feat: loading TLS certs from memory and wireshark debugging

* Fixes #2

[ci skip]

Author: CMCDragonkai

Cargo.lock

@@ -14,8 +14,8 @@ path = "src/native/napi/lib.rs"
 napi = { version = "2", features = ["async", "napi6", "serde-json"] }
 serde = { version = "1.0", features = ["derive"] }
 napi-derive = "2"
-quiche = "0.16.0"
-boring = "2.0.0"
+quiche = { version = "0.16.0", features = ["boringssl-boring-crate", "boringssl-vendored"] }
+boring = "2.1.0"
 
 [build-dependencies]
 napi-build = "2"

Cargo.toml

@@ -132,6 +132,7 @@ export function retry(scid: Uint8Array, dcid: Uint8Array, newScid: Uint8Array, t
 export function versionIsSupported(version: number): boolean
 export class Config {
   constructor()
+  static withBoringSslCtx(certPem?: Uint8Array | undefined | null, keyPem?: Uint8Array | undefined | null): Config
   loadCertChainFromPemFile(file: string): void
   loadPrivKeyFromPemFile(file: string): void
   loadVerifyLocationsFromFile(file: string): void
@@ -173,6 +174,7 @@ export class Connection {
    */
   static connect(serverName: string | undefined | null, scid: Uint8Array, localHost: HostPort, remoteHost: HostPort, config: Config): Connection
   static accept(scid: Uint8Array, odcid: Uint8Array | undefined | null, localHost: HostPort, remoteHost: HostPort, config: Config): Connection
+  setKeylog(path: string): void
   setSession(session: Uint8Array): void
   recv(data: Uint8Array, recvInfo: RecvInfo): number
   /**

index.d.ts

@@ -11,10 +11,14 @@ mkShell {
     rustc
     cargo
     cmake
+    # Rust bindgen hook (necessary to build boring)
+    rustPlatform.bindgenHook
+    jetbrains.webstorm
   ];
   # Don't set rpath for native addons
   NIX_DONT_SET_RPATH = true;
   NIX_NO_SELF_RPATH = true;
+  RUST_SRC_PATH = "${rustPlatform.rustLibSrc}";
   shellHook = ''
     echo "Entering $(npm pkg get name)"
     set -o allexport

