diff --git a/.azure/run_linux.sh b/.azure/test_linux.sh
similarity index 95%
rename from .azure/run_linux.sh
rename to .azure/test_linux.sh
index 0b2e2c053..6abfab729 100644
--- a/.azure/run_linux.sh
+++ b/.azure/test_linux.sh
@@ -13,6 +13,7 @@ cd artifacts/dumps
# Run the tests.
../bin/msquictest \
+ --gtest_filter=$1 \
--gtest_output=xml:../logs/linux-test-results.xml
# Copy logs to log folder (with correct permsissions).
diff --git a/.azure/run_windows.cmd b/.azure/test_windows.cmd
similarity index 53%
rename from .azure/run_windows.cmd
rename to .azure/test_windows.cmd
index b07a7c05e..9fbebec91 100644
--- a/.azure/run_windows.cmd
+++ b/.azure/test_windows.cmd
@@ -1,6 +1,12 @@
:: Install ProcDump if not already installed.
-PowerShell test\get_procdump.ps1
+PowerShell .azure\get_procdump.ps1
+
+:: Enable SChannel TLS 1.3 for client and server.
+reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server" /v DisabledByDefault /t REG_DWORD /d 1 /f
+reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server" /v Enabled /t REG_DWORD /d 1 /f
+reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Client" /v DisabledByDefault /t REG_DWORD /d 1 /f
+reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Client" /v Enabled /t REG_DWORD /d 1 /f
:: Start ProcDump
mkdir artifacts\dumps
@@ -19,6 +25,7 @@ netsh trace start sessionname=quic ^
:: Run the tests.
artifacts\bin\Release\msquictest.exe ^
+ --gtest_filter=%1 ^
--gtest_output=xml:artifacts\logs\windows-test-results.xml
:: Stop log collection.
diff --git a/.gitmodules b/.gitmodules
index 3f4a2d235..a3d3d91c5 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -5,3 +5,7 @@
path = submodules/openssl
url = https://github.com/tatsuhiro-t/openssl.git
branch = openssl-quic-draft-24
+[submodule "submodules/everest"]
+ path = submodules/everest
+ url = https://github.com/nibanks/everest-dist.git
+ branch = pr/msquic
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 332fd7786..4c0ccc06a 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -100,6 +100,8 @@ else()
set(QUIC_CXX_FLAGS "${QUIC_COMMON_FLAGS} --std=c++17 -g -Wno-reorder -Wno-sign-compare -Wno-format")
endif()
+include_directories(${CMAKE_SOURCE_DIR}/inc)
+
if(QUIC_TLS STREQUAL "openssl")
# Configure and build OpenSSL.
add_custom_command(
@@ -116,7 +118,13 @@ if(QUIC_TLS STREQUAL "openssl")
DEPENDS ${CMAKE_SOURCE_DIR}/bld/openssl/lib/libssl.so)
endif()
-include_directories(${CMAKE_SOURCE_DIR}/inc)
+if (QUIC_TLS STREQUAL "mitls")
+ # Build Everest.
