MINOR: quic-be: validate the 0-RTT transport parameters

During 0-RTT sessions, some server transport parameters are reused after having
been save from previous sessions. These parameters must not be reduced
when it resends them. The client must check this is the case when some early data
are accepted by the server. This is what is implemented by this patch.

Implement qc_early_tranport_params_validate() which checks the new server parameters
are not reduced.

Also implement qc_ssl_eary_data_accepted() which was not implemented for TLS
stack without 0-RTT support (for instance wolfssl). That said this function
was no more used. This is why the compilation against wolfssl could not fail.

diff --git a/include/haproxy/quic_ssl.h b/include/haproxy/quic_ssl.h
index 3f0c2010c4a2f074ba9cb75bd9533c2e5266c0b4..f22b7c03eea4ea8092dd39e7e1763f283f79c764 100644 (file)
--- a/include/haproxy/quic_ssl.h
+++ b/include/haproxy/quic_ssl.h
@@ -81,7 +81,12 @@ static inline const char *quic_ssl_early_data_status_str(const SSL *ssl)
        }
 #endif
 }
-#else
+#else /* !HAVE_SSL_0RTT_QUIC */
+static inline int qc_ssl_eary_data_accepted(const SSL *ssl)
+{
+       return 0;
+}
+
 static inline const char *quic_ssl_early_data_status_str(const SSL *ssl)
 {
        return "NOT_SUPPORTED";

diff --git a/include/haproxy/quic_tp.h b/include/haproxy/quic_tp.h
index 299de987268e1312977b9a8e9e9dcdc5df414164..ce7ec59ef776a568d625c9eaf6757382785b1846 100644 (file)
--- a/include/haproxy/quic_tp.h
+++ b/include/haproxy/quic_tp.h
@@ -18,7 +18,7 @@ int quic_transport_params_encode(unsigned char *buf,
 
 int quic_transport_params_store(struct quic_conn *conn, int server,
                                 const unsigned char *buf,
-                                const unsigned char *end);
+                                const unsigned char *end, int edata_accepted);
 void qc_early_transport_params_cpy(struct quic_conn *qc,
                                    struct quic_early_transport_params *e,
                                    struct quic_transport_params *p);

diff --git a/src/quic_ssl.c b/src/quic_ssl.c
index bdc5311f6801cc2835ffdda368c2ff3b9055c900..4d7798b86b5e389e719e212e93a2990afe544d5b 100644 (file)
--- a/src/quic_ssl.c
+++ b/src/quic_ssl.c
@@ -309,9 +309,12 @@ write:
                if (qc_is_back(qc)) {
                        const unsigned char *tp;
                        size_t tplen;
+                       int edata_accepted = qc_ssl_eary_data_accepted(ssl);
 
+                       TRACE_PROTO("storing peer transport parameters",
+                                   QUIC_EV_CONN_IO_CB, qc, NULL, NULL, ssl);
                        SSL_get_peer_quic_transport_params(ssl, &tp, &tplen);
-                       if (!tplen || !quic_transport_params_store(qc, 1,tp, tp + tplen)) {
+                       if (!tplen || !quic_transport_params_store(qc, 1,tp, tp + tplen, edata_accepted)) {
                                TRACE_ERROR("Could not parse remote transport paratemers",
                                            QUIC_EV_CONN_RWSEC, qc);
                                goto leave;
@@ -602,8 +605,12 @@ static int ha_quic_ossl_got_transport_params(SSL *ssl, const unsigned char *para
                            QUIC_EV_TRANSP_PARAMS, qc);
                ret = 1;
        }
-       else if (!quic_transport_params_store(qc, qc_is_back(qc), params, params + params_len)) {
-               goto err;
+       else {
+               TRACE_PROTO("storing peer transport parameters",
+                           QUIC_EV_CONN_IO_CB, qc, NULL, NULL, ssl);
+               if (!quic_transport_params_store(qc, qc_is_back(qc), params, params + params_len,
+                                                qc_ssl_eary_data_accepted(ssl)))
+                       goto err;
        }
 
        ret = 1;

diff --git a/src/quic_tp.c b/src/quic_tp.c
index 2e35f2e1f5ad29f9d20b2cea07f05fa1e41fbba0..2c50b12816ff5697e23b0c44b985e182a90c280c 100644 (file)
--- a/src/quic_tp.c
+++ b/src/quic_tp.c
@@ -12,6 +12,10 @@
 
