tls.h File Reference

Transport Layer Security Protocol. More...

#include <stdint.h>
#include <gpxe/refcnt.h>
#include <gpxe/filter.h>
#include <gpxe/process.h>
#include <gpxe/crypto.h>
#include <gpxe/md5.h>
#include <gpxe/sha1.h>
#include <gpxe/x509.h>

Go to the source code of this file.

Data Structures
struct	tls_header
	A TLS header. More...
struct	tls_cipherspec
	A TLS cipher specification. More...
struct	tls_pre_master_secret
	TLS pre-master secret. More...
struct	tls_client_random
	TLS client random data. More...
struct	tls_session
	A TLS session. More...
Defines
#define	TLS_VERSION_TLS_1_0   0x0301
	TLS version 1.0.
#define	TLS_VERSION_TLS_1_1   0x0302
	TLS version 1.1.
#define	TLS_TYPE_CHANGE_CIPHER   20
	Change cipher content type.
#define	TLS_TYPE_ALERT   21
	Alert content type.
#define	TLS_TYPE_HANDSHAKE   22
	Handshake content type.
#define	TLS_TYPE_DATA   23
	Application data content type.
#define	TLS_HELLO_REQUEST   0
#define	TLS_CLIENT_HELLO   1
#define	TLS_SERVER_HELLO   2
#define	TLS_CERTIFICATE   11
#define	TLS_SERVER_KEY_EXCHANGE   12
#define	TLS_CERTIFICATE_REQUEST   13
#define	TLS_SERVER_HELLO_DONE   14
#define	TLS_CERTIFICATE_VERIFY   15
#define	TLS_CLIENT_KEY_EXCHANGE   16
#define	TLS_FINISHED   20
#define	TLS_ALERT_WARNING   1
#define	TLS_ALERT_FATAL   2
#define	TLS_RSA_WITH_NULL_MD5   0x0001
#define	TLS_RSA_WITH_NULL_SHA   0x0002
#define	TLS_RSA_WITH_AES_128_CBC_SHA   0x002f
#define	TLS_RSA_WITH_AES_256_CBC_SHA   0x0035
Enumerations
enum	tls_rx_state { TLS_RX_HEADER = 0, TLS_RX_DATA }
	TLS RX state machine state. More...
enum	tls_tx_state {   TLS_TX_NONE = 0, TLS_TX_CLIENT_HELLO, TLS_TX_CLIENT_KEY_EXCHANGE, TLS_TX_CHANGE_CIPHER,   TLS_TX_FINISHED, TLS_TX_DATA }
	TLS TX state machine state. More...
Functions
	FILE_LICENCE (GPL2_OR_LATER)
int	add_tls (struct xfer_interface *xfer, struct xfer_interface **next)

---

Detailed Description

Transport Layer Security Protocol.

Definition in file tls.h.

---

Define Documentation

#define TLS_VERSION_TLS_1_0   0x0301

TLS version 1.0.

Definition at line 38 of file tls.h.

Referenced by add_tls(), tls_new_server_hello(), tls_send_client_hello(), and tls_send_plaintext().

#define TLS_VERSION_TLS_1_1   0x0302

TLS version 1.1.

Definition at line 41 of file tls.h.

#define TLS_TYPE_CHANGE_CIPHER   20

Change cipher content type.

Definition at line 44 of file tls.h.

Referenced by tls_new_record(), and tls_send_change_cipher().

#define TLS_TYPE_ALERT   21

Alert content type.

Definition at line 47 of file tls.h.

Referenced by tls_new_record().

#define TLS_TYPE_HANDSHAKE   22

Handshake content type.

Definition at line 50 of file tls.h.

Referenced by tls_new_record(), and tls_send_handshake().

#define TLS_TYPE_DATA   23

Application data content type.

Definition at line 53 of file tls.h.

Referenced by tls_new_record(), and tls_plainstream_deliver_raw().

#define TLS_HELLO_REQUEST   0

Definition at line 56 of file tls.h.

Referenced by tls_new_handshake().

#define TLS_CLIENT_HELLO   1

Definition at line 57 of file tls.h.

Referenced by tls_send_client_hello().

#define TLS_SERVER_HELLO   2

Definition at line 58 of file tls.h.

Referenced by tls_new_handshake().

#define TLS_CERTIFICATE   11

Definition at line 59 of file tls.h.

Referenced by tls_new_handshake().

#define TLS_SERVER_KEY_EXCHANGE   12

Definition at line 60 of file tls.h.

#define TLS_CERTIFICATE_REQUEST   13

Definition at line 61 of file tls.h.

#define TLS_SERVER_HELLO_DONE   14

Definition at line 62 of file tls.h.

Referenced by tls_new_handshake().

#define TLS_CERTIFICATE_VERIFY   15

Definition at line 63 of file tls.h.

#define TLS_CLIENT_KEY_EXCHANGE   16

Definition at line 64 of file tls.h.

