1 /*
2  * Copyright (c) 2007, Cameron Rich
3  *
4  * All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions are met:
8  *
9  * * Redistributions of source code must retain the above copyright notice,
10  *   this list of conditions and the following disclaimer.
11  * * Redistributions in binary form must reproduce the above copyright notice,
12  *   this list of conditions and the following disclaimer in the documentation
13  *   and/or other materials provided with the distribution.
14  * * Neither the name of the axTLS project nor the names of its contributors
15  *   may be used to endorse or promote products derived from this software
16  *   without specific prior written permission.
17  *
18  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
20  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
21  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
22  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
23  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
24  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
25  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
26  * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
27  * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
28  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29  */
30 
31 /**
32  * @file tls1.h
33  *
34  * @brief The definitions for the TLS library.
35  */
36 #ifndef HEADER_SSL_LIB_H
37 #define HEADER_SSL_LIB_H
38 
39 #ifdef __cplusplus
40 extern "C" {
41 #endif
42 
43 #include "version.h"
44 #include "config.h"
45 #include "os_int.h"
46 #include "crypto.h"
47 #include "crypto_misc.h"
48 
49 #define SSL_PROTOCOL_MIN_VERSION    0x31   /* TLS v1.0 */
50 #define SSL_PROTOCOL_MINOR_VERSION  0x02   /* TLS v1.1 */
51 #define SSL_PROTOCOL_VERSION_MAX    0x32   /* TLS v1.1 */
52 #define SSL_PROTOCOL_VERSION1_1     0x32   /* TLS v1.1 */
53 #define SSL_RANDOM_SIZE             32
54 #define SSL_SECRET_SIZE             48
55 #define SSL_FINISHED_HASH_SIZE      12
56 #define SSL_RECORD_SIZE             5
57 #define SSL_SERVER_READ             0
58 #define SSL_SERVER_WRITE            1
59 #define SSL_CLIENT_READ             2
60 #define SSL_CLIENT_WRITE            3
61 #define SSL_HS_HDR_SIZE             4
62 
63 /* the flags we use while establishing a connection */
64 #define SSL_NEED_RECORD             0x0001
65 #define SSL_TX_ENCRYPTED            0x0002
66 #define SSL_RX_ENCRYPTED            0x0004
67 #define SSL_SESSION_RESUME          0x0008
68 #define SSL_IS_CLIENT               0x0010
69 #define SSL_HAS_CERT_REQ            0x0020
70 #define SSL_SENT_CLOSE_NOTIFY       0x0040
71 
72 /* some macros to muck around with flag bits */
73 #define SET_SSL_FLAG(A)             (ssl->flag |= A)
74 #define CLR_SSL_FLAG(A)             (ssl->flag &= ~A)
75 #define IS_SET_SSL_FLAG(A)          (ssl->flag & A)
76 
77 #define MAX_KEY_BYTE_SIZE           512     /* for a 4096 bit key */
78 #define RT_MAX_PLAIN_LENGTH         16384
79 #define RT_EXTRA                    1024
80 #define BM_RECORD_OFFSET            5
81 
82 #ifdef CONFIG_SSL_SKELETON_MODE
83 #define NUM_PROTOCOLS               1
84 #else
85 #define NUM_PROTOCOLS               4
86 #endif
87 
88 #define PARANOIA_CHECK(A, B)        if (A < B) { \
