quic: add more QUIC implementation

* add TLSContext
* quic: add stat collection utilities
* add Packet
* add NgTcp2CallbackScope/NgHttp3CallbackScope

PR-URL: #47494
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>

Author: jasnell

src/async_wrap.h

@@ -61,6 +61,7 @@ namespace node {
   V(PROMISE)                                                                  \
   V(QUERYWRAP)                                                                \
   V(QUIC_LOGSTREAM)                                                           \
+  V(QUIC_PACKET)                                                              \
   V(SHUTDOWNWRAP)                                                             \
   V(SIGNALWRAP)                                                               \
   V(STATWATCHER)                                                              \

src/node_errors.h

@@ -62,6 +62,7 @@ void OOMErrorHandler(const char* location, bool is_heap_oom);
   V(ERR_DLOPEN_FAILED, Error)                                                  \
   V(ERR_ENCODING_INVALID_ENCODED_DATA, TypeError)                              \
   V(ERR_EXECUTION_ENVIRONMENT_NOT_AVAILABLE, Error)                            \
+  V(ERR_ILLEGAL_CONSTRUCTOR, Error)                                            \
   V(ERR_INVALID_ADDRESS, Error)                                                \
   V(ERR_INVALID_ARG_VALUE, TypeError)                                          \
   V(ERR_OSSL_EVP_INVALID_DIGEST, Error)                                        \
@@ -154,6 +155,7 @@ ERRORS_WITH_CODE(V)
   V(ERR_DLOPEN_FAILED, "DLOpen failed")                                        \
   V(ERR_EXECUTION_ENVIRONMENT_NOT_AVAILABLE,                                   \
     "Context not associated with Node.js environment")                         \
+  V(ERR_ILLEGAL_CONSTRUCTOR, "Illegal constructor")                            \
   V(ERR_INVALID_ADDRESS, "Invalid socket address")                             \
   V(ERR_INVALID_MODULE, "No such module")                                      \
   V(ERR_INVALID_THIS, "Value of \"this\" is the wrong type")                   \

src/quic/bindingdata.cc

@@ -58,13 +58,15 @@ void BindingData::DecreaseAllocatedSize(size_t size) {
 
 void BindingData::Initialize(Environment* env, Local<Object> target) {
   SetMethod(env->context(), target, "setCallbacks", SetCallbacks);
+  SetMethod(env->context(), target, "flushPacketFreelist", FlushPacketFreelist);
   Realm::GetCurrent(env->context())
       ->AddBindingData<BindingData>(env->context(), target);
 }
 
 void BindingData::RegisterExternalReferences(
     ExternalReferenceRegistry* registry) {
   registry->Register(SetCallbacks);
+  registry->Register(FlushPacketFreelist);
 }
 
 BindingData::BindingData(Realm* realm, Local<Object> object)
@@ -140,7 +142,7 @@ QUIC_JS_CALLBACKS(V)
 void BindingData::SetCallbacks(const FunctionCallbackInfo<Value>& args) {
   auto env = Environment::GetCurrent(args);
   auto isolate = env->isolate();
-  BindingData& state = BindingData::Get(env);
+  auto& state = BindingData::Get(env);
   CHECK(args[0]->IsObject());
   Local<Object> obj = args[0].As<Object>();
 
@@ -159,6 +161,48 @@ void BindingData::SetCallbacks(const FunctionCallbackInfo<Value>& args) {
 #undef V
 }
 
