14 #define TLS_CHANGE_CIPHER 0x14
15 #define TLS_ALERT 0x15
16 #define TLS_HANDSHAKE 0x16
17 #define TLS_APPLICATION_DATA 0x17
19 #define TLS_SERIALIZED_OBJECT 0xFE
21 #define TLS_BLOB_INCREMENT 0xFFF
22 #define TLS_ASN1_MAXLEVEL 0xFF
24 #define DTLS_COOKIE_SIZE 32
26 #define TLS_MAX_SHA_SIZE 48
27 #define TLS_MAX_HASH_SIZE TLS_MAX_SHA_SIZE
28 #define TLS_MAX_RSA_KEY 2048 /* 16kbits */
30 /* 16 KB - 5 byte header - 32 byte mac - 256 bytes of padding - 3 bytes
31 * for an 8 byte header */
32 /* so, minimum app size would be 5+32+256+3+1 = 302, but that's 1 +
33 * record overhead, so it can just be 1, and we don't need to
35 #define TLS_MAXTLS_APP_SIZE 16088
38 /* max 1 second sleep */
39 #define TLS_MAX_ERROR_SLEEP_uS 1000000
40 /* max 5 seconds context sleep */
41 #define TLS_MAX_ERROR_IDLE_S 5
43 #define TLS_V13_MAX_KEY_SIZE 32
44 #define TLS_V13_MAX_IV_SIZE 12
47 #define TLS_MALLOC(size) malloc(size)
50 #define TLS_REALLOC(ptr, size) realloc(ptr, size)
53 #define TLS_FREE(ptr) if (ptr) free(ptr)
57 #define DEBUG_PRINTLN(...) do { fprintf(stderr, "line %d: ", __LINE__); fprintf(stderr, __VA_ARGS__); } while (0)
58 #define DEBUG_PRINT(...) fprintf(stderr, __VA_ARGS__)
60 #define DEBUG_DUMP_HEX(buf, len) do {int _i_; for (_i_ = 0; _i_ < (int)len; _i_++) { DEBUG_PRINT("%02X ", (unsigned int)(buf)[_i_]); } } while (0)
62 #define DEBUG_INDEX(fields) print_index(fields)
63 #define DEBUG_DUMP(buf, length) fwrite(buf, 1, length, stderr);
65 #define DEBUG_DUMP_HEX_LABEL(title, buf, len) do {fprintf(stderr, "%s (%i): ", title, (int)len); DEBUG_DUMP_HEX(buf, len); fprintf(stderr, "\n");} while (0)
67 #define DEBUG_PRINTLN(...)
68 #define DEBUG_PRINT(...) { }
69 #define DEBUG_DUMP_HEX(buf, len) { }
70 #define DEBUG_INDEX(fields) { }
71 #define DEBUG_DUMP(buf, length) { }
72 #define DEBUG_DUMP_HEX_LABEL(title, buf, len) { }
75 #define TLS_WITH_CHACHA20_POLY1305
77 #define TLS_FORWARD_SECRECY
78 #define TLS_CLIENT_ECDHE
79 #define TLS_CLIENT_ECDSA
80 #define TLS_ROBOT_MITIGATION
81 #define TLS_ECDSA_SUPPORTED
83 /* basic superficial X509v1 certificate support */
84 #ifndef NO_TLS_X509_V1_SUPPORT
85 #define TLS_X509_V1_SUPPORT
90 #define SSL_V30 0x0300
91 #define TLS_V10 0x0301
92 #define DTLS_V10 0xFEFF
93 #define TLS_V11 0x0302
94 #define TLS_V11_HASH_SIZE 36 /* 16(md5) + 20(sha1) */
97 #define TLS_V12 0x0303
98 #define TLS_V13 0x0304
99 #define DTLS_V12 0xFEFD
100 #define DTLS_V13 0xFEFC
101 #define TLS_VERSION12 0x0102
102 #define TLS_VERSION13 0x0103
104 #define TLS_NEED_MORE_DATA 0
105 #define TLS_GENERIC_ERROR -1
106 #define TLS_BROKEN_PACKET -2
107 #define TLS_NOT_UNDERSTOOD -3
108 #define TLS_NOT_SAFE -4
109 #define TLS_NO_COMMON_CIPHER -5
110 #define TLS_UNEXPECTED_MESSAGE -6
111 #define TLS_CLOSE_CONNECTION -7
112 #define TLS_COMPRESSION_NOT_SUPPORTED -8
113 #define TLS_NO_MEMORY -9
114 #define TLS_NOT_VERIFIED -10
115 #define TLS_INTEGRITY_FAILED -11
116 #define TLS_ERROR_ALERT -12
117 #define TLS_BROKEN_CONNECTION -13
118 #define TLS_BAD_CERTIFICATE -14
119 #define TLS_UNSUPPORTED_CERTIFICATE -15
120 #define TLS_NO_RENEGOTIATION -16
121 #define TLS_FEATURE_NOT_SUPPORTED -17
122 #define TLS_DECRYPTION_FAILED -20
124 #define TLS_AES_128_GCM_SHA256 0x1301
125 #define TLS_AES_256_GCM_SHA384 0x1302
126 #define TLS_CHACHA20_POLY1305_SHA256 0x1303
127 #define TLS_AES_128_CCM_SHA256 0x1304
128 #define TLS_AES_128_CCM_8_SHA256 0x1305
130 #define TLS_RSA_WITH_AES_128_CBC_SHA 0x002F
131 #define TLS_RSA_WITH_AES_256_CBC_SHA 0x0035
132 #define TLS_RSA_WITH_AES_128_CBC_SHA256 0x003C
