From e449e47e7e73f672a027531c0ea47764c06baec7 Mon Sep 17 00:00:00 2001 From: Nick Banks Date: Sat, 19 Dec 2020 23:48:58 -0800 Subject: [PATCH] Official Version 1 Support (#1099) * Official Version 1 Support * Minor fixes * Update the ALPNs too * WIP to fix VN * Refactor reset * Declare prototype * Another build error * Fix assert * Fix format in interop * Ingest latest OpenSSL fixes * Update TLS unit test to set TP type * Fix unaligned access * Byteswap only for log * Free old TLS on reset * Fix 0-RTT ticket bug in stub --- .azure/templates/build-config-user.yml | 2 +- src/core/binding.c | 6 +- src/core/connection.c | 151 ++++++++-------------- src/core/crypto.c | 38 +++--- src/core/crypto.h | 3 +- src/core/crypto_tls.c | 17 ++- src/core/packet.c | 42 +----- src/core/packet.h | 8 +- src/core/packet_builder.c | 18 +-- src/inc/quic_tls.h | 17 +-- src/inc/quic_versions.h | 20 +-- src/platform/tls_mitls.c | 44 ++----- src/platform/tls_openssl.c | 72 ++--------- src/platform/tls_schannel.c | 32 ++--- src/platform/tls_stub.c | 98 ++++++-------- src/platform/unittest/CryptTest.cpp | 14 +- src/platform/unittest/TlsTest.cpp | 2 + src/tools/interop/interop.cpp | 20 +-- src/tools/interopserver/InteropServer.cpp | 6 +- src/tools/post/post.cpp | 8 +- src/tools/reach/reach.cpp | 5 +- submodules/openssl | 2 +- 22 files changed, 200 insertions(+), 425 deletions(-) diff --git a/.azure/templates/build-config-user.yml b/.azure/templates/build-config-user.yml index 9048a9e2..3ab1983b 100644 --- a/.azure/templates/build-config-user.yml +++ b/.azure/templates/build-config-user.yml @@ -46,7 +46,7 @@ jobs: - task: Cache@2 inputs: - key: '"${{ parameters.platform }}_${{ parameters.arch }}_${{ parameters.tls }}_${{ parameters.extraName }}_4" | .gitmodules' + key: '"${{ parameters.platform }}_${{ parameters.arch }}_${{ parameters.tls }}_${{ parameters.extraName }}_5" | .gitmodules' path: build/${{ parameters.platform }}/${{ parameters.arch }}_${{ parameters.tls }}/openssl displayName: Cache OpenSSL condition: and(succeeded(), eq('${{ parameters.tls }}', 'openssl')) diff --git a/src/core/binding.c b/src/core/binding.c index ac3c50d0..61e4bec4 100644 --- a/src/core/binding.c +++ b/src/core/binding.c @@ -1432,12 +1432,8 @@ QuicBindingDeliverDatagrams( // Only Initial (version specific) packets are processed from here on. // switch (Packet->Invariant->LONG_HDR.Version) { - case QUIC_VERSION_DRAFT_27: - case QUIC_VERSION_DRAFT_28: + case QUIC_VERSION_1: case QUIC_VERSION_DRAFT_29: - case QUIC_VERSION_DRAFT_30: - case QUIC_VERSION_DRAFT_31: - case QUIC_VERSION_DRAFT_32: case QUIC_VERSION_MS_1: if (Packet->LH->Type != QUIC_INITIAL) { QuicPacketLogDrop(Binding, Packet, "Non-initial packet not matched with a connection"); diff --git a/src/core/connection.c b/src/core/connection.c index b2dcd052..f6e1e89f 100644 --- a/src/core/connection.c +++ b/src/core/connection.c @@ -1694,12 +1694,8 @@ QuicConnOnQuicVersionSet( Connection->Stats.QuicVersion); switch (Connection->Stats.QuicVersion) { - case QUIC_VERSION_DRAFT_27: - case QUIC_VERSION_DRAFT_28: + case QUIC_VERSION_1: case QUIC_VERSION_DRAFT_29: - case QUIC_VERSION_DRAFT_30: - case QUIC_VERSION_DRAFT_31: - case QUIC_VERSION_DRAFT_32: case QUIC_VERSION_MS_1: default: Connection->State.HeaderProtectionEnabled = TRUE; @@ -1888,6 +1884,13 @@ QuicConnStart( return Status; } +_IRQL_requires_max_(PASSIVE_LEVEL) +QUIC_STATUS +QuicConnGenerateLocalTransportParameters( + _In_ QUIC_CONNECTION* Connection, + _Out_ QUIC_TRANSPORT_PARAMETERS* LocalTP + ); + _IRQL_requires_max_(PASSIVE_LEVEL) void QuicConnRestart( @@ -1921,8 +1924,30 @@ QuicConnRestart( QuicCongestionControlReset(&Connection->CongestionControl); QuicSendReset(&Connection->Send); QuicLossDetectionReset(&Connection->LossDetection); - QuicCryptoReset(&Connection->Crypto, CompleteReset); + + if (CompleteReset) { + QUIC_DBG_ASSERT(Connection->Configuration != NULL); + + QUIC_TRANSPORT_PARAMETERS LocalTP = { 0 }; + QUIC_STATUS Status = + QuicConnGenerateLocalTransportParameters(Connection, &LocalTP); + QUIC_FRE_ASSERT(QUIC_SUCCEEDED(Status)); // Can't fail since it passed already. + UNREFERENCED_PARAMETER(Status); + + Status = + QuicCryptoInitializeTls( + &Connection->Crypto, + Connection->Configuration->SecurityConfig, + &LocalTP); + if (QUIC_FAILED(Status)) { + QuicConnFatalError(Connection, Status, NULL); + } + + } else { + QuicCryptoReset(&Connection->Crypto); + } } + _IRQL_requires_max_(PASSIVE_LEVEL) QUIC_STATUS QuicConnSendResumptionTicket( @@ -2164,14 +2189,12 @@ QuicConnGenerateLocalTransportParameters( LocalTP->AckDelayExponent = Connection->AckDelayExponent; } - if (Connection->Stats.QuicVersion != QUIC_VERSION_DRAFT_27) { - LocalTP->Flags |= QUIC_TP_FLAG_INITIAL_SOURCE_CONNECTION_ID; - LocalTP->InitialSourceConnectionIDLength = SourceCid->CID.Length; - QuicCopyMemory( - LocalTP->InitialSourceConnectionID, - SourceCid->CID.Data, - SourceCid->CID.Length); - } + LocalTP->Flags |= QUIC_TP_FLAG_INITIAL_SOURCE_CONNECTION_ID; + LocalTP->InitialSourceConnectionIDLength = SourceCid->CID.Length; + QuicCopyMemory( + LocalTP->InitialSourceConnectionID, + SourceCid->CID.Data, + SourceCid->CID.Length); if (Connection->Settings.DatagramReceiveEnabled) { LocalTP->Flags |= QUIC_TP_FLAG_MAX_DATAGRAM_FRAME_SIZE; @@ -2227,8 +2250,7 @@ QuicConnGenerateLocalTransportParameters( QUIC_FREE(Connection->OrigDestCID, QUIC_POOL_CID); Connection->OrigDestCID = NULL; - if (Connection->State.HandshakeUsedRetryPacket && - Connection->Stats.QuicVersion != QUIC_VERSION_DRAFT_27) { + if (Connection->State.HandshakeUsedRetryPacket) { QUIC_DBG_ASSERT(SourceCid->Link.Next != NULL); const QUIC_CID_HASH_ENTRY* PrevSourceCid = QUIC_CONTAINING_RECORD( @@ -2369,71 +2391,6 @@ QuicConnSetConfiguration( return Status; } -BOOLEAN -QuicConnValidateTransportParameterDraft27CIDs( - _In_ QUIC_CONNECTION* Connection - ) -{ - if (Connection->State.HandshakeUsedRetryPacket) { - QUIC_DBG_ASSERT(!QuicConnIsServer(Connection)); - QUIC_DBG_ASSERT(Connection->OrigDestCID != NULL); - // - // If we received a Retry packet during the handshake, we (the client) - // must validate that the server knew the original connection ID we sent, - // so that we can be sure that no middle box injected the Retry packet. - // - if (!