xref: /freebsd/contrib/wpa/src/tls/tlsv1_client_i.h (revision c1d255d3ffdbe447de3ab875bf4e7d7accc5bfc5)
1 /*
2  * TLSv1 client - internal structures
3  * Copyright (c) 2006-2011, Jouni Malinen <j@w1.fi>
4  *
5  * This software may be distributed under the terms of the BSD license.
6  * See README for more details.
7  */
8 
9 #ifndef TLSV1_CLIENT_I_H
10 #define TLSV1_CLIENT_I_H
11 
12 struct tlsv1_client {
13 	enum {
14 		CLIENT_HELLO, SERVER_HELLO, SERVER_CERTIFICATE,
15 		SERVER_KEY_EXCHANGE, SERVER_CERTIFICATE_REQUEST,
16 		SERVER_HELLO_DONE, CLIENT_KEY_EXCHANGE, CHANGE_CIPHER_SPEC,
17 		SERVER_CHANGE_CIPHER_SPEC, SERVER_FINISHED, ACK_FINISHED,
18 		ESTABLISHED, FAILED
19 	} state;
20 
21 	struct tlsv1_record_layer rl;
22 
23 	u8 session_id[TLS_SESSION_ID_MAX_LEN];
24 	size_t session_id_len;
25 	u8 client_random[TLS_RANDOM_LEN];
26 	u8 server_random[TLS_RANDOM_LEN];
27 	u8 master_secret[TLS_MASTER_SECRET_LEN];
28 
29 	u8 alert_level;
30 	u8 alert_description;
31 
32 	unsigned int flags; /* TLS_CONN_* bitfield */
33 
34 	unsigned int certificate_requested:1;
35 	unsigned int session_resumed:1;
36 	unsigned int session_ticket_included:1;
37 	unsigned int use_session_ticket:1;
38 	unsigned int cert_in_cb:1;
39 	unsigned int ocsp_resp_received:1;
40 
41 	struct crypto_public_key *server_rsa_key;
42 
43 	struct tls_verify_hash verify;
44 
45 #define MAX_CIPHER_COUNT 30
46 	u16 cipher_suites[MAX_CIPHER_COUNT];
47 	size_t num_cipher_suites;
48 
49 	u16 prev_cipher_suite;
50 
51 	u8 *client_hello_ext;
52 	size_t client_hello_ext_len;
53 
54 	/* The prime modulus used for Diffie-Hellman */
55 	u8 *dh_p;
56 	size_t dh_p_len;
57 	/* The generator used for Diffie-Hellman */
58 	u8 *dh_g;
59 	size_t dh_g_len;
60 	/* The server's Diffie-Hellman public value */
61 	u8 *dh_ys;
62 	size_t dh_ys_len;
63 
64 	struct tlsv1_credentials *cred;
65 
66 	tlsv1_client_session_ticket_cb session_ticket_cb;
67 	void *session_ticket_cb_ctx;
68 
69 	struct wpabuf *partial_input;
70 
71 	void (*event_cb)(void *ctx, enum tls_event ev,
72 			 union tls_event_data *data);
73 	void *cb_ctx;
74 
75 	struct x509_certificate *server_cert;
76 };
77 
78 
79 void tls_alert(struct tlsv1_client *conn, u8 level, u8 description);
80 void tlsv1_client_free_dh(struct tlsv1_client *conn);
81 u16 tls_client_highest_ver(struct tlsv1_client *conn);
82 int tls_derive_pre_master_secret(struct tlsv1_client *conn,
83 				 u8 *pre_master_secret);
84 int tls_derive_keys(struct tlsv1_client *conn,
85 		    const u8 *pre_master_secret, size_t pre_master_secret_len);
86 u8 * tls_send_client_hello(struct tlsv1_client *conn, size_t *out_len);
87 u8 * tlsv1_client_send_alert(struct tlsv1_client *conn, u8 level,
88 			     u8 description, size_t *out_len);
89 u8 * tlsv1_client_handshake_write(struct tlsv1_client *conn, size_t *out_len,
90 				  int no_appl_data);
91 int tlsv1_client_process_handshake(struct tlsv1_client *conn, u8 ct,
92 				   const u8 *buf, size_t *len,
93 				   u8 **out_data, size_t *out_len);
94 
95 enum tls_ocsp_result {
96 	TLS_OCSP_NO_RESPONSE, TLS_OCSP_INVALID, TLS_OCSP_GOOD, TLS_OCSP_REVOKED
97 };
98 
99 enum tls_ocsp_result tls_process_ocsp_response(struct tlsv1_client *conn,
100 					       const u8 *resp, size_t len);
101 
102 #endif /* TLSV1_CLIENT_I_H */
103