2009-01-03 21:22:43 +00:00
/**
* \ file ssl . h
2009-01-04 16:27:10 +00:00
*
2011-01-06 12:28:03 +00:00
* \ brief SSL / TLS functions .
*
2012-02-06 16:45:10 +00:00
* Copyright ( C ) 2006 - 2012 , Brainspark B . V .
2010-07-18 20:36:00 +00:00
*
* This file is part of PolarSSL ( http : //www.polarssl.org)
2010-07-18 10:13:04 +00:00
* Lead Maintainer : Paul Bakker < polarssl_maintainer at polarssl . org >
2010-07-18 20:36:00 +00:00
*
2009-07-28 17:23:11 +00:00
* All rights reserved .
2009-01-04 16:27:10 +00:00
*
* This program is free software ; you can redistribute it and / or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation ; either version 2 of the License , or
* ( at your option ) any later version .
*
* This program is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU General Public License for more details .
*
* You should have received a copy of the GNU General Public License along
* with this program ; if not , write to the Free Software Foundation , Inc . ,
* 51 Franklin Street , Fifth Floor , Boston , MA 02110 - 1301 USA .
2009-01-03 21:22:43 +00:00
*/
2009-01-03 21:51:57 +00:00
# ifndef POLARSSL_SSL_H
# define POLARSSL_SSL_H
2009-01-03 21:22:43 +00:00
# include <time.h>
2011-08-15 09:07:52 +00:00
# include "net.h"
# include "rsa.h"
# include "md5.h"
# include "sha1.h"
2012-04-11 12:09:53 +00:00
# include "sha2.h"
2012-04-18 14:23:57 +00:00
# include "sha4.h"
2011-08-15 09:07:52 +00:00
# include "x509.h"
# include "config.h"
2011-01-18 15:27:19 +00:00
2012-09-16 19:57:18 +00:00
# if defined(POLARSSL_DHM_C)
# include "dhm.h"
# endif
2011-01-18 15:27:19 +00:00
# if defined(POLARSSL_PKCS11_C)
2011-08-15 09:07:52 +00:00
# include "pkcs11.h"
2011-01-18 15:27:19 +00:00
# endif
2009-01-03 21:22:43 +00:00
2012-07-03 13:30:23 +00:00
# if defined(POLARSSL_ZLIB_SUPPORT)
# include "zlib.h"
# endif
2011-07-27 16:28:54 +00:00
# if defined(_MSC_VER) && !defined(inline)
2011-04-18 03:47:52 +00:00
# define inline _inline
2011-06-21 07:48:07 +00:00
# else
2011-07-27 16:28:54 +00:00
# if defined(__ARMCC_VERSION) && !defined(inline)
2011-06-21 07:48:07 +00:00
# define inline __inline
2011-06-21 13:36:18 +00:00
# endif /* __ARMCC_VERSION */
2011-06-21 07:48:07 +00:00
# endif /*_MSC_VER */
2011-04-18 03:47:52 +00:00
2009-07-28 07:18:38 +00:00
/*
* SSL Error codes
*/
2011-05-09 16:17:09 +00:00
# define POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE -0x7080 /**< The requested feature is not available. */
# define POLARSSL_ERR_SSL_BAD_INPUT_DATA -0x7100 /**< Bad input parameters to function. */
# define POLARSSL_ERR_SSL_INVALID_MAC -0x7180 /**< Verification of the message MAC failed. */
# define POLARSSL_ERR_SSL_INVALID_RECORD -0x7200 /**< An invalid SSL record was received. */
2011-05-18 13:32:51 +00:00
# define POLARSSL_ERR_SSL_CONN_EOF -0x7280 /**< The connection indicated an EOF. */
2011-05-09 16:17:09 +00:00
# define POLARSSL_ERR_SSL_UNKNOWN_CIPHER -0x7300 /**< An unknown cipher was received. */
# define POLARSSL_ERR_SSL_NO_CIPHER_CHOSEN -0x7380 /**< The server has no ciphersuites in common with the client. */
# define POLARSSL_ERR_SSL_NO_SESSION_FOUND -0x7400 /**< No session to recover was found. */
# define POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE -0x7480 /**< No client certification received from the client, but required by the authentication mode. */
# define POLARSSL_ERR_SSL_CERTIFICATE_TOO_LARGE -0x7500 /**< Our own certificate(s) is/are too large to send in an SSL message.*/
# define POLARSSL_ERR_SSL_CERTIFICATE_REQUIRED -0x7580 /**< The own certificate is not set, but needed by the server. */
# define POLARSSL_ERR_SSL_PRIVATE_KEY_REQUIRED -0x7600 /**< The own private key is not set, but needed. */
# define POLARSSL_ERR_SSL_CA_CHAIN_REQUIRED -0x7680 /**< No CA Chain is set, but required to operate. */
# define POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE -0x7700 /**< An unexpected message was received from our peer. */
# define POLARSSL_ERR_SSL_FATAL_ALERT_MESSAGE -0x7780 /**< A fatal alert message was received from our peer. */
# define POLARSSL_ERR_SSL_PEER_VERIFY_FAILED -0x7800 /**< Verification of our peer failed. */
# define POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY -0x7880 /**< The peer notified us that the connection is going to be closed. */
# define POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO -0x7900 /**< Processing of the ClientHello handshake message