1 #ifndef OSSL_QUIC_CHANNEL_LOCAL_H
2 # define OSSL_QUIC_CHANNEL_LOCAL_H
4 # include "internal/quic_channel.h"
6 # ifndef OPENSSL_NO_QUIC
9 * QUIC Channel Structure
10 * ======================
12 * QUIC channel internals. It is intended that only the QUIC_CHANNEL
13 * implementation and the RX depacketiser be allowed to access this structure
14 * directly. As the RX depacketiser has no state of its own and computes over a
15 * QUIC_CHANNEL structure, it can be viewed as an extention of the QUIC_CHANNEL
16 * implementation. While the RX depacketiser could be provided with adequate
17 * accessors to do what it needs, this would weaken the abstraction provided by
18 * the QUIC_CHANNEL to other components; moreover the coupling of the RX
19 * depacketiser to QUIC_CHANNEL internals is too deep and bespoke to make this
22 * Other components should not include this header.
24 struct quic_channel_st {
29 * Master synchronisation mutex used for thread assisted mode
35 * The associated TLS 1.3 connection data. Used to provide the handshake
36 * layer; its 'network' side is plugged into the crypto stream for each EL
37 * (other than the 0-RTT EL).
43 * The transport parameter block we will send or have sent.
44 * Freed after sending or when connection is freed.
46 unsigned char *local_transport_params;
48 /* Asynchronous I/O reactor. */
51 /* Our current L4 peer address, if any. */
52 BIO_ADDR cur_peer_addr;
54 /* Network-side read and write BIOs. */
55 BIO *net_rbio, *net_wbio;
58 * Subcomponents of the connection. All of these components are instantiated
61 OSSL_QUIC_TX_PACKETISER *txp;
64 /* Connection level FC. */
69 OSSL_CC_DATA *cc_data;
70 const OSSL_CC_METHOD *cc_method;
74 * RX demuxer. We register incoming DCIDs with this. Since we currently only
75 * support client operation and use one L4 port per connection, we own the
76 * demuxer and register a single zero-length DCID with it.
80 /* Record layers in the TX and RX directions, plus the RX demuxer. */
85 * Send and receive parts of the crypto streams.
86 * crypto_send[QUIC_PN_SPACE_APP] is the 1-RTT crypto stream. There is no
87 * 0-RTT crypto stream.
89 QUIC_SSTREAM *crypto_send[QUIC_PN_SPACE_NUM];
90 QUIC_RSTREAM *crypto_recv[QUIC_PN_SPACE_NUM];
93 * Our (currently only) application data stream. This is a bidirectional
94 * client-initiated stream and thus (in QUICv1) always has a stream ID of 0.
100 * Client: The DCID used in the first Initial packet we transmit as a client.
101 * Server: The DCID used in the first Initial packet the client transmitted.
102 * Randomly generated and required by RFC to be at least 8 bytes.
104 QUIC_CONN_ID init_dcid;
107 * Client: The SCID found in the first Initial packet from the server.
108 * Not valid for servers.
109 * Valid if have_received_enc_pkt is set.
111 QUIC_CONN_ID init_scid;
114 * Client only: The SCID found in an incoming Retry packet we handled.
115 * Not valid for servers.
117 QUIC_CONN_ID retry_scid;
119 /* Server only: The DCID we currently use to talk to the peer. */
120 QUIC_CONN_ID cur_remote_dcid;
121 /* Server only: The DCID we currently expect the peer to use to talk to us. */
122 QUIC_CONN_ID cur_local_dcid;
124 /* Transport parameter values received from server. */
125 uint64_t init_max_stream_data_bidi_local;
126 uint64_t init_max_stream_data_bidi_remote;
127 uint64_t init_max_stream_data_uni_remote;
128 uint64_t rx_max_ack_delay; /* ms */
129 unsigned char rx_ack_delay_exp;
132 * Temporary staging area to store information about the incoming packet we
133 * are currently processing.
135 OSSL_QRX_PKT *qrx_pkt;
138 * Current limit on number of streams we may create. Set by transport
139 * parameters initially and then by MAX_STREAMS frames.
