log selected TLS version and cipher suite
[strongswan.git] / src / libtls / tls_crypto.h
1 /*
2 * Copyright (C) 2010 Martin Willi
3 * Copyright (C) 2010 revosec AG
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 /**
17 * @defgroup tls_crypto tls_crypto
18 * @{ @ingroup libtls
19 */
20
21 #ifndef TLS_CRYPTO_H_
22 #define TLS_CRYPTO_H_
23
24 typedef struct tls_crypto_t tls_crypto_t;
25 typedef enum tls_cipher_suite_t tls_cipher_suite_t;
26
27 #include "tls.h"
28 #include "tls_prf.h"
29 #include "tls_protection.h"
30
31 #include <library.h>
32
33 #include <credentials/keys/private_key.h>
34
35 /**
36 * TLS cipher suites
37 */
38 enum tls_cipher_suite_t {
39 TLS_NULL_WITH_NULL_NULL = 0x0000,
40 TLS_RSA_WITH_NULL_MD5 = 0x0001,
41 TLS_RSA_WITH_NULL_SHA = 0x0002,
42 TLS_RSA_EXPORT_WITH_RC4_40_MD5 = 0x0003,
43 TLS_RSA_WITH_RC4_128_MD5 = 0x0004,
44 TLS_RSA_WITH_RC4_128_SHA = 0x0005,
45 TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = 0x0006,
46 TLS_RSA_WITH_IDEA_CBC_SHA = 0x0007,
47 TLS_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0008,
48 TLS_RSA_WITH_DES_CBC_SHA = 0x0009,
49 TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x000A,
50 TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x000B,
51 TLS_DH_DSS_WITH_DES_CBC_SHA = 0x000C,
52 TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA = 0x000D,
53 TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x000E,
54 TLS_DH_RSA_WITH_DES_CBC_SHA = 0x000F,
55 TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA = 0x0010,
56 TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x0011,
57 TLS_DHE_DSS_WITH_DES_CBC_SHA = 0x0012,
58 TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA = 0x0013,
59 TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0014,
60 TLS_DHE_RSA_WITH_DES_CBC_SHA = 0x0015,
61 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x0016,
62 TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 = 0x0017,
63 TLS_DH_anon_WITH_RC4_128_MD5 = 0x0018,
64 TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA = 0x0019,
65 TLS_DH_anon_WITH_DES_CBC_SHA = 0x001A,
66 TLS_DH_anon_WITH_3DES_EDE_CBC_SHA = 0x001B,
67
68 TLS_KRB5_WITH_DES_CBC_SHA = 0x001E,
69 TLS_KRB5_WITH_3DES_EDE_CBC_SHA = 0x001F,
70 TLS_KRB5_WITH_RC4_128_SHA = 0x0020,
71 TLS_KRB5_WITH_IDEA_CBC_SHA = 0x0021,
72 TLS_KRB5_WITH_DES_CBC_MD5 = 0x0022,
73 TLS_KRB5_WITH_3DES_EDE_CBC_MD5 = 0x0023,
74 TLS_KRB5_WITH_RC4_128_MD5 = 0x0024,
75 TLS_KRB5_WITH_IDEA_CBC_MD5 = 0x0025,
76 TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA = 0x0026,
77 TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA = 0x0027,
78 TLS_KRB5_EXPORT_WITH_RC4_40_SHA = 0x0028,
79 TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 = 0x0029,
80 TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5 = 0x002A,
81 TLS_KRB5_EXPORT_WITH_RC4_40_MD5 = 0x002B,
82 TLS_PSK_WITH_NULL_SHA = 0x002C,
83 TLS_DHE_PSK_WITH_NULL_SHA = 0x002D,
84 TLS_RSA_PSK_WITH_NULL_SHA = 0x002E,
85 TLS_RSA_WITH_AES_128_CBC_SHA = 0x002F,
86 TLS_DH_DSS_WITH_AES_128_CBC_SHA = 0x0030,
87 TLS_DH_RSA_WITH_AES_128_CBC_SHA = 0x0031,
88 TLS_DHE_DSS_WITH_AES_128_CBC_SHA = 0x0032,
89 TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x0033,
90 TLS_DH_anon_WITH_AES_128_CBC_SHA = 0x0034,
91 TLS_RSA_WITH_AES_256_CBC_SHA = 0x0035,
92 TLS_DH_DSS_WITH_AES_256_CBC_SHA = 0x0036,
93 TLS_DH_RSA_WITH_AES_256_CBC_SHA = 0x0037,
94 TLS_DHE_DSS_WITH_AES_256_CBC_SHA = 0x0038,
95 TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x0039,
96 TLS_DH_anon_WITH_AES_256_CBC_SHA = 0x003A,
97 TLS_RSA_WITH_NULL_SHA256 = 0x003B,
98 TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x003C,
99 TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x003D,
100 TLS_DH_DSS_WITH_AES_128_CBC_SHA256 = 0x003E,
101 TLS_DH_RSA_WITH_AES_128_CBC_SHA256 = 0x003F,
102 TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 = 0x0040,
103 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0041,
104 TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA = 0x0042,
105 TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0043,
