PolarSSL v1.3.1
ssl.h
Go to the documentation of this file.
1 
27 #ifndef POLARSSL_SSL_H
28 #define POLARSSL_SSL_H
29 
30 #include "config.h"
31 #include "net.h"
32 #include "bignum.h"
33 
34 #include "ssl_ciphersuites.h"
35 
36 #if defined(POLARSSL_MD5_C)
37 #include "md5.h"
38 #endif
39 
40 #if defined(POLARSSL_SHA1_C)
41 #include "sha1.h"
42 #endif
43 
44 #if defined(POLARSSL_SHA256_C)
45 #include "sha256.h"
46 #endif
47 
48 #if defined(POLARSSL_SHA512_C)
49 #include "sha512.h"
50 #endif
51 
52 // for session tickets
53 #if defined(POLARSSL_AES_C)
54 #include "aes.h"
55 #endif
56 
57 #if defined(POLARSSL_X509_CRT_PARSE_C)
58 #include "x509_crt.h"
59 #include "x509_crl.h"
60 #endif
61 
62 #if defined(POLARSSL_DHM_C)
63 #include "dhm.h"
64 #endif
65 
66 #if defined(POLARSSL_ECDH_C)
67 #include "ecdh.h"
68 #endif
69 
70 #if defined(POLARSSL_ZLIB_SUPPORT)
71 #include "zlib.h"
72 #endif
73 
74 #if defined(POLARSSL_HAVE_TIME)
75 #include <time.h>
76 #endif
77 
78 /* For convenience below and in programs */
79 #if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) || \
80  defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
81  defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
82  defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
83 #define POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED
84 #endif
85 
86 #if defined(_MSC_VER) && !defined(inline)
87 #define inline _inline
88 #else
89 #if defined(__ARMCC_VERSION) && !defined(inline)
90 #define inline __inline
91 #endif /* __ARMCC_VERSION */
92 #endif /*_MSC_VER */
93 
94 /*
95  * SSL Error codes
96  */
97 #define POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE -0x7080
98 #define POLARSSL_ERR_SSL_BAD_INPUT_DATA -0x7100
99 #define POLARSSL_ERR_SSL_INVALID_MAC -0x7180
100 #define POLARSSL_ERR_SSL_INVALID_RECORD -0x7200
101 #define POLARSSL_ERR_SSL_CONN_EOF -0x7280
102 #define POLARSSL_ERR_SSL_UNKNOWN_CIPHER -0x7300
103 #define POLARSSL_ERR_SSL_NO_CIPHER_CHOSEN -0x7380
104 #define POLARSSL_ERR_SSL_NO_SESSION_FOUND -0x7400
105 #define POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE -0x7480
106 #define POLARSSL_ERR_SSL_CERTIFICATE_TOO_LARGE -0x7500
107 #define POLARSSL_ERR_SSL_CERTIFICATE_REQUIRED -0x7580
108 #define POLARSSL_ERR_SSL_PRIVATE_KEY_REQUIRED -0x7600
109 #define POLARSSL_ERR_SSL_CA_CHAIN_REQUIRED -0x7680
110 #define POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE -0x7700
111 #define POLARSSL_ERR_SSL_FATAL_ALERT_MESSAGE -0x7780
112 #define POLARSSL_ERR_SSL_PEER_VERIFY_FAILED -0x7800
113 #define POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY -0x7880
114 #define POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO -0x7900
115 #define POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO -0x7980
116 #define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE -0x7A00
117 #define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST -0x7A80
118 #define POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE -0x7B00
119 #define POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO_DONE -0x7B80
120 #define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE -0x7C00
121 #define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP -0x7C80
122 #define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS -0x7D00
123 #define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY -0x7D80
