1/*
2 * wpa_supplicant/hostapd: TLSv1 common definitions
3 * Copyright (c) 2006, Jouni Malinen <j@w1.fi>
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
8 *
9 * Alternatively, this software may be distributed under the terms of BSD
10 * license.
11 *
12 * See README and COPYING for more details.
13 */
14
15#ifndef TLSV1_COMMON
16#define TLSV1_COMMON
17
18#define TLS_VERSION 0x0301 /* TLSv1 */
19#define TLS_RANDOM_LEN 32
20#define TLS_PRE_MASTER_SECRET_LEN 48
21#define TLS_MASTER_SECRET_LEN 48
22#define TLS_SESSION_ID_MAX_LEN 32
23#define TLS_VERIFY_DATA_LEN 12
24#define TLS_MAX_WRITE_MAC_SECRET_LEN 20
25#define TLS_MAX_WRITE_KEY_LEN 32
26#define TLS_MAX_IV_LEN 16
27#define TLS_MAX_KEY_BLOCK_LEN (2 * (TLS_MAX_WRITE_MAC_SECRET_LEN + \
28				    TLS_MAX_WRITE_KEY_LEN + TLS_MAX_IV_LEN))
29#define TLS_SEQ_NUM_LEN 8
30#define TLS_RECORD_HEADER_LEN 5
31
32/* ContentType */
33enum {
34	TLS_CONTENT_TYPE_CHANGE_CIPHER_SPEC = 20,
35	TLS_CONTENT_TYPE_ALERT = 21,
36	TLS_CONTENT_TYPE_HANDSHAKE = 22,
37	TLS_CONTENT_TYPE_APPLICATION_DATA = 23
38};
39
40/* HandshakeType */
41enum {
42	TLS_HANDSHAKE_TYPE_HELLO_REQUEST = 0,
43	TLS_HANDSHAKE_TYPE_CLIENT_HELLO = 1,
44	TLS_HANDSHAKE_TYPE_SERVER_HELLO = 2,
45	TLS_HANDSHAKE_TYPE_CERTIFICATE = 11,
46	TLS_HANDSHAKE_TYPE_SERVER_KEY_EXCHANGE = 12,
47	TLS_HANDSHAKE_TYPE_CERTIFICATE_REQUEST = 13,
48	TLS_HANDSHAKE_TYPE_SERVER_HELLO_DONE = 14,
49	TLS_HANDSHAKE_TYPE_CERTIFICATE_VERIFY = 15,
50	TLS_HANDSHAKE_TYPE_CLIENT_KEY_EXCHANGE = 16,
51	TLS_HANDSHAKE_TYPE_FINISHED = 20
52};
53
54/* CipherSuite */
55#define TLS_NULL_WITH_NULL_NULL			0x0000 /* RFC 2246 */
56#define TLS_RSA_WITH_NULL_MD5			0x0001 /* RFC 2246 */
57#define TLS_RSA_WITH_NULL_SHA			0x0002 /* RFC 2246 */
58#define TLS_RSA_EXPORT_WITH_RC4_40_MD5		0x0003 /* RFC 2246 */
59#define TLS_RSA_WITH_RC4_128_MD5		0x0004 /* RFC 2246 */
60#define TLS_RSA_WITH_RC4_128_SHA		0x0005 /* RFC 2246 */
61#define TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5	0x0006 /* RFC 2246 */
62#define TLS_RSA_WITH_IDEA_CBC_SHA		0x0007 /* RFC 2246 */
63#define TLS_RSA_EXPORT_WITH_DES40_CBC_SHA	0x0008 /* RFC 2246 */
64#define TLS_RSA_WITH_DES_CBC_SHA		0x0009 /* RFC 2246 */
65#define TLS_RSA_WITH_3DES_EDE_CBC_SHA		0x000A /* RFC 2246 */
66#define TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA	0x000B /* RFC 2246 */
67#define TLS_DH_DSS_WITH_DES_CBC_SHA		0x000C /* RFC 2246 */
68#define TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA	0x000D /* RFC 2246 */
69#define TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA	0x000E /* RFC 2246 */
70#define TLS_DH_RSA_WITH_DES_CBC_SHA		0x000F /* RFC 2246 */
71#define TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA	0x0010 /* RFC 2246 */
72#define TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA	0x0011 /* RFC 2246 */
