summaryrefslogtreecommitdiff
path: root/doc/cha-internals.texi
blob: 998177884f9b3aa8fb825b62ac22960e77256019 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
@node Internal architecture of GnuTLS
@chapter Internal Architecture of GnuTLS
@cindex Internal architecture

This chapter is to give a brief description of the
way @acronym{GnuTLS} works. The focus is to give an idea
to potential developers and those who want to know what
happens inside the black box.

@menu
* The TLS Protocol::
* TLS Handshake Protocol::
* TLS Authentication Methods::
* TLS Extension Handling::
* Certificate Handling::
* Cryptographic Backend::
@end menu

@node The TLS Protocol
@section The TLS Protocol
The main needs for the TLS protocol to be used are
shown in the image below.

@image{gnutls-client-server-use-case,9cm}

This is being accomplished by the following object diagram.
Note that since @acronym{GnuTLS} is being developed in C
object are just structures with attributes. The operations listed
are functions that require the first parameter to be that object.
@image{gnutls-objects,15cm}

@node TLS Handshake Protocol
@section TLS Handshake Protocol
The @acronym{GnuTLS} handshake protocol is implemented as a state
machine that waits for input or returns immediately when the non-blocking
transport layer functions are used. The main idea is shown in the following
figure.

@image{gnutls-handshake-state,9cm}

Also the way the input is processed varies per ciphersuite. Several 
implementations of the internal handlers are available and 
@ref{gnutls_handshake} only multiplexes the input to the appropriate 
handler. For example a @acronym{PSK} ciphersuite has a different 
implementation of the @code{process_client_key_exchange} than a
certificate ciphersuite.

@image{gnutls-handshake-sequence,12cm}

@node TLS Authentication Methods
@section TLS Authentication Methods
In @acronym{GnuTLS} authentication methods can be implemented quite
easily.  Since the required changes to add a new authentication method
affect only the handshake protocol, a simple interface is used. An
authentication method needs only to implement the functions as seen in
the figure below.

@image{gnutls-mod_auth_st,12cm}

The functions that need to be implemented are the ones responsible for
interpreting the handshake protocol messages. It is common for such
functions to read data from one or more @code{credentials_t}
structures@footnote{such as the
@code{gnutls_certificate_credentials_t} structures} and write data,
such as certificates, usernames etc. to @code{auth_info_t} structures.

Simple examples of existing authentication methods can be seen in
@code{auth_psk.c} for PSK ciphersuites and @code{auth_srp.c} for SRP
ciphersuites. After implementing these functions the structure holding
its pointers has to be registered in @code{gnutls_algorithms.c} in the
@code{_gnutls_kx_algorithms} structure.

@node TLS Extension Handling
@section TLS Extension Handling
As with authentication methods, the TLS extensions handlers can be
implemented using the following interface.

@image{gnutls-extensions_st,12cm}

Here there are two functions, one for receiving the extension data
and one for sending. These functions have to check internally whether
they operate in client or server side. 

A simple example of an extension handler can be seen in
@code{ext_srp.c} After implementing these functions, together with the
extension number they handle, they have to be registered in
@code{gnutls_extensions.c} in the @code{_gnutls_extensions} structure.

@subsection Adding a New TLS Extension

Adding support for a new TLS extension is done from time to time, and
the process to do so is not difficult.  Here are the steps you need to
follow if you wish to do this yourself.  For sake of discussion, let's
consider adding support for the hypothetical TLS extension
@code{foobar}.

@enumerate

@item Add @code{configure} option like @code{--enable-foobar} or @code{--disable-foobar}.

This step is useful when the extension code is large and it might be desirable
to disable the extension under some circumstances. Otherwise it can be safely
skipped.

Whether to chose enable or disable depends on whether you intend to make the extension be
enabled by default.  Look at existing checks (i.e., SRP, authz) for
how to model the code.  For example:

@example
AC_MSG_CHECKING([whether to disable foobar support])
AC_ARG_ENABLE(foobar,
	AS_HELP_STRING([--disable-foobar],
		[disable foobar support]),
	ac_enable_foobar=no)
if test x$ac_enable_foobar != xno; then
 AC_MSG_RESULT(no)
 AC_DEFINE(ENABLE_FOOBAR, 1, [enable foobar])
else
 ac_full=0
 AC_MSG_RESULT(yes)
fi
AM_CONDITIONAL(ENABLE_FOOBAR, test "$ac_enable_foobar" != "no")
@end example

These lines should go in @code{lib/m4/hooks.m4}.

@item Add IANA extension value to @code{extensions_t} in @code{gnutls_int.h}.

