robin.thoni
/
ipxe
Beobachten 1
Favorisieren 0
Fork 0
Code Issues 0 Pull-Requests 0 Releases 11 Wiki Aktivität
Du kannst nicht mehr als 25 Themen auswählen Themen müssen mit entweder einem Buchstaben oder einer Ziffer beginnen. Sie können Bindestriche („-“) enthalten und bis zu 35 Zeichen lang sein.
4017 Commits
2 Branches
Struktur: cf78afa5c5
Branches Tags
${ item.name }
Erstelle Branch ${ searchTerm }
von „cf78afa5c5“
${ noResults }
ipxe/src/include/ipxe/tls.h

tls.h 6.3KB
Verlauf Originalformat

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262 
  1. #ifndef _IPXE_TLS_H

  2. #define _IPXE_TLS_H

  3. 

  4. /**

  5.  * @file

  6.  *

  7.  * Transport Layer Security Protocol

  8.  */

  9. 

  10. FILE_LICENCE ( GPL2_OR_LATER );

  11. 

  12. #include <stdint.h>

  13. #include <ipxe/refcnt.h>

  14. #include <ipxe/interface.h>

  15. #include <ipxe/process.h>

  16. #include <ipxe/crypto.h>

  17. #include <ipxe/md5.h>

  18. #include <ipxe/sha1.h>

  19. #include <ipxe/sha256.h>

  20. #include <ipxe/x509.h>

  21. 

  22. /** A TLS header */

  23. struct tls_header {

  24. 	/** Content type

  25. 	 *

  26. 	 * This is a TLS_TYPE_XXX constant

  27. 	 */

  28. 	uint8_t type;

  29. 	/** Protocol version

  30. 	 *

  31. 	 * This is a TLS_VERSION_XXX constant

  32. 	 */

  33. 	uint16_t version;

  34. 	/** Length of payload */

  35. 	uint16_t length;

  36. } __attribute__ (( packed ));

  37. 

  38. /** TLS version 1.0 */

  39. #define TLS_VERSION_TLS_1_0 0x0301

  40. 

  41. /** TLS version 1.1 */

  42. #define TLS_VERSION_TLS_1_1 0x0302

  43. 

  44. /** TLS version 1.2 */

  45. #define TLS_VERSION_TLS_1_2 0x0303

  46. 

  47. /** Change cipher content type */

  48. #define TLS_TYPE_CHANGE_CIPHER 20

  49. 

  50. /** Alert content type */

  51. #define TLS_TYPE_ALERT 21

  52. 

  53. /** Handshake content type */

  54. #define TLS_TYPE_HANDSHAKE 22

  55. 

  56. /** Application data content type */

  57. #define TLS_TYPE_DATA 23

  58. 

  59. /* Handshake message types */

  60. #define TLS_HELLO_REQUEST 0

  61. #define TLS_CLIENT_HELLO 1

  62. #define TLS_SERVER_HELLO 2

  63. #define TLS_CERTIFICATE 11

  64. #define TLS_SERVER_KEY_EXCHANGE 12

  65. #define TLS_CERTIFICATE_REQUEST 13

  66. #define TLS_SERVER_HELLO_DONE 14

  67. #define TLS_CERTIFICATE_VERIFY 15

  68. #define TLS_CLIENT_KEY_EXCHANGE 16

  69. #define TLS_FINISHED 20

  70. 

  71. /* TLS alert levels */

  72. #define TLS_ALERT_WARNING 1

  73. #define TLS_ALERT_FATAL 2

  74. 

  75. /* TLS cipher specifications */

  76. #define TLS_RSA_WITH_NULL_MD5 0x0001

  77. #define TLS_RSA_WITH_NULL_SHA 0x0002

  78. #define TLS_RSA_WITH_AES_128_CBC_SHA 0x002f

  79. #define TLS_RSA_WITH_AES_256_CBC_SHA 0x0035

  80. #define TLS_RSA_WITH_AES_128_CBC_SHA256 0x003c

  81. #define TLS_RSA_WITH_AES_256_CBC_SHA256 0x003d

  82. 

