/src/picotls/include/picotls.h
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Copyright (c) 2016 DeNA Co., Ltd., Kazuho Oku |
3 | | * |
4 | | * Permission is hereby granted, free of charge, to any person obtaining a copy |
5 | | * of this software and associated documentation files (the "Software"), to |
6 | | * deal in the Software without restriction, including without limitation the |
7 | | * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or |
8 | | * sell copies of the Software, and to permit persons to whom the Software is |
9 | | * furnished to do so, subject to the following conditions: |
10 | | * |
11 | | * The above copyright notice and this permission notice shall be included in |
12 | | * all copies or substantial portions of the Software. |
13 | | * |
14 | | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
15 | | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, |
16 | | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE |
17 | | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER |
18 | | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING |
19 | | * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS |
20 | | * IN THE SOFTWARE. |
21 | | */ |
22 | | #ifndef picotls_h |
23 | | #define picotls_h |
24 | | |
25 | | #ifdef __cplusplus |
26 | | extern "C" { |
27 | | #endif |
28 | | |
29 | | #ifdef _WINDOWS |
30 | | #include "wincompat.h" |
31 | | #endif |
32 | | |
33 | | #include <assert.h> |
34 | | #include <inttypes.h> |
35 | | #include <string.h> |
36 | | #include <sys/types.h> |
37 | | #ifndef _WINDOWS |
38 | | #include <netinet/in.h> |
39 | | #include <arpa/inet.h> |
40 | | #endif |
41 | | |
42 | | #if __GNUC__ >= 3 |
43 | 7.92k | #define PTLS_LIKELY(x) __builtin_expect(!!(x), 1) |
44 | 53.3k | #define PTLS_UNLIKELY(x) __builtin_expect(!!(x), 0) |
45 | 1.19k | #define PTLS_BUILD_ASSERT_EXPR(cond) (sizeof(char[2 * !!(!__builtin_constant_p(cond) || (cond)) - 1]) != 0) |
46 | | #define PTLS_BUILD_ASSERT(cond) ((void)PTLS_BUILD_ASSERT_EXPR(cond)) |
47 | | #else |
48 | | #define PTLS_LIKELY(x) (x) |
49 | | #define PTLS_UNLIKELY(x) (x) |
50 | | #define PTLS_BUILD_ASSERT(cond) 1 |
51 | | #endif |
52 | | |
53 | | /* __builtin_types_compatible_p yields incorrect results when older versions of GCC is used; see #303. |
54 | | * Clang with Xcode 9.4 or prior is known to not work correctly when a pointer is const-qualified; see |
55 | | * https://github.com/h2o/quicly/pull/306#issuecomment-626037269. Older versions of clang upstream works fine, but we do not need |
56 | | * best coverage. This macro is for preventing misuse going into the master branch, having it work one of the compilers supported in |
57 | | * our CI is enough. |
58 | | */ |
59 | | #if ((defined(__clang__) && __clang_major__ >= 10) || __GNUC__ >= 6) && !defined(__cplusplus) |
60 | 1.19k | #define PTLS_ASSERT_IS_ARRAY_EXPR(a) PTLS_BUILD_ASSERT_EXPR(__builtin_types_compatible_p(__typeof__(a[0])[], __typeof__(a))) |
61 | | #else |
62 | | #define PTLS_ASSERT_IS_ARRAY_EXPR(a) 1 |
63 | | #endif |
64 | | |
65 | 1.19k | #define PTLS_ELEMENTSOF(x) (PTLS_ASSERT_IS_ARRAY_EXPR(x) * sizeof(x) / sizeof((x)[0])) |
66 | | |
67 | | #ifdef _WINDOWS |
68 | | #define PTLS_THREADLOCAL __declspec(thread) |
69 | | #else |
70 | | #define PTLS_THREADLOCAL __thread |
71 | | #endif |
72 | | |
73 | | #ifndef PTLS_HAVE_LOG |
74 | | #ifdef _WINDOWS |
75 | | #define PTLS_HAVE_LOG 0 |
76 | | #else |
77 | | #define PTLS_HAVE_LOG 1 |
78 | | #endif |
79 | | #endif |
80 | | |
81 | | #ifndef PTLS_FUZZ_HANDSHAKE |
82 | | #define PTLS_FUZZ_HANDSHAKE 0 |
83 | | #endif |
84 | | |
85 | 7.05k | #define PTLS_HELLO_RANDOM_SIZE 32 |
86 | | |
87 | 0 | #define PTLS_AES128_KEY_SIZE 16 |
88 | | #define PTLS_AES256_KEY_SIZE 32 |
89 | | #define PTLS_AES_BLOCK_SIZE 16 |
90 | | #define PTLS_AES_IV_SIZE 16 |
91 | | #define PTLS_AESGCM_IV_SIZE 12 |
92 | | #define PTLS_AESGCM_TAG_SIZE 16 |
93 | | #define PTLS_AESGCM_CONFIDENTIALITY_LIMIT 0x2000000 /* 2^25 */ |
94 | | #define PTLS_AESGCM_INTEGRITY_LIMIT UINT64_C(0x40000000000000) /* 2^54 */ |
95 | | #define PTLS_AESCCM_CONFIDENTIALITY_LIMIT 0xB504F3 /* 2^23.5 */ |
96 | | #define PTLS_AESCCM_INTEGRITY_LIMIT 0xB504F3 /* 2^23.5 */ |
97 | | |
98 | | #define PTLS_CHACHA20_KEY_SIZE 32 |
99 | | #define PTLS_CHACHA20_IV_SIZE 16 /* contrary to RFC 7539, follow OpenSSL way of using first 32 bits as ctr and latter 96 as IV */ |
100 | | #define PTLS_CHACHA20POLY1305_IV_SIZE 12 |
101 | | #define PTLS_CHACHA20POLY1305_TAG_SIZE 16 |
102 | | #define PTLS_CHACHA20POLY1305_CONFIDENTIALITY_LIMIT UINT64_MAX /* at least 2^64 */ |
103 | | #define PTLS_CHACHA20POLY1305_INTEGRITY_LIMIT UINT64_C(0x1000000000) /* 2^36 */ |
104 | | |
105 | | #define PTLS_AEGIS128L_KEY_SIZE 16 |
106 | | #define PTLS_AEGIS128L_IV_SIZE 16 |
107 | | #define PTLS_AEGIS128L_TAG_SIZE 16 |
108 | | #define PTLS_AEGIS128L_CONFIDENTIALITY_LIMIT UINT64_MAX /* at least 2^64 */ |
109 | | #define PTLS_AEGIS128L_INTEGRITY_LIMIT UINT64_C(0x1000000000000) /* 2^48 */ |
110 | | |
111 | | #define PTLS_AEGIS256_KEY_SIZE 32 |
112 | | #define PTLS_AEGIS256_IV_SIZE 32 |
113 | | #define PTLS_AEGIS256_TAG_SIZE 16 |
114 | | #define PTLS_AEGIS256_CONFIDENTIALITY_LIMIT UINT64_MAX /* at least 2^64 */ |
115 | | #define PTLS_AEGIS256_INTEGRITY_LIMIT UINT64_C(0x1000000000000) /* 2^48 */ |
116 | | |
117 | | #define PTLS_BLOWFISH_KEY_SIZE 16 |
118 | | #define PTLS_BLOWFISH_BLOCK_SIZE 8 |
119 | | |
120 | | #define PTLS_SHA256_BLOCK_SIZE 64 |
121 | | #define PTLS_SHA256_DIGEST_SIZE 32 |
122 | | |
123 | | #define PTLS_SHA384_BLOCK_SIZE 128 |
124 | | #define PTLS_SHA384_DIGEST_SIZE 48 |
125 | | |
126 | | #define PTLS_SHA512_BLOCK_SIZE 128 |
127 | | #define PTLS_SHA512_DIGEST_SIZE 64 |
128 | | |
129 | 0 | #define PTLS_MAX_SECRET_SIZE 32 |
130 | | #define PTLS_MAX_IV_SIZE 32 |
131 | 0 | #define PTLS_MAX_DIGEST_SIZE 64 |
132 | | |
133 | | /* versions */ |
134 | 0 | #define PTLS_PROTOCOL_VERSION_TLS12 0x0303 |
135 | 0 | #define PTLS_PROTOCOL_VERSION_TLS13 0x0304 |
136 | | |
137 | | /* cipher-suites */ |
138 | | #define PTLS_CIPHER_SUITE_AES_128_GCM_SHA256 0x1301 |
139 | | #define PTLS_CIPHER_SUITE_NAME_AES_128_GCM_SHA256 "TLS_AES_128_GCM_SHA256" |
140 | | #define PTLS_CIPHER_SUITE_AES_256_GCM_SHA384 0x1302 |
141 | | #define PTLS_CIPHER_SUITE_NAME_AES_256_GCM_SHA384 "TLS_AES_256_GCM_SHA384" |
142 | 0 | #define PTLS_CIPHER_SUITE_CHACHA20_POLY1305_SHA256 0x1303 |
143 | | #define PTLS_CIPHER_SUITE_NAME_CHACHA20_POLY1305_SHA256 "TLS_CHACHA20_POLY1305_SHA256" |
144 | | #define PTLS_CIPHER_SUITE_AEGIS256_SHA512 0x1306 |
145 | | #define PTLS_CIPHER_SUITE_NAME_AEGIS256_SHA512 "TLS_AEGIS_256_SHA512" |
146 | | #define PTLS_CIPHER_SUITE_AEGIS128L_SHA256 0x1307 |
147 | | #define PTLS_CIPHER_SUITE_NAME_AEGIS128L_SHA256 "TLS_AEGIS_128L_SHA256" |
148 | | |
149 | | /* TLS/1.2 cipher-suites that we support (for compatibility, OpenSSL names are used) */ |
150 | | #define PTLS_CIPHER_SUITE_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xc02b |
151 | | #define PTLS_CIPHER_SUITE_NAME_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 "ECDHE-ECDSA-AES128-GCM-SHA256" |
152 | | #define PTLS_CIPHER_SUITE_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0xc02c |
153 | | #define PTLS_CIPHER_SUITE_NAME_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 "ECDHE-ECDSA-AES256-GCM-SHA384" |
154 | | #define PTLS_CIPHER_SUITE_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xc02f |
155 | | #define PTLS_CIPHER_SUITE_NAME_ECDHE_RSA_WITH_AES_128_GCM_SHA256 "ECDHE-RSA-AES128-GCM-SHA256" |
156 | | #define PTLS_CIPHER_SUITE_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0xc030 |
157 | | #define PTLS_CIPHER_SUITE_NAME_ECDHE_RSA_WITH_AES_256_GCM_SHA384 "ECDHE-RSA-AES256-GCM-SHA384" |
158 | | #define PTLS_CIPHER_SUITE_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xcca8 |
159 | | #define PTLS_CIPHER_SUITE_NAME_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 "ECDHE-RSA-CHACHA20-POLY1305" |
160 | | #define PTLS_CIPHER_SUITE_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 0xcca9 |
161 | | #define PTLS_CIPHER_SUITE_NAME_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 "ECDHE-ECDSA-CHACHA20-POLY1305" |
162 | | |
163 | | /* negotiated_groups */ |
164 | | #define PTLS_GROUP_SECP256R1 23 |
165 | | #define PTLS_GROUP_NAME_SECP256R1 "secp256r1" |
166 | | #define PTLS_GROUP_SECP384R1 24 |
167 | | #define PTLS_GROUP_NAME_SECP384R1 "secp384r1" |
168 | | #define PTLS_GROUP_SECP521R1 25 |
169 | | #define PTLS_GROUP_NAME_SECP521R1 "secp521r1" |
170 | | #define PTLS_GROUP_X25519 29 |
171 | | #define PTLS_GROUP_NAME_X25519 "x25519" |
172 | | #define PTLS_GROUP_X448 30 |
173 | | #define PTLS_GROUP_NAME_X448 "x448" |
174 | | #define PTLS_GROUP_SECP256R1MLKEM768 4587 |
175 | | #define PTLS_GROUP_NAME_SECP256R1MLKEM768 "SecP256r1MLKEM768" |
176 | | #define PTLS_GROUP_X25519MLKEM768 4588 |
177 | | #define PTLS_GROUP_NAME_X25519MLKEM768 "X25519MLKEM768" |
178 | | #define PTLS_GROUP_SECP384R1MLKEM1024 4589 |
179 | | #define PTLS_GROUP_NAME_SECP384R1MLKEM1024 "SecP384r1MLKEM1024" |
180 | | #define PTLS_GROUP_MLKEM512 512 |
181 | | #define PTLS_GROUP_NAME_MLKEM512 "MLKEM512" |
182 | | #define PTLS_GROUP_MLKEM768 513 |
183 | | #define PTLS_GROUP_NAME_MLKEM768 "MLKEM768" |
184 | | #define PTLS_GROUP_MLKEM1024 514 |
185 | | #define PTLS_GROUP_NAME_MLKEM1024 "MLKEM1024" |
186 | | |
187 | | /* signature algorithms */ |
188 | 0 | #define PTLS_SIGNATURE_RSA_PKCS1_SHA1 0x0201 |
189 | 0 | #define PTLS_SIGNATURE_RSA_PKCS1_SHA256 0x0401 |
190 | 0 | #define PTLS_SIGNATURE_ECDSA_SECP256R1_SHA256 0x0403 |
191 | | #define PTLS_SIGNATURE_ECDSA_SECP384R1_SHA384 0x0503 |
192 | | #define PTLS_SIGNATURE_ECDSA_SECP521R1_SHA512 0x0603 |
193 | 0 | #define PTLS_SIGNATURE_RSA_PSS_RSAE_SHA256 0x0804 |
194 | | #define PTLS_SIGNATURE_RSA_PSS_RSAE_SHA384 0x0805 |
195 | | #define PTLS_SIGNATURE_RSA_PSS_RSAE_SHA512 0x0806 |
196 | | #define PTLS_SIGNATURE_ED25519 0x0807 |
197 | | |
198 | | /* HPKE */ |
199 | | #define PTLS_HPKE_MODE_BASE 0 |
200 | | #define PTLS_HPKE_MODE_PSK 1 |
201 | | #define PTLS_HPKE_MODE_AUTH 2 |
202 | | #define PTLS_HPKE_MODE_AUTH_PSK 3 |
203 | | #define PTLS_HPKE_KEM_P256_SHA256 16 |
204 | | #define PTLS_HPKE_KEM_P384_SHA384 17 |
205 | 0 | #define PTLS_HPKE_KEM_X25519_SHA256 32 |
206 | 0 | #define PTLS_HPKE_HKDF_SHA256 1 |
207 | | #define PTLS_HPKE_HKDF_SHA384 2 |
208 | | #define PTLS_HPKE_HKDF_SHA512 3 |
209 | 0 | #define PTLS_HPKE_AEAD_AES_128_GCM 1 |
210 | | #define PTLS_HPKE_AEAD_AES_256_GCM 2 |
211 | | #define PTLS_HPKE_AEAD_CHACHA20POLY1305 3 |
212 | | |
213 | | /* error classes and macros */ |
214 | 1.84k | #define PTLS_ERROR_CLASS_SELF_ALERT 0 |
215 | 1.71k | #define PTLS_ERROR_CLASS_PEER_ALERT 0x100 |
216 | 133k | #define PTLS_ERROR_CLASS_INTERNAL 0x200 |
217 | | |
218 | 3.53k | #define PTLS_ERROR_GET_CLASS(e) ((e) & ~0xff) |
219 | | #define PTLS_ALERT_TO_SELF_ERROR(e) ((e) + PTLS_ERROR_CLASS_SELF_ALERT) |
220 | 25 | #define PTLS_ALERT_TO_PEER_ERROR(e) ((e) + PTLS_ERROR_CLASS_PEER_ALERT) |
221 | | #define PTLS_ERROR_TO_ALERT(e) ((e) & 0xff) |
222 | | |
223 | | /* the HKDF prefix */ |
224 | | #define PTLS_HKDF_EXPAND_LABEL_PREFIX "tls13 " |
225 | | |
226 | | /* alerts */ |
227 | | #define PTLS_ALERT_LEVEL_WARNING 1 |
228 | 1.68k | #define PTLS_ALERT_LEVEL_FATAL 2 |
229 | | |
230 | 0 | #define PTLS_ALERT_CLOSE_NOTIFY 0 |
231 | 41 | #define PTLS_ALERT_UNEXPECTED_MESSAGE 10 |
232 | 9.60k | #define PTLS_ALERT_BAD_RECORD_MAC 20 |
233 | 163 | #define PTLS_ALERT_HANDSHAKE_FAILURE 40 |
234 | 0 | #define PTLS_ALERT_BAD_CERTIFICATE 42 |
235 | 10 | #define PTLS_ALERT_UNSUPPORTED_CERTIFICATE 43 |
236 | 0 | #define PTLS_ALERT_CERTIFICATE_REVOKED 44 |
237 | 0 | #define PTLS_ALERT_CERTIFICATE_EXPIRED 45 |
238 | 0 | #define PTLS_ALERT_CERTIFICATE_UNKNOWN 46 |
239 | 57 | #define PTLS_ALERT_ILLEGAL_PARAMETER 47 |
240 | 0 | #define PTLS_ALERT_UNKNOWN_CA 48 |
241 | | #define PTLS_ALERT_ACCESS_DENIED 49 |
242 | 603 | #define PTLS_ALERT_DECODE_ERROR 50 |
243 | 1 | #define PTLS_ALERT_DECRYPT_ERROR 51 |
244 | 118 | #define PTLS_ALERT_PROTOCOL_VERSION 70 |
245 | 1.68k | #define PTLS_ALERT_INTERNAL_ERROR 80 |
246 | | #define PTLS_ALERT_USER_CANCELED 90 |
247 | 266 | #define PTLS_ALERT_MISSING_EXTENSION 109 |
248 | | #define PTLS_ALERT_UNSUPPORTED_EXTENSION 110 |
249 | | #define PTLS_ALERT_UNRECOGNIZED_NAME 112 |
250 | 0 | #define PTLS_ALERT_UNKNOWN_PSK_IDENTITY 115 |
251 | 0 | #define PTLS_ALERT_CERTIFICATE_REQUIRED 116 |
252 | | #define PTLS_ALERT_NO_APPLICATION_PROTOCOL 120 |
253 | 1.69k | #define PTLS_ALERT_ECH_REQUIRED 121 |
254 | | |
255 | | /* TLS 1.2 */ |
256 | 0 | #define PTLS_TLS12_MASTER_SECRET_SIZE 48 |
257 | | #define PTLS_TLS12_AAD_SIZE 13 |
258 | | #define PTLS_TLS12_AESGCM_FIXED_IV_SIZE 4 |
259 | | #define PTLS_TLS12_AESGCM_RECORD_IV_SIZE 8 |
260 | | #define PTLS_TLS12_CHACHAPOLY_FIXED_IV_SIZE 12 |
261 | | #define PTLS_TLS12_CHACHAPOLY_RECORD_IV_SIZE 0 |
262 | | |
263 | | /* internal errors */ |
264 | 0 | #define PTLS_ERROR_NO_MEMORY (PTLS_ERROR_CLASS_INTERNAL + 1) |
265 | 186k | #define PTLS_ERROR_IN_PROGRESS (PTLS_ERROR_CLASS_INTERNAL + 2) |
266 | 0 | #define PTLS_ERROR_LIBRARY (PTLS_ERROR_CLASS_INTERNAL + 3) |
267 | 0 | #define PTLS_ERROR_INCOMPATIBLE_KEY (PTLS_ERROR_CLASS_INTERNAL + 4) |
268 | | #define PTLS_ERROR_SESSION_NOT_FOUND (PTLS_ERROR_CLASS_INTERNAL + 5) |
269 | 485 | #define PTLS_ERROR_STATELESS_RETRY (PTLS_ERROR_CLASS_INTERNAL + 6) |
270 | 0 | #define PTLS_ERROR_NOT_AVAILABLE (PTLS_ERROR_CLASS_INTERNAL + 7) |
271 | | #define PTLS_ERROR_COMPRESSION_FAILURE (PTLS_ERROR_CLASS_INTERNAL + 8) |
272 | 0 | #define PTLS_ERROR_REJECT_EARLY_DATA (PTLS_ERROR_CLASS_INTERNAL + 9) |
273 | 0 | #define PTLS_ERROR_DELEGATE (PTLS_ERROR_CLASS_INTERNAL + 10) |
274 | 740 | #define PTLS_ERROR_ASYNC_OPERATION (PTLS_ERROR_CLASS_INTERNAL + 11) |
275 | 0 | #define PTLS_ERROR_BLOCK_OVERFLOW (PTLS_ERROR_CLASS_INTERNAL + 12) |
276 | | |
277 | | #define PTLS_ERROR_INCORRECT_BASE64 (PTLS_ERROR_CLASS_INTERNAL + 50) |
278 | | #define PTLS_ERROR_PEM_LABEL_NOT_FOUND (PTLS_ERROR_CLASS_INTERNAL + 51) |
279 | | #define PTLS_ERROR_BER_INCORRECT_ENCODING (PTLS_ERROR_CLASS_INTERNAL + 52) |
280 | | #define PTLS_ERROR_BER_MALFORMED_TYPE (PTLS_ERROR_CLASS_INTERNAL + 53) |
