#ifndef _TLS_HANDSHAKE_H_
#define _TLS_HANDSHAKE_H_ 1
#include <sys/types.h>
#include <stdint.h>
#include <stdbool.h>
#include "tls_types.h"
typedef struct SSLCertificate
{
struct SSLCertificate *next;
tls_buffer derCert;
} SSLCertificate;
typedef struct DNListElem
{
struct DNListElem *next;
tls_buffer derDN;
} DNListElem;
typedef struct _tls_private_key *tls_private_key_t;
typedef void *tls_private_key_ctx_t;
typedef int
(*tls_private_key_rsa_sign)(tls_private_key_ctx_t ctx, tls_hash_algorithm hash, const uint8_t *plaintext, size_t plaintextLen, uint8_t *sig, size_t *sigLen);
typedef int
(*tls_private_key_rsa_decrypt)(tls_private_key_ctx_t ctx, const uint8_t *ciphertext, size_t ciphertextLen, uint8_t *plaintext, size_t *plaintextLen);
typedef int
(*tls_private_key_ecdsa_sign)(tls_private_key_ctx_t ctx, const uint8_t *plaintext, size_t plaintextLen, uint8_t *sig, size_t *sigLen);
tls_private_key_t tls_private_key_rsa_create(tls_private_key_ctx_t ctx, size_t size, tls_private_key_rsa_sign sign, tls_private_key_rsa_decrypt decrypt);
tls_private_key_t tls_private_key_ecdsa_create(tls_private_key_ctx_t ctx, size_t size,
uint16_t curve, tls_private_key_ecdsa_sign sign);
tls_private_key_ctx_t tls_private_key_get_context(tls_private_key_t key);
void tls_private_key_destroy(tls_private_key_t key);
typedef void *tls_handshake_ctx_t;
typedef struct _tls_handshake_s *tls_handshake_t;
extern const unsigned CipherSuiteCount;
extern const uint16_t KnownCipherSuites[];
extern const unsigned CurvesCount;
extern const uint16_t KnownCurves[];
typedef enum {
tls_handshake_message_client_hello_request = 0,
tls_handshake_message_client_hello = 1,
tls_handshake_message_server_hello = 2,
tls_handshake_message_hello_verify_request = 3,
tls_handshake_message_certificate = 11,
tls_handshake_message_server_key_exchange = 12,
tls_handshake_message_certificate_request = 13,
tls_handshake_message_server_hello_done = 14,
tls_handshake_message_certificate_verify = 15,
tls_handshake_message_client_key_exchange = 16,
tls_handshake_message_finished = 20,
tls_handshake_message_certificate_status = 22,
tls_handshake_message_NPN_encrypted_extension = 67,
} tls_handshake_message_t;
typedef enum {
tls_handshake_trust_ok = 0,
tls_handshake_trust_unknown = 1,
tls_handshake_trust_unknown_root = 2,
tls_handshake_trust_cert_expired = 3,
tls_handshake_trust_cert_invalid = 4,
} tls_handshake_trust_t;
typedef enum {
tls_handshake_config_none = -1,
tls_handshake_config_default = 0,
tls_handshake_config_legacy = 1,
tls_handshake_config_standard = 2,
tls_handshake_config_RC4_fallback = 3,
tls_handshake_config_TLSv1_fallback = 4,
tls_handshake_config_TLSv1_RC4_fallback = 5,
tls_handshake_config_ATSv1 = 6,
tls_handshake_config_ATSv1_noPFS = 7,
tls_handshake_config_legacy_DHE = 8,
} tls_handshake_config_t;
typedef struct tls_message {
struct tls_message *next;
tls_buffer data;
} tls_message;
typedef int
(*tls_handshake_write_callback_t) (tls_handshake_ctx_t ctx, const tls_buffer data, uint8_t content_type);
typedef int
(*tls_handshake_message_callback_t) (tls_handshake_ctx_t ctx, tls_handshake_message_t message);
typedef void
(*tls_handshake_ready_callback_t) (tls_handshake_ctx_t ctx, bool write, bool ready);
typedef int
