f980095ebf25613e951952ab7ee0beafa356e325
[strongswan.git] / src / libtls / tls_crypto.h
1 /*
2 * Copyright (C) 2020 Tobias Brunner
3 * Copyright (C) 2020 Pascal Knecht
4 * Copyright (C) 2020 Méline Sieber
5 * HSR Hochschule fuer Technik Rapperswil
6 *
7 * Copyright (C) 2010 Martin Willi
8 * Copyright (C) 2010 revosec AG
9 *
10 * This program is free software; you can redistribute it and/or modify it
11 * under the terms of the GNU General Public License as published by the
12 * Free Software Foundation; either version 2 of the License, or (at your
13 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
14 *
15 * This program is distributed in the hope that it will be useful, but
16 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
17 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
18 * for more details.
19 */
20
21 /**
22 * @defgroup tls_crypto tls_crypto
23 * @{ @ingroup libtls
24 */
25
26 #ifndef TLS_CRYPTO_H_
27 #define TLS_CRYPTO_H_
28
29 typedef struct tls_crypto_t tls_crypto_t;
30 typedef enum tls_cipher_suite_t tls_cipher_suite_t;
31 typedef enum tls_hash_algorithm_t tls_hash_algorithm_t;
32 typedef enum tls_signature_algorithm_t tls_signature_algorithm_t;
33 typedef enum tls_client_certificate_type_t tls_client_certificate_type_t;
34 typedef enum tls_ecc_curve_type_t tls_ecc_curve_type_t;
35 typedef enum tls_named_group_t tls_named_group_t;
36 typedef enum tls_ansi_point_format_t tls_ansi_point_format_t;
37 typedef enum tls_ec_point_format_t tls_ec_point_format_t;
38
39 #include "tls.h"
40 #include "tls_prf.h"
41 #include "tls_protection.h"
42
43 #include <library.h>
44
45 #include <credentials/keys/private_key.h>
46
47 /**
48 * TLS cipher suites
49 */
50 enum tls_cipher_suite_t {
51 TLS_NULL_WITH_NULL_NULL = 0x0000,
52 TLS_RSA_WITH_NULL_MD5 = 0x0001,
53 TLS_RSA_WITH_NULL_SHA = 0x0002,
54 TLS_RSA_EXPORT_WITH_RC4_40_MD5 = 0x0003,
55 TLS_RSA_WITH_RC4_128_MD5 = 0x0004,
56 TLS_RSA_WITH_RC4_128_SHA = 0x0005,
57 TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = 0x0006,
58 TLS_RSA_WITH_IDEA_CBC_SHA = 0x0007,
59 TLS_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0008,
60 TLS_RSA_WITH_DES_CBC_SHA = 0x0009,
61 TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x000A,
62 TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x000B,
63 TLS_DH_DSS_WITH_DES_CBC_SHA = 0x000C,
64 TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA = 0x000D,
65 TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x000E,
66 TLS_DH_RSA_WITH_DES_CBC_SHA = 0x000F,
67 TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA = 0x0010,
68 TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x0011,
69 TLS_DHE_DSS_WITH_DES_CBC_SHA = 0x0012,
70 TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA = 0x0013,
71 TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0014,
72 TLS_DHE_RSA_WITH_DES_CBC_SHA = 0x0015,
73 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x0016,
74 TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 = 0x0017,
75 TLS_DH_anon_WITH_RC4_128_MD5 = 0x0018,
76 TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA = 0x0019,
77 TLS_DH_anon_WITH_DES_CBC_SHA = 0x001A,
78 TLS_DH_anon_WITH_3DES_EDE_CBC_SHA = 0x001B,
79
80 TLS_KRB5_WITH_DES_CBC_SHA = 0x001E,
81 TLS_KRB5_WITH_3DES_EDE_CBC_SHA = 0x001F,
82 TLS_KRB5_WITH_RC4_128_SHA = 0x0020,
83 TLS_KRB5_WITH_IDEA_CBC_SHA = 0x0021,
84 TLS_KRB5_WITH_DES_CBC_MD5 = 0x0022,
85 TLS_KRB5_WITH_3DES_EDE_CBC_MD5 = 0x0023,
86 TLS_KRB5_WITH_RC4_128_MD5 = 0x0024,
87 TLS_KRB5_WITH_IDEA_CBC_MD5 = 0x0025,
88 TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA = 0x0026,
89 TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA = 0x0027,
90 TLS_KRB5_EXPORT_WITH_RC4_40_SHA = 0x0028,
91 TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 = 0x0029,
92 TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5 = 0x002A,
93 TLS_KRB5_EXPORT_WITH_RC4_40_MD5 = 0x002B,
94 TLS_PSK_WITH_NULL_SHA = 0x002C,
95 TLS_DHE_PSK_WITH_NULL_SHA = 0x002D,
