src/crypto/tls.h

   1 /*
   2  * SSL/TLS interface definition
   3  * Copyright (c) 2004-2009, Jouni Malinen <j@w1.fi>
   4  *
   5  * This program is free software; you can redistribute it and/or modify
   6  * it under the terms of the GNU General Public License version 2 as
   7  * published by the Free Software Foundation.
   8  *
   9  * Alternatively, this software may be distributed under the terms of BSD
  10  * license.
  11  *
  12  * See README and COPYING for more details.
  13  */
  14
  15 #ifndef TLS_H
  16 #define TLS_H
  17
  18 struct tls_connection;
  19
  20 struct tls_keys {
  21         const u8 *master_key; /* TLS master secret */
  22         size_t master_key_len;
  23         const u8 *client_random;
  24         size_t client_random_len;
  25         const u8 *server_random;
  26         size_t server_random_len;
  27         const u8 *inner_secret; /* TLS/IA inner secret */
  28         size_t inner_secret_len;
  29 };
  30
  31 struct tls_config {
  32         const char *opensc_engine_path;
  33         const char *pkcs11_engine_path;
  34         const char *pkcs11_module_path;
  35         int fips_mode;
  36 };
  37
  38 #define TLS_CONN_ALLOW_SIGN_RSA_MD5 BIT(0)
  39 #define TLS_CONN_DISABLE_TIME_CHECKS BIT(1)
  40
  41 /**
  42  * struct tls_connection_params - Parameters for TLS connection
  43  * @ca_cert: File or reference name for CA X.509 certificate in PEM or DER
  44  * format
  45  * @ca_cert_blob: ca_cert as inlined data or %NULL if not used
  46  * @ca_cert_blob_len: ca_cert_blob length
  47  * @ca_path: Path to CA certificates (OpenSSL specific)
  48  * @subject_match: String to match in the subject of the peer certificate or
  49  * %NULL to allow all subjects
  50  * @altsubject_match: String to match in the alternative subject of the peer
  51  * certificate or %NULL to allow all alternative subjects
  52  * @client_cert: File or reference name for client X.509 certificate in PEM or
  53  * DER format
  54  * @client_cert_blob: client_cert as inlined data or %NULL if not used
  55  * @client_cert_blob_len: client_cert_blob length
  56  * @private_key: File or reference name for client private key in PEM or DER
  57  * format (traditional format (RSA PRIVATE KEY) or PKCS#8 (PRIVATE KEY)
  58  * @private_key_blob: private_key as inlined data or %NULL if not used
  59  * @private_key_blob_len: private_key_blob length
  60  * @private_key_passwd: Passphrase for decrypted private key, %NULL if no
  61  * passphrase is used.
  62  * @dh_file: File name for DH/DSA data in PEM format, or %NULL if not used
  63  * @dh_blob: dh_file as inlined data or %NULL if not used
  64  * @dh_blob_len: dh_blob length
  65  * @engine: 1 = use engine (e.g., a smartcard) for private key operations
  66  * (this is OpenSSL specific for now)
  67  * @engine_id: engine id string (this is OpenSSL specific for now)
  68  * @ppin: pointer to the pin variable in the configuration
  69  * (this is OpenSSL specific for now)
  70  * @key_id: the private key's id when using engine (this is OpenSSL
  71  * specific for now)
  72  * @cert_id: the certificate's id when using engine
  73  * @ca_cert_id: the CA certificate's id when using engine
  74  * @tls_ia: Whether to enable TLS/IA (for EAP-TTLSv1)
  75  * @flags: Parameter options (TLS_CONN_*)
  76  *
  77  * TLS connection parameters to be configured with tls_connection_set_params()
  78  * and tls_global_set_params().
  79  *
  80  * Certificates and private key can be configured either as a reference name
  81  * (file path or reference to certificate store) or by providing the same data
  82  * as a pointer to the data in memory. Only one option will be used for each
  83  * field.
