2009-01-03 21:22:43 +00:00
/**
* \ file ssl . h
2009-01-04 16:27:10 +00:00
*
2011-01-06 12:28:03 +00:00
* \ brief SSL / TLS functions .
*
2015-01-23 09:45:19 +00:00
* Copyright ( C ) 2006 - 2014 , ARM Limited , All Rights Reserved
2010-07-18 20:36:00 +00:00
*
2015-03-06 13:17:10 +00:00
* This file is part of mbed TLS ( https : //tls.mbed.org)
2009-01-04 16:27:10 +00:00
*
* This program is free software ; you can redistribute it and / or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation ; either version 2 of the License , or
* ( at your option ) any later version .
*
* This program is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU General Public License for more details .
*
* You should have received a copy of the GNU General Public License along
* with this program ; if not , write to the Free Software Foundation , Inc . ,
* 51 Franklin Street , Fifth Floor , Boston , MA 02110 - 1301 USA .
2009-01-03 21:22:43 +00:00
*/
2015-04-08 10:49:31 +00:00
# ifndef MBEDTLS_SSL_H
# define MBEDTLS_SSL_H
2009-01-03 21:22:43 +00:00
2015-04-08 10:49:31 +00:00
# if !defined(MBEDTLS_CONFIG_FILE)
2013-04-18 20:46:23 +00:00
# include "config.h"
2014-04-29 10:39:06 +00:00
# else
2015-04-08 10:49:31 +00:00
# include MBEDTLS_CONFIG_FILE
2014-04-29 10:39:06 +00:00
# endif
2014-11-04 18:52:10 +00:00
2013-04-18 20:46:23 +00:00
# include "bignum.h"
2014-07-03 14:12:50 +00:00
# include "ecp.h"
2013-04-18 20:46:23 +00:00
2013-08-27 19:19:20 +00:00
# include "ssl_ciphersuites.h"
2015-04-08 10:49:31 +00:00
# if defined(MBEDTLS_X509_CRT_PARSE_C)
2013-09-16 11:49:26 +00:00
# include "x509_crt.h"
# include "x509_crl.h"
2013-09-23 12:46:13 +00:00
# endif
2013-04-18 20:46:23 +00:00
2015-04-08 10:49:31 +00:00
# if defined(MBEDTLS_DHM_C)
2012-09-16 19:57:18 +00:00
# include "dhm.h"
# endif
2015-04-08 10:49:31 +00:00
# if defined(MBEDTLS_ECDH_C)
2013-03-20 13:39:14 +00:00
# include "ecdh.h"
# endif
2015-04-08 10:49:31 +00:00
# if defined(MBEDTLS_ZLIB_SUPPORT)
2012-07-03 13:30:23 +00:00
# include "zlib.h"
# endif
2015-04-08 10:49:31 +00:00
# if defined(MBEDTLS_HAVE_TIME)
2013-07-03 13:31:03 +00:00
# include <time.h>
# endif
2013-10-14 17:54:10 +00:00
/* For convenience below and in programs */
2015-04-08 10:49:31 +00:00
# if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \
defined ( MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED ) | | \
defined ( MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED ) | | \
defined ( MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED )
# define MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED
2013-10-14 17:54:10 +00:00
# endif
2015-04-08 10:49:31 +00:00
# if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
defined ( MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ) | | \
defined ( MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED )
# define MBEDTLS_KEY_EXCHANGE__SOME__ECDHE_ENABLED
2014-01-19 20:48:42 +00:00
# endif
2015-06-17 10:43:26 +00:00
# if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
defined ( MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ) | | \
defined ( MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED )
# define MBEDTLS_KEY_EXCHANGE__SOME__SIGNATURE_ENABLED
# endif
2009-07-28 07:18:38 +00:00
/*
* SSL Error codes
*/
2015-04-08 10:49:31 +00:00
# define MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE -0x7080 /**< The requested feature is not available. */
# define MBEDTLS_ERR_SSL_BAD_INPUT_DATA -0x7100 /**< Bad input parameters to function. */
# define MBEDTLS_ERR_SSL_INVALID_MAC -0x7180 /**< Verification of the message MAC failed. */
# define MBEDTLS_ERR_SSL_INVALID_RECORD -0x7200 /**< An invalid SSL record was received. */
# define MBEDTLS_ERR_SSL_CONN_EOF -0x7280 /**< The connection indicated an EOF. */
# define MBEDTLS_ERR_SSL_UNKNOWN_CIPHER -0x7300 /**< An unknown cipher was received. */
# define MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN -0x7380 /**< The server has no ciphersuites in common with the client. */
# define MBEDTLS_ERR_SSL_NO_RNG -0x7400 /**< No RNG was provided to the SSL module. */
# define MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE -0x7480 /**< No client certification received from the client, but required by the authentication mode. */
# define MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE -0x7500 /**< Our own certificate(s) is/are too large to send in an SSL message. */
# define MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED -0x7580 /**< The own certificate is not set, but needed by the server. */
# define MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED -0x7600 /**< The own private key or pre-shared key is not set, but needed. */
# define MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED -0x7680 /**< No CA Chain is set, but required to operate. */
# define MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE -0x7700 /**< An unexpected message was received from our peer. */
# define MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE -0x7780 /**< A fatal alert message was received from our peer. */
# define MBEDTLS_ERR_SSL_PEER_VERIFY_FAILED -0x7800 /**< Verification of our peer failed. */
# define MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY -0x7880 /**< The peer notified us that the connection is going to be closed. */
# define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO -0x7900 /**< Processing of the ClientHello handshake message failed. */
# define MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO -0x7980 /**< Processing of the ServerHello handshake message failed. */
# define MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE -0x7A00 /**< Processing of the Certificate handshake message failed. */
# define MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST -0x7A80 /**< Processing of the CertificateRequest handshake message failed. */
# define MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE -0x7B00 /**< Processing of the ServerKeyExchange handshake message failed. */
# define MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO_DONE -0x7B80 /**< Processing of the ServerHelloDone handshake message failed. */
# define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE -0x7C00 /**< Processing of the ClientKeyExchange handshake message failed. */
# define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP -0x7C80 /**< Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Read Public. */
# define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS -0x7D00 /**< Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Calculate Secret. */
# define MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY -0x7D80 /**< Processing of the CertificateVerify handshake message failed. */
# define MBEDTLS_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC -0x7E00 /**< Processing of the ChangeCipherSpec handshake message failed. */
# define MBEDTLS_ERR_SSL_BAD_HS_FINISHED -0x7E80 /**< Processing of the Finished handshake message failed. */
2015-05-28 07:33:39 +00:00
# define MBEDTLS_ERR_SSL_ALLOC_FAILED -0x7F00 /**< Memory allocation failed */
2015-04-08 10:49:31 +00:00
# define MBEDTLS_ERR_SSL_HW_ACCEL_FAILED -0x7F80 /**< Hardware acceleration function returned with error */
# define MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH -0x6F80 /**< Hardware acceleration function skipped / left alone data */
# define MBEDTLS_ERR_SSL_COMPRESSION_FAILED -0x6F00 /**< Processing of the compression / decompression failed */
# define MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION -0x6E80 /**< Handshake protocol not within min/max boundaries */
# define MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET -0x6E00 /**< Processing of the NewSessionTicket handshake message failed. */
# define MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED -0x6D80 /**< Session ticket has expired. */
# define MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH -0x6D00 /**< Public key type mismatch (eg, asked for RSA key exchange and presented EC key) */
# define MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY -0x6C80 /**< Unknown identity received (eg, PSK identity) */
# define MBEDTLS_ERR_SSL_INTERNAL_ERROR -0x6C00 /**< Internal error (eg, unexpected failure in lower-level module) */
# define MBEDTLS_ERR_SSL_COUNTER_WRAPPING -0x6B80 /**< A counter would wrap (eg, too many messages exchanged). */
# define MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO -0x6B00 /**< Unexpected message at ServerHello in renegotiation. */
# define MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED -0x6A80 /**< DTLS client must retry for hello verification */
# define MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL -0x6A00 /**< A buffer is too small to receive or write a message */
# define MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE -0x6980 /**< None of the common ciphersuites is usable (eg, no suitable certificate, see debug messages). */
2015-05-06 15:19:31 +00:00
# define MBEDTLS_ERR_SSL_WANT_READ -0x6900 /**< Connection requires a read call. */
# define MBEDTLS_ERR_SSL_WANT_WRITE -0x6880 /**< Connection requires a write call. */
# define MBEDTLS_ERR_SSL_TIMEOUT -0x6800 /**< The operation timed out. */
2009-01-03 21:22:43 +00:00
/*
* Various constants
*/
2015-04-08 10:49:31 +00:00
# define MBEDTLS_SSL_MAJOR_VERSION_3 3
# define MBEDTLS_SSL_MINOR_VERSION_0 0 /*!< SSL v3.0 */
# define MBEDTLS_SSL_MINOR_VERSION_1 1 /*!< TLS v1.0 */
# define MBEDTLS_SSL_MINOR_VERSION_2 2 /*!< TLS v1.1 */
# define MBEDTLS_SSL_MINOR_VERSION_3 3 /*!< TLS v1.2 */
2009-01-03 21:22:43 +00:00
2015-04-08 10:49:31 +00:00
# define MBEDTLS_SSL_TRANSPORT_STREAM 0 /*!< TLS */
# define MBEDTLS_SSL_TRANSPORT_DATAGRAM 1 /*!< DTLS */
2014-02-06 12:04:16 +00:00
2013-07-18 10:32:27 +00:00
/* RFC 6066 section 4, see also mfl_code_to_length in ssl_tls.c
2013-07-19 10:47:00 +00:00
* NONE must be zero so that memset ( ) ing structure to zero works */
2015-04-08 10:49:31 +00:00
# define MBEDTLS_SSL_MAX_FRAG_LEN_NONE 0 /*!< don't use this extension */
# define MBEDTLS_SSL_MAX_FRAG_LEN_512 1 /*!< MaxFragmentLength 2^9 */
# define MBEDTLS_SSL_MAX_FRAG_LEN_1024 2 /*!< MaxFragmentLength 2^10 */
# define MBEDTLS_SSL_MAX_FRAG_LEN_2048 3 /*!< MaxFragmentLength 2^11 */
# define MBEDTLS_SSL_MAX_FRAG_LEN_4096 4 /*!< MaxFragmentLength 2^12 */
# define MBEDTLS_SSL_MAX_FRAG_LEN_INVALID 5 /*!< first invalid value */
2013-07-16 10:45:26 +00:00
2015-04-08 10:49:31 +00:00
# define MBEDTLS_SSL_IS_CLIENT 0
# define MBEDTLS_SSL_IS_SERVER 1
2014-08-19 09:16:35 +00:00
2015-04-08 10:49:31 +00:00
# define MBEDTLS_SSL_IS_NOT_FALLBACK 0
# define MBEDTLS_SSL_IS_FALLBACK 1
2014-10-20 11:34:59 +00:00
2015-04-08 10:49:31 +00:00
# define MBEDTLS_SSL_EXTENDED_MS_DISABLED 0
# define MBEDTLS_SSL_EXTENDED_MS_ENABLED 1
2014-10-20 16:40:56 +00:00
2015-04-08 10:49:31 +00:00
# define MBEDTLS_SSL_ETM_DISABLED 0
# define MBEDTLS_SSL_ETM_ENABLED 1
2014-10-27 12:57:03 +00:00
2015-04-08 10:49:31 +00:00
# define MBEDTLS_SSL_COMPRESS_NULL 0
# define MBEDTLS_SSL_COMPRESS_DEFLATE 1
2009-01-03 21:22:43 +00:00
2015-04-08 10:49:31 +00:00
# define MBEDTLS_SSL_VERIFY_NONE 0
# define MBEDTLS_SSL_VERIFY_OPTIONAL 1
# define MBEDTLS_SSL_VERIFY_REQUIRED 2
2009-01-03 21:22:43 +00:00
2015-04-08 10:49:31 +00:00
# define MBEDTLS_SSL_LEGACY_RENEGOTIATION 0
# define MBEDTLS_SSL_SECURE_RENEGOTIATION 1
2012-09-16 19:57:18 +00:00
2015-04-08 10:49:31 +00:00
# define MBEDTLS_SSL_RENEGOTIATION_DISABLED 0
# define MBEDTLS_SSL_RENEGOTIATION_ENABLED 1
2012-09-16 19:57:18 +00:00
2015-04-08 10:49:31 +00:00
# define MBEDTLS_SSL_ANTI_REPLAY_DISABLED 0
# define MBEDTLS_SSL_ANTI_REPLAY_ENABLED 1
2014-09-24 12:41:11 +00:00
2015-04-08 10:49:31 +00:00
# define MBEDTLS_SSL_RENEGOTIATION_NOT_ENFORCED -1
# define MBEDTLS_SSL_RENEGO_MAX_RECORDS_DEFAULT 16
2014-07-03 17:29:16 +00:00
2015-04-08 10:49:31 +00:00
# define MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION 0
# define MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION 1
# define MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE 2
2012-09-16 19:57:18 +00:00
2015-04-08 10:49:31 +00:00
# define MBEDTLS_SSL_TRUNC_HMAC_DISABLED 0
# define MBEDTLS_SSL_TRUNC_HMAC_ENABLED 1
# define MBEDTLS_SSL_TRUNCATED_HMAC_LEN 10 /* 80 bits, rfc 6066 section 7 */
2013-07-19 09:08:52 +00:00
2015-04-08 10:49:31 +00:00
# define MBEDTLS_SSL_SESSION_TICKETS_DISABLED 0
# define MBEDTLS_SSL_SESSION_TICKETS_ENABLED 1
2013-08-03 11:02:31 +00:00
2015-05-05 15:34:53 +00:00
# define MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED 0
# define MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED 1
2015-01-07 13:50:54 +00:00
2015-04-08 10:49:31 +00:00
# define MBEDTLS_SSL_ARC4_ENABLED 0
# define MBEDTLS_SSL_ARC4_DISABLED 1
2015-01-12 12:43:29 +00:00
2015-06-17 11:53:47 +00:00
# define MBEDTLS_SSL_PRESET_DEFAULT 0
# define MBEDTLS_SSL_PRESET_SUITEB 2
2014-09-30 20:21:31 +00:00
/*
* Default range for DTLS retransmission timer value , in milliseconds .
* RFC 6347 4.2 .4 .1 says from 1 second to 60 seconds .
*/
2015-04-08 10:49:31 +00:00
# define MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN 1000
# define MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MAX 60000
2014-09-30 20:21:31 +00:00
2014-04-25 09:11:10 +00:00
/**
* \ name SECTION : Module settings
*
* The configuration options you can set for this module are in this section .
* Either change them in config . h or define them on the compiler command line .
* \ {
*/
2015-04-08 10:49:31 +00:00
# if !defined(MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME)
# define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tickets (if enabled) */
2014-04-25 09:11:10 +00:00
# endif
2013-08-14 14:52:14 +00:00
2013-06-24 17:31:17 +00:00
/*
* Size of the input / output buffer .
* Note : the RFC defines the default size of SSL / TLS messages . If you
* change the value here , other clients / servers may not be able to
* communicate with you anymore . Only change this value if you control
2014-06-30 15:27:49 +00:00
* both sides of the connection and have it reduced at both sides , or
* if you ' re using the Max Fragment Length extension and you know all your
* peers are using it too !
