xref: /freebsd/contrib/wpa/src/crypto/tls.h (revision 907b59d76938e654f0d040a888e8dfca3de1e222)
1 /*
2  * SSL/TLS interface definition
3  * Copyright (c) 2004-2013, Jouni Malinen <j@w1.fi>
4  *
5  * This software may be distributed under the terms of the BSD license.
6  * See README for more details.
7  */
8 
9 #ifndef TLS_H
10 #define TLS_H
11 
12 struct tls_connection;
13 
14 struct tls_random {
15 	const u8 *client_random;
16 	size_t client_random_len;
17 	const u8 *server_random;
18 	size_t server_random_len;
19 };
20 
21 enum tls_event {
22 	TLS_CERT_CHAIN_SUCCESS,
23 	TLS_CERT_CHAIN_FAILURE,
24 	TLS_PEER_CERTIFICATE,
25 	TLS_ALERT
26 };
27 
28 /*
29  * Note: These are used as identifier with external programs and as such, the
30  * values must not be changed.
31  */
32 enum tls_fail_reason {
33 	TLS_FAIL_UNSPECIFIED = 0,
34 	TLS_FAIL_UNTRUSTED = 1,
35 	TLS_FAIL_REVOKED = 2,
36 	TLS_FAIL_NOT_YET_VALID = 3,
37 	TLS_FAIL_EXPIRED = 4,
38 	TLS_FAIL_SUBJECT_MISMATCH = 5,
39 	TLS_FAIL_ALTSUBJECT_MISMATCH = 6,
40 	TLS_FAIL_BAD_CERTIFICATE = 7,
41 	TLS_FAIL_SERVER_CHAIN_PROBE = 8,
42 	TLS_FAIL_DOMAIN_SUFFIX_MISMATCH = 9,
43 	TLS_FAIL_DOMAIN_MISMATCH = 10,
44 };
45 
46 
47 #define TLS_MAX_ALT_SUBJECT 10
48 
49 union tls_event_data {
50 	struct {
51 		int depth;
52 		const char *subject;
53 		enum tls_fail_reason reason;
54 		const char *reason_txt;
55 		const struct wpabuf *cert;
56 	} cert_fail;
57 
58 	struct {
59 		int depth;
60 		const char *subject;
61 		const struct wpabuf *cert;
62 		const u8 *hash;
63 		size_t hash_len;
64 		const char *altsubject[TLS_MAX_ALT_SUBJECT];
65 		int num_altsubject;
66 	} peer_cert;
67 
68 	struct {
69 		int is_local;
70 		const char *type;
71 		const char *description;
72 	} alert;
73 };
74 
75 struct tls_config {
76 	const char *opensc_engine_path;
77 	const char *pkcs11_engine_path;
78 	const char *pkcs11_module_path;
79 	int fips_mode;
80 	int cert_in_cb;
81 	const char *openssl_ciphers;
82 	unsigned int tls_session_lifetime;
83 
84 	void (*event_cb)(void *ctx, enum tls_event ev,
85 			 union tls_event_data *data);
86 	void *cb_ctx;
87 };
88 
89 #define TLS_CONN_ALLOW_SIGN_RSA_MD5 BIT(0)
90 #define TLS_CONN_DISABLE_TIME_CHECKS BIT(1)
91 #define TLS_CONN_DISABLE_SESSION_TICKET BIT(2)
92 #define TLS_CONN_REQUEST_OCSP BIT(3)
93 #define TLS_CONN_REQUIRE_OCSP BIT(4)
94 #define TLS_CONN_DISABLE_TLSv1_1 BIT(5)
95 #define TLS_CONN_DISABLE_TLSv1_2 BIT(6)
96 #define TLS_CONN_EAP_FAST BIT(7)
97 #define TLS_CONN_DISABLE_TLSv1_0 BIT(8)
98 
99 /**
100  * struct tls_connection_params - Parameters for TLS connection
101  * @ca_cert: File or reference name for CA X.509 certificate in PEM or DER
102  * format
103  * @ca_cert_blob: ca_cert as inlined data or %NULL if not used
104  * @ca_cert_blob_len: ca_cert_blob length
105  * @ca_path: Path to CA certificates (OpenSSL specific)
106  * @subject_match: String to match in the subject of the peer certificate or
107  * %NULL to allow all subjects
108  * @altsubject_match: String to match in the alternative subject of the peer
109  * certificate or %NULL to allow all alternative subjects
110  * @suffix_match: String to suffix match in the dNSName or CN of the peer
111  * certificate or %NULL to allow all domain names. This may allow subdomains an
112  * wildcard certificates. Each domain name label must have a full match.
