pdns/dnsdistdist/doq-common.cc

   1 /*
   2  * This file is part of PowerDNS or dnsdist.
   3  * Copyright -- PowerDNS.COM B.V. and its contributors
   4  *
   5  * This program is free software; you can redistribute it and/or modify
   6  * it under the terms of version 2 of the GNU General Public License as
   7  * published by the Free Software Foundation.
   8  *
   9  * In addition, for the avoidance of any doubt, permission is granted to
  10  * link this program with OpenSSL and to (re)distribute the binaries
  11  * produced as the result of such linking.
  12  *
  13  * This program is distributed in the hope that it will be useful,
  14  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16  * GNU General Public License for more details.
  17  *
  18  * You should have received a copy of the GNU General Public License
  19  * along with this program; if not, write to the Free Software
  20  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  21  */
  22
  23 #include "doq-common.hh"
  24 #include "dnsdist-random.hh"
  25 #include "libssl.hh"
  26
  27 #ifdef HAVE_DNS_OVER_QUIC
  28
  29 #if 0
  30 #define DEBUGLOG_ENABLED
  31 #define DEBUGLOG(x) std::cerr << x << std::endl;
  32 #else
  33 #define DEBUGLOG(x)
  34 #endif
  35
  36 namespace dnsdist::doq
  37 {
  38
  39 static const std::string s_quicRetryTokenKey = dnsdist::crypto::authenticated::newKey(false);
  40
  41 PacketBuffer mintToken(const PacketBuffer& dcid, const ComboAddress& peer)
  42 {
  43   try {
  44     dnsdist::crypto::authenticated::Nonce nonce;
  45     nonce.init();
  46
  47     const auto addrBytes = peer.toByteString();
  48     // this token will be valid for 60s
  49     const uint64_t ttd = time(nullptr) + 60U;
  50     PacketBuffer plainTextToken;
  51     plainTextToken.reserve(sizeof(ttd) + addrBytes.size() + dcid.size());
  52     // NOLINTNEXTLINE(cppcoreguidelines-pro-type-reinterpret-cast,cppcoreguidelines-pro-bounds-pointer-arithmetic)
  53     plainTextToken.insert(plainTextToken.end(), reinterpret_cast<const uint8_t*>(&ttd), reinterpret_cast<const uint8_t*>(&ttd) + sizeof(ttd));
  54     plainTextToken.insert(plainTextToken.end(), addrBytes.begin(), addrBytes.end());
  55     plainTextToken.insert(plainTextToken.end(), dcid.begin(), dcid.end());
  56     //  NOLINTNEXTLINE(cppcoreguidelines-pro-type-reinterpret-cast)
  57     const auto encryptedToken = dnsdist::crypto::authenticated::encryptSym(std::string_view(reinterpret_cast<const char*>(plainTextToken.data()), plainTextToken.size()), s_quicRetryTokenKey, nonce, false);
  58     // a bit sad, let's see if we can do better later
  59     PacketBuffer encryptedTokenPacket;
  60     encryptedTokenPacket.reserve(encryptedToken.size() + nonce.value.size());
  61     encryptedTokenPacket.insert(encryptedTokenPacket.begin(), encryptedToken.begin(), encryptedToken.end());
  62     encryptedTokenPacket.insert(encryptedTokenPacket.begin(), nonce.value.begin(), nonce.value.end());
  63     return encryptedTokenPacket;
  64   }
  65   catch (const std::exception& exp) {
  66     vinfolog("Error while minting DoH3 token: %s", exp.what());
  67     throw;
  68   }
  69 }
  70
  71 void fillRandom(PacketBuffer& buffer, size_t size)
  72 {
  73   buffer.reserve(size);
  74   while (size > 0) {
  75     buffer.insert(buffer.end(), dnsdist::getRandomValue(std::numeric_limits<uint8_t>::max()));
  76     --size;
  77   }
  78 }
  79
  80 std::optional<PacketBuffer> getCID()
  81 {
  82   PacketBuffer buffer;
  83
  84   fillRandom(buffer, LOCAL_CONN_ID_LEN);
  85
  86   return buffer;
  87 }
  88
  89 // returns the original destination ID if the token is valid, nothing otherwise
  90 std::optional<PacketBuffer> validateToken(const PacketBuffer& token, const ComboAddress& peer)
  91 {
  92   try {
  93     dnsdist::crypto::authenticated::Nonce nonce;
