tlsv1_common.h revision d7ff03d48f825360eec2a371e3361306f2fd721b
18d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/* 28d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * TLSv1 common definitions 3818ea489ef32dcdc7c098d8a336d6e1dd8996112Dmitry Shmidt * Copyright (c) 2006-2014, Jouni Malinen <j@w1.fi> 48d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 5c5ec7f57ead87efa365800228aa0b09a12d9e6c4Dmitry Shmidt * This software may be distributed under the terms of the BSD license. 6c5ec7f57ead87efa365800228aa0b09a12d9e6c4Dmitry Shmidt * See README for more details. 78d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 88d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 98d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#ifndef TLSV1_COMMON_H 108d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLSV1_COMMON_H 118d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 128d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#include "crypto/crypto.h" 138d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 141f69aa52ea2e0a73ac502565df8c666ee49cab6aDmitry Shmidt#define TLS_VERSION_1 0x0301 /* TLSv1 */ 151f69aa52ea2e0a73ac502565df8c666ee49cab6aDmitry Shmidt#define TLS_VERSION_1_1 0x0302 /* TLSv1.1 */ 161f69aa52ea2e0a73ac502565df8c666ee49cab6aDmitry Shmidt#define TLS_VERSION_1_2 0x0303 /* TLSv1.2 */ 171f69aa52ea2e0a73ac502565df8c666ee49cab6aDmitry Shmidt#ifdef CONFIG_TLSV12 181f69aa52ea2e0a73ac502565df8c666ee49cab6aDmitry Shmidt#define TLS_VERSION TLS_VERSION_1_2 191f69aa52ea2e0a73ac502565df8c666ee49cab6aDmitry Shmidt#else /* CONFIG_TLSV12 */ 201f69aa52ea2e0a73ac502565df8c666ee49cab6aDmitry Shmidt#ifdef CONFIG_TLSV11 211f69aa52ea2e0a73ac502565df8c666ee49cab6aDmitry Shmidt#define TLS_VERSION TLS_VERSION_1_1 221f69aa52ea2e0a73ac502565df8c666ee49cab6aDmitry Shmidt#else /* CONFIG_TLSV11 */ 231f69aa52ea2e0a73ac502565df8c666ee49cab6aDmitry Shmidt#define TLS_VERSION TLS_VERSION_1 241f69aa52ea2e0a73ac502565df8c666ee49cab6aDmitry Shmidt#endif /* CONFIG_TLSV11 */ 251f69aa52ea2e0a73ac502565df8c666ee49cab6aDmitry Shmidt#endif /* CONFIG_TLSV12 */ 268d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_RANDOM_LEN 32 278d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_PRE_MASTER_SECRET_LEN 48 288d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_MASTER_SECRET_LEN 48 298d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_SESSION_ID_MAX_LEN 32 308d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_VERIFY_DATA_LEN 12 318d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 328d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/* HandshakeType */ 338d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtenum { 348d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt TLS_HANDSHAKE_TYPE_HELLO_REQUEST = 0, 358d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt TLS_HANDSHAKE_TYPE_CLIENT_HELLO = 1, 368d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt TLS_HANDSHAKE_TYPE_SERVER_HELLO = 2, 378d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt TLS_HANDSHAKE_TYPE_NEW_SESSION_TICKET = 4 /* RFC 4507 */, 388d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt TLS_HANDSHAKE_TYPE_CERTIFICATE = 11, 398d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt TLS_HANDSHAKE_TYPE_SERVER_KEY_EXCHANGE = 12, 408d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt TLS_HANDSHAKE_TYPE_CERTIFICATE_REQUEST = 13, 418d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt TLS_HANDSHAKE_TYPE_SERVER_HELLO_DONE = 14, 428d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt TLS_HANDSHAKE_TYPE_CERTIFICATE_VERIFY = 15, 438d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt TLS_HANDSHAKE_TYPE_CLIENT_KEY_EXCHANGE = 16, 448d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt TLS_HANDSHAKE_TYPE_FINISHED = 20, 458d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt TLS_HANDSHAKE_TYPE_CERTIFICATE_URL = 21 /* RFC 4366 */, 468d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt TLS_HANDSHAKE_TYPE_CERTIFICATE_STATUS = 22 /* RFC 4366 */ 478d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt}; 488d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 498d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/* CipherSuite */ 508d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_NULL_WITH_NULL_NULL 0x0000 /* RFC 2246 */ 518d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_RSA_WITH_NULL_MD5 0x0001 /* RFC 2246 */ 528d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_RSA_WITH_NULL_SHA 0x0002 /* RFC 2246 */ 538d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_RSA_EXPORT_WITH_RC4_40_MD5 0x0003 /* RFC 2246 */ 548d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_RSA_WITH_RC4_128_MD5 0x0004 /* RFC 2246 */ 558d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_RSA_WITH_RC4_128_SHA 