xref: /freebsd/contrib/wpa/src/crypto/tls.h (revision f4b37ed0f8b307b1f3f0f630ca725d68f1dff30d)
1 /*
2  * SSL/TLS interface definition
3  * Copyright (c) 2004-2013, Jouni Malinen <j@w1.fi>
4  *
5  * This software may be distributed under the terms of the BSD license.
6  * See README for more details.
7  */
8 
9 #ifndef TLS_H
10 #define TLS_H
11 
12 struct tls_connection;
13 
14 struct tls_keys {
15 	const u8 *master_key; /* TLS master secret */
16 	size_t master_key_len;
17 	const u8 *client_random;
18 	size_t client_random_len;
19 	const u8 *server_random;
20 	size_t server_random_len;
21 };
22 
23 enum tls_event {
24 	TLS_CERT_CHAIN_SUCCESS,
25 	TLS_CERT_CHAIN_FAILURE,
26 	TLS_PEER_CERTIFICATE,
27 	TLS_ALERT
28 };
29 
30 /*
31  * Note: These are used as identifier with external programs and as such, the
32  * values must not be changed.
33  */
34 enum tls_fail_reason {
35 	TLS_FAIL_UNSPECIFIED = 0,
36 	TLS_FAIL_UNTRUSTED = 1,
37 	TLS_FAIL_REVOKED = 2,
38 	TLS_FAIL_NOT_YET_VALID = 3,
39 	TLS_FAIL_EXPIRED = 4,
40 	TLS_FAIL_SUBJECT_MISMATCH = 5,
41 	TLS_FAIL_ALTSUBJECT_MISMATCH = 6,
42 	TLS_FAIL_BAD_CERTIFICATE = 7,
43 	TLS_FAIL_SERVER_CHAIN_PROBE = 8,
44 	TLS_FAIL_DOMAIN_SUFFIX_MISMATCH = 9,
45 	TLS_FAIL_DOMAIN_MISMATCH = 10,
46 };
47 
48 
49 #define TLS_MAX_ALT_SUBJECT 10
50 
51 union tls_event_data {
52 	struct {
53 		int depth;
54 		const char *subject;
55 		enum tls_fail_reason reason;
56 		const char *reason_txt;
57 		const struct wpabuf *cert;
58 	} cert_fail;
59 
60 	struct {
61 		int depth;
62 		const char *subject;
63 		const struct wpabuf *cert;
64 		const u8 *hash;
65 		size_t hash_len;
66 		const char *altsubject[TLS_MAX_ALT_SUBJECT];
67 		int num_altsubject;
68 	} peer_cert;
69 
70 	struct {
71 		int is_local;
72 		const char *type;
73 		const char *description;
74 	} alert;
75 };
76 
77 struct tls_config {
78 	const char *opensc_engine_path;
79 	const char *pkcs11_engine_path;
80 	const char *pkcs11_module_path;
81 	int fips_mode;
82 	int cert_in_cb;
83 	const char *openssl_ciphers;
84 
85 	void (*event_cb)(void *ctx, enum tls_event ev,
86 			 union tls_event_data *data);
87 	void *cb_ctx;
88 };
89 
90 #define TLS_CONN_ALLOW_SIGN_RSA_MD5 BIT(0)
91 #define TLS_CONN_DISABLE_TIME_CHECKS BIT(1)
92 #define TLS_CONN_DISABLE_SESSION_TICKET BIT(2)
93 #define TLS_CONN_REQUEST_OCSP BIT(3)
94 #define TLS_CONN_REQUIRE_OCSP BIT(4)
95 #define TLS_CONN_DISABLE_TLSv1_1 BIT(5)
96 #define TLS_CONN_DISABLE_TLSv1_2 BIT(6)
97 #define TLS_CONN_EAP_FAST BIT(7)
98 
99 /**
100  * struct tls_connection_params - Parameters for TLS connection
101  * @ca_cert: File or reference name for CA X.509 certificate in PEM or DER
102  * format
103  * @ca_cert_blob: ca_cert as inlined data or %NULL if not used
104  * @ca_cert_blob_len: ca_cert_blob length
105  * @ca_path: Path to CA certificates (OpenSSL specific)
106  * @subject_match: String to match in the subject of the peer certificate or
107  * %NULL to allow all subjects
108  * @altsubject_match: String to match in the alternative subject of the peer
109  * certificate or %NULL to allow all alternative subjects
110  * @suffix_match: String to suffix match in the dNSName or CN of the peer
111  * certificate or %NULL to allow all domain names. This may allow subdomains an
112  * wildcard certificates. Each domain name label must have a full match.
