2 * Copyright (C) 2020 Tobias Brunner
3 * Copyright (C) 2020-2021 Pascal Knecht
4 * Copyright (C) 2020 Méline Sieber
5 * Copyright (C) 2010 Martin Willi
7 * Copyright (C) secunet Security Networks AG
9 * This program is free software; you can redistribute it and/or modify it
10 * under the terms of the GNU General Public License as published by the
11 * Free Software Foundation; either version 2 of the License, or (at your
12 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
14 * This program is distributed in the hope that it will be useful, but
15 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
16 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
21 * @defgroup tls_crypto tls_crypto
28 typedef struct tls_crypto_t tls_crypto_t
;
29 typedef enum tls_cipher_suite_t tls_cipher_suite_t
;
30 typedef enum tls_hash_algorithm_t tls_hash_algorithm_t
;
31 typedef enum tls_signature_scheme_t tls_signature_scheme_t
;
32 typedef enum tls_client_certificate_type_t tls_client_certificate_type_t
;
33 typedef enum tls_ecc_curve_type_t tls_ecc_curve_type_t
;
34 typedef enum tls_named_group_t tls_named_group_t
;
35 typedef enum tls_ansi_point_format_t tls_ansi_point_format_t
;
36 typedef enum tls_ec_point_format_t tls_ec_point_format_t
;
40 #include "tls_protection.h"
44 #include <credentials/keys/private_key.h>
49 enum tls_cipher_suite_t
{
50 TLS_NULL_WITH_NULL_NULL
= 0x0000,
51 TLS_RSA_WITH_NULL_MD5
= 0x0001,
52 TLS_RSA_WITH_NULL_SHA
= 0x0002,
53 TLS_RSA_EXPORT_WITH_RC4_40_MD5
= 0x0003,
54 TLS_RSA_WITH_RC4_128_MD5
= 0x0004,
55 TLS_RSA_WITH_RC4_128_SHA
= 0x0005,
56 TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
= 0x0006,
57 TLS_RSA_WITH_IDEA_CBC_SHA
= 0x0007,
58 TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
= 0x0008,
59 TLS_RSA_WITH_DES_CBC_SHA
= 0x0009,
60 TLS_RSA_WITH_3DES_EDE_CBC_SHA
= 0x000A,
61 TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA
= 0x000B,
62 TLS_DH_DSS_WITH_DES_CBC_SHA
= 0x000C,
63 TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA
= 0x000D,
64 TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA
= 0x000E,
65 TLS_DH_RSA_WITH_DES_CBC_SHA
= 0x000F,
66 TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA
= 0x0010,
67 TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
= 0x0011,
68 TLS_DHE_DSS_WITH_DES_CBC_SHA
= 0x0012,
69 TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
= 0x0013,
70 TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
= 0x0014,
71 TLS_DHE_RSA_WITH_DES_CBC_SHA
= 0x0015,
72 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
= 0x0016,
73 TLS_DH_anon_EXPORT_WITH_RC4_40_MD5
= 0x0017,
74 TLS_DH_anon_WITH_RC4_128_MD5
= 0x0018,
75 TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA
= 0x0019,
76 TLS_DH_anon_WITH_DES_CBC_SHA
= 0x001A,
77 TLS_DH_anon_WITH_3DES_EDE_CBC_SHA
= 0x001B,
79 TLS_KRB5_WITH_DES_CBC_SHA
= 0x001E,
80 TLS_KRB5_WITH_3DES_EDE_CBC_SHA
= 0x001F,
81 TLS_KRB5_WITH_RC4_128_SHA
= 0x0020,
82 TLS_KRB5_WITH_IDEA_CBC_SHA
= 0x0021,
83 TLS_KRB5_WITH_DES_CBC_MD5
= 0x0022,
84 TLS_KRB5_WITH_3DES_EDE_CBC_MD5
= 0x0023,
85 TLS_KRB5_WITH_RC4_128_MD5
= 0x0024,
86 TLS_KRB5_WITH_IDEA_CBC_MD5
= 0x0025,
87 TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA
= 0x0026,
88 TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA
= 0x0027,
89 TLS_KRB5_EXPORT_WITH_RC4_40_SHA
= 0x0028,
