Donatien Garnier / MiniTLS-GPL

Important changes to repositories hosted on mbed.com

Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.

To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.

It is also possible to export all your personal repositories from the account settings page.

Dependents:   MiniTLS-HTTPS-Example

tls/tls_socket_defs.h@0:35aa5be3b78d, 2014-06-06 (annotated)

Committer:
MiniTLS
Date:
Fri Jun 06 10:49:02 2014 +0000
Revision:
0:35aa5be3b78d
Initial commit

Who changed what in which revision?

UserRevisionLine numberNew contents of line
MiniTLS 0:35aa5be3b78d 1 /*
MiniTLS 0:35aa5be3b78d 2 MuTLS - A super trimmed down TLS/SSL Library for embedded devices
MiniTLS 0:35aa5be3b78d 3 Author: Donatien Garnier
MiniTLS 0:35aa5be3b78d 4 Copyright (C) 2013-2014 AppNearMe Ltd
MiniTLS 0:35aa5be3b78d 5
MiniTLS 0:35aa5be3b78d 6 This program is free software; you can redistribute it and/or
MiniTLS 0:35aa5be3b78d 7 modify it under the terms of the GNU General Public License
MiniTLS 0:35aa5be3b78d 8 as published by the Free Software Foundation; either version 2
MiniTLS 0:35aa5be3b78d 9 of the License, or (at your option) any later version.
MiniTLS 0:35aa5be3b78d 10
MiniTLS 0:35aa5be3b78d 11 This program is distributed in the hope that it will be useful,
MiniTLS 0:35aa5be3b78d 12 but WITHOUT ANY WARRANTY; without even the implied warranty of
MiniTLS 0:35aa5be3b78d 13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
MiniTLS 0:35aa5be3b78d 14 GNU General Public License for more details.
MiniTLS 0:35aa5be3b78d 15
MiniTLS 0:35aa5be3b78d 16 You should have received a copy of the GNU General Public License
MiniTLS 0:35aa5be3b78d 17 along with this program; if not, write to the Free Software
MiniTLS 0:35aa5be3b78d 18 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
MiniTLS 0:35aa5be3b78d 19 *//**
MiniTLS 0:35aa5be3b78d 20 * \file tls_socket_defs.h
MiniTLS 0:35aa5be3b78d 21 * \copyright Copyright (c) AppNearMe Ltd 2013
MiniTLS 0:35aa5be3b78d 22 * \author Donatien Garnier
MiniTLS 0:35aa5be3b78d 23 */
MiniTLS 0:35aa5be3b78d 24
MiniTLS 0:35aa5be3b78d 25 #ifndef TLS_SOCKET_DEFS_H_
MiniTLS 0:35aa5be3b78d 26 #define TLS_SOCKET_DEFS_H_
MiniTLS 0:35aa5be3b78d 27
MiniTLS 0:35aa5be3b78d 28 #ifdef __cplusplus
MiniTLS 0:35aa5be3b78d 29 extern "C" {
MiniTLS 0:35aa5be3b78d 30 #endif
MiniTLS 0:35aa5be3b78d 31
MiniTLS 0:35aa5be3b78d 32 #include "core/fwk.h"
MiniTLS 0:35aa5be3b78d 33 #include "inc/mutls_config.h"
MiniTLS 0:35aa5be3b78d 34
