14 #define TLS_CHANGE_CIPHER 0x14
15 #define TLS_ALERT 0x15
16 #define TLS_HANDSHAKE 0x16
17 #define TLS_APPLICATION_DATA 0x17
19 #define TLS_SERIALIZED_OBJECT 0xFE
21 #define TLS_BLOB_INCREMENT 0xFFF
22 #define TLS_ASN1_MAXLEVEL 0xFF
24 #define DTLS_COOKIE_SIZE 32
26 #define TLS_MAX_SHA_SIZE 48
27 #define TLS_MAX_HASH_SIZE TLS_MAX_SHA_SIZE
28 #define TLS_MAX_RSA_KEY 2048 /* 16kbits */
30 /* 16 KB - 5 byte header - 32 byte mac - 256 bytes of padding - 3 bytes
31 * for an 8 byte header */
32 /* so, minimum app size would be 5+32+256+3+1 = 302, but that's 1 +
33 * record overhead, so it can just be 1, and we don't need to
35 #define TLS_MAXTLS_APP_SIZE 16088
38 /* max 1 second sleep */
39 #define TLS_MAX_ERROR_SLEEP_uS 1000000
40 /* max 5 seconds context sleep */
41 #define TLS_MAX_ERROR_IDLE_S 5
43 #define TLS_V13_MAX_KEY_SIZE 32
44 #define TLS_V13_MAX_IV_SIZE 12
47 #define TLS_MALLOC(size) malloc(size)
50 #define TLS_REALLOC(ptr, size) realloc(ptr, size)
53 #define TLS_FREE(ptr) if (ptr) free(ptr)
57 extern int tls_indent;
58 extern int tls_indent_i;
59 #define INDENT do { for (tls_indent_i=0; tls_indent_i < tls_indent; tls_indent_i++) { fprintf(stderr, " "); } } while (0)
61 #define MARKP do { INDENT; fprintf(stderr, "%s %s:%d ", __FILE__, __func__, __LINE__); } while (0)
62 #define MARK do { INDENT; fprintf(stderr, "%s %s:%d\n", __FILE__, __func__, __LINE__); } while (0)
64 #define DEBUG_PRINTLN(...) do { MARKP; fprintf(stderr, __VA_ARGS__); } while (0)
65 #define DEBUG_PRINTI(...) do { INDENT; fprintf(stderr, __VA_ARGS__); } while (0)
66 #define DEBUG_PRINT(...) do { fprintf(stderr, __VA_ARGS__); } while (0)
68 #define DEBUG_DUMP_HEX(buf, len) do {int _i_; for (_i_ = 0; _i_ < (int)len; _i_++) { DEBUG_PRINT("%02X ", (unsigned int)((unsigned char *)buf)[_i_]); } } while (0)
70 #define DEBUG_INDEX(fields) print_index(fields)
71 #define DEBUG_DUMP(buf, length) fwrite(buf, 1, length, stderr);
73 #define DEBUG_DUMP_HEX_LABEL(title, buf, len) do {fprintf(stderr, "%s (%i): ", title, (int)len); DEBUG_DUMP_HEX(buf, len); fprintf(stderr, "\n");} while (0)
75 #define ENTER do { MARKP; fprintf(stderr, "enter function\n"); tls_indent++; } while (0)
76 #define LEAVE do { tls_indent--; MARKP; fprintf(stderr, "leave function\n");} while (0)
78 #define DEBUG_PRINTLN(...)
