protocol-quic 0.0.0

data/ext/ngtcp2/crypto/includes/ngtcp2/ngtcp2_crypto_boringssl.h

@@ -0,0 +1,104 @@
+/*
+ * ngtcp2
+ *
+ * Copyright (c) 2020 ngtcp2 contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining
+ * a copy of this software and associated documentation files (the
+ * "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to
+ * the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+ * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+ * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+ * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+#ifndef NGTCP2_CRYPTO_BORINGSSL_H
+#define NGTCP2_CRYPTO_BORINGSSL_H
+
+#include <ngtcp2/ngtcp2.h>
+
+#include <openssl/ssl.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * @function
+ *
+ * `ngtcp2_crypto_boringssl_from_ssl_encryption_level` translates
+ * |ssl_level| to :type:`ngtcp2_crypto_level`.  This function is only
+ * available for BoringSSL backend.
+ */
+NGTCP2_EXTERN ngtcp2_crypto_level
+ngtcp2_crypto_boringssl_from_ssl_encryption_level(
+    enum ssl_encryption_level_t ssl_level);
+
+/**
+ * @function
+ *
+ * `ngtcp2_crypto_boringssl_from_ngtcp2_crypto_level` translates
+ * |crypto_level| to ssl_encryption_level_t.  This function is only
+ * available for BoringSSL backend.
+ */
+NGTCP2_EXTERN enum ssl_encryption_level_t
+ngtcp2_crypto_boringssl_from_ngtcp2_crypto_level(
+    ngtcp2_crypto_level crypto_level);
+
+/**
+ * @function
+ *
+ * `ngtcp2_crypto_boringssl_configure_server_context` configures
+ * |ssl_ctx| for server side QUIC connection.  It performs the
+ * following modifications:
+ *
+ * - Set minimum and maximum TLS version to TLSv1.3.
+ * - Set SSL_QUIC_METHOD by calling SSL_CTX_set_quic_method.
+ *
+ * Application must set a pointer to :type:`ngtcp2_crypto_conn_ref` to
+ * SSL object by calling SSL_set_app_data, and
+ * :type:`ngtcp2_crypto_conn_ref` object must have
+ * :member:`ngtcp2_crypto_conn_ref.get_conn` field assigned to get
+ * :type:`ngtcp2_conn`.
+ *
+ * It returns 0 if it succeeds, or -1.
+ */
+NGTCP2_EXTERN int
+ngtcp2_crypto_boringssl_configure_server_context(SSL_CTX *ssl_ctx);
+
+/**
+ * @function
+ *
+ * `ngtcp2_crypto_boringssl_configure_client_context` configures
+ * |ssl_ctx| for client side QUIC connection.  It performs the
+ * following modifications:
+ *
+ * - Set minimum and maximum TLS version to TLSv1.3.
+ * - Set SSL_QUIC_METHOD by calling SSL_CTX_set_quic_method.
+ *
+ * Application must set a pointer to :type:`ngtcp2_crypto_conn_ref` to
+ * SSL object by calling SSL_set_app_data, and
+ * :type:`ngtcp2_crypto_conn_ref` object must have
+ * :member:`ngtcp2_crypto_conn_ref.get_conn` field assigned to get
+ * :type:`ngtcp2_conn`.
+ *
+ * It returns 0 if it succeeds, or -1.
+ */
+NGTCP2_EXTERN int
+ngtcp2_crypto_boringssl_configure_client_context(SSL_CTX *ssl_ctx);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* NGTCP2_CRYPTO_BORINGSSL_H */

data/ext/ngtcp2/crypto/includes/ngtcp2/ngtcp2_crypto_gnutls.h

@@ -0,0 +1,107 @@
+/*
+ * ngtcp2
+ *
+ * Copyright (c) 2020 ngtcp2 contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining
+ * a copy of this software and associated documentation files (the
+ * "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to
+ * the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+ * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+ * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+ * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+#ifndef NGTCP2_CRYPTO_GNUTLS_H
+#define NGTCP2_CRYPTO_GNUTLS_H
+
+#include <ngtcp2/ngtcp2.h>
+
+#include <gnutls/gnutls.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * @function
+ *
+ * `ngtcp2_crypto_gnutls_from_gnutls_record_encryption_level`
+ * translates |gtls_level| to :type:`ngtcp2_crypto_level`.  This
+ * function is only available for GnuTLS backend.
