16d49e1aeSJan Lentfer /* 26d49e1aeSJan Lentfer * TLSv1 common definitions 3*a1157835SDaniel Fojt * Copyright (c) 2006-2014, Jouni Malinen <j@w1.fi> 46d49e1aeSJan Lentfer * 53ff40c12SJohn Marino * This software may be distributed under the terms of the BSD license. 63ff40c12SJohn Marino * See README for more details. 76d49e1aeSJan Lentfer */ 86d49e1aeSJan Lentfer 96d49e1aeSJan Lentfer #ifndef TLSV1_COMMON_H 106d49e1aeSJan Lentfer #define TLSV1_COMMON_H 116d49e1aeSJan Lentfer 123ff40c12SJohn Marino #include "crypto/crypto.h" 136d49e1aeSJan Lentfer 143ff40c12SJohn Marino #define TLS_VERSION_1 0x0301 /* TLSv1 */ 153ff40c12SJohn Marino #define TLS_VERSION_1_1 0x0302 /* TLSv1.1 */ 163ff40c12SJohn Marino #define TLS_VERSION_1_2 0x0303 /* TLSv1.2 */ 173ff40c12SJohn Marino #ifdef CONFIG_TLSV12 183ff40c12SJohn Marino #define TLS_VERSION TLS_VERSION_1_2 193ff40c12SJohn Marino #else /* CONFIG_TLSV12 */ 203ff40c12SJohn Marino #ifdef CONFIG_TLSV11 213ff40c12SJohn Marino #define TLS_VERSION TLS_VERSION_1_1 223ff40c12SJohn Marino #else /* CONFIG_TLSV11 */ 233ff40c12SJohn Marino #define TLS_VERSION TLS_VERSION_1 243ff40c12SJohn Marino #endif /* CONFIG_TLSV11 */ 253ff40c12SJohn Marino #endif /* CONFIG_TLSV12 */ 266d49e1aeSJan Lentfer #define TLS_RANDOM_LEN 32 276d49e1aeSJan Lentfer #define TLS_PRE_MASTER_SECRET_LEN 48 286d49e1aeSJan Lentfer #define TLS_MASTER_SECRET_LEN 48 296d49e1aeSJan Lentfer #define TLS_SESSION_ID_MAX_LEN 32 306d49e1aeSJan Lentfer #define TLS_VERIFY_DATA_LEN 12 316d49e1aeSJan Lentfer 326d49e1aeSJan Lentfer /* HandshakeType */ 336d49e1aeSJan Lentfer enum { 346d49e1aeSJan Lentfer TLS_HANDSHAKE_TYPE_HELLO_REQUEST = 0, 356d49e1aeSJan Lentfer TLS_HANDSHAKE_TYPE_CLIENT_HELLO = 1, 366d49e1aeSJan Lentfer TLS_HANDSHAKE_TYPE_SERVER_HELLO = 2, 376d49e1aeSJan Lentfer TLS_HANDSHAKE_TYPE_NEW_SESSION_TICKET = 4 /* RFC 4507 */, 386d49e1aeSJan Lentfer TLS_HANDSHAKE_TYPE_CERTIFICATE = 11, 396d49e1aeSJan Lentfer TLS_HANDSHAKE_TYPE_SERVER_KEY_EXCHANGE = 12, 406d49e1aeSJan Lentfer TLS_HANDSHAKE_TYPE_CERTIFICATE_REQUEST = 13, 416d49e1aeSJan Lentfer TLS_HANDSHAKE_TYPE_SERVER_HELLO_DONE = 14, 426d49e1aeSJan Lentfer TLS_HANDSHAKE_TYPE_CERTIFICATE_VERIFY = 15, 436d49e1aeSJan Lentfer TLS_HANDSHAKE_TYPE_CLIENT_KEY_EXCHANGE = 16, 446d49e1aeSJan Lentfer TLS_HANDSHAKE_TYPE_FINISHED = 20, 456d49e1aeSJan Lentfer TLS_HANDSHAKE_TYPE_CERTIFICATE_URL = 21 /* RFC 4366 */, 466d49e1aeSJan Lentfer TLS_HANDSHAKE_TYPE_CERTIFICATE_STATUS = 22 /* RFC 4366 */ 476d49e1aeSJan Lentfer }; 486d49e1aeSJan Lentfer 496d49e1aeSJan Lentfer /* CipherSuite */ 506d49e1aeSJan Lentfer #define TLS_NULL_WITH_NULL_NULL 0x0000 /* RFC 2246 */ 516d49e1aeSJan Lentfer #define TLS_RSA_WITH_NULL_MD5 0x0001 /* RFC 2246 */ 526d49e1aeSJan