79 #define DEBUG_PRINT(...) { }
80 #define DEBUG_DUMP_HEX(buf, len) { }
81 #define DEBUG_INDEX(fields) { }
82 #define DEBUG_DUMP(buf, length) { }
83 #define DEBUG_DUMP_HEX_LABEL(title, buf, len) { }
89 #define TLS_WITH_CHACHA20_POLY1305
91 #define TLS_FORWARD_SECRECY
92 #define TLS_CLIENT_ECDHE
93 #define TLS_CLIENT_ECDSA
94 #define TLS_ROBOT_MITIGATION
95 #define TLS_ECDSA_SUPPORTED
97 /* basic superficial X509v1 certificate support */
98 #ifndef NO_TLS_X509_V1_SUPPORT
99 #define TLS_X509_V1_SUPPORT
104 #define SSL_V30 0x0300
105 #define TLS_V10 0x0301
106 #define DTLS_V10 0xFEFF
107 #define TLS_V11 0x0302
108 #define TLS_V11_HASH_SIZE 36 /* 16(md5) + 20(sha1) */
111 #define TLS_V12 0x0303
112 #define TLS_V13 0x0304
113 #define DTLS_V12 0xFEFD
114 #define DTLS_V13 0xFEFC
115 #define TLS_VERSION12 0x0102
116 #define TLS_VERSION13 0x0103
118 #define TLS_NEED_MORE_DATA 0
119 #define TLS_GENERIC_ERROR -1
120 #define TLS_BROKEN_PACKET -2
121 #define TLS_NOT_UNDERSTOOD -3
122 #define TLS_NOT_SAFE -4
123 #define TLS_NO_COMMON_CIPHER -5
124 #define TLS_UNEXPECTED_MESSAGE -6
125 #define TLS_CLOSE_CONNECTION -7
126 #define TLS_COMPRESSION_NOT_SUPPORTED -8
127 #define TLS_NO_MEMORY -9
128 #define TLS_NOT_VERIFIED -10
129 #define TLS_INTEGRITY_FAILED -11
130 #define TLS_ERROR_ALERT -12
131 #define TLS_BROKEN_CONNECTION -13
132 #define TLS_BAD_CERTIFICATE -14
133 #define TLS_UNSUPPORTED_CERTIFICATE -15
134 #define TLS_NO_RENEGOTIATION -16
135 #define TLS_FEATURE_NOT_SUPPORTED -17
136 #define TLS_DECRYPTION_FAILED -20
138 #define TLS_AES_128_GCM_SHA256 0x1301
139 #define TLS_AES_256_GCM_SHA384 0x1302
140 #define TLS_CHACHA20_POLY1305_SHA256 0x1303
141 #define TLS_AES_128_CCM_SHA256 0x1304
142 #define TLS_AES_128_CCM_8_SHA256 0x1305
144 #define TLS_RSA_WITH_AES_128_CBC_SHA 0x002F
145 #define TLS_RSA_WITH_AES_256_CBC_SHA 0x0035
146 #define TLS_RSA_WITH_AES_128_CBC_SHA256 0x003C
147 #define TLS_RSA_WITH_AES_256_CBC_SHA256 0x003D
148 #define TLS_RSA_WITH_AES_128_GCM_SHA256 0x009C
149 #define TLS_RSA_WITH_AES_256_GCM_SHA384 0x009D
151 /* forward secrecy */
152 #define TLS_DHE_RSA_WITH_AES_128_CBC_SHA 0x0033
153 #define TLS_DHE_RSA_WITH_AES_256_CBC_SHA 0x0039
154 #define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 0x0067
155 #define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 0x006B
156 #define TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 0x009E
157 #define TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 0x009F
159 #define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 0xC013
160 #define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 0xC014
161 #define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 0xC027
162 #define TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xC02F
163 #define TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0xC030
165 #define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0xC009
166 #define TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0xC00A
167 #define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 0xC023
168 #define TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 0xC024
169 #define TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC02B
170 #define TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0xC02C
172 #define TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xCCA8
173 #define TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 0xCCA9
174 #define TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xCCAA
176 #define TLS_FALLBACK_SCSV 0x5600
178 #define TLS_UNSUPPORTED_ALGORITHM 0x00
179 #define TLS_RSA_SIGN_RSA 0x01
180 #define TLS_RSA_SIGN_MD5 0x04
181 #define TLS_RSA_SIGN_SHA1 0x05
182 #define TLS_RSA_SIGN_SHA256 0x0B
183 #define TLS_RSA_SIGN_SHA384 0x0C
184 #define TLS_RSA_SIGN_SHA512 0x0D
186 #define TLS_EC_PUBLIC_KEY 0x11
187 #define TLS_EC_prime192v1 0x12
188 #define TLS_EC_prime192v2 0x13
189 #define TLS_EC_prime192v3 0x14
190 #define TLS_EC_prime239v1 0x15
191 #define TLS_EC_prime239v2 0x16
192 #define TLS_EC_prime239v3 0x17
