xref: /openbsd-src/lib/libssl/tls13_internal.h (revision 5e3c7963eb248119b7dfd4b0defad58a7d9cd306) 
1 /* $OpenBSD: tls13_internal.h,v 1.15 2019/01/21 13:45:57 jsing Exp $ */
2 /*
3  * Copyright (c) 2018 Bob Beck <beck@openbsd.org>
4  * Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
5  * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
6  *
7  * Permission to use, copy, modify, and/or distribute this software for any
8  * purpose with or without fee is hereby granted, provided that the above
9  * copyright notice and this permission notice appear in all copies.
10  *
11  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
14  * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
16  * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
17  * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18  */
19 
20 #ifndef HEADER_TLS13_INTERNAL_H
21 #define HEADER_TLS13_INTERNAL_H
22 
23 #include <openssl/evp.h>
24 
25 #include "bytestring.h"
26 
27 __BEGIN_HIDDEN_DECLS
28 
29 #define TLS13_HS_CLIENT		1
30 #define TLS13_HS_SERVER		2
31 
32 #define TLS13_IO_SUCCESS	 1
33 #define TLS13_IO_EOF		 0
34 #define TLS13_IO_FAILURE	-1
35 #define TLS13_IO_WANT_POLLIN	-2
36 #define TLS13_IO_WANT_POLLOUT	-3
37 
38 typedef int (*tls13_alert_cb)(uint8_t _alert_level, uint8_t _alert_desc,
39     void *_cb_arg);
40 typedef int (*tls13_post_handshake_cb)(void *_cb_arg);
41 typedef ssize_t (*tls13_read_cb)(void *_buf, size_t _buflen, void *_cb_arg);
42 typedef ssize_t (*tls13_write_cb)(const void *_buf, size_t _buflen,
43     void *_cb_arg);
44 
45 struct tls13_buffer;
46 
47 struct tls13_buffer *tls13_buffer_new(size_t init_size);
48 void tls13_buffer_free(struct tls13_buffer *buf);
49 ssize_t tls13_buffer_extend(struct tls13_buffer *buf, size_t len,
50     tls13_read_cb read_cb, void *cb_arg);
51 void tls13_buffer_cbs(struct tls13_buffer *buf, CBS *cbs);
52 int tls13_buffer_finish(struct tls13_buffer *buf, uint8_t **out,
53     size_t *out_len);
54 
55 struct tls13_secret {
56 	uint8_t *data;
57 	size_t len;
58 };
59 
60 /* RFC 8446 Section 7.1  Page 92 */
61 struct tls13_secrets {
62 	const EVP_MD *digest;
63 	int resumption;
64 	int init_done;
65 	int early_done;
66 	int handshake_done;
67 	int schedule_done;
68 	int insecure; /* Set by tests */
69 	struct tls13_secret zeros;
70 	struct tls13_secret empty_hash;
71 	struct tls13_secret extracted_early;
72 	struct tls13_secret binder_key;
73 	struct tls13_secret client_early_traffic;
74 	struct tls13_secret early_exporter_master;
75 	struct tls13_secret derived_early;
76 	struct tls13_secret extracted_handshake;
77 	struct tls13_secret client_handshake_traffic;
78 	struct tls13_secret server_handshake_traffic;
79 	struct tls13_secret derived_handshake;
80 	struct tls13_secret extracted_master;
81 	struct tls13_secret client_application_traffic;
82 	struct tls13_secret server_application_traffic;
83 	struct tls13_secret exporter_master;
84 	struct tls13_secret resumption_master;
85 };
86 
87 struct tls13_secrets *tls13_secrets_create(const EVP_MD *digest,
88     int resumption);
89 void tls13_secrets_destroy(struct tls13_secrets *secrets);
90 
91 int tls13_hkdf_expand_label(struct tls13_secret *out, const EVP_MD *digest,
92     const struct tls13_secret *secret, const char *label,
93     const struct tls13_secret *context);
94 
95 int tls13_derive_early_secrets(struct tls13_secrets *secrets, uint8_t *psk,
96     size_t psk_len, const struct tls13_secret *context);
97 int tls13_derive_handshake_secrets(struct tls13_secrets *secrets,
98     const uint8_t *ecdhe, size_t ecdhe_len, const struct tls13_secret *context);
99 int tls13_derive_application_secrets(struct tls13_secrets *secrets,
100     const struct tls13_secret *context);
101 
102 /*
103  * Record Layer.
