[freeradius.git] / src / include / tls-h

/*
 *   This program is free software; you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
 *   the Free Software Foundation; either version 2 of the License, or
 *   (at your option) any later version.
 *
 *   This program is distributed in the hope that it will be useful,
 *   but WITHOUT ANY WARRANTY; without even the implied warranty of
 *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *   GNU General Public License for more details.
 *
 *   You should have received a copy of the GNU General Public License
 *   along with this program; if not, write to the Free Software
 *   Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
 */
#ifndef FR_TLS_H
#define FR_TLS_H

#ifdef WITH_TLS
/*
 * $Id$
 *
 * @file tls.h
 * @brief Structures and prototypes for TLS wrappers
 *
 * @copyright 2010 Network RADIUS SARL <info@networkradius.com>
 */

RCSIDH(tls_h, "$Id$")

#include <freeradius-devel/conffile.h>

/*
 *      For RH 9, which apparently needs this.
 */
#ifndef OPENSSL_NO_KRB5
#  define OPENSSL_NO_KRB5
#endif
#include <openssl/err.h>
#ifdef HAVE_OPENSSL_ENGINE_H
#  include <openssl/engine.h>
#endif
#include <openssl/ssl.h>

#ifdef __cplusplus
extern "C" {
#endif

typedef struct fr_tls_server_conf_t fr_tls_server_conf_t;

typedef enum {
        FR_TLS_INVALID = 0,             /* invalid, don't reply */
        FR_TLS_REQUEST,                 /* request, ok to send, invalid to receive */
        FR_TLS_RESPONSE,                /* response, ok to receive, invalid to send */
        FR_TLS_SUCCESS,                 /* success, send success */
        FR_TLS_FAIL,                    /* fail, send fail */
        FR_TLS_NOOP,                    /* noop, continue */

        FR_TLS_START,                   /* start, ok to send, invalid to receive */
        FR_TLS_OK,                      /* ok, continue */
        FR_TLS_ACK,                     /* acknowledge, continue */
        FR_TLS_FIRST_FRAGMENT,          /* first fragment */
        FR_TLS_MORE_FRAGMENTS,          /* more fragments, to send/receive */
        FR_TLS_LENGTH_INCLUDED,         /* length included */
        FR_TLS_MORE_FRAGMENTS_WITH_LENGTH,   /* more fragments with length */
        FR_TLS_HANDLED                  /* tls code has handled it */
} fr_tls_status_t;

#define MAX_RECORD_SIZE 16384

/*
 *      A single TLS record may be up to 16384 octets in length, but a
 *      TLS message may span multiple TLS records, and a TLS
 *      certificate message may in principle be as long as 16MB.
 *
 *      However, note that in order to protect against reassembly
 *      lockup and denial of service attacks, it may be desirable for
 *      an implementation to set a maximum size for one such group of
 *      TLS messages.
 *
 *      The TLS Message Length field is four octets, and provides the
 *      total length of the TLS message or set of messages that is
 *      being fragmented; this simplifies buffer allocation.
 */

/*
 * FIXME: Dynamic allocation of buffer to overcome MAX_RECORD_SIZE overflows.
 *      or configure TLS not to exceed MAX_RECORD_SIZE.
 */
typedef struct _record_t {
        unsigned char data[MAX_RECORD_SIZE];
        unsigned int  used;
} record_t;

typedef struct _tls_info_t {
        unsigned char   origin;
        unsigned char   content_type;
        unsigned char   handshake_type;
        unsigned char   alert_level;
        unsigned char   alert_description;
        char            info_description[256];
        size_t          record_len;
        int             version;
        char            initialized;
} tls_info_t;

/*
 * tls_session_t Structure gets stored as opaque in eap_handler_t
 * This contains EAP-REQUEST specific data
 * (ie FR_TLS_DATA(fragment), EAPTLS-ALERT, EAPTLS-REQUEST ...)
 *
 * clean_in  - data that needs to be sent but only after it is soiled.
 * dirty_in  - data EAP server receives.
 * clean_out - data that is cleaned after receiving.
 * dirty_out - data EAP server sends.
 * offset    - current fragment size transmitted
 * fragment  - Flag, In fragment mode or not.
 * tls_msg_len - Actual/Total TLS message length.
 * length_flag - A flag to include length in every TLS Data/Alert packet
 *                                      if set to no then only the first fragment contains length
 */
typedef struct _tls_session_t {
        SSL_CTX         *ctx;
        SSL             *ssl;
        tls_info_t      info;

