openssl
/
openssl
mirror of https://github.com/openssl/openssl
1
0
Fork 0
Code Issues Releases Wiki Activity

QUIC_CHANNEL: Implementation 

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
This commit is contained in:
Hugo Landau 2022-11-17 15:00:41 +00:00
parent 69523214ee
commit f538b42155
4 changed files with 2057 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

159
include/internal/quic_channel.h Normal file
View File

@ -0,0 +1,159 @@
/*
* Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#ifndef OSSL_QUIC_CHANNEL_H
# define OSSL_QUIC_CHANNEL_H
# include <openssl/ssl.h>
# include "internal/quic_types.h"
# include "internal/quic_stream_map.h"
# include "internal/quic_reactor.h"
# include "internal/quic_statm.h"
# include "internal/time.h"
/*
* QUIC Channel
* ============
*
* A QUIC channel (QUIC_CHANNEL) is an object which binds together all of the
* various pieces of QUIC into a single top-level object, and handles connection
* state which is not specific to the client or server roles. In particular, it
* is strictly separated from the libssl front end I/O API personality layer,
* and is not an SSL object.
*
* The name QUIC_CHANNEL is chosen because QUIC_CONNECTION is already in use,
* but functionally these relate to the same thing (a QUIC connection). The use
* of two separate objects ensures clean separation between the API personality
* layer and common code for handling connections, and between the functionality
* which is specific to clients and which is specific to servers, and the
* functionality which is common to both.
*
* The API personality layer provides SSL objects (e.g. a QUIC_CONNECTION) which
* consume a QUIC channel and implement a specific public API. Things which are
* handled by the API personality layer include emulation of blocking semantics,
* handling of SSL object mode flags like non-partial write mode, etc.
*
* Where the QUIC_CHANNEL is used in a server role, there is one QUIC_CHANNEL
* per connection. In the future a QUIC Channel Manager will probably be defined
* to handle ownership of resources which are shared between connections (e.g.
* demuxers). Since we only use server-side functionality for dummy test servers
* for now, which only need to handle one connection at a time, this is not
* currently modelled.
*/
#define QUIC_CHANNEL_STATE_IDLE 0
#define QUIC_CHANNEL_STATE_ACTIVE 1
#define QUIC_CHANNEL_STATE_TERMINATING_CLOSING 2
#define QUIC_CHANNEL_STATE_TERMINATING_DRAINING 3
#define QUIC_CHANNEL_STATE_TERMINATED 4
typedef struct quic_channel_args_st {
OSSL_LIB_CTX *libctx;
const char *propq;
int is_server;
} QUIC_CHANNEL_ARGS;
typedef struct quic_channel_st QUIC_CHANNEL;
/*
* Create a new QUIC channel using the given arguments. The argument structure
* does not need to remain allocated. Returns NULL on failure.
*/
QUIC_CHANNEL *ossl_quic_channel_new(const QUIC_CHANNEL_ARGS *args);
/* No-op if ch is NULL. */
void ossl_quic_channel_free(QUIC_CHANNEL *ch);
/*
* Connection Lifecycle Events
* ===========================
*
* Various events that can be raised on the channel by other parts of the QUIC