A good name for the value would be GNUTLS_EXTENSION_FOOBAR.  Check
with @url{http://www.iana.org/assignments/tls-extensiontype-values}
for allocated values.  For experiments, you could pick a number but
remember that some consider it a bad idea to deploy such modified
version since it will lead to interoperability problems in the future
when the IANA allocates that number to someone else, or when the
foobar protocol is allocated another number.

@item Add an entry to @code{_gnutls_extensions} in @code{gnutls_extensions.c}.

A typical entry would be:

@example
  int ret;

  /* ...
   */

#if ENABLE_FOOBAR

  ret = _gnutls_ext_register (&foobar_ext);
  if (ret != GNUTLS_E_SUCCESS)
    return ret;
#endif
@end example

Most likely you'll need to add an @code{#include "ext_foobar.h"}, that
will contain something like
like:
@example
  extension_entry_st foobar_ext = @{
    .name = "FOOBAR",
    .type = GNUTLS_EXTENSION_FOOBAR,
    .parse_type = GNUTLS_EXT_TLS,
    .recv_func = _foobar_recv_params,
    .send_func = _foobar_send_params,
    .pack_func = _foobar_pack,
    .unpack_func = _foobar_unpack,
    .deinit_func = NULL
  @}
@end example

The GNUTLS_EXTENSION_FOOBAR is the integer value you added to
@code{gnutls_int.h} earlier.  In this structure you specify the
functions to read the extension from the hello message, the function
to send the reply to, and two more functions to pack and unpack from
stored session data (e.g. when resumming a session). The @code{deinit} function
will be called to deinitialize the extension's private parameters, if any.

Note that the conditional @code{ENABLE_FOOBAR} definition should only be 
used if step 1 with the @code{configure} options has taken place.

@item Add new files @code{ext_foobar.c} and @code{ext_foobar.h} that implement the extension.

The functions you are responsible to add are those mentioned in the
previous step.  As a starter, you could add this:

@example
int
_foobar_recv_params (gnutls_session_t session,
                            const opaque * data,
                            size_t data_size)
@{
  return 0;
@}

int
_foobar_send_params (gnutls_session_t session,
                            gnutls_buffer_st* data)
@{
  return 0;
@}

int
_foobar_pack (extension_priv_data_t epriv, gnutls_buffer_st * ps)
@{
   /* Append the extension's internal state to buffer */
   return 0;
@}

int
_foobar_unpack (gnutls_buffer_st * ps, extension_priv_data_t * epriv)
@{
   /* Read the internal state from buffer */
   return 0;
@}
@end example

The @code{_foobar_recv_params} function is responsible for
parsing incoming extension data (both in the client and server).

The @code{_foobar_send_params} function is responsible for
sending extension data (both in the client and server).

The @code{_foobar_pack} function is responsible for packing
internal extension data to save them in the session storage.

The @code{_foobar_unpack} function is responsible for
restoring session data from the session storage.

If you receive length fields that doesn't match, return
@code{GNUTLS_E_UNEXPECTED_PACKET_LENGTH}.  If you receive invalid
data, return @code{GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER}.  You can use
other error codes too.  Return 0 on success.

The function could store some information in the @code{session}
variable for later usage. That can be done using the functions 
@code{_gnutls_ext_set_session_data} and
@code{_gnutls_ext_get_session_data}. You can check simple examples
at @code{ext_max_record.c} and @code{ext_server_name.c} extensions.

Recall that both the client and server both send and receives
parameters, and your code most likely will need to do different things
depending on which mode it is in.  It may be useful to make this
distinction explicit in the code.  Thus, for example, a better
template than above would be:

@example
int
_gnutls_foobar_recv_params (gnutls_session_t session,
                            const opaque * data,
                            size_t data_size)
@{
  if (session->security_parameters.entity == GNUTLS_CLIENT)
    return foobar_recv_client (session, data, data_size);
  else
    return foobar_recv_server (session, data, data_size);
@}

int
_gnutls_foobar_send_params (gnutls_session_t session,
                            gnutls_buffer_st * data)
@{
  if (session->security_parameters.entity == GNUTLS_CLIENT)
    return foobar_send_client (session, data);
  else
    return foobar_send_server (session, data);
@}
@end example

The functions used would be declared as @code{static} functions, of
the appropriate prototype, in the same file.

When adding the files, you'll need to add them to @code{Makefile.am}
as well, for example:

@example
if ENABLE_FOOBAR
COBJECTS += ext_foobar.c
HFILES += ext_foobar.h
endif
@end example

@item Add API functions to enable/disable the extension.

Normally the client will have one API to request use of the extension,
and setting some extension specific data.  The server will have one
API to let the library know that it is willing to accept the
extension, often this is implemented through a callback but it doesn't
have to.

