Skip to content

quic.h

Functions

Name
int wolfSSL_CTX_set_quic_method(WOLFSSL_CTX * ctx, const WOLFSSL_QUIC_METHOD * quic_method)
Activate QUIC protocol for a WOLFSSL_CTX and all derived WOLFSSL instances by providing the four callbacks required. The CTX needs to be a TLSv1.3 one.
int wolfSSL_set_quic_method(WOLFSSL * ssl, const WOLFSSL_QUIC_METHOD * quic_method)
Activate QUIC protocol for a WOLFSSL instance by providing the four callbacks required. The WOLFSSL needs to be a TLSv1.3 one.
int wolfSSL_is_quic(WOLFSSL * ssl)
Check if QUIC has been activated in a WOLFSSL instance.
WOLFSSL_ENCRYPTION_LEVEL wolfSSL_quic_read_level(const WOLFSSL * ssl)
Determine the encryption level for reads currently in use. Meaningful only when the WOLFSSL instance is using QUIC.
WOLFSSL_ENCRYPTION_LEVEL wolfSSL_quic_write_level(const WOLFSSL * ssl)
Determine the encryption level for writes currently in use. Meaningful only when the WOLFSSL instance is using QUIC.
void wolfSSL_set_quic_use_legacy_codepoint(WOLFSSL * ssl, int use_legacy)
Configure which QUIC version shall be used. Without calling this, the WOLFSSL will offer both (draft_27 and v1) to a server, resp. accept both from a client and negotiate the most recent one.
void wolfSSL_set_quic_transport_version(WOLFSSL * ssl, int version)
Configure which QUIC version shall be used.
int wolfSSL_get_quic_transport_version(const WOLFSSL * ssl)
Get the configured QUIC version.
int wolfSSL_set_quic_transport_params(WOLFSSL * ssl, const uint8_t * params, size_t params_len)
Set the QUIC transport parameters to use.
int wolfSSL_get_peer_quic_transport_version(const WOLFSSL * ssl)
Get the negotiated QUIC transport version. This will only give meaningful results when called after the respective TLS extensions have been seen from the peer.
void wolfSSL_get_peer_quic_transport_params(const WOLFSSL * ssl, const uint8_t ** out_params, size_t * out_params_len)
Get the negotiated QUIC transport parameters. This will only give meaningful results when called after the respective TLS extensions have been seen from the peer.
void wolfSSL_set_quic_early_data_enabled(WOLFSSL * ssl, int enabled)
Configure if Early Data is enabled. Intended for servers to signal this to clients.
size_t wolfSSL_quic_max_handshake_flight_len(const WOLFSSL * ssl, WOLFSSL_ENCRYPTION_LEVEL level)
Get advice on the amount of data that shall be "in flight", e.g. unacknowledged at the given encryption level. This is the amount of data the WOLFSSL instance is prepared to buffer.
int wolfSSL_provide_quic_data(WOLFSSL * ssl, WOLFSSL_ENCRYPTION_LEVEL level, const uint8_t * data, size_t len)
Pass decrypted CRYPTO data to the WOLFSSL instance for further processing. The encryption level between calls is only every allowed to increase and it is also checked that data records are complete before a change in encryption level is accepted.
WOLFSSL_API int wolfSSL_process_quic_post_handshake(WOLFSSL * ssl)
Process any CRYPTO records that have been provided after the handshake has completed. Will fail if called before that.
int wolfSSL_quic_read_write(WOLFSSL * ssl)
Process any CRYPTO records that have been provided during or after the handshake. Will progress the handshake if not already complete and otherwise work like wolfSSL_process_quic_post_handshake().
const WOLFSSL_EVP_CIPHER * wolfSSL_quic_get_aead(WOLFSSL * ssl)
Get the AEAD cipher negotiated in the TLS handshake.
int wolfSSL_quic_aead_is_gcm(const WOLFSSL_EVP_CIPHER * aead_cipher)
Check if the AEAD cipher is GCM.
int wolfSSL_quic_aead_is_ccm(const WOLFSSL_EVP_CIPHER * aead_cipher)
Check if the AEAD cipher is CCM.
int wolfSSL_quic_aead_is_chacha20(const WOLFSSL_EVP_CIPHER * aead_cipher)
Check if the AEAD cipher is CHACHA20.
WOLFSSL_API size_t wolfSSL_quic_get_aead_tag_len(const WOLFSSL_EVP_CIPHER * aead_cipher)
Determine the tag length for the AEAD cipher.
WOLFSSL_API const WOLFSSL_EVP_MD * wolfSSL_quic_get_md(WOLFSSL * ssl)
Determine the message digest negotiated in the TLS handshake.
const WOLFSSL_EVP_CIPHER * wolfSSL_quic_get_hp(WOLFSSL * ssl)
Determine the header protection cipher negotiated in the TLS handshake.
WOLFSSL_EVP_CIPHER_CTX * wolfSSL_quic_crypt_new(const WOLFSSL_EVP_CIPHER * cipher, const uint8_t * key, const uint8_t * iv, int encrypt)
Create a cipher context for en-/decryption.
int wolfSSL_quic_aead_encrypt(uint8_t * dest, WOLFSSL_EVP_CIPHER_CTX * aead_ctx, const uint8_t * plain, size_t plainlen, const uint8_t * iv, const uint8_t * aad, size_t aadlen)
Encrypt the plain text in the given context.
int wolfSSL_quic_aead_decrypt(uint8_t * dest, WOLFSSL_EVP_CIPHER_CTX * ctx, const uint8_t * enc, size_t enclen, const uint8_t * iv, const uint8_t * aad, size_t aadlen)
Decrypt the cipher text in the given context.
int wolfSSL_quic_hkdf_extract(uint8_t * dest, const WOLFSSL_EVP_MD * md, const uint8_t * secret, size_t secretlen, const uint8_t * salt, size_t saltlen)
Extract a pseudo random key.
int wolfSSL_quic_hkdf_expand(uint8_t * dest, size_t destlen, const WOLFSSL_EVP_MD * md, const uint8_t * secret, size_t secretlen, const uint8_t * info, size_t infolen)
Expand a pseudo random key into a new key.
int wolfSSL_quic_hkdf(uint8_t * dest, size_t destlen, const WOLFSSL_EVP_MD * md, const uint8_t * secret, size_t secretlen, const uint8_t * salt, size_t saltlen, const uint8_t * info, size_t infolen)
Expand and Extract a pseudo random key.