(*tls_handshake_set_retransmit_timer_callback_t) (tls_handshake_ctx_t ctx, int attempt);
typedef int
(*tls_handshake_save_session_data_callback_t) (tls_handshake_ctx_t ctx, tls_buffer sessionKey, tls_buffer sessionData);
typedef int
(*tls_handshake_load_session_data_callback_t) (tls_handshake_ctx_t ctx, tls_buffer sessionKey, tls_buffer *sessionData);
typedef int
(*tls_handshake_delete_session_data_callback_t) (tls_handshake_ctx_t ctx, tls_buffer sessionKey);
typedef int
(*tls_handshake_delete_all_sessions_callback_t) (tls_handshake_ctx_t ctx);
typedef int
(*tls_handshake_init_pending_cipher_callback_t) (tls_handshake_ctx_t ctx, uint16_t selectedCipher, bool server, tls_buffer key);
typedef int
(*tls_handshake_advance_write_cipher_callback_t) (tls_handshake_ctx_t ctx);
typedef int
(*tls_handshake_rollback_write_cipher_callback_t) (tls_handshake_ctx_t ctx);
typedef int
(*tls_handshake_advance_read_cipher_callback_t) (tls_handshake_ctx_t ctx);
typedef int
(*tls_handshake_set_protocol_version_callback_t) (tls_handshake_ctx_t ctx, tls_protocol_version protocolVersion);
typedef int
(*tls_handshake_set_record_splitting_callback_t) (tls_handshake_ctx_t ctx, bool enable);
typedef struct {
tls_handshake_write_callback_t write;
tls_handshake_message_callback_t message;
tls_handshake_ready_callback_t ready;
tls_handshake_set_retransmit_timer_callback_t set_retransmit_timer;
tls_handshake_save_session_data_callback_t save_session_data;
tls_handshake_load_session_data_callback_t load_session_data;
tls_handshake_delete_session_data_callback_t delete_session_data;
tls_handshake_delete_all_sessions_callback_t delete_all_sessions;
tls_handshake_init_pending_cipher_callback_t init_pending_cipher;
tls_handshake_advance_write_cipher_callback_t advance_write_cipher;
tls_handshake_rollback_write_cipher_callback_t rollback_write_cipher;
tls_handshake_advance_read_cipher_callback_t advance_read_cipher;
tls_handshake_set_protocol_version_callback_t set_protocol_version;
tls_handshake_set_record_splitting_callback_t set_record_splitting;
} tls_handshake_callbacks_t;
tls_handshake_t
tls_handshake_create(bool dtls, bool server);
void
tls_handshake_destroy(tls_handshake_t ctx);
int
tls_handshake_set_callbacks(tls_handshake_t filter,
tls_handshake_callbacks_t *callbacks,
tls_handshake_ctx_t ctx);
int
tls_handshake_process(tls_handshake_t filter,
const tls_buffer message, uint8_t content_type);
int
tls_handshake_continue(tls_handshake_t filter);
int
tls_handshake_negotiate(tls_handshake_t filter, tls_buffer *peerID);
int
tls_handshake_request_renegotiation(tls_handshake_t filter);
int
tls_handshake_close(tls_handshake_t filter);
int
tls_handshake_retransmit_timer_expired(tls_handshake_t filter);
int
tls_handshake_set_resumption(tls_handshake_t filter, bool allow);
int
tls_handshake_set_session_ticket_enabled(tls_handshake_t filter, bool enabled);
int
tls_handshake_set_renegotiation(tls_handshake_t filter, bool allow);
int
tls_handshake_set_ciphersuites(tls_handshake_t filter, const uint16_t *ciphersuite, unsigned n);
int
tls_handshake_get_ciphersuites(tls_handshake_t filter, const uint16_t **ciphersuites, unsigned *n);
int
tls_handshake_set_min_protocol_version(tls_handshake_t filter, tls_protocol_version min);
