quic: update to quicly v0.1.4

Type: improvement Change-Id: I707399b8ba617a659476bfd7d793f04a1283e694 Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2022-11-30 22:29:07 -05:00
parent 11a03e972e
commit 06bbab0c45
7 changed files with 98 additions and 26 deletions
--- a/src/plugins/quic/CMakeLists.txt
+++ b/src/plugins/quic/CMakeLists.txt
@ -13,7 +13,7 @@
 # limitations under the License.

 unset(QUIC_LINK_LIBRARIES)
-set(EXPECTED_QUICLY_VERSION "0.1.3-vpp")
+set(EXPECTED_QUICLY_VERSION "0.1.4-vpp")

 vpp_find_path(QUICLY_INCLUDE_DIR NAMES quicly.h)
 vpp_find_path(PICOTLS_INCLUDE_DIR NAMES picotls.h)
--- a/src/plugins/quic/quic_crypto.c
+++ b/src/plugins/quic/quic_crypto.c
@ -24,7 +24,7 @@
 #define QUICLY_EPOCH_1RTT 3

 extern quic_main_t quic_main;
-extern quic_ctx_t *quic_get_conn_ctx (quicly_conn_t * conn);
+extern quic_ctx_t *quic_get_conn_ctx (quicly_conn_t *conn);
 vnet_crypto_main_t *cm = &crypto_main;

 typedef struct crypto_key_
@ -176,7 +176,7 @@ quic_crypto_aead_decrypt (quic_ctx_t *qctx, ptls_aead_context_t *_ctx,
 }

 void
-quic_crypto_decrypt_packet (quic_ctx_t * qctx, quic_rx_packet_ctx_t * pctx)
+quic_crypto_decrypt_packet (quic_ctx_t *qctx, quic_rx_packet_ctx_t *pctx)
 {
  ptls_cipher_context_t *header_protection = NULL;
  ptls_aead_context_t *aead = NULL;
@ -205,28 +205,26 @@ quic_crypto_decrypt_packet (quic_ctx_t * qctx, quic_rx_packet_ctx_t * pctx)
  /* decipher the header protection, as well as obtaining pnbits, pnlen */
  if (encrypted_len < header_protection->algo->iv_size + QUICLY_MAX_PN_SIZE)
    return;
-  ptls_cipher_init (header_protection,
-		    pctx->packet.octets.base + pctx->packet.encrypted_off +
-		    QUICLY_MAX_PN_SIZE);
+  ptls_cipher_init (header_protection, pctx->packet.octets.base +
+					 pctx->packet.encrypted_off +
+					 QUICLY_MAX_PN_SIZE);
  ptls_cipher_encrypt (header_protection, hpmask, hpmask, sizeof (hpmask));
  pctx->packet.octets.base[0] ^=
-    hpmask[0] & (QUICLY_PACKET_IS_LONG_HEADER (pctx->packet.octets.base[0]) ?
-		 0xf : 0x1f);
+    hpmask[0] &
+    (QUICLY_PACKET_IS_LONG_HEADER (pctx->packet.octets.base[0]) ? 0xf : 0x1f);
  pnlen = (pctx->packet.octets.base[0] & 0x3) + 1;
  for (i = 0; i != pnlen; ++i)
    {
      pctx->packet.octets.base[pctx->packet.encrypted_off + i] ^=
 	hpmask[i + 1];
-      pnbits =
-	(pnbits << 8) | pctx->packet.octets.base[pctx->packet.encrypted_off +
-						 i];
+      pnbits = (pnbits << 8) |
+	       pctx->packet.octets.base[pctx->packet.encrypted_off + i];
    }

  size_t aead_off = pctx->packet.encrypted_off + pnlen;

-  pn =
-    quicly_determine_packet_number (pnbits, pnlen * 8,
-				    next_expected_packet_number);
+  pn = quicly_determine_packet_number (pnbits, pnlen * 8,
+				       next_expected_packet_number);

