Hannes Tschofenig
/
aes-gcm-test-program
Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
Embed:
(wiki syntax)
Show/hide line numbers
ssl.h
Go to the documentation of this file.
00001 /** 00002 * \file ssl.h 00003 * 00004 * \brief SSL/TLS functions. 00005 * 00006 * Copyright (C) 2006-2014, Brainspark B.V. 00007 * 00008 * This file is part of PolarSSL (http://www.polarssl.org) 00009 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> 00010 * 00011 * All rights reserved. 00012 * 00013 * This program is free software; you can redistribute it and/or modify 00014 * it under the terms of the GNU General Public License as published by 00015 * the Free Software Foundation; either version 2 of the License, or 00016 * (at your option) any later version. 00017 * 00018 * This program is distributed in the hope that it will be useful, 00019 * but WITHOUT ANY WARRANTY; without even the implied warranty of 00020 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 00021 * GNU General Public License for more details. 00022 * 00023 * You should have received a copy of the GNU General Public License along 00024 * with this program; if not, write to the Free Software Foundation, Inc., 00025 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 00026 */ 00027 #ifndef POLARSSL_SSL_H 00028 #define POLARSSL_SSL_H 00029 00030 #if !defined(POLARSSL_CONFIG_FILE) 00031 #include "config.h" 00032 #else 00033 #include POLARSSL_CONFIG_FILE 00034 #endif 00035 #include "net.h" 00036 #include "bignum.h" 00037 00038 #include "ssl_ciphersuites.h" 00039 00040 #if defined(POLARSSL_MD5_C) 00041 #include "md5.h" 00042 #endif 00043 00044 #if defined(POLARSSL_SHA1_C) 00045 #include "sha1.h" 00046 #endif 00047 00048 #if defined(POLARSSL_SHA256_C) 00049 #include "sha256.h" 00050 #endif 00051 00052 #if defined(POLARSSL_SHA512_C) 00053 #include "sha512.h" 00054 #endif 00055 00056 // for session tickets 00057 #if defined(POLARSSL_AES_C) 00058 #include "aes.h" 00059 #endif 00060 00061 #if defined(POLARSSL_X509_CRT_PARSE_C) 00062 #include "x509_crt.h" 00063 #include "x509_crl.h" 00064 #endif 00065 00066 #if defined(POLARSSL_DHM_C) 00067 #include "dhm.h" 00068 #endif 00069 00070 #if defined(POLARSSL_ECDH_C) 00071 #include "ecdh.h" 00072 #endif 00073 00074 #if defined(POLARSSL_ZLIB_SUPPORT) 00075 #include "zlib.h" 00076 #endif 00077 00078 #if defined(POLARSSL_HAVE_TIME) 00079 #include <time.h> 00080 #endif 00081 00082 /* For convenience below and in programs */ 00083 #if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) || \ 00084 defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED) || \ 00085 defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED) || \ 00086 defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED) 00087 #define POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED 00088 #endif 00089 00090 #if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ 00091 defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ 00092 defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED) 00093 #define POLARSSL_KEY_EXCHANGE__SOME__ECDHE_ENABLED 00094 #endif 00095 00096 #if defined(_MSC_VER) && !defined(inline) 00097 #define inline _inline 00098 #else 00099 #if defined(__ARMCC_VERSION) && !defined(inline) 00100 #define inline __inline 00101 #endif /* __ARMCC_VERSION */ 00102 #endif /*_MSC_VER */ 00103 00104 /* 00105 * SSL Error codes 00106 */ 00107 #define POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE -0x7080 /**< The requested feature is not available. */ 00108 #define POLARSSL_ERR_SSL_BAD_INPUT_DATA -0x7100 /**< Bad input parameters to function. */ 00109 #define POLARSSL_ERR_SSL_INVALID_MAC -0x7180 /**< Verification of