One Level Up Top Level

src/event/quic/ngx_event_quic_ssl.c - nginx source code

Functions defined

Macros defined

Source code


  2. /*
  3. * Copyright (C) Nginx, Inc.
  4. */


  7. #include <ngx_config.h>
  8. #include <ngx_core.h>
  9. #include <ngx_event.h>
  10. #include <ngx_event_quic_connection.h>


  13. #if defined OPENSSL_IS_BORINGSSL                                              \
  14.     || defined LIBRESSL_VERSION_NUMBER                                        \
  15.     || NGX_QUIC_OPENSSL_COMPAT
  16. #define NGX_QUIC_BORINGSSL_API   1
  17. #endif


  20. /*
  21. * RFC 9000, 7.5.  Cryptographic Message Buffering
  22. *
  23. * Implementations MUST support buffering at least 4096 bytes of data
  24. */
  25. #define NGX_QUIC_MAX_BUFFERED    65535


  28. #if (NGX_QUIC_BORINGSSL_API)
  29. static int ngx_quic_set_read_secret(ngx_ssl_conn_t *ssl_conn,
  30.     enum ssl_encryption_level_t level, const SSL_CIPHER *cipher,
  31.     const uint8_t *secret, size_t secret_len);
  32. static int ngx_quic_set_write_secret(ngx_ssl_conn_t *ssl_conn,
  33.     enum ssl_encryption_level_t level, const SSL_CIPHER *cipher,
  34.     const uint8_t *secret, size_t secret_len);
  35. #else
  36. static int ngx_quic_set_encryption_secrets(ngx_ssl_conn_t *ssl_conn,
  37.     enum ssl_encryption_level_t level, const uint8_t *read_secret,
  38.     const uint8_t *write_secret, size_t secret_len);
  39. #endif

  41. static int ngx_quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn,
  42.     enum ssl_encryption_level_t level, const uint8_t *data, size_t len);
  43. static int ngx_quic_flush_flight(ngx_ssl_conn_t *ssl_conn);
  44. static int ngx_quic_send_alert(ngx_ssl_conn_t *ssl_conn,
  45.     enum ssl_encryption_level_t level, uint8_t alert);
  46. static ngx_int_t ngx_quic_crypto_input(ngx_connection_t *c, ngx_chain_t *data,
  47.     enum ssl_encryption_level_t level);


  50. #if (NGX_QUIC_BORINGSSL_API)

  52. static int
  53. ngx_quic_set_read_secret(ngx_ssl_conn_t *ssl_conn,
  54.     enum ssl_encryption_level_t level, const SSL_CIPHER *cipher,
  55.     const uint8_t *rsecret, size_t secret_len)
  56. {
  57.     ngx_connection_t       *c;
  58.     ngx_quic_connection_t  *qc;

  60.     c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn);
  61.     qc = ngx_quic_get_connection(c);

  63.     ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
  64.                    "quic ngx_quic_set_read_secret() level:%d", level);
  65. #ifdef NGX_QUIC_DEBUG_CRYPTO
  66.     ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0,
  67.                    "quic read secret len:%uz %*xs", secret_len,
  68.                    secret_len, rsecret);
  69. #endif

  71.     if (ngx_quic_keys_set_encryption_secret(c->log, 0, qc->keys, level,
  72.                                             cipher, rsecret, secret_len)
  73.         != NGX_OK)
  74.     {
  75.         return 0;
  76.     }

  78.     return 1;
  79. }


  82. static int
  83. ngx_quic_set_write_secret(ngx_ssl_conn_t *ssl_conn,
  84.     enum ssl_encryption_level_t level, const SSL_CIPHER *cipher,
  85.     const uint8_t *wsecret, size_t secret_len)
  86. {
  87.     ngx_connection_t       *c;
  88.     ngx_quic_connection_t  *qc;

  90.     c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn);
  91.     qc = ngx_quic_get_connection(c);

  93.     ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
  94.                    "quic ngx_quic_set_write_secret() level:%d", level);
  95. #ifdef NGX_QUIC_DEBUG_CRYPTO
  96.     ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0,
  97.                    "quic write secret len:%uz %*xs", secret_len,
  98.                    secret_len, wsecret);
  99. #endif

  101.     if (ngx_quic_keys_set_encryption_secret(c->log, 1, qc->keys, level,
  102.                                             cipher, wsecret, secret_len)
  103.         != NGX_OK)
  104.     {
  105.         return 0;
  106.     }

