[thirdparty/openssl.git] / ssl / quic / quic_channel_local.h

#ifndef OSSL_QUIC_CHANNEL_LOCAL_H
# define OSSL_QUIC_CHANNEL_LOCAL_H

# include "internal/quic_channel.h"

# ifndef OPENSSL_NO_QUIC

#  include <openssl/lhash.h>
#  include "internal/list.h"
#  include "internal/quic_predef.h"
#  include "internal/quic_fc.h"
#  include "internal/quic_stream_map.h"

/*
 * QUIC Channel Structure
 * ======================
 *
 * QUIC channel internals. It is intended that only the QUIC_CHANNEL
 * implementation and the RX depacketiser be allowed to access this structure
 * directly. As the RX depacketiser has no state of its own and computes over a
 * QUIC_CHANNEL structure, it can be viewed as an extension of the QUIC_CHANNEL
 * implementation. While the RX depacketiser could be provided with adequate
 * accessors to do what it needs, this would weaken the abstraction provided by
 * the QUIC_CHANNEL to other components; moreover the coupling of the RX
 * depacketiser to QUIC_CHANNEL internals is too deep and bespoke to make this
 * desirable.
 *
 * Other components should not include this header.
 */
struct quic_channel_st {
    QUIC_PORT                       *port;

    /*
     * QUIC_PORT keeps the channels which belong to it on a list for bookkeeping
     * purposes.
     */
    OSSL_LIST_MEMBER(ch, struct quic_channel_st);

    /*
     * The associated TLS 1.3 connection data. Used to provide the handshake
     * layer; its 'network' side is plugged into the crypto stream for each EL
     * (other than the 0-RTT EL).
     */
    QUIC_TLS                        *qtls;
    SSL                             *tls;

    /* Port LCIDM we use to register LCIDs. */
    QUIC_LCIDM                      *lcidm;
    /* SRTM we register SRTs with. */
    QUIC_SRTM                       *srtm;

    /* Optional QLOG instance (or NULL). */
    QLOG                            *qlog;

    /*
     * The transport parameter block we will send or have sent.
     * Freed after sending or when connection is freed.
     */
    unsigned char                   *local_transport_params;

    /* Our current L4 peer address, if any. */
    BIO_ADDR                        cur_peer_addr;

    /*
     * Subcomponents of the connection. All of these components are instantiated
     * and owned by us.
     */
    OSSL_QUIC_TX_PACKETISER         *txp;
    QUIC_TXPIM                      *txpim;
    QUIC_CFQ                        *cfq;
    /*
     * Connection level FC. The stream_count RXFCs is used to manage
     * MAX_STREAMS signalling.
     */
    QUIC_TXFC                       conn_txfc;
    QUIC_RXFC                       conn_rxfc, crypto_rxfc[QUIC_PN_SPACE_NUM];
    QUIC_RXFC                       max_streams_bidi_rxfc, max_streams_uni_rxfc;
    QUIC_STREAM_MAP                 qsm;
    OSSL_STATM                      statm;
    OSSL_CC_DATA                    *cc_data;
    const OSSL_CC_METHOD            *cc_method;
    OSSL_ACKM                       *ackm;

    /* Record layers in the TX and RX directions. */
    OSSL_QTX                        *qtx;
    OSSL_QRX                        *qrx;

    /* Message callback related arguments */
    ossl_msg_cb                     msg_callback;
    void                            *msg_callback_arg;
    SSL                             *msg_callback_ssl;

    /*
     * Send and receive parts of the crypto streams.
     * crypto_send[QUIC_PN_SPACE_APP] is the 1-RTT crypto stream. There is no
     * 0-RTT crypto stream.
     */
    QUIC_SSTREAM                    *crypto_send[QUIC_PN_SPACE_NUM];
    QUIC_RSTREAM                    *crypto_recv[QUIC_PN_SPACE_NUM];

    /* Internal state. */
    /*
     * Client: The DCID used in the first Initial packet we transmit as a client.
     * Server: The DCID used in the first Initial packet the client transmitted.
     * Randomly generated and required by RFC to be at least 8 bytes.
     */
    QUIC_CONN_ID                    init_dcid;

    /*
     * Client: The SCID found in the first Initial packet from the server.
     * Not valid for servers.
     * Valid if have_received_enc_pkt is set.
     */
    QUIC_CONN_ID                    init_scid;

    /*
     * Client only: The SCID found in an incoming Retry packet we handled.
     * Not valid for servers.
     */
    QUIC_CONN_ID                    retry_scid;

    /*
     * The DCID we currently use to talk to the peer and its sequence num.
     */
    QUIC_CONN_ID                    cur_remote_dcid;
    uint64_t                        cur_remote_seq_num;
    uint64_t                        cur_retire_prior_to;

