protocol-quic 0.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- checksums.yaml.gz.sig +0 -0
- data/ext/ngtcp2/AUTHORS +44 -0
- data/ext/ngtcp2/CMakeLists.txt +431 -0
- data/ext/ngtcp2/CMakeOptions.txt +17 -0
- data/ext/ngtcp2/COPYING +22 -0
- data/ext/ngtcp2/ChangeLog +0 -0
- data/ext/ngtcp2/Makefile.am +60 -0
- data/ext/ngtcp2/NEWS +0 -0
- data/ext/ngtcp2/README +1 -0
- data/ext/ngtcp2/README.rst +258 -0
- data/ext/ngtcp2/ci/build_boringssl.sh +10 -0
- data/ext/ngtcp2/ci/build_nghttp3.sh +9 -0
- data/ext/ngtcp2/ci/build_openssl1.sh +8 -0
- data/ext/ngtcp2/ci/build_openssl1_cross.sh +9 -0
- data/ext/ngtcp2/ci/build_openssl3.sh +8 -0
- data/ext/ngtcp2/ci/build_picotls.sh +26 -0
- data/ext/ngtcp2/ci/build_wolfssl.sh +9 -0
- data/ext/ngtcp2/ci/gen-certificate.sh +8 -0
- data/ext/ngtcp2/cmake/ExtractValidFlags.cmake +31 -0
- data/ext/ngtcp2/cmake/FindCUnit.cmake +40 -0
- data/ext/ngtcp2/cmake/FindJemalloc.cmake +40 -0
- data/ext/ngtcp2/cmake/FindLibev.cmake +38 -0
- data/ext/ngtcp2/cmake/FindLibnghttp3.cmake +41 -0
- data/ext/ngtcp2/cmake/Findwolfssl.cmake +41 -0
- data/ext/ngtcp2/cmake/Version.cmake +11 -0
- data/ext/ngtcp2/cmakeconfig.h.in +36 -0
- data/ext/ngtcp2/configure.ac +755 -0
- data/ext/ngtcp2/crypto/CMakeLists.txt +56 -0
- data/ext/ngtcp2/crypto/Makefile.am +49 -0
- data/ext/ngtcp2/crypto/boringssl/CMakeLists.txt +64 -0
- data/ext/ngtcp2/crypto/boringssl/Makefile.am +39 -0
- data/ext/ngtcp2/crypto/boringssl/boringssl.c +630 -0
- data/ext/ngtcp2/crypto/boringssl/libngtcp2_crypto_boringssl.pc.in +33 -0
- data/ext/ngtcp2/crypto/gnutls/CMakeLists.txt +86 -0
- data/ext/ngtcp2/crypto/gnutls/Makefile.am +43 -0
- data/ext/ngtcp2/crypto/gnutls/gnutls.c +644 -0
- data/ext/ngtcp2/crypto/gnutls/libngtcp2_crypto_gnutls.pc.in +33 -0
- data/ext/ngtcp2/crypto/includes/CMakeLists.txt +56 -0
- data/ext/ngtcp2/crypto/includes/Makefile.am +45 -0
- data/ext/ngtcp2/crypto/includes/ngtcp2/ngtcp2_crypto.h +893 -0
- data/ext/ngtcp2/crypto/includes/ngtcp2/ngtcp2_crypto_boringssl.h +104 -0
- data/ext/ngtcp2/crypto/includes/ngtcp2/ngtcp2_crypto_gnutls.h +107 -0
- data/ext/ngtcp2/crypto/includes/ngtcp2/ngtcp2_crypto_openssl.h +132 -0
- data/ext/ngtcp2/crypto/includes/ngtcp2/ngtcp2_crypto_picotls.h +246 -0
- data/ext/ngtcp2/crypto/includes/ngtcp2/ngtcp2_crypto_wolfssl.h +106 -0
- data/ext/ngtcp2/crypto/openssl/CMakeLists.txt +86 -0
- data/ext/ngtcp2/crypto/openssl/Makefile.am +43 -0
- data/ext/ngtcp2/crypto/openssl/libngtcp2_crypto_openssl.pc.in +33 -0
- data/ext/ngtcp2/crypto/openssl/openssl.c +807 -0
- data/ext/ngtcp2/crypto/picotls/CMakeLists.txt +65 -0
- data/ext/ngtcp2/crypto/picotls/Makefile.am +39 -0
- data/ext/ngtcp2/crypto/picotls/libngtcp2_crypto_picotls.pc.in +33 -0
- data/ext/ngtcp2/crypto/picotls/picotls.c +707 -0
- data/ext/ngtcp2/crypto/shared.c +1431 -0
- data/ext/ngtcp2/crypto/shared.h +350 -0
- data/ext/ngtcp2/crypto/wolfssl/CMakeLists.txt +84 -0
- data/ext/ngtcp2/crypto/wolfssl/Makefile.am +43 -0
- data/ext/ngtcp2/crypto/wolfssl/libngtcp2_crypto_wolfssl.pc.in +33 -0
- data/ext/ngtcp2/crypto/wolfssl/wolfssl.c +534 -0
- data/ext/ngtcp2/doc/Makefile.am +65 -0
- data/ext/ngtcp2/doc/make.bat +35 -0
- data/ext/ngtcp2/doc/mkapiref.py +356 -0
- data/ext/ngtcp2/doc/source/conf.py.in +94 -0
- data/ext/ngtcp2/doc/source/index.rst +22 -0
- data/ext/ngtcp2/doc/source/programmers-guide.rst +476 -0
- data/ext/ngtcp2/docker/Dockerfile +39 -0
- data/ext/ngtcp2/examples/CMakeLists.txt +361 -0
- data/ext/ngtcp2/examples/Makefile.am +228 -0
- data/ext/ngtcp2/examples/client.cc +3049 -0
- data/ext/ngtcp2/examples/client.h +192 -0
- data/ext/ngtcp2/examples/client_base.cc +202 -0
- data/ext/ngtcp2/examples/client_base.h +213 -0
- data/ext/ngtcp2/examples/debug.cc +298 -0
- data/ext/ngtcp2/examples/debug.h +124 -0
- data/ext/ngtcp2/examples/examplestest.cc +84 -0
- data/ext/ngtcp2/examples/gtlssimpleclient.c +720 -0
- data/ext/ngtcp2/examples/h09client.cc +2601 -0
- data/ext/ngtcp2/examples/h09client.h +196 -0
- data/ext/ngtcp2/examples/h09server.cc +3024 -0
- data/ext/ngtcp2/examples/h09server.h +237 -0
- data/ext/ngtcp2/examples/http.cc +138 -0
- data/ext/ngtcp2/examples/http.h +44 -0
- data/ext/ngtcp2/examples/network.h +80 -0
- data/ext/ngtcp2/examples/server.cc +3731 -0
- data/ext/ngtcp2/examples/server.h +256 -0
- data/ext/ngtcp2/examples/server_base.cc +58 -0
- data/ext/ngtcp2/examples/server_base.h +195 -0
- data/ext/ngtcp2/examples/shared.cc +385 -0
- data/ext/ngtcp2/examples/shared.h +96 -0
- data/ext/ngtcp2/examples/simpleclient.c +683 -0
- data/ext/ngtcp2/examples/template.h +71 -0
- data/ext/ngtcp2/examples/tests/README.rst +60 -0
- data/ext/ngtcp2/examples/tests/__init__.py +0 -0
- data/ext/ngtcp2/examples/tests/config.ini.in +32 -0
- data/ext/ngtcp2/examples/tests/conftest.py +28 -0
- data/ext/ngtcp2/examples/tests/ngtcp2test/__init__.py +6 -0
- data/ext/ngtcp2/examples/tests/ngtcp2test/certs.py +476 -0
- data/ext/ngtcp2/examples/tests/ngtcp2test/client.py +187 -0
- data/ext/ngtcp2/examples/tests/ngtcp2test/env.py +191 -0
