iPXE
Data Structures | Macros | Enumerations | Functions | Variables
tls.h File Reference

Transport Layer Security Protocol. More...

#include <stdint.h>
#include <ipxe/refcnt.h>
#include <ipxe/interface.h>
#include <ipxe/process.h>
#include <ipxe/crypto.h>
#include <ipxe/md5.h>
#include <ipxe/sha1.h>
#include <ipxe/x509.h>
#include <ipxe/privkey.h>
#include <ipxe/pending.h>
#include <ipxe/iobuf.h>
#include <ipxe/tables.h>

Go to the source code of this file.

Data Structures

struct  tls_header
 A TLS header. More...
 
struct  tls_auth_header
 TLS authentication header. More...
 
struct  tls_verify_data
 TLS verification data. More...
 
struct  tls_key_exchange_algorithm
 A TLS key exchange algorithm. More...
 
struct  tls_cipher_suite
 A TLS cipher suite. More...
 
struct  tls_named_curve
 A TLS named curve. More...
 
struct  tls_cipherspec
 A TLS cipher specification. More...
 
struct  tls_cipherspec_pair
 A TLS cipher specification pair. More...
 
struct  tls_signature_hash_id
 A TLS signature and hash algorithm identifier. More...
 
struct  tls_signature_hash_algorithm
 A TLS signature algorithm. More...
 
struct  tls_client_random
 TLS client random data. More...
 
struct  md5_sha1_context
 An MD5+SHA1 context. More...
 
struct  md5_sha1_digest
 An MD5+SHA1 digest. More...
 
struct  tls_session
 A TLS session. More...
 
struct  tls_tx
 TLS transmit state. More...
 
struct  tls_rx
 TLS receive state. More...
 
struct  tls_client
 TLS client state. More...
 
struct  tls_server
 TLS server state. More...
 
struct  tls_connection
 A TLS connection. More...
 

Macros

#define TLS_VERSION_TLS_1_1   0x0302
 TLS version 1.1. More...
 
#define TLS_VERSION_TLS_1_2   0x0303
 TLS version 1.2. More...
 
#define TLS_VERSION_MAX   TLS_VERSION_TLS_1_2
 Maximum supported TLS version. More...
 
#define TLS_TYPE_CHANGE_CIPHER   20
 Change cipher content type. More...
 
#define TLS_CHANGE_CIPHER_SPEC   1
 Change cipher spec magic byte. More...
 
#define TLS_TYPE_ALERT   21
 Alert content type. More...
 
#define TLS_TYPE_HANDSHAKE   22
 Handshake content type. More...
 
#define TLS_TYPE_DATA   23
 Application data content type. More...
 