Lentfer #define TLS_RSA_WITH_NULL_SHA 0x0002 /* RFC 2246 */ 536d49e1aeSJan Lentfer #define TLS_RSA_EXPORT_WITH_RC4_40_MD5 0x0003 /* RFC 2246 */ 546d49e1aeSJan Lentfer #define TLS_RSA_WITH_RC4_128_MD5 0x0004 /* RFC 2246 */ 556d49e1aeSJan Lentfer #define TLS_RSA_WITH_RC4_128_SHA 0x0005 /* RFC 2246 */ 566d49e1aeSJan Lentfer #define TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 0x0006 /* RFC 2246 */ 576d49e1aeSJan Lentfer #define TLS_RSA_WITH_IDEA_CBC_SHA 0x0007 /* RFC 2246 */ 586d49e1aeSJan Lentfer #define TLS_RSA_EXPORT_WITH_DES40_CBC_SHA 0x0008 /* RFC 2246 */ 596d49e1aeSJan Lentfer #define TLS_RSA_WITH_DES_CBC_SHA 0x0009 /* RFC 2246 */ 606d49e1aeSJan Lentfer #define TLS_RSA_WITH_3DES_EDE_CBC_SHA 0x000A /* RFC 2246 */ 616d49e1aeSJan Lentfer #define TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA 0x000B /* RFC 2246 */ 626d49e1aeSJan Lentfer #define TLS_DH_DSS_WITH_DES_CBC_SHA 0x000C /* RFC 2246 */ 636d49e1aeSJan Lentfer #define TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA 0x000D /* RFC 2246 */ 646d49e1aeSJan Lentfer #define TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA 0x000E /* RFC 2246 */ 656d49e1aeSJan Lentfer #define TLS_DH_RSA_WITH_DES_CBC_SHA 0x000F /* RFC 2246 */ 666d49e1aeSJan Lentfer #define TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA 0x0010 /* RFC 2246 */ 676d49e1aeSJan Lentfer #define TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA 0x0011 /* RFC 2246 */ 686d49e1aeSJan Lentfer #define TLS_DHE_DSS_WITH_DES_CBC_SHA 0x0012 /* RFC 2246 */ 696d49e1aeSJan Lentfer #define TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA 0x0013 /* RFC 2246 */ 706d49e1aeSJan Lentfer #define TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA 0x0014 /* RFC 2246 */ 716d49e1aeSJan Lentfer #define TLS_DHE_RSA_WITH_DES_CBC_SHA 0x0015 /* RFC 2246 */ 726d49e1aeSJan Lentfer #define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 0x0016 /* RFC 2246 */ 736d49e1aeSJan Lentfer #define TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 0x0017 /* RFC 2246 */ 746d49e1aeSJan Lentfer #define TLS_DH_anon_WITH_RC4_128_MD5 0x0018 /* RFC 2246 */ 756d49e1aeSJan Lentfer #define TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA 0x0019 /* RFC 2246 */ 766d49e1aeSJan Lentfer #define TLS_DH_anon_WITH_DES_CBC_SHA 0x001A /* RFC 2246 */ 776d49e1aeSJan Lentfer #define TLS_DH_anon_WITH_3DES_EDE_CBC_SHA 0x001B /* RFC 2246 */ 786d49e1aeSJan Lentfer #define TLS_RSA_WITH_AES_128_CBC_SHA 0x002F /* RFC 3268 */ 796d49e1aeSJan Lentfer #define TLS_DH_DSS_WITH_AES_128_CBC_SHA 0x0030 /* RFC 3268 */ 806d49e1aeSJan Lentfer #define TLS_DH_RSA_WITH_AES_128_CBC_SHA 0x0031 /* RFC 3268 */ 816d49e1aeSJan Lentfer #define TLS_DHE_DSS_WITH_AES_128_CBC_SHA 0x0032 /* RFC 3268 */ 826d49e1aeSJan Lentfer #define TLS_DHE_RSA_WITH_AES_128_CBC_SHA 0x0033 /* RFC 3268 */ 836d49e1aeSJan Lentfer #define TLS_DH_anon_WITH_AES_128_CBC_SHA 0x0034 /* RFC 3268 */ 846d49e1aeSJan Lentfer #define TLS_RSA_WITH_AES_256_CBC_SHA 0x0035 /* RFC 3268 */ 856d49e1aeSJan Lentfer #define TLS_DH_DSS_WITH_AES_256_CBC_SHA 0x0036 /* RFC 3268 */ 866d49e1aeSJan Lentfer #define TLS_DH_RSA_WITH_AES_256_CBC_SHA 0x0037 /* RFC 3268 */ 876d49e1aeSJan Lentfer #define TLS_DHE_DSS_WITH_AES_256_CBC_SHA 0x0038 /* RFC 3268 */ 886d49e1aeSJan Lentfer #define TLS_DHE_RSA_WITH_AES_256_CBC_SHA 0x0039 /* RFC 3268 */ 896d49e1aeSJan Lentfer #define TLS_DH_anon_WITH_AES_256_CBC_SHA 0x003A /* RFC 3268 */ 903ff40c12SJohn Marino #define TLS_RSA_WITH_NULL_SHA256 0x003B /* RFC 5246 */ 913ff40c12SJohn Marino #define TLS_RSA_WITH_AES_128_CBC_SHA256 0x003C /* RFC 5246 */ 923ff40c12SJohn Marino #define TLS_RSA_WITH_AES_256_CBC_SHA256 0x003D /* RFC 5246 */ 933ff40c12SJohn Marino #define TLS_DH_DSS_WITH_AES_128_CBC_SHA256 0x003E /* RFC 5246 */ 943ff40c12SJohn Marino #define TLS_DH_RSA_WITH_AES_128_CBC_SHA256 0x003F /* RFC 5246 */ 953ff40c12SJohn Marino #define TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 0x0040 /* RFC 5246 */ 963ff40c12SJohn Marino #define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 0x0067 /* RFC 5246 */ 973ff40c12SJohn Marino #define TLS_DH_DSS_WITH_AES_256_CBC_SHA256 0x0068 /* RFC 5246 */ 983ff40c12SJohn Marino #define TLS_DH_RSA_WITH_AES_256_CBC_SHA256 0x0069 /* RFC 5246 */ 993ff40c12SJohn Marino #define TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 0x006A /* RFC 5246 */ 1003ff40c12SJohn Marino #define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 0x006B /* RFC 5246 */ 1013ff40c12SJohn Marino #define TLS_DH_anon_WITH_AES_128_CBC_SHA256 0x006C /* RFC 5246 */ 1023ff40c12SJohn Marino #define TLS_DH_anon_WITH_AES_256_CBC_SHA256 0x006D /* RFC 5246 */ 1036d49e1aeSJan Lentfer 1046d49e1aeSJan Lentfer /* CompressionMethod */ 1056d49e1aeSJan Lentfer #define TLS_COMPRESSION_NULL 0 1066d49e1aeSJan Lentfer 1073ff40c12SJohn Marino /* HashAlgorithm */ 1083ff40c12SJohn Marino enum { 1093ff40c12SJohn Marino TLS_HASH_ALG_NONE = 0, 1103ff40c12SJohn Marino TLS_HASH_ALG_MD5 = 1, 1113ff40c12SJohn Marino TLS_HASH_ALG_SHA1 = 2, 1123ff40c12SJohn Marino TLS_HASH_ALG_SHA224 = 3, 1133ff40c12SJohn Marino TLS_HASH_ALG_SHA256 = 4, 1143ff40c12SJohn Marino TLS_HASH_ALG_SHA384 = 5, 1153ff40c12SJohn Marino TLS_HASH_ALG_SHA512 = 6 1163ff40c12SJohn Marino }; 1173ff40c12SJohn Marino 1183ff40c12SJohn Marino /* SignatureAlgorithm */ 1193ff40c12SJohn Marino enum { 1203ff40c12SJohn Marino TLS_SIGN_ALG_ANONYMOUS = 0, 1213ff40c12SJohn Marino TLS_SIGN_ALG_RSA = 1, 1223ff40c12SJohn