+ */
+NGTCP2_EXTERN ngtcp2_crypto_level
+ngtcp2_crypto_gnutls_from_gnutls_record_encryption_level(
+    gnutls_record_encryption_level_t gtls_level);
+
+/**
+ * @function
+ *
+ * `ngtcp2_crypto_gnutls_from_ngtcp2_crypto_level` translates
+ * |crypto_level| to gnutls_record_encryption_level_t.  This function
+ * is only available for GnuTLS backend.
+ */
+NGTCP2_EXTERN gnutls_record_encryption_level_t
+ngtcp2_crypto_gnutls_from_ngtcp2_level(ngtcp2_crypto_level crypto_level);
+
+/**
+ * @function
+ *
+ * `ngtcp2_crypto_gnutls_configure_server_session` configures
+ * |session| for server side QUIC connection.  It performs the
+ * following modifications:
+ *
+ * - Set gnutls_handshake_set_secret_function.
+ * - Set gnutls_handshake_set_read_function.
+ * - Set gnutls_alert_set_read_function.
+ * - Register a TLS extension handler for QUIC Transport Parameters.
+ *
+ * Application must set a pointer to :type:`ngtcp2_crypto_conn_ref` to
+ * gnutls_session_t object by calling gnutls_session_set_ptr, and
+ * :type:`ngtcp2_crypto_conn_ref` object must have
+ * :member:`ngtcp2_crypto_conn_ref.get_conn` field assigned to get
+ * :type:`ngtcp2_conn`.
+ *
+ * It returns 0 if it succeeds, or -1.
+ */
+NGTCP2_EXTERN int
+ngtcp2_crypto_gnutls_configure_server_session(gnutls_session_t session);
+
+/**
+ * @function
+ *
+ * `ngtcp2_crypto_gnutls_configure_client_session` configures
+ * |session| for client side QUIC connection.  It performs the
+ * following modifications:
+ *
+ * - Set gnutls_handshake_set_secret_function.
+ * - Set gnutls_handshake_set_read_function.
+ * - Set gnutls_alert_set_read_function.
+ * - Register a TLS extension handler for QUIC Transport Parameters.
+ *
+ * Application must set a pointer to :type:`ngtcp2_crypto_conn_ref` to
+ * gnutls_session_t object by calling gnutls_session_set_ptr, and
+ * :type:`ngtcp2_crypto_conn_ref` object must have
+ * :member:`ngtcp2_crypto_conn_ref.get_conn` field assigned to get
+ * :type:`ngtcp2_conn`.
+ *
+ * It returns 0 if it succeeds, or -1.
+ */
+NGTCP2_EXTERN int
+ngtcp2_crypto_gnutls_configure_client_session(gnutls_session_t session);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* NGTCP2_CRYPTO_GNUTLS_H */

data/ext/ngtcp2/crypto/includes/ngtcp2/ngtcp2_crypto_openssl.h

@@ -0,0 +1,132 @@
+/*
+ * ngtcp2
+ *
+ * Copyright (c) 2019 ngtcp2 contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining
+ * a copy of this software and associated documentation files (the
+ * "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to
+ * the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+ * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+ * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+ * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+#ifndef NGTCP2_CRYPTO_OPENSSL_H
+#define NGTCP2_CRYPTO_OPENSSL_H
+
+#include <ngtcp2/ngtcp2.h>
+
+#include <openssl/ssl.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * @macrosection
+ *
+ * OpenSSL specific error codes
+ */
+
+/**
+ * @macro
+ *
+ * :macro:`NGTCP2_CRYPTO_OPENSSL_ERR_TLS_WANT_X509_LOOKUP` is the
+ * error code which indicates that TLS handshake routine is
+ * interrupted by X509 certificate lookup.  See
+ * :macro:`SSL_ERROR_WANT_X509_LOOKUP` error description from
+ * `SSL_do_handshake`.