#define TLS_HELLO_REQUEST   0
 
#define TLS_CLIENT_HELLO   1
 
#define TLS_SERVER_HELLO   2
 
#define TLS_NEW_SESSION_TICKET   4
 
#define TLS_CERTIFICATE   11
 
#define TLS_SERVER_KEY_EXCHANGE   12
 
#define TLS_CERTIFICATE_REQUEST   13
 
#define TLS_SERVER_HELLO_DONE   14
 
#define TLS_CERTIFICATE_VERIFY   15
 
#define TLS_CLIENT_KEY_EXCHANGE   16
 
#define TLS_FINISHED   20
 
#define TLS_ALERT_WARNING   1
 
#define TLS_ALERT_FATAL   2
 
#define TLS_RSA_WITH_NULL_MD5   0x0001
 
#define TLS_RSA_WITH_NULL_SHA   0x0002
 
#define TLS_RSA_WITH_AES_128_CBC_SHA   0x002f
 
#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA   0x0033
 
#define TLS_RSA_WITH_AES_256_CBC_SHA   0x0035
 
#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA   0x0039
 
#define TLS_RSA_WITH_AES_128_CBC_SHA256   0x003c
 
#define TLS_RSA_WITH_AES_256_CBC_SHA256   0x003d
 
#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256   0x0067
 
#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256   0x006b
 
#define TLS_RSA_WITH_AES_128_GCM_SHA256   0x009c
 
#define TLS_RSA_WITH_AES_256_GCM_SHA384   0x009d
 
#define TLS_DHE_RSA_WITH_AES_128_GCM_SHA256   0x009e
 
#define TLS_DHE_RSA_WITH_AES_256_GCM_SHA384   0x009f
 
#define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA   0xc013
 
#define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA   0xc014
 
#define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256   0xc027
 
#define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384   0xc028
 
#define TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   0xc02f
 
#define TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384   0xc030
 
#define TLS_MD5_ALGORITHM   1
 
#define TLS_SHA1_ALGORITHM   2
 
#define TLS_SHA224_ALGORITHM   3
 
#define TLS_SHA256_ALGORITHM   4
 
#define TLS_SHA384_ALGORITHM   5
 
#define TLS_SHA512_ALGORITHM   6
 
#define TLS_RSA_ALGORITHM   1
 
#define TLS_SERVER_NAME   0
 
#define TLS_SERVER_NAME_HOST_NAME   0
 
#define TLS_MAX_FRAGMENT_LENGTH   1
 
#define TLS_MAX_FRAGMENT_LENGTH_512   1
 
#define TLS_MAX_FRAGMENT_LENGTH_1024   2
 
#define TLS_MAX_FRAGMENT_LENGTH_2048   3
 
#define TLS_MAX_FRAGMENT_LENGTH_4096   4
 
#define TLS_NAMED_CURVE   10
 
#define TLS_NAMED_CURVE_SECP256R1   23
 
#define TLS_NAMED_CURVE_SECP384R1   24
 
#define TLS_NAMED_CURVE_X25519   29
 
#define TLS_SIGNATURE_ALGORITHMS   13
 
#define TLS_SESSION_TICKET   35
 
#define TLS_RENEGOTIATION_INFO   0xff01
 
#define TLS_CIPHER_SUITES   __table ( struct tls_cipher_suite, "tls_cipher_suites" )
 TLS cipher suite table. More...
 
#define __tls_cipher_suite(pref)   __table_entry ( TLS_CIPHER_SUITES, pref )
 Declare a TLS cipher suite. More...
 
#define TLS_NAMED_CURVE_TYPE   3
 TLS named curved type. More...
 
#define TLS_POINT_FORMAT_UNCOMPRESSED   4
 TLS uncompressed curve point format. More...
 
#define TLS_NAMED_CURVES   __table ( struct tls_named_curve, "tls_named_curves" )
 TLS named curve table. More...
 
#define __tls_named_curve(pref)   __table_entry ( TLS_NAMED_CURVES, pref )
 Declare a TLS named curve. More...
 
#define TLS_SIG_HASH_ALGORITHMS
 TLS signature hash algorithm table. More...
 
#define __tls_sig_hash_algorithm   __table_entry ( TLS_SIG_HASH_ALGORITHMS, 01 )
 Declare a TLS signature hash algorithm. More...
 
#define MD5_SHA1_CTX_SIZE   sizeof ( struct md5_sha1_context )
 MD5+SHA1 context size. More...
 
#define MD5_SHA1_DIGEST_SIZE   sizeof ( struct md5_sha1_digest )
 MD5+SHA1 digest size. More...
 
#define TLS_RX_BUFSIZE   4096
 RX I/O buffer size. More...
 
#define TLS_RX_MIN_BUFSIZE   512
 Minimum RX I/O buffer size. More...
 
#define TLS_RX_ALIGN   16
 RX I/O buffer alignment. More...
 

Enumerations

enum  tls_rx_state { TLS_RX_HEADER = 0, TLS_RX_DATA }
 TLS RX state machine state. More...
 
enum  tls_tx_pending {
  TLS_TX_CLIENT_HELLO = 0x0001, TLS_TX_CERTIFICATE = 0x0002, TLS_TX_CLIENT_KEY_EXCHANGE = 0x0004, TLS_TX_CERTIFICATE_VERIFY = 0x0008,
  TLS_TX_CHANGE_CIPHER = 0x0010, TLS_TX_FINISHED = 0x0020
}
 TLS TX pending flags. More...
 

Functions

 FILE_LICENCE (GPL2_OR_LATER_OR_UBDL)
 
int add_tls (struct interface *xfer, const char *name, struct x509_root *root, struct private_key *key)
 Add TLS on an interface. More...
 

