__einfo_uniqify ( EINFO_EPROTO, 0x01, \
"Illegal protocol version upgrade" )
-static int tls_send_plaintext ( struct tls_session *tls, unsigned int type,
+static int tls_send_plaintext ( struct tls_connection *tls, unsigned int type,
const void *data, size_t len );
-static void tls_clear_cipher ( struct tls_session *tls,
+static void tls_clear_cipher ( struct tls_connection *tls,
struct tls_cipherspec *cipherspec );
/******************************************************************************
}
/**
- * Determine if TLS session is ready for application data
+ * Determine if TLS connection is ready for application data
*
- * @v tls TLS session
- * @ret is_ready TLS session is ready
+ * @v tls TLS connection
+ * @ret is_ready TLS connection is ready
*/
-static int tls_ready ( struct tls_session *tls ) {
+static int tls_ready ( struct tls_connection *tls ) {
return ( ( ! is_pending ( &tls->client_negotiation ) ) &&
( ! is_pending ( &tls->server_negotiation ) ) );
}
*/
/**
- * Free TLS session
+ * Free TLS connection
*
* @v refcnt Reference counter
*/
static void free_tls ( struct refcnt *refcnt ) {
- struct tls_session *tls =
- container_of ( refcnt, struct tls_session, refcnt );
+ struct tls_connection *tls =
+ container_of ( refcnt, struct tls_connection, refcnt );
struct io_buffer *iobuf;
struct io_buffer *tmp;
}
/**
- * Finish with TLS session
+ * Finish with TLS connection
*
- * @v tls TLS session
+ * @v tls TLS connection
* @v rc Status code
*/
-static void tls_close ( struct tls_session *tls, int rc ) {
+static void tls_close ( struct tls_connection *tls, int rc ) {
/* Remove pending operations, if applicable */
pending_put ( &tls->client_negotiation );
/**
* Generate random data
*
- * @v tls TLS session
+ * @v tls TLS connection
* @v data Buffer to fill
* @v len Length of buffer
* @ret rc Return status code
*/
-static int tls_generate_random ( struct tls_session *tls,
+static int tls_generate_random ( struct tls_connection *tls,
void *data, size_t len ) {
int rc;
/**
* Generate secure pseudo-random data using a single hash function
*
- * @v tls TLS session
+ * @v tls TLS connection
* @v digest Hash function to use
* @v secret Secret
* @v secret_len Length of secret
* @v out_len Length of output buffer
* @v seeds ( data, len ) pairs of seed data, terminated by NULL
*/
-static void tls_p_hash_va ( struct tls_session *tls,
+static void tls_p_hash_va ( struct tls_connection *tls,
struct digest_algorithm *digest,
void *secret, size_t secret_len,
void *out, size_t out_len,
/**
* Generate secure pseudo-random data
*
- * @v tls TLS session
+ * @v tls TLS connection
* @v secret Secret
* @v secret_len Length of secret
* @v out Output buffer
* @v out_len Length of output buffer
* @v ... ( data, len ) pairs of seed data, terminated by NULL
*/
-static void tls_prf ( struct tls_session *tls, void *secret, size_t secret_len,
- void *out, size_t out_len, ... ) {
+static void tls_prf ( struct tls_connection *tls, void *secret,
+ size_t secret_len, void *out, size_t out_len, ... ) {
va_list seeds;
va_list tmp;
size_t subsecret_len;
/**
* Generate master secret
*
- * @v tls TLS session
+ * @v tls TLS connection
*
* The pre-master secret and the client and server random values must
* already be known.
*/
-static void tls_generate_master_secret ( struct tls_session *tls ) {
+static void tls_generate_master_secret ( struct tls_connection *tls ) {
DBGC ( tls, "TLS %p pre-master-secret:\n", tls );
DBGC_HD ( tls, &tls->pre_master_secret,
sizeof ( tls->pre_master_secret ) );
/**
* Generate key material
*
- * @v tls TLS session
+ * @v tls TLS connection
*
* The master secret must already be known.