96 TLS_RSA_PSK_WITH_NULL_SHA = 0x002E,
97 TLS_RSA_WITH_AES_128_CBC_SHA = 0x002F,
98 TLS_DH_DSS_WITH_AES_128_CBC_SHA = 0x0030,
99 TLS_DH_RSA_WITH_AES_128_CBC_SHA = 0x0031,
100 TLS_DHE_DSS_WITH_AES_128_CBC_SHA = 0x0032,
101 TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x0033,
102 TLS_DH_anon_WITH_AES_128_CBC_SHA = 0x0034,
103 TLS_RSA_WITH_AES_256_CBC_SHA = 0x0035,
104 TLS_DH_DSS_WITH_AES_256_CBC_SHA = 0x0036,
105 TLS_DH_RSA_WITH_AES_256_CBC_SHA = 0x0037,
106 TLS_DHE_DSS_WITH_AES_256_CBC_SHA = 0x0038,
107 TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x0039,
108 TLS_DH_anon_WITH_AES_256_CBC_SHA = 0x003A,
109 TLS_RSA_WITH_NULL_SHA256 = 0x003B,
110 TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x003C,
111 TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x003D,
112 TLS_DH_DSS_WITH_AES_128_CBC_SHA256 = 0x003E,
113 TLS_DH_RSA_WITH_AES_128_CBC_SHA256 = 0x003F,
114 TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 = 0x0040,
115 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0041,
116 TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA = 0x0042,
117 TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0043,
118 TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA = 0x0044,
119 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0045,
120 TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA = 0x0046,
121
122 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x0067,
123 TLS_DH_DSS_WITH_AES_256_CBC_SHA256 = 0x0068,
124 TLS_DH_RSA_WITH_AES_256_CBC_SHA256 = 0x0069,
125 TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 = 0x006A,
126 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x006B,
127 TLS_DH_anon_WITH_AES_128_CBC_SHA256 = 0x006C,
128 TLS_DH_anon_WITH_AES_256_CBC_SHA256 = 0x006D,
129
130 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0084,
131 TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA = 0x0085,
132 TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0086,
133 TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA = 0x0087,
134 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0088,
135 TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA = 0x0089,
136 TLS_PSK_WITH_RC4_128_SHA = 0x008A,
137 TLS_PSK_WITH_3DES_EDE_CBC_SHA = 0x008B,
138 TLS_PSK_WITH_AES_128_CBC_SHA = 0x008C,
139 TLS_PSK_WITH_AES_256_CBC_SHA = 0x008D,
140 TLS_DHE_PSK_WITH_RC4_128_SHA = 0x008E,
141 TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA = 0x008F,
142 TLS_DHE_PSK_WITH_AES_128_CBC_SHA = 0x0090,
143 TLS_DHE_PSK_WITH_AES_256_CBC_SHA = 0x0091,
144 TLS_RSA_PSK_WITH_RC4_128_SHA = 0x0092,
145 TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA = 0x0093,
146 TLS_RSA_PSK_WITH_AES_128_CBC_SHA = 0x0094,
147 TLS_RSA_PSK_WITH_AES_256_CBC_SHA = 0x0095,
148 TLS_RSA_WITH_SEED_CBC_SHA = 0x0096,
149 TLS_DH_DSS_WITH_SEED_CBC_SHA = 0x0097,
150 TLS_DH_RSA_WITH_SEED_CBC_SHA = 0x0098,
151 TLS_DHE_DSS_WITH_SEED_CBC_SHA = 0x0099,
152 TLS_DHE_RSA_WITH_SEED_CBC_SHA = 0x009A,
153 TLS_DH_anon_WITH_SEED_CBC_SHA = 0x009B,
154 TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x009C,
155 TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x009D,
156 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x009E,
157 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x009F,
158 TLS_DH_RSA_WITH_AES_128_GCM_SHA256 = 0x00A0,
159 TLS_DH_RSA_WITH_AES_256_GCM_SHA384 = 0x00A1,
160 TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 = 0x00A2,
161 TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 = 0x00A3,
162 TLS_DH_DSS_WITH_AES_128_GCM_SHA256 = 0x00A4,
163 TLS_DH_DSS_WITH_AES_256_GCM_SHA384 = 0x00A5,
164 TLS_DH_anon_WITH_AES_128_GCM_SHA256 = 0x00A6,
165 TLS_DH_anon_WITH_AES_256_GCM_SHA384 = 0x00A7,
166 TLS_PSK_WITH_AES_128_GCM_SHA256 = 0x00A8,
167 TLS_PSK_WITH_AES_256_GCM_SHA384 = 0x00A9,
168 TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 = 0x00AA,
169 TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 = 0x00AB,
170 TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 = 0x00AC,
