len = payload_len;
+ packet.iov_base = payload;
+
+ struct _st_quicly_conn_public_t *conn =
+ (struct _st_quicly_conn_public_t *) qctx->conn;
+
udp_session = session_get_from_handle (udp_session_handle);
- rv = quic_send_datagram (udp_session, dgram);
+ rv = quic_send_datagram (udp_session, &packet, &conn->remote.address,
+ &conn->local.address);
quic_set_udp_tx_evt (udp_session);
return rv;
}
@@ -2185,8 +2209,10 @@ quic_process_one_rx_packet (u64 udp_session_handle, svm_fifo_t * f,
quic_build_sockaddr (&pctx->sa, &pctx->salen, &pctx->ph.rmt_ip,
pctx->ph.rmt_port, pctx->ph.is_ip4);
quicly_ctx = quic_get_quicly_ctx_from_udp (udp_session_handle);
- plen = quicly_decode_packet (quicly_ctx, &pctx->packet,
- pctx->data, pctx->ph.data_length);
+
+ size_t off = 0;
+ plen = quicly_decode_packet (quicly_ctx, &pctx->packet, pctx->data,
+ pctx->ph.data_length, &off);
if (plen == SIZE_MAX)
{
@@ -2197,7 +2223,9 @@ quic_process_one_rx_packet (u64 udp_session_handle, svm_fifo_t * f,
if (rv == QUIC_PACKET_TYPE_RECEIVE)
{
pctx->ptype = QUIC_PACKET_TYPE_RECEIVE;
- if (quic_main.vnet_crypto_enabled)
+
+ if (quic_main.vnet_crypto_enabled &&
+ quic_main.default_crypto_engine == CRYPTO_ENGINE_VPP)
{
quic_ctx_t *qctx = quic_ctx_get (pctx->ctx_index, thread_index);
quic_crypto_decrypt_packet (qctx, pctx);
@@ -2227,7 +2255,6 @@ static int
quic_udp_session_rx_callback (session_t * udp_session)
{
/* Read data from UDP rx_fifo and pass it to the quicly conn. */
- quic_main_t *qm = &quic_main;
quic_ctx_t *ctx = NULL, *prev_ctx = NULL;
svm_fifo_t *f = udp_session->rx_fifo;
u32 max_deq;
@@ -2236,7 +2263,7 @@ quic_udp_session_rx_callback (session_t * udp_session)
u32 thread_index = vlib_get_thread_index ();
u32 cur_deq, fifo_offset, max_packets, i;
- quic_rx_packet_ctx_t packets_ctx[QUIC_RCV_MAX_BATCH_PACKETS];
+ quic_rx_packet_ctx_t packets_ctx[QUIC_RCV_MAX_PACKETS];
if (udp_session->flags & SESSION_F_IS_MIGRATING)
{
@@ -2250,13 +2277,12 @@ rx_start:
return 0;
fifo_offset = 0;
- max_packets = QUIC_RCV_MAX_BATCH_PACKETS;
+ max_packets = QUIC_RCV_MAX_PACKETS;
#if CLIB_DEBUG > 0
clib_memset (packets_ctx, 0xfa,
- QUIC_RCV_MAX_BATCH_PACKETS * sizeof (quic_rx_packet_ctx_t));
+ QUIC_RCV_MAX_PACKETS * sizeof (quic_rx_packet_ctx_t));
#endif
-
for (i = 0; i < max_packets; i++)
{
packets_ctx[i].thread_index = UINT32_MAX;
@@ -2287,9 +2313,6 @@ rx_start:
}
}
- quic_crypto_batch_rx_packets (&qm->
- wrk_ctx[thread_index].crypto_context_batch);
-
for (i = 0; i < max_packets; i++)
{
switch (packets_ctx[i].ptype)
@@ -2424,7 +2447,9 @@ static const transport_proto_vft_t quic_proto = {
/* *INDENT-ON* */
static quicly_stream_open_t on_stream_open = { quic_on_stream_open };
-static quicly_closed_by_peer_t on_closed_by_peer = { quic_on_closed_by_peer };
+static quicly_closed_by_remote_t on_closed_by_remote = {
+ quic_on_closed_by_remote
+};
static quicly_now_t quicly_vpp_now_cb = { quic_get_time };
static void
@@ -2502,9 +2527,6 @@ quic_init (vlib_main_t * vm)
tw->last_run_time = vlib_time_now (vlib_get_main ());
clib_bihash_init_24_8 (&qm->wrk_ctx[i].crypto_context_hash,
"quic crypto contexts", 64, 128 << 10);
-
- qm->wrk_ctx[i].crypto_context_batch.nb_rx_packets = 0;
- qm->wrk_ctx[i].crypto_context_batch.nb_tx_packets = 0;
}
clib_bihash_init_16_8 (&qm->connection_hash, "quic connections", 1024,
@@ -2522,18 +2544,26 @@ quic_init (vlib_main_t * vm)
clib_bitmap_alloc (qm->available_crypto_engines,
app_crypto_engine_n_types ());
- quic_register_cipher_suite (CRYPTO_ENGINE_VPP, quic_crypto_cipher_suites);
quic_register_cipher_suite (CRYPTO_ENGINE_PICOTLS,
ptls_openssl_cipher_suites);
- qm->default_crypto_engine = CRYPTO_ENGINE_VPP;
- qm->max_packets_per_key = DEFAULT_MAX_PACKETS_PER_KEY;
- clib_rwlock_init (&qm->crypto_keys_quic_rw_lock);
+ qm->default_crypto_engine = CRYPTO_ENGINE_PICOTLS;
vnet_crypto_main_t *cm = &crypto_main;
if (vec_len (cm->engines) == 0)
qm->vnet_crypto_enabled = 0;
else
qm->vnet_crypto_enabled = 1;
+ if (qm->vnet_crypto_enabled == 1)
+ {
+ quic_register_cipher_suite (CRYPTO_ENGINE_VPP,
+ quic_crypto_cipher_suites);
+ qm->default_crypto_engine = CRYPTO_ENGINE_VPP;
+ }
+
+ qm->max_packets_per_key = DEFAULT_MAX_PACKETS_PER_KEY;
+ clib_rwlock_init (&qm->crypto_keys_quic_rw_lock);
+
+ qm->default_quic_cc = QUIC_CC_RENO;
vec_free (a->name);
return 0;
@@ -2757,6 +2787,26 @@ quic_format_connection_ctx (u8 * s, va_list * args)
quicly_stats.num_packets.received,
quicly_stats.num_packets.lost,
quicly_stats.num_packets.ack_received);
+ s =
+ format (s, "\ncwnd:%u ssthresh:%u recovery_end:%lu", quicly_stats.cc.cwnd,
+ quicly_stats.cc.ssthresh, quicly_stats.cc.recovery_end);
+
+ quicly_context_t *quicly_ctx = quic_get_quicly_ctx_from_ctx (ctx);
+ if (quicly_ctx->init_cc == &quicly_cc_cubic_init)
+ {
+ s = format (
+ s,
+ "\nk:%d w_max:%u w_last_max:%u avoidance_start:%ld last_sent_time:%ld",
+ quicly_stats.cc.state.cubic.k, quicly_stats.cc.state.cubic.w_max,
+ quicly_stats.cc.state.cubic.w_last_max,
+ quicly_stats.cc.state.cubic.avoidance_start,
+ quicly_stats.cc.state.cubic.last_sent_time);
+ }
+ else if (quicly_ctx->init_cc == &quicly_cc_reno_init)
+ {
+ s = format (s, " stash:%u", quicly_stats.cc.state.reno.stash);
+ }
+
return s;
}
@@ -2840,10 +2890,9 @@ done:
}
/* *INDENT-OFF* */
-VLIB_CLI_COMMAND (quic_plugin_crypto_command, static) =
-{
+VLIB_CLI_COMMAND (quic_plugin_crypto_command, static) = {
.path = "quic set crypto api",
- .short_help = "quic set crypto api [picotls, vpp]",
+ .short_help = "quic set crypto api [picotls|vpp]",
.function = quic_plugin_crypto_command_fn,
};
VLIB_CLI_COMMAND(quic_plugin_set_fifo_size_command, static)=
@@ -2870,6 +2919,11 @@ VLIB_CLI_COMMAND (quic_set_max_packets_per_key, static) =
.short_help = "set quic max_packets_per_key 16777216",
.function = quic_set_max_packets_per_key_fn,
};
+VLIB_CLI_COMMAND (quic_set_cc, static) = {
+ .path = "set quic cc",
+ .short_help = "set quic cc [reno|cubic]",
+ .function = quic_set_cc_fn,
+};
VLIB_PLUGIN_REGISTER () =
{
.version = VPP_BUILD_VER,
diff --git a/src/plugins/quic/quic.h b/src/plugins/quic/quic.h
index a576650a0c6..901bdbc39b2 100644
--- a/src/plugins/quic/quic.h
+++ b/src/plugins/quic/quic.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2019 Cisco and/or its affiliates.