* implementation. Some of these are suitable for general use by any part of the
* code (e.g. ossl_quic_channel_raise_protocol_error), others are for very
* specific use by particular components only (e.g.
* ossl_quic_channel_on_handshake_confirmed).
*
*/
/*
* To be used by a QUIC connection. Starts the channel. For a client-mode
* channel, this starts sending the first handshake layer message, etc. Can only
* be called in the idle state; successive calls are ignored.
*/
int ossl_quic_channel_start(QUIC_CHANNEL *ch);
/* Start a locally initiated connection shutdown. */
void ossl_quic_channel_local_close(QUIC_CHANNEL *ch);
/*
* Called when the handshake is confirmed.
*/
int ossl_quic_channel_on_handshake_confirmed(QUIC_CHANNEL *ch);
/*
* Raises a protocol error. This is intended to be the universal call suitable
* for handling of all peer-triggered protocol violations or errors detected by
* us. We specify a QUIC transport-scope error code and optional frame type
* which was responsible. If a frame type is not applicable, specify zero. The
* reason string is not currently handled, but should be a string of static
* storage duration. If the connection has already terminated due to a previous
* protocol error, this is a no-op; first error wins.
*/
void ossl_quic_channel_raise_protocol_error(QUIC_CHANNEL *ch,
uint64_t error_code,
uint64_t frame_type,
const char *reason);
/* For RXDP use. */
void ossl_quic_channel_on_remote_conn_close(QUIC_CHANNEL *ch,
OSSL_QUIC_FRAME_CONN_CLOSE *f);
/*
* Queries and Accessors
* =====================
*/
/* Gets the reactor which can be used to tick/poll on the channel. */
QUIC_REACTOR *ossl_quic_channel_get_reactor(QUIC_CHANNEL *ch);
/* Gets the QSM used with the channel. */
QUIC_STREAM_MAP *ossl_quic_channel_get_qsm(QUIC_CHANNEL *ch);
/* Gets the statistics manager used with the channel. */
OSSL_STATM *ossl_quic_channel_get_statm(QUIC_CHANNEL *ch);
/*
* Gets/sets the current peer address. Generally this should be used before
* starting a channel in client mode.
*/
int ossl_quic_channel_get_peer_addr(QUIC_CHANNEL *ch, BIO_ADDR *peer_addr);
int ossl_quic_channel_set_peer_addr(QUIC_CHANNEL *ch, const BIO_ADDR *peer_addr);
/* Gets/sets the underlying network read and write BIOs. */
BIO *ossl_quic_channel_get_net_rbio(QUIC_CHANNEL *ch);
BIO *ossl_quic_channel_get_net_wbio(QUIC_CHANNEL *ch);
int ossl_quic_channel_set0_net_rbio(QUIC_CHANNEL *ch, BIO *net_rbio);
int ossl_quic_channel_set0_net_wbio(QUIC_CHANNEL *ch, BIO *net_wbio);
/*
* Returns an existing stream by stream ID. Returns NULL if the stream does not
* exist.
*/
QUIC_STREAM *ossl_quic_channel_get_stream_by_id(QUIC_CHANNEL *ch,
uint64_t stream_id);
/* Returns 1 if channel is terminating or terminated. */
int ossl_quic_channel_is_term_any(const QUIC_CHANNEL *ch);
int ossl_quic_channel_is_terminating(const QUIC_CHANNEL *ch);
int ossl_quic_channel_is_terminated(const QUIC_CHANNEL *ch);
int ossl_quic_channel_is_active(const QUIC_CHANNEL *ch);
int ossl_quic_channel_is_handshake_complete(const QUIC_CHANNEL *ch);
#endif

