TLS curve/group name logging for Ticket Resumption

This applies to the cqssu (curve) and cqssg (group name) TLS log fields.

This does two things:

* Updates server session caching logic to provide the TLS group name on
  resumption.
* Updates the logging of the curve and group name for ticket resumption
  logic so that the TLS curve and group names are properly retrieved
  from the SSL object. For ticket resumption, there is no curve/group
  name stored to retrieve. It is properly retrieved from the SSL object.

Before this change: (1) the SSL group was always retrieved from the SSL
object when it should have been retrieved from the server session cache
ex_data for session cache resumption and (2) the curve value for cqssu
was alway "-" for TLS ticket resumption because there was no cached
value to retrieve like there is with server session caching.

Fixes: #12398

Author: bneradt

include/iocore/net/TLSBasicSupport.h

@@ -25,6 +25,7 @@
 #pragma once
 
 #include <string>
+#include <string_view>
 
 #include <openssl/ssl.h>
 
@@ -43,13 +44,13 @@ class TLSBasicSupport
   static void             bind(SSL *ssl, TLSBasicSupport *srs);
   static void             unbind(SSL *ssl);
 
-  TLSHandle   get_tls_handle() const;
-  const char *get_tls_protocol_name() const;
-  const char *get_tls_cipher_suite() const;
-  const char *get_tls_curve() const;
-  const char *get_tls_group() const;
-  ink_hrtime  get_tls_handshake_begin_time() const;
-  ink_hrtime  get_tls_handshake_end_time() const;
+  TLSHandle        get_tls_handle() const;
+  const char      *get_tls_protocol_name() const;
+  const char      *get_tls_cipher_suite() const;
+  const char      *get_tls_curve() const;
+  std::string_view get_tls_group() const;
+  ink_hrtime       get_tls_handshake_begin_time() const;
+  ink_hrtime       get_tls_handshake_end_time() const;
   /**
    * Returns a certificate that need to be verified.
    *
@@ -80,8 +81,9 @@ class TLSBasicSupport
 protected:
   void clear();
 
-  virtual SSL         *_get_ssl_object() const = 0;
-  virtual ssl_curve_id _get_tls_curve() const  = 0;
+  virtual SSL             *_get_ssl_object() const = 0;
+  virtual ssl_curve_id     _get_tls_curve() const  = 0;
+  virtual std::string_view _get_tls_group() const  = 0;
 
   void _record_tls_handshake_begin_time();
   void _record_tls_handshake_end_time();

include/iocore/net/TLSSessionResumptionSupport.h

@@ -1,7 +1,8 @@
 /** @file
 
   TLSSessionResumptionSupport implements common methods and members to
-  support TLS Ssssion Resumption
+  support TLS Ssssion Resumption, either via server session caching or
+  TLS session tickets.
 
   @section license License
 
@@ -25,6 +26,7 @@
 #pragma once
 
 #include <openssl/ssl.h>
+#include <string_view>
 
 #include "tscore/ink_inet.h"
 #include "iocore/net/SSLTypes.h"
@@ -36,36 +38,98 @@ class TLSSessionResumptionSupport
 public:
   virtual ~TLSSessionResumptionSupport() = default;
 
+  // ---------------------------------------------------------------------------
+  // Binding of the TLSSessionResumptionSupport object to the SSL object
+  // ---------------------------------------------------------------------------
+
   static void                         initialize();
   static TLSSessionResumptionSupport *getInstance(SSL *ssl);
   static void                         bind(SSL *ssl, TLSSessionResumptionSupport *srs);
   static void                         unbind(SSL *ssl);
 
