1 #ifndef OSSL_QUIC_CHANNEL_LOCAL_H
2 # define OSSL_QUIC_CHANNEL_LOCAL_H
4 # include "internal/quic_channel.h"
6 # ifndef OPENSSL_NO_QUIC
8 /* Represents the cause for a connection's termination. */
9 typedef struct quic_terminate_cause_st {
11 * If we are in a TERMINATING or TERMINATED state, this is the error code
12 * associated with the error. This field is valid iff we are in the
13 * TERMINATING or TERMINATED states.
18 * If terminate_app is set and this is nonzero, this is the frame type which
19 * caused the connection to be terminated.
23 /* Is this error code in the transport (0) or application (1) space? */
27 * If set, the cause of the termination is a received CONNECTION_CLOSE
28 * frame. Otherwise, we decided to terminate ourselves and sent a
29 * CONNECTION_CLOSE frame (regardless of whether the peer later also sends
32 unsigned int remote : 1;
33 } QUIC_TERMINATE_CAUSE;
36 * QUIC Channel Structure
37 * ======================
39 * QUIC channel internals. It is intended that only the QUIC_CHANNEL
40 * implementation and the RX depacketiser be allowed to access this structure
41 * directly. As the RX depacketiser has no state of its own and computes over a
42 * QUIC_CHANNEL structure, it can be viewed as an extention of the QUIC_CHANNEL
43 * implementation. While the RX depacketiser could be provided with adequate
44 * accessors to do what it needs, this would weaken the abstraction provided by
45 * the QUIC_CHANNEL to other components; moreover the coupling of the RX
46 * depacketiser to QUIC_CHANNEL internals is too deep and bespoke to make this
49 * Other components should not include this header.
51 struct quic_channel_st {
56 * The associated TLS 1.3 connection data. Used to provide the handshake
57 * layer; its 'network' side is plugged into the crypto stream for each EL
58 * (other than the 0-RTT EL).
61 /* TODO(QUIC): Replace this with a QUIC_TLS instance when ready. */
64 * The transport parameter block we will send or have sent.
65 * Freed after sending or when connection is freed.
67 unsigned char *local_transport_params;
69 /* Asynchronous I/O reactor. */
72 /* Our current L4 peer address, if any. */
73 BIO_ADDR cur_peer_addr;
75 /* Network-side read and write BIOs. */
76 BIO *net_rbio, *net_wbio;
79 * Subcomponents of the connection. All of these components are instantiated
82 OSSL_QUIC_TX_PACKETISER *txp;
85 /* Connection level FC. */
90 OSSL_CC_DATA *cc_data;
91 const OSSL_CC_METHOD *cc_method;
95 * RX demuxer. We register incoming DCIDs with this. Since we currently only
96 * support client operation and use one L4 port per connection, we own the
97 * demuxer and register a single zero-length DCID with it.
101 /* Record layers in the TX and RX directions, plus the RX demuxer. */
106 * Send and receive parts of the crypto streams.
107 * crypto_send[QUIC_PN_SPACE_APP] is the 1-RTT crypto stream. There is no
108 * 0-RTT crypto stream.
110 QUIC_SSTREAM *crypto_send[QUIC_PN_SPACE_NUM];
111 QUIC_RSTREAM *crypto_recv[QUIC_PN_SPACE_NUM];
114 * Our (currently only) application data stream. This is a bidirectional
115 * client-initiated stream and thus (in QUICv1) always has a stream ID of 0.
117 QUIC_STREAM *stream0;
119 /* Internal state. */
121 * The DCID used in the first Initial packet we transmit as a client.
122 * Randomly generated and required by RFC to be at least 8 bytes.
124 QUIC_CONN_ID init_dcid;
127 * The SCID found in the first Initial packet from the server.
128 * Valid if have_received_enc_pkt is set.
130 QUIC_CONN_ID init_scid;
132 /* The SCID found in an incoming Retry packet we handled. */
133 QUIC_CONN_ID retry_scid;
135 /* Transport parameter values received from server. */
136 uint64_t init_max_stream_data_bidi_local;
137 uint64_t init_max_stream_data_bidi_remote;
138 uint64_t init_max_stream_data_uni_remote;
139 uint64_t rx_max_ack_delay; /* ms */
140 unsigned char rx_ack_delay_exp;
143 * Temporary staging area to store information about the incoming packet we
144 * are currently processing.
