Commit Graph

6791 Commits

Author SHA1 Message Date
Roman Arutyunyan
5aa8e519c9 Moved setting QUIC methods to runtime.
This allows listening to both https and http3 in the same server.
Also, the change eliminates the ssl_quic directive.
2020-03-18 16:37:16 +03:00
Vladimir Homutov
50f919cec4 Added parsing of RESET_STREAM and STOP_SENDING frames 2020-03-18 16:35:11 +03:00
Roman Arutyunyan
04d037b239 Fixed pointer increment while parsing HTTP/3 header. 2020-03-18 15:28:20 +03:00
Vladimir Homutov
2973465556 Implemented creation of server unidirectional streams.
The ngx_quic_create_stream() function is a generic function extracted from
the ngx_quic_handle_stream_frame() function.
2020-03-18 13:49:39 +03:00
Roman Arutyunyan
d36684447c Fixed HTTP/3 server stream creation. 2020-03-18 14:10:44 +03:00
Roman Arutyunyan
85430505fe Removed comment. 2020-03-18 14:09:50 +03:00
Roman Arutyunyan
01dc7445f0 Refactored HTTP/3 parser. 2020-03-18 13:46:35 +03:00
Vladimir Homutov
023dbc3cfb Style and handlers.
Cleanup in ngx_event_quic.c:
    + reorderded functions, structures
    + added missing prototypes
    + added separate handlers for each frame type
    + numerous indentation/comments/TODO fixes
    + removed non-implemented qc->state and corresponding enum;
        this requires deep thinking, stub was unused.
    + streams inside quic connection are now in own structure
2020-03-18 13:02:19 +03:00
Vladimir Homutov
23dc6a68a4 Extracted transport part of the code into separate file.
All code dealing with serializing/deserializing
is moved int srv/event/ngx_event_quic_transport.c/h file.

All macros for dealing with data are internal to source file.

The header file exposes frame types and error codes.

The exported functions are currently packet header parsers and writers
and frames parser/writer.

The ngx_quic_header_t structure is updated with 'log' member. This avoids
passing extra argument to parsing functions that need to report errors.
2020-03-18 12:58:27 +03:00
Vladimir Homutov
cd54c1cab7 Firefox fixes.
+ support for more than one initial packet
 + workaround for trailing zeroes in packet
 + ignore application data packet if no keys yet (issue in draft 27/ff nightly)
 + fixed PING frame parser
 + STREAM frames need to be acknowledged

The following HTTP configuration is used for firefox (v74):

http {

    ssl_certificate_key localhost.key;
    ssl_certificate localhost.crt;
    ssl_protocols TLSv1.2 TLSv1.3;

    server {
        listen 127.0.0.1:10368 reuseport http3;
        ssl_quic on;
        server_name  localhost;

        location / {
            return 200 "This-is-QUICK\n";
        }
    }
    server {
        listen 127.0.0.1:5555 ssl; # point the browser here
        server_name  localhost;
        location / {
            add_header Alt-Svc 'h3-24=":10368";ma=100';
            return 200 "ALT-SVC";
        }
    }
}
2020-03-17 14:10:37 +03:00
Vladimir Homutov
ca7943393e Fixed a typo with OpenSSL. 2020-03-16 19:42:57 +03:00
Vladimir Homutov
d0ebfa4cb9 Split transport and crypto parts into separate files.
New files:
    src/event/ngx_event_quic_protection.h
    src/event/ngx_event_quic_protection.c

The protection.h header provides interface to the crypto part of the QUIC:

2 functions to initialize corresponding secrets:

ngx_quic_set_initial_secret()
ngx_quic_set_encryption_secret()

and 2 functions to deal with packet processing:

ngx_quic_encrypt()
ngx_quic_decrypt()

Also, structures representing secrets are defined there.

All functions require SSL connection and a pool, only crypto operations
inside, no access to nginx connections or events.

