2 * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 #ifndef OSSL_INTERNAL_RECORDMETHOD_H
11 # define OSSL_INTERNAL_RECORDMETHOD_H
14 # include <openssl/ssl.h>
17 * We use the term "record" here to refer to a packet of data. Records are
18 * typically protected via a cipher and MAC, or an AEAD cipher (although not
19 * always). This usage of the term record is consistent with the TLS concept.
20 * In QUIC the term "record" is not used but it is analogous to the QUIC term
21 * "packet". The interface in this file applies to all protocols that protect
22 * records/packets of data, i.e. (D)TLS and QUIC. The term record is used to
23 * refer to both contexts.
28 * Types of QUIC record layer;
30 * QUIC reuses the TLS handshake for agreeing secrets. An SSL object representing
31 * a QUIC connection will have an additional SSL object internally representing
32 * the TLS state of the QUIC handshake. This internal TLS is referred to as
33 * QUIC-TLS in this file.
34 * "Records" output from QUIC-TLS contains standard TLS handshake messages and
35 * are *not* encrypted directly but are instead wrapped up in plaintext
36 * CRYPTO frames. These CRYPTO frames could be collected together with other
37 * QUIC frames into a single QUIC packet. The QUIC record layer will then
38 * encrypt the whole packet.
41 * QUIC-TLS record layer: outputs plaintext CRYPTO frames containing TLS
42 * handshake messages only.
43 * QUIC record layer: outputs encrypted packets which may contain CRYPTO frames
44 * or any other type of QUIC frame.
48 * An OSSL_RECORD_METHOD is a protcol specific method which provides the
49 * functions for reading and writing records for that protocol. Which
50 * OSSL_RECORD_METHOD to use for a given protocol is defined by the SSL_METHOD.
52 typedef struct ossl_record_method_st OSSL_RECORD_METHOD
;
55 * An OSSL_RECORD_LAYER is just an externally defined opaque pointer created by
58 typedef struct ossl_record_layer_st OSSL_RECORD_LAYER
;
61 # define OSSL_RECORD_ROLE_CLIENT 0
62 # define OSSL_RECORD_ROLE_SERVER 1
64 # define OSSL_RECORD_DIRECTION_READ 0
65 # define OSSL_RECORD_DIRECTION_WRITE 1
68 * Protection level. For <= TLSv1.2 only "NONE" and "APPLICATION" are used.
70 # define OSSL_RECORD_PROTECTION_LEVEL_NONE 0
71 # define OSSL_RECORD_PROTECTION_LEVEL_EARLY 1
72 # define OSSL_RECORD_PROTECTION_LEVEL_HANDSHAKE 2
73 # define OSSL_RECORD_PROTECTION_LEVEL_APPLICATION 3
76 # define OSSL_RECORD_RETURN_SUCCESS 1
77 # define OSSL_RECORD_RETURN_RETRY 0
78 # define OSSL_RECORD_RETURN_NON_FATAL_ERR -1
79 # define OSSL_RECORD_RETURN_FATAL -2
80 # define OSSL_RECORD_RETURN_EOF -3
83 * Template for creating a record. A record consists of the |type| of data it
84 * will contain (e.g. alert, handshake, application data, etc) along with an
85 * array of buffers in |bufs| of size |numbufs|. There is a corresponding array
86 * of buffer lengths in |buflens|. Concatenating all of the buffer data together
87 * would give you the complete plaintext payload to be sent in a single record.
89 struct ossl_record_template_st
{
96 typedef struct ossl_record_template_st OSSL_RECORD_TEMPLATE
;
99 * Rather than a "method" approach, we could make this fetchable - Should we?
100 * There could be some complexity in finding suitable record layer implementations
101 * e.g. we need to find one that matches the negotiated protocol, cipher,
102 * extensions, etc. The selection_cb approach given above doesn't work so well
103 * if unknown third party providers with OSSL_RECORD_METHOD implementations are
108 * If this becomes public API then we will need functions to create and
109 * free an OSSL_RECORD_METHOD, as well as functions to get/set the various
110 * function pointers....unless we make it fetchable.
