|
My Project
|
|
My Project
|
Go to the source code of this file.
Functions | |
| int | wolfSSL_CTX_set_quic_method (WOLFSSL_CTX *ctx, const WOLFSSL_QUIC_METHOD *quic_method) |
| Activate QUIC protocol for a WOLFSSL_CTX and all derived WOLFSSL instances by providing the four callbacks required. The CTX needs to be a TLSv1.3 one. More... | |
| int | wolfSSL_set_quic_method (WOLFSSL *ssl, const WOLFSSL_QUIC_METHOD *quic_method) |
| Activate QUIC protocol for a WOLFSSL instance by providing the four callbacks required. The WOLFSSL needs to be a TLSv1.3 one. More... | |
| int | wolfSSL_is_quic (WOLFSSL *ssl) |
| Check if QUIC has been activated in a WOLFSSL instance. More... | |
| WOLFSSL_ENCRYPTION_LEVEL | wolfSSL_quic_read_level (const WOLFSSL *ssl) |
| Determine the encryption level for reads currently in use. Meaningful only when the WOLFSSL instance is using QUIC. More... | |
| WOLFSSL_ENCRYPTION_LEVEL | wolfSSL_quic_write_level (const WOLFSSL *ssl) |
| Determine the encryption level for writes currently in use. Meaningful only when the WOLFSSL instance is using QUIC. More... | |
| void | wolfSSL_set_quic_use_legacy_codepoint (WOLFSSL *ssl, int use_legacy) |
| Configure which QUIC version shall be used. Without calling this, the WOLFSSL will offer both (draft-27 and v1) to a server, resp. accept both from a client and negotiate the most recent one. More... | |
| void | wolfSSL_set_quic_transport_version (WOLFSSL *ssl, int version) |
| Configure which QUIC version shall be used. More... | |
| int | wolfSSL_get_quic_transport_version (const WOLFSSL *ssl) |
| Get the configured QUIC version. More... | |
| int | wolfSSL_set_quic_transport_params (WOLFSSL *ssl, const uint8_t *params, size_t params_len) |
| Set the QUIC transport parameters to use. More... | |
| int | wolfSSL_get_peer_quic_transport_version (const WOLFSSL *ssl) |
| Get the negotiated QUIC transport version. This will only give meaningful results when called after the respective TLS extensions have been seen from the peer. More... | |
| void | wolfSSL_get_peer_quic_transport_params (const WOLFSSL *ssl, const uint8_t **out_params, size_t *out_params_len) |
| Get the negotiated QUIC transport parameters. This will only give meaningful results when called after the respective TLS extensions have been seen from the peer. More... | |
| void | wolfSSL_set_quic_early_data_enabled (WOLFSSL *ssl, int enabled) |
| Configure if Early Data is enabled. Intended for servers to signal this to clients. More... | |
| size_t | wolfSSL_quic_max_handshake_flight_len (const WOLFSSL *ssl, WOLFSSL_ENCRYPTION_LEVEL level) |
| Get advice on the amount of data that shall be "in flight", e.g. unacknowledged at the given encryption level. This is the amount of data the WOLFSSL instance is prepared to buffer. More... | |
| int | wolfSSL_provide_quic_data (WOLFSSL *ssl, WOLFSSL_ENCRYPTION_LEVEL level, const uint8_t *data, size_t len) |
| Pass decrypted CRYPTO data to the WOLFSSL instance for further processing. The encryption level between calls is only every allowed to increase and it is also checked that data records are complete before a change in encryption level is accepted. More... | |
| WOLFSSL_API int | wolfSSL_process_quic_post_handshake (WOLFSSL *ssl) |
| Process any CRYPTO records that have been provided after the handshake has completed. Will fail if called before that. More... | |
| int | wolfSSL_quic_read_write (WOLFSSL *ssl) |
| Process any CRYPTO records that have been provided during or after the handshake. Will progress the handshake if not already complete and otherwise work like wolfSSL_process_quic_post_handshake(). More... | |
