Lee Kai Xuan / mbed-os

Important changes to repositories hosted on mbed.com

Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.

To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.

It is also possible to export all your personal repositories from the account settings page.

Fork of mbed-os by erkin yucel

Embed: (wiki syntax)

« Back to documentation index

Show/hide line numbers tls1.h Source File

tls1.h

Go to the documentation of this file.
00001 /*
00002  * Copyright (c) 2007, Cameron Rich
00003  * 
00004  * All rights reserved.
00005  * 
00006  * Redistribution and use in source and binary forms, with or without 
00007  * modification, are permitted provided that the following conditions are met:
00008  *
00009  * * Redistributions of source code must retain the above copyright notice, 
00010  *   this list of conditions and the following disclaimer.
00011  * * Redistributions in binary form must reproduce the above copyright notice, 
00012  *   this list of conditions and the following disclaimer in the documentation 
00013  *   and/or other materials provided with the distribution.
00014  * * Neither the name of the axTLS project nor the names of its contributors 
00015  *   may be used to endorse or promote products derived from this software 
00016  *   without specific prior written permission.
00017  *
00018  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
00019  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
00020  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
00021  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
00022  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
00023  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
00024  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
00025  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
00026  * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
00027  * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
00028  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
00029  */
00030 
00031 /**
00032  * @file tls1.h
00033  *
00034  * @brief The definitions for the TLS library.
00035  */
00036 #ifndef HEADER_SSL_LIB_H
00037 #define HEADER_SSL_LIB_H
00038 
00039 #ifdef __cplusplus
00040 extern "C" {
00041 #endif
00042 
00043 #include "version.h"
00044 #include "os_int.h"
00045 #include "crypto.h "
00046 #include "crypto_misc.h "
00047 
00048 #include "config.h"
00049 
00050 #define SSL_PROTOCOL_MIN_VERSION    0x31   /* TLS v1.0 */
00051 #define SSL_PROTOCOL_MINOR_VERSION  0x02   /* TLS v1.1 */
00052 #define SSL_PROTOCOL_VERSION_MAX    0x32   /* TLS v1.1 */
00053 #define SSL_PROTOCOL_VERSION1_1     0x32   /* TLS v1.1 */
00054 #define SSL_RANDOM_SIZE             32
00055 #define SSL_SECRET_SIZE             48
00056 #define SSL_FINISHED_HASH_SIZE      12
00057 #define SSL_RECORD_SIZE             5
00058 #define SSL_SERVER_READ             0
00059 #define SSL_SERVER_WRITE            1
00060 #define SSL_CLIENT_READ             2
00061 #define SSL_CLIENT_WRITE            3
00062 #define SSL_HS_HDR_SIZE             4
00063 
00064 /* the flags we use while establishing a connection */
00065 #define SSL_NEED_RECORD             0x0001
00066 #define SSL_TX_ENCRYPTED            0x0002 
00067 #define SSL_RX_ENCRYPTED            0x0004
00068 #define SSL_SESSION_RESUME          0x0008
00069 #define SSL_IS_CLIENT               0x0010
00070 #define SSL_HAS_CERT_REQ            0x0020
00071 #define SSL_SENT_CLOSE_NOTIFY       0x0040
00072 
00073 /* some macros to muck around with flag bits */
00074 #define SET_SSL_FLAG(A)             (ssl->flag |= A)
00075 #define CLR_SSL_FLAG(A)             (ssl->flag &= ~A)
00076 #define IS_SET_SSL_FLAG(A)          (ssl->flag & A)
00077 
00078 #define MAX_KEY_BYTE_SIZE           512     /* for a 4096 bit key */
00079 #define RT_MAX_PLAIN_LENGTH         2048//16384
