00001
00027 #ifndef POLARSSL_SSL_H
00028 #define POLARSSL_SSL_H
00029
00030 #include "config.h"
00031 #include "net.h"
00032 #include "bignum.h"
00033
00034 #include "ssl_ciphersuites.h"
00035
00036 #if defined(POLARSSL_MD5_C)
00037 #include "md5.h"
00038 #endif
00039
00040 #if defined(POLARSSL_SHA1_C)
00041 #include "sha1.h"
00042 #endif
00043
00044 #if defined(POLARSSL_SHA256_C)
00045 #include "sha256.h"
00046 #endif
00047
00048 #if defined(POLARSSL_SHA512_C)
00049 #include "sha512.h"
00050 #endif
00051
00052
00053 #if defined(POLARSSL_AES_C)
00054 #include "aes.h"
00055 #endif
00056
00057 #if defined(POLARSSL_X509_CRT_PARSE_C)
00058 #include "x509_crt.h"
00059 #include "x509_crl.h"
00060 #endif
00061
00062 #if defined(POLARSSL_DHM_C)
00063 #include "dhm.h"
00064 #endif
00065
00066 #if defined(POLARSSL_ECDH_C)
00067 #include "ecdh.h"
00068 #endif
00069
00070 #if defined(POLARSSL_ZLIB_SUPPORT)
00071 #include "zlib.h"
00072 #endif
00073
00074 #if defined(POLARSSL_HAVE_TIME)
00075 #include <time.h>
00076 #endif
00077
00078
00079 #if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) || \
00080 defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
00081 defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
00082 defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
00083 #define POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED
00084 #endif
00085
00086 #if defined(_MSC_VER) && !defined(inline)
00087 #define inline _inline
00088 #else
00089 #if defined(__ARMCC_VERSION) && !defined(inline)
00090 #define inline __inline
00091 #endif
00092 #endif
00093
00094
00095
00096
00097 #define POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE -0x7080
00098 #define POLARSSL_ERR_SSL_BAD_INPUT_DATA -0x7100
00099 #define POLARSSL_ERR_SSL_INVALID_MAC -0x7180
00100 #define POLARSSL_ERR_SSL_INVALID_RECORD -0x7200
00101 #define POLARSSL_ERR_SSL_CONN_EOF -0x7280
00102 #define POLARSSL_ERR_SSL_UNKNOWN_CIPHER -0x7300
00103 #define POLARSSL_ERR_SSL_NO_CIPHER_CHOSEN -0x7380
00104 #define POLARSSL_ERR_SSL_NO_SESSION_FOUND -0x7400
00105 #define POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE -0x7480
00106 #define POLARSSL_ERR_SSL_CERTIFICATE_TOO_LARGE -0x7500
00107 #define POLARSSL_ERR_SSL_CERTIFICATE_REQUIRED -0x7580
00108 #define POLARSSL_ERR_SSL_PRIVATE_KEY_REQUIRED -0x7600
00109 #define POLARSSL_ERR_SSL_CA_CHAIN_REQUIRED -0x7680
00110 #define POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE -0x7700
00111 #define POLARSSL_ERR_SSL_FATAL_ALERT_MESSAGE -0x7780
00112 #define POLARSSL_ERR_SSL_PEER_VERIFY_FAILED -0x7800
00113 #define POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY -0x7880
00114 #define POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO -0x7900
00115 #define POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO -0x7980
00116 #define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE -0x7A00
00117 #define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST -0x7A80
00118 #define POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE -0x7B00
00119 #define POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO_DONE -0x7B80
00120 #define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE -0x7C00
00121 #define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP -0x7C80
00122 #define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS -0x7D00
00123 #define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY -0x7D80