  94     auto addrBytes = peer.toByteString();
  95     const uint64_t now = time(nullptr);
  96     const auto minimumSize = nonce.value.size() + sizeof(now) + addrBytes.size();
  97     if (token.size() <= minimumSize) {
  98       return std::nullopt;
  99     }
 100
 101     memcpy(nonce.value.data(), token.data(), nonce.value.size());
 102
 103     // NOLINTNEXTLINE(cppcoreguidelines-pro-type-reinterpret-cast)
 104     auto cipher = std::string_view(reinterpret_cast<const char*>(&token.at(nonce.value.size())), token.size() - nonce.value.size());
 105     auto plainText = dnsdist::crypto::authenticated::decryptSym(cipher, s_quicRetryTokenKey, nonce, false);
 106
 107     if (plainText.size() <= sizeof(now) + addrBytes.size()) {
 108       return std::nullopt;
 109     }
 110
 111     uint64_t ttd{0};
 112     memcpy(&ttd, plainText.data(), sizeof(ttd));
 113     if (ttd < now) {
 114       return std::nullopt;
 115     }
 116
 117     if (std::memcmp(&plainText.at(sizeof(ttd)), &*addrBytes.begin(), addrBytes.size()) != 0) {
 118       return std::nullopt;
 119     }
 120     // NOLINTNEXTLINE(bugprone-narrowing-conversions,cppcoreguidelines-narrowing-conversions)
 121     return PacketBuffer(plainText.begin() + (sizeof(ttd) + addrBytes.size()), plainText.end());
 122   }
 123   catch (const std::exception& exp) {
 124     vinfolog("Error while validating DoH3 token: %s", exp.what());
 125     return std::nullopt;
 126   }
 127 }
 128
 129 void handleStatelessRetry(Socket& sock, const PacketBuffer& clientConnID, const PacketBuffer& serverConnID, const ComboAddress& peer, uint32_t version, PacketBuffer& buffer)
 130 {
 131   auto newServerConnID = getCID();
 132   if (!newServerConnID) {
 133     return;
 134   }
 135
 136   auto token = mintToken(serverConnID, peer);
 137
 138   buffer.resize(MAX_DATAGRAM_SIZE);
 139   auto written = quiche_retry(clientConnID.data(), clientConnID.size(),
 140                               serverConnID.data(), serverConnID.size(),
 141                               newServerConnID->data(), newServerConnID->size(),
 142                               token.data(), token.size(),
 143                               version,
 144                               buffer.data(), buffer.size());
 145
 146   if (written < 0) {
 147     DEBUGLOG("failed to create retry packet " << written);
 148     return;
 149   }
 150
 151   // NOLINTNEXTLINE(cppcoreguidelines-pro-type-reinterpret-cast)
 152   sock.sendTo(reinterpret_cast<const char*>(buffer.data()), static_cast<size_t>(written), peer);
 153 }
 154
 155 void handleVersionNegociation(Socket& sock, const PacketBuffer& clientConnID, const PacketBuffer& serverConnID, const ComboAddress& peer, PacketBuffer& buffer)
 156 {
 157   buffer.resize(MAX_DATAGRAM_SIZE);
 158
 159   auto written = quiche_negotiate_version(clientConnID.data(), clientConnID.size(),
 160                                           serverConnID.data(), serverConnID.size(),
 161                                           buffer.data(), buffer.size());
 162
 163   if (written < 0) {
 164     DEBUGLOG("failed to create vneg packet " << written);
 165     return;
 166   }
 167   // NOLINTNEXTLINE(cppcoreguidelines-pro-type-reinterpret-cast)
 168   sock.sendTo(reinterpret_cast<const char*>(buffer.data()), static_cast<size_t>(written), peer);
 169 }
 170
 171 void flushEgress(Socket& sock, QuicheConnection& conn, const ComboAddress& peer, PacketBuffer& buffer)
 172 {
 173   buffer.resize(MAX_DATAGRAM_SIZE);
 174   quiche_send_info send_info;
 175
 176   while (true) {
 177     auto written = quiche_conn_send(conn.get(), buffer.data(), buffer.size(), &send_info);
 178     if (written == QUICHE_ERR_DONE) {
 179       return;
 180     }
 181
 182     if (written < 0) {
 183       return;
 184     }
 185     // FIXME pacing (as send_info.at should tell us when to send the packet) ?