+ */
+#define NGTCP2_CRYPTO_OPENSSL_ERR_TLS_WANT_X509_LOOKUP -10001
+
+/**
+ * @macro
+ *
+ * :macro:`NGTCP2_CRYPTO_OPENSSL_ERR_TLS_WANT_CLIENT_HELLO_CB` is the
+ * error code which indicates that TLS handshake routine is
+ * interrupted by client hello callback.  See
+ * :macro:`SSL_ERROR_WANT_CLIENT_HELLO_CB` error description from
+ * `SSL_do_handshake`.
+ */
+#define NGTCP2_CRYPTO_OPENSSL_ERR_TLS_WANT_CLIENT_HELLO_CB -10002
+
+/**
+ * @function
+ *
+ * `ngtcp2_crypto_openssl_from_ossl_encryption_level` translates
+ * |ossl_level| to :type:`ngtcp2_crypto_level`.  This function is only
+ * available for OpenSSL backend.
+ */
+NGTCP2_EXTERN ngtcp2_crypto_level
+ngtcp2_crypto_openssl_from_ossl_encryption_level(
+    OSSL_ENCRYPTION_LEVEL ossl_level);
+
+/**
+ * @function
+ *
+ * `ngtcp2_crypto_openssl_from_ngtcp2_crypto_level` translates
+ * |crypto_level| to OSSL_ENCRYPTION_LEVEL.  This function is only
+ * available for OpenSSL backend.
+ */
+NGTCP2_EXTERN OSSL_ENCRYPTION_LEVEL
+ngtcp2_crypto_openssl_from_ngtcp2_crypto_level(
+    ngtcp2_crypto_level crypto_level);
+
+/**
+ * @function
+ *
+ * `ngtcp2_crypto_openssl_configure_server_context` configures
+ * |ssl_ctx| for server side QUIC connection.  It performs the
+ * following modifications:
+ *
+ * - Set minimum and maximum TLS version to TLSv1.3.
+ * - Set SSL_QUIC_METHOD by calling SSL_CTX_set_quic_method.
+ *
+ * Application must set a pointer to :type:`ngtcp2_crypto_conn_ref` to
+ * SSL object by calling SSL_set_app_data, and
+ * :type:`ngtcp2_crypto_conn_ref` object must have
+ * :member:`ngtcp2_crypto_conn_ref.get_conn` field assigned to get
+ * :type:`ngtcp2_conn`.
+ *
+ * It returns 0 if it succeeds, or -1.
+ */
+NGTCP2_EXTERN int
+ngtcp2_crypto_openssl_configure_server_context(SSL_CTX *ssl_ctx);
+
+/**
+ * @function
+ *
+ * `ngtcp2_crypto_openssl_configure_client_context` configures
+ * |ssl_ctx| for client side QUIC connection.  It performs the
+ * following modifications:
+ *
+ * - Set minimum and maximum TLS version to TLSv1.3.
+ * - Set SSL_QUIC_METHOD by calling SSL_CTX_set_quic_method.
+ *
+ * Application must set a pointer to :type:`ngtcp2_crypto_conn_ref` to
+ * SSL object by calling SSL_set_app_data, and
+ * :type:`ngtcp2_crypto_conn_ref` object must have
+ * :member:`ngtcp2_crypto_conn_ref.get_conn` field assigned to get
+ * :type:`ngtcp2_conn`.
+ *
+ * It returns 0 if it succeeds, or -1.
+ */
+NGTCP2_EXTERN int
+ngtcp2_crypto_openssl_configure_client_context(SSL_CTX *ssl_ctx);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* NGTCP2_CRYPTO_OPENSSL_H */

data/ext/ngtcp2/crypto/includes/ngtcp2/ngtcp2_crypto_picotls.h

@@ -0,0 +1,246 @@
+/*
+ * ngtcp2
+ *
+ * Copyright (c) 2022 ngtcp2 contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining
+ * a copy of this software and associated documentation files (the
+ * "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to
+ * the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+ * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+ * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+ * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+#ifndef NGTCP2_CRYPTO_PICOTLS_H
+#define NGTCP2_CRYPTO_PICOTLS_H
+
+#include <ngtcp2/ngtcp2.h>
+
+#include <picotls.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * @struct
+ *
+ * :type:`ngtcp2_crypto_picotls_ctx` contains per-connection state
+ * of Picotls objects and must be an object to bet set to
+ * `ngtcp2_conn_set_tls_native_handle`.
