quickjs-tart

quickjs-based runtime for wallet-core logic
Log | Files | Refs | README | LICENSE

vtls_int.h (7449B)

      1 #ifndef HEADER_CURL_VTLS_INT_H
      2 #define HEADER_CURL_VTLS_INT_H
      3 /***************************************************************************
      4  *                                  _   _ ____  _
      5  *  Project                     ___| | | |  _ \| |
      6  *                             / __| | | | |_) | |
      7  *                            | (__| |_| |  _ <| |___
      8  *                             \___|\___/|_| \_\_____|
      9  *
     10  * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
     11  *
     12  * This software is licensed as described in the file COPYING, which
     13  * you should have received as part of this distribution. The terms
     14  * are also available at https://curl.se/docs/copyright.html.
     15  *
     16  * You may opt to use, copy, modify, merge, publish, distribute and/or sell
     17  * copies of the Software, and permit persons to whom the Software is
     18  * furnished to do so, under the terms of the COPYING file.
     19  *
     20  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
     21  * KIND, either express or implied.
     22  *
     23  * SPDX-License-Identifier: curl
     24  *
     25  ***************************************************************************/
     26 #include "../curl_setup.h"
     27 #include "../cfilters.h"
     28 #include "../urldata.h"
     29 #include "vtls.h"
     30 
     31 #ifdef USE_SSL
     32 
     33 struct Curl_ssl;
     34 struct ssl_connect_data;
     35 
     36 /* see https://www.iana.org/assignments/tls-extensiontype-values/ */
     37 #define ALPN_HTTP_1_1_LENGTH 8
     38 #define ALPN_HTTP_1_1 "http/1.1"
     39 #define ALPN_H2_LENGTH 2
     40 #define ALPN_H2 "h2"
     41 #define ALPN_H3_LENGTH 2
     42 #define ALPN_H3 "h3"
     43 
     44 /* conservative sizes on the ALPN entries and count we are handling,
     45  * we can increase these if we ever feel the need or have to accommodate
     46  * ALPN strings from the "outside". */
     47 #define ALPN_NAME_MAX     10
     48 #define ALPN_ENTRIES_MAX  3
     49 #define ALPN_PROTO_BUF_MAX   (ALPN_ENTRIES_MAX * (ALPN_NAME_MAX + 1))
     50 
     51 struct alpn_spec {
     52   char entries[ALPN_ENTRIES_MAX][ALPN_NAME_MAX];
     53   size_t count; /* number of entries */
     54 };
     55 
     56 struct alpn_proto_buf {
     57   unsigned char data[ALPN_PROTO_BUF_MAX];
     58   int len;
     59 };
     60 
     61 CURLcode Curl_alpn_to_proto_buf(struct alpn_proto_buf *buf,
     62                                 const struct alpn_spec *spec);
     63 CURLcode Curl_alpn_to_proto_str(struct alpn_proto_buf *buf,
     64                                 const struct alpn_spec *spec);
     65 void Curl_alpn_restrict_to(struct alpn_spec *spec, const char *proto);
     66 void Curl_alpn_copy(struct alpn_spec *dest, const struct alpn_spec *src);
     67 
     68 CURLcode Curl_alpn_set_negotiated(struct Curl_cfilter *cf,
     69                                   struct Curl_easy *data,
     70                                   struct ssl_connect_data *connssl,
     71                                   const unsigned char *proto,
     72                                   size_t proto_len);
     73 
     74 bool Curl_alpn_contains_proto(const struct alpn_spec *spec,
     75                               const char *proto);
     76 
     77 /* enum for the nonblocking SSL connection state machine */
     78 typedef enum {
     79   ssl_connect_1,
     80   ssl_connect_2,
     81   ssl_connect_3,
     82   ssl_connect_done
     83 } ssl_connect_state;
     84 
     85 typedef enum {
     86   ssl_connection_none,
     87   ssl_connection_deferred,
     88   ssl_connection_negotiating,
     89   ssl_connection_complete
     90 } ssl_connection_state;
     91 
     92 typedef enum {
     93   ssl_earlydata_none,
     94   ssl_earlydata_await,
     95   ssl_earlydata_sending,
     96   ssl_earlydata_sent,
     97   ssl_earlydata_accepted,
     98   ssl_earlydata_rejected
     99 } ssl_earlydata_state;
    100 
    101 #define CURL_SSL_IO_NEED_NONE   (0)
    102 #define CURL_SSL_IO_NEED_RECV   (1<<0)
    103 #define CURL_SSL_IO_NEED_SEND   (1<<1)
    104 
    105 /* Max earlydata payload we want to send */
    106 #define CURL_SSL_EARLY_MAX       (64*1024)
    107 
    108 /* Information in each SSL cfilter context: cf->ctx */
    109 struct ssl_connect_data {
    110   const struct Curl_ssl *ssl_impl;  /* TLS backend for this filter */
