1 // Copyright 2019 The BoringSSL Authors
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // https://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14
15 #include "mock_quic_transport.h"
16
17 #include <openssl/span.h>
18
19 #include <algorithm>
20 #include <climits>
21 #include <cstring>
22
MockQuicTransport(bssl::UniquePtr<BIO> bio,SSL * ssl)23 MockQuicTransport::MockQuicTransport(bssl::UniquePtr<BIO> bio, SSL *ssl)
24 : bio_(std::move(bio)),
25 read_levels_(ssl_encryption_application + 1),
26 write_levels_(ssl_encryption_application + 1),
27 ssl_(ssl) {}
28
SetReadSecret(enum ssl_encryption_level_t level,const SSL_CIPHER * cipher,const uint8_t * secret,size_t secret_len)29 bool MockQuicTransport::SetReadSecret(enum ssl_encryption_level_t level,
30 const SSL_CIPHER *cipher,
31 const uint8_t *secret,
32 size_t secret_len) {
33 // TODO(davidben): Assert the various encryption secret invariants.
34 read_levels_[level].cipher = SSL_CIPHER_get_protocol_id(cipher);
35 read_levels_[level].secret.assign(secret, secret + secret_len);
36 return true;
37 }
38
SetWriteSecret(enum ssl_encryption_level_t level,const SSL_CIPHER * cipher,const uint8_t * secret,size_t secret_len)39 bool MockQuicTransport::SetWriteSecret(enum ssl_encryption_level_t level,
40 const SSL_CIPHER *cipher,
41 const uint8_t *secret,
42 size_t secret_len) {
43 // TODO(davidben): Assert the various encryption secret invariants.
44 write_levels_[level].cipher = SSL_CIPHER_get_protocol_id(cipher);
45 write_levels_[level].secret.assign(secret, secret + secret_len);
46 return true;
47 }
48
49 namespace {
50
ReadAll(BIO * bio,bssl::Span<uint8_t> out)51 bool ReadAll(BIO *bio, bssl::Span<uint8_t> out) {
52 size_t len = out.size();
53 uint8_t *buf = out.data();
54 while (len > 0) {
55 size_t chunk_len = std::min(len, size_t{INT_MAX});
56 int ret = BIO_read(bio, buf, static_cast<int>(chunk_len));
57 if (ret <= 0) {
58 return false;
59 }
60 buf += ret;
61 len -= ret;
62 }
63 return true;
64 }
65
LevelToString(ssl_encryption_level_t level)66 const char *LevelToString(ssl_encryption_level_t level) {
67 switch (level) {
68 case ssl_encryption_initial:
69 return "initial";
70 case ssl_encryption_early_data:
71 return "early_data";
72 case ssl_encryption_handshake:
73 return "handshake";
74 case ssl_encryption_application:
75 return "application";
76 }
77 return "";
78 }
79
80 } // namespace
81
ReadHeader(uint8_t * out_type,enum ssl_encryption_level_t * out_level,size_t * out_len)82 bool MockQuicTransport::ReadHeader(uint8_t *out_type,
83 enum ssl_encryption_level_t *out_level,
84 size_t *out_len) {
85 for (;;) {
86 uint8_t header[8];
87 if (!ReadAll(bio_.get(), header)) {
88 // TODO(davidben): Distinguish between errors and EOF. See
89 // ReadApplicationData.
90 return false;
91 }
92
93 CBS cbs;
94 uint8_t level_id;
95 uint16_t cipher_suite;
96 uint32_t remaining_bytes;
97 CBS_init(&cbs, header, sizeof(header));
98 if (!CBS_get_u8(&cbs, out_type) ||
99 !CBS_get_u8(&cbs, &level_id) ||
100 !CBS_get_u16(&cbs, &cipher_suite) ||
101 !CBS_get_u32(&cbs, &remaining_bytes) ||
102 level_id >= read_levels_.size()) {
103 fprintf(stderr, "Error parsing record header.\n");
104 return false;
105 }
106
107 auto level = static_cast<ssl_encryption_level_t>(level_id);
108 // Non-initial levels must be configured before use.
109 uint16_t expect_cipher = read_levels_[level].cipher;
110 if (expect_cipher == 0 && level != ssl_encryption_initial) {
111 if (level == ssl_encryption_early_data) {
112 // If we receive early data records without any early data keys, skip
113 // the record. This means early data was rejected.