Attributes

Name
int()(WOLFSSL ssl, WOLFSSL_ENCRYPTION_LEVEL level, const uint8_t read_secret, const uint8_t write_secret, size_t secret_len) set_encryption_secrets
Callback invoked when secrets are generated during a handshake. Since QUIC protocol handlers perform the en-/decryption of packets, they need the negotiated secrets for the levels early_data/handshake/application.
int()(WOLFSSL ssl, WOLFSSL_ENCRYPTION_LEVEL level, const uint8_t *data, size_t len) add_handshake_data
Callback invoked for forwarding handshake CRYPTO data to peer. The data forwarded this way is not encrypted. It is the job of the QUIC protocol implementation to do this. Which secrets are to be used is determined by the encryption level specified.
int()(WOLFSSL ssl) flush_flight
Callback invoked for advisory flushing of the data to send.
int()(WOLFSSL ssl, WOLFSSL_ENCRYPTION_LEVEL level, uint8_t alert) send_alert
Callback invoked when an SSL alert happened during processing.

Functions Documentation

function wolfSSL_CTX_set_quic_method

int wolfSSL_CTX_set_quic_method(
    WOLFSSL_CTX * ctx,
    const WOLFSSL_QUIC_METHOD * quic_method
)

Activate QUIC protocol for a WOLFSSL_CTX and all derived WOLFSSL instances by providing the four callbacks required. The CTX needs to be a TLSv1.3 one.

Parameters:

  • ctx - a pointer to a WOLFSSL_CTX structure, created using wolfSSL_CTX_new().
  • quic_method - the callback structure

See:

Return: WOLFSSL_SUCCESS If successful.

The passed quic_method needs to have a lifetime outlasting the SSL instances. It is not copied. All callbacks need to be provided.

function wolfSSL_set_quic_method

int wolfSSL_set_quic_method(
    WOLFSSL * ssl,
    const WOLFSSL_QUIC_METHOD * quic_method
)

Activate QUIC protocol for a WOLFSSL instance by providing the four callbacks required. The WOLFSSL needs to be a TLSv1.3 one.

