瀏覽代碼
Add post-handshake support for the QUIC API.
Change-Id: I4956efabfb33f7bd60a4743a922c29ee4de18935 Reviewed-on: https://boringssl-review.googlesource.com/c/33004 Commit-Queue: Steven Valdez <svaldez@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Reviewed-by: David Benjamin <davidben@google.com>kris/onging/CECPQ3_patch15
Steven Valdez
6 年之前
committed by
CQ bot account: commit-bot@chromium.org
CQ bot account: commit-bot@chromium.org
共有 3 個檔案被更改,包括 144 行新增 和 10 行删除
分割檢視
Diff Options
-
+10 -3include/openssl/ssl.h
-
+27 -0ssl/ssl_lib.cc
-
+107 -7ssl/ssl_test.cc
+ 10
- 3
include/openssl/ssl.h
查看文件
| @@ -3047,7 +3047,10 @@ OPENSSL_EXPORT void SSL_get_peer_quic_transport_params(const SSL *ssl, | |||
| // |SSL_QUIC_METHOD| to configure secrets and send data. If data is needed from | |||
| // the peer, it will return |SSL_ERROR_WANT_READ|. When received, the caller | |||
| // should call |SSL_provide_quic_data| and then |SSL_do_handshake| to continue | |||
| // the handshake. It is an error to call |SSL_read| and |SSL_write| in QUIC. | |||
| // the handshake. After the handshake is complete, the caller should call | |||
| // |SSL_provide_quic_data| for any post-handshake data, followed by | |||
| // |SSL_process_quic_post_handshake| to process it. It is an error to call | |||
| // |SSL_read| and |SSL_write| in QUIC. | |||
| // | |||
| // Note that secrets for an encryption level may be available to QUIC before the | |||
| // level is active in TLS. Callers should use |SSL_quic_read_level| to determine | |||
| @@ -3064,8 +3067,7 @@ OPENSSL_EXPORT void SSL_get_peer_quic_transport_params(const SSL *ssl, | |||
| // |SSL_quic_max_handshake_flight_len| to get the maximum buffer length at each | |||
| // encryption level. | |||
| // | |||
| // Note: 0-RTT and post-handshake tickets are not currently supported via this | |||
| // API. | |||
| // Note: 0-RTT is not currently supported via this API. | |||
| // ssl_encryption_level_t represents a specific QUIC encryption level used to | |||
| // transmit handshake messages. | |||
| @@ -3139,6 +3141,11 @@ OPENSSL_EXPORT int SSL_provide_quic_data(SSL *ssl, | |||
| const uint8_t *data, size_t len); | |||
| // SSL_process_quic_post_handshake processes any data that QUIC has provided | |||
| // after the handshake has completed. This includes NewSessionTicket messages | |||
| // sent by the server. It returns one on success and zero on error. | |||
| OPENSSL_EXPORT int SSL_process_quic_post_handshake(SSL *ssl); | |||
| // SSL_CTX_set_quic_method configures the QUIC hooks. This should only be | |||
| // configured with a minimum version of TLS 1.3. |quic_method| must remain valid | |||
| // for the lifetime of |ctx|. It returns one on success and zero on error. | |||
+ 27
- 0
ssl/ssl_lib.cc
查看文件
| @@ -948,6 +948,33 @@ static int ssl_do_post_handshake(SSL *ssl, const SSLMessage &msg) { | |||
| return 1; | |||
| } | |||
| int SSL_process_quic_post_handshake(SSL *ssl) { | |||
| ssl_reset_error_state(ssl); | |||
| if (SSL_in_init(ssl)) { | |||
| OPENSSL_PUT_ERROR(SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | |||
| return 0; | |||
| } | |||
| // Replay post-handshake message errors. | |||
| if (!check_read_error(ssl)) { | |||
