Annotation of embedaddon/axTLS/ssl/tls1.h, revision 1.1
1.1 ! misho 1: /*
! 2: * Copyright (c) 2007, Cameron Rich
! 3: *
! 4: * All rights reserved.
! 5: *
! 6: * Redistribution and use in source and binary forms, with or without
! 7: * modification, are permitted provided that the following conditions are met:
! 8: *
! 9: * * Redistributions of source code must retain the above copyright notice,
! 10: * this list of conditions and the following disclaimer.
! 11: * * Redistributions in binary form must reproduce the above copyright notice,
! 12: * this list of conditions and the following disclaimer in the documentation
! 13: * and/or other materials provided with the distribution.
! 14: * * Neither the name of the axTLS project nor the names of its contributors
! 15: * may be used to endorse or promote products derived from this software
! 16: * without specific prior written permission.
! 17: *
! 18: * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
! 19: * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
! 20: * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
! 21: * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
! 22: * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
! 23: * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
! 24: * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
! 25: * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
! 26: * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
! 27: * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
! 28: * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
! 29: */
! 30:
! 31: /**
! 32: * @file tls1.h
! 33: *
! 34: * @brief The definitions for the TLS library.
! 35: */
! 36: #ifndef HEADER_SSL_LIB_H
! 37: #define HEADER_SSL_LIB_H
! 38:
! 39: #ifdef __cplusplus
! 40: extern "C" {
! 41: #endif
! 42:
! 43: #include "version.h"
! 44: #include "config.h"
! 45: #include "os_int.h"
! 46: #include "crypto.h"
! 47: #include "crypto_misc.h"
! 48:
! 49: #define SSL_PROTOCOL_MIN_VERSION 0x31 /* TLS v1.0 */
! 50: #define SSL_PROTOCOL_MINOR_VERSION 0x02 /* TLS v1.1 */
! 51: #define SSL_PROTOCOL_VERSION_MAX 0x32 /* TLS v1.1 */
! 52: #define SSL_PROTOCOL_VERSION1_1 0x32 /* TLS v1.1 */
! 53: #define SSL_RANDOM_SIZE 32
! 54: #define SSL_SECRET_SIZE 48
! 55: #define SSL_FINISHED_HASH_SIZE 12
! 56: #define SSL_RECORD_SIZE 5
! 57: #define SSL_SERVER_READ 0
! 58: #define SSL_SERVER_WRITE 1
! 59: #define SSL_CLIENT_READ 2
! 60: #define SSL_CLIENT_WRITE 3
! 61: #define SSL_HS_HDR_SIZE 4
! 62:
! 63: /* the flags we use while establishing a connection */
! 64: #define SSL_NEED_RECORD 0x0001
! 65: #define SSL_TX_ENCRYPTED 0x0002
! 66: #define SSL_RX_ENCRYPTED 0x0004
! 67: #define SSL_SESSION_RESUME 0x0008
! 68: #define SSL_IS_CLIENT 0x0010
! 69: #define SSL_HAS_CERT_REQ 0x0020
! 70: #define SSL_SENT_CLOSE_NOTIFY 0x0040
! 71:
! 72: /* some macros to muck around with flag bits */
! 73: #define SET_SSL_FLAG(A) (ssl->flag |= A)
! 74: #define CLR_SSL_FLAG(A) (ssl->flag &= ~A)
! 75: #define IS_SET_SSL_FLAG(A) (ssl->flag & A)
! 76:
! 77: #define MAX_KEY_BYTE_SIZE 512 /* for a 4096 bit key */
! 78: #define RT_MAX_PLAIN_LENGTH 16384
! 79: #define RT_EXTRA 1024
! 80: #define BM_RECORD_OFFSET 5
! 81:
! 82: #ifdef CONFIG_SSL_SKELETON_MODE
! 83: #define NUM_PROTOCOLS 1
! 84: #else
! 85: #define NUM_PROTOCOLS 4
! 86: #endif
! 87:
! 88: #define PARANOIA_CHECK(A, B) if (A < B) { \
