1*e7be843bSPierre Pronchery /*
2*e7be843bSPierre Pronchery * Copyright 2024-2025 The OpenSSL Project Authors. All Rights Reserved.
3*e7be843bSPierre Pronchery *
4*e7be843bSPierre Pronchery * Licensed under the Apache License 2.0 (the "License"). You may not use
5*e7be843bSPierre Pronchery * this file except in compliance with the License. You can obtain a copy
6*e7be843bSPierre Pronchery * in the file LICENSE in the source distribution or at
7*e7be843bSPierre Pronchery * https://www.openssl.org/source/license.html
8*e7be843bSPierre Pronchery */
9*e7be843bSPierre Pronchery
10*e7be843bSPierre Pronchery /*
11*e7be843bSPierre Pronchery * NB: Changes to this file should also be reflected in
12*e7be843bSPierre Pronchery * doc/man7/ossl-guide-quic-server-block.pod
13*e7be843bSPierre Pronchery */
14*e7be843bSPierre Pronchery
15*e7be843bSPierre Pronchery #include <string.h>
16*e7be843bSPierre Pronchery
17*e7be843bSPierre Pronchery /* Include the appropriate header file for SOCK_STREAM */
18*e7be843bSPierre Pronchery #ifdef _WIN32 /* Windows */
19*e7be843bSPierre Pronchery # include <stdarg.h>
20*e7be843bSPierre Pronchery # include <winsock2.h>
21*e7be843bSPierre Pronchery #else /* Linux/Unix */
22*e7be843bSPierre Pronchery # include <err.h>
23*e7be843bSPierre Pronchery # include <sys/socket.h>
24*e7be843bSPierre Pronchery # include <sys/select.h>
25*e7be843bSPierre Pronchery # include <netinet/in.h>
26*e7be843bSPierre Pronchery # include <unistd.h>
27*e7be843bSPierre Pronchery #endif
28*e7be843bSPierre Pronchery
29*e7be843bSPierre Pronchery #include <openssl/bio.h>
30*e7be843bSPierre Pronchery #include <openssl/ssl.h>
31*e7be843bSPierre Pronchery #include <openssl/err.h>
32*e7be843bSPierre Pronchery #include <openssl/quic.h>
33*e7be843bSPierre Pronchery
34*e7be843bSPierre Pronchery #ifdef _WIN32
35*e7be843bSPierre Pronchery static const char *progname;
36*e7be843bSPierre Pronchery
vwarnx(const char * fmt,va_list ap)37*e7be843bSPierre Pronchery static void vwarnx(const char *fmt, va_list ap)
38*e7be843bSPierre Pronchery {
39*e7be843bSPierre Pronchery if (progname != NULL)
40*e7be843bSPierre Pronchery fprintf(stderr, "%s: ", progname);
41*e7be843bSPierre Pronchery vfprintf(stderr, fmt, ap);
42*e7be843bSPierre Pronchery putc('\n', stderr);
43*e7be843bSPierre Pronchery }
44*e7be843bSPierre Pronchery
errx(int status,const char * fmt,...)45*e7be843bSPierre Pronchery static void errx(int status, const char *fmt, ...)
46*e7be843bSPierre Pronchery {
47*e7be843bSPierre Pronchery va_list ap;
48*e7be843bSPierre Pronchery
49*e7be843bSPierre Pronchery va_start(ap, fmt);
50*e7be843bSPierre Pronchery vwarnx(fmt, ap);
51*e7be843bSPierre Pronchery va_end(ap);
52*e7be843bSPierre Pronchery exit(status);
53*e7be843bSPierre Pronchery }
54*e7be843bSPierre Pronchery
warnx(const char * fmt,...)55*e7be843bSPierre Pronchery static void warnx(const char *fmt, ...)
56*e7be843bSPierre Pronchery {
57*e7be843bSPierre Pronchery va_list ap;
58*e7be843bSPierre Pronchery
59*e7be843bSPierre Pronchery va_start(ap, fmt);
60*e7be843bSPierre Pronchery vwarnx(fmt, ap);
61*e7be843bSPierre Pronchery va_end(ap);
62*e7be843bSPierre Pronchery }
63*e7be843bSPierre Pronchery #endif
64*e7be843bSPierre Pronchery
65*e7be843bSPierre Pronchery /*
66*e7be843bSPierre Pronchery * ALPN strings for TLS handshake. Only 'http/1.0' and 'hq-interop'
67*e7be843bSPierre Pronchery * are accepted.