89     ret = SSL_ERROR_INVALID_HANDSHAKE; goto error; }
90 
91 /* protocol types */
92 enum
93 {
94     PT_CHANGE_CIPHER_SPEC = 20,
95     PT_ALERT_PROTOCOL,
96     PT_HANDSHAKE_PROTOCOL,
97     PT_APP_PROTOCOL_DATA
98 };
99 
100 /* handshaking types */
101 enum
102 {
103     HS_HELLO_REQUEST,
104     HS_CLIENT_HELLO,
105     HS_SERVER_HELLO,
106     HS_CERTIFICATE = 11,
107     HS_SERVER_KEY_XCHG,
108     HS_CERT_REQ,
109     HS_SERVER_HELLO_DONE,
110     HS_CERT_VERIFY,
111     HS_CLIENT_KEY_XCHG,
112     HS_FINISHED = 20
113 };
114 
115 typedef struct
116 {
117     uint8_t cipher;
118     uint8_t key_size;
119     uint8_t iv_size;
120     uint8_t key_block_size;
121     uint8_t padding_size;
122     uint8_t digest_size;
123     hmac_func hmac;
124     crypt_func encrypt;
125     crypt_func decrypt;
126 } cipher_info_t;
127 
128 struct _SSLObjLoader
129 {
130     uint8_t *buf;
131     int len;
132 };
133 
134 typedef struct _SSLObjLoader SSLObjLoader;
135 
136 typedef struct
137 {
138     time_t conn_time;
139     uint8_t session_id[SSL_SESSION_ID_SIZE];
140     uint8_t master_secret[SSL_SECRET_SIZE];
141 } SSL_SESSION;
142 
143 typedef struct
144 {
145     uint8_t *buf;
146     int size;
147 } SSL_CERT;
148 
149 typedef struct
150 {
151     MD5_CTX md5_ctx;
152     SHA1_CTX sha1_ctx;
153     uint8_t final_finish_mac[SSL_FINISHED_HASH_SIZE];
154     uint8_t *key_block;
155     uint8_t master_secret[SSL_SECRET_SIZE];
156     uint8_t client_random[SSL_RANDOM_SIZE]; /* client's random sequence */
157     uint8_t server_random[SSL_RANDOM_SIZE]; /* server's random sequence */
158     uint16_t bm_proc_index;
159 } DISPOSABLE_CTX;
160 
161 struct _SSL
162 {
163     uint32_t flag;
164     uint16_t need_bytes;
165     uint16_t got_bytes;
166     uint8_t record_type;
167     uint8_t cipher;
168     uint8_t sess_id_size;
169     uint8_t version;
170     uint8_t client_version;
171     int16_t next_state;
172     int16_t hs_status;
173     DISPOSABLE_CTX *dc;         /* temporary data which we'll get rid of soon */
174     int client_fd;
175     const cipher_info_t *cipher_info;
176     void *encrypt_ctx;
177     void *decrypt_ctx;
178     uint8_t bm_all_data[RT_MAX_PLAIN_LENGTH+RT_EXTRA];
179     uint8_t *bm_data;
180     uint16_t bm_index;
181     uint16_t bm_read_index;
182     struct _SSL *next;                  /* doubly linked list */
183     struct _SSL *prev;
184     struct _SSL_CTX *ssl_ctx;           /* back reference to a clnt/svr ctx */
185 #ifndef CONFIG_SSL_SKELETON_MODE
186     uint16_t session_index;
187     SSL_SESSION *session;
188 #endif
189 #ifdef CONFIG_SSL_CERT_VERIFICATION
190     X509_CTX *x509_ctx;
191 #endif
192 
193     uint8_t session_id[SSL_SESSION_ID_SIZE];
194     uint8_t client_mac[SHA1_SIZE];  /* for HMAC verification */
195     uint8_t server_mac[SHA1_SIZE];  /* for HMAC verification */
196     uint8_t read_sequence[8];       /* 64 bit sequence number */
197     uint8_t write_sequence[8];      /* 64 bit sequence number */
198     uint8_t hmac_header[SSL_RECORD_SIZE];    /* rx hmac */
199 };
200 
201 typedef struct _SSL SSL;
202 
203 struct _SSL_CTX
204 {
205     uint32_t options;
206     uint8_t chain_length;
207     RSA_CTX *rsa_ctx;
208 #ifdef CONFIG_SSL_CERT_VERIFICATION
