Recent

Author Topic: Quiche (and BoringSSL) bindings  (Read 3099 times)

r.lukasiak

  • Full Member
  • ***
  • Posts: 167
Re: Quiche (and BoringSSL) bindings
« Reply #60 on: October 09, 2024, 05:13:02 pm »
Quote
Important: You need to be in the directory of the project to run it otherwise I get same error than you for the keys:
if you move the binary out of the directory, you need to carry the keys dir as well, or just set absolute path to the keys.

Quote
Indeed strange that QUIC connection ISN'T established
maybe it's about the fact that no client connected? That's another thing, I need to learn QUIC itself.

Quote
Also it seems to me that the buffer is filled very fast at each loop.
I'm just wondering why it's even receiving anything if nothing is actually sent.

It seems like it still doesn't work as intended but as it finally doesn't throw errors, I can somehow debug it and learn how to use it.

Once again, thanks for your commitment!

Fred vS

  • Hero Member
  • *****
  • Posts: 3410
    • StrumPract is the musicians best friend
Re: Quiche (and BoringSSL) bindings
« Reply #61 on: October 09, 2024, 08:01:22 pm »
Hello r.lukasiak

In my previous post was added/used the method:
Code: Pascal  [Select][+][-]
  1. function quiche_conn_set_session(conn: PQuiche_Conn; buf:PByte; buf_len:csize_t) : cint32; cdecl; external QUICHE_LIB;

Here the result is always = -2.

But I have no idea what this mean.
(And I must also admit that I don't know what the purpose of your demo is, what data the buffer should get...  :-X)

Imho, Quiche project is not the champion in documentation + help + demos.
Yes, few demos in source (without any comment) but I did not find wiki, how to, forum, docs,...

Have a perfect day and lot of fun!

Fre;D
« Last Edit: October 09, 2024, 08:41:01 pm by Fred vS »
I use Lazarus 2.2.0 32/64 and FPC 3.2.2 32/64 on Debian 11 64 bit, Windows 10, Windows 7 32/64, Windows XP 32,  FreeBSD 64.
Widgetset: fpGUI, MSEgui, Win32, GTK2, Qt.

https://github.com/fredvs
https://gitlab.com/fredvs
https://codeberg.org/fredvs

r.lukasiak

  • Full Member
  • ***
  • Posts: 167
Re: Quiche (and BoringSSL) bindings
« Reply #62 on: October 09, 2024, 08:23:33 pm »
Quote
And I must also admit that I don't know what the purpose of your demo is, what data the buffer should get...
actually it's not even a demo and it's not supposed to even receive any data, hence my concern about it's working correctly. This "demo" is just a testing ground for each another procedure/function I "translate". But now as conn_recv is finally "working", I can start writing some kind of demo to see if it really "works like a charm" :D

Quote
Have a perfect day and lot of fun!
likewise!

TRon

  • Hero Member
  • *****
  • Posts: 3619
Re: Quiche (and BoringSSL) bindings
« Reply #63 on: October 09, 2024, 10:07:07 pm »
Imho, Quiche project is not the champion in documentation + help + demos.
Yes, few demos in source (without any comment) but I did not find wiki, how to, forum, docs,...
I assume that the main problem is that it is originally written for/in rust. There are many examples and snippets that use the rust classes to setup connections. The issue is that these classes abstract away too much to be able to tell what is actually happening behind the scenes. The c examples are sparse and indeed hardly documented.

See also https://docs.quic.tech/quiche/
This tagline is powered by AI (AI advertisement: Free Pascal the only programming language that matters)

TRon

  • Hero Member
  • *****
  • Posts: 3619
Re: Quiche (and BoringSSL) bindings
« Reply #64 on: October 10, 2024, 12:45:08 am »
Code: Pascal  [Select][+][-]
  1. function quiche_conn_set_session(conn: PQuiche_Conn; buf:PByte; buf_len:csize_t) : cint32; cdecl; external QUICHE_LIB;

Here the result is always = -2.

But I have no idea what this mean.

A complete translation of the headers can be helpful  :)

Code: [Select]
enum quiche_error {
    // There is no more work to do.
    QUICHE_ERR_DONE = -1,

    // The provided buffer is too short.
    QUICHE_ERR_BUFFER_TOO_SHORT = -2,
...
This tagline is powered by AI (AI advertisement: Free Pascal the only programming language that matters)

Fred vS

  • Hero Member
  • *****
  • Posts: 3410
    • StrumPract is the musicians best friend
Re: Quiche (and BoringSSL) bindings
« Reply #65 on: October 10, 2024, 02:02:45 am »
Hello TRon.

