1 /* 2 * This file is part of the openHiTLS project. 3 * 4 * openHiTLS is licensed under the Mulan PSL v2. 5 * You can use this software according to the terms and conditions of the Mulan PSL v2. 6 * You may obtain a copy of Mulan PSL v2 at: 7 * 8 * http://license.coscl.org.cn/MulanPSL2 9 * 10 * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, 11 * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, 12 * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. 13 * See the Mulan PSL v2 for more details. 14 */ 15 16 #ifndef HLT_TYPE_H 17 #define HLT_TYPE_H 18 19 #include <stdint.h> 20 #include <sys/types.h> 21 #include <sys/socket.h> 22 #include <arpa/inet.h> 23 #include <stdbool.h> 24 #include "uio_base.h" 25 #include "bsl_uio.h" 26 #include "hitls_type.h" 27 #include "tls_config.h" 28 29 #ifdef __cplusplus 30 extern "C" { 31 #endif 32 33 #define IP_LEN (32) 34 #define MAX_CIPHERSUITES_LEN (512) 35 #define MAX_POINTFORMATS_LEN (512) 36 #define MAX_GROUPS_LEN (512) 37 #define MAX_SIGNALGORITHMS_LEN (512) 38 #define MAX_CERT_LEN (512) 39 #define PSK_MAX_LEN (256) 40 #define TICKET_KEY_CB_NAME_LEN (50) 41 #define MAX_SERVER_NAME_LEN (256) 42 #define SERVER_NAME_CB_NAME_LEN (50) 43 #define SERVER_NAME_ARG_NAME_LEN (50) 44 #define MAX_ALPN_LEN (256) 45 #define ALPN_CB_NAME_LEN (50) 46 #define ALPN_DATA_NAME_LEN (50) 47 #define MAX_NO_RENEGOTIATIONCB_LEN (1024) 48 #define MAX_PROVIDER_NAME_LEN (256) 49 #define MAX_ATTR_NAME_LEN (256) 50 #define MAX_PROVIDER_PATH_LEN (256) 51 #define MAX_PROVIDER_COUNT (10) 52 53 #define DEFAULT_CERT_PATH "../../testcode/testdata/tls/certificate/der/" 54 55 #define RSAPSS_SHA256_CA_PATH "rsa_pss_sha256/rsa_pss_root.der:rsa_pss_sha256/rsa_pss_intCa.der" 56 #define RSAPSS_SHA256_CHAIN_PATH "rsa_pss_sha256/rsa_pss_intCa.der" 57 #define RSAPSS_SHA256_EE_PATH "rsa_pss_sha256/rsa_pss_dev.der" 58 #define RSAPSS_SHA256_PRIV_PATH "rsa_pss_sha256/rsa_pss_dev.key.der" 59 #define RSAPSS_RSAE_CA_PATH "rsa_pss_rsae/rsa_root.der:rsa_pss_rsae/rsa_intCa.der" 60 #define RSAPSS_RSAE_CHAIN_PATH "rsa_pss_rsae/rsa_intCa.der" 61 #define RSAPSS_RSAE_EE_PATH "rsa_pss_rsae/rsa_dev.der" 62 #define RSAPSS_RSAE_PRIV_PATH "rsa_pss_rsae/rsa_dev.key.der" 63 64 #define RSA_SHA_CA_PATH "rsa_sha/ca-3072.der:rsa_sha/inter-3072.der" 65 #define RSA_SHA_CHAIN_PATH "rsa_sha/inter-3072.der" 66 #define RSA_SHA1_EE_PATH "rsa_sha/end-sha1.der" 67 #define RSA_SHA1_PRIV_PATH "rsa_sha/end-sha1.key.der" 68 #define RSA_SHA384_EE_PATH "rsa_sha/end-sha384.der" 69 #define RSA_SHA384_PRIV_PATH "rsa_sha/end-sha384.key.der" 70 #define RSA_SHA512_EE_PATH "rsa_sha/end-sha512.der" 71 #define RSA_SHA512_PRIV_PATH "rsa_sha/end-sha512.key.der" 72 73 #define ED25519_SHA512_CA_PATH "ed25519/ed25519.ca.der:ed25519/ed25519.intca.der" 74 #define ED25519_SHA512_CHAIN_PATH "ed25519/ed25519.intca.der" 75 #define ED25519_SHA512_EE_PATH "ed25519/ed25519.end.der" 76 #define ED25519_SHA512_PRIV_PATH "ed25519/ed25519.end.key.der" 77 78 #define ECDSA_SHA_CA_PATH "ecdsa/ca-nist521.der:ecdsa/inter-nist521.der" 79 #define