+void BindingData::FlushPacketFreelist(const FunctionCallbackInfo<Value>& args) {
+  auto env = Environment::GetCurrent(args);
+  auto& state = BindingData::Get(env);
+  state.packet_freelist.clear();
+}
+
+NgTcp2CallbackScope::NgTcp2CallbackScope(Environment* env) : env(env) {
+  auto& binding = BindingData::Get(env);
+  CHECK(!binding.in_ngtcp2_callback_scope);
+  binding.in_ngtcp2_callback_scope = true;
+}
+
+NgTcp2CallbackScope::~NgTcp2CallbackScope() {
+  auto& binding = BindingData::Get(env);
+  binding.in_ngtcp2_callback_scope = false;
+}
+
+bool NgTcp2CallbackScope::in_ngtcp2_callback(Environment* env) {
+  auto& binding = BindingData::Get(env);
+  return binding.in_ngtcp2_callback_scope;
+}
+
+NgHttp3CallbackScope::NgHttp3CallbackScope(Environment* env) : env(env) {
+  auto& binding = BindingData::Get(env);
+  CHECK(!binding.in_nghttp3_callback_scope);
+  binding.in_nghttp3_callback_scope = true;
+}
+
+NgHttp3CallbackScope::~NgHttp3CallbackScope() {
+  auto& binding = BindingData::Get(env);
+  binding.in_nghttp3_callback_scope = false;
+}
+
+bool NgHttp3CallbackScope::in_nghttp3_callback(Environment* env) {
+  auto& binding = BindingData::Get(env);
+  return binding.in_nghttp3_callback_scope;
+}
+
+void IllegalConstructor(const FunctionCallbackInfo<Value>& args) {
+  THROW_ERR_ILLEGAL_CONSTRUCTOR(Environment::GetCurrent(args));
+}
+
 }  // namespace quic
 }  // namespace node
 

src/quic/bindingdata.h

@@ -12,11 +12,13 @@
 #include <node.h>
 #include <node_mem.h>
 #include <v8.h>
+#include <vector>
 
 namespace node {
 namespace quic {
 
 class Endpoint;
+class Packet;
 
 enum class Side {
   CLIENT = NGTCP2_CRYPTO_SIDE_CLIENT,
@@ -64,23 +66,37 @@ constexpr size_t kDefaultMaxPacketLength = NGTCP2_MAX_UDP_PAYLOAD_SIZE;
 #define QUIC_STRINGS(V)                                                        \
   V(ack_delay_exponent, "ackDelayExponent")                                    \
   V(active_connection_id_limit, "activeConnectionIDLimit")                     \
+  V(alpn, "alpn")                                                              \
+  V(ca, "ca")                                                                  \
+  V(certs, "certs")                                                            \
+  V(crl, "crl")                                                                \
+  V(ciphers, "ciphers")                                                        \
   V(disable_active_migration, "disableActiveMigration")                        \
+  V(enable_tls_trace, "tlsTrace")                                              \
   V(endpoint, "Endpoint")                                                      \
   V(endpoint_udp, "Endpoint::UDP")                                             \
+  V(groups, "groups")                                                          \
+  V(hostname, "hostname")                                                      \
   V(http3_alpn, &NGHTTP3_ALPN_H3[1])                                           \
   V(initial_max_data, "initialMaxData")                                        \
   V(initial_max_stream_data_bidi_local, "initialMaxStreamDataBidiLocal")       \
   V(initial_max_stream_data_bidi_remote, "initialMaxStreamDataBidiRemote")     \
   V(initial_max_stream_data_uni, "initialMaxStreamDataUni")                    \
   V(initial_max_streams_bidi, "initialMaxStreamsBidi")                         \
   V(initial_max_streams_uni, "initialMaxStreamsUni")                           \
+  V(keylog, "keylog")                                                          \
+  V(keys, "keys")                                                              \
   V(logstream, "LogStream")                                                    \
   V(max_ack_delay, "maxAckDelay")                                              \
   V(max_datagram_frame_size, "maxDatagramFrameSize")                           \
   V(max_idle_timeout, "maxIdleTimeout")                                        \
   V(packetwrap, "PacketWrap")                                                  \
+  V(reject_unauthorized, "rejectUnauthorized")                                 \
+  V(request_peer_certificate, "requestPeerCertificate")                        \
   V(session, "Session")                                                        \
-  V(stream, "Stream")
+  V(session_id_ctx, "sessionIDContext")                                        \
+  V(stream, "Stream")                                                          \
+  V(verify_hostname_identity, "verifyHostnameIdentity")
 
 // =============================================================================
 // The BindingState object holds state for the internalBinding('quic') binding
@@ -115,12 +131,14 @@ class BindingData final
   // bridge out to the JS API.
   static void SetCallbacks(const v8::FunctionCallbackInfo<v8::Value>& args);
 
