Annotation of embedaddon/strongswan/src/libtls/tls_crypto.h, revision 1.1
1.1 ! misho 1: /*
! 2: * Copyright (C) 2010 Martin Willi
! 3: * Copyright (C) 2010 revosec AG
! 4: *
! 5: * This program is free software; you can redistribute it and/or modify it
! 6: * under the terms of the GNU General Public License as published by the
! 7: * Free Software Foundation; either version 2 of the License, or (at your
! 8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
! 9: *
! 10: * This program is distributed in the hope that it will be useful, but
! 11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
! 12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
! 13: * for more details.
! 14: */
! 15:
! 16: /**
! 17: * @defgroup tls_crypto tls_crypto
! 18: * @{ @ingroup libtls
! 19: */
! 20:
! 21: #ifndef TLS_CRYPTO_H_
! 22: #define TLS_CRYPTO_H_
! 23:
! 24: typedef struct tls_crypto_t tls_crypto_t;
! 25: typedef enum tls_cipher_suite_t tls_cipher_suite_t;
! 26: typedef enum tls_hash_algorithm_t tls_hash_algorithm_t;
! 27: typedef enum tls_signature_algorithm_t tls_signature_algorithm_t;
! 28: typedef enum tls_client_certificate_type_t tls_client_certificate_type_t;
! 29: typedef enum tls_ecc_curve_type_t tls_ecc_curve_type_t;
! 30: typedef enum tls_named_curve_t tls_named_curve_t;
! 31: typedef enum tls_ansi_point_format_t tls_ansi_point_format_t;
! 32: typedef enum tls_ec_point_format_t tls_ec_point_format_t;
! 33:
! 34: #include "tls.h"
! 35: #include "tls_prf.h"
! 36: #include "tls_protection.h"
! 37:
! 38: #include <library.h>
! 39:
! 40: #include <credentials/keys/private_key.h>
! 41:
! 42: /**
! 43: * TLS cipher suites
! 44: */
! 45: enum tls_cipher_suite_t {
! 46: TLS_NULL_WITH_NULL_NULL = 0x0000,
! 47: TLS_RSA_WITH_NULL_MD5 = 0x0001,
! 48: TLS_RSA_WITH_NULL_SHA = 0x0002,
! 49: TLS_RSA_EXPORT_WITH_RC4_40_MD5 = 0x0003,
! 50: TLS_RSA_WITH_RC4_128_MD5 = 0x0004,
! 51: TLS_RSA_WITH_RC4_128_SHA = 0x0005,
! 52: TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = 0x0006,
! 53: TLS_RSA_WITH_IDEA_CBC_SHA = 0x0007,
! 54: TLS_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0008,
! 55: TLS_RSA_WITH_DES_CBC_SHA = 0x0009,
! 56: TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x000A,
! 57: TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x000B,
! 58: TLS_DH_DSS_WITH_DES_CBC_SHA = 0x000C,
! 59: TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA = 0x000D,
! 60: TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x000E,
! 61: TLS_DH_RSA_WITH_DES_CBC_SHA = 0x000F,
! 62: TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA = 0x0010,
! 63: TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x0011,
! 64: TLS_DHE_DSS_WITH_DES_CBC_SHA = 0x0012,
! 65: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA = 0x0013,
! 66: TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0014,
! 67: TLS_DHE_RSA_WITH_DES_CBC_SHA = 0x0015,
! 68: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x0016,
! 69: TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 = 0x0017,
! 70: TLS_DH_anon_WITH_RC4_128_MD5 = 0x0018,
! 71: TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA = 0x0019,
! 72: TLS_DH_anon_WITH_DES_CBC_SHA = 0x001A,
! 73: TLS_DH_anon_WITH_3DES_EDE_CBC_SHA = 0x001B,
! 74:
! 75: TLS_KRB5_WITH_DES_CBC_SHA = 0x001E,
! 76: TLS_KRB5_WITH_3DES_EDE_CBC_SHA = 0x001F,
! 77: TLS_KRB5_WITH_RC4_128_SHA = 0x0020,