68*e7be843bSPierre Pronchery */
69*e7be843bSPierre Pronchery static const unsigned char alpn_ossltest[] = {
70*e7be843bSPierre Pronchery 8, 'h', 't', 't', 'p', '/', '1', '.', '0',
71*e7be843bSPierre Pronchery 10, 'h', 'q', '-', 'i', 'n', 't', 'e', 'r', 'o', 'p',
72*e7be843bSPierre Pronchery };
73*e7be843bSPierre Pronchery
74*e7be843bSPierre Pronchery /*
75*e7be843bSPierre Pronchery * This callback validates and negotiates the desired ALPN on the server side.
76*e7be843bSPierre Pronchery */
select_alpn(SSL * ssl,const unsigned char ** out,unsigned char * out_len,const unsigned char * in,unsigned int in_len,void * arg)77*e7be843bSPierre Pronchery static int select_alpn(SSL *ssl, const unsigned char **out,
78*e7be843bSPierre Pronchery unsigned char *out_len, const unsigned char *in,
79*e7be843bSPierre Pronchery unsigned int in_len, void *arg)
80*e7be843bSPierre Pronchery {
81*e7be843bSPierre Pronchery if (SSL_select_next_proto((unsigned char **)out, out_len, alpn_ossltest,
82*e7be843bSPierre Pronchery sizeof(alpn_ossltest), in,
83*e7be843bSPierre Pronchery in_len) == OPENSSL_NPN_NEGOTIATED)
84*e7be843bSPierre Pronchery return SSL_TLSEXT_ERR_OK;
85*e7be843bSPierre Pronchery return SSL_TLSEXT_ERR_ALERT_FATAL;
86*e7be843bSPierre Pronchery }
87*e7be843bSPierre Pronchery
88*e7be843bSPierre Pronchery /* Create SSL_CTX. */
create_ctx(const char * cert_path,const char * key_path)89*e7be843bSPierre Pronchery static SSL_CTX *create_ctx(const char *cert_path, const char *key_path)
90*e7be843bSPierre Pronchery {
91*e7be843bSPierre Pronchery SSL_CTX *ctx;
92*e7be843bSPierre Pronchery
93*e7be843bSPierre Pronchery /*
94*e7be843bSPierre Pronchery * An SSL_CTX holds shared configuration information for multiple
95*e7be843bSPierre Pronchery * subsequent per-client connections. We specifically load a QUIC
96*e7be843bSPierre Pronchery * server method here.
97*e7be843bSPierre Pronchery */
98*e7be843bSPierre Pronchery ctx = SSL_CTX_new(OSSL_QUIC_server_method());
99*e7be843bSPierre Pronchery if (ctx == NULL)
100*e7be843bSPierre Pronchery goto err;
101*e7be843bSPierre Pronchery
102*e7be843bSPierre Pronchery /*
103*e7be843bSPierre Pronchery * Load the server's certificate *chain* file (PEM format), which includes
104*e7be843bSPierre Pronchery * not only the leaf (end-entity) server certificate, but also any
105*e7be843bSPierre Pronchery * intermediate issuer-CA certificates. The leaf certificate must be the
106*e7be843bSPierre Pronchery * first certificate in the file.
107*e7be843bSPierre Pronchery *
108*e7be843bSPierre Pronchery * In advanced use-cases this can be called multiple times, once per public
109*e7be843bSPierre Pronchery * key algorithm for which the server has a corresponding certificate.
110*e7be843bSPierre Pronchery * However, the corresponding private key (see below) must be loaded first,
111*e7be843bSPierre Pronchery * *before* moving on to the next chain file.
112*e7be843bSPierre Pronchery *
113*e7be843bSPierre Pronchery * The requisite files "chain.pem" and "pkey.pem" can be generated by running
114*e7be843bSPierre Pronchery * "make chain" in this directory. If the server will be executed from some
115*e7be843bSPierre Pronchery * other directory, move or copy the files there.