Currently pool->log is used for the logging (instead of original c->log).
2020-03-16 19:00:47 +03:00
Vladimir Homutov
0d8984083b Added processing of CONNECTION CLOSE frames.
Contents is parsed and debug is output. No actions are taken.
2020-03-16 13:06:43 +03:00
Roman Arutyunyan
5399670fcc Temporary fix for header null-termination in HTTP/3. 2020-03-14 13:18:55 +03:00
Sergey Kandaurov
1ac31c01b4 Fixed header protection application with pn length > 1. 2020-03-14 03:15:09 +03:00
Roman Arutyunyan
11dfc1c943 Fixed sanitizer errors. 2020-03-13 20:44:32 +03:00
Vladimir Homutov
8f35d300ed Added check for initialized c->ssl before calling SSL shutdown. 2020-03-13 18:55:58 +03:00
Roman Arutyunyan
7739b6073b HTTP/3. 2020-03-13 19:36:33 +03:00
Roman Arutyunyan
365b77b587 Fixed infinite loop in ngx_quic_stream_send_chain(). 2020-03-13 18:30:37 +03:00
Roman Arutyunyan
a1ac82ca0f Implemented tracking offset in STREAM frames. 2020-03-13 18:29:50 +03:00
Roman Arutyunyan
dcb6aab460 Implemented ngx_quic_stream_send_chain() method.
- just call send in a loop
2020-03-13 15:56:10 +03:00
Vladimir Homutov
05d1464c68 Stream "connection" read/write methods. 2020-03-13 14:39:23 +03:00
Sergey Kandaurov
5bc8cd4044 Fix build. 2020-03-12 18:08:26 +03:00
Vladimir Homutov
21eaac9a3e Removed hardcoded CRYPTO and ACK frame sizes. 2020-03-12 14:23:27 +03:00
Vladimir Homutov
4f4f56f013 HTTP/QUIC interface reworked.
- events handling moved into src/event/ngx_event_quic.c
 - http invokes once ngx_quic_run() and passes stream callback
 (diff to original http_request.c is now minimal)

 - streams are stored in rbtree using ID as a key
 - when a new stream is registered, appropriate callback is called

 - ngx_quic_stream_t type represents STREAM and stored in c->qs
2020-03-12 16:54:43 +03:00
Vladimir Homutov
6bf6635d86 Initial parsing of STREAM frames. 2020-03-11 15:41:35 +03:00
Vladimir Homutov
0d10672137 Added support of multiple QUIC packets in single datagram.
- now NEW_CONNECTION_ID frames can be received and parsed

The packet structure is created in ngx_quic_input() and passed
to all handlers (initial, handshake and application data).

The UDP datagram buffer is saved as pkt->raw;
The QUIC packet is stored as pkt->data and pkt->len (instead of pkt->buf)
(pkt->len is adjusted after parsing headers to actual length)

The pkt->pos is removed, pkt->raw->pos is used instead.
2020-03-12 14:43:24 +03:00
Vladimir Homutov
0d1c27b580 Added more transport parameters.
Needed for client to start sending streams.
2020-03-11 15:43:23 +03:00
Sergey Kandaurov
9311e59443 Compatibility with BoringSSL revised QUIC encryption secret APIs.
See for details: https://boringssl.googlesource.com/boringssl/+/1e85905%5E!/
2020-03-11 21:53:02 +03:00
Sergey Kandaurov
df544ee47d Chacha20 header protection support with BoringSSL.
BoringSSL lacks EVP for Chacha20.  Here we use CRYPTO_chacha_20() instead.
2020-03-10 19:15:12 +03:00
Sergey Kandaurov
7e417544bb ChaCha20 / Poly1305 initial support. 2020-03-10 19:13:09 +03:00
Sergey Kandaurov
4b59999afe Using SSL cipher suite id to obtain cipher/digest, part 2.
Ciphers negotiation handling refactored into ngx_quic_ciphers().
2020-03-10 19:12:22 +03:00
Sergey Kandaurov
385408732e Fixed nonce in short packet protection. 2020-03-10 18:40:18 +03:00
Vladimir Homutov
c2afb5ec8a Generic payload handler for quic packets.
- added basic parsing of ACK, PING and PADDING frames on input
 - added preliminary parsing of SHORT headers

The ngx_quic_output() is now called after processing of each input packet.
Frames are added into output queue according to their level: inital packets
go ahead of handshake and application data, so they can be merged properly.

