raioquic 0.1.0

data/lib/raioquic/quic/crypto.rb

@@ -0,0 +1,317 @@
+# frozen_string_literal: true
+
+require_relative "../crypto"
+require_relative "packet"
+require "tttls1.3"
+require "openssl"
+
+module Raioquic
+  module Quic
+    # Raioquic::Quic::Crypto
+    # Migrated from these files
+    #  - aioquic/src/aioquic/quic/crypto.py
+    #  - aioquic/src/aioquic/_crypto.c
+    module Crypto
+      INITIAL_CIPHER_SUITE = nil
+      AEAD_KEY_LENGTH_MAX = 32
+      AEAD_NONCE_LENGTH = 12
+      AEAD_TAG_LENGTH = 16
+      PACKET_LENGTH_MAX = 1500
+      PACKET_NUMBER_LENGTH_MAX = 4
+      SAMPLE_LENGTH = 16
+      INITIAL_SALT_VERSION_1 = ["38762cf7f55934b34d179ae6a4c80cadccbb7f0a"].pack("H*")
+
+      # class CryptoError < ::StandardError; end
+      CryptoError = Class.new(StandardError)
+
+      def derive_key_iv_hp(_cipher_suite, secret)
+        # TODO: implement on TLS module
+        [
+          TTTLS13::KeySchedule.hkdf_expand_label(secret, "quic key", "", 16, "SHA256"),
+          TTTLS13::KeySchedule.hkdf_expand_label(secret, "quic iv", "", 12, "SHA256"),
+          TTTLS13::KeySchedule.hkdf_expand_label(secret, "quic hp", "", 16, "SHA256"),
+        ]
+      end
+      module_function :derive_key_iv_hp
+
+      def xor_str(a, b) # rubocop:disable Naming/MethodParameterName
+        a.unpack("C*").zip(b.unpack("C*")).map { |x, y| x ^ y }.pack("C*")
+      end
+      module_function :xor_str
+
+      class NoCallback
+        def call(_); end
+      end
+
+      # CryptoContext
+      # represent sender or receiver crypto context
+      class CryptoContext
+        attr_reader :aead
+        attr_reader :key_phase
+        attr_reader :secret
+
+        def initialize(key_phase: 0, setup_cb: NoCallback.new, teardown_cb: NoCallback.new)
+          @aead = nil
+          @cipher_suite = nil
+          @hp = nil
+          @key_phase = key_phase
+          @secret = nil
+          @version = nil
+          @setup_cb = setup_cb
+          @teardown_cb = teardown_cb
+        end
+
+        def decrypt_packet(packet:, encrypted_offset:, expected_packet_number:)
+          raise ArgumentError unless @aead # TODO: KeyUnavailableError
+
+          # header protection
+          plain_header, packet_number, = @hp.remove(packet: packet, encrypted_offset: encrypted_offset)
+          first_byte = plain_header[0].unpack1("C*")
+
+          # packet number
+          pn_length = (first_byte & 0x03) + 1
+          packet_number = Packet.decode_packet_number(truncated: packet_number, num_bits: pn_length * 8, expected: expected_packet_number)
+
+          # detect key phase change
+          crypto = self
+          unless Packet.is_long_header(first_byte)
+            key_phase = (first_byte & 4) >> 2
+            crypto = next_key_phase if key_phase != @key_phase
+          end
+          payload = crypto.aead.decrypt(data: packet[plain_header.length..], associated_data: plain_header, packet_number: packet_number)
+
+          return [plain_header, payload, packet_number, crypto != self]
+        end
+
+        def encrypt_packet(plain_header:, plain_payload:, packet_number:)
+          raise RuntimeError unless is_valid
+
+          protected_payload = @aead.encrypt(data: plain_payload, associated_data: plain_header, packet_number: packet_number)
+          return @hp.apply(plain_header: plain_header, protected_payload: protected_payload)
+        end
+
+        def is_valid
+          !!@aead
+        end
+
+        def setup(cipher_suite:, secret:, version:)
+          hp_cipher_name = "aes-128-ecb" # TODO: hardcode
+          _aead_cipher_name = OpenSSL::Digest.new("SHA256") # TODO: hardcode
+
+          key, iv, hp = ::Raioquic::Quic::Crypto.derive_key_iv_hp(cipher_suite, secret)
