ssl/quic/quic_tserver.c

   1 /*
   2  * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
   3  *
   4  * Licensed under the Apache License 2.0 (the "License").  You may not use
   5  * this file except in compliance with the License.  You can obtain a copy
   6  * in the file LICENSE in the source distribution or at
   7  * https://www.openssl.org/source/license.html
   8  */
   9
  10 #include "internal/quic_tserver.h"
  11 #include "internal/quic_channel.h"
  12 #include "internal/quic_statm.h"
  13 #include "internal/common.h"
  14 #include "internal/time.h"
  15
  16 /*
  17  * QUIC Test Server Module
  18  * =======================
  19  */
  20 struct quic_tserver_st {
  21     QUIC_TSERVER_ARGS   args;
  22
  23     /*
  24      * The QUIC channel providing the core QUIC connection implementation.
  25      */
  26     QUIC_CHANNEL    *ch;
  27
  28     /* The mutex we give to the QUIC channel. */
  29     CRYPTO_MUTEX    *mutex;
  30
  31     /* SSL_CTX for creating the underlying TLS connection */
  32     SSL_CTX *ctx;
  33
  34     /* SSL for the underlying TLS connection */
  35     SSL *tls;
  36
  37     /* The current peer L4 address. AF_UNSPEC if we do not have a peer yet. */
  38     BIO_ADDR        cur_peer_addr;
  39
  40     /* Are we connected to a peer? */
  41     unsigned int    connected       : 1;
  42 };
  43
  44 static int alpn_select_cb(SSL *ssl, const unsigned char **out,
  45                           unsigned char *outlen, const unsigned char *in,
  46                           unsigned int inlen, void *arg)
  47 {
  48     QUIC_TSERVER *srv = arg;
  49     static const unsigned char alpndeflt[] = {
  50         8, 'o', 's', 's', 'l', 't', 'e', 's', 't'
  51     };
  52     static const unsigned char *alpn;
  53     size_t alpnlen;
  54
  55     if (srv->args.alpn == NULL) {
  56         alpn = alpndeflt;
  57         alpnlen = sizeof(alpn);
  58     } else {
  59         alpn = srv->args.alpn;
  60         alpnlen = srv->args.alpnlen;
  61     }
  62
  63     if (SSL_select_next_proto((unsigned char **)out, outlen, alpn, alpnlen,
  64                               in, inlen) != OPENSSL_NPN_NEGOTIATED)
  65         return SSL_TLSEXT_ERR_ALERT_FATAL;
  66
  67     return SSL_TLSEXT_ERR_OK;
  68 }
  69
  70 QUIC_TSERVER *ossl_quic_tserver_new(const QUIC_TSERVER_ARGS *args,
  71                                     const char *certfile, const char *keyfile)
  72 {
  73     QUIC_TSERVER *srv = NULL;
  74     QUIC_CHANNEL_ARGS ch_args = {0};
  75
  76     if (args->net_rbio == NULL || args->net_wbio == NULL)
  77         goto err;
  78
  79     if ((srv = OPENSSL_zalloc(sizeof(*srv))) == NULL)
  80         goto err;
  81
  82     srv->args = *args;
  83
  84 #if defined(OPENSSL_THREADS)
  85     if ((srv->mutex = ossl_crypto_mutex_new()) == NULL)
  86         goto err;
  87 #endif
  88
  89     srv->ctx = SSL_CTX_new_ex(srv->args.libctx, srv->args.propq, TLS_method());
  90     if (srv->ctx == NULL)
  91         goto err;
  92
  93     if (SSL_CTX_use_certificate_file(srv->ctx, certfile, SSL_FILETYPE_PEM) <= 0)
  94         goto err;
  95
  96     if (SSL_CTX_use_PrivateKey_file(srv->ctx, keyfile, SSL_FILETYPE_PEM) <= 0)
  97         goto err;
  98
  99     SSL_CTX_set_alpn_select_cb(srv->ctx, alpn_select_cb, srv);
 100
 101     srv->tls = SSL_new(srv->ctx);
 102     if (srv->tls == NULL)
 103         goto err;
 104
 105     ch_args.libctx      = srv->args.libctx;
 106     ch_args.propq       = srv->args.propq;
 107     ch_args.tls         = srv->tls;
 108     ch_args.mutex       = srv->mutex;
 109     ch_args.is_server   = 1;
 110     ch_args.now_cb      = srv->args.now_cb;
 111     ch_args.now_cb_arg  = srv->args.now_cb_arg;
 112
 113     if ((srv->ch = ossl_quic_channel_new(&ch_args)) == NULL)
 114         goto err;
 115
 116     if (!ossl_quic_channel_set_net_rbio(srv->ch, srv->args.net_rbio)
 117         || !ossl_quic_channel_set_net_wbio(srv->ch, srv->args.net_wbio))
