network_system/crypto_8h_source.html

// BSD 3-Clause License

// Copyright (c) 2024, 🍀☀🌕🌥 🌊

// See the LICENSE file in the project root for full license information.


#pragma once


#include "kcenon/network/detail/protocols/quic/connection_id.h"

#include "keys.h"

#include "kcenon/network/detail/utils/result_types.h"


#include <cstdint>

#include <functional>

#include <map>

#include <memory>

#include <span>

#include <string>

#include <vector>


// Forward declarations for OpenSSL types

typedef struct ssl_ctx_st SSL_CTX;

typedef struct ssl_st SSL;


namespace kcenon::network::protocols::quic

{


// ============================================================================

// Initial Secret Derivation

// ============================================================================


constexpr std::array<uint8_t, 20> initial_salt_v1 = {

    0x38, 0x76, 0x2c, 0xf7, 0xf5, 0x59, 0x34, 0xb3, 0x4d, 0x17,

    0x9a, 0xe6, 0xa4, 0xc8, 0x0c, 0xad, 0xcc, 0xbb, 0x7f, 0x0a

};


constexpr std::array<uint8_t, 20> initial_salt_v2 = {

    0x0d, 0xed, 0xe3, 0xde, 0xf7, 0x00, 0xa6, 0xdb, 0x81, 0x93,

    0x81, 0xbe, 0x6e, 0x26, 0x9d, 0xcb, 0xf9, 0xbd, 0x2e, 0xd9

};


// ============================================================================

// HKDF Functions

// ============================================================================


class hkdf

{

public:

    [[nodiscard]] static auto extract(std::span<const uint8_t> salt,

                                       std::span<const uint8_t> ikm)

        -> Result<std::array<uint8_t, secret_size>>;


    [[nodiscard]] static auto expand(std::span<const uint8_t> prk,

                                      std::span<const uint8_t> info,

                                      size_t length)

        -> Result<std::vector<uint8_t>>;


    [[nodiscard]] static auto expand_label(std::span<const uint8_t> secret,

                                            const std::string& label,

                                            std::span<const uint8_t> context,

                                            size_t length)

        -> Result<std::vector<uint8_t>>;

};


// ============================================================================

// Initial Keys

// ============================================================================


class initial_keys

{

public:

    [[nodiscard]] static auto derive(const connection_id& dest_cid,

                                      uint32_t version = 0x00000001)

        -> Result<key_pair>;


    [[nodiscard]] static auto derive_keys(std::span<const uint8_t> initial_secret,

                                           bool is_client_keys)

        -> Result<quic_keys>;

};


// ============================================================================

// Packet Protection

// ============================================================================


class packet_protection

{

public:

    [[nodiscard]] static auto protect(const quic_keys& keys,

                                       std::span<const uint8_t> header,

                                       std::span<const uint8_t> payload,

                                       uint64_t packet_number)

        -> Result<std::vector<uint8_t>>;


    [[nodiscard]] static auto unprotect(

        const quic_keys& keys,

        std::span<const uint8_t> packet,

        size_t header_length,

        uint64_t packet_number)

        -> Result<std::pair<std::vector<uint8_t>, std::vector<uint8_t>>>;


    [[nodiscard]] static auto protect_header(const quic_keys& keys,

                                              std::span<uint8_t> header,

                                              size_t pn_offset,

                                              size_t pn_length,

                                              std::span<const uint8_t> sample)

        -> VoidResult;


    [[nodiscard]] static auto unprotect_header(const quic_keys& keys,

                                                std::span<uint8_t> header,

                                                size_t pn_offset,

                                                std::span<const uint8_t> sample)

        -> Result<std::pair<uint8_t, size_t>>;


    [[nodiscard]] static auto generate_hp_mask(std::span<const uint8_t> hp_key,

                                                std::span<const uint8_t> sample)

        -> Result<std::array<uint8_t, 5>>;


private:

    [[nodiscard]] static auto make_nonce(std::span<const uint8_t> iv,

                                          uint64_t packet_number)

        -> std::array<uint8_t, aead_iv_size>;

};


// ============================================================================

// QUIC Crypto Handler

// ============================================================================


class quic_crypto

{

public:

    quic_crypto();


    ~quic_crypto();


    // Non-copyable

    quic_crypto(const quic_crypto&) = delete;

    quic_crypto& operator=(const quic_crypto&) = delete;


    // Movable

    quic_crypto(quic_crypto&& other) noexcept;

    quic_crypto& operator=(quic_crypto&& other) noexcept;


