he.h

Go to the documentation of this file.

 
#ifndef HE
#define HE
 
// Needed headers
#include <stdbool.h>
#include <stdint.h>
#include <stdlib.h>
#include <string.h>
 
// Network headers
#include "he_plugin.h"
 
#define HE_MAX_WIRE_MTU 1500
#define HE_MAX_MTU 1350
#define HE_MAX_MTU_STR "1350"
 
#define HE_WIRE_MINIMUM_PROTOCOL_MAJOR_VERSION 1
#define HE_WIRE_MINIMUM_PROTOCOL_MINOR_VERSION 0
#define HE_WIRE_MAXIMUM_PROTOCOL_MAJOR_VERSION 1
#define HE_WIRE_MAXIMUM_PROTOCOL_MINOR_VERSION 2
 
#ifdef __GNUC__
#define HE_DEPRECATED(name) __attribute__((deprecated("use " #name " instead")))
#elif defined(_MSC_VER)
#define HE_DEPRECATED(name) __declspec(deprecated("use " #name " instead"))
#endif
 
#define HE_CONFIG_TEXT_FIELD_LENGTH 50
#define HE_MAX_IPV4_STRING_LENGTH 24
#define HE_MAX_HOSTNAME_LENGTH 255
 
typedef enum he_return_code {
  HE_SUCCESS = 0,
  HE_ERR_STRING_TOO_LONG = -1,
  HE_ERR_EMPTY_STRING = -2,
  HE_ERR_INVALID_CONN_STATE = -3,
  HE_ERR_NULL_POINTER = -4,
  HE_ERR_EMPTY_PACKET = -5,
  HE_ERR_PACKET_TOO_SMALL = -6,
  HE_ERR_ZERO_SIZE = -7,
  HE_ERR_NEGATIVE_NUMBER = -8,
  HE_ERR_INIT_FAILED = -9,
  HE_ERR_NO_MEMORY = -10,
  HE_ERR_NOT_HE_PACKET = -11,
  HE_ERR_SSL_BAD_FILETYPE = -12,
  HE_ERR_SSL_BAD_FILE = -13,
  HE_ERR_SSL_OUT_OF_MEMORY = -14,
  HE_ERR_SSL_ASN_INPUT = -15,
  HE_ERR_SSL_BUFFER = -16,
  HE_ERR_SSL_CERT = -17,
  HE_ERR_SSL_ERROR = -18,
  HE_ERR_CONF_USERNAME_NOT_SET = -19,
  HE_ERR_CONF_PASSWORD_NOT_SET = -20,
  HE_ERR_CONF_CA_NOT_SET = -21,
  HE_ERR_CONF_MTU_NOT_SET = -22,
  HE_WANT_READ = -23,
  HE_WANT_WRITE = -24,
  HE_ERR_CONF_OUTSIDE_WRITE_CB_NOT_SET = -25,
  HE_ERR_CONNECT_FAILED = -26,
  HE_CONNECTION_TIMED_OUT = -27,
  HE_ERR_NOT_CONNECTED = -28,
  HE_ERR_UNSUPPORTED_PACKET_TYPE = -29,
  HE_ERR_CONNECTION_WAS_CLOSED = -30,
  HE_ERR_BAD_PACKET = -31,
  HE_ERR_CALLBACK_FAILED = -32,
  HE_ERR_FAILED = -33,
  HE_ERR_SERVER_DN_MISMATCH = -34,
  HE_ERR_CANNOT_VERIFY_SERVER_CERT = -35,
  HE_ERR_NEVER_CONNECTED = -36,
  HE_ERR_INVALID_MTU_SIZE = -37,
  HE_ERR_CLEANUP_FAILED = -38,
  HE_ERR_REJECTED_SESSION = -39,
  HE_ERR_ACCESS_DENIED = -40,
  HE_ERR_PACKET_TOO_LARGE = -41,
  HE_ERR_INACTIVITY_TIMEOUT = -42,
  HE_ERR_POINTER_WOULD_OVERFLOW = -43,
  HE_ERR_INVALID_CONNECTION_TYPE = -46,
  HE_ERR_RNG_FAILURE = -47,
  HE_ERR_CONF_AUTH_CB_NOT_SET = -48,
  HE_ERR_PLUGIN_DROP = -49,
  HE_ERR_UNKNOWN_SESSION = -50,
  HE_ERR_SSL_ERROR_NONFATAL = -51,
  HE_ERR_INCORRECT_PROTOCOL_VERSION = -52,
  HE_ERR_CONF_CONFLICTING_AUTH_METHODS = -53,
  HE_ERR_ACCESS_DENIED_NO_AUTH_BUF_HANDLER = -54,
  HE_ERR_ACCESS_DENIED_NO_AUTH_USERPASS_HANDLER = -55,
  HE_ERR_SERVER_GOODBYE = -56,
  HE_ERR_INVALID_AUTH_TYPE = -57,
  HE_ERR_ACCESS_DENIED_NO_AUTH_TOKEN_HANDLER = -58,
  HE_ERR_PMTUD_CALLBACKS_NOT_SET = -59,
  HE_ERR_BAD_FRAGMENT = -60,
  HE_ERR_SECURE_RENEGOTIATION_ERROR = -61,
  HE_ERR_CANNOT_ENABLE_CH_FRAG = -62,
} he_return_code_t;
 
