|
@@ -175,9 +175,9 @@ FILE_LICENCE ( GPL2_OR_LATER );
|
175
|
175
|
__einfo_uniqify ( EINFO_EPROTO, 0x01, \
|
176
|
176
|
"Illegal protocol version upgrade" )
|
177
|
177
|
|
178
|
|
-static int tls_send_plaintext ( struct tls_session *tls, unsigned int type,
|
|
178
|
+static int tls_send_plaintext ( struct tls_connection *tls, unsigned int type,
|
179
|
179
|
const void *data, size_t len );
|
180
|
|
-static void tls_clear_cipher ( struct tls_session *tls,
|
|
180
|
+static void tls_clear_cipher ( struct tls_connection *tls,
|
181
|
181
|
struct tls_cipherspec *cipherspec );
|
182
|
182
|
|
183
|
183
|
/******************************************************************************
|
|
@@ -225,12 +225,12 @@ static void tls_set_uint24 ( tls24_t *field24, unsigned long value ) {
|
225
|
225
|
}
|
226
|
226
|
|
227
|
227
|
/**
|
228
|
|
- * Determine if TLS session is ready for application data
|
|
228
|
+ * Determine if TLS connection is ready for application data
|
229
|
229
|
*
|
230
|
|
- * @v tls TLS session
|
231
|
|
- * @ret is_ready TLS session is ready
|
|
230
|
+ * @v tls TLS connection
|
|
231
|
+ * @ret is_ready TLS connection is ready
|
232
|
232
|
*/
|
233
|
|
-static int tls_ready ( struct tls_session *tls ) {
|
|
233
|
+static int tls_ready ( struct tls_connection *tls ) {
|
234
|
234
|
return ( ( ! is_pending ( &tls->client_negotiation ) ) &&
|
235
|
235
|
( ! is_pending ( &tls->server_negotiation ) ) );
|
236
|
236
|
}
|
|
@@ -308,13 +308,13 @@ struct rsa_digestinfo_prefix rsa_md5_sha1_prefix __rsa_digestinfo_prefix = {
|
308
|
308
|
*/
|
309
|
309
|
|
310
|
310
|
/**
|
311
|
|
- * Free TLS session
|
|
311
|
+ * Free TLS connection
|
312
|
312
|
*
|
313
|
313
|
* @v refcnt Reference counter
|
314
|
314
|
*/
|
315
|
315
|
static void free_tls ( struct refcnt *refcnt ) {
|
316
|
|
- struct tls_session *tls =
|
317
|
|
- container_of ( refcnt, struct tls_session, refcnt );
|
|
316
|
+ struct tls_connection *tls =
|
|
317
|
+ container_of ( refcnt, struct tls_connection, refcnt );
|
318
|
318
|
struct io_buffer *iobuf;
|
319
|
319
|
struct io_buffer *tmp;
|
320
|
320
|
|
|
@@ -335,12 +335,12 @@ static void free_tls ( struct refcnt *refcnt ) {
|
335
|
335
|
}
|
336
|
336
|
|
337
|
337
|
/**
|
338
|
|
- * Finish with TLS session
|
|
338
|
+ * Finish with TLS connection
|
339
|
339
|
*
|
340
|
|
- * @v tls TLS session
|
|
340
|
+ * @v tls TLS connection
|
341
|
341
|
* @v rc Status code
|
342
|
342
|
*/
|
343
|
|
-static void tls_close ( struct tls_session *tls, int rc ) {
|
|
343
|
+static void tls_close ( struct tls_connection *tls, int rc ) {
|
344
|
344
|
|
345
|
345
|
/* Remove pending operations, if applicable */
|
346
|
346
|
pending_put ( &tls->client_negotiation );
|
|
@@ -365,12 +365,12 @@ static void tls_close ( struct tls_session *tls, int rc ) {
|
365
|
365
|
/**
|
366
|
366
|
* Generate random data
|
367
|
367
|
*
|
368
|
|
- * @v tls TLS session
|
|
368
|
+ * @v tls TLS connection
|
369
|
369
|
* @v data Buffer to fill
|
370
|
370
|
* @v len Length of buffer
|
371
|
371
|
* @ret rc Return status code
|
372
|
372
|
*/
|
373
|
|
-static int tls_generate_random ( struct tls_session *tls,
|
|
373
|
+static int tls_generate_random ( struct tls_connection *tls,
|
374
|
374
|
void *data, size_t len ) {
|
375
|
375
|
int rc;
|
376
|
376
|
|
|
@@ -407,7 +407,7 @@ static void tls_hmac_update_va ( struct digest_algorithm *digest,
|
407
|
407
|
/**
|
408
|
408
|
* Generate secure pseudo-random data using a single hash function
|
409
|
409
|
*
|
410
|
|
- * @v tls TLS session
|
|
410
|
+ * @v tls TLS connection
|
411
|
411
|
* @v digest Hash function to use
|
412
|
412
|
* @v secret Secret
|
413
|
413
|
* @v secret_len Length of secret
|
|
@@ -415,7 +415,7 @@ static void tls_hmac_update_va ( struct digest_algorithm *digest,
|
415
|
415
|
* @v out_len Length of output buffer
|
416
|
416
|
* @v seeds ( data, len ) pairs of seed data, terminated by NULL
|
417
|
417
|
*/
|
418
|
|
-static void tls_p_hash_va ( struct tls_session *tls,
|
|
418
|
+static void tls_p_hash_va ( struct tls_connection *tls,
|
419
|
419
|
struct digest_algorithm *digest,
|
420
|
420
|
void *secret, size_t secret_len,
|
421
|
421
|
void *out, size_t out_len,
|
|
@@ -476,15 +476,15 @@ static void tls_p_hash_va ( struct tls_session *tls,
|
476
|
476
|
/**
|
477
|
477
|
* Generate secure pseudo-random data
|
478
|
478
|
*
|
479
|
|
- * @v tls TLS session
|
|
479
|
+ * @v tls TLS connection
|
480
|
480
|
* @v secret Secret
|
481
|
481
|
* @v secret_len Length of secret
|
482
|
482
|
* @v out Output buffer
|
483
|
483
|
* @v out_len Length of output buffer
|
484
|
484
|
* @v ... ( data, len ) pairs of seed data, terminated by NULL
|
485
|
485
|
*/
|
486
|
|
-static void tls_prf ( struct tls_session *tls, void *secret, size_t secret_len,
|
487
|
|
- void *out, size_t out_len, ... ) {
|
|
486
|
+static void tls_prf ( struct tls_connection *tls, void *secret,
|
|
487
|
+ size_t secret_len, void *out, size_t out_len, ... ) {
|
488
|
488
|
va_list seeds;
|
489
|
489
|
va_list tmp;
|
490
|
490
|
size_t subsecret_len;
|
|
@@ -553,12 +553,12 @@ static void tls_prf ( struct tls_session *tls, void *secret, size_t secret_len,
|
553
|
553
|
/**
|
554
|
554
|
* Generate master secret
|
555
|
555
|
*
|
556
|
|
- * @v tls TLS session
|
|
556
|
+ * @v tls TLS connection
|
557
|
557
|
*
|
558
|
558
|
* The pre-master secret and the client and server random values must
|
559
|
559
|
* already be known.
