]> git.gir.st - tmk_keyboard.git/blob - tool/mbed/mbed-sdk/libraries/net/https/axTLS/ssl/tls1.h
git://git.gir.st / tmk_keyboard.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Squashed 'tmk_core/' changes from 7967731..b9e0ea0
[tmk_keyboard.git] / tool / mbed / mbed-sdk / libraries / net / https / axTLS / ssl / tls1.h
1 /*
2 * Copyright (c) 2007, Cameron Rich
3 *
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions are met:
8 *
9 * * Redistributions of source code must retain the above copyright notice,
10 * this list of conditions and the following disclaimer.
11 * * Redistributions in binary form must reproduce the above copyright notice,
12 * this list of conditions and the following disclaimer in the documentation
13 * and/or other materials provided with the distribution.
14 * * Neither the name of the axTLS project nor the names of its contributors
15 * may be used to endorse or promote products derived from this software
16 * without specific prior written permission.
17 *
18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
20 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
21 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
22 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
23 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
24 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
25 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
26 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
27 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
28 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29 */
30
31 /**
32 * @file tls1.h
33 *
34 * @brief The definitions for the TLS library.
35 */
36 #ifndef HEADER_SSL_LIB_H
37 #define HEADER_SSL_LIB_H
38
39 #ifdef __cplusplus
40 extern "C" {
41 #endif
42
43 #include "version.h"
44 #include "os_int.h"
45 #include "crypto.h"
46 #include "crypto_misc.h"
47
48 #include "config.h"
49
50 #define SSL_PROTOCOL_MIN_VERSION 0x31 /* TLS v1.0 */
51 #define SSL_PROTOCOL_MINOR_VERSION 0x02 /* TLS v1.1 */
52 #define SSL_PROTOCOL_VERSION_MAX 0x32 /* TLS v1.1 */
53 #define SSL_PROTOCOL_VERSION1_1 0x32 /* TLS v1.1 */
54 #define SSL_RANDOM_SIZE 32
55 #define SSL_SECRET_SIZE 48
56 #define SSL_FINISHED_HASH_SIZE 12
57 #define SSL_RECORD_SIZE 5
58 #define SSL_SERVER_READ 0
59 #define SSL_SERVER_WRITE 1
60 #define SSL_CLIENT_READ 2
61 #define SSL_CLIENT_WRITE 3
62 #define SSL_HS_HDR_SIZE 4
63
64 /* the flags we use while establishing a connection */
65 #define SSL_NEED_RECORD 0x0001
66 #define SSL_TX_ENCRYPTED 0x0002
67 #define SSL_RX_ENCRYPTED 0x0004
68 #define SSL_SESSION_RESUME 0x0008
69 #define SSL_IS_CLIENT 0x0010
70 #define SSL_HAS_CERT_REQ 0x0020
71 #define SSL_SENT_CLOSE_NOTIFY 0x0040
72
73 /* some macros to muck around with flag bits */
74 #define SET_SSL_FLAG(A) (ssl->flag |= A)
75 #define CLR_SSL_FLAG(A) (ssl->flag &= ~A)
76 #define IS_SET_SSL_FLAG(A) (ssl->flag & A)
77
78 #define MAX_KEY_BYTE_SIZE 512 /* for a 4096 bit key */
79 #define RT_MAX_PLAIN_LENGTH 2048//16384
80 #define RT_EXTRA 512//1024
81 #define BM_RECORD_OFFSET 5
82 #define BM_ALL_DATA_SIZE (RT_MAX_PLAIN_LENGTH+RT_EXTRA-BM_RECORD_OFFSET)
83
84 #ifdef CONFIG_SSL_SKELETON_MODE
85 #define NUM_PROTOCOLS 1
86 #else
87 #define NUM_PROTOCOLS 4
