7 * Transport Layer Security Protocol
10 FILE_LICENCE ( GPL2_OR_LATER );
13 #include <ipxe/refcnt.h>
14 #include <ipxe/interface.h>
15 #include <ipxe/process.h>
16 #include <ipxe/crypto.h>
18 #include <ipxe/sha1.h>
19 #include <ipxe/sha256.h>
20 #include <ipxe/x509.h>
21 #include <ipxe/pending.h>
22 #include <ipxe/iobuf.h>
28 * This is a TLS_TYPE_XXX constant
33 * This is a TLS_VERSION_XXX constant
36 /** Length of payload */
38 } __attribute__ (( packed ));
40 /** TLS version 1.0 */
41 #define TLS_VERSION_TLS_1_0 0x0301
43 /** TLS version 1.1 */
44 #define TLS_VERSION_TLS_1_1 0x0302
46 /** TLS version 1.2 */
47 #define TLS_VERSION_TLS_1_2 0x0303
49 /** Change cipher content type */
50 #define TLS_TYPE_CHANGE_CIPHER 20
52 /** Alert content type */
53 #define TLS_TYPE_ALERT 21
55 /** Handshake content type */
56 #define TLS_TYPE_HANDSHAKE 22
58 /** Application data content type */
59 #define TLS_TYPE_DATA 23
61 /* Handshake message types */
62 #define TLS_HELLO_REQUEST 0
63 #define TLS_CLIENT_HELLO 1
64 #define TLS_SERVER_HELLO 2
65 #define TLS_CERTIFICATE 11
66 #define TLS_SERVER_KEY_EXCHANGE 12
67 #define TLS_CERTIFICATE_REQUEST 13
68 #define TLS_SERVER_HELLO_DONE 14
69 #define TLS_CERTIFICATE_VERIFY 15
70 #define TLS_CLIENT_KEY_EXCHANGE 16
71 #define TLS_FINISHED 20
73 /* TLS alert levels */
74 #define TLS_ALERT_WARNING 1
75 #define TLS_ALERT_FATAL 2
77 /* TLS cipher specifications */
78 #define TLS_RSA_WITH_NULL_MD5 0x0001
79 #define TLS_RSA_WITH_NULL_SHA 0x0002
80 #define TLS_RSA_WITH_AES_128_CBC_SHA 0x002f
81 #define TLS_RSA_WITH_AES_256_CBC_SHA 0x0035
82 #define TLS_RSA_WITH_AES_128_CBC_SHA256 0x003c
83 #define TLS_RSA_WITH_AES_256_CBC_SHA256 0x003d
85 /* TLS hash algorithm identifiers */
86 #define TLS_MD5_ALGORITHM 1
87 #define TLS_SHA1_ALGORITHM 2
88 #define TLS_SHA256_ALGORITHM 4
90 /* TLS signature algorithm identifiers */
91 #define TLS_RSA_ALGORITHM 1
93 /* TLS server name extension */
94 #define TLS_SERVER_NAME 0
95 #define TLS_SERVER_NAME_HOST_NAME 0
97 /* TLS maximum fragment length extension */
98 #define TLS_MAX_FRAGMENT_LENGTH 1
99 #define TLS_MAX_FRAGMENT_LENGTH_512 1
100 #define TLS_MAX_FRAGMENT_LENGTH_1024 2
101 #define TLS_MAX_FRAGMENT_LENGTH_2048 3
102 #define TLS_MAX_FRAGMENT_LENGTH_4096 4
104 /** TLS RX state machine state */
110 /** TLS TX pending flags */
111 enum tls_tx_pending {
112 TLS_TX_CLIENT_HELLO = 0x0001,
113 TLS_TX_CERTIFICATE = 0x0002,
114 TLS_TX_CLIENT_KEY_EXCHANGE = 0x0004,
115 TLS_TX_CERTIFICATE_VERIFY = 0x0008,
116 TLS_TX_CHANGE_CIPHER = 0x0010,
117 TLS_TX_FINISHED = 0x0020,
120 /** A TLS cipher suite */
121 struct tls_cipher_suite {
122 /** Public-key encryption algorithm */
123 struct pubkey_algorithm *pubkey;
124 /** Bulk encryption cipher algorithm */
125 struct cipher_algorithm *cipher;
126 /** MAC digest algorithm */
127 struct digest_algorithm *digest;
130 /** Numeric code (in network-endian order) */
134 /** A TLS cipher specification */
135 struct tls_cipherspec {
137 struct tls_cipher_suite *suite;
138 /** Dynamically-allocated storage */
140 /** Public key encryption context */
142 /** Bulk encryption cipher context */
144 /** Next bulk encryption cipher context (TX only) */
145 void *cipher_next_ctx;
150 /** A TLS signature and hash algorithm identifier */
151 struct tls_signature_hash_id {
152 /** Hash algorithm */
154 /** Signature algorithm */
156 } __attribute__ (( packed ));
158 /** A TLS signature algorithm */
159 struct tls_signature_hash_algorithm {
160 /** Digest algorithm */
161 struct digest_algorithm *digest;
162 /** Public-key algorithm */
163 struct pubkey_algorithm *pubkey;
165 struct tls_signature_hash_id code;
168 /** TLS pre-master secret */
