aes-gcm-test-program - Example program to test AES-GCM functionality. Us…

Users » HannesTschofenig » Code » aes-gcm-test-program

Hannes Tschofenig / Mbed 2 deprecated aes-gcm-test-program

Example program to test AES-GCM functionality. Used for a workshop

SSL/include/polarssl/ssl.h@0:796d0f61a05b, 2018-09-27 (annotated)

Committer:: HannesTschofenig
Date:: Thu Sep 27 06:34:22 2018 +0000
Revision:: 0:796d0f61a05b

Example AES-GCM test program

Who changed what in which revision?

User	Revision	Line number	New contents of line
HannesTschofenig	0:796d0f61a05b	1	/**
HannesTschofenig	0:796d0f61a05b	2	* \file ssl.h
HannesTschofenig	0:796d0f61a05b	3	*
HannesTschofenig	0:796d0f61a05b	4	* \brief SSL/TLS functions.
HannesTschofenig	0:796d0f61a05b	5	*
HannesTschofenig	0:796d0f61a05b	6	* Copyright (C) 2006-2014, Brainspark B.V.
HannesTschofenig	0:796d0f61a05b	7	*
HannesTschofenig	0:796d0f61a05b	8	* This file is part of PolarSSL (http://www.polarssl.org)
HannesTschofenig	0:796d0f61a05b	9	* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
HannesTschofenig	0:796d0f61a05b	10	*
HannesTschofenig	0:796d0f61a05b	11	* All rights reserved.
HannesTschofenig	0:796d0f61a05b	12	*
HannesTschofenig	0:796d0f61a05b	13	* This program is free software; you can redistribute it and/or modify
HannesTschofenig	0:796d0f61a05b	14	* it under the terms of the GNU General Public License as published by
HannesTschofenig	0:796d0f61a05b	15	* the Free Software Foundation; either version 2 of the License, or
HannesTschofenig	0:796d0f61a05b	16	* (at your option) any later version.
HannesTschofenig	0:796d0f61a05b	17	*
HannesTschofenig	0:796d0f61a05b	18	* This program is distributed in the hope that it will be useful,
HannesTschofenig	0:796d0f61a05b	19	* but WITHOUT ANY WARRANTY; without even the implied warranty of
HannesTschofenig	0:796d0f61a05b	20	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
HannesTschofenig	0:796d0f61a05b	21	* GNU General Public License for more details.
HannesTschofenig	0:796d0f61a05b	22	*
HannesTschofenig	0:796d0f61a05b	23	* You should have received a copy of the GNU General Public License along
HannesTschofenig	0:796d0f61a05b	24	* with this program; if not, write to the Free Software Foundation, Inc.,
HannesTschofenig	0:796d0f61a05b	25	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
HannesTschofenig	0:796d0f61a05b	26	*/
HannesTschofenig	0:796d0f61a05b	27	#ifndef POLARSSL_SSL_H
HannesTschofenig	0:796d0f61a05b	28	#define POLARSSL_SSL_H
HannesTschofenig	0:796d0f61a05b	29
HannesTschofenig	0:796d0f61a05b	30	#if !defined(POLARSSL_CONFIG_FILE)
HannesTschofenig	0:796d0f61a05b	31	#include "config.h"
HannesTschofenig	0:796d0f61a05b	32	#else
HannesTschofenig	0:796d0f61a05b	33	#include POLARSSL_CONFIG_FILE
HannesTschofenig	0:796d0f61a05b	34	#endif
HannesTschofenig	0:796d0f61a05b	35	#include "net.h"
HannesTschofenig	0:796d0f61a05b	36	#include "bignum.h"
HannesTschofenig	0:796d0f61a05b	37
HannesTschofenig	0:796d0f61a05b	38	#include "ssl_ciphersuites.h"
HannesTschofenig	0:796d0f61a05b	39
HannesTschofenig	0:796d0f61a05b	40	#if defined(POLARSSL_MD5_C)
HannesTschofenig	0:796d0f61a05b	41	#include "md5.h"
HannesTschofenig	0:796d0f61a05b	42	#endif
HannesTschofenig	0:796d0f61a05b	43
HannesTschofenig	0:796d0f61a05b	44	#if defined(POLARSSL_SHA1_C)
HannesTschofenig	0:796d0f61a05b	45	#include "sha1.h"
HannesTschofenig	0:796d0f61a05b	46	#endif
HannesTschofenig	0:796d0f61a05b	47
HannesTschofenig	0:796d0f61a05b	48	#if defined(POLARSSL_SHA256_C)
HannesTschofenig	0:796d0f61a05b	49	#include "sha256.h"
HannesTschofenig	0:796d0f61a05b	50	#endif
HannesTschofenig	0:796d0f61a05b	51
HannesTschofenig	0:796d0f61a05b	52	#if defined(POLARSSL_SHA512_C)
HannesTschofenig	0:796d0f61a05b	53	#include "sha512.h"
HannesTschofenig	0:796d0f61a05b	54	#endif
HannesTschofenig	0:796d0f61a05b	55
HannesTschofenig	0:796d0f61a05b	56	// for session tickets
HannesTschofenig	0:796d0f61a05b	57	#if defined(POLARSSL_AES_C)
HannesTschofenig	0:796d0f61a05b	58	#include "aes.h"
HannesTschofenig	0:796d0f61a05b	59	#endif
HannesTschofenig	0:796d0f61a05b	60
HannesTschofenig	0:796d0f61a05b	61	#if defined(POLARSSL_X509_CRT_PARSE_C)
HannesTschofenig	0:796d0f61a05b	62	#include "x509_crt.h"
HannesTschofenig	0:796d0f61a05b	63	#include "x509_crl.h"
HannesTschofenig	0:796d0f61a05b	64	#endif
HannesTschofenig	0:796d0f61a05b	65
HannesTschofenig	0:796d0f61a05b	66	#if defined(POLARSSL_DHM_C)
HannesTschofenig	0:796d0f61a05b	67	#include "dhm.h"
HannesTschofenig	0:796d0f61a05b	68	#endif
HannesTschofenig	0:796d0f61a05b	69
HannesTschofenig	0:796d0f61a05b	70	#if defined(POLARSSL_ECDH_C)
HannesTschofenig	0:796d0f61a05b	71	#include "ecdh.h"
HannesTschofenig	0:796d0f61a05b	72	#endif
HannesTschofenig	0:796d0f61a05b	73
HannesTschofenig	0:796d0f61a05b	74	#if defined(POLARSSL_ZLIB_SUPPORT)
HannesTschofenig	0:796d0f61a05b	75	#include "zlib.h"
HannesTschofenig	0:796d0f61a05b	76	#endif
HannesTschofenig	0:796d0f61a05b	77
HannesTschofenig	0:796d0f61a05b	78	#if defined(POLARSSL_HAVE_TIME)
HannesTschofenig	0:796d0f61a05b	79	#include <time.h>
HannesTschofenig	0:796d0f61a05b	80	#endif
HannesTschofenig	0:796d0f61a05b	81
HannesTschofenig	0:796d0f61a05b	82	/* For convenience below and in programs */
HannesTschofenig	0:796d0f61a05b	83	#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) \|\| \
HannesTschofenig	0:796d0f61a05b	84	defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED) \|\| \
HannesTschofenig	0:796d0f61a05b	85	defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED) \|\| \
HannesTschofenig	0:796d0f61a05b	86	defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
HannesTschofenig	0:796d0f61a05b	87	#define POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED
HannesTschofenig	0:796d0f61a05b	88	#endif
HannesTschofenig	0:796d0f61a05b	89
HannesTschofenig	0:796d0f61a05b	90	#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) \|\| \
HannesTschofenig	0:796d0f61a05b	91	defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) \|\| \
HannesTschofenig	0:796d0f61a05b	92	defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
HannesTschofenig	0:796d0f61a05b	93	#define POLARSSL_KEY_EXCHANGE__SOME__ECDHE_ENABLED
HannesTschofenig	0:796d0f61a05b	94	#endif
HannesTschofenig	0:796d0f61a05b	95
HannesTschofenig	0:796d0f61a05b	96	#if defined(_MSC_VER) && !defined(inline)
HannesTschofenig	0:796d0f61a05b	97	#define inline _inline
HannesTschofenig	0:796d0f61a05b	98	#else
HannesTschofenig	0:796d0f61a05b	99	#if defined(__ARMCC_VERSION) && !defined(inline)
HannesTschofenig	0:796d0f61a05b	100	#define inline __inline
HannesTschofenig	0:796d0f61a05b	101	#endif /* __ARMCC_VERSION */
HannesTschofenig	0:796d0f61a05b	102	#endif /_MSC_VER /
HannesTschofenig	0:796d0f61a05b	103
HannesTschofenig	0:796d0f61a05b	104	/*
HannesTschofenig	0:796d0f61a05b	105	* SSL Error codes
HannesTschofenig	0:796d0f61a05b	106	*/
HannesTschofenig	0:796d0f61a05b	107	#define POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE -0x7080 /*< The requested feature is not available. /
HannesTschofenig	0:796d0f61a05b	108	#define POLARSSL_ERR_SSL_BAD_INPUT_DATA -0x7100 /*< Bad input parameters to function. /
HannesTschofenig	0:796d0f61a05b	109	#define POLARSSL_ERR_SSL_INVALID_MAC -0x7180 /*< Verification of the message MAC failed. /
HannesTschofenig	0:796d0f61a05b	110	#define POLARSSL_ERR_SSL_INVALID_RECORD -0x7200 /*< An invalid SSL record was received. /
HannesTschofenig	0:796d0f61a05b	111	#define POLARSSL_ERR_SSL_CONN_EOF -0x7280 /*< The connection indicated an EOF. /
HannesTschofenig	0:796d0f61a05b	112	#define POLARSSL_ERR_SSL_UNKNOWN_CIPHER -0x7300 /*< An unknown cipher was received. /
HannesTschofenig	0:796d0f61a05b	113	#define POLARSSL_ERR_SSL_NO_CIPHER_CHOSEN -0x7380 /*< The server has no ciphersuites in common with the client. /
HannesTschofenig	0:796d0f61a05b	114	#define POLARSSL_ERR_SSL_NO_RNG -0x7400 /*< No RNG was provided to the SSL module. /
HannesTschofenig	0:796d0f61a05b	115	#define POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE -0x7480 /*< No client certification received from the client, but required by the authentication mode. /
HannesTschofenig	0:796d0f61a05b	116	#define POLARSSL_ERR_SSL_CERTIFICATE_TOO_LARGE -0x7500 /*< Our own certificate(s) is/are too large to send in an SSL message./
HannesTschofenig	0:796d0f61a05b	117	#define POLARSSL_ERR_SSL_CERTIFICATE_REQUIRED -0x7580 /*< The own certificate is not set, but needed by the server. /
HannesTschofenig	0:796d0f61a05b	118	#define POLARSSL_ERR_SSL_PRIVATE_KEY_REQUIRED -0x7600 /*< The own private key or pre-shared key is not set, but needed. /
HannesTschofenig	0:796d0f61a05b	119	#define POLARSSL_ERR_SSL_CA_CHAIN_REQUIRED -0x7680 /*< No CA Chain is set, but required to operate. /
HannesTschofenig	0:796d0f61a05b	120	#define POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE -0x7700 /*< An unexpected message was received from our peer. /
HannesTschofenig	0:796d0f61a05b	121	#define POLARSSL_ERR_SSL_FATAL_ALERT_MESSAGE -0x7780 /*< A fatal alert message was received from our peer. /
HannesTschofenig	0:796d0f61a05b	122	#define POLARSSL_ERR_SSL_PEER_VERIFY_FAILED -0x7800 /*< Verification of our peer failed. /
HannesTschofenig	0:796d0f61a05b	123	#define POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY -0x7880 /*< The peer notified us that the connection is going to be closed. /
HannesTschofenig	0:796d0f61a05b	124	#define POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO -0x7900 /*< Processing of the ClientHello handshake message failed. /
HannesTschofenig	0:796d0f61a05b	125	#define POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO -0x7980 /*< Processing of the ServerHello handshake message failed. /
HannesTschofenig	0:796d0f61a05b	126	#define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE -0x7A00 /*< Processing of the Certificate handshake message failed. /
HannesTschofenig	0:796d0f61a05b	127	#define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST -0x7A80 /*< Processing of the CertificateRequest handshake message failed. /
HannesTschofenig	0:796d0f61a05b	128	#define POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE -0x7B00 /*< Processing of the ServerKeyExchange handshake message failed. /
HannesTschofenig	0:796d0f61a05b	129	#define POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO_DONE -0x7B80 /*< Processing of the ServerHelloDone handshake message failed. /
HannesTschofenig	0:796d0f61a05b	130	#define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE -0x7C00 /*< Processing of the ClientKeyExchange handshake message failed. /
HannesTschofenig	0:796d0f61a05b	131	#define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP -0x7C80 /*< Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Read Public. /
HannesTschofenig	0:796d0f61a05b	132	#define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS -0x7D00 /*< Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Calculate Secret. /
HannesTschofenig	0:796d0f61a05b	133	#define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY -0x7D80 /*< Processing of the CertificateVerify handshake message failed. /
HannesTschofenig	0:796d0f61a05b	134	#define POLARSSL_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC -0x7E00 /*< Processing of the ChangeCipherSpec handshake message failed. /
HannesTschofenig	0:796d0f61a05b	135	#define POLARSSL_ERR_SSL_BAD_HS_FINISHED -0x7E80 /*< Processing of the Finished handshake message failed. /
HannesTschofenig	0:796d0f61a05b	136	#define POLARSSL_ERR_SSL_MALLOC_FAILED -0x7F00 /*< Memory allocation failed /
HannesTschofenig	0:796d0f61a05b	137	#define POLARSSL_ERR_SSL_HW_ACCEL_FAILED -0x7F80 /*< Hardware acceleration function returned with error /
HannesTschofenig	0:796d0f61a05b	138	#define POLARSSL_ERR_SSL_HW_ACCEL_FALLTHROUGH -0x6F80 /*< Hardware acceleration function skipped / left alone data /
HannesTschofenig	0:796d0f61a05b	139	#define POLARSSL_ERR_SSL_COMPRESSION_FAILED -0x6F00 /*< Processing of the compression / decompression failed /
HannesTschofenig	0:796d0f61a05b	140	#define POLARSSL_ERR_SSL_BAD_HS_PROTOCOL_VERSION -0x6E80 /*< Handshake protocol not within min/max boundaries /
HannesTschofenig	0:796d0f61a05b	141	#define POLARSSL_ERR_SSL_BAD_HS_NEW_SESSION_TICKET -0x6E00 /*< Processing of the NewSessionTicket handshake message failed. /
HannesTschofenig	0:796d0f61a05b	142	#define POLARSSL_ERR_SSL_SESSION_TICKET_EXPIRED -0x6D80 /*< Session ticket has expired. /
HannesTschofenig	0:796d0f61a05b	143	#define POLARSSL_ERR_SSL_PK_TYPE_MISMATCH -0x6D00 /*< Public key type mismatch (eg, asked for RSA key exchange and presented EC key) /
HannesTschofenig	0:796d0f61a05b	144	#define POLARSSL_ERR_SSL_UNKNOWN_IDENTITY -0x6C80 /*< Unknown identity received (eg, PSK identity) /
HannesTschofenig	0:796d0f61a05b	145	#define POLARSSL_ERR_SSL_INTERNAL_ERROR -0x6C00 /*< Internal error (eg, unexpected failure in lower-level module) /
HannesTschofenig	0:796d0f61a05b	146	#define POLARSSL_ERR_SSL_COUNTER_WRAPPING -0x6B80 /*< A counter would wrap (eg, too many messages exchanged). /
HannesTschofenig	0:796d0f61a05b	147
HannesTschofenig	0:796d0f61a05b	148	/*
HannesTschofenig	0:796d0f61a05b	149	* Various constants
HannesTschofenig	0:796d0f61a05b	150	*/
HannesTschofenig	0:796d0f61a05b	151	#define SSL_MAJOR_VERSION_3 3
HannesTschofenig	0:796d0f61a05b	152	#define SSL_MINOR_VERSION_0 0 /!< SSL v3.0 /
HannesTschofenig	0:796d0f61a05b	153	#define SSL_MINOR_VERSION_1 1 /!< TLS v1.0 /
HannesTschofenig	0:796d0f61a05b	154	#define SSL_MINOR_VERSION_2 2 /!< TLS v1.1 /
HannesTschofenig	0:796d0f61a05b	155	#define SSL_MINOR_VERSION_3 3 /!< TLS v1.2 /
HannesTschofenig	0:796d0f61a05b	156
HannesTschofenig	0:796d0f61a05b	157	/* Determine minimum supported version */
HannesTschofenig	0:796d0f61a05b	158	#define SSL_MIN_MAJOR_VERSION SSL_MAJOR_VERSION_3
HannesTschofenig	0:796d0f61a05b	159
HannesTschofenig	0:796d0f61a05b	160	#if defined(POLARSSL_SSL_PROTO_SSL3)
HannesTschofenig	0:796d0f61a05b	161	#define SSL_MIN_MINOR_VERSION SSL_MINOR_VERSION_0
HannesTschofenig	0:796d0f61a05b	162	#else
HannesTschofenig	0:796d0f61a05b	163	#if defined(POLARSSL_SSL_PROTO_TLS1)
HannesTschofenig	0:796d0f61a05b	164	#define SSL_MIN_MINOR_VERSION SSL_MINOR_VERSION_1
HannesTschofenig	0:796d0f61a05b	165	#else
HannesTschofenig	0:796d0f61a05b	166	#if defined(POLARSSL_SSL_PROTO_TLS1_1)
HannesTschofenig	0:796d0f61a05b	167	#define SSL_MIN_MINOR_VERSION SSL_MINOR_VERSION_2
HannesTschofenig	0:796d0f61a05b	168	#else
HannesTschofenig	0:796d0f61a05b	169	#if defined(POLARSSL_SSL_PROTO_TLS1_2)
HannesTschofenig	0:796d0f61a05b	170	#define SSL_MIN_MINOR_VERSION SSL_MINOR_VERSION_3
HannesTschofenig	0:796d0f61a05b	171	#endif /* POLARSSL_SSL_PROTO_TLS1_2 */
HannesTschofenig	0:796d0f61a05b	172	#endif /* POLARSSL_SSL_PROTO_TLS1_1 */
HannesTschofenig	0:796d0f61a05b	173	#endif /* POLARSSL_SSL_PROTO_TLS1 */