0x0005 /* RFC 2246 */ 568d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 0x0006 /* RFC 2246 */ 578d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_RSA_WITH_IDEA_CBC_SHA 0x0007 /* RFC 2246 */ 588d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_RSA_EXPORT_WITH_DES40_CBC_SHA 0x0008 /* RFC 2246 */ 598d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_RSA_WITH_DES_CBC_SHA 0x0009 /* RFC 2246 */ 608d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_RSA_WITH_3DES_EDE_CBC_SHA 0x000A /* RFC 2246 */ 618d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA 0x000B /* RFC 2246 */ 628d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_DH_DSS_WITH_DES_CBC_SHA 0x000C /* RFC 2246 */ 638d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA 0x000D /* RFC 2246 */ 648d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA 0x000E /* RFC 2246 */ 658d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_DH_RSA_WITH_DES_CBC_SHA 0x000F /* RFC 2246 */ 668d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA 0x0010 /* RFC 2246 */ 678d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA 0x0011 /* RFC 2246 */ 688d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_DHE_DSS_WITH_DES_CBC_SHA 0x0012 /* RFC 2246 */ 698d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA 0x0013 /* RFC 2246 */ 708d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA 0x0014 /* RFC 2246 */ 718d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_DHE_RSA_WITH_DES_CBC_SHA 0x0015 /* RFC 2246 */ 728d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 0x0016 /* RFC 2246 */ 738d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 0x0017 /* RFC 2246 */ 748d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_DH_anon_WITH_RC4_128_MD5 0x0018 /* RFC 2246 */ 758d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA 0x0019 /* RFC 2246 */ 768d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_DH_anon_WITH_DES_CBC_SHA 0x001A /* RFC 2246 */ 778d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_DH_anon_WITH_3DES_EDE_CBC_SHA 0x001B /* RFC 2246 */ 788d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_RSA_WITH_AES_128_CBC_SHA 0x002F /* RFC 3268 */ 798d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_DH_DSS_WITH_AES_128_CBC_SHA 0x0030 /* RFC 3268 */ 808d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_DH_RSA_WITH_AES_128_CBC_SHA 0x0031 /* RFC 3268 */ 818d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA 0x0032 /* RFC 3268 */ 828d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA 0x0033 /* RFC 3268 */ 838d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_DH_anon_WITH_AES_128_CBC_SHA 0x0034 /* RFC 3268 */ 848d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_RSA_WITH_AES_256_CBC_SHA 0x0035 /* RFC 3268 */ 858d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_DH_DSS_WITH_AES_256_CBC_SHA 0x0036 /* RFC 3268 */ 868d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_DH_RSA_WITH_AES_256_CBC_SHA 0x0037 /* RFC 3268 */ 878d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA 0x0038 /* RFC 3268 */ 888d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA 0x0039 /* RFC 3268 */ 898d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_DH_anon_WITH_AES_256_CBC_SHA 0x003A /* RFC 3268 */ 901f69aa52ea2e0a73ac502565df8c666ee49cab6aDmitry Shmidt#define TLS_RSA_WITH_NULL_SHA256 0x003B /* RFC 5246 */ 911f69aa52ea2e0a73ac502565df8c666ee49cab6aDmitry Shmidt#define TLS_RSA_WITH_AES_128_CBC_SHA256 0x003C /* RFC 5246 */ 921f69aa52ea2e0a73ac502565df8c666ee49cab6aDmitry Shmidt#define TLS_RSA_WITH_AES_256_CBC_SHA256 0x003D /* RFC 5246 */ 931f69aa52ea2e0a73ac502565df8c666ee49cab6aDmitry Shmidt#define TLS_DH_DSS_WITH_AES_128_CBC_SHA256 0x003E /* RFC 5246 */ 941f69aa52ea2e0a73ac502565df8c666ee49cab6aDmitry Shmidt#define TLS_DH_RSA_WITH_AES_128_CBC_SHA256 0x003F /* RFC 5246 */ 951f69aa52ea2e0a73ac502565df8c666ee49cab6aDmitry Shmidt#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 0x0040 /* RFC 5246 */ 961f69aa52ea2e0a73ac502565df8c666ee49cab6aDmitry Shmidt#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 0x0067 /* RFC 5246 */ 971f69aa52ea2e0a73ac502565df8c666ee49cab6aDmitry Shmidt#define TLS_DH_DSS_WITH_AES_256_CBC_SHA256 0x0068 /* RFC 5246 */ 981f69aa52ea2e0a73ac502565df8c666ee49cab6aDmitry Shmidt#define TLS_DH_RSA_WITH_AES_256_CBC_SHA256 0x0069 /* RFC 5246 */ 991f69aa52ea2e0a73ac502565df8c666ee49cab6aDmitry Shmidt#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 0x006A /* RFC 5246 */ 1001f69aa52ea2e0a73ac502565df8c666ee49cab6aDmitry Shmidt#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 0x006B /* RFC 5246 */ 1011f69aa52ea2e0a73ac502565df8c666ee49cab6aDmitry Shmidt#define TLS_DH_anon_WITH_AES_128_CBC_SHA256 0x006C /* RFC 5246 */ 1021f69aa52ea2e0a73ac502565df8c666ee49cab6aDmitry Shmidt#define TLS_DH_anon_WITH_AES_256_CBC_SHA256 