+ */
+typedef struct ngtcp2_crypto_picotls_ctx {
+  /**
+   * :member:`ptls` is a pointer to ptls_t object.
+   */
+  ptls_t *ptls;
+  /**
+   * :member:`handshake_properties` is a set of configurations used
+   * during this particular TLS handshake.
+   */
+  ptls_handshake_properties_t handshake_properties;
+} ngtcp2_crypto_picotls_ctx;
+
+/**
+ * @function
+ *
+ * `ngtcp2_crypto_picotls_ctx_init` initializes the object pointed by
+ * |cptls|.  |cptls| must not be NULL.
+ */
+NGTCP2_EXTERN void
+ngtcp2_crypto_picotls_ctx_init(ngtcp2_crypto_picotls_ctx *cptls);
+
+/**
+ * @function
+ *
+ * `ngtcp2_crypto_picotls_from_epoch` translates |epoch| to
+ * :type:`ngtcp2_crypto_level`.  This function is only available for
+ * Picotls backend.
+ */
+NGTCP2_EXTERN ngtcp2_crypto_level
+ngtcp2_crypto_picotls_from_epoch(size_t epoch);
+
+/**
+ * @function
+ *
+ * `ngtcp2_crypto_picotls_from_ngtcp2_crypto_level` translates
+ * |crypto_level| to epoch.  This function is only available for
+ * Picotls backend.
+ */
+NGTCP2_EXTERN size_t ngtcp2_crypto_picotls_from_ngtcp2_crypto_level(
+    ngtcp2_crypto_level crypto_level);
+
+/**
+ * @function
+ *
+ * `ngtcp2_crypto_picotls_configure_server_context` configures |ctx|
+ * for server side QUIC connection.  It performs the following
+ * modifications:
+ *
+ * - Set max_early_data_size to UINT32_MAX.
+ * - Set omit_end_of_early_data to 1.
+ * - Set update_traffic_key callback.
+ *
+ * Application must set a pointer to :type:`ngtcp2_crypto_conn_ref` to
+ * ptls_t object by assigning the pointer using ptls_get_data_ptr, and
+ * :type:`ngtcp2_crypto_conn_ref` object must have
+ * :member:`ngtcp2_crypto_conn_ref.get_conn` field assigned to get
+ * :type:`ngtcp2_conn`.
+ *
+ * It returns 0 if it succeeds, or -1.
+ */
+NGTCP2_EXTERN int
+ngtcp2_crypto_picotls_configure_server_context(ptls_context_t *ctx);
+
+/**
+ * @function
+ *
+ * `ngtcp2_crypto_picotls_configure_client_context` configures |ctx|
+ * for client side QUIC connection.  It performs the following
+ * modifications:
+ *
+ * - Set omit_end_of_early_data to 1.
+ * - Set update_traffic_key callback.
+ *
+ * Application must set a pointer to :type:`ngtcp2_crypto_conn_ref` to
+ * ptls_t object by assigning the pointer using ptls_get_data_ptr, and
+ * :type:`ngtcp2_crypto_conn_ref` object must have
+ * :member:`ngtcp2_crypto_conn_ref.get_conn` field assigned to get
+ * :type:`ngtcp2_conn`.
+ *
+ * It returns 0 if it succeeds, or -1.
+ */
+NGTCP2_EXTERN int
+ngtcp2_crypto_picotls_configure_client_context(ptls_context_t *ctx);
+
+/**
+ * @function
+ *
+ * `ngtcp2_crypto_picotls_configure_server_session` configures |cptls|
+ * for server side QUIC connection.  It performs the following
+ * modifications:
+ *
+ * - Set handshake_properties.collect_extension to
+ *   `ngtcp2_crypto_picotls_collect_extension`.
+ * - Set handshake_properties.collected_extensions to
+ *   `ngtcp2_crypto_picotls_collected_extensions`.
+ *
+ * The callbacks set by this function only handle QUIC Transport
+ * Parameters TLS extension.  If an application needs to handle the
+ * other TLS extensions, set its own callbacks and call
+ * `ngtcp2_crypto_picotls_collect_extension` and
+ * `ngtcp2_crypto_picotls_collected_extensions` form them.
