Преглед на файлове

TLS now working again.

tags/v0.9.3
Michael Brown преди 17 години
родител
ревизия
6fc9ed167e
променени са 3 файла, в които са добавени 1904 реда и са изтрити 14 реда
  1. 164
    5
      src/include/gpxe/tls.h
  2. 8
    9
      src/net/tcp/http.c
  3. 1732
    0
      src/net/tls.c

+ 164
- 5
src/include/gpxe/tls.h Целия файл

@@ -1,12 +1,171 @@
1 1
 #ifndef _GPXE_TLS_H
2 2
 #define _GPXE_TLS_H
3 3
 
4
-#include <errno.h>
4
+/**
5
+ * @file
6
+ *
7
+ * Transport Layer Security Protocol
8
+ */
5 9
 
6
-struct stream_application;
10
+#include <stdint.h>
11
+#include <gpxe/refcnt.h>
12
+#include <gpxe/filter.h>
13
+#include <gpxe/process.h>
14
+#include <gpxe/crypto.h>
15
+#include <gpxe/md5.h>
16
+#include <gpxe/sha1.h>
7 17
 
8
-static inline int add_tls ( struct stream_application *app __unused ) {
9
-	return -ENOTSUP;
10
-}
18
+/** A TLS header */
19
+struct tls_header {
20
+	/** Content type
21
+	 *
22
+	 * This is a TLS_TYPE_XXX constant
23
+	 */
24
+	uint8_t type;
25
+	/** Protocol version
26
+	 *
27
+	 * This is a TLS_VERSION_XXX constant
28
+	 */
29
+	uint16_t version;
30
+	/** Length of payload */
31
+	uint16_t length;
32
+} __attribute__ (( packed ));
33
+
34
+/** TLS version 1.0 */
35
+#define TLS_VERSION_TLS_1_0 0x0301
36
+
37
+/** TLS version 1.1 */
38
+#define TLS_VERSION_TLS_1_1 0x0302
39
+
40
+/** Change cipher content type */
41
+#define TLS_TYPE_CHANGE_CIPHER 20
42
+
43
+/** Alert content type */
44
+#define TLS_TYPE_ALERT 21
45
+
46
+/** Handshake content type */
47
+#define TLS_TYPE_HANDSHAKE 22
48
+
49
+/** Application data content type */
50
+#define TLS_TYPE_DATA 23
51
+
52
+/* Handshake message types */
53
+#define TLS_HELLO_REQUEST 0
54
+#define TLS_CLIENT_HELLO 1
55
+#define TLS_SERVER_HELLO 2
56
+#define TLS_CERTIFICATE 11
57
+#define TLS_SERVER_KEY_EXCHANGE 12
58
+#define TLS_CERTIFICATE_REQUEST 13
59
+#define TLS_SERVER_HELLO_DONE 14
60
+#define TLS_CERTIFICATE_VERIFY 15
61
+#define TLS_CLIENT_KEY_EXCHANGE 16
62
+#define TLS_FINISHED 20
63
+
64
+/* TLS alert levels */
65
+#define TLS_ALERT_WARNING 1
66
+#define TLS_ALERT_FATAL 2
67
+
68
+/* TLS cipher specifications */
69
+#define TLS_RSA_WITH_NULL_MD5 0x0001
70
+#define TLS_RSA_WITH_NULL_SHA 0x0002
71
+#define TLS_RSA_WITH_AES_128_CBC_SHA 0x002f
72
+#define TLS_RSA_WITH_AES_256_CBC_SHA 0x0035
73
+
74
+/** TLS RX state machine state */
75
+enum tls_rx_state {
76
+	TLS_RX_HEADER = 0,
77
+	TLS_RX_DATA,
78
+};
79
+
80
+/** TLS TX state machine state */
81
+enum tls_tx_state {
82
+	TLS_TX_NONE = 0,
83
+	TLS_TX_CLIENT_HELLO,
84
+	TLS_TX_CLIENT_KEY_EXCHANGE,
85
+	TLS_TX_CHANGE_CIPHER,
86
+	TLS_TX_FINISHED,
87
+	TLS_TX_DATA
88
+};
89
+
90
+/** A TLS cipher specification */
91
+struct tls_cipherspec {
92
+	/** Public-key encryption algorithm */
93
+	struct crypto_algorithm *pubkey;
94
+	/** Bulk encryption cipher algorithm */
95
+	struct crypto_algorithm *cipher;
96
+	/** MAC digest algorithm */
97
+	struct crypto_algorithm *digest;
98
+	/** Key length */
99
+	size_t key_len;
100
+	/** Dynamically-allocated storage */
101
+	void *dynamic;
102
+	/** Public key encryption context */
103
+	void *pubkey_ctx;
104
+	/** Bulk encryption cipher context */
105
+	void *cipher_ctx;
106
+	/** Next bulk encryption cipher context (TX only) */
107
+	void *cipher_next_ctx;
108
+	/** MAC secret */
109
+	void *mac_secret;
110
+};
111
+
112
+/** A TLS session */
113
+struct tls_session {
114
+	/** Reference counter */
115
+	struct refcnt refcnt;
116
+
117
+	/** Plaintext stream */
118
+	struct xfer_filter_half plainstream;
119
+	/** Ciphertext stream */
120
+	struct xfer_filter_half cipherstream;
121
+
122
+	/** Current TX cipher specification */
123
+	struct tls_cipherspec tx_cipherspec;
124
+	/** Next TX cipher specification */
125
+	struct tls_cipherspec tx_cipherspec_pending;
126
+	/** Current RX cipher specification */
127
+	struct tls_cipherspec rx_cipherspec;
128
+	/** Next RX cipher specification */
129
+	struct tls_cipherspec rx_cipherspec_pending;
130
+	/** Premaster secret */
131
+	uint8_t pre_master_secret[48];
132
+	/** Master secret */
133
+	uint8_t master_secret[48];
134
+	/** Server random bytes */
135
+	uint8_t server_random[32];
136
+	/** Client random bytes */
137
+	uint8_t client_random[32];
138
+	/** MD5 context for handshake verification */
139
+	uint8_t handshake_md5_ctx[MD5_CTX_SIZE];
140
+	/** SHA1 context for handshake verification */
141
+	uint8_t handshake_sha1_ctx[SHA1_CTX_SIZE];
142
+
143
+	/** Hack: server RSA public key */
144
+	uint8_t *rsa_mod;
145
+	size_t rsa_mod_len;
146
+	uint8_t *rsa_pub_exp;
147
+	size_t rsa_pub_exp_len;
148
+
149
+	/** TX sequence number */
150
+	uint64_t tx_seq;
151
+	/** TX state */
152
+	enum tls_tx_state tx_state;
153
+	/** TX process */
154
+	struct process process;
155
+
156
+	/** RX sequence number */
157
+	uint64_t rx_seq;
158
+	/** RX state */
159
+	enum tls_rx_state rx_state;
160
+	/** Offset within current RX state */
161
+	size_t rx_rcvd;
162
+	/** Current received record header */
163
+	struct tls_header rx_header;
164
+	/** Current received raw data buffer */
165
+	void *rx_data;
166
+};
167
+
168
+extern int add_tls ( struct xfer_interface *xfer,
169
+		     struct xfer_interface **next );
11 170
 
