robin.thoni
/
ipxe
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 11 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2769 Commits
2 Branches
Tree: ce0a0ccf5c
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'ce0a0ccf5c'
${ noResults }
ipxe/src/include/gpxe/tls.h

tls.h 4.3KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187 
  1. #ifndef _GPXE_TLS_H

  2. #define _GPXE_TLS_H

  3. 

  4. /**

  5.  * @file

  6.  *

  7.  * Transport Layer Security Protocol

  8.  */

  9. 

  10. #include <stdint.h>

  11. #include <gpxe/refcnt.h>

  12. #include <gpxe/filter.h>

  13. #include <gpxe/process.h>

  14. #include <gpxe/crypto.h>

  15. #include <gpxe/md5.h>

  16. #include <gpxe/sha1.h>

  17. 

  18. /** A TLS header */

  19. struct tls_header {

  20. 	/** Content type

  21. 	 *

  22. 	 * This is a TLS_TYPE_XXX constant

  23. 	 */

  24. 	uint8_t type;

  25. 	/** Protocol version

  26. 	 *

  27. 	 * This is a TLS_VERSION_XXX constant

  28. 	 */

  29. 	uint16_t version;

  30. 	/** Length of payload */

  31. 	uint16_t length;

  32. } __attribute__ (( packed ));

  33. 

  34. /** TLS version 1.0 */

  35. #define TLS_VERSION_TLS_1_0 0x0301

  36. 

  37. /** TLS version 1.1 */

  38. #define TLS_VERSION_TLS_1_1 0x0302

  39. 

  40. /** Change cipher content type */

  41. #define TLS_TYPE_CHANGE_CIPHER 20

  42. 

  43. /** Alert content type */

  44. #define TLS_TYPE_ALERT 21

  45. 

  46. /** Handshake content type */

  47. #define TLS_TYPE_HANDSHAKE 22

  48. 

  49. /** Application data content type */

  50. #define TLS_TYPE_DATA 23

  51. 

  52. /* Handshake message types */

  53. #define TLS_HELLO_REQUEST 0

  54. #define TLS_CLIENT_HELLO 1

  55. #define TLS_SERVER_HELLO 2

  56. #define TLS_CERTIFICATE 11

  57. #define TLS_SERVER_KEY_EXCHANGE 12

  58. #define TLS_CERTIFICATE_REQUEST 13

  59. #define TLS_SERVER_HELLO_DONE 14

  60. #define TLS_CERTIFICATE_VERIFY 15

  61. #define TLS_CLIENT_KEY_EXCHANGE 16

  62. #define TLS_FINISHED 20

  63. 

  64. /* TLS alert levels */

  65. #define TLS_ALERT_WARNING 1

  66. #define TLS_ALERT_FATAL 2

  67. 

  68. /* TLS cipher specifications */

  69. #define TLS_RSA_WITH_NULL_MD5 0x0001

  70. #define TLS_RSA_WITH_NULL_SHA 0x0002

  71. #define TLS_RSA_WITH_AES_128_CBC_SHA 0x002f

  72. #define TLS_RSA_WITH_AES_256_CBC_SHA 0x0035

  73. 

  74. /** TLS RX state machine state */

  75. enum tls_rx_state {

  76. 	TLS_RX_HEADER = 0,

  77. 	TLS_RX_DATA,

  78. };

  79. 

  80. /** TLS TX state machine state */

  81. enum tls_tx_state {

  82. 	TLS_TX_NONE = 0,

  83. 	TLS_TX_CLIENT_HELLO,

  84. 	TLS_TX_CLIENT_KEY_EXCHANGE,

  85. 	TLS_TX_CHANGE_CIPHER,

  86. 	TLS_TX_FINISHED,

  87. 	TLS_TX_DATA

  88. };

  89. 

