wpa_supplicant / hostapd 2.0

tlsv1_common.h

Go to the documentation of this file.
00001 
00010 #ifndef TLSV1_COMMON_H
00011 #define TLSV1_COMMON_H
00012 
00013 #include "crypto/crypto.h"
00014 
00015 #define TLS_VERSION_1 0x0301 /* TLSv1 */
00016 #define TLS_VERSION_1_1 0x0302 /* TLSv1.1 */
00017 #define TLS_VERSION_1_2 0x0303 /* TLSv1.2 */
00018 #ifdef CONFIG_TLSV12
00019 #define TLS_VERSION TLS_VERSION_1_2
00020 #else /* CONFIG_TLSV12 */
00021 #ifdef CONFIG_TLSV11
00022 #define TLS_VERSION TLS_VERSION_1_1
00023 #else /* CONFIG_TLSV11 */
00024 #define TLS_VERSION TLS_VERSION_1
00025 #endif /* CONFIG_TLSV11 */
00026 #endif /* CONFIG_TLSV12 */
00027 #define TLS_RANDOM_LEN 32
00028 #define TLS_PRE_MASTER_SECRET_LEN 48
00029 #define TLS_MASTER_SECRET_LEN 48
00030 #define TLS_SESSION_ID_MAX_LEN 32
00031 #define TLS_VERIFY_DATA_LEN 12
00032 
00033 /* HandshakeType */
00034 enum {
00035         TLS_HANDSHAKE_TYPE_HELLO_REQUEST = 0,
00036         TLS_HANDSHAKE_TYPE_CLIENT_HELLO = 1,
00037         TLS_HANDSHAKE_TYPE_SERVER_HELLO = 2,
00038         TLS_HANDSHAKE_TYPE_NEW_SESSION_TICKET = 4 /* RFC 4507 */,
00039         TLS_HANDSHAKE_TYPE_CERTIFICATE = 11,
00040         TLS_HANDSHAKE_TYPE_SERVER_KEY_EXCHANGE = 12,
00041         TLS_HANDSHAKE_TYPE_CERTIFICATE_REQUEST = 13,
00042         TLS_HANDSHAKE_TYPE_SERVER_HELLO_DONE = 14,
00043         TLS_HANDSHAKE_TYPE_CERTIFICATE_VERIFY = 15,
00044         TLS_HANDSHAKE_TYPE_CLIENT_KEY_EXCHANGE = 16,
00045         TLS_HANDSHAKE_TYPE_FINISHED = 20,
00046         TLS_HANDSHAKE_TYPE_CERTIFICATE_URL = 21 /* RFC 4366 */,
00047         TLS_HANDSHAKE_TYPE_CERTIFICATE_STATUS = 22 /* RFC 4366 */
00048 };
00049 
00050 /* CipherSuite */
00051 #define TLS_NULL_WITH_NULL_NULL                 0x0000 /* RFC 2246 */
00052 #define TLS_RSA_WITH_NULL_MD5                   0x0001 /* RFC 2246 */
00053 #define TLS_RSA_WITH_NULL_SHA                   0x0002 /* RFC 2246 */
00054 #define TLS_RSA_EXPORT_WITH_RC4_40_MD5          0x0003 /* RFC 2246 */
00055 #define TLS_RSA_WITH_RC4_128_MD5                0x0004 /* RFC 2246 */
00056 #define TLS_RSA_WITH_RC4_128_SHA                0x0005 /* RFC 2246 */
00057 #define TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5      0x0006 /* RFC 2246 */
00058 #define TLS_RSA_WITH_IDEA_CBC_SHA               0x0007 /* RFC 2246 */
00059 #define TLS_RSA_EXPORT_WITH_DES40_CBC_SHA       0x0008 /* RFC 2246 */
00060 #define TLS_RSA_WITH_DES_CBC_SHA                0x0009 /* RFC 2246 */
00061 #define TLS_RSA_WITH_3DES_EDE_CBC_SHA           0x000A /* RFC 2246 */
00062 #define TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA    0x000B /* RFC 2246 */
00063 #define TLS_DH_DSS_WITH_DES_CBC_SHA             0x000C /* RFC 2246 */
00064 #define TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA        0x000D /* RFC 2246 */
00065 #define TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA    0x000E /* RFC 2246 */
00066 #define TLS_DH_RSA_WITH_DES_CBC_SHA             0x000F /* RFC 2246 */
00067 #define TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA        0x0010 /* RFC 2246 */