00080 #define RT_EXTRA                    512//1024
00081 #define BM_RECORD_OFFSET            5
00082 #define BM_ALL_DATA_SIZE            (RT_MAX_PLAIN_LENGTH+RT_EXTRA-BM_RECORD_OFFSET)
00083 
00084 #ifdef CONFIG_SSL_SKELETON_MODE
00085 #define NUM_PROTOCOLS               1
00086 #else
00087 #define NUM_PROTOCOLS               4
00088 #endif
00089 
00090 #define PARANOIA_CHECK(A, B)        if (A < B) { \
00091     ret = SSL_ERROR_INVALID_HANDSHAKE; goto error; }
00092 
00093 /* protocol types */
00094 enum
00095 {
00096     PT_CHANGE_CIPHER_SPEC = 20,
00097     PT_ALERT_PROTOCOL,
00098     PT_HANDSHAKE_PROTOCOL,
00099     PT_APP_PROTOCOL_DATA
00100 };
00101 
00102 /* handshaking types */
00103 enum
00104 {
00105     HS_HELLO_REQUEST,
00106     HS_CLIENT_HELLO,
00107     HS_SERVER_HELLO,
00108     HS_CERTIFICATE = 11,
00109     HS_SERVER_KEY_XCHG,
00110     HS_CERT_REQ,
00111     HS_SERVER_HELLO_DONE,
00112     HS_CERT_VERIFY,
00113     HS_CLIENT_KEY_XCHG,
00114     HS_FINISHED = 20
00115 };
00116 
00117 typedef struct 
00118 {
00119     uint8_t cipher;
00120     uint8_t key_size;
00121     uint8_t iv_size;
00122     uint8_t key_block_size;
00123     uint8_t padding_size;
00124     uint8_t digest_size;
00125     hmac_func hmac;
00126     crypt_func encrypt;
00127     crypt_func decrypt;
00128 } cipher_info_t;
00129 
00130 struct _SSLObjLoader 
00131 {
00132     uint8_t *buf;
00133     int len;
00134 };
00135 
00136 typedef struct _SSLObjLoader SSLObjLoader;
00137 
00138 typedef struct 
00139 {
00140     time_t conn_time;
00141     uint8_t session_id[SSL_SESSION_ID_SIZE];
00142     uint8_t master_secret[SSL_SECRET_SIZE];
00143 } SSL_SESSION;
00144 
00145 typedef struct
00146 {
00147     uint8_t *buf;
00148     int size;
00149 } SSL_CERT;
00150 
00151 typedef struct
00152 {
00153     MD5_CTX md5_ctx;
00154     SHA1_CTX sha1_ctx;
00155     uint8_t final_finish_mac[SSL_FINISHED_HASH_SIZE];
00156     uint8_t key_block[MAX_KEYBLOCK_SIZE];
00157     uint8_t master_secret[SSL_SECRET_SIZE];
00158     uint8_t client_random[SSL_RANDOM_SIZE]; /* client's random sequence */
00159     uint8_t server_random[SSL_RANDOM_SIZE]; /* server's random sequence */
00160     uint16_t bm_proc_index;
00161 } DISPOSABLE_CTX;
00162 
00163 struct _SSL
00164 {
00165     uint32_t flag;
00166     uint16_t need_bytes;
00167     uint16_t got_bytes;
00168     uint8_t record_type;
00169     uint8_t cipher;
00170     uint8_t sess_id_size;
00171     uint8_t version;
00172     uint8_t client_version;
00173     int16_t next_state;
00174     int16_t hs_status;
00175     DISPOSABLE_CTX *dc;         /* temporary data which we'll get rid of soon */
00176     int client_fd;
00177     void *connection;
00178     const cipher_info_t *cipher_info;
00179     void *encrypt_ctx;
00180     void *decrypt_ctx;
00181     uint8_t bm_all_data[RT_MAX_PLAIN_LENGTH];
00182     uint8_t *bm_data;
00183     uint16_t bm_index;
00184     uint16_t bm_read_index;
00185     struct _SSL *next;                  /* doubly linked list */
00186     struct _SSL *prev;
00187     struct _SSL_CTX *ssl_ctx;           /* back reference to a clnt/svr ctx */
00188 #ifndef CONFIG_SSL_SKELETON_MODE
00189     uint16_t session_index;
00190     SSL_SESSION *session;
00191 #endif
00192 #ifdef CONFIG_SSL_CERT_VERIFICATION
00193     X509_CTX *x509_ctx;
00194 #endif
00195 
00196     uint8_t session_id[SSL_SESSION_ID_SIZE]; 
00197     uint8_t client_mac[SHA1_SIZE];  /* for HMAC verification */
00198     uint8_t server_mac[SHA1_SIZE];  /* for HMAC verification */
00199     uint8_t read_sequence[8];       /* 64 bit sequence number */
00200     uint8_t write_sequence[8];      /* 64 bit sequence number */
00201     uint8_t hmac_header[SSL_RECORD_SIZE];    /* rx hmac */
00202 };
00203 
00204 typedef struct _SSL SSL;
00205 
00206 struct _SSL_CTX
00207 {