281 | | #define PTLS_ERROR_BER_MALFORMED_LENGTH (PTLS_ERROR_CLASS_INTERNAL + 54) |
282 | | #define PTLS_ERROR_BER_EXCESSIVE_LENGTH (PTLS_ERROR_CLASS_INTERNAL + 55) |
283 | | #define PTLS_ERROR_BER_ELEMENT_TOO_SHORT (PTLS_ERROR_CLASS_INTERNAL + 56) |
284 | | #define PTLS_ERROR_BER_UNEXPECTED_EOC (PTLS_ERROR_CLASS_INTERNAL + 57) |
285 | | #define PTLS_ERROR_DER_INDEFINITE_LENGTH (PTLS_ERROR_CLASS_INTERNAL + 58) |
286 | | #define PTLS_ERROR_INCORRECT_ASN1_SYNTAX (PTLS_ERROR_CLASS_INTERNAL + 59) |
287 | | #define PTLS_ERROR_INCORRECT_PEM_KEY_VERSION (PTLS_ERROR_CLASS_INTERNAL + 60) |
288 | | #define PTLS_ERROR_INCORRECT_PEM_ECDSA_KEY_VERSION (PTLS_ERROR_CLASS_INTERNAL + 61) |
289 | | #define PTLS_ERROR_INCORRECT_PEM_ECDSA_CURVE (PTLS_ERROR_CLASS_INTERNAL + 62) |
290 | | #define PTLS_ERROR_INCORRECT_PEM_ECDSA_KEYSIZE (PTLS_ERROR_CLASS_INTERNAL + 63) |
291 | | #define PTLS_ERROR_INCORRECT_ASN1_ECDSA_KEY_SYNTAX (PTLS_ERROR_CLASS_INTERNAL + 64) |
292 | | |
293 | 3.98k | #define PTLS_HANDSHAKE_TYPE_CLIENT_HELLO 1 |
294 | 0 | #define PTLS_HANDSHAKE_TYPE_SERVER_HELLO 2 |
295 | 0 | #define PTLS_HANDSHAKE_TYPE_NEW_SESSION_TICKET 4 |
296 | 0 | #define PTLS_HANDSHAKE_TYPE_END_OF_EARLY_DATA 5 |
297 | 0 | #define PTLS_HANDSHAKE_TYPE_ENCRYPTED_EXTENSIONS 8 |
298 | 0 | #define PTLS_HANDSHAKE_TYPE_CERTIFICATE 11 |
299 | 0 | #define PTLS_HANDSHAKE_TYPE_CERTIFICATE_REQUEST 13 |
300 | 0 | #define PTLS_HANDSHAKE_TYPE_CERTIFICATE_VERIFY 15 |
301 | 82 | #define PTLS_HANDSHAKE_TYPE_FINISHED 20 |
302 | 0 | #define PTLS_HANDSHAKE_TYPE_KEY_UPDATE 24 |
303 | 0 | #define PTLS_HANDSHAKE_TYPE_COMPRESSED_CERTIFICATE 25 |
304 | 143 | #define PTLS_HANDSHAKE_TYPE_MESSAGE_HASH 254 |
305 | | #define PTLS_HANDSHAKE_TYPE_PSEUDO_HRR -1 |
306 | | |
307 | 2.92k | #define PTLS_CERTIFICATE_TYPE_X509 0 |
308 | 0 | #define PTLS_CERTIFICATE_TYPE_RAW_PUBLIC_KEY 2 |
309 | | |
310 | | #define PTLS_ZERO_DIGEST_SHA256 \ |
311 | | {0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14, 0x9a, 0xfb, 0xf4, 0xc8, 0x99, 0x6f, 0xb9, 0x24, \ |
312 | | 0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c, 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55} |
313 | | |
314 | | #define PTLS_ZERO_DIGEST_SHA384 \ |
315 | | {0x38, 0xb0, 0x60, 0xa7, 0x51, 0xac, 0x96, 0x38, 0x4c, 0xd9, 0x32, 0x7e, 0xb1, 0xb1, 0xe3, 0x6a, \ |
316 | | 0x21, 0xfd, 0xb7, 0x11, 0x14, 0xbe, 0x07, 0x43, 0x4c, 0x0c, 0xc7, 0xbf, 0x63, 0xf6, 0xe1, 0xda, \ |
317 | | 0x27, 0x4e, 0xde, 0xbf, 0xe7, 0x6f, 0x65, 0xfb, 0xd5, 0x1a, 0xd2, 0xf1, 0x48, 0x98, 0xb9, 0x5b} |
318 | | |
319 | | #define PTLS_ZERO_DIGEST_SHA512 \ |
320 | | {0xcf, 0x83, 0xe1, 0x35, 0x7e, 0xef, 0xb8, 0xbd, 0xf1, 0x54, 0x28, 0x50, 0xd6, 0x6d, 0x80, 0x07, \ |
321 | | 0xd6, 0x20, 0xe4, 0x05, 0x0b, 0x57, 0x15, 0xdc, 0x83, 0xf4, 0xa9, 0x21, 0xd3, 0x6c, 0xe9, 0xce, \ |
322 | | 0x47, 0xd0, 0xd1, 0x3c, 0x5d, 0x85, 0xf2, 0xb0, 0xff, 0x83, 0x18, 0xd2, 0x87, 0x7e, 0xec, 0x2f, \ |
323 | | 0x63, 0xb9, 0x31, 0xbd, 0x47, 0x41, 0x7a, 0x81, 0xa5, 0x38, 0x32, 0x7a, 0xf9, 0x27, 0xda, 0x3e} |
324 | | |
325 | 15.8k | #define PTLS_TO__STR(n) #n |
326 | 15.8k | #define PTLS_TO_STR(n) PTLS_TO__STR(n) |
327 | | |
328 | | /** |
329 | | * default maximum of tickets to send (see ptls_context_t::ticket_requests.server.max_count) |
330 | | */ |
331 | 199 | #define PTLS_DEFAULT_MAX_TICKETS_TO_SERVE 4 |
332 | | |
333 | | typedef struct st_ptls_t ptls_t; |
334 | | typedef struct st_ptls_context_t ptls_context_t; |
335 | | typedef struct st_ptls_key_schedule_t ptls_key_schedule_t; |
336 | | |
337 | | /** |
338 | | * represents a sequence of octets |
339 | | */ |
340 | | typedef struct st_ptls_iovec_t { |
341 | | uint8_t *base; |
342 | | size_t len; |
343 | | } ptls_iovec_t; |
344 | | |
345 | | /** |
346 | | * used for storing output |
347 | | */ |
348 | | typedef struct st_ptls_buffer_t { |
349 | | uint8_t *base; |
350 | | size_t capacity; |
351 | | size_t off; |
352 | | uint8_t is_allocated; /* boolean */ |
353 | | uint8_t align_bits; /* if particular alignment is required, set to log2(alignment); otherwize zero */ |
354 | | } ptls_buffer_t; |
355 | | |
356 | | /** |
357 | | * key exchange context built by ptls_key_exchange_algorithm::create. |
358 | | */ |
359 | | typedef struct st_ptls_key_exchange_context_t { |
360 | | /** |
361 | | * the underlying algorithm |
362 | | */ |
363 | | const struct st_ptls_key_exchange_algorithm_t *algo; |
364 | | /** |
365 | | * public key of this context |
366 | | */ |
367 | | ptls_iovec_t pubkey; |
368 | | /** |
369 | | * This function can be used for deriving a shared secret or for destroying the context. |
370 | | * When `secret` is non-NULL, this callback derives the shared secret using the private key of the context and the peer key |
371 | | * being given, and sets the value in `secret`. The memory pointed to by `secret->base` must be freed by the caller by calling |
372 | | * `free`. When `release` is set, the callee frees resources allocated to the context and set *keyex to NULL. Upon failure |
373 | | * (i.e., when an PTLS error code is returned), `*pubkey` and `*secret` either remain unchanged or are zero-cleared. |
374 | | */ |
375 | | int (*on_exchange)(struct st_ptls_key_exchange_context_t **keyex, int release, ptls_iovec_t *secret, ptls_iovec_t peerkey); |
376 | | } ptls_key_exchange_context_t; |
377 | | |
378 | | /** |
379 | | * A key exchange algorithm. |
380 | | */ |
381 | | typedef const struct st_ptls_key_exchange_algorithm_t { |
382 | | /** |
383 | | * ID defined by the TLS specification |
384 | | */ |
385 | | uint16_t id; |
386 | | /** |
387 | | * Creates a context for asynchronous key exchange. The function is called when ClientHello is generated. The on_exchange |
388 | | * callback of the created context is called when the client receives ServerHello. |
389 | | */ |
390 | | int (*create)(const struct st_ptls_key_exchange_algorithm_t *algo, ptls_key_exchange_context_t **ctx); |
391 | | /** |
392 | | * Implements synchronous key exchange. Called when ServerHello is generated. |
393 | | * Given a public key provided by the peer (`peerkey`), this callback generates an ephemeral private and public key, and returns |
394 | | * the public key (`pubkey`) and a secret (`secret`) derived from the peerkey and private key. |
395 | | * Upon failure (i.e., when an PTLS error code is returned), `*pubkey` and `*secret` either remain unchanged or are |
396 | | * zero-cleared. |
397 | | */ |
398 | | int (*exchange)(const struct st_ptls_key_exchange_algorithm_t *algo, ptls_iovec_t *pubkey, ptls_iovec_t *secret, |
399 | | ptls_iovec_t peerkey); |
400 | | /** |
401 | | * crypto-specific data |
402 | | */ |
403 | | intptr_t data; |
404 | | /** |
405 | | * Description as defined in the IANA TLS registry |
406 | | */ |
407 | | const char *name; |
408 | | } ptls_key_exchange_algorithm_t; |
409 | | |
410 | | /** |
411 | | * context of a symmetric cipher |
412 | | */ |
413 | | typedef struct st_ptls_cipher_context_t { |
414 | | const struct st_ptls_cipher_algorithm_t *algo; |
415 | | /* field above this line must not be altered by the crypto binding */ |
416 | | void (*do_dispose)(struct st_ptls_cipher_context_t *ctx); |
417 | | void (*do_init)(struct st_ptls_cipher_context_t *ctx, const void *iv); |
418 | | void (*do_transform)(struct st_ptls_cipher_context_t *ctx, void *output, const void *input, size_t len); |
419 | | } ptls_cipher_context_t; |
420 | | |
421 | | /** |
422 | | * a symmetric cipher |
423 | | */ |
424 | | typedef const struct st_ptls_cipher_algorithm_t { |
425 | | const char *name; |
426 | | size_t key_size; |
427 | | size_t block_size; |
428 | | size_t iv_size; |
429 | | size_t context_size; |
430 | | int (*setup_crypto)(ptls_cipher_context_t *ctx, int is_enc, const void *key); |
431 | | } ptls_cipher_algorithm_t; |
432 | | |
433 | | /** |
434 | | * This object specifies symmetric cipher to be calculated alongside the AEAD encryption. |
435 | | * QUIC stacks can use this object to apply QUIC header protection and AEAD encryption in one shot. |
436 | | */ |
437 | | typedef struct st_ptls_aead_supplementary_encryption_t { |
438 | | /** |
439 | | * Cipher context to be used. |
440 | | */ |
441 | | ptls_cipher_context_t *ctx; |
442 | | /** |
443 | | * Input to the cipher. |
444 | | * This field may point to the output of AEAD encryption, in which case the input will be read after AEAD encryption is |
445 | | * complete. |
446 | | */ |
447 | | const void *input; |
448 | | /** |
449 | | * Output. |
450 | | */ |
451 | | uint8_t output[16]; |
452 | | } ptls_aead_supplementary_encryption_t; |
453 | | |
454 | | /** |
455 | | * AEAD context. |
456 | | * AEAD implementations are allowed to stuff data at the end of the struct; see `ptls_aead_algorithm_t::setup_crypto`. |
457 | | * Ciphers for TLS over TCP MUST implement `do_encrypt`, `do_encrypt_v`, `do_decrypt`. |
458 | | * `do_encrypt_init`, `~update`, `~final` are obsolete, and therefore may not be available. |
459 | | */ |
460 | | typedef struct st_ptls_aead_context_t { |
461 | | /** |
462 | | * Points to the algorithm. This field is governed by picotls core; backends must not alter. |
463 | | */ |
464 | | const struct st_ptls_aead_algorithm_t *algo; |
465 | | /** |
466 | | * Mandatory callback that disposes of all the backend-specific data. |
467 | | */ |
468 | | void (*dispose_crypto)(struct st_ptls_aead_context_t *ctx); |
469 | | /** |
470 | | * Mandatory callback that returns the static IV. The size of IV is available as `ptls_aead_algorithm_t::iv_size`. |
471 | | */ |
472 | | void (*do_get_iv)(struct st_ptls_aead_context_t *ctx, void *iv); |
473 | | /** |
474 | | * Mandatory callback that sets the static IV. The size of IV is available as `ptls_aead_algorithm_t::iv_size`. |
475 | | */ |
476 | | void (*do_set_iv)(struct st_ptls_aead_context_t *ctx, const void *iv); |
477 | | /** |
478 | | * Deprecated. |
479 | | */ |
480 | | void (*do_encrypt_init)(struct st_ptls_aead_context_t *ctx, uint64_t seq, const void *aad, size_t aadlen); |
481 | | /** |
482 | | * Deprecated. |
483 | | */ |
484 | | size_t (*do_encrypt_update)(struct st_ptls_aead_context_t *ctx, void *output, const void *input, size_t inlen); |
485 | | /** |
486 | | * Deprecated. |
487 | | */ |
488 | | size_t (*do_encrypt_final)(struct st_ptls_aead_context_t *ctx, void *output); |
489 | | /** |
490 | | * Mandatory callback that does "one-shot" encryption of an AEAD block. |
491 | | * When `supp` is set to non-NULL, the callback must also encrypt the supplementary block. |
492 | | * Backends may set this field to `ptls_aead__do_encrypt` that calls `do_encrypt_v` and `ptls_cipher_*` functions for handling |
493 | | * the supplimentary block. |
494 | | */ |
495 | | void (*do_encrypt)(struct st_ptls_aead_context_t *ctx, void *output, const void *input, size_t inlen, uint64_t seq, |
496 | | const void *aad, size_t aadlen, ptls_aead_supplementary_encryption_t *supp); |
497 | | /** |
498 | | * Variant of `do_encrypt` that gathers input from multiple blocks. Support for this callback is also mandatory. |
499 | | * Legacy backends may set this field to `ptls_aead__do_encrypt_v` that calls `do_encrypt_init`, `do_encrypt_update`, |
500 | | * `do_encrypt_final`. |
501 | | */ |
502 | | void (*do_encrypt_v)(struct st_ptls_aead_context_t *ctx, void *output, ptls_iovec_t *input, size_t incnt, uint64_t seq, |
503 | | const void *aad, size_t aadlen); |
504 | | /** |
505 | | * Mandatory callback for decrypting an AEAD block. |
506 | | * If successful, returns the amount of cleartext bytes being written to output. Otherwise, returns SIZE_MAX. |
507 | | */ |
508 | | size_t (*do_decrypt)(struct st_ptls_aead_context_t *ctx, void *output, const void *input, size_t inlen, uint64_t seq, |
509 | | const void *aad, size_t aadlen); |
510 | | } ptls_aead_context_t; |
511 | | |
512 | | /** |
513 | | * An AEAD cipher. |
514 | | */ |
515 | | typedef const struct st_ptls_aead_algorithm_t { |
516 | | /** |
517 | | * name (following the convention of `openssl ciphers -v ALL`) |
518 | | */ |
519 | | const char *name; |
520 | | /** |
521 | | * confidentiality_limit (max records / packets sent before re-key) |
522 | | */ |
523 | | const uint64_t confidentiality_limit; |
524 | | /** |
525 | | * integrity_limit (max decryption failure records / packets before re-key) |
526 | | */ |
527 | | const uint64_t integrity_limit; |
528 | | /** |
529 | | * the underlying key stream |
530 | | */ |
531 | | ptls_cipher_algorithm_t *ctr_cipher; |
532 | | /** |
533 | | * the underlying ecb cipher (might not be available) |
534 | | */ |
535 | | ptls_cipher_algorithm_t *ecb_cipher; |
536 | | /** |
537 | | * key size |
538 | | */ |
539 | | size_t key_size; |
540 | | /** |
541 | | * size of the IV |
542 | | */ |
543 | | size_t iv_size; |
544 | | /** |
545 | | * size of the tag |
546 | | */ |
547 | | size_t tag_size; |
548 | | /** |
549 | | * TLS/1.2 Security Parameters (AEAD without support for TLS 1.2 must set both values to 0) |
550 | | */ |
551 | | struct { |
552 | | size_t fixed_iv_size; |
553 | | size_t record_iv_size; |
554 | | } tls12; |
555 | | /** |
556 | | * if encrypted bytes are going to be written using non-temporal store instructions (i.e., skip cache) |
557 | | */ |
558 | | unsigned non_temporal : 1; |
559 | | /** |
560 | | * log2(alignment) being required |
561 | | */ |
562 | | uint8_t align_bits; |
563 | | /** |
564 | | * size of memory allocated for `ptls_aead_context_t` |
565 | | */ |
566 | | size_t context_size; |
567 | | /** |
568 | | * Backend callback called to setup `ptls_aead_context_t`. |
569 | | * Backends are allowed to stuff arbitrary data at the end of `ptls_aead_context_t`; actual size of the memory chunk being |
570 | | * allocated is that specified by `ptls_aead_algorithm_t::context_size`. When the `setup_crypto` callback is called, all the |
571 | | * fields outside of `ptls_aead_context_t` will be in undefined state; it is the responsibility of the callback to initialize |
572 | | * them, as well as the callbacks of `ptls_aead_context_t` that the backend supports. |
573 | | * A non-zero return value indicates failure, in which case the error will propagate as `ptls_aead_new` returning NULL. |
574 | | */ |
575 | | int (*setup_crypto)(ptls_aead_context_t *ctx, int is_enc, const void *key, const void *iv); |
