1 /* $OpenBSD: tls13_quic.c,v 1.6 2022/08/30 18:23:40 tb Exp $ */
2 /*
3 * Copyright (c) 2022 Joel Sing <jsing@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18 #include <ssl_locl.h>
19
20 #include "tls13_internal.h"
21
22 static ssize_t
tls13_quic_wire_read_cb(void * buf,size_t n,void * arg)23 tls13_quic_wire_read_cb(void *buf, size_t n, void *arg)
24 {
25 struct tls13_ctx *ctx = arg;
26 SSL *ssl = ctx->ssl;
27
28 SSLerror(ssl, SSL_R_QUIC_INTERNAL_ERROR);
29 return TLS13_IO_FAILURE;
30 }
31
32 static ssize_t
tls13_quic_wire_write_cb(const void * buf,size_t n,void * arg)33 tls13_quic_wire_write_cb(const void *buf, size_t n, void *arg)
34 {
35 struct tls13_ctx *ctx = arg;
36 SSL *ssl = ctx->ssl;
37
38 SSLerror(ssl, SSL_R_QUIC_INTERNAL_ERROR);
39 return TLS13_IO_FAILURE;
40 }
41
42 static ssize_t
tls13_quic_wire_flush_cb(void * arg)43 tls13_quic_wire_flush_cb(void *arg)
44 {
45 struct tls13_ctx *ctx = arg;
46 SSL *ssl = ctx->ssl;
47
48 if (!ssl->quic_method->flush_flight(ssl)) {
49 SSLerror(ssl, SSL_R_QUIC_INTERNAL_ERROR);
50 return TLS13_IO_FAILURE;
51 }
52
53 return TLS13_IO_SUCCESS;
54 }
55
56 static ssize_t
tls13_quic_handshake_read_cb(void * buf,size_t n,void * arg)57 tls13_quic_handshake_read_cb(void *buf, size_t n, void *arg)
58 {
59 struct tls13_ctx *ctx = arg;
60
61 if (ctx->hs->tls13.quic_read_buffer == NULL)
62 return TLS13_IO_WANT_POLLIN;
63
64 return tls_buffer_read(ctx->hs->tls13.quic_read_buffer, buf, n);
65 }
66
67 static ssize_t
tls13_quic_handshake_write_cb(const void * buf,size_t n,void * arg)68 tls13_quic_handshake_write_cb(const void *buf, size_t n, void *arg)
69 {
70 struct tls13_ctx *ctx = arg;
71 SSL *ssl = ctx->ssl;
72
73 if (!ssl->quic_method->add_handshake_data(ssl,
74 ctx->hs->tls13.quic_write_level, buf, n)) {
75 SSLerror(ssl, SSL_R_QUIC_INTERNAL_ERROR);
76 return TLS13_IO_FAILURE;
77 }
78
79 return n;
80 }
81
82 static int
tls13_quic_set_read_traffic_key(struct tls13_secret * read_key,enum ssl_encryption_level_t read_level,void * arg)83 tls13_quic_set_read_traffic_key(struct tls13_secret *read_key,
84 enum ssl_encryption_level_t read_level, void *arg)
85 {
86 struct tls13_ctx *ctx = arg;
87 SSL *ssl = ctx->ssl;
88
89 ctx->hs->tls13.quic_read_level = read_level;
90
91 /* Handle both the new (BoringSSL) and old (quictls) APIs. */
92
93 if (ssl->quic_method->set_read_secret != NULL)
94 return ssl->quic_method->set_read_secret(ssl,
95 ctx->hs->tls13.quic_read_level, ctx->hs->cipher,
96 read_key->data, read_key->len);
97
98 if (ssl->quic_method->set_encryption_secrets != NULL)
99 return ssl->quic_method->set_encryption_secrets(ssl,
100 ctx->hs->tls13.quic_read_level, read_key->data, NULL,
101 read_key->len);
102
103 return 0;
104 }
105
106 static int
tls13_quic_set_write_traffic_key(struct tls13_secret * write_key,enum ssl_encryption_level_t write_level,void * arg)107 tls13_quic_set_write_traffic_key(struct tls13_secret *write_key,
108 enum ssl_encryption_level_t write_level, void *arg)
109 {
110 struct tls13_ctx *ctx = arg;
111 SSL *ssl = ctx->ssl;
112
113 ctx->hs->tls13.quic_write_level = write_level;
114
115 /* Handle both the new (BoringSSL) and old (quictls) APIs. */
116
117 if (ssl->quic_method->set_write_secret != NULL)
118 return ssl->quic_method->set_write_secret(ssl,
119 ctx->hs->tls13.quic_write_level, ctx->hs->cipher,
120 write_key->data, write_key->len);
121
122 if (ssl->quic_method->set_encryption_secrets != NULL)
123 return ssl->quic_method->set_encryption_secrets(ssl,
124 ctx->hs->tls13.quic_write_level, NULL, write_key->data,
125 write_key->len);
126
127 return 0;
128 }
129
130 static int
tls13_quic_alert_send_cb(int alert_desc,void * arg)131 tls13_quic_alert_send_cb(int alert_desc, void *arg)
132 {
133 struct tls13_ctx *ctx = arg;
134 SSL *ssl = ctx->ssl;
135
136 if (!ssl->quic_method->send_alert(ssl, ctx->hs->tls13.quic_write_level,
137 alert_desc)) {
138 SSLerror(ssl, SSL_R_QUIC_INTERNAL_ERROR);
139 return TLS13_IO_FAILURE;
140 }
141
142 return TLS13_IO_SUCCESS;
143 }
144
145 static const struct tls13_record_layer_callbacks quic_rl_callbacks = {
146 .wire_read = tls13_quic_wire_read_cb,
147 .wire_write = tls13_quic_wire_write_cb,
148 .wire_flush = tls13_quic_wire_flush_cb,
149
150 .handshake_read = tls13_quic_handshake_read_cb,
151 .handshake_write = tls13_quic_handshake_write_cb,
152 .set_read_traffic_key = tls13_quic_set_read_traffic_key,
153 .set_write_traffic_key = tls13_quic_set_write_traffic_key,
154 .alert_send = tls13_quic_alert_send_cb,
155
156 .alert_recv = tls13_alert_received_cb,
157 .alert_sent = tls13_alert_sent_cb,
158 .phh_recv = tls13_phh_received_cb,
159 .phh_sent = tls13_phh_done_cb,
160 };
161
162 int
tls13_quic_init(struct tls13_ctx * ctx)163 tls13_quic_init(struct tls13_ctx *ctx)
164 {
165 BIO *bio;
166
167 tls13_record_layer_set_callbacks(ctx->rl, &quic_rl_callbacks, ctx);
168
169 ctx->middlebox_compat = 0;
170
171 /*
172 * QUIC does not use BIOs, however we currently expect a BIO to exist
173 * for status handling.
174 */
175 if ((bio = BIO_new(BIO_s_null())) == NULL)
176 return 0;
177
178 SSL_set_bio(ctx->ssl, bio, bio);
179 bio = NULL;
180
181 return 1;
182 }
183