193 #define TLS_EC_prime256v1 0x18
194 #define TLS_EC_secp224r1 21
195 #define TLS_EC_secp256r1 23
196 #define TLS_EC_secp384r1 24
197 #define TLS_EC_secp521r1 25
199 #define TLS_ALERT_WARNING 0x01
200 #define TLS_ALERT_CRITICAL 0x02
202 #define TLS_CLIENT_HELLO_MINSIZE 41
203 #define TLS_CLIENT_RANDOM_SIZE 32
204 #define TLS_SERVER_RANDOM_SIZE 32
205 #define TLS_MAX_SESSION_ID 32
206 #define TLS_SHA256_MAC_SIZE 32
207 #define TLS_SHA1_MAC_SIZE 20
208 #define TLS_SHA384_MAC_SIZE 48
209 #define TLS_MAX_MAC_SIZE TLS_SHA384_MAC_SIZE
210 #define TLS_MAX_KEY_EXPANSION_SIZE 192 /* 160 */
211 /* 512bits (sha256) = 64 bytes */
212 #define TLS_MAX_HASH_LEN 64
213 #define TLS_AES_IV_LENGTH 16
214 #define TLS_AES_BLOCK_SIZE 16
215 #define TLS_AES_GCM_IV_LENGTH 4
216 #define TLS_13_AES_GCM_IV_LENGTH 12
217 #define TLS_GCM_TAG_LEN 16
218 #define TLS_MAX_TAG_LEN 16
219 #define TLS_MIN_FINISHED_OPAQUE_LEN 12
222 * state machine states, per RFC 8446 A.2
224 /* initial state for client or server */
228 #define TLS_WAIT_SH 1
229 #define TLS_WAIT_EE 2
230 #define TLS_WAIT_CERT_CR 3
232 /* Client or Server */
233 #define TLS_WAIT_CERT 4
234 #define TLS_WAIT_CV 5
235 #define TLS_WAIT_FINISHED 6
236 #define TLS_CONNECTED 7
238 #define TLS_RECVD_CH 0x11
239 #define TLS_NEGOTIATED 0x12
240 #define TLS_WAIT_EOED 0x13
241 #define TLS_WAIT_FLIGHT2 0x14
243 enum tls_alert_description {
245 unexpected_message = 10,
247 record_overflow = 22,
249 decryption_failed_RESERVED = 21,
250 decompression_failure_RESERVED = 30,
251 no_certificate_RESERVED = 41,
252 export_restriction_RESERVED = 60,
253 no_renegotiation_RESERVED = 100,
255 handshake_failure = 40,
256 bad_certificate = 42,
257 unsupported_certificate = 43,
258 certificate_revoked = 44,
259 certificate_expired = 45,
260 certificate_unknown = 46,
261 illegal_parameter = 47,
266 protocol_version = 70,
267 insufficient_security = 71,
269 inappropriate_fallback = 86,
271 missing_extension = 109,
272 unsupported_extension = 110,
273 unrecognized_name = 112,
274 bad_certificate_status_response = 113,
275 unknown_psk_identity = 115,
276 certificate_required = 116,
277 no_application_protocol = 120,
284 new_session_ticket = 4,
285 end_of_early_data = 5,
286 encrypted_extensions = 8,
288 certificate_request = 13,
289 certificate_verify = 15,
293 } tls_handshake_type;
305 symmetric_CBC aes_local;
306 gcm_state aes_gcm_local;
307 struct chacha_ctx chacha_local;
310 symmetric_CBC aes_remote;
311 gcm_state aes_gcm_remote;
312 struct chacha_ctx chacha_remote;
315 unsigned char local_mac[TLS_MAX_MAC_SIZE];
316 unsigned char local_aead_iv[TLS_AES_GCM_IV_LENGTH];
317 unsigned char local_iv[TLS_13_AES_GCM_IV_LENGTH];
318 unsigned char local_nonce[TLS_CHACHA20_IV_LENGTH];
321 unsigned char remote_aead_iv[TLS_AES_GCM_IV_LENGTH];
322 unsigned char remote_mac[TLS_MAX_MAC_SIZE];
323 unsigned char remote_iv[TLS_13_AES_GCM_IV_LENGTH];
324 unsigned char remote_nonce[TLS_CHACHA20_IV_LENGTH];
326 unsigned char created;
329 struct TLSCertificate {
330 unsigned short version;
331 unsigned int algorithm;
332 unsigned int key_algorithm;
333 unsigned int ec_algorithm;
334 unsigned char *exponent;
335 unsigned int exponent_len;
339 unsigned int priv_len;
340 unsigned char *issuer_country;
341 unsigned char *issuer_state;
342 unsigned char *issuer_location;
343 unsigned char *issuer_entity;
344 unsigned char *issuer_subject;
345 char not_before[16]; /* as string */
346 char not_after[16]; /* as string */
347 unsigned char *country;
348 unsigned char *state;
349 unsigned char *location;
350 unsigned char *entity;
351 unsigned char *subject;
353 unsigned short san_length;
355 unsigned char *serial_number;
356 unsigned int serial_len;
357 unsigned char *sign_key;
358 unsigned int sign_len;
359 unsigned char *fingerprint;
360 unsigned char fp[32];
361 unsigned char *der_bytes;
362 unsigned int der_len;
363 unsigned char *bytes;
368 unsigned char remote_random[TLS_CLIENT_RANDOM_SIZE];
369 unsigned char local_random[TLS_SERVER_RANDOM_SIZE];