  90. /** A TLS cipher specification */

  91. struct tls_cipherspec {

  92. 	/** Public-key encryption algorithm */

  93. 	struct crypto_algorithm *pubkey;

  94. 	/** Bulk encryption cipher algorithm */

  95. 	struct crypto_algorithm *cipher;

  96. 	/** MAC digest algorithm */

  97. 	struct crypto_algorithm *digest;

  98. 	/** Key length */

  99. 	size_t key_len;

  100. 	/** Dynamically-allocated storage */

  101. 	void *dynamic;

  102. 	/** Public key encryption context */

  103. 	void *pubkey_ctx;

  104. 	/** Bulk encryption cipher context */

  105. 	void *cipher_ctx;

  106. 	/** Next bulk encryption cipher context (TX only) */

  107. 	void *cipher_next_ctx;

  108. 	/** MAC secret */

  109. 	void *mac_secret;

  110. };

  111. 

  112. /** TLS pre-master secret */

  113. struct tls_pre_master_secret {

  114. 	/** TLS version */

  115. 	uint16_t version;

  116. 	/** Random data */

  117. 	uint8_t random[46];

  118. } __attribute__ (( packed ));

  119. 

  120. /** TLS client random data */

  121. struct tls_client_random {

  122. 	/** GMT Unix time */

  123. 	uint32_t gmt_unix_time;

  124. 	/** Random data */

  125. 	uint8_t random[28];

  126. } __attribute__ (( packed ));

  127. 

  128. /** A TLS session */

  129. struct tls_session {

  130. 	/** Reference counter */

  131. 	struct refcnt refcnt;

  132. 

  133. 	/** Plaintext stream */

  134. 	struct xfer_filter_half plainstream;

  135. 	/** Ciphertext stream */

  136. 	struct xfer_filter_half cipherstream;

  137. 

  138. 	/** Current TX cipher specification */

  139. 	struct tls_cipherspec tx_cipherspec;

  140. 	/** Next TX cipher specification */

  141. 	struct tls_cipherspec tx_cipherspec_pending;

  142. 	/** Current RX cipher specification */

  143. 	struct tls_cipherspec rx_cipherspec;

  144. 	/** Next RX cipher specification */

  145. 	struct tls_cipherspec rx_cipherspec_pending;

  146. 	/** Premaster secret */

  147. 	struct tls_pre_master_secret pre_master_secret;

  148. 	/** Master secret */

  149. 	uint8_t master_secret[48];

  150. 	/** Server random bytes */

  151. 	uint8_t server_random[32];

  152. 	/** Client random bytes */

  153. 	struct tls_client_random client_random;

  154. 	/** MD5 context for handshake verification */

  155. 	uint8_t handshake_md5_ctx[MD5_CTX_SIZE];

  156. 	/** SHA1 context for handshake verification */

  157. 	uint8_t handshake_sha1_ctx[SHA1_CTX_SIZE];

  158. 

  159. 	/** Hack: server RSA public key */

  160. 	uint8_t *rsa_mod;

  161. 	size_t rsa_mod_len;

  162. 	uint8_t *rsa_pub_exp;

  163. 	size_t rsa_pub_exp_len;

  164. 

  165. 	/** TX sequence number */

  166. 	uint64_t tx_seq;

  167. 	/** TX state */

  168. 	enum tls_tx_state tx_state;

  169. 	/** TX process */

  170. 	struct process process;

  171. 

  172. 	/** RX sequence number */

  173. 	uint64_t rx_seq;

  174. 	/** RX state */

  175. 	enum tls_rx_state rx_state;

  176. 	/** Offset within current RX state */

  177. 	size_t rx_rcvd;

  178. 	/** Current received record header */

  179. 	struct tls_header rx_header;

  180. 	/** Current received raw data buffer */

  181. 	void *rx_data;

  182. };

  183. 

  184. extern int add_tls ( struct xfer_interface *xfer,

  185. 		     struct xfer_interface **next );

  186. 

  187. #endif /* _GPXE_TLS_H */