typedef enum he_conn_state {
  HE_STATE_NONE = 0,
  HE_STATE_DISCONNECTED = 1,
  HE_STATE_CONNECTING = 2,
  HE_STATE_DISCONNECTING = 4,
  HE_STATE_AUTHENTICATING = 5,
  HE_STATE_LINK_UP = 6,
  HE_STATE_ONLINE = 7,
  HE_STATE_CONFIGURING = 8,
} he_conn_state_t;
 
typedef enum he_conn_event {
  HE_EVENT_FIRST_MESSAGE_RECEIVED = 1,
  HE_EVENT_PONG = 2,
  HE_EVENT_REJECTED_FRAGMENTED_PACKETS_SENT_BY_HOST = 3,
  HE_EVENT_SECURE_RENEGOTIATION_STARTED = 4,
  HE_EVENT_SECURE_RENEGOTIATION_COMPLETED = 5,
  HE_EVENT_PENDING_SESSION_ACKNOWLEDGED = 6,
} he_conn_event_t;
 
typedef enum he_padding_type {
  HE_PADDING_NONE = 0,
  HE_PADDING_FULL = 1,
  HE_PADDING_450 = 2
} he_padding_type_t;
 
typedef enum he_connection_type {
  HE_CONNECTION_TYPE_DATAGRAM = 0,
  HE_CONNECTION_TYPE_STREAM = 1
} he_connection_type_t;
 
typedef enum he_connection_protocol {
  HE_CONNECTION_PROTOCOL_NONE = 0,
  HE_CONNECTION_PROTOCOL_TLS_1_3 = 1,
  HE_CONNECTION_PROTOCOL_DTLS_1_2 = 2,
  HE_CONNECTION_PROTOCOL_DTLS_1_3 = 3
} he_connection_protocol_t;
 
typedef enum he_pmtud_state {
  // The DISABLED state is the initial state before probing has started.
  // It is also entered from any other state, when the PL indicates loss of
  // connectivity. This state is left once the PL indicates connectivity to the
  // remote PL. When transitioning to the BASE state, a probe packet of size
  // BASE_PLPMTU can be sent immediately
  HE_PMTUD_STATE_DISABLED = 0,
 
  // The BASE state is used to confirm that the BASE_PLPMTU size is supported by
  // the network path and is designed to allow an application to continue working
  // when there are transient reductions in the actual PMTU. It also seeks to avoid
  // long periods when a sender searching for a larger PLPMTU is unaware that
  // packets are not being delivered due to a packet or ICMP black hole.
  HE_PMTUD_STATE_BASE = 1,
 
  // The SEARCHING state is the main probing state. This state is entered when
  // probing for the BASE_PLPMTU completes.
  HE_PMTUD_STATE_SEARCHING = 2,
 
  // The SEARCH_COMPLETE state indicates that a search has completed. This is the
  // normal maintenance state, where the PL is not probing to update the PLPMTU.
  // DPLPMTUD remains in this state until either the PMTU_RAISE_TIMER expires or a
  // black hole is detected.
  HE_PMTUD_STATE_SEARCH_COMPLETE = 3,
 