+ *
+ * During the QUIC handshake, the first element of
+ * handshake_properties.additional_extensions is assigned to send QUIC
+ * Transport Parameter TLS extension.  Therefore, an application must
+ * allocate at least 2 elements for
+ * handshake_properties.additional_extensions.
+ *
+ * Call `ngtcp2_crypto_picotls_deconfigure_session` to free up the
+ * resources.
+ *
+ * Application must set a pointer to :type:`ngtcp2_crypto_conn_ref` to
+ * ptls_t object by assigning the pointer using ptls_get_data_ptr, and
+ * :type:`ngtcp2_crypto_conn_ref` object must have
+ * :member:`ngtcp2_crypto_conn_ref.get_conn` field assigned to get
+ * :type:`ngtcp2_conn`.
+ *
+ * It returns 0 if it succeeds, or -1.
+ */
+NGTCP2_EXTERN int ngtcp2_crypto_picotls_configure_server_session(
+    ngtcp2_crypto_picotls_ctx *cptls);
+
+/**
+ * @function
+ *
+ * `ngtcp2_crypto_picotls_configure_client_session` configures |cptls|
+ * for client side QUIC connection.  It performs the following
+ * modifications:
+ *
+ * - Set handshake_properties.max_early_data_size to a pointer to
+ *   uint32_t, which is allocated dynamically by this function.
+ * - Set handshake_properties.collect_extension to
+ *   `ngtcp2_crypto_picotls_collect_extension`.
+ * - Set handshake_properties.collected_extensions to
+ *   `ngtcp2_crypto_picotls_collected_extensions`.
+ * - Set handshake_properties.additional_extensions[0].data to the
+ *   dynamically allocated buffer which contains QUIC Transport
+ *   Parameters TLS extension.  An application must allocate at least
+ *   2 elements for handshake_properties.additional_extensions.
+ *
+ * The callbacks set by this function only handle QUIC Transport
+ * Parameters TLS extension.  If an application needs to handle the
+ * other TLS extensions, set its own callbacks and call
+ * `ngtcp2_crypto_picotls_collect_extension` and
+ * `ngtcp2_crypto_picotls_collected_extensions` form them.
+ *
+ * Call `ngtcp2_crypto_picotls_deconfigure_session` to free up the
+ * resources.
+ *
+ * Application must set a pointer to :type:`ngtcp2_crypto_conn_ref` to
+ * ptls_t object by assigning the pointer using ptls_get_data_ptr, and
+ * :type:`ngtcp2_crypto_conn_ref` object must have
+ * :member:`ngtcp2_crypto_conn_ref.get_conn` field assigned to get
+ * :type:`ngtcp2_conn`.
+ *
+ * It returns 0 if it succeeds, or -1.
+ */
+NGTCP2_EXTERN int
+ngtcp2_crypto_picotls_configure_client_session(ngtcp2_crypto_picotls_ctx *cptls,
+                                               ngtcp2_conn *conn);
+
+/**
+ * @function
+ *
+ * `ngtcp2_crypto_picotls_deconfigure_session` frees the resources
+ * allocated for |cptls| during QUIC connection.  It frees the
+ * following data using :manpage:`free(3)`.
+ *
+ * - handshake_properties.max_early_data_size
+ * - handshake_properties.additional_extensions[0].data.base
+ *
+ * If |cptls| is NULL, this function does nothing.
+ */
+NGTCP2_EXTERN void
+ngtcp2_crypto_picotls_deconfigure_session(ngtcp2_crypto_picotls_ctx *cptls);
+
+/**
+ * @function
+ *
+ * `ngtcp2_crypto_picotls_collect_extension` is a callback function
+ * which only returns nonzero if |type| ==
+ * :macro:`NGTCP2_TLSEXT_QUIC_TRANSPORT_PARAMETERS_V1`.
+ */
+NGTCP2_EXTERN int ngtcp2_crypto_picotls_collect_extension(
+    ptls_t *ptls, struct st_ptls_handshake_properties_t *properties,
+    uint16_t type);
+
+/**
+ * @function
+ *
+ * `ngtcp2_crypto_picotls_collected_extensions` is a callback function
+ * which only handles the extension of type
+ * :macro:`NGTCP2_TLSEXT_QUIC_TRANSPORT_PARAMETERS_V1`.  The other
+ * extensions are ignored.
