WIP

Author: CMCDragonkai

src/QUICServer.ts

@@ -146,15 +146,17 @@ class QUICServer extends EventTarget {
   public async start({
     host = '::' as Host,
     port = 0 as Port,
+    reuseAddr,
   }: {
     host?: Host | Hostname;
     port?: Port;
+    reuseAddr?: boolean;
   } = {}) {
     let address: string;
     if (!this.isSocketShared) {
       address = utils.buildAddress(host, port);
       this.logger.info(`Start ${this.constructor.name} on ${address}`);
-      await this.socket.start({ host, port });
+      await this.socket.start({ host, port, reuseAddr });
       this.socket.addEventListener('error', this.handleQUICSocketError);
       address = utils.buildAddress(this.socket.host, this.socket.port);
     } else {
@@ -193,6 +195,9 @@ class QUICServer extends EventTarget {
     this.logger.info(`Stopped ${this.constructor.name} on ${address}`);
   }
 
+  /**
+   * @internal
+   */
   public async connectionNew(
     data: Buffer,
     remoteInfo: RemoteInfo,

src/QUICSocket.ts

@@ -72,15 +72,8 @@ class QUICSocket extends EventTarget {
       }
       return;
     }
-
-    // Apparently if it is a UDP datagram
-    // it could be a QUIC datagram, and not part of any connection
-    // However I don't know how the DCID would work in a QUIC dgram
-    // We have not explored this yet
-
     // Destination Connection ID is the ID the remote peer chose for us.
     const dcid = new QUICConnectionId(header.dcid);
-
     // Derive our SCID using HMAC signing.
     const scid = new QUICConnectionId(
       await this.crypto.ops.sign(
@@ -90,12 +83,10 @@ class QUICSocket extends EventTarget {
       0,
       quiche.MAX_CONN_ID_LEN,
     );
-
     const remoteInfo_ = {
       host: remoteInfo.address as Host,
       port: remoteInfo.port as Port,
     };
-
     // Now both must be checked
     let conn: QUICConnection;
     if (!this.connectionMap.has(dcid) && !this.connectionMap.has(scid)) {
@@ -207,10 +198,12 @@ class QUICSocket extends EventTarget {
   public async start({
     host = '::' as Host,
     port = 0 as Port,
+    reuseAddr = false,
     ipv6Only = false,
   }: {
     host?: Host | Hostname;
     port?: Port;
+    reuseAddr?: boolean;
     ipv6Only?: boolean;
   } = {}): Promise<void> {
     let address = utils.buildAddress(host, port);
@@ -223,7 +216,7 @@ class QUICSocket extends EventTarget {
     );
     this.socket = dgram.createSocket({
       type: udpType,
-      reuseAddr: false,
+      reuseAddr,
       ipv6Only,
     });
     this.socketBind = utils.promisify(this.socket.bind).bind(this.socket);

src/config.ts

@@ -16,9 +16,15 @@ export type TlsConfig =
     };
 
 type QUICConfig = {
+  // This is the same style as TLS in node.js, where Uint8Array or strings can be used
+  ca?: string | Array<string> | Uint8Array | Array<Uint8Array>;
+
+
   tlsConfig: TlsConfig | undefined;
-  verifyPem: string | undefined;
-  verifyFromPemFile: string | undefined;
+
+  // verifyPem: string | undefined;
+  // verifyFromPemFile: string | undefined;
+
   supportedPrivateKeyAlgos: string | undefined;
   verifyPeer: boolean;
   logKeys: string | undefined;
@@ -37,9 +43,10 @@ type QUICConfig = {
 };
 
 const clientDefault: QUICConfig = {
+  ca: undefined,
   tlsConfig: undefined,
-  verifyPem: undefined,
-  verifyFromPemFile: undefined,
+  // verifyPem: undefined,
+  // verifyFromPemFile: undefined,
   supportedPrivateKeyAlgos: supportedPrivateKeyAlgosDefault,
   logKeys: undefined,
   verifyPeer: true,
@@ -58,9 +65,11 @@ const clientDefault: QUICConfig = {
 };
 