113  * @domain_match: String to match in the dNSName or CN of the peer
114  * certificate or %NULL to allow all domain names. This requires a full,
115  * case-insensitive match.
116  * @client_cert: File or reference name for client X.509 certificate in PEM or
117  * DER format
118  * @client_cert_blob: client_cert as inlined data or %NULL if not used
119  * @client_cert_blob_len: client_cert_blob length
120  * @private_key: File or reference name for client private key in PEM or DER
121  * format (traditional format (RSA PRIVATE KEY) or PKCS#8 (PRIVATE KEY)
122  * @private_key_blob: private_key as inlined data or %NULL if not used
123  * @private_key_blob_len: private_key_blob length
124  * @private_key_passwd: Passphrase for decrypted private key, %NULL if no
125  * passphrase is used.
126  * @dh_file: File name for DH/DSA data in PEM format, or %NULL if not used
127  * @dh_blob: dh_file as inlined data or %NULL if not used
128  * @dh_blob_len: dh_blob length
129  * @engine: 1 = use engine (e.g., a smartcard) for private key operations
130  * (this is OpenSSL specific for now)
131  * @engine_id: engine id string (this is OpenSSL specific for now)
132  * @ppin: pointer to the pin variable in the configuration
133  * (this is OpenSSL specific for now)
134  * @key_id: the private key's id when using engine (this is OpenSSL
135  * specific for now)
136  * @cert_id: the certificate's id when using engine
137  * @ca_cert_id: the CA certificate's id when using engine
138  * @openssl_ciphers: OpenSSL cipher configuration
139  * @flags: Parameter options (TLS_CONN_*)
140  * @ocsp_stapling_response: DER encoded file with cached OCSP stapling response
141  *	or %NULL if OCSP is not enabled
142  *
143  * TLS connection parameters to be configured with tls_connection_set_params()
144  * and tls_global_set_params().
145  *
146  * Certificates and private key can be configured either as a reference name
147  * (file path or reference to certificate store) or by providing the same data
148  * as a pointer to the data in memory. Only one option will be used for each
149  * field.
150  */
151 struct tls_connection_params {
152 	const char *ca_cert;
153 	const u8 *ca_cert_blob;
154 	size_t ca_cert_blob_len;
155 	const char *ca_path;
156 	const char *subject_match;
157 	const char *altsubject_match;
158 	const char *suffix_match;
159 	const char *domain_match;
160 	const char *client_cert;
161 	const u8 *client_cert_blob;
162 	size_t client_cert_blob_len;
163 	const char *private_key;
164 	const u8 *private_key_blob;
165 	size_t private_key_blob_len;
166 	const char *private_key_passwd;
167 	const char *dh_file;
168 	const u8 *dh_blob;
169 	size_t dh_blob_len;
170 
171 	/* OpenSSL specific variables */
172 	int engine;
173 	const char *engine_id;
174 	const char *pin;
175 	const char *key_id;
176 	const char *cert_id;
177 	const char *ca_cert_id;
178 	const char *openssl_ciphers;
179 
180 	unsigned int flags;
181 	const char *ocsp_stapling_response;
182 };
183 
184 
185 /**
186  * tls_init - Initialize TLS library
187  * @conf: Configuration data for TLS library
188  * Returns: Context data to be used as tls_ctx in calls to other functions,
189  * or %NULL on failure.
190  *
191  * Called once during program startup and once for each RSN pre-authentication
192  * session. In other words, there can be two concurrent TLS contexts. If global
193  * library initialization is needed (i.e., one that is shared between both
194  * authentication types), the TLS library wrapper should maintain a reference
195  * counter and do global initialization only when moving from 0 to 1 reference.
