Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
branch: master
Fetching contributors…

Octocat-spinner-32-eaf2f5

Cannot retrieve contributors at this time

file 234 lines (206 sloc) 7.588 kb
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233
/*
* wpa_supplicant/hostapd: TLSv1 common definitions
* Copyright (c) 2006, Jouni Malinen <j@w1.fi>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*
* Alternatively, this software may be distributed under the terms of BSD
* license.
*
* See README and COPYING for more details.
*/

#ifndef TLSV1_COMMON
#define TLSV1_COMMON

#define TLS_VERSION 0x0301 /* TLSv1 */
#define TLS_RANDOM_LEN 32
#define TLS_PRE_MASTER_SECRET_LEN 48
#define TLS_MASTER_SECRET_LEN 48
#define TLS_SESSION_ID_MAX_LEN 32
#define TLS_VERIFY_DATA_LEN 12
#define TLS_MAX_WRITE_MAC_SECRET_LEN 20
#define TLS_MAX_WRITE_KEY_LEN 32
#define TLS_MAX_IV_LEN 16
#define TLS_MAX_KEY_BLOCK_LEN (2 * (TLS_MAX_WRITE_MAC_SECRET_LEN + \
TLS_MAX_WRITE_KEY_LEN + TLS_MAX_IV_LEN))
#define TLS_SEQ_NUM_LEN 8
#define TLS_RECORD_HEADER_LEN 5

/* ContentType */
enum {
TLS_CONTENT_TYPE_CHANGE_CIPHER_SPEC = 20,
TLS_CONTENT_TYPE_ALERT = 21,
TLS_CONTENT_TYPE_HANDSHAKE = 22,
TLS_CONTENT_TYPE_APPLICATION_DATA = 23
};

/* HandshakeType */
enum {
TLS_HANDSHAKE_TYPE_HELLO_REQUEST = 0,
TLS_HANDSHAKE_TYPE_CLIENT_HELLO = 1,
TLS_HANDSHAKE_TYPE_SERVER_HELLO = 2,
TLS_HANDSHAKE_TYPE_CERTIFICATE = 11,
TLS_HANDSHAKE_TYPE_SERVER_KEY_EXCHANGE = 12,
TLS_HANDSHAKE_TYPE_CERTIFICATE_REQUEST = 13,
TLS_HANDSHAKE_TYPE_SERVER_HELLO_DONE = 14,
TLS_HANDSHAKE_TYPE_CERTIFICATE_VERIFY = 15,
TLS_HANDSHAKE_TYPE_CLIENT_KEY_EXCHANGE = 16,
TLS_HANDSHAKE_TYPE_FINISHED = 20
};