171 TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 = 0x00AD,
172 TLS_PSK_WITH_AES_128_CBC_SHA256 = 0x00AE,
173 TLS_PSK_WITH_AES_256_CBC_SHA384 = 0x00AF,
174 TLS_PSK_WITH_NULL_SHA256 = 0x00B0,
175 TLS_PSK_WITH_NULL_SHA384 = 0x00B1,
176 TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 = 0x00B2,
177 TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 = 0x00B3,
178 TLS_DHE_PSK_WITH_NULL_SHA256 = 0x00B4,
179 TLS_DHE_PSK_WITH_NULL_SHA384 = 0x00B5,
180 TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 = 0x00B6,
181 TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 = 0x00B7,
182 TLS_RSA_PSK_WITH_NULL_SHA256 = 0x00B8,
183 TLS_RSA_PSK_WITH_NULL_SHA384 = 0x00B9,
184 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BA,
185 TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BB,
186 TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BC,
187 TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BD,
188 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BE,
189 TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BF,
190 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C0,
191 TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C1,
192 TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C2,
193 TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C3,
194 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C4,
195 TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C5,
196
197 TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0x00FF,
198
199 TLS_AES_128_GCM_SHA256 = 0x1301,
200 TLS_AES_256_GCM_SHA384 = 0x1302,
201 TLS_CHACHA20_POLY1305_SHA256 = 0x1303,
202 TLS_AES_128_CCM_SHA256 = 0x1304,
203 TLS_AES_128_CCM_8_SHA256 = 0x1305,
204
205 TLS_ECDH_ECDSA_WITH_NULL_SHA = 0xC001,
206 TLS_ECDH_ECDSA_WITH_RC4_128_SHA = 0xC002,
207 TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = 0xC003,
208 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA = 0xC004,
209 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA = 0xC005,
210 TLS_ECDHE_ECDSA_WITH_NULL_SHA = 0xC006,
211 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = 0xC007,
212 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = 0xC008,
213 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 0xC009,
214 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0xC00A,
215 TLS_ECDH_RSA_WITH_NULL_SHA = 0xC00B,
216 TLS_ECDH_RSA_WITH_RC4_128_SHA = 0xC00C,
217 TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA = 0xC00D,
218 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA = 0xC00E,
219 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA = 0xC00F,
220 TLS_ECDHE_RSA_WITH_NULL_SHA = 0xC010,
221 TLS_ECDHE_RSA_WITH_RC4_128_SHA = 0xC011,
222 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 0xC012,
223 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0xC013,
224 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0xC014,
225 TLS_ECDH_anon_WITH_NULL_SHA = 0xC015,
226 TLS_ECDH_anon_WITH_RC4_128_SHA = 0xC016,
227 TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA = 0xC017,
228 TLS_ECDH_anon_WITH_AES_128_CBC_SHA = 0xC018,
229 TLS_ECDH_anon_WITH_AES_256_CBC_SHA = 0xC019,
230 TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA = 0xC01A,
231 TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA = 0xC01B,
232 TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA = 0xC01C,
233 TLS_SRP_SHA_WITH_AES_128_CBC_SHA = 0xC01D,
234 TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA = 0xC01E,
235 TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA = 0xC01F,
236 TLS_SRP_SHA_WITH_AES_256_CBC_SHA = 0xC020,
237 TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA = 0xC021,
238 TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA = 0xC022,
239 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0xC023,
240 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 0xC024,
241 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 = 0xC025,
242 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 = 0xC026,