- data/ext/ngtcp2/examples/tests/ngtcp2test/log.py +101 -0
- data/ext/ngtcp2/examples/tests/ngtcp2test/server.py +137 -0
- data/ext/ngtcp2/examples/tests/ngtcp2test/tls.py +983 -0
- data/ext/ngtcp2/examples/tests/test_01_handshake.py +30 -0
- data/ext/ngtcp2/examples/tests/test_02_resume.py +46 -0
- data/ext/ngtcp2/examples/tests/test_03_earlydata.py +56 -0
- data/ext/ngtcp2/examples/tests/test_04_clientcert.py +57 -0
- data/ext/ngtcp2/examples/tests/test_05_ciphers.py +46 -0
- data/ext/ngtcp2/examples/tls_client_context.h +52 -0
- data/ext/ngtcp2/examples/tls_client_context_boringssl.cc +126 -0
- data/ext/ngtcp2/examples/tls_client_context_boringssl.h +49 -0
- data/ext/ngtcp2/examples/tls_client_context_gnutls.cc +74 -0
- data/ext/ngtcp2/examples/tls_client_context_gnutls.h +50 -0
- data/ext/ngtcp2/examples/tls_client_context_openssl.cc +137 -0
- data/ext/ngtcp2/examples/tls_client_context_openssl.h +49 -0
- data/ext/ngtcp2/examples/tls_client_context_picotls.cc +158 -0
- data/ext/ngtcp2/examples/tls_client_context_picotls.h +53 -0
- data/ext/ngtcp2/examples/tls_client_context_wolfssl.cc +177 -0
- data/ext/ngtcp2/examples/tls_client_context_wolfssl.h +51 -0
- data/ext/ngtcp2/examples/tls_client_session.h +52 -0
- data/ext/ngtcp2/examples/tls_client_session_boringssl.cc +110 -0
- data/ext/ngtcp2/examples/tls_client_session_boringssl.h +52 -0
- data/ext/ngtcp2/examples/tls_client_session_gnutls.cc +190 -0
- data/ext/ngtcp2/examples/tls_client_session_gnutls.h +52 -0
- data/ext/ngtcp2/examples/tls_client_session_openssl.cc +113 -0
- data/ext/ngtcp2/examples/tls_client_session_openssl.h +52 -0
- data/ext/ngtcp2/examples/tls_client_session_picotls.cc +147 -0
- data/ext/ngtcp2/examples/tls_client_session_picotls.h +52 -0
- data/ext/ngtcp2/examples/tls_client_session_wolfssl.cc +160 -0
- data/ext/ngtcp2/examples/tls_client_session_wolfssl.h +52 -0
- data/ext/ngtcp2/examples/tls_server_context.h +52 -0
- data/ext/ngtcp2/examples/tls_server_context_boringssl.cc +257 -0
- data/ext/ngtcp2/examples/tls_server_context_boringssl.h +54 -0
- data/ext/ngtcp2/examples/tls_server_context_gnutls.cc +99 -0
- data/ext/ngtcp2/examples/tls_server_context_gnutls.h +59 -0
- data/ext/ngtcp2/examples/tls_server_context_openssl.cc +338 -0
- data/ext/ngtcp2/examples/tls_server_context_openssl.h +54 -0
- data/ext/ngtcp2/examples/tls_server_context_picotls.cc +321 -0
- data/ext/ngtcp2/examples/tls_server_context_picotls.h +58 -0
- data/ext/ngtcp2/examples/tls_server_context_wolfssl.cc +284 -0
- data/ext/ngtcp2/examples/tls_server_context_wolfssl.h +55 -0
- data/ext/ngtcp2/examples/tls_server_session.h +52 -0
- data/ext/ngtcp2/examples/tls_server_session_boringssl.cc +84 -0
- data/ext/ngtcp2/examples/tls_server_session_boringssl.h +47 -0
- data/ext/ngtcp2/examples/tls_server_session_gnutls.cc +155 -0
- data/ext/ngtcp2/examples/tls_server_session_gnutls.h +46 -0
- data/ext/ngtcp2/examples/tls_server_session_openssl.cc +54 -0
- data/ext/ngtcp2/examples/tls_server_session_openssl.h +47 -0
- data/ext/ngtcp2/examples/tls_server_session_picotls.cc +70 -0
- data/ext/ngtcp2/examples/tls_server_session_picotls.h +47 -0
- data/ext/ngtcp2/examples/tls_server_session_wolfssl.cc +55 -0
- data/ext/ngtcp2/examples/tls_server_session_wolfssl.h +47 -0
- data/ext/ngtcp2/examples/tls_session_base_gnutls.cc +87 -0
- data/ext/ngtcp2/examples/tls_session_base_gnutls.h +51 -0
- data/ext/ngtcp2/examples/tls_session_base_openssl.cc +54 -0
- data/ext/ngtcp2/examples/tls_session_base_openssl.h +52 -0
- data/ext/ngtcp2/examples/tls_session_base_picotls.cc +56 -0
- data/ext/ngtcp2/examples/tls_session_base_picotls.h +54 -0
- data/ext/ngtcp2/examples/tls_session_base_wolfssl.cc +54 -0
- data/ext/ngtcp2/examples/tls_session_base_wolfssl.h +54 -0
- data/ext/ngtcp2/examples/tls_shared_picotls.cc +59 -0
- data/ext/ngtcp2/examples/tls_shared_picotls.h +36 -0
- data/ext/ngtcp2/examples/util.cc +646 -0
- data/ext/ngtcp2/examples/util.h +361 -0
- data/ext/ngtcp2/examples/util_gnutls.cc +136 -0
- data/ext/ngtcp2/examples/util_openssl.cc +131 -0
- data/ext/ngtcp2/examples/util_test.cc +237 -0
- data/ext/ngtcp2/examples/util_test.h +45 -0
- data/ext/ngtcp2/examples/util_wolfssl.cc +130 -0
- data/ext/ngtcp2/fuzz/corpus/decode_frame/ack +0 -0
- data/ext/ngtcp2/fuzz/corpus/decode_frame/ack_ecn +0 -0
- data/ext/ngtcp2/fuzz/corpus/decode_frame/connection_close +0 -0
- data/ext/ngtcp2/fuzz/corpus/decode_frame/crypto +1 -0
- data/ext/ngtcp2/fuzz/corpus/decode_frame/data_blocked +1 -0
- data/ext/ngtcp2/fuzz/corpus/decode_frame/datagram +1 -0
- data/ext/ngtcp2/fuzz/corpus/decode_frame/datagram_len +1 -0
- data/ext/ngtcp2/fuzz/corpus/decode_frame/max_data +1 -0
- data/ext/ngtcp2/fuzz/corpus/decode_frame/max_stream_data +0 -0
- data/ext/ngtcp2/fuzz/corpus/decode_frame/max_streams +0 -0
- data/ext/ngtcp2/fuzz/corpus/decode_frame/new_connection_id +1 -0
- data/ext/ngtcp2/fuzz/corpus/decode_frame/new_token +1 -0
- data/ext/ngtcp2/fuzz/corpus/decode_frame/path_challenge +1 -0
- data/ext/ngtcp2/fuzz/corpus/decode_frame/path_response +1 -0