/* CipherSuite */
#define TLS_NULL_WITH_NULL_NULL 0x0000 /* RFC 2246 */
#define TLS_RSA_WITH_NULL_MD5 0x0001 /* RFC 2246 */
#define TLS_RSA_WITH_NULL_SHA 0x0002 /* RFC 2246 */
#define TLS_RSA_EXPORT_WITH_RC4_40_MD5 0x0003 /* RFC 2246 */
#define TLS_RSA_WITH_RC4_128_MD5 0x0004 /* RFC 2246 */
#define TLS_RSA_WITH_RC4_128_SHA 0x0005 /* RFC 2246 */
#define TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 0x0006 /* RFC 2246 */
#define TLS_RSA_WITH_IDEA_CBC_SHA 0x0007 /* RFC 2246 */
#define TLS_RSA_EXPORT_WITH_DES40_CBC_SHA 0x0008 /* RFC 2246 */
#define TLS_RSA_WITH_DES_CBC_SHA 0x0009 /* RFC 2246 */
#define TLS_RSA_WITH_3DES_EDE_CBC_SHA 0x000A /* RFC 2246 */
#define TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA 0x000B /* RFC 2246 */
#define TLS_DH_DSS_WITH_DES_CBC_SHA 0x000C /* RFC 2246 */
#define TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA 0x000D /* RFC 2246 */
#define TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA 0x000E /* RFC 2246 */
#define TLS_DH_RSA_WITH_DES_CBC_SHA 0x000F /* RFC 2246 */
#define TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA 0x0010 /* RFC 2246 */
#define TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA 0x0011 /* RFC 2246 */
#define TLS_DHE_DSS_WITH_DES_CBC_SHA 0x0012 /* RFC 2246 */
#define TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA 0x0013 /* RFC 2246 */
#define TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA 0x0014 /* RFC 2246 */
#define TLS_DHE_RSA_WITH_DES_CBC_SHA 0x0015 /* RFC 2246 */
#define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 0x0016 /* RFC 2246 */
#define TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 0x0017 /* RFC 2246 */
#define TLS_DH_anon_WITH_RC4_128_MD5 0x0018 /* RFC 2246 */
#define TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA 0x0019 /* RFC 2246 */
#define TLS_DH_anon_WITH_DES_CBC_SHA 0x001A /* RFC 2246 */
#define TLS_DH_anon_WITH_3DES_EDE_CBC_SHA 0x001B /* RFC 2246 */
#define TLS_RSA_WITH_AES_128_CBC_SHA 0x002F /* RFC 3268 */
#define TLS_DH_DSS_WITH_AES_128_CBC_SHA 0x0030 /* RFC 3268 */
#define TLS_DH_RSA_WITH_AES_128_CBC_SHA 0x0031 /* RFC 3268 */
#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA 0x0032 /* RFC 3268 */
#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA 0x0033 /* RFC 3268 */
#define TLS_DH_anon_WITH_AES_128_CBC_SHA 0x0034 /* RFC 3268 */
#define TLS_RSA_WITH_AES_256_CBC_SHA 0x0035 /* RFC 3268 */
#define TLS_DH_DSS_WITH_AES_256_CBC_SHA 0x0036 /* RFC 3268 */
#define TLS_DH_RSA_WITH_AES_256_CBC_SHA 0x0037 /* RFC 3268 */
#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA 0x0038 /* RFC 3268 */
#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA 0x0039 /* RFC 3268 */
#define TLS_DH_anon_WITH_AES_256_CBC_SHA 0x003A /* RFC 3268 */

/* CompressionMethod */
#define TLS_COMPRESSION_NULL 0

/* AlertLevel */
#define TLS_ALERT_LEVEL_WARNING 1
#define TLS_ALERT_LEVEL_FATAL 2

/* AlertDescription */
#define TLS_ALERT_CLOSE_NOTIFY 0
#define TLS_ALERT_UNEXPECTED_MESSAGE 10
#define TLS_ALERT_BAD_RECORD_MAC 20
#define TLS_ALERT_DECRYPTION_FAILED 21
#define TLS_ALERT_RECORD_OVERFLOW 22
#define TLS_ALERT_DECOMPRESSION_FAILURE 30
#define TLS_ALERT_HANDSHAKE_FAILURE 40
#define TLS_ALERT_BAD_CERTIFICATE 42
#define TLS_ALERT_UNSUPPORTED_CERTIFICATE 43
#define TLS_ALERT_CERTIFICATE_REVOKED 44
#define TLS_ALERT_CERTIFICATE_EXPIRED 45
#define TLS_ALERT_CERTIFICATE_UNKNOWN 46
#define TLS_ALERT_ILLEGAL_PARAMETER 47
#define TLS_ALERT_UNKNOWN_CA 48
#define TLS_ALERT_ACCESS_DENIED 49
#define TLS_ALERT_DECODE_ERROR 50
#define TLS_ALERT_DECRYPT_ERROR 51
#define TLS_ALERT_EXPORT_RESTRICTION 60
#define TLS_ALERT_PROTOCOL_VERSION 70
#define TLS_ALERT_INSUFFICIENT_SECURITY 71
#define TLS_ALERT_INTERNAL_ERROR 80
#define TLS_ALERT_USER_CANCELED 90
#define TLS_ALERT_NO_RENEGOTIATION 100

