tls13_misc.h
Go to the documentation of this file.
1 /**
2  * @file tls13_misc.h
3  * @brief TLS 1.3 helper functions
4  *
5  * @section License
6  *
7  * Copyright (C) 2010-2018 Oryx Embedded SARL. All rights reserved.
8  *
9  * This file is part of CycloneSSL Open.
10  *
11  * This program is free software; you can redistribute it and/or
12  * modify it under the terms of the GNU General Public License
13  * as published by the Free Software Foundation; either version 2
14  * of the License, or (at your option) any later version.
15  *
16  * This program is distributed in the hope that it will be useful,
17  * but WITHOUT ANY WARRANTY; without even the implied warranty of
18  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19  * GNU General Public License for more details.
20  *
21  * You should have received a copy of the GNU General Public License
22  * along with this program; if not, write to the Free Software Foundation,
23  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
24  *
25  * @author Oryx Embedded SARL (www.oryx-embedded.com)
26  * @version 1.9.0
27  **/
28 
29 #ifndef _TLS13_MISC_H
30 #define _TLS13_MISC_H
31 
32 //DHE key establishment
33 #ifndef TLS13_DHE_KE_SUPPORT
34  #define TLS13_DHE_KE_SUPPORT ENABLED
35 #elif (TLS13_DHE_KE_SUPPORT != ENABLED && TLS13_DHE_KE_SUPPORT != DISABLED)
36  #error TLS13_DHE_KE_SUPPORT parameter is not valid
37 #endif
38 
39 //ECDHE key establishment
40 #ifndef TLS13_ECDHE_KE_SUPPORT
41  #define TLS13_ECDHE_KE_SUPPORT ENABLED
42 #elif (TLS13_ECDHE_KE_SUPPORT != ENABLED && TLS13_ECDHE_KE_SUPPORT != DISABLED)
43  #error TLS13_ECDHE_KE_SUPPORT parameter is not valid
44 #endif
45 
46 //PSK-only key establishment
47 #ifndef TLS13_PSK_KE_SUPPORT
48  #define TLS13_PSK_KE_SUPPORT DISABLED
49 #elif (TLS13_PSK_KE_SUPPORT != ENABLED && TLS13_PSK_KE_SUPPORT != DISABLED)
50  #error TLS13_PSK_KE_SUPPORT parameter is not valid
51 #endif
52 
53 //PSK with DHE key establishment
54 #ifndef TLS13_PSK_DHE_KE_SUPPORT
55  #define TLS13_PSK_DHE_KE_SUPPORT ENABLED
56 #elif (TLS13_PSK_DHE_KE_SUPPORT != ENABLED && TLS13_PSK_DHE_KE_SUPPORT != DISABLED)
57  #error TLS13_PSK_DHE_KE_SUPPORT parameter is not valid
58 #endif
59 
60 //PSK with ECDHE key establishment
61 #ifndef TLS13_PSK_ECDHE_KE_SUPPORT
62  #define TLS13_PSK_ECDHE_KE_SUPPORT ENABLED
63 #elif (TLS13_PSK_ECDHE_KE_SUPPORT != ENABLED && TLS13_PSK_ECDHE_KE_SUPPORT != DISABLED)
64  #error TLS13_PSK_ECDHE_KE_SUPPORT parameter is not valid
65 #endif
66 
67 //Early data support
68 #ifndef TLS13_EARLY_DATA_SUPPORT
69  #define TLS13_EARLY_DATA_SUPPORT DISABLED
70 #elif (TLS13_EARLY_DATA_SUPPORT != ENABLED && TLS13_EARLY_DATA_SUPPORT != DISABLED)
71  #error TLS13_EARLY_DATA_SUPPORT parameter is not valid
72 #endif
73 
74 //Middlebox compatibility mode
75 #ifndef TLS13_MIDDLEBOX_COMPAT_SUPPORT
76  #define TLS13_MIDDLEBOX_COMPAT_SUPPORT ENABLED
77 #elif (TLS13_MIDDLEBOX_COMPAT_SUPPORT != ENABLED && TLS13_MIDDLEBOX_COMPAT_SUPPORT != DISABLED)
78  #error TLS13_MIDDLEBOX_COMPAT_SUPPORT parameter is not valid
79 #endif
80 
81 //Maximum size for cookies
82 #ifndef TLS13_MAX_COOKIE_SIZE
83  #define TLS13_MAX_COOKIE_SIZE 256
84 #elif (TLS13_MAX_COOKIE_SIZE < 32)
85  #error TLS13_MAX_COOKIE_SIZE parameter is not valid
86 #endif
87 
88 //Maximum size for session tickets
89 #ifndef TLS13_MAX_TICKET_SIZE
90  #define TLS13_MAX_TICKET_SIZE 1024
91 #elif (TLS13_MAX_TICKET_SIZE < 32)
92  #error TLS13_MAX_TICKET_SIZE parameter is not valid
93 #endif
94 
95 //Maximum lifetime of session tickets