|
560
|
560
|
*/
|
561
|
|
-static void tls_generate_master_secret ( struct tls_session *tls ) {
|
|
561
|
+static void tls_generate_master_secret ( struct tls_connection *tls ) {
|
562
|
562
|
DBGC ( tls, "TLS %p pre-master-secret:\n", tls );
|
563
|
563
|
DBGC_HD ( tls, &tls->pre_master_secret,
|
564
|
564
|
sizeof ( tls->pre_master_secret ) );
|
|
@@ -581,11 +581,11 @@ static void tls_generate_master_secret ( struct tls_session *tls ) {
|
581
|
581
|
/**
|
582
|
582
|
* Generate key material
|
583
|
583
|
*
|
584
|
|
- * @v tls TLS session
|
|
584
|
+ * @v tls TLS connection
|
585
|
585
|
*
|
586
|
586
|
* The master secret must already be known.
|
587
|
587
|
*/
|
588
|
|
-static int tls_generate_keys ( struct tls_session *tls ) {
|
|
588
|
+static int tls_generate_keys ( struct tls_connection *tls ) {
|
589
|
589
|
struct tls_cipherspec *tx_cipherspec = &tls->tx_cipherspec_pending;
|
590
|
590
|
struct tls_cipherspec *rx_cipherspec = &tls->rx_cipherspec_pending;
|
591
|
591
|
size_t hash_size = tx_cipherspec->suite->digest->digestsize;
|
|
@@ -701,7 +701,7 @@ tls_find_cipher_suite ( unsigned int cipher_suite ) {
|
701
|
701
|
*
|
702
|
702
|
* @v cipherspec TLS cipher specification
|
703
|
703
|
*/
|
704
|
|
-static void tls_clear_cipher ( struct tls_session *tls __unused,
|
|
704
|
+static void tls_clear_cipher ( struct tls_connection *tls __unused,
|
705
|
705
|
struct tls_cipherspec *cipherspec ) {
|
706
|
706
|
|
707
|
707
|
if ( cipherspec->suite ) {
|
|
@@ -716,12 +716,12 @@ static void tls_clear_cipher ( struct tls_session *tls __unused,
|
716
|
716
|
/**
|
717
|
717
|
* Set cipher suite
|
718
|
718
|
*
|
719
|
|
- * @v tls TLS session
|
|
719
|
+ * @v tls TLS connection
|
720
|
720
|
* @v cipherspec TLS cipher specification
|
721
|
721
|
* @v suite Cipher suite
|
722
|
722
|
* @ret rc Return status code
|
723
|
723
|
*/
|
724
|
|
-static int tls_set_cipher ( struct tls_session *tls,
|
|
724
|
+static int tls_set_cipher ( struct tls_connection *tls,
|
725
|
725
|
struct tls_cipherspec *cipherspec,
|
726
|
726
|
struct tls_cipher_suite *suite ) {
|
727
|
727
|
struct pubkey_algorithm *pubkey = suite->pubkey;
|
|
@@ -759,11 +759,11 @@ static int tls_set_cipher ( struct tls_session *tls,
|
759
|
759
|
/**
|
760
|
760
|
* Select next cipher suite
|
761
|
761
|
*
|
762
|
|
- * @v tls TLS session
|
|
762
|
+ * @v tls TLS connection
|
763
|
763
|
* @v cipher_suite Cipher suite specification
|
764
|
764
|
* @ret rc Return status code
|
765
|
765
|
*/
|
766
|
|
-static int tls_select_cipher ( struct tls_session *tls,
|
|
766
|
+static int tls_select_cipher ( struct tls_connection *tls,
|
767
|
767
|
unsigned int cipher_suite ) {
|
768
|
768
|
struct tls_cipher_suite *suite;
|
769
|
769
|
int rc;
|
|
@@ -794,12 +794,12 @@ static int tls_select_cipher ( struct tls_session *tls,
|
794
|
794
|
/**
|
795
|
795
|
* Activate next cipher suite
|
796
|
796
|
*
|
797
|
|
- * @v tls TLS session
|
|
797
|
+ * @v tls TLS connection
|
798
|
798
|
* @v pending Pending cipher specification
|
799
|
799
|
* @v active Active cipher specification to replace
|
800
|
800
|
* @ret rc Return status code
|
801
|
801
|
*/
|
802
|
|
-static int tls_change_cipher ( struct tls_session *tls,
|
|
802
|
+static int tls_change_cipher ( struct tls_connection *tls,
|
803
|
803
|
struct tls_cipherspec *pending,
|
804
|
804
|
struct tls_cipherspec *active ) {
|
805
|
805
|
|
|
@@ -858,11 +858,11 @@ tls_signature_hash_algorithm ( struct pubkey_algorithm *pubkey,
|
858
|
858
|
/**
|
859
|
859
|
* Add handshake record to verification hash
|
860
|
860
|
*
|
861
|
|
- * @v tls TLS session
|
|
861
|
+ * @v tls TLS connection
|
862
|
862
|
* @v data Handshake record
|
863
|
863
|
* @v len Length of handshake record
|
864
|
864
|
*/
|
865
|
|
-static void tls_add_handshake ( struct tls_session *tls,
|
|
865
|
+static void tls_add_handshake ( struct tls_connection *tls,
|
866
|
866
|
const void *data, size_t len ) {
|
867
|
867
|
|
868
|
868
|
digest_update ( &md5_sha1_algorithm, tls->handshake_md5_sha1_ctx,
|
|
@@ -874,13 +874,13 @@ static void tls_add_handshake ( struct tls_session *tls,
|
874
|
874
|
/**
|
875
|
875
|
* Calculate handshake verification hash
|
876
|
876
|
*
|
877
|
|
- * @v tls TLS session
|
|
877
|
+ * @v tls TLS connection
|
878
|
878
|
* @v out Output buffer
|
879
|
879
|
*
|
880
|
880
|
* Calculates the MD5+SHA1 or SHA256 digest over all handshake
|
881
|
881
|
* messages seen so far.
