tlsv1_common.h - platform/external/wpa_supplicant - Git at Google

 /*
  * wpa_supplicant/hostapd: TLSv1 common definitions
  * Copyright (c) 2006, Jouni Malinen <j@w1.fi>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License version 2 as
  * published by the Free Software Foundation.
  *
  * Alternatively, this software may be distributed under the terms of BSD
  * license.
  *
  * See README and COPYING for more details.
  */

 #ifndef TLSV1_COMMON
 #define TLSV1_COMMON

 #define TLS_VERSION 0x0301 /* TLSv1 */
 #define TLS_RANDOM_LEN 32
 #define TLS_PRE_MASTER_SECRET_LEN 48
 #define TLS_MASTER_SECRET_LEN 48
 #define TLS_SESSION_ID_MAX_LEN 32
 #define TLS_VERIFY_DATA_LEN 12
 #define TLS_MAX_WRITE_MAC_SECRET_LEN 20
 #define TLS_MAX_WRITE_KEY_LEN 32
 #define TLS_MAX_IV_LEN 16
 #define TLS_MAX_KEY_BLOCK_LEN (2 * (TLS_MAX_WRITE_MAC_SECRET_LEN + \
 				    TLS_MAX_WRITE_KEY_LEN + TLS_MAX_IV_LEN))
 #define TLS_SEQ_NUM_LEN 8
 #define TLS_RECORD_HEADER_LEN 5

 /* ContentType */
 enum {
 	TLS_CONTENT_TYPE_CHANGE_CIPHER_SPEC = 20,
 	TLS_CONTENT_TYPE_ALERT = 21,
 	TLS_CONTENT_TYPE_HANDSHAKE = 22,
 	TLS_CONTENT_TYPE_APPLICATION_DATA = 23
 };

 /* HandshakeType */
 enum {
 	TLS_HANDSHAKE_TYPE_HELLO_REQUEST = 0,
 	TLS_HANDSHAKE_TYPE_CLIENT_HELLO = 1,
 	TLS_HANDSHAKE_TYPE_SERVER_HELLO = 2,
 	TLS_HANDSHAKE_TYPE_CERTIFICATE = 11,
 	TLS_HANDSHAKE_TYPE_SERVER_KEY_EXCHANGE = 12,
 	TLS_HANDSHAKE_TYPE_CERTIFICATE_REQUEST = 13,
 	TLS_HANDSHAKE_TYPE_SERVER_HELLO_DONE = 14,
 	TLS_HANDSHAKE_TYPE_CERTIFICATE_VERIFY = 15,
 	TLS_HANDSHAKE_TYPE_CLIENT_KEY_EXCHANGE = 16,
 	TLS_HANDSHAKE_TYPE_FINISHED = 20
 };

