Mirror of BoringSSL (grpc依赖)
https://boringssl.googlesource.com/boringssl
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
280 lines
8.9 KiB
280 lines
8.9 KiB
/* Copyright (c) 2019, Google Inc. |
|
* |
|
* Permission to use, copy, modify, and/or distribute this software for any |
|
* purpose with or without fee is hereby granted, provided that the above |
|
* copyright notice and this permission notice appear in all copies. |
|
* |
|
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES |
|
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF |
|
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY |
|
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES |
|
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION |
|
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN |
|
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ |
|
|
|
#include "mock_quic_transport.h" |
|
|
|
#include <openssl/span.h> |
|
|
|
#include <cstring> |
|
#include <limits> |
|
|
|
MockQuicTransport::MockQuicTransport(bssl::UniquePtr<BIO> bio, SSL *ssl) |
|
: bio_(std::move(bio)), |
|
read_levels_(ssl_encryption_application + 1), |
|
write_levels_(ssl_encryption_application + 1), |
|
ssl_(ssl) {} |
|
|
|
bool MockQuicTransport::SetReadSecret(enum ssl_encryption_level_t level, |
|
const SSL_CIPHER *cipher, |
|
const uint8_t *secret, |
|
size_t secret_len) { |
|
// TODO(davidben): Assert the various encryption secret invariants. |
|
read_levels_[level].cipher = SSL_CIPHER_get_protocol_id(cipher); |
|
read_levels_[level].secret.assign(secret, secret + secret_len); |
|
return true; |
|
} |
|
|
|
bool MockQuicTransport::SetWriteSecret(enum ssl_encryption_level_t level, |
|
const SSL_CIPHER *cipher, |
|
const uint8_t *secret, |
|
size_t secret_len) { |
|
// TODO(davidben): Assert the various encryption secret invariants. |
|
write_levels_[level].cipher = SSL_CIPHER_get_protocol_id(cipher); |
|
write_levels_[level].secret.assign(secret, secret + secret_len); |
|
return true; |
|
} |
|
|
|
namespace { |
|
|
|
bool ReadAll(BIO *bio, bssl::Span<uint8_t> out) { |
|
size_t len = out.size(); |
|
uint8_t *buf = out.data(); |
|
while (len > 0) { |
|
int chunk_len = std::numeric_limits<int>::max(); |
|
if (len <= static_cast<unsigned int>(std::numeric_limits<int>::max())) { |
|
chunk_len = len; |
|
} |
|
int ret = BIO_read(bio, buf, chunk_len); |
|
if (ret <= 0) { |
|
return false; |
|
} |
|
buf += ret; |
|
len -= ret; |
|
} |
|
return true; |
|
} |
|
|
|
const char *LevelToString(ssl_encryption_level_t level) { |
|
switch (level) { |
|
case ssl_encryption_initial: |
|
return "initial"; |
|
case ssl_encryption_early_data: |
|
return "early_data"; |
|
case ssl_encryption_handshake: |
|
return "handshake"; |
|
case ssl_encryption_application: |
|
return "application"; |
|
} |
|
return ""; |
|
} |
|
|
|
} // namespace |
|
|
|
bool MockQuicTransport::ReadHeader(uint8_t *out_type, |
|
enum ssl_encryption_level_t *out_level, |
|
size_t *out_len) { |
|
for (;;) { |
|
uint8_t header[8]; |
|
if (!ReadAll(bio_.get(), header)) { |
|
// TODO(davidben): Distinguish between errors and EOF. See |
|
// ReadApplicationData. |
|
return false; |
|
} |
|
|
|
CBS cbs; |
|
uint8_t level_id; |
|
uint16_t cipher_suite; |
|
uint32_t remaining_bytes; |
|
CBS_init(&cbs, header, sizeof(header)); |
|
if (!CBS_get_u8(&cbs, out_type) || |
|
!CBS_get_u8(&cbs, &level_id) || |
|
!CBS_get_u16(&cbs, &cipher_suite) || |
|
!CBS_get_u32(&cbs, &remaining_bytes) || |
|
level_id >= read_levels_.size()) { |
|
fprintf(stderr, "Error parsing record header.\n"); |
|
return false; |
|
} |
|
|
|
auto level = static_cast<ssl_encryption_level_t>(level_id); |
|
// Non-initial levels must be configured before use. |
|
uint16_t expect_cipher = read_levels_[level].cipher; |
|
if (expect_cipher == 0 && level != ssl_encryption_initial) { |
|
if (level == ssl_encryption_early_data) { |
|
// If we receive early data records without any early data keys, skip |
|
// the record. This means early data was rejected. |
|
std::vector<uint8_t> discard(remaining_bytes); |
|
if (!ReadAll(bio_.get(), bssl::MakeSpan(discard))) { |
|
return false; |
|
} |
|
continue; |
|
} |
|
fprintf(stderr, |
|
"Got record at level %s, but keys were not configured.\n", |
|
LevelToString(level)); |
|
return false; |
|
} |
|
if (cipher_suite != expect_cipher) { |
|
fprintf(stderr, "Got cipher suite 0x%04x at level %s, wanted 0x%04x.\n", |
|
cipher_suite, LevelToString(level), expect_cipher); |
|
return false; |