*/
-static int tls_generate_keys ( struct tls_session *tls ) {
+static int tls_generate_keys ( struct tls_connection *tls ) {
struct tls_cipherspec *tx_cipherspec = &tls->tx_cipherspec_pending;
struct tls_cipherspec *rx_cipherspec = &tls->rx_cipherspec_pending;
size_t hash_size = tx_cipherspec->suite->digest->digestsize;
*
* @v cipherspec TLS cipher specification
*/
-static void tls_clear_cipher ( struct tls_session *tls __unused,
+static void tls_clear_cipher ( struct tls_connection *tls __unused,
struct tls_cipherspec *cipherspec ) {
if ( cipherspec->suite ) {
/**
* Set cipher suite
*
- * @v tls TLS session
+ * @v tls TLS connection
* @v cipherspec TLS cipher specification
* @v suite Cipher suite
* @ret rc Return status code
*/
-static int tls_set_cipher ( struct tls_session *tls,
+static int tls_set_cipher ( struct tls_connection *tls,
struct tls_cipherspec *cipherspec,
struct tls_cipher_suite *suite ) {
struct pubkey_algorithm *pubkey = suite->pubkey;
/**
* Select next cipher suite
*
- * @v tls TLS session
+ * @v tls TLS connection
* @v cipher_suite Cipher suite specification
* @ret rc Return status code
*/
-static int tls_select_cipher ( struct tls_session *tls,
+static int tls_select_cipher ( struct tls_connection *tls,
unsigned int cipher_suite ) {
struct tls_cipher_suite *suite;
int rc;
/**
* Activate next cipher suite
*
- * @v tls TLS session
+ * @v tls TLS connection
* @v pending Pending cipher specification
* @v active Active cipher specification to replace
* @ret rc Return status code
*/
-static int tls_change_cipher ( struct tls_session *tls,
+static int tls_change_cipher ( struct tls_connection *tls,
struct tls_cipherspec *pending,
struct tls_cipherspec *active ) {
/**
* Add handshake record to verification hash
*
- * @v tls TLS session
+ * @v tls TLS connection
* @v data Handshake record
* @v len Length of handshake record
*/
-static void tls_add_handshake ( struct tls_session *tls,
+static void tls_add_handshake ( struct tls_connection *tls,
const void *data, size_t len ) {
digest_update ( &md5_sha1_algorithm, tls->handshake_md5_sha1_ctx,
/**
* Calculate handshake verification hash
*
- * @v tls TLS session
+ * @v tls TLS connection
* @v out Output buffer
*
* Calculates the MD5+SHA1 or SHA256 digest over all handshake
* messages seen so far.
*/
-static void tls_verify_handshake ( struct tls_session *tls, void *out ) {
+static void tls_verify_handshake ( struct tls_connection *tls, void *out ) {
struct digest_algorithm *digest = tls->handshake_digest;
uint8_t ctx[ digest->ctxsize ];
/**
* Restart negotiation
*
- * @v tls TLS session
+ * @v tls TLS connection
*/
-static void tls_restart ( struct tls_session *tls ) {
+static void tls_restart ( struct tls_connection *tls ) {
/* Sanity check */
assert ( ! tls->tx_pending );
/**
* Resume TX state machine
*
- * @v tls TLS session
+ * @v tls TLS connection
*/
-static void tls_tx_resume ( struct tls_session *tls ) {
+static void tls_tx_resume ( struct tls_connection *tls ) {
process_add ( &tls->process );
}
/**
* Transmit Handshake record
*
- * @v tls TLS session
+ * @v tls TLS connection
* @v data Plaintext record
* @v len Length of plaintext record
* @ret rc Return status code
*/
-static int tls_send_handshake ( struct tls_session *tls,
+static int tls_send_handshake ( struct tls_connection *tls,
void *data, size_t len ) {
/* Add to handshake digest */
/**
* Transmit Client Hello record
*
- * @v tls TLS session
+ * @v tls TLS connection
* @ret rc Return status code
*/
-static int tls_send_client_hello ( struct tls_session *tls ) {
+static int tls_send_client_hello ( struct tls_connection *tls ) {
struct {
uint32_t type_length;
uint16_t version;
/**
* Transmit Certificate record
*
- * @v tls TLS session
+ * @v tls TLS connection
* @ret rc Return status code
