[thirdparty/openssl.git] / ssl / quic / quic_impl.c

/*
 * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <openssl/macros.h>
#include <openssl/objects.h>
#include "quic_local.h"

SSL *ossl_quic_new(SSL_CTX *ctx)
{
    QUIC_CONNECTION *qc;
    SSL *ssl = NULL;
    SSL_CONNECTION *sc;

    qc = OPENSSL_zalloc(sizeof(*qc));
    if (qc == NULL)
        goto err;

    ssl = &qc->stream.ssl;
    if (!ossl_ssl_init(ssl, ctx, SSL_TYPE_QUIC_CONNECTION)) {
        OPENSSL_free(qc);
        ssl = NULL;
        goto err;
    }
    qc->tls = ossl_ssl_connection_new(ctx);
    if (qc->tls == NULL || (sc = SSL_CONNECTION_FROM_SSL(qc->tls)) == NULL)
        goto err;
    /* override the user_ssl of the inner connection */
    sc->user_ssl = ssl;

    /* We'll need to set proper TLS method on qc->tls here */
    return ssl;
err:
    ossl_quic_free(ssl);
    return NULL;
}

int ossl_quic_init(SSL *s)
{
    return s->method->ssl_clear(s);
}

void ossl_quic_deinit(SSL *s)
{
    return;
}

void ossl_quic_free(SSL *s)
{
    QUIC_CONNECTION *qc = QUIC_CONNECTION_FROM_SSL(s);

    if (qc == NULL) {
        /* TODO(QUIC): Temporarily needed to release the inner tls object */
        SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);

        if (sc != NULL)
            ossl_ssl_connection_free(s);
        return;
    }

    SSL_free(qc->tls);
    return;
}

int ossl_quic_reset(SSL *s)
{
    QUIC_CONNECTION *qc = QUIC_CONNECTION_FROM_SSL(s);

    if (qc == NULL) {
        /* TODO(QUIC): Temporarily needed to reset the inner tls object */
        SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);

        return sc != NULL ? ossl_ssl_connection_reset(s) : 0;
    }

    return ossl_ssl_connection_reset(qc->tls);
}

int ossl_quic_clear(SSL *s)
{
    return 1;
}

int ossl_quic_accept(SSL *s)
{
    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_QUIC_SSL(s);

    if (sc == NULL)
        return 0;

    ossl_statem_set_in_init(sc, 0);
    return 1;
}

int ossl_quic_connect(SSL *s)
{
    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_QUIC_SSL(s);

    if (sc == NULL)
        return 0;

    ossl_statem_set_in_init(sc, 0);
    return 1;
}

int ossl_quic_read(SSL *s, void *buf, size_t len, size_t *readbytes)
{
    int ret;
    BIO *rbio = SSL_get_rbio(s);
    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_QUIC_SSL(s);

    if (sc == NULL || rbio == NULL)
        return 0;

    sc->rwstate = SSL_READING;
    ret = BIO_read_ex(rbio, buf, len, readbytes);
    if (ret > 0 || !BIO_should_retry(rbio))
        sc->rwstate = SSL_NOTHING;
    return ret <= 0 ? -1 : ret;
}

int ossl_quic_peek(SSL *s, void *buf, size_t len, size_t *readbytes)
{
    return -1;
}

int ossl_quic_write(SSL *s, const void *buf, size_t len, size_t *written)
{
    BIO *wbio = SSL_get_wbio(s);
    int ret;
    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_QUIC_SSL(s);

    if (sc == NULL || wbio == NULL)
        return 0;

    sc->rwstate = SSL_WRITING;
    ret = BIO_write_ex(wbio, buf, len, written);
    if (ret > 0 || !BIO_should_retry(wbio))
        sc->rwstate = SSL_NOTHING;
    return ret;
}

int ossl_quic_shutdown(SSL *s)
{
    return 1;
}

long ossl_quic_ctrl(SSL *s, int cmd, long larg, void *parg)
{
    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_QUIC_SSL(s);

    if (sc == NULL)
        return 0;

    switch(cmd) {
    case SSL_CTRL_CHAIN:
        if (larg)
            return ssl_cert_set1_chain(sc, NULL, (STACK_OF(X509) *)parg);
        else
            return ssl_cert_set0_chain(sc, NULL, (STACK_OF(X509) *)parg);
    }
    return 0;
}

long ossl_quic_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
{
    switch(cmd) {
    case SSL_CTRL_CHAIN:
        if (larg)
            return ssl_cert_set1_chain(NULL, ctx, (STACK_OF(X509) *)parg);
        else
            return ssl_cert_set0_chain(NULL, ctx, (STACK_OF(X509) *)parg);

