xref: /openbsd-src/regress/lib/libssl/quic/quictest.c (revision 3374c67d44f9b75b98444cbf63020f777792342e) 
1 /* $OpenBSD: quictest.c,v 1.1 2022/08/27 09:16:29 jsing Exp $ */
2 /*
3  * Copyright (c) 2020, 2021, 2022 Joel Sing <jsing@openbsd.org>
4  *
5  * Permission to use, copy, modify, and distribute this software for any
6  * purpose with or without fee is hereby granted, provided that the above
7  * copyright notice and this permission notice appear in all copies.
8  *
9  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16  */
17 
18 #include <err.h>
19 
20 #include <openssl/bio.h>
21 #include <openssl/err.h>
22 #include <openssl/ssl.h>
23 
24 const char *server_ca_file;
25 const char *server_cert_file;
26 const char *server_key_file;
27 
28 int debug = 0;
29 
30 static void
31 hexdump(const unsigned char *buf, size_t len)
32 {
33 	size_t i;
34 
35 	for (i = 1; i <= len; i++)
36 		fprintf(stderr, " 0x%02hhx,%s", buf[i - 1], i % 8 ? "" : "\n");
37 
38 	if (len % 8)
39 		fprintf(stderr, "\n");
40 }
41 
42 struct quic_data {
43 	enum ssl_encryption_level_t rlevel;
44 	enum ssl_encryption_level_t wlevel;
45 	BIO *rbio;
46 	BIO *wbio;
47 };
48 
49 static int
50 quic_set_read_secret(SSL *ssl, enum ssl_encryption_level_t level,
51     const SSL_CIPHER *cipher, const uint8_t *secret, size_t secret_len)
52 {
53 	struct quic_data *qd = SSL_get_app_data(ssl);
54 
55 	qd->rlevel = level;
56 
57 	return 1;
58 }
59 
60 static int
61 quic_set_write_secret(SSL *ssl, enum ssl_encryption_level_t level,
62     const SSL_CIPHER *cipher, const uint8_t *secret, size_t secret_len)
63 {
64 	struct quic_data *qd = SSL_get_app_data(ssl);
65 
66 	qd->wlevel = level;
67 
68 	return 1;
69 }
70 
71 static int
72 quic_read_handshake_data(SSL *ssl)
73 {
74 	struct quic_data *qd = SSL_get_app_data(ssl);
75 	uint8_t buf[2048];
76 	int ret;
77 
78 	if ((ret = BIO_read(qd->rbio, buf, sizeof(buf))) > 0) {
79 		if (debug > 1) {
80 			fprintf(stderr, "== quic_read_handshake_data ==\n");
81 			hexdump(buf, ret);
82 		}
83 		if (!SSL_provide_quic_data(ssl, qd->rlevel, buf, ret))
84 			return -1;
85 	}
86 
87 	return 1;
88 }
89 
90 static int
91 quic_add_handshake_data(SSL *ssl, enum ssl_encryption_level_t level,
92     const uint8_t *data, size_t len)
93 {
94 	struct quic_data *qd = SSL_get_app_data(ssl);
95 	int ret;
96 
97 	if (debug > 1) {
98 		fprintf(stderr, "== quic_add_handshake_data\n");
99 		hexdump(data, len);
100 	}
101 
102 	if ((ret = BIO_write(qd->wbio, data, len)) <= 0)
103 		return 0;
104 
105 	return (size_t)ret == len;
106 }
107 
108 static int
109 quic_flush_flight(SSL *ssl)
110 {
111 	return 1;
112 }
113 
114 static int
115 quic_send_alert(SSL *ssl, enum ssl_encryption_level_t level, uint8_t alert)
116 {
117 	return 1;
118 }
119 
120 const SSL_QUIC_METHOD quic_method = {
121 	.set_read_secret = quic_set_read_secret,
122 	.set_write_secret = quic_set_write_secret,
123 	.add_handshake_data = quic_add_handshake_data,
124 	.flush_flight = quic_flush_flight,
125 	.send_alert = quic_send_alert,
126 };
127 
128 static SSL *
129 quic_client(struct quic_data *data)
130 {
131 	SSL_CTX *ssl_ctx = NULL;
132 	SSL *ssl = NULL;
133 
134 	if ((ssl_ctx = SSL_CTX_new(TLS_method())) == NULL)
135 		errx(1, "client context");
136 
137 	if (!SSL_CTX_set_quic_method(ssl_ctx, &quic_method)) {
138 		fprintf(stderr, "FAIL: Failed to set QUIC method\n");
139 		goto failure;
140 	}
141 
142 	if ((ssl = SSL_new(ssl_ctx)) == NULL)
143 		errx(1, "client ssl");
144 
145 	SSL_set_connect_state(ssl);
146 	SSL_set_app_data(ssl, data);
147 
148  failure:
149 	SSL_CTX_free(ssl_ctx);
150 
151 	return ssl;
152 }
153 
154 static SSL *
155 quic_server(struct quic_data *data)
156 {
157 	SSL_CTX *ssl_ctx = NULL;
158 	SSL *ssl = NULL;
159 
160 	if ((ssl_ctx = SSL_CTX_new(TLS_method())) == NULL)
161 		errx(1, "server context");
162 
163 	SSL_CTX_set_dh_auto(ssl_ctx, 2);
164 
165 	if (SSL_CTX_use_certificate_file(ssl_ctx, server_cert_file,
166 	    SSL_FILETYPE_PEM) != 1) {
167 		fprintf(stderr, "FAIL: Failed to load server certificate\n");
168 		goto failure;
169 	}
170 	if (SSL_CTX_use_PrivateKey_file(ssl_ctx, server_key_file,
171 	    SSL_FILETYPE_PEM) != 1) {