 #define QUIC_MAX_UDP_PAYLOAD_SIZE     2048
 
+static int qc_early_tranport_params_validate(struct quic_conn *qc,
+                                             struct quic_transport_params *p,
+                                             struct quic_early_transport_params *e);
+
 /* This is the values of some QUIC transport parameters when absent.
  * Should be used to initialize any transport parameters (local or remote)
  * before updating them with customized values.
@@ -734,17 +738,25 @@ quic_transport_params_decode(struct quic_transport_params *p, int server,
  *
  * Returns 1 on success, or 0 if parsing is interrupted on a truncated field.
  * Note that if invalid values are used, success is returned by this function
- * but the connection is scheduled for CONNECTION_CLOSE emission.
+ * but the connection is scheduled for CONNECTION_CLOSE emission. This is also
+ * the case when the early transport parameters could not be validated.
  */
 int quic_transport_params_store(struct quic_conn *qc, int server,
                                 const unsigned char *buf,
-                                const unsigned char *end)
+                                const unsigned char *end, int edata_accepted)
 {
        enum quic_tp_dec_err err;
        struct quic_transport_params *tx_params = &qc->tx.params;
        struct quic_transport_params *rx_params = &qc->rx.params;
        /* Initial source connection ID */
        struct tp_cid *iscid;
+       struct quic_early_transport_params etps;
+
+       BUG_ON(edata_accepted && !qc_is_back(qc));
+       if (edata_accepted) {
+               /* Local copy of early transport parameters */
+               qc_early_transport_params_cpy(qc, &etps, tx_params);
+       }
 
        /* initialize peer TPs to RFC default value */
        quic_dflt_transport_params_cpy(tx_params);
@@ -760,6 +772,12 @@ int quic_transport_params_store(struct quic_conn *qc, int server,
                return 0;
        }
 
+       if (edata_accepted && !qc_early_tranport_params_validate(qc, tx_params, &etps)) {
+               TRACE_ERROR("could not validate early transport parameters", QUIC_EV_TRANSP_PARAMS, qc);
+               quic_set_connection_close(qc, quic_err_transport(QC_ERR_PROTOCOL_VIOLATION));
+               return 1;
+       }
+
        if (server && qc->retry_token) {
                if (!tx_params->retry_source_connection_id.len ||
                    (qc->odcid.len != tx_params->retry_source_connection_id.len ||
@@ -896,3 +914,34 @@ void qc_early_transport_params_reuse(struct quic_conn *qc,
        TRACE_PROTO("\nTX(remote) reuse early transp. params.", QUIC_EV_EARLY_TRANSP_PARAMS, qc, e);
        TRACE_PROTO("\nTX(remote) transp. params.", QUIC_EV_TRANSP_PARAMS, qc, p);
 }
+
+static int qc_early_tranport_params_validate(struct quic_conn *qc,
+                                             struct quic_transport_params *p,
+                                             struct quic_early_transport_params *e)
+{
+       /* RFC 9000
+        * 7.4.1. Values of Transport Parameters for 0-RTT
+        * If 0-RTT data is accepted by the server, the server MUST NOT reduce any
+        * limits or alter any values that might be violated by the client with its
+        * 0-RTT data. In particular, a server that accepts 0-RTT data MUST NOT set
+        * values for the following parameters (Section 18.2) that are smaller than
+        * the remembered values of the parameters.
+        * - active_connection_id_limit
+        * - initial_max_data
+        * - initial_max_stream_data_bidi_local
+        * - initial_max_stream_data_bidi_remote
+        * - initial_max_stream_data_uni
+        * - initial_max_streams_bidi
+        * - initial_max_streams_uni
+        */
+       if (e->active_connection_id_limit > p->active_connection_id_limit ||
+           e->initial_max_data > p->initial_max_data ||
+           e->initial_max_stream_data_bidi_local > p->initial_max_stream_data_bidi_local ||
+           e->initial_max_stream_data_bidi_remote > p->initial_max_stream_data_bidi_remote ||
+           e->initial_max_stream_data_uni > p->initial_max_stream_data_uni ||
+           e->initial_max_streams_bidi > p->initial_max_streams_bidi ||
+           e->initial_max_streams_uni > p->initial_max_streams_uni)
+               return 0;
+
+       return 1;
+}

diff --git a/src/ssl_clienthello.c b/src/ssl_clienthello.c
index 1129f0c4ebc4174a6982522e9d161588ad76c219..ffc06b94b2d96380ac1f2eb22e5904646ff13dae 100644 (file)
--- a/src/ssl_clienthello.c
+++ b/src/ssl_clienthello.c
@@ -206,7 +206,7 @@ int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *arg)
                }
 
                if (!quic_transport_params_store(qc, 0, extension_data,
-                                                extension_data + extension_len))
+                                                extension_data + extension_len, 0))
                        goto abort;
 
                qc->flags |= QUIC_FL_CONN_TX_TP_RECEIVED;
@@ -565,7 +565,7 @@ int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *priv)
                }
 
                if (!quic_transport_params_store(qc, 0, extension_data,
-                                                extension_data + extension_len))
+                                                extension_data + extension_len, 0))
                        return SSL_TLSEXT_ERR_NOACK;
 
                qc->flags |= QUIC_FL_CONN_TX_TP_RECEIVED;