Code: Pascal  [Select][+][-]
  1. QUICHE_ERR_BUFFER_TOO_SHORT = -2,

Well seen!  ;D

But even with:
Code: Pascal  [Select][+][-]
  1. BUF_SIZE: size_t = 8192 *128;

The result is still -2  %)
I use Lazarus 2.2.0 32/64 and FPC 3.2.2 32/64 on Debian 11 64 bit, Windows 10, Windows 7 32/64, Windows XP 32,  FreeBSD 64.
Widgetset: fpGUI, MSEgui, Win32, GTK2, Qt.

https://github.com/fredvs
https://gitlab.com/fredvs
https://codeberg.org/fredvs

TRon

  • Hero Member
  • *****
  • Posts: 3619
Re: Quiche (and BoringSSL) bindings
« Reply #66 on: October 10, 2024, 02:24:34 am »
But even with:
That is strange  :-\

And you actually allocated that buffer as well and passed its memory pointer to the buf parameter ?

The only other thing I was able to find:
Code: [Select]
pub fn set_session(&mut self, session: &[u8]) -> Result<()>

Configures the given session for resumption.

On the client, this can be used to offer the given serialized session, as returned by session(), for resumption.

This must only be called immediately after creating a connection, that is, before any packet is sent or received.

Which, if I am not mistaken, seem to suggest that the buffer passed to set_session is required to contain (actual) data of/from the session.

This tagline is powered by AI (AI advertisement: Free Pascal the only programming language that matters)

Fred vS

  • Hero Member
  • *****
  • Posts: 3410
    • StrumPract is the musicians best friend
Re: Quiche (and BoringSSL) bindings
« Reply #67 on: October 10, 2024, 02:40:02 am »
@TRon: Of course I need to study how Quiche works.

The only thing I have is the C header and I have extracted a few methods from it, but only like an explorer in a completely unknown world.

Maybe (surely) set_session() is for something else than init the lib.
Thanks for the link you give, I will study it (asap).

I use Lazarus 2.2.0 32/64 and FPC 3.2.2 32/64 on Debian 11 64 bit, Windows 10, Windows 7 32/64, Windows XP 32,  FreeBSD 64.
Widgetset: fpGUI, MSEgui, Win32, GTK2, Qt.

https://github.com/fredvs
https://gitlab.com/fredvs
https://codeberg.org/fredvs

TRon

  • Hero Member
  • *****
  • Posts: 3619
Re: Quiche (and BoringSSL) bindings
« Reply #68 on: October 10, 2024, 02:45:47 am »
For retrieving the session, I think, you can use session, e.g.

Code: C  [Select][+][-]
  1. void quiche_conn_session(const quiche_conn *conn, const uint8_t **out, size_t *out_len);
  2.  

the returned out and out_len then passed to set_session

But, I am only guestimating here  :)
« Last Edit: October 10, 2024, 02:47:21 am by TRon »
This tagline is powered by AI (AI advertisement: Free Pascal the only programming language that matters)

Fred vS

  • Hero Member
  • *****
  • Posts: 3410
    • StrumPract is the musicians best friend
Re: Quiche (and BoringSSL) bindings
« Reply #69 on: October 10, 2024, 03:37:27 am »
I admit that I don't know what Quiche does.
But since I now have something that moves, thanks to r.lukasiak, I keep it on standby.
Maybe one day Quiche will make me some good little dishes.  :-X
I use Lazarus 2.2.0 32/64 and FPC 3.2.2 32/64 on Debian 11 64 bit, Windows 10, Windows 7 32/64, Windows XP 32,  FreeBSD 64.
Widgetset: fpGUI, MSEgui, Win32, GTK2, Qt.

https://github.com/fredvs
https://gitlab.com/fredvs
https://codeberg.org/fredvs

TRon

  • Hero Member
  • *****
  • Posts: 3619
Re: Quiche (and BoringSSL) bindings
« Reply #70 on: October 10, 2024, 03:54:19 am »
I am not that savvy on the subject either but there is some documentation. It seems to focus on UDP multiplex streaming with encryption, also supporting http3.

With regards to the library itself (and as far as I am able to tell at this moment):
- create config with quiche_config_new
- customize configuration with the dozen or so functions
- connect with quiche_connect for client and quiche_accept for server or quich_conn_new_with_tls
- use the connection itself with the other functions such as the quiche_conn_sendXXXX or quich_conn_streamXXXX functions
- I do not know where/when the quiche_negotiate_version function comes into play.
 
