#include <err.h>
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/ssl.h>
const char *server_ca_file;
const char *server_cert_file;
const char *server_key_file;
int debug = 0;
static void
hexdump(const unsigned char *buf, size_t len)
{
size_t i;
for (i = 1; i <= len; i++)
fprintf(stderr, " 0x%02hhx,%s", buf[i - 1], i % 8 ? "" : "\n");
if (len % 8)
fprintf(stderr, "\n");
}
struct quic_data {
enum ssl_encryption_level_t rlevel;
enum ssl_encryption_level_t wlevel;
BIO *rbio;
BIO *wbio;
};
static int
quic_set_read_secret(SSL *ssl, enum ssl_encryption_level_t level,
const SSL_CIPHER *cipher, const uint8_t *secret, size_t secret_len)
{
struct quic_data *qd = SSL_get_app_data(ssl);
qd->rlevel = level;
return 1;
}
static int
quic_set_write_secret(SSL *ssl, enum ssl_encryption_level_t level,
const SSL_CIPHER *cipher, const uint8_t *secret, size_t secret_len)
{
struct quic_data *qd = SSL_get_app_data(ssl);
qd->wlevel = level;
return 1;
}
static int
quic_read_handshake_data(SSL *ssl)
{
struct quic_data *qd = SSL_get_app_data(ssl);
uint8_t buf[2048];
int ret;
if ((ret = BIO_read(qd->rbio, buf, sizeof(buf))) > 0) {
if (debug > 1) {
fprintf(stderr, "== quic_read_handshake_data ==\n");
hexdump(buf, ret);
}
if (!SSL_provide_quic_data(ssl, qd->rlevel, buf, ret))
return -1;
}
return 1;
}
static int
quic_add_handshake_data(SSL *ssl, enum ssl_encryption_level_t level,
const uint8_t *data, size_t len)
{
struct quic_data *qd = SSL_get_app_data(ssl);
int ret;
if (debug > 1) {
fprintf(stderr, "== quic_add_handshake_data\n");
hexdump(data, len);
}
if ((ret = BIO_write(qd->wbio, data, len)) <= 0)
return 0;
return (size_t)ret == len;
}
static int
quic_flush_flight(SSL *ssl)
{
return 1;
}
static int
quic_send_alert(SSL *ssl, enum ssl_encryption_level_t level, uint8_t alert)
{
return 1;
}
const SSL_QUIC_METHOD quic_method = {
.set_read_secret = quic_set_read_secret,
.set_write_secret = quic_set_write_secret,
.add_handshake_data = quic_add_handshake_data,
.flush_flight = quic_flush_flight,
.send_alert = quic_send_alert,
};
static SSL *
quic_client(struct quic_data *data)
{
SSL_CTX *ssl_ctx = NULL;
SSL *ssl = NULL;
if ((ssl_ctx = SSL_CTX_new(TLS_method())) == NULL)
errx(1, "client context");
if (!SSL_CTX_set_quic_method(ssl_ctx, &quic_method)) {
fprintf(stderr, "FAIL: Failed to set QUIC method\n");
goto failure;
}
if ((ssl = SSL_new(ssl_ctx)) == NULL)
errx(1, "client ssl");
SSL_set_connect_state(ssl);
SSL_set_app_data(ssl, data);
failure:
SSL_CTX_free(ssl_ctx);
return ssl;
}
static SSL *
quic_server(struct quic_data *data)
{
SSL_CTX *ssl_ctx = NULL;
SSL *ssl = NULL;
if ((ssl_ctx = SSL_CTX_new(TLS_method())) == NULL)
errx(1, "server context");
SSL_CTX_set_dh_auto(ssl_ctx, 2);
if (SSL_CTX_use_certificate_file(ssl_ctx, server_cert_file,
SSL_FILETYPE_PEM) != 1) {
fprintf(stderr, "FAIL: Failed to load server certificate\n");
goto failure;
}
if (SSL_CTX_use_PrivateKey_file(ssl_ctx, server_key_file,
SSL_FILETYPE_PEM) != 1) {
fprintf(stderr, "FAIL: Failed to load server private key\n");
goto failure;
}
if (!SSL_CTX_set_quic_method(ssl_ctx, &quic_method)) {
