1 /* 2 * Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #ifndef OSSL_QUIC_TLS_H 11 # define OSSL_QUIC_TLS_H 12 13 # include <openssl/ssl.h> 14 15 typedef struct quic_tls_st QUIC_TLS; 16 17 typedef struct quic_tls_args_st { 18 /* 19 * The "inner" SSL object for the QUIC Connection. Contains an 20 * SSL_CONNECTION 21 */ 22 SSL *s; 23 24 /* 25 * Called to send data on the crypto stream. We use a callback rather than 26 * passing the crypto stream QUIC_SSTREAM directly because this lets the CSM 27 * dynamically select the correct outgoing crypto stream based on the 28 * current EL. 29 */ 30 int (*crypto_send_cb)(const unsigned char *buf, size_t buf_len, 31 size_t *consumed, void *arg); 32 void *crypto_send_cb_arg; 33 34 /* 35 * Call to receive crypto stream data. A pointer to the underlying buffer 36 * is provided, and subsequently released to avoid unnecessary copying of 37 * data. 38 */ 39 int (*crypto_recv_rcd_cb)(const unsigned char **buf, size_t *bytes_read, 40 void *arg); 41 void *crypto_recv_rcd_cb_arg; 42 int (*crypto_release_rcd_cb)(size_t bytes_read, void *arg); 43 void *crypto_release_rcd_cb_arg; 44 45 /* 46 * Called when a traffic secret is available for a given TLS protection 47 * level. 48 */ 49 int (*yield_secret_cb)(uint32_t prot_level, int direction /* 0=RX, 1=TX */, 50 uint32_t suite_id, EVP_MD *md, 51 const unsigned char *secret, size_t secret_len, 52 void *arg); 53 void *yield_secret_cb_arg; 54 55 /* 56 * Called when we receive transport parameters from the peer. 57 * 58 * Note: These parameters are not authenticated until the handshake is 59 * marked as completed. 60 */ 61 int (*got_transport_params_cb)(const unsigned char *params, 62 size_t params_len, 63 void *arg); 64 void *got_transport_params_cb_arg; 65 66 /* 67 * Called when the handshake has been completed as far as the handshake 68 * protocol is concerned, meaning that the connection has been 69 * authenticated. 70 */ 71 int (*handshake_complete_cb)(void *arg); 72 void *handshake_complete_cb_arg; 73 74 /* 75 * Called when something has gone wrong with the connection as far as the 76 * handshake layer is concerned, meaning that it should be immediately torn 77 * down. Note that this may happen at any time, including after a connection 78 * has been fully established. 79 */ 80 int (*alert_cb)(void *arg, unsigned char alert_code); 81 void *alert_cb_arg; 82 83 /* Set to 1 if we are running in the server role. */ 84 int is_server; 85 86 /* Set to 1 if this is an internal use of the QUIC TLS */ 87 int ossl_quic; 88 } QUIC_TLS_ARGS; 89 90 QUIC_TLS *ossl_quic_tls_new(const QUIC_TLS_ARGS *args); 91 92 void ossl_quic_tls_free(QUIC_TLS *qtls); 93 94 int ossl_quic_tls_configure(QUIC_TLS *qtls); 95 96 /* Advance the state machine */ 97 int ossl_quic_tls_tick(QUIC_TLS *qtls); 98 99 void ossl_quic_tls_clear(QUIC_TLS *qtls); 100 101 int ossl_quic_tls_set_transport_params(QUIC_TLS *qtls, 102 const unsigned char *transport_params, 103 size_t transport_params_len); 104 105 int ossl_quic_tls_get_error(QUIC_TLS *qtls, 106 uint64_t *error_code, 107 const char **error_msg, 108 ERR_STATE **error_state); 109 110 int ossl_quic_tls_is_cert_request(QUIC_TLS *qtls); 111 int ossl_quic_tls_has_bad_max_early_data(QUIC_TLS *qtls); 112 113 int ossl_quic_tls_set_early_data_enabled(QUIC_TLS *qtls, int enabled); 114 #endif 115