576 | | } ptls_aead_algorithm_t; |
577 | | |
578 | | /** |
579 | | * |
580 | | */ |
581 | | typedef enum en_ptls_hash_final_mode_t { |
582 | | /** |
583 | | * obtains the digest and frees the context |
584 | | */ |
585 | | PTLS_HASH_FINAL_MODE_FREE = 0, |
586 | | /** |
587 | | * obtains the digest and reset the context to initial state |
588 | | */ |
589 | | PTLS_HASH_FINAL_MODE_RESET = 1, |
590 | | /** |
591 | | * obtains the digest while leaving the context as-is |
592 | | */ |
593 | | PTLS_HASH_FINAL_MODE_SNAPSHOT = 2 |
594 | | } ptls_hash_final_mode_t; |
595 | | |
596 | | /** |
597 | | * A hash context. |
598 | | */ |
599 | | typedef struct st_ptls_hash_context_t { |
600 | | /** |
601 | | * feeds additional data into the hash context |
602 | | */ |
603 | | void (*update)(struct st_ptls_hash_context_t *ctx, const void *src, size_t len); |
604 | | /** |
605 | | * returns the digest and performs necessary operation specified by mode |
606 | | */ |
607 | | void (*final)(struct st_ptls_hash_context_t *ctx, void *md, ptls_hash_final_mode_t mode); |
608 | | /** |
609 | | * creates a copy of the hash context |
610 | | */ |
611 | | struct st_ptls_hash_context_t *(*clone_)(struct st_ptls_hash_context_t *src); |
612 | | } ptls_hash_context_t; |
613 | | |
614 | | /** |
615 | | * A hash algorithm and its properties. |
616 | | */ |
617 | | typedef const struct st_ptls_hash_algorithm_t { |
618 | | /** |
619 | | * name of the hash algorithm |
620 | | */ |
621 | | const char *name; |
622 | | /** |
623 | | * block size |
624 | | */ |
625 | | size_t block_size; |
626 | | /** |
627 | | * digest size |
628 | | */ |
629 | | size_t digest_size; |
630 | | /** |
631 | | * constructor that creates the hash context |
632 | | */ |
633 | | ptls_hash_context_t *(*create)(void); |
634 | | /** |
635 | | * digest of zero-length octets |
636 | | */ |
637 | | uint8_t empty_digest[PTLS_MAX_DIGEST_SIZE]; |
638 | | } ptls_hash_algorithm_t; |
639 | | |
640 | | typedef const struct st_ptls_cipher_suite_t { |
641 | | /** |
642 | | * ID as defined by the TLS Cipher Suites registry |
643 | | */ |
644 | | uint16_t id; |
645 | | /** |
646 | | * underlying AEAD algorithm |
647 | | */ |
648 | | ptls_aead_algorithm_t *aead; |
649 | | /** |
650 | | * underlying hash algorithm |
651 | | */ |
652 | | ptls_hash_algorithm_t *hash; |
653 | | /** |
654 | | * value of the "Description" field of the TLS Cipher Suites registry |
655 | | */ |
656 | | const char *name; |
657 | | } ptls_cipher_suite_t; |
658 | | |
659 | | struct st_ptls_traffic_protection_t; |
660 | | |
661 | | typedef struct st_ptls_message_emitter_t { |
662 | | ptls_buffer_t *buf; |
663 | | struct st_ptls_traffic_protection_t *enc; |
664 | | size_t record_header_length; |
665 | | int (*begin_message)(struct st_ptls_message_emitter_t *self); |
666 | | int (*commit_message)(struct st_ptls_message_emitter_t *self); |
667 | | } ptls_message_emitter_t; |
668 | | |
669 | | /** |
670 | | * HPKE KEM |
671 | | */ |
672 | | typedef const struct st_ptls_hpke_kem_t { |
673 | | uint16_t id; |
674 | | ptls_key_exchange_algorithm_t *keyex; |
675 | | ptls_hash_algorithm_t *hash; |
676 | | } ptls_hpke_kem_t; |
677 | | |
678 | | typedef struct st_ptls_hpke_cipher_suite_id_t { |
679 | | uint16_t kdf; |
680 | | uint16_t aead; |
681 | | } ptls_hpke_cipher_suite_id_t; |
682 | | |
683 | | typedef const struct st_ptls_hpke_cipher_suite_t { |
684 | | ptls_hpke_cipher_suite_id_t id; |
685 | | const char *name; /* in form of "<kdf>/<aead>" using the sames specified in IANA HPKE registry */ |
686 | | ptls_hash_algorithm_t *hash; |
687 | | ptls_aead_algorithm_t *aead; |
688 | | } ptls_hpke_cipher_suite_t; |
689 | | |
690 | | #define PTLS_CALLBACK_TYPE0(ret, name) \ |
691 | | typedef struct st_ptls_##name##_t { \ |
692 | | ret (*cb)(struct st_ptls_##name##_t * self); \ |
693 | | } ptls_##name##_t |
694 | | |
695 | | #define PTLS_CALLBACK_TYPE(ret, name, ...) \ |
696 | | typedef struct st_ptls_##name##_t { \ |
697 | | ret (*cb)(struct st_ptls_##name##_t * self, __VA_ARGS__); \ |
698 | | } ptls_##name##_t |
699 | | |
700 | | typedef struct st_ptls_client_hello_psk_identity_t { |
701 | | ptls_iovec_t identity; |
702 | | uint32_t obfuscated_ticket_age; |
703 | | ptls_iovec_t binder; |
704 | | } ptls_client_hello_psk_identity_t; |
705 | | |
706 | | /** |
707 | | * arguments passsed to the on_client_hello callback |
708 | | */ |
709 | | typedef struct st_ptls_on_client_hello_parameters_t { |
710 | | /** |
711 | | * SNI value received from the client. The value is {NULL, 0} if the extension was absent. |
712 | | */ |
713 | | ptls_iovec_t server_name; |
714 | | /** |
715 | | * Raw value of the client_hello message. |
716 | | */ |
717 | | ptls_iovec_t raw_message; |
718 | | /** |
719 | | * points to the cipher-suites section of the raw_message (see above) |
720 | | */ |
721 | | ptls_iovec_t cipher_suites; |
722 | | /** |
723 | | * |
724 | | */ |
725 | | struct { |
726 | | ptls_iovec_t *list; |
727 | | size_t count; |
728 | | } negotiated_protocols; |
729 | | struct { |
730 | | const uint16_t *list; |
731 | | size_t count; |
732 | | } signature_algorithms; |
733 | | struct { |
734 | | const uint16_t *list; |
735 | | size_t count; |
736 | | } certificate_compression_algorithms; |
737 | | struct { |
738 | | const uint8_t *list; |
739 | | size_t count; |
740 | | } server_certificate_types; |
741 | | struct { |
742 | | const ptls_client_hello_psk_identity_t *list; |
743 | | size_t count; |
744 | | } psk_identities; |
745 | | /** |
746 | | * set to 1 if ClientHello is too old (or too new) to be handled by picotls |
747 | | */ |
748 | | unsigned incompatible_version : 1; |
749 | | } ptls_on_client_hello_parameters_t; |
750 | | |
751 | | /** |
752 | | * returns current time in milliseconds (ptls_get_time can be used to return the physical time) |
753 | | */ |
754 | | PTLS_CALLBACK_TYPE0(uint64_t, get_time); |
755 | | /** |
756 | | * after receiving ClientHello, the core calls the optional callback to give a chance to the swap the context depending on the input |
757 | | * values. The callback is required to call `ptls_set_server_name` if an SNI extension needs to be sent to the client. |
758 | | */ |
759 | | PTLS_CALLBACK_TYPE(int, on_client_hello, ptls_t *tls, ptls_on_client_hello_parameters_t *params); |
760 | | /** |
761 | | * callback to generate the certificate message. `ptls_context::certificates` are set when the callback is set to NULL. |
762 | | */ |
763 | | PTLS_CALLBACK_TYPE(int, emit_certificate, ptls_t *tls, ptls_message_emitter_t *emitter, ptls_key_schedule_t *key_sched, |
764 | | ptls_iovec_t context, int push_status_request, const uint16_t *compress_algos, size_t num_compress_algos); |
765 | | /** |
766 | | * An object that represents an asynchronous task (e.g., RSA signature generation). |
767 | | * When `ptls_handshake` returns `PTLS_ERROR_ASYNC_OPERATION`, it has an associated task in flight. The user should obtain the |
768 | | * reference to the associated task by calling `ptls_get_async_job`, then either wait for the file descriptor obtained from |
769 | | * the `get_fd` callback to become readable, or set a completion callback via `set_completion_callback` and wait for its |
770 | | * invocation. Once notified, the user should invoke `ptls_handshake` again. |
771 | | * Async jobs typically provide support for only one of the two methods. |
772 | | */ |
773 | | typedef struct st_ptls_async_job_t { |
774 | | void (*destroy_)(struct st_ptls_async_job_t *self); |
775 | | /** |
776 | | * optional callback returning a file descriptor that becomes readable when the job is complete |
777 | | */ |
778 | | int (*get_fd)(struct st_ptls_async_job_t *self); |
779 | | /** |
780 | | * optional callback for setting a completion callback |
781 | | */ |
782 | | void (*set_completion_callback)(struct st_ptls_async_job_t *self, void (*cb)(void *), void *cbdata); |
783 | | } ptls_async_job_t; |
784 | | /** |
785 | | * When gerenating CertificateVerify, the core calls the callback to sign the handshake context using the certificate. This callback |
786 | | * supports asynchronous mode; see `ptls_openssl_sign_certificate_t` for more information. |
787 | | */ |
788 | | PTLS_CALLBACK_TYPE(int, sign_certificate, ptls_t *tls, ptls_async_job_t **async, uint16_t *selected_algorithm, |
789 | | ptls_buffer_t *output, ptls_iovec_t input, const uint16_t *algorithms, size_t num_algorithms); |
790 | | /** |
791 | | * after receiving Certificate, the core calls the callback to verify the certificate chain and to obtain a pointer to a |
792 | | * callback that should be used for verifying CertificateVerify. If an error occurs between a successful return from this |
793 | | * callback to the invocation of the verify_sign callback, verify_sign is called with both data and sign set to an empty buffer. |
794 | | * The implementor of the callback should use that as the opportunity to free any temporary data allocated for the verify_sign |
795 | | * callback. |
796 | | * The name of the server to be verified, if any, is provided explicitly as `server_name`. When ECH is offered by the client but |
797 | | * the was rejected by the server, this value can be different from that being sent via `ptls_get_server_name`. |
798 | | */ |
799 | | typedef struct st_ptls_verify_certificate_t { |
800 | | int (*cb)(struct st_ptls_verify_certificate_t *self, ptls_t *tls, const char *server_name, |
801 | | int (**verify_sign)(void *verify_ctx, uint16_t algo, ptls_iovec_t data, ptls_iovec_t sign), void **verify_data, |
802 | | ptls_iovec_t *certs, size_t num_certs); |
803 | | /** |
804 | | * list of signature algorithms being supported, terminated by UINT16_MAX |
805 | | */ |
806 | | const uint16_t *algos; |
807 | | } ptls_verify_certificate_t; |
808 | | /** |
809 | | * Encrypt-and-signs (or verify-and-decrypts) a ticket (server-only). |
810 | | * When used for encryption (i.e., is_encrypt being set), the function should return 0 if successful, or else a non-zero value. |
811 | | * When used for decryption, the function should return 0 (successful), PTLS_ERROR_REJECT_EARLY_DATA (successful, but 0-RTT is |
812 | | * forbidden), or any other value to indicate failure. |
813 | | */ |
814 | | PTLS_CALLBACK_TYPE(int, encrypt_ticket, ptls_t *tls, int is_encrypt, ptls_buffer_t *dst, ptls_iovec_t src); |
815 | | /** |
816 | | * saves a ticket (client-only) |
817 | | */ |
818 | | PTLS_CALLBACK_TYPE(int, save_ticket, ptls_t *tls, ptls_iovec_t input); |
819 | | /** |
820 | | * event logging (incl. secret logging) |
821 | | */ |
822 | | typedef struct st_ptls_log_event_t { |
823 | | void (*cb)(struct st_ptls_log_event_t *self, ptls_t *tls, const char *type, const char *fmt, ...) |
824 | | __attribute__((format(printf, 4, 5))); |
825 | | } ptls_log_event_t; |
826 | | /** |
827 | | * reference counting |
828 | | */ |
829 | | PTLS_CALLBACK_TYPE(void, update_open_count, ssize_t delta); |
830 | | /** |
831 | | * applications that have their own record layer can set this function to derive their own traffic keys from the traffic secret. |
832 | | * The cipher-suite that is being associated to the connection can be obtained by calling the ptls_get_cipher function. |
833 | | */ |
834 | | PTLS_CALLBACK_TYPE(int, update_traffic_key, ptls_t *tls, int is_enc, size_t epoch, const void *secret); |
835 | | /** |
836 | | * callback for every extension detected during decoding |
837 | | */ |
838 | | PTLS_CALLBACK_TYPE(int, on_extension, ptls_t *tls, uint8_t hstype, uint16_t exttype, ptls_iovec_t extdata); |
839 | | /** |
840 | | * |
841 | | */ |
842 | | typedef struct st_ptls_decompress_certificate_t { |
843 | | /** |
844 | | * list of supported algorithms terminated by UINT16_MAX |
845 | | */ |
846 | | const uint16_t *supported_algorithms; |
847 | | /** |
848 | | * callback that decompresses the message |
849 | | */ |
850 | | int (*cb)(struct st_ptls_decompress_certificate_t *self, ptls_t *tls, uint16_t algorithm, ptls_iovec_t output, |
851 | | ptls_iovec_t input); |
852 | | } ptls_decompress_certificate_t; |
853 | | /** |
854 | | * ECH: creates the AEAD context to be used for "Open"-ing inner CH. Given `config_id`, the callback looks up the ECH config and the |
855 | | * corresponding private key, invokes `ptls_hpke_setup_base_r` with provided `cipher`, `enc`, and `info_prefix` (which will be |
856 | | * "tls ech" || 00). |
857 | | */ |
858 | | PTLS_CALLBACK_TYPE(ptls_aead_context_t *, ech_create_opener, ptls_hpke_kem_t **kem, ptls_hpke_cipher_suite_t **cipher, ptls_t *tls, |
859 | | uint8_t config_id, ptls_hpke_cipher_suite_id_t cipher_id, ptls_iovec_t enc, ptls_iovec_t info_prefix); |
860 | | |
861 | | /** |
862 | | * the configuration |
863 | | */ |
864 | | struct st_ptls_context_t { |
865 | | /** |
866 | | * PRNG to be used |
867 | | */ |
868 | | void (*random_bytes)(void *buf, size_t len); |
869 | | /** |
870 | | * |
871 | | */ |
872 | | ptls_get_time_t *get_time; |
873 | | /** |
874 | | * list of supported key-exchange algorithms terminated by NULL |
875 | | */ |
876 | | ptls_key_exchange_algorithm_t **key_exchanges; |
877 | | /** |
878 | | * list of supported cipher-suites terminated by NULL |
879 | | */ |
880 | | ptls_cipher_suite_t **cipher_suites; |
881 | | /** |
882 | | * list of certificates |
883 | | */ |
884 | | struct { |
885 | | ptls_iovec_t *list; |
886 | | size_t count; |
887 | | } certificates; |
888 | | /** |
889 | | * External pre-shared key used for mutual authentication. Unless when using PSK, all the fields must be set to NULL / 0. |
890 | | */ |
891 | | struct { |
892 | | ptls_iovec_t identity; |
893 | | ptls_iovec_t secret; |
894 | | /** |
895 | | * (mandatory) hash algorithm associated to the PSK; cipher-suites not sharing the same `ptls_hash_algorithm_t` will be |
896 | | * ignored |
897 | | */ |
898 | | ptls_hash_algorithm_t *hash; |
899 | | } pre_shared_key; |
900 | | /** |
901 | | * ECH |
902 | | */ |
903 | | struct { |
904 | | struct { |
905 | | /** |
906 | | * list of HPKE symmetric cipher-suites (set to NULL to disable ECH altogether) |
907 | | */ |
908 | | ptls_hpke_cipher_suite_t **ciphers; |
909 | | /** |
910 | | * KEMs being supported |
911 | | */ |