73#define TLS_DHE_DSS_WITH_DES_CBC_SHA		0x0012 /* RFC 2246 */
74#define TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA	0x0013 /* RFC 2246 */
75#define TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA	0x0014 /* RFC 2246 */
76#define TLS_DHE_RSA_WITH_DES_CBC_SHA		0x0015 /* RFC 2246 */
77#define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA	0x0016 /* RFC 2246 */
78#define TLS_DH_anon_EXPORT_WITH_RC4_40_MD5	0x0017 /* RFC 2246 */
79#define TLS_DH_anon_WITH_RC4_128_MD5		0x0018 /* RFC 2246 */
80#define TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA	0x0019 /* RFC 2246 */
81#define TLS_DH_anon_WITH_DES_CBC_SHA		0x001A /* RFC 2246 */
82#define TLS_DH_anon_WITH_3DES_EDE_CBC_SHA	0x001B /* RFC 2246 */
83#define TLS_RSA_WITH_AES_128_CBC_SHA		0x002F /* RFC 3268 */
84#define TLS_DH_DSS_WITH_AES_128_CBC_SHA		0x0030 /* RFC 3268 */
85#define TLS_DH_RSA_WITH_AES_128_CBC_SHA		0x0031 /* RFC 3268 */
86#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA	0x0032 /* RFC 3268 */
87#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA	0x0033 /* RFC 3268 */
88#define TLS_DH_anon_WITH_AES_128_CBC_SHA	0x0034 /* RFC 3268 */
89#define TLS_RSA_WITH_AES_256_CBC_SHA		0x0035 /* RFC 3268 */
90#define TLS_DH_DSS_WITH_AES_256_CBC_SHA		0x0036 /* RFC 3268 */
91#define TLS_DH_RSA_WITH_AES_256_CBC_SHA		0x0037 /* RFC 3268 */
92#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA	0x0038 /* RFC 3268 */
93#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA	0x0039 /* RFC 3268 */
94#define TLS_DH_anon_WITH_AES_256_CBC_SHA	0x003A /* RFC 3268 */
95
96/* CompressionMethod */
97#define TLS_COMPRESSION_NULL 0
98
99/* AlertLevel */
100#define TLS_ALERT_LEVEL_WARNING 1
101#define TLS_ALERT_LEVEL_FATAL 2
102
103/* AlertDescription */
104#define TLS_ALERT_CLOSE_NOTIFY			0
105#define TLS_ALERT_UNEXPECTED_MESSAGE		10
106#define TLS_ALERT_BAD_RECORD_MAC		20
107#define TLS_ALERT_DECRYPTION_FAILED		21
108#define TLS_ALERT_RECORD_OVERFLOW		22
109#define TLS_ALERT_DECOMPRESSION_FAILURE		30
110#define TLS_ALERT_HANDSHAKE_FAILURE		40
111#define TLS_ALERT_BAD_CERTIFICATE		42
112#define TLS_ALERT_UNSUPPORTED_CERTIFICATE	43
113#define TLS_ALERT_CERTIFICATE_REVOKED		44
114#define TLS_ALERT_CERTIFICATE_EXPIRED		45
115#define TLS_ALERT_CERTIFICATE_UNKNOWN		46
116#define TLS_ALERT_ILLEGAL_PARAMETER		47
117#define TLS_ALERT_UNKNOWN_CA			48
118#define TLS_ALERT_ACCESS_DENIED			49
119#define TLS_ALERT_DECODE_ERROR			50
120#define TLS_ALERT_DECRYPT_ERROR			51
121#define TLS_ALERT_EXPORT_RESTRICTION		60
122#define TLS_ALERT_PROTOCOL_VERSION		70
123#define TLS_ALERT_INSUFFICIENT_SECURITY		71
124#define TLS_ALERT_INTERNAL_ERROR		80
125#define TLS_ALERT_USER_CANCELED			90
126#define TLS_ALERT_NO_RENEGOTIATION		100
127
