diff options
| author | beck <> | 2022-06-29 17:39:21 +0000 |
|---|---|---|
| committer | beck <> | 2022-06-29 17:39:21 +0000 |
| commit | fc8a9f3799769566fe4b424c43a81a1a71f91328 (patch) | |
| tree | 3406a8350556d9a6c42a2677a30e2dabf013942c /src/regress/lib/libssl/tlsext/tlsexttest.c | |
| parent | 6f4618c6c03ccd1d0f1b55dd8ff05af4a05abe78 (diff) | |
| download | openbsd-fc8a9f3799769566fe4b424c43a81a1a71f91328.tar.gz openbsd-fc8a9f3799769566fe4b424c43a81a1a71f91328.tar.bz2 openbsd-fc8a9f3799769566fe4b424c43a81a1a71f91328.zip | |
Add support for sending QUIC transport parameters
This is the start of adding the boringssl API for QUIC support,
and the TLS extensions necessary to send and receive QUIC transport
data.
Inspired by boringssl's https://boringssl-review.googlesource.com/24464
ok jsing@ tb@
Diffstat (limited to 'src/regress/lib/libssl/tlsext/tlsexttest.c')
| -rw-r--r-- | src/regress/lib/libssl/tlsext/tlsexttest.c | 258 |
1 files changed, 257 insertions, 1 deletions
diff --git a/src/regress/lib/libssl/tlsext/tlsexttest.c b/src/regress/lib/libssl/tlsext/tlsexttest.c index 297aff2441..8166b883b8 100644 --- a/src/regress/lib/libssl/tlsext/tlsexttest.c +++ b/src/regress/lib/libssl/tlsext/tlsexttest.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tlsexttest.c,v 1.63 2022/06/06 06:11:04 tb Exp $ */ | 1 | /* $OpenBSD: tlsexttest.c,v 1.64 2022/06/29 17:39:21 beck Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2017 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2017 Joel Sing <jsing@openbsd.org> |
| 4 | * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> | 4 | * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> |
| @@ -1896,6 +1896,259 @@ test_tlsext_sni_server(void) | |||
| 1896 | return (failure); | 1896 | return (failure); |
| 1897 | } | 1897 | } |
| 1898 | 1898 | ||
| 1899 | |||
| 1900 | /* | ||
| 1901 | * QUIC transport parameters extenstion - RFC 90210 :) | ||
| 1902 | */ | ||
| 1903 | |||
| 1904 | #define TEST_QUIC_TRANSPORT_DATA "0123456789abcdef" | ||
| 1905 | |||
| 1906 | static unsigned char tlsext_quic_transport_data[] = { | ||
| 1907 | 0x00, 0x10, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, | ||
| 1908 | 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, | ||
| 1909 | 0x65, 0x66, | ||
| 1910 | }; | ||
| 1911 | |||
| 1912 | static int | ||
| 1913 | test_tlsext_quic_transport_parameters_client(void) | ||
| 1914 | { | ||
| 1915 | unsigned char *data = NULL; | ||
| 1916 | SSL_CTX *ssl_ctx = NULL; | ||
| 1917 | SSL *ssl = NULL; | ||
| 1918 | int failure; | ||
| 1919 | size_t dlen; | ||
| 1920 | CBB cbb; | ||
| 1921 | CBS cbs; | ||
| 1922 | int alert; | ||
| 1923 | const uint8_t *out_bytes; | ||
| 1924 | size_t out_bytes_len; | ||
| 1925 | |||
| 1926 | failure = 1; | ||
| 1927 | |||
| 1928 | if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) | ||
| 1929 | errx(1, "failed to create SSL_CTX"); | ||
| 1930 | if ((ssl = SSL_new(ssl_ctx)) == NULL) | ||