the message MAC failed. */ 00110 #define POLARSSL_ERR_SSL_INVALID_RECORD -0x7200 /**< An invalid SSL record was received. */ 00111 #define POLARSSL_ERR_SSL_CONN_EOF -0x7280 /**< The connection indicated an EOF. */ 00112 #define POLARSSL_ERR_SSL_UNKNOWN_CIPHER -0x7300 /**< An unknown cipher was received. */ 00113 #define POLARSSL_ERR_SSL_NO_CIPHER_CHOSEN -0x7380 /**< The server has no ciphersuites in common with the client. */ 00114 #define POLARSSL_ERR_SSL_NO_RNG -0x7400 /**< No RNG was provided to the SSL module. */ 00115 #define POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE -0x7480 /**< No client certification received from the client, but required by the authentication mode. */ 00116 #define POLARSSL_ERR_SSL_CERTIFICATE_TOO_LARGE -0x7500 /**< Our own certificate(s) is/are too large to send in an SSL message.*/ 00117 #define POLARSSL_ERR_SSL_CERTIFICATE_REQUIRED -0x7580 /**< The own certificate is not set, but needed by the server. */ 00118 #define POLARSSL_ERR_SSL_PRIVATE_KEY_REQUIRED -0x7600 /**< The own private key or pre-shared key is not set, but needed. */ 00119 #define POLARSSL_ERR_SSL_CA_CHAIN_REQUIRED -0x7680 /**< No CA Chain is set, but required to operate. */ 00120 #define POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE -0x7700 /**< An unexpected message was received from our peer. */ 00121 #define POLARSSL_ERR_SSL_FATAL_ALERT_MESSAGE -0x7780 /**< A fatal alert message was received from our peer. */ 00122 #define POLARSSL_ERR_SSL_PEER_VERIFY_FAILED -0x7800 /**< Verification of our peer failed. */ 00123 #define POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY -0x7880 /**< The peer notified us that the connection is going to be closed. */ 00124 #define POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO -0x7900 /**< Processing of the ClientHello handshake message failed. */ 00125 #define POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO -0x7980 /**< Processing of the ServerHello handshake message failed. */ 00126 #define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE -0x7A00 /**< Processing of the Certificate handshake message failed. */ 00127 #define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST -0x7A80 /**< Processing of the CertificateRequest handshake message failed. */ 00128 #define POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE -0x7B00 /**< Processing of the ServerKeyExchange handshake message failed. */ 00129 #define POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO_DONE -0x7B80 /**< Processing of the ServerHelloDone handshake message failed. */ 00130 #define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE -0x7C00 /**< Processing of the ClientKeyExchange handshake message failed. */ 00131 #define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP -0x7C80 /**< Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Read Public. */ 00132 #define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS -0x7D00 /**< Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Calculate Secret. */ 00133 #define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY -0x7D80 /**< Processing of the CertificateVerify handshake message failed. */ 00134 #define POLARSSL_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC -0x7E00 /**< Processing of the ChangeCipherSpec handshake message failed. */ 00135 #define POLARSSL_ERR_SSL_BAD_HS_FINISHED -0x7E80 /**< Processing of the Finished handshake message failed. */ 00136 #define POLARSSL_ERR_SSL_MALLOC_FAILED -0x7F00 /**< Memory allocation failed */ 00137 #define POLARSSL_ERR_SSL_HW_ACCEL_FAILED -0x7F80 /**< Hardware acceleration function returned with error */ 00138 #define POLARSSL_ERR_SSL_HW_ACCEL_FALLTHROUGH -0x6F80 /**< Hardware acceleration function skipped / left alone data */ 00139 #define POLARSSL_ERR_SSL_COMPRESSION_FAILED -0x6F00 /**< Processing of the compression / decompression failed */ 00140 #define POLARSSL_ERR_SSL_BAD_HS_PROTOCOL_VERSION -0x6E80 /**< Handshake protocol not within min/max boundaries */ 00141 #define POLARSSL_ERR_SSL_BAD_HS_NEW_SESSION_TICKET -0x6E00 /**< Processing of the NewSessionTicket handshake message failed. */ 00142 #define POLARSSL_ERR_SSL_SESSION_TICKET_EXPIRED -0x6D80 /**< Session ticket has expired. */ 00143 #define POLARSSL_ERR_SSL_PK_TYPE_MISMATCH -0x6D00 /**< Public key type mismatch (eg, asked for RSA key exchange and presented EC key) */ 00144 #define POLARSSL_ERR_SSL_UNKNOWN_IDENTITY -0x6C80 /**< Unknown identity received (eg, PSK identity) */ 00145 #define POLARSSL_ERR_SSL_INTERNAL_ERROR -0x6C00 /**< Internal error (eg, unexpected failure in lower-level module) */ 00146 #define POLARSSL_ERR_SSL_COUNTER_WRAPPING -0x6B80 /**< A counter would wrap (eg, too many messages exchanged). */ 00147 00148 /* 00149 * Various constants 00150 */ 00151 #define SSL_MAJOR_VERSION_3 3 00152 #define SSL_MINOR_VERSION_0 0 /*!< SSL v3.0 */ 00153 #define SSL_MINOR_VERSION_1 1 /*!< TLS v1.0 */ 00154 #define SSL_MINOR_VERSION_2 2 /*!< TLS v1.1 */ 00155 #define SSL_MINOR_VERSION_3 3 /*!< TLS v1.2 */ 00156 00157 /* Determine minimum supported version */ 00158 #define SSL_MIN_MAJOR_VERSION SSL_MAJOR_VERSION_3 00159 00160 #if defined(POLARSSL_SSL_PROTO_SSL3) 00161 #define SSL_MIN_MINOR_VERSION SSL_MINOR_VERSION_0 00162 #else 00163 #if defined(POLARSSL_SSL_PROTO_TLS1) 00164 #define SSL_MIN_MINOR_VERSION SSL_MINOR_VERSION_1 00165 #else 00166 #if defined(POLARSSL_SSL_PROTO_TLS1_1) 00167 #define SSL_MIN_MINOR_VERSION SSL_MINOR_VERSION_2 00168 #else 00169 #if defined(POLARSSL_SSL_PROTO_TLS1_2) 00170 #define SSL_MIN_MINOR_VERSION SSL_MINOR_VERSION_3 00171 #endif /* POLARSSL_SSL_PROTO_TLS1_2 */ 00172 #endif /* POLARSSL_SSL_PROTO_TLS1_1 */ 00173 #endif /* POLARSSL_SSL_PROTO_TLS1 */ 00174 #endif /* POLARSSL_SSL_PROTO_SSL3 */ 00175 00176 /* Determine maximum supported version */ 00177 #define SSL_MAX_MAJOR_VERSION SSL_MAJOR_VERSION_3 00178 00179 #if defined(POLARSSL_SSL_PROTO_TLS1_2) 00180 #define SSL_MAX_MINOR_VERSION SSL_MINOR_VERSION_3 00181 #else 00182 #if defined(POLARSSL_SSL_PROTO_TLS1_1) 00183 #define SSL_MAX_MINOR_VERSION SSL_MINOR_VERSION_2 00184 #else 00185 #if defined(POLARSSL_SSL_PROTO_TLS1) 00186 #define SSL_MAX_MINOR_VERSION SSL_MINOR_VERSION_1 00187 #else 00188 #if defined(POLARSSL_SSL_PROTO_SSL3) 00189 #define SSL_MAX_MINOR_VERSION SSL_MINOR_VERSION_0 00190 #endif /* POLARSSL_SSL_PROTO_SSL3 */ 00191 #endif /* POLARSSL_SSL_PROTO_TLS1 */ 00192 #endif /* POLARSSL_SSL_PROTO_TLS1_1 */ 00193 #endif /* POLARSSL_SSL_PROTO_TLS1_2 */ 00194 00195 /* RFC 6066 section 4, see also mfl_code_to_length in ssl_tls.c 00196 * NONE must be zero so that memset()ing structure to zero works */ 00197 #define SSL_MAX_FRAG_LEN_NONE 0 /*!< don't use this extension */ 00198 #define SSL_MAX_FRAG_LEN_512 1 /*!< MaxFragmentLength 2^9 */ 00199 #define SSL_MAX_FRAG_LEN_1024 2 /*!< MaxFragmentLength 2^10 */ 00200 #define SSL_MAX_FRAG_LEN_2048 3 /*!< MaxFragmentLength 2^11 */ 00201 #define SSL_MAX_FRAG_LEN_4096 4 /*!< MaxFragmentLength 2^12 */ 00202 #define SSL_MAX_FRAG_LEN_INVALID 5 /*!