Parameters:

  • ssl - a pointer to a WOLFSSL structure, created using wolfSSL_new().
  • quic_method - the callback structure

See:

Return: WOLFSSL_SUCCESS If successful.

The passed quic_method needs to have a lifetime outlasting the SSL instance. It is not copied. All callbacks need to be provided.

function wolfSSL_is_quic

int wolfSSL_is_quic(
    WOLFSSL * ssl
)

Check if QUIC has been activated in a WOLFSSL instance.

Parameters:

  • ssl - a pointer to a WOLFSSL structure, created using wolfSSL_new().

See:

Return: 1 if WOLFSSL is using QUIC.

function wolfSSL_quic_read_level

WOLFSSL_ENCRYPTION_LEVEL wolfSSL_quic_read_level(
    const WOLFSSL * ssl
)

Determine the encryption level for reads currently in use. Meaningful only when the WOLFSSL instance is using QUIC.

Parameters:

  • ssl - a pointer to a WOLFSSL structure, created using wolfSSL_new().

See: wolfSSL_quic_write_level

Return: encryption level.

Note that the effective level is always a parameter when passing data back and forth. Data from a peer might arrive at other levels than reported via this function.

function wolfSSL_quic_write_level

WOLFSSL_ENCRYPTION_LEVEL wolfSSL_quic_write_level(
    const WOLFSSL * ssl
)

Determine the encryption level for writes currently in use. Meaningful only when the WOLFSSL instance is using QUIC.

Parameters:

  • ssl - a pointer to a WOLFSSL structure, created using wolfSSL_new().

See: wolfSSL_quic_read_level

Return: encryption level.

Note that the effective level is always a parameter when passing data back and forth. Data from a peer might arrive at other levels than reported via this function.

function wolfSSL_set_quic_use_legacy_codepoint

void wolfSSL_set_quic_use_legacy_codepoint(
    WOLFSSL * ssl,
    int use_legacy
)

Configure which QUIC version shall be used. Without calling this, the WOLFSSL will offer both (draft-27 and v1) to a server, resp. accept both from a client and negotiate the most recent one.

Parameters:

  • ssl - a pointer to a WOLFSSL structure, created using wolfSSL_new().
  • use_legacy - true if draft-27 shall be used, 0 if only QUICv1 is used.

See: wolfSSL_set_quic_transport_version

Return: WOLFSSL_SUCCESS If successful.

function wolfSSL_set_quic_transport_version

void wolfSSL_set_quic_transport_version(
    WOLFSSL * ssl,
    int version
)

Configure which QUIC version shall be used.

Parameters:

  • ssl - a pointer to a WOLFSSL structure, created using wolfSSL_new().
  • version - the TLS Extension defined for the QUIC version.

See: wolfSSL_set_quic_use_legacy_codepoint

Return: WOLFSSL_SUCCESS If successful.

function wolfSSL_get_quic_transport_version

int wolfSSL_get_quic_transport_version(
    const WOLFSSL * ssl
)

Get the configured QUIC version.

Parameters:

  • ssl - a pointer to a WOLFSSL structure, created using wolfSSL_new().

See:

Return: TLS Extension of configured version.

function wolfSSL_set_quic_transport_params

int wolfSSL_set_quic_transport_params(
    WOLFSSL * ssl,
    const uint8_t * params,
    size_t params_len
)

Set the QUIC transport parameters to use.

Parameters:

  • ssl - a pointer to a WOLFSSL structure, created using wolfSSL_new().
  • params - the parameter bytes to use ¬∑param params_len - the length of the parameters

See:

Return: WOLFSSL_SUCCESS If successful.

function wolfSSL_get_peer_quic_transport_version

int wolfSSL_get_peer_quic_transport_version(
    const WOLFSSL * ssl
)

Get the negotiated QUIC transport version. This will only give meaningful results when called after the respective TLS extensions have been seen from the peer.

Parameters:

  • ssl - a pointer to a WOLFSSL structure, created using wolfSSL_new().