2013-06-24 17:31:17 +00:00
*/
2015-04-08 10:49:31 +00:00
# if !defined(MBEDTLS_SSL_MAX_CONTENT_LEN)
# define MBEDTLS_SSL_MAX_CONTENT_LEN 16384 /**< Size of the input / output buffer */
2014-04-25 09:11:10 +00:00
# endif
/* \} name SECTION: Module settings */
2009-01-03 21:22:43 +00:00
2014-11-04 12:05:42 +00:00
/*
* Length of the verify data for secure renegotiation
*/
2015-04-08 10:49:31 +00:00
# if defined(MBEDTLS_SSL_PROTO_SSL3)
# define MBEDTLS_SSL_VERIFY_DATA_MAX_LEN 36
2014-11-04 12:05:42 +00:00
# else
2015-04-08 10:49:31 +00:00
# define MBEDTLS_SSL_VERIFY_DATA_MAX_LEN 12
2014-11-04 12:05:42 +00:00
# endif
2014-06-30 15:27:49 +00:00
/*
* Signaling ciphersuite values ( SCSV )
*/
2015-04-08 10:49:31 +00:00
# define MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO 0xFF /**< renegotiation info ext */
# define MBEDTLS_SSL_FALLBACK_SCSV_VALUE 0x5600 /**< draft-ietf-tls-downgrade-scsv-00 */
2012-09-16 19:57:18 +00:00
2012-04-11 12:09:53 +00:00
/*
* Supported Signature and Hash algorithms ( For TLS 1.2 )
2013-08-17 11:01:41 +00:00
* RFC 5246 section 7.4 .1 .4 .1
2012-04-11 12:09:53 +00:00
*/
2015-04-08 10:49:31 +00:00
# define MBEDTLS_SSL_HASH_NONE 0
# define MBEDTLS_SSL_HASH_MD5 1
# define MBEDTLS_SSL_HASH_SHA1 2
# define MBEDTLS_SSL_HASH_SHA224 3
# define MBEDTLS_SSL_HASH_SHA256 4
# define MBEDTLS_SSL_HASH_SHA384 5
# define MBEDTLS_SSL_HASH_SHA512 6
2012-04-11 12:09:53 +00:00
2015-04-08 10:49:31 +00:00
# define MBEDTLS_SSL_SIG_ANON 0
# define MBEDTLS_SSL_SIG_RSA 1
# define MBEDTLS_SSL_SIG_ECDSA 3
2012-04-11 12:09:53 +00:00
2012-11-23 12:38:07 +00:00
/*
* Client Certificate Types
2013-08-17 11:01:41 +00:00
* RFC 5246 section 7.4 .4 plus RFC 4492 section 5.5
2012-11-23 12:38:07 +00:00
*/
2015-04-08 10:49:31 +00:00
# define MBEDTLS_SSL_CERT_TYPE_RSA_SIGN 1
# define MBEDTLS_SSL_CERT_TYPE_ECDSA_SIGN 64
2012-11-23 12:38:07 +00:00
2009-01-03 21:22:43 +00:00
/*
* Message , alert and handshake types
*/
2015-04-08 10:49:31 +00:00
# define MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC 20
# define MBEDTLS_SSL_MSG_ALERT 21
# define MBEDTLS_SSL_MSG_HANDSHAKE 22
# define MBEDTLS_SSL_MSG_APPLICATION_DATA 23
# define MBEDTLS_SSL_ALERT_LEVEL_WARNING 1
# define MBEDTLS_SSL_ALERT_LEVEL_FATAL 2
# define MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY 0 /* 0x00 */
# define MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE 10 /* 0x0A */
# define MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC 20 /* 0x14 */
# define MBEDTLS_SSL_ALERT_MSG_DECRYPTION_FAILED 21 /* 0x15 */
# define MBEDTLS_SSL_ALERT_MSG_RECORD_OVERFLOW 22 /* 0x16 */
# define MBEDTLS_SSL_ALERT_MSG_DECOMPRESSION_FAILURE 30 /* 0x1E */
# define MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE 40 /* 0x28 */
# define MBEDTLS_SSL_ALERT_MSG_NO_CERT 41 /* 0x29 */
# define MBEDTLS_SSL_ALERT_MSG_BAD_CERT 42 /* 0x2A */
# define MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT 43 /* 0x2B */
# define MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED 44 /* 0x2C */
# define MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED 45 /* 0x2D */
# define MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN 46 /* 0x2E */
# define MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER 47 /* 0x2F */
# define MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA 48 /* 0x30 */
# define MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED 49 /* 0x31 */
# define MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR 50 /* 0x32 */
# define MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR 51 /* 0x33 */
# define MBEDTLS_SSL_ALERT_MSG_EXPORT_RESTRICTION 60 /* 0x3C */
# define MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION 70 /* 0x46 */
# define MBEDTLS_SSL_ALERT_MSG_INSUFFICIENT_SECURITY 71 /* 0x47 */
# define MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR 80 /* 0x50 */
# define MBEDTLS_SSL_ALERT_MSG_INAPROPRIATE_FALLBACK 86 /* 0x56 */
# define MBEDTLS_SSL_ALERT_MSG_USER_CANCELED 90 /* 0x5A */
# define MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION 100 /* 0x64 */
# define MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT 110 /* 0x6E */
# define MBEDTLS_SSL_ALERT_MSG_UNRECOGNIZED_NAME 112 /* 0x70 */
# define MBEDTLS_SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY 115 /* 0x73 */
# define MBEDTLS_SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL 120 /* 0x78 */
# define MBEDTLS_SSL_HS_HELLO_REQUEST 0
# define MBEDTLS_SSL_HS_CLIENT_HELLO 1
# define MBEDTLS_SSL_HS_SERVER_HELLO 2
# define MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST 3
# define MBEDTLS_SSL_HS_NEW_SESSION_TICKET 4
# define MBEDTLS_SSL_HS_CERTIFICATE 11
# define MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE 12
# define MBEDTLS_SSL_HS_CERTIFICATE_REQUEST 13
# define MBEDTLS_SSL_HS_SERVER_HELLO_DONE 14
# define MBEDTLS_SSL_HS_CERTIFICATE_VERIFY 15
# define MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE 16
# define MBEDTLS_SSL_HS_FINISHED 20
2009-01-03 21:22:43 +00:00
/*
* TLS extensions
*/
2015-04-08 10:49:31 +00:00
# define MBEDTLS_TLS_EXT_SERVERNAME 0
# define MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME 0
2013-03-20 13:39:14 +00:00
2015-04-08 10:49:31 +00:00
# define MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH 1
2013-07-17 08:25:37 +00:00
2015-04-08 10:49:31 +00:00
# define MBEDTLS_TLS_EXT_TRUNCATED_HMAC 4
2013-07-19 09:41:43 +00:00
2015-04-08 10:49:31 +00:00
# define MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES 10
# define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS 11
2009-01-03 21:22:43 +00:00
2015-04-08 10:49:31 +00:00
# define MBEDTLS_TLS_EXT_SIG_ALG 13
2012-04-11 16:11:49 +00:00
2015-04-08 10:49:31 +00:00
# define MBEDTLS_TLS_EXT_ALPN 16
2014-04-07 08:57:45 +00:00
2015-04-08 10:49:31 +00:00
# define MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC 22 /* 0x16 */
# define MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET 0x0017 /* 23 */
2014-10-20 16:40:56 +00:00
2015-04-08 10:49:31 +00:00
# define MBEDTLS_TLS_EXT_SESSION_TICKET 35
2013-08-02 12:44:54 +00:00
2015-04-08 10:49:31 +00:00
# define MBEDTLS_TLS_EXT_RENEGOTIATION_INFO 0xFF01
2012-09-16 19:57:18 +00:00
2013-04-18 20:46:23 +00:00
/*
* Size defines
*/
2015-04-08 10:49:31 +00:00
# if !defined(MBEDTLS_PSK_MAX_LEN)
# define MBEDTLS_PSK_MAX_LEN 32 /* 256 bits */
2014-07-03 14:12:50 +00:00
# endif
/* Dummy type used only for its size */
2015-05-27 18:27:06 +00:00
union mbedtls_ssl_premaster_secret
2014-07-03 14:12:50 +00:00
{
2015-04-08 10:49:31 +00:00
# if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
2014-07-03 14:12:50 +00:00
unsigned char _pms_rsa [ 48 ] ; /* RFC 5246 8.1.1 */
# endif
2015-04-08 10:49:31 +00:00
# if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
unsigned char _pms_dhm [ MBEDTLS_MPI_MAX_SIZE ] ; /* RFC 5246 8.1.2 */
2014-07-03 14:12:50 +00:00
# endif
2015-04-08 10:49:31 +00:00
# if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
defined ( MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ) | | \
defined ( MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED ) | | \
defined ( MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED )
unsigned char _pms_ecdh [ MBEDTLS_ECP_MAX_BYTES ] ; /* RFC 4492 5.10 */
2013-04-18 20:46:23 +00:00
# endif
2015-04-08 10:49:31 +00:00
# if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
unsigned char _pms_psk [ 4 + 2 * MBEDTLS_PSK_MAX_LEN ] ; /* RFC 4279 2 */
2014-07-03 14:12:50 +00:00
# endif
2015-04-08 10:49:31 +00:00
# if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
unsigned char _pms_dhe_psk [ 4 + MBEDTLS_MPI_MAX_SIZE
+ MBEDTLS_PSK_MAX_LEN ] ; /* RFC 4279 3 */
2014-07-03 14:12:50 +00:00
# endif
2015-04-08 10:49:31 +00:00
# if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
unsigned char _pms_rsa_psk [ 52 + MBEDTLS_PSK_MAX_LEN ] ; /* RFC 4279 4 */
2014-07-03 14:12:50 +00:00
# endif
2015-04-08 10:49:31 +00:00
# if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
unsigned char _pms_ecdhe_psk [ 4 + MBEDTLS_ECP_MAX_BYTES
+ MBEDTLS_PSK_MAX_LEN ] ; /* RFC 5489 2 */
2014-07-03 14:12:50 +00:00
# endif
} ;
2015-05-27 18:27:06 +00:00
# define MBEDTLS_PREMASTER_SIZE sizeof( union mbedtls_ssl_premaster_secret )
2013-04-18 20:46:23 +00:00
2013-06-27 12:29:21 +00:00
# ifdef __cplusplus
extern " C " {
# endif
2009-01-03 21:22:43 +00:00
/*
* SSL state machine
*/
typedef enum
{
2015-04-08 10:49:31 +00:00
MBEDTLS_SSL_HELLO_REQUEST ,
MBEDTLS_SSL_CLIENT_HELLO ,
MBEDTLS_SSL_SERVER_HELLO ,
MBEDTLS_SSL_SERVER_CERTIFICATE ,
MBEDTLS_SSL_SERVER_KEY_EXCHANGE ,
MBEDTLS_SSL_CERTIFICATE_REQUEST ,
MBEDTLS_SSL_SERVER_HELLO_DONE ,
MBEDTLS_SSL_CLIENT_CERTIFICATE ,
MBEDTLS_SSL_CLIENT_KEY_EXCHANGE ,
MBEDTLS_SSL_CERTIFICATE_VERIFY ,
MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC ,
MBEDTLS_SSL_CLIENT_FINISHED ,
MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC ,
MBEDTLS_SSL_SERVER_FINISHED ,
MBEDTLS_SSL_FLUSH_BUFFERS ,
MBEDTLS_SSL_HANDSHAKE_WRAPUP ,
MBEDTLS_SSL_HANDSHAKE_OVER ,
MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET ,
MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT ,
2009-01-03 21:22:43 +00:00
}
2015-04-08 10:49:31 +00:00
mbedtls_ssl_states ;
2009-01-03 21:22:43 +00:00
2015-05-26 10:11:48 +00:00
/* Defined below */
2015-04-08 10:49:31 +00:00
typedef struct mbedtls_ssl_session mbedtls_ssl_session ;
typedef struct mbedtls_ssl_context mbedtls_ssl_context ;
2015-05-26 10:11:48 +00:00
typedef struct mbedtls_ssl_config mbedtls_ssl_config ;
/* Defined in ssl_internal.h */
2015-04-08 10:49:31 +00:00
typedef struct mbedtls_ssl_transform mbedtls_ssl_transform ;
typedef struct mbedtls_ssl_handshake_params mbedtls_ssl_handshake_params ;
# if defined(MBEDTLS_X509_CRT_PARSE_C)
typedef struct mbedtls_ssl_key_cert mbedtls_ssl_key_cert ;
2013-09-23 12:46:13 +00:00
# endif
2015-04-08 10:49:31 +00:00
# if defined(MBEDTLS_SSL_PROTO_DTLS)
typedef struct mbedtls_ssl_flight_item mbedtls_ssl_flight_item ;
2014-09-19 09:18:57 +00:00
# endif
2009-01-03 21:22:43 +00:00
/*
2012-09-25 21:55:46 +00:00
* This structure is used for storing current session data .
2009-01-03 21:22:43 +00:00
*/
2015-04-08 10:49:31 +00:00
struct mbedtls_ssl_session
2009-01-03 21:22:43 +00:00
{
2015-04-08 10:49:31 +00:00
# if defined(MBEDTLS_HAVE_TIME)
2009-01-03 21:22:43 +00:00
time_t start ; /*!< starting time */
2013-07-03 13:31:03 +00:00
# endif
2011-01-27 17:40:50 +00:00
int ciphersuite ; /*!< chosen ciphersuite */
2012-07-03 13:30:23 +00:00
int compression ; /*!< chosen compression */
2011-04-24 08:57:21 +00:00
size_t length ; /*!< session id length */
2009-01-03 21:22:43 +00:00
unsigned char id [ 32 ] ; /*!< session identifier */
unsigned char master [ 48 ] ; /*!< the master secret */
2013-04-18 20:46:23 +00:00
2015-04-08 10:49:31 +00:00
# if defined(MBEDTLS_X509_CRT_PARSE_C)
mbedtls_x509_crt * peer_cert ; /*!< peer X.509 cert chain */
# endif /* MBEDTLS_X509_CRT_PARSE_C */
2015-05-11 17:54:43 +00:00
uint32_t verify_result ; /*!< verification result */
2013-07-18 12:07:09 +00:00
2015-05-20 08:45:29 +00:00
# if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
2013-08-02 12:44:04 +00:00
unsigned char * ticket ; /*!< RFC 5077 session ticket */
size_t ticket_len ; /*!< session ticket length */
2013-07-31 10:58:16 +00:00
uint32_t ticket_lifetime ; /*!< ticket lifetime hint */
2015-05-20 08:45:29 +00:00
# endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
2013-08-02 12:44:04 +00:00
2015-04-08 10:49:31 +00:00
# if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
2013-07-18 12:07:09 +00:00
unsigned char mfl_code ; /*!< MaxFragmentLength negotiated by peer */
2015-04-08 10:49:31 +00:00
# endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
2013-08-15 11:33:48 +00:00
2015-04-08 10:49:31 +00:00
# if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
2013-07-19 09:41:43 +00:00
int trunc_hmac ; /*!< flag for truncated hmac activation */
2015-04-08 10:49:31 +00:00
# endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
2014-10-27 12:57:03 +00:00
2015-04-08 10:49:31 +00:00
# if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
2014-10-27 12:57:03 +00:00
int encrypt_then_mac ; /*!< flag for EtM activation */
# endif
2009-01-03 21:22:43 +00:00
} ;
2015-04-30 16:03:08 +00:00
/**
2015-05-11 07:50:24 +00:00
* SSL / TLS configuration to be shared between mbedtls_ssl_context structures .