ECDSA_SHA_CHAIN_PATH "ecdsa/inter-nist521.der" 80 #define ECDSA_SHA256_EE_PATH "ecdsa/end256-sha256.der" 81 #define ECDSA_SHA256_PRIV_PATH "ecdsa/end256-sha256.key.der" 82 #define ECDSA_SHA384_EE_PATH "ecdsa/end384-sha384.der" 83 #define ECDSA_SHA384_PRIV_PATH "ecdsa/end384-sha384.key.der" 84 #define ECDSA_SHA512_EE_PATH "ecdsa/end521-sha512.der" 85 #define ECDSA_SHA512_PRIV_PATH "ecdsa/end521-sha512.key.der" 86 87 #define ECDSA_SHA1_CA_PATH "ecdsa_sha1/ca-nist521.der:ecdsa_sha1/inter-nist521.der" 88 #define ECDSA_SHA1_CHAIN_PATH "ecdsa_sha1/inter-nist521.der" 89 #define ECDSA_SHA1_EE_PATH "ecdsa_sha1/end384-sha1.der" 90 #define ECDSA_SHA1_PRIV_PATH "ecdsa_sha1/end384-sha1.key.der" 91 #define RSA_SHA256_CA_PATH "rsa_sha256/ca.der:rsa_sha256/inter.der" 92 #define RSA_SHA256_CHAIN_PATH "rsa_sha256/inter.der" 93 #define RSA_SHA256_EE_PATH1 "rsa_sha256/server.der" 94 #define RSA_SHA256_PRIV_PATH1 "rsa_sha256/server.key.der" 95 #define RSA_SHA256_EE_PATH2 "rsa_sha256/client.der" 96 #define RSA_SHA256_PRIV_PATH2 "rsa_sha256/client.key.der" 97 #define RSA_SHA256_EE_PATH3 "rsa_sha/end-sha256.der" 98 #define RSA_SHA256_PRIV_PATH3 "rsa_sha/end-sha256.key.der" 99 100 #define ECDSA_SHA256_CA_PATH "ecdsa_sha256/ca.der:ecdsa_sha256/inter.der" 101 #define ECDSA_SHA256_CHAIN_PATH "ecdsa_sha256/inter.der" 102 #define ECDSA_SHA256_EE_PATH1 "ecdsa_sha256/server.der" 103 #define ECDSA_SHA256_PRIV_PATH1 "ecdsa_sha256/server.key.der" 104 #define ECDSA_SHA256_EE_PATH2 "ecdsa_sha256/client.der" 105 #define ECDSA_SHA256_PRIV_PATH2 "ecdsa_sha256/client.key.der" 106 107 #define SM2_VERIFY_PATH "sm2_with_userid/ca.der:sm2_with_userid/inter.der" 108 #define SM2_CHAIN_PATH "sm2_with_userid/inter.der" 109 #define SM2_SERVER_ENC_CERT_PATH "sm2_with_userid/enc.der" 110 #define SM2_SERVER_ENC_KEY_PATH "sm2_with_userid/enc.key.der" 111 #define SM2_SERVER_SIGN_CERT_PATH "sm2_with_userid/sign.der" 112 #define SM2_SERVER_SIGN_KEY_PATH "sm2_with_userid/sign.key.der" 113 #define SM2_CLIENT_ENC_CERT_PATH "sm2_with_userid/enc22.der" 114 #define SM2_CLIENT_ENC_KEY_PATH "sm2_with_userid/enc22.key.der" 115 #define SM2_CLIENT_SIGN_CERT_PATH "sm2_with_userid/sign22.der" 116 #define SM2_CLIENT_SIGN_KEY_PATH "sm2_with_userid/sign22.key.der" 117 118 typedef struct ProcessSt HLT_Process; 119 120 typedef enum { 121 HITLS, 122 HITLS_PROVIDER, 123 } TLS_TYPE; 124 125 typedef enum { 126 CLIENT, 127 SERVER 128 } TLS_ROLE; 129 130 typedef enum { 131 DTLS_ALL, 132 DTLS1_0, 133 DTLS1_2, 134 TLS_ALL, 135 SSL3_0, 136 TLS1_0, 137 TLS1_1, 138 TLS1_2, 139 TLS1_3, 140 TLCP1_1, 141 DTLCP1_1, 142 } TLS_VERSION; 143 144 typedef enum { 145 TCP = 0, /**< TCP protocol */ 146 SCTP = 1, /**< SCTP protocol */ 147 UDP = 2, /**< UDP protocol */ 148 NONE_TYPE = 10, 149 } HILT_TransportType; 150 151 typedef enum { 152 CERT_CALLBACK_DEFAULT, 153 } CertCallbackType; 154 155 typedef enum { 156 MEM_CALLBACK_DEFAULT, 157 } MemCallbackType; 158 159 typedef enum { 160 HITLS_CALLBACK_DEFAULT, 161 } TlsCallbackType; 162 163 typedef enum { 164 COOKIE_CB_DEFAULT, // Normal