124 #define POLARSSL_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC -0x7E00
125 #define POLARSSL_ERR_SSL_BAD_HS_FINISHED -0x7E80
126 #define POLARSSL_ERR_SSL_MALLOC_FAILED -0x7F00
127 #define POLARSSL_ERR_SSL_HW_ACCEL_FAILED -0x7F80
128 #define POLARSSL_ERR_SSL_HW_ACCEL_FALLTHROUGH -0x6F80
129 #define POLARSSL_ERR_SSL_COMPRESSION_FAILED -0x6F00
130 #define POLARSSL_ERR_SSL_BAD_HS_PROTOCOL_VERSION -0x6E80
131 #define POLARSSL_ERR_SSL_BAD_HS_NEW_SESSION_TICKET -0x6E00
132 #define POLARSSL_ERR_SSL_SESSION_TICKET_EXPIRED -0x6D80
133 #define POLARSSL_ERR_SSL_PK_TYPE_MISMATCH -0x6D00
134 #define POLARSSL_ERR_SSL_UNKNOWN_IDENTITY -0x6C80
136 /*
137  * Various constants
138  */
139 #define SSL_MAJOR_VERSION_3 3
140 #define SSL_MINOR_VERSION_0 0
141 #define SSL_MINOR_VERSION_1 1
142 #define SSL_MINOR_VERSION_2 2
143 #define SSL_MINOR_VERSION_3 3
145 /* Determine minimum supported version */
146 #define SSL_MIN_MAJOR_VERSION SSL_MAJOR_VERSION_3
147 
148 #if defined(POLARSSL_SSL_PROTO_SSL3)
149 #define SSL_MIN_MINOR_VERSION SSL_MINOR_VERSION_0
150 #else
151 #if defined(POLARSSL_SSL_PROTO_TLS1)
152 #define SSL_MIN_MINOR_VERSION SSL_MINOR_VERSION_1
153 #else
154 #if defined(POLARSSL_SSL_PROTO_TLS1_1)
155 #define SSL_MIN_MINOR_VERSION SSL_MINOR_VERSION_2
156 #else
157 #if defined(POLARSSL_SSL_PROTO_TLS1_2)
158 #define SSL_MIN_MINOR_VERSION SSL_MINOR_VERSION_3
159 #endif
160 #endif
161 #endif
162 #endif
163 
164 /* Determine maximum supported version */
165 #define SSL_MAX_MAJOR_VERSION SSL_MAJOR_VERSION_3
166 
167 #if defined(POLARSSL_SSL_PROTO_TLS1_2)
168 #define SSL_MAX_MINOR_VERSION SSL_MINOR_VERSION_3
169 #else
170 #if defined(POLARSSL_SSL_PROTO_TLS1_1)
171 #define SSL_MAX_MINOR_VERSION SSL_MINOR_VERSION_2
172 #else
173 #if defined(POLARSSL_SSL_PROTO_TLS1)
174 #define SSL_MAX_MINOR_VERSION SSL_MINOR_VERSION_1
175 #else
176 #if defined(POLARSSL_SSL_PROTO_SSL3)
177 #define SSL_MAX_MINOR_VERSION SSL_MINOR_VERSION_0
178 #endif
179 #endif
180 #endif
181 #endif
182 
183 /* RFC 6066 section 4, see also mfl_code_to_length in ssl_tls.c
184  * NONE must be zero so that memset()ing structure to zero works */
185 #define SSL_MAX_FRAG_LEN_NONE 0
186 #define SSL_MAX_FRAG_LEN_512 1
187 #define SSL_MAX_FRAG_LEN_1024 2
188 #define SSL_MAX_FRAG_LEN_2048 3
189 #define SSL_MAX_FRAG_LEN_4096 4
190 #define SSL_MAX_FRAG_LEN_INVALID 5
192 #define SSL_IS_CLIENT 0
193 #define SSL_IS_SERVER 1
194 #define SSL_COMPRESS_NULL 0
195 #define SSL_COMPRESS_DEFLATE 1
196 
197 #define SSL_VERIFY_NONE 0
198 #define SSL_VERIFY_OPTIONAL 1
199 #define SSL_VERIFY_REQUIRED 2
200 
201 #define SSL_INITIAL_HANDSHAKE 0
202 #define SSL_RENEGOTIATION 1
203 
204 #define SSL_LEGACY_RENEGOTIATION 0
205 #define SSL_SECURE_RENEGOTIATION 1
206 
207 #define SSL_RENEGOTIATION_DISABLED 0
208 #define SSL_RENEGOTIATION_ENABLED 1
209 
210 #define SSL_LEGACY_NO_RENEGOTIATION 0
211 #define SSL_LEGACY_ALLOW_RENEGOTIATION 1
212 #define SSL_LEGACY_BREAK_HANDSHAKE 2
213 
214 #define SSL_TRUNC_HMAC_DISABLED 0
215 #define SSL_TRUNC_HMAC_ENABLED 1
216 #define SSL_TRUNCATED_HMAC_LEN 10 /* 80 bits, rfc 6066 section 7 */
217 
218 #define SSL_SESSION_TICKETS_DISABLED 0
219 #define SSL_SESSION_TICKETS_ENABLED 1
220 
221 #if !defined(POLARSSL_CONFIG_OPTIONS)
222 #define SSL_DEFAULT_TICKET_LIFETIME 86400
223 #endif /* !POLARSSL_CONFIG_OPTIONS */
224 
225 /*
226  * Size of the input / output buffer.