+          # binding.b
+          @aead = AEAD.new(cipher_name: "aes-128-gcm", key: key, iv: iv) # TODO: hardcode
+          @cipher_suite = cipher_suite
+          @hp = HeaderProtection.new(cipher_name: hp_cipher_name, key: hp)
+          @secret = secret
+          @version = version
+
+          # trigger callback
+          @setup_cb&.call("tls")
+        end
+
+        def teardown
+          @aead = nil
+          @cipher_suite = nil
+          @hp = nil
+
+          # trigger callback
+          @teardown_cb&.call("tls")
+        end
+
+        def apply_key_phase(crypto, _trigger)
+          @aead = crypto.aead
+          @key_phase = crypto.key_phase
+          @secret = crypto.secret
+
+          # trigger callback
+          @setup_cb&.call("tls")
+        end
+
+        def next_key_phase
+          crypto = self.class.new(key_phase: (@key_phase.zero? ? 1 : 0))
+          crypto.setup(
+            cipher_suite: "aes-128-gcm", # TODO: hardcode
+            secret: TTTLS13::KeySchedule.hkdf_expand_label(@secret, "quic ku", "", 32, "SHA256"),
+            version: Packet::QuicProtocolVersion::VERSION_1,
+          )
+          return crypto
+        end
+      end
+
+      # CryptoPair
+      # store sender and receiver crypto context object
+      class CryptoPair
+        attr_reader :recv
+        attr_reader :send
+        attr_reader :aead_tag_size
+
+        def initialize(recv_setup_cb: NoCallback.new, recv_teardown_cb: NoCallback.new, send_setup_cb: NoCallback.new, send_teardown_cb: NoCallback.new) # rubocop:disable Layout/LineLength
+          @aead_tag_size = 16
+          @recv = CryptoContext.new(setup_cb: recv_setup_cb, teardown_cb: recv_teardown_cb)
+          @send = CryptoContext.new(setup_cb: send_setup_cb, teardown_cb: send_teardown_cb)
+          @update_key_requested = false
+        end
+
+        def decrypt_packet(packet:, encrypted_offset:, expected_packet_number:)
+          plain_header, payload, packe_number, need_update_key = @recv.decrypt_packet(
+            packet: packet, encrypted_offset: encrypted_offset, expected_packet_number: expected_packet_number,
+          )
+          _update_key("remote_update") if need_update_key
+
+          return [plain_header, payload, packe_number]
+        end
+
+        def encrypt_packet(plain_header:, plain_payload:, packet_number:)
+          _update_key("local_update") if @update_key_requested
+
+          return @send.encrypt_packet(plain_header: plain_header, plain_payload: plain_payload, packet_number: packet_number)
+        end
+
+        def setup_initial(cid:, is_client:, version:)
+          if is_client
+            recv_label = "server in"
+            send_label = "client in"
+          else
+            recv_label = "client in"
+            send_label = "server in"
+
+          end
+          initial_salt = INITIAL_SALT_VERSION_1
+          # algorithm = TLS.cipher_suite_hash(INITIAL_CIPHER_SUITE) TODO: impleement on tls module
+          algorithm = OpenSSL::Digest.new("SHA256")
+          # initial_secret = hkdf_extract(algorithm, initial_salt, cid) TODO: implement on tls module
+          initial_secret = OpenSSL::HMAC.digest(algorithm, initial_salt, cid)
+          @recv.setup(
+            cipher_suite: INITIAL_CIPHER_SUITE,
+            secret: TTTLS13::KeySchedule.hkdf_expand_label(initial_secret, recv_label, "", 32, "SHA256"),
+            version: version,
+          )
+          @send.setup(
+            cipher_suite: INITIAL_CIPHER_SUITE,
+            secret: TTTLS13::KeySchedule.hkdf_expand_label(initial_secret, send_label, "", 32, "SHA256"),
+            version: version,
+          )
+        end
+
+        def teardown
+          @recv.teardown
+          @send.teardown