- data/ext/ngtcp2/fuzz/corpus/decode_frame/reset_stream +0 -0
- data/ext/ngtcp2/fuzz/corpus/decode_frame/retire_connection_id +1 -0
- data/ext/ngtcp2/fuzz/corpus/decode_frame/stop_sending +0 -0
- data/ext/ngtcp2/fuzz/corpus/decode_frame/stream +0 -0
- data/ext/ngtcp2/fuzz/corpus/decode_frame/stream_data_blocked +0 -0
- data/ext/ngtcp2/fuzz/corpus/decode_frame/stream_len +0 -0
- data/ext/ngtcp2/fuzz/corpus/decode_frame/streams_blocked +0 -0
- data/ext/ngtcp2/fuzz/corpus/ksl/random +0 -0
- data/ext/ngtcp2/fuzz/decode_frame.cc +25 -0
- data/ext/ngtcp2/fuzz/ksl.cc +77 -0
- data/ext/ngtcp2/interop/Dockerfile +39 -0
- data/ext/ngtcp2/interop/run_endpoint.sh +93 -0
- data/ext/ngtcp2/lib/CMakeLists.txt +110 -0
- data/ext/ngtcp2/lib/Makefile.am +122 -0
- data/ext/ngtcp2/lib/includes/CMakeLists.txt +4 -0
- data/ext/ngtcp2/lib/includes/Makefile.am +25 -0
- data/ext/ngtcp2/lib/includes/ngtcp2/ngtcp2.h +5843 -0
- data/ext/ngtcp2/lib/includes/ngtcp2/version.h.in +51 -0
- data/ext/ngtcp2/lib/libngtcp2.pc.in +33 -0
- data/ext/ngtcp2/lib/ngtcp2_acktr.c +335 -0
- data/ext/ngtcp2/lib/ngtcp2_acktr.h +221 -0
- data/ext/ngtcp2/lib/ngtcp2_addr.c +117 -0
- data/ext/ngtcp2/lib/ngtcp2_addr.h +69 -0
- data/ext/ngtcp2/lib/ngtcp2_balloc.c +90 -0
- data/ext/ngtcp2/lib/ngtcp2_balloc.h +91 -0
- data/ext/ngtcp2/lib/ngtcp2_bbr.c +693 -0
- data/ext/ngtcp2/lib/ngtcp2_bbr.h +157 -0
- data/ext/ngtcp2/lib/ngtcp2_bbr2.c +1490 -0
- data/ext/ngtcp2/lib/ngtcp2_bbr2.h +149 -0
- data/ext/ngtcp2/lib/ngtcp2_buf.c +56 -0
- data/ext/ngtcp2/lib/ngtcp2_buf.h +108 -0
- data/ext/ngtcp2/lib/ngtcp2_cc.c +616 -0
- data/ext/ngtcp2/lib/ngtcp2_cc.h +422 -0
- data/ext/ngtcp2/lib/ngtcp2_cid.c +147 -0
- data/ext/ngtcp2/lib/ngtcp2_cid.h +175 -0
- data/ext/ngtcp2/lib/ngtcp2_conn.c +13731 -0
- data/ext/ngtcp2/lib/ngtcp2_conn.h +1119 -0
- data/ext/ngtcp2/lib/ngtcp2_conn_stat.h +131 -0
- data/ext/ngtcp2/lib/ngtcp2_conv.c +291 -0
- data/ext/ngtcp2/lib/ngtcp2_conv.h +208 -0
- data/ext/ngtcp2/lib/ngtcp2_crypto.c +895 -0
- data/ext/ngtcp2/lib/ngtcp2_crypto.h +148 -0
- data/ext/ngtcp2/lib/ngtcp2_err.c +154 -0
- data/ext/ngtcp2/lib/ngtcp2_err.h +34 -0
- data/ext/ngtcp2/lib/ngtcp2_gaptr.c +167 -0
- data/ext/ngtcp2/lib/ngtcp2_gaptr.h +98 -0
- data/ext/ngtcp2/lib/ngtcp2_idtr.c +79 -0
- data/ext/ngtcp2/lib/ngtcp2_idtr.h +89 -0
- data/ext/ngtcp2/lib/ngtcp2_ksl.c +819 -0
- data/ext/ngtcp2/lib/ngtcp2_ksl.h +345 -0
- data/ext/ngtcp2/lib/ngtcp2_log.c +822 -0
- data/ext/ngtcp2/lib/ngtcp2_log.h +123 -0
- data/ext/ngtcp2/lib/ngtcp2_macro.h +58 -0
- data/ext/ngtcp2/lib/ngtcp2_map.c +336 -0
- data/ext/ngtcp2/lib/ngtcp2_map.h +136 -0
- data/ext/ngtcp2/lib/ngtcp2_mem.c +113 -0
- data/ext/ngtcp2/lib/ngtcp2_mem.h +72 -0
- data/ext/ngtcp2/lib/ngtcp2_net.h +136 -0
- data/ext/ngtcp2/lib/ngtcp2_objalloc.c +40 -0
- data/ext/ngtcp2/lib/ngtcp2_objalloc.h +140 -0
- data/ext/ngtcp2/lib/ngtcp2_opl.c +46 -0
- data/ext/ngtcp2/lib/ngtcp2_opl.h +65 -0
- data/ext/ngtcp2/lib/ngtcp2_path.c +77 -0
- data/ext/ngtcp2/lib/ngtcp2_path.h +49 -0
- data/ext/ngtcp2/lib/ngtcp2_pkt.c +2527 -0
- data/ext/ngtcp2/lib/ngtcp2_pkt.h +1235 -0
- data/ext/ngtcp2/lib/ngtcp2_pmtud.c +160 -0
- data/ext/ngtcp2/lib/ngtcp2_pmtud.h +123 -0
- data/ext/ngtcp2/lib/ngtcp2_ppe.c +230 -0
- data/ext/ngtcp2/lib/ngtcp2_ppe.h +153 -0
- data/ext/ngtcp2/lib/ngtcp2_pq.c +164 -0
- data/ext/ngtcp2/lib/ngtcp2_pq.h +126 -0
- data/ext/ngtcp2/lib/ngtcp2_pv.c +172 -0
- data/ext/ngtcp2/lib/ngtcp2_pv.h +194 -0
- data/ext/ngtcp2/lib/ngtcp2_qlog.c +1219 -0
- data/ext/ngtcp2/lib/ngtcp2_qlog.h +161 -0
- data/ext/ngtcp2/lib/ngtcp2_range.c +61 -0
- data/ext/ngtcp2/lib/ngtcp2_range.h +80 -0
- data/ext/ngtcp2/lib/ngtcp2_rcvry.h +40 -0
- data/ext/ngtcp2/lib/ngtcp2_ringbuf.c +121 -0
- data/ext/ngtcp2/lib/ngtcp2_ringbuf.h +132 -0
- data/ext/ngtcp2/lib/ngtcp2_rob.c +319 -0
- data/ext/ngtcp2/lib/ngtcp2_rob.h +197 -0
- data/ext/ngtcp2/lib/ngtcp2_rst.c +138 -0
- data/ext/ngtcp2/lib/ngtcp2_rst.h +86 -0
- data/ext/ngtcp2/lib/ngtcp2_rtb.c +1676 -0
- data/ext/ngtcp2/lib/ngtcp2_rtb.h +468 -0
- data/ext/ngtcp2/lib/ngtcp2_str.c +233 -0
- data/ext/ngtcp2/lib/ngtcp2_str.h +94 -0
- data/ext/ngtcp2/lib/ngtcp2_strm.c +698 -0
- data/ext/ngtcp2/lib/ngtcp2_strm.h +310 -0
- data/ext/ngtcp2/lib/ngtcp2_unreachable.c +71 -0
- data/ext/ngtcp2/lib/ngtcp2_unreachable.h +46 -0
- data/ext/ngtcp2/lib/ngtcp2_vec.c +243 -0
- data/ext/ngtcp2/lib/ngtcp2_vec.h +120 -0
- data/ext/ngtcp2/lib/ngtcp2_version.c +39 -0
- data/ext/ngtcp2/lib/ngtcp2_window_filter.c +99 -0
- data/ext/ngtcp2/lib/ngtcp2_window_filter.h +65 -0
- data/ext/ngtcp2/m4/ax_check_compile_flag.m4 +74 -0
- data/ext/ngtcp2/m4/ax_cxx_compile_stdcxx.m4 +1009 -0
- data/ext/ngtcp2/tests/CMakeLists.txt +68 -0
- data/ext/ngtcp2/tests/Makefile.am +94 -0
- data/ext/ngtcp2/tests/main.c +358 -0
- data/ext/ngtcp2/tests/ngtcp2_acktr_test.c +367 -0
- data/ext/ngtcp2/tests/ngtcp2_acktr_test.h +37 -0
- data/ext/ngtcp2/tests/ngtcp2_conn_test.c +9821 -0
- data/ext/ngtcp2/tests/ngtcp2_conn_test.h +104 -0
- data/ext/ngtcp2/tests/ngtcp2_conv_test.c +430 -0
- data/ext/ngtcp2/tests/ngtcp2_conv_test.h +46 -0
