1/*
2 * Copyright (c) 2007-2016, Cameron Rich
3 *
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions are met:
8 *
9 * * Redistributions of source code must retain the above copyright notice,
10 * this list of conditions and the following disclaimer.
11 * * Redistributions in binary form must reproduce the above copyright notice,
12 * this list of conditions and the following disclaimer in the documentation
13 * and/or other materials provided with the distribution.
14 * * Neither the name of the axTLS project nor the names of its contributors
15 * may be used to endorse or promote products derived from this software
16 * without specific prior written permission.
17 *
18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
20 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
21 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
22 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
23 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
24 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
25 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
26 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
27 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
28 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29 */
30
31/**
32 * @file tls1.h
33 *
34 * @brief The definitions for the TLS library.
35 */
36#ifndef HEADER_SSL_LIB_H
37#define HEADER_SSL_LIB_H
38
39#ifdef __cplusplus
40extern "C" {
41#endif
42
43#include "version.h"
44#include "config.h"
45#include "os_int.h"
46#include "os_port.h"
47#include "crypto.h"
48#include "crypto_misc.h"
49
50#define SSL_PROTOCOL_MIN_VERSION 0x31 /* TLS v1.0 */
51#define SSL_PROTOCOL_VERSION_MAX 0x33 /* TLS v1.3 */
52#define SSL_PROTOCOL_VERSION_TLS1_1 0x32 /* TLS v1.1 */
53#define SSL_PROTOCOL_VERSION_TLS1_2 0x33 /* TLS v1.2 */
54#define SSL_RANDOM_SIZE 32
55#define SSL_SECRET_SIZE 48
56#define SSL_FINISHED_HASH_SIZE 12
57#define SSL_RECORD_SIZE 5
58#define SSL_SERVER_READ 0
59#define SSL_SERVER_WRITE 1
60#define SSL_CLIENT_READ 2
61#define SSL_CLIENT_WRITE 3
62#define SSL_HS_HDR_SIZE 4
63
64/* the flags we use while establishing a connection */
65#define SSL_NEED_RECORD 0x0001
66#define SSL_TX_ENCRYPTED 0x0002
67#define SSL_RX_ENCRYPTED 0x0004
68#define SSL_SESSION_RESUME 0x0008
69#define SSL_IS_CLIENT 0x0010
70#define SSL_HAS_CERT_REQ 0x0020
71#define SSL_SENT_CLOSE_NOTIFY 0x0040
72
73/* some macros to muck around with flag bits */
74#define SET_SSL_FLAG(A) (ssl->flag |= A)
75#define CLR_SSL_FLAG(A) (ssl->flag &= ~A)
76#define IS_SET_SSL_FLAG(A) (ssl->flag & A)
77
78#define MAX_KEY_BYTE_SIZE 512 /* for a 4096 bit key */
79/* On send, will send another SSL fragment if plaintext exceeds RT_MAX_PLAIN_LENGTH */
80#ifndef RT_MAX_PLAIN_LENGTH
81#define RT_MAX_PLAIN_LENGTH 16384
82#endif
83/* Total receive buffer is RT_MAX_PLAIN_LENGTH + RT_EXTRA */
84#ifndef RT_EXTRA
85#define RT_EXTRA 1024
86#endif
87#define BM_RECORD_OFFSET 5
88
89#define NUM_PROTOCOLS 4
90
91#define MAX_SIG_ALGORITHMS 4
92#define SIG_ALG_SHA1 2
93#define SIG_ALG_SHA256 4
94#define SIG_ALG_SHA384 5
95#define SIG_ALG_SHA512 6
96#define SIG_ALG_RSA 1
97
98#define PARANOIA_CHECK(A, B) if (A < B) { \
99 ret = SSL_ERROR_INVALID_HANDSHAKE; goto error; }
100
101/* protocol types */
102enum