113  * @domain_match: String to match in the dNSName or CN of the peer
114  * certificate or %NULL to allow all domain names. This requires a full,
115  * case-insensitive match.
116  * @client_cert: File or reference name for client X.509 certificate in PEM or
117  * DER format
118  * @client_cert_blob: client_cert as inlined data or %NULL if not used
119  * @client_cert_blob_len: client_cert_blob length
120  * @private_key: File or reference name for client private key in PEM or DER
121  * format (traditional format (RSA PRIVATE KEY) or PKCS#8 (PRIVATE KEY)
122  * @private_key_blob: private_key as inlined data or %NULL if not used
123  * @private_key_blob_len: private_key_blob length
124  * @private_key_passwd: Passphrase for decrypted private key, %NULL if no
125  * passphrase is used.
126  * @dh_file: File name for DH/DSA data in PEM format, or %NULL if not used
127  * @dh_blob: dh_file as inlined data or %NULL if not used
128  * @dh_blob_len: dh_blob length
129  * @engine: 1 = use engine (e.g., a smartcard) for private key operations
130  * (this is OpenSSL specific for now)
131  * @engine_id: engine id string (this is OpenSSL specific for now)
132  * @ppin: pointer to the pin variable in the configuration
133  * (this is OpenSSL specific for now)
134  * @key_id: the private key's id when using engine (this is OpenSSL
135  * specific for now)
136  * @cert_id: the certificate's id when using engine
137  * @ca_cert_id: the CA certificate's id when using engine
138  * @openssl_ciphers: OpenSSL cipher configuration
139  * @flags: Parameter options (TLS_CONN_*)
140  * @ocsp_stapling_response: DER encoded file with cached OCSP stapling response
141  *	or %NULL if OCSP is not enabled
142  *
143  * TLS connection parameters to be configured with tls_connection_set_params()
144  * and tls_global_set_params().
145  *
146  * Certificates and private key can be configured either as a reference name
147  * (file path or reference to certificate store) or by providing the same data
148  * as a pointer to the data in memory. Only one option will be used for each
149  * field.
150  */
151 struct tls_connection_params {
152 	const char *ca_cert;
153 	const u8 *ca_cert_blob;
154 	size_t ca_cert_blob_len;
155 	const char *ca_path;
156 	const char *subject_match;
157 	const char *altsubject_match;
158 	const char *suffix_match;
159 	const char *domain_match;
160 	const char *client_cert;
161 	const u8 *client_cert_blob;
162 	size_t client_cert_blob_len;
163 	const char *private_key;
164 	const u8 *private_key_blob;
165 	size_t private_key_blob_len;
166 	const char *private_key_passwd;
167 	const char *dh_file;
168 	const u8 *dh_blob;
169 	size_t dh_blob_len;
170 
171 	/* OpenSSL specific variables */
172 	int engine;
173 	const char *engine_id;
174 	const char *pin;
175 	const char *key_id;
176 	const char *cert_id;
177 	const char *ca_cert_id;
178 	const char *openssl_ciphers;
179 
180 	unsigned int flags;
181 	const char *ocsp_stapling_response;
182 };
183 
184 
185 /**
186  * tls_init - Initialize TLS library
187  * @conf: Configuration data for TLS library
188  * Returns: Context data to be used as tls_ctx in calls to other functions,
189  * or %NULL on failure.
190  *
191  * Called once during program startup and once for each RSN pre-authentication
192  * session. In other words, there can be two concurrent TLS contexts. If global
193  * library initialization is needed (i.e., one that is shared between both
194  * authentication types), the TLS library wrapper should maintain a reference
195  * counter and do global initialization only when moving from 0 to 1 reference.
