Mercurial > hg > nginx
view src/event/quic/ngx_event_quic_openssl_compat.c @ 9113:bddd3f76e3e5
QUIC: fixed OpenSSL compat layer with OpenSSL master branch.
The layer is enabled as a fallback if the QUIC support is configured and the
BoringSSL API wasn't detected, or when using the --with-openssl option, also
compatible with QuicTLS and LibreSSL. For the latter, the layer is assumed
to be present if QUIC was requested, so it needs to be undefined to prevent
QUIC API redefinition as appropriate.
A previously used approach to test the TLSEXT_TYPE_quic_transport_parameters
macro doesn't work with OpenSSL 3.2 master branch where this macro appeared
with incompatible QUIC API. To fix the build there, the test is revised to
pass only for QuicTLS and LibreSSL.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Tue, 23 May 2023 00:45:18 +0400 |
parents | 7da4791e0264 |
children | b4a57278bf24 |
line wrap: on
line source
/* * Copyright (C) Nginx, Inc. */ #include <ngx_config.h> #include <ngx_core.h> #include <ngx_event.h> #include <ngx_event_quic_connection.h> #if (NGX_QUIC_OPENSSL_COMPAT) #define NGX_QUIC_COMPAT_RECORD_SIZE 1024 #define NGX_QUIC_COMPAT_SSL_TP_EXT 0x39 #define NGX_QUIC_COMPAT_CLIENT_HANDSHAKE "CLIENT_HANDSHAKE_TRAFFIC_SECRET" #define NGX_QUIC_COMPAT_SERVER_HANDSHAKE "SERVER_HANDSHAKE_TRAFFIC_SECRET" #define NGX_QUIC_COMPAT_CLIENT_APPLICATION "CLIENT_TRAFFIC_SECRET_0" #define NGX_QUIC_COMPAT_SERVER_APPLICATION "SERVER_TRAFFIC_SECRET_0" typedef struct { ngx_quic_secret_t secret; ngx_uint_t cipher; } ngx_quic_compat_keys_t; typedef struct { ngx_log_t *log; u_char type; ngx_str_t payload; uint64_t number; ngx_quic_compat_keys_t *keys; enum ssl_encryption_level_t level; } ngx_quic_compat_record_t; struct ngx_quic_compat_s { const SSL_QUIC_METHOD *method; enum ssl_encryption_level_t write_level; enum ssl_encryption_level_t read_level; uint64_t read_record; ngx_quic_compat_keys_t keys; ngx_str_t tp; ngx_str_t ctp; }; static void ngx_quic_compat_keylog_callback(const SSL *ssl, const char *line); static ngx_int_t ngx_quic_compat_set_encryption_secret(ngx_log_t *log, ngx_quic_compat_keys_t *keys, enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, const uint8_t *secret, size_t secret_len); static int ngx_quic_compat_add_transport_params_callback(SSL *ssl, unsigned int ext_type, unsigned int context, const unsigned char **out, size_t *outlen, X509 *x, size_t chainidx, int *al, void *add_arg); static int ngx_quic_compat_parse_transport_params_callback(SSL *ssl, unsigned int ext_type, unsigned int context, const unsigned char *in, size_t inlen, X509 *x, size_t chainidx, int *al, void *parse_arg); static void ngx_quic_compat_message_callback(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg); static size_t ngx_quic_compat_create_header(ngx_quic_compat_record_t *rec, u_char *out, ngx_uint_t plain); static ngx_int_t ngx_quic_compat_create_record(ngx_quic_compat_record_t *rec, ngx_str_t *res); ngx_int_t ngx_quic_compat_init(ngx_conf_t *cf, SSL_CTX *ctx) { SSL_CTX_set_keylog_callback(ctx, ngx_quic_compat_keylog_callback); if (SSL_CTX_has_client_custom_ext(ctx, NGX_QUIC_COMPAT_SSL_TP_EXT)) { return NGX_OK; } if (SSL_CTX_add_custom_ext(ctx, NGX_QUIC_COMPAT_SSL_TP_EXT, SSL_EXT_CLIENT_HELLO |SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS, ngx_quic_compat_add_transport_params_callback, NULL, NULL, ngx_quic_compat_parse_transport_params_callback, NULL) == 0) { ngx_log_error(NGX_LOG_EMERG, cf->log, 0, "SSL_CTX_add_custom_ext() failed"); return