+ * Copyright (c) 2021 Cisco and/or its affiliates.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at:
@@ -47,8 +47,7 @@
#define QUIC_MAX_COALESCED_PACKET 4
-#define QUIC_SEND_MAX_BATCH_PACKETS 16
-#define QUIC_RCV_MAX_BATCH_PACKETS 16
+#define QUIC_RCV_MAX_PACKETS 16
#define QUIC_DEFAULT_CONN_TIMEOUT (30 * 1000) /* 30 seconds */
@@ -134,6 +133,12 @@ typedef enum quic_ctx_flags_
QUIC_F_IS_LISTENER = (1 << 1),
} quic_ctx_flags_t;
+typedef enum quic_cc_type
+{
+ QUIC_CC_RENO,
+ QUIC_CC_CUBIC,
+} quic_cc_type_t;
+
/* This structure is used to implement the concept of VPP connection for QUIC.
* We create one per connection and one per stream. */
typedef struct quic_ctx_
@@ -210,25 +215,6 @@ typedef struct quic_crypto_context_data_
ptls_context_t ptls_ctx;
} quic_crypto_context_data_t;
-typedef struct quic_encrypt_cb_ctx_
-{
- quicly_datagram_t *packet;
- struct quic_finalize_send_packet_cb_ctx_
- {
- size_t payload_from;
- size_t first_byte_at;
- ptls_cipher_context_t *hp;
- } snd_ctx[QUIC_MAX_COALESCED_PACKET];
- size_t snd_ctx_count;
-} quic_encrypt_cb_ctx;
-
-typedef struct quic_crypto_batch_ctx_
-{
- vnet_crypto_op_t aead_crypto_tx_packets_ops[QUIC_SEND_MAX_BATCH_PACKETS],
- aead_crypto_rx_packets_ops[QUIC_RCV_MAX_BATCH_PACKETS];
- size_t nb_tx_packets, nb_rx_packets;
-} quic_crypto_batch_ctx_t;
-
typedef struct quic_worker_ctx_
{
CLIB_CACHE_LINE_ALIGN_MARK (cacheline0);
@@ -237,7 +223,6 @@ typedef struct quic_worker_ctx_
quicly_cid_plaintext_t next_cid;
crypto_context_t *crypto_ctx_pool; /**< per thread pool of crypto contexes */
clib_bihash_24_8_t crypto_context_hash; /**< per thread [params:crypto_ctx_index] hash */
- quic_crypto_batch_ctx_t crypto_context_batch;
} quic_worker_ctx_t;
typedef struct quic_rx_packet_ctx_
@@ -268,6 +253,7 @@ typedef struct quic_main_
uword *available_crypto_engines; /**< Bitmap for registered engines */
u8 default_crypto_engine; /**< Used if you do connect with CRYPTO_ENGINE_NONE (0) */
u64 max_packets_per_key; /**< number of packets that can be sent without a key update */
+ u8 default_quic_cc;
ptls_handshake_properties_t hs_properties;
quic_session_cache_t session_cache;
diff --git a/src/plugins/quic/quic_crypto.c b/src/plugins/quic/quic_crypto.c
index 35dddf63c71..5e90563885e 100644
--- a/src/plugins/quic/quic_crypto.c
+++ b/src/plugins/quic/quic_crypto.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2019 Cisco and/or its affiliates.
