This is a fork of the mbed port of axTLS
Dependents: TLS_axTLS-Example HTTPSClientExample
tls1.h
00001 /* 00002 * Copyright (c) 2007, Cameron Rich 00003 * 00004 * All rights reserved. 00005 * 00006 * Redistribution and use in source and binary forms, with or without 00007 * modification, are permitted provided that the following conditions are met: 00008 * 00009 * * Redistributions of source code must retain the above copyright notice, 00010 * this list of conditions and the following disclaimer. 00011 * * Redistributions in binary form must reproduce the above copyright notice, 00012 * this list of conditions and the following disclaimer in the documentation 00013 * and/or other materials provided with the distribution. 00014 * * Neither the name of the axTLS project nor the names of its contributors 00015 * may be used to endorse or promote products derived from this software 00016 * without specific prior written permission. 00017 * 00018 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 00019 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 00020 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 00021 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 00022 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 00023 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 00024 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 00025 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 00026 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 00027 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 00028 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 00029 */ 00030 00031 /** 00032 * @file tls1.h 00033 * 00034 * @brief The definitions for the TLS library. 00035 */ 00036 #ifndef HEADER_SSL_LIB_H 00037 #define HEADER_SSL_LIB_H 00038 00039 00040 #ifdef __cplusplus 00041 extern "C" { 00042 #endif 00043 00044 #include "version.h" 00045 #include "os_int.h" 00046 #include "crypto.h " 00047 #include "crypto_misc.h " 00048 00049 #include "config.h" 00050 00051 #define SSL_PROTOCOL_MIN_VERSION 0x31 /* TLS v1.0 */ 00052 #define SSL_PROTOCOL_MINOR_VERSION 0x02 /* TLS v1.1 */ 00053 #define SSL_PROTOCOL_VERSION_MAX 0x32 /* TLS v1.1 */ 00054 #define SSL_PROTOCOL_VERSION1_1 0x32 /* TLS v1.1 */ 00055 #define SSL_RANDOM_SIZE 32 00056 #define SSL_SECRET_SIZE 48 00057 #define SSL_FINISHED_HASH_SIZE 12 00058 #define SSL_RECORD_SIZE 5 00059 #define SSL_SERVER_READ 0 00060 #define SSL_SERVER_WRITE 1 00061 #define SSL_CLIENT_READ 2 00062 #define SSL_CLIENT_WRITE 3 00063 #define SSL_HS_HDR_SIZE 4 00064 00065 /* the flags we use while establishing a connection */ 00066 #define SSL_NEED_RECORD 0x0001 00067 #define SSL_TX_ENCRYPTED 0x0002 00068 #define SSL_RX_ENCRYPTED 0x0004 00069 #define SSL_SESSION_RESUME 0x0008 00070 #define SSL_IS_CLIENT 0x0010 00071 #define SSL_HAS_CERT_REQ 0x0020 00072 #define SSL_SENT_CLOSE_NOTIFY 0x0040 00073 00074 /* some macros to muck around with flag bits */ 00075 #define SET_SSL_FLAG(A) (ssl->flag |= A) 00076 #define CLR_SSL_FLAG(A) (ssl->flag &= ~A) 00077 #define IS_SET_SSL_FLAG(A) (ssl->flag & A) 00078 00079 #define MAX_KEY_BYTE_SIZE 256 /* for a 2048 bit key */ 00080 #define RT_MAX_PLAIN_LENGTH 2048//16384 00081 #define RT_EXTRA 256//1024 00082 #define BM_RECORD_OFFSET 5 00083 #define BM_ALL_DATA_SIZE (RT_MAX_PLAIN_LENGTH+RT_EXTRA-BM_RECORD_OFFSET) 00084 00085 #ifdef CONFIG_SSL_SKELETON_MODE 00086 #define NUM_PROTOCOLS 1 00087 #else 00088 #define