• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * This file is part of the openHiTLS project.
3  *
4  * openHiTLS is licensed under the Mulan PSL v2.
5  * You can use this software according to the terms and conditions of the Mulan PSL v2.
6  * You may obtain a copy of Mulan PSL v2 at:
7  *
8  *     http://license.coscl.org.cn/MulanPSL2
9  *
10  * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
11  * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
12  * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
13  * See the Mulan PSL v2 for more details.
14  */
15 
16 #ifndef CIPHER_SUITE_H
17 #define CIPHER_SUITE_H
18 
19 #include <stdint.h>
20 #include <stdbool.h>
21 #include "hitls_build.h"
22 #include "hitls_config.h"
23 #include "hitls_crypt_type.h"
24 #include "hitls_cert_type.h"
25 #include "hitls_type.h"
26 
27 #ifdef __cplusplus
28 extern "C" {
29 #endif
30 
31 #define TLS_EMPTY_RENEGOTIATION_INFO_SCSV 0x00ffu   /* renegotiation cipher suite */
32 
33 #define TLS_FALLBACK_SCSV 0x5600u   /* downgraded protocol cipher suite */
34 
35 /* cert request Type of the certificate requested */
36 typedef enum {
37     /* rfc5246 7.4.4 */
38     CERT_TYPE_RSA_SIGN = 1,
39     CERT_TYPE_DSS_SIGN = 2,
40     CERT_TYPE_RSA_FIXED_DH = 3,
41     CERT_TYPE_DSS_FIXED_DH = 4,
42     /* rfc8422 5.5 */
43     CERT_TYPE_ECDSA_SIGN = 64,
44     CERT_TYPE_UNKNOWN = 255
45 } CERT_Type;
46 
47 /**
48  * CipherSuiteInfo structure, used to transfer public cipher suite information.
49  */
50 typedef struct TlsCipherSuiteInfo {
51     bool enable;                        /**< Enable flag */
52     const char *name;                   /**< Cipher suite name */
53     const char *stdName;                /**< RFC name of the cipher suite */
54     uint16_t cipherSuite;               /**< cipher suite */
55 
56     /* algorithm type */
57     HITLS_CipherAlgo cipherAlg;         /**< Symmetric-key algorithm */
58     HITLS_KeyExchAlgo kxAlg;            /**< key exchange algorithm */
59     HITLS_AuthAlgo authAlg;             /**< server authorization algorithm */
60     HITLS_MacAlgo macAlg;               /**< mac algorithm */
61     HITLS_HashAlgo hashAlg;             /**< hash algorithm */
62 
63     /**
64      * Signature combination, including the hash algorithm and signature algorithm:
65      * TLS 1.2 negotiates the signScheme.
66      */
67     HITLS_SignHashAlgo signScheme;
68 
69     /* key length */
70     uint8_t fixedIvLength;     /**< If the AEAD algorithm is used, the value is the implicit IV length */
71     uint8_t encKeyLen;         /**< Length of the symmetric key */
72     uint8_t macKeyLen;         /**<  If the AEAD algorithm is used, the MAC key length is 0 */
73 
74     /* result length */
75     uint8_t blockLength;      /**< If the block length is not zero, the alignment should be handled */
76     uint8_t recordIvLength;   /**< The explicit IV needs to be sent to the peer end */
77     uint8_t macLen;           /**< The length of the MAC address. If the AEAD algorithm is used, this member variable
78                                 *  will be the length of the tag */
79 
80     uint16_t minVersion;         /**< Minimum version supported by the cipher suite */
81     uint16_t maxVersion;         /**< Maximum version supported by the cipher suite */
82     uint16_t minDtlsVersion;     /**< Minimum DTLS version supported by the cipher suite */
83     uint16_t maxDtlsVersion;     /**< Maximum DTLS version supported by the cipher suite */
84     HITLS_CipherType cipherType; /**< Encryption algorithm type */
85     int32_t strengthBits;        /**< Encryption algorithm strength */
86 } CipherSuiteInfo;
87 
88 /**
89  * SignSchemeInfo structure, used to transfer the signature algorithm information.