cookie callback 165 COOKIE_CB_LEN_0, // The length of the generated cookie is 0 166 } CookieCallbackType; 167 168 typedef struct { 169 struct sockaddr_in sockAddr; 170 HILT_TransportType type; 171 char ip[IP_LEN]; 172 int port; 173 int bindFd; 174 bool isBlock; 175 } DataChannelParam; 176 177 typedef struct { 178 struct sockaddr_in sockAddr; 179 int connPort; 180 int srcFd; 181 int peerFd; 182 } HLT_FD; 183 184 typedef enum { 185 SERVER_CTX_SET_TRUE = 1, 186 SERVER_CTX_SET_FALSE = 2, 187 SERVER_CFG_SET_TRUE = 3, 188 SERVER_CFG_SET_FALSE = 4, 189 } HILT_SupportType; 190 191 typedef struct { 192 uint16_t mtu; // Set the MTU in the dtls. 193 // The maximum version number and minimum version number must be both TLS and DTLS. 194 // Currently, only DTLS 1.2 is supported 195 uint32_t minVersion; 196 uint32_t maxVersion; 197 198 char cipherSuites[MAX_CIPHERSUITES_LEN]; // cipher suite 199 char tls13CipherSuites[MAX_CIPHERSUITES_LEN]; // TLS13 cipher suite 200 char pointFormats[MAX_POINTFORMATS_LEN]; // ec Point Format 201 // According to RFC 8446 4.2.7, before TLS 1.3: ec curves; TLS 1.3: group supported by the key exchange. 202 char groups[MAX_GROUPS_LEN]; 203 char signAlgorithms[MAX_SIGNALGORITHMS_LEN]; // signature algorithm 204 205 char serverName[MAX_SERVER_NAME_LEN]; // Client server_name 206 // Name of the server_name callback function for processing the first handshake on the server 207 char sniDealCb[SERVER_NAME_CB_NAME_LEN]; 208 // name of the value function related to the server_name registered by the product 209 char sniArg[SERVER_NAME_ARG_NAME_LEN]; 210 211 char alpnList[MAX_ALPN_LEN]; // alpn 212 char alpnUserData[ALPN_CB_NAME_LEN]; 213 char alpnSelectCb[ALPN_DATA_NAME_LEN]; // Application Layer Protocol Select Callback 214 215 // Indicates whether renegotiation is supported. The default value is False, indicating that renegotiation is not 216 // supported 217 bool isSupportRenegotiation; 218 bool allowClientRenegotiate; /* allow a renegotiation initiated by the client */ 219 bool allowLegacyRenegotiate; /* whether to abort handshake when server doesn't support SecRenegotiation */ 220 int SupportType; // 1:The server algorithm is preferred 221 bool needCheckKeyUsage; // Client verification is supported. The default value is False 222 // Indicates whether to allow the empty certificate list on the client. The default value is False 223 bool isSupportClientVerify; 224 bool isSupportNoClientCert; // supports extended master keys. The default value is True 225 // The handshake will be continued regardless of the verification result. for server and client 226 bool isSupportVerifyNone; 227 bool isSupportPostHandshakeAuth; // Indicates whether to support post handshake auth. The default value is false. 