< first invalid value */ 00203 00204 #define SSL_IS_CLIENT 0 00205 #define SSL_IS_SERVER 1 00206 #define SSL_COMPRESS_NULL 0 00207 #define SSL_COMPRESS_DEFLATE 1 00208 00209 #define SSL_VERIFY_NONE 0 00210 #define SSL_VERIFY_OPTIONAL 1 00211 #define SSL_VERIFY_REQUIRED 2 00212 00213 #define SSL_INITIAL_HANDSHAKE 0 00214 #define SSL_RENEGOTIATION 1 /* In progress */ 00215 #define SSL_RENEGOTIATION_DONE 2 /* Done */ 00216 #define SSL_RENEGOTIATION_PENDING 3 /* Requested (server only) */ 00217 00218 #define SSL_LEGACY_RENEGOTIATION 0 00219 #define SSL_SECURE_RENEGOTIATION 1 00220 00221 #define SSL_RENEGOTIATION_DISABLED 0 00222 #define SSL_RENEGOTIATION_ENABLED 1 00223 00224 #define SSL_LEGACY_NO_RENEGOTIATION 0 00225 #define SSL_LEGACY_ALLOW_RENEGOTIATION 1 00226 #define SSL_LEGACY_BREAK_HANDSHAKE 2 00227 00228 #define SSL_TRUNC_HMAC_DISABLED 0 00229 #define SSL_TRUNC_HMAC_ENABLED 1 00230 #define SSL_TRUNCATED_HMAC_LEN 10 /* 80 bits, rfc 6066 section 7 */ 00231 00232 #define SSL_SESSION_TICKETS_DISABLED 0 00233 #define SSL_SESSION_TICKETS_ENABLED 1 00234 00235 /** 00236 * \name SECTION: Module settings 00237 * 00238 * The configuration options you can set for this module are in this section. 00239 * Either change them in config.h or define them on the compiler command line. 00240 * \{ 00241 */ 00242 00243 #if !defined(SSL_DEFAULT_TICKET_LIFETIME) 00244 #define SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tickets (if enabled) */ 00245 #endif 00246 00247 /* 00248 * Size of the input / output buffer. 00249 * Note: the RFC defines the default size of SSL / TLS messages. If you 00250 * change the value here, other clients / servers may not be able to 00251 * communicate with you anymore. Only change this value if you control 00252 * both sides of the connection and have it reduced at both sides! 00253 */ 00254 #if !defined(SSL_MAX_CONTENT_LEN) 00255 #define SSL_MAX_CONTENT_LEN 16384 /**< Size of the input / output buffer */ 00256 #endif 00257 00258 /* \} name SECTION: Module settings */ 00259 00260 /* 00261 * Allow an extra 301 bytes for the record header 00262 * and encryption overhead: counter (8) + header (5) + MAC (32) + padding (256) 00263 * and allow for a maximum of 1024 of compression expansion if 00264 * enabled. 00265 */ 00266 #if defined(POLARSSL_ZLIB_SUPPORT) 00267 #define SSL_COMPRESSION_ADD 1024 00268 #else 00269 #define SSL_COMPRESSION_ADD 0 00270 #endif 00271 00272 #define SSL_BUFFER_LEN (SSL_MAX_CONTENT_LEN + SSL_COMPRESSION_ADD + 301) 00273 00274 #define SSL_EMPTY_RENEGOTIATION_INFO 0xFF /**< renegotiation info ext */ 00275 00276 /* 00277 * Supported Signature and Hash algorithms (For TLS 1.2) 00278 * RFC 5246 section 7.4.1.4.1 00279 */ 00280 #define SSL_HASH_NONE 0 00281 #define SSL_HASH_MD5 1 00282 #define SSL_HASH_SHA1 2 00283 #define SSL_HASH_SHA224 3 00284 #define SSL_HASH_SHA256 4 00285 #define SSL_HASH_SHA384 5 00286 #define SSL_HASH_SHA512 6 00287 00288 #define SSL_SIG_ANON 0 00289 #define SSL_SIG_RSA 1 00290 #define SSL_SIG_ECDSA 3 00291 00292 /* 00293 * Client Certificate Types 00294 * RFC 5246 section 7.4.4 plus RFC 4492 section 5.5 00295 */ 00296 #define SSL_CERT_TYPE_RSA_SIGN 1 00297 #define SSL_CERT_TYPE_ECDSA_SIGN 64 00298 00299 /* 00300 * Message, alert and handshake types 00301 */ 00302 #define SSL_MSG_CHANGE_CIPHER_SPEC 20 00303 #define SSL_MSG_ALERT 21 00304 #define SSL_MSG_HANDSHAKE 22 00305 #define SSL_MSG_APPLICATION_DATA 23 00306 00307 #define SSL_ALERT_LEVEL_WARNING 1 00308 #define SSL_ALERT_LEVEL_FATAL 2 00309 00310 #define SSL_ALERT_MSG_CLOSE_NOTIFY 0 /* 0x00 */ 00311 #define SSL_ALERT_MSG_UNEXPECTED_MESSAGE 10 /* 0x0A */ 00312 #define SSL_ALERT_MSG_BAD_RECORD_MAC 20 /* 0x14 */ 00313 #define SSL_ALERT_MSG_DECRYPTION_FAILED 21 /* 0x15 */ 00314 #define SSL_ALERT_MSG_RECORD_OVERFLOW 22 /* 0x16 */ 00315 #define SSL_ALERT_MSG_DECOMPRESSION_FAILURE 30 /* 0x1E */ 00316 #define SSL_ALERT_MSG_HANDSHAKE_FAILURE 40 /* 0x28 */ 00317 #define SSL_ALERT_MSG_NO_CERT 41 /* 0x29 */ 00318 #define SSL_ALERT_MSG_BAD_CERT 