+ add_subdirectory(submodules/everest/msquic/msvc/kremlib)
+ add_subdirectory(submodules/everest/msquic/msvc/evercrypt)
+ add_subdirectory(submodules/everest/msquic/msvc/mitls)
+ add_subdirectory(submodules/everest/msquic/msvc/quiccrypto)
+endif()
# Product code
add_subdirectory(core)
diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index 9eb1f3e22..720b636bd 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -10,22 +10,32 @@ strategy:
platform: 'Linux-Stub'
imageName: 'ubuntu-latest'
cmakeArgs: '-g ''Linux Makefiles'' -DQUIC_TLS=stub -DQUIC_ENABLE_LOGGING=off'
- testCmd: 'bash ./.azure/run_linux.sh'
+ testCmd: 'bash ./.azure/test_linux.sh ''*'''
+ linux-stub-sanitize:
+ platform: 'Linux-Stub-Sanitize'
+ imageName: 'ubuntu-latest'
+ cmakeArgs: '-g ''Linux Makefiles'' -DQUIC_TLS=stub -DQUIC_ENABLE_LOGGING=off -DQUIC_SANITIZE_ADDRESS=on'
+ testCmd: 'bash ./.azure/test_linux.sh AppData/WithSendArgs2.SendLarge/0'
linux-openssl:
platform: 'Linux-OpenSSL'
imageName: 'ubuntu-latest'
cmakeArgs: '-g ''Linux Makefiles'' -DQUIC_TLS=openssl -DQUIC_ENABLE_LOGGING=off'
- testCmd: 'bash ./.azure/run_linux.sh'
+ testCmd: 'bash ./.azure/test_linux.sh ''*'''
windows-x64-stub:
platform: 'Windows-x64-Stub'
imageName: 'windows-latest'
cmakeArgs: '-g ''Visual Studio 16 2019'' -A x64 -DQUIC_TLS=stub'
- testCmd: '.\.azure\run_windows.cmd'
+ testCmd: '.\.azure\test_windows.cmd *'
+ windows-x64-mitls:
+ platform: 'Windows-x64-miTLS'
+ imageName: 'windows-latest'
+ cmakeArgs: '-g ''Visual Studio 16 2019'' -A x64 -DQUIC_TLS=mitls'
+ testCmd: '.\.azure\test_windows.cmd *'
windows-x64-schannel:
platform: 'Windows-x64-Schannel'
imageName: 'windows-latest'
cmakeArgs: '-g ''Visual Studio 16 2019'' -A x64 -DQUIC_TLS=schannel'
- testCmd: 'echo Not supported yet'
+ testCmd: '.\.azure\test_windows.cmd ParameterValidation.*'
pool:
vmImage: $(imageName)
diff --git a/docs/BUILD.md b/docs/BUILD.md
index cc8ebf155..92b96a210 100644
--- a/docs/BUILD.md
+++ b/docs/BUILD.md
@@ -44,7 +44,7 @@ reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\S
- To decode the `quic.etl` file, run **TODO**
## Building on Linux (or [WSL](https://docs.microsoft.com/en-us/windows/wsl/wsl2-install))
-- Install tooling (WSL2 or Ubuntu)
+- Install tooling
- `sudo apt-get install cmake`
- `sudo apt-get install build-essentials`
- Run `mkdir bld && cd bld`
diff --git a/inc/quic_trace.h b/inc/quic_trace.h
index 5a011e581..c6c10bb41 100644
--- a/inc/quic_trace.h
+++ b/inc/quic_trace.h
@@ -374,9 +374,8 @@ QuicSysLogWrite(
QUIC_WRITE_EVENT(QUIC_TRACE_LEVEL_ERROR, "[ tls][%p] ERROR, %s", Connection, ErrStr)
#define EventWriteQuicTlsErrorStatus(Connection, Status, ErrStr) \
QUIC_WRITE_EVENT(QUIC_TRACE_LEVEL_ERROR, "[ tls][%p] ERROR, %u, %s", Connection, Status, ErrStr)
-
-#define EventWriteMiTLSTrace(Message) \
- QUIC_WRITE_EVENT(QUIC_TRACE_LEVEL_ERROR, "[mitls] %s", Message)
+#define EventWriteQuicTlsMessage(Connection, Message) \
+ QUIC_WRITE_EVENT(QUIC_TRACE_LEVEL_VERBOSE, "[ tls][%p] %s", Connection, Message)
#define EventWriteQuicDatapathSendTo(Binding, TotalSize, BufferCount, SegmentSize, RemoteAddrLen, RemoteAddr) \
QUIC_WRITE_EVENT(QUIC_TRACE_LEVEL_VERBOSE, "[ udp][%p] Send %u bytes in %u buffers (segment=%u) Dst=TODO", Binding, TotalSize, BufferCount, SegmentSize)
diff --git a/manifest/MsQuicEtw.man b/manifest/MsQuicEtw.man
index a3dc9c0df..fa7454012 100644
--- a/manifest/MsQuicEtw.man
+++ b/manifest/MsQuicEtw.man
@@ -732,6 +732,16 @@
name="Connection"
/>
+
+
+
+
#include
#include
+#if DBG
+#include
+#endif
#define QUIC_BASE_REG_PATH "System\\CurrentControlSet\\Services\\MsQuic\\Parameters\\"
diff --git a/platform/tls_mitls.c b/platform/tls_mitls.c
index f541dba18..5acd8ec7b 100644
--- a/platform/tls_mitls.c
+++ b/platform/tls_mitls.c
@@ -16,6 +16,7 @@ Abstract:
#endif
#define IS_WINDOWS 1
+#pragma warning(disable:4996) // Deprecated APIs
#include
#include
@@ -379,7 +380,8 @@ MiTlsTraceCallback(
_In_z_ const char *Msg
)
{
- EventWriteMiTLSTrace(Msg);
+ // TODO - Save connection in thread-local storage and retrieve it?