 118         goto err;
 119
 120     return srv;
 121
 122 err:
 123     if (srv != NULL) {
 124         ossl_quic_channel_free(srv->ch);
 125 #if defined(OPENSSL_THREADS)
 126         ossl_crypto_mutex_free(&srv->mutex);
 127 #endif
 128     }
 129
 130     OPENSSL_free(srv);
 131     return NULL;
 132 }
 133
 134 void ossl_quic_tserver_free(QUIC_TSERVER *srv)
 135 {
 136     if (srv == NULL)
 137         return;
 138
 139     ossl_quic_channel_free(srv->ch);
 140     BIO_free(srv->args.net_rbio);
 141     BIO_free(srv->args.net_wbio);
 142     SSL_free(srv->tls);
 143     SSL_CTX_free(srv->ctx);
 144 #if defined(OPENSSL_THREADS)
 145     ossl_crypto_mutex_free(&srv->mutex);
 146 #endif
 147     OPENSSL_free(srv);
 148 }
 149
 150 /* Set mutator callbacks for test framework support */
 151 int ossl_quic_tserver_set_plain_packet_mutator(QUIC_TSERVER *srv,
 152                                                ossl_mutate_packet_cb mutatecb,
 153                                                ossl_finish_mutate_cb finishmutatecb,
 154                                                void *mutatearg)
 155 {
 156     return ossl_quic_channel_set_mutator(srv->ch, mutatecb, finishmutatecb,
 157                                          mutatearg);
 158 }
 159
 160 int ossl_quic_tserver_set_handshake_mutator(QUIC_TSERVER *srv,
 161                                             ossl_statem_mutate_handshake_cb mutate_handshake_cb,
 162                                             ossl_statem_finish_mutate_handshake_cb finish_mutate_handshake_cb,
 163                                             void *mutatearg)
 164 {
 165     return ossl_statem_set_mutator(ossl_quic_channel_get0_ssl(srv->ch),
 166                                    mutate_handshake_cb,
 167                                    finish_mutate_handshake_cb,
 168                                    mutatearg);
 169 }
 170
 171 int ossl_quic_tserver_tick(QUIC_TSERVER *srv)
 172 {
 173     ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(srv->ch), 0);
 174
 175     if (ossl_quic_channel_is_active(srv->ch))
 176         srv->connected = 1;
 177
 178     return 1;
 179 }
 180
 181 int ossl_quic_tserver_is_connected(QUIC_TSERVER *srv)
 182 {
 183     return ossl_quic_channel_is_active(srv->ch);
 184 }
 185
 186 /* Returns 1 if the server is in any terminating or terminated state */
 187 int ossl_quic_tserver_is_term_any(const QUIC_TSERVER *srv)
 188 {
 189     return ossl_quic_channel_is_term_any(srv->ch);
 190 }
 191
 192 const QUIC_TERMINATE_CAUSE *
 193 ossl_quic_tserver_get_terminate_cause(const QUIC_TSERVER *srv)
 194 {
 195     return ossl_quic_channel_get_terminate_cause(srv->ch);
 196 }
 197
 198 /* Returns 1 if the server is in a terminated state */
 199 int ossl_quic_tserver_is_terminated(const QUIC_TSERVER *srv)
 200 {
 201     return ossl_quic_channel_is_terminated(srv->ch);
 202 }
 203
 204 int ossl_quic_tserver_is_handshake_confirmed(const QUIC_TSERVER *srv)
 205 {
 206     return ossl_quic_channel_is_handshake_confirmed(srv->ch);
 207 }
 208
 209 int ossl_quic_tserver_read(QUIC_TSERVER *srv,
 210                            uint64_t stream_id,
 211                            unsigned char *buf,
 212                            size_t buf_len,
 213                            size_t *bytes_read)
 214 {
 215     int is_fin = 0;
 216     QUIC_STREAM *qs;
 217
 218     if (!ossl_quic_channel_is_active(srv->ch))
 219         return 0;
 220
 221     qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(srv->ch),
 222                                         stream_id);
 223     if (qs == NULL) {
 224         int is_client_init
 225             = ((stream_id & QUIC_STREAM_INITIATOR_MASK)
 226                == QUIC_STREAM_INITIATOR_CLIENT);
 227
 228         /*
 229          * A client-initiated stream might spontaneously come into existence, so
 230          * allow trying to read on a client-initiated stream before it exists.
 231          * Otherwise, fail.
