- miTLS support (Windows)
- Tools fixes
- Tests fixes
This commit is contained in:
Nick Banks 2019-12-06 18:01:48 -08:00 коммит произвёл GitHub
Родитель 39a0ff38c7
Коммит 02907e0b76
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 4AEE18F83AFDEB23
19 изменённых файлов: 147 добавлений и 94 удалений

Просмотреть файл

@ -13,6 +13,7 @@ cd artifacts/dumps
# Run the tests.
../bin/msquictest \
--gtest_filter=$1 \
--gtest_output=xml:../logs/linux-test-results.xml
# Copy logs to log folder (with correct permsissions).

Просмотреть файл

@ -1,6 +1,12 @@
:: Install ProcDump if not already installed.
PowerShell test\get_procdump.ps1
PowerShell .azure\get_procdump.ps1
:: Enable SChannel TLS 1.3 for client and server.
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server" /v DisabledByDefault /t REG_DWORD /d 1 /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server" /v Enabled /t REG_DWORD /d 1 /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Client" /v DisabledByDefault /t REG_DWORD /d 1 /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Client" /v Enabled /t REG_DWORD /d 1 /f
:: Start ProcDump
mkdir artifacts\dumps
@ -19,6 +25,7 @@ netsh trace start sessionname=quic ^
:: Run the tests.
artifacts\bin\Release\msquictest.exe ^
--gtest_filter=%1 ^
--gtest_output=xml:artifacts\logs\windows-test-results.xml
:: Stop log collection.

4
.gitmodules поставляемый
Просмотреть файл

@ -5,3 +5,7 @@
path = submodules/openssl
url = https://github.com/tatsuhiro-t/openssl.git
branch = openssl-quic-draft-24
[submodule "submodules/everest"]
path = submodules/everest
url = https://github.com/nibanks/everest-dist.git
branch = pr/msquic

Просмотреть файл

@ -100,6 +100,8 @@ else()
set(QUIC_CXX_FLAGS "${QUIC_COMMON_FLAGS} --std=c++17 -g -Wno-reorder -Wno-sign-compare -Wno-format")
endif()
include_directories(${CMAKE_SOURCE_DIR}/inc)
if(QUIC_TLS STREQUAL "openssl")
# Configure and build OpenSSL.
add_custom_command(
@ -116,7 +118,13 @@ if(QUIC_TLS STREQUAL "openssl")
DEPENDS ${CMAKE_SOURCE_DIR}/bld/openssl/lib/libssl.so)
endif()
include_directories(${CMAKE_SOURCE_DIR}/inc)
if (QUIC_TLS STREQUAL "mitls")
# Build Everest.
add_subdirectory(submodules/everest/msquic/msvc/kremlib)
add_subdirectory(submodules/everest/msquic/msvc/evercrypt)
add_subdirectory(submodules/everest/msquic/msvc/mitls)
add_subdirectory(submodules/everest/msquic/msvc/quiccrypto)
endif()
# Product code
add_subdirectory(core)

