1 // Copyright 2019 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef QUICHE_QUIC_MASQUE_MASQUE_UTILS_H_ 6 #define QUICHE_QUIC_MASQUE_MASQUE_UTILS_H_ 7 8 #include <cstddef> 9 #include <cstdint> 10 #include <ostream> 11 #include <string> 12 13 #include "absl/strings/string_view.h" 14 #include "quiche/quic/core/quic_config.h" 15 #include "quiche/quic/core/quic_types.h" 16 #include "quiche/quic/core/quic_versions.h" 17 #include "quiche/quic/platform/api/quic_export.h" 18 #include "quiche/quic/platform/api/quic_ip_address.h" 19 20 namespace quic { 21 22 // List of QUIC versions that support MASQUE. Currently restricted to IETF QUIC. 23 QUIC_NO_EXPORT ParsedQuicVersionVector MasqueSupportedVersions(); 24 25 // Default QuicConfig for use with MASQUE. Sets a custom max_packet_size. 26 QUIC_NO_EXPORT QuicConfig MasqueEncapsulatedConfig(); 27 28 // Maximum packet size for encapsulated connections. 29 enum : QuicByteCount { 30 kMasqueMaxEncapsulatedPacketSize = 1250, 31 kMasqueMaxOuterPacketSize = 1350, 32 kMasqueIpPacketBufferSize = 1501, 33 // Enough for a VLAN tag, but not Stacked VLANs. 34 kMasqueEthernetFrameBufferSize = 1523, 35 }; 36 37 // Mode that MASQUE is operating in. 38 enum class MasqueMode : uint8_t { 39 kInvalid = 0, // Should never be used. 40 kOpen = 2, // Open mode uses the MASQUE HTTP CONNECT-UDP method as documented 41 // in <https://www.rfc-editor.org/rfc/rfc9298.html>. This mode allows 42 // unauthenticated clients (a more restricted mode will be added to this enum 43 // at a later date). 44 kConnectIp = 45 1, // ConnectIp mode uses MASQUE HTTP CONNECT-IP as documented in 46 // <https://datatracker.ietf.org/doc/html/draft-ietf-masque-connect-ip>. This 47 // mode also allows unauthenticated clients. 48 kConnectEthernet = 49 3, // ConnectEthernet mode uses MASQUE HTTP CONNECT-ETHERNET. 50 // <https://datatracker.ietf.org/doc/draft-asedeno-masque-connect-ethernet/> 51 // This mode also allows unauthenticated clients. 52 }; 53 54 QUIC_NO_EXPORT std::string MasqueModeToString(MasqueMode masque_mode); 55 QUIC_NO_EXPORT std::ostream& operator<<(std::ostream& os, 56 const MasqueMode& masque_mode); 57 58 // Create a TUN interface, with the specified `client_address`. Requires root. 59 int CreateTunInterface(const QuicIpAddress& client_address, bool server = true); 60 61 // Create a TAP interface. Requires root. 62 int CreateTapInterface(); 63 64 inline constexpr size_t kSignatureAuthSignatureInputSize = 32; 65 inline constexpr size_t kSignatureAuthVerificationSize = 16; 66 inline constexpr size_t kSignatureAuthExporterSize = 67 kSignatureAuthSignatureInputSize + kSignatureAuthVerificationSize; 68 inline constexpr uint16_t kEd25519SignatureScheme = 0x0807; 69 inline constexpr absl::string_view kSignatureAuthLabel = 70 "EXPORTER-HTTP-Signature-Authentication"; 71 72 // Returns the signature auth TLS key exporter context. 73 QUIC_NO_EXPORT std::string ComputeSignatureAuthContext( 74 uint16_t signature_scheme, absl::string_view key_id, 75 absl::string_view public_key, absl::string_view scheme, 76 absl::string_view host, uint16_t port, absl::string_view realm); 77 78 // Returns the data covered by signature auth signatures, computed by 79 // concatenating a fixed prefix from the specification and the signature input. 80 QUIC_NO_EXPORT std::string SignatureAuthDataCoveredBySignature( 81 absl::string_view signature_input); 82 83 } // namespace quic 84 85 #endif // QUICHE_QUIC_MASQUE_MASQUE_UTILS_H_ 86