|
882
|
882
|
*/
|
883
|
|
-static void tls_verify_handshake ( struct tls_session *tls, void *out ) {
|
|
883
|
+static void tls_verify_handshake ( struct tls_connection *tls, void *out ) {
|
884
|
884
|
struct digest_algorithm *digest = tls->handshake_digest;
|
885
|
885
|
uint8_t ctx[ digest->ctxsize ];
|
886
|
886
|
|
|
@@ -898,9 +898,9 @@ static void tls_verify_handshake ( struct tls_session *tls, void *out ) {
|
898
|
898
|
/**
|
899
|
899
|
* Restart negotiation
|
900
|
900
|
*
|
901
|
|
- * @v tls TLS session
|
|
901
|
+ * @v tls TLS connection
|
902
|
902
|
*/
|
903
|
|
-static void tls_restart ( struct tls_session *tls ) {
|
|
903
|
+static void tls_restart ( struct tls_connection *tls ) {
|
904
|
904
|
|
905
|
905
|
/* Sanity check */
|
906
|
906
|
assert ( ! tls->tx_pending );
|
|
@@ -922,21 +922,21 @@ static void tls_restart ( struct tls_session *tls ) {
|
922
|
922
|
/**
|
923
|
923
|
* Resume TX state machine
|
924
|
924
|
*
|
925
|
|
- * @v tls TLS session
|
|
925
|
+ * @v tls TLS connection
|
926
|
926
|
*/
|
927
|
|
-static void tls_tx_resume ( struct tls_session *tls ) {
|
|
927
|
+static void tls_tx_resume ( struct tls_connection *tls ) {
|
928
|
928
|
process_add ( &tls->process );
|
929
|
929
|
}
|
930
|
930
|
|
931
|
931
|
/**
|
932
|
932
|
* Transmit Handshake record
|
933
|
933
|
*
|
934
|
|
- * @v tls TLS session
|
|
934
|
+ * @v tls TLS connection
|
935
|
935
|
* @v data Plaintext record
|
936
|
936
|
* @v len Length of plaintext record
|
937
|
937
|
* @ret rc Return status code
|
938
|
938
|
*/
|
939
|
|
-static int tls_send_handshake ( struct tls_session *tls,
|
|
939
|
+static int tls_send_handshake ( struct tls_connection *tls,
|
940
|
940
|
void *data, size_t len ) {
|
941
|
941
|
|
942
|
942
|
/* Add to handshake digest */
|
|
@@ -949,10 +949,10 @@ static int tls_send_handshake ( struct tls_session *tls,
|
949
|
949
|
/**
|
950
|
950
|
* Transmit Client Hello record
|
951
|
951
|
*
|
952
|
|
- * @v tls TLS session
|
|
952
|
+ * @v tls TLS connection
|
953
|
953
|
* @ret rc Return status code
|
954
|
954
|
*/
|
955
|
|
-static int tls_send_client_hello ( struct tls_session *tls ) {
|
|
955
|
+static int tls_send_client_hello ( struct tls_connection *tls ) {
|
956
|
956
|
struct {
|
957
|
957
|
uint32_t type_length;
|
958
|
958
|
uint16_t version;
|
|
@@ -1049,10 +1049,10 @@ static int tls_send_client_hello ( struct tls_session *tls ) {
|
1049
|
1049
|
/**
|
1050
|
1050
|
* Transmit Certificate record
|
1051
|
1051
|
*
|
1052
|
|
- * @v tls TLS session
|
|
1052
|
+ * @v tls TLS connection
|
1053
|
1053
|
* @ret rc Return status code
|
1054
|
1054
|
*/
|
1055
|
|
-static int tls_send_certificate ( struct tls_session *tls ) {
|
|
1055
|
+static int tls_send_certificate ( struct tls_connection *tls ) {
|
1056
|
1056
|
struct {
|
1057
|
1057
|
uint32_t type_length;
|
1058
|
1058
|
tls24_t length;
|
|
@@ -1095,10 +1095,10 @@ static int tls_send_certificate ( struct tls_session *tls ) {
|
1095
|
1095
|
/**
|
1096
|
1096
|
* Transmit Client Key Exchange record
|
1097
|
1097
|
*
|
1098
|
|
- * @v tls TLS session
|
|
1098
|
+ * @v tls TLS connection
|
1099
|
1099
|
* @ret rc Return status code
|
1100
|
1100
|
*/
|
1101
|
|
-static int tls_send_client_key_exchange ( struct tls_session *tls ) {
|
|
1101
|
+static int tls_send_client_key_exchange ( struct tls_connection *tls ) {
|
1102
|
1102
|
struct tls_cipherspec *cipherspec = &tls->tx_cipherspec_pending;
|
1103
|
1103
|
struct pubkey_algorithm *pubkey = cipherspec->suite->pubkey;
|
1104
|
1104
|
size_t max_len = pubkey_max_len ( pubkey, cipherspec->pubkey_ctx );
|
|
@@ -1139,10 +1139,10 @@ static int tls_send_client_key_exchange ( struct tls_session *tls ) {
|
1139
|
1139
|
/**
|
1140
|
1140
|
* Transmit Certificate Verify record
|
1141
|
1141
|
*
|
1142
|
|
- * @v tls TLS session
|
|
1142
|
+ * @v tls TLS connection
|
1143
|
1143
|
* @ret rc Return status code
|
1144
|
1144
|
*/
|
1145
|
|
-static int tls_send_certificate_verify ( struct tls_session *tls ) {
|
|
1145
|
+static int tls_send_certificate_verify ( struct tls_connection *tls ) {
|
1146
|
1146
|
struct digest_algorithm *digest = tls->handshake_digest;
|
1147
|
1147
|
struct x509_certificate *cert = tls->cert;
|
1148
|
1148
|
struct pubkey_algorithm *pubkey = cert->signature_algorithm->pubkey;
|
|
@@ -1229,10 +1229,10 @@ static int tls_send_certificate_verify ( struct tls_session *tls ) {
|
1229
|
1229
|
/**
|
1230
|
1230
|
* Transmit Change Cipher record
|
1231
|
1231
|
*
|
1232
|
|
- * @v tls TLS session
|
|
1232
|
+ * @v tls TLS connection
|
1233
|
1233
|
* @ret rc Return status code