2015-04-30 16:03:08 +00:00
*/
2015-05-26 10:11:48 +00:00
struct mbedtls_ssl_config
2015-04-30 16:03:08 +00:00
{
/* Group items by size (largest first) to minimize padding overhead */
/*
* Pointers
*/
2015-05-07 11:35:38 +00:00
const int * ciphersuite_list [ 4 ] ; /*!< allowed ciphersuites per version */
2015-04-30 16:03:08 +00:00
/** Callback for printing debug output */
void ( * f_dbg ) ( void * , int , const char * ) ;
void * p_dbg ; /*!< context for the debug function */
2015-05-07 11:35:38 +00:00
/** Callback for getting (pseudo-)random numbers */
int ( * f_rng ) ( void * , unsigned char * , size_t ) ;
void * p_rng ; /*!< context for the RNG function */
2015-04-30 16:03:08 +00:00
/** Callback to retrieve a session from the cache */
int ( * f_get_cache ) ( void * , mbedtls_ssl_session * ) ;
/** Callback to store a session into the cache */
int ( * f_set_cache ) ( void * , const mbedtls_ssl_session * ) ;
2015-05-06 17:06:26 +00:00
void * p_cache ; /*!< context for cache callbacks */
2015-04-30 16:03:08 +00:00
# if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
/** Callback for setting cert according to SNI extension */
int ( * f_sni ) ( void * , mbedtls_ssl_context * , const unsigned char * , size_t ) ;
void * p_sni ; /*!< context for SNI callback */
# endif
# if defined(MBEDTLS_X509_CRT_PARSE_C)
/** Callback to customize X.509 certificate chain verification */
2015-05-11 17:54:43 +00:00
int ( * f_vrfy ) ( void * , mbedtls_x509_crt * , int , uint32_t * ) ;
2015-04-30 16:03:08 +00:00
void * p_vrfy ; /*!< context for X.509 verify calllback */
# endif
# if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
/** Callback to retrieve PSK key from identity */
int ( * f_psk ) ( void * , mbedtls_ssl_context * , const unsigned char * , size_t ) ;
void * p_psk ; /*!< context for PSK callback */
# endif
2015-05-20 08:59:43 +00:00
# if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
2015-04-30 16:03:08 +00:00
/** Callback to create & write a cookie for ClientHello veirifcation */
int ( * f_cookie_write ) ( void * , unsigned char * * , unsigned char * ,
const unsigned char * , size_t ) ;
/** Callback to verify validity of a ClientHello cookie */
int ( * f_cookie_check ) ( void * , const unsigned char * , size_t ,
const unsigned char * , size_t ) ;
2015-05-07 11:35:38 +00:00
void * p_cookie ; /*!< context for the cookie callbacks */
2015-04-30 16:03:08 +00:00
# endif
2015-05-20 08:45:29 +00:00
# if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_SRV_C)
2015-05-19 13:28:00 +00:00
/** Callback to create & write a session ticket */
int ( * f_ticket_write ) ( void * , const mbedtls_ssl_session * ,
unsigned char * , const unsigned char * , size_t * , uint32_t * ) ;
/** Callback to parse a session ticket into a session structure */
int ( * f_ticket_parse ) ( void * , mbedtls_ssl_session * , unsigned char * , size_t ) ;
void * p_ticket ; /*!< context for the ticket callbacks */
2015-05-20 08:45:29 +00:00
# endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_SRV_C */
2015-05-19 13:28:00 +00:00
2015-04-30 16:03:08 +00:00
# if defined(MBEDTLS_X509_CRT_PARSE_C)
2015-06-17 10:43:26 +00:00
const mbedtls_x509_crt_profile * cert_profile ; /*!< verification profile */
2015-04-30 16:03:08 +00:00
mbedtls_ssl_key_cert * key_cert ; /*!< own certificate/key pair(s) */
mbedtls_x509_crt * ca_chain ; /*!< trusted CAs */
mbedtls_x509_crl * ca_crl ; /*!< trusted CAs CRLs */
# endif /* MBEDTLS_X509_CRT_PARSE_C */
2015-06-17 10:43:26 +00:00
# if defined(MBEDTLS_KEY_EXCHANGE__SOME__SIGNATURE_ENABLED)
const int * sig_hashes ; /*!< allowed signature hashes */
# endif
2015-06-17 09:43:30 +00:00
# if defined(MBEDTLS_ECP_C)
2015-05-07 11:35:38 +00:00
const mbedtls_ecp_group_id * curve_list ; /*!< allowed curves */
2015-04-30 16:03:08 +00:00
# endif
# if defined(MBEDTLS_DHM_C)
mbedtls_mpi dhm_P ; /*!< prime modulus for DHM */
mbedtls_mpi dhm_G ; /*!< generator for DHM */
# endif
# if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
unsigned char * psk ; /*!< pre-shared key */
size_t psk_len ; /*!< length of the pre-shared key */
unsigned char * psk_identity ; /*!< identity for PSK negotiation */
size_t psk_identity_len ; /*!< length of identity */
# endif
# if defined(MBEDTLS_SSL_ALPN)
const char * * alpn_list ; /*!< ordered list of protocols */
# endif
/*
* Numerical settings ( int then char )
*/
2015-05-04 08:55:58 +00:00
uint32_t read_timeout ; /*!< timeout for mbedtls_ssl_read (ms) */
2015-04-30 16:03:08 +00:00
# if defined(MBEDTLS_SSL_PROTO_DTLS)
uint32_t hs_timeout_min ; /*!< initial value of the handshake
2015-05-04 08:55:58 +00:00
retransmission timeout ( ms ) */
2015-04-30 16:03:08 +00:00
uint32_t hs_timeout_max ; /*!< maximum value of the handshake
2015-05-04 08:55:58 +00:00
retransmission timeout ( ms ) */
2015-04-30 16:03:08 +00:00
# endif
# if defined(MBEDTLS_SSL_RENEGOTIATION)
int renego_max_records ; /*!< grace period for renegotiation */
unsigned char renego_period [ 8 ] ; /*!< value of the record counters
that triggers renegotiation */
# endif
# if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
unsigned int badmac_limit ; /*!< limit of records with a bad MAC */
# endif
2015-06-11 12:49:42 +00:00
# if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
unsigned int dhm_min_bitlen ; /*!< min. bit length of the DHM prime */
# endif
2015-04-30 16:03:08 +00:00
unsigned char max_major_ver ; /*!< max. major version used */
unsigned char max_minor_ver ; /*!< max. minor version used */
unsigned char min_major_ver ; /*!< min. major version used */
unsigned char min_minor_ver ; /*!< min. minor version used */
/*
* Flags ( bitfields )
*/
unsigned int endpoint : 1 ; /*!< 0: client, 1: server */
unsigned int transport : 1 ; /*!< stream (TLS) or datagram (DTLS) */
unsigned int authmode : 2 ; /*!< MBEDTLS_SSL_VERIFY_XXX */
/* needed even with renego disabled for LEGACY_BREAK_HANDSHAKE */
unsigned int allow_legacy_renegotiation : 2 ; /*!< MBEDTLS_LEGACY_XXX */
2015-05-14 10:28:21 +00:00
# if defined(MBEDTLS_ARC4_C)
unsigned int arc4_disabled : 1 ; /*!< blacklist RC4 ciphersuites? */
# endif
2015-05-06 08:33:13 +00:00
# if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
unsigned int mfl_code : 3 ; /*!< desired fragment length */
# endif
2015-04-30 16:03:08 +00:00
# if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
unsigned int encrypt_then_mac : 1 ; /*!< negotiate encrypt-then-mac? */
# endif
# if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
unsigned int extended_ms : 1 ; /*!< negotiate extended master secret? */
# endif
# if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
unsigned int anti_replay : 1 ; /*!< detect and prevent replay? */
# endif
# if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
unsigned int cbc_record_splitting : 1 ; /*!< do cbc record splitting */
# endif
# if defined(MBEDTLS_SSL_RENEGOTIATION)
unsigned int disable_renegotiation : 1 ; /*!< disable renegotiation? */
# endif
# if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
unsigned int trunc_hmac : 1 ; /*!< negotiate truncated hmac? */
# endif
# if defined(MBEDTLS_SSL_SESSION_TICKETS)
unsigned int session_tickets : 1 ; /*!< use session tickets? */
# endif
2015-05-06 08:27:31 +00:00
# if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C)
unsigned int fallback : 1 ; /*!< is this a fallback? */
# endif
2015-05-26 10:11:48 +00:00
} ;
2015-04-30 16:03:08 +00:00
2015-04-08 10:49:31 +00:00
struct mbedtls_ssl_context
2009-01-03 21:22:43 +00:00
{
2015-05-10 21:27:38 +00:00
const mbedtls_ssl_config * conf ; /*!< configuration information */
2015-05-04 08:55:58 +00:00
2009-01-03 21:22:43 +00:00
/*
* Miscellaneous
*/
int state ; /*!< SSL handshake: current state */
2015-04-08 10:49:31 +00:00
# if defined(MBEDTLS_SSL_RENEGOTIATION)
2015-03-19 16:15:20 +00:00
int renego_status ; /*!< Initial, in progress, pending? */
2014-10-15 13:07:45 +00:00
int renego_records_seen ; /*!< Records since renego request, or with DTLS,
number of retransmissions of request if
renego_max_records is < 0 */
2014-11-03 07:23:14 +00:00
# endif
2009-01-03 21:22:43 +00:00
2015-04-08 10:49:31 +00:00
int major_ver ; /*!< equal to MBEDTLS_SSL_MAJOR_VERSION_3 */
2009-01-03 21:22:43 +00:00
int minor_ver ; /*!< either 0 (SSL3) or 1 (TLS1.0) */
2015-04-08 10:49:31 +00:00
# if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
2014-10-14 16:30:36 +00:00
unsigned badmac_seen ; /*!< records with a bad MAC received */
# endif
2009-01-03 21:22:43 +00:00
/*
2015-05-04 08:55:58 +00:00
* Callbacks
2009-01-03 21:22:43 +00:00
*/
2011-06-21 07:36:43 +00:00
int ( * f_send ) ( void * , const unsigned char * , size_t ) ;
2014-09-17 08:47:43 +00:00
int ( * f_recv ) ( void * , unsigned char * , size_t ) ;
2014-10-01 13:01:39 +00:00
int ( * f_recv_timeout ) ( void * , unsigned char * , size_t , uint32_t ) ;
2014-09-17 09:34:57 +00:00
void * p_bio ; /*!< context for I/O operations */
2013-09-18 15:29:31 +00:00
2009-01-03 21:22:43 +00:00
/*
* Session layer
*/
2015-04-08 10:49:31 +00:00
mbedtls_ssl_session * session_in ; /*!< current session data (in) */
mbedtls_ssl_session * session_out ; /*!< current session data (out) */
mbedtls_ssl_session * session ; /*!< negotiated session data */
mbedtls_ssl_session * session_negotiate ; /*!< session data in negotiation */
2009-01-03 21:22:43 +00:00
2015-04-08 10:49:31 +00:00
mbedtls_ssl_handshake_params * handshake ; /*!< params required only during
2012-09-16 19:57:18 +00:00
the handshake process */
/*
* Record layer transformations
*/
2015-04-08 10:49:31 +00:00
mbedtls_ssl_transform * transform_in ; /*!< current transform params (in) */
mbedtls_ssl_transform * transform_out ; /*!< current transform params (in) */
mbedtls_ssl_transform * transform ; /*!< negotiated transform params */
mbedtls_ssl_transform * transform_negotiate ; /*!< transform params in negotiation */
2012-09-16 19:57:18 +00:00
2014-09-29 12:04:42 +00:00
/*
2014-10-14 18:03:35 +00:00
* Timers
2014-09-29 12:04:42 +00:00
*/
2015-05-12 18:55:41 +00:00
void * p_timer ; /*!< context for the timer callbacks */
void ( * f_set_timer ) ( void * , uint32_t , uint32_t ) ; /*!< set timer callback */
int ( * f_get_timer ) ( void * ) ; /*!< get timer callback */
2014-10-01 10:03:55 +00:00
2009-01-03 21:22:43 +00:00
/*
* Record layer ( incoming data )
*/
2014-02-13 09:54:07 +00:00
unsigned char * in_buf ; /*!< input buffer */
2014-09-24 11:56:09 +00:00
unsigned char * in_ctr ; /*!< 64-bit incoming message counter
TLS : maintained by us
DTLS : read from peer */
2014-02-13 09:54:07 +00:00
unsigned char * in_hdr ; /*!< start of record header */
unsigned char * in_len ; /*!< two-bytes message length field */
unsigned char * in_iv ; /*!< ivlen-byte IV */
2013-01-02 16:30:03 +00:00
unsigned char * in_msg ; /*!< message contents (in_iv+ivlen) */
2009-01-03 21:22:43 +00:00
unsigned char * in_offt ; /*!< read offset in application data */
int in_msgtype ; /*!< record header: message type */
2011-04-24 08:57:21 +00:00
size_t in_msglen ; /*!< record header: message length */
size_t in_left ; /*!< amount of data read so far */
2015-04-08 10:49:31 +00:00
# if defined(MBEDTLS_SSL_PROTO_DTLS)
2014-09-24 11:56:09 +00:00
uint16_t in_epoch ; /*!< DTLS epoch for incoming records */
2014-09-02 11:39:16 +00:00
size_t next_record_offset ; /*!< offset of the next record in datagram
( equal to in_left if none ) */
2014-07-10 15:54:52 +00:00
# endif
2015-04-08 10:49:31 +00:00
# if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
2014-09-24 08:52:58 +00:00
uint64_t in_window_top ; /*!< last validated record seq_num */
uint64_t in_window ; /*!< bitmask for replay detection */
# endif
2009-01-03 21:22:43 +00:00
2014-09-03 09:01:14 +00:00
size_t in_hslen ; /*!< current handshake message length,
including the handshake header */
2009-01-03 21:22:43 +00:00
int nb_zero ; /*!< # of 0-length encrypted messages */
2013-04-16 16:05:29 +00:00
int record_read ; /*!< record is already present */
2009-01-03 21:22:43 +00:00
/*
* Record layer ( outgoing data )
*/
2014-02-13 09:54:07 +00:00
unsigned char * out_buf ; /*!< output buffer */
2009-01-03 21:22:43 +00:00
unsigned char * out_ctr ; /*!< 64-bit outgoing message counter */
2014-02-13 09:54:07 +00:00
unsigned char * out_hdr ; /*!< start of record header */
unsigned char * out_len ; /*!< two-bytes message length field */
unsigned char * out_iv ; /*!< ivlen-byte IV */
2013-01-02 16:30:03 +00:00
unsigned char * out_msg ; /*!< message contents (out_iv+ivlen) */
2009-01-03 21:22:43 +00:00
int out_msgtype ; /*!< record header: message type */
2011-04-24 08:57:21 +00:00
size_t out_msglen ; /*!< record header: message length */
size_t out_left ; /*!< amount of data not yet written */
2009-01-03 21:22:43 +00:00
2015-04-08 10:49:31 +00:00
# if defined(MBEDTLS_ZLIB_SUPPORT)
2013-10-11 07:59:44 +00:00
unsigned char * compress_buf ; /*!< zlib data buffer */
# endif
2015-04-08 10:49:31 +00:00
# if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
2015-05-05 15:34:53 +00:00
signed char split_done ; /*!< current record already splitted? */
2015-01-07 11:39:44 +00:00
# endif
2013-07-16 10:45:26 +00:00
2009-01-03 21:22:43 +00:00
/*
* PKI layer
*/
int client_auth ; /*!< flag for client auth. */
2013-04-16 16:05:29 +00:00
/*
2015-05-04 08:55:58 +00:00
* User settings
2013-04-16 16:05:29 +00:00
*/
2015-05-06 10:14:19 +00:00
# if defined(MBEDTLS_X509_CRT_PARSE_C)
char * hostname ; /*!< expected peer CN for verification
( and SNI if available ) */
2013-08-27 19:55:01 +00:00
# endif
2012-09-16 19:57:18 +00:00
2015-04-08 10:49:31 +00:00
# if defined(MBEDTLS_SSL_ALPN)
2014-04-04 14:08:41 +00:00
const char * alpn_chosen ; /*!< negotiated protocol */
# endif
2014-07-22 15:32:01 +00:00
/*
2014-07-23 12:56:15 +00:00
* Information for DTLS hello verify
2014-07-22 15:32:01 +00:00
*/
2015-05-20 08:59:43 +00:00
# if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
2014-07-22 15:32:01 +00:00
unsigned char * cli_id ; /*!< transport-level ID of the client */
size_t cli_id_len ; /*!< length of cli_id */
# endif
2012-09-16 19:57:18 +00:00
/*
* Secure renegotiation
*/
2015-03-10 13:20:49 +00:00
/* needed to know when to send extension on server */
2012-09-16 19:57:18 +00:00
int secure_renegotiation ; /*!< does peer support legacy or
secure renegotiation */
2015-04-08 10:49:31 +00:00
# if defined(MBEDTLS_SSL_RENEGOTIATION)
2012-09-16 19:57:18 +00:00
size_t verify_data_len ; /*!< length of verify data stored */
2015-04-08 10:49:31 +00:00
char own_verify_data [ MBEDTLS_SSL_VERIFY_DATA_MAX_LEN ] ; /*!< previous handshake verify data */
char peer_verify_data [ MBEDTLS_SSL_VERIFY_DATA_MAX_LEN ] ; /*!< previous handshake verify data */
2014-11-03 07:23:14 +00:00
# endif
2009-01-03 21:22:43 +00:00
} ;
2015-04-08 10:49:31 +00:00
# if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
2012-12-19 13:42:06 +00:00
2015-04-08 10:49:31 +00:00
# define MBEDTLS_SSL_CHANNEL_OUTBOUND 0
# define MBEDTLS_SSL_CHANNEL_INBOUND 1
2012-12-19 13:42:06 +00:00
2015-04-08 10:49:31 +00:00
extern int ( * mbedtls_ssl_hw_record_init ) ( mbedtls_ssl_context * ssl ,
2012-05-08 09:17:57 +00:00
const unsigned char * key_enc , const unsigned char * key_dec ,
2012-12-19 13:42:06 +00:00
size_t keylen ,
2012-05-08 09:17:57 +00:00
const unsigned char * iv_enc , const unsigned char * iv_dec ,
2012-12-19 13:42:06 +00:00
size_t ivlen ,
const unsigned char * mac_enc , const unsigned char * mac_dec ,
size_t maclen ) ;
2015-04-08 10:49:31 +00:00
extern int ( * mbedtls_ssl_hw_record_activate ) ( mbedtls_ssl_context * ssl , int direction ) ;
extern int ( * mbedtls_ssl_hw_record_reset ) ( mbedtls_ssl_context * ssl ) ;
extern int ( * mbedtls_ssl_hw_record_write ) ( mbedtls_ssl_context * ssl ) ;
extern int ( * mbedtls_ssl_hw_record_read ) ( mbedtls_ssl_context * ssl ) ;
extern int ( * mbedtls_ssl_hw_record_finish ) ( mbedtls_ssl_context * ssl ) ;
# endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */
2012-05-08 09:17:57 +00:00
2011-01-16 21:27:44 +00:00
/**
2011-01-27 17:40:50 +00:00
* \ brief Returns the list of ciphersuites supported by the SSL / TLS module .
