lsquic_handshake.h revision a5fa05f9
1/* Copyright (c) 2017 - 2020 LiteSpeed Technologies Inc. See LICENSE. */ 2#ifndef LSQUIC_HANDSHAKE_H 3#define LSQUIC_HANDSHAKE_H 1 4 5#define aes128_key_len 16 6#define aes128_iv_len 4 7#define STK_LENGTH 60 8#define SCID_LENGTH 16 9 10struct lsquic_server_config; 11struct sockaddr; 12struct lsquic_str; 13struct lsquic_packet_in; 14struct lsquic_cid; 15struct lsquic_enc_session; 16 17/* client side, certs and hashs 18 */ 19typedef struct cert_hash_item_st 20{ 21 struct lsquic_str* domain; /*with port, such as "xyz.com:8088" as the key */ 22 struct lsquic_str* crts; 23 struct lsquic_str* hashs; 24 struct lsquic_hash_elem hash_el; 25 int count; 26} cert_hash_item_t; 27 28#ifndef NDEBUG 29enum hsk_failure_reason 30lsquic_verify_stk0(const struct lsquic_enc_session *, 31 struct lsquic_server_config *, const struct sockaddr *ip_addr, uint64_t tm, 32 struct lsquic_str *stk, 33 unsigned secs_since_stk_generated); 34enum hsk_failure_reason 35lsquic_verify_stk(void *, const struct sockaddr *ip_addr, 36 uint64_t tm, struct lsquic_str *stk); 37struct cert_hash_item_st* c_find_certs(const struct lsquic_str *domain); 38#endif 39 40#define SNO_LENGTH 56 41 42/* EVP_AEAD_CTX from boringssl pre-18d9f28f0df9f95570. */ 43struct old_evp_aead_ctx_st { 44 void *ptr1; /* aead */ 45 void *ptr2; /* aead_state */ 46}; 47 48/* Server need refresh SCFG once a day */ 49/* can not use sizeof() to get the size */ 50typedef struct SCFG_info_st 51{ 52 unsigned char sscid[SCID_LENGTH]; 53 unsigned char priv_key[32]; 54 unsigned char skt_key[16]; 55 uint32_t aead; /* Fixed, ONLY AESG */ 56 uint32_t kexs; /* Fixed, ONLY C255 */ 57 uint32_t pdmd; /* Fixed, ONLY X509 */ 58 uint64_t orbt; /* Fixed, 0 */ 59 uint64_t expy; 60 /* Keep the hole for compatibility with older builds of LSWS: */ 61 struct old_evp_aead_ctx_st unused 62#if __GNUC__ 63 __attribute__((deprecated)) 64#endif 65 ; 66 short scfg_len; 67} SCFG_info_t; 68 69struct SCFG_st 70{ 71 SCFG_info_t info; 72 unsigned char scfg[]; /* whoile buffer */ 73}; 74typedef struct SCFG_st SCFG_t; 75/* server side need to store STK with expired time */ 76 77typedef struct lsquic_server_config 78{ 79 SCFG_t *lsc_scfg; /* This part is stored in SHM */ 80 EVP_AEAD_CTX lsc_stk_ctx; 81} lsquic_server_config_t; 82 83/* Based on enum HandshakeFailureReason in Chromium */ 84enum hsk_failure_reason 85{ 86 HFR_HANDSHAKE_OK = 0, 87 88 /* Invalid client nonce in CHLO: */ 89 HFR_CLIENT_NONCE_UNKNOWN = 1, /* Default nonce failure */ 90 HFR_CLIENT_NONCE_INVALID = 2, /* Incorrect nonce length */ 91 HFR_CLIENT_NONCE_NOT_UNIQ = 3, 92 HFR_CLIENT_NONCE_INVALID_ORBIT = 4, 93 HFR_CLIENT_NONCE_INVALID_TIME = 5, 94 95 /* Invalid server nonce in CHLO: */ 96 HFR_SERVER_NONCE_DECRYPTION = 8, 97 HFR_SERVER_NONCE_INVALID = 9, 98 HFR_SERVER_NONCE_NOT_UNIQUE = 10, 99 HFR_SERVER_NONCE_INVALID_TIME = 11, 100 HFR_SERVER_NONCE_REQUIRED = 20, 101 102 HFR_CONFIG_INCHOATE_HELLO = 12, /* Missing SCID tag */ 103 HFR_CONFIG_UNKNOWN_CONFIG = 13, /* Could not find server config SCID */ 104 HFR_SRC_ADDR_TOKEN_INVALID = 14, /* Missing STK tag */ 105 HFR_SRC_ADDR_TOKEN_DECRYPTION = 15, 106 HFR_SRC_ADDR_TOKEN_PARSE = 16, 107 HFR_SRC_ADDR_TOKEN_DIFFERENT_IP_ADDRESS = 17, 108 HFR_SRC_ADDR_TOKEN_CLOCK_SKEW = 18, 109 HFR_SRC_ADDR_TOKEN_EXPIRED = 19, 110 HFR_INVALID_EXPECTED_LEAF_CERTIFICATE = 21, 111}; 112 113enum lsquic_version 114lsquic_zero_rtt_version (const unsigned char *, size_t); 115 116#endif 117