116*e7be843bSPierre Pronchery */
117*e7be843bSPierre Pronchery if (SSL_CTX_use_certificate_chain_file(ctx, cert_path) <= 0) {
118*e7be843bSPierre Pronchery fprintf(stderr, "couldn't load certificate file: %s\n", cert_path);
119*e7be843bSPierre Pronchery goto err;
120*e7be843bSPierre Pronchery }
121*e7be843bSPierre Pronchery
122*e7be843bSPierre Pronchery /*
123*e7be843bSPierre Pronchery * Load the corresponding private key, this also checks that the private
124*e7be843bSPierre Pronchery * key matches the just loaded end-entity certificate. It does not check
125*e7be843bSPierre Pronchery * whether the certificate chain is valid, the certificates could be
126*e7be843bSPierre Pronchery * expired, or may otherwise fail to form a chain that a client can validate.
127*e7be843bSPierre Pronchery */
128*e7be843bSPierre Pronchery if (SSL_CTX_use_PrivateKey_file(ctx, key_path, SSL_FILETYPE_PEM) <= 0) {
129*e7be843bSPierre Pronchery fprintf(stderr, "couldn't load key file: %s\n", key_path);
130*e7be843bSPierre Pronchery goto err;
131*e7be843bSPierre Pronchery }
132*e7be843bSPierre Pronchery
133*e7be843bSPierre Pronchery /*
134*e7be843bSPierre Pronchery * Clients rarely employ certificate-based authentication, and so we don't
135*e7be843bSPierre Pronchery * require "mutual" TLS authentication (indeed there's no way to know
136*e7be843bSPierre Pronchery * whether or how the client authenticated the server, so the term "mutual"
137*e7be843bSPierre Pronchery * is potentially misleading).
138*e7be843bSPierre Pronchery *
139*e7be843bSPierre Pronchery * Since we're not soliciting or processing client certificates, we don't
140*e7be843bSPierre Pronchery * need to configure a trusted-certificate store, so no call to
141*e7be843bSPierre Pronchery * SSL_CTX_set_default_verify_paths() is needed. The server's own
142*e7be843bSPierre Pronchery * certificate chain is assumed valid.
143*e7be843bSPierre Pronchery */
144*e7be843bSPierre Pronchery SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL);
145*e7be843bSPierre Pronchery
146*e7be843bSPierre Pronchery /* Setup ALPN negotiation callback to decide which ALPN is accepted. */
147*e7be843bSPierre Pronchery SSL_CTX_set_alpn_select_cb(ctx, select_alpn, NULL);
148*e7be843bSPierre Pronchery
149*e7be843bSPierre Pronchery return ctx;
150*e7be843bSPierre Pronchery
151*e7be843bSPierre Pronchery err:
152*e7be843bSPierre Pronchery SSL_CTX_free(ctx);
153*e7be843bSPierre Pronchery return NULL;
154*e7be843bSPierre Pronchery }
155*e7be843bSPierre Pronchery
156*e7be843bSPierre Pronchery /* Create UDP socket on the given port. */
create_socket(uint16_t port)157*e7be843bSPierre Pronchery static int create_socket(uint16_t port)
158*e7be843bSPierre Pronchery {
159*e7be843bSPierre Pronchery int fd;
160*e7be843bSPierre Pronchery struct sockaddr_in sa = {0};
161*e7be843bSPierre Pronchery
162*e7be843bSPierre Pronchery /* Retrieve the file descriptor for a new UDP socket */
163*e7be843bSPierre Pronchery if ((fd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0) {
164*e7be843bSPierre Pronchery fprintf(stderr, "cannot create socket");
165*e7be843bSPierre Pronchery goto err;
166*e7be843bSPierre Pronchery }
167*e7be843bSPierre Pronchery
168*e7be843bSPierre Pronchery sa.sin_family = AF_INET;
169*e7be843bSPierre Pronchery sa.sin_port = htons(port);
170*e7be843bSPierre Pronchery
171*e7be843bSPierre Pronchery /* Bind to the new UDP socket on localhost */
172*e7be843bSPierre Pronchery if (bind(fd, (const struct sockaddr *)&sa, sizeof(sa)) < 0) {
173*e7be843bSPierre Pronchery fprintf(stderr, "cannot bind to %u\n", port);
174*e7be843bSPierre Pronchery BIO_closesocket(fd);
175*e7be843bSPierre Pronchery goto err;
176*e7be843bSPierre Pronchery }
177*e7be843bSPierre Pronchery
178*e7be843bSPierre Pronchery return fd;
179*e7be843bSPierre Pronchery
180*e7be843bSPierre Pronchery err:
181*e7be843bSPierre Pronchery BIO_closesocket(fd);
182*e7be843bSPierre Pronchery return -1;
183*e7be843bSPierre Pronchery }
184*e7be843bSPierre Pronchery
185*e7be843bSPierre Pronchery /*
186*e7be843bSPierre Pronchery * Main loop for server to accept QUIC connections.