371 unsigned char session[TLS_MAX_SESSION_ID];
372 unsigned char session_size;
374 unsigned short cipher;
375 unsigned short version;
378 unsigned char is_server;
380 struct TLSCertificate **certificates;
381 struct TLSCertificate *private_key;
382 struct TLSCertificate *ec_private_key;
384 /* forward secrecy */
389 const struct ECCCurveParameters *curve;
391 struct TLSCertificate **client_certificates;
392 int certificates_count;
393 int client_certificates_count;
395 unsigned char *master_key;
396 unsigned int master_key_len;
398 unsigned char *premaster_key;
399 unsigned int premaster_key_len;
401 unsigned char cipher_spec_set;
402 struct TLSCipher crypto;
407 int (*handshake_init)(hash_state *hash);
408 int (*handshake_process)(hash_state *hash, const unsigned char *in,
409 unsigned long inlen);
410 int (*handshake_done)(hash_state *hash, unsigned char *out);
411 int (*handshake_get)(hash_state *hash, unsigned char *out);
413 uint64_t remote_sequence_number;
414 uint64_t local_sequence_number;
416 /* TODO status should be an enum */
417 /* FF = handshake done, should be getting and sending application data
419 unsigned char connection_status;
422 unsigned char critical_error;
423 unsigned char error_code;
425 /* next two seem to be for handshake messages */
426 /* hold pending output */
427 struct tls_buffer output_buffer;
429 struct tls_buffer input_buffer;
431 /* this is application data read from the peer */
432 struct tls_buffer application_buffer;
434 unsigned char is_child;
438 unsigned char request_client_certificate;
439 struct tls_buffer cached_handshake;
441 unsigned char client_verified;
442 /* handshake messages flags */
443 unsigned char hs_messages[11];
448 int (*certificate_verify)(struct TLSContext *context, struct TLSCertificate **certificate_chain, int len);
450 ssize_t (*recv)(int sockfd, void *buf, size_t len, int flags);
451 ssize_t (*send)(int sockfd, const void *buf, size_t len, int flags);
453 struct TLSCertificate **root_certificates;
455 unsigned char *finished_key;
456 unsigned char *remote_finished_key;
457 unsigned char *server_finished_hash;
460 unsigned char alpn_count;
461 char *negotiated_alpn;
463 struct timespec sleep_until;
465 unsigned short tls13_version;
469 uint32_t debug_flags;
473 typedef int (*tls_validation_function)(struct TLSContext *context, struct TLSCertificate **certificate_chain, int len);
478 size_t len; /* used */
479 size_t size; /* allocated */
481 struct TLSContext *context;
484 struct ECCCurveParameters {
497 unsigned char *tls_pem_decode(const unsigned char *data_in, unsigned int input_length, int cert_index, unsigned int *output_len);
498 struct TLSCertificate *tls_create_certificate();
499 int tls_certificate_valid_subject(struct TLSCertificate *cert, const char *subject);
500 int tls_certificate_valid_subject_name(const unsigned char *cert_subject, const char *subject);
501 int tls_certificate_is_valid(struct TLSCertificate *cert);
502 void tls_certificate_set_copy(unsigned char **member, const unsigned char *val, int len);
503 void tls_certificate_set_copy_date(unsigned char *member, const unsigned char *val, int len);
504 void tls_certificate_set_key(struct TLSCertificate *cert, const unsigned char *val, int len);
505 void tls_certificate_set_priv(struct TLSCertificate *cert, const unsigned char *val, int len);
506 void tls_certificate_set_sign_key(struct TLSCertificate *cert, const unsigned char *val, int len);
507 void tls_certificate_set_exponent(struct TLSCertificate *cert, const unsigned char *val, int len);
508 void tls_certificate_set_serial(struct TLSCertificate *cert, const unsigned char *val, int len);
509 void tls_certificate_set_algorithm(unsigned int *algorithm, const unsigned char *val, int len);
510 void tls_destroy_certificate(struct TLSCertificate *cert);
511 struct TLSPacket *tls_create_packet(struct TLSContext *context, unsigned char type, unsigned short version, int payload_size_hint);
512 void tls_destroy_packet(struct TLSPacket *packet);