 const serverDefault: QUICConfig = {
+  ca: undefined,
   tlsConfig: undefined,
-  verifyPem: undefined,
-  verifyFromPemFile: undefined,
+
+  // verifyPem: undefined,
+  // verifyFromPemFile: undefined,
   supportedPrivateKeyAlgos: supportedPrivateKeyAlgosDefault,
   logKeys: undefined,
   verifyPeer: false,
@@ -89,11 +98,35 @@ function buildQuicheConfig(config: QUICConfig): QuicheConfig {
       privKeyPem = Buffer.from(config.tlsConfig.privKeyPem);
     }
   }
+
+  // Ok let's see
+  let caBuffer;
+  if (config.ca != null) {
+    const textDecoder = new TextDecoder('utf-8');
+    const textEncoder = new TextEncoder();
+    let caPEMString = '';
+    if (typeof config.ca === 'string') {
+      caPEMString = config.ca.trim() + '\n';
+    } else if (config.ca instanceof Uint8Array) {
+      caPEMString = textDecoder.decode(config.ca).trim() + '\n';
+    } else if (Array.isArray(config.ca)) {
+      for (const c of config.ca) {
+        if (typeof c === 'string') {
+          caPEMString += c.trim() + '\n';
+        } else {
+          caPEMString += textDecoder.decode(c).trim() + '\n';
+        }
+      }
+    }
+    caBuffer = textEncoder.encode(caPEMString);
+  }
+
+
   const quicheConfig: QuicheConfig = quiche.Config.withBoringSslCtx(
     certChainPem,
     privKeyPem,
     config.supportedPrivateKeyAlgos ?? null,
-    config.verifyPem != null ? Buffer.from(config.verifyPem) : null,
+    caBuffer,
     config.verifyPeer,
   );
   if (config.tlsConfig != null && 'certChainFromPemFile' in config.tlsConfig) {
@@ -106,9 +139,9 @@ function buildQuicheConfig(config: QUICConfig): QuicheConfig {
       quicheConfig.loadPrivKeyFromPemFile(config.tlsConfig.privKeyFromPemFile);
     }
   }
-  if (config.verifyFromPemFile != null) {
-    quicheConfig.loadVerifyLocationsFromFile(config.verifyFromPemFile);
-  }
+  // if (config.verifyFromPemFile != null) {
+  //   quicheConfig.loadVerifyLocationsFromFile(config.verifyFromPemFile);
+  // }
   if (config.logKeys != null) {
     quicheConfig.logKeys();
   }

tests/QUICServer.test.ts

@@ -1,16 +1,212 @@
-import QUICServer from '@/QUICServer';
+import type { X509Certificate } from '@peculiar/x509';
+import type { Crypto, Host, Port } from '@/types';
+import type { QUICConfig } from '@/config';
+import dgram from 'dgram';
 import Logger, { LogLevel, StreamHandler, formatting } from '@matrixai/logger';
+import QUICServer from '@/QUICServer';
+import QUICConnectionId from '@/QUICConnectionId';
+import QUICConnection from '@/QUICConnection';
+import QUICSocket from '@/QUICSocket';
+import { clientDefault, buildQuicheConfig } from '@/config';
+import { quiche } from '@/native';
+import * as utils from '@/utils';
+import * as testsUtils from './utils';
 