 /* CipherSuite */
 #define TLS_NULL_WITH_NULL_NULL			0x0000 /* RFC 2246 */
 #define TLS_RSA_WITH_NULL_MD5			0x0001 /* RFC 2246 */
 #define TLS_RSA_WITH_NULL_SHA			0x0002 /* RFC 2246 */
 #define TLS_RSA_EXPORT_WITH_RC4_40_MD5		0x0003 /* RFC 2246 */
 #define TLS_RSA_WITH_RC4_128_MD5		0x0004 /* RFC 2246 */
 #define TLS_RSA_WITH_RC4_128_SHA		0x0005 /* RFC 2246 */
 #define TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5	0x0006 /* RFC 2246 */
 #define TLS_RSA_WITH_IDEA_CBC_SHA		0x0007 /* RFC 2246 */
 #define TLS_RSA_EXPORT_WITH_DES40_CBC_SHA	0x0008 /* RFC 2246 */
 #define TLS_RSA_WITH_DES_CBC_SHA		0x0009 /* RFC 2246 */
 #define TLS_RSA_WITH_3DES_EDE_CBC_SHA		0x000A /* RFC 2246 */
 #define TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA	0x000B /* RFC 2246 */
 #define TLS_DH_DSS_WITH_DES_CBC_SHA		0x000C /* RFC 2246 */
 #define TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA	0x000D /* RFC 2246 */
 #define TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA	0x000E /* RFC 2246 */
 #define TLS_DH_RSA_WITH_DES_CBC_SHA		0x000F /* RFC 2246 */
 #define TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA	0x0010 /* RFC 2246 */
 #define TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA	0x0011 /* RFC 2246 */
 #define TLS_DHE_DSS_WITH_DES_CBC_SHA		0x0012 /* RFC 2246 */
 #define TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA	0x0013 /* RFC 2246 */
 #define TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA	0x0014 /* RFC 2246 */
 #define TLS_DHE_RSA_WITH_DES_CBC_SHA		0x0015 /* RFC 2246 */
 #define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA	0x0016 /* RFC 2246 */
 #define TLS_DH_anon_EXPORT_WITH_RC4_40_MD5	0x0017 /* RFC 2246 */
 #define TLS_DH_anon_WITH_RC4_128_MD5		0x0018 /* RFC 2246 */
 #define TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA	0x0019 /* RFC 2246 */
 #define TLS_DH_anon_WITH_DES_CBC_SHA		0x001A /* RFC 2246 */
 #define TLS_DH_anon_WITH_3DES_EDE_CBC_SHA	0x001B /* RFC 2246 */
 #define TLS_RSA_WITH_AES_128_CBC_SHA		0x002F /* RFC 3268 */
 #define TLS_DH_DSS_WITH_AES_128_CBC_SHA		0x0030 /* RFC 3268 */
 #define TLS_DH_RSA_WITH_AES_128_CBC_SHA		0x0031 /* RFC 3268 */
 #define TLS_DHE_DSS_WITH_AES_128_CBC_SHA	0x0032 /* RFC 3268 */
 #define TLS_DHE_RSA_WITH_AES_128_CBC_SHA	0x0033 /* RFC 3268 */
 #define TLS_DH_anon_WITH_AES_128_CBC_SHA	0x0034 /* RFC 3268 */
 #define TLS_RSA_WITH_AES_256_CBC_SHA		0x0035 /* RFC 3268 */
 #define TLS_DH_DSS_WITH_AES_256_CBC_SHA		0x0036 /* RFC 3268 */
 #define TLS_DH_RSA_WITH_AES_256_CBC_SHA		0x0037 /* RFC 3268 */
 #define TLS_DHE_DSS_WITH_AES_256_CBC_SHA	0x0038 /* RFC 3268 */
 #define TLS_DHE_RSA_WITH_AES_256_CBC_SHA	0x0039 /* RFC 3268 */
 #define TLS_DH_anon_WITH_AES_256_CBC_SHA	0x003A /* RFC 3268 */

 /* CompressionMethod */
 #define TLS_COMPRESSION_NULL 0

 /* AlertLevel */
 #define TLS_ALERT_LEVEL_WARNING 1
 #define TLS_ALERT_LEVEL_FATAL 2

 /* AlertDescription */
 #define TLS_ALERT_CLOSE_NOTIFY			0
 #define TLS_ALERT_UNEXPECTED_MESSAGE		10
 #define TLS_ALERT_BAD_RECORD_MAC		20
 #define TLS_ALERT_DECRYPTION_FAILED		21
 #define TLS_ALERT_RECORD_OVERFLOW		22
 #define TLS_ALERT_DECOMPRESSION_FAILURE		30
 #define TLS_ALERT_HANDSHAKE_FAILURE		40
 #define TLS_ALERT_BAD_CERTIFICATE		42
 #define TLS_ALERT_UNSUPPORTED_CERTIFICATE	43
 #define TLS_ALERT_CERTIFICATE_REVOKED		44
 #define TLS_ALERT_CERTIFICATE_EXPIRED		45
 #define TLS_ALERT_CERTIFICATE_UNKNOWN		46
 #define TLS_ALERT_ILLEGAL_PARAMETER		47
 #define TLS_ALERT_UNKNOWN_CA			48
 #define TLS_ALERT_ACCESS_DENIED			49
 #define TLS_ALERT_DECODE_ERROR			50
 #define TLS_ALERT_DECRYPT_ERROR			51
 #define TLS_ALERT_EXPORT_RESTRICTION		60
 #define TLS_ALERT_PROTOCOL_VERSION		70
 #define TLS_ALERT_INSUFFICIENT_SECURITY		71
 #define TLS_ALERT_INTERNAL_ERROR		80
 #define TLS_ALERT_USER_CANCELED			90
 #define TLS_ALERT_NO_RENEGOTIATION		100