  83. /* TLS hash algorithm identifiers */

  84. #define TLS_MD5_ALGORITHM 1

  85. #define TLS_SHA1_ALGORITHM 2

  86. #define TLS_SHA256_ALGORITHM 4

  87. 

  88. /* TLS signature algorithm identifiers */

  89. #define TLS_RSA_ALGORITHM 1

  90. 

  91. /* TLS extension types */

  92. #define TLS_SERVER_NAME 0

  93. #define TLS_SERVER_NAME_HOST_NAME 0

  94. 

  95. /** TLS RX state machine state */

  96. enum tls_rx_state {

  97. 	TLS_RX_HEADER = 0,

  98. 	TLS_RX_DATA,

  99. };

  100. 

  101. /** TLS TX pending flags */

  102. enum tls_tx_pending {

  103. 	TLS_TX_CLIENT_HELLO = 0x0001,

  104. 	TLS_TX_CERTIFICATE = 0x0002,

  105. 	TLS_TX_CLIENT_KEY_EXCHANGE = 0x0004,

  106. 	TLS_TX_CERTIFICATE_VERIFY = 0x0008,

  107. 	TLS_TX_CHANGE_CIPHER = 0x0010,

  108. 	TLS_TX_FINISHED = 0x0020,

  109. };

  110. 

  111. /** A TLS cipher suite */

  112. struct tls_cipher_suite {

  113. 	/** Public-key encryption algorithm */

  114. 	struct pubkey_algorithm *pubkey;

  115. 	/** Bulk encryption cipher algorithm */

  116. 	struct cipher_algorithm *cipher;

  117. 	/** MAC digest algorithm */

  118. 	struct digest_algorithm *digest;

  119. 	/** Key length */

  120. 	uint16_t key_len;

  121. 	/** Numeric code (in network-endian order) */

  122. 	uint16_t code;

  123. };

  124. 

  125. /** A TLS cipher specification */

  126. struct tls_cipherspec {

  127. 	/** Cipher suite */

  128. 	struct tls_cipher_suite *suite;

  129. 	/** Dynamically-allocated storage */

  130. 	void *dynamic;

  131. 	/** Public key encryption context */

  132. 	void *pubkey_ctx;

  133. 	/** Bulk encryption cipher context */

  134. 	void *cipher_ctx;

  135. 	/** Next bulk encryption cipher context (TX only) */

  136. 	void *cipher_next_ctx;

  137. 	/** MAC secret */

  138. 	void *mac_secret;

  139. };

  140. 

  141. /** A TLS signature and hash algorithm identifier */

  142. struct tls_signature_hash_id {

  143. 	/** Hash algorithm */

  144. 	uint8_t hash;

  145. 	/** Signature algorithm */

  146. 	uint8_t signature;

  147. } __attribute__ (( packed ));

  148. 

  149. /** A TLS signature algorithm */

  150. struct tls_signature_hash_algorithm {

  151. 	/** Digest algorithm */

  152. 	struct digest_algorithm *digest;

  153. 	/** Public-key algorithm */

  154. 	struct pubkey_algorithm *pubkey;

  155. 	/** Numeric code */

  156. 	struct tls_signature_hash_id code;

  157. };

  158. 

  159. /** TLS pre-master secret */

  160. struct tls_pre_master_secret {

  161. 	/** TLS version */

  162. 	uint16_t version;

  163. 	/** Random data */

  164. 	uint8_t random[46];

  165. } __attribute__ (( packed ));

  166. 

  167. /** TLS client random data */

  168. struct tls_client_random {

  169. 	/** GMT Unix time */

  170. 	uint32_t gmt_unix_time;

  171. 	/** Random data */

  172. 	uint8_t random[28];

  173. } __attribute__ (( packed ));

  174. 