(Connection->PeerTransportParams.Flags & QUIC_TP_FLAG_ORIGINAL_DESTINATION_CONNECTION_ID)) { - QuicTraceEvent( - ConnError, - "[conn][%p] ERROR, %s.", - Connection, - "Peer didn't provide the original destination CID in TP"); - return FALSE; - } - - if (Connection->PeerTransportParams.OriginalDestinationConnectionIDLength != Connection->OrigDestCID->Length) { - QuicTraceEvent( - ConnError, - "[conn][%p] ERROR, %s.", - Connection, - "Peer provided incorrect length of original destination CID in TP"); - return FALSE; - } - - if (memcmp( - Connection->PeerTransportParams.OriginalDestinationConnectionID, - Connection->OrigDestCID->Data, - Connection->OrigDestCID->Length) != 0) { - QuicTraceEvent( - ConnError, - "[conn][%p] ERROR, %s.", - Connection, - "Peer provided incorrect original destination CID in TP"); - return FALSE; - } - - QUIC_FREE(Connection->OrigDestCID, QUIC_POOL_CID); - Connection->OrigDestCID = NULL; - - } else if (!QuicConnIsServer(Connection)) { - // - // Per spec, the client must validate no original destination CID TP - // was sent if no Retry occurred. No need to validate cached values, as - // they don't apply to the current connection attempt. - // - if (!!(Connection->PeerTransportParams.Flags & QUIC_TP_FLAG_ORIGINAL_DESTINATION_CONNECTION_ID)) { - QuicTraceEvent( - ConnError, - "[conn][%p] ERROR, %s.", - Connection, - "Peer provided the original destination CID in TP when no Retry occurred"); - return FALSE; - } - } - - return TRUE; -} - BOOLEAN QuicConnValidateTransportParameterCIDs( _In_ QUIC_CONNECTION* Connection @@ -2559,17 +2516,10 @@ QuicConnProcessPeerTransportParameters( } // - // Version draft-28 and later fully validate all exchanged connection IDs. - // Version draft-27 only validates in the Retry scenario. + // Fully validate all exchanged connection IDs. // - if (Connection->Stats.QuicVersion == QUIC_VERSION_DRAFT_27) { - if (!QuicConnValidateTransportParameterDraft27CIDs(Connection)) { - goto Error; - } - } else { - if (!QuicConnValidateTransportParameterCIDs(Connection)) { - goto Error; - } + if (!QuicConnValidateTransportParameterCIDs(Connection)) { + goto Error; } } @@ -2812,16 +2762,20 @@ QuicConnRecvVerNeg( "Received Version Negotation:"); for (uint16_t i = 0; i < ServerVersionListLength; i++) { + uint32_t ServerVersion; + QuicCopyMemory(&ServerVersion, &ServerVersionList[i], sizeof(ServerVersion)); + QuicTraceLogConnVerbose( VerNegItem, Connection, - " Ver[%d]: 0x%x", i, - QuicByteSwapUint32(ServerVersionList[i])); + " Ver[%d]: 0x%x", + i, + QuicByteSwapUint32(ServerVersion)); // // Check to see if this is the current version. // - if (ServerVersionList[i] == Connection->Stats.QuicVersion) { + if (ServerVersion == Connection->Stats.QuicVersion) { QuicPacketLogDrop(Connection, Packet, "Version Negotation that includes the current version"); return; } @@ -2830,9 +2784,8 @@ QuicConnRecvVerNeg( // Check to see if this is supported, if we haven't already found a // supported version. // - if (SupportedVersion == 0 && - QuicIsVersionSupported(ServerVersionList[i])) { - SupportedVersion = ServerVersionList[i]; + if (SupportedVersion == 0 && QuicIsVersionSupported(ServerVersion)) { + SupportedVersion = ServerVersion; } } @@ -3204,9 +3157,7 @@ QuicConnRecvHeader( QuicPathSetValid(Connection, Path, QUIC_PATH_VALID_INITIAL_TOKEN); - } else if ( - Connection->Stats.QuicVersion != QUIC_VERSION_DRAFT_27 && - Connection->OrigDestCID == NULL) { + } else if (Connection->OrigDestCID == NULL) { Connection->OrigDestCID = QUIC_ALLOC_NONPAGED( diff --git a/src/core/crypto.c b/src/core/crypto.c index 8384345d..7fdd00c0 100644 --- a/src/core/crypto.c +++ b/src/core/crypto.c @@ -270,6 +270,16 @@ QuicCryptoInitializeTls( QUIC_DBG_ASSERT(SecConfig != NULL); QUIC_DBG_ASSERT(Connection->Configuration != NULL); + Crypto->MaxSentLength = 0; + Crypto->UnAckedOffset = 0; + Crypto->NextSendOffset = 0; + Crypto->RecoveryNextOffset = 0; + Crypto->RecoveryEndOffset = 0; + Crypto->InRecovery = FALSE; + + Crypto->TlsState.BufferLength = 0; + Crypto->TlsState.BufferTotalLength = 0; + TlsConfig.IsServer = IsServer; if (IsServer) { TlsConfig.AlpnBuffer = Crypto->TlsState.NegotiatedAlpn; @@ -292,6 +302,10 @@ QuicCryptoInitializeTls( TlsConfig.TlsSecrets = Connection->TlsSecrets; #endif + TlsConfig.TPType = + Connection->Stats.QuicVersion != QUIC_VERSION_DRAFT_29 ? + TLS_EXTENSION_TYPE_QUIC_TRANSPORT_PARAMETERS : + TLS_EXTENSION_TYPE_QUIC_TRANSPORT_PARAMETERS_DRAFT; TlsConfig.LocalTPBuffer = QuicCryptoTlsEncodeTransportParameters( Connection, @@ -305,6 +319,11 @@ QuicCryptoInitializeTls( goto Error; } + if (Crypto->TLS != NULL) { + QuicTlsUninitialize(Crypto->TLS); + Crypto->TLS = NULL; + } + Status = QuicTlsInitialize(&TlsConfig, &Crypto->TlsState, &Crypto->TLS); if (QUIC_FAILED(Status)) { QuicTraceEvent( @@ -329,8 +348,7 @@ QuicCryptoInitializeTls( _IRQL_requires_max_(PASSIVE_LEVEL) void QuicCryptoReset( - _In_ QUIC_CRYPTO* Crypto, - _In_ BOOLEAN ResetTls + _In_ QUIC_CRYPTO* Crypto ) { QUIC_DBG_ASSERT(!QuicConnIsServer(QuicCryptoGetConnection(Crypto))); @@ -345,19 +363,9 @@ QuicCryptoReset( Crypto->RecoveryEndOffset = 0; Crypto->InRecovery = FALSE; - UNREFERENCED_PARAMETER(ResetTls); - /*if (ResetTls) { - Crypto->TlsState.BufferLength = 0; - Crypto->TlsState.BufferTotalLength = 0; - - QuicTlsReset(Crypto->TLS); - QuicCryptoProcessData(Crypto, TRUE); - - } else*/ { - QuicSendSetSendFlag( - &QuicCryptoGetConnection(Crypto)->Send, - QUIC_CONN_SEND_FLAG_CRYPTO); - } + QuicSendSetSendFlag( + &QuicCryptoGetConnection(Crypto)->Send, + QUIC_CONN_SEND_FLAG_CRYPTO); QuicCryptoValidate(Crypto); } diff --git a/src/core/crypto.h b/src/core/crypto.h index eb01b60e..312c3416 100644 --- a/src/core/crypto.h +++ b/src/core/crypto.h @@ -142,8 +142,7 @@ QuicCryptoInitializeTls( _IRQL_requires_max_(PASSIVE_LEVEL) void QuicCryptoReset( - _In_ QUIC_CRYPTO* Crypto, - _In_ BOOLEAN ResetTls + _In_ QUIC_CRYPTO* Crypto ); // diff --git a/src/core/crypto_tls.c b/src/core/crypto_tls.c