HannesTschofenig	0:796d0f61a05b	174	#endif /* POLARSSL_SSL_PROTO_SSL3 */
HannesTschofenig	0:796d0f61a05b	175
HannesTschofenig	0:796d0f61a05b	176	/* Determine maximum supported version */
HannesTschofenig	0:796d0f61a05b	177	#define SSL_MAX_MAJOR_VERSION SSL_MAJOR_VERSION_3
HannesTschofenig	0:796d0f61a05b	178
HannesTschofenig	0:796d0f61a05b	179	#if defined(POLARSSL_SSL_PROTO_TLS1_2)
HannesTschofenig	0:796d0f61a05b	180	#define SSL_MAX_MINOR_VERSION SSL_MINOR_VERSION_3
HannesTschofenig	0:796d0f61a05b	181	#else
HannesTschofenig	0:796d0f61a05b	182	#if defined(POLARSSL_SSL_PROTO_TLS1_1)
HannesTschofenig	0:796d0f61a05b	183	#define SSL_MAX_MINOR_VERSION SSL_MINOR_VERSION_2
HannesTschofenig	0:796d0f61a05b	184	#else
HannesTschofenig	0:796d0f61a05b	185	#if defined(POLARSSL_SSL_PROTO_TLS1)
HannesTschofenig	0:796d0f61a05b	186	#define SSL_MAX_MINOR_VERSION SSL_MINOR_VERSION_1
HannesTschofenig	0:796d0f61a05b	187	#else
HannesTschofenig	0:796d0f61a05b	188	#if defined(POLARSSL_SSL_PROTO_SSL3)
HannesTschofenig	0:796d0f61a05b	189	#define SSL_MAX_MINOR_VERSION SSL_MINOR_VERSION_0
HannesTschofenig	0:796d0f61a05b	190	#endif /* POLARSSL_SSL_PROTO_SSL3 */
HannesTschofenig	0:796d0f61a05b	191	#endif /* POLARSSL_SSL_PROTO_TLS1 */
HannesTschofenig	0:796d0f61a05b	192	#endif /* POLARSSL_SSL_PROTO_TLS1_1 */
HannesTschofenig	0:796d0f61a05b	193	#endif /* POLARSSL_SSL_PROTO_TLS1_2 */
HannesTschofenig	0:796d0f61a05b	194
HannesTschofenig	0:796d0f61a05b	195	/* RFC 6066 section 4, see also mfl_code_to_length in ssl_tls.c
HannesTschofenig	0:796d0f61a05b	196	* NONE must be zero so that memset()ing structure to zero works */
HannesTschofenig	0:796d0f61a05b	197	#define SSL_MAX_FRAG_LEN_NONE 0 /!< don't use this extension /
HannesTschofenig	0:796d0f61a05b	198	#define SSL_MAX_FRAG_LEN_512 1 /!< MaxFragmentLength 2^9 /
HannesTschofenig	0:796d0f61a05b	199	#define SSL_MAX_FRAG_LEN_1024 2 /!< MaxFragmentLength 2^10 /
HannesTschofenig	0:796d0f61a05b	200	#define SSL_MAX_FRAG_LEN_2048 3 /!< MaxFragmentLength 2^11 /
HannesTschofenig	0:796d0f61a05b	201	#define SSL_MAX_FRAG_LEN_4096 4 /!< MaxFragmentLength 2^12 /
HannesTschofenig	0:796d0f61a05b	202	#define SSL_MAX_FRAG_LEN_INVALID 5 /!< first invalid value /
HannesTschofenig	0:796d0f61a05b	203
HannesTschofenig	0:796d0f61a05b	204	#define SSL_IS_CLIENT 0
HannesTschofenig	0:796d0f61a05b	205	#define SSL_IS_SERVER 1
HannesTschofenig	0:796d0f61a05b	206	#define SSL_COMPRESS_NULL 0
HannesTschofenig	0:796d0f61a05b	207	#define SSL_COMPRESS_DEFLATE 1
HannesTschofenig	0:796d0f61a05b	208
HannesTschofenig	0:796d0f61a05b	209	#define SSL_VERIFY_NONE 0
HannesTschofenig	0:796d0f61a05b	210	#define SSL_VERIFY_OPTIONAL 1
HannesTschofenig	0:796d0f61a05b	211	#define SSL_VERIFY_REQUIRED 2
HannesTschofenig	0:796d0f61a05b	212
HannesTschofenig	0:796d0f61a05b	213	#define SSL_INITIAL_HANDSHAKE 0
HannesTschofenig	0:796d0f61a05b	214	#define SSL_RENEGOTIATION 1 /* In progress */
HannesTschofenig	0:796d0f61a05b	215	#define SSL_RENEGOTIATION_DONE 2 /* Done */
HannesTschofenig	0:796d0f61a05b	216	#define SSL_RENEGOTIATION_PENDING 3 /* Requested (server only) */
HannesTschofenig	0:796d0f61a05b	217
HannesTschofenig	0:796d0f61a05b	218	#define SSL_LEGACY_RENEGOTIATION 0
HannesTschofenig	0:796d0f61a05b	219	#define SSL_SECURE_RENEGOTIATION 1
HannesTschofenig	0:796d0f61a05b	220
HannesTschofenig	0:796d0f61a05b	221	#define SSL_RENEGOTIATION_DISABLED 0
HannesTschofenig	0:796d0f61a05b	222	#define SSL_RENEGOTIATION_ENABLED 1
HannesTschofenig	0:796d0f61a05b	223
HannesTschofenig	0:796d0f61a05b	224	#define SSL_LEGACY_NO_RENEGOTIATION 0
HannesTschofenig	0:796d0f61a05b	225	#define SSL_LEGACY_ALLOW_RENEGOTIATION 1
HannesTschofenig	0:796d0f61a05b	226	#define SSL_LEGACY_BREAK_HANDSHAKE 2
HannesTschofenig	0:796d0f61a05b	227
HannesTschofenig	0:796d0f61a05b	228	#define SSL_TRUNC_HMAC_DISABLED 0
HannesTschofenig	0:796d0f61a05b	229	#define SSL_TRUNC_HMAC_ENABLED 1
HannesTschofenig	0:796d0f61a05b	230	#define SSL_TRUNCATED_HMAC_LEN 10 /* 80 bits, rfc 6066 section 7 */
HannesTschofenig	0:796d0f61a05b	231
HannesTschofenig	0:796d0f61a05b	232	#define SSL_SESSION_TICKETS_DISABLED 0
HannesTschofenig	0:796d0f61a05b	233	#define SSL_SESSION_TICKETS_ENABLED 1
HannesTschofenig	0:796d0f61a05b	234
HannesTschofenig	0:796d0f61a05b	235	/**
HannesTschofenig	0:796d0f61a05b	236	* \name SECTION: Module settings
HannesTschofenig	0:796d0f61a05b	237	*
HannesTschofenig	0:796d0f61a05b	238	* The configuration options you can set for this module are in this section.
HannesTschofenig	0:796d0f61a05b	239	* Either change them in config.h or define them on the compiler command line.
HannesTschofenig	0:796d0f61a05b	240	* \{
HannesTschofenig	0:796d0f61a05b	241	*/
HannesTschofenig	0:796d0f61a05b	242
HannesTschofenig	0:796d0f61a05b	243	#if !defined(SSL_DEFAULT_TICKET_LIFETIME)
HannesTschofenig	0:796d0f61a05b	244	#define SSL_DEFAULT_TICKET_LIFETIME 86400 /*< Lifetime of session tickets (if enabled) /
HannesTschofenig	0:796d0f61a05b	245	#endif
HannesTschofenig	0:796d0f61a05b	246
HannesTschofenig	0:796d0f61a05b	247	/*
HannesTschofenig	0:796d0f61a05b	248	* Size of the input / output buffer.
HannesTschofenig	0:796d0f61a05b	249	* Note: the RFC defines the default size of SSL / TLS messages. If you
HannesTschofenig	0:796d0f61a05b	250	* change the value here, other clients / servers may not be able to
HannesTschofenig	0:796d0f61a05b	251	* communicate with you anymore. Only change this value if you control
HannesTschofenig	0:796d0f61a05b	252	* both sides of the connection and have it reduced at both sides!
HannesTschofenig	0:796d0f61a05b	253	*/
HannesTschofenig	0:796d0f61a05b	254	#if !defined(SSL_MAX_CONTENT_LEN)
HannesTschofenig	0:796d0f61a05b	255	#define SSL_MAX_CONTENT_LEN 16384 /*< Size of the input / output buffer /
HannesTschofenig	0:796d0f61a05b	256	#endif
HannesTschofenig	0:796d0f61a05b	257
HannesTschofenig	0:796d0f61a05b	258	/* \} name SECTION: Module settings */
HannesTschofenig	0:796d0f61a05b	259
HannesTschofenig	0:796d0f61a05b	260	/*
HannesTschofenig	0:796d0f61a05b	261	* Allow an extra 301 bytes for the record header
HannesTschofenig	0:796d0f61a05b	262	* and encryption overhead: counter (8) + header (5) + MAC (32) + padding (256)
HannesTschofenig	0:796d0f61a05b	263	* and allow for a maximum of 1024 of compression expansion if
HannesTschofenig	0:796d0f61a05b	264	* enabled.
HannesTschofenig	0:796d0f61a05b	265	*/
HannesTschofenig	0:796d0f61a05b	266	#if defined(POLARSSL_ZLIB_SUPPORT)
HannesTschofenig	0:796d0f61a05b	267	#define SSL_COMPRESSION_ADD 1024
HannesTschofenig	0:796d0f61a05b	268	#else
HannesTschofenig	0:796d0f61a05b	269	#define SSL_COMPRESSION_ADD 0
HannesTschofenig	0:796d0f61a05b	270	#endif
HannesTschofenig	0:796d0f61a05b	271
HannesTschofenig	0:796d0f61a05b	272	#define SSL_BUFFER_LEN (SSL_MAX_CONTENT_LEN + SSL_COMPRESSION_ADD + 301)
HannesTschofenig	0:796d0f61a05b	273
HannesTschofenig	0:796d0f61a05b	274	#define SSL_EMPTY_RENEGOTIATION_INFO 0xFF /*< renegotiation info ext /
HannesTschofenig	0:796d0f61a05b	275
HannesTschofenig	0:796d0f61a05b	276	/*
HannesTschofenig	0:796d0f61a05b	277	* Supported Signature and Hash algorithms (For TLS 1.2)
HannesTschofenig	0:796d0f61a05b	278	* RFC 5246 section 7.4.1.4.1
HannesTschofenig	0:796d0f61a05b	279	*/
HannesTschofenig	0:796d0f61a05b	280	#define SSL_HASH_NONE 0
HannesTschofenig	0:796d0f61a05b	281	#define SSL_HASH_MD5 1
HannesTschofenig	0:796d0f61a05b	282	#define SSL_HASH_SHA1 2
HannesTschofenig	0:796d0f61a05b	283	#define SSL_HASH_SHA224 3
HannesTschofenig	0:796d0f61a05b	284	#define SSL_HASH_SHA256 4
HannesTschofenig	0:796d0f61a05b	285	#define SSL_HASH_SHA384 5
HannesTschofenig	0:796d0f61a05b	286	#define SSL_HASH_SHA512 6
HannesTschofenig	0:796d0f61a05b	287
HannesTschofenig	0:796d0f61a05b	288	#define SSL_SIG_ANON 0
HannesTschofenig	0:796d0f61a05b	289	#define SSL_SIG_RSA 1
HannesTschofenig	0:796d0f61a05b	290	#define SSL_SIG_ECDSA 3
HannesTschofenig	0:796d0f61a05b	291
HannesTschofenig	0:796d0f61a05b	292	/*
HannesTschofenig	0:796d0f61a05b	293	* Client Certificate Types
HannesTschofenig	0:796d0f61a05b	294	* RFC 5246 section 7.4.4 plus RFC 4492 section 5.5
HannesTschofenig	0:796d0f61a05b	295	*/
HannesTschofenig	0:796d0f61a05b	296	#define SSL_CERT_TYPE_RSA_SIGN 1
HannesTschofenig	0:796d0f61a05b	297	#define SSL_CERT_TYPE_ECDSA_SIGN 64
HannesTschofenig	0:796d0f61a05b	298
HannesTschofenig	0:796d0f61a05b	299	/*
HannesTschofenig	0:796d0f61a05b	300	* Message, alert and handshake types
HannesTschofenig	0:796d0f61a05b	301	*/
HannesTschofenig	0:796d0f61a05b	302	#define SSL_MSG_CHANGE_CIPHER_SPEC 20
HannesTschofenig	0:796d0f61a05b	303	#define SSL_MSG_ALERT 21
HannesTschofenig	0:796d0f61a05b	304	#define SSL_MSG_HANDSHAKE 22
HannesTschofenig	0:796d0f61a05b	305	#define SSL_MSG_APPLICATION_DATA 23
HannesTschofenig	0:796d0f61a05b	306
HannesTschofenig	0:796d0f61a05b	307	#define SSL_ALERT_LEVEL_WARNING 1
HannesTschofenig	0:796d0f61a05b	308	#define SSL_ALERT_LEVEL_FATAL 2
HannesTschofenig	0:796d0f61a05b	309
HannesTschofenig	0:796d0f61a05b	310	#define SSL_ALERT_MSG_CLOSE_NOTIFY 0 /* 0x00 */
HannesTschofenig	0:796d0f61a05b	311	#define SSL_ALERT_MSG_UNEXPECTED_MESSAGE 10 /* 0x0A */
HannesTschofenig	0:796d0f61a05b	312	#define SSL_ALERT_MSG_BAD_RECORD_MAC 20 /* 0x14 */
HannesTschofenig	0:796d0f61a05b	313	#define SSL_ALERT_MSG_DECRYPTION_FAILED 21 /* 0x15 */
HannesTschofenig	0:796d0f61a05b	314	#define SSL_ALERT_MSG_RECORD_OVERFLOW 22 /* 0x16 */
HannesTschofenig	0:796d0f61a05b	315	#define SSL_ALERT_MSG_DECOMPRESSION_FAILURE 30 /* 0x1E */
HannesTschofenig	0:796d0f61a05b	316	#define SSL_ALERT_MSG_HANDSHAKE_FAILURE 40 /* 0x28 */
HannesTschofenig	0:796d0f61a05b	317	#define SSL_ALERT_MSG_NO_CERT 41 /* 0x29 */
HannesTschofenig	0:796d0f61a05b	318	#define SSL_ALERT_MSG_BAD_CERT 42 /* 0x2A */
HannesTschofenig	0:796d0f61a05b	319	#define SSL_ALERT_MSG_UNSUPPORTED_CERT 43 /* 0x2B */
HannesTschofenig	0:796d0f61a05b	320	#define SSL_ALERT_MSG_CERT_REVOKED 44 /* 0x2C */
HannesTschofenig	0:796d0f61a05b	321	#define SSL_ALERT_MSG_CERT_EXPIRED 45 /* 0x2D */
HannesTschofenig	0:796d0f61a05b	322	#define SSL_ALERT_MSG_CERT_UNKNOWN 46 /* 0x2E */
HannesTschofenig	0:796d0f61a05b	323	#define SSL_ALERT_MSG_ILLEGAL_PARAMETER 47 /* 0x2F */
HannesTschofenig	0:796d0f61a05b	324	#define SSL_ALERT_MSG_UNKNOWN_CA 48 /* 0x30 */
HannesTschofenig	0:796d0f61a05b	325	#define SSL_ALERT_MSG_ACCESS_DENIED 49 /* 0x31 */
HannesTschofenig	0:796d0f61a05b	326	#define SSL_ALERT_MSG_DECODE_ERROR 50 /* 0x32 */
HannesTschofenig	0:796d0f61a05b	327	#define SSL_ALERT_MSG_DECRYPT_ERROR 51 /* 0x33 */
HannesTschofenig	0:796d0f61a05b	328	#define SSL_ALERT_MSG_EXPORT_RESTRICTION 60 /* 0x3C */
HannesTschofenig	0:796d0f61a05b	329	#define SSL_ALERT_MSG_PROTOCOL_VERSION 70 /* 0x46 */
HannesTschofenig	0:796d0f61a05b	330	#define SSL_ALERT_MSG_INSUFFICIENT_SECURITY 71 /* 0x47 */
HannesTschofenig	0:796d0f61a05b	331	#define SSL_ALERT_MSG_INTERNAL_ERROR 80 /* 0x50 */
HannesTschofenig	0:796d0f61a05b	332	#define SSL_ALERT_MSG_USER_CANCELED 90 /* 0x5A */
HannesTschofenig	0:796d0f61a05b	333	#define SSL_ALERT_MSG_NO_RENEGOTIATION 100 /* 0x64 */
HannesTschofenig	0:796d0f61a05b	334	#define SSL_ALERT_MSG_UNSUPPORTED_EXT 110 /* 0x6E */
HannesTschofenig	0:796d0f61a05b	335	#define SSL_ALERT_MSG_UNRECOGNIZED_NAME 112 /* 0x70 */
HannesTschofenig	0:796d0f61a05b	336	#define SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY 115 /* 0x73 */
HannesTschofenig	0:796d0f61a05b	337	#define SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL 120 /* 0x78 */
HannesTschofenig	0:796d0f61a05b	338
HannesTschofenig	0:796d0f61a05b	339	#define SSL_HS_HELLO_REQUEST 0
HannesTschofenig	0:796d0f61a05b	340	#define SSL_HS_CLIENT_HELLO 1
HannesTschofenig	0:796d0f61a05b	341	#define SSL_HS_SERVER_HELLO 2
HannesTschofenig	0:796d0f61a05b	342	#define SSL_HS_NEW_SESSION_TICKET 4
HannesTschofenig	0:796d0f61a05b	343	#define SSL_HS_CERTIFICATE 11
HannesTschofenig	0:796d0f61a05b	344	#define SSL_HS_SERVER_KEY_EXCHANGE 12
HannesTschofenig	0:796d0f61a05b	345	#define SSL_HS_CERTIFICATE_REQUEST 13
HannesTschofenig	0:796d0f61a05b	346	#define SSL_HS_SERVER_HELLO_DONE 14
HannesTschofenig	0:796d0f61a05b	347	#define SSL_HS_CERTIFICATE_VERIFY 15
HannesTschofenig	0:796d0f61a05b	348	#define SSL_HS_CLIENT_KEY_EXCHANGE 16
HannesTschofenig	0:796d0f61a05b	349	#define SSL_HS_FINISHED 20
HannesTschofenig	0:796d0f61a05b	350
HannesTschofenig	0:796d0f61a05b	351	/*
HannesTschofenig	0:796d0f61a05b	352	* TLS extensions
HannesTschofenig	0:796d0f61a05b	353	*/
HannesTschofenig	0:796d0f61a05b	354	#define TLS_EXT_SERVERNAME 0
HannesTschofenig	0:796d0f61a05b	355	#define TLS_EXT_SERVERNAME_HOSTNAME 0
HannesTschofenig	0:796d0f61a05b	356
HannesTschofenig	0:796d0f61a05b	357	#define TLS_EXT_MAX_FRAGMENT_LENGTH 1
HannesTschofenig	0:796d0f61a05b	358
HannesTschofenig	0:796d0f61a05b	359	#define TLS_EXT_TRUNCATED_HMAC 4
HannesTschofenig	0:796d0f61a05b	360
HannesTschofenig	0:796d0f61a05b	361	#define TLS_EXT_SUPPORTED_ELLIPTIC_CURVES 10
HannesTschofenig	0:796d0f61a05b	362	#define TLS_EXT_SUPPORTED_POINT_FORMATS 11
HannesTschofenig	0:796d0f61a05b	363
HannesTschofenig	0:796d0f61a05b	364	#define TLS_EXT_SIG_ALG 13
HannesTschofenig	0:796d0f61a05b	365
HannesTschofenig	0:796d0f61a05b	366	#define TLS_EXT_ALPN 16
HannesTschofenig	0:796d0f61a05b	367
HannesTschofenig	0:796d0f61a05b	368	#define TLS_EXT_SESSION_TICKET 35
HannesTschofenig	0:796d0f61a05b	369
HannesTschofenig	0:796d0f61a05b	370	#define TLS_EXT_RENEGOTIATION_INFO 0xFF01
HannesTschofenig	0:796d0f61a05b	371
HannesTschofenig	0:796d0f61a05b	372	/*
HannesTschofenig	0:796d0f61a05b	373	* TLS extension flags (for extensions with outgoing ServerHello content
HannesTschofenig	0:796d0f61a05b	374	* that need it (e.g. for RENEGOTIATION_INFO the server already knows because
HannesTschofenig	0:796d0f61a05b	375	* of state of the renegotiation flag, so no indicator is required)
HannesTschofenig	0:796d0f61a05b	376	*/
HannesTschofenig	0:796d0f61a05b	377	#define TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT (1 << 0)
HannesTschofenig	0:796d0f61a05b	378
HannesTschofenig	0:796d0f61a05b	379	/*
HannesTschofenig	0:796d0f61a05b	380	* Size defines
HannesTschofenig	0:796d0f61a05b	381	*/
HannesTschofenig	0:796d0f61a05b	382	#if !defined(POLARSSL_MPI_MAX_SIZE)
HannesTschofenig	0:796d0f61a05b	383	#define POLARSSL_PREMASTER_SIZE 512
HannesTschofenig	0:796d0f61a05b	384	#else
HannesTschofenig	0:796d0f61a05b	385	#define POLARSSL_PREMASTER_SIZE POLARSSL_MPI_MAX_SIZE
HannesTschofenig	0:796d0f61a05b	386	#endif
HannesTschofenig	0:796d0f61a05b	387
HannesTschofenig	0:796d0f61a05b	388	#ifdef __cplusplus
HannesTschofenig	0:796d0f61a05b	389	extern "C" {
HannesTschofenig	0:796d0f61a05b	390	#endif
HannesTschofenig	0:796d0f61a05b	391
HannesTschofenig	0:796d0f61a05b	392	/*
HannesTschofenig	0:796d0f61a05b	393	* Generic function pointers for allowing external RSA private key
HannesTschofenig	0:796d0f61a05b	394	* implementations.
HannesTschofenig	0:796d0f61a05b	395	*/