1
ssl/quic/build.info
View File

@ -10,3 +10,4 @@ SOURCE[$LIBSSL]=quic_stream_map.c
SOURCE[$LIBSSL]=quic_sf_list.c quic_rstream.c quic_sstream.c
SOURCE[$LIBSSL]=quic_dummy_handshake.c
SOURCE[$LIBSSL]=quic_reactor.c
SOURCE[$LIBSSL]=quic_channel.c

1627
ssl/quic/quic_channel.c Normal file
View File

File diff suppressed because it is too large Load Diff

270
ssl/quic/quic_channel_local.h Normal file
View File

@ -0,0 +1,270 @@
#ifndef OSSL_QUIC_CHANNEL_LOCAL_H
# define OSSL_QUIC_CHANNEL_LOCAL_H
# include "internal/quic_channel.h"
# ifndef OPENSSL_NO_QUIC
/* Represents the cause for a connection's termination. */
typedef struct quic_terminate_cause_st {
/*
* If we are in a TERMINATING or TERMINATED state, this is the error code
* associated with the error. This field is valid iff we are in the
* TERMINATING or TERMINATED states.
*/
uint64_t error_code;
/*
* If terminate_app is set and this is nonzero, this is the frame type which
* caused the connection to be terminated.
*/
uint64_t frame_type;
/* Is this error code in the transport (0) or application (1) space? */
unsigned int app : 1;
/*
* If set, the cause of the termination is a received CONNECTION_CLOSE
* frame. Otherwise, we decided to terminate ourselves and sent a
* CONNECTION_CLOSE frame (regardless of whether the peer later also sends
* one).
*/
unsigned int remote : 1;
} QUIC_TERMINATE_CAUSE;
/*
* QUIC Channel Structure
* ======================
*
* QUIC channel internals. It is intended that only the QUIC_CHANNEL
* implementation and the RX depacketiser be allowed to access this structure
* directly. As the RX depacketiser has no state of its own and computes over a
* QUIC_CHANNEL structure, it can be viewed as an extention of the QUIC_CHANNEL
* implementation. While the RX depacketiser could be provided with adequate
* accessors to do what it needs, this would weaken the abstraction provided by
* the QUIC_CHANNEL to other components; moreover the coupling of the RX
* depacketiser to QUIC_CHANNEL internals is too deep and bespoke to make this
* desirable.
*
* Other components should not include this header.
*/
struct quic_channel_st {
OSSL_LIB_CTX *libctx;
const char *propq;
/*
* The associated TLS 1.3 connection data. Used to provide the handshake
* layer; its 'network' side is plugged into the crypto stream for each EL
* (other than the 0-RTT EL).
*/
QUIC_DHS *dhs;
/* TODO(QUIC): Replace this with a QUIC_TLS instance when ready. */
/*
* The transport parameter block we will send or have sent.
* Freed after sending or when connection is freed.
*/
unsigned char *local_transport_params;
/* Asynchronous I/O reactor. */
QUIC_REACTOR rtor;
/* Our current L4 peer address, if any. */
BIO_ADDR cur_peer_addr;
/* Network-side read and write BIOs. */
BIO *net_rbio, *net_wbio;
/*
* Subcomponents of the connection. All of these components are instantiated
* and owned by us.
*/
OSSL_QUIC_TX_PACKETISER *txp;
QUIC_TXPIM *txpim;
QUIC_CFQ *cfq;
/* Connection level FC. */
QUIC_TXFC conn_txfc;
QUIC_RXFC conn_rxfc;
QUIC_STREAM_MAP qsm;
OSSL_STATM statm;
OSSL_CC_DATA *cc_data;
const OSSL_CC_METHOD *cc_method;
OSSL_ACKM *ackm;
/*
* RX demuxer. We register incoming DCIDs with this. Since we currently only
* support client operation and use one L4 port per connection, we own the
* demuxer and register a single zero-length DCID with it.
*/
QUIC_DEMUX *demux;
/* Record layers in the TX and RX directions, plus the RX demuxer. */
OSSL_QTX *qtx;
OSSL_QRX *qrx;
/*
* Send and receive parts of the crypto streams.
* crypto_send[QUIC_PN_SPACE_APP] is the 1-RTT crypto stream. There is no
* 0-RTT crypto stream.
*/
QUIC_SSTREAM *crypto_send[QUIC_PN_SPACE_NUM];
QUIC_RSTREAM *crypto_recv[QUIC_PN_SPACE_NUM];
/*
* Our (currently only) application data stream. This is a bidirectional
* client-initiated stream and thus (in QUICv1) always has a stream ID of 0.
*/
QUIC_STREAM *stream0;
/* Internal state. */
/*
* The DCID used in the first Initial packet we transmit as a client.
* Randomly generated and required by RFC to be at least 8 bytes.
*/
QUIC_CONN_ID init_dcid;
/*
* The SCID found in the first Initial packet from the server.