+ * Copyright (c) 2021 Cisco and/or its affiliates.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at:
@@ -12,8 +12,6 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-#include <vnet/crypto/crypto.h>
-#include <vppinfra/lock.h>
#include <quic/quic.h>
#include <quic/quic_crypto.h>
@@ -25,14 +23,13 @@
extern quic_main_t quic_main;
extern quic_ctx_t *quic_get_conn_ctx (quicly_conn_t * conn);
-
-typedef void (*quicly_do_transform_fn) (ptls_cipher_context_t *, void *,
- const void *, size_t);
+vnet_crypto_main_t *cm = &crypto_main;
struct cipher_context_t
{
ptls_cipher_context_t super;
vnet_crypto_op_t op;
+ vnet_crypto_op_id_t id;
u32 key_index;
};
@@ -41,139 +38,35 @@ struct aead_crypto_context_t
ptls_aead_context_t super;
vnet_crypto_op_t op;
u32 key_index;
+ vnet_crypto_op_id_t id;
+ uint8_t iv[PTLS_MAX_IV_SIZE];
+ uint8_t static_iv[PTLS_MAX_IV_SIZE];
};
-static size_t
-quic_crypto_offload_aead_decrypt (quic_ctx_t * qctx,
- ptls_aead_context_t * _ctx, void *_output,
- const void *input, size_t inlen,
- uint64_t decrypted_pn, const void *aad,
- size_t aadlen);
-
-vnet_crypto_main_t *cm = &crypto_main;
-
-void
-quic_crypto_batch_tx_packets (quic_crypto_batch_ctx_t * batch_ctx)
-{
- vlib_main_t *vm = vlib_get_main ();
-
- if (batch_ctx->nb_tx_packets <= 0)
- return;
-
- clib_rwlock_reader_lock (&quic_main.crypto_keys_quic_rw_lock);
- vnet_crypto_process_ops (vm, batch_ctx->aead_crypto_tx_packets_ops,
- batch_ctx->nb_tx_packets);
- clib_rwlock_reader_unlock (&quic_main.crypto_keys_quic_rw_lock);
-
- for (int i = 0; i < batch_ctx->nb_tx_packets; i++)
- clib_mem_free (batch_ctx->aead_crypto_tx_packets_ops[i].iv);
-
- batch_ctx->nb_tx_packets = 0;
-}
-
-void
-quic_crypto_batch_rx_packets (quic_crypto_batch_ctx_t * batch_ctx)
-{
- vlib_main_t *vm = vlib_get_main ();
-
- if (batch_ctx->nb_rx_packets <= 0)
- return;
-
- clib_rwlock_reader_lock (&quic_main.crypto_keys_quic_rw_lock);
- vnet_crypto_process_ops (vm, batch_ctx->aead_crypto_rx_packets_ops,
- batch_ctx->nb_rx_packets);
- clib_rwlock_reader_unlock (&quic_main.crypto_keys_quic_rw_lock);
-
- for (int i = 0; i < batch_ctx->nb_rx_packets; i++)
- clib_mem_free (batch_ctx->aead_crypto_rx_packets_ops[i].iv);
-
- batch_ctx->nb_rx_packets = 0;
-}
-
-void
-build_iv (ptls_aead_context_t * ctx, uint8_t * iv, uint64_t seq)
-{
- size_t iv_size = ctx->algo->iv_size, i;
- const uint8_t *s = ctx->static_iv;
- uint8_t *d = iv;
- /* build iv */
- for (i = iv_size - 8; i != 0; --i)
- *d++ = *s++;
- i = 64;
- do
- {
- i -= 8;
- *d++ = *s++ ^ (uint8_t) (seq >> i);
- }
- while (i != 0);
-}
-
-static void
-do_finalize_send_packet (ptls_cipher_context_t * hp,
- quicly_datagram_t * packet,
- size_t first_byte_at, size_t payload_from)
-{
- uint8_t hpmask[1 + QUICLY_SEND_PN_SIZE] = {
- 0
- };
- size_t i;
-
- ptls_cipher_init (hp,
- packet->data.base + payload_from - QUICLY_SEND_PN_SIZE +
- QUICLY_MAX_PN_SIZE);
- ptls_cipher_encrypt (hp, hpmask, hpmask, sizeof (hpmask));
-
- packet->data.base[first_byte_at] ^=
- hpmask[0] &
- (QUICLY_PACKET_IS_LONG_HEADER (packet->data.base[first_byte_at]) ? 0xf :
- 0x1f);
-
- for (i = 0; i != QUICLY_SEND_PN_SIZE; ++i)
- packet->data.base[payload_from + i - QUICLY_SEND_PN_SIZE] ^=
- hpmask[i + 1];
-}
-
-void
-quic_crypto_finalize_send_packet (quicly_datagram_t * packet)
-{
- quic_encrypt_cb_ctx *encrypt_cb_ctx =
- (quic_encrypt_cb_ctx *) ((uint8_t *) packet + sizeof (*packet));
-
- for (int i = 0; i < encrypt_cb_ctx->snd_ctx_count; i++)
- {
- do_finalize_send_packet (encrypt_cb_ctx->snd_ctx[i].hp,
- packet,
- encrypt_cb_ctx->snd_ctx[i].first_byte_at,
- encrypt_cb_ctx->snd_ctx[i].payload_from);
- }
- encrypt_cb_ctx->snd_ctx_count = 0;
-}
-
static int
-quic_crypto_setup_cipher (quicly_crypto_engine_t * engine,
- quicly_conn_t * conn, size_t epoch, int is_enc,
- ptls_cipher_context_t ** hp_ctx,
- ptls_aead_context_t ** aead_ctx,
- ptls_aead_algorithm_t * aead,
- ptls_hash_algorithm_t * hash, const void *secret)
+quic_crypto_setup_cipher (quicly_crypto_engine_t *engine, quicly_conn_t *conn,
+ size_t epoch, int is_enc,
+ ptls_cipher_context_t **header_protect_ctx,
+ ptls_aead_context_t **packet_protect_ctx,
+ ptls_aead_algorithm_t *aead,
+ ptls_hash_algorithm_t *hash, const void *secret)
{
uint8_t hpkey[PTLS_MAX_SECRET_SIZE];
int ret;
- *aead_ctx = NULL;
+ *packet_protect_ctx = NULL;
+
/* generate new header protection key */
- if (hp_ctx != NULL)
+ if (header_protect_ctx != NULL)
{
- *hp_ctx = NULL;
- ret = ptls_hkdf_expand_label (hash, hpkey, aead->ctr_cipher->key_size,
- ptls_iovec_init (secret,
- hash->digest_size),
- "quic hp", ptls_iovec_init (NULL, 0),
- NULL);
- if (ret)
+ *header_protect_ctx = NULL;
+ if ((ret = ptls_hkdf_expand_label (
+ hash, hpkey, aead->ctr_cipher->key_size,
+ ptls_iovec_init (secret, hash->digest_size), "quic hp",
+ ptls_iovec_init (NULL, 0), NULL)) != 0)
goto Exit;
- *hp_ctx = ptls_cipher_new (aead->ctr_cipher, is_enc, hpkey);
- if (NULL == *hp_ctx)
+ if ((*header_protect_ctx =
+ ptls_cipher_new (aead->ctr_cipher, is_enc, hpkey)) == NULL)
{
ret = PTLS_ERROR_NO_MEMORY;
goto Exit;
@@ -181,9 +74,8 @@ quic_crypto_setup_cipher (quicly_crypto_engine_t * engine,
}
/* generate new AEAD context */
- *aead_ctx = ptls_aead_new (aead, hash, is_enc, secret,
