1 /* 2 * This file is part of the openHiTLS project. 3 * 4 * openHiTLS is licensed under the Mulan PSL v2. 5 * You can use this software according to the terms and conditions of the Mulan PSL v2. 6 * You may obtain a copy of Mulan PSL v2 at: 7 * 8 * http://license.coscl.org.cn/MulanPSL2 9 * 10 * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, 11 * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, 12 * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. 13 * See the Mulan PSL v2 for more details. 14 */ 15 16 #ifndef HS_CTX_H 17 #define HS_CTX_H 18 19 #include <stdint.h> 20 #include "hitls_build.h" 21 #include "sal_time.h" 22 #include "hitls_cert_type.h" 23 #include "hitls_crypt_type.h" 24 #include "cert.h" 25 #include "crypt.h" 26 #include "rec.h" 27 #include "hs_msg.h" 28 29 #ifdef __cplusplus 30 extern "C" { 31 #endif 32 33 #define MASTER_SECRET_LEN 48u 34 #define HS_PSK_IDENTITY_MAX_LEN 128u /* Maximum length of PSK-negotiated identity information */ 35 #define HS_PSK_MAX_LEN 256u 36 #define COOKIE_SECRET_LIFETIME 5u /* the number of times the cookie's secret is used */ 37 38 /* Transmits ECDH key exchange data */ 39 typedef struct { 40 HITLS_ECParameters curveParams; /* Elliptic curve parameter */ 41 } EcdhParam; 42 43 /* Transmits DH key exchange data */ 44 typedef struct { 45 uint8_t *p; /* prime */ 46 uint8_t *g; /* generator */ 47 uint16_t plen; /* prime length */ 48 uint16_t glen; /* generator length */ 49 } DhParam; 50 51 /* Used to transfer RSA key exchange data */ 52 typedef struct { 53 uint8_t preMasterSecret[MASTER_SECRET_LEN]; 54 } RsaParam; 55 56 /* Used to transfer Ecc key exchange data */ 57 typedef struct { 58 uint8_t preMasterSecret[MASTER_SECRET_LEN]; 59 } EccParam; 60 61 typedef struct { 62 /* For TLS1.3 multi-key share, we try to send two key shares: 63 * - One for key encapsulation mechanism (KEM) 64 * - One for key exchange (KEX) */ 65 HITLS_NamedGroup group; /* First group for key share */ 66 HITLS_NamedGroup secondGroup; /* Second group for key share */ 67 } KeyShareParam; 68 69 /** 70 * @ingroup hitls 71 * 72 * @brief PskInfo is used for PSK negotiation and stores identity and psk during negotiation 73 */ 74 #ifdef HITLS_TLS_FEATURE_PSK 75 typedef struct { 76 uint8_t *identity; 77 uint32_t identityLen; 78 uint8_t *psk; 79 uint32_t pskLen; 80 } PskInfo; 81 #endif /* HITLS_TLS_FEATURE_PSK */ 82 #ifdef HITLS_TLS_PROTO_TLS13 83 typedef struct { 84 uint8_t *identity; 85 uint32_t identityLen; 86 HITLS_Session *pskSession; 87 uint8_t num; 88 } UserPskList; 89 90 typedef struct { 91 UserPskList *userPskSess; /* tls 1.3 user psk session */ 92 HITLS_Session *resumeSession; /* tls 1.3 psk resume */ 93 int32_t selectIndex; /* selected index */ 94 uint8_t *psk; /* selected psk */ 95 uint32_t pskLen; 96 } PskInfo13; 97 #endif /* HITLS_TLS_PROTO_TLS13 */ 98 99 /* Used to transfer the key exchange context */ 100 typedef struct { 101 HITLS_KeyExchAlgo keyExchAlgo; 102 union { 103 EcdhParam ecdh; 104 DhParam dh; 105 RsaParam rsa; 106 EccParam ecc; /* Sm2 parameter */ 107 KeyShareParam share; 108 } keyExchParam; 109 HITLS_CRYPT_Key *key; /* Local key pair */ 110 HITLS_CRYPT_Key *secondKey; /* second key pair for tls1.3 multi-key share */ 111 uint8_t *peerPubkey; /* peer public key or peer ciphertext */ 112 uint32_t pubKeyLen; /* peer public key length */ 113 #ifdef HITLS_TLS_FEATURE_PSK 114 PskInfo *pskInfo; /* PSK data tls 1.2 */ 115 #endif /* HITLS_TLS_FEATURE_PSK */ 116 #ifdef HITLS_TLS_PROTO_TLS13 117 PskInfo13 pskInfo13; /* tls 1.3 psk */ 118 uint8_t *ciphertext; /* local ciphertext */ 119 uint32_t ciphertextLen; /* ciphertext length */ 120 #endif /* HITLS_TLS_PROTO_TLS13 */ 121 } KeyExchCtx; 122 123 /* Buffer for transmitting handshake data. */ 124 typedef struct HsMsgCache { 125 uint8_t *data; 126 uint32_t dataSize; 127 struct HsMsgCache *next; 128 } HsMsgCache; 129 130 /* Used to transfer the handshake data verification context. */ 131 typedef struct { 132 HITLS_HashAlgo hashAlgo; 133 HITLS_HASH_Ctx *hashCtx; 134 uint8_t verifyData[MAX_SIGN_SIZE]; 135 uint32_t verifyDataSize; 136 HsMsgCache *dataBuf; /* handshake data buffer */ 137 } VerifyCtx; 138 139 /* Used to pass the handshake context */ 140 struct HsCtx { 141 HITLS_HandshakeState state; 142 ExtensionFlag extFlag; 143 #ifdef HITLS_TLS_PROTO_TLS13 144 HITLS_HandshakeState ccsNextState; 145 bool haveHrr; /* Whether the hello retry request has been processed */ 146 #endif 147 bool isNeedClientCert; 148 #if defined(HITLS_TLS_FEATURE_SESSION) || defined(HITLS_TLS_PROTO_TLS13) 149 uint32_t sessionIdSize; 150 uint8_t *sessionId; 151 #endif 152 uint8_t *clientRandom; 153 uint8_t *serverRandom; 154 #ifdef HITLS_TLS_PROTO_TLS13 155 uint8_t earlySecret[MAX_DIGEST_SIZE]; 156 uint8_t handshakeSecret[MAX_DIGEST_SIZE]; 157 #endif 158 uint8_t masterKey[MAX_DIGEST_SIZE]; 159 CERT_Pair *peerCert; 160 #ifdef HITLS_TLS_FEATURE_ALPN 161 uint8_t *clientAlpnList; 162 uint32_t clientAlpnListSize; 163 #endif 164 #ifdef HITLS_TLS_FEATURE_SNI 165 uint8_t *serverName; 166 uint32_t serverNameSize; 167 #endif 168 #ifdef HITLS_TLS_FEATURE_SESSION_TICKET 169 uint32_t ticketSize; 170 uint8_t *ticket; 171 uint32_t ticketLifetimeHint; /* ticket timeout interval, in seconds */ 172 #ifdef HITLS_TLS_PROTO_TLS13 173 uint32_t ticketAgeAdd; /* Used to obfuscate ticket age */ 174 175 uint64_t nextTicketNonce; /* TLS1.3 connection, starting from 0 and increasing in ascending order */ 176 uint32_t sentTickets; /* TLS1.3 Number of tickets sent */ 177 #endif /* HITLS_TLS_PROTO_TLS13 */ 178 #endif /* HITLS_TLS_FEATURE_SESSION_TICKET */ 179 KeyExchCtx *kxCtx; /* Key Exchange Context */ 180 VerifyCtx *verifyCtx; /* Verify the context of handshake data. */ 181 uint8_t *msgBuf; /* Buffer for receiving and sending messages */ 182 uint32_t msgOffset; /* messages offset */ 183 uint32_t bufferLen; /* messages buffer size */ 184 uint32_t msgLen; /* Total length of buffered messages */ 185 #ifdef HITLS_TLS_PROTO_TLS13 186 uint8_t clientHsTrafficSecret[MAX_DIGEST_SIZE]; /* Handshake secret used to encrypt the message sent by the TLS1.3 187 client */ 188 uint8_t serverHsTrafficSecret[MAX_DIGEST_SIZE]; /* Handshake secret used to encrypt the message sent by the TLS1.3 189 server */ 190 ClientHelloMsg *firstClientHello; /* TLS1.3 server records the first received ClientHello message */ 191 #endif /* HITLS_TLS_PROTO_TLS13 */ 192 #ifdef HITLS_TLS_PROTO_DTLS12 193 uint16_t nextSendSeq; /* message sending sequence number */ 194 uint16_t expectRecvSeq; /* message receiving sequence number */ 195 HS_ReassQueue *reassMsg; /* reassembly message queue, used for reassembly of fragmented messages */ 196 197 /* To reduce the calculation amount for determining timeout, use the end time instead of the start time. If the end 198 * time is exceeded, the receiving times out. */ 199 BSL_TIME deadline; /* End time */ 200 uint32_t timeoutValue; /* Timeout interval, in us. */ 201 uint32_t timeoutNum; /* Timeout count */ 202 #endif /* HITLS_TLS_PROTO_DTLS12 */ 203 }; 204 205 #ifdef __cplusplus 206 } 207 #endif /* end __cplusplus */ 208 #endif /* end HS_CTX_H */