Donatien Garnier
/
MiniTLS-GPL
Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
Dependents: MiniTLS-HTTPS-Example
tls/tls_socket_defs.h@2:527a66d0a1a9, 2014-06-09 (annotated)
- Committer:
- MiniTLS
- Date:
- Mon Jun 09 14:57:54 2014 +0000
- Revision:
- 2:527a66d0a1a9
Change name to MiniTLS and added doc
Who changed what in which revision?
| User | Revision | Line number | New contents of line |
|---|---|---|---|
| MiniTLS | 2:527a66d0a1a9 | 1 | /* |
| MiniTLS | 2:527a66d0a1a9 | 2 | MiniTLS - A super trimmed down TLS/SSL Library for embedded devices |
| MiniTLS | 2:527a66d0a1a9 | 3 | Author: Donatien Garnier |
| MiniTLS | 2:527a66d0a1a9 | 4 | Copyright (C) 2013-2014 AppNearMe Ltd |
| MiniTLS | 2:527a66d0a1a9 | 5 | |
| MiniTLS | 2:527a66d0a1a9 | 6 | This program is free software; you can redistribute it and/or |
| MiniTLS | 2:527a66d0a1a9 | 7 | modify it under the terms of the GNU General Public License |
| MiniTLS | 2:527a66d0a1a9 | 8 | as published by the Free Software Foundation; either version 2 |
| MiniTLS | 2:527a66d0a1a9 | 9 | of the License, or (at your option) any later version. |
| MiniTLS | 2:527a66d0a1a9 | 10 | |
| MiniTLS | 2:527a66d0a1a9 | 11 | This program is distributed in the hope that it will be useful, |
| MiniTLS | 2:527a66d0a1a9 | 12 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
| MiniTLS | 2:527a66d0a1a9 | 13 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| MiniTLS | 2:527a66d0a1a9 | 14 | GNU General Public License for more details. |
| MiniTLS | 2:527a66d0a1a9 | 15 | |
| MiniTLS | 2:527a66d0a1a9 | 16 | You should have received a copy of the GNU General Public License |
| MiniTLS | 2:527a66d0a1a9 | 17 | along with this program; if not, write to the Free Software |
| MiniTLS | 2:527a66d0a1a9 | 18 | Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
| MiniTLS | 2:527a66d0a1a9 | 19 | *//** |
| MiniTLS | 2:527a66d0a1a9 | 20 | * \file tls_socket_defs.h |
| MiniTLS | 2:527a66d0a1a9 | 21 | * \copyright Copyright (c) AppNearMe Ltd 2013 |
| MiniTLS | 2:527a66d0a1a9 | 22 | * \author Donatien Garnier |
| MiniTLS | 2:527a66d0a1a9 | 23 | */ |
| MiniTLS | 2:527a66d0a1a9 | 24 | |
| MiniTLS | 2:527a66d0a1a9 | 25 | #ifndef TLS_SOCKET_DEFS_H_ |
| MiniTLS | 2:527a66d0a1a9 | 26 | #define TLS_SOCKET_DEFS_H_ |
| MiniTLS | 2:527a66d0a1a9 | 27 | |
| MiniTLS | 2:527a66d0a1a9 | 28 | #ifdef __cplusplus |
| MiniTLS | 2:527a66d0a1a9 | 29 | extern "C" { |
| MiniTLS | 2:527a66d0a1a9 | 30 | #endif |
