1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
|
/*
* ngtcp2
*
* Copyright (c) 2017 ngtcp2 contributors
*
* Permission is hereby granted, free of charge, to any person obtaining
* a copy of this software and associated documentation files (the
* "Software"), to deal in the Software without restriction, including
* without limitation the rights to use, copy, modify, merge, publish,
* distribute, sublicense, and/or sell copies of the Software, and to
* permit persons to whom the Software is furnished to do so, subject to
* the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
* LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
* OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
* WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
#ifndef NGTCP2_CRYPTO_H
#define NGTCP2_CRYPTO_H
#ifdef HAVE_CONFIG_H
# include <config.h>
#endif /* HAVE_CONFIG_H */
#include <ngtcp2/ngtcp2.h>
#include "ngtcp2_mem.h"
/* NGTCP2_INITIAL_AEAD_OVERHEAD is an overhead of AEAD used by Initial
packets. Because QUIC uses AEAD_AES_128_GCM, the overhead is 16
bytes. */
#define NGTCP2_INITIAL_AEAD_OVERHEAD 16
/* NGTCP2_MAX_AEAD_OVERHEAD is expected maximum AEAD overhead. */
#define NGTCP2_MAX_AEAD_OVERHEAD 16
/* ngtcp2_transport_param_id is the registry of QUIC transport
parameter ID. */
typedef uint64_t ngtcp2_transport_param_id;
#define NGTCP2_TRANSPORT_PARAM_ORIGINAL_DESTINATION_CONNECTION_ID 0x00
#define NGTCP2_TRANSPORT_PARAM_MAX_IDLE_TIMEOUT 0x01
#define NGTCP2_TRANSPORT_PARAM_STATELESS_RESET_TOKEN 0x02
#define NGTCP2_TRANSPORT_PARAM_MAX_UDP_PAYLOAD_SIZE 0x03
#define NGTCP2_TRANSPORT_PARAM_INITIAL_MAX_DATA 0x04
#define NGTCP2_TRANSPORT_PARAM_INITIAL_MAX_STREAM_DATA_BIDI_LOCAL 0x05
#define NGTCP2_TRANSPORT_PARAM_INITIAL_MAX_STREAM_DATA_BIDI_REMOTE 0x06
#define NGTCP2_TRANSPORT_PARAM_INITIAL_MAX_STREAM_DATA_UNI 0x07
#define NGTCP2_TRANSPORT_PARAM_INITIAL_MAX_STREAMS_BIDI 0x08
#define NGTCP2_TRANSPORT_PARAM_INITIAL_MAX_STREAMS_UNI 0x09
#define NGTCP2_TRANSPORT_PARAM_ACK_DELAY_EXPONENT 0x0a
#define NGTCP2_TRANSPORT_PARAM_MAX_ACK_DELAY 0x0b
#define NGTCP2_TRANSPORT_PARAM_DISABLE_ACTIVE_MIGRATION 0x0c
#define NGTCP2_TRANSPORT_PARAM_PREFERRED_ADDRESS 0x0d
#define NGTCP2_TRANSPORT_PARAM_ACTIVE_CONNECTION_ID_LIMIT 0x0e
#define NGTCP2_TRANSPORT_PARAM_INITIAL_SOURCE_CONNECTION_ID 0x0f
#define NGTCP2_TRANSPORT_PARAM_RETRY_SOURCE_CONNECTION_ID 0x10
/* https://datatracker.ietf.org/doc/html/rfc9221 */
#define NGTCP2_TRANSPORT_PARAM_MAX_DATAGRAM_FRAME_SIZE 0x20
#define NGTCP2_TRANSPORT_PARAM_GREASE_QUIC_BIT 0x2ab2
/* https://datatracker.ietf.org/doc/html/rfc9368 */
#define NGTCP2_TRANSPORT_PARAM_VERSION_INFORMATION 0x11
/* NGTCP2_CRYPTO_KM_FLAG_NONE indicates that no flag is set. */
#define NGTCP2_CRYPTO_KM_FLAG_NONE 0x00u
/* NGTCP2_CRYPTO_KM_FLAG_KEY_PHASE_ONE is set if key phase bit is
set. */
#define NGTCP2_CRYPTO_KM_FLAG_KEY_PHASE_ONE 0x01u
typedef struct ngtcp2_crypto_km {
ngtcp2_vec secret;
ngtcp2_crypto_aead_ctx aead_ctx;
ngtcp2_vec iv;
/* pkt_num is a packet number of a packet which uses this keying
material. For encryption key, it is the lowest packet number of
a packet. For decryption key, it is the lowest packet number of
a packet which can be decrypted with this keying material. */
int64_t pkt_num;
/* use_count is the number of encryption applied with this key.
This field is only used for tx key. */
uint64_t use_count;
/* flags is the bitwise OR of zero or more of
NGTCP2_CRYPTO_KM_FLAG_*. */
uint8_t flags;
} ngtcp2_crypto_km;
/*
* ngtcp2_crypto_km_new creates new ngtcp2_crypto_km object and
* assigns its pointer to |*pckm|. The |secret| of length
* |secretlen|, the |key| of length |keylen| and the |iv| of length
* |ivlen| are copied to |*pckm|. If |secretlen| == 0, the function
* assumes no secret is given which is acceptable. The sole reason to
* store secret is update keys. Only 1RTT key can be updated.
*/
int ngtcp2_crypto_km_new(ngtcp2_crypto_km **pckm, const uint8_t *secret,
size_t secretlen,
const ngtcp2_crypto_aead_ctx *aead_ctx,
const uint8_t *iv, size_t ivlen,
const ngtcp2_mem *mem);
/*
* ngtcp2_crypto_km_nocopy_new is similar to ngtcp2_crypto_km_new, but
* it does not copy secret, key and IV.
*/
int ngtcp2_crypto_km_nocopy_new(ngtcp2_crypto_km **pckm, size_t secretlen,
size_t ivlen, const ngtcp2_mem *mem);
void ngtcp2_crypto_km_del(ngtcp2_crypto_km *ckm, const ngtcp2_mem *mem);
typedef struct ngtcp2_crypto_cc {
ngtcp2_crypto_aead aead;
ngtcp2_crypto_cipher hp;
ngtcp2_crypto_km *ckm;
ngtcp2_crypto_cipher_ctx hp_ctx;
ngtcp2_encrypt encrypt;
ngtcp2_decrypt decrypt;
ngtcp2_hp_mask hp_mask;
} ngtcp2_crypto_cc;
void ngtcp2_crypto_create_nonce(uint8_t *dest, const uint8_t *iv, size_t ivlen,
int64_t pkt_num);
/*
* ngtcp2_transport_params_copy_new makes a copy of |src|, and assigns
* it to |*pdest|. If |src| is NULL, NULL is assigned to |*pdest|.
*
* Caller is responsible to call ngtcp2_transport_params_del to free
* the memory assigned to |*pdest|.
*
* This function returns 0 if it succeeds, or one of the following
* negative error codes:
*
* NGTCP2_ERR_NOMEM
* Out of memory.
*/
int ngtcp2_transport_params_copy_new(ngtcp2_transport_params **pdest,
const ngtcp2_transport_params *src,
const ngtcp2_mem *mem);
#endif /* NGTCP2_CRYPTO_H */
|