  108.     return 1;
  109. }

  111. #else

  113. static int
  114. ngx_quic_set_encryption_secrets(ngx_ssl_conn_t *ssl_conn,
  115.     enum ssl_encryption_level_t level, const uint8_t *rsecret,
  116.     const uint8_t *wsecret, size_t secret_len)
  117. {
  118.     ngx_connection_t       *c;
  119.     const SSL_CIPHER       *cipher;
  120.     ngx_quic_connection_t  *qc;

  122.     c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn);
  123.     qc = ngx_quic_get_connection(c);

  125.     ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
  126.                    "quic ngx_quic_set_encryption_secrets() level:%d", level);
  127. #ifdef NGX_QUIC_DEBUG_CRYPTO
  128.     ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0,
  129.                    "quic read secret len:%uz %*xs", secret_len,
  130.                    secret_len, rsecret);
  131. #endif

  133.     cipher = SSL_get_current_cipher(ssl_conn);

  135.     if (ngx_quic_keys_set_encryption_secret(c->log, 0, qc->keys, level,
  136.                                             cipher, rsecret, secret_len)
  137.         != NGX_OK)
  138.     {
  139.         return 0;
  140.     }

  142.     if (level == ssl_encryption_early_data) {
  143.         return 1;
  144.     }

  146. #ifdef NGX_QUIC_DEBUG_CRYPTO
  147.     ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0,
  148.                    "quic write secret len:%uz %*xs", secret_len,
  149.                    secret_len, wsecret);
  150. #endif

  152.     if (ngx_quic_keys_set_encryption_secret(c->log, 1, qc->keys, level,
  153.                                             cipher, wsecret, secret_len)
  154.         != NGX_OK)
  155.     {
  156.         return 0;
  157.     }

  159.     return 1;
  160. }

  162. #endif


  165. static int
  166. ngx_quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn,
  167.     enum ssl_encryption_level_t level, const uint8_t *data, size_t len)
  168. {
  169.     u_char                 *p, *end;
  170.     size_t                  client_params_len;
  171.     ngx_chain_t            *out;
  172.     const uint8_t          *client_params;
  173.     ngx_quic_tp_t           ctp;
  174.     ngx_quic_frame_t       *frame;
  175.     ngx_connection_t       *c;
  176.     ngx_quic_send_ctx_t    *ctx;
  177.     ngx_quic_connection_t  *qc;
  178. #if defined(TLSEXT_TYPE_application_layer_protocol_negotiation)
  179.     unsigned int            alpn_len;
  180.     const unsigned char    *alpn_data;
  181. #endif

  183.     c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn);
  184.     qc = ngx_quic_get_connection(c);

  186.     ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
  187.                    "quic ngx_quic_add_handshake_data");

  189.     if (!qc->client_tp_done) {
  190.         /*
  191.          * things to do once during handshake: check ALPN and transport
  192.          * parameters; we want to break handshake if something is wrong
  193.          * here;
  194.          */

  196. #if defined(TLSEXT_TYPE_application_layer_protocol_negotiation)

  198.         SSL_get0_alpn_selected(ssl_conn, &alpn_data, &alpn_len);

  200.         if (alpn_len == 0) {
  201.             qc->error = NGX_QUIC_ERR_CRYPTO(SSL_AD_NO_APPLICATION_PROTOCOL);
  202.             qc->error_reason = "unsupported protocol in ALPN extension";

  204.             ngx_log_error(NGX_LOG_INFO, c->log, 0,
  205.                           "quic unsupported protocol in ALPN extension");
  206.             return 0;
  207.         }

  209. #endif

  211.         SSL_get_peer_quic_transport_params(ssl_conn, &client_params,
  212.                                            &client_params_len);

  214.         ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
  215.                        "quic SSL_get_peer_quic_transport_params():"
  216.                        " params_len:%ui", client_params_len);

  218.         if (client_params_len == 0) {
  219.             /* RFC 9001, 8.2.  QUIC Transport Parameters Extension */
  220.             qc->error = NGX_QUIC_ERR_CRYPTO(SSL_AD_MISSING_EXTENSION);
  221.             qc->error_reason = "missing transport parameters";

  223.             ngx_log_error(NGX_LOG_INFO, c->log, 0,
  224.                           "missing transport parameters");
  225.             return 0;
  226.         }