| 1931 | errx(1, "failed to create SSL"); | ||
| 1932 | |||
| 1933 | CBB_init(&cbb, 0); | ||
| 1934 | |||
| 1935 | if (tlsext_quic_transport_parameters_client_needs(ssl, | ||
| 1936 | SSL_TLSEXT_MSG_CH)) { | ||
| 1937 | FAIL("client should not need QUIC\n"); | ||
| 1938 | goto err; | ||
| 1939 | } | ||
| 1940 | |||
| 1941 | if (!SSL_set_quic_transport_params(ssl, | ||
| 1942 | TEST_QUIC_TRANSPORT_DATA, strlen(TEST_QUIC_TRANSPORT_DATA))) { | ||
| 1943 | FAIL("client failed to set QUIC parametes\n"); | ||
| 1944 | goto err; | ||
| 1945 | } | ||
| 1946 | |||
| 1947 | if (tlsext_quic_transport_parameters_client_needs(ssl, | ||
| 1948 | SSL_TLSEXT_MSG_CH)) { | ||
| 1949 | FAIL("client should not need QUIC\n"); | ||
| 1950 | goto err; | ||
| 1951 | } | ||
| 1952 | |||
| 1953 | ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION; | ||
| 1954 | ssl->s3->hs.negotiated_tls_version = TLS1_3_VERSION; | ||
| 1955 | |||
| 1956 | if (!tlsext_quic_transport_parameters_client_needs(ssl, | ||
| 1957 | SSL_TLSEXT_MSG_CH)) { | ||
| 1958 | FAIL("client should not need QUIC\n"); | ||
| 1959 | goto err; | ||
| 1960 | } | ||
| 1961 | |||
| 1962 | if (!tlsext_quic_transport_parameters_client_build(ssl, | ||
| 1963 | SSL_TLSEXT_MSG_CH, &cbb)) { | ||
| 1964 | FAIL("client failed to build QUIC\n"); | ||
| 1965 | goto err; | ||
| 1966 | } | ||
| 1967 | |||
| 1968 | if (!CBB_finish(&cbb, &data, &dlen)) { | ||
| 1969 | FAIL("failed to finish CBB"); | ||
| 1970 | goto err; | ||
| 1971 | } | ||
| 1972 | |||
| 1973 | if (dlen != sizeof(tlsext_quic_transport_data)) { | ||
| 1974 | FAIL("got client QUIC with length %zu, " | ||
| 1975 | "want length %zu\n", dlen, | ||
| 1976 | sizeof(tlsext_quic_transport_data)); | ||
| 1977 | goto err; | ||
| 1978 | } | ||
| 1979 | |||
| 1980 | if (memcmp(data, tlsext_quic_transport_data, dlen) != 0) { | ||
| 1981 | FAIL("client QUIC differs:\n"); | ||
| 1982 | fprintf(stderr, "received:\n"); | ||
| 1983 | hexdump(data, dlen); | ||
| 1984 | fprintf(stderr, "test data:\n"); | ||
| 1985 | hexdump(tlsext_quic_transport_data, | ||
| 1986 | sizeof(tlsext_quic_transport_data)); | ||
| 1987 | goto err; | ||
| 1988 | } | ||
| 1989 | |||
| 1990 | CBS_init(&cbs, tlsext_quic_transport_data, | ||
| 1991 | sizeof(tlsext_quic_transport_data)); | ||
| 1992 | |||
| 1993 | if (!tlsext_quic_transport_parameters_server_parse(ssl, | ||
| 1994 | SSL_TLSEXT_MSG_SH, &cbs, &alert)) { | ||
| 1995 | FAIL("server_parse of QUIC from server failed\n"); | ||
| 1996 | goto err; | ||
| 1997 | } | ||
| 1998 | if (CBS_len(&cbs) != 0) { | ||
| 1999 | FAIL("extension data remaining\n"); | ||
| 2000 | goto err; | ||
| 2001 | } | ||
| 2002 | |||
| 2003 | SSL_get_peer_quic_transport_params(ssl, &out_bytes, &out_bytes_len); | ||
| 2004 | |||
| 2005 | if (out_bytes_len != strlen(TEST_QUIC_TRANSPORT_DATA)) { | ||
| 2006 | FAIL("server_parse QUIC length differs, got %zu want %zu\n", | ||