    [[nodiscard]] auto init_client(const std::string& server_name) -> VoidResult;


    [[nodiscard]] auto init_server(const std::string& cert_file,

                                    const std::string& key_file) -> VoidResult;


    [[nodiscard]] auto derive_initial_secrets(const connection_id& dest_cid)

        -> VoidResult;


    [[nodiscard]] auto process_crypto_data(encryption_level level,

                                            std::span<const uint8_t> data)

        -> Result<std::vector<uint8_t>>;


    [[nodiscard]] auto start_handshake() -> Result<std::vector<uint8_t>>;


    [[nodiscard]] auto is_handshake_complete() const noexcept -> bool;


    [[nodiscard]] auto current_level() const noexcept -> encryption_level;


    [[nodiscard]] auto get_write_keys(encryption_level level) const

        -> Result<quic_keys>;


    [[nodiscard]] auto get_read_keys(encryption_level level) const

        -> Result<quic_keys>;


    void set_keys(encryption_level level,

                  const quic_keys& read_keys,

                  const quic_keys& write_keys);


    [[nodiscard]] auto update_keys() -> VoidResult;


    [[nodiscard]] auto get_alpn() const -> std::string;


    [[nodiscard]] auto set_alpn(const std::vector<std::string>& protocols)

        -> VoidResult;


    [[nodiscard]] auto is_server() const noexcept -> bool;


    [[nodiscard]] auto key_phase() const noexcept -> uint8_t;


    // =========================================================================

    // 0-RTT Session Resumption (RFC 9001 Section 4.6)

    // =========================================================================


    using session_ticket_callback_t = std::function<void(

        std::vector<uint8_t> ticket_data,

        uint32_t lifetime_hint,

        uint32_t ticket_age_add,

        uint32_t max_early_data)>;


    void set_session_ticket_callback(session_ticket_callback_t cb);


    [[nodiscard]] auto set_session_ticket(std::span<const uint8_t> ticket_data)

        -> VoidResult;


    [[nodiscard]] auto enable_early_data(uint32_t max_early_data) -> VoidResult;


    [[nodiscard]] auto is_early_data_accepted() const noexcept -> bool;


    [[nodiscard]] auto derive_zero_rtt_keys() -> VoidResult;


    [[nodiscard]] auto has_zero_rtt_keys() const noexcept -> bool;


private:

    struct impl;

    std::unique_ptr<impl> impl_;

};


} // namespace kcenon::network::protocols::quic

kcenon::network::Result
Definition result_types.h:128

kcenon::network::protocols::quic::connection_id
QUIC Connection ID (RFC 9000 Section 5.1)
Definition connection_id.h:44

kcenon::network::protocols::quic::hkdf
HKDF (HMAC-based Key Derivation Function) utilities (RFC 5869)
Definition crypto.h:60

kcenon::network::protocols::quic::hkdf::expand_label
static auto expand_label(std::span< const uint8_t > secret, const std::string &label, std::span< const uint8_t > context, size_t length) -> Result< std::vector< uint8_t > >
HKDF-Expand-Label function (TLS 1.3 style)
Definition crypto.cpp:193

kcenon::network::protocols::quic::hkdf::extract
static auto extract(std::span< const uint8_t > salt, std::span< const uint8_t > ikm) -> Result< std::array< uint8_t, secret_size > >
HKDF-Extract function.
Definition crypto.cpp:56

kcenon::network::protocols::quic::hkdf::expand
static auto expand(std::span< const uint8_t > prk, std::span< const uint8_t > info, size_t length) -> Result< std::vector< uint8_t > >
HKDF-Expand function.
Definition crypto.cpp:124

kcenon::network::protocols::quic::initial_keys
Derives initial encryption keys from Destination Connection ID.
Definition crypto.h:111

kcenon::network::protocols::quic::initial_keys::derive_keys
static auto derive_keys(std::span< const uint8_t > initial_secret, bool is_client_keys) -> Result< quic_keys >
Derive keys from an initial secret.
Definition crypto.cpp:339

kcenon::network::protocols::quic::initial_keys::derive
static auto derive(const connection_id &dest_cid, uint32_t version=0x00000001) -> Result< key_pair >
Derive client and server initial keys.
Definition crypto.cpp:237

kcenon::network::protocols::quic::packet_number
QUIC packet number utilities (RFC 9000 Section 17.1)
Definition packet.h:174

kcenon::network::protocols::quic::packet_protection
QUIC packet protection (encryption/decryption) (RFC 9001 Section 5)
Definition crypto.h:146