42 /* 0x2A */ 00319 #define SSL_ALERT_MSG_UNSUPPORTED_CERT 43 /* 0x2B */ 00320 #define SSL_ALERT_MSG_CERT_REVOKED 44 /* 0x2C */ 00321 #define SSL_ALERT_MSG_CERT_EXPIRED 45 /* 0x2D */ 00322 #define SSL_ALERT_MSG_CERT_UNKNOWN 46 /* 0x2E */ 00323 #define SSL_ALERT_MSG_ILLEGAL_PARAMETER 47 /* 0x2F */ 00324 #define SSL_ALERT_MSG_UNKNOWN_CA 48 /* 0x30 */ 00325 #define SSL_ALERT_MSG_ACCESS_DENIED 49 /* 0x31 */ 00326 #define SSL_ALERT_MSG_DECODE_ERROR 50 /* 0x32 */ 00327 #define SSL_ALERT_MSG_DECRYPT_ERROR 51 /* 0x33 */ 00328 #define SSL_ALERT_MSG_EXPORT_RESTRICTION 60 /* 0x3C */ 00329 #define SSL_ALERT_MSG_PROTOCOL_VERSION 70 /* 0x46 */ 00330 #define SSL_ALERT_MSG_INSUFFICIENT_SECURITY 71 /* 0x47 */ 00331 #define SSL_ALERT_MSG_INTERNAL_ERROR 80 /* 0x50 */ 00332 #define SSL_ALERT_MSG_USER_CANCELED 90 /* 0x5A */ 00333 #define SSL_ALERT_MSG_NO_RENEGOTIATION 100 /* 0x64 */ 00334 #define SSL_ALERT_MSG_UNSUPPORTED_EXT 110 /* 0x6E */ 00335 #define SSL_ALERT_MSG_UNRECOGNIZED_NAME 112 /* 0x70 */ 00336 #define SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY 115 /* 0x73 */ 00337 #define SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL 120 /* 0x78 */ 00338 00339 #define SSL_HS_HELLO_REQUEST 0 00340 #define SSL_HS_CLIENT_HELLO 1 00341 #define SSL_HS_SERVER_HELLO 2 00342 #define SSL_HS_NEW_SESSION_TICKET 4 00343 #define SSL_HS_CERTIFICATE 11 00344 #define SSL_HS_SERVER_KEY_EXCHANGE 12 00345 #define SSL_HS_CERTIFICATE_REQUEST 13 00346 #define SSL_HS_SERVER_HELLO_DONE 14 00347 #define SSL_HS_CERTIFICATE_VERIFY 15 00348 #define SSL_HS_CLIENT_KEY_EXCHANGE 16 00349 #define SSL_HS_FINISHED 20 00350 00351 /* 00352 * TLS extensions 00353 */ 00354 #define TLS_EXT_SERVERNAME 0 00355 #define TLS_EXT_SERVERNAME_HOSTNAME 0 00356 00357 #define TLS_EXT_MAX_FRAGMENT_LENGTH 1 00358 00359 #define TLS_EXT_TRUNCATED_HMAC 4 00360 00361 #define TLS_EXT_SUPPORTED_ELLIPTIC_CURVES 10 00362 #define TLS_EXT_SUPPORTED_POINT_FORMATS 11 00363 00364 #define TLS_EXT_SIG_ALG 13 00365 00366 #define TLS_EXT_ALPN 16 00367 00368 #define TLS_EXT_SESSION_TICKET 35 00369 00370 #define TLS_EXT_RENEGOTIATION_INFO 0xFF01 00371 00372 /* 00373 * TLS extension flags (for extensions with outgoing ServerHello content 00374 * that need it (e.g. for RENEGOTIATION_INFO the server already knows because 00375 * of state of the renegotiation flag, so no indicator is required) 00376 */ 00377 #define TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT (1 << 0) 00378 00379 /* 00380 * Size defines 00381 */ 00382 #if !defined(POLARSSL_MPI_MAX_SIZE) 00383 #define POLARSSL_PREMASTER_SIZE 512 00384 #else 00385 #define POLARSSL_PREMASTER_SIZE POLARSSL_MPI_MAX_SIZE 00386 #endif 00387 00388 #ifdef __cplusplus 00389 extern "C" { 00390 #endif 00391 00392 /* 00393 * Generic function pointers for allowing external RSA private key 00394 * implementations. 00395 */ 00396 typedef int (*rsa_decrypt_func)( void *ctx, int mode, size_t *olen, 00397 const unsigned char *input, unsigned char *output, 00398 size_t output_max_len ); 00399 typedef int (*rsa_sign_func)( void *ctx, 00400 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, 00401 int mode, md_type_t md_alg, unsigned int hashlen, 00402 const unsigned char *hash, unsigned char *sig ); 00403 typedef size_t (*rsa_key_len_func)( void *ctx ); 00404 00405 /* 00406 * SSL state machine 00407 */ 00408 typedef enum 00409 { 00410 SSL_HELLO_REQUEST, 00411 SSL_CLIENT_HELLO, 00412 SSL_SERVER_HELLO, 00413 SSL_SERVER_CERTIFICATE, 00414 SSL_SERVER_KEY_EXCHANGE, 00415 SSL_CERTIFICATE_REQUEST, 00416 SSL_SERVER_HELLO_DONE, 00417 SSL_CLIENT_CERTIFICATE, 00418 SSL_CLIENT_KEY_EXCHANGE, 00419 SSL_CERTIFICATE_VERIFY, 00420 SSL_CLIENT_CHANGE_CIPHER_SPEC, 