|
1234
|
1234
|
*/
|
1235
|
|
-static int tls_send_change_cipher ( struct tls_session *tls ) {
|
|
1235
|
+static int tls_send_change_cipher ( struct tls_connection *tls ) {
|
1236
|
1236
|
static const uint8_t change_cipher[1] = { 1 };
|
1237
|
1237
|
return tls_send_plaintext ( tls, TLS_TYPE_CHANGE_CIPHER,
|
1238
|
1238
|
change_cipher, sizeof ( change_cipher ) );
|
|
@@ -1241,10 +1241,10 @@ static int tls_send_change_cipher ( struct tls_session *tls ) {
|
1241
|
1241
|
/**
|
1242
|
1242
|
* Transmit Finished record
|
1243
|
1243
|
*
|
1244
|
|
- * @v tls TLS session
|
|
1244
|
+ * @v tls TLS connection
|
1245
|
1245
|
* @ret rc Return status code
|
1246
|
1246
|
*/
|
1247
|
|
-static int tls_send_finished ( struct tls_session *tls ) {
|
|
1247
|
+static int tls_send_finished ( struct tls_connection *tls ) {
|
1248
|
1248
|
struct digest_algorithm *digest = tls->handshake_digest;
|
1249
|
1249
|
struct {
|
1250
|
1250
|
uint32_t type_length;
|
|
@@ -1281,12 +1281,12 @@ static int tls_send_finished ( struct tls_session *tls ) {
|
1281
|
1281
|
/**
|
1282
|
1282
|
* Receive new Change Cipher record
|
1283
|
1283
|
*
|
1284
|
|
- * @v tls TLS session
|
|
1284
|
+ * @v tls TLS connection
|
1285
|
1285
|
* @v data Plaintext record
|
1286
|
1286
|
* @v len Length of plaintext record
|
1287
|
1287
|
* @ret rc Return status code
|
1288
|
1288
|
*/
|
1289
|
|
-static int tls_new_change_cipher ( struct tls_session *tls,
|
|
1289
|
+static int tls_new_change_cipher ( struct tls_connection *tls,
|
1290
|
1290
|
const void *data, size_t len ) {
|
1291
|
1291
|
int rc;
|
1292
|
1292
|
|
|
@@ -1310,12 +1310,12 @@ static int tls_new_change_cipher ( struct tls_session *tls,
|
1310
|
1310
|
/**
|
1311
|
1311
|
* Receive new Alert record
|
1312
|
1312
|
*
|
1313
|
|
- * @v tls TLS session
|
|
1313
|
+ * @v tls TLS connection
|
1314
|
1314
|
* @v data Plaintext record
|
1315
|
1315
|
* @v len Length of plaintext record
|
1316
|
1316
|
* @ret rc Return status code
|
1317
|
1317
|
*/
|
1318
|
|
-static int tls_new_alert ( struct tls_session *tls, const void *data,
|
|
1318
|
+static int tls_new_alert ( struct tls_connection *tls, const void *data,
|
1319
|
1319
|
size_t len ) {
|
1320
|
1320
|
const struct {
|
1321
|
1321
|
uint8_t level;
|
|
@@ -1349,12 +1349,12 @@ static int tls_new_alert ( struct tls_session *tls, const void *data,
|
1349
|
1349
|
/**
|
1350
|
1350
|
* Receive new Hello Request handshake record
|
1351
|
1351
|
*
|
1352
|
|
- * @v tls TLS session
|
|
1352
|
+ * @v tls TLS connection
|
1353
|
1353
|
* @v data Plaintext handshake record
|
1354
|
1354
|
* @v len Length of plaintext handshake record
|
1355
|
1355
|
* @ret rc Return status code
|
1356
|
1356
|
*/
|
1357
|
|
-static int tls_new_hello_request ( struct tls_session *tls,
|
|
1357
|
+static int tls_new_hello_request ( struct tls_connection *tls,
|
1358
|
1358
|
const void *data __unused,
|
1359
|
1359
|
size_t len __unused ) {
|
1360
|
1360
|
|
|
@@ -1380,12 +1380,12 @@ static int tls_new_hello_request ( struct tls_session *tls,
|
1380
|
1380
|
/**
|
1381
|
1381
|
* Receive new Server Hello handshake record
|
1382
|
1382
|
*
|
1383
|
|
- * @v tls TLS session
|
|
1383
|
+ * @v tls TLS connection
|
1384
|
1384
|
* @v data Plaintext handshake record
|
1385
|
1385
|
* @v len Length of plaintext handshake record
|
1386
|
1386
|
* @ret rc Return status code
|
1387
|
1387
|
*/
|
1388
|
|
-static int tls_new_server_hello ( struct tls_session *tls,
|
|
1388
|
+static int tls_new_server_hello ( struct tls_connection *tls,
|
1389
|
1389
|
const void *data, size_t len ) {
|
1390
|
1390
|
const struct {
|
1391
|
1391
|
uint16_t version;
|
|
@@ -1548,12 +1548,12 @@ static int tls_new_server_hello ( struct tls_session *tls,
|
1548
|
1548
|
/**
|
1549
|
1549
|
* Parse certificate chain
|
1550
|
1550
|
*
|
1551
|
|
- * @v tls TLS session
|
|
1551
|
+ * @v tls TLS connection
|
1552
|
1552
|
* @v data Certificate chain
|
1553
|
1553
|
* @v len Length of certificate chain
|
1554
|
1554
|
* @ret rc Return status code
|
1555
|
1555
|
*/
|
1556
|
|
-static int tls_parse_chain ( struct tls_session *tls,
|
|
1556
|
+static int tls_parse_chain ( struct tls_connection *tls,
|
1557
|
1557
|
const void *data, size_t len ) {
|
1558
|
1558
|
size_t remaining = len;
|
1559
|
1559
|
int rc;
|
|
@@ -1626,12 +1626,12 @@ static int tls_parse_chain ( struct tls_session *tls,
|
1626
|
1626
|
/**
|
1627
|
1627
|
* Receive new Certificate handshake record
|
1628
|
1628
|
*
|
1629
|
|
- * @v tls TLS session
|
|
1629
|
+ * @v tls TLS connection
|
1630
|
1630
|
* @v data Plaintext handshake record
|
1631