fprintf(stderr, "FAIL: Failed to set QUIC method\n");
goto failure;
}
if ((ssl = SSL_new(ssl_ctx)) == NULL)
errx(1, "server ssl");
SSL_set_accept_state(ssl);
SSL_set_app_data(ssl, data);
failure:
SSL_CTX_free(ssl_ctx);
return ssl;
}
static int
ssl_error(SSL *ssl, const char *name, const char *desc, int ssl_ret)
{
int ssl_err;
ssl_err = SSL_get_error(ssl, ssl_ret);
if (ssl_err == SSL_ERROR_WANT_READ) {
if (quic_read_handshake_data(ssl) < 0)
return 0;
return 1;
} else if (ssl_err == SSL_ERROR_WANT_WRITE) {
return 1;
} else if (ssl_err == SSL_ERROR_SYSCALL && errno == 0) {
} else {
fprintf(stderr, "FAIL: %s %s failed - ssl err = %d, errno = %d\n",
name, desc, ssl_err, errno);
ERR_print_errors_fp(stderr);
return 0;
}
return 1;
}
static int
do_handshake(SSL *ssl, const char *name, int *done)
{
int ssl_ret;
if ((ssl_ret = SSL_do_handshake(ssl)) == 1) {
fprintf(stderr, "INFO: %s handshake done\n", name);
*done = 1;
return 1;
}
return ssl_error(ssl, name, "handshake", ssl_ret);
}
typedef int (*ssl_func)(SSL *ssl, const char *name, int *done);
static int
do_client_server_loop(SSL *client, ssl_func client_func, SSL *server,
ssl_func server_func)
{
int client_done = 0, server_done = 0;
int i = 0;
do {
if (!client_done) {
if (debug)
fprintf(stderr, "DEBUG: client loop\n");
if (!client_func(client, "client", &client_done))
return 0;
}
if (!server_done) {
if (debug)
fprintf(stderr, "DEBUG: server loop\n");
if (!server_func(server, "server", &server_done))
return 0;
}
} while (i++ < 100 && (!client_done || !server_done));
if (!client_done || !server_done)
fprintf(stderr, "FAIL: gave up\n");
return client_done && server_done;
}
static int
quictest(void)
{
struct quic_data *client_data = NULL, *server_data = NULL;
BIO *client_wbio = NULL, *server_wbio = NULL;
SSL *client = NULL, *server = NULL;
int failed = 1;
if ((client_wbio = BIO_new(BIO_s_mem())) == NULL)
goto failure;
if (BIO_set_mem_eof_return(client_wbio, -1) <= 0)
goto failure;
if ((server_wbio = BIO_new(BIO_s_mem())) == NULL)
goto failure;
if (BIO_set_mem_eof_return(server_wbio, -1) <= 0)
goto failure;
if ((client_data = calloc(1, sizeof(*client_data))) == NULL)
goto failure;
client_data->rbio = server_wbio;
client_data->wbio = client_wbio;
if ((client = quic_client(client_data)) == NULL)
goto failure;
if ((server_data = calloc(1, sizeof(*server_data))) == NULL)
goto failure;
server_data->rbio = client_wbio;
server_data->wbio = server_wbio;
if ((server = quic_server(server_data)) == NULL)
goto failure;
if (!do_client_server_loop(client, do_handshake, server, do_handshake)) {
fprintf(stderr, "FAIL: client and server handshake failed\n");
ERR_print_errors_fp(stderr);
goto failure;
}
fprintf(stderr, "INFO: Done!\n");
failed = 0;
failure:
BIO_free(client_wbio);
BIO_free(server_wbio);
free(client_data);
free(server_data);
SSL_free(client);
SSL_free(server);
return failed;
}
int
main(int argc, char **argv)
{
int failed = 0;
if (argc != 4) {
fprintf(stderr, "usage: %s keyfile certfile cafile\n",
argv[0]);
exit(1);
}
server_key_file = argv[1];
server_cert_file = argv[2];
server_ca_file = argv[3];
failed |= quictest();
return failed;
}
