ssl/quic/quic_local.h

   1 /*
   2  * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
   3  *
   4  * Licensed under the Apache License 2.0 (the "License").  You may not use
   5  * this file except in compliance with the License.  You can obtain a copy
   6  * in the file LICENSE in the source distribution or at
   7  * https://www.openssl.org/source/license.html
   8  */
   9
  10 #ifndef OSSL_QUIC_LOCAL_H
  11 # define OSSL_QUIC_LOCAL_H
  12
  13 # include <openssl/ssl.h>
  14 # include "internal/quic_ssl.h"       /* QUIC_CONNECTION */
  15 # include "internal/quic_txp.h"
  16 # include "internal/quic_statm.h"
  17 # include "internal/quic_demux.h"
  18 # include "internal/quic_record_rx.h"
  19 # include "internal/quic_dummy_handshake.h"
  20 # include "internal/quic_fc.h"
  21 # include "internal/quic_stream.h"
  22 # include "internal/quic_channel.h"
  23 # include "internal/quic_reactor.h"
  24 # include "../ssl_local.h"
  25
  26 # ifndef OPENSSL_NO_QUIC
  27
  28 struct quic_conn_st {
  29     /*
  30      * ssl_st is a common header for ordinary SSL objects, QUIC connection
  31      * objects and QUIC stream objects, allowing objects of these different
  32      * types to be disambiguated at runtime and providing some common fields.
  33      *
  34      * Note: This must come first in the QUIC_CONNECTION structure.
  35      */
  36     struct ssl_st                   ssl;
  37
  38     SSL                             *tls;
  39
  40     /*
  41      * The QUIC channel providing the core QUIC connection implementation. Note
  42      * that this is not instantiated until we actually start trying to do the
  43      * handshake. This is to allow us to gather information like whether we are
  44      * going to be in client or server mode before committing to instantiating
  45      * the channel, since we want to determine the channel arguments based on
  46      * that.
  47      *
  48      * The channel remains available after connection termination until the SSL
  49      * object is freed, thus (ch != NULL) iff (started == 1).
  50      */
  51     QUIC_CHANNEL                    *ch;
  52
  53     /* Our single bidirectional application data stream. */
  54     QUIC_STREAM                     *stream0;
  55
  56     /* The network read and write BIOs. */
  57     BIO                             *net_rbio, *net_wbio;
  58
  59     /* Initial peer L4 address. */
  60     BIO_ADDR                        init_peer_addr;
  61
  62     /* Have we started? */
  63     unsigned int                    started                 : 1;
  64
  65     /* Are we in blocking mode? */
  66     unsigned int                    blocking                : 1;
  67
  68     /* Can the read and write network BIOs support blocking? */
  69     unsigned int                    can_poll_net_rbio       : 1;
  70     unsigned int                    can_poll_net_wbio       : 1;
  71
  72     /*
  73      * Has the application called SSL_set_accept_state? We do not support this
  74      * but track it here so we can reject a subsequent handshake call.
  75      */
  76     unsigned int                    as_server               : 1;
  77
  78     /*
  79      * This state tracks SSL_write all-or-nothing (AON) write semantics
  80      * emulation.
  81      *
  82      * Example chronology:
  83      *
  84      *   t=0:  aon_write_in_progress=0
  85      *   t=1:  SSL_write(ssl, b1, l1) called;
  86      *         too big to enqueue into sstream at once, SSL_ERROR_WANT_WRITE;
  87      *         aon_write_in_progress=1; aon_buf_base=b1; aon_buf_len=l1;
  88      *         aon_buf_pos < l1 (depends on how much room was in sstream);
  89      *   t=2:  SSL_write(ssl, b2, l2);
  90      *         b2 must equal b1 (validated unless ACCEPT_MOVING_WRITE_BUFFER)
  91      *         l2 must equal l1 (always validated)
  92      *         append into sstream from [b2 + aon_buf_pos, b2 + aon_buf_len)
  93      *         if done, aon_write_in_progess=0
  94      *
  95      */
  96     /* Is an AON write in progress? */
  97     unsigned int                    aon_write_in_progress   : 1;
  98     /*
  99      * The base buffer pointer the caller passed us for the initial AON write
 100      * call. We use this for validation purposes unless
 101      * ACCEPT_MOVING_WRITE_BUFFER is enabled.
 102      *
 103      * NOTE: We never dereference this, as the caller might pass a different
 104      * (but identical) buffer if using ACCEPT_MOVING_WRITE_BUFFER. It is for
 105      * validation by pointer comparison only.
 106      */
 107     const unsigned char             *aon_buf_base;
 108     /* The total length of the AON buffer being sent, in bytes. */
 109     size_t                          aon_buf_len;
 110     /*
 111      * The position in the AON buffer up to which we have successfully sent data
 112      * so far.
 113      */
 114     size_t                          aon_buf_pos;
 115
 116     /* SSL_set_mode */
 117     uint32_t                        ssl_mode;
 118
 119     /*
 120      * Last 'normal' error during an app-level I/O operation, used by
 121      * SSL_get_error(); used to track data-path errors like SSL_ERROR_WANT_READ
 122      * and SSL_ERROR_WANT_WRITE.