00124 #define POLARSSL_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC -0x7E00
00125 #define POLARSSL_ERR_SSL_BAD_HS_FINISHED -0x7E80
00126 #define POLARSSL_ERR_SSL_MALLOC_FAILED -0x7F00
00127 #define POLARSSL_ERR_SSL_HW_ACCEL_FAILED -0x7F80
00128 #define POLARSSL_ERR_SSL_HW_ACCEL_FALLTHROUGH -0x6F80
00129 #define POLARSSL_ERR_SSL_COMPRESSION_FAILED -0x6F00
00130 #define POLARSSL_ERR_SSL_BAD_HS_PROTOCOL_VERSION -0x6E80
00131 #define POLARSSL_ERR_SSL_BAD_HS_NEW_SESSION_TICKET -0x6E00
00132 #define POLARSSL_ERR_SSL_SESSION_TICKET_EXPIRED -0x6D80
00133 #define POLARSSL_ERR_SSL_PK_TYPE_MISMATCH -0x6D00
00134 #define POLARSSL_ERR_SSL_UNKNOWN_IDENTITY -0x6C80
00135 #define POLARSSL_ERR_SSL_INTERNAL_ERROR -0x6C00
00137
00138
00139
00140 #define SSL_MAJOR_VERSION_3 3
00141 #define SSL_MINOR_VERSION_0 0
00142 #define SSL_MINOR_VERSION_1 1
00143 #define SSL_MINOR_VERSION_2 2
00144 #define SSL_MINOR_VERSION_3 3
00146
00147 #define SSL_MIN_MAJOR_VERSION SSL_MAJOR_VERSION_3
00148
00149 #if defined(POLARSSL_SSL_PROTO_SSL3)
00150 #define SSL_MIN_MINOR_VERSION SSL_MINOR_VERSION_0
00151 #else
00152 #if defined(POLARSSL_SSL_PROTO_TLS1)
00153 #define SSL_MIN_MINOR_VERSION SSL_MINOR_VERSION_1
00154 #else
00155 #if defined(POLARSSL_SSL_PROTO_TLS1_1)
00156 #define SSL_MIN_MINOR_VERSION SSL_MINOR_VERSION_2
00157 #else
00158 #if defined(POLARSSL_SSL_PROTO_TLS1_2)
00159 #define SSL_MIN_MINOR_VERSION SSL_MINOR_VERSION_3
00160 #endif
00161 #endif
00162 #endif
00163 #endif
00164
00165
00166 #define SSL_MAX_MAJOR_VERSION SSL_MAJOR_VERSION_3
00167
00168 #if defined(POLARSSL_SSL_PROTO_TLS1_2)
00169 #define SSL_MAX_MINOR_VERSION SSL_MINOR_VERSION_3
00170 #else
00171 #if defined(POLARSSL_SSL_PROTO_TLS1_1)
00172 #define SSL_MAX_MINOR_VERSION SSL_MINOR_VERSION_2
00173 #else
00174 #if defined(POLARSSL_SSL_PROTO_TLS1)
00175 #define SSL_MAX_MINOR_VERSION SSL_MINOR_VERSION_1
00176 #else
00177 #if defined(POLARSSL_SSL_PROTO_SSL3)
00178 #define SSL_MAX_MINOR_VERSION SSL_MINOR_VERSION_0
00179 #endif
00180 #endif
00181 #endif
00182 #endif
00183
00184
00185
00186 #define SSL_MAX_FRAG_LEN_NONE 0
00187 #define SSL_MAX_FRAG_LEN_512 1
00188 #define SSL_MAX_FRAG_LEN_1024 2
00189 #define SSL_MAX_FRAG_LEN_2048 3
00190 #define SSL_MAX_FRAG_LEN_4096 4
00191 #define SSL_MAX_FRAG_LEN_INVALID 5
00193 #define SSL_IS_CLIENT 0
00194 #define SSL_IS_SERVER 1
00195 #define SSL_COMPRESS_NULL 0
00196 #define SSL_COMPRESS_DEFLATE 1
00197
00198 #define SSL_VERIFY_NONE 0
00199 #define SSL_VERIFY_OPTIONAL 1
00200 #define SSL_VERIFY_REQUIRED 2
00201
00202 #define SSL_INITIAL_HANDSHAKE 0
00203 #define SSL_RENEGOTIATION 1
00204 #define SSL_RENEGOTIATION_DONE 2
00205 #define SSL_RENEGOTIATION_PENDING 3
00206
00207 #define SSL_LEGACY_RENEGOTIATION 0
00208 #define SSL_SECURE_RENEGOTIATION 1
00209
00210 #define SSL_RENEGOTIATION_DISABLED 0
00211 #define SSL_RENEGOTIATION_ENABLED 1
00212
00213 #define SSL_LEGACY_NO_RENEGOTIATION 0
00214 #define SSL_LEGACY_ALLOW_RENEGOTIATION 1
00215 #define SSL_LEGACY_BREAK_HANDSHAKE 2
00216
00217 #define SSL_TRUNC_HMAC_DISABLED 0
00218 #define SSL_TRUNC_HMAC_ENABLED 1
00219 #define SSL_TRUNCATED_HMAC_LEN 10
00220
00221 #define SSL_SESSION_TICKETS_DISABLED 0
00222 #define SSL_SESSION_TICKETS_ENABLED 1
00223
00224 #if !defined(POLARSSL_CONFIG_OPTIONS)
00225 #define SSL_DEFAULT_TICKET_LIFETIME 86400
00226 #endif
00227
00228
00229
00230
00231
00232
00233
00234
00235 #if !defined(POLARSSL_CONFIG_OPTIONS)
