Annotation of embedaddon/axTLS/ssl/tls1.h, revision 1.1.1.1
1.1 misho 1: /*
2: * Copyright (c) 2007, Cameron Rich
3: *
4: * All rights reserved.
5: *
6: * Redistribution and use in source and binary forms, with or without
7: * modification, are permitted provided that the following conditions are met:
8: *
9: * * Redistributions of source code must retain the above copyright notice,
10: * this list of conditions and the following disclaimer.
11: * * Redistributions in binary form must reproduce the above copyright notice,
12: * this list of conditions and the following disclaimer in the documentation
13: * and/or other materials provided with the distribution.
14: * * Neither the name of the axTLS project nor the names of its contributors
15: * may be used to endorse or promote products derived from this software
16: * without specific prior written permission.
17: *
18: * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19: * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
20: * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
21: * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
22: * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
23: * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
24: * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
25: * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
26: * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
27: * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
28: * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29: */
30:
31: /**
32: * @file tls1.h
33: *
34: * @brief The definitions for the TLS library.
35: */
36: #ifndef HEADER_SSL_LIB_H
37: #define HEADER_SSL_LIB_H
38:
39: #ifdef __cplusplus
40: extern "C" {
41: #endif
42:
43: #include "version.h"
44: #include "config.h"
45: #include "os_int.h"
46: #include "crypto.h"
47: #include "crypto_misc.h"
48:
49: #define SSL_PROTOCOL_MIN_VERSION 0x31 /* TLS v1.0 */
50: #define SSL_PROTOCOL_MINOR_VERSION 0x02 /* TLS v1.1 */
51: #define SSL_PROTOCOL_VERSION_MAX 0x32 /* TLS v1.1 */
52: #define SSL_PROTOCOL_VERSION1_1 0x32 /* TLS v1.1 */
53: #define SSL_RANDOM_SIZE 32
54: #define SSL_SECRET_SIZE 48
55: #define SSL_FINISHED_HASH_SIZE 12
56: #define SSL_RECORD_SIZE 5
57: #define SSL_SERVER_READ 0
58: #define SSL_SERVER_WRITE 1
59: #define SSL_CLIENT_READ 2
60: #define SSL_CLIENT_WRITE 3
61: #define SSL_HS_HDR_SIZE 4
62:
63: /* the flags we use while establishing a connection */
64: #define SSL_NEED_RECORD 0x0001
65: #define SSL_TX_ENCRYPTED 0x0002
66: #define SSL_RX_ENCRYPTED 0x0004
67: #define SSL_SESSION_RESUME 0x0008
68: #define SSL_IS_CLIENT 0x0010
69: #define SSL_HAS_CERT_REQ 0x0020
70: #define SSL_SENT_CLOSE_NOTIFY 0x0040
71:
72: /* some macros to muck around with flag bits */
73: #define SET_SSL_FLAG(A) (ssl->flag |= A)
74: #define CLR_SSL_FLAG(A) (ssl->flag &= ~A)
75: #define IS_SET_SSL_FLAG(A) (ssl->flag & A)
76:
77: #define MAX_KEY_BYTE_SIZE 512 /* for a 4096 bit key */
78: #define RT_MAX_PLAIN_LENGTH 16384
79: #define RT_EXTRA 1024
80: #define BM_RECORD_OFFSET 5
81:
82: #ifdef CONFIG_SSL_SKELETON_MODE
83: #define NUM_PROTOCOLS 1
84: #else
85: #define NUM_PROTOCOLS 4
86: #endif
87:
88: #define PARANOIA_CHECK(A, B) if (A < B) { \