+  // ---------------------------------------------------------------------------
+  // TLS Session Resumption Support Via Session Tickets
+  // ---------------------------------------------------------------------------
+
+  /** Handles TLS session ticket processing for session resumption.
+   *
+   * This function is called by OpenSSL to either encrypt (create) or decrypt (resume) a session ticket,
+   * depending on the value of the @p enc parameter. It selects the appropriate ticket key block based on
+   * the local endpoint and certificate context, and then either generates a new session ticket or attempts
+   * to decrypt and validate an existing one.
+   *
+   * @param[in]  ssl         The SSL connection object.
+   * @param[out] keyname     Buffer for the session ticket key name.
+   * @param[out] iv          Buffer for the initialization vector.
+   * @param[in,out] cipher_ctx  Cipher context for encryption/decryption.
+   * @param[in,out] hctx        HMAC or MAC context for integrity protection.
+   * @param[in]  enc         Indicates operation: 1 for encrypt (create ticket), 0 for decrypt (resume session).
+   * @return            1 on success, 0 if key not found, negative value on error, or 2 if ticket should be renewed.
+   */
 #ifdef HAVE_SSL_CTX_SET_TLSEXT_TICKET_KEY_EVP_CB
   int processSessionTicket(SSL *ssl, unsigned char *keyname, unsigned char *iv, EVP_CIPHER_CTX *cipher_ctx, EVP_MAC_CTX *hctx,
                            int enc);
 #else
   int processSessionTicket(SSL *ssl, unsigned char *keyname, unsigned char *iv, EVP_CIPHER_CTX *cipher_ctx, HMAC_CTX *hctx,
                            int enc);
 #endif
-  bool         getSSLSessionCacheHit() const;
-  bool         getSSLOriginSessionCacheHit() const;
-  ssl_curve_id getSSLCurveNID() const;
 
-  SSL_SESSION                 *getSession(SSL *ssl, const unsigned char *id, int len, int *copy);
+  // ---------------------------------------------------------------------------
+  // TLS Session Resumption Support Via Server Session Caching
+  // ---------------------------------------------------------------------------
+
+  /** Retrieves a cached SSL session from the session cache.
+   *
+   * This function is used to retrieve a cached SSL session from the session cache.
+   *
+   * @param[in]  ssl         The SSL connection object.
+   * @param[in]  id          The session ID to lookup.
+   * @param[in]  len         The length of the session ID.
+   * @param[out] copy        Pointer to an integer indicating if the session ID should be copied.
+   * @return                A pointer to the cached SSL session, or nullptr if not found.
+   */
+  SSL_SESSION *getSession(SSL *ssl, const unsigned char *id, int len, int *copy);
+
+  /**
+   * @brief Retrieves a cached SSL session from the origin session cache.
+   *
+   * This function is used to retrieve a cached SSL session from the origin session cache.
+   *
+   * @param[in]  lookup_key  The key to lookup the session in the cache.
+   * @return                A pointer to the cached SSL session, or nullptr if not found.
+   */
   std::shared_ptr<SSL_SESSION> getOriginSession(const std::string &lookup_key);
 
+  // ---------------------------------------------------------------------------
+  // Getters used for both ticket and session caching
+  // ---------------------------------------------------------------------------
+
+  bool             getIsResumedSSLSession() const;
+  bool             getIsResumedOriginSSLSession() const;
+  bool             getIsResumedFromSessionCache() const;
+  bool             getIsResumedFromSessionTicket() const;
+  ssl_curve_id     getSSLCurveNID() const;
+  std::string_view getSSLGroupName() const;
+
 protected:
   void                      clear();
   virtual const IpEndpoint &_getLocalEndpoint() = 0;
 
 private:
+  enum class ResumptionType {
+    NOT_RESUMED,
+    RESUMED_FROM_SESSION_CACHE,
+    RESUMED_FROM_SESSION_TICKET,
+  };
+
   static int _ex_data_index;
 
-  bool _sslSessionCacheHit       = false;
-  bool _sslOriginSessionCacheHit = false;
-  int  _sslCurveNID              = NID_undef;
+  ResumptionType _resumptionType         = ResumptionType::NOT_RESUMED;
+  bool           _isResumedOriginSession = false;
+  int            _sslCurveNID            = NID_undef;
+  std::string    _sslGroupName;
 
+private:
 #ifdef HAVE_SSL_CTX_SET_TLSEXT_TICKET_KEY_EVP_CB
   int _setSessionInformation(ssl_ticket_key_block *keyblock, unsigned char *keyname, unsigned char *iv, EVP_CIPHER_CTX *cipher_ctx,
                              EVP_MAC_CTX *hctx);
@@ -78,7 +142,8 @@ class TLSSessionResumptionSupport
                              EVP_CIPHER_CTX *cipher_ctx, HMAC_CTX *hctx);
 #endif
 