133 #define TLS_RSA_WITH_AES_256_CBC_SHA256 0x003D
134 #define TLS_RSA_WITH_AES_128_GCM_SHA256 0x009C
135 #define TLS_RSA_WITH_AES_256_GCM_SHA384 0x009D
137 /* forward secrecy */
138 #define TLS_DHE_RSA_WITH_AES_128_CBC_SHA 0x0033
139 #define TLS_DHE_RSA_WITH_AES_256_CBC_SHA 0x0039
140 #define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 0x0067
141 #define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 0x006B
142 #define TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 0x009E
143 #define TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 0x009F
145 #define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 0xC013
146 #define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 0xC014
147 #define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 0xC027
148 #define TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xC02F
149 #define TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0xC030
151 #define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0xC009
152 #define TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0xC00A
153 #define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 0xC023
154 #define TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 0xC024
155 #define TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC02B
156 #define TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0xC02C
158 #define TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xCCA8
159 #define TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 0xCCA9
160 #define TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xCCAA
162 #define TLS_FALLBACK_SCSV 0x5600
164 #define TLS_UNSUPPORTED_ALGORITHM 0x00
165 #define TLS_RSA_SIGN_RSA 0x01
166 #define TLS_RSA_SIGN_MD5 0x04
167 #define TLS_RSA_SIGN_SHA1 0x05
168 #define TLS_RSA_SIGN_SHA256 0x0B
169 #define TLS_RSA_SIGN_SHA384 0x0C
170 #define TLS_RSA_SIGN_SHA512 0x0D
172 #define TLS_EC_PUBLIC_KEY 0x11
173 #define TLS_EC_prime192v1 0x12
174 #define TLS_EC_prime192v2 0x13
175 #define TLS_EC_prime192v3 0x14
176 #define TLS_EC_prime239v1 0x15
177 #define TLS_EC_prime239v2 0x16
178 #define TLS_EC_prime239v3 0x17
179 #define TLS_EC_prime256v1 0x18
180 #define TLS_EC_secp224r1 21
181 #define TLS_EC_secp256r1 23
182 #define TLS_EC_secp384r1 24
183 #define TLS_EC_secp521r1 25
185 #define TLS_ALERT_WARNING 0x01
186 #define TLS_ALERT_CRITICAL 0x02
188 #define TLS_CLIENT_HELLO_MINSIZE 41
189 #define TLS_CLIENT_RANDOM_SIZE 32
190 #define TLS_SERVER_RANDOM_SIZE 32
191 #define TLS_MAX_SESSION_ID 32
192 #define TLS_SHA256_MAC_SIZE 32
193 #define TLS_SHA1_MAC_SIZE 20
194 #define TLS_SHA384_MAC_SIZE 48
195 #define TLS_MAX_MAC_SIZE TLS_SHA384_MAC_SIZE
196 #define TLS_MAX_KEY_EXPANSION_SIZE 192 /* 160 */
197 /* 512bits (sha256) = 64 bytes */
198 #define TLS_MAX_HASH_LEN 64
199 #define TLS_AES_IV_LENGTH 16
200 #define TLS_AES_BLOCK_SIZE 16
201 #define TLS_AES_GCM_IV_LENGTH 4
202 #define TLS_13_AES_GCM_IV_LENGTH 12
203 #define TLS_GCM_TAG_LEN 16
204 #define TLS_MAX_TAG_LEN 16
205 #define TLS_MIN_FINISHED_OPAQUE_LEN 12
208 * state machine states, per RFC 8446 A.2
210 /* initial state for client or server */
214 #define TLS_WAIT_SH 1
215 #define TLS_WAIT_EE 2
216 #define TLS_WAIT_CERT_CR 3
218 /* Client or Server */
219 #define TLS_WAIT_CERT 4
220 #define TLS_WAIT_CV 5
221 #define TLS_WAIT_FINISHED 6
222 #define TLS_CONNECTED 7
224 #define TLS_RECVD_CH 0x11
225 #define TLS_NEGOTIATED 0x12
226 #define TLS_WAIT_EOED 0x13
227 #define TLS_WAIT_FLIGHT2 0x14
229 enum tls_alert_description {
231 unexpected_message = 10,