* Valid if have_received_enc_pkt is set.
*/
QUIC_CONN_ID init_scid;
/* The SCID found in an incoming Retry packet we handled. */
QUIC_CONN_ID retry_scid;
/* Transport parameter values received from server. */
uint64_t init_max_stream_data_bidi_local;
uint64_t init_max_stream_data_bidi_remote;
uint64_t init_max_stream_data_uni_remote;
uint64_t rx_max_ack_delay; /* ms */
unsigned char rx_ack_delay_exp;
/*
* Temporary staging area to store information about the incoming packet we
* are currently processing.
*/
OSSL_QRX_PKT *qrx_pkt;
/*
* Current limit on number of streams we may create. Set by transport
* parameters initially and then by MAX_STREAMS frames.
*/
uint64_t max_local_streams_bidi;
uint64_t max_local_streams_uni;
/* The negotiated maximum idle timeout in milliseconds. */
uint64_t max_idle_timeout;
/*
* Maximum payload size in bytes for datagrams sent to our peer, as
* negotiated by transport parameters.
*/
uint64_t rx_max_udp_payload_size;
/* Maximum active CID limit, as negotiated by transport parameters. */
uint64_t rx_active_conn_id_limit;
/* Valid if we are in the TERMINATING or TERMINATED states. */
QUIC_TERMINATE_CAUSE terminate_cause;
/*
* Deadline at which we move to TERMINATING state. Valid if in the
* TERMINATING state.
*/
OSSL_TIME terminate_deadline;
/*
* Deadline at which connection dies due to idle timeout if no further
* events occur.
*/
OSSL_TIME idle_deadline;
/*
* State tracking. QUIC connection-level state is best represented based on
* whether various things have happened yet or not, rather than as an
* explicit FSM. We do have a coarse state variable which tracks the basic
* state of the connection's lifecycle, but more fine-grained conditions of
* the Active state are tracked via flags below. For more details, see
* doc/designs/quic-design/connection-state-machine.md. We are in the Open
* state if the state is QUIC_CSM_STATE_ACTIVE and handshake_confirmed is
* set.
*/
unsigned int state : 3;
/*
* Have we received at least one encrypted packet from the peer?
* (If so, Retry and Version Negotiation messages should no longer
* be received and should be ignored if they do occur.)
*/
unsigned int have_received_enc_pkt : 1;
/*
* Have we sent literally any packet yet? If not, there is no point polling
* RX.
*/
unsigned int have_sent_any_pkt : 1;
/*
* Are we currently doing proactive version negotiation?
*/
unsigned int doing_proactive_ver_neg : 1;
/* We have received transport parameters from the peer. */
unsigned int got_remote_transport_params : 1;
/*
* This monotonically transitions to 1 once the TLS state machine is
* 'complete', meaning that it has both sent a Finished and successfully
* verified the peer's Finished (see RFC 9001 s. 4.1.1). Note that it
* does not transition to 1 at both peers simultaneously.
*
* Handshake completion is not the same as handshake confirmation (see
* below).
*/
unsigned int handshake_complete : 1;
/*
* This monotonically transitions to 1 once the handshake is confirmed.
* This happens on the client when we receive a HANDSHAKE_DONE frame.
* At our option, we may also take acknowledgement of any 1-RTT packet
* we sent as a handshake confirmation.
*/
unsigned int handshake_confirmed : 1;
/*
* We are sending Initial packets based on a Retry. This means we definitely
* should not receive another Retry, and if we do it is an error.
*/
unsigned int doing_retry : 1;
/*
* We don't store the current EL here; the TXP asks the QTX which ELs
* are provisioned to determine which ELs to use.
*/
/* Have statm, qsm been initialised? Used to track cleanup. */
unsigned int have_statm : 1;
unsigned int have_qsm : 1;
/*
* Preferred EL for transmission. This is not strictly needed as it can be
* inferred from what keys we have provisioned, but makes determining the
* current EL simpler and faster.
*/
unsigned int tx_enc_level : 3;
/* If bit n is set, EL n has been discarded. */
unsigned int el_discarded : 4;
/*
* While in TERMINATING - CLOSING, set when we should generate a connection
* close frame.
*/
unsigned int conn_close_queued : 1;
/* Are we in server mode? Never changes after instantiation. */
unsigned int is_server : 1;
};
# endif
#endif