| MiniTLS | 2:527a66d0a1a9 | 31 | |
| MiniTLS | 2:527a66d0a1a9 | 32 | #include "core/fwk.h" |
| MiniTLS | 2:527a66d0a1a9 | 33 | #include "inc/minitls_config.h" |
| MiniTLS | 2:527a66d0a1a9 | 34 | |
| MiniTLS | 2:527a66d0a1a9 | 35 | typedef struct __tls_socket tls_socket_t; |
| MiniTLS | 2:527a66d0a1a9 | 36 | |
| MiniTLS | 2:527a66d0a1a9 | 37 | //We support SSL 3 and TLS 1.0, 1.1 and 1.2 |
| MiniTLS | 2:527a66d0a1a9 | 38 | |
| MiniTLS | 2:527a66d0a1a9 | 39 | #define TLS_1_2_VERSION_MAJOR 3 |
| MiniTLS | 2:527a66d0a1a9 | 40 | #define TLS_1_2_VERSION_MINOR 3 |
| MiniTLS | 2:527a66d0a1a9 | 41 | |
| MiniTLS | 2:527a66d0a1a9 | 42 | #define TLS_1_1_VERSION_MAJOR 3 |
| MiniTLS | 2:527a66d0a1a9 | 43 | #define TLS_1_1_VERSION_MINOR 2 |
| MiniTLS | 2:527a66d0a1a9 | 44 | |
| MiniTLS | 2:527a66d0a1a9 | 45 | #define TLS_1_0_VERSION_MAJOR 3 |
| MiniTLS | 2:527a66d0a1a9 | 46 | #define TLS_1_0_VERSION_MINOR 1 |
| MiniTLS | 2:527a66d0a1a9 | 47 | |
| MiniTLS | 2:527a66d0a1a9 | 48 | #define SSL_3_VERSION_MAJOR 3 |
| MiniTLS | 2:527a66d0a1a9 | 49 | #define SSL_3_VERSION_MINOR 0 |
| MiniTLS | 2:527a66d0a1a9 | 50 | |
| MiniTLS | 2:527a66d0a1a9 | 51 | typedef enum __tls_handshake_state |
| MiniTLS | 2:527a66d0a1a9 | 52 | { |
| MiniTLS | 2:527a66d0a1a9 | 53 | TLS_HANDSHAKE_INIT = 0, |
| MiniTLS | 2:527a66d0a1a9 | 54 | TLS_HANDSHAKE_HELLO_SENT, |
| MiniTLS | 2:527a66d0a1a9 | 55 | TLS_HANDSHAKE_HELLO_RECEIVED, |
| MiniTLS | 2:527a66d0a1a9 | 56 | TLS_HANDSHAKE_HELLO_RECEIVED_SESSION_RESUMPTION, |
| MiniTLS | 2:527a66d0a1a9 | 57 | TLS_HANDSHAKE_CERTIFICATE_RECEIVED, |
| MiniTLS | 2:527a66d0a1a9 | 58 | TLS_HANDSHAKE_SERVER_KEY_EXCHANGE_RECEIVED, |
| MiniTLS | 2:527a66d0a1a9 | 59 | TLS_HANDSHAKE_CERTIFICATE_REQUEST_RECEIVED, |
| MiniTLS | 2:527a66d0a1a9 | 60 | TLS_HANDSHAKE_HELLO_DONE_RECEIVED, |
| MiniTLS | 2:527a66d0a1a9 | 61 | TLS_HANDSHAKE_CERTIFICATE_SENT, |
| MiniTLS | 2:527a66d0a1a9 | 62 | TLS_HANDSHAKE_CLIENT_KEY_EXCHANGE_SENT, |
| MiniTLS | 2:527a66d0a1a9 | 63 | TLS_HANDSHAKE_CERTIFICATE_VERIFY_SENT, |
| MiniTLS | 2:527a66d0a1a9 | 64 | TLS_HANDSHAKE_FINISHED_SENT, |
| MiniTLS | 2:527a66d0a1a9 | 65 | TLS_HANDSHAKE_FINISHED_RECEIVED, |
| MiniTLS | 2:527a66d0a1a9 | 66 | TLS_HANDSHAKE_FAILED, |
| MiniTLS | 2:527a66d0a1a9 | 67 | TLS_HANDSHAKE_DONE, |
| MiniTLS | 2:527a66d0a1a9 | 68 | } tls_handshake_state_t; |
| MiniTLS | 2:527a66d0a1a9 | 69 | |
| MiniTLS | 2:527a66d0a1a9 | 70 | #define HANDSHAKE_RANDOM_SIZE 32 |