243 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0xC027,
244 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = 0xC028,
245 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 = 0xC029,
246 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 = 0xC02A,
247 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0xC02B,
248 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 0xC02C,
249 TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 = 0xC02D,
250 TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 = 0xC02E,
251 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0xC02F,
252 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 0xC030,
253 TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 = 0xC031,
254 TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 = 0xC032,
255 TLS_ECDHE_PSK_WITH_RC4_128_SHA = 0xC033,
256 TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA = 0xC034,
257 TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA = 0xC035,
258 TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA = 0xC036,
259 TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 = 0xC037,
260 TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 = 0xC038,
261 TLS_ECDHE_PSK_WITH_NULL_SHA = 0xC039,
262 TLS_ECDHE_PSK_WITH_NULL_SHA256 = 0xC03A,
263 TLS_ECDHE_PSK_WITH_NULL_SHA384 = 0xC03B
264 };
265
266 /**
267 * Enum names for tls_cipher_suite_t
268 */
269 extern enum_name_t *tls_cipher_suite_names;
270
271 /**
272 * TLS HashAlgorithm identifiers
273 */
274 enum tls_hash_algorithm_t {
275 TLS_HASH_NONE = 0,
276 TLS_HASH_MD5 = 1,
277 TLS_HASH_SHA1 = 2,
278 TLS_HASH_SHA224 = 3,
279 TLS_HASH_SHA256 = 4,
280 TLS_HASH_SHA384 = 5,
281 TLS_HASH_SHA512 = 6,
282 };
283
284 /**
285 * Enum names for tls_hash_algorithm_t
286 */
287 extern enum_name_t *tls_hash_algorithm_names;
288
289 /**
290 * TLS SignatureAlgorithm identifiers
291 */
292 enum tls_signature_algorithm_t {
293 TLS_SIG_RSA = 1,
294 TLS_SIG_DSA = 2,
295 TLS_SIG_ECDSA = 3,
296 };
297
298 /**
299 * Enum names for tls_signature_algorithm_t
300 */
301 extern enum_name_t *tls_signature_algorithm_names;
302
303 /**
304 * TLS ClientCertificateType
305 */
306 enum tls_client_certificate_type_t {
307 TLS_RSA_SIGN = 1,
308 TLS_DSA_SIGN = 2,
309 TLS_RSA_FIXED_DH = 3,
310 TLS_DSS_FIXED_DH = 4,
311 TLS_RSA_EPHEMERAL_DH = 5,
312 TLS_DSS_EPHEMERAL_DH = 6,
313 TLS_FORTEZZA_DMS = 20,
314 TLS_ECDSA_SIGN = 64,
315 TLS_RSA_FIXED_ECDH = 65,
316 TLS_ECDSA_FIXED_ECDH = 66,
317 };
318
319 /**
320 * Enum names for tls_client_certificate_type_t
321 */
322 extern enum_name_t *tls_client_certificate_type_names;
323
324 /**
325 * TLS EccCurveType
326 */
327 enum tls_ecc_curve_type_t {
328 TLS_ECC_EXPLICIT_PRIME = 1,
329 TLS_ECC_EXPLICIT_CHAR2 = 2,
330 TLS_ECC_NAMED_CURVE = 3,
331 };
332
333 /**
334 * Enum names for tls_ecc_curve_type_t
335 */
336 extern enum_name_t *tls_ecc_curve_type_names;
337
338 /**
339 * TLS Named Curve identifiers
340 */
341 enum tls_named_group_t {
342 TLS_SECT163K1 = 1,
343 TLS_SECT163R1 = 2,
344 TLS_SECT163R2 = 3,
345 TLS_SECT193R1 = 4,
346 TLS_SECT193R2 = 5,
347 TLS_SECT233K1 = 6,
348 TLS_SECT233R1 = 7,
349 TLS_SECT239K1 = 8,
350 TLS_SECT283K1 = 9,
351 TLS_SECT283R1 = 10,
352 TLS_SECT409K1 = 11,
353 TLS_SECT409R1 = 12,
354 TLS_SECT571K1 = 13,
355 TLS_SECT571R1 = 14,
356 TLS_SECP160K1 = 15,
357 TLS_SECP160R1 = 16,
358 TLS_SECP160R2 = 17,
359 TLS_SECP192K1 = 18,
360 TLS_SECP192R1 = 19,
361 TLS_SECP224K1 = 20,
362 TLS_SECP224R1 = 21,
363 TLS_SECP256K1 = 22,
364 TLS_SECP256R1 = 23,
365 TLS_SECP384R1 = 24,
366 TLS_SECP521R1 = 25,
367
368 /* TLS 1.3: new ecdhe, dhe groups */
369 TLS_CURVE25519 = 29,
370 TLS_CURVE448 = 30,
371 TLS_FFDHE2048 = 256,
372 TLS_FFDHE3072 = 257,
373 TLS_FFDHE4096 = 258,
374 TLS_FFDHE6144 = 259,
375 TLS_FFDHE8192 = 260,
376 };
377
378 /**
379 * Enum names for tls_named_group_t
380 */
381 extern enum_name_t *tls_named_group_names;
382
383 /**
384 * EC Point format, ANSI X9.62.