int
tls_handshake_get_min_protocol_version(tls_handshake_t filter, tls_protocol_version *min);
int
tls_handshake_set_max_protocol_version(tls_handshake_t filter, tls_protocol_version max);
int
tls_handshake_get_max_protocol_version(tls_handshake_t filter, tls_protocol_version *max);
int
tls_handshake_set_curves(tls_handshake_t filter, const uint16_t *curves, unsigned n);
int
tls_handshake_set_mtu(tls_handshake_t filter, size_t mtu);
int
tls_handshake_set_min_dh_group_size(tls_handshake_t filter, unsigned nbits);
int
tls_handshake_get_min_dh_group_size(tls_handshake_t filter, unsigned *nbits);
int
tls_handshake_set_dh_parameters(tls_handshake_t filter, tls_buffer *params);
int
tls_handshake_set_identity(tls_handshake_t filter, SSLCertificate *certs, tls_private_key_t key);
int
tls_handshake_set_encrypt_rsa_public_key(tls_handshake_t filter, const tls_buffer *modulus, const tls_buffer *exponent);
int
tls_handshake_set_psk_identity(tls_handshake_t filter, tls_buffer *psk_identity);
int
tls_handshake_set_psk_identity_hint(tls_handshake_t filter, tls_buffer *psk_identity_hint);
int
tls_handshake_set_psk_secret(tls_handshake_t filter, tls_buffer *psk_secret);
int
tls_handshake_set_client_auth_type(tls_handshake_t filter, tls_client_auth_type auth_type);
int
tls_handshake_set_peer_hostname(tls_handshake_t filter, const char *hostname, size_t len);
int
tls_handshake_get_peer_hostname(tls_handshake_t filter, const char **hostname, size_t *len);
int
tls_handshake_set_client_auth(tls_handshake_t filter, bool request);
int
tls_handshake_set_acceptable_dn_list(tls_handshake_t filter, DNListElem *);
int
tls_handshake_set_acceptable_client_auth_type(tls_handshake_t filter, tls_client_auth_type *auth_types, unsigned n);
int
tls_handshake_set_peer_rsa_public_key(tls_handshake_t filter, const tls_buffer *modulus, const tls_buffer *exponent);
int
tls_handshake_set_peer_ec_public_key(tls_handshake_t filter, tls_named_curve namedCurve, const tls_buffer *pubKeyBits);
int
tls_handshake_set_peer_trust(tls_handshake_t filter, tls_handshake_trust_t trust);
int
tls_handshake_set_false_start(tls_handshake_t filter, bool enabled);
int
tls_handshake_get_false_start(tls_handshake_t filter, bool *enabled);
int
tls_handshake_set_npn_enable(tls_handshake_t filter, bool enabled);
int
tls_handshake_set_npn_data(tls_handshake_t filter, tls_buffer npn_data);
int
tls_handshake_set_alpn_data(tls_handshake_t filter, tls_buffer alpn_data);
int
tls_handshake_set_server_identity_change(tls_handshake_t filter, bool allowed);
int
tls_handshake_get_server_identity_change(tls_handshake_t filter, bool *allowed);
int
tls_handshake_set_ocsp_enable(tls_handshake_t filter, bool enabled);
int
tls_handshake_set_ocsp_responder_id_list(tls_handshake_t filter, tls_buffer_list_t *ocsp_responder_id_list);
int
tls_handshake_set_ocsp_request_extensions(tls_handshake_t filter, tls_buffer ocsp_request_extensions);
int
tls_handshake_set_ocsp_response(tls_handshake_t filter, tls_buffer *ocsp_response);
int
tls_handshake_set_sct_enable(tls_handshake_t filter, bool enabled);
int
tls_handshake_set_sct_list(tls_handshake_t filter, tls_buffer_list_t *sct_list);
int
tls_handshake_set_fallback(tls_handshake_t filter, bool enabled);
int