| const WOLFSSL_EVP_CIPHER * | wolfSSL_quic_get_aead (WOLFSSL *ssl) |
| Get the AEAD cipher negotiated in the TLS handshake. More... | |
| int | wolfSSL_quic_aead_is_gcm (const WOLFSSL_EVP_CIPHER *aead_cipher) |
| Check if the AEAD cipher is GCM. More... | |
| int | wolfSSL_quic_aead_is_ccm (const WOLFSSL_EVP_CIPHER *aead_cipher) |
| Check if the AEAD cipher is CCM. More... | |
| int | wolfSSL_quic_aead_is_chacha20 (const WOLFSSL_EVP_CIPHER *aead_cipher) |
| Check if the AEAD cipher is CHACHA20. More... | |
| WOLFSSL_API size_t | wolfSSL_quic_get_aead_tag_len (const WOLFSSL_EVP_CIPHER *aead_cipher) |
| Determine the tag length for the AEAD cipher. More... | |
| WOLFSSL_API const WOLFSSL_EVP_MD * | wolfSSL_quic_get_md (WOLFSSL *ssl) |
| Determine the message digest negotiated in the TLS handshake. More... | |
| const WOLFSSL_EVP_CIPHER * | wolfSSL_quic_get_hp (WOLFSSL *ssl) |
| Determine the header protection cipher negotiated in the TLS handshake. More... | |
| WOLFSSL_EVP_CIPHER_CTX * | wolfSSL_quic_crypt_new (const WOLFSSL_EVP_CIPHER *cipher, const uint8_t *key, const uint8_t *iv, int encrypt) |
| Create a cipher context for en-/decryption. More... | |
| int | wolfSSL_quic_aead_encrypt (uint8_t *dest, WOLFSSL_EVP_CIPHER_CTX *aead_ctx, const uint8_t *plain, size_t plainlen, const uint8_t *iv, const uint8_t *aad, size_t aadlen) |
| Encrypt the plain text in the given context. More... | |
| int | wolfSSL_quic_aead_decrypt (uint8_t *dest, WOLFSSL_EVP_CIPHER_CTX *ctx, const uint8_t *enc, size_t enclen, const uint8_t *iv, const uint8_t *aad, size_t aadlen) |
| Decrypt the cipher text in the given context. More... | |
| int | wolfSSL_quic_hkdf_extract (uint8_t *dest, const WOLFSSL_EVP_MD *md, const uint8_t *secret, size_t secretlen, const uint8_t *salt, size_t saltlen) |
| Extract a pseudo random key. More... | |
| int | wolfSSL_quic_hkdf_expand (uint8_t *dest, size_t destlen, const WOLFSSL_EVP_MD *md, const uint8_t *secret, size_t secretlen, const uint8_t *info, size_t infolen) |
| Expand a pseudo random key into a new key. More... | |
| int | wolfSSL_quic_hkdf (uint8_t *dest, size_t destlen, const WOLFSSL_EVP_MD *md, const uint8_t *secret, size_t secretlen, const uint8_t *salt, size_t saltlen, const uint8_t *info, size_t infolen) |
| Expand and Extract a pseudo random key. More... | |
Variables | |
| int(* | set_encryption_secrets )(WOLFSSL *ssl, WOLFSSL_ENCRYPTION_LEVEL level, const uint8_t *read_secret, const uint8_t *write_secret, size_t secret_len) |
| Callback invoked when secrets are generated during a handshake. Since QUIC protocol handlers perform the en-/decryption of packets, they need the negotiated secrets for the levels early_data/handshake/application. More... | |
| int(* | add_handshake_data )(WOLFSSL *ssl, WOLFSSL_ENCRYPTION_LEVEL level, const uint8_t *data, size_t len) |
| Callback invoked for forwarding handshake CRYPTO data to peer. The data forwarded this way is not encrypted. It is the job of the QUIC protocol implementation to do this. Which secrets are to be used is determined by the encryption level specified. More... | |
| int(* | flush_flight )(WOLFSSL *ssl) |
| Callback invoked for advisory flushing of the data to send. More... | |
| int(* | send_alert )(WOLFSSL *ssl, WOLFSSL_ENCRYPTION_LEVEL level, uint8_t alert) |
| Callback invoked when an SSL alert happened during processing. More... | |
| int wolfSSL_CTX_set_quic_method | ( | WOLFSSL_CTX * | ctx, |
| const WOLFSSL_QUIC_METHOD * | quic_method | ||
| ) |
Activate QUIC protocol for a WOLFSSL_CTX and all derived WOLFSSL instances by providing the four callbacks required. The CTX needs to be a TLSv1.3 one.
