Line data Source code
1 : #ifndef HEADER_src_waltz_tls_fd_tls_proto_h
2 : #define HEADER_src_waltz_tls_fd_tls_proto_h
3 :
4 : /* fd_tls_proto.h declares various TLS v1.3 data structures and provides
5 : internal APIs to decode and encode them from/to wire format.
6 :
7 : Most encodings in TLS v1.3 are laid out dynamically and cannot be
8 : represented with packed C structs, such as variable-length lists and
9 : "unions" (fields that may hold one of multiple data types). For this
10 : dynamic kind of data, fd_tls_proto declares custom structs and
11 : provides an encode/decode API.
12 :
13 : A small number of type encodings are laid out statically. For these,
14 : a packed C struct and a "bswap" (endianness conversion) function is
15 : provided. */
16 :
17 : #include "../fd_waltz_base.h"
18 : #include <stddef.h>
19 :
20 : /* TLS Extensions *****************************************************/
21 :
22 : struct __attribute__((packed)) fd_tls_ext_hdr {
23 : ushort type;
24 : ushort sz;
25 : };
26 :
27 : typedef struct fd_tls_ext_hdr fd_tls_ext_hdr_t;
28 :
29 : /* Supported TLS versions (RFC 8446)
30 : Type: FD_TLS_EXT_TYPE_SUPPORTED_VERSIONS */
31 :
32 : struct fd_tls_ext_supported_versions {
33 : uchar tls13 : 1;
34 : };
35 :
36 : typedef struct fd_tls_ext_supported_versions fd_tls_ext_supported_versions_t;
37 :
38 : /* Server name indication (RFC 6066)
39 : Type: FD_TLS_EXT_TYPE_SERVER_NAME (0) */
40 :
41 : struct fd_tls_ext_server_name {
42 : ushort host_name_len; /* Length of name cstr (excluding NUL) */
43 : char host_name[ 254 ]; /* Name cstr */
44 : };
45 :
46 : typedef struct fd_tls_ext_server_name fd_tls_ext_server_name_t;
47 :
48 : /* Supported ECDHE groups (RFC 8422, 7919)
49 : Type: FD_TLS_EXT_TYPE_SUPPORTED_GROUPS */
50 :
51 : struct fd_tls_ext_supported_groups {
52 : uchar x25519 : 1;
53 : };
54 :
55 : typedef struct fd_tls_ext_supported_groups fd_tls_ext_supported_groups_t;
56 :
57 : /* Supported signature schemes (RFC 8446)
58 : Type: FD_TLS_EXT_TYPE_SIGNATURE_ALGORITHMS */
59 :
60 : struct fd_tls_ext_signature_algorithms {
61 : uchar ed25519 : 1;
62 : };
63 :
64 : typedef struct fd_tls_ext_signature_algorithms fd_tls_ext_signature_algorithms_t;
65 :
66 : struct fd_tls_key_share {
67 : uchar has_x25519 : 1;
68 : uchar x25519[ 32 ];
69 : };
70 :
71 : typedef struct fd_tls_key_share fd_tls_key_share_t;
72 :
73 : union fd_tls_ext_cert_type_list {
74 : struct {
75 : uchar present : 1; /* if 0, indicates that this extension is missing */
76 : uchar x509 : 1;
77 : uchar raw_pubkey : 1;
78 : };
79 : uchar uc;
80 : };
81 :
82 : typedef union fd_tls_ext_cert_type_list fd_tls_ext_cert_type_list_t;
83 :
84 : struct fd_tls_ext_cert_type {
85 : uchar cert_type;
86 : };
87 :
88 : typedef struct fd_tls_ext_cert_type fd_tls_ext_cert_type_t;
89 :
90 : /* fd_tls_ext_opaque_t holds a pointer to opaque serialized extension
91 : data. Lifetime of buf depends on context -- Look for documentation
92 : in usages of this structure.