2011-01-16 21:27:44 +00:00
*
2011-01-27 17:40:50 +00:00
* \ return a statically allocated array of ciphersuites , the last
* entry is 0.
2011-01-16 21:27:44 +00:00
*/
2015-04-08 10:49:31 +00:00
const int * mbedtls_ssl_list_ciphersuites ( void ) ;
2011-01-16 21:27:44 +00:00
/**
2014-05-01 12:18:25 +00:00
* \ brief Return the name of the ciphersuite associated with the
* given ID
2011-01-16 21:27:44 +00:00
*
2011-01-27 17:40:50 +00:00
* \ param ciphersuite_id SSL ciphersuite ID
2011-01-16 21:27:44 +00:00
*
2011-01-27 17:40:50 +00:00
* \ return a string containing the ciphersuite name
2011-01-16 21:27:44 +00:00
*/
2015-04-08 10:49:31 +00:00
const char * mbedtls_ssl_get_ciphersuite_name ( const int ciphersuite_id ) ;
2011-01-27 17:40:50 +00:00
/**
2014-05-01 12:18:25 +00:00
* \ brief Return the ID of the ciphersuite associated with the
* given name
2011-01-27 17:40:50 +00:00
*
* \ param ciphersuite_name SSL ciphersuite name
*
* \ return the ID with the ciphersuite or 0 if not found
*/
2015-04-08 10:49:31 +00:00
int mbedtls_ssl_get_ciphersuite_id ( const char * ciphersuite_name ) ;
2011-01-16 21:27:44 +00:00
2009-01-03 21:22:43 +00:00
/**
* \ brief Initialize an SSL context
2015-04-28 22:48:22 +00:00
* Just makes the context ready for mbetls_ssl_setup ( ) or
* mbedtls_ssl_free ( )
*
* \ param ssl SSL context
*/
void mbedtls_ssl_init ( mbedtls_ssl_context * ssl ) ;
/**
* \ brief Set up an SSL context for use
2009-01-03 21:22:43 +00:00
*
2015-05-11 09:25:46 +00:00
* \ note No copy of the configuration context is made , it can be
2015-05-14 11:55:51 +00:00
* shared by many mbedtls_ssl_context structures .
2015-05-11 09:25:46 +00:00
*
* \ warning Modifying the conf structure after is has been used in this
* function is unsupported !
*
2009-01-03 21:22:43 +00:00
* \ param ssl SSL context
2015-05-04 12:56:36 +00:00
* \ param conf SSL configuration to use
2009-01-03 21:22:43 +00:00
*
2015-05-28 07:33:39 +00:00
* \ return 0 if successful , or MBEDTLS_ERR_SSL_ALLOC_FAILED if
2011-12-10 21:55:01 +00:00
* memory allocation failed
2009-01-03 21:22:43 +00:00
*/
2015-05-04 12:56:36 +00:00
int mbedtls_ssl_setup ( mbedtls_ssl_context * ssl ,
2015-05-10 21:27:38 +00:00
const mbedtls_ssl_config * conf ) ;
2009-01-03 21:22:43 +00:00
2011-10-06 12:37:39 +00:00
/**
* \ brief Reset an already initialized SSL context for re - use
* while retaining application - set variables , function
* pointers and data .
*
* \ param ssl SSL context
2012-09-16 19:57:18 +00:00
* \ return 0 if successful , or POLASSL_ERR_SSL_MALLOC_FAILED ,
2015-04-08 10:49:31 +00:00
MBEDTLS_ERR_SSL_HW_ACCEL_FAILED or
* MBEDTLS_ERR_SSL_COMPRESSION_FAILED
2011-10-06 12:37:39 +00:00
*/
2015-04-08 10:49:31 +00:00
int mbedtls_ssl_session_reset ( mbedtls_ssl_context * ssl ) ;
2011-10-06 12:37:39 +00:00
2009-01-03 21:22:43 +00:00
/**
* \ brief Set the current endpoint type
*
2015-05-05 08:45:39 +00:00
* \ param conf SSL configuration
2015-04-08 10:49:31 +00:00
* \ param endpoint must be MBEDTLS_SSL_IS_CLIENT or MBEDTLS_SSL_IS_SERVER
2009-01-03 21:22:43 +00:00
*/
2015-05-11 07:50:24 +00:00
void mbedtls_ssl_conf_endpoint ( mbedtls_ssl_config * conf , int endpoint ) ;
2009-01-03 21:22:43 +00:00
2014-02-06 12:04:16 +00:00
/**
2014-09-17 08:47:43 +00:00
* \ brief Set the transport type ( TLS or DTLS ) .
* Default : TLS
2014-02-06 12:04:16 +00:00
*
2015-05-11 08:11:56 +00:00
* \ note For DTLS , you must either provide a recv callback that
* doesn ' t block , or one that handles timeouts , see
2015-05-13 08:21:19 +00:00
* \ c mbedtls_ssl_set_bio ( ) . You also need to provide timer
* callbacks with \ c mbedtls_ssl_set_timer_cb ( ) .
2015-05-11 08:11:56 +00:00
*
2015-05-05 08:45:39 +00:00
* \ param conf SSL configuration
2014-02-06 12:04:16 +00:00
* \ param transport transport type :
2015-04-08 10:49:31 +00:00
* MBEDTLS_SSL_TRANSPORT_STREAM for TLS ,
* MBEDTLS_SSL_TRANSPORT_DATAGRAM for DTLS .
2014-02-06 12:04:16 +00:00
*/
2015-05-11 08:11:56 +00:00
void mbedtls_ssl_conf_transport ( mbedtls_ssl_config * conf , int transport ) ;
2014-02-06 12:04:16 +00:00
2009-01-03 21:22:43 +00:00
/**
* \ brief Set the certificate verification mode
2015-05-05 08:45:39 +00:00
* Default : NONE on server , REQUIRED on client
2009-01-03 21:22:43 +00:00
*
2015-05-05 08:45:39 +00:00
* \ param conf SSL configuration
2011-01-06 12:28:03 +00:00
* \ param authmode can be :
2009-01-03 21:22:43 +00:00
*
2015-04-08 10:49:31 +00:00
* MBEDTLS_SSL_VERIFY_NONE : peer certificate is not checked
2015-03-27 16:52:25 +00:00
* ( default on server )
* ( insecure on client )
2009-01-03 21:22:43 +00:00
*
2015-04-08 10:49:31 +00:00
* MBEDTLS_SSL_VERIFY_OPTIONAL : peer certificate is checked , however the
2009-01-03 21:22:43 +00:00
* handshake continues even if verification failed ;
2015-04-08 10:49:31 +00:00
* mbedtls_ssl_get_verify_result ( ) can be called after the
2009-01-03 21:22:43 +00:00
* handshake is complete .
*
2015-04-08 10:49:31 +00:00
* MBEDTLS_SSL_VERIFY_REQUIRED : peer * must * present a valid certificate ,
2009-01-03 21:22:43 +00:00
* handshake is aborted if verification failed .
2014-03-11 09:50:48 +00:00
*
2015-04-08 10:49:31 +00:00
* \ note On client , MBEDTLS_SSL_VERIFY_REQUIRED is the recommended mode .
* With MBEDTLS_SSL_VERIFY_OPTIONAL , the user needs to call mbedtls_ssl_get_verify_result ( ) at
2014-03-11 09:50:48 +00:00
* the right time ( s ) , which may not be obvious , while REQUIRED always perform
* the verification as soon as possible . For example , REQUIRED was protecting
* against the " triple handshake " attack even before it was found .
2009-01-03 21:22:43 +00:00
*/
2015-05-11 07:50:24 +00:00
void mbedtls_ssl_conf_authmode ( mbedtls_ssl_config * conf , int authmode ) ;
2009-01-03 21:22:43 +00:00
2015-04-08 10:49:31 +00:00
# if defined(MBEDTLS_X509_CRT_PARSE_C)
2011-01-13 17:54:59 +00:00
/**
* \ brief Set the verification callback ( Optional ) .
*
2012-09-28 07:10:55 +00:00
* If set , the verify callback is called for each
* certificate in the chain . For implementation
* information , please see \ c x509parse_verify ( )
2011-01-13 17:54:59 +00:00
*
2015-05-05 08:45:39 +00:00
* \ param conf SSL configuration
2011-01-13 17:54:59 +00:00
* \ param f_vrfy verification function
* \ param p_vrfy verification parameter
*/
2015-05-11 07:50:24 +00:00
void mbedtls_ssl_conf_verify ( mbedtls_ssl_config * conf ,
2015-05-11 17:54:43 +00:00
int ( * f_vrfy ) ( void * , mbedtls_x509_crt * , int , uint32_t * ) ,
2011-01-13 17:54:59 +00:00
void * p_vrfy ) ;
2015-04-08 10:49:31 +00:00
# endif /* MBEDTLS_X509_CRT_PARSE_C */
2011-01-13 17:54:59 +00:00
2009-01-03 21:22:43 +00:00
/**
* \ brief Set the random number generator callback
*
2015-05-07 11:35:38 +00:00
* \ param conf SSL configuration
2009-01-03 21:22:43 +00:00
* \ param f_rng RNG function
* \ param p_rng RNG parameter
*/
2015-05-11 07:50:24 +00:00
void mbedtls_ssl_conf_rng ( mbedtls_ssl_config * conf ,
2011-11-27 21:07:34 +00:00
int ( * f_rng ) ( void * , unsigned char * , size_t ) ,
2009-01-03 21:22:43 +00:00
void * p_rng ) ;
/**
* \ brief Set the debug callback
*
2015-05-05 08:45:39 +00:00
* \ param conf SSL configuration
2009-01-03 21:22:43 +00:00
* \ param f_dbg debug function
* \ param p_dbg debug parameter
*/
2015-05-11 07:50:24 +00:00
void mbedtls_ssl_conf_dbg ( mbedtls_ssl_config * conf ,
2010-03-16 21:09:09 +00:00
void ( * f_dbg ) ( void * , int , const char * ) ,
2009-01-03 21:22:43 +00:00
void * p_dbg ) ;
2014-09-17 08:47:43 +00:00
/**
* \ brief Set the underlying BIO callbacks for write , read and
* read - with - timeout .
*
* \ param ssl SSL context
* \ param p_bio parameter ( context ) shared by BIO callbacks
* \ param f_send write callback
* \ param f_recv read callback
2015-05-06 15:19:31 +00:00
* \ param f_recv_timeout blocking read callback with timeout .
2015-05-13 18:34:24 +00:00
* The last argument is the timeout in milliseconds ,
* 0 means no timeout
2014-09-17 08:47:43 +00:00
*
2015-05-13 08:21:19 +00:00
* \ note One of f_recv or f_recv_timeout can be NULL , in which case
* the other is used . If both are non - NULL , f_recv_timeout is
* used and f_recv is ignored ( as if it were NULL ) .
2014-09-17 08:47:43 +00:00
*
2015-05-13 08:21:19 +00:00
* \ note The two most common use cases are :
* - non - blocking I / O , f_recv ! = NULL , f_recv_timeout = = NULL
* - blocking I / O , f_recv = = NULL , f_recv_timout ! = NULL
*
* \ note For DTLS , you need to provide either a non - NULL
* f_recv_timeout callback , or a f_recv that doesn ' t block .
2014-09-17 08:47:43 +00:00
*/
2015-05-06 14:54:23 +00:00
void mbedtls_ssl_set_bio ( mbedtls_ssl_context * ssl ,
2014-09-17 08:47:43 +00:00
void * p_bio ,
int ( * f_send ) ( void * , const unsigned char * , size_t ) ,
int ( * f_recv ) ( void * , unsigned char * , size_t ) ,
2015-05-06 14:38:52 +00:00
int ( * f_recv_timeout ) ( void * , unsigned char * , size_t , uint32_t ) ) ;
/**
* \ brief Set the timeout period for mbedtls_ssl_read ( )
* ( Default : no timeout . )
*
* \ param conf SSL configuration context
* \ param timeout Timeout value in milliseconds .
* Use 0 for no timeout ( default ) .
*
* \ note With blocking I / O , this will only work if a non - NULL
2015-05-06 14:54:23 +00:00
* \ c f_recv_timeout was set with \ c mbedtls_ssl_set_bio ( ) .
2015-05-13 08:21:19 +00:00
* With non - blocking I / O , this will only work if timer
* callbacks were set with \ c mbedtls_ssl_set_timer_cb ( ) .
*
* \ note With non - blocking I / O , you may also skip this function
* altogether and handle timeouts at the application layer .
2015-05-06 14:38:52 +00:00
*/
2015-05-11 07:50:24 +00:00
void mbedtls_ssl_conf_read_timeout ( mbedtls_ssl_config * conf , uint32_t timeout ) ;
2014-09-17 08:47:43 +00:00
2015-05-12 18:55:41 +00:00
/**
* \ brief Set the timer callbacks
* ( Mandatory for DTLS . )
*
* \ param ssl SSL context
* \ param p_timer parameter ( context ) shared by timer callback
* \ param f_set_timer set timer callback
* Accepts an intermediate and a final delay in milliseconcs
* If the final delay is 0 , cancels the running timer .
* \ param f_get_timer get timer callback . Must return :
* - 1 if cancelled
* 0 if none of the delays is expired
* 1 if the intermediate delay only is expired
* 2 if the final delay is expired
*/
void mbedtls_ssl_set_timer_cb ( mbedtls_ssl_context * ssl ,
void * p_timer ,
void ( * f_set_timer ) ( void * , uint32_t int_ms , uint32_t fin_ms ) ,
int ( * f_get_timer ) ( void * ) ) ;
2015-05-19 13:28:00 +00:00
/**
* \ brief Callback type : generate and write session ticket
*
* \ note This describes what a callback implementation should do .
* This callback should generate and encrypted and
* authenticated ticket for the session and write it to the
* output buffer . Here , ticket means the opaque ticket part
* of the NewSessionTicket structure of RFC 5077.
*
* \ param p_ticket Context for the callback
* \ param session SSL session to bo written in the ticket
* \ param start Start of the outpur buffer
* \ param end End of the output buffer
* \ param tlen On exit , holds the length written
* \ param lifetime On exit , holds the lifetime of the ticket in seconds
*
* \ return 0 if successful , or
* a specific MBEDTLS_ERR_XXX code .
*/
typedef int mbedtls_ssl_ticket_write_t ( void * p_ticket ,
const mbedtls_ssl_session * session ,
unsigned char * start ,
const unsigned char * end ,
size_t * tlen ,
uint32_t * lifetime ) ;
/**
* \ brief Callback type : parse and load session ticket
*
* \ note This describes what a callback implementation should do .
* This callback should parse a session ticket as generated
* by the corresponding mbedtls_ssl_ticket_write_t function ,
* and , if the ticket is authentic and valid , load the
* session .
*
* \ note The implementation is allowed to modify the first len
2015-05-20 08:45:29 +00:00
* bytes of the input buffer , eg to use it as a temporary
* area for the decrypted ticket contents .
2015-05-19 13:28:00 +00:00
*
* \ param p_ticket Context for the callback
* \ param session SSL session to be loaded
* \ param buf Start of the buffer containing the ticket
* \ param len Length of the ticket .
*
* \ return 0 if successful , or
* MBEDTLS_ERR_SSL_INVALID_MAC if not authentic , or
* MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED if expired , or
* any other non - zero code for other failures .
*/
typedef int mbedtls_ssl_ticket_parse_t ( void * p_ticket ,
mbedtls_ssl_session * session ,
unsigned char * buf ,
size_t len ) ;
2015-05-20 08:45:29 +00:00
# if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_SRV_C)
2015-05-19 13:28:00 +00:00
/**
2015-05-20 08:45:29 +00:00
* \ brief Configure SSL session ticket callbacks ( server only ) .
* ( Default : none . )
*
* \ note On server , session tickets are enabled by providing
* non - NULL callbacks .
*
2015-06-11 11:29:15 +00:00
* \ note On client , use \ c mbedtls_ssl_conf_session_tickets ( ) .