90 TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5
= 0x0029,
91 TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5
= 0x002A,
92 TLS_KRB5_EXPORT_WITH_RC4_40_MD5
= 0x002B,
93 TLS_PSK_WITH_NULL_SHA
= 0x002C,
94 TLS_DHE_PSK_WITH_NULL_SHA
= 0x002D,
95 TLS_RSA_PSK_WITH_NULL_SHA
= 0x002E,
96 TLS_RSA_WITH_AES_128_CBC_SHA
= 0x002F,
97 TLS_DH_DSS_WITH_AES_128_CBC_SHA
= 0x0030,
98 TLS_DH_RSA_WITH_AES_128_CBC_SHA
= 0x0031,
99 TLS_DHE_DSS_WITH_AES_128_CBC_SHA
= 0x0032,
100 TLS_DHE_RSA_WITH_AES_128_CBC_SHA
= 0x0033,
101 TLS_DH_anon_WITH_AES_128_CBC_SHA
= 0x0034,
102 TLS_RSA_WITH_AES_256_CBC_SHA
= 0x0035,
103 TLS_DH_DSS_WITH_AES_256_CBC_SHA
= 0x0036,
104 TLS_DH_RSA_WITH_AES_256_CBC_SHA
= 0x0037,
105 TLS_DHE_DSS_WITH_AES_256_CBC_SHA
= 0x0038,
106 TLS_DHE_RSA_WITH_AES_256_CBC_SHA
= 0x0039,
107 TLS_DH_anon_WITH_AES_256_CBC_SHA
= 0x003A,
108 TLS_RSA_WITH_NULL_SHA256
= 0x003B,
109 TLS_RSA_WITH_AES_128_CBC_SHA256
= 0x003C,
110 TLS_RSA_WITH_AES_256_CBC_SHA256
= 0x003D,
111 TLS_DH_DSS_WITH_AES_128_CBC_SHA256
= 0x003E,
112 TLS_DH_RSA_WITH_AES_128_CBC_SHA256
= 0x003F,
113 TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
= 0x0040,
114 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
= 0x0041,
115 TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA
= 0x0042,
116 TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA
= 0x0043,
117 TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA
= 0x0044,
118 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
= 0x0045,
119 TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA
= 0x0046,
121 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
= 0x0067,
122 TLS_DH_DSS_WITH_AES_256_CBC_SHA256
= 0x0068,
123 TLS_DH_RSA_WITH_AES_256_CBC_SHA256
= 0x0069,
124 TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
= 0x006A,
125 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
= 0x006B,
126 TLS_DH_anon_WITH_AES_128_CBC_SHA256
= 0x006C,
127 TLS_DH_anon_WITH_AES_256_CBC_SHA256
= 0x006D,
129 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
= 0x0084,
130 TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA
= 0x0085,
131 TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA
= 0x0086,
132 TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA
= 0x0087,
133 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
= 0x0088,
134 TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA
= 0x0089,
135 TLS_PSK_WITH_RC4_128_SHA
= 0x008A,
136 TLS_PSK_WITH_3DES_EDE_CBC_SHA
= 0x008B,
137 TLS_PSK_WITH_AES_128_CBC_SHA
= 0x008C,
138 TLS_PSK_WITH_AES_256_CBC_SHA
= 0x008D,
139 TLS_DHE_PSK_WITH_RC4_128_SHA
= 0x008E,
140 TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
= 0x008F,
141 TLS_DHE_PSK_WITH_AES_128_CBC_SHA
= 0x0090,
142 TLS_DHE_PSK_WITH_AES_256_CBC_SHA
= 0x0091,
143 TLS_RSA_PSK_WITH_RC4_128_SHA
= 0x0092,
144 TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
= 0x0093,
145 TLS_RSA_PSK_WITH_AES_128_CBC_SHA
= 0x0094,
146 TLS_RSA_PSK_WITH_AES_256_CBC_SHA
= 0x0095,
147 TLS_RSA_WITH_SEED_CBC_SHA
= 0x0096,
148 TLS_DH_DSS_WITH_SEED_CBC_SHA
= 0x0097,
149 TLS_DH_RSA_WITH_SEED_CBC_SHA
= 0x0098,
150 TLS_DHE_DSS_WITH_SEED_CBC_SHA
= 0x0099,
151 TLS_DHE_RSA_WITH_SEED_CBC_SHA
= 0x009A,
152 TLS_DH_anon_WITH_SEED_CBC_SHA
= 0x009B,
153 TLS_RSA_WITH_AES_128_GCM_SHA256
= 0x009C,
154 TLS_RSA_WITH_AES_256_GCM_SHA384
= 0x009D,
155 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