    /* Server only: The DCID we currently expect the peer to use to talk to us. */
    QUIC_CONN_ID                    cur_local_cid;

    /* Transport parameter values we send to our peer. */
    uint64_t                        tx_init_max_stream_data_bidi_local;
    uint64_t                        tx_init_max_stream_data_bidi_remote;
    uint64_t                        tx_init_max_stream_data_uni;
    uint64_t                        tx_max_ack_delay; /* ms */

    /* Transport parameter values received from server. */
    uint64_t                        rx_init_max_stream_data_bidi_local;
    uint64_t                        rx_init_max_stream_data_bidi_remote;
    uint64_t                        rx_init_max_stream_data_uni;
    uint64_t                        rx_max_ack_delay; /* ms */
    unsigned char                   rx_ack_delay_exp;

    /*
     * Temporary staging area to store information about the incoming packet we
     * are currently processing.
     */
    OSSL_QRX_PKT                    *qrx_pkt;

    /*
     * Current limit on number of streams we may create. Set by transport
     * parameters initially and then by MAX_STREAMS frames.
     */
    uint64_t                        max_local_streams_bidi;
    uint64_t                        max_local_streams_uni;

    /* The idle timeout values we and our peer requested. */
    uint64_t                        max_idle_timeout_local_req;
    uint64_t                        max_idle_timeout_remote_req;

    /* The negotiated maximum idle timeout in milliseconds. */
    uint64_t                        max_idle_timeout;

    /*
     * Maximum payload size in bytes for datagrams sent to our peer, as
     * negotiated by transport parameters.
     */
    uint64_t                        rx_max_udp_payload_size;
    /* Maximum active CID limit, as negotiated by transport parameters. */
    uint64_t                        rx_active_conn_id_limit;

    /*
     * Used to allocate stream IDs. This is a stream ordinal, i.e., a stream ID
     * without the low two bits designating type and initiator. Shift and or in
     * the type bits to convert to a stream ID.
     */
    uint64_t                        next_local_stream_ordinal_bidi;
    uint64_t                        next_local_stream_ordinal_uni;

    /*
     * Used to track which stream ordinals within a given stream type have been
     * used by the remote peer. This is an optimisation used to determine
     * which streams should be implicitly created due to usage of a higher
     * stream ordinal.
     */
    uint64_t                        next_remote_stream_ordinal_bidi;
    uint64_t                        next_remote_stream_ordinal_uni;

    /*
     * Application error code to be used for STOP_SENDING/RESET_STREAM frames
     * used to autoreject incoming streams.
     */
    uint64_t                        incoming_stream_auto_reject_aec;

    /*
     * Override packet count threshold at which we do a spontaneous TXKU.
     * Usually UINT64_MAX in which case a suitable value is chosen based on AEAD
     * limit advice from the QRL utility functions. This is intended for testing
     * use only. Usually set to UINT64_MAX.
     */
    uint64_t                        txku_threshold_override;

    /* Diagnostic counters for testing purposes only. May roll over. */
    uint16_t                        diag_num_rx_ack; /* Number of ACK frames received */

    /* Valid if we are in the TERMINATING or TERMINATED states. */
    QUIC_TERMINATE_CAUSE            terminate_cause;

    /*
     * Deadline at which we move to TERMINATING state. Valid if in the
     * TERMINATING state.
     */
    OSSL_TIME                       terminate_deadline;

    /*
     * Deadline at which connection dies due to idle timeout if no further
     * events occur.
     */
    OSSL_TIME                       idle_deadline;

    /*
     * Deadline at which we should send an ACK-eliciting packet to ensure
     * idle timeout does not occur.
     */
    OSSL_TIME                       ping_deadline;

    /*
     * The deadline at which the period in which it is RECOMMENDED that we not
     * initiate any spontaneous TXKU ends. This is zero if no such deadline
     * applies.
     */
    OSSL_TIME                       txku_cooldown_deadline;

    /*
     * The deadline at which we take the QRX out of UPDATING and back to NORMAL.
     * Valid if rxku_in_progress in 1.
     */
    OSSL_TIME                       rxku_update_end_deadline;

    /*
     * The first (application space) PN sent with a new key phase. Valid if the
     * QTX key epoch is greater than 0. Once a packet we sent with a PN p (p >=
     * txku_pn) is ACKed, the TXKU is considered completed and txku_in_progress
     * becomes 0. For sanity's sake, such a PN p should also be <= the highest
     * PN we have ever sent, of course.
     */
    QUIC_PN                         txku_pn;