172 		fprintf(stderr, "FAIL: Failed to load server private key\n");
173 		goto failure;
174 	}
175 
176 	if (!SSL_CTX_set_quic_method(ssl_ctx, &quic_method)) {
177 		fprintf(stderr, "FAIL: Failed to set QUIC method\n");
178 		goto failure;
179 	}
180 
181 	if ((ssl = SSL_new(ssl_ctx)) == NULL)
182 		errx(1, "server ssl");
183 
184 	SSL_set_accept_state(ssl);
185 	SSL_set_app_data(ssl, data);
186 
187  failure:
188 	SSL_CTX_free(ssl_ctx);
189 
190 	return ssl;
191 }
192 
193 static int
194 ssl_error(SSL *ssl, const char *name, const char *desc, int ssl_ret)
195 {
196 	int ssl_err;
197 
198 	ssl_err = SSL_get_error(ssl, ssl_ret);
199 
200 	if (ssl_err == SSL_ERROR_WANT_READ) {
201 		if (quic_read_handshake_data(ssl) < 0)
202 			return 0;
203 		return 1;
204 	} else if (ssl_err == SSL_ERROR_WANT_WRITE) {
205 		return 1;
206 	} else if (ssl_err == SSL_ERROR_SYSCALL && errno == 0) {
207 		/* Yup, this is apparently a thing... */
208 	} else {
209 		fprintf(stderr, "FAIL: %s %s failed - ssl err = %d, errno = %d\n",
210 		    name, desc, ssl_err, errno);
211 		ERR_print_errors_fp(stderr);
212 		return 0;
213 	}
214 
215 	return 1;
216 }
217 
218 static int
219 do_handshake(SSL *ssl, const char *name, int *done)
220 {
221 	int ssl_ret;
222 
223 	if ((ssl_ret = SSL_do_handshake(ssl)) == 1) {
224 		fprintf(stderr, "INFO: %s handshake done\n", name);
225 		*done = 1;
226 		return 1;
227 	}
228 
229 	return ssl_error(ssl, name, "handshake", ssl_ret);
230 }
231 
232 typedef int (*ssl_func)(SSL *ssl, const char *name, int *done);
233 
234 static int
235 do_client_server_loop(SSL *client, ssl_func client_func, SSL *server,
236     ssl_func server_func)
237 {
238 	int client_done = 0, server_done = 0;
239 	int i = 0;
240 
241 	do {
242 		if (!client_done) {
243 			if (debug)
244 				fprintf(stderr, "DEBUG: client loop\n");
245 			if (!client_func(client, "client", &client_done))
246 				return 0;
247 		}
248 		if (!server_done) {
249 			if (debug)
250 				fprintf(stderr, "DEBUG: server loop\n");
251 			if (!server_func(server, "server", &server_done))
252 				return 0;
253 		}
254 	} while (i++ < 100 && (!client_done || !server_done));
255 
256 	if (!client_done || !server_done)
257 		fprintf(stderr, "FAIL: gave up\n");
258 
259 	return client_done && server_done;
260 }
261 
262 static int
263 quictest(void)
264 {
265 	struct quic_data *client_data = NULL, *server_data = NULL;
266 	BIO *client_wbio = NULL, *server_wbio = NULL;
267 	SSL *client = NULL, *server = NULL;
268 	int failed = 1;
269 
270 	if ((client_wbio = BIO_new(BIO_s_mem())) == NULL)
271 		goto failure;
272 	if (BIO_set_mem_eof_return(client_wbio, -1) <= 0)
273 		goto failure;
274 
275 	if ((server_wbio = BIO_new(BIO_s_mem())) == NULL)
276 		goto failure;
277 	if (BIO_set_mem_eof_return(server_wbio, -1) <= 0)
278 		goto failure;
279 
280 	if ((client_data = calloc(1, sizeof(*client_data))) == NULL)
281 		goto failure;
282 
283 	client_data->rbio = server_wbio;
284 	client_data->wbio = client_wbio;
285 
286 	if ((client = quic_client(client_data)) == NULL)
287 		goto failure;
288 
289 	if ((server_data = calloc(1, sizeof(*server_data))) == NULL)
290 		goto failure;
291 
292 	server_data->rbio = client_wbio;
293 	server_data->wbio = server_wbio;
294 
295 	if ((server = quic_server(server_data)) == NULL)
296 		goto failure;
297 
298 	if (!do_client_server_loop(client, do_handshake, server, do_handshake)) {
299 		fprintf(stderr, "FAIL: client and server handshake failed\n");
300 		ERR_print_errors_fp(stderr);
301 		goto failure;
302 	}
303 
304 	fprintf(stderr, "INFO: Done!\n");
305 
306 	failed = 0;
307 
308  failure:
309 	BIO_free(client_wbio);
310 	BIO_free(server_wbio);
311 
312 	free(client_data);
313 	free(server_data);
314 
315 	SSL_free(client);
316 	SSL_free(server);
317 
318 	return failed;
319 }
320 
321 int
322 main(int argc, char **argv)
323 {
324 	int failed = 0;
325 
326 	if (argc != 4) {
327 		fprintf(stderr, "usage: %s keyfile certfile cafile\n",
328 		    argv[0]);
329 		exit(1);
330 	}
331 
332 	server_key_file = argv[1];
333 	server_cert_file = argv[2];
334 	server_ca_file = argv[3];
335 
336 	failed |= quictest();
337 
338 	return failed;
339 }
340