NGX_ERROR; } return NGX_OK; } static void ngx_quic_compat_keylog_callback(const SSL *ssl, const char *line) { u_char ch, *p, *start, value; size_t n; ngx_uint_t write; const SSL_CIPHER *cipher; ngx_quic_compat_t *com; ngx_connection_t *c; ngx_quic_connection_t *qc; enum ssl_encryption_level_t level; u_char secret[EVP_MAX_MD_SIZE]; c = ngx_ssl_get_connection(ssl); if (c->type != SOCK_DGRAM) { return; } p = (u_char *) line; for (start = p; *p && *p != ' '; p++); n = p - start; ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, "quic compat secret %*s", n, start); if (n == sizeof(NGX_QUIC_COMPAT_CLIENT_HANDSHAKE) - 1 && ngx_strncmp(start, NGX_QUIC_COMPAT_CLIENT_HANDSHAKE, n) == 0) { level = ssl_encryption_handshake; write = 0; } else if (n == sizeof(NGX_QUIC_COMPAT_SERVER_HANDSHAKE) - 1 && ngx_strncmp(start, NGX_QUIC_COMPAT_SERVER_HANDSHAKE, n) == 0) { level = ssl_encryption_handshake; write = 1; } else if (n == sizeof(NGX_QUIC_COMPAT_CLIENT_APPLICATION) - 1 && ngx_strncmp(start, NGX_QUIC_COMPAT_CLIENT_APPLICATION, n) == 0) { level = ssl_encryption_application; write = 0; } else if (n == sizeof(NGX_QUIC_COMPAT_SERVER_APPLICATION) - 1 && ngx_strncmp(start, NGX_QUIC_COMPAT_SERVER_APPLICATION, n) == 0) { level = ssl_encryption_application; write = 1; } else { return; } if (*p++ == '\0') { return; } for ( /* void */ ; *p && *p != ' '; p++); if (*p++ == '\0') { return; } for (n = 0, start = p; *p; p++) { ch = *p; if (ch >= '0' && ch <= '9') { value = ch - '0'; goto next; } ch = (u_char) (ch | 0x20); if (ch >= 'a' && ch <= 'f') { value = ch - 'a' + 10; goto next; } ngx_log_error(NGX_LOG_EMERG, c->log, 0, "invalid OpenSSL QUIC secret format"); return; next: if ((p - start) % 2) { secret[n++] += value; } else { if (n >= EVP_MAX_MD_SIZE) { ngx_log_error(NGX_LOG_EMERG, c->log, 0, "too big OpenSSL QUIC secret"); return; } secret[n] = (value << 4); } } qc = ngx_quic_get_connection(c); com = qc->compat; cipher = SSL_get_current_cipher(ssl); if (write) { com->method->set_write_secret((SSL *) ssl, level, cipher, secret, n); com->write_level = level; } else { com->method->set_read_secret((SSL *) ssl, level, cipher, secret, n); com->read_level = level; com->read_record = 0; (void) ngx_quic_compat_set_encryption_secret(c->log, &com->keys, level, cipher, secret, n); } } static ngx_int_t ngx_quic_compat_set_encryption_secret(ngx_log_t *log, ngx_quic_compat_keys_t *keys, enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, const uint8_t *secret, size_t secret_len) { ngx_int_t key_len; ngx_str_t secret_str; ngx_uint_t i; ngx_quic_hkdf_t seq[2]; ngx_quic_secret_t *peer_secret; ngx_quic_ciphers_t ciphers; peer_secret = &keys->secret; keys->cipher = SSL_CIPHER_get_id(cipher); key_len = ngx_quic_ciphers(keys->cipher, &ciphers, level); if (key_len == NGX_ERROR) { ngx_ssl_error(NGX_LOG_INFO, log, 0, "unexpected cipher"); return NGX_ERROR; } if (sizeof(peer_secret->secret.data) < secret_len) { ngx_log_error(NGX_LOG_ALERT, log, 0, "unexpected secret len: %uz", secret_len); return NGX_ERROR; } peer_secret->secret.len = secret_len; ngx_memcpy(peer_secret->secret.data, secret, secret_len); peer_secret->key.len = key_len; peer_secret->iv.len = NGX_QUIC_IV_LEN; secret_str.len = secret_len; secret_str.data = (u_char *) secret; ngx_quic_hkdf_set(&seq[0], "tls13 key", &peer_secret->key, &secret_str); ngx_quic_hkdf_set(&seq[1], "tls13 iv", &peer_secret->iv, &secret_str); for (i = 0; i < (sizeof(seq) / sizeof(seq[0])); i++) { if (ngx_quic_hkdf_expand(&seq[i], ciphers.d, log) != NGX_OK) { return