feat: add ngtcp2_crypto_quictls support (#18)

extras.nim

@@ -12,3 +12,83 @@ type
     struct_st_ptls_handshake_properties_t_anon0_t_server_t_selected_psk_binder_t
   ptls_handshake_properties_t_anon0_t_server_t_cookie_t* =
     struct_st_ptls_handshake_properties_t_anon0_t_server_t_cookie_t
+
+# OpenSSL/QuicTLS crypto support
+# OpenSSL/QuicTLS type definitions
+type
+  SSL_CTX* = pointer
+  OSSL_ENCRYPTION_LEVEL* = enum
+    OSSL_ENCRYPTION_LEVEL_INITIAL = 0
+    OSSL_ENCRYPTION_LEVEL_EARLY_DATA = 1
+    OSSL_ENCRYPTION_LEVEL_HANDSHAKE = 2
+    OSSL_ENCRYPTION_LEVEL_APPLICATION = 3
+
+# ngtcp2_crypto_quictls error constants
+const
+  NGTCP2_CRYPTO_QUICTLS_ERR_TLS_WANT_X509_LOOKUP* = -10001
+  NGTCP2_CRYPTO_QUICTLS_ERR_TLS_WANT_CLIENT_HELLO_CB* = -10002
+
+# ngtcp2_crypto_quictls function bindings
+when not declared(ngtcp2_crypto_quictls_init):
+  proc ngtcp2_crypto_quictls_init*(): cint {.
+    cdecl, importc: "ngtcp2_crypto_quictls_init"
+  .}
+
+else:
+  static:
+    hint(
+      "Declaration of " & "ngtcp2_crypto_quictls_init" &
+        " already exists, not redeclaring"
+    )
+
+when not declared(ngtcp2_crypto_quictls_from_ossl_encryption_level):
+  proc ngtcp2_crypto_quictls_from_ossl_encryption_level*(
+    ossl_level: OSSL_ENCRYPTION_LEVEL
+  ): ngtcp2_encryption_level_553648745 {.
+    cdecl, importc: "ngtcp2_crypto_quictls_from_ossl_encryption_level"
+  .}
+
+else:
+  static:
+    hint(
+      "Declaration of " & "ngtcp2_crypto_quictls_from_ossl_encryption_level" &
+        " already exists, not redeclaring"
+    )
+
+when not declared(ngtcp2_crypto_quictls_from_ngtcp2_encryption_level):
+  proc ngtcp2_crypto_quictls_from_ngtcp2_encryption_level*(
+    encryption_level: ngtcp2_encryption_level_553648745
+  ): OSSL_ENCRYPTION_LEVEL {.
+    cdecl, importc: "ngtcp2_crypto_quictls_from_ngtcp2_encryption_level"
+  .}
+
+else:
+  static:
+    hint(
+      "Declaration of " & "ngtcp2_crypto_quictls_from_ngtcp2_encryption_level" &
+        " already exists, not redeclaring"
+    )
+
+when not declared(ngtcp2_crypto_quictls_configure_server_context):
+  proc ngtcp2_crypto_quictls_configure_server_context*(
+    ssl_ctx: SSL_CTX
+  ): cint {.cdecl, importc: "ngtcp2_crypto_quictls_configure_server_context".}
+
+else:
+  static:
+    hint(
+      "Declaration of " & "ngtcp2_crypto_quictls_configure_server_context" &
+        " already exists, not redeclaring"
+    )
+
+when not declared(ngtcp2_crypto_quictls_configure_client_context):
+  proc ngtcp2_crypto_quictls_configure_client_context*(
+    ssl_ctx: SSL_CTX
+  ): cint {.cdecl, importc: "ngtcp2_crypto_quictls_configure_client_context".}
+
+else:
+  static:
+    hint(
+      "Declaration of " & "ngtcp2_crypto_quictls_configure_client_context" &
+        " already exists, not redeclaring"
+    )

ngtcp2.nimble

@@ -1,5 +1,5 @@
 packageName = "ngtcp2"
-version = "0.36.1"
+version = "0.37.0"
 author = "Status Research & Development GmbH"
 description = "Nim wrapper around the ngtcp2 library"
 license = "MIT"

prelude.nim

@@ -33,3 +33,7 @@ const picotlsInclude       = root/"libs"/"picotls"/"include"
 {.passc: fmt"-I{ngtcp2Lib}".}
 {.passc: fmt"-I{ngtcp2LibIncludes}".}
 {.passc: fmt"-I{picotlsInclude}".}
+
+# QuicTLS/OpenSSL crypto support
+{.passc: "-DNGTCP2_CRYPTO_QUICTLS".}
+{.passc: "-I/usr/include/openssl".}

tests/testNgtcp2.nim

@@ -7,15 +7,32 @@ test "default settings":
   check settings.max_tx_udp_payload_size > 0
 
   var transport_params: ngtcp2_transport_params
-  ngtcp2_transport_params_default_versioned(NGTCP2_TRANSPORT_PARAMS_V1, addr transport_params)
+  ngtcp2_transport_params_default_versioned(
+    NGTCP2_TRANSPORT_PARAMS_V1, addr transport_params
+  )
   check transport_params.active_connection_id_limit > 0
 
 test "ptls_instantiation":
   var ctx: ptls_context_t
   ctx.random_bytes = ptls_openssl_random_bytes
   ctx.get_time = addr ptls_get_time
-  ctx.key_exchanges =  cast[ptr ptr ptls_key_exchange_algorithm_t](addr ptls_openssl_key_exchanges[0])
+  ctx.key_exchanges =
+    cast[ptr ptr ptls_key_exchange_algorithm_t](addr ptls_openssl_key_exchanges[0])
   ctx.cipher_suites = cast[ptr ptr ptls_cipher_suite_t](ptls_openssl_cipher_suites[0])
-  
-  var tls: ptr ptls_t = ptls_client_new(addr ctx);
+
+  var tls: ptr ptls_t = ptls_client_new(addr ctx)
   check tls != nil
+
+test "QuicTLS bindings":
+  # Test error constants
+  check NGTCP2_CRYPTO_QUICTLS_ERR_TLS_WANT_X509_LOOKUP == -10001
+  check NGTCP2_CRYPTO_QUICTLS_ERR_TLS_WANT_CLIENT_HELLO_CB == -10002
+
+  # Test OSSL_ENCRYPTION_LEVEL enum values
+  check ord(OSSL_ENCRYPTION_LEVEL_INITIAL) == 0
+  check ord(OSSL_ENCRYPTION_LEVEL_EARLY_DATA) == 1
+  check ord(OSSL_ENCRYPTION_LEVEL_HANDSHAKE) == 2
+  check ord(OSSL_ENCRYPTION_LEVEL_APPLICATION) == 3
+
+  # Test that SSL_CTX type is properly defined as pointer
+  check sizeof(SSL_CTX) == sizeof(pointer)