104  */
105 struct tls13_record_layer;
106 
107 struct tls13_record_layer *tls13_record_layer_new(tls13_read_cb wire_read,
108     tls13_write_cb wire_write, tls13_alert_cb alert_cb,
109     tls13_post_handshake_cb post_handshake_cb, void *cb_arg);
110 void tls13_record_layer_free(struct tls13_record_layer *rl);
111 void tls13_record_layer_set_aead(struct tls13_record_layer *rl,
112     const EVP_AEAD *aead);
113 void tls13_record_layer_set_hash(struct tls13_record_layer *rl,
114     const EVP_MD *hash);
115 void tls13_record_layer_handshake_completed(struct tls13_record_layer *rl);
116 int tls13_record_layer_set_traffic_keys(struct tls13_record_layer *rl,
117     struct tls13_secret *read_key, struct tls13_secret *write_key);
118 
119 ssize_t tls13_read_handshake_data(struct tls13_record_layer *rl, uint8_t *buf, size_t n);
120 ssize_t tls13_write_handshake_data(struct tls13_record_layer *rl, const uint8_t *buf,
121     size_t n);
122 ssize_t tls13_read_application_data(struct tls13_record_layer *rl, uint8_t *buf, size_t n);
123 ssize_t tls13_write_application_data(struct tls13_record_layer *rl, const uint8_t *buf,
124     size_t n);
125 
126 /*
127  * Handshake Messages.
128  */
129 struct tls13_handshake_msg;
130 
131 struct tls13_handshake_msg *tls13_handshake_msg_new(void);
132 void tls13_handshake_msg_free(struct tls13_handshake_msg *msg);
133 void tls13_handshake_msg_data(struct tls13_handshake_msg *msg, CBS *cbs);
134 uint8_t tls13_handshake_msg_type(struct tls13_handshake_msg *msg);
135 int tls13_handshake_msg_content(struct tls13_handshake_msg *msg, CBS *cbs);
136 int tls13_handshake_msg_start(struct tls13_handshake_msg *msg, CBB *body,
137     uint8_t msg_type);
138 int tls13_handshake_msg_finish(struct tls13_handshake_msg *msg);
139 int tls13_handshake_msg_recv(struct tls13_handshake_msg *msg,
140     struct tls13_record_layer *rl);
141 int tls13_handshake_msg_send(struct tls13_handshake_msg *msg,
142     struct tls13_record_layer *rl);
143 
144 struct tls13_handshake_stage {
145 	uint8_t	hs_type;
146 	uint8_t	message_number;
147 };
148 
149 struct tls13_ctx {
150 	SSL *ssl;
151 	uint8_t	mode;
152 	struct tls13_handshake_stage handshake_stage;
153 
154 	struct tls13_record_layer *rl;
155 	struct tls13_handshake_msg *hs_msg;
156 };
157 
158 struct tls13_ctx *tls13_ctx_new(int mode);
159 void tls13_ctx_free(struct tls13_ctx *ctx);
160 
161 /*
162  * Legacy interfaces.
163  */
164 int tls13_legacy_return_code(SSL *ssl, ssize_t ret);
165 ssize_t tls13_legacy_wire_read_cb(void *buf, size_t n, void *arg);
166 ssize_t tls13_legacy_wire_write_cb(const void *buf, size_t n, void *arg);
167 int tls13_legacy_read_bytes(SSL *ssl, int type, unsigned char *buf, int len,
168     int peek);
169 int tls13_legacy_write_bytes(SSL *ssl, int type, const void *buf, int len);
170 
171 /*
172  * Message Types - RFC 8446, Section B.3.