103{
104 PT_CHANGE_CIPHER_SPEC = 20,
105 PT_ALERT_PROTOCOL,
106 PT_HANDSHAKE_PROTOCOL,
107 PT_APP_PROTOCOL_DATA
108};
109
110/* handshaking types */
111enum
112{
113 HS_HELLO_REQUEST,
114 HS_CLIENT_HELLO,
115 HS_SERVER_HELLO,
116 HS_CERTIFICATE = 11,
117 HS_SERVER_KEY_XCHG,
118 HS_CERT_REQ,
119 HS_SERVER_HELLO_DONE,
120 HS_CERT_VERIFY,
121 HS_CLIENT_KEY_XCHG,
122 HS_FINISHED = 20
123};
124
125/* SSL extension types */
126enum
127{
128 SSL_EXT_SERVER_NAME = 0,
129 SSL_EXT_MAX_FRAGMENT_SIZE,
130 SSL_EXT_SIG_ALG = 0x0d,
131};
132
133typedef struct
134{
135 uint8_t cipher;
136 uint8_t key_size;
137 uint8_t iv_size;
138 uint8_t padding_size;
139 uint8_t digest_size;
140 uint8_t key_block_size;
141 hmac_func hmac;
142 crypt_func encrypt;
143 crypt_func decrypt;
144} cipher_info_t;
145
146struct _SSLObjLoader
147{
148 uint8_t *buf;
149 int len;
150};
151
152typedef struct _SSLObjLoader SSLObjLoader;
153
154typedef struct
155{
156 time_t conn_time;
157 uint8_t session_id[SSL_SESSION_ID_SIZE];
158 uint8_t master_secret[SSL_SECRET_SIZE];
159} SSL_SESSION;
160
161typedef struct
162{
163 uint8_t *buf;
164 int size;
165 uint8_t hash_alg;
166} SSL_CERT;
167
168typedef struct
169{
170 MD5_CTX md5_ctx;
171 SHA1_CTX sha1_ctx;
172 SHA256_CTX sha256_ctx;
173 uint8_t client_random[SSL_RANDOM_SIZE]; /* client's random sequence */
174 uint8_t server_random[SSL_RANDOM_SIZE]; /* server's random sequence */
175 uint8_t final_finish_mac[128];
176 uint8_t master_secret[SSL_SECRET_SIZE];
177 uint8_t key_block[256];
178 uint16_t bm_proc_index;
179 uint8_t key_block_generated;
180} DISPOSABLE_CTX;
181
182typedef struct
183{
184 char *host_name; /* Needed for the SNI support */
185 /* Needed for the Max Fragment Size Extension.
186 Allowed values: 2^9, 2^10 .. 2^14 */
187 uint16_t max_fragment_size;
188} SSL_EXTENSIONS;
189
190struct _SSL
191{
192 uint32_t flag;
193 uint16_t need_bytes;
194 uint16_t got_bytes;
195 uint8_t record_type;
196 uint8_t cipher;
197 uint8_t sess_id_size;
198 uint8_t version;
199 uint8_t client_version;
200 int16_t next_state;
201 int16_t hs_status;
202 DISPOSABLE_CTX *dc; /* temporary data which we'll get rid of soon */
203 long client_fd;
204 const cipher_info_t *cipher_info;
205 void *encrypt_ctx;
206 void *decrypt_ctx;
207 uint8_t bm_all_data[RT_MAX_PLAIN_LENGTH+RT_EXTRA];
208 uint8_t *bm_data;
209 uint16_t bm_index;
210 uint16_t bm_read_index;
211 uint8_t sig_algs[MAX_SIG_ALGORITHMS];
212 uint8_t num_sig_algs;
213 struct _SSL *next; /* doubly linked list */
214 struct _SSL *prev;
215 struct _SSL_CTX *ssl_ctx; /* back reference to a clnt/svr ctx */
216#ifndef CONFIG_SSL_SKELETON_MODE
217 uint16_t session_index;
218 SSL_SESSION *session;
219#endif
220#if defined(CONFIG_SSL_CERT_VERIFICATION) || defined(CONFIG_SSL_ENABLE_CLIENT)
221 X509_CTX *x509_ctx;
222#endif
223
224 uint8_t session_id[SSL_SESSION_ID_SIZE];
225 uint8_t client_mac[SHA256_SIZE]; /* for HMAC verification */
226 uint8_t server_mac[SHA256_SIZE]; /* for HMAC verification */
227 uint8_t read_sequence[8]; /* 64 bit sequence number */
228 uint8_t write_sequence[8]; /* 64 bit sequence number */
229 uint8_t hmac_header[SSL_RECORD_SIZE]; /* rx hmac */
230 SSL_EXTENSIONS *extensions; /* Contains the SSL (client) extensions */
231};
232
233typedef struct _SSL SSL;