513 void tls_packet_update(struct TLSPacket *packet);
514 int tls_packet_append(struct TLSPacket *packet, const unsigned char *buf, unsigned int len);
515 int tls_packet_uint8(struct TLSPacket *packet, unsigned char i);
516 int tls_packet_uint16(struct TLSPacket *packet, unsigned short i);
517 int tls_packet_uint32(struct TLSPacket *packet, unsigned int i);
518 int tls_packet_uint24(struct TLSPacket *packet, unsigned int i);
519 int tls_random(unsigned char *key, int len);
522 * Get encrypted data to write, if any. Once you've sent all of it, call
523 * tls_buffer_clear().
525 const unsigned char *tls_get_write_buffer(struct TLSContext *context, unsigned
528 void tls_buffer_clear(struct TLSContext *context);
530 /* Returns 1 for established, 0 for not established yet, and -1 for a critical
532 int tls_established(struct TLSContext *context);
534 /* Discards any unread decrypted data not consumed by tls_read(). */
535 void tls_read_clear(struct TLSContext *context);
538 * Reads any unread decrypted data (see tls_consume_stream). If you don't read
539 * all of it, the remainder will be left in the internal buffers for next
540 * tls_read(). Returns -1 for fatal error, 0 for no more data, or otherwise the
541 * number of bytes copied into the buffer (up to a maximum of the given size).
543 ssize_t tls_read(struct TLSContext *context, void *buf, size_t size);
545 struct TLSContext *tls_create_context(int is_server, unsigned short version);
547 const struct ECCCurveParameters *tls_set_curve(struct TLSContext *context, const struct ECCCurveParameters *curve);
549 /* Create a context for a given client, from a server context. Returns NULL on
551 struct TLSContext *tls_accept(struct TLSContext *context);
553 int tls_set_default_dhe_pg(struct TLSContext *context, const char *p_hex_str, const char *g_hex_str);
554 void tls_destroy_context(struct TLSContext *context);
555 int tls_choose_cipher(struct TLSContext *context, const unsigned char *buf, int buf_len, int *scsv_set);
556 int tls_cipher_supported(struct TLSContext *context, unsigned short cipher);
557 int tls_cipher_is_ephemeral(struct TLSContext *context);
558 const char *tls_cipher_name(struct TLSContext *context);
559 int tls_is_ecdsa(struct TLSContext *context);
560 void tls_send_client_key_exchange(struct TLSContext *context);
561 size_t tls_queue_packet(struct TLSPacket *packet);
562 struct TLSPacket *tls_build_server_key_exchange(struct TLSContext *context, int method);
563 struct TLSPacket *tls_build_hello(struct TLSContext *context, int tls13_downgrade);
564 struct TLSPacket *tls_build_client_hello(struct TLSContext *context);
565 struct TLSPacket *tls_certificate_request(struct TLSContext *context);
566 struct TLSPacket *tls_build_verify_request(struct TLSContext *context);
568 int tls_parse_client_hello(struct TLSContext *context, const unsigned char *buf, int buf_len, unsigned int *write_packets);
570 int tls_parse_certificate(struct TLSContext *context, const unsigned char *buf, int buf_len, int is_client);
571 int tls_parse_server_key_exchange(struct TLSContext *context, const unsigned char *buf, int buf_len);
572 int tls_parse_client_key_exchange(struct TLSContext *context, const unsigned char *buf, int buf_len);
573 int tls_parse_finished(struct TLSContext *context, const unsigned char *buf, int buf_len, unsigned int *write_packets);
574 int tls_parse_verify(struct TLSContext *context, const unsigned char *buf, int buf_len);
575 int tls_parse_payload(struct TLSContext *context, const unsigned char *buf, int buf_len);
576 int tls_parse_message(struct TLSContext *context, unsigned char *buf, int buf_len);
577 int tls_certificate_verify_signature(struct TLSCertificate *cert, struct TLSCertificate *parent);
578 int tls_certificate_chain_is_valid(struct TLSCertificate **certificates, int len);
579 int tls_certificate_chain_is_valid_root(struct TLSContext *context, struct TLSCertificate **certificates, int len);
582 * Add a certificate or a certificate chain to the given context, in PEM form.