- data/ext/ngtcp2/tests/ngtcp2_crypto_test.c +667 -0
- data/ext/ngtcp2/tests/ngtcp2_crypto_test.h +35 -0
- data/ext/ngtcp2/tests/ngtcp2_gaptr_test.c +127 -0
- data/ext/ngtcp2/tests/ngtcp2_gaptr_test.h +36 -0
- data/ext/ngtcp2/tests/ngtcp2_idtr_test.c +79 -0
- data/ext/ngtcp2/tests/ngtcp2_idtr_test.h +34 -0
- data/ext/ngtcp2/tests/ngtcp2_ksl_test.c +502 -0
- data/ext/ngtcp2/tests/ngtcp2_ksl_test.h +39 -0
- data/ext/ngtcp2/tests/ngtcp2_map_test.c +206 -0
- data/ext/ngtcp2/tests/ngtcp2_map_test.h +38 -0
- data/ext/ngtcp2/tests/ngtcp2_pkt_test.c +1645 -0
- data/ext/ngtcp2/tests/ngtcp2_pkt_test.h +68 -0
- data/ext/ngtcp2/tests/ngtcp2_pmtud_test.c +153 -0
- data/ext/ngtcp2/tests/ngtcp2_pmtud_test.h +34 -0
- data/ext/ngtcp2/tests/ngtcp2_pv_test.c +129 -0
- data/ext/ngtcp2/tests/ngtcp2_pv_test.h +35 -0
- data/ext/ngtcp2/tests/ngtcp2_range_test.c +105 -0
- data/ext/ngtcp2/tests/ngtcp2_range_test.h +36 -0
- data/ext/ngtcp2/tests/ngtcp2_ringbuf_test.c +91 -0
- data/ext/ngtcp2/tests/ngtcp2_ringbuf_test.h +35 -0
- data/ext/ngtcp2/tests/ngtcp2_rob_test.c +552 -0
- data/ext/ngtcp2/tests/ngtcp2_rob_test.h +37 -0
- data/ext/ngtcp2/tests/ngtcp2_rtb_test.c +470 -0
- data/ext/ngtcp2/tests/ngtcp2_rtb_test.h +38 -0
- data/ext/ngtcp2/tests/ngtcp2_str_test.c +96 -0
- data/ext/ngtcp2/tests/ngtcp2_str_test.h +36 -0
- data/ext/ngtcp2/tests/ngtcp2_strm_test.c +575 -0
- data/ext/ngtcp2/tests/ngtcp2_strm_test.h +36 -0
- data/ext/ngtcp2/tests/ngtcp2_test_helper.c +404 -0
- data/ext/ngtcp2/tests/ngtcp2_test_helper.h +191 -0
- data/ext/ngtcp2/tests/ngtcp2_vec_test.c +426 -0
- data/ext/ngtcp2/tests/ngtcp2_vec_test.h +36 -0
- data/ext/ngtcp2/third-party/CMakeLists.txt +34 -0
- data/ext/ngtcp2/third-party/Makefile.am +31 -0
- data/ext/ngtcp2/third-party/http-parser/AUTHORS +68 -0
- data/ext/ngtcp2/third-party/http-parser/LICENSE-MIT +23 -0
- data/ext/ngtcp2/third-party/http-parser/Makefile +157 -0
- data/ext/ngtcp2/third-party/http-parser/README.md +246 -0
- data/ext/ngtcp2/third-party/http-parser/bench.c +111 -0
- data/ext/ngtcp2/third-party/http-parser/contrib/parsertrace.c +160 -0
- data/ext/ngtcp2/third-party/http-parser/contrib/url_parser.c +47 -0
- data/ext/ngtcp2/third-party/http-parser/http_parser.c +2419 -0
- data/ext/ngtcp2/third-party/http-parser/http_parser.gyp +111 -0
- data/ext/ngtcp2/third-party/http-parser/http_parser.h +431 -0
- data/ext/ngtcp2/third-party/http-parser/test.c +4411 -0
- data/lib/protocol/quic/version.rb +10 -0
- data/lib/protocol/quic.rb +9 -0
- data/license.md +21 -0
- data.tar.gz.sig +1 -0
- metadata +424 -0
- metadata.gz.sig +1 -0
@@ -0,0 +1,338 @@
|
|
1
|
+
/*
|
2
|
+
* ngtcp2
|
3
|
+
*
|
4
|
+
* Copyright (c) 2020 ngtcp2 contributors
|
5
|
+
*
|
6
|
+
* Permission is hereby granted, free of charge, to any person obtaining
|
7
|
+
* a copy of this software and associated documentation files (the
|
8
|
+
* "Software"), to deal in the Software without restriction, including
|
9
|
+
* without limitation the rights to use, copy, modify, merge, publish,
|
10
|
+
* distribute, sublicense, and/or sell copies of the Software, and to
|
11
|
+
* permit persons to whom the Software is furnished to do so, subject to
|
12
|
+
* the following conditions:
|
13
|
+
*
|
14
|
+
* The above copyright notice and this permission notice shall be
|
15
|
+
* included in all copies or substantial portions of the Software.
|
16
|
+
*
|
17
|
+
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
18
|
+
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
19
|
+
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
20
|
+
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
21
|
+
* LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
22
|
+
* OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
23
|
+
* WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
24
|
+
*/
|
25
|
+
#include "tls_server_context_openssl.h"
|
26
|
+
|
27
|
+
#include <cstring>
|
28
|
+
#include <iostream>
|
29
|
+
#include <fstream>
|
30
|
+
#include <limits>
|
31
|
+
|
32
|
+
#include <ngtcp2/ngtcp2_crypto_openssl.h>
|
33
|
+
|
34
|
+
#include <openssl/err.h>
|
35
|
+
|
36
|
+
#include "server_base.h"
|
37
|
+
#include "template.h"
|
38
|
+
|
39
|
+
extern Config config;
|
40
|
+
|
41
|
+
TLSServerContext::TLSServerContext() : ssl_ctx_{nullptr} {}
|
42
|
+
|
43
|
+
TLSServerContext::~TLSServerContext() {
|
44
|
+
if (ssl_ctx_) {
|
45
|
+
SSL_CTX_free(ssl_ctx_);
|
46
|
+
}
|
47
|
+
}
|
48
|
+
|
49
|
+
SSL_CTX *TLSServerContext::get_native_handle() const { return ssl_ctx_; }
|
50
|
+
|
51
|
+
namespace {
|
52
|
+
int alpn_select_proto_h3_cb(SSL *ssl, const unsigned char **out,
|
53
|
+
unsigned char *outlen, const unsigned char *in,
|
54
|
+
unsigned int inlen, void *arg) {
|
55
|
+
auto conn_ref = static_cast<ngtcp2_crypto_conn_ref *>(SSL_get_app_data(ssl));
|
56
|
+
auto h = static_cast<HandlerBase *>(conn_ref->user_data);
|
57
|
+
const uint8_t *alpn;
|
58
|
+
size_t alpnlen;
|
59
|
+
// This should be the negotiated version, but we have not set the
|
60
|
+
// negotiated version when this callback is called.