  84  */
  85 struct tls_connection_params {
  86         const char *ca_cert;
  87         const u8 *ca_cert_blob;
  88         size_t ca_cert_blob_len;
  89         const char *ca_path;
  90         const char *subject_match;
  91         const char *altsubject_match;
  92         const char *client_cert;
  93         const u8 *client_cert_blob;
  94         size_t client_cert_blob_len;
  95         const char *private_key;
  96         const u8 *private_key_blob;
  97         size_t private_key_blob_len;
  98         const char *private_key_passwd;
  99         const char *dh_file;
 100         const u8 *dh_blob;
 101         size_t dh_blob_len;
 102         int tls_ia;
 103
 104         /* OpenSSL specific variables */
 105         int engine;
 106         const char *engine_id;
 107         const char *pin;
 108         const char *key_id;
 109         const char *cert_id;
 110         const char *ca_cert_id;
 111
 112         unsigned int flags;
 113 };
 114
 115
 116 /**
 117  * tls_init - Initialize TLS library
 118  * @conf: Configuration data for TLS library
 119  * Returns: Context data to be used as tls_ctx in calls to other functions,
 120  * or %NULL on failure.
 121  *
 122  * Called once during program startup and once for each RSN pre-authentication
 123  * session. In other words, there can be two concurrent TLS contexts. If global
 124  * library initialization is needed (i.e., one that is shared between both
 125  * authentication types), the TLS library wrapper should maintain a reference
 126  * counter and do global initialization only when moving from 0 to 1 reference.
 127  */
 128 void * tls_init(const struct tls_config *conf);
 129
 130 /**
 131  * tls_deinit - Deinitialize TLS library
 132  * @tls_ctx: TLS context data from tls_init()
 133  *
 134  * Called once during program shutdown and once for each RSN pre-authentication
 135  * session. If global library deinitialization is needed (i.e., one that is
 136  * shared between both authentication types), the TLS library wrapper should
 137  * maintain a reference counter and do global deinitialization only when moving
 138  * from 1 to 0 references.
 139  */
 140 void tls_deinit(void *tls_ctx);
 141
 142 /**
 143  * tls_get_errors - Process pending errors
 144  * @tls_ctx: TLS context data from tls_init()
 145  * Returns: Number of found error, 0 if no errors detected.
 146  *
 147  * Process all pending TLS errors.
 148  */
 149 int tls_get_errors(void *tls_ctx);
 150
 151 /**
 152  * tls_connection_init - Initialize a new TLS connection
 153  * @tls_ctx: TLS context data from tls_init()
 154  * Returns: Connection context data, conn for other function calls
 155  */
 156 struct tls_connection * tls_connection_init(void *tls_ctx);
 157
 158 /**
 159  * tls_connection_deinit - Free TLS connection data
 160  * @tls_ctx: TLS context data from tls_init()
 161  * @conn: Connection context data from tls_connection_init()
 162  *
 163  * Release all resources allocated for TLS connection.
 164  */
 165 void tls_connection_deinit(void *tls_ctx, struct tls_connection *conn);
 166
 167 /**
 168  * tls_connection_established - Has the TLS connection been completed?
 169  * @tls_ctx: TLS context data from tls_init()
 170  * @conn: Connection context data from tls_connection_init()
 171  * Returns: 1 if TLS connection has been completed, 0 if not.
 172  */
 173 int tls_connection_established(void *tls_ctx, struct tls_connection *conn);
 174
 175 /**
 176  * tls_connection_shutdown - Shutdown TLS connection
 177  * @tls_ctx: TLS context data from tls_init()
 178  * @conn: Connection context data from tls_connection_init()
 179  * Returns: 0 on success, -1 on failure
 180  *
 181  * Shutdown current TLS connection without releasing all resources. New
 182  * connection can be started by using the same conn without having to call
 183  * tls_connection_init() or setting certificates etc. again. The new
 184  * connection should try to use session resumption.