    /*
     * The (application space) PN which triggered RXKU detection. Valid if
     * rxku_pending_confirm.
     */
    QUIC_PN                         rxku_trigger_pn;

    /*
     * State tracking. QUIC connection-level state is best represented based on
     * whether various things have happened yet or not, rather than as an
     * explicit FSM. We do have a coarse state variable which tracks the basic
     * state of the connection's lifecycle, but more fine-grained conditions of
     * the Active state are tracked via flags below. For more details, see
     * doc/designs/quic-design/connection-state-machine.md. We are in the Open
     * state if the state is QUIC_CHANNEL_STATE_ACTIVE and handshake_confirmed is
     * set.
     */
    unsigned int                    state                   : 3;

    /*
     * Have we received at least one encrypted packet from the peer?
     * (If so, Retry and Version Negotiation messages should no longer
     *  be received and should be ignored if they do occur.)
     */
    unsigned int                    have_received_enc_pkt   : 1;

    /*
     * Have we successfully processed any packet, including a Version
     * Negotiation packet? If so, further Version Negotiation packets should be
     * ignored.
     */
    unsigned int                    have_processed_any_pkt  : 1;

    /*
     * Have we sent literally any packet yet? If not, there is no point polling
     * RX.
     */
    unsigned int                    have_sent_any_pkt       : 1;

    /*
     * Are we currently doing proactive version negotiation?
     */
    unsigned int                    doing_proactive_ver_neg : 1;

    /* We have received transport parameters from the peer. */
    unsigned int                    got_remote_transport_params    : 1;
    /* We have generated our local transport parameters. */
    unsigned int                    got_local_transport_params     : 1;

    /*
     * This monotonically transitions to 1 once the TLS state machine is
     * 'complete', meaning that it has both sent a Finished and successfully
     * verified the peer's Finished (see RFC 9001 s. 4.1.1). Note that it
     * does not transition to 1 at both peers simultaneously.
     *
     * Handshake completion is not the same as handshake confirmation (see
     * below).
     */
    unsigned int                    handshake_complete      : 1;

    /*
     * This monotonically transitions to 1 once the handshake is confirmed.
     * This happens on the client when we receive a HANDSHAKE_DONE frame.
     * At our option, we may also take acknowledgement of any 1-RTT packet
     * we sent as a handshake confirmation.
     */
    unsigned int                    handshake_confirmed     : 1;

    /*
     * We are sending Initial packets based on a Retry. This means we definitely
     * should not receive another Retry, and if we do it is an error.
     */
    unsigned int                    doing_retry             : 1;

    /*
     * We don't store the current EL here; the TXP asks the QTX which ELs
     * are provisioned to determine which ELs to use.
     */

    /* Have statm, qsm been initialised? Used to track cleanup. */
    unsigned int                    have_statm              : 1;
    unsigned int                    have_qsm                : 1;

    /*
     * Preferred ELs for transmission and reception. This is not strictly needed
     * as it can be inferred from what keys we have provisioned, but makes
     * determining the current EL simpler and faster. A separate EL for
     * transmission and reception is not strictly necessary but makes things
     * easier for interoperation with the handshake layer, which likes to invoke
     * the yield secret callback at different times for TX and RX.
     */
    unsigned int                    tx_enc_level            : 3;
    unsigned int                    rx_enc_level            : 3;

    /* If bit n is set, EL n has been discarded. */
    unsigned int                    el_discarded            : 4;

    /*
     * While in TERMINATING - CLOSING, set when we should generate a connection
     * close frame.
     */
    unsigned int                    conn_close_queued       : 1;

    /* Are we in server mode? Never changes after instantiation. */
    unsigned int                    is_server               : 1;

    /*
     * Set temporarily when the handshake layer has given us a new RX secret.
     * Used to determine if we need to check our RX queues again.
     */
    unsigned int                    have_new_rx_secret      : 1;

    /* Have we ever called QUIC_TLS yet during RX processing? */
    unsigned int                    did_tls_tick            : 1;
    /* Has any CRYPTO frame been processed during this tick? */
    unsigned int                    did_crypto_frame        : 1;

    /*
     * Have we sent an ack-eliciting packet since the last successful packet
     * reception? Used to determine when to bump idle timer (see RFC 9000 s.
     * 10.1).
     */
    unsigned int                    have_sent_ack_eliciting_since_rx    : 1;

    /* Should incoming streams automatically be rejected? */
    unsigned int                    incoming_stream_auto_reject         : 1;

    /*
     * 1 if a key update sequence was locally initiated, meaning we sent the
     * TXKU first and the resultant RXKU shouldn't result in our triggering
     * another TXKU. 0 if a key update sequence was initiated by the peer,
     * meaning we detect a RXKU first and have to generate a TXKU in response.
     */
    unsigned int                    ku_locally_initiated                : 1;