+ EventWriteQuicTlsMessage(NULL, Msg);
}
QUIC_STATUS
@@ -1899,13 +1901,13 @@ typedef struct QUIC_HP_KEY {
};
} QUIC_HP_KEY;
-Spec_Hash_Helpers_hash_alg
+Spec_Hash_Definitions_hash_alg
HashTypeToEverCrypt(
QUIC_HASH_TYPE Type
) {
return
- (Spec_Hash_Helpers_hash_alg)
- (Spec_Hash_Helpers_SHA2_256 + Type);
+ (Spec_Hash_Definitions_hash_alg)
+ (Spec_Hash_Definitions_SHA2_256 + Type);
}
#ifdef QUIC_TEST_MODE
@@ -2532,7 +2534,7 @@ QuicEncrypt(
} else if (Key->Aead == QUIC_AEAD_AES_256_GCM) {
EverCrypt_aes256_gcm_encrypt(Key->Key, (uint8_t*)Iv, (uint8_t*)AuthData, AuthDataLength, Buffer, PlainTextLength, Temp, Temp+PlainTextLength);
} else if (Key->Aead == QUIC_AEAD_CHACHA20_POLY1305) {
- EverCrypt_chacha20_poly1305_encrypt(Key->Key, (uint8_t*)Iv, (uint8_t*)AuthData, AuthDataLength, Buffer, PlainTextLength, Temp, Temp+PlainTextLength);
+ EverCrypt_Chacha20Poly1305_aead_encrypt(Key->Key, (uint8_t*)Iv, AuthDataLength, (uint8_t*)AuthData, PlainTextLength, Buffer, Temp, Temp+PlainTextLength);
} else {
QUIC_FRE_ASSERT(FALSE);
return QUIC_STATUS_NOT_SUPPORTED;
@@ -2570,7 +2572,7 @@ QuicDecrypt(
} else if (Key->Aead == QUIC_AEAD_AES_256_GCM) {
r = EverCrypt_aes256_gcm_decrypt(Key->Key, (uint8_t*)Iv, (uint8_t*)AuthData, AuthDataLength, Temp, PlainTextLength, Buffer, Buffer+PlainTextLength);
} else if (Key->Aead == QUIC_AEAD_CHACHA20_POLY1305) {
- r = EverCrypt_chacha20_poly1305_decrypt(Key->Key, (uint8_t*)Iv, (uint8_t*)AuthData, AuthDataLength, Temp, PlainTextLength, Buffer, Buffer+PlainTextLength);
+ r = EverCrypt_Chacha20Poly1305_aead_decrypt(Key->Key, (uint8_t*)Iv, AuthDataLength, (uint8_t*)AuthData, PlainTextLength, Temp, Buffer, Buffer+PlainTextLength);
} else {
QUIC_FRE_ASSERT(FALSE);
return QUIC_STATUS_NOT_SUPPORTED;
@@ -2665,7 +2667,7 @@ QuicHpComputeMask(
} else if (Key->Aead == QUIC_AEAD_CHACHA20_POLY1305) {
uint8_t zero[5] = {0};
uint32_t ctr = Cipher[0] + (Cipher[1] << 8) + (Cipher[2] << 16) + (Cipher[3] << 24);
- EverCrypt_chacha20((uint8_t*)Key->case_chacha20, Cipher+4, ctr, zero, 5, Mask);
+ EverCrypt_Cipher_chacha20(5, Mask, Cipher+4, (uint8_t*)Key->case_chacha20, zero, ctr);
} else {
return QUIC_STATUS_NOT_SUPPORTED;
}
diff --git a/submodules/everest b/submodules/everest
new file mode 160000
index 000000000..b526918db
--- /dev/null
+++ b/submodules/everest
@@ -0,0 +1 @@
+Subproject commit b526918db28d28a8ba1997485a52698da56f60b5
diff --git a/test/MsQuicTests.h b/test/MsQuicTests.h
index be3de1c3d..a9555ba1f 100644
--- a/test/MsQuicTests.h
+++ b/test/MsQuicTests.h