The passed quic_method needs to have a lifetime outlasting the SSL instances. It is not copied. All callbacks need to be provided.
| ctx | - a pointer to a WOLFSSL_CTX structure, created using wolfSSL_CTX_new(). |
| quic_method | - the callback structure |
| void wolfSSL_get_peer_quic_transport_params | ( | const WOLFSSL * | ssl, |
| const uint8_t ** | out_params, | ||
| size_t * | out_params_len | ||
| ) |
Get the negotiated QUIC transport parameters. This will only give meaningful results when called after the respective TLS extensions have been seen from the peer.
| ssl | - a pointer to a WOLFSSL structure, created using wolfSSL_new(). |
| out_params | - the parameters sent be the peer, set to NULL if not available. |
| out_params_len | - the length of the parameters sent be the peer, set to 0 if not available |
| int wolfSSL_get_peer_quic_transport_version | ( | const WOLFSSL * | ssl | ) |
Get the negotiated QUIC transport version. This will only give meaningful results when called after the respective TLS extensions have been seen from the peer.
| ssl | - a pointer to a WOLFSSL structure, created using wolfSSL_new(). |
| int wolfSSL_get_quic_transport_version | ( | const WOLFSSL * | ssl | ) |
Get the configured QUIC version.
| ssl | - a pointer to a WOLFSSL structure, created using wolfSSL_new(). |
| int wolfSSL_is_quic | ( | WOLFSSL * | ssl | ) |
Check if QUIC has been activated in a WOLFSSL instance.
| ssl | - a pointer to a WOLFSSL structure, created using wolfSSL_new(). |
| WOLFSSL_API int wolfSSL_process_quic_post_handshake | ( | WOLFSSL * | ssl | ) |
Process any CRYPTO records that have been provided after the handshake has completed. Will fail if called before that.
| ssl | - a pointer to a WOLFSSL structure, created using wolfSSL_new(). |
| int wolfSSL_provide_quic_data | ( | WOLFSSL * | ssl, |
| WOLFSSL_ENCRYPTION_LEVEL | level, | ||
| const uint8_t * | data, | ||
| size_t | len | ||
| ) |
Pass decrypted CRYPTO data to the WOLFSSL instance for further processing. The encryption level between calls is only every allowed to increase and it is also checked that data records are complete before a change in encryption level is accepted.
| ssl | - a pointer to a WOLFSSL structure, created using wolfSSL_new(). |
| level | - the level the data was encrypted at |
| data | - the data itself |
| len | - the length of the data |
| int wolfSSL_quic_aead_decrypt | ( | uint8_t * | dest, |
| WOLFSSL_EVP_CIPHER_CTX * | ctx, | ||
| const uint8_t * | enc, | ||
| size_t | enclen, | ||
| const uint8_t * | iv, | ||
| const uint8_t * | aad, | ||
| size_t | aadlen | ||
| ) |
Decrypt the cipher text in the given context.
| dest | - destination where plain text is to be written |
| ctx | - the cipher context to use |
| enc | - the encrypted data to decrypt |
| envlen | - the length of the encrypted data |
| iv | - the iv to use |
| aad | - the add to use |
| aadlen | - the length of the aad |
| int wolfSSL_quic_aead_encrypt | ( | uint8_t * | dest, |
| WOLFSSL_EVP_CIPHER_CTX * | aead_ctx, | ||
| const uint8_t * | plain, | ||
| size_t | plainlen, | ||
| const uint8_t * | iv, | ||
| const uint8_t * | aad, | ||
| size_t | aadlen | ||
| ) |
Encrypt the plain text in the given context.
| dest | - destination where encrypted data is to be written |
| aead_ctx | - the cipher context to use |
| plain | - the plain data to encrypt |
| plainlen | - the length of the plain data |
| iv | - the iv to use |
| aad | - the add to use |
| aadlen | - the length of the aad |
| int wolfSSL_quic_aead_is_ccm | ( | const WOLFSSL_EVP_CIPHER * | aead_cipher | ) |
Check if the AEAD cipher is CCM.
| cipher | - the cipher |
| int wolfSSL_quic_aead_is_chacha20 | ( | const WOLFSSL_EVP_CIPHER * | aead_cipher | ) |
Check if the AEAD cipher is CHACHA20.
| cipher | - the cipher |
| int wolfSSL_quic_aead_is_gcm | ( | const WOLFSSL_EVP_CIPHER * | aead_cipher | ) |
Check if the AEAD cipher is GCM.
| cipher | - the cipher |
| WOLFSSL_EVP_CIPHER_CTX* wolfSSL_quic_crypt_new | ( | const WOLFSSL_EVP_CIPHER * | cipher, |
| const uint8_t * | key, | ||
| const uint8_t * | iv, | ||
| int | encrypt | ||
| ) |
Create a cipher context for en-/decryption.
| cipher | - the cipher to use in the context. |
| key | - the key to use in the context. |
| iv | - the iv to use in the context. |
| encrypt | - != 0 if for encryption, otherwise decryption |
| const WOLFSSL_EVP_CIPHER* wolfSSL_quic_get_aead | ( | WOLFSSL * | ssl | ) |
Get the AEAD cipher negotiated in the TLS handshake.