|
1631
|
* @v len Length of plaintext handshake record
|
1632
|
1632
|
* @ret rc Return status code
|
1633
|
1633
|
*/
|
1634
|
|
-static int tls_new_certificate ( struct tls_session *tls,
|
|
1634
|
+static int tls_new_certificate ( struct tls_connection *tls,
|
1635
|
1635
|
const void *data, size_t len ) {
|
1636
|
1636
|
const struct {
|
1637
|
1637
|
tls24_t length;
|
|
@@ -1666,12 +1666,12 @@ static int tls_new_certificate ( struct tls_session *tls,
|
1666
|
1666
|
/**
|
1667
|
1667
|
* Receive new Certificate Request handshake record
|
1668
|
1668
|
*
|
1669
|
|
- * @v tls TLS session
|
|
1669
|
+ * @v tls TLS connection
|
1670
|
1670
|
* @v data Plaintext handshake record
|
1671
|
1671
|
* @v len Length of plaintext handshake record
|
1672
|
1672
|
* @ret rc Return status code
|
1673
|
1673
|
*/
|
1674
|
|
-static int tls_new_certificate_request ( struct tls_session *tls,
|
|
1674
|
+static int tls_new_certificate_request ( struct tls_connection *tls,
|
1675
|
1675
|
const void *data __unused,
|
1676
|
1676
|
size_t len __unused ) {
|
1677
|
1677
|
|
|
@@ -1699,12 +1699,12 @@ static int tls_new_certificate_request ( struct tls_session *tls,
|
1699
|
1699
|
/**
|
1700
|
1700
|
* Receive new Server Hello Done handshake record
|
1701
|
1701
|
*
|
1702
|
|
- * @v tls TLS session
|
|
1702
|
+ * @v tls TLS connection
|
1703
|
1703
|
* @v data Plaintext handshake record
|
1704
|
1704
|
* @v len Length of plaintext handshake record
|
1705
|
1705
|
* @ret rc Return status code
|
1706
|
1706
|
*/
|
1707
|
|
-static int tls_new_server_hello_done ( struct tls_session *tls,
|
|
1707
|
+static int tls_new_server_hello_done ( struct tls_connection *tls,
|
1708
|
1708
|
const void *data, size_t len ) {
|
1709
|
1709
|
const struct {
|
1710
|
1710
|
char next[0];
|
|
@@ -1732,12 +1732,12 @@ static int tls_new_server_hello_done ( struct tls_session *tls,
|
1732
|
1732
|
/**
|
1733
|
1733
|
* Receive new Finished handshake record
|
1734
|
1734
|
*
|
1735
|
|
- * @v tls TLS session
|
|
1735
|
+ * @v tls TLS connection
|
1736
|
1736
|
* @v data Plaintext handshake record
|
1737
|
1737
|
* @v len Length of plaintext handshake record
|
1738
|
1738
|
* @ret rc Return status code
|
1739
|
1739
|
*/
|
1740
|
|
-static int tls_new_finished ( struct tls_session *tls,
|
|
1740
|
+static int tls_new_finished ( struct tls_connection *tls,
|
1741
|
1741
|
const void *data, size_t len ) {
|
1742
|
1742
|
struct digest_algorithm *digest = tls->handshake_digest;
|
1743
|
1743
|
const struct {
|
|
@@ -1776,12 +1776,12 @@ static int tls_new_finished ( struct tls_session *tls,
|
1776
|
1776
|
/**
|
1777
|
1777
|
* Receive new Handshake record
|
1778
|
1778
|
*
|
1779
|
|
- * @v tls TLS session
|
|
1779
|
+ * @v tls TLS connection
|
1780
|
1780
|
* @v data Plaintext record
|
1781
|
1781
|
* @v len Length of plaintext record
|
1782
|
1782
|
* @ret rc Return status code
|
1783
|
1783
|
*/
|
1784
|
|
-static int tls_new_handshake ( struct tls_session *tls,
|
|
1784
|
+static int tls_new_handshake ( struct tls_connection *tls,
|
1785
|
1785
|
const void *data, size_t len ) {
|
1786
|
1786
|
size_t remaining = len;
|
1787
|
1787
|
int rc;
|
|
@@ -1864,15 +1864,15 @@ static int tls_new_handshake ( struct tls_session *tls,
|
1864
|
1864
|
/**
|
1865
|
1865
|
* Receive new record
|
1866
|
1866
|
*
|
1867
|
|
- * @v tls TLS session
|
|
1867
|
+ * @v tls TLS connection
|
1868
|
1868
|
* @v type Record type
|
1869
|
1869
|
* @v rx_data List of received data buffers
|
1870
|
1870
|
* @ret rc Return status code
|
1871
|
1871
|
*/
|
1872
|
|
-static int tls_new_record ( struct tls_session *tls, unsigned int type,
|
|
1872
|
+static int tls_new_record ( struct tls_connection *tls, unsigned int type,
|
1873
|
1873
|
struct list_head *rx_data ) {
|
1874
|
1874
|
struct io_buffer *iobuf;
|
1875
|
|
- int ( * handler ) ( struct tls_session *tls, const void *data,
|
|
1875
|
+ int ( * handler ) ( struct tls_connection *tls, const void *data,
|
1876
|
1876
|
size_t len );
|
1877
|
1877
|
int rc;
|
1878
|
1878
|
|
|
@@ -2010,16 +2010,16 @@ static void tls_hmac ( struct tls_cipherspec *cipherspec,
|
2010
|
2010
|
/**
|
2011
|
2011
|
* Allocate and assemble stream-ciphered record from data and MAC portions
|
2012
|
2012
|
*
|
2013
|
|
- * @v tls TLS session
|
|
2013
|
+ * @v tls TLS connection
|
2014
|
2014
|
* @ret data Data
|
2015
|
2015
|
* @ret len Length of data
|
2016
|
2016
|
* @ret digest MAC digest
|
2017
|
2017
|
* @ret plaintext_len Length of plaintext record
|
2018
|
2018
|
* @ret plaintext Allocated plaintext record
|
2019
|
2019
|
*/
|
2020
|
|
