1 /*
2 * Copyright 2024-2025 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /*
11 * NB: Changes to this file should also be reflected in
12 * doc/man7/ossl-guide-quic-server-block.pod
13 */
14
15 #include <string.h>
16
17 /* Include the appropriate header file for SOCK_STREAM */
18 #ifdef _WIN32 /* Windows */
19 # include <stdarg.h>
20 # include <winsock2.h>
21 #else /* Linux/Unix */
22 # include <err.h>
23 # include <sys/socket.h>
24 # include <sys/select.h>
25 # include <netinet/in.h>
26 # include <unistd.h>
27 #endif
28
29 #include <openssl/bio.h>
30 #include <openssl/ssl.h>
31 #include <openssl/err.h>
32 #include <openssl/quic.h>
33
34 #ifdef _WIN32
35 static const char *progname;
36
vwarnx(const char * fmt,va_list ap)37 static void vwarnx(const char *fmt, va_list ap)
38 {
39 if (progname != NULL)
40 fprintf(stderr, "%s: ", progname);
41 vfprintf(stderr, fmt, ap);
42 putc('\n', stderr);
43 }
44
errx(int status,const char * fmt,...)45 static void errx(int status, const char *fmt, ...)
46 {
47 va_list ap;
48
49 va_start(ap, fmt);
50 vwarnx(fmt, ap);
51 va_end(ap);
52 exit(status);
53 }
54
warnx(const char * fmt,...)55 static void warnx(const char *fmt, ...)
56 {
57 va_list ap;
58
59 va_start(ap, fmt);
60 vwarnx(fmt, ap);
61 va_end(ap);
62 }
63 #endif
64
65 /*
66 * ALPN strings for TLS handshake. Only 'http/1.0' and 'hq-interop'
67 * are accepted.
68 */
69 static const unsigned char alpn_ossltest[] = {
70 8, 'h', 't', 't', 'p', '/', '1', '.', '0',
71 10, 'h', 'q', '-', 'i', 'n', 't', 'e', 'r', 'o', 'p',
72 };
73
74 /*
75 * This callback validates and negotiates the desired ALPN on the server side.
76 */
select_alpn(SSL * ssl,const unsigned char ** out,unsigned char * out_len,const unsigned char * in,unsigned int in_len,void * arg)77 static int select_alpn(SSL *ssl, const unsigned char **out,
78 unsigned char *out_len, const unsigned char *in,
79 unsigned int in_len, void *arg)
80 {
81 if (SSL_select_next_proto((unsigned char **)out, out_len, alpn_ossltest,
82 sizeof(alpn_ossltest), in,
83 in_len) == OPENSSL_NPN_NEGOTIATED)
84 return SSL_TLSEXT_ERR_OK;
85 return SSL_TLSEXT_ERR_ALERT_FATAL;
86 }
87
88 /* Create SSL_CTX. */
create_ctx(const char * cert_path,const char * key_path)89 static SSL_CTX *create_ctx(const char *cert_path, const char *key_path)
90 {
91 SSL_CTX *ctx;
92
93 /*
94 * An SSL_CTX holds shared configuration information for multiple
95 * subsequent per-client connections. We specifically load a QUIC
96 * server method here.
97 */
98 ctx = SSL_CTX_new(OSSL_QUIC_server_method());
99 if (ctx == NULL)
100 goto err;
101
102 /*
103 * Load the server's certificate *chain* file (PEM format), which includes
104 * not only the leaf (end-entity) server certificate, but also any
105 * intermediate issuer-CA certificates. The leaf certificate must be the
106 * first certificate in the file.
107 *
108 * In advanced use-cases this can be called multiple times, once per public
109 * key algorithm for which the server has a corresponding certificate.
110 * However, the corresponding private key (see below) must be loaded first,
111 * *before* moving on to the next chain file.
112 *
113 * The requisite files "chain.pem" and "pkey.pem" can be generated by running
114 * "make chain" in this directory. If the server will be executed from some
115 * other directory, move or copy the files there.
116 */
117 if (SSL_CTX_use_certificate_chain_file(ctx, cert_path) <= 0) {
118 fprintf(stderr, "couldn't load certificate file: %s\n", cert_path);
119 goto err;
120 }
121
122 /*
123 * Load the corresponding private key, this also checks that the private
124 * key matches the just loaded end-entity certificate. It does not check
125 * whether the certificate chain is valid, the certificates could be
126 * expired, or may otherwise fail to form a chain that a client can validate.
127 */
128 if (SSL_CTX_use_PrivateKey_file(ctx, key_path, SSL_FILETYPE_PEM) <= 0) {
129 fprintf(stderr, "couldn't load key file: %s\n", key_path);
130 goto err;
131 }
132
133 /*
134 * Clients rarely employ certificate-based authentication, and so we don't
135 * require "mutual" TLS authentication (indeed there's no way to know
136 * whether or how the client authenticated the server, so the term "mutual"
137 * is potentially misleading).
138 *
139 * Since we're not soliciting or processing client certificates, we don't
140 * need to configure a trusted-certificate store, so no call to
141 * SSL_CTX_set_default_verify_paths() is needed. The server's own
142 * certificate chain is assumed valid.