! 78: TLS_KRB5_WITH_IDEA_CBC_SHA = 0x0021,
! 79: TLS_KRB5_WITH_DES_CBC_MD5 = 0x0022,
! 80: TLS_KRB5_WITH_3DES_EDE_CBC_MD5 = 0x0023,
! 81: TLS_KRB5_WITH_RC4_128_MD5 = 0x0024,
! 82: TLS_KRB5_WITH_IDEA_CBC_MD5 = 0x0025,
! 83: TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA = 0x0026,
! 84: TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA = 0x0027,
! 85: TLS_KRB5_EXPORT_WITH_RC4_40_SHA = 0x0028,
! 86: TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 = 0x0029,
! 87: TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5 = 0x002A,
! 88: TLS_KRB5_EXPORT_WITH_RC4_40_MD5 = 0x002B,
! 89: TLS_PSK_WITH_NULL_SHA = 0x002C,
! 90: TLS_DHE_PSK_WITH_NULL_SHA = 0x002D,
! 91: TLS_RSA_PSK_WITH_NULL_SHA = 0x002E,
! 92: TLS_RSA_WITH_AES_128_CBC_SHA = 0x002F,
! 93: TLS_DH_DSS_WITH_AES_128_CBC_SHA = 0x0030,
! 94: TLS_DH_RSA_WITH_AES_128_CBC_SHA = 0x0031,
! 95: TLS_DHE_DSS_WITH_AES_128_CBC_SHA = 0x0032,
! 96: TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x0033,
! 97: TLS_DH_anon_WITH_AES_128_CBC_SHA = 0x0034,
! 98: TLS_RSA_WITH_AES_256_CBC_SHA = 0x0035,
! 99: TLS_DH_DSS_WITH_AES_256_CBC_SHA = 0x0036,
! 100: TLS_DH_RSA_WITH_AES_256_CBC_SHA = 0x0037,
! 101: TLS_DHE_DSS_WITH_AES_256_CBC_SHA = 0x0038,
! 102: TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x0039,
! 103: TLS_DH_anon_WITH_AES_256_CBC_SHA = 0x003A,
! 104: TLS_RSA_WITH_NULL_SHA256 = 0x003B,
! 105: TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x003C,
! 106: TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x003D,
! 107: TLS_DH_DSS_WITH_AES_128_CBC_SHA256 = 0x003E,
! 108: TLS_DH_RSA_WITH_AES_128_CBC_SHA256 = 0x003F,
! 109: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 = 0x0040,
! 110: TLS_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0041,
! 111: TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA = 0x0042,
! 112: TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0043,
! 113: TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA = 0x0044,
! 114: TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0045,
! 115: TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA = 0x0046,
! 116:
! 117: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x0067,
! 118: TLS_DH_DSS_WITH_AES_256_CBC_SHA256 = 0x0068,
! 119: TLS_DH_RSA_WITH_AES_256_CBC_SHA256 = 0x0069,
! 120: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 = 0x006A,
! 121: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x006B,
! 122: TLS_DH_anon_WITH_AES_128_CBC_SHA256 = 0x006C,
! 123: TLS_DH_anon_WITH_AES_256_CBC_SHA256 = 0x006D,
! 124:
! 125: TLS_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0084,
! 126: TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA = 0x0085,
! 127: TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0086,
! 128: TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA = 0x0087,
! 129: TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0088,
! 130: TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA = 0x0089,
! 131: TLS_PSK_WITH_RC4_128_SHA = 0x008A,
! 132: TLS_PSK_WITH_3DES_EDE_CBC_SHA = 0x008B,
! 133: TLS_PSK_WITH_AES_128_CBC_SHA = 0x008C,
! 134: TLS_PSK_WITH_AES_256_CBC_SHA = 0x008D,
! 135: TLS_DHE_PSK_WITH_RC4_128_SHA = 0x008E,
! 136: TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA = 0x008F,
! 137: TLS_DHE_PSK_WITH_AES_128_CBC_SHA = 0x0090,