kcenon::network::protocols::quic::packet_protection::unprotect_header
static auto unprotect_header(const quic_keys &keys, std::span< uint8_t > header, size_t pn_offset, std::span< const uint8_t > sample) -> Result< std::pair< uint8_t, size_t > >
Remove header protection.
Definition crypto.cpp:687

kcenon::network::protocols::quic::packet_protection::unprotect
static auto unprotect(const quic_keys &keys, std::span< const uint8_t > packet, size_t header_length, uint64_t packet_number) -> Result< std::pair< std::vector< uint8_t >, std::vector< uint8_t > > >
Unprotect (decrypt) a QUIC packet.
Definition crypto.cpp:508

kcenon::network::protocols::quic::packet_protection::make_nonce
static auto make_nonce(std::span< const uint8_t > iv, uint64_t packet_number) -> std::array< uint8_t, aead_iv_size >
Construct nonce from IV and packet number.
Definition crypto.cpp:408

kcenon::network::protocols::quic::packet_protection::protect_header
static auto protect_header(const quic_keys &keys, std::span< uint8_t > header, size_t pn_offset, size_t pn_length, std::span< const uint8_t > sample) -> VoidResult
Apply header protection.
Definition crypto.cpp:649

kcenon::network::protocols::quic::packet_protection::protect
static auto protect(const quic_keys &keys, std::span< const uint8_t > header, std::span< const uint8_t > payload, uint64_t packet_number) -> Result< std::vector< uint8_t > >
Protect (encrypt) a QUIC packet.
Definition crypto.cpp:425

kcenon::network::protocols::quic::packet_protection::generate_hp_mask
static auto generate_hp_mask(std::span< const uint8_t > hp_key, std::span< const uint8_t > sample) -> Result< std::array< uint8_t, 5 > >
Generate header protection mask using AES-ECB.
Definition crypto.cpp:598

kcenon::network::protocols::quic::quic_crypto
QUIC-TLS integration handler (RFC 9001)
Definition crypto.h:245

kcenon::network::protocols::quic::quic_crypto::init_server
auto init_server(const std::string &cert_file, const std::string &key_file) -> VoidResult
Initialize as server.
Definition crypto.cpp:827

kcenon::network::protocols::quic::quic_crypto::update_keys
auto update_keys() -> VoidResult
Perform a key update (1-RTT only)
Definition crypto.cpp:1052

kcenon::network::protocols::quic::quic_crypto::impl_
std::unique_ptr< impl > impl_
Definition crypto.h:448

kcenon::network::protocols::quic::quic_crypto::~quic_crypto
~quic_crypto()
Destructor (cleans up OpenSSL resources)

kcenon::network::protocols::quic::quic_crypto::start_handshake
auto start_handshake() -> Result< std::vector< uint8_t > >
Start the handshake (generate initial CRYPTO data)
Definition crypto.cpp:965

kcenon::network::protocols::quic::quic_crypto::quic_crypto
quic_crypto()
Default constructor.
Definition crypto.cpp:772

kcenon::network::protocols::quic::quic_crypto::get_read_keys
auto get_read_keys(encryption_level level) const -> Result< quic_keys >
Get read keys for an encryption level.
Definition crypto.cpp:1026

kcenon::network::protocols::quic::quic_crypto::get_alpn
auto get_alpn() const -> std::string
Get the negotiated ALPN protocol.
Definition crypto.cpp:1097

kcenon::network::protocols::quic::quic_crypto::is_early_data_accepted
auto is_early_data_accepted() const noexcept -> bool
Check if 0-RTT early data was accepted by the server.
Definition crypto.cpp:1177

kcenon::network::protocols::quic::quic_crypto::get_write_keys
auto get_write_keys(encryption_level level) const -> Result< quic_keys >
Get write keys for an encryption level.
Definition crypto.cpp:1013

kcenon::network::protocols::quic::quic_crypto::process_crypto_data
auto process_crypto_data(encryption_level level, std::span< const uint8_t > data) -> Result< std::vector< uint8_t > >
Process incoming CRYPTO frame data.
Definition crypto.cpp:912

kcenon::network::protocols::quic::quic_crypto::is_server
auto is_server() const noexcept -> bool
Check if this is a server instance.
Definition crypto.cpp:1132

kcenon::network::protocols::quic::quic_crypto::set_keys
void set_keys(encryption_level level, const quic_keys &read_keys, const quic_keys &write_keys)
Set keys for an encryption level (used during handshake)
Definition crypto.cpp:1039

