1 /* 2 * This file is part of the openHiTLS project. 3 * 4 * openHiTLS is licensed under the Mulan PSL v2. 5 * You can use this software according to the terms and conditions of the Mulan PSL v2. 6 * You may obtain a copy of Mulan PSL v2 at: 7 * 8 * http://license.coscl.org.cn/MulanPSL2 9 * 10 * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, 11 * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, 12 * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. 13 * See the Mulan PSL v2 for more details. 14 */ 15 16 #ifndef HS_VERIFY_H 17 #define HS_VERIFY_H 18 19 #include <stdint.h> 20 #include <stdbool.h> 21 #include "hitls_crypt_type.h" 22 #include "tls.h" 23 #include "hs_ctx.h" 24 25 #ifdef __cplusplus 26 extern "C" { 27 #endif 28 29 /** 30 * @brief Initialize the verify context 31 * @attention If it has been initialized, the verify context will be reset 32 * 33 * @param hsCtx [IN] Handshake context 34 * 35 * @retval HITLS_SUCCESS 36 * @retval HITLS_MEMALLOC_FAIL Memory allocation failed 37 */ 38 int32_t VERIFY_Init(HS_Ctx *hsCtx); 39 40 /** 41 * @brief Release verify context 42 * 43 * @param hsCtx [IN] Handshake context 44 */ 45 void VERIFY_Deinit(HS_Ctx *hsCtx); 46 47 /** 48 * @brief Calculate verify data 49 * 50 * @param ctx [IN] tls Context 51 * @param isClient [IN] Indicates whether the context is client. If yes, the system calculates the verify data 52 * sent by the client. Otherwise, the system calculates the verify data sent by the server. 53 * @param masterSecret [IN] 54 * @param masterSecretLen [IN] 55 * 56 * @retval HITLS_SUCCESS 57 * @retval HITLS_UNREGISTERED_CALLBACK Callback unregistered 58 * @retval HITLS_CRYPT_ERR_DIGEST Hash operation failed 59 * @retval HITLS_CRYPT_ERR_HMAC HMAC operation failed 60 * @retval HITLS_MEMALLOC_FAIL Memory allocation failed 61 */ 62 int32_t VERIFY_CalcVerifyData(TLS_Ctx *ctx, bool isClient, const uint8_t *masterSecret, uint32_t masterSecretLen); 63 64 /** 65 * @brief Calculate the client verify signature data 66 * 67 * @param ctx [IN] TLS context. Different TLS and DTLS versions require different processing 68 * @param privateKey [IN] Certificate private key 69 * @param signScheme [IN] Signature hash algorithm 70 * 71 * @retval HITLS_SUCCESS 72 * @retval HITLS_PACK_SIGNATURE_ERR Signing failed 73 */ 74 int32_t VERIFY_CalcSignData(TLS_Ctx *ctx, HITLS_CERT_Key *privateKey, HITLS_SignHashAlgo signScheme); 75 76 /** 77 * @brief Verify the client signature data 78 * 79 * @param ctx [IN] TLS context. Different TLS and DTLS versions require different processing 80 * @param pubkey [IN] Public key of the device certificate 81 * @param signScheme [IN] Signature hash algorithm 82 * @param signData [IN] Signature 83 * @param signDataLen [IN] Signature length 84 * 85 * @retval HITLS_SUCCESS 86 * @retval HITLS_PACK_SIGNATURE_ERR Signing failed 87 */ 88 int32_t VERIFY_VerifySignData(TLS_Ctx *ctx, HITLS_CERT_Key *pubkey, HITLS_SignHashAlgo signScheme, 89 const uint8_t *signData, uint16_t signDataLen); 90 91 /** 92 * @brief Obtain the verify data 93 * 94 * @param ctx [IN] verify context 95 * @param verifyData [OUT] 96 * @param verifyDataLen [IN/OUT] IN: maximum length of data OUT:verify data Len 97 * 98 * @retval HITLS_SUCCESS 99 * @retval HITLS_MEMCPY_FAIL Memory copy failed 100 */ 101 int32_t VERIFY_GetVerifyData(const VerifyCtx *ctx, uint8_t *verifyData, uint32_t *verifyDataLen); 102 103 /** 104 * @brief TLS1.3 calculate verify data 105 * 106 * @param ctx [IN] TLS Context 107 * @param isClient [IN] Indicates whether the context is client. If yes, the system calculates the verify data 108 * sent by the client. Otherwise, the system calculates the verify data sent by the server. 109 * @retval HITLS_SUCCESS 110 * @retval HITLS_UNREGISTERED_CALLBACK Callback unregistered 111 * @retval HITLS_CRYPT_ERR_DIGEST Hash operation failed 112 * @retval HITLS_CRYPT_ERR_HMAC HMAC operation failed 113 * @retval HITLS_MEMALLOC_FAIL Memory allocation failed 114 */ 115 int32_t VERIFY_Tls13CalcVerifyData(TLS_Ctx *ctx, bool isClient); 116 117 /** 118 * @brief Reprocess the verify data for the hello retry request message 119 * 120 * @param ctx [IN] TLS Context 121 * 122 * @retval HITLS_SUCCESS 123 * @retval For other error codes, see hitls_error.h 124 */ 125 int32_t VERIFY_HelloRetryRequestVerifyProcess(TLS_Ctx *ctx); 126 127 int32_t VERIFY_CalcPskBinder(const TLS_Ctx *ctx, HITLS_HashAlgo hashAlgo, bool isExternalPsk, uint8_t *psk, 128 uint32_t pskLen, const uint8_t *msg, uint32_t msgLen, uint8_t *binder, uint32_t binderLen); 129 130 #ifdef __cplusplus 131 } 132 #endif /* end __cplusplus */ 133 #endif /* end HS_VERIFY_H */ 134