583 * Returns a negative value (TLS_GENERIC_ERROR etc.) on error, 0 if there were
584 * no certificates in the buffer, or the number of loaded certificates on
587 int tls_load_certificates(struct TLSContext *context, const unsigned char *pem_buffer, int pem_size);
590 * Add a private key to the given context, in PEM form. Returns a negative
591 * value (TLS_GENERIC_ERROR etc.) on error, 0 if there was no private key in
592 * the buffer, or 1 on success.
594 int tls_load_private_key(struct TLSContext *context, const unsigned char *pem_buffer, int pem_size);
595 struct TLSPacket *tls_build_certificate(struct TLSContext *context);
596 struct TLSPacket *tls_build_finished(struct TLSContext *context);
597 struct TLSPacket *tls_build_change_cipher_spec(struct TLSContext *context);
598 struct TLSPacket *tls_build_message(struct TLSContext *context, const unsigned char *data, unsigned int len);
599 int tls_client_connect(struct TLSContext *context);
600 ssize_t tls_write(struct TLSContext *context, const void *buf, size_t count);
603 * Process a given number of input bytes from a socket. If the other side just
604 * presented a certificate and certificate_verify is not NULL, it will be
607 * Returns 0 if there's no data ready yet, a negative value (see
608 * TLS_GENERIC_ERROR etc.) for an error, or a positive value (the number of
609 * bytes used from buf) if one or more complete TLS messages were received. The
610 * data is copied into an internal buffer even if not all of it was consumed,
611 * so you should not re-send it the next time.
613 * Decrypted data, if any, should be read back with tls_read(). Can change the
614 * status of tls_established(). If the library has anything to send back on the
615 * socket (e.g. as part of the handshake), tls_get_write_buffer() will return
618 int tls_consume_stream(struct TLSContext *context);
619 void tls_close_notify(struct TLSContext *context);
620 void tls_alert(struct TLSContext *context, int critical, int code);
622 /* Whether tls_consume_stream() has data in its buffer that is not processed
624 int tls_pending(struct TLSContext *context);
626 int tls_is_broken(struct TLSContext *context);
627 int tls_request_client_certificate(struct TLSContext *context);
628 int tls_client_verified(struct TLSContext *context);
629 const char *tls_sni(struct TLSContext *context);
630 int tls_sni_set(struct TLSContext *context, const char *sni);
631 int tls_load_root_certificates(struct TLSContext *context, const unsigned char *pem_buffer, int pem_size);
632 int tls_default_verify(struct TLSContext *context, struct TLSCertificate **certificate_chain, int len);
633 void tls_print_certificate(const char *fname);
634 int tls_add_alpn(struct TLSContext *context, const char *alpn);
635 int tls_alpn_contains(struct TLSContext *context, const char *alpn, unsigned char alpn_size);
636 /* useful when renewing certificates for servers, without the need to restart
638 int tls_clear_certificates(struct TLSContext *context);
639 int tls_make_ktls(struct TLSContext *context, int socket);
640 int tls_unmake_ktls(struct TLSContext *context, int socket);
642 int x25519(uint8_t *r, const uint8_t *k, const uint8_t *u);
644 int tls_load_root_file(struct TLSContext *context, const char *pem_filename);
645 void tls_set_verify(struct TLSContext *context, tls_validation_function verify_callback);
646 int tls_set_fd(struct TLSContext *context, int socket);
647 int tls_connect(struct TLSContext *context);
648 int tls_shutdown(struct TLSContext *context);
649 void tls_free(struct TLSContext *context);