    /*
     * 1 if we have triggered TXKU (whether spontaneous or solicited) but are
     * waiting for any PN using that new KP to be ACKed. While this is set, we
     * are not allowed to trigger spontaneous TXKU (but solicited TXKU is
     * potentially still possible).
     */
    unsigned int                    txku_in_progress                    : 1;

    /*
     * We have received an RXKU event and currently are going through
     * UPDATING/COOLDOWN on the QRX. COOLDOWN is currently not used. Since RXKU
     * cannot be detected in this state, this doesn't cause a protocol error or
     * anything similar if a peer tries TXKU in this state. That traffic would
     * simply be dropped. It's only used to track that our UPDATING timer is
     * active so we know when to take the QRX out of UPDATING and back to
     * NORMAL.
     */
    unsigned int                    rxku_in_progress                    : 1;

    /*
     * We have received an RXKU but have yet to send an ACK for it, which means
     * no further RXKUs are allowed yet. Note that we cannot detect further
     * RXKUs anyway while the QRX remains in the UPDATING/COOLDOWN states, so
     * this restriction comes into play if we take more than PTO time to send
     * an ACK for it (not likely).
     */
    unsigned int                    rxku_pending_confirm                : 1;

    /* Temporary variable indicating rxku_pending_confirm is to become 0. */
    unsigned int                    rxku_pending_confirm_done           : 1;

    /*
     * If set, RXKU is expected (because we initiated a spontaneous TXKU).
     */
    unsigned int                    rxku_expected                       : 1;

    /* Permanent net error encountered */
    unsigned int                    net_error                           : 1;

    /*
     * Protocol error encountered. Note that you should refer to the state field
     * rather than this. This is only used so we can ignore protocol errors
     * after the first protocol error, but still record the first protocol error
     * if it happens during the TERMINATING state.
     */
    unsigned int                    protocol_error                      : 1;

    /* Are we using addressed mode? */
    unsigned int                    addressed_mode                      : 1;

    /* Are we on the QUIC_PORT linked list of channels? */
    unsigned int                    on_port_list                        : 1;

    /* Has qlog been requested? */
    unsigned int                    use_qlog                            : 1;

    /* Saved error stack in case permanent error was encountered */
    ERR_STATE                       *err_state;

    /* Scratch area for use by RXDP to store decoded ACK ranges. */
    OSSL_QUIC_ACK_RANGE             *ack_range_scratch;
    size_t                          num_ack_range_scratch;

    /* Title for qlog purposes. We own this copy. */
    char                            *qlog_title;
};