| MiniTLS | 2:527a66d0a1a9 | 71 | #define HANDSHAKE_MASTER_KEY_SIZE 48 |
| MiniTLS | 2:527a66d0a1a9 | 72 | |
| MiniTLS | 2:527a66d0a1a9 | 73 | #include "crypto/crypto_md5.h" |
| MiniTLS | 2:527a66d0a1a9 | 74 | #include "crypto/crypto_sha1.h" |
| MiniTLS | 2:527a66d0a1a9 | 75 | #include "crypto/crypto_sha256.h" |
| MiniTLS | 2:527a66d0a1a9 | 76 | #include "crypto/crypto_ecc.h" |
| MiniTLS | 2:527a66d0a1a9 | 77 | |
| MiniTLS | 2:527a66d0a1a9 | 78 | struct __tls_handshake |
| MiniTLS | 2:527a66d0a1a9 | 79 | { |
| MiniTLS | 2:527a66d0a1a9 | 80 | tls_socket_t* tls_socket; |
| MiniTLS | 2:527a66d0a1a9 | 81 | tls_handshake_state_t state; |
| MiniTLS | 2:527a66d0a1a9 | 82 | uint8_t random_client[HANDSHAKE_RANDOM_SIZE]; |
| MiniTLS | 2:527a66d0a1a9 | 83 | uint8_t random_server[HANDSHAKE_RANDOM_SIZE]; |
| MiniTLS | 2:527a66d0a1a9 | 84 | |
| MiniTLS | 2:527a66d0a1a9 | 85 | // tls_security_t target_security; |
| MiniTLS | 2:527a66d0a1a9 | 86 | |
| MiniTLS | 2:527a66d0a1a9 | 87 | bool certificate_requested; |
| MiniTLS | 2:527a66d0a1a9 | 88 | |
| MiniTLS | 2:527a66d0a1a9 | 89 | |
| MiniTLS | 2:527a66d0a1a9 | 90 | union |
| MiniTLS | 2:527a66d0a1a9 | 91 | { |
| MiniTLS | 2:527a66d0a1a9 | 92 | #if CRYPTO_ECC |
| MiniTLS | 2:527a66d0a1a9 | 93 | struct { |
| MiniTLS | 2:527a66d0a1a9 | 94 | //Ephemeral key parameters |
| MiniTLS | 2:527a66d0a1a9 | 95 | const crypto_ecc_curve_t* curve; |
| MiniTLS | 2:527a66d0a1a9 | 96 | crypto_ecc_public_key_t server_key; //This is the static key |
| MiniTLS | 2:527a66d0a1a9 | 97 | crypto_ecc_private_key_t client_key; |
| MiniTLS | 2:527a66d0a1a9 | 98 | } ecc; |
| MiniTLS | 2:527a66d0a1a9 | 99 | #endif |
| MiniTLS | 2:527a66d0a1a9 | 100 | #if CRYPTO_RSA |
| MiniTLS | 2:527a66d0a1a9 | 101 | struct { |
| MiniTLS | 2:527a66d0a1a9 | 102 | //No ephemeral key parameters |
| MiniTLS | 2:527a66d0a1a9 | 103 | } rsa; |
| MiniTLS | 2:527a66d0a1a9 | 104 | #endif |
| MiniTLS | 2:527a66d0a1a9 | 105 | } key_exchange; |
| MiniTLS | 2:527a66d0a1a9 | 106 | |
| MiniTLS | 2:527a66d0a1a9 | 107 | struct //Cannot use an union as we need to compute hash before knowing which SSL/TLS version to use (ServerHello) |
| MiniTLS | 2:527a66d0a1a9 | 108 | { |
| MiniTLS | 2:527a66d0a1a9 | 109 | #if MINITLS_CFG_PROTOCOL_TLS_1_2 |
| MiniTLS | 2:527a66d0a1a9 | 110 | crypto_sha256_t sha256; |
| MiniTLS | 2:527a66d0a1a9 | 111 | #endif |
| MiniTLS | 2:527a66d0a1a9 | 112 | #if (MINITLS_CFG_PROTOCOL_TLS_1_1 || MINITLS_CFG_PROTOCOL_TLS_1_0 || MINITLS_CFG_PROTOCOL_SSL_3) |