146 OSSL_QRX_PKT *qrx_pkt;
149 * Current limit on number of streams we may create. Set by transport
150 * parameters initially and then by MAX_STREAMS frames.
152 uint64_t max_local_streams_bidi;
153 uint64_t max_local_streams_uni;
155 /* The negotiated maximum idle timeout in milliseconds. */
156 uint64_t max_idle_timeout;
159 * Maximum payload size in bytes for datagrams sent to our peer, as
160 * negotiated by transport parameters.
162 uint64_t rx_max_udp_payload_size;
163 /* Maximum active CID limit, as negotiated by transport parameters. */
164 uint64_t rx_active_conn_id_limit;
166 /* Valid if we are in the TERMINATING or TERMINATED states. */
167 QUIC_TERMINATE_CAUSE terminate_cause;
170 * Deadline at which we move to TERMINATING state. Valid if in the
173 OSSL_TIME terminate_deadline;
176 * Deadline at which connection dies due to idle timeout if no further
179 OSSL_TIME idle_deadline;
182 * State tracking. QUIC connection-level state is best represented based on
183 * whether various things have happened yet or not, rather than as an
184 * explicit FSM. We do have a coarse state variable which tracks the basic
185 * state of the connection's lifecycle, but more fine-grained conditions of
186 * the Active state are tracked via flags below. For more details, see
187 * doc/designs/quic-design/connection-state-machine.md. We are in the Open
188 * state if the state is QUIC_CSM_STATE_ACTIVE and handshake_confirmed is
191 unsigned int state : 3;
194 * Have we received at least one encrypted packet from the peer?
195 * (If so, Retry and Version Negotiation messages should no longer
196 * be received and should be ignored if they do occur.)
198 unsigned int have_received_enc_pkt : 1;
201 * Have we sent literally any packet yet? If not, there is no point polling
204 unsigned int have_sent_any_pkt : 1;
207 * Are we currently doing proactive version negotiation?
209 unsigned int doing_proactive_ver_neg : 1;
211 /* We have received transport parameters from the peer. */
212 unsigned int got_remote_transport_params : 1;
215 * This monotonically transitions to 1 once the TLS state machine is
216 * 'complete', meaning that it has both sent a Finished and successfully
217 * verified the peer's Finished (see RFC 9001 s. 4.1.1). Note that it
218 * does not transition to 1 at both peers simultaneously.
220 * Handshake completion is not the same as handshake confirmation (see
223 unsigned int handshake_complete : 1;
226 * This monotonically transitions to 1 once the handshake is confirmed.
227 * This happens on the client when we receive a HANDSHAKE_DONE frame.
228 * At our option, we may also take acknowledgement of any 1-RTT packet
229 * we sent as a handshake confirmation.
231 unsigned int handshake_confirmed : 1;
234 * We are sending Initial packets based on a Retry. This means we definitely
235 * should not receive another Retry, and if we do it is an error.
237 unsigned int doing_retry : 1;
240 * We don't store the current EL here; the TXP asks the QTX which ELs
241 * are provisioned to determine which ELs to use.
244 /* Have statm, qsm been initialised? Used to track cleanup. */
245 unsigned int have_statm : 1;
246 unsigned int have_qsm : 1;
249 * Preferred EL for transmission. This is not strictly needed as it can be
250 * inferred from what keys we have provisioned, but makes determining the
251 * current EL simpler and faster.
253 unsigned int tx_enc_level : 3;
254 unsigned int rx_enc_level : 3;
256 /* If bit n is set, EL n has been discarded. */
257 unsigned int el_discarded : 4;
260 * While in TERMINATING - CLOSING, set when we should generate a connection
263 unsigned int conn_close_queued : 1;
265 /* Are we in server mode? Never changes after instantiation. */
266 unsigned int is_server : 1;
269 * Set temporarily when the handshake layer has given us a new RX secret.
270 * Used to determine if we need to check our RX queues again.
272 unsigned int have_new_rx_secret : 1;