@@ -35,7 +35,7 @@ void QuicTestValidateSession();
void QuicTestValidateListener();
void QuicTestValidateConnection();
void QuicTestValidateStream(bool Connect);
-void QuicTestValidateServerSecConfig(bool KernelMode, void* CertContext, void* CertHashStore, char* Principal);
+void QuicTestValidateServerSecConfig(void* CertContext, QUIC_CERTIFICATE_HASH_STORE* CertHashStore, char* Principal);
//
// Event Validation Tests
diff --git a/test/bin/quic_gtest.cpp b/test/bin/quic_gtest.cpp
index 8e919d860..eac26135d 100644
--- a/test/bin/quic_gtest.cpp
+++ b/test/bin/quic_gtest.cpp
@@ -144,8 +144,7 @@ TEST(ParameterValidation, ValidateServerSecConfig) {
QUIC_CERTIFICATE_HASH_STORE CertHashStore = { QUIC_CERTIFICATE_HASH_STORE_FLAG_NONE };
memcpy(CertHashStore.ShaHash, SelfSignedCertParams->Thumbprint, sizeof(CertHashStore.ShaHash));
memcpy(CertHashStore.StoreName, "My", 2);
- QuicTestValidateServerSecConfig(
- false, SelfSignedCertParams->Certificate, &CertHashStore, "localhost");
+ QuicTestValidateServerSecConfig(SelfSignedCertParams->Certificate, &CertHashStore, "localhost");
}
#endif // _WIN32
diff --git a/test/lib/ApiTest.cpp b/test/lib/ApiTest.cpp
index 25bc307a1..91cc70747 100644
--- a/test/lib/ApiTest.cpp
+++ b/test/lib/ApiTest.cpp
@@ -965,17 +965,15 @@ QuicTestSecConfigCreateComplete(
QuicEventSet(ctxt->Event);
}
-void QuicTestValidateServerSecConfig(bool KernelMode, void* CertContext, void* CertHashStore, char* Principal)
+void QuicTestValidateServerSecConfig(void* CertContext, QUIC_CERTIFICATE_HASH_STORE* CertHashStore, char* Principal)
{
MsQuicRegistration TestReg;
TEST_TRUE(TestReg.IsValid());
SecConfigTestContext TestContext;
- void* CertHash = &((QUIC_CERTIFICATE_HASH_STORE*)CertHashStore)->ShaHash;
-
//
- // Test null inputs (user and kernel mode).
+ // Test null inputs.
//
TEST_QUIC_STATUS(
QUIC_STATUS_INVALID_PARAMETER,
@@ -987,63 +985,67 @@ void QuicTestValidateServerSecConfig(bool KernelMode, void* CertContext, void* C
&TestContext,
QuicTestSecConfigCreateComplete));
- //
- // Test certificate principal (user and kernel mode).
- //
- TestContext.Expected = QUIC_STATUS_SUCCESS;
- TEST_QUIC_SUCCEEDED(
- MsQuic->SecConfigCreate(
- TestReg,
- QUIC_SEC_CONFIG_FLAG_NONE,
- nullptr, // Certificate
- Principal, // Principal
- &TestContext,
- QuicTestSecConfigCreateComplete));
-
- TEST_TRUE(QuicEventWaitWithTimeout(TestContext.Event, TestWaitTimeout));
- TEST_FALSE(TestContext.Failed);
-
- //
- // Test certificate hash (user and kernel mode).