index 9853e7a4..79a90ccf 100644 --- a/src/core/crypto_tls.c +++ b/src/core/crypto_tls.c @@ -30,7 +30,6 @@ typedef enum eTlsExtensions { TlsExt_ServerName = 0x00, TlsExt_AppProtocolNegotiation = 0x10, TlsExt_SessionTicket = 0x23, - TlsExt_QuicTransportParameters = 0xffa5 } eTlsExtensions; typedef enum eSniNameType { @@ -387,7 +386,21 @@ QuicCryptoTlsReadExtensions( return Status; } - } else if (ExtType == TlsExt_QuicTransportParameters) { + } else if ( + Connection->Stats.QuicVersion != QUIC_VERSION_DRAFT_29 && + ExtType == TLS_EXTENSION_TYPE_QUIC_TRANSPORT_PARAMETERS) { + if (!QuicCryptoTlsDecodeTransportParameters( + Connection, + FALSE, + Buffer, + ExtLen, + &Connection->PeerTransportParams)) { + return QUIC_STATUS_INVALID_PARAMETER; + } + FoundTransportParameters = TRUE; + } else if ( + Connection->Stats.QuicVersion == QUIC_VERSION_DRAFT_29 && + ExtType == TLS_EXTENSION_TYPE_QUIC_TRANSPORT_PARAMETERS_DRAFT) { if (!QuicCryptoTlsDecodeTransportParameters( Connection, FALSE, diff --git a/src/core/packet.c b/src/core/packet.c index 00eddfc7..20f6fbca 100644 --- a/src/core/packet.c +++ b/src/core/packet.c @@ -19,36 +19,16 @@ // The list is in priority order (highest to lowest). // const QUIC_VERSION_INFO QuicSupportedVersionList[] = { - { QUIC_VERSION_DRAFT_32, - { 0xaf, 0xbf, 0xec, 0x28, 0x99, 0x93, 0xd2, 0x4c, 0x9e, 0x97, - 0x86, 0xf1, 0x9c, 0x61, 0x11, 0xe0, 0x43, 0x90, 0xa8, 0x99 }, - { 0x8b, 0x0d, 0x37, 0xeb, 0x85, 0x35, 0x02, 0x2e, 0xbc, 0x8d, 0x76, 0xa2, 0x07, 0xd8, 0x0d, 0xf2, - 0x26, 0x46, 0xec, 0x06, 0xdc, 0x80, 0x96, 0x42, 0xc3, 0x0a, 0x8b, 0xaa, 0x2b, 0xaa, 0xff, 0x4c } }, - { QUIC_VERSION_DRAFT_31, - { 0xaf, 0xbf, 0xec, 0x28, 0x99, 0x93, 0xd2, 0x4c, 0x9e, 0x97, - 0x86, 0xf1, 0x9c, 0x61, 0x11, 0xe0, 0x43, 0x90, 0xa8, 0x99 }, - { 0x8b, 0x0d, 0x37, 0xeb, 0x85, 0x35, 0x02, 0x2e, 0xbc, 0x8d, 0x76, 0xa2, 0x07, 0xd8, 0x0d, 0xf2, - 0x26, 0x46, 0xec, 0x06, 0xdc, 0x80, 0x96, 0x42, 0xc3, 0x0a, 0x8b, 0xaa, 0x2b, 0xaa, 0xff, 0x4c } }, - { QUIC_VERSION_DRAFT_30, - { 0xaf, 0xbf, 0xec, 0x28, 0x99, 0x93, 0xd2, 0x4c, 0x9e, 0x97, - 0x86, 0xf1, 0x9c, 0x61, 0x11, 0xe0, 0x43, 0x90, 0xa8, 0x99 }, - { 0x8b, 0x0d, 0x37, 0xeb, 0x85, 0x35, 0x02, 0x2e, 0xbc, 0x8d, 0x76, 0xa2, 0x07, 0xd8, 0x0d, 0xf2, - 0x26, 0x46, 0xec, 0x06, 0xdc, 0x80, 0x96, 0x42, 0xc3, 0x0a, 0x8b, 0xaa, 0x2b, 0xaa, 0xff, 0x4c } }, + { QUIC_VERSION_1, + { 0x38, 0x76, 0x2c, 0xf7, 0xf5, 0x59, 0x34, 0xb3, 0x4d, 0x17, + 0x9a, 0xe6, 0xa4, 0xc8, 0x0c, 0xad, 0xcc, 0xbb, 0x7f, 0x0a }, + { 0xd9, 0xc9, 0x94, 0x3e, 0x61, 0x01, 0xfd, 0x20, 0x00, 0x21, 0x50, 0x6b, 0xcc, 0x02, 0x81, 0x4c, + 0x73, 0x03, 0x0f, 0x25, 0xc7, 0x9d, 0x71, 0xce, 0x87, 0x6e, 0xca, 0x87, 0x6e, 0x6f, 0xca, 0x8e } }, { QUIC_VERSION_DRAFT_29, { 0xaf, 0xbf, 0xec, 0x28, 0x99, 0x93, 0xd2, 0x4c, 0x9e, 0x97, 0x86, 0xf1, 0x9c, 0x61, 0x11, 0xe0, 0x43, 0x90, 0xa8, 0x99 }, { 0x8b, 0x0d, 0x37, 0xeb, 0x85, 0x35, 0x02, 0x2e, 0xbc, 0x8d, 0x76, 0xa2, 0x07, 0xd8, 0x0d, 0xf2, 0x26, 0x46, 0xec, 0x06, 0xdc, 0x80, 0x96, 0x42, 0xc3, 0x0a, 0x8b, 0xaa, 0x2b, 0xaa, 0xff, 0x4c } }, - { QUIC_VERSION_DRAFT_28, - { 0xc3, 0xee, 0xf7, 0x12, 0xc7, 0x2e, 0xbb, 0x5a, 0x11, 0xa7, - 0xd2, 0x43, 0x2b, 0xb4, 0x63, 0x65, 0xbe, 0xf9, 0xf5, 0x02 }, - { 0x65, 0x6e, 0x61, 0xe3, 0x36, 0xae, 0x94, 0x17, 0xf7, 0xf0, 0xed, 0xd8, 0xd7, 0x8d, 0x46, 0x1e, - 0x2a, 0xa7, 0x08, 0x4a, 0xba, 0x7a, 0x14, 0xc1, 0xe9, 0xf7, 0x26, 0xd5, 0x57, 0x09, 0x16, 0x9a } }, - { QUIC_VERSION_DRAFT_27, - { 0xc3, 0xee, 0xf7, 0x12, 0xc7, 0x2e, 0xbb, 0x5a, 0x11, 0xa7, - 0xd2, 0x43, 0x2b, 0xb4, 0x63, 0x65, 0xbe, 0xf9, 0xf5, 0x02 }, - { 0x65, 0x6e, 0x61, 0xe3, 0x36, 0xae, 0x94, 0x17, 0xf7, 0xf0, 0xed, 0xd8, 0xd7, 0x8d, 0x46, 0x1e, - 0x2a, 0xa7, 0x08, 0x4a, 0xba, 0x7a, 0x14, 0xc1, 0xe9, 0xf7, 0x26, 0xd5, 0x57, 0x09, 0x16, 0x9a } }, { QUIC_VERSION_MS_1, { 0xaf, 0xbf, 0xec, 0x28, 0x99, 0x93, 0xd2, 0x4c, 0x9e, 0x97, 0x86, 0xf1, 0x9c, 0x61, 0x11, 0xe0, 0x43, 0x90, 0xa8, 0x99 }, @@ -595,12 +575,8 @@ QuicPacketLogHeader( break; } - case QUIC_VERSION_DRAFT_27: - case QUIC_VERSION_DRAFT_28: + case QUIC_VERSION_1: case QUIC_VERSION_DRAFT_29: - case QUIC_VERSION_DRAFT_30: - case QUIC_VERSION_DRAFT_31: - case QUIC_VERSION_DRAFT_32: case QUIC_VERSION_MS_1: { const QUIC_LONG_HEADER_V1 * const LongHdr = (const QUIC_LONG_HEADER_V1 * const)Packet; @@ -690,12 +666,8 @@ QuicPacketLogHeader( const uint8_t* DestCid = Invariant->SHORT_HDR.DestCid; switch (Version) { - case QUIC_VERSION_DRAFT_27: - case QUIC_VERSION_DRAFT_28: + case QUIC_VERSION_1: case QUIC_VERSION_DRAFT_29: - case QUIC_VERSION_DRAFT_30: - case QUIC_VERSION_DRAFT_31: - case QUIC_VERSION_DRAFT_32: case QUIC_VERSION_MS_1: { const QUIC_SHORT_HEADER_V1 * const Header = (const QUIC_SHORT_HEADER_V1 * const)Packet; diff --git a/src/core/packet.h b/src/core/packet.h index 91602bad..19c937dd 100644 --- a/src/core/packet.h +++ b/src/core/packet.h @@ -30,7 +30,7 @@ typedef struct QUIC_VERSION_INFO { // // The list of supported QUIC versions. // -extern const QUIC_VERSION_INFO QuicSupportedVersionList[7]; +extern const QUIC_VERSION_INFO QuicSupportedVersionList[3]; // // Prefixes used in packet logging. @@ -249,12 +249,8 @@ QuicPacketIsHandshake( } switch (Packet->LONG_HDR.Version) { - case QUIC_VERSION_DRAFT_27: - case QUIC_VERSION_DRAFT_28: + case QUIC_VERSION_1: case QUIC_VERSION_DRAFT_29: - case QUIC_VERSION_DRAFT_30: - case QUIC_VERSION_DRAFT_31: - case QUIC_VERSION_DRAFT_32: case QUIC_VERSION_MS_1: return ((QUIC_LONG_HEADER_V1*)Packet)->Type != QUIC_0_RTT_PROTECTED; default: diff --git a/src/core/packet_builder.c b/src/core/packet_builder.c index 98fe43ac..c98799c3 100644 --- a/src/core/packet_builder.c +++ b/src/core/packet_builder.c @@ -307,12 +307,8 @@ QuicPacketBuilderPrepare( Builder->PacketNumberLength = 4; // TODO - Determine correct length based on BDP. switch (Connection->Stats.QuicVersion) { - case QUIC_VERSION_DRAFT_27: - case QUIC_VERSION_DRAFT_28: + case QUIC_VERSION_1: case QUIC_VERSION_DRAFT_29: - case QUIC_VERSION_DRAFT_30: - case QUIC_VERSION_DRAFT_31: - case QUIC_VERSION_DRAFT_32: case QUIC_VERSION_MS_1: Builder->HeaderLength = QuicPacketEncodeShortHeaderV1( @@ -334,12 +330,8 @@ QuicPacketBuilderPrepare( } else { // Long Header switch (Connection->Stats.QuicVersion) { - case QUIC_VERSION_DRAFT_27: - case QUIC_VERSION_DRAFT_28: + case QUIC_VERSION_1: case QUIC_VERSION_DRAFT_29: - case QUIC_VERSION_DRAFT_30: - case QUIC_VERSION_DRAFT_31: - case QUIC_VERSION_DRAFT_32: case QUIC_VERSION_MS_1: default: Builder->HeaderLength = @@ -664,12 +656,8 @@ QuicPacketBuilderFinalize( if (Builder->PacketType != SEND_PACKET_SHORT_HEADER_TYPE) { switch (Connection->Stats.QuicVersion) { - case QUIC_VERSION_DRAFT_27: - case QUIC_VERSION_DRAFT_28: + case QUIC_VERSION_1: case QUIC_VERSION_DRAFT_29: - case QUIC_VERSION_DRAFT_30: - case QUIC_VERSION_DRAFT_31: - case QUIC_VERSION_DRAFT_32: case QUIC_VERSION_MS_1: default: QuicVarIntEncode2Bytes( diff --git a/src/inc/quic_tls.h b/src/inc/quic_tls.h index b94caad6..3d2c7b60 100644 --- a/src/inc/quic_tls.h +++ b/src/inc/quic_tls.h @@ -27,7 +27,8 @@ typedef struct QUIC_TLS QUIC_TLS; typedef struct QUIC_TLS_SECRETS QUIC_TLS_SECRETS; #define TLS_EXTENSION_TYPE_APPLICATION_LAYER_PROTOCOL_NEGOTIATION 0x0010 // Host Byte Order -#define TLS_EXTENSION_TYPE_QUIC_TRANSPORT_PARAMETERS 0xffa5 // Host Byte Order +#define TLS_EXTENSION_TYPE_QUIC_TRANSPORT_PARAMETERS_DRAFT 0xffa5 // Host Byte Order +#define TLS_EXTENSION_TYPE_QUIC_TRANSPORT_PARAMETERS 0x0039 // Host Byte Order // // The size of the header required by the TLS layer. @@ -101,6 +102,11 @@ typedef struct QUIC_TLS_CONFIG { const uint8_t* AlpnBuffer; uint16_t AlpnBufferLength; + // + // TLS Extension code type for transport parameters. + // + uint16_t TPType; + // // Name of the server we are connecting to (client side only). // @@ -321,15 +327,6 @@ QuicTlsUninitialize( _In_opt_ QUIC_TLS* TlsContext ); -// -// Resets an existing TLS interface. -// -_IRQL_requires_max_(PASSIVE_LEVEL) -void -QuicTlsReset( - _In_ QUIC_TLS* TlsContext - ); - // // Called to process any data received from the peer. In the case of the client, // the initial call is made with no input buffer to generate the initial output. diff --git a/src/inc/quic_versions.h b/src/inc/quic_versions.h index 0caf20f8..7bb6a60d 100644 --- a/src/inc/quic_versions.h +++ b/src/inc/quic_versions.h @@ -17,12 +17,7 @@ #define QUIC_VERSION_VER_NEG 0x00000000U // Version for 'Version Negotiation' #define QUIC_VERSION_1 0x01000000U // First official version #define QUIC_VERSION_MS_1 0x0000cdabU // First Microsoft version (currently same as latest draft) -#define QUIC_VERSION_DRAFT_27 0x1b0000ffU // IETF draft 27 -#define QUIC_VERSION_DRAFT_28 0x1c0000ffU // IETF draft 28 #define QUIC_VERSION_DRAFT_29 0x1d0000ffU // IETF draft 29 -#define QUIC_VERSION_DRAFT_30 0x1e0000ffU // IETF draft 30 -#define QUIC_VERSION_DRAFT_31 0x1f0000ffU // IETF draft 31 -#define QUIC_VERSION_DRAFT_32 0x200000ffU // IETF draft 32 // // The QUIC version numbers, in host byte order. @@ -30,12 +25,7 @@ #define QUIC_VERSION_VER_NEG_H 0x00000000U // Version for 'Version Negotiation' #define QUIC_VERSION_1_H 0x00000001U // First official version #define QUIC_VERSION_1_MS_H 0xabcd0000U // First Microsoft version (-1412628480 in decimal) -#define QUIC_VERSION_DRAFT_27_H 0xff00001bU // IETF draft 27 -#define QUIC_VERSION_DRAFT_28_H 0xff00001cU // IETF draft 28 #define QUIC_VERSION_DRAFT_29_H 0xff00001dU // IETF draft 29 -#define QUIC_VERSION_DRAFT_30_H 0xff00001eU // IETF draft 30 -#define QUIC_VERSION_DRAFT_31_H 0xff00001fU // IETF draft 31 -#define QUIC_VERSION_DRAFT_32_H 0xff000020U // IETF draft 32 // // Represents a reserved version value; used to force version negotation. @@ -46,8 +36,8 @@ // // The latest QUIC version number. // -#define QUIC_VERSION_LATEST QUIC_VERSION_DRAFT_32 -#define QUIC_VERSION_LATEST_H QUIC_VERSION_DRAFT_32_H +#define QUIC_VERSION_LATEST QUIC_VERSION_1 +#define QUIC_VERSION_LATEST_H QUIC_VERSION_1_H inline BOOLEAN @@ -56,12 +46,8 @@ QuicIsVersionSupported( ) { switch (Version) { - case QUIC_VERSION_DRAFT_27: - case QUIC_VERSION_DRAFT_28: + case QUIC_VERSION_1: case QUIC_VERSION_DRAFT_29: - case QUIC_VERSION_DRAFT_30: - case QUIC_VERSION_DRAFT_31: - case QUIC_VERSION_DRAFT_32: case QUIC_VERSION_MS_1: return TRUE; default: diff --git a/src/platform/tls_mitls.c b/src/platform/tls_mitls.c index 019f1fe8..00049499 100644 --- a/src/platform/tls_mitls.c +++ b/src/platform/tls_mitls.c @@ -217,6 +217,11 @@ typedef struct QUIC_TLS { uint8_t TlsKeySchedule : 1; uint8_t TlsKeyScheduleSet : 1; + // + // The TLS extension type for the QUIC transport parameters. + // + uint16_t QuicTpExtType; + // // The TLS configuration information and credentials. // @@ -541,6 +546,7 @@ QuicTlsInitialize( // TlsContext->IsServer = Config->IsServer; TlsContext->SecConfig = Config->SecConfig; + TlsContext->QuicTpExtType = Config->TPType; TlsContext->CurrentReaderKey = -1; TlsContext->CurrentWriterKey = -1; TlsContext->Connection = Config->Connection; @@ -557,7 +563,7 @@ QuicTlsInitialize( Config->AlpnBuffer, Config->AlpnBufferLength); - TlsContext->Extensions[1].ext_type = TLS_EXTENSION_TYPE_QUIC_TRANSPORT_PARAMETERS; + TlsContext->Extensions[1].ext_type = Config->TPType; TlsContext->Extensions[1].ext_data_len = Config->LocalTPLength; TlsContext->Extensions[1].ext_data = Config->LocalTPBuffer; @@ -720,40 +726,6 @@ QuicTlsUninitialize( } } -_IRQL_requires_max_(PASSIVE_LEVEL) -void -QuicTlsReset( - _In_ QUIC_TLS* TlsContext - ) -{ - QUIC_DBG_ASSERT(TlsContext->IsServer == FALSE); - - TlsSetValue(miTlsCurrentConnectionIndex, TlsContext->Connection); - - TlsContext->BufferLength = 0; - TlsContext->CurrentReaderKey = -1; - TlsContext->CurrentWriterKey = -1; - TlsContext->TlsKeyScheduleSet = FALSE; - - // - // Free old miTLS state. - // - FFI_mitls_quic_free(TlsContext->miTlsState); - TlsContext->miTlsState = NULL; - - // - // Reinitialize new miTLS state. - // - if (!FFI_mitls_quic_create(&TlsContext->miTlsState, &TlsContext->miTlsConfig)) { - QuicTraceEvent( - TlsError, - "[ tls][%p] ERROR, %s.", - TlsContext->Connection, - "FFI_mitls_quic_create failed"); - QUIC_DBG_ASSERT(FALSE); - } -} - _IRQL_requires_max_(PASSIVE_LEVEL) QUIC_TLS_RESULT_FLAGS QuicTlsProcessData( @@ -1422,7 +1394,7 @@ QuicTlsOnNegotiate( TlsContext->IsServer, RawExtensions, RawExtensionsLength, - TLS_EXTENSION_TYPE_QUIC_TRANSPORT_PARAMETERS, + TlsContext->QuicTpExtType, &ExtensionData, &ExtensionDataLength)) { QuicTraceEvent( diff --git a/src/platform/tls_openssl.c b/src/platform/tls_openssl.c index bb06b482..3032f485 100644 --- a/src/platform/tls_openssl.c +++ b/src/platform/tls_openssl.c @@ -57,6 +57,11 @@ typedef struct QUIC_TLS { // BOOLEAN IsServer; + // + // The TLS extension type for the QUIC transport parameters. + // + uint16_t QuicTpExtType; + // // The ALPN buffer. // @@ -469,7 +474,7 @@ QuicTlsClientHelloCallback( if (!SSL_client_hello_get0_ext( Ssl, - TLS_EXTENSION_TYPE_QUIC_TRANSPORT_PARAMETERS, + TlsContext->QuicTpExtType, &TransportParams, &TransportParamLen)) { TlsContext->ResultFlags |= QUIC_TLS_RESULT_ERROR; @@ -851,6 +856,7 @@ QuicTlsInitialize( TlsContext->Connection = Config->Connection; TlsContext->IsServer = Config->IsServer; TlsContext->SecConfig = Config->SecConfig; + TlsContext->QuicTpExtType = Config->TPType; TlsContext->AlpnBufferLength = Config->AlpnBufferLength; TlsContext->AlpnBuffer = Config->AlpnBuffer; TlsContext->ReceiveTPCallback = Config->ReceiveTPCallback; @@ -919,6 +925,10 @@ QuicTlsInitialize( SSL_set_alpn_protos(TlsContext->Ssl, TlsContext->AlpnBuffer, TlsContext->AlpnBufferLength); } + SSL_set_quic_use_legacy_codepoint( + TlsContext->Ssl, + TlsContext->QuicTpExtType == TLS_EXTENSION_TYPE_QUIC_TRANSPORT_PARAMETERS_DRAFT); + if (SSL_set_quic_transport_params( TlsContext->Ssl, Config->LocalTPBuffer, @@ -973,66 +983,6 @@ QuicTlsUninitialize( } } -void -QuicTlsReset( - _In_ QUIC_TLS* TlsContext - ) -{ - QuicTraceLogConnInfo( - OpenSslContextReset, - TlsContext->Connection, - "Resetting TLS state"); - - QUIC_DBG_ASSERT(TlsContext->IsServer == FALSE); - - // - // Free the old SSL state. - // - - if (TlsContext->Ssl != NULL) { - SSL_free(TlsContext->Ssl); - TlsContext->Ssl = NULL; - } - - // - // Create a new SSL state. - // - - TlsContext->Ssl = SSL_new(TlsContext->SecConfig->SSLCtx); - if (TlsContext->Ssl == NULL) { - QuicTraceEvent( - LibraryError, - "[ lib] ERROR, %s.", - "SSL_new failed"); - QUIC_DBG_ASSERT(FALSE); - goto Exit; - } - - SSL_set_app_data(TlsContext->Ssl, TlsContext); - - SSL_set_connect_state(TlsContext->Ssl); - SSL_set_tlsext_host_name(TlsContext->Ssl, TlsContext->SNI); - SSL_set_alpn_protos(TlsContext->Ssl, TlsContext->AlpnBuffer, TlsContext->AlpnBufferLength); - - QUIC_FRE_ASSERT(FALSE); // Currently unsupported!! - /* TODO - Figure out if this is necessary. - if (SSL_set_quic_transport_params( - TlsContext->Ssl, - Config->LocalTPBuffer, - Config->LocalTPLength) != 1) { - QuicTraceEvent( - LibraryError, - "[ lib] ERROR, %s.", - "SSL_set_quic_transport_params failed"); - Status = QUIC_STATUS_TLS_ERROR; - goto Exit; - }*/ - -Exit: - - return; -} - QUIC_TLS_RESULT_FLAGS QuicTlsProcessData( _In_ QUIC_TLS* TlsContext, diff --git a/src/platform/tls_schannel.c b/src/platform/tls_schannel.c index 0fc1f2e7..02776273 100644 --- a/src/platform/tls_schannel.c +++ b/src/platform/tls_schannel.c @@ -352,6 +352,11 @@ typedef struct QUIC_TLS { BOOLEAN HandshakeKeyRead : 1; BOOLEAN ApplicationKeyRead : 1; + // + // The TLS extension type for the QUIC transport parameters. + // + uint16_t QuicTpExtType; + // // Cached server name indication. // @@ -1475,6 +1480,7 @@ QuicTlsInitialize( TlsContext->Connection = Config->Connection; TlsContext->ReceiveTPCallback = Config->ReceiveTPCallback; TlsContext->ReceiveTicketCallback = Config->ReceiveResumptionCallback; + TlsContext->QuicTpExtType = Config->TPType; TlsContext->SNI = Config->ServerName; TlsContext->SecConfig = Config->SecConfig; #ifdef QUIC_TLS_SECRETS_SUPPORT @@ -1497,7 +1503,7 @@ QuicTlsInitialize( memcpy(&AlpnList->ProtocolList, Config->AlpnBuffer, Config->AlpnBufferLength); TlsContext->TransportParams = (SEND_GENERIC_TLS_EXTENSION*)Config->LocalTPBuffer; - TlsContext->TransportParams->ExtensionType = TLS_EXTENSION_TYPE_QUIC_TRANSPORT_PARAMETERS; + TlsContext->TransportParams->ExtensionType = Config->TPType; TlsContext->TransportParams->HandshakeType = Config->IsServer ? TlsHandshake_EncryptedExtensions : TlsHandshake_ClientHello; TlsContext->TransportParams->Flags = 0; @@ -1569,23 +1575,6 @@ QuicTlsUninitialize( } } -_IRQL_requires_max_(PASSIVE_LEVEL) -void -QuicTlsReset( - _In_ QUIC_TLS* TlsContext - ) -{ - QuicTraceLogConnInfo( - SchannelContextReset, - TlsContext->Connection, - "Resetting TLS state"); - - // - // Clean up and then re-create Schannel state. - // - QuicTlsResetSchannel(TlsContext); -} - _IRQL_requires_max_(PASSIVE_LEVEL) QUIC_TLS_RESULT_FLAGS QuicTlsWriteDataToSchannel( @@ -1743,8 +1732,7 @@ QuicTlsWriteDataToSchannel( // SubscribeExt.Flags = 0; SubscribeExt.SubscriptionsCount = 1; - SubscribeExt.Subscriptions[0].ExtensionType = - TLS_EXTENSION_TYPE_QUIC_TRANSPORT_PARAMETERS; + SubscribeExt.Subscriptions[0].ExtensionType = TlsContext->QuicTpExtType; SubscribeExt.Subscriptions[0].HandshakeType = TlsContext->IsServer ? TlsHandshake_ClientHello : TlsHandshake_EncryptedExtensions; @@ -3299,7 +3287,7 @@ QuicHpKeyCreate( LibraryErrorStatus, "[ lib] ERROR, %u, %s.", Status, - (AeadType == QUIC_AEAD_CHACHA20_POLY1305) ? + (AeadType == QUIC_AEAD_CHACHA20_POLY1305) ? "BCryptGenerateSymmetricKey (ChaCha)" : "BCryptGenerateSymmetricKey (ECB)"); goto Error; @@ -3372,7 +3360,7 @@ QuicHpComputeMask( Key->Info, NULL, 0, - Mask + Offset, + Mask + Offset, QUIC_HP_SAMPLE_LENGTH, // This will fail because the Tag won't fit &TempSize, 0)); diff --git a/src/platform/tls_stub.c b/src/platform/tls_stub.c index bb56c7e7..34e8e137 100644 --- a/src/platform/tls_stub.c +++ b/src/platform/tls_stub.c @@ -28,8 +28,7 @@ typedef enum eTlsHandshakeType { typedef enum eTlsExtensions { TlsExt_ServerName = 0x00, TlsExt_AppProtocolNegotiation = 0x10, - TlsExt_SessionTicket = 0x23, - TlsExt_QuicTransportParameters = 0xffa5, + TlsExt_SessionTicket = 0x23 } eTlsExtensions; typedef enum eSniNameType { @@ -133,7 +132,7 @@ typedef struct QUIC_TLS_SESSION_TICKET_EXT { } QUIC_TLS_SESSION_TICKET_EXT; typedef struct QUIC_TLS_QUIC_TP_EXT { - uint8_t