1// Copyright (c) 2019, Google Inc. 2// 3// Permission to use, copy, modify, and/or distribute this software for any 4// purpose with or without fee is hereby granted, provided that the above 5// copyright notice and this permission notice appear in all copies. 6// 7// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 10// SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION 12// OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 13// CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 15package runner 16 17import ( 18 "bytes" 19 "encoding/binary" 20 "fmt" 21 "io" 22 "net" 23) 24 25type encryptionLevel byte 26 27const ( 28 encryptionInitial encryptionLevel = 0 29 encryptionEarlyData encryptionLevel = 1 30 encryptionHandshake encryptionLevel = 2 31 encryptionApplication encryptionLevel = 3 32) 33 34func (e encryptionLevel) String() string { 35 switch e { 36 case encryptionInitial: 37 return "initial" 38 case encryptionEarlyData: 39 return "early data" 40 case encryptionHandshake: 41 return "handshake" 42 case encryptionApplication: 43 return "application" 44 } 45 return fmt.Sprintf("unknown level (%d)", e) 46} 47 48// mockQUICTransport provides a record layer for sending/receiving messages 49// when testing TLS over QUIC. It is only intended for testing, as it runs over 50// an in-order reliable transport, looks nothing like the QUIC wire image, and 51// provides no confidentiality guarantees. (In fact, it leaks keys in the 52// clear.) 53// 54// Messages from TLS that are sent over a mockQUICTransport are a series of 55// records in the following format: 56// 57// enum { 58// initial(0), early_data(1), handshake(2), application(3), (255) 59// } EncryptionLevel; 60// 61// struct { 62// ContentType record_type; 63// EncryptionLevel level; 64// CipherSuite cipher_suite; 65// opaque encrypted_record<0..2^32-1>; 66// } MockQUICRecord; 67// 68// The "encrypted" record is the concatenation of the encryption key and 69// plaintext. It and the cipher suite exist only to check both sides agree on 70// encryption parameters. The key is included in the length prefix so records 71// may be skipped without knowing the key length. 72type mockQUICTransport struct { 73 net.Conn 74 readLevel, writeLevel encryptionLevel 75 readSecret, writeSecret []byte 76 readCipherSuite, writeCipherSuite uint16 77 skipEarlyData bool 78} 79 80func newMockQUICTransport(conn net.Conn) *mockQUICTransport { 81 return &mockQUICTransport{Conn: conn} 82} 83 84func (m *mockQUICTransport) read() (recordType, []byte, error) { 85 for { 86 header := make([]byte, 8) 87 if _, err := io.ReadFull(m.Conn, header); err != nil { 88 return 0, nil, err 89 } 90 typ := recordType(header[0]) 91 level := encryptionLevel(header[1]) 92 cipherSuite := binary.BigEndian.Uint16(header[2:4]) 93 length := binary.BigEndian.Uint32(header[4:]) 94 value := make([]byte, length) 95 if _, err := io.ReadFull(m.Conn, value); err != nil { 96 return 0, nil, fmt.Errorf("error reading record") 97 } 98 if level != m.readLevel { 99 if m.skipEarlyData && level == encryptionEarlyData { 100 continue 101 } 102 return 0, nil, fmt.Errorf("received record at %s encryption level, but expected %s", level, m.readLevel) 103 } 104 if cipherSuite != m.readCipherSuite { 105 return 0, nil, fmt.Errorf("received cipher suite %d does not match expected %d", cipherSuite, m.readCipherSuite) 106 } 107 if len(m.readSecret) > len(value) { 108 return 0, nil, fmt.Errorf("input length too short") 109 } 110 secret := value[:len(m.readSecret)] 111 out := value[len(m.readSecret):] 112 if !bytes.Equal(secret, m.readSecret) { 113 return 0, nil, fmt.Errorf("secrets don't match: got %x but expected %x", secret, m.readSecret) 114 } 115 // Although not true for QUIC in general, our transport is ordered, so 116 // we expect to stop skipping early data after a valid record. 117 m.skipEarlyData = false 118 return typ, out, nil 119 } 120} 121 122func (m *mockQUICTransport) readRecord(want recordType) (recordType, *block, error) { 123 typ, contents, err := m.read() 124 if err != nil { 125 return 0, nil, err 126 } 127 return typ, &block{contents, 0, nil}, nil 128} 129 130func (m *mockQUICTransport) writeRecord(typ recordType, data []byte) (int, error) { 131 if typ != recordTypeApplicationData && typ != recordTypeHandshake { 132 return 0, fmt.Errorf("unsupported record type %d\n", typ) 133 } 134 length := len(m.writeSecret) + len(data) 135 payload := make([]byte, 1+1+2+4+length) 136 payload[0] = byte(typ) 137 payload[1] = byte(m.writeLevel) 138 binary.BigEndian.PutUint16(payload[2:4], m.writeCipherSuite) 139 binary.BigEndian.PutUint32(payload[4:8], uint32(length)) 140 copy(payload[8:], m.writeSecret) 141 copy(payload[8+len(m.writeSecret):], data) 142 if _, err := m.Conn.Write(payload); err != nil { 143 return 0, err 144 } 145 return len(data), nil 146} 147 148func (m *mockQUICTransport) Write(b []byte) (int, error) { 149 panic("unexpected call to Write") 150} 151 152func (m *mockQUICTransport) Read(b []byte) (int, error) { 153 panic("unexpected call to Read") 154} 155