+        end
+
+        def key_phase
+          if @update_key_requested
+            @recv.key_phase.zero? ? 1 : 0
+          else
+            @recv.key_phase
+          end
+        end
+
+        def update_key
+          @update_key_requested = true
+        end
+
+        def _update_key(trigger)
+          # binding.irb
+          @recv.apply_key_phase(@recv.next_key_phase, trigger)
+          @send.apply_key_phase(@send.next_key_phase, trigger)
+          @update_key_requested = false
+        end
+      end
+
+      # HeaderProtection
+      # remove/apply QUIC header protection
+      class HeaderProtection
+        def initialize(cipher_name:, key:)
+          @cipher = OpenSSL::Cipher.new(cipher_name)
+          @cipher.encrypt
+          @cipher.key = key
+          @key = key
+          @mask = "\x00" * 31
+          @zero = "\x00" * 5
+        end
+
+        def apply(plain_header:, protected_payload:)
+          pn_length = (plain_header[0].unpack1("C*") & 0x03) + 1
+          pn_offset = plain_header.length - pn_length
+          mask(protected_payload.slice((PACKET_NUMBER_LENGTH_MAX - pn_length)..-1)[0, SAMPLE_LENGTH])
+          buffer = plain_header + protected_payload
+          if buffer[0].unpack1("C*") & 0x80 != 0 # rubocop:disable Style/NegatedIfElseCondition, Style/ConditionalAssignment
+            buffer[0] = Crypto.xor_str(buffer[0], [@mask[0].unpack1("C*") & 0x0f].pack("C*"))
+          else
+            buffer[0] = Crypto.xor_str(buffer[0], [@mask[0].unpack1("C*") & 0x1f].pack("C*"))
+          end
+          pn_length.times do |i|
+            buffer[pn_offset + i] = Crypto.xor_str(buffer[pn_offset + i], @mask[1 + i])
+          end
+          return buffer
+        end
+
+        def remove(packet:, encrypted_offset:)
+          mask(packet.slice(encrypted_offset + PACKET_NUMBER_LENGTH_MAX, SAMPLE_LENGTH))
+          buffer = packet.dup.slice(0, encrypted_offset + PACKET_NUMBER_LENGTH_MAX)
+          if buffer[0].unpack1("C*") & 0x80 != 0 # rubocop:disable Style/NegatedIfElseCondition, Style/ConditionalAssignment
+            buffer[0] = Crypto.xor_str(buffer[0], [@mask[0].unpack1("C*") & 0x0f].pack("C*"))
+          else
+            buffer[0] = Crypto.xor_str(buffer[0], [@mask[0].unpack1("C*") & 0x1f].pack("C*"))
+          end
+          pn_length = (buffer[0].unpack1("C*") & 0x03) + 1
+          pn_truncated = 0
+          pn_length.times do |i|
+            buffer[encrypted_offset + i] = Crypto.xor_str(buffer[encrypted_offset + i], @mask[1 + i])
+            pn_truncated = buffer[encrypted_offset + i].unpack1("C*") | (pn_truncated << 8)
+          end
+          [buffer.slice(0, encrypted_offset + pn_length), pn_truncated]
+        end
+
+        private def mask(sample)
+          # if chacha20 TODO: chacha20
+          @mask = @cipher.update(sample) + @cipher.final
+        end
+      end
+
+      # AEAD
+      # encrypt/dectypt AEAD
+      class AEAD
+        def initialize(cipher_name:, key:, iv:) # rubocop:disable Naming/MethodParameterName
+          @cipher = OpenSSL::Cipher.new(cipher_name)
+          @cipher_name = cipher_name
+          @key = key
+          @iv = iv
+        end
+
+        def decrypt(data:, associated_data:, packet_number:)
+          raise CryptoError, "Invalid payload length" if data.length < AEAD_TAG_LENGTH || data.length > PACKET_LENGTH_MAX
+
+          nonce = @iv.dup
+          8.times do |i|
+            nonce[AEAD_NONCE_LENGTH - 1 - i] = Crypto.xor_str(nonce[AEAD_NONCE_LENGTH - 1 - i], [packet_number >> (8 * i)].pack("C*"))
+          end
+          @cipher.decrypt
+          @cipher.key = @key
+          @cipher.iv = nonce
+          @cipher.auth_tag = data.slice(data.length - AEAD_TAG_LENGTH, AEAD_TAG_LENGTH)