912 | | ptls_hpke_kem_t **kems; |
913 | | } client; |
914 | | struct { |
915 | | /** |
916 | | * callback that does ECDH key exchange and returns the AEAD context |
917 | | */ |
918 | | ptls_ech_create_opener_t *create_opener; |
919 | | /** |
920 | | * ECHConfigList to be sent to the client when there is mismatch (or when the client sends a grease) |
921 | | */ |
922 | | ptls_iovec_t retry_configs; |
923 | | } server; |
924 | | } ech; |
925 | | /** |
926 | | * |
927 | | */ |
928 | | ptls_on_client_hello_t *on_client_hello; |
929 | | /** |
930 | | * |
931 | | */ |
932 | | ptls_emit_certificate_t *emit_certificate; |
933 | | /** |
934 | | * |
935 | | */ |
936 | | ptls_sign_certificate_t *sign_certificate; |
937 | | /** |
938 | | * |
939 | | */ |
940 | | ptls_verify_certificate_t *verify_certificate; |
941 | | /** |
942 | | * lifetime of a session ticket (server-only) |
943 | | */ |
944 | | uint32_t ticket_lifetime; |
945 | | /** |
946 | | * maximum permitted size of early data (server-only) |
947 | | */ |
948 | | uint32_t max_early_data_size; |
949 | | /** |
950 | | * maximum size of the message buffer (default: 0 = unlimited = 3 + 2^24 bytes) |
951 | | */ |
952 | | size_t max_buffer_size; |
953 | | /** |
954 | | * this field is obsolete and ignored |
955 | | */ |
956 | | const char *hkdf_label_prefix__obsolete; |
957 | | /** |
958 | | * if set, psk handshakes use (ec)dhe |
959 | | */ |
960 | | unsigned require_dhe_on_psk : 1; |
961 | | /** |
962 | | * if exporter master secrets should be recorded |
963 | | */ |
964 | | unsigned use_exporter : 1; |
965 | | /** |
966 | | * if ChangeCipherSpec record should be sent during handshake. If the client sends CCS, the server sends one in response |
967 | | * regardless of the value of this flag. See RFC 8446 Appendix D.3. |
968 | | */ |
969 | | unsigned send_change_cipher_spec : 1; |
970 | | /** |
971 | | * if set, the server requests client certificates to authenticate the client |
972 | | */ |
973 | | unsigned require_client_authentication : 1; |
974 | | /** |
975 | | * if set, EOED will not be emitted or accepted |
976 | | */ |
977 | | unsigned omit_end_of_early_data : 1; |
978 | | /** |
979 | | * This option turns on support for Raw Public Keys (RFC 7250). |
980 | | * |
981 | | * When running as a client, this option instructs the client to request the server to send raw public keys in place of X.509 |
982 | | * certificate chain. The client should set its `certificate_verify` callback to one that is capable of validating the raw |
983 | | * public key that will be sent by the server. |
984 | | * |
985 | | * When running as a server, this option instructs the server to only handle clients requesting the use of raw public keys. If |
986 | | * the client does not, the handshake is rejected. Note however that the rejection happens only after the `on_client_hello` |
987 | | * callback is being called. Therefore, applications can support both X.509 and raw public keys by swapping `ptls_context_t` to |
988 | | * the correct one when that callback is being called (like handling swapping the contexts based on the value of SNI). |
989 | | */ |
990 | | unsigned use_raw_public_keys : 1; |
991 | | /** |
992 | | * boolean indicating if the cipher-suite should be chosen based on server's preference |
993 | | */ |
994 | | unsigned server_cipher_preference : 1; |
995 | | /** |
996 | | * boolean indicating if ChaCha20-Poly1305 should be reprioritized to the top of the server cipher list if a ChaCha20-Poly1305 |
997 | | * cipher is at the top of the client cipher list |
998 | | */ |
999 | | unsigned server_cipher_chacha_priority : 1; |
1000 | | /** |
1001 | | * |
1002 | | */ |
1003 | | ptls_encrypt_ticket_t *encrypt_ticket; |
1004 | | /** |
1005 | | * |
1006 | | */ |
1007 | | ptls_save_ticket_t *save_ticket; |
1008 | | /** |
1009 | | * |
1010 | | */ |
1011 | | ptls_log_event_t *log_event; |
1012 | | /** |
1013 | | * |
1014 | | */ |
1015 | | ptls_update_open_count_t *update_open_count; |
1016 | | /** |
1017 | | * |
1018 | | */ |
1019 | | ptls_update_traffic_key_t *update_traffic_key; |
1020 | | /** |
1021 | | * |
1022 | | */ |
1023 | | ptls_decompress_certificate_t *decompress_certificate; |
1024 | | /** |
1025 | | * |
1026 | | */ |
1027 | | ptls_on_extension_t *on_extension; |
1028 | | /** |
1029 | | * (optional) list of supported tls12 cipher-suites terminated by NULL |
1030 | | */ |
1031 | | ptls_cipher_suite_t **tls12_cipher_suites; |
1032 | | /** |
1033 | | * (optional) session ID Context to segment resumption |
1034 | | */ |
1035 | | struct { |
1036 | | uint8_t bytes[PTLS_SHA256_DIGEST_SIZE]; |
1037 | | unsigned is_set : 1; |
1038 | | } ticket_context; |
1039 | | /** |
1040 | | * (optional) list of CAs advertised to clients as supported in the CertificateRequest message; each item must be DNs in DER |
1041 | | * format. The values are sent to the client only when `ptls_context_t::require_client_authentication` is set to true. |
1042 | | */ |
1043 | | struct { |
1044 | | const ptls_iovec_t *list; |
1045 | | size_t count; |
1046 | | } client_ca_names; |
1047 | | /** |
1048 | | * (optional) |
1049 | | */ |
1050 | | struct { |
1051 | | /** |
1052 | | * if set to non-zero and if the save_ticket callback is provided, a ticket_request extension containing the specified |
1053 | | * values is sent |
1054 | | */ |
1055 | | struct { |
1056 | | uint8_t new_session_count; |
1057 | | uint8_t resumption_count; |
1058 | | } client; |
1059 | | /** |
1060 | | * if set to non-zero, the maximum number of tickets being sent is capped to the specifed value; if set to zero, the maximum |
1061 | | * adopted is PTLS_DEFAULT_MAX_TICKETS_TO_SERVE. |
1062 | | */ |
1063 | | struct { |
1064 | | uint8_t max_count; |
1065 | | } server; |
1066 | | } ticket_requests; |
1067 | | }; |
1068 | | |
1069 | | typedef struct st_ptls_raw_extension_t { |
1070 | | uint16_t type; |
1071 | | ptls_iovec_t data; |
1072 | | } ptls_raw_extension_t; |
1073 | | |
1074 | | typedef enum en_ptls_early_data_acceptance_t { |
1075 | | PTLS_EARLY_DATA_ACCEPTANCE_UNKNOWN = 0, |
1076 | | PTLS_EARLY_DATA_REJECTED, |
1077 | | PTLS_EARLY_DATA_ACCEPTED |
1078 | | } ptls_early_data_acceptance_t; |
1079 | | |
1080 | | /** |
1081 | | * optional arguments to client-driven handshake |
1082 | | */ |
1083 | | #ifdef _WINDOWS |
1084 | | /* suppress warning C4201: nonstandard extension used: nameless struct/union */ |
1085 | | #pragma warning(push) |
1086 | | #pragma warning(disable : 4201) |
1087 | | #endif |
1088 | | typedef struct st_ptls_handshake_properties_t { |
1089 | | union { |
1090 | | struct { |
1091 | | /** |
1092 | | * list of protocols offered through ALPN |
1093 | | */ |
1094 | | struct { |
1095 | | const ptls_iovec_t *list; |
1096 | | size_t count; |
1097 | | } negotiated_protocols; |
1098 | | /** |
1099 | | * session ticket sent to the application via save_ticket callback |
1100 | | */ |
1101 | | ptls_iovec_t session_ticket; |
1102 | | /** |
1103 | | * pointer to store the maximum size of early-data that can be sent immediately. If set to non-NULL, the first call to |
1104 | | * ptls_handshake (or ptls_handle_message) will set `*max_early_data` to the value obtained from the session ticket, or |
1105 | | * to zero if early-data cannot be sent. If NULL, early data will not be used. |
1106 | | */ |
1107 | | size_t *max_early_data_size; |
1108 | | /** |
1109 | | * If early-data has been accepted by peer, or if the state is still unknown. The state changes anytime after handshake |
1110 | | * keys become available. Applications can peek the tri-state variable every time it calls `ptls_hanshake` or |
1111 | | * `ptls_handle_message` to determine the result at the earliest moment. This is an output parameter. |
1112 | | */ |
1113 | | ptls_early_data_acceptance_t early_data_acceptance; |
1114 | | /** |
1115 | | * negotiate the key exchange method before sending key_share |
1116 | | */ |
1117 | | unsigned negotiate_before_key_exchange : 1; |
1118 | | /** |
1119 | | * ECH |
1120 | | */ |
1121 | | struct { |
1122 | | /** |
1123 | | * Config offered by server e.g., by HTTPS RR. If config.base is non-NULL but config.len is zero, a grease ECH will |
1124 | | * be sent, assuming that X25519-SHA256 KEM and SHA256-AES-128-GCM HPKE cipher is available. |
1125 | | */ |
1126 | | ptls_iovec_t configs; |
1127 | | /** |
1128 | | * slot to save the config obtained from server on mismatch; user must free the returned blob by calling `free` |
1129 | | */ |
1130 | | ptls_iovec_t *retry_configs; |
1131 | | } ech; |
1132 | | } client; |
1133 | | struct { |
1134 | | /** |
1135 | | * psk binder being selected (len is set to zero if none) |
1136 | | */ |
1137 | | struct { |
1138 | | uint8_t base[PTLS_MAX_DIGEST_SIZE]; |
1139 | | size_t len; |
1140 | | } selected_psk_binder; |
1141 | | /** |
1142 | | * parameters related to use of the Cookie extension |
1143 | | */ |
1144 | | struct { |
1145 | | /** |
1146 | | * HMAC key to protect the integrity of the cookie. The key should be as long as the digest size of the first |
1147 | | * ciphersuite specified in ptls_context_t (i.e. the hash algorithm of the best ciphersuite that can be chosen). |
1148 | | */ |
1149 | | const void *key; |
1150 | | /** |
1151 | | * additional data to be used for verifying the cookie |
1152 | | */ |
1153 | | ptls_iovec_t additional_data; |
1154 | | } cookie; |
1155 | | /** |
1156 | | * if HRR should always be sent |
1157 | | */ |
1158 | | unsigned enforce_retry : 1; |
1159 | | /** |
1160 | | * if retry should be stateless (cookie.key MUST be set when this option is used) |
1161 | | */ |
1162 | | unsigned retry_uses_cookie : 1; |
1163 | | } server; |
1164 | | }; |
1165 | | /** |
1166 | | * an optional list of additional extensions to send either in CH or EE, terminated by type == UINT16_MAX |
1167 | | */ |
1168 | | ptls_raw_extension_t *additional_extensions; |
1169 | | /** |
1170 | | * an optional callback that returns a boolean value indicating if a particular extension should be collected |
1171 | | */ |
1172 | | int (*collect_extension)(ptls_t *tls, struct st_ptls_handshake_properties_t *properties, uint16_t type); |
1173 | | /** |
1174 | | * an optional callback that reports the extensions being collected |
1175 | | */ |
1176 | | int (*collected_extensions)(ptls_t *tls, struct st_ptls_handshake_properties_t *properties, ptls_raw_extension_t *extensions); |
1177 | | } ptls_handshake_properties_t; |
1178 | | #ifdef _WINDOWS |
1179 | | #pragma warning(pop) |
1180 | | #endif |
1181 | | #ifdef _WINDOWS |
1182 | | /* suppress warning C4293: >> shift count negative or too big */ |
1183 | | #pragma warning(disable : 4293) |
1184 | | #endif |
1185 | | /** |
1186 | | * builds a new ptls_iovec_t instance using the supplied parameters |
1187 | | */ |
1188 | | static ptls_iovec_t ptls_iovec_init(const void *p, size_t len); |
1189 | | /** |
1190 | | * initializes a buffer, setting the default destination to the small buffer provided as the argument. |
1191 | | */ |
1192 | | static void ptls_buffer_init(ptls_buffer_t *buf, void *smallbuf, size_t smallbuf_size); |
1193 | | /** |
1194 | | * disposes a buffer, freeing resources allocated by the buffer itself (if any) |
1195 | | */ |
1196 | | static void ptls_buffer_dispose(ptls_buffer_t *buf); |
1197 | | /** |
1198 | | * internal |
1199 | | */ |
1200 | | void ptls_buffer__release_memory(ptls_buffer_t *buf); |
1201 | | /** |
1202 | | * reserves space for additional amount of memory |
1203 | | */ |
1204 | | int ptls_buffer_reserve(ptls_buffer_t *buf, size_t delta); |
1205 | | /** |
1206 | | * reserves space for additional amount of memory, requiring `buf->base` to follow specified alignment |
1207 | | */ |
1208 | | int ptls_buffer_reserve_aligned(ptls_buffer_t *buf, size_t delta, uint8_t align_bits); |
1209 | | /** |
1210 | | * internal |
1211 | | */ |
1212 | | int ptls_buffer__do_pushv(ptls_buffer_t *buf, const void *src, size_t len); |
1213 | | /** |
1214 | | * internal |
1215 | | */ |
1216 | | int ptls_buffer__adjust_quic_blocksize(ptls_buffer_t *buf, size_t body_size); |
1217 | | /** |
1218 | | * internal |
1219 | | */ |
1220 | | int ptls_buffer__adjust_asn1_blocksize(ptls_buffer_t *buf, size_t body_size); |
1221 | | /** |
1222 | | * pushes an unsigned bigint |
1223 | | */ |
1224 | | int ptls_buffer_push_asn1_ubigint(ptls_buffer_t *buf, const void *bignum, size_t size); |
1225 | | /** |
1226 | | * encodes a quic varint (maximum length is PTLS_ENCODE_QUICINT_CAPACITY) |
1227 | | */ |
1228 | | static uint8_t *ptls_encode_quicint(uint8_t *p, uint64_t v); |
1229 | | #define PTLS_ENCODE_QUICINT_CAPACITY 8 |
1230 | | |
1231 | | #define PTLS_QUICINT_MAX 4611686018427387903 // (1 << 62) - 1 |
1232 | | #define PTLS_QUICINT_LONGEST_STR "4611686018427387903" |
1233 | | |
1234 | | #define ptls_buffer_pushv(buf, src, len) \ |
1235 | 11.7k | do { \ |
1236 | 23.4k | if ((ret = ptls_buffer__do_pushv((buf), (src), (len))) != 0) \ |
1237 | 11.7k | goto Exit; \ |
1238 | 11.7k | } while (0) |
1239 | | |
1240 | | #define ptls_buffer_push(buf, ...) \ |
1241 | 8.50k | do { \ |
1242 | 8.50k | if ((ret = ptls_buffer__do_pushv((buf), (uint8_t[]){__VA_ARGS__}, sizeof((uint8_t[]){__VA_ARGS__}))) != 0) \ |
1243 | 8.50k | goto Exit; \ |
1244 | 8.50k | } while (0) |
1245 | | |
1246 | | #define ptls_buffer_push16(buf, v) \ |
1247 | 3.88k | do { \ |
1248 | 3.88k | uint16_t _v = (v); \ |
1249 | 3.88k | ptls_buffer_push(buf, (uint8_t)(_v >> 8), (uint8_t)_v); \ |
1250 | 3.88k | } while (0) |
1251 | | |
1252 | | #define ptls_buffer_push24(buf, v) \ |
1253 | | do { \ |
1254 | | uint32_t _v = (v); \ |
1255 | | ptls_buffer_push(buf, (uint8_t)(_v >> 16), (uint8_t)(_v >> 8), (uint8_t)_v); \ |
1256 | | } while (0) |
1257 | | |
1258 | | #define ptls_buffer_push32(buf, v) \ |
1259 | | do { \ |
1260 | | uint32_t _v = (v); \ |
1261 | | ptls_buffer_push(buf, (uint8_t)(_v >> 24), (uint8_t)(_v >> 16), (uint8_t)(_v >> 8), (uint8_t)_v); \ |
1262 | | } while (0) |
1263 | | |
1264 | | #define ptls_buffer_push64(buf, v) \ |
1265 | 0 | do { \ |
1266 | 0 | uint64_t _v = (v); \ |
1267 | 0 | ptls_buffer_push(buf, (uint8_t)(_v >> 56), (uint8_t)(_v >> 48), (uint8_t)(_v >> 40), (uint8_t)(_v >> 32), \ |