# endif

#endif
Commit	Line	Data
f538b421 HL	1	#ifndef OSSL_QUIC_CHANNEL_LOCAL_H
	2	# define OSSL_QUIC_CHANNEL_LOCAL_H
	3
	4	# include "internal/quic_channel.h"
	5
	6	# ifndef OPENSSL_NO_QUIC
	7
cdd91631 P	8	# include <openssl/lhash.h>
cdd91631 P	9	# include "internal/list.h"
e8014554 HL	10	# include "internal/quic_predef.h"
	11	# include "internal/quic_fc.h"
	12	# include "internal/quic_stream_map.h"
cdd91631	13
f538b421 HL	14	/*
	15	* QUIC Channel Structure
	16	* ======================
	17	*
	18	* QUIC channel internals. It is intended that only the QUIC_CHANNEL
	19	* implementation and the RX depacketiser be allowed to access this structure
	20	* directly. As the RX depacketiser has no state of its own and computes over a
eb4129e1	21	* QUIC_CHANNEL structure, it can be viewed as an extension of the QUIC_CHANNEL
f538b421 HL	22	* implementation. While the RX depacketiser could be provided with adequate
	23	* accessors to do what it needs, this would weaken the abstraction provided by
	24	* the QUIC_CHANNEL to other components; moreover the coupling of the RX
	25	* depacketiser to QUIC_CHANNEL internals is too deep and bespoke to make this
	26	* desirable.
	27	*
	28	* Other components should not include this header.
	29	*/
	30	struct quic_channel_st {
12ab8afc HL	31	QUIC_PORT *port;
12ab8afc HL	32
ce503f5c HL	33	/*
	34	* QUIC_PORT keeps the channels which belong to it on a list for bookkeeping
	35	* purposes.
	36	*/
	37	OSSL_LIST_MEMBER(ch, struct quic_channel_st);
	38
f538b421 HL	39	/*
	40	* The associated TLS 1.3 connection data. Used to provide the handshake
	41	* layer; its 'network' side is plugged into the crypto stream for each EL
	42	* (other than the 0-RTT EL).
	43	*/
2723d705 MC	44	QUIC_TLS *qtls;
2723d705 MC	45	SSL *tls;
f538b421	46
cce6fccd HL	47	/* Port LCIDM we use to register LCIDs. */
cce6fccd HL	48	QUIC_LCIDM *lcidm;
5f86ae32 HL	49	/* SRTM we register SRTs with. */
5f86ae32 HL	50	QUIC_SRTM *srtm;
cce6fccd	51
2031c0e9 HL	52	/* Optional QLOG instance (or NULL). */
	53	QLOG *qlog;
	54
f538b421 HL	55	/*
	56	* The transport parameter block we will send or have sent.
	57	* Freed after sending or when connection is freed.
	58	*/
	59	unsigned char *local_transport_params;
	60
f538b421 HL	61	/* Our current L4 peer address, if any. */
	62	BIO_ADDR cur_peer_addr;
	63
f538b421 HL	64	/*
	65	* Subcomponents of the connection. All of these components are instantiated
	66	* and owned by us.
	67	*/
	68	OSSL_QUIC_TX_PACKETISER *txp;
	69	QUIC_TXPIM *txpim;
	70	QUIC_CFQ *cfq;
a6b6ea17 HL	71	/*
	72	* Connection level FC. The stream_count RXFCs is used to manage
	73	* MAX_STREAMS signalling.
	74	*/
f538b421	75	QUIC_TXFC conn_txfc;
098914d0	76	QUIC_RXFC conn_rxfc, crypto_rxfc[QUIC_PN_SPACE_NUM];
a6b6ea17	77	QUIC_RXFC max_streams_bidi_rxfc, max_streams_uni_rxfc;
f538b421 HL	78	QUIC_STREAM_MAP qsm;
	79	OSSL_STATM statm;
	80	OSSL_CC_DATA *cc_data;
	81	const OSSL_CC_METHOD *cc_method;
	82	OSSL_ACKM *ackm;
	83
4ed6b48d	84	/* Record layers in the TX and RX directions. */
f538b421 HL	85	OSSL_QTX *qtx;
	86	OSSL_QRX *qrx;
	87
63dfde87 MC	88	/* Message callback related arguments */
	89	ossl_msg_cb msg_callback;
	90	void *msg_callback_arg;
c2786c8e	91	SSL *msg_callback_ssl;
63dfde87	92
f538b421 HL	93	/*
	94	* Send and receive parts of the crypto streams.
	95	* crypto_send[QUIC_PN_SPACE_APP] is the 1-RTT crypto stream. There is no
	96	* 0-RTT crypto stream.
	97	*/
	98	QUIC_SSTREAM *crypto_send[QUIC_PN_SPACE_NUM];
	99	QUIC_RSTREAM *crypto_recv[QUIC_PN_SPACE_NUM];
	100
f538b421 HL	101	/* Internal state. */
f538b421 HL	102	/*
b1b06da2 HL	103	* Client: The DCID used in the first Initial packet we transmit as a client.
b1b06da2 HL	104	* Server: The DCID used in the first Initial packet the client transmitted.
f538b421 HL	105	* Randomly generated and required by RFC to be at least 8 bytes.
	106	*/
	107	QUIC_CONN_ID init_dcid;
	108
	109	/*
b1b06da2 HL	110	* Client: The SCID found in the first Initial packet from the server.
b1b06da2 HL	111	* Not valid for servers.
f538b421 HL	112	* Valid if have_received_enc_pkt is set.
	113	*/
	114	QUIC_CONN_ID init_scid;
	115
b1b06da2 HL	116	/*
	117	* Client only: The SCID found in an incoming Retry packet we handled.
	118	* Not valid for servers.
	119	*/
f538b421 HL	120	QUIC_CONN_ID retry_scid;
f538b421 HL	121
cdd91631 P	122	/*
