lsquic_handshake.h revision a137764b
1229fce07SDmitri Tikhonov/* Copyright (c) 2017 - 2019 LiteSpeed Technologies Inc. See LICENSE. */ 25392f7a3SLiteSpeed Tech#ifndef LSQUIC_HANDSHAKE_H 35392f7a3SLiteSpeed Tech#define LSQUIC_HANDSHAKE_H 1 450aadb33SDmitri Tikhonov 550aadb33SDmitri Tikhonov#define aes128_key_len 16 650aadb33SDmitri Tikhonov#define aes128_iv_len 4 75392f7a3SLiteSpeed Tech#define STK_LENGTH 60 85392f7a3SLiteSpeed Tech#define SCID_LENGTH 16 950aadb33SDmitri Tikhonov 105392f7a3SLiteSpeed Techstruct lsquic_server_config; 115392f7a3SLiteSpeed Techstruct sockaddr; 125392f7a3SLiteSpeed Techstruct lsquic_str; 135392f7a3SLiteSpeed Techstruct lsquic_packet_in; 145392f7a3SLiteSpeed Techstruct lsquic_cid; 15a137764bSDmitri Tikhonovstruct lsquic_enc_session; 1650aadb33SDmitri Tikhonov 175392f7a3SLiteSpeed Tech/* client side, certs and hashs 185392f7a3SLiteSpeed Tech */ 195392f7a3SLiteSpeed Techtypedef struct cert_hash_item_st 20c51ce338SDmitri Tikhonov{ 215392f7a3SLiteSpeed Tech struct lsquic_str* domain; /*with port, such as "xyz.com:8088" as the key */ 225392f7a3SLiteSpeed Tech struct lsquic_str* crts; 235392f7a3SLiteSpeed Tech struct lsquic_str* hashs; 245392f7a3SLiteSpeed Tech struct lsquic_hash_elem hash_el; 255392f7a3SLiteSpeed Tech int count; 265392f7a3SLiteSpeed Tech} cert_hash_item_t; 275392f7a3SLiteSpeed Tech 285392f7a3SLiteSpeed Tech#ifndef NDEBUG 295392f7a3SLiteSpeed Techvoid gen_stk(struct lsquic_server_config *, const struct sockaddr *ip_addr, uint64_t tm, 305392f7a3SLiteSpeed Tech unsigned char stk_out[STK_LENGTH]); 315392f7a3SLiteSpeed Techenum hsk_failure_reason 32a137764bSDmitri Tikhonovverify_stk0(const struct lsquic_enc_session *, 33a137764bSDmitri Tikhonov struct lsquic_server_config *, const struct sockaddr *ip_addr, uint64_t tm, 345392f7a3SLiteSpeed Tech struct lsquic_str *stk, 355392f7a3SLiteSpeed Tech unsigned secs_since_stk_generated); 365392f7a3SLiteSpeed Techenum hsk_failure_reason 375392f7a3SLiteSpeed Techverify_stk(void *, const struct sockaddr *ip_addr, 385392f7a3SLiteSpeed Tech uint64_t tm, struct lsquic_str *stk); 395392f7a3SLiteSpeed Techstruct cert_hash_item_st* c_find_certs(const struct lsquic_str *domain); 405392f7a3SLiteSpeed Tech#endif 41c51ce338SDmitri Tikhonov 425392f7a3SLiteSpeed Tech#define SNO_LENGTH 56 439626cfc2SDmitri Tikhonov 445392f7a3SLiteSpeed Tech/* EVP_AEAD_CTX from boringssl pre-18d9f28f0df9f95570. */ 455392f7a3SLiteSpeed Techstruct old_evp_aead_ctx_st { 465392f7a3SLiteSpeed Tech void *ptr1; /* aead */ 475392f7a3SLiteSpeed Tech void *ptr2; /* aead_state */ 485392f7a3SLiteSpeed Tech}; 498ca33e0eSDmitri Tikhonov 505392f7a3SLiteSpeed Tech/* Server need refresh SCFG once a day */ 515392f7a3SLiteSpeed Tech/* can not use sizeof() to get the size */ 525392f7a3SLiteSpeed Techtypedef struct SCFG_info_st 5350aadb33SDmitri Tikhonov{ 5450aadb33SDmitri Tikhonov unsigned char sscid[SCID_LENGTH]; 555392f7a3SLiteSpeed Tech unsigned char priv_key[32]; 565392f7a3SLiteSpeed Tech unsigned char skt_key[16]; 575392f7a3SLiteSpeed Tech uint32_t aead; /* Fixed, ONLY AESG */ 585392f7a3SLiteSpeed Tech uint32_t kexs; /* Fixed, ONLY C255 */ 595392f7a3SLiteSpeed Tech uint32_t