The APIs need to be added to @code{includes/gnutls/gnutls.h} or
@code{includes/gnutls/extra.h} as appropriate.  It is recommended that
if you don't have a requirement to use the LGPLv2.1+ license for your
extension, that you place your work under the GPLv3+ license and thus
in the libgnutls-extra library.

You can implement the API function in the @code{ext_foobar.c} file, or
if that file ends up becoming rather larger, add a
@code{gnutls_foobar.c} file.

To make the API available in the shared library you need to add the
symbol in @code{lib/libgnutls.map} or
@code{libextra/libgnutls-extra.map} as appropriate, so that the symbol
is exported properly.

When writing GTK-DOC style documentation for your new APIs, don't
forget to add @code{Since:} tags to indicate the GnuTLS version the
API was introduced in.

@end enumerate

@node Certificate Handling
@section Certificate Handling
What is provided by the certificate handling functions
is summarized in the following diagram.

@image{gnutls-certificate-user-use-case,12cm}

@node Cryptographic Backend
@section Cryptographic Backend
Today most new processors, either for embedded or desktop systems
include either instructions  intended to speed up cryptographic operations,
or a co-processor with cryptographic capabilities. Taking advantage of 
those is a challenging task for every cryptographic  application or 
library. Unfortunately the cryptographic libraries that GnuTLS is based 
on take no advantage of these properties. For this reason GnuTLS handles 
this internally by following a layered approach to accessing
cryptographic operations as in the following figure. 

@image{gnutls-crypto-layers,12cm}

The TLS layer uses a cryptographic provider layer, that will in turn either 
use the default crypto provider - a crypto library, or use an external
crypto provider, if available.

@subsection Cryptographic Library layer
The Cryptographic Library layer, can  currently be used either with
libgcrypt or libnettle, each of one has its advantages and some 
disadvantages. Libgcrypt is a self-contained library, pretty broad 
in scope that supports many algorithms. In some processors like VIA, 
it will also use the available crypto instruction set hence providing
performance benefit comparing to plain software implementation.
Libnettle provides only software implementation
of the basic algorithms required in TLS, and is on average 30% faster
that libgcrypt on almost all algorithms. For
this reason libnettle is library used by default in GnuTLS.

@subsection External cryptography provider
Systems that include a cryptographic co-processor, typically come with
kernel drivers to utilize the operations from software. For this reason 
GnuTLS provides a layer where each individual algorithm used can be replaced
by another implementation, i.e. the one provided by the driver. The
FreeBSD, OpenBSD and Linux kernels@footnote{Check @url{http://home.gna.org/cryptodev-linux/} 
for the Linux kernel implementation of @code{/dev/crypto}.} include already 
a number of hardware assisted implementations, and also provide an interface 
to access them, called @code{/dev/crypto}.
GnuTLS will take advantage of this interface if compiled with special
options. That is because in most systems where hardware-assisted 
cryptographic operations are not available, using this interface might 
actually reduce performance.

In systems that include cryptographic instructions with the CPU's
instructions set, using the kernel interface will introduce an
unneeded layer. For this reason GnuTLS includes such optimizations
found in popular processors such as the AES-NI instruction set.
This is achieved using a mechanism that
overrides parts of crypto backend at runtime, once the cryptographic
instructions are detected.

The next section discusses the runtime possibility. The API
available for this functionality is in @code{gnutls/crypto.h} header
file.

@subsubsection Override specific algorithms
When an optimized implementation of a single algorithm is available,
say a hardware assisted version of @acronym{AES-CBC} then the
following functions can be used to register those algorithms.

@itemize

@item @ref{gnutls_crypto_single_cipher_register2}
To register a cipher algorithm.

@ref{gnutls_crypto_single_digest_register2}
To register a hash (digest) or MAC algorithm.

@end itemize

Those registration functions will only replace the specified algorithm
and leave the rest of subsystem intact.

@subsubsection Override parts of the backend
In some systems, such as embedded ones, it might be desirable to
override big parts of the cryptographic backend, or even all of
them. For this reason the following functions are provided.

@itemize

@item @ref{gnutls_crypto_cipher_register2}
To override the cryptographic algorithms backend.

@item @ref{gnutls_crypto_digest_register2}
To override the digest algorithms backend.

@item @ref{gnutls_crypto_rnd_register2}
To override the random number generator backend.

@item @ref{gnutls_crypto_bigint_register2}
To override the big number number operations backend.

@item @ref{gnutls_crypto_pk_register2}
To override the public key encryption backend. This is tight to the
big number operations so either both of them should be updated or care
must be taken to use the same format.

@end itemize

If all of them are used then GnuTLS will no longer use libgcrypt.