mirror of
https://github.com/xcat2/xNBA.git
synced 2024-12-14 23:31:39 +00:00
TLS now working again.
This commit is contained in:
parent
9a9f46ff58
commit
6fc9ed167e
@ -1,12 +1,171 @@
|
||||
#ifndef _GPXE_TLS_H
|
||||
#define _GPXE_TLS_H
|
||||
|
||||
#include <errno.h>
|
||||
/**
|
||||
* @file
|
||||
*
|
||||
* Transport Layer Security Protocol
|
||||
*/
|
||||
|
||||
struct stream_application;
|
||||
#include <stdint.h>
|
||||
#include <gpxe/refcnt.h>
|
||||
#include <gpxe/filter.h>
|
||||
#include <gpxe/process.h>
|
||||
#include <gpxe/crypto.h>
|
||||
#include <gpxe/md5.h>
|
||||
#include <gpxe/sha1.h>
|
||||
|
||||
static inline int add_tls ( struct stream_application *app __unused ) {
|
||||
return -ENOTSUP;
|
||||
}
|
||||
/** A TLS header */
|
||||
struct tls_header {
|
||||
/** Content type
|
||||
*
|
||||
* This is a TLS_TYPE_XXX constant
|
||||
*/
|
||||
uint8_t type;
|
||||
/** Protocol version
|
||||
*
|
||||
* This is a TLS_VERSION_XXX constant
|
||||
*/
|
||||
uint16_t version;
|
||||
/** Length of payload */
|
||||
uint16_t length;
|
||||
} __attribute__ (( packed ));
|
||||
|
||||
/** TLS version 1.0 */
|
||||
#define TLS_VERSION_TLS_1_0 0x0301
|
||||
|
||||
/** TLS version 1.1 */
|
||||
#define TLS_VERSION_TLS_1_1 0x0302
|
||||
|
||||
/** Change cipher content type */
|
||||
#define TLS_TYPE_CHANGE_CIPHER 20
|
||||
|
||||
/** Alert content type */
|
||||
#define TLS_TYPE_ALERT 21
|
||||
|
||||
/** Handshake content type */
|
||||
#define TLS_TYPE_HANDSHAKE 22
|
||||
|
||||
/** Application data content type */
|
||||
#define TLS_TYPE_DATA 23
|
||||
|
||||
/* Handshake message types */
|
||||
#define TLS_HELLO_REQUEST 0
|
||||
#define TLS_CLIENT_HELLO 1
|
||||
#define TLS_SERVER_HELLO 2
|
||||
#define TLS_CERTIFICATE 11
|
||||
#define TLS_SERVER_KEY_EXCHANGE 12
|
||||
#define TLS_CERTIFICATE_REQUEST 13
|
||||
#define TLS_SERVER_HELLO_DONE 14
|
||||
#define TLS_CERTIFICATE_VERIFY 15
|
||||
#define TLS_CLIENT_KEY_EXCHANGE 16
|
||||
#define TLS_FINISHED 20
|
||||
|
||||
/* TLS alert levels */
|
||||
#define TLS_ALERT_WARNING 1
|
||||
#define TLS_ALERT_FATAL 2
|
||||
|
||||
/* TLS cipher specifications */
|
||||
#define TLS_RSA_WITH_NULL_MD5 0x0001
|
||||
#define TLS_RSA_WITH_NULL_SHA 0x0002
|
||||
#define TLS_RSA_WITH_AES_128_CBC_SHA 0x002f
|
||||
#define TLS_RSA_WITH_AES_256_CBC_SHA 0x0035
|
||||
|
||||
/** TLS RX state machine state */
|
||||
enum tls_rx_state {
|
||||
TLS_RX_HEADER = 0,
|
||||
TLS_RX_DATA,
|
||||
};
|
||||
|
||||
/** TLS TX state machine state */
|
||||
enum tls_tx_state {
|
||||
TLS_TX_NONE = 0,
|
||||
TLS_TX_CLIENT_HELLO,
|
||||
TLS_TX_CLIENT_KEY_EXCHANGE,
|
||||
TLS_TX_CHANGE_CIPHER,
|
||||
TLS_TX_FINISHED,
|
||||
TLS_TX_DATA
|
||||
};
|
||||
|
||||
/** A TLS cipher specification */
|
||||
struct tls_cipherspec {
|
||||
/** Public-key encryption algorithm */
|
||||
struct crypto_algorithm *pubkey;
|
||||
/** Bulk encryption cipher algorithm */
|
||||
struct crypto_algorithm *cipher;
|
||||
/** MAC digest algorithm */
|
||||
struct crypto_algorithm *digest;
|
||||
/** Key length */
|
||||
size_t key_len;
|
||||
/** Dynamically-allocated storage */
|
||||
void *dynamic;
|
||||
/** Public key encryption context */
|
||||
void *pubkey_ctx;
|
||||
/** Bulk encryption cipher context */
|
||||
void *cipher_ctx;
|
||||
/** Next bulk encryption cipher context (TX only) */
|
||||
void *cipher_next_ctx;
|
||||
/** MAC secret */
|
||||
void *mac_secret;
|
||||
};
|
||||
|
||||
/** A TLS session */
|
||||