NUM_PROTOCOLS 4 00089 #endif 00090 00091 #define PARANOIA_CHECK(A, B) if (A < B) { \ 00092 ret = SSL_ERROR_INVALID_HANDSHAKE; goto error; } 00093 00094 /* protocol types */ 00095 enum 00096 { 00097 PT_CHANGE_CIPHER_SPEC = 20, 00098 PT_ALERT_PROTOCOL, 00099 PT_HANDSHAKE_PROTOCOL, 00100 PT_APP_PROTOCOL_DATA 00101 }; 00102 00103 /* handshaking types */ 00104 enum 00105 { 00106 HS_HELLO_REQUEST, 00107 HS_CLIENT_HELLO, 00108 HS_SERVER_HELLO, 00109 HS_CERTIFICATE = 11, 00110 HS_SERVER_KEY_XCHG, 00111 HS_CERT_REQ, 00112 HS_SERVER_HELLO_DONE, 00113 HS_CERT_VERIFY, 00114 HS_CLIENT_KEY_XCHG, 00115 HS_FINISHED = 20 00116 }; 00117 00118 typedef struct 00119 { 00120 uint8_t cipher; 00121 uint8_t key_size; 00122 uint8_t iv_size; 00123 uint8_t key_block_size; 00124 uint8_t padding_size; 00125 uint8_t digest_size; 00126 hmac_func hmac; 00127 crypt_func encrypt; 00128 crypt_func decrypt; 00129 } cipher_info_t; 00130 00131 struct _SSLObjLoader 00132 { 00133 uint8_t *buf; 00134 int len; 00135 }; 00136 00137 typedef struct _SSLObjLoader SSLObjLoader; 00138 00139 typedef struct 00140 { 00141 time_t conn_time; 00142 uint8_t session_id[SSL_SESSION_ID_SIZE]; 00143 uint8_t master_secret[SSL_SECRET_SIZE]; 00144 } SSL_SESSION; 00145 00146 typedef struct 00147 { 00148 uint8_t *buf; 00149 int size; 00150 } SSL_CERT; 00151 00152 typedef struct 00153 { 00154 MD5_CTX md5_ctx; 00155 SHA1_CTX sha1_ctx; 00156 uint8_t final_finish_mac[SSL_FINISHED_HASH_SIZE]; 00157 uint8_t key_block[MAX_KEYBLOCK_SIZE]; 00158 uint8_t master_secret[SSL_SECRET_SIZE]; 00159 uint8_t client_random[SSL_RANDOM_SIZE]; /* client's random sequence */ 00160 uint8_t server_random[SSL_RANDOM_SIZE]; /* server's random sequence */ 00161 uint16_t bm_proc_index; 00162 } DISPOSABLE_CTX; 00163 00164 struct _SSL 00165 { 00166 uint32_t flag; 00167 uint16_t need_bytes; 00168 uint16_t got_bytes; 00169 uint8_t record_type; 00170 uint8_t cipher; 00171 uint8_t sess_id_size; 00172 uint8_t version; 00173 uint8_t client_version; 00174 int16_t next_state; 00175 int16_t hs_status; 00176 DISPOSABLE_CTX *dc; /* temporary data which we'll get rid of soon */ 00177 int client_fd; 00178 void *connection; 00179 const cipher_info_t *cipher_info; 00180 void *encrypt_ctx; 00181 void *decrypt_ctx; 00182 uint8_t bm_all_data[RT_MAX_PLAIN_LENGTH]; 00183 uint8_t *bm_data; 00184 uint16_t bm_index; 00185 uint16_t bm_remaining_bytes; 00186 struct _SSL *next; /* doubly linked list */ 00187 struct _SSL *prev; 00188 struct _SSL_CTX *ssl_ctx; /* back reference to a clnt/svr ctx */ 00189 #ifndef CONFIG_SSL_SKELETON_MODE 00190 uint16_t session_index; 00191 SSL_SESSION *session; 00192 #endif 00193 #ifdef CONFIG_SSL_CERT_VERIFICATION 00194 X509_CTX *x509_ctx; 00195 #endif 00196 00197 uint8_t session_id[SSL_SESSION_ID_SIZE]; 00198 uint8_t client_mac[SHA1_SIZE]; /* for HMAC verification */ 00199 uint8_t server_mac[SHA1_SIZE]; /* for HMAC verification */ 00200 uint8_t read_sequence[8]; /* 64 bit sequence number */ 00201 uint8_t write_sequence[8]; /* 64 bit sequence number */ 00202 uint8_t hmac_header[SSL_RECORD_SIZE]; /* rx hmac */ 00203 }; 00204 00205 typedef struct _SSL SSL; 00206 00207 struct _SSL_CTX 00208 { 00209 uint32_t options; 00210 uint8_t chain_length; 00211 RSA_CTX *rsa_ctx; 00212 #ifdef CONFIG_SSL_CERT_VERIFICATION 00213 CA_CERT_CTX *ca_cert_ctx; 00214 #endif 00215 SSL *head; 00216 SSL *tail; 00217 SSL_CERT certs[CONFIG_SSL_MAX_CERTS]; 00218 #ifndef CONFIG_SSL_SKELETON_MODE 00219 uint16_t