 186     // NOLINTNEXTLINE(cppcoreguidelines-pro-type-reinterpret-cast)
 187     sock.sendTo(reinterpret_cast<const char*>(buffer.data()), static_cast<size_t>(written), peer);
 188   }
 189 }
 190
 191 void configureQuiche(QuicheConfig& config, const QuicheParams& params, bool isHTTP)
 192 {
 193   for (const auto& pair : params.d_tlsConfig.d_certKeyPairs) {
 194     auto res = quiche_config_load_cert_chain_from_pem_file(config.get(), pair.d_cert.c_str());
 195     if (res != 0) {
 196       throw std::runtime_error("Error loading the server certificate: " + std::to_string(res));
 197     }
 198     if (pair.d_key) {
 199       res = quiche_config_load_priv_key_from_pem_file(config.get(), pair.d_key->c_str());
 200       if (res != 0) {
 201         throw std::runtime_error("Error loading the server key: " + std::to_string(res));
 202       }
 203     }
 204   }
 205
 206   {
 207     auto res = quiche_config_set_application_protos(config.get(),
 208                                                     // NOLINTNEXTLINE(cppcoreguidelines-pro-type-reinterpret-cast)
 209                                                     reinterpret_cast<const uint8_t*>(params.d_alpn.data()),
 210                                                     params.d_alpn.size());
 211     if (res != 0) {
 212       throw std::runtime_error("Error setting ALPN: " + std::to_string(res));
 213     }
 214   }
 215
 216   quiche_config_set_max_idle_timeout(config.get(), params.d_idleTimeout * 1000);
 217   /* maximum size of an outgoing packet, which means the buffer we pass to quiche_conn_send() should be at least that big */
 218   quiche_config_set_max_send_udp_payload_size(config.get(), MAX_DATAGRAM_SIZE);
 219   quiche_config_set_max_recv_udp_payload_size(config.get(), MAX_DATAGRAM_SIZE);
 220
 221   // The number of concurrent remotely-initiated bidirectional streams to be open at any given time
 222   // https://docs.rs/quiche/latest/quiche/struct.Config.html#method.set_initial_max_streams_bidi
 223   // 0 means none will get accepted, that's why we have a default value of 65535
 224   quiche_config_set_initial_max_streams_bidi(config.get(), params.d_maxInFlight);
 225
 226   // The number of bytes of incoming stream data to be buffered for each localy or remotely-initiated bidirectional stream
 227   quiche_config_set_initial_max_stream_data_bidi_local(config.get(), 8192);
 228   quiche_config_set_initial_max_stream_data_bidi_remote(config.get(), 8192);
 229
 230   if (isHTTP) {
 231     /* see rfc9114 section 6.2. Unidirectional Streams:
 232        Each endpoint needs to create at least one unidirectional stream for the HTTP control stream.
 233        QPACK requires two additional unidirectional streams, and other extensions might require further streams.
 234        Therefore, the transport parameters sent by both clients and servers MUST allow the peer to create at least three
 235        unidirectional streams.
 236        These transport parameters SHOULD also provide at least 1,024 bytes of flow-control credit to each unidirectional stream.
 237     */
 238     quiche_config_set_initial_max_streams_uni(config.get(), 3U);
 239     quiche_config_set_initial_max_stream_data_uni(config.get(), 1024U);
 240   }
 241
 242   // The number of total bytes of incoming stream data to be buffered for the whole connection
 243   // https://docs.rs/quiche/latest/quiche/struct.Config.html#method.set_initial_max_data
 244   quiche_config_set_initial_max_data(config.get(), 8192 * params.d_maxInFlight);
 245   if (!params.d_keyLogFile.empty()) {
 246     quiche_config_log_keys(config.get());
 247   }
 248
 249   auto algo = dnsdist::doq::s_available_cc_algorithms.find(params.d_ccAlgo);
 250   if (algo != dnsdist::doq::s_available_cc_algorithms.end()) {
 251     quiche_config_set_cc_algorithm(config.get(), static_cast<enum quiche_cc_algorithm>(algo->second));
 252   }
 253
 254   {
 255     PacketBuffer resetToken;
 256     fillRandom(resetToken, 16);
 257     quiche_config_set_stateless_reset_token(config.get(), resetToken.data());
 258   }
 259 }
 260
 261 };
 262
 263 #endif