= 0x009E,
156 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
= 0x009F,
157 TLS_DH_RSA_WITH_AES_128_GCM_SHA256
= 0x00A0,
158 TLS_DH_RSA_WITH_AES_256_GCM_SHA384
= 0x00A1,
159 TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
= 0x00A2,
160 TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
= 0x00A3,
161 TLS_DH_DSS_WITH_AES_128_GCM_SHA256
= 0x00A4,
162 TLS_DH_DSS_WITH_AES_256_GCM_SHA384
= 0x00A5,
163 TLS_DH_anon_WITH_AES_128_GCM_SHA256
= 0x00A6,
164 TLS_DH_anon_WITH_AES_256_GCM_SHA384
= 0x00A7,
165 TLS_PSK_WITH_AES_128_GCM_SHA256
= 0x00A8,
166 TLS_PSK_WITH_AES_256_GCM_SHA384
= 0x00A9,
167 TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
= 0x00AA,
168 TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
= 0x00AB,
169 TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
= 0x00AC,
170 TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
= 0x00AD,
171 TLS_PSK_WITH_AES_128_CBC_SHA256
= 0x00AE,
172 TLS_PSK_WITH_AES_256_CBC_SHA384
= 0x00AF,
173 TLS_PSK_WITH_NULL_SHA256
= 0x00B0,
174 TLS_PSK_WITH_NULL_SHA384
= 0x00B1,
175 TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
= 0x00B2,
176 TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
= 0x00B3,
177 TLS_DHE_PSK_WITH_NULL_SHA256
= 0x00B4,
178 TLS_DHE_PSK_WITH_NULL_SHA384
= 0x00B5,
179 TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
= 0x00B6,
180 TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
= 0x00B7,
181 TLS_RSA_PSK_WITH_NULL_SHA256
= 0x00B8,
182 TLS_RSA_PSK_WITH_NULL_SHA384
= 0x00B9,
183 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
= 0x00BA,
184 TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256
= 0x00BB,
185 TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256
= 0x00BC,
186 TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256
= 0x00BD,
187 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
= 0x00BE,
188 TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256
= 0x00BF,
189 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
= 0x00C0,
190 TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256
= 0x00C1,
191 TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256
= 0x00C2,
192 TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256
= 0x00C3,
193 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
= 0x00C4,
194 TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256
= 0x00C5,
196 TLS_EMPTY_RENEGOTIATION_INFO_SCSV
= 0x00FF,
198 TLS_AES_128_GCM_SHA256
= 0x1301,
199 TLS_AES_256_GCM_SHA384
= 0x1302,
200 TLS_CHACHA20_POLY1305_SHA256
= 0x1303,
201 TLS_AES_128_CCM_SHA256
= 0x1304,
202 TLS_AES_128_CCM_8_SHA256
= 0x1305,
204 TLS_ECDH_ECDSA_WITH_NULL_SHA
= 0xC001,
205 TLS_ECDH_ECDSA_WITH_RC4_128_SHA
= 0xC002,
206 TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
= 0xC003,
207 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
= 0xC004,
208 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
= 0xC005,
209 TLS_ECDHE_ECDSA_WITH_NULL_SHA
= 0xC006,
210 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
= 0xC007,
211 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
= 0xC008,
212 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
= 0xC009,
213 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
= 0xC00A,
214 TLS_ECDH_RSA_WITH_NULL_SHA
= 0xC00B,
215 TLS_ECDH_RSA_WITH_RC4_128_SHA
= 0xC00C,
216 TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