  int key_phase_bit =
    (pctx->packet.octets.base[0] & QUICLY_KEY_PHASE_BIT) != 0;
@ -236,7 +234,7 @@ quic_crypto_decrypt_packet (quic_ctx_t * qctx, quic_rx_packet_ctx_t * pctx)
      pctx->packet.octets.base[0] ^=
 	hpmask[0] &
 	(QUICLY_PACKET_IS_LONG_HEADER (pctx->packet.octets.base[0]) ? 0xf :
-	 0x1f);
+									    0x1f);
      for (i = 0; i != pnlen; ++i)
 	{
 	  pctx->packet.octets.base[pctx->packet.encrypted_off + i] ^=
@ -251,8 +249,8 @@ quic_crypto_decrypt_packet (quic_ctx_t * qctx, quic_rx_packet_ctx_t * pctx)
 	 pctx->packet.octets.len - aead_off, pn, pctx->packet.octets.base,
 	 aead_off)) == SIZE_MAX)
    {
-      fprintf (stderr,
-	       "%s: aead decryption failure (pn: %d)\n", __FUNCTION__, pn);
+      fprintf (stderr, "%s: aead decryption failure (pn: %d)\n", __FUNCTION__,
+	       pn);
      return;
    }

@ -371,14 +369,14 @@ quic_crypto_cipher_setup_crypto (ptls_cipher_context_t *_ctx, int is_enc,
 }

 static int
-quic_crypto_aes128ctr_setup_crypto (ptls_cipher_context_t * ctx, int is_enc,
+quic_crypto_aes128ctr_setup_crypto (ptls_cipher_context_t *ctx, int is_enc,
 				    const void *key)
 {
  return quic_crypto_cipher_setup_crypto (ctx, 1, key, EVP_aes_128_ctr ());
 }

 static int
-quic_crypto_aes256ctr_setup_crypto (ptls_cipher_context_t * ctx, int is_enc,
+quic_crypto_aes256ctr_setup_crypto (ptls_cipher_context_t *ctx, int is_enc,
 				    const void *key)
 {
  return quic_crypto_cipher_setup_crypto (ctx, 1, key, EVP_aes_256_ctr ());
@ -504,6 +502,7 @@ ptls_cipher_algorithm_t quic_crypto_aes256ctr = {
  quic_crypto_aes256ctr_setup_crypto
 };

+#define PTLS_X86_CACHE_LINE_ALIGN_BITS 6
 ptls_aead_algorithm_t quic_crypto_aes128gcm = {
  "AES128-GCM",
  PTLS_AESGCM_CONFIDENTIALITY_LIMIT,
@ -513,6 +512,9 @@ ptls_aead_algorithm_t quic_crypto_aes128gcm = {
  PTLS_AES128_KEY_SIZE,
  PTLS_AESGCM_IV_SIZE,
  PTLS_AESGCM_TAG_SIZE,
+  { PTLS_TLS12_AESGCM_FIXED_IV_SIZE, PTLS_TLS12_AESGCM_RECORD_IV_SIZE },
+  1,
+  PTLS_X86_CACHE_LINE_ALIGN_BITS,
  sizeof (struct aead_crypto_context_t),
  quic_crypto_aead_aes128gcm_setup_crypto
 };
@ -526,18 +528,21 @@ ptls_aead_algorithm_t quic_crypto_aes256gcm = {
  PTLS_AES256_KEY_SIZE,
  PTLS_AESGCM_IV_SIZE,
  PTLS_AESGCM_TAG_SIZE,
+  { PTLS_TLS12_AESGCM_FIXED_IV_SIZE, PTLS_TLS12_AESGCM_RECORD_IV_SIZE },
+  1,
+  PTLS_X86_CACHE_LINE_ALIGN_BITS,
  sizeof (struct aead_crypto_context_t),
  quic_crypto_aead_aes256gcm_setup_crypto
 };

 ptls_cipher_suite_t quic_crypto_aes128gcmsha256 = {
-  PTLS_CIPHER_SUITE_AES_128_GCM_SHA256,
-  &quic_crypto_aes128gcm, &ptls_openssl_sha256
+  PTLS_CIPHER_SUITE_AES_128_GCM_SHA256, &quic_crypto_aes128gcm,
+  &ptls_openssl_sha256
 };

 ptls_cipher_suite_t quic_crypto_aes256gcmsha384 = {
-  PTLS_CIPHER_SUITE_AES_256_GCM_SHA384,
-  &quic_crypto_aes256gcm, &ptls_openssl_sha384
+  PTLS_CIPHER_SUITE_AES_256_GCM_SHA384, &quic_crypto_aes256gcm,
+  &ptls_openssl_sha384
 };

 ptls_cipher_suite_t *quic_crypto_cipher_suites[] = {