- QUICLY_AEAD_BASE_LABEL);
- if (NULL == *aead_ctx)
+ if ((*packet_protect_ctx = ptls_aead_new (aead, hash, is_enc, secret,
+ QUICLY_AEAD_BASE_LABEL)) == NULL)
{
ret = PTLS_ERROR_NO_MEMORY;
goto Exit;
@@ -195,9 +87,9 @@ quic_crypto_setup_cipher (quicly_crypto_engine_t * engine,
if (qctx->ingress_keys.aead_ctx != NULL)
qctx->key_phase_ingress++;
- qctx->ingress_keys.aead_ctx = *aead_ctx;
- if (hp_ctx != NULL)
- qctx->ingress_keys.hp_ctx = *hp_ctx;
+ qctx->ingress_keys.aead_ctx = *packet_protect_ctx;
+ if (header_protect_ctx != NULL)
+ qctx->ingress_keys.hp_ctx = *header_protect_ctx;
}
ret = 0;
@@ -205,39 +97,47 @@ quic_crypto_setup_cipher (quicly_crypto_engine_t * engine,
Exit:
if (ret)
{
- if (*aead_ctx != NULL)
+ if (packet_protect_ctx && *packet_protect_ctx != NULL)
{
- ptls_aead_free (*aead_ctx);
- *aead_ctx = NULL;
+ ptls_aead_free (*packet_protect_ctx);
+ *packet_protect_ctx = NULL;
}
- if (hp_ctx && *hp_ctx != NULL)
+ if (header_protect_ctx && *header_protect_ctx != NULL)
{
- ptls_cipher_free (*hp_ctx);
- *hp_ctx = NULL;
+ ptls_cipher_free (*header_protect_ctx);
+ *header_protect_ctx = NULL;
}
}
ptls_clear_memory (hpkey, sizeof (hpkey));
return ret;
}
-void
-quic_crypto_finalize_send_packet_cb (struct st_quicly_crypto_engine_t
- *engine, quicly_conn_t * conn,
- ptls_cipher_context_t * hp,
- ptls_aead_context_t * aead,
- quicly_datagram_t * packet,
- size_t first_byte_at,
- size_t payload_from, int coalesced)
+static size_t
+quic_crypto_aead_decrypt (quic_ctx_t *qctx, ptls_aead_context_t *_ctx,
+ void *_output, const void *input, size_t inlen,
+ uint64_t decrypted_pn, const void *aad,
+ size_t aadlen)
{
- quic_encrypt_cb_ctx *encrypt_cb_ctx =
- (quic_encrypt_cb_ctx *) ((uint8_t *) packet + sizeof (*packet));
-
- encrypt_cb_ctx->snd_ctx[encrypt_cb_ctx->snd_ctx_count].hp = hp;
- encrypt_cb_ctx->snd_ctx[encrypt_cb_ctx->snd_ctx_count].first_byte_at =
- first_byte_at;
- encrypt_cb_ctx->snd_ctx[encrypt_cb_ctx->snd_ctx_count].payload_from =
- payload_from;
- encrypt_cb_ctx->snd_ctx_count++;
+ vlib_main_t *vm = vlib_get_main ();
+
+ struct aead_crypto_context_t *ctx = (struct aead_crypto_context_t *) _ctx;
+
+ vnet_crypto_op_init (&ctx->op, ctx->id);
+ ctx->op.aad = (u8 *) aad;
+ ctx->op.aad_len = aadlen;
+ ctx->op.iv = ctx->iv;
+ ptls_aead__build_iv (ctx->super.algo, ctx->op.iv, ctx->static_iv,
+ decrypted_pn);
+ ctx->op.src = (u8 *) input;
+ ctx->op.dst = _output;
+ ctx->op.key_index = ctx->key_index;
+ ctx->op.len = inlen - ctx->super.algo->tag_size;
+ ctx->op.tag_len = ctx->super.algo->tag_size;
+ ctx->op.tag = ctx->op.src + ctx->op.len;
+
+ vnet_crypto_process_ops (vm, &(ctx->op), 1);
+
+ return ctx->op.len;
}
void
@@ -310,13 +210,11 @@ quic_crypto_decrypt_packet (quic_ctx_t * qctx, quic_rx_packet_ctx_t * pctx)
return;
}
- if ((ptlen =
- quic_crypto_offload_aead_decrypt (qctx, aead,
- pctx->packet.octets.base + aead_off,
- pctx->packet.octets.base + aead_off,
- pctx->packet.octets.len - aead_off,
- pn, pctx->packet.octets.base,
- aead_off)) == SIZE_MAX)
+ if ((ptlen = quic_crypto_aead_decrypt (
+ qctx, aead, pctx->packet.octets.base + aead_off,
+ pctx->packet.octets.base + aead_off,
+ pctx->packet.octets.len - aead_off, pn, pctx->packet.octets.base,
+ aead_off)) == SIZE_MAX)
{
fprintf (stderr,
"%s: aead decryption failure (pn: %d)\n", __FUNCTION__, pn);
@@ -330,71 +228,92 @@ quic_crypto_decrypt_packet (quic_ctx_t * qctx, quic_rx_packet_ctx_t * pctx)
pctx->packet.decrypted.key_phase = qctx->key_phase_ingress;
}
-#ifdef QUIC_HP_CRYPTO
-static void
-quic_crypto_cipher_do_init (ptls_cipher_context_t * _ctx, const void *iv)
-{
- struct cipher_context_t *ctx = (struct cipher_context_t *) _ctx;
- vnet_crypto_op_id_t id;
- if (!strcmp (ctx->super.algo->name, "AES128-CTR"))
- {
- id = VNET_CRYPTO_OP_AES_128_CTR_ENC;
- }
- else if (!strcmp (ctx->super.algo->name, "AES256-CTR"))
- {
- id = VNET_CRYPTO_OP_AES_256_CTR_ENC;
- }
- else
- {
- QUIC_DBG (1, "%s, Invalid crypto cipher : ", __FUNCTION__,
- _ctx->algo->name);
- assert (0);
- }
- vnet_crypto_op_init (&ctx->op, id);
- ctx->op.iv = (u8 *) iv;
- ctx->op.key_index = ctx->key_index;
-}
-
-static void
-quic_crypto_cipher_dispose (ptls_cipher_context_t * _ctx)
-{
- /* Do nothing */
-}
-
-static void
-quic_crypto_cipher_encrypt (ptls_cipher_context_t * _ctx, void *output,
- const void *input, size_t _len)
+void
+quic_crypto_encrypt_packet (struct st_quicly_crypto_engine_t *engine,
+ quicly_conn_t *conn,
+ ptls_cipher_context_t *header_protect_ctx,
+ ptls_aead_context_t *packet_protect_ctx,
+ ptls_iovec_t datagram, size_t first_byte_at,
+ size_t payload_from, uint64_t packet_number,
+ int coalesced)
{
vlib_main_t *vm = vlib_get_main ();
- struct cipher_context_t *ctx = (struct cipher_context_t *) _ctx;
- ctx->op.src = (u8 *) input;
- ctx->op.dst = output;
- ctx->op.len = _len;
+ struct cipher_context_t *hp_ctx =
+ (struct cipher_context_t *) header_protect_ctx;
+ struct aead_crypto_context_t *aead_ctx =
+ (struct aead_crypto_context_t *) packet_protect_ctx;
+
+ void *input = datagram.base + payload_from;
+ void *output = input;
+ size_t inlen =
+ datagram.len - payload_from - packet_protect_ctx->algo->tag_size;
+ const void *aad = datagram.base + first_byte_at;