| return 0; | |||
| } | |||
| // Process any buffered post-handshake messages. | |||
| SSLMessage msg; | |||
| while (ssl->method->get_message(ssl, &msg)) { | |||
| // Handle the post-handshake message and try again. | |||
| if (!ssl_do_post_handshake(ssl, msg)) { | |||
| ssl_set_read_error(ssl); | |||
| return 0; | |||
| } | |||
| ssl->method->next_message(ssl); | |||
| } | |||
| return 1; | |||
| } | |||
| static int ssl_read_impl(SSL *ssl) { | |||
| ssl_reset_error_state(ssl); | |||
+ 107
- 7
ssl/ssl_test.cc
查看文件
| @@ -4727,6 +4727,21 @@ class QUICMethodTest : public testing::Test { | |||
| return true; | |||
| } | |||
| bool CreateSecondClientAndServer() { | |||
| client_.reset(SSL_new(client_ctx_.get())); | |||
| server_.reset(SSL_new(server_ctx_.get())); | |||
| if (!client_ || !server_) { | |||
| return false; | |||
| } | |||
| SSL_set_connect_state(client_.get()); | |||
| SSL_set_accept_state(server_.get()); | |||
| ex_data_.Set(client_.get(), second_transport_.client()); | |||
| ex_data_.Set(server_.get(), second_transport_.server()); | |||
| return true; | |||
| } | |||
| // The following functions may be configured on an |SSL_QUIC_METHOD| as | |||
| // default implementations. | |||
| @@ -4760,6 +4775,7 @@ class QUICMethodTest : public testing::Test { | |||
| static UnownedSSLExData<MockQUICTransport> ex_data_; | |||
| MockQUICTransportPair transport_; | |||
| MockQUICTransportPair second_transport_; | |||
| bssl::UniquePtr<SSL> client_; | |||
| bssl::UniquePtr<SSL> server_; | |||
| @@ -4776,6 +4792,10 @@ TEST_F(QUICMethodTest, Basic) { | |||
| SendAlertCallback, | |||
| }; | |||
| g_last_session = nullptr; | |||
| SSL_CTX_set_session_cache_mode(client_ctx_.get(), SSL_SESS_CACHE_BOTH); | |||
| SSL_CTX_sess_set_new_cb(client_ctx_.get(), SaveLastSession); | |||
| ASSERT_TRUE(SSL_CTX_set_quic_method(client_ctx_.get(), &quic_method)); | |||
| ASSERT_TRUE(SSL_CTX_set_quic_method(server_ctx_.get(), &quic_method)); | |||
| ASSERT_TRUE(CreateClientAndServer()); | |||
| @@ -4807,13 +4827,43 @@ TEST_F(QUICMethodTest, Basic) { | |||
| EXPECT_FALSE(transport_.server()->has_alert()); | |||
| // The server sent NewSessionTicket messages in the handshake. | |||
| // | |||
| // TODO(davidben,svaldez): Add an API for the client to consume post-handshake | |||
| // messages and update these tests. | |||
| std::vector<uint8_t> new_session_ticket; | |||
| ASSERT_TRUE(transport_.client()->ReadHandshakeData( | |||
| &new_session_ticket, ssl_encryption_application)); | |||
| EXPECT_FALSE(new_session_ticket.empty()); | |||
| EXPECT_FALSE(g_last_session); | |||
| ASSERT_TRUE(ProvideHandshakeData(client_.get())); | |||
| EXPECT_EQ(SSL_process_quic_post_handshake(client_.get()), 1); | |||
| EXPECT_TRUE(g_last_session); | |||
| // Create a second connection to verify resumption works. | |||
| ASSERT_TRUE(CreateSecondClientAndServer()); | |||
| bssl::UniquePtr<SSL_SESSION> session = std::move(g_last_session); | |||
| SSL_set_session(client_.get(), session.get()); | |||
| for (;;) { | |||
| ASSERT_TRUE(ProvideHandshakeData(client_.get())); | |||
| int client_ret = SSL_do_handshake(client_.get()); | |||
| if (client_ret != 1) { | |||
| ASSERT_EQ(client_ret, -1); | |||
