Expose Parameter for TLS Provider (microsoft#2762)

ami-GS · May 27, 2022 · 3c8faf6 · 3c8faf6
1 parent 7542d4d
commit 3c8faf6
Show file tree

Hide file tree

Showing 10 changed files with 89 additions and 1 deletion.
diff --git a/docs/Settings.md b/docs/Settings.md
@@ -90,6 +90,7 @@ These parameters are accessed by calling [GetParam](./api/GetParam.md) or [SetPa
 | `QUIC_PARAM_GLOBAL_VERSION_SETTINGS`<br> 7        | QUIC_VERSIONS_SETTINGS  | Both      | Globally change version settings for all subsequent connections.                                      |
 | `QUIC_PARAM_GLOBAL_LIBRARY_GIT_HASH`<br> 8        | char[64]                | Get-only  | Git hash used to build MsQuic (null terminated string)                                                |
 | `QUIC_PARAM_GLOBAL_DATAPATH_PROCESSORS`<br> 9      | uint16_t[]              | Both      | Globally change the list of CPUs that datapath can use. Must be set before opening registration.  |
+| `QUIC_PARAM_GLOBAL_TLS_PROVIDER`<br> 10      | QUIC_TLS_PROVIDER | Get-Only | The TLS provider being used by MsQuic for the TLS handshake. |
 
 
 ### Registration Parameters

diff --git a/scripts/generate-dotnet.ps1 b/scripts/generate-dotnet.ps1
@@ -53,6 +53,7 @@ Invoke-Expression "$ToolExe $FullArgs"
     -replace '\(anonymous union.+\)\"', "(anonymous union)`"" `
     -replace "public enum .*?_FLAGS","[System.Flags]`n    `$0" `
     -replace "const int", "const uint" `
+    -replace "  QUIC_TLS_PROVIDER_", "  " `
     -replace "  QUIC_EXECUTION_PROFILE_TYPE_", "  " `
     -replace "  QUIC_EXECUTION_PROFILE_", "  " `
     -replace "  QUIC_LOAD_BALANCING_", "  " `

diff --git a/src/core/library.c b/src/core/library.c
@@ -1216,6 +1216,25 @@ QuicLibraryGetGlobalParam(
         Status = QUIC_STATUS_SUCCESS;
         break;
 
+    case QUIC_PARAM_GLOBAL_TLS_PROVIDER:
+
+        if (*BufferLength < sizeof(QUIC_TLS_PROVIDER)) {
+            *BufferLength = sizeof(QUIC_TLS_PROVIDER);
+            Status = QUIC_STATUS_BUFFER_TOO_SMALL;
+            break;
+        }
+
+        if (Buffer == NULL) {
+            Status = QUIC_STATUS_INVALID_PARAMETER;
+            break;
+        }
+
+        *BufferLength = sizeof(QUIC_TLS_PROVIDER);
+        *(QUIC_TLS_PROVIDER*)Buffer = CxPlatTlsGetProvider();
+
+        Status = QUIC_STATUS_SUCCESS;
+        break;
+
     case QUIC_PARAM_GLOBAL_VERSION_NEGOTIATION_ENABLED:
 
         if (*BufferLength < sizeof(BOOLEAN)) {

diff --git a/src/cs/lib/msquic_generated.cs b/src/cs/lib/msquic_generated.cs
@@ -22,6 +22,12 @@ internal partial struct QUIC_HANDLE
     {
     }
 
+    internal enum QUIC_TLS_PROVIDER
+    {
+        SCHANNEL = 0x0000,
+        OPENSSL = 0x0001,
+    }
+
     internal enum QUIC_EXECUTION_PROFILE
     {
         LOW_LATENCY,
@@ -2592,6 +2598,9 @@ internal static unsafe partial class MsQuic
         [NativeTypeName("#define QUIC_PARAM_GLOBAL_DATAPATH_PROCESSORS 0x01000009")]
         internal const uint QUIC_PARAM_GLOBAL_DATAPATH_PROCESSORS = 0x01000009;
 
+        [NativeTypeName("#define QUIC_PARAM_GLOBAL_TLS_PROVIDER 0x0100000A")]
+        internal const uint QUIC_PARAM_GLOBAL_TLS_PROVIDER = 0x0100000A;
+
         [NativeTypeName("#define QUIC_PARAM_CONFIGURATION_SETTINGS 0x03000000")]
         internal const uint QUIC_PARAM_CONFIGURATION_SETTINGS = 0x03000000;
 

diff --git a/src/inc/msquic.h b/src/inc/msquic.h
@@ -70,6 +70,11 @@ typedef _In_range_(0, QUIC_UINT62_MAX) uint64_t QUIC_UINT62;
 //
 #define QUIC_MAX_RESUMPTION_APP_DATA_LENGTH     1000
 
+typedef enum QUIC_TLS_PROVIDER {
+    QUIC_TLS_PROVIDER_SCHANNEL                  = 0x0000,
+    QUIC_TLS_PROVIDER_OPENSSL                   = 0x0001,
+} QUIC_TLS_PROVIDER;
+
 typedef enum QUIC_EXECUTION_PROFILE {
     QUIC_EXECUTION_PROFILE_LOW_LATENCY,         // Default
     QUIC_EXECUTION_PROFILE_TYPE_MAX_THROUGHPUT,
@@ -710,6 +715,7 @@ void
 #endif
 #define QUIC_PARAM_GLOBAL_LIBRARY_GIT_HASH              0x01000008  // char[64]
 #define QUIC_PARAM_GLOBAL_DATAPATH_PROCESSORS           0x01000009  // uint16_t[]
+#define QUIC_PARAM_GLOBAL_TLS_PROVIDER                  0x0100000A  // QUIC_TLS_PROVIDER
 