233 record_overflow = 22,
235 decryption_failed_RESERVED = 21,
236 decompression_failure_RESERVED = 30,
237 no_certificate_RESERVED = 41,
238 export_restriction_RESERVED = 60,
239 no_renegotiation_RESERVED = 100,
241 handshake_failure = 40,
242 bad_certificate = 42,
243 unsupported_certificate = 43,
244 certificate_revoked = 44,
245 certificate_expired = 45,
246 certificate_unknown = 46,
247 illegal_parameter = 47,
252 protocol_version = 70,
253 insufficient_security = 71,
255 inappropriate_fallback = 86,
257 missing_extension = 109,
258 unsupported_extension = 110,
259 unrecognized_name = 112,
260 bad_certificate_status_response = 113,
261 unknown_psk_identity = 115,
262 certificate_required = 116,
263 no_application_protocol = 120,
270 new_session_ticket = 4,
271 end_of_early_data = 5,
272 encrypted_extensions = 8,
274 certificate_request = 13,
275 certificate_verify = 15,
279 } tls_handshake_type;
291 symmetric_CBC aes_local;
292 gcm_state aes_gcm_local;
293 struct chacha_ctx chacha_local;
296 symmetric_CBC aes_remote;
297 gcm_state aes_gcm_remote;
298 struct chacha_ctx chacha_remote;
301 unsigned char local_mac[TLS_MAX_MAC_SIZE];
302 unsigned char local_aead_iv[TLS_AES_GCM_IV_LENGTH];
303 unsigned char local_iv[TLS_13_AES_GCM_IV_LENGTH];
304 unsigned char local_nonce[TLS_CHACHA20_IV_LENGTH];
307 unsigned char remote_aead_iv[TLS_AES_GCM_IV_LENGTH];
308 unsigned char remote_mac[TLS_MAX_MAC_SIZE];
309 unsigned char remote_iv[TLS_13_AES_GCM_IV_LENGTH];
310 unsigned char remote_nonce[TLS_CHACHA20_IV_LENGTH];
312 unsigned char created;
315 struct TLSCertificate {
316 unsigned short version;
317 unsigned int algorithm;
318 unsigned int key_algorithm;
319 unsigned int ec_algorithm;
320 unsigned char *exponent;
321 unsigned int exponent_len;
325 unsigned int priv_len;
326 unsigned char *issuer_country;
327 unsigned char *issuer_state;
328 unsigned char *issuer_location;
329 unsigned char *issuer_entity;
330 unsigned char *issuer_subject;
331 char not_before[16]; /* as string */
332 char not_after[16]; /* as string */
333 unsigned char *country;
334 unsigned char *state;
335 unsigned char *location;
336 unsigned char *entity;
337 unsigned char *subject;
339 unsigned short san_length;
341 unsigned char *serial_number;
342 unsigned int serial_len;
343 unsigned char *sign_key;
344 unsigned int sign_len;
345 unsigned char *fingerprint;
346 unsigned char fp[32];
347 unsigned char *der_bytes;
348 unsigned int der_len;
349 unsigned char *bytes;
354 unsigned char remote_random[TLS_CLIENT_RANDOM_SIZE];
355 unsigned char local_random[TLS_SERVER_RANDOM_SIZE];
357 unsigned char session[TLS_MAX_SESSION_ID];
358 unsigned char session_size;
360 unsigned short cipher;
361 unsigned short version;
364 unsigned char is_server;
366 struct TLSCertificate **certificates;
367 struct TLSCertificate *private_key;
368 struct TLSCertificate *ec_private_key;
370 /* forward secrecy */
375 const struct ECCCurveParameters *curve;
377 struct TLSCertificate **client_certificates;
378 int certificates_count;
379 int client_certificates_count;
381 unsigned char *master_key;
382 unsigned int master_key_len;
384 unsigned char *premaster_key;
385 unsigned int premaster_key_len;
387 unsigned char cipher_spec_set;
388 struct TLSCipher crypto;
393 int (*handshake_init)(hash_state *hash);
394 int (*handshake_process)(hash_state *hash, const unsigned char *in,
395 unsigned long inlen);
396 int (*handshake_done)(hash_state *hash, unsigned char *out);
397 int (*handshake_get)(hash_state *hash, unsigned char *out);