88 #endif
89
90 #define PARANOIA_CHECK(A, B) if (A < B) { \
91 ret = SSL_ERROR_INVALID_HANDSHAKE; goto error; }
92
93 /* protocol types */
94 enum
95 {
96 PT_CHANGE_CIPHER_SPEC = 20,
97 PT_ALERT_PROTOCOL,
98 PT_HANDSHAKE_PROTOCOL,
99 PT_APP_PROTOCOL_DATA
100 };
101
102 /* handshaking types */
103 enum
104 {
105 HS_HELLO_REQUEST,
106 HS_CLIENT_HELLO,
107 HS_SERVER_HELLO,
108 HS_CERTIFICATE = 11,
109 HS_SERVER_KEY_XCHG,
110 HS_CERT_REQ,
111 HS_SERVER_HELLO_DONE,
112 HS_CERT_VERIFY,
113 HS_CLIENT_KEY_XCHG,
114 HS_FINISHED = 20
115 };
116
117 typedef struct
118 {
119 uint8_t cipher;
120 uint8_t key_size;
121 uint8_t iv_size;
122 uint8_t key_block_size;
123 uint8_t padding_size;
124 uint8_t digest_size;
125 hmac_func hmac;
126 crypt_func encrypt;
127 crypt_func decrypt;
128 } cipher_info_t;
129
130 struct _SSLObjLoader
131 {
132 uint8_t *buf;
133 int len;
134 };
135
136 typedef struct _SSLObjLoader SSLObjLoader;
137
138 typedef struct
139 {
140 time_t conn_time;
141 uint8_t session_id[SSL_SESSION_ID_SIZE];
142 uint8_t master_secret[SSL_SECRET_SIZE];
143 } SSL_SESSION;
144
145 typedef struct
146 {
147 uint8_t *buf;
148 int size;
149 } SSL_CERT;
150
151 typedef struct
152 {
153 MD5_CTX md5_ctx;
154 SHA1_CTX sha1_ctx;
155 uint8_t final_finish_mac[SSL_FINISHED_HASH_SIZE];
156 uint8_t key_block[MAX_KEYBLOCK_SIZE];
157 uint8_t master_secret[SSL_SECRET_SIZE];
158 uint8_t client_random[SSL_RANDOM_SIZE]; /* client's random sequence */
159 uint8_t server_random[SSL_RANDOM_SIZE]; /* server's random sequence */
160 uint16_t bm_proc_index;
161 } DISPOSABLE_CTX;
162
163 struct _SSL
164 {
165 uint32_t flag;
166 uint16_t need_bytes;
167 uint16_t got_bytes;
168 uint8_t record_type;
169 uint8_t cipher;
170 uint8_t sess_id_size;
171 uint8_t version;
172 uint8_t client_version;
173 int16_t next_state;
174 int16_t hs_status;
175 DISPOSABLE_CTX *dc; /* temporary data which we'll get rid of soon */
176 int client_fd;
177 void *connection;
178 const cipher_info_t *cipher_info;
179 void *encrypt_ctx;
180 void *decrypt_ctx;
181 uint8_t bm_all_data[RT_MAX_PLAIN_LENGTH];
182 uint8_t *bm_data;
183 uint16_t bm_index;
184 uint16_t bm_read_index;
185 struct _SSL *next; /* doubly linked list */
186 struct _SSL *prev;
187 struct _SSL_CTX *ssl_ctx; /* back reference to a clnt/svr ctx */
188 #ifndef CONFIG_SSL_SKELETON_MODE
189 uint16_t session_index;
190 SSL_SESSION *session;
191 #endif
192 #ifdef CONFIG_SSL_CERT_VERIFICATION
193 X509_CTX *x509_ctx;
194 #endif
195
196 uint8_t session_id[SSL_SESSION_ID_SIZE];
197 uint8_t client_mac[SHA1_SIZE]; /* for HMAC verification */
198 uint8_t server_mac[SHA1_SIZE]; /* for HMAC verification */
199 uint8_t read_sequence[8]; /* 64 bit sequence number */
200 uint8_t write_sequence[8]; /* 64 bit sequence number */
201 uint8_t hmac_header[SSL_RECORD_SIZE]; /* rx hmac */
202 };
203
204 typedef struct _SSL SSL;
205
206 struct _SSL_CTX
207 {
208 uint32_t options;
209 uint8_t chain_length;
210 RSA_CTX *rsa_ctx;
211 #ifdef CONFIG_SSL_CERT_VERIFICATION
212 CA_CERT_CTX *ca_cert_ctx;
213 #endif
214 SSL *head;
215 SSL *tail;
216 SSL_CERT certs[CONFIG_SSL_MAX_CERTS];
217 #ifndef CONFIG_SSL_SKELETON_MODE
218 uint16_t num_sessions;
219 SSL_SESSION **ssl_sessions;
220 #endif
221 #ifdef CONFIG_SSL_CTX_MUTEXING