-  // TODO(@jasnell) This will be added when Endpoint is implemented.
-  // // A set of listening Endpoints. We maintain this to ensure that the
-  // Endpoint
-  // // cannot be gc'd while it is still listening and there are active
-  // // connections.
-  // std::unordered_map<Endpoint*, BaseObjectPtr<Endpoint>> listening_endpoints;
+  std::vector<BaseObjectPtr<BaseObject>> packet_freelist;
+
+  // Purge the packet free list to free up memory.
+  static void FlushPacketFreelist(
+      const v8::FunctionCallbackInfo<v8::Value>& args);
+
+  bool in_ngtcp2_callback_scope = false;
+  bool in_nghttp3_callback_scope = false;
 
   // The following set up various storage and accessors for common strings,
   // construction templates, and callbacks stored on the BindingData. These
@@ -166,6 +184,25 @@ class BindingData final
 #undef V
 };
 
+void IllegalConstructor(const v8::FunctionCallbackInfo<v8::Value>& args);
+
+// The ngtcp2 and nghttp3 callbacks have certain restrictions
+// that forbid re-entry. We provide the following scopes for
+// use in those to help protect against it.
+struct NgTcp2CallbackScope {
+  Environment* env;
+  explicit NgTcp2CallbackScope(Environment* env);
+  ~NgTcp2CallbackScope();
+  static bool in_ngtcp2_callback(Environment* env);
+};
+
+struct NgHttp3CallbackScope {
+  Environment* env;
+  explicit NgHttp3CallbackScope(Environment* env);
+  ~NgHttp3CallbackScope();
+  static bool in_nghttp3_callback(Environment* env);
+};
+
 }  // namespace quic
 }  // namespace node
 

src/quic/defs.h

@@ -1,12 +1,28 @@
 #pragma once
 
+#include <aliased_struct.h>
 #include <env.h>
 #include <node_errors.h>
+#include <uv.h>
 #include <v8.h>
 
 namespace node {
 namespace quic {
 
+template <typename Opt, std::string Opt::*member>
+bool SetOption(Environment* env,
+               Opt* options,
+               const v8::Local<v8::Object>& object,
+               const v8::Local<v8::String>& name) {
+  v8::Local<v8::Value> value;
+  if (!object->Get(env->context(), name).ToLocal(&value)) return false;
+  if (!value->IsUndefined()) {
+    Utf8Value utf8(env->isolate(), value);
+    options->*member = *utf8;
+  }
+  return true;
+}
+
 template <typename Opt, bool Opt::*member>
 bool SetOption(Environment* env,
                Opt* options,
@@ -50,5 +66,37 @@ bool SetOption(Environment* env,
   return true;
 }
 
+// Utilities used to update the stats for Endpoint, Session, and Stream
+// objects. The stats themselves are maintained in an AliasedStruct within
+// each of the relevant classes.
+
+template <typename Stats, uint64_t Stats::*member>
+void IncrementStat(Stats* stats, uint64_t amt = 1) {
+  stats->*member += amt;
+}
+
+template <typename Stats, uint64_t Stats::*member>
+void RecordTimestampStat(Stats* stats) {
+  stats->*member = uv_hrtime();
+}
+
+template <typename Stats, uint64_t Stats::*member>
+void SetStat(Stats* stats, uint64_t val) {
+  stats->*member = val;
+}
+
+template <typename Stats, uint64_t Stats::*member>
+uint64_t GetStat(Stats* stats) {
+  return stats->*member;
+}
+
+#define STAT_INCREMENT(Type, name) IncrementStat<Type, &Type::name>(&stats_);
+#define STAT_INCREMENT_N(Type, name, amt)                                      \
+  IncrementStat<Type, &Type::name>(&stats_, amt);
+#define STAT_RECORD_TIMESTAMP(Type, name)                                      \
+  RecordTimestampStat<Type, &Type::name>(&stats_);
+#define STAT_SET(Type, name, val) SetStat<Type, &Type::name>(&stats_, val);
+#define STAT_GET(Type, name) GetStat<Type, &Type::name>(&stats_);
+
 }  // namespace quic
 }  // namespace node