! 138: TLS_DHE_PSK_WITH_AES_256_CBC_SHA = 0x0091,
! 139: TLS_RSA_PSK_WITH_RC4_128_SHA = 0x0092,
! 140: TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA = 0x0093,
! 141: TLS_RSA_PSK_WITH_AES_128_CBC_SHA = 0x0094,
! 142: TLS_RSA_PSK_WITH_AES_256_CBC_SHA = 0x0095,
! 143: TLS_RSA_WITH_SEED_CBC_SHA = 0x0096,
! 144: TLS_DH_DSS_WITH_SEED_CBC_SHA = 0x0097,
! 145: TLS_DH_RSA_WITH_SEED_CBC_SHA = 0x0098,
! 146: TLS_DHE_DSS_WITH_SEED_CBC_SHA = 0x0099,
! 147: TLS_DHE_RSA_WITH_SEED_CBC_SHA = 0x009A,
! 148: TLS_DH_anon_WITH_SEED_CBC_SHA = 0x009B,
! 149: TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x009C,
! 150: TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x009D,
! 151: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x009E,
! 152: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x009F,
! 153: TLS_DH_RSA_WITH_AES_128_GCM_SHA256 = 0x00A0,
! 154: TLS_DH_RSA_WITH_AES_256_GCM_SHA384 = 0x00A1,
! 155: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 = 0x00A2,
! 156: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 = 0x00A3,
! 157: TLS_DH_DSS_WITH_AES_128_GCM_SHA256 = 0x00A4,
! 158: TLS_DH_DSS_WITH_AES_256_GCM_SHA384 = 0x00A5,
! 159: TLS_DH_anon_WITH_AES_128_GCM_SHA256 = 0x00A6,
! 160: TLS_DH_anon_WITH_AES_256_GCM_SHA384 = 0x00A7,
! 161: TLS_PSK_WITH_AES_128_GCM_SHA256 = 0x00A8,
! 162: TLS_PSK_WITH_AES_256_GCM_SHA384 = 0x00A9,
! 163: TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 = 0x00AA,
! 164: TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 = 0x00AB,
! 165: TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 = 0x00AC,
! 166: TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 = 0x00AD,
! 167: TLS_PSK_WITH_AES_128_CBC_SHA256 = 0x00AE,
! 168: TLS_PSK_WITH_AES_256_CBC_SHA384 = 0x00AF,
! 169: TLS_PSK_WITH_NULL_SHA256 = 0x00B0,
! 170: TLS_PSK_WITH_NULL_SHA384 = 0x00B1,
! 171: TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 = 0x00B2,
! 172: TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 = 0x00B3,
! 173: TLS_DHE_PSK_WITH_NULL_SHA256 = 0x00B4,
! 174: TLS_DHE_PSK_WITH_NULL_SHA384 = 0x00B5,
! 175: TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 = 0x00B6,
! 176: TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 = 0x00B7,
! 177: TLS_RSA_PSK_WITH_NULL_SHA256 = 0x00B8,
! 178: TLS_RSA_PSK_WITH_NULL_SHA384 = 0x00B9,
! 179: TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BA,
! 180: TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BB,
! 181: TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BC,
! 182: TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BD,
! 183: TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BE,
! 184: TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BF,
! 185: TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C0,
! 186: TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C1,
! 187: TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C2,
! 188: TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C3,
! 189: TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C4,
! 190: TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C5,
! 191:
! 192: TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0x00FF,
! 193:
! 194: TLS_ECDH_ECDSA_WITH_NULL_SHA = 0xC001,
! 195: TLS_ECDH_ECDSA_WITH_RC4_128_SHA = 0xC002,
! 196: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = 0xC003,
! 197: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA = 0xC004,