The payload handler is called from both new, handshake and applicataion data
handlers (latter is a stub).
2020-03-10 18:24:39 +03:00
Sergey Kandaurov
547a1a0159 Fixed header protection with negotiated cipher suite. 2020-03-05 20:05:40 +03:00
Sergey Kandaurov
ed0533c2c2 Initial packets are protected with AEAD_AES_128_GCM. 2020-03-05 19:49:49 +03:00
Sergey Kandaurov
b0f1302e7d Fixed write secret logging in set_encryption_secrets callback. 2020-03-05 18:01:18 +03:00
Vladimir Homutov
08691ef3d4 Fixed format specifiers. 2020-03-05 17:51:22 +03:00
Vladimir Homutov
fe30a167d2 Style. 2020-03-05 17:24:04 +03:00
Vladimir Homutov
32b2728ebb Added functions to decrypt long packets. 2020-03-05 17:18:33 +03:00
Sergey Kandaurov
12fc8a8bac Fixed ngx_quic_varint_len misuse in the previous change. 2020-03-05 15:26:15 +03:00
Vladimir Homutov
e3e5e21ed5 Macro for calculating size of varint. 2020-03-04 23:24:51 +03:00
Sergey Kandaurov
941d4f1c2e Fixed packet "input" debug log message. 2020-03-05 13:10:01 +03:00
Sergey Kandaurov
0bc9857b47 Using SSL cipher suite id to obtain cipher/digest, part 1.
While here, log the negotiated cipher just once, - after handshake.
2020-03-05 13:00:59 +03:00
Sergey Kandaurov
46bd853801 Using cached ssl_conn in ngx_quic_handshake_input(), NFC. 2020-03-05 12:51:49 +03:00
Sergey Kandaurov
9fa29e4043 Adjusted transport parameters stub for active_connection_id_limit.
As was objserved with ngtcp2 client, Finished CRYPTO frame within Handshake
packet may not be sent for some reason if there's nothing to append on 1-RTT.
This results in unnecessary retransmit.  To avoid this edge case, a non-zero
active_connection_id_limit transport parameter is now used to append datagram
with NEW_CONNECTION_ID 1-RTT frames.
2020-03-04 16:05:39 +03:00
Vladimir Homutov
309cdf496d Implemented improved version of quic_output().
Now handshake generates frames, and they are queued in c->quic->frames.
The ngx_quic_output() is called from ngx_quic_flush_flight() or manually,
processes the queue and encrypts all frames according to required encryption
level.
2020-03-04 15:52:12 +03:00
Sergey Kandaurov
3c17072122 QUIC handshake final bits.
Added handling of client Finished, both feeding and acknowledgement.
This includes sending NST in 1-RTT triggered by a handshake process.
2020-03-03 17:25:02 +03:00
Vladimir Homutov
d2deb6d6b4 Split frame and packet generation into separate steps.
While there, a number of QUIC constants from spec defined and magic numbers
were replaced.
2020-03-03 13:30:30 +03:00
Vladimir Homutov
820be1b846 Aded the "ngx_quic_hexdump" macro.
ngx_quic_hexdump0(log, format, buffer, buffer_size);
    - logs hexdump of buffer to specified error log

    ngx_quic_hexdump0(c->log, "this is foo:", foo.data, foo.len);

ngx_quic_hexdump(log, format, buffer, buffer_size, ...)
    - same as hexdump0, but more format/args possible:

    ngx_quic_hexdump(c->log, "a=%d b=%d, foo is:", foo.data, foo.len, a, b);
2020-03-02 21:38:03 +03:00