MINOR: quic-be: validate the 0-RTT transport parameters

During 0-RTT sessions, some server transport parameters are reused after having
been save from previous sessions. These parameters must not be reduced
when it resends them. The client must check this is the case when some early data
are accepted by the server. This is what is implemented by this patch.

Implement qc_early_tranport_params_validate() which checks the new server parameters
are not reduced.

Also implement qc_ssl_eary_data_accepted() which was not implemented for TLS
stack without 0-RTT support (for instance wolfssl). That said this function
was no more used. This is why the compilation against wolfssl could not fail.

diff --git a/include/haproxy/quic_ssl.h b/include/haproxy/quic_ssl.h
index d19020213e6e1fa8a666f221cfec763b41ca6137..9d0bdd86a453e57177e27491dfeab95b2e2fd328 100644 (file)
--- a/include/haproxy/quic_ssl.h
+++ b/include/haproxy/quic_ssl.h
@@ -80,7 +80,12 @@ static inline const char *quic_ssl_early_data_status_str(const SSL *ssl)
        }
 #endif
 }
-#else
+#else /* !HAVE_SSL_0RTT_QUIC */
+static inline int qc_ssl_eary_data_accepted(const SSL *ssl)
+{
+       return 0;
+}
+
 static inline const char *quic_ssl_early_data_status_str(const SSL *ssl)
 {
        return "NOT_SUPPORTED";

diff --git a/include/haproxy/quic_tp.h b/include/haproxy/quic_tp.h
index 299de987268e1312977b9a8e9e9dcdc5df414164..ce7ec59ef776a568d625c9eaf6757382785b1846 100644 (file)
--- a/include/haproxy/quic_tp.h
+++ b/include/haproxy/quic_tp.h
@@ -18,7 +18,7 @@ int quic_transport_params_encode(unsigned char *buf,
 
 int quic_transport_params_store(struct quic_conn *conn, int server,
                                 const unsigned char *buf,
-                                const unsigned char *end);
+                                const unsigned char *end, int edata_accepted);
 void qc_early_transport_params_cpy(struct quic_conn *qc,
                                    struct quic_early_transport_params *e,
                                    struct quic_transport_params *p);

diff --git a/src/quic_ssl.c b/src/quic_ssl.c
index 5fd336bfc390b329783274add039eb66d32da000..461c97dbbf0c8200369d135b4df2372f7184f0a0 100644 (file)
--- a/src/quic_ssl.c
+++ b/src/quic_ssl.c
@@ -308,9 +308,12 @@ write:
                if (objt_server(qc->target)) {
                        const unsigned char *tp;
                        size_t tplen;
+                       int edata_accepted = qc_ssl_eary_data_accepted(ssl);
 
+                       TRACE_PROTO("storing peer transport parameters",
+                                   QUIC_EV_CONN_IO_CB, qc, NULL, NULL, ssl);
                        SSL_get_peer_quic_transport_params(ssl, &tp, &tplen);
-                       if (!tplen || !quic_transport_params_store(qc, 1,tp, tp + tplen)) {
+                       if (!tplen || !quic_transport_params_store(qc, 1,tp, tp + tplen, edata_accepted)) {
                                TRACE_ERROR("Could not parse remote transport paratemers",
                                            QUIC_EV_CONN_RWSEC, qc);
                                goto leave;
@@ -602,8 +605,12 @@ static int ha_quic_ossl_got_transport_params(SSL *ssl, const unsigned char *para
                            QUIC_EV_TRANSP_PARAMS, qc);
                ret = 1;
        }
-       else if (!quic_transport_params_store(qc, !l, params, params + params_len)) {
-               goto err;
+       else {
+               TRACE_PROTO("storing peer transport parameters",
+                           QUIC_EV_CONN_IO_CB, qc, NULL, NULL, ssl);
+               if (!quic_transport_params_store(qc, !l, params, params + params_len,
+                                                qc_ssl_eary_data_accepted(ssl)))
+                       goto err;
        }
 
        ret = 1;

diff --git a/src/quic_tp.c b/src/quic_tp.c
index 92dd57436e6a3f73c9a333686290b2ca1092af9d..66e83e99883bd94bf856171823b0656392567775 100644 (file)
--- a/src/quic_tp.c
+++ b/src/quic_tp.c
@@ -12,6 +12,10 @@
 