! 198: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA = 0xC005,
! 199: TLS_ECDHE_ECDSA_WITH_NULL_SHA = 0xC006,
! 200: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = 0xC007,
! 201: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = 0xC008,
! 202: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 0xC009,
! 203: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0xC00A,
! 204: TLS_ECDH_RSA_WITH_NULL_SHA = 0xC00B,
! 205: TLS_ECDH_RSA_WITH_RC4_128_SHA = 0xC00C,
! 206: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA = 0xC00D,
! 207: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA = 0xC00E,
! 208: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA = 0xC00F,
! 209: TLS_ECDHE_RSA_WITH_NULL_SHA = 0xC010,
! 210: TLS_ECDHE_RSA_WITH_RC4_128_SHA = 0xC011,
! 211: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 0xC012,
! 212: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0xC013,
! 213: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0xC014,
! 214: TLS_ECDH_anon_WITH_NULL_SHA = 0xC015,
! 215: TLS_ECDH_anon_WITH_RC4_128_SHA = 0xC016,
! 216: TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA = 0xC017,
! 217: TLS_ECDH_anon_WITH_AES_128_CBC_SHA = 0xC018,
! 218: TLS_ECDH_anon_WITH_AES_256_CBC_SHA = 0xC019,
! 219: TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA = 0xC01A,
! 220: TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA = 0xC01B,
! 221: TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA = 0xC01C,
! 222: TLS_SRP_SHA_WITH_AES_128_CBC_SHA = 0xC01D,
! 223: TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA = 0xC01E,
! 224: TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA = 0xC01F,
! 225: TLS_SRP_SHA_WITH_AES_256_CBC_SHA = 0xC020,
! 226: TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA = 0xC021,
! 227: TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA = 0xC022,
! 228: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0xC023,
! 229: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 0xC024,
! 230: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 = 0xC025,
! 231: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 = 0xC026,
! 232: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0xC027,
! 233: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = 0xC028,
! 234: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 = 0xC029,
! 235: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 = 0xC02A,
! 236: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0xC02B,
! 237: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 0xC02C,
! 238: TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 = 0xC02D,
! 239: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 = 0xC02E,
! 240: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0xC02F,
! 241: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 0xC030,
! 242: TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 = 0xC031,
! 243: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 = 0xC032,
! 244: TLS_ECDHE_PSK_WITH_RC4_128_SHA = 0xC033,
! 245: TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA = 0xC034,
! 246: TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA = 0xC035,
! 247: TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA = 0xC036,
! 248: TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 = 0xC037,