| MiniTLS | 2:527a66d0a1a9 | 113 | struct |
| MiniTLS | 2:527a66d0a1a9 | 114 | { |
| MiniTLS | 2:527a66d0a1a9 | 115 | crypto_md5_t md5; |
| MiniTLS | 2:527a66d0a1a9 | 116 | crypto_sha1_t sha1; |
| MiniTLS | 2:527a66d0a1a9 | 117 | } md5_sha1; |
| MiniTLS | 2:527a66d0a1a9 | 118 | #endif |
| MiniTLS | 2:527a66d0a1a9 | 119 | } hash; //Hash of the whole handshake exchange |
| MiniTLS | 2:527a66d0a1a9 | 120 | }; |
| MiniTLS | 2:527a66d0a1a9 | 121 | |
| MiniTLS | 2:527a66d0a1a9 | 122 | typedef struct __tls_handshake tls_handshake_t; |
| MiniTLS | 2:527a66d0a1a9 | 123 | |
| MiniTLS | 2:527a66d0a1a9 | 124 | |
| MiniTLS | 2:527a66d0a1a9 | 125 | typedef enum __tls_security |
| MiniTLS | 2:527a66d0a1a9 | 126 | { |
| MiniTLS | 2:527a66d0a1a9 | 127 | TLS_SECURITY_NONE, |
| MiniTLS | 2:527a66d0a1a9 | 128 | TLS_SECURITY_INTIALIZED, |
| MiniTLS | 2:527a66d0a1a9 | 129 | TLS_SECURITY_ACTIVE |
| MiniTLS | 2:527a66d0a1a9 | 130 | } tls_security_state_t; |
| MiniTLS | 2:527a66d0a1a9 | 131 | |
| MiniTLS | 2:527a66d0a1a9 | 132 | typedef struct __tls_protocol_version |
| MiniTLS | 2:527a66d0a1a9 | 133 | { |
| MiniTLS | 2:527a66d0a1a9 | 134 | uint8_t major; |
| MiniTLS | 2:527a66d0a1a9 | 135 | uint8_t minor; |
| MiniTLS | 2:527a66d0a1a9 | 136 | } tls_protocol_version_t; |
| MiniTLS | 2:527a66d0a1a9 | 137 | |
| MiniTLS | 2:527a66d0a1a9 | 138 | |
| MiniTLS | 2:527a66d0a1a9 | 139 | #include "tls_security.h" |
| MiniTLS | 2:527a66d0a1a9 | 140 | |
| MiniTLS | 2:527a66d0a1a9 | 141 | #include "crypto/crypto_hmac_sha1.h" |
| MiniTLS | 2:527a66d0a1a9 | 142 | #include "crypto/crypto_aes_128_cbc.h" |
| MiniTLS | 2:527a66d0a1a9 | 143 | |
| MiniTLS | 2:527a66d0a1a9 | 144 | struct __tls_record |
| MiniTLS | 2:527a66d0a1a9 | 145 | { |
| MiniTLS | 2:527a66d0a1a9 | 146 | bool handshake_done; |
| MiniTLS | 2:527a66d0a1a9 | 147 | |
| MiniTLS | 2:527a66d0a1a9 | 148 | int socket_fd; |
| MiniTLS | 2:527a66d0a1a9 | 149 | |
| MiniTLS | 2:527a66d0a1a9 | 150 | int read_timeout; |
| MiniTLS | 2:527a66d0a1a9 | 151 | int write_timeout; |
| MiniTLS | 2:527a66d0a1a9 | 152 | size_t max_fragment_size; //Size to negotiate using RFC extension - supported by GNUTLS but not OpenSSL |
| MiniTLS | 2:527a66d0a1a9 | 153 | |
| MiniTLS | 2:527a66d0a1a9 | 154 | tls_protocol_version_t version; |
| MiniTLS | 2:527a66d0a1a9 | 155 | buffer_t buffer; |
| MiniTLS | 2:527a66d0a1a9 | 156 | /* |
| MiniTLS | 2:527a66d0a1a9 | 157 | buffer_t buffer_tx_fragment_header; |