227  * Note: the RFC defines the default size of SSL / TLS messages. If you
228  * change the value here, other clients / servers may not be able to
229  * communicate with you anymore. Only change this value if you control
230  * both sides of the connection and have it reduced at both sides!
231  */
232 #if !defined(POLARSSL_CONFIG_OPTIONS)
233 #define SSL_MAX_CONTENT_LEN 16384
234 #endif /* !POLARSSL_CONFIG_OPTIONS */
235 
236 /*
237  * Allow an extra 512 bytes for the record header
238  * and encryption overhead (counter + MAC + padding)
239  * and allow for a maximum of 1024 of compression expansion if
240  * enabled.
241  */
242 #if defined(POLARSSL_ZLIB_SUPPORT)
243 #define SSL_COMPRESSION_ADD 1024
244 #else
245 #define SSL_COMPRESSION_ADD 0
246 #endif
247 
248 #define SSL_BUFFER_LEN (SSL_MAX_CONTENT_LEN + SSL_COMPRESSION_ADD + 512)
249 
250 #define SSL_EMPTY_RENEGOTIATION_INFO 0xFF
252 /*
253  * Supported Signature and Hash algorithms (For TLS 1.2)
254  * RFC 5246 section 7.4.1.4.1
255  */
256 #define SSL_HASH_NONE 0
257 #define SSL_HASH_MD5 1
258 #define SSL_HASH_SHA1 2
259 #define SSL_HASH_SHA224 3
260 #define SSL_HASH_SHA256 4
261 #define SSL_HASH_SHA384 5
262 #define SSL_HASH_SHA512 6
263 
264 #define SSL_SIG_ANON 0
265 #define SSL_SIG_RSA 1
266 #define SSL_SIG_ECDSA 3
267 
268 /*
269  * Client Certificate Types
270  * RFC 5246 section 7.4.4 plus RFC 4492 section 5.5
271  */
272 #define SSL_CERT_TYPE_RSA_SIGN 1
273 #define SSL_CERT_TYPE_ECDSA_SIGN 64
274 
275 /*
276  * Message, alert and handshake types
277  */
278 #define SSL_MSG_CHANGE_CIPHER_SPEC 20
279 #define SSL_MSG_ALERT 21
280 #define SSL_MSG_HANDSHAKE 22
281 #define SSL_MSG_APPLICATION_DATA 23
282 
283 #define SSL_ALERT_LEVEL_WARNING 1
284 #define SSL_ALERT_LEVEL_FATAL 2
285 
286 #define SSL_ALERT_MSG_CLOSE_NOTIFY 0 /* 0x00 */
287 #define SSL_ALERT_MSG_UNEXPECTED_MESSAGE 10 /* 0x0A */
288 #define SSL_ALERT_MSG_BAD_RECORD_MAC 20 /* 0x14 */
289 #define SSL_ALERT_MSG_DECRYPTION_FAILED 21 /* 0x15 */
290 #define SSL_ALERT_MSG_RECORD_OVERFLOW 22 /* 0x16 */
291 #define SSL_ALERT_MSG_DECOMPRESSION_FAILURE 30 /* 0x1E */
292 #define SSL_ALERT_MSG_HANDSHAKE_FAILURE 40 /* 0x28 */
293 #define SSL_ALERT_MSG_NO_CERT 41 /* 0x29 */
294 #define SSL_ALERT_MSG_BAD_CERT 42 /* 0x2A */
295 #define SSL_ALERT_MSG_UNSUPPORTED_CERT 43 /* 0x2B */
296 #define SSL_ALERT_MSG_CERT_REVOKED 44 /* 0x2C */
297 #define SSL_ALERT_MSG_CERT_EXPIRED 45 /* 0x2D */
298 #define SSL_ALERT_MSG_CERT_UNKNOWN 46 /* 0x2E */
299 #define SSL_ALERT_MSG_ILLEGAL_PARAMETER 47 /* 0x2F */
300 #define SSL_ALERT_MSG_UNKNOWN_CA 48 /* 0x30 */
301 #define SSL_ALERT_MSG_ACCESS_DENIED 49 /* 0x31 */
