protocol-quic 0.0.0

data/ext/ngtcp2/examples/tls_client_session_picotls.cc

@@ -0,0 +1,147 @@
+/*
+ * ngtcp2
+ *
+ * Copyright (c) 2022 ngtcp2 contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining
+ * a copy of this software and associated documentation files (the
+ * "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to
+ * the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+ * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+ * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+ * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+#include "tls_client_session_picotls.h"
+
+#include <iostream>
+#include <memory>
+
+#include <ngtcp2/ngtcp2_crypto_picotls.h>
+
+#include <openssl/bio.h>
+#include <openssl/pem.h>
+
+#include <picotls.h>
+
+#include "tls_client_context_picotls.h"
+#include "client_base.h"
+#include "template.h"
+#include "util.h"
+
+using namespace std::literals;
+
+extern Config config;
+
+TLSClientSession::TLSClientSession() {}
+
+TLSClientSession::~TLSClientSession() {
+  auto &hsprops = cptls_.handshake_properties;
+
+  delete[] hsprops.client.session_ticket.base;
+}
+
+namespace {
+auto negotiated_protocols = std::array<ptls_iovec_t, 1>{{
+    {
+        .base = const_cast<uint8_t *>(&H3_ALPN_V1[1]),
+        .len = H3_ALPN_V1[0],
+    },
+}};
+} // namespace
+
+int TLSClientSession::init(bool &early_data_enabled, TLSClientContext &tls_ctx,
+                           const char *remote_addr, ClientBase *client,
+                           uint32_t quic_version, AppProtocol app_proto) {
+  cptls_.ptls = ptls_client_new(tls_ctx.get_native_handle());
+  if (!cptls_.ptls) {
+    std::cerr << "ptls_client_new failed" << std::endl;
+    return -1;
+  }
+
+  *ptls_get_data_ptr(cptls_.ptls) = client->conn_ref();
+
+  auto conn = client->conn();
+  auto &hsprops = cptls_.handshake_properties;
+
+  hsprops.additional_extensions = new ptls_raw_extension_t[2]{
+      {
+          .type = UINT16_MAX,
+      },
+      {
+          .type = UINT16_MAX,
+      },
+  };
+
+  if (ngtcp2_crypto_picotls_configure_client_session(&cptls_, conn) != 0) {
+    std::cerr << "ngtcp2_crypto_picotls_configure_client_session failed"
+              << std::endl;
+    return -1;
+  }
+
+  hsprops.client.negotiated_protocols.list = negotiated_protocols.data();
+  hsprops.client.negotiated_protocols.count = negotiated_protocols.size();
+
+  if (util::numeric_host(remote_addr)) {
+    // If remote host is numeric address, just send "localhost" as SNI
+    // for now.
+    ptls_set_server_name(cptls_.ptls, "localhost", strlen("localhost"));
+  } else {
+    ptls_set_server_name(cptls_.ptls, remote_addr, strlen(remote_addr));
+  }
+
+  if (config.session_file) {
+    auto f = BIO_new_file(config.session_file, "r");
+    if (f == nullptr) {
+      std::cerr << "Could not read TLS session file " << config.session_file
+                << std::endl;
+    } else {
+      auto f_d = defer(BIO_free, f);
+
+      char *name, *header;
+      unsigned char *data;
+      long datalen;
+
+      if (PEM_read_bio(f, &name, &header, &data, &datalen) != 1) {
+        std::cerr << "Could not read TLS session file " << config.session_file
+                  << std::endl;
+      } else {
+        if ("PICOTLS SESSION PARAMETERS"sv != name) {
+          std::cerr << "TLS session file contains unexpected name: " << name
+                    << std::endl;
+        } else {
+          hsprops.client.session_ticket.base = new uint8_t[datalen];
+          hsprops.client.session_ticket.len = datalen;
+          memcpy(hsprops.client.session_ticket.base, data, datalen);
+
+          if (!config.disable_early_data) {
+            // No easy way to check max_early_data from ticket.  We
+            // need to run ptls_handle_message.
+            early_data_enabled = true;
+          }
+        }
+
+        OPENSSL_free(name);
+        OPENSSL_free(header);
+        OPENSSL_free(data);
+      }
+    }
+  }
+
+  return 0;
+}
+
+bool TLSClientSession::get_early_data_accepted() const {
+  return cptls_.handshake_properties.client.early_data_acceptance ==
+         PTLS_EARLY_DATA_ACCEPTED;
+}