00068 #define TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA   0x0011 /* RFC 2246 */
00069 #define TLS_DHE_DSS_WITH_DES_CBC_SHA            0x0012 /* RFC 2246 */
00070 #define TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA       0x0013 /* RFC 2246 */
00071 #define TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA   0x0014 /* RFC 2246 */
00072 #define TLS_DHE_RSA_WITH_DES_CBC_SHA            0x0015 /* RFC 2246 */
00073 #define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA       0x0016 /* RFC 2246 */
00074 #define TLS_DH_anon_EXPORT_WITH_RC4_40_MD5      0x0017 /* RFC 2246 */
00075 #define TLS_DH_anon_WITH_RC4_128_MD5            0x0018 /* RFC 2246 */
00076 #define TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA   0x0019 /* RFC 2246 */
00077 #define TLS_DH_anon_WITH_DES_CBC_SHA            0x001A /* RFC 2246 */
00078 #define TLS_DH_anon_WITH_3DES_EDE_CBC_SHA       0x001B /* RFC 2246 */
00079 #define TLS_RSA_WITH_AES_128_CBC_SHA            0x002F /* RFC 3268 */
00080 #define TLS_DH_DSS_WITH_AES_128_CBC_SHA         0x0030 /* RFC 3268 */
00081 #define TLS_DH_RSA_WITH_AES_128_CBC_SHA         0x0031 /* RFC 3268 */
00082 #define TLS_DHE_DSS_WITH_AES_128_CBC_SHA        0x0032 /* RFC 3268 */
00083 #define TLS_DHE_RSA_WITH_AES_128_CBC_SHA        0x0033 /* RFC 3268 */
00084 #define TLS_DH_anon_WITH_AES_128_CBC_SHA        0x0034 /* RFC 3268 */
00085 #define TLS_RSA_WITH_AES_256_CBC_SHA            0x0035 /* RFC 3268 */
00086 #define TLS_DH_DSS_WITH_AES_256_CBC_SHA         0x0036 /* RFC 3268 */
00087 #define TLS_DH_RSA_WITH_AES_256_CBC_SHA         0x0037 /* RFC 3268 */
00088 #define TLS_DHE_DSS_WITH_AES_256_CBC_SHA        0x0038 /* RFC 3268 */
00089 #define TLS_DHE_RSA_WITH_AES_256_CBC_SHA        0x0039 /* RFC 3268 */
00090 #define TLS_DH_anon_WITH_AES_256_CBC_SHA        0x003A /* RFC 3268 */
00091 #define TLS_RSA_WITH_NULL_SHA256                0x003B /* RFC 5246 */
00092 #define TLS_RSA_WITH_AES_128_CBC_SHA256         0x003C /* RFC 5246 */
00093 #define TLS_RSA_WITH_AES_256_CBC_SHA256         0x003D /* RFC 5246 */
00094 #define TLS_DH_DSS_WITH_AES_128_CBC_SHA256      0x003E /* RFC 5246 */
00095 #define TLS_DH_RSA_WITH_AES_128_CBC_SHA256      0x003F /* RFC 5246 */
00096 #define TLS_DHE_DSS_WITH_AES_128_CBC_SHA256     0x0040 /* RFC 5246 */
00097 #define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256     0x0067 /* RFC 5246 */
00098 #define TLS_DH_DSS_WITH_AES_256_CBC_SHA256      0x0068 /* RFC 5246 */
00099 #define TLS_DH_RSA_WITH_AES_256_CBC_SHA256      0x0069 /* RFC 5246 */
00100 #define TLS_DHE_DSS_WITH_AES_256_CBC_SHA256     0x006A /* RFC 5246 */
00101 #define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256     0x006B /* RFC 5246 */
00102 #define TLS_DH_anon_WITH_AES_128_CBC_SHA256     0x006C /* RFC 5246 */
00103 #define TLS_DH_anon_WITH_AES_256_CBC_SHA256     0x006D /* RFC 5246 */
00104 
00105 /* CompressionMethod */
00106 #define TLS_COMPRESSION_NULL 0
00107 
00108 /* HashAlgorithm */
00109 enum {
00110         TLS_HASH_ALG_NONE = 0,
