quic: update to quicly v0.1.4

Type: improvement

Change-Id: I707399b8ba617a659476bfd7d793f04a1283e694
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>

build/external/packages/quicly.mk

@@ -11,9 +11,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-quicly_version := 0.1.3-vpp
+quicly_version := 0.1.4-vpp
 quicly_tarball := quicly_$(quicly_version).tar.gz
-quicly_tarball_md5sum := 195f156f311458f1bd4540765e62dd27
+quicly_tarball_md5sum := 5419a0f340c5572bcf682c08acc84c77
 quicly_tarball_strip_dirs := 1
 quicly_url := https://github.com/vpp-quic/quicly/releases/download/v$(quicly_version)/quicly_$(quicly_version).tar.gz
 

build/external/patches/quicly_0.1.4-vpp/0001-cmake-install.patch

@@ -0,0 +1,30 @@
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index 5142bac..7b95f74 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -33,6 +33,8 @@ ENDIF(NOT CMAKE_BUILD_TYPE)
+ SET(CMAKE_C_FLAGS "-std=c99 -Wall -g ${CC_WARNING_FLAGS} ${CMAKE_C_FLAGS}")
+ SET(CMAKE_C_FLAGS_DEBUG "-O0")
+ SET(CMAKE_C_FLAGS_RELEASE "-O2")
++SET(CMAKE_POSITION_INDEPENDENT_CODE ON)
++SET(CMAKE_SKIP_INSTALL_ALL_DEPENDENCY true)
+ 
+ INCLUDE_DIRECTORIES(
+     ${OPENSSL_INCLUDE_DIR}
+@@ -118,6 +120,16 @@ TARGET_LINK_LIBRARIES(examples-echo quicly ${OPENSSL_LIBRARIES} ${CMAKE_DL_LIBS}
+ 
+ ADD_EXECUTABLE(udpfw t/udpfw.c)
+ 
++INSTALL (
++    DIRECTORY ${CMAKE_SOURCE_DIR}/include/
++    DESTINATION include
++    FILES_MATCHING PATTERN "*.h")
++
++INSTALL(TARGETS quicly
++        RUNTIME DESTINATION bin
++        LIBRARY DESTINATION lib
++        ARCHIVE DESTINATION lib)
++
+ ADD_CUSTOM_TARGET(check env BINARY_DIR=${CMAKE_CURRENT_BINARY_DIR} WITH_DTRACE=${WITH_DTRACE} prove --exec "sh -c" -v ${CMAKE_CURRENT_BINARY_DIR}/*.t t/*.t
+     WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}
+     DEPENDS cli test.t)

build/external/patches/quicly_0.1.4-vpp/0002-cmake-install-picotls.patch

@@ -0,0 +1,30 @@
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index d1d6c09..90d7221 100644
+--- a/deps/picotls/CMakeLists.txt
++++ b/deps/picotls/CMakeLists.txt
+@@ -13,6 +13,9 @@ IF (WITH_DTRACE)
+ ENDIF ()
+ 
+ SET(CMAKE_C_FLAGS "-std=c99 -Wall -O2 -g ${CC_WARNING_FLAGS} ${CMAKE_C_FLAGS}")
++SET(CMAKE_POSITION_INDEPENDENT_CODE ON)
++SET(CMAKE_SKIP_INSTALL_ALL_DEPENDENCY true)
++
+ INCLUDE_DIRECTORIES(
+     deps/cifra/src/ext
+     deps/cifra/src
+@@ -161,6 +164,15 @@ TARGET_LINK_LIBRARIES(ptlsbench ${PTLSBENCH_LIBS})
+ 
+ ADD_CUSTOM_TARGET(check env BINARY_DIR=${CMAKE_CURRENT_BINARY_DIR} prove --exec '' -v ${CMAKE_CURRENT_BINARY_DIR}/*.t t/*.t WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR} DEPENDS ${TEST_EXES} cli)
+ 
++INSTALL (DIRECTORY ${CMAKE_SOURCE_DIR}/include/
++    DESTINATION include
++    FILES_MATCHING PATTERN "*.h")
++
++INSTALL(TARGETS picotls-core picotls-openssl
++        RUNTIME DESTINATION bin
++        LIBRARY DESTINATION lib
++        ARCHIVE DESTINATION lib)
++
+ IF (CMAKE_SYSTEM_NAME STREQUAL "Linux")
+      SET(CMAKE_C_FLAGS "-D_GNU_SOURCE -pthread ${CMAKE_C_FLAGS}")
+ ELSEIF ("${CMAKE_SYSTEM_NAME}" MATCHES "SunOS")

src/plugins/quic/CMakeLists.txt

@@ -13,7 +13,7 @@
 # limitations under the License.
 
