1 /*
2  * nghttp2 - HTTP/2 C Library
3  *
4  * Copyright (c) 2021 Tatsuhiro Tsujikawa
5  *
6  * Permission is hereby granted, free of charge, to any person obtaining
7  * a copy of this software and associated documentation files (the
8  * "Software"), to deal in the Software without restriction, including
9  * without limitation the rights to use, copy, modify, merge, publish,
10  * distribute, sublicense, and/or sell copies of the Software, and to
11  * permit persons to whom the Software is furnished to do so, subject to
12  * the following conditions:
13  *
14  * The above copyright notice and this permission notice shall be
15  * included in all copies or substantial portions of the Software.
16  *
17  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
18  * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
19  * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
20  * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
21  * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
22  * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
23  * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
24  */
25 #ifndef SHRPX_QUIC_H
26 #define SHRPX_QUIC_H
27 
28 #include "shrpx.h"
29 
30 #include <stdint.h>
31 
32 #include <functional>
33 
34 #include <ngtcp2/ngtcp2.h>
35 
36 #include "network.h"
37 
38 using namespace nghttp2;
39 
40 namespace std {
41 template <> struct hash<ngtcp2_cid> {
42   std::size_t operator()(const ngtcp2_cid &cid) const noexcept {
43     // FNV-1a 64bits variant
44     constexpr uint64_t basis = 0xCBF29CE484222325ULL;
45     const uint8_t *p = cid.data, *end = cid.data + cid.datalen;
46     uint64_t h = basis;
47 
48     for (; p != end;) {
49       h ^= *p++;
50       h *= basis;
51     }
52 
53     return static_cast<size_t>(h);
54   }
55 };
56 } // namespace std
57 
58 bool operator==(const ngtcp2_cid &lhs, const ngtcp2_cid &rhs);
59 
60 namespace shrpx {
61 
62 struct UpstreamAddr;
63 
64 constexpr size_t SHRPX_QUIC_SCIDLEN = 20;
65 constexpr size_t SHRPX_QUIC_CID_PREFIXLEN = 8;
66 constexpr size_t SHRPX_QUIC_DECRYPTED_DCIDLEN = 16;
67 constexpr size_t SHRPX_QUIC_CID_ENCRYPTION_KEYLEN = 16;
68 constexpr size_t SHRPX_QUIC_MAX_UDP_PAYLOAD_SIZE = 1472;
69 constexpr size_t SHRPX_QUIC_STATELESS_RESET_SECRETLEN = 32;
70 constexpr size_t SHRPX_QUIC_TOKEN_SECRETLEN = 32;
71 constexpr size_t SHRPX_QUIC_CONN_CLOSE_PKTLEN = 256;
72 constexpr size_t SHRPX_QUIC_STATELESS_RESET_BURST = 100;
73 
74 ngtcp2_tstamp quic_timestamp();
75 
76 int quic_send_packet(const UpstreamAddr *faddr, const sockaddr *remote_sa,
77                      size_t remote_salen, const sockaddr *local_sa,
78                      size_t local_salen, const uint8_t *data, size_t datalen,
79                      size_t gso_size);
80 
81 int generate_quic_connection_id(ngtcp2_cid &cid, size_t cidlen);
82 
83 int generate_encrypted_quic_connection_id(ngtcp2_cid &cid, size_t cidlen,
84                                           const uint8_t *cid_prefix,
85                                           const uint8_t *key);
86 
87 int encrypt_quic_connection_id(uint8_t *dest, const uint8_t *src,
88                                const uint8_t *key);
89 
90 int decrypt_quic_connection_id(uint8_t *dest, const uint8_t *src,
91                                const uint8_t *key);
92 
93 int generate_quic_hashed_connection_id(ngtcp2_cid &dest,
94                                        const Address &remote_addr,
95                                        const Address &local_addr,
96                                        const ngtcp2_cid &cid);
97 
98 int generate_quic_stateless_reset_token(uint8_t *token, const ngtcp2_cid &cid,
99                                         const uint8_t *secret,
100                                         size_t secretlen);
101 
102 int generate_quic_stateless_reset_secret(uint8_t *secret);
103 
104 int generate_quic_token_secret(uint8_t *secret);
105 
106 int generate_retry_token(uint8_t *token, size_t &tokenlen, const sockaddr *sa,
107                          socklen_t salen, const ngtcp2_cid &retry_scid,
108                          const ngtcp2_cid &odcid, const uint8_t *token_secret);
109 
110 int verify_retry_token(ngtcp2_cid &odcid, const uint8_t *token, size_t tokenlen,
111                        const ngtcp2_cid &dcid, const sockaddr *sa,
112                        socklen_t salen, const uint8_t *token_secret);
113 
114 int generate_token(uint8_t *token, size_t &tokenlen, const sockaddr *sa,
115                    size_t salen, const uint8_t *token_secret);
116 
117 int verify_token(const uint8_t *token, size_t tokenlen, const sockaddr *sa,
118                  socklen_t salen, const uint8_t *token_secret);
119 
120 } // namespace shrpx
121 
122 #endif // SHRPX_QUIC_H
123