2
0
mirror of https://github.com/xcat2/xNBA.git synced 2024-12-14 23:31:39 +00:00

TLS now working again.

This commit is contained in:
Michael Brown 2007-07-30 02:48:38 +01:00
parent 9a9f46ff58
commit 6fc9ed167e
3 changed files with 1904 additions and 14 deletions

View File

@ -1,12 +1,171 @@
#ifndef _GPXE_TLS_H
#define _GPXE_TLS_H
#include <errno.h>
/**
* @file
*
* Transport Layer Security Protocol
*/
struct stream_application;
#include <stdint.h>
#include <gpxe/refcnt.h>
#include <gpxe/filter.h>
#include <gpxe/process.h>
#include <gpxe/crypto.h>
#include <gpxe/md5.h>
#include <gpxe/sha1.h>
static inline int add_tls ( struct stream_application *app __unused ) {
return -ENOTSUP;
}
/** A TLS header */
struct tls_header {
/** Content type
*
* This is a TLS_TYPE_XXX constant
*/
uint8_t type;
/** Protocol version
*
* This is a TLS_VERSION_XXX constant
*/
uint16_t version;
/** Length of payload */
uint16_t length;
} __attribute__ (( packed ));
/** TLS version 1.0 */
#define TLS_VERSION_TLS_1_0 0x0301
/** TLS version 1.1 */
#define TLS_VERSION_TLS_1_1 0x0302
/** Change cipher content type */
#define TLS_TYPE_CHANGE_CIPHER 20
/** Alert content type */
#define TLS_TYPE_ALERT 21
/** Handshake content type */
#define TLS_TYPE_HANDSHAKE 22
/** Application data content type */
#define TLS_TYPE_DATA 23
/* Handshake message types */
#define TLS_HELLO_REQUEST 0
#define TLS_CLIENT_HELLO 1
#define TLS_SERVER_HELLO 2
#define TLS_CERTIFICATE 11
#define TLS_SERVER_KEY_EXCHANGE 12
#define TLS_CERTIFICATE_REQUEST 13
#define TLS_SERVER_HELLO_DONE 14
#define TLS_CERTIFICATE_VERIFY 15
#define TLS_CLIENT_KEY_EXCHANGE 16
#define TLS_FINISHED 20
/* TLS alert levels */
#define TLS_ALERT_WARNING 1
#define TLS_ALERT_FATAL 2
/* TLS cipher specifications */
#define TLS_RSA_WITH_NULL_MD5 0x0001
#define TLS_RSA_WITH_NULL_SHA 0x0002
#define TLS_RSA_WITH_AES_128_CBC_SHA 0x002f
#define TLS_RSA_WITH_AES_256_CBC_SHA 0x0035
/** TLS RX state machine state */
enum tls_rx_state {
TLS_RX_HEADER = 0,
TLS_RX_DATA,
};
/** TLS TX state machine state */
enum tls_tx_state {
TLS_TX_NONE = 0,
TLS_TX_CLIENT_HELLO,
TLS_TX_CLIENT_KEY_EXCHANGE,
TLS_TX_CHANGE_CIPHER,
TLS_TX_FINISHED,
TLS_TX_DATA
};
/** A TLS cipher specification */
struct tls_cipherspec {
/** Public-key encryption algorithm */
struct crypto_algorithm *pubkey;
/** Bulk encryption cipher algorithm */
struct crypto_algorithm *cipher;
/** MAC digest algorithm */
struct crypto_algorithm *digest;
/** Key length */
size_t key_len;
/** Dynamically-allocated storage */
void *dynamic;
/** Public key encryption context */
void *pubkey_ctx;
/** Bulk encryption cipher context */
void *cipher_ctx;
/** Next bulk encryption cipher context (TX only) */
void *cipher_next_ctx;
/** MAC secret */
void *mac_secret;
};
/** A TLS session */
struct tls_session {
/** Reference counter */
struct refcnt refcnt;
/** Plaintext stream */
struct xfer_filter_half plainstream;
/** Ciphertext stream */
struct xfer_filter_half cipherstream;
/** Current TX cipher specification */
struct tls_cipherspec tx_cipherspec;
/** Next TX cipher specification */
struct tls_cipherspec tx_cipherspec_pending;
/** Current RX cipher specification */
struct tls_cipherspec rx_cipherspec;
/** Next RX cipher specification */
struct tls_cipherspec rx_cipherspec_pending;
/** Premaster secret */
uint8_t pre_master_secret[48];
/** Master secret */
uint8_t master_secret[48];
/** Server random bytes */
uint8_t server_random[32];
/** Client random bytes */
uint8_t client_random[32];
/** MD5 context for handshake verification */
uint8_t handshake_md5_ctx[MD5_CTX_SIZE];
/** SHA1 context for handshake verification */
uint8_t handshake_sha1_ctx[SHA1_CTX_SIZE];
/** Hack: server RSA public key */
uint8_t *rsa_mod;
size_t rsa_mod_len;
uint8_t *rsa_pub_exp;
size_t rsa_pub_exp_len;
/** TX sequence number */
uint64_t tx_seq;
/** TX state */
enum tls_tx_state tx_state;
/** TX process */
struct process process;
/** RX sequence number */
uint64_t rx_seq;
/** RX state */
enum tls_rx_state rx_state;
/** Offset within current RX state */
size_t rx_rcvd;
/** Current received record header */
struct tls_header rx_header;
/** Current received raw data buffer */
void *rx_data;
};
extern int add_tls ( struct xfer_interface *xfer,
struct xfer_interface **next );
#endif /* _GPXE_TLS_H */

View File

@ -468,6 +468,7 @@ static struct xfer_interface_operations http_xfer_operations = {
static int http_open ( struct xfer_interface *xfer, struct uri *uri ) {
struct http_request *http;
struct sockaddr_tcpip server;
struct xfer_interface *socket;
int rc;
/* Sanity checks */
@ -487,19 +488,17 @@ static int http_open ( struct xfer_interface *xfer, struct uri *uri ) {
/* Open socket */
memset ( &server, 0, sizeof ( server ) );
server.st_port = htons ( uri_port ( http->uri, HTTP_PORT ) );
if ( ( rc = xfer_open_named_socket ( &http->socket, SOCK_STREAM,
socket = &http->socket;
if ( strcmp ( http->uri->scheme, "https" ) == 0 ) {
server.st_port = htons ( uri_port ( http->uri, HTTPS_PORT ) );
if ( ( rc = add_tls ( socket, &socket ) ) != 0 )
goto err;
}
if ( ( rc = xfer_open_named_socket ( socket, SOCK_STREAM,
( struct sockaddr * ) &server,
uri->host, NULL ) ) != 0 )
goto err;
#if 0
if ( strcmp ( http->uri->scheme, "https" ) == 0 ) {
st->st_port = htons ( uri_port ( http->uri, HTTPS_PORT ) );
if ( ( rc = add_tls ( &http->stream ) ) != 0 )
goto err;
}
#endif
/* Attach to parent interface, mortalise self, and return */
xfer_plug_plug ( &http->xfer, xfer );
ref_put ( &http->refcnt );

1732
src/net/tls.c Normal file

File diff suppressed because it is too large Load Diff