| 2007 | out_bytes_len, | ||
| 2008 | sizeof(tlsext_quic_transport_data)); | ||
| 2009 | goto err; | ||
| 2010 | } | ||
| 2011 | |||
| 2012 | if (memcmp(out_bytes, TEST_QUIC_TRANSPORT_DATA, | ||
| 2013 | out_bytes_len) != 0) { | ||
| 2014 | FAIL("server_parse QUIC differs from sent:\n"); | ||
| 2015 | fprintf(stderr, "received:\n"); | ||
| 2016 | hexdump(data, dlen); | ||
| 2017 | fprintf(stderr, "test data:\n"); | ||
| 2018 | hexdump(tlsext_quic_transport_data, | ||
| 2019 | sizeof(tlsext_quic_transport_data)); | ||
| 2020 | goto err; | ||
| 2021 | } | ||
| 2022 | |||
| 2023 | failure = 0; | ||
| 2024 | |||
| 2025 | err: | ||
| 2026 | CBB_cleanup(&cbb); | ||
| 2027 | SSL_CTX_free(ssl_ctx); | ||
| 2028 | SSL_free(ssl); | ||
| 2029 | free(data); | ||
| 2030 | |||
| 2031 | return (failure); | ||
| 2032 | } | ||
| 2033 | |||
| 2034 | static int | ||
| 2035 | test_tlsext_quic_transport_parameters_server(void) | ||
| 2036 | { | ||
| 2037 | unsigned char *data = NULL; | ||
| 2038 | SSL_CTX *ssl_ctx = NULL; | ||
| 2039 | SSL *ssl = NULL; | ||
| 2040 | int failure; | ||
| 2041 | size_t dlen; | ||
| 2042 | int alert; | ||
| 2043 | CBB cbb; | ||
| 2044 | CBS cbs; | ||
| 2045 | const uint8_t *out_bytes; | ||
| 2046 | size_t out_bytes_len; | ||
| 2047 | |||
| 2048 | failure = 1; | ||
| 2049 | |||
| 2050 | CBB_init(&cbb, 0); | ||
| 2051 | |||
| 2052 | if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL) | ||
| 2053 | errx(1, "failed to create SSL_CTX"); | ||
| 2054 | if ((ssl = SSL_new(ssl_ctx)) == NULL) | ||
| 2055 | errx(1, "failed to create SSL"); | ||
| 2056 | |||
| 2057 | if (tlsext_quic_transport_parameters_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { | ||
| 2058 | FAIL("server should not need QUIC\n"); | ||
| 2059 | goto err; | ||
| 2060 | } | ||
| 2061 | |||
| 2062 | if (!SSL_set_quic_transport_params(ssl, | ||
| 2063 | TEST_QUIC_TRANSPORT_DATA, strlen(TEST_QUIC_TRANSPORT_DATA))) { | ||
| 2064 | FAIL("server failed to set QUIC parametes\n"); | ||
| 2065 | goto err; | ||
| 2066 | } | ||
| 2067 | |||
| 2068 | if (!tlsext_quic_transport_parameters_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { | ||
| 2069 | FAIL("server should need QUIC\n"); | ||
| 2070 | goto err; | ||
| 2071 | } | ||
| 2072 | |||
| 2073 | if (!tlsext_quic_transport_parameters_server_build(ssl, | ||
| 2074 | SSL_TLSEXT_MSG_SH, &cbb)) { | ||
| 2075 | FAIL("server failed to build QUIC\n"); | ||
| 2076 | goto err; | ||
| 2077 | } | ||
| 2078 | |||
| 2079 | if (!CBB_finish(&cbb, &data, &dlen)) | ||
| 2080 | errx(1, "failed to finish CBB"); | ||
| 2081 | |||
| 2082 | if (dlen != sizeof(tlsext_quic_transport_data)) { | ||
| 2083 | FAIL("got server QUIC with length %zu, " | ||
| 2084 | "want length %zu\n", dlen, | ||
| 2085 | sizeof(tlsext_quic_transport_data)); | ||
| 2086 | goto err; | ||
| 2087 | } | ||
| 2088 | |||
| 2089 | if (memcmp(data, tlsext_quic_transport_data, dlen) != 0) { | ||