ExtType[2]; // TlsExt_QuicTransportParameters + uint8_t ExtType[2]; uint8_t ExtLen[2]; uint8_t TP[0]; } QUIC_TLS_QUIC_TP_EXT; @@ -203,6 +202,11 @@ typedef struct QUIC_TLS { BOOLEAN IsServer : 1; BOOLEAN EarlyDataAttempted : 1; + // + // The TLS extension type for the QUIC transport parameters. + // + uint16_t QuicTpExtType; + QUIC_FAKE_TLS_MESSAGE_TYPE LastMessageType; // Last message sent. QUIC_SEC_CONFIG* SecConfig; @@ -390,6 +394,7 @@ QuicTlsInitialize( QuicZeroMemory(TlsContext, sizeof(QUIC_TLS)); TlsContext->IsServer = Config->IsServer; + TlsContext->QuicTpExtType = Config->TPType; TlsContext->AlpnBufferLength = Config->AlpnBufferLength; TlsContext->AlpnBuffer = Config->AlpnBuffer; TlsContext->LocalTPBuffer = Config->LocalTPBuffer; @@ -484,21 +489,6 @@ QuicTlsUninitialize( } } -_IRQL_requires_max_(PASSIVE_LEVEL) -void -QuicTlsReset( - _In_ QUIC_TLS* TlsContext - ) -{ - QuicTraceLogConnInfo( - StubTlsContextReset, - TlsContext->Connection, - "Resetting TLS state"); - - QUIC_FRE_ASSERT(TlsContext->IsServer == FALSE); - TlsContext->LastMessageType = QUIC_TLS_MESSAGE_INVALID; -} - _IRQL_requires_max_(PASSIVE_LEVEL) void QuicTlsServerProcess( @@ -563,11 +553,7 @@ QuicTlsServerProcess( } break; } - case TlsExt_QuicTransportParameters: { - break; // Unused - } default: - QUIC_FRE_ASSERT(FALSE); break; } @@ -671,7 +657,7 @@ QuicTlsServerProcess( (QUIC_TLS_QUIC_TP_EXT*) (ServerMessage->SERVER_HANDSHAKE.Certificate + SecurityConfig->FormatLength + ExtListLength); - TlsWriteUint16(QuicTP->ExtType, TlsExt_QuicTransportParameters); + TlsWriteUint16(QuicTP->ExtType, TlsContext->QuicTpExtType); TlsWriteUint16(QuicTP->ExtLen, (uint16_t)TlsContext->LocalTPLength); memcpy(QuicTP->TP, TlsContext->LocalTPBuffer, TlsContext->LocalTPLength); ExtListLength += 4 + (uint16_t)TlsContext->LocalTPLength; @@ -827,7 +813,7 @@ QuicTlsClientProcess( QUIC_TLS_QUIC_TP_EXT* QuicTP = (QUIC_TLS_QUIC_TP_EXT*) (ClientMessage->CLIENT_INITIAL.ExtList + ExtListLength); - TlsWriteUint16(QuicTP->ExtType, TlsExt_QuicTransportParameters); + TlsWriteUint16(QuicTP->ExtType, TlsContext->QuicTpExtType); TlsWriteUint16(QuicTP->ExtLen, (uint16_t)TlsContext->LocalTPLength); memcpy(QuicTP->TP, TlsContext->LocalTPBuffer, TlsContext->LocalTPLength); ExtListLength += 4 + (uint16_t)TlsContext->LocalTPLength; @@ -889,8 +875,7 @@ QuicTlsClientProcess( uint16_t ExtLength = TlsReadUint16(ExtList + 2); QUIC_FRE_ASSERT(ExtLength + 4 <= ExtListLength); - switch (ExtType) { - case TlsExt_AppProtocolNegotiation: { + if (ExtType == TlsExt_AppProtocolNegotiation) { const QUIC_TLS_ALPN_EXT* AlpnList = (QUIC_TLS_ALPN_EXT*)ExtList; State->NegotiatedAlpn = QuicTlsAlpnFindInList( @@ -906,19 +891,13 @@ QuicTlsClientProcess( "ALPN Mismatch"); *ResultFlags |= QUIC_TLS_RESULT_ERROR; } - break; - } - case TlsExt_QuicTransportParameters: { + + } else if (ExtType == TlsContext->QuicTpExtType) { const QUIC_TLS_QUIC_TP_EXT* QuicTP = (QUIC_TLS_QUIC_TP_EXT*)ExtList; TlsContext->ReceiveTPCallback( TlsContext->Connection, ExtLength, QuicTP->TP); - break; - } - default: - QUIC_FRE_ASSERT(FALSE); - break; } ExtList += ExtLength + 4; @@ -1116,31 +1095,7 @@ QuicTlsProcessData( QUIC_TLS_RESULT_FLAGS ResultFlags = 0; - if (QuicTlsHasValidMessageToProcess(TlsContext, *BufferLength, Buffer)) { - QUIC_FRE_ASSERT(DataType == QUIC_TLS_CRYPTO_DATA); - - uint16_t PrevBufferLength = State->BufferLength; - if (TlsContext->IsServer) { - QuicTlsServerProcess(TlsContext, &ResultFlags, State, BufferLength, Buffer); - } else { - QuicTlsClientProcess(TlsContext, &ResultFlags, State, BufferLength, Buffer); - } - - QuicTraceLogConnInfo( - StubTlsConsumedData, - TlsContext->Connection, - "Consumed %u bytes", - *BufferLength); - - if (State->BufferLength > PrevBufferLength) { - QuicTraceLogConnInfo( - StubTlsProducedData, - TlsContext->Connection, - "Produced %hu bytes", - (State->BufferLength - PrevBufferLength)); - } - - } else if (DataType == QUIC_TLS_TICKET_DATA) { + if (DataType == QUIC_TLS_TICKET_DATA) { QUIC_FRE_ASSERT(TlsContext->IsServer); uint16_t PrevBufferLength = State->BufferLength; @@ -1171,6 +1126,31 @@ QuicTlsProcessData( "Produced %hu bytes", (State->BufferLength - PrevBufferLength)); } + + } else if (QuicTlsHasValidMessageToProcess(TlsContext, *BufferLength, Buffer)) { + QUIC_FRE_ASSERT(DataType == QUIC_TLS_CRYPTO_DATA); + + uint16_t PrevBufferLength = State->BufferLength; + if (TlsContext->IsServer) { + QuicTlsServerProcess(TlsContext, &ResultFlags, State, BufferLength, Buffer); + } else { + QuicTlsClientProcess(TlsContext, &ResultFlags, State, BufferLength, Buffer); + } + + QuicTraceLogConnInfo( + StubTlsConsumedData, + TlsContext->Connection, + "Consumed %u bytes", + *BufferLength); + + if (State->BufferLength > PrevBufferLength) { + QuicTraceLogConnInfo( + StubTlsProducedData, + TlsContext->Connection, + "Produced %hu bytes", + (State->BufferLength - PrevBufferLength)); + } + } else { *BufferLength = 0; } diff --git a/src/platform/unittest/CryptTest.cpp b/src/platform/unittest/CryptTest.cpp index 67b8dafb..5b2de5de 100644 --- a/src/platform/unittest/CryptTest.cpp +++ b/src/platform/unittest/CryptTest.cpp @@ -168,11 +168,11 @@ struct CryptTest : public ::testing::TestWithParam TEST_F(CryptTest, WellKnownClientInitial) { - const QuicBuffer InitialSalt("afbfec289993d24c9e9786f19c6111e04390a899"); + const QuicBuffer InitialSalt("38762cf7f55934b34d179ae6a4c80cadccbb7f0a"); const QuicBuffer ConnectionID("8394c8f03e515708"); - const QuicBuffer InitialPacketHeader("c3ff00001d088394c8f03e5157080000449e00000002"); - const QuicBuffer InitialPacketPayload("060040c4010000c003036660261ff947cea49cce6cfad687f457cf1b14531ba14131a0e8f309a1d0b9c4000006130113031302010000910000000b0009000006736572766572ff01000100000a00140012001d0017001800190100010101020103010400230000003300260024001d00204cfdfcd178b784bf328cae793b136f2aedce005ff183d7bb1495207236647037002b0003020304000d0020001e040305030603020308040805080604010501060102010402050206020202002d00020101001c00024001"); + const QuicBuffer InitialPacketHeader("c300000001088394c8f03e5157080000449e00000002"); + const QuicBuffer