44 #define TLS_VERSION_TLS_1_1 0x0302 47 #define TLS_VERSION_TLS_1_2 0x0303 50 #define TLS_VERSION_MAX TLS_VERSION_TLS_1_2 53 #define TLS_TYPE_CHANGE_CIPHER 20 56 #define TLS_CHANGE_CIPHER_SPEC 1 59 #define TLS_TYPE_ALERT 21 62 #define TLS_TYPE_HANDSHAKE 22 65 #define TLS_TYPE_DATA 23 68 #define TLS_HELLO_REQUEST 0 69 #define TLS_CLIENT_HELLO 1 70 #define TLS_SERVER_HELLO 2 71 #define TLS_NEW_SESSION_TICKET 4 72 #define TLS_CERTIFICATE 11 73 #define TLS_SERVER_KEY_EXCHANGE 12 74 #define TLS_CERTIFICATE_REQUEST 13 75 #define TLS_SERVER_HELLO_DONE 14 76 #define TLS_CERTIFICATE_VERIFY 15 77 #define TLS_CLIENT_KEY_EXCHANGE 16 78 #define TLS_FINISHED 20 81 #define TLS_ALERT_WARNING 1 82 #define TLS_ALERT_FATAL 2 85 #define TLS_RSA_WITH_NULL_MD5 0x0001 86 #define TLS_RSA_WITH_NULL_SHA 0x0002 87 #define TLS_RSA_WITH_AES_128_CBC_SHA 0x002f 88 #define TLS_DHE_RSA_WITH_AES_128_CBC_SHA 0x0033 89 #define TLS_RSA_WITH_AES_256_CBC_SHA 0x0035 90 #define TLS_DHE_RSA_WITH_AES_256_CBC_SHA 0x0039 91 #define TLS_RSA_WITH_AES_128_CBC_SHA256 0x003c 92 #define TLS_RSA_WITH_AES_256_CBC_SHA256 0x003d 93 #define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 0x0067 94 #define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 0x006b 95 #define TLS_RSA_WITH_AES_128_GCM_SHA256 0x009c 96 #define TLS_RSA_WITH_AES_256_GCM_SHA384 0x009d 97 #define TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 0x009e 98 #define TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 0x009f 99 #define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 0xc013 100 #define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 0xc014 101 #define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 0xc027 102 #define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 0xc028 103 #define TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xc02f 104 #define TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0xc030 107 #define TLS_MD5_ALGORITHM 1 108 #define TLS_SHA1_ALGORITHM 2 109 #define TLS_SHA224_ALGORITHM 3 110 #define TLS_SHA256_ALGORITHM 4 111 #define TLS_SHA384_ALGORITHM 5 112 #define TLS_SHA512_ALGORITHM 6 115 #define TLS_RSA_ALGORITHM 1 118 #define TLS_SERVER_NAME 0 119 #define TLS_SERVER_NAME_HOST_NAME 0 122 #define TLS_MAX_FRAGMENT_LENGTH 1 123 #define TLS_MAX_FRAGMENT_LENGTH_512 1 124 #define TLS_MAX_FRAGMENT_LENGTH_1024 2 125 #define TLS_MAX_FRAGMENT_LENGTH_2048 3 126 #define TLS_MAX_FRAGMENT_LENGTH_4096 4 129 #define TLS_NAMED_CURVE 10 130 #define TLS_NAMED_CURVE_X25519 29 133 #define TLS_SIGNATURE_ALGORITHMS 13 136 #define TLS_SESSION_TICKET 35 139 #define TLS_RENEGOTIATION_INFO 0xff01 211 #define TLS_CIPHER_SUITES \ 212 __table ( struct tls_cipher_suite, "tls_cipher_suites" ) 215 #define __tls_cipher_suite( pref ) \ 216 __table_entry ( TLS_CIPHER_SUITES, pref ) 219 #define TLS_NAMED_CURVE_TYPE 3 230 #define TLS_NAMED_CURVES \ 231 __table ( struct tls_named_curve, "tls_named_curves" ) 234 #define __tls_named_curve( pref ) \ 235 __table_entry ( TLS_NAMED_CURVES, pref ) 282 #define TLS_SIG_HASH_ALGORITHMS \ 283 __table ( struct tls_signature_hash_algorithm, \ 284 "tls_sig_hash_algorithms" ) 287 #define __tls_sig_hash_algorithm \ 288 __table_entry ( TLS_SIG_HASH_ALGORITHMS, 01 ) 307 #define MD5_SHA1_CTX_SIZE sizeof ( struct md5_sha1_context ) 318 #define MD5_SHA1_DIGEST_SIZE sizeof ( struct md5_sha1_digest ) 467 #define TLS_RX_BUFSIZE 4096 475 #define TLS_RX_MIN_BUFSIZE 512 478 #define TLS_RX_ALIGN 16 struct tls_verify_data verify
Verification data.
struct tls_header header
Current received record header.
struct digest_algorithm * digest
Digest algorithm.
uint8_t random[32]
Random bytes.
uint8_t sha1[SHA1_DIGEST_SIZE]
SHA-1 digest.
struct asn1_cursor key
Public key (within server certificate)
A TLS cipher specification pair.