See:

Return: the negotiated version or -1.

function wolfSSL_get_peer_quic_transport_params

void wolfSSL_get_peer_quic_transport_params(
    const WOLFSSL * ssl,
    const uint8_t ** out_params,
    size_t * out_params_len
)

Get the negotiated QUIC transport parameters. This will only give meaningful results when called after the respective TLS extensions have been seen from the peer.

Parameters:

  • ssl - a pointer to a WOLFSSL structure, created using wolfSSL_new().
  • out_params - the parameters sent be the peer, set to NULL if not available.
  • out_params_len - the length of the parameters sent be the peer, set to 0 if not available

See: wolfSSL_get_peer_quic_transport_version

function wolfSSL_set_quic_early_data_enabled

void wolfSSL_set_quic_early_data_enabled(
    WOLFSSL * ssl,
    int enabled
)

Configure if Early Data is enabled. Intended for servers to signal this to clients.

Parameters:

  • ssl - a pointer to a WOLFSSL structure, created using wolfSSL_new().
  • enabled - != 0 iff early data is enabled

function wolfSSL_quic_max_handshake_flight_len

size_t wolfSSL_quic_max_handshake_flight_len(
    const WOLFSSL * ssl,
    WOLFSSL_ENCRYPTION_LEVEL level
)

Get advice on the amount of data that shall be "in flight", e.g. unacknowledged at the given encryption level. This is the amount of data the WOLFSSL instance is prepared to buffer.

Parameters:

  • ssl - a pointer to a WOLFSSL structure, created using wolfSSL_new().
  • level - the encryption level to inquire about

Return: the recommend max data in flight

function wolfSSL_provide_quic_data

int wolfSSL_provide_quic_data(
    WOLFSSL * ssl,
    WOLFSSL_ENCRYPTION_LEVEL level,
    const uint8_t * data,
    size_t len
)

Pass decrypted CRYPTO data to the WOLFSSL instance for further processing. The encryption level between calls is only every allowed to increase and it is also checked that data records are complete before a change in encryption level is accepted.

Parameters:

  • ssl - a pointer to a WOLFSSL structure, created using wolfSSL_new().
  • level - the level the data was encrypted at
  • data - the data itself
  • len - the length of the data

See:

Return: WOLFSSL_SUCCESS If successful.

function wolfSSL_process_quic_post_handshake

WOLFSSL_API int wolfSSL_process_quic_post_handshake(
    WOLFSSL * ssl
)

Process any CRYPTO records that have been provided after the handshake has completed. Will fail if called before that.

Parameters:

  • ssl - a pointer to a WOLFSSL structure, created using wolfSSL_new().

See:

Return: WOLFSSL_SUCCESS If successful.

function wolfSSL_quic_read_write

int wolfSSL_quic_read_write(
    WOLFSSL * ssl
)

Process any CRYPTO records that have been provided during or after the handshake. Will progress the handshake if not already complete and otherwise work like wolfSSL_process_quic_post_handshake().

Parameters:

  • ssl - a pointer to a WOLFSSL structure, created using wolfSSL_new().

See:

Return: WOLFSSL_SUCCESS If successful.

function wolfSSL_quic_get_aead

const WOLFSSL_EVP_CIPHER * wolfSSL_quic_get_aead(
    WOLFSSL * ssl
)

Get the AEAD cipher negotiated in the TLS handshake.

Parameters:

  • ssl - a pointer to a WOLFSSL structure, created using wolfSSL_new().

See:

Return: negotiated cipher or NULL if not determined.

function wolfSSL_quic_aead_is_gcm

int wolfSSL_quic_aead_is_gcm(
    const WOLFSSL_EVP_CIPHER * aead_cipher
)

Check if the AEAD cipher is GCM.

Parameters:

  • cipher - the cipher

See:

Return: != 0 iff the AEAD cipher is GCM.

function wolfSSL_quic_aead_is_ccm

int wolfSSL_quic_aead_is_ccm(
    const WOLFSSL_EVP_CIPHER * aead_cipher
)

Check if the AEAD cipher is CCM.

Parameters:

  • cipher - the cipher

See:

Return: != 0 iff the AEAD cipher is CCM.

function wolfSSL_quic_aead_is_chacha20

int wolfSSL_quic_aead_is_chacha20(
    const WOLFSSL_EVP_CIPHER * aead_cipher
)

Check if the AEAD cipher is CHACHA20.