| 2090 | FAIL("saved server QUIC differs:\n"); | ||
| 2091 | fprintf(stderr, "received:\n"); | ||
| 2092 | hexdump(data, dlen); | ||
| 2093 | fprintf(stderr, "test data:\n"); | ||
| 2094 | hexdump(tlsext_quic_transport_data, | ||
| 2095 | sizeof(tlsext_quic_transport_data)); | ||
| 2096 | goto err; | ||
| 2097 | } | ||
| 2098 | |||
| 2099 | CBS_init(&cbs, tlsext_quic_transport_data, | ||
| 2100 | sizeof(tlsext_quic_transport_data)); | ||
| 2101 | |||
| 2102 | if (tlsext_quic_transport_parameters_client_parse(ssl, | ||
| 2103 | SSL_TLSEXT_MSG_SH, &cbs, &alert)) { | ||
| 2104 | FAIL("QUIC parse should have failed!\n"); | ||
| 2105 | goto err; | ||
| 2106 | } | ||
| 2107 | |||
| 2108 | ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION; | ||
| 2109 | ssl->s3->hs.negotiated_tls_version = TLS1_3_VERSION; | ||
| 2110 | |||
| 2111 | if (!tlsext_quic_transport_parameters_client_parse(ssl, | ||
| 2112 | SSL_TLSEXT_MSG_SH, &cbs, &alert)) { | ||
| 2113 | FAIL("client_parse of QUIC from server failed\n"); | ||
| 2114 | goto err; | ||
| 2115 | } | ||
| 2116 | if (CBS_len(&cbs) != 0) { | ||
| 2117 | FAIL("extension data remaining\n"); | ||
| 2118 | goto err; | ||
| 2119 | } | ||
| 2120 | |||
| 2121 | SSL_get_peer_quic_transport_params(ssl, &out_bytes, &out_bytes_len); | ||
| 2122 | |||
| 2123 | if (out_bytes_len != strlen(TEST_QUIC_TRANSPORT_DATA)) { | ||
| 2124 | FAIL("client QUIC length differs, got %zu want %zu\n", | ||
| 2125 | out_bytes_len, | ||
| 2126 | sizeof(tlsext_quic_transport_data)); | ||
| 2127 | goto err; | ||
| 2128 | } | ||
| 2129 | |||
| 2130 | if (memcmp(out_bytes, TEST_QUIC_TRANSPORT_DATA, | ||
| 2131 | out_bytes_len) != 0) { | ||
| 2132 | FAIL("client QUIC differs from sent:\n"); | ||
| 2133 | fprintf(stderr, "received:\n"); | ||
| 2134 | hexdump(data, dlen); | ||
| 2135 | fprintf(stderr, "test data:\n"); | ||
| 2136 | hexdump(tlsext_quic_transport_data, | ||
| 2137 | sizeof(tlsext_quic_transport_data)); | ||
| 2138 | goto err; | ||
| 2139 | } | ||
| 2140 | |||
| 2141 | failure = 0; | ||
| 2142 | |||
| 2143 | err: | ||
| 2144 | CBB_cleanup(&cbb); | ||
| 2145 | SSL_CTX_free(ssl_ctx); | ||
| 2146 | SSL_free(ssl); | ||
| 2147 | free(data); | ||
| 2148 | |||
| 2149 | return (failure); | ||
| 2150 | } | ||
| 2151 | |||
| 1899 | static unsigned char tls_ocsp_client_default[] = { | 2152 | static unsigned char tls_ocsp_client_default[] = { |
| 1900 | 0x01, 0x00, 0x00, 0x00, 0x00 | 2153 | 0x01, 0x00, 0x00, 0x00, 0x00 |
| 1901 | }; | 2154 | }; |
| @@ -3991,5 +4244,8 @@ main(int argc, char **argv) | |||
| 3991 | 4244 | ||
| 3992 | failed |= test_tlsext_valid_hostnames(); | 4245 | failed |= test_tlsext_valid_hostnames(); |
| 3993 | 4246 | ||
| 4247 | failed |= test_tlsext_quic_transport_parameters_client(); | ||
| 4248 | failed |= test_tlsext_quic_transport_parameters_server(); | ||
| 4249 | |||
| 3994 | return (failed); | 4250 | return (failed); |
| 3995 | } | 4251 | } |