struct tls_session {
|
||||
/** Reference counter */
|
||||
struct refcnt refcnt;
|
||||
|
||||
/** Plaintext stream */
|
||||
struct xfer_filter_half plainstream;
|
||||
/** Ciphertext stream */
|
||||
struct xfer_filter_half cipherstream;
|
||||
|
||||
/** Current TX cipher specification */
|
||||
struct tls_cipherspec tx_cipherspec;
|
||||
/** Next TX cipher specification */
|
||||
struct tls_cipherspec tx_cipherspec_pending;
|
||||
/** Current RX cipher specification */
|
||||
struct tls_cipherspec rx_cipherspec;
|
||||
/** Next RX cipher specification */
|
||||
struct tls_cipherspec rx_cipherspec_pending;
|
||||
/** Premaster secret */
|
||||
uint8_t pre_master_secret[48];
|
||||
/** Master secret */
|
||||
uint8_t master_secret[48];
|
||||
/** Server random bytes */
|
||||
uint8_t server_random[32];
|
||||
/** Client random bytes */
|
||||
uint8_t client_random[32];
|
||||
/** MD5 context for handshake verification */
|
||||
uint8_t handshake_md5_ctx[MD5_CTX_SIZE];
|
||||
/** SHA1 context for handshake verification */
|
||||
uint8_t handshake_sha1_ctx[SHA1_CTX_SIZE];
|
||||
|
||||
/** Hack: server RSA public key */
|
||||
uint8_t *rsa_mod;
|
||||
size_t rsa_mod_len;
|
||||
uint8_t *rsa_pub_exp;
|
||||
size_t rsa_pub_exp_len;
|
||||
|
||||
/** TX sequence number */
|
||||
uint64_t tx_seq;
|
||||
/** TX state */
|
||||
enum tls_tx_state tx_state;
|
||||
/** TX process */
|
||||
struct process process;
|
||||
|
||||
/** RX sequence number */
|
||||
uint64_t rx_seq;
|
||||
/** RX state */
|
||||
enum tls_rx_state rx_state;
|
||||
/** Offset within current RX state */
|
||||
size_t rx_rcvd;
|
||||
/** Current received record header */
|
||||
struct tls_header rx_header;
|
||||
/** Current received raw data buffer */
|
||||
void *rx_data;
|
||||
};
|
||||
|
||||
extern int add_tls ( struct xfer_interface *xfer,
|
||||
struct xfer_interface **next );
|
||||
|
||||
#endif /* _GPXE_TLS_H */
|
||||
|
@ -468,6 +468,7 @@ static struct xfer_interface_operations http_xfer_operations = {
|
||||
static int http_open ( struct xfer_interface *xfer, struct uri *uri ) {
|
||||
struct http_request *http;
|
||||
struct sockaddr_tcpip server;
|
||||
struct xfer_interface *socket;
|
||||
int rc;
|
||||
|
||||
/* Sanity checks */
|
||||
@ -487,19 +488,17 @@ static int http_open ( struct xfer_interface *xfer, struct uri *uri ) {
|
||||
/* Open socket */
|
||||
memset ( &server, 0, sizeof ( server ) );
|
||||
server.st_port = htons ( uri_port ( http->uri, HTTP_PORT ) );
|
||||
if ( ( rc = xfer_open_named_socket ( &http->socket, SOCK_STREAM,
|
||||
socket = &http->socket;
|
||||
if ( strcmp ( http->uri->scheme, "https" ) == 0 ) {
|
||||
server.st_port = htons ( uri_port ( http->uri, HTTPS_PORT ) );
|
||||
if ( ( rc = add_tls ( socket, &socket ) ) != 0 )
|
||||
goto err;
|
||||
}
|
||||
if ( ( rc = xfer_open_named_socket ( socket, SOCK_STREAM,
|
||||
( struct sockaddr * ) &server,
|
||||
uri->host, NULL ) ) != 0 )
|
||||
goto err;
|
||||
|
||||
#if 0
|
||||
if ( strcmp ( http->uri->scheme, "https" ) == 0 ) {
|
||||
st->st_port = htons ( uri_port ( http->uri, HTTPS_PORT ) );
|
||||
if ( ( rc = add_tls ( &http->stream ) ) != 0 )
|
||||
goto err;
|
||||
}
|
||||
#endif
|
||||
|
||||
/* Attach to parent interface, mortalise self, and return */
|
||||
xfer_plug_plug ( &http->xfer, xfer );
|
||||
ref_put ( &http->refcnt );
|
||||
|
1732
src/net/tls.c
Normal file
1732
src/net/tls.c
Normal file
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue
Block a user