github.com/MerlinKodo/quic-go@v0.39.2/internal/qtls/go120.go (about) 1 //go:build go1.20 && !go1.21 2 3 package qtls 4 5 import ( 6 "crypto/tls" 7 "fmt" 8 "unsafe" 9 10 "github.com/MerlinKodo/quic-go/internal/protocol" 11 12 "github.com/quic-go/qtls-go1-20" 13 ) 14 15 type ( 16 QUICConn = qtls.QUICConn 17 QUICConfig = qtls.QUICConfig 18 QUICEvent = qtls.QUICEvent 19 QUICEventKind = qtls.QUICEventKind 20 QUICEncryptionLevel = qtls.QUICEncryptionLevel 21 AlertError = qtls.AlertError 22 ) 23 24 const ( 25 QUICEncryptionLevelInitial = qtls.QUICEncryptionLevelInitial 26 QUICEncryptionLevelEarly = qtls.QUICEncryptionLevelEarly 27 QUICEncryptionLevelHandshake = qtls.QUICEncryptionLevelHandshake 28 QUICEncryptionLevelApplication = qtls.QUICEncryptionLevelApplication 29 ) 30 31 const ( 32 QUICNoEvent = qtls.QUICNoEvent 33 QUICSetReadSecret = qtls.QUICSetReadSecret 34 QUICSetWriteSecret = qtls.QUICSetWriteSecret 35 QUICWriteData = qtls.QUICWriteData 36 QUICTransportParameters = qtls.QUICTransportParameters 37 QUICTransportParametersRequired = qtls.QUICTransportParametersRequired 38 QUICRejectedEarlyData = qtls.QUICRejectedEarlyData 39 QUICHandshakeDone = qtls.QUICHandshakeDone 40 ) 41 42 func SetupConfigForServer(conf *QUICConfig, enable0RTT bool, getDataForSessionTicket func() []byte, handleSessionTicket func([]byte, bool) bool) { 43 qtls.InitSessionTicketKeys(conf.TLSConfig) 44 conf.TLSConfig = conf.TLSConfig.Clone() 45 conf.TLSConfig.MinVersion = tls.VersionTLS13 46 conf.ExtraConfig = &qtls.ExtraConfig{ 47 Enable0RTT: enable0RTT, 48 Accept0RTT: func(data []byte) bool { 49 return handleSessionTicket(data, true) 50 }, 51 GetAppDataForSessionTicket: getDataForSessionTicket, 52 } 53 } 54 55 func SetupConfigForClient(conf *QUICConfig, getDataForSessionState func() []byte, setDataFromSessionState func([]byte)) { 56 conf.ExtraConfig = &qtls.ExtraConfig{ 57 GetAppDataForSessionState: getDataForSessionState, 58 SetAppDataFromSessionState: setDataFromSessionState, 59 } 60 } 61 62 func QUICServer(config *QUICConfig) *QUICConn { 63 return qtls.QUICServer(config) 64 } 65 66 func QUICClient(config *QUICConfig) *QUICConn { 67 return qtls.QUICClient(config) 68 } 69 70 func ToTLSEncryptionLevel(e protocol.EncryptionLevel) qtls.QUICEncryptionLevel { 71 switch e { 72 case protocol.EncryptionInitial: 73 return qtls.QUICEncryptionLevelInitial 74 case protocol.EncryptionHandshake: 75 return qtls.QUICEncryptionLevelHandshake 76 case protocol.Encryption1RTT: 77 return qtls.QUICEncryptionLevelApplication 78 case protocol.Encryption0RTT: 79 return qtls.QUICEncryptionLevelEarly 80 default: 81 panic(fmt.Sprintf("unexpected encryption level: %s", e)) 82 } 83 } 84 85 func FromTLSEncryptionLevel(e qtls.QUICEncryptionLevel) protocol.EncryptionLevel { 86 switch e { 87 case qtls.QUICEncryptionLevelInitial: 88 return protocol.EncryptionInitial 89 case qtls.QUICEncryptionLevelHandshake: 90 return protocol.EncryptionHandshake 91 case qtls.QUICEncryptionLevelApplication: 92 return protocol.Encryption1RTT 93 case qtls.QUICEncryptionLevelEarly: 94 return protocol.Encryption0RTT 95 default: 96 panic(fmt.Sprintf("unexpect encryption level: %s", e)) 97 } 98 } 99 100 //go:linkname cipherSuitesTLS13 github.com/quic-go/qtls-go1-20.cipherSuitesTLS13 101 var cipherSuitesTLS13 []unsafe.Pointer 102 103 //go:linkname defaultCipherSuitesTLS13 github.com/quic-go/qtls-go1-20.defaultCipherSuitesTLS13 104 var defaultCipherSuitesTLS13 []uint16 105 106 //go:linkname defaultCipherSuitesTLS13NoAES github.com/quic-go/qtls-go1-20.defaultCipherSuitesTLS13NoAES 107 var defaultCipherSuitesTLS13NoAES []uint16 108 109 var cipherSuitesModified bool 110 111 // SetCipherSuite modifies the cipherSuiteTLS13 slice of cipher suites inside qtls 112 // such that it only contains the cipher suite with the chosen id. 113 // The reset function returned resets them back to the original value. 114 func SetCipherSuite(id uint16) (reset func()) { 115 if cipherSuitesModified { 116 panic("cipher suites modified multiple times without resetting") 117 } 118 cipherSuitesModified = true 119 120 origCipherSuitesTLS13 := append([]unsafe.Pointer{}, cipherSuitesTLS13...) 121 origDefaultCipherSuitesTLS13 := append([]uint16{}, defaultCipherSuitesTLS13...) 122 origDefaultCipherSuitesTLS13NoAES := append([]uint16{}, defaultCipherSuitesTLS13NoAES...) 123 // The order is given by the order of the slice elements in cipherSuitesTLS13 in qtls. 124 switch id { 125 case tls.TLS_AES_128_GCM_SHA256: 126 cipherSuitesTLS13 = cipherSuitesTLS13[:1] 127 case tls.TLS_CHACHA20_POLY1305_SHA256: 128 cipherSuitesTLS13 = cipherSuitesTLS13[1:2] 129 case tls.TLS_AES_256_GCM_SHA384: 130 cipherSuitesTLS13 = cipherSuitesTLS13[2:] 131 default: 132 panic(fmt.Sprintf("unexpected cipher suite: %d", id)) 133 } 134 defaultCipherSuitesTLS13 = []uint16{id} 135 defaultCipherSuitesTLS13NoAES = []uint16{id} 136 137 return func() { 138 cipherSuitesTLS13 = origCipherSuitesTLS13 139 defaultCipherSuitesTLS13 = origDefaultCipherSuitesTLS13 140 defaultCipherSuitesTLS13NoAES = origDefaultCipherSuitesTLS13NoAES 141 cipherSuitesModified = false 142 } 143 } 144 145 func SendSessionTicket(c *QUICConn, allow0RTT bool) error { 146 return c.SendSessionTicket(allow0RTT) 147 }