quic: move to ngtcp2_crypto

PR-URL: nodejs#138
Reviewed-By: Anna Henningsen <[email protected]>

Author: jasnell

deps/ngtcp2/ngtcp2.gyp

@@ -8,11 +8,18 @@
     {
       'target_name': 'ngtcp2',
       'type': 'static_library',
-      'include_dirs': ['lib/includes'],
+      'include_dirs': [
+        'lib/includes',
+        'crypto/includes',
+        'lib',
+      ],
       'defines': [
         'BUILDING_NGTCP2',
         'NGTCP2_STATICLIB',
       ],
+      'dependencies': [
+        '../openssl/openssl.gyp:openssl'
+      ],
       'conditions': [
         ['OS=="win"', {
           'defines': [
@@ -29,37 +36,73 @@
       ],
       'direct_dependent_settings': {
         'defines': [ 'NGTCP2_STATICLIB' ],
-        'include_dirs': [ 'lib/includes' ]
+        'include_dirs': [
+          'lib/includes',
+          'crypto/includes'
+        ]
       },
       'sources': [
-	'lib/ngtcp2_acktr.c',
-	'lib/ngtcp2_addr.c',
-	'lib/ngtcp2_buf.c',
-	'lib/ngtcp2_cc.c',
-	'lib/ngtcp2_cid.c',
-	'lib/ngtcp2_conn.c',
-	'lib/ngtcp2_conv.c',
-	'lib/ngtcp2_crypto.c',
-	'lib/ngtcp2_err.c',
-	'lib/ngtcp2_gaptr.c',
-	'lib/ngtcp2_idtr.c',
-	'lib/ngtcp2_ksl.c',
-	'lib/ngtcp2_log.c',
-	'lib/ngtcp2_map.c',
-	'lib/ngtcp2_mem.c',
-	'lib/ngtcp2_path.c',
-	'lib/ngtcp2_pkt.c',
-	'lib/ngtcp2_ppe.c',
-	'lib/ngtcp2_pq.c',
-	'lib/ngtcp2_psl.c',
-	'lib/ngtcp2_pv.c',
-	'lib/ngtcp2_range.c',
-	'lib/ngtcp2_ringbuf.c',
-	'lib/ngtcp2_rob.c',
-	'lib/ngtcp2_rtb.c',
-	'lib/ngtcp2_str.c',
-	'lib/ngtcp2_strm.c',
-	'lib/ngtcp2_vec.c',
+  'lib/ngtcp2_acktr.c',
+  'lib/ngtcp2_acktr.h',
+  'lib/ngtcp2_addr.c',
+  'lib/ngtcp2_addr.h',
+  'lib/ngtcp2_buf.c',
+  'lib/ngtcp2_buf.h',
+  'lib/ngtcp2_cc.c',
+  'lib/ngtcp2_cc.h',
+  'lib/ngtcp2_cid.c',
+  'lib/ngtcp2_cid.h',
+  'lib/ngtcp2_conn.c',
+  'lib/ngtcp2_conn.h',
+  'lib/ngtcp2_conv.c',
+  'lib/ngtcp2_conv.h',
+  'lib/ngtcp2_crypto.c',
+  'lib/ngtcp2_crypto.h',
+  'lib/ngtcp2_err.c',
+  'lib/ngtcp2_err.h',
+  'lib/ngtcp2_gaptr.c',
+  'lib/ngtcp2_gaptr.h',
+  'lib/ngtcp2_idtr.c',
+  'lib/ngtcp2_idtr.h',
+  'lib/ngtcp2_ksl.c',
+  'lib/ngtcp2_ksl.h',
+  'lib/ngtcp2_log.c',
+  'lib/ngtcp2_log.h',
+  'lib/ngtcp2_macro.h',
+  'lib/ngtcp2_map.c',
+  'lib/ngtcp2_map.h',
+  'lib/ngtcp2_mem.c',
+  'lib/ngtcp2_mem.h',
+  'lib/ngtcp2_net.h',
+  'lib/ngtcp2_path.c',
+  'lib/ngtcp2_path.h',
+  'lib/ngtcp2_pkt.c',
+  'lib/ngtcp2_pkt.h',
+  'lib/ngtcp2_ppe.c',
+  'lib/ngtcp2_ppe.h',
+  'lib/ngtcp2_pq.c',
+  'lib/ngtcp2_pq.h',
+  'lib/ngtcp2_psl.c',
+  'lib/ngtcp2_psl.h',
+  'lib/ngtcp2_pv.c',
+  'lib/ngtcp2_pv.h',
+  'lib/ngtcp2_range.c',
+  'lib/ngtcp2_range.h',
+  'lib/ngtcp2_ringbuf.c',
+  'lib/ngtcp2_ringbuf.h',
+  'lib/ngtcp2_rob.c',
+  'lib/ngtcp2_rob.h',
+  'lib/ngtcp2_rtb.c',
+  'lib/ngtcp2_rtb.h',
+  'lib/ngtcp2_str.c',
+  'lib/ngtcp2_str.h',
+  'lib/ngtcp2_strm.c',
+  'lib/ngtcp2_strm.h',
+  'lib/ngtcp2_vec.c',
+  'lib/ngtcp2_vec.h',
+  'lib/ngtcp2_version.c',
+  'crypto/shared.c',
+  'crypto/openssl/openssl.c',
       ]
     }
   ]

node.gyp

@@ -859,7 +859,7 @@
             'src/node_quic_socket.cc',
             'src/node_quic_stream.cc',
             'src/node_quic_util.cc',
-            'src/node_quic.cc',
+            'src/node_quic.cc'
           ]
         }
         ],