385 */
386 enum tls_ansi_point_format_t {
387 TLS_ANSI_COMPRESSED = 2,
388 TLS_ANSI_COMPRESSED_Y = 3,
389 TLS_ANSI_UNCOMPRESSED = 4,
390 TLS_ANSI_HYBRID = 6,
391 TLS_ANSI_HYBRID_Y = 7,
392 };
393
394 /**
395 * Enum names for tls_ansi_point_format_t.
396 */
397 extern enum_name_t *tls_ansi_point_format_names;
398
399 /**
400 * EC Point format, TLS specific identifiers.
401 */
402 enum tls_ec_point_format_t {
403 TLS_EC_POINT_UNCOMPRESSED = 0,
404 TLS_EC_POINT_ANSIX962_COMPRESSED_PRIME = 1,
405 TLS_EC_POINT_ANSIX962_COMPRESSED_CHAR2 = 2,
406 };
407
408 /**
409 * Enum names for tls_ec_point_format_t.
410 */
411 extern enum_name_t *tls_ec_point_format_names;
412
413 /**
414 * TLS crypto helper functions.
415 */
416 struct tls_crypto_t {
417
418 /**
419 * Get a list of supported TLS cipher suites.
420 *
421 * @param suites list of suites, points to internal data
422 * @return number of suites returned
423 */
424 int (*get_cipher_suites)(tls_crypto_t *this, tls_cipher_suite_t **suites);
425
426 /**
427 * Select and store a cipher suite from a given list of candidates.
428 *
429 * @param suites list of candidates to select from
430 * @param count number of suites
431 * @param key key type used, or KEY_ANY
432 * @return selected suite, 0 if none acceptable
433 */
434 tls_cipher_suite_t (*select_cipher_suite)(tls_crypto_t *this,
435 tls_cipher_suite_t *suites, int count,
436 key_type_t key);
437
438 /**
439 * Get the Diffie-Hellman group to use, if any.
440 *
441 * @return Diffie Hellman group, ord MODP_NONE
442 */
443 diffie_hellman_group_t (*get_dh_group)(tls_crypto_t *this);
444
445 /**
446 * Write the list of supported hash/sig algorithms to writer.
447 *
448 * @param writer writer to write supported hash/sig algorithms
449 */
450 void (*get_signature_algorithms)(tls_crypto_t *this, bio_writer_t *writer);
451
452 /**
453 * Create an enumerator over supported ECDH groups.
454 *
455 * Enumerates over (diffie_hellman_group_t, tls_named_group_t)
456 *
457 * @return enumerator
458 */
459 enumerator_t* (*create_ec_enumerator)(tls_crypto_t *this);
460
461 /**
462 * Set the protection layer of the TLS stack to control it.
463 *
464 * @param protection protection layer to work on
465 */
466 void (*set_protection)(tls_crypto_t *this, tls_protection_t *protection);
467
468 /**
469 * Store exchanged handshake data, used for cryptographic operations.
470 *
471 * @param type handshake sub type
472 * @param data data to append to handshake buffer
473 */
474 void (*append_handshake)(tls_crypto_t *this,
475 tls_handshake_type_t type, chunk_t data);
476
477 /**
478 * Sign a blob of data, append signature to writer.
479 *
480 * @param key private key to use for signature
481 * @param writer TLS writer to write signature to
482 * @param data data to sign
483 * @param hashsig list of TLS1.2 hash/sig algorithms to select from
484 * @return TRUE if signature create successfully
485 */
486 bool (*sign)(tls_crypto_t *this, private_key_t *key,
487 bio_writer_t *writer, chunk_t data, chunk_t hashsig);
488
489 /**
490 * Verify a blob of data, read signature from a reader.
491 *
492 * @param key public key to verify signature with
493 * @param reader TLS reader to read signature from
494 * @param data data to verify signature
495 * @return TRUE if signature valid
496 */
497 bool (*verify)(tls_crypto_t *this, public_key_t *key,
498 bio_reader_t *reader, chunk_t data);
499
500 /**
501 * Create a signature of the handshake data using a given private key.