00111         TLS_HASH_ALG_MD5 = 1,
00112         TLS_HASH_ALG_SHA1 = 2,
00113         TLS_HASH_ALG_SHA224 = 3,
00114         TLS_HASH_ALG_SHA256 = 4,
00115         TLS_HASH_ALG_SHA384 = 5,
00116         TLS_HASH_ALG_SHA512 = 6
00117 };
00118 
00119 /* SignatureAlgorithm */
00120 enum {
00121         TLS_SIGN_ALG_ANONYMOUS = 0,
00122         TLS_SIGN_ALG_RSA = 1,
00123         TLS_SIGN_ALG_DSA = 2,
00124         TLS_SIGN_ALG_ECDSA = 3,
00125 };
00126 
00127 /* AlertLevel */
00128 #define TLS_ALERT_LEVEL_WARNING 1
00129 #define TLS_ALERT_LEVEL_FATAL 2
00130 
00131 /* AlertDescription */
00132 #define TLS_ALERT_CLOSE_NOTIFY                  0
00133 #define TLS_ALERT_UNEXPECTED_MESSAGE            10
00134 #define TLS_ALERT_BAD_RECORD_MAC                20
00135 #define TLS_ALERT_DECRYPTION_FAILED             21
00136 #define TLS_ALERT_RECORD_OVERFLOW               22
00137 #define TLS_ALERT_DECOMPRESSION_FAILURE         30
00138 #define TLS_ALERT_HANDSHAKE_FAILURE             40
00139 #define TLS_ALERT_BAD_CERTIFICATE               42
00140 #define TLS_ALERT_UNSUPPORTED_CERTIFICATE       43
00141 #define TLS_ALERT_CERTIFICATE_REVOKED           44
00142 #define TLS_ALERT_CERTIFICATE_EXPIRED           45
00143 #define TLS_ALERT_CERTIFICATE_UNKNOWN           46
00144 #define TLS_ALERT_ILLEGAL_PARAMETER             47
00145 #define TLS_ALERT_UNKNOWN_CA                    48
00146 #define TLS_ALERT_ACCESS_DENIED                 49
00147 #define TLS_ALERT_DECODE_ERROR                  50
00148 #define TLS_ALERT_DECRYPT_ERROR                 51
00149 #define TLS_ALERT_EXPORT_RESTRICTION            60
00150 #define TLS_ALERT_PROTOCOL_VERSION              70
00151 #define TLS_ALERT_INSUFFICIENT_SECURITY         71
00152 #define TLS_ALERT_INTERNAL_ERROR                80
00153 #define TLS_ALERT_USER_CANCELED                 90
00154 #define TLS_ALERT_NO_RENEGOTIATION              100
00155 #define TLS_ALERT_UNSUPPORTED_EXTENSION         110 /* RFC 4366 */
00156 #define TLS_ALERT_CERTIFICATE_UNOBTAINABLE      111 /* RFC 4366 */
00157 #define TLS_ALERT_UNRECOGNIZED_NAME             112 /* RFC 4366 */
00158 #define TLS_ALERT_BAD_CERTIFICATE_STATUS_RESPONSE       113 /* RFC 4366 */
00159 #define TLS_ALERT_BAD_CERTIFICATE_HASH_VALUE    114 /* RFC 4366 */
00160 
00161 /* ChangeCipherSpec */
00162 enum {
00163         TLS_CHANGE_CIPHER_SPEC = 1
00164 };
00165 
00166 /* TLS Extensions */
00167 #define TLS_EXT_SERVER_NAME                     0 /* RFC 4366 */
00168 #define TLS_EXT_MAX_FRAGMENT_LENGTH             1 /* RFC 4366 */
00169 #define TLS_EXT_CLIENT_CERTIFICATE_URL          2 /* RFC 4366 */
00170 #define TLS_EXT_TRUSTED_CA_KEYS                 3 /* RFC 4366 */
00171 #define TLS_EXT_TRUNCATED_HMAC                  4 /* RFC 4366 */
00172 #define TLS_EXT_STATUS_REQUEST                  5 /* RFC 4366 */
00173 #define TLS_EXT_SESSION_TICKET                  35 /* RFC 4507 */
00174 
00175 #define TLS_EXT_PAC_OPAQUE TLS_EXT_SESSION_TICKET /* EAP-FAST terminology */
00176 
00177 
00178 typedef enum {
00179         TLS_KEY_X_NULL,