196  */
197 void * tls_init(const struct tls_config *conf);
198 
199 /**
200  * tls_deinit - Deinitialize TLS library
201  * @tls_ctx: TLS context data from tls_init()
202  *
203  * Called once during program shutdown and once for each RSN pre-authentication
204  * session. If global library deinitialization is needed (i.e., one that is
205  * shared between both authentication types), the TLS library wrapper should
206  * maintain a reference counter and do global deinitialization only when moving
207  * from 1 to 0 references.
208  */
209 void tls_deinit(void *tls_ctx);
210 
211 /**
212  * tls_get_errors - Process pending errors
213  * @tls_ctx: TLS context data from tls_init()
214  * Returns: Number of found error, 0 if no errors detected.
215  *
216  * Process all pending TLS errors.
217  */
218 int tls_get_errors(void *tls_ctx);
219 
220 /**
221  * tls_connection_init - Initialize a new TLS connection
222  * @tls_ctx: TLS context data from tls_init()
223  * Returns: Connection context data, conn for other function calls
224  */
225 struct tls_connection * tls_connection_init(void *tls_ctx);
226 
227 /**
228  * tls_connection_deinit - Free TLS connection data
229  * @tls_ctx: TLS context data from tls_init()
230  * @conn: Connection context data from tls_connection_init()
231  *
232  * Release all resources allocated for TLS connection.
233  */
234 void tls_connection_deinit(void *tls_ctx, struct tls_connection *conn);
235 
236 /**
237  * tls_connection_established - Has the TLS connection been completed?
238  * @tls_ctx: TLS context data from tls_init()
239  * @conn: Connection context data from tls_connection_init()
240  * Returns: 1 if TLS connection has been completed, 0 if not.
241  */
242 int tls_connection_established(void *tls_ctx, struct tls_connection *conn);
243 
244 /**
245  * tls_connection_shutdown - Shutdown TLS connection
246  * @tls_ctx: TLS context data from tls_init()
247  * @conn: Connection context data from tls_connection_init()
248  * Returns: 0 on success, -1 on failure
249  *
250  * Shutdown current TLS connection without releasing all resources. New
251  * connection can be started by using the same conn without having to call
252  * tls_connection_init() or setting certificates etc. again. The new
253  * connection should try to use session resumption.
254  */
255 int tls_connection_shutdown(void *tls_ctx, struct tls_connection *conn);
256 
257 enum {
258 	TLS_SET_PARAMS_ENGINE_PRV_VERIFY_FAILED = -3,
259 	TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED = -2
260 };
261 
262 /**
263  * tls_connection_set_params - Set TLS connection parameters
264  * @tls_ctx: TLS context data from tls_init()
265  * @conn: Connection context data from tls_connection_init()
266  * @params: Connection parameters
267  * Returns: 0 on success, -1 on failure,
268  * TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED (-2) on possible PIN error causing
269  * PKCS#11 engine failure, or
270  * TLS_SET_PARAMS_ENGINE_PRV_VERIFY_FAILED (-3) on failure to verify the
271  * PKCS#11 engine private key.
272  */
273 int __must_check
274 tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
275 			  const struct tls_connection_params *params);
276 
277 /**
278  * tls_global_set_params - Set TLS parameters for all TLS connection
279  * @tls_ctx: TLS context data from tls_init()
280  * @params: Global TLS parameters
281  * Returns: 0 on success, -1 on failure,
282  * TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED (-2) on possible PIN error causing
283  * PKCS#11 engine failure, or
284  * TLS_SET_PARAMS_ENGINE_PRV_VERIFY_FAILED (-3) on failure to verify the
285  * PKCS#11 engine private key.