NGX_ERROR; } } return NGX_OK; } static int ngx_quic_compat_add_transport_params_callback(SSL *ssl, unsigned int ext_type, unsigned int context, const unsigned char **out, size_t *outlen, X509 *x, size_t chainidx, int *al, void *add_arg) { ngx_connection_t *c; ngx_quic_compat_t *com; ngx_quic_connection_t *qc; c = ngx_ssl_get_connection(ssl); if (c->type != SOCK_DGRAM) { return 0; } ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "quic compat add transport params"); qc = ngx_quic_get_connection(c); com = qc->compat; *out = com->tp.data; *outlen = com->tp.len; return 1; } static int ngx_quic_compat_parse_transport_params_callback(SSL *ssl, unsigned int ext_type, unsigned int context, const unsigned char *in, size_t inlen, X509 *x, size_t chainidx, int *al, void *parse_arg) { u_char *p; ngx_connection_t *c; ngx_quic_compat_t *com; ngx_quic_connection_t *qc; c = ngx_ssl_get_connection(ssl); if (c->type != SOCK_DGRAM) { return 0; } ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "quic compat parse transport params"); qc = ngx_quic_get_connection(c); com = qc->compat; p = ngx_pnalloc(c->pool, inlen); if (p == NULL) { return 0; } ngx_memcpy(p, in, inlen); com->ctp.data = p; com->ctp.len = inlen; return 1; } int SSL_set_quic_method(SSL *ssl, const SSL_QUIC_METHOD *quic_method) { BIO *rbio, *wbio; ngx_connection_t *c; ngx_quic_compat_t *com; ngx_quic_connection_t *qc; c = ngx_ssl_get_connection(ssl); ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "quic compat set method"); qc = ngx_quic_get_connection(c); qc->compat = ngx_pcalloc(c->pool, sizeof(ngx_quic_compat_t)); if (qc->compat == NULL) { return 0; } com = qc->compat; com->method = quic_method; rbio = BIO_new(BIO_s_mem()); if (rbio == NULL) { return 0; } wbio = BIO_new(BIO_s_null()); if (wbio == NULL) { return 0; } SSL_set_bio(ssl, rbio, wbio); SSL_set_msg_callback(ssl, ngx_quic_compat_message_callback); /* early data is not supported */ SSL_set_max_early_data(ssl, 0); return 1; } static void ngx_quic_compat_message_callback(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg) { ngx_uint_t alert; ngx_connection_t *c; ngx_quic_compat_t *com; ngx_quic_connection_t *qc; enum ssl_encryption_level_t level; if (!write_p) { return; } c = ngx_ssl_get_connection(ssl); qc = ngx_quic_get_connection(c); if (qc == NULL) { /* closing */ return; } com = qc->compat; level = com->write_level; switch (content_type) { case SSL3_RT_HANDSHAKE: ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, "quic compat tx %s len:%uz ", ngx_quic_level_name(level), len); (void) com->method->add_handshake_data(ssl, level, buf, len); break; case SSL3_RT_ALERT: if (len >= 2) { alert = ((u_char *) buf)[1]; ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, "quic compat %s alert:%ui len:%uz ", ngx_quic_level_name(level), alert, len); (void) com->method->send_alert(ssl, level, alert); } break; } } int SSL_provide_quic_data(SSL *ssl, enum ssl_encryption_level_t level, const uint8_t *data, size_t len) { BIO *rbio; size_t n; u_char *p; ngx_str_t res; ngx_connection_t *c; ngx_quic_compat_t *com; ngx_quic_connection_t *qc; ngx_quic_compat_record_t rec; u_char in[NGX_QUIC_COMPAT_RECORD_SIZE + 1]; u_char out[NGX_QUIC_COMPAT_RECORD_SIZE + 1 + SSL3_RT_HEADER_LENGTH + EVP_GCM_TLS_TAG_LEN]; c = ngx_ssl_get_connection(ssl); ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, "quic compat rx %s len:%uz", ngx_quic_level_name(level), len); qc = ngx_quic_get_connection(c); com = qc->compat; rbio = SSL_get_rbio(ssl); while (len) { ngx_memzero(&rec, sizeof(ngx_quic_compat_record_t)); rec.type = SSL3_RT_HANDSHAKE; rec.log = c->log; rec.number = com->read_record++; rec.keys = &com->keys; if (level == ssl_encryption_initial) { n = ngx_min(len, 65535); rec.payload.len = n; rec.payload.data = (u_char *) data; ngx_quic_compat_create_header(&rec, out, 1); BIO_write(rbio, out, SSL3_RT_HEADER_LENGTH); BIO_write(rbio, data, n); #if defined(NGX_QUIC_DEBUG_CRYPTO) && defined(NGX_QUIC_DEBUG_PACKETS) ngx_log_debug5(NGX_LOG_DEBUG_EVENT, c->log, 0, "quic compat record len:%uz %*xs%*xs", n + SSL3_RT_HEADER_LENGTH, (size_t) SSL3_RT_HEADER_LENGTH, out, n, data); #endif } else { n = ngx_min(len, NGX_QUIC_COMPAT_RECORD_SIZE); p = ngx_cpymem(in, data, n); *p++ = SSL3_RT_HANDSHAKE; rec.payload.len = p - in; rec.payload.data = in; res.data = out; if (ngx_quic_compat_create_record(&rec, &res) != NGX_OK) { return 0; } #if defined(NGX_QUIC_DEBUG_CRYPTO) && defined(NGX_QUIC_DEBUG_PACKETS) ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, "quic compat record len:%uz %xV", res.len, &res); #endif BIO_write(rbio, res.data, res.len); } data += n; len -= n; } return 1; } static size_t ngx_quic_compat_create_header(ngx_quic_compat_record_t *rec, u_char *out, ngx_uint_t plain) { u_char type; size_t len; len = rec->payload.len; if (plain) { type = rec->type; } else { type = SSL3_RT_APPLICATION_DATA; len += EVP_GCM_TLS_TAG_LEN; } out[0] = type; out[1] = 0x03; out[2] = 0x03; out[3] = (len >> 8); out[4] = len; return 5; } static ngx_int_t ngx_quic_compat_create_record(ngx_quic_compat_record_t *rec, ngx_str_t *res) { ngx_str_t ad, out; ngx_quic_secret_t *secret; ngx_quic_ciphers_t ciphers; u_char nonce[NGX_QUIC_IV_LEN]; ad.data = res->data; ad.len = ngx_quic_compat_create_header(rec, ad.data, 0); out.len = rec->payload.len + EVP_GCM_TLS_TAG_LEN; out.data = res->data + ad.len; #ifdef NGX_QUIC_DEBUG_CRYPTO ngx_log_debug2(NGX_LOG_DEBUG_EVENT, rec->log, 0, "quic compat ad len:%uz %xV", ad.len, &ad); #endif if (ngx_quic_ciphers(rec->keys->cipher, &ciphers, rec->level) == NGX_ERROR) { return NGX_ERROR; } secret = &rec->keys->secret; ngx_memcpy(nonce, secret->iv.data, secret->iv.len); ngx_quic_compute_nonce(nonce, sizeof(nonce), rec->number); if (ngx_quic_tls_seal(ciphers.c, secret, &out, nonce, &rec->payload, &ad, rec->log) != NGX_OK) { return NGX_ERROR; } res->len = ad.len + out.len; return NGX_OK; } enum ssl_encryption_level_t SSL_quic_read_level(const SSL *ssl) { ngx_connection_t *c; ngx_quic_connection_t *qc; c = ngx_ssl_get_connection(ssl); qc = ngx_quic_get_connection(c); return qc->compat->read_level; } enum ssl_encryption_level_t SSL_quic_write_level(const SSL *ssl) { ngx_connection_t *c; ngx_quic_connection_t *qc; c = ngx_ssl_get_connection(ssl); qc = ngx_quic_get_connection(c); return qc->compat->write_level; } int SSL_set_quic_transport_params(SSL *ssl, const uint8_t *params, size_t params_len) { ngx_connection_t *c; ngx_quic_compat_t *com; ngx_quic_connection_t *qc; c = ngx_ssl_get_connection(ssl); qc = ngx_quic_get_connection(c); com = qc->compat; com->tp.len = params_len; com->tp.data = (u_char *) params; return 1; } void SSL_get_peer_quic_transport_params(const SSL *ssl, const uint8_t **out_params, size_t *out_params_len) { ngx_connection_t *c; ngx_quic_compat_t *com; ngx_quic_connection_t *qc; c = ngx_ssl_get_connection(ssl); qc = ngx_quic_get_connection(c); com = qc->compat; *out_params = com->ctp.data; *out_params_len = com->ctp.len; } #endif /* NGX_QUIC_OPENSSL_COMPAT */