Provide record layer callbacks for QUIC.

QUIC uses TLS to complete the handshake, however unlike normal TLS it does not use the TLS record layer, rather it provides its own transport. This means that we need to intercept all communication between the TLS handshake and the record layer. This allows TLS handshake message writes to be directed to QUIC, likewise for TLS handshake message reads. Alerts also need to be sent via QUIC, plus it needs to be provided with the traffic keys that are derived by TLS. ok tb@
author: jsing <> 2022-07-24 14:28:16 +0000
committer: jsing <> 2022-07-24 14:28:16 +0000
commit: f7f7655b1951f8dd9a8166cb6203a780f911d0bc (patch)
tree: f814f798e3d47e53e29dfd4db0eece8481fc97ad /src/lib/libssl/tls13_quic.c
parent: c804d574e337158da589e90dc9cbb13d6ffde44f (diff)
download: openbsd-f7f7655b1951f8dd9a8166cb6203a780f911d0bc.tar.gz
openbsd-f7f7655b1951f8dd9a8166cb6203a780f911d0bc.tar.bz2
openbsd-f7f7655b1951f8dd9a8166cb6203a780f911d0bc.zip
1 files changed, 135 insertions, 0 deletions
diff --git a/src/lib/libssl/tls13_quic.c b/src/lib/libssl/tls13_quic.c
new file mode 100644
index 0000000000..3f814188a7
--- /dev/null
+++ b/src/lib/libssl/tls13_quic.c
@@ -0,0 +1,135 @@
+/*      $OpenBSD: tls13_quic.c,v 1.1 2022/07/24 14:28:16 jsing Exp $ */
+/*
+ * Copyright (c) 2022 Joel Sing <jsing@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+#include <ssl_locl.h>
+#include "tls13_internal.h"
+static ssize_t
+tls13_quic_wire_read_cb(void *buf, size_t n, void *arg)
+{
+        struct tls13_ctx *ctx = arg;
+        SSL *ssl = ctx->ssl;
+        SSLerror(ssl, ERR_R_INTERNAL_ERROR);
+        return TLS13_IO_FAILURE;
+}
+static ssize_t
+tls13_quic_wire_write_cb(const void *buf, size_t n, void *arg)
+{
+        struct tls13_ctx *ctx = arg;
+        SSL *ssl = ctx->ssl;
+        SSLerror(ssl, ERR_R_INTERNAL_ERROR);
+        return TLS13_IO_FAILURE;
+}
+static ssize_t
+tls13_quic_wire_flush_cb(void *arg)
+{
+        struct tls13_ctx *ctx = arg;
+        SSL *ssl = ctx->ssl;
+        /* XXX - call flush_flight. */
+        SSLerror(ssl, ERR_R_INTERNAL_ERROR);
+        return TLS13_IO_FAILURE;
+}
+static ssize_t
+tls13_quic_handshake_read_cb(void *buf, size_t n, void *arg)
+{
+        /* XXX - read handshake data. */
+        return TLS13_IO_FAILURE;
+}
+static ssize_t
+tls13_quic_handshake_write_cb(const void *buf, size_t n, void *arg)
+{
+        struct tls13_ctx *ctx = arg;
+        SSL *ssl = ctx->ssl;
+        /* XXX - call add_handshake_data. */
+        SSLerror(ssl, ERR_R_INTERNAL_ERROR);
+        return TLS13_IO_FAILURE;
+}
+static int
+tls13_quic_set_read_traffic_key(struct tls13_secret *read_key,
+    enum ssl_encryption_level_t read_level, void *arg)
+{