143 */
144 SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL);
145
146 /* Setup ALPN negotiation callback to decide which ALPN is accepted. */
147 SSL_CTX_set_alpn_select_cb(ctx, select_alpn, NULL);
148
149 return ctx;
150
151 err:
152 SSL_CTX_free(ctx);
153 return NULL;
154 }
155
156 /* Create UDP socket on the given port. */
create_socket(uint16_t port)157 static int create_socket(uint16_t port)
158 {
159 int fd;
160 struct sockaddr_in sa = {0};
161
162 /* Retrieve the file descriptor for a new UDP socket */
163 if ((fd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0) {
164 fprintf(stderr, "cannot create socket");
165 goto err;
166 }
167
168 sa.sin_family = AF_INET;
169 sa.sin_port = htons(port);
170
171 /* Bind to the new UDP socket on localhost */
172 if (bind(fd, (const struct sockaddr *)&sa, sizeof(sa)) < 0) {
173 fprintf(stderr, "cannot bind to %u\n", port);
174 BIO_closesocket(fd);
175 goto err;
176 }
177
178 return fd;
179
180 err:
181 BIO_closesocket(fd);
182 return -1;
183 }
184
185 /*
186 * Main loop for server to accept QUIC connections.
187 * Echo every request back to the client.
188 */
run_quic_server(SSL_CTX * ctx,int fd)189 static int run_quic_server(SSL_CTX *ctx, int fd)
190 {
191 int ok = 0;
192 SSL *listener, *conn;
193 unsigned char buf[8192];
194 size_t nread;
195 size_t nwritten;
196
197 /*
198 * Create a new QUIC listener. Listeners, and other QUIC objects, default
199 * to operating in blocking mode. The configured behaviour is inherited by
200 * child objects.
201 */
202 if ((listener = SSL_new_listener(ctx, 0)) == NULL)
203 goto err;
204
205 /* Provide the listener with our UDP socket. */
206 if (!SSL_set_fd(listener, fd))
207 goto err;
208
209 /* Begin listening. */
210 if (!SSL_listen(listener))
211 goto err;
212
213 /*
214 * Begin an infinite loop of listening for connections. We will only
215 * exit this loop if we encounter an error.
216 */
217 for (;;) {
218 /* Pristine error stack for each new connection */
219 ERR_clear_error();
220
221 /* Block while waiting for a client connection */
222 printf("Waiting for connection\n");
223 conn = SSL_accept_connection(listener, 0);
224 if (conn == NULL) {
225 fprintf(stderr, "error while accepting connection\n");
226 goto err;
227 }
228 printf("Accepted new connection\n");
229
230 /* Echo client input */
231 while (SSL_read_ex(conn, buf, sizeof(buf), &nread) > 0) {
232 if (SSL_write_ex(conn, buf, nread, &nwritten) > 0
233 && nwritten == nread)
234 continue;
235 fprintf(stderr, "Error echoing client input");
236 break;
237 }
238
239 /* Signal the end of the stream. */
240 if (SSL_stream_conclude(conn, 0) != 1) {
241 fprintf(stderr, "Unable to conclude stream\n");
242 SSL_free(conn);
243 goto err;
244 }
245
246 /*
247 * Shut down the connection. We may need to call this multiple times
248 * to ensure the connection is shutdown completely.
249 */
250 while (SSL_shutdown(conn) != 1)
251 continue;
252
253 SSL_free(conn);
254 }
255
256 err:
257 SSL_free(listener);
258 return ok;
259 }
260
261 /* Minimal QUIC HTTP/1.0 server. */
main(int argc,char * argv[])262 int main(int argc, char *argv[])
263 {
264 int res = EXIT_FAILURE;
265 SSL_CTX *ctx = NULL;
266 int fd;
267 unsigned long port;
268 #ifdef _WIN32
269 static const char *progname;
270
271 progname = argv[0];
272 #endif
273
274 if (argc != 4)
275 errx(res, "usage: %s <port> <server.crt> <server.key>", argv[0]);
276
277 /* Create SSL_CTX that supports QUIC. */
278 if ((ctx = create_ctx(argv[2], argv[3])) == NULL) {
279 ERR_print_errors_fp(stderr);
280 errx(res, "Failed to create context");
281 }
282
283 /* Parse port number from command line arguments. */
284 port = strtoul(argv[1], NULL, 0);
285 if (port == 0 || port > UINT16_MAX) {
286 SSL_CTX_free(ctx);
287 errx(res, "Failed to parse port number");
288 }
289
290 /* Create and bind a UDP socket. */
291 if ((fd = create_socket((uint16_t)port)) < 0) {
292 SSL_CTX_free(ctx);
293 ERR_print_errors_fp(stderr);
294 errx(res, "Failed to create socket");
295 }
296
297 /* QUIC server connection acceptance loop. */
298 if (!run_quic_server(ctx, fd)) {
299 SSL_CTX_free(ctx);
300 BIO_closesocket(fd);
301 ERR_print_errors_fp(stderr);
302 errx(res, "Error in QUIC server loop");
303 }
304
305 /* Free resources. */
306 SSL_CTX_free(ctx);
307 BIO_closesocket(fd);
308 res = EXIT_SUCCESS;
309 return res;
310 }
311