302 #define SSL_ALERT_MSG_DECODE_ERROR 50 /* 0x32 */
303 #define SSL_ALERT_MSG_DECRYPT_ERROR 51 /* 0x33 */
304 #define SSL_ALERT_MSG_EXPORT_RESTRICTION 60 /* 0x3C */
305 #define SSL_ALERT_MSG_PROTOCOL_VERSION 70 /* 0x46 */
306 #define SSL_ALERT_MSG_INSUFFICIENT_SECURITY 71 /* 0x47 */
307 #define SSL_ALERT_MSG_INTERNAL_ERROR 80 /* 0x50 */
308 #define SSL_ALERT_MSG_USER_CANCELED 90 /* 0x5A */
309 #define SSL_ALERT_MSG_NO_RENEGOTIATION 100 /* 0x64 */
310 #define SSL_ALERT_MSG_UNSUPPORTED_EXT 110 /* 0x6E */
311 #define SSL_ALERT_MSG_UNRECOGNIZED_NAME 112 /* 0x70 */
312 #define SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY 115 /* 0x73 */
313 
314 #define SSL_HS_HELLO_REQUEST 0
315 #define SSL_HS_CLIENT_HELLO 1
316 #define SSL_HS_SERVER_HELLO 2
317 #define SSL_HS_NEW_SESSION_TICKET 4
318 #define SSL_HS_CERTIFICATE 11
319 #define SSL_HS_SERVER_KEY_EXCHANGE 12
320 #define SSL_HS_CERTIFICATE_REQUEST 13
321 #define SSL_HS_SERVER_HELLO_DONE 14
322 #define SSL_HS_CERTIFICATE_VERIFY 15
323 #define SSL_HS_CLIENT_KEY_EXCHANGE 16
324 #define SSL_HS_FINISHED 20
325 
326 /*
327  * TLS extensions
328  */
329 #define TLS_EXT_SERVERNAME 0
330 #define TLS_EXT_SERVERNAME_HOSTNAME 0
331 
332 #define TLS_EXT_MAX_FRAGMENT_LENGTH 1
333 
334 #define TLS_EXT_TRUNCATED_HMAC 4
335 
336 #define TLS_EXT_SUPPORTED_ELLIPTIC_CURVES 10
337 #define TLS_EXT_SUPPORTED_POINT_FORMATS 11
338 
339 #define TLS_EXT_SIG_ALG 13
340 
341 #define TLS_EXT_SESSION_TICKET 35
342 
343 #define TLS_EXT_RENEGOTIATION_INFO 0xFF01
344 
345 /*
346  * Size defines
347  */
348 #if !defined(POLARSSL_MPI_MAX_SIZE)
349 #define POLARSSL_PREMASTER_SIZE 512
350 #else
351 #define POLARSSL_PREMASTER_SIZE POLARSSL_MPI_MAX_SIZE
352 #endif
353 
354 #ifdef __cplusplus
355 extern "C" {
356 #endif
357 
358 /*
359  * Generic function pointers for allowing external RSA private key
360  * implementations.
361  */
362 typedef int (*rsa_decrypt_func)( void *ctx, int mode, size_t *olen,
363  const unsigned char *input, unsigned char *output,
364  size_t output_max_len );
365 typedef int (*rsa_sign_func)( void *ctx,
366  int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
367  int mode, int hash_id, unsigned int hashlen,
368  const unsigned char *hash, unsigned char *sig );
369 typedef size_t (*rsa_key_len_func)( void *ctx );
370 
371 /*
372  * SSL state machine
373  */
374 typedef enum
375 {
394 }
395 ssl_states;
396 
397 typedef struct _ssl_session ssl_session;
398 typedef struct _ssl_context ssl_context;
401 #if defined(POLARSSL_SSL_SESSION_TICKETS)
403 #endif
404 #if defined(POLARSSL_X509_CRT_PARSE_C)
406 #endif
407 
408 /*
409  * This structure is used for storing current session data.