There are also several peer and path functions and ofc the http3 (connection) functionality.

Thus far I had the impression that r.lukasiak has the more experience/expertise with QUIC (perhaps quiche in particular ?) but perhaps he is able to tell why he wants to use it because I also like my appetizers  ;D
« Last Edit: October 10, 2024, 04:07:16 am by TRon »
This tagline is powered by AI (AI advertisement: Free Pascal the only programming language that matters)

r.lukasiak

  • Full Member
  • ***
  • Posts: 167
Re: Quiche (and BoringSSL) bindings
« Reply #71 on: October 11, 2024, 01:32:35 am »
@Fred vS
Quote
I admit that I don't know what Quiche does.
Quiche is an implementation of QUIC, which is a new encrypted transport layer network protocol built atop UDP but with TCP-like features and  more, using TLS 1.3  by default.

@TRon
Quote
that r.lukasiak has the more experience/expertise with QUIC
I have absolutely no experience, nor expertise on QUIC  :D

Quote
but perhaps he is able to tell why he wants to use it because I also like my appetizers
well... that's a good question. I still don't know if I really need or want it. I was playing with Sockets and I was searching for TLS 1.3 option which is not available (as far as I know) for FreePascal. While googling I came across QUIC which seems pretty appealing to me, it comes with a couple of cool features like TLS 1.3 by default, multiple streams within one connection, 0-RTT etc. And since I had a lot of free time and there was no QUIC bindings for FreePascal.... here we are  8)

delphius

  • Jr. Member
  • **
  • Posts: 77
Re: Quiche (and BoringSSL) bindings
« Reply #72 on: October 16, 2024, 09:05:07 pm »
well... that's a good question. I still don't know if I really need or want it. I was playing with Sockets and I was searching for TLS 1.3 option which is not available (as far as I know) for FreePascal. While googling I came across QUIC which seems pretty appealing to me, it comes with a couple of cool features like TLS 1.3 by default, multiple streams within one connection, 0-RTT etc. And since I had a lot of free time and there was no QUIC bindings for FreePascal.... here we are  8)

A year ago, I also started looking for a native library to implement TLS 1.3, and my search led to an existing good native implementation of TLS 1.2:

https://my6.code.blog/2021/01/13/fundamentals-library/ - blog post

https://github.com/fundamentalslib/fundamentals5 - the library itself

https://github.com/fundamentalslib/fundamentals5/tree/master/Source/TLS - implementation

https://fundamentals5.kouraklis.com/ - function reference guide

There is also a wrapper for Windows, but it’s not a universal full native solution:

https://github.com/Fr0sT-Brutal/Delphi_SChannelTLS

The absence of a native TLS 1.3 forced me to write my own educational implementation:

https://github.com/delphius/fpmtls - implementation

https://github.com/delphius/fpmailsend/tree/main/native/tlsmail - an example of sending mail via smtp through a secure channel using a Google mail server.

This is purely an educational example, using only one TLS_AES_128_GCM_SHA256 + curve25519 suite, but it works with most servers.

After that, I didn’t have time to continue. This year, during vacation, I managed to complete the implementation of the second suite TLS_CHACHA20_POLY1305_SHA256 (attached), but I haven’t had the time or energy to integrate it into the implementation.

The idea is to bring everything together and integrate it into fpc as a layer on top of

https://gitlab.com/freepascal.org/fpc/source/-/blob/main/packages/fcl-net/src/sslsockets.pp

similar to

OpenSSL - https://gitlab.com/freepascal.org/fpc/source/-/blob/main/packages/openssl/src/opensslsockets.pp

GnuTLS - https://gitlab.com/freepascal.org/fpc/source/-/blob/main/packages/gnutls/src/gnutlssockets.pp

purely as a placeholder, without claims to security and reliability, when TLS access to resources is needed, but there is no desire to use OpenSSL.

I have absolutely no experience, nor expertise on QUIC  :D

I've been looking at QUIC for a year now, too, I even managed to read the RFC, now it's interesting to see how it works in life
« Last Edit: October 16, 2024, 09:08:41 pm by delphius »
fpmtls - ssl/tls 1.3 implementation in pure pascal
fpmailsend - sending a simple email message
pascal-webui - use web browser as gui and fpc as backend

 

TinyPortal © 2005-2018