2015-05-19 13:28:00 +00:00
*
* \ param conf SSL configuration context
* \ param f_ticket_write Callback for writing a ticket
* \ param f_ticket_parse Callback for parsing a ticket
* \ param p_ticket Context shared by the two callbacks
*/
void mbedtls_ssl_conf_session_tickets_cb ( mbedtls_ssl_config * conf ,
mbedtls_ssl_ticket_write_t * f_ticket_write ,
mbedtls_ssl_ticket_parse_t * f_ticket_parse ,
void * p_ticket ) ;
2015-05-20 08:45:29 +00:00
# endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_SRV_C */
2015-05-19 13:28:00 +00:00
2014-07-23 12:56:15 +00:00
/**
* \ brief Callback type : generate a cookie
*
* \ param ctx Context for the callback
* \ param p Buffer to write to ,
* must be updated to point right after the cookie
* \ param end Pointer to one past the end of the output buffer
* \ param info Client ID info that was passed to
2015-04-08 10:49:31 +00:00
* \ c mbedtls_ssl_set_client_transport_id ( )
2014-07-23 12:56:15 +00:00
* \ param ilen Length of info in bytes
*
* \ return The callback must return 0 on success ,
* or a negative error code .
*/
2015-04-08 10:49:31 +00:00
typedef int mbedtls_ssl_cookie_write_t ( void * ctx ,
2014-07-23 12:56:15 +00:00
unsigned char * * p , unsigned char * end ,
const unsigned char * info , size_t ilen ) ;
/**
* \ brief Callback type : verify a cookie
*
* \ param ctx Context for the callback
* \ param cookie Cookie to verify
* \ param clen Length of cookie
* \ param info Client ID info that was passed to
2015-04-08 10:49:31 +00:00
* \ c mbedtls_ssl_set_client_transport_id ( )
2014-07-23 12:56:15 +00:00
* \ param ilen Length of info in bytes
*
* \ return The callback must return 0 if cookie is valid ,
* or a negative error code .
*/
2015-04-08 10:49:31 +00:00
typedef int mbedtls_ssl_cookie_check_t ( void * ctx ,
2014-07-23 12:56:15 +00:00
const unsigned char * cookie , size_t clen ,
const unsigned char * info , size_t ilen ) ;
2015-05-20 08:59:43 +00:00
# if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
2014-07-23 12:56:15 +00:00
/**
* \ brief Register callbacks for DTLS cookies
* ( Server only . DTLS only . )
*
2015-05-28 13:24:25 +00:00
* Default : dummy callbacks that fail , in order to force you to
2014-07-23 15:52:09 +00:00
* register working callbacks ( and initialize their context ) .
*
* To disable HelloVerifyRequest , register NULL callbacks .
*
* \ warning Disabling hello verification allows your server to be used
* for amplification in DoS attacks against other hosts .
* Only disable if you known this can ' t happen in your
* particular environment .
*
2015-05-28 13:24:25 +00:00
* \ note See comments on \ c mbedtls_ssl_handshake ( ) about handling
* the MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED that is expected
* on the first handshake attempt when this is enabled .
*
2015-05-05 08:45:39 +00:00
* \ param conf SSL configuration
2014-07-23 12:56:15 +00:00
* \ param f_cookie_write Cookie write callback
* \ param f_cookie_check Cookie check callback
* \ param p_cookie Context for both callbacks
*/
2015-05-11 07:50:24 +00:00
void mbedtls_ssl_conf_dtls_cookies ( mbedtls_ssl_config * conf ,
2015-04-08 10:49:31 +00:00
mbedtls_ssl_cookie_write_t * f_cookie_write ,
mbedtls_ssl_cookie_check_t * f_cookie_check ,
2014-07-23 12:56:15 +00:00
void * p_cookie ) ;
2015-05-20 08:59:43 +00:00
/**
* \ brief Set client ' s transport - level identification info .
* ( Server only . DTLS only . )
*
* This is usually the IP address ( and port ) , but could be
* anything identify the client depending on the underlying
* network stack . Used for HelloVerifyRequest with DTLS .
* This is * not * used to route the actual packets .
*
* \ param ssl SSL context
* \ param info Transport - level info identifying the client ( eg IP + port )
* \ param ilen Length of info in bytes
*
* \ note An internal copy is made , so the info buffer can be reused .
*
* \ return 0 on success ,
* MBEDTLS_ERR_SSL_BAD_INPUT_DATA if used on client ,
2015-05-28 07:33:39 +00:00
* MBEDTLS_ERR_SSL_ALLOC_FAILED if out of memory .
2015-05-20 08:59:43 +00:00
*/
int mbedtls_ssl_set_client_transport_id ( mbedtls_ssl_context * ssl ,
const unsigned char * info ,
size_t ilen ) ;
# endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY && MBEDTLS_SSL_SRV_C */
2014-07-22 15:32:01 +00:00
2015-04-08 10:49:31 +00:00
# if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
2014-09-24 12:41:11 +00:00
/**
* \ brief Enable or disable anti - replay protection for DTLS .
* ( DTLS only , no effect on TLS . )
2014-10-13 16:15:52 +00:00
* Default : enabled .
2014-09-24 12:41:11 +00:00
*
2015-05-05 08:45:39 +00:00
* \ param conf SSL configuration
2015-04-08 10:49:31 +00:00
* \ param mode MBEDTLS_SSL_ANTI_REPLAY_ENABLED or MBEDTLS_SSL_ANTI_REPLAY_DISABLED .
2014-10-13 16:15:52 +00:00
*
* \ warning Disabling this is a security risk unless the application
* protocol handles duplicated packets in a safe way . You
* should not disable this without careful consideration .
* However , if your application already detects duplicated
* packets and needs information about them to adjust its
* transmission strategy , then you ' ll want to disable this .
2014-09-24 12:41:11 +00:00
*/
2015-05-11 07:50:24 +00:00
void mbedtls_ssl_conf_dtls_anti_replay ( mbedtls_ssl_config * conf , char mode ) ;
2015-04-08 10:49:31 +00:00
# endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */
2014-09-24 12:41:11 +00:00
2015-04-08 10:49:31 +00:00
# if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
2014-10-14 16:30:36 +00:00
/**
* \ brief Set a limit on the number of records with a bad MAC
* before terminating the connection .
* ( DTLS only , no effect on TLS . )
* Default : 0 ( disabled ) .
*
2015-05-05 08:45:39 +00:00
* \ param conf SSL configuration
2014-10-14 16:30:36 +00:00
* \ param limit Limit , or 0 to disable .
*
* \ note If the limit is N , then the connection is terminated when
* the Nth non - authentic record is seen .
*
* \ note Records with an invalid header are not counted , only the
* ones going through the authentication - decryption phase .
*
* \ note This is a security trade - off related to the fact that it ' s
* often relatively easy for an active attacker ot inject UDP
* datagrams . On one hand , setting a low limit here makes it
* easier for such an attacker to forcibly terminated a
* connection . On the other hand , a high limit or no limit
* might make us waste resources checking authentication on
* many bogus packets .
*/
2015-05-11 07:50:24 +00:00
void mbedtls_ssl_conf_dtls_badmac_limit ( mbedtls_ssl_config * conf , unsigned limit ) ;
2015-04-08 10:49:31 +00:00
# endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */
2014-10-14 16:30:36 +00:00
2015-04-08 10:49:31 +00:00
# if defined(MBEDTLS_SSL_PROTO_DTLS)
2014-10-01 10:03:55 +00:00
/**
* \ brief Set retransmit timeout values for the DTLS handshale .
* ( DTLS only , no effect on TLS . )
*
2015-05-05 08:45:39 +00:00
* \ param conf SSL configuration
2014-10-01 10:03:55 +00:00
* \ param min Initial timeout value in milliseconds .
* Default : 1000 ( 1 second ) .
* \ param max Maximum timeout value in milliseconds .
* Default : 60000 ( 60 seconds ) .
*
* \ note Default values are from RFC 6347 section 4.2 .4 .1 .
*
* \ note Higher values for initial timeout may increase average
* handshake latency . Lower values may increase the risk of
* network congestion by causing more retransmissions .
*/
2015-05-11 07:50:24 +00:00
void mbedtls_ssl_conf_handshake_timeout ( mbedtls_ssl_config * conf , uint32_t min , uint32_t max ) ;
2015-04-08 10:49:31 +00:00
# endif /* MBEDTLS_SSL_PROTO_DTLS */
2014-09-24 12:41:11 +00:00
2015-05-06 13:53:09 +00:00
# if defined(MBEDTLS_SSL_SRV_C)
2009-01-03 21:22:43 +00:00
/**
2012-09-25 21:55:46 +00:00
* \ brief Set the session cache callbacks ( server - side only )
2014-11-20 17:29:41 +00:00
* If not set , no session resuming is done ( except if session
* tickets are enabled too ) .
2009-01-03 21:22:43 +00:00
*
2012-09-25 21:55:46 +00:00
* The session cache has the responsibility to check for stale
* entries based on timeout . See RFC 5246 for recommendations .
*
* Warning : session . peer_cert is cleared by the SSL / TLS layer on
* connection shutdown , so do not cache the pointer ! Either set
* it to NULL or make a full copy of the certificate .
*
* The get callback is called once during the initial handshake
* to enable session resuming . The get function has the
2015-04-08 10:49:31 +00:00
* following parameters : ( void * parameter , mbedtls_ssl_session * session )
2012-09-25 21:55:46 +00:00
* If a valid entry is found , it should fill the master of
* the session object with the cached values and return 0 ,
* return 1 otherwise . Optionally peer_cert can be set as well
* if it is properly present in cache entry .
*
* The set callback is called once during the initial handshake
* to enable session resuming after the entire handshake has
* been finished . The set function has the following parameters :
2015-04-08 10:49:31 +00:00
* ( void * parameter , const mbedtls_ssl_session * session ) . The function
2012-09-25 21:55:46 +00:00
* should create a cache entry for future retrieval based on
* the data in the session structure and should keep in mind
2015-04-08 10:49:31 +00:00
* that the mbedtls_ssl_session object presented ( and all its referenced
2012-09-25 21:55:46 +00:00
* data ) is cleared by the SSL / TLS layer when the connection is
* terminated . It is recommended to add metadata to determine if
* an entry is still valid in the future . Return 0 if
2012-11-02 10:59:36 +00:00
* successfully cached , return 1 otherwise .
2012-09-25 21:55:46 +00:00
*
2015-05-05 08:45:39 +00:00
* \ param conf SSL configuration
2015-05-06 17:06:26 +00:00
* \ param p_cache parmater ( context ) for both callbacks
2012-09-25 21:55:46 +00:00
* \ param f_get_cache session get callback
* \ param f_set_cache session set callback
2009-01-03 21:22:43 +00:00
*/
2015-05-11 07:50:24 +00:00
void mbedtls_ssl_conf_session_cache ( mbedtls_ssl_config * conf ,
2015-05-06 17:06:26 +00:00
void * p_cache ,
int ( * f_get_cache ) ( void * , mbedtls_ssl_session * ) ,
int ( * f_set_cache ) ( void * , const mbedtls_ssl_session * ) ) ;
2015-04-08 10:49:31 +00:00
# endif /* MBEDTLS_SSL_SRV_C */
2009-01-03 21:22:43 +00:00
2015-04-08 10:49:31 +00:00
# if defined(MBEDTLS_SSL_CLI_C)
2009-01-03 21:22:43 +00:00
/**
2012-09-25 21:55:46 +00:00
* \ brief Request resumption of session ( client - side only )
* Session data is copied from presented session structure .
*
2009-01-03 21:22:43 +00:00
* \ param ssl SSL context
* \ param session session context
2013-07-30 10:41:56 +00:00
*
2013-08-02 13:34:52 +00:00
* \ return 0 if successful ,
2015-05-28 07:33:39 +00:00
* MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed ,
2015-04-08 10:49:31 +00:00
* MBEDTLS_ERR_SSL_BAD_INPUT_DATA if used server - side or
2013-08-02 13:34:52 +00:00
* arguments are otherwise invalid
*
2015-04-08 10:49:31 +00:00
* \ sa mbedtls_ssl_get_session ( )
2009-01-03 21:22:43 +00:00
*/
2015-04-08 10:49:31 +00:00
int mbedtls_ssl_set_session ( mbedtls_ssl_context * ssl , const mbedtls_ssl_session * session ) ;
# endif /* MBEDTLS_SSL_CLI_C */
2009-01-03 21:22:43 +00:00
/**
2014-01-14 13:08:13 +00:00
* \ brief Set the list of allowed ciphersuites and the preference
* order . First in the list has the highest preference .
2013-04-15 13:09:54 +00:00
* ( Overrides all version specific lists )
2009-01-03 21:22:43 +00:00
*
2015-05-12 10:56:41 +00:00
* The ciphersuites array is not copied , and must remain
* valid for the lifetime of the ssl_config .
*
2015-01-22 16:11:05 +00:00
* Note : The server uses its own preferences
* over the preference of the client unless
2015-04-08 10:49:31 +00:00
* MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE is defined !
2014-01-14 13:08:13 +00:00
*
2015-05-05 08:45:39 +00:00
* \ param conf SSL configuration
2011-01-27 17:40:50 +00:00
* \ param ciphersuites 0 - terminated list of allowed ciphersuites
2009-01-03 21:22:43 +00:00
*/
2015-05-11 07:50:24 +00:00
void mbedtls_ssl_conf_ciphersuites ( mbedtls_ssl_config * conf ,
2015-05-05 08:45:39 +00:00
const int * ciphersuites ) ;
2009-01-03 21:22:43 +00:00
2013-04-15 13:09:54 +00:00
/**
2014-01-14 13:08:13 +00:00
* \ brief Set the list of allowed ciphersuites and the
* preference order for a specific version of the protocol .
2013-04-15 13:09:54 +00:00
* ( Only useful on the server side )
*
2015-05-12 10:56:41 +00:00
* The ciphersuites array is not copied , and must remain
* valid for the lifetime of the ssl_config .
*
2015-05-05 08:45:39 +00:00
* \ param conf SSL configuration
2013-04-15 13:09:54 +00:00
* \ param ciphersuites 0 - terminated list of allowed ciphersuites
2015-04-08 10:49:31 +00:00
* \ param major Major version number ( only MBEDTLS_SSL_MAJOR_VERSION_3
2013-04-15 13:09:54 +00:00
* supported )
2015-04-08 10:49:31 +00:00
* \ param minor Minor version number ( MBEDTLS_SSL_MINOR_VERSION_0 ,
* MBEDTLS_SSL_MINOR_VERSION_1 and MBEDTLS_SSL_MINOR_VERSION_2 ,
* MBEDTLS_SSL_MINOR_VERSION_3 supported )
2014-02-10 12:43:33 +00:00
*
2015-04-08 10:49:31 +00:00
* \ note With DTLS , use MBEDTLS_SSL_MINOR_VERSION_2 for DTLS 1.0
* and MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2
2013-04-15 13:09:54 +00:00
*/
2015-05-11 07:50:24 +00:00
void mbedtls_ssl_conf_ciphersuites_for_version ( mbedtls_ssl_config * conf ,
2013-04-15 13:09:54 +00:00
const int * ciphersuites ,
int major , int minor ) ;
2015-04-08 10:49:31 +00:00
# if defined(MBEDTLS_X509_CRT_PARSE_C)
2015-06-17 08:58:20 +00:00
/**
* \ brief Set the X .509 security profile used for verification
*
* \ param conf SSL configuration
* \ param profile Profile to use
*/
void mbedtls_ssl_conf_cert_profile ( mbedtls_ssl_config * conf ,
mbedtls_x509_crt_profile * profile ) ;
2009-01-03 21:22:43 +00:00
/**
* \ brief Set the data required to verify peer certificate
*
2015-05-06 10:14:19 +00:00
* \ param conf SSL configuration
2012-11-20 09:30:55 +00:00
* \ param ca_chain trusted CA chain ( meaning all fully trusted top - level CAs )
2009-05-03 10:18:48 +00:00
* \ param ca_crl trusted CA CRLs
2009-01-03 21:22:43 +00:00
*/
2015-05-11 07:50:24 +00:00
void mbedtls_ssl_conf_ca_chain ( mbedtls_ssl_config * conf ,
2015-05-06 10:14:19 +00:00
mbedtls_x509_crt * ca_chain ,
mbedtls_x509_crl * ca_crl ) ;
2009-01-03 21:22:43 +00:00
/**
2012-11-20 09:30:55 +00:00
* \ brief Set own certificate chain and private key
*
2013-09-23 12:46:13 +00:00
* \ note own_cert should contain in order from the bottom up your
* certificate chain . The top certificate ( self - signed )
2012-11-20 09:30:55 +00:00
* can be omitted .