 232          */
 233         if (!is_client_init)
 234             return 0;
 235
 236         *bytes_read = 0;
 237         return 1;
 238     }
 239
 240     if (qs->recv_fin_retired || !ossl_quic_stream_has_recv_buffer(qs))
 241         return 0;
 242
 243     if (!ossl_quic_rstream_read(qs->rstream, buf, buf_len,
 244                                 bytes_read, &is_fin))
 245         return 0;
 246
 247     if (*bytes_read > 0) {
 248         /*
 249          * We have read at least one byte from the stream. Inform stream-level
 250          * RXFC of the retirement of controlled bytes. Update the active stream
 251          * status (the RXFC may now want to emit a frame granting more credit to
 252          * the peer).
 253          */
 254         OSSL_RTT_INFO rtt_info;
 255
 256         ossl_statm_get_rtt_info(ossl_quic_channel_get_statm(srv->ch), &rtt_info);
 257
 258         if (!ossl_quic_rxfc_on_retire(&qs->rxfc, *bytes_read,
 259                                       rtt_info.smoothed_rtt))
 260             return 0;
 261     }
 262
 263     if (is_fin)
 264         qs->recv_fin_retired = 1;
 265
 266     if (*bytes_read > 0)
 267         ossl_quic_stream_map_update_state(ossl_quic_channel_get_qsm(srv->ch), qs);
 268
 269     return 1;
 270 }
 271
 272 int ossl_quic_tserver_has_read_ended(QUIC_TSERVER *srv, uint64_t stream_id)
 273 {
 274     QUIC_STREAM *qs;
 275     unsigned char buf[1];
 276     size_t bytes_read = 0;
 277     int is_fin = 0;
 278
 279     qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(srv->ch),
 280                                         stream_id);
 281
 282     if (qs == NULL || !ossl_quic_stream_has_recv_buffer(qs))
 283         return 0;
 284
 285     if (qs->recv_fin_retired)
 286         return 1;
 287
 288     /*
 289      * If we do not have recv_fin_retired, it is possible we should still return
 290      * 1 if there is a lone FIN (but no more data) remaining to be retired from
 291      * the RSTREAM, for example because ossl_quic_tserver_read() has not been
 292      * called since the FIN was received.
 293      */
 294     if (!ossl_quic_rstream_peek(qs->rstream, buf, sizeof(buf),
 295                                 &bytes_read, &is_fin))
 296         return 0;
 297
 298     if (is_fin && bytes_read == 0) {
 299         /* If we have a FIN awaiting retirement and no data before it... */
 300         /* Let RSTREAM know we've consumed this FIN. */
 301         ossl_quic_rstream_read(qs->rstream, buf, sizeof(buf),
 302                                &bytes_read, &is_fin); /* best effort */
 303         assert(is_fin && bytes_read == 0);
 304
 305         qs->recv_fin_retired = 1;
 306         ossl_quic_stream_map_update_state(ossl_quic_channel_get_qsm(srv->ch), qs);
 307         return 1;
 308     }
 309
 310     return 0;
 311 }
 312
 313 int ossl_quic_tserver_write(QUIC_TSERVER *srv,
 314                             uint64_t stream_id,
 315                             const unsigned char *buf,
 316                             size_t buf_len,
 317                             size_t *bytes_written)
 318 {
 319     QUIC_STREAM *qs;
 320
 321     if (!ossl_quic_channel_is_active(srv->ch))
 322         return 0;
 323
 324     qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(srv->ch),
 325                                         stream_id);
 326     if (qs == NULL || !ossl_quic_stream_has_send_buffer(qs))
 327         return 0;
 328
 329     if (!ossl_quic_sstream_append(qs->sstream,
 330                                   buf, buf_len, bytes_written))
 331         return 0;
 332
 333     if (*bytes_written > 0)
 334         /*
 335          * We have appended at least one byte to the stream. Potentially mark
 336          * the stream as active, depending on FC.
