| /* |
| * |
| * Embedded Linux library |
| * |
| * Copyright (C) 2011-2014 Intel Corporation. All rights reserved. |
| * |
| * This library is free software; you can redistribute it and/or |
| * modify it under the terms of the GNU Lesser General Public |
| * License as published by the Free Software Foundation; either |
| * version 2.1 of the License, or (at your option) any later version. |
| * |
| * This library is distributed in the hope that it will be useful, |
| * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
| * Lesser General Public License for more details. |
| * |
| * You should have received a copy of the GNU Lesser General Public |
| * License along with this library; if not, write to the Free Software |
| * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA |
| * |
| */ |
| |
| #define TLS_MAX_VERSION L_TLS_V12 |
| #define TLS_MIN_VERSION L_TLS_V10 |
| |
| enum tls_cipher_type { |
| TLS_CIPHER_STREAM, |
| TLS_CIPHER_BLOCK, |
| TLS_CIPHER_AEAD, |
| }; |
| |
| struct tls_bulk_encryption_algorithm { |
| enum tls_cipher_type cipher_type; |
| union { |
| enum l_cipher_type l_id; |
| enum l_aead_cipher_type l_aead_id; |
| }; |
| size_t key_length; |
| size_t iv_length; |
| size_t fixed_iv_length; |
| size_t block_length; |
| size_t auth_tag_length; |
| }; |
| |
| /* |
| * Support the minimum required set of handshake hash types for the |
| * Certificate Verify digital signature and the Finished PRF seed so we |
| * don't have to accumulate all of messages full contents until the |
| * Finished message. If we're sent a hash of a different type (in TLS 1.2+) |
| * and need to verify we'll give up. |
| * SHA1 and MD5 are explicitly required by versions < 1.2 and 1.2 requires |
| * that the Finished hash is the same as used for the PRF so we need to |
| * keep at least the hashes our supported cipher suites specify for the PRF. |
| */ |
| enum handshake_hash_type { |
| HANDSHAKE_HASH_SHA384, |
| HANDSHAKE_HASH_SHA256, |
| HANDSHAKE_HASH_MD5, |
| HANDSHAKE_HASH_SHA1, |
| __HANDSHAKE_HASH_COUNT, |
| }; |
| #define HANDSHAKE_HASH_MAX_SIZE 48 |
| |
| struct tls_hash_algorithm { |
| uint8_t tls_id; |
| enum handshake_hash_type type; |
| enum l_checksum_type l_id; |
| const char *name; |
| }; |
| |
| extern const struct tls_hash_algorithm tls_handshake_hash_data[]; |
| |
| typedef bool (*tls_get_hash_t)(struct l_tls *tls, |
| enum handshake_hash_type type, |
| const uint8_t *data, size_t data_len, |
| uint8_t *out, size_t *out_len); |
| |
| struct tls_signature_algorithm { |
| uint8_t id; |
| |
| bool (*validate_cert_key_type)(struct l_cert *cert); |
| |
| ssize_t (*sign)(struct l_tls *tls, uint8_t *out, size_t out_len, |
| tls_get_hash_t get_hash, |
| const uint8_t *data, size_t data_len); |
| bool (*verify)(struct l_tls *tls, const uint8_t *in, size_t in_len, |
| tls_get_hash_t get_hash, |
| const uint8_t *data, size_t data_len); |
| }; |
| |
| struct tls_key_exchange_algorithm { |
| bool need_ecc; |
| bool need_ffdh; |
| |
| bool (*send_server_key_exchange)(struct l_tls *tls); |
| void (*handle_server_key_exchange)(struct l_tls *tls, |
| const uint8_t *buf, size_t len); |
| |
| bool (*send_client_key_exchange)(struct l_tls *tls); |
| void (*handle_client_key_exchange)(struct l_tls *tls, |
| const uint8_t *buf, size_t len); |
| |
| void (*free_params)(struct l_tls *tls); |
| }; |
| |
| struct tls_mac_algorithm { |
| uint8_t id; |
| enum l_checksum_type hmac_type; |
| size_t mac_length; |
| }; |
| |
| struct tls_cipher_suite { |
| uint8_t id[2]; |
| const char *name; |
| int verify_data_length; |
| |
| struct tls_bulk_encryption_algorithm *encryption; |
| struct tls_signature_algorithm *signature; |
| struct tls_key_exchange_algorithm *key_xchg; |