399 uint64_t remote_sequence_number;
400 uint64_t local_sequence_number;
402 /* TODO status should be an enum */
403 /* FF = handshake done, should be getting and sending application data
405 unsigned char connection_status;
408 unsigned char critical_error;
409 unsigned char error_code;
411 /* next two seem to be for handshake messages */
412 /* hold pending output */
413 struct tls_buffer output_buffer;
415 struct tls_buffer input_buffer;
417 /* this is application data read from the peer */
418 struct tls_buffer application_buffer;
420 unsigned char is_child;
424 unsigned char request_client_certificate;
425 struct tls_buffer cached_handshake;
427 unsigned char client_verified;
428 /* handshake messages flags */
429 unsigned char hs_messages[11];
434 int (*certificate_verify)(struct TLSContext *context, struct TLSCertificate **certificate_chain, int len);
436 ssize_t (*recv)(int sockfd, void *buf, size_t len, int flags);
437 ssize_t (*send)(int sockfd, const void *buf, size_t len, int flags);
439 struct TLSCertificate **root_certificates;
441 unsigned char *finished_key;
442 unsigned char *remote_finished_key;
443 unsigned char *server_finished_hash;
446 unsigned char alpn_count;
447 char *negotiated_alpn;
449 struct timespec sleep_until;
451 unsigned short tls13_version;
454 typedef int (*tls_validation_function)(struct TLSContext *context, struct TLSCertificate **certificate_chain, int len);
459 size_t len; /* used */
460 size_t size; /* allocated */
462 struct TLSContext *context;
465 struct ECCCurveParameters {
478 unsigned char *tls_pem_decode(const unsigned char *data_in, unsigned int input_length, int cert_index, unsigned int *output_len);
479 struct TLSCertificate *tls_create_certificate();
480 int tls_certificate_valid_subject(struct TLSCertificate *cert, const char *subject);
481 int tls_certificate_valid_subject_name(const unsigned char *cert_subject, const char *subject);
482 int tls_certificate_is_valid(struct TLSCertificate *cert);
483 void tls_certificate_set_copy(unsigned char **member, const unsigned char *val, int len);
484 void tls_certificate_set_copy_date(unsigned char *member, const unsigned char *val, int len);
485 void tls_certificate_set_key(struct TLSCertificate *cert, const unsigned char *val, int len);
486 void tls_certificate_set_priv(struct TLSCertificate *cert, const unsigned char *val, int len);
487 void tls_certificate_set_sign_key(struct TLSCertificate *cert, const unsigned char *val, int len);
488 void tls_certificate_set_exponent(struct TLSCertificate *cert, const unsigned char *val, int len);
489 void tls_certificate_set_serial(struct TLSCertificate *cert, const unsigned char *val, int len);
490 void tls_certificate_set_algorithm(unsigned int *algorithm, const unsigned char *val, int len);
491 void tls_destroy_certificate(struct TLSCertificate *cert);
492 struct TLSPacket *tls_create_packet(struct TLSContext *context, unsigned char type, unsigned short version, int payload_size_hint);
493 void tls_destroy_packet(struct TLSPacket *packet);
494 void tls_packet_update(struct TLSPacket *packet);
495 int tls_packet_append(struct TLSPacket *packet, const unsigned char *buf, unsigned int len);
496 int tls_packet_uint8(struct TLSPacket *packet, unsigned char i);
497 int tls_packet_uint16(struct TLSPacket *packet, unsigned short i);
498 int tls_packet_uint32(struct TLSPacket *packet, unsigned int i);
499 int tls_packet_uint24(struct TLSPacket *packet, unsigned int i);
500 int tls_random(unsigned char *key, int len);