00236 #define SSL_MAX_CONTENT_LEN 16384
00237 #endif
00238
00239
00240
00241
00242
00243
00244
00245 #if defined(POLARSSL_ZLIB_SUPPORT)
00246 #define SSL_COMPRESSION_ADD 1024
00247 #else
00248 #define SSL_COMPRESSION_ADD 0
00249 #endif
00250
00251 #define SSL_BUFFER_LEN (SSL_MAX_CONTENT_LEN + SSL_COMPRESSION_ADD + 512)
00252
00253 #define SSL_EMPTY_RENEGOTIATION_INFO 0xFF
00255
00256
00257
00258
00259 #define SSL_HASH_NONE 0
00260 #define SSL_HASH_MD5 1
00261 #define SSL_HASH_SHA1 2
00262 #define SSL_HASH_SHA224 3
00263 #define SSL_HASH_SHA256 4
00264 #define SSL_HASH_SHA384 5
00265 #define SSL_HASH_SHA512 6
00266
00267 #define SSL_SIG_ANON 0
00268 #define SSL_SIG_RSA 1
00269 #define SSL_SIG_ECDSA 3
00270
00271
00272
00273
00274
00275 #define SSL_CERT_TYPE_RSA_SIGN 1
00276 #define SSL_CERT_TYPE_ECDSA_SIGN 64
00277
00278
00279
00280
00281 #define SSL_MSG_CHANGE_CIPHER_SPEC 20
00282 #define SSL_MSG_ALERT 21
00283 #define SSL_MSG_HANDSHAKE 22
00284 #define SSL_MSG_APPLICATION_DATA 23
00285
00286 #define SSL_ALERT_LEVEL_WARNING 1
00287 #define SSL_ALERT_LEVEL_FATAL 2
00288
00289 #define SSL_ALERT_MSG_CLOSE_NOTIFY 0
00290 #define SSL_ALERT_MSG_UNEXPECTED_MESSAGE 10
00291 #define SSL_ALERT_MSG_BAD_RECORD_MAC 20
00292 #define SSL_ALERT_MSG_DECRYPTION_FAILED 21
00293 #define SSL_ALERT_MSG_RECORD_OVERFLOW 22
00294 #define SSL_ALERT_MSG_DECOMPRESSION_FAILURE 30
00295 #define SSL_ALERT_MSG_HANDSHAKE_FAILURE 40
00296 #define SSL_ALERT_MSG_NO_CERT 41
00297 #define SSL_ALERT_MSG_BAD_CERT 42
00298 #define SSL_ALERT_MSG_UNSUPPORTED_CERT 43
00299 #define SSL_ALERT_MSG_CERT_REVOKED 44
00300 #define SSL_ALERT_MSG_CERT_EXPIRED 45
00301 #define SSL_ALERT_MSG_CERT_UNKNOWN 46
00302 #define SSL_ALERT_MSG_ILLEGAL_PARAMETER 47
00303 #define SSL_ALERT_MSG_UNKNOWN_CA 48
00304 #define SSL_ALERT_MSG_ACCESS_DENIED 49
00305 #define SSL_ALERT_MSG_DECODE_ERROR 50
00306 #define SSL_ALERT_MSG_DECRYPT_ERROR 51
00307 #define SSL_ALERT_MSG_EXPORT_RESTRICTION 60
00308 #define SSL_ALERT_MSG_PROTOCOL_VERSION 70
00309 #define SSL_ALERT_MSG_INSUFFICIENT_SECURITY 71
00310 #define SSL_ALERT_MSG_INTERNAL_ERROR 80
00311 #define SSL_ALERT_MSG_USER_CANCELED 90
00312 #define SSL_ALERT_MSG_NO_RENEGOTIATION 100
00313 #define SSL_ALERT_MSG_UNSUPPORTED_EXT 110
00314 #define SSL_ALERT_MSG_UNRECOGNIZED_NAME 112
00315 #define SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY 115
00316
00317 #define SSL_HS_HELLO_REQUEST 0
00318 #define SSL_HS_CLIENT_HELLO 1
00319 #define SSL_HS_SERVER_HELLO 2
00320 #define SSL_HS_NEW_SESSION_TICKET 4
00321 #define SSL_HS_CERTIFICATE 11
00322 #define SSL_HS_SERVER_KEY_EXCHANGE 12
00323 #define SSL_HS_CERTIFICATE_REQUEST 13
00324 #define SSL_HS_SERVER_HELLO_DONE 14
00325 #define SSL_HS_CERTIFICATE_VERIFY 15
00326 #define SSL_HS_CLIENT_KEY_EXCHANGE 16
00327 #define SSL_HS_FINISHED 20
00328
00329
00330
00331
00332 #define TLS_EXT_SERVERNAME 0
00333 #define TLS_EXT_SERVERNAME_HOSTNAME 0
00334
00335 #define TLS_EXT_MAX_FRAGMENT_LENGTH 1
00336
00337 #define TLS_EXT_TRUNCATED_HMAC 4
00338
00339 #define TLS_EXT_SUPPORTED_ELLIPTIC_CURVES 10
00340 #define TLS_EXT_SUPPORTED_POINT_FORMATS 11
00341
00342 #define TLS_EXT_SIG_ALG 13
00343
00344 #define TLS_EXT_SESSION_TICKET 35
00345
00346 #define TLS_EXT_RENEGOTIATION_INFO 0xFF01
00347
00348
00349
00350
00351
00352
00353 #define TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT (1 << 0)
00354
00355
00356
00357
00358 #if !defined(POLARSSL_MPI_MAX_SIZE)