        BIO             *into_ssl;
        BIO             *from_ssl;
        record_t        clean_in;
        record_t        clean_out;
        record_t        dirty_in;
        record_t        dirty_out;

        void            (*record_init)(record_t *buf);
        void            (*record_close)(record_t *buf);
        unsigned int    (*record_plus)(record_t *buf, void const *ptr,
                                       unsigned int size);
        unsigned int    (*record_minus)(record_t *buf, void *ptr,
                                        unsigned int size);

        bool            invalid_hb_used;

        /*
         * Framed-MTU attribute in RADIUS,
         * if present, can also be used to set this
         */
        unsigned int    offset;
        unsigned int    tls_msg_len;
        int             fragment;
        int             length_flag;
        int             peap_flag;

        /*
         *      Used by TTLS & PEAP to keep track of other per-session
         *      data.
         */
        void            *opaque;
        void            (*free_opaque)(void *opaque);

        char const      *prf_label;
        int             allow_session_resumption;
} tls_session_t;


/*
 *      RFC 2716, Section 4.2:
 *
 *         Flags
 *
 *      0 1 2 3 4 5 6 7 8
 *      +-+-+-+-+-+-+-+-+
 *      |L M S R R R R R|
 *      +-+-+-+-+-+-+-+-+
 *
 *      L = Length included
 *      M = More fragments
 *      S = EAP-TLS start
 *      R = Reserved
 */
#define TLS_START(x)            (((x) & 0x20) != 0)
#define TLS_MORE_FRAGMENTS(x)   (((x) & 0x40) != 0)
#define TLS_LENGTH_INCLUDED(x)  (((x) & 0x80) != 0)

#define TLS_CHANGE_CIPHER_SPEC(x)       (((x) & 0x0014) == 0x0014)
#define TLS_ALERT(x)                    (((x) & 0x0015) == 0x0015)
#define TLS_HANDSHAKE(x)                (((x) & 0x0016) == 0x0016)

#define SET_START(x)            ((x) | (0x20))
#define SET_MORE_FRAGMENTS(x)   ((x) | (0x40))
#define SET_LENGTH_INCLUDED(x)  ((x) | (0x80))

/*
 *      Following enums from rfc2246
 *
 *      Hmm... since we dpeend on OpenSSL, it would be smarter to
 *      use the OpenSSL names for these.
 */
enum ContentType {
        change_cipher_spec = 20,
        alert = 21,
        handshake = 22,
        application_data = 23
};

enum AlertLevel {
        warning = 1,
        fatal = 2
};

enum AlertDescription {
        close_notify = 0,
        unexpected_message = 10,
        bad_record_mac = 20,
        decryption_failed = 21,
        record_overflow = 22,
        decompression_failure = 30,
        handshake_failure = 40,
        bad_certificate = 42,
        unsupported_certificate = 43,
        certificate_revoked = 44,
        certificate_expired = 45,
        certificate_unknown = 46,
        illegal_parameter = 47,
        unknown_ca = 48,
        access_denied = 49,
        decode_error = 50,
        decrypt_error = 51,
        export_restriction = 60,
        protocol_version = 70,
        insufficient_security = 71,
        internal_error = 80,
        user_canceled = 90,
        no_renegotiation = 100
};

enum HandshakeType {
        hello_request = 0,
        client_hello = 1,
        server_hello = 2,
        certificate = 11,
        server_key_exchange  = 12,
        certificate_request = 13,
        server_hello_done = 14,
        certificate_verify = 15,
        client_key_exchange = 16,
        finished = 20
};


/*
 * From rfc
   Flags

      0 1 2 3 4 5 6 7 8
      +-+-+-+-+-+-+-+-+
      |L M S R R R R R|
      +-+-+-+-+-+-+-+-+

      L = Length included
      M = More fragments
      S = EAP-TLS start
      R = Reserved

      The L bit (length included) is set to indicate the presence of the
      four octet TLS Message Length field, and MUST be set for the first
      fragment of a fragmented TLS message or set of messages. The M bit
      (more fragments) is set on all but the last fragment. The S bit
      (EAP-TLS start) is set in an EAP-TLS Start message.  This
      differentiates the EAP-TLS Start message from a fragment
      acknowledgement.

   TLS Message Length

      The TLS Message Length field is four octets, and is present only
      if the L bit is set. This field provides the total length of the
      TLS message or set of messages that is being fragmented.