 unset(QUIC_LINK_LIBRARIES)
-set(EXPECTED_QUICLY_VERSION "0.1.3-vpp")
+set(EXPECTED_QUICLY_VERSION "0.1.4-vpp")
 
 vpp_find_path(QUICLY_INCLUDE_DIR NAMES quicly.h)
 vpp_find_path(PICOTLS_INCLUDE_DIR NAMES picotls.h)

src/plugins/quic/quic_crypto.c

@@ -24,7 +24,7 @@
 #define QUICLY_EPOCH_1RTT 3
 
 extern quic_main_t quic_main;
-extern quic_ctx_t *quic_get_conn_ctx (quicly_conn_t * conn);
+extern quic_ctx_t *quic_get_conn_ctx (quicly_conn_t *conn);
 vnet_crypto_main_t *cm = &crypto_main;
 
 typedef struct crypto_key_
@@ -176,7 +176,7 @@ quic_crypto_aead_decrypt (quic_ctx_t *qctx, ptls_aead_context_t *_ctx,
 }
 
 void
-quic_crypto_decrypt_packet (quic_ctx_t * qctx, quic_rx_packet_ctx_t * pctx)
+quic_crypto_decrypt_packet (quic_ctx_t *qctx, quic_rx_packet_ctx_t *pctx)
 {
   ptls_cipher_context_t *header_protection = NULL;
   ptls_aead_context_t *aead = NULL;
@@ -205,28 +205,26 @@ quic_crypto_decrypt_packet (quic_ctx_t * qctx, quic_rx_packet_ctx_t * pctx)
   /* decipher the header protection, as well as obtaining pnbits, pnlen */
   if (encrypted_len < header_protection->algo->iv_size + QUICLY_MAX_PN_SIZE)
     return;
-  ptls_cipher_init (header_protection,
+  ptls_cipher_init (header_protection, pctx->packet.octets.base +
-		    pctx->packet.octets.base + pctx->packet.encrypted_off +
+					 pctx->packet.encrypted_off +
-		    QUICLY_MAX_PN_SIZE);
+					 QUICLY_MAX_PN_SIZE);
   ptls_cipher_encrypt (header_protection, hpmask, hpmask, sizeof (hpmask));
   pctx->packet.octets.base[0] ^=
-    hpmask[0] & (QUICLY_PACKET_IS_LONG_HEADER (pctx->packet.octets.base[0]) ?
+    hpmask[0] &
-		 0xf : 0x1f);
+    (QUICLY_PACKET_IS_LONG_HEADER (pctx->packet.octets.base[0]) ? 0xf : 0x1f);
   pnlen = (pctx->packet.octets.base[0] & 0x3) + 1;
   for (i = 0; i != pnlen; ++i)
     {
       pctx->packet.octets.base[pctx->packet.encrypted_off + i] ^=
 	hpmask[i + 1];
-      pnbits =
+      pnbits = (pnbits << 8) |
-	(pnbits << 8) | pctx->packet.octets.base[pctx->packet.encrypted_off +
+	       pctx->packet.octets.base[pctx->packet.encrypted_off + i];
-						 i];
     }
 
   size_t aead_off = pctx->packet.encrypted_off + pnlen;
 
-  pn =
+  pn = quicly_determine_packet_number (pnbits, pnlen * 8,
-    quicly_determine_packet_number (pnbits, pnlen * 8,
+				       next_expected_packet_number);
-				    next_expected_packet_number);
 
   int key_phase_bit =
     (pctx->packet.octets.base[0] & QUICLY_KEY_PHASE_BIT) != 0;
@@ -236,7 +234,7 @@ quic_crypto_decrypt_packet (quic_ctx_t * qctx, quic_rx_packet_ctx_t * pctx)
       pctx->packet.octets.base[0] ^=
 	hpmask[0] &
 	(QUICLY_PACKET_IS_LONG_HEADER (pctx->packet.octets.base[0]) ? 0xf :
-	 0x1f);
+									    0x1f);
       for (i = 0; i != pnlen; ++i)
 	{
 	  pctx->packet.octets.base[pctx->packet.encrypted_off + i] ^=
@@ -251,8 +249,8 @@ quic_crypto_decrypt_packet (quic_ctx_t * qctx, quic_rx_packet_ctx_t * pctx)
 	 pctx->packet.octets.len - aead_off, pn, pctx->packet.octets.base,
 	 aead_off)) == SIZE_MAX)
     {
-      fprintf (stderr,
+      fprintf (stderr, "%s: aead decryption failure (pn: %d)\n", __FUNCTION__,
-	       "%s: aead decryption failure (pn: %d)\n", __FUNCTION__, pn);
+	       pn);
       return;
     }
 
@@ -371,14 +369,14 @@ quic_crypto_cipher_setup_crypto (ptls_cipher_context_t *_ctx, int is_enc,
 }
 
 static int
-quic_crypto_aes128ctr_setup_crypto (ptls_cipher_context_t * ctx, int is_enc,
+quic_crypto_aes128ctr_setup_crypto (ptls_cipher_context_t *ctx, int is_enc,
 				    const void *key)
 {
   return quic_crypto_cipher_setup_crypto (ctx, 1, key, EVP_aes_128_ctr ());
 }
 
 static int
-quic_crypto_aes256ctr_setup_crypto (ptls_cipher_context_t * ctx, int is_enc,
+quic_crypto_aes256ctr_setup_crypto (ptls_cipher_context_t *ctx, int is_enc,
 				    const void *key)
 {
   return quic_crypto_cipher_setup_crypto (ctx, 1, key, EVP_aes_256_ctr ());
@@ -504,6 +502,7 @@ ptls_cipher_algorithm_t quic_crypto_aes256ctr = {
   quic_crypto_aes256ctr_setup_crypto
 };
 