 123      */
 124     int                             last_error;
 125 };
 126
 127 /* Internal calls to the QUIC CSM which come from various places. */
 128 int ossl_quic_conn_on_handshake_confirmed(QUIC_CONNECTION *qc);
 129
 130 /*
 131  * To be called when a protocol violation occurs. The connection is torn down
 132  * with the given error code, which should be a QUIC_ERR_* value. Reason string
 133  * is optional and copied if provided. frame_type should be 0 if not applicable.
 134  */
 135 void ossl_quic_conn_raise_protocol_error(QUIC_CONNECTION *qc,
 136                                          uint64_t error_code,
 137                                          uint64_t frame_type,
 138                                          const char *reason);
 139
 140 void ossl_quic_conn_on_remote_conn_close(QUIC_CONNECTION *qc,
 141                                          OSSL_QUIC_FRAME_CONN_CLOSE *f);
 142
 143 #  define OSSL_QUIC_ANY_VERSION 0xFFFFF
 144
 145 #  define QUIC_CONNECTION_FROM_SSL_int(ssl, c)   \
 146      ((ssl) == NULL ? NULL                       \
 147       : ((ssl)->type == SSL_TYPE_QUIC_CONNECTION \
 148          ? (c QUIC_CONNECTION *)(ssl)            \
 149          : NULL))
 150
 151 #  define QUIC_STREAM_FROM_SSL_int(ssl, c)       \
 152      ((ssl) == NULL ? NULL                       \
 153       : ((ssl)->type == SSL_TYPE_QUIC_CONNECTION \
 154           || (ssl)->type == SSL_TYPE_QUIC_STREAM \
 155          ? (c QUIC_STREAM *)(ssl)                \
 156          : NULL))
 157
 158 #  define SSL_CONNECTION_FROM_QUIC_SSL_int(ssl, c)               \
 159      ((ssl) == NULL ? NULL                                       \
 160       : ((ssl)->type == SSL_TYPE_QUIC_CONNECTION                 \
 161          ? (c SSL_CONNECTION *)((c QUIC_CONNECTION *)(ssl))->tls \
 162          : NULL))
 163 # else
 164 #  define QUIC_CONNECTION_FROM_SSL_int(ssl, c) NULL
 165 #  define QUIC_STREAM_FROM_SSL_int(ssl, c) NULL
 166 #  define SSL_CONNECTION_FROM_QUIC_SSL_int(ssl, c) NULL
 167 # endif
 168
 169 # define QUIC_CONNECTION_FROM_SSL(ssl) \
 170     QUIC_CONNECTION_FROM_SSL_int(ssl, SSL_CONNECTION_NO_CONST)
 171 # define QUIC_CONNECTION_FROM_CONST_SSL(ssl) \
 172     QUIC_CONNECTION_FROM_SSL_int(ssl, const)
 173 # define QUIC_STREAM_FROM_SSL(ssl) \
 174     QUIC_STREAM_FROM_SSL_int(ssl, SSL_CONNECTION_NO_CONST)
 175 # define QUIC_STREAM_FROM_CONST_SSL(ssl) \
 176     QUIC_STREAM_FROM_SSL_int(ssl, const)
 177 # define SSL_CONNECTION_FROM_QUIC_SSL(ssl) \
 178     SSL_CONNECTION_FROM_QUIC_SSL_int(ssl, SSL_CONNECTION_NO_CONST)
 179 # define SSL_CONNECTION_FROM_CONST_QUIC_SSL(ssl) \
 180     SSL_CONNECTION_FROM_CONST_QUIC_SSL_int(ssl, const)
 181
 182 # define IMPLEMENT_quic_meth_func(version, func_name, q_accept, \
 183                                  q_connect, enc_data) \
 184 const SSL_METHOD *func_name(void)  \
 185         { \
 186         static const SSL_METHOD func_name##_data= { \
 187                 version, \
 188                 0, \
 189                 0, \
 190                 ossl_quic_new, \
 191                 ossl_quic_free, \
 192                 ossl_quic_reset, \
 193                 ossl_quic_init, \
 194                 ossl_quic_clear, \
 195                 ossl_quic_deinit, \
 196                 q_accept, \
 197                 q_connect, \
 198                 ossl_quic_read, \
 199                 ossl_quic_peek, \
 200                 ossl_quic_write, \
 201                 ossl_quic_shutdown, \
 202                 NULL /* renegotiate */, \
 203                 ossl_quic_renegotiate_check, \
 204                 NULL /* read_bytes */, \
 205                 NULL /* write_bytes */, \
 206                 NULL /* dispatch_alert */, \
 207                 ossl_quic_ctrl, \
 208                 ossl_quic_ctx_ctrl, \
 209                 NULL /* get_cipher_by_char */, \
 210                 NULL /* put_cipher_by_char */, \
 211                 ossl_quic_pending, \
 212                 ossl_quic_num_ciphers, \
 213                 ossl_quic_get_cipher, \
 214                 tls1_default_timeout, \
 215                 &enc_data, \
 216                 ssl_undefined_void_function, \
 217                 ossl_quic_callback_ctrl, \
 218                 ossl_quic_ctx_callback_ctrl, \
 219         }; \
 220         return &func_name##_data; \
 221         }
 222
 223 #endif