HannesTschofenig	0:796d0f61a05b	396	typedef int (rsa_decrypt_func)( void ctx, int mode, size_t *olen,
HannesTschofenig	0:796d0f61a05b	397	const unsigned char input, unsigned char output,
HannesTschofenig	0:796d0f61a05b	398	size_t output_max_len );
HannesTschofenig	0:796d0f61a05b	399	typedef int (rsa_sign_func)( void ctx,
HannesTschofenig	0:796d0f61a05b	400	int (f_rng)(void , unsigned char , size_t), void p_rng,
HannesTschofenig	0:796d0f61a05b	401	int mode, md_type_t md_alg, unsigned int hashlen,
HannesTschofenig	0:796d0f61a05b	402	const unsigned char hash, unsigned char sig );
HannesTschofenig	0:796d0f61a05b	403	typedef size_t (rsa_key_len_func)( void ctx );
HannesTschofenig	0:796d0f61a05b	404
HannesTschofenig	0:796d0f61a05b	405	/*
HannesTschofenig	0:796d0f61a05b	406	* SSL state machine
HannesTschofenig	0:796d0f61a05b	407	*/
HannesTschofenig	0:796d0f61a05b	408	typedef enum
HannesTschofenig	0:796d0f61a05b	409	{
HannesTschofenig	0:796d0f61a05b	410	SSL_HELLO_REQUEST,
HannesTschofenig	0:796d0f61a05b	411	SSL_CLIENT_HELLO,
HannesTschofenig	0:796d0f61a05b	412	SSL_SERVER_HELLO,
HannesTschofenig	0:796d0f61a05b	413	SSL_SERVER_CERTIFICATE,
HannesTschofenig	0:796d0f61a05b	414	SSL_SERVER_KEY_EXCHANGE,
HannesTschofenig	0:796d0f61a05b	415	SSL_CERTIFICATE_REQUEST,
HannesTschofenig	0:796d0f61a05b	416	SSL_SERVER_HELLO_DONE,
HannesTschofenig	0:796d0f61a05b	417	SSL_CLIENT_CERTIFICATE,
HannesTschofenig	0:796d0f61a05b	418	SSL_CLIENT_KEY_EXCHANGE,
HannesTschofenig	0:796d0f61a05b	419	SSL_CERTIFICATE_VERIFY,
HannesTschofenig	0:796d0f61a05b	420	SSL_CLIENT_CHANGE_CIPHER_SPEC,
HannesTschofenig	0:796d0f61a05b	421	SSL_CLIENT_FINISHED,
HannesTschofenig	0:796d0f61a05b	422	SSL_SERVER_CHANGE_CIPHER_SPEC,
HannesTschofenig	0:796d0f61a05b	423	SSL_SERVER_FINISHED,
HannesTschofenig	0:796d0f61a05b	424	SSL_FLUSH_BUFFERS,
HannesTschofenig	0:796d0f61a05b	425	SSL_HANDSHAKE_WRAPUP,
HannesTschofenig	0:796d0f61a05b	426	SSL_HANDSHAKE_OVER,
HannesTschofenig	0:796d0f61a05b	427	SSL_SERVER_NEW_SESSION_TICKET,
HannesTschofenig	0:796d0f61a05b	428	}
HannesTschofenig	0:796d0f61a05b	429	ssl_states;
HannesTschofenig	0:796d0f61a05b	430
HannesTschofenig	0:796d0f61a05b	431	typedef struct _ssl_session ssl_session;
HannesTschofenig	0:796d0f61a05b	432	typedef struct _ssl_context ssl_context;
HannesTschofenig	0:796d0f61a05b	433	typedef struct _ssl_transform ssl_transform;
HannesTschofenig	0:796d0f61a05b	434	typedef struct _ssl_handshake_params ssl_handshake_params;
HannesTschofenig	0:796d0f61a05b	435	#if defined(POLARSSL_SSL_SESSION_TICKETS)
HannesTschofenig	0:796d0f61a05b	436	typedef struct _ssl_ticket_keys ssl_ticket_keys;
HannesTschofenig	0:796d0f61a05b	437	#endif
HannesTschofenig	0:796d0f61a05b	438	#if defined(POLARSSL_X509_CRT_PARSE_C)
HannesTschofenig	0:796d0f61a05b	439	typedef struct _ssl_key_cert ssl_key_cert;
HannesTschofenig	0:796d0f61a05b	440	#endif
HannesTschofenig	0:796d0f61a05b	441
HannesTschofenig	0:796d0f61a05b	442	/*
HannesTschofenig	0:796d0f61a05b	443	* This structure is used for storing current session data.
HannesTschofenig	0:796d0f61a05b	444	*/
HannesTschofenig	0:796d0f61a05b	445	struct _ssl_session
HannesTschofenig	0:796d0f61a05b	446	{
HannesTschofenig	0:796d0f61a05b	447	#if defined(POLARSSL_HAVE_TIME)
HannesTschofenig	0:796d0f61a05b	448	time_t start; /!< starting time /
HannesTschofenig	0:796d0f61a05b	449	#endif
HannesTschofenig	0:796d0f61a05b	450	int ciphersuite; /!< chosen ciphersuite /
HannesTschofenig	0:796d0f61a05b	451	int compression; /!< chosen compression /
HannesTschofenig	0:796d0f61a05b	452	size_t length; /!< session id length /
HannesTschofenig	0:796d0f61a05b	453	unsigned char id[32]; /!< session identifier /
HannesTschofenig	0:796d0f61a05b	454	unsigned char master[48]; /!< the master secret /
HannesTschofenig	0:796d0f61a05b	455
HannesTschofenig	0:796d0f61a05b	456	#if defined(POLARSSL_X509_CRT_PARSE_C)
HannesTschofenig	0:796d0f61a05b	457	x509_crt peer_cert; /!< peer X.509 cert chain */
HannesTschofenig	0:796d0f61a05b	458	#endif /* POLARSSL_X509_CRT_PARSE_C */
HannesTschofenig	0:796d0f61a05b	459	int verify_result; /!< verification result /
HannesTschofenig	0:796d0f61a05b	460
HannesTschofenig	0:796d0f61a05b	461	#if defined(POLARSSL_SSL_SESSION_TICKETS)
HannesTschofenig	0:796d0f61a05b	462	unsigned char ticket; /!< RFC 5077 session ticket */
HannesTschofenig	0:796d0f61a05b	463	size_t ticket_len; /!< session ticket length /
HannesTschofenig	0:796d0f61a05b	464	uint32_t ticket_lifetime; /!< ticket lifetime hint /
HannesTschofenig	0:796d0f61a05b	465	#endif /* POLARSSL_SSL_SESSION_TICKETS */
HannesTschofenig	0:796d0f61a05b	466
HannesTschofenig	0:796d0f61a05b	467	#if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
HannesTschofenig	0:796d0f61a05b	468	unsigned char mfl_code; /!< MaxFragmentLength negotiated by peer /
HannesTschofenig	0:796d0f61a05b	469	#endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */
HannesTschofenig	0:796d0f61a05b	470
HannesTschofenig	0:796d0f61a05b	471	#if defined(POLARSSL_SSL_TRUNCATED_HMAC)
HannesTschofenig	0:796d0f61a05b	472	int trunc_hmac; /!< flag for truncated hmac activation /
HannesTschofenig	0:796d0f61a05b	473	#endif /* POLARSSL_SSL_TRUNCATED_HMAC */
HannesTschofenig	0:796d0f61a05b	474	};
HannesTschofenig	0:796d0f61a05b	475
HannesTschofenig	0:796d0f61a05b	476	/*
HannesTschofenig	0:796d0f61a05b	477	* This structure contains a full set of runtime transform parameters
HannesTschofenig	0:796d0f61a05b	478	* either in negotiation or active.
HannesTschofenig	0:796d0f61a05b	479	*/
HannesTschofenig	0:796d0f61a05b	480	struct _ssl_transform
HannesTschofenig	0:796d0f61a05b	481	{
HannesTschofenig	0:796d0f61a05b	482	/*
HannesTschofenig	0:796d0f61a05b	483	* Session specific crypto layer
HannesTschofenig	0:796d0f61a05b	484	*/
HannesTschofenig	0:796d0f61a05b	485	const ssl_ciphersuite_t *ciphersuite_info;
HannesTschofenig	0:796d0f61a05b	486	/!< Chosen cipersuite_info /
HannesTschofenig	0:796d0f61a05b	487	unsigned int keylen; /!< symmetric key length /
HannesTschofenig	0:796d0f61a05b	488	size_t minlen; /!< min. ciphertext length /
HannesTschofenig	0:796d0f61a05b	489	size_t ivlen; /!< IV length /
HannesTschofenig	0:796d0f61a05b	490	size_t fixed_ivlen; /!< Fixed part of IV (AEAD) /
HannesTschofenig	0:796d0f61a05b	491	size_t maclen; /!< MAC length /
HannesTschofenig	0:796d0f61a05b	492
HannesTschofenig	0:796d0f61a05b	493	unsigned char iv_enc[16]; /!< IV (encryption) /
HannesTschofenig	0:796d0f61a05b	494	unsigned char iv_dec[16]; /!< IV (decryption) /
HannesTschofenig	0:796d0f61a05b	495
HannesTschofenig	0:796d0f61a05b	496	#if defined(POLARSSL_SSL_PROTO_SSL3)
HannesTschofenig	0:796d0f61a05b	497	/* Needed only for SSL v3.0 secret */
HannesTschofenig	0:796d0f61a05b	498	unsigned char mac_enc[48]; /!< SSL v3.0 secret (enc) /
HannesTschofenig	0:796d0f61a05b	499	unsigned char mac_dec[48]; /!< SSL v3.0 secret (dec) /
HannesTschofenig	0:796d0f61a05b	500	#endif /* POLARSSL_SSL_PROTO_SSL3 */
HannesTschofenig	0:796d0f61a05b	501
HannesTschofenig	0:796d0f61a05b	502	md_context_t md_ctx_enc; /!< MAC (encryption) /
HannesTschofenig	0:796d0f61a05b	503	md_context_t md_ctx_dec; /!< MAC (decryption) /
HannesTschofenig	0:796d0f61a05b	504
HannesTschofenig	0:796d0f61a05b	505	cipher_context_t cipher_ctx_enc; /!< encryption context /
HannesTschofenig	0:796d0f61a05b	506	cipher_context_t cipher_ctx_dec; /!< decryption context /
HannesTschofenig	0:796d0f61a05b	507
HannesTschofenig	0:796d0f61a05b	508	/*
HannesTschofenig	0:796d0f61a05b	509	* Session specific compression layer
HannesTschofenig	0:796d0f61a05b	510	*/
HannesTschofenig	0:796d0f61a05b	511	#if defined(POLARSSL_ZLIB_SUPPORT)
HannesTschofenig	0:796d0f61a05b	512	z_stream ctx_deflate; /!< compression context /
HannesTschofenig	0:796d0f61a05b	513	z_stream ctx_inflate; /!< decompression context /
HannesTschofenig	0:796d0f61a05b	514	#endif
HannesTschofenig	0:796d0f61a05b	515	};
HannesTschofenig	0:796d0f61a05b	516
HannesTschofenig	0:796d0f61a05b	517	/*
HannesTschofenig	0:796d0f61a05b	518	* This structure contains the parameters only needed during handshake.
HannesTschofenig	0:796d0f61a05b	519	*/
HannesTschofenig	0:796d0f61a05b	520	struct _ssl_handshake_params
HannesTschofenig	0:796d0f61a05b	521	{
HannesTschofenig	0:796d0f61a05b	522	/*
HannesTschofenig	0:796d0f61a05b	523	* Handshake specific crypto variables
HannesTschofenig	0:796d0f61a05b	524	*/
HannesTschofenig	0:796d0f61a05b	525	int sig_alg; /!< Signature algorithm /
HannesTschofenig	0:796d0f61a05b	526	int cert_type; /!< Requested cert type /
HannesTschofenig	0:796d0f61a05b	527	int verify_sig_alg; /!< Signature algorithm for verify /
HannesTschofenig	0:796d0f61a05b	528	#if defined(POLARSSL_DHM_C)
HannesTschofenig	0:796d0f61a05b	529	dhm_context dhm_ctx; /!< DHM key exchange /
HannesTschofenig	0:796d0f61a05b	530	#endif
HannesTschofenig	0:796d0f61a05b	531	#if defined(POLARSSL_ECDH_C)
HannesTschofenig	0:796d0f61a05b	532	ecdh_context ecdh_ctx; /!< ECDH key exchange /
HannesTschofenig	0:796d0f61a05b	533	#endif
HannesTschofenig	0:796d0f61a05b	534	#if defined(POLARSSL_ECDH_C) \|\| defined(POLARSSL_ECDSA_C)
HannesTschofenig	0:796d0f61a05b	535	const ecp_curve_info *curves; /!< Supported elliptic curves */
HannesTschofenig	0:796d0f61a05b	536	#endif
HannesTschofenig	0:796d0f61a05b	537	#if defined(POLARSSL_X509_CRT_PARSE_C)
HannesTschofenig	0:796d0f61a05b	538	/**
HannesTschofenig	0:796d0f61a05b	539	* Current key/cert or key/cert list.
HannesTschofenig	0:796d0f61a05b	540	* On client: pointer to ssl->key_cert, only the first entry used.
HannesTschofenig	0:796d0f61a05b	541	* On server: starts as a pointer to ssl->key_cert, then becomes
HannesTschofenig	0:796d0f61a05b	542	* a pointer to the chosen key from this list or the SNI list.
HannesTschofenig	0:796d0f61a05b	543	*/
HannesTschofenig	0:796d0f61a05b	544	ssl_key_cert *key_cert;
HannesTschofenig	0:796d0f61a05b	545	#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
HannesTschofenig	0:796d0f61a05b	546	ssl_key_cert sni_key_cert; /!< key/cert list from SNI */
HannesTschofenig	0:796d0f61a05b	547	#endif
HannesTschofenig	0:796d0f61a05b	548	#endif /* POLARSSL_X509_CRT_PARSE_C */
HannesTschofenig	0:796d0f61a05b	549
HannesTschofenig	0:796d0f61a05b	550	/*
HannesTschofenig	0:796d0f61a05b	551	* Checksum contexts
HannesTschofenig	0:796d0f61a05b	552	*/
HannesTschofenig	0:796d0f61a05b	553	#if defined(POLARSSL_SSL_PROTO_SSL3) \|\| defined(POLARSSL_SSL_PROTO_TLS1) \|\| \
HannesTschofenig	0:796d0f61a05b	554	defined(POLARSSL_SSL_PROTO_TLS1_1)
HannesTschofenig	0:796d0f61a05b	555	md5_context fin_md5;
HannesTschofenig	0:796d0f61a05b	556	sha1_context fin_sha1;
HannesTschofenig	0:796d0f61a05b	557	#endif
HannesTschofenig	0:796d0f61a05b	558	#if defined(POLARSSL_SSL_PROTO_TLS1_2)
HannesTschofenig	0:796d0f61a05b	559	#if defined(POLARSSL_SHA256_C)
HannesTschofenig	0:796d0f61a05b	560	sha256_context fin_sha256;
HannesTschofenig	0:796d0f61a05b	561	#endif
HannesTschofenig	0:796d0f61a05b	562	#if defined(POLARSSL_SHA512_C)
HannesTschofenig	0:796d0f61a05b	563	sha512_context fin_sha512;
HannesTschofenig	0:796d0f61a05b	564	#endif
HannesTschofenig	0:796d0f61a05b	565	#endif /* POLARSSL_SSL_PROTO_TLS1_2 */
HannesTschofenig	0:796d0f61a05b	566
HannesTschofenig	0:796d0f61a05b	567	void (update_checksum)(ssl_context , const unsigned char *, size_t);
HannesTschofenig	0:796d0f61a05b	568	void (calc_verify)(ssl_context , unsigned char *);
HannesTschofenig	0:796d0f61a05b	569	void (calc_finished)(ssl_context , unsigned char *, int);
HannesTschofenig	0:796d0f61a05b	570	int (tls_prf)(const unsigned char , size_t, const char *,
HannesTschofenig	0:796d0f61a05b	571	const unsigned char *, size_t,
HannesTschofenig	0:796d0f61a05b	572	unsigned char *, size_t);
HannesTschofenig	0:796d0f61a05b	573
HannesTschofenig	0:796d0f61a05b	574	size_t pmslen; /!< premaster length /
HannesTschofenig	0:796d0f61a05b	575
HannesTschofenig	0:796d0f61a05b	576	unsigned char randbytes[64]; /!< random bytes /
HannesTschofenig	0:796d0f61a05b	577	unsigned char premaster[POLARSSL_PREMASTER_SIZE];
HannesTschofenig	0:796d0f61a05b	578	/!< premaster secret /
HannesTschofenig	0:796d0f61a05b	579
HannesTschofenig	0:796d0f61a05b	580	int resume; /!< session resume indicator/
HannesTschofenig	0:796d0f61a05b	581	int max_major_ver; /!< max. major version client/
HannesTschofenig	0:796d0f61a05b	582	int max_minor_ver; /!< max. minor version client/
HannesTschofenig	0:796d0f61a05b	583	int cli_exts; /!< client extension presence/
HannesTschofenig	0:796d0f61a05b	584
HannesTschofenig	0:796d0f61a05b	585	#if defined(POLARSSL_SSL_SESSION_TICKETS)
HannesTschofenig	0:796d0f61a05b	586	int new_session_ticket; /!< use NewSessionTicket? /
HannesTschofenig	0:796d0f61a05b	587	#endif /* POLARSSL_SSL_SESSION_TICKETS */
HannesTschofenig	0:796d0f61a05b	588	};
HannesTschofenig	0:796d0f61a05b	589
HannesTschofenig	0:796d0f61a05b	590	#if defined(POLARSSL_SSL_SESSION_TICKETS)
HannesTschofenig	0:796d0f61a05b	591	/*
HannesTschofenig	0:796d0f61a05b	592	* Parameters needed to secure session tickets
HannesTschofenig	0:796d0f61a05b	593	*/
HannesTschofenig	0:796d0f61a05b	594	struct _ssl_ticket_keys
HannesTschofenig	0:796d0f61a05b	595	{
HannesTschofenig	0:796d0f61a05b	596	unsigned char key_name[16]; /!< name to quickly discard bad tickets /
HannesTschofenig	0:796d0f61a05b	597	aes_context enc; /!< encryption context /
HannesTschofenig	0:796d0f61a05b	598	aes_context dec; /!< decryption context /
HannesTschofenig	0:796d0f61a05b	599	unsigned char mac_key[16]; /!< authentication key /
HannesTschofenig	0:796d0f61a05b	600	};
HannesTschofenig	0:796d0f61a05b	601	#endif /* POLARSSL_SSL_SESSION_TICKETS */
HannesTschofenig	0:796d0f61a05b	602
HannesTschofenig	0:796d0f61a05b	603	#if defined(POLARSSL_X509_CRT_PARSE_C)
HannesTschofenig	0:796d0f61a05b	604	/*
HannesTschofenig	0:796d0f61a05b	605	* List of certificate + private key pairs
HannesTschofenig	0:796d0f61a05b	606	*/
HannesTschofenig	0:796d0f61a05b	607	struct _ssl_key_cert
HannesTschofenig	0:796d0f61a05b	608	{
HannesTschofenig	0:796d0f61a05b	609	x509_crt cert; /!< cert */
HannesTschofenig	0:796d0f61a05b	610	pk_context key; /!< private key */
HannesTschofenig	0:796d0f61a05b	611	int key_own_alloc; /!< did we allocate key? /
HannesTschofenig	0:796d0f61a05b	612	ssl_key_cert next; /!< next key/cert pair */
HannesTschofenig	0:796d0f61a05b	613	};
HannesTschofenig	0:796d0f61a05b	614	#endif /* POLARSSL_X509_CRT_PARSE_C */
HannesTschofenig	0:796d0f61a05b	615
HannesTschofenig	0:796d0f61a05b	616	struct _ssl_context
HannesTschofenig	0:796d0f61a05b	617	{
HannesTschofenig	0:796d0f61a05b	618	/*
HannesTschofenig	0:796d0f61a05b	619	* Miscellaneous
HannesTschofenig	0:796d0f61a05b	620	*/
HannesTschofenig	0:796d0f61a05b	621	int state; /!< SSL handshake: current state /
HannesTschofenig	0:796d0f61a05b	622	int renegotiation; /!< Initial or renegotiation /
HannesTschofenig	0:796d0f61a05b	623
