1 /* $OpenBSD: tls13_quic.c,v 1.8 2024/09/09 03:55:55 tb Exp $ */ 2 /* 3 * Copyright (c) 2022 Joel Sing <jsing@openbsd.org> 4 * 5 * Permission to use, copy, modify, and distribute this software for any 6 * purpose with or without fee is hereby granted, provided that the above 7 * copyright notice and this permission notice appear in all copies. 8 * 9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 */ 17 18 #include "ssl_local.h" 19 #include "tls13_internal.h" 20 21 static ssize_t 22 tls13_quic_wire_read_cb(void *buf, size_t n, void *arg) 23 { 24 struct tls13_ctx *ctx = arg; 25 SSL *ssl = ctx->ssl; 26 27 SSLerror(ssl, SSL_R_QUIC_INTERNAL_ERROR); 28 return TLS13_IO_FAILURE; 29 } 30 31 static ssize_t 32 tls13_quic_wire_write_cb(const void *buf, size_t n, void *arg) 33 { 34 struct tls13_ctx *ctx = arg; 35 SSL *ssl = ctx->ssl; 36 37 SSLerror(ssl, SSL_R_QUIC_INTERNAL_ERROR); 38 return TLS13_IO_FAILURE; 39 } 40 41 static ssize_t 42 tls13_quic_wire_flush_cb(void *arg) 43 { 44 struct tls13_ctx *ctx = arg; 45 SSL *ssl = ctx->ssl; 46 47 if (!ssl->quic_method->flush_flight(ssl)) { 48 SSLerror(ssl, SSL_R_QUIC_INTERNAL_ERROR); 49 return TLS13_IO_FAILURE; 50 } 51 52 return TLS13_IO_SUCCESS; 53 } 54 55 static ssize_t 56 tls13_quic_handshake_read_cb(void *buf, size_t n, void *arg) 57 { 58 struct tls13_ctx *ctx = arg; 59 60 if (ctx->hs->tls13.quic_read_buffer == NULL) 61 return TLS13_IO_WANT_POLLIN; 62 63 return tls_buffer_read(ctx->hs->tls13.quic_read_buffer, buf, n); 64 } 65 66 static ssize_t 67 tls13_quic_handshake_write_cb(const void *buf, size_t n, void *arg) 68 { 69 struct tls13_ctx *ctx = arg; 70 SSL *ssl = ctx->ssl; 71 72 if (!ssl->quic_method->add_handshake_data(ssl, 73 ctx->hs->tls13.quic_write_level, buf, n)) { 74 SSLerror(ssl, SSL_R_QUIC_INTERNAL_ERROR); 75 return TLS13_IO_FAILURE; 76 } 77 78 return n; 79 } 80 81 static int 82 tls13_quic_set_read_traffic_key(struct tls13_secret *read_key, 83 enum ssl_encryption_level_t read_level, void *arg) 84 { 85 struct tls13_ctx *ctx = arg; 86 SSL *ssl = ctx->ssl; 87 88 ctx->hs->tls13.quic_read_level = read_level; 89 90 /* Handle both the new (BoringSSL) and old (quictls) APIs. */ 91 92 if (ssl->quic_method->set_read_secret != NULL) 93 return ssl->quic_method->set_read_secret(ssl, 94 ctx->hs->tls13.quic_read_level, ctx->hs->cipher, 95 read_key->data, read_key->len); 96 97 if (ssl->quic_method->set_encryption_secrets != NULL) 98 return ssl->quic_method->set_encryption_secrets(ssl, 99 ctx->hs->tls13.quic_read_level, read_key->data, NULL, 100 read_key->len); 101 102 return 0; 103 } 104 105 static int 106 tls13_quic_set_write_traffic_key(struct tls13_secret *write_key, 107 enum ssl_encryption_level_t write_level, void *arg) 108 { 109 struct tls13_ctx *ctx = arg; 110 SSL *ssl = ctx->ssl; 111 112 ctx->hs->tls13.quic_write_level = write_level; 113 114 /* Handle both the new (BoringSSL) and old (quictls) APIs. */ 115 116 if (ssl->quic_method->set_write_secret != NULL) 117 return ssl->quic_method->set_write_secret(ssl, 118 ctx->hs->tls13.quic_write_level, ctx->hs->cipher, 119 write_key->data, write_key->len); 120 121 if (ssl->quic_method->set_encryption_secrets != NULL) 122 return ssl->quic_method->set_encryption_secrets(ssl, 123 ctx->hs->tls13.quic_write_level, NULL, write_key->data, 124 write_key->len); 125 126 return 0; 127 } 128 129 static int 130 tls13_quic_alert_send_cb(int alert_desc, void *arg) 131 { 132 struct tls13_ctx *ctx = arg; 133 SSL *ssl = ctx->ssl; 134 uint8_t alert_level = TLS13_ALERT_LEVEL_FATAL; 135 int ret = TLS13_IO_ALERT; 136 137 if (!ssl->quic_method->send_alert(ssl, ctx->hs->tls13.quic_write_level, 138 alert_desc)) { 139 SSLerror(ssl, SSL_R_QUIC_INTERNAL_ERROR); 140 return TLS13_IO_FAILURE; 141 } 142 143 if (alert_desc == TLS13_ALERT_CLOSE_NOTIFY || 144 alert_desc == TLS13_ALERT_USER_CANCELED) { 145 alert_level = TLS13_ALERT_LEVEL_WARNING; 146 ret = TLS13_IO_SUCCESS; 147 } 148 149 tls13_record_layer_alert_sent(ctx->rl, alert_level, alert_desc); 150 151 return ret; 152 } 153 154 static const struct tls13_record_layer_callbacks quic_rl_callbacks = { 155 .wire_read = tls13_quic_wire_read_cb, 156 .wire_write = tls13_quic_wire_write_cb, 157 .wire_flush = tls13_quic_wire_flush_cb, 158 159 .handshake_read = tls13_quic_handshake_read_cb, 160 .handshake_write = tls13_quic_handshake_write_cb, 161 .set_read_traffic_key = tls13_quic_set_read_traffic_key, 162 .set_write_traffic_key = tls13_quic_set_write_traffic_key, 163 .alert_send = tls13_quic_alert_send_cb, 164 165 .alert_recv = tls13_alert_received_cb, 166 .alert_sent = tls13_alert_sent_cb, 167 .phh_recv = tls13_phh_received_cb, 168 .phh_sent = tls13_phh_done_cb, 169 }; 170 171 int 172 tls13_quic_init(struct tls13_ctx *ctx) 173 { 174 BIO *bio; 175 176 tls13_record_layer_set_callbacks(ctx->rl, &quic_rl_callbacks, ctx); 177 178 ctx->middlebox_compat = 0; 179 180 /* 181 * QUIC does not use BIOs, however we currently expect a BIO to exist 182 * for status handling. 183 */ 184 if ((bio = BIO_new(BIO_s_null())) == NULL) 185 return 0; 186 187 SSL_set_bio(ctx->ssl, bio, bio); 188 bio = NULL; 189 190 return 1; 191 } 192