89: ret = SSL_ERROR_INVALID_HANDSHAKE; goto error; }
90:
91: /* protocol types */
92: enum
93: {
94: PT_CHANGE_CIPHER_SPEC = 20,
95: PT_ALERT_PROTOCOL,
96: PT_HANDSHAKE_PROTOCOL,
97: PT_APP_PROTOCOL_DATA
98: };
99:
100: /* handshaking types */
101: enum
102: {
103: HS_HELLO_REQUEST,
104: HS_CLIENT_HELLO,
105: HS_SERVER_HELLO,
106: HS_CERTIFICATE = 11,
107: HS_SERVER_KEY_XCHG,
108: HS_CERT_REQ,
109: HS_SERVER_HELLO_DONE,
110: HS_CERT_VERIFY,
111: HS_CLIENT_KEY_XCHG,
112: HS_FINISHED = 20
113: };
114:
115: typedef struct
116: {
117: uint8_t cipher;
118: uint8_t key_size;
119: uint8_t iv_size;
120: uint8_t key_block_size;
121: uint8_t padding_size;
122: uint8_t digest_size;
123: hmac_func hmac;
124: crypt_func encrypt;
125: crypt_func decrypt;
126: } cipher_info_t;
127:
128: struct _SSLObjLoader
129: {
130: uint8_t *buf;
131: int len;
132: };
133:
134: typedef struct _SSLObjLoader SSLObjLoader;
135:
136: typedef struct
137: {
138: time_t conn_time;
139: uint8_t session_id[SSL_SESSION_ID_SIZE];
140: uint8_t master_secret[SSL_SECRET_SIZE];
141: } SSL_SESSION;
142:
143: typedef struct
144: {
145: uint8_t *buf;
146: int size;
147: } SSL_CERT;
148:
149: typedef struct
150: {
151: MD5_CTX md5_ctx;
152: SHA1_CTX sha1_ctx;
153: uint8_t final_finish_mac[SSL_FINISHED_HASH_SIZE];
154: uint8_t *key_block;
155: uint8_t master_secret[SSL_SECRET_SIZE];
156: uint8_t client_random[SSL_RANDOM_SIZE]; /* client's random sequence */
157: uint8_t server_random[SSL_RANDOM_SIZE]; /* server's random sequence */
158: uint16_t bm_proc_index;
159: } DISPOSABLE_CTX;
160:
161: struct _SSL
162: {
163: uint32_t flag;
164: uint16_t need_bytes;
165: uint16_t got_bytes;
166: uint8_t record_type;
167: uint8_t cipher;
168: uint8_t sess_id_size;
169: uint8_t version;
170: uint8_t client_version;
171: int16_t next_state;
172: int16_t hs_status;
173: DISPOSABLE_CTX *dc; /* temporary data which we'll get rid of soon */
174: int client_fd;
175: const cipher_info_t *cipher_info;
176: void *encrypt_ctx;
177: void *decrypt_ctx;
178: uint8_t bm_all_data[RT_MAX_PLAIN_LENGTH+RT_EXTRA];
179: uint8_t *bm_data;
180: uint16_t bm_index;
181: uint16_t bm_read_index;
182: struct _SSL *next; /* doubly linked list */
183: struct _SSL *prev;
184: struct _SSL_CTX *ssl_ctx; /* back reference to a clnt/svr ctx */
185: #ifndef CONFIG_SSL_SKELETON_MODE
186: uint16_t session_index;
187: SSL_SESSION *session;
188: #endif
189: #ifdef CONFIG_SSL_CERT_VERIFICATION
190: X509_CTX *x509_ctx;
191: #endif
192:
193: uint8_t session_id[SSL_SESSION_ID_SIZE];
194: uint8_t client_mac[SHA1_SIZE]; /* for HMAC verification */
195: uint8_t server_mac[SHA1_SIZE]; /* for HMAC verification */
196: uint8_t read_sequence[8]; /* 64 bit sequence number */
197: uint8_t write_sequence[8]; /* 64 bit sequence number */
198: uint8_t hmac_header[SSL_RECORD_SIZE]; /* rx hmac */
199: };
200:
201: typedef struct _SSL SSL;
202:
203: struct _SSL_CTX
204: {
205: uint32_t options;
206: uint8_t chain_length;
207: RSA_CTX *rsa_ctx;
208: #ifdef CONFIG_SSL_CERT_VERIFICATION
209: CA_CERT_CTX *ca_cert_ctx;
210: #endif
211: SSL *head;
212: SSL *tail;
213: SSL_CERT certs[CONFIG_SSL_MAX_CERTS];
214: #ifndef CONFIG_SSL_SKELETON_MODE
215: uint16_t num_sessions;
