tls_socket_defs.h

00001 /*
00002 MiniTLS - A super trimmed down TLS/SSL Library for embedded devices
00003 Author: Donatien Garnier
00004 Copyright (C) 2013-2014 AppNearMe Ltd
00005 
00006 This program is free software; you can redistribute it and/or
00007 modify it under the terms of the GNU General Public License
00008 as published by the Free Software Foundation; either version 2
00009 of the License, or (at your option) any later version.
00010 
00011 This program is distributed in the hope that it will be useful,
00012 but WITHOUT ANY WARRANTY; without even the implied warranty of
00013 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
00014 GNU General Public License for more details.
00015 
00016 You should have received a copy of the GNU General Public License
00017 along with this program; if not, write to the Free Software
00018 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
00019 *//**
00020  * \file tls_socket_defs.h
00021  * \copyright Copyright (c) AppNearMe Ltd 2013
00022  * \author Donatien Garnier
00023  */
00024 
00025 #ifndef TLS_SOCKET_DEFS_H_
00026 #define TLS_SOCKET_DEFS_H_
00027 
00028 #ifdef __cplusplus
00029 extern "C" {
00030 #endif
00031 
00032 #include "core/fwk.h"
00033 #include "inc/minitls_config.h"
00034 
00035 typedef struct __tls_socket tls_socket_t;
00036 
00037 //We support SSL 3 and TLS 1.0, 1.1 and 1.2
00038 
00039 #define TLS_1_2_VERSION_MAJOR 3
00040 #define TLS_1_2_VERSION_MINOR 3
00041 
00042 #define TLS_1_1_VERSION_MAJOR 3
00043 #define TLS_1_1_VERSION_MINOR 2
00044 
00045 #define TLS_1_0_VERSION_MAJOR 3
00046 #define TLS_1_0_VERSION_MINOR 1
00047 
00048 #define SSL_3_VERSION_MAJOR 3
00049 #define SSL_3_VERSION_MINOR 0
00050 
00051 typedef enum __tls_handshake_state
00052 {
00053   TLS_HANDSHAKE_INIT = 0,
00054   TLS_HANDSHAKE_HELLO_SENT,
00055   TLS_HANDSHAKE_HELLO_RECEIVED,
00056   TLS_HANDSHAKE_HELLO_RECEIVED_SESSION_RESUMPTION,
00057   TLS_HANDSHAKE_CERTIFICATE_RECEIVED,
00058   TLS_HANDSHAKE_SERVER_KEY_EXCHANGE_RECEIVED,
00059   TLS_HANDSHAKE_CERTIFICATE_REQUEST_RECEIVED,
00060   TLS_HANDSHAKE_HELLO_DONE_RECEIVED,
00061   TLS_HANDSHAKE_CERTIFICATE_SENT,
00062   TLS_HANDSHAKE_CLIENT_KEY_EXCHANGE_SENT,
00063   TLS_HANDSHAKE_CERTIFICATE_VERIFY_SENT,
00064   TLS_HANDSHAKE_FINISHED_SENT,
00065   TLS_HANDSHAKE_FINISHED_RECEIVED,
00066   TLS_HANDSHAKE_FAILED,
00067   TLS_HANDSHAKE_DONE,
00068 } tls_handshake_state_t;
00069 
00070 #define HANDSHAKE_RANDOM_SIZE 32
00071 #define HANDSHAKE_MASTER_KEY_SIZE 48
00072 
00073 #include "crypto/crypto_md5.h"
00074 #include "crypto/crypto_sha1.h"
00075 #include "crypto/crypto_sha256.h"
00076 #include "crypto/crypto_ecc.h"
00077 
00078 #include "tls_security.h"
00079 
00080 struct __tls_handshake
00081 {
00082   tls_socket_t* tls_socket;
00083   tls_handshake_state_t state;
00084   uint8_t random_client[HANDSHAKE_RANDOM_SIZE];
00085   uint8_t random_server[HANDSHAKE_RANDOM_SIZE];
00086 
00087 //  tls_security_t target_security;
00088 
00089   bool certificate_requested;
00090 
00091   union
00092   {
00093 #if CRYPTO_ECC
00094     struct {
00095       //Ephemeral key parameters
00096       const crypto_ecc_curve_t* curve;
00097       crypto_ecc_public_key_t server_key; //This is the static key
00098       crypto_ecc_private_key_t client_key;
00099     } ecc;
00100 #endif
00101 #if CRYPTO_RSA
00102     struct {
00103       //No ephemeral key parameters
00104     } rsa;
00105 #endif
00106   } key_exchange;
00107 
00108   struct //Cannot use an union as we need to compute hash before knowing which SSL/TLS version to use (ServerHello)
00109   {
00110 #if MINITLS_CFG_PROTOCOL_TLS_1_2
00111     crypto_sha256_t sha256;
00112 #endif
00113 #if (MINITLS_CFG_PROTOCOL_TLS_1_1 || MINITLS_CFG_PROTOCOL_TLS_1_0 || MINITLS_CFG_PROTOCOL_SSL_3)
00114     struct
00115     {
00116       crypto_md5_t md5;