650 int base64decode(const char *in, size_t inLen, unsigned char *out, size_t *outLen);
651 ssize_t tls_fsync(struct TLSContext *context);
652 struct TLSCertificate *asn1_parse(struct TLSContext *context,
653 const unsigned char *buffer, int size,
655 int tls_mac_length(struct TLSContext *context);
656 int tls_is_aead(struct TLSContext *context);
657 int tls_crypto_create(struct TLSContext *context, int key_length,
658 unsigned char *localkey,
659 unsigned char *localiv,
660 unsigned char *remotekey,
661 unsigned char *remoteiv);
663 /* DH forward secrecy */
664 unsigned char *tls_decrypt_dhe(struct TLSContext *context, const unsigned char
665 *buffer, unsigned int len, unsigned int *size, int clear_key);
666 unsigned char *tls_decrypt_ecc_dhe(struct TLSContext *context, const unsigned
667 char *buffer, unsigned int len, unsigned int *size, int
669 void tls_dhe_free(struct TLSContext *context);
670 void tls_ecc_dhe_free(struct TLSContext *context);
671 void tls_dh_clear_key(struct DHKey * key);
672 void tls_dhe_create(struct TLSContext *context);
673 void tls_ecc_dhe_create(struct TLSContext *context);
674 int tls_dh_make_key(int keysize, struct DHKey *key, const char *pbuf,
675 const char *gbuf, int pbuf_len, int gbuf_len);
676 void tls_dhe_free(struct TLSContext *context);
677 int tls_dh_export_Y(unsigned char *Ybuf, unsigned long *Ylen,
679 int tls_dh_export_pqY(unsigned char *pbuf, unsigned long *plen,
680 unsigned char *gbuf, unsigned long *glen,
681 unsigned char *Ybuf, unsigned long *Ylen,
683 void tls_ecc_init_curves();
684 int tls_update_hash(struct TLSContext *context, const unsigned char *in,
686 int tls_done_hash(struct TLSContext *context, unsigned char *hout);
687 void tls_set_packet_length(struct TLSPacket *packet, uint32_t length);
688 int tls_compute_key(struct TLSContext *context, unsigned int key_len);
689 int tls_parse_server_hello(struct TLSContext *ctx, const unsigned char *buf, size_t len);
690 int tls_supported_version(uint16_t ver);
691 int tls_parse_key_share(struct TLSContext *context, const unsigned char *buf,
693 unsigned int tls_hmac_message(unsigned char local,
694 struct TLSContext *context,
695 const unsigned char *buf,
697 const unsigned char *buf2,
698 int buf_len2, unsigned char *out,
699 unsigned int outlen);
700 void tls_hkdf_expand_label(unsigned int mac_length,
701 unsigned char *output,
703 const unsigned char *secret,
704 unsigned int secret_len,
706 unsigned char label_len,
707 const unsigned char *data,
708 unsigned char data_len);
709 int tls_hkdf_extract(unsigned int mac_length,
710 unsigned char *output, unsigned int outlen,
711 const unsigned char *salt,
712 unsigned int salt_len,
713 const unsigned char *ikm,
714 unsigned char ikm_len);
715 void tls_destroy_hash(struct TLSContext *context);
716 int tls_get_hash(struct TLSContext *context, unsigned char *hout);
717 int tls_get_hash_idx(struct TLSContext *context);
719 extern struct ECCCurveParameters secp192r1;
720 extern struct ECCCurveParameters secp224k1;
721 extern struct ECCCurveParameters secp224r1;
722 extern struct ECCCurveParameters secp256k1;
723 extern struct ECCCurveParameters secp256r1;
724 extern struct ECCCurveParameters secp384r1;
725 extern struct ECCCurveParameters secp521r1;
726 extern struct ECCCurveParameters curve25519;
727 extern struct DHKey ffdhe2048;
728 extern struct DHKey ffdhe4096;
729 extern struct DHKey ffdhe8192;
730 extern struct DHKey ffdhe6144;
731 extern struct DHKey ffdhe3072;
732 extern struct ECCCurveParameters *const tls_ecc_default_curve;