 /* ChangeCipherSpec */
 enum {
 	TLS_CHANGE_CIPHER_SPEC = 1
 };

 /* TLS Extensions */
 #define TLS_EXT_PAC_OPAQUE 35


 typedef enum {
 	TLS_KEY_X_NULL,
 	TLS_KEY_X_RSA,
 	TLS_KEY_X_RSA_EXPORT,
 	TLS_KEY_X_DH_DSS_EXPORT,
 	TLS_KEY_X_DH_DSS,
 	TLS_KEY_X_DH_RSA_EXPORT,
 	TLS_KEY_X_DH_RSA,
 	TLS_KEY_X_DHE_DSS_EXPORT,
 	TLS_KEY_X_DHE_DSS,
 	TLS_KEY_X_DHE_RSA_EXPORT,
 	TLS_KEY_X_DHE_RSA,
 	TLS_KEY_X_DH_anon_EXPORT,
 	TLS_KEY_X_DH_anon
 } tls_key_exchange;

 typedef enum {
 	TLS_CIPHER_NULL,
 	TLS_CIPHER_RC4_40,
 	TLS_CIPHER_RC4_128,
 	TLS_CIPHER_RC2_CBC_40,
 	TLS_CIPHER_IDEA_CBC,
 	TLS_CIPHER_DES40_CBC,
 	TLS_CIPHER_DES_CBC,
 	TLS_CIPHER_3DES_EDE_CBC,
 	TLS_CIPHER_AES_128_CBC,
 	TLS_CIPHER_AES_256_CBC
 } tls_cipher;

 typedef enum {
 	TLS_HASH_NULL,
 	TLS_HASH_MD5,
 	TLS_HASH_SHA
 } tls_hash;

 struct tls_cipher_suite {
 	u16 suite;
 	tls_key_exchange key_exchange;
 	tls_cipher cipher;
 	tls_hash hash;
 };

 typedef enum {
 	TLS_CIPHER_STREAM,
 	TLS_CIPHER_BLOCK
 } tls_cipher_type;

 struct tls_cipher_data {
 	tls_cipher cipher;
 	tls_cipher_type type;
 	size_t key_material;
 	size_t expanded_key_material;
 	size_t block_size; /* also iv_size */
 	enum crypto_cipher_alg alg;
 };


 struct tlsv1_record_layer {
 	u8 write_mac_secret[TLS_MAX_WRITE_MAC_SECRET_LEN];
 	u8 read_mac_secret[TLS_MAX_WRITE_MAC_SECRET_LEN];
 	u8 write_key[TLS_MAX_WRITE_KEY_LEN];
 	u8 read_key[TLS_MAX_WRITE_KEY_LEN];
 	u8 write_iv[TLS_MAX_IV_LEN];
 	u8 read_iv[TLS_MAX_IV_LEN];

 	size_t hash_size;
 	size_t key_material_len;
 	size_t iv_size; /* also block_size */

 	enum crypto_hash_alg hash_alg;
 	enum crypto_cipher_alg cipher_alg;

 	u8 write_seq_num[TLS_SEQ_NUM_LEN];
 	u8 read_seq_num[TLS_SEQ_NUM_LEN];

 	u16 cipher_suite;
 	u16 write_cipher_suite;
 	u16 read_cipher_suite;

 	struct crypto_cipher *write_cbc;
 	struct crypto_cipher *read_cbc;
 };


 const struct tls_cipher_suite * tls_get_cipher_suite(u16 suite);
 int tls_parse_cert(const u8 *buf, size_t len, struct crypto_public_key **pk);
 int tlsv1_record_set_cipher_suite(struct tlsv1_record_layer *rl,
 				  u16 cipher_suite);
 int tlsv1_record_change_write_cipher(struct tlsv1_record_layer *rl);
 int tlsv1_record_change_read_cipher(struct tlsv1_record_layer *rl);
 int tlsv1_record_send(struct tlsv1_record_layer *rl, u8 content_type, u8 *buf,
 		      size_t buf_size, size_t payload_len, size_t *out_len);
 int tlsv1_record_receive(struct tlsv1_record_layer *rl,
 			 const u8 *in_data, size_t in_len,
 			 u8 *out_data, size_t *out_len, u8 *alert);