+ size_t aadlen = payload_from - first_byte_at;
+
+ /* Build AEAD encrypt crypto operation */
+ vnet_crypto_op_init (&aead_ctx->op, aead_ctx->id);
+ aead_ctx->op.aad = (u8 *) aad;
+ aead_ctx->op.aad_len = aadlen;
+ aead_ctx->op.iv = aead_ctx->iv;
+ ptls_aead__build_iv (aead_ctx->super.algo, aead_ctx->op.iv,
+ aead_ctx->static_iv, packet_number);
+ aead_ctx->op.key_index = aead_ctx->key_index;
+ aead_ctx->op.src = (u8 *) input;
+ aead_ctx->op.dst = output;
+ aead_ctx->op.len = inlen;
+ aead_ctx->op.tag_len = aead_ctx->super.algo->tag_size;
+ aead_ctx->op.tag = aead_ctx->op.src + inlen;
+ vnet_crypto_process_ops (vm, &(aead_ctx->op), 1);
+ assert (aead_ctx->op.status == VNET_CRYPTO_OP_STATUS_COMPLETED);
+
+ /* Build Header protection crypto operation */
+ ptls_aead_supplementary_encryption_t supp = {
+ .ctx = header_protect_ctx,
+ .input =
+ datagram.base + payload_from - QUICLY_SEND_PN_SIZE + QUICLY_MAX_PN_SIZE
+ };
- vnet_crypto_process_ops (vm, &ctx->op, 1);
+ /* Build Header protection crypto operation */
+ vnet_crypto_op_init (&hp_ctx->op, hp_ctx->id);
+ memset (supp.output, 0, sizeof (supp.output));
+ hp_ctx->op.iv = (u8 *) supp.input;
+ hp_ctx->op.key_index = hp_ctx->key_index;
+ hp_ctx->op.src = (u8 *) supp.output;
+ hp_ctx->op.dst = (u8 *) supp.output;
+ hp_ctx->op.len = sizeof (supp.output);
+ vnet_crypto_process_ops (vm, &(hp_ctx->op), 1);
+ assert (hp_ctx->op.status == VNET_CRYPTO_OP_STATUS_COMPLETED);
+
+ datagram.base[first_byte_at] ^=
+ supp.output[0] &
+ (QUICLY_PACKET_IS_LONG_HEADER (datagram.base[first_byte_at]) ? 0xf : 0x1f);
+ for (size_t i = 0; i != QUICLY_SEND_PN_SIZE; ++i)
+ datagram.base[payload_from + i - QUICLY_SEND_PN_SIZE] ^=
+ supp.output[i + 1];
}
static int
-quic_crypto_cipher_setup_crypto (ptls_cipher_context_t * _ctx, int is_enc,
- const void *key, const EVP_CIPHER * cipher,
- quicly_do_transform_fn do_transform)
+quic_crypto_cipher_setup_crypto (ptls_cipher_context_t *_ctx, int is_enc,
+ const void *key, const EVP_CIPHER *cipher)
{
struct cipher_context_t *ctx = (struct cipher_context_t *) _ctx;
- ctx->super.do_dispose = quic_crypto_cipher_dispose;
- ctx->super.do_init = quic_crypto_cipher_do_init;
- ctx->super.do_transform = do_transform;
-
vlib_main_t *vm = vlib_get_main ();
vnet_crypto_alg_t algo;
if (!strcmp (ctx->super.algo->name, "AES128-CTR"))
{
algo = VNET_CRYPTO_ALG_AES_128_CTR;
+ ctx->id = is_enc ? VNET_CRYPTO_OP_AES_128_CTR_ENC :
+ VNET_CRYPTO_OP_AES_128_CTR_DEC;
+ ptls_openssl_aes128ctr.setup_crypto (_ctx, is_enc, key);
}
else if (!strcmp (ctx->super.algo->name, "AES256-CTR"))
{
algo = VNET_CRYPTO_ALG_AES_256_CTR;
+ ctx->id = is_enc ? VNET_CRYPTO_OP_AES_256_CTR_ENC :
+ VNET_CRYPTO_OP_AES_256_CTR_DEC;
+ ptls_openssl_aes256ctr.setup_crypto (_ctx, is_enc, key);
}
else
{
@@ -403,8 +322,13 @@ quic_crypto_cipher_setup_crypto (ptls_cipher_context_t * _ctx, int is_enc,
assert (0);
}
- ctx->key_index = vnet_crypto_key_add (vm, algo,
- (u8 *) key, _ctx->algo->key_size);
+ if (quic_main.vnet_crypto_enabled)
+ {
+ clib_rwlock_writer_lock (&quic_main.crypto_keys_quic_rw_lock);
+ ctx->key_index =
+ vnet_crypto_key_add (vm, algo, (u8 *) key, _ctx->algo->key_size);
+ clib_rwlock_writer_unlock (&quic_main.crypto_keys_quic_rw_lock);
+ }
return 0;
}
@@ -413,193 +337,20 @@ static int
quic_crypto_aes128ctr_setup_crypto (ptls_cipher_context_t * ctx, int is_enc,
const void *key)
{
- return quic_crypto_cipher_setup_crypto (ctx, 1, key, EVP_aes_128_ctr (),
- quic_crypto_cipher_encrypt);
+ return quic_crypto_cipher_setup_crypto (ctx, 1, key, EVP_aes_128_ctr ());
}
static int
quic_crypto_aes256ctr_setup_crypto (ptls_cipher_context_t * ctx, int is_enc,
const void *key)
{
- return quic_crypto_cipher_setup_crypto (ctx, 1, key, EVP_aes_256_ctr (),
- quic_crypto_cipher_encrypt);
-}
-
-#endif // QUIC_HP_CRYPTO
-
-void
-quic_crypto_aead_encrypt_init (ptls_aead_context_t * _ctx, const void *iv,
- const void *aad, size_t aadlen)
-{
- quic_main_t *qm = &quic_main;
- u32 thread_index = vlib_get_thread_index ();
-
- struct aead_crypto_context_t *ctx = (struct aead_crypto_context_t *) _ctx;
-
- vnet_crypto_op_id_t id;
- if (!strcmp (ctx->super.algo->name, "AES128-GCM"))
- {
- id = VNET_CRYPTO_OP_AES_128_GCM_ENC;
- }
- else if (!strcmp (ctx->super.algo->name, "AES256-GCM"))
- {
- id = VNET_CRYPTO_OP_AES_256_GCM_ENC;
- }
- else
- {
- assert (0);
- }
-
- quic_crypto_batch_ctx_t *quic_crypto_batch_ctx =
- &qm->wrk_ctx[thread_index].crypto_context_batch;
-
- vnet_crypto_op_t *vnet_op =
- &quic_crypto_batch_ctx->aead_crypto_tx_packets_ops
- [quic_crypto_batch_ctx->nb_tx_packets];
- vnet_crypto_op_init (vnet_op, id);
- vnet_op->aad = (u8 *) aad;
- vnet_op->aad_len = aadlen;
- vnet_op->iv = clib_mem_alloc (PTLS_MAX_IV_SIZE);
- clib_memcpy (vnet_op->iv, iv, PTLS_MAX_IV_SIZE);
- vnet_op->key_index = ctx->key_index;
-}
-
-size_t
-quic_crypto_aead_encrypt_update (ptls_aead_context_t * _ctx, void *output,
- const void *input, size_t inlen)
-{
- struct aead_crypto_context_t *ctx = (struct aead_crypto_context_t *) _ctx;
-
- quic_main_t *qm = &quic_main;
- u32 thread_index = vlib_get_thread_index ();
- quic_crypto_batch_ctx_t *quic_crypto_batch_ctx =
- &qm->wrk_ctx[thread_index].crypto_context_batch;
-
- vnet_crypto_op_t *vnet_op =