00180         TLS_KEY_X_RSA,
00181         TLS_KEY_X_RSA_EXPORT,
00182         TLS_KEY_X_DH_DSS_EXPORT,
00183         TLS_KEY_X_DH_DSS,
00184         TLS_KEY_X_DH_RSA_EXPORT,
00185         TLS_KEY_X_DH_RSA,
00186         TLS_KEY_X_DHE_DSS_EXPORT,
00187         TLS_KEY_X_DHE_DSS,
00188         TLS_KEY_X_DHE_RSA_EXPORT,
00189         TLS_KEY_X_DHE_RSA,
00190         TLS_KEY_X_DH_anon_EXPORT,
00191         TLS_KEY_X_DH_anon
00192 } tls_key_exchange;
00193 
00194 typedef enum {
00195         TLS_CIPHER_NULL,
00196         TLS_CIPHER_RC4_40,
00197         TLS_CIPHER_RC4_128,
00198         TLS_CIPHER_RC2_CBC_40,
00199         TLS_CIPHER_IDEA_CBC,
00200         TLS_CIPHER_DES40_CBC,
00201         TLS_CIPHER_DES_CBC,
00202         TLS_CIPHER_3DES_EDE_CBC,
00203         TLS_CIPHER_AES_128_CBC,
00204         TLS_CIPHER_AES_256_CBC
00205 } tls_cipher;
00206 
00207 typedef enum {
00208         TLS_HASH_NULL,
00209         TLS_HASH_MD5,
00210         TLS_HASH_SHA,
00211         TLS_HASH_SHA256
00212 } tls_hash;
00213 
00214 struct tls_cipher_suite {
00215         u16 suite;
00216         tls_key_exchange key_exchange;
00217         tls_cipher cipher;
00218         tls_hash hash;
00219 };
00220 
00221 typedef enum {
00222         TLS_CIPHER_STREAM,
00223         TLS_CIPHER_BLOCK
00224 } tls_cipher_type;
00225 
00226 struct tls_cipher_data {
00227         tls_cipher cipher;
00228         tls_cipher_type type;
00229         size_t key_material;
00230         size_t expanded_key_material;
00231         size_t block_size; /* also iv_size */
00232         enum crypto_cipher_alg alg;
00233 };
00234 
00235 
00236 struct tls_verify_hash {
00237         struct crypto_hash *md5_client;
00238         struct crypto_hash *sha1_client;
00239         struct crypto_hash *sha256_client;
00240         struct crypto_hash *md5_server;
00241         struct crypto_hash *sha1_server;
00242         struct crypto_hash *sha256_server;
00243         struct crypto_hash *md5_cert;
00244         struct crypto_hash *sha1_cert;
00245         struct crypto_hash *sha256_cert;
00246 };
00247 
00248 
00249 const struct tls_cipher_suite * tls_get_cipher_suite(u16 suite);
00250 const struct tls_cipher_data * tls_get_cipher_data(tls_cipher cipher);
00251 int tls_server_key_exchange_allowed(tls_cipher cipher);
00252 int tls_parse_cert(const u8 *buf, size_t len, struct crypto_public_key **pk);
00253 int tls_verify_hash_init(struct tls_verify_hash *verify);
00254 void tls_verify_hash_add(struct tls_verify_hash *verify, const u8 *buf,
00255                          size_t len);
00256 void tls_verify_hash_free(struct tls_verify_hash *verify);
00257 int tls_version_ok(u16 ver);
00258 const char * tls_version_str(u16 ver);
00259 int tls_prf(u16 ver, const u8 *secret, size_t secret_len, const char *label,
00260             const u8 *seed, size_t seed_len, u8 *out, size_t outlen);
00261 
00262 #endif /* TLSV1_COMMON_H */
00263
 All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Defines
Generated on Tue Apr 24 2012 20:38:32 for wpa_supplicant / hostapd by  doxygen 1.7.3