00117       crypto_sha1_t sha1;
00118     } md5_sha1;
00119 #endif
00120   } hash; //Hash of the whole handshake exchange
00121 
00122   tls_security_type_t target_security;
00123 };
00124 
00125 typedef struct __tls_handshake tls_handshake_t;
00126 
00127 
00128 typedef enum __tls_security
00129 {
00130   TLS_SECURITY_NONE,
00131   TLS_SECURITY_INTIALIZED,
00132   TLS_SECURITY_ACTIVE
00133 } tls_security_state_t;
00134 
00135 typedef struct  __tls_protocol_version
00136 {
00137   uint8_t major;
00138   uint8_t minor;
00139 } tls_protocol_version_t;
00140 
00141 
00142 #include "tls_security.h"
00143 
00144 #include "crypto/crypto_hmac_sha1.h"
00145 #include "crypto/crypto_aes_128_cbc.h"
00146 #include "crypto/crypto_arc4.h"
00147 
00148 struct __tls_record
00149 {
00150   bool handshake_done;
00151 
00152   int socket_fd;
00153 
00154   int read_timeout;
00155   int write_timeout;
00156   size_t max_fragment_size; //Size to negotiate using RFC extension - supported by GNUTLS but not OpenSSL
00157 
00158   tls_protocol_version_t version;
00159   buffer_t buffer;
00160   /*
00161   buffer_t buffer_tx_fragment_header;
00162   buffer_t buffer_tx_iv_header;
00163   */
00164 
00165   tls_socket_t* tls_socket;
00166 
00167   tls_security_state_t security_rx_state;
00168   tls_security_state_t security_tx_state;
00169 
00170   tls_security_type_t security_type;
00171 
00172   union
00173   {
00174 #if CRYPTO_AES_128
00175     crypto_aes_128_t aes_128;
00176 #endif
00177 #if CRYPTO_ARC4
00178     crypto_arc4_t arc4;
00179 #endif
00180   } cipher_rx;
00181 
00182   union
00183   {
00184 #if CRYPTO_AES_128
00185     crypto_aes_128_t aes_128;
00186 #endif
00187 #if CRYPTO_ARC4
00188     crypto_arc4_t arc4;
00189 #endif
00190   } cipher_tx;
00191 
00192   uint64_t sequence_number_rx;
00193   uint64_t sequence_number_tx;
00194 
00195   //Keys
00196   uint8_t client_write_mac_key[TLS_HMAC_SHA1_KEY_SIZE];
00197   uint8_t server_write_mac_key[TLS_HMAC_SHA1_KEY_SIZE];
00198   uint8_t client_write_cipher_key[AES_128_KEY_SIZE]; //TODO ARC4 key size 16 as well
00199   uint8_t server_write_cipher_key[AES_128_KEY_SIZE];
00200 };
00201 
00202 typedef struct __tls_record tls_record_t;
00203 
00204 typedef enum __tls_content_type
00205 {
00206     TLS_CHANGE_CIPHER_SPEC = 20,
00207     TLS_ALERT = 21,
00208     TLS_HANDSHAKE = 22,
00209     TLS_APPLICATION_DATA = 23,
00210     __TLS_MAX = 255
00211 } tls_content_type_t;
00212 
00213 #define SESSION_ID_MAX_SIZE 32
00214 
00215 typedef struct  __tls_session
00216 {
00217   uint8_t master_key[HANDSHAKE_MASTER_KEY_SIZE];
00218   size_t session_id_length;
00219   uint8_t session_id[SESSION_ID_MAX_SIZE];
00220 }
00221 tls_session_t;
00222 
00223 #include "minitls.h"
00224 
00225 typedef struct __tls_socket_event tls_socket_event_t;
00226 typedef struct __tls_socket_event_list tls_socket_event_list_t;
00227 struct __tls_socket
00228 {
00229   tls_record_t record;
00230   tls_handshake_t handshake;
00231   minitls_t* minitls;
00232 
00233   //Session info
00234   tls_session_t session;
00235 
00236   //Internal sauce
00237   tls_socket_event_t* events;
00238   buffer_t* read_buffer; //Passed by record layer
00239   buffer_t write_buffer;
00240   rtos_mtx_t* mtx;
00241 };
00242 
00243 //typedef void (*tls_socket_event_cb_t)(tls_socket_t* socket, bool read, bool write, void* param);
00244 struct __tls_socket_event_list
00245 {
00246   tls_socket_event_t* head;
00247   rtos_sem_t* sem;
00248 };
00249 
00250 struct __tls_socket_event
00251 {
00252   tls_socket_t* socket;
00253   bool read;
00254   bool write;
00255   bool fired;
00256   tls_socket_event_list_t* list;
00257   tls_socket_event_t* socket_list_next;
00258   tls_socket_event_t* event_list_next;
00259 };
00260 
00261 
00262 #ifdef __cplusplus
00263 }
00264 #endif
00265 
00266 #endif /* TLS_SOCKET_DEFS_H_ */