96 #ifndef TLS13_MAX_TICKET_LIFETIME
97  #define TLS13_MAX_TICKET_LIFETIME 604800
98 #elif (TLS13_MAX_TICKET_LIFETIME < 0)
99  #error TLS13_MAX_TICKET_LIFETIME parameter is not valid
100 #endif
101 
102 //Age tolerance for tickets, in milliseconds
103 #ifndef TLS13_TICKET_AGE_TOLERANCE
104  #define TLS13_TICKET_AGE_TOLERANCE 5000
105 #elif (TLS13_TICKET_AGE_TOLERANCE < 0)
106  #error TLS13_TICKET_AGE_TOLERANCE parameter is not valid
107 #endif
108 
109 //Number of NewSessionTicket message sent by the server
110 #ifndef TLS_NEW_SESSION_TICKET_COUNT
111  #define TLS_NEW_SESSION_TICKET_COUNT 2
112 #elif (TLS_NEW_SESSION_TICKET_COUNT < 0)
113  #error TLS_NEW_SESSION_TICKET_COUNT parameter is not valid
114 #endif
115 
116 //Maximum size for HKDF digests
117 #if (TLS_SHA384_SUPPORT == ENABLED)
118  #define TLS13_MAX_HKDF_DIGEST_SIZE 48
119 #else
120  #define TLS13_MAX_HKDF_DIGEST_SIZE 32
121 #endif
122 
123 //C++ guard
124 #ifdef __cplusplus
125  extern "C" {
126 #endif
127 
128 
129 /**
130  * @brief Signature schemes (TLS 1.3)
131  **/
132 
133 typedef enum
134 {
153 
154 
155 /**
156  * @brief PSK key exchange modes
157  **/
158 
159 typedef enum
160 {
164 
165 
166 /**
167  * @brief Key update requests
168  **/
169 
170 typedef enum
171 {
175 
176 
177 //CodeWarrior or Win32 compiler?
178 #if defined(__CWCC__) || defined(_WIN32)
179  #pragma pack(push, 1)
180 #endif
181 
182 
183 /**
184  * @brief Cookie
185  **/
186 
187 typedef __start_packed struct
188 {
189  uint16_t length; //0-1
190  uint8_t value[]; //2
192 
193 
194 /**
195  * @brief Key share entry
196  **/
197 
198 typedef __start_packed struct
199 {
200  uint16_t group; //0
201  uint16_t length; //1
202  uint8_t keyExchange[]; //2
204 
205 
206 /**
207  * @brief List of key shares
208  **/
209 
210 typedef __start_packed struct
211 {
212  uint16_t length; //0
213  uint8_t value[]; //1
215 
216 
217 /**
218  * @brief List of PSK key exchange modes
219  **/
220 
221 typedef __start_packed struct
222 {
223  uint8_t length; //0
224  uint8_t value[]; //1
226 
227 
228 /**
229  * @brief PSK identity
230  **/
231 
232 typedef __start_packed struct
233 {
234  uint16_t length; //0-1
235  uint8_t value[]; //2
237 
238 
239 /**
240  * @brief List of PSK identities
241  **/
242 
243 typedef __start_packed struct
244 {
245  uint16_t length; //0-1
246  uint8_t value[]; //2
248 
249 
250 /**
251  * @brief PSK binder
252  **/
253 
254 typedef __start_packed struct
255 {
256  uint8_t length; //0
257  uint8_t value[]; //1
259 
260 
261 /**
262  * @brief List of PSK binders
263  **/
264 
265 typedef __start_packed struct
266 {
267  uint16_t length; //0-1
268  uint8_t value[]; //2
270 
271 
272 /**
273  * @brief Certificate request context
274  **/
275 
276 typedef __start_packed struct
277 {
278  uint8_t length; //0
279  uint8_t value[]; //1
281 
282 
283 /**
284  * @brief Digitally-signed element (TLS 1.3)
285  **/
286 
287 typedef __start_packed struct
288 {
289  uint16_t algorithm; //0-1
290  uint16_t length; //2-3
291  uint8_t value[]; //4
293 
294 
295 /**
296  * @brief HelloRetryRequest message
297  **/
298 
299 typedef __start_packed struct
300 {
301  uint16_t serverVersion; //0-1
302  uint8_t random[32]; //2-33
303  uint8_t sessionIdLen; //34
304  uint8_t sessionId[]; //35
306 
307 
308 /**
309  * @brief EndOfEarlyData message
310  **/
311 
312 typedef void *Tls13EndOfEarlyData;
313 
314 
315 /**
316  * @brief EncryptedExtensions message
317  **/
318 
319 typedef __start_packed struct
320 {