Referenced by tls_send_client_key_exchange().

#define TLS_FINISHED   20

Definition at line 65 of file tls.h.

Referenced by tls_new_handshake(), and tls_send_finished().

#define TLS_ALERT_WARNING   1

Definition at line 68 of file tls.h.

Referenced by tls_new_alert().

#define TLS_ALERT_FATAL   2

Definition at line 69 of file tls.h.

Referenced by tls_new_alert().

#define TLS_RSA_WITH_NULL_MD5   0x0001

Definition at line 72 of file tls.h.

#define TLS_RSA_WITH_NULL_SHA   0x0002

Definition at line 73 of file tls.h.

#define TLS_RSA_WITH_AES_128_CBC_SHA   0x002f

Definition at line 74 of file tls.h.

Referenced by tls_select_cipher(), and tls_send_client_hello().

#define TLS_RSA_WITH_AES_256_CBC_SHA   0x0035

Definition at line 75 of file tls.h.

Referenced by tls_select_cipher(), and tls_send_client_hello().

---

Enumeration Type Documentation

enum tls_rx_state

TLS RX state machine state.

Enumerator:

TLS_RX_HEADER
TLS_RX_DATA

Definition at line 78 of file tls.h.

                  {
        TLS_RX_HEADER = 0,
        TLS_RX_DATA,
};

enum tls_tx_state

TLS TX state machine state.

Enumerator:

TLS_TX_NONE
TLS_TX_CLIENT_HELLO
TLS_TX_CLIENT_KEY_EXCHANGE
TLS_TX_CHANGE_CIPHER
TLS_TX_FINISHED
TLS_TX_DATA

Definition at line 84 of file tls.h.

                  {
        TLS_TX_NONE = 0,
        TLS_TX_CLIENT_HELLO,
        TLS_TX_CLIENT_KEY_EXCHANGE,
        TLS_TX_CHANGE_CIPHER,
        TLS_TX_FINISHED,
        TLS_TX_DATA
};

---

Function Documentation

FILE_LICENCE

(

GPL2_OR_LATER

)

int add_tls	(	struct xfer_interface *	xfer,
		struct xfer_interface **	next
	)

Definition at line 1726 of file tls.c.

References tls_session::cipherstream, tls_session::client_random, digest_init(), ENOMEM, filter_init(), refcnt::free, free_tls(), tls_client_random::gmt_unix_time, tls_session::handshake_md5_ctx, tls_session::handshake_sha1_ctx, htons, malloc(), md5_algorithm, memset(), tls_session::plainstream, tls_session::pre_master_secret, tls_session::process, process_init(), tls_pre_master_secret::random, tls_client_random::random, ref_put(), tls_session::refcnt, tls_session::rx_cipherspec, tls_session::rx_cipherspec_pending, sha1_algorithm, tls_clear_cipher(), tls_generate_random(), tls_step(), TLS_TX_CLIENT_HELLO, TLS_VERSION_TLS_1_0, tls_session::tx_cipherspec, tls_session::tx_cipherspec_pending, tls_session::tx_state, tls_pre_master_secret::version, and xfer_filter_half::xfer.

Referenced by https_open().

                                                                          {
        struct tls_session *tls;

        /* Allocate and initialise TLS structure */
        tls = malloc ( sizeof ( *tls ) );
        if ( ! tls )
                return -ENOMEM;
        memset ( tls, 0, sizeof ( *tls ) );
        tls->refcnt.free = free_tls;
        filter_init ( &tls->plainstream, &tls_plainstream_operations,
                      &tls->cipherstream, &tls_cipherstream_operations,
                      &tls->refcnt );
        tls_clear_cipher ( tls, &tls->tx_cipherspec );
        tls_clear_cipher ( tls, &tls->tx_cipherspec_pending );
        tls_clear_cipher ( tls, &tls->rx_cipherspec );
        tls_clear_cipher ( tls, &tls->rx_cipherspec_pending );
        tls->client_random.gmt_unix_time = 0;
        tls_generate_random ( &tls->client_random.random,
                              ( sizeof ( tls->client_random.random ) ) );
        tls->pre_master_secret.version = htons ( TLS_VERSION_TLS_1_0 );
        tls_generate_random ( &tls->pre_master_secret.random,
                              ( sizeof ( tls->pre_master_secret.random ) ) );
        digest_init ( &md5_algorithm, tls->handshake_md5_ctx );
        digest_init ( &sha1_algorithm, tls->handshake_sha1_ctx );
        tls->tx_state = TLS_TX_CLIENT_HELLO;
        process_init ( &tls->process, tls_step, &tls->refcnt );

        /* Attach to parent interface, mortalise self, and return */
        xfer_plug_plug ( &tls->plainstream.xfer, xfer );
        *next = &tls->cipherstream.xfer;
        ref_put ( &tls->refcnt );
        return 0;
}