 185  */
 186 int tls_connection_shutdown(void *tls_ctx, struct tls_connection *conn);
 187
 188 enum {
 189         TLS_SET_PARAMS_ENGINE_PRV_VERIFY_FAILED = -3,
 190         TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED = -2
 191 };
 192
 193 /**
 194  * tls_connection_set_params - Set TLS connection parameters
 195  * @tls_ctx: TLS context data from tls_init()
 196  * @conn: Connection context data from tls_connection_init()
 197  * @params: Connection parameters
 198  * Returns: 0 on success, -1 on failure,
 199  * TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED (-2) on possible PIN error causing
 200  * PKCS#11 engine failure, or
 201  * TLS_SET_PARAMS_ENGINE_PRV_VERIFY_FAILED (-3) on failure to verify the
 202  * PKCS#11 engine private key.
 203  */
 204 int __must_check
 205 tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
 206                           const struct tls_connection_params *params);
 207
 208 /**
 209  * tls_global_set_params - Set TLS parameters for all TLS connection
 210  * @tls_ctx: TLS context data from tls_init()
 211  * @params: Global TLS parameters
 212  * Returns: 0 on success, -1 on failure,
 213  * TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED (-2) on possible PIN error causing
 214  * PKCS#11 engine failure, or
 215  * TLS_SET_PARAMS_ENGINE_PRV_VERIFY_FAILED (-3) on failure to verify the
 216  * PKCS#11 engine private key.
 217  */
 218 int __must_check tls_global_set_params(
 219         void *tls_ctx, const struct tls_connection_params *params);
 220
 221 /**
 222  * tls_global_set_verify - Set global certificate verification options
 223  * @tls_ctx: TLS context data from tls_init()
 224  * @check_crl: 0 = do not verify CRLs, 1 = verify CRL for the user certificate,
 225  * 2 = verify CRL for all certificates
 226  * Returns: 0 on success, -1 on failure
 227  */
 228 int __must_check tls_global_set_verify(void *tls_ctx, int check_crl);
 229
 230 /**
 231  * tls_connection_set_verify - Set certificate verification options
 232  * @tls_ctx: TLS context data from tls_init()
 233  * @conn: Connection context data from tls_connection_init()
 234  * @verify_peer: 1 = verify peer certificate
 235  * Returns: 0 on success, -1 on failure
 236  */
 237 int __must_check tls_connection_set_verify(void *tls_ctx,
 238                                            struct tls_connection *conn,
 239                                            int verify_peer);
 240
 241 /**
 242  * tls_connection_set_ia - Set TLS/IA parameters
 243  * @tls_ctx: TLS context data from tls_init()
 244  * @conn: Connection context data from tls_connection_init()
 245  * @tls_ia: 1 = enable TLS/IA
 246  * Returns: 0 on success, -1 on failure
 247  *
 248  * This function is used to configure TLS/IA in server mode where
 249  * tls_connection_set_params() is not used.
 250  */
 251 int __must_check tls_connection_set_ia(void *tls_ctx,
 252                                        struct tls_connection *conn,
 253                                        int tls_ia);
 254
 255 /**
 256  * tls_connection_get_keys - Get master key and random data from TLS connection
 257  * @tls_ctx: TLS context data from tls_init()
 258  * @conn: Connection context data from tls_connection_init()
 259  * @keys: Structure of key/random data (filled on success)
 260  * Returns: 0 on success, -1 on failure
 261  */
 262 int __must_check tls_connection_get_keys(void *tls_ctx,
 263                                          struct tls_connection *conn,
 264                                          struct tls_keys *keys);
 265
 266 /**
 267  * tls_connection_prf - Use TLS-PRF to derive keying material
 268  * @tls_ctx: TLS context data from tls_init()
 269  * @conn: Connection context data from tls_connection_init()
 270  * @label: Label (e.g., description of the key) for PRF
 271  * @server_random_first: seed is 0 = client_random|server_random,
 272  * 1 = server_random|client_random
 273  * @out: Buffer for output data from TLS-PRF
 274  * @out_len: Length of the output buffer
 275  * Returns: 0 on success, -1 on failure
 276  *
 277  * This function is optional to implement if tls_connection_get_keys() provides
 278  * access to master secret and server/client random values. If these values are
 279  * not exported from the TLS library, tls_connection_prf() is required so that
 280  * further keying material can be derived from the master secret. If not
 281  * implemented, the function will still need to be defined, but it can just
 282  * return -1. Example implementation of this function is in tls_prf() function
 283  * when it is called with seed set to client_random|server_random (or
 284  * server_random|client_random).