num_sessions; 00220 SSL_SESSION **ssl_sessions; 00221 #endif 00222 #ifdef CONFIG_SSL_CTX_MUTEXING 00223 SSL_CTX_MUTEX_TYPE mutex; 00224 #endif 00225 #ifdef CONFIG_OPENSSL_COMPATIBLE 00226 void *bonus_attr; 00227 #endif 00228 }; 00229 00230 typedef struct _SSL_CTX SSL_CTX; 00231 00232 /* backwards compatibility */ 00233 typedef struct _SSL_CTX SSLCTX; 00234 00235 extern const uint8_t ssl_prot_prefs[NUM_PROTOCOLS]; 00236 00237 SSL *ssl_new(SSL *ssl, int client_fd); 00238 void disposable_new(SSL *ssl); 00239 void disposable_free(SSL *ssl); 00240 int send_packet(SSL *ssl, uint8_t protocol, 00241 const uint8_t *in, int length); 00242 int do_svr_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len); 00243 int do_clnt_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len); 00244 int process_finished(SSL *ssl, uint8_t *buf, int hs_len); 00245 int process_sslv23_client_hello(SSL *ssl); 00246 int send_alert(SSL *ssl, int error_code); 00247 int send_finished(SSL *ssl); 00248 int send_certificate(SSL *ssl); 00249 int basic_read2(SSL *ssl, uint8_t *data, uint32_t length); 00250 int read_record(SSL *ssl); 00251 int basic_decrypt(SSL *ssl, uint8_t *buf, int len); 00252 int process_data(SSL* ssl, uint8_t *in_data, int len); 00253 int ssl_read(SSL *ssl, uint8_t *in_data, int len); 00254 int send_change_cipher_spec(SSL *ssl); 00255 void finished_digest(SSL *ssl, const char *label, uint8_t *digest); 00256 void generate_master_secret(SSL *ssl, const uint8_t *premaster_secret); 00257 void add_packet(SSL *ssl, const uint8_t *pkt, int len); 00258 int add_cert(SSL_CTX *ssl_ctx, const uint8_t *buf, int len); 00259 int add_private_key(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj); 00260 void ssl_obj_free(SSLObjLoader *ssl_obj); 00261 int pkcs8_decode(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password); 00262 int pkcs12_decode(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password); 00263 int load_key_certs(SSL_CTX *ssl_ctx); 00264 #ifdef CONFIG_SSL_CERT_VERIFICATION 00265 int add_cert_auth(SSL_CTX *ssl_ctx, const uint8_t *buf, int len); 00266 void remove_ca_certs(CA_CERT_CTX *ca_cert_ctx); 00267 #endif 00268 #ifdef CONFIG_SSL_ENABLE_CLIENT 00269 int do_client_connect(SSL *ssl); 00270 #endif 00271 00272 #ifdef CONFIG_SSL_FULL_MODE 00273 void DISPLAY_STATE(SSL *ssl, int is_send, uint8_t state, int not_ok); 00274 void DISPLAY_BYTES(SSL *ssl, const char *format, 00275 const uint8_t *data, int size, ...); 00276 void DISPLAY_CERT(SSL *ssl, const X509_CTX *x509_ctx); 00277 void DISPLAY_RSA(SSL *ssl, const RSA_CTX *rsa_ctx); 00278 void DISPLAY_ALERT(SSL *ssl, int alert); 00279 #else 00280 #define DISPLAY_STATE(A,B,C,D) 00281 #define DISPLAY_CERT(A,B) 00282 #define DISPLAY_RSA(A,B) 00283 #define DISPLAY_ALERT(A, B) 00284 #ifdef WIN32 00285 void DISPLAY_BYTES(SSL *ssl, const char *format,/* win32 has no variadic macros */ 00286 const uint8_t *data, int size, ...); 00287 #else 00288 #define DISPLAY_BYTES(A,B,C,D,...) 00289 #endif 00290 #endif 00291 00292 #ifdef CONFIG_SSL_CERT_VERIFICATION 00293 int process_certificate(SSL *ssl, X509_CTX **x509_ctx); 00294 #endif 00295 00296 SSL_SESSION *ssl_session_update(int max_sessions, 00297 SSL_SESSION *ssl_sessions[], SSL *ssl, 00298 const uint8_t *session_id); 00299 void kill_ssl_session(SSL_SESSION **ssl_sessions, SSL *ssl); 00300 00301 #ifdef __cplusplus 00302 } 00303 #endif 00304 00305 #endif 00306 00307
Generated on Wed Jul 13 2022 19:30:08 by 1.7.2