410  */
412 {
413 #if defined(POLARSSL_HAVE_TIME)
414  time_t start;
415 #endif
418  size_t length;
419  unsigned char id[32];
420  unsigned char master[48];
422 #if defined(POLARSSL_X509_CRT_PARSE_C)
424 #endif /* POLARSSL_X509_CRT_PARSE_C */
427 #if defined(POLARSSL_SSL_SESSION_TICKETS)
428  unsigned char *ticket;
429  size_t ticket_len;
430  uint32_t ticket_lifetime;
431 #endif /* POLARSSL_SSL_SESSION_TICKETS */
432 
433 #if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
434  unsigned char mfl_code;
435 #endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */
436 
437 #if defined(POLARSSL_SSL_TRUNCATED_HMAC)
439 #endif /* POLARSSL_SSL_TRUNCATED_HMAC */
440 };
441 
442 /*
443  * This structure contains a full set of runtime transform parameters
444  * either in negotiation or active.
445  */
447 {
448  /*
449  * Session specific crypto layer
450  */
453  unsigned int keylen;
454  size_t minlen;
455  size_t ivlen;
456  size_t fixed_ivlen;
457  size_t maclen;
459  unsigned char iv_enc[16];
460  unsigned char iv_dec[16];
462 #if defined(POLARSSL_SSL_PROTO_SSL3)
463  /* Needed only for SSL v3.0 secret */
464  unsigned char mac_enc[32];
465  unsigned char mac_dec[32];
466 #endif /* POLARSSL_SSL_PROTO_SSL3 */
467 
474  /*
475  * Session specific compression layer
476  */
477 #if defined(POLARSSL_ZLIB_SUPPORT)
478  z_stream ctx_deflate;
479  z_stream ctx_inflate;
480 #endif
481 };
482 
483 /*
484  * This structure contains the parameters only needed during handshake.
485  */
487 {
488  /*
489  * Handshake specific crypto variables
490  */
491  int sig_alg;
492  int cert_type;
494 #if defined(POLARSSL_DHM_C)
496 #endif
497 #if defined(POLARSSL_ECDH_C)
499 #endif
500 #if defined(POLARSSL_ECDH_C) || defined(POLARSSL_ECDSA_C)
502 #endif
503 #if defined(POLARSSL_X509_CRT_PARSE_C)
504 
511 #if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
513 #endif
514 #endif
515 
516  /*
517  * Checksum contexts
518  */
519 #if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1) || \
520  defined(POLARSSL_SSL_PROTO_TLS1_1)
523 #endif
524 #if defined(POLARSSL_SSL_PROTO_TLS1_2)
525 #if defined(POLARSSL_SHA256_C)
527 #endif
528 #if defined(POLARSSL_SHA512_C)
530 #endif
531 #endif /* POLARSSL_SSL_PROTO_TLS1_2 */
532 
533  void (*update_checksum)(ssl_context *, const unsigned char *, size_t);
534  void (*calc_verify)(ssl_context *, unsigned char *);
535  void (*calc_finished)(ssl_context *, unsigned char *, int);
536  int (*tls_prf)(const unsigned char *, size_t, const char *,
537  const unsigned char *, size_t,
538  unsigned char *, size_t);
539 
540  size_t pmslen;
542  unsigned char randbytes[64];
543  unsigned char premaster[POLARSSL_PREMASTER_SIZE];
546  int resume;
550 #if defined(POLARSSL_SSL_SESSION_TICKETS)
552 #endif /* POLARSSL_SSL_SESSION_TICKETS */
553 };
554 
555 #if defined(POLARSSL_SSL_SESSION_TICKETS)
556 /*
557  * Parameters needed to secure session tickets
558  */
560 {
561  unsigned char key_name[16];
564  unsigned char mac_key[16];
565 };
566 #endif /* POLARSSL_SSL_SESSION_TICKETS */
567 
568 #if defined(POLARSSL_X509_CRT_PARSE_C)
569 /*
570  * List of certificate + private key pairs
571  */
573 {
578 };
579 #endif /* POLARSSL_X509_CRT_PARSE_C */
580 
582 {
583  /*
584  * Miscellaneous
585  */
586  int state;
589  int major_ver;
590  int minor_ver;
597  /*
598  * Callbacks (RNG, debug, I/O, verification)
599  */
600  int (*f_rng)(void *, unsigned char *, size_t);