Variables

struct tls_key_exchange_algorithm tls_pubkey_exchange_algorithm
 Public key exchange algorithm. More...
 
struct tls_key_exchange_algorithm tls_dhe_exchange_algorithm
 Ephemeral Diffie-Hellman key exchange algorithm. More...
 
struct tls_key_exchange_algorithm tls_ecdhe_exchange_algorithm
 Ephemeral Elliptic Curve Diffie-Hellman key exchange algorithm. More...
 

Detailed Description

Transport Layer Security Protocol.

Definition in file tls.h.

Macro Definition Documentation

◆ TLS_VERSION_TLS_1_1

#define TLS_VERSION_TLS_1_1   0x0302

TLS version 1.1.

Definition at line 44 of file tls.h.

◆ TLS_VERSION_TLS_1_2

#define TLS_VERSION_TLS_1_2   0x0303

TLS version 1.2.

Definition at line 47 of file tls.h.

◆ TLS_VERSION_MAX

#define TLS_VERSION_MAX   TLS_VERSION_TLS_1_2

Maximum supported TLS version.

Definition at line 50 of file tls.h.

◆ TLS_TYPE_CHANGE_CIPHER

#define TLS_TYPE_CHANGE_CIPHER   20

Change cipher content type.

Definition at line 53 of file tls.h.

◆ TLS_CHANGE_CIPHER_SPEC

#define TLS_CHANGE_CIPHER_SPEC   1

Change cipher spec magic byte.

Definition at line 56 of file tls.h.

◆ TLS_TYPE_ALERT

#define TLS_TYPE_ALERT   21

Alert content type.

Definition at line 59 of file tls.h.

◆ TLS_TYPE_HANDSHAKE

#define TLS_TYPE_HANDSHAKE   22

Handshake content type.

Definition at line 62 of file tls.h.

◆ TLS_TYPE_DATA

#define TLS_TYPE_DATA   23

Application data content type.

Definition at line 65 of file tls.h.

◆ TLS_HELLO_REQUEST

#define TLS_HELLO_REQUEST   0

Definition at line 68 of file tls.h.

◆ TLS_CLIENT_HELLO

#define TLS_CLIENT_HELLO   1

Definition at line 69 of file tls.h.

◆ TLS_SERVER_HELLO

#define TLS_SERVER_HELLO   2

Definition at line 70 of file tls.h.

◆ TLS_NEW_SESSION_TICKET

#define TLS_NEW_SESSION_TICKET   4

Definition at line 71 of file tls.h.

◆ TLS_CERTIFICATE

#define TLS_CERTIFICATE   11

Definition at line 72 of file tls.h.

◆ TLS_SERVER_KEY_EXCHANGE

#define TLS_SERVER_KEY_EXCHANGE   12

Definition at line 73 of file tls.h.

◆ TLS_CERTIFICATE_REQUEST

#define TLS_CERTIFICATE_REQUEST   13

Definition at line 74 of file tls.h.

◆ TLS_SERVER_HELLO_DONE

#define TLS_SERVER_HELLO_DONE   14

Definition at line 75 of file tls.h.

◆ TLS_CERTIFICATE_VERIFY

#define TLS_CERTIFICATE_VERIFY   15

Definition at line 76 of file tls.h.

◆ TLS_CLIENT_KEY_EXCHANGE

#define TLS_CLIENT_KEY_EXCHANGE   16

Definition at line 77 of file tls.h.

◆ TLS_FINISHED

#define TLS_FINISHED   20

Definition at line 78 of file tls.h.

◆ TLS_ALERT_WARNING

#define TLS_ALERT_WARNING   1

Definition at line 81 of file tls.h.

◆ TLS_ALERT_FATAL

#define TLS_ALERT_FATAL   2

Definition at line 82 of file tls.h.

◆ TLS_RSA_WITH_NULL_MD5

#define TLS_RSA_WITH_NULL_MD5   0x0001

Definition at line 85 of file tls.h.

◆ TLS_RSA_WITH_NULL_SHA

#define TLS_RSA_WITH_NULL_SHA   0x0002

Definition at line 86 of file tls.h.

◆ TLS_RSA_WITH_AES_128_CBC_SHA

#define TLS_RSA_WITH_AES_128_CBC_SHA   0x002f

Definition at line 87 of file tls.h.

◆ TLS_DHE_RSA_WITH_AES_128_CBC_SHA

#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA   0x0033

Definition at line 88 of file tls.h.