  // The ERROR state represents the case where either the network path is not known
  // to support a PLPMTU of at least the BASE_PLPMTU size or when there is
  // contradictory information about the network path that would otherwise result
  // in excessive variation in the MPS signaled to the higher layer. The state
  // implements a method to mitigate oscillation in the state-event engine.
  HE_PMTUD_STATE_ERROR = 4,
} he_pmtud_state_t;
 
typedef struct he_ssl_ctx he_ssl_ctx_t;
typedef struct he_conn he_conn_t;
typedef struct he_plugin_chain he_plugin_chain_t;
typedef struct he_network_config_ipv4 he_network_config_ipv4_t;
 
typedef struct he_client {
  he_ssl_ctx_t *ssl_ctx;
  he_conn_t *conn;
  he_plugin_chain_t *inside_plugins;
  he_plugin_chain_t *outside_plugins;
} he_client_t;
 
typedef void *(*he_malloc_t)(size_t size);
typedef void *(*he_calloc_t)(size_t nmemb, size_t size);
typedef void *(*he_realloc_t)(void *ptr, size_t size);
typedef void (*he_free_t)(void *ptr);
 
typedef enum he_auth_type {
  HE_AUTH_TYPE_USERPASS = 1,
 
  HE_AUTH_TYPE_TOKEN = 2,
 
  HE_AUTH_TYPE_CB = 23,
 
} he_auth_type_t;
 
typedef he_return_code_t (*he_state_change_cb_t)(he_conn_t *conn, he_conn_state_t new_state,
                                                 void *context);
 
typedef he_return_code_t (*he_inside_write_cb_t)(he_conn_t *conn, uint8_t *packet, size_t length,
                                                 void *context);
 
typedef he_return_code_t (*he_outside_write_cb_t)(he_conn_t *conn, uint8_t *packet, size_t length,
                                                  void *context);
 
typedef he_return_code_t (*he_network_config_ipv4_cb_t)(he_conn_t *conn,
                                                        he_network_config_ipv4_t *config,
                                                        void *context);
 
typedef he_return_code_t (*he_server_config_cb_t)(he_conn_t *conn, uint8_t *buffer, size_t length,
                                                  void *context);
 
typedef he_return_code_t (*he_event_cb_t)(he_conn_t *conn, he_conn_event_t event, void *context);
 
typedef he_return_code_t (*he_nudge_time_cb_t)(he_conn_t *conn, int timeout, void *context);
 
typedef bool (*he_auth_cb_t)(he_conn_t *conn, char const *username, char const *password,
                             void *context);
 
typedef bool (*he_auth_token_cb_t)(he_conn_t *conn, const uint8_t *token, size_t len,
                                   void *context);
 
typedef bool (*he_auth_buf_cb_t)(he_conn_t *conn, uint8_t auth_type, uint8_t *buffer,
                                 uint16_t length, void *context);
 
typedef he_return_code_t (*he_populate_network_config_ipv4_cb_t)(he_conn_t *conn,
                                                                 he_network_config_ipv4_t *config,
                                                                 void *context);
 
typedef he_return_code_t (*he_pmtud_time_cb_t)(he_conn_t *conn, int timeout, void *context);
 
typedef he_return_code_t (*he_pmtud_state_change_cb_t)(he_conn_t *conn, he_pmtud_state_t state,
                                                       void *context);
 
typedef struct he_network_config_ipv4 {
  char local_ip[HE_MAX_IPV4_STRING_LENGTH];
  char peer_ip[HE_MAX_IPV4_STRING_LENGTH];
  char dns_ip[HE_MAX_IPV4_STRING_LENGTH];
  int mtu;
} he_network_config_ipv4_t;
 
#pragma pack(1)
 
typedef struct he_wire_hdr {
  // First two bytes to contain the 'H' and 'e'
  char he[2];
  // Version of the wire protocol
  uint8_t major_version;
  uint8_t minor_version;
  // Request aggressive mode
  uint8_t aggressive_mode;
  // Three bytes reserved for future use
  uint8_t reserved[3];
  // 64 bit session identifier
  uint64_t session;
} he_wire_hdr_t;
 
#pragma pack()
 
static const uint64_t HE_PACKET_SESSION_REJECT = 0xFFFFFFFFFFFFFFFF;
static const uint64_t HE_PACKET_SESSION_EMPTY = 0x0000000000000000;
 
#endif  // HE_H