601  void (*f_dbg)(void *, int, const char *);
602  int (*f_recv)(void *, unsigned char *, size_t);
603  int (*f_send)(void *, const unsigned char *, size_t);
604  int (*f_get_cache)(void *, ssl_session *);
605  int (*f_set_cache)(void *, const ssl_session *);
606 
607  void *p_rng;
608  void *p_dbg;
609  void *p_recv;
610  void *p_send;
611  void *p_get_cache;
612  void *p_set_cache;
613  void *p_hw_data;
615 #if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
616  int (*f_sni)(void *, ssl_context *, const unsigned char *, size_t);
617  void *p_sni;
618 #endif
619 
620 #if defined(POLARSSL_X509_CRT_PARSE_C)
621  int (*f_vrfy)(void *, x509_crt *, int, int *);
622  void *p_vrfy;
623 #endif
624 
625 #if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
626  int (*f_psk)(void *, ssl_context *, const unsigned char *, size_t);
627  void *p_psk;
628 #endif
629 
630  /*
631  * Session layer
632  */
641  /*
642  * Record layer transformations
643  */
649  /*
650  * Record layer (incoming data)
651  */
652  unsigned char *in_ctr;
653  unsigned char *in_hdr;
654  unsigned char *in_iv;
655  unsigned char *in_msg;
656  unsigned char *in_offt;
659  size_t in_msglen;
660  size_t in_left;
662  size_t in_hslen;
663  int nb_zero;
666  /*
667  * Record layer (outgoing data)
668  */
669  unsigned char *out_ctr;
670  unsigned char *out_hdr;
671  unsigned char *out_iv;
672  unsigned char *out_msg;
675  size_t out_msglen;
676  size_t out_left;
678 #if defined(POLARSSL_ZLIB_SUPPORT)
679  unsigned char *compress_buf;
680 #endif
681 #if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
682  unsigned char mfl_code;
683 #endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */
684 
685  /*
686  * PKI layer
687  */
688 #if defined(POLARSSL_X509_CRT_PARSE_C)
693  const char *peer_cn;
694 #endif /* POLARSSL_X509_CRT_PARSE_C */
695 
696  /*
697  * Support for generating and checking session tickets
698  */
699 #if defined(POLARSSL_SSL_SESSION_TICKETS)
701 #endif /* POLARSSL_SSL_SESSION_TICKETS */
702 
703  /*
704  * User settings
705  */
706  int endpoint;
707  int authmode;
712  const int *ciphersuite_list[4];
713 #if defined(POLARSSL_SSL_TRUNCATED_HMAC)
715 #endif
716 #if defined(POLARSSL_SSL_SESSION_TICKETS)
719 #endif
720 
721 #if defined(POLARSSL_DHM_C)
724 #endif
725 
726 #if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
727  /*
728  * PSK values
729  */
730  unsigned char *psk;
731  size_t psk_len;
732  unsigned char *psk_identity;
734 #endif
735 
736 #if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
737  /*
738  * SNI extension
739  */
740  unsigned char *hostname;
741  size_t hostname_len;
742 #endif
743 
744  /*
745  * Secure renegotiation
746  */
750  char own_verify_data[36];
751  char peer_verify_data[36];
752 };
753 
754 #if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
755 
756 #define SSL_CHANNEL_OUTBOUND 0
757 #define SSL_CHANNEL_INBOUND 1
758 
759 extern int (*ssl_hw_record_init)(ssl_context *ssl,
760  const unsigned char *key_enc, const unsigned char *key_dec,
761  size_t keylen,
762  const unsigned char *iv_enc, const unsigned char *iv_dec,
763  size_t ivlen,
764  const unsigned char *mac_enc, const unsigned char *mac_dec,
765  size_t maclen);
766 extern int (*ssl_hw_record_activate)(ssl_context *ssl, int direction);
767 extern int (*ssl_hw_record_reset)(ssl_context *ssl);
768 extern int (*ssl_hw_record_write)(ssl_context *ssl);