 285  */
 286 int __must_check  tls_connection_prf(void *tls_ctx,
 287                                      struct tls_connection *conn,
 288                                      const char *label,
 289                                      int server_random_first,
 290                                      u8 *out, size_t out_len);
 291
 292 /**
 293  * tls_connection_handshake - Process TLS handshake (client side)
 294  * @tls_ctx: TLS context data from tls_init()
 295  * @conn: Connection context data from tls_connection_init()
 296  * @in_data: Input data from TLS server
 297  * @appl_data: Pointer to application data pointer, or %NULL if dropped
 298  * Returns: Output data, %NULL on failure
 299  *
 300  * The caller is responsible for freeing the returned output data. If the final
 301  * handshake message includes application data, this is decrypted and
 302  * appl_data (if not %NULL) is set to point this data. The caller is
 303  * responsible for freeing appl_data.
 304  *
 305  * This function is used during TLS handshake. The first call is done with
 306  * in_data == %NULL and the library is expected to return ClientHello packet.
 307  * This packet is then send to the server and a response from server is given
 308  * to TLS library by calling this function again with in_data pointing to the
 309  * TLS message from the server.
 310  *
 311  * If the TLS handshake fails, this function may return %NULL. However, if the
 312  * TLS library has a TLS alert to send out, that should be returned as the
 313  * output data. In this case, tls_connection_get_failed() must return failure
 314  * (> 0).
 315  *
 316  * tls_connection_established() should return 1 once the TLS handshake has been
 317  * completed successfully.
 318  */
 319 struct wpabuf * tls_connection_handshake(void *tls_ctx,
 320                                          struct tls_connection *conn,
 321                                          const struct wpabuf *in_data,
 322                                          struct wpabuf **appl_data);
 323
 324 /**
 325  * tls_connection_server_handshake - Process TLS handshake (server side)
 326  * @tls_ctx: TLS context data from tls_init()
 327  * @conn: Connection context data from tls_connection_init()
 328  * @in_data: Input data from TLS peer
 329  * @appl_data: Pointer to application data pointer, or %NULL if dropped
 330  * Returns: Output data, %NULL on failure
 331  *
 332  * The caller is responsible for freeing the returned output data.
 333  */
 334 struct wpabuf * tls_connection_server_handshake(void *tls_ctx,
 335                                                 struct tls_connection *conn,
 336                                                 const struct wpabuf *in_data,
 337                                                 struct wpabuf **appl_data);
 338
 339 /**
 340  * tls_connection_encrypt - Encrypt data into TLS tunnel
 341  * @tls_ctx: TLS context data from tls_init()
 342  * @conn: Connection context data from tls_connection_init()
 343  * @in_data: Plaintext data to be encrypted
 344  * Returns: Encrypted TLS data or %NULL on failure
 345  *
 346  * This function is used after TLS handshake has been completed successfully to
 347  * send data in the encrypted tunnel. The caller is responsible for freeing the
 348  * returned output data.
 349  */
 350 struct wpabuf * tls_connection_encrypt(void *tls_ctx,
 351                                        struct tls_connection *conn,
 352                                        const struct wpabuf *in_data);
 353
 354 /**
 355  * tls_connection_decrypt - Decrypt data from TLS tunnel
 356  * @tls_ctx: TLS context data from tls_init()
 357  * @conn: Connection context data from tls_connection_init()
 358  * @in_data: Encrypted TLS data
 359  * Returns: Decrypted TLS data or %NULL on failure
 360  *
 361  * This function is used after TLS handshake has been completed successfully to
 362  * receive data from the encrypted tunnel. The caller is responsible for
 363  * freeing the returned output data.
