/* * include/types/quic_tls.h * This file provides definitions for QUIC-TLS. * * Copyright 2019 HAProxy Technologies, Frédéric Lécaille * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version * 2 of the License, or (at your option) any later version. */ #ifndef _TYPES_QUIC_TLS_H #define _TYPES_QUIC_TLS_H #ifdef USE_QUIC #ifndef USE_OPENSSL #error "Must define USE_OPENSSL" #endif #include /* It seems TLS 1.3 ciphersuites macros differ between openssl and boringssl */ #if defined(OPENSSL_IS_BORINGSSL) #if !defined(TLS1_3_CK_AES_128_GCM_SHA256) #define TLS1_3_CK_AES_128_GCM_SHA256 TLS1_CK_AES_128_GCM_SHA256 #endif #if !defined(TLS1_3_CK_AES_256_GCM_SHA384) #define TLS1_3_CK_AES_256_GCM_SHA384 TLS1_CK_AES_256_GCM_SHA384 #endif #if !defined(TLS1_3_CK_CHACHA20_POLY1305_SHA256) #define TLS1_3_CK_CHACHA20_POLY1305_SHA256 TLS1_CK_CHACHA20_POLY1305_SHA256 #endif #if !defined(TLS1_3_CK_AES_128_CCM_SHA256) /* Note that TLS1_CK_AES_128_CCM_SHA256 is not defined in boringssl */ #define TLS1_3_CK_AES_128_CCM_SHA256 0x03001304 #endif #endif /* The TLS extension (enum) for QUIC transport parameters */ #define TLS_EXTENSION_QUIC_TRANSPORT_PARAMETERS 0xffa5 /* QUIC handshake states for both clients and servers. */ enum quic_handshake_state { QUIC_HS_ST_CLIENT_INITIAL, QUIC_HS_ST_CLIENT_HANDSHAKE, QUIC_HS_ST_CLIENT_HANDSHAKE_FAILED, QUIC_HS_ST_SERVER_INITIAL, QUIC_HS_ST_SERVER_HANDSHAKE, QUIC_HS_ST_SERVER_HANDSHAKE_FAILED, /* Common to servers and clients */ QUIC_HS_ST_COMPLETE, QUIC_HS_ST_CONFIRMED, }; /* QUIC TLS level encryption */ enum quic_tls_enc_level { QUIC_TLS_ENC_LEVEL_NONE = -1, QUIC_TLS_ENC_LEVEL_INITIAL, QUIC_TLS_ENC_LEVEL_EARLY_DATA, QUIC_TLS_ENC_LEVEL_HANDSHAKE, QUIC_TLS_ENC_LEVEL_APP, /* Please do not insert any value after this following one */ QUIC_TLS_ENC_LEVEL_MAX, }; /* QUIC packet number spaces */ enum quic_tls_pktns { QUIC_TLS_PKTNS_INITIAL, QUIC_TLS_PKTNS_01RTT, QUIC_TLS_PKTNS_HANDSHAKE, /* Please do not insert any value after this following one */ QUIC_TLS_PKTNS_MAX, }; /* The ciphersuites for AEAD QUIC-TLS have 16-bytes authentication tag */ #define QUIC_TLS_TAG_LEN 16 extern unsigned char initial_salt[20]; /* Flag to be used when TLS secrets have been set. */ #define QUIC_FL_TLS_SECRETS_SET (1 << 0) /* Flag to be used when TLS secrets have been discarded. */ #define QUIC_FL_TLS_SECRETS_DCD (1 << 1) struct quic_tls_secrets { const EVP_CIPHER *aead; const EVP_MD *md; const EVP_CIPHER *hp; unsigned char key[32]; unsigned char iv[12]; /* Header protection key. * Note: the header protection is applied after packet protection. * As the header belong to the data, its protection must be removed before removing * the packet protection. */ unsigned char hp_key[32]; char flags; }; struct quic_tls_ctx { struct quic_tls_secrets rx; struct quic_tls_secrets tx; }; #endif /* USE_QUIC */ #endif /* _TYPES_QUIC_TLS_H */