Просмотреть файл

@ -10,22 +10,32 @@ strategy:
platform: 'Linux-Stub'
imageName: 'ubuntu-latest'
cmakeArgs: '-g ''Linux Makefiles'' -DQUIC_TLS=stub -DQUIC_ENABLE_LOGGING=off'
testCmd: 'bash ./.azure/run_linux.sh'
testCmd: 'bash ./.azure/test_linux.sh ''*'''
linux-stub-sanitize:
platform: 'Linux-Stub-Sanitize'
imageName: 'ubuntu-latest'
cmakeArgs: '-g ''Linux Makefiles'' -DQUIC_TLS=stub -DQUIC_ENABLE_LOGGING=off -DQUIC_SANITIZE_ADDRESS=on'
testCmd: 'bash ./.azure/test_linux.sh AppData/WithSendArgs2.SendLarge/0'
linux-openssl:
platform: 'Linux-OpenSSL'
imageName: 'ubuntu-latest'
cmakeArgs: '-g ''Linux Makefiles'' -DQUIC_TLS=openssl -DQUIC_ENABLE_LOGGING=off'
testCmd: 'bash ./.azure/run_linux.sh'
testCmd: 'bash ./.azure/test_linux.sh ''*'''
windows-x64-stub:
platform: 'Windows-x64-Stub'
imageName: 'windows-latest'
cmakeArgs: '-g ''Visual Studio 16 2019'' -A x64 -DQUIC_TLS=stub'
testCmd: '.\.azure\run_windows.cmd'
testCmd: '.\.azure\test_windows.cmd *'
windows-x64-mitls:
platform: 'Windows-x64-miTLS'
imageName: 'windows-latest'
cmakeArgs: '-g ''Visual Studio 16 2019'' -A x64 -DQUIC_TLS=mitls'
testCmd: '.\.azure\test_windows.cmd *'
windows-x64-schannel:
platform: 'Windows-x64-Schannel'
imageName: 'windows-latest'
cmakeArgs: '-g ''Visual Studio 16 2019'' -A x64 -DQUIC_TLS=schannel'
testCmd: 'echo Not supported yet'
testCmd: '.\.azure\test_windows.cmd ParameterValidation.*'
pool:
vmImage: $(imageName)

Просмотреть файл

@ -44,7 +44,7 @@ reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\S
- To decode the `quic.etl` file, run **TODO**
## Building on Linux (or [WSL](https://docs.microsoft.com/en-us/windows/wsl/wsl2-install))
- Install tooling (WSL2 or Ubuntu)
- Install tooling
- `sudo apt-get install cmake`
- `sudo apt-get install build-essentials`
- Run `mkdir bld && cd bld`

Просмотреть файл

@ -374,9 +374,8 @@ QuicSysLogWrite(
QUIC_WRITE_EVENT(QUIC_TRACE_LEVEL_ERROR, "[ tls][%p] ERROR, %s", Connection, ErrStr)
#define EventWriteQuicTlsErrorStatus(Connection, Status, ErrStr) \
QUIC_WRITE_EVENT(QUIC_TRACE_LEVEL_ERROR, "[ tls][%p] ERROR, %u, %s", Connection, Status, ErrStr)
#define EventWriteMiTLSTrace(Message) \
QUIC_WRITE_EVENT(QUIC_TRACE_LEVEL_ERROR, "[mitls] %s", Message)
#define EventWriteQuicTlsMessage(Connection, Message) \
QUIC_WRITE_EVENT(QUIC_TRACE_LEVEL_VERBOSE, "[ tls][%p] %s", Connection, Message)
#define EventWriteQuicDatapathSendTo(Binding, TotalSize, BufferCount, SegmentSize, RemoteAddrLen, RemoteAddr) \
QUIC_WRITE_EVENT(QUIC_TRACE_LEVEL_VERBOSE, "[ udp][%p] Send %u bytes in %u buffers (segment=%u) Dst=TODO", Binding, TotalSize, BufferCount, SegmentSize)

Просмотреть файл

@ -732,6 +732,16 @@
name="Connection"
/>
</template>
<template tid="tid_CONN_MESSAGE">
<data
inType="win:Pointer"
name="Connection"
/>
<data
inType="win:AnsiString"
name="Message"
/>
</template>
<template tid="tid_CONN_UINT32">
<data
inType="win:Pointer"
@ -2539,11 +2549,11 @@
<event
keywords="ut:TLS"
level="win:Verbose"
message="$(string.Etw.miTLS)"
message="$(string.Etw.TlsMessage)"
opcode="win:Info"
symbol="MiTLSTrace"
template="tid_MESSAGE"
value="9215"
symbol="QuicTlsMessage"
template="tid_CONN_MESSAGE"
value="8194"
/>
<!-- 9216 - 10239 | Datapath Events -->
<event
@ -3093,8 +3103,8 @@
value="[ tls][%1] ERROR, %2, %3."
/>
<string
id="Etw.miTLS"
value="[mitls] %1"
id="Etw.TlsMessage"
value="[ tls] %1"
/>
<string
id="Etw.DatapathSendTo"

