tlsv1_common.h File Reference

TLSv1 common definitions. More...

#include "crypto/crypto.h"

Go to the source code of this file.

Data Structures
struct	tls_cipher_suite
struct	tls_cipher_data
struct	tls_verify_hash

Macros
#define	TLS_VERSION_1   0x0301 /* TLSv1 */
#define	TLS_VERSION_1_1   0x0302 /* TLSv1.1 */
#define	TLS_VERSION_1_2   0x0303 /* TLSv1.2 */
#define	TLS_VERSION   TLS_VERSION_1
#define	TLS_RANDOM_LEN   32
#define	TLS_PRE_MASTER_SECRET_LEN   48
#define	TLS_MASTER_SECRET_LEN   48
#define	TLS_SESSION_ID_MAX_LEN   32
#define	TLS_VERIFY_DATA_LEN   12
#define	TLS_NULL_WITH_NULL_NULL   0x0000 /* RFC 2246 */
#define	TLS_RSA_WITH_NULL_MD5   0x0001 /* RFC 2246 */
#define	TLS_RSA_WITH_NULL_SHA   0x0002 /* RFC 2246 */
#define	TLS_RSA_EXPORT_WITH_RC4_40_MD5   0x0003 /* RFC 2246 */
#define	TLS_RSA_WITH_RC4_128_MD5   0x0004 /* RFC 2246 */
#define	TLS_RSA_WITH_RC4_128_SHA   0x0005 /* RFC 2246 */
#define	TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5   0x0006 /* RFC 2246 */
#define	TLS_RSA_WITH_IDEA_CBC_SHA   0x0007 /* RFC 2246 */
#define	TLS_RSA_EXPORT_WITH_DES40_CBC_SHA   0x0008 /* RFC 2246 */
#define	TLS_RSA_WITH_DES_CBC_SHA   0x0009 /* RFC 2246 */
#define	TLS_RSA_WITH_3DES_EDE_CBC_SHA   0x000A /* RFC 2246 */
#define	TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA   0x000B /* RFC 2246 */
#define	TLS_DH_DSS_WITH_DES_CBC_SHA   0x000C /* RFC 2246 */
#define	TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA   0x000D /* RFC 2246 */
#define	TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA   0x000E /* RFC 2246 */
#define	TLS_DH_RSA_WITH_DES_CBC_SHA   0x000F /* RFC 2246 */
#define	TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA   0x0010 /* RFC 2246 */
#define	TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA   0x0011 /* RFC 2246 */
#define	TLS_DHE_DSS_WITH_DES_CBC_SHA   0x0012 /* RFC 2246 */
#define	TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA   0x0013 /* RFC 2246 */
#define	TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA   0x0014 /* RFC 2246 */
#define	TLS_DHE_RSA_WITH_DES_CBC_SHA   0x0015 /* RFC 2246 */
#define	TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA   0x0016 /* RFC 2246 */
#define	TLS_DH_anon_EXPORT_WITH_RC4_40_MD5   0x0017 /* RFC 2246 */
#define	TLS_DH_anon_WITH_RC4_128_MD5   0x0018 /* RFC 2246 */
#define	TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA   0x0019 /* RFC 2246 */
#define	TLS_DH_anon_WITH_DES_CBC_SHA   0x001A /* RFC 2246 */
#define	TLS_DH_anon_WITH_3DES_EDE_CBC_SHA   0x001B /* RFC 2246 */
#define	TLS_RSA_WITH_AES_128_CBC_SHA   0x002F /* RFC 3268 */
#define	TLS_DH_DSS_WITH_AES_128_CBC_SHA   0x0030 /* RFC 3268 */
#define	TLS_DH_RSA_WITH_AES_128_CBC_SHA   0x0031 /* RFC 3268 */
#define	TLS_DHE_DSS_WITH_AES_128_CBC_SHA   0x0032 /* RFC 3268 */
#define	TLS_DHE_RSA_WITH_AES_128_CBC_SHA   0x0033 /* RFC 3268 */
#define	TLS_DH_anon_WITH_AES_128_CBC_SHA   0x0034 /* RFC 3268 */
#define	TLS_RSA_WITH_AES_256_CBC_SHA   0x0035 /* RFC 3268 */
#define	TLS_DH_DSS_WITH_AES_256_CBC_SHA   0x0036 /* RFC 3268 */
#define	TLS_DH_RSA_WITH_AES_256_CBC_SHA   0x0037 /* RFC 3268 */
#define	TLS_DHE_DSS_WITH_AES_256_CBC_SHA   0x0038 /* RFC 3268 */
#define	TLS_DHE_RSA_WITH_AES_256_CBC_SHA   0x0039 /* RFC 3268 */
#define	TLS_DH_anon_WITH_AES_256_CBC_SHA   0x003A /* RFC 3268 */
#define	TLS_RSA_WITH_NULL_SHA256   0x003B /* RFC 5246 */
#define	TLS_RSA_WITH_AES_128_CBC_SHA256   0x003C /* RFC 5246 */
#define	TLS_RSA_WITH_AES_256_CBC_SHA256   0x003D /* RFC 5246 */
#define	TLS_DH_DSS_WITH_AES_128_CBC_SHA256   0x003E /* RFC 5246 */
#define	TLS_DH_RSA_WITH_AES_128_CBC_SHA256   0x003F /* RFC 5246 */
#define	TLS_DHE_DSS_WITH_AES_128_CBC_SHA256   0x0040 /* RFC 5246 */
#define	TLS_DHE_RSA_WITH_AES_128_CBC_SHA256   0x0067 /* RFC 5246 */
#define	TLS_DH_DSS_WITH_AES_256_CBC_SHA256   0x0068 /* RFC 5246 */
#define	TLS_DH_RSA_WITH_AES_256_CBC_SHA256   0x0069 /* RFC 5246 */
#define	TLS_DHE_DSS_WITH_AES_256_CBC_SHA256   0x006A /* RFC 5246 */
#define	TLS_DHE_RSA_WITH_AES_256_CBC_SHA256   0x006B /* RFC 5246 */
#define	TLS_DH_anon_WITH_AES_128_CBC_SHA256   0x006C /* RFC 5246 */
#define	TLS_DH_anon_WITH_AES_256_CBC_SHA256   0x006D /* RFC 5246 */
#define	TLS_COMPRESSION_NULL   0
#define	TLS_ALERT_LEVEL_WARNING   1
#define	TLS_ALERT_LEVEL_FATAL   2
#define	TLS_ALERT_CLOSE_NOTIFY   0
#define	TLS_ALERT_UNEXPECTED_MESSAGE   10
#define	TLS_ALERT_BAD_RECORD_MAC   20
#define	TLS_ALERT_DECRYPTION_FAILED   21
#define	TLS_ALERT_RECORD_OVERFLOW   22
#define	TLS_ALERT_DECOMPRESSION_FAILURE   30
#define	TLS_ALERT_HANDSHAKE_FAILURE   40
#define	TLS_ALERT_BAD_CERTIFICATE   42
#define	TLS_ALERT_UNSUPPORTED_CERTIFICATE   43
#define	TLS_ALERT_CERTIFICATE_REVOKED   44
#define	TLS_ALERT_CERTIFICATE_EXPIRED   45
#define	TLS_ALERT_CERTIFICATE_UNKNOWN   46
#define	TLS_ALERT_ILLEGAL_PARAMETER   47
#define	TLS_ALERT_UNKNOWN_CA   48
#define	TLS_ALERT_ACCESS_DENIED   49
#define	TLS_ALERT_DECODE_ERROR   50
#define	TLS_ALERT_DECRYPT_ERROR   51
#define	TLS_ALERT_EXPORT_RESTRICTION   60
#define	TLS_ALERT_PROTOCOL_VERSION   70
#define	TLS_ALERT_INSUFFICIENT_SECURITY   71
#define	TLS_ALERT_INTERNAL_ERROR   80
#define	TLS_ALERT_USER_CANCELED   90
#define	TLS_ALERT_NO_RENEGOTIATION   100
#define	TLS_ALERT_UNSUPPORTED_EXTENSION   110 /* RFC 4366 */
#define	TLS_ALERT_CERTIFICATE_UNOBTAINABLE   111 /* RFC 4366 */
#define	TLS_ALERT_UNRECOGNIZED_NAME   112 /* RFC 4366 */
#define	TLS_ALERT_BAD_CERTIFICATE_STATUS_RESPONSE   113 /* RFC 4366 */
#define	TLS_ALERT_BAD_CERTIFICATE_HASH_VALUE   114 /* RFC 4366 */
#define	TLS_EXT_SERVER_NAME   0 /* RFC 4366 */
#define	TLS_EXT_MAX_FRAGMENT_LENGTH   1 /* RFC 4366 */
#define	TLS_EXT_CLIENT_CERTIFICATE_URL   2 /* RFC 4366 */
#define	TLS_EXT_TRUSTED_CA_KEYS   3 /* RFC 4366 */
#define	TLS_EXT_TRUNCATED_HMAC   4 /* RFC 4366 */
#define	TLS_EXT_STATUS_REQUEST   5 /* RFC 4366 */
#define	TLS_EXT_SESSION_TICKET   35 /* RFC 4507 */
#define	TLS_EXT_PAC_OPAQUE   TLS_EXT_SESSION_TICKET /* EAP-FAST terminology */