216: SSL_SESSION **ssl_sessions;
217: #endif
218: #ifdef CONFIG_SSL_CTX_MUTEXING
219: SSL_CTX_MUTEX_TYPE mutex;
220: #endif
221: #ifdef CONFIG_OPENSSL_COMPATIBLE
222: void *bonus_attr;
223: #endif
224: };
225:
226: typedef struct _SSL_CTX SSL_CTX;
227:
228: /* backwards compatibility */
229: typedef struct _SSL_CTX SSLCTX;
230:
231: extern const uint8_t ssl_prot_prefs[NUM_PROTOCOLS];
232:
233: SSL *ssl_new(SSL_CTX *ssl_ctx, int client_fd);
234: void disposable_new(SSL *ssl);
235: void disposable_free(SSL *ssl);
236: int send_packet(SSL *ssl, uint8_t protocol,
237: const uint8_t *in, int length);
238: int do_svr_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len);
239: int do_clnt_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len);
240: int process_finished(SSL *ssl, uint8_t *buf, int hs_len);
241: int process_sslv23_client_hello(SSL *ssl);
242: int send_alert(SSL *ssl, int error_code);
243: int send_finished(SSL *ssl);
244: int send_certificate(SSL *ssl);
245: int basic_read(SSL *ssl, uint8_t **in_data);
246: int send_change_cipher_spec(SSL *ssl);
247: void finished_digest(SSL *ssl, const char *label, uint8_t *digest);
248: void generate_master_secret(SSL *ssl, const uint8_t *premaster_secret);
249: void add_packet(SSL *ssl, const uint8_t *pkt, int len);
250: int add_cert(SSL_CTX *ssl_ctx, const uint8_t *buf, int len);
251: int add_private_key(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj);
252: void ssl_obj_free(SSLObjLoader *ssl_obj);
253: int pkcs8_decode(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password);
254: int pkcs12_decode(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password);
255: int load_key_certs(SSL_CTX *ssl_ctx);
256: #ifdef CONFIG_SSL_CERT_VERIFICATION
257: int add_cert_auth(SSL_CTX *ssl_ctx, const uint8_t *buf, int len);
258: void remove_ca_certs(CA_CERT_CTX *ca_cert_ctx);
259: #endif
260: #ifdef CONFIG_SSL_ENABLE_CLIENT
261: int do_client_connect(SSL *ssl);
262: #endif
263:
264: #ifdef CONFIG_SSL_FULL_MODE
265: void DISPLAY_STATE(SSL *ssl, int is_send, uint8_t state, int not_ok);
266: void DISPLAY_BYTES(SSL *ssl, const char *format,
267: const uint8_t *data, int size, ...);
268: void DISPLAY_CERT(SSL *ssl, const X509_CTX *x509_ctx);
269: void DISPLAY_RSA(SSL *ssl, const RSA_CTX *rsa_ctx);
270: void DISPLAY_ALERT(SSL *ssl, int alert);
271: #else
272: #define DISPLAY_STATE(A,B,C,D)
273: #define DISPLAY_CERT(A,B)
274: #define DISPLAY_RSA(A,B)
275: #define DISPLAY_ALERT(A, B)
276: #ifdef WIN32
277: void DISPLAY_BYTES(SSL *ssl, const char *format,/* win32 has no variadic macros */
278: const uint8_t *data, int size, ...);
279: #else
280: #define DISPLAY_BYTES(A,B,C,D,...)
281: #endif
282: #endif
283:
284: #ifdef CONFIG_SSL_CERT_VERIFICATION
285: int process_certificate(SSL *ssl, X509_CTX **x509_ctx);
286: #endif
287:
288: SSL_SESSION *ssl_session_update(int max_sessions,
289: SSL_SESSION *ssl_sessions[], SSL *ssl,
290: const uint8_t *session_id);
291: void kill_ssl_session(SSL_SESSION **ssl_sessions, SSL *ssl);
292:
293: #ifdef __cplusplus
294: }
295: #endif
296:
297: #endif
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to tls1.h CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / axTLS / ssl