! 249: TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 = 0xC038,
! 250: TLS_ECDHE_PSK_WITH_NULL_SHA = 0xC039,
! 251: TLS_ECDHE_PSK_WITH_NULL_SHA256 = 0xC03A,
! 252: TLS_ECDHE_PSK_WITH_NULL_SHA384 = 0xC03B
! 253: };
! 254:
! 255: /**
! 256: * Enum names for tls_cipher_suite_t
! 257: */
! 258: extern enum_name_t *tls_cipher_suite_names;
! 259:
! 260: /**
! 261: * TLS HashAlgorithm identifiers
! 262: */
! 263: enum tls_hash_algorithm_t {
! 264: TLS_HASH_NONE = 0,
! 265: TLS_HASH_MD5 = 1,
! 266: TLS_HASH_SHA1 = 2,
! 267: TLS_HASH_SHA224 = 3,
! 268: TLS_HASH_SHA256 = 4,
! 269: TLS_HASH_SHA384 = 5,
! 270: TLS_HASH_SHA512 = 6,
! 271: };
! 272:
! 273: /**
! 274: * Enum names for tls_hash_algorithm_t
! 275: */
! 276: extern enum_name_t *tls_hash_algorithm_names;
! 277:
! 278: /**
! 279: * TLS SignatureAlgorithm identifiers
! 280: */
! 281: enum tls_signature_algorithm_t {
! 282: TLS_SIG_RSA = 1,
! 283: TLS_SIG_DSA = 2,
! 284: TLS_SIG_ECDSA = 3,
! 285: };
! 286:
! 287: /**
! 288: * Enum names for tls_signature_algorithm_t
! 289: */
! 290: extern enum_name_t *tls_signature_algorithm_names;
! 291:
! 292: /**
! 293: * TLS ClientCertificateType
! 294: */
! 295: enum tls_client_certificate_type_t {
! 296: TLS_RSA_SIGN = 1,
! 297: TLS_DSA_SIGN = 2,
! 298: TLS_RSA_FIXED_DH = 3,
! 299: TLS_DSS_FIXED_DH = 4,
! 300: TLS_RSA_EPHEMERAL_DH = 5,
! 301: TLS_DSS_EPHEMERAL_DH = 6,
! 302: TLS_FORTEZZA_DMS = 20,
! 303: TLS_ECDSA_SIGN = 64,
! 304: TLS_RSA_FIXED_ECDH = 65,
! 305: TLS_ECDSA_FIXED_ECDH = 66,
! 306: };
! 307:
! 308: /**
! 309: * Enum names for tls_client_certificate_type_t
! 310: */
! 311: extern enum_name_t *tls_client_certificate_type_names;
! 312:
! 313: /**
! 314: * TLS EccCurveType
! 315: */
! 316: enum tls_ecc_curve_type_t {
! 317: TLS_ECC_EXPLICIT_PRIME = 1,
! 318: TLS_ECC_EXPLICIT_CHAR2 = 2,
! 319: TLS_ECC_NAMED_CURVE = 3,
! 320: };
! 321:
! 322: /**
! 323: * Enum names for tls_ecc_curve_type_t
! 324: */
! 325: extern enum_name_t *tls_ecc_curve_type_names;
! 326:
! 327: /**
! 328: * TLS Named Curve identifiers
! 329: */
! 330: enum tls_named_curve_t {
! 331: TLS_SECT163K1 = 1,
! 332: TLS_SECT163R1 = 2,
! 333: TLS_SECT163R2 = 3,
! 334: TLS_SECT193R1 = 4,
! 335: TLS_SECT193R2 = 5,
! 336: TLS_SECT233K1 = 6,
! 337: TLS_SECT233R1 = 7,
! 338: TLS_SECT239K1 = 8,
! 339: TLS_SECT283K1 = 9,
! 340: TLS_SECT283R1 = 10,
! 341: TLS_SECT409K1 = 11,
! 342: TLS_SECT409R1 = 12,
! 343: TLS_SECT571K1 = 13,
! 344: TLS_SECT571R1 = 14,
! 345: TLS_SECP160K1 = 15,
! 346: TLS_SECP160R1 = 16,
! 347: TLS_SECP160R2 = 17,
! 348: TLS_SECP192K1 = 18,
! 349: TLS_SECP192R1 = 19,
! 350: TLS_SECP224K1 = 20,
! 351: TLS_SECP224R1 = 21,
! 352: TLS_SECP256K1 = 22,
! 353: TLS_SECP256R1 = 23,
! 354: TLS_SECP384R1 = 24,
! 355: TLS_SECP521R1 = 25,
! 356: };
! 357:
! 358: /**
! 359: * Enum names for tls_named_curve_t
! 360: */
! 361: extern enum_name_t *tls_named_curve_names;
! 362:
! 363: /**
! 364: * EC Point format, ANSI X9.62.
! 365: */
! 366: enum tls_ansi_point_format_t {
! 367: TLS_ANSI_COMPRESSED = 2,
! 368: TLS_ANSI_COMPRESSED_Y = 3,
! 369: TLS_ANSI_UNCOMPRESSED = 4,
! 370: TLS_ANSI_HYBRID = 6,
! 371: TLS_ANSI_HYBRID_Y = 7,
! 372: };
! 373:
! 374: /**
! 375: * Enum names for tls_ansi_point_format_t.
! 376: */
! 377: extern enum_name_t *tls_ansi_point_format_names;
! 378:
! 379: /**
! 380: * EC Point format, TLS specific identifiers.