◆ TLS_RSA_WITH_AES_256_CBC_SHA

#define TLS_RSA_WITH_AES_256_CBC_SHA   0x0035

Definition at line 89 of file tls.h.

◆ TLS_DHE_RSA_WITH_AES_256_CBC_SHA

#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA   0x0039

Definition at line 90 of file tls.h.

◆ TLS_RSA_WITH_AES_128_CBC_SHA256

#define TLS_RSA_WITH_AES_128_CBC_SHA256   0x003c

Definition at line 91 of file tls.h.

◆ TLS_RSA_WITH_AES_256_CBC_SHA256

#define TLS_RSA_WITH_AES_256_CBC_SHA256   0x003d

Definition at line 92 of file tls.h.

◆ TLS_DHE_RSA_WITH_AES_128_CBC_SHA256

#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256   0x0067

Definition at line 93 of file tls.h.

◆ TLS_DHE_RSA_WITH_AES_256_CBC_SHA256

#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256   0x006b

Definition at line 94 of file tls.h.

◆ TLS_RSA_WITH_AES_128_GCM_SHA256

#define TLS_RSA_WITH_AES_128_GCM_SHA256   0x009c

Definition at line 95 of file tls.h.

◆ TLS_RSA_WITH_AES_256_GCM_SHA384

#define TLS_RSA_WITH_AES_256_GCM_SHA384   0x009d

Definition at line 96 of file tls.h.

◆ TLS_DHE_RSA_WITH_AES_128_GCM_SHA256

#define TLS_DHE_RSA_WITH_AES_128_GCM_SHA256   0x009e

Definition at line 97 of file tls.h.

◆ TLS_DHE_RSA_WITH_AES_256_GCM_SHA384

#define TLS_DHE_RSA_WITH_AES_256_GCM_SHA384   0x009f

Definition at line 98 of file tls.h.

◆ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

#define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA   0xc013

Definition at line 99 of file tls.h.

◆ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

#define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA   0xc014

Definition at line 100 of file tls.h.

◆ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

#define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256   0xc027

Definition at line 101 of file tls.h.

◆ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

#define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384   0xc028

Definition at line 102 of file tls.h.

◆ TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

#define TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   0xc02f

Definition at line 103 of file tls.h.

◆ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

#define TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384   0xc030

Definition at line 104 of file tls.h.

◆ TLS_MD5_ALGORITHM

#define TLS_MD5_ALGORITHM   1

Definition at line 107 of file tls.h.

◆ TLS_SHA1_ALGORITHM

#define TLS_SHA1_ALGORITHM   2

Definition at line 108 of file tls.h.

◆ TLS_SHA224_ALGORITHM

#define TLS_SHA224_ALGORITHM   3

Definition at line 109 of file tls.h.

◆ TLS_SHA256_ALGORITHM

#define TLS_SHA256_ALGORITHM   4

Definition at line 110 of file tls.h.

◆ TLS_SHA384_ALGORITHM

#define TLS_SHA384_ALGORITHM   5

Definition at line 111 of file tls.h.

◆ TLS_SHA512_ALGORITHM

#define TLS_SHA512_ALGORITHM   6

Definition at line 112 of file tls.h.

◆ TLS_RSA_ALGORITHM

#define TLS_RSA_ALGORITHM   1

Definition at line 115 of file tls.h.

◆ TLS_SERVER_NAME

#define TLS_SERVER_NAME   0

Definition at line 118 of file tls.h.

◆ TLS_SERVER_NAME_HOST_NAME

#define TLS_SERVER_NAME_HOST_NAME   0

Definition at line 119 of file tls.h.

◆ TLS_MAX_FRAGMENT_LENGTH

#define TLS_MAX_FRAGMENT_LENGTH   1

Definition at line 122 of file tls.h.

◆ TLS_MAX_FRAGMENT_LENGTH_512

#define TLS_MAX_FRAGMENT_LENGTH_512   1

Definition at line 123 of file tls.h.

◆ TLS_MAX_FRAGMENT_LENGTH_1024

#define TLS_MAX_FRAGMENT_LENGTH_1024   2

Definition at line 124 of file tls.h.

◆ TLS_MAX_FRAGMENT_LENGTH_2048

#define TLS_MAX_FRAGMENT_LENGTH_2048   3

Definition at line 125 of file tls.h.