   TLS data

      The TLS data consists of the encapsulated TLS packet in TLS record
      format.
 *
 * The data structures present here
 * maps only to the typedata in the EAP packet
 *
 * Based on the L bit flag, first 4 bytes of data indicate the length
 */

/* Callbacks */
int             cbtls_password(char *buf, int num, int rwflag, void *userdata);
void            cbtls_info(SSL const *s, int where, int ret);
void            cbtls_msg(int write_p, int msg_version, int content_type, void const *buf, size_t len, SSL *ssl,
                          void *arg);
int             cbtls_verify(int ok, X509_STORE_CTX *ctx);

/* TLS */
void            tls_global_init(void);
int             tls_global_version_check(char const *acknowledged);
void            tls_global_cleanup(void);
tls_session_t   *tls_new_session(TALLOC_CTX *ctx, fr_tls_server_conf_t *conf, REQUEST *request, bool client_cert);
tls_session_t   *tls_new_client_session(fr_tls_server_conf_t *conf, int fd);
fr_tls_server_conf_t *tls_server_conf_parse(CONF_SECTION *cs);
fr_tls_server_conf_t *tls_client_conf_parse(CONF_SECTION *cs);
int             tls_handshake_recv(REQUEST *, tls_session_t *ssn);
int             tls_handshake_send(REQUEST *, tls_session_t *ssn);
void            tls_session_information(tls_session_t *ssn);

/*
 *      Low-level TLS stuff
 */
int tls_success(tls_session_t *ssn, REQUEST *request);
void tls_fail(tls_session_t *ssn);
fr_tls_status_t tls_ack_handler(tls_session_t *tls_session, REQUEST *request);
fr_tls_status_t tls_application_data(tls_session_t *ssn, REQUEST *request);

/* Session */
void            session_close(tls_session_t *ssn);
void            session_init(tls_session_t *ssn);

#define FR_TLS_EX_INDEX_HANDLER  (10)
#define FR_TLS_EX_INDEX_CONF     (11)
#define FR_TLS_EX_INDEX_REQUEST  (12)
#define FR_TLS_EX_INDEX_IDENTITY (13)
#define FR_TLS_EX_INDEX_STORE    (14)
#define FR_TLS_EX_INDEX_SSN      (15)
#define FR_TLS_EX_INDEX_TALLOC   (16)

extern int FR_TLS_EX_INDEX_CERTS;

/* configured values goes right here */
struct fr_tls_server_conf_t {
        SSL_CTX         *ctx;
        CONF_SECTION    *cs;

        char const      *private_key_password;
        char const      *private_key_file;
        char const      *certificate_file;
        char const      *random_file;
        char const      *ca_path;
        char const      *ca_file;
        char const      *dh_file;
        char const      *rsa_file;
        bool            rsa_key;
        bool            dh_key;
        uint32_t        rsa_key_length;
        uint32_t        dh_key_length;
        uint32_t        verify_depth;
        bool            file_type;
        bool            include_length;

        /*
         *      Always < 4096 (due to radius limit), 0 by default = 2048
         */
        uint32_t        fragment_size;
        bool            check_crl;
        bool            allow_expired_crl;
        char const      *check_cert_cn;
        char const      *cipher_list;
        char const      *check_cert_issuer;

        bool            session_cache_enable;
        uint32_t        session_timeout;
        uint32_t        session_cache_size;
        char const      *session_id_name;
        char const      *session_cache_path;
        char            session_context_id[SSL_MAX_SSL_SESSION_ID_LENGTH];
        time_t          session_last_flushed;

        char const      *verify_tmp_dir;
        char const      *verify_client_cert_cmd;
        bool            require_client_cert;

#ifdef HAVE_OPENSSL_OCSP_H
        /*
         * OCSP Configuration
         */
        bool            ocsp_enable;
        bool            ocsp_override_url;
        char const      *ocsp_url;
        bool            ocsp_use_nonce;
        X509_STORE      *ocsp_store;
        uint32_t        ocsp_timeout;
        bool            ocsp_softfail;
#endif

#if OPENSSL_VERSION_NUMBER >= 0x0090800fL
#ifndef OPENSSL_NO_ECDH
        char const      *ecdh_curve;
#endif
#endif

#ifdef PSK_MAX_IDENTITY_LEN
        char const      *psk_identity;
        char const      *psk_password;
#endif

};

#ifdef __cplusplus
}
#endif

#endif  /* WITH_TLS */
#endif /* FR_TLS_H */