failed. */
# define POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO -0x7980 /**< Processing of the ServerHello handshake message failed. */
# define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE -0x7A00 /**< Processing of the Certificate handshake message failed. */
# define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST -0x7A80 /**< Processing of the CertificateRequest handshake message failed. */
# define POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE -0x7B00 /**< Processing of the ServerKeyExchange handshake message failed. */
# define POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO_DONE -0x7B80 /**< Processing of the ServerHelloDone handshake message failed. */
# define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE -0x7C00 /**< Processing of the ClientKeyExchange handshake message failed. */
# define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_DHM_RP -0x7C80 /**< Processing of the ClientKeyExchange handshake message failed in DHM Read Public. */
# define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_DHM_CS -0x7D00 /**< Processing of the ClientKeyExchange handshake message failed in DHM Calculate Secret. */
# define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY -0x7D80 /**< Processing of the CertificateVerify handshake message failed. */
# define POLARSSL_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC -0x7E00 /**< Processing of the ChangeCipherSpec handshake message failed. */
# define POLARSSL_ERR_SSL_BAD_HS_FINISHED -0x7E80 /**< Processing of the Finished handshake message failed. */
2011-12-10 21:55:01 +00:00
# define POLARSSL_ERR_SSL_MALLOC_FAILED -0x7F00 /**< Memory allocation failed */
2012-05-08 09:17:57 +00:00
# define POLARSSL_ERR_SSL_HW_ACCEL_FAILED -0x7F80 /**< Hardware acceleration function returned with error */
# define POLARSSL_ERR_SSL_HW_ACCEL_FALLTHROUGH -0x6F80 /**< Hardware acceleration function skipped / left alone data */
2012-07-03 13:30:23 +00:00
# define POLARSSL_ERR_SSL_COMPRESSION_FAILED -0x6F00 /**< Processing of the compression / decompression failed */
2009-01-03 21:22:43 +00:00
/*
* Various constants
*/
# define SSL_MAJOR_VERSION_3 3
# define SSL_MINOR_VERSION_0 0 /*!< SSL v3.0 */
# define SSL_MINOR_VERSION_1 1 /*!< TLS v1.0 */
# define SSL_MINOR_VERSION_2 2 /*!< TLS v1.1 */
2012-04-11 12:09:53 +00:00
# define SSL_MINOR_VERSION_3 3 /*!< TLS v1.2 */
2009-01-03 21:22:43 +00:00
# define SSL_IS_CLIENT 0
# define SSL_IS_SERVER 1
# define SSL_COMPRESS_NULL 0
2012-07-03 13:30:23 +00:00
# define SSL_COMPRESS_DEFLATE 1
2009-01-03 21:22:43 +00:00
# define SSL_VERIFY_NONE 0
# define SSL_VERIFY_OPTIONAL 1
# define SSL_VERIFY_REQUIRED 2
2012-09-16 19:57:18 +00:00
# define SSL_INITIAL_HANDSHAKE 0
# define SSL_RENEGOTIATION 1
# define SSL_LEGACY_RENEGOTIATION 0
# define SSL_SECURE_RENEGOTIATION 1
# define SSL_RENEGOTIATION_ENABLED 0
# define SSL_RENEGOTIATION_DISABLED 1
2012-09-17 09:18:12 +00:00
# define SSL_LEGACY_NO_RENEGOTIATION 0
# define SSL_LEGACY_ALLOW_RENEGOTIATION 1
# define SSL_LEGACY_BREAK_HANDSHAKE 2
2012-09-16 19:57:18 +00:00
2009-01-03 21:22:43 +00:00
# define SSL_MAX_CONTENT_LEN 16384
/*
* Allow an extra 512 bytes for the record header
2012-07-03 13:30:23 +00:00
* and encryption overhead ( counter + MAC + padding )
* and allow for a maximum of 1024 of compression expansion if
* enabled .
2009-01-03 21:22:43 +00:00
*/
2012-07-03 13:30:23 +00:00
# if defined(POLARSSL_ZLIB_SUPPORT)
# define SSL_COMPRESSION_ADD 1024
# else
# define SSL_COMPRESSION_ADD 0
# endif
# define SSL_BUFFER_LEN (SSL_MAX_CONTENT_LEN + SSL_COMPRESSION_ADD + 512)
2009-01-03 21:22:43 +00:00
/*
* Supported ciphersuites
*/
2012-02-06 16:45:10 +00:00
# define SSL_RSA_NULL_MD5 0x01 /**< Weak! */
# define SSL_RSA_NULL_SHA 0x02 /**< Weak! */
# define SSL_RSA_NULL_SHA256 0x3B /**< Weak! */
2012-04-12 21:26:34 +00:00
# define SSL_RSA_DES_SHA 0x09 /**< Weak! Not in TLS 1.2 */
# define SSL_EDH_RSA_DES_SHA 0x15 /**< Weak! Not in TLS 1.2 */
2012-02-06 16:45:10 +00:00
2010-07-25 14:24:53 +00:00
# define SSL_RSA_RC4_128_MD5 0x04
# define SSL_RSA_RC4_128_SHA 0x05
2012-04-12 21:26:34 +00:00
2010-07-25 14:24:53 +00:00
# define SSL_RSA_DES_168_SHA 0x0A
# define SSL_EDH_RSA_DES_168_SHA 0x16
2012-04-12 21:26:34 +00:00
2010-07-25 14:24:53 +00:00
# define SSL_RSA_AES_128_SHA 0x2F
# define SSL_EDH_RSA_AES_128_SHA 0x33
# define SSL_RSA_AES_256_SHA 0x35
# define SSL_EDH_RSA_AES_256_SHA 0x39
2012-04-12 21:26:34 +00:00