◆ TLS_MAX_FRAGMENT_LENGTH_4096

#define TLS_MAX_FRAGMENT_LENGTH_4096   4

Definition at line 126 of file tls.h.

◆ TLS_NAMED_CURVE

#define TLS_NAMED_CURVE   10

Definition at line 129 of file tls.h.

◆ TLS_NAMED_CURVE_SECP256R1

#define TLS_NAMED_CURVE_SECP256R1   23

Definition at line 130 of file tls.h.

◆ TLS_NAMED_CURVE_SECP384R1

#define TLS_NAMED_CURVE_SECP384R1   24

Definition at line 131 of file tls.h.

◆ TLS_NAMED_CURVE_X25519

#define TLS_NAMED_CURVE_X25519   29

Definition at line 132 of file tls.h.

◆ TLS_SIGNATURE_ALGORITHMS

#define TLS_SIGNATURE_ALGORITHMS   13

Definition at line 135 of file tls.h.

◆ TLS_SESSION_TICKET

#define TLS_SESSION_TICKET   35

Definition at line 138 of file tls.h.

◆ TLS_RENEGOTIATION_INFO

#define TLS_RENEGOTIATION_INFO   0xff01

Definition at line 141 of file tls.h.

◆ TLS_CIPHER_SUITES

#define TLS_CIPHER_SUITES   __table ( struct tls_cipher_suite, "tls_cipher_suites" )

TLS cipher suite table.

Definition at line 213 of file tls.h.

◆ __tls_cipher_suite

#define __tls_cipher_suite (   pref)    __table_entry ( TLS_CIPHER_SUITES, pref )

Declare a TLS cipher suite.

Definition at line 217 of file tls.h.

◆ TLS_NAMED_CURVE_TYPE

#define TLS_NAMED_CURVE_TYPE   3

TLS named curved type.

Definition at line 221 of file tls.h.

◆ TLS_POINT_FORMAT_UNCOMPRESSED

#define TLS_POINT_FORMAT_UNCOMPRESSED   4

TLS uncompressed curve point format.

Definition at line 224 of file tls.h.

◆ TLS_NAMED_CURVES

#define TLS_NAMED_CURVES   __table ( struct tls_named_curve, "tls_named_curves" )

TLS named curve table.

Definition at line 239 of file tls.h.

◆ __tls_named_curve

#define __tls_named_curve (   pref)    __table_entry ( TLS_NAMED_CURVES, pref )

Declare a TLS named curve.

Definition at line 243 of file tls.h.

◆ TLS_SIG_HASH_ALGORITHMS

#define TLS_SIG_HASH_ALGORITHMS
Value:
__table ( struct tls_signature_hash_algorithm, \
"tls_sig_hash_algorithms" )
__table
#define __table(type, name)
Declare a linker table.
Definition: tables.h:179
tls_signature_hash_algorithm
A TLS signature algorithm.
Definition: tls.h:277

TLS signature hash algorithm table.

Note that the default (TLSv1.1 and earlier) algorithm using MD5+SHA1 is never explicitly specified.

Definition at line 291 of file tls.h.

◆ __tls_sig_hash_algorithm

#define __tls_sig_hash_algorithm   __table_entry ( TLS_SIG_HASH_ALGORITHMS, 01 )

Declare a TLS signature hash algorithm.

Definition at line 296 of file tls.h.

◆ MD5_SHA1_CTX_SIZE

#define MD5_SHA1_CTX_SIZE   sizeof ( struct md5_sha1_context )

MD5+SHA1 context size.

Definition at line 316 of file tls.h.

◆ MD5_SHA1_DIGEST_SIZE

#define MD5_SHA1_DIGEST_SIZE   sizeof ( struct md5_sha1_digest )

MD5+SHA1 digest size.

Definition at line 327 of file tls.h.

◆ TLS_RX_BUFSIZE

#define TLS_RX_BUFSIZE   4096

RX I/O buffer size.

The maximum fragment length extension is optional, and many common implementations (including OpenSSL) do not support it. We must therefore be prepared to receive records of up to 16kB in length. The chance of an allocation of this size failing is non-negligible, so we must split received data into smaller allocations.

Definition at line 476 of file tls.h.