Enumerations
enum	{   TLS_HANDSHAKE_TYPE_HELLO_REQUEST = 0, TLS_HANDSHAKE_TYPE_CLIENT_HELLO = 1, TLS_HANDSHAKE_TYPE_SERVER_HELLO = 2, TLS_HANDSHAKE_TYPE_NEW_SESSION_TICKET = 4,   TLS_HANDSHAKE_TYPE_CERTIFICATE = 11, TLS_HANDSHAKE_TYPE_SERVER_KEY_EXCHANGE = 12, TLS_HANDSHAKE_TYPE_CERTIFICATE_REQUEST = 13, TLS_HANDSHAKE_TYPE_SERVER_HELLO_DONE = 14,   TLS_HANDSHAKE_TYPE_CERTIFICATE_VERIFY = 15, TLS_HANDSHAKE_TYPE_CLIENT_KEY_EXCHANGE = 16, TLS_HANDSHAKE_TYPE_FINISHED = 20, TLS_HANDSHAKE_TYPE_CERTIFICATE_URL = 21,   TLS_HANDSHAKE_TYPE_CERTIFICATE_STATUS = 22 }
enum	{   TLS_HASH_ALG_NONE = 0, TLS_HASH_ALG_MD5 = 1, TLS_HASH_ALG_SHA1 = 2, TLS_HASH_ALG_SHA224 = 3,   TLS_HASH_ALG_SHA256 = 4, TLS_HASH_ALG_SHA384 = 5, TLS_HASH_ALG_SHA512 = 6 }
enum	{ TLS_SIGN_ALG_ANONYMOUS = 0, TLS_SIGN_ALG_RSA = 1, TLS_SIGN_ALG_DSA = 2, TLS_SIGN_ALG_ECDSA = 3 }
enum	{ TLS_CHANGE_CIPHER_SPEC = 1 }
enum	tls_key_exchange {   TLS_KEY_X_NULL, TLS_KEY_X_RSA, TLS_KEY_X_RSA_EXPORT, TLS_KEY_X_DH_DSS_EXPORT,   TLS_KEY_X_DH_DSS, TLS_KEY_X_DH_RSA_EXPORT, TLS_KEY_X_DH_RSA, TLS_KEY_X_DHE_DSS_EXPORT,   TLS_KEY_X_DHE_DSS, TLS_KEY_X_DHE_RSA_EXPORT, TLS_KEY_X_DHE_RSA, TLS_KEY_X_DH_anon_EXPORT,   TLS_KEY_X_DH_anon }
enum	tls_cipher {   TLS_CIPHER_NULL, TLS_CIPHER_RC4_40, TLS_CIPHER_RC4_128, TLS_CIPHER_RC2_CBC_40,   TLS_CIPHER_IDEA_CBC, TLS_CIPHER_DES40_CBC, TLS_CIPHER_DES_CBC, TLS_CIPHER_3DES_EDE_CBC,   TLS_CIPHER_AES_128_CBC, TLS_CIPHER_AES_256_CBC }
enum	tls_hash { TLS_HASH_NULL, TLS_HASH_MD5, TLS_HASH_SHA, TLS_HASH_SHA256 }
enum	tls_cipher_type { TLS_CIPHER_STREAM, TLS_CIPHER_BLOCK }