# define SSL_RSA_AES_128_SHA256 0x3C /**< TLS 1.2 */
# define SSL_RSA_AES_256_SHA256 0x3D /**< TLS 1.2 */
# define SSL_EDH_RSA_AES_128_SHA256 0x67 /**< TLS 1.2 */
# define SSL_EDH_RSA_AES_256_SHA256 0x6B /**< TLS 1.2 */
# define SSL_RSA_CAMELLIA_128_SHA 0x41
# define SSL_EDH_RSA_CAMELLIA_128_SHA 0x45
# define SSL_RSA_CAMELLIA_256_SHA 0x84
# define SSL_EDH_RSA_CAMELLIA_256_SHA 0x88
# define SSL_RSA_CAMELLIA_128_SHA256 0xBA /**< TLS 1.2 */
# define SSL_EDH_RSA_CAMELLIA_128_SHA256 0xBE /**< TLS 1.2 */
# define SSL_RSA_CAMELLIA_256_SHA256 0xC0 /**< TLS 1.2 */
# define SSL_EDH_RSA_CAMELLIA_256_SHA256 0xC4 /**< TLS 1.2 */
2009-01-11 20:25:36 +00:00
2012-04-18 14:23:57 +00:00
# define SSL_RSA_AES_128_GCM_SHA256 0x9C
# define SSL_RSA_AES_256_GCM_SHA384 0x9D
# define SSL_EDH_RSA_AES_128_GCM_SHA256 0x9E
# define SSL_EDH_RSA_AES_256_GCM_SHA384 0x9F
2012-09-16 19:57:18 +00:00
# define SSL_EMPTY_RENEGOTIATION_INFO 0xFF /**< renegotiation info ext */
2012-04-11 12:09:53 +00:00
/*
* Supported Signature and Hash algorithms ( For TLS 1.2 )
*/
# define SSL_HASH_NONE 0
# define SSL_HASH_MD5 1
# define SSL_HASH_SHA1 2
# define SSL_HASH_SHA224 3
# define SSL_HASH_SHA256 4
# define SSL_HASH_SHA384 5
# define SSL_HASH_SHA512 6
# define SSL_SIG_RSA 1
2009-01-03 21:22:43 +00:00
/*
* Message , alert and handshake types
*/
# define SSL_MSG_CHANGE_CIPHER_SPEC 20
# define SSL_MSG_ALERT 21
# define SSL_MSG_HANDSHAKE 22
# define SSL_MSG_APPLICATION_DATA 23
2010-07-25 14:24:53 +00:00
# define SSL_ALERT_LEVEL_WARNING 1
# define SSL_ALERT_LEVEL_FATAL 2
2012-04-10 08:03:03 +00:00
# define SSL_ALERT_MSG_CLOSE_NOTIFY 0 /* 0x00 */
# define SSL_ALERT_MSG_UNEXPECTED_MESSAGE 10 /* 0x0A */
# define SSL_ALERT_MSG_BAD_RECORD_MAC 20 /* 0x14 */
# define SSL_ALERT_MSG_DECRYPTION_FAILED 21 /* 0x15 */
# define SSL_ALERT_MSG_RECORD_OVERFLOW 22 /* 0x16 */
# define SSL_ALERT_MSG_DECOMPRESSION_FAILURE 30 /* 0x1E */
2012-04-18 14:23:57 +00:00
# define SSL_ALERT_MSG_HANDSHAKE_FAILURE 40 /* 0x28 */
2012-04-10 08:03:03 +00:00
# define SSL_ALERT_MSG_NO_CERT 41 /* 0x29 */
# define SSL_ALERT_MSG_BAD_CERT 42 /* 0x2A */
# define SSL_ALERT_MSG_UNSUPPORTED_CERT 43 /* 0x2B */
# define SSL_ALERT_MSG_CERT_REVOKED 44 /* 0x2C */
# define SSL_ALERT_MSG_CERT_EXPIRED 45 /* 0x2D */
# define SSL_ALERT_MSG_CERT_UNKNOWN 46 /* 0x2E */
# define SSL_ALERT_MSG_ILLEGAL_PARAMETER 47 /* 0x2F */
# define SSL_ALERT_MSG_UNKNOWN_CA 48 /* 0x30 */
# define SSL_ALERT_MSG_ACCESS_DENIED 49 /* 0x31 */
# define SSL_ALERT_MSG_DECODE_ERROR 50 /* 0x32 */
# define SSL_ALERT_MSG_DECRYPT_ERROR 51 /* 0x33 */
# define SSL_ALERT_MSG_EXPORT_RESTRICTION 60 /* 0x3C */
# define SSL_ALERT_MSG_PROTOCOL_VERSION 70 /* 0x46 */
# define SSL_ALERT_MSG_INSUFFICIENT_SECURITY 71 /* 0x47 */
# define SSL_ALERT_MSG_INTERNAL_ERROR 80 /* 0x50 */
# define SSL_ALERT_MSG_USER_CANCELED 90 /* 0x5A */
# define SSL_ALERT_MSG_NO_RENEGOTIATION 100 /* 0x64 */
2012-04-11 16:11:49 +00:00
# define SSL_ALERT_MSG_UNSUPPORTED_EXT 110 /* 0x6E */
2009-01-03 21:22:43 +00:00
# define SSL_HS_HELLO_REQUEST 0
# define SSL_HS_CLIENT_HELLO 1
# define SSL_HS_SERVER_HELLO 2
# define SSL_HS_CERTIFICATE 11
# define SSL_HS_SERVER_KEY_EXCHANGE 12
# define SSL_HS_CERTIFICATE_REQUEST 13
# define SSL_HS_SERVER_HELLO_DONE 14
# define SSL_HS_CERTIFICATE_VERIFY 15
# define SSL_HS_CLIENT_KEY_EXCHANGE 16
# define SSL_HS_FINISHED 20
/*
* TLS extensions
*/
# define TLS_EXT_SERVERNAME 0
# define TLS_EXT_SERVERNAME_HOSTNAME 0
2012-04-11 16:11:49 +00:00
# define TLS_EXT_SIG_ALG 13
2012-09-16 19:57:18 +00:00
# define TLS_EXT_RENEGOTIATION_INFO 0xFF01
2009-01-03 21:22:43 +00:00
/*
* SSL state machine
*/
typedef enum
{
SSL_HELLO_REQUEST ,
SSL_CLIENT_HELLO ,
SSL_SERVER_HELLO ,
SSL_SERVER_CERTIFICATE ,
SSL_SERVER_KEY_EXCHANGE ,
SSL_CERTIFICATE_REQUEST ,
SSL_SERVER_HELLO_DONE ,
SSL_CLIENT_CERTIFICATE ,
SSL_CLIENT_KEY_EXCHANGE ,
SSL_CERTIFICATE_VERIFY ,
SSL_CLIENT_CHANGE_CIPHER_SPEC ,
SSL_CLIENT_FINISHED ,
SSL_SERVER_CHANGE_CIPHER_SPEC ,
SSL_SERVER_FINISHED ,
SSL_FLUSH_BUFFERS ,
2012-09-16 19:57:18 +00:00
SSL_HANDSHAKE_WRAPUP ,
2009-01-03 21:22:43 +00:00
SSL_HANDSHAKE_OVER
}
ssl_states ;
typedef struct _ssl_session ssl_session ;
typedef struct _ssl_context ssl_context ;
2012-09-16 19:57:18 +00:00
typedef struct _ssl_transform ssl_transform ;
typedef struct _ssl_handshake_params ssl_handshake_params ;
2009-01-03 21:22:43 +00:00
/*
* This structure is used for session resuming .