Parameters:

  • cipher - the cipher

See:

Return: != 0 iff the AEAD cipher is CHACHA20.

function wolfSSL_quic_get_aead_tag_len

WOLFSSL_API size_t wolfSSL_quic_get_aead_tag_len(
    const WOLFSSL_EVP_CIPHER * aead_cipher
)

Determine the tag length for the AEAD cipher.

Parameters:

  • cipher - the cipher

See: wolfSSL_quic_get_aead

Return: tag length of AEAD cipher.

function wolfSSL_quic_get_md

WOLFSSL_API const WOLFSSL_EVP_MD * wolfSSL_quic_get_md(
    WOLFSSL * ssl
)

Determine the message digest negotiated in the TLS handshake.

Parameters:

  • ssl - a pointer to a WOLFSSL structure, created using wolfSSL_new().

See:

Return: the message digest negotiated in the TLS handshake

function wolfSSL_quic_get_hp

const WOLFSSL_EVP_CIPHER * wolfSSL_quic_get_hp(
    WOLFSSL * ssl
)

Determine the header protection cipher negotiated in the TLS handshake.

Parameters:

  • ssl - a pointer to a WOLFSSL structure, created using wolfSSL_new().

See:

Return: the header protection cipher negotiated in the TLS handshake

function wolfSSL_quic_crypt_new

WOLFSSL_EVP_CIPHER_CTX * wolfSSL_quic_crypt_new(
    const WOLFSSL_EVP_CIPHER * cipher,
    const uint8_t * key,
    const uint8_t * iv,
    int encrypt
)

Create a cipher context for en-/decryption.

Parameters:

  • cipher - the cipher to use in the context.
  • key - the key to use in the context.
  • iv - the iv to use in the context.
  • encrypt - != 0 if for encryption, otherwise decryption

See:

Return: the created context or NULL in case of errors.

function wolfSSL_quic_aead_encrypt

int wolfSSL_quic_aead_encrypt(
    uint8_t * dest,
    WOLFSSL_EVP_CIPHER_CTX * aead_ctx,
    const uint8_t * plain,
    size_t plainlen,
    const uint8_t * iv,
    const uint8_t * aad,
    size_t aadlen
)

Encrypt the plain text in the given context.

Parameters:

  • dest - destination where encrypted data is to be written
  • aead_ctx - the cipher context to use
  • plain - the plain data to encrypt
  • plainlen - the length of the plain data
  • iv - the iv to use
  • aad - the add to use
  • aadlen - the length of the aad

See:

Return: WOLFSSL_SUCCESS If successful.

function wolfSSL_quic_aead_decrypt

int wolfSSL_quic_aead_decrypt(
    uint8_t * dest,
    WOLFSSL_EVP_CIPHER_CTX * ctx,
    const uint8_t * enc,
    size_t enclen,
    const uint8_t * iv,
    const uint8_t * aad,
    size_t aadlen
)

Decrypt the cipher text in the given context.

Parameters:

  • dest - destination where plain text is to be written
  • ctx - the cipher context to use
  • enc - the encrypted data to decrypt
  • envlen - the length of the encrypted data
  • iv - the iv to use
  • aad - the add to use
  • aadlen - the length of the aad

See:

Return: WOLFSSL_SUCCESS If successful.

function wolfSSL_quic_hkdf_extract

int wolfSSL_quic_hkdf_extract(
    uint8_t * dest,
    const WOLFSSL_EVP_MD * md,
    const uint8_t * secret,
    size_t secretlen,
    const uint8_t * salt,
    size_t saltlen
)

Extract a pseudo random key.

Parameters:

  • dest - destination where key is to be written
  • md - message digest to use
  • secret - the secret to use
  • secretlen - the length of the secret
  • salt - the salt to use
  • saltlen - the length of the salt

See:

Return: WOLFSSL_SUCCESS If successful.

function wolfSSL_quic_hkdf_expand

int wolfSSL_quic_hkdf_expand(
    uint8_t * dest,
    size_t destlen,
    const WOLFSSL_EVP_MD * md,
    const uint8_t * secret,
    size_t secretlen,
    const uint8_t * info,
    size_t infolen
)

Expand a pseudo random key into a new key.