cdd91631 P	123	* The DCID we currently use to talk to the peer and its sequence num.
cdd91631	124	*/
b1b06da2	125	QUIC_CONN_ID cur_remote_dcid;
eff04652 TM	126	uint64_t cur_remote_seq_num;
eff04652 TM	127	uint64_t cur_retire_prior_to;
cdd91631	128
b1b06da2	129	/* Server only: The DCID we currently expect the peer to use to talk to us. */
bbc97540	130	QUIC_CONN_ID cur_local_cid;
b1b06da2	131
0815b725 HL	132	/* Transport parameter values we send to our peer. */
	133	uint64_t tx_init_max_stream_data_bidi_local;
	134	uint64_t tx_init_max_stream_data_bidi_remote;
	135	uint64_t tx_init_max_stream_data_uni;
f13868de	136	uint64_t tx_max_ack_delay; /* ms */
0815b725	137
f538b421	138	/* Transport parameter values received from server. */
54562e89 HL	139	uint64_t rx_init_max_stream_data_bidi_local;
54562e89 HL	140	uint64_t rx_init_max_stream_data_bidi_remote;
e8fe7a21	141	uint64_t rx_init_max_stream_data_uni;
f538b421 HL	142	uint64_t rx_max_ack_delay; /* ms */
	143	unsigned char rx_ack_delay_exp;
	144
	145	/*
	146	* Temporary staging area to store information about the incoming packet we
	147	* are currently processing.
	148	*/
	149	OSSL_QRX_PKT *qrx_pkt;
	150
	151	/*
	152	* Current limit on number of streams we may create. Set by transport
	153	* parameters initially and then by MAX_STREAMS frames.
	154	*/
	155	uint64_t max_local_streams_bidi;
	156	uint64_t max_local_streams_uni;
	157
ecff7ca4 HL	158	/* The idle timeout values we and our peer requested. */
	159	uint64_t max_idle_timeout_local_req;
	160	uint64_t max_idle_timeout_remote_req;
	161
f538b421 HL	162	/* The negotiated maximum idle timeout in milliseconds. */
	163	uint64_t max_idle_timeout;
	164
	165	/*
	166	* Maximum payload size in bytes for datagrams sent to our peer, as
	167	* negotiated by transport parameters.
	168	*/
	169	uint64_t rx_max_udp_payload_size;
	170	/* Maximum active CID limit, as negotiated by transport parameters. */
	171	uint64_t rx_active_conn_id_limit;
	172
2dbc39de HL	173	/*
	174	* Used to allocate stream IDs. This is a stream ordinal, i.e., a stream ID
	175	* without the low two bits designating type and initiator. Shift and or in
	176	* the type bits to convert to a stream ID.
	177	*/
	178	uint64_t next_local_stream_ordinal_bidi;
	179	uint64_t next_local_stream_ordinal_uni;
	180
999e13f4 HL	181	/*
	182	* Used to track which stream ordinals within a given stream type have been
	183	* used by the remote peer. This is an optimisation used to determine
	184	* which streams should be implicitly created due to usage of a higher
	185	* stream ordinal.
	186	*/
	187	uint64_t next_remote_stream_ordinal_bidi;
	188	uint64_t next_remote_stream_ordinal_uni;
	189
995ff282 HL	190	/*
	191	* Application error code to be used for STOP_SENDING/RESET_STREAM frames
	192	* used to autoreject incoming streams.
	193	*/
	194	uint64_t incoming_stream_auto_reject_aec;
	195
16f3b542 HL	196	/*
	197	* Override packet count threshold at which we do a spontaneous TXKU.
	198	* Usually UINT64_MAX in which case a suitable value is chosen based on AEAD
	199	* limit advice from the QRL utility functions. This is intended for testing
	200	* use only. Usually set to UINT64_MAX.
	201	*/
	202	uint64_t txku_threshold_override;
	203
17340e87 HL	204	/* Diagnostic counters for testing purposes only. May roll over. */
	205	uint16_t diag_num_rx_ack; /* Number of ACK frames received */
	206
	207	/* Valid if we are in the TERMINATING or TERMINATED states. */
f538b421 HL	208	QUIC_TERMINATE_CAUSE terminate_cause;
	209
	210	/*
	211	* Deadline at which we move to TERMINATING state. Valid if in the
	212	* TERMINATING state.
	213	*/
	214	OSSL_TIME terminate_deadline;
	215
	216	/*
	217	* Deadline at which connection dies due to idle timeout if no further
	218	* events occur.
	219	*/
	220	OSSL_TIME idle_deadline;
	221
3b1ab5a3 HL	222	/*
	223	* Deadline at which we should send an ACK-eliciting packet to ensure
	224	* idle timeout does not occur.
	225	*/
	226	OSSL_TIME ping_deadline;
	227
8a65e7a5 HL	228	/*
	229	* The deadline at which the period in which it is RECOMMENDED that we not
	230	* initiate any spontaneous TXKU ends. This is zero if no such deadline
	231	* applies.
	232	*/
	233	OSSL_TIME txku_cooldown_deadline;
	234
	235	/*
	236	* The deadline at which we take the QRX out of UPDATING and back to NORMAL.
