lsquic_handshake.h revision 2f4629f2
1/* Copyright (c) 2017 - 2020 LiteSpeed Technologies Inc. See LICENSE. */ 2#ifndef LSQUIC_HANDSHAKE_H 3#define LSQUIC_HANDSHAKE_H 1 4 5#define aes128_key_len 16 6#define aes128_iv_len 4 7#define STK_LENGTH 60 8#define SCID_LENGTH 16 9 10struct lsquic_server_config; 11struct sockaddr; 12struct lsquic_str; 13struct lsquic_packet_in; 14struct lsquic_cid; 15struct lsquic_enc_session; 16struct lsquic_engine_public; 17 18/* client side, certs and hashs 19 */ 20typedef struct cert_hash_item_st 21{ 22 struct lsquic_str* domain; /*with port, such as "xyz.com:8088" as the key */ 23 struct lsquic_str* crts; 24 struct lsquic_str* hashs; 25 struct lsquic_hash_elem hash_el; 26 int count; 27} cert_hash_item_t; 28 29#ifndef NDEBUG 30enum hsk_failure_reason 31lsquic_verify_stk0(const struct lsquic_enc_session *, 32 struct lsquic_server_config *, const struct sockaddr *ip_addr, uint64_t tm, 33 struct lsquic_str *stk, 34 unsigned secs_since_stk_generated); 35enum hsk_failure_reason 36lsquic_verify_stk(void *, const struct sockaddr *ip_addr, 37 uint64_t tm, struct lsquic_str *stk); 38struct cert_hash_item_st* c_find_certs(const struct lsquic_str *domain); 39#endif 40 41#define SNO_LENGTH 56 42 43/* EVP_AEAD_CTX from boringssl pre-18d9f28f0df9f95570. */ 44struct old_evp_aead_ctx_st { 45 void *ptr1; /* aead */ 46 void *ptr2; /* aead_state */ 47}; 48 49/* Server need refresh SCFG once a day */ 50/* can not use sizeof() to get the size */ 51typedef struct SCFG_info_st 52{ 53 unsigned char sscid[SCID_LENGTH]; 54 unsigned char priv_key[32]; 55 unsigned char skt_key[16]; 56 uint32_t aead; /* Fixed, ONLY AESG */ 57 uint32_t kexs; /* Fixed, ONLY C255 */ 58 uint32_t pdmd; /* Fixed, ONLY X509 */ 59 uint64_t orbt; /* Fixed, 0 */ 60 uint64_t expy; 61 /* Keep the hole for compatibility with older builds of LSWS: */ 62 struct old_evp_aead_ctx_st unused 63#if __GNUC__ 64 __attribute__((deprecated)) 65#endif 66 ; 67 short scfg_len; 68} SCFG_info_t; 69 70struct SCFG_st 71{ 72 SCFG_info_t info; 73 unsigned char scfg[]; /* whoile buffer */ 74}; 75typedef struct SCFG_st SCFG_t; 76/* server side need to store STK with expired time */ 77 78typedef struct lsquic_server_config 79{ 80 SCFG_t *lsc_scfg; /* This part is stored in SHM */ 81 EVP_AEAD_CTX lsc_stk_ctx; 82} lsquic_server_config_t; 83 84/* Based on enum HandshakeFailureReason in Chromium */ 85enum hsk_failure_reason 86{ 87 HFR_HANDSHAKE_OK = 0, 88 89 /* Invalid client nonce in CHLO: */ 90 HFR_CLIENT_NONCE_UNKNOWN = 1, /* Default nonce failure */ 91 HFR_CLIENT_NONCE_INVALID = 2, /* Incorrect nonce length */ 92 HFR_CLIENT_NONCE_NOT_UNIQ = 3, 93 HFR_CLIENT_NONCE_INVALID_ORBIT = 4, 94 HFR_CLIENT_NONCE_INVALID_TIME = 5, 95 96 /* Invalid server nonce in CHLO: */ 97 HFR_SERVER_NONCE_DECRYPTION = 8, 98 HFR_SERVER_NONCE_INVALID = 9, 99 HFR_SERVER_NONCE_NOT_UNIQUE = 10, 100 HFR_SERVER_NONCE_INVALID_TIME = 11, 101 HFR_SERVER_NONCE_REQUIRED = 20, 102 103 HFR_CONFIG_INCHOATE_HELLO = 12, /* Missing SCID tag */ 104 HFR_CONFIG_UNKNOWN_CONFIG = 13, /* Could not find server config SCID */ 105 HFR_SRC_ADDR_TOKEN_INVALID = 14, /* Missing STK tag */ 106 HFR_SRC_ADDR_TOKEN_DECRYPTION = 15, 107 HFR_SRC_ADDR_TOKEN_PARSE = 16, 108 HFR_SRC_ADDR_TOKEN_DIFFERENT_IP_ADDRESS = 17, 109 HFR_SRC_ADDR_TOKEN_CLOCK_SKEW = 18, 110 HFR_SRC_ADDR_TOKEN_EXPIRED = 19, 111 HFR_INVALID_EXPECTED_LEAF_CERTIFICATE = 21, 112}; 113 114enum lsquic_version 115lsquic_sess_resume_version (const unsigned char *, size_t); 116 117int 118lsquic_init_gquic_crypto (struct lsquic_engine_public *enpub); 119 120void 121lsquic_cleanup_gquic_crypto (struct lsquic_engine_public *enpub); 122 123#endif 124