  175. /** An MD5+SHA1 context */

  176. struct md5_sha1_context {

  177. 	/** MD5 context */

  178. 	uint8_t md5[MD5_CTX_SIZE];

  179. 	/** SHA-1 context */

  180. 	uint8_t sha1[SHA1_CTX_SIZE];

  181. } __attribute__ (( packed ));

  182. 

  183. /** MD5+SHA1 context size */

  184. #define MD5_SHA1_CTX_SIZE sizeof ( struct md5_sha1_context )

  185. 

  186. /** An MD5+SHA1 digest */

  187. struct md5_sha1_digest {

  188. 	/** MD5 digest */

  189. 	uint8_t md5[MD5_DIGEST_SIZE];

  190. 	/** SHA-1 digest */

  191. 	uint8_t sha1[SHA1_DIGEST_SIZE];

  192. } __attribute__ (( packed ));

  193. 

  194. /** MD5+SHA1 digest size */

  195. #define MD5_SHA1_DIGEST_SIZE sizeof ( struct md5_sha1_digest )

  196. 

  197. /** A TLS session */

  198. struct tls_session {

  199. 	/** Reference counter */

  200. 	struct refcnt refcnt;

  201. 

  202. 	/** Server name */

  203. 	const char *name;

  204. 	/** Plaintext stream */

  205. 	struct interface plainstream;

  206. 	/** Ciphertext stream */

  207. 	struct interface cipherstream;

  208. 

  209. 	/** Protocol version */

  210. 	uint16_t version;

  211. 	/** Current TX cipher specification */

  212. 	struct tls_cipherspec tx_cipherspec;

  213. 	/** Next TX cipher specification */

  214. 	struct tls_cipherspec tx_cipherspec_pending;

  215. 	/** Current RX cipher specification */

  216. 	struct tls_cipherspec rx_cipherspec;

  217. 	/** Next RX cipher specification */

  218. 	struct tls_cipherspec rx_cipherspec_pending;

  219. 	/** Premaster secret */

  220. 	struct tls_pre_master_secret pre_master_secret;

  221. 	/** Master secret */

  222. 	uint8_t master_secret[48];

  223. 	/** Server random bytes */

  224. 	uint8_t server_random[32];

  225. 	/** Client random bytes */

  226. 	struct tls_client_random client_random;

  227. 	/** MD5+SHA1 context for handshake verification */

  228. 	uint8_t handshake_md5_sha1_ctx[MD5_SHA1_CTX_SIZE];

  229. 	/** SHA256 context for handshake verification */

  230. 	uint8_t handshake_sha256_ctx[SHA256_CTX_SIZE];

  231. 	/** Digest algorithm used for handshake verification */

  232. 	struct digest_algorithm *handshake_digest;

  233. 	/** Digest algorithm context used for handshake verification */

  234. 	uint8_t *handshake_ctx;

  235. 	/** Public-key algorithm used for Certificate Verify (if sent) */

  236. 	struct pubkey_algorithm *verify_pubkey;

  237. 

  238. 	/** TX sequence number */

  239. 	uint64_t tx_seq;

  240. 	/** TX pending transmissions */

  241. 	unsigned int tx_pending;

  242. 	/** TX process */

  243. 	struct process process;

  244. 	/** TX ready for plaintext data */

  245. 	int tx_ready;

  246. 

  247. 	/** RX sequence number */

  248. 	uint64_t rx_seq;

  249. 	/** RX state */

  250. 	enum tls_rx_state rx_state;

  251. 	/** Offset within current RX state */

  252. 	size_t rx_rcvd;

  253. 	/** Current received record header */

  254. 	struct tls_header rx_header;

  255. 	/** Current received raw data buffer */

  256. 	void *rx_data;

  257. };

  258. 

  259. extern int add_tls ( struct interface *xfer, const char *name,

  260. 		     struct interface **next );

  261. 

  262. #endif /* _IPXE_TLS_H */