1 /* Copyright (c) 2019, Google Inc.
2 *
3 * Permission to use, copy, modify, and/or distribute this software for any
4 * purpose with or without fee is hereby granted, provided that the above
5 * copyright notice and this permission notice appear in all copies.
6 *
7 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14
15 #include "mock_quic_transport.h"
16
17 #include <openssl/span.h>
18
19 #include <cstring>
20 #include <limits>
21
MockQuicTransport(bssl::UniquePtr<BIO> bio,SSL * ssl)22 MockQuicTransport::MockQuicTransport(bssl::UniquePtr<BIO> bio, SSL *ssl)
23 : bio_(std::move(bio)),
24 read_levels_(ssl_encryption_application + 1),
25 write_levels_(ssl_encryption_application + 1),
26 ssl_(ssl) {}
27
SetReadSecret(enum ssl_encryption_level_t level,const SSL_CIPHER * cipher,const uint8_t * secret,size_t secret_len)28 bool MockQuicTransport::SetReadSecret(enum ssl_encryption_level_t level,
29 const SSL_CIPHER *cipher,
30 const uint8_t *secret,
31 size_t secret_len) {
32 // TODO(davidben): Assert the various encryption secret invariants.
33 read_levels_[level].cipher = SSL_CIPHER_get_protocol_id(cipher);
34 read_levels_[level].secret.assign(secret, secret + secret_len);
35 return true;
36 }
37
SetWriteSecret(enum ssl_encryption_level_t level,const SSL_CIPHER * cipher,const uint8_t * secret,size_t secret_len)38 bool MockQuicTransport::SetWriteSecret(enum ssl_encryption_level_t level,
39 const SSL_CIPHER *cipher,
40 const uint8_t *secret,
41 size_t secret_len) {
42 // TODO(davidben): Assert the various encryption secret invariants.
43 write_levels_[level].cipher = SSL_CIPHER_get_protocol_id(cipher);
44 write_levels_[level].secret.assign(secret, secret + secret_len);
45 return true;
46 }
47
48 namespace {
49
ReadAll(BIO * bio,bssl::Span<uint8_t> out)50 bool ReadAll(BIO *bio, bssl::Span<uint8_t> out) {
51 size_t len = out.size();
52 uint8_t *buf = out.data();
53 while (len > 0) {
54 int chunk_len = std::numeric_limits<int>::max();
55 if (len <= static_cast<unsigned int>(std::numeric_limits<int>::max())) {
56 chunk_len = len;
57 }
58 int ret = BIO_read(bio, buf, chunk_len);
59 if (ret <= 0) {
60 return false;
61 }
62 buf += ret;
63 len -= ret;
64 }
65 return true;
66 }
67
LevelToString(ssl_encryption_level_t level)68 const char *LevelToString(ssl_encryption_level_t level) {
69 switch (level) {
70 case ssl_encryption_initial:
71 return "initial";
72 case ssl_encryption_early_data:
73 return "early_data";
74 case ssl_encryption_handshake:
75 return "handshake";
76 case ssl_encryption_application:
77 return "application";
78 }
79 return "";
80 }
81
82 } // namespace
83
ReadHeader(uint8_t * out_type,enum ssl_encryption_level_t * out_level,size_t * out_len)84 bool MockQuicTransport::ReadHeader(uint8_t *out_type,
85 enum ssl_encryption_level_t *out_level,
86 size_t *out_len) {
87 for (;;) {
88 uint8_t header[8];
89 if (!ReadAll(bio_.get(), header)) {
90 // TODO(davidben): Distinguish between errors and EOF. See
91 // ReadApplicationData.
92 return false;
93 }
94
95 CBS cbs;
96 uint8_t level_id;
97 uint16_t cipher_suite;
98 uint32_t remaining_bytes;
99 CBS_init(&cbs, header, sizeof(header));
100 if (!CBS_get_u8(&cbs, out_type) ||
101 !CBS_get_u8(&cbs, &level_id) ||
102 !CBS_get_u16(&cbs, &cipher_suite) ||
103 !CBS_get_u32(&cbs, &remaining_bytes) ||
104 level_id >= read_levels_.size()) {
105 fprintf(stderr, "Error parsing record header.\n");
106 return false;
107 }
108
109 auto level = static_cast<ssl_encryption_level_t>(level_id);
110 // Non-initial levels must be configured before use.
111 uint16_t expect_cipher = read_levels_[level].cipher;
112 if (expect_cipher == 0 && level != ssl_encryption_initial) {
113 if (level == ssl_encryption_early_data) {
114 // If we receive early data records without any early data keys, skip
115 // the record. This means early data was rejected.