| MiniTLS | 2:527a66d0a1a9 | 158 | buffer_t buffer_tx_iv_header; |
| MiniTLS | 2:527a66d0a1a9 | 159 | */ |
| MiniTLS | 2:527a66d0a1a9 | 160 | |
| MiniTLS | 2:527a66d0a1a9 | 161 | tls_socket_t* tls_socket; |
| MiniTLS | 2:527a66d0a1a9 | 162 | |
| MiniTLS | 2:527a66d0a1a9 | 163 | tls_security_state_t security_rx_state; |
| MiniTLS | 2:527a66d0a1a9 | 164 | tls_security_state_t security_tx_state; |
| MiniTLS | 2:527a66d0a1a9 | 165 | |
| MiniTLS | 2:527a66d0a1a9 | 166 | crypto_aes_128_t cipher_rx; |
| MiniTLS | 2:527a66d0a1a9 | 167 | crypto_aes_128_t cipher_tx; |
| MiniTLS | 2:527a66d0a1a9 | 168 | |
| MiniTLS | 2:527a66d0a1a9 | 169 | uint64_t sequence_number_rx; |
| MiniTLS | 2:527a66d0a1a9 | 170 | uint64_t sequence_number_tx; |
| MiniTLS | 2:527a66d0a1a9 | 171 | |
| MiniTLS | 2:527a66d0a1a9 | 172 | //Keys |
| MiniTLS | 2:527a66d0a1a9 | 173 | uint8_t client_write_mac_key[TLS_HMAC_SHA1_KEY_SIZE]; |
| MiniTLS | 2:527a66d0a1a9 | 174 | uint8_t server_write_mac_key[TLS_HMAC_SHA1_KEY_SIZE]; |
| MiniTLS | 2:527a66d0a1a9 | 175 | uint8_t client_write_cipher_key[AES_128_KEY_SIZE]; |
| MiniTLS | 2:527a66d0a1a9 | 176 | uint8_t server_write_cipher_key[AES_128_KEY_SIZE]; |
| MiniTLS | 2:527a66d0a1a9 | 177 | }; |
| MiniTLS | 2:527a66d0a1a9 | 178 | |
| MiniTLS | 2:527a66d0a1a9 | 179 | typedef struct __tls_record tls_record_t; |
| MiniTLS | 2:527a66d0a1a9 | 180 | |
| MiniTLS | 2:527a66d0a1a9 | 181 | typedef enum __tls_content_type |
| MiniTLS | 2:527a66d0a1a9 | 182 | { |
| MiniTLS | 2:527a66d0a1a9 | 183 | TLS_CHANGE_CIPHER_SPEC = 20, |
| MiniTLS | 2:527a66d0a1a9 | 184 | TLS_ALERT = 21, |
| MiniTLS | 2:527a66d0a1a9 | 185 | TLS_HANDSHAKE = 22, |
| MiniTLS | 2:527a66d0a1a9 | 186 | TLS_APPLICATION_DATA = 23, |
| MiniTLS | 2:527a66d0a1a9 | 187 | __TLS_MAX = 255 |
| MiniTLS | 2:527a66d0a1a9 | 188 | } tls_content_type_t; |
| MiniTLS | 2:527a66d0a1a9 | 189 | |
| MiniTLS | 2:527a66d0a1a9 | 190 | #define SESSION_ID_MAX_SIZE 32 |
| MiniTLS | 2:527a66d0a1a9 | 191 | |
| MiniTLS | 2:527a66d0a1a9 | 192 | typedef struct __tls_session |
| MiniTLS | 2:527a66d0a1a9 | 193 | { |
| MiniTLS | 2:527a66d0a1a9 | 194 | uint8_t master_key[HANDSHAKE_MASTER_KEY_SIZE]; |
| MiniTLS | 2:527a66d0a1a9 | 195 | size_t session_id_length; |
| MiniTLS | 2:527a66d0a1a9 | 196 | uint8_t session_id[SESSION_ID_MAX_SIZE]; |
| MiniTLS | 2:527a66d0a1a9 | 197 | } |
| MiniTLS | 2:527a66d0a1a9 | 198 | tls_session_t; |
| MiniTLS | 2:527a66d0a1a9 | 199 | |