196  */
197 void * tls_init(const struct tls_config *conf);
198 
199 /**
200  * tls_deinit - Deinitialize TLS library
201  * @tls_ctx: TLS context data from tls_init()
202  *
203  * Called once during program shutdown and once for each RSN pre-authentication
204  * session. If global library deinitialization is needed (i.e., one that is
205  * shared between both authentication types), the TLS library wrapper should
206  * maintain a reference counter and do global deinitialization only when moving
207  * from 1 to 0 references.
208  */
209 void tls_deinit(void *tls_ctx);
210 
211 /**
212  * tls_get_errors - Process pending errors
213  * @tls_ctx: TLS context data from tls_init()
214  * Returns: Number of found error, 0 if no errors detected.
215  *
216  * Process all pending TLS errors.
217  */
218 int tls_get_errors(void *tls_ctx);
219 
220 /**
221  * tls_connection_init - Initialize a new TLS connection
222  * @tls_ctx: TLS context data from tls_init()
223  * Returns: Connection context data, conn for other function calls
224  */
225 struct tls_connection * tls_connection_init(void *tls_ctx);
226 
227 /**
228  * tls_connection_deinit - Free TLS connection data
229  * @tls_ctx: TLS context data from tls_init()
230  * @conn: Connection context data from tls_connection_init()
231  *
232  * Release all resources allocated for TLS connection.
233  */
234 void tls_connection_deinit(void *tls_ctx, struct tls_connection *conn);
235 
236 /**
237  * tls_connection_established - Has the TLS connection been completed?
238  * @tls_ctx: TLS context data from tls_init()
239  * @conn: Connection context data from tls_connection_init()
240  * Returns: 1 if TLS connection has been completed, 0 if not.
241  */
242 int tls_connection_established(void *tls_ctx, struct tls_connection *conn);
243 
244 /**
245  * tls_connection_shutdown - Shutdown TLS connection
246  * @tls_ctx: TLS context data from tls_init()
247  * @conn: Connection context data from tls_connection_init()
248  * Returns: 0 on success, -1 on failure
249  *
250  * Shutdown current TLS connection without releasing all resources. New
251  * connection can be started by using the same conn without having to call
252  * tls_connection_init() or setting certificates etc. again. The new
253  * connection should try to use session resumption.
254  */
255 int tls_connection_shutdown(void *tls_ctx, struct tls_connection *conn);
256 
257 enum {
258 	TLS_SET_PARAMS_ENGINE_PRV_BAD_PIN = -4,
259 	TLS_SET_PARAMS_ENGINE_PRV_VERIFY_FAILED = -3,
260 	TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED = -2
261 };
262 
263 /**
264  * tls_connection_set_params - Set TLS connection parameters
265  * @tls_ctx: TLS context data from tls_init()
266  * @conn: Connection context data from tls_connection_init()
267  * @params: Connection parameters
268  * Returns: 0 on success, -1 on failure,
269  * TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED (-2) on error causing PKCS#11 engine
270  * failure, or
271  * TLS_SET_PARAMS_ENGINE_PRV_VERIFY_FAILED (-3) on failure to verify the
272  * PKCS#11 engine private key, or
273  * TLS_SET_PARAMS_ENGINE_PRV_BAD_PIN (-4) on PIN error causing PKCS#11 engine
274  * failure.
275  */
276 int __must_check
277 tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
278 			  const struct tls_connection_params *params);
279 
280 /**
281  * tls_global_set_params - Set TLS parameters for all TLS connection
282  * @tls_ctx: TLS context data from tls_init()
283  * @params: Global TLS parameters
284  * Returns: 0 on success, -1 on failure,
285  * TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED (-2) on error causing PKCS#11 engine
286  * failure, or
287  * TLS_SET_PARAMS_ENGINE_PRV_VERIFY_FAILED (-3) on failure to verify the
288  * PKCS#11 engine private key, or
289  * TLS_SET_PARAMS_ENGINE_PRV_BAD_PIN (-4) on PIN error causing PKCS#11 engine
290  * failure.