128/* ChangeCipherSpec */
129enum {
130	TLS_CHANGE_CIPHER_SPEC = 1
131};
132
133/* TLS Extensions */
134#define TLS_EXT_PAC_OPAQUE 35
135
136
137typedef enum {
138	TLS_KEY_X_NULL,
139	TLS_KEY_X_RSA,
140	TLS_KEY_X_RSA_EXPORT,
141	TLS_KEY_X_DH_DSS_EXPORT,
142	TLS_KEY_X_DH_DSS,
143	TLS_KEY_X_DH_RSA_EXPORT,
144	TLS_KEY_X_DH_RSA,
145	TLS_KEY_X_DHE_DSS_EXPORT,
146	TLS_KEY_X_DHE_DSS,
147	TLS_KEY_X_DHE_RSA_EXPORT,
148	TLS_KEY_X_DHE_RSA,
149	TLS_KEY_X_DH_anon_EXPORT,
150	TLS_KEY_X_DH_anon
151} tls_key_exchange;
152
153typedef enum {
154	TLS_CIPHER_NULL,
155	TLS_CIPHER_RC4_40,
156	TLS_CIPHER_RC4_128,
157	TLS_CIPHER_RC2_CBC_40,
158	TLS_CIPHER_IDEA_CBC,
159	TLS_CIPHER_DES40_CBC,
160	TLS_CIPHER_DES_CBC,
161	TLS_CIPHER_3DES_EDE_CBC,
162	TLS_CIPHER_AES_128_CBC,
163	TLS_CIPHER_AES_256_CBC
164} tls_cipher;
165
166typedef enum {
167	TLS_HASH_NULL,
168	TLS_HASH_MD5,
169	TLS_HASH_SHA
170} tls_hash;
171
172struct tls_cipher_suite {
173	u16 suite;
174	tls_key_exchange key_exchange;
175	tls_cipher cipher;
176	tls_hash hash;
177};
178
179typedef enum {
180	TLS_CIPHER_STREAM,
181	TLS_CIPHER_BLOCK
182} tls_cipher_type;
183
184struct tls_cipher_data {
185	tls_cipher cipher;
186	tls_cipher_type type;
187	size_t key_material;
188	size_t expanded_key_material;
189	size_t block_size; /* also iv_size */
190	enum crypto_cipher_alg alg;
191};
192
193
194struct tlsv1_record_layer {
195	u8 write_mac_secret[TLS_MAX_WRITE_MAC_SECRET_LEN];
196	u8 read_mac_secret[TLS_MAX_WRITE_MAC_SECRET_LEN];
197	u8 write_key[TLS_MAX_WRITE_KEY_LEN];
198	u8 read_key[TLS_MAX_WRITE_KEY_LEN];
199	u8 write_iv[TLS_MAX_IV_LEN];
200	u8 read_iv[TLS_MAX_IV_LEN];
201
202	size_t hash_size;
203	size_t key_material_len;
204	size_t iv_size; /* also block_size */
205
206	enum crypto_hash_alg hash_alg;
207	enum crypto_cipher_alg cipher_alg;
208
209	u8 write_seq_num[TLS_SEQ_NUM_LEN];
210	u8 read_seq_num[TLS_SEQ_NUM_LEN];
211
212	u16 cipher_suite;
213	u16 write_cipher_suite;
214	u16 read_cipher_suite;
215
216	struct crypto_cipher *write_cbc;
217	struct crypto_cipher *read_cbc;
218};
219
220
221const struct tls_cipher_suite * tls_get_cipher_suite(u16 suite);
222int tls_parse_cert(const u8 *buf, size_t len, struct crypto_public_key **pk);
223int tlsv1_record_set_cipher_suite(struct tlsv1_record_layer *rl,
224				  u16 cipher_suite);
225int tlsv1_record_change_write_cipher(struct tlsv1_record_layer *rl);
226int tlsv1_record_change_read_cipher(struct tlsv1_record_layer *rl);
227int tlsv1_record_send(struct tlsv1_record_layer *rl, u8 content_type, u8 *buf,
228		      size_t buf_size, size_t payload_len, size_t *out_len);
229int tlsv1_record_receive(struct tlsv1_record_layer *rl,
230			 const u8 *in_data, size_t in_len,
231			 u8 *out_data, size_t *out_len, u8 *alert);
232
233#endif /* TLSV1_COMMON_H */
234