502 *
503 * @param key private key to use for signature
504 * @param writer TLS writer to write signature to
505 * @param hashsig list of TLS1.2 hash/sig algorithms to select from
506 * @return TRUE if signature create successfully
507 */
508 bool (*sign_handshake)(tls_crypto_t *this, private_key_t *key,
509 bio_writer_t *writer, chunk_t hashsig);
510
511 /**
512 * Verify the signature over handshake data using a given public key.
513 *
514 * @param key public key to verify signature with
515 * @param reader TLS reader to read signature from
516 * @return TRUE if signature valid
517 */
518 bool (*verify_handshake)(tls_crypto_t *this, public_key_t *key,
519 bio_reader_t *reader);
520
521 /**
522 * Calculate the data of a legacy TLS finished message.
523 *
524 * @param label ASCII label to use for calculation
525 * @param out buffer to write finished data to
526 * @return TRUE if calculation successful
527 */
528 bool (*calculate_finished)(tls_crypto_t *this, char *label, char out[12]);
529
530 /**
531 * Calculate the data of a TLS finished message.
532 *
533 * @param out buffer to write finished data to
534 * @return TRUE if calculation successful
535 */
536 bool (*calculate_finished_tls13)(tls_crypto_t *this, bool is_server,
537 chunk_t *out);
538
539 /**
540 * Derive the master secret, MAC and encryption keys.
541 *
542 * @param premaster premaster secret
543 * @param session session identifier to cache master secret
544 * @param id identity the session is bound to
545 * @param client_random random data from client hello
546 * @param server_random random data from server hello
547 * @return TRUE if secrets derived successfully
548 */
549 bool (*derive_secrets)(tls_crypto_t *this, chunk_t premaster,
550 chunk_t session, identification_t *id,
551 chunk_t client_random, chunk_t server_random);
552
553 /**
554 * Derive the handshake keys.
555 *
556 * @param shared_secret input key material
557 * @return TRUE if secret derived successfully
558 */
559 bool (*derive_handshake_keys)(tls_crypto_t *this, chunk_t shared_secret);
560
561 /**
562 * Derive the application keys.
563 *
564 * @return TRUE if secret derived successfully
565 */
566 bool (*derive_app_keys)(tls_crypto_t *this);
567
568 /**
569 * Try to resume a TLS session, derive key material.
570 *
571 * @param session session identifier
572 * @param id identity the session is bound to
573 * @param client_random random data from client hello
574 * @param server_random random data from server hello
575 * @return selected suite
576 */
577 tls_cipher_suite_t (*resume_session)(tls_crypto_t *this, chunk_t session,
578 identification_t *id,
579 chunk_t client_random,
580 chunk_t server_random);
581
582 /**
583 * Check if we have a session to resume as a client.
584 *
585 * @param id server identity to get a session for
586 * @return allocated session identifier, or chunk_empty
587 */
588 chunk_t (*get_session)(tls_crypto_t *this, identification_t *id);
589
590 /**
591 * Change the cipher used at protection layer.
592 *
593 * @param inbound TRUE to change inbound cipher, FALSE for outbound
594 */
595 void (*change_cipher)(tls_crypto_t *this, bool inbound);
596
597 /**
598 * Get the MSK to use in EAP-TLS.
599 *
600 * @return MSK, points to internal data
601 */
602 chunk_t (*get_eap_msk)(tls_crypto_t *this);
603
604 /**
605 * Destroy a tls_crypto_t.
606 */
607 void (*destroy)(tls_crypto_t *this);
608 };
609
610 /**
611 * Create a tls_crypto instance.
612 *
613 * @param tls TLS stack
614 * @param cache TLS session cache
615 * @return TLS crypto helper
616 */
617 tls_crypto_t *tls_crypto_create(tls_t *tls, tls_cache_t *cache);
618
619 /**
620 * Get a list of all supported TLS cipher suites.
621 *
622 * @param null include supported NULL encryption suites
623 * @param version TLS version
624 * @param suites pointer to allocated suites array, to free(), or NULL
625 * @return number of suites supported
626 */
627 int tls_crypto_get_supported_suites(bool null, tls_version_t version,
628 tls_cipher_suite_t **suites);
629
630 #endif /** TLS_CRYPTO_H_ @}*/