| struct tls_mac_algorithm *mac; |
| enum l_checksum_type prf_hmac; |
| }; |
| |
| extern struct tls_cipher_suite *tls_cipher_suite_pref[]; |
| |
| struct tls_compression_method { |
| int id; |
| const char *name; |
| }; |
| |
| struct tls_hello_extension { |
| const char *name; |
| const char *short_name; |
| uint16_t id; |
| ssize_t (*client_write)(struct l_tls *tls, uint8_t *buf, size_t len); |
| /* Handle a Client Hello extension (on server), can't be NULL */ |
| bool (*client_handle)(struct l_tls *tls, |
| const uint8_t *buf, size_t len); |
| /* Handle a Client Hello extension's absence (on server) */ |
| bool (*client_handle_absent)(struct l_tls *tls); |
| ssize_t (*server_write)(struct l_tls *tls, uint8_t *buf, size_t len); |
| /* Handle a Server Hello extension (on client) */ |
| bool (*server_handle)(struct l_tls *tls, |
| const uint8_t *buf, size_t len); |
| /* Handle a Server Hello extension's absence (on client) */ |
| bool (*server_handle_absent)(struct l_tls *tls); |
| }; |
| |
| extern const struct tls_hello_extension tls_extensions[]; |
| |
| struct tls_named_group { |
| const char *name; |
| uint16_t id; |
| enum { |
| TLS_GROUP_TYPE_EC, |
| TLS_GROUP_TYPE_FF, |
| } type; |
| union { |
| struct { |
| const uint8_t *prime; |
| size_t prime_len; |
| unsigned int generator; |
| } ff; |
| }; |
| }; |
| |
| enum tls_handshake_state { |
| TLS_HANDSHAKE_WAIT_START, |
| TLS_HANDSHAKE_WAIT_HELLO, |
| TLS_HANDSHAKE_WAIT_CERTIFICATE, |
| TLS_HANDSHAKE_WAIT_KEY_EXCHANGE, |
| TLS_HANDSHAKE_WAIT_HELLO_DONE, |
| TLS_HANDSHAKE_WAIT_CERTIFICATE_VERIFY, |
| TLS_HANDSHAKE_WAIT_CHANGE_CIPHER_SPEC, |
| TLS_HANDSHAKE_WAIT_FINISHED, |
| TLS_HANDSHAKE_DONE, |
| }; |
| |
| enum tls_content_type { |
| TLS_CT_CHANGE_CIPHER_SPEC = 20, |
| TLS_CT_ALERT = 21, |
| TLS_CT_HANDSHAKE = 22, |
| TLS_CT_APPLICATION_DATA = 23, |
| }; |
| |
| enum tls_handshake_type { |
| TLS_HELLO_REQUEST = 0, |
| TLS_CLIENT_HELLO = 1, |
| TLS_SERVER_HELLO = 2, |
| TLS_CERTIFICATE = 11, |
| TLS_SERVER_KEY_EXCHANGE = 12, |
| TLS_CERTIFICATE_REQUEST = 13, |
| TLS_SERVER_HELLO_DONE = 14, |
| TLS_CERTIFICATE_VERIFY = 15, |
| TLS_CLIENT_KEY_EXCHANGE = 16, |
| TLS_FINISHED = 20, |
| }; |
| |
| struct l_tls { |
| bool server; |
| |
| l_tls_write_cb_t tx, rx; |
| l_tls_ready_cb_t ready_handle; |
| l_tls_disconnect_cb_t disconnected; |
| void *user_data; |
| l_tls_debug_cb_t debug_handler; |
| l_tls_destroy_cb_t debug_destroy; |
| void *debug_data; |
| char *cert_dump_path; |
| enum l_tls_version min_version; |
| enum l_tls_version max_version; |
| |
| struct l_queue *ca_certs; |
| struct l_certchain *cert; |
| struct l_key *priv_key; |
| size_t priv_key_size; |
| char **subject_mask; |
| |
| struct tls_cipher_suite **cipher_suite_pref_list; |
| |
| bool in_callback; |
| bool pending_destroy; |
| |
| /* Record layer */ |
| |
| uint8_t *record_buf; |
| int record_buf_len; |
| int record_buf_max_len; |
| bool record_flush; |
| |
| uint8_t *message_buf; |
| int message_buf_len; |
| int message_buf_max_len; |
| enum tls_content_type message_content_type; |
| |
| /* Handshake protocol layer */ |
| |
| enum tls_handshake_state state; |
| struct l_checksum *handshake_hash[__HANDSHAKE_HASH_COUNT]; |
| uint8_t prev_digest[__HANDSHAKE_HASH_COUNT][HANDSHAKE_HASH_MAX_SIZE]; |
| |
| enum l_tls_version client_version; |
| enum l_tls_version negotiated_version; |
| bool cert_requested, cert_sent; |
| bool peer_authenticated; |
| struct l_cert *peer_cert; |
| struct l_key *peer_pubkey; |
| size_t peer_pubkey_size; |
| enum handshake_hash_type signature_hash; |
| const struct tls_hash_algorithm *prf_hmac; |
| const struct tls_named_group *negotiated_curve; |