*/
struct _ssl_session
{
time_t start ; /*!< starting time */
2011-01-27 17:40:50 +00:00
int ciphersuite ; /*!< chosen ciphersuite */
2012-07-03 13:30:23 +00:00
int compression ; /*!< chosen compression */
2011-04-24 08:57:21 +00:00
size_t length ; /*!< session id length */
2009-01-03 21:22:43 +00:00
unsigned char id [ 32 ] ; /*!< session identifier */
unsigned char master [ 48 ] ; /*!< the master secret */
2012-09-16 19:57:18 +00:00
x509_cert * peer_cert ; /*!< peer X.509 cert chain */
2009-01-03 21:22:43 +00:00
ssl_session * next ; /*!< next session entry */
} ;
2012-09-16 19:57:18 +00:00
/*
* This structure contains a full set of runtime transform parameters
* either in negotiation or active .
*/
struct _ssl_transform
{
/*
* Session specific crypto layer
*/
unsigned int keylen ; /*!< symmetric key length */
size_t minlen ; /*!< min. ciphertext length */
size_t ivlen ; /*!< IV length */
size_t fixed_ivlen ; /*!< Fixed part of IV (AEAD) */
size_t maclen ; /*!< MAC length */
unsigned char iv_enc [ 16 ] ; /*!< IV (encryption) */
unsigned char iv_dec [ 16 ] ; /*!< IV (decryption) */
unsigned char mac_enc [ 32 ] ; /*!< MAC (encryption) */
unsigned char mac_dec [ 32 ] ; /*!< MAC (decryption) */
unsigned long ctx_enc [ 134 ] ; /*!< encryption context */
unsigned long ctx_dec [ 134 ] ; /*!< decryption context */
/*
* Session specific compression layer
*/
# if defined(POLARSSL_ZLIB_SUPPORT)
z_stream ctx_deflate ; /*!< compression context */
z_stream ctx_inflate ; /*!< decompression context */
# endif
} ;
/*
* This structure contains the parameters only needed during handshake .
*/
struct _ssl_handshake_params
{
/*
* Handshake specific crypto variables
*/
# if defined(POLARSSL_DHM_C)
dhm_context dhm_ctx ; /*!< DHM key exchange */
# endif
/*
* Checksum contexts
*/
md5_context fin_md5 ;
sha1_context fin_sha1 ;
sha2_context fin_sha2 ;
sha4_context fin_sha4 ;
void ( * update_checksum ) ( ssl_context * , unsigned char * , size_t ) ;
void ( * calc_verify ) ( ssl_context * , unsigned char * ) ;
void ( * calc_finished ) ( ssl_context * , unsigned char * , int ) ;
int ( * tls_prf ) ( unsigned char * , size_t , char * ,
unsigned char * , size_t ,
unsigned char * , size_t ) ;
size_t pmslen ; /*!< premaster length */
unsigned char randbytes [ 64 ] ; /*!< random bytes */
unsigned char premaster [ 256 ] ; /*!< premaster secret */
} ;
2009-01-03 21:22:43 +00:00
struct _ssl_context
{
/*
* Miscellaneous
*/
int state ; /*!< SSL handshake: current state */
2012-09-16 19:57:18 +00:00
int renegotiation ; /*!< Initial or renegotiation */
2009-01-03 21:22:43 +00:00
int major_ver ; /*!< equal to SSL_MAJOR_VERSION_3 */
int minor_ver ; /*!< either 0 (SSL3) or 1 (TLS1.0) */
int max_major_ver ; /*!< max. major version from client */
int max_minor_ver ; /*!< max. minor version from client */
/*
2011-01-13 17:54:59 +00:00
* Callbacks ( RNG , debug , I / O , verification )
2009-01-03 21:22:43 +00:00
*/
2011-11-27 21:07:34 +00:00
int ( * f_rng ) ( void * , unsigned char * , size_t ) ;
2010-03-16 21:09:09 +00:00
void ( * f_dbg ) ( void * , int , const char * ) ;
2011-04-24 08:57:21 +00:00
int ( * f_recv ) ( void * , unsigned char * , size_t ) ;
2011-06-21 07:36:43 +00:00
int ( * f_send ) ( void * , const unsigned char * , size_t ) ;
2011-01-13 17:54:59 +00:00
int ( * f_vrfy ) ( void * , x509_cert * , int , int ) ;
2009-01-03 21:22:43 +00:00
void * p_rng ; /*!< context for the RNG function */
void * p_dbg ; /*!< context for the debug function */
void * p_recv ; /*!< context for reading operations */
void * p_send ; /*!< context for writing operations */
2011-01-13 17:54:59 +00:00
void * p_vrfy ; /*!< context for verification */
2009-01-03 21:22:43 +00:00
/*
* Session layer
*/
int resume ; /*!< session resuming flag */
int timeout ; /*!< sess. expiration time */
2012-09-16 19:57:18 +00:00
ssl_session * session_in ; /*!< current session data (in) */
ssl_session * session_out ; /*!< current session data (out) */
ssl_session * session ; /*!< negotiated session data */
ssl_session * session_negotiate ; /*!< session data in negotiation */
2009-01-03 21:22:43 +00:00
int ( * s_get ) ( ssl_context * ) ; /*!< (server) get callback */
int ( * s_set ) ( ssl_context * ) ; /*!< (server) set callback */
2012-09-16 19:57:18 +00:00
ssl_handshake_params * handshake ; /*!< params required only during
the handshake process */
/*
* Record layer transformations
*/
ssl_transform * transform_in ; /*!< current transform params (in) */
ssl_transform * transform_out ; /*!< current transform params (in) */
ssl_transform * transform ; /*!< negotiated transform params */
ssl_transform * transform_negotiate ; /*!< transform params in negotiation */
2009-01-03 21:22:43 +00:00
/*
* Record layer ( incoming data )
*/
unsigned char * in_ctr ; /*!< 64-bit incoming message counter */
unsigned char * in_hdr ; /*!< 5-byte record header (in_ctr+8) */
unsigned char * in_msg ; /*!< the message contents (in_hdr+5) */
unsigned char * in_offt ; /*!< read offset in application data */