|
} |
|
const std::vector<uint8_t> &secret = read_levels_[level].secret; |
|
std::vector<uint8_t> read_secret(secret.size()); |
|
if (remaining_bytes < secret.size()) { |
|
fprintf(stderr, "Record at level %s too small.\n", LevelToString(level)); |
|
return false; |
|
} |
|
remaining_bytes -= secret.size(); |
|
if (!ReadAll(bio_.get(), bssl::MakeSpan(read_secret))) { |
|
fprintf(stderr, "Error reading record secret.\n"); |
|
return false; |
|
} |
|
if (read_secret != secret) { |
|
fprintf(stderr, "Encryption secret at level %s did not match.\n", |
|
LevelToString(level)); |
|
return false; |
|
} |
|
*out_level = level; |
|
*out_len = remaining_bytes; |
|
return true; |
|
} |
|
} |
|
|
|
bool MockQuicTransport::ReadHandshake() { |
|
uint8_t type; |
|
ssl_encryption_level_t level; |
|
size_t len; |
|
if (!ReadHeader(&type, &level, &len)) { |
|
return false; |
|
} |
|
if (type != SSL3_RT_HANDSHAKE) { |
|
return false; |
|
} |
|
|
|
std::vector<uint8_t> buf(len); |
|
if (!ReadAll(bio_.get(), bssl::MakeSpan(buf))) { |
|
return false; |
|
} |
|
return SSL_provide_quic_data(ssl_, level, buf.data(), buf.size()); |
|
} |
|
|
|
int MockQuicTransport::ReadApplicationData(uint8_t *out, size_t max_out) { |
|
if (pending_app_data_.size() > 0) { |
|
size_t len = pending_app_data_.size() - app_data_offset_; |
|
if (len > max_out) { |
|
len = max_out; |
|
} |
|
memcpy(out, pending_app_data_.data() + app_data_offset_, len); |
|
app_data_offset_ += len; |
|
if (app_data_offset_ == pending_app_data_.size()) { |
|
pending_app_data_.clear(); |
|
app_data_offset_ = 0; |
|
} |
|
return len; |
|
} |
|
|
|
uint8_t type = 0; |
|
ssl_encryption_level_t level; |
|
size_t len; |
|
while (true) { |
|
if (!ReadHeader(&type, &level, &len)) { |
|
// Assume that a failure to read the header means there's no more to read, |
|
// not an error reading. |
|
return 0; |
|
} |
|
if (type == SSL3_RT_APPLICATION_DATA) { |
|
break; |
|
} |
|
if (type != SSL3_RT_HANDSHAKE) { |
|
return -1; |
|
} |
|
|
|
std::vector<uint8_t> buf(len); |
|
if (!ReadAll(bio_.get(), bssl::MakeSpan(buf))) { |
|
return -1; |
|
} |
|
if (SSL_provide_quic_data(ssl_, level, buf.data(), buf.size()) != 1) { |
|
return -1; |
|
} |
|
if (SSL_in_init(ssl_)) { |
|
int ret = SSL_do_handshake(ssl_); |
|
if (ret < 0) { |
|
int ssl_err = SSL_get_error(ssl_, ret); |
|
if (ssl_err == SSL_ERROR_WANT_READ) { |
|
continue; |
|
} |
|
return -1; |
|
} |
|
} else if (SSL_process_quic_post_handshake(ssl_) != 1) { |
|
return -1; |
|
} |
|
} |
|
|
|
uint8_t *buf = out; |
|
if (len > max_out) { |
|
pending_app_data_.resize(len); |
|
buf = pending_app_data_.data(); |
|
} |
|
app_data_offset_ = 0; |
|
if (!ReadAll(bio_.get(), bssl::MakeSpan(buf, len))) { |
|
return -1; |
|
} |
|
if (len > max_out) { |
|
memcpy(out, buf, max_out); |
|
app_data_offset_ = max_out; |
|
return max_out; |
|
} |
|
return len; |
|
} |
|
|
|
bool MockQuicTransport::WriteRecord(enum ssl_encryption_level_t level, |
|
uint8_t type, const uint8_t *data, |
|
size_t len) { |
|
uint16_t cipher_suite = write_levels_[level].cipher; |
|
const std::vector<uint8_t> &secret = write_levels_[level].secret; |
|
size_t tlv_len = secret.size() + len; |
|
uint8_t header[8]; |
|
header[0] = type; |
|
header[1] = level; |
|
header[2] = (cipher_suite >> 8) & 0xff; |
|
header[3] = cipher_suite & 0xff; |
|
header[4] = (tlv_len >> 24) & 0xff; |
|
header[5] = (tlv_len >> 16) & 0xff; |
|
header[6] = (tlv_len >> 8) & 0xff; |
|
header[7] = tlv_len & 0xff; |
|
return BIO_write_all(bio_.get(), header, sizeof(header)) && |
|
BIO_write_all(bio_.get(), secret.data(), secret.size()) && |
|
BIO_write_all(bio_.get(), data, len); |
|
} |
|
|
|
bool MockQuicTransport::WriteHandshakeData(enum ssl_encryption_level_t level, |
|
const uint8_t *data, size_t len) { |
|
return WriteRecord(level, SSL3_RT_HANDSHAKE, data, len); |
|
} |
|
|
|
bool MockQuicTransport::WriteApplicationData(const uint8_t *in, size_t len) { |
|
enum ssl_encryption_level_t level = ssl_encryption_application; |
|
if (SSL_in_early_data(ssl_) && !SSL_is_server(ssl_)) { |
|
level = ssl_encryption_early_data; |
|
} |
|
return WriteRecord(level, SSL3_RT_APPLICATION_DATA, in, len); |
|
} |
|
|
|
bool MockQuicTransport::Flush() { return BIO_flush(bio_.get()) > 0; } |
|
|
|
bool MockQuicTransport::SendAlert(enum ssl_encryption_level_t level, |
|
uint8_t alert) { |
|
uint8_t alert_msg[] = {2, alert}; |
|
return WriteRecord(level, SSL3_RT_ALERT, alert_msg, sizeof(alert_msg)); |
|
}
|
|
|