    case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
    case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
        /* TODO(QUIC): these will have to be implemented properly */
        return 1;
    }
    return 0;
}

long ossl_quic_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
{
    return 0;
}

long ossl_quic_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
{
    return 0;
}

size_t ossl_quic_pending(const SSL *s)
{
    return 0;
}

OSSL_TIME ossl_quic_default_timeout(void)
{
    return ossl_time_zero();
}

int ossl_quic_num_ciphers(void)
{
    return 1;
}

const SSL_CIPHER *ossl_quic_get_cipher(unsigned int u)
{
    /*
     * TODO(QUIC): This is needed so the SSL_CTX_set_cipher_list("DEFAULT");
     * produces at least one valid TLS-1.2 cipher.
     * Later we should allow that there are none with QUIC protocol as
     * SSL_CTX_set_cipher_list should still allow setting a SECLEVEL.
     */
    static const SSL_CIPHER ciph = {
        1,
        TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
        TLS1_RFC_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
        TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
        SSL_kECDHE,
        SSL_aRSA,
        SSL_AES256GCM,
        SSL_AEAD,
        TLS1_2_VERSION, TLS1_2_VERSION,
        DTLS1_2_VERSION, DTLS1_2_VERSION,
        SSL_HIGH | SSL_FIPS,
        SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
        256,
        256
    };

    return &ciph;
}

int ossl_quic_renegotiate_check(SSL *ssl, int initok)
{
    return 1;
}

QUIC_CONNECTION *ossl_quic_conn_from_ssl(SSL *ssl)
{
    return QUIC_CONNECTION_FROM_SSL(ssl);
}

/*
 * The following are getters and setters of pointers, but they don't affect
 * the objects being pointed at.  They are CURRENTLY to be freed separately
 * by the caller the set them in the first place.
 */
int ossl_quic_conn_set_qrx(QUIC_CONNECTION *qc, OSSL_QRX *qrx)
{
    if (qc == NULL)
        return 0;
    qc->qrx = qrx;
    return 1;
}

OSSL_QRX *ossl_quic_conn_get_qrx(QUIC_CONNECTION *qc)
{
    return qc != NULL ? qc->qrx : NULL;
}

int ossl_quic_conn_set_ackm(QUIC_CONNECTION *qc, OSSL_ACKM *ackm)
{
    if (qc == NULL)
        return 0;
    qc->ackm = ackm;
    return 1;
}

