1 /* 2 * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. 3 * 4 * Licensed under the Apache License, Version 2.0 (the License); you may 5 * not use this file except in compliance with the License. 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 */ 9 10 11 12 #ifndef GMSSL_TLS_H 13 #define GMSSL_TLS_H 14 15 16 #include <stdint.h> 17 #include <gmssl/sm2.h> 18 #include <gmssl/sm3.h> 19 #include <gmssl/sm4.h> 20 #include <gmssl/digest.h> 21 #include <gmssl/block_cipher.h> 22 23 24 #ifdef __cplusplus 25 extern "C" { 26 #endif 27 28 29 /* 30 TLS Public API 31 32 TLS_PROTOCOL 33 TLS_protocol_tlcp 34 TLS_protocol_tls12 35 TLS_protocol_tls13 36 37 TLS_CIPHER_SUITE 38 TLS_cipher_ecc_sm4_cbc_sm3 39 TLS_cipher_ecc_sm4_gcm_sm3 40 TLS_cipher_ecdhe_sm4_cbc_sm3 41 TLS_cipher_ecdhe_sm4_gcm_sm3 42 TLS_cipher_sm4_gcm_sm3 43 44 TLS_CTX 45 tls_ctx_init 46 tls_ctx_set_cipher_suites 47 tls_ctx_set_ca_certificates 48 tls_ctx_set_certificate_and_key 49 tls_ctx_set_tlcp_server_certificate_and_keys 50 tls_ctx_cleanup 51 52 TLS_CONNECT 53 tls_init 54 tls_set_socket 55 tls_do_handshake 56 tls_send 57 tls_recv 58 tls_shutdown 59 tls_cleanup 60 */ 61 62 typedef uint32_t uint24_t; 63 64 #define tls_uint8_size() 1 65 #define tls_uint16_size() 2 66 #define tls_uint24_size() 3 67 68 void tls_uint8_to_bytes(uint8_t a, uint8_t **out, size_t *outlen); 69 void tls_uint16_to_bytes(uint16_t a, uint8_t **out, size_t *outlen); 70 void tls_uint24_to_bytes(uint24_t a, uint8_t **out, size_t *outlen); 71 void tls_uint32_to_bytes(uint32_t a, uint8_t **out, size_t *outlen); 72 void tls_array_to_bytes(const uint8_t *data, size_t len, uint8_t **out, size_t *outlen); 73 void tls_uint8array_to_bytes(const uint8_t *data, size_t datalen, uint8_t **out, size_t *outlen); 74 void tls_uint16array_to_bytes(const uint8_t *data, size_t datalen, uint8_t **out, size_t *outlen); 75 void tls_uint24array_to_bytes(const uint8_t *data, size_t datalen, uint8_t **out, size_t *outlen); 76 int tls_uint8_from_bytes(uint8_t *a, const uint8_t **in, size_t *inlen); 77 int tls_uint16_from_bytes(uint16_t *a, const uint8_t **in, size_t *inlen); 78 int tls_uint24_from_bytes(uint24_t *a, const uint8_t **in, size_t *inlen); 79 int tls_uint32_from_bytes(uint32_t *a, const uint8_t **in, size_t *inlen); 80 int tls_array_from_bytes(const uint8_t **data, size_t datalen, const uint8_t **in, size_t *inlen); 81 int tls_uint8array_from_bytes(const uint8_t **data, size_t *datalen, const uint8_t **in, size_t *inlen); 82 int tls_uint16array_from_bytes(const uint8_t **data, size_t *datalen, const uint8_t **in, size_t *inlen); 83 int tls_uint24array_from_bytes(const uint8_t **data, size_t *datalen, const uint8_t **in, size_t *inlen); 84 int tls_length_is_zero(size_t len); 85 86 87 typedef enum { 88 TLS_protocol_tlcp = 0x0101, 89 TLS_protocol_ssl2 = 0x0200, 90 TLS_protocol_ssl3 = 0x0300, 91 TLS_protocol_tls1 = 0x0301, 92 TLS_protocol_tls11 = 0x0302, 93 TLS_protocol_tls12 = 0x0303, 94 TLS_protocol_tls13 = 0x0304, 95 TLS_protocol_dtls1 = 0xfeff, // {254, 255} 96 TLS_protocol_dtls12 = 0xfefd, // {254, 253} 97 } TLS_PROTOCOL; 98 99 const char *tls_protocol_name(int proto); 100 101 102 typedef enum { 103 TLS_cipher_null_with_null_null = 0x0000, 104 105 // TLS 1.3, RFC 8998 106 TLS_cipher_sm4_gcm_sm3 = 0x00c6, 107 TLS_cipher_sm4_ccm_sm3 = 0x00c7, 108 109 // TLCP, GB/T 38636-2020, GM/T 0024-2012 110 TLS_cipher_ecdhe_sm4_cbc_sm3 = 0xe011, // 可以让TLSv1.2使用这个 111 TLS_cipher_ecdhe_sm4_gcm_sm3 = 0xe051, 112 TLS_cipher_ecc_sm4_cbc_sm3 = 0xe013, 113 TLS_cipher_ecc_sm4_gcm_sm3 = 0xe053, 114 TLS_cipher_ibsdh_sm4_cbc_sm3 = 0xe015, 115 TLS_cipher_ibsdh_sm4_gcm_sm3 = 0xe055, 116 TLS_cipher_ibc_sm4_cbc_sm3 = 0xe017, 117 TLS_cipher_ibc_sm4_gcm_sm3 = 0xe057, 118 TLS_cipher_rsa_sm4_cbc_sm3 = 0xe019, 119 TLS_cipher_rsa_sm4_gcm_sm3 = 0xe059, 120 TLS_cipher_rsa_sm4_cbc_sha256 = 0xe01c, 121 TLS_cipher_rsa_sm4_gcm_sha256 = 0xe05a, 122 123 // TLS 1.3 RFC 8446 124 TLS_cipher_aes_128_gcm_sha256 = 0x1301, // Mandatory-to-implement 125 TLS_cipher_aes_256_gcm_sha384 = 0x1302, // SHOULD implement 126 TLS_cipher_chacha20_poly1305_sha256 = 0x1303, // SHOULD implement 127 TLS_cipher_aes_128_ccm_sha256 = 0x1304, 128 TLS_cipher_aes_128_ccm_8_sha256 = 0x1305, 129 130 TLS_cipher_empty_renegotiation_info_scsv = 0x00ff, 131 } TLS_CIPHER_SUITE; 132 133 const char *tls_cipher_suite_name(int cipher); 134 int tls_cipher_suites_select(const uint8_t *client_ciphers, size_t client_ciphers_len, 135 const int *server_ciphers, size_t server_ciphers_cnt, int *selected_cipher); 136 int tls_cipher_suite_in_list(int cipher, const int *list, size_t list_count); 137 138 139 typedef enum { 140 TLS_compression_null = 0, 141 TLS_compression_default = 1, 142 } TLS_COMPRESSION_METHOD; 143 144 const char *tls_compression_method_name(int meth); 145 146 147 typedef enum { 148 TLS_record_invalid = 0, // TLS 1.3 149 TLS_record_change_cipher_spec = 20, // 0x14 150 TLS_record_alert = 21, // 0x15 151 TLS_record_handshake = 22, // 0x16 152 TLS_record_application_data = 23, // 0x17 153 TLS_record_heartbeat = 24, // 0x18 154 TLS_record_tls12_cid = 25, // 0x19 155 } TLS_RECORD_TYPE; 156 157 const char *tls_record_type_name(int type); 158 159 160 typedef enum { 161 TLS_handshake_hello_request = 0, 162 TLS_handshake_client_hello = 1, 163 TLS_handshake_server_hello = 2, 164 TLS_handshake_hello_verify_request = 3, 165 TLS_handshake_new_session_ticket = 4, 166 TLS_handshake_end_of_early_data = 5, 167 TLS_handshake_hello_retry_request = 6, 168 TLS_handshake_encrypted_extensions = 8, 169 TLS_handshake_certificate = 11, 170 TLS_handshake_server_key_exchange = 12, 171 TLS_handshake_certificate_request = 13, 172 TLS_handshake_server_hello_done = 14, 173 TLS_handshake_certificate_verify = 15, 174 TLS_handshake_client_key_exchange = 16, 175 TLS_handshake_finished = 20, 176 TLS_handshake_certificate_url = 21, 177 TLS_handshake_certificate_status = 22, 178 TLS_handshake_supplemental_data = 23, 179 TLS_handshake_key_update = 24, 180 TLS_handshake_compressed_certificate = 25, 181 TLS_handshake_ekt_key = 26, 182 TLS_handshake_message_hash = 254, 183 } TLS_HANDSHAKE_TYPE; 184 185 const char *tls_handshake_type_name(int type); 186 187 188 typedef enum { 189 TLS_cert_type_rsa_sign = 1, 190 TLS_cert_type_dss_sign = 2, 191 TLS_cert_type_rsa_fixed_dh = 3, 192 TLS_cert_type_dss_fixed_dh = 4, 193 TLS_cert_type_rsa_ephemeral_dh_RESERVED = 5, 194 TLS_cert_type_dss_ephemeral_dh_RESERVED = 6, 195 TLS_cert_type_fortezza_dms_RESERVED = 20, 196 TLS_cert_type_ecdsa_sign = 64, // also for sm2 197 TLS_cert_type_rsa_fixed_ecdh = 65, 198 TLS_cert_type_ecdsa_fixed_ecdh = 66, 199 TLS_cert_type_gost_sign256 = 67, 200 TLS_cert_type_gost_sign512 = 68, 201 TLS_cert_type_ibc_params = 80, 202 } TLS_CERTIFICATE_TYPE; 203 204 const char *tls_cert_type_name(int type); 205 int tls_cert_type_from_oid(int oid); 206 207 typedef enum { 208 TLS_extension_server_name = 0, 209 TLS_extension_max_fragment_length = 1, 210 TLS_extension_client_certificate_url = 2, 211 TLS_extension_trusted_ca_keys = 3, 212 TLS_extension_truncated_hmac = 4, 213 TLS_extension_status_request = 5, 214 TLS_extension_user_mapping = 6, 215 TLS_extension_client_authz = 7, 216 TLS_extension_server_authz = 8, 217 TLS_extension_cert_type = 9, 218 TLS_extension_supported_groups = 10, 219 TLS_extension_ec_point_formats = 11, 220 TLS_extension_srp = 12, 221 TLS_extension_signature_algorithms = 13, 222 TLS_extension_use_srtp = 14, 223 TLS_extension_heartbeat = 15, 224 TLS_extension_application_layer_protocol_negotiation= 16, 225 TLS_extension_status_request_v2 = 17, 226 TLS_extension_signed_certificate_timestamp = 18, 227 TLS_extension_client_certificate_type = 19, 228 TLS_extension_server_certificate_type = 20, 229 TLS_extension_padding = 21, 230 TLS_extension_encrypt_then_mac = 22, 231 TLS_extension_extended_master_secret = 23, 232 TLS_extension_token_binding = 24, 233 TLS_extension_cached_info = 25, 234 TLS_extension_tls_lts = 26, 235 TLS_extension_compress_certificate = 27, 236 TLS_extension_record_size_limit = 28, 237 TLS_extension_pwd_protect = 29, 238 TLS_extension_pwd_clear = 30, 239 TLS_extension_password_salt = 31, 240 TLS_extension_ticket_pinning = 32, 241 TLS_extension_tls_cert_with_extern_psk = 33, 242 TLS_extension_delegated_credentials = 34, 243 TLS_extension_session_ticket = 35, 244 TLS_extension_TLMSP = 36, 245 TLS_extension_TLMSP_proxying = 37, 246 TLS_extension_TLMSP_delegate = 38, 247 TLS_extension_supported_ekt_ciphers = 39, 248 TLS_extension_pre_shared_key = 41, 249 TLS_extension_early_data = 42, 250 TLS_extension_supported_versions = 43, 251 TLS_extension_cookie = 44, 252 TLS_extension_psk_key_exchange_modes = 46, 253 TLS_extension_certificate_authorities = 47, 254 TLS_extension_oid_filters = 48, 255 TLS_extension_post_handshake_auth = 49, 256 TLS_extension_signature_algorithms_cert = 50, 257 TLS_extension_key_share = 51, 258 TLS_extension_transparency_info = 52, 259 TLS_extension_connection_id = 53, 260 TLS_extension_external_id_hash = 55, 261 TLS_extension_external_session_id = 56, 262 TLS_extension_quic_transport_parameters = 57, 263 TLS_extension_ticket_request = 58, 264 TLS_extension_renegotiation_info = 65281, 265 } TLS_EXTENSION_TYPE; 266 267 const char *tls_extension_name(int ext); 268 269 270 typedef enum { 271 TLS_point_uncompressed = 0, 272 TLS_point_ansix962_compressed_prime = 1, 273 TLS_point_ansix962_compressed_char2 = 2, 274 } TLS_EC_POINT_FORMAT; 275 276 const char *tls_ec_point_format_name(int format); 277 278 279 typedef enum { 280 TLS_curve_type_explicit_prime = 1, 281 TLS_curve_type_explicit_char2 = 2, 282 TLS_curve_type_named_curve = 3, 283 } TLS_CURVE_TYPE; 284 285 const char *tls_curve_type_name(int type); 286 287 288 // 与其支持v2,还不如直接修改v2,让v2和v3兼容 289 290 typedef enum { 291 TLS_curve_secp256k1 = 22, 292 TLS_curve_secp256r1 = 23, 293 TLS_curve_secp384r1 = 24, 294 TLS_curve_secp521r1 = 25, 295 TLS_curve_brainpoolp256r1 = 26, 296 TLS_curve_brainpoolp384r1 = 27, 297 TLS_curve_brainpoolp512r1 = 28, 298 TLS_curve_x25519 = 29, 299 TLS_curve_x448 = 30, 300 TLS_curve_brainpoolp256r1tls13 = 31, 301 TLS_curve_brainpoolp384r1tls13 = 32, 302 TLS_curve_brainpoolp512r1tls13 = 33, 303 TLS_curve_sm2p256v1 = 41, // GmSSLv2: 30 304 } TLS_NAMED_CURVE; 305 306 const char *tls_named_curve_name(int curve); 307 308 309 typedef enum { 310 TLS_sig_rsa_pkcs1_sha1 = 0x0201, 311 TLS_sig_ecdsa_sha1 = 0x0203, 312 TLS_sig_rsa_pkcs1_sha256 = 0x0401, 313 TLS_sig_ecdsa_secp256r1_sha256 = 0x0403, 314 TLS_sig_rsa_pkcs1_sha256_legacy = 0x0420, 315 TLS_sig_rsa_pkcs1_sha384 = 0x0501, 316 TLS_sig_ecdsa_secp384r1_sha384 = 0x0503, 317 TLS_sig_rsa_pkcs1_sha384_legacy = 0x0520, 318 TLS_sig_rsa_pkcs1_sha512 = 0x0601, 319 TLS_sig_ecdsa_secp521r1_sha512 = 0x0603, 320 TLS_sig_rsa_pkcs1_sha512_legacy = 0x0620, 321 TLS_sig_sm2sig_sm3 = 0x0708, // GmSSLv2: 0x0707 322 TLS_sig_rsa_pss_rsae_sha256 = 0x0804, 323 TLS_sig_rsa_pss_rsae_sha384 = 0x0805, 324 TLS_sig_rsa_pss_rsae_sha512 = 0x0806, 325 TLS_sig_ed25519 = 0x0807, 326 TLS_sig_ed448 = 0x0808, 327 TLS_sig_rsa_pss_pss_sha256 = 0x0809, 328 TLS_sig_rsa_pss_pss_sha384 = 0x080A, 329 TLS_sig_rsa_pss_pss_sha512 = 0x080B, 330 TLS_sig_ecdsa_brainpoolP256r1tls13_sha256 = 0x081A, 331 TLS_sig_ecdsa_brainpoolP384r1tls13_sha384 = 0x081B, 332 TLS_sig_ecdsa_brainpoolP512r1tls13_sha512 = 0x081C, 333 } TLS_SIGNATURE_SCHEME; 334 335 const char *tls_signature_scheme_name(int scheme); 336 337 338 typedef enum { 339 TLS_change_cipher_spec = 1, 340 } TLS_CHANGE_CIPHER_SPEC_TYPE; 341 342 343 typedef enum { 344 TLS_alert_level_warning = 1, 345 TLS_alert_level_fatal = 2, 346 } TLS_ALERT_LEVEL; 347 348 const char *tls_alert_level_name(int level); 349 350 351 typedef enum { 352 TLS_alert_close_notify = 0, 353 TLS_alert_unexpected_message = 10, 354 TLS_alert_bad_record_mac = 20, 355 TLS_alert_decryption_failed = 21, 356 TLS_alert_record_overflow = 22, 357 TLS_alert_decompression_failure = 30, 358 TLS_alert_handshake_failure = 40, 359 TLS_alert_no_certificate = 41, 360 TLS_alert_bad_certificate = 42, 361 TLS_alert_unsupported_certificate = 43, 362 TLS_alert_certificate_revoked = 44, 363 TLS_alert_certificate_expired = 45, 364 TLS_alert_certificate_unknown = 46, 365 TLS_alert_illegal_parameter = 47, 366 TLS_alert_unknown_ca = 48, 367 TLS_alert_access_denied = 49, 368 TLS_alert_decode_error = 50, 369 TLS_alert_decrypt_error = 51, 370 TLS_alert_export_restriction = 60, 371 TLS_alert_protocol_version = 70, 372 TLS_alert_insufficient_security = 71, 373 TLS_alert_internal_error = 80, 374 TLS_alert_user_canceled = 90, 375 TLS_alert_no_renegotiation = 100, 376 TLS_alert_unsupported_extension = 110, 377 TLS_alert_unsupported_site2site = 200, 378 TLS_alert_no_area = 201, 379 TLS_alert_unsupported_areatype = 202, 380 TLS_alert_bad_ibcparam = 203, 381 TLS_alert_unsupported_ibcparam = 204, 382 TLS_alert_identity_need = 205, 383 } TLS_ALERT_DESCRIPTION; 384 385 const char *tls_alert_description_text(int description); 386 387 388 int tls_prf(const uint8_t *secret, size_t secretlen, const char *label, 389 const uint8_t *seed, size_t seedlen, 390 const uint8_t *more, size_t morelen, 391 size_t outlen, uint8_t *out); 392 int tls13_hkdf_extract(const DIGEST *digest, const uint8_t salt[32], const uint8_t in[32], uint8_t out[32]); 393 int tls13_hkdf_expand_label(const DIGEST *digest, const uint8_t secret[32], 394 const char *label, const uint8_t *context, size_t context_len, 395 size_t outlen, uint8_t *out); 396 int tls13_derive_secret(const uint8_t secret[32], const char *label, const DIGEST_CTX *dgst_ctx, uint8_t out[32]); 397 398 int tls_cbc_encrypt(const SM3_HMAC_CTX *hmac_ctx, const SM4_KEY *enc_key, 399 const uint8_t seq_num[8], const uint8_t header[5], 400 const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen); 401 int tls_cbc_decrypt(const SM3_HMAC_CTX *hmac_ctx, const SM4_KEY *dec_key, 402 const uint8_t seq_num[8], const uint8_t header[5], 403 const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen); 404 int tls_record_encrypt(const SM3_HMAC_CTX *hmac_ctx, const SM4_KEY *cbc_key, 405 const uint8_t seq_num[8], const uint8_t *in, size_t inlen, 406 uint8_t *out, size_t *outlen); 407 int tls_record_decrypt(const SM3_HMAC_CTX *hmac_ctx, const SM4_KEY *cbc_key, 408 const uint8_t seq_num[8], const uint8_t *in, size_t inlen, 409 uint8_t *out, size_t *outlen); 410 411 int tls_seq_num_incr(uint8_t seq_num[8]); 412 int tls_random_generate(uint8_t random[32]); 413 int tls_random_print(FILE *fp, const uint8_t random[32], int format, int indent); 414 int tls_pre_master_secret_generate(uint8_t pre_master_secret[48], int protocol); 415 int tls_pre_master_secret_print(FILE *fp, const uint8_t pre_master_secret[48], int format, int indent); 416 417 int tls_secrets_print(FILE *fp, 418 const uint8_t *pre_master_secret, size_t pre_master_secret_len, 419 const uint8_t client_random[32], const uint8_t server_random[32], 420 const uint8_t master_secret[48], 421 const uint8_t *key_block, size_t key_block_len, 422 int format, int indent); 423 424 425 typedef struct { 426 uint8_t type; 427 uint8_t protocol[2]; 428 uint8_t data_length[2]; 429 } TLS_RECORD_HEADER; 430 431 #define TLS_RECORD_HEADER_SIZE (1 + tls_uint16_size() + tls_uint16_size()) // 5 432 #define TLS_MAX_PLAINTEXT_SIZE (1 << 14) // 16384 433 #define TLS_MAX_COMPRESSED_SIZE ((1 << 14) + 1024) // 17408 434 #define TLS_MAX_CIPHERTEXT_SIZE ((1 << 14) + 2048) // 18432 435 #define TLS_MAX_RECORD_SIZE (TLS_RECORD_HEADER_SIZE + TLS_MAX_CIPHERTEXT_SIZE) // 18437 436 437 #define tls_record_type(record) ((record)[0]) 438 #define tls_record_header(record) ((record)+0) 439 #define tls_record_protocol(record) (((uint16_t)((record)[1]) << 8) | (record)[2]) 440 #define tls_record_data(record) ((record)+TLS_RECORD_HEADER_SIZE) 441 #define tls_record_data_length(record) (((uint16_t)((record)[3]) << 8) | (record)[4]) 442 #define tls_record_length(record) (TLS_RECORD_HEADER_SIZE + tls_record_data_length(record)) 443 444 int tls_record_set_type(uint8_t *record, int type); 445 int tls_record_set_protocol(uint8_t *record, int protocol); 446 int tls_record_set_data_length(uint8_t *record, size_t length); 447 int tls_record_set_data(uint8_t *record, const uint8_t *data, size_t datalen); 448 449 // 握手消息ServerKeyExchange, ClientKeyExchange的解析依赖当前密码套件 450 #define tls_format_set_cipher_suite(fmt,cipher) do {(fmt)|=((cipher)<<8);} while (0) 451 int tls_record_print(FILE *fp, const uint8_t *record, size_t recordlen, int format, int indent); 452 int tlcp_record_print(FILE *fp, const uint8_t *record, size_t recordlen, int format, int indent); 453 454 455 int tls_record_send(const uint8_t *record, size_t recordlen, int sock); 456 int tls_record_recv(uint8_t *record, size_t *recordlen, int sock); 457 int tls12_record_recv(uint8_t *record, size_t *recordlen, int sock); 458 459 460 461 // Handshake 462 typedef struct { 463 uint8_t type; 464 uint8_t length[3]; 465 } TLS_HANDSHAKE_HEADER; 466 467 #define TLS_HANDSHAKE_HEADER_SIZE 4 468 #define TLS_MAX_HANDSHAKE_DATA_SIZE (TLS_MAX_PLAINTEXT_SIZE - TLS_HANDSHAKE_HEADER_SIZE) 469 470 #define tls_handshake_data(p) ((p) + TLS_HANDSHAKE_HEADER_SIZE) 471 //#define tls_handshake_data_length(p) 472 473 474 int tls_record_set_handshake(uint8_t *record, size_t *recordlen, 475 int type, const uint8_t *data, size_t datalen); 476 int tls_record_get_handshake(const uint8_t *record, 477 int *type, const uint8_t **data, size_t *datalen); 478 int tls_handshake_print(FILE *fp, const uint8_t *handshake, size_t handshakelen, int format, int indent); 479 480 // HelloRequest 481 int tls_hello_request_print(FILE *fp, const uint8_t *data, size_t datalen, int format, int indent); 482 483 // ClientHello, ServerHello 484 #define TLS_MIN_SESSION_ID_SIZE 0 485 #define TLS_MAX_SESSION_ID_SIZE 32 486 487 int tls_record_set_handshake_client_hello(uint8_t *record, size_t *recordlen, 488 int client_protocol, const uint8_t random[32], 489 