| const struct tls_named_group *negotiated_ff_group; |
| |
| /* SecurityParameters current and pending */ |
| |
| struct { |
| struct tls_cipher_suite *cipher_suite; |
| struct tls_compression_method *compression_method; |
| uint8_t master_secret[48]; |
| uint8_t client_random[32]; |
| uint8_t server_random[32]; |
| /* |
| * Max key block size per 6.3 v1.1 is 136 bytes but if we |
| * allow AES_256_CBC_SHA256 with v1.0 we get 128 per section |
| * 6.3 v1.2 + two IVs of 32 bytes. |
| */ |
| uint8_t key_block[192]; |
| void *key_xchg_params; |
| } pending; |
| |
| enum tls_cipher_type cipher_type[2]; |
| struct tls_cipher_suite *cipher_suite[2]; |
| union { |
| struct l_cipher *cipher[2]; |
| struct l_aead_cipher *aead_cipher[2]; |
| }; |
| struct l_checksum *mac[2]; |
| size_t mac_length[2]; |
| size_t block_length[2]; |
| size_t record_iv_length[2]; |
| size_t fixed_iv_length[2]; |
| uint8_t fixed_iv[2][32]; |
| size_t auth_tag_length[2]; |
| uint64_t seq_num[2]; |
| /* |
| * Some of the key and IV parts of the "current" state are kept |
| * inside the cipher and mac states in the kernel so we don't |
| * duplicate them here. |
| */ |
| |
| bool ready; |
| }; |
| |
| bool tls10_prf(const void *secret, size_t secret_len, |
| const char *label, |
| const void *seed, size_t seed_len, |
| uint8_t *out, size_t out_len); |
| |
| bool tls12_prf(enum l_checksum_type type, |
| const void *secret, size_t secret_len, |
| const char *label, |
| const void *seed, size_t seed_len, |
| uint8_t *out, size_t out_len); |
| |
| void tls_disconnect(struct l_tls *tls, enum l_tls_alert_desc desc, |
| enum l_tls_alert_desc local_desc); |
| |
| void tls_tx_record(struct l_tls *tls, enum tls_content_type type, |
| const uint8_t *data, size_t len); |
| bool tls_handle_message(struct l_tls *tls, const uint8_t *message, |
| int len, enum tls_content_type type, uint16_t version); |
| |
| #define TLS_HANDSHAKE_HEADER_SIZE 4 |
| |
| void tls_tx_handshake(struct l_tls *tls, int type, uint8_t *buf, size_t length); |
| |
| bool tls_cipher_suite_is_compatible(struct l_tls *tls, |
| const struct tls_cipher_suite *suite, |
| const char **error); |
| |
| /* Optionally limit allowed cipher suites to a custom set */ |
| bool tls_set_cipher_suites(struct l_tls *tls, const char **suite_list); |
| |
| void tls_generate_master_secret(struct l_tls *tls, |
| const uint8_t *pre_master_secret, |
| int pre_master_secret_len); |
| |
| const struct tls_named_group *tls_find_group(uint16_t id); |
| const struct tls_named_group *tls_find_ff_group(const uint8_t *prime, |
| size_t prime_len, |
| const uint8_t *generator, |
| size_t generator_len); |
| |
| ssize_t tls_write_signature_algorithms(struct l_tls *tls, |
| uint8_t *buf, size_t len); |
| ssize_t tls_parse_signature_algorithms(struct l_tls *tls, |
| const uint8_t *buf, size_t len); |
| |
| int tls_parse_certificate_list(const void *data, size_t len, |
| struct l_certchain **out_certchain); |
| |
| #define TLS_DEBUG(fmt, args...) \ |
| l_util_debug(tls->debug_handler, tls->debug_data, "%s:%i " fmt, \ |
| __func__, __LINE__, ## args) |
| #define TLS_SET_STATE(new_state) \ |
| do { \ |
| TLS_DEBUG("New state %s", \ |
| tls_handshake_state_to_str(new_state)); \ |
| tls->state = new_state; \ |
| } while (0) |
| #define TLS_DISCONNECT(desc, local_desc, fmt, args...) \ |
| do { \ |
| TLS_DEBUG("Disconnect desc=%s local-desc=%s reason=" fmt,\ |
| l_tls_alert_to_str(desc), \ |
| l_tls_alert_to_str(local_desc), ## args);\ |
| tls_disconnect(tls, desc, local_desc); \ |
| } while (0) |
| |
| #define TLS_VER_FMT "1.%i" |
| #define TLS_VER_ARGS(version) (((version) & 0xff) - 1) |
| |
| const char *tls_handshake_state_to_str(enum tls_handshake_state state); |