Marino TLS_SIGN_ALG_DSA = 2, 1233ff40c12SJohn Marino TLS_SIGN_ALG_ECDSA = 3, 1243ff40c12SJohn Marino }; 1253ff40c12SJohn Marino 1266d49e1aeSJan Lentfer /* AlertLevel */ 1276d49e1aeSJan Lentfer #define TLS_ALERT_LEVEL_WARNING 1 1286d49e1aeSJan Lentfer #define TLS_ALERT_LEVEL_FATAL 2 1296d49e1aeSJan Lentfer 1306d49e1aeSJan Lentfer /* AlertDescription */ 1316d49e1aeSJan Lentfer #define TLS_ALERT_CLOSE_NOTIFY 0 1326d49e1aeSJan Lentfer #define TLS_ALERT_UNEXPECTED_MESSAGE 10 1336d49e1aeSJan Lentfer #define TLS_ALERT_BAD_RECORD_MAC 20 1346d49e1aeSJan Lentfer #define TLS_ALERT_DECRYPTION_FAILED 21 1356d49e1aeSJan Lentfer #define TLS_ALERT_RECORD_OVERFLOW 22 1366d49e1aeSJan Lentfer #define TLS_ALERT_DECOMPRESSION_FAILURE 30 1376d49e1aeSJan Lentfer #define TLS_ALERT_HANDSHAKE_FAILURE 40 1386d49e1aeSJan Lentfer #define TLS_ALERT_BAD_CERTIFICATE 42 1396d49e1aeSJan Lentfer #define TLS_ALERT_UNSUPPORTED_CERTIFICATE 43 1406d49e1aeSJan Lentfer #define TLS_ALERT_CERTIFICATE_REVOKED 44 1416d49e1aeSJan Lentfer #define TLS_ALERT_CERTIFICATE_EXPIRED 45 1426d49e1aeSJan Lentfer #define TLS_ALERT_CERTIFICATE_UNKNOWN 46 1436d49e1aeSJan Lentfer #define TLS_ALERT_ILLEGAL_PARAMETER 47 1446d49e1aeSJan Lentfer #define TLS_ALERT_UNKNOWN_CA 48 1456d49e1aeSJan Lentfer #define TLS_ALERT_ACCESS_DENIED 49 1466d49e1aeSJan Lentfer #define TLS_ALERT_DECODE_ERROR 50 1476d49e1aeSJan Lentfer #define TLS_ALERT_DECRYPT_ERROR 51 1486d49e1aeSJan Lentfer #define TLS_ALERT_EXPORT_RESTRICTION 60 1496d49e1aeSJan Lentfer #define TLS_ALERT_PROTOCOL_VERSION 70 1506d49e1aeSJan Lentfer #define TLS_ALERT_INSUFFICIENT_SECURITY 71 1516d49e1aeSJan Lentfer #define TLS_ALERT_INTERNAL_ERROR 80 1526d49e1aeSJan Lentfer #define TLS_ALERT_USER_CANCELED 90 1536d49e1aeSJan Lentfer #define TLS_ALERT_NO_RENEGOTIATION 100 1546d49e1aeSJan Lentfer #define TLS_ALERT_UNSUPPORTED_EXTENSION 110 /* RFC 4366 */ 1556d49e1aeSJan Lentfer #define TLS_ALERT_CERTIFICATE_UNOBTAINABLE 111 /* RFC 4366 */ 1566d49e1aeSJan Lentfer #define TLS_ALERT_UNRECOGNIZED_NAME 112 /* RFC 4366 */ 1576d49e1aeSJan Lentfer #define TLS_ALERT_BAD_CERTIFICATE_STATUS_RESPONSE 113 /* RFC 4366 */ 1586d49e1aeSJan Lentfer #define TLS_ALERT_BAD_CERTIFICATE_HASH_VALUE 114 /* RFC 4366 */ 1596d49e1aeSJan Lentfer 1606d49e1aeSJan Lentfer /* ChangeCipherSpec */ 1616d49e1aeSJan Lentfer enum { 1626d49e1aeSJan Lentfer TLS_CHANGE_CIPHER_SPEC = 1 1636d49e1aeSJan Lentfer }; 1646d49e1aeSJan Lentfer 1656d49e1aeSJan Lentfer /* TLS Extensions */ 1666d49e1aeSJan Lentfer #define TLS_EXT_SERVER_NAME 0 /* RFC 4366 */ 1676d49e1aeSJan Lentfer #define TLS_EXT_MAX_FRAGMENT_LENGTH 1 /* RFC 4366 */ 1686d49e1aeSJan Lentfer #define TLS_EXT_CLIENT_CERTIFICATE_URL 2 /* RFC 4366 */ 1696d49e1aeSJan Lentfer #define