Просмотреть файл

@ -28,6 +28,7 @@ elseif(QUIC_TLS STREQUAL "openssl")
elseif(QUIC_TLS STREQUAL "mitls")
message(STATUS "Configuring for miTLS")
set(SOURCES ${SOURCES} cert_capi.c selfsign_capi.c tls_mitls.c)
include_directories(${CMAKE_SOURCE_DIR}/submodules/everest/msquic/msvc/include)
else()
message(STATUS "Configuring for stub TLS")
set(SOURCES ${SOURCES} cert_stub.c selfsign_stub.c tls_stub.c)
@ -46,4 +47,6 @@ if(QUIC_TLS STREQUAL "openssl")
target_link_libraries(platform
${CMAKE_SOURCE_DIR}/bld/openssl/lib/libcrypto.so
${CMAKE_SOURCE_DIR}/bld/openssl/lib/libssl.so)
elseif(QUIC_TLS STREQUAL "mitls")
target_link_libraries(platform kremlib evercrypt mitls quiccrypto)
endif()

Просмотреть файл

@ -53,6 +53,9 @@ typedef struct QUIC_PLATFORM {
#include <ws2tcpip.h>
#include <mswsock.h>
#include <mstcpip.h>
#if DBG
#include <crtdbg.h>
#endif
#define QUIC_BASE_REG_PATH "System\\CurrentControlSet\\Services\\MsQuic\\Parameters\\"

Просмотреть файл

@ -16,6 +16,7 @@ Abstract:
#endif
#define IS_WINDOWS 1
#pragma warning(disable:4996) // Deprecated APIs
#include <EverCrypt.h>
#include <mitlsffi.h>
@ -379,7 +380,8 @@ MiTlsTraceCallback(
_In_z_ const char *Msg
)
{
EventWriteMiTLSTrace(Msg);
// TODO - Save connection in thread-local storage and retrieve it?
EventWriteQuicTlsMessage(NULL, Msg);
}
QUIC_STATUS
@ -1899,13 +1901,13 @@ typedef struct QUIC_HP_KEY {
};
} QUIC_HP_KEY;
Spec_Hash_Helpers_hash_alg
Spec_Hash_Definitions_hash_alg
HashTypeToEverCrypt(
QUIC_HASH_TYPE Type
) {
return
(Spec_Hash_Helpers_hash_alg)
(Spec_Hash_Helpers_SHA2_256 + Type);
(Spec_Hash_Definitions_hash_alg)
(Spec_Hash_Definitions_SHA2_256 + Type);
}
#ifdef QUIC_TEST_MODE
@ -2532,7 +2534,7 @@ QuicEncrypt(
} else if (Key->Aead == QUIC_AEAD_AES_256_GCM) {
EverCrypt_aes256_gcm_encrypt(Key->Key, (uint8_t*)Iv, (uint8_t*)AuthData, AuthDataLength, Buffer, PlainTextLength, Temp, Temp+PlainTextLength);
} else if (Key->Aead == QUIC_AEAD_CHACHA20_POLY1305) {
EverCrypt_chacha20_poly1305_encrypt(Key->Key, (uint8_t*)Iv, (uint8_t*)AuthData, AuthDataLength, Buffer, PlainTextLength, Temp, Temp+PlainTextLength);
EverCrypt_Chacha20Poly1305_aead_encrypt(Key->Key, (uint8_t*)Iv, AuthDataLength, (uint8_t*)AuthData, PlainTextLength, Buffer, Temp, Temp+PlainTextLength);
} else {
QUIC_FRE_ASSERT(FALSE);
return QUIC_STATUS_NOT_SUPPORTED;
@ -2570,7 +2572,7 @@ QuicDecrypt(
} else if (Key->Aead == QUIC_AEAD_AES_256_GCM) {
r = EverCrypt_aes256_gcm_decrypt(Key->Key, (uint8_t*)Iv, (uint8_t*)AuthData, AuthDataLength, Temp, PlainTextLength, Buffer, Buffer+PlainTextLength);
} else if (Key->Aead == QUIC_AEAD_CHACHA20_POLY1305) {
r = EverCrypt_chacha20_poly1305_decrypt(Key->Key, (uint8_t*)Iv, (uint8_t*)AuthData, AuthDataLength, Temp, PlainTextLength, Buffer, Buffer+PlainTextLength);
r = EverCrypt_Chacha20Poly1305_aead_decrypt(Key->Key, (uint8_t*)Iv, AuthDataLength, (uint8_t*)AuthData, PlainTextLength, Temp, Buffer, Buffer+PlainTextLength);
} else {
QUIC_FRE_ASSERT(FALSE);
return QUIC_STATUS_NOT_SUPPORTED;
@ -2665,7 +2667,7 @@ QuicHpComputeMask(
} else if (Key->Aead == QUIC_AEAD_CHACHA20_POLY1305) {
uint8_t zero[5] = {0};
uint32_t ctr = Cipher[0] + (Cipher[1] << 8) + (Cipher[2] << 16) + (Cipher[3] << 24);
EverCrypt_chacha20((uint8_t*)Key->case_chacha20, Cipher+4, ctr, zero, 5, Mask);
EverCrypt_Cipher_chacha20(5, Mask, Cipher+4, (uint8_t*)Key->case_chacha20, zero, ctr);
} else {
return QUIC_STATUS_NOT_SUPPORTED;
}

