quic: integrate vpp crypto api for quic packets encryption

Type: feature Change-Id: I740f15a5ef959d31e94e59d652aa9f691db1f289 Signed-off-by: Mathias Raoul <mathias.raoul@gmail.com>
2019-07-12 19:11:49 +02:00
parent 4b0b0d4b53
commit 9082b43dd0
5 changed files with 436 additions and 0 deletions
--- a/build/external/patches/quicly_0.0.2-vpp/0001-Add-function-ptr-in-ptls-ctx-for-aead_encrypt.patch
+++ b/build/external/patches/quicly_0.0.2-vpp/0001-Add-function-ptr-in-ptls-ctx-for-aead_encrypt.patch
@@ -0,0 +1,33 @@
+diff --git a/deps/picotls/include/picotls.h b/deps/picotls/include/picotls.h
+index 06d62f9..de33b86 100644
+--- a/deps/picotls/include/picotls.h
+++ b/deps/picotls/include/picotls.h
+@@ -276,6 +276,8 @@ typedef struct st_ptls_aead_context_t {
+     size_t (*do_encrypt_final)(struct st_ptls_aead_context_t *ctx, void *output);
+     size_t (*do_decrypt)(struct st_ptls_aead_context_t *ctx, void *output, const void *input, size_t inlen, const void *iv,
+                          const void *aad, size_t aadlen);
+    size_t (*do_encrypt)(struct st_ptls_aead_context_t *ctx, void *output, const void *input, size_t inlen, uint64_t seq,
+                         const void *iv, const void *aad, size_t aadlen);
+ } ptls_aead_context_t;
+ 
+ /**
+diff --git a/deps/picotls/lib/picotls.c b/deps/picotls/lib/picotls.c
+index 70d2fef..f98f7b4 100644
+--- a/deps/picotls/lib/picotls.c
+++ b/deps/picotls/lib/picotls.c
+@@ -4890,6 +4890,13 @@ size_t ptls_aead_encrypt(ptls_aead_context_t *ctx, void *output, const void *inp
+ {
+     size_t off = 0;
+ 
+    if(ctx->do_encrypt)
+    {
+        uint8_t iv[PTLS_MAX_IV_SIZE];
+        ptls_aead__build_iv(ctx, iv, seq);
+        return ctx->do_encrypt(ctx, output, input, inlen, seq, iv, aad, aadlen);
+    }
+
+     ptls_aead_encrypt_init(ctx, seq, aad, aadlen);
+     off += ptls_aead_encrypt_update(ctx, ((uint8_t *)output) + off, input, inlen);
+     off += ptls_aead_encrypt_final(ctx, ((uint8_t *)output) + off);
+
+
--- a/src/plugins/quic/CMakeLists.txt
+++ b/src/plugins/quic/CMakeLists.txt
@@ -31,6 +31,7 @@ if(QUICLY_INCLUDE_DIR AND QUIC_LINK_LIBRARIES)
  add_vpp_plugin(quic
    SOURCES
    quic.c
+    quic_crypto.c

    INSTALL_HEADERS
    quic.h
--- a/src/plugins/quic/quic.c
+++ b/src/plugins/quic/quic.c
@@ -30,6 +30,8 @@
 #include <picotls/openssl.h>
 #include <picotls/pembase64.h>

+#include <quic/quic_crypto.h>
+
 static quic_main_t quic_main;
 static void quic_update_timer (quic_ctx_t * ctx);

@@ -2539,7 +2541,40 @@ quic_init (vlib_main_t * vm)

 VLIB_INIT_FUNCTION (quic_init);

+static clib_error_t *
+quic_plugin_crypto_command_fn (vlib_main_t * vm,
+			       unformat_input_t * input,
+			       vlib_cli_command_t * cmd)
+{
+  while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
+    {
+      if (unformat (input, "vpp"))
+	{
+	  quic_tlsctx.cipher_suites = vpp_crypto_cipher_suites;
+	  return 0;
+	}
+      else if (unformat (input, "picotls"))
+	{
+	  quic_tlsctx.cipher_suites = ptls_openssl_cipher_suites;
+	  return 0;
+	}
+      else
+	return clib_error_return (0, "unknown input '%U'",
+				  format_unformat_error, input);
+    }
+
+  return clib_error_return (0, "unknown input '%U'",
+			    format_unformat_error, input);
+}
+
 /* *INDENT-OFF* */
+VLIB_CLI_COMMAND(quic_plugin_crypto_command, static)=
+{
+	.path = "quic set crypto api",
+	.short_help = "quic set crypto api [picotls, vpp]",
+	.function = quic_plugin_crypto_command_fn,
+};
+
 VLIB_PLUGIN_REGISTER () =
 {
  .version = VPP_BUILD_VER,
--- a/src/plugins/quic/quic_crypto.c
+++ b/src/plugins/quic/quic_crypto.c
--- a/src/plugins/quic/quic_crypto.h
+++ b/src/plugins/quic/quic_crypto.h
@@ -0,0 +1,31 @@
+/*
+ * Copyright (c) 2019 Cisco and/or its affiliates.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef __included_vpp_quic_crypto_h__
+#define __included_vpp_quic_crypto_h__
+
+#include <quicly.h>
+
+extern ptls_cipher_suite_t *vpp_crypto_cipher_suites[];
+
+#endif /* __included_vpp_quic_crypto_h__ */
+
+/*
+ * fd.io coding-style-patch-verification: ON
+ *
+ * Local Variables:
+ * eval: (c-set-style "gnu")
+ * End:
+ */