+        struct tls13_ctx *ctx = arg;
+        SSL *ssl = ctx->ssl;
+        ctx->hs->tls13.quic_read_level = read_level;
+        /* XXX - call set_read_secret. */
+        SSLerror(ssl, ERR_R_INTERNAL_ERROR);
+        return 0;
+}
+static int
+tls13_quic_set_write_traffic_key(struct tls13_secret *write_key,
+    enum ssl_encryption_level_t write_level, void *arg)
+{
+        struct tls13_ctx *ctx = arg;
+        SSL *ssl = ctx->ssl;
+        ctx->hs->tls13.quic_write_level = write_level;
+        /* XXX - call set_write_secret. */
+        SSLerror(ssl, ERR_R_INTERNAL_ERROR);
+        return 0;
+}
+static int
+tls13_quic_alert_send_cb(int alert_desc, void *arg)
+{
+        struct tls13_ctx *ctx = arg;
+        SSL *ssl = ctx->ssl;
+        /* XXX - call send_alert. */
+        SSLerror(ssl, ERR_R_INTERNAL_ERROR);
+        return TLS13_IO_FAILURE;
+}
+static const struct tls13_record_layer_callbacks quic_rl_callbacks = {
+        .wire_read = tls13_quic_wire_read_cb,
+        .wire_write = tls13_quic_wire_write_cb,
+        .wire_flush = tls13_quic_wire_flush_cb,
+        .handshake_read = tls13_quic_handshake_read_cb,
+        .handshake_write = tls13_quic_handshake_write_cb,
+        .set_read_traffic_key = tls13_quic_set_read_traffic_key,
+        .set_write_traffic_key = tls13_quic_set_write_traffic_key,
+        .alert_send = tls13_quic_alert_send_cb,
+        .alert_recv = tls13_alert_received_cb,
+        .alert_sent = tls13_alert_sent_cb,
+        .phh_recv = tls13_phh_received_cb,
+        .phh_sent = tls13_phh_done_cb,
+};
+int
+tls13_quic_init(struct tls13_ctx *ctx)
+{
+        tls13_record_layer_set_callbacks(ctx->rl, &quic_rl_callbacks, ctx);
+        ctx->middlebox_compat = 0;
+        return 1;
+}
author	jsing <>	2022-07-24 14:28:16 +0000
committer	jsing <>	2022-07-24 14:28:16 +0000
commit	f7f7655b1951f8dd9a8166cb6203a780f911d0bc (patch)
tree	f814f798e3d47e53e29dfd4db0eece8481fc97ad /src/lib/libssl/tls13_quic.c
parent	c804d574e337158da589e90dc9cbb13d6ffde44f (diff)
download	openbsd-f7f7655b1951f8dd9a8166cb6203a780f911d0bc.tar.gz openbsd-f7f7655b1951f8dd9a8166cb6203a780f911d0bc.tar.bz2 openbsd-f7f7655b1951f8dd9a8166cb6203a780f911d0bc.zip

diff --git a/src/lib/libssl/tls13_quic.c b/src/lib/libssl/tls13_quic.c new file mode 100644 index 0000000000..3f814188a7 --- /dev/null +++ b/src/lib/libssl/tls13_quic.c
@@ -0,0 +1,135 @@
	1	/* $OpenBSD: tls13_quic.c,v 1.1 2022/07/24 14:28:16 jsing Exp $ */
	2	/*
	3	* Copyright (c) 2022 Joel Sing <jsing@openbsd.org>
	4	*
	5	* Permission to use, copy, modify, and distribute this software for any
	6	* purpose with or without fee is hereby granted, provided that the above
	7	* copyright notice and this permission notice appear in all copies.