222 SSL_CTX_MUTEX_TYPE mutex;
223 #endif
224 #ifdef CONFIG_OPENSSL_COMPATIBLE
225 void *bonus_attr;
226 #endif
227 };
228
229 typedef struct _SSL_CTX SSL_CTX;
230
231 /* backwards compatibility */
232 typedef struct _SSL_CTX SSLCTX;
233
234 extern const uint8_t ssl_prot_prefs[NUM_PROTOCOLS];
235
236 SSL *ssl_new(SSL *ssl, int client_fd);
237 void disposable_new(SSL *ssl);
238 void disposable_free(SSL *ssl);
239 int send_packet(SSL *ssl, uint8_t protocol,
240 const uint8_t *in, int length);
241 int do_svr_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len);
242 int do_clnt_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len);
243 int process_finished(SSL *ssl, uint8_t *buf, int hs_len);
244 int process_sslv23_client_hello(SSL *ssl);
245 int send_alert(SSL *ssl, int error_code);
246 int send_finished(SSL *ssl);
247 int send_certificate(SSL *ssl);
248 int basic_read2(SSL *ssl, uint8_t *data, uint32_t length);
249 int read_record(SSL *ssl);
250 int basic_decrypt(SSL *ssl, uint8_t *buf, int len);
251 int process_data(SSL* ssl, uint8_t *in_data, int len);
252 int ssl_read(SSL *ssl, uint8_t *in_data, int len);
253 int send_change_cipher_spec(SSL *ssl);
254 void finished_digest(SSL *ssl, const char *label, uint8_t *digest);
255 void generate_master_secret(SSL *ssl, const uint8_t *premaster_secret);
256 void add_packet(SSL *ssl, const uint8_t *pkt, int len);
257 int add_cert(SSL_CTX *ssl_ctx, const uint8_t *buf, int len);
258 int add_private_key(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj);
259 void ssl_obj_free(SSLObjLoader *ssl_obj);
260 int pkcs8_decode(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password);
261 int pkcs12_decode(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password);
262 int load_key_certs(SSL_CTX *ssl_ctx);
263 #ifdef CONFIG_SSL_CERT_VERIFICATION
264 int add_cert_auth(SSL_CTX *ssl_ctx, const uint8_t *buf, int len);
265 void remove_ca_certs(CA_CERT_CTX *ca_cert_ctx);
266 #endif
267 #ifdef CONFIG_SSL_ENABLE_CLIENT
268 int do_client_connect(SSL *ssl);
269 #endif
270
271 #ifdef CONFIG_SSL_FULL_MODE
272 void DISPLAY_STATE(SSL *ssl, int is_send, uint8_t state, int not_ok);
273 void DISPLAY_BYTES(SSL *ssl, const char *format,
274 const uint8_t *data, int size, ...);
275 void DISPLAY_CERT(SSL *ssl, const X509_CTX *x509_ctx);
276 void DISPLAY_RSA(SSL *ssl, const RSA_CTX *rsa_ctx);
277 void DISPLAY_ALERT(SSL *ssl, int alert);
278 #else
279 #define DISPLAY_STATE(A,B,C,D)
280 #define DISPLAY_CERT(A,B)
281 #define DISPLAY_RSA(A,B)
282 #define DISPLAY_ALERT(A, B)
283 #ifdef WIN32
284 void DISPLAY_BYTES(SSL *ssl, const char *format,/* win32 has no variadic macros */
285 const uint8_t *data, int size, ...);
286 #else
287 #define DISPLAY_BYTES(A,B,C,D,...)
288 #endif
289 #endif
290
291 #ifdef CONFIG_SSL_CERT_VERIFICATION
292 int process_certificate(SSL *ssl, X509_CTX **x509_ctx);
293 #endif
294
295 SSL_SESSION *ssl_session_update(int max_sessions,
296 SSL_SESSION *ssl_sessions[], SSL *ssl,
297 const uint8_t *session_id);
298 void kill_ssl_session(SSL_SESSION **ssl_sessions, SSL *ssl);
299
300 #ifdef __cplusplus
301 }
302 #endif
303
304 #endif
custom keymap for my minivan; forked from http://github.com/evangs/tmk_keyboard
Imprint / Impressum