1 /* $OpenBSD: tls13_internal.h,v 1.28 2019/04/05 20:23:38 tb Exp $ */
3 * Copyright (c) 2018 Bob Beck <beck@openbsd.org>
4 * Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
5 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
7 * Permission to use, copy, modify, and/or distribute this software for any
8 * purpose with or without fee is hereby granted, provided that the above
9 * copyright notice and this permission notice appear in all copies.
11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
14 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
16 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
17 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 #ifndef HEADER_TLS13_INTERNAL_H
21 #define HEADER_TLS13_INTERNAL_H
23 #include <openssl/evp.h>
24 #include <openssl/ssl.h>
26 #include "bytestring.h"
30 #define TLS13_HS_CLIENT 1
31 #define TLS13_HS_SERVER 2
33 #define TLS13_IO_SUCCESS 1
34 #define TLS13_IO_EOF 0
35 #define TLS13_IO_FAILURE -1
36 #define TLS13_IO_WANT_POLLIN -2
37 #define TLS13_IO_WANT_POLLOUT -3
38 #define TLS13_IO_USE_LEGACY -4
40 typedef void (*tls13_alert_cb)(uint8_t _alert_desc, void *_cb_arg);
41 typedef int (*tls13_post_handshake_cb)(void *_cb_arg);
42 typedef ssize_t (*tls13_read_cb)(void *_buf, size_t _buflen, void *_cb_arg);
43 typedef ssize_t (*tls13_write_cb)(const void *_buf, size_t _buflen,
48 struct tls13_buffer *tls13_buffer_new(size_t init_size);
49 void tls13_buffer_free(struct tls13_buffer *buf);
50 ssize_t tls13_buffer_extend(struct tls13_buffer *buf, size_t len,
51 tls13_read_cb read_cb, void *cb_arg);
52 void tls13_buffer_cbs(struct tls13_buffer *buf, CBS *cbs);
53 int tls13_buffer_finish(struct tls13_buffer *buf, uint8_t **out,
61 /* RFC 8446 Section 7.1 Page 92 */
62 struct tls13_secrets {
69 int insecure; /* Set by tests */
70 struct tls13_secret zeros;
71 struct tls13_secret empty_hash;
72 struct tls13_secret extracted_early;
73 struct tls13_secret binder_key;
74 struct tls13_secret client_early_traffic;
75 struct tls13_secret early_exporter_master;
76 struct tls13_secret derived_early;
77 struct tls13_secret extracted_handshake;
78 struct tls13_secret client_handshake_traffic;
79 struct tls13_secret server_handshake_traffic;
80 struct tls13_secret derived_handshake;
81 struct tls13_secret extracted_master;
82 struct tls13_secret client_application_traffic;
83 struct tls13_secret server_application_traffic;
84 struct tls13_secret exporter_master;
85 struct tls13_secret resumption_master;
88 struct tls13_secrets *tls13_secrets_create(const EVP_MD *digest,
90 void tls13_secrets_destroy(struct tls13_secrets *secrets);
92 int tls13_hkdf_expand_label(struct tls13_secret *out, const EVP_MD *digest,
93 const struct tls13_secret *secret, const char *label,
94 const struct tls13_secret *context);
96 int tls13_derive_early_secrets(struct tls13_secrets *secrets, uint8_t *psk,
97 size_t psk_len, const struct tls13_secret *context);
98 int tls13_derive_handshake_secrets(struct tls13_secrets *secrets,
99 const uint8_t *ecdhe, size_t ecdhe_len, const struct tls13_secret *context);
100 int tls13_derive_application_secrets(struct tls13_secrets *secrets,
101 const struct tls13_secret *context);
106 struct tls13_record_layer;
108 struct tls13_record_layer *tls13_record_layer_new(tls13_read_cb wire_read,
109 tls13_write_cb wire_write, tls13_alert_cb alert_cb,
110 tls13_post_handshake_cb post_handshake_cb, void *cb_arg);
111 void tls13_record_layer_free(struct tls13_record_layer *rl);
112 void tls13_record_layer_set_aead(struct tls13_record_layer *rl,
113 const EVP_AEAD *aead);
114 void tls13_record_layer_set_hash(struct tls13_record_layer *rl,
116 void tls13_record_layer_handshake_completed(struct tls13_record_layer *rl);
117 int tls13_record_layer_set_read_traffic_key(struct tls13_record_layer *rl,
118 struct tls13_secret *read_key);
119 int tls13_record_layer_set_write_traffic_key(struct tls13_record_layer *rl,
120 struct tls13_secret *write_key);
122 ssize_t tls13_read_handshake_data(struct tls13_record_layer *rl, uint8_t *buf, size_t n);
123 ssize_t tls13_write_handshake_data(struct tls13_record_layer *rl, const uint8_t *buf,
125 ssize_t tls13_read_application_data(struct tls13_record_layer *rl, uint8_t *buf, size_t n);
126 ssize_t tls13_write_application_data(struct tls13_record_layer *rl, const uint8_t *buf,
130 * Handshake Messages.