| ASSERT_EQ(SSL_get_error(client_.get(), client_ret), SSL_ERROR_WANT_READ); | |||
| } | |||
| ASSERT_TRUE(ProvideHandshakeData(server_.get())); | |||
| int server_ret = SSL_do_handshake(server_.get()); | |||
| if (server_ret != 1) { | |||
| ASSERT_EQ(server_ret, -1); | |||
| ASSERT_EQ(SSL_get_error(server_.get(), server_ret), SSL_ERROR_WANT_READ); | |||
| } | |||
| if (client_ret == 1 && server_ret == 1) { | |||
| break; | |||
| } | |||
| } | |||
| EXPECT_EQ(SSL_do_handshake(client_.get()), 1); | |||
| EXPECT_EQ(SSL_do_handshake(server_.get()), 1); | |||
| EXPECT_TRUE(transport_.SecretsMatch(ssl_encryption_application)); | |||
| EXPECT_FALSE(transport_.client()->has_alert()); | |||
| EXPECT_FALSE(transport_.server()->has_alert()); | |||
| EXPECT_TRUE(SSL_session_reused(client_.get())); | |||
| EXPECT_TRUE(SSL_session_reused(server_.get())); | |||
| } | |||
| // Test only releasing data to QUIC one byte at a time on request, to maximize | |||
| @@ -5073,6 +5123,56 @@ TEST_F(QUICMethodTest, TooMuchData) { | |||
| SSL_provide_quic_data(client_.get(), ssl_encryption_initial, &b, 1)); | |||
| } | |||
| // Provide invalid post-handshake data. | |||
| TEST_F(QUICMethodTest, BadPostHandshake) { | |||
| const SSL_QUIC_METHOD quic_method = { | |||
| SetEncryptionSecretsCallback, | |||
| AddHandshakeDataCallback, | |||
| FlushFlightCallback, | |||
| SendAlertCallback, | |||
| }; | |||
| g_last_session = nullptr; | |||
| SSL_CTX_set_session_cache_mode(client_ctx_.get(), SSL_SESS_CACHE_BOTH); | |||
| SSL_CTX_sess_set_new_cb(client_ctx_.get(), SaveLastSession); | |||
| ASSERT_TRUE(SSL_CTX_set_quic_method(client_ctx_.get(), &quic_method)); | |||
| ASSERT_TRUE(SSL_CTX_set_quic_method(server_ctx_.get(), &quic_method)); | |||
| ASSERT_TRUE(CreateClientAndServer()); | |||
| for (;;) { | |||
| ASSERT_TRUE(ProvideHandshakeData(client_.get())); | |||
| int client_ret = SSL_do_handshake(client_.get()); | |||
| if (client_ret != 1) { | |||
| ASSERT_EQ(client_ret, -1); | |||
| ASSERT_EQ(SSL_get_error(client_.get(), client_ret), SSL_ERROR_WANT_READ); | |||
| } | |||
| ASSERT_TRUE(ProvideHandshakeData(server_.get())); | |||
| int server_ret = SSL_do_handshake(server_.get()); | |||
| if (server_ret != 1) { | |||
| ASSERT_EQ(server_ret, -1); | |||
| ASSERT_EQ(SSL_get_error(server_.get(), server_ret), SSL_ERROR_WANT_READ); | |||
| } | |||
| if (client_ret == 1 && server_ret == 1) { | |||
| break; | |||
| } | |||
| } | |||
| EXPECT_EQ(SSL_do_handshake(client_.get()), 1); | |||
| EXPECT_EQ(SSL_do_handshake(server_.get()), 1); | |||
| EXPECT_TRUE(transport_.SecretsMatch(ssl_encryption_application)); | |||
| EXPECT_FALSE(transport_.client()->has_alert()); | |||
| EXPECT_FALSE(transport_.server()->has_alert()); | |||
| // Junk sent as part of post-handshake data should cause an error. | |||
| uint8_t kJunk[] = {0x17, 0x0, 0x0, 0x4, 0xB, 0xE, 0xE, 0xF}; | |||
| ASSERT_TRUE(SSL_provide_quic_data(client_.get(), ssl_encryption_application, | |||
| kJunk, sizeof(kJunk))); | |||
| EXPECT_EQ(SSL_process_quic_post_handshake(client_.get()), 0); | |||
| } | |||
| // TODO(davidben): Convert this file to GTest properly. | |||
| TEST(SSLTest, AllTests) { | |||
| if (!TestSSL_SESSIONEncoding(kOpenSSLSession) || | |||