| MiniTLS | 2:527a66d0a1a9 | 200 | #include "minitls.h" |
| MiniTLS | 2:527a66d0a1a9 | 201 | |
| MiniTLS | 2:527a66d0a1a9 | 202 | typedef struct __tls_socket_event tls_socket_event_t; |
| MiniTLS | 2:527a66d0a1a9 | 203 | typedef struct __tls_socket_event_list tls_socket_event_list_t; |
| MiniTLS | 2:527a66d0a1a9 | 204 | struct __tls_socket |
| MiniTLS | 2:527a66d0a1a9 | 205 | { |
| MiniTLS | 2:527a66d0a1a9 | 206 | tls_record_t record; |
| MiniTLS | 2:527a66d0a1a9 | 207 | tls_handshake_t handshake; |
| MiniTLS | 2:527a66d0a1a9 | 208 | minitls_t* minitls; |
| MiniTLS | 2:527a66d0a1a9 | 209 | |
| MiniTLS | 2:527a66d0a1a9 | 210 | //Session info |
| MiniTLS | 2:527a66d0a1a9 | 211 | tls_session_t session; |
| MiniTLS | 2:527a66d0a1a9 | 212 | |
| MiniTLS | 2:527a66d0a1a9 | 213 | //Internal sauce |
| MiniTLS | 2:527a66d0a1a9 | 214 | tls_socket_event_t* events; |
| MiniTLS | 2:527a66d0a1a9 | 215 | buffer_t* read_buffer; //Passed by record layer |
| MiniTLS | 2:527a66d0a1a9 | 216 | buffer_t write_buffer; |
| MiniTLS | 2:527a66d0a1a9 | 217 | rtos_mtx_t* mtx; |
| MiniTLS | 2:527a66d0a1a9 | 218 | }; |
| MiniTLS | 2:527a66d0a1a9 | 219 | |
| MiniTLS | 2:527a66d0a1a9 | 220 | //typedef void (*tls_socket_event_cb_t)(tls_socket_t* socket, bool read, bool write, void* param); |
| MiniTLS | 2:527a66d0a1a9 | 221 | struct __tls_socket_event_list |
| MiniTLS | 2:527a66d0a1a9 | 222 | { |
| MiniTLS | 2:527a66d0a1a9 | 223 | tls_socket_event_t* head; |
| MiniTLS | 2:527a66d0a1a9 | 224 | rtos_sem_t* sem; |
| MiniTLS | 2:527a66d0a1a9 | 225 | }; |
| MiniTLS | 2:527a66d0a1a9 | 226 | |
| MiniTLS | 2:527a66d0a1a9 | 227 | struct __tls_socket_event |
| MiniTLS | 2:527a66d0a1a9 | 228 | { |
| MiniTLS | 2:527a66d0a1a9 | 229 | tls_socket_t* socket; |
| MiniTLS | 2:527a66d0a1a9 | 230 | bool read; |
| MiniTLS | 2:527a66d0a1a9 | 231 | bool write; |
| MiniTLS | 2:527a66d0a1a9 | 232 | bool fired; |
| MiniTLS | 2:527a66d0a1a9 | 233 | tls_socket_event_list_t* list; |
| MiniTLS | 2:527a66d0a1a9 | 234 | tls_socket_event_t* socket_list_next; |
| MiniTLS | 2:527a66d0a1a9 | 235 | tls_socket_event_t* event_list_next; |
| MiniTLS | 2:527a66d0a1a9 | 236 | }; |
| MiniTLS | 2:527a66d0a1a9 | 237 | |
| MiniTLS | 2:527a66d0a1a9 | 238 | |
| MiniTLS | 2:527a66d0a1a9 | 239 | #ifdef __cplusplus |
| MiniTLS | 2:527a66d0a1a9 | 240 | } |
| MiniTLS | 2:527a66d0a1a9 | 241 | #endif |
| MiniTLS | 2:527a66d0a1a9 | 242 | |
| MiniTLS | 2:527a66d0a1a9 | 243 | #endif /* TLS_SOCKET_DEFS_H_ */ |