const uint8_t *session_id, size_t session_id_len, 490 const int *cipher_suites, size_t cipher_suites_count, 491 const uint8_t *exts, size_t exts_len); 492 int tls_record_get_handshake_client_hello(const uint8_t *record, 493 int *client_protocol, const uint8_t **random, 494 const uint8_t **session_id, size_t *session_id_len, 495 const uint8_t **cipher_suites, size_t *cipher_suites_len, 496 const uint8_t **exts, size_t *exts_len); 497 int tls_client_hello_print(FILE *fp, const uint8_t *data, size_t datalen, int format, int indent); 498 499 int tls_record_set_handshake_server_hello(uint8_t *record, size_t *recordlen, 500 int server_protocol, const uint8_t random[32], 501 const uint8_t *session_id, size_t session_id_len, 502 int cipher_suite, const uint8_t *exts, size_t exts_len); 503 int tls_record_get_handshake_server_hello(const uint8_t *record, 504 int *protocol, const uint8_t **random, const uint8_t **session_id, size_t *session_id_len, 505 int *cipher_suite, const uint8_t **exts, size_t *exts_len); 506 int tls_server_hello_print(FILE *fp, const uint8_t *server_hello, size_t len, int format, int indent); 507 508 // Extensions 509 int tls_ec_point_formats_ext_to_bytes(const int *formats, size_t formats_cnt, 510 uint8_t **out, size_t *outlen); 511 int tls_process_client_ec_point_formats(const uint8_t *ext_data, size_t ext_datalen, 512 uint8_t **out, size_t *outlen); 513 int tls_process_server_ec_point_formats(const uint8_t *ext_data, size_t ext_datalen); 514 515 int tls_supported_groups_ext_to_bytes(const int *groups, size_t groups_cnt, 516 uint8_t **out, size_t *outlen); 517 int tls_process_client_supported_groups(const uint8_t *ext_data, size_t ext_datalen, 518 uint8_t **out, size_t *outlen); 519 int tls_process_server_supported_groups(const uint8_t *ext_data, size_t ext_datalen); 520 521 int tls_signature_algorithms_ext_to_bytes_ex(int ext_type, const int *algs, size_t algs_cnt, 522 uint8_t **out, size_t *outlen); 523 int tls_signature_algorithms_ext_to_bytes(const int *algs, size_t algs_cnt, 524 uint8_t **out, size_t *outlen); 525 int tls13_signature_algorithms_cert_ext_to_bytes(const int *algs, size_t algs_cnt, 526 uint8_t **out, size_t *outlen); 527 int tls_process_client_signature_algorithms(const uint8_t *ext_data, size_t ext_datalen, 528 uint8_t **out, size_t *outlen); 529 int tls_process_server_signature_algors(const uint8_t *ext_data, size_t ext_datalen); 530 531 int tls13_supported_versions_ext_to_bytes(int handshake_type, const int *protos, size_t protos_cnt, 532 uint8_t **out, size_t *outlen); 533 int tls13_process_client_supported_versions(const uint8_t *ext_data, size_t ext_datalen, 534 uint8_t **out, size_t *outlen); 535 536 int tls13_process_server_supported_versions(const uint8_t *ext_data, size_t ext_datalen); 537 538 int tls13_key_share_entry_to_bytes(const SM2_POINT *point, uint8_t **out, size_t *outlen); 539 int tls13_client_key_share_ext_to_bytes(const SM2_POINT *point, uint8_t **out, size_t *outlen); 540 int tls13_server_key_share_ext_to_bytes(const SM2_POINT *point, uint8_t **out, size_t *outlen); 541 int tls13_process_client_key_share(const uint8_t *ext_data, size_t ext_datalen, 542 const SM2_KEY *server_ecdhe_key, SM2_POINT *client_ecdhe_public, 543 uint8_t **out, size_t *outlen); 544 int tls13_process_server_key_share(const uint8_t *ext_data, size_t ext_datalen, SM2_POINT *point); 545 546 547 int tls13_certificate_authorities_ext_to_bytes(const uint8_t *ca_names, size_t ca_names_len, 548 uint8_t **out, size_t *outlen); 549 550 int tls_ext_from_bytes(int *type, const uint8_t **data, size_t *datalen, const uint8_t **in, size_t *inlen); 551 int tls_process_client_exts(const uint8_t *exts, size_t extslen, uint8_t *out, size_t *outlen, size_t maxlen); 552 int tls_process_server_exts(const uint8_t *exts, size_t extslen, 553 int *ec_point_format, int *supported_group, int *signature_algor); 554 555 556 // Certificate 557 int tls_record_set_handshake_certificate(uint8_t *record, size_t *recordlen, 558 const uint8_t *certs, size_t certslen); 559 // 这个函数比较特殊,是直接解析了证书链,而不是返回指针 560 // 应该提供一个独立的解析函数来解析TLS的证书链 561 int tls_record_get_handshake_certificate(const uint8_t *record, uint8_t *certs, size_t *certslen); 562 563 // ServerKeyExchange 564 int tls_server_key_exchange_print(FILE *fp, const uint8_t *ske, size_t skelen, int format, int indent); 565 566 #define TLS_MAX_SIGNATURE_SIZE SM2_MAX_SIGNATURE_SIZE 567 int tls_sign_server_ecdh_params(const SM2_KEY *server_sign_key, 