769 extern int (*ssl_hw_record_read)(ssl_context *ssl);
770 extern int (*ssl_hw_record_finish)(ssl_context *ssl);
771 #endif
772 
779 const int *ssl_list_ciphersuites( void );
780 
789 const char *ssl_get_ciphersuite_name( const int ciphersuite_id );
790 
799 int ssl_get_ciphersuite_id( const char *ciphersuite_name );
800 
810 int ssl_init( ssl_context *ssl );
811 
822 int ssl_session_reset( ssl_context *ssl );
823 
833 void ssl_set_endpoint( ssl_context *ssl, int endpoint );
834 
852 void ssl_set_authmode( ssl_context *ssl, int authmode );
853 
854 #if defined(POLARSSL_X509_CRT_PARSE_C)
855 
866 void ssl_set_verify( ssl_context *ssl,
867  int (*f_vrfy)(void *, x509_crt *, int, int *),
868  void *p_vrfy );
869 #endif /* POLARSSL_X509_CRT_PARSE_C */
870 
878 void ssl_set_rng( ssl_context *ssl,
879  int (*f_rng)(void *, unsigned char *, size_t),
880  void *p_rng );
881 
889 void ssl_set_dbg( ssl_context *ssl,
890  void (*f_dbg)(void *, int, const char *),
891  void *p_dbg );
892 
902 void ssl_set_bio( ssl_context *ssl,
903  int (*f_recv)(void *, unsigned char *, size_t), void *p_recv,
904  int (*f_send)(void *, const unsigned char *, size_t), void *p_send );
905 
944  int (*f_get_cache)(void *, ssl_session *), void *p_get_cache,
945  int (*f_set_cache)(void *, const ssl_session *), void *p_set_cache );
946 
961 int ssl_set_session( ssl_context *ssl, const ssl_session *session );
962 
970 void ssl_set_ciphersuites( ssl_context *ssl, const int *ciphersuites );
971 
986  const int *ciphersuites,
987  int major, int minor );
988 
989 #if defined(POLARSSL_X509_CRT_PARSE_C)
990 
998 void ssl_set_ca_chain( ssl_context *ssl, x509_crt *ca_chain,
999  x509_crl *ca_crl, const char *peer_cn );
1000 
1019 int ssl_set_own_cert( ssl_context *ssl, x509_crt *own_cert,
1020  pk_context *pk_key );
1021 
1022 #if defined(POLARSSL_RSA_C)
1023 
1036 int ssl_set_own_cert_rsa( ssl_context *ssl, x509_crt *own_cert,
1037  rsa_context *rsa_key );
1038 #endif /* POLARSSL_RSA_C */
1039 
1061 int ssl_set_own_cert_alt( ssl_context *ssl, x509_crt *own_cert,
1062  void *rsa_key,
1063  rsa_decrypt_func rsa_decrypt,
1064  rsa_sign_func rsa_sign,
1065  rsa_key_len_func rsa_key_len );
1066 #endif /* POLARSSL_X509_CRT_PARSE_C */
1067 
1068 #if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
1069 
1081 int ssl_set_psk( ssl_context *ssl, const unsigned char *psk, size_t psk_len,
1082  const unsigned char *psk_identity, size_t psk_identity_len );
1083 
1104 void ssl_set_psk_cb( ssl_context *ssl,
1105  int (*f_psk)(void *, ssl_context *, const unsigned char *,
1106  size_t),
1107  void *p_psk );
1108 #endif /* POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED */
1109 
1110 #if defined(POLARSSL_DHM_C)
1111 
1122 int ssl_set_dh_param( ssl_context *ssl, const char *dhm_P, const char *dhm_G );
1123 
1133 int ssl_set_dh_param_ctx( ssl_context *ssl, dhm_context *dhm_ctx );
1134 #endif
1135 
1136 #if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
1137 
1147 int ssl_set_hostname( ssl_context *ssl, const char *hostname );
1148 
1168 void ssl_set_sni( ssl_context *ssl,
1169  int (*f_sni)(void *, ssl_context *, const unsigned char *,
1170  size_t),
1171  void *p_sni );
1172 #endif /* POLARSSL_SSL_SERVER_NAME_INDICATION */
1173 
1189 void ssl_set_max_version( ssl_context *ssl, int major, int minor );
1190 
1191 
1205 void ssl_set_min_version( ssl_context *ssl, int major, int minor );
1206 