  228.         p = (u_char *) client_params;
  229.         end = p + client_params_len;

  231.         /* defaults for parameters not sent by client */
  232.         ngx_memcpy(&ctp, &qc->ctp, sizeof(ngx_quic_tp_t));

  234.         if (ngx_quic_parse_transport_params(p, end, &ctp, c->log)
  235.             != NGX_OK)
  236.         {
  237.             qc->error = NGX_QUIC_ERR_TRANSPORT_PARAMETER_ERROR;
  238.             qc->error_reason = "failed to process transport parameters";

  240.             return 0;
  241.         }

  243.         if (ngx_quic_apply_transport_params(c, &ctp) != NGX_OK) {
  244.             return 0;
  245.         }

  247.         qc->client_tp_done = 1;
  248.     }

  250.     ctx = ngx_quic_get_send_ctx(qc, level);

  252.     out = ngx_quic_copy_buffer(c, (u_char *) data, len);
  253.     if (out == NGX_CHAIN_ERROR) {
  254.         return 0;
  255.     }

  257.     frame = ngx_quic_alloc_frame(c);
  258.     if (frame == NULL) {
  259.         return 0;
  260.     }

  262.     frame->data = out;
  263.     frame->level = level;
  264.     frame->type = NGX_QUIC_FT_CRYPTO;
  265.     frame->u.crypto.offset = ctx->crypto_sent;
  266.     frame->u.crypto.length = len;

  268.     ctx->crypto_sent += len;

  270.     ngx_quic_queue_frame(qc, frame);

  272.     return 1;
  273. }


  276. static int
  277. ngx_quic_flush_flight(ngx_ssl_conn_t *ssl_conn)
  278. {
  279. #if (NGX_DEBUG)
  280.     ngx_connection_t  *c;

  282.     c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn);

  284.     ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
  285.                    "quic ngx_quic_flush_flight()");
  286. #endif
  287.     return 1;
  288. }


  291. static int
  292. ngx_quic_send_alert(ngx_ssl_conn_t *ssl_conn, enum ssl_encryption_level_t level,
  293.     uint8_t alert)
  294. {
  295.     ngx_connection_t       *c;
  296.     ngx_quic_connection_t  *qc;

  298.     c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn);

  300.     ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
  301.                    "quic ngx_quic_send_alert() level:%s alert:%d",
  302.                    ngx_quic_level_name(level), (int) alert);

  304.     /* already closed on regular shutdown */

  306.     qc = ngx_quic_get_connection(c);
  307.     if (qc == NULL) {
  308.         return 1;
  309.     }

  311.     qc->error = NGX_QUIC_ERR_CRYPTO(alert);
  312.     qc->error_reason = "handshake failed";

  314.     return 1;
  315. }


  318. ngx_int_t
  319. ngx_quic_handle_crypto_frame(ngx_connection_t *c, ngx_quic_header_t *pkt,
  320.     ngx_quic_frame_t *frame)
  321. {
  322.     uint64_t                  last;
  323.     ngx_chain_t              *cl;
  324.     ngx_quic_send_ctx_t      *ctx;
  325.     ngx_quic_connection_t    *qc;
  326.     ngx_quic_crypto_frame_t  *f;

  328.     qc = ngx_quic_get_connection(c);

  330.     if (!ngx_quic_keys_available(qc->keys, pkt->level, 0)) {
  331.         return NGX_OK;
  332.     }

  334.     ctx = ngx_quic_get_send_ctx(qc, pkt->level);
  335.     f = &frame->u.crypto;

  337.     /* no overflow since both values are 62-bit */
  338.     last = f->offset + f->length;

  340.     if (last > ctx->crypto.offset + NGX_QUIC_MAX_BUFFERED) {
  341.         qc->error = NGX_QUIC_ERR_CRYPTO_BUFFER_EXCEEDED;
  342.         return NGX_ERROR;
  343.     }

  345.     if (last <= ctx->crypto.offset) {
  346.         if (pkt->level == ssl_encryption_initial) {
  347.             /* speeding up handshake completion */

  349.             if (!ngx_queue_empty(&ctx->sent)) {
  350.                 ngx_quic_resend_frames(c, ctx);

  352.                 ctx = ngx_quic_get_send_ctx(qc, ssl_encryption_handshake);
  353.                 while (!ngx_queue_empty(&ctx->sent)) {
  354.                     ngx_quic_resend_frames(c, ctx);
  355.                 }
  356.             }
  357.         }