= 0xC00D,
217 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
= 0xC00E,
218 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
= 0xC00F,
219 TLS_ECDHE_RSA_WITH_NULL_SHA
= 0xC010,
220 TLS_ECDHE_RSA_WITH_RC4_128_SHA
= 0xC011,
221 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
= 0xC012,
222 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
= 0xC013,
223 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
= 0xC014,
224 TLS_ECDH_anon_WITH_NULL_SHA
= 0xC015,
225 TLS_ECDH_anon_WITH_RC4_128_SHA
= 0xC016,
226 TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA
= 0xC017,
227 TLS_ECDH_anon_WITH_AES_128_CBC_SHA
= 0xC018,
228 TLS_ECDH_anon_WITH_AES_256_CBC_SHA
= 0xC019,
229 TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA
= 0xC01A,
230 TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA
= 0xC01B,
231 TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA
= 0xC01C,
232 TLS_SRP_SHA_WITH_AES_128_CBC_SHA
= 0xC01D,
233 TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA
= 0xC01E,
234 TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA
= 0xC01F,
235 TLS_SRP_SHA_WITH_AES_256_CBC_SHA
= 0xC020,
236 TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA
= 0xC021,
237 TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA
= 0xC022,
238 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
= 0xC023,
239 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
= 0xC024,
240 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
= 0xC025,
241 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
= 0xC026,
242 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
= 0xC027,
243 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
= 0xC028,
244 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
= 0xC029,
245 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
= 0xC02A,
246 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
= 0xC02B,
247 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
= 0xC02C,
248 TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
= 0xC02D,
249 TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
= 0xC02E,
250 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
= 0xC02F,
251 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
= 0xC030,
252 TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
= 0xC031,
253 TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
= 0xC032,
254 TLS_ECDHE_PSK_WITH_RC4_128_SHA
= 0xC033,
255 TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
= 0xC034,
256 TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
= 0xC035,
257 TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
= 0xC036,
258 TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
= 0xC037,
259 TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
= 0xC038,
260 TLS_ECDHE_PSK_WITH_NULL_SHA
= 0xC039,
261 TLS_ECDHE_PSK_WITH_NULL_SHA256
= 0xC03A,
262 TLS_ECDHE_PSK_WITH_NULL_SHA384
= 0xC03B,
263 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
= 0xCCA8,
264 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
= 0xCCA9,
265 TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
= 0xCCAA,
269 * Enum names for tls_cipher_suite_t
271 extern enum_name_t
*tls_cipher_suite_names
;
274 * TLS HashAlgorithm identifiers
276 enum tls_hash_algorithm_t
{
287 * Enum names for tls_hash_algorithm_t
289 extern enum_name_t