+ */
+NGTCP2_EXTERN int ngtcp2_crypto_picotls_collected_extensions(
+    ptls_t *ptls, struct st_ptls_handshake_properties_t *properties,
+    ptls_raw_extension_t *extensions);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* NGTCP2_CRYPTO_PICOTLS_H */

data/ext/ngtcp2/crypto/includes/ngtcp2/ngtcp2_crypto_wolfssl.h

@@ -0,0 +1,106 @@
+/*
+ * ngtcp2
+ *
+ * Copyright (c) 2022 ngtcp2 contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining
+ * a copy of this software and associated documentation files (the
+ * "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to
+ * the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+ * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+ * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+ * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+#ifndef NGTCP2_CRYPTO_WOLFSSL_H
+#define NGTCP2_CRYPTO_WOLFSSL_H
+
+#include <ngtcp2/ngtcp2.h>
+
+#include <wolfssl/options.h>
+#include <wolfssl/ssl.h>
+#include <wolfssl/quic.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * @function
+ *
+ * `ngtcp2_crypto_wolfssl_from_wolfssl_encryption_level` translates
+ * |wolfssl_level| to :type:`ngtcp2_crypto_level`.  This function is only
+ * available for wolfSSL backend.
+ */
+NGTCP2_EXTERN ngtcp2_crypto_level
+ngtcp2_crypto_wolfssl_from_wolfssl_encryption_level(
+    WOLFSSL_ENCRYPTION_LEVEL wolfssl_level);
+
+/**
+ * @function
+ *
+ * `ngtcp2_crypto_wolfssl_from_ngtcp2_crypto_level` translates
+ * |crypto_level| to WOLFSSL_ENCRYPTION_LEVEL.  This function is only
+ * available for wolfSSL backend.
+ */
+NGTCP2_EXTERN WOLFSSL_ENCRYPTION_LEVEL
+ngtcp2_crypto_wolfssl_from_ngtcp2_crypto_level(
+    ngtcp2_crypto_level crypto_level);
+
+/**
+ * @function
+ *
+ * `ngtcp2_crypto_wolfssl_configure_server_context` configures
+ * |ssl_ctx| for server side QUIC connection.  It performs the
+ * following modifications:
+ *
+ * - Set minimum and maximum TLS version to TLSv1.3.
+ * - Set WOLFSSL_QUIC_METHOD by calling wolfSSL_CTX_set_quic_method.
+ *
+ * Application must set a pointer to :type:`ngtcp2_crypto_conn_ref` to
+ * WOLFSSL object by calling wolfSSL_set_app_data, and
+ * :type:`ngtcp2_crypto_conn_ref` object must have
+ * :member:`ngtcp2_crypto_conn_ref.get_conn` field assigned to get
+ * :type:`ngtcp2_conn`.
+ *
+ * It returns 0 if it succeeds, or -1.
+ */
+NGTCP2_EXTERN int
+ngtcp2_crypto_wolfssl_configure_server_context(WOLFSSL_CTX *ssl_ctx);
+
+/**
+ * @function
+ *
+ * `ngtcp2_crypto_wolfssl_configure_client_context` configures
+ * |ssl_ctx| for client side QUIC connection.  It performs the
+ * following modifications:
+ *
+ * - Set minimum and maximum TLS version to TLSv1.3.
+ * - Set WOLFSSL_QUIC_METHOD by calling wolfSSL_CTX_set_quic_method.
+ *
+ * Application must set a pointer to :type:`ngtcp2_crypto_conn_ref` to
+ * SSL object by calling wolfSSL_set_app_data, and
+ * :type:`ngtcp2_crypto_conn_ref` object must have
+ * :member:`ngtcp2_crypto_conn_ref.get_conn` field assigned to get
+ * :type:`ngtcp2_conn`.
+ *
+ * It returns 0 if it succeeds, or -1.
+ */
+NGTCP2_EXTERN int
+ngtcp2_crypto_wolfssl_configure_client_context(WOLFSSL_CTX *ssl_ctx);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* NGTCP2_CRYPTO_WOLFSSL_H */