  359.         return NGX_OK;
  360.     }

  362.     if (f->offset == ctx->crypto.offset) {
  363.         if (ngx_quic_crypto_input(c, frame->data, pkt->level) != NGX_OK) {
  364.             return NGX_ERROR;
  365.         }

  367.         ngx_quic_skip_buffer(c, &ctx->crypto, last);

  369.     } else {
  370.         if (ngx_quic_write_buffer(c, &ctx->crypto, frame->data, f->length,
  371.                                   f->offset)
  372.             == NGX_CHAIN_ERROR)
  373.         {
  374.             return NGX_ERROR;
  375.         }
  376.     }

  378.     cl = ngx_quic_read_buffer(c, &ctx->crypto, (uint64_t) -1);

  380.     if (cl) {
  381.         if (ngx_quic_crypto_input(c, cl, pkt->level) != NGX_OK) {
  382.             return NGX_ERROR;
  383.         }

  385.         ngx_quic_free_chain(c, cl);
  386.     }

  388.     return NGX_OK;
  389. }


  392. static ngx_int_t
  393. ngx_quic_crypto_input(ngx_connection_t *c, ngx_chain_t *data,
  394.     enum ssl_encryption_level_t level)
  395. {
  396.     int                     n, sslerr;
  397.     ngx_buf_t              *b;
  398.     ngx_chain_t            *cl;
  399.     ngx_ssl_conn_t         *ssl_conn;
  400.     ngx_quic_frame_t       *frame;
  401.     ngx_quic_connection_t  *qc;

  403.     qc = ngx_quic_get_connection(c);

  405.     ssl_conn = c->ssl->connection;

  407.     for (cl = data; cl; cl = cl->next) {
  408.         b = cl->buf;

  410.         if (!SSL_provide_quic_data(ssl_conn, level, b->pos, b->last - b->pos)) {
  411.             ngx_ssl_error(NGX_LOG_INFO, c->log, 0,
  412.                           "SSL_provide_quic_data() failed");
  413.             return NGX_ERROR;
  414.         }
  415.     }

  417.     n = SSL_do_handshake(ssl_conn);

  419.     ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_do_handshake: %d", n);

  421.     if (n <= 0) {
  422.         sslerr = SSL_get_error(ssl_conn, n);

  424.         ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d",
  425.                        sslerr);

  427.         if (sslerr != SSL_ERROR_WANT_READ) {

  429.             if (c->ssl->handshake_rejected) {
  430.                 ngx_connection_error(c, 0, "handshake rejected");
  431.                 ERR_clear_error();

  433.                 return NGX_ERROR;
  434.             }

  436.             ngx_ssl_error(NGX_LOG_ERR, c->log, 0, "SSL_do_handshake() failed");
  437.             return NGX_ERROR;
  438.         }
  439.     }

  441.     if (n <= 0 || SSL_in_init(ssl_conn)) {
  442.         if (ngx_quic_keys_available(qc->keys, ssl_encryption_early_data, 0)
  443.             && qc->client_tp_done)
  444.         {
  445.             if (ngx_quic_init_streams(c) != NGX_OK) {
  446.                 return NGX_ERROR;
  447.             }
  448.         }

  450.         return NGX_OK;
  451.     }

  453. #if (NGX_DEBUG)
  454.     ngx_ssl_handshake_log(c);
  455. #endif

  457.     c->ssl->handshaked = 1;

  459.     frame = ngx_quic_alloc_frame(c);
  460.     if (frame == NULL) {
  461.         return NGX_ERROR;
  462.     }

  464.     frame->level = ssl_encryption_application;
  465.     frame->type = NGX_QUIC_FT_HANDSHAKE_DONE;
  466.     ngx_quic_queue_frame(qc, frame);

  468.     if (qc->conf->retry) {
  469.         if (ngx_quic_send_new_token(c, qc->path) != NGX_OK) {
  470.             return NGX_ERROR;
  471.         }
  472.     }

  474.     /*
  475.      * RFC 9001, 9.5.  Header Protection Timing Side Channels
  476.      *
  477.      * Generating next keys before a key update is received.
  478.      */

  480.     ngx_post_event(&qc->key_update, &ngx_posted_events);

  482.     /*
  483.      * RFC 9001, 4.9.2.  Discarding Handshake Keys
  484.      *
  485.      * An endpoint MUST discard its Handshake keys
  486.      * when the TLS handshake is confirmed.
  487.      */
  488.     ngx_quic_discard_ctx(c, ssl_encryption_handshake);

