projects / dragonfly.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Import wpa_supplicant 0.5.8
[dragonfly.git] / contrib / wpa_supplicant-0.5.8 / tlsv1_common.h
1 /*
2  * wpa_supplicant/hostapd: TLSv1 common definitions
3  * Copyright (c) 2006, Jouni Malinen <j@w1.fi>
4  *
5  * This program is free software; you can redistribute it and/or modify
6  * it under the terms of the GNU General Public License version 2 as
7  * published by the Free Software Foundation.
8  *
9  * Alternatively, this software may be distributed under the terms of BSD
10  * license.
11  *
12  * See README and COPYING for more details.
13  */
14
15 #ifndef TLSV1_COMMON
16 #define TLSV1_COMMON
17
18 #define TLS_VERSION 0x0301 /* TLSv1 */
19 #define TLS_RANDOM_LEN 32
20 #define TLS_PRE_MASTER_SECRET_LEN 48
21 #define TLS_MASTER_SECRET_LEN 48
22 #define TLS_SESSION_ID_MAX_LEN 32
23 #define TLS_VERIFY_DATA_LEN 12
24 #define TLS_MAX_WRITE_MAC_SECRET_LEN 20
25 #define TLS_MAX_WRITE_KEY_LEN 32
26 #define TLS_MAX_IV_LEN 16
27 #define TLS_MAX_KEY_BLOCK_LEN (2 * (TLS_MAX_WRITE_MAC_SECRET_LEN + \
28                                     TLS_MAX_WRITE_KEY_LEN + TLS_MAX_IV_LEN))
29 #define TLS_SEQ_NUM_LEN 8
30 #define TLS_RECORD_HEADER_LEN 5
31
32 /* ContentType */
33 enum {
34         TLS_CONTENT_TYPE_CHANGE_CIPHER_SPEC = 20,
35         TLS_CONTENT_TYPE_ALERT = 21,
36         TLS_CONTENT_TYPE_HANDSHAKE = 22,
37         TLS_CONTENT_TYPE_APPLICATION_DATA = 23
38 };
39
40 /* HandshakeType */
41 enum {
42         TLS_HANDSHAKE_TYPE_HELLO_REQUEST = 0,
43         TLS_HANDSHAKE_TYPE_CLIENT_HELLO = 1,
44         TLS_HANDSHAKE_TYPE_SERVER_HELLO = 2,
45         TLS_HANDSHAKE_TYPE_CERTIFICATE = 11,
46         TLS_HANDSHAKE_TYPE_SERVER_KEY_EXCHANGE = 12,
47         TLS_HANDSHAKE_TYPE_CERTIFICATE_REQUEST = 13,
48         TLS_HANDSHAKE_TYPE_SERVER_HELLO_DONE = 14,
49         TLS_HANDSHAKE_TYPE_CERTIFICATE_VERIFY = 15,
50         TLS_HANDSHAKE_TYPE_CLIENT_KEY_EXCHANGE = 16,
51         TLS_HANDSHAKE_TYPE_FINISHED = 20
52 };
53
54 /* CipherSuite */
55 #define TLS_NULL_WITH_NULL_NULL                 0x0000 /* RFC 2246 */
56 #define TLS_RSA_WITH_NULL_MD5                   0x0001 /* RFC 2246 */
57 #define TLS_RSA_WITH_NULL_SHA                   0x0002 /* RFC 2246 */
58 #define TLS_RSA_EXPORT_WITH_RC4_40_MD5          0x0003 /* RFC 2246 */
59 #define TLS_RSA_WITH_RC4_128_MD5                0x0004 /* RFC 2246 */
60 #define TLS_RSA_WITH_RC4_128_SHA                0x0005 /* RFC 2246 */
61 #define TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5      0x0006 /* RFC 2246 */
62 #define TLS_RSA_WITH_IDEA_CBC_SHA               0x0007 /* RFC 2246 */
63 #define TLS_RSA_EXPORT_WITH_DES40_CBC_SHA       0x0008 /* RFC 2246 */
64 #define TLS_RSA_WITH_DES_CBC_SHA                0x0009 /* RFC 2246 */
65 #define TLS_RSA_WITH_3DES_EDE_CBC_SHA           0x000A /* RFC 2246 */
66 #define TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA    0x000B /* RFC 2246 */
67 #define TLS_DH_DSS_WITH_DES_CBC_SHA             0x000C /* RFC 2246 */
68 #define TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA        0x000D /* RFC 2246 */
69 #define TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA    0x000E /* RFC 2246 */
70 #define TLS_DH_RSA_WITH_DES_CBC_SHA             0x000F /* RFC 2246 */