OSSL_ACKM *ossl_quic_conn_set_akcm(QUIC_CONNECTION *qc)
{
    return qc != NULL ? qc->ackm : NULL;
}
Commit	Line	Data
99e1cc7b TM	1	/*
	2	* Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
	3	*
	4	* Licensed under the Apache License 2.0 (the "License"). You may not use
	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
	8	*/
	9
	10	#include <openssl/macros.h>
	11	#include <openssl/objects.h>
	12	#include "quic_local.h"
	13
38b051a1 TM	14	SSL ossl_quic_new(SSL_CTX ctx)
	15	{
	16	QUIC_CONNECTION *qc;
	17	SSL *ssl = NULL;
	18	SSL_CONNECTION *sc;
	19
	20	qc = OPENSSL_zalloc(sizeof(*qc));
	21	if (qc == NULL)
	22	goto err;
	23
a17c713a	24	ssl = &qc->stream.ssl;
38b051a1 TM	25	if (!ossl_ssl_init(ssl, ctx, SSL_TYPE_QUIC_CONNECTION)) {
	26	OPENSSL_free(qc);
	27	ssl = NULL;
	28	goto err;
	29	}
	30	qc->tls = ossl_ssl_connection_new(ctx);
	31	if (qc->tls == NULL \|\| (sc = SSL_CONNECTION_FROM_SSL(qc->tls)) == NULL)
	32	goto err;
	33	/* override the user_ssl of the inner connection */
	34	sc->user_ssl = ssl;
	35
	36	/* We'll need to set proper TLS method on qc->tls here */
	37	return ssl;
	38	err:
	39	ossl_quic_free(ssl);
	40	return NULL;
	41	}
	42
	43	int ossl_quic_init(SSL *s)
99e1cc7b TM	44	{
	45	return s->method->ssl_clear(s);
	46	}
	47
38b051a1 TM	48	void ossl_quic_deinit(SSL *s)
	49	{
	50	return;
	51	}
	52
99e1cc7b TM	53	void ossl_quic_free(SSL *s)
99e1cc7b TM	54	{
38b051a1 TM	55	QUIC_CONNECTION *qc = QUIC_CONNECTION_FROM_SSL(s);
	56
	57	if (qc == NULL) {
a17c713a	58	/* TODO(QUIC): Temporarily needed to release the inner tls object */
38b051a1 TM	59	SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
	60
	61	if (sc != NULL)
	62	ossl_ssl_connection_free(s);
	63	return;
	64	}
	65
	66	SSL_free(qc->tls);
99e1cc7b TM	67	return;
	68	}
	69
38b051a1 TM	70	int ossl_quic_reset(SSL *s)
	71	{
	72	QUIC_CONNECTION *qc = QUIC_CONNECTION_FROM_SSL(s);
	73
	74	if (qc == NULL) {
a17c713a	75	/* TODO(QUIC): Temporarily needed to reset the inner tls object */
38b051a1 TM	76	SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
	77
	78	return sc != NULL ? ossl_ssl_connection_reset(s) : 0;
	79	}
	80
	81	return ossl_ssl_connection_reset(qc->tls);
	82	}
	83
99e1cc7b TM	84	int ossl_quic_clear(SSL *s)
	85	{
	86	return 1;
	87	}
	88
e44795bd	89	int ossl_quic_accept(SSL *s)
99e1cc7b	90	{
38b051a1 TM	91	SSL_CONNECTION *sc = SSL_CONNECTION_FROM_QUIC_SSL(s);
	92
	93	if (sc == NULL)
	94	return 0;
	95
bfc0f10d	96	ossl_statem_set_in_init(sc, 0);
99e1cc7b TM	97	return 1;
	98	}
	99
e44795bd	100	int ossl_quic_connect(SSL *s)
99e1cc7b	101	{
38b051a1 TM	102	SSL_CONNECTION *sc = SSL_CONNECTION_FROM_QUIC_SSL(s);
	103
	104	if (sc == NULL)
	105	return 0;
	106
bfc0f10d	107	ossl_statem_set_in_init(sc, 0);
99e1cc7b TM	108	return 1;
	109	}
	110
e44795bd	111	int ossl_quic_read(SSL s, void buf, size_t len, size_t *readbytes)
99e1cc7b	112	{
08e49012	113	int ret;
e44795bd	114	BIO *rbio = SSL_get_rbio(s);
38b051a1	115	SSL_CONNECTION *sc = SSL_CONNECTION_FROM_QUIC_SSL(s);
e44795bd	116
38b051a1	117	if (sc == NULL \|\| rbio == NULL)
e44795bd TM	118	return 0;
e44795bd TM	119
38b051a1	120	sc->rwstate = SSL_READING;
08e49012 TM	121	ret = BIO_read_ex(rbio, buf, len, readbytes);
08e49012 TM	122	if (ret > 0 \|\| !BIO_should_retry(rbio))
38b051a1	123	sc->rwstate = SSL_NOTHING;
08e49012	124	return ret <= 0 ? -1 : ret;
99e1cc7b TM	125	}
99e1cc7b TM	126
e44795bd	127	int ossl_quic_peek(SSL s, void buf, size_t len, size_t *readbytes)
99e1cc7b	128	{
08e49012	129	return -1;
99e1cc7b TM	130	}
99e1cc7b TM	131
e44795bd	132	int ossl_quic_write(SSL s, const void buf, size_t len, size_t *written)
99e1cc7b	133	{
e44795bd	134	BIO *wbio = SSL_get_wbio(s);
08e49012	135	int ret;
38b051a1	136	SSL_CONNECTION *sc = SSL_CONNECTION_FROM_QUIC_SSL(s);
e44795bd	137
38b051a1	138	if (sc == NULL \|\| wbio == NULL)
e44795bd TM	139	return 0;
e44795bd TM	140