1268 | 0 | (uint8_t)(_v >> 24), (uint8_t)(_v >> 16), (uint8_t)(_v >> 8), (uint8_t)_v); \ |
1269 | 0 | } while (0) |
1270 | | |
1271 | | #define ptls_buffer_push_quicint(buf, v) \ |
1272 | | do { \ |
1273 | | if ((ret = ptls_buffer_reserve((buf), PTLS_ENCODE_QUICINT_CAPACITY)) != 0) \ |
1274 | | goto Exit; \ |
1275 | | uint8_t *d = ptls_encode_quicint((buf)->base + (buf)->off, (v)); \ |
1276 | | (buf)->off = d - (buf)->base; \ |
1277 | | } while (0) |
1278 | | |
1279 | | #define ptls_buffer_push_block(buf, _capacity, block) \ |
1280 | 11.7k | do { \ |
1281 | 11.7k | size_t capacity = (_capacity); \ |
1282 | 11.7k | ptls_buffer_pushv((buf), (uint8_t *)"\0\0\0\0\0\0\0", capacity != -1 ? capacity : 1); \ |
1283 | 11.7k | size_t body_start = (buf)->off; \ |
1284 | 11.7k | do { \ |
1285 | 165k | block \ |
1286 | 11.7k | } while (0); \ |
1287 | 11.7k | size_t body_size = (buf)->off - body_start; \ |
1288 | 11.7k | if (capacity != -1) { \ |
1289 | 11.7k | if (capacity < sizeof(size_t) && body_size >= (size_t)1 << (capacity * 8)) { \ |
1290 | 0 | ret = PTLS_ERROR_BLOCK_OVERFLOW; \ |
1291 | 0 | goto Exit; \ |
1292 | 0 | } \ |
1293 | 28.8k | for (; capacity != 0; --capacity) \ |
1294 | 17.1k | (buf)->base[body_start - capacity] = (uint8_t)(body_size >> (8 * (capacity - 1))); \ |
1295 | 11.7k | } else { \ |
1296 | 0 | if ((ret = ptls_buffer__adjust_quic_blocksize((buf), body_size)) != 0) \ |
1297 | 0 | goto Exit; \ |
1298 | 0 | } \ |
1299 | 11.7k | } while (0) |
1300 | | |
1301 | | #define ptls_buffer_push_asn1_block(buf, block) \ |
1302 | 0 | do { \ |
1303 | 0 | ptls_buffer_push((buf), 0xff); /* dummy */ \ |
1304 | 0 | size_t body_start = (buf)->off; \ |
1305 | 0 | do { \ |
1306 | 0 | block \ |
1307 | 0 | } while (0); \ |
1308 | 0 | size_t body_size = (buf)->off - body_start; \ |
1309 | 0 | if (body_size < 128) { \ |
1310 | 0 | (buf)->base[body_start - 1] = (uint8_t)body_size; \ |
1311 | 0 | } else { \ |
1312 | 0 | if ((ret = ptls_buffer__adjust_asn1_blocksize((buf), body_size)) != 0) \ |
1313 | 0 | goto Exit; \ |
1314 | 0 | } \ |
1315 | 0 | } while (0) |
1316 | | |
1317 | | #define ptls_buffer_push_asn1_sequence(buf, block) \ |
1318 | | do { \ |
1319 | | ptls_buffer_push((buf), 0x30); \ |
1320 | | ptls_buffer_push_asn1_block((buf), block); \ |
1321 | | } while (0) |
1322 | | |
1323 | | #define ptls_buffer_push_message_body(buf, key_sched, type, block) \ |
1324 | 1.50k | do { \ |
1325 | 1.50k | ptls_buffer_t *_buf = (buf); \ |
1326 | 1.50k | ptls_key_schedule_t *_key_sched = (key_sched); \ |
1327 | 1.50k | size_t mess_start = _buf->off; \ |
1328 | 1.50k | ptls_buffer_push(_buf, (type)); \ |
1329 | 1.50k | ptls_buffer_push_block(_buf, 3, block); \ |
1330 | 1.50k | if (_key_sched != NULL) \ |
1331 | 1.50k | ptls__key_schedule_update_hash(_key_sched, _buf->base + mess_start, _buf->off - mess_start, 0); \ |
1332 | 1.50k | } while (0) |
1333 | | |
1334 | | #define ptls_push_message(emitter, key_sched, type, block) \ |
1335 | 1.34k | do { \ |
1336 | 1.34k | ptls_message_emitter_t *_emitter = (emitter); \ |
1337 | 1.34k | if ((ret = _emitter->begin_message(_emitter)) != 0) \ |
1338 | 1.34k | goto Exit; \ |
1339 | 1.34k | ptls_buffer_push_message_body(_emitter->buf, (key_sched), (type), block); \ |
1340 | 1.34k | if ((ret = _emitter->commit_message(_emitter)) != 0) \ |
1341 | 1.34k | goto Exit; \ |
1342 | 1.34k | } while (0) |
1343 | | |
1344 | | int ptls_decode8(uint8_t *value, const uint8_t **src, const uint8_t *end); |
1345 | | int ptls_decode16(uint16_t *value, const uint8_t **src, const uint8_t *end); |
1346 | | int ptls_decode24(uint32_t *value, const uint8_t **src, const uint8_t *end); |
1347 | | int ptls_decode32(uint32_t *value, const uint8_t **src, const uint8_t *end); |
1348 | | int ptls_decode64(uint64_t *value, const uint8_t **src, const uint8_t *end); |
1349 | | uint64_t ptls_decode_quicint(const uint8_t **src, const uint8_t *end); |
1350 | | |
1351 | | #define ptls_decode_open_block(src, end, capacity, block) \ |
1352 | 10.2k | do { \ |
1353 | 10.2k | size_t _capacity = (capacity); \ |
1354 | 10.2k | size_t _block_size; \ |
1355 | 10.2k | if (_capacity == -1) { \ |
1356 | 0 | uint64_t _block_size64; \ |
1357 | 0 | const uint8_t *_src = (src); \ |
1358 | 0 | if ((_block_size64 = ptls_decode_quicint(&_src, end)) == UINT64_MAX || \ |
1359 | 0 | (sizeof(size_t) < 8 && (_block_size64 >> (8 * sizeof(size_t))) != 0)) { \ |
1360 | 0 | ret = PTLS_ALERT_DECODE_ERROR; \ |
1361 | 0 | goto Exit; \ |
1362 | 0 | } \ |
1363 | 0 | (src) = _src; \ |
1364 | 0 | _block_size = (size_t)_block_size64; \ |
1365 | 10.2k | } else { \ |
1366 | 10.2k | if (_capacity > (size_t)(end - (src))) { \ |
1367 | 42 | ret = PTLS_ALERT_DECODE_ERROR; \ |
1368 | 42 | goto Exit; \ |
1369 | 42 | } \ |
1370 | 10.2k | _block_size = 0; \ |
1371 | 16.5k | do { \ |
1372 | 16.5k | _block_size = _block_size << 8 | *(src)++; \ |
1373 | 16.5k | } while (--_capacity != 0); \ |
1374 | 10.1k | } \ |
1375 | 10.2k | if (_block_size > (size_t)(end - (src))) { \ |
1376 | 224 | ret = PTLS_ALERT_DECODE_ERROR; \ |
1377 | 224 | goto Exit; \ |
1378 | 224 | } \ |
1379 | 10.1k | do { \ |
1380 | 9.94k | const uint8_t *const end = (src) + _block_size; \ |
1381 | 9.94k | do { \ |
1382 | 1.33M | block \ |
1383 | 8.77k | } while (0); \ |
1384 | 9.94k | if ((src) != end) { \ |
1385 | 0 | ret = PTLS_ALERT_DECODE_ERROR; \ |
1386 | 0 | goto Exit; \ |
1387 | 0 | } \ |
1388 | 8.77k | } while (0); \ |
1389 | 9.94k | } while (0) |
1390 | | |
1391 | | #define ptls_decode_assert_block_close(src, end) \ |
1392 | 1.89k | do { \ |
1393 | 1.89k | if ((src) != end) { \ |
1394 | 45 | ret = PTLS_ALERT_DECODE_ERROR; \ |
1395 | 45 | goto Exit; \ |
1396 | 45 | } \ |
1397 | 1.89k | } while (0); |
1398 | | |
1399 | | #define ptls_decode_block(src, end, capacity, block) \ |
1400 | 1.29k | do { \ |
1401 | 1.29k | ptls_decode_open_block((src), end, capacity, block); \ |
1402 | 1.29k | ptls_decode_assert_block_close((src), end); \ |
1403 | 962 | } while (0) |
1404 | | |
1405 | | #if PTLS_HAVE_LOG |
1406 | | #define PTLS_LOG__DO_LOG(module, name, conn_state, get_sni, get_sni_arg, add_time, block) \ |
1407 | 0 | do { \ |
1408 | 0 | int ptlslog_include_appdata = 0; \ |
1409 | 0 | do { \ |
1410 | 0 | ptls_log__do_write_start(&logpoint, (add_time)); \ |
1411 | 0 | do { \ |
1412 | 0 | block \ |
1413 | 0 | } while (0); \ |
1414 | 0 | ptlslog_include_appdata = \ |
1415 | 0 | ptls_log__do_write_end(&logpoint, (conn_state), (get_sni), (get_sni_arg), ptlslog_include_appdata); \ |
1416 | 0 | } while (PTLS_UNLIKELY(ptlslog_include_appdata)); \ |
1417 | 0 | } while (0) |
1418 | | #else |
1419 | | #define PTLS_LOG__DO_LOG(module, name, conn_state, get_sni, get_sni_arg, add_time, block) /* don't generate code */ |
1420 | | #endif |
1421 | | |
1422 | | #define PTLS_LOG_DEFINE_POINT(_module, _name, _var) \ |
1423 | 7.92k | static struct st_ptls_log_point_t _var = {.name = PTLS_TO_STR(_module) ":" PTLS_TO_STR(_name)} |
1424 | | |
1425 | | #define PTLS_LOG(module, name, block) \ |
1426 | | do { \ |
1427 | | PTLS_LOG_DEFINE_POINT(module, name, logpoint); \ |
1428 | | if (PTLS_LIKELY(ptls_log_point_maybe_active(&logpoint) == 0)) \ |
1429 | | break; \ |
1430 | | PTLS_LOG__DO_LOG(module, name, NULL, NULL, NULL, 1, {block}); \ |
1431 | | } while (0) |
1432 | | |
1433 | | #define PTLS_LOG_CONN(name, tls, block) \ |
1434 | 7.92k | do { \ |
1435 | 7.92k | PTLS_LOG_DEFINE_POINT(picotls, name, logpoint); \ |
1436 | 7.92k | uint32_t active = ptls_log_point_maybe_active(&logpoint); \ |
1437 | 7.92k | if (PTLS_LIKELY(active == 0)) \ |
1438 | 7.92k | break; \ |
1439 | 7.92k | ptls_t *_tls = (tls); \ |
1440 | 0 | ptls_log_conn_state_t *conn_state = ptls_get_log_state(_tls); \ |
1441 | 0 | active &= ptls_log_conn_maybe_active(conn_state, (const char *(*)(void *))ptls_get_server_name, _tls); \ |
1442 | 0 | if (PTLS_LIKELY(active == 0)) \ |
1443 | 0 | break; \ |
1444 | 0 | PTLS_LOG__DO_LOG(picotls, name, conn_state, (const char *(*)(void *))ptls_get_server_name, _tls, 1, { \ |
1445 | 0 | PTLS_LOG_ELEMENT_PTR(tls, _tls); \ |
1446 | 0 | do { \ |
1447 | 0 | block \ |
1448 | 0 | } while (0); \ |
1449 | 0 | }); \ |
1450 | 0 | } while (0) |
1451 | | |
1452 | | #define PTLS_LOG__ELEMENT_PREFIX_CORE(lit) ",\"" lit "\":" |
1453 | | #define PTLS_LOG__ELEMENT_PREFIX(lit) PTLS_LOG__ELEMENT_PREFIX_CORE(lit), sizeof(PTLS_LOG__ELEMENT_PREFIX_CORE(lit)) - 1 |
1454 | | #define PTLS_LOG_ELEMENT_SAFESTR(name, value) \ |
1455 | | do { \ |
1456 | | const char *value_ = (value); \ |
1457 | | ptls_log__do_push_element_safestr(PTLS_LOG__ELEMENT_PREFIX(PTLS_TO_STR(name)), (value_), strlen(value_)); \ |
1458 | | } while (0) |
1459 | | #define PTLS_LOG_ELEMENT_UNSAFESTR(name, value, value_len) \ |
1460 | | ptls_log__do_push_element_unsafestr(PTLS_LOG__ELEMENT_PREFIX(PTLS_TO_STR(name)), (value), (value_len)) |
1461 | | #define PTLS_LOG_ELEMENT_HEXDUMP(name, value, value_len) \ |
1462 | | ptls_log__do_push_element_hexdump(PTLS_LOG__ELEMENT_PREFIX(PTLS_TO_STR(name)), (value), (value_len)) |
1463 | | #define PTLS_LOG_ELEMENT_PTR(name, value) PTLS_LOG_ELEMENT_UNSIGNED(name, (uint64_t)(value)) |
1464 | | #define PTLS_LOG_ELEMENT_SIGNED(name, value) \ |
1465 | | do { \ |
1466 | | if (sizeof(value) <= sizeof(int32_t)) { \ |
1467 | | ptls_log__do_push_element_signed32(PTLS_LOG__ELEMENT_PREFIX(PTLS_TO_STR(name)), (value)); \ |
1468 | | } else { \ |
1469 | | ptls_log__do_push_element_signed64(PTLS_LOG__ELEMENT_PREFIX(PTLS_TO_STR(name)), (value)); \ |
1470 | | } \ |
1471 | | } while (0) |
1472 | | #define PTLS_LOG__DO_ELEMENT_UNSIGNED(lit, value) \ |
1473 | | do { \ |
1474 | | if (sizeof(value) <= sizeof(uint32_t)) { \ |
1475 | | ptls_log__do_push_element_unsigned32(PTLS_LOG__ELEMENT_PREFIX(lit), (value)); \ |
1476 | | } else { \ |
1477 | | ptls_log__do_push_element_unsigned64(PTLS_LOG__ELEMENT_PREFIX(lit), (value)); \ |
1478 | | } \ |
1479 | | } while (0) |
1480 | | #define PTLS_LOG_ELEMENT_UNSIGNED(name, value) PTLS_LOG__DO_ELEMENT_UNSIGNED(PTLS_TO_STR(name), (value)) |
1481 | | #define PTLS_LOG_ELEMENT_BOOL(name, value) ptls_log__do_push_element_bool(PTLS_LOG__ELEMENT_PREFIX(PTLS_TO_STR(name)), (value)) |
1482 | | #define PTLS_LOG_APPDATA_ELEMENT_UNSAFESTR(name, value, value_len) \ |
1483 | | do { \ |
1484 | | if (ptlslog_include_appdata) { \ |
1485 | | PTLS_LOG_ELEMENT_UNSAFESTR(name, value, value_len); \ |
1486 | | } else { \ |
1487 | | PTLS_LOG__DO_ELEMENT_UNSIGNED(PTLS_TO_STR(name) "_len", value_len); \ |
1488 | | } \ |
1489 | | } while (0) |
1490 | | #define PTLS_LOG_APPDATA_ELEMENT_HEXDUMP(name, value, value_len) \ |
1491 | | do { \ |
1492 | | if (ptlslog_include_appdata) { \ |
1493 | | PTLS_LOG_ELEMENT_HEXDUMP(name, value, value_len); \ |
1494 | | } else { \ |
1495 | | PTLS_LOG__DO_ELEMENT_UNSIGNED(PTLS_TO_STR(name) "_len", value_len); \ |
1496 | | } \ |
1497 | | } while (0) |
1498 | | |
1499 | | /** |
1500 | | * retains a list of connections that are bound to the object |
1501 | | */ |
1502 | | struct st_ptls_log_state_t { |
1503 | | /** |
1504 | | * bit array of connections (1 is active) |
1505 | | */ |
1506 | | uint32_t active_conns; |
1507 | | /** |
1508 | | * generation counter used for staleness check; see `ptls_log._generation` |
1509 | | */ |
1510 | | uint64_t generation; |
1511 | | }; |
1512 | | |
1513 | | /** |
1514 | | * represents a log point identified by name (`module:type`) |
1515 | | */ |
1516 | | struct st_ptls_log_point_t { |
1517 | | const char *name; |
1518 | | struct st_ptls_log_state_t state; |
1519 | | }; |
1520 | | |
1521 | | /** |
1522 | | * represents a logging state of each connection |
1523 | | */ |
1524 | | typedef struct st_ptls_log_conn_state_t { |
1525 | | /** |
1526 | | * random value between 0 (inclusive) and 1 (non-inclusive) used to determine the ratio of sampling-based logging; see |
1527 | | * `ptls_add_fd'`. To disable logging entirely, use `ptls_log.dummy_conn_state`, or set the value exactly to 1. |
1528 | | */ |
1529 | | float random_; |
1530 | | /** |
1531 | | * represents peer address; ipv4 addresses are stored using the mapped form (::ffff:192.0.2.1) |
1532 | | */ |
1533 | | struct in6_addr address; |
1534 | | struct st_ptls_log_state_t state; |
1535 | | } ptls_log_conn_state_t; |
1536 | | |
1537 | | /** |
1538 | | * see `ptls_get_log_state` |
1539 | | */ |
1540 | | extern PTLS_THREADLOCAL ptls_log_conn_state_t *ptls_log_conn_state_override; |
1541 | | |
1542 | | /** |
1543 | | * global variables exposed |
1544 | | */ |
1545 | | extern struct st_ptls_log_t { |
1546 | | /** |
1547 | | * if application-data (e.g., payload) should be emitted as well |
1548 | | */ |
1549 | | volatile unsigned may_include_appdata : 1; |
1550 | | /** |
1551 | | * endpoints that want to disable logging entirely can provide this value to the loggers |
1552 | | */ |
1553 | | ptls_log_conn_state_t dummy_conn_state; |
1554 | | /** |
1555 | | * generation counter that is incremented whenever the state of loggers change; see `st_ptls_log_state_t::generation` |
1556 | | */ |
1557 | | volatile uint64_t _generation; |
1558 | | } ptls_log; |
1559 | | |
1560 | | /** |
1561 | | * initializes a ptls_log_conn_state_t |
1562 | | */ |
1563 | | void ptls_log_init_conn_state(ptls_log_conn_state_t *state, void (*random_bytes)(void *, size_t)); |
1564 | | /** |
1565 | | * forces recalculation of the log state (should be called when SNI is determined) |
1566 | | */ |
1567 | | static void ptls_log_recalc_conn_state(ptls_log_conn_state_t *state); |
1568 | | /** |
1569 | | * returns a bitmap indicating the loggers active for given log point |
1570 | | */ |
1571 | | static uint32_t ptls_log_point_maybe_active(struct st_ptls_log_point_t *point); |
1572 | | /** |
1573 | | * returns a bitmap indicating the loggers active for given connection |
1574 | | */ |
1575 | | static uint32_t ptls_log_conn_maybe_active(ptls_log_conn_state_t *conn, const char *(*get_sni)(void *), void *get_sni_arg); |
1576 | | |
1577 | | /** |
1578 | | * Returns the number of log events that were unable to be emitted. |
1579 | | */ |
1580 | | size_t ptls_log_num_lost(void); |
1581 | | /** |
1582 | | * Registers an fd to the logger. A registered fd is automatically closed and removed when it is closed by the peer. |
1583 | | * @param sample_ratio sampling ratio between 0 and 1 |