Parameters:

  • dest - destination where key is to be written
  • destlen - length of the key to expand
  • md - message digest to use
  • secret - the secret to use
  • secretlen - the length of the secret
  • info - the info to use
  • infolen - the length of the info

See:

Return: WOLFSSL_SUCCESS If successful.

function wolfSSL_quic_hkdf

int wolfSSL_quic_hkdf(
    uint8_t * dest,
    size_t destlen,
    const WOLFSSL_EVP_MD * md,
    const uint8_t * secret,
    size_t secretlen,
    const uint8_t * salt,
    size_t saltlen,
    const uint8_t * info,
    size_t infolen
)

Expand and Extract a pseudo random key.

Parameters:

  • dest - destination where key is to be written
  • destlen - length of the key
  • md - message digest to use
  • secret - the secret to use
  • secretlen - the length of the secret
  • salt - the salt to use
  • saltlen - the length of the salt
  • info - the info to use
  • infolen - the length of the info

See:

Return: WOLFSSL_SUCCESS If successful.

Attributes Documentation

variable set_encryption_secrets

int(*)(WOLFSSL *ssl, WOLFSSL_ENCRYPTION_LEVEL level, const uint8_t *read_secret, const uint8_t *write_secret, size_t secret_len) set_encryption_secrets;

Callback invoked when secrets are generated during a handshake. Since QUIC protocol handlers perform the en-/decryption of packets, they need the negotiated secrets for the levels early_data/handshake/application.

Parameters:

  • ssl - a pointer to a WOLFSSL structure, created using wolfSSL_new().
  • level - the encryption level the secrets are for
  • read_secret - the secret used in decryption at the given level, may be NULL.
  • write_secret - the secret used in encryption at the given level, may be NULL.
  • secret_len - the length of the secret

See: wolfSSL_set_quic_method

Return: 1 on success, 0 on failure.

The callback will be invoked several times during a handshake. Either both or only the read or write secret might be provided. This does not mean the given encryption level is already in effect.

variable add_handshake_data

int(*)(WOLFSSL *ssl, WOLFSSL_ENCRYPTION_LEVEL level, const uint8_t *data, size_t len) add_handshake_data;

Callback invoked for forwarding handshake CRYPTO data to peer. The data forwarded this way is not encrypted. It is the job of the QUIC protocol implementation to do this. Which secrets are to be used is determined by the encryption level specified.

Parameters:

  • ssl - a pointer to a WOLFSSL structure, created using wolfSSL_new().
  • level - the encryption level to use for encrypting the data
  • data - the data itself
  • len - the length of the data

See: wolfSSL_set_quic_method

Return: 1 on success, 0 on failure.

This callback may be invoked several times during handshake or post handshake processing. The data may cover a complete CRYPTO record, but may also be partial. However, the callback will have received all records data before using another encryption level.

variable flush_flight

int(*)(WOLFSSL *ssl) flush_flight;

Callback invoked for advisory flushing of the data to send.

Parameters:

  • ssl - a pointer to a WOLFSSL structure, created using wolfSSL_new().

See: wolfSSL_set_quic_method

Return: 1 on success, 0 on failure.

variable send_alert

int(*)(WOLFSSL *ssl, WOLFSSL_ENCRYPTION_LEVEL level, uint8_t alert) send_alert;

Callback invoked when an SSL alert happened during processing.

Parameters:

  • ssl - a pointer to a WOLFSSL structure, created using wolfSSL_new().
  • level - the encryption level in effect when the alert happened
  • alert - the error

See: wolfSSL_set_quic_method

Return: 1 on success, 0 on failure.

Source code


int (*set_encryption_secrets)(WOLFSSL *ssl, WOLFSSL_ENCRYPTION_LEVEL level,
                              const uint8_t *read_secret,
                              const uint8_t *write_secret, size_t secret_len);

int (*add_handshake_data)(WOLFSSL *ssl, WOLFSSL_ENCRYPTION_LEVEL level,
                          const uint8_t *data, size_t len);

int (*flush_flight)(WOLFSSL *ssl);

int (*send_alert)(WOLFSSL *ssl, WOLFSSL_ENCRYPTION_LEVEL level, uint8_t alert);

int wolfSSL_CTX_set_quic_method(WOLFSSL_CTX *ctx, const WOLFSSL_QUIC_METHOD *quic_method);

int wolfSSL_set_quic_method(WOLFSSL *ssl, const WOLFSSL_QUIC_METHOD *quic_method);

int wolfSSL_is_quic(WOLFSSL *ssl);