    111   struct ssl_peer peer;             /* peer the filter talks to */
    112   const struct alpn_spec *alpn;     /* ALPN to use or NULL for none */
    113   void *backend;                    /* vtls backend specific props */
    114   struct cf_call_data call_data;    /* data handle used in current call */
    115   struct curltime handshake_done;   /* time when handshake finished */
    116   struct {
    117     char *alpn;                     /* ALPN value or NULL */
    118   } negotiated;
    119   struct bufq earlydata;            /* earlydata to be send to peer */
    120   size_t earlydata_max;             /* max earlydata allowed by peer */
    121   size_t earlydata_skip;            /* sending bytes to skip when earlydata
    122                                      * is accepted by peer */
    123   ssl_connection_state state;
    124   ssl_connect_state connecting_state;
    125   ssl_earlydata_state earlydata_state;
    126   int io_need;                      /* TLS signals special SEND/RECV needs */
    127   BIT(use_alpn);                    /* if ALPN shall be used in handshake */
    128   BIT(peer_closed);                 /* peer has closed connection */
    129   BIT(prefs_checked);               /* SSL preferences have been checked */
    130   BIT(input_pending);               /* data for SSL_read() may be available */
    131 };
    132 
    133 
    134 #undef CF_CTX_CALL_DATA
    135 #define CF_CTX_CALL_DATA(cf)  \
    136   ((struct ssl_connect_data *)(cf)->ctx)->call_data
    137 
    138 
    139 /* Definitions for SSL Implementations */
    140 
    141 struct Curl_ssl {
    142   /*
    143    * This *must* be the first entry to allow returning the list of available
    144    * backends in curl_global_sslset().
    145    */
    146   curl_ssl_backend info;
    147   unsigned int supports; /* bitfield, see above */
    148   size_t sizeof_ssl_backend_data;
    149 
    150   int (*init)(void);
    151   void (*cleanup)(void);
    152 
    153   size_t (*version)(char *buffer, size_t size);
    154   CURLcode (*shut_down)(struct Curl_cfilter *cf, struct Curl_easy *data,
    155                         bool send_shutdown, bool *done);
    156   bool (*data_pending)(struct Curl_cfilter *cf,
    157                        const struct Curl_easy *data);
    158 
    159   /* return 0 if a find random is filled in */
    160   CURLcode (*random)(struct Curl_easy *data, unsigned char *entropy,
    161                      size_t length);
    162   bool (*cert_status_request)(void);
    163 
    164   CURLcode (*do_connect)(struct Curl_cfilter *cf, struct Curl_easy *data,
    165                          bool *done);
    166 
    167   /* During handshake/shutdown, adjust the pollset to include the socket
    168    * for POLLOUT or POLLIN as needed. Mandatory. */
    169   void (*adjust_pollset)(struct Curl_cfilter *cf, struct Curl_easy *data,
    170                           struct easy_pollset *ps);
    171   void *(*get_internals)(struct ssl_connect_data *connssl, CURLINFO info);
    172   void (*close)(struct Curl_cfilter *cf, struct Curl_easy *data);
    173   void (*close_all)(struct Curl_easy *data);
    174 
    175   CURLcode (*set_engine)(struct Curl_easy *data, const char *engine);
    176   CURLcode (*set_engine_default)(struct Curl_easy *data);
    177   struct curl_slist *(*engines_list)(struct Curl_easy *data);
    178 
    179   CURLcode (*sha256sum)(const unsigned char *input, size_t inputlen,
    180                     unsigned char *sha256sum, size_t sha256sumlen);
    181   CURLcode (*recv_plain)(struct Curl_cfilter *cf, struct Curl_easy *data,
    182                          char *buf, size_t len, size_t *pnread);
    183   CURLcode (*send_plain)(struct Curl_cfilter *cf, struct Curl_easy *data,
    184                          const void *mem, size_t len, size_t *pnwritten);
    185 
    186   CURLcode (*get_channel_binding)(struct Curl_easy *data, int sockindex,
    187                                   struct dynbuf *binding);
    188 
    189 };
    190 
    191 extern const struct Curl_ssl *Curl_ssl;
    192 
    193 void Curl_ssl_adjust_pollset(struct Curl_cfilter *cf, struct Curl_easy *data,
    194                              struct easy_pollset *ps);
    195 
    196 /**
    197  * Get the SSL filter below the given one or NULL if there is none.
    198  */
    199 bool Curl_ssl_cf_is_proxy(struct Curl_cfilter *cf);
    200 
    201 #endif /* USE_SSL */
    202 
    203 #endif /* HEADER_CURL_VTLS_INT_H */