src/quic/packet.cc

@@ -0,0 +1,168 @@
+#pragma once
+
+#if defined(NODE_WANT_INTERNALS) && NODE_WANT_INTERNALS
+#if HAVE_OPENSSL && NODE_OPENSSL_HAS_QUIC
+
+#include <base_object.h>
+#include <env.h>
+#include <ngtcp2/ngtcp2.h>
+#include <node_external_reference.h>
+#include <node_sockaddr.h>
+#include <req_wrap.h>
+#include <uv.h>
+#include <v8.h>
+#include <string>
+#include "bindingdata.h"
+#include "cid.h"
+#include "data.h"
+#include "tokens.h"
+
+namespace node {
+namespace quic {
+
+struct PathDescriptor {
+  uint32_t version;
+  const CID& dcid;
+  const CID& scid;
+  const SocketAddress& local_address;
+  const SocketAddress& remote_address;
+};
+
+// A Packet encapsulates serialized outbound QUIC data.
+// Packets must never be larger than the path MTU. The
+// default QUIC packet maximum length is 1200 bytes,
+// which we assume by default. The packet storage will
+// be stack allocated up to this size.
+//
+// Packets are maintained in a freelist held by the
+// BindingData instance. When using Create() to create
+// a Packet, we'll check to see if there is a free
+// packet in the freelist and use it instead of starting
+// fresh with a new packet. The freelist can store at
+// most kMaxFreeList packets
+//
+// Packets are always encrypted so their content should
+// be considered opaque to us. We leave it entirely up
+// to ngtcp2 how to encode QUIC frames into the packet.
+class Packet final : public ReqWrap<uv_udp_send_t> {
+ private:
+  struct Data;
+
+ public:
+  using Queue = std::deque<BaseObjectPtr<Packet>>;
+
+  static v8::Local<v8::FunctionTemplate> GetConstructorTemplate(
+      Environment* env);
+
+  class Listener {
+   public:
+    virtual void PacketDone(int status) = 0;
+  };
+
+  // Do not use the Packet constructors directly to create
+  // them. These are public only to support MakeBaseObject.
+  // Use the Create, or Create variants to create or
+  // acquire packet instances.
+
+  Packet(Environment* env,
+         Listener* listener,
+         v8::Local<v8::Object> object,
+         const SocketAddress& destination,
+         size_t length,
+         const char* diagnostic_label = "<unknown>");
+
+  Packet(Environment* env,
+         Listener* listener,
+         v8::Local<v8::Object> object,
+         const SocketAddress& destination,
+         std::shared_ptr<Data> data);
+
+  Packet(const Packet&) = delete;
+  Packet(Packet&&) = delete;
+  Packet& operator=(const Packet&) = delete;
+  Packet& operator=(Packet&&) = delete;
+
+  const SocketAddress& destination() const;
+  bool is_sending() const;
+  size_t length() const;
+  operator uv_buf_t() const;
+  operator ngtcp2_vec() const;
+
+  // Modify the size of the packet after ngtcp2 has written
+  // to it. len must be <= length(). We call this after we've
+  // asked ngtcp2 to encode frames into the packet and ngtcp2
+  // tells us how many of the packets bytes were used.
+  void Truncate(size_t len);
+
+  static BaseObjectPtr<Packet> Create(
+      Environment* env,
+      Listener* listener,
+      const SocketAddress& destination,
+      size_t length = kDefaultMaxPacketLength,
+      const char* diagnostic_label = "<unknown>");
+
+  BaseObjectPtr<Packet> Clone() const;
+
+  void MemoryInfo(MemoryTracker* tracker) const override;
+  SET_MEMORY_INFO_NAME(Packet)
+  SET_SELF_SIZE(Packet)
+
+  std::string ToString() const;
+
+  // Transmits the packet. The handle is the bound uv_udp_t
+  // port that we're sending on, the ref is a pointer to the
+  // HandleWrap that owns the handle.
+  int Send(uv_udp_t* handle, BaseObjectPtr<BaseObject> ref);
+
+  static BaseObjectPtr<Packet> CreateRetryPacket(
+      Environment* env,
+      Listener* listener,
+      const PathDescriptor& path_descriptor,
+      const TokenSecret& token_secret);
+
+  static BaseObjectPtr<Packet> CreateConnectionClosePacket(
+      Environment* env,
+      Listener* listener,
+      const SocketAddress& destination,
+      ngtcp2_conn* conn,
+      const QuicError& error);
+
+  static BaseObjectPtr<Packet> CreateImmediateConnectionClosePacket(
+      Environment* env,
+      Listener* listener,
+      const SocketAddress& destination,
+      const PathDescriptor& path_descriptor,
+      const QuicError& reason);
+
+  static BaseObjectPtr<Packet> CreateStatelessResetPacket(
+      Environment* env,
+      Listener* listener,
+      const PathDescriptor& path_descriptor,
+      const TokenSecret& token_secret,
+      size_t source_len);
+
+  static BaseObjectPtr<Packet> CreateVersionNegotiationPacket(
+      Environment* env,
+      Listener* listener,
+      const PathDescriptor& path_descriptor);
+
+ private:
+  static BaseObjectPtr<Packet> FromFreeList(Environment* env,
+                                            std::shared_ptr<Data> data,
+                                            Listener* listener,
+                                            const SocketAddress& destination);
+
+  // Called when the packet is done being sent.
+  void Done(int status);
+
+  Listener* listener_;
+  SocketAddress destination_;
+  std::shared_ptr<Data> data_;
+  BaseObjectPtr<BaseObject> handle_;
+};
+
+}  // namespace quic
+}  // namespace node
+
+#endif  // HAVE_OPENSSL && NODE_OPENSSL_HAS_QUIC
+#endif  // defined(NODE_WANT_INTERNALS) && NODE_WANT_INTERNALS