|
61
|
+
auto version = ngtcp2_conn_get_client_chosen_version(h->conn());
|
62
|
+
|
63
|
+
switch (version) {
|
64
|
+
case QUIC_VER_DRAFT29:
|
65
|
+
alpn = H3_ALPN_DRAFT29;
|
66
|
+
alpnlen = str_size(H3_ALPN_DRAFT29);
|
67
|
+
break;
|
68
|
+
case QUIC_VER_DRAFT30:
|
69
|
+
alpn = H3_ALPN_DRAFT30;
|
70
|
+
alpnlen = str_size(H3_ALPN_DRAFT30);
|
71
|
+
break;
|
72
|
+
case QUIC_VER_DRAFT31:
|
73
|
+
alpn = H3_ALPN_DRAFT31;
|
74
|
+
alpnlen = str_size(H3_ALPN_DRAFT31);
|
75
|
+
break;
|
76
|
+
case QUIC_VER_DRAFT32:
|
77
|
+
alpn = H3_ALPN_DRAFT32;
|
78
|
+
alpnlen = str_size(H3_ALPN_DRAFT32);
|
79
|
+
break;
|
80
|
+
case NGTCP2_PROTO_VER_V1:
|
81
|
+
case NGTCP2_PROTO_VER_V2:
|
82
|
+
alpn = H3_ALPN_V1;
|
83
|
+
alpnlen = str_size(H3_ALPN_V1);
|
84
|
+
break;
|
85
|
+
default:
|
86
|
+
if (!config.quiet) {
|
87
|
+
std::cerr << "Unexpected quic protocol version: " << std::hex << "0x"
|
88
|
+
<< version << std::dec << std::endl;
|
89
|
+
}
|
90
|
+
return SSL_TLSEXT_ERR_ALERT_FATAL;
|
91
|
+
}
|
92
|
+
|
93
|
+
for (auto p = in, end = in + inlen; p + alpnlen <= end; p += *p + 1) {
|
94
|
+
if (std::equal(alpn, alpn + alpnlen, p)) {
|
95
|
+
*out = p + 1;
|
96
|
+
*outlen = *p;
|
97
|
+
return SSL_TLSEXT_ERR_OK;
|
98
|
+
}
|
99
|
+
}
|
100
|
+
|
101
|
+
if (!config.quiet) {
|
102
|
+
std::cerr << "Client did not present ALPN " << &alpn[1] << std::endl;
|
103
|
+
}
|
104
|
+
|
105
|
+
return SSL_TLSEXT_ERR_ALERT_FATAL;
|
106
|
+
}
|
107
|
+
} // namespace
|
108
|
+
|
109
|
+
namespace {
|
110
|
+
int alpn_select_proto_hq_cb(SSL *ssl, const unsigned char **out,
|
111
|
+
unsigned char *outlen, const unsigned char *in,
|
112
|
+
unsigned int inlen, void *arg) {
|
113
|
+
auto conn_ref = static_cast<ngtcp2_crypto_conn_ref *>(SSL_get_app_data(ssl));
|
114
|
+
auto h = static_cast<HandlerBase *>(conn_ref->user_data);
|
115
|
+
const uint8_t *alpn;
|
116
|
+
size_t alpnlen;
|
117
|
+
// This should be the negotiated version, but we have not set the
|
118
|
+
// negotiated version when this callback is called.
|
119
|
+
auto version = ngtcp2_conn_get_client_chosen_version(h->conn());
|
120
|
+
|
121
|
+
switch (version) {
|
122
|
+
case QUIC_VER_DRAFT29:
|
123
|
+
alpn = HQ_ALPN_DRAFT29;
|
124
|
+
alpnlen = str_size(HQ_ALPN_DRAFT29);
|
125
|
+
break;
|
126
|
+
case QUIC_VER_DRAFT30:
|
127
|
+
alpn = HQ_ALPN_DRAFT30;
|
128
|
+
alpnlen = str_size(HQ_ALPN_DRAFT30);
|
129
|
+
break;
|
130
|
+
case QUIC_VER_DRAFT31:
|
131
|
+
alpn = HQ_ALPN_DRAFT31;
|
132
|
+
alpnlen = str_size(HQ_ALPN_DRAFT31);
|
133
|
+
break;
|
134
|
+
case QUIC_VER_DRAFT32:
|
135
|
+
alpn = HQ_ALPN_DRAFT32;
|
136
|
+
alpnlen = str_size(HQ_ALPN_DRAFT32);
|
137
|
+
break;
|
138
|
+
case NGTCP2_PROTO_VER_V1:
|
139
|
+
case NGTCP2_PROTO_VER_V2:
|
140
|
+
alpn = HQ_ALPN_V1;
|
141
|
+
alpnlen = str_size(HQ_ALPN_V1);
|
142
|
+
break;
|
143
|
+
default:
|
144
|
+
if (!config.quiet) {
|
145
|
+
std::cerr << "Unexpected quic protocol version: " << std::hex << "0x"
|
146
|
+
<< version << std::dec << std::endl;
|
147
|
+
}
|
148
|
+
return SSL_TLSEXT_ERR_ALERT_FATAL;
|
149
|
+
}
|
150
|
+
|
151
|
+
for (auto p = in, end = in + inlen; p + alpnlen <= end; p += *p + 1) {
|
152
|
+
if (std::equal(alpn, alpn + alpnlen, p)) {
|
153
|
+
*out = p + 1;
|
154
|
+
*outlen = *p;
|
155
|
+
return SSL_TLSEXT_ERR_OK;
|
156
|
+
}
|
157
|
+
}
|
158
|
+
|
159
|
+
if (!config.quiet) {
|
160
|
+
std::cerr << "Client did not present ALPN " << &alpn[1] << std::endl;
|
161
|
+
}
|
162
|
+
|
163
|
+
return SSL_TLSEXT_ERR_ALERT_FATAL;
|
164
|
+
}
|
165
|
+
} // namespace
|
166
|
+
|
167
|
+
namespace {
|
168
|
+
int verify_cb(int preverify_ok, X509_STORE_CTX *ctx) {
|
169
|
+
// We don't verify the client certificate. Just request it for the
|
170
|
+
// testing purpose.
|
171
|
+
return 1;
|
172
|
+
}
|
173
|
+
} // namespace
|
174
|
+
|
175
|
+
namespace {
|
176
|
+
int gen_ticket_cb(SSL *ssl, void *arg) {
|
177
|
+
auto conn_ref = static_cast<ngtcp2_crypto_conn_ref *>(SSL_get_app_data(ssl));
|
178
|
+
auto h = static_cast<HandlerBase *>(conn_ref->user_data);
|
179
|
+
auto ver = htonl(ngtcp2_conn_get_negotiated_version(h->conn()));
|
180
|
+
|
181
|
+
if (!SSL_SESSION_set1_ticket_appdata(SSL_get0_session(ssl), &ver,
|
182
|
+
sizeof(ver))) {
|
183
|
+
return 0;
|
184
|
+
}
|
185
|
+
|
186
|
+
return 1;
|
187
|
+
}
|
188
|
+
} // namespace
|
189
|
+
|
190
|
+
namespace {
|
191
|
+
SSL_TICKET_RETURN decrypt_ticket_cb(SSL *ssl, SSL_SESSION *session,
|
192
|
+
const unsigned char *keyname,
|
193
|
+
size_t keynamelen, SSL_TICKET_STATUS status,
|
194
|
+
void *arg) {
|
195
|
+
switch (status) {
|
196
|
+
case SSL_TICKET_EMPTY:
|
197
|
+
case SSL_TICKET_NO_DECRYPT:
|
198
|
+
return SSL_TICKET_RETURN_IGNORE_RENEW;
|
199
|
+
}
|
200
|
+
|
201
|
+
uint8_t *pver;
|
202
|
+
uint32_t ver;
|
203
|
+
size_t verlen;
|
204
|
+
|
205
|
+
if (!SSL_SESSION_get0_ticket_appdata(
|
206
|
+
session, reinterpret_cast<void **>(&pver), &verlen) ||
|
207
|
+
verlen != sizeof(ver)) {
|
208
|
+
switch (status) {
|
209
|
+
case SSL_TICKET_SUCCESS:
|
210
|
+
return SSL_TICKET_RETURN_IGNORE;
|
211
|
+
case SSL_TICKET_SUCCESS_RENEW:
|
212
|
+
default:
|
213
|
+
return SSL_TICKET_RETURN_IGNORE_RENEW;
|
214
|
+
}
|
215
|
+
}
|
216
|
+
|
217
|
+
memcpy(&ver, pver, sizeof(ver));
|
218
|
+
|
219
|
+
auto conn_ref = static_cast<ngtcp2_crypto_conn_ref *>(SSL_get_app_data(ssl));
|
220
|
+
auto h = static_cast<HandlerBase *>(conn_ref->user_data);
|
221
|
+
|
222
|
+
if (ngtcp2_conn_get_client_chosen_version(h->conn()) != ntohl(ver)) {
|
223
|
+
switch (status) {
|
224
|
+
case SSL_TICKET_SUCCESS:
|
225
|
+
return SSL_TICKET_RETURN_IGNORE;
|
226
|
+
case SSL_TICKET_SUCCESS_RENEW:
|
227
|
+
default:
|
228
|
+
return SSL_TICKET_RETURN_IGNORE_RENEW;
|
229
|
+
}
|
230
|
+
}
|
231
|
+
|
232
|
+
switch (status) {
|
233
|
+
case SSL_TICKET_SUCCESS:
|
234
|
+
return SSL_TICKET_RETURN_USE;
|
235
|
+
case SSL_TICKET_SUCCESS_RENEW:
|
236
|
+
default:
|
237
|
+
return SSL_TICKET_RETURN_USE_RENEW;
|
238
|
+
}
|
239
|
+
}
|
240
|
+
} // namespace
|
241
|
+
|
242
|
+
int TLSServerContext::init(const char *private_key_file, const char *cert_file,
|
243
|
+
AppProtocol app_proto) {
|
244
|
+
constexpr static unsigned char sid_ctx[] = "ngtcp2 server";