*tls_hash_algorithm_names
;
292 * TLS SignatureScheme identifiers
294 enum tls_signature_scheme_t
{
295 /* legacy schemes compatible with TLS 1.2 (first byte is the hash algorithm,
296 * second the key type) */
297 TLS_SIG_RSA_PKCS1_SHA1
= 0x0201,
298 TLS_SIG_ECDSA_SHA1
= 0x0203,
299 TLS_SIG_RSA_PKCS1_SHA224
= 0x0301,
300 TLS_SIG_DSA_SHA224
= 0x0302,
301 TLS_SIG_ECDSA_SHA224
= 0x0303,
302 TLS_SIG_RSA_PKCS1_SHA256
= 0x0401,
303 TLS_SIG_DSA_SHA256
= 0x0402,
304 TLS_SIG_ECDSA_SHA256
= 0x0403,
305 TLS_SIG_RSA_PKCS1_SHA384
= 0x0501,
306 TLS_SIG_DSA_SHA384
= 0x0502,
307 TLS_SIG_ECDSA_SHA384
= 0x0503,
308 TLS_SIG_RSA_PKCS1_SHA512
= 0x0601,
309 TLS_SIG_DSA_SHA512
= 0x0602,
310 TLS_SIG_ECDSA_SHA512
= 0x0603,
311 /* RSASSA-PSS for public keys with OID rsaEncryption */
312 TLS_SIG_RSA_PSS_RSAE_SHA256
= 0x0804,
313 TLS_SIG_RSA_PSS_RSAE_SHA384
= 0x0805,
314 TLS_SIG_RSA_PSS_RSAE_SHA512
= 0x0806,
316 TLS_SIG_ED25519
= 0x0807,
317 TLS_SIG_ED448
= 0x0808,
318 /* RSASSA-PSS for public keys with OID RSASSA-PSS */
319 TLS_SIG_RSA_PSS_PSS_SHA256
= 0x0809,
320 TLS_SIG_RSA_PSS_PSS_SHA384
= 0x080a,
321 TLS_SIG_RSA_PSS_PSS_SHA512
= 0x080b,
325 * Enum names for tls_signature_scheme_t
327 extern enum_name_t
*tls_signature_scheme_names
;
330 * TLS ClientCertificateType
332 enum tls_client_certificate_type_t
{
335 TLS_RSA_FIXED_DH
= 3,
336 TLS_DSS_FIXED_DH
= 4,
337 TLS_RSA_EPHEMERAL_DH
= 5,
338 TLS_DSS_EPHEMERAL_DH
= 6,
339 TLS_FORTEZZA_DMS
= 20,
341 TLS_RSA_FIXED_ECDH
= 65,
342 TLS_ECDSA_FIXED_ECDH
= 66,
346 * Enum names for tls_client_certificate_type_t
348 extern enum_name_t
*tls_client_certificate_type_names
;
353 enum tls_ecc_curve_type_t
{
354 TLS_ECC_EXPLICIT_PRIME
= 1,
355 TLS_ECC_EXPLICIT_CHAR2
= 2,
356 TLS_ECC_NAMED_CURVE
= 3,
360 * Enum names for tls_ecc_curve_type_t
362 extern enum_name_t
*tls_ecc_curve_type_names
;
365 * TLS Named Curve identifiers
367 enum tls_named_group_t
{
394 /* TLS 1.3: new ecdhe, dhe groups */
405 * Enum names for tls_named_group_t
407 extern enum_name_t
*tls_named_group_names
;
410 * EC Point format, ANSI X9.62.
412 enum tls_ansi_point_format_t
{
413 TLS_ANSI_COMPRESSED
= 2,
414 TLS_ANSI_COMPRESSED_Y
= 3,
415 TLS_ANSI_UNCOMPRESSED
= 4,
417 TLS_ANSI_HYBRID_Y
= 7,
421 * Enum names for tls_ansi_point_format_t.
423 extern enum_name_t
*tls_ansi_point_format_names
;
426 * EC Point format, TLS specific identifiers.
428 enum tls_ec_point_format_t
{
429 TLS_EC_POINT_UNCOMPRESSED
= 0,
430 TLS_EC_POINT_ANSIX962_COMPRESSED_PRIME
= 1,
431 TLS_EC_POINT_ANSIX962_COMPRESSED_CHAR2
= 2,
435 * Enum names for tls_ec_point_format_t.
437 extern enum_name_t
*tls_ec_point_format_names
;
440 * TLS crypto helper functions.
442 struct tls_crypto_t
{
445 * Get a list of supported TLS cipher suites.
447 * @param suites optional list of suites, points to internal data
448 * @return number of suites returned
450 int (*get_cipher_suites
)(tls_crypto_t
*this, tls_cipher_suite_t
**suites
);
453 * Select and store a cipher suite from a given list of candidates.
455 * @param suites list of candidates to select from
456 * @param count number of suites
457 * @param key key type used, or KEY_ANY
458 * @return selected suite, 0 if none acceptable
460 tls_cipher_suite_t (*select_cipher_suite
)(tls_crypto_t
*this,
461 tls_cipher_suite_t
*suites
, int count
,
465 * Get the Diffie-Hellman group to use, if any.