*/
-static int tls_send_certificate ( struct tls_session *tls ) {
+static int tls_send_certificate ( struct tls_connection *tls ) {
struct {
uint32_t type_length;
tls24_t length;
/**
* Transmit Client Key Exchange record
*
- * @v tls TLS session
+ * @v tls TLS connection
* @ret rc Return status code
*/
-static int tls_send_client_key_exchange ( struct tls_session *tls ) {
+static int tls_send_client_key_exchange ( struct tls_connection *tls ) {
struct tls_cipherspec *cipherspec = &tls->tx_cipherspec_pending;
struct pubkey_algorithm *pubkey = cipherspec->suite->pubkey;
size_t max_len = pubkey_max_len ( pubkey, cipherspec->pubkey_ctx );
/**
* Transmit Certificate Verify record
*
- * @v tls TLS session
+ * @v tls TLS connection
* @ret rc Return status code
*/
-static int tls_send_certificate_verify ( struct tls_session *tls ) {
+static int tls_send_certificate_verify ( struct tls_connection *tls ) {
struct digest_algorithm *digest = tls->handshake_digest;
struct x509_certificate *cert = tls->cert;
struct pubkey_algorithm *pubkey = cert->signature_algorithm->pubkey;
/**
* Transmit Change Cipher record
*
- * @v tls TLS session
+ * @v tls TLS connection
* @ret rc Return status code
*/
-static int tls_send_change_cipher ( struct tls_session *tls ) {
+static int tls_send_change_cipher ( struct tls_connection *tls ) {
static const uint8_t change_cipher[1] = { 1 };
return tls_send_plaintext ( tls, TLS_TYPE_CHANGE_CIPHER,
change_cipher, sizeof ( change_cipher ) );
/**
* Transmit Finished record
*
- * @v tls TLS session
+ * @v tls TLS connection
* @ret rc Return status code
*/
-static int tls_send_finished ( struct tls_session *tls ) {
+static int tls_send_finished ( struct tls_connection *tls ) {
struct digest_algorithm *digest = tls->handshake_digest;
struct {
uint32_t type_length;
/**
* Receive new Change Cipher record
*
- * @v tls TLS session
+ * @v tls TLS connection
* @v data Plaintext record
* @v len Length of plaintext record
* @ret rc Return status code
*/
-static int tls_new_change_cipher ( struct tls_session *tls,
+static int tls_new_change_cipher ( struct tls_connection *tls,
const void *data, size_t len ) {
int rc;
/**
* Receive new Alert record
*
- * @v tls TLS session
+ * @v tls TLS connection
* @v data Plaintext record
* @v len Length of plaintext record
* @ret rc Return status code
*/
-static int tls_new_alert ( struct tls_session *tls, const void *data,
+static int tls_new_alert ( struct tls_connection *tls, const void *data,
size_t len ) {
const struct {
uint8_t level;
/**
* Receive new Hello Request handshake record
*
- * @v tls TLS session
+ * @v tls TLS connection
* @v data Plaintext handshake record
* @v len Length of plaintext handshake record
* @ret rc Return status code
*/
-static int tls_new_hello_request ( struct tls_session *tls,
+static int tls_new_hello_request ( struct tls_connection *tls,
const void *data __unused,
size_t len __unused ) {
/**
* Receive new Server Hello handshake record
*
- * @v tls TLS session
+ * @v tls TLS connection
* @v data Plaintext handshake record
* @v len Length of plaintext handshake record
* @ret rc Return status code
*/
-static int tls_new_server_hello ( struct tls_session *tls,
+static int tls_new_server_hello ( struct tls_connection *tls,
const void *data, size_t len ) {
const struct {
uint16_t version;
/**
* Parse certificate chain
*
- * @v tls TLS session
+ * @v tls TLS connection
* @v data Certificate chain
* @v len Length of certificate chain
* @ret rc Return status code
*/
-static int tls_parse_chain ( struct tls_session *tls,
+static int tls_parse_chain ( struct tls_connection *tls,
const void *data, size_t len ) {
size_t remaining = len;
int rc;
/**
* Receive new Certificate handshake record
*
- * @v tls TLS session
+ * @v tls TLS connection
