ON Semiconductor / mbed-os

Important changes to repositories hosted on mbed.com

Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.

To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.

It is also possible to export all your personal repositories from the account settings page.

Dependents:   mbed-TFT-example-NCS36510 mbed-Accelerometer-example-NCS36510 mbed-Accelerometer-example-NCS36510

Embed: (wiki syntax)

« Back to documentation index

Show/hide line numbers tls1.h Source File

tls1.h

Go to the documentation of this file.
00001 /*
00002  * Copyright (c) 2007, Cameron Rich
00003  * 
00004  * All rights reserved.
00005  * 
00006  * Redistribution and use in source and binary forms, with or without 
00007  * modification, are permitted provided that the following conditions are met:
00008  *
00009  * * Redistributions of source code must retain the above copyright notice, 
00010  *   this list of conditions and the following disclaimer.
00011  * * Redistributions in binary form must reproduce the above copyright notice, 
00012  *   this list of conditions and the following disclaimer in the documentation 
00013  *   and/or other materials provided with the distribution.
00014  * * Neither the name of the axTLS project nor the names of its contributors 
00015  *   may be used to endorse or promote products derived from this software 
00016  *   without specific prior written permission.
00017  *
00018  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
00019  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
00020  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
00021  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
00022  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
00023  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
00024  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
00025  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
00026  * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
00027  * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
00028  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
00029  */
00030 
00031 /**
00032  * @file tls1.h
00033  *
00034  * @brief The definitions for the TLS library.
00035  */
00036 #ifndef HEADER_SSL_LIB_H
00037 #define HEADER_SSL_LIB_H
00038 
00039 #ifdef __cplusplus
00040 extern "C" {
00041 #endif
00042 
00043 #include "version.h"
00044 #include "os_int.h"
00045 #include "crypto.h "
00046 #include "crypto_misc.h "
00047 
00048 #include "config.h"
00049 
00050 #define SSL_PROTOCOL_MIN_VERSION    0x31   /* TLS v1.0 */
00051 #define SSL_PROTOCOL_MINOR_VERSION  0x02   /* TLS v1.1 */
00052 #define SSL_PROTOCOL_VERSION_MAX    0x32   /* TLS v1.1 */
00053 #define SSL_PROTOCOL_VERSION1_1     0x32   /* TLS v1.1 */
00054 #define SSL_RANDOM_SIZE             32
00055 #define SSL_SECRET_SIZE             48
00056 #define SSL_FINISHED_HASH_SIZE      12
00057 #define SSL_RECORD_SIZE             5
00058 #define SSL_SERVER_READ             0
00059 #define SSL_SERVER_WRITE            1
00060 #define SSL_CLIENT_READ             2
00061 #define SSL_CLIENT_WRITE            3
00062 #define SSL_HS_HDR_SIZE             4
00063 
00064 /* the flags we use while establishing a connection */
00065 #define SSL_NEED_RECORD             0x0001
00066 #define SSL_TX_ENCRYPTED            0x0002 
00067 #define SSL_RX_ENCRYPTED            0x0004
00068 #define SSL_SESSION_RESUME          0x0008
00069 #define SSL_IS_CLIENT               0x0010
00070 #define SSL_HAS_CERT_REQ            0x0020
00071 #define SSL_SENT_CLOSE_NOTIFY       0x0040
00072 
00073 /* some macros to muck around with flag bits */
00074 #define SET_SSL_FLAG(A)             (ssl->flag |= A)
00075 #define CLR_SSL_FLAG(A)             (ssl->flag &= ~A)
00076 #define IS_SET_SSL_FLAG(A)          (ssl->flag & A)
00077 
00078 #define MAX_KEY_BYTE_SIZE           512     /* for a 4096 bit key */