- //
- TEST_QUIC_SUCCEEDED(
- MsQuic->SecConfigCreate(
- TestReg,
- QUIC_SEC_CONFIG_FLAG_CERTIFICATE_HASH,
- CertHash, // Certificate
- nullptr, // Principal
- &TestContext,
- QuicTestSecConfigCreateComplete));
-
- TEST_TRUE(QuicEventWaitWithTimeout(TestContext.Event, TestWaitTimeout));
- TEST_FALSE(TestContext.Failed);
-
- //
- // Test certificate hash+store (user and kernel mode).
- //
- TEST_QUIC_SUCCEEDED(
- MsQuic->SecConfigCreate(
- TestReg,
- QUIC_SEC_CONFIG_FLAG_CERTIFICATE_HASH_STORE,
- CertHashStore, // Certificate
- nullptr, // Principal
- &TestContext,
- QuicTestSecConfigCreateComplete));
-
- TEST_TRUE(QuicEventWaitWithTimeout(TestContext.Event, TestWaitTimeout));
- TEST_FALSE(TestContext.Failed);
-
- if (!KernelMode) {
+ if (CertContext != nullptr) {
//
- // Test certificate context (user mode only).
+ // Test certificate context.
//
TestContext.Expected = QUIC_STATUS_SUCCESS;
TEST_QUIC_SUCCEEDED(
MsQuic->SecConfigCreate(
TestReg,
QUIC_SEC_CONFIG_FLAG_CERTIFICATE_CONTEXT,
- CertContext, // Certificate
- nullptr, // Principal
+ CertContext, // Certificate
+ nullptr, // Principal
+ &TestContext,
+ QuicTestSecConfigCreateComplete));
+
+ TEST_TRUE(QuicEventWaitWithTimeout(TestContext.Event, TestWaitTimeout));
+ TEST_FALSE(TestContext.Failed);
+ }
+
+ if (Principal != nullptr) {
+ //
+ // Test certificate principal.
+ //
+ TestContext.Expected = QUIC_STATUS_SUCCESS;
+ TEST_QUIC_SUCCEEDED(
+ MsQuic->SecConfigCreate(
+ TestReg,
+ QUIC_SEC_CONFIG_FLAG_NONE,
+ nullptr, // Certificate
+ Principal, // Principal
+ &TestContext,
+ QuicTestSecConfigCreateComplete));
+
+ TEST_TRUE(QuicEventWaitWithTimeout(TestContext.Event, TestWaitTimeout));
+ TEST_FALSE(TestContext.Failed);
+ }
+
+ if (CertHashStore != nullptr) {
+ //
+ // Test certificate hash.
+ //
+ TEST_QUIC_SUCCEEDED(
+ MsQuic->SecConfigCreate(
+ TestReg,
+ QUIC_SEC_CONFIG_FLAG_CERTIFICATE_HASH,
+ &CertHashStore->ShaHash, // Certificate
+ nullptr, // Principal
+ &TestContext,
+ QuicTestSecConfigCreateComplete));
+
+ TEST_TRUE(QuicEventWaitWithTimeout(TestContext.Event, TestWaitTimeout));
+ TEST_FALSE(TestContext.Failed);
+
+ //
+ // Test certificate hash + store.
