2 * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 #include <openssl/ssl.h>
13 * We use the term "record" here to refer to a packet of data. Records are
14 * typically protected via a cipher and MAC, or an AEAD cipher (although not
15 * always). This usage of the term record is consistent with the TLS concept.
16 * In QUIC the term "record" is not used but it is analogous to the QUIC term
17 * "packet". The interface in this file applies to all protocols that protect
18 * records/packets of data, i.e. (D)TLS and QUIC. The term record is used to
19 * refer to both contexts.
24 * Types of QUIC record layer;
26 * QUIC reuses the TLS handshake for agreeing secrets. An SSL object representing
27 * a QUIC connection will have an additional SSL object internally representing
28 * the TLS state of the QUIC handshake. This internal TLS is referred to as
29 * QUIC-TLS in this file.
30 * "Records" output from QUIC-TLS contains standard TLS handshake messages and
31 * are *not* encrypted directly but are instead wrapped up in plaintext
32 * CRYPTO frames. These CRYPTO frames could be collected together with other
33 * QUIC frames into a single QUIC packet. The QUIC record layer will then
34 * encrypt the whole packet.
37 * QUIC-TLS record layer: outputs plaintext CRYPTO frames containing TLS
38 * handshake messages only.
39 * QUIC record layer: outputs encrypted packets which may contain CRYPTO frames
40 * or any other type of QUIC frame.
44 * An OSSL_RECORD_METHOD is a protcol specific method which provides the
45 * functions for reading and writing records for that protocol. Which
46 * OSSL_RECORD_METHOD to use for a given protocol is defined by the SSL_METHOD.
48 typedef struct ossl_record_method_st OSSL_RECORD_METHOD
;
51 * An OSSL_RECORD_LAYER is just an externally defined opaque pointer created by
54 typedef struct ossl_record_layer_st OSSL_RECORD_LAYER
;
57 #define OSSL_RECORD_ROLE_CLIENT 0
58 #define OSSL_RECORD_ROLE_SERVER 1
60 #define OSSL_RECORD_DIRECTION_READ 0
61 #define OSSL_RECORD_DIRECTION_WRITE 1
64 * Protection level. For <= TLSv1.2 only "NONE" and "APPLICATION" are used.
66 #define OSSL_RECORD_PROTECTION_LEVEL_NONE 0
67 #define OSSL_RECORD_PROTECTION_LEVEL_EARLY 1
68 #define OSSL_RECORD_PROTECTION_LEVEL_HANDSHAKE 2
69 #define OSSL_RECORD_PROTECTION_LEVEL_APPLICATION 3
72 #define OSSL_RECORD_RETURN_SUCCESS 1
73 #define OSSL_RECORD_RETURN_RETRY 0
74 #define OSSL_RECORD_RETURN_NON_FATAL_ERR -1
75 #define OSSL_RECORD_RETURN_FATAL -2
76 #define OSSL_RECORD_RETURN_EOF -3
79 * Template for creating a record. A record consists of the |type| of data it
80 * will contain (e.g. alert, handshake, application data, etc) along with an
81 * array of buffers in |bufs| of size |numbufs|. There is a corresponding array
82 * of buffer lengths in |buflens|. Concatenating all of the buffer data together
83 * would give you the complete plaintext payload to be sent in a single record.
85 struct ossl_record_template_st
{
92 typedef struct ossl_record_template_st OSSL_RECORD_TEMPLATE
;
95 * Rather than a "method" approach, we could make this fetchable - Should we?
96 * There could be some complexity in finding suitable record layer implementations
97 * e.g. we need to find one that matches the negotiated protocol, cipher,
98 * extensions, etc. The selection_cb approach given above doesn't work so well
99 * if unknown third party providers with OSSL_RECORD_METHOD implementations are
104 * If this becomes public API then we will need functions to create and
105 * free an OSSL_RECORD_METHOD, as well as functions to get/set the various
106 * function pointers....unless we make it fetchable.
108 struct ossl_record_method_st
{
110 * Create a new OSSL_RECORD_LAYER object for handling the protocol version
111 * set by |vers|. |role| is 0 for client and 1 for server. |direction|
112 * indicates either read or write. |level| is the protection level as
113 * described above. |settings| are mandatory settings that will cause the
114 * new() call to fail if they are not understood (for example to require
115 * Encrypt-Then-Mac support). |options| are optional settings that will not
116 * cause the new() call to fail if they are not understood (for example
117 * whether to use "read ahead" or not).
119 * The BIO in |transport| is the BIO for the underlying transport layer.
120 * Where the direction is "read", then this BIO will only ever be used for
121 * reading data. Where the direction is "write", then this BIO will only
122 * every be used for writing data.
124 * An SSL object will always have at least 2 OSSL_RECORD_LAYER objects in
125 * force at any one time (one for reading and one for writing). In some
126 * protocols more than 2 might be used (e.g. in DTLS for retransmitting
127 * messages from an earlier epoch).