503 * Get encrypted data to write, if any. Once you've sent all of it, call
504 * tls_buffer_clear().
506 const unsigned char *tls_get_write_buffer(struct TLSContext *context, unsigned
509 void tls_buffer_clear(struct TLSContext *context);
511 /* Returns 1 for established, 0 for not established yet, and -1 for a critical
513 int tls_established(struct TLSContext *context);
515 /* Discards any unread decrypted data not consumed by tls_read(). */
516 void tls_read_clear(struct TLSContext *context);
519 * Reads any unread decrypted data (see tls_consume_stream). If you don't read
520 * all of it, the remainder will be left in the internal buffers for next
521 * tls_read(). Returns -1 for fatal error, 0 for no more data, or otherwise the
522 * number of bytes copied into the buffer (up to a maximum of the given size).
524 ssize_t tls_read(struct TLSContext *context, void *buf, size_t size);
526 struct TLSContext *tls_create_context(int is_server, unsigned short version);
528 const struct ECCCurveParameters *tls_set_curve(struct TLSContext *context, const struct ECCCurveParameters *curve);
530 /* Create a context for a given client, from a server context. Returns NULL on
532 struct TLSContext *tls_accept(struct TLSContext *context);
534 int tls_set_default_dhe_pg(struct TLSContext *context, const char *p_hex_str, const char *g_hex_str);
535 void tls_destroy_context(struct TLSContext *context);
536 int tls_choose_cipher(struct TLSContext *context, const unsigned char *buf, int buf_len, int *scsv_set);
537 int tls_cipher_supported(struct TLSContext *context, unsigned short cipher);
538 int tls_cipher_is_ephemeral(struct TLSContext *context);
539 const char *tls_cipher_name(struct TLSContext *context);
540 int tls_is_ecdsa(struct TLSContext *context);
541 void tls_send_client_key_exchange(struct TLSContext *context);
542 size_t tls_queue_packet(struct TLSPacket *packet);
543 struct TLSPacket *tls_build_server_key_exchange(struct TLSContext *context, int method);
544 struct TLSPacket *tls_build_hello(struct TLSContext *context, int tls13_downgrade);
545 struct TLSPacket *tls_build_client_hello(struct TLSContext *context);
546 struct TLSPacket *tls_certificate_request(struct TLSContext *context);
547 struct TLSPacket *tls_build_verify_request(struct TLSContext *context);
549 int tls_parse_client_hello(struct TLSContext *context, const unsigned char *buf, int buf_len, unsigned int *write_packets);
551 int tls_parse_certificate(struct TLSContext *context, const unsigned char *buf, int buf_len, int is_client);
552 int tls_parse_server_key_exchange(struct TLSContext *context, const unsigned char *buf, int buf_len);
553 int tls_parse_client_key_exchange(struct TLSContext *context, const unsigned char *buf, int buf_len);
554 int tls_parse_finished(struct TLSContext *context, const unsigned char *buf, int buf_len, unsigned int *write_packets);
555 int tls_parse_verify(struct TLSContext *context, const unsigned char *buf, int buf_len);
556 int tls_parse_payload(struct TLSContext *context, const unsigned char *buf, int buf_len);
557 int tls_parse_message(struct TLSContext *context, unsigned char *buf, int buf_len);
558 int tls_certificate_verify_signature(struct TLSCertificate *cert, struct TLSCertificate *parent);
559 int tls_certificate_chain_is_valid(struct TLSCertificate **certificates, int len);
560 int tls_certificate_chain_is_valid_root(struct TLSContext *context, struct TLSCertificate **certificates, int len);
563 * Add a certificate or a certificate chain to the given context, in PEM form.