1
submodules/everest Submodule

@ -0,0 +1 @@
Subproject commit b526918db28d28a8ba1997485a52698da56f60b5

Просмотреть файл

@ -35,7 +35,7 @@ void QuicTestValidateSession();
void QuicTestValidateListener();
void QuicTestValidateConnection();
void QuicTestValidateStream(bool Connect);
void QuicTestValidateServerSecConfig(bool KernelMode, void* CertContext, void* CertHashStore, char* Principal);
void QuicTestValidateServerSecConfig(void* CertContext, QUIC_CERTIFICATE_HASH_STORE* CertHashStore, char* Principal);
//
// Event Validation Tests

Просмотреть файл

@ -144,8 +144,7 @@ TEST(ParameterValidation, ValidateServerSecConfig) {
QUIC_CERTIFICATE_HASH_STORE CertHashStore = { QUIC_CERTIFICATE_HASH_STORE_FLAG_NONE };
memcpy(CertHashStore.ShaHash, SelfSignedCertParams->Thumbprint, sizeof(CertHashStore.ShaHash));
memcpy(CertHashStore.StoreName, "My", 2);
QuicTestValidateServerSecConfig(
false, SelfSignedCertParams->Certificate, &CertHashStore, "localhost");
QuicTestValidateServerSecConfig(SelfSignedCertParams->Certificate, &CertHashStore, "localhost");
}
#endif // _WIN32