shell.nix

@@ -1,5 +1,6 @@
 import type { ConnectionId, ConnectionIdString, Crypto, Host, Hostname, Port } from './types';
 import type { Header, Config, Connection } from './native/types';
+import type { QUICConfig } from './config';
 import Logger from '@matrixai/logger';
 import {
   CreateDestroy,
@@ -11,6 +12,7 @@ import { Quiche, quiche, Type } from './native';
 import * as utils from './utils';
 import * as errors from './errors';
 import * as events from './events';
+import { clientDefault } from './config';
 import QUICSocket from './QUICSocket';
 import QUICConnection from './QUICConnection';
 import QUICConnectionMap from './QUICConnectionMap';
@@ -56,6 +58,7 @@ class QUICClient extends EventTarget {
     socket,
     resolveHostname = utils.resolveHostname,
     logger = new Logger(`${this.name}`),
+    config = {},
   }: {
     host: Host | Hostname,
     port: Port,
@@ -68,34 +71,15 @@ class QUICClient extends EventTarget {
     socket?: QUICSocket;
     resolveHostname?: (hostname: Hostname) => Host | PromiseLike<Host>;
     logger?: Logger;
+    config?: Partial<QUICConfig>;
   }) {
-    let isSocketShared: boolean;
+    const quicConfig = {
+      ...clientDefault,
+      ...config
+    };
     const scidBuffer = new ArrayBuffer(quiche.MAX_CONN_ID_LEN);
     await crypto.ops.randomBytes(scidBuffer);
     const scid = new QUICConnectionId(scidBuffer);
-    const config = new quiche.Config();
-    // TODO: disable this (because we still need to run with TLS)
-    config.verifyPeer(false);
-    config.grease(true);
-    config.setMaxIdleTimeout(5000);
-    config.setMaxRecvUdpPayloadSize(quiche.MAX_DATAGRAM_SIZE);
-    config.setMaxSendUdpPayloadSize(quiche.MAX_DATAGRAM_SIZE);
-    config.setInitialMaxData(10000000);
-    config.setInitialMaxStreamDataBidiLocal(1000000);
-    config.setInitialMaxStreamDataBidiRemote(1000000);
-    config.setInitialMaxStreamsBidi(100);
-    config.setInitialMaxStreamsUni(100);
-    config.setDisableActiveMigration(true);
-    config.setApplicationProtos(
-      [
-        'hq-interop',
-        'hq-29',
-        'hq-28',
-        'hq-27',
-        'http/0.9'
-      ]
-    );
-    config.enableEarlyData();
     let address = utils.buildAddress(host, port);
     logger.info(`Create ${this.name} to ${address}`);
     let [host_] = await utils.resolveHost(host, resolveHostname);
@@ -104,12 +88,28 @@ class QUICClient extends EventTarget {
     // in this case, 0.0.0.0 is resolved to 127.0.0.1 and :: and ::0 is
     // resolved to ::1
     host_ = utils.resolvesZeroIP(host_);
+    const {
+      p: errorP,
+      rejectP: rejectErrorP
+    } = utils.promise();
+    const handleQUICSocketError = (e: events.QUICSocketErrorEvent) => {
+      rejectErrorP(e.detail);
+    };
+    const handleConnectionError = (e: events.QUICConnectionErrorEvent) => {
+      rejectErrorP(e.detail);
+    };
+    let isSocketShared: boolean;
     if (socket == null) {
       socket = new QUICSocket({
         crypto,
         resolveHostname,
         logger: logger.getChild(QUICSocket.name)
       });
+      socket.addEventListener(
+        'error',
+        handleQUICSocketError,
+        { once: true }
+      );
       isSocketShared = false;
       await socket.start({
         host: localHost,
@@ -159,28 +159,30 @@ class QUICClient extends EventTarget {
         host: host_,
         port
       },
-      config,
+      config: quicConfig,
       logger: logger.getChild(`${QUICConnection.name} ${scid}`)
     });
-
-    const {
-      p: errorP,
-      rejectP: rejectErrorP
-    } = utils.promise();
-    const handleConnectionError = (e: events.QUICConnectionErrorEvent) => {
-      rejectErrorP(e.detail);
-    };
     connection.addEventListener(
       'error',
       handleConnectionError,
       { once: true }
     );
+    console.log('CLIENT TRIGGER SEND');
     // This will not raise an error
     await connection.send();
-
     // This will wait to be established, while also rejecting on error
-    await Promise.race([connection.establishedP, errorP]);
+    try {
+      await Promise.race([connection.establishedP, errorP]);
+    } catch (e) {
+      if (!isSocketShared) {
+        // Stop our own socket
+        await socket.stop();
+      }
+      throw e;
+    }
 
+    // Remove the temporary socket error handler
+    socket.removeEventListener('error', handleQUICSocketError);
     // Remove the temporary connection error handler
     connection.removeEventListener('error', handleConnectionError);
 

src/QUICClient.ts

@@ -1,6 +1,11 @@
 import type QUICSocket from './QUICSocket';
 import type QUICConnectionMap from './QUICConnectionMap';
 import type QUICConnectionId from './QUICConnectionId';
+
+// This is specialized type
+import type { QUICConfig } from './config';
+
+
 import type { Host, ConnectionId, Port, StreamId, RemoteInfo } from './types';
 import type { Config, Connection, SendInfo, ConnectionErrorCode } from './native/types';
 import {
@@ -15,6 +20,7 @@ import { quiche } from './native';
 import * as events from './events';
 import * as utils from './utils';
 import * as errors from './errors';
+import { buildQuicheConfig } from './config';
 
 /**
  * Think of this as equivalent to `net.Socket`.
@@ -33,7 +39,6 @@ class QUICConnection extends EventTarget {
   public readonly connectionId: QUICConnectionId;
   public readonly type: 'client' | 'server';
 