467 * @return Diffie Hellman group, ord MODP_NONE
469 diffie_hellman_group_t (*get_dh_group
)(tls_crypto_t
*this);
472 * Write the list of supported signature schemes, either for certificates
473 * or for CertificateVerify messages, to writer.
475 * @param writer writer to write supported signature schemes
476 * @param cert TRUE to return signature schemes supported in certs
478 void (*get_signature_algorithms
)(tls_crypto_t
*this, bio_writer_t
*writer
,
482 * Create an enumerator over supported ECDH groups.
484 * Enumerates over (diffie_hellman_group_t, tls_named_group_t)
488 enumerator_t
* (*create_ec_enumerator
)(tls_crypto_t
*this);
491 * Set the protection layer of the TLS stack to control it.
493 * @param protection protection layer to work on
495 void (*set_protection
)(tls_crypto_t
*this, tls_protection_t
*protection
);
498 * Store exchanged handshake data, used for cryptographic operations.
500 * @param type handshake sub type
501 * @param data data to append to handshake buffer
503 void (*append_handshake
)(tls_crypto_t
*this,
504 tls_handshake_type_t type
, chunk_t data
);
507 * Hash the stored handshake data and store it. It is optionally returned
508 * so it could be sent in a cookie extension.
510 * @param hash optionally returned hash (allocated)
512 bool (*hash_handshake
)(tls_crypto_t
*this, chunk_t
*hash
);
515 * Sign a blob of data, append signature to writer.
517 * @param key private key to use for signature
518 * @param writer TLS writer to write signature to
519 * @param data data to sign
520 * @param hashsig list of TLS1.2 hash/sig algorithms to select from
521 * @return TRUE if signature create successfully
523 bool (*sign
)(tls_crypto_t
*this, private_key_t
*key
,
524 bio_writer_t
*writer
, chunk_t data
, chunk_t hashsig
);
527 * Verify a blob of data, read signature from a reader.
529 * @param key public key to verify signature with
530 * @param reader TLS reader to read signature from
531 * @param data data to verify signature
532 * @return TRUE if signature valid
534 bool (*verify
)(tls_crypto_t
*this, public_key_t
*key
,
535 bio_reader_t
*reader
, chunk_t data
);
538 * Create a signature of the handshake data using a given private key.
540 * @param key private key to use for signature
541 * @param writer TLS writer to write signature to
542 * @param hashsig list of TLS1.2 hash/sig algorithms to select from
543 * @return TRUE if signature create successfully
545 bool (*sign_handshake
)(tls_crypto_t
*this, private_key_t
*key
,
546 bio_writer_t
*writer
, chunk_t hashsig
);
549 * Verify the signature over handshake data using a given public key.
551 * @param key public key to verify signature with
552 * @param reader TLS reader to read signature from
553 * @return TRUE if signature valid
555 bool (*verify_handshake
)(tls_crypto_t
*this, public_key_t
*key
,
556 bio_reader_t
*reader
);
559 * Calculate the data of a legacy TLS finished message.
561 * @param label ASCII label to use for calculation
562 * @param out buffer to write finished data to
563 * @return TRUE if calculation successful
565 bool (*calculate_finished_legacy
)(tls_crypto_t
*this, char *label
,
569 * Calculate the data of a TLS finished message.
571 * @param server Whether the server or client finish message is calculated
572 * @param out buffer to write finished data to
573 * @return TRUE if calculation successful
575 bool (*calculate_finished
)(tls_crypto_t
*this, bool server
,
579 * Derive the master secret, MAC and encryption keys.
581 * @param premaster premaster secret
582 * @param session session identifier to cache master secret
583 * @param id identity the session is bound to
584 * @param client_random random data from client hello
585 * @param server_random random data from server hello
586 * @return TRUE if secrets derived successfully
588 bool (*derive_secrets
)(tls_crypto_t
*this, chunk_t premaster
,
589 chunk_t session
, identification_t
*id
,
590 chunk_t client_random
, chunk_t server_random
);
593 * Derive the handshake keys.