00421 SSL_CLIENT_FINISHED, 00422 SSL_SERVER_CHANGE_CIPHER_SPEC, 00423 SSL_SERVER_FINISHED, 00424 SSL_FLUSH_BUFFERS, 00425 SSL_HANDSHAKE_WRAPUP, 00426 SSL_HANDSHAKE_OVER, 00427 SSL_SERVER_NEW_SESSION_TICKET, 00428 } 00429 ssl_states; 00430 00431 typedef struct _ssl_session ssl_session; 00432 typedef struct _ssl_context ssl_context; 00433 typedef struct _ssl_transform ssl_transform; 00434 typedef struct _ssl_handshake_params ssl_handshake_params; 00435 #if defined(POLARSSL_SSL_SESSION_TICKETS) 00436 typedef struct _ssl_ticket_keys ssl_ticket_keys; 00437 #endif 00438 #if defined(POLARSSL_X509_CRT_PARSE_C) 00439 typedef struct _ssl_key_cert ssl_key_cert; 00440 #endif 00441 00442 /* 00443 * This structure is used for storing current session data. 00444 */ 00445 struct _ssl_session 00446 { 00447 #if defined(POLARSSL_HAVE_TIME) 00448 time_t start; /*!< starting time */ 00449 #endif 00450 int ciphersuite; /*!< chosen ciphersuite */ 00451 int compression; /*!< chosen compression */ 00452 size_t length; /*!< session id length */ 00453 unsigned char id[32]; /*!< session identifier */ 00454 unsigned char master[48]; /*!< the master secret */ 00455 00456 #if defined(POLARSSL_X509_CRT_PARSE_C) 00457 x509_crt *peer_cert; /*!< peer X.509 cert chain */ 00458 #endif /* POLARSSL_X509_CRT_PARSE_C */ 00459 int verify_result; /*!< verification result */ 00460 00461 #if defined(POLARSSL_SSL_SESSION_TICKETS) 00462 unsigned char *ticket; /*!< RFC 5077 session ticket */ 00463 size_t ticket_len; /*!< session ticket length */ 00464 uint32_t ticket_lifetime; /*!< ticket lifetime hint */ 00465 #endif /* POLARSSL_SSL_SESSION_TICKETS */ 00466 00467 #if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH) 00468 unsigned char mfl_code; /*!< MaxFragmentLength negotiated by peer */ 00469 #endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */ 00470 00471 #if defined(POLARSSL_SSL_TRUNCATED_HMAC) 00472 int trunc_hmac; /*!< flag for truncated hmac activation */ 00473 #endif /* POLARSSL_SSL_TRUNCATED_HMAC */ 00474 }; 00475 00476 /* 00477 * This structure contains a full set of runtime transform parameters 00478 * either in negotiation or active. 00479 */ 00480 struct _ssl_transform 00481 { 00482 /* 00483 * Session specific crypto layer 00484 */ 00485 const ssl_ciphersuite_t *ciphersuite_info; 00486 /*!< Chosen cipersuite_info */ 00487 unsigned int keylen; /*!< symmetric key length */ 00488 size_t minlen; /*!< min. ciphertext length */ 00489 size_t ivlen; /*!< IV length */ 00490 size_t fixed_ivlen; /*!< Fixed part of IV (AEAD) */ 00491 size_t maclen; /*!< MAC length */ 00492 00493 unsigned char iv_enc[16]; /*!< IV (encryption) */ 00494 unsigned char iv_dec[16]; /*!< IV (decryption) */ 00495 00496 #if defined(POLARSSL_SSL_PROTO_SSL3) 00497 /* Needed only for SSL v3.0 secret */ 00498 unsigned char mac_enc[48]; /*!< SSL v3.0 secret (enc) */ 00499 unsigned char mac_dec[48]; /*!< SSL v3.0 secret (dec) */ 00500 #endif /* POLARSSL_SSL_PROTO_SSL3 */ 00501 00502 md_context_t md_ctx_enc; /*!< MAC (encryption) */ 00503 md_context_t md_ctx_dec; /*!< MAC (decryption) */ 00504 00505 cipher_context_t cipher_ctx_enc; /*!< encryption context */ 00506 cipher_context_t cipher_ctx_dec; /*!< decryption context */ 00507 00508 /* 00509 * Session specific compression layer 00510 */ 00511 #if defined(POLARSSL_ZLIB_SUPPORT) 00512 z_stream ctx_deflate; /*!< compression context */ 00513 z_stream ctx_inflate; /*!< decompression context */ 00514 #endif 00515 }; 00516 00517 /* 00518 * This structure contains the parameters only needed during handshake. 00519 */ 00520 struct _ssl_handshake_params 00521 { 00522 /* 00523 * Handshake specific crypto variables 00524 */ 00525 int sig_alg; /*!