! 381: */
! 382: enum tls_ec_point_format_t {
! 383: TLS_EC_POINT_UNCOMPRESSED = 0,
! 384: TLS_EC_POINT_ANSIX962_COMPRESSED_PRIME = 1,
! 385: TLS_EC_POINT_ANSIX962_COMPRESSED_CHAR2 = 2,
! 386: };
! 387:
! 388: /**
! 389: * Enum names for tls_ec_point_format_t.
! 390: */
! 391: extern enum_name_t *tls_ec_point_format_names;
! 392:
! 393: /**
! 394: * TLS crypto helper functions.
! 395: */
! 396: struct tls_crypto_t {
! 397:
! 398: /**
! 399: * Get a list of supported TLS cipher suites.
! 400: *
! 401: * @param suites list of suites, points to internal data
! 402: * @return number of suites returned
! 403: */
! 404: int (*get_cipher_suites)(tls_crypto_t *this, tls_cipher_suite_t **suites);
! 405:
! 406: /**
! 407: * Select and store a cipher suite from a given list of candidates.
! 408: *
! 409: * @param suites list of candidates to select from
! 410: * @param count number of suites
! 411: * @param key key type used, or KEY_ANY
! 412: * @return selected suite, 0 if none acceptable
! 413: */
! 414: tls_cipher_suite_t (*select_cipher_suite)(tls_crypto_t *this,
! 415: tls_cipher_suite_t *suites, int count,
! 416: key_type_t key);
! 417:
! 418: /**
! 419: * Get the Diffie-Hellman group to use, if any.
! 420: *
! 421: * @return Diffie Hellman group, ord MODP_NONE
! 422: */
! 423: diffie_hellman_group_t (*get_dh_group)(tls_crypto_t *this);
! 424:
! 425: /**
! 426: * Write the list of supported hash/sig algorithms to writer.
! 427: *
! 428: * @param writer writer to write supported hash/sig algorithms
! 429: */
! 430: void (*get_signature_algorithms)(tls_crypto_t *this, bio_writer_t *writer);
! 431:
! 432: /**
! 433: * Create an enumerator over supported ECDH groups.
! 434: *
! 435: * Enumerates over (diffie_hellman_group_t, tls_named_curve_t)
! 436: *
! 437: * @return enumerator
! 438: */
! 439: enumerator_t* (*create_ec_enumerator)(tls_crypto_t *this);
! 440:
! 441: /**
! 442: * Set the protection layer of the TLS stack to control it.
! 443: *
! 444: * @param protection protection layer to work on
! 445: */
! 446: void (*set_protection)(tls_crypto_t *this, tls_protection_t *protection);
! 447:
! 448: /**
! 449: * Store exchanged handshake data, used for cryptographic operations.
! 450: *
! 451: * @param type handshake sub type
! 452: * @param data data to append to handshake buffer
! 453: */
! 454: void (*append_handshake)(tls_crypto_t *this,
! 455: tls_handshake_type_t type, chunk_t data);
! 456:
! 457: /**
! 458: * Sign a blob of data, append signature to writer.
! 459: *
! 460: * @param key private key to use for signature
! 461: * @param writer TLS writer to write signature to
! 462: * @param data data to sign
! 463: * @param hashsig list of TLS1.2 hash/sig algorithms to select from
! 464: * @return TRUE if signature create successfully
! 465: */
! 466: bool (*sign)(tls_crypto_t *this, private_key_t *key,
! 467: bio_writer_t *writer, chunk_t data, chunk_t hashsig);
! 468:
! 469: /**
! 470: * Verify a blob of data, read signature from a reader.
! 471: *
! 472: * @param key public key to verify signature with
! 473: * @param reader TLS reader to read signature from
! 474: * @param data data to verify signature
! 475: * @return TRUE if signature valid
! 476: */
! 477: bool (*verify)(tls_crypto_t *this, public_key_t *key,
! 478: bio_reader_t *reader, chunk_t data);
! 479:
! 480: /**
! 481: * Create a signature of the handshake data using a given private key.