MiniTLS 0:35aa5be3b78d 35 typedef struct __tls_socket tls_socket_t;
MiniTLS 0:35aa5be3b78d 36
MiniTLS 0:35aa5be3b78d 37 //We support SSL 3 and TLS 1.0, 1.1 and 1.2
MiniTLS 0:35aa5be3b78d 38
MiniTLS 0:35aa5be3b78d 39 #define TLS_1_2_VERSION_MAJOR 3
MiniTLS 0:35aa5be3b78d 40 #define TLS_1_2_VERSION_MINOR 3
MiniTLS 0:35aa5be3b78d 41
MiniTLS 0:35aa5be3b78d 42 #define TLS_1_1_VERSION_MAJOR 3
MiniTLS 0:35aa5be3b78d 43 #define TLS_1_1_VERSION_MINOR 2
MiniTLS 0:35aa5be3b78d 44
MiniTLS 0:35aa5be3b78d 45 #define TLS_1_0_VERSION_MAJOR 3
MiniTLS 0:35aa5be3b78d 46 #define TLS_1_0_VERSION_MINOR 1
MiniTLS 0:35aa5be3b78d 47
MiniTLS 0:35aa5be3b78d 48 #define SSL_3_VERSION_MAJOR 3
MiniTLS 0:35aa5be3b78d 49 #define SSL_3_VERSION_MINOR 0
MiniTLS 0:35aa5be3b78d 50
MiniTLS 0:35aa5be3b78d 51 typedef enum __tls_handshake_state
MiniTLS 0:35aa5be3b78d 52 {
MiniTLS 0:35aa5be3b78d 53 TLS_HANDSHAKE_INIT = 0,
MiniTLS 0:35aa5be3b78d 54 TLS_HANDSHAKE_HELLO_SENT,
MiniTLS 0:35aa5be3b78d 55 TLS_HANDSHAKE_HELLO_RECEIVED,
MiniTLS 0:35aa5be3b78d 56 TLS_HANDSHAKE_HELLO_RECEIVED_SESSION_RESUMPTION,
MiniTLS 0:35aa5be3b78d 57 TLS_HANDSHAKE_CERTIFICATE_RECEIVED,
MiniTLS 0:35aa5be3b78d 58 TLS_HANDSHAKE_SERVER_KEY_EXCHANGE_RECEIVED,
MiniTLS 0:35aa5be3b78d 59 TLS_HANDSHAKE_CERTIFICATE_REQUEST_RECEIVED,
MiniTLS 0:35aa5be3b78d 60 TLS_HANDSHAKE_HELLO_DONE_RECEIVED,
MiniTLS 0:35aa5be3b78d 61 TLS_HANDSHAKE_CERTIFICATE_SENT,
MiniTLS 0:35aa5be3b78d 62 TLS_HANDSHAKE_CLIENT_KEY_EXCHANGE_SENT,
MiniTLS 0:35aa5be3b78d 63 TLS_HANDSHAKE_CERTIFICATE_VERIFY_SENT,
MiniTLS 0:35aa5be3b78d 64 TLS_HANDSHAKE_FINISHED_SENT,
MiniTLS 0:35aa5be3b78d 65 TLS_HANDSHAKE_FINISHED_RECEIVED,
MiniTLS 0:35aa5be3b78d 66 TLS_HANDSHAKE_FAILED,
MiniTLS 0:35aa5be3b78d 67 TLS_HANDSHAKE_DONE,
MiniTLS 0:35aa5be3b78d 68 } tls_handshake_state_t;
MiniTLS 0:35aa5be3b78d 69
MiniTLS 0:35aa5be3b78d 70 #define HANDSHAKE_RANDOM_SIZE 32
MiniTLS 0:35aa5be3b78d 71 #define HANDSHAKE_MASTER_KEY_SIZE 48
MiniTLS 0:35aa5be3b78d 72
MiniTLS 0:35aa5be3b78d 73 #include "crypto/crypto_md5.h"
MiniTLS 0:35aa5be3b78d 74 #include "crypto/crypto_sha1.h"
MiniTLS 0:35aa5be3b78d 75 #include "crypto/crypto_sha256.h"
MiniTLS 0:35aa5be3b78d 76 #include "crypto/crypto_ecc.h"
MiniTLS 0:35aa5be3b78d 77
MiniTLS 0:35aa5be3b78d 78 struct __tls_handshake
MiniTLS 0:35aa5be3b78d 79 {
MiniTLS 0:35aa5be3b78d 80 tls_socket_t* tls_socket;
MiniTLS 0:35aa5be3b78d 81 tls_handshake_state_t state;
MiniTLS 0:35aa5be3b78d 82 uint8_t random_client[HANDSHAKE_RANDOM_SIZE];