71 #define TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA        0x0010 /* RFC 2246 */
72 #define TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA   0x0011 /* RFC 2246 */
73 #define TLS_DHE_DSS_WITH_DES_CBC_SHA            0x0012 /* RFC 2246 */
74 #define TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA       0x0013 /* RFC 2246 */
75 #define TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA   0x0014 /* RFC 2246 */
76 #define TLS_DHE_RSA_WITH_DES_CBC_SHA            0x0015 /* RFC 2246 */
77 #define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA       0x0016 /* RFC 2246 */
78 #define TLS_DH_anon_EXPORT_WITH_RC4_40_MD5      0x0017 /* RFC 2246 */
79 #define TLS_DH_anon_WITH_RC4_128_MD5            0x0018 /* RFC 2246 */
80 #define TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA   0x0019 /* RFC 2246 */
81 #define TLS_DH_anon_WITH_DES_CBC_SHA            0x001A /* RFC 2246 */
82 #define TLS_DH_anon_WITH_3DES_EDE_CBC_SHA       0x001B /* RFC 2246 */
83 #define TLS_RSA_WITH_AES_128_CBC_SHA            0x002F /* RFC 3268 */
84 #define TLS_DH_DSS_WITH_AES_128_CBC_SHA         0x0030 /* RFC 3268 */
85 #define TLS_DH_RSA_WITH_AES_128_CBC_SHA         0x0031 /* RFC 3268 */
86 #define TLS_DHE_DSS_WITH_AES_128_CBC_SHA        0x0032 /* RFC 3268 */
87 #define TLS_DHE_RSA_WITH_AES_128_CBC_SHA        0x0033 /* RFC 3268 */
88 #define TLS_DH_anon_WITH_AES_128_CBC_SHA        0x0034 /* RFC 3268 */
89 #define TLS_RSA_WITH_AES_256_CBC_SHA            0x0035 /* RFC 3268 */
90 #define TLS_DH_DSS_WITH_AES_256_CBC_SHA         0x0036 /* RFC 3268 */
91 #define TLS_DH_RSA_WITH_AES_256_CBC_SHA         0x0037 /* RFC 3268 */
92 #define TLS_DHE_DSS_WITH_AES_256_CBC_SHA        0x0038 /* RFC 3268 */
93 #define TLS_DHE_RSA_WITH_AES_256_CBC_SHA        0x0039 /* RFC 3268 */
94 #define TLS_DH_anon_WITH_AES_256_CBC_SHA        0x003A /* RFC 3268 */
95
96 /* CompressionMethod */
97 #define TLS_COMPRESSION_NULL 0
98
99 /* AlertLevel */
100 #define TLS_ALERT_LEVEL_WARNING 1
101 #define TLS_ALERT_LEVEL_FATAL 2
102
103 /* AlertDescription */
104 #define TLS_ALERT_CLOSE_NOTIFY                  0
105 #define TLS_ALERT_UNEXPECTED_MESSAGE            10
106 #define TLS_ALERT_BAD_RECORD_MAC                20
107 #define TLS_ALERT_DECRYPTION_FAILED             21
108 #define TLS_ALERT_RECORD_OVERFLOW               22
109 #define TLS_ALERT_DECOMPRESSION_FAILURE         30
110 #define TLS_ALERT_HANDSHAKE_FAILURE             40
111 #define TLS_ALERT_BAD_CERTIFICATE               42
112 #define TLS_ALERT_UNSUPPORTED_CERTIFICATE       43
113 #define TLS_ALERT_CERTIFICATE_REVOKED           44
114 #define TLS_ALERT_CERTIFICATE_EXPIRED           45
115 #define TLS_ALERT_CERTIFICATE_UNKNOWN           46
116 #define TLS_ALERT_ILLEGAL_PARAMETER             47
117 #define TLS_ALERT_UNKNOWN_CA                    48
118 #define TLS_ALERT_ACCESS_DENIED                 49
119 #define TLS_ALERT_DECODE_ERROR                  50
120 #define TLS_ALERT_DECRYPT_ERROR                 51
121 #define TLS_ALERT_EXPORT_RESTRICTION            60
122 #define TLS_ALERT_PROTOCOL_VERSION              70
123 #define TLS_ALERT_INSUFFICIENT_SECURITY         71
124 #define TLS_ALERT_INTERNAL_ERROR                80
125 #define TLS_ALERT_USER_CANCELED                 90
126 #define TLS_ALERT_NO_RENEGOTIATION              100
127
128 /* ChangeCipherSpec */
129 enum {
