00001 #ifndef _GPXE_TLS_H 00002 #define _GPXE_TLS_H 00003 00004 /** 00005 * @file 00006 * 00007 * Transport Layer Security Protocol 00008 */ 00009 00010 FILE_LICENCE ( GPL2_OR_LATER ); 00011 00012 #include <stdint.h> 00013 #include <gpxe/refcnt.h> 00014 #include <gpxe/filter.h> 00015 #include <gpxe/process.h> 00016 #include <gpxe/crypto.h> 00017 #include <gpxe/md5.h> 00018 #include <gpxe/sha1.h> 00019 #include <gpxe/x509.h> 00020 00021 /** A TLS header */ 00022 struct tls_header { 00023 /** Content type 00024 * 00025 * This is a TLS_TYPE_XXX constant 00026 */ 00027 uint8_t type; 00028 /** Protocol version 00029 * 00030 * This is a TLS_VERSION_XXX constant 00031 */ 00032 uint16_t version; 00033 /** Length of payload */ 00034 uint16_t length; 00035 } __attribute__ (( packed )); 00036 00037 /** TLS version 1.0 */ 00038 #define TLS_VERSION_TLS_1_0 0x0301 00039 00040 /** TLS version 1.1 */ 00041 #define TLS_VERSION_TLS_1_1 0x0302 00042 00043 /** Change cipher content type */ 00044 #define TLS_TYPE_CHANGE_CIPHER 20 00045 00046 /** Alert content type */ 00047 #define TLS_TYPE_ALERT 21 00048 00049 /** Handshake content type */ 00050 #define TLS_TYPE_HANDSHAKE 22 00051 00052 /** Application data content type */ 00053 #define TLS_TYPE_DATA 23 00054 00055 /* Handshake message types */ 00056 #define TLS_HELLO_REQUEST 0 00057 #define TLS_CLIENT_HELLO 1 00058 #define TLS_SERVER_HELLO 2 00059 #define TLS_CERTIFICATE 11 00060 #define TLS_SERVER_KEY_EXCHANGE 12 00061 #define TLS_CERTIFICATE_REQUEST 13 00062 #define TLS_SERVER_HELLO_DONE 14 00063 #define TLS_CERTIFICATE_VERIFY 15 00064 #define TLS_CLIENT_KEY_EXCHANGE 16 00065 #define TLS_FINISHED 20 00066 00067 /* TLS alert levels */ 00068 #define TLS_ALERT_WARNING 1 00069 #define TLS_ALERT_FATAL 2 00070 00071 /* TLS cipher specifications */ 00072 #define TLS_RSA_WITH_NULL_MD5 0x0001 00073 #define TLS_RSA_WITH_NULL_SHA 0x0002 00074 #define TLS_RSA_WITH_AES_128_CBC_SHA 0x002f 00075 #define TLS_RSA_WITH_AES_256_CBC_SHA 0x0035 00076 00077 /** TLS RX state machine state */ 00078 enum tls_rx_state { 00079 TLS_RX_HEADER = 0, 00080 TLS_RX_DATA, 00081 }; 00082 00083 /** TLS TX state machine state */ 00084 enum tls_tx_state { 00085 TLS_TX_NONE = 0, 00086 TLS_TX_CLIENT_HELLO, 00087 TLS_TX_CLIENT_KEY_EXCHANGE, 00088 TLS_TX_CHANGE_CIPHER, 00089 TLS_TX_FINISHED, 00090 TLS_TX_DATA 00091 }; 00092 00093 /** A TLS cipher specification */ 00094 struct tls_cipherspec { 00095 /** Public-key encryption algorithm */ 00096 struct pubkey_algorithm *pubkey; 00097 /** Bulk encryption cipher algorithm */ 00098 struct cipher_algorithm *cipher; 00099 /** MAC digest algorithm */ 00100 struct digest_algorithm *digest; 00101 /** Key length */ 00102 size_t key_len; 00103 /** Dynamically-allocated storage */ 00104 void *dynamic; 00105 /** Public key encryption context */ 00106 void *pubkey_ctx; 00107 /** Bulk encryption cipher context */ 00108 void *cipher_ctx; 00109 /** Next bulk encryption cipher context (TX only) */ 00110 void *cipher_next_ctx; 00111 /** MAC secret */ 00112 void *mac_secret; 00113 }; 00114 00115 /** TLS pre-master secret */ 00116 struct tls_pre_master_secret { 00117 /** TLS version */ 00118 uint16_t version; 00119 /** Random data */ 00120 uint8_t random[46]; 00121 } __attribute__ (( packed )); 00122 00123 /** TLS client random data */ 00124 struct tls_client_random { 00125 /** GMT Unix time */ 00126 uint32_t gmt_unix_time; 00127 /** Random data */ 00128 uint8_t random[28]; 00129 } __attribute__ (( packed )); 00130 00131 /** A TLS session */ 00132 struct tls_session { 00133 /** Reference counter */ 00134 struct refcnt refcnt; 00135 00136 /** Plaintext stream */ 00137 struct xfer_filter_half plainstream; 00138 /** Ciphertext stream */ 00139 struct xfer_filter_half cipherstream; 00140 00141 /** Current TX cipher specification */ 00142 struct tls_cipherspec tx_cipherspec; 00143 /** Next TX cipher specification */ 00144 struct tls_cipherspec tx_cipherspec_pending; 00145 /** Current RX cipher specification */ 00146 struct tls_cipherspec rx_cipherspec; 00147 /** Next RX cipher specification */ 00148 struct tls_cipherspec rx_cipherspec_pending; 00149 /** Premaster secret */ 00150 struct tls_pre_master_secret pre_master_secret; 00151 /** Master secret */ 00152 uint8_t master_secret[48]; 00153 /** Server random bytes */ 00154 uint8_t server_random[32]; 00155 /** Client random bytes */ 00156 struct tls_client_random client_random; 00157 /** MD5 context for handshake verification */ 00158 uint8_t handshake_md5_ctx[MD5_CTX_SIZE]; 00159 /** SHA1 context for handshake verification */ 00160 uint8_t handshake_sha1_ctx[SHA1_CTX_SIZE]; 00161 00162 /** Hack: server RSA public key */ 00163 struct x509_rsa_public_key rsa; 00164 00165 /** TX sequence number */ 00166 uint64_t tx_seq; 00167 /** TX state */ 00168 enum tls_tx_state tx_state; 00169 /** TX process */ 00170 struct process process; 00171 00172 /** RX sequence number */ 00173 uint64_t rx_seq; 00174 /** RX state */ 00175 enum tls_rx_state rx_state; 00176 /** Offset within current RX state */ 00177 size_t rx_rcvd; 00178 /** Current received record header */ 00179 struct tls_header rx_header; 00180 /** Current received raw data buffer */ 00181 void *rx_data; 00182 }; 00183 00184 extern int add_tls ( struct xfer_interface *xfer, 00185 struct xfer_interface **next ); 00186 00187 #endif /* _GPXE_TLS_H */
1.5.7.1