	8	*
	9	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
	10	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
	11	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
	12	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
	13	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
	14	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
	15	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
	16	*/
	17
	18	#include <ssl_locl.h>
	19
	20	#include "tls13_internal.h"
	21
	22	static ssize_t
	23	tls13_quic_wire_read_cb(void buf, size_t n, void arg)
	24	{
	25	struct tls13_ctx *ctx = arg;
	26	SSL *ssl = ctx->ssl;
	27
	28	SSLerror(ssl, ERR_R_INTERNAL_ERROR);
	29	return TLS13_IO_FAILURE;
	30	}
	31
	32	static ssize_t
	33	tls13_quic_wire_write_cb(const void buf, size_t n, void arg)
	34	{
	35	struct tls13_ctx *ctx = arg;
	36	SSL *ssl = ctx->ssl;
	37
	38	SSLerror(ssl, ERR_R_INTERNAL_ERROR);
	39	return TLS13_IO_FAILURE;
	40	}
	41
	42	static ssize_t
	43	tls13_quic_wire_flush_cb(void *arg)
	44	{
	45	struct tls13_ctx *ctx = arg;
	46	SSL *ssl = ctx->ssl;
	47
	48	/* XXX - call flush_flight. */
	49	SSLerror(ssl, ERR_R_INTERNAL_ERROR);
	50	return TLS13_IO_FAILURE;
	51	}
	52
	53	static ssize_t
	54	tls13_quic_handshake_read_cb(void buf, size_t n, void arg)
	55	{
	56	/* XXX - read handshake data. */
	57	return TLS13_IO_FAILURE;
	58	}
	59
	60	static ssize_t
	61	tls13_quic_handshake_write_cb(const void buf, size_t n, void arg)
	62	{
	63	struct tls13_ctx *ctx = arg;
	64	SSL *ssl = ctx->ssl;
	65
	66	/* XXX - call add_handshake_data. */
	67	SSLerror(ssl, ERR_R_INTERNAL_ERROR);
	68	return TLS13_IO_FAILURE;
	69	}
	70
	71	static int
	72	tls13_quic_set_read_traffic_key(struct tls13_secret *read_key,
	73	enum ssl_encryption_level_t read_level, void *arg)
	74	{
	75	struct tls13_ctx *ctx = arg;
	76	SSL *ssl = ctx->ssl;
	77
	78	ctx->hs->tls13.quic_read_level = read_level;
	79
	80	/* XXX - call set_read_secret. */
	81	SSLerror(ssl, ERR_R_INTERNAL_ERROR);
	82	return 0;
	83	}
	84
	85	static int
	86	tls13_quic_set_write_traffic_key(struct tls13_secret *write_key,
	87	enum ssl_encryption_level_t write_level, void *arg)
	88	{
	89	struct tls13_ctx *ctx = arg;
	90	SSL *ssl = ctx->ssl;
	91
	92	ctx->hs->tls13.quic_write_level = write_level;
	93
	94	/* XXX - call set_write_secret. */
	95	SSLerror(ssl, ERR_R_INTERNAL_ERROR);
	96	return 0;
	97	}
	98
	99	static int
	100	tls13_quic_alert_send_cb(int alert_desc, void *arg)
	101	{
	102	struct tls13_ctx *ctx = arg;
	103	SSL *ssl = ctx->ssl;
	104
	105	/* XXX - call send_alert. */
	106	SSLerror(ssl, ERR_R_INTERNAL_ERROR);
	107	return TLS13_IO_FAILURE;
	108	}
	109
	110	static const struct tls13_record_layer_callbacks quic_rl_callbacks = {
	111	.wire_read = tls13_quic_wire_read_cb,
	112	.wire_write = tls13_quic_wire_write_cb,
	113	.wire_flush = tls13_quic_wire_flush_cb,
	114
	115	.handshake_read = tls13_quic_handshake_read_cb,
	116	.handshake_write = tls13_quic_handshake_write_cb,
	117	.set_read_traffic_key = tls13_quic_set_read_traffic_key,
	118	.set_write_traffic_key = tls13_quic_set_write_traffic_key,
	119	.alert_send = tls13_quic_alert_send_cb,
	120
	121	.alert_recv = tls13_alert_received_cb,
	122	.alert_sent = tls13_alert_sent_cb,
	123	.phh_recv = tls13_phh_received_cb,
	124	.phh_sent = tls13_phh_done_cb,
	125	};
	126
	127	int
	128	tls13_quic_init(struct tls13_ctx *ctx)
	129	{
	130	tls13_record_layer_set_callbacks(ctx->rl, &quic_rl_callbacks, ctx);
	131
	132	ctx->middlebox_compat = 0;
	133
	134	return 1;
	135	}