12 171
 #endif /* _GPXE_TLS_H */

+ 8
- 9
src/net/tcp/http.c Целия файл

@@ -468,6 +468,7 @@ static struct xfer_interface_operations http_xfer_operations = {
468 468
 static int http_open ( struct xfer_interface *xfer, struct uri *uri ) {
469 469
 	struct http_request *http;
470 470
 	struct sockaddr_tcpip server;
471
+	struct xfer_interface *socket;
471 472
 	int rc;
472 473
 
473 474
 	/* Sanity checks */
@@ -487,18 +488,16 @@ static int http_open ( struct xfer_interface *xfer, struct uri *uri ) {
487 488
 	/* Open socket */
488 489
 	memset ( &server, 0, sizeof ( server ) );
489 490
 	server.st_port = htons ( uri_port ( http->uri, HTTP_PORT ) );
490
-	if ( ( rc = xfer_open_named_socket ( &http->socket, SOCK_STREAM,
491
-					     ( struct sockaddr * ) &server,
492
-					     uri->host, NULL ) ) != 0 )
493
-		goto err;
494
-
495
-#if 0
491
+	socket = &http->socket;
496 492
 	if ( strcmp ( http->uri->scheme, "https" ) == 0 ) {
497
-		st->st_port = htons ( uri_port ( http->uri, HTTPS_PORT ) );
498
-		if ( ( rc = add_tls ( &http->stream ) ) != 0 )
493
+		server.st_port = htons ( uri_port ( http->uri, HTTPS_PORT ) );
494
+		if ( ( rc = add_tls ( socket, &socket ) ) != 0 )
499 495
 			goto err;
500 496
 	}
501
-#endif
497
+	if ( ( rc = xfer_open_named_socket ( socket, SOCK_STREAM,
498
+					     ( struct sockaddr * ) &server,
499
+					     uri->host, NULL ) ) != 0 )
500
+		goto err;
502 501
 
503 502
 	/* Attach to parent interface, mortalise self, and return */
504 503
 	xfer_plug_plug ( &http->xfer, xfer );

+ 1732
- 0
src/net/tls.c
Файловите разлики са ограничени, защото са твърде много
Целия файл


Loading…
Отказ
Запис