include/internal/quic_tls.h

   1 /*
   2  * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
   3  *
   4  * Licensed under the Apache License 2.0 (the "License").  You may not use
   5  * this file except in compliance with the License.  You can obtain a copy
   6  * in the file LICENSE in the source distribution or at
   7  * https://www.openssl.org/source/license.html
   8  */
   9
  10 #ifndef OSSL_QUIC_TLS_H
  11 # define OSSL_QUIC_TLS_H
  12
  13 # include <openssl/ssl.h>
  14 # include "internal/quic_stream.h"
  15
  16
  17 typedef struct quic_tls_st QUIC_TLS;
  18
  19 typedef struct quic_tls_args_st {
  20     /*
  21      * The "inner" SSL object for the QUIC Connection. Contains an
  22      * SSL_CONNECTION
  23      */
  24     SSL *s;
  25
  26     /*
  27      * Called to send data on the crypto stream. We use a callback rather than
  28      * passing the crypto stream QUIC_SSTREAM directly because this lets the CSM
  29      * dynamically select the correct outgoing crypto stream based on the
  30      * current EL.
  31      */
  32     int (*crypto_send_cb)(const unsigned char *buf, size_t buf_len,
  33                           size_t *consumed, void *arg);
  34     void *crypto_send_cb_arg;
  35
  36     /*
  37      * Call to receive crypto stream data. A pointer to the underlying buffer
  38      * is provided, and subsequently released to avoid unnecessary copying of
  39      * data.
  40      */
  41     int (*crypto_recv_rcd_cb)(const unsigned char **buf, size_t *bytes_read,
  42                               void *arg);
  43     void *crypto_recv_rcd_cb_arg;
  44     int (*crypto_release_rcd_cb)(size_t bytes_read, void *arg);
  45     void *crypto_release_rcd_cb_arg;
  46
  47
  48     /* Called when a traffic secret is available for a given encryption level. */
  49     int (*yield_secret_cb)(uint32_t enc_level, int direction /* 0=RX, 1=TX */,
  50                            uint32_t suite_id, EVP_MD *md,
  51                            const unsigned char *secret, size_t secret_len,
  52                            void *arg);
  53     void *yield_secret_cb_arg;
  54
  55     /*
  56      * Called when we receive transport parameters from the peer.
  57      *
  58      * Note: These parameters are not authenticated until the handshake is
  59      * marked as completed.
  60      */
  61     int (*got_transport_params_cb)(const unsigned char *params,
  62                                    size_t params_len,
  63                                    void *arg);
  64     void *got_transport_params_cb_arg;
  65
  66     /*
  67      * Called when the handshake has been completed as far as the handshake
  68      * protocol is concerned, meaning that the connection has been
  69      * authenticated.
  70      */
  71     int (*handshake_complete_cb)(void *arg);
  72     void *handshake_complete_cb_arg;
  73
  74     /*
  75      * Called when something has gone wrong with the connection as far as the
  76      * handshake layer is concerned, meaning that it should be immediately torn
  77      * down. Note that this may happen at any time, including after a connection
  78      * has been fully established.
  79      */
  80     int (*alert_cb)(void *arg, unsigned char alert_code);
  81     void *alert_cb_arg;
  82
  83     /* Set to 1 if we are running in the server role. */
  84     int is_server;
  85 } QUIC_TLS_ARGS;
  86
  87 QUIC_TLS *ossl_quic_tls_new(const QUIC_TLS_ARGS *args);
  88
  89 void ossl_quic_tls_free(QUIC_TLS *qtls);
  90
  91 /* Advance the state machine */
  92 int ossl_quic_tls_tick(QUIC_TLS *qtls);
  93
  94 int ossl_quic_tls_set_transport_params(QUIC_TLS *qtls,
  95                                        const unsigned char *transport_params,
  96                                        size_t transport_params_len);
  97
  98 int ossl_quic_tls_get_error(QUIC_TLS *qtls,
  99                             uint64_t *error_code,
 100                             const char **error_msg);
 101
 102 #endif