291  */
292 int __must_check tls_global_set_params(
293 	void *tls_ctx, const struct tls_connection_params *params);
294 
295 /**
296  * tls_global_set_verify - Set global certificate verification options
297  * @tls_ctx: TLS context data from tls_init()
298  * @check_crl: 0 = do not verify CRLs, 1 = verify CRL for the user certificate,
299  * 2 = verify CRL for all certificates
300  * Returns: 0 on success, -1 on failure
301  */
302 int __must_check tls_global_set_verify(void *tls_ctx, int check_crl);
303 
304 /**
305  * tls_connection_set_verify - Set certificate verification options
306  * @tls_ctx: TLS context data from tls_init()
307  * @conn: Connection context data from tls_connection_init()
308  * @verify_peer: 1 = verify peer certificate
309  * @flags: Connection flags (TLS_CONN_*)
310  * @session_ctx: Session caching context or %NULL to use default
311  * @session_ctx_len: Length of @session_ctx in bytes.
312  * Returns: 0 on success, -1 on failure
313  */
314 int __must_check tls_connection_set_verify(void *tls_ctx,
315 					   struct tls_connection *conn,
316 					   int verify_peer,
317 					   unsigned int flags,
318 					   const u8 *session_ctx,
319 					   size_t session_ctx_len);
320 
321 /**
322  * tls_connection_get_random - Get random data from TLS connection
323  * @tls_ctx: TLS context data from tls_init()
324  * @conn: Connection context data from tls_connection_init()
325  * @data: Structure of client/server random data (filled on success)
326  * Returns: 0 on success, -1 on failure
327  */
328 int __must_check tls_connection_get_random(void *tls_ctx,
329 					 struct tls_connection *conn,
330 					 struct tls_random *data);
331 
332 /**
333  * tls_connection_prf - Use TLS-PRF to derive keying material
334  * @tls_ctx: TLS context data from tls_init()
335  * @conn: Connection context data from tls_connection_init()
336  * @label: Label (e.g., description of the key) for PRF
337  * @server_random_first: seed is 0 = client_random|server_random,
338  * 1 = server_random|client_random
339  * @skip_keyblock: Skip TLS key block from the beginning of PRF output
340  * @out: Buffer for output data from TLS-PRF
341  * @out_len: Length of the output buffer
342  * Returns: 0 on success, -1 on failure
343  *
344  * tls_connection_prf() is required so that further keying material can be
345  * derived from the master secret. Example implementation of this function is in
346  * tls_prf_sha1_md5() when it is called with seed set to
347  * client_random|server_random (or server_random|client_random). For TLSv1.2 and
348  * newer, a different PRF is needed, though.
349  */
350 int __must_check  tls_connection_prf(void *tls_ctx,
351 				     struct tls_connection *conn,
352 				     const char *label,
353 				     int server_random_first,
354 				     int skip_keyblock,
355 				     u8 *out, size_t out_len);
356 
357 /**
358  * tls_connection_handshake - Process TLS handshake (client side)
359  * @tls_ctx: TLS context data from tls_init()
360  * @conn: Connection context data from tls_connection_init()
361  * @in_data: Input data from TLS server
362  * @appl_data: Pointer to application data pointer, or %NULL if dropped
363  * Returns: Output data, %NULL on failure
364  *
365  * The caller is responsible for freeing the returned output data. If the final
366  * handshake message includes application data, this is decrypted and
367  * appl_data (if not %NULL) is set to point this data. The caller is
368  * responsible for freeing appl_data.
369  *
370  * This function is used during TLS handshake. The first call is done with
371  * in_data == %NULL and the library is expected to return ClientHello packet.
372  * This packet is then send to the server and a response from server is given
373  * to TLS library by calling this function again with in_data pointing to the
374  * TLS message from the server.
375  *
376  * If the TLS handshake fails, this function may return %NULL. However, if the
377  * TLS library has a TLS alert to send out, that should be returned as the
378  * output data. In this case, tls_connection_get_failed() must return failure
379  * (> 0).
380  *
381  * tls_connection_established() should return 1 once the TLS handshake has been
382  * completed successfully.
383  */
384 struct wpabuf * tls_connection_handshake(void *tls_ctx,
385 					 struct tls_connection *conn,
386 					 const struct wpabuf *in_data,
387 					 struct wpabuf **appl_data);
388 
389 struct wpabuf * tls_connection_handshake2(void *tls_ctx,
390 					  struct tls_connection *conn,
391 					  const struct wpabuf *in_data,
392 					  struct wpabuf **appl_data,
393 					  int *more_data_needed);
394 
395 /**
396  * tls_connection_server_handshake - Process TLS handshake (server side)
397  * @tls_ctx: TLS context data from tls_init()
398  * @conn: Connection context data from tls_connection_init()
399  * @in_data: Input data from TLS peer
400  * @appl_data: Pointer to application data pointer, or %NULL if dropped
401  * Returns: Output data, %NULL on failure
402  *
403  * The caller is responsible for freeing the returned output data.