HannesTschofenig	0:796d0f61a05b	624	int major_ver; /!< equal to SSL_MAJOR_VERSION_3 /
HannesTschofenig	0:796d0f61a05b	625	int minor_ver; /!< either 0 (SSL3) or 1 (TLS1.0) /
HannesTschofenig	0:796d0f61a05b	626
HannesTschofenig	0:796d0f61a05b	627	int max_major_ver; /!< max. major version used /
HannesTschofenig	0:796d0f61a05b	628	int max_minor_ver; /!< max. minor version used /
HannesTschofenig	0:796d0f61a05b	629	int min_major_ver; /!< min. major version used /
HannesTschofenig	0:796d0f61a05b	630	int min_minor_ver; /!< min. minor version used /
HannesTschofenig	0:796d0f61a05b	631
HannesTschofenig	0:796d0f61a05b	632	/*
HannesTschofenig	0:796d0f61a05b	633	* Callbacks (RNG, debug, I/O, verification)
HannesTschofenig	0:796d0f61a05b	634	*/
HannesTschofenig	0:796d0f61a05b	635	int (f_rng)(void , unsigned char *, size_t);
HannesTschofenig	0:796d0f61a05b	636	void (f_dbg)(void , int, const char *);
HannesTschofenig	0:796d0f61a05b	637	int (f_recv)(void , unsigned char *, size_t);
HannesTschofenig	0:796d0f61a05b	638	int (f_send)(void , const unsigned char *, size_t);
HannesTschofenig	0:796d0f61a05b	639	int (f_get_cache)(void , ssl_session *);
HannesTschofenig	0:796d0f61a05b	640	int (f_set_cache)(void , const ssl_session *);
HannesTschofenig	0:796d0f61a05b	641
HannesTschofenig	0:796d0f61a05b	642	void p_rng; /!< context for the RNG function */
HannesTschofenig	0:796d0f61a05b	643	void p_dbg; /!< context for the debug function */
HannesTschofenig	0:796d0f61a05b	644	void p_recv; /!< context for reading operations */
HannesTschofenig	0:796d0f61a05b	645	void p_send; /!< context for writing operations */
HannesTschofenig	0:796d0f61a05b	646	void p_get_cache; /!< context for cache retrieval */
HannesTschofenig	0:796d0f61a05b	647	void p_set_cache; /!< context for cache store */
HannesTschofenig	0:796d0f61a05b	648	void p_hw_data; /!< context for HW acceleration */
HannesTschofenig	0:796d0f61a05b	649
HannesTschofenig	0:796d0f61a05b	650	#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
HannesTschofenig	0:796d0f61a05b	651	int (f_sni)(void , ssl_context , const unsigned char , size_t);
HannesTschofenig	0:796d0f61a05b	652	void p_sni; /!< context for SNI extension */
HannesTschofenig	0:796d0f61a05b	653	#endif
HannesTschofenig	0:796d0f61a05b	654
HannesTschofenig	0:796d0f61a05b	655	#if defined(POLARSSL_X509_CRT_PARSE_C)
HannesTschofenig	0:796d0f61a05b	656	int (f_vrfy)(void , x509_crt , int, int );
HannesTschofenig	0:796d0f61a05b	657	void p_vrfy; /!< context for verification */
HannesTschofenig	0:796d0f61a05b	658	#endif
HannesTschofenig	0:796d0f61a05b	659
HannesTschofenig	0:796d0f61a05b	660	#if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
HannesTschofenig	0:796d0f61a05b	661	int (f_psk)(void , ssl_context , const unsigned char , size_t);
HannesTschofenig	0:796d0f61a05b	662	void p_psk; /!< context for PSK retrieval */
HannesTschofenig	0:796d0f61a05b	663	#endif
HannesTschofenig	0:796d0f61a05b	664
HannesTschofenig	0:796d0f61a05b	665	/*
HannesTschofenig	0:796d0f61a05b	666	* Session layer
HannesTschofenig	0:796d0f61a05b	667	*/
HannesTschofenig	0:796d0f61a05b	668	ssl_session session_in; /!< current session data (in) */
HannesTschofenig	0:796d0f61a05b	669	ssl_session session_out; /!< current session data (out) */
HannesTschofenig	0:796d0f61a05b	670	ssl_session session; /!< negotiated session data */
HannesTschofenig	0:796d0f61a05b	671	ssl_session session_negotiate; /!< session data in negotiation */
HannesTschofenig	0:796d0f61a05b	672
HannesTschofenig	0:796d0f61a05b	673	ssl_handshake_params handshake; /!< params required only during
HannesTschofenig	0:796d0f61a05b	674	the handshake process */
HannesTschofenig	0:796d0f61a05b	675
HannesTschofenig	0:796d0f61a05b	676	/*
HannesTschofenig	0:796d0f61a05b	677	* Record layer transformations
HannesTschofenig	0:796d0f61a05b	678	*/
HannesTschofenig	0:796d0f61a05b	679	ssl_transform transform_in; /!< current transform params (in) */
HannesTschofenig	0:796d0f61a05b	680	ssl_transform transform_out; /!< current transform params (in) */
HannesTschofenig	0:796d0f61a05b	681	ssl_transform transform; /!< negotiated transform params */
HannesTschofenig	0:796d0f61a05b	682	ssl_transform transform_negotiate; /!< transform params in negotiation */
HannesTschofenig	0:796d0f61a05b	683
HannesTschofenig	0:796d0f61a05b	684	/*
HannesTschofenig	0:796d0f61a05b	685	* Record layer (incoming data)
HannesTschofenig	0:796d0f61a05b	686	*/
HannesTschofenig	0:796d0f61a05b	687	unsigned char in_ctr; /!< 64-bit incoming message counter */
HannesTschofenig	0:796d0f61a05b	688	unsigned char in_hdr; /!< 5-byte record header (in_ctr+8) */
HannesTschofenig	0:796d0f61a05b	689	unsigned char in_iv; /!< ivlen-byte IV (in_hdr+5) */
HannesTschofenig	0:796d0f61a05b	690	unsigned char in_msg; /!< message contents (in_iv+ivlen) */
HannesTschofenig	0:796d0f61a05b	691	unsigned char in_offt; /!< read offset in application data */
HannesTschofenig	0:796d0f61a05b	692
HannesTschofenig	0:796d0f61a05b	693	int in_msgtype; /!< record header: message type /
HannesTschofenig	0:796d0f61a05b	694	size_t in_msglen; /!< record header: message length /
HannesTschofenig	0:796d0f61a05b	695	size_t in_left; /!< amount of data read so far /
HannesTschofenig	0:796d0f61a05b	696
HannesTschofenig	0:796d0f61a05b	697	size_t in_hslen; /!< current handshake message length /
HannesTschofenig	0:796d0f61a05b	698	int nb_zero; /!< # of 0-length encrypted messages /
HannesTschofenig	0:796d0f61a05b	699	int record_read; /!< record is already present /
HannesTschofenig	0:796d0f61a05b	700
HannesTschofenig	0:796d0f61a05b	701	/*
HannesTschofenig	0:796d0f61a05b	702	* Record layer (outgoing data)
HannesTschofenig	0:796d0f61a05b	703	*/
HannesTschofenig	0:796d0f61a05b	704	unsigned char out_ctr; /!< 64-bit outgoing message counter */
HannesTschofenig	0:796d0f61a05b	705	unsigned char out_hdr; /!< 5-byte record header (out_ctr+8) */
HannesTschofenig	0:796d0f61a05b	706	unsigned char out_iv; /!< ivlen-byte IV (out_hdr+5) */
HannesTschofenig	0:796d0f61a05b	707	unsigned char out_msg; /!< message contents (out_iv+ivlen) */
HannesTschofenig	0:796d0f61a05b	708
HannesTschofenig	0:796d0f61a05b	709	int out_msgtype; /!< record header: message type /
HannesTschofenig	0:796d0f61a05b	710	size_t out_msglen; /!< record header: message length /
HannesTschofenig	0:796d0f61a05b	711	size_t out_left; /!< amount of data not yet written /
HannesTschofenig	0:796d0f61a05b	712
HannesTschofenig	0:796d0f61a05b	713	#if defined(POLARSSL_ZLIB_SUPPORT)
HannesTschofenig	0:796d0f61a05b	714	unsigned char compress_buf; /!< zlib data buffer */
HannesTschofenig	0:796d0f61a05b	715	#endif
HannesTschofenig	0:796d0f61a05b	716	#if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
HannesTschofenig	0:796d0f61a05b	717	unsigned char mfl_code; /!< MaxFragmentLength chosen by us /
HannesTschofenig	0:796d0f61a05b	718	#endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */
HannesTschofenig	0:796d0f61a05b	719
HannesTschofenig	0:796d0f61a05b	720	/*
HannesTschofenig	0:796d0f61a05b	721	* PKI layer
HannesTschofenig	0:796d0f61a05b	722	*/
HannesTschofenig	0:796d0f61a05b	723	#if defined(POLARSSL_X509_CRT_PARSE_C)
HannesTschofenig	0:796d0f61a05b	724	ssl_key_cert key_cert; /!< own certificate(s)/key(s) */
HannesTschofenig	0:796d0f61a05b	725
HannesTschofenig	0:796d0f61a05b	726	x509_crt ca_chain; /!< own trusted CA chain */
HannesTschofenig	0:796d0f61a05b	727	x509_crl ca_crl; /!< trusted CA CRLs */
HannesTschofenig	0:796d0f61a05b	728	const char peer_cn; /!< expected peer CN */
HannesTschofenig	0:796d0f61a05b	729	#endif /* POLARSSL_X509_CRT_PARSE_C */
HannesTschofenig	0:796d0f61a05b	730
HannesTschofenig	0:796d0f61a05b	731	/*
HannesTschofenig	0:796d0f61a05b	732	* Support for generating and checking session tickets
HannesTschofenig	0:796d0f61a05b	733	*/
HannesTschofenig	0:796d0f61a05b	734	#if defined(POLARSSL_SSL_SESSION_TICKETS)
HannesTschofenig	0:796d0f61a05b	735	ssl_ticket_keys ticket_keys; /!< keys for ticket encryption */
HannesTschofenig	0:796d0f61a05b	736	#endif /* POLARSSL_SSL_SESSION_TICKETS */
HannesTschofenig	0:796d0f61a05b	737
HannesTschofenig	0:796d0f61a05b	738	/*
HannesTschofenig	0:796d0f61a05b	739	* User settings
HannesTschofenig	0:796d0f61a05b	740	*/
HannesTschofenig	0:796d0f61a05b	741	int endpoint; /!< 0: client, 1: server /
HannesTschofenig	0:796d0f61a05b	742	int authmode; /!< verification mode /
HannesTschofenig	0:796d0f61a05b	743	int client_auth; /!< flag for client auth. /
HannesTschofenig	0:796d0f61a05b	744	int verify_result; /!< verification result /
HannesTschofenig	0:796d0f61a05b	745	int disable_renegotiation; /!< enable/disable renegotiation /
HannesTschofenig	0:796d0f61a05b	746	int allow_legacy_renegotiation; /!< allow legacy renegotiation /
HannesTschofenig	0:796d0f61a05b	747	const int ciphersuite_list[4]; /!< allowed ciphersuites / version */
HannesTschofenig	0:796d0f61a05b	748	#if defined(POLARSSL_SSL_SET_CURVES)
HannesTschofenig	0:796d0f61a05b	749	const ecp_group_id curve_list; /!< allowed curves */
HannesTschofenig	0:796d0f61a05b	750	#endif
HannesTschofenig	0:796d0f61a05b	751	#if defined(POLARSSL_SSL_TRUNCATED_HMAC)
HannesTschofenig	0:796d0f61a05b	752	int trunc_hmac; /!< negotiate truncated hmac? /
HannesTschofenig	0:796d0f61a05b	753	#endif
HannesTschofenig	0:796d0f61a05b	754	#if defined(POLARSSL_SSL_SESSION_TICKETS)
HannesTschofenig	0:796d0f61a05b	755	int session_tickets; /!< use session tickets? /
HannesTschofenig	0:796d0f61a05b	756	int ticket_lifetime; /!< session ticket lifetime /
HannesTschofenig	0:796d0f61a05b	757	#endif
HannesTschofenig	0:796d0f61a05b	758
HannesTschofenig	0:796d0f61a05b	759	#if defined(POLARSSL_DHM_C)
HannesTschofenig	0:796d0f61a05b	760	mpi dhm_P; /!< prime modulus for DHM /
HannesTschofenig	0:796d0f61a05b	761	mpi dhm_G; /!< generator for DHM /
HannesTschofenig	0:796d0f61a05b	762	#endif
HannesTschofenig	0:796d0f61a05b	763
HannesTschofenig	0:796d0f61a05b	764	#if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
HannesTschofenig	0:796d0f61a05b	765	/*
HannesTschofenig	0:796d0f61a05b	766	* PSK values
HannesTschofenig	0:796d0f61a05b	767	*/
HannesTschofenig	0:796d0f61a05b	768	unsigned char *psk;
HannesTschofenig	0:796d0f61a05b	769	size_t psk_len;
HannesTschofenig	0:796d0f61a05b	770	unsigned char *psk_identity;
HannesTschofenig	0:796d0f61a05b	771	size_t psk_identity_len;
HannesTschofenig	0:796d0f61a05b	772	#endif
HannesTschofenig	0:796d0f61a05b	773
HannesTschofenig	0:796d0f61a05b	774	#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
HannesTschofenig	0:796d0f61a05b	775	/*
HannesTschofenig	0:796d0f61a05b	776	* SNI extension
HannesTschofenig	0:796d0f61a05b	777	*/
HannesTschofenig	0:796d0f61a05b	778	unsigned char *hostname;
HannesTschofenig	0:796d0f61a05b	779	size_t hostname_len;
HannesTschofenig	0:796d0f61a05b	780	#endif
HannesTschofenig	0:796d0f61a05b	781
HannesTschofenig	0:796d0f61a05b	782	#if defined(POLARSSL_SSL_ALPN)
HannesTschofenig	0:796d0f61a05b	783	/*
HannesTschofenig	0:796d0f61a05b	784	* ALPN extension
HannesTschofenig	0:796d0f61a05b	785	*/
HannesTschofenig	0:796d0f61a05b	786	const char *alpn_list; /!< ordered list of supported protocols */
HannesTschofenig	0:796d0f61a05b	787	const char alpn_chosen; /!< negotiated protocol */
HannesTschofenig	0:796d0f61a05b	788	#endif
HannesTschofenig	0:796d0f61a05b	789
HannesTschofenig	0:796d0f61a05b	790	/*
HannesTschofenig	0:796d0f61a05b	791	* Secure renegotiation
HannesTschofenig	0:796d0f61a05b	792	*/
HannesTschofenig	0:796d0f61a05b	793	int secure_renegotiation; /*!< does peer support legacy or
HannesTschofenig	0:796d0f61a05b	794	secure renegotiation */
HannesTschofenig	0:796d0f61a05b	795	size_t verify_data_len; /!< length of verify data stored /
HannesTschofenig	0:796d0f61a05b	796	char own_verify_data[36]; /!< previous handshake verify data /
HannesTschofenig	0:796d0f61a05b	797	char peer_verify_data[36]; /!< previous handshake verify data /
HannesTschofenig	0:796d0f61a05b	798	};
HannesTschofenig	0:796d0f61a05b	799
HannesTschofenig	0:796d0f61a05b	800	#if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
HannesTschofenig	0:796d0f61a05b	801
HannesTschofenig	0:796d0f61a05b	802	#define SSL_CHANNEL_OUTBOUND 0
HannesTschofenig	0:796d0f61a05b	803	#define SSL_CHANNEL_INBOUND 1
HannesTschofenig	0:796d0f61a05b	804
HannesTschofenig	0:796d0f61a05b	805	extern int (ssl_hw_record_init)(ssl_context ssl,
HannesTschofenig	0:796d0f61a05b	806	const unsigned char key_enc, const unsigned char key_dec,
HannesTschofenig	0:796d0f61a05b	807	size_t keylen,
HannesTschofenig	0:796d0f61a05b	808	const unsigned char iv_enc, const unsigned char iv_dec,
HannesTschofenig	0:796d0f61a05b	809	size_t ivlen,
HannesTschofenig	0:796d0f61a05b	810	const unsigned char mac_enc, const unsigned char mac_dec,
HannesTschofenig	0:796d0f61a05b	811	size_t maclen);
HannesTschofenig	0:796d0f61a05b	812	extern int (ssl_hw_record_activate)(ssl_context ssl, int direction);
HannesTschofenig	0:796d0f61a05b	813	extern int (ssl_hw_record_reset)(ssl_context ssl);
HannesTschofenig	0:796d0f61a05b	814	extern int (ssl_hw_record_write)(ssl_context ssl);
HannesTschofenig	0:796d0f61a05b	815	extern int (ssl_hw_record_read)(ssl_context ssl);
HannesTschofenig	0:796d0f61a05b	816	extern int (ssl_hw_record_finish)(ssl_context ssl);
HannesTschofenig	0:796d0f61a05b	817	#endif /* POLARSSL_SSL_HW_RECORD_ACCEL */
HannesTschofenig	0:796d0f61a05b	818
HannesTschofenig	0:796d0f61a05b	819	/**
HannesTschofenig	0:796d0f61a05b	820	* \brief Returns the list of ciphersuites supported by the SSL/TLS module.
HannesTschofenig	0:796d0f61a05b	821	*
HannesTschofenig	0:796d0f61a05b	822	* \return a statically allocated array of ciphersuites, the last
HannesTschofenig	0:796d0f61a05b	823	* entry is 0.
HannesTschofenig	0:796d0f61a05b	824	*/
HannesTschofenig	0:796d0f61a05b	825	const int *ssl_list_ciphersuites( void );
HannesTschofenig	0:796d0f61a05b	826
HannesTschofenig	0:796d0f61a05b	827	/**
HannesTschofenig	0:796d0f61a05b	828	* \brief Return the name of the ciphersuite associated with the
HannesTschofenig	0:796d0f61a05b	829	* given ID
HannesTschofenig	0:796d0f61a05b	830	*
HannesTschofenig	0:796d0f61a05b	831	* \param ciphersuite_id SSL ciphersuite ID
HannesTschofenig	0:796d0f61a05b	832	*
HannesTschofenig	0:796d0f61a05b	833	* \return a string containing the ciphersuite name
HannesTschofenig	0:796d0f61a05b	834	*/
HannesTschofenig	0:796d0f61a05b	835	const char *ssl_get_ciphersuite_name( const int ciphersuite_id );
HannesTschofenig	0:796d0f61a05b	836
HannesTschofenig	0:796d0f61a05b	837	/**
HannesTschofenig	0:796d0f61a05b	838	* \brief Return the ID of the ciphersuite associated with the
HannesTschofenig	0:796d0f61a05b	839	* given name
HannesTschofenig	0:796d0f61a05b	840	*
HannesTschofenig	0:796d0f61a05b	841	* \param ciphersuite_name SSL ciphersuite name
HannesTschofenig	0:796d0f61a05b	842	*
HannesTschofenig	0:796d0f61a05b	843	* \return the ID with the ciphersuite or 0 if not found