130         TLS_CHANGE_CIPHER_SPEC = 1
131 };
132
133 /* TLS Extensions */
134 #define TLS_EXT_PAC_OPAQUE 35
135
136
137 typedef enum {
138         TLS_KEY_X_NULL,
139         TLS_KEY_X_RSA,
140         TLS_KEY_X_RSA_EXPORT,
141         TLS_KEY_X_DH_DSS_EXPORT,
142         TLS_KEY_X_DH_DSS,
143         TLS_KEY_X_DH_RSA_EXPORT,
144         TLS_KEY_X_DH_RSA,
145         TLS_KEY_X_DHE_DSS_EXPORT,
146         TLS_KEY_X_DHE_DSS,
147         TLS_KEY_X_DHE_RSA_EXPORT,
148         TLS_KEY_X_DHE_RSA,
149         TLS_KEY_X_DH_anon_EXPORT,
150         TLS_KEY_X_DH_anon
151 } tls_key_exchange;
152
153 typedef enum {
154         TLS_CIPHER_NULL,
155         TLS_CIPHER_RC4_40,
156         TLS_CIPHER_RC4_128,
157         TLS_CIPHER_RC2_CBC_40,
158         TLS_CIPHER_IDEA_CBC,
159         TLS_CIPHER_DES40_CBC,
160         TLS_CIPHER_DES_CBC,
161         TLS_CIPHER_3DES_EDE_CBC,
162         TLS_CIPHER_AES_128_CBC,
163         TLS_CIPHER_AES_256_CBC
164 } tls_cipher;
165
166 typedef enum {
167         TLS_HASH_NULL,
168         TLS_HASH_MD5,
169         TLS_HASH_SHA
170 } tls_hash;
171
172 struct tls_cipher_suite {
173         u16 suite;
174         tls_key_exchange key_exchange;
175         tls_cipher cipher;
176         tls_hash hash;
177 };
178
179 typedef enum {
180         TLS_CIPHER_STREAM,
181         TLS_CIPHER_BLOCK
182 } tls_cipher_type;
183
184 struct tls_cipher_data {
185         tls_cipher cipher;
186         tls_cipher_type type;
187         size_t key_material;
188         size_t expanded_key_material;
189         size_t block_size; /* also iv_size */
190         enum crypto_cipher_alg alg;
191 };
192
193
194 struct tlsv1_record_layer {
195         u8 write_mac_secret[TLS_MAX_WRITE_MAC_SECRET_LEN];
196         u8 read_mac_secret[TLS_MAX_WRITE_MAC_SECRET_LEN];
197         u8 write_key[TLS_MAX_WRITE_KEY_LEN];
198         u8 read_key[TLS_MAX_WRITE_KEY_LEN];
199         u8 write_iv[TLS_MAX_IV_LEN];
200         u8 read_iv[TLS_MAX_IV_LEN];
201
202         size_t hash_size;
203         size_t key_material_len;
204         size_t iv_size; /* also block_size */
205
206         enum crypto_hash_alg hash_alg;
207         enum crypto_cipher_alg cipher_alg;
208
209         u8 write_seq_num[TLS_SEQ_NUM_LEN];
210         u8 read_seq_num[TLS_SEQ_NUM_LEN];
211
212         u16 cipher_suite;
213         u16 write_cipher_suite;
214         u16 read_cipher_suite;
215
216         struct crypto_cipher *write_cbc;
217         struct crypto_cipher *read_cbc;
218 };
219
220
221 const struct tls_cipher_suite * tls_get_cipher_suite(u16 suite);
222 int tls_parse_cert(const u8 *buf, size_t len, struct crypto_public_key **pk);
223 int tlsv1_record_set_cipher_suite(struct tlsv1_record_layer *rl,
224                                   u16 cipher_suite);
225 int tlsv1_record_change_write_cipher(struct tlsv1_record_layer *rl);
226 int tlsv1_record_change_read_cipher(struct tlsv1_record_layer *rl);
227 int tlsv1_record_send(struct tlsv1_record_layer *rl, u8 content_type, u8 *buf,
228                       size_t buf_size, size_t payload_len, size_t *out_len);
229 int tlsv1_record_receive(struct tlsv1_record_layer *rl,
230                          const u8 *in_data, size_t in_len,
231                          u8 *out_data, size_t *out_len, u8 *alert);
232
233 #endif /* TLSV1_COMMON_H */
DragonFly Project Source