-  void _setSSLSessionCacheHit(bool state);
-  void _setSSLOriginSessionCacheHit(bool state);
-  void _setSSLCurveNID(ssl_curve_id curve_nid);
+  constexpr static bool IS_RESUMED_ORIGIN_SESSION = true;
+  void                  _setResumptionType(ResumptionType type, bool isOrigin);
+  void                  _setSSLCurveNID(ssl_curve_id curve_nid);
+  void                  _setSSLGroupName(std::string_view group_name);
 };

include/proxy/http/HttpUserAgent.h

@@ -169,8 +169,8 @@ HttpUserAgent::set_txn(ProxyTransaction *txn, TransactionMilestones &milestones)
       m_conn_info.curve = "-";
     }
 
-    if (auto group{tbs->get_tls_group()}; group) {
-      m_conn_info.security_group = group;
+    if (auto group{tbs->get_tls_group()}; !group.empty()) {
+      m_conn_info.security_group = group.data();
     } else {
       m_conn_info.security_group = "-";
     }
@@ -187,7 +187,7 @@ HttpUserAgent::set_txn(ProxyTransaction *txn, TransactionMilestones &milestones)
   }
 
   if (auto tsrs = netvc->get_service<TLSSessionResumptionSupport>()) {
-    m_conn_info.ssl_reused = tsrs->getSSLSessionCacheHit();
+    m_conn_info.ssl_reused = tsrs->getIsResumedSSLSession();
   }
 
   if (auto protocol_str{txn->get_protocol_string()}; protocol_str) {

src/api/InkAPI.cc

@@ -5436,7 +5436,7 @@ TSVConnIsSslReused(TSVConn sslp)
   NetVConnection    *vc     = reinterpret_cast<NetVConnection *>(sslp);
   SSLNetVConnection *ssl_vc = dynamic_cast<SSLNetVConnection *>(vc);
 
-  return ssl_vc ? ssl_vc->getSSLSessionCacheHit() : 0;
+  return ssl_vc ? ssl_vc->getIsResumedSSLSession() : 0;
 }
 
 const char *

src/iocore/net/P_QUICNetVConnection.h

@@ -157,9 +157,10 @@ class QUICNetVConnection : public UnixNetVConnection,
   bool _isReadyToTransferData() const override;
 
   // TLSBasicSupport
-  SSL         *_get_ssl_object() const override;
-  ssl_curve_id _get_tls_curve() const override;
-  int          _verify_certificate(X509_STORE_CTX *ctx) override;
+  SSL             *_get_ssl_object() const override;
+  ssl_curve_id     _get_tls_curve() const override;
+  std::string_view _get_tls_group() const override;
+  int              _verify_certificate(X509_STORE_CTX *ctx) override;
 
   // TLSSNISupport
   in_port_t _get_local_port() override;

src/iocore/net/P_SSLNetVConnection.h

@@ -319,8 +319,9 @@ class SSLNetVConnection : public UnixNetVConnection,
   {
     return this->ssl;
   }
-  ssl_curve_id _get_tls_curve() const override;
-  int          _verify_certificate(X509_STORE_CTX *ctx) override;
+  ssl_curve_id     _get_tls_curve() const override;
+  std::string_view _get_tls_group() const override;
+  int              _verify_certificate(X509_STORE_CTX *ctx) override;
 
   // TLSSessionResumptionSupport
   const IpEndpoint &

src/iocore/net/P_SSLUtils.h

@@ -36,9 +36,12 @@ class SSLNetVConnection;
 
 using ssl_error_t = int;
 
-// Return the SSL Curve ID associated to the specified SSL connection
+/// Return the SSL Curve ID associated with the specified SSL connection
 ssl_curve_id SSLGetCurveNID(SSL *ssl);
 
+/// Return the TLS Group Name associated with the specified SSL connection.
+std::string_view SSLGetGroupName(SSL *ssl);
+
 SSL_SESSION *SSLSessionDup(SSL_SESSION *sess);
 
 enum class SSLCertContextType;

src/iocore/net/QUICNetVConnection.cc

@@ -808,13 +808,29 @@ QUICNetVConnection::_get_ssl_object() const
 ssl_curve_id
 QUICNetVConnection::_get_tls_curve() const
 {
-  if (getSSLSessionCacheHit()) {
+  // For resumed server side session caching, we have to retrieve the curve/group
+  // from our stored data. For non-resumed sessions or from ticket based resumption,
+  // simply query the SSL object.
+  if (getIsResumedFromSessionCache()) {
     return getSSLCurveNID();
   } else {
     return SSLGetCurveNID(this->_ssl);
   }
 }
 