0x006D /* RFC 5246 */ 1038d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1048d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/* CompressionMethod */ 1058d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_COMPRESSION_NULL 0 1068d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1071f69aa52ea2e0a73ac502565df8c666ee49cab6aDmitry Shmidt/* HashAlgorithm */ 1081f69aa52ea2e0a73ac502565df8c666ee49cab6aDmitry Shmidtenum { 1091f69aa52ea2e0a73ac502565df8c666ee49cab6aDmitry Shmidt TLS_HASH_ALG_NONE = 0, 1101f69aa52ea2e0a73ac502565df8c666ee49cab6aDmitry Shmidt TLS_HASH_ALG_MD5 = 1, 1111f69aa52ea2e0a73ac502565df8c666ee49cab6aDmitry Shmidt TLS_HASH_ALG_SHA1 = 2, 1121f69aa52ea2e0a73ac502565df8c666ee49cab6aDmitry Shmidt TLS_HASH_ALG_SHA224 = 3, 1131f69aa52ea2e0a73ac502565df8c666ee49cab6aDmitry Shmidt TLS_HASH_ALG_SHA256 = 4, 1141f69aa52ea2e0a73ac502565df8c666ee49cab6aDmitry Shmidt TLS_HASH_ALG_SHA384 = 5, 1151f69aa52ea2e0a73ac502565df8c666ee49cab6aDmitry Shmidt TLS_HASH_ALG_SHA512 = 6 1161f69aa52ea2e0a73ac502565df8c666ee49cab6aDmitry Shmidt}; 1171f69aa52ea2e0a73ac502565df8c666ee49cab6aDmitry Shmidt 1181f69aa52ea2e0a73ac502565df8c666ee49cab6aDmitry Shmidt/* SignatureAlgorithm */ 1191f69aa52ea2e0a73ac502565df8c666ee49cab6aDmitry Shmidtenum { 1201f69aa52ea2e0a73ac502565df8c666ee49cab6aDmitry Shmidt TLS_SIGN_ALG_ANONYMOUS = 0, 1211f69aa52ea2e0a73ac502565df8c666ee49cab6aDmitry Shmidt TLS_SIGN_ALG_RSA = 1, 1221f69aa52ea2e0a73ac502565df8c666ee49cab6aDmitry Shmidt TLS_SIGN_ALG_DSA = 2, 1231f69aa52ea2e0a73ac502565df8c666ee49cab6aDmitry Shmidt TLS_SIGN_ALG_ECDSA = 3, 1241f69aa52ea2e0a73ac502565df8c666ee49cab6aDmitry Shmidt}; 1251f69aa52ea2e0a73ac502565df8c666ee49cab6aDmitry Shmidt 1268d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/* AlertLevel */ 1278d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_ALERT_LEVEL_WARNING 1 1288d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_ALERT_LEVEL_FATAL 2 1298d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1308d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/* AlertDescription */ 1318d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_ALERT_CLOSE_NOTIFY 0 1328d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_ALERT_UNEXPECTED_MESSAGE 10 1338d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_ALERT_BAD_RECORD_MAC 20 1348d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_ALERT_DECRYPTION_FAILED 21 1358d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_ALERT_RECORD_OVERFLOW 22 1368d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_ALERT_DECOMPRESSION_FAILURE 30 1378d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_ALERT_HANDSHAKE_FAILURE 40 1388d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_ALERT_BAD_CERTIFICATE 42 1398d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_ALERT_UNSUPPORTED_CERTIFICATE 43 1408d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_ALERT_CERTIFICATE_REVOKED 44 1418d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_ALERT_CERTIFICATE_EXPIRED 45 1428d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_ALERT_CERTIFICATE_UNKNOWN 46 1438d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_ALERT_ILLEGAL_PARAMETER 47 1448d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_ALERT_UNKNOWN_CA 48 1458d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_ALERT_ACCESS_DENIED 49 1468d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_ALERT_DECODE_ERROR 50 1478d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_ALERT_DECRYPT_ERROR 51 1488d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_ALERT_EXPORT_RESTRICTION 60 1498d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_ALERT_PROTOCOL_VERSION 70 1508d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_ALERT_INSUFFICIENT_SECURITY 71 1518d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_ALERT_INTERNAL_ERROR 80 1528d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_ALERT_USER_CANCELED 90 1538d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_ALERT_NO_RENEGOTIATION 100 1548d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_ALERT_UNSUPPORTED_EXTENSION 110 /* RFC 4366 */ 1558d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_ALERT_CERTIFICATE_UNOBTAINABLE 111 /* RFC 4366 */ 1568d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_ALERT_UNRECOGNIZED_NAME 112 /* RFC 4366 */ 1578d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_ALERT_BAD_CERTIFICATE_STATUS_RESPONSE 113 /* RFC 4366 */ 1588d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_ALERT_BAD_CERTIFICATE_HASH_VALUE 114 /* RFC 4366 */ 1598d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1608d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/* ChangeCipherSpec */ 1618d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtenum { 1628d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt TLS_CHANGE_CIPHER_SPEC = 1 1638d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt}; 1648d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1658d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/* TLS Extensions */ 1668d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_EXT_SERVER_NAME 0 /* RFC 4366 */ 1678d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_EXT_MAX_FRAGMENT_LENGTH 1 /* RFC 4366 */ 1688d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_EXT_CLIENT_CERTIFICATE_URL 2 /* RFC 4366 */ 1698d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_EXT_TRUSTED_CA_KEYS 3 /* RFC 4366 */ 1708d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_EXT_TRUNCATED_HMAC 4 /* RFC 4366 */ 1718d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_EXT_STATUS_REQUEST 5 /* RFC 4366 */ 172d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt#define TLS_EXT_SIGNATURE_ALGORITHMS 13 /* RFC 5246 */ 1738d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_EXT_SESSION_TICKET 35 /* RFC 4507 */ 1748d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1758d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define TLS_EXT_PAC_OPAQUE TLS_EXT_SESSION_TICKET /* EAP-FAST terminology */ 1768d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1778d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1788d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidttypedef enum { 1798d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt TLS_KEY_X_NULL, 1808d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt TLS_KEY_X_RSA, 1818d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt TLS_KEY_X_RSA_EXPORT, 1828d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt TLS_KEY_X_DH_DSS_EXPORT, 1838d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt TLS_KEY_X_DH_DSS, 1848d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt TLS_KEY_X_DH_RSA_EXPORT, 1858d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt TLS_KEY_X_DH_RSA, 1868d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt TLS_KEY_X_DHE_DSS_EXPORT, 1878d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt TLS_KEY_X_DHE_DSS, 1888d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt TLS_KEY_X_DHE_RSA_EXPORT, 1898d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt TLS_KEY_X_DHE_RSA, 1908d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt TLS_KEY_X_DH_anon_EXPORT, 1918d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt TLS_KEY_X_DH_anon 1928d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt} tls_key_exchange; 1938d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1948d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidttypedef enum { 1958d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt TLS_CIPHER_NULL, 1968d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt TLS_CIPHER_RC4_40, 1978d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt TLS_CIPHER_RC4_128, 1988d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt TLS_CIPHER_RC2_CBC_40, 1998d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt TLS_CIPHER_IDEA_CBC, 2008d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt TLS_CIPHER_DES40_CBC, 2018d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt TLS_CIPHER_DES_CBC, 2028d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt TLS_CIPHER_3DES_EDE_CBC, 2038d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt TLS_CIPHER_AES_128_CBC, 2048d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt TLS_CIPHER_AES_256_CBC 2058d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt} tls_cipher; 2068d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2078d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidttypedef enum { 2088d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt TLS_HASH_NULL, 2098d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt TLS_HASH_MD5, 2101f69aa52ea2e0a73ac502565df8c666ee49cab6aDmitry Shmidt TLS_HASH_SHA, 2111f69aa52ea2e0a73ac502565df8c666ee49cab6aDmitry Shmidt TLS_HASH_SHA256 2128d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt} tls_hash; 2138d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2148d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtstruct tls_cipher_suite { 2158d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u16 suite; 2168d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt tls_key_exchange key_exchange; 2178d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt tls_cipher cipher; 2188d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt tls_hash hash; 2198d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt}; 2208d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2218d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidttypedef enum { 2228d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt TLS_CIPHER_STREAM, 2238d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt TLS_CIPHER_BLOCK 2248d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt} tls_cipher_type; 2258d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2268d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtstruct tls_cipher_data { 2278d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt tls_cipher cipher; 2288d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt tls_cipher_type type; 2298d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt size_t key_material; 2308d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt size_t expanded_key_material; 2318d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt size_t block_size; /* also iv_size */ 2328d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt enum crypto_cipher_alg alg; 2338d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt}; 2348d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2358d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2368d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtstruct tls_verify_hash { 2378d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt struct crypto_hash *md5_client; 2388d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt struct crypto_hash *sha1_client; 2391f69aa52ea2e0a73ac502565df8c666ee49cab6aDmitry Shmidt struct crypto_hash *sha256_client; 2408d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt struct crypto_hash *md5_server; 2418d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt struct crypto_hash *sha1_server; 2421f69aa52ea2e0a73ac502565df8c666ee49cab6aDmitry Shmidt struct crypto_hash *sha256_server; 2438d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt struct crypto_hash *md5_cert; 2448d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt struct crypto_hash *sha1_cert; 2451f69aa52ea2e0a73ac502565df8c666ee49cab6aDmitry Shmidt struct crypto_hash *sha256_cert; 2468d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt}; 2478d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2488d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2498d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtconst struct tls_cipher_suite * tls_get_cipher_suite(u16 suite); 2508d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtconst struct tls_cipher_data * tls_get_cipher_data(tls_cipher cipher); 2518d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtint tls_server_key_exchange_allowed(tls_cipher cipher); 2528d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtint tls_parse_cert(const u8 *buf, size_t len, struct crypto_public_key **pk); 2538d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtint tls_verify_hash_init(struct tls_verify_hash *verify); 2548d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtvoid tls_verify_hash_add(struct tls_verify_hash *verify, const u8 *buf, 2558d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt size_t len); 2568d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtvoid tls_verify_hash_free(struct tls_verify_hash *verify); 2571f69aa52ea2e0a73ac502565df8c666ee49cab6aDmitry Shmidtint tls_version_ok(u16 ver); 2581f69aa52ea2e0a73ac502565df8c666ee49cab6aDmitry Shmidtconst char * tls_version_str(u16 ver); 2591f69aa52ea2e0a73ac502565df8c666ee49cab6aDmitry Shmidtint tls_prf(u16 ver, const u8 *secret, size_t secret_len, const char *label, 2601f69aa52ea2e0a73ac502565df8c666ee49cab6aDmitry Shmidt const u8 *seed, size_t seed_len, u8 *out, size_t outlen); 261d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidtint tlsv12_key_x_server_params_hash(u16 tls_version, u8 hash_Alg, 262d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt const u8 *client_random, 263818ea489ef32dcdc7c098d8a336d6e1dd8996112Dmitry Shmidt const u8 *server_random, 264818ea489ef32dcdc7c098d8a336d6e1dd8996112Dmitry Shmidt const u8 *server_params, 265818ea489ef32dcdc7c098d8a336d6e1dd8996112Dmitry Shmidt size_t server_params_len, u8 *hash); 266818ea489ef32dcdc7c098d8a336d6e1dd8996112Dmitry Shmidtint tls_key_x_server_params_hash(u16 tls_version, const u8 *client_random, 267818ea489ef32dcdc7c098d8a336d6e1dd8996112Dmitry Shmidt const u8 *server_random, 268818ea489ef32dcdc7c098d8a336d6e1dd8996112Dmitry Shmidt const u8 *server_params, 269818ea489ef32dcdc7c098d8a336d6e1dd8996112Dmitry Shmidt size_t server_params_len, u8 *hash); 270818ea489ef32dcdc7c098d8a336d6e1dd8996112Dmitry Shmidtint tls_verify_signature(u16 tls_version, struct crypto_public_key *pk, 271818ea489ef32dcdc7c098d8a336d6e1dd8996112Dmitry Shmidt const u8 *data, size_t data_len, 272818ea489ef32dcdc7c098d8a336d6e1dd8996112Dmitry Shmidt const u8 *pos, size_t len, u8 *alert); 2738d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2748d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#endif /* TLSV1_COMMON_H */ 275