-
   public conn: Connection;
   public connectionMap: QUICConnectionMap;
   public streamMap: Map<StreamId, QUICStream> = new Map();
@@ -95,10 +100,11 @@ class QUICConnection extends EventTarget {
     scid: QUICConnectionId;
     socket: QUICSocket;
     remoteInfo: RemoteInfo;
-    config: Config;
+    config: QUICConfig;
     logger?: Logger;
   }) {
     logger.info(`Connect ${this.name}`);
+    const quicheConfig = buildQuicheConfig(config);
     const conn = quiche.Connection.connect(
       null,
       scid,
@@ -110,8 +116,12 @@ class QUICConnection extends EventTarget {
         host: remoteInfo.host,
         port: remoteInfo.port,
       },
-      config
+      quicheConfig
     );
+    // This will output to the log keys file path
+    if (config.logKeys != null) {
+      conn.setKeylog(config.logKeys);
+    }
     const connection = new this({
       type: 'client',
       conn,
@@ -140,10 +150,11 @@ class QUICConnection extends EventTarget {
     dcid: QUICConnectionId;
     socket: QUICSocket;
     remoteInfo: RemoteInfo;
-    config: Config;
+    config: QUICConfig;
     logger?: Logger;
   }): Promise<QUICConnection> {
     logger.info(`Accept ${this.name}`);
+    const quicheConfig = buildQuicheConfig(config);
     const conn = quiche.Connection.accept(
       scid,
       dcid,
@@ -155,8 +166,12 @@ class QUICConnection extends EventTarget {
         host: remoteInfo.host,
         port: remoteInfo.port,
       },
-      config
+      quicheConfig
     );
+    // This will output to the log keys file path
+    if (config.logKeys != null) {
+      conn.setKeylog(config.logKeys);
+    }
     const connection = new this({
       type: 'server',
       conn,
@@ -212,6 +227,13 @@ class QUICConnection extends EventTarget {
 
   }
 
+  // Immediately call this after construction
+  // if you want to pass the key log to something
+  // note that you must close the file descriptor afterwards
+  public setKeylog(path) {
+    this.conn.setKeylog(path);
+  }
+
   public get remoteHost() {
     return this._remoteHost;
   }
@@ -290,6 +312,8 @@ class QUICConnection extends EventTarget {
    */
   @ready(new errors.ErrorQUICConnectionDestroyed(), false, ['destroying'])
   public async recv(data: Uint8Array, remoteInfo: RemoteInfo) {
+    console.log('RECV CALLED');
+
     try {
       if (this.conn.isClosed()) {
         if (this.resolveCloseP != null) this.resolveCloseP();
@@ -372,6 +396,8 @@ class QUICConnection extends EventTarget {
           this.conn.isDraining()
         )
       ) {
+
+        console.log('CALLING DESTROY 2');
         await this.destroy();
       }
     }
@@ -396,10 +422,12 @@ class QUICConnection extends EventTarget {
    */
   @ready(new errors.ErrorQUICConnectionDestroyed(), false, ['destroying'])
   public async send(): Promise<void> {
+
+    console.log('SEND CALLED');
+
     try {
       if (this.conn.isClosed()) {
 
-        // console.log('I AM RESOLVING THE CLOSE');
 
         if (this.resolveCloseP != null) this.resolveCloseP();
         return;
@@ -443,6 +471,7 @@ class QUICConnection extends EventTarget {
         try {
 
           // console.log('ATTEMPTING SEND', sendBuffer, 0, sendLength, sendInfo.to.port, sendInfo.to.host);
+          console.log('SEND UDP PACKET');
 
           await this.socket.send(
             sendBuffer,
@@ -465,6 +494,9 @@ class QUICConnection extends EventTarget {
         this[status] !== 'destroying' &&
         (this.conn.isClosed() || this.conn.isDraining())
       ) {
+
+        console.log('CALLING DESTROY');
+
         await this.destroy();
       } else if (
         this[status] === 'destroying' &&
@@ -550,6 +582,13 @@ class QUICConnection extends EventTarget {
     // During construction, this ends up being null
     const time = this.conn.timeout();
 
+
+    // I think...
+    // if we have a null timeout here
+    // AND we are also closed or is draining
+    // then we can emit a timeout error
+
+
     // On the receive
     // this is called again
     // the result is 5000 ms
@@ -599,19 +638,25 @@ class QUICConnection extends EventTarget {
           // console.log('resumed', this.conn.isResumed());
 
           // Trigger a send, this will also set the timeout again at the end
+
+          console.log('TIMEOUT TRIGGER SEND');
+
           await this.send();
         },
         time
       );
     } else {
-
       // console.log('Clearing the timeout');
-
       clearTimeout(this.timer);
       delete this.timer;
+      if (this.conn.isClosed() || this.conn.isDraining()) {
+        this.dispatchEvent(
+          new events.QUICConnectionErrorEvent({
+            detail: new errors.ErrorQUICConnectionTimeout()
+          })
+        );
+      }
     }
-
-    // console.groupEnd();
   }
 }