+          @cipher.auth_data = associated_data
+          decrypted = @cipher.update(data.slice(0...(data.length - AEAD_TAG_LENGTH))) + @cipher.final
+          return decrypted
+        end
+
+        def encrypt(data:, associated_data:, packet_number:)
+          raise CryptoError, "Invalid payload length" if data.length > PACKET_LENGTH_MAX
+
+          nonce = @iv.dup
+          8.times do |i|
+            nonce[AEAD_NONCE_LENGTH - 1 - i] = Crypto.xor_str(nonce[AEAD_NONCE_LENGTH - 1 - i], [packet_number >> (8 * i)].pack("C*"))
+          end
+
+          @cipher.encrypt
+          @cipher.key = @key
+          @cipher.iv = nonce
+          @cipher.auth_data = associated_data
+          encrypted = @cipher.update(data) + @cipher.final
+          return encrypted + @cipher.auth_tag
+        end
+      end
+    end
+  end
+end

data/lib/raioquic/quic/event.rb

@@ -0,0 +1,69 @@
+# frozen_string_literal: true
+
+module Raioquic
+  module Quic
+    module Event
+      # Base class for QUIC events.
+      # Should be implement by Struct?
+      class QuicEvent
+        def ==(other)
+          return false if self.class != other.class
+
+          return false if instance_variables != other.instance_variables
+
+          return instance_variables.all? { |iver| instance_variable_get(iver) == other.instance_variable_get(iver) }
+        end
+      end
+
+      class ConnectionIdIssued < QuicEvent
+        attr_accessor :connection_id
+      end
+
+      class ConnectionIdRetired < QuicEvent
+        attr_accessor :connection_id
+      end
+
+      # The ConnectionTerminated event is fired when the QUIC connection is terminated.
+      class ConnectionTerminated < QuicEvent
+        attr_accessor :error_code     # The error code which was specified when closing the connection.
+        attr_accessor :frame_type     # The frame type which caused the connection to be closed, or `None`.
+        attr_accessor :reason_phrase  # The human-readable reason for which the connection was closed.
+      end
+
+      # The DatagramFrameReceived event is fired when a DATAGRAM frame is received.
+      class DatagramFrameReceived < QuicEvent
+        attr_accessor :data # The data which was received.
+      end
+
+      # The HandshakeCompleted event is fired when the TLS handshake completes.
+      class HandshakeCompleted < QuicEvent
+        attr_accessor :alpn_protocol        # The protocol which was negotiated using ALPN, or `nil`.
+        attr_accessor :early_data_accepted  # WHether early (0-RTT) data was accepted by the remote peer.
+        attr_accessor :session_resumed      # Whether a TLS session was resumed.
+      end
+
+      # The PingAcknowledged event is fired when a PING frame is acknowledged.
+      class PingAcknowledged < QuicEvent
+        attr_accessor :uid # The unique ID of the PING.
+      end
+
+      # The ProtocolNegotiated event is fired when when ALPN negotiation completes.
+      class ProtocolNegotiated < QuicEvent
+        attr_accessor :alpn_protocol # The protocol which was negotiated using ALPN, or `nil`.
+      end
+
+      # The StreamDataReceived event is fired whenever data is received on a stream.
+      class StreamDataReceived < QuicEvent
+        attr_accessor :data       # The data which was received.
+        attr_accessor :end_stream # Whether the STREAM frame has the FIN bit set.
+        attr_accessor :stream_id  # The ID of the stream the data was received for.
+      end
+
+      # The StreamReset event is fired when the remote peer resets a stream.
+      class StreamReset < QuicEvent
+        attr_accessor :error_code # The error code that triggered the reset.
+        attr_accessor :stream_id  # The ID of the stream that was reset.
