2 * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 #ifndef OSSL_QUIC_TLS_H
11 # define OSSL_QUIC_TLS_H
13 # include <openssl/ssl.h>
14 # include "internal/quic_stream.h"
15 # include "internal/quic_predef.h"
17 # ifndef OPENSSL_NO_QUIC
19 typedef struct quic_tls_args_st {
21 * The "inner" SSL object for the QUIC Connection. Contains an
27 * Called to send data on the crypto stream. We use a callback rather than
28 * passing the crypto stream QUIC_SSTREAM directly because this lets the CSM
29 * dynamically select the correct outgoing crypto stream based on the
32 int (*crypto_send_cb)(const unsigned char *buf, size_t buf_len,
33 size_t *consumed, void *arg);
34 void *crypto_send_cb_arg;
37 * Call to receive crypto stream data. A pointer to the underlying buffer
38 * is provided, and subsequently released to avoid unnecessary copying of
41 int (*crypto_recv_rcd_cb)(const unsigned char **buf, size_t *bytes_read,
43 void *crypto_recv_rcd_cb_arg;
44 int (*crypto_release_rcd_cb)(size_t bytes_read, void *arg);
45 void *crypto_release_rcd_cb_arg;
48 /* Called when a traffic secret is available for a given encryption level. */
49 int (*yield_secret_cb)(uint32_t enc_level, int direction /* 0=RX, 1=TX */,
50 uint32_t suite_id, EVP_MD *md,
51 const unsigned char *secret, size_t secret_len,
53 void *yield_secret_cb_arg;
56 * Called when we receive transport parameters from the peer.
58 * Note: These parameters are not authenticated until the handshake is
59 * marked as completed.
61 int (*got_transport_params_cb)(const unsigned char *params,
64 void *got_transport_params_cb_arg;
67 * Called when the handshake has been completed as far as the handshake
68 * protocol is concerned, meaning that the connection has been
71 int (*handshake_complete_cb)(void *arg);
72 void *handshake_complete_cb_arg;
75 * Called when something has gone wrong with the connection as far as the
76 * handshake layer is concerned, meaning that it should be immediately torn
77 * down. Note that this may happen at any time, including after a connection
78 * has been fully established.
80 int (*alert_cb)(void *arg, unsigned char alert_code);
83 /* Set to 1 if we are running in the server role. */
87 QUIC_TLS *ossl_quic_tls_new(const QUIC_TLS_ARGS *args);
89 void ossl_quic_tls_free(QUIC_TLS *qtls);
91 /* Advance the state machine */
92 int ossl_quic_tls_tick(QUIC_TLS *qtls);
94 int ossl_quic_tls_set_transport_params(QUIC_TLS *qtls,
95 const unsigned char *transport_params,
96 size_t transport_params_len);
98 int ossl_quic_tls_get_error(QUIC_TLS *qtls,
100 const char **error_msg,
101 ERR_STATE **error_state);
103 int ossl_quic_tls_is_cert_request(QUIC_TLS *qtls);
104 int ossl_quic_tls_has_bad_max_early_data(QUIC_TLS *qtls);