90  */
91 typedef struct {
92     HITLS_SignHashAlgo scheme;      /**< Signature hash algorithm */
93     HITLS_SignAlgo signAlg;         /**< Signature algorithm */
94     HITLS_HashAlgo hashAlg;         /**< hash algorithm */
95 } SignSchemeInfo;
96 
97 typedef struct {
98     HITLS_SignHashAlgo scheme;      /**< signature algorithm */
99     HITLS_NamedGroup cureName;      /**< public key curve name (ECDSA only) */
100 } EcdsaCurveInfo;
101 
102 /**
103  * Mapping between cipher suites and certificate types
104  */
105 typedef struct {
106     uint16_t cipherSuite;      /**< cipher suite */
107     CERT_Type certType;        /**< Certificate type */
108 } CipherSuiteCertType;
109 
110 /**
111  * @brief   Obtain the cipher suite information.
112  *
113  * @param   cipherSuite [IN] Cipher suite of the information to be obtained
114  * @param   cipherInfo  [OUT] Cipher suite information
115  *
116  * @retval  HITLS_SUCCESS obtained successfully.
117  * @retval  HITLS_INTERNAL_EXCEPTION An unexpected internal error.
118  * @retval  HITLS_MEMCPY_FAIL memcpy_s failed to be executed.
119  * @retval  HITLS_CONFIG_UNSUPPORT_CIPHER_SUITE No information about the cipher suite is found.
120  */
121 int32_t CFG_GetCipherSuiteInfo(uint16_t cipherSuite, CipherSuiteInfo *cipherInfo);
122 
123 /**
124  * @brief   Check whether the input cipher suite is supported.
125  *
126  * @param   cipherSuite [IN] cipher suite to be checked
127  *
128  * @retval  true Supported
129  * @retval  false Not supported
130  */
131 bool CFG_CheckCipherSuiteSupported(uint16_t cipherSuite);
132 
133 /**
134  * @brief   Check whether the input cipher suite complies with the version.
135  *
136  * @param   cipherSuite [IN] cipher suite to be checked
137  * @param   minVersion  [IN] Indicates the earliest version of the cipher suite.
138  * @param   maxVersion  [IN] Indicates the latest version of the cipher suite.
139  *
140  * @retval  true Supported
141  * @retval  false Not supported
142  */
143 bool CFG_CheckCipherSuiteVersion(uint16_t cipherSuite, uint16_t minVersion, uint16_t maxVersion);
144 
145 /**
146  * @brief  Obtain the signature algorithm and hash algorithm by combining the parameters of
147  * the signature hash algorithm.
148  * @param   ctx [IN] TLS context
149  * @param   scheme [IN] Signature and hash algorithm combination
150  * @param   signAlg [OUT] Signature algorithm
151  * @param   hashAlg [OUT] Hash algorithm
152  *
153  * @retval  true Obtained successfully.
154  * @retval  false Obtaining failed.
155  */
156 bool CFG_GetSignParamBySchemes(const HITLS_Ctx *ctx, HITLS_SignHashAlgo scheme, HITLS_SignAlgo *signAlg,
157     HITLS_HashAlgo *hashAlg);
158 
159 /**
160  * @brief   Obtain the certificate type based on the cipher suite.
161  *
162  * @param   cipherSuite [IN] Cipher suite
163  *
164  * @retval  Certificate type corresponding to the cipher suite
165  */
166 uint8_t CFG_GetCertTypeByCipherSuite(uint16_t cipherSuite);
167 
168 
169 /**
170  * @brief   get the group name of the ecdsa
171  *
172  * @param   scheme [IN] signature algorithm
173  *
174  * @retval  group name
175  */
176 HITLS_NamedGroup CFG_GetEcdsaCurveNameBySchemes(const HITLS_Ctx *ctx, HITLS_SignHashAlgo scheme);
177 
178 #ifdef __cplusplus
179 }
180 #endif
181 
182 #endif // CIPHER_SUITE_H
183