From 19863d497dd1f74099998d4e5788d270de6423d6 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Fri, 18 Nov 2022 12:38:38 +0000 Subject: Add an initial QUIC-TLS implementation Reviewed-by: Hugo Landau Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19748) --- include/internal/quic_tls.h | 88 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 88 insertions(+) create mode 100644 include/internal/quic_tls.h (limited to 'include/internal/quic_tls.h') diff --git a/include/internal/quic_tls.h b/include/internal/quic_tls.h new file mode 100644 index 0000000000..2d6007e79f --- /dev/null +++ b/include/internal/quic_tls.h @@ -0,0 +1,88 @@ +/* + * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_QUIC_TLS_H +# define OSSL_QUIC_TLS_H + +# include +# include "internal/quic_stream.h" + + +typedef struct quic_tls_st QUIC_TLS; + +typedef struct quic_tls_args_st { + /* + * The "inner" SSL object for the QUIC Connection. Contains an + * SSL_CONNECTION + */ + SSL *s; + + /* + * Called to send data on the crypto stream. We use a callback rather than + * passing the crypto stream QUIC_SSTREAM directly because this lets the CSM + * dynamically select the correct outgoing crypto stream based on the + * current EL. + */ + int (*crypto_send_cb)(const unsigned char *buf, size_t buf_len, + size_t *consumed, void *arg); + void *crypto_send_cb_arg; + int (*crypto_recv_cb)(unsigned char *buf, size_t buf_len, + size_t *bytes_read, void *arg); + void *crypto_recv_cb_arg; + + /* Called when a traffic secret is available for a given encryption level. */ + int (*yield_secret_cb)(uint32_t enc_level, int direction /* 0=RX, 1=TX */, + uint32_t suite_id, EVP_MD *md, + const unsigned char *secret, size_t secret_len, + void *arg); + void *yield_secret_cb_arg; + + /* + * Called when we receive transport parameters from the peer. + * + * Note: These parameters are not authenticated until the handshake is + * marked as completed. + */ + int (*got_transport_params_cb)(const unsigned char *params, + size_t params_len, + void *arg); + void *got_transport_params_cb_arg; + + /* + * Called when the handshake has been completed as far as the handshake + * protocol is concerned, meaning that the connection has been + * authenticated. + */ + int (*handshake_complete_cb)(void *arg); + void *handshake_complete_cb_arg; + + /* + * Called when something has gone wrong with the connection as far as the + * handshake layer is concerned, meaning that it should be immediately torn + * down. Note that this may happen at any time, including after a connection + * has been fully established. + */ + int (*alert_cb)(void *arg, unsigned char alert_code); + void *alert_cb_arg; + + /* Set to 1 if we are running in the server role. */ + int is_server; +} QUIC_TLS_ARGS; + +QUIC_TLS *ossl_quic_tls_new(const QUIC_TLS_ARGS *args); + +void ossl_quic_tls_free(QUIC_TLS *qtls); + +/* Advance the state machine */ +int ossl_quic_tls_tick(QUIC_TLS *qtls); + +int ossl_quic_tls_set_transport_params(QUIC_TLS *qtls, + const unsigned char *transport_params, + size_t transport_params_len); +#endif -- cgit v1.2.3