lsquic_handshake.h revision a5fa05f9
17d09751dSDmitri Tikhonov/* Copyright (c) 2017 - 2020 LiteSpeed Technologies Inc. See LICENSE. */ 25392f7a3SLiteSpeed Tech#ifndef LSQUIC_HANDSHAKE_H 35392f7a3SLiteSpeed Tech#define LSQUIC_HANDSHAKE_H 1 450aadb33SDmitri Tikhonov 550aadb33SDmitri Tikhonov#define aes128_key_len 16 650aadb33SDmitri Tikhonov#define aes128_iv_len 4 75392f7a3SLiteSpeed Tech#define STK_LENGTH 60 85392f7a3SLiteSpeed Tech#define SCID_LENGTH 16 950aadb33SDmitri Tikhonov 105392f7a3SLiteSpeed Techstruct lsquic_server_config; 115392f7a3SLiteSpeed Techstruct sockaddr; 125392f7a3SLiteSpeed Techstruct lsquic_str; 135392f7a3SLiteSpeed Techstruct lsquic_packet_in; 145392f7a3SLiteSpeed Techstruct lsquic_cid; 15a137764bSDmitri Tikhonovstruct lsquic_enc_session; 1650aadb33SDmitri Tikhonov 175392f7a3SLiteSpeed Tech/* client side, certs and hashs 185392f7a3SLiteSpeed Tech */ 195392f7a3SLiteSpeed Techtypedef struct cert_hash_item_st 20c51ce338SDmitri Tikhonov{ 215392f7a3SLiteSpeed Tech struct lsquic_str* domain; /*with port, such as "xyz.com:8088" as the key */ 225392f7a3SLiteSpeed Tech struct lsquic_str* crts; 235392f7a3SLiteSpeed Tech struct lsquic_str* hashs; 245392f7a3SLiteSpeed Tech struct lsquic_hash_elem hash_el; 255392f7a3SLiteSpeed Tech int count; 265392f7a3SLiteSpeed Tech} cert_hash_item_t; 275392f7a3SLiteSpeed Tech 285392f7a3SLiteSpeed Tech#ifndef NDEBUG 295392f7a3SLiteSpeed Techenum hsk_failure_reason 30a5fa05f9SDmitri Tikhonovlsquic_verify_stk0(const struct lsquic_enc_session *, 31a137764bSDmitri Tikhonov struct lsquic_server_config *, const struct sockaddr *ip_addr, uint64_t tm, 325392f7a3SLiteSpeed Tech struct lsquic_str *stk, 335392f7a3SLiteSpeed Tech unsigned secs_since_stk_generated); 345392f7a3SLiteSpeed Techenum hsk_failure_reason 35a5fa05f9SDmitri Tikhonovlsquic_verify_stk(void *, const struct sockaddr *ip_addr, 365392f7a3SLiteSpeed Tech uint64_t tm, struct lsquic_str *stk); 375392f7a3SLiteSpeed Techstruct cert_hash_item_st* c_find_certs(const struct lsquic_str *domain); 385392f7a3SLiteSpeed Tech#endif 39c51ce338SDmitri Tikhonov 405392f7a3SLiteSpeed Tech#define SNO_LENGTH 56 419626cfc2SDmitri Tikhonov 425392f7a3SLiteSpeed Tech/* EVP_AEAD_CTX from boringssl pre-18d9f28f0df9f95570. */ 435392f7a3SLiteSpeed Techstruct old_evp_aead_ctx_st { 445392f7a3SLiteSpeed Tech void *ptr1; /* aead */ 455392f7a3SLiteSpeed Tech void *ptr2; /* aead_state */ 465392f7a3SLiteSpeed Tech}; 478ca33e0eSDmitri Tikhonov 485392f7a3SLiteSpeed Tech/* Server need refresh SCFG once a day */ 495392f7a3SLiteSpeed Tech/* can not use sizeof() to get the size */ 505392f7a3SLiteSpeed Techtypedef struct SCFG_info_st 5150aadb33SDmitri Tikhonov{ 5250aadb33SDmitri Tikhonov unsigned char sscid[SCID_LENGTH]; 535392f7a3SLiteSpeed Tech unsigned char priv_key[32]; 545392f7a3SLiteSpeed Tech unsigned char skt_key[16]; 555392f7a3SLiteSpeed Tech uint32_t aead; /* Fixed, ONLY AESG */ 565392f7a3SLiteSpeed Tech uint32_t kexs; /* Fixed, ONLY C255 */ 575392f7a3SLiteSpeed Tech uint32_t pdmd; /* Fixed, ONLY X509 */ 585392f7a3SLiteSpeed Tech uint64_t orbt; /* Fixed, 0 */ 595392f7a3SLiteSpeed Tech uint64_t expy; 605392f7a3SLiteSpeed Tech /* Keep the hole for compatibility with older builds of LSWS: */ 615392f7a3SLiteSpeed Tech struct old_evp_aead_ctx_st unused 625392f7a3SLiteSpeed Tech#if __GNUC__ 635392f7a3SLiteSpeed Tech __attribute__((deprecated)) 645392f7a3SLiteSpeed Tech#endif 655392f7a3SLiteSpeed Tech ; 665392f7a3SLiteSpeed Tech short scfg_len; 675392f7a3SLiteSpeed Tech} SCFG_info_t; 6850aadb33SDmitri Tikhonov 695392f7a3SLiteSpeed Techstruct SCFG_st 708ca33e0eSDmitri Tikhonov{ 715392f7a3SLiteSpeed Tech SCFG_info_t info; 725392f7a3SLiteSpeed Tech unsigned char scfg[]; /* whoile buffer */ 738ca33e0eSDmitri Tikhonov}; 745392f7a3SLiteSpeed Techtypedef struct SCFG_st SCFG_t; 755392f7a3SLiteSpeed Tech/* server side need to store STK with expired time */ 768ca33e0eSDmitri Tikhonov 775392f7a3SLiteSpeed Techtypedef struct lsquic_server_config 7850aadb33SDmitri Tikhonov{ 795392f7a3SLiteSpeed Tech SCFG_t *lsc_scfg; /* This part is stored in SHM */ 805392f7a3SLiteSpeed Tech EVP_AEAD_CTX lsc_stk_ctx; 815392f7a3SLiteSpeed Tech} lsquic_server_config_t; 8250aadb33SDmitri Tikhonov 835392f7a3SLiteSpeed Tech/* Based on enum HandshakeFailureReason in Chromium */ 845392f7a3SLiteSpeed Techenum hsk_failure_reason 855392f7a3SLiteSpeed Tech{ 865392f7a3SLiteSpeed Tech HFR_HANDSHAKE_OK = 0, 875392f7a3SLiteSpeed Tech 885392f7a3SLiteSpeed Tech /* Invalid client nonce in CHLO: */ 895392f7a3SLiteSpeed Tech HFR_CLIENT_NONCE_UNKNOWN = 1, /* Default nonce failure */ 905392f7a3SLiteSpeed Tech HFR_CLIENT_NONCE_INVALID = 2, /* Incorrect nonce length */ 915392f7a3SLiteSpeed Tech HFR_CLIENT_NONCE_NOT_UNIQ = 3, 925392f7a3SLiteSpeed Tech HFR_CLIENT_NONCE_INVALID_ORBIT = 4, 935392f7a3SLiteSpeed Tech HFR_CLIENT_NONCE_INVALID_TIME = 5, 945392f7a3SLiteSpeed Tech 955392f7a3SLiteSpeed Tech /* Invalid server nonce in CHLO: */ 965392f7a3SLiteSpeed Tech HFR_SERVER_NONCE_DECRYPTION = 8, 975392f7a3SLiteSpeed Tech HFR_SERVER_NONCE_INVALID = 9, 985392f7a3SLiteSpeed Tech HFR_SERVER_NONCE_NOT_UNIQUE = 10, 995392f7a3SLiteSpeed Tech HFR_SERVER_NONCE_INVALID_TIME = 11, 1005392f7a3SLiteSpeed Tech HFR_SERVER_NONCE_REQUIRED = 20, 1015392f7a3SLiteSpeed Tech 1025392f7a3SLiteSpeed Tech HFR_CONFIG_INCHOATE_HELLO = 12, /* Missing SCID tag */ 1035392f7a3SLiteSpeed Tech HFR_CONFIG_UNKNOWN_CONFIG = 13, /* Could not find server config SCID */ 1045392f7a3SLiteSpeed Tech HFR_SRC_ADDR_TOKEN_INVALID = 14, /* Missing STK tag */ 1055392f7a3SLiteSpeed Tech HFR_SRC_ADDR_TOKEN_DECRYPTION = 15, 1065392f7a3SLiteSpeed Tech HFR_SRC_ADDR_TOKEN_PARSE = 16, 1075392f7a3SLiteSpeed Tech HFR_SRC_ADDR_TOKEN_DIFFERENT_IP_ADDRESS = 17, 1085392f7a3SLiteSpeed Tech HFR_SRC_ADDR_TOKEN_CLOCK_SKEW = 18, 1095392f7a3SLiteSpeed Tech HFR_SRC_ADDR_TOKEN_EXPIRED = 19, 1105392f7a3SLiteSpeed Tech HFR_INVALID_EXPECTED_LEAF_CERTIFICATE = 21, 11183287402SDmitri Tikhonov}; 11250aadb33SDmitri Tikhonov 11390fe3b25SDmitri Tikhonovenum lsquic_version 11490fe3b25SDmitri Tikhonovlsquic_zero_rtt_version (const unsigned char *, size_t); 11590fe3b25SDmitri Tikhonov 11650aadb33SDmitri Tikhonov#endif 117