 describe(QUICServer.name, () => {
-
   const logger = new Logger(`${QUICServer.name} Test`, LogLevel.WARN, [
     new StreamHandler(
       formatting.format`${formatting.level}:${formatting.keys}:${formatting.msg}`,
     ),
   ]);
-  describe('', async () => {
+  let keyPairRSA: {
+    publicKey: JsonWebKey;
+    privateKey: JsonWebKey;
+  };
+  let certRSA: X509Certificate;
+  let keyPairRSAPEM: {
+    publicKey: string;
+    privateKey: string;
+  };
+  let certRSAPEM: string;
+  let keyPairECDSA: {
+    publicKey: JsonWebKey;
+    privateKey: JsonWebKey;
+  };
+  let certECDSA: X509Certificate;
+  let keyPairECDSAPEM: {
+    publicKey: string;
+    privateKey: string;
+  };
+  let certECDSAPEM: string;
+  let keyPairEd25519: {
+    publicKey: JsonWebKey;
+    privateKey: JsonWebKey;
+  };
+  let certEd25519: X509Certificate;
+  let keyPairEd25519PEM: {
+    publicKey: string;
+    privateKey: string;
+  };
+  let certEd25519PEM: string;
+  beforeAll(async () => {
+    keyPairRSA = await testsUtils.generateKeyPairRSA();
+    certRSA = await testsUtils.generateCertificate({
+      certId: '0',
+      subjectKeyPair: keyPairRSA,
+      issuerPrivateKey: keyPairRSA.privateKey,
+      duration: 60 * 60 * 24 * 365 * 10,
+    });
+    keyPairRSAPEM = await testsUtils.keyPairRSAtoPEM(keyPairRSA);
+    certRSAPEM = testsUtils.certToPEM(certRSA);
+    keyPairECDSA = await testsUtils.generateKeyPairECDSA();
+    certECDSA = await testsUtils.generateCertificate({
+      certId: '0',
+      subjectKeyPair: keyPairECDSA,
+      issuerPrivateKey: keyPairECDSA.privateKey,
+      duration: 60 * 60 * 24 * 365 * 10,
+    });
+    keyPairECDSAPEM = await testsUtils.keyPairECDSAtoPEM(keyPairECDSA);
+    certECDSAPEM = testsUtils.certToPEM(certECDSA);
+    keyPairEd25519 = await testsUtils.generateKeyPairEd25519();
+    certEd25519 = await testsUtils.generateCertificate({
+      certId: '0',
+      subjectKeyPair: keyPairEd25519,
+      issuerPrivateKey: keyPairEd25519.privateKey,
+      duration: 60 * 60 * 24 * 365 * 10,
+    });
+    keyPairEd25519PEM = await testsUtils.keyPairEd25519ToPEM(keyPairEd25519);
+    certEd25519PEM = testsUtils.certToPEM(certEd25519);
+  });
+  // This has to be setup asynchronously due to key generation
+  let crypto: {
+    key: ArrayBuffer;
+    ops: Crypto;
+  };
+  beforeEach(async () => {
+    crypto = {
+      key: await testsUtils.generateKeyHMAC(),
+      ops: {
+        sign: testsUtils.signHMAC,
+        verify: testsUtils.verifyHMAC,
+        randomBytes: testsUtils.randomBytes,
+      },
+    };
+  });
+  describe('start and stop', () => {
+    test('with RSA', async () => {
+      const quicServer = new QUICServer({
+        crypto,
+        config: {
+          tlsConfig: {
+            privKeyPem: keyPairRSAPEM.privateKey,
+            certChainPem: certRSAPEM,
+          }
+        },
+        logger: logger.getChild('QUICServer'),
+      });
+      await quicServer.start();
+      // Default to dual-stack
+      expect(quicServer.host).toBe('::');
+      expect(typeof quicServer.port).toBe('number');
+      await quicServer.stop();
+    });
+    test('with ECDSA', async () => {
+      const quicServer = new QUICServer({
+        crypto,
+        config: {
+          tlsConfig: {
+            privKeyPem: keyPairECDSAPEM.privateKey,
+            certChainPem: certECDSAPEM,
+          }
+        },
+        logger: logger.getChild('QUICServer'),
+      });
+      await quicServer.start();
+      // Default to dual-stack
+      expect(quicServer.host).toBe('::');
+      expect(typeof quicServer.port).toBe('number');
+      await quicServer.stop();
+    });
+    test('with Ed25519', async () => {
+      const quicServer = new QUICServer({
+        crypto,
+        config: {
+          tlsConfig: {
+            privKeyPem: keyPairEd25519PEM.privateKey,
+            certChainPem: certEd25519PEM,
+          }
+        },
+        logger: logger.getChild('QUICServer'),
+      });
+      await quicServer.start();
+      // Default to dual-stack
+      expect(quicServer.host).toBe('::');
+      expect(typeof quicServer.port).toBe('number');
+      await quicServer.stop();
+    });
+  });
+  test('bootstrapping a new connection', async () => {
+    const quicServer = new QUICServer({
+      crypto,
+      config: {
+        tlsConfig: {
+          privKeyPem: keyPairEd25519PEM.privateKey,
+          certChainPem: certEd25519PEM,
+        }
+      },
+      logger: logger.getChild('QUICServer'),
+    });
+    await quicServer.start();
+
+
+
+    const scidBuffer = new ArrayBuffer(quiche.MAX_CONN_ID_LEN);
+    await crypto.ops.randomBytes(scidBuffer);
+    const scid = new QUICConnectionId(scidBuffer);
+
+    const socket = new QUICSocket({
+      crypto,
+      resolveHostname: utils.resolveHostname,
+      logger: logger.getChild(QUICSocket.name)
+    });
+    await socket.start();
+
+    // const config = buildQuicheConfig({
+    //   ...clientDefault
+    // });
+    // Here we want to VERIFY the peer
+    // If we use the same certificate
+    // then it should be consider as if it is trusted!
+
+    const quicConfig: QUICConfig = {
+      ...clientDefault,
+      verifyPeer: true
+    };
+
+
+    const connection = await QUICConnection.connectQUICConnection({
+      scid,
+      socket,
+
+      remoteInfo: {
+        host: utils.resolvesZeroIP(quicServer.host),
+        port: quicServer.port,
+      },
+
+      config: quicConfig,
+
+    });
+
+
+    await socket.stop();
+    await quicServer.stop();
+
+    // We can run with several rsa keypairs and certificates
 
   });
+  describe('updating configuration', () => {
 
+    // We want to test changing the configuration over time
 
+  });
 });