00359 #define POLARSSL_PREMASTER_SIZE 512
00360 #else
00361 #define POLARSSL_PREMASTER_SIZE POLARSSL_MPI_MAX_SIZE
00362 #endif
00363
00364 #ifdef __cplusplus
00365 extern "C" {
00366 #endif
00367
00368
00369
00370
00371
00372 typedef int (*rsa_decrypt_func)( void *ctx, int mode, size_t *olen,
00373 const unsigned char *input, unsigned char *output,
00374 size_t output_max_len );
00375 typedef int (*rsa_sign_func)( void *ctx,
00376 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
00377 int mode, int hash_id, unsigned int hashlen,
00378 const unsigned char *hash, unsigned char *sig );
00379 typedef size_t (*rsa_key_len_func)( void *ctx );
00380
00381
00382
00383
00384 typedef enum
00385 {
00386 SSL_HELLO_REQUEST,
00387 SSL_CLIENT_HELLO,
00388 SSL_SERVER_HELLO,
00389 SSL_SERVER_CERTIFICATE,
00390 SSL_SERVER_KEY_EXCHANGE,
00391 SSL_CERTIFICATE_REQUEST,
00392 SSL_SERVER_HELLO_DONE,
00393 SSL_CLIENT_CERTIFICATE,
00394 SSL_CLIENT_KEY_EXCHANGE,
00395 SSL_CERTIFICATE_VERIFY,
00396 SSL_CLIENT_CHANGE_CIPHER_SPEC,
00397 SSL_CLIENT_FINISHED,
00398 SSL_SERVER_CHANGE_CIPHER_SPEC,
00399 SSL_SERVER_FINISHED,
00400 SSL_FLUSH_BUFFERS,
00401 SSL_HANDSHAKE_WRAPUP,
00402 SSL_HANDSHAKE_OVER,
00403 SSL_SERVER_NEW_SESSION_TICKET,
00404 }
00405 ssl_states;
00406
00407 typedef struct _ssl_session ssl_session;
00408 typedef struct _ssl_context ssl_context;
00409 typedef struct _ssl_transform ssl_transform;
00410 typedef struct _ssl_handshake_params ssl_handshake_params;
00411 #if defined(POLARSSL_SSL_SESSION_TICKETS)
00412 typedef struct _ssl_ticket_keys ssl_ticket_keys;
00413 #endif
00414 #if defined(POLARSSL_X509_CRT_PARSE_C)
00415 typedef struct _ssl_key_cert ssl_key_cert;
00416 #endif
00417
00418
00419
00420
00421 struct _ssl_session
00422 {
00423 #if defined(POLARSSL_HAVE_TIME)
00424 time_t start;
00425 #endif
00426 int ciphersuite;
00427 int compression;
00428 size_t length;
00429 unsigned char id[32];
00430 unsigned char master[48];
00432 #if defined(POLARSSL_X509_CRT_PARSE_C)
00433 x509_crt *peer_cert;
00434 #endif
00435 int verify_result;
00437 #if defined(POLARSSL_SSL_SESSION_TICKETS)
00438 unsigned char *ticket;
00439 size_t ticket_len;
00440 uint32_t ticket_lifetime;
00441 #endif
00442
00443 #if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
00444 unsigned char mfl_code;
00445 #endif
00446
00447 #if defined(POLARSSL_SSL_TRUNCATED_HMAC)
00448 int trunc_hmac;
00449 #endif
00450 };
00451
00452
00453
00454
00455
00456 struct _ssl_transform
00457 {
00458
00459
00460
00461 const ssl_ciphersuite_t *ciphersuite_info;
00463 unsigned int keylen;
00464 size_t minlen;
00465 size_t ivlen;
00466 size_t fixed_ivlen;
00467 size_t maclen;
00469 unsigned char iv_enc[16];
00470 unsigned char iv_dec[16];
00472 #if defined(POLARSSL_SSL_PROTO_SSL3)
00473
00474 unsigned char mac_enc[32];
00475 unsigned char mac_dec[32];
00476 #endif
00477
00478 md_context_t md_ctx_enc;
00479 md_context_t md_ctx_dec;
00481 cipher_context_t cipher_ctx_enc;
00482 cipher_context_t cipher_ctx_dec;
00484
00485
00486
00487 #if defined(POLARSSL_ZLIB_SUPPORT)
00488 z_stream ctx_deflate;
00489 z_stream ctx_inflate;
00490 #endif
00491 };
00492
00493
00494
00495
00496 struct _ssl_handshake_params
00497 {
00498
00499
00500
00501 int sig_alg;
00502 int cert_type;
00503 int verify_sig_alg;
00504 #if defined(POLARSSL_DHM_C)
00505 dhm_context dhm_ctx;
00506 #endif
00507 #if defined(POLARSSL_ECDH_C)
00508 ecdh_context ecdh_ctx;