00208     uint32_t options;
00209     uint8_t chain_length;
00210     RSA_CTX *rsa_ctx;
00211 #ifdef CONFIG_SSL_CERT_VERIFICATION
00212     CA_CERT_CTX *ca_cert_ctx;
00213 #endif
00214     SSL *head;
00215     SSL *tail;
00216     SSL_CERT certs[CONFIG_SSL_MAX_CERTS];
00217 #ifndef CONFIG_SSL_SKELETON_MODE
00218     uint16_t num_sessions;
00219     SSL_SESSION **ssl_sessions;
00220 #endif
00221 #ifdef CONFIG_SSL_CTX_MUTEXING
00222     SSL_CTX_MUTEX_TYPE mutex;
00223 #endif
00224 #ifdef CONFIG_OPENSSL_COMPATIBLE
00225     void *bonus_attr;
00226 #endif
00227 };
00228 
00229 typedef struct _SSL_CTX SSL_CTX;
00230 
00231 /* backwards compatibility */
00232 typedef struct _SSL_CTX SSLCTX;
00233 
00234 extern const uint8_t ssl_prot_prefs[NUM_PROTOCOLS];
00235 
00236 SSL *ssl_new(SSL *ssl, int client_fd);
00237 void disposable_new(SSL *ssl);
00238 void disposable_free(SSL *ssl);
00239 int send_packet(SSL *ssl, uint8_t protocol, 
00240         const uint8_t *in, int length);
00241 int do_svr_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len);
00242 int do_clnt_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len);
00243 int process_finished(SSL *ssl, uint8_t *buf, int hs_len);
00244 int process_sslv23_client_hello(SSL *ssl);
00245 int send_alert(SSL *ssl, int error_code);
00246 int send_finished(SSL *ssl);
00247 int send_certificate(SSL *ssl);
00248 int basic_read2(SSL *ssl, uint8_t *data, uint32_t length);
00249 int read_record(SSL *ssl);
00250 int basic_decrypt(SSL *ssl, uint8_t *buf, int len);
00251 int process_data(SSL* ssl, uint8_t *in_data, int len);
00252 int ssl_read(SSL *ssl, uint8_t *in_data, int len);
00253 int send_change_cipher_spec(SSL *ssl);
00254 void finished_digest(SSL *ssl, const char *label, uint8_t *digest);
00255 void generate_master_secret(SSL *ssl, const uint8_t *premaster_secret);
00256 void add_packet(SSL *ssl, const uint8_t *pkt, int len);
00257 int add_cert(SSL_CTX *ssl_ctx, const uint8_t *buf, int len);
00258 int add_private_key(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj);
00259 void ssl_obj_free(SSLObjLoader *ssl_obj);
00260 int pkcs8_decode(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password);
00261 int pkcs12_decode(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password);
00262 int load_key_certs(SSL_CTX *ssl_ctx);
00263 #ifdef CONFIG_SSL_CERT_VERIFICATION
00264 int add_cert_auth(SSL_CTX *ssl_ctx, const uint8_t *buf, int len);
00265 void remove_ca_certs(CA_CERT_CTX *ca_cert_ctx);
00266 #endif
00267 #ifdef CONFIG_SSL_ENABLE_CLIENT
00268 int do_client_connect(SSL *ssl);
00269 #endif
00270 
00271 #ifdef CONFIG_SSL_FULL_MODE
00272 void DISPLAY_STATE(SSL *ssl, int is_send, uint8_t state, int not_ok);
00273 void DISPLAY_BYTES(SSL *ssl, const char *format, 
00274         const uint8_t *data, int size, ...);
00275 void DISPLAY_CERT(SSL *ssl, const X509_CTX *x509_ctx);
00276 void DISPLAY_RSA(SSL *ssl,  const RSA_CTX *rsa_ctx);
00277 void DISPLAY_ALERT(SSL *ssl, int alert);
00278 #else
00279 #define DISPLAY_STATE(A,B,C,D)
00280 #define DISPLAY_CERT(A,B)
00281 #define DISPLAY_RSA(A,B)
00282 #define DISPLAY_ALERT(A, B)
00283 #ifdef WIN32
00284 void DISPLAY_BYTES(SSL *ssl, const char *format,/* win32 has no variadic macros */
00285         const uint8_t *data, int size, ...);
00286 #else
00287 #define DISPLAY_BYTES(A,B,C,D,...)
00288 #endif
00289 #endif
00290 
00291 #ifdef CONFIG_SSL_CERT_VERIFICATION
00292 int process_certificate(SSL *ssl, X509_CTX **x509_ctx);
00293 #endif
00294 
00295 SSL_SESSION *ssl_session_update(int max_sessions, 
00296         SSL_SESSION *ssl_sessions[], SSL *ssl,
00297         const uint8_t *session_id);
00298 void kill_ssl_session(SSL_SESSION **ssl_sessions, SSL *ssl);
00299 
00300 #ifdef __cplusplus
00301 }
00302 #endif
00303 
00304 #endif
Generated on Tue Jul 12 2022 13:16:17 by  doxygen 1.7.2