HannesTschofenig	0:796d0f61a05b	844	*/
HannesTschofenig	0:796d0f61a05b	845	int ssl_get_ciphersuite_id( const char *ciphersuite_name );
HannesTschofenig	0:796d0f61a05b	846
HannesTschofenig	0:796d0f61a05b	847	/**
HannesTschofenig	0:796d0f61a05b	848	* \brief Initialize an SSL context
HannesTschofenig	0:796d0f61a05b	849	* (An individual SSL context is not thread-safe)
HannesTschofenig	0:796d0f61a05b	850	*
HannesTschofenig	0:796d0f61a05b	851	* \param ssl SSL context
HannesTschofenig	0:796d0f61a05b	852	*
HannesTschofenig	0:796d0f61a05b	853	* \return 0 if successful, or POLARSSL_ERR_SSL_MALLOC_FAILED if
HannesTschofenig	0:796d0f61a05b	854	* memory allocation failed
HannesTschofenig	0:796d0f61a05b	855	*/
HannesTschofenig	0:796d0f61a05b	856	int ssl_init( ssl_context *ssl );
HannesTschofenig	0:796d0f61a05b	857
HannesTschofenig	0:796d0f61a05b	858	/**
HannesTschofenig	0:796d0f61a05b	859	* \brief Reset an already initialized SSL context for re-use
HannesTschofenig	0:796d0f61a05b	860	* while retaining application-set variables, function
HannesTschofenig	0:796d0f61a05b	861	* pointers and data.
HannesTschofenig	0:796d0f61a05b	862	*
HannesTschofenig	0:796d0f61a05b	863	* \param ssl SSL context
HannesTschofenig	0:796d0f61a05b	864	* \return 0 if successful, or POLASSL_ERR_SSL_MALLOC_FAILED,
HannesTschofenig	0:796d0f61a05b	865	POLARSSL_ERR_SSL_HW_ACCEL_FAILED or
HannesTschofenig	0:796d0f61a05b	866	* POLARSSL_ERR_SSL_COMPRESSION_FAILED
HannesTschofenig	0:796d0f61a05b	867	*/
HannesTschofenig	0:796d0f61a05b	868	int ssl_session_reset( ssl_context *ssl );
HannesTschofenig	0:796d0f61a05b	869
HannesTschofenig	0:796d0f61a05b	870	/**
HannesTschofenig	0:796d0f61a05b	871	* \brief Set the current endpoint type
HannesTschofenig	0:796d0f61a05b	872	*
HannesTschofenig	0:796d0f61a05b	873	* \param ssl SSL context
HannesTschofenig	0:796d0f61a05b	874	* \param endpoint must be SSL_IS_CLIENT or SSL_IS_SERVER
HannesTschofenig	0:796d0f61a05b	875	*
HannesTschofenig	0:796d0f61a05b	876	* \note This function should be called right after ssl_init() since
HannesTschofenig	0:796d0f61a05b	877	* some other ssl_set_foo() functions depend on it.
HannesTschofenig	0:796d0f61a05b	878	*/
HannesTschofenig	0:796d0f61a05b	879	void ssl_set_endpoint( ssl_context *ssl, int endpoint );
HannesTschofenig	0:796d0f61a05b	880
HannesTschofenig	0:796d0f61a05b	881	/**
HannesTschofenig	0:796d0f61a05b	882	* \brief Set the certificate verification mode
HannesTschofenig	0:796d0f61a05b	883	*
HannesTschofenig	0:796d0f61a05b	884	* \param ssl SSL context
HannesTschofenig	0:796d0f61a05b	885	* \param authmode can be:
HannesTschofenig	0:796d0f61a05b	886	*
HannesTschofenig	0:796d0f61a05b	887	* SSL_VERIFY_NONE: peer certificate is not checked (default),
HannesTschofenig	0:796d0f61a05b	888	* this is insecure and SHOULD be avoided.
HannesTschofenig	0:796d0f61a05b	889	*
HannesTschofenig	0:796d0f61a05b	890	* SSL_VERIFY_OPTIONAL: peer certificate is checked, however the
HannesTschofenig	0:796d0f61a05b	891	* handshake continues even if verification failed;
HannesTschofenig	0:796d0f61a05b	892	* ssl_get_verify_result() can be called after the
HannesTschofenig	0:796d0f61a05b	893	* handshake is complete.
HannesTschofenig	0:796d0f61a05b	894	*
HannesTschofenig	0:796d0f61a05b	895	* SSL_VERIFY_REQUIRED: peer must present a valid certificate,
HannesTschofenig	0:796d0f61a05b	896	* handshake is aborted if verification failed.
HannesTschofenig	0:796d0f61a05b	897	*
HannesTschofenig	0:796d0f61a05b	898	* \note On client, SSL_VERIFY_REQUIRED is the recommended mode.
HannesTschofenig	0:796d0f61a05b	899	* With SSL_VERIFY_OPTIONAL, the user needs to call ssl_get_verify_result() at
HannesTschofenig	0:796d0f61a05b	900	* the right time(s), which may not be obvious, while REQUIRED always perform
HannesTschofenig	0:796d0f61a05b	901	* the verification as soon as possible. For example, REQUIRED was protecting
HannesTschofenig	0:796d0f61a05b	902	* against the "triple handshake" attack even before it was found.
HannesTschofenig	0:796d0f61a05b	903	*/
HannesTschofenig	0:796d0f61a05b	904	void ssl_set_authmode( ssl_context *ssl, int authmode );
HannesTschofenig	0:796d0f61a05b	905
HannesTschofenig	0:796d0f61a05b	906	#if defined(POLARSSL_X509_CRT_PARSE_C)
HannesTschofenig	0:796d0f61a05b	907	/**
HannesTschofenig	0:796d0f61a05b	908	* \brief Set the verification callback (Optional).
HannesTschofenig	0:796d0f61a05b	909	*
HannesTschofenig	0:796d0f61a05b	910	* If set, the verify callback is called for each
HannesTschofenig	0:796d0f61a05b	911	* certificate in the chain. For implementation
HannesTschofenig	0:796d0f61a05b	912	* information, please see \c x509parse_verify()
HannesTschofenig	0:796d0f61a05b	913	*
HannesTschofenig	0:796d0f61a05b	914	* \param ssl SSL context
HannesTschofenig	0:796d0f61a05b	915	* \param f_vrfy verification function
HannesTschofenig	0:796d0f61a05b	916	* \param p_vrfy verification parameter
HannesTschofenig	0:796d0f61a05b	917	*/
HannesTschofenig	0:796d0f61a05b	918	void ssl_set_verify( ssl_context *ssl,
HannesTschofenig	0:796d0f61a05b	919	int (f_vrfy)(void , x509_crt , int, int ),
HannesTschofenig	0:796d0f61a05b	920	void *p_vrfy );
HannesTschofenig	0:796d0f61a05b	921	#endif /* POLARSSL_X509_CRT_PARSE_C */
HannesTschofenig	0:796d0f61a05b	922
HannesTschofenig	0:796d0f61a05b	923	/**
HannesTschofenig	0:796d0f61a05b	924	* \brief Set the random number generator callback
HannesTschofenig	0:796d0f61a05b	925	*
HannesTschofenig	0:796d0f61a05b	926	* \param ssl SSL context
HannesTschofenig	0:796d0f61a05b	927	* \param f_rng RNG function
HannesTschofenig	0:796d0f61a05b	928	* \param p_rng RNG parameter
HannesTschofenig	0:796d0f61a05b	929	*/
HannesTschofenig	0:796d0f61a05b	930	void ssl_set_rng( ssl_context *ssl,
HannesTschofenig	0:796d0f61a05b	931	int (f_rng)(void , unsigned char *, size_t),
HannesTschofenig	0:796d0f61a05b	932	void *p_rng );
HannesTschofenig	0:796d0f61a05b	933
HannesTschofenig	0:796d0f61a05b	934	/**
HannesTschofenig	0:796d0f61a05b	935	* \brief Set the debug callback
HannesTschofenig	0:796d0f61a05b	936	*
HannesTschofenig	0:796d0f61a05b	937	* \param ssl SSL context
HannesTschofenig	0:796d0f61a05b	938	* \param f_dbg debug function
HannesTschofenig	0:796d0f61a05b	939	* \param p_dbg debug parameter
HannesTschofenig	0:796d0f61a05b	940	*/
HannesTschofenig	0:796d0f61a05b	941	void ssl_set_dbg( ssl_context *ssl,
HannesTschofenig	0:796d0f61a05b	942	void (f_dbg)(void , int, const char *),
HannesTschofenig	0:796d0f61a05b	943	void *p_dbg );
HannesTschofenig	0:796d0f61a05b	944
HannesTschofenig	0:796d0f61a05b	945	/**
HannesTschofenig	0:796d0f61a05b	946	* \brief Set the underlying BIO read and write callbacks
HannesTschofenig	0:796d0f61a05b	947	*
HannesTschofenig	0:796d0f61a05b	948	* \param ssl SSL context
HannesTschofenig	0:796d0f61a05b	949	* \param f_recv read callback
HannesTschofenig	0:796d0f61a05b	950	* \param p_recv read parameter
HannesTschofenig	0:796d0f61a05b	951	* \param f_send write callback
HannesTschofenig	0:796d0f61a05b	952	* \param p_send write parameter
HannesTschofenig	0:796d0f61a05b	953	*/
HannesTschofenig	0:796d0f61a05b	954	void ssl_set_bio( ssl_context *ssl,
HannesTschofenig	0:796d0f61a05b	955	int (f_recv)(void , unsigned char , size_t), void p_recv,
HannesTschofenig	0:796d0f61a05b	956	int (f_send)(void , const unsigned char , size_t), void p_send );
HannesTschofenig	0:796d0f61a05b	957
HannesTschofenig	0:796d0f61a05b	958	/**
HannesTschofenig	0:796d0f61a05b	959	* \brief Set the session cache callbacks (server-side only)
HannesTschofenig	0:796d0f61a05b	960	* If not set, no session resuming is done.
HannesTschofenig	0:796d0f61a05b	961	*
HannesTschofenig	0:796d0f61a05b	962	* The session cache has the responsibility to check for stale
HannesTschofenig	0:796d0f61a05b	963	* entries based on timeout. See RFC 5246 for recommendations.
HannesTschofenig	0:796d0f61a05b	964	*
HannesTschofenig	0:796d0f61a05b	965	* Warning: session.peer_cert is cleared by the SSL/TLS layer on
HannesTschofenig	0:796d0f61a05b	966	* connection shutdown, so do not cache the pointer! Either set
HannesTschofenig	0:796d0f61a05b	967	* it to NULL or make a full copy of the certificate.
HannesTschofenig	0:796d0f61a05b	968	*
HannesTschofenig	0:796d0f61a05b	969	* The get callback is called once during the initial handshake
HannesTschofenig	0:796d0f61a05b	970	* to enable session resuming. The get function has the
HannesTschofenig	0:796d0f61a05b	971	* following parameters: (void parameter, ssl_session session)
HannesTschofenig	0:796d0f61a05b	972	* If a valid entry is found, it should fill the master of
HannesTschofenig	0:796d0f61a05b	973	* the session object with the cached values and return 0,
HannesTschofenig	0:796d0f61a05b	974	* return 1 otherwise. Optionally peer_cert can be set as well
HannesTschofenig	0:796d0f61a05b	975	* if it is properly present in cache entry.
HannesTschofenig	0:796d0f61a05b	976	*
HannesTschofenig	0:796d0f61a05b	977	* The set callback is called once during the initial handshake
HannesTschofenig	0:796d0f61a05b	978	* to enable session resuming after the entire handshake has
HannesTschofenig	0:796d0f61a05b	979	* been finished. The set function has the following parameters:
HannesTschofenig	0:796d0f61a05b	980	* (void parameter, const ssl_session session). The function
HannesTschofenig	0:796d0f61a05b	981	* should create a cache entry for future retrieval based on
HannesTschofenig	0:796d0f61a05b	982	* the data in the session structure and should keep in mind
HannesTschofenig	0:796d0f61a05b	983	* that the ssl_session object presented (and all its referenced
HannesTschofenig	0:796d0f61a05b	984	* data) is cleared by the SSL/TLS layer when the connection is
HannesTschofenig	0:796d0f61a05b	985	* terminated. It is recommended to add metadata to determine if
HannesTschofenig	0:796d0f61a05b	986	* an entry is still valid in the future. Return 0 if
HannesTschofenig	0:796d0f61a05b	987	* successfully cached, return 1 otherwise.
HannesTschofenig	0:796d0f61a05b	988	*
HannesTschofenig	0:796d0f61a05b	989	* \param ssl SSL context
HannesTschofenig	0:796d0f61a05b	990	* \param f_get_cache session get callback
HannesTschofenig	0:796d0f61a05b	991	* \param p_get_cache session get parameter
HannesTschofenig	0:796d0f61a05b	992	* \param f_set_cache session set callback
HannesTschofenig	0:796d0f61a05b	993	* \param p_set_cache session set parameter
HannesTschofenig	0:796d0f61a05b	994	*/
HannesTschofenig	0:796d0f61a05b	995	void ssl_set_session_cache( ssl_context *ssl,
HannesTschofenig	0:796d0f61a05b	996	int (f_get_cache)(void , ssl_session ), void p_get_cache,
HannesTschofenig	0:796d0f61a05b	997	int (f_set_cache)(void , const ssl_session ), void p_set_cache );
HannesTschofenig	0:796d0f61a05b	998
HannesTschofenig	0:796d0f61a05b	999	/**
HannesTschofenig	0:796d0f61a05b	1000	* \brief Request resumption of session (client-side only)
HannesTschofenig	0:796d0f61a05b	1001	* Session data is copied from presented session structure.
HannesTschofenig	0:796d0f61a05b	1002	*
HannesTschofenig	0:796d0f61a05b	1003	* \param ssl SSL context
HannesTschofenig	0:796d0f61a05b	1004	* \param session session context
HannesTschofenig	0:796d0f61a05b	1005	*
HannesTschofenig	0:796d0f61a05b	1006	* \return 0 if successful,
HannesTschofenig	0:796d0f61a05b	1007	* POLARSSL_ERR_SSL_MALLOC_FAILED if memory allocation failed,
HannesTschofenig	0:796d0f61a05b	1008	* POLARSSL_ERR_SSL_BAD_INPUT_DATA if used server-side or
HannesTschofenig	0:796d0f61a05b	1009	* arguments are otherwise invalid
HannesTschofenig	0:796d0f61a05b	1010	*
HannesTschofenig	0:796d0f61a05b	1011	* \sa ssl_get_session()
HannesTschofenig	0:796d0f61a05b	1012	*/
HannesTschofenig	0:796d0f61a05b	1013	int ssl_set_session( ssl_context ssl, const ssl_session session );
HannesTschofenig	0:796d0f61a05b	1014
HannesTschofenig	0:796d0f61a05b	1015	/**
HannesTschofenig	0:796d0f61a05b	1016	* \brief Set the list of allowed ciphersuites and the preference
HannesTschofenig	0:796d0f61a05b	1017	* order. First in the list has the highest preference.
HannesTschofenig	0:796d0f61a05b	1018	* (Overrides all version specific lists)
HannesTschofenig	0:796d0f61a05b	1019	*
HannesTschofenig	0:796d0f61a05b	1020	* Note: The PolarSSL SSL server uses its own preferences
HannesTschofenig	0:796d0f61a05b	1021	* over the preference of the connection SSL client unless
HannesTschofenig	0:796d0f61a05b	1022	* POLARSSL_SSL_SRV_RESPECT_CLIENT_PREFERENCE is defined!
HannesTschofenig	0:796d0f61a05b	1023	*
HannesTschofenig	0:796d0f61a05b	1024	* \param ssl SSL context
HannesTschofenig	0:796d0f61a05b	1025	* \param ciphersuites 0-terminated list of allowed ciphersuites
HannesTschofenig	0:796d0f61a05b	1026	*/
HannesTschofenig	0:796d0f61a05b	1027	void ssl_set_ciphersuites( ssl_context ssl, const int ciphersuites );
HannesTschofenig	0:796d0f61a05b	1028
HannesTschofenig	0:796d0f61a05b	1029	/**
HannesTschofenig	0:796d0f61a05b	1030	* \brief Set the list of allowed ciphersuites and the
HannesTschofenig	0:796d0f61a05b	1031	* preference order for a specific version of the protocol.
HannesTschofenig	0:796d0f61a05b	1032	* (Only useful on the server side)
HannesTschofenig	0:796d0f61a05b	1033	*
HannesTschofenig	0:796d0f61a05b	1034	* \param ssl SSL context
HannesTschofenig	0:796d0f61a05b	1035	* \param ciphersuites 0-terminated list of allowed ciphersuites
HannesTschofenig	0:796d0f61a05b	1036	* \param major Major version number (only SSL_MAJOR_VERSION_3
HannesTschofenig	0:796d0f61a05b	1037	* supported)
HannesTschofenig	0:796d0f61a05b	1038	* \param minor Minor version number (SSL_MINOR_VERSION_0,
HannesTschofenig	0:796d0f61a05b	1039	* SSL_MINOR_VERSION_1 and SSL_MINOR_VERSION_2,
HannesTschofenig	0:796d0f61a05b	1040	* SSL_MINOR_VERSION_3 supported)
HannesTschofenig	0:796d0f61a05b	1041	*/
HannesTschofenig	0:796d0f61a05b	1042	void ssl_set_ciphersuites_for_version( ssl_context *ssl,
HannesTschofenig	0:796d0f61a05b	1043	const int *ciphersuites,
HannesTschofenig	0:796d0f61a05b	1044	int major, int minor );
HannesTschofenig	0:796d0f61a05b	1045
HannesTschofenig	0:796d0f61a05b	1046	#if defined(POLARSSL_X509_CRT_PARSE_C)
HannesTschofenig	0:796d0f61a05b	1047	/**
HannesTschofenig	0:796d0f61a05b	1048	* \brief Set the data required to verify peer certificate
HannesTschofenig	0:796d0f61a05b	1049	*
HannesTschofenig	0:796d0f61a05b	1050	* \param ssl SSL context
HannesTschofenig	0:796d0f61a05b	1051	* \param ca_chain trusted CA chain (meaning all fully trusted top-level CAs)
HannesTschofenig	0:796d0f61a05b	1052	* \param ca_crl trusted CA CRLs
HannesTschofenig	0:796d0f61a05b	1053	* \param peer_cn expected peer CommonName (or NULL)
HannesTschofenig	0:796d0f61a05b	1054	*/
HannesTschofenig	0:796d0f61a05b	1055	void ssl_set_ca_chain( ssl_context ssl, x509_crt ca_chain,
HannesTschofenig	0:796d0f61a05b	1056	x509_crl ca_crl, const char peer_cn );
HannesTschofenig	0:796d0f61a05b	1057
HannesTschofenig	0:796d0f61a05b	1058	/**