93 :
94 : This structure can have 3 subtly different meanings:
95 : (!!buf) & (!!bufsz) Extension present, non-zero sz
96 : (!!buf) & ( !bufsz) Extension present, zero sz
97 : ( !buf) & ( !bufsz) Extension absent
98 :
99 : Notably,
100 : (!buf ) ... implies extension is absent
101 : (!bufsz) ... implies extension is absent or zero sz */
102 :
103 : struct fd_tls_ext_opaque {
104 : uchar const * buf;
105 : ulong bufsz;
106 : };
107 :
108 : typedef struct fd_tls_ext_opaque fd_tls_ext_opaque_t;
109 : typedef struct fd_tls_ext_opaque fd_tls_ext_quic_tp_t;
110 : typedef struct fd_tls_ext_opaque fd_tls_ext_alpn_t;
111 :
112 : /* TLS Messages *******************************************************/
113 :
114 : /* fd_tls_u24_t is a 24-bit / 3 byte big-endian integer.
115 : Matches wire representation. */
116 :
117 : struct fd_tls_u24 { uchar v[3]; };
118 : typedef struct fd_tls_u24 fd_tls_u24_t;
119 :
120 : /* fd_tls_msg_hdr_t is the header that all message types share. */
121 :
122 : struct __attribute__((packed)) fd_tls_msg_hdr {
123 : uchar type; /* FD_TLS_MSG_{...} */
124 : fd_tls_u24_t sz; /* Byte size of fields following this header */
125 : };
126 :
127 : typedef struct fd_tls_msg_hdr fd_tls_msg_hdr_t;
128 :
129 : /* fd_tls_client_hello_t describes a TLS v1.3 ClientHello (RFC 8446,
130 : Section 4.1.2). */
131 :
132 : struct fd_tls_client_hello {
133 : uchar random[ 32 ];
134 :
135 : struct {
136 : uchar aes_128_gcm_sha256 : 1;
137 : /* Add more cipher suites here */
138 : } cipher_suites;
139 :
140 : fd_tls_ext_opaque_t session_id;
141 :
142 : fd_tls_ext_supported_versions_t supported_versions;
143 : fd_tls_ext_server_name_t server_name;
144 : fd_tls_ext_supported_groups_t supported_groups;
145 : fd_tls_ext_signature_algorithms_t signature_algorithms;
146 : fd_tls_key_share_t key_share;
147 : fd_tls_ext_cert_type_list_t server_cert_types;
148 : fd_tls_ext_cert_type_list_t client_cert_types;
149 : fd_tls_ext_quic_tp_t quic_tp;
150 : fd_tls_ext_alpn_t alpn;
151 : };
152 :
153 : typedef struct fd_tls_client_hello fd_tls_client_hello_t;
154 :
155 : /* fd_tls_server_hello_t describes a TLS v1.3 ServerHello (RFC 8446,
156 : Section 4.1.3). */
157 :
158 : struct fd_tls_server_hello {
159 : uchar random[ 32 ];
160 : ushort cipher_suite;
161 :
162 : fd_tls_ext_opaque_t session_id;
163 : fd_tls_key_share_t key_share;
164 : };
165 :
166 : typedef struct fd_tls_server_hello fd_tls_server_hello_t;
167 :
168 : /* fd_tls_enc_ext_t describes a TLS v1.3 EncryptedExtensions message
169 : (RFC 8446, Section 4.3.1). */
170 :
171 : struct fd_tls_enc_ext {
172 : fd_tls_ext_cert_type_t server_cert;
173 : fd_tls_ext_cert_type_t client_cert;
174 : fd_tls_ext_quic_tp_t quic_tp;
175 : fd_tls_ext_alpn_t alpn;
176 : };
177 :
178 : typedef struct fd_tls_enc_ext fd_tls_enc_ext_t;
179 :
180 : /* fd_tls_cert_verify_t describes a CertificateVerify (RFC 8446, Section