106 TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA = 0x0044,
107 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0045,
108 TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA = 0x0046,
109
110 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x0067,
111 TLS_DH_DSS_WITH_AES_256_CBC_SHA256 = 0x0068,
112 TLS_DH_RSA_WITH_AES_256_CBC_SHA256 = 0x0069,
113 TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 = 0x006A,
114 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x006B,
115 TLS_DH_anon_WITH_AES_128_CBC_SHA256 = 0x006C,
116 TLS_DH_anon_WITH_AES_256_CBC_SHA256 = 0x006D,
117
118 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0084,
119 TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA = 0x0085,
120 TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0086,
121 TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA = 0x0087,
122 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0088,
123 TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA = 0x0089,
124 TLS_PSK_WITH_RC4_128_SHA = 0x008A,
125 TLS_PSK_WITH_3DES_EDE_CBC_SHA = 0x008B,
126 TLS_PSK_WITH_AES_128_CBC_SHA = 0x008C,
127 TLS_PSK_WITH_AES_256_CBC_SHA = 0x008D,
128 TLS_DHE_PSK_WITH_RC4_128_SHA = 0x008E,
129 TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA = 0x008F,
130 TLS_DHE_PSK_WITH_AES_128_CBC_SHA = 0x0090,
131 TLS_DHE_PSK_WITH_AES_256_CBC_SHA = 0x0091,
132 TLS_RSA_PSK_WITH_RC4_128_SHA = 0x0092,
133 TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA = 0x0093,
134 TLS_RSA_PSK_WITH_AES_128_CBC_SHA = 0x0094,
135 TLS_RSA_PSK_WITH_AES_256_CBC_SHA = 0x0095,
136 TLS_RSA_WITH_SEED_CBC_SHA = 0x0096,
137 TLS_DH_DSS_WITH_SEED_CBC_SHA = 0x0097,
138 TLS_DH_RSA_WITH_SEED_CBC_SHA = 0x0098,
139 TLS_DHE_DSS_WITH_SEED_CBC_SHA = 0x0099,
140 TLS_DHE_RSA_WITH_SEED_CBC_SHA = 0x009A,
141 TLS_DH_anon_WITH_SEED_CBC_SHA = 0x009B,
142 TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x009C,
143 TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x009D,
144 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x009E,
145 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x009F,
146 TLS_DH_RSA_WITH_AES_128_GCM_SHA256 = 0x00A0,
147 TLS_DH_RSA_WITH_AES_256_GCM_SHA384 = 0x00A1,
148 TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 = 0x00A2,
149 TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 = 0x00A3,
150 TLS_DH_DSS_WITH_AES_128_GCM_SHA256 = 0x00A4,
151 TLS_DH_DSS_WITH_AES_256_GCM_SHA384 = 0x00A5,
152 TLS_DH_anon_WITH_AES_128_GCM_SHA256 = 0x00A6,
153 TLS_DH_anon_WITH_AES_256_GCM_SHA384 = 0x00A7,
154 TLS_PSK_WITH_AES_128_GCM_SHA256 = 0x00A8,
155 TLS_PSK_WITH_AES_256_GCM_SHA384 = 0x00A9,
156 TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 = 0x00AA,
157 TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 = 0x00AB,
158 TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 = 0x00AC,
159 TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 = 0x00AD,
160 TLS_PSK_WITH_AES_128_CBC_SHA256 = 0x00AE,
161 TLS_PSK_WITH_AES_256_CBC_SHA384 = 0x00AF,
162 TLS_PSK_WITH_NULL_SHA256 = 0x00B0,
163 TLS_PSK_WITH_NULL_SHA384 = 0x00B1,
164 TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 = 0x00B2,
165 TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 = 0x00B3,
166 TLS_DHE_PSK_WITH_NULL_SHA256 = 0x00B4,
167 TLS_DHE_PSK_WITH_NULL_SHA384 = 0x00B5,
168 TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 = 0x00B6,
169 TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 = 0x00B7,
170 TLS_RSA_PSK_WITH_NULL_SHA256 = 0x00B8,
171 TLS_RSA_PSK_WITH_NULL_SHA384 = 0x00B9,
172 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BA,
173 TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BB,
174 TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BC,
175 TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BD,
176 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BE,
177 TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BF,
178 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C0,
179 TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C1,
180 TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C2,
