From 06bbab0c45c805544c981b8765ea3d85760d66a8 Mon Sep 17 00:00:00 2001 From: Dave Wallace Date: Wed, 30 Nov 2022 22:29:07 -0500 Subject: quic: update to quicly v0.1.4 Type: improvement Change-Id: I707399b8ba617a659476bfd7d793f04a1283e694 Signed-off-by: Dave Wallace --- build/external/packages/quicly.mk | 4 +- .../quicly_0.1.4-vpp/0001-cmake-install.patch | 30 +++++++++++++ .../0002-cmake-install-picotls.patch | 30 +++++++++++++ src/plugins/quic/CMakeLists.txt | 2 +- src/plugins/quic/quic_crypto.c | 49 ++++++++++++---------- src/plugins/tlspicotls/CMakeLists.txt | 2 +- src/plugins/tlspicotls/pico_vpp_crypto.c | 7 ++++ 7 files changed, 98 insertions(+), 26 deletions(-) create mode 100644 build/external/patches/quicly_0.1.4-vpp/0001-cmake-install.patch create mode 100644 build/external/patches/quicly_0.1.4-vpp/0002-cmake-install-picotls.patch diff --git a/build/external/packages/quicly.mk b/build/external/packages/quicly.mk index 635cf969a0c..c75386d0ce0 100644 --- a/build/external/packages/quicly.mk +++ b/build/external/packages/quicly.mk @@ -11,9 +11,9 @@ # See the License for the specific language governing permissions and # limitations under the License. -quicly_version := 0.1.3-vpp +quicly_version := 0.1.4-vpp quicly_tarball := quicly_$(quicly_version).tar.gz -quicly_tarball_md5sum := 195f156f311458f1bd4540765e62dd27 +quicly_tarball_md5sum := 5419a0f340c5572bcf682c08acc84c77 quicly_tarball_strip_dirs := 1 quicly_url := https://github.com/vpp-quic/quicly/releases/download/v$(quicly_version)/quicly_$(quicly_version).tar.gz diff --git a/build/external/patches/quicly_0.1.4-vpp/0001-cmake-install.patch b/build/external/patches/quicly_0.1.4-vpp/0001-cmake-install.patch new file mode 100644 index 00000000000..35befd9b88d --- /dev/null +++ b/build/external/patches/quicly_0.1.4-vpp/0001-cmake-install.patch @@ -0,0 +1,30 @@ +diff --git a/CMakeLists.txt b/CMakeLists.txt +index 5142bac..7b95f74 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -33,6 +33,8 @@ ENDIF(NOT CMAKE_BUILD_TYPE) + SET(CMAKE_C_FLAGS "-std=c99 -Wall -g ${CC_WARNING_FLAGS} ${CMAKE_C_FLAGS}") + SET(CMAKE_C_FLAGS_DEBUG "-O0") + SET(CMAKE_C_FLAGS_RELEASE "-O2") ++SET(CMAKE_POSITION_INDEPENDENT_CODE ON) ++SET(CMAKE_SKIP_INSTALL_ALL_DEPENDENCY true) + + INCLUDE_DIRECTORIES( + ${OPENSSL_INCLUDE_DIR} +@@ -118,6 +120,16 @@ TARGET_LINK_LIBRARIES(examples-echo quicly ${OPENSSL_LIBRARIES} ${CMAKE_DL_LIBS} + + ADD_EXECUTABLE(udpfw t/udpfw.c) + ++INSTALL ( ++ DIRECTORY ${CMAKE_SOURCE_DIR}/include/ ++ DESTINATION include ++ FILES_MATCHING PATTERN "*.h") ++ ++INSTALL(TARGETS quicly ++ RUNTIME DESTINATION bin ++ LIBRARY DESTINATION lib ++ ARCHIVE DESTINATION lib) ++ + ADD_CUSTOM_TARGET(check env BINARY_DIR=${CMAKE_CURRENT_BINARY_DIR} WITH_DTRACE=${WITH_DTRACE} prove --exec "sh -c" -v ${CMAKE_CURRENT_BINARY_DIR}/*.t t/*.t + WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR} + DEPENDS cli test.t) diff --git a/build/external/patches/quicly_0.1.4-vpp/0002-cmake-install-picotls.patch b/build/external/patches/quicly_0.1.4-vpp/0002-cmake-install-picotls.patch new file mode 100644 index 00000000000..56897e8a5d4 --- /dev/null +++ b/build/external/patches/quicly_0.1.4-vpp/0002-cmake-install-picotls.patch @@ -0,0 +1,30 @@ +diff --git a/CMakeLists.txt b/CMakeLists.txt +index d1d6c09..90d7221 100644 +--- a/deps/picotls/CMakeLists.txt ++++ b/deps/picotls/CMakeLists.txt +@@ -13,6 +13,9 @@ IF (WITH_DTRACE) + ENDIF () + + SET(CMAKE_C_FLAGS "-std=c99 -Wall -O2 -g ${CC_WARNING_FLAGS} ${CMAKE_C_FLAGS}") ++SET(CMAKE_POSITION_INDEPENDENT_CODE ON) ++SET(CMAKE_SKIP_INSTALL_ALL_DEPENDENCY true) ++ + INCLUDE_DIRECTORIES( + deps/cifra/src/ext + deps/cifra/src +@@ -161,6 +164,15 @@ TARGET_LINK_LIBRARIES(ptlsbench ${PTLSBENCH_LIBS}) + + ADD_CUSTOM_TARGET(check env BINARY_DIR=${CMAKE_CURRENT_BINARY_DIR} prove --exec '' -v ${CMAKE_CURRENT_BINARY_DIR}/*.t t/*.t WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR} DEPENDS ${TEST_EXES} cli) + ++INSTALL (DIRECTORY ${CMAKE_SOURCE_DIR}/include/ ++ DESTINATION include ++ FILES_MATCHING PATTERN "*.h") ++ ++INSTALL(TARGETS picotls-core picotls-openssl ++ RUNTIME DESTINATION bin ++ LIBRARY DESTINATION lib ++ ARCHIVE DESTINATION lib) ++ + IF (CMAKE_SYSTEM_NAME STREQUAL "Linux") + SET(CMAKE_C_FLAGS "-D_GNU_SOURCE -pthread ${CMAKE_C_FLAGS}") + ELSEIF ("${CMAKE_SYSTEM_NAME}" MATCHES "SunOS") diff --git a/src/plugins/quic/CMakeLists.txt b/src/plugins/quic/CMakeLists.txt index dfed91f51d9..9646c444b21 100644 --- a/src/plugins/quic/CMakeLists.txt +++ b/src/plugins/quic/CMakeLists.txt @@ -13,7 +13,7 @@ # limitations under the License. unset(QUIC_LINK_LIBRARIES) -set(EXPECTED_QUICLY_VERSION "0.1.3-vpp") +set(EXPECTED_QUICLY_VERSION "0.1.4-vpp") vpp_find_path(QUICLY_INCLUDE_DIR NAMES quicly.h) vpp_find_path(PICOTLS_INCLUDE_DIR NAMES picotls.h) diff --git a/src/plugins/quic/quic_crypto.c b/src/plugins/quic/quic_crypto.c index 9931ab56b76..c5cc5a4a714 100644 --- a/src/plugins/quic/quic_crypto.c +++ b/src/plugins/quic/quic_crypto.c @@ -24,7 +24,7 @@ #define QUICLY_EPOCH_1RTT 3 extern quic_main_t quic_main; -extern quic_ctx_t *quic_get_conn_ctx (quicly_conn_t * conn); +extern quic_ctx_t *quic_get_conn_ctx (quicly_conn_t *conn); vnet_crypto_main_t *cm = &crypto_main; typedef struct crypto_key_ @@ -176,7 +176,7 @@ quic_crypto_aead_decrypt (quic_ctx_t *qctx, ptls_aead_context_t *_ctx, } void -quic_crypto_decrypt_packet (quic_ctx_t * qctx, quic_rx_packet_ctx_t * pctx) +quic_crypto_decrypt_packet (quic_ctx_t *qctx, quic_rx_packet_ctx_t *pctx) { ptls_cipher_context_t *header_protection = NULL; ptls_aead_context_t *aead = NULL; @@ -205,28 +205,26 @@ quic_crypto_decrypt_packet (quic_ctx_t * qctx, quic_rx_packet_ctx_t * pctx) /* decipher the header