	237	* Valid if rxku_in_progress in 1.
	238	*/
	239	OSSL_TIME rxku_update_end_deadline;
	240
	241	/*
c93f7668 HL	242	* The first (application space) PN sent with a new key phase. Valid if the
	243	* QTX key epoch is greater than 0. Once a packet we sent with a PN p (p >=
	244	* txku_pn) is ACKed, the TXKU is considered completed and txku_in_progress
	245	* becomes 0. For sanity's sake, such a PN p should also be <= the highest
	246	* PN we have ever sent, of course.
8a65e7a5 HL	247	*/
	248	QUIC_PN txku_pn;
	249
	250	/*
	251	* The (application space) PN which triggered RXKU detection. Valid if
	252	* rxku_pending_confirm.
	253	*/
	254	QUIC_PN rxku_trigger_pn;
	255
f538b421 HL	256	/*
	257	* State tracking. QUIC connection-level state is best represented based on
	258	* whether various things have happened yet or not, rather than as an
	259	* explicit FSM. We do have a coarse state variable which tracks the basic
	260	* state of the connection's lifecycle, but more fine-grained conditions of
	261	* the Active state are tracked via flags below. For more details, see
	262	* doc/designs/quic-design/connection-state-machine.md. We are in the Open
6861f5a7	263	* state if the state is QUIC_CHANNEL_STATE_ACTIVE and handshake_confirmed is
f538b421 HL	264	* set.
	265	*/
	266	unsigned int state : 3;
	267
	268	/*
	269	* Have we received at least one encrypted packet from the peer?
	270	* (If so, Retry and Version Negotiation messages should no longer
	271	* be received and should be ignored if they do occur.)
	272	*/
	273	unsigned int have_received_enc_pkt : 1;
	274
777a8a7f HL	275	/*
	276	* Have we successfully processed any packet, including a Version
	277	* Negotiation packet? If so, further Version Negotiation packets should be
	278	* ignored.
	279	*/
	280	unsigned int have_processed_any_pkt : 1;
	281
f538b421 HL	282	/*
	283	* Have we sent literally any packet yet? If not, there is no point polling
	284	* RX.
	285	*/
	286	unsigned int have_sent_any_pkt : 1;
	287
	288	/*
	289	* Are we currently doing proactive version negotiation?
	290	*/
	291	unsigned int doing_proactive_ver_neg : 1;
	292
	293	/* We have received transport parameters from the peer. */
	294	unsigned int got_remote_transport_params : 1;
ecff7ca4 HL	295	/* We have generated our local transport parameters. */
ecff7ca4 HL	296	unsigned int got_local_transport_params : 1;
f538b421 HL	297
	298	/*
	299	* This monotonically transitions to 1 once the TLS state machine is
	300	* 'complete', meaning that it has both sent a Finished and successfully
	301	* verified the peer's Finished (see RFC 9001 s. 4.1.1). Note that it
	302	* does not transition to 1 at both peers simultaneously.
	303	*
	304	* Handshake completion is not the same as handshake confirmation (see
	305	* below).
	306	*/
	307	unsigned int handshake_complete : 1;
	308
	309	/*
	310	* This monotonically transitions to 1 once the handshake is confirmed.
	311	* This happens on the client when we receive a HANDSHAKE_DONE frame.
	312	* At our option, we may also take acknowledgement of any 1-RTT packet
	313	* we sent as a handshake confirmation.
	314	*/
	315	unsigned int handshake_confirmed : 1;
	316
	317	/*
	318	* We are sending Initial packets based on a Retry. This means we definitely
	319	* should not receive another Retry, and if we do it is an error.
	320	*/
	321	unsigned int doing_retry : 1;
	322
	323	/*
	324	* We don't store the current EL here; the TXP asks the QTX which ELs
	325	* are provisioned to determine which ELs to use.
	326	*/
	327
	328	/* Have statm, qsm been initialised? Used to track cleanup. */
	329	unsigned int have_statm : 1;
	330	unsigned int have_qsm : 1;
	331
	332	/*
9bbc5b54 HL	333	* Preferred ELs for transmission and reception. This is not strictly needed
	334	* as it can be inferred from what keys we have provisioned, but makes
	335	* determining the current EL simpler and faster. A separate EL for
	336	* transmission and reception is not strictly necessary but makes things
	337	* easier for interoperation with the handshake layer, which likes to invoke
	338	* the yield secret callback at different times for TX and RX.
f538b421 HL	339	*/
f538b421 HL	340	unsigned int tx_enc_level : 3;
45ecfc9b	341	unsigned int rx_enc_level : 3;
f538b421 HL	342
	343	/* If bit n is set, EL n has been discarded. */
	344	unsigned int el_discarded : 4;