00509 #endif
00510 #if defined(POLARSSL_ECDH_C) || defined(POLARSSL_ECDSA_C)
00511 const ecp_curve_info **curves;
00512 #endif
00513 #if defined(POLARSSL_X509_CRT_PARSE_C)
00514
00520 ssl_key_cert *key_cert;
00521 #if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
00522 ssl_key_cert *sni_key_cert;
00523 #endif
00524 #endif
00525
00526
00527
00528
00529 #if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1) || \
00530 defined(POLARSSL_SSL_PROTO_TLS1_1)
00531 md5_context fin_md5;
00532 sha1_context fin_sha1;
00533 #endif
00534 #if defined(POLARSSL_SSL_PROTO_TLS1_2)
00535 #if defined(POLARSSL_SHA256_C)
00536 sha256_context fin_sha256;
00537 #endif
00538 #if defined(POLARSSL_SHA512_C)
00539 sha512_context fin_sha512;
00540 #endif
00541 #endif
00542
00543 void (*update_checksum)(ssl_context *, const unsigned char *, size_t);
00544 void (*calc_verify)(ssl_context *, unsigned char *);
00545 void (*calc_finished)(ssl_context *, unsigned char *, int);
00546 int (*tls_prf)(const unsigned char *, size_t, const char *,
00547 const unsigned char *, size_t,
00548 unsigned char *, size_t);
00549
00550 size_t pmslen;
00552 unsigned char randbytes[64];
00553 unsigned char premaster[POLARSSL_PREMASTER_SIZE];
00556 int resume;
00557 int max_major_ver;
00558 int max_minor_ver;
00559 int cli_exts;
00561 #if defined(POLARSSL_SSL_SESSION_TICKETS)
00562 int new_session_ticket;
00563 #endif
00564 };
00565
00566 #if defined(POLARSSL_SSL_SESSION_TICKETS)
00567
00568
00569
00570 struct _ssl_ticket_keys
00571 {
00572 unsigned char key_name[16];
00573 aes_context enc;
00574 aes_context dec;
00575 unsigned char mac_key[16];
00576 };
00577 #endif
00578
00579 #if defined(POLARSSL_X509_CRT_PARSE_C)
00580
00581
00582
00583 struct _ssl_key_cert
00584 {
00585 x509_crt *cert;
00586 pk_context *key;
00587 int key_own_alloc;
00588 ssl_key_cert *next;
00589 };
00590 #endif
00591
00592 struct _ssl_context
00593 {
00594
00595
00596
00597 int state;
00598 int renegotiation;
00600 int major_ver;
00601 int minor_ver;
00603 int max_major_ver;
00604 int max_minor_ver;
00605 int min_major_ver;
00606 int min_minor_ver;
00608
00609
00610
00611 int (*f_rng)(void *, unsigned char *, size_t);
00612 void (*f_dbg)(void *, int, const char *);
00613 int (*f_recv)(void *, unsigned char *, size_t);
00614 int (*f_send)(void *, const unsigned char *, size_t);
00615 int (*f_get_cache)(void *, ssl_session *);
00616 int (*f_set_cache)(void *, const ssl_session *);
00617
00618 void *p_rng;
00619 void *p_dbg;
00620 void *p_recv;
00621 void *p_send;
00622 void *p_get_cache;
00623 void *p_set_cache;
00624 void *p_hw_data;
00626 #if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
00627 int (*f_sni)(void *, ssl_context *, const unsigned char *, size_t);
00628 void *p_sni;
00629 #endif
00630
00631 #if defined(POLARSSL_X509_CRT_PARSE_C)
00632 int (*f_vrfy)(void *, x509_crt *, int, int *);
00633 void *p_vrfy;
00634 #endif
00635
00636 #if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
00637 int (*f_psk)(void *, ssl_context *, const unsigned char *, size_t);
00638 void *p_psk;
00639 #endif
00640
00641
00642
00643
00644 ssl_session *session_in;
00645 ssl_session *session_out;
00646 ssl_session *session;
00647 ssl_session *session_negotiate;
00649 ssl_handshake_params *handshake;
00652
00653
00654
00655 ssl_transform *transform_in;
00656 ssl_transform *transform_out;
00657 ssl_transform *transform;
00658 ssl_transform *transform_negotiate;