◆ TLS_RX_MIN_BUFSIZE

#define TLS_RX_MIN_BUFSIZE   512

Minimum RX I/O buffer size.

To simplify manipulations, we ensure that no RX I/O buffer is smaller than this size. This allows us to assume that the MAC and padding are entirely contained within the final I/O buffer.

Definition at line 484 of file tls.h.

◆ TLS_RX_ALIGN

#define TLS_RX_ALIGN   16

RX I/O buffer alignment.

Definition at line 487 of file tls.h.

Enumeration Type Documentation

◆ tls_rx_state

enum tls_rx_state

TLS RX state machine state.

Enumerator
TLS_RX_HEADER 
TLS_RX_DATA 

Definition at line 160 of file tls.h.

160  {
161  TLS_RX_HEADER = 0,
162  TLS_RX_DATA,
163 };

◆ tls_tx_pending

enum tls_tx_pending

TLS TX pending flags.

Enumerator
TLS_TX_CLIENT_HELLO 
TLS_TX_CERTIFICATE 
TLS_TX_CLIENT_KEY_EXCHANGE 
TLS_TX_CERTIFICATE_VERIFY 
TLS_TX_CHANGE_CIPHER 
TLS_TX_FINISHED 

Definition at line 166 of file tls.h.

166  {
167  TLS_TX_CLIENT_HELLO = 0x0001,
168  TLS_TX_CERTIFICATE = 0x0002,
169  TLS_TX_CLIENT_KEY_EXCHANGE = 0x0004,
170  TLS_TX_CERTIFICATE_VERIFY = 0x0008,
171  TLS_TX_CHANGE_CIPHER = 0x0010,
172  TLS_TX_FINISHED = 0x0020,
173 };

Function Documentation

◆ FILE_LICENCE()

FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL  )

◆ add_tls()

int add_tls ( struct interface xfer,
const char *  name,
struct x509_root root,
struct private_key key 
)

Add TLS on an interface.

Parameters
xferData transfer interface
nameHost name
rootRoot of trust (or NULL to use default)
keyPrivate key (or NULL to use default)
Return values
rcReturn status code

Definition at line 3812 of file tls.c.