114 std::vector<uint8_t> discard(remaining_bytes);
115 if (!ReadAll(bio_.get(), bssl::Span(discard))) {
116 return false;
117 }
118 continue;
119 }
120 fprintf(stderr,
121 "Got record at level %s, but keys were not configured.\n",
122 LevelToString(level));
123 return false;
124 }
125 if (cipher_suite != expect_cipher) {
126 fprintf(stderr, "Got cipher suite 0x%04x at level %s, wanted 0x%04x.\n",
127 cipher_suite, LevelToString(level), expect_cipher);
128 return false;
129 }
130 const std::vector<uint8_t> &secret = read_levels_[level].secret;
131 std::vector<uint8_t> read_secret(secret.size());
132 if (remaining_bytes < secret.size()) {
133 fprintf(stderr, "Record at level %s too small.\n", LevelToString(level));
134 return false;
135 }
136 remaining_bytes -= secret.size();
137 if (!ReadAll(bio_.get(), bssl::Span(read_secret))) {
138 fprintf(stderr, "Error reading record secret.\n");
139 return false;
140 }
141 if (read_secret != secret) {
142 fprintf(stderr, "Encryption secret at level %s did not match.\n",
143 LevelToString(level));
144 return false;
145 }
146 *out_level = level;
147 *out_len = remaining_bytes;
148 return true;
149 }
150 }
151
ReadHandshake()152 bool MockQuicTransport::ReadHandshake() {
153 uint8_t type;
154 ssl_encryption_level_t level;
155 size_t len;
156 if (!ReadHeader(&type, &level, &len)) {
157 return false;
158 }
159 if (type != SSL3_RT_HANDSHAKE) {
160 return false;
161 }
162
163 std::vector<uint8_t> buf(len);
164 if (!ReadAll(bio_.get(), bssl::Span(buf))) {
165 return false;
166 }
167 return SSL_provide_quic_data(ssl_, level, buf.data(), buf.size());
168 }
169
ReadApplicationData(uint8_t * out,size_t max_out)170 int MockQuicTransport::ReadApplicationData(uint8_t *out, size_t max_out) {
171 if (pending_app_data_.size() > 0) {
172 size_t len = pending_app_data_.size() - app_data_offset_;
173 if (len > max_out) {
174 len = max_out;
175 }
176 memcpy(out, pending_app_data_.data() + app_data_offset_, len);
177 app_data_offset_ += len;
178 if (app_data_offset_ == pending_app_data_.size()) {
179 pending_app_data_.clear();
180 app_data_offset_ = 0;
181 }
182 return len;
183 }
184
185 uint8_t type = 0;
186 ssl_encryption_level_t level;
187 size_t len;
188 while (true) {
189 if (!ReadHeader(&type, &level, &len)) {
190 // Assume that a failure to read the header means there's no more to read,
191 // not an error reading.
192 return 0;
193 }
194 if (type == SSL3_RT_APPLICATION_DATA) {
195 break;
196 }
197 if (type != SSL3_RT_HANDSHAKE) {
198 return -1;
199 }
200
201 std::vector<uint8_t> buf(len);
202 if (!ReadAll(bio_.get(), bssl::Span(buf))) {
203 return -1;
204 }
205 if (SSL_provide_quic_data(ssl_, level, buf.data(), buf.size()) != 1) {
206 return -1;
207 }
208 if (SSL_in_init(ssl_)) {
209 int ret = SSL_do_handshake(ssl_);
210 if (ret < 0) {
211 int ssl_err = SSL_get_error(ssl_, ret);
212 if (ssl_err == SSL_ERROR_WANT_READ) {
213 continue;
214 }
215 return -1;
216 }
217 } else if (SSL_process_quic_post_handshake(ssl_) != 1) {
218 return -1;
219 }
220 }
221
222 uint8_t *buf = out;
223 if (len > max_out) {
224 pending_app_data_.resize(len);
225 buf = pending_app_data_.data();
226 }
227 app_data_offset_ = 0;
228 if (!ReadAll(bio_.get(), bssl::Span(buf, len))) {
229 return -1;
230 }
231 if (len > max_out) {
232 memcpy(out, buf, max_out);
233 app_data_offset_ = max_out;
234 return max_out;
235 }
236 return len;
237 }
238
WriteRecord(enum ssl_encryption_level_t level,uint8_t type,const uint8_t * data,size_t len)239 bool MockQuicTransport::WriteRecord(enum ssl_encryption_level_t level,
240 uint8_t type, const uint8_t *data,
241 size_t len) {
242 uint16_t cipher_suite = write_levels_[level].cipher;
243 const std::vector<uint8_t> &secret = write_levels_[level].secret;
244 size_t tlv_len = secret.size() + len;
245 uint8_t header[8];
246 header[0] = type;
247 header[1] = level;
248 header[2] = (cipher_suite >> 8) & 0xff;
249 header[3] = cipher_suite & 0xff;
250 header[4] = (tlv_len >> 24) & 0xff;
251 header[5] = (tlv_len >> 16) & 0xff;
252 header[6] = (tlv_len >> 8) & 0xff;
253 header[7] = tlv_len & 0xff;
254 return BIO_write_all(bio_.get(), header, sizeof(header)) &&
255 BIO_write_all(bio_.get(), secret.data(), secret.size()) &&
256 BIO_write_all(bio_.get(), data, len);
257 }
258
WriteHandshakeData(enum ssl_encryption_level_t level,const uint8_t * data,size_t len)259 bool MockQuicTransport::WriteHandshakeData(enum ssl_encryption_level_t level,
260 const uint8_t *data, size_t len) {
261 return WriteRecord(level, SSL3_RT_HANDSHAKE, data, len);
262 }
263
WriteApplicationData(const uint8_t * in,size_t len)264 bool MockQuicTransport::WriteApplicationData(const uint8_t *in, size_t len) {
265 enum ssl_encryption_level_t level = ssl_encryption_application;
266 if (SSL_in_early_data(ssl_) && !SSL_is_server(ssl_)) {
267 level = ssl_encryption_early_data;
268 }
269 return WriteRecord(level, SSL3_RT_APPLICATION_DATA, in, len);
270 }
271
Flush()272 bool MockQuicTransport::Flush() { return BIO_flush(bio_.get()) > 0; }
273
SendAlert(enum ssl_encryption_level_t level,uint8_t alert)274 bool MockQuicTransport::SendAlert(enum ssl_encryption_level_t level,
275 uint8_t alert) {
276 uint8_t alert_msg[] = {2, alert};
277 return WriteRecord(level, SSL3_RT_ALERT, alert_msg, sizeof(alert_msg));
278 }
279