173  *
174  * Values listed as "_RESERVED" were used in previous versions of TLS and are
175  * listed here for completeness.  TLS 1.3 implementations MUST NOT send them but
176  * might receive them from older TLS implementations.
177  */
178 #define	TLS13_MT_HELLO_REQUEST_RESERVED		0
179 #define	TLS13_MT_CLIENT_HELLO			1
180 #define	TLS13_MT_SERVER_HELLO			2
181 #define	TLS13_MT_HELLO_VERIFY_REQUEST_RESERVED	3
182 #define	TLS13_MT_NEW_SESSION_TICKET		4
183 #define	TLS13_MT_END_OF_EARLY_DATA		5
184 #define	TLS13_MT_HELLO_RETRY_REQUEST_RESERVED	6
185 #define	TLS13_MT_ENCRYPTED_EXTENSIONS		8
186 #define	TLS13_MT_CERTIFICATE			11
187 #define	TLS13_MT_SERVER_KEY_EXCHANGE_RESERVED	12
188 #define	TLS13_MT_CERTIFICATE_REQUEST		13
189 #define	TLS13_MT_SERVER_HELLO_DONE_RESERVED	14
190 #define	TLS13_MT_CERTIFICATE_VERIFY		15
191 #define	TLS13_MT_CLIENT_KEY_EXCHANGE_RESERVED	16
192 #define	TLS13_MT_FINISHED			20
193 #define	TLS13_MT_CERTIFICATE_URL_RESERVED	21
194 #define	TLS13_MT_CERTIFICATE_STATUS_RESERVED	22
195 #define	TLS13_MT_SUPPLEMENTAL_DATA_RESERVED	23
196 #define	TLS13_MT_KEY_UPDATE			24
197 #define	TLS13_MT_MESSAGE_HASH			254
198 
199 int tls13_handshake_perform(struct tls13_ctx *ctx);
200 
201 int tls13_client_hello_send(struct tls13_ctx *ctx);
202 int tls13_client_hello_recv(struct tls13_ctx *ctx);
203 int tls13_client_hello_retry_send(struct tls13_ctx *ctx);
204 int tls13_client_hello_retry_recv(struct tls13_ctx *ctx);
205 int tls13_client_end_of_early_data_send(struct tls13_ctx *ctx);
206 int tls13_client_end_of_early_data_recv(struct tls13_ctx *ctx);
207 int tls13_client_certificate_send(struct tls13_ctx *ctx);
208 int tls13_client_certificate_recv(struct tls13_ctx *ctx);
209 int tls13_client_certificate_verify_send(struct tls13_ctx *ctx);
210 int tls13_client_certificate_verify_recv(struct tls13_ctx *ctx);
211 int tls13_client_finished_recv(struct tls13_ctx *ctx);
212 int tls13_client_finished_send(struct tls13_ctx *ctx);
213 int tls13_client_key_update_send(struct tls13_ctx *ctx);
214 int tls13_client_key_update_recv(struct tls13_ctx *ctx);
215 int tls13_server_hello_recv(struct tls13_ctx *ctx);
216 int tls13_server_hello_send(struct tls13_ctx *ctx);
217 int tls13_server_encrypted_extensions_recv(struct tls13_ctx *ctx);
218 int tls13_server_encrypted_extensions_send(struct tls13_ctx *ctx);
219 int tls13_server_certificate_recv(struct tls13_ctx *ctx);
220 int tls13_server_certificate_send(struct tls13_ctx *ctx);
221 int tls13_server_certificate_request_recv(struct tls13_ctx *ctx);
222 int tls13_server_certificate_request_send(struct tls13_ctx *ctx);
223 int tls13_server_certificate_verify_send(struct tls13_ctx *ctx);
224 int tls13_server_certificate_verify_recv(struct tls13_ctx *ctx);
225 int tls13_server_finished_recv(struct tls13_ctx *ctx);
226 int tls13_server_finished_send(struct tls13_ctx *ctx);
227 
228 __END_HIDDEN_DECLS
229 
230 #endif
231