You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
111 lines
3.1 KiB
111 lines
3.1 KiB
5 months ago
|
/*
|
||
|
* include/types/quic_tls.h
|
||
|
* This file provides definitions for QUIC-TLS.
|
||
|
*
|
||
|
* Copyright 2019 HAProxy Technologies, Frédéric Lécaille <flecaille@haproxy.com>
|
||
|
*
|
||
|
* This program is free software; you can redistribute it and/or
|
||
|
* modify it under the terms of the GNU General Public License
|
||
|
* as published by the Free Software Foundation; either version
|
||
|
* 2 of the License, or (at your option) any later version.
|
||
|
*/
|
||
|
|
||
|
#ifndef _TYPES_QUIC_TLS_H
|
||
|
#define _TYPES_QUIC_TLS_H
|
||
|
#ifdef USE_QUIC
|
||
|
#ifndef USE_OPENSSL
|
||
|
#error "Must define USE_OPENSSL"
|
||
|
#endif
|
||
|
|
||
|
#include <openssl/evp.h>
|
||
|
|
||
|
/* It seems TLS 1.3 ciphersuites macros differ between openssl and boringssl */
|
||
|
|
||
|
#if defined(OPENSSL_IS_BORINGSSL)
|
||
|
#if !defined(TLS1_3_CK_AES_128_GCM_SHA256)
|
||
|
#define TLS1_3_CK_AES_128_GCM_SHA256 TLS1_CK_AES_128_GCM_SHA256
|
||
|
#endif
|
||
|
#if !defined(TLS1_3_CK_AES_256_GCM_SHA384)
|
||
|
#define TLS1_3_CK_AES_256_GCM_SHA384 TLS1_CK_AES_256_GCM_SHA384
|
||
|
#endif
|
||
|
#if !defined(TLS1_3_CK_CHACHA20_POLY1305_SHA256)
|
||
|
#define TLS1_3_CK_CHACHA20_POLY1305_SHA256 TLS1_CK_CHACHA20_POLY1305_SHA256
|
||
|
#endif
|
||
|
#if !defined(TLS1_3_CK_AES_128_CCM_SHA256)
|
||
|
/* Note that TLS1_CK_AES_128_CCM_SHA256 is not defined in boringssl */
|
||
|
#define TLS1_3_CK_AES_128_CCM_SHA256 0x03001304
|
||
|
#endif
|
||
|
#endif
|
||
|
|
||
|
/* The TLS extension (enum) for QUIC transport parameters */
|
||
|
#define TLS_EXTENSION_QUIC_TRANSPORT_PARAMETERS 0xffa5
|
||
|
|
||
|
/* QUIC handshake states for both clients and servers. */
|
||
|
enum quic_handshake_state {
|
||
|
QUIC_HS_ST_CLIENT_INITIAL,
|
||
|
QUIC_HS_ST_CLIENT_HANDSHAKE,
|
||
|
QUIC_HS_ST_CLIENT_HANDSHAKE_FAILED,
|
||
|
|
||
|
QUIC_HS_ST_SERVER_INITIAL,
|
||
|
QUIC_HS_ST_SERVER_HANDSHAKE,
|
||
|
QUIC_HS_ST_SERVER_HANDSHAKE_FAILED,
|
||
|
|
||
|
/* Common to servers and clients */
|
||
|
QUIC_HS_ST_COMPLETE,
|
||
|
QUIC_HS_ST_CONFIRMED,
|
||
|
};
|
||
|
|
||
|
/* QUIC TLS level encryption */
|
||
|
enum quic_tls_enc_level {
|
||
|
QUIC_TLS_ENC_LEVEL_NONE = -1,
|
||
|
QUIC_TLS_ENC_LEVEL_INITIAL,
|
||
|
QUIC_TLS_ENC_LEVEL_EARLY_DATA,
|
||
|
QUIC_TLS_ENC_LEVEL_HANDSHAKE,
|
||
|
QUIC_TLS_ENC_LEVEL_APP,
|
||
|
/* Please do not insert any value after this following one */
|
||
|
QUIC_TLS_ENC_LEVEL_MAX,
|
||
|
};
|
||
|
|
||
|
/* QUIC packet number spaces */
|
||
|
enum quic_tls_pktns {
|
||
|
QUIC_TLS_PKTNS_INITIAL,
|
||
|
QUIC_TLS_PKTNS_01RTT,
|
||
|
QUIC_TLS_PKTNS_HANDSHAKE,
|
||
|
/* Please do not insert any value after this following one */
|
||
|
QUIC_TLS_PKTNS_MAX,
|
||
|
};
|
||
|
|
||
|
/* The ciphersuites for AEAD QUIC-TLS have 16-bytes authentication tag */
|
||
|
#define QUIC_TLS_TAG_LEN 16
|
||
|
|
||
|
extern unsigned char initial_salt[20];
|
||
|
|
||
|
/* Flag to be used when TLS secrets have been set. */
|
||
|
#define QUIC_FL_TLS_SECRETS_SET (1 << 0)
|
||
|
/* Flag to be used when TLS secrets have been discarded. */
|
||
|
#define QUIC_FL_TLS_SECRETS_DCD (1 << 1)
|
||
|
|
||
|
struct quic_tls_secrets {
|
||
|
const EVP_CIPHER *aead;
|
||
|
const EVP_MD *md;
|
||
|
const EVP_CIPHER *hp;
|
||
|
unsigned char key[32];
|
||
|
unsigned char iv[12];
|
||
|
/* Header protection key.
|
||
|
* Note: the header protection is applied after packet protection.
|
||
|
* As the header belong to the data, its protection must be removed before removing
|
||
|
* the packet protection.
|
||
|
*/
|
||
|
unsigned char hp_key[32];
|
||
|
char flags;
|
||
|
};
|
||
|
|
||
|
struct quic_tls_ctx {
|
||
|
struct quic_tls_secrets rx;
|
||
|
struct quic_tls_secrets tx;
|
||
|
};
|
||
|
|
||
|
#endif /* USE_QUIC */
|
||
|
#endif /* _TYPES_QUIC_TLS_H */
|
||
|
|