1207 #if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
1208 
1223 int ssl_set_max_frag_len( ssl_context *ssl, unsigned char mfl_code );
1224 #endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */
1225 
1226 #if defined(POLARSSL_SSL_TRUNCATED_HMAC)
1227 
1238 int ssl_set_truncated_hmac( ssl_context *ssl, int truncate );
1239 #endif /* POLARSSL_SSL_TRUNCATED_HMAC */
1240 
1241 #if defined(POLARSSL_SSL_SESSION_TICKETS)
1242 
1258 int ssl_set_session_tickets( ssl_context *ssl, int use_tickets );
1259 
1267 void ssl_set_session_ticket_lifetime( ssl_context *ssl, int lifetime );
1268 #endif /* POLARSSL_SSL_SESSION_TICKETS */
1269 
1283 void ssl_set_renegotiation( ssl_context *ssl, int renegotiation );
1284 
1312 void ssl_legacy_renegotiation( ssl_context *ssl, int allow_legacy );
1313 
1321 size_t ssl_get_bytes_avail( const ssl_context *ssl );
1322 
1334 int ssl_get_verify_result( const ssl_context *ssl );
1335 
1343 const char *ssl_get_ciphersuite( const ssl_context *ssl );
1344 
1352 const char *ssl_get_version( const ssl_context *ssl );
1353 
1354 #if defined(POLARSSL_X509_CRT_PARSE_C)
1355 
1369 const x509_crt *ssl_get_peer_cert( const ssl_context *ssl );
1370 #endif /* POLARSSL_X509_CRT_PARSE_C */
1371 
1388 int ssl_get_session( const ssl_context *ssl, ssl_session *session );
1389 
1398 int ssl_handshake( ssl_context *ssl );
1399 
1412 int ssl_handshake_step( ssl_context *ssl );
1413 
1421 int ssl_renegotiate( ssl_context *ssl );
1422 
1433 int ssl_read( ssl_context *ssl, unsigned char *buf, size_t len );
1434 
1449 int ssl_write( ssl_context *ssl, const unsigned char *buf, size_t len );
1450 
1462  unsigned char level,
1463  unsigned char message );
1469 int ssl_close_notify( ssl_context *ssl );
1470 
1476 void ssl_free( ssl_context *ssl );
1477 
1484 void ssl_session_free( ssl_session *session );
1485 
1492 void ssl_transform_free( ssl_transform *transform );
1493 
1500 void ssl_handshake_free( ssl_handshake_params *handshake );
1501 
1502 /*
1503  * Internal functions (do not call directly)
1504  */
1507 void ssl_handshake_wrapup( ssl_context *ssl );
1508 
1510 
1511 int ssl_derive_keys( ssl_context *ssl );
1512 
1513 int ssl_read_record( ssl_context *ssl );
1518 int ssl_fetch_input( ssl_context *ssl, size_t nb_want );
1519 
1520 int ssl_write_record( ssl_context *ssl );
1521 int ssl_flush_output( ssl_context *ssl );
1522 
1525 
1528 
1529 int ssl_parse_finished( ssl_context *ssl );
1530 int ssl_write_finished( ssl_context *ssl );
1531 
1532 void ssl_optimize_checksum( ssl_context *ssl, const ssl_ciphersuite_t *ciphersuite_info );
1533 
1534 #if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
1536 #endif
1537 
1538 #if defined(POLARSSL_PK_C)
1539 unsigned char ssl_sig_from_pk( pk_context *pk );
1540 pk_type_t ssl_pk_alg_from_sig( unsigned char sig );
1541 #endif
1542 
1543 md_type_t ssl_md_alg_from_hash( unsigned char hash );
1544 
1545 #if defined(POLARSSL_X509_CRT_PARSE_C)
1546 static inline pk_context *ssl_own_key( ssl_context *ssl )
1547 {
1548  return( ssl->handshake->key_cert == NULL ? NULL
1549  : ssl->handshake->key_cert->key );
1550 }
1551 
1552 static inline x509_crt *ssl_own_cert( ssl_context *ssl )
1553 {
1554  return( ssl->handshake->key_cert == NULL ? NULL
1555  : ssl->handshake->key_cert->cert );
1556 }
1557 #endif /* POLARSSL_X509_CRT_PARSE_C */
1558 
1559 #ifdef __cplusplus
1560 }
1561 #endif
1562 
1563 #endif /* ssl.h */