228 bool isSupportExtendMasterSecret; // supports extended master keys. The default value is True 229 bool isSupportSessionTicket; // Support session ticket 230 bool isEncryptThenMac; // Encrypt-then-mac is supported 231 // Users can set the DH parameter to be automatically selected. If the switch is enabled, 232 // the DH parameter is automatically selected based on the length of the certificate private key 233 bool isSupportDhAuto; 234 int32_t setSessionCache; // Setting the Session Storage Mode 235 uint32_t keyExchMode; // TLS1.3 key exchange mode 236 void *infoCb; // connection establishment callback function 237 void *msgCb; // Message callback function 238 void *msgArg; // Message callback parameter function 239 // Indicates whether to enable the function of sending handshake information by flight 240 bool isFlightTransmitEnable; 241 bool isNoSetCert; // Indicates whether the certificate does not need to be set 242 int32_t securitylevel; // Security level 243 int32_t readAhead; 244 245 char psk[PSK_MAX_LEN]; // psk password 246 char ticketKeyCb[TICKET_KEY_CB_NAME_LEN]; // ticket key Callback Function Name 247 248 char eeCert[MAX_CERT_LEN]; 249 char privKey[MAX_CERT_LEN]; 250 char signCert[MAX_CERT_LEN]; 251 char signPrivKey[MAX_CERT_LEN]; 252 char password[MAX_CERT_LEN]; 253 char caCert[MAX_CERT_LEN]; 254 char chainCert[MAX_CERT_LEN]; 255 256 bool isClient; 257 uint32_t emptyRecordsNum; 258 char providerPath[MAX_PROVIDER_PATH_LEN]; 259 char providerNames[MAX_PROVIDER_COUNT][MAX_PROVIDER_NAME_LEN]; 260 int32_t providerLibFmts[MAX_PROVIDER_COUNT]; 261 int32_t providerCnt; 262 char attrName[MAX_ATTR_NAME_LEN]; 263 uint32_t modeSupport; // support features, such as HITLS_MODE_SEND_FALLBACK_SCSV. All mode at hitls_type.h 264 } HLT_Ctx_Config; 265 266 typedef struct { 267 struct sockaddr_in sockAddr; 268 int connPort; 269 int sockFd; 270 HILT_TransportType connType; 271 int SupportType; // 3:The server algorithm is preferred 272 int sctpCtrlCmd; 273 } HLT_Ssl_Config; 274 275 typedef struct { 276 void *ctx; // hitls config 277 void *ssl; // hitls ctx 278 int ctxId; 279 int sslId; 280 unsigned long int acceptId; 281 } HLT_Tls_Res; 282 283 typedef enum { 284 EXP_NONE, 285 EXP_IO_BUSY, 286 EXP_RECV_BUF_EMPTY, 287 } HLT_ExpectIoState; 288 289 typedef enum { 290 POINT_NONE, 291 POINT_RECV, 292 POINT_SEND, 293 } HLT_PointType; 294 295 /** 296 * @brief msg processing callback 297 */ 298 typedef void (*HLT_FrameCallBack)(void *msg, void *userData); 299 300 typedef struct { 301 BSL_UIO_Method method; /**< User-defined message sending and receiving control function */ 302 HLT_FrameCallBack frameCallBack; /**< msg processing callback */ 303 void *ctx; /**< TLS context */ 304 int32_t expectReType; /**< Corresponding enumeration REC_Type */ 305 int32_t expectHsType; /**< Corresponding enumerated value HS_MsgType */ 306 HLT_ExpectIoState ioState; /**< customized I/O status */ 307 HLT_PointType pointType; /**< Callback function for recording keys */ 308 void *userData; /**< Customized data, which will be transferred to the msg processing callback */ 309 } HLT_FrameHandle; 310 311 #if (__BYTE_ORDER__ == __ORDER_BIG_ENDIAN__) 312 #define TIME_OUT_SEC 50 313 #else 314 #define TIME_OUT_SEC 8 315 #endif 316 317 #ifdef __cplusplus 318 } 319 #endif 320 321 #endif // HLT_TYPE_H 322