! 89: ret = SSL_ERROR_INVALID_HANDSHAKE; goto error; }
! 90:
! 91: /* protocol types */
! 92: enum
! 93: {
! 94: PT_CHANGE_CIPHER_SPEC = 20,
! 95: PT_ALERT_PROTOCOL,
! 96: PT_HANDSHAKE_PROTOCOL,
! 97: PT_APP_PROTOCOL_DATA
! 98: };
! 99:
! 100: /* handshaking types */
! 101: enum
! 102: {
! 103: HS_HELLO_REQUEST,
! 104: HS_CLIENT_HELLO,
! 105: HS_SERVER_HELLO,
! 106: HS_CERTIFICATE = 11,
! 107: HS_SERVER_KEY_XCHG,
! 108: HS_CERT_REQ,
! 109: HS_SERVER_HELLO_DONE,
! 110: HS_CERT_VERIFY,
! 111: HS_CLIENT_KEY_XCHG,
! 112: HS_FINISHED = 20
! 113: };
! 114:
! 115: typedef struct
! 116: {
! 117: uint8_t cipher;
! 118: uint8_t key_size;
! 119: uint8_t iv_size;
! 120: uint8_t key_block_size;
! 121: uint8_t padding_size;
! 122: uint8_t digest_size;
! 123: hmac_func hmac;
! 124: crypt_func encrypt;
! 125: crypt_func decrypt;
! 126: } cipher_info_t;
! 127:
! 128: struct _SSLObjLoader
! 129: {
! 130: uint8_t *buf;
! 131: int len;
! 132: };
! 133:
! 134: typedef struct _SSLObjLoader SSLObjLoader;
! 135:
! 136: typedef struct
! 137: {
! 138: time_t conn_time;
! 139: uint8_t session_id[SSL_SESSION_ID_SIZE];
! 140: uint8_t master_secret[SSL_SECRET_SIZE];
! 141: } SSL_SESSION;
! 142:
! 143: typedef struct
! 144: {
! 145: uint8_t *buf;
! 146: int size;
! 147: } SSL_CERT;
! 148:
! 149: typedef struct
! 150: {
! 151: MD5_CTX md5_ctx;
! 152: SHA1_CTX sha1_ctx;
! 153: uint8_t final_finish_mac[SSL_FINISHED_HASH_SIZE];
! 154: uint8_t *key_block;
! 155: uint8_t master_secret[SSL_SECRET_SIZE];
! 156: uint8_t client_random[SSL_RANDOM_SIZE]; /* client's random sequence */
! 157: uint8_t server_random[SSL_RANDOM_SIZE]; /* server's random sequence */
! 158: uint16_t bm_proc_index;
! 159: } DISPOSABLE_CTX;
! 160:
! 161: struct _SSL
! 162: {
! 163: uint32_t flag;
! 164: uint16_t need_bytes;
! 165: uint16_t got_bytes;
! 166: uint8_t record_type;
! 167: uint8_t cipher;
! 168: uint8_t sess_id_size;
! 169: uint8_t version;
! 170: uint8_t client_version;
! 171: int16_t next_state;
! 172: int16_t hs_status;
! 173: DISPOSABLE_CTX *dc; /* temporary data which we'll get rid of soon */
! 174: int client_fd;
! 175: const cipher_info_t *cipher_info;
! 176: void *encrypt_ctx;
! 177: void *decrypt_ctx;
! 178: uint8_t bm_all_data[RT_MAX_PLAIN_LENGTH+RT_EXTRA];
! 179: uint8_t *bm_data;
! 180: uint16_t bm_index;
! 181: uint16_t bm_read_index;
! 182: struct _SSL *next; /* doubly linked list */
! 183: struct _SSL *prev;
! 184: struct _SSL_CTX *ssl_ctx; /* back reference to a clnt/svr ctx */
! 185: #ifndef CONFIG_SSL_SKELETON_MODE
! 186: uint16_t session_index;
! 187: SSL_SESSION *session;
! 188: #endif
! 189: #ifdef CONFIG_SSL_CERT_VERIFICATION
! 190: X509_CTX *x509_ctx;
! 191: #endif
! 192:
! 193: uint8_t session_id[SSL_SESSION_ID_SIZE];
! 194: uint8_t client_mac[SHA1_SIZE]; /* for HMAC verification */
! 195: uint8_t server_mac[SHA1_SIZE]; /* for HMAC verification */
! 196: uint8_t read_sequence[8]; /* 64 bit sequence number */
! 197: uint8_t write_sequence[8]; /* 64 bit sequence number */
! 198: uint8_t hmac_header[SSL_RECORD_SIZE]; /* rx hmac */
! 199: };
! 200:
! 201: typedef struct _SSL SSL;
! 202:
! 203: struct _SSL_CTX
! 204: {
! 205: uint32_t options;
! 206: uint8_t chain_length;
! 207: RSA_CTX *rsa_ctx;
! 208: #ifdef CONFIG_SSL_CERT_VERIFICATION
! 209: CA_CERT_CTX *ca_cert_ctx;
! 210: #endif
! 211: SSL *head;
! 212: SSL *tail;
! 213: SSL_CERT certs[CONFIG_SSL_MAX_CERTS];
! 214: #ifndef CONFIG_SSL_SKELETON_MODE