209     CA_CERT_CTX *ca_cert_ctx;
210 #endif
211     SSL *head;
212     SSL *tail;
213     SSL_CERT certs[CONFIG_SSL_MAX_CERTS];
214 #ifndef CONFIG_SSL_SKELETON_MODE
215     uint16_t num_sessions;
216     SSL_SESSION **ssl_sessions;
217 #endif
218 #ifdef CONFIG_SSL_CTX_MUTEXING
219     SSL_CTX_MUTEX_TYPE mutex;
220 #endif
221 #ifdef CONFIG_OPENSSL_COMPATIBLE
222     void *bonus_attr;
223 #endif
224 };
225 
226 typedef struct _SSL_CTX SSL_CTX;
227 
228 /* backwards compatibility */
229 typedef struct _SSL_CTX SSLCTX;
230 
231 extern const uint8_t ssl_prot_prefs[NUM_PROTOCOLS];
232 
233 SSL *ssl_new(SSL_CTX *ssl_ctx, int client_fd);
234 void disposable_new(SSL *ssl);
235 void disposable_free(SSL *ssl);
236 int send_packet(SSL *ssl, uint8_t protocol,
237         const uint8_t *in, int length);
238 int do_svr_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len);
239 int do_clnt_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len);
240 int process_finished(SSL *ssl, uint8_t *buf, int hs_len);
241 int process_sslv23_client_hello(SSL *ssl);
242 int send_alert(SSL *ssl, int error_code);
243 int send_finished(SSL *ssl);
244 int send_certificate(SSL *ssl);
245 int basic_read(SSL *ssl, uint8_t **in_data);
246 int send_change_cipher_spec(SSL *ssl);
247 void finished_digest(SSL *ssl, const char *label, uint8_t *digest);
248 void generate_master_secret(SSL *ssl, const uint8_t *premaster_secret);
249 void add_packet(SSL *ssl, const uint8_t *pkt, int len);
250 int add_cert(SSL_CTX *ssl_ctx, const uint8_t *buf, int len);
251 int add_private_key(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj);
252 void ssl_obj_free(SSLObjLoader *ssl_obj);
253 int pkcs8_decode(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password);
254 int pkcs12_decode(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password);
255 int load_key_certs(SSL_CTX *ssl_ctx);
256 #ifdef CONFIG_SSL_CERT_VERIFICATION
257 int add_cert_auth(SSL_CTX *ssl_ctx, const uint8_t *buf, int len);
258 void remove_ca_certs(CA_CERT_CTX *ca_cert_ctx);
259 #endif
260 #ifdef CONFIG_SSL_ENABLE_CLIENT
261 int do_client_connect(SSL *ssl);
262 #endif
263 
264 #ifdef CONFIG_SSL_FULL_MODE
265 void DISPLAY_STATE(SSL *ssl, int is_send, uint8_t state, int not_ok);
266 void DISPLAY_BYTES(SSL *ssl, const char *format,
267         const uint8_t *data, int size, ...);
268 void DISPLAY_CERT(SSL *ssl, const X509_CTX *x509_ctx);
269 void DISPLAY_RSA(SSL *ssl,  const RSA_CTX *rsa_ctx);
270 void DISPLAY_ALERT(SSL *ssl, int alert);
271 #else
272 #define DISPLAY_STATE(A,B,C,D)
273 #define DISPLAY_CERT(A,B)
274 #define DISPLAY_RSA(A,B)
275 #define DISPLAY_ALERT(A, B)
276 #ifdef WIN32
277 void DISPLAY_BYTES(SSL *ssl, const char *format,/* win32 has no variadic macros */
278         const uint8_t *data, int size, ...);
279 #else
280 #define DISPLAY_BYTES(A,B,C,D,...)
281 #endif
282 #endif
283 
284 #ifdef CONFIG_SSL_CERT_VERIFICATION
285 int process_certificate(SSL *ssl, X509_CTX **x509_ctx);
286 #endif
287 
288 SSL_SESSION *ssl_session_update(int max_sessions,
289         SSL_SESSION *ssl_sessions[], SSL *ssl,
290         const uint8_t *session_id);
291 void kill_ssl_session(SSL_SESSION **ssl_sessions, SSL *ssl);
292 
293 #ifdef __cplusplus
294 }
295 #endif
296 
297 #endif
298