MiniTLS 0:35aa5be3b78d 83 uint8_t random_server[HANDSHAKE_RANDOM_SIZE];
MiniTLS 0:35aa5be3b78d 84
MiniTLS 0:35aa5be3b78d 85 // tls_security_t target_security;
MiniTLS 0:35aa5be3b78d 86
MiniTLS 0:35aa5be3b78d 87 bool certificate_requested;
MiniTLS 0:35aa5be3b78d 88
MiniTLS 0:35aa5be3b78d 89
MiniTLS 0:35aa5be3b78d 90 union
MiniTLS 0:35aa5be3b78d 91 {
MiniTLS 0:35aa5be3b78d 92 #if CRYPTO_ECC
MiniTLS 0:35aa5be3b78d 93 struct {
MiniTLS 0:35aa5be3b78d 94 //Ephemeral key parameters
MiniTLS 0:35aa5be3b78d 95 const crypto_ecc_curve_t* curve;
MiniTLS 0:35aa5be3b78d 96 crypto_ecc_public_key_t server_key; //This is the static key
MiniTLS 0:35aa5be3b78d 97 crypto_ecc_private_key_t client_key;
MiniTLS 0:35aa5be3b78d 98 } ecc;
MiniTLS 0:35aa5be3b78d 99 #endif
MiniTLS 0:35aa5be3b78d 100 #if CRYPTO_RSA
MiniTLS 0:35aa5be3b78d 101 struct {
MiniTLS 0:35aa5be3b78d 102 //No ephemeral key parameters
MiniTLS 0:35aa5be3b78d 103 } rsa;
MiniTLS 0:35aa5be3b78d 104 #endif
MiniTLS 0:35aa5be3b78d 105 } key_exchange;
MiniTLS 0:35aa5be3b78d 106
MiniTLS 0:35aa5be3b78d 107 struct //Cannot use an union as we need to compute hash before knowing which SSL/TLS version to use (ServerHello)
MiniTLS 0:35aa5be3b78d 108 {
MiniTLS 0:35aa5be3b78d 109 #if MUTLS_CFG_PROTOCOL_TLS_1_2
MiniTLS 0:35aa5be3b78d 110 crypto_sha256_t sha256;
MiniTLS 0:35aa5be3b78d 111 #endif
MiniTLS 0:35aa5be3b78d 112 #if (MUTLS_CFG_PROTOCOL_TLS_1_1 || MUTLS_CFG_PROTOCOL_TLS_1_0 || MUTLS_CFG_PROTOCOL_SSL_3)
MiniTLS 0:35aa5be3b78d 113 struct
MiniTLS 0:35aa5be3b78d 114 {
MiniTLS 0:35aa5be3b78d 115 crypto_md5_t md5;
MiniTLS 0:35aa5be3b78d 116 crypto_sha1_t sha1;
MiniTLS 0:35aa5be3b78d 117 } md5_sha1;
MiniTLS 0:35aa5be3b78d 118 #endif
MiniTLS 0:35aa5be3b78d 119 } hash; //Hash of the whole handshake exchange
MiniTLS 0:35aa5be3b78d 120 };
MiniTLS 0:35aa5be3b78d 121
MiniTLS 0:35aa5be3b78d 122 typedef struct __tls_handshake tls_handshake_t;
MiniTLS 0:35aa5be3b78d 123
MiniTLS 0:35aa5be3b78d 124
MiniTLS 0:35aa5be3b78d 125 typedef enum __tls_security
MiniTLS 0:35aa5be3b78d 126 {
MiniTLS 0:35aa5be3b78d 127 TLS_SECURITY_NONE,
MiniTLS 0:35aa5be3b78d 128 TLS_SECURITY_INTIALIZED,
MiniTLS 0:35aa5be3b78d 129 TLS_SECURITY_ACTIVE
MiniTLS 0:35aa5be3b78d 130 } tls_security_state_t;
MiniTLS 0:35aa5be3b78d 131
MiniTLS 0:35aa5be3b78d 132 typedef struct __tls_protocol_version
MiniTLS 0:35aa5be3b78d 133 {
MiniTLS 0:35aa5be3b78d 134 uint8_t major;
MiniTLS 0:35aa5be3b78d 135 uint8_t minor;
MiniTLS 0:35aa5be3b78d 136 } tls_protocol_version_t;