181 TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C3,
182 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C4,
183 TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C5,
184
185 TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0x00FF,
186
187 TLS_ECDH_ECDSA_WITH_NULL_SHA = 0xC001,
188 TLS_ECDH_ECDSA_WITH_RC4_128_SHA = 0xC002,
189 TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = 0xC003,
190 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA = 0xC004,
191 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA = 0xC005,
192 TLS_ECDHE_ECDSA_WITH_NULL_SHA = 0xC006,
193 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = 0xC007,
194 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = 0xC008,
195 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 0xC009,
196 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0xC00A,
197 TLS_ECDH_RSA_WITH_NULL_SHA = 0xC00B,
198 TLS_ECDH_RSA_WITH_RC4_128_SHA = 0xC00C,
199 TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA = 0xC00D,
200 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA = 0xC00E,
201 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA = 0xC00F,
202 TLS_ECDHE_RSA_WITH_NULL_SHA = 0xC010,
203 TLS_ECDHE_RSA_WITH_RC4_128_SHA = 0xC011,
204 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 0xC012,
205 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0xC013,
206 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0xC014,
207 TLS_ECDH_anon_WITH_NULL_SHA = 0xC015,
208 TLS_ECDH_anon_WITH_RC4_128_SHA = 0xC016,
209 TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA = 0xC017,
210 TLS_ECDH_anon_WITH_AES_128_CBC_SHA = 0xC018,
211 TLS_ECDH_anon_WITH_AES_256_CBC_SHA = 0xC019,
212 TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA = 0xC01A,
213 TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA = 0xC01B,
214 TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA = 0xC01C,
215 TLS_SRP_SHA_WITH_AES_128_CBC_SHA = 0xC01D,
216 TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA = 0xC01E,
217 TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA = 0xC01F,
218 TLS_SRP_SHA_WITH_AES_256_CBC_SHA = 0xC020,
219 TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA = 0xC021,
220 TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA = 0xC022,
221 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0xC023,
222 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 0xC024,
223 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 = 0xC025,
224 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 = 0xC026,
225 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0xC027,
226 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = 0xC028,
227 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 = 0xC029,
228 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 = 0xC02A,
229 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0xC02B,
230 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 0xC02C,
231 TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 = 0xC02D,
232 TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 = 0xC02E,
233 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0xC02F,
234 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 0xC030,
235 TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 = 0xC031,
236 TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 = 0xC032,
237 TLS_ECDHE_PSK_WITH_RC4_128_SHA = 0xC033,
238 TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA = 0xC034,
239 TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA = 0xC035,
240 TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA = 0xC036,
241 TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 = 0xC037,
242 TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 = 0xC038,
243 TLS_ECDHE_PSK_WITH_NULL_SHA = 0xC039,
244 TLS_ECDHE_PSK_WITH_NULL_SHA256 = 0xC03A,
245 TLS_ECDHE_PSK_WITH_NULL_SHA384 = 0xC03B
246 };
247
248 /**
249 * Enum names for tls_cipher_suite_t
250 */
251 extern enum_name_t *tls_cipher_suite_names;
252
253 /**
254 * TLS crypto helper functions.