404  */
405 struct wpabuf * tls_connection_server_handshake(void *tls_ctx,
406 						struct tls_connection *conn,
407 						const struct wpabuf *in_data,
408 						struct wpabuf **appl_data);
409 
410 /**
411  * tls_connection_encrypt - Encrypt data into TLS tunnel
412  * @tls_ctx: TLS context data from tls_init()
413  * @conn: Connection context data from tls_connection_init()
414  * @in_data: Plaintext data to be encrypted
415  * Returns: Encrypted TLS data or %NULL on failure
416  *
417  * This function is used after TLS handshake has been completed successfully to
418  * send data in the encrypted tunnel. The caller is responsible for freeing the
419  * returned output data.
420  */
421 struct wpabuf * tls_connection_encrypt(void *tls_ctx,
422 				       struct tls_connection *conn,
423 				       const struct wpabuf *in_data);
424 
425 /**
426  * tls_connection_decrypt - Decrypt data from TLS tunnel
427  * @tls_ctx: TLS context data from tls_init()
428  * @conn: Connection context data from tls_connection_init()
429  * @in_data: Encrypted TLS data
430  * Returns: Decrypted TLS data or %NULL on failure
431  *
432  * This function is used after TLS handshake has been completed successfully to
433  * receive data from the encrypted tunnel. The caller is responsible for
434  * freeing the returned output data.
435  */
436 struct wpabuf * tls_connection_decrypt(void *tls_ctx,
437 				       struct tls_connection *conn,
438 				       const struct wpabuf *in_data);
439 
440 struct wpabuf * tls_connection_decrypt2(void *tls_ctx,
441 					struct tls_connection *conn,
442 					const struct wpabuf *in_data,
443 					int *more_data_needed);
444 
445 /**
446  * tls_connection_resumed - Was session resumption used
447  * @tls_ctx: TLS context data from tls_init()
448  * @conn: Connection context data from tls_connection_init()
449  * Returns: 1 if current session used session resumption, 0 if not
450  */
451 int tls_connection_resumed(void *tls_ctx, struct tls_connection *conn);
452 
453 enum {
454 	TLS_CIPHER_NONE,
455 	TLS_CIPHER_RC4_SHA /* 0x0005 */,
456 	TLS_CIPHER_AES128_SHA /* 0x002f */,
457 	TLS_CIPHER_RSA_DHE_AES128_SHA /* 0x0031 */,
458 	TLS_CIPHER_ANON_DH_AES128_SHA /* 0x0034 */
459 };
460 
461 /**
462  * tls_connection_set_cipher_list - Configure acceptable cipher suites
463  * @tls_ctx: TLS context data from tls_init()
464  * @conn: Connection context data from tls_connection_init()
465  * @ciphers: Zero (TLS_CIPHER_NONE) terminated list of allowed ciphers
466  * (TLS_CIPHER_*).
467  * Returns: 0 on success, -1 on failure
468  */
469 int __must_check tls_connection_set_cipher_list(void *tls_ctx,
470 						struct tls_connection *conn,
471 						u8 *ciphers);
472 
473 /**
474  * tls_get_version - Get the current TLS version number
475  * @tls_ctx: TLS context data from tls_init()
476  * @conn: Connection context data from tls_connection_init()
477  * @buf: Buffer for returning the TLS version number
478  * @buflen: buf size
479  * Returns: 0 on success, -1 on failure
480  *
481  * Get the currently used TLS version number.
482  */
483 int __must_check tls_get_version(void *tls_ctx, struct tls_connection *conn,
484 				 char *buf, size_t buflen);
485 
486 /**
487  * tls_get_cipher - Get current cipher name
488  * @tls_ctx: TLS context data from tls_init()
489  * @conn: Connection context data from tls_connection_init()
490  * @buf: Buffer for the cipher name
491  * @buflen: buf size
492  * Returns: 0 on success, -1 on failure
493  *
494  * Get the name of the currently used cipher.