131 * TODO(RECLAYER): Will have to be something other than EVP_CIPHER if we
132 * make this fetchable
133 * TODO(RECLAYER): mactype should not be an int
135 OSSL_RECORD_LAYER
*(*new_record_layer
)(OSSL_LIB_CTX
*libctx
,
136 const char *propq
, int vers
,
137 int role
, int direction
,
138 int level
, unsigned char *key
,
142 unsigned char *mackey
,
144 const EVP_CIPHER
*ciph
,
146 /* TODO(RECLAYER): This probably should not be an int */
149 const SSL_COMP
*comp
,
150 BIO
*transport
, BIO_ADDR
*local
,
152 const OSSL_PARAM
*settings
,
153 const OSSL_PARAM
*options
,
154 /* TODO(RECLAYER): Remove me */
156 void (*free
)(OSSL_RECORD_LAYER
*rl
);
158 int (*reset
)(OSSL_RECORD_LAYER
*rl
); /* Is this needed? */
160 /* Returns 1 if we have unprocessed data buffered or 0 otherwise */
161 int (*unprocessed_read_pending
)(OSSL_RECORD_LAYER
*rl
);
163 * Returns 1 if we have processed data buffered that can be read or 0 otherwise
164 * - not necessarily app data
166 int (*processed_read_pending
)(OSSL_RECORD_LAYER
*rl
);
169 * The amount of processed app data that is internally bufferred and
172 size_t (*app_data_pending
)(OSSL_RECORD_LAYER
*rl
);
174 int (*write_pending
)(OSSL_RECORD_LAYER
*rl
);
178 * Find out the maximum amount of plaintext data that the record layer is
179 * prepared to write in a single record. When calling write_records it is
180 * the caller's responsibility to ensure that no record template exceeds
181 * this maximum when calling write_records.
183 size_t (*get_max_record_len
)(OSSL_RECORD_LAYER
*rl
);
186 * Find out the maximum number of records that the record layer is prepared
187 * to process in a single call to write_records. It is the caller's
188 * responsibility to ensure that no call to write_records exceeds this
191 size_t (*get_max_records
)(OSSL_RECORD_LAYER
*rl
);
194 * Write |numtempl| records from the array of record templates pointed to
195 * by |templates|. Each record should be no longer than the value returned
196 * by get_max_record_len(), and there should be no more records than the
197 * value returned by get_max_records().
198 * |allowance| is the maximum amount of "on-the-wire" data that is allowed
199 * to be sent at the moment (including all QUIC headers, but excluding any
200 * UDP/IP headers). After a successful or retry return |*sent| will
201 * be updated with the amount of data that has been sent so far. In the case
202 * of a retry this could be 0.
203 * Where possible the caller will attempt to ensure that all records are the
204 * same length, except the last record. This may not always be possible so
205 * the record method implementation should not rely on this being the case.
206 * In the event of a retry the caller should call retry_write_records()
207 * to try again. No more calls to write_records() should be attempted until
208 * retry_write_records() returns success.
209 * Buffers allocated for the record templates can be freed immediately after
210 * write_records() returns - even in the case a retry.
211 * The record templates represent the plaintext payload. The encrypted
212 * output is written to the |transport| BIO.
218 int (*write_records
)(OSSL_RECORD_LAYER
*rl
, OSSL_RECORD_TEMPLATE
**templates
,
219 size_t numtempl
, size_t allowance
, size_t *sent
);
222 * Retry a previous call to write_records. The caller should continue to
223 * call this until the function returns with success or failure. After
224 * each retry more of the data may have been incrementally sent. |allowance|
225 * is the amount of "on-the-wire" data that is allowed to be sent at the
226 * moment. After a successful or retry return |*sent| will
227 * be updated with the amount of data that has been sent by this call to
228 * retry_write_records().
234 int (*retry_write_records
)(OSSL_RECORD_LAYER
*rl
, size_t allowance
,
238 * Read a record and return the record layer version and record type in
239 * the |rversion| and |type| parameters. |*data| is set to point to a
240 * record layer buffer containing the record payload data and |*datalen|
241 * is filled in with the length of that data. The |epoch| and |seq_num|
242 * values are only used if DTLS has been negotiated. In that case they are
243 * filled in with the epoch and sequence number from the record.
244 * An opaque record layer handle for the record is returned in |*rechandle|
245 * which is used in a subsequent call to |release_record|. The buffer must
246 * remain available until release_record is called.
248 * Internally the the OSSL_RECORD_METHOD the implementation may read/process
249 * multiple records in one go and buffer them.
251 int (*read_record
)(OSSL_RECORD_LAYER
*rl
, void **rechandle
, int *rversion
,
252 int *type
, unsigned char **data
, size_t *datalen
,
253 uint16_t *epoch
, unsigned char *seq_num
,
254 /* TODO(RECLAYER): Remove me */ SSL_CONNECTION
*s
);
256 * Release a buffer associated with a record previously read with
257 * read_record. Records are guaranteed to be released in the order that they
260 int (*release_record
)(OSSL_RECORD_LAYER
*rl
, void *rechandle
);
263 * In the event that a fatal error is returned from the functions above then
264 * get_alert_code() can be called to obtain a more details identifier for
265 * the error. In (D)TLS this is the alert description code.
267 int (*get_alert_code
)(OSSL_RECORD_LAYER
*rl
);
270 * Update the transport BIO from the one originally set in the
271 * new_record_layer call
273 int (*set1_bio
)(OSSL_RECORD_LAYER
*rl
, BIO
*bio
);
276 * TODO(RECLAYER): Remove these. These function pointers are temporary hacks
277 * during the record layer refactoring. They need to be removed before the
278 * refactor is complete.
280 int (*read_n
)(OSSL_RECORD_LAYER
*rl
, size_t n
, size_t max
, int extend
,
281 int clearold
, size_t *readbytes
);
282 SSL3_BUFFER
*(*get0_rbuf
)(OSSL_RECORD_LAYER
*rl
);
283 unsigned char *(*get0_packet
)(OSSL_RECORD_LAYER
*rl
);
284 void (*set0_packet
)(OSSL_RECORD_LAYER
*rl
, unsigned char *packet
,
286 size_t (*get_packet_length
)(OSSL_RECORD_LAYER
*rl
);
287 void (*reset_packet_length
)(OSSL_RECORD_LAYER
*rl
);
291 /* Standard built-in record methods */
292 extern const OSSL_RECORD_METHOD ossl_tls_record_method
;
293 extern const OSSL_RECORD_METHOD ossl_dtls_record_method
;