1584 | | * @param points list of points to log, in the form of p1\0p2\0\0 (i.e., concatenated list of C strings with an empty string |
1585 | | * marking the end). An empty list means attach to all. |
1586 | | * @param snis list of SNIs to log, using the same form as points |
1587 | | * @param addresses list of IPv4/v6 addresses to log, using the same form as points |
1588 | | */ |
1589 | | int ptls_log_add_fd(int fd, float sample_ratio, const char *points, const char *snis, const char *addresses, int appdata); |
1590 | | |
1591 | | void ptls_log__recalc_point(int caller_locked, struct st_ptls_log_point_t *point); |
1592 | | void ptls_log__recalc_conn(int caller_locked, struct st_ptls_log_conn_state_t *conn, const char *(*get_sni)(void *), |
1593 | | void *get_sni_arg); |
1594 | | void ptls_log__do_push_element_safestr(const char *prefix, size_t prefix_len, const char *s, size_t l); |
1595 | | void ptls_log__do_push_element_unsafestr(const char *prefix, size_t prefix_len, const char *s, size_t l); |
1596 | | void ptls_log__do_push_element_hexdump(const char *prefix, size_t prefix_len, const void *s, size_t l); |
1597 | | void ptls_log__do_push_element_signed32(const char *prefix, size_t prefix_len, int32_t v); |
1598 | | void ptls_log__do_push_element_signed64(const char *prefix, size_t prefix_len, int64_t v); |
1599 | | void ptls_log__do_push_element_unsigned32(const char *prefix, size_t prefix_len, uint32_t v); |
1600 | | void ptls_log__do_push_element_unsigned64(const char *prefix, size_t prefix_len, uint64_t v); |
1601 | | void ptls_log__do_push_element_bool(const char *prefix, size_t prefix_len, int v); |
1602 | | void ptls_log__do_push_appdata_element_unsafestr(int includes_appdata, const char *prefix, size_t prefix_len, const char *s, |
1603 | | size_t l); |
1604 | | void ptls_log__do_push_appdata_element_hexdump(int includes_appdata, const char *prefix, size_t prefix_len, const void *s, |
1605 | | size_t l); |
1606 | | void ptls_log__do_write_start(struct st_ptls_log_point_t *point, int add_time); |
1607 | | int ptls_log__do_write_end(struct st_ptls_log_point_t *point, struct st_ptls_log_conn_state_t *conn, const char *(*get_sni)(void *), |
1608 | | void *get_sni_arg, int includes_appdata); |
1609 | | |
1610 | | /** |
1611 | | * create a client object to handle new TLS connection |
1612 | | */ |
1613 | | ptls_t *ptls_client_new(ptls_context_t *ctx); |
1614 | | /** |
1615 | | * create a server object to handle new TLS connection |
1616 | | */ |
1617 | | ptls_t *ptls_server_new(ptls_context_t *ctx); |
1618 | | /** |
1619 | | * creates an object handle new TLS connection |
1620 | | */ |
1621 | | static ptls_t *ptls_new(ptls_context_t *ctx, int is_server); |
1622 | | /** |
1623 | | * creates TLS 1.2 record layer for post-handshake communication |
1624 | | */ |
1625 | | int ptls_build_tls12_export_params(ptls_context_t *ctx, ptls_buffer_t *output, int is_server, int session_reused, |
1626 | | ptls_cipher_suite_t *cipher, const void *master_secret, const void *hello_randoms, |
1627 | | uint64_t next_send_record_iv, const char *server_name, ptls_iovec_t negotiated_protocol); |
1628 | | /** |
1629 | | * store the parameters of a post-handshake TLS connection so that it can be reconstructed later |
1630 | | */ |
1631 | | int ptls_export(ptls_t *tls, ptls_buffer_t *output); |
1632 | | /** |
1633 | | * create a post-handshake TLS connection object using given parameters |
1634 | | */ |
1635 | | int ptls_import(ptls_context_t *ctx, ptls_t **tls, ptls_iovec_t params); |
1636 | | /** |
1637 | | * releases all resources associated to the object |
1638 | | */ |
1639 | | void ptls_free(ptls_t *tls); |
1640 | | /** |
1641 | | * returns address of the crypto callbacks that the connection is using |
1642 | | */ |
1643 | | ptls_context_t *ptls_get_context(ptls_t *tls); |
1644 | | /** |
1645 | | * updates the context of a connection. Can be called from `on_client_hello` callback. |
1646 | | */ |
1647 | | void ptls_set_context(ptls_t *tls, ptls_context_t *ctx); |
1648 | | /** |
1649 | | * get the signature context |
1650 | | */ |
1651 | | ptls_async_job_t *ptls_get_async_job(ptls_t *tls); |
1652 | | /** |
1653 | | * returns the client-random |
1654 | | */ |
1655 | | ptls_iovec_t ptls_get_client_random(ptls_t *tls); |
1656 | | /** |
1657 | | * returns the cipher-suite being used |
1658 | | */ |
1659 | | ptls_cipher_suite_t *ptls_get_cipher(ptls_t *tls); |
1660 | | /** |
1661 | | * returns a supported cipher-suite given an id |
1662 | | */ |
1663 | | ptls_cipher_suite_t *ptls_find_cipher_suite(ptls_cipher_suite_t **cipher_suites, uint16_t id); |
1664 | | /** |
1665 | | * Returns protocol version (e.g., 0x0303 for TLS 1.2, 0x0304 for TLS 1.3). The result may be unstable prior to handshake |
1666 | | * completion. |
1667 | | */ |
1668 | | uint16_t ptls_get_protocol_version(ptls_t *tls); |
1669 | | /** |
1670 | | * Returns current state of traffic keys. The cipher-suite being used, as well as the length of the traffic keys, can be obtained |
1671 | | * via `ptls_get_cipher`. |
1672 | | * TODO: Even in case of offloading just the TX side, there should be API for handling key updates, sending Close aleart. |
1673 | | */ |
1674 | | int ptls_get_traffic_keys(ptls_t *tls, int is_enc, uint8_t *key, uint8_t *iv, uint64_t *seq); |
1675 | | /** |
1676 | | * returns the server-name (NULL if SNI is not used or failed to negotiate) |
1677 | | */ |
1678 | | const char *ptls_get_server_name(ptls_t *tls); |
1679 | | /** |
1680 | | * sets the server-name associated to the TLS connection. If server_name_len is zero, then strlen(server_name) is called to |
1681 | | * determine the length of the name. |
1682 | | * On the client-side, the value is used for certificate validation. The value will be also sent as an SNI extension, if it looks |
1683 | | * like a DNS name. |
1684 | | * On the server-side, it can be called from on_client_hello to indicate the acceptance of the SNI extension to the client. |
1685 | | */ |
1686 | | int ptls_set_server_name(ptls_t *tls, const char *server_name, size_t server_name_len); |
1687 | | /** |
1688 | | * returns the negotiated protocol (or NULL) |
1689 | | */ |
1690 | | const char *ptls_get_negotiated_protocol(ptls_t *tls); |
1691 | | /** |
1692 | | * sets the negotiated protocol. If protocol_len is zero, strlen(protocol) is called to determine the length of the protocol name. |
1693 | | */ |
1694 | | int ptls_set_negotiated_protocol(ptls_t *tls, const char *protocol, size_t protocol_len); |
1695 | | /** |
1696 | | * returns if the handshake has been completed |
1697 | | */ |
1698 | | int ptls_handshake_is_complete(ptls_t *tls); |
1699 | | /** |
1700 | | * returns if a PSK (or PSK-DHE) handshake was performed |
1701 | | */ |
1702 | | int ptls_is_psk_handshake(ptls_t *tls); |
1703 | | /** |
1704 | | * return if a ECH handshake was performed, as well as optionally the kem and cipher-suite being used |
1705 | | * FIXME: this function always return false when the TLS session is exported and imported |
1706 | | */ |
1707 | | int ptls_is_ech_handshake(ptls_t *tls, uint8_t *config_id, ptls_hpke_kem_t **kem, ptls_hpke_cipher_suite_t **cipher); |
1708 | | /** |
1709 | | * returns a pointer to user data pointer (client is reponsible for freeing the associated data prior to calling ptls_free) |
1710 | | */ |
1711 | | void **ptls_get_data_ptr(ptls_t *tls); |
1712 | | /** |
1713 | | * Returns `ptls_log_conn_state_t` of `ptls_t`. By default, the state is initialized by calling `ptls_log_init_conn_state`, but the |
1714 | | * behavior can be overidden by setting `ptls_log_conn_state_override`. |
1715 | | * This value can be changed by setting `ptls_log_random_override` or by calling `ptls_set_log_random`. |
1716 | | */ |
1717 | | ptls_log_conn_state_t *ptls_get_log_state(ptls_t *tls); |
1718 | | /** |
1719 | | * proceeds with the handshake, optionally taking some input from peer. The function returns zero in case the handshake completed |
1720 | | * successfully. PTLS_ERROR_IN_PROGRESS is returned in case the handshake is incomplete. Otherwise, an error value is returned. The |
1721 | | * contents of sendbuf should be sent to the client, regardless of whether if an error is returned. inlen is an argument used for |
1722 | | * both input and output. As an input, the arguments takes the size of the data available as input. Upon return the value is updated |
1723 | | * to the number of bytes consumed by the handshake. In case the returned value is PTLS_ERROR_IN_PROGRESS there is a guarantee that |
1724 | | * all the input are consumed (i.e. the value of inlen does not change). |
1725 | | */ |
1726 | | int ptls_handshake(ptls_t *tls, ptls_buffer_t *sendbuf, const void *input, size_t *inlen, ptls_handshake_properties_t *args); |
1727 | | /** |
1728 | | * decrypts the first record within given buffer |
1729 | | */ |
1730 | | int ptls_receive(ptls_t *tls, ptls_buffer_t *plaintextbuf, const void *input, size_t *len); |
1731 | | /** |
1732 | | * encrypts given buffer into multiple TLS records |
1733 | | */ |
1734 | | int ptls_send(ptls_t *tls, ptls_buffer_t *sendbuf, const void *input, size_t inlen); |
1735 | | /** |
1736 | | * updates the send traffic key (as well as asks the peer to update) |
1737 | | */ |
1738 | | int ptls_update_key(ptls_t *tls, int request_update); |
1739 | | /** |
1740 | | * Returns if the context is a server context. |
1741 | | */ |
1742 | | int ptls_is_server(ptls_t *tls); |
1743 | | /** |
1744 | | * returns per-record overhead |
1745 | | */ |
1746 | | size_t ptls_get_record_overhead(ptls_t *tls); |
1747 | | /** |
1748 | | * sends an alert |
1749 | | */ |
1750 | | int ptls_send_alert(ptls_t *tls, ptls_buffer_t *sendbuf, uint8_t level, uint8_t description); |
1751 | | /** |
1752 | | * |
1753 | | */ |
1754 | | int ptls_export_secret(ptls_t *tls, void *output, size_t outlen, const char *label, ptls_iovec_t context_value, int is_early); |
1755 | | /** |
1756 | | * build the body of a Certificate message. Can be called with tls set to NULL in order to create a precompressed message. |
1757 | | */ |
1758 | | int ptls_build_certificate_message(ptls_buffer_t *buf, ptls_iovec_t request_context, ptls_iovec_t *certificates, |
1759 | | size_t num_certificates, ptls_iovec_t ocsp_status); |
1760 | | /** |
1761 | | * |
1762 | | */ |
1763 | | int ptls_calc_hash(ptls_hash_algorithm_t *algo, void *output, const void *src, size_t len); |
1764 | | /** |
1765 | | * |
1766 | | */ |
1767 | | ptls_hash_context_t *ptls_hmac_create(ptls_hash_algorithm_t *algo, const void *key, size_t key_size); |
1768 | | /** |
1769 | | * |
1770 | | */ |
1771 | | int ptls_hkdf_extract(ptls_hash_algorithm_t *hash, void *output, ptls_iovec_t salt, ptls_iovec_t ikm); |
1772 | | /** |
1773 | | * |
1774 | | */ |
1775 | | int ptls_hkdf_expand(ptls_hash_algorithm_t *hash, void *output, size_t outlen, ptls_iovec_t prk, ptls_iovec_t info); |
1776 | | /** |
1777 | | * |
1778 | | */ |
1779 | | int ptls_hkdf_expand_label(ptls_hash_algorithm_t *algo, void *output, size_t outlen, ptls_iovec_t secret, const char *label, |
1780 | | ptls_iovec_t hash_value, const char *label_prefix); |
1781 | | /** |
1782 | | * The expansion function of TLS 1.2 defined in RFC 5426 section 5. When `label` is NULL, acts as P_<hash>, or if non-NULL, as PRF. |
1783 | | */ |
1784 | | int ptls_tls12_phash(ptls_hash_algorithm_t *algo, void *output, size_t outlen, ptls_iovec_t secret, const char *label, |
1785 | | ptls_iovec_t seed); |
1786 | | /** |
1787 | | * instantiates a symmetric cipher |
1788 | | */ |
1789 | | ptls_cipher_context_t *ptls_cipher_new(ptls_cipher_algorithm_t *algo, int is_enc, const void *key); |
1790 | | /** |
1791 | | * destroys a symmetric cipher |
1792 | | */ |
1793 | | void ptls_cipher_free(ptls_cipher_context_t *ctx); |
1794 | | /** |
1795 | | * initializes the IV; this function must be called prior to calling ptls_cipher_encrypt |
1796 | | */ |
1797 | | static void ptls_cipher_init(ptls_cipher_context_t *ctx, const void *iv); |
1798 | | /** |
1799 | | * Encrypts given text. The function must be used in a way that the output length would be equal to the input length. For example, |
1800 | | * when using a block cipher in ECB mode, `len` must be a multiple of the block size when using a block cipher. The length can be |
1801 | | * of any value when using a stream cipher or a block cipher in CTR mode. |
1802 | | */ |
1803 | | static void ptls_cipher_encrypt(ptls_cipher_context_t *ctx, void *output, const void *input, size_t len); |
1804 | | /** |
1805 | | * instantiates an AEAD cipher given a secret, which is expanded using hkdf to a set of key and iv |
1806 | | * @param aead |
1807 | | * @param hash |
1808 | | * @param is_enc 1 if creating a context for encryption, 0 if creating a context for decryption |
1809 | | * @param secret the secret. The size must be the digest length of the hash algorithm |
1810 | | * @return pointer to an AEAD context if successful, otherwise NULL |
1811 | | */ |
1812 | | ptls_aead_context_t *ptls_aead_new(ptls_aead_algorithm_t *aead, ptls_hash_algorithm_t *hash, int is_enc, const void *secret, |
1813 | | const char *label_prefix); |
1814 | | /** |
1815 | | * instantiates an AEAD cipher given key and iv |
1816 | | * @param aead |
1817 | | * @param is_enc 1 if creating a context for encryption, 0 if creating a context for decryption |
1818 | | * @return pointer to an AEAD context if successful, otherwise NULL |
1819 | | */ |
1820 | | ptls_aead_context_t *ptls_aead_new_direct(ptls_aead_algorithm_t *aead, int is_enc, const void *key, const void *iv); |
1821 | | /** |
1822 | | * destroys an AEAD cipher context |
1823 | | */ |
1824 | | void ptls_aead_free(ptls_aead_context_t *ctx); |
1825 | | /** |
1826 | | * Permutes the static IV by applying given bytes using bit-wise XOR. This API can be used for supplying nonces longer than 64- |
1827 | | * bits. |
1828 | | */ |
1829 | | void ptls_aead_xor_iv(ptls_aead_context_t *ctx, const void *bytes, size_t len); |
1830 | | static void ptls_aead_get_iv(ptls_aead_context_t *ctx, void *iv); |
1831 | | static void ptls_aead_set_iv(ptls_aead_context_t *ctx, const void *iv); |
1832 | | /** |
1833 | | * Encrypts one AEAD block, given input and output vectors. |