321  uint16_t extensionsLen; //0-1
322  uint8_t extensions[]; //2
324 
325 
326 /**
327  * @brief NewSessionTicket message (TLS 1.3)
328  **/
329 
330 typedef __start_packed struct
331 {
332  uint32_t ticketLifetime; //0-3
333  uint32_t ticketAgeAdd; //4-7
334  uint8_t ticketNonceLen; //8
335  uint8_t ticketNonce[]; //9
337 
338 
339 /**
340  * @brief KeyUpdate message
341  **/
342 
343 typedef __start_packed struct
344 {
345  uint8_t requestUpdate; //0
347 
348 
349 /**
350  * @brief Session ticket
351  **/
352 
353 typedef __start_packed struct
354 {
355  uint16_t length; //0-1
356  uint8_t data[]; //2
358 
359 
360 /**
361  * @brief Session state information
362  **/
363 
364 typedef __start_packed struct
365 {
366  uint16_t version; ///<Protocol version
367  uint16_t cipherSuite; ///<Cipher suite identifier
368  systime_t ticketTimestamp; ///<Timestamp to manage ticket lifetime
369  uint32_t ticketLifetime; ///<Lifetime of the ticket
370  uint32_t ticketAgeAdd; ///<Random value used to obscure the age of the ticket
371  uint8_t ticketNonce[4]; ///<A per-ticket value that is unique across all tickets issued
372  size_t ticketPskLen; ///<Length of the PSK associated with the ticket
373  uint8_t ticketPsk[TLS13_MAX_HKDF_DIGEST_SIZE]; ///<PSK associated with the ticket
375 
376 
377 //CodeWarrior or Win32 compiler?
378 #if defined(__CWCC__) || defined(_WIN32)
379  #pragma pack(pop)
380 #endif
381 
382 
383 //TLS 1.3 related constants
384 extern const uint8_t tls11DowngradeRandom[8];
385 extern const uint8_t tls12DowngradeRandom[8];
386 extern const uint8_t tls13HelloRetryRequestRandom[32];
387 
388 //TLS 1.3 related functions
389 error_t tls13ComputePskBinder(TlsContext *context, const void *clientHello,
390  size_t clientHelloLen, size_t truncatedClientHelloLen,
391  const Tls13PskIdentity *identity, uint8_t *binder, size_t binderLen);
392 
393 error_t tls13GenerateKeyShare(TlsContext *context, uint16_t namedGroup);
394 
395 error_t tls13GenerateSharedSecret(TlsContext *context, const uint8_t *keyShare,
396  size_t length);
397 
398 error_t tls13GenerateSignature(TlsContext *context, uint8_t *p,
399  size_t *length);
400 
401 error_t tls13VerifySignature(TlsContext *context, const uint8_t *p,
402  size_t length);
403 
405 
408 
409 bool_t tls13IsGroupSupported(TlsContext *context, uint16_t namedGroup);
410 bool_t tls13IsEcdheGroupSupported(TlsContext *context, uint16_t namedGroup);
411 bool_t tls13IsFfdheGroupSupported(TlsContext *context, uint16_t namedGroup);
412 
413 error_t tls13CheckDuplicateKeyShare(uint16_t namedGroup, const uint8_t *p,
414  size_t length);
415 
416 error_t tls13FormatCertExtensions(uint8_t *p, size_t *written);
417 
418 error_t tls13ParseCertExtensions(const uint8_t *p, size_t length,
419  size_t *consumed);
420 
421 //C++ guard
422 #ifdef __cplusplus
423  }
424 #endif
425 
426 #endif
__start_packed struct @95 Tls13KeyShareEntry
Key share entry.
uint32_t systime_t
Definition: compiler_port.h:44
__start_packed struct @98 Tls13PskIdentity
PSK identity.
uint16_t extensionsLen
Definition: tls13_misc.h:321
bool_t tls13IsTicketValid(TlsContext *context)
systime_t ticketTimestamp
Timestamp to manage ticket lifetime.
Definition: tls13_misc.h:368
error_t tls13GenerateKeyShare(TlsContext *context, uint16_t namedGroup)
uint8_t p
Definition: ndp.h:295
bool_t tls13IsGroupSupported(TlsContext *context, uint16_t namedGroup)
uint8_t requestUpdate
Definition: tls13_misc.h:345
uint8_t ticketNonce[]
A per-ticket value that is unique across all tickets issued.