int in_msgtype ; /*!< record header: message type */
2011-04-24 08:57:21 +00:00
size_t in_msglen ; /*!< record header: message length */
size_t in_left ; /*!< amount of data read so far */
2009-01-03 21:22:43 +00:00
2011-04-24 08:57:21 +00:00
size_t in_hslen ; /*!< current handshake message length */
2009-01-03 21:22:43 +00:00
int nb_zero ; /*!< # of 0-length encrypted messages */
/*
* Record layer ( outgoing data )
*/
unsigned char * out_ctr ; /*!< 64-bit outgoing message counter */
unsigned char * out_hdr ; /*!< 5-byte record header (out_ctr+8) */
2012-05-08 13:16:14 +00:00
unsigned char * out_msg ; /*!< the message contents (out_hdr+32)*/
2009-01-03 21:22:43 +00:00
int out_msgtype ; /*!< record header: message type */
2011-04-24 08:57:21 +00:00
size_t out_msglen ; /*!< record header: message length */
size_t out_left ; /*!< amount of data not yet written */
2009-01-03 21:22:43 +00:00
/*
* PKI layer
*/
rsa_context * rsa_key ; /*!< own RSA private key */
2011-01-18 15:27:19 +00:00
# if defined(POLARSSL_PKCS11_C)
pkcs11_context * pkcs11_key ; /*!< own PKCS#11 RSA private key */
# endif
2009-01-03 21:22:43 +00:00
x509_cert * own_cert ; /*!< own X.509 certificate */
x509_cert * ca_chain ; /*!< own trusted CA chain */
2009-05-03 10:18:48 +00:00
x509_crl * ca_crl ; /*!< trusted CA CRLs */
2010-03-24 06:51:15 +00:00
const char * peer_cn ; /*!< expected peer CN */
2009-01-03 21:22:43 +00:00
2012-09-16 19:57:18 +00:00
/*
* User settings
*/
2009-01-03 21:22:43 +00:00
int endpoint ; /*!< 0: client, 1: server */
int authmode ; /*!< verification mode */
int client_auth ; /*!< flag for client auth. */
int verify_result ; /*!< verification result */
2012-09-16 19:57:18 +00:00
int disable_renegotiation ; /*!< enable/disable renegotiation */
int allow_legacy_renegotiation ; /*!< allow legacy renegotiation */
2012-08-23 08:34:18 +00:00
const int * ciphersuites ; /*!< allowed ciphersuites */
2009-01-03 21:22:43 +00:00
2012-09-16 19:57:18 +00:00
# if defined(POLARSSL_DHM_C)
mpi dhm_P ; /*!< prime modulus for DHM */
mpi dhm_G ; /*!< generator for DHM */
2012-07-03 13:30:23 +00:00
# endif
2009-01-03 21:22:43 +00:00
/*
* TLS extensions
*/
unsigned char * hostname ;
2011-04-24 08:57:21 +00:00
size_t hostname_len ;
2012-09-16 19:57:18 +00:00
/*
* Secure renegotiation
*/
int secure_renegotiation ; /*!< does peer support legacy or
secure renegotiation */
size_t verify_data_len ; /*!< length of verify data stored */
char own_verify_data [ 36 ] ; /*!< previous handshake verify data */
char peer_verify_data [ 36 ] ; /*!< previous handshake verify data */
2009-01-03 21:22:43 +00:00
} ;
# ifdef __cplusplus
extern " C " {
# endif
2012-08-23 08:34:18 +00:00
extern const int ssl_default_ciphersuites [ ] ;
2009-01-03 21:22:43 +00:00
2012-05-08 09:17:57 +00:00
# if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
extern int ( * ssl_hw_record_init ) ( ssl_context * ssl ,
const unsigned char * key_enc , const unsigned char * key_dec ,
const unsigned char * iv_enc , const unsigned char * iv_dec ,
const unsigned char * mac_enc , const unsigned char * mac_dec ) ;
extern int ( * ssl_hw_record_reset ) ( ssl_context * ssl ) ;
extern int ( * ssl_hw_record_write ) ( ssl_context * ssl ) ;
extern int ( * ssl_hw_record_read ) ( ssl_context * ssl ) ;
extern int ( * ssl_hw_record_finish ) ( ssl_context * ssl ) ;
# endif
2011-01-16 21:27:44 +00:00
/**
2011-01-27 17:40:50 +00:00
* \ brief Returns the list of ciphersuites supported by the SSL / TLS module .
2011-01-16 21:27:44 +00:00
*
2011-01-27 17:40:50 +00:00
* \ return a statically allocated array of ciphersuites , the last
* entry is 0.
2011-01-16 21:27:44 +00:00
*/
2011-01-27 17:40:50 +00:00
static inline const int * ssl_list_ciphersuites ( void )
2011-01-16 21:27:44 +00:00
{
2011-01-27 17:40:50 +00:00
return ssl_default_ciphersuites ;
2011-01-16 21:27:44 +00:00
}
/**
2011-01-27 17:40:50 +00:00
* \ brief Return the name of the ciphersuite associated with the given
* ID
2011-01-16 21:27:44 +00:00
*
2011-01-27 17:40:50 +00:00
* \ param ciphersuite_id SSL ciphersuite ID
2011-01-16 21:27:44 +00:00
*
2011-01-27 17:40:50 +00:00
* \ return a string containing the ciphersuite name
2011-01-16 21:27:44 +00:00
*/
2011-01-27 17:40:50 +00:00
const char * ssl_get_ciphersuite_name ( const int ciphersuite_id ) ;
/**
* \ brief Return the ID of the ciphersuite associated with the given
* name
*
* \ param ciphersuite_name SSL ciphersuite name
*
* \ return the ID with the ciphersuite or 0 if not found
*/
int ssl_get_ciphersuite_id ( const char * ciphersuite_name ) ;
2011-01-16 21:27:44 +00:00
2009-01-03 21:22:43 +00:00
/**
* \ brief Initialize an SSL context
*
* \ param ssl SSL context
*
2011-12-10 21:55:01 +00:00
* \ return 0 if successful , or POLARSSL_ERR_SSL_MALLOC_FAILED if
* memory allocation failed
2009-01-03 21:22:43 +00:00
*/
int ssl_init ( ssl_context * ssl ) ;
2011-10-06 12:37:39 +00:00
/**
* \ brief Reset an already initialized SSL context for re - use
* while retaining application - set variables , function
* pointers and data .