protection, as well as obtaining pnbits, pnlen */ if (encrypted_len < header_protection->algo->iv_size + QUICLY_MAX_PN_SIZE) return; - ptls_cipher_init (header_protection, - pctx->packet.octets.base + pctx->packet.encrypted_off + - QUICLY_MAX_PN_SIZE); + ptls_cipher_init (header_protection, pctx->packet.octets.base + + pctx->packet.encrypted_off + + QUICLY_MAX_PN_SIZE); ptls_cipher_encrypt (header_protection, hpmask, hpmask, sizeof (hpmask)); pctx->packet.octets.base[0] ^= - hpmask[0] & (QUICLY_PACKET_IS_LONG_HEADER (pctx->packet.octets.base[0]) ? - 0xf : 0x1f); + hpmask[0] & + (QUICLY_PACKET_IS_LONG_HEADER (pctx->packet.octets.base[0]) ? 0xf : 0x1f); pnlen = (pctx->packet.octets.base[0] & 0x3) + 1; for (i = 0; i != pnlen; ++i) { pctx->packet.octets.base[pctx->packet.encrypted_off + i] ^= hpmask[i + 1]; - pnbits = - (pnbits << 8) | pctx->packet.octets.base[pctx->packet.encrypted_off + - i]; + pnbits = (pnbits << 8) | + pctx->packet.octets.base[pctx->packet.encrypted_off + i]; } size_t aead_off = pctx->packet.encrypted_off + pnlen; - pn = - quicly_determine_packet_number (pnbits, pnlen * 8, - next_expected_packet_number); + pn = quicly_determine_packet_number (pnbits, pnlen * 8, + next_expected_packet_number); int key_phase_bit = (pctx->packet.octets.base[0] & QUICLY_KEY_PHASE_BIT) != 0; @@ -236,7 +234,7 @@ quic_crypto_decrypt_packet (quic_ctx_t * qctx, quic_rx_packet_ctx_t * pctx) pctx->packet.octets.base[0] ^= hpmask[0] & (QUICLY_PACKET_IS_LONG_HEADER (pctx->packet.octets.base[0]) ? 0xf : - 0x1f); + 0x1f); for (i = 0; i != pnlen; ++i) { pctx->packet.octets.base[pctx->packet.encrypted_off + i] ^= @@ -251,8 +249,8 @@ quic_crypto_decrypt_packet (quic_ctx_t * qctx, quic_rx_packet_ctx_t * pctx) pctx->packet.octets.len - aead_off, pn, pctx->packet.octets.base, aead_off)) == SIZE_MAX) { - fprintf (stderr, - "%s: aead decryption failure (pn: %d)\n", __FUNCTION__, pn); + fprintf (stderr, "%s: aead decryption failure (pn: %d)\n", __FUNCTION__, + pn); return; } @@ -371,14 +369,14 @@ quic_crypto_cipher_setup_crypto (ptls_cipher_context_t *_ctx, int is_enc, } static int -quic_crypto_aes128ctr_setup_crypto (ptls_cipher_context_t * ctx, int is_enc, +quic_crypto_aes128ctr_setup_crypto (ptls_cipher_context_t *ctx, int is_enc, const void *key) { return quic_crypto_cipher_setup_crypto (ctx, 1, key, EVP_aes_128_ctr ()); } static int -quic_crypto_aes256ctr_setup_crypto (ptls_cipher_context_t * ctx, int is_enc, +quic_crypto_aes256ctr_setup_crypto (ptls_cipher_context_t *ctx, int is_enc, const void *key) { return quic_crypto_cipher_setup_crypto (ctx, 1, key, EVP_aes_256_ctr ()); @@ -504,6 +502,7 @@ ptls_cipher_algorithm_t quic_crypto_aes256ctr = { quic_crypto_aes256ctr_setup_crypto }; +#define PTLS_X86_CACHE_LINE_ALIGN_BITS 6 ptls_aead_algorithm_t quic_crypto_aes128gcm = { "AES128-GCM", PTLS_AESGCM_CONFIDENTIALITY_LIMIT, @@ -513,6 +512,9 @@ ptls_aead_algorithm_t quic_crypto_aes128gcm = { PTLS_AES128_KEY_SIZE, PTLS_AESGCM_IV_SIZE, PTLS_AESGCM_TAG_SIZE, + { PTLS_TLS12_AESGCM_FIXED_IV_SIZE, PTLS_TLS12_AESGCM_RECORD_IV_SIZE }, + 1, + PTLS_X86_CACHE_LINE_ALIGN_BITS, sizeof (struct aead_crypto_context_t), quic_crypto_aead_aes128gcm_setup_crypto }; @@ -526,18 +528,21 @@ ptls_aead_algorithm_t quic_crypto_aes256gcm = { PTLS_AES256_KEY_SIZE, PTLS_AESGCM_IV_SIZE, PTLS_AESGCM_TAG_SIZE, + { PTLS_TLS12_AESGCM_FIXED_IV_SIZE, PTLS_TLS12_AESGCM_RECORD_IV_SIZE }, + 1, + PTLS_X86_CACHE_LINE_ALIGN_BITS, sizeof (struct aead_crypto_context_t), quic_crypto_aead_aes256gcm_setup_crypto }; ptls_cipher_suite_t quic_crypto_aes128gcmsha256 = { - PTLS_CIPHER_SUITE_AES_128_GCM_SHA256, - &quic_crypto_aes128gcm, &ptls_openssl_sha256 + PTLS_CIPHER_SUITE_AES_128_GCM_SHA256, &quic_crypto_aes128gcm, + &ptls_openssl_sha256 }; ptls_cipher_suite_t quic_crypto_aes256gcmsha384 = { - PTLS_CIPHER_SUITE_AES_256_GCM_SHA384, - &quic_crypto_aes256gcm, &ptls_openssl_sha384 + PTLS_CIPHER_SUITE_AES_256_GCM_SHA384, &quic_crypto_aes256gcm, + &ptls_openssl_sha384 }; ptls_cipher_suite_t *quic_crypto_cipher_suites[] = { diff --git a/src/plugins/tlspicotls/CMakeLists.txt b/src/plugins/tlspicotls/CMakeLists.txt index f23ae6ccb8a..c8f7c64126b 100644 --- a/src/plugins/tlspicotls/CMakeLists.txt +++ b/src/plugins/tlspicotls/CMakeLists.txt @@ -5,7 +5,7 @@ include (CheckFunctionExists) # it's reasonable to make this check to avoid breaking # existing builds when upgrading the quicly/picotls # versions -set(EXPECTED_QUICLY_VERSION "0.1.3-vpp") +set(EXPECTED_QUICLY_VERSION "0.1.4-vpp") vpp_find_path(QUICLY_INCLUDE_DIR NAMES quicly.h) diff --git a/src/plugins/tlspicotls/pico_vpp_crypto.c b/src/plugins/tlspicotls/pico_vpp_crypto.c index 24af935fc9c..3d28d50b352 100644 --- a/src/plugins/tlspicotls/pico_vpp_crypto.c +++ b/src/plugins/tlspicotls/pico_vpp_crypto.c @@ -306,6 +306,7 @@ ptls_cipher_algorithm_t ptls_vpp_crypto_aes256ctr = { ptls_vpp_crypto_aes256ctr_setup_crypto }; +#define PTLS_X86_CACHE_LINE_ALIGN_BITS 6 ptls_aead_algorithm_t ptls_vpp_crypto_aes128gcm = { "AES128-GCM", PTLS_AESGCM_CONFIDENTIALITY_LIMIT, @@ -315,6 +316,9 @@ ptls_aead_algorithm_t ptls_vpp_crypto_aes128gcm = { PTLS_AES128_KEY_SIZE, PTLS_AESGCM_IV_SIZE, PTLS_AESGCM_TAG_SIZE, + { PTLS_TLS12_AESGCM_FIXED_IV_SIZE, PTLS_TLS12_AESGCM_RECORD_IV_SIZE }, + 1, + PTLS_X86_CACHE_LINE_ALIGN_BITS, sizeof (struct vpp_aead_context_t), ptls_vpp_crypto_aead_aes128gcm_setup_crypto }; @@ -328,6 +332,9 @@ ptls_aead_algorithm_t ptls_vpp_crypto_aes256gcm = { PTLS_AES256_KEY_SIZE, PTLS_AESGCM_IV_SIZE, PTLS_AESGCM_TAG_SIZE, + { PTLS_TLS12_AESGCM_FIXED_IV_SIZE, PTLS_TLS12_AESGCM_RECORD_IV_SIZE }, + 1, + PTLS_X86_CACHE_LINE_ALIGN_BITS, sizeof (struct vpp_aead_context_t), ptls_vpp_crypto_aead_aes256gcm_setup_crypto }; -- cgit 1.2.3-korg