181 : 4.4.3). Only supports TLS signature algorithms with 64 byte
182 : signature size (e.g. Ed25519). */
183 :
184 : struct fd_tls_cert_verify {
185 : ushort sig_alg; /* FD_TLS_SIGNATURE_{...} */
186 : uchar sig[ 64 ];
187 : };
188 :
189 : typedef struct fd_tls_cert_verify fd_tls_cert_verify_t;
190 :
191 : /* fd_tls_finished_t matches the wire representation of Finished (RFC
192 : 8446, Section 4.4.4). Only supports TLS cipher suites with 32 byte
193 : hash output size. */
194 :
195 : struct __attribute__((packed)) fd_tls_finished {
196 : uchar verify[ 32 ];
197 : };
198 :
199 : typedef struct fd_tls_finished fd_tls_finished_t;
200 :
201 : /* Enums **************************************************************/
202 :
203 : /* TLS Legacy Version field */
204 :
205 12042 : #define FD_TLS_VERSION_TLS12 ((ushort)0x0303)
206 : #define FD_TLS_VERSION_TLS13 ((ushort)0x0304)
207 :
208 : /* TLS cipher suite IDs */
209 :
210 24084 : #define FD_TLS_CIPHER_SUITE_AES_128_GCM_SHA256 ((ushort)0x1301)
211 :
212 : /* TLS extension IDs */
213 :
214 3 : #define FD_TLS_EXT_SERVER_NAME ((ushort) 0)
215 12045 : #define FD_TLS_EXT_SUPPORTED_GROUPS ((ushort)10)
216 12045 : #define FD_TLS_EXT_SIGNATURE_ALGORITHMS ((ushort)13)
217 24066 : #define FD_TLS_EXT_ALPN ((ushort)16)
218 24078 : #define FD_TLS_EXT_CLIENT_CERT_TYPE ((ushort)19)
219 24078 : #define FD_TLS_EXT_SERVER_CERT_TYPE ((ushort)20)
220 24087 : #define FD_TLS_EXT_SUPPORTED_VERSIONS ((ushort)43)
221 : #define FD_TLS_EXT_KEY_SHARE ((ushort)51)
222 24087 : #define FD_TLS_EXT_KEY_SHARE ((ushort)51)
223 24066 : #define FD_TLS_EXT_QUIC_TRANSPORT_PARAMS ((ushort)57)
224 :
225 : /* TLS Alert Protocol */
226 :
227 0 : #define FD_TLS_ALERT_UNEXPECTED_MESSAGE ((uchar) 10)
228 0 : #define FD_TLS_ALERT_BAD_RECORD_MAC ((uchar) 20)
229 0 : #define FD_TLS_ALERT_RECORD_OVERFLOW ((uchar) 22)
230 3 : #define FD_TLS_ALERT_HANDSHAKE_FAILURE ((uchar) 40)
231 0 : #define FD_TLS_ALERT_BAD_CERTIFICATE ((uchar) 42)
232 0 : #define FD_TLS_ALERT_UNSUPPORTED_CERTIFICATE ((uchar) 43)
233 0 : #define FD_TLS_ALERT_CERTIFICATE_REVOKED ((uchar) 44)
234 0 : #define FD_TLS_ALERT_CERTIFICATE_EXPIRED ((uchar) 45)
235 0 : #define FD_TLS_ALERT_CERTIFICATE_UNKNOWN ((uchar) 46)
236 3 : #define FD_TLS_ALERT_ILLEGAL_PARAMETER ((uchar) 47)
237 0 : #define FD_TLS_ALERT_UNKNOWN_CA ((uchar) 48)
238 0 : #define FD_TLS_ALERT_ACCESS_DENIED ((uchar) 49)
239 0 : #define FD_TLS_ALERT_DECODE_ERROR ((uchar) 50)
240 0 : #define FD_TLS_ALERT_DECRYPT_ERROR ((uchar) 51)
241 0 : #define FD_TLS_ALERT_PROTOCOL_VERSION ((uchar) 70)
242 0 : #define FD_TLS_ALERT_INSUFFICIENT_SECURITY ((uchar) 71)
243 0 : #define FD_TLS_ALERT_INTERNAL_ERROR ((uchar) 80)
244 0 : #define FD_TLS_ALERT_INAPPROPRIATE_FALLBACK ((uchar) 86)
245 0 : #define FD_TLS_ALERT_USER_CANCELED ((uchar) 90)
246 0 : #define FD_TLS_ALERT_MISSING_EXTENSION ((uchar)109)