Просмотреть файл

@ -965,17 +965,15 @@ QuicTestSecConfigCreateComplete(
QuicEventSet(ctxt->Event);
}
void QuicTestValidateServerSecConfig(bool KernelMode, void* CertContext, void* CertHashStore, char* Principal)
void QuicTestValidateServerSecConfig(void* CertContext, QUIC_CERTIFICATE_HASH_STORE* CertHashStore, char* Principal)
{
MsQuicRegistration TestReg;
TEST_TRUE(TestReg.IsValid());
SecConfigTestContext TestContext;
void* CertHash = &((QUIC_CERTIFICATE_HASH_STORE*)CertHashStore)->ShaHash;
//
// Test null inputs (user and kernel mode).
// Test null inputs.
//
TEST_QUIC_STATUS(
QUIC_STATUS_INVALID_PARAMETER,
@ -987,63 +985,67 @@ void QuicTestValidateServerSecConfig(bool KernelMode, void* CertContext, void* C
&TestContext,
QuicTestSecConfigCreateComplete));
//
// Test certificate principal (user and kernel mode).
//
TestContext.Expected = QUIC_STATUS_SUCCESS;
TEST_QUIC_SUCCEEDED(
MsQuic->SecConfigCreate(
TestReg,
QUIC_SEC_CONFIG_FLAG_NONE,
nullptr, // Certificate
Principal, // Principal
&TestContext,
QuicTestSecConfigCreateComplete));
TEST_TRUE(QuicEventWaitWithTimeout(TestContext.Event, TestWaitTimeout));
TEST_FALSE(TestContext.Failed);
//
// Test certificate hash (user and kernel mode).
//
TEST_QUIC_SUCCEEDED(
MsQuic->SecConfigCreate(
TestReg,
QUIC_SEC_CONFIG_FLAG_CERTIFICATE_HASH,
CertHash, // Certificate
nullptr, // Principal
&TestContext,
QuicTestSecConfigCreateComplete));
TEST_TRUE(QuicEventWaitWithTimeout(TestContext.Event, TestWaitTimeout));
TEST_FALSE(TestContext.Failed);
//
// Test certificate hash+store (user and kernel mode).
//
TEST_QUIC_SUCCEEDED(
MsQuic->SecConfigCreate(
TestReg,
QUIC_SEC_CONFIG_FLAG_CERTIFICATE_HASH_STORE,
CertHashStore, // Certificate
nullptr, // Principal
&TestContext,
QuicTestSecConfigCreateComplete));
TEST_TRUE(QuicEventWaitWithTimeout(TestContext.Event, TestWaitTimeout));
TEST_FALSE(TestContext.Failed);
if (!KernelMode) {
if (CertContext != nullptr) {
//
// Test certificate context (user mode only).
// Test certificate context.
//
TestContext.Expected = QUIC_STATUS_SUCCESS;
TEST_QUIC_SUCCEEDED(
MsQuic->SecConfigCreate(
TestReg,
QUIC_SEC_CONFIG_FLAG_CERTIFICATE_CONTEXT,
CertContext, // Certificate
nullptr, // Principal
CertContext, // Certificate
nullptr, // Principal
&TestContext,
QuicTestSecConfigCreateComplete));
TEST_TRUE(QuicEventWaitWithTimeout(TestContext.Event, TestWaitTimeout));
TEST_FALSE(TestContext.Failed);
}
if (Principal != nullptr) {
//
// Test certificate principal.
//
TestContext.Expected = QUIC_STATUS_SUCCESS;
TEST_QUIC_SUCCEEDED(
MsQuic->SecConfigCreate(
TestReg,
QUIC_SEC_CONFIG_FLAG_NONE,
nullptr, // Certificate
Principal, // Principal
&TestContext,
QuicTestSecConfigCreateComplete));
TEST_TRUE(QuicEventWaitWithTimeout(TestContext.Event, TestWaitTimeout));
TEST_FALSE(TestContext.Failed);
}
if (CertHashStore != nullptr) {
//
// Test certificate hash.
//
TEST_QUIC_SUCCEEDED(
MsQuic->SecConfigCreate(
TestReg,
QUIC_SEC_CONFIG_FLAG_CERTIFICATE_HASH,
&CertHashStore->ShaHash, // Certificate
nullptr, // Principal
&TestContext,
QuicTestSecConfigCreateComplete));
TEST_TRUE(QuicEventWaitWithTimeout(TestContext.Event, TestWaitTimeout));
TEST_FALSE(TestContext.Failed);
//
// Test certificate hash + store.
//
TEST_QUIC_SUCCEEDED(
MsQuic->SecConfigCreate(
TestReg,
QUIC_SEC_CONFIG_FLAG_CERTIFICATE_HASH_STORE,
CertHashStore, // Certificate
nullptr, // Principal
&TestContext,
QuicTestSecConfigCreateComplete));