 364  */
 365 struct wpabuf * tls_connection_decrypt(void *tls_ctx,
 366                                        struct tls_connection *conn,
 367                                        const struct wpabuf *in_data);
 368
 369 /**
 370  * tls_connection_resumed - Was session resumption used
 371  * @tls_ctx: TLS context data from tls_init()
 372  * @conn: Connection context data from tls_connection_init()
 373  * Returns: 1 if current session used session resumption, 0 if not
 374  */
 375 int tls_connection_resumed(void *tls_ctx, struct tls_connection *conn);
 376
 377 enum {
 378         TLS_CIPHER_NONE,
 379         TLS_CIPHER_RC4_SHA /* 0x0005 */,
 380         TLS_CIPHER_AES128_SHA /* 0x002f */,
 381         TLS_CIPHER_RSA_DHE_AES128_SHA /* 0x0031 */,
 382         TLS_CIPHER_ANON_DH_AES128_SHA /* 0x0034 */
 383 };
 384
 385 /**
 386  * tls_connection_set_cipher_list - Configure acceptable cipher suites
 387  * @tls_ctx: TLS context data from tls_init()
 388  * @conn: Connection context data from tls_connection_init()
 389  * @ciphers: Zero (TLS_CIPHER_NONE) terminated list of allowed ciphers
 390  * (TLS_CIPHER_*).
 391  * Returns: 0 on success, -1 on failure
 392  */
 393 int __must_check tls_connection_set_cipher_list(void *tls_ctx,
 394                                                 struct tls_connection *conn,
 395                                                 u8 *ciphers);
 396
 397 /**
 398  * tls_get_cipher - Get current cipher name
 399  * @tls_ctx: TLS context data from tls_init()
 400  * @conn: Connection context data from tls_connection_init()
 401  * @buf: Buffer for the cipher name
 402  * @buflen: buf size
 403  * Returns: 0 on success, -1 on failure
 404  *
 405  * Get the name of the currently used cipher.
 406  */
 407 int __must_check tls_get_cipher(void *tls_ctx, struct tls_connection *conn,
 408                                 char *buf, size_t buflen);
 409
 410 /**
 411  * tls_connection_enable_workaround - Enable TLS workaround options
 412  * @tls_ctx: TLS context data from tls_init()
 413  * @conn: Connection context data from tls_connection_init()
 414  * Returns: 0 on success, -1 on failure
 415  *
 416  * This function is used to enable connection-specific workaround options for
 417  * buffer SSL/TLS implementations.
 418  */
 419 int __must_check tls_connection_enable_workaround(void *tls_ctx,
 420                                                   struct tls_connection *conn);
 421
 422 /**
 423  * tls_connection_client_hello_ext - Set TLS extension for ClientHello
 424  * @tls_ctx: TLS context data from tls_init()
 425  * @conn: Connection context data from tls_connection_init()
 426  * @ext_type: Extension type
 427  * @data: Extension payload (%NULL to remove extension)
 428  * @data_len: Extension payload length
 429  * Returns: 0 on success, -1 on failure
 430  */
 431 int __must_check tls_connection_client_hello_ext(void *tls_ctx,
 432                                                  struct tls_connection *conn,
 433                                                  int ext_type, const u8 *data,
 434                                                  size_t data_len);
 435
 436 /**
 437  * tls_connection_get_failed - Get connection failure status
 438  * @tls_ctx: TLS context data from tls_init()
 439  * @conn: Connection context data from tls_connection_init()
 440  *
 441  * Returns >0 if connection has failed, 0 if not.
 442  */
 443 int tls_connection_get_failed(void *tls_ctx, struct tls_connection *conn);
 444
 445 /**
 446  * tls_connection_get_read_alerts - Get connection read alert status
 447  * @tls_ctx: TLS context data from tls_init()
 448  * @conn: Connection context data from tls_connection_init()
 449  * Returns: Number of times a fatal read (remote end reported error) has
 450  * happened during this connection.