255 */
256 struct tls_crypto_t {
257
258 /**
259 * Get a list of supported TLS cipher suites.
260 *
261 * @param suites list of suites, points to internal data
262 * @return number of suites returned
263 */
264 int (*get_cipher_suites)(tls_crypto_t *this, tls_cipher_suite_t **suites);
265
266 /**
267 * Select and store a cipher suite from a given list of candidates.
268 *
269 * @param suites list of candidates to select from
270 * @param count number of suites
271 * @return selected suite, 0 if none acceptable
272 */
273 tls_cipher_suite_t (*select_cipher_suite)(tls_crypto_t *this,
274 tls_cipher_suite_t *suites, int count);
275
276 /**
277 * Set the protection layer of the TLS stack to control it.
278 *
279 * @param protection protection layer to work on
280 */
281 void (*set_protection)(tls_crypto_t *this, tls_protection_t *protection);
282
283 /**
284 * Store exchanged handshake data, used for cryptographic operations.
285 *
286 * @param type handshake sub type
287 * @param data data to append to handshake buffer
288 */
289 void (*append_handshake)(tls_crypto_t *this,
290 tls_handshake_type_t type, chunk_t data);
291
292 /**
293 * Create a signature of the handshake data using a given private key.
294 *
295 * @param key private key to use for signature
296 * @param writer TLS writer to write signature to
297 * @return TRUE if signature create successfully
298 */
299 bool (*sign_handshake)(tls_crypto_t *this, private_key_t *key,
300 tls_writer_t *writer);
301
302 /**
303 * Verify the signature over handshake data using a given public key.
304 *
305 * @param key public key to verify signature with
306 * @param reader TLS reader to read signature from
307 * @return TRUE if signature valid
308 */
309 bool (*verify_handshake)(tls_crypto_t *this, public_key_t *key,
310 tls_reader_t *reader);
311
312 /**
313 * Calculate the data of a TLS finished message.
314 *
315 * @param label ASCII label to use for calculation
316 * @param out buffer to write finished data to
317 * @return TRUE if calculation successful
318 */
319 bool (*calculate_finished)(tls_crypto_t *this, char *label, char out[12]);
320
321 /**
322 * Derive the master secret, MAC and encryption keys.
323 *
324 * @param premaster premaster secret
325 * @param client_random random data from client hello
326 * @param server_random random data from server hello
327 */
328 void (*derive_secrets)(tls_crypto_t *this, chunk_t premaster,
329 chunk_t client_random, chunk_t server_random);
330
331 /**
332 * Change the cipher used at protection layer.
333 *
334 * @param inbound TRUE to change inbound cipher, FALSE for outbound
335 */
336 void (*change_cipher)(tls_crypto_t *this, bool inbound);
337
338 /**
339 * Derive the EAP-TLS MSK.
340 *
341 * @param client_random random data from client hello
342 * @param server_random random data from server hello
343 */
344 void (*derive_eap_msk)(tls_crypto_t *this,
345 chunk_t client_random, chunk_t server_random);
346
347 /**
348 * Get the MSK to use in EAP-TLS.
349 *
350 * @return MSK, points to internal data
351 */
352 chunk_t (*get_eap_msk)(tls_crypto_t *this);
353
354 /**
355 * Destroy a tls_crypto_t.
356 */
357 void (*destroy)(tls_crypto_t *this);
358 };
359
360 /**
361 * Create a tls_crypto instance.
362 */
363 tls_crypto_t *tls_crypto_create(tls_t *tls);
364
365 #endif /** TLS_CRYPTO_H_ @}*/