HannesTschofenig	0:796d0f61a05b	1059	* \brief Set own certificate chain and private key
HannesTschofenig	0:796d0f61a05b	1060	*
HannesTschofenig	0:796d0f61a05b	1061	* \note own_cert should contain in order from the bottom up your
HannesTschofenig	0:796d0f61a05b	1062	* certificate chain. The top certificate (self-signed)
HannesTschofenig	0:796d0f61a05b	1063	* can be omitted.
HannesTschofenig	0:796d0f61a05b	1064	*
HannesTschofenig	0:796d0f61a05b	1065	* \note This function may be called more than once if you want to
HannesTschofenig	0:796d0f61a05b	1066	* support multiple certificates (eg, one using RSA and one
HannesTschofenig	0:796d0f61a05b	1067	* using ECDSA). However, on client, currently only the first
HannesTschofenig	0:796d0f61a05b	1068	* certificate is used (subsequent calls have no effect).
HannesTschofenig	0:796d0f61a05b	1069	*
HannesTschofenig	0:796d0f61a05b	1070	* \param ssl SSL context
HannesTschofenig	0:796d0f61a05b	1071	* \param own_cert own public certificate chain
HannesTschofenig	0:796d0f61a05b	1072	* \param pk_key own private key
HannesTschofenig	0:796d0f61a05b	1073	*
HannesTschofenig	0:796d0f61a05b	1074	* \return 0 on success or POLARSSL_ERR_SSL_MALLOC_FAILED
HannesTschofenig	0:796d0f61a05b	1075	*/
HannesTschofenig	0:796d0f61a05b	1076	int ssl_set_own_cert( ssl_context ssl, x509_crt own_cert,
HannesTschofenig	0:796d0f61a05b	1077	pk_context *pk_key );
HannesTschofenig	0:796d0f61a05b	1078
HannesTschofenig	0:796d0f61a05b	1079	#if defined(POLARSSL_RSA_C)
HannesTschofenig	0:796d0f61a05b	1080	/**
HannesTschofenig	0:796d0f61a05b	1081	* \brief Set own certificate chain and private RSA key
HannesTschofenig	0:796d0f61a05b	1082	*
HannesTschofenig	0:796d0f61a05b	1083	* Note: own_cert should contain IN order from the bottom
HannesTschofenig	0:796d0f61a05b	1084	* up your certificate chain. The top certificate (self-signed)
HannesTschofenig	0:796d0f61a05b	1085	* can be omitted.
HannesTschofenig	0:796d0f61a05b	1086	*
HannesTschofenig	0:796d0f61a05b	1087	* \warning This backwards-compatibility function is deprecated!
HannesTschofenig	0:796d0f61a05b	1088	* Please use \c ssl_set_own_cert() instead.
HannesTschofenig	0:796d0f61a05b	1089	*
HannesTschofenig	0:796d0f61a05b	1090	* \param ssl SSL context
HannesTschofenig	0:796d0f61a05b	1091	* \param own_cert own public certificate chain
HannesTschofenig	0:796d0f61a05b	1092	* \param rsa_key own private RSA key
HannesTschofenig	0:796d0f61a05b	1093	*
HannesTschofenig	0:796d0f61a05b	1094	* \return 0 on success, or a specific error code.
HannesTschofenig	0:796d0f61a05b	1095	*/
HannesTschofenig	0:796d0f61a05b	1096	int ssl_set_own_cert_rsa( ssl_context ssl, x509_crt own_cert,
HannesTschofenig	0:796d0f61a05b	1097	rsa_context *rsa_key );
HannesTschofenig	0:796d0f61a05b	1098	#endif /* POLARSSL_RSA_C */
HannesTschofenig	0:796d0f61a05b	1099
HannesTschofenig	0:796d0f61a05b	1100	/**
HannesTschofenig	0:796d0f61a05b	1101	* \brief Set own certificate and alternate non-PolarSSL RSA private
HannesTschofenig	0:796d0f61a05b	1102	* key and handling callbacks, such as the PKCS#11 wrappers
HannesTschofenig	0:796d0f61a05b	1103	* or any other external private key handler.
HannesTschofenig	0:796d0f61a05b	1104	* (see the respective RSA functions in rsa.h for documentation
HannesTschofenig	0:796d0f61a05b	1105	* of the callback parameters, with the only change being
HannesTschofenig	0:796d0f61a05b	1106	* that the rsa_context * is a void * in the callbacks)
HannesTschofenig	0:796d0f61a05b	1107	*
HannesTschofenig	0:796d0f61a05b	1108	* Note: own_cert should contain IN order from the bottom
HannesTschofenig	0:796d0f61a05b	1109	* up your certificate chain. The top certificate (self-signed)
HannesTschofenig	0:796d0f61a05b	1110	* can be omitted.
HannesTschofenig	0:796d0f61a05b	1111	*
HannesTschofenig	0:796d0f61a05b	1112	* \warning This backwards-compatibility function is deprecated!
HannesTschofenig	0:796d0f61a05b	1113	* Please use \c pk_init_ctx_rsa_alt()
HannesTschofenig	0:796d0f61a05b	1114	* and \c ssl_set_own_cert() instead.
HannesTschofenig	0:796d0f61a05b	1115	*
HannesTschofenig	0:796d0f61a05b	1116	* \param ssl SSL context
HannesTschofenig	0:796d0f61a05b	1117	* \param own_cert own public certificate chain
HannesTschofenig	0:796d0f61a05b	1118	* \param rsa_key alternate implementation private RSA key
HannesTschofenig	0:796d0f61a05b	1119	* \param rsa_decrypt alternate implementation of \c rsa_pkcs1_decrypt()
HannesTschofenig	0:796d0f61a05b	1120	* \param rsa_sign alternate implementation of \c rsa_pkcs1_sign()
HannesTschofenig	0:796d0f61a05b	1121	* \param rsa_key_len function returning length of RSA key in bytes
HannesTschofenig	0:796d0f61a05b	1122	*
HannesTschofenig	0:796d0f61a05b	1123	* \return 0 on success, or a specific error code.
HannesTschofenig	0:796d0f61a05b	1124	*/
HannesTschofenig	0:796d0f61a05b	1125	int ssl_set_own_cert_alt( ssl_context ssl, x509_crt own_cert,
HannesTschofenig	0:796d0f61a05b	1126	void *rsa_key,
HannesTschofenig	0:796d0f61a05b	1127	rsa_decrypt_func rsa_decrypt,
HannesTschofenig	0:796d0f61a05b	1128	rsa_sign_func rsa_sign,
HannesTschofenig	0:796d0f61a05b	1129	rsa_key_len_func rsa_key_len );
HannesTschofenig	0:796d0f61a05b	1130	#endif /* POLARSSL_X509_CRT_PARSE_C */
HannesTschofenig	0:796d0f61a05b	1131
HannesTschofenig	0:796d0f61a05b	1132	#if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
HannesTschofenig	0:796d0f61a05b	1133	/**
HannesTschofenig	0:796d0f61a05b	1134	* \brief Set the Pre Shared Key (PSK) and the identity name connected
HannesTschofenig	0:796d0f61a05b	1135	* to it.
HannesTschofenig	0:796d0f61a05b	1136	*
HannesTschofenig	0:796d0f61a05b	1137	* \param ssl SSL context
HannesTschofenig	0:796d0f61a05b	1138	* \param psk pointer to the pre-shared key
HannesTschofenig	0:796d0f61a05b	1139	* \param psk_len pre-shared key length
HannesTschofenig	0:796d0f61a05b	1140	* \param psk_identity pointer to the pre-shared key identity
HannesTschofenig	0:796d0f61a05b	1141	* \param psk_identity_len identity key length
HannesTschofenig	0:796d0f61a05b	1142	*
HannesTschofenig	0:796d0f61a05b	1143	* \return 0 if successful or POLARSSL_ERR_SSL_MALLOC_FAILED
HannesTschofenig	0:796d0f61a05b	1144	*/
HannesTschofenig	0:796d0f61a05b	1145	int ssl_set_psk( ssl_context ssl, const unsigned char psk, size_t psk_len,
HannesTschofenig	0:796d0f61a05b	1146	const unsigned char *psk_identity, size_t psk_identity_len );
HannesTschofenig	0:796d0f61a05b	1147
HannesTschofenig	0:796d0f61a05b	1148	/**
HannesTschofenig	0:796d0f61a05b	1149	* \brief Set the PSK callback (server-side only) (Optional).
HannesTschofenig	0:796d0f61a05b	1150	*
HannesTschofenig	0:796d0f61a05b	1151	* If set, the PSK callback is called for each
HannesTschofenig	0:796d0f61a05b	1152	* handshake where a PSK ciphersuite was negotiated.
HannesTschofenig	0:796d0f61a05b	1153	* The caller provides the identity received and wants to
HannesTschofenig	0:796d0f61a05b	1154	* receive the actual PSK data and length.
HannesTschofenig	0:796d0f61a05b	1155	*
HannesTschofenig	0:796d0f61a05b	1156	* The callback has the following parameters: (void *parameter,
HannesTschofenig	0:796d0f61a05b	1157	* ssl_context ssl, const unsigned char psk_identity,
HannesTschofenig	0:796d0f61a05b	1158	* size_t identity_len)
HannesTschofenig	0:796d0f61a05b	1159	* If a valid PSK identity is found, the callback should use
HannesTschofenig	0:796d0f61a05b	1160	* ssl_set_psk() on the ssl context to set the correct PSK and
HannesTschofenig	0:796d0f61a05b	1161	* identity and return 0.
HannesTschofenig	0:796d0f61a05b	1162	* Any other return value will result in a denied PSK identity.
HannesTschofenig	0:796d0f61a05b	1163	*
HannesTschofenig	0:796d0f61a05b	1164	* \param ssl SSL context
HannesTschofenig	0:796d0f61a05b	1165	* \param f_psk PSK identity function
HannesTschofenig	0:796d0f61a05b	1166	* \param p_psk PSK identity parameter
HannesTschofenig	0:796d0f61a05b	1167	*/
HannesTschofenig	0:796d0f61a05b	1168	void ssl_set_psk_cb( ssl_context *ssl,
HannesTschofenig	0:796d0f61a05b	1169	int (f_psk)(void , ssl_context , const unsigned char ,
HannesTschofenig	0:796d0f61a05b	1170	size_t),
HannesTschofenig	0:796d0f61a05b	1171	void *p_psk );
HannesTschofenig	0:796d0f61a05b	1172	#endif /* POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED */
HannesTschofenig	0:796d0f61a05b	1173
HannesTschofenig	0:796d0f61a05b	1174	#if defined(POLARSSL_DHM_C)
HannesTschofenig	0:796d0f61a05b	1175	/**
HannesTschofenig	0:796d0f61a05b	1176	* \brief Set the Diffie-Hellman public P and G values,
HannesTschofenig	0:796d0f61a05b	1177	* read as hexadecimal strings (server-side only)
HannesTschofenig	0:796d0f61a05b	1178	* (Default: POLARSSL_DHM_RFC5114_MODP_1024_[PG])
HannesTschofenig	0:796d0f61a05b	1179	*
HannesTschofenig	0:796d0f61a05b	1180	* \param ssl SSL context
HannesTschofenig	0:796d0f61a05b	1181	* \param dhm_P Diffie-Hellman-Merkle modulus
HannesTschofenig	0:796d0f61a05b	1182	* \param dhm_G Diffie-Hellman-Merkle generator
HannesTschofenig	0:796d0f61a05b	1183	*
HannesTschofenig	0:796d0f61a05b	1184	* \return 0 if successful
HannesTschofenig	0:796d0f61a05b	1185	*/
HannesTschofenig	0:796d0f61a05b	1186	int ssl_set_dh_param( ssl_context ssl, const char dhm_P, const char *dhm_G );
HannesTschofenig	0:796d0f61a05b	1187
HannesTschofenig	0:796d0f61a05b	1188	/**
HannesTschofenig	0:796d0f61a05b	1189	* \brief Set the Diffie-Hellman public P and G values,
HannesTschofenig	0:796d0f61a05b	1190	* read from existing context (server-side only)
HannesTschofenig	0:796d0f61a05b	1191	*
HannesTschofenig	0:796d0f61a05b	1192	* \param ssl SSL context
HannesTschofenig	0:796d0f61a05b	1193	* \param dhm_ctx Diffie-Hellman-Merkle context
HannesTschofenig	0:796d0f61a05b	1194	*
HannesTschofenig	0:796d0f61a05b	1195	* \return 0 if successful
HannesTschofenig	0:796d0f61a05b	1196	*/
HannesTschofenig	0:796d0f61a05b	1197	int ssl_set_dh_param_ctx( ssl_context ssl, dhm_context dhm_ctx );
HannesTschofenig	0:796d0f61a05b	1198	#endif /* POLARSSL_DHM_C */
HannesTschofenig	0:796d0f61a05b	1199
HannesTschofenig	0:796d0f61a05b	1200	#if defined(POLARSSL_SSL_SET_CURVES)
HannesTschofenig	0:796d0f61a05b	1201	/**
HannesTschofenig	0:796d0f61a05b	1202	* \brief Set the allowed curves in order of preference.
HannesTschofenig	0:796d0f61a05b	1203	* (Default: all defined curves.)
HannesTschofenig	0:796d0f61a05b	1204	*
HannesTschofenig	0:796d0f61a05b	1205	* On server: this only affects selection of the ECDHE curve;
HannesTschofenig	0:796d0f61a05b	1206	* the curves used for ECDH and ECDSA are determined by the
HannesTschofenig	0:796d0f61a05b	1207	* list of available certificates instead.
HannesTschofenig	0:796d0f61a05b	1208	*
HannesTschofenig	0:796d0f61a05b	1209	* On client: this affects the list of curves offered for any
HannesTschofenig	0:796d0f61a05b	1210	* use. The server can override our preference order.
HannesTschofenig	0:796d0f61a05b	1211	*
HannesTschofenig	0:796d0f61a05b	1212	* Both sides: limits the set of curves used by peer to the
HannesTschofenig	0:796d0f61a05b	1213	* listed curves for any use (ECDH(E), certificates).
HannesTschofenig	0:796d0f61a05b	1214	*
HannesTschofenig	0:796d0f61a05b	1215	* \param ssl SSL context
HannesTschofenig	0:796d0f61a05b	1216	* \param curves Ordered list of allowed curves,
HannesTschofenig	0:796d0f61a05b	1217	* terminated by POLARSSL_ECP_DP_NONE.
HannesTschofenig	0:796d0f61a05b	1218	*/
HannesTschofenig	0:796d0f61a05b	1219	void ssl_set_curves( ssl_context ssl, const ecp_group_id curves );
HannesTschofenig	0:796d0f61a05b	1220	#endif /* POLARSSL_SSL_SET_CURVES */
HannesTschofenig	0:796d0f61a05b	1221
HannesTschofenig	0:796d0f61a05b	1222	#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
HannesTschofenig	0:796d0f61a05b	1223	/**
HannesTschofenig	0:796d0f61a05b	1224	* \brief Set hostname for ServerName TLS extension
HannesTschofenig	0:796d0f61a05b	1225	* (client-side only)
HannesTschofenig	0:796d0f61a05b	1226	*
HannesTschofenig	0:796d0f61a05b	1227	*
HannesTschofenig	0:796d0f61a05b	1228	* \param ssl SSL context
HannesTschofenig	0:796d0f61a05b	1229	* \param hostname the server hostname
HannesTschofenig	0:796d0f61a05b	1230	*
HannesTschofenig	0:796d0f61a05b	1231	* \return 0 if successful or POLARSSL_ERR_SSL_MALLOC_FAILED
HannesTschofenig	0:796d0f61a05b	1232	*/
HannesTschofenig	0:796d0f61a05b	1233	int ssl_set_hostname( ssl_context ssl, const char hostname );
HannesTschofenig	0:796d0f61a05b	1234
HannesTschofenig	0:796d0f61a05b	1235	/**
HannesTschofenig	0:796d0f61a05b	1236	* \brief Set server side ServerName TLS extension callback
HannesTschofenig	0:796d0f61a05b	1237	* (optional, server-side only).
HannesTschofenig	0:796d0f61a05b	1238	*
HannesTschofenig	0:796d0f61a05b	1239	* If set, the ServerName callback is called whenever the
HannesTschofenig	0:796d0f61a05b	1240	* server receives a ServerName TLS extension from the client
HannesTschofenig	0:796d0f61a05b	1241	* during a handshake. The ServerName callback has the
HannesTschofenig	0:796d0f61a05b	1242	* following parameters: (void parameter, ssl_context ssl,
HannesTschofenig	0:796d0f61a05b	1243	* const unsigned char *hostname, size_t len). If a suitable
HannesTschofenig	0:796d0f61a05b	1244	* certificate is found, the callback should set the
HannesTschofenig	0:796d0f61a05b	1245	* certificate and key to use with ssl_set_own_cert() (and
HannesTschofenig	0:796d0f61a05b	1246	* possibly adjust the CA chain as well) and return 0. The
HannesTschofenig	0:796d0f61a05b	1247	* callback should return -1 to abort the handshake at this
HannesTschofenig	0:796d0f61a05b	1248	* point.
HannesTschofenig	0:796d0f61a05b	1249	*
HannesTschofenig	0:796d0f61a05b	1250	* \param ssl SSL context
HannesTschofenig	0:796d0f61a05b	1251	* \param f_sni verification function
HannesTschofenig	0:796d0f61a05b	1252	* \param p_sni verification parameter
HannesTschofenig	0:796d0f61a05b	1253	*/
HannesTschofenig	0:796d0f61a05b	1254	void ssl_set_sni( ssl_context *ssl,
HannesTschofenig	0:796d0f61a05b	1255	int (f_sni)(void , ssl_context , const unsigned char ,
HannesTschofenig	0:796d0f61a05b	1256	size_t),
HannesTschofenig	0:796d0f61a05b	1257	void *p_sni );
HannesTschofenig	0:796d0f61a05b	1258	#endif /* POLARSSL_SSL_SERVER_NAME_INDICATION */
HannesTschofenig	0:796d0f61a05b	1259
HannesTschofenig	0:796d0f61a05b	1260	#if defined(POLARSSL_SSL_ALPN)
HannesTschofenig	0:796d0f61a05b	1261	/**
HannesTschofenig	0:796d0f61a05b	1262	* \brief Set the supported Application Layer Protocols.
HannesTschofenig	0:796d0f61a05b	1263	*
HannesTschofenig	0:796d0f61a05b	1264	* \param ssl SSL context
HannesTschofenig	0:796d0f61a05b	1265	* \param protos NULL-terminated list of supported protocols,
HannesTschofenig	0:796d0f61a05b	1266	* in decreasing preference order.
HannesTschofenig	0:796d0f61a05b	1267	*
HannesTschofenig	0:796d0f61a05b	1268	* \return 0 on success, or POLARSSL_ERR_SSL_BAD_INPUT_DATA.
HannesTschofenig	0:796d0f61a05b	1269	*/
