mirror of
https://git.haproxy.org/git/haproxy.git/
synced 2025-09-22 14:21:25 +02:00
d7d549c9b0
During the packet loss detection we must treat the paquet number in this order Initial -> Handshake -> O1RTT. This was not the case due to the chosen order to implement the array of packet number space which was there before the packet loss detection implementation.
112 lines
3.1 KiB
C
112 lines
3.1 KiB
C
/*
|
|
* include/types/quic_tls.h
|
|
* This file provides definitions for QUIC-TLS.
|
|
*
|
|
* Copyright 2019 HAProxy Technologies, Frédéric Lécaille <flecaille@haproxy.com>
|
|
*
|
|
* This program is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU General Public License
|
|
* as published by the Free Software Foundation; either version
|
|
* 2 of the License, or (at your option) any later version.
|
|
*/
|
|
|
|
#ifndef _TYPES_QUIC_TLS_H
|
|
#define _TYPES_QUIC_TLS_H
|
|
#ifdef USE_QUIC
|
|
#ifndef USE_OPENSSL
|
|
#error "Must define USE_OPENSSL"
|
|
#endif
|
|
|
|
#include <openssl/evp.h>
|
|
|
|
/* It seems TLS 1.3 ciphersuites macros differ between openssl and boringssl */
|
|
|
|
#if defined(OPENSSL_IS_BORINGSSL)
|
|
#if !defined(TLS1_3_CK_AES_128_GCM_SHA256)
|
|
#define TLS1_3_CK_AES_128_GCM_SHA256 TLS1_CK_AES_128_GCM_SHA256
|
|
#endif
|
|
#if !defined(TLS1_3_CK_AES_256_GCM_SHA384)
|
|
#define TLS1_3_CK_AES_256_GCM_SHA384 TLS1_CK_AES_256_GCM_SHA384
|
|
#endif
|
|
#if !defined(TLS1_3_CK_CHACHA20_POLY1305_SHA256)
|
|
#define TLS1_3_CK_CHACHA20_POLY1305_SHA256 TLS1_CK_CHACHA20_POLY1305_SHA256
|
|
#endif
|
|
#if !defined(TLS1_3_CK_AES_128_CCM_SHA256)
|
|
/* Note that TLS1_CK_AES_128_CCM_SHA256 is not defined in boringssl */
|
|
#define TLS1_3_CK_AES_128_CCM_SHA256 0x03001304
|
|
#endif
|
|
#endif
|
|
|
|
/* The TLS extension (enum) for QUIC transport parameters */
|
|
#define TLS_EXTENSION_QUIC_TRANSPORT_PARAMETERS 0x0039
|
|
|
|
/* QUIC handshake states for both clients and servers. */
|
|
enum quic_handshake_state {
|
|
QUIC_HS_ST_CLIENT_HANDSHAKE_FAILED,
|
|
QUIC_HS_ST_SERVER_HANDSHAKE_FAILED,
|
|
|
|
QUIC_HS_ST_CLIENT_INITIAL,
|
|
QUIC_HS_ST_CLIENT_HANDSHAKE,
|
|
|
|
QUIC_HS_ST_SERVER_INITIAL,
|
|
QUIC_HS_ST_SERVER_HANDSHAKE,
|
|
|
|
/* Common to servers and clients */
|
|
QUIC_HS_ST_COMPLETE,
|
|
QUIC_HS_ST_CONFIRMED,
|
|
};
|
|
|
|
/* QUIC TLS level encryption */
|
|
enum quic_tls_enc_level {
|
|
QUIC_TLS_ENC_LEVEL_NONE = -1,
|
|
QUIC_TLS_ENC_LEVEL_INITIAL,
|
|
QUIC_TLS_ENC_LEVEL_EARLY_DATA,
|
|
QUIC_TLS_ENC_LEVEL_HANDSHAKE,
|
|
QUIC_TLS_ENC_LEVEL_APP,
|
|
/* Please do not insert any value after this following one */
|
|
QUIC_TLS_ENC_LEVEL_MAX,
|
|
};
|
|
|
|
/* QUIC packet number spaces */
|
|
enum quic_tls_pktns {
|
|
QUIC_TLS_PKTNS_INITIAL,
|
|
QUIC_TLS_PKTNS_HANDSHAKE,
|
|
QUIC_TLS_PKTNS_01RTT,
|
|
/* Please do not insert any value after this following one */
|
|
QUIC_TLS_PKTNS_MAX,
|
|
};
|
|
|
|
/* The ciphersuites for AEAD QUIC-TLS have 16-bytes authentication tag */
|
|
#define QUIC_TLS_TAG_LEN 16
|
|
|
|
extern unsigned char initial_salt[20];
|
|
|
|
/* Flag to be used when TLS secrets have been set. */
|
|
#define QUIC_FL_TLS_SECRETS_SET (1 << 0)
|
|
/* Flag to be used when TLS secrets have been discarded. */
|
|
#define QUIC_FL_TLS_SECRETS_DCD (1 << 1)
|
|
|
|
struct quic_tls_secrets {
|
|
const EVP_CIPHER *aead;
|
|
const EVP_MD *md;
|
|
const EVP_CIPHER *hp;
|
|
unsigned char key[32];
|
|
unsigned char iv[12];
|
|
/* Header protection key.
|
|
* Note: the header protection is applied after packet protection.
|
|
* As the header belong to the data, its protection must be removed before removing
|
|
* the packet protection.
|
|
*/
|
|
unsigned char hp_key[32];
|
|
char flags;
|
|
};
|
|
|
|
struct quic_tls_ctx {
|
|
struct quic_tls_secrets rx;
|
|
struct quic_tls_secrets tx;
|
|
};
|
|
|
|
#endif /* USE_QUIC */
|
|
#endif /* _TYPES_QUIC_TLS_H */
|
|
|