- &quic_crypto_batch_ctx->aead_crypto_tx_packets_ops
- [quic_crypto_batch_ctx->nb_tx_packets];
- vnet_op->src = (u8 *) input;
- vnet_op->dst = output;
- vnet_op->len = inlen;
- vnet_op->tag_len = ctx->super.algo->tag_size;
-
- vnet_op->tag = vnet_op->src + inlen;
-
- return 0;
-}
-
-size_t
-quic_crypto_aead_encrypt_final (ptls_aead_context_t * _ctx, void *output)
-{
- quic_main_t *qm = &quic_main;
- u32 thread_index = vlib_get_thread_index ();
- quic_crypto_batch_ctx_t *quic_crypto_batch_ctx =
- &qm->wrk_ctx[thread_index].crypto_context_batch;
-
- vnet_crypto_op_t *vnet_op =
- &quic_crypto_batch_ctx->
- aead_crypto_tx_packets_ops[quic_crypto_batch_ctx->nb_tx_packets];
- quic_crypto_batch_ctx->nb_tx_packets++;
- return vnet_op->len + vnet_op->tag_len;
-}
-
-size_t
-quic_crypto_aead_decrypt (ptls_aead_context_t * _ctx, void *_output,
- const void *input, size_t inlen, const void *iv,
- const void *aad, size_t aadlen)
-{
- vlib_main_t *vm = vlib_get_main ();
- struct aead_crypto_context_t *ctx = (struct aead_crypto_context_t *) _ctx;
-
- vnet_crypto_op_id_t id;
- if (!strcmp (ctx->super.algo->name, "AES128-GCM"))
- {
- id = VNET_CRYPTO_OP_AES_128_GCM_DEC;
- }
- else if (!strcmp (ctx->super.algo->name, "AES256-GCM"))
- {
- id = VNET_CRYPTO_OP_AES_256_GCM_DEC;
- }
- else
- {
- assert (0);
- }
-
- vnet_crypto_op_init (&ctx->op, id);
- ctx->op.aad = (u8 *) aad;
- ctx->op.aad_len = aadlen;
- ctx->op.iv = (u8 *) iv;
-
- ctx->op.src = (u8 *) input;
- ctx->op.dst = _output;
- ctx->op.key_index = ctx->key_index;
- ctx->op.len = inlen - ctx->super.algo->tag_size;
-
- ctx->op.tag_len = ctx->super.algo->tag_size;
- ctx->op.tag = ctx->op.src + ctx->op.len;
-
- vnet_crypto_process_ops (vm, &ctx->op, 1);
-
- if (ctx->op.status != VNET_CRYPTO_OP_STATUS_COMPLETED)
- return SIZE_MAX;
-
- return ctx->op.len;
-}
-
-static size_t
-quic_crypto_offload_aead_decrypt (quic_ctx_t * qctx,
- ptls_aead_context_t * _ctx, void *_output,
- const void *input, size_t inlen,
- uint64_t decrypted_pn, const void *aad,
- size_t aadlen)
-{
- struct aead_crypto_context_t *ctx = (struct aead_crypto_context_t *) _ctx;
- vnet_crypto_op_id_t id;
- if (!strcmp (ctx->super.algo->name, "AES128-GCM"))
- {
- id = VNET_CRYPTO_OP_AES_128_GCM_DEC;
- }
- else if (!strcmp (ctx->super.algo->name, "AES256-GCM"))
- {
- id = VNET_CRYPTO_OP_AES_256_GCM_DEC;
- }
- else
- {
- return SIZE_MAX;
- }
-
- quic_main_t *qm = &quic_main;
- quic_crypto_batch_ctx_t *quic_crypto_batch_ctx =
- &qm->wrk_ctx[qctx->c_thread_index].crypto_context_batch;
-
- vnet_crypto_op_t *vnet_op =
- &quic_crypto_batch_ctx->aead_crypto_rx_packets_ops
- [quic_crypto_batch_ctx->nb_rx_packets];
-
- vnet_crypto_op_init (vnet_op, id);
- vnet_op->aad = (u8 *) aad;
- vnet_op->aad_len = aadlen;
- vnet_op->iv = clib_mem_alloc (PTLS_MAX_IV_SIZE);
- build_iv (_ctx, vnet_op->iv, decrypted_pn);
- vnet_op->src = (u8 *) input;
- vnet_op->dst = _output;
- vnet_op->key_index = ctx->key_index;
- vnet_op->len = inlen - ctx->super.algo->tag_size;
- vnet_op->tag_len = ctx->super.algo->tag_size;
- vnet_op->tag = vnet_op->src + vnet_op->len;
- quic_crypto_batch_ctx->nb_rx_packets++;
- return vnet_op->len;
-}
-
-static void
-quic_crypto_aead_dispose_crypto (ptls_aead_context_t * _ctx)
-{
-
+ return quic_crypto_cipher_setup_crypto (ctx, 1, key, EVP_aes_256_ctr ());
}
static int
-quic_crypto_aead_setup_crypto (ptls_aead_context_t * _ctx, int is_enc,
- const void *key, const EVP_CIPHER * cipher)
+quic_crypto_aead_setup_crypto (ptls_aead_context_t *_ctx, int is_enc,
+ const void *key, const void *iv,
+ const EVP_CIPHER *cipher)
{
vlib_main_t *vm = vlib_get_main ();
struct aead_crypto_context_t *ctx = (struct aead_crypto_context_t *) _ctx;
@@ -608,10 +359,16 @@ quic_crypto_aead_setup_crypto (ptls_aead_context_t * _ctx, int is_enc,
if (!strcmp (ctx->super.algo->name, "AES128-GCM"))
{
algo = VNET_CRYPTO_ALG_AES_128_GCM;
+ ctx->id = is_enc ? VNET_CRYPTO_OP_AES_128_GCM_ENC :
+ VNET_CRYPTO_OP_AES_128_GCM_DEC;
+ ptls_openssl_aes128gcm.setup_crypto (_ctx, is_enc, key, iv);
}
else if (!strcmp (ctx->super.algo->name, "AES256-GCM"))
{
algo = VNET_CRYPTO_ALG_AES_256_GCM;
+ ctx->id = is_enc ? VNET_CRYPTO_OP_AES_256_GCM_ENC :
+ VNET_CRYPTO_OP_AES_256_GCM_DEC;
+ ptls_openssl_aes256gcm.setup_crypto (_ctx, is_enc, key, iv);
}
else
{
@@ -622,64 +379,97 @@ quic_crypto_aead_setup_crypto (ptls_aead_context_t * _ctx, int is_enc,
if (quic_main.vnet_crypto_enabled)
{
- ctx->super.do_decrypt = quic_crypto_aead_decrypt;
-
- ctx->super.do_encrypt_init = quic_crypto_aead_encrypt_init;
- ctx->super.do_encrypt_update = quic_crypto_aead_encrypt_update;
- ctx->super.do_encrypt_final = quic_crypto_aead_encrypt_final;
- ctx->super.dispose_crypto = quic_crypto_aead_dispose_crypto;
+ clib_memcpy (ctx->static_iv, iv, ctx->super.algo->iv_size);
clib_rwlock_writer_lock (&quic_main.crypto_keys_quic_rw_lock);
ctx->key_index = vnet_crypto_key_add (vm, algo,
(u8 *) key, _ctx->algo->key_size);
clib_rwlock_writer_unlock (&quic_main.crypto_keys_quic_rw_lock);
}
- else
- {
- if (!strcmp (ctx->super.algo->name, "AES128-GCM"))
- ptls_openssl_aes128gcm.setup_crypto (_ctx, is_enc, key);
- else if (!strcmp (ctx->super.algo->name, "AES256-GCM"))
- ptls_openssl_aes256gcm.setup_crypto (_ctx, is_enc, key);