 #define QUIC_MAX_UDP_PAYLOAD_SIZE     2048
 
+static int qc_early_tranport_params_validate(struct quic_conn *qc,
+                                             struct quic_transport_params *p,
+                                             struct quic_early_transport_params *e);
+
 /* This is the values of some QUIC transport parameters when absent.
  * Should be used to initialize any transport parameters (local or remote)
  * before updating them with customized values.
@@ -733,17 +737,25 @@ quic_transport_params_decode(struct quic_transport_params *p, int server,
  *
  * Returns 1 on success, or 0 if parsing is interrupted on a truncated field.
  * Note that if invalid values are used, success is returned by this function
- * but the connection is scheduled for CONNECTION_CLOSE emission.
+ * but the connection is scheduled for CONNECTION_CLOSE emission. This is also
+ * the case when the early transport parameters could not be validated.
  */
 int quic_transport_params_store(struct quic_conn *qc, int server,
                                 const unsigned char *buf,
-                                const unsigned char *end)
+                                const unsigned char *end, int edata_accepted)
 {
        enum quic_tp_dec_err err;
        struct quic_transport_params *tx_params = &qc->tx.params;
        struct quic_transport_params *rx_params = &qc->rx.params;
        /* Initial source connection ID */
        struct tp_cid *iscid;
+       struct quic_early_transport_params etps;
+
+       BUG_ON(edata_accepted && objt_listener(qc->target));
+       if (edata_accepted) {
+               /* Local copy of early transport parameters */
+               qc_early_transport_params_cpy(qc, &etps, tx_params);
+       }
 
        /* initialize peer TPs to RFC default value */
        quic_dflt_transport_params_cpy(tx_params);
@@ -759,6 +771,12 @@ int quic_transport_params_store(struct quic_conn *qc, int server,
                return 0;
        }
 
+       if (edata_accepted && !qc_early_tranport_params_validate(qc, tx_params, &etps)) {
+               TRACE_ERROR("could not validate early transport parameters", QUIC_EV_TRANSP_PARAMS, qc);
+               quic_set_connection_close(qc, quic_err_transport(QC_ERR_PROTOCOL_VIOLATION));
+               return 1;
+       }
+
        if (server && qc->retry_token) {
                if (!tx_params->retry_source_connection_id.len ||
                    (qc->odcid.len != tx_params->retry_source_connection_id.len ||
@@ -895,3 +913,34 @@ void qc_early_transport_params_reuse(struct quic_conn *qc,
        TRACE_PROTO("\nTX(remote) reuse early transp. params.", QUIC_EV_EARLY_TRANSP_PARAMS, qc, e);
        TRACE_PROTO("\nTX(remote) transp. params.", QUIC_EV_TRANSP_PARAMS, qc, p);
 }
+
+static int qc_early_tranport_params_validate(struct quic_conn *qc,
+                                             struct quic_transport_params *p,
+                                             struct quic_early_transport_params *e)
+{
+       /* RFC 9000
+        * 7.4.1. Values of Transport Parameters for 0-RTT
+        * If 0-RTT data is accepted by the server, the server MUST NOT reduce any
+        * limits or alter any values that might be violated by the client with its
+        * 0-RTT data. In particular, a server that accepts 0-RTT data MUST NOT set
+        * values for the following parameters (Section 18.2) that are smaller than
+        * the remembered values of the parameters.
+        * - active_connection_id_limit
+        * - initial_max_data
+        * - initial_max_stream_data_bidi_local
+        * - initial_max_stream_data_bidi_remote
+        * - initial_max_stream_data_uni
+        * - initial_max_streams_bidi
+        * - initial_max_streams_uni
+        */
+       if (e->active_connection_id_limit > p->active_connection_id_limit ||
+           e->initial_max_data > p->initial_max_data ||
+           e->initial_max_stream_data_bidi_local > p->initial_max_stream_data_bidi_local ||
+           e->initial_max_stream_data_bidi_remote > p->initial_max_stream_data_bidi_remote ||
+           e->initial_max_stream_data_uni > p->initial_max_stream_data_uni ||
+           e->initial_max_streams_bidi > p->initial_max_streams_bidi ||
+           e->initial_max_streams_uni > p->initial_max_streams_uni)
+               return 0;
+
+       return 1;
+}

diff --git a/src/ssl_clienthello.c b/src/ssl_clienthello.c
index 2befabd73b5ce7e104dcbedf062ed1797a909cd8..0b993ee2c5ea4aa73917690f36486c1f66abf7e4 100644 (file)
--- a/src/ssl_clienthello.c
+++ b/src/ssl_clienthello.c
@@ -206,7 +206,7 @@ int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *arg)
                }
 
                if (!quic_transport_params_store(qc, 0, extension_data,
-                                                extension_data + extension_len))
+                                                extension_data + extension_len, 0))
                        goto abort;
 
                qc->flags |= QUIC_FL_CONN_TX_TP_RECEIVED;
@@ -565,7 +565,7 @@ int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *priv)
                }
 
                if (!quic_transport_params_store(qc, 0, extension_data,
-                                                extension_data + extension_len))
+                                                extension_data + extension_len, 0))
                        return SSL_TLSEXT_ERR_NOACK;
 
                qc->flags |= QUIC_FL_CONN_TX_TP_RECEIVED;