/* ChangeCipherSpec */
enum {
TLS_CHANGE_CIPHER_SPEC = 1
};

/* TLS Extensions */
#define TLS_EXT_PAC_OPAQUE 35


typedef enum {
TLS_KEY_X_NULL,
TLS_KEY_X_RSA,
TLS_KEY_X_RSA_EXPORT,
TLS_KEY_X_DH_DSS_EXPORT,
TLS_KEY_X_DH_DSS,
TLS_KEY_X_DH_RSA_EXPORT,
TLS_KEY_X_DH_RSA,
TLS_KEY_X_DHE_DSS_EXPORT,
TLS_KEY_X_DHE_DSS,
TLS_KEY_X_DHE_RSA_EXPORT,
TLS_KEY_X_DHE_RSA,
TLS_KEY_X_DH_anon_EXPORT,
TLS_KEY_X_DH_anon
} tls_key_exchange;

typedef enum {
TLS_CIPHER_NULL,
TLS_CIPHER_RC4_40,
TLS_CIPHER_RC4_128,
TLS_CIPHER_RC2_CBC_40,
TLS_CIPHER_IDEA_CBC,
TLS_CIPHER_DES40_CBC,
TLS_CIPHER_DES_CBC,
TLS_CIPHER_3DES_EDE_CBC,
TLS_CIPHER_AES_128_CBC,
TLS_CIPHER_AES_256_CBC
} tls_cipher;

typedef enum {
TLS_HASH_NULL,
TLS_HASH_MD5,
TLS_HASH_SHA
} tls_hash;

struct tls_cipher_suite {
u16 suite;
tls_key_exchange key_exchange;
tls_cipher cipher;
tls_hash hash;
};

typedef enum {
TLS_CIPHER_STREAM,
TLS_CIPHER_BLOCK
} tls_cipher_type;

struct tls_cipher_data {
tls_cipher cipher;
tls_cipher_type type;
size_t key_material;
size_t expanded_key_material;
size_t block_size; /* also iv_size */
enum crypto_cipher_alg alg;
};


struct tlsv1_record_layer {
u8 write_mac_secret[TLS_MAX_WRITE_MAC_SECRET_LEN];
u8 read_mac_secret[TLS_MAX_WRITE_MAC_SECRET_LEN];
u8 write_key[TLS_MAX_WRITE_KEY_LEN];
u8 read_key[TLS_MAX_WRITE_KEY_LEN];
u8 write_iv[TLS_MAX_IV_LEN];
u8 read_iv[TLS_MAX_IV_LEN];

size_t hash_size;
size_t key_material_len;
size_t iv_size; /* also block_size */

enum crypto_hash_alg hash_alg;
enum crypto_cipher_alg cipher_alg;

u8 write_seq_num[TLS_SEQ_NUM_LEN];
u8 read_seq_num[TLS_SEQ_NUM_LEN];

u16 cipher_suite;
u16 write_cipher_suite;
u16 read_cipher_suite;

struct crypto_cipher *write_cbc;
struct crypto_cipher *read_cbc;
};


const struct tls_cipher_suite * tls_get_cipher_suite(u16 suite);
int tls_parse_cert(const u8 *buf, size_t len, struct crypto_public_key **pk);
int tlsv1_record_set_cipher_suite(struct tlsv1_record_layer *rl,
u16 cipher_suite);
int tlsv1_record_change_write_cipher(struct tlsv1_record_layer *rl);
int tlsv1_record_change_read_cipher(struct tlsv1_record_layer *rl);
int tlsv1_record_send(struct tlsv1_record_layer *rl, u8 content_type, u8 *buf,
size_t buf_size, size_t payload_len, size_t *out_len);
int tlsv1_record_receive(struct tlsv1_record_layer *rl,
const u8 *in_data, size_t in_len,
u8 *out_data, size_t *out_len, u8 *alert);

#endif /* TLSV1_COMMON_H */
Something went wrong with that request. Please try again.