* @v data Plaintext handshake record
* @v len Length of plaintext handshake record
* @ret rc Return status code
*/
-static int tls_new_certificate ( struct tls_session *tls,
+static int tls_new_certificate ( struct tls_connection *tls,
const void *data, size_t len ) {
const struct {
tls24_t length;
/**
* Receive new Certificate Request handshake record
*
- * @v tls TLS session
+ * @v tls TLS connection
* @v data Plaintext handshake record
* @v len Length of plaintext handshake record
* @ret rc Return status code
*/
-static int tls_new_certificate_request ( struct tls_session *tls,
+static int tls_new_certificate_request ( struct tls_connection *tls,
const void *data __unused,
size_t len __unused ) {
/**
* Receive new Server Hello Done handshake record
*
- * @v tls TLS session
+ * @v tls TLS connection
* @v data Plaintext handshake record
* @v len Length of plaintext handshake record
* @ret rc Return status code
*/
-static int tls_new_server_hello_done ( struct tls_session *tls,
+static int tls_new_server_hello_done ( struct tls_connection *tls,
const void *data, size_t len ) {
const struct {
char next[0];
/**
* Receive new Finished handshake record
*
- * @v tls TLS session
+ * @v tls TLS connection
* @v data Plaintext handshake record
* @v len Length of plaintext handshake record
* @ret rc Return status code
*/
-static int tls_new_finished ( struct tls_session *tls,
+static int tls_new_finished ( struct tls_connection *tls,
const void *data, size_t len ) {
struct digest_algorithm *digest = tls->handshake_digest;
const struct {
/**
* Receive new Handshake record
*
- * @v tls TLS session
+ * @v tls TLS connection
* @v data Plaintext record
* @v len Length of plaintext record
* @ret rc Return status code
*/
-static int tls_new_handshake ( struct tls_session *tls,
+static int tls_new_handshake ( struct tls_connection *tls,
const void *data, size_t len ) {
size_t remaining = len;
int rc;
/**
* Receive new record
*
- * @v tls TLS session
+ * @v tls TLS connection
* @v type Record type
* @v rx_data List of received data buffers
* @ret rc Return status code
*/
-static int tls_new_record ( struct tls_session *tls, unsigned int type,
+static int tls_new_record ( struct tls_connection *tls, unsigned int type,
struct list_head *rx_data ) {
struct io_buffer *iobuf;
- int ( * handler ) ( struct tls_session *tls, const void *data,
+ int ( * handler ) ( struct tls_connection *tls, const void *data,
size_t len );
int rc;
/**
* Allocate and assemble stream-ciphered record from data and MAC portions
*
- * @v tls TLS session
+ * @v tls TLS connection
* @ret data Data
* @ret len Length of data
* @ret digest MAC digest
* @ret plaintext_len Length of plaintext record
* @ret plaintext Allocated plaintext record
*/
-static void * __malloc tls_assemble_stream ( struct tls_session *tls,
- const void *data, size_t len,
- void *digest, size_t *plaintext_len ) {
+static void * __malloc
+tls_assemble_stream ( struct tls_connection *tls, const void *data, size_t len,
+ void *digest, size_t *plaintext_len ) {
size_t mac_len = tls->tx_cipherspec.suite->digest->digestsize;
void *plaintext;
void *content;
/**
* Allocate and assemble block-ciphered record from data and MAC portions
*
- * @v tls TLS session
+ * @v tls TLS connection
* @ret data Data
* @ret len Length of data
* @ret digest MAC digest
* @ret plaintext_len Length of plaintext record
* @ret plaintext Allocated plaintext record
*/
-static void * tls_assemble_block ( struct tls_session *tls,
+static void * tls_assemble_block ( struct tls_connection *tls,
const void *data, size_t len,
void *digest, size_t *plaintext_len ) {
size_t blocksize = tls->tx_cipherspec.suite->cipher->blocksize;
/**
* Send plaintext record
*
- * @v tls TLS session
+ * @v tls TLS connection
* @v type Record type
