lib/libssl/tls13_quic.c

*9987920cStb/*	$OpenBSD: tls13_quic.c,v 1.8 2024/09/09 03:55:55 tb Exp $ */
f7e8f89fSjsing/*
f7e8f89fSjsing * Copyright (c) 2022 Joel Sing <jsing@openbsd.org>
f7e8f89fSjsing *
f7e8f89fSjsing * Permission to use, copy, modify, and distribute this software for any
f7e8f89fSjsing * purpose with or without fee is hereby granted, provided that the above
f7e8f89fSjsing * copyright notice and this permission notice appear in all copies.
f7e8f89fSjsing *
f7e8f89fSjsing * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
f7e8f89fSjsing * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
f7e8f89fSjsing * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
f7e8f89fSjsing * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
f7e8f89fSjsing * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
f7e8f89fSjsing * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
f7e8f89fSjsing * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
f7e8f89fSjsing */
f7e8f89fSjsing
c9675a23Stb#include "ssl_local.h"
f7e8f89fSjsing#include "tls13_internal.h"
f7e8f89fSjsing
f7e8f89fSjsingstatic ssize_t
f7e8f89fSjsingtls13_quic_wire_read_cb(void *buf, size_t n, void *arg)
f7e8f89fSjsing{
f7e8f89fSjsing	struct tls13_ctx *ctx = arg;
f7e8f89fSjsing	SSL *ssl = ctx->ssl;
f7e8f89fSjsing
cfa19c4eSjsing	SSLerror(ssl, SSL_R_QUIC_INTERNAL_ERROR);
f7e8f89fSjsing	return TLS13_IO_FAILURE;
f7e8f89fSjsing}
f7e8f89fSjsing
f7e8f89fSjsingstatic ssize_t
f7e8f89fSjsingtls13_quic_wire_write_cb(const void *buf, size_t n, void *arg)
f7e8f89fSjsing{
f7e8f89fSjsing	struct tls13_ctx *ctx = arg;
f7e8f89fSjsing	SSL *ssl = ctx->ssl;
f7e8f89fSjsing
cfa19c4eSjsing	SSLerror(ssl, SSL_R_QUIC_INTERNAL_ERROR);
f7e8f89fSjsing	return TLS13_IO_FAILURE;
f7e8f89fSjsing}
f7e8f89fSjsing
f7e8f89fSjsingstatic ssize_t
f7e8f89fSjsingtls13_quic_wire_flush_cb(void *arg)
f7e8f89fSjsing{
f7e8f89fSjsing	struct tls13_ctx *ctx = arg;
f7e8f89fSjsing	SSL *ssl = ctx->ssl;
f7e8f89fSjsing
35351aa0Sjsing	if (!ssl->quic_method->flush_flight(ssl)) {
35351aa0Sjsing		SSLerror(ssl, SSL_R_QUIC_INTERNAL_ERROR);
f7e8f89fSjsing		return TLS13_IO_FAILURE;
f7e8f89fSjsing	}
f7e8f89fSjsing
35351aa0Sjsing	return TLS13_IO_SUCCESS;
35351aa0Sjsing}
35351aa0Sjsing
f7e8f89fSjsingstatic ssize_t
f7e8f89fSjsingtls13_quic_handshake_read_cb(void *buf, size_t n, void *arg)
f7e8f89fSjsing{
35351aa0Sjsing	struct tls13_ctx *ctx = arg;
35351aa0Sjsing
475112fdSjsing	if (ctx->hs->tls13.quic_read_buffer == NULL)
475112fdSjsing		return TLS13_IO_WANT_POLLIN;
475112fdSjsing