116 std::vector<uint8_t> discard(remaining_bytes);
117 if (!ReadAll(bio_.get(), bssl::MakeSpan(discard))) {
118 return false;
119 }
120 continue;
121 }
122 fprintf(stderr,
123 "Got record at level %s, but keys were not configured.\n",
124 LevelToString(level));
125 return false;
126 }
127 if (cipher_suite != expect_cipher) {
128 fprintf(stderr, "Got cipher suite 0x%04x at level %s, wanted 0x%04x.\n",
129 cipher_suite, LevelToString(level), expect_cipher);
130 return false;
131 }
132 const std::vector<uint8_t> &secret = read_levels_[level].secret;
133 std::vector<uint8_t> read_secret(secret.size());
134 if (remaining_bytes < secret.size()) {
135 fprintf(stderr, "Record at level %s too small.\n", LevelToString(level));
136 return false;
137 }
138 remaining_bytes -= secret.size();
139 if (!ReadAll(bio_.get(), bssl::MakeSpan(read_secret))) {
140 fprintf(stderr, "Error reading record secret.\n");
141 return false;
142 }
143 if (read_secret != secret) {
144 fprintf(stderr, "Encryption secret at level %s did not match.\n",
145 LevelToString(level));
146 return false;
147 }
148 *out_level = level;
149 *out_len = remaining_bytes;
150 return true;
151 }
152 }
153
ReadHandshake()154 bool MockQuicTransport::ReadHandshake() {
155 uint8_t type;
156 ssl_encryption_level_t level;
157 size_t len;
158 if (!ReadHeader(&type, &level, &len)) {
159 return false;
160 }
161 if (type != SSL3_RT_HANDSHAKE) {
162 return false;
163 }
164
165 std::vector<uint8_t> buf(len);
166 if (!ReadAll(bio_.get(), bssl::MakeSpan(buf))) {
167 return false;
168 }
169 return SSL_provide_quic_data(ssl_, level, buf.data(), buf.size());
170 }
171
ReadApplicationData(uint8_t * out,size_t max_out)172 int MockQuicTransport::ReadApplicationData(uint8_t *out, size_t max_out) {
173 if (pending_app_data_.size() > 0) {
174 size_t len = pending_app_data_.size() - app_data_offset_;
175 if (len > max_out) {
176 len = max_out;
177 }
178 memcpy(out, pending_app_data_.data() + app_data_offset_, len);
179 app_data_offset_ += len;
180 if (app_data_offset_ == pending_app_data_.size()) {
181 pending_app_data_.clear();
182 app_data_offset_ = 0;
183 }
184 return len;
185 }
186
187 uint8_t type = 0;
188 ssl_encryption_level_t level;
189 size_t len;
190 while (true) {
191 if (!ReadHeader(&type, &level, &len)) {
192 // Assume that a failure to read the header means there's no more to read,
193 // not an error reading.
194 return 0;
195 }
196 if (type == SSL3_RT_APPLICATION_DATA) {
197 break;
198 }
199 if (type != SSL3_RT_HANDSHAKE) {
200 return -1;
201 }
202
203 std::vector<uint8_t> buf(len);
204 if (!ReadAll(bio_.get(), bssl::MakeSpan(buf))) {
205 return -1;
206 }
207 if (SSL_provide_quic_data(ssl_, level, buf.data(), buf.size()) != 1) {
208 return -1;
209 }
210 if (SSL_in_init(ssl_)) {
211 int ret = SSL_do_handshake(ssl_);
212 if (ret < 0) {
213 int ssl_err = SSL_get_error(ssl_, ret);
214 if (ssl_err == SSL_ERROR_WANT_READ) {
215 continue;
216 }
217 return -1;
218 }
219 } else if (SSL_process_quic_post_handshake(ssl_) != 1) {
220 return -1;
221 }
222 }
223
224 uint8_t *buf = out;
225 if (len > max_out) {
226 pending_app_data_.resize(len);
227 buf = pending_app_data_.data();
228 }
229 app_data_offset_ = 0;
230 if (!ReadAll(bio_.get(), bssl::MakeSpan(buf, len))) {
231 return -1;
232 }
233 if (len > max_out) {
234 memcpy(out, buf, max_out);
235 app_data_offset_ = max_out;
236 return max_out;
237 }
238 return len;
239 }
240
WriteRecord(enum ssl_encryption_level_t level,uint8_t type,const uint8_t * data,size_t len)241 bool MockQuicTransport::WriteRecord(enum ssl_encryption_level_t level,
242 uint8_t type, const uint8_t *data,
243 size_t len) {
244 uint16_t cipher_suite = write_levels_[level].cipher;
245 const std::vector<uint8_t> &secret = write_levels_[level].secret;
246 size_t tlv_len = secret.size() + len;
247 uint8_t header[8];
248 header[0] = type;
249 header[1] = level;
250 header[2] = (cipher_suite >> 8) & 0xff;
251 header[3] = cipher_suite & 0xff;
252 header[4] = (tlv_len >> 24) & 0xff;
253 header[5] = (tlv_len >> 16) & 0xff;
254 header[6] = (tlv_len >> 8) & 0xff;
255 header[7] = tlv_len & 0xff;
256 return BIO_write_all(bio_.get(), header, sizeof(header)) &&
257 BIO_write_all(bio_.get(), secret.data(), secret.size()) &&
258 BIO_write_all(bio_.get(), data, len);
259 }
260
WriteHandshakeData(enum ssl_encryption_level_t level,const uint8_t * data,size_t len)261 bool MockQuicTransport::WriteHandshakeData(enum ssl_encryption_level_t level,
262 const uint8_t *data, size_t len) {
263 return WriteRecord(level, SSL3_RT_HANDSHAKE, data, len);
264 }
265
WriteApplicationData(const uint8_t * in,size_t len)266 bool MockQuicTransport::WriteApplicationData(const uint8_t *in, size_t len) {
267 enum ssl_encryption_level_t level = ssl_encryption_application;
268 if (SSL_in_early_data(ssl_) && !SSL_is_server(ssl_)) {
269 level = ssl_encryption_early_data;
270 }
271 return WriteRecord(level, SSL3_RT_APPLICATION_DATA, in, len);
272 }
273
Flush()274 bool MockQuicTransport::Flush() { return BIO_flush(bio_.get()) > 0; }
275
SendAlert(enum ssl_encryption_level_t level,uint8_t alert)276 bool MockQuicTransport::SendAlert(enum ssl_encryption_level_t level,
277 uint8_t alert) {
278 uint8_t alert_msg[] = {2, alert};
279 return WriteRecord(level, SSL3_RT_ALERT, alert_msg, sizeof(alert_msg));
280 }
281