! 215: uint16_t num_sessions;
! 216: SSL_SESSION **ssl_sessions;
! 217: #endif
! 218: #ifdef CONFIG_SSL_CTX_MUTEXING
! 219: SSL_CTX_MUTEX_TYPE mutex;
! 220: #endif
! 221: #ifdef CONFIG_OPENSSL_COMPATIBLE
! 222: void *bonus_attr;
! 223: #endif
! 224: };
! 225:
! 226: typedef struct _SSL_CTX SSL_CTX;
! 227:
! 228: /* backwards compatibility */
! 229: typedef struct _SSL_CTX SSLCTX;
! 230:
! 231: extern const uint8_t ssl_prot_prefs[NUM_PROTOCOLS];
! 232:
! 233: SSL *ssl_new(SSL_CTX *ssl_ctx, int client_fd);
! 234: void disposable_new(SSL *ssl);
! 235: void disposable_free(SSL *ssl);
! 236: int send_packet(SSL *ssl, uint8_t protocol,
! 237: const uint8_t *in, int length);
! 238: int do_svr_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len);
! 239: int do_clnt_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len);
! 240: int process_finished(SSL *ssl, uint8_t *buf, int hs_len);
! 241: int process_sslv23_client_hello(SSL *ssl);
! 242: int send_alert(SSL *ssl, int error_code);
! 243: int send_finished(SSL *ssl);
! 244: int send_certificate(SSL *ssl);
! 245: int basic_read(SSL *ssl, uint8_t **in_data);
! 246: int send_change_cipher_spec(SSL *ssl);
! 247: void finished_digest(SSL *ssl, const char *label, uint8_t *digest);
! 248: void generate_master_secret(SSL *ssl, const uint8_t *premaster_secret);
! 249: void add_packet(SSL *ssl, const uint8_t *pkt, int len);
! 250: int add_cert(SSL_CTX *ssl_ctx, const uint8_t *buf, int len);
! 251: int add_private_key(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj);
! 252: void ssl_obj_free(SSLObjLoader *ssl_obj);
! 253: int pkcs8_decode(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password);
! 254: int pkcs12_decode(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password);
! 255: int load_key_certs(SSL_CTX *ssl_ctx);
! 256: #ifdef CONFIG_SSL_CERT_VERIFICATION
! 257: int add_cert_auth(SSL_CTX *ssl_ctx, const uint8_t *buf, int len);
! 258: void remove_ca_certs(CA_CERT_CTX *ca_cert_ctx);
! 259: #endif
! 260: #ifdef CONFIG_SSL_ENABLE_CLIENT
! 261: int do_client_connect(SSL *ssl);
! 262: #endif
! 263:
! 264: #ifdef CONFIG_SSL_FULL_MODE
! 265: void DISPLAY_STATE(SSL *ssl, int is_send, uint8_t state, int not_ok);
! 266: void DISPLAY_BYTES(SSL *ssl, const char *format,
! 267: const uint8_t *data, int size, ...);
! 268: void DISPLAY_CERT(SSL *ssl, const X509_CTX *x509_ctx);
! 269: void DISPLAY_RSA(SSL *ssl, const RSA_CTX *rsa_ctx);
! 270: void DISPLAY_ALERT(SSL *ssl, int alert);
! 271: #else
! 272: #define DISPLAY_STATE(A,B,C,D)
! 273: #define DISPLAY_CERT(A,B)
! 274: #define DISPLAY_RSA(A,B)
! 275: #define DISPLAY_ALERT(A, B)
! 276: #ifdef WIN32
! 277: void DISPLAY_BYTES(SSL *ssl, const char *format,/* win32 has no variadic macros */
! 278: const uint8_t *data, int size, ...);
! 279: #else
! 280: #define DISPLAY_BYTES(A,B,C,D,...)
! 281: #endif
! 282: #endif
! 283:
! 284: #ifdef CONFIG_SSL_CERT_VERIFICATION
! 285: int process_certificate(SSL *ssl, X509_CTX **x509_ctx);
! 286: #endif
! 287:
! 288: SSL_SESSION *ssl_session_update(int max_sessions,
! 289: SSL_SESSION *ssl_sessions[], SSL *ssl,
! 290: const uint8_t *session_id);
! 291: void kill_ssl_session(SSL_SESSION **ssl_sessions, SSL *ssl);
! 292:
! 293: #ifdef __cplusplus
! 294: }
! 295: #endif
! 296:
! 297: #endif
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to tls1.h CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / axTLS / ssl