* @v data Plaintext record
* @v len Length of plaintext record
* @ret rc Return status code
*/
-static int tls_send_plaintext ( struct tls_session *tls, unsigned int type,
+static int tls_send_plaintext ( struct tls_connection *tls, unsigned int type,
const void *data, size_t len ) {
struct tls_header plaintext_tlshdr;
struct tls_header *tlshdr;
/**
* Split stream-ciphered record into data and MAC portions
*
- * @v tls TLS session
+ * @v tls TLS connection
* @v rx_data List of received data buffers
* @v mac MAC to fill in
* @ret rc Return status code
*/
-static int tls_split_stream ( struct tls_session *tls,
+static int tls_split_stream ( struct tls_connection *tls,
struct list_head *rx_data, void **mac ) {
size_t mac_len = tls->rx_cipherspec.suite->digest->digestsize;
struct io_buffer *iobuf;
/**
* Split block-ciphered record into data and MAC portions
*
- * @v tls TLS session
+ * @v tls TLS connection
* @v rx_data List of received data buffers
* @v mac MAC to fill in
* @ret rc Return status code
*/
-static int tls_split_block ( struct tls_session *tls,
+static int tls_split_block ( struct tls_connection *tls,
struct list_head *rx_data, void **mac ) {
size_t mac_len = tls->rx_cipherspec.suite->digest->digestsize;
struct io_buffer *iobuf;
/**
* Receive new ciphertext record
*
- * @v tls TLS session
+ * @v tls TLS connection
* @v tlshdr Record header
* @v rx_data List of received data buffers
* @ret rc Return status code
*/
-static int tls_new_ciphertext ( struct tls_session *tls,
+static int tls_new_ciphertext ( struct tls_connection *tls,
struct tls_header *tlshdr,
struct list_head *rx_data ) {
struct tls_header plaintext_tlshdr;
/**
* Check flow control window
*
- * @v tls TLS session
+ * @v tls TLS connection
* @ret len Length of window
*/
-static size_t tls_plainstream_window ( struct tls_session *tls ) {
+static size_t tls_plainstream_window ( struct tls_connection *tls ) {
/* Block window unless we are ready to accept data */
if ( ! tls_ready ( tls ) )
/**
* Deliver datagram as raw data
*
- * @v tls TLS session
+ * @v tls TLS connection
* @v iobuf I/O buffer
* @v meta Data transfer metadata
* @ret rc Return status code
*/
-static int tls_plainstream_deliver ( struct tls_session *tls,
+static int tls_plainstream_deliver ( struct tls_connection *tls,
struct io_buffer *iobuf,
struct xfer_metadata *meta __unused ) {
int rc;
/** TLS plaintext stream interface operations */
static struct interface_operation tls_plainstream_ops[] = {
- INTF_OP ( xfer_deliver, struct tls_session *, tls_plainstream_deliver ),
- INTF_OP ( xfer_window, struct tls_session *, tls_plainstream_window ),
- INTF_OP ( intf_close, struct tls_session *, tls_close ),
+ INTF_OP ( xfer_deliver, struct tls_connection *,
+ tls_plainstream_deliver ),
+ INTF_OP ( xfer_window, struct tls_connection *,
+ tls_plainstream_window ),
+ INTF_OP ( intf_close, struct tls_connection *, tls_close ),
};
/** TLS plaintext stream interface descriptor */
static struct interface_descriptor tls_plainstream_desc =
- INTF_DESC_PASSTHRU ( struct tls_session, plainstream,
+ INTF_DESC_PASSTHRU ( struct tls_connection, plainstream,
tls_plainstream_ops, cipherstream );
/******************************************************************************
/**
* Handle received TLS header
*
- * @v tls TLS session
+ * @v tls TLS connection
* @ret rc Returned status code
*/
-static int tls_newdata_process_header ( struct tls_session *tls ) {
+static int tls_newdata_process_header ( struct tls_connection *tls ) {
size_t data_len = ntohs ( tls->rx_header.length );
size_t remaining = data_len;
size_t frag_len;
/**
* Handle received TLS data payload
*
- * @v tls TLS session
+ * @v tls TLS connection
* @ret rc Returned status code
*/
-static int tls_newdata_process_data ( struct tls_session *tls ) {
