lsquic_handshake.h revision 7d09751d
1/* Copyright (c) 2017 - 2020 LiteSpeed Technologies Inc. See LICENSE. */ 2#ifndef LSQUIC_HANDSHAKE_H 3#define LSQUIC_HANDSHAKE_H 1 4 5#define aes128_key_len 16 6#define aes128_iv_len 4 7#define STK_LENGTH 60 8#define SCID_LENGTH 16 9 10struct lsquic_server_config; 11struct sockaddr; 12struct lsquic_str; 13struct lsquic_packet_in; 14struct lsquic_cid; 15struct lsquic_enc_session; 16 17/* client side, certs and hashs 18 */ 19typedef struct cert_hash_item_st 20{ 21 struct lsquic_str* domain; /*with port, such as "xyz.com:8088" as the key */ 22 struct lsquic_str* crts; 23 struct lsquic_str* hashs; 24 struct lsquic_hash_elem hash_el; 25 int count; 26} cert_hash_item_t; 27 28#ifndef NDEBUG 29void gen_stk(struct lsquic_server_config *, const struct sockaddr *ip_addr, uint64_t tm, 30 unsigned char stk_out[STK_LENGTH]); 31enum hsk_failure_reason 32verify_stk0(const struct lsquic_enc_session *, 33 struct lsquic_server_config *, const struct sockaddr *ip_addr, uint64_t tm, 34 struct lsquic_str *stk, 35 unsigned secs_since_stk_generated); 36enum hsk_failure_reason 37verify_stk(void *, const struct sockaddr *ip_addr, 38 uint64_t tm, struct lsquic_str *stk); 39struct cert_hash_item_st* c_find_certs(const struct lsquic_str *domain); 40#endif 41 42#define SNO_LENGTH 56 43 44/* EVP_AEAD_CTX from boringssl pre-18d9f28f0df9f95570. */ 45struct old_evp_aead_ctx_st { 46 void *ptr1; /* aead */ 47 void *ptr2; /* aead_state */ 48}; 49 50/* Server need refresh SCFG once a day */ 51/* can not use sizeof() to get the size */ 52typedef struct SCFG_info_st 53{ 54 unsigned char sscid[SCID_LENGTH]; 55 unsigned char priv_key[32]; 56 unsigned char skt_key[16]; 57 uint32_t aead; /* Fixed, ONLY AESG */ 58 uint32_t kexs; /* Fixed, ONLY C255 */ 59 uint32_t pdmd; /* Fixed, ONLY X509 */ 60 uint64_t orbt; /* Fixed, 0 */ 61 uint64_t expy; 62 /* Keep the hole for compatibility with older builds of LSWS: */ 63 struct old_evp_aead_ctx_st unused 64#if __GNUC__ 65 __attribute__((deprecated)) 66#endif 67 ; 68 short scfg_len; 69} SCFG_info_t; 70 71struct SCFG_st 72{ 73 SCFG_info_t info; 74 unsigned char scfg[]; /* whoile buffer */ 75}; 76typedef struct SCFG_st SCFG_t; 77/* server side need to store STK with expired time */ 78 79typedef struct lsquic_server_config 80{ 81 SCFG_t *lsc_scfg; /* This part is stored in SHM */ 82 EVP_AEAD_CTX lsc_stk_ctx; 83} lsquic_server_config_t; 84 85/* Based on enum HandshakeFailureReason in Chromium */ 86enum hsk_failure_reason 87{ 88 HFR_HANDSHAKE_OK = 0, 89 90 /* Invalid client nonce in CHLO: */ 91 HFR_CLIENT_NONCE_UNKNOWN = 1, /* Default nonce failure */ 92 HFR_CLIENT_NONCE_INVALID = 2, /* Incorrect nonce length */ 93 HFR_CLIENT_NONCE_NOT_UNIQ = 3, 94 HFR_CLIENT_NONCE_INVALID_ORBIT = 4, 95 HFR_CLIENT_NONCE_INVALID_TIME = 5, 96 97 /* Invalid server nonce in CHLO: */ 98 HFR_SERVER_NONCE_DECRYPTION = 8, 99 HFR_SERVER_NONCE_INVALID = 9, 100 HFR_SERVER_NONCE_NOT_UNIQUE = 10, 101 HFR_SERVER_NONCE_INVALID_TIME = 11, 102 HFR_SERVER_NONCE_REQUIRED = 20, 103 104 HFR_CONFIG_INCHOATE_HELLO = 12, /* Missing SCID tag */ 105 HFR_CONFIG_UNKNOWN_CONFIG = 13, /* Could not find server config SCID */ 106 HFR_SRC_ADDR_TOKEN_INVALID = 14, /* Missing STK tag */ 107 HFR_SRC_ADDR_TOKEN_DECRYPTION = 15, 108 HFR_SRC_ADDR_TOKEN_PARSE = 16, 109 HFR_SRC_ADDR_TOKEN_DIFFERENT_IP_ADDRESS = 17, 110 HFR_SRC_ADDR_TOKEN_CLOCK_SKEW = 18, 111 HFR_SRC_ADDR_TOKEN_EXPIRED = 19, 112 HFR_INVALID_EXPECTED_LEAF_CERTIFICATE = 21, 113}; 114 115enum lsquic_version 116lsquic_zero_rtt_version (const unsigned char *, size_t); 117 118#endif 119