00660
00661
00662
00663 unsigned char *in_ctr;
00664 unsigned char *in_hdr;
00665 unsigned char *in_iv;
00666 unsigned char *in_msg;
00667 unsigned char *in_offt;
00669 int in_msgtype;
00670 size_t in_msglen;
00671 size_t in_left;
00673 size_t in_hslen;
00674 int nb_zero;
00675 int record_read;
00677
00678
00679
00680 unsigned char *out_ctr;
00681 unsigned char *out_hdr;
00682 unsigned char *out_iv;
00683 unsigned char *out_msg;
00685 int out_msgtype;
00686 size_t out_msglen;
00687 size_t out_left;
00689 #if defined(POLARSSL_ZLIB_SUPPORT)
00690 unsigned char *compress_buf;
00691 #endif
00692 #if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
00693 unsigned char mfl_code;
00694 #endif
00695
00696
00697
00698
00699 #if defined(POLARSSL_X509_CRT_PARSE_C)
00700 ssl_key_cert *key_cert;
00702 x509_crt *ca_chain;
00703 x509_crl *ca_crl;
00704 const char *peer_cn;
00705 #endif
00706
00707
00708
00709
00710 #if defined(POLARSSL_SSL_SESSION_TICKETS)
00711 ssl_ticket_keys *ticket_keys;
00712 #endif
00713
00714
00715
00716
00717 int endpoint;
00718 int authmode;
00719 int client_auth;
00720 int verify_result;
00721 int disable_renegotiation;
00722 int allow_legacy_renegotiation;
00723 const int *ciphersuite_list[4];
00724 #if defined(POLARSSL_SSL_TRUNCATED_HMAC)
00725 int trunc_hmac;
00726 #endif
00727 #if defined(POLARSSL_SSL_SESSION_TICKETS)
00728 int session_tickets;
00729 int ticket_lifetime;
00730 #endif
00731
00732 #if defined(POLARSSL_DHM_C)
00733 mpi dhm_P;
00734 mpi dhm_G;
00735 #endif
00736
00737 #if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
00738
00739
00740
00741 unsigned char *psk;
00742 size_t psk_len;
00743 unsigned char *psk_identity;
00744 size_t psk_identity_len;
00745 #endif
00746
00747 #if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
00748
00749
00750
00751 unsigned char *hostname;
00752 size_t hostname_len;
00753 #endif
00754
00755
00756
00757
00758 int secure_renegotiation;
00760 size_t verify_data_len;
00761 char own_verify_data[36];
00762 char peer_verify_data[36];
00763 };
00764
00765 #if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
00766
00767 #define SSL_CHANNEL_OUTBOUND 0
00768 #define SSL_CHANNEL_INBOUND 1
00769
00770 extern int (*ssl_hw_record_init)(ssl_context *ssl,
00771 const unsigned char *key_enc, const unsigned char *key_dec,
00772 size_t keylen,
00773 const unsigned char *iv_enc, const unsigned char *iv_dec,
00774 size_t ivlen,
00775 const unsigned char *mac_enc, const unsigned char *mac_dec,
00776 size_t maclen);
00777 extern int (*ssl_hw_record_activate)(ssl_context *ssl, int direction);
00778 extern int (*ssl_hw_record_reset)(ssl_context *ssl);
00779 extern int (*ssl_hw_record_write)(ssl_context *ssl);
00780 extern int (*ssl_hw_record_read)(ssl_context *ssl);
00781 extern int (*ssl_hw_record_finish)(ssl_context *ssl);
00782 #endif
00783
00790 const int *ssl_list_ciphersuites( void );
00791
00800 const char *ssl_get_ciphersuite_name( const int ciphersuite_id );
00801
00810 int ssl_get_ciphersuite_id( const char *ciphersuite_name );
00811
00821 int ssl_init( ssl_context *ssl );
00822
00833 int ssl_session_reset( ssl_context *ssl );
00834
00844 void ssl_set_endpoint( ssl_context *ssl, int endpoint );
00845
00863 void ssl_set_authmode( ssl_context *ssl, int authmode );
00864
00865 #if defined(POLARSSL_X509_CRT_PARSE_C)
00866
00877 void ssl_set_verify( ssl_context *ssl,