3813  {
3814  struct tls_connection *tls;
3815  int rc;
3816 
3817  /* Allocate and initialise TLS structure */
3818  tls = malloc ( sizeof ( *tls ) );
3819  if ( ! tls ) {
3820  rc = -ENOMEM;
3821  goto err_alloc;
3822  }
3823  memset ( tls, 0, sizeof ( *tls ) );
3824  ref_init ( &tls->refcnt, free_tls );
3825  INIT_LIST_HEAD ( &tls->list );
3826  intf_init ( &tls->plainstream, &tls_plainstream_desc, &tls->refcnt );
3827  intf_init ( &tls->cipherstream, &tls_cipherstream_desc, &tls->refcnt );
3828  intf_init ( &tls->server.validator, &tls_validator_desc, &tls->refcnt );
3829  process_init_stopped ( &tls->tx.process, &tls_process_desc,
3830  &tls->refcnt );
3831  tls->client.key = privkey_get ( key ? key : &private_key );
3832  tls->server.root = x509_root_get ( root ? root : &root_certificates );
3833  tls->version = TLS_VERSION_MAX;
3834  tls_clear_cipher ( tls, &tls->tx.cipherspec.active );
3835  tls_clear_cipher ( tls, &tls->tx.cipherspec.pending );
3836  tls_clear_cipher ( tls, &tls->rx.cipherspec.active );
3837  tls_clear_cipher ( tls, &tls->rx.cipherspec.pending );
3838  tls_clear_handshake ( tls );
3839  tls->client.random.gmt_unix_time = time ( NULL );
3840  iob_populate ( &tls->rx.iobuf, &tls->rx.header, 0,
3841  sizeof ( tls->rx.header ) );
3842  INIT_LIST_HEAD ( &tls->rx.data );
3843  if ( ( rc = tls_generate_random ( tls, &tls->client.random.random,
3844  ( sizeof ( tls->client.random.random ) ) ) ) != 0 ) {
3845  goto err_random;
3846  }
3847  if ( ( rc = tls_session ( tls, name ) ) != 0 )
3848  goto err_session;
3849  list_add_tail ( &tls->list, &tls->session->conn );
3850 
3851  /* Start negotiation */
3852  tls_restart ( tls );
3853 
3854  /* Attach to parent interface, mortalise self, and return */
3855  intf_insert ( xfer, &tls->plainstream, &tls->cipherstream );
3856  ref_put ( &tls->refcnt );
3857  return 0;
3858 
3859  err_session:
3860  err_random:
3861  ref_put ( &tls->refcnt );
3862  err_alloc:
3863  return rc;
3864 }
free_tls
static void free_tls(struct refcnt *refcnt)
Free TLS connection.
Definition: tls.c:377
tls_rx::header
struct tls_header header
Current received record header.
Definition: tls.h:379
rc
struct arbelprm_rc_send_wqe rc
Definition: arbel.h:14
name
const char * name
Definition: ath9k_hw.c:1984
tls_tx::process
struct process process
Transmit process.
Definition: tls.h:367
tls_connection::session
struct tls_session * session
Session.
Definition: tls.h:428
tls_rx::data
struct list_head data
List of received data buffers.
Definition: tls.h:383
tls_restart
static void tls_restart(struct tls_connection *tls)
Restart negotiation.
Definition: tls.c:1103
root
struct stp_switch root
Root switch.
Definition: stp.h:26
ref_init
#define ref_init(refcnt, free)
Initialise a reference counter.
Definition: refcnt.h:64
tls_connection::refcnt
struct refcnt refcnt
Reference counter.
Definition: tls.h:425
tls_rx::cipherspec
struct tls_cipherspec_pair cipherspec
Cipher specifications.
Definition: tls.h:373
root_certificates
struct x509_root root_certificates
Root certificates.
Definition: rootcert.c:73
privkey_get
static struct private_key * privkey_get(struct private_key *key)
Get reference to private key.
Definition: privkey.h:30
iob_populate
static void iob_populate(struct io_buffer *iobuf, void *data, size_t len, size_t max_len)
Create a temporary I/O buffer.
Definition: iobuf.h:190
tls_cipherstream_desc
static struct interface_descriptor tls_cipherstream_desc
TLS ciphertext stream interface descriptor.
Definition: tls.c:3537
tls_validator_desc
static struct interface_descriptor tls_validator_desc
TLS certificate validator interface descriptor.
Definition: tls.c:3610
tls_client::key
struct private_key * key
Private key (if used)
Definition: tls.h:393
tls_connection::server
struct tls_server server
Server state.
Definition: tls.h:465
ENOMEM
#define ENOMEM
Not enough space.
Definition: errno.h:534
tls_connection::client
struct tls_client client
Client state.
Definition: tls.h:463
list_add_tail
#define list_add_tail(new, head)
Add a new entry to the tail of a list.
Definition: list.h:93
tls_connection::list
struct list_head list
List of connections within the same session.
Definition: tls.h:430
tls_client_random::gmt_unix_time
uint32_t gmt_unix_time
GMT Unix time.
Definition: tls.h:302
x509_root_get
static struct x509_root * x509_root_get(struct x509_root *root)
Get reference to X.509 root certificate list.
Definition: x509.h:392
tls_tx::cipherspec
struct tls_cipherspec_pair cipherspec
Cipher specifications.
Definition: tls.h:361
tls_connection::cipherstream
struct interface cipherstream
Ciphertext stream.
Definition: tls.h:443
process_init_stopped
static void process_init_stopped(struct process *process, struct process_descriptor *desc, struct refcnt *refcnt)
Initialise process without adding to process list.
Definition: process.h:145
tls_cipherspec_pair::pending
struct tls_cipherspec pending
Next cipher specification.
Definition: tls.h:265
malloc
void * malloc(size_t size)
Allocate memory.
Definition: malloc.c:599
tls_connection::rx
struct tls_rx rx
Receive state.
Definition: tls.h:461
TLS_VERSION_MAX
#define TLS_VERSION_MAX
Maximum supported TLS version.
Definition: tls.h:50
tls_connection::tx
struct tls_tx tx
Transmit state.
Definition: tls.h:459
tls_plainstream_desc
static struct interface_descriptor tls_plainstream_desc
TLS plaintext stream interface descriptor.
Definition: tls.c:3322
intf_insert
void intf_insert(struct interface *intf, struct interface *upper, struct interface *lower)
Insert a filter interface.
Definition: interface.c:401
INIT_LIST_HEAD
#define INIT_LIST_HEAD(list)
Initialise a list head.
Definition: list.h:45
tls_client_random::random
uint8_t random[28]
Random data.
Definition: tls.h:304
tls_session
A TLS session.
Definition: tls.h:330
tls_process_desc
static struct process_descriptor tls_process_desc
TLS TX process descriptor.
Definition: tls.c:3735
tls_rx::iobuf
struct io_buffer iobuf
Current received record header (static I/O buffer)
Definition: tls.h:381
tls_server::validator
struct interface validator
Certificate validator.
Definition: tls.h:415
tls_connection::version
uint16_t version
Protocol version.
Definition: tls.h:446
tls_clear_handshake
static void tls_clear_handshake(struct tls_connection *tls)
Clear handshake digest algorithm.
Definition: tls.c:750
tls_cipherspec_pair::active
struct tls_cipherspec active
Current cipher specification.
Definition: tls.h:263
private_key
A private key.
Definition: privkey.h:16
tls_connection
A TLS connection.
Definition: tls.h:423
tls_clear_cipher
static void tls_clear_cipher(struct tls_connection *tls, struct tls_cipherspec *cipherspec)
tls_client::random
struct tls_client_random random
Random bytes.
Definition: tls.h:391
tls_session::conn
struct list_head conn
List of connections.
Definition: tls.h:355
tls_generate_random
static int tls_generate_random(struct tls_connection *tls, void *data, size_t len)
Generate random data.
Definition: tls.c:454
intf_init
static void intf_init(struct interface *intf, struct interface_descriptor *desc, struct refcnt *refcnt)
Initialise an object interface.
Definition: interface.h:203
tls_connection::plainstream
struct interface plainstream
Plaintext stream.
Definition: tls.h:441
NULL
#define NULL
NULL pointer (VOID *)
Definition: Base.h:321
key
union @383 key
Sense key.
Definition: scsi.h:18
ref_put
#define ref_put(refcnt)
Drop reference to object.
Definition: refcnt.h:106
memset
void * memset(void *dest, int character, size_t len) __nonnull
tls_server::root
struct x509_root * root
Root of trust.
Definition: tls.h:409