+static int tls_newdata_process_data ( struct tls_connection *tls ) {
struct io_buffer *iobuf;
int rc;
/**
* Check flow control window
*
- * @v tls TLS session
+ * @v tls TLS connection
* @ret len Length of window
*/
-static size_t tls_cipherstream_window ( struct tls_session *tls ) {
+static size_t tls_cipherstream_window ( struct tls_connection *tls ) {
/* Open window until we are ready to accept data */
if ( ! tls_ready ( tls ) )
/**
* Receive new ciphertext
*
- * @v tls TLS session
+ * @v tls TLS connection
* @v iobuf I/O buffer
* @v meta Data transfer metadat
* @ret rc Return status code
*/
-static int tls_cipherstream_deliver ( struct tls_session *tls,
+static int tls_cipherstream_deliver ( struct tls_connection *tls,
struct io_buffer *iobuf,
struct xfer_metadata *xfer __unused ) {
size_t frag_len;
- int ( * process ) ( struct tls_session *tls );
+ int ( * process ) ( struct tls_connection *tls );
struct io_buffer *dest;
int rc;
/** TLS ciphertext stream interface operations */
static struct interface_operation tls_cipherstream_ops[] = {
- INTF_OP ( xfer_deliver, struct tls_session *,
+ INTF_OP ( xfer_deliver, struct tls_connection *,
tls_cipherstream_deliver ),
- INTF_OP ( xfer_window, struct tls_session *, tls_cipherstream_window ),
- INTF_OP ( xfer_window_changed, struct tls_session *, tls_tx_resume ),
- INTF_OP ( intf_close, struct tls_session *, tls_close ),
+ INTF_OP ( xfer_window, struct tls_connection *,
+ tls_cipherstream_window ),
+ INTF_OP ( xfer_window_changed, struct tls_connection *,
+ tls_tx_resume ),
+ INTF_OP ( intf_close, struct tls_connection *, tls_close ),
};
/** TLS ciphertext stream interface descriptor */
static struct interface_descriptor tls_cipherstream_desc =
- INTF_DESC_PASSTHRU ( struct tls_session, cipherstream,
+ INTF_DESC_PASSTHRU ( struct tls_connection, cipherstream,
tls_cipherstream_ops, plainstream );
/******************************************************************************
/**
* Handle certificate validation completion
*
- * @v tls TLS session
+ * @v tls TLS connection
* @v rc Reason for completion
*/
-static void tls_validator_done ( struct tls_session *tls, int rc ) {
+static void tls_validator_done ( struct tls_connection *tls, int rc ) {
struct tls_cipherspec *cipherspec = &tls->tx_cipherspec_pending;
struct pubkey_algorithm *pubkey = cipherspec->suite->pubkey;
struct x509_certificate *cert;
/** TLS certificate validator interface operations */
static struct interface_operation tls_validator_ops[] = {
- INTF_OP ( intf_close, struct tls_session *, tls_validator_done ),
+ INTF_OP ( intf_close, struct tls_connection *, tls_validator_done ),
};
/** TLS certificate validator interface descriptor */
static struct interface_descriptor tls_validator_desc =
- INTF_DESC ( struct tls_session, validator, tls_validator_ops );
+ INTF_DESC ( struct tls_connection, validator, tls_validator_ops );
/******************************************************************************
*
/**
* TLS TX state machine
*
- * @v tls TLS session
+ * @v tls TLS connection
*/
-static void tls_tx_step ( struct tls_session *tls ) {
+static void tls_tx_step ( struct tls_connection *tls ) {
int rc;
/* Wait for cipherstream to become ready */
/** TLS TX process descriptor */
static struct process_descriptor tls_process_desc =
- PROC_DESC_ONCE ( struct tls_session, process, tls_tx_step );
+ PROC_DESC_ONCE ( struct tls_connection, process, tls_tx_step );
/******************************************************************************
*
int add_tls ( struct interface *xfer, const char *name,
struct interface **next ) {
- struct tls_session *tls;
+ struct tls_connection *tls;
int rc;
/* Allocate and initialise TLS structure */
projects / thirdparty / ipxe.git / commitdiff