495  */
496 int __must_check tls_get_cipher(void *tls_ctx, struct tls_connection *conn,
497 				char *buf, size_t buflen);
498 
499 /**
500  * tls_connection_enable_workaround - Enable TLS workaround options
501  * @tls_ctx: TLS context data from tls_init()
502  * @conn: Connection context data from tls_connection_init()
503  * Returns: 0 on success, -1 on failure
504  *
505  * This function is used to enable connection-specific workaround options for
506  * buffer SSL/TLS implementations.
507  */
508 int __must_check tls_connection_enable_workaround(void *tls_ctx,
509 						  struct tls_connection *conn);
510 
511 /**
512  * tls_connection_client_hello_ext - Set TLS extension for ClientHello
513  * @tls_ctx: TLS context data from tls_init()
514  * @conn: Connection context data from tls_connection_init()
515  * @ext_type: Extension type
516  * @data: Extension payload (%NULL to remove extension)
517  * @data_len: Extension payload length
518  * Returns: 0 on success, -1 on failure
519  */
520 int __must_check tls_connection_client_hello_ext(void *tls_ctx,
521 						 struct tls_connection *conn,
522 						 int ext_type, const u8 *data,
523 						 size_t data_len);
524 
525 /**
526  * tls_connection_get_failed - Get connection failure status
527  * @tls_ctx: TLS context data from tls_init()
528  * @conn: Connection context data from tls_connection_init()
529  *
530  * Returns >0 if connection has failed, 0 if not.
531  */
532 int tls_connection_get_failed(void *tls_ctx, struct tls_connection *conn);
533 
534 /**
535  * tls_connection_get_read_alerts - Get connection read alert status
536  * @tls_ctx: TLS context data from tls_init()
537  * @conn: Connection context data from tls_connection_init()
538  * Returns: Number of times a fatal read (remote end reported error) has
539  * happened during this connection.
540  */
541 int tls_connection_get_read_alerts(void *tls_ctx, struct tls_connection *conn);
542 
543 /**
544  * tls_connection_get_write_alerts - Get connection write alert status
545  * @tls_ctx: TLS context data from tls_init()
546  * @conn: Connection context data from tls_connection_init()
547  * Returns: Number of times a fatal write (locally detected error) has happened
548  * during this connection.
549  */
550 int tls_connection_get_write_alerts(void *tls_ctx,
551 				    struct tls_connection *conn);
552 
553 typedef int (*tls_session_ticket_cb)
554 (void *ctx, const u8 *ticket, size_t len, const u8 *client_random,
555  const u8 *server_random, u8 *master_secret);
556 
557 int __must_check  tls_connection_set_session_ticket_cb(
558 	void *tls_ctx, struct tls_connection *conn,
559 	tls_session_ticket_cb cb, void *ctx);
560 
561 void tls_connection_set_log_cb(struct tls_connection *conn,
562 			       void (*log_cb)(void *ctx, const char *msg),
563 			       void *ctx);
564 
565 #define TLS_BREAK_VERIFY_DATA BIT(0)
566 #define TLS_BREAK_SRV_KEY_X_HASH BIT(1)
567 #define TLS_BREAK_SRV_KEY_X_SIGNATURE BIT(2)
568 #define TLS_DHE_PRIME_511B BIT(3)
569 #define TLS_DHE_PRIME_767B BIT(4)
570 #define TLS_DHE_PRIME_15 BIT(5)
571 #define TLS_DHE_PRIME_58B BIT(6)
572 #define TLS_DHE_NON_PRIME BIT(7)
573 
574 void tls_connection_set_test_flags(struct tls_connection *conn, u32 flags);
575 
576 int tls_get_library_version(char *buf, size_t buf_len);
577 
578 void tls_connection_set_success_data(struct tls_connection *conn,
579 				     struct wpabuf *data);
580 
581 void tls_connection_set_success_data_resumed(struct tls_connection *conn);
582 
583 const struct wpabuf *
584 tls_connection_get_success_data(struct tls_connection *conn);
585 
586 void tls_connection_remove_session(struct tls_connection *conn);
587 
588 #endif /* TLS_H */
589