2 * Copyright (C) 2021 Tobias Brunner
3 * Copyright (C) 2020-2021 Pascal Knecht
4 * Copyright (C) 2010 Martin Willi
6 * Copyright (C) secunet Security Networks AG
8 * This program is free software; you can redistribute it and/or modify it
9 * under the terms of the GNU General Public License as published by the
10 * Free Software Foundation; either version 2 of the License, or (at your
11 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
13 * This program is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
15 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
20 * @defgroup libtls libtls
23 * TLS implementation on top of libstrongswan
33 * Maximum size of a TLS fragment
34 * as defined by section 6.2.1. "Fragmentation" of RFC 5246 TLS 1.2
36 #define TLS_MAX_FRAGMENT_LEN 16384
38 typedef enum tls_version_t tls_version_t
;
39 typedef enum tls_content_type_t tls_content_type_t
;
40 typedef enum tls_handshake_type_t tls_handshake_type_t
;
41 typedef enum tls_purpose_t tls_purpose_t
;
42 typedef enum tls_flag_t tls_flag_t
;
43 typedef struct tls_t tls_t
;
47 #include "tls_application.h"
48 #include "tls_cache.h"
51 * TLS/SSL version numbers
58 TLS_SUPPORTED_MIN
= TLS_1_0
,
62 TLS_SUPPORTED_MAX
= TLS_1_3
,
66 * Enum names for tls_version_t
68 extern enum_name_t
*tls_version_names
;
71 * Simple, numeric enum names for tls_version_t (only supported versions)
73 extern enum_name_t
*tls_numeric_version_names
;
76 * TLS higher level content type
78 enum tls_content_type_t
{
79 TLS_CHANGE_CIPHER_SPEC
= 20,
82 TLS_APPLICATION_DATA
= 23,
86 * Enum names for tls_content_type_t
88 extern enum_name_t
*tls_content_type_names
;
91 * TLS handshake subtype
93 enum tls_handshake_type_t
{
94 TLS_HELLO_REQUEST
= 0,
97 TLS_HELLO_VERIFY_REQUEST
= 3,
98 TLS_NEW_SESSION_TICKET
= 4,
99 TLS_END_OF_EARLY_DATA
= 5,
100 TLS_HELLO_RETRY_REQUEST
= 6,
101 TLS_ENCRYPTED_EXTENSIONS
= 8,
102 TLS_CERTIFICATE
= 11,
103 TLS_SERVER_KEY_EXCHANGE
= 12,
104 TLS_CERTIFICATE_REQUEST
= 13,
105 TLS_SERVER_HELLO_DONE
= 14,
106 TLS_CERTIFICATE_VERIFY
= 15,
107 TLS_CLIENT_KEY_EXCHANGE
= 16,
109 TLS_CERTIFICATE_URL
= 21,
110 TLS_CERTIFICATE_STATUS
= 22,
111 TLS_SUPPLEMENTAL_DATA
= 23,
113 TLS_MESSAGE_HASH
= 254,
117 * Enum names for tls_handshake_type_t
119 extern enum_name_t
*tls_handshake_type_names
;
122 * Purpose the TLS stack is initiated for.
125 /** authentication in EAP-TLS */
127 /** outer authentication and protection in EAP-TTLS */
128 TLS_PURPOSE_EAP_TTLS
,
129 /** outer authentication and protection in EAP-PEAP */
130 TLS_PURPOSE_EAP_PEAP
,
133 /** EAP binding for TNC */
138 * TLS Handshake extension types.