Просмотреть файл

@ -576,6 +576,7 @@ typedef struct QUIC_EVENT_DATA_BINDING {
typedef enum QUIC_EVENT_ID_TLS {
EventId_QuicTlsError,
EventId_QuicTlsErrorStatus,
EventId_QuicTlsMessage,
EventId_QuicTlsCount
} QUIC_EVENT_ID_TLS;
@ -592,6 +593,9 @@ typedef struct QUIC_EVENT_DATA_TLS {
UINT32 Status;
char ErrStr[1];
} ErrorStatus;
struct {
char Str[1];
} Message;
};
} QUIC_EVENT_DATA_TLS;
#pragma pack(pop)

Просмотреть файл

@ -953,6 +953,10 @@ QuicTraceTlsEvent(
printf("ERROR, %u, %s\n", EvData->ErrorStatus.Status, EvData->ErrorStatus.ErrStr);
break;
}
case EventId_QuicTlsMessage: {
printf("%s\n", EvData->Message.Str);
break;
}
default: {
printf("Unknown Event ID=%u\n", ev->EventHeader.EventDescriptor.Id);
break;

Просмотреть файл

@ -451,6 +451,7 @@ private:
pThis->UsedZeroRtt = true;
}
QuicEventSet(pThis->RequestComplete);
MsQuic->StreamClose(Stream);
break;
}
default:

Просмотреть файл

@ -169,8 +169,13 @@ T& SpinQuicGetRandomFromVector(std::vector<T> &vec)
}
// Replace these with actually random data
char pkt0[] = "AAAAAAAAAAA";
char pkt1[] = "\x01";
const char pkt0[] = "AAAAAAAAAAA";
const char pkt1[] = "\x01";
const QUIC_BUFFER Buffers[2] = {
{ ARRAYSIZE(pkt0) - 1, (uint8_t*)pkt0 },
{ ARRAYSIZE(pkt1) - 1, (uint8_t*)pkt1 }
};
int SpinQuicGetRandom(int upper_bound)
{
@ -404,13 +409,8 @@ void ServerSpin(void *)
HQUIC Stream = SpinQuicGetRandomFromVector(ctx->Streams);
QUIC_BUFFER Buffers[2] = {
{ (uint32_t)strlen(pkt0), reinterpret_cast<uint8_t *>(pkt0) },
{ (uint32_t)strlen(pkt1), reinterpret_cast<uint8_t *>(pkt1) },
};
printf("MsQuic->StreamSend(%p, ...) = ", Stream);
QUIC_STATUS Status = MsQuic->StreamSend(Stream, Buffers, 2, QUIC_SEND_FLAG_NONE, nullptr);
QUIC_STATUS Status = MsQuic->StreamSend(Stream, Buffers, ARRAYSIZE(Buffers), QUIC_SEND_FLAG_NONE, nullptr);
printf("0x%x\n", Status);
}
break;
@ -588,13 +588,8 @@ void ClientSpin(void *)
HQUIC Stream = SpinQuicGetRandomFromVector(*Streams);
QUIC_BUFFER Buffers[2] = {
{ (uint32_t)strlen(pkt0), reinterpret_cast<uint8_t *>(pkt0) },
{ (uint32_t)strlen(pkt1), reinterpret_cast<uint8_t *>(pkt1) },
};
printf("MsQuic->StreamSend(%p, ...) = ", Stream);
QUIC_STATUS Status = MsQuic->StreamSend(Stream, Buffers, 2, QUIC_SEND_FLAG_NONE, nullptr);
QUIC_STATUS Status = MsQuic->StreamSend(Stream, Buffers, ARRAYSIZE(Buffers), QUIC_SEND_FLAG_NONE, nullptr);
printf("0x%x\n", Status);
break;
}