TLS_EXT_TRUSTED_CA_KEYS 3 /* RFC 4366 */ 1706d49e1aeSJan Lentfer #define TLS_EXT_TRUNCATED_HMAC 4 /* RFC 4366 */ 1716d49e1aeSJan Lentfer #define TLS_EXT_STATUS_REQUEST 5 /* RFC 4366 */ 172*a1157835SDaniel Fojt #define TLS_EXT_SIGNATURE_ALGORITHMS 13 /* RFC 5246 */ 173*a1157835SDaniel Fojt #define TLS_EXT_STATUS_REQUEST_V2 17 /* RFC 6961 */ 1746d49e1aeSJan Lentfer #define TLS_EXT_SESSION_TICKET 35 /* RFC 4507 */ 1756d49e1aeSJan Lentfer 1766d49e1aeSJan Lentfer #define TLS_EXT_PAC_OPAQUE TLS_EXT_SESSION_TICKET /* EAP-FAST terminology */ 1776d49e1aeSJan Lentfer 1786d49e1aeSJan Lentfer 1796d49e1aeSJan Lentfer typedef enum { 1806d49e1aeSJan Lentfer TLS_KEY_X_NULL, 1816d49e1aeSJan Lentfer TLS_KEY_X_RSA, 1826d49e1aeSJan Lentfer TLS_KEY_X_RSA_EXPORT, 1836d49e1aeSJan Lentfer TLS_KEY_X_DH_DSS_EXPORT, 1846d49e1aeSJan Lentfer TLS_KEY_X_DH_DSS, 1856d49e1aeSJan Lentfer TLS_KEY_X_DH_RSA_EXPORT, 1866d49e1aeSJan Lentfer TLS_KEY_X_DH_RSA, 1876d49e1aeSJan Lentfer TLS_KEY_X_DHE_DSS_EXPORT, 1886d49e1aeSJan Lentfer TLS_KEY_X_DHE_DSS, 1896d49e1aeSJan Lentfer TLS_KEY_X_DHE_RSA_EXPORT, 1906d49e1aeSJan Lentfer TLS_KEY_X_DHE_RSA, 1916d49e1aeSJan Lentfer TLS_KEY_X_DH_anon_EXPORT, 1926d49e1aeSJan Lentfer TLS_KEY_X_DH_anon 1936d49e1aeSJan Lentfer } tls_key_exchange; 1946d49e1aeSJan Lentfer 1956d49e1aeSJan Lentfer typedef enum { 1966d49e1aeSJan Lentfer TLS_CIPHER_NULL, 1976d49e1aeSJan Lentfer TLS_CIPHER_RC4_40, 1986d49e1aeSJan Lentfer TLS_CIPHER_RC4_128, 1996d49e1aeSJan Lentfer TLS_CIPHER_RC2_CBC_40, 2006d49e1aeSJan Lentfer TLS_CIPHER_IDEA_CBC, 2016d49e1aeSJan Lentfer TLS_CIPHER_DES40_CBC, 2026d49e1aeSJan Lentfer TLS_CIPHER_DES_CBC, 2036d49e1aeSJan Lentfer TLS_CIPHER_3DES_EDE_CBC, 2046d49e1aeSJan Lentfer TLS_CIPHER_AES_128_CBC, 2056d49e1aeSJan Lentfer TLS_CIPHER_AES_256_CBC 2066d49e1aeSJan Lentfer } tls_cipher; 2076d49e1aeSJan Lentfer 2086d49e1aeSJan Lentfer typedef enum { 2096d49e1aeSJan Lentfer TLS_HASH_NULL, 2106d49e1aeSJan Lentfer TLS_HASH_MD5, 2113ff40c12SJohn Marino TLS_HASH_SHA, 2123ff40c12SJohn Marino TLS_HASH_SHA256 2136d49e1aeSJan Lentfer } tls_hash; 2146d49e1aeSJan Lentfer 2156d49e1aeSJan Lentfer struct tls_cipher_suite { 2166d49e1aeSJan Lentfer u16 suite; 2176d49e1aeSJan Lentfer tls_key_exchange key_exchange; 2186d49e1aeSJan Lentfer tls_cipher cipher; 2196d49e1aeSJan Lentfer tls_hash hash; 2206d49e1aeSJan Lentfer }; 2216d49e1aeSJan Lentfer 2226d49e1aeSJan Lentfer typedef enum { 2236d49e1aeSJan Lentfer TLS_CIPHER_STREAM, 2246d49e1aeSJan Lentfer TLS_CIPHER_BLOCK 2256d49e1aeSJan Lentfer } tls_cipher_type; 2266d49e1aeSJan Lentfer 2276d49e1aeSJan Lentfer struct tls_cipher_data { 2286d49e1aeSJan Lentfer tls_cipher cipher; 2296d49e1aeSJan Lentfer tls_cipher_type type; 2306d49e1aeSJan Lentfer size_t