247 0 : #define FD_TLS_ALERT_UNSUPPORTED_EXTENSION ((uchar)110)
248 0 : #define FD_TLS_ALERT_UNRECOGNIZED_NAME ((uchar)112)
249 0 : #define FD_TLS_ALERT_BAD_CERTIFICATE_STATUS_RESPONSE ((uchar)113)
250 0 : #define FD_TLS_ALERT_UNKNOWN_PSK_IDENTITY ((uchar)115)
251 0 : #define FD_TLS_ALERT_CERTIFICATE_REQUIRED ((uchar)116)
252 0 : #define FD_TLS_ALERT_NO_APPLICATION_PROTOCOL ((uchar)120)
253 :
254 : /* TLS server_name extension */
255 :
256 3 : #define FD_TLS_SERVER_NAME_TYPE_DNS ((uchar)0) /* RFC 6066 */
257 :
258 : /* TLS signature scheme IDs */
259 :
260 18063 : #define FD_TLS_SIGNATURE_ED25519 ((ushort)0x0807)
261 :
262 : /* TLS supported_groups extension */
263 :
264 : #define FD_TLS_GROUP_SECP256R1 ((ushort)23)
265 36132 : #define FD_TLS_GROUP_X25519 ((ushort)29)
266 :
267 : /* TLS supported_versions extension */
268 :
269 18066 : #define FD_TLS_VERSION_TLS13 ((ushort)0x0304)
270 :
271 : /* TLS key_share extension */
272 :
273 : #define FD_TLS_KEY_SHARE_TYPE_X25519 ((ushort)29)
274 :
275 : /* TLS v1.3 message types */
276 :
277 6027 : #define FD_TLS_MSG_CLIENT_HELLO ((uchar) 1)
278 6021 : #define FD_TLS_MSG_SERVER_HELLO ((uchar) 2)
279 0 : #define FD_TLS_MSG_NEW_SESSION_TICKET ((uchar) 4)
280 6021 : #define FD_TLS_MSG_ENCRYPTED_EXT ((uchar) 8)
281 12039 : #define FD_TLS_MSG_CERT ((uchar) 11)
282 0 : #define FD_TLS_MSG_CERT_REQ ((uchar) 13)
283 6021 : #define FD_TLS_MSG_CERT_VERIFY ((uchar) 15)
284 12042 : #define FD_TLS_MSG_FINISHED ((uchar) 20)
285 :
286 : /* TLS certificate_type extension (RFC 7250) */
287 :
288 30096 : #define FD_TLS_CERTTYPE_X509 ((uchar) 0)
289 60192 : #define FD_TLS_CERTTYPE_RAW_PUBKEY ((uchar) 2)
290 :
291 : /* Serialization related **********************************************/
292 :
293 : /* ### Decode functions
294 :
295 : Most deserializers follow the same prototype:
296 :
297 : long
298 : fd_tls_decode_TYPE( TYPE_t * out,
299 : void * wire,
300 : ulong wire_sz );
301 :
302 : Consumes bytes of the provided and populates the data structure
303 : pointed to by out. out must be zero-initialized, as the decoder does
304 : promise to fill in all fields. wire points to the first byte of the
305 : encoded payload that may span up to wire_sz bytes. Returns number of
306 : bytes read from wire on success. On failure, returns a negated TLS
307 : error code. (Typically DECODE_ERROR alert)
308 :
309 : wire (input) may get mangled for endianness conversion. Thus, decode
310 : may not be called twice on the same input buffer.
311 :
312 : ### Encode functions
313 :
314 : Most serializers follow the same prototype:
315 :
316 : long
317 : fd_tls_encode_TYPE( TYPE_t const * in,
318 : void * wire,
319 : ulong wire_sz );
320 :
321 : Writes bytes containing serialized version of data structure pointed
322 : to by in. wire points to the first byte of the buffer to fill.