564 * Returns a negative value (TLS_GENERIC_ERROR etc.) on error, 0 if there were
565 * no certificates in the buffer, or the number of loaded certificates on
568 int tls_load_certificates(struct TLSContext *context, const unsigned char *pem_buffer, int pem_size);
571 * Add a private key to the given context, in PEM form. Returns a negative
572 * value (TLS_GENERIC_ERROR etc.) on error, 0 if there was no private key in
573 * the buffer, or 1 on success.
575 int tls_load_private_key(struct TLSContext *context, const unsigned char *pem_buffer, int pem_size);
576 struct TLSPacket *tls_build_certificate(struct TLSContext *context);
577 struct TLSPacket *tls_build_finished(struct TLSContext *context);
578 struct TLSPacket *tls_build_change_cipher_spec(struct TLSContext *context);
579 struct TLSPacket *tls_build_message(struct TLSContext *context, const unsigned char *data, unsigned int len);
580 int tls_client_connect(struct TLSContext *context);
581 ssize_t tls_write(struct TLSContext *context, const void *buf, size_t count);
584 * Process a given number of input bytes from a socket. If the other side just
585 * presented a certificate and certificate_verify is not NULL, it will be
588 * Returns 0 if there's no data ready yet, a negative value (see
589 * TLS_GENERIC_ERROR etc.) for an error, or a positive value (the number of
590 * bytes used from buf) if one or more complete TLS messages were received. The
591 * data is copied into an internal buffer even if not all of it was consumed,
592 * so you should not re-send it the next time.
594 * Decrypted data, if any, should be read back with tls_read(). Can change the
595 * status of tls_established(). If the library has anything to send back on the
596 * socket (e.g. as part of the handshake), tls_get_write_buffer() will return
599 int tls_consume_stream(struct TLSContext *context);
600 void tls_close_notify(struct TLSContext *context);
601 void tls_alert(struct TLSContext *context, int critical, int code);
603 /* Whether tls_consume_stream() has data in its buffer that is not processed
605 int tls_pending(struct TLSContext *context);
607 int tls_is_broken(struct TLSContext *context);
608 int tls_request_client_certificate(struct TLSContext *context);
609 int tls_client_verified(struct TLSContext *context);
610 const char *tls_sni(struct TLSContext *context);
611 int tls_sni_set(struct TLSContext *context, const char *sni);
612 int tls_load_root_certificates(struct TLSContext *context, const unsigned char *pem_buffer, int pem_size);
613 int tls_default_verify(struct TLSContext *context, struct TLSCertificate **certificate_chain, int len);
614 void tls_print_certificate(const char *fname);
615 int tls_add_alpn(struct TLSContext *context, const char *alpn);
616 int tls_alpn_contains(struct TLSContext *context, const char *alpn, unsigned char alpn_size);
617 /* useful when renewing certificates for servers, without the need to restart
619 int tls_clear_certificates(struct TLSContext *context);
620 int tls_make_ktls(struct TLSContext *context, int socket);
621 int tls_unmake_ktls(struct TLSContext *context, int socket);
623 int x25519(uint8_t *r, const uint8_t *k, const uint8_t *u);
625 int tls_load_root_file(struct TLSContext *context, const char *pem_filename);
626 void tls_set_verify(struct TLSContext *context, tls_validation_function verify_callback);
627 int tls_set_fd(struct TLSContext *context, int socket);
628 int tls_connect(struct TLSContext *context);
629 int tls_shutdown(struct TLSContext *context);
630 void tls_free(struct TLSContext *context);