- }
return 0;
}
static int
-quic_crypto_aead_aes128gcm_setup_crypto (ptls_aead_context_t * ctx,
- int is_enc, const void *key)
+quic_crypto_aead_aes128gcm_setup_crypto (ptls_aead_context_t *ctx, int is_enc,
+ const void *key, const void *iv)
{
- return quic_crypto_aead_setup_crypto (ctx, is_enc, key, EVP_aes_128_gcm ());
+ return quic_crypto_aead_setup_crypto (ctx, is_enc, key, iv,
+ EVP_aes_128_gcm ());
}
static int
-quic_crypto_aead_aes256gcm_setup_crypto (ptls_aead_context_t * ctx,
- int is_enc, const void *key)
+quic_crypto_aead_aes256gcm_setup_crypto (ptls_aead_context_t *ctx, int is_enc,
+ const void *key, const void *iv)
+{
+ return quic_crypto_aead_setup_crypto (ctx, is_enc, key, iv,
+ EVP_aes_256_gcm ());
+}
+
+int
+quic_encrypt_ticket_cb (ptls_encrypt_ticket_t *_self, ptls_t *tls,
+ int is_encrypt, ptls_buffer_t *dst, ptls_iovec_t src)
{
- return quic_crypto_aead_setup_crypto (ctx, is_enc, key, EVP_aes_256_gcm ());
+ quic_session_cache_t *self = (void *) _self;
+ int ret;
+
+ if (is_encrypt)
+ {
+
+ /* replace the cached entry along with a newly generated session id */
+ clib_mem_free (self->data.base);
+ if ((self->data.base = clib_mem_alloc (src.len)) == NULL)
+ return PTLS_ERROR_NO_MEMORY;
+
+ ptls_get_context (tls)->random_bytes (self->id, sizeof (self->id));
+ clib_memcpy (self->data.base, src.base, src.len);
+ self->data.len = src.len;
+
+ /* store the session id in buffer */
+ if ((ret = ptls_buffer_reserve (dst, sizeof (self->id))) != 0)
+ return ret;
+ clib_memcpy (dst->base + dst->off, self->id, sizeof (self->id));
+ dst->off += sizeof (self->id);
+ }
+ else
+ {
+ /* check if session id is the one stored in cache */
+ if (src.len != sizeof (self->id))
+ return PTLS_ERROR_SESSION_NOT_FOUND;
+ if (clib_memcmp (self->id, src.base, sizeof (self->id)) != 0)
+ return PTLS_ERROR_SESSION_NOT_FOUND;
+
+ /* return the cached value */
+ if ((ret = ptls_buffer_reserve (dst, self->data.len)) != 0)
+ return ret;
+ clib_memcpy (dst->base + dst->off, self->data.base, self->data.len);
+ dst->off += self->data.len;
+ }
+
+ return 0;
}
-#ifdef QUIC_HP_CRYPTO
ptls_cipher_algorithm_t quic_crypto_aes128ctr = {
"AES128-CTR",
PTLS_AES128_KEY_SIZE,
- 1, PTLS_AES_IV_SIZE,
- sizeof (struct cipher_context_t), aes128ctr_setup_crypto
+ 1,
+ PTLS_AES_IV_SIZE,
+ sizeof (struct cipher_context_t),
+ quic_crypto_aes128ctr_setup_crypto
};
ptls_cipher_algorithm_t quic_crypto_aes256ctr = {
- "AES256-CTR", PTLS_AES256_KEY_SIZE, 1 /* block size */ ,
- PTLS_AES_IV_SIZE, sizeof (struct cipher_context_t), aes256ctr_setup_crypto
+ "AES256-CTR",
+ PTLS_AES256_KEY_SIZE,
+ 1 /* block size */,
+ PTLS_AES_IV_SIZE,
+ sizeof (struct cipher_context_t),
+ quic_crypto_aes256ctr_setup_crypto
};
-#endif
ptls_aead_algorithm_t quic_crypto_aes128gcm = {
"AES128-GCM",
-#ifdef QUIC_HP_CRYPTO
&quic_crypto_aes128ctr,
-#else
- &ptls_openssl_aes128ctr,
-#endif
&ptls_openssl_aes128ecb,
PTLS_AES128_KEY_SIZE,
PTLS_AESGCM_IV_SIZE,
@@ -690,11 +480,7 @@ ptls_aead_algorithm_t quic_crypto_aes128gcm = {
ptls_aead_algorithm_t quic_crypto_aes256gcm = {
"AES256-GCM",
-#ifdef QUIC_HP_CRYPTO
&quic_crypto_aes256ctr,
-#else
- &ptls_openssl_aes256ctr,
-#endif
&ptls_openssl_aes256ecb,
PTLS_AES256_KEY_SIZE,
PTLS_AESGCM_IV_SIZE,
@@ -717,54 +503,8 @@ ptls_cipher_suite_t *quic_crypto_cipher_suites[] = {
&quic_crypto_aes256gcmsha384, &quic_crypto_aes128gcmsha256, NULL
};
-quicly_crypto_engine_t quic_crypto_engine = {
- quic_crypto_setup_cipher, quic_crypto_finalize_send_packet_cb
-};
-
-int
-quic_encrypt_ticket_cb (ptls_encrypt_ticket_t * _self, ptls_t * tls,
- int is_encrypt, ptls_buffer_t * dst, ptls_iovec_t src)
-{
- quic_session_cache_t *self = (void *) _self;
- int ret;
-
- if (is_encrypt)
- {
-
- /* replace the cached entry along with a newly generated session id */
- clib_mem_free (self->data.base);
- if ((self->data.base = clib_mem_alloc (src.len)) == NULL)
- return PTLS_ERROR_NO_MEMORY;
-
- ptls_get_context (tls)->random_bytes (self->id, sizeof (self->id));
- clib_memcpy (self->data.base, src.base, src.len);
- self->data.len = src.len;
-
- /* store the session id in buffer */
- if ((ret = ptls_buffer_reserve (dst, sizeof (self->id))) != 0)
- return ret;
- clib_memcpy (dst->base + dst->off, self->id, sizeof (self->id));
- dst->off += sizeof (self->id);
-
- }
- else
- {
-
- /* check if session id is the one stored in cache */
- if (src.len != sizeof (self->id))
- return PTLS_ERROR_SESSION_NOT_FOUND;
- if (clib_memcmp (self->id, src.base, sizeof (self->id)) != 0)
- return PTLS_ERROR_SESSION_NOT_FOUND;
-
- /* return the cached value */
- if ((ret = ptls_buffer_reserve (dst, self->data.len)) != 0)
- return ret;
- clib_memcpy (dst->base + dst->off, self->data.base, self->data.len);
- dst->off += self->data.len;
- }
-
- return 0;
-}
+quicly_crypto_engine_t quic_crypto_engine = { quic_crypto_setup_cipher,
+ quic_crypto_encrypt_packet };
/*
* fd.io coding-style-patch-verification: ON
diff --git a/src/plugins/quic/quic_crypto.h b/src/plugins/quic/quic_crypto.h
index 930b31b2cb4..2adb20237a3 100644
--- a/src/plugins/quic/quic_crypto.h
+++ b/src/plugins/quic/quic_crypto.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2019 Cisco and/or its affiliates.