112 struct ossl_record_method_st
{
114 * Create a new OSSL_RECORD_LAYER object for handling the protocol version
115 * set by |vers|. |role| is 0 for client and 1 for server. |direction|
116 * indicates either read or write. |level| is the protection level as
117 * described above. |settings| are mandatory settings that will cause the
118 * new() call to fail if they are not understood (for example to require
119 * Encrypt-Then-Mac support). |options| are optional settings that will not
120 * cause the new() call to fail if they are not understood (for example
121 * whether to use "read ahead" or not).
123 * The BIO in |transport| is the BIO for the underlying transport layer.
124 * Where the direction is "read", then this BIO will only ever be used for
125 * reading data. Where the direction is "write", then this BIO will only
126 * every be used for writing data.
128 * An SSL object will always have at least 2 OSSL_RECORD_LAYER objects in
129 * force at any one time (one for reading and one for writing). In some
130 * protocols more than 2 might be used (e.g. in DTLS for retransmitting
131 * messages from an earlier epoch).
135 * TODO(RECLAYER): Will have to be something other than EVP_CIPHER if we
136 * make this fetchable
137 * TODO(RECLAYER): mactype should not be an int
139 OSSL_RECORD_LAYER
*(*new_record_layer
)(OSSL_LIB_CTX
*libctx
,
140 const char *propq
, int vers
,
141 int role
, int direction
,
142 int level
, unsigned char *key
,
146 unsigned char *mackey
,
148 const EVP_CIPHER
*ciph
,
150 /* TODO(RECLAYER): This probably should not be an int */
153 const SSL_COMP
*comp
,
154 BIO
*transport
, BIO_ADDR
*local
,
156 const OSSL_PARAM
*settings
,
157 const OSSL_PARAM
*options
,
158 /* TODO(RECLAYER): Remove me */
160 void (*free
)(OSSL_RECORD_LAYER
*rl
);
162 int (*reset
)(OSSL_RECORD_LAYER
*rl
); /* Is this needed? */
164 /* Returns 1 if we have unprocessed data buffered or 0 otherwise */
165 int (*unprocessed_read_pending
)(OSSL_RECORD_LAYER
*rl
);
167 * Returns 1 if we have processed data buffered that can be read or 0 otherwise
168 * - not necessarily app data
170 int (*processed_read_pending
)(OSSL_RECORD_LAYER
*rl
);
173 * The amount of processed app data that is internally bufferred and
176 size_t (*app_data_pending
)(OSSL_RECORD_LAYER
*rl
);
178 int (*write_pending
)(OSSL_RECORD_LAYER
*rl
);
182 * Find out the maximum amount of plaintext data that the record layer is
183 * prepared to write in a single record. When calling write_records it is
184 * the caller's responsibility to ensure that no record template exceeds
185 * this maximum when calling write_records.
187 size_t (*get_max_record_len
)(OSSL_RECORD_LAYER
*rl
);
190 * Find out the maximum number of records that the record layer is prepared
191 * to process in a single call to write_records. It is the caller's
192 * responsibility to ensure that no call to write_records exceeds this
195 size_t (*get_max_records
)(OSSL_RECORD_LAYER
*rl
);
198 * Write |numtempl| records from the array of record templates pointed to
199 * by |templates|. Each record should be no longer than the value returned
200 * by get_max_record_len(), and there should be no more records than the
201 * value returned by get_max_records().
202 * |allowance| is the maximum amount of "on-the-wire" data that is allowed
203 * to be sent at the moment (including all QUIC headers, but excluding any
204 * UDP/IP headers). After a successful or retry return |*sent| will
205 * be updated with the amount of data that has been sent so far. In the case
206 * of a retry this could be 0.
207 * Where possible the caller will attempt to ensure that all records are the
208 * same length, except the last record. This may not always be possible so
209 * the record method implementation should not rely on this being the case.