140 enum tls_extension_t
{
141 /** Server name the client wants to talk to */
142 TLS_EXT_SERVER_NAME
= 0,
143 /** request a maximum fragment size */
144 TLS_EXT_MAX_FRAGMENT_LENGTH
= 1,
145 /** indicate client certificate URL support */
146 TLS_EXT_CLIENT_CERTIFICATE_URL
= 2,
147 /** list of CA the client trusts */
148 TLS_EXT_TRUSTED_CA_KEYS
= 3,
149 /** request MAC truncation to 80-bit */
150 TLS_EXT_TRUNCATED_HMAC
= 4,
151 /** list of OCSP responders the client trusts */
152 TLS_EXT_STATUS_REQUEST
= 5,
153 /** list of supported groups, in legacy tls: elliptic curves */
154 TLS_EXT_SUPPORTED_GROUPS
= 10,
155 /** supported point formats */
156 TLS_EXT_EC_POINT_FORMATS
= 11,
157 /** list supported signature algorithms */
158 TLS_EXT_SIGNATURE_ALGORITHMS
= 13,
159 /** indicate usage of Datagram Transport Layer Security (DTLS) */
160 TLS_EXT_USE_SRTP
= 14,
161 /** indicate usage of heartbeat */
162 TLS_EXT_HEARTBEAT
= 15,
163 /** indicate usage of application-layer protocol negotiation */
164 TLS_EXT_APPLICATION_LAYER_PROTOCOL_NEGOTIATION
= 16,
165 /** exchange raw public key, client side*/
166 TLS_CLIENT_CERTIFICATE_TYPE
= 19,
167 /** exchange raw public key, server side*/
168 TLS_SERVER_CERTIFICATE_TYPE
= 20,
169 /** use encrypt-then-MAC security mechanism RFC 7366 */
170 TLS_EXT_ENCRYPT_THEN_MAC
= 22,
171 /** bind master secret to handshake data RFC 7627 */
172 TLS_EXT_EXTENDED_MASTER_SECRET
= 23,
173 /** session resumption without server-side state RFC 5077 */
174 TLS_EXT_SESSION_TICKET
= 35,
175 /** negotiate identity of the psk **/
176 TLS_EXT_PRE_SHARED_KEY
= 41,
177 /** send data in 0-RTT when psk is used and early data is allowed **/
178 TLS_EXT_EARLY_DATA
= 42,
179 /** negotiate supported tls versions **/
180 TLS_EXT_SUPPORTED_VERSIONS
= 43,
181 /** identify client **/
183 /** psk modes supported by the client **/
184 TLS_EXT_PSK_KEY_EXCHANGE_MODES
= 45,
185 /** indicate supported ca's by endpoint **/
186 TLS_EXT_CERTIFICATE_AUTHORITIES
= 47,
187 /** provide oid/value pairs to match client's certificate **/
188 TLS_EXT_OID_FILTERS
= 48,
189 /** willing to perform post-handshake authentication **/
190 TLS_EXT_POST_HANDSHAKE_AUTH
= 49,
191 /** list supported signature algorithms to verify certificates **/
192 TLS_EXT_SIGNATURE_ALGORITHMS_CERT
= 50,
193 /** list endpoint's cryptographic parameters **/
194 TLS_EXT_KEY_SHARE
= 51,
195 /** cryptographic binding for RFC 5746 renegotiation indication */
196 TLS_EXT_RENEGOTIATION_INFO
= 65281,
199 enum tls_name_type_t
{
200 TLS_NAME_TYPE_HOST_NAME
= 0,
204 * Flags that control the behavior of the stack
207 /** set if cipher suites with null encryption are acceptable */
208 TLS_FLAG_ENCRYPTION_OPTIONAL
= 1,
209 /** set if client authentication is optional even if cert req sent */
210 TLS_FLAG_CLIENT_AUTH_OPTIONAL
= 2,
214 * Enum names for tls_extension_t
216 extern enum_name_t
*tls_extension_names
;
219 * Magic value (SHA-256 of "HelloRetryRequest") for Random to differentiate
220 * ServerHello from HelloRetryRequest.
222 extern chunk_t tls_hello_retry_request_magic
;
225 * Magic values for downgrade protection (see RFC 8446, section 4.1.3)
227 extern chunk_t tls_downgrade_protection_tls11
;
228 extern chunk_t tls_downgrade_protection_tls12
;
231 * A bottom-up driven TLS stack, suitable for EAP implementations.
236 * Process one or more TLS records, pass it to upper layers.