data/ext/ngtcp2/examples/tls_client_session_picotls.h

@@ -0,0 +1,52 @@
+/*
+ * ngtcp2
+ *
+ * Copyright (c) 2022 ngtcp2 contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining
+ * a copy of this software and associated documentation files (the
+ * "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to
+ * the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+ * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+ * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+ * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+#ifndef TLS_CLIENT_SESSION_PICOTLS_H
+#define TLS_CLIENT_SESSION_PICOTLS_H
+
+#ifdef HAVE_CONFIG_H
+#  include <config.h>
+#endif // HAVE_CONFIG_H
+
+#include "tls_session_base_picotls.h"
+#include "shared.h"
+
+using namespace ngtcp2;
+
+class TLSClientContext;
+class ClientBase;
+
+class TLSClientSession : public TLSSessionBase {
+public:
+  TLSClientSession();
+  ~TLSClientSession();
+
+  int init(bool &early_data_enabled, TLSClientContext &tls_ctx,
+           const char *remote_addr, ClientBase *client, uint32_t quic_version,
+           AppProtocol app_proto);
+
+  bool get_early_data_accepted() const;
+};
+
+#endif // TLS_CLIENT_SESSION_PICOTLS_H

data/ext/ngtcp2/examples/tls_client_session_wolfssl.cc

@@ -0,0 +1,160 @@
+/*
+ * ngtcp2
+ *
+ * Copyright (c) 2020 ngtcp2 contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining
+ * a copy of this software and associated documentation files (the
+ * "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to
+ * the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+ * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+ * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+ * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+#include "tls_client_session_wolfssl.h"
+
+#include <cassert>
+#include <iostream>
+
+#include "tls_client_context_wolfssl.h"
+#include "client_base.h"
+#include "template.h"
+#include "util.h"
+
+using namespace std::literals;
+
+TLSClientSession::TLSClientSession() {}
+
+TLSClientSession::~TLSClientSession() {}
+
+extern Config config;
+
+namespace {
+int wolfssl_session_ticket_cb(WOLFSSL *ssl, const unsigned char *ticket,
+                              int ticketSz, void *cb_ctx) {
+  std::cerr << "session ticket calback invoked" << std::endl;
+  return 0;
+}
+} // namespace
+
+int TLSClientSession::init(bool &early_data_enabled,
+                           const TLSClientContext &tls_ctx,
+                           const char *remote_addr, ClientBase *client,
+                           uint32_t quic_version, AppProtocol app_proto) {
+  early_data_enabled = false;
+
+  auto ssl_ctx = tls_ctx.get_native_handle();
+
+  ssl_ = wolfSSL_new(ssl_ctx);
+  if (!ssl_) {
+    std::cerr << "wolfSSL_new: " << ERR_error_string(ERR_get_error(), nullptr)
+              << std::endl;
+    return -1;
+  }
+
+  wolfSSL_set_app_data(ssl_, client->conn_ref());
+  wolfSSL_set_connect_state(ssl_);
+
+  wolfSSL_set_quic_use_legacy_codepoint(ssl_, (quic_version & 0xff000000) ==
+                                                  0xff000000);
+
+  switch (app_proto) {
+  case AppProtocol::H3:
+    wolfSSL_set_alpn_protos(ssl_, H3_ALPN, str_size(H3_ALPN));
+    break;
+  case AppProtocol::HQ:
+    wolfSSL_set_alpn_protos(ssl_, HQ_ALPN, str_size(HQ_ALPN));
+    break;
+  }
+
+  if (!config.sni.empty()) {
+    wolfSSL_UseSNI(ssl_, WOLFSSL_SNI_HOST_NAME, config.sni.data(),
+                   config.sni.length());
+  } else if (util::numeric_host(remote_addr)) {
+    // If remote host is numeric address, just send "localhost" as SNI
+    // for now.
+    wolfSSL_UseSNI(ssl_, WOLFSSL_SNI_HOST_NAME, "localhost",
+                   sizeof("localhost") - 1);
+  } else {
+    wolfSSL_UseSNI(ssl_, WOLFSSL_SNI_HOST_NAME, remote_addr,
+                   strlen(remote_addr));
+  }
+
+  if (config.session_file) {
+#ifdef HAVE_SESSION_TICKET
+    auto f = wolfSSL_BIO_new_file(config.session_file, "r");
+    if (f == nullptr) {
+      std::cerr << "Could not open TLS session file " << config.session_file
+                << std::endl;
+    } else {
+      char *name, *header;
+      unsigned char *data;
+      const unsigned char *pdata;
+      long datalen;
+      unsigned int ret;
+      WOLFSSL_SESSION *session;
+
+      if (wolfSSL_PEM_read_bio(f, &name, &header, &data, &datalen) != 1) {
+        std::cerr << "Could not read TLS session file " << config.session_file
+                  << std::endl;
+      } else {
+        if ("WOLFSSL SESSION PARAMETERS"sv != name) {
+          std::cerr << "TLS session file contains unexpected name: " << name
+                    << std::endl;
+        } else {
+          pdata = data;
+          session = wolfSSL_d2i_SSL_SESSION(nullptr, &pdata, datalen);
+          if (session == nullptr) {
+            std::cerr << "Could not parse TLS session from file "
+                      << config.session_file << std::endl;
+          } else {
+            ret = wolfSSL_set_session(ssl_, session);
+            if (ret != WOLFSSL_SUCCESS) {
+              std::cerr << "Could not install TLS session from file "
+                        << config.session_file << std::endl;
+            } else {
+              if (!config.disable_early_data &&
+                  wolfSSL_SESSION_get_max_early_data(session)) {
+                early_data_enabled = true;
+                wolfSSL_set_quic_early_data_enabled(ssl_, 1);
+              }
+            }
+            wolfSSL_SESSION_free(session);
+          }
+        }
+
+        wolfSSL_OPENSSL_free(name);
+        wolfSSL_OPENSSL_free(header);
+        wolfSSL_OPENSSL_free(data);
+      }
+      wolfSSL_BIO_free(f);
+    }
+    wolfSSL_UseSessionTicket(ssl_);
+    wolfSSL_set_SessionTicket_cb(ssl_, wolfssl_session_ticket_cb, nullptr);
+#else
+    std::cerr << "TLS session im-/export not enabled in wolfSSL" << std::endl;
+#endif
+  }
+
+  return 0;
+}
+
+bool TLSClientSession::get_early_data_accepted() const {
+  // wolfSSL_get_early_data_status works after handshake completes.
+#ifdef WOLFSSL_EARLY_DATA
+  return wolfSSL_get_early_data_status(ssl_) == SSL_EARLY_DATA_ACCEPTED;
+#else
+  return 0;
+#endif
+}