2009-01-03 21:22:43 +00:00
*
2015-05-11 06:46:37 +00:00
* \ note On server , this function can be called multiple times to
* provision more than one cert / key pair ( eg one ECDSA , one
* RSA with SHA - 256 , one RSA with SHA - 1 ) . An adequate
* certificate will be selected according to the client ' s
* advertised capabilities . In case mutliple certificates are
* adequate , preference is given to the one set by the first
* call to this function , then second , etc .
*
* \ note On client , only the first call has any effect .
2013-09-23 12:46:13 +00:00
*
2015-05-10 21:17:17 +00:00
* \ param conf SSL configuration
2012-11-20 09:30:55 +00:00
* \ param own_cert own public certificate chain
2013-08-19 12:10:16 +00:00
* \ param pk_key own private key
2013-09-23 12:46:13 +00:00
*
2015-05-28 07:33:39 +00:00
* \ return 0 on success or MBEDTLS_ERR_SSL_ALLOC_FAILED
2009-01-03 21:22:43 +00:00
*/
2015-05-11 07:50:24 +00:00
int mbedtls_ssl_conf_own_cert ( mbedtls_ssl_config * conf ,
2015-05-10 19:13:36 +00:00
mbedtls_x509_crt * own_cert ,
mbedtls_pk_context * pk_key ) ;
2015-04-08 10:49:31 +00:00
# endif /* MBEDTLS_X509_CRT_PARSE_C */
2011-01-18 15:27:19 +00:00
2015-04-08 10:49:31 +00:00
# if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
2013-04-16 16:05:29 +00:00
/**
2015-05-07 14:59:54 +00:00
* \ brief Set the Pre Shared Key ( PSK ) and the expected identity name
*
* \ note This is mainly useful for clients . Servers will usually
2015-05-11 07:50:24 +00:00
* want to use \ c mbedtls_ssl_conf_psk_cb ( ) instead .
2013-04-16 16:05:29 +00:00
*
2015-05-07 16:07:50 +00:00
* \ param conf SSL configuration
2013-04-16 16:05:29 +00:00
* \ param psk pointer to the pre - shared key
* \ param psk_len pre - shared key length
* \ param psk_identity pointer to the pre - shared key identity
* \ param psk_identity_len identity key length
2013-09-18 15:29:31 +00:00
*
2015-05-28 07:33:39 +00:00
* \ return 0 if successful or MBEDTLS_ERR_SSL_ALLOC_FAILED
2013-04-16 16:05:29 +00:00
*/
2015-05-11 07:50:24 +00:00
int mbedtls_ssl_conf_psk ( mbedtls_ssl_config * conf ,
2015-05-07 14:59:54 +00:00
const unsigned char * psk , size_t psk_len ,
const unsigned char * psk_identity , size_t psk_identity_len ) ;
2013-09-18 15:29:31 +00:00
/**
2015-05-07 14:59:54 +00:00
* \ brief Set the Pre Shared Key ( PSK ) for the current handshake
*
* \ note This should only be called inside the PSK callback ,
2015-05-11 07:50:24 +00:00
* ie the function passed to \ c mbedtls_ssl_conf_psk_cb ( ) .
2015-05-07 14:59:54 +00:00
*
* \ param ssl SSL context
* \ param psk pointer to the pre - shared key
* \ param psk_len pre - shared key length
*
2015-05-28 07:33:39 +00:00
* \ return 0 if successful or MBEDTLS_ERR_SSL_ALLOC_FAILED
2015-05-07 14:59:54 +00:00
*/
int mbedtls_ssl_set_hs_psk ( mbedtls_ssl_context * ssl ,
const unsigned char * psk , size_t psk_len ) ;
/**
* \ brief Set the PSK callback ( server - side only ) .
2013-09-18 15:29:31 +00:00
*
* If set , the PSK callback is called for each
* handshake where a PSK ciphersuite was negotiated .
2014-02-25 12:08:08 +00:00
* The caller provides the identity received and wants to
2013-09-18 15:29:31 +00:00
* receive the actual PSK data and length .
*
* The callback has the following parameters : ( void * parameter ,
2015-04-08 10:49:31 +00:00
* mbedtls_ssl_context * ssl , const unsigned char * psk_identity ,
2013-09-18 15:29:31 +00:00
* size_t identity_len )
* If a valid PSK identity is found , the callback should use
2015-05-07 14:59:54 +00:00
* \ c mbedtls_ssl_set_hs_psk ( ) on the ssl context to set the
* correct PSK and return 0.
2013-09-18 15:29:31 +00:00
* Any other return value will result in a denied PSK identity .
*
2015-05-07 14:59:54 +00:00
* \ note If you set a PSK callback using this function , then you
* don ' t need to set a PSK key and identity using
2015-05-11 07:50:24 +00:00
* \ c mbedtls_ssl_conf_psk ( ) .
2015-05-07 14:59:54 +00:00
*
2015-05-05 08:45:39 +00:00
* \ param conf SSL configuration
2013-09-18 15:29:31 +00:00
* \ param f_psk PSK identity function
* \ param p_psk PSK identity parameter
*/
2015-05-11 07:50:24 +00:00
void mbedtls_ssl_conf_psk_cb ( mbedtls_ssl_config * conf ,
2015-04-08 10:49:31 +00:00
int ( * f_psk ) ( void * , mbedtls_ssl_context * , const unsigned char * ,
2013-09-18 15:29:31 +00:00
size_t ) ,
void * p_psk ) ;
2015-04-08 10:49:31 +00:00
# endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
2013-04-16 16:05:29 +00:00
2015-05-06 16:33:07 +00:00
# if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C)
2009-01-03 21:22:43 +00:00
/**
* \ brief Set the Diffie - Hellman public P and G values ,
* read as hexadecimal strings ( server - side only )
2015-05-06 16:33:07 +00:00
* ( Default : MBEDTLS_DHM_RFC5114_MODP_2048_ [ PG ] )
2009-01-03 21:22:43 +00:00
*
2015-05-05 08:45:39 +00:00
* \ param conf SSL configuration
2009-01-03 21:22:43 +00:00
* \ param dhm_P Diffie - Hellman - Merkle modulus
* \ param dhm_G Diffie - Hellman - Merkle generator
*
* \ return 0 if successful
*/
2015-05-11 07:50:24 +00:00
int mbedtls_ssl_conf_dh_param ( mbedtls_ssl_config * conf , const char * dhm_P , const char * dhm_G ) ;
2009-01-03 21:22:43 +00:00
2011-01-06 15:48:19 +00:00
/**
* \ brief Set the Diffie - Hellman public P and G values ,
* read from existing context ( server - side only )
*
2015-05-05 08:45:39 +00:00
* \ param conf SSL configuration
2011-01-06 15:48:19 +00:00
* \ param dhm_ctx Diffie - Hellman - Merkle context
*
* \ return 0 if successful
*/
2015-05-11 07:50:24 +00:00
int mbedtls_ssl_conf_dh_param_ctx ( mbedtls_ssl_config * conf , mbedtls_dhm_context * dhm_ctx ) ;
2015-05-20 08:35:51 +00:00
# endif /* MBEDTLS_DHM_C && defined(MBEDTLS_SSL_SRV_C) */
2011-01-06 15:48:19 +00:00
2015-06-11 12:49:42 +00:00
# if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
/**
* \ brief Set the minimum length for Diffie - Hellman parameters .
* ( Client - side only . )
* ( Default : 1024 bits . )
*
* \ param conf SSL configuration
* \ param bitlen Minimum bit length of the DHM prime
*/
void mbedtls_ssl_conf_dhm_min_bitlen ( mbedtls_ssl_config * conf ,
unsigned int bitlen ) ;
# endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_CLI_C */
2015-06-17 09:43:30 +00:00
# if defined(MBEDTLS_ECP_C)
2014-01-19 20:48:42 +00:00
/**
2014-02-04 14:14:13 +00:00
* \ brief Set the allowed curves in order of preference .
2014-02-03 14:56:49 +00:00
* ( Default : all defined curves . )
2014-01-19 20:48:42 +00:00
*
2014-02-04 14:14:13 +00:00
* On server : this only affects selection of the ECDHE curve ;
* the curves used for ECDH and ECDSA are determined by the
* list of available certificates instead .
*
* On client : this affects the list of curves offered for any
2014-02-04 15:18:07 +00:00
* use . The server can override our preference order .
*
* Both sides : limits the set of curves used by peer to the
2015-06-17 09:49:39 +00:00
* listed curves for any use ECDHE and the end - entity
* certificate .
*
* \ note This has no influence on which curve are allowed inside the
* certificate chains , see \ c mbedtls_ssl_conf_cert_profile ( )
* for that . For example , if the peer ' s certificate chain is
* EE - > CA_int - > CA_root , then the allowed curves for EE are
* controlled by \ c mbedtls_ssl_conf_curves ( ) but for CA_int
* and CA_root it ' s \ c mbedtls_ssl_conf_cert_profile ( ) .
2014-01-19 20:48:42 +00:00
*
2015-06-17 10:43:26 +00:00
* \ note This list should be ordered by decreasing preference
* ( preferred curve first ) .
*
2015-05-05 08:45:39 +00:00
* \ param conf SSL configuration
2014-02-04 14:14:13 +00:00
* \ param curves Ordered list of allowed curves ,
2015-04-08 10:49:31 +00:00
* terminated by MBEDTLS_ECP_DP_NONE .
2014-01-19 20:48:42 +00:00
*/
2015-06-17 10:43:26 +00:00
void mbedtls_ssl_conf_curves ( mbedtls_ssl_config * conf ,
const mbedtls_ecp_group_id * curves ) ;
2015-06-17 09:43:30 +00:00
# endif /* MBEDTLS_ECP_C */
2014-01-19 20:48:42 +00:00
2015-06-17 10:43:26 +00:00
# if defined(MBEDTLS_KEY_EXCHANGE__SOME__SIGNATURE_ENABLED)
/**
* \ brief Set the allowed hashes for signatures during the handshake .
* ( Default : all available hashes . )
*
* \ note This only affects which hashes are offered and can be used
* for signatures during the handshake . Hashes for message
* authentication and the TLS PRF are controlled by the
* ciphersuite , see \ c mbedtls_ssl_conf_ciphersuites ( ) . Hashes
* used for certificate signature are controlled by the
* verification profile , see \ c mbedtls_ssl_conf_cert_profile ( ) .
*
* \ note This list should be ordered by decreasing preference
* ( preferred hash first ) .
*
* \ param conf SSL configuration
* \ param hashes Ordered list of allowed signature hashes ,
* terminated by \ c MBEDTLS_MD_NONE .
*/
void mbedtls_ssl_conf_sig_hashes ( mbedtls_ssl_config * conf ,
const int * hashes ) ;
# endif /* MBEDTLS_KEY_EXCHANGE__SOME__SIGNATURE_ENABLED */
2015-05-06 10:14:19 +00:00
# if defined(MBEDTLS_X509_CRT_PARSE_C)
2009-01-03 21:22:43 +00:00
/**
2012-09-27 21:49:42 +00:00
* \ brief Set hostname for ServerName TLS extension
* ( client - side only )
2013-09-18 15:29:31 +00:00
*
2009-01-03 21:22:43 +00:00
*
* \ param ssl SSL context
* \ param hostname the server hostname
*
2015-05-28 07:33:39 +00:00
* \ return 0 if successful or MBEDTLS_ERR_SSL_ALLOC_FAILED
2009-01-03 21:22:43 +00:00
*/
2015-04-08 10:49:31 +00:00
int mbedtls_ssl_set_hostname ( mbedtls_ssl_context * ssl , const char * hostname ) ;
2015-05-06 10:14:19 +00:00
# endif /* MBEDTLS_X509_CRT_PARSE_C */
2009-01-03 21:22:43 +00:00
2015-05-06 10:14:19 +00:00
# if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
2015-05-10 21:10:37 +00:00
/**
* \ brief Set own certificate and key for the current handshake
*
2015-05-11 07:50:24 +00:00
* \ note Same as \ c mbedtls_ssl_conf_own_cert ( ) but for use within
2015-05-10 21:10:37 +00:00
* the SNI callback .
*
* \ param ssl SSL context
* \ param own_cert own public certificate chain
* \ param pk_key own private key
*
2015-05-28 07:33:39 +00:00
* \ return 0 on success or MBEDTLS_ERR_SSL_ALLOC_FAILED
2015-05-10 21:10:37 +00:00
*/
int mbedtls_ssl_set_hs_own_cert ( mbedtls_ssl_context * ssl ,
mbedtls_x509_crt * own_cert ,
mbedtls_pk_context * pk_key ) ;
2015-05-11 06:46:37 +00:00
/**
* \ brief Set the data required to verify peer certificate for the
* current handshake
*
2015-05-11 07:50:24 +00:00
* \ note Same as \ c mbedtls_ssl_conf_ca_chain ( ) but for use within
2015-05-11 06:46:37 +00:00
* the SNI callback .
*
* \ param ssl SSL context
* \ param ca_chain trusted CA chain ( meaning all fully trusted top - level CAs )
* \ param ca_crl trusted CA CRLs
*/
void mbedtls_ssl_set_hs_ca_chain ( mbedtls_ssl_context * ssl ,
mbedtls_x509_crt * ca_chain ,
mbedtls_x509_crl * ca_crl ) ;
2012-09-27 21:49:42 +00:00
/**
* \ brief Set server side ServerName TLS extension callback
* ( optional , server - side only ) .
*
* If set , the ServerName callback is called whenever the
* server receives a ServerName TLS extension from the client
* during a handshake . The ServerName callback has the
2015-04-08 10:49:31 +00:00
* following parameters : ( void * parameter , mbedtls_ssl_context * ssl ,
2012-09-27 21:49:42 +00:00
* const unsigned char * hostname , size_t len ) . If a suitable
* certificate is found , the callback should set the
2015-05-11 06:46:37 +00:00
* certificate ( s ) and key ( s ) to use with \ c
* mbedtls_ssl_set_hs_own_cert ( ) ( can be called repeatedly ) ,
* and optionally adjust the CA with \ c
* mbedtls_ssl_set_hs_ca_chain ( ) and return 0. The callback
* should return - 1 to abort the handshake at this point .
2012-09-27 21:49:42 +00:00
*
2015-05-05 08:45:39 +00:00
* \ param conf SSL configuration
2012-09-27 21:49:42 +00:00
* \ param f_sni verification function
* \ param p_sni verification parameter
*/
2015-05-11 07:50:24 +00:00
void mbedtls_ssl_conf_sni ( mbedtls_ssl_config * conf ,
2015-04-08 10:49:31 +00:00
int ( * f_sni ) ( void * , mbedtls_ssl_context * , const unsigned char * ,
2012-09-27 21:49:42 +00:00
size_t ) ,
void * p_sni ) ;
2015-04-08 10:49:31 +00:00
# endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
2012-09-27 21:49:42 +00:00
2015-04-08 10:49:31 +00:00
# if defined(MBEDTLS_SSL_ALPN)
2014-04-04 14:08:41 +00:00
/**
* \ brief Set the supported Application Layer Protocols .
*
2015-05-05 08:45:39 +00:00
* \ param conf SSL configuration
2014-04-04 14:08:41 +00:00
* \ param protos NULL - terminated list of supported protocols ,
* in decreasing preference order .
2014-04-07 08:57:45 +00:00
*
2015-04-08 10:49:31 +00:00
* \ return 0 on success , or MBEDTLS_ERR_SSL_BAD_INPUT_DATA .
2014-04-04 14:08:41 +00:00
*/
2015-05-11 07:50:24 +00:00
int mbedtls_ssl_conf_alpn_protocols ( mbedtls_ssl_config * conf , const char * * protos ) ;
2014-04-04 14:08:41 +00:00
/**
* \ brief Get the name of the negotiated Application Layer Protocol .
* This function should be called after the handshake is
* completed .
*
* \ param ssl SSL context
*
* \ return Protcol name , or NULL if no protocol was negotiated .
*/
2015-04-08 10:49:31 +00:00
const char * mbedtls_ssl_get_alpn_protocol ( const mbedtls_ssl_context * ssl ) ;
# endif /* MBEDTLS_SSL_ALPN */
2014-04-04 14:08:41 +00:00
2011-10-06 13:04:09 +00:00
/**
* \ brief Set the maximum supported version sent from the client side
2013-06-29 14:01:15 +00:00
* and / or accepted at the server side
2015-04-08 10:49:31 +00:00
* ( Default : MBEDTLS_SSL_MAX_MAJOR_VERSION , MBEDTLS_SSL_MAX_MINOR_VERSION )
2013-08-27 19:19:20 +00:00
*
2015-05-11 08:11:56 +00:00
* \ note This ignores ciphersuites from higher versions .