187*e7be843bSPierre Pronchery * Echo every request back to the client.
188*e7be843bSPierre Pronchery */
run_quic_server(SSL_CTX * ctx,int fd)189*e7be843bSPierre Pronchery static int run_quic_server(SSL_CTX *ctx, int fd)
190*e7be843bSPierre Pronchery {
191*e7be843bSPierre Pronchery int ok = 0;
192*e7be843bSPierre Pronchery SSL *listener, *conn;
193*e7be843bSPierre Pronchery unsigned char buf[8192];
194*e7be843bSPierre Pronchery size_t nread;
195*e7be843bSPierre Pronchery size_t nwritten;
196*e7be843bSPierre Pronchery
197*e7be843bSPierre Pronchery /*
198*e7be843bSPierre Pronchery * Create a new QUIC listener. Listeners, and other QUIC objects, default
199*e7be843bSPierre Pronchery * to operating in blocking mode. The configured behaviour is inherited by
200*e7be843bSPierre Pronchery * child objects.
201*e7be843bSPierre Pronchery */
202*e7be843bSPierre Pronchery if ((listener = SSL_new_listener(ctx, 0)) == NULL)
203*e7be843bSPierre Pronchery goto err;
204*e7be843bSPierre Pronchery
205*e7be843bSPierre Pronchery /* Provide the listener with our UDP socket. */
206*e7be843bSPierre Pronchery if (!SSL_set_fd(listener, fd))
207*e7be843bSPierre Pronchery goto err;
208*e7be843bSPierre Pronchery
209*e7be843bSPierre Pronchery /* Begin listening. */
210*e7be843bSPierre Pronchery if (!SSL_listen(listener))
211*e7be843bSPierre Pronchery goto err;
212*e7be843bSPierre Pronchery
213*e7be843bSPierre Pronchery /*
214*e7be843bSPierre Pronchery * Begin an infinite loop of listening for connections. We will only
215*e7be843bSPierre Pronchery * exit this loop if we encounter an error.
216*e7be843bSPierre Pronchery */
217*e7be843bSPierre Pronchery for (;;) {
218*e7be843bSPierre Pronchery /* Pristine error stack for each new connection */
219*e7be843bSPierre Pronchery ERR_clear_error();
220*e7be843bSPierre Pronchery
221*e7be843bSPierre Pronchery /* Block while waiting for a client connection */
222*e7be843bSPierre Pronchery printf("Waiting for connection\n");
223*e7be843bSPierre Pronchery conn = SSL_accept_connection(listener, 0);
224*e7be843bSPierre Pronchery if (conn == NULL) {
225*e7be843bSPierre Pronchery fprintf(stderr, "error while accepting connection\n");
226*e7be843bSPierre Pronchery goto err;
227*e7be843bSPierre Pronchery }
228*e7be843bSPierre Pronchery printf("Accepted new connection\n");
229*e7be843bSPierre Pronchery
230*e7be843bSPierre Pronchery /* Echo client input */
231*e7be843bSPierre Pronchery while (SSL_read_ex(conn, buf, sizeof(buf), &nread) > 0) {
232*e7be843bSPierre Pronchery if (SSL_write_ex(conn, buf, nread, &nwritten) > 0
233*e7be843bSPierre Pronchery && nwritten == nread)
234*e7be843bSPierre Pronchery continue;
235*e7be843bSPierre Pronchery fprintf(stderr, "Error echoing client input");
236*e7be843bSPierre Pronchery break;
237*e7be843bSPierre Pronchery }
238*e7be843bSPierre Pronchery
239*e7be843bSPierre Pronchery /* Signal the end of the stream. */
240*e7be843bSPierre Pronchery if (SSL_stream_conclude(conn, 0) != 1) {
241*e7be843bSPierre Pronchery fprintf(stderr, "Unable to conclude stream\n");
242*e7be843bSPierre Pronchery SSL_free(conn);
243*e7be843bSPierre Pronchery goto err;
244*e7be843bSPierre Pronchery }
245*e7be843bSPierre Pronchery
246*e7be843bSPierre Pronchery /*
247*e7be843bSPierre Pronchery * Shut down the connection. We may need to call this multiple times
248*e7be843bSPierre Pronchery * to ensure the connection is shutdown completely.