 451  */
 452 int tls_connection_get_read_alerts(void *tls_ctx, struct tls_connection *conn);
 453
 454 /**
 455  * tls_connection_get_write_alerts - Get connection write alert status
 456  * @tls_ctx: TLS context data from tls_init()
 457  * @conn: Connection context data from tls_connection_init()
 458  * Returns: Number of times a fatal write (locally detected error) has happened
 459  * during this connection.
 460  */
 461 int tls_connection_get_write_alerts(void *tls_ctx,
 462                                     struct tls_connection *conn);
 463
 464 /**
 465  * tls_connection_get_keyblock_size - Get TLS key_block size
 466  * @tls_ctx: TLS context data from tls_init()
 467  * @conn: Connection context data from tls_connection_init()
 468  * Returns: Size of the key_block for the negotiated cipher suite or -1 on
 469  * failure
 470  */
 471 int tls_connection_get_keyblock_size(void *tls_ctx,
 472                                      struct tls_connection *conn);
 473
 474 #define TLS_CAPABILITY_IA 0x0001 /* TLS Inner Application (TLS/IA) */
 475 /**
 476  * tls_capabilities - Get supported TLS capabilities
 477  * @tls_ctx: TLS context data from tls_init()
 478  * Returns: Bit field of supported TLS capabilities (TLS_CAPABILITY_*)
 479  */
 480 unsigned int tls_capabilities(void *tls_ctx);
 481
 482 /**
 483  * tls_connection_ia_send_phase_finished - Send a TLS/IA PhaseFinished message
 484  * @tls_ctx: TLS context data from tls_init()
 485  * @conn: Connection context data from tls_connection_init()
 486  * @final: 1 = FinalPhaseFinished, 0 = IntermediatePhaseFinished
 487  * @out_data: Pointer to output buffer (encrypted TLS/IA data)
 488  * @out_len: Maximum out_data length
 489  * Returns: Number of bytes written to out_data on success, -1 on failure
 490  *
 491  * This function is used to send the TLS/IA end phase message, e.g., when the
 492  * EAP server completes EAP-TTLSv1.
 493  */
 494 int __must_check tls_connection_ia_send_phase_finished(
 495         void *tls_ctx, struct tls_connection *conn, int final,
 496         u8 *out_data, size_t out_len);
 497
 498 /**
 499  * tls_connection_ia_final_phase_finished - Has final phase been completed
 500  * @tls_ctx: TLS context data from tls_init()
 501  * @conn: Connection context data from tls_connection_init()
 502  * Returns: 1 if valid FinalPhaseFinished has been received, 0 if not, or -1
 503  * on failure
 504  */
 505 int __must_check tls_connection_ia_final_phase_finished(
 506         void *tls_ctx, struct tls_connection *conn);
 507
 508 /**
 509  * tls_connection_ia_permute_inner_secret - Permute TLS/IA inner secret
 510  * @tls_ctx: TLS context data from tls_init()
 511  * @conn: Connection context data from tls_connection_init()
 512  * @key: Session key material (session_key vectors with 2-octet length), or
 513  * %NULL if no session key was generating in the current phase
 514  * @key_len: Length of session key material
 515  * Returns: 0 on success, -1 on failure
 516  */
 517 int __must_check tls_connection_ia_permute_inner_secret(
 518         void *tls_ctx, struct tls_connection *conn,
 519         const u8 *key, size_t key_len);
 520
 521 typedef int (*tls_session_ticket_cb)
 522 (void *ctx, const u8 *ticket, size_t len, const u8 *client_random,
 523  const u8 *server_random, u8 *master_secret);
 524
 525 int __must_check  tls_connection_set_session_ticket_cb(
 526         void *tls_ctx, struct tls_connection *conn,
 527         tls_session_ticket_cb cb, void *ctx);
 528
 529 #endif /* TLS_H */