210 * In the event of a retry the caller should call retry_write_records()
211 * to try again. No more calls to write_records() should be attempted until
212 * retry_write_records() returns success.
213 * Buffers allocated for the record templates can be freed immediately after
214 * write_records() returns - even in the case a retry.
215 * The record templates represent the plaintext payload. The encrypted
216 * output is written to the |transport| BIO.
222 int (*write_records
)(OSSL_RECORD_LAYER
*rl
, OSSL_RECORD_TEMPLATE
**templates
,
223 size_t numtempl
, size_t allowance
, size_t *sent
);
226 * Retry a previous call to write_records. The caller should continue to
227 * call this until the function returns with success or failure. After
228 * each retry more of the data may have been incrementally sent. |allowance|
229 * is the amount of "on-the-wire" data that is allowed to be sent at the
230 * moment. After a successful or retry return |*sent| will
231 * be updated with the amount of data that has been sent by this call to
232 * retry_write_records().
238 int (*retry_write_records
)(OSSL_RECORD_LAYER
*rl
, size_t allowance
,
242 * Read a record and return the record layer version and record type in
243 * the |rversion| and |type| parameters. |*data| is set to point to a
244 * record layer buffer containing the record payload data and |*datalen|
245 * is filled in with the length of that data. The |epoch| and |seq_num|
246 * values are only used if DTLS has been negotiated. In that case they are
247 * filled in with the epoch and sequence number from the record.
248 * An opaque record layer handle for the record is returned in |*rechandle|
249 * which is used in a subsequent call to |release_record|. The buffer must
250 * remain available until release_record is called.
252 * Internally the the OSSL_RECORD_METHOD the implementation may read/process
253 * multiple records in one go and buffer them.
255 int (*read_record
)(OSSL_RECORD_LAYER
*rl
, void **rechandle
, int *rversion
,
256 int *type
, unsigned char **data
, size_t *datalen
,
257 uint16_t *epoch
, unsigned char *seq_num
,
258 /* TODO(RECLAYER): Remove me */ SSL_CONNECTION
*s
);
260 * Release a buffer associated with a record previously read with
261 * read_record. Records are guaranteed to be released in the order that they
264 int (*release_record
)(OSSL_RECORD_LAYER
*rl
, void *rechandle
);
267 * In the event that a fatal error is returned from the functions above then
268 * get_alert_code() can be called to obtain a more details identifier for
269 * the error. In (D)TLS this is the alert description code.
271 int (*get_alert_code
)(OSSL_RECORD_LAYER
*rl
);
274 * Update the transport BIO from the one originally set in the
275 * new_record_layer call
277 int (*set1_bio
)(OSSL_RECORD_LAYER
*rl
, BIO
*bio
);
280 * TODO(RECLAYER): Remove these. These function pointers are temporary hacks
281 * during the record layer refactoring. They need to be removed before the
282 * refactor is complete.
284 int (*read_n
)(OSSL_RECORD_LAYER
*rl
, size_t n
, size_t max
, int extend
,
285 int clearold
, size_t *readbytes
);
286 SSL3_BUFFER
*(*get0_rbuf
)(OSSL_RECORD_LAYER
*rl
);
287 unsigned char *(*get0_packet
)(OSSL_RECORD_LAYER
*rl
);
288 void (*set0_packet
)(OSSL_RECORD_LAYER
*rl
, unsigned char *packet
,
290 size_t (*get_packet_length
)(OSSL_RECORD_LAYER
*rl
);
291 void (*reset_packet_length
)(OSSL_RECORD_LAYER
*rl
);
295 /* Standard built-in record methods */
296 extern const OSSL_RECORD_METHOD ossl_tls_record_method
;
297 # ifndef OPENSSL_NO_KTLS
298 extern const OSSL_RECORD_METHOD ossl_ktls_record_method
;
300 extern const OSSL_RECORD_METHOD ossl_dtls_record_method
;
302 #endif /* !defined(OSSL_INTERNAL_RECORDMETHOD_H) */