631 int base64decode(const char *in, size_t inLen, unsigned char *out, size_t *outLen);
632 ssize_t tls_fsync(struct TLSContext *context);
633 struct TLSCertificate *asn1_parse(struct TLSContext *context,
634 const unsigned char *buffer, int size,
636 int tls_mac_length(struct TLSContext *context);
637 int tls_is_aead(struct TLSContext *context);
638 int tls_crypto_create(struct TLSContext *context, int key_length,
639 unsigned char *localkey,
640 unsigned char *localiv,
641 unsigned char *remotekey,
642 unsigned char *remoteiv);
644 /* DH forward secrecy */
645 unsigned char *tls_decrypt_dhe(struct TLSContext *context, const unsigned char
646 *buffer, unsigned int len, unsigned int *size, int clear_key);
647 unsigned char *tls_decrypt_ecc_dhe(struct TLSContext *context, const unsigned
648 char *buffer, unsigned int len, unsigned int *size, int
650 void tls_dhe_free(struct TLSContext *context);
651 void tls_ecc_dhe_free(struct TLSContext *context);
652 void tls_dh_clear_key(struct DHKey * key);
653 void tls_dhe_create(struct TLSContext *context);
654 void tls_ecc_dhe_create(struct TLSContext *context);
655 int tls_dh_make_key(int keysize, struct DHKey *key, const char *pbuf,
656 const char *gbuf, int pbuf_len, int gbuf_len);
657 void tls_dhe_free(struct TLSContext *context);
658 int tls_dh_export_Y(unsigned char *Ybuf, unsigned long *Ylen,
660 int tls_dh_export_pqY(unsigned char *pbuf, unsigned long *plen,
661 unsigned char *gbuf, unsigned long *glen,
662 unsigned char *Ybuf, unsigned long *Ylen,
664 void tls_ecc_init_curves();
665 int tls_update_hash(struct TLSContext *context, const unsigned char *in,
667 int tls_done_hash(struct TLSContext *context, unsigned char *hout);
668 void tls_set_packet_length(struct TLSPacket *packet, uint32_t length);
669 int tls_compute_key(struct TLSContext *context, unsigned int key_len);
670 int tls_parse_server_hello(struct TLSContext *ctx, const unsigned char *buf, size_t len);
671 int tls_supported_version(uint16_t ver);
672 int tls_parse_key_share(struct TLSContext *context, const unsigned char *buf,
674 unsigned int tls_hmac_message(unsigned char local,
675 struct TLSContext *context,
676 const unsigned char *buf,
678 const unsigned char *buf2,
679 int buf_len2, unsigned char *out,
680 unsigned int outlen);
681 void tls_hkdf_expand_label(unsigned int mac_length,
682 unsigned char *output,
684 const unsigned char *secret,
685 unsigned int secret_len,
687 unsigned char label_len,
688 const unsigned char *data,
689 unsigned char data_len);
690 int tls_hkdf_extract(unsigned int mac_length,
691 unsigned char *output, unsigned int outlen,
692 const unsigned char *salt,
693 unsigned int salt_len,
694 const unsigned char *ikm,
695 unsigned char ikm_len);
696 void tls_destroy_hash(struct TLSContext *context);
697 int tls_get_hash(struct TLSContext *context, unsigned char *hout);
698 int tls_get_hash_idx(struct TLSContext *context);
700 extern struct ECCCurveParameters secp192r1;
701 extern struct ECCCurveParameters secp224k1;
702 extern struct ECCCurveParameters secp224r1;
703 extern struct ECCCurveParameters secp256k1;
704 extern struct ECCCurveParameters secp256r1;
705 extern struct ECCCurveParameters secp384r1;
706 extern struct ECCCurveParameters secp521r1;
707 extern struct ECCCurveParameters curve25519;
708 extern struct DHKey ffdhe2048;
709 extern struct DHKey ffdhe4096;
710 extern struct DHKey ffdhe8192;
711 extern struct DHKey ffdhe6144;
712 extern struct DHKey ffdhe3072;
713 extern struct ECCCurveParameters *const tls_ecc_default_curve;