MiniTLS 0:35aa5be3b78d 137
MiniTLS 0:35aa5be3b78d 138
MiniTLS 0:35aa5be3b78d 139 #include "tls_security.h"
MiniTLS 0:35aa5be3b78d 140
MiniTLS 0:35aa5be3b78d 141 #include "crypto/crypto_hmac_sha1.h"
MiniTLS 0:35aa5be3b78d 142 #include "crypto/crypto_aes_128_cbc.h"
MiniTLS 0:35aa5be3b78d 143
MiniTLS 0:35aa5be3b78d 144 struct __tls_record
MiniTLS 0:35aa5be3b78d 145 {
MiniTLS 0:35aa5be3b78d 146 bool handshake_done;
MiniTLS 0:35aa5be3b78d 147
MiniTLS 0:35aa5be3b78d 148 int socket_fd;
MiniTLS 0:35aa5be3b78d 149
MiniTLS 0:35aa5be3b78d 150 int read_timeout;
MiniTLS 0:35aa5be3b78d 151 int write_timeout;
MiniTLS 0:35aa5be3b78d 152 size_t max_fragment_size; //Size to negotiate using RFC extension - supported by GNUTLS but not OpenSSL
MiniTLS 0:35aa5be3b78d 153
MiniTLS 0:35aa5be3b78d 154 tls_protocol_version_t version;
MiniTLS 0:35aa5be3b78d 155 buffer_t buffer;
MiniTLS 0:35aa5be3b78d 156 /*
MiniTLS 0:35aa5be3b78d 157 buffer_t buffer_tx_fragment_header;
MiniTLS 0:35aa5be3b78d 158 buffer_t buffer_tx_iv_header;
MiniTLS 0:35aa5be3b78d 159 */
MiniTLS 0:35aa5be3b78d 160
MiniTLS 0:35aa5be3b78d 161 tls_socket_t* tls_socket;
MiniTLS 0:35aa5be3b78d 162
MiniTLS 0:35aa5be3b78d 163 tls_security_state_t security_rx_state;
MiniTLS 0:35aa5be3b78d 164 tls_security_state_t security_tx_state;
MiniTLS 0:35aa5be3b78d 165
MiniTLS 0:35aa5be3b78d 166 crypto_aes_128_t cipher_rx;
MiniTLS 0:35aa5be3b78d 167 crypto_aes_128_t cipher_tx;
MiniTLS 0:35aa5be3b78d 168
MiniTLS 0:35aa5be3b78d 169 uint64_t sequence_number_rx;
MiniTLS 0:35aa5be3b78d 170 uint64_t sequence_number_tx;
MiniTLS 0:35aa5be3b78d 171
MiniTLS 0:35aa5be3b78d 172 //Keys
MiniTLS 0:35aa5be3b78d 173 uint8_t client_write_mac_key[TLS_HMAC_SHA1_KEY_SIZE];
MiniTLS 0:35aa5be3b78d 174 uint8_t server_write_mac_key[TLS_HMAC_SHA1_KEY_SIZE];
MiniTLS 0:35aa5be3b78d 175 uint8_t client_write_cipher_key[AES_128_KEY_SIZE];
MiniTLS 0:35aa5be3b78d 176 uint8_t server_write_cipher_key[AES_128_KEY_SIZE];
MiniTLS 0:35aa5be3b78d 177 };
MiniTLS 0:35aa5be3b78d 178
MiniTLS 0:35aa5be3b78d 179 typedef struct __tls_record tls_record_t;
MiniTLS 0:35aa5be3b78d 180
MiniTLS 0:35aa5be3b78d 181 typedef enum __tls_content_type
MiniTLS 0:35aa5be3b78d 182 {
MiniTLS 0:35aa5be3b78d 183 TLS_CHANGE_CIPHER_SPEC = 20,
MiniTLS 0:35aa5be3b78d 184 TLS_ALERT = 21,
MiniTLS 0:35aa5be3b78d 185 TLS_HANDSHAKE = 22,
MiniTLS 0:35aa5be3b78d 186 TLS_APPLICATION_DATA = 23,
MiniTLS 0:35aa5be3b78d 187 __TLS_MAX = 255
MiniTLS 0:35aa5be3b78d 188 } tls_content_type_t;
MiniTLS 0:35aa5be3b78d 189
