1 /* 2 * This file is part of the openHiTLS project. 3 * 4 * openHiTLS is licensed under the Mulan PSL v2. 5 * You can use this software according to the terms and conditions of the Mulan PSL v2. 6 * You may obtain a copy of Mulan PSL v2 at: 7 * 8 * http://license.coscl.org.cn/MulanPSL2 9 * 10 * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, 11 * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, 12 * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. 13 * See the Mulan PSL v2 for more details. 14 */ 15 16 #ifndef HS_COMMON_H 17 #define HS_COMMON_H 18 19 #include <stdint.h> 20 #include "tls.h" 21 #include "hs_ctx.h" 22 #include "hs_msg.h" 23 24 #ifdef __cplusplus 25 extern "C" { 26 #endif 27 28 #define MAX_CERT_TYPE_LISTS_SIZE 256 /* Maximum length of the certificate type list */ 29 #define HS_DOWNGRADE_RANDOM_SIZE 8u /* downgrade protection random number field */ 30 31 #define HITLS_CLIENT_HELLO_MAX_SIZE 131396 32 #define HITLS_SERVER_HELLO_MAX_SIZE 65607 33 #define HITLS_HELLO_VERIFY_REQUEST_MAX_SIZE 258 34 #define HITLS_END_OF_EARLY_DATA_MAX_SIZE 0 35 #define HITLS_HELLO_RETRY_REQUEST_MAX_SIZE 20000 36 #define HITLS_ENCRYPTED_EXTENSIONS_MAX_SIZE 20000 37 #define HITLS_SESSION_TICKET_MAX_SIZE_TLS13 131338 38 #define HITLS_SESSION_TICKET_MAX_SIZE_TLS12 65541 39 #define HITLS_SERVER_KEY_EXCH_MAX_SIZE 102400 40 #define HITLS_SERVER_HELLO_DONE_MAX_SIZE 0 41 #define HITLS_KEY_UPDATE_MAX_SIZE 1 42 #define HITLS_CLIENT_KEY_EXCH_MAX_SIZE 2048 43 #define HITLS_NEXT_PROTO_MAX_SIZE 514 44 #define HITLS_FINISHED_MAX_SIZE 64 45 #define HITLS_HELLO_REQUEST_MAX_SIZE 0 46 47 /** 48 * @brief Obtain the random number of the hello retry request. 49 * 50 * @param len [OUT] Length of the returned array 51 * 52 * @return Random number array 53 */ 54 const uint8_t *HS_GetHrrRandom(uint32_t *len); 55 56 const uint8_t *HS_GetTls12DowngradeRandom(uint32_t *len); 57 58 /** 59 * @brief Obtains the type string of the handshake message. 60 * 61 * @param type [IN] Handshake Message Type 62 * 63 * @return Character string corresponding to the handshake message type. 64 */ 65 const char *HS_GetMsgTypeStr(HS_MsgType type); 66 67 /** 68 * @brief Obtain the type character string of the handshake message. 69 * 70 * @param type [IN] Handshake message type. 71 * 72 * @return Character string corresponding to the handshake message type. 73 */ 74 int32_t HS_ChangeState(TLS_Ctx *ctx, uint32_t nextState); 75 76 /** 77 * @brief Combine two random numbers. 78 * 79 * @param random1 [IN] Random number 1 80 * @param random2 [IN] Random number 2 81 * @param randomSize [IN] Random number length 82 * @param dest [OUT] Destination memory address 83 * @param destSize [IN] Target memory length 84 * 85 * @retval HITLS_SUCCESS parsed successfully. 86 * @retval HITLS_MEMCPY_FAIL Memory Copy Failure 87 * @retval HITLS_MSG_HANDLE_RANDOM_SIZE_ERR The random number length is incorrect. 88 */ 89 int32_t HS_CombineRandom(const uint8_t *random1, const uint8_t *random2, uint32_t randomSize, 90 uint8_t *dest, uint32_t destSize); 91 92 /** 93 * @brief Obtain all signature data. 94 * 95 * @param ctx [IN] TLS context 96 * @param partSignData [IN] key exchange message data 97 * @param partSignDataLen [IN] key exchange message data length 98 * @param signDataLen [OUT] Length of the signature data 99 * 100 * @retval Data to be signed 101 */ 102 uint8_t *HS_PrepareSignData(const TLS_Ctx *ctx, const uint8_t *partSignData, 103 uint32_t partSignDataLen, uint32_t *signDataLen); 104 105 /** 106 * @brief Obtain the signature data required by the TLCP. 107 * 108 * @param ctx [IN] TLS context 109 * @param partSignData [IN] key exchange message data 110 * @param partSignDataLen [IN] key exchange message data length 111 * @param signDataLen [OUT] Length of the signature data 112 * @retval Data to be signed 113 */ 114 uint8_t *HS_PrepareSignDataTlcp( 115 const TLS_Ctx *ctx, const uint8_t *partSignData, uint32_t partSignDataLen, uint32_t *signDataLen); 116 117 #if defined(HITLS_TLS_PROTO_DTLS12) && defined(HITLS_BSL_UIO_SCTP) 118 /** 119 * @brief Set the SCTP auth key to the SCTP. 120 * 121 * @attention If the UIO_SctpAddAuthKey is added but not activated, the UIO_SctpAddAuthKey returns a success message 122 * when the interface is invoked again. 