234
235struct _SSL_CTX
236{
237 uint32_t options;
238 uint8_t chain_length;
239 RSA_CTX *rsa_ctx;
240#ifdef CONFIG_SSL_CERT_VERIFICATION
241 CA_CERT_CTX *ca_cert_ctx;
242#endif
243 SSL *head;
244 SSL *tail;
245 SSL_CERT certs[CONFIG_SSL_MAX_CERTS];
246#ifndef CONFIG_SSL_SKELETON_MODE
247 uint16_t num_sessions;
248 SSL_SESSION **ssl_sessions;
249#endif
250#ifdef CONFIG_SSL_CTX_MUTEXING
251 SSL_CTX_MUTEX_TYPE mutex;
252#endif
253#ifdef CONFIG_OPENSSL_COMPATIBLE
254 void *bonus_attr;
255#endif
256};
257
258typedef struct _SSL_CTX SSL_CTX;
259
260/* backwards compatibility */
261typedef struct _SSL_CTX SSLCTX;
262
263extern const uint8_t ssl_prot_prefs[NUM_PROTOCOLS];
264
265SSL *ssl_new(SSL_CTX *ssl_ctx, long client_fd);
266void disposable_new(SSL *ssl);
267void disposable_free(SSL *ssl);
268int send_packet(SSL *ssl, uint8_t protocol,
269 const uint8_t *in, int length);
270int do_svr_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len);
271int do_clnt_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len);
272int process_finished(SSL *ssl, uint8_t *buf, int hs_len);
273int process_sslv23_client_hello(SSL *ssl);
274int send_alert(SSL *ssl, int error_code);
275int send_finished(SSL *ssl);
276int send_certificate(SSL *ssl);
277int basic_read(SSL *ssl, uint8_t **in_data);
278int send_change_cipher_spec(SSL *ssl);
279int finished_digest(SSL *ssl, const char *label, uint8_t *digest);
280void generate_master_secret(SSL *ssl, const uint8_t *premaster_secret);
281void add_packet(SSL *ssl, const uint8_t *pkt, int len);
282int add_cert(SSL_CTX *ssl_ctx, const uint8_t *buf, int len);
283int add_private_key(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj);
284void ssl_obj_free(SSLObjLoader *ssl_obj);
285int pkcs8_decode(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password);
286int pkcs12_decode(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password);
287int load_key_certs(SSL_CTX *ssl_ctx);
288#ifdef CONFIG_SSL_CERT_VERIFICATION
289int add_cert_auth(SSL_CTX *ssl_ctx, const uint8_t *buf, int len);
290void remove_ca_certs(CA_CERT_CTX *ca_cert_ctx);
291#endif
292#ifdef CONFIG_SSL_ENABLE_CLIENT
293int do_client_connect(SSL *ssl);
294#endif
295
296#ifdef CONFIG_SSL_DIAGNOSTICS
297void DISPLAY_STATE(SSL *ssl, int is_send, uint8_t state, int not_ok);
298void DISPLAY_BYTES(SSL *ssl, const char *format,
299 const uint8_t *data, int size, ...);
300void DISPLAY_CERT(SSL *ssl, const X509_CTX *x509_ctx);
301void DISPLAY_RSA(SSL *ssl, const RSA_CTX *rsa_ctx);
302void DISPLAY_ALERT(SSL *ssl, int alert);
303#else
304#define DISPLAY_STATE(A,B,C,D)
305#define DISPLAY_CERT(A,B)
306#define DISPLAY_RSA(A,B)
307#define DISPLAY_ALERT(A, B)
308#ifdef WIN32
309void DISPLAY_BYTES(SSL *ssl, const char *format,/* win32 has no variadic macros */
310 const uint8_t *data, int size, ...);
311#else
312#define DISPLAY_BYTES(A,B,C,D,...)
313#endif
314#endif
315
316//#ifdef CONFIG_SSL_CERT_VERIFICATION
317int process_certificate(SSL *ssl, X509_CTX **x509_ctx);
318//#endif
319
320SSL_SESSION *ssl_session_update(int max_sessions,
321 SSL_SESSION *ssl_sessions[], SSL *ssl,
322 const uint8_t *session_id);
323void kill_ssl_session(SSL_SESSION **ssl_sessions, SSL *ssl);
324
325#ifdef __cplusplus
326}
327#endif
328
329#endif
330