+      end
+    end
+  end
+end

data/lib/raioquic/quic/logger.rb

@@ -0,0 +1,272 @@
+# frozen_string_literal: true
+
+require "json"
+
+module Raioquic
+  module Quic
+    module Logger
+      QLOG_VERSION = "0.3"
+
+      # A QUIC event trace.
+      #
+      # Events are logged in the format defined by qlog.
+      #
+      # See:
+      # - https://datatracker.ietf.org/doc/html/draft-ietf-quic-qlog-main-schema-02
+      # - https://datatracker.ietf.org/doc/html/draft-marx-quic-qlog-quic-events
+      # - https://datatracker.ietf.org/doc/html/draft-marx-quic-qlog-h3-events
+      class QuicLoggerTrace
+        PACKET_TYPE_NAMES = {
+          Quic::Packet::PACKET_TYPE_INITIAL => "initial",
+          Quic::Packet::PACKET_TYPE_HANDSHAKE => "handshake",
+          Quic::Packet::PACKET_TYPE_ZERO_RTT => "0RTT",
+          Quic::Packet::PACKET_TYPE_ONE_RTT => "1RTT",
+          Quic::Packet::PACKET_TYPE_RETRY => "retry",
+        }
+
+        attr_reader :is_client
+
+        def initialize(is_client:, odcid:)
+          @odcid = odcid
+          @events = []
+          @is_client = is_client
+          @vantage_point = {
+            name: "raioquic(aioquic porting)",
+            type: (is_client ? "client" : "server"),
+          }
+        end
+
+        def encode_ack_frame(ranges:, delay:)
+          {
+            ack_delay: encode_time(delay),
+            acked_ranges: ranges.list.map { |x| [x.first, x.last - 1] },
+            frame_type: "ack",
+          }
+        end
+
+        def encode_connection_close_frame(error_code:, frame_type: nil, reason_phrase:)
+          attrs = {
+            error_code: error_code,
+            error_space: (frame_type ? "transport" : "application"),
+            frame_type: "connection_close",
+            raw_error_code: error_code,
+            reason: reason_phrase,
+          }
+          attrs[:trigger_frame_type] = frame_type if frame_type
+          attrs
+        end
+
+        def encode_connection_limit_frame(frame_type:, maximum:)
+          if frame_type == Quic::Packet::QuicFrameType::MAX_DATA
+            { frame_type: "max_data", maximum: maximum }
+          else
+            {
+              frame_type: "max_streams",
+              maximum: maximum,
+              stream_type: (frame_type == Quic::Packet::QuicFrameType::MAX_STREAMS_UNI ? "unidirectional" : "bidirectional"),
+            }
+          end
+        end
+
+        def encode_crypto_frame(frame:)
+          {
+            frame_type: "crypto",
+            length: frame.data.bytesize,
+            offset: frame.offset,
+          }
+        end
+
+        def encode_data_blocked_frame(limit:)
+          { frame_type: "data_blocked", limit: limit }
+        end
+
+        def encode_datagram_frame(length:)
+          { frame_type: "datagram", length: length }
+        end
+
+        def encode_handshake_done_frame
+          { frame_type: "handshake_done" }
+        end
+
+        def encode_max_stream_data_frame(maximum:, stream_id:)
+          {
+            frame_type: "max_stream_data",
+            maximum: maximum,
+            stream_id: stream_id,
+          }
+        end
+
+        def encode_new_connection_id_frame(connection_id:, retire_prior_to:, sequence_number:, stateless_reset_token:)
+          {
+            connection_id: connection_id.unpack1("H*"),
+            frame_type: "new_connection_id",
+            length: connection_id.bytesize,
+            reset_token: stateless_reset_token.unpack1("H*"),
+            retire_prior_to: retire_prior_to,
+            sequence_number: sequence_number,
+          }
+        end
+
+        def encode_new_token_frame(token:)
+          {
+            frame_type: "new_token",
+            length: token.bytesize,
+            token: token.unpack1("H*"),
+          }
+        end
+
+        def encode_padding_frame
+          { frame_type: "padding" }
+        end
+
+        def encode_path_challenge_frame(data:)
+          { frame_type: "path_challenge", data: data.unpack1("H*") }
+        end
+
+        def encode_path_response_frame(data:)
+          { frame_type: "path_response", data: data.unpack1("H*") }