*
* \ note With DTLS , use MBEDTLS_SSL_MINOR_VERSION_2 for DTLS 1.0 and
* MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2
2013-06-29 14:01:15 +00:00
*
2015-05-05 08:45:39 +00:00
* \ param conf SSL configuration
2015-04-08 10:49:31 +00:00
* \ param major Major version number ( only MBEDTLS_SSL_MAJOR_VERSION_3 supported )
* \ param minor Minor version number ( MBEDTLS_SSL_MINOR_VERSION_0 ,
* MBEDTLS_SSL_MINOR_VERSION_1 and MBEDTLS_SSL_MINOR_VERSION_2 ,
* MBEDTLS_SSL_MINOR_VERSION_3 supported )
2011-10-06 13:04:09 +00:00
*/
2015-05-11 08:11:56 +00:00
void mbedtls_ssl_conf_max_version ( mbedtls_ssl_config * conf , int major , int minor ) ;
2011-10-06 13:04:09 +00:00
2012-09-28 13:28:45 +00:00
/**
* \ brief Set the minimum accepted SSL / TLS protocol version
2015-03-31 12:21:11 +00:00
* ( Default : TLS 1.0 )
2013-08-27 19:19:20 +00:00
*
2015-01-12 10:40:14 +00:00
* \ note Input outside of the SSL_MAX_XXXXX_VERSION and
* SSL_MIN_XXXXX_VERSION range is ignored .
*
2015-04-08 10:49:31 +00:00
* \ note MBEDTLS_SSL_MINOR_VERSION_0 ( SSL v3 ) should be avoided .
2012-09-28 13:28:45 +00:00
*
2015-05-11 08:11:56 +00:00
* \ note With DTLS , use MBEDTLS_SSL_MINOR_VERSION_2 for DTLS 1.0 and
* MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2
*
2015-05-05 08:45:39 +00:00
* \ param conf SSL configuration
2015-04-08 10:49:31 +00:00
* \ param major Major version number ( only MBEDTLS_SSL_MAJOR_VERSION_3 supported )
* \ param minor Minor version number ( MBEDTLS_SSL_MINOR_VERSION_0 ,
* MBEDTLS_SSL_MINOR_VERSION_1 and MBEDTLS_SSL_MINOR_VERSION_2 ,
* MBEDTLS_SSL_MINOR_VERSION_3 supported )
2012-09-28 13:28:45 +00:00
*/
2015-05-11 08:11:56 +00:00
void mbedtls_ssl_conf_min_version ( mbedtls_ssl_config * conf , int major , int minor ) ;
2012-09-28 13:28:45 +00:00
2015-04-08 10:49:31 +00:00
# if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C)
2014-10-20 11:34:59 +00:00
/**
* \ brief Set the fallback flag ( client - side only ) .
2015-04-08 10:49:31 +00:00
* ( Default : MBEDTLS_SSL_IS_NOT_FALLBACK ) .
2014-10-20 11:34:59 +00:00
*
2015-04-08 10:49:31 +00:00
* \ note Set to MBEDTLS_SSL_IS_FALLBACK when preparing a fallback
2014-10-20 11:34:59 +00:00
* connection , that is a connection with max_version set to a
* lower value than the value you ' re willing to use . Such
* fallback connections are not recommended but are sometimes
* necessary to interoperate with buggy ( version - intolerant )
* servers .
*
2015-04-08 10:49:31 +00:00
* \ warning You should NOT set this to MBEDTLS_SSL_IS_FALLBACK for
2014-10-20 11:34:59 +00:00
* non - fallback connections ! This would appear to work for a
* while , then cause failures when the server is upgraded to
* support a newer TLS version .
*
2015-05-06 08:27:31 +00:00
* \ param conf SSL configuration
2015-04-08 10:49:31 +00:00
* \ param fallback MBEDTLS_SSL_IS_NOT_FALLBACK or MBEDTLS_SSL_IS_FALLBACK
2014-10-20 11:34:59 +00:00
*/
2015-05-11 07:50:24 +00:00
void mbedtls_ssl_conf_fallback ( mbedtls_ssl_config * conf , char fallback ) ;
2015-04-08 10:49:31 +00:00
# endif /* MBEDTLS_SSL_FALLBACK_SCSV && MBEDTLS_SSL_CLI_C */
2014-10-20 11:34:59 +00:00
2015-04-08 10:49:31 +00:00
# if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
2014-10-27 12:57:03 +00:00
/**
* \ brief Enable or disable Encrypt - then - MAC
2015-04-08 10:49:31 +00:00
* ( Default : MBEDTLS_SSL_ETM_ENABLED )
2014-10-27 12:57:03 +00:00
*
* \ note This should always be enabled , it is a security
* improvement , and should not cause any interoperability
* issue ( used only if the peer supports it too ) .
*
2015-05-05 08:45:39 +00:00
* \ param conf SSL configuration
2015-04-08 10:49:31 +00:00
* \ param etm MBEDTLS_SSL_ETM_ENABLED or MBEDTLS_SSL_ETM_DISABLED
2014-10-27 12:57:03 +00:00
*/
2015-05-11 07:50:24 +00:00
void mbedtls_ssl_conf_encrypt_then_mac ( mbedtls_ssl_config * conf , char etm ) ;
2015-04-08 10:49:31 +00:00
# endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
2014-10-27 12:57:03 +00:00
2015-04-08 10:49:31 +00:00
# if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
2014-10-20 16:40:56 +00:00
/**
* \ brief Enable or disable Extended Master Secret negotiation .
2015-04-08 10:49:31 +00:00
* ( Default : MBEDTLS_SSL_EXTENDED_MS_ENABLED )
2014-10-20 16:40:56 +00:00
*
* \ note This should always be enabled , it is a security fix to the
* protocol , and should not cause any interoperability issue
* ( used only if the peer supports it too ) .
*
2015-05-05 08:45:39 +00:00
* \ param conf SSL configuration
2015-04-08 10:49:31 +00:00
* \ param ems MBEDTLS_SSL_EXTENDED_MS_ENABLED or MBEDTLS_SSL_EXTENDED_MS_DISABLED
2014-10-20 16:40:56 +00:00
*/
2015-05-11 07:50:24 +00:00
void mbedtls_ssl_conf_extended_master_secret ( mbedtls_ssl_config * conf , char ems ) ;
2015-04-08 10:49:31 +00:00
# endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
2014-10-20 16:40:56 +00:00
2015-05-14 10:28:21 +00:00
# if defined(MBEDTLS_ARC4_C)
2015-01-12 12:43:29 +00:00
/**
* \ brief Disable or enable support for RC4
2015-04-08 10:49:31 +00:00
* ( Default : MBEDTLS_SSL_ARC4_DISABLED )
2015-01-12 12:43:29 +00:00
*
2015-03-20 19:13:22 +00:00
* \ warning Use of RC4 in ( D ) TLS has been prohibited by RFC ? ? ? ?
* for security reasons . Use at your own risks .
2015-01-12 12:43:29 +00:00
*
* \ note This function will likely be removed in future versions as
* RC4 will then be disabled by default at compile time .
*
2015-05-05 08:45:39 +00:00
* \ param conf SSL configuration
2015-04-08 10:49:31 +00:00
* \ param arc4 MBEDTLS_SSL_ARC4_ENABLED or MBEDTLS_SSL_ARC4_DISABLED
2015-01-12 12:43:29 +00:00
*/
2015-05-11 07:50:24 +00:00
void mbedtls_ssl_conf_arc4_support ( mbedtls_ssl_config * conf , char arc4 ) ;
2015-05-14 10:28:21 +00:00
# endif /* MBEDTLS_ARC4_C */
2015-01-12 12:43:29 +00:00
2015-04-08 10:49:31 +00:00
# if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
2013-07-16 10:45:26 +00:00
/**
* \ brief Set the maximum fragment length to emit and / or negotiate
2015-04-08 10:49:31 +00:00
* ( Default : MBEDTLS_SSL_MAX_CONTENT_LEN , usually 2 ^ 14 bytes )
2013-07-16 10:45:26 +00:00
* ( Server : set maximum fragment length to emit ,
* usually negotiated by the client during handshake
* ( Client : set maximum fragment length to emit * and *
* negotiate with the server during handshake )
*
2015-05-05 16:01:57 +00:00
* \ param conf SSL configuration
2013-09-10 14:16:50 +00:00
* \ param mfl_code Code for maximum fragment length ( allowed values :
2015-04-08 10:49:31 +00:00
* MBEDTLS_SSL_MAX_FRAG_LEN_512 , MBEDTLS_SSL_MAX_FRAG_LEN_1024 ,
* MBEDTLS_SSL_MAX_FRAG_LEN_2048 , MBEDTLS_SSL_MAX_FRAG_LEN_4096 )
2013-07-16 10:45:26 +00:00
*
2015-05-12 10:56:41 +00:00
* \ return 0 if successful or MBEDTLS_ERR_SSL_BAD_INPUT_DATA
2013-07-16 10:45:26 +00:00
*/
2015-05-11 07:50:24 +00:00
int mbedtls_ssl_conf_max_frag_len ( mbedtls_ssl_config * conf , unsigned char mfl_code ) ;
2015-04-08 10:49:31 +00:00
# endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
2013-07-16 10:45:26 +00:00
2015-04-08 10:49:31 +00:00
# if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
2013-07-19 09:08:52 +00:00
/**
2015-01-09 11:39:35 +00:00
* \ brief Activate negotiation of truncated HMAC
2015-05-06 16:39:23 +00:00
* ( Default : MBEDTLS_SSL_TRUNC_HMAC_DISABLED )
2013-07-19 09:08:52 +00:00
*
2015-05-05 08:45:39 +00:00
* \ param conf SSL configuration
2015-04-08 10:49:31 +00:00
* \ param truncate Enable or disable ( MBEDTLS_SSL_TRUNC_HMAC_ENABLED or
* MBEDTLS_SSL_TRUNC_HMAC_DISABLED )
2013-07-19 09:08:52 +00:00
*/
2015-05-11 08:11:56 +00:00
void mbedtls_ssl_conf_truncated_hmac ( mbedtls_ssl_config * conf , int truncate ) ;
2015-04-08 10:49:31 +00:00
# endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
2013-07-19 09:08:52 +00:00
2015-04-08 10:49:31 +00:00
# if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
2015-01-07 13:50:54 +00:00
/**
* \ brief Enable / Disable 1 / n - 1 record splitting
2015-04-08 10:49:31 +00:00
* ( Default : MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED )
2015-01-07 13:50:54 +00:00
*
* \ note Only affects SSLv3 and TLS 1.0 , not higher versions .
* Does not affect non - CBC ciphersuites in any version .
*
2015-05-05 15:34:53 +00:00
* \ param conf SSL configuration
2015-04-08 10:49:31 +00:00
* \ param split MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED or
* MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED
2015-01-07 13:50:54 +00:00
*/
2015-05-11 07:50:24 +00:00
void mbedtls_ssl_conf_cbc_record_splitting ( mbedtls_ssl_config * conf , char split ) ;
2015-04-08 10:49:31 +00:00
# endif /* MBEDTLS_SSL_CBC_RECORD_SPLITTING */
2015-01-07 13:50:54 +00:00
2015-05-20 08:45:29 +00:00
# if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
2013-08-03 11:02:31 +00:00
/**
2015-05-20 08:45:29 +00:00
* \ brief Enable / Disable session tickets ( client only ) .
* ( Default : MBEDTLS_SSL_SESSION_TICKETS_ENABLED . )
2013-08-03 11:02:31 +00:00
*
2015-05-20 08:45:29 +00:00
* \ note On server , use \ c mbedtls_ssl_conf_session_tickets_cb ( ) .
2013-08-03 11:02:31 +00:00
*
2015-05-06 09:05:11 +00:00
* \ param conf SSL configuration
2015-04-08 10:49:31 +00:00
* \ param use_tickets Enable or disable ( MBEDTLS_SSL_SESSION_TICKETS_ENABLED or
* MBEDTLS_SSL_SESSION_TICKETS_DISABLED )
2013-08-03 11:02:31 +00:00
*/
2015-05-20 08:45:29 +00:00
void mbedtls_ssl_conf_session_tickets ( mbedtls_ssl_config * conf , int use_tickets ) ;
# endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
2013-08-03 11:02:31 +00:00
2015-04-08 10:49:31 +00:00
# if defined(MBEDTLS_SSL_RENEGOTIATION)
2012-09-16 19:57:18 +00:00
/**
2012-10-23 11:54:56 +00:00
* \ brief Enable / Disable renegotiation support for connection when
* initiated by peer
2015-04-08 10:49:31 +00:00
* ( Default : MBEDTLS_SSL_RENEGOTIATION_DISABLED )
2012-10-23 11:54:56 +00:00
*
2015-05-28 13:13:30 +00:00
* \ warning It is recommended to always disable renegotation unless you
* know you need it and you know what you ' re doing . In the
* past , there has been several issues associated with
* renegotiation or a poor understanding of its properties .
*
* \ note Server - side , enabling renegotiation also makes the server
* susceptible to a resource DoS by a malicious client .
2012-09-16 19:57:18 +00:00
*
2015-05-05 08:45:39 +00:00
* \ param conf SSL configuration
2015-04-08 10:49:31 +00:00
* \ param renegotiation Enable or disable ( MBEDTLS_SSL_RENEGOTIATION_ENABLED or
* MBEDTLS_SSL_RENEGOTIATION_DISABLED )
2012-09-16 19:57:18 +00:00
*/
2015-05-11 07:50:24 +00:00
void mbedtls_ssl_conf_renegotiation ( mbedtls_ssl_config * conf , int renegotiation ) ;
2015-04-08 10:49:31 +00:00
# endif /* MBEDTLS_SSL_RENEGOTIATION */
2012-09-16 19:57:18 +00:00
/**
* \ brief Prevent or allow legacy renegotiation .
2015-04-08 10:49:31 +00:00
* ( Default : MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION )
2014-05-01 11:03:14 +00:00
*
2015-04-08 10:49:31 +00:00
* MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION allows connections to
2012-09-17 09:18:12 +00:00
* be established even if the peer does not support
* secure renegotiation , but does not allow renegotiation
* to take place if not secure .
* ( Interoperable and secure option )
*
2015-04-08 10:49:31 +00:00
* MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION allows renegotiations
2012-09-17 09:18:12 +00:00
* with non - upgraded peers . Allowing legacy renegotiation
* makes the connection vulnerable to specific man in the
* middle attacks . ( See RFC 5746 )
* ( Most interoperable and least secure option )
*
2015-04-08 10:49:31 +00:00
* MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE breaks off connections
2012-09-17 09:18:12 +00:00
* if peer does not support secure renegotiation . Results
* in interoperability issues with non - upgraded peers
* that do not support renegotiation altogether .
* ( Most secure option , interoperability issues )
2012-09-16 19:57:18 +00:00
*
2015-05-05 08:45:39 +00:00
* \ param conf SSL configuration
2012-11-07 19:46:27 +00:00
* \ param allow_legacy Prevent or allow ( SSL_NO_LEGACY_RENEGOTIATION ,
* SSL_ALLOW_LEGACY_RENEGOTIATION or
2015-04-08 10:49:31 +00:00
* MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE )
2012-09-16 19:57:18 +00:00
*/
2015-05-11 07:50:24 +00:00
void mbedtls_ssl_conf_legacy_renegotiation ( mbedtls_ssl_config * conf , int allow_legacy ) ;
2012-09-16 19:57:18 +00:00
2015-04-08 10:49:31 +00:00
# if defined(MBEDTLS_SSL_RENEGOTIATION)
2014-07-03 17:29:16 +00:00
/**
2014-10-15 13:07:45 +00:00
* \ brief Enforce renegotiation requests .
2014-07-03 17:29:16 +00:00
* ( Default : enforced , max_records = 16 )
*
2014-08-19 11:58:40 +00:00
* When we request a renegotiation , the peer can comply or
* ignore the request . This function allows us to decide
* whether to enforce our renegotiation requests by closing
* the connection if the peer doesn ' t comply .
2014-07-03 17:29:16 +00:00
*
2014-08-19 11:58:40 +00:00
* However , records could already be in transit from the peer
* when the request is emitted . In order to increase
* reliability , we can accept a number of records before the
* expected handshake records .
2014-07-03 17:29:16 +00:00
*
* The optimal value is highly dependent on the specific usage
* scenario .