568 const uint8_t client_random[32], const uint8_t server_random[32], 569 int curve, const SM2_POINT *point, uint8_t *sig, size_t *siglen); 570 int tls_verify_server_ecdh_params(const SM2_KEY *server_sign_key, 571 const uint8_t client_random[32], const uint8_t server_random[32], 572 int curve, const SM2_POINT *point, const uint8_t *sig, size_t siglen); 573 int tls_record_set_handshake_server_key_exchange_ecdhe(uint8_t *record, size_t *recordlen, 574 int curve, const SM2_POINT *point, const uint8_t *sig, size_t siglen); 575 int tls_record_get_handshake_server_key_exchange_ecdhe(const uint8_t *record, 576 int *curve, SM2_POINT *point, const uint8_t **sig, size_t *siglen); 577 int tls_server_key_exchange_ecdhe_print(FILE *fp, const uint8_t *data, size_t datalen, 578 int format, int indent); 579 580 int tlcp_record_set_handshake_server_key_exchange_pke(uint8_t *record, size_t *recordlen, 581 const uint8_t *sig, size_t siglen); 582 int tlcp_record_get_handshake_server_key_exchange_pke(const uint8_t *record, 583 const uint8_t **sig, size_t *siglen); 584 int tlcp_server_key_exchange_pke_print(FILE *fp, const uint8_t *sig, size_t siglen, int format, int indent); 585 586 587 588 // CertificateRequest 589 #define TLS_MAX_CERTIFICATE_TYPES 256 590 #define TLS_MAX_CA_NAMES_SIZE (TLS_MAX_HANDSHAKE_DATA_SIZE - tls_uint8_size() - tls_uint16_size()) 591 592 int tls_authorities_from_certs(uint8_t *ca_names, size_t *ca_names_len, size_t maxlen, const uint8_t *certs, size_t certslen); 593 int tls_authorities_issued_certificate(const uint8_t *ca_names, size_t ca_namelen, const uint8_t *certs, size_t certslen); 594 int tls_cert_types_accepted(const uint8_t *types, size_t types_len, const uint8_t *client_certs, size_t client_certs_len); 595 596 int tls_record_set_handshake_certificate_request(uint8_t *record, size_t *recordlen, 597 const uint8_t *cert_types, size_t cert_types_len, 598 const uint8_t *ca_names, size_t ca_names_len); 599 int tls_record_get_handshake_certificate_request(const uint8_t *record, 600 const uint8_t **cert_types, size_t *cert_types_len, 601 const uint8_t **ca_names, size_t *ca_names_len); 602 int tls_certificate_request_print(FILE *fp, const uint8_t *data, size_t datalen, int format, int indent); 603 604 605 // ServerHelloDone 606 int tls_record_set_handshake_server_hello_done(uint8_t *record, size_t *recordlen); 607 int tls_record_get_handshake_server_hello_done(const uint8_t *record); 608 int tls_server_hello_done_print(FILE *fp, const uint8_t *data, size_t datalen, int format, int indent); 609 610 // ClientKeyExchange 611 int tls_record_set_handshake_client_key_exchange_pke(uint8_t *record, size_t *recordlen, 612 const uint8_t *enced_pms, size_t enced_pms_len); 613 int tls_record_get_handshake_client_key_exchange_pke(const uint8_t *record, 614 const uint8_t **enced_pms, size_t *enced_pms_len); 615 int tls_client_key_exchange_pke_print(FILE *fp, const uint8_t *cke, size_t ckelen, int format, int indent); 616 int tls_client_key_exchange_print(FILE *fp, const uint8_t *cke, size_t ckelen, int format, int indent); 617 618 int tls_record_set_handshake_client_key_exchange_ecdhe(uint8_t *record, size_t *recordlen, 619 const SM2_POINT *point); // 这里不应该支持SM2_POINT类型 620 int tls_record_get_handshake_client_key_exchange_ecdhe(const uint8_t *record, SM2_POINT *point); 621 int tls_client_key_exchange_ecdhe_print(FILE *fp, const uint8_t *data, size_t datalen, 622 int format, int indent); 623 624 // CertificateVerify 625 int tls_record_set_handshake_certificate_verify(uint8_t *record, size_t *recordlen, 626 const uint8_t *sig, size_t siglen); 627 int tls_record_get_handshake_certificate_verify(const uint8_t *record, 628 const uint8_t **sig, size_t *siglen); 629 int tls_certificate_verify_print(FILE *fp, const uint8_t *p, size_t len, int format, int indent); 630 631 typedef enum { 632 TLS_client_verify_client_hello = 0, 633 TLS_client_verify_server_hello = 1, 634 TLS_client_verify_server_certificate = 2, 635 TLS_client_verify_server_key_exchange = 3, 636 TLS_client_verify_cert_request = 4, 637 TLS_client_verify_server_hello_done = 5, 638 TLS_client_verify_client_certificate = 6, 639 TLS_client_verify_client_key_exchange = 7, 640 } TLS_CLIENT_VERIFY_INDEX; 641 642 typedef struct { 643 TLS_CLIENT_VERIFY_INDEX index; 644 uint8_t *handshake[8]; // Record data only, no record header 645 size_t handshake_len[8]; 646 } TLS_CLIENT_VERIFY_CTX; 647 648 int tls_client_verify_init(TLS_CLIENT_VERIFY_CTX *ctx); 649 int tls_client_verify_update(TLS_CLIENT_VERIFY_CTX *ctx, const uint8_t *handshake, size_t handshake_len); 650 int tls_client_verify_finish(TLS_CLIENT_VERIFY_CTX *ctx, const uint8_t *sig, size_t siglen, const SM2_KEY *public_key); 651 void tls_client_verify_cleanup(TLS_CLIENT_VERIFY_CTX *ctx); 652 653 // Finished 654 // FIXME: 支持TLS 1.3 提供MIN, MAX或TLS12, TLS13, TLCP... 655 #define TLS_VERIFY_DATA_SIZE 12 // TLS 1.3或者其他版本支持更长的verify_data 656 #define TLS_FINISHED_RECORD_SIZE (TLS_RECORD_HEADER_SIZE + TLS_HANDSHAKE_HEADER_SIZE + TLS_VERIFY_DATA_SIZE) // 21 657 #define TLS_MAX_PADDING_SIZE (1 + 255) 658 #define TLS_MAC_SIZE SM3_HMAC_SIZE 659 #define TLS_FINISHED_RECORD_BUF_SIZE (TLS_FINISHED_RECORD_SIZE + TLS_MAC_SIZE + TLS_MAX_PADDING_SIZE) // 309 660 661 662 int tls_record_set_handshake_finished(uint8_t *record, size_t *recordlen, 663 const uint8_t *verify_data, size_t verify_data_len); 664 int tls_record_get_handshake_finished(const uint8_t *record, 665 const uint8_t **verify_data, size_t *verify_data_len); 666 int tls_finished_print(FILE *fp, const uint8_t *a, size_t len, int format, int indent); 667 668 669 // Alert 670 typedef struct { 671 uint8_t level; 672 uint8_t description; 673 } TLS_ALERT; 674 675 #define TLS_ALERT_RECORD_SIZE (TLS_RECORD_HEADER_SIZE + 2) 676 677 int tls_record_set_alert(uint8_t *record, size_t *recordlen, int alert_level, int alert_description); 678 int tls_record_get_alert(const uint8_t *record, int *alert_level, int *alert_description); 679 int tls_alert_print(FILE *fp, const uint8_t *data, size_t datalen, int format, int indent); 680 681 682 // ChangeCipherSpec 683 typedef struct { 684 uint8_t type; 685 } TLS_CHANGE_CIPHER_SPEC; 686 687 const char *tls_change_cipher_spec_text(int change_cipher_spec); 688 int tls_change_cipher_spec_print(FILE *fp, const uint8_t *data, size_t datalen, int format, int indent); 689 int tls_record_set_change_cipher_spec(uint8_t *record, size_t *recordlen); 690 int tls_record_get_change_cipher_spec(const uint8_t *record); 691 692 // ApplicationData 693 int tls_record_set_application_data(uint8_t *record, size_t *recordlen, 694 const uint8_t *data, size_t datalen); 695 int tls_record_get_application_data(uint8_t *record, 696 const uint8_t **data, size_t *datalen); 697 int tls_application_data_print(FILE *fp, const uint8_t *data, size_t datalen, int format, int indent); 698 699 700 701 enum { 702 TLS_server_mode = 0, 703 TLS_client_mode = 1, 704 }; 705 706 #define TLS_MAX_CIPHER_SUITES_COUNT 64 707 708 typedef struct { 709 int protocol; 710 int is_client; 711 int cipher_suites[TLS_MAX_CIPHER_SUITES_COUNT]; 712 size_t cipher_suites_cnt; 713 uint8_t *cacerts; 714 size_t cacertslen; 715 uint8_t *certs; 716 size_t certslen; 717 SM2_KEY signkey; 718 SM2_KEY kenckey; 719 int verify_depth; 720 } TLS_CTX; 721 722 int tls_ctx_init(TLS_CTX *ctx, int protocol, int is_client); 723 int tls_ctx_set_cipher_suites(TLS_CTX *ctx, const int *cipher_suites, size_t cipher_suites_cnt); 724 int tls_ctx_set_ca_certificates(TLS_CTX *ctx, const char *cacertsfile, int depth); 725 int tls_ctx_set_certificate_and_key(TLS_CTX *ctx, const char *chainfile, 726 const char *keyfile, const char *keypass); 727 int tls_ctx_set_tlcp_server_certificate_and_keys(TLS_CTX *ctx, const char *chainfile, 728 const char *signkeyfile, const char *signkeypass, 729 const char *kenckeyfile, const char *kenckeypass); 730 void tls_ctx_cleanup(TLS_CTX *ctx); 731 732 733 734 #define TLS_MAX_CERTIFICATES_SIZE 2048 735 #define TLS_DEFAULT_VERIFY_DEPTH 4 736 #define TLS_MAX_VERIFY_DEPTH 5 737 738 739 typedef struct { 740 int protocol; 741 int is_client; 742 int cipher_suites[TLS_MAX_CIPHER_SUITES_COUNT]; 743 size_t cipher_suites_cnt; 744 745 int sock; 746 747 uint8_t enced_record[TLS_MAX_RECORD_SIZE]; 748 size_t enced_record_len; 749 750 751 uint8_t record[TLS_MAX_RECORD_SIZE]; 752 753 // 其实这个就不太对了,还是应该有一个完整的密文记录 754 uint8_t databuf[TLS_MAX_PLAINTEXT_SIZE]; 755 uint8_t *data; 756 size_t datalen; 757 758 int cipher_suite; 759 uint8_t session_id[32]; 760 size_t session_id_len; 761 uint8_t server_certs[TLS_MAX_CERTIFICATES_SIZE]; // 动态的可能会好一点 762 size_t server_certs_len; 763 uint8_t client_certs[TLS_MAX_CERTIFICATES_SIZE]; 764 size_t client_certs_len; 765 uint8_t ca_certs[2048]; 766 size_t ca_certs_len; 767 768 SM2_KEY sign_key; 769 SM2_KEY kenc_key; 770 771 int verify_result; 772 773 uint8_t master_secret[48]; 774 uint8_t key_block[96]; 775 776 SM3_HMAC_CTX client_write_mac_ctx; 777 SM3_HMAC_CTX server_write_mac_ctx; 778 SM4_KEY client_write_enc_key; 779 SM4_KEY server_write_enc_key; 780 uint8_t client_seq_num[8]; 781 uint8_t server_seq_num[8]; 782 783 uint8_t client_write_iv[12]; // tls13 784 uint8_t server_write_iv[12]; // tls13 785 BLOCK_CIPHER_KEY client_write_key; 786 BLOCK_CIPHER_KEY server_write_key; 787 788 } TLS_CONNECT; 789 790 791 #define TLS_MAX_EXTENSIONS_SIZE 512 // 这个应该再考虑一下数值,是否可以用其他的缓冲区装载? 