00079 #define RT_MAX_PLAIN_LENGTH         2048//16384
00080 #define RT_EXTRA                    512//1024
00081 #define BM_RECORD_OFFSET            5
00082 #define BM_ALL_DATA_SIZE            (RT_MAX_PLAIN_LENGTH+RT_EXTRA-BM_RECORD_OFFSET)
00083 
00084 #ifdef CONFIG_SSL_SKELETON_MODE
00085 #define NUM_PROTOCOLS               1
00086 #else
00087 #define NUM_PROTOCOLS               4
00088 #endif
00089 
00090 #define PARANOIA_CHECK(A, B)        if (A < B) { \
00091     ret = SSL_ERROR_INVALID_HANDSHAKE; goto error; }
00092 
00093 /* protocol types */
00094 enum
00095 {
00096     PT_CHANGE_CIPHER_SPEC = 20,
00097     PT_ALERT_PROTOCOL,
00098     PT_HANDSHAKE_PROTOCOL,
00099     PT_APP_PROTOCOL_DATA
00100 };
00101 
00102 /* handshaking types */
00103 enum
00104 {
00105     HS_HELLO_REQUEST,
00106     HS_CLIENT_HELLO,
00107     HS_SERVER_HELLO,
00108     HS_CERTIFICATE = 11,
00109     HS_SERVER_KEY_XCHG,
00110     HS_CERT_REQ,
00111     HS_SERVER_HELLO_DONE,
00112     HS_CERT_VERIFY,
00113     HS_CLIENT_KEY_XCHG,
00114     HS_FINISHED = 20
00115 };
00116 
00117 typedef struct 
00118 {
00119     uint8_t cipher;
00120     uint8_t key_size;
00121     uint8_t iv_size;
00122     uint8_t key_block_size;
00123     uint8_t padding_size;
00124     uint8_t digest_size;
00125     hmac_func hmac;
00126     crypt_func encrypt;
00127     crypt_func decrypt;
00128 } cipher_info_t;
00129 
00130 struct _SSLObjLoader 
00131 {
00132     uint8_t *buf;
00133     int len;
00134 };
00135 
00136 typedef struct _SSLObjLoader SSLObjLoader;
00137 
00138 typedef struct 
00139 {
00140     time_t conn_time;
00141     uint8_t session_id[SSL_SESSION_ID_SIZE];
00142     uint8_t master_secret[SSL_SECRET_SIZE];
00143 } SSL_SESSION;
00144 
00145 typedef struct
00146 {
00147     uint8_t *buf;
00148     int size;
00149 } SSL_CERT;
00150 
00151 typedef struct
00152 {
00153     MD5_CTX md5_ctx;
00154     SHA1_CTX sha1_ctx;
00155     uint8_t final_finish_mac[SSL_FINISHED_HASH_SIZE];
00156     uint8_t key_block[MAX_KEYBLOCK_SIZE];
00157     uint8_t master_secret[SSL_SECRET_SIZE];
00158     uint8_t client_random[SSL_RANDOM_SIZE]; /* client's random sequence */
00159     uint8_t server_random[SSL_RANDOM_SIZE]; /* server's random sequence */
00160     uint16_t bm_proc_index;
00161 } DISPOSABLE_CTX;
00162 
00163 struct _SSL
00164 {
00165     uint32_t flag;
00166     uint16_t need_bytes;
00167     uint16_t got_bytes;
00168     uint8_t record_type;
00169     uint8_t cipher;
00170     uint8_t sess_id_size;
00171     uint8_t version;
00172     uint8_t client_version;
00173     int16_t next_state;
00174     int16_t hs_status;
00175     DISPOSABLE_CTX *dc;         /* temporary data which we'll get rid of soon */
00176     int client_fd;
00177     void *connection;
00178     const cipher_info_t *cipher_info;
00179     void *encrypt_ctx;
00180     void *decrypt_ctx;
00181     uint8_t bm_all_data[RT_MAX_PLAIN_LENGTH];
00182     uint8_t *bm_data;
00183     uint16_t bm_index;
00184     uint16_t bm_read_index;
00185     struct _SSL *next;                  /* doubly linked list */
00186     struct _SSL *prev;
00187     struct _SSL_CTX *ssl_ctx;           /* back reference to a clnt/svr ctx */
00188 #ifndef CONFIG_SSL_SKELETON_MODE
00189     uint16_t session_index;
00190     SSL_SESSION *session;
00191 #endif
00192 #ifdef CONFIG_SSL_CERT_VERIFICATION
00193     X509_CTX *x509_ctx;
00194 #endif
00195 
00196     uint8_t session_id[SSL_SESSION_ID_SIZE]; 
00197     uint8_t client_mac[SHA1_SIZE];  /* for HMAC verification */
00198     uint8_t server_mac[SHA1_SIZE];  /* for HMAC verification */
00199     uint8_t read_sequence[8];       /* 64 bit sequence number */
00200     uint8_t write_sequence[8];      /* 64 bit sequence number */
00201     uint8_t hmac_header[SSL_RECORD_SIZE];    /* rx hmac */
00202 };
00203 
00204 typedef struct _SSL SSL;
00205 