323 : wire_sz is the size of that buffer. Returns number of bytes written
324 : on success (can be 0). On failure, returns a negated TLS error code. */
325 :
326 : FD_PROTOTYPES_BEGIN
327 :
328 : /* Methods for static layout types */
329 :
330 : /* Macro STATIC_SERDE defines decode/encode implementations for structs
331 : that match their wire encoding */
332 :
333 : #define STATIC_SERDE( NAME, TYPE_T ) \
334 : static inline long \
335 : fd_tls_decode_##NAME ( TYPE_T * out, \
336 : uchar const * wire, \
337 54171 : ulong wire_sz ) { \
338 54171 : if( FD_UNLIKELY( wire_sz < sizeof(TYPE_T) ) ) \
339 54171 : return -(long)FD_TLS_ALERT_DECODE_ERROR; \
340 54171 : memcpy( out, wire, sizeof(TYPE_T) ); \
341 54171 : fd_tls_##NAME##_bswap( out ); \
342 54171 : return (long)sizeof(TYPE_T); \
343 54171 : } \
344 : static inline long \
345 : fd_tls_encode_##NAME ( TYPE_T const * in, \
346 : void * wire, \
347 36105 : ulong wire_sz ) { \
348 36105 : if( FD_UNLIKELY( wire_sz < sizeof(TYPE_T) ) ) \
349 36105 : return -(long)FD_TLS_ALERT_DECODE_ERROR; \
350 36105 : TYPE_T * out = (TYPE_T *)wire; \
351 36105 : memcpy( out, in, sizeof(TYPE_T) ); \
352 36105 : fd_tls_##NAME##_bswap( out ); \
353 36105 : return (long)sizeof(TYPE_T); \
354 36105 : }
355 :
356 : /* End of STATIC_SERDE macro */
357 :
358 : /* Static serialization methods for fd_tls_u24_t */
359 :
360 : static inline fd_tls_u24_t
361 108333 : fd_tls_u24_bswap( fd_tls_u24_t x ) {
362 108333 : fd_tls_u24_t ret = {{ x.v[2], x.v[1], x.v[0] }};
363 108333 : return ret;
364 108333 : }
365 :
366 : static inline uint
367 24072 : fd_tls_u24_to_uint( fd_tls_u24_t x ) {
368 24072 : return fd_uint_load_3( x.v );
369 24072 : }
370 :
371 : static inline fd_tls_u24_t
372 54165 : fd_uint_to_tls_u24( uint x ) {
373 54165 : fd_tls_u24_t ret = {{ (uchar)( x &0xffU),
374 54165 : (uchar)((x>> 8)&0xffU),
375 54165 : (uchar)((x>>16)&0xffU) }};
376 54165 : return ret;
377 54165 : }
378 :
379 : /* Static serde methods for fd_tls_ext_hdr_t */
380 :
381 : static inline void
382 12030 : fd_tls_ext_hdr_bswap( fd_tls_ext_hdr_t * x ) {
383 12030 : x->type = fd_ushort_bswap( x->type );
384 12030 : x->sz = fd_ushort_bswap( x->sz );
385 12030 : }
386 :
387 : STATIC_SERDE( ext_hdr, fd_tls_ext_hdr_t )
388 :
389 : /* Static serde methods for fd_tls_msg_hdr_t */
390 :
391 : static inline void
392 78243 : fd_tls_msg_hdr_bswap( fd_tls_msg_hdr_t * x ) {
393 78243 : x->sz = fd_tls_u24_bswap( x->sz );
394 78243 : }
395 :
396 : STATIC_SERDE( msg_hdr, fd_tls_msg_hdr_t )
397 :
398 : /* Static serde methods for fd_tls_finished_t */
399 :
400 18057 : static inline void fd_tls_finished_bswap( fd_tls_finished_t * x FD_FN_UNUSED ) {}
401 :
402 : STATIC_SERDE( finished, fd_tls_finished_t )
403 :
404 : /* Methods for dynamic layout types */
405 :
406 : long
407 : fd_tls_decode_client_hello( fd_tls_client_hello_t * out,
408 : uchar const * wire,
409 : ulong wire_sz );
410 :
411 : long
412 : fd_tls_encode_client_hello( fd_tls_client_hello_t const * in,
413 : uchar * wire,
414 : ulong wire_sz );
415 :
416 : long
417 : fd_tls_decode_server_hello( fd_tls_server_hello_t * out,
418 : uchar const * wire,
419 : ulong wire_sz );
420 :
421 : long
422 : fd_tls_encode_server_hello( fd_tls_server_hello_t const * in,
423 : uchar * wire,
424 : ulong wire_sz );
425 :
426 : long
427 : fd_tls_decode_enc_ext( fd_tls_enc_ext_t * out,
428 : uchar const * wire,
429 : ulong wire_sz );
430 :
431 : long
432 : fd_tls_encode_enc_ext( fd_tls_enc_ext_t const * in,