-static void * __malloc tls_assemble_stream ( struct tls_session *tls,
|
2021
|
|
- const void *data, size_t len,
|
2022
|
|
- void *digest, size_t *plaintext_len ) {
|
|
2020
|
+static void * __malloc
|
|
2021
|
+tls_assemble_stream ( struct tls_connection *tls, const void *data, size_t len,
|
|
2022
|
+ void *digest, size_t *plaintext_len ) {
|
2023
|
2023
|
size_t mac_len = tls->tx_cipherspec.suite->digest->digestsize;
|
2024
|
2024
|
void *plaintext;
|
2025
|
2025
|
void *content;
|
|
@@ -2045,14 +2045,14 @@ static void * __malloc tls_assemble_stream ( struct tls_session *tls,
|
2045
|
2045
|
/**
|
2046
|
2046
|
* Allocate and assemble block-ciphered record from data and MAC portions
|
2047
|
2047
|
*
|
2048
|
|
- * @v tls TLS session
|
|
2048
|
+ * @v tls TLS connection
|
2049
|
2049
|
* @ret data Data
|
2050
|
2050
|
* @ret len Length of data
|
2051
|
2051
|
* @ret digest MAC digest
|
2052
|
2052
|
* @ret plaintext_len Length of plaintext record
|
2053
|
2053
|
* @ret plaintext Allocated plaintext record
|
2054
|
2054
|
*/
|
2055
|
|
-static void * tls_assemble_block ( struct tls_session *tls,
|
|
2055
|
+static void * tls_assemble_block ( struct tls_connection *tls,
|
2056
|
2056
|
const void *data, size_t len,
|
2057
|
2057
|
void *digest, size_t *plaintext_len ) {
|
2058
|
2058
|
size_t blocksize = tls->tx_cipherspec.suite->cipher->blocksize;
|
|
@@ -2093,13 +2093,13 @@ static void * tls_assemble_block ( struct tls_session *tls,
|
2093
|
2093
|
/**
|
2094
|
2094
|
* Send plaintext record
|
2095
|
2095
|
*
|
2096
|
|
- * @v tls TLS session
|
|
2096
|
+ * @v tls TLS connection
|
2097
|
2097
|
* @v type Record type
|
2098
|
2098
|
* @v data Plaintext record
|
2099
|
2099
|
* @v len Length of plaintext record
|
2100
|
2100
|
* @ret rc Return status code
|
2101
|
2101
|
*/
|
2102
|
|
-static int tls_send_plaintext ( struct tls_session *tls, unsigned int type,
|
|
2102
|
+static int tls_send_plaintext ( struct tls_connection *tls, unsigned int type,
|
2103
|
2103
|
const void *data, size_t len ) {
|
2104
|
2104
|
struct tls_header plaintext_tlshdr;
|
2105
|
2105
|
struct tls_header *tlshdr;
|
|
@@ -2185,12 +2185,12 @@ static int tls_send_plaintext ( struct tls_session *tls, unsigned int type,
|
2185
|
2185
|
/**
|
2186
|
2186
|
* Split stream-ciphered record into data and MAC portions
|
2187
|
2187
|
*
|
2188
|
|
- * @v tls TLS session
|
|
2188
|
+ * @v tls TLS connection
|
2189
|
2189
|
* @v rx_data List of received data buffers
|
2190
|
2190
|
* @v mac MAC to fill in
|
2191
|
2191
|
* @ret rc Return status code
|
2192
|
2192
|
*/
|
2193
|
|
-static int tls_split_stream ( struct tls_session *tls,
|
|
2193
|
+static int tls_split_stream ( struct tls_connection *tls,
|
2194
|
2194
|
struct list_head *rx_data, void **mac ) {
|
2195
|
2195
|
size_t mac_len = tls->rx_cipherspec.suite->digest->digestsize;
|
2196
|
2196
|
struct io_buffer *iobuf;
|
|
@@ -2212,12 +2212,12 @@ static int tls_split_stream ( struct tls_session *tls,
|
2212
|
2212
|
/**
|
2213
|
2213
|
* Split block-ciphered record into data and MAC portions
|
2214
|
2214
|
*
|
2215
|
|
- * @v tls TLS session
|
|
2215
|
+ * @v tls TLS connection
|
2216
|
2216
|
* @v rx_data List of received data buffers
|
2217
|
2217
|
* @v mac MAC to fill in
|
2218
|
2218
|
* @ret rc Return status code
|
2219
|
2219
|
*/
|
2220
|
|
-static int tls_split_block ( struct tls_session *tls,
|
|
2220
|
+static int tls_split_block ( struct tls_connection *tls,
|
2221
|
2221
|
struct list_head *rx_data, void **mac ) {
|
2222
|
2222
|
size_t mac_len = tls->rx_cipherspec.suite->digest->digestsize;
|
2223
|
2223
|
struct io_buffer *iobuf;
|
|
@@ -2270,12 +2270,12 @@ static int tls_split_block ( struct tls_session *tls,
|
2270
|
2270
|
/**
|
2271
|
2271
|
* Receive new ciphertext record
|
2272
|
2272
|
*
|
2273
|
|
- * @v tls TLS session
|
|
2273
|
+ * @v tls TLS connection
|
2274
|
2274
|
* @v tlshdr Record header
|
2275
|
2275
|
* @v rx_data List of received data buffers
|
2276
|
2276
|
* @ret rc Return status code
|
2277
|
2277
|
*/
|
2278
|
|
-static int tls_new_ciphertext ( struct tls_session *tls,
|
|
2278
|
+static int tls_new_ciphertext ( struct tls_connection *tls,
|
2279
|
2279
|
struct tls_header *tlshdr,
|
2280
|
2280
|
struct list_head *rx_data ) {
|
2281
|
2281
|
struct tls_header plaintext_tlshdr;
|
|
@@ -2343,10 +2343,10 @@ static int tls_new_ciphertext ( struct tls_session *tls,
|
2343
|
2343
|
/**
|
2344
|
2344
|
* Check flow control window
|
2345
|
2345
|
*
|
2346
|
|
- * @v tls TLS session
|
|
2346
|
+ * @v tls TLS connection
|
2347
|
2347
|
* @ret len Length of window
|
2348
|
2348
|