+#define PTLS_X86_CACHE_LINE_ALIGN_BITS 6
 ptls_aead_algorithm_t quic_crypto_aes128gcm = {
   "AES128-GCM",
   PTLS_AESGCM_CONFIDENTIALITY_LIMIT,
@@ -513,6 +512,9 @@ ptls_aead_algorithm_t quic_crypto_aes128gcm = {
   PTLS_AES128_KEY_SIZE,
   PTLS_AESGCM_IV_SIZE,
   PTLS_AESGCM_TAG_SIZE,
+  { PTLS_TLS12_AESGCM_FIXED_IV_SIZE, PTLS_TLS12_AESGCM_RECORD_IV_SIZE },
+  1,
+  PTLS_X86_CACHE_LINE_ALIGN_BITS,
   sizeof (struct aead_crypto_context_t),
   quic_crypto_aead_aes128gcm_setup_crypto
 };
@@ -526,18 +528,21 @@ ptls_aead_algorithm_t quic_crypto_aes256gcm = {
   PTLS_AES256_KEY_SIZE,
   PTLS_AESGCM_IV_SIZE,
   PTLS_AESGCM_TAG_SIZE,
+  { PTLS_TLS12_AESGCM_FIXED_IV_SIZE, PTLS_TLS12_AESGCM_RECORD_IV_SIZE },
+  1,
+  PTLS_X86_CACHE_LINE_ALIGN_BITS,
   sizeof (struct aead_crypto_context_t),
   quic_crypto_aead_aes256gcm_setup_crypto
 };
 
 ptls_cipher_suite_t quic_crypto_aes128gcmsha256 = {
-  PTLS_CIPHER_SUITE_AES_128_GCM_SHA256,
+  PTLS_CIPHER_SUITE_AES_128_GCM_SHA256, &quic_crypto_aes128gcm,
-  &quic_crypto_aes128gcm, &ptls_openssl_sha256
+  &ptls_openssl_sha256
 };
 
 ptls_cipher_suite_t quic_crypto_aes256gcmsha384 = {
-  PTLS_CIPHER_SUITE_AES_256_GCM_SHA384,
+  PTLS_CIPHER_SUITE_AES_256_GCM_SHA384, &quic_crypto_aes256gcm,
-  &quic_crypto_aes256gcm, &ptls_openssl_sha384
+  &ptls_openssl_sha384
 };
 
 ptls_cipher_suite_t *quic_crypto_cipher_suites[] = {

src/plugins/tlspicotls/CMakeLists.txt

@@ -5,7 +5,7 @@ include (CheckFunctionExists)
 # it's reasonable to make this check to avoid breaking
 # existing builds when upgrading the quicly/picotls
 # versions
-set(EXPECTED_QUICLY_VERSION "0.1.3-vpp")
+set(EXPECTED_QUICLY_VERSION "0.1.4-vpp")
 
 
 vpp_find_path(QUICLY_INCLUDE_DIR NAMES quicly.h)

src/plugins/tlspicotls/pico_vpp_crypto.c

@@ -306,6 +306,7 @@ ptls_cipher_algorithm_t ptls_vpp_crypto_aes256ctr = {
   ptls_vpp_crypto_aes256ctr_setup_crypto
 };
 
+#define PTLS_X86_CACHE_LINE_ALIGN_BITS 6
 ptls_aead_algorithm_t ptls_vpp_crypto_aes128gcm = {
   "AES128-GCM",
   PTLS_AESGCM_CONFIDENTIALITY_LIMIT,
@@ -315,6 +316,9 @@ ptls_aead_algorithm_t ptls_vpp_crypto_aes128gcm = {
   PTLS_AES128_KEY_SIZE,
   PTLS_AESGCM_IV_SIZE,
   PTLS_AESGCM_TAG_SIZE,
+  { PTLS_TLS12_AESGCM_FIXED_IV_SIZE, PTLS_TLS12_AESGCM_RECORD_IV_SIZE },
+  1,
+  PTLS_X86_CACHE_LINE_ALIGN_BITS,
   sizeof (struct vpp_aead_context_t),
   ptls_vpp_crypto_aead_aes128gcm_setup_crypto
 };
@@ -328,6 +332,9 @@ ptls_aead_algorithm_t ptls_vpp_crypto_aes256gcm = {
   PTLS_AES256_KEY_SIZE,
   PTLS_AESGCM_IV_SIZE,
   PTLS_AESGCM_TAG_SIZE,
+  { PTLS_TLS12_AESGCM_FIXED_IV_SIZE, PTLS_TLS12_AESGCM_RECORD_IV_SIZE },
+  1,
+  PTLS_X86_CACHE_LINE_ALIGN_BITS,
   sizeof (struct vpp_aead_context_t),
   ptls_vpp_crypto_aead_aes256gcm_setup_crypto
 };