 //
 // Parameters for Registration.

diff --git a/src/inc/quic_tls.h b/src/inc/quic_tls.h
@@ -341,6 +341,15 @@ void
 
 typedef CXPLAT_SEC_CONFIG_CREATE_COMPLETE *CXPLAT_SEC_CONFIG_CREATE_COMPLETE_HANDLER;
 
+//
+// Returns the type of TLS provider in use.
+//
+_IRQL_requires_max_(DISPATCH_LEVEL)
+QUIC_TLS_PROVIDER
+CxPlatTlsGetProvider(
+    void
+    );
+
 //
 // Creates a new TLS security configuration.
 //

diff --git a/src/lib.rs b/src/lib.rs
@@ -126,6 +126,11 @@ impl Status {
     }
 }
 
+/// The different possible TLS providers used by MsQuic.
+pub type TlsProvider = u32;
+pub const TLS_PROVIDER_SCHANNEL: TlsProvider = 0;
+pub const TLS_PROVIDER_OPENSSL : TlsProvider = 1;
+
 /// Configures how to process a registration's workload.
 pub type ExecutionProfile = u32;
 pub const EXECUTION_PROFILE_LOW_LATENCY: ExecutionProfile = 0;
@@ -669,6 +674,8 @@ pub const PARAM_GLOBAL_SETTINGS: u32 = 0x01000005;
 pub const PARAM_GLOBAL_GLOBAL_SETTINGS: u32 = 0x01000006;
 pub const PARAM_GLOBAL_VERSION_SETTINGS: u32 = 0x01000007;
 pub const PARAM_GLOBAL_LIBRARY_GIT_HASH: u32 = 0x01000008;
+pub const PARAM_GLOBAL_DATAPATH_PROCESSORS: u32 = 0x01000009;
+pub const PARAM_GLOBAL_TLS_PROVIDER: u32 = 0x0100000A;
 
 pub const PARAM_CONFIGURATION_SETTINGS: u32 = 0x03000000;
 pub const PARAM_CONFIGURATION_TICKET_KEYS: u32 = 0x03000001;

diff --git a/src/platform/tls_openssl.c b/src/platform/tls_openssl.c
@@ -290,7 +290,7 @@ CxPlatTlsCertificateVerifyCallback(
                (TlsContext->SecConfig->Flags & QUIC_CREDENTIAL_FLAG_USE_PORTABLE_CERTIFICATES)) {
         //
         // We need to get certificates provided by peer if we going to pass them via Callbacks.CertificateReceived.
-        // We don't really care about validation status but without calling X509_verify_cert() x509_ctx has 
+        // We don't really care about validation status but without calling X509_verify_cert() x509_ctx has
         // no certificates attached to it and that impacts validation of custom certificate chains.
         //
         // OpenSSL 3 has X509_build_chain() to build just the chain.
@@ -927,6 +927,15 @@ CXPLAT_STATIC_ASSERT(
     FIELD_OFFSET(QUIC_CERTIFICATE_FILE, CertificateFile) == FIELD_OFFSET(QUIC_CERTIFICATE_FILE_PROTECTED, CertificateFile),
     "Mismatch (certificate file) in certificate file structs");
 
+_IRQL_requires_max_(DISPATCH_LEVEL)
+QUIC_TLS_PROVIDER
+CxPlatTlsGetProvider(
+    void
+    )
+{
+    return QUIC_TLS_PROVIDER_OPENSSL;
+}
+
 _IRQL_requires_max_(PASSIVE_LEVEL)
 QUIC_STATUS
 CxPlatTlsSecConfigCreate(

diff --git a/src/platform/tls_schannel.c b/src/platform/tls_schannel.c
@@ -919,6 +919,15 @@ CxPlatTlsAchWorker(
 
 #endif
 
+_IRQL_requires_max_(DISPATCH_LEVEL)
+QUIC_TLS_PROVIDER
+CxPlatTlsGetProvider(
+    void
+    )
+{
+    return QUIC_TLS_PROVIDER_SCHANNEL;
+}
+
 _IRQL_requires_max_(PASSIVE_LEVEL)
 QUIC_STATUS
 CxPlatTlsSecConfigCreate(

diff --git a/src/test/lib/ApiTest.cpp b/src/test/lib/ApiTest.cpp
@@ -23,6 +23,24 @@ void QuicTestValidateApi()
         MsQuicOpen2(nullptr));
 
     MsQuicClose(nullptr);
+
+    // TODO - Move these into GetParam/SetParam tests
+    QUIC_TLS_PROVIDER TlsProvider;
+    uint32_t BufferLength = sizeof(TlsProvider);
+    TEST_QUIC_SUCCEEDED(
+        MsQuic->GetParam(
+            nullptr,
+            QUIC_PARAM_GLOBAL_TLS_PROVIDER,
+            &BufferLength,
+            &TlsProvider));
+
+    TEST_EQUAL(
+        MsQuic->SetParam(
+            nullptr,
+            QUIC_PARAM_GLOBAL_TLS_PROVIDER,
+            BufferLength,
+            &TlsProvider),
+        QUIC_STATUS_INVALID_PARAMETER);
 }
 
 void QuicTestValidateRegistration()