+ //
+ TEST_QUIC_SUCCEEDED(
+ MsQuic->SecConfigCreate(
+ TestReg,
+ QUIC_SEC_CONFIG_FLAG_CERTIFICATE_HASH_STORE,
+ CertHashStore, // Certificate
+ nullptr, // Principal
&TestContext,
QuicTestSecConfigCreateComplete));
diff --git a/tools/etw/quicetw.h b/tools/etw/quicetw.h
index bdc754ec3..8b6f1de16 100644
--- a/tools/etw/quicetw.h
+++ b/tools/etw/quicetw.h
@@ -576,6 +576,7 @@ typedef struct QUIC_EVENT_DATA_BINDING {
typedef enum QUIC_EVENT_ID_TLS {
EventId_QuicTlsError,
EventId_QuicTlsErrorStatus,
+ EventId_QuicTlsMessage,
EventId_QuicTlsCount
} QUIC_EVENT_ID_TLS;
@@ -592,6 +593,9 @@ typedef struct QUIC_EVENT_DATA_TLS {
UINT32 Status;
char ErrStr[1];
} ErrorStatus;
+ struct {
+ char Str[1];
+ } Message;
};
} QUIC_EVENT_DATA_TLS;
#pragma pack(pop)
diff --git a/tools/etw/trace.c b/tools/etw/trace.c
index e44d3828d..daddd0c70 100644
--- a/tools/etw/trace.c
+++ b/tools/etw/trace.c
@@ -953,6 +953,10 @@ QuicTraceTlsEvent(
printf("ERROR, %u, %s\n", EvData->ErrorStatus.Status, EvData->ErrorStatus.ErrStr);
break;
}
+ case EventId_QuicTlsMessage: {
+ printf("%s\n", EvData->Message.Str);
+ break;
+ }
default: {
printf("Unknown Event ID=%u\n", ev->EventHeader.EventDescriptor.Id);
break;
diff --git a/tools/interop/interop.cpp b/tools/interop/interop.cpp
index 5011c648d..ce2720259 100644
--- a/tools/interop/interop.cpp
+++ b/tools/interop/interop.cpp
@@ -451,6 +451,7 @@ private:
pThis->UsedZeroRtt = true;
}
QuicEventSet(pThis->RequestComplete);
+ MsQuic->StreamClose(Stream);
break;
}
default:
diff --git a/tools/spin/spinquic.cpp b/tools/spin/spinquic.cpp
index 3ceb8c781..51cc66b4d 100644
--- a/tools/spin/spinquic.cpp
+++ b/tools/spin/spinquic.cpp
@@ -169,8 +169,13 @@ T& SpinQuicGetRandomFromVector(std::vector &vec)
}
// Replace these with actually random data
-char pkt0[] = "AAAAAAAAAAA";
-char pkt1[] = "\x01";
+const char pkt0[] = "AAAAAAAAAAA";
+const char pkt1[] = "\x01";
+
+const QUIC_BUFFER Buffers[2] = {
+ { ARRAYSIZE(pkt0) - 1, (uint8_t*)pkt0 },
+ { ARRAYSIZE(pkt1) - 1, (uint8_t*)pkt1 }
+};
int SpinQuicGetRandom(int upper_bound)
{
@@ -404,13 +409,8 @@ void ServerSpin(void *)
HQUIC Stream = SpinQuicGetRandomFromVector(ctx->Streams);
- QUIC_BUFFER Buffers[2] = {
- { (uint32_t)strlen(pkt0), reinterpret_cast(pkt0) },
- { (uint32_t)strlen(pkt1), reinterpret_cast(pkt1) },
- };
-
printf("MsQuic->StreamSend(%p, ...) = ", Stream);
- QUIC_STATUS Status = MsQuic->StreamSend(Stream, Buffers, 2, QUIC_SEND_FLAG_NONE, nullptr);
+ QUIC_STATUS Status = MsQuic->StreamSend(Stream, Buffers, ARRAYSIZE(Buffers), QUIC_SEND_FLAG_NONE, nullptr);
printf("0x%x\n", Status);
}
break;
@@ -588,13 +588,8 @@ void ClientSpin(void *)
HQUIC Stream = SpinQuicGetRandomFromVector(*Streams);
- QUIC_BUFFER Buffers[2] = {
- { (uint32_t)strlen(pkt0), reinterpret_cast(pkt0) },
- { (uint32_t)strlen(pkt1), reinterpret_cast(pkt1) },
- };
-
printf("MsQuic->StreamSend(%p, ...) = ", Stream);
- QUIC_STATUS Status = MsQuic->StreamSend(Stream, Buffers, 2, QUIC_SEND_FLAG_NONE, nullptr);
+ QUIC_STATUS Status = MsQuic->StreamSend(Stream, Buffers, ARRAYSIZE(Buffers), QUIC_SEND_FLAG_NONE, nullptr);
printf("0x%x\n", Status);
break;
}