< Signature algorithm */ 00526 int cert_type; /*!< Requested cert type */ 00527 int verify_sig_alg; /*!< Signature algorithm for verify */ 00528 #if defined(POLARSSL_DHM_C) 00529 dhm_context dhm_ctx; /*!< DHM key exchange */ 00530 #endif 00531 #if defined(POLARSSL_ECDH_C) 00532 ecdh_context ecdh_ctx; /*!< ECDH key exchange */ 00533 #endif 00534 #if defined(POLARSSL_ECDH_C) || defined(POLARSSL_ECDSA_C) 00535 const ecp_curve_info **curves; /*!< Supported elliptic curves */ 00536 #endif 00537 #if defined(POLARSSL_X509_CRT_PARSE_C) 00538 /** 00539 * Current key/cert or key/cert list. 00540 * On client: pointer to ssl->key_cert, only the first entry used. 00541 * On server: starts as a pointer to ssl->key_cert, then becomes 00542 * a pointer to the chosen key from this list or the SNI list. 00543 */ 00544 ssl_key_cert *key_cert; 00545 #if defined(POLARSSL_SSL_SERVER_NAME_INDICATION) 00546 ssl_key_cert *sni_key_cert; /*!< key/cert list from SNI */ 00547 #endif 00548 #endif /* POLARSSL_X509_CRT_PARSE_C */ 00549 00550 /* 00551 * Checksum contexts 00552 */ 00553 #if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1) || \ 00554 defined(POLARSSL_SSL_PROTO_TLS1_1) 00555 md5_context fin_md5; 00556 sha1_context fin_sha1; 00557 #endif 00558 #if defined(POLARSSL_SSL_PROTO_TLS1_2) 00559 #if defined(POLARSSL_SHA256_C) 00560 sha256_context fin_sha256; 00561 #endif 00562 #if defined(POLARSSL_SHA512_C) 00563 sha512_context fin_sha512; 00564 #endif 00565 #endif /* POLARSSL_SSL_PROTO_TLS1_2 */ 00566 00567 void (*update_checksum)(ssl_context *, const unsigned char *, size_t); 00568 void (*calc_verify)(ssl_context *, unsigned char *); 00569 void (*calc_finished)(ssl_context *, unsigned char *, int); 00570 int (*tls_prf)(const unsigned char *, size_t, const char *, 00571 const unsigned char *, size_t, 00572 unsigned char *, size_t); 00573 00574 size_t pmslen; /*!< premaster length */ 00575 00576 unsigned char randbytes[64]; /*!< random bytes */ 00577 unsigned char premaster[POLARSSL_PREMASTER_SIZE]; 00578 /*!< premaster secret */ 00579 00580 int resume; /*!< session resume indicator*/ 00581 int max_major_ver; /*!< max. major version client*/ 00582 int max_minor_ver; /*!< max. minor version client*/ 00583 int cli_exts; /*!< client extension presence*/ 00584 00585 #if defined(POLARSSL_SSL_SESSION_TICKETS) 00586 int new_session_ticket; /*!< use NewSessionTicket? */ 00587 #endif /* POLARSSL_SSL_SESSION_TICKETS */ 00588 }; 00589 00590 #if defined(POLARSSL_SSL_SESSION_TICKETS) 00591 /* 00592 * Parameters needed to secure session tickets 00593 */ 00594 struct _ssl_ticket_keys 00595 { 00596 unsigned char key_name[16]; /*!< name to quickly discard bad tickets */ 00597 aes_context enc; /*!< encryption context */ 00598 aes_context dec; /*!< decryption context */ 00599 unsigned char mac_key[16]; /*!< authentication key */ 00600 }; 00601 #endif /* POLARSSL_SSL_SESSION_TICKETS */ 00602 00603 #if defined(POLARSSL_X509_CRT_PARSE_C) 00604 /* 00605 * List of certificate + private key pairs 00606 */ 00607 struct _ssl_key_cert 00608 { 00609 x509_crt *cert; /*!< cert */ 00610 pk_context *key; /*!< private key */ 00611 int key_own_alloc; /*!< did we allocate key? */ 00612 ssl_key_cert *next; /*!< next key/cert pair */ 00613 }; 00614 #endif /* POLARSSL_X509_CRT_PARSE_C */ 00615 00616 struct _ssl_context 00617 { 00618 /* 00619 * Miscellaneous 00620 */ 00621 int state; /*!< SSL handshake: current state */ 00622 int renegotiation; /*!< Initial or renegotiation */ 00623 00624 int major_ver; /*!< equal to SSL_MAJOR_VERSION_3 */ 00625 int minor_ver; /*!< either 0 (SSL3) or 1 (TLS1.0) */ 00626 00627 int max_major_ver; /*!< max. major version used */ 00628 int max_minor_ver; /*!