|
245
|
+
|
246
|
+
ssl_ctx_ = SSL_CTX_new(TLS_server_method());
|
247
|
+
if (!ssl_ctx_) {
|
248
|
+
std::cerr << "SSSL_CTX_new: " << ERR_error_string(ERR_get_error(), nullptr)
|
249
|
+
<< std::endl;
|
250
|
+
return -1;
|
251
|
+
}
|
252
|
+
|
253
|
+
if (ngtcp2_crypto_openssl_configure_server_context(ssl_ctx_) != 0) {
|
254
|
+
std::cerr << "ngtcp2_crypto_openssl_configure_server_context failed"
|
255
|
+
<< std::endl;
|
256
|
+
return -1;
|
257
|
+
}
|
258
|
+
|
259
|
+
SSL_CTX_set_max_early_data(ssl_ctx_, UINT32_MAX);
|
260
|
+
|
261
|
+
constexpr auto ssl_opts = (SSL_OP_ALL & ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS) |
|
262
|
+
SSL_OP_SINGLE_ECDH_USE |
|
263
|
+
SSL_OP_CIPHER_SERVER_PREFERENCE |
|
264
|
+
SSL_OP_NO_ANTI_REPLAY;
|
265
|
+
|
266
|
+
SSL_CTX_set_options(ssl_ctx_, ssl_opts);
|
267
|
+
|
268
|
+
if (SSL_CTX_set_ciphersuites(ssl_ctx_, config.ciphers) != 1) {
|
269
|
+
std::cerr << "SSL_CTX_set_ciphersuites: "
|
270
|
+
<< ERR_error_string(ERR_get_error(), nullptr) << std::endl;
|
271
|
+
return -1;
|
272
|
+
}
|
273
|
+
|
274
|
+
if (SSL_CTX_set1_groups_list(ssl_ctx_, config.groups) != 1) {
|
275
|
+
std::cerr << "SSL_CTX_set1_groups_list failed" << std::endl;
|
276
|
+
return -1;
|
277
|
+
}
|
278
|
+
|
279
|
+
SSL_CTX_set_mode(ssl_ctx_, SSL_MODE_RELEASE_BUFFERS);
|
280
|
+
|
281
|
+
switch (app_proto) {
|
282
|
+
case AppProtocol::H3:
|
283
|
+
SSL_CTX_set_alpn_select_cb(ssl_ctx_, alpn_select_proto_h3_cb, nullptr);
|
284
|
+
break;
|
285
|
+
case AppProtocol::HQ:
|
286
|
+
SSL_CTX_set_alpn_select_cb(ssl_ctx_, alpn_select_proto_hq_cb, nullptr);
|
287
|
+
break;
|
288
|
+
}
|
289
|
+
|
290
|
+
SSL_CTX_set_default_verify_paths(ssl_ctx_);
|
291
|
+
|
292
|
+
if (SSL_CTX_use_PrivateKey_file(ssl_ctx_, private_key_file,
|
293
|
+
SSL_FILETYPE_PEM) != 1) {
|
294
|
+
std::cerr << "SSL_CTX_use_PrivateKey_file: "
|
295
|
+
<< ERR_error_string(ERR_get_error(), nullptr) << std::endl;
|
296
|
+
return -1;
|
297
|
+
}
|
298
|
+
|
299
|
+
if (SSL_CTX_use_certificate_chain_file(ssl_ctx_, cert_file) != 1) {
|
300
|
+
std::cerr << "SSL_CTX_use_certificate_chain_file: "
|
301
|
+
<< ERR_error_string(ERR_get_error(), nullptr) << std::endl;
|
302
|
+
return -1;
|
303
|
+
}
|
304
|
+
|
305
|
+
if (SSL_CTX_check_private_key(ssl_ctx_) != 1) {
|
306
|
+
std::cerr << "SSL_CTX_check_private_key: "
|
307
|
+
<< ERR_error_string(ERR_get_error(), nullptr) << std::endl;
|
308
|
+
return -1;
|
309
|
+
}
|
310
|
+
|
311
|
+
SSL_CTX_set_session_id_context(ssl_ctx_, sid_ctx, sizeof(sid_ctx) - 1);
|
312
|
+
|
313
|
+
if (config.verify_client) {
|
314
|
+
SSL_CTX_set_verify(ssl_ctx_,
|
315
|
+
SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE |
|
316
|
+
SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
|
317
|
+
verify_cb);
|
318
|
+
}
|
319
|
+
|
320
|
+
SSL_CTX_set_session_ticket_cb(ssl_ctx_, gen_ticket_cb, decrypt_ticket_cb,
|
321
|
+
nullptr);
|
322
|
+
|
323
|
+
return 0;
|
324
|
+
}
|
325
|
+
|
326
|
+
extern std::ofstream keylog_file;
|
327
|
+
|
328
|
+
namespace {
|
329
|
+
void keylog_callback(const SSL *ssl, const char *line) {
|
330
|
+
keylog_file.write(line, strlen(line));
|
331
|
+
keylog_file.put('\n');
|
332
|
+
keylog_file.flush();
|
333
|
+
}
|
334
|
+
} // namespace
|
335
|
+
|
336
|
+
void TLSServerContext::enable_keylog() {
|
337
|
+
SSL_CTX_set_keylog_callback(ssl_ctx_, keylog_callback);
|
338
|
+
}
|
@@ -0,0 +1,54 @@
|
|
1
|
+
/*
|
2
|
+
* ngtcp2
|
3
|
+
*
|
4
|
+
* Copyright (c) 2020 ngtcp2 contributors
|
5
|
+
*
|
6
|
+
* Permission is hereby granted, free of charge, to any person obtaining
|
7
|
+
* a copy of this software and associated documentation files (the
|
8
|
+
* "Software"), to deal in the Software without restriction, including
|
9
|
+
* without limitation the rights to use, copy, modify, merge, publish,
|
10
|
+
* distribute, sublicense, and/or sell copies of the Software, and to
|
11
|
+
* permit persons to whom the Software is furnished to do so, subject to
|
12
|
+
* the following conditions:
|
13
|
+
*
|
14
|
+
* The above copyright notice and this permission notice shall be
|
15
|
+
* included in all copies or substantial portions of the Software.
|
16
|
+
*
|
17
|
+
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
18
|
+
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
19
|
+
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
20
|
+
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
21
|
+
* LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
22
|
+
* OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
23
|
+
* WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
24
|
+
*/
|
25
|
+
#ifndef TLS_SERVER_CONTEXT_OPENSSL_H
|
26
|
+
#define TLS_SERVER_CONTEXT_OPENSSL_H
|
27
|
+
|
28
|
+
#ifdef HAVE_CONFIG_H
|
29
|
+
# include <config.h>
|
30
|
+
#endif // HAVE_CONFIG_H
|
31
|
+
|
32
|
+
#include <openssl/ssl.h>
|
33
|
+
|
34
|
+
#include "shared.h"
|
35
|
+
|
36
|
+
using namespace ngtcp2;
|
37
|
+
|
38
|
+
class TLSServerContext {
|
39
|
+
public:
|
40
|
+
TLSServerContext();
|
41
|
+
~TLSServerContext();
|
42
|
+
|
43
|
+
int init(const char *private_key_file, const char *cert_file,
|
44
|
+
AppProtocol app_proto);
|
45
|
+
|
46
|
+
SSL_CTX *get_native_handle() const;
|
47
|
+
|
48
|
+
void enable_keylog();
|
49
|
+
|
50
|
+
private:
|
51
|
+
SSL_CTX *ssl_ctx_;
|
52
|
+
};
|
53
|
+
|
54
|
+
#endif // TLS_SERVER_CONTEXT_OPENSSL_H
|
@@ -0,0 +1,321 @@
|
|
1
|
+
/*
|
2
|
+
* ngtcp2
|
3
|
+
*
|
4
|
+
* Copyright (c) 2022 ngtcp2 contributors
|
5
|
+
*
|
6
|
+
* Permission is hereby granted, free of charge, to any person obtaining
|
7
|
+
* a copy of this software and associated documentation files (the
|
8
|
+
* "Software"), to deal in the Software without restriction, including
|
9
|
+
* without limitation the rights to use, copy, modify, merge, publish,
|
10
|
+
* distribute, sublicense, and/or sell copies of the Software, and to
|
11
|
+
* permit persons to whom the Software is furnished to do so, subject to
|
12
|
+
* the following conditions:
|
13
|
+
*
|
14
|
+
* The above copyright notice and this permission notice shall be
|
15
|
+
* included in all copies or substantial portions of the Software.