+        end
+
+        def encode_ping_frame
+          { frame_type: "ping" }
+        end
+
+        def encode_reset_stream_frame(error_code:, final_size:, stream_id:)
+          {
+            error_code: error_code,
+            final_size: final_size,
+            frame_type: "reset_stream",
+            stream_id: stream_id,
+          }
+        end
+
+        def encode_retire_connection_id_frame(sequence_number:)
+          {
+            frame_type: "retire_connection_id",
+            sequence_number: sequence_number,
+          }
+        end
+
+        def encode_stream_data_blocked_frame(limit:, stream_id:)
+          {
+            frame_type: "stream_data_blocked",
+            limit: limit,
+            stream_id: stream_id,
+          }
+        end
+
+        def encode_stop_sending_frame(error_code:, stream_id:)
+          {
+            frame_type: "stop_sending",
+            error_code: error_code,
+            stream_id: stream_id,
+          }
+        end
+
+        def encode_stream_frame(frame:, stream_id:)
+          {
+            fin: frame.fin,
+            frame_type: "stream",
+            length: frame.data.bytesize,
+            offset: frame.offset,
+            stream_id: stream_id,
+          }
+        end
+
+        def encode_streams_blocked_frame(is_unidirectional:, limit:)
+          {
+            frame_type: "streams_blocked",
+            limit: limit,
+            stream_type: (is_unidirectional ? "unidirectional" : "bidirectional"),
+          }
+        end
+
+        # Convert a time to milliseconds.
+        def encode_time(seconds)
+          seconds * 1000
+        end
+
+        def encode_transport_parameters(owner:, parameters:)
+          data = { owner: owner }
+          parameters.each_pair do |key, value|
+            if value.is_a?(TrueClass) || value.is_a?(FalseClass) || value.is_a?(Integer)
+              data[key] = value
+            elsif value.is_a?(String)
+              data[key] = value.unpack1("H*")
+            end
+          end
+          data
+        end
+
+        def packet_type(packet_type)
+          PACKET_TYPE_NAMES[packet_type & Quic::Packet::PACKET_TYPE_MASK] || "1RTT"
+        end
+
+        def log_event(category:, event:, data:)
+          @events << {
+            data: data,
+            name: "#{category}:#{event}",
+            time: encode_time(Time.now.to_f),
+          }
+        end
+
+        # Return the trace as a dictionary which can be written as JSON.
+        def to_dict
+          {
+            common_fields: {
+              ODCID: @odcid.unpack1("H*"),
+            },
+            events: @events,
+            vantage_point: @vantage_point,
+          }
+        end
+      end
+
+      class QuicLogger
+        def initialize
+          @traces = []
+        end
+
+        def start_trace(is_client:, odcid:)
+          @trace = QuicLoggerTrace.new(is_client: is_client, odcid: odcid)
+          @traces << @trace
+          @trace
+        end
+
+        def to_dict
+          {
+            qlog_format: "JSON",
+            qlog_version: QLOG_VERSION,
+            traces: @traces.map(&:to_dict),
+          }
+        end
+      end
+
+      # A QUIC event logger which writes one trace per file.
+      class QuicFileLogger < QuicLogger
+        def initialize(path:)
+          raise ValueError, "QUIC log output directory #{path} does not exist" unless File.directory?(path)
+
+          @path = path # TODO: path check
+          super()
+        end
+
+        def end_trace(trace)
+          return unless trace
+          trace_dict = trace.to_dict
+          trace_type = trace.is_client ? "client" : "server"
+          trace_path = File.join(@path, trace_dict[:common_fields][:ODCID] + "_#{trace_type}.qlog")
+          File.write(
+            trace_path,
+            JSON.generate({
+              qlog_format: "JSON",
+              qlog_version: QLOG_VERSION,
+              traces: [trace_dict],
+            }))
+            idx = @traces.find_index(trace)
+            @traces.delete_at(idx) if idx
+        end
+      end
+    end
+  end
+end