< max. minor version used */ 00629 int min_major_ver; /*!< min. major version used */ 00630 int min_minor_ver; /*!< min. minor version used */ 00631 00632 /* 00633 * Callbacks (RNG, debug, I/O, verification) 00634 */ 00635 int (*f_rng)(void *, unsigned char *, size_t); 00636 void (*f_dbg)(void *, int, const char *); 00637 int (*f_recv)(void *, unsigned char *, size_t); 00638 int (*f_send)(void *, const unsigned char *, size_t); 00639 int (*f_get_cache)(void *, ssl_session *); 00640 int (*f_set_cache)(void *, const ssl_session *); 00641 00642 void *p_rng; /*!< context for the RNG function */ 00643 void *p_dbg; /*!< context for the debug function */ 00644 void *p_recv; /*!< context for reading operations */ 00645 void *p_send; /*!< context for writing operations */ 00646 void *p_get_cache; /*!< context for cache retrieval */ 00647 void *p_set_cache; /*!< context for cache store */ 00648 void *p_hw_data; /*!< context for HW acceleration */ 00649 00650 #if defined(POLARSSL_SSL_SERVER_NAME_INDICATION) 00651 int (*f_sni)(void *, ssl_context *, const unsigned char *, size_t); 00652 void *p_sni; /*!< context for SNI extension */ 00653 #endif 00654 00655 #if defined(POLARSSL_X509_CRT_PARSE_C) 00656 int (*f_vrfy)(void *, x509_crt *, int, int *); 00657 void *p_vrfy; /*!< context for verification */ 00658 #endif 00659 00660 #if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED) 00661 int (*f_psk)(void *, ssl_context *, const unsigned char *, size_t); 00662 void *p_psk; /*!< context for PSK retrieval */ 00663 #endif 00664 00665 /* 00666 * Session layer 00667 */ 00668 ssl_session *session_in; /*!< current session data (in) */ 00669 ssl_session *session_out; /*!< current session data (out) */ 00670 ssl_session *session; /*!< negotiated session data */ 00671 ssl_session *session_negotiate; /*!< session data in negotiation */ 00672 00673 ssl_handshake_params *handshake; /*!< params required only during 00674 the handshake process */ 00675 00676 /* 00677 * Record layer transformations 00678 */ 00679 ssl_transform *transform_in; /*!< current transform params (in) */ 00680 ssl_transform *transform_out; /*!< current transform params (in) */ 00681 ssl_transform *transform; /*!< negotiated transform params */ 00682 ssl_transform *transform_negotiate; /*!< transform params in negotiation */ 00683 00684 /* 00685 * Record layer (incoming data) 00686 */ 00687 unsigned char *in_ctr; /*!< 64-bit incoming message counter */ 00688 unsigned char *in_hdr; /*!< 5-byte record header (in_ctr+8) */ 00689 unsigned char *in_iv; /*!< ivlen-byte IV (in_hdr+5) */ 00690 unsigned char *in_msg; /*!< message contents (in_iv+ivlen) */ 00691 unsigned char *in_offt; /*!< read offset in application data */ 00692 00693 int in_msgtype; /*!< record header: message type */ 00694 size_t in_msglen; /*!< record header: message length */ 00695 size_t in_left; /*!< amount of data read so far */ 00696 00697 size_t in_hslen; /*!< current handshake message length */ 00698 int nb_zero; /*!< # of 0-length encrypted messages */ 00699 int record_read; /*!< record is already present */ 00700 00701 /* 00702 * Record layer (outgoing data) 00703 */ 00704 unsigned char *out_ctr; /*!< 64-bit outgoing message counter */ 00705 unsigned char *out_hdr; /*!< 5-byte record header (out_ctr+8) */ 00706 unsigned char *out_iv; /*!< ivlen-byte IV (out_hdr+5) */ 00707 unsigned char *out_msg; /*!< message contents (out_iv+ivlen) */ 00708 00709 int out_msgtype; /*!< record header: message type */ 00710 size_t out_msglen; /*!< record header: message length */ 00711 size_t out_left; /*!< amount of data not yet written */ 00712 00713 #if defined(POLARSSL_ZLIB_SUPPORT) 00