00206 struct _SSL_CTX
00207 {
00208     uint32_t options;
00209     uint8_t chain_length;
00210     RSA_CTX *rsa_ctx;
00211 #ifdef CONFIG_SSL_CERT_VERIFICATION
00212     CA_CERT_CTX *ca_cert_ctx;
00213 #endif
00214     SSL *head;
00215     SSL *tail;
00216     SSL_CERT certs[CONFIG_SSL_MAX_CERTS];
00217 #ifndef CONFIG_SSL_SKELETON_MODE
00218     uint16_t num_sessions;
00219     SSL_SESSION **ssl_sessions;
00220 #endif
00221 #ifdef CONFIG_SSL_CTX_MUTEXING
00222     SSL_CTX_MUTEX_TYPE mutex;
00223 #endif
00224 #ifdef CONFIG_OPENSSL_COMPATIBLE
00225     void *bonus_attr;
00226 #endif
00227 };
00228 
00229 typedef struct _SSL_CTX SSL_CTX;
00230 
00231 /* backwards compatibility */
00232 typedef struct _SSL_CTX SSLCTX;
00233 
00234 extern const uint8_t ssl_prot_prefs[NUM_PROTOCOLS];
00235 
00236 SSL *ssl_new(SSL *ssl, int client_fd);
00237 void disposable_new(SSL *ssl);
00238 void disposable_free(SSL *ssl);
00239 int send_packet(SSL *ssl, uint8_t protocol, 
00240         const uint8_t *in, int length);
00241 int do_svr_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len);
00242 int do_clnt_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len);
00243 int process_finished(SSL *ssl, uint8_t *buf, int hs_len);
00244 int process_sslv23_client_hello(SSL *ssl);
00245 int send_alert(SSL *ssl, int error_code);
00246 int send_finished(SSL *ssl);
00247 int send_certificate(SSL *ssl);
00248 int basic_read2(SSL *ssl, uint8_t *data, uint32_t length);
00249 int read_record(SSL *ssl);
00250 int basic_decrypt(SSL *ssl, uint8_t *buf, int len);
00251 int process_data(SSL* ssl, uint8_t *in_data, int len);
00252 int ssl_read(SSL *ssl, uint8_t *in_data, int len);
00253 int send_change_cipher_spec(SSL *ssl);
00254 void finished_digest(SSL *ssl, const char *label, uint8_t *digest);
00255 void generate_master_secret(SSL *ssl, const uint8_t *premaster_secret);
00256 void add_packet(SSL *ssl, const uint8_t *pkt, int len);
00257 int add_cert(SSL_CTX *ssl_ctx, const uint8_t *buf, int len);
00258 int add_private_key(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj);
00259 void ssl_obj_free(SSLObjLoader *ssl_obj);
00260 int pkcs8_decode(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password);
00261 int pkcs12_decode(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password);
00262 int load_key_certs(SSL_CTX *ssl_ctx);
00263 #ifdef CONFIG_SSL_CERT_VERIFICATION
00264 int add_cert_auth(SSL_CTX *ssl_ctx, const uint8_t *buf, int len);
00265 void remove_ca_certs(CA_CERT_CTX *ca_cert_ctx);
00266 #endif
00267 #ifdef CONFIG_SSL_ENABLE_CLIENT
00268 int do_client_connect(SSL *ssl);
00269 #endif
00270 
00271 #ifdef CONFIG_SSL_FULL_MODE
00272 void DISPLAY_STATE(SSL *ssl, int is_send, uint8_t state, int not_ok);
00273 void DISPLAY_BYTES(SSL *ssl, const char *format, 
00274         const uint8_t *data, int size, ...);
00275 void DISPLAY_CERT(SSL *ssl, const X509_CTX *x509_ctx);
00276 void DISPLAY_RSA(SSL *ssl,  const RSA_CTX *rsa_ctx);
00277 void DISPLAY_ALERT(SSL *ssl, int alert);
00278 #else
00279 #define DISPLAY_STATE(A,B,C,D)
00280 #define DISPLAY_CERT(A,B)
00281 #define DISPLAY_RSA(A,B)
00282 #define DISPLAY_ALERT(A, B)
00283 #ifdef WIN32
00284 void DISPLAY_BYTES(SSL *ssl, const char *format,/* win32 has no variadic macros */
00285         const uint8_t *data, int size, ...);
00286 #else
00287 #define DISPLAY_BYTES(A,B,C,D,...)
00288 #endif
00289 #endif
00290 
00291 #ifdef CONFIG_SSL_CERT_VERIFICATION
00292 int process_certificate(SSL *ssl, X509_CTX **x509_ctx);
00293 #endif
00294 
00295 SSL_SESSION *ssl_session_update(int max_sessions, 
00296         SSL_SESSION *ssl_sessions[], SSL *ssl,
00297         const uint8_t *session_id);
00298 void kill_ssl_session(SSL_SESSION **ssl_sessions, SSL *ssl);
00299 
00300 #ifdef __cplusplus
00301 }
00302 #endif
00303 
00304 #endif
Generated on Tue Jul 12 2022 11:02:56 by  doxygen 1.7.2