286  */
287 int __must_check tls_global_set_params(
288 	void *tls_ctx, const struct tls_connection_params *params);
289 
290 /**
291  * tls_global_set_verify - Set global certificate verification options
292  * @tls_ctx: TLS context data from tls_init()
293  * @check_crl: 0 = do not verify CRLs, 1 = verify CRL for the user certificate,
294  * 2 = verify CRL for all certificates
295  * Returns: 0 on success, -1 on failure
296  */
297 int __must_check tls_global_set_verify(void *tls_ctx, int check_crl);
298 
299 /**
300  * tls_connection_set_verify - Set certificate verification options
301  * @tls_ctx: TLS context data from tls_init()
302  * @conn: Connection context data from tls_connection_init()
303  * @verify_peer: 1 = verify peer certificate
304  * Returns: 0 on success, -1 on failure
305  */
306 int __must_check tls_connection_set_verify(void *tls_ctx,
307 					   struct tls_connection *conn,
308 					   int verify_peer);
309 
310 /**
311  * tls_connection_get_keys - Get master key and random data from TLS connection
312  * @tls_ctx: TLS context data from tls_init()
313  * @conn: Connection context data from tls_connection_init()
314  * @keys: Structure of key/random data (filled on success)
315  * Returns: 0 on success, -1 on failure
316  */
317 int __must_check tls_connection_get_keys(void *tls_ctx,
318 					 struct tls_connection *conn,
319 					 struct tls_keys *keys);
320 
321 /**
322  * tls_connection_prf - Use TLS-PRF to derive keying material
323  * @tls_ctx: TLS context data from tls_init()
324  * @conn: Connection context data from tls_connection_init()
325  * @label: Label (e.g., description of the key) for PRF
326  * @server_random_first: seed is 0 = client_random|server_random,
327  * 1 = server_random|client_random
328  * @out: Buffer for output data from TLS-PRF
329  * @out_len: Length of the output buffer
330  * Returns: 0 on success, -1 on failure
331  *
332  * This function is optional to implement if tls_connection_get_keys() provides
333  * access to master secret and server/client random values. If these values are
334  * not exported from the TLS library, tls_connection_prf() is required so that
335  * further keying material can be derived from the master secret. If not
336  * implemented, the function will still need to be defined, but it can just
337  * return -1. Example implementation of this function is in tls_prf_sha1_md5()
338  * when it is called with seed set to client_random|server_random (or
339  * server_random|client_random).
340  */
341 int __must_check  tls_connection_prf(void *tls_ctx,
342 				     struct tls_connection *conn,
343 				     const char *label,
344 				     int server_random_first,
345 				     u8 *out, size_t out_len);
346 
347 /**
348  * tls_connection_handshake - Process TLS handshake (client side)
349  * @tls_ctx: TLS context data from tls_init()
350  * @conn: Connection context data from tls_connection_init()
351  * @in_data: Input data from TLS server
352  * @appl_data: Pointer to application data pointer, or %NULL if dropped
353  * Returns: Output data, %NULL on failure
354  *
355  * The caller is responsible for freeing the returned output data. If the final
356  * handshake message includes application data, this is decrypted and
357  * appl_data (if not %NULL) is set to point this data. The caller is
358  * responsible for freeing appl_data.
359  *
360  * This function is used during TLS handshake. The first call is done with
361  * in_data == %NULL and the library is expected to return ClientHello packet.
362  * This packet is then send to the server and a response from server is given
363  * to TLS library by calling this function again with in_data pointing to the
364  * TLS message from the server.
365  *
366  * If the TLS handshake fails, this function may return %NULL. However, if the
367  * TLS library has a TLS alert to send out, that should be returned as the
368  * output data. In this case, tls_connection_get_failed() must return failure
369  * (> 0).
370  *
371  * tls_connection_established() should return 1 once the TLS handshake has been
372  * completed successfully.
373  */
374 struct wpabuf * tls_connection_handshake(void *tls_ctx,
375 					 struct tls_connection *conn,
376 					 const struct wpabuf *in_data,
377 					 struct wpabuf **appl_data);
378 
379 struct wpabuf * tls_connection_handshake2(void *tls_ctx,
380 					  struct tls_connection *conn,
381 					  const struct wpabuf *in_data,
382 					  struct wpabuf **appl_data,
383 					  int *more_data_needed);
384 
385 /**
386  * tls_connection_server_handshake - Process TLS handshake (server side)
387  * @tls_ctx: TLS context data from tls_init()
388  * @conn: Connection context data from tls_connection_init()
389  * @in_data: Input data from TLS peer
390  * @appl_data: Pointer to application data pointer, or %NULL if dropped
391  * Returns: Output data, %NULL on failure
392  *
393  * The caller is responsible for freeing the returned output data.