132 struct tls13_handshake_msg;
134 struct tls13_handshake_msg *tls13_handshake_msg_new(void);
135 void tls13_handshake_msg_free(struct tls13_handshake_msg *msg);
136 void tls13_handshake_msg_data(struct tls13_handshake_msg *msg, CBS *cbs);
137 uint8_t tls13_handshake_msg_type(struct tls13_handshake_msg *msg);
138 int tls13_handshake_msg_content(struct tls13_handshake_msg *msg, CBS *cbs);
139 int tls13_handshake_msg_start(struct tls13_handshake_msg *msg, CBB *body,
141 int tls13_handshake_msg_finish(struct tls13_handshake_msg *msg);
142 int tls13_handshake_msg_recv(struct tls13_handshake_msg *msg,
143 struct tls13_record_layer *rl);
144 int tls13_handshake_msg_send(struct tls13_handshake_msg *msg,
145 struct tls13_record_layer *rl);
147 struct tls13_handshake_stage {
149 uint8_t message_number;
152 struct ssl_handshake_tls13_st;
156 struct ssl_handshake_tls13_st *hs;
158 struct tls13_handshake_stage handshake_stage;
159 int handshake_completed;
161 const EVP_AEAD *aead;
164 struct tls13_record_layer *rl;
165 struct tls13_handshake_msg *hs_msg;
168 struct tls13_ctx *tls13_ctx_new(int mode);
169 void tls13_ctx_free(struct tls13_ctx *ctx);
171 const EVP_AEAD *tls13_cipher_aead(const SSL_CIPHER *cipher);
172 const EVP_MD *tls13_cipher_hash(const SSL_CIPHER *cipher);
177 int tls13_legacy_connect(SSL *ssl);
178 int tls13_legacy_return_code(SSL *ssl, ssize_t ret);
179 ssize_t tls13_legacy_wire_read_cb(void *buf, size_t n, void *arg);
180 ssize_t tls13_legacy_wire_write_cb(const void *buf, size_t n, void *arg);
181 int tls13_legacy_read_bytes(SSL *ssl, int type, unsigned char *buf, int len,
183 int tls13_legacy_write_bytes(SSL *ssl, int type, const void *buf, int len);
186 * Message Types - RFC 8446, Section B.3.
188 * Values listed as "_RESERVED" were used in previous versions of TLS and are
189 * listed here for completeness. TLS 1.3 implementations MUST NOT send them but
190 * might receive them from older TLS implementations.
192 #define TLS13_MT_HELLO_REQUEST_RESERVED 0
193 #define TLS13_MT_CLIENT_HELLO 1
194 #define TLS13_MT_SERVER_HELLO 2
195 #define TLS13_MT_HELLO_VERIFY_REQUEST_RESERVED 3
196 #define TLS13_MT_NEW_SESSION_TICKET 4
197 #define TLS13_MT_END_OF_EARLY_DATA 5
198 #define TLS13_MT_HELLO_RETRY_REQUEST_RESERVED 6
199 #define TLS13_MT_ENCRYPTED_EXTENSIONS 8
200 #define TLS13_MT_CERTIFICATE 11
201 #define TLS13_MT_SERVER_KEY_EXCHANGE_RESERVED 12
202 #define TLS13_MT_CERTIFICATE_REQUEST 13
203 #define TLS13_MT_SERVER_HELLO_DONE_RESERVED 14
204 #define TLS13_MT_CERTIFICATE_VERIFY 15
205 #define TLS13_MT_CLIENT_KEY_EXCHANGE_RESERVED 16
206 #define TLS13_MT_FINISHED 20
207 #define TLS13_MT_CERTIFICATE_URL_RESERVED 21
208 #define TLS13_MT_CERTIFICATE_STATUS_RESERVED 22
209 #define TLS13_MT_SUPPLEMENTAL_DATA_RESERVED 23
210 #define TLS13_MT_KEY_UPDATE 24
211 #define TLS13_MT_MESSAGE_HASH 254
213 int tls13_handshake_perform(struct tls13_ctx *ctx);
215 int tls13_client_hello_send(struct tls13_ctx *ctx);
216 int tls13_client_hello_recv(struct tls13_ctx *ctx);
217 int tls13_client_hello_retry_send(struct tls13_ctx *ctx);
218 int tls13_client_hello_retry_recv(struct tls13_ctx *ctx);
219 int tls13_client_end_of_early_data_send(struct tls13_ctx *ctx);
220 int tls13_client_end_of_early_data_recv(struct tls13_ctx *ctx);
221 int tls13_client_certificate_send(struct tls13_ctx *ctx);
222 int tls13_client_certificate_recv(struct tls13_ctx *ctx);
223 int tls13_client_certificate_verify_send(struct tls13_ctx *ctx);
224 int tls13_client_certificate_verify_recv(struct tls13_ctx *ctx);
225 int tls13_client_finished_recv(struct tls13_ctx *ctx);
226 int tls13_client_finished_send(struct tls13_ctx *ctx);
227 int tls13_client_finished_sent(struct tls13_ctx *ctx);
228 int tls13_client_key_update_send(struct tls13_ctx *ctx);
229 int tls13_client_key_update_recv(struct tls13_ctx *ctx);
230 int tls13_server_hello_recv(struct tls13_ctx *ctx);
231 int tls13_server_hello_send(struct tls13_ctx *ctx);
232 int tls13_server_hello_retry_recv(struct tls13_ctx *ctx);
233 int tls13_server_hello_retry_send(struct tls13_ctx *ctx);
234 int tls13_server_encrypted_extensions_recv(struct tls13_ctx *ctx);
235 int tls13_server_encrypted_extensions_send(struct tls13_ctx *ctx);
236 int tls13_server_certificate_recv(struct tls13_ctx *ctx);
237 int tls13_server_certificate_send(struct tls13_ctx *ctx);
238 int tls13_server_certificate_request_recv(struct tls13_ctx *ctx);
239 int tls13_server_certificate_request_send(struct tls13_ctx *ctx);
240 int tls13_server_certificate_verify_send(struct tls13_ctx *ctx);
241 int tls13_server_certificate_verify_recv(struct tls13_ctx *ctx);
242 int tls13_server_finished_recv(struct tls13_ctx *ctx);
243 int tls13_server_finished_send(struct tls13_ctx *ctx);