| ssl | - a pointer to a WOLFSSL structure, created using wolfSSL_new(). |
| WOLFSSL_API size_t wolfSSL_quic_get_aead_tag_len | ( | const WOLFSSL_EVP_CIPHER * | aead_cipher | ) |
Determine the tag length for the AEAD cipher.
| cipher | - the cipher |
| const WOLFSSL_EVP_CIPHER* wolfSSL_quic_get_hp | ( | WOLFSSL * | ssl | ) |
Determine the header protection cipher negotiated in the TLS handshake.
| ssl | - a pointer to a WOLFSSL structure, created using wolfSSL_new(). |
| WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_quic_get_md | ( | WOLFSSL * | ssl | ) |
Determine the message digest negotiated in the TLS handshake.
| ssl | - a pointer to a WOLFSSL structure, created using wolfSSL_new(). |
| int wolfSSL_quic_hkdf | ( | uint8_t * | dest, |
| size_t | destlen, | ||
| const WOLFSSL_EVP_MD * | md, | ||
| const uint8_t * | secret, | ||
| size_t | secretlen, | ||
| const uint8_t * | salt, | ||
| size_t | saltlen, | ||
| const uint8_t * | info, | ||
| size_t | infolen | ||
| ) |
Expand and Extract a pseudo random key.
| dest | - destination where key is to be written |
| destlen | - length of the key |
| md | - message digest to use |
| secret | - the secret to use |
| secretlen | - the length of the secret |
| salt | - the salt to use |
| saltlen | - the length of the salt |
| info | - the info to use |
| infolen | - the length of the info |
| int wolfSSL_quic_hkdf_expand | ( | uint8_t * | dest, |
| size_t | destlen, | ||
| const WOLFSSL_EVP_MD * | md, | ||
| const uint8_t * | secret, | ||
| size_t | secretlen, | ||
| const uint8_t * | info, | ||
| size_t | infolen | ||
| ) |
Expand a pseudo random key into a new key.
| dest | - destination where key is to be written |
| destlen | - length of the key to expand |
| md | - message digest to use |
| secret | - the secret to use |
| secretlen | - the length of the secret |
| info | - the info to use |
| infolen | - the length of the info |
| int wolfSSL_quic_hkdf_extract | ( | uint8_t * | dest, |
| const WOLFSSL_EVP_MD * | md, | ||
| const uint8_t * | secret, | ||
| size_t | secretlen, | ||
| const uint8_t * | salt, | ||
| size_t | saltlen | ||
| ) |
Extract a pseudo random key.
| dest | - destination where key is to be written |
| md | - message digest to use |
| secret | - the secret to use |
| secretlen | - the length of the secret |
| salt | - the salt to use |
| saltlen | - the length of the salt |
| size_t wolfSSL_quic_max_handshake_flight_len | ( | const WOLFSSL * | ssl, |
| WOLFSSL_ENCRYPTION_LEVEL | level | ||
| ) |
Get advice on the amount of data that shall be "in flight", e.g. unacknowledged at the given encryption level. This is the amount of data the WOLFSSL instance is prepared to buffer.
| ssl | - a pointer to a WOLFSSL structure, created using wolfSSL_new(). |
| level | - the encryption level to inquire about |
| WOLFSSL_ENCRYPTION_LEVEL wolfSSL_quic_read_level | ( | const WOLFSSL * | ssl | ) |
Determine the encryption level for reads currently in use. Meaningful only when the WOLFSSL instance is using QUIC.
Note that the effective level is always a parameter when passing data back and forth. Data from a peer might arrive at other levels than reported via this function.
| ssl | - a pointer to a WOLFSSL structure, created using wolfSSL_new(). |
| int wolfSSL_quic_read_write | ( | WOLFSSL * | ssl | ) |
Process any CRYPTO records that have been provided during or after the handshake. Will progress the handshake if not already complete and otherwise work like wolfSSL_process_quic_post_handshake().
| ssl | - a pointer to a WOLFSSL structure, created using wolfSSL_new(). |
| WOLFSSL_ENCRYPTION_LEVEL wolfSSL_quic_write_level | ( | const WOLFSSL * | ssl | ) |
Determine the encryption level for writes currently in use. Meaningful only when the WOLFSSL instance is using QUIC.
Note that the effective level is always a parameter when passing data back and forth. Data from a peer might arrive at other levels than reported via this function.
| ssl | - a pointer to a WOLFSSL structure, created using wolfSSL_new(). |
| void wolfSSL_set_quic_early_data_enabled | ( | WOLFSSL * | ssl, |
| int | enabled | ||
| ) |
Configure if Early Data is enabled. Intended for servers to signal this to clients.
| ssl | - a pointer to a WOLFSSL structure, created using wolfSSL_new(). |
| enabled | - != 0 iff early data is enabled |
| int wolfSSL_set_quic_method | ( | WOLFSSL * | ssl, |
| const WOLFSSL_QUIC_METHOD * | quic_method | ||
| ) |
Activate QUIC protocol for a WOLFSSL instance by providing the four callbacks required. The WOLFSSL needs to be a TLSv1.3 one.