 #endif /* TLSV1_COMMON_H */
	/*
	* wpa_supplicant/hostapd: TLSv1 common definitions
	* Copyright (c) 2006, Jouni Malinen <j@w1.fi>
	*
	* This program is free software; you can redistribute it and/or modify
	* it under the terms of the GNU General Public License version 2 as
	* published by the Free Software Foundation.
	*
	* Alternatively, this software may be distributed under the terms of BSD
	* license.
	*
	* See README and COPYING for more details.
	*/

	#ifndef TLSV1_COMMON
	#define TLSV1_COMMON

	#define TLS_VERSION 0x0301 /* TLSv1 */
	#define TLS_RANDOM_LEN 32
	#define TLS_PRE_MASTER_SECRET_LEN 48
	#define TLS_MASTER_SECRET_LEN 48
	#define TLS_SESSION_ID_MAX_LEN 32
	#define TLS_VERIFY_DATA_LEN 12
	#define TLS_MAX_WRITE_MAC_SECRET_LEN 20
	#define TLS_MAX_WRITE_KEY_LEN 32
	#define TLS_MAX_IV_LEN 16
	#define TLS_MAX_KEY_BLOCK_LEN (2 * (TLS_MAX_WRITE_MAC_SECRET_LEN + \
	TLS_MAX_WRITE_KEY_LEN + TLS_MAX_IV_LEN))
	#define TLS_SEQ_NUM_LEN 8
	#define TLS_RECORD_HEADER_LEN 5

	/* ContentType */
	enum {
	TLS_CONTENT_TYPE_CHANGE_CIPHER_SPEC = 20,
	TLS_CONTENT_TYPE_ALERT = 21,
	TLS_CONTENT_TYPE_HANDSHAKE = 22,
	TLS_CONTENT_TYPE_APPLICATION_DATA = 23
	};

	/* HandshakeType */
	enum {
	TLS_HANDSHAKE_TYPE_HELLO_REQUEST = 0,
	TLS_HANDSHAKE_TYPE_CLIENT_HELLO = 1,
	TLS_HANDSHAKE_TYPE_SERVER_HELLO = 2,
	TLS_HANDSHAKE_TYPE_CERTIFICATE = 11,
	TLS_HANDSHAKE_TYPE_SERVER_KEY_EXCHANGE = 12,
	TLS_HANDSHAKE_TYPE_CERTIFICATE_REQUEST = 13,
	TLS_HANDSHAKE_TYPE_SERVER_HELLO_DONE = 14,
	TLS_HANDSHAKE_TYPE_CERTIFICATE_VERIFY = 15,
	TLS_HANDSHAKE_TYPE_CLIENT_KEY_EXCHANGE = 16,
	TLS_HANDSHAKE_TYPE_FINISHED = 20
	};