*/
|
2349
|
|
-static size_t tls_plainstream_window ( struct tls_session *tls ) {
|
|
2349
|
+static size_t tls_plainstream_window ( struct tls_connection *tls ) {
|
2350
|
2350
|
|
2351
|
2351
|
/* Block window unless we are ready to accept data */
|
2352
|
2352
|
if ( ! tls_ready ( tls ) )
|
|
@@ -2358,12 +2358,12 @@ static size_t tls_plainstream_window ( struct tls_session *tls ) {
|
2358
|
2358
|
/**
|
2359
|
2359
|
* Deliver datagram as raw data
|
2360
|
2360
|
*
|
2361
|
|
- * @v tls TLS session
|
|
2361
|
+ * @v tls TLS connection
|
2362
|
2362
|
* @v iobuf I/O buffer
|
2363
|
2363
|
* @v meta Data transfer metadata
|
2364
|
2364
|
* @ret rc Return status code
|
2365
|
2365
|
*/
|
2366
|
|
-static int tls_plainstream_deliver ( struct tls_session *tls,
|
|
2366
|
+static int tls_plainstream_deliver ( struct tls_connection *tls,
|
2367
|
2367
|
struct io_buffer *iobuf,
|
2368
|
2368
|
struct xfer_metadata *meta __unused ) {
|
2369
|
2369
|
int rc;
|
|
@@ -2385,14 +2385,16 @@ static int tls_plainstream_deliver ( struct tls_session *tls,
|
2385
|
2385
|
|
2386
|
2386
|
/** TLS plaintext stream interface operations */
|
2387
|
2387
|
static struct interface_operation tls_plainstream_ops[] = {
|
2388
|
|
- INTF_OP ( xfer_deliver, struct tls_session *, tls_plainstream_deliver ),
|
2389
|
|
- INTF_OP ( xfer_window, struct tls_session *, tls_plainstream_window ),
|
2390
|
|
- INTF_OP ( intf_close, struct tls_session *, tls_close ),
|
|
2388
|
+ INTF_OP ( xfer_deliver, struct tls_connection *,
|
|
2389
|
+ tls_plainstream_deliver ),
|
|
2390
|
+ INTF_OP ( xfer_window, struct tls_connection *,
|
|
2391
|
+ tls_plainstream_window ),
|
|
2392
|
+ INTF_OP ( intf_close, struct tls_connection *, tls_close ),
|
2391
|
2393
|
};
|
2392
|
2394
|
|
2393
|
2395
|
/** TLS plaintext stream interface descriptor */
|
2394
|
2396
|
static struct interface_descriptor tls_plainstream_desc =
|
2395
|
|
- INTF_DESC_PASSTHRU ( struct tls_session, plainstream,
|
|
2397
|
+ INTF_DESC_PASSTHRU ( struct tls_connection, plainstream,
|
2396
|
2398
|
tls_plainstream_ops, cipherstream );
|
2397
|
2399
|
|
2398
|
2400
|
/******************************************************************************
|
|
@@ -2405,10 +2407,10 @@ static struct interface_descriptor tls_plainstream_desc =
|
2405
|
2407
|
/**
|
2406
|
2408
|
* Handle received TLS header
|
2407
|
2409
|
*
|
2408
|
|
- * @v tls TLS session
|
|
2410
|
+ * @v tls TLS connection
|
2409
|
2411
|
* @ret rc Returned status code
|
2410
|
2412
|
*/
|
2411
|
|
-static int tls_newdata_process_header ( struct tls_session *tls ) {
|
|
2413
|
+static int tls_newdata_process_header ( struct tls_connection *tls ) {
|
2412
|
2414
|
size_t data_len = ntohs ( tls->rx_header.length );
|
2413
|
2415
|
size_t remaining = data_len;
|
2414
|
2416
|
size_t frag_len;
|
|
@@ -2470,10 +2472,10 @@ static int tls_newdata_process_header ( struct tls_session *tls ) {
|
2470
|
2472
|
/**
|
2471
|
2473
|
* Handle received TLS data payload
|
2472
|
2474
|
*
|
2473
|
|
- * @v tls TLS session
|
|
2475
|
+ * @v tls TLS connection
|
2474
|
2476
|
* @ret rc Returned status code
|
2475
|
2477
|
*/
|
2476
|
|
-static int tls_newdata_process_data ( struct tls_session *tls ) {
|
|
2478
|
+static int tls_newdata_process_data ( struct tls_connection *tls ) {
|
2477
|
2479
|
struct io_buffer *iobuf;
|
2478
|
2480
|
int rc;
|
2479
|
2481
|
|
|
@@ -2506,10 +2508,10 @@ static int tls_newdata_process_data ( struct tls_session *tls ) {
|
2506
|
2508
|
/**
|
2507
|
2509
|
* Check flow control window
|
2508
|
2510
|
*
|
2509
|
|
- * @v tls TLS session
|
|
2511
|
+ * @v tls TLS connection
|
2510
|
2512
|
* @ret len Length of window
|
2511
|
2513
|
*/
|
2512
|
|
-static size_t tls_cipherstream_window ( struct tls_session *tls ) {
|
|
2514
|
+static size_t tls_cipherstream_window ( struct tls_connection *tls ) {
|
2513
|
2515
|
|
2514
|
2516
|
/* Open window until we are ready to accept data */
|
2515
|
2517
|
if ( ! tls_ready ( tls ) )
|
|
@@ -2521,16 +2523,16 @@ static size_t tls_cipherstream_window ( struct tls_session *tls ) {
|
2521
|
2523
|
/**
|
2522
|
2524
|
* Receive new ciphertext
|
2523
|
2525
|
*
|
2524
|
|
- * @v tls TLS session
|
|
2526
|
+ * @v tls TLS connection
|
2525
|
2527
|
* @v iobuf I/O buffer
|
2526
|
2528
|
* @v meta Data transfer metadat
|
2527
|
2529
|
* @ret rc Return status code
|
2528
|
2530
|
*/
|
2529
|
|
-static int tls_cipherstream_deliver ( struct tls_session *tls,
|
|
2531
|
+static int tls_cipherstream_deliver ( struct tls_connection *tls,
|
2530
|
2532
|
struct io_buffer *iobuf,
|
2531
|
2533
|