00878 int (*f_vrfy)(void *, x509_crt *, int, int *),
00879 void *p_vrfy );
00880 #endif
00881
00889 void ssl_set_rng( ssl_context *ssl,
00890 int (*f_rng)(void *, unsigned char *, size_t),
00891 void *p_rng );
00892
00900 void ssl_set_dbg( ssl_context *ssl,
00901 void (*f_dbg)(void *, int, const char *),
00902 void *p_dbg );
00903
00913 void ssl_set_bio( ssl_context *ssl,
00914 int (*f_recv)(void *, unsigned char *, size_t), void *p_recv,
00915 int (*f_send)(void *, const unsigned char *, size_t), void *p_send );
00916
00954 void ssl_set_session_cache( ssl_context *ssl,
00955 int (*f_get_cache)(void *, ssl_session *), void *p_get_cache,
00956 int (*f_set_cache)(void *, const ssl_session *), void *p_set_cache );
00957
00972 int ssl_set_session( ssl_context *ssl, const ssl_session *session );
00973
00981 void ssl_set_ciphersuites( ssl_context *ssl, const int *ciphersuites );
00982
00996 void ssl_set_ciphersuites_for_version( ssl_context *ssl,
00997 const int *ciphersuites,
00998 int major, int minor );
00999
01000 #if defined(POLARSSL_X509_CRT_PARSE_C)
01001
01009 void ssl_set_ca_chain( ssl_context *ssl, x509_crt *ca_chain,
01010 x509_crl *ca_crl, const char *peer_cn );
01011
01030 int ssl_set_own_cert( ssl_context *ssl, x509_crt *own_cert,
01031 pk_context *pk_key );
01032
01033 #if defined(POLARSSL_RSA_C)
01034
01047 int ssl_set_own_cert_rsa( ssl_context *ssl, x509_crt *own_cert,
01048 rsa_context *rsa_key );
01049 #endif
01050
01072 int ssl_set_own_cert_alt( ssl_context *ssl, x509_crt *own_cert,
01073 void *rsa_key,
01074 rsa_decrypt_func rsa_decrypt,
01075 rsa_sign_func rsa_sign,
01076 rsa_key_len_func rsa_key_len );
01077 #endif
01078
01079 #if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
01080
01092 int ssl_set_psk( ssl_context *ssl, const unsigned char *psk, size_t psk_len,
01093 const unsigned char *psk_identity, size_t psk_identity_len );
01094
01115 void ssl_set_psk_cb( ssl_context *ssl,
01116 int (*f_psk)(void *, ssl_context *, const unsigned char *,
01117 size_t),
01118 void *p_psk );
01119 #endif
01120
01121 #if defined(POLARSSL_DHM_C)
01122
01133 int ssl_set_dh_param( ssl_context *ssl, const char *dhm_P, const char *dhm_G );
01134
01144 int ssl_set_dh_param_ctx( ssl_context *ssl, dhm_context *dhm_ctx );
01145 #endif
01146
01147 #if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
01148
01158 int ssl_set_hostname( ssl_context *ssl, const char *hostname );
01159
01179 void ssl_set_sni( ssl_context *ssl,
01180 int (*f_sni)(void *, ssl_context *, const unsigned char *,
01181 size_t),
01182 void *p_sni );
01183 #endif
01184
01200 void ssl_set_max_version( ssl_context *ssl, int major, int minor );
01201
01202
01216 void ssl_set_min_version( ssl_context *ssl, int major, int minor );
01217
01218 #if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
01219
01234 int ssl_set_max_frag_len( ssl_context *ssl, unsigned char mfl_code );
01235 #endif
01236
01237 #if defined(POLARSSL_SSL_TRUNCATED_HMAC)
01238
01249 int ssl_set_truncated_hmac( ssl_context *ssl, int truncate );
01250 #endif
01251
01252 #if defined(POLARSSL_SSL_SESSION_TICKETS)
01253
01269 int ssl_set_session_tickets( ssl_context *ssl, int use_tickets );
01270
01278 void ssl_set_session_ticket_lifetime( ssl_context *ssl, int lifetime );
01279 #endif
01280
01294 void ssl_set_renegotiation( ssl_context *ssl, int renegotiation );
01295
01323 void ssl_legacy_renegotiation( ssl_context *ssl, int allow_legacy );
01324