	/* CipherSuite */
	#define TLS_NULL_WITH_NULL_NULL 0x0000 /* RFC 2246 */
	#define TLS_RSA_WITH_NULL_MD5 0x0001 /* RFC 2246 */
	#define TLS_RSA_WITH_NULL_SHA 0x0002 /* RFC 2246 */
	#define TLS_RSA_EXPORT_WITH_RC4_40_MD5 0x0003 /* RFC 2246 */
	#define TLS_RSA_WITH_RC4_128_MD5 0x0004 /* RFC 2246 */
	#define TLS_RSA_WITH_RC4_128_SHA 0x0005 /* RFC 2246 */
	#define TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 0x0006 /* RFC 2246 */
	#define TLS_RSA_WITH_IDEA_CBC_SHA 0x0007 /* RFC 2246 */
	#define TLS_RSA_EXPORT_WITH_DES40_CBC_SHA 0x0008 /* RFC 2246 */
	#define TLS_RSA_WITH_DES_CBC_SHA 0x0009 /* RFC 2246 */
	#define TLS_RSA_WITH_3DES_EDE_CBC_SHA 0x000A /* RFC 2246 */
	#define TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA 0x000B /* RFC 2246 */
	#define TLS_DH_DSS_WITH_DES_CBC_SHA 0x000C /* RFC 2246 */
	#define TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA 0x000D /* RFC 2246 */
	#define TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA 0x000E /* RFC 2246 */
	#define TLS_DH_RSA_WITH_DES_CBC_SHA 0x000F /* RFC 2246 */
	#define TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA 0x0010 /* RFC 2246 */
	#define TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA 0x0011 /* RFC 2246 */
	#define TLS_DHE_DSS_WITH_DES_CBC_SHA 0x0012 /* RFC 2246 */
	#define TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA 0x0013 /* RFC 2246 */
	#define TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA 0x0014 /* RFC 2246 */
	#define TLS_DHE_RSA_WITH_DES_CBC_SHA 0x0015 /* RFC 2246 */
	#define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 0x0016 /* RFC 2246 */
	#define TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 0x0017 /* RFC 2246 */
	#define TLS_DH_anon_WITH_RC4_128_MD5 0x0018 /* RFC 2246 */
	#define TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA 0x0019 /* RFC 2246 */
	#define TLS_DH_anon_WITH_DES_CBC_SHA 0x001A /* RFC 2246 */
	#define TLS_DH_anon_WITH_3DES_EDE_CBC_SHA 0x001B /* RFC 2246 */
	#define TLS_RSA_WITH_AES_128_CBC_SHA 0x002F /* RFC 3268 */
	#define TLS_DH_DSS_WITH_AES_128_CBC_SHA 0x0030 /* RFC 3268 */
	#define TLS_DH_RSA_WITH_AES_128_CBC_SHA 0x0031 /* RFC 3268 */
	#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA 0x0032 /* RFC 3268 */
	#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA 0x0033 /* RFC 3268 */
	#define TLS_DH_anon_WITH_AES_128_CBC_SHA 0x0034 /* RFC 3268 */
	#define TLS_RSA_WITH_AES_256_CBC_SHA 0x0035 /* RFC 3268 */
	#define TLS_DH_DSS_WITH_AES_256_CBC_SHA 0x0036 /* RFC 3268 */
	#define TLS_DH_RSA_WITH_AES_256_CBC_SHA 0x0037 /* RFC 3268 */
	#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA 0x0038 /* RFC 3268 */
	#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA 0x0039 /* RFC 3268 */
	#define TLS_DH_anon_WITH_AES_256_CBC_SHA 0x003A /* RFC 3268 */

	/* CompressionMethod */
	#define TLS_COMPRESSION_NULL 0

	/* AlertLevel */
	#define TLS_ALERT_LEVEL_WARNING 1
	#define TLS_ALERT_LEVEL_FATAL 2

	/* AlertDescription */
	#define TLS_ALERT_CLOSE_NOTIFY 0
	#define TLS_ALERT_UNEXPECTED_MESSAGE 10
	#define TLS_ALERT_BAD_RECORD_MAC 20
	#define TLS_ALERT_DECRYPTION_FAILED 21
	#define TLS_ALERT_RECORD_OVERFLOW 22
	#define TLS_ALERT_DECOMPRESSION_FAILURE 30
	#define TLS_ALERT_HANDSHAKE_FAILURE 40
	#define TLS_ALERT_BAD_CERTIFICATE 42
	#define TLS_ALERT_UNSUPPORTED_CERTIFICATE 43
	#define TLS_ALERT_CERTIFICATE_REVOKED 44
	#define TLS_ALERT_CERTIFICATE_EXPIRED 45
	#define TLS_ALERT_CERTIFICATE_UNKNOWN 46
	#define TLS_ALERT_ILLEGAL_PARAMETER 47
	#define TLS_ALERT_UNKNOWN_CA 48
	#define TLS_ALERT_ACCESS_DENIED 49
	#define TLS_ALERT_DECODE_ERROR 50
	#define TLS_ALERT_DECRYPT_ERROR 51
	#define TLS_ALERT_EXPORT_RESTRICTION 60
	#define TLS_ALERT_PROTOCOL_VERSION 70
	#define TLS_ALERT_INSUFFICIENT_SECURITY 71
	#define TLS_ALERT_INTERNAL_ERROR 80
	#define TLS_ALERT_USER_CANCELED 90
	#define TLS_ALERT_NO_RENEGOTIATION 100