MiniTLS 0:35aa5be3b78d 190 #define SESSION_ID_MAX_SIZE 32
MiniTLS 0:35aa5be3b78d 191
MiniTLS 0:35aa5be3b78d 192 typedef struct __tls_session
MiniTLS 0:35aa5be3b78d 193 {
MiniTLS 0:35aa5be3b78d 194 uint8_t master_key[HANDSHAKE_MASTER_KEY_SIZE];
MiniTLS 0:35aa5be3b78d 195 size_t session_id_length;
MiniTLS 0:35aa5be3b78d 196 uint8_t session_id[SESSION_ID_MAX_SIZE];
MiniTLS 0:35aa5be3b78d 197 }
MiniTLS 0:35aa5be3b78d 198 tls_session_t;
MiniTLS 0:35aa5be3b78d 199
MiniTLS 0:35aa5be3b78d 200 #include "mutls.h"
MiniTLS 0:35aa5be3b78d 201
MiniTLS 0:35aa5be3b78d 202 typedef struct __tls_socket_event tls_socket_event_t;
MiniTLS 0:35aa5be3b78d 203 typedef struct __tls_socket_event_list tls_socket_event_list_t;
MiniTLS 0:35aa5be3b78d 204 struct __tls_socket
MiniTLS 0:35aa5be3b78d 205 {
MiniTLS 0:35aa5be3b78d 206 tls_record_t record;
MiniTLS 0:35aa5be3b78d 207 tls_handshake_t handshake;
MiniTLS 0:35aa5be3b78d 208 mutls_t* mutls;
MiniTLS 0:35aa5be3b78d 209
MiniTLS 0:35aa5be3b78d 210 //Session info
MiniTLS 0:35aa5be3b78d 211 tls_session_t session;
MiniTLS 0:35aa5be3b78d 212
MiniTLS 0:35aa5be3b78d 213 //Internal sauce
MiniTLS 0:35aa5be3b78d 214 tls_socket_event_t* events;
MiniTLS 0:35aa5be3b78d 215 buffer_t* read_buffer; //Passed by record layer
MiniTLS 0:35aa5be3b78d 216 buffer_t write_buffer;
MiniTLS 0:35aa5be3b78d 217 rtos_mtx_t* mtx;
MiniTLS 0:35aa5be3b78d 218 };
MiniTLS 0:35aa5be3b78d 219
MiniTLS 0:35aa5be3b78d 220 //typedef void (*tls_socket_event_cb_t)(tls_socket_t* socket, bool read, bool write, void* param);
MiniTLS 0:35aa5be3b78d 221 struct __tls_socket_event_list
MiniTLS 0:35aa5be3b78d 222 {
MiniTLS 0:35aa5be3b78d 223 tls_socket_event_t* head;
MiniTLS 0:35aa5be3b78d 224 rtos_sem_t* sem;
MiniTLS 0:35aa5be3b78d 225 };
MiniTLS 0:35aa5be3b78d 226
MiniTLS 0:35aa5be3b78d 227 struct __tls_socket_event
MiniTLS 0:35aa5be3b78d 228 {
MiniTLS 0:35aa5be3b78d 229 tls_socket_t* socket;
MiniTLS 0:35aa5be3b78d 230 bool read;
MiniTLS 0:35aa5be3b78d 231 bool write;
MiniTLS 0:35aa5be3b78d 232 bool fired;
MiniTLS 0:35aa5be3b78d 233 tls_socket_event_list_t* list;
MiniTLS 0:35aa5be3b78d 234 tls_socket_event_t* socket_list_next;
MiniTLS 0:35aa5be3b78d 235 tls_socket_event_t* event_list_next;
MiniTLS 0:35aa5be3b78d 236 };
MiniTLS 0:35aa5be3b78d 237
MiniTLS 0:35aa5be3b78d 238
MiniTLS 0:35aa5be3b78d 239 #ifdef __cplusplus
MiniTLS 0:35aa5be3b78d 240 }
MiniTLS 0:35aa5be3b78d 241 #endif
MiniTLS 0:35aa5be3b78d 242
MiniTLS 0:35aa5be3b78d 243 #endif /* TLS_SOCKET_DEFS_H_ */