+ * Copyright (c) 2021 Cisco and/or its affiliates.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at:
@@ -19,8 +19,6 @@
#include <quicly.h>
struct quic_ctx_t;
-struct quic_rx_packet_ctx_t;
-struct quic_crypto_batch_ctx_t;
extern ptls_cipher_suite_t *quic_crypto_cipher_suites[];
@@ -29,21 +27,8 @@ int quic_encrypt_ticket_cb (ptls_encrypt_ticket_t * _self, ptls_t * tls,
ptls_iovec_t src);
void quic_crypto_decrypt_packet (quic_ctx_t * qctx,
quic_rx_packet_ctx_t * pctx);
-void quic_crypto_batch_tx_packets (quic_crypto_batch_ctx_t * batch_ctx);
-void quic_crypto_batch_rx_packets (quic_crypto_batch_ctx_t * batch_ctx);
-void quic_crypto_finalize_send_packet (quicly_datagram_t * packet);
-
-void
-quic_crypto_finalize_send_packet_cb (struct st_quicly_crypto_engine_t *engine,
- quicly_conn_t * conn,
- ptls_cipher_context_t * hp,
- ptls_aead_context_t * aead,
- quicly_datagram_t * packet,
- size_t first_byte_at,
- size_t payload_from, int coalesced);
#endif /* __included_vpp_quic_crypto_h__ */
-
/*
* fd.io coding-style-patch-verification: ON
*
diff --git a/src/plugins/tlspicotls/pico_vpp_crypto.c b/src/plugins/tlspicotls/pico_vpp_crypto.c
index 8e724ea8b1a..3805ff3c981 100644
--- a/src/plugins/tlspicotls/pico_vpp_crypto.c
+++ b/src/plugins/tlspicotls/pico_vpp_crypto.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2020 Intel and/or its affiliates.
+ * Copyright (c) 2021 Intel and/or its affiliates.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at:
@@ -42,6 +42,8 @@ struct vpp_aead_context_t
vnet_crypto_alg_t alg;
u32 key_index;
u32 chunk_index;
+ uint8_t iv[PTLS_MAX_IV_SIZE];
+ uint8_t static_iv[PTLS_MAX_IV_SIZE];
};
static void
@@ -128,8 +130,8 @@ ptls_vpp_crypto_cipher_setup_crypto (ptls_cipher_context_t * _ctx, int is_enc,
}
size_t
-ptls_vpp_crypto_aead_decrypt (ptls_aead_context_t * _ctx, void *_output,
- const void *input, size_t inlen, const void *iv,
+ptls_vpp_crypto_aead_decrypt (ptls_aead_context_t *_ctx, void *_output,
+ const void *input, size_t inlen, uint64_t seq,
const void *aad, size_t aadlen)
{
vlib_main_t *vm = vlib_get_main ();
@@ -139,7 +141,7 @@ ptls_vpp_crypto_aead_decrypt (ptls_aead_context_t * _ctx, void *_output,
ctx->op.dst = _output;
ctx->op.src = (void *) input;
ctx->op.len = inlen - tag_size;;
- ctx->op.iv = (void *) iv;
+ ctx->op.iv = ctx->static_iv;
ctx->op.aad = (void *) aad;
ctx->op.aad_len = aadlen;
ctx->op.tag = (void *) input + inlen - tag_size;
@@ -152,11 +154,13 @@ ptls_vpp_crypto_aead_decrypt (ptls_aead_context_t * _ctx, void *_output,
}
static void
-ptls_vpp_crypto_aead_encrypt_init (ptls_aead_context_t * _ctx, const void *iv,
+ptls_vpp_crypto_aead_encrypt_init (ptls_aead_context_t *_ctx, uint64_t seq,
const void *aad, size_t aadlen)
{
struct vpp_aead_context_t *ctx = (struct vpp_aead_context_t *) _ctx;
- ctx->op.iv = (void *) iv;
+ ctx->op.iv = ctx->iv;
+ ptls_aead__build_iv (ctx->super.algo, ctx->op.iv, ctx->static_iv, seq);
+ ctx->op.iv = ctx->static_iv;
ctx->op.aad = (void *) aad;
ctx->op.aad_len = aadlen;
ctx->op.n_chunks = 2;
@@ -200,10 +204,10 @@ ptls_vpp_crypto_aead_dispose_crypto (ptls_aead_context_t * _ctx)
/* Do nothing */
}
-
static int
-ptls_vpp_crypto_aead_setup_crypto (ptls_aead_context_t * _ctx, int is_enc,
- const void *key, vnet_crypto_alg_t alg)
+ptls_vpp_crypto_aead_setup_crypto (ptls_aead_context_t *_ctx, int is_enc,
+ const void *key, const void *iv,
+ vnet_crypto_alg_t alg)
{
struct vlib_main_t *vm = vlib_get_main ();
struct vpp_aead_context_t *ctx = (struct vpp_aead_context_t *) _ctx;
@@ -241,6 +245,7 @@ ptls_vpp_crypto_aead_setup_crypto (ptls_aead_context_t * _ctx, int is_enc,
vnet_crypto_key_add (vm, ctx->alg, (void *) key, key_len);
clib_rwlock_writer_unlock (&picotls_main.crypto_keys_rw_lock);
ctx->chunk_index = 0;
+ clib_memcpy (ctx->static_iv, iv, ctx->super.algo->iv_size);
ctx->super.do_decrypt = ptls_vpp_crypto_aead_decrypt;
ctx->super.do_encrypt_init = ptls_vpp_crypto_aead_encrypt_init;
@@ -268,18 +273,20 @@ ptls_vpp_crypto_aes256ctr_setup_crypto (ptls_cipher_context_t * ctx,
}
static int
-ptls_vpp_crypto_aead_aes128gcm_setup_crypto (ptls_aead_context_t * ctx,
- int is_enc, const void *key)
+ptls_vpp_crypto_aead_aes128gcm_setup_crypto (ptls_aead_context_t *ctx,
+ int is_enc, const void *key,
+ const void *iv)
{
- return ptls_vpp_crypto_aead_setup_crypto (ctx, is_enc, key,
+ return ptls_vpp_crypto_aead_setup_crypto (ctx, is_enc, key, iv,
VNET_CRYPTO_ALG_AES_128_GCM);
}
static int
-ptls_vpp_crypto_aead_aes256gcm_setup_crypto (ptls_aead_context_t * ctx,
- int is_enc, const void *key)
+ptls_vpp_crypto_aead_aes256gcm_setup_crypto (ptls_aead_context_t *ctx,
+ int is_enc, const void *key,
+ const void *iv)
{
- return ptls_vpp_crypto_aead_setup_crypto (ctx, is_enc, key,
+ return ptls_vpp_crypto_aead_setup_crypto (ctx, is_enc, key, iv,
VNET_CRYPTO_ALG_AES_256_GCM);
}