*
2014-10-15 13:07:45 +00:00
* \ note With DTLS and server - initiated renegotiation , the
2015-04-08 10:49:31 +00:00
* HelloRequest is retransmited every time mbedtls_ssl_read ( ) times
2014-10-15 13:07:45 +00:00
* out or receives Application Data , until :
* - max_records records have beens seen , if it is > = 0 , or
* - the number of retransmits that would happen during an
* actual handshake has been reached .
* Please remember the request might be lost a few times
* if you consider setting max_records to a really low value .
*
2014-08-19 11:58:40 +00:00
* \ warning On client , the grace period can only happen during
2015-04-08 10:49:31 +00:00
* mbedtls_ssl_read ( ) , as opposed to mbedtls_ssl_write ( ) and mbedtls_ssl_renegotiate ( )
2014-08-19 11:58:40 +00:00
* which always behave as if max_record was 0. The reason is ,
* if we receive application data from the server , we need a
2015-04-08 10:49:31 +00:00
* place to write it , which only happens during mbedtls_ssl_read ( ) .
2014-08-19 11:58:40 +00:00
*
2015-05-05 08:45:39 +00:00
* \ param conf SSL configuration
2015-04-08 10:49:31 +00:00
* \ param max_records Use MBEDTLS_SSL_RENEGOTIATION_NOT_ENFORCED if you don ' t want to
2014-07-03 17:29:16 +00:00
* enforce renegotiation , or a non - negative value to enforce
* it but allow for a grace period of max_records records .
*/
2015-05-11 07:50:24 +00:00
void mbedtls_ssl_conf_renegotiation_enforced ( mbedtls_ssl_config * conf , int max_records ) ;
2014-07-03 17:29:16 +00:00
2014-11-05 12:58:53 +00:00
/**
* \ brief Set record counter threshold for periodic renegotiation .
* ( Default : 2 ^ 64 - 256. )
*
* Renegotiation is automatically triggered when a record
* counter ( outgoing or ingoing ) crosses the defined
* threshold . The default value is meant to prevent the
* connection from being closed when the counter is about to
* reached its maximal value ( it is not allowed to wrap ) .
*
* Lower values can be used to enforce policies such as " keys
* must be refreshed every N packets with cipher X " .
*
2015-05-05 08:45:39 +00:00
* \ param conf SSL configuration
2014-11-05 12:58:53 +00:00
* \ param period The threshold value : a big - endian 64 - bit number .
* Set to 2 ^ 64 - 1 to disable periodic renegotiation
*/
2015-05-11 07:50:24 +00:00
void mbedtls_ssl_conf_renegotiation_period ( mbedtls_ssl_config * conf ,
2014-11-05 12:58:53 +00:00
const unsigned char period [ 8 ] ) ;
2015-04-08 10:49:31 +00:00
# endif /* MBEDTLS_SSL_RENEGOTIATION */
2014-07-03 17:29:16 +00:00
2009-01-03 21:22:43 +00:00
/**
* \ brief Return the number of data bytes available to read
*
* \ param ssl SSL context
*
* \ return how many bytes are available in the read buffer
*/
2015-04-08 10:49:31 +00:00
size_t mbedtls_ssl_get_bytes_avail ( const mbedtls_ssl_context * ssl ) ;
2009-01-03 21:22:43 +00:00
/**
* \ brief Return the result of the certificate verification
*
* \ param ssl SSL context
*
2015-01-23 14:30:57 +00:00
* \ return 0 if successful ,
* - 1 if result is not available ( eg because the handshake was
* aborted too early ) , or
* a combination of BADCERT_xxx and BADCRL_xxx flags , see
* x509 . h
2009-01-03 21:22:43 +00:00
*/
2015-05-11 17:54:43 +00:00
uint32_t mbedtls_ssl_get_verify_result ( const mbedtls_ssl_context * ssl ) ;
2009-01-03 21:22:43 +00:00
/**
2011-01-27 17:40:50 +00:00
* \ brief Return the name of the current ciphersuite
2009-01-03 21:22:43 +00:00
*
* \ param ssl SSL context
*
2011-01-27 17:40:50 +00:00
* \ return a string containing the ciphersuite name
2009-01-03 21:22:43 +00:00
*/
2015-04-08 10:49:31 +00:00
const char * mbedtls_ssl_get_ciphersuite ( const mbedtls_ssl_context * ssl ) ;
2009-01-03 21:22:43 +00:00
2011-01-15 17:35:19 +00:00
/**
* \ brief Return the current SSL version ( SSLv3 / TLSv1 / etc )
*
* \ param ssl SSL context
*
* \ return a string containing the SSL version
*/
2015-04-08 10:49:31 +00:00
const char * mbedtls_ssl_get_version ( const mbedtls_ssl_context * ssl ) ;
2011-01-15 17:35:19 +00:00
2014-10-14 15:47:31 +00:00
/**
* \ brief Return the ( maximum ) number of bytes added by the record
* layer : header + encryption / MAC overhead ( inc . padding )
*
* \ param ssl SSL context
*
* \ return Current maximum record expansion in bytes , or
2015-04-08 10:49:31 +00:00
* MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE if compression is
2015-04-03 14:37:14 +00:00
* enabled , which makes expansion much less predictable
2014-10-14 15:47:31 +00:00
*/
2015-04-08 10:49:31 +00:00
int mbedtls_ssl_get_record_expansion ( const mbedtls_ssl_context * ssl ) ;
2014-10-14 15:47:31 +00:00
2015-04-08 10:49:31 +00:00
# if defined(MBEDTLS_X509_CRT_PARSE_C)
2012-10-30 07:51:03 +00:00
/**
* \ brief Return the peer certificate from the current connection
*
* Note : Can be NULL in case no certificate was sent during
* the handshake . Different calls for the same connection can
* return the same or different pointers for the same
* certificate and even a different certificate altogether .
* The peer cert CAN change in a single connection if
* renegotiation is performed .
*
* \ param ssl SSL context
*
* \ return the current peer certificate
*/
2015-04-08 10:49:31 +00:00
const mbedtls_x509_crt * mbedtls_ssl_get_peer_cert ( const mbedtls_ssl_context * ssl ) ;
# endif /* MBEDTLS_X509_CRT_PARSE_C */
2012-10-30 07:51:03 +00:00
2015-04-08 10:49:31 +00:00
# if defined(MBEDTLS_SSL_CLI_C)
2013-07-30 10:41:56 +00:00
/**
* \ brief Save session in order to resume it later ( client - side only )
* Session data is copied to presented session structure .
*
* \ warning Currently , peer certificate is lost in the operation .
*
* \ param ssl SSL context
* \ param session session context
*
* \ return 0 if successful ,
2015-05-28 07:33:39 +00:00
* MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed ,
2015-04-08 10:49:31 +00:00
* MBEDTLS_ERR_SSL_BAD_INPUT_DATA if used server - side or
2013-07-30 10:41:56 +00:00
* arguments are otherwise invalid
*
2015-04-08 10:49:31 +00:00
* \ sa mbedtls_ssl_set_session ( )
2013-07-30 10:41:56 +00:00
*/
2015-04-08 10:49:31 +00:00
int mbedtls_ssl_get_session ( const mbedtls_ssl_context * ssl , mbedtls_ssl_session * session ) ;
# endif /* MBEDTLS_SSL_CLI_C */
2013-07-30 10:41:56 +00:00
2009-01-03 21:22:43 +00:00
/**
* \ brief Perform the SSL handshake
*
* \ param ssl SSL context
*
2015-05-06 15:19:31 +00:00
* \ return 0 if successful , MBEDTLS_ERR_SSL_WANT_READ ,
* MBEDTLS_ERR_SSL_WANT_WRITE , or a specific SSL error code .
2015-05-28 13:24:25 +00:00
*
* \ note If this function returns non - zero , then the ssl context
* becomes unusable , and you should either free it or call
* \ c mbedtls_ssl_session_reset ( ) on it before re - using it .
* If DTLS is in use , then you may choose to handle
* MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED specially for logging
* purposes , but you still need to reset / free the context .
2009-01-03 21:22:43 +00:00
*/
2015-04-08 10:49:31 +00:00
int mbedtls_ssl_handshake ( mbedtls_ssl_context * ssl ) ;
2009-01-03 21:22:43 +00:00
2013-01-25 13:49:24 +00:00
/**
* \ brief Perform a single step of the SSL handshake
*
* Note : the state of the context ( ssl - > state ) will be at
* the following state after execution of this function .
2015-04-08 10:49:31 +00:00
* Do not call this function if state is MBEDTLS_SSL_HANDSHAKE_OVER .
2013-01-25 13:49:24 +00:00
*
* \ param ssl SSL context
*
2015-05-06 15:19:31 +00:00
* \ return 0 if successful , MBEDTLS_ERR_SSL_WANT_READ ,
* MBEDTLS_ERR_SSL_WANT_WRITE , or a specific SSL error code .
2013-01-25 13:49:24 +00:00
*/
2015-04-08 10:49:31 +00:00
int mbedtls_ssl_handshake_step ( mbedtls_ssl_context * ssl ) ;
2013-01-25 13:49:24 +00:00
2015-04-08 10:49:31 +00:00
# if defined(MBEDTLS_SSL_RENEGOTIATION)
2012-09-16 19:57:18 +00:00
/**
2013-10-30 15:41:21 +00:00
* \ brief Initiate an SSL renegotiation on the running connection .
* Client : perform the renegotiation right now .
* Server : request renegotiation , which will be performed
2015-04-08 10:49:31 +00:00
* during the next call to mbedtls_ssl_read ( ) if honored by client .
2012-09-16 19:57:18 +00:00
*
* \ param ssl SSL context
*
2015-04-08 10:49:31 +00:00
* \ return 0 if successful , or any mbedtls_ssl_handshake ( ) return value .
2012-09-16 19:57:18 +00:00
*/
2015-04-08 10:49:31 +00:00
int mbedtls_ssl_renegotiate ( mbedtls_ssl_context * ssl ) ;
# endif /* MBEDTLS_SSL_RENEGOTIATION */
2012-09-16 19:57:18 +00:00
2009-01-03 21:22:43 +00:00
/**
* \ brief Read at most ' len ' application data bytes
*
* \ param ssl SSL context
* \ param buf buffer that will hold the data
2014-09-24 09:13:11 +00:00
* \ param len maximum number of bytes to read
2009-01-03 21:22:43 +00:00
*
2015-05-29 10:53:47 +00:00
* \ return the number of bytes read , or
* 0 for EOF , or
* a negative error code .
2009-01-03 21:22:43 +00:00
*/
2015-04-08 10:49:31 +00:00
int mbedtls_ssl_read ( mbedtls_ssl_context * ssl , unsigned char * buf , size_t len ) ;
2009-01-03 21:22:43 +00:00
/**
* \ brief Write exactly ' len ' application data bytes
*
* \ param ssl SSL context
* \ param buf buffer holding the data
* \ param len how many bytes must be written
*
2015-05-29 10:53:47 +00:00
* \ return the number of bytes written ,
2009-01-03 21:22:43 +00:00
* or a negative error code .
*
2015-05-06 15:19:31 +00:00
* \ note When this function returns MBEDTLS_ERR_SSL_WANT_WRITE ,
2009-01-03 21:22:43 +00:00
* it must be called later with the * same * arguments ,
* until it returns a positive value .
2014-10-13 15:55:52 +00:00
*
2015-01-21 13:37:08 +00:00
* \ note If the requested length is greater than the maximum
* fragment length ( either the built - in limit or the one set
* or negotiated with the peer ) , then :
* - with TLS , less bytes than requested are written . ( In
* order to write larger messages , this function should be
* called in a loop . )
2015-04-08 10:49:31 +00:00
* - with DTLS , MBEDTLS_ERR_SSL_BAD_INPUT_DATA is returned .
2009-01-03 21:22:43 +00:00
*/
2015-04-08 10:49:31 +00:00
int mbedtls_ssl_write ( mbedtls_ssl_context * ssl , const unsigned char * buf , size_t len ) ;
2009-01-03 21:22:43 +00:00
2012-04-16 06:46:41 +00:00
/**
* \ brief Send an alert message
*
* \ param ssl SSL context
* \ param level The alert level of the message
2015-04-08 10:49:31 +00:00
* ( MBEDTLS_SSL_ALERT_LEVEL_WARNING or MBEDTLS_SSL_ALERT_LEVEL_FATAL )
2012-04-16 06:46:41 +00:00
* \ param message The alert message ( SSL_ALERT_MSG_ * )
*
2012-11-07 19:46:27 +00:00
* \ return 0 if successful , or a specific SSL error code .
2012-04-16 06:46:41 +00:00
*/
2015-04-08 10:49:31 +00:00
int mbedtls_ssl_send_alert_message ( mbedtls_ssl_context * ssl ,
2012-04-16 06:46:41 +00:00
unsigned char level ,
unsigned char message ) ;
2009-01-03 21:22:43 +00:00
/**
* \ brief Notify the peer that the connection is being closed
2009-07-28 07:18:38 +00:00
*
* \ param ssl SSL context
2009-01-03 21:22:43 +00:00
*/
2015-04-08 10:49:31 +00:00
int mbedtls_ssl_close_notify ( mbedtls_ssl_context * ssl ) ;
2009-01-03 21:22:43 +00:00
/**
2012-09-16 19:57:18 +00:00
* \ brief Free referenced items in an SSL context and clear memory
2009-07-28 07:18:38 +00:00
*
* \ param ssl SSL context
2009-01-03 21:22:43 +00:00
*/
2015-04-08 10:49:31 +00:00
void mbedtls_ssl_free ( mbedtls_ssl_context * ssl ) ;
2009-01-03 21:22:43 +00:00
2015-05-04 11:35:39 +00:00
/**
* \ brief Initialize an SSL configuration context
* Just makes the context ready for
2015-06-11 11:29:15 +00:00
* mbedtls_ssl_config_defaults ( ) or mbedtls_ssl_config_free ( ) .
2015-05-04 11:35:39 +00:00
*
* \ note You need to call mbedtls_ssl_config_defaults ( ) unless you
* manually set all of the relevent fields yourself .
*
* \ param conf SSL configuration context
*/
void mbedtls_ssl_config_init ( mbedtls_ssl_config * conf ) ;
/**
* \ brief Load reasonnable default SSL configuration values .
* ( You need to call mbedtls_ssl_config_init ( ) first . )
*
* \ param conf SSL configuration context
2015-06-11 11:29:15 +00:00
* \ param endpoint MBEDTLS_SSL_IS_CLIENT or MBEDTLS_SSL_IS_SERVER
* \ param transport MBEDTLS_SSL_TRANSPORT_STREAM for TLS , or
* MBEDTLS_SSL_TRANSPORT_DATAGRAM for DTLS
2015-06-17 11:53:47 +00:00
* \ param preset a MBEDTLS_SSL_PRESET_XXX value
* ( currently unused ) .
2015-05-04 11:35:39 +00:00
*
2015-05-11 07:50:24 +00:00
* \ note See \ c mbedtls_ssl_conf_transport ( ) for notes on DTLS .
2015-05-06 13:42:06 +00:00
*
2015-05-04 11:35:39 +00:00
* \ return 0 if successful , or
2015-06-11 11:29:15 +00:00
* MBEDTLS_ERR_XXX_ALLOC_FAILED on memory allocation error .
2015-05-04 11:35:39 +00:00
*/
2015-05-04 17:32:36 +00:00
int mbedtls_ssl_config_defaults ( mbedtls_ssl_config * conf ,
2015-06-17 11:53:47 +00:00
int endpoint , int transport , int preset ) ;
2015-05-04 11:35:39 +00:00
/**
* \ brief Free an SSL configuration context
*
* \ param conf SSL configuration context
*/
void mbedtls_ssl_config_free ( mbedtls_ssl_config * conf ) ;
2014-06-26 11:37:14 +00:00
/**
* \ brief Initialize SSL session structure
*
* \ param session SSL session
*/
2015-04-08 10:49:31 +00:00
void mbedtls_ssl_session_init ( mbedtls_ssl_session * session ) ;
2014-06-26 11:37:14 +00:00
2012-09-16 19:57:18 +00:00
/**
2012-09-25 21:55:46 +00:00
* \ brief Free referenced items in an SSL session including the
* peer certificate and clear memory
2012-09-16 19:57:18 +00:00
*
* \ param session SSL session
*/
2015-04-08 10:49:31 +00:00
void mbedtls_ssl_session_free ( mbedtls_ssl_session * session ) ;
2012-09-16 19:57:18 +00:00
2009-01-03 21:22:43 +00:00
# ifdef __cplusplus
}
# endif
# endif /* ssl.h */