792 793 794 int tls_init(TLS_CONNECT *conn, const TLS_CTX *ctx); 795 int tls_set_socket(TLS_CONNECT *conn, int sock); 796 int tls_do_handshake(TLS_CONNECT *conn); 797 int tls_send(TLS_CONNECT *conn, const uint8_t *in, size_t inlen, size_t *sentlen); 798 int tls_recv(TLS_CONNECT *conn, uint8_t *out, size_t outlen, size_t *recvlen); 799 int tls_shutdown(TLS_CONNECT *conn); 800 void tls_cleanup(TLS_CONNECT *conn); 801 802 int tlcp_do_connect(TLS_CONNECT *conn); 803 int tlcp_do_accept(TLS_CONNECT *conn); 804 int tls12_do_connect(TLS_CONNECT *conn); 805 int tls12_do_accept(TLS_CONNECT *conn); 806 807 808 #define TLS13_SM2_ID "TLSv1.3+GM+Cipher+Suite" 809 #define TLS13_SM2_ID_LENGTH (sizeof(TLS13_SM2_ID)-1) 810 811 int tls13_do_connect(TLS_CONNECT *conn); 812 int tls13_do_accept(TLS_CONNECT *conn); 813 814 int tls_send_alert(TLS_CONNECT *conn, int alert); 815 int tls_send_warning(TLS_CONNECT *conn, int alert); 816 817 int tls13_send(TLS_CONNECT *conn, const uint8_t *data, size_t datalen, size_t *sentlen); 818 int tls13_recv(TLS_CONNECT *conn, uint8_t *out, size_t outlen, size_t *recvlen); 819 820 821 int tls13_connect(TLS_CONNECT *conn, const char *hostname, int port, FILE *server_cacerts_fp, 822 FILE *client_certs_fp, const SM2_KEY *client_sign_key); 823 int tls13_accept(TLS_CONNECT *conn, int port, 824 FILE *server_certs_fp, const SM2_KEY *server_sign_key, 825 FILE *client_cacerts_fp); 826 827 828 int tls13_supported_versions_ext_print(FILE *fp, int fmt, int ind, int handshake_type, const uint8_t *data, size_t datalen); 829 int tls13_key_share_ext_print(FILE *fp, int fmt, int ind, int handshake_type, const uint8_t *data, size_t datalen); 830 831 832 int tls_process_client_hello_exts(const uint8_t *exts, size_t extslen, uint8_t *out, size_t *outlen, size_t maxlen); 833 int tls_process_server_hello_exts(const uint8_t *exts, size_t extslen, 834 int *ec_point_format, int *supported_group, int *signature_algor); 835 836 837 int tls13_encrypted_extensions_print(FILE *fp, int fmt, int ind, const uint8_t *data, size_t datalen); 838 839 int tls13_extension_print(FILE *fp, int fmt, int ind, 840 int handshake_type, int ext_type, const uint8_t *ext_data, size_t ext_datalen); 841 int tls13_extensions_print(FILE *fp, int fmt, int ind, 842 int handshake_type, const uint8_t *exts, size_t extslen); 843 844 int tls13_certificate_print(FILE *fp, int fmt, int ind, const uint8_t *cert, size_t certlen); 845 int tls13_certificate_request_print(FILE *fp, int fmt, int ind, const uint8_t *cert, size_t certlen); 846 int tls13_certificate_verify_print(FILE *fp, int fmt, int ind, const uint8_t *d, size_t dlen); 847 int tls13_record_print(FILE *fp, int format, int indent, const uint8_t *record, size_t recordlen); 848 849 850 int tls13_gcm_encrypt(const BLOCK_CIPHER_KEY *key, const uint8_t iv[12], 851 const uint8_t seq_num[8], int record_type, 852 const uint8_t *in, size_t inlen, size_t padding_len, // TLSInnerPlaintext.content 853 uint8_t *out, size_t *outlen); // TLSCiphertext.encrypted_record 854 int tls13_gcm_decrypt(const BLOCK_CIPHER_KEY *key, const uint8_t iv[12], 855 const uint8_t seq_num[8], const uint8_t *in, size_t inlen, 856 int *record_type, uint8_t *out, size_t *outlen); 857 858 859 860 //#define TLS_DEBUG 861 862 #ifdef TLS_DEBUG 863 # define tls_trace(s) fprintf(stderr,(s)) 864 # define tls_record_trace(fp,rec,reclen,fmt,ind) tls_record_print(fp,rec,reclen,fmt,ind) 865 # define tlcp_record_trace(fp,rec,reclen,fmt,ind) tlcp_record_print(fp,rec,reclen,fmt,ind) 866 # define tls12_record_trace(fp,rec,reclen,fmt,ind) tls12_record_print(fp,rec,reclen,fmt,ind) 867 # define tls13_record_trace(fp,rec,reclen,fmt,ind) tls13_record_print(fp,fmt,ind,rec,reclen) 868 #else 869 # define tls_trace(s) 870 # define tls_record_trace(fp,rec,reclen,fmt,ind) 871 # define tlcp_record_trace(fp,rec,reclen,fmt,ind) 872 # define tls12_record_trace(fp,rec,reclen,fmt,ind) 873 # define tls13_record_trace(fp,rec,reclen,fmt,ind) 874 #endif 875 876 877 #ifdef __cplusplus 878 } 879 #endif 880 #endif 881