*
* \ param ssl SSL context
2012-09-16 19:57:18 +00:00
* \ return 0 if successful , or POLASSL_ERR_SSL_MALLOC_FAILED ,
POLARSSL_ERR_SSL_HW_ACCEL_FAILED or
2012-07-03 13:30:23 +00:00
* POLARSSL_ERR_SSL_COMPRESSION_FAILED
2011-10-06 12:37:39 +00:00
*/
2012-07-03 13:30:23 +00:00
int ssl_session_reset ( ssl_context * ssl ) ;
2011-10-06 12:37:39 +00:00
2009-01-03 21:22:43 +00:00
/**
* \ brief Set the current endpoint type
*
* \ param ssl SSL context
* \ param endpoint must be SSL_IS_CLIENT or SSL_IS_SERVER
*/
void ssl_set_endpoint ( ssl_context * ssl , int endpoint ) ;
/**
* \ brief Set the certificate verification mode
*
* \ param ssl SSL context
2011-01-06 12:28:03 +00:00
* \ param authmode can be :
2009-01-03 21:22:43 +00:00
*
* SSL_VERIFY_NONE : peer certificate is not checked ( default ) ,
* this is insecure and SHOULD be avoided .
*
* SSL_VERIFY_OPTIONAL : peer certificate is checked , however the
* handshake continues even if verification failed ;
* ssl_get_verify_result ( ) can be called after the
* handshake is complete .
*
* SSL_VERIFY_REQUIRED : peer * must * present a valid certificate ,
* handshake is aborted if verification failed .
*/
void ssl_set_authmode ( ssl_context * ssl , int authmode ) ;
2011-01-13 17:54:59 +00:00
/**
* \ brief Set the verification callback ( Optional ) .
*
* If set , the verification callback is called once for every
* certificate in the chain . The verification function has the
* following parameter : ( void * parameter , x509_cert certificate ,
* int certifcate_depth , int preverify_ok ) . It should
* return 0 on SUCCESS .
*
* \ param ssl SSL context
* \ param f_vrfy verification function
* \ param p_vrfy verification parameter
*/
void ssl_set_verify ( ssl_context * ssl ,
int ( * f_vrfy ) ( void * , x509_cert * , int , int ) ,
void * p_vrfy ) ;
2009-01-03 21:22:43 +00:00
/**
* \ brief Set the random number generator callback
*
* \ param ssl SSL context
* \ param f_rng RNG function
* \ param p_rng RNG parameter
*/
void ssl_set_rng ( ssl_context * ssl ,
2011-11-27 21:07:34 +00:00
int ( * f_rng ) ( void * , unsigned char * , size_t ) ,
2009-01-03 21:22:43 +00:00
void * p_rng ) ;
/**
* \ brief Set the debug callback
*
* \ param ssl SSL context
* \ param f_dbg debug function
* \ param p_dbg debug parameter
*/
void ssl_set_dbg ( ssl_context * ssl ,
2010-03-16 21:09:09 +00:00
void ( * f_dbg ) ( void * , int , const char * ) ,
2009-01-03 21:22:43 +00:00
void * p_dbg ) ;
/**
* \ brief Set the underlying BIO read and write callbacks
*
* \ param ssl SSL context
* \ param f_recv read callback
* \ param p_recv read parameter
* \ param f_send write callback
* \ param p_send write parameter
*/
void ssl_set_bio ( ssl_context * ssl ,
2011-04-24 08:57:21 +00:00
int ( * f_recv ) ( void * , unsigned char * , size_t ) , void * p_recv ,
2011-06-21 07:36:43 +00:00
int ( * f_send ) ( void * , const unsigned char * , size_t ) , void * p_send ) ;
2009-01-03 21:22:43 +00:00
/**
* \ brief Set the session callbacks ( server - side only )
*
* \ param ssl SSL context
* \ param s_get session get callback
* \ param s_set session set callback
*/
void ssl_set_scb ( ssl_context * ssl ,
int ( * s_get ) ( ssl_context * ) ,
int ( * s_set ) ( ssl_context * ) ) ;
/**
* \ brief Set the session resuming flag , timeout and data
*
* \ param ssl SSL context
* \ param resume if 0 ( default ) , the session will not be resumed
* \ param timeout session timeout in seconds , or 0 ( no timeout )
* \ param session session context
*/
void ssl_set_session ( ssl_context * ssl , int resume , int timeout ,
ssl_session * session ) ;
/**
2011-01-27 17:40:50 +00:00
* \ brief Set the list of allowed ciphersuites
2009-01-03 21:22:43 +00:00
*
2011-01-27 17:40:50 +00:00
* \ param ssl SSL context
* \ param ciphersuites 0 - terminated list of allowed ciphersuites
2009-01-03 21:22:43 +00:00
*/
2012-08-23 08:34:18 +00:00
void ssl_set_ciphersuites ( ssl_context * ssl , const int * ciphersuites ) ;
2009-01-03 21:22:43 +00:00
/**
* \ brief Set the data required to verify peer certificate
*
* \ param ssl SSL context
* \ param ca_chain trusted CA chain
2009-05-03 10:18:48 +00:00
* \ param ca_crl trusted CA CRLs
2009-01-03 21:22:43 +00:00
* \ param peer_cn expected peer CommonName ( or NULL )
*
* \ note TODO : add two more parameters : depth and crl
*/
void ssl_set_ca_chain ( ssl_context * ssl , x509_cert * ca_chain ,
2010-03-24 06:51:15 +00:00
x509_crl * ca_crl , const char * peer_cn ) ;
2009-01-03 21:22:43 +00:00
/**
* \ brief Set own certificate and private key
*
* \ param ssl SSL context
* \ param own_cert own public certificate
* \ param rsa_key own private RSA key
*/
void ssl_set_own_cert ( ssl_context * ssl , x509_cert * own_cert ,
rsa_context * rsa_key ) ;
2011-01-18 15:27:19 +00:00
# if defined(POLARSSL_PKCS11_C)
/**
* \ brief Set own certificate and PKCS # 11 private key
*
* \ param ssl SSL context
* \ param own_cert own public certificate