src/node_quic.cc

@@ -75,87 +75,21 @@ void QuicSetCallbacks(const FunctionCallbackInfo<Value>& args) {
 // Sets QUIC specific configuration options for the SecureContext.
 // It's entirely likely that there's a better way to do this, but
 // for now this works.
+template <ngtcp2_crypto_side side>
 void QuicInitSecureContext(const FunctionCallbackInfo<Value>& args) {
   Environment* env = Environment::GetCurrent(args);
   CHECK(args[0]->IsObject());  // Secure Context
   CHECK(args[1]->IsString());  // groups
   SecureContext* sc;
   ASSIGN_OR_RETURN_UNWRAP(&sc, args[0].As<Object>(),
                           args.GetReturnValue().Set(UV_EBADF));
-
-  constexpr auto ssl_opts = (SSL_OP_ALL & ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS) |
-                            SSL_OP_SINGLE_ECDH_USE |
-                            SSL_OP_CIPHER_SERVER_PREFERENCE |
-                            SSL_OP_NO_ANTI_REPLAY;
-  SSL_CTX_set_options(**sc, ssl_opts);
-  SSL_CTX_clear_options(**sc, SSL_OP_ENABLE_MIDDLEBOX_COMPAT);
-  SSL_CTX_set_mode(**sc, SSL_MODE_RELEASE_BUFFERS | SSL_MODE_QUIC_HACK);
-  SSL_CTX_set_default_verify_paths(**sc);
-  SSL_CTX_set_max_early_data(**sc, std::numeric_limits<uint32_t>::max());
-  SSL_CTX_set_alpn_select_cb(**sc, ALPN_Select_Proto_CB, nullptr);
-  SSL_CTX_set_client_hello_cb(**sc, Client_Hello_CB, nullptr);
-  SSL_CTX_set_tlsext_status_cb(**sc, TLS_Status_Callback);
-  SSL_CTX_set_tlsext_status_arg(**sc, nullptr);
-  CHECK_EQ(
-      SSL_CTX_add_custom_ext(
-          **sc,
-          NGTCP2_TLSEXT_QUIC_TRANSPORT_PARAMETERS,
-          SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS,
-          Server_Transport_Params_Add_CB,
-          Transport_Params_Free_CB, nullptr,
-          Server_Transport_Params_Parse_CB,
-          nullptr), 1);
-
   const node::Utf8Value groups(env->isolate(), args[1]);
-  if (!SSL_CTX_set1_groups_list(**sc, *groups)) {
-    unsigned long err = ERR_get_error();  // NOLINT(runtime/int)
-    if (!err)
-      return env->ThrowError("Failed to set groups");
-    return crypto::ThrowCryptoError(env, err);
-  }
-}
-
-void QuicInitSecureContextClient(const FunctionCallbackInfo<Value>& args) {
-  Environment* env = Environment::GetCurrent(args);
-  CHECK(args[0]->IsObject());  // Secure Context
-  CHECK(args[1]->IsString());  // groups
-  SecureContext* sc;
-  ASSIGN_OR_RETURN_UNWRAP(&sc, args[0].As<Object>(),
-                          args.GetReturnValue().Set(UV_EBADF));
-
-  SSL_CTX_set_mode(**sc, SSL_MODE_QUIC_HACK);
-  SSL_CTX_clear_options(**sc, SSL_OP_ENABLE_MIDDLEBOX_COMPAT);
-  SSL_CTX_set_default_verify_paths(**sc);
-  SSL_CTX_set_tlsext_status_cb(**sc, TLS_Status_Callback);
-  SSL_CTX_set_tlsext_status_arg(**sc, nullptr);
 
-  CHECK_EQ(SSL_CTX_add_custom_ext(
-      **sc,
-      NGTCP2_TLSEXT_QUIC_TRANSPORT_PARAMETERS,
-      SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS,
-      Client_Transport_Params_Add_CB,
-      Transport_Params_Free_CB,
-      nullptr,
-      Client_Transport_Params_Parse_CB,
-      nullptr), 1);
-
-
-  const node::Utf8Value groups(env->isolate(), args[1]);
-  if (!SSL_CTX_set1_groups_list(**sc, *groups)) {
-    unsigned long err = ERR_get_error();  // NOLINT(runtime/int)
-    if (!err)
-      return env->ThrowError("Failed to set groups");
-    return crypto::ThrowCryptoError(env, err);
-  }
+  InitializeSecureContext(sc, side);
 
-  SSL_CTX_set_session_cache_mode(
-    **sc, SSL_SESS_CACHE_CLIENT | SSL_SESS_CACHE_NO_INTERNAL_STORE);
-  SSL_CTX_sess_set_new_cb(**sc, [](SSL* ssl, SSL_SESSION* session) {
-    QuicClientSession* s =
-        static_cast<QuicClientSession*>(
-            SSL_get_app_data(ssl));
-    return s->SetSession(session);
-  });
+  // TODO(@jasnell): Throw a proper node.js error with code
+  if (!SetGroups(sc, *groups))
+    return env->ThrowError("Failed to set groups");
 }
 }  // namespace
 
@@ -191,10 +125,10 @@ void Initialize(Local<Object> target,
                  QuicSetCallbacks);
   env->SetMethod(target,
                  "initSecureContext",
-                 QuicInitSecureContext);
+                 QuicInitSecureContext<NGTCP2_CRYPTO_SIDE_SERVER>);
   env->SetMethod(target,
                  "initSecureContextClient",
-                 QuicInitSecureContextClient);
+                 QuicInitSecureContext<NGTCP2_CRYPTO_SIDE_CLIENT>);
 
   Local<Object> constants = Object::New(env->isolate());
   NODE_DEFINE_CONSTANT(constants, AF_INET);