tls_handshake_get_fallback(tls_handshake_t filter, bool *enabled);
int
tls_handshake_set_user_agent(tls_handshake_t filter, const char *user_agent);
int
tls_handshake_set_config(tls_handshake_t filter, tls_handshake_config_t config);
int
tls_handshake_get_config(tls_handshake_t filter, tls_handshake_config_t *config);
const uint8_t *
tls_handshake_get_server_random(tls_handshake_t filter);
const uint8_t *
tls_handshake_get_client_random(tls_handshake_t filter);
bool
tls_handshake_get_session_proposed(tls_handshake_t filter, tls_buffer *sessionID);
bool
tls_handshake_get_session_match(tls_handshake_t filter, tls_buffer *sessionID);
const uint8_t *
tls_handshake_get_master_secret(tls_handshake_t filter);
tls_protocol_version
tls_handshake_get_negotiated_protocol_version(tls_handshake_t filter);
uint16_t
tls_handshake_get_negotiated_cipherspec(tls_handshake_t filter);
uint16_t
tls_handshake_get_negotiated_curve(tls_handshake_t filter);
const tls_buffer *
tls_handshake_get_sni_hostname(tls_handshake_t filter);
const SSLCertificate *
tls_handshake_get_peer_certificates(tls_handshake_t filter);
const DNListElem *
tls_handshake_get_peer_acceptable_dn_list(tls_handshake_t filter);
const tls_client_auth_type *
tls_handshake_get_peer_acceptable_client_auth_type(tls_handshake_t filter, unsigned *num);
const uint16_t *
tls_handshake_get_peer_requested_ciphersuites(tls_handshake_t filter, unsigned *num);
const tls_signature_and_hash_algorithm *
tls_handshake_get_peer_signature_algorithms(tls_handshake_t filter, unsigned *num);
const tls_buffer *
tls_handshake_get_peer_psk_identity_hint(tls_handshake_t filter);
const tls_buffer *
tls_handshake_get_peer_psk_identity(tls_handshake_t filter);
bool
tls_handshake_get_peer_npn_enabled(tls_handshake_t filter);
const tls_buffer *
tls_handshake_get_peer_npn_data(tls_handshake_t filter);
const tls_buffer *
tls_handshake_get_peer_alpn_data(tls_handshake_t filter);
bool
tls_handshake_get_peer_ocsp_enabled(tls_handshake_t filter);
const tls_buffer *
tls_handshake_get_peer_ocsp_response(tls_handshake_t filter);
const tls_buffer_list_t *
tls_handshake_get_peer_ocsp_responder_id_list(tls_handshake_t filter);
const tls_buffer *
tls_handshake_get_peer_ocsp_request_extensions(tls_handshake_t filter);
bool
tls_handshake_get_peer_sct_enabled(tls_handshake_t filter);
const tls_buffer_list_t *
tls_handshake_get_peer_sct_list(tls_handshake_t filter);
int tls_handshake_internal_prf(tls_handshake_t ctx,
const void *vsecret,
size_t secretLen,
const void *label, size_t labelLen,
const void *seed,
size_t seedLen,
void *vout, size_t outLen);
typedef void (*tls_handshake_master_secret_function_t)(const void *arg,
void *secret,
size_t *secretLength);
int
tls_handshake_internal_set_master_secret_function(tls_handshake_t ctx, tls_handshake_master_secret_function_t mFunc, const void *arg);
int
tls_handshake_internal_set_session_ticket(tls_handshake_t ctx, const void *ticket, size_t ticketLength);
int
tls_handshake_internal_master_secret(tls_handshake_t ctx,
void *secret, size_t *secretSize);
int
tls_handshake_internal_server_random(tls_handshake_t ctx,
void *randBuf, size_t *randSize);
int
tls_handshake_internal_client_random(tls_handshake_t ctx,
void *randBuf, size_t *randSize);
#endif