data/ext/ngtcp2/examples/tls_client_session_wolfssl.h

@@ -0,0 +1,52 @@
+/*
+ * ngtcp2
+ *
+ * Copyright (c) 2020 ngtcp2 contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining
+ * a copy of this software and associated documentation files (the
+ * "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to
+ * the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+ * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+ * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+ * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+#ifndef TLS_CLIENT_SESSION_WOLFSSL_H
+#define TLS_CLIENT_SESSION_WOLFSSL_H
+
+#ifdef HAVE_CONFIG_H
+#  include <config.h>
+#endif // HAVE_CONFIG_H
+
+#include "tls_session_base_wolfssl.h"
+#include "shared.h"
+
+using namespace ngtcp2;
+
+class TLSClientContext;
+class ClientBase;
+
+class TLSClientSession : public TLSSessionBase {
+public:
+  TLSClientSession();
+  ~TLSClientSession();
+
+  int init(bool &early_data_enabled, const TLSClientContext &tls_ctx,
+           const char *remote_addr, ClientBase *client, uint32_t quic_version,
+           AppProtocol app_proto);
+
+  bool get_early_data_accepted() const;
+};
+
+#endif // TLS_CLIENT_SESSION_WOLFSSL_H

data/ext/ngtcp2/examples/tls_server_context.h

@@ -0,0 +1,52 @@
+/*
+ * ngtcp2
+ *
+ * Copyright (c) 2020 ngtcp2 contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining
+ * a copy of this software and associated documentation files (the
+ * "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to
+ * the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+ * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+ * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+ * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+#ifndef TLS_SERVER_CONTEXT_H
+#define TLS_SERVER_CONTEXT_H
+
+#ifdef HAVE_CONFIG_H
+#  include <config.h>
+#endif // HAVE_CONFIG_H
+
+#if defined(ENABLE_EXAMPLE_OPENSSL) && defined(WITH_EXAMPLE_OPENSSL)
+#  include "tls_server_context_openssl.h"
+#endif // ENABLE_EXAMPLE_OPENSSL && WITH_EXAMPLE_OPENSSL
+
+#if defined(ENABLE_EXAMPLE_GNUTLS) && defined(WITH_EXAMPLE_GNUTLS)
+#  include "tls_server_context_gnutls.h"
+#endif // ENABLE_EXAMPLE_GNUTLS && WITH_EXAMPLE_GNUTLS
+
+#if defined(ENABLE_EXAMPLE_BORINGSSL) && defined(WITH_EXAMPLE_BORINGSSL)
+#  include "tls_server_context_boringssl.h"
+#endif // ENABLE_EXAMPLE_BORINGSSL && WITH_EXAMPLE_BORINGSSL
+
+#if defined(ENABLE_EXAMPLE_PICOTLS) && defined(WITH_EXAMPLE_PICOTLS)
+#  include "tls_server_context_picotls.h"
+#endif // ENABLE_EXAMPLE_PICOTLS && WITH_EXAMPLE_PICOTLS
+
+#if defined(ENABLE_EXAMPLE_WOLFSSL) && defined(WITH_EXAMPLE_WOLFSSL)
+#  include "tls_server_context_wolfssl.h"
+#endif // ENABLE_EXAMPLE_WOLFSSL && WITH_EXAMPLE_WOLFSSL
+
+#endif // TLS_SERVER_CONTEXT_H