key_material; 2316d49e1aeSJan Lentfer size_t expanded_key_material; 2326d49e1aeSJan Lentfer size_t block_size; /* also iv_size */ 2336d49e1aeSJan Lentfer enum crypto_cipher_alg alg; 2346d49e1aeSJan Lentfer }; 2356d49e1aeSJan Lentfer 2366d49e1aeSJan Lentfer 2376d49e1aeSJan Lentfer struct tls_verify_hash { 2386d49e1aeSJan Lentfer struct crypto_hash *md5_client; 2396d49e1aeSJan Lentfer struct crypto_hash *sha1_client; 2403ff40c12SJohn Marino struct crypto_hash *sha256_client; 2416d49e1aeSJan Lentfer struct crypto_hash *md5_server; 2426d49e1aeSJan Lentfer struct crypto_hash *sha1_server; 2433ff40c12SJohn Marino struct crypto_hash *sha256_server; 2446d49e1aeSJan Lentfer struct crypto_hash *md5_cert; 2456d49e1aeSJan Lentfer struct crypto_hash *sha1_cert; 2463ff40c12SJohn Marino struct crypto_hash *sha256_cert; 2476d49e1aeSJan Lentfer }; 2486d49e1aeSJan Lentfer 2496d49e1aeSJan Lentfer 2506d49e1aeSJan Lentfer const struct tls_cipher_suite * tls_get_cipher_suite(u16 suite); 2516d49e1aeSJan Lentfer const struct tls_cipher_data * tls_get_cipher_data(tls_cipher cipher); 2526d49e1aeSJan Lentfer int tls_server_key_exchange_allowed(tls_cipher cipher); 2536d49e1aeSJan Lentfer int tls_parse_cert(const u8 *buf, size_t len, struct crypto_public_key **pk); 2546d49e1aeSJan Lentfer int tls_verify_hash_init(struct tls_verify_hash *verify); 2556d49e1aeSJan Lentfer void tls_verify_hash_add(struct tls_verify_hash *verify, const u8 *buf, 2566d49e1aeSJan Lentfer size_t len); 2576d49e1aeSJan Lentfer void tls_verify_hash_free(struct tls_verify_hash *verify); 2583ff40c12SJohn Marino int tls_version_ok(u16 ver); 2593ff40c12SJohn Marino const char * tls_version_str(u16 ver); 2603ff40c12SJohn Marino int tls_prf(u16 ver, const u8 *secret, size_t secret_len, const char *label, 2613ff40c12SJohn Marino const u8 *seed, size_t seed_len, u8 *out, size_t outlen); 262*a1157835SDaniel Fojt int tlsv12_key_x_server_params_hash(u16 tls_version, u8 hash_Alg, 263*a1157835SDaniel Fojt const u8 *client_random, 264*a1157835SDaniel Fojt const u8 *server_random, 265*a1157835SDaniel Fojt const u8 *server_params, 266*a1157835SDaniel Fojt size_t server_params_len, u8 *hash); 267*a1157835SDaniel Fojt int tls_key_x_server_params_hash(u16 tls_version, const u8 *client_random, 268*a1157835SDaniel Fojt const u8 *server_random, 269*a1157835SDaniel Fojt const u8 *server_params, 270*a1157835SDaniel Fojt size_t server_params_len, u8 *hash); 271*a1157835SDaniel Fojt int tls_verify_signature(u16 tls_version, struct crypto_public_key *pk, 272*a1157835SDaniel Fojt const u8 *data, size_t data_len, 273*a1157835SDaniel Fojt const u8 *pos, size_t len, u8 *alert); 2746d49e1aeSJan Lentfer 2756d49e1aeSJan Lentfer #endif /* TLSV1_COMMON_H */ 276