pdmd; /* Fixed, ONLY X509 */ 605392f7a3SLiteSpeed Tech uint64_t orbt; /* Fixed, 0 */ 615392f7a3SLiteSpeed Tech uint64_t expy; 625392f7a3SLiteSpeed Tech /* Keep the hole for compatibility with older builds of LSWS: */ 635392f7a3SLiteSpeed Tech struct old_evp_aead_ctx_st unused 645392f7a3SLiteSpeed Tech#if __GNUC__ 655392f7a3SLiteSpeed Tech __attribute__((deprecated)) 665392f7a3SLiteSpeed Tech#endif 675392f7a3SLiteSpeed Tech ; 685392f7a3SLiteSpeed Tech short scfg_len; 695392f7a3SLiteSpeed Tech} SCFG_info_t; 7050aadb33SDmitri Tikhonov 715392f7a3SLiteSpeed Techstruct SCFG_st 728ca33e0eSDmitri Tikhonov{ 735392f7a3SLiteSpeed Tech SCFG_info_t info; 745392f7a3SLiteSpeed Tech unsigned char scfg[]; /* whoile buffer */ 758ca33e0eSDmitri Tikhonov}; 765392f7a3SLiteSpeed Techtypedef struct SCFG_st SCFG_t; 775392f7a3SLiteSpeed Tech/* server side need to store STK with expired time */ 788ca33e0eSDmitri Tikhonov 795392f7a3SLiteSpeed Techtypedef struct lsquic_server_config 8050aadb33SDmitri Tikhonov{ 815392f7a3SLiteSpeed Tech SCFG_t *lsc_scfg; /* This part is stored in SHM */ 825392f7a3SLiteSpeed Tech EVP_AEAD_CTX lsc_stk_ctx; 835392f7a3SLiteSpeed Tech} lsquic_server_config_t; 8450aadb33SDmitri Tikhonov 855392f7a3SLiteSpeed Tech/* Based on enum HandshakeFailureReason in Chromium */ 865392f7a3SLiteSpeed Techenum hsk_failure_reason 875392f7a3SLiteSpeed Tech{ 885392f7a3SLiteSpeed Tech HFR_HANDSHAKE_OK = 0, 895392f7a3SLiteSpeed Tech 905392f7a3SLiteSpeed Tech /* Invalid client nonce in CHLO: */ 915392f7a3SLiteSpeed Tech HFR_CLIENT_NONCE_UNKNOWN = 1, /* Default nonce failure */ 925392f7a3SLiteSpeed Tech HFR_CLIENT_NONCE_INVALID = 2, /* Incorrect nonce length */ 935392f7a3SLiteSpeed Tech HFR_CLIENT_NONCE_NOT_UNIQ = 3, 945392f7a3SLiteSpeed Tech HFR_CLIENT_NONCE_INVALID_ORBIT = 4, 955392f7a3SLiteSpeed Tech HFR_CLIENT_NONCE_INVALID_TIME = 5, 965392f7a3SLiteSpeed Tech 975392f7a3SLiteSpeed Tech /* Invalid server nonce in CHLO: */ 985392f7a3SLiteSpeed Tech HFR_SERVER_NONCE_DECRYPTION = 8, 995392f7a3SLiteSpeed Tech HFR_SERVER_NONCE_INVALID = 9, 1005392f7a3SLiteSpeed Tech HFR_SERVER_NONCE_NOT_UNIQUE = 10, 1015392f7a3SLiteSpeed Tech HFR_SERVER_NONCE_INVALID_TIME = 11, 1025392f7a3SLiteSpeed Tech HFR_SERVER_NONCE_REQUIRED = 20, 1035392f7a3SLiteSpeed Tech 1045392f7a3SLiteSpeed Tech HFR_CONFIG_INCHOATE_HELLO = 12, /* Missing SCID tag */ 1055392f7a3SLiteSpeed Tech HFR_CONFIG_UNKNOWN_CONFIG = 13, /* Could not find server config SCID */ 1065392f7a3SLiteSpeed Tech HFR_SRC_ADDR_TOKEN_INVALID = 14, /* Missing STK tag */ 1075392f7a3SLiteSpeed Tech HFR_SRC_ADDR_TOKEN_DECRYPTION = 15, 1085392f7a3SLiteSpeed Tech HFR_SRC_ADDR_TOKEN_PARSE = 16, 1095392f7a3SLiteSpeed Tech HFR_SRC_ADDR_TOKEN_DIFFERENT_IP_ADDRESS = 17, 1105392f7a3SLiteSpeed Tech HFR_SRC_ADDR_TOKEN_CLOCK_SKEW = 18, 1115392f7a3SLiteSpeed Tech HFR_SRC_ADDR_TOKEN_EXPIRED = 19, 1125392f7a3SLiteSpeed Tech HFR_INVALID_EXPECTED_LEAF_CERTIFICATE = 21, 11383287402SDmitri Tikhonov}; 11450aadb33SDmitri Tikhonov 11590fe3b25SDmitri Tikhonovenum lsquic_version 11690fe3b25SDmitri Tikhonovlsquic_zero_rtt_version (const unsigned char *, size_t); 11790fe3b25SDmitri Tikhonov 11850aadb33SDmitri Tikhonov#endif 119