38b051a1	141	sc->rwstate = SSL_WRITING;
08e49012 TM	142	ret = BIO_write_ex(wbio, buf, len, written);
08e49012 TM	143	if (ret > 0 \|\| !BIO_should_retry(wbio))
38b051a1	144	sc->rwstate = SSL_NOTHING;
08e49012	145	return ret;
99e1cc7b TM	146	}
99e1cc7b TM	147
e44795bd	148	int ossl_quic_shutdown(SSL *s)
99e1cc7b TM	149	{
	150	return 1;
	151	}
	152
e44795bd	153	long ossl_quic_ctrl(SSL s, int cmd, long larg, void parg)
99e1cc7b	154	{
38b051a1 TM	155	SSL_CONNECTION *sc = SSL_CONNECTION_FROM_QUIC_SSL(s);
	156
	157	if (sc == NULL)
	158	return 0;
	159
08e49012 TM	160	switch(cmd) {
	161	case SSL_CTRL_CHAIN:
	162	if (larg)
38b051a1	163	return ssl_cert_set1_chain(sc, NULL, (STACK_OF(X509) *)parg);
08e49012	164	else
38b051a1	165	return ssl_cert_set0_chain(sc, NULL, (STACK_OF(X509) *)parg);
08e49012	166	}
99e1cc7b TM	167	return 0;
	168	}
	169
08e49012	170	long ossl_quic_ctx_ctrl(SSL_CTX ctx, int cmd, long larg, void parg)
99e1cc7b	171	{
08e49012 TM	172	switch(cmd) {
	173	case SSL_CTRL_CHAIN:
	174	if (larg)
	175	return ssl_cert_set1_chain(NULL, ctx, (STACK_OF(X509) *)parg);
	176	else
	177	return ssl_cert_set0_chain(NULL, ctx, (STACK_OF(X509) *)parg);
	178
	179	case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
	180	case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
	181	/* TODO(QUIC): these will have to be implemented properly */
	182	return 1;
	183	}
99e1cc7b TM	184	return 0;
	185	}
	186
e44795bd	187	long ossl_quic_callback_ctrl(SSL s, int cmd, void (fp) (void))
99e1cc7b TM	188	{
	189	return 0;
	190	}
	191
08e49012	192	long ossl_quic_ctx_callback_ctrl(SSL_CTX ctx, int cmd, void (fp) (void))
99e1cc7b TM	193	{
	194	return 0;
	195	}
	196
e44795bd	197	size_t ossl_quic_pending(const SSL *s)
99e1cc7b TM	198	{
	199	return 0;
	200	}
e44795bd	201
f0131dc0	202	OSSL_TIME ossl_quic_default_timeout(void)
e44795bd	203	{
f0131dc0	204	return ossl_time_zero();
e44795bd TM	205	}
	206
	207	int ossl_quic_num_ciphers(void)
	208	{
	209	return 1;
	210	}
	211
	212	const SSL_CIPHER *ossl_quic_get_cipher(unsigned int u)
	213	{
08e49012 TM	214	/*
	215	* TODO(QUIC): This is needed so the SSL_CTX_set_cipher_list("DEFAULT");
	216	* produces at least one valid TLS-1.2 cipher.
	217	* Later we should allow that there are none with QUIC protocol as
	218	* SSL_CTX_set_cipher_list should still allow setting a SECLEVEL.
	219	*/
	220	static const SSL_CIPHER ciph = {
	221	1,
	222	TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
	223	TLS1_RFC_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
	224	TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
	225	SSL_kECDHE,
	226	SSL_aRSA,
	227	SSL_AES256GCM,
	228	SSL_AEAD,
	229	TLS1_2_VERSION, TLS1_2_VERSION,
	230	DTLS1_2_VERSION, DTLS1_2_VERSION,
	231	SSL_HIGH \| SSL_FIPS,
	232	SSL_HANDSHAKE_MAC_SHA384 \| TLS1_PRF_SHA384,
	233	256,
	234	256
	235	};
e44795bd TM	236
	237	return &ciph;
	238	}
	239
	240	int ossl_quic_renegotiate_check(SSL *ssl, int initok)
	241	{
	242	return 1;
	243	}
d5ab48a1 RL	244
	245	QUIC_CONNECTION ossl_quic_conn_from_ssl(SSL ssl)
	246	{
	247	return QUIC_CONNECTION_FROM_SSL(ssl);
	248	}
	249
	250	/*
	251	* The following are getters and setters of pointers, but they don't affect
	252	* the objects being pointed at. They are CURRENTLY to be freed separately
	253	* by the caller the set them in the first place.
	254	*/
	255	int ossl_quic_conn_set_qrx(QUIC_CONNECTION qc, OSSL_QRX qrx)
	256	{
	257	if (qc == NULL)
	258	return 0;
	259	qc->qrx = qrx;
	260	return 1;
	261	}
	262
	263	OSSL_QRX ossl_quic_conn_get_qrx(QUIC_CONNECTION qc)
	264	{
	265	return qc != NULL ? qc->qrx : NULL;
	266	}
	267
	268	int ossl_quic_conn_set_ackm(QUIC_CONNECTION qc, OSSL_ACKM ackm)
	269	{
	270	if (qc == NULL)
	271	return 0;
	272	qc->ackm = ackm;
	273	return 1;
	274	}
	275
	276	OSSL_ACKM ossl_quic_conn_set_akcm(QUIC_CONNECTION qc)
	277	{
	278	return qc != NULL ? qc->ackm : NULL;
	279	}