HannesTschofenig	0:796d0f61a05b	1270	int ssl_set_alpn_protocols( ssl_context ssl, const char *protos );
HannesTschofenig	0:796d0f61a05b	1271
HannesTschofenig	0:796d0f61a05b	1272	/**
HannesTschofenig	0:796d0f61a05b	1273	* \brief Get the name of the negotiated Application Layer Protocol.
HannesTschofenig	0:796d0f61a05b	1274	* This function should be called after the handshake is
HannesTschofenig	0:796d0f61a05b	1275	* completed.
HannesTschofenig	0:796d0f61a05b	1276	*
HannesTschofenig	0:796d0f61a05b	1277	* \param ssl SSL context
HannesTschofenig	0:796d0f61a05b	1278	*
HannesTschofenig	0:796d0f61a05b	1279	* \return Protcol name, or NULL if no protocol was negotiated.
HannesTschofenig	0:796d0f61a05b	1280	*/
HannesTschofenig	0:796d0f61a05b	1281	const char ssl_get_alpn_protocol( const ssl_context ssl );
HannesTschofenig	0:796d0f61a05b	1282	#endif /* POLARSSL_SSL_ALPN */
HannesTschofenig	0:796d0f61a05b	1283
HannesTschofenig	0:796d0f61a05b	1284	/**
HannesTschofenig	0:796d0f61a05b	1285	* \brief Set the maximum supported version sent from the client side
HannesTschofenig	0:796d0f61a05b	1286	* and/or accepted at the server side
HannesTschofenig	0:796d0f61a05b	1287	* (Default: SSL_MAX_MAJOR_VERSION, SSL_MAX_MINOR_VERSION)
HannesTschofenig	0:796d0f61a05b	1288	*
HannesTschofenig	0:796d0f61a05b	1289	* Note: This ignores ciphersuites from 'higher' versions.
HannesTschofenig	0:796d0f61a05b	1290	* Note: Input outside of the SSL_MAX_XXXXX_VERSION and
HannesTschofenig	0:796d0f61a05b	1291	* SSL_MIN_XXXXX_VERSION range is ignored.
HannesTschofenig	0:796d0f61a05b	1292	*
HannesTschofenig	0:796d0f61a05b	1293	* \param ssl SSL context
HannesTschofenig	0:796d0f61a05b	1294	* \param major Major version number (only SSL_MAJOR_VERSION_3 supported)
HannesTschofenig	0:796d0f61a05b	1295	* \param minor Minor version number (SSL_MINOR_VERSION_0,
HannesTschofenig	0:796d0f61a05b	1296	* SSL_MINOR_VERSION_1 and SSL_MINOR_VERSION_2,
HannesTschofenig	0:796d0f61a05b	1297	* SSL_MINOR_VERSION_3 supported)
HannesTschofenig	0:796d0f61a05b	1298	*/
HannesTschofenig	0:796d0f61a05b	1299	void ssl_set_max_version( ssl_context *ssl, int major, int minor );
HannesTschofenig	0:796d0f61a05b	1300
HannesTschofenig	0:796d0f61a05b	1301
HannesTschofenig	0:796d0f61a05b	1302	/**
HannesTschofenig	0:796d0f61a05b	1303	* \brief Set the minimum accepted SSL/TLS protocol version
HannesTschofenig	0:796d0f61a05b	1304	* (Default: SSL_MIN_MAJOR_VERSION, SSL_MIN_MINOR_VERSION)
HannesTschofenig	0:796d0f61a05b	1305	*
HannesTschofenig	0:796d0f61a05b	1306	* Note: Input outside of the SSL_MAX_XXXXX_VERSION and
HannesTschofenig	0:796d0f61a05b	1307	* SSL_MIN_XXXXX_VERSION range is ignored.
HannesTschofenig	0:796d0f61a05b	1308	*
HannesTschofenig	0:796d0f61a05b	1309	* \param ssl SSL context
HannesTschofenig	0:796d0f61a05b	1310	* \param major Major version number (only SSL_MAJOR_VERSION_3 supported)
HannesTschofenig	0:796d0f61a05b	1311	* \param minor Minor version number (SSL_MINOR_VERSION_0,
HannesTschofenig	0:796d0f61a05b	1312	* SSL_MINOR_VERSION_1 and SSL_MINOR_VERSION_2,
HannesTschofenig	0:796d0f61a05b	1313	* SSL_MINOR_VERSION_3 supported)
HannesTschofenig	0:796d0f61a05b	1314	*/
HannesTschofenig	0:796d0f61a05b	1315	void ssl_set_min_version( ssl_context *ssl, int major, int minor );
HannesTschofenig	0:796d0f61a05b	1316
HannesTschofenig	0:796d0f61a05b	1317	#if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
HannesTschofenig	0:796d0f61a05b	1318	/**
HannesTschofenig	0:796d0f61a05b	1319	* \brief Set the maximum fragment length to emit and/or negotiate
HannesTschofenig	0:796d0f61a05b	1320	* (Default: SSL_MAX_CONTENT_LEN, usually 2^14 bytes)
HannesTschofenig	0:796d0f61a05b	1321	* (Server: set maximum fragment length to emit,
HannesTschofenig	0:796d0f61a05b	1322	* usually negotiated by the client during handshake
HannesTschofenig	0:796d0f61a05b	1323	* (Client: set maximum fragment length to emit and
HannesTschofenig	0:796d0f61a05b	1324	* negotiate with the server during handshake)
HannesTschofenig	0:796d0f61a05b	1325	*
HannesTschofenig	0:796d0f61a05b	1326	* \param ssl SSL context
HannesTschofenig	0:796d0f61a05b	1327	* \param mfl_code Code for maximum fragment length (allowed values:
HannesTschofenig	0:796d0f61a05b	1328	* SSL_MAX_FRAG_LEN_512, SSL_MAX_FRAG_LEN_1024,
HannesTschofenig	0:796d0f61a05b	1329	* SSL_MAX_FRAG_LEN_2048, SSL_MAX_FRAG_LEN_4096)
HannesTschofenig	0:796d0f61a05b	1330	*
HannesTschofenig	0:796d0f61a05b	1331	* \return O if successful or POLARSSL_ERR_SSL_BAD_INPUT_DATA
HannesTschofenig	0:796d0f61a05b	1332	*/
HannesTschofenig	0:796d0f61a05b	1333	int ssl_set_max_frag_len( ssl_context *ssl, unsigned char mfl_code );
HannesTschofenig	0:796d0f61a05b	1334	#endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */
HannesTschofenig	0:796d0f61a05b	1335
HannesTschofenig	0:796d0f61a05b	1336	#if defined(POLARSSL_SSL_TRUNCATED_HMAC)
HannesTschofenig	0:796d0f61a05b	1337	/**
HannesTschofenig	0:796d0f61a05b	1338	* \brief Activate negotiation of truncated HMAC (Client only)
HannesTschofenig	0:796d0f61a05b	1339	* (Default: SSL_TRUNC_HMAC_ENABLED)
HannesTschofenig	0:796d0f61a05b	1340	*
HannesTschofenig	0:796d0f61a05b	1341	* \param ssl SSL context
HannesTschofenig	0:796d0f61a05b	1342	* \param truncate Enable or disable (SSL_TRUNC_HMAC_ENABLED or
HannesTschofenig	0:796d0f61a05b	1343	* SSL_TRUNC_HMAC_DISABLED)
HannesTschofenig	0:796d0f61a05b	1344	*
HannesTschofenig	0:796d0f61a05b	1345	* \return O if successful,
HannesTschofenig	0:796d0f61a05b	1346	* POLARSSL_ERR_SSL_BAD_INPUT_DATA if used server-side
HannesTschofenig	0:796d0f61a05b	1347	*/
HannesTschofenig	0:796d0f61a05b	1348	int ssl_set_truncated_hmac( ssl_context *ssl, int truncate );
HannesTschofenig	0:796d0f61a05b	1349	#endif /* POLARSSL_SSL_TRUNCATED_HMAC */
HannesTschofenig	0:796d0f61a05b	1350
HannesTschofenig	0:796d0f61a05b	1351	#if defined(POLARSSL_SSL_SESSION_TICKETS)
HannesTschofenig	0:796d0f61a05b	1352	/**
HannesTschofenig	0:796d0f61a05b	1353	* \brief Enable / Disable session tickets
HannesTschofenig	0:796d0f61a05b	1354	* (Default: SSL_SESSION_TICKETS_ENABLED on client,
HannesTschofenig	0:796d0f61a05b	1355	* SSL_SESSION_TICKETS_DISABLED on server)
HannesTschofenig	0:796d0f61a05b	1356	*
HannesTschofenig	0:796d0f61a05b	1357	* \note On server, ssl_set_rng() must be called before this function
HannesTschofenig	0:796d0f61a05b	1358	* to allow generating the ticket encryption and
HannesTschofenig	0:796d0f61a05b	1359	* authentication keys.
HannesTschofenig	0:796d0f61a05b	1360	*
HannesTschofenig	0:796d0f61a05b	1361	* \param ssl SSL context
HannesTschofenig	0:796d0f61a05b	1362	* \param use_tickets Enable or disable (SSL_SESSION_TICKETS_ENABLED or
HannesTschofenig	0:796d0f61a05b	1363	* SSL_SESSION_TICKETS_DISABLED)
HannesTschofenig	0:796d0f61a05b	1364	*
HannesTschofenig	0:796d0f61a05b	1365	* \return O if successful,
HannesTschofenig	0:796d0f61a05b	1366	* or a specific error code (server only).
HannesTschofenig	0:796d0f61a05b	1367	*/
HannesTschofenig	0:796d0f61a05b	1368	int ssl_set_session_tickets( ssl_context *ssl, int use_tickets );
HannesTschofenig	0:796d0f61a05b	1369
HannesTschofenig	0:796d0f61a05b	1370	/**
HannesTschofenig	0:796d0f61a05b	1371	* \brief Set session ticket lifetime (server only)
HannesTschofenig	0:796d0f61a05b	1372	* (Default: SSL_DEFAULT_TICKET_LIFETIME (86400 secs / 1 day))
HannesTschofenig	0:796d0f61a05b	1373	*
HannesTschofenig	0:796d0f61a05b	1374	* \param ssl SSL context
HannesTschofenig	0:796d0f61a05b	1375	* \param lifetime session ticket lifetime
HannesTschofenig	0:796d0f61a05b	1376	*/
HannesTschofenig	0:796d0f61a05b	1377	void ssl_set_session_ticket_lifetime( ssl_context *ssl, int lifetime );
HannesTschofenig	0:796d0f61a05b	1378	#endif /* POLARSSL_SSL_SESSION_TICKETS */
HannesTschofenig	0:796d0f61a05b	1379
HannesTschofenig	0:796d0f61a05b	1380	/**
HannesTschofenig	0:796d0f61a05b	1381	* \brief Enable / Disable renegotiation support for connection when
HannesTschofenig	0:796d0f61a05b	1382	* initiated by peer
HannesTschofenig	0:796d0f61a05b	1383	* (Default: SSL_RENEGOTIATION_DISABLED)
HannesTschofenig	0:796d0f61a05b	1384	*
HannesTschofenig	0:796d0f61a05b	1385	* Note: A server with support enabled is more vulnerable for a
HannesTschofenig	0:796d0f61a05b	1386	* resource DoS by a malicious client. You should enable this on
HannesTschofenig	0:796d0f61a05b	1387	* a client to enable server-initiated renegotiation.
HannesTschofenig	0:796d0f61a05b	1388	*
HannesTschofenig	0:796d0f61a05b	1389	* \param ssl SSL context
HannesTschofenig	0:796d0f61a05b	1390	* \param renegotiation Enable or disable (SSL_RENEGOTIATION_ENABLED or
HannesTschofenig	0:796d0f61a05b	1391	* SSL_RENEGOTIATION_DISABLED)
HannesTschofenig	0:796d0f61a05b	1392	*/
HannesTschofenig	0:796d0f61a05b	1393	void ssl_set_renegotiation( ssl_context *ssl, int renegotiation );
HannesTschofenig	0:796d0f61a05b	1394
HannesTschofenig	0:796d0f61a05b	1395	/**
HannesTschofenig	0:796d0f61a05b	1396	* \brief Prevent or allow legacy renegotiation.
HannesTschofenig	0:796d0f61a05b	1397	* (Default: SSL_LEGACY_NO_RENEGOTIATION)
HannesTschofenig	0:796d0f61a05b	1398	*
HannesTschofenig	0:796d0f61a05b	1399	* SSL_LEGACY_NO_RENEGOTIATION allows connections to
HannesTschofenig	0:796d0f61a05b	1400	* be established even if the peer does not support
HannesTschofenig	0:796d0f61a05b	1401	* secure renegotiation, but does not allow renegotiation
HannesTschofenig	0:796d0f61a05b	1402	* to take place if not secure.
HannesTschofenig	0:796d0f61a05b	1403	* (Interoperable and secure option)
HannesTschofenig	0:796d0f61a05b	1404	*
HannesTschofenig	0:796d0f61a05b	1405	* SSL_LEGACY_ALLOW_RENEGOTIATION allows renegotiations
HannesTschofenig	0:796d0f61a05b	1406	* with non-upgraded peers. Allowing legacy renegotiation
HannesTschofenig	0:796d0f61a05b	1407	* makes the connection vulnerable to specific man in the
HannesTschofenig	0:796d0f61a05b	1408	* middle attacks. (See RFC 5746)
HannesTschofenig	0:796d0f61a05b	1409	* (Most interoperable and least secure option)
HannesTschofenig	0:796d0f61a05b	1410	*
HannesTschofenig	0:796d0f61a05b	1411	* SSL_LEGACY_BREAK_HANDSHAKE breaks off connections
HannesTschofenig	0:796d0f61a05b	1412	* if peer does not support secure renegotiation. Results
HannesTschofenig	0:796d0f61a05b	1413	* in interoperability issues with non-upgraded peers
HannesTschofenig	0:796d0f61a05b	1414	* that do not support renegotiation altogether.
HannesTschofenig	0:796d0f61a05b	1415	* (Most secure option, interoperability issues)
HannesTschofenig	0:796d0f61a05b	1416	*
HannesTschofenig	0:796d0f61a05b	1417	* \param ssl SSL context
HannesTschofenig	0:796d0f61a05b	1418	* \param allow_legacy Prevent or allow (SSL_NO_LEGACY_RENEGOTIATION,
HannesTschofenig	0:796d0f61a05b	1419	* SSL_ALLOW_LEGACY_RENEGOTIATION or
HannesTschofenig	0:796d0f61a05b	1420	* SSL_LEGACY_BREAK_HANDSHAKE)
HannesTschofenig	0:796d0f61a05b	1421	*/
HannesTschofenig	0:796d0f61a05b	1422	void ssl_legacy_renegotiation( ssl_context *ssl, int allow_legacy );
HannesTschofenig	0:796d0f61a05b	1423
HannesTschofenig	0:796d0f61a05b	1424	/**
HannesTschofenig	0:796d0f61a05b	1425	* \brief Return the number of data bytes available to read
HannesTschofenig	0:796d0f61a05b	1426	*
HannesTschofenig	0:796d0f61a05b	1427	* \param ssl SSL context
HannesTschofenig	0:796d0f61a05b	1428	*
HannesTschofenig	0:796d0f61a05b	1429	* \return how many bytes are available in the read buffer
HannesTschofenig	0:796d0f61a05b	1430	*/
HannesTschofenig	0:796d0f61a05b	1431	size_t ssl_get_bytes_avail( const ssl_context *ssl );
HannesTschofenig	0:796d0f61a05b	1432
HannesTschofenig	0:796d0f61a05b	1433	/**
HannesTschofenig	0:796d0f61a05b	1434	* \brief Return the result of the certificate verification
HannesTschofenig	0:796d0f61a05b	1435	*
HannesTschofenig	0:796d0f61a05b	1436	* \param ssl SSL context
HannesTschofenig	0:796d0f61a05b	1437	*
HannesTschofenig	0:796d0f61a05b	1438	* \return 0 if successful, or a combination of:
HannesTschofenig	0:796d0f61a05b	1439	* BADCERT_EXPIRED
HannesTschofenig	0:796d0f61a05b	1440	* BADCERT_REVOKED
HannesTschofenig	0:796d0f61a05b	1441	* BADCERT_CN_MISMATCH
HannesTschofenig	0:796d0f61a05b	1442	* BADCERT_NOT_TRUSTED
HannesTschofenig	0:796d0f61a05b	1443	*/
HannesTschofenig	0:796d0f61a05b	1444	int ssl_get_verify_result( const ssl_context *ssl );
HannesTschofenig	0:796d0f61a05b	1445
HannesTschofenig	0:796d0f61a05b	1446	/**
HannesTschofenig	0:796d0f61a05b	1447	* \brief Return the name of the current ciphersuite
HannesTschofenig	0:796d0f61a05b	1448	*
HannesTschofenig	0:796d0f61a05b	1449	* \param ssl SSL context
HannesTschofenig	0:796d0f61a05b	1450	*
HannesTschofenig	0:796d0f61a05b	1451	* \return a string containing the ciphersuite name
HannesTschofenig	0:796d0f61a05b	1452	*/
HannesTschofenig	0:796d0f61a05b	1453	const char ssl_get_ciphersuite( const ssl_context ssl );
HannesTschofenig	0:796d0f61a05b	1454
HannesTschofenig	0:796d0f61a05b	1455	/**
HannesTschofenig	0:796d0f61a05b	1456	* \brief Return the current SSL version (SSLv3/TLSv1/etc)
HannesTschofenig	0:796d0f61a05b	1457	*
HannesTschofenig	0:796d0f61a05b	1458	* \param ssl SSL context
HannesTschofenig	0:796d0f61a05b	1459	*
HannesTschofenig	0:796d0f61a05b	1460	* \return a string containing the SSL version
HannesTschofenig	0:796d0f61a05b	1461	*/
HannesTschofenig	0:796d0f61a05b	1462	const char ssl_get_version( const ssl_context ssl );
HannesTschofenig	0:796d0f61a05b	1463
HannesTschofenig	0:796d0f61a05b	1464	#if defined(POLARSSL_X509_CRT_PARSE_C)
HannesTschofenig	0:796d0f61a05b	1465	/**
HannesTschofenig	0:796d0f61a05b	1466	* \brief Return the peer certificate from the current connection
HannesTschofenig	0:796d0f61a05b	1467	*
HannesTschofenig	0:796d0f61a05b	1468	* Note: Can be NULL in case no certificate was sent during
HannesTschofenig	0:796d0f61a05b	1469	* the handshake. Different calls for the same connection can
HannesTschofenig	0:796d0f61a05b	1470	* return the same or different pointers for the same
HannesTschofenig	0:796d0f61a05b	1471	* certificate and even a different certificate altogether.
HannesTschofenig	0:796d0f61a05b	1472	* The peer cert CAN change in a single connection if
HannesTschofenig	0:796d0f61a05b	1473	* renegotiation is performed.
HannesTschofenig	0:796d0f61a05b	1474	*
HannesTschofenig	0:796d0f61a05b	1475	* \param ssl SSL context
HannesTschofenig	0:796d0f61a05b	1476	*
HannesTschofenig	0:796d0f61a05b	1477	* \return the current peer certificate
HannesTschofenig	0:796d0f61a05b	1478	*/
HannesTschofenig	0:796d0f61a05b	1479	const x509_crt ssl_get_peer_cert( const ssl_context ssl );
HannesTschofenig	0:796d0f61a05b	1480	#endif /* POLARSSL_X509_CRT_PARSE_C */
HannesTschofenig	0:796d0f61a05b	1481
HannesTschofenig	0:796d0f61a05b	1482	/**
HannesTschofenig	0:796d0f61a05b	1483	* \brief Save session in order to resume it later (client-side only)
HannesTschofenig	0:796d0f61a05b	1484	* Session data is copied to presented session structure.