Definition: tls13_misc.h:335
uint16_t version
Protocol version.
Definition: tls13_misc.h:366
Tls13KeyUpdateRequest
Key update requests.
Definition: tls13_misc.h:170
__start_packed struct @100 Tls13PskBinder
PSK binder.
Tls13PskKeyExchMode
PSK key exchange modes.
Definition: tls13_misc.h:159
__start_packed struct @97 Tls13PskKeModeList
List of PSK key exchange modes.
uint16_t algorithm
Definition: tls13_misc.h:289
Tls13SignatureScheme
Signature schemes (TLS 1.3)
Definition: tls13_misc.h:133
const uint8_t tls12DowngradeRandom[8]
uint8_t value[]
Definition: tls13_misc.h:190
__start_packed struct @101 Tls13PskBinderList
List of PSK binders.
__start_packed struct @105 Tls13EncryptedExtensions
EncryptedExtensions message.
uint32_t ticketLifetime
Lifetime of the ticket.
Definition: tls13_misc.h:332
__start_packed struct @102 Tls13CertRequestContext
Certificate request context.
__start_packed struct @106 Tls13NewSessionTicket
NewSessionTicket message (TLS 1.3)
#define TLS13_MAX_HKDF_DIGEST_SIZE
Definition: tls13_misc.h:118
bool_t tls13IsFfdheGroupSupported(TlsContext *context, uint16_t namedGroup)
uint8_t data[]
Definition: tls13_misc.h:356
__start_packed struct @107 Tls13KeyUpdate
KeyUpdate message.
error_t tls13GenerateSignature(TlsContext *context, uint8_t *p, size_t *length)
error_t tls13DigestClientHello1(TlsContext *context)
uint16_t cipherSuite
Cipher suite identifier.
Definition: tls13_misc.h:367
uint8_t random[32]
Definition: tls13_misc.h:302
size_t ticketPskLen
Length of the PSK associated with the ticket.
Definition: tls13_misc.h:372
error_t tls13ComputePskBinder(TlsContext *context, const void *clientHello, size_t clientHelloLen, size_t truncatedClientHelloLen, const Tls13PskIdentity *identity, uint8_t *binder, size_t binderLen)
__start_packed struct _Ipv4Header __end_packed
error_t tls13VerifySignature(TlsContext *context, const uint8_t *p, size_t length)
__start_packed struct @108 Tls13Ticket
Session ticket.
uint8_t sessionIdLen
Definition: tls13_misc.h:303
uint8_t sessionId[]
Definition: tls13_misc.h:304
error_t
Error codes.
Definition: error.h:40
uint32_t ticketAgeAdd
Random value used to obscure the age of the ticket.
Definition: tls13_misc.h:333
uint8_t extensions[]
Definition: tls13_misc.h:322
bool_t tls13IsPskValid(TlsContext *context)
__start_packed struct @99 Tls13PskIdentityList
List of PSK identities.
error_t tls13CheckDuplicateKeyShare(uint16_t namedGroup, const uint8_t *p, size_t length)
__start_packed struct @94 Tls13Cookie
Cookie.
error_t tls13GenerateSharedSecret(TlsContext *context, const uint8_t *keyShare, size_t length)
__start_packed struct @103 Tls13DigitalSignature
Digitally-signed element (TLS 1.3)
const uint8_t tls13HelloRetryRequestRandom[32]
uint16_t group
Definition: tls13_misc.h:200
__start_packed struct @96 Tls13KeyShareList
List of key shares.
uint8_t ticketPsk[TLS13_MAX_HKDF_DIGEST_SIZE]
PSK associated with the ticket.
Definition: tls13_misc.h:373
uint16_t length
Definition: tls13_misc.h:189
uint8_t ticketNonceLen
Definition: tls13_misc.h:334
__start_packed struct @109 Tls13SessionState
Session state information.
void * Tls13EndOfEarlyData
EndOfEarlyData message.
Definition: tls13_misc.h:312
uint8_t keyExchange[]
Definition: tls13_misc.h:202
#define TlsContext
Definition: tls.h:34
__start_packed struct @104 Tls13HelloRetryRequest
HelloRetryRequest message.
const uint8_t tls11DowngradeRandom[8]
int bool_t
Definition: compiler_port.h:47
uint16_t serverVersion
Definition: tls13_misc.h:301
error_t tls13FormatCertExtensions(uint8_t *p, size_t *written)
error_t tls13ParseCertExtensions(const uint8_t *p, size_t length, size_t *consumed)
bool_t tls13IsEcdheGroupSupported(TlsContext *context, uint16_t namedGroup)