Add an initial QUIC-TLS implementation

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19748)

1 files changed, 88 insertions, 0 deletions

diff --git a/include/internal/quic_tls.h b/include/internal/quic_tls.h
new file mode 100644
index 0000000000..2d6007e79f
--- /dev/null
+++ b/include/internal/quic_tls.h
@@ -0,0 +1,88 @@
+/*
+ * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_QUIC_TLS_H
+# define OSSL_QUIC_TLS_H
+
+# include <openssl/ssl.h>
+# include "internal/quic_stream.h"
+
+
+typedef struct quic_tls_st QUIC_TLS;
+
+typedef struct quic_tls_args_st {
+    /*
+     * The "inner" SSL object for the QUIC Connection. Contains an
+     * SSL_CONNECTION
+     */
+    SSL *s;
+
+    /*
+     * Called to send data on the crypto stream. We use a callback rather than
+     * passing the crypto stream QUIC_SSTREAM directly because this lets the CSM
+     * dynamically select the correct outgoing crypto stream based on the
+     * current EL.
+     */
+    int (*crypto_send_cb)(const unsigned char *buf, size_t buf_len,
+                          size_t *consumed, void *arg);
+    void *crypto_send_cb_arg;
+    int (*crypto_recv_cb)(unsigned char *buf, size_t buf_len,
+                          size_t *bytes_read, void *arg);
+    void *crypto_recv_cb_arg;
+
+    /* Called when a traffic secret is available for a given encryption level. */
+    int (*yield_secret_cb)(uint32_t enc_level, int direction /* 0=RX, 1=TX */,
+                           uint32_t suite_id, EVP_MD *md,
+                           const unsigned char *secret, size_t secret_len,
+                           void *arg);
+    void *yield_secret_cb_arg;
+
+    /*
+     * Called when we receive transport parameters from the peer.
+     *
+     * Note: These parameters are not authenticated until the handshake is
+     * marked as completed.
+     */
+    int (*got_transport_params_cb)(const unsigned char *params,
+                                   size_t params_len,
+                                   void *arg);
+    void *got_transport_params_cb_arg;
+
+    /*
+     * Called when the handshake has been completed as far as the handshake
+     * protocol is concerned, meaning that the connection has been
+     * authenticated.
+     */
+    int (*handshake_complete_cb)(void *arg);
+    void *handshake_complete_cb_arg;
+
+    /*
+     * Called when something has gone wrong with the connection as far as the
+     * handshake layer is concerned, meaning that it should be immediately torn
+     * down. Note that this may happen at any time, including after a connection
+     * has been fully established.
+     */
+    int (*alert_cb)(void *arg, unsigned char alert_code);
+    void *alert_cb_arg;
+
+    /* Set to 1 if we are running in the server role. */
+    int is_server;
+} QUIC_TLS_ARGS;
+
+QUIC_TLS *ossl_quic_tls_new(const QUIC_TLS_ARGS *args);
+
+void ossl_quic_tls_free(QUIC_TLS *qtls);
+
+/* Advance the state machine */
+int ossl_quic_tls_tick(QUIC_TLS *qtls);
+
+int ossl_quic_tls_set_transport_params(QUIC_TLS *qtls,
+                                       const unsigned char *transport_params,
+                                       size_t transport_params_len);
+#endif