1834 | | */ |
1835 | | static size_t ptls_aead_encrypt(ptls_aead_context_t *ctx, void *output, const void *input, size_t inlen, uint64_t seq, |
1836 | | const void *aad, size_t aadlen); |
1837 | | /** |
1838 | | * Encrypts one AEAD block, as well as one block of ECB (for QUIC / DTLS packet number encryption). Depending on the AEAD engine |
1839 | | * being used, the two operations might run simultaneously. |
1840 | | */ |
1841 | | static void ptls_aead_encrypt_s(ptls_aead_context_t *ctx, void *output, const void *input, size_t inlen, uint64_t seq, |
1842 | | const void *aad, size_t aadlen, ptls_aead_supplementary_encryption_t *supp); |
1843 | | /** |
1844 | | * Encrypts one AEAD block, given a vector of vectors. |
1845 | | */ |
1846 | | static void ptls_aead_encrypt_v(ptls_aead_context_t *ctx, void *output, ptls_iovec_t *input, size_t incnt, uint64_t seq, |
1847 | | const void *aad, size_t aadlen); |
1848 | | /** |
1849 | | * Obsolete; new applications should use one of: `ptls_aead_encrypt`, `ptls_aead_encrypt_s`, `ptls_aead_encrypt_v`. |
1850 | | */ |
1851 | | static void ptls_aead_encrypt_init(ptls_aead_context_t *ctx, uint64_t seq, const void *aad, size_t aadlen); |
1852 | | /** |
1853 | | * Obsolete; see `ptls_aead_encrypt_init`. |
1854 | | */ |
1855 | | static size_t ptls_aead_encrypt_update(ptls_aead_context_t *ctx, void *output, const void *input, size_t inlen); |
1856 | | /** |
1857 | | * Obsolete; see `ptls_aead_encrypt_init`. |
1858 | | */ |
1859 | | static size_t ptls_aead_encrypt_final(ptls_aead_context_t *ctx, void *output); |
1860 | | /** |
1861 | | * decrypts an AEAD record |
1862 | | * @return number of bytes emitted to output if successful, or SIZE_MAX if the input is invalid (e.g. broken MAC) |
1863 | | */ |
1864 | | static size_t ptls_aead_decrypt(ptls_aead_context_t *ctx, void *output, const void *input, size_t inlen, uint64_t seq, |
1865 | | const void *aad, size_t aadlen); |
1866 | | /** |
1867 | | * Return the current read epoch (i.e., that of the message being received or to be) |
1868 | | */ |
1869 | | size_t ptls_get_read_epoch(ptls_t *tls); |
1870 | | /** |
1871 | | * Runs the handshake by dealing directly with handshake messages. Callers MUST delay supplying input to this function until the |
1872 | | * epoch of the input becomes equal to the value returned by `ptls_get_read_epoch()`. |
1873 | | * @param tls the TLS context |
1874 | | * @param sendbuf buffer to which the output will be written |
1875 | | * @param epoch_offsets start and end offset of the messages in each epoch. For example, when the server emits ServerHello between |
1876 | | * offset 0 and 38, the following handshake messages between offset 39 and 348, and a post-handshake message |
1877 | | * between 349 and 451, epoch_offsets will be {0,39,39,349,452} and the length of the sendbuf will be 452. |
1878 | | * This argument is an I/O argument. Applications can either reset sendbuf to empty and epoch_offsets and to |
1879 | | * all zero every time they invoke the function, or retain the values until the handshake completes so that |
1880 | | * data will be appended to sendbuf and epoch_offsets will be adjusted. |
1881 | | * @param in_epoch epoch of the input |
1882 | | * @param input input bytes (must be NULL when starting the handshake on the client side) |
1883 | | * @param inlen length of the input |
1884 | | * @param properties properties specific to the running handshake |
1885 | | * @return same as `ptls_handshake` |
1886 | | */ |
1887 | | int ptls_handle_message(ptls_t *tls, ptls_buffer_t *sendbuf, size_t epoch_offsets[5], size_t in_epoch, const void *input, |
1888 | | size_t inlen, ptls_handshake_properties_t *properties); |
1889 | | int ptls_client_handle_message(ptls_t *tls, ptls_buffer_t *sendbuf, size_t epoch_offsets[5], size_t in_epoch, const void *input, |
1890 | | size_t inlen, ptls_handshake_properties_t *properties); |
1891 | | int ptls_server_handle_message(ptls_t *tls, ptls_buffer_t *sendbuf, size_t epoch_offsets[5], size_t in_epoch, const void *input, |
1892 | | size_t inlen, ptls_handshake_properties_t *properties); |
1893 | | /** |
1894 | | * internal |
1895 | | */ |
1896 | | void ptls_aead__build_iv(ptls_aead_algorithm_t *algo, uint8_t *iv, const uint8_t *static_iv, uint64_t seq); |
1897 | | /** |
1898 | | * |
1899 | | */ |
1900 | | static void ptls_aead__do_encrypt(ptls_aead_context_t *ctx, void *output, const void *input, size_t inlen, uint64_t seq, |
1901 | | const void *aad, size_t aadlen, ptls_aead_supplementary_encryption_t *supp); |
1902 | | /** |
1903 | | * |
1904 | | */ |
1905 | | static void ptls_aead__do_encrypt_v(ptls_aead_context_t *ctx, void *_output, ptls_iovec_t *input, size_t incnt, uint64_t seq, |
1906 | | const void *aad, size_t aadlen); |
1907 | | /** |
1908 | | * internal |
1909 | | */ |
1910 | | void ptls__key_schedule_update_hash(ptls_key_schedule_t *sched, const uint8_t *msg, size_t msglen, int use_outer); |
1911 | | /** |
1912 | | * clears memory |
1913 | | */ |
1914 | | extern void (*volatile ptls_clear_memory)(void *p, size_t len); |
1915 | | /** |
1916 | | * constant-time memcmp |
1917 | | */ |
1918 | | extern int (*volatile ptls_mem_equal)(const void *x, const void *y, size_t len); |
1919 | | /** |
1920 | | * checks if a server name is an IP address. |
1921 | | */ |
1922 | | int ptls_server_name_is_ipaddr(const char *name); |
1923 | | /** |
1924 | | * encodes one ECH Config |
1925 | | */ |
1926 | | int ptls_ech_encode_config(ptls_buffer_t *buf, uint8_t config_id, ptls_hpke_kem_t *kem, ptls_iovec_t public_key, |
1927 | | ptls_hpke_cipher_suite_t **ciphers, uint8_t max_name_length, const char *public_name); |
1928 | | /** |
1929 | | * loads a certificate chain to ptls_context_t::certificates. `certificate.list` and each element of the list is allocated by |
1930 | | * malloc. It is the responsibility of the user to free them when discarding the TLS context. |
1931 | | */ |
1932 | | int ptls_load_certificates(ptls_context_t *ctx, char const *cert_pem_file); |
1933 | | /** |
1934 | | * SetupBaseS function of RFC 9180. Given `kem`, `algo`, `info`, and receiver's public key, returns an ephemeral public key and an |
1935 | | * AEAD context used for encrypting data. |
1936 | | */ |
1937 | | int ptls_hpke_setup_base_s(ptls_hpke_kem_t *kem, ptls_hpke_cipher_suite_t *cipher, ptls_iovec_t *pk_s, ptls_aead_context_t **ctx, |
1938 | | ptls_iovec_t pk_r, ptls_iovec_t info); |
1939 | | /** |
1940 | | * SetupBaseR function of RFC 9180. Given `kem`, `algo`, `info`, receiver's private key (`keyex`), and the esnder's public key, |
1941 | | * returns the AEAD context to be used for decrypting data. |
1942 | | */ |
1943 | | int ptls_hpke_setup_base_r(ptls_hpke_kem_t *kem, ptls_hpke_cipher_suite_t *cipher, ptls_key_exchange_context_t *keyex, |
1944 | | ptls_aead_context_t **ctx, ptls_iovec_t pk_s, ptls_iovec_t info); |
1945 | | /** |
1946 | | * |
1947 | | */ |
1948 | | char *ptls_hexdump(char *dst, const void *src, size_t len); |
1949 | | /** |
1950 | | * Builds a JSON-safe string without double quotes. Supplied buffer MUST be at least 6x + 1 bytes larger than the input. |
1951 | | */ |
1952 | | char *ptls_jsonescape(char *buf, const char *s, size_t len); |
1953 | | /** |
1954 | | * builds a v4-mapped address (i.e., ::ffff:192.0.2.1) |
1955 | | */ |
1956 | | void ptls_build_v4_mapped_v6_address(struct in6_addr *v6, const struct in_addr *v4); |
1957 | | |
1958 | | /** |
1959 | | * the default get_time callback |
1960 | | */ |
1961 | | extern ptls_get_time_t ptls_get_time; |
1962 | | /** |
1963 | | * default hash clone function that calls memcpy |
1964 | | */ |
1965 | | static void ptls_hash_clone_memcpy(void *dst, const void *src, size_t size); |
1966 | | |
1967 | | /* inline functions */ |
1968 | | |
1969 | | inline uint32_t ptls_log_point_maybe_active(struct st_ptls_log_point_t *point) |
1970 | 7.92k | { |
1971 | 7.92k | #if PTLS_HAVE_LOG |
1972 | 7.92k | if (PTLS_UNLIKELY(point->state.generation != ptls_log._generation)) |
1973 | 6 | ptls_log__recalc_point(0, point); |
1974 | 7.92k | return point->state.active_conns; |
1975 | | #else |
1976 | | return 0; |
1977 | | #endif |
1978 | 7.92k | } Unexecuted instantiation: fuzz-client-hello.c:ptls_log_point_maybe_active picotls.c:ptls_log_point_maybe_active Line | Count | Source | 1970 | 7.92k | { | 1971 | 7.92k | #if PTLS_HAVE_LOG | 1972 | 7.92k | if (PTLS_UNLIKELY(point->state.generation != ptls_log._generation)) | 1973 | 6 | ptls_log__recalc_point(0, point); | 1974 | 7.92k | return point->state.active_conns; | 1975 | | #else | 1976 | | return 0; | 1977 | | #endif | 1978 | 7.92k | } |
Unexecuted instantiation: hpke.c:ptls_log_point_maybe_active Unexecuted instantiation: openssl.c:ptls_log_point_maybe_active |
1979 | | |
1980 | | inline void ptls_log_recalc_conn_state(ptls_log_conn_state_t *state) |
1981 | 0 | { |
1982 | 0 | state->state.generation = 0; |
1983 | 0 | } Unexecuted instantiation: fuzz-client-hello.c:ptls_log_recalc_conn_state Unexecuted instantiation: picotls.c:ptls_log_recalc_conn_state Unexecuted instantiation: hpke.c:ptls_log_recalc_conn_state Unexecuted instantiation: openssl.c:ptls_log_recalc_conn_state |
1984 | | |
1985 | | inline uint32_t ptls_log_conn_maybe_active(ptls_log_conn_state_t *conn, const char *(*get_sni)(void *), void *get_sni_arg) |
1986 | 0 | { |
1987 | 0 | #if PTLS_HAVE_LOG |
1988 | 0 | if (PTLS_UNLIKELY(conn->state.generation != ptls_log._generation)) |
1989 | 0 | ptls_log__recalc_conn(0, conn, get_sni, get_sni_arg); |
1990 | 0 | return conn->state.active_conns; |
1991 | | #else |
1992 | | return 0; |
1993 | | #endif |
1994 | 0 | } Unexecuted instantiation: fuzz-client-hello.c:ptls_log_conn_maybe_active Unexecuted instantiation: picotls.c:ptls_log_conn_maybe_active Unexecuted instantiation: hpke.c:ptls_log_conn_maybe_active Unexecuted instantiation: openssl.c:ptls_log_conn_maybe_active |
1995 | | |
1996 | | inline ptls_t *ptls_new(ptls_context_t *ctx, int is_server) |
1997 | 2.17k | { |
1998 | 2.17k | return is_server ? ptls_server_new(ctx) : ptls_client_new(ctx); |
1999 | 2.17k | } fuzz-client-hello.c:ptls_new Line | Count | Source | 1997 | 2.17k | { | 1998 | 2.17k | return is_server ? ptls_server_new(ctx) : ptls_client_new(ctx); | 1999 | 2.17k | } |
Unexecuted instantiation: picotls.c:ptls_new Unexecuted instantiation: hpke.c:ptls_new Unexecuted instantiation: openssl.c:ptls_new |
2000 | | |
2001 | | inline ptls_iovec_t ptls_iovec_init(const void *p, size_t len) |
2002 | 26.0k | { |
2003 | | /* avoid the "return (ptls_iovec_t){(uint8_t *)p, len};" construct because it requires C99 |
2004 | | * and triggers a warning "C4204: nonstandard extension used: non-constant aggregate initializer" |
2005 | | * in Visual Studio */ |
2006 | 26.0k | ptls_iovec_t r; |
2007 | 26.0k | r.base = (uint8_t *)p; |
2008 | 26.0k | r.len = len; |
2009 | 26.0k | return r; |
2010 | 26.0k | } Unexecuted instantiation: fuzz-client-hello.c:ptls_iovec_init picotls.c:ptls_iovec_init Line | Count | Source | 2002 | 26.0k | { | 2003 | | /* avoid the "return (ptls_iovec_t){(uint8_t *)p, len};" construct because it requires C99 | 2004 | | * and triggers a warning "C4204: nonstandard extension used: non-constant aggregate initializer" | 2005 | | * in Visual Studio */ | 2006 | 26.0k | ptls_iovec_t r; | 2007 | 26.0k | r.base = (uint8_t *)p; | 2008 | 26.0k | r.len = len; | 2009 | 26.0k | return r; | 2010 | 26.0k | } |
Unexecuted instantiation: hpke.c:ptls_iovec_init Unexecuted instantiation: openssl.c:ptls_iovec_init |
2011 | | |
2012 | | inline void ptls_buffer_init(ptls_buffer_t *buf, void *smallbuf, size_t smallbuf_size) |
2013 | 11.0k | { |
2014 | 11.0k | assert(smallbuf != NULL); |
2015 | 11.0k | buf->base = (uint8_t *)smallbuf; |
2016 | 11.0k | buf->off = 0; |
2017 | 11.0k | buf->capacity = smallbuf_size; |
2018 | 11.0k | buf->is_allocated = 0; |
2019 | 11.0k | buf->align_bits = 0; |
2020 | 11.0k | } fuzz-client-hello.c:ptls_buffer_init Line | Count | Source | 2013 | 2.40k | { | 2014 | 2.40k | assert(smallbuf != NULL); | 2015 | 2.40k | buf->base = (uint8_t *)smallbuf; | 2016 | 2.40k | buf->off = 0; | 2017 | 2.40k | buf->capacity = smallbuf_size; | 2018 | 2.40k | buf->is_allocated = 0; | 2019 | 2.40k | buf->align_bits = 0; | 2020 | 2.40k | } |
picotls.c:ptls_buffer_init Line | Count | Source | 2013 | 8.61k | { | 2014 | 8.61k | assert(smallbuf != NULL); | 2015 | 8.61k | buf->base = (uint8_t *)smallbuf; | 2016 | 8.61k | buf->off = 0; | 2017 | 8.61k | buf->capacity = smallbuf_size; | 2018 | 8.61k | buf->is_allocated = 0; | 2019 | 8.61k | buf->align_bits = 0; | 2020 | 8.61k | } |
Unexecuted instantiation: hpke.c:ptls_buffer_init Unexecuted instantiation: openssl.c:ptls_buffer_init |
2021 | | |
2022 | | inline void ptls_buffer_dispose(ptls_buffer_t *buf) |
2023 | 125k | { |
2024 | 125k | ptls_buffer__release_memory(buf); |
2025 | 125k | *buf = (ptls_buffer_t){NULL, 0, 0, 0, 0}; |
2026 | 125k | } fuzz-client-hello.c:ptls_buffer_dispose Line | Count | Source | 2023 | 2.40k | { | 2024 | 2.40k | ptls_buffer__release_memory(buf); | 2025 | 2.40k | *buf = (ptls_buffer_t){NULL, 0, 0, 0, 0}; | 2026 | 2.40k | } |
picotls.c:ptls_buffer_dispose Line | Count | Source | 2023 | 123k | { | 2024 | 123k | ptls_buffer__release_memory(buf); | 2025 | 123k | *buf = (ptls_buffer_t){NULL, 0, 0, 0, 0}; | 2026 | 123k | } |
Unexecuted instantiation: hpke.c:ptls_buffer_dispose Unexecuted instantiation: openssl.c:ptls_buffer_dispose |
2027 | | |
2028 | | inline uint8_t *ptls_encode_quicint(uint8_t *p, uint64_t v) |
2029 | 0 | { |
2030 | 0 | if (PTLS_UNLIKELY(v > 63)) { |
2031 | 0 | if (PTLS_UNLIKELY(v > 16383)) { |
2032 | 0 | unsigned sb; |
2033 | 0 | if (PTLS_UNLIKELY(v > 1073741823)) { |
2034 | 0 | assert(v <= 4611686018427387903); |
2035 | 0 | *p++ = 0xc0 | (uint8_t)(v >> 56); |
2036 | 0 | sb = 6 * 8; |
2037 | 0 | } else { |
2038 | 0 | *p++ = 0x80 | (uint8_t)(v >> 24); |
2039 | 0 | sb = 2 * 8; |
2040 | 0 | } |
2041 | 0 | do { |
2042 | 0 | *p++ = (uint8_t)(v >> sb); |
2043 | 0 | } while ((sb -= 8) != 0); |
2044 | 0 | } else { |
2045 | 0 | *p++ = 0x40 | (uint8_t)((uint16_t)v >> 8); |
2046 | 0 | } |
2047 | 0 | } |
2048 | 0 | *p++ = (uint8_t)v; |
2049 | 0 | return p; |