169 struct tls_pre_master_secret {
174 } __attribute__ (( packed ));
176 /** TLS client random data */
177 struct tls_client_random {
179 uint32_t gmt_unix_time;
182 } __attribute__ (( packed ));
184 /** An MD5+SHA1 context */
185 struct md5_sha1_context {
187 uint8_t md5[MD5_CTX_SIZE];
189 uint8_t sha1[SHA1_CTX_SIZE];
190 } __attribute__ (( packed ));
192 /** MD5+SHA1 context size */
193 #define MD5_SHA1_CTX_SIZE sizeof ( struct md5_sha1_context )
195 /** An MD5+SHA1 digest */
196 struct md5_sha1_digest {
198 uint8_t md5[MD5_DIGEST_SIZE];
200 uint8_t sha1[SHA1_DIGEST_SIZE];
201 } __attribute__ (( packed ));
203 /** MD5+SHA1 digest size */
204 #define MD5_SHA1_DIGEST_SIZE sizeof ( struct md5_sha1_digest )
208 /** Reference counter */
209 struct refcnt refcnt;
213 /** Plaintext stream */
214 struct interface plainstream;
215 /** Ciphertext stream */
216 struct interface cipherstream;
218 /** Protocol version */
220 /** Current TX cipher specification */
221 struct tls_cipherspec tx_cipherspec;
222 /** Next TX cipher specification */
223 struct tls_cipherspec tx_cipherspec_pending;
224 /** Current RX cipher specification */
225 struct tls_cipherspec rx_cipherspec;
226 /** Next RX cipher specification */
227 struct tls_cipherspec rx_cipherspec_pending;
228 /** Premaster secret */
229 struct tls_pre_master_secret pre_master_secret;
231 uint8_t master_secret[48];
232 /** Server random bytes */
233 uint8_t server_random[32];
234 /** Client random bytes */
235 struct tls_client_random client_random;
236 /** MD5+SHA1 context for handshake verification */
237 uint8_t handshake_md5_sha1_ctx[MD5_SHA1_CTX_SIZE];
238 /** SHA256 context for handshake verification */
239 uint8_t handshake_sha256_ctx[SHA256_CTX_SIZE];
240 /** Digest algorithm used for handshake verification */
241 struct digest_algorithm *handshake_digest;
242 /** Digest algorithm context used for handshake verification */
243 uint8_t *handshake_ctx;
244 /** Client certificate (if used) */
245 struct x509_certificate *cert;
247 /** Server certificate chain */
248 struct x509_chain *chain;
249 /** Certificate validator */
250 struct interface validator;
252 /** Client security negotiation pending operation */
253 struct pending_operation client_negotiation;
254 /** Server security negotiation pending operation */
255 struct pending_operation server_negotiation;
257 /** TX sequence number */
259 /** TX pending transmissions */
260 unsigned int tx_pending;
262 struct process process;
264 /** RX sequence number */
267 enum tls_rx_state rx_state;
268 /** Current received record header */
269 struct tls_header rx_header;
270 /** Current received record header (static I/O buffer) */
271 struct io_buffer rx_header_iobuf;
272 /** List of received data buffers */
273 struct list_head rx_data;
276 /** RX I/O buffer size
278 * The maximum fragment length extension is optional, and many common
279 * implementations (including OpenSSL) do not support it. We must
280 * therefore be prepared to receive records of up to 16kB in length.
281 * The chance of an allocation of this size failing is non-negligible,
282 * so we must split received data into smaller allocations.
284 #define TLS_RX_BUFSIZE 4096
286 /** Minimum RX I/O buffer size
288 * To simplify manipulations, we ensure that no RX I/O buffer is
289 * smaller than this size. This allows us to assume that the MAC and
290 * padding are entirely contained within the final I/O buffer.
292 #define TLS_RX_MIN_BUFSIZE 512
294 /** RX I/O buffer alignment */
295 #define TLS_RX_ALIGN 16
297 extern int add_tls ( struct interface *xfer, const char *name,
298 struct interface **next );
300 #endif /* _IPXE_TLS_H */