|
16
|
+
*
|
17
|
+
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
18
|
+
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
19
|
+
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
20
|
+
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
21
|
+
* LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
22
|
+
* OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
23
|
+
* WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
24
|
+
*/
|
25
|
+
#include "tls_server_context_picotls.h"
|
26
|
+
|
27
|
+
#include <iostream>
|
28
|
+
#include <memory>
|
29
|
+
|
30
|
+
#include <ngtcp2/ngtcp2_crypto_picotls.h>
|
31
|
+
|
32
|
+
#include <openssl/pem.h>
|
33
|
+
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
34
|
+
# include <openssl/core_names.h>
|
35
|
+
#endif // OPENSSL_VERSION_NUMBER >= 0x30000000L
|
36
|
+
|
37
|
+
#include "server_base.h"
|
38
|
+
#include "tls_shared_picotls.h"
|
39
|
+
#include "template.h"
|
40
|
+
|
41
|
+
extern Config config;
|
42
|
+
|
43
|
+
namespace {
|
44
|
+
int on_client_hello_cb(ptls_on_client_hello_t *self, ptls_t *ptls,
|
45
|
+
ptls_on_client_hello_parameters_t *params) {
|
46
|
+
auto &negprotos = params->negotiated_protocols;
|
47
|
+
|
48
|
+
for (size_t i = 0; i < negprotos.count; ++i) {
|
49
|
+
auto &proto = negprotos.list[i];
|
50
|
+
if (H3_ALPN_V1[0] == proto.len &&
|
51
|
+
memcmp(&H3_ALPN_V1[1], proto.base, proto.len) == 0) {
|
52
|
+
if (ptls_set_negotiated_protocol(
|
53
|
+
ptls, reinterpret_cast<char *>(proto.base), proto.len) != 0) {
|
54
|
+
return -1;
|
55
|
+
}
|
56
|
+
|
57
|
+
return 0;
|
58
|
+
}
|
59
|
+
}
|
60
|
+
|
61
|
+
return PTLS_ALERT_NO_APPLICATION_PROTOCOL;
|
62
|
+
}
|
63
|
+
|
64
|
+
ptls_on_client_hello_t on_client_hello = {on_client_hello_cb};
|
65
|
+
} // namespace
|
66
|
+
|
67
|
+
namespace {
|
68
|
+
auto ticket_hmac = EVP_sha256();
|
69
|
+
|
70
|
+
template <size_t N> void random_bytes(std::array<uint8_t, N> &dest) {
|
71
|
+
ptls_openssl_random_bytes(dest.data(), dest.size());
|
72
|
+
}
|
73
|
+
|
74
|
+
const std::array<uint8_t, 16> &get_ticket_key_name() {
|
75
|
+
static std::array<uint8_t, 16> key_name;
|
76
|
+
random_bytes(key_name);
|
77
|
+
return key_name;
|
78
|
+
}
|
79
|
+
|
80
|
+
const std::array<uint8_t, 32> &get_ticket_key() {
|
81
|
+
static std::array<uint8_t, 32> key;
|
82
|
+
random_bytes(key);
|
83
|
+
return key;
|
84
|
+
}
|
85
|
+
|
86
|
+
const std::array<uint8_t, 32> &get_ticket_hmac_key() {
|
87
|
+
static std::array<uint8_t, 32> hmac_key;
|
88
|
+
random_bytes(hmac_key);
|
89
|
+
return hmac_key;
|
90
|
+
}
|
91
|
+
} // namespace
|
92
|
+
|
93
|
+
namespace {
|
94
|
+
int ticket_key_cb(unsigned char *key_name, unsigned char *iv,
|
95
|
+
EVP_CIPHER_CTX *ctx,
|
96
|
+
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
97
|
+
EVP_MAC_CTX *hctx,
|
98
|
+
#else // OPENSSL_VERSION_NUMBER < 0x30000000L
|
99
|
+
HMAC_CTX *hctx,
|
100
|
+
#endif // OPENSSL_VERSION_NUMBER < 0x30000000L
|
101
|
+
int enc) {
|
102
|
+
static const auto &static_key_name = get_ticket_key_name();
|
103
|
+
static const auto &static_key = get_ticket_key();
|
104
|
+
static const auto &static_hmac_key = get_ticket_hmac_key();
|
105
|
+
|
106
|
+
if (enc) {
|
107
|
+
ptls_openssl_random_bytes(iv, EVP_MAX_IV_LENGTH);
|
108
|
+
|
109
|
+
memcpy(key_name, static_key_name.data(), static_key_name.size());
|
110
|
+
|
111
|
+
EVP_EncryptInit_ex(ctx, EVP_aes_256_cbc(), nullptr, static_key.data(), iv);
|
112
|
+
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
113
|
+
std::array<OSSL_PARAM, 3> params{
|
114
|
+
OSSL_PARAM_construct_octet_string(
|
115
|
+
OSSL_MAC_PARAM_KEY, const_cast<uint8_t *>(static_hmac_key.data()),
|
116
|
+
static_hmac_key.size()),
|
117
|
+
OSSL_PARAM_construct_utf8_string(
|
118
|
+
OSSL_MAC_PARAM_DIGEST,
|
119
|
+
const_cast<char *>(EVP_MD_get0_name(ticket_hmac)), 0),
|
120
|
+
OSSL_PARAM_construct_end(),
|
121
|
+
};
|
122
|
+
if (!EVP_MAC_CTX_set_params(hctx, params.data())) {
|
123
|
+
/* TODO Which value should we return on error? */
|
124
|
+
return 0;
|
125
|
+
}
|
126
|
+
#else // OPENSSL_VERSION_NUMBER < 0x30000000L
|
127
|
+
HMAC_Init_ex(hctx, static_hmac_key.data(), static_hmac_key.size(),
|
128
|
+
ticket_hmac, nullptr);
|
129
|
+
#endif // OPENSSL_VERSION_NUMBER < 0x30000000L
|
130
|
+
|
131
|
+
return 1;
|
132
|
+
}
|
133
|
+
|
134
|
+
if (memcmp(key_name, static_key_name.data(), static_key_name.size()) != 0) {
|
135
|
+
return 0;
|
136
|
+
}
|
137
|
+
|
138
|
+
EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), nullptr, static_key.data(), iv);
|
139
|
+
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
140
|
+
std::array<OSSL_PARAM, 3> params{
|
141
|
+
OSSL_PARAM_construct_octet_string(
|
142
|
+
OSSL_MAC_PARAM_KEY, const_cast<uint8_t *>(static_hmac_key.data()),
|
143
|
+
static_hmac_key.size()),
|
144
|
+
OSSL_PARAM_construct_utf8_string(
|
145
|
+
OSSL_MAC_PARAM_DIGEST,
|
146
|
+
const_cast<char *>(EVP_MD_get0_name(ticket_hmac)), 0),
|
147
|
+
OSSL_PARAM_construct_end(),
|
148
|
+
};
|
149
|
+
if (!EVP_MAC_CTX_set_params(hctx, params.data())) {
|
150
|
+
/* TODO Which value should we return on error? */
|
151
|
+
return 0;
|
152
|
+
}
|
153
|
+
#else // OPENSSL_VERSION_NUMBER < 0x30000000L
|
154
|
+
HMAC_Init_ex(hctx, static_hmac_key.data(), static_hmac_key.size(),
|
155
|
+
ticket_hmac, nullptr);
|
156
|
+
#endif // OPENSSL_VERSION_NUMBER < 0x30000000L
|
157
|
+
|
158
|
+
return 1;
|
159
|
+
}
|
160
|
+
} // namespace
|
161
|
+
|
162
|
+
namespace {
|
163
|
+
int encrypt_ticket_cb(ptls_encrypt_ticket_t *encrypt_ticket, ptls_t *ptls,
|
164
|
+
int is_encrypt, ptls_buffer_t *dst, ptls_iovec_t src) {
|
165
|
+
int rv;
|
166
|
+
auto conn_ref =
|
167
|
+
static_cast<ngtcp2_crypto_conn_ref *>(*ptls_get_data_ptr(ptls));
|
168
|
+
auto conn = conn_ref->get_conn(conn_ref);
|
169
|
+
uint32_t ver;
|
170
|
+
|
171
|
+
if (is_encrypt) {
|
172
|
+
ver = htonl(ngtcp2_conn_get_negotiated_version(conn));
|
173
|
+
// TODO Replace std::make_unique with
|
174
|
+
// std::make_unique_for_overwrite when it is available.