249*e7be843bSPierre Pronchery */
250*e7be843bSPierre Pronchery while (SSL_shutdown(conn) != 1)
251*e7be843bSPierre Pronchery continue;
252*e7be843bSPierre Pronchery
253*e7be843bSPierre Pronchery SSL_free(conn);
254*e7be843bSPierre Pronchery }
255*e7be843bSPierre Pronchery
256*e7be843bSPierre Pronchery err:
257*e7be843bSPierre Pronchery SSL_free(listener);
258*e7be843bSPierre Pronchery return ok;
259*e7be843bSPierre Pronchery }
260*e7be843bSPierre Pronchery
261*e7be843bSPierre Pronchery /* Minimal QUIC HTTP/1.0 server. */
main(int argc,char * argv[])262*e7be843bSPierre Pronchery int main(int argc, char *argv[])
263*e7be843bSPierre Pronchery {
264*e7be843bSPierre Pronchery int res = EXIT_FAILURE;
265*e7be843bSPierre Pronchery SSL_CTX *ctx = NULL;
266*e7be843bSPierre Pronchery int fd;
267*e7be843bSPierre Pronchery unsigned long port;
268*e7be843bSPierre Pronchery #ifdef _WIN32
269*e7be843bSPierre Pronchery static const char *progname;
270*e7be843bSPierre Pronchery
271*e7be843bSPierre Pronchery progname = argv[0];
272*e7be843bSPierre Pronchery #endif
273*e7be843bSPierre Pronchery
274*e7be843bSPierre Pronchery if (argc != 4)
275*e7be843bSPierre Pronchery errx(res, "usage: %s <port> <server.crt> <server.key>", argv[0]);
276*e7be843bSPierre Pronchery
277*e7be843bSPierre Pronchery /* Create SSL_CTX that supports QUIC. */
278*e7be843bSPierre Pronchery if ((ctx = create_ctx(argv[2], argv[3])) == NULL) {
279*e7be843bSPierre Pronchery ERR_print_errors_fp(stderr);
280*e7be843bSPierre Pronchery errx(res, "Failed to create context");
281*e7be843bSPierre Pronchery }
282*e7be843bSPierre Pronchery
283*e7be843bSPierre Pronchery /* Parse port number from command line arguments. */
284*e7be843bSPierre Pronchery port = strtoul(argv[1], NULL, 0);
285*e7be843bSPierre Pronchery if (port == 0 || port > UINT16_MAX) {
286*e7be843bSPierre Pronchery SSL_CTX_free(ctx);
287*e7be843bSPierre Pronchery errx(res, "Failed to parse port number");
288*e7be843bSPierre Pronchery }
289*e7be843bSPierre Pronchery
290*e7be843bSPierre Pronchery /* Create and bind a UDP socket. */
291*e7be843bSPierre Pronchery if ((fd = create_socket((uint16_t)port)) < 0) {
292*e7be843bSPierre Pronchery SSL_CTX_free(ctx);
293*e7be843bSPierre Pronchery ERR_print_errors_fp(stderr);
294*e7be843bSPierre Pronchery errx(res, "Failed to create socket");
295*e7be843bSPierre Pronchery }
296*e7be843bSPierre Pronchery
297*e7be843bSPierre Pronchery /* QUIC server connection acceptance loop. */
298*e7be843bSPierre Pronchery if (!run_quic_server(ctx, fd)) {
299*e7be843bSPierre Pronchery SSL_CTX_free(ctx);
300*e7be843bSPierre Pronchery BIO_closesocket(fd);
301*e7be843bSPierre Pronchery ERR_print_errors_fp(stderr);
302*e7be843bSPierre Pronchery errx(res, "Error in QUIC server loop");
303*e7be843bSPierre Pronchery }
304*e7be843bSPierre Pronchery
305*e7be843bSPierre Pronchery /* Free resources. */
306*e7be843bSPierre Pronchery SSL_CTX_free(ctx);
307*e7be843bSPierre Pronchery BIO_closesocket(fd);
308*e7be843bSPierre Pronchery res = EXIT_SUCCESS;
309*e7be843bSPierre Pronchery return res;
310*e7be843bSPierre Pronchery }
311