InitialPacketPayload("060040f1010000ed0303ebf8fa56f12939b9584a3896472ec40bb863cfd3e86804fe3a47f06a2b69484c00000413011302010000c000000010000e00000b6578616d706c652e636f6dff01000100000a00080006001d0017001800100007000504616c706e000500050100000000003300260024001d00209370b2c9caa47fbabaf4559fedba753de171fa71f50f1ce15d43e994ec74d748002b0003020304000d0010000e0403050306030203080408050806002d00020101001c00024001003900320408ffffffffffffffff05048000ffff07048000ffff0801100104800075300901100f088394c8f03e51570806048000ffff"); const uint64_t InitialPacketNumber = 2; uint8_t PacketBuffer[1200] = {0}; @@ -201,7 +201,7 @@ TEST_F(CryptTest, WellKnownClientInitial) sizeof(PacketBuffer) - InitialPacketHeader.Length, PacketBuffer + InitialPacketHeader.Length)); - const QuicBuffer ExpectedSample("fb66bc5f93032b7ddd89fe0ff15d9c4f"); + const QuicBuffer ExpectedSample("d1b1c98dd7689fb8ec11d242b123dc9b"); //LogTestBuffer("ExpectedSample", ExpectedSample.Data, ExpectedSample.Length); //LogTestBuffer(" ActualSample", PacketBuffer + InitialPacketHeader.Length, ExpectedSample.Length); ASSERT_EQ(0, memcmp(ExpectedSample.Data, PacketBuffer + InitialPacketHeader.Length, ExpectedSample.Length)); @@ -214,7 +214,7 @@ TEST_F(CryptTest, WellKnownClientInitial) PacketBuffer + InitialPacketHeader.Length, HpMask)); - const QuicBuffer ExpectedHpMask("d64a952459"); + const QuicBuffer ExpectedHpMask("437b9aec36"); //LogTestBuffer("ExpectedHpMask", ExpectedHpMask.Data, ExpectedHpMask.Length); //LogTestBuffer(" ActualHpMask", HpMask, ExpectedHpMask.Length); ASSERT_EQ(0, memcmp(ExpectedHpMask.Data, HpMask, ExpectedHpMask.Length)); @@ -224,12 +224,12 @@ TEST_F(CryptTest, WellKnownClientInitial) PacketBuffer[17 + i] ^= HpMask[i]; } - const QuicBuffer ExpectedHeader("c5ff00001d088394c8f03e5157080000449e4a95245b"); + const QuicBuffer ExpectedHeader("c000000001088394c8f03e5157080000449e7b9aec34"); //LogTestBuffer("ExpectedHeader", ExpectedHeader.Data, ExpectedHeader.Length); //LogTestBuffer(" ActualHeader", PacketBuffer, ExpectedHeader.Length); ASSERT_EQ(0, memcmp(ExpectedHeader.Data, PacketBuffer, ExpectedHeader.Length)); - const QuicBuffer EncryptedPacket("c5ff00001d088394c8f03e5157080000449e4a95245bfb66bc5f93032b7ddd89fe0ff15d9c4f7050fccdb71c1cd80512d4431643a53aafa1b0b518b44968b18b8d3e7a4d04c30b3ed9410325b2abb2dafb1c12f8b70479eb8df98abcaf95dd8f3d1c78660fbc719f88b23c8aef6771f3d50e10fdfb4c9d92386d44481b6c52d59e5538d3d3942de9f13a7f8b702dc31724180da9df22714d01003fc5e3d165c950e630b8540fbd81c9df0ee63f94997026c4f2e1887a2def79050ac2d86ba318e0b3adc4c5aa18bcf63c7cf8e85f569249813a2236a7e72269447cd1c755e451f5e77470eb3de64c8849d292820698029cfa18e5d66176fe6e5ba4ed18026f90900a5b4980e2f58e39151d5cd685b10929636d4f02e7fad2a5a458249f5c0298a6d53acbe41a7fc83fa7cc01973f7a74d1237a51974e097636b6203997f921d07bc1940a6f2d0de9f5a11432946159ed6cc21df65c4ddd1115f86427259a196c7148b25b6478b0dc7766e1c4d1b1f5159f90eabc61636226244642ee148b464c9e619ee50a5e3ddc836227cad938987c4ea3c1fa7c75bbf88d89e9ada642b2b88fe8107b7ea375b1b64889a4e9e5c38a1c896ce275a5658d250e2d76e1ed3a34ce7e3a3f383d0c996d0bed106c2899ca6fc263ef0455e74bb6ac1640ea7bfedc59f03fee0e1725ea150ff4d69a7660c5542119c71de270ae7c3ecfd1af2c4ce551986949cc34a66b3e216bfe18b347e6c05fd050f85912db303a8f054ec23e38f44d1c725ab641ae929fecc8e3cefa5619df4231f5b4c009fa0c0bbc60bc75f76d06ef154fc8577077d9d6a1d2bd9bf081dc783ece60111bea7da9e5a9748069d078b2bef48de04cabe3755b197d52b32046949ecaa310274b4aac0d008b1948c1082cdfe2083e386d4fd84c0ed0666d3ee26c4515c4fee73433ac703b690a9f7bf278a77486ace44c489a0c7ac8dfe4d1a58fb3a730b993ff0f0d61b4d89557831eb4c752ffd39c10f6b9f46d8db278da624fd800e4af85548a294c1518893a8778c4f6d6d73c93df200960104e062b388ea97dcf4016bced7f62b4f062cb6c04c20693d9a0e3b74ba8fe74cc01237884f40d765ae56a51688d985cf0ceaef43045ed8c3f0c33bced08537f6882613acd3b08d665fce9dd8aa73171e2d3771a61dba2790e491d413d93d987e2745af29418e428be34941485c93447520ffe231da2304d6a0fd5d07d0837220236966159bef3cf904d722324dd852513df39ae030d8173908da6364786d3c1bfcb19ea77a63b25f1e7fc661def480c5d00d44456269ebd84efd8e3a8b2c257eec76060682848cbf5194bc99e49ee75e4d0d254bad4bfd74970c30e44b65511d4ad0e6ec7398e08e01307eeeea14e46ccd87cf36b285221254d8fc6a6765c524ded0085dca5bd688ddf722e2c0faf9d0fb2ce7a0c3f2cee19ca0ffba461ca8dc5d2c8178b0762cf67135558494d2a96f1a139f0edb42d2af89a9c9122b07acbc29e5e722df8615c343702491098478a389c9872a10b0c9875125e257c7bfdf27eef4060bd3d00f4c14fd3e3496c38d3c5d1a5668c39350effbc2d16ca17be4ce29f02ed969504dda2a8c6b9ff919e693ee79e09089316e7d1d89ec099db3b2b268725d888536a4b8bf9aee8fb43e82a4d919d4843b1ca70a2d8d3f725ead1391377dcc0"); + const QuicBuffer EncryptedPacket("c000000001088394c8f03e5157080000449e7b9aec34d1b1c98dd7689fb8ec11d242b123dc9bd8bab936b47d92ec356c0bab7df5976d27cd449f63300099f3991c260ec4c60d17b31f8429157bb35a1282a643a8d2262cad67500cadb8e7378c8eb7539ec4d4905fed1bee1fc8aafba17c750e2c7ace01e6005f80fcb7df621230c83711b39343fa028cea7f7fb5ff89eac2308249a02252155e2347b63d58c5457afd84d05dfffdb20392844ae812154682e9cf012f9021a6f0be17ddd0c2084dce25ff9b06cde535d0f920a2db1bf362c23e596d11a4f5a6cf3948838a3aec4e15daf8500a6ef69ec4e3feb6b1d98e610ac8b7ec3faf6ad760b7bad1db4ba3485e8a94dc250ae3fdb41ed15fb6a8e5eba0fc3dd60bc8e30c5c4287e53805db059ae0648db2f64264ed5e39be2e20d82df566da8dd5998ccabdae053060ae6c7b4378e846d29f37ed7b4ea9ec5d82e7961b7f25a9323851f681d582363aa5f89937f5a67258bf63ad6f1a0b1d96dbd4faddfcefc5266ba6611722395c906556be52afe3f565636ad1b17d508b73d8743eeb524be22b3dcbc2c7468d54119c7468449a13d8e3b95811a198f3491de3e7fe942b330407abf82a4ed7c1b311663ac69890f4157015853d91e923037c227a33cdd5ec281ca3f79c44546b9d90ca00f064c99e3dd97911d39fe9c5d0b23a229a234cb36186c4819e8b9c5927726632291d6a418211cc2962e20fe47feb3edf330f2c603a9d48c0fcb5699dbfe5896425c5bac4aee82e57a85aaf4e2513e4f05796b07ba2ee47d80506f8d2c25e50fd14de71e6c418559302f939b0e1abd576f279c4b2e0feb85c1f28ff18f58891ffef132eef2fa09346aee33c28eb130ff28f5b766953334113211996d20011a198e3fc433f9f2541010ae17c1bf202580f6047472fb36857fe843b19f5984009ddc324044e847a4f4a0ab34f719595de37252d6235365e9b84392b061085349d73203a4a13e96f5432ec0fd4a1ee65accdd5e3904df54c1da510b0ff20dcc0c77fcb2c0e0eb605cb0504db87632cf3d8b4dae6e705769d1de354270123cb11450efc60ac47683d7b8d0