+std::string_view
+QUICNetVConnection::_get_tls_group() const
+{
+  // For resumed server side session caching, we have to retrieve the curve/group
+  // from our stored data. For non-resumed sessions or from ticket based resumption,
+  // simply query the SSL object.
+  if (getIsResumedFromSessionCache()) {
+    return getSSLGroupName();
+  } else {
+    return SSLGetGroupName(this->_ssl);
+  }
+}
+
 int
 QUICNetVConnection::_verify_certificate(X509_STORE_CTX * /* ctx ATS_UNUSED */)
 {

src/iocore/net/SSLNetVConnection.cc

@@ -2055,13 +2055,29 @@ SSLNetVConnection::_migrateFromSSL()
 ssl_curve_id
 SSLNetVConnection::_get_tls_curve() const
 {
-  if (getSSLSessionCacheHit()) {
+  // For resumed server side session caching, we have to retrieve the curve/group
+  // from our stored data. For non-resumed sessions or from ticket based resumption,
+  // simply query the SSL object.
+  if (getIsResumedFromSessionCache()) {
     return getSSLCurveNID();
   } else {
     return SSLGetCurveNID(ssl);
   }
 }
 
+std::string_view
+SSLNetVConnection::_get_tls_group() const
+{
+  // For resumed server side session caching, we have to retrieve the curve/group
+  // from our stored data. For non-resumed sessions or from ticket based resumption,
+  // simply query the SSL object.
+  if (getIsResumedFromSessionCache()) {
+    return getSSLGroupName();
+  } else {
+    return SSLGetGroupName(ssl);
+  }
+}
+
 int
 SSLNetVConnection::_verify_certificate(X509_STORE_CTX * /* ctx ATS_UNUSED */)
 {

src/iocore/net/SSLSessionCache.cc

@@ -174,6 +174,14 @@ SSLSessionBucket::insertSession(const SSLSessionID &id, SSL_SESSION *sess, SSL *
   // This could be moved to a function in charge of populating exdata
   exdata->curve = (ssl == nullptr) ? 0 : SSLGetCurveNID(ssl);
 
+  if (ssl == nullptr) {
+    exdata->group_name[0] = '\0';
+  } else {
+    std::string_view group_name = SSLGetGroupName(ssl);
+    ink_release_assert(group_name.size() < sizeof(exdata->group_name));
+    strcpy(exdata->group_name, group_name.data());
+  }
+
   std::unique_ptr<SSLSession> ssl_session(new SSLSession(id, buf, len, buf_exdata));
 
   std::unique_lock w_lock(mutex, std::try_to_lock);
@@ -352,9 +360,11 @@ SSLOriginSessionCache::insert_session(const std::string &lookup_key, SSL_SESSION
 
   Dbg(dbg_ctl_ssl_origin_session_cache, "insert session: %s = %p", lookup_key.c_str(), sess_ptr);
 
-  ssl_curve_id                      curve = (ssl == nullptr) ? 0 : SSLGetCurveNID(ssl);
+  ssl_curve_id curve      = (ssl == nullptr) ? 0 : SSLGetCurveNID(ssl);
+  std::string  group_name = (ssl == nullptr) ? "" : std::string{SSLGetGroupName(ssl)};
+
   std::unique_ptr<SSLOriginSession> ssl_orig_session(
-    new SSLOriginSession(lookup_key, curve, std::shared_ptr<SSL_SESSION>{sess_ptr, SSLSessDeleter}));
+    new SSLOriginSession(lookup_key, curve, group_name, std::shared_ptr<SSL_SESSION>{sess_ptr, SSLSessDeleter}));
   auto new_node = ssl_orig_session.release();
 
   std::unique_lock lock(mutex);
@@ -376,7 +386,7 @@ SSLOriginSessionCache::insert_session(const std::string &lookup_key, SSL_SESSION
 }
 
 std::shared_ptr<SSL_SESSION>
-SSLOriginSessionCache::get_session(const std::string &lookup_key, ssl_curve_id *curve)
+SSLOriginSessionCache::get_session(const std::string &lookup_key, ssl_curve_id *curve, std::string &group_name)
 {
   Dbg(dbg_ctl_ssl_origin_session_cache, "get session: %s", lookup_key.c_str());
 
@@ -390,6 +400,8 @@ SSLOriginSessionCache::get_session(const std::string &lookup_key, ssl_curve_id *
     *curve = entry->second->curve_id;
   }
 
+  group_name = entry->second->group_name;
+
   return entry->second->shared_sess;
 }