394  */
395 struct wpabuf * tls_connection_server_handshake(void *tls_ctx,
396 						struct tls_connection *conn,
397 						const struct wpabuf *in_data,
398 						struct wpabuf **appl_data);
399 
400 /**
401  * tls_connection_encrypt - Encrypt data into TLS tunnel
402  * @tls_ctx: TLS context data from tls_init()
403  * @conn: Connection context data from tls_connection_init()
404  * @in_data: Plaintext data to be encrypted
405  * Returns: Encrypted TLS data or %NULL on failure
406  *
407  * This function is used after TLS handshake has been completed successfully to
408  * send data in the encrypted tunnel. The caller is responsible for freeing the
409  * returned output data.
410  */
411 struct wpabuf * tls_connection_encrypt(void *tls_ctx,
412 				       struct tls_connection *conn,
413 				       const struct wpabuf *in_data);
414 
415 /**
416  * tls_connection_decrypt - Decrypt data from TLS tunnel
417  * @tls_ctx: TLS context data from tls_init()
418  * @conn: Connection context data from tls_connection_init()
419  * @in_data: Encrypted TLS data
420  * Returns: Decrypted TLS data or %NULL on failure
421  *
422  * This function is used after TLS handshake has been completed successfully to
423  * receive data from the encrypted tunnel. The caller is responsible for
424  * freeing the returned output data.
425  */
426 struct wpabuf * tls_connection_decrypt(void *tls_ctx,
427 				       struct tls_connection *conn,
428 				       const struct wpabuf *in_data);
429 
430 struct wpabuf * tls_connection_decrypt2(void *tls_ctx,
431 					struct tls_connection *conn,
432 					const struct wpabuf *in_data,
433 					int *more_data_needed);
434 
435 /**
436  * tls_connection_resumed - Was session resumption used
437  * @tls_ctx: TLS context data from tls_init()
438  * @conn: Connection context data from tls_connection_init()
439  * Returns: 1 if current session used session resumption, 0 if not
440  */
441 int tls_connection_resumed(void *tls_ctx, struct tls_connection *conn);
442 
443 enum {
444 	TLS_CIPHER_NONE,
445 	TLS_CIPHER_RC4_SHA /* 0x0005 */,
446 	TLS_CIPHER_AES128_SHA /* 0x002f */,
447 	TLS_CIPHER_RSA_DHE_AES128_SHA /* 0x0031 */,
448 	TLS_CIPHER_ANON_DH_AES128_SHA /* 0x0034 */
449 };
450 
451 /**
452  * tls_connection_set_cipher_list - Configure acceptable cipher suites
453  * @tls_ctx: TLS context data from tls_init()
454  * @conn: Connection context data from tls_connection_init()
455  * @ciphers: Zero (TLS_CIPHER_NONE) terminated list of allowed ciphers
456  * (TLS_CIPHER_*).
457  * Returns: 0 on success, -1 on failure
458  */
459 int __must_check tls_connection_set_cipher_list(void *tls_ctx,
460 						struct tls_connection *conn,
461 						u8 *ciphers);
462 
463 /**
464  * tls_get_cipher - Get current cipher name
465  * @tls_ctx: TLS context data from tls_init()
466  * @conn: Connection context data from tls_connection_init()
467  * @buf: Buffer for the cipher name
468  * @buflen: buf size
469  * Returns: 0 on success, -1 on failure
470  *
471  * Get the name of the currently used cipher.
472  */
473 int __must_check tls_get_cipher(void *tls_ctx, struct tls_connection *conn,
474 				char *buf, size_t buflen);
475 
476 /**
477  * tls_connection_enable_workaround - Enable TLS workaround options
478  * @tls_ctx: TLS context data from tls_init()
479  * @conn: Connection context data from tls_connection_init()
480  * Returns: 0 on success, -1 on failure
481  *
482  * This function is used to enable connection-specific workaround options for
483  * buffer SSL/TLS implementations.
