1526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt/* 2526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt * TLSv1 common definitions 3526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt * Copyright (c) 2006-2007, Jouni Malinen <j@w1.fi> 4526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt * 5526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt * This program is free software; you can redistribute it and/or modify 6526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt * it under the terms of the GNU General Public License version 2 as 7526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt * published by the Free Software Foundation. 8526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt * 9526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt * Alternatively, this software may be distributed under the terms of BSD 10526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt * license. 11526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt * 12526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt * See README and COPYING for more details. 13526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt */ 14526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt 15526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#ifndef TLSV1_COMMON_H 16526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLSV1_COMMON_H 17526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt 18526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#include "crypto.h" 19526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt 20526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_VERSION 0x0301 /* TLSv1 */ 21526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_RANDOM_LEN 32 22526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_PRE_MASTER_SECRET_LEN 48 23526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_MASTER_SECRET_LEN 48 24526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_SESSION_ID_MAX_LEN 32 25526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_VERIFY_DATA_LEN 12 26526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt 27526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt/* HandshakeType */ 28526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidtenum { 29526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt TLS_HANDSHAKE_TYPE_HELLO_REQUEST = 0, 30526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt TLS_HANDSHAKE_TYPE_CLIENT_HELLO = 1, 31526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt TLS_HANDSHAKE_TYPE_SERVER_HELLO = 2, 32526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt TLS_HANDSHAKE_TYPE_NEW_SESSION_TICKET = 4 /* RFC 4507 */, 33526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt TLS_HANDSHAKE_TYPE_CERTIFICATE = 11, 34526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt TLS_HANDSHAKE_TYPE_SERVER_KEY_EXCHANGE = 12, 35526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt TLS_HANDSHAKE_TYPE_CERTIFICATE_REQUEST = 13, 36526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt TLS_HANDSHAKE_TYPE_SERVER_HELLO_DONE = 14, 37526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt TLS_HANDSHAKE_TYPE_CERTIFICATE_VERIFY = 15, 38526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt TLS_HANDSHAKE_TYPE_CLIENT_KEY_EXCHANGE = 16, 39526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt TLS_HANDSHAKE_TYPE_FINISHED = 20, 40526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt TLS_HANDSHAKE_TYPE_CERTIFICATE_URL = 21 /* RFC 4366 */, 41526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt TLS_HANDSHAKE_TYPE_CERTIFICATE_STATUS = 22 /* RFC 4366 */ 42526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt}; 43526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt 44526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt/* CipherSuite */ 45526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_NULL_WITH_NULL_NULL 0x0000 /* RFC 2246 */ 46526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_RSA_WITH_NULL_MD5 0x0001 /* RFC 2246 */ 47526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_RSA_WITH_NULL_SHA 0x0002 /* RFC 2246 */ 48526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_RSA_EXPORT_WITH_RC4_40_MD5 0x0003 /* RFC 2246 */ 49526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_RSA_WITH_RC4_128_MD5 0x0004 /* RFC 2246 */ 50526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_RSA_WITH_RC4_128_SHA 0x0005 /* RFC 2246 */ 51526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 0x0006 /* RFC 2246 */ 52526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_RSA_WITH_IDEA_CBC_SHA 0x0007 /* RFC 2246 */ 53526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_RSA_EXPORT_WITH_DES40_CBC_SHA 0x0008 /* RFC 2246 */ 54526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_RSA_WITH_DES_CBC_SHA 0x0009 /* RFC 2246 */ 55526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_RSA_WITH_3DES_EDE_CBC_SHA 0x000A /* RFC 2246 */ 56526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA 0x000B /* RFC 2246 */ 57526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_DH_DSS_WITH_DES_CBC_SHA 0x000C /* RFC 2246 */ 58526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA 0x000D /* RFC 2246 */ 59526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA 0x000E /* RFC 2246 */ 60526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_DH_RSA_WITH_DES_CBC_SHA 0x000F /* RFC 2246 */ 61526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA 0x0010 /* RFC 2246 */ 62526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA 0x0011 /* RFC 2246 */ 63526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_DHE_DSS_WITH_DES_CBC_SHA 0x0012 /* RFC 2246 */ 64526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA 0x0013 /* RFC 2246 */ 65526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA 0x0014 /* RFC 2246 */ 66526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_DHE_RSA_WITH_DES_CBC_SHA 0x0015 /* RFC 2246 */ 67526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 0x0016 /* RFC 2246 */ 68526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 0x0017 /* RFC 2246 */ 69526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_DH_anon_WITH_RC4_128_MD5 0x0018 /* RFC 2246 */ 70526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA 0x0019 /* RFC 2246 */ 71526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_DH_anon_WITH_DES_CBC_SHA 0x001A /* RFC 2246 */ 72526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_DH_anon_WITH_3DES_EDE_CBC_SHA 0x001B /* RFC 2246 */ 73526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_RSA_WITH_AES_128_CBC_SHA 0x002F /* RFC 3268 */ 74526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_DH_DSS_WITH_AES_128_CBC_SHA 0x0030 /* RFC 3268 */ 75526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_DH_RSA_WITH_AES_128_CBC_SHA 0x0031 /* RFC 3268 */ 76526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA 0x0032 /* RFC 3268 */ 77526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA 0x0033 /* RFC 3268 */ 78526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_DH_anon_WITH_AES_128_CBC_SHA 0x0034 /* RFC 3268 */ 79526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_RSA_WITH_AES_256_CBC_SHA 0x0035 /* RFC 3268 */ 80526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_DH_DSS_WITH_AES_256_CBC_SHA 0x0036 /* RFC 3268 */ 81526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_DH_RSA_WITH_AES_256_CBC_SHA 0x0037 /* RFC 3268 */ 82526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA 0x0038 /* RFC 3268 */ 83526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA 0x0039 /* RFC 3268 */ 84526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_DH_anon_WITH_AES_256_CBC_SHA 0x003A /* RFC 3268 */ 85526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt 86526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt/* CompressionMethod */ 87526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_COMPRESSION_NULL 0 88526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt 89526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt/* AlertLevel */ 90526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_ALERT_LEVEL_WARNING 1 91526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_ALERT_LEVEL_FATAL 2 92526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt 93526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt/* AlertDescription */ 94526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_ALERT_CLOSE_NOTIFY 0 95526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_ALERT_UNEXPECTED_MESSAGE 10 96526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_ALERT_BAD_RECORD_MAC 20 97526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_ALERT_DECRYPTION_FAILED 21 98526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_ALERT_RECORD_OVERFLOW 22 99526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_ALERT_DECOMPRESSION_FAILURE 30 100526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_ALERT_HANDSHAKE_FAILURE 40 101526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_ALERT_BAD_CERTIFICATE 42 102526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_ALERT_UNSUPPORTED_CERTIFICATE 43 103526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_ALERT_CERTIFICATE_REVOKED 44 104526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_ALERT_CERTIFICATE_EXPIRED 45 105526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_ALERT_CERTIFICATE_UNKNOWN 46 106526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_ALERT_ILLEGAL_PARAMETER 47 107526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_ALERT_UNKNOWN_CA 48 108526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_ALERT_ACCESS_DENIED 49 109526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_ALERT_DECODE_ERROR 50 110526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_ALERT_DECRYPT_ERROR 51 111526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_ALERT_EXPORT_RESTRICTION 60 112526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_ALERT_PROTOCOL_VERSION 70 113526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_ALERT_INSUFFICIENT_SECURITY 71 114526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_ALERT_INTERNAL_ERROR 80 115526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_ALERT_USER_CANCELED 90 116526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_ALERT_NO_RENEGOTIATION 100 117526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_ALERT_UNSUPPORTED_EXTENSION 110 /* RFC 4366 */ 118526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_ALERT_CERTIFICATE_UNOBTAINABLE 111 /* RFC 4366 */ 119526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_ALERT_UNRECOGNIZED_NAME 112 /* RFC 4366 */ 120526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_ALERT_BAD_CERTIFICATE_STATUS_RESPONSE 113 /* RFC 4366 */ 121526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_ALERT_BAD_CERTIFICATE_HASH_VALUE 114 /* RFC 4366 */ 122526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt 123526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt/* ChangeCipherSpec */ 124526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidtenum { 125526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt TLS_CHANGE_CIPHER_SPEC = 1 126526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt}; 127526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt 128526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt/* TLS Extensions */ 129526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_EXT_SERVER_NAME 0 /* RFC 4366 */ 130526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_EXT_MAX_FRAGMENT_LENGTH 1 /* RFC 4366 */ 131526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_EXT_CLIENT_CERTIFICATE_URL 2 /* RFC 4366 */ 132526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_EXT_TRUSTED_CA_KEYS 3 /* RFC 4366 */ 133526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_EXT_TRUNCATED_HMAC 4 /* RFC 4366 */ 134526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_EXT_STATUS_REQUEST 5 /* RFC 4366 */ 135526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_EXT_SESSION_TICKET 35 /* RFC 4507 */ 136526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt 137526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#define TLS_EXT_PAC_OPAQUE TLS_EXT_SESSION_TICKET /* EAP-FAST terminology */ 138526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt 139526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt 140526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidttypedef enum { 141526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt TLS_KEY_X_NULL, 142526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt TLS_KEY_X_RSA, 143526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt TLS_KEY_X_RSA_EXPORT, 144526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt TLS_KEY_X_DH_DSS_EXPORT, 145526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt TLS_KEY_X_DH_DSS, 146526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt TLS_KEY_X_DH_RSA_EXPORT, 147526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt TLS_KEY_X_DH_RSA, 148526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt TLS_KEY_X_DHE_DSS_EXPORT, 149526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt TLS_KEY_X_DHE_DSS, 150526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt TLS_KEY_X_DHE_RSA_EXPORT, 151526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt TLS_KEY_X_DHE_RSA, 152526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt TLS_KEY_X_DH_anon_EXPORT, 153526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt TLS_KEY_X_DH_anon 154526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt} tls_key_exchange; 155526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt 156526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidttypedef enum { 157526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt TLS_CIPHER_NULL, 158526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt TLS_CIPHER_RC4_40, 159526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt TLS_CIPHER_RC4_128, 160526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt TLS_CIPHER_RC2_CBC_40, 161526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt TLS_CIPHER_IDEA_CBC, 162526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt TLS_CIPHER_DES40_CBC, 163526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt TLS_CIPHER_DES_CBC, 164526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt TLS_CIPHER_3DES_EDE_CBC, 165526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt TLS_CIPHER_AES_128_CBC, 166526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt TLS_CIPHER_AES_256_CBC 167526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt} tls_cipher; 168526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt 169526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidttypedef enum { 170526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt TLS_HASH_NULL, 171526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt TLS_HASH_MD5, 172526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt TLS_HASH_SHA 173526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt} tls_hash; 174526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt 175526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidtstruct tls_cipher_suite { 176526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt u16 suite; 177526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt tls_key_exchange key_exchange; 178526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt tls_cipher cipher; 179526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt tls_hash hash; 180526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt}; 181526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt 182526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidttypedef enum { 183526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt TLS_CIPHER_STREAM, 184526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt TLS_CIPHER_BLOCK 185526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt} tls_cipher_type; 186526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt 187526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidtstruct tls_cipher_data { 188526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt tls_cipher cipher; 189526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt tls_cipher_type type; 190526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt size_t key_material; 191526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt size_t expanded_key_material; 192526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt size_t block_size; /* also iv_size */ 193526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt enum crypto_cipher_alg alg; 194526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt}; 195526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt 196526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt 197526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidtstruct tls_verify_hash { 198526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt struct crypto_hash *md5_client; 199526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt struct crypto_hash *sha1_client; 200526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt struct crypto_hash *md5_server; 201526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt struct crypto_hash *sha1_server; 202526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt struct crypto_hash *md5_cert; 203526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt struct crypto_hash *sha1_cert; 204526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt}; 205526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt 206526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt 207526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidtconst struct tls_cipher_suite * tls_get_cipher_suite(u16 suite); 208526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidtconst struct tls_cipher_data * tls_get_cipher_data(tls_cipher cipher); 209526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidtint tls_server_key_exchange_allowed(tls_cipher cipher); 210526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidtint tls_parse_cert(const u8 *buf, size_t len, struct crypto_public_key **pk); 211526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidtint tls_verify_hash_init(struct tls_verify_hash *verify); 212526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidtvoid tls_verify_hash_add(struct tls_verify_hash *verify, const u8 *buf, 213526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt size_t len); 214526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidtvoid tls_verify_hash_free(struct tls_verify_hash *verify); 215526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt 216526fc2a7dc09b4450086cdec313a5c44d36b10fdDmitry Shmidt#endif /* TLSV1_COMMON_H */ 217