123 * @param ctx [IN] TLS context 124 * 125 * @retval HITLS_SUCCESS Operation succeeded. 126 * @retval HITLS_MSG_HANDLE_RANDOM_SIZE_ERR The random number length is incorrect. 127 * @retval For details, see UIO_SctpAddAuthKey. 128 */ 129 int32_t HS_SetSctpAuthKey(TLS_Ctx *ctx); 130 131 /** 132 * @brief Activate the sctp auth key. 133 * 134 * @param ctx [IN] TLS context 135 * 136 * @retval HITLS_SUCCESS operation succeeded. 137 * @retval For details, see UIO_SctpIsSndBuffEmpty and UIO_SctpActiveAuthKey. 138 */ 139 int32_t HS_ActiveSctpAuthKey(TLS_Ctx *ctx); 140 141 /** 142 * @brief Delete the previous SCTP auth key. 143 * 144 * @param ctx [IN] TLS context 145 * 146 * @retval HITLS_SUCCESS Operation succeeded. 147 * @retval HITLS_REC_NORMAL_IO_BUSY The underlying I/O buffer is not empty. 148 * @retval For details, see UIO_SctpDelPreAuthKey. 149 */ 150 int32_t HS_DeletePreviousSctpAuthKey(TLS_Ctx *ctx); 151 #endif /* #if defined(HITLS_TLS_PROTO_DTLS12) && defined(HITLS_BSL_UIO_SCTP) */ 152 153 bool IsNeedServerKeyExchange(const TLS_Ctx *ctx); 154 155 bool IsPskNegotiation(const TLS_Ctx *ctx); 156 157 bool IsNeedCertPrepare(const CipherSuiteInfo *cipherSuiteInfo); 158 159 bool IsTicketSupport(const TLS_Ctx *ctx); 160 161 int32_t CheckClientPsk(TLS_Ctx *ctx); 162 163 /** 164 * @brief Expand the capacity of the msgBuf in the hsCtx based on the received message length. 165 * 166 * @param ctx [IN] TLS context 167 * @param msgSize[IN] Expected length 168 * 169 * @retval HITLS_SUCCESS Operation succeeded. 170 * @retval HITLS_MEMALLOC_FAIL failed to apply for memory. 171 */ 172 int32_t HS_ReSizeMsgBuf(TLS_Ctx *ctx, uint32_t msgSize); 173 174 /** 175 * @brief Expand the capacity of the msgBuf in the hsCtx based on the length of the received message. The upper limit of 176 * the capacity does not exceed upperBound bytes, And you can choose whether to retain the original data 177 * @param ctx [IN] TLS context 178 * @param msgSize[IN] Expected length 179 * @param keepOldData[IN] Indicates whether to retain the old data. 180 * 181 * @retval HITLS_SUCCESS Operation succeeded. 182 * @retval HITLS_MEMALLOC_FAIL failed to apply for memory. 183 * @retval HITLS_MEMCPY_FAIL Data fails to be copied. 184 */ 185 int32_t HS_GrowMsgBuf(TLS_Ctx *ctx, uint32_t msgSize, bool keepOldData); 186 187 /** 188 * @brief Return the maximum packet length allowed by the handshake status. 189 * 190 * @param ctx [IN] TLS context 191 * @param type[IN] Handshake message type 192 * 193 * @retval Maximum message length allowed 194 */ 195 uint32_t HS_MaxMessageSize(TLS_Ctx *ctx, HS_MsgType type); 196 197 /** 198 * @brief Obtain the Binder length. 199 * 200 * @param ctx [IN] TLS context 201 * @param hashAlg [IN/OUT] Hash algorithm used in the process of calculating the binder 202 * 203 * @return Binder length 204 */ 205 uint32_t HS_GetBinderLen(HITLS_Session *session, HITLS_HashAlgo* hashAlg); 206 207 /** 208 * @brief Check whether the current version supports this group. 209 * 210 * @param version [IN] current version 211 * @param group [IN] group 212 * 213 * @return true: valid; false: invalid 214 */ 215 bool GroupConformToVersion(const TLS_Ctx *ctx, uint16_t version, uint16_t group); 216 217 /** 218 * @brief Check whether the ciphersuite is valid 219 * 220 * @param ctx [IN] TLS context 221 * @param cipherSuite [IN] cipherSuite 222 * 223 * @return true: valid; false: invalid 224 */ 225 bool IsCipherSuiteAllowed(const HITLS_Ctx *ctx, uint16_t cipherSuite); 226 227 uint16_t *CheckSupportSignAlgorithms(const TLS_Ctx *ctx, const uint16_t *signAlgorithms, 228 uint32_t signAlgorithmsSize, uint32_t *newSignAlgorithmsSize); 229 230 uint32_t HS_GetExtensionTypeId(uint32_t hsExtensionsType); 231 232 int32_t HS_CheckReceivedExtension(HITLS_Ctx *ctx, HS_MsgType hsType, uint64_t hsMsgExtensionsMask, 233 uint64_t hsMsgAllowedExtensionsMask); 234 235 #ifdef __cplusplus 236 } 237 #endif 238 239 #endif