# HG changeset patch # User Vladimir Homutov # Date 1592477926 -10800 # Node ID a2c34e77cfc132b97c94c337f4ee6a74bede9b3c # Parent 4e75267865dedad653020d00b848248c2ae66cd0 QUIC: added ALPN checks. quic-transport draft 29: section 7: * authenticated negotiation of an application protocol (TLS uses ALPN [RFC7301] for this purpose) ... Endpoints MUST explicitly negotiate an application protocol. This avoids situations where there is a disagreement about the protocol that is in use. section 8.1: When using ALPN, endpoints MUST immediately close a connection (see Section 10.3 of [QUIC-TRANSPORT]) with a no_application_protocol TLS alert (QUIC error code 0x178; see Section 4.10) if an application protocol is not negotiated. Changes in ngx_quic_close_quic() function are required to avoid attempts to generated and send packets without proper keys, what happens in case of failed ALPN check. diff --git a/src/event/ngx_event_quic.c b/src/event/ngx_event_quic.c --- a/src/event/ngx_event_quic.c +++ b/src/event/ngx_event_quic.c @@ -393,6 +393,31 @@ ngx_quic_add_handshake_data(ngx_ssl_conn "quic ngx_quic_add_handshake_data"); if (!qc->client_tp_done) { + /* + * things to do once during handshake: check ALPN and transport + * parameters; we want to break handshake if something is wrong + * here; + */ + +#if defined(TLSEXT_TYPE_application_layer_protocol_negotiation) + { + unsigned int len; + const unsigned char *data; + + SSL_get0_alpn_selected(c->ssl->connection, &data, &len); + + if (len != NGX_QUIC_ALPN_LEN + || ngx_strncmp(data, NGX_QUIC_ALPN_STR, NGX_QUIC_ALPN_LEN) != 0) + { + qc->error = 0x100 + SSL_AD_NO_APPLICATION_PROTOCOL; + qc->error_reason = "unsupported protocol in ALPN extension"; + + ngx_log_error(NGX_LOG_INFO, c->log, 0, + "quic unsupported protocol in ALPN extension"); + return 0; + } + } +#endif SSL_get_peer_quic_transport_params(ssl_conn, &client_params, &client_params_len); @@ -1298,9 +1323,8 @@ ngx_quic_close_quic(ngx_connection_t *c, qc->error_reason ? qc->error_reason : ""); } - level = (qc->state == ssl_encryption_early_data) - ? ssl_encryption_handshake - : qc->state; + level = c->ssl ? SSL_quic_read_level(c->ssl->connection) + : ssl_encryption_initial; (void) ngx_quic_send_cc(c, level, err, qc->error_ftype, qc->error_reason); diff --git a/src/event/ngx_event_quic.h b/src/event/ngx_event_quic.h --- a/src/event/ngx_event_quic.h +++ b/src/event/ngx_event_quic.h @@ -18,6 +18,11 @@ #endif #define NGX_QUIC_VERSION (0xff000000 + NGX_QUIC_DRAFT_VERSION) +#define NGX_QUIC_ALPN(s) NGX_QUIC_ALPN_DRAFT(s) +#define NGX_QUIC_ALPN_DRAFT(s) "h3-" #s +#define NGX_QUIC_ALPN_STR NGX_QUIC_ALPN(NGX_QUIC_DRAFT_VERSION) +#define NGX_QUIC_ALPN_LEN (sizeof(NGX_QUIC_ALPN_STR) - 1) + #define NGX_QUIC_MAX_SHORT_HEADER 25 /* 1 flags + 20 dcid + 4 pn */ #define NGX_QUIC_MAX_LONG_HEADER 56 /* 1 flags + 4 version + 2 x (1 + 20) s/dcid + 4 pn + 4 len + token len */