* \ param pkcs11_key own PKCS # 11 RSA key
*/
void ssl_set_own_cert_pkcs11 ( ssl_context * ssl , x509_cert * own_cert ,
pkcs11_context * pkcs11_key ) ;
# endif
2012-09-16 19:57:18 +00:00
# if defined(POLARSSL_DHM_C)
2009-01-03 21:22:43 +00:00
/**
* \ brief Set the Diffie - Hellman public P and G values ,
* read as hexadecimal strings ( server - side only )
*
* \ param ssl SSL context
* \ param dhm_P Diffie - Hellman - Merkle modulus
* \ param dhm_G Diffie - Hellman - Merkle generator
*
* \ return 0 if successful
*/
2010-03-16 21:09:09 +00:00
int ssl_set_dh_param ( ssl_context * ssl , const char * dhm_P , const char * dhm_G ) ;
2009-01-03 21:22:43 +00:00
2011-01-06 15:48:19 +00:00
/**
* \ brief Set the Diffie - Hellman public P and G values ,
* read from existing context ( server - side only )
*
* \ param ssl SSL context
* \ param dhm_ctx Diffie - Hellman - Merkle context
*
* \ return 0 if successful
*/
int ssl_set_dh_param_ctx ( ssl_context * ssl , dhm_context * dhm_ctx ) ;
2012-09-16 19:57:18 +00:00
# endif
2011-01-06 15:48:19 +00:00
2009-01-03 21:22:43 +00:00
/**
* \ brief Set hostname for ServerName TLS Extension
*
*
* \ param ssl SSL context
* \ param hostname the server hostname
*
2012-01-13 13:44:06 +00:00
* \ return 0 if successful or POLARSSL_ERR_SSL_MALLOC_FAILED
2009-01-03 21:22:43 +00:00
*/
2010-03-16 21:09:09 +00:00
int ssl_set_hostname ( ssl_context * ssl , const char * hostname ) ;
2009-01-03 21:22:43 +00:00
2011-10-06 13:04:09 +00:00
/**
* \ brief Set the maximum supported version sent from the client side
*
* \ param ssl SSL context
* \ param major Major version number ( only SSL_MAJOR_VERSION_3 supported )
* \ param minor Minor version number ( SSL_MINOR_VERSION_0 ,
2012-04-11 12:09:53 +00:00
* SSL_MINOR_VERSION_1 and SSL_MINOR_VERSION_2 ,
* SSL_MINOR_VERSION_3 supported )
2011-10-06 13:04:09 +00:00
*/
void ssl_set_max_version ( ssl_context * ssl , int major , int minor ) ;
2012-09-16 19:57:18 +00:00
/**
* \ brief Enable / Disable renegotiation support for connection
* ( Default : SSL_RENEGOTIATION_ENABLED )
*
* \ param ssl SSL context
* \ param renegotiation Enable or disable ( SSL_RENEGOTIATION_ENABLED or
* SSL_RENEGOTIATION_DISABLED )
*/
void ssl_set_renegotiation ( ssl_context * ssl , int renegotiation ) ;
/**
* \ brief Prevent or allow legacy renegotiation .
2012-09-17 09:18:12 +00:00
* ( Default : SSL_LEGACY_NO_RENEGOTIATION )
*
* SSL_LEGACY_NO_RENEGOTIATION allows connections to
* be established even if the peer does not support
* secure renegotiation , but does not allow renegotiation
* to take place if not secure .
* ( Interoperable and secure option )
*
* SSL_LEGACY_ALLOW_RENEGOTIATION allows renegotiations
* with non - upgraded peers . Allowing legacy renegotiation
* makes the connection vulnerable to specific man in the
* middle attacks . ( See RFC 5746 )
* ( Most interoperable and least secure option )
*
* SSL_LEGACY_BREAK_HANDSHAKE breaks off connections
* if peer does not support secure renegotiation . Results
* in interoperability issues with non - upgraded peers
* that do not support renegotiation altogether .
* ( Most secure option , interoperability issues )
2012-09-16 19:57:18 +00:00
*
* \ param ssl SSL context
* \ param allow_legacy Prevent or allow ( SSL_NO_LEGACY_RENEGOTIATION or
* SSL_ALLOW_LEGACY_RENEGOTIATION )
*/
void ssl_legacy_renegotiation ( ssl_context * ssl , int allow_legacy ) ;
2009-01-03 21:22:43 +00:00
/**
* \ brief Return the number of data bytes available to read
*
* \ param ssl SSL context
*
* \ return how many bytes are available in the read buffer
*/
2011-04-24 08:57:21 +00:00
size_t ssl_get_bytes_avail ( const ssl_context * ssl ) ;
2009-01-03 21:22:43 +00:00
/**
* \ brief Return the result of the certificate verification
*
* \ param ssl SSL context
*
* \ return 0 if successful , or a combination of :
* BADCERT_EXPIRED
* BADCERT_REVOKED
* BADCERT_CN_MISMATCH
* BADCERT_NOT_TRUSTED
*/
2010-03-16 21:09:09 +00:00
int ssl_get_verify_result ( const ssl_context * ssl ) ;
2009-01-03 21:22:43 +00:00
/**
2011-01-27 17:40:50 +00:00
* \ brief Return the name of the current ciphersuite
2009-01-03 21:22:43 +00:00
*
* \ param ssl SSL context
*
2011-01-27 17:40:50 +00:00
* \ return a string containing the ciphersuite name
2009-01-03 21:22:43 +00:00
*/
2011-01-27 17:40:50 +00:00
const char * ssl_get_ciphersuite ( const ssl_context * ssl ) ;
2009-01-03 21:22:43 +00:00
2011-01-15 17:35:19 +00:00
/**
* \ brief Return the current SSL version ( SSLv3 / TLSv1 / etc )
*
* \ param ssl SSL context
*
* \ return a string containing the SSL version
*/
const char * ssl_get_version ( const ssl_context * ssl ) ;
2009-01-03 21:22:43 +00:00
/**
* \ brief Perform the SSL handshake
*
* \ param ssl SSL context
*
2011-05-18 13:32:51 +00:00
* \ return 0 if successful , POLARSSL_ERR_NET_WANT_READ ,
* POLARSSL_ERR_NET_WANT_WRITE , or a specific SSL error code .