References tls_cipherspec_pair::active, tls_tx::cipherspec, tls_rx::cipherspec, tls_connection::cipherstream, tls_connection::client, tls_session::conn, tls_rx::data, ENOMEM, free_tls(), tls_client_random::gmt_unix_time, tls_rx::header, INIT_LIST_HEAD, intf_init(), intf_insert(), iob_populate(), tls_rx::iobuf, key, tls_client::key, tls_connection::list, list_add_tail, malloc(), memset(), name, NULL, tls_cipherspec_pair::pending, tls_connection::plainstream, privkey_get(), tls_tx::process, process_init_stopped(), tls_client_random::random, tls_client::random, rc, ref_init, ref_put, tls_connection::refcnt, root, tls_server::root, root_certificates, tls_connection::rx, tls_connection::server, tls_connection::session, tls_cipherstream_desc, tls_clear_cipher(), tls_clear_handshake(), tls_generate_random(), tls_plainstream_desc, tls_process_desc, tls_restart(), tls_validator_desc, TLS_VERSION_MAX, tls_connection::tx, tls_server::validator, tls_connection::version, and x509_root_get().

Referenced by apply_syslogs_settings(), https_filter(), and ipair_rx_session().

Variable Documentation

◆ tls_pubkey_exchange_algorithm

struct tls_key_exchange_algorithm tls_pubkey_exchange_algorithm

Public key exchange algorithm.

Definition at line 1439 of file tls.c.

◆ tls_dhe_exchange_algorithm

struct tls_key_exchange_algorithm tls_dhe_exchange_algorithm

Ephemeral Diffie-Hellman key exchange algorithm.

Definition at line 1654 of file tls.c.

◆ tls_ecdhe_exchange_algorithm

struct tls_key_exchange_algorithm tls_ecdhe_exchange_algorithm

Ephemeral Elliptic Curve Diffie-Hellman key exchange algorithm.

Definition at line 1784 of file tls.c.

Generated by   doxygen 1.8.15