238 * @param buf TLS record data, including headers
239 * @param buflen number of bytes in buf to process
241 * - SUCCESS if TLS negotiation complete
242 * - FAILED if TLS handshake failed
243 * - NEED_MORE if more invocations to process/build needed
245 status_t (*process
)(tls_t
*this, void *buf
, size_t buflen
);
248 * Query upper layer for one or more TLS records, build fragments.
250 * The TLS stack automatically fragments the records to the given buffer
251 * size. Fragmentation is indicated by the reclen output parameter and
252 * the return value. For the first fragment of a TLS record, a non-zero
253 * record length is returned in reclen. If more fragments follow, NEED_MORE
254 * is returned. A return value of ALREADY_DONE indicates that the final
255 * fragment has been returned.
257 * @param buf buffer to write TLS record fragments to
258 * @param buflen size of buffer, receives bytes written
259 * @param msglen receives size of all TLS fragments
261 * - SUCCESS if TLS negotiation complete
262 * - FAILED if TLS handshake failed
263 * - INVALID_STATE if more input data required
264 * - NEED_MORE if more fragments available
265 * - ALREADY_DONE if the last available fragment returned
267 status_t (*build
)(tls_t
*this, void *buf
, size_t *buflen
, size_t *msglen
);
270 * Check if TLS stack is acting as a server.
272 * @return TRUE if server, FALSE if peer
274 bool (*is_server
)(tls_t
*this);
277 * Return the server identity.
279 * @return server identity
281 identification_t
* (*get_server_id
)(tls_t
*this);
284 * Set the peer identity.
286 * @param id peer identity
288 void (*set_peer_id
)(tls_t
*this, identification_t
*id
);
291 * Return the peer identity.
293 * @return peer identity
295 identification_t
* (*get_peer_id
)(tls_t
*this);
298 * Get the maximum and negotiated TLS version.
300 * @return max and negotiated TLS version
302 tls_version_t (*get_version_max
)(tls_t
*this);
305 * Get the minimum TLS version.
307 * @return min TLS version
309 tls_version_t (*get_version_min
)(tls_t
*this);
312 * Set the initial minimum/maximum TLS version, or set both to the same
313 * value once negotiated.
315 * @param min_version minimum (or negotiated) TLS version
316 * @param max_version maximum (or negotiated) TLS version
317 * @return TRUE if version(s) acceptable
319 bool (*set_version
)(tls_t
*this, tls_version_t min_version
,
320 tls_version_t max_version
);
323 * Get the purpose of this TLS stack instance.
325 * @return purpose given during construction
327 tls_purpose_t (*get_purpose
)(tls_t
*this);
330 * Get the flags controlling this TLS stack instance.
332 * @return flags given during construction
334 tls_flag_t (*get_flags
)(tls_t
*this);
337 * Check if TLS negotiation completed successfully.
339 * @return TRUE if TLS negotiation and authentication complete
341 bool (*is_complete
)(tls_t
*this);
344 * Get the MSK for EAP-TLS.
346 * @return MSK, internal data
348 chunk_t (*get_eap_msk
)(tls_t
*this);
351 * Get the authentication details after completing the handshake.
353 * @return authentication details, internal data
355 auth_cfg_t
* (*get_auth
)(tls_t
*this);
360 void (*destroy
)(tls_t
*this);
364 * Dummy libtls initialization function needed for integrity test
366 void libtls_init(void);
369 * Create a tls instance.
371 * @param is_server TRUE to act as server, FALSE for client
372 * @param server server identity
373 * @param peer peer identity, NULL for no client authentication
374 * @param purpose purpose this TLS stack instance is used for
375 * @param application higher layer application or NULL if none
376 * @param cache session cache to use, or NULL
377 * @param flags flags that control the behavior of the TLS stack
380 tls_t
*tls_create(bool is_server
, identification_t
*server
,
381 identification_t
*peer
, tls_purpose_t purpose
,
382 tls_application_t
*application
, tls_cache_t
*cache
,
385 #endif /** TLS_H_ @}*/