433 : uchar * wire,
434 : ulong wire_sz );
435 :
436 : long
437 : fd_tls_encode_cert_x509( uchar const * x509,
438 : ulong x509_sz,
439 : uchar * wire,
440 : ulong wire_sz );
441 :
442 :
443 : long
444 : fd_tls_encode_raw_public_key( uchar const * ed25519_pubkey,
445 : uchar * wire,
446 : ulong wire_sz );
447 :
448 : long
449 : fd_tls_decode_cert_verify( fd_tls_cert_verify_t * out,
450 : uchar const * wire,
451 : ulong wire_sz );
452 :
453 : long
454 : fd_tls_encode_cert_verify( fd_tls_cert_verify_t const * in,
455 : uchar * wire,
456 : ulong wire_sz );
457 :
458 : static inline void
459 0 : fd_tls_cert_verify_bswap( fd_tls_cert_verify_t * x ) {
460 0 : x->sig_alg = fd_ushort_bswap( x->sig_alg );
461 0 : }
462 :
463 : long
464 : fd_tls_decode_ext_server_name( fd_tls_ext_server_name_t * out,
465 : uchar const * wire,
466 : ulong wire_sz );
467 :
468 : long
469 : fd_tls_decode_ext_supported_groups( fd_tls_ext_supported_groups_t * out,
470 : uchar const * wire,
471 : ulong wire_sz );
472 :
473 : long
474 : fd_tls_decode_ext_supported_versions( fd_tls_ext_supported_versions_t * out,
475 : uchar const * wire,
476 : ulong wire_sz );
477 :
478 : long
479 : fd_tls_decode_ext_signature_algorithms( fd_tls_ext_signature_algorithms_t * out,
480 : uchar const * wire,
481 : ulong wire_sz );
482 :
483 : long
484 : fd_tls_decode_key_share( fd_tls_key_share_t * out,
485 : uchar const * wire,
486 : ulong wire_sz );
487 :
488 : long
489 : fd_tls_decode_key_share_list( fd_tls_key_share_t * out,
490 : uchar const * wire,
491 : ulong wire_sz );
492 :
493 : long
494 : fd_tls_decode_ext_cert_type_list( fd_tls_ext_cert_type_list_t * out,
495 : uchar const * wire,
496 : ulong wire_sz );
497 :
498 : long
499 : fd_tls_encode_ext_cert_type_list( fd_tls_ext_cert_type_list_t in,
500 : uchar const * wire,
501 : ulong wire_sz );
502 :
503 :
504 : long
505 : fd_tls_decode_ext_cert_type( fd_tls_ext_cert_type_t * out,
506 : uchar const * wire,
507 : ulong wire_sz );
508 :
509 : long
510 : fd_tls_encode_ext_cert_type( fd_tls_ext_cert_type_t in,
511 : uchar const * wire,
512 : ulong wire_sz );
513 :
514 : /* fd_tls_decode_ext_opaque is special:
515 : out->{buf,buf_sz} will be set to {wire,wire_sz}.
516 : i.e. lifetime of out->quic_tp is that of wire. */
517 :
518 : long
519 : fd_tls_decode_ext_opaque( fd_tls_ext_opaque_t * const out,
520 : uchar const * const wire,
521 : ulong wire_sz );
522 :
523 : static inline long
524 : fd_tls_decode_ext_quic_tp( fd_tls_ext_quic_tp_t * const out,
525 : uchar const * const wire,
526 6021 : ulong wire_sz ) {
527 6021 : return fd_tls_decode_ext_opaque( out, wire, wire_sz );
528 6021 : }
529 :
530 : long
531 : fd_tls_decode_ext_alpn( fd_tls_ext_alpn_t * const out,
532 : uchar const * const wire,
533 : ulong wire_sz );
534 :
535 : long
536 : fd_tls_encode_ext_alpn( fd_tls_ext_alpn_t const * in,
537 : uchar * wire,
538 : ulong wire_sz );
539 :
540 : /* fd_tls_extract_cert_pubkey extracts the public key of a TLS cert
541 : message. */
542 :
543 : struct fd_tls_extract_cert_pubkey_res {
544 : uchar const * pubkey;
545 : uint alert;
546 : ushort reason;
547 : };
548 :
549 : typedef struct fd_tls_extract_cert_pubkey_res fd_tls_extract_cert_pubkey_res_t;
550 :
551 : fd_tls_extract_cert_pubkey_res_t
552 : fd_tls_extract_cert_pubkey( uchar const * cert,
553 : ulong cert_sz,
554 : uint cert_type );
555 :
556 : FD_PROTOTYPES_END
557 :
558 : #undef STATIC_SERDE
559 : #endif /* HEADER_src_waltz_tls_fd_tls_proto_h */
|