	/* ChangeCipherSpec */
	enum {
	TLS_CHANGE_CIPHER_SPEC = 1
	};

	/* TLS Extensions */
	#define TLS_EXT_PAC_OPAQUE 35


	typedef enum {
	TLS_KEY_X_NULL,
	TLS_KEY_X_RSA,
	TLS_KEY_X_RSA_EXPORT,
	TLS_KEY_X_DH_DSS_EXPORT,
	TLS_KEY_X_DH_DSS,
	TLS_KEY_X_DH_RSA_EXPORT,
	TLS_KEY_X_DH_RSA,
	TLS_KEY_X_DHE_DSS_EXPORT,
	TLS_KEY_X_DHE_DSS,
	TLS_KEY_X_DHE_RSA_EXPORT,
	TLS_KEY_X_DHE_RSA,
	TLS_KEY_X_DH_anon_EXPORT,
	TLS_KEY_X_DH_anon
	} tls_key_exchange;

	typedef enum {
	TLS_CIPHER_NULL,
	TLS_CIPHER_RC4_40,
	TLS_CIPHER_RC4_128,
	TLS_CIPHER_RC2_CBC_40,
	TLS_CIPHER_IDEA_CBC,
	TLS_CIPHER_DES40_CBC,
	TLS_CIPHER_DES_CBC,
	TLS_CIPHER_3DES_EDE_CBC,
	TLS_CIPHER_AES_128_CBC,
	TLS_CIPHER_AES_256_CBC
	} tls_cipher;

	typedef enum {
	TLS_HASH_NULL,
	TLS_HASH_MD5,
	TLS_HASH_SHA
	} tls_hash;

	struct tls_cipher_suite {
	u16 suite;
	tls_key_exchange key_exchange;
	tls_cipher cipher;
	tls_hash hash;
	};

	typedef enum {
	TLS_CIPHER_STREAM,
	TLS_CIPHER_BLOCK
	} tls_cipher_type;

	struct tls_cipher_data {
	tls_cipher cipher;
	tls_cipher_type type;
	size_t key_material;
	size_t expanded_key_material;
	size_t block_size; /* also iv_size */
	enum crypto_cipher_alg alg;
	};


	struct tlsv1_record_layer {
	u8 write_mac_secret[TLS_MAX_WRITE_MAC_SECRET_LEN];
	u8 read_mac_secret[TLS_MAX_WRITE_MAC_SECRET_LEN];
	u8 write_key[TLS_MAX_WRITE_KEY_LEN];
	u8 read_key[TLS_MAX_WRITE_KEY_LEN];
	u8 write_iv[TLS_MAX_IV_LEN];
	u8 read_iv[TLS_MAX_IV_LEN];

	size_t hash_size;
	size_t key_material_len;
	size_t iv_size; /* also block_size */

	enum crypto_hash_alg hash_alg;
	enum crypto_cipher_alg cipher_alg;

	u8 write_seq_num[TLS_SEQ_NUM_LEN];
	u8 read_seq_num[TLS_SEQ_NUM_LEN];

	u16 cipher_suite;
	u16 write_cipher_suite;
	u16 read_cipher_suite;

	struct crypto_cipher *write_cbc;
	struct crypto_cipher *read_cbc;
	};


	const struct tls_cipher_suite * tls_get_cipher_suite(u16 suite);
	int tls_parse_cert(const u8 buf, size_t len, struct crypto_public_key *pk);
	int tlsv1_record_set_cipher_suite(struct tlsv1_record_layer *rl,
	u16 cipher_suite);
	int tlsv1_record_change_write_cipher(struct tlsv1_record_layer *rl);
	int tlsv1_record_change_read_cipher(struct tlsv1_record_layer *rl);
	int tlsv1_record_send(struct tlsv1_record_layer rl, u8 content_type, u8 buf,
	size_t buf_size, size_t payload_len, size_t *out_len);
	int tlsv1_record_receive(struct tlsv1_record_layer *rl,
	const u8 *in_data, size_t in_len,
	u8 out_data, size_t out_len, u8 *alert);

	#endif /* TLSV1_COMMON_H */