35351aa0Sjsing	return tls_buffer_read(ctx->hs->tls13.quic_read_buffer, buf, n);
f7e8f89fSjsing}
f7e8f89fSjsing
f7e8f89fSjsingstatic ssize_t
f7e8f89fSjsingtls13_quic_handshake_write_cb(const void *buf, size_t n, void *arg)
f7e8f89fSjsing{
f7e8f89fSjsing	struct tls13_ctx *ctx = arg;
f7e8f89fSjsing	SSL *ssl = ctx->ssl;
f7e8f89fSjsing
35351aa0Sjsing	if (!ssl->quic_method->add_handshake_data(ssl,
35351aa0Sjsing	    ctx->hs->tls13.quic_write_level, buf, n)) {
35351aa0Sjsing		SSLerror(ssl, SSL_R_QUIC_INTERNAL_ERROR);
f7e8f89fSjsing		return TLS13_IO_FAILURE;
f7e8f89fSjsing	}
f7e8f89fSjsing
35351aa0Sjsing	return n;
35351aa0Sjsing}
35351aa0Sjsing
f7e8f89fSjsingstatic int
f7e8f89fSjsingtls13_quic_set_read_traffic_key(struct tls13_secret *read_key,
f7e8f89fSjsing    enum ssl_encryption_level_t read_level, void *arg)
f7e8f89fSjsing{
f7e8f89fSjsing	struct tls13_ctx *ctx = arg;
f7e8f89fSjsing	SSL *ssl = ctx->ssl;
f7e8f89fSjsing
f7e8f89fSjsing	ctx->hs->tls13.quic_read_level = read_level;
f7e8f89fSjsing
35351aa0Sjsing	/* Handle both the new (BoringSSL) and old (quictls) APIs. */
35351aa0Sjsing
35351aa0Sjsing	if (ssl->quic_method->set_read_secret != NULL)
35351aa0Sjsing		return ssl->quic_method->set_read_secret(ssl,
35351aa0Sjsing		    ctx->hs->tls13.quic_read_level, ctx->hs->cipher,
35351aa0Sjsing		    read_key->data, read_key->len);
35351aa0Sjsing
35351aa0Sjsing	if (ssl->quic_method->set_encryption_secrets != NULL)
35351aa0Sjsing		return ssl->quic_method->set_encryption_secrets(ssl,
35351aa0Sjsing		    ctx->hs->tls13.quic_read_level, read_key->data, NULL,
35351aa0Sjsing		    read_key->len);
35351aa0Sjsing
f7e8f89fSjsing	return 0;
f7e8f89fSjsing}
f7e8f89fSjsing
f7e8f89fSjsingstatic int
f7e8f89fSjsingtls13_quic_set_write_traffic_key(struct tls13_secret *write_key,
f7e8f89fSjsing    enum ssl_encryption_level_t write_level, void *arg)
f7e8f89fSjsing{
f7e8f89fSjsing	struct tls13_ctx *ctx = arg;
f7e8f89fSjsing	SSL *ssl = ctx->ssl;
f7e8f89fSjsing
f7e8f89fSjsing	ctx->hs->tls13.quic_write_level = write_level;
f7e8f89fSjsing
35351aa0Sjsing	/* Handle both the new (BoringSSL) and old (quictls) APIs. */
35351aa0Sjsing
35351aa0Sjsing	if (ssl->quic_method->set_write_secret != NULL)
35351aa0Sjsing		return ssl->quic_method->set_write_secret(ssl,
35351aa0Sjsing		    ctx->hs->tls13.quic_write_level, ctx->hs->cipher,
35351aa0Sjsing		    write_key->data, write_key->len);
35351aa0Sjsing
35351aa0Sjsing	if (ssl->quic_method->set_encryption_secrets != NULL)
35351aa0Sjsing		return ssl->quic_method->set_encryption_secrets(ssl,
35351aa0Sjsing		    ctx->hs->tls13.quic_write_level, NULL, write_key->data,