01332 size_t ssl_get_bytes_avail( const ssl_context *ssl );
01333
01345 int ssl_get_verify_result( const ssl_context *ssl );
01346
01354 const char *ssl_get_ciphersuite( const ssl_context *ssl );
01355
01363 const char *ssl_get_version( const ssl_context *ssl );
01364
01365 #if defined(POLARSSL_X509_CRT_PARSE_C)
01366
01380 const x509_crt *ssl_get_peer_cert( const ssl_context *ssl );
01381 #endif
01382
01399 int ssl_get_session( const ssl_context *ssl, ssl_session *session );
01400
01409 int ssl_handshake( ssl_context *ssl );
01410
01423 int ssl_handshake_step( ssl_context *ssl );
01424
01435 int ssl_renegotiate( ssl_context *ssl );
01436
01447 int ssl_read( ssl_context *ssl, unsigned char *buf, size_t len );
01448
01463 int ssl_write( ssl_context *ssl, const unsigned char *buf, size_t len );
01464
01475 int ssl_send_alert_message( ssl_context *ssl,
01476 unsigned char level,
01477 unsigned char message );
01483 int ssl_close_notify( ssl_context *ssl );
01484
01490 void ssl_free( ssl_context *ssl );
01491
01498 void ssl_session_free( ssl_session *session );
01499
01506 void ssl_transform_free( ssl_transform *transform );
01507
01514 void ssl_handshake_free( ssl_handshake_params *handshake );
01515
01516
01517
01518
01519 int ssl_handshake_client_step( ssl_context *ssl );
01520 int ssl_handshake_server_step( ssl_context *ssl );
01521 void ssl_handshake_wrapup( ssl_context *ssl );
01522
01523 int ssl_send_fatal_handshake_failure( ssl_context *ssl );
01524
01525 int ssl_derive_keys( ssl_context *ssl );
01526
01527 int ssl_read_record( ssl_context *ssl );
01532 int ssl_fetch_input( ssl_context *ssl, size_t nb_want );
01533
01534 int ssl_write_record( ssl_context *ssl );
01535 int ssl_flush_output( ssl_context *ssl );
01536
01537 int ssl_parse_certificate( ssl_context *ssl );
01538 int ssl_write_certificate( ssl_context *ssl );
01539
01540 int ssl_parse_change_cipher_spec( ssl_context *ssl );
01541 int ssl_write_change_cipher_spec( ssl_context *ssl );
01542
01543 int ssl_parse_finished( ssl_context *ssl );
01544 int ssl_write_finished( ssl_context *ssl );
01545
01546 void ssl_optimize_checksum( ssl_context *ssl, const ssl_ciphersuite_t *ciphersuite_info );
01547
01548 #if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
01549 int ssl_psk_derive_premaster( ssl_context *ssl, key_exchange_type_t key_ex );
01550 #endif
01551
01552 #if defined(POLARSSL_PK_C)
01553 unsigned char ssl_sig_from_pk( pk_context *pk );
01554 pk_type_t ssl_pk_alg_from_sig( unsigned char sig );
01555 #endif
01556
01557 md_type_t ssl_md_alg_from_hash( unsigned char hash );
01558
01559 #if defined(POLARSSL_X509_CRT_PARSE_C)
01560 static inline pk_context *ssl_own_key( ssl_context *ssl )
01561 {
01562 return( ssl->handshake->key_cert == NULL ? NULL
01563 : ssl->handshake->key_cert->key );
01564 }
01565
01566 static inline x509_crt *ssl_own_cert( ssl_context *ssl )
01567 {
01568 return( ssl->handshake->key_cert == NULL ? NULL
01569 : ssl->handshake->key_cert->cert );
01570 }
01571 #endif
01572
01573
01574 static inline int safer_memcmp( const void *a, const void *b, size_t n )
01575 {
01576 size_t i;
01577 const unsigned char *A = (const unsigned char *) a;
01578 const unsigned char *B = (const unsigned char *) b;
01579 unsigned char diff = 0;
01580
01581 for( i = 0; i < n; i++ )
01582 diff |= A[i] ^ B[i];
01583
01584 return( diff );
01585 }
01586
01587 #ifdef __cplusplus
01588 }
01589 #endif
01590
01591 #endif