The passed quic_method needs to have a lifetime outlasting the SSL instance. It is not copied. All callbacks need to be provided.
| ssl | - a pointer to a WOLFSSL structure, created using wolfSSL_new(). |
| quic_method | - the callback structure |
| int wolfSSL_set_quic_transport_params | ( | WOLFSSL * | ssl, |
| const uint8_t * | params, | ||
| size_t | params_len | ||
| ) |
Set the QUIC transport parameters to use.
| ssl | - a pointer to a WOLFSSL structure, created using wolfSSL_new(). |
| params | - the parameter bytes to use ·param params_len - the length of the parameters |
| void wolfSSL_set_quic_transport_version | ( | WOLFSSL * | ssl, |
| int | version | ||
| ) |
Configure which QUIC version shall be used.
| ssl | - a pointer to a WOLFSSL structure, created using wolfSSL_new(). |
| version | - the TLS Extension defined for the QUIC version. |
| void wolfSSL_set_quic_use_legacy_codepoint | ( | WOLFSSL * | ssl, |
| int | use_legacy | ||
| ) |
Configure which QUIC version shall be used. Without calling this, the WOLFSSL will offer both (draft-27 and v1) to a server, resp. accept both from a client and negotiate the most recent one.
| ssl | - a pointer to a WOLFSSL structure, created using wolfSSL_new(). |
| use_legacy | - true if draft-27 shall be used, 0 if only QUICv1 is used. |
| int(* add_handshake_data) (WOLFSSL *ssl, WOLFSSL_ENCRYPTION_LEVEL level, const uint8_t *data, size_t len) | ( | WOLFSSL * | ssl, |
| WOLFSSL_ENCRYPTION_LEVEL | level, | ||
| const uint8_t * | data, | ||
| size_t | len | ||
| ) |
Callback invoked for forwarding handshake CRYPTO data to peer. The data forwarded this way is not encrypted. It is the job of the QUIC protocol implementation to do this. Which secrets are to be used is determined by the encryption level specified.
This callback may be invoked several times during handshake or post handshake processing. The data may cover a complete CRYPTO record, but may also be partial. However, the callback will have received all records data before using another encryption level.
| ssl | - a pointer to a WOLFSSL structure, created using wolfSSL_new(). |
| level | - the encryption level to use for encrypting the data |
| data | - the data itself |
| len | - the length of the data |
| int(* flush_flight) (WOLFSSL *ssl) | ( | WOLFSSL * | ssl | ) |
Callback invoked for advisory flushing of the data to send.
| ssl | - a pointer to a WOLFSSL structure, created using wolfSSL_new(). |
| int(* send_alert) (WOLFSSL *ssl, WOLFSSL_ENCRYPTION_LEVEL level, uint8_t alert) | ( | WOLFSSL * | ssl, |
| WOLFSSL_ENCRYPTION_LEVEL | level, | ||
| uint8_t | alert | ||
| ) |
Callback invoked when an SSL alert happened during processing.
| ssl | - a pointer to a WOLFSSL structure, created using wolfSSL_new(). |
| level | - the encryption level in effect when the alert happened |
| alert | - the error |
| int(* set_encryption_secrets) (WOLFSSL *ssl, WOLFSSL_ENCRYPTION_LEVEL level, const uint8_t *read_secret, const uint8_t *write_secret, size_t secret_len) | ( | WOLFSSL * | ssl, |
| WOLFSSL_ENCRYPTION_LEVEL | level, | ||
| const uint8_t * | read_secret, | ||
| const uint8_t * | write_secret, | ||
| size_t | secret_len | ||
| ) |
Callback invoked when secrets are generated during a handshake. Since QUIC protocol handlers perform the en-/decryption of packets, they need the negotiated secrets for the levels early_data/handshake/application.
The callback will be invoked several times during a handshake. Either both or only the read or write secret might be provided. This does not mean the given encryption level is already in effect.
| ssl | - a pointer to a WOLFSSL structure, created using wolfSSL_new(). |
| level | - the encryption level the secrets are for |
| read_secret | - the secret used in decryption at the given level, may be NULL. |
| write_secret | - the secret used in encryption at the given level, may be NULL. |
| secret_len | - the length of the secret |
1.9.1