|
175
|
+
auto buf = std::make_unique<uint8_t[]>(src.len + sizeof(ver));
|
176
|
+
auto p = std::copy_n(src.base, src.len, buf.get());
|
177
|
+
p = std::copy_n(reinterpret_cast<uint8_t *>(&ver), sizeof(ver), p);
|
178
|
+
|
179
|
+
src.base = buf.get();
|
180
|
+
src.len = p - buf.get();
|
181
|
+
|
182
|
+
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
183
|
+
rv = ptls_openssl_encrypt_ticket_evp(dst, src, ticket_key_cb);
|
184
|
+
#else // OPENSSL_VERSION_NUMBER < 0x30000000L
|
185
|
+
rv = ptls_openssl_encrypt_ticket(dst, src, ticket_key_cb);
|
186
|
+
#endif // OPENSSL_VERSION_NUMBER < 0x30000000L
|
187
|
+
if (rv != 0) {
|
188
|
+
return -1;
|
189
|
+
}
|
190
|
+
|
191
|
+
return 0;
|
192
|
+
}
|
193
|
+
|
194
|
+
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
195
|
+
rv = ptls_openssl_decrypt_ticket_evp(dst, src, ticket_key_cb);
|
196
|
+
#else // OPENSSL_VERSION_NUMBER < 0x30000000L
|
197
|
+
rv = ptls_openssl_decrypt_ticket(dst, src, ticket_key_cb);
|
198
|
+
#endif // OPENSSL_VERSION_NUMBER < 0x30000000L
|
199
|
+
if (rv != 0) {
|
200
|
+
return -1;
|
201
|
+
}
|
202
|
+
|
203
|
+
if (dst->off < sizeof(ver)) {
|
204
|
+
return -1;
|
205
|
+
}
|
206
|
+
|
207
|
+
memcpy(&ver, dst->base + dst->off - sizeof(ver), sizeof(ver));
|
208
|
+
|
209
|
+
if (ngtcp2_conn_get_client_chosen_version(conn) != ntohl(ver)) {
|
210
|
+
return -1;
|
211
|
+
}
|
212
|
+
|
213
|
+
dst->off -= sizeof(ver);
|
214
|
+
|
215
|
+
return 0;
|
216
|
+
}
|
217
|
+
|
218
|
+
ptls_encrypt_ticket_t encrypt_ticket = {encrypt_ticket_cb};
|
219
|
+
} // namespace
|
220
|
+
|
221
|
+
namespace {
|
222
|
+
ptls_key_exchange_algorithm_t *key_exchanges[] = {
|
223
|
+
&ptls_openssl_x25519,
|
224
|
+
&ptls_openssl_secp256r1,
|
225
|
+
&ptls_openssl_secp384r1,
|
226
|
+
&ptls_openssl_secp521r1,
|
227
|
+
nullptr,
|
228
|
+
};
|
229
|
+
} // namespace
|
230
|
+
|
231
|
+
namespace {
|
232
|
+
ptls_cipher_suite_t *cipher_suites[] = {
|
233
|
+
&ptls_openssl_aes128gcmsha256,
|
234
|
+
&ptls_openssl_aes256gcmsha384,
|
235
|
+
&ptls_openssl_chacha20poly1305sha256,
|
236
|
+
nullptr,
|
237
|
+
};
|
238
|
+
} // namespace
|
239
|
+
|
240
|
+
TLSServerContext::TLSServerContext()
|
241
|
+
: ctx_{
|
242
|
+
.random_bytes = ptls_openssl_random_bytes,
|
243
|
+
.get_time = &ptls_get_time,
|
244
|
+
.key_exchanges = key_exchanges,
|
245
|
+
.cipher_suites = cipher_suites,
|
246
|
+
.on_client_hello = &on_client_hello,
|
247
|
+
.ticket_lifetime = 86400,
|
248
|
+
.require_dhe_on_psk = 1,
|
249
|
+
.server_cipher_preference = 1,
|
250
|
+
.encrypt_ticket = &encrypt_ticket,
|
251
|
+
},
|
252
|
+
sign_cert_{}
|
253
|
+
{}
|
254
|
+
|
255
|
+
TLSServerContext::~TLSServerContext() {
|
256
|
+
if (sign_cert_.key) {
|
257
|
+
ptls_openssl_dispose_sign_certificate(&sign_cert_);
|
258
|
+
}
|
259
|
+
|
260
|
+
for (size_t i = 0; i < ctx_.certificates.count; ++i) {
|
261
|
+
free(ctx_.certificates.list[i].base);
|
262
|
+
}
|
263
|
+
free(ctx_.certificates.list);
|
264
|
+
}
|
265
|
+
|
266
|
+
ptls_context_t *TLSServerContext::get_native_handle() { return &ctx_; }
|
267
|
+
|
268
|
+
int TLSServerContext::init(const char *private_key_file, const char *cert_file,
|
269
|
+
AppProtocol app_proto) {
|
270
|
+
if (ngtcp2_crypto_picotls_configure_server_context(&ctx_) != 0) {
|
271
|
+
std::cerr << "ngtcp2_crypto_picotls_configure_server_context failed"
|
272
|
+
<< std::endl;
|
273
|
+
return -1;
|
274
|
+
}
|
275
|
+
|
276
|
+
if (ptls_load_certificates(&ctx_, cert_file) != 0) {
|
277
|
+
std::cerr << "ptls_load_certificates failed" << std::endl;
|
278
|
+
return -1;
|
279
|
+
}
|
280
|
+
|
281
|
+
if (load_private_key(private_key_file) != 0) {
|
282
|
+
return -1;
|
283
|
+
}
|
284
|
+
|
285
|
+
if (config.verify_client) {
|
286
|
+
ctx_.require_client_authentication = 1;
|
287
|
+
}
|
288
|
+
|
289
|
+
return 0;
|
290
|
+
}
|
291
|
+
|
292
|
+
int TLSServerContext::load_private_key(const char *private_key_file) {
|
293
|
+
auto fp = fopen(private_key_file, "rb");
|
294
|
+
if (fp == nullptr) {
|
295
|
+
std::cerr << "Could not open private key file " << private_key_file << ": "
|
296
|
+
<< strerror(errno) << std::endl;
|
297
|
+
return -1;
|
298
|
+
}
|
299
|
+
|
300
|
+
auto fp_d = defer(fclose, fp);
|
301
|
+
|
302
|
+
auto pkey = PEM_read_PrivateKey(fp, nullptr, nullptr, nullptr);
|
303
|
+
if (pkey == nullptr) {
|
304
|
+
std::cerr << "Could not read private key file " << private_key_file
|
305
|
+
<< std::endl;
|
306
|
+
return -1;
|
307
|
+
}
|
308
|
+
|
309
|
+
auto pkey_d = defer(EVP_PKEY_free, pkey);
|
310
|
+
|
311
|
+
if (ptls_openssl_init_sign_certificate(&sign_cert_, pkey) != 0) {
|
312
|
+
std::cerr << "ptls_openssl_init_sign_certificate failed" << std::endl;
|
313
|
+
return -1;
|
314
|
+
}
|
315
|
+
|
316
|
+
ctx_.sign_certificate = &sign_cert_.super;
|
317
|
+
|
318
|
+
return 0;
|
319
|
+
}
|
320
|
+
|
321
|
+
void TLSServerContext::enable_keylog() { ctx_.log_event = &log_event; }
|