src/quic/packet.h

@@ -0,0 +1,176 @@
+#pragma once
+
+#if defined(NODE_WANT_INTERNALS) && NODE_WANT_INTERNALS
+#if HAVE_OPENSSL && NODE_OPENSSL_HAS_QUIC
+
+#include <base_object.h>
+#include <crypto/crypto_context.h>
+#include <crypto/crypto_keys.h>
+#include <memory_tracker.h>
+#include <ngtcp2/ngtcp2_crypto.h>
+#include "bindingdata.h"
+#include "data.h"
+#include "sessionticket.h"
+
+namespace node {
+namespace quic {
+
+class Session;
+
+// Every QUIC Session has exactly one TLSContext that maintains the state
+// of the TLS handshake and negotiated cipher keys after the handshake has
+// been completed. It is separated out from the main Session class only as a
+// convenience to help make the code more maintainable and understandable.
+class TLSContext final : public MemoryRetainer {
+ public:
+  static constexpr auto DEFAULT_CIPHERS = "TLS_AES_128_GCM_SHA256:"
+                                          "TLS_AES_256_GCM_SHA384:"
+                                          "TLS_CHACHA20_POLY1305_"
+                                          "SHA256:TLS_AES_128_CCM_SHA256";
+  static constexpr auto DEFAULT_GROUPS = "X25519:P-256:P-384:P-521";
+
+  static inline const TLSContext& From(const SSL* ssl);
+  static inline TLSContext& From(SSL* ssl);
+
+  struct Options final : public MemoryRetainer {
+    // The protocol identifier to be used by this Session.
+    std::string alpn = NGHTTP3_ALPN_H3;
+
+    // The SNI hostname to be used. This is used only by client Sessions to
+    // identify the SNI host in the TLS client hello message.
+    std::string hostname = "";
+
+    // When true, TLS keylog data will be emitted to the JavaScript session.
+    bool keylog = false;
+
+    // When set, the peer certificate is verified against the list of supplied
+    // CAs. If verification fails, the connection will be refused.
+    bool reject_unauthorized = true;
+
+    // When set, enables TLS tracing for the session. This should only be used
+    // for debugging.
+    bool enable_tls_trace = false;
+
+    // Options only used by server sessions:
+
+    // When set, instructs the server session to request a client authentication
+    // certificate.
+    bool request_peer_certificate = false;
+
+    // Options only used by client sessions:
+
+    // When set, instructs the client session to verify the hostname default.
+    // This is required by QUIC and enabled by default. We allow disabling it
+    // only for debugging.
+    bool verify_hostname_identity = true;
+
+    // The TLS session ID context (only used on the server)
+    std::string session_id_ctx = "Node.js QUIC Server";
+
+    // TLS cipher suite
+    std::string ciphers = DEFAULT_CIPHERS;
+
+    // TLS groups
+    std::string groups = DEFAULT_GROUPS;
+
+    // The TLS private key to use for this session.
+    std::vector<std::shared_ptr<crypto::KeyObjectData>> keys;
+
+    // Collection of certificates to use for this session.
+    std::vector<Store> certs;
+
+    // Optional certificate authority overrides to use.
+    std::vector<Store> ca;
+
+    // Optional certificate revocation lists to use.
+    std::vector<Store> crl;
+
+    void MemoryInfo(MemoryTracker* tracker) const override;
+    SET_MEMORY_INFO_NAME(CryptoContext::Options)
+    SET_SELF_SIZE(Options)
