src/include/gpxe/tls.h

   1 #ifndef _GPXE_TLS_H
   2 #define _GPXE_TLS_H
   3
   4 /**
   5  * @file
   6  *
   7  * Transport Layer Security Protocol
   8  */
   9
  10 #include <stdint.h>
  11 #include <gpxe/refcnt.h>
  12 #include <gpxe/filter.h>
  13 #include <gpxe/process.h>
  14 #include <gpxe/crypto.h>
  15 #include <gpxe/md5.h>
  16 #include <gpxe/sha1.h>
  17 #include <gpxe/x509.h>
  18
  19 /** A TLS header */
  20 struct tls_header {
  21         /** Content type
  22          *
  23          * This is a TLS_TYPE_XXX constant
  24          */
  25         uint8_t type;
  26         /** Protocol version
  27          *
  28          * This is a TLS_VERSION_XXX constant
  29          */
  30         uint16_t version;
  31         /** Length of payload */
  32         uint16_t length;
  33 } __attribute__ (( packed ));
  34
  35 /** TLS version 1.0 */
  36 #define TLS_VERSION_TLS_1_0 0x0301
  37
  38 /** TLS version 1.1 */
  39 #define TLS_VERSION_TLS_1_1 0x0302
  40
  41 /** Change cipher content type */
  42 #define TLS_TYPE_CHANGE_CIPHER 20
  43
  44 /** Alert content type */
  45 #define TLS_TYPE_ALERT 21
  46
  47 /** Handshake content type */
  48 #define TLS_TYPE_HANDSHAKE 22
  49
  50 /** Application data content type */
  51 #define TLS_TYPE_DATA 23
  52
  53 /* Handshake message types */
  54 #define TLS_HELLO_REQUEST 0
  55 #define TLS_CLIENT_HELLO 1
  56 #define TLS_SERVER_HELLO 2
  57 #define TLS_CERTIFICATE 11
  58 #define TLS_SERVER_KEY_EXCHANGE 12
  59 #define TLS_CERTIFICATE_REQUEST 13
  60 #define TLS_SERVER_HELLO_DONE 14
  61 #define TLS_CERTIFICATE_VERIFY 15
  62 #define TLS_CLIENT_KEY_EXCHANGE 16
  63 #define TLS_FINISHED 20
  64
  65 /* TLS alert levels */
  66 #define TLS_ALERT_WARNING 1
  67 #define TLS_ALERT_FATAL 2
  68
  69 /* TLS cipher specifications */
  70 #define TLS_RSA_WITH_NULL_MD5 0x0001
  71 #define TLS_RSA_WITH_NULL_SHA 0x0002
  72 #define TLS_RSA_WITH_AES_128_CBC_SHA 0x002f
  73 #define TLS_RSA_WITH_AES_256_CBC_SHA 0x0035
  74
  75 /** TLS RX state machine state */
  76 enum tls_rx_state {
  77         TLS_RX_HEADER = 0,
  78         TLS_RX_DATA,
  79 };
  80
  81 /** TLS TX state machine state */
  82 enum tls_tx_state {
  83         TLS_TX_NONE = 0,
  84         TLS_TX_CLIENT_HELLO,
  85         TLS_TX_CLIENT_KEY_EXCHANGE,
  86         TLS_TX_CHANGE_CIPHER,
  87         TLS_TX_FINISHED,
  88         TLS_TX_DATA
  89 };
  90
  91 /** A TLS cipher specification */
  92 struct tls_cipherspec {
  93         /** Public-key encryption algorithm */
  94         struct pubkey_algorithm *pubkey;
  95         /** Bulk encryption cipher algorithm */
  96         struct cipher_algorithm *cipher;
  97         /** MAC digest algorithm */
  98         struct digest_algorithm *digest;
  99         /** Key length */
 100         size_t key_len;
 101         /** Dynamically-allocated storage */
 102         void *dynamic;
 103         /** Public key encryption context */
 104         void *pubkey_ctx;
 105         /** Bulk encryption cipher context */
 106         void *cipher_ctx;
 107         /** Next bulk encryption cipher context (TX only) */
 108         void *cipher_next_ctx;
 109         /** MAC secret */
 110         void *mac_secret;
 111 };
 112
 113 /** TLS pre-master secret */
 114 struct tls_pre_master_secret {
 115         /** TLS version */
 116         uint16_t version;
 117         /** Random data */
 118         uint8_t random[46];
 119 } __attribute__ (( packed ));
 120
 121 /** TLS client random data */
 122 struct tls_client_random {
 123         /** GMT Unix time */
 124         uint32_t gmt_unix_time;
 125         /** Random data */
 126         uint8_t random[28];
 127 } __attribute__ (( packed ));
 128
 129 /** A TLS session */
 130 struct tls_session {
 131         /** Reference counter */
 132         struct refcnt refcnt;
 133
 134         /** Plaintext stream */
 135         struct xfer_filter_half plainstream;
 136         /** Ciphertext stream */
 137         struct xfer_filter_half cipherstream;
 138
 139         /** Current TX cipher specification */
 140         struct tls_cipherspec tx_cipherspec;
 141         /** Next TX cipher specification */
 142         struct tls_cipherspec tx_cipherspec_pending;
 143         /** Current RX cipher specification */
 144         struct tls_cipherspec rx_cipherspec;
 145         /** Next RX cipher specification */
 146         struct tls_cipherspec rx_cipherspec_pending;
 147         /** Premaster secret */
 148         struct tls_pre_master_secret pre_master_secret;
 149         /** Master secret */
 150         uint8_t master_secret[48];
 151         /** Server random bytes */
 152         uint8_t server_random[32];
 153         /** Client random bytes */
 154         struct tls_client_random client_random;
 155         /** MD5 context for handshake verification */
 156         uint8_t handshake_md5_ctx[MD5_CTX_SIZE];
 157         /** SHA1 context for handshake verification */
 158         uint8_t handshake_sha1_ctx[SHA1_CTX_SIZE];
 159
 160         /** Hack: server RSA public key */
 161         struct x509_rsa_public_key rsa;
 162
 163         /** TX sequence number */
 164         uint64_t tx_seq;
 165         /** TX state */
 166         enum tls_tx_state tx_state;
 167         /** TX process */
 168         struct process process;
 169
 170         /** RX sequence number */
 171         uint64_t rx_seq;
 172         /** RX state */
 173         enum tls_rx_state rx_state;
 174         /** Offset within current RX state */
 175         size_t rx_rcvd;
 176         /** Current received record header */
 177         struct tls_header rx_header;
 178         /** Current received raw data buffer */
 179         void *rx_data;
 180 };
 181
 182 extern int add_tls ( struct xfer_interface *xfer,
 183                      struct xfer_interface **next );
 184
 185 #endif /* _GPXE_TLS_H */