595 * @param shared_secret input key material
596 * @return TRUE if secret derived successfully
598 bool (*derive_handshake_keys
)(tls_crypto_t
*this, chunk_t shared_secret
);
601 * Derive the application keys.
603 * @return TRUE if secret derived successfully
605 bool (*derive_app_keys
)(tls_crypto_t
*this);
608 * Update the application keys.
610 * @param inbound whether to update the in- or outbound keys
611 * @return TRUE if secret derived successfully
613 bool (*update_app_keys
)(tls_crypto_t
*this, bool inbound
);
616 * Try to resume a TLS session, derive key material.
618 * @param session session identifier
619 * @param id identity the session is bound to
620 * @param client_random random data from client hello
621 * @param server_random random data from server hello
622 * @return selected suite
624 tls_cipher_suite_t (*resume_session
)(tls_crypto_t
*this, chunk_t session
,
625 identification_t
*id
,
626 chunk_t client_random
,
627 chunk_t server_random
);
630 * Check if we have a session to resume as a client.
632 * @param id server identity to get a session for
633 * @return allocated session identifier, or chunk_empty
635 chunk_t (*get_session
)(tls_crypto_t
*this, identification_t
*id
);
638 * Change the cipher used at protection layer.
640 * @param inbound TRUE to change inbound cipher, FALSE for outbound
642 void (*change_cipher
)(tls_crypto_t
*this, bool inbound
);
645 * Get the MSK to use in EAP-TLS.
647 * @return MSK, points to internal data
649 chunk_t (*get_eap_msk
)(tls_crypto_t
*this);
652 * Destroy a tls_crypto_t.
654 void (*destroy
)(tls_crypto_t
*this);
658 * Create a tls_crypto instance.
660 * @param tls TLS stack
661 * @param cache TLS session cache
662 * @return TLS crypto helper
664 tls_crypto_t
*tls_crypto_create(tls_t
*tls
, tls_cache_t
*cache
);
667 * Get a list of all supported TLS cipher suites.
669 * @param null include supported NULL encryption suites
670 * @param version TLS version
671 * @param suites pointer to allocated suites array, to free(), or NULL
672 * @return number of suites supported
674 int tls_crypto_get_supported_suites(bool null
, tls_version_t version
,
675 tls_cipher_suite_t
**suites
);
678 * Get a list of all supported TLS DH groups.
680 * @param groups pointer to allocated DH group array, to free(), or NULL
681 * @return number of curves supported
683 int tls_crypto_get_supported_groups(diffie_hellman_group_t
**groups
);
686 * Get a list of all supported TLS signature schemes.
688 * @param version TLS version
689 * @param schemes pointer to allocated signature array, to free(), or NULL
690 * @return number of signature schemes supported
692 int tls_crypto_get_supported_signatures(tls_version_t version
,
693 tls_signature_scheme_t
**schemes
);
696 * Get the TLS curve of a given EC DH group
698 * @param group diffie hellman group indicator
699 * @return TLS group indicator
701 tls_named_group_t
tls_ec_group_to_curve(diffie_hellman_group_t group
);
704 * Get the key type from a TLS signature scheme
706 * @param sig TLS signature algorithm scheme
707 * @return type of a key
709 key_type_t
tls_signature_scheme_to_key_type(tls_signature_scheme_t sig
);
712 * Find a private key to encrypt/verify key exchange data
714 * @param min_version minimum negotiated TLS version
715 * @param max_version maximum negotiated TLS version
716 * @param hashsig hash and signature algorithms supported by other peer
717 * @param peer this peer identification
718 * @return enumerator over private keys,
719 * NULL in case no common signature scheme
721 enumerator_t
*tls_create_private_key_enumerator(tls_version_t min_version
,
722 tls_version_t max_version
,
724 identification_t
*peer
);
726 #endif /** TLS_CRYPTO_H_ @}*/