+
+    static v8::Maybe<const Options> From(Environment* env,
+                                         v8::Local<v8::Value> value);
+  };
+
+  static const Options kDefaultOptions;
+
+  TLSContext(Environment* env,
+             Side side,
+             Session* session,
+             const Options& options);
+  TLSContext(const TLSContext&) = delete;
+  TLSContext(TLSContext&&) = delete;
+  TLSContext& operator=(const TLSContext&) = delete;
+  TLSContext& operator=(TLSContext&&) = delete;
+
+  // Start the TLS handshake.
+  void Start();
+
+  // TLS Keylogging is enabled per-Session by attaching a handler to the
+  // "keylog" event. Each keylog line is emitted to JavaScript where it can be
+  // routed to whatever destination makes sense. Typically, this will be to a
+  // keylog file that can be consumed by tools like Wireshark to intercept and
+  // decrypt QUIC network traffic.
+  void Keylog(const char* line) const;
+
+  // Called when a chunk of peer TLS handshake data is received. For every
+  // chunk, we move the TLS handshake further along until it is complete.
+  int Receive(ngtcp2_crypto_level crypto_level,
+              uint64_t offset,
+              const ngtcp2_vec& vec);
+
+  v8::MaybeLocal<v8::Object> cert(Environment* env) const;
+  v8::MaybeLocal<v8::Object> peer_cert(Environment* env) const;
+  v8::MaybeLocal<v8::Value> cipher_name(Environment* env) const;
+  v8::MaybeLocal<v8::Value> cipher_version(Environment* env) const;
+  v8::MaybeLocal<v8::Object> ephemeral_key(Environment* env) const;
+
+  // The SNI servername negotiated for the session
+  const std::string_view servername() const;
+
+  // The ALPN (protocol name) negotiated for the session
+  const std::string_view alpn() const;
+
+  // Triggers key update to begin. This will fail and return false if either a
+  // previous key update is in progress and has not been confirmed or if the
+  // initial handshake has not yet been confirmed.
+  bool InitiateKeyUpdate();
+
+  int VerifyPeerIdentity();
+
+  Side side() const;
+  const Options& options() const;
+
+  int OnNewSession(SSL_SESSION* session);
+
+  void MaybeSetEarlySession(const SessionTicket& sessionTicket);
+  bool early_data_was_accepted() const;
+
+  void MemoryInfo(MemoryTracker* tracker) const override;
+  SET_MEMORY_INFO_NAME(CryptoContext)
+  SET_SELF_SIZE(TLSContext)
+
+ private:
+  static ngtcp2_conn* getConnection(ngtcp2_crypto_conn_ref* ref);
+  ngtcp2_crypto_conn_ref conn_ref_;
+
+  Side side_;
+  Environment* env_;
+  Session* session_;
+  const Options options_;
+  BaseObjectPtr<crypto::SecureContext> secure_context_;
+  crypto::SSLPointer ssl_;
+  crypto::BIOPointer bio_trace_;
+
+  bool in_key_update_ = false;
+  bool early_data_ = false;
+
+  friend class Session;
+};
+
+}  // namespace quic
+}  // namespace node
+
+#endif  // HAVE_OPENSSL && NODE_OPENSSL_HAS_QUIC
+#endif  // defined(NODE_WANT_INTERNALS) && NODE_WANT_INTERNALS

src/quic/tlscontext.cc

@@ -67,6 +67,7 @@ const { getSystemErrorName } = require('util');
     delete providers.RANDOMPRIMEREQUEST;
     delete providers.CHECKPRIMEREQUEST;
     delete providers.QUIC_LOGSTREAM;
+    delete providers.QUIC_PACKET;
 
     const objKeys = Object.keys(providers);
     if (objKeys.length > 0)