2050 | 0 | } Unexecuted instantiation: fuzz-client-hello.c:ptls_encode_quicint Unexecuted instantiation: picotls.c:ptls_encode_quicint Unexecuted instantiation: hpke.c:ptls_encode_quicint Unexecuted instantiation: openssl.c:ptls_encode_quicint |
2051 | | |
2052 | | inline void ptls_cipher_init(ptls_cipher_context_t *ctx, const void *iv) |
2053 | 0 | { |
2054 | 0 | ctx->do_init(ctx, iv); |
2055 | 0 | } Unexecuted instantiation: fuzz-client-hello.c:ptls_cipher_init Unexecuted instantiation: picotls.c:ptls_cipher_init Unexecuted instantiation: hpke.c:ptls_cipher_init Unexecuted instantiation: openssl.c:ptls_cipher_init |
2056 | | |
2057 | | inline void ptls_cipher_encrypt(ptls_cipher_context_t *ctx, void *output, const void *input, size_t len) |
2058 | 0 | { |
2059 | 0 | ctx->do_transform(ctx, output, input, len); |
2060 | 0 | } Unexecuted instantiation: fuzz-client-hello.c:ptls_cipher_encrypt Unexecuted instantiation: picotls.c:ptls_cipher_encrypt Unexecuted instantiation: hpke.c:ptls_cipher_encrypt Unexecuted instantiation: openssl.c:ptls_cipher_encrypt |
2061 | | |
2062 | | inline void ptls_aead_get_iv(ptls_aead_context_t *ctx, void *iv) |
2063 | 0 | { |
2064 | 0 | ctx->do_get_iv(ctx, iv); |
2065 | 0 | } Unexecuted instantiation: fuzz-client-hello.c:ptls_aead_get_iv Unexecuted instantiation: picotls.c:ptls_aead_get_iv Unexecuted instantiation: hpke.c:ptls_aead_get_iv Unexecuted instantiation: openssl.c:ptls_aead_get_iv |
2066 | | |
2067 | | inline void ptls_aead_set_iv(ptls_aead_context_t *ctx, const void *iv) |
2068 | 0 | { |
2069 | 0 | ctx->do_set_iv(ctx, iv); |
2070 | 0 | } Unexecuted instantiation: fuzz-client-hello.c:ptls_aead_set_iv Unexecuted instantiation: picotls.c:ptls_aead_set_iv Unexecuted instantiation: hpke.c:ptls_aead_set_iv Unexecuted instantiation: openssl.c:ptls_aead_set_iv |
2071 | | |
2072 | | inline size_t ptls_aead_encrypt(ptls_aead_context_t *ctx, void *output, const void *input, size_t inlen, uint64_t seq, |
2073 | | const void *aad, size_t aadlen) |
2074 | 0 | { |
2075 | 0 | ctx->do_encrypt(ctx, output, input, inlen, seq, aad, aadlen, NULL); |
2076 | 0 | return inlen + ctx->algo->tag_size; |
2077 | 0 | } Unexecuted instantiation: fuzz-client-hello.c:ptls_aead_encrypt Unexecuted instantiation: picotls.c:ptls_aead_encrypt Unexecuted instantiation: hpke.c:ptls_aead_encrypt Unexecuted instantiation: openssl.c:ptls_aead_encrypt |
2078 | | |
2079 | | inline void ptls_aead_encrypt_s(ptls_aead_context_t *ctx, void *output, const void *input, size_t inlen, uint64_t seq, |
2080 | | const void *aad, size_t aadlen, ptls_aead_supplementary_encryption_t *supp) |
2081 | 0 | { |
2082 | 0 | ctx->do_encrypt(ctx, output, input, inlen, seq, aad, aadlen, supp); |
2083 | 0 | } Unexecuted instantiation: fuzz-client-hello.c:ptls_aead_encrypt_s Unexecuted instantiation: picotls.c:ptls_aead_encrypt_s Unexecuted instantiation: hpke.c:ptls_aead_encrypt_s Unexecuted instantiation: openssl.c:ptls_aead_encrypt_s |
2084 | | |
2085 | | inline void ptls_aead_encrypt_v(ptls_aead_context_t *ctx, void *output, ptls_iovec_t *input, size_t incnt, uint64_t seq, |
2086 | | const void *aad, size_t aadlen) |
2087 | 0 | { |
2088 | 0 | ctx->do_encrypt_v(ctx, output, input, incnt, seq, aad, aadlen); |
2089 | 0 | } Unexecuted instantiation: fuzz-client-hello.c:ptls_aead_encrypt_v Unexecuted instantiation: picotls.c:ptls_aead_encrypt_v Unexecuted instantiation: hpke.c:ptls_aead_encrypt_v Unexecuted instantiation: openssl.c:ptls_aead_encrypt_v |
2090 | | |
2091 | | inline void ptls_aead_encrypt_init(ptls_aead_context_t *ctx, uint64_t seq, const void *aad, size_t aadlen) |
2092 | 0 | { |
2093 | 0 | ctx->do_encrypt_init(ctx, seq, aad, aadlen); |
2094 | 0 | } Unexecuted instantiation: fuzz-client-hello.c:ptls_aead_encrypt_init Unexecuted instantiation: picotls.c:ptls_aead_encrypt_init Unexecuted instantiation: hpke.c:ptls_aead_encrypt_init Unexecuted instantiation: openssl.c:ptls_aead_encrypt_init |
2095 | | |
2096 | | inline size_t ptls_aead_encrypt_update(ptls_aead_context_t *ctx, void *output, const void *input, size_t inlen) |
2097 | 0 | { |
2098 | 0 | return ctx->do_encrypt_update(ctx, output, input, inlen); |
2099 | 0 | } Unexecuted instantiation: fuzz-client-hello.c:ptls_aead_encrypt_update Unexecuted instantiation: picotls.c:ptls_aead_encrypt_update Unexecuted instantiation: hpke.c:ptls_aead_encrypt_update Unexecuted instantiation: openssl.c:ptls_aead_encrypt_update |
2100 | | |
2101 | | inline size_t ptls_aead_encrypt_final(ptls_aead_context_t *ctx, void *output) |
2102 | 0 | { |
2103 | 0 | return ctx->do_encrypt_final(ctx, output); |
2104 | 0 | } Unexecuted instantiation: fuzz-client-hello.c:ptls_aead_encrypt_final Unexecuted instantiation: picotls.c:ptls_aead_encrypt_final Unexecuted instantiation: hpke.c:ptls_aead_encrypt_final Unexecuted instantiation: openssl.c:ptls_aead_encrypt_final |
2105 | | |
2106 | | inline void ptls_aead__do_encrypt(ptls_aead_context_t *ctx, void *output, const void *input, size_t inlen, uint64_t seq, |
2107 | | const void *aad, size_t aadlen, ptls_aead_supplementary_encryption_t *supp) |
2108 | 0 | { |
2109 | 0 | ptls_iovec_t invec = ptls_iovec_init(input, inlen); |
2110 | 0 | ctx->do_encrypt_v(ctx, output, &invec, 1, seq, aad, aadlen); |
2111 | |
|
2112 | 0 | if (supp != NULL) { |
2113 | 0 | ptls_cipher_init(supp->ctx, supp->input); |
2114 | 0 | memset(supp->output, 0, sizeof(supp->output)); |
2115 | 0 | ptls_cipher_encrypt(supp->ctx, supp->output, supp->output, sizeof(supp->output)); |
2116 | 0 | } |
2117 | 0 | } Unexecuted instantiation: fuzz-client-hello.c:ptls_aead__do_encrypt Unexecuted instantiation: picotls.c:ptls_aead__do_encrypt Unexecuted instantiation: hpke.c:ptls_aead__do_encrypt Unexecuted instantiation: openssl.c:ptls_aead__do_encrypt |
2118 | | |
2119 | | inline void ptls_aead__do_encrypt_v(ptls_aead_context_t *ctx, void *_output, ptls_iovec_t *input, size_t incnt, uint64_t seq, |
2120 | | const void *aad, size_t aadlen) |
2121 | 0 | { |
2122 | 0 | uint8_t *output = (uint8_t *)_output; |
2123 | |
|
2124 | 0 | ctx->do_encrypt_init(ctx, seq, aad, aadlen); |
2125 | 0 | for (size_t i = 0; i < incnt; ++i) |
2126 | 0 | output += ctx->do_encrypt_update(ctx, output, input[i].base, input[i].len); |
2127 | 0 | ctx->do_encrypt_final(ctx, output); |
2128 | 0 | } Unexecuted instantiation: fuzz-client-hello.c:ptls_aead__do_encrypt_v Unexecuted instantiation: picotls.c:ptls_aead__do_encrypt_v Unexecuted instantiation: hpke.c:ptls_aead__do_encrypt_v Unexecuted instantiation: openssl.c:ptls_aead__do_encrypt_v |
2129 | | |
2130 | | inline size_t ptls_aead_decrypt(ptls_aead_context_t *ctx, void *output, const void *input, size_t inlen, uint64_t seq, |
2131 | | const void *aad, size_t aadlen) |
2132 | 0 | { |
2133 | 0 | return ctx->do_decrypt(ctx, output, input, inlen, seq, aad, aadlen); |
2134 | 0 | } Unexecuted instantiation: fuzz-client-hello.c:ptls_aead_decrypt Unexecuted instantiation: picotls.c:ptls_aead_decrypt Unexecuted instantiation: hpke.c:ptls_aead_decrypt Unexecuted instantiation: openssl.c:ptls_aead_decrypt |
2135 | | |
2136 | | inline void ptls_hash_clone_memcpy(void *dst, const void *src, size_t size) |
2137 | 158 | { |
2138 | 158 | memcpy(dst, src, size); |
2139 | 158 | } Unexecuted instantiation: fuzz-client-hello.c:ptls_hash_clone_memcpy Unexecuted instantiation: picotls.c:ptls_hash_clone_memcpy Unexecuted instantiation: hpke.c:ptls_hash_clone_memcpy openssl.c:ptls_hash_clone_memcpy Line | Count | Source | 2137 | 158 | { | 2138 | 158 | memcpy(dst, src, size); | 2139 | 158 | } |
|
2140 | | |
2141 | | #define ptls_define_hash(name, ctx_type, init_func, update_func, final_func) \ |
2142 | | ptls_define_hash6(name, ctx_type, init_func, update_func, final_func, ptls_hash_clone_memcpy) |
2143 | | #define ptls_define_hash6(name, ctx_type, init_func, update_func, final_func, clone_func) \ |
2144 | | \ |
2145 | | struct name##_context_t { \ |
2146 | | ptls_hash_context_t super; \ |
2147 | | ctx_type ctx; \ |
2148 | | }; \ |
2149 | | \ |
2150 | | static void name##_update(ptls_hash_context_t *_ctx, const void *src, size_t len) \ |
2151 | 31.4k | { \ |
2152 | 31.4k | struct name##_context_t *ctx = (struct name##_context_t *)_ctx; \ |
2153 | 31.4k | update_func(&ctx->ctx, src, len); \ |
2154 | 31.4k | } \ Line | Count | Source | 2151 | 11.1k | { \ | 2152 | 11.1k | struct name##_context_t *ctx = (struct name##_context_t *)_ctx; \ | 2153 | 11.1k | update_func(&ctx->ctx, src, len); \ | 2154 | 11.1k | } \ |
Line | Count | Source | 2151 | 20.3k | { \ | 2152 | 20.3k | struct name##_context_t *ctx = (struct name##_context_t *)_ctx; \ | 2153 | 20.3k | update_func(&ctx->ctx, src, len); \ | 2154 | 20.3k | } \ |
Unexecuted instantiation: openssl.c:sha512_update |
2155 | | \ |
2156 | | static void name##_final(ptls_hash_context_t *_ctx, void *md, ptls_hash_final_mode_t mode) \ |
2157 | 17.1k | { \ |
2158 | 17.1k | struct name##_context_t *ctx = (struct name##_context_t *)_ctx; \ |
2159 | 17.1k | if (mode == PTLS_HASH_FINAL_MODE_SNAPSHOT) { \ |
2160 | 1.62k | ctx_type copy = ctx->ctx; \ |
2161 | 1.62k | final_func(©, md); \ |
2162 | 1.62k | ptls_clear_memory(©, sizeof(copy)); \ |
2163 | 1.62k | return; \ |
2164 | 1.62k | } \ |
2165 | 17.1k | if (md != NULL) \ |
2166 | 15.5k | final_func(&ctx->ctx, md); \ |
2167 | 15.5k | switch (mode) { \ |
2168 | 6.18k | case PTLS_HASH_FINAL_MODE_FREE: \ |
2169 | 6.18k | ptls_clear_memory(&ctx->ctx, sizeof(ctx->ctx)); \ |
2170 | 6.18k | free(ctx); \ |
2171 | 6.18k | break; \ |
2172 | 9.37k | case PTLS_HASH_FINAL_MODE_RESET: \ |
2173 | 9.37k | init_func(&ctx->ctx); \ |
2174 | 9.37k | break; \ |
2175 | 0 | default: \ |
2176 | 0 | assert(!"FIXME"); \ |
2177 | 0 | break; \ |
2178 | 15.5k | } \ |
2179 | 15.5k | } \ Line | Count | Source | 2157 | 6.13k | { \ | 2158 | 6.13k | struct name##_context_t *ctx = (struct name##_context_t *)_ctx; \ | 2159 | 6.13k | if (mode == PTLS_HASH_FINAL_MODE_SNAPSHOT) { \ | 2160 | 587 | ctx_type copy = ctx->ctx; \ | 2161 | 587 | final_func(©, md); \ | 2162 | 587 | ptls_clear_memory(©, sizeof(copy)); \ | 2163 | 587 | return; \ | 2164 | 587 | } \ | 2165 | 6.13k | if (md != NULL) \ | 2166 | 5.54k | final_func(&ctx->ctx, md); \ | 2167 | 5.54k | switch (mode) { \ | 2168 | 2.25k | case PTLS_HASH_FINAL_MODE_FREE: \ | 2169 | 2.25k | ptls_clear_memory(&ctx->ctx, sizeof(ctx->ctx)); \ | 2170 | 2.25k | free(ctx); \ | 2171 | 2.25k | break; \ | 2172 | 3.29k | case PTLS_HASH_FINAL_MODE_RESET: \ | 2173 | 3.29k | init_func(&ctx->ctx); \ | 2174 | 3.29k | break; \ | 2175 | 0 | default: \ | 2176 | 0 | assert(!"FIXME"); \ | 2177 | 0 | break; \ | 2178 | 5.54k | } \ | 2179 | 5.54k | } \ |
Line | Count | Source | 2157 | 11.0k | { \ | 2158 | 11.0k | struct name##_context_t *ctx = (struct name##_context_t *)_ctx; \ | 2159 | 11.0k | if (mode == PTLS_HASH_FINAL_MODE_SNAPSHOT) { \ | 2160 | 1.03k | ctx_type copy = ctx->ctx; \ | 2161 | 1.03k | final_func(©, md); \ | 2162 | 1.03k | ptls_clear_memory(©, sizeof(copy)); \ | 2163 | 1.03k | return; \ | 2164 | 1.03k | } \ | 2165 | 11.0k | if (md != NULL) \ | 2166 | 10.0k | final_func(&ctx->ctx, md); \ | 2167 | 10.0k | switch (mode) { \ | 2168 | 3.93k | case PTLS_HASH_FINAL_MODE_FREE: \ | 2169 | 3.93k | ptls_clear_memory(&ctx->ctx, sizeof(ctx->ctx)); \ | 2170 | 3.93k | free(ctx); \ | 2171 | 3.93k | break; \ | 2172 | 6.08k | case PTLS_HASH_FINAL_MODE_RESET: \ | 2173 | 6.08k | init_func(&ctx->ctx); \ | 2174 | 6.08k | break; \ | 2175 | 0 | default: \ | 2176 | 0 | assert(!"FIXME"); \ | 2177 | 0 | break; \ | 2178 | 10.0k | } \ | 2179 | 10.0k | } \ |
Unexecuted instantiation: openssl.c:sha512_final |
2180 | | \ |
2181 | | static ptls_hash_context_t *name##_clone(ptls_hash_context_t *_src) \ |
2182 | 158 | { \ |
2183 | 158 | struct name##_context_t *dst, *src = (struct name##_context_t *)_src; \ |
2184 | 158 | if ((dst = malloc(sizeof(*dst))) == NULL) \ |
2185 | 158 | return NULL; \ |
2186 | 158 | dst->super = src->super; \ |
2187 | 158 | clone_func(&dst->ctx, &src->ctx, sizeof(dst->ctx)); \ |
2188 | 158 | return &dst->super; \ |
2189 | 158 | } \ Line | Count | Source | 2182 | 94 | { \ | 2183 | 94 | struct name##_context_t *dst, *src = (struct name##_context_t *)_src; \ | 2184 | 94 | if ((dst = malloc(sizeof(*dst))) == NULL) \ | 2185 | 94 | return NULL; \ | 2186 | 94 | dst->super = src->super; \ | 2187 | 94 | clone_func(&dst->ctx, &src->ctx, sizeof(dst->ctx)); \ | 2188 | 94 | return &dst->super; \ | 2189 | 94 | } \ |
Line | Count | Source | 2182 | 64 | { \ | 2183 | 64 | struct name##_context_t *dst, *src = (struct name##_context_t *)_src; \ | 2184 | 64 | if ((dst = malloc(sizeof(*dst))) == NULL) \ | 2185 | 64 | return NULL; \ | 2186 | 64 | dst->super = src->super; \ | 2187 | 64 | clone_func(&dst->ctx, &src->ctx, sizeof(dst->ctx)); \ | 2188 | 64 | return &dst->super; \ | 2189 | 64 | } \ |
Unexecuted instantiation: openssl.c:sha512_clone |
2190 | | \ |
2191 | | static ptls_hash_context_t *name##_create(void) \ |
2192 | 6.03k | { \ |
2193 | 6.03k | struct name##_context_t *ctx; \ |
2194 | 6.03k | if ((ctx = malloc(sizeof(*ctx))) == NULL) \ |
2195 | 6.03k | return NULL; \ |
2196 | 6.03k | ctx->super = (ptls_hash_context_t){name##_update, name##_final, name##_clone}; \ |
2197 | 6.03k | init_func(&ctx->ctx); \ |
2198 | 6.03k | return &ctx->super; \ |
2199 | 6.03k | } Line | Count | Source | 2192 | 2.16k | { \ | 2193 | 2.16k | struct name##_context_t *ctx; \ | 2194 | 2.16k | if ((ctx = malloc(sizeof(*ctx))) == NULL) \ | 2195 | 2.16k | return NULL; \ | 2196 | 2.16k | ctx->super = (ptls_hash_context_t){name##_update, name##_final, name##_clone}; \ | 2197 | 2.16k | init_func(&ctx->ctx); \ | 2198 | 2.16k | return &ctx->super; \ | 2199 | 2.16k | } |
Line | Count | Source | 2192 | 3.86k | { \ | 2193 | 3.86k | struct name##_context_t *ctx; \ | 2194 | 3.86k | if ((ctx = malloc(sizeof(*ctx))) == NULL) \ | 2195 | 3.86k | return NULL; \ | 2196 | 3.86k | ctx->super = (ptls_hash_context_t){name##_update, name##_final, name##_clone}; \ | 2197 | 3.86k | init_func(&ctx->ctx); \ | 2198 | 3.86k | return &ctx->super; \ | 2199 | 3.86k | } |
Unexecuted instantiation: openssl.c:sha512_create |
2200 | | |
2201 | | #ifdef __cplusplus |
2202 | | } |
2203 | | #endif |
2204 | | |
2205 | | #endif |