f811365565fd98c4c8eb936bcab8d069fc33bd801b03adea2e1fbc5aa463d08ca19896d2bf59a071b851e6c239052172f296bfb5e72404790a2181014f3b94a4e97d117b438130368cc39dbb2d198065ae3986547926cd2162f40a29f0c3c8745c0f50fba3852e566d44575c29d39a03f0cda721984b6f440591f355e12d439ff150aab7613499dbd49adabc8676eef023b15b65bfc5ca06948109f23f350db82123535eb8a7433bdabcb909271a6ecbcb58b936a88cd4e8f2e6ff5800175f113253d8fa9ca8885c2f552e657dc603f252e1a8e308f76f0be79e2fb8f5d5fbbe2e30ecadd220723c8c0aea8078cdfcb3868263ff8f0940054da48781893a7e49ad5aff4af300cd804a6b6279ab3ff3afb64491c85194aab760d58a606654f9f4400e8b38591356fbf6425aca26dc85244259ff2b19c41b9f96f3ca9ec1dde434da7d2d392b905ddf3d1f9af93d1af5950bd493f5aa731b4056df31bd267b6b90a079831aaf579be0a39013137aac6d404f518cfd46840647e78bfe706ca4cf5e9c5453e9f7cfd2b8b4c8d169a44e55c88d4a9a7f9474241e221af44860018ab0856972e194cd934"); //LogTestBuffer("ExpectedPacket", EncryptedPacket.Data, EncryptedPacket.Length); //LogTestBuffer(" ActualPacket", PacketBuffer, sizeof(PacketBuffer)); ASSERT_EQ(EncryptedPacket.Length, (uint16_t)sizeof(PacketBuffer)); diff --git a/src/platform/unittest/TlsTest.cpp b/src/platform/unittest/TlsTest.cpp index ebd9c40d..1a2c30fc 100644 --- a/src/platform/unittest/TlsTest.cpp +++ b/src/platform/unittest/TlsTest.cpp @@ -166,6 +166,7 @@ struct TlsTest : public ::testing::TestWithParam UNREFERENCED_PARAMETER(MultipleAlpns); // The server must always send back the negotiated ALPN. Config.AlpnBuffer = Alpn; Config.AlpnBufferLength = sizeof(Alpn); + Config.TPType = TLS_EXTENSION_TYPE_QUIC_TRANSPORT_PARAMETERS; Config.LocalTPBuffer = (uint8_t*)QUIC_ALLOC_NONPAGED(QuicTlsTPHeaderSize + TPLen, QUIC_POOL_TLS_TRANSPARAMS); Config.LocalTPLength = QuicTlsTPHeaderSize + TPLen; @@ -194,6 +195,7 @@ struct TlsTest : public ::testing::TestWithParam Config.SecConfig = SecConfiguration; Config.AlpnBuffer = MultipleAlpns ? MultiAlpn : Alpn; Config.AlpnBufferLength = MultipleAlpns ? sizeof(MultiAlpn) : sizeof(Alpn); + Config.TPType = TLS_EXTENSION_TYPE_QUIC_TRANSPORT_PARAMETERS; Config.LocalTPBuffer = (uint8_t*)QUIC_ALLOC_NONPAGED(QuicTlsTPHeaderSize + TPLen, QUIC_POOL_TLS_TRANSPARAMS); Config.LocalTPLength = QuicTlsTPHeaderSize + TPLen; diff --git a/src/tools/interop/interop.cpp b/src/tools/interop/interop.cpp index 9ce66ffa..0ef1a59c 100644 --- a/src/tools/interop/interop.cpp +++ b/src/tools/interop/interop.cpp @@ -41,27 +41,15 @@ QUIC_PRIVATE_TRANSPORT_PARAMETER RandomTransportParameter = { }; const QUIC_BUFFER HandshakeAlpns[] = { - { sizeof("hq-32") - 1, (uint8_t*)"hq-32" }, - { sizeof("h3-32") - 1, (uint8_t*)"h3-32" }, - { sizeof("hq-31") - 1, (uint8_t*)"hq-31" }, - { sizeof("h3-31") - 1, (uint8_t*)"h3-31" }, - { sizeof("hq-30") - 1, (uint8_t*)"hq-30" }, - { sizeof("h3-30") - 1, (uint8_t*)"h3-30" }, + { sizeof("hq-interop") - 1, (uint8_t*)"hq-interop" }, + { sizeof("h3") - 1, (uint8_t*)"h3" }, { sizeof("hq-29") - 1, (uint8_t*)"hq-29" }, { sizeof("h3-29") - 1, (uint8_t*)"h3-29" }, - { sizeof("hq-28") - 1, (uint8_t*)"hq-28" }, - { sizeof("h3-28") - 1, (uint8_t*)"h3-28" }, - { sizeof("hq-27") - 1, (uint8_t*)"hq-27" }, - { sizeof("h3-27") - 1, (uint8_t*)"h3-27" } }; const QUIC_BUFFER DatapathAlpns[] = { - { sizeof("hq-32") - 1, (uint8_t*)"hq-32" }, - { sizeof("hq-31") - 1, (uint8_t*)"hq-31" }, - { sizeof("hq-30") - 1, (uint8_t*)"hq-30" }, + { sizeof("hq-interop") - 1, (uint8_t*)"hq-interop" }, { sizeof("hq-29") - 1, (uint8_t*)"hq-29" }, - { sizeof("hq-28") - 1, (uint8_t*)"hq-28" }, - { sizeof("hq-27") - 1, (uint8_t*)"hq-27" }, }; const QUIC_BUFFER DatagramAlpns[] = { @@ -1059,7 +1047,7 @@ PrintTestResults( if (TestResults[Endpoint].QuicVersion == 0) { printf("%12s %s\n", PublicEndpoints[Endpoint].ImplementationName, ResultCodes); } else { - printf("%12s %s 0x%X %s\n", PublicEndpoints[Endpoint].ImplementationName, + printf("%12s %s 0x%08X %s\n", PublicEndpoints[Endpoint].ImplementationName, ResultCodes, TestResults[Endpoint].QuicVersion, TestResults[Endpoint].Alpn); } diff --git a/src/tools/interopserver/InteropServer.cpp b/src/tools/interopserver/InteropServer.cpp index 90a3f67e..d5bcb9c4 100644 --- a/src/tools/interopserver/InteropServer.cpp +++ b/src/tools/interopserver/InteropServer.cpp @@ -17,12 +17,8 @@ const char* RootFolderPath; const char* UploadFolderPath; const QUIC_BUFFER SupportedALPNs[] = { - { sizeof("hq-32") - 1, (uint8_t*)"hq-32" }, - { sizeof("hq-31") - 1, (uint8_t*)"hq-31" }, - { sizeof("hq-30") - 1, (uint8_t*)"hq-30" }, + { sizeof("hq-interop") - 1, (uint8_t*)"hq-interop" }, { sizeof("hq-29") - 1, (uint8_t*)"hq-29" }, - { sizeof("hq-28") - 1, (uint8_t*)"hq-28" }, - { sizeof("hq-27") - 1, (uint8_t*)"hq-27" }, { sizeof("siduck") - 1, (uint8_t*)"siduck" }, { sizeof("siduck-00") - 1, (uint8_t*)"siduck-00" } }; diff --git a/src/tools/post/post.cpp b/src/tools/post/post.cpp index 242c62d6..21a24dfe 100644 --- a/src/tools/post/post.cpp +++ b/src/tools/post/post.cpp @@ -29,12 +29,8 @@ extern "C" void QuicTraceRundown(void) { } #define ALPN_BUFFER(str) { sizeof(str) - 1, (uint8_t*)str } const QUIC_BUFFER ALPNs[] = { - ALPN_BUFFER("hq-32"), - ALPN_BUFFER("hq-31"), - ALPN_BUFFER("hq-30"), - ALPN_BUFFER("hq-29"), - ALPN_BUFFER("hq-28"), - ALPN_BUFFER("hq-27") + ALPN_BUFFER("hq-interop"), + ALPN_BUFFER("hq-29") }; const QUIC_API_TABLE* MsQuic; diff --git a/src/tools/reach/reach.cpp b/src/tools/reach/reach.cpp index ca31887d..8ea876e2 100644 --- a/src/tools/reach/reach.cpp +++ b/src/tools/reach/reach.cpp @@ -20,10 +20,7 @@ uint16_t Port = 443; const char* ServerName = "localhost"; const char* ServerIp = nullptr; QUIC_ADDR ServerAddress = {0}; -std::vector ALPNs( - { "h3-27", "h3-28", "h3-29", "h3-30", "h3-31", "h3-32", - "hq-27", "hq-28", "hq-29", "hq-30", "hq-31", "hq-32", - "smb" }); +std::vector ALPNs({ "h3", "h3-29", "hq-interop", "hq-29", "smb" }); const char* InputAlpn = nullptr; const QUIC_API_TABLE* MsQuic; diff --git a/submodules/openssl b/submodules/openssl index 2d57a307..6c04318b 160000 --- a/submodules/openssl +++ b/submodules/openssl @@ -1 +1 @@ -Subproject commit 2d57a30728744b9541fe2a09eb53851c7e9bcc44 +Subproject commit 6c04318b50013d69b6dc6d8214ff13e05131637c