kcenon::network::protocols::quic::quic_crypto::set_alpn
auto set_alpn(const std::vector< std::string > &protocols) -> VoidResult
Set ALPN protocols to offer/accept.
Definition crypto.cpp:1102

kcenon::network::protocols::quic::quic_crypto::session_ticket_callback_t
std::function< void( std::vector< uint8_t > ticket_data, uint32_t lifetime_hint, uint32_t ticket_age_add, uint32_t max_early_data)> session_ticket_callback_t
Callback type for receiving session tickets.
Definition crypto.h:390

kcenon::network::protocols::quic::quic_crypto::quic_crypto
quic_crypto(const quic_crypto &)=delete

kcenon::network::protocols::quic::quic_crypto::set_session_ticket
auto set_session_ticket(std::span< const uint8_t > ticket_data) -> VoidResult
Set a session ticket for 0-RTT resumption.
Definition crypto.cpp:1151

kcenon::network::protocols::quic::quic_crypto::operator=
quic_crypto & operator=(quic_crypto &&other) noexcept

kcenon::network::protocols::quic::quic_crypto::operator=
quic_crypto & operator=(const quic_crypto &)=delete

kcenon::network::protocols::quic::quic_crypto::init_client
auto init_client(const std::string &server_name) -> VoidResult
Initialize as client.
Definition crypto.cpp:782

kcenon::network::protocols::quic::quic_crypto::current_level
auto current_level() const noexcept -> encryption_level
Get current encryption level.
Definition crypto.cpp:1008

kcenon::network::protocols::quic::quic_crypto::derive_zero_rtt_keys
auto derive_zero_rtt_keys() -> VoidResult
Derive 0-RTT keys from session ticket.
Definition crypto.cpp:1182

kcenon::network::protocols::quic::quic_crypto::has_zero_rtt_keys
auto has_zero_rtt_keys() const noexcept -> bool
Check if 0-RTT keys are available.
Definition crypto.cpp:1265

kcenon::network::protocols::quic::quic_crypto::key_phase
auto key_phase() const noexcept -> uint8_t
Get current key phase (for key updates)
Definition crypto.cpp:1137

kcenon::network::protocols::quic::quic_crypto::derive_initial_secrets
auto derive_initial_secrets(const connection_id &dest_cid) -> VoidResult
Derive initial secrets from destination connection ID.
Definition crypto.cpp:883

kcenon::network::protocols::quic::quic_crypto::set_session_ticket_callback
void set_session_ticket_callback(session_ticket_callback_t cb)
Set callback for receiving session tickets.
Definition crypto.cpp:1146

kcenon::network::protocols::quic::quic_crypto::quic_crypto
quic_crypto(quic_crypto &&other) noexcept

kcenon::network::protocols::quic::quic_crypto::enable_early_data
auto enable_early_data(uint32_t max_early_data) -> VoidResult
Enable 0-RTT early data.
Definition crypto.cpp:1163

kcenon::network::protocols::quic::quic_crypto::is_handshake_complete
auto is_handshake_complete() const noexcept -> bool
Check if the handshake is complete.
Definition crypto.cpp:1003

connection_id.h
QUIC connection identifier type.

SSL_CTX
struct ssl_ctx_st SSL_CTX
Definition crypto.h:20

SSL
struct ssl_st SSL
Definition crypto.h:21

keys.h

kcenon::network::protocols::quic
Definition connection_id.h:27

kcenon::network::protocols::quic::initial_salt_v1
constexpr std::array< uint8_t, 20 > initial_salt_v1
QUIC version 1 initial salt (RFC 9001 Section 5.2)
Definition crypto.h:36

kcenon::network::protocols::quic::initial_salt_v2
constexpr std::array< uint8_t, 20 > initial_salt_v2
QUIC version 2 initial salt (RFC 9369)
Definition crypto.h:44

kcenon::network::protocols::quic::encryption_level
encryption_level
QUIC encryption levels (RFC 9001 Section 4)
Definition keys.h:54

kcenon::network::version
constexpr const char * version() noexcept
Get the network system version string.
Definition network.cppm:111

kcenon::network::VoidResult
Result< std::monostate > VoidResult
Definition result_types.h:162

result_types.h
Network-specific error and result type definitions.

kcenon::network::protocols::quic::quic_crypto::impl
Definition crypto.cpp:733

kcenon::network::protocols::quic::quic_keys
QUIC encryption keys for a single encryption level (RFC 9001 Section 5)
Definition keys.h:92