141 uint64_t max_local_streams_bidi;
142 uint64_t max_local_streams_uni;
144 /* The negotiated maximum idle timeout in milliseconds. */
145 uint64_t max_idle_timeout;
148 * Maximum payload size in bytes for datagrams sent to our peer, as
149 * negotiated by transport parameters.
151 uint64_t rx_max_udp_payload_size;
152 /* Maximum active CID limit, as negotiated by transport parameters. */
153 uint64_t rx_active_conn_id_limit;
155 /* Valid if we are in the TERMINATING or TERMINATED states. */
156 QUIC_TERMINATE_CAUSE terminate_cause;
159 * Deadline at which we move to TERMINATING state. Valid if in the
162 OSSL_TIME terminate_deadline;
165 * Deadline at which connection dies due to idle timeout if no further
168 OSSL_TIME idle_deadline;
171 * State tracking. QUIC connection-level state is best represented based on
172 * whether various things have happened yet or not, rather than as an
173 * explicit FSM. We do have a coarse state variable which tracks the basic
174 * state of the connection's lifecycle, but more fine-grained conditions of
175 * the Active state are tracked via flags below. For more details, see
176 * doc/designs/quic-design/connection-state-machine.md. We are in the Open
177 * state if the state is QUIC_CSM_STATE_ACTIVE and handshake_confirmed is
180 unsigned int state : 3;
183 * Have we received at least one encrypted packet from the peer?
184 * (If so, Retry and Version Negotiation messages should no longer
185 * be received and should be ignored if they do occur.)
187 unsigned int have_received_enc_pkt : 1;
190 * Have we sent literally any packet yet? If not, there is no point polling
193 unsigned int have_sent_any_pkt : 1;
196 * Are we currently doing proactive version negotiation?
198 unsigned int doing_proactive_ver_neg : 1;
200 /* We have received transport parameters from the peer. */
201 unsigned int got_remote_transport_params : 1;
204 * This monotonically transitions to 1 once the TLS state machine is
205 * 'complete', meaning that it has both sent a Finished and successfully
206 * verified the peer's Finished (see RFC 9001 s. 4.1.1). Note that it
207 * does not transition to 1 at both peers simultaneously.
209 * Handshake completion is not the same as handshake confirmation (see
212 unsigned int handshake_complete : 1;
215 * This monotonically transitions to 1 once the handshake is confirmed.
216 * This happens on the client when we receive a HANDSHAKE_DONE frame.
217 * At our option, we may also take acknowledgement of any 1-RTT packet
218 * we sent as a handshake confirmation.
220 unsigned int handshake_confirmed : 1;
223 * We are sending Initial packets based on a Retry. This means we definitely
224 * should not receive another Retry, and if we do it is an error.
226 unsigned int doing_retry : 1;
229 * We don't store the current EL here; the TXP asks the QTX which ELs
230 * are provisioned to determine which ELs to use.
233 /* Have statm, qsm been initialised? Used to track cleanup. */
234 unsigned int have_statm : 1;
235 unsigned int have_qsm : 1;
238 * Preferred ELs for transmission and reception. This is not strictly needed
239 * as it can be inferred from what keys we have provisioned, but makes
240 * determining the current EL simpler and faster. A separate EL for
241 * transmission and reception is not strictly necessary but makes things
242 * easier for interoperation with the handshake layer, which likes to invoke
243 * the yield secret callback at different times for TX and RX.
245 unsigned int tx_enc_level : 3;
246 unsigned int rx_enc_level : 3;
248 /* If bit n is set, EL n has been discarded. */
249 unsigned int el_discarded : 4;
252 * While in TERMINATING - CLOSING, set when we should generate a connection
255 unsigned int conn_close_queued : 1;
257 /* Are we in server mode? Never changes after instantiation. */
258 unsigned int is_server : 1;
261 * Set temporarily when the handshake layer has given us a new RX secret.
262 * Used to determine if we need to check our RX queues again.
264 unsigned int have_new_rx_secret : 1;