struct tls_session * session
Session.
uint8_t master_secret[48]
Master secret.
struct list_head data
List of received data buffers.
struct tls_key_exchange_algorithm * exchange
Key exchange algorithm.
uint8_t md5[MD5_DIGEST_SIZE]
MD5 digest.
uint8_t record_iv_len
Record initialisation vector length.
struct io_buffer * handshake
Received handshake fragment.
struct stp_switch root
Root switch.
struct pending_operation negotiation
Security negotiation pending operation.
struct tls_cipherspec_pair cipherspec
Cipher specifications.
struct tls_key_exchange_algorithm tls_dhe_exchange_algorithm
Ephemeral Diffie-Hellman key exchange algorithm.
void * exchange
Server Key Exchange record (if any)
size_t new_session_ticket_len
Length of new session ticket.
uint8_t session_id[32]
Session ID.
struct tls_key_exchange_algorithm tls_pubkey_exchange_algorithm
Public key exchange algorithm.
unsigned long long uint64_t
A TLS cipher specification.
const char * name
Algorithm name.
struct tls_key_exchange_algorithm tls_ecdhe_exchange_algorithm
Ephemeral Elliptic Curve Diffie-Hellman key exchange algorithm.
struct pubkey_algorithm * pubkey
Public-key encryption algorithm.
A doubly-linked list entry (or list head)
struct private_key * key
Private key (if used)
struct tls_server server
Server state.
An X.509 certificate chain.
uint8_t * handshake_ctx
Digest algorithm context used for handshake verification.
int(* exchange)(struct tls_connection *tls)
Transmit Client Key Exchange record.
size_t id_len
Length of session ID.
void * new_session_ticket
New session ticket.
struct tls_client client
Client state.
void * cipher_ctx
Bulk encryption cipher context.
tls_tx_pending
TLS TX pending flags.
struct tls_cipher_suite * suite
Cipher suite.
struct digest_algorithm * digest
MAC digest algorithm.
struct list_head list
List of connections within the same session.
uint32_t gmt_unix_time
GMT Unix time.
uint8_t fixed_iv_len
Fixed initialisation vector length.
A TLS signature algorithm.
size_t ticket_len
Length of session ticket.
uint8_t master_secret[48]
Master secret.
struct list_head list
List of sessions.
struct tls_cipherspec_pair cipherspec
Cipher specifications.
uint64_t seq
Sequence number.
struct interface cipherstream
Ciphertext stream.
struct pending_operation negotiation
Security negotiation pending operation.
uint8_t hash
Hash algorithm.
void * ticket
Session ticket.
struct elliptic_curve * curve
Elliptic curve.
struct x509_chain * chain
Certificate chain.
#define MD5_CTX_SIZE
MD5 context size.
uint8_t mac_len
MAC length.
struct pending_operation validation
Certificate validation pending operation.
uint8_t signature
Signature algorithm.
unsigned int pending
Pending transmissions.
struct tls_cipherspec pending
Next cipher specification.
struct tls_rx rx
Receive state.
int add_tls(struct interface *xfer, const char *name, struct x509_root *root, struct private_key *key)
Add TLS on an interface.
struct tls_signature_hash_id code
Numeric code.
enum tls_rx_state state
State machine current state.
uint8_t client[12]
Client verification data.
An X.509 root certificate list.
struct tls_tx tx
Transmit state.
struct digest_algorithm * handshake_digest
Digest algorithm used for handshake verification.
uint8_t random[28]
Random data.
uint64_t seq
Sequence number.
uint16_t code
Numeric code (in network-endian order)
uint8_t sha1[SHA1_CTX_SIZE]
SHA-1 context.
struct io_buffer iobuf
Current received record header (static I/O buffer)
struct digest_algorithm * handshake
Handshake digest algorithm (for TLSv1.2 and above)
tls_rx_state
TLS RX state machine state.
#define SHA1_CTX_SIZE
SHA-1 context size.
struct x509_chain * chain
Certificate chain (if used)
A message digest algorithm.
uint16_t version
Protocol version.
struct tls_cipherspec active
Current cipher specification.
uint8_t server[12]
Server verification data.
A TLS key exchange algorithm.
struct x509_root * root
Root of trust.
struct private_key * key
Private key.
#define MD5_DIGEST_SIZE
MD5 digest size.
struct tls_client_random random
Random bytes.
uint8_t md5[MD5_CTX_SIZE]
MD5 context.
struct cipher_algorithm * cipher
Bulk encryption cipher algorithm.
struct list_head conn
List of connections.
int secure_renegotiation
Secure renegotiation flag.
struct pubkey_algorithm * pubkey
Public-key algorithm.
void * dynamic
Dynamically-allocated storage.
const char * name
Server name.
A TLS signature and hash algorithm identifier.
FILE_LICENCE(GPL2_OR_LATER_OR_UBDL)
size_t exchange_len
Server Key Exchange record length.
size_t session_id_len
Length of session ID.
struct interface plainstream
Plaintext stream.
void * fixed_iv
Fixed initialisation vector.
uint16_t code
Numeric code (in network-endian order)
void * mac_secret
MAC secret.
struct x509_root * root
Root of trust.
uint8_t key_len
Key length.