	345
	346	/*
	347	* While in TERMINATING - CLOSING, set when we should generate a connection
	348	* close frame.
	349	*/
	350	unsigned int conn_close_queued : 1;
	351
	352	/* Are we in server mode? Never changes after instantiation. */
	353	unsigned int is_server : 1;
4e64437a HL	354
4e64437a HL	355	/*
92282a17 HL	356	* Set temporarily when the handshake layer has given us a new RX secret.
92282a17 HL	357	* Used to determine if we need to check our RX queues again.
4e64437a	358	*/
92282a17	359	unsigned int have_new_rx_secret : 1;
3b1ab5a3	360
82b7a0ee HL	361	/* Have we ever called QUIC_TLS yet during RX processing? */
	362	unsigned int did_tls_tick : 1;
	363	/* Has any CRYPTO frame been processed during this tick? */
	364	unsigned int did_crypto_frame : 1;
	365
3b1ab5a3 HL	366	/*
	367	* Have we sent an ack-eliciting packet since the last successful packet
	368	* reception? Used to determine when to bump idle timer (see RFC 9000 s.
	369	* 10.1).
	370	*/
	371	unsigned int have_sent_ack_eliciting_since_rx : 1;
995ff282 HL	372
	373	/* Should incoming streams automatically be rejected? */
	374	unsigned int incoming_stream_auto_reject : 1;
8a65e7a5 HL	375
	376	/*
	377	* 1 if a key update sequence was locally initiated, meaning we sent the
	378	* TXKU first and the resultant RXKU shouldn't result in our triggering
	379	* another TXKU. 0 if a key update sequence was initiated by the peer,
	380	* meaning we detect a RXKU first and have to generate a TXKU in response.
	381	*/
	382	unsigned int ku_locally_initiated : 1;
	383
	384	/*
	385	* 1 if we have triggered TXKU (whether spontaneous or solicited) but are
	386	* waiting for any PN using that new KP to be ACKed. While this is set, we
	387	* are not allowed to trigger spontaneous TXKU (but solicited TXKU is
	388	* potentially still possible).
	389	*/
	390	unsigned int txku_in_progress : 1;
	391
	392	/*
	393	* We have received an RXKU event and currently are going through
	394	* UPDATING/COOLDOWN on the QRX. COOLDOWN is currently not used. Since RXKU
	395	* cannot be detected in this state, this doesn't cause a protocol error or
	396	* anything similar if a peer tries TXKU in this state. That traffic would
	397	* simply be dropped. It's only used to track that our UPDATING timer is
	398	* active so we know when to take the QRX out of UPDATING and back to
	399	* NORMAL.
	400	*/
	401	unsigned int rxku_in_progress : 1;
	402
	403	/*
	404	* We have received an RXKU but have yet to send an ACK for it, which means
	405	* no further RXKUs are allowed yet. Note that we cannot detect further
	406	* RXKUs anyway while the QRX remains in the UPDATING/COOLDOWN states, so
	407	* this restriction comes into play if we take more than PTO time to send
	408	* an ACK for it (not likely).
	409	*/
	410	unsigned int rxku_pending_confirm : 1;
	411
	412	/* Temporary variable indicating rxku_pending_confirm is to become 0. */
	413	unsigned int rxku_pending_confirm_done : 1;
c93f7668 HL	414
	415	/*
	416	* If set, RXKU is expected (because we initiated a spontaneous TXKU).
	417	*/
	418	unsigned int rxku_expected : 1;
5c3474ea TM	419
	420	/* Permanent net error encountered */
	421	unsigned int net_error : 1;
9c3ea4e1	422
549d0a70 HL	423	/*
	424	* Protocol error encountered. Note that you should refer to the state field
	425	* rather than this. This is only used so we can ignore protocol errors
	426	* after the first protocol error, but still record the first protocol error
	427	* if it happens during the TERMINATING state.
	428	*/
	429	unsigned int protocol_error : 1;
	430
617b459d HL	431	/* Are we using addressed mode? */
	432	unsigned int addressed_mode : 1;
	433
ce503f5c HL	434	/* Are we on the QUIC_PORT linked list of channels? */
	435	unsigned int on_port_list : 1;
	436
de60b122	437	/* Has qlog been requested? */
2031c0e9 HL	438	unsigned int use_qlog : 1;
2031c0e9 HL	439
9c3ea4e1 TM	440	/* Saved error stack in case permanent error was encountered */
9c3ea4e1 TM	441	ERR_STATE *err_state;
8c792b0c HL	442
	443	/* Scratch area for use by RXDP to store decoded ACK ranges. */
	444	OSSL_QUIC_ACK_RANGE *ack_range_scratch;
	445	size_t num_ack_range_scratch;
407bcc8d	446
de60b122	447	/* Title for qlog purposes. We own this copy. */
fb1a0bb9	448	char *qlog_title;
f538b421 HL	449	};
	450
	451	# endif
	452
	453	#endif