35351aa0Sjsing		    write_key->len);
35351aa0Sjsing
f7e8f89fSjsing	return 0;
f7e8f89fSjsing}
f7e8f89fSjsing
f7e8f89fSjsingstatic int
f7e8f89fSjsingtls13_quic_alert_send_cb(int alert_desc, void *arg)
f7e8f89fSjsing{
f7e8f89fSjsing	struct tls13_ctx *ctx = arg;
f7e8f89fSjsing	SSL *ssl = ctx->ssl;
*9987920cStb	uint8_t alert_level = TLS13_ALERT_LEVEL_FATAL;
*9987920cStb	int ret = TLS13_IO_ALERT;
f7e8f89fSjsing
35351aa0Sjsing	if (!ssl->quic_method->send_alert(ssl, ctx->hs->tls13.quic_write_level,
35351aa0Sjsing	    alert_desc)) {
35351aa0Sjsing		SSLerror(ssl, SSL_R_QUIC_INTERNAL_ERROR);
f7e8f89fSjsing		return TLS13_IO_FAILURE;
f7e8f89fSjsing	}
f7e8f89fSjsing
*9987920cStb	if (alert_desc == TLS13_ALERT_CLOSE_NOTIFY ||
*9987920cStb	    alert_desc == TLS13_ALERT_USER_CANCELED) {
*9987920cStb		alert_level = TLS13_ALERT_LEVEL_WARNING;
*9987920cStb		ret = TLS13_IO_SUCCESS;
*9987920cStb	}
*9987920cStb
*9987920cStb	tls13_record_layer_alert_sent(ctx->rl, alert_level, alert_desc);
*9987920cStb
*9987920cStb	return ret;
35351aa0Sjsing}
35351aa0Sjsing
f7e8f89fSjsingstatic const struct tls13_record_layer_callbacks quic_rl_callbacks = {
f7e8f89fSjsing	.wire_read = tls13_quic_wire_read_cb,
f7e8f89fSjsing	.wire_write = tls13_quic_wire_write_cb,
f7e8f89fSjsing	.wire_flush = tls13_quic_wire_flush_cb,
f7e8f89fSjsing
f7e8f89fSjsing	.handshake_read = tls13_quic_handshake_read_cb,
f7e8f89fSjsing	.handshake_write = tls13_quic_handshake_write_cb,
f7e8f89fSjsing	.set_read_traffic_key = tls13_quic_set_read_traffic_key,
f7e8f89fSjsing	.set_write_traffic_key = tls13_quic_set_write_traffic_key,
f7e8f89fSjsing	.alert_send = tls13_quic_alert_send_cb,
f7e8f89fSjsing
f7e8f89fSjsing	.alert_recv = tls13_alert_received_cb,
f7e8f89fSjsing	.alert_sent = tls13_alert_sent_cb,
f7e8f89fSjsing	.phh_recv = tls13_phh_received_cb,
f7e8f89fSjsing	.phh_sent = tls13_phh_done_cb,
f7e8f89fSjsing};
f7e8f89fSjsing
f7e8f89fSjsingint
f7e8f89fSjsingtls13_quic_init(struct tls13_ctx *ctx)
f7e8f89fSjsing{
cb8525f4Sjsing	BIO *bio;
cb8525f4Sjsing
f7e8f89fSjsing	tls13_record_layer_set_callbacks(ctx->rl, &quic_rl_callbacks, ctx);
f7e8f89fSjsing
f7e8f89fSjsing	ctx->middlebox_compat = 0;
f7e8f89fSjsing
cb8525f4Sjsing	/*
cb8525f4Sjsing	 * QUIC does not use BIOs, however we currently expect a BIO to exist
cb8525f4Sjsing	 * for status handling.
cb8525f4Sjsing	 */
cb8525f4Sjsing	if ((bio = BIO_new(BIO_s_null())) == NULL)
cb8525f4Sjsing		return 0;
cb8525f4Sjsing
cb8525f4Sjsing	SSL_set_bio(ctx->ssl, bio, bio);
cb8525f4Sjsing	bio = NULL;
cb8525f4Sjsing
f7e8f89fSjsing	return 1;
f7e8f89fSjsing}