2009-01-03 21:22:43 +00:00
*/
int ssl_handshake ( ssl_context * ssl ) ;
2012-09-16 19:57:18 +00:00
/**
* \ brief Perform an SSL renegotiation on the running connection
*
* \ param ssl SSL context
*
* \ return 0 if succesful , or any ssl_handshake ( ) return value .
*/
int ssl_renegotiate ( ssl_context * ssl ) ;
2009-01-03 21:22:43 +00:00
/**
* \ brief Read at most ' len ' application data bytes
*
* \ param ssl SSL context
* \ param buf buffer that will hold the data
* \ param len how many bytes must be read
*
2011-05-18 13:32:51 +00:00
* \ return This function returns the number of bytes read , 0 for EOF ,
2009-01-03 21:22:43 +00:00
* or a negative error code .
*/
2011-04-24 08:57:21 +00:00
int ssl_read ( ssl_context * ssl , unsigned char * buf , size_t len ) ;
2009-01-03 21:22:43 +00:00
/**
* \ brief Write exactly ' len ' application data bytes
*
* \ param ssl SSL context
* \ param buf buffer holding the data
* \ param len how many bytes must be written
*
* \ return This function returns the number of bytes written ,
* or a negative error code .
*
2011-05-18 13:32:51 +00:00
* \ note When this function returns POLARSSL_ERR_NET_WANT_WRITE ,
2009-01-03 21:22:43 +00:00
* it must be called later with the * same * arguments ,
* until it returns a positive value .
*/
2011-04-24 08:57:21 +00:00
int ssl_write ( ssl_context * ssl , const unsigned char * buf , size_t len ) ;
2009-01-03 21:22:43 +00:00
2012-04-16 06:46:41 +00:00
/**
* \ brief Send an alert message
*
* \ param ssl SSL context
* \ param level The alert level of the message
* ( SSL_ALERT_LEVEL_WARNING or SSL_ALERT_LEVEL_FATAL )
* \ param message The alert message ( SSL_ALERT_MSG_ * )
*
* \ return 1 if successful , or a specific SSL error code .
*/
int ssl_send_alert_message ( ssl_context * ssl ,
unsigned char level ,
unsigned char message ) ;
2009-01-03 21:22:43 +00:00
/**
* \ brief Notify the peer that the connection is being closed
2009-07-28 07:18:38 +00:00
*
* \ param ssl SSL context
2009-01-03 21:22:43 +00:00
*/
int ssl_close_notify ( ssl_context * ssl ) ;
/**
2012-09-16 19:57:18 +00:00
* \ brief Free referenced items in an SSL context and clear memory
2009-07-28 07:18:38 +00:00
*
* \ param ssl SSL context
2009-01-03 21:22:43 +00:00
*/
void ssl_free ( ssl_context * ssl ) ;
2012-09-16 19:57:18 +00:00
/**
* \ brief Free referenced items in an SSL session and free all
* sessions in the chain . Memory is cleared
*
* \ param session SSL session
*/
void ssl_session_free ( ssl_session * session ) ;
/**
* \ brief Free referenced items in an SSL transform context and clear
* memory
*
* \ param transform SSL transform context
*/
void ssl_transform_free ( ssl_transform * transform ) ;
/**
* \ brief Free referenced items in an SSL handshake context and clear
* memory
*
* \ param handshake SSL handshake context
*/
void ssl_handshake_free ( ssl_handshake_params * handshake ) ;
2009-01-03 21:22:43 +00:00
/*
* Internal functions ( do not call directly )
*/
int ssl_handshake_client ( ssl_context * ssl ) ;
int ssl_handshake_server ( ssl_context * ssl ) ;
2012-09-16 19:57:18 +00:00
void ssl_handshake_wrapup ( ssl_context * ssl ) ;
2009-01-03 21:22:43 +00:00
2012-09-17 09:18:12 +00:00
int ssl_send_fatal_handshake_failure ( ssl_context * ssl ) ;
2009-01-03 21:22:43 +00:00
int ssl_derive_keys ( ssl_context * ssl ) ;
int ssl_read_record ( ssl_context * ssl ) ;
2011-05-18 13:32:51 +00:00
/**
* \ return 0 if successful , POLARSSL_ERR_SSL_CONN_EOF on EOF or
* another negative error code .
*/
2011-04-24 08:57:21 +00:00
int ssl_fetch_input ( ssl_context * ssl , size_t nb_want ) ;
2009-01-03 21:22:43 +00:00
int ssl_write_record ( ssl_context * ssl ) ;
int ssl_flush_output ( ssl_context * ssl ) ;
int ssl_parse_certificate ( ssl_context * ssl ) ;
int ssl_write_certificate ( ssl_context * ssl ) ;
int ssl_parse_change_cipher_spec ( ssl_context * ssl ) ;
int ssl_write_change_cipher_spec ( ssl_context * ssl ) ;
int ssl_parse_finished ( ssl_context * ssl ) ;
int ssl_write_finished ( ssl_context * ssl ) ;
2012-09-16 19:57:18 +00:00
void ssl_optimize_checksum ( ssl_context * ssl , int ciphersuite ) ;
2012-04-18 16:10:25 +00:00
2009-01-03 21:22:43 +00:00
# ifdef __cplusplus
}
# endif
# endif /* ssl.h */