WOLFSSL_ENCRYPTION_LEVEL wolfSSL_quic_read_level(const WOLFSSL *ssl);

WOLFSSL_ENCRYPTION_LEVEL wolfSSL_quic_write_level(const WOLFSSL *ssl);


void wolfSSL_set_quic_use_legacy_codepoint(WOLFSSL *ssl, int use_legacy);

void wolfSSL_set_quic_transport_version(WOLFSSL *ssl, int version);

int wolfSSL_get_quic_transport_version(const WOLFSSL *ssl);

int wolfSSL_set_quic_transport_params(WOLFSSL *ssl, const uint8_t *params, size_t params_len);

int wolfSSL_get_peer_quic_transport_version(const WOLFSSL *ssl);

void wolfSSL_get_peer_quic_transport_params(const WOLFSSL *ssl, const uint8_t **out_params, size_t *out_params_len);


void wolfSSL_set_quic_early_data_enabled(WOLFSSL *ssl, int enabled);

size_t wolfSSL_quic_max_handshake_flight_len(const WOLFSSL *ssl, WOLFSSL_ENCRYPTION_LEVEL level);


int wolfSSL_provide_quic_data(WOLFSSL *ssl, WOLFSSL_ENCRYPTION_LEVEL level, const uint8_t *data, size_t len);

WOLFSSL_API int wolfSSL_process_quic_post_handshake(WOLFSSL *ssl);

int wolfSSL_quic_read_write(WOLFSSL *ssl);

const WOLFSSL_EVP_CIPHER *wolfSSL_quic_get_aead(WOLFSSL *ssl);

int wolfSSL_quic_aead_is_gcm(const WOLFSSL_EVP_CIPHER *aead_cipher);

int wolfSSL_quic_aead_is_ccm(const WOLFSSL_EVP_CIPHER *aead_cipher);

int wolfSSL_quic_aead_is_chacha20(const WOLFSSL_EVP_CIPHER *aead_cipher);

WOLFSSL_API size_t wolfSSL_quic_get_aead_tag_len(const WOLFSSL_EVP_CIPHER *aead_cipher);

WOLFSSL_API const WOLFSSL_EVP_MD *wolfSSL_quic_get_md(WOLFSSL *ssl);

const WOLFSSL_EVP_CIPHER *wolfSSL_quic_get_hp(WOLFSSL *ssl);

WOLFSSL_EVP_CIPHER_CTX *wolfSSL_quic_crypt_new(const WOLFSSL_EVP_CIPHER *cipher,
                                               const uint8_t *key, const uint8_t *iv, int encrypt);

int wolfSSL_quic_aead_encrypt(uint8_t *dest, WOLFSSL_EVP_CIPHER_CTX *aead_ctx,
                              const uint8_t *plain, size_t plainlen,
                              const uint8_t *iv, const uint8_t *aad, size_t aadlen);

int wolfSSL_quic_aead_decrypt(uint8_t *dest, WOLFSSL_EVP_CIPHER_CTX *ctx,
                              const uint8_t *enc, size_t enclen,
                              const uint8_t *iv, const uint8_t *aad, size_t aadlen);

int wolfSSL_quic_hkdf_extract(uint8_t *dest, const WOLFSSL_EVP_MD *md,
                              const uint8_t *secret, size_t secretlen,
                              const uint8_t *salt, size_t saltlen);

int wolfSSL_quic_hkdf_expand(uint8_t *dest, size_t destlen,
                             const WOLFSSL_EVP_MD *md,
                             const uint8_t *secret, size_t secretlen,
                             const uint8_t *info, size_t infolen);

int wolfSSL_quic_hkdf(uint8_t *dest, size_t destlen,
                      const WOLFSSL_EVP_MD *md,
                      const uint8_t *secret, size_t secretlen,
                      const uint8_t *salt, size_t saltlen,
                      const uint8_t *info, size_t infolen);

Updated on 2022-09-26 at 08:30:55 +0000