struct xfer_metadata *xfer __unused ) {
|
2532
|
2534
|
size_t frag_len;
|
2533
|
|
- int ( * process ) ( struct tls_session *tls );
|
|
2535
|
+ int ( * process ) ( struct tls_connection *tls );
|
2534
|
2536
|
struct io_buffer *dest;
|
2535
|
2537
|
int rc;
|
2536
|
2538
|
|
|
@@ -2578,16 +2580,18 @@ static int tls_cipherstream_deliver ( struct tls_session *tls,
|
2578
|
2580
|
|
2579
|
2581
|
/** TLS ciphertext stream interface operations */
|
2580
|
2582
|
static struct interface_operation tls_cipherstream_ops[] = {
|
2581
|
|
- INTF_OP ( xfer_deliver, struct tls_session *,
|
|
2583
|
+ INTF_OP ( xfer_deliver, struct tls_connection *,
|
2582
|
2584
|
tls_cipherstream_deliver ),
|
2583
|
|
- INTF_OP ( xfer_window, struct tls_session *, tls_cipherstream_window ),
|
2584
|
|
- INTF_OP ( xfer_window_changed, struct tls_session *, tls_tx_resume ),
|
2585
|
|
- INTF_OP ( intf_close, struct tls_session *, tls_close ),
|
|
2585
|
+ INTF_OP ( xfer_window, struct tls_connection *,
|
|
2586
|
+ tls_cipherstream_window ),
|
|
2587
|
+ INTF_OP ( xfer_window_changed, struct tls_connection *,
|
|
2588
|
+ tls_tx_resume ),
|
|
2589
|
+ INTF_OP ( intf_close, struct tls_connection *, tls_close ),
|
2586
|
2590
|
};
|
2587
|
2591
|
|
2588
|
2592
|
/** TLS ciphertext stream interface descriptor */
|
2589
|
2593
|
static struct interface_descriptor tls_cipherstream_desc =
|
2590
|
|
- INTF_DESC_PASSTHRU ( struct tls_session, cipherstream,
|
|
2594
|
+ INTF_DESC_PASSTHRU ( struct tls_connection, cipherstream,
|
2591
|
2595
|
tls_cipherstream_ops, plainstream );
|
2592
|
2596
|
|
2593
|
2597
|
/******************************************************************************
|
|
@@ -2600,10 +2604,10 @@ static struct interface_descriptor tls_cipherstream_desc =
|
2600
|
2604
|
/**
|
2601
|
2605
|
* Handle certificate validation completion
|
2602
|
2606
|
*
|
2603
|
|
- * @v tls TLS session
|
|
2607
|
+ * @v tls TLS connection
|
2604
|
2608
|
* @v rc Reason for completion
|
2605
|
2609
|
*/
|
2606
|
|
-static void tls_validator_done ( struct tls_session *tls, int rc ) {
|
|
2610
|
+static void tls_validator_done ( struct tls_connection *tls, int rc ) {
|
2607
|
2611
|
struct tls_cipherspec *cipherspec = &tls->tx_cipherspec_pending;
|
2608
|
2612
|
struct pubkey_algorithm *pubkey = cipherspec->suite->pubkey;
|
2609
|
2613
|
struct x509_certificate *cert;
|
|
@@ -2658,12 +2662,12 @@ static void tls_validator_done ( struct tls_session *tls, int rc ) {
|
2658
|
2662
|
|
2659
|
2663
|
/** TLS certificate validator interface operations */
|
2660
|
2664
|
static struct interface_operation tls_validator_ops[] = {
|
2661
|
|
- INTF_OP ( intf_close, struct tls_session *, tls_validator_done ),
|
|
2665
|
+ INTF_OP ( intf_close, struct tls_connection *, tls_validator_done ),
|
2662
|
2666
|
};
|
2663
|
2667
|
|
2664
|
2668
|
/** TLS certificate validator interface descriptor */
|
2665
|
2669
|
static struct interface_descriptor tls_validator_desc =
|
2666
|
|
- INTF_DESC ( struct tls_session, validator, tls_validator_ops );
|
|
2670
|
+ INTF_DESC ( struct tls_connection, validator, tls_validator_ops );
|
2667
|
2671
|
|
2668
|
2672
|
/******************************************************************************
|
2669
|
2673
|
*
|
|
@@ -2675,9 +2679,9 @@ static struct interface_descriptor tls_validator_desc =
|
2675
|
2679
|
/**
|
2676
|
2680
|
* TLS TX state machine
|
2677
|
2681
|
*
|
2678
|
|
- * @v tls TLS session
|
|
2682
|
+ * @v tls TLS connection
|
2679
|
2683
|
*/
|
2680
|
|
-static void tls_tx_step ( struct tls_session *tls ) {
|
|
2684
|
+static void tls_tx_step ( struct tls_connection *tls ) {
|
2681
|
2685
|
int rc;
|
2682
|
2686
|
|
2683
|
2687
|
/* Wait for cipherstream to become ready */
|
|
@@ -2755,7 +2759,7 @@ static void tls_tx_step ( struct tls_session *tls ) {
|
2755
|
2759
|
|
2756
|
2760
|
/** TLS TX process descriptor */
|
2757
|
2761
|
static struct process_descriptor tls_process_desc =
|
2758
|
|
- PROC_DESC_ONCE ( struct tls_session, process, tls_tx_step );
|
|
2762
|
+ PROC_DESC_ONCE ( struct tls_connection, process, tls_tx_step );
|
2759
|
2763
|
|
2760
|
2764
|
/******************************************************************************
|
2761
|
2765
|
*
|
|
@@ -2766,7 +2770,7 @@ static struct process_descriptor tls_process_desc =
|
2766
|
2770
|
|
2767
|
2771
|
int add_tls ( struct interface *xfer, const char *name,
|
2768
|
2772
|
struct interface **next ) {
|
2769
|
|
- struct tls_session *tls;
|
|
2773
|
+ struct tls_connection *tls;
|
2770
|
2774
|
int rc;
|
2771
|
2775
|
|
2772
|
2776
|
/* Allocate and initialise TLS structure */
|