 337          */
 338         ossl_quic_stream_map_update_state(ossl_quic_channel_get_qsm(srv->ch), qs);
 339
 340     /* Try and send. */
 341     ossl_quic_tserver_tick(srv);
 342     return 1;
 343 }
 344
 345 int ossl_quic_tserver_conclude(QUIC_TSERVER *srv, uint64_t stream_id)
 346 {
 347     QUIC_STREAM *qs;
 348
 349     if (!ossl_quic_channel_is_active(srv->ch))
 350         return 0;
 351
 352     qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(srv->ch),
 353                                         stream_id);
 354     if (qs == NULL || !ossl_quic_stream_has_send_buffer(qs))
 355         return 0;
 356
 357     if (!ossl_quic_sstream_get_final_size(qs->sstream, NULL)) {
 358         ossl_quic_sstream_fin(qs->sstream);
 359         ossl_quic_stream_map_update_state(ossl_quic_channel_get_qsm(srv->ch), qs);
 360     }
 361
 362     ossl_quic_tserver_tick(srv);
 363     return 1;
 364 }
 365
 366 int ossl_quic_tserver_stream_new(QUIC_TSERVER *srv,
 367                                  int is_uni,
 368                                  uint64_t *stream_id)
 369 {
 370     QUIC_STREAM *qs;
 371
 372     if (!ossl_quic_channel_is_active(srv->ch))
 373         return 0;
 374
 375     if ((qs = ossl_quic_channel_new_stream_local(srv->ch, is_uni)) == NULL)
 376         return 0;
 377
 378     *stream_id = qs->id;
 379     return 1;
 380 }
 381
 382 BIO *ossl_quic_tserver_get0_rbio(QUIC_TSERVER *srv)
 383 {
 384     return srv->args.net_rbio;
 385 }
 386
 387 int ossl_quic_tserver_stream_has_peer_stop_sending(QUIC_TSERVER *srv,
 388                                                    uint64_t stream_id,
 389                                                    uint64_t *app_error_code)
 390 {
 391     QUIC_STREAM *qs;
 392
 393     qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(srv->ch),
 394                                         stream_id);
 395     if (qs == NULL)
 396         return 0;
 397
 398     if (qs->peer_stop_sending && app_error_code != NULL)
 399         *app_error_code = qs->peer_stop_sending_aec;
 400
 401     return qs->peer_stop_sending;
 402 }
 403
 404 int ossl_quic_tserver_stream_has_peer_reset_stream(QUIC_TSERVER *srv,
 405                                                    uint64_t stream_id,
 406                                                    uint64_t  *app_error_code)
 407 {
 408     QUIC_STREAM *qs;
 409
 410     qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(srv->ch),
 411                                         stream_id);
 412     if (qs == NULL)
 413         return 0;
 414
 415     if (ossl_quic_stream_recv_is_reset(qs) && app_error_code != NULL)
 416         *app_error_code = qs->peer_reset_stream_aec;
 417
 418     return ossl_quic_stream_recv_is_reset(qs);
 419 }
 420
 421 int ossl_quic_tserver_set_new_local_cid(QUIC_TSERVER *srv,
 422                                         const QUIC_CONN_ID *conn_id)
 423 {
 424     /* Replace existing local connection ID in the QUIC_CHANNEL */
 425     return ossl_quic_channel_replace_local_cid(srv->ch, conn_id);
 426 }
 427
 428 uint64_t ossl_quic_tserver_pop_incoming_stream(QUIC_TSERVER *srv)
 429 {
 430     QUIC_STREAM_MAP *qsm = ossl_quic_channel_get_qsm(srv->ch);
 431     QUIC_STREAM *qs = ossl_quic_stream_map_peek_accept_queue(qsm);
 432
 433     if (qs == NULL)
 434         return UINT64_MAX;
 435
 436     ossl_quic_stream_map_remove_from_accept_queue(qsm, qs, ossl_time_zero());
 437
 438     return qs->id;
 439 }
 440
 441 int ossl_quic_tserver_is_stream_totally_acked(QUIC_TSERVER *srv,
 442                                               uint64_t stream_id)
 443 {
 444     QUIC_STREAM *qs;
 445
 446     qs = ossl_quic_stream_map_get_by_id(ossl_quic_channel_get_qsm(srv->ch),
 447                                         stream_id);
 448     if (qs == NULL)
 449         return 1;
 450
 451     return ossl_quic_sstream_is_totally_acked(qs->sstream);
 452 }
 453
 454 int ossl_quic_tserver_get_net_read_desired(QUIC_TSERVER *srv)
 455 {
 456     return ossl_quic_reactor_net_read_desired(
 457                 ossl_quic_channel_get_reactor(srv->ch));
 458 }
 459
 460 int ossl_quic_tserver_get_net_write_desired(QUIC_TSERVER *srv)
 461 {
 462     return ossl_quic_reactor_net_write_desired(
 463                 ossl_quic_channel_get_reactor(srv->ch));
 464 }
 465
 466 OSSL_TIME ossl_quic_tserver_get_deadline(QUIC_TSERVER *srv)
 467 {
 468     return ossl_quic_reactor_get_tick_deadline(
 469                 ossl_quic_channel_get_reactor(srv->ch));
 470 }
 471
 472 int ossl_quic_tserver_shutdown(QUIC_TSERVER *srv)
 473 {
 474     ossl_quic_channel_local_close(srv->ch, 0);
 475
 476     /* TODO(QUIC): !SSL_SHUTDOWN_FLAG_NO_STREAM_FLUSH */
 477
 478     if (ossl_quic_channel_is_terminated(srv->ch))
 479         return 1;
 480
 481     ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(srv->ch), 0);
 482
 483     return ossl_quic_channel_is_terminated(srv->ch);
 484 }