Functions
const struct tls_cipher_suite *	tls_get_cipher_suite (u16 suite)
	Get TLS cipher suite. More...
const struct tls_cipher_data *	tls_get_cipher_data (tls_cipher cipher)
int	tls_server_key_exchange_allowed (tls_cipher cipher)
int	tls_parse_cert (const u8 *buf, size_t len, struct crypto_public_key **pk)
	Parse DER encoded X.509 certificate and get public key. More...
int	tls_verify_hash_init (struct tls_verify_hash *verify)
void	tls_verify_hash_add (struct tls_verify_hash *verify, const u8 *buf, size_t len)
void	tls_verify_hash_free (struct tls_verify_hash *verify)
int	tls_version_ok (u16 ver)
const char *	tls_version_str (u16 ver)
int	tls_prf (u16 ver, const u8 *secret, size_t secret_len, const char *label, const u8 *seed, size_t seed_len, u8 *out, size_t outlen)
int	tlsv12_key_x_server_params_hash (u16 tls_version, const u8 *client_random, const u8 *server_random, const u8 *server_params, size_t server_params_len, u8 *hash)
int	tls_key_x_server_params_hash (u16 tls_version, const u8 *client_random, const u8 *server_random, const u8 *server_params, size_t server_params_len, u8 *hash)
int	tls_verify_signature (u16 tls_version, struct crypto_public_key *pk, const u8 *data, size_t data_len, const u8 *pos, size_t len, u8 *alert)

Detailed Description

TLSv1 common definitions.

Function Documentation

const struct tls_cipher_suite* tls_get_cipher_suite

(

u16

suite

)

Get TLS cipher suite.

Parameters

suite

Cipher suite identifier

Returns

Pointer to the cipher data or NULL if not found

int tls_parse_cert	(	const u8 *	buf,
		size_t	len,
		struct crypto_public_key **	pk
	)

Parse DER encoded X.509 certificate and get public key.

Parameters

buf	ASN.1 DER encoded certificate
len	Length of the buffer
pk	Buffer for returning the allocated public key

Returns

0 on success, -1 on failure

This functions parses an ASN.1 DER encoded X.509 certificate and retrieves the public key from it. The caller is responsible for freeing the public key by calling crypto_public_key_free().