484  */
485 int __must_check tls_connection_enable_workaround(void *tls_ctx,
486 						  struct tls_connection *conn);
487 
488 /**
489  * tls_connection_client_hello_ext - Set TLS extension for ClientHello
490  * @tls_ctx: TLS context data from tls_init()
491  * @conn: Connection context data from tls_connection_init()
492  * @ext_type: Extension type
493  * @data: Extension payload (%NULL to remove extension)
494  * @data_len: Extension payload length
495  * Returns: 0 on success, -1 on failure
496  */
497 int __must_check tls_connection_client_hello_ext(void *tls_ctx,
498 						 struct tls_connection *conn,
499 						 int ext_type, const u8 *data,
500 						 size_t data_len);
501 
502 /**
503  * tls_connection_get_failed - Get connection failure status
504  * @tls_ctx: TLS context data from tls_init()
505  * @conn: Connection context data from tls_connection_init()
506  *
507  * Returns >0 if connection has failed, 0 if not.
508  */
509 int tls_connection_get_failed(void *tls_ctx, struct tls_connection *conn);
510 
511 /**
512  * tls_connection_get_read_alerts - Get connection read alert status
513  * @tls_ctx: TLS context data from tls_init()
514  * @conn: Connection context data from tls_connection_init()
515  * Returns: Number of times a fatal read (remote end reported error) has
516  * happened during this connection.
517  */
518 int tls_connection_get_read_alerts(void *tls_ctx, struct tls_connection *conn);
519 
520 /**
521  * tls_connection_get_write_alerts - Get connection write alert status
522  * @tls_ctx: TLS context data from tls_init()
523  * @conn: Connection context data from tls_connection_init()
524  * Returns: Number of times a fatal write (locally detected error) has happened
525  * during this connection.
526  */
527 int tls_connection_get_write_alerts(void *tls_ctx,
528 				    struct tls_connection *conn);
529 
530 /**
531  * tls_connection_get_keyblock_size - Get TLS key_block size
532  * @tls_ctx: TLS context data from tls_init()
533  * @conn: Connection context data from tls_connection_init()
534  * Returns: Size of the key_block for the negotiated cipher suite or -1 on
535  * failure
536  */
537 int tls_connection_get_keyblock_size(void *tls_ctx,
538 				     struct tls_connection *conn);
539 
540 /**
541  * tls_capabilities - Get supported TLS capabilities
542  * @tls_ctx: TLS context data from tls_init()
543  * Returns: Bit field of supported TLS capabilities (TLS_CAPABILITY_*)
544  */
545 unsigned int tls_capabilities(void *tls_ctx);
546 
547 typedef int (*tls_session_ticket_cb)
548 (void *ctx, const u8 *ticket, size_t len, const u8 *client_random,
549  const u8 *server_random, u8 *master_secret);
550 
551 int __must_check  tls_connection_set_session_ticket_cb(
552 	void *tls_ctx, struct tls_connection *conn,
553 	tls_session_ticket_cb cb, void *ctx);
554 
555 void tls_connection_set_log_cb(struct tls_connection *conn,
556 			       void (*log_cb)(void *ctx, const char *msg),
557 			       void *ctx);
558 
559 #define TLS_BREAK_VERIFY_DATA BIT(0)
560 #define TLS_BREAK_SRV_KEY_X_HASH BIT(1)
561 #define TLS_BREAK_SRV_KEY_X_SIGNATURE BIT(2)
562 #define TLS_DHE_PRIME_511B BIT(3)
563 #define TLS_DHE_PRIME_767B BIT(4)
564 #define TLS_DHE_PRIME_15 BIT(5)
565 #define TLS_DHE_PRIME_58B BIT(6)
566 #define TLS_DHE_NON_PRIME BIT(7)
567 
568 void tls_connection_set_test_flags(struct tls_connection *conn, u32 flags);
569 
570 int tls_get_library_version(char *buf, size_t buf_len);
571 
572 #endif /* TLS_H */
573