  490.     ngx_quic_discover_path_mtu(c, qc->path);

  492.     /* start accepting clients on negotiated number of server ids */
  493.     if (ngx_quic_create_sockets(c) != NGX_OK) {
  494.         return NGX_ERROR;
  495.     }

  497.     if (ngx_quic_init_streams(c) != NGX_OK) {
  498.         return NGX_ERROR;
  499.     }

  501.     return NGX_OK;
  502. }


  505. ngx_int_t
  506. ngx_quic_init_connection(ngx_connection_t *c)
  507. {
  508.     u_char                  *p;
  509.     size_t                   clen;
  510.     ssize_t                  len;
  511.     ngx_str_t                dcid;
  512.     ngx_ssl_conn_t          *ssl_conn;
  513.     ngx_quic_socket_t       *qsock;
  514.     ngx_quic_connection_t   *qc;
  515.     static SSL_QUIC_METHOD   quic_method;

  517.     qc = ngx_quic_get_connection(c);

  519.     if (ngx_ssl_create_connection(qc->conf->ssl, c, 0) != NGX_OK) {
  520.         return NGX_ERROR;
  521.     }

  523.     c->ssl->no_wait_shutdown = 1;

  525.     ssl_conn = c->ssl->connection;

  527.     if (!quic_method.send_alert) {
  528. #if (NGX_QUIC_BORINGSSL_API)
  529.         quic_method.set_read_secret = ngx_quic_set_read_secret;
  530.         quic_method.set_write_secret = ngx_quic_set_write_secret;
  531. #else
  532.         quic_method.set_encryption_secrets = ngx_quic_set_encryption_secrets;
  533. #endif
  534.         quic_method.add_handshake_data = ngx_quic_add_handshake_data;
  535.         quic_method.flush_flight = ngx_quic_flush_flight;
  536.         quic_method.send_alert = ngx_quic_send_alert;
  537.     }

  539.     if (SSL_set_quic_method(ssl_conn, &quic_method) == 0) {
  540.         ngx_log_error(NGX_LOG_INFO, c->log, 0,
  541.                       "quic SSL_set_quic_method() failed");
  542.         return NGX_ERROR;
  543.     }

  545. #ifdef OPENSSL_INFO_QUIC
  546.     if (SSL_CTX_get_max_early_data(qc->conf->ssl->ctx)) {
  547.         SSL_set_quic_early_data_enabled(ssl_conn, 1);
  548.     }
  549. #endif

  551.     qsock = ngx_quic_get_socket(c);

  553.     dcid.data = qsock->sid.id;
  554.     dcid.len = qsock->sid.len;

  556.     if (ngx_quic_new_sr_token(c, &dcid, qc->conf->sr_token_key, qc->tp.sr_token)
  557.         != NGX_OK)
  558.     {
  559.         return NGX_ERROR;
  560.     }

  562.     len = ngx_quic_create_transport_params(NULL, NULL, &qc->tp, &clen);
  563.     /* always succeeds */

  565.     p = ngx_pnalloc(c->pool, len);
  566.     if (p == NULL) {
  567.         return NGX_ERROR;
  568.     }

  570.     len = ngx_quic_create_transport_params(p, p + len, &qc->tp, NULL);
  571.     if (len < 0) {
  572.         return NGX_ERROR;
  573.     }

  575. #ifdef NGX_QUIC_DEBUG_PACKETS
  576.     ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0,
  577.                    "quic transport parameters len:%uz %*xs", len, len, p);
  578. #endif

  580.     if (SSL_set_quic_transport_params(ssl_conn, p, len) == 0) {
  581.         ngx_log_error(NGX_LOG_INFO, c->log, 0,
  582.                       "quic SSL_set_quic_transport_params() failed");
  583.         return NGX_ERROR;
  584.     }

  586. #ifdef OPENSSL_IS_BORINGSSL
  587.     if (SSL_set_quic_early_data_context(ssl_conn, p, clen) == 0) {
  588.         ngx_log_error(NGX_LOG_INFO, c->log, 0,
  589.                       "quic SSL_set_quic_early_data_context() failed");
  590.         return NGX_ERROR;
  591.     }
  592. #endif

  594.     return NGX_OK;
  595. }

One Level Up Top Level