! 482: *
! 483: * @param key private key to use for signature
! 484: * @param writer TLS writer to write signature to
! 485: * @param hashsig list of TLS1.2 hash/sig algorithms to select from
! 486: * @return TRUE if signature create successfully
! 487: */
! 488: bool (*sign_handshake)(tls_crypto_t *this, private_key_t *key,
! 489: bio_writer_t *writer, chunk_t hashsig);
! 490:
! 491: /**
! 492: * Verify the signature over handshake data using a given public key.
! 493: *
! 494: * @param key public key to verify signature with
! 495: * @param reader TLS reader to read signature from
! 496: * @return TRUE if signature valid
! 497: */
! 498: bool (*verify_handshake)(tls_crypto_t *this, public_key_t *key,
! 499: bio_reader_t *reader);
! 500:
! 501: /**
! 502: * Calculate the data of a TLS finished message.
! 503: *
! 504: * @param label ASCII label to use for calculation
! 505: * @param out buffer to write finished data to
! 506: * @return TRUE if calculation successful
! 507: */
! 508: bool (*calculate_finished)(tls_crypto_t *this, char *label, char out[12]);
! 509:
! 510: /**
! 511: * Derive the master secret, MAC and encryption keys.
! 512: *
! 513: * @param premaster premaster secret
! 514: * @param session session identifier to cache master secret
! 515: * @param id identity the session is bound to
! 516: * @param client_random random data from client hello
! 517: * @param server_random random data from server hello
! 518: * @return TRUE if secrets derived successfully
! 519: */
! 520: bool (*derive_secrets)(tls_crypto_t *this, chunk_t premaster,
! 521: chunk_t session, identification_t *id,
! 522: chunk_t client_random, chunk_t server_random);
! 523:
! 524: /**
! 525: * Try to resume a TLS session, derive key material.
! 526: *
! 527: * @param session session identifier
! 528: * @param id identity the session is bound to
! 529: * @param client_random random data from client hello
! 530: * @param server_random random data from server hello
! 531: * @return selected suite
! 532: */
! 533: tls_cipher_suite_t (*resume_session)(tls_crypto_t *this, chunk_t session,
! 534: identification_t *id,
! 535: chunk_t client_random,
! 536: chunk_t server_random);
! 537:
! 538: /**
! 539: * Check if we have a session to resume as a client.
! 540: *
! 541: * @param id server identity to get a session for
! 542: * @return allocated session identifier, or chunk_empty
! 543: */
! 544: chunk_t (*get_session)(tls_crypto_t *this, identification_t *id);
! 545:
! 546: /**
! 547: * Change the cipher used at protection layer.
! 548: *
! 549: * @param inbound TRUE to change inbound cipher, FALSE for outbound
! 550: */
! 551: void (*change_cipher)(tls_crypto_t *this, bool inbound);
! 552:
! 553: /**
! 554: * Get the MSK to use in EAP-TLS.
! 555: *
! 556: * @return MSK, points to internal data
! 557: */
! 558: chunk_t (*get_eap_msk)(tls_crypto_t *this);
! 559:
! 560: /**
! 561: * Destroy a tls_crypto_t.
! 562: */
! 563: void (*destroy)(tls_crypto_t *this);
! 564: };
! 565:
! 566: /**
! 567: * Create a tls_crypto instance.
! 568: *
! 569: * @param tls TLS stack
! 570: * @param cache TLS session cache
! 571: * @return TLS crypto helper
! 572: */
! 573: tls_crypto_t *tls_crypto_create(tls_t *tls, tls_cache_t *cache);
! 574:
! 575: /**
! 576: * Get a list of all supported TLS cipher suites.
! 577: *
! 578: * @param null include supported NULL encryption suites
! 579: * @param suites pointer to allocated suites array, to free(), or NULL
! 580: * @return number of suites supported
! 581: */
! 582: int tls_crypto_get_supported_suites(bool null, tls_cipher_suite_t **suites);
! 583:
! 584: #endif /** TLS_CRYPTO_H_ @}*/
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to tls_crypto.h CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libtls