HannesTschofenig	0:796d0f61a05b	1485	*
HannesTschofenig	0:796d0f61a05b	1486	* \warning Currently, peer certificate is lost in the operation.
HannesTschofenig	0:796d0f61a05b	1487	*
HannesTschofenig	0:796d0f61a05b	1488	* \param ssl SSL context
HannesTschofenig	0:796d0f61a05b	1489	* \param session session context
HannesTschofenig	0:796d0f61a05b	1490	*
HannesTschofenig	0:796d0f61a05b	1491	* \return 0 if successful,
HannesTschofenig	0:796d0f61a05b	1492	* POLARSSL_ERR_SSL_MALLOC_FAILED if memory allocation failed,
HannesTschofenig	0:796d0f61a05b	1493	* POLARSSL_ERR_SSL_BAD_INPUT_DATA if used server-side or
HannesTschofenig	0:796d0f61a05b	1494	* arguments are otherwise invalid
HannesTschofenig	0:796d0f61a05b	1495	*
HannesTschofenig	0:796d0f61a05b	1496	* \sa ssl_set_session()
HannesTschofenig	0:796d0f61a05b	1497	*/
HannesTschofenig	0:796d0f61a05b	1498	int ssl_get_session( const ssl_context ssl, ssl_session session );
HannesTschofenig	0:796d0f61a05b	1499
HannesTschofenig	0:796d0f61a05b	1500	/**
HannesTschofenig	0:796d0f61a05b	1501	* \brief Perform the SSL handshake
HannesTschofenig	0:796d0f61a05b	1502	*
HannesTschofenig	0:796d0f61a05b	1503	* \param ssl SSL context
HannesTschofenig	0:796d0f61a05b	1504	*
HannesTschofenig	0:796d0f61a05b	1505	* \return 0 if successful, POLARSSL_ERR_NET_WANT_READ,
HannesTschofenig	0:796d0f61a05b	1506	* POLARSSL_ERR_NET_WANT_WRITE, or a specific SSL error code.
HannesTschofenig	0:796d0f61a05b	1507	*/
HannesTschofenig	0:796d0f61a05b	1508	int ssl_handshake( ssl_context *ssl );
HannesTschofenig	0:796d0f61a05b	1509
HannesTschofenig	0:796d0f61a05b	1510	/**
HannesTschofenig	0:796d0f61a05b	1511	* \brief Perform a single step of the SSL handshake
HannesTschofenig	0:796d0f61a05b	1512	*
HannesTschofenig	0:796d0f61a05b	1513	* Note: the state of the context (ssl->state) will be at
HannesTschofenig	0:796d0f61a05b	1514	* the following state after execution of this function.
HannesTschofenig	0:796d0f61a05b	1515	* Do not call this function if state is SSL_HANDSHAKE_OVER.
HannesTschofenig	0:796d0f61a05b	1516	*
HannesTschofenig	0:796d0f61a05b	1517	* \param ssl SSL context
HannesTschofenig	0:796d0f61a05b	1518	*
HannesTschofenig	0:796d0f61a05b	1519	* \return 0 if successful, POLARSSL_ERR_NET_WANT_READ,
HannesTschofenig	0:796d0f61a05b	1520	* POLARSSL_ERR_NET_WANT_WRITE, or a specific SSL error code.
HannesTschofenig	0:796d0f61a05b	1521	*/
HannesTschofenig	0:796d0f61a05b	1522	int ssl_handshake_step( ssl_context *ssl );
HannesTschofenig	0:796d0f61a05b	1523
HannesTschofenig	0:796d0f61a05b	1524	/**
HannesTschofenig	0:796d0f61a05b	1525	* \brief Initiate an SSL renegotiation on the running connection.
HannesTschofenig	0:796d0f61a05b	1526	* Client: perform the renegotiation right now.
HannesTschofenig	0:796d0f61a05b	1527	* Server: request renegotiation, which will be performed
HannesTschofenig	0:796d0f61a05b	1528	* during the next call to ssl_read() if honored by client.
HannesTschofenig	0:796d0f61a05b	1529	*
HannesTschofenig	0:796d0f61a05b	1530	* \param ssl SSL context
HannesTschofenig	0:796d0f61a05b	1531	*
HannesTschofenig	0:796d0f61a05b	1532	* \return 0 if successful, or any ssl_handshake() return value.
HannesTschofenig	0:796d0f61a05b	1533	*/
HannesTschofenig	0:796d0f61a05b	1534	int ssl_renegotiate( ssl_context *ssl );
HannesTschofenig	0:796d0f61a05b	1535
HannesTschofenig	0:796d0f61a05b	1536	/**
HannesTschofenig	0:796d0f61a05b	1537	* \brief Read at most 'len' application data bytes
HannesTschofenig	0:796d0f61a05b	1538	*
HannesTschofenig	0:796d0f61a05b	1539	* \param ssl SSL context
HannesTschofenig	0:796d0f61a05b	1540	* \param buf buffer that will hold the data
HannesTschofenig	0:796d0f61a05b	1541	* \param len how many bytes must be read
HannesTschofenig	0:796d0f61a05b	1542	*
HannesTschofenig	0:796d0f61a05b	1543	* \return This function returns the number of bytes read, 0 for EOF,
HannesTschofenig	0:796d0f61a05b	1544	* or a negative error code.
HannesTschofenig	0:796d0f61a05b	1545	*/
HannesTschofenig	0:796d0f61a05b	1546	int ssl_read( ssl_context ssl, unsigned char buf, size_t len );
HannesTschofenig	0:796d0f61a05b	1547
HannesTschofenig	0:796d0f61a05b	1548	/**
HannesTschofenig	0:796d0f61a05b	1549	* \brief Write exactly 'len' application data bytes
HannesTschofenig	0:796d0f61a05b	1550	*
HannesTschofenig	0:796d0f61a05b	1551	* \param ssl SSL context
HannesTschofenig	0:796d0f61a05b	1552	* \param buf buffer holding the data
HannesTschofenig	0:796d0f61a05b	1553	* \param len how many bytes must be written
HannesTschofenig	0:796d0f61a05b	1554	*
HannesTschofenig	0:796d0f61a05b	1555	* \return This function returns the number of bytes written,
HannesTschofenig	0:796d0f61a05b	1556	* or a negative error code.
HannesTschofenig	0:796d0f61a05b	1557	*
HannesTschofenig	0:796d0f61a05b	1558	* \note When this function returns POLARSSL_ERR_NET_WANT_WRITE,
HannesTschofenig	0:796d0f61a05b	1559	* it must be called later with the same arguments,
HannesTschofenig	0:796d0f61a05b	1560	* until it returns a positive value.
HannesTschofenig	0:796d0f61a05b	1561	*/
HannesTschofenig	0:796d0f61a05b	1562	int ssl_write( ssl_context ssl, const unsigned char buf, size_t len );
HannesTschofenig	0:796d0f61a05b	1563
HannesTschofenig	0:796d0f61a05b	1564	/**
HannesTschofenig	0:796d0f61a05b	1565	* \brief Send an alert message
HannesTschofenig	0:796d0f61a05b	1566	*
HannesTschofenig	0:796d0f61a05b	1567	* \param ssl SSL context
HannesTschofenig	0:796d0f61a05b	1568	* \param level The alert level of the message
HannesTschofenig	0:796d0f61a05b	1569	* (SSL_ALERT_LEVEL_WARNING or SSL_ALERT_LEVEL_FATAL)
HannesTschofenig	0:796d0f61a05b	1570	* \param message The alert message (SSL_ALERT_MSG_*)
HannesTschofenig	0:796d0f61a05b	1571	*
HannesTschofenig	0:796d0f61a05b	1572	* \return 0 if successful, or a specific SSL error code.
HannesTschofenig	0:796d0f61a05b	1573	*/
HannesTschofenig	0:796d0f61a05b	1574	int ssl_send_alert_message( ssl_context *ssl,
HannesTschofenig	0:796d0f61a05b	1575	unsigned char level,
HannesTschofenig	0:796d0f61a05b	1576	unsigned char message );
HannesTschofenig	0:796d0f61a05b	1577	/**
HannesTschofenig	0:796d0f61a05b	1578	* \brief Notify the peer that the connection is being closed
HannesTschofenig	0:796d0f61a05b	1579	*
HannesTschofenig	0:796d0f61a05b	1580	* \param ssl SSL context
HannesTschofenig	0:796d0f61a05b	1581	*/
HannesTschofenig	0:796d0f61a05b	1582	int ssl_close_notify( ssl_context *ssl );
HannesTschofenig	0:796d0f61a05b	1583
HannesTschofenig	0:796d0f61a05b	1584	/**
HannesTschofenig	0:796d0f61a05b	1585	* \brief Free referenced items in an SSL context and clear memory
HannesTschofenig	0:796d0f61a05b	1586	*
HannesTschofenig	0:796d0f61a05b	1587	* \param ssl SSL context
HannesTschofenig	0:796d0f61a05b	1588	*/
HannesTschofenig	0:796d0f61a05b	1589	void ssl_free( ssl_context *ssl );
HannesTschofenig	0:796d0f61a05b	1590
HannesTschofenig	0:796d0f61a05b	1591	/**
HannesTschofenig	0:796d0f61a05b	1592	* \brief Free referenced items in an SSL session including the
HannesTschofenig	0:796d0f61a05b	1593	* peer certificate and clear memory
HannesTschofenig	0:796d0f61a05b	1594	*
HannesTschofenig	0:796d0f61a05b	1595	* \param session SSL session
HannesTschofenig	0:796d0f61a05b	1596	*/
HannesTschofenig	0:796d0f61a05b	1597	void ssl_session_free( ssl_session *session );
HannesTschofenig	0:796d0f61a05b	1598
HannesTschofenig	0:796d0f61a05b	1599	/**
HannesTschofenig	0:796d0f61a05b	1600	* \brief Free referenced items in an SSL transform context and clear
HannesTschofenig	0:796d0f61a05b	1601	* memory
HannesTschofenig	0:796d0f61a05b	1602	*
HannesTschofenig	0:796d0f61a05b	1603	* \param transform SSL transform context
HannesTschofenig	0:796d0f61a05b	1604	*/
HannesTschofenig	0:796d0f61a05b	1605	void ssl_transform_free( ssl_transform *transform );
HannesTschofenig	0:796d0f61a05b	1606
HannesTschofenig	0:796d0f61a05b	1607	/**
HannesTschofenig	0:796d0f61a05b	1608	* \brief Free referenced items in an SSL handshake context and clear
HannesTschofenig	0:796d0f61a05b	1609	* memory
HannesTschofenig	0:796d0f61a05b	1610	*
HannesTschofenig	0:796d0f61a05b	1611	* \param handshake SSL handshake context
HannesTschofenig	0:796d0f61a05b	1612	*/
HannesTschofenig	0:796d0f61a05b	1613	void ssl_handshake_free( ssl_handshake_params *handshake );
HannesTschofenig	0:796d0f61a05b	1614
HannesTschofenig	0:796d0f61a05b	1615	/*
HannesTschofenig	0:796d0f61a05b	1616	* Internal functions (do not call directly)
HannesTschofenig	0:796d0f61a05b	1617	*/
HannesTschofenig	0:796d0f61a05b	1618	int ssl_handshake_client_step( ssl_context *ssl );
HannesTschofenig	0:796d0f61a05b	1619	int ssl_handshake_server_step( ssl_context *ssl );
HannesTschofenig	0:796d0f61a05b	1620	void ssl_handshake_wrapup( ssl_context *ssl );
HannesTschofenig	0:796d0f61a05b	1621
HannesTschofenig	0:796d0f61a05b	1622	int ssl_send_fatal_handshake_failure( ssl_context *ssl );
HannesTschofenig	0:796d0f61a05b	1623
HannesTschofenig	0:796d0f61a05b	1624	int ssl_derive_keys( ssl_context *ssl );
HannesTschofenig	0:796d0f61a05b	1625
HannesTschofenig	0:796d0f61a05b	1626	int ssl_read_record( ssl_context *ssl );
HannesTschofenig	0:796d0f61a05b	1627	/**
HannesTschofenig	0:796d0f61a05b	1628	* \return 0 if successful, POLARSSL_ERR_SSL_CONN_EOF on EOF or
HannesTschofenig	0:796d0f61a05b	1629	* another negative error code.
HannesTschofenig	0:796d0f61a05b	1630	*/
HannesTschofenig	0:796d0f61a05b	1631	int ssl_fetch_input( ssl_context *ssl, size_t nb_want );
HannesTschofenig	0:796d0f61a05b	1632
HannesTschofenig	0:796d0f61a05b	1633	int ssl_write_record( ssl_context *ssl );
HannesTschofenig	0:796d0f61a05b	1634	int ssl_flush_output( ssl_context *ssl );
HannesTschofenig	0:796d0f61a05b	1635
HannesTschofenig	0:796d0f61a05b	1636	int ssl_parse_certificate( ssl_context *ssl );
HannesTschofenig	0:796d0f61a05b	1637	int ssl_write_certificate( ssl_context *ssl );
HannesTschofenig	0:796d0f61a05b	1638
HannesTschofenig	0:796d0f61a05b	1639	int ssl_parse_change_cipher_spec( ssl_context *ssl );
HannesTschofenig	0:796d0f61a05b	1640	int ssl_write_change_cipher_spec( ssl_context *ssl );
HannesTschofenig	0:796d0f61a05b	1641
HannesTschofenig	0:796d0f61a05b	1642	int ssl_parse_finished( ssl_context *ssl );
HannesTschofenig	0:796d0f61a05b	1643	int ssl_write_finished( ssl_context *ssl );
HannesTschofenig	0:796d0f61a05b	1644
HannesTschofenig	0:796d0f61a05b	1645	void ssl_optimize_checksum( ssl_context *ssl,
HannesTschofenig	0:796d0f61a05b	1646	const ssl_ciphersuite_t *ciphersuite_info );
HannesTschofenig	0:796d0f61a05b	1647
HannesTschofenig	0:796d0f61a05b	1648	#if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
HannesTschofenig	0:796d0f61a05b	1649	int ssl_psk_derive_premaster( ssl_context *ssl, key_exchange_type_t key_ex );
HannesTschofenig	0:796d0f61a05b	1650	#endif
HannesTschofenig	0:796d0f61a05b	1651
HannesTschofenig	0:796d0f61a05b	1652	#if defined(POLARSSL_PK_C)
HannesTschofenig	0:796d0f61a05b	1653	unsigned char ssl_sig_from_pk( pk_context *pk );
HannesTschofenig	0:796d0f61a05b	1654	pk_type_t ssl_pk_alg_from_sig( unsigned char sig );
HannesTschofenig	0:796d0f61a05b	1655	#endif
HannesTschofenig	0:796d0f61a05b	1656
HannesTschofenig	0:796d0f61a05b	1657	md_type_t ssl_md_alg_from_hash( unsigned char hash );
HannesTschofenig	0:796d0f61a05b	1658
HannesTschofenig	0:796d0f61a05b	1659	#if defined(POLARSSL_SSL_SET_CURVES)
HannesTschofenig	0:796d0f61a05b	1660	int ssl_curve_is_acceptable( const ssl_context *ssl, ecp_group_id grp_id );
HannesTschofenig	0:796d0f61a05b	1661	#endif
HannesTschofenig	0:796d0f61a05b	1662
HannesTschofenig	0:796d0f61a05b	1663	#if defined(POLARSSL_X509_CRT_PARSE_C)
HannesTschofenig	0:796d0f61a05b	1664	static inline pk_context ssl_own_key( ssl_context ssl )
HannesTschofenig	0:796d0f61a05b	1665	{
HannesTschofenig	0:796d0f61a05b	1666	return( ssl->handshake->key_cert == NULL ? NULL
HannesTschofenig	0:796d0f61a05b	1667	: ssl->handshake->key_cert->key );
HannesTschofenig	0:796d0f61a05b	1668	}
HannesTschofenig	0:796d0f61a05b	1669
HannesTschofenig	0:796d0f61a05b	1670	static inline x509_crt ssl_own_cert( ssl_context ssl )
HannesTschofenig	0:796d0f61a05b	1671	{
HannesTschofenig	0:796d0f61a05b	1672	return( ssl->handshake->key_cert == NULL ? NULL
HannesTschofenig	0:796d0f61a05b	1673	: ssl->handshake->key_cert->cert );
HannesTschofenig	0:796d0f61a05b	1674	}
HannesTschofenig	0:796d0f61a05b	1675
HannesTschofenig	0:796d0f61a05b	1676	/*
HannesTschofenig	0:796d0f61a05b	1677	* Check usage of a certificate wrt extensions:
HannesTschofenig	0:796d0f61a05b	1678	* keyUsage, extendedKeyUsage (later), and nSCertType (later).
HannesTschofenig	0:796d0f61a05b	1679	*
HannesTschofenig	0:796d0f61a05b	1680	* Warning: cert_endpoint is the endpoint of the cert (ie, of our peer when we
HannesTschofenig	0:796d0f61a05b	1681	* check a cert we received from them)!
HannesTschofenig	0:796d0f61a05b	1682	*
HannesTschofenig	0:796d0f61a05b	1683	* Return 0 if everything is OK, -1 if not.
HannesTschofenig	0:796d0f61a05b	1684	*/
HannesTschofenig	0:796d0f61a05b	1685	int ssl_check_cert_usage( const x509_crt *cert,
HannesTschofenig	0:796d0f61a05b	1686	const ssl_ciphersuite_t *ciphersuite,
HannesTschofenig	0:796d0f61a05b	1687	int cert_endpoint );
HannesTschofenig	0:796d0f61a05b	1688	#endif /* POLARSSL_X509_CRT_PARSE_C */
HannesTschofenig	0:796d0f61a05b	1689
HannesTschofenig	0:796d0f61a05b	1690	/* constant-time buffer comparison */
HannesTschofenig	0:796d0f61a05b	1691	static inline int safer_memcmp( const void a, const void b, size_t n )
HannesTschofenig	0:796d0f61a05b	1692	{
HannesTschofenig	0:796d0f61a05b	1693	size_t i;
HannesTschofenig	0:796d0f61a05b	1694	const unsigned char A = (const unsigned char ) a;
HannesTschofenig	0:796d0f61a05b	1695	const unsigned char B = (const unsigned char ) b;
HannesTschofenig	0:796d0f61a05b	1696	unsigned char diff = 0;
HannesTschofenig	0:796d0f61a05b	1697
HannesTschofenig	0:796d0f61a05b	1698	for( i = 0; i < n; i++ )
HannesTschofenig	0:796d0f61a05b	1699	diff \|= A[i] ^ B[i];
HannesTschofenig	0:796d0f61a05b	1700
HannesTschofenig	0:796d0f61a05b	1701	return( diff );
HannesTschofenig	0:796d0f61a05b	1702	}
HannesTschofenig	0:796d0f61a05b	1703
HannesTschofenig	0:796d0f61a05b	1704	#ifdef __cplusplus
HannesTschofenig	0:796d0f61a05b	1705	}
HannesTschofenig	0:796d0f61a05b	1706	#endif
HannesTschofenig	0:796d0f61a05b	1707
HannesTschofenig	0:796d0f61a05b	1708	#endif /* ssl.h */
HannesTschofenig	0:796d0f61a05b	1709
HannesTschofenig	0:796d0f61a05b	1710

Repository toolbox

Export to desktop IDE

Build repository

Repository details

Type:	Program
Mbed OS support:	Mbed 2 deprecated
Created:	27 Sep 2018
Imports:	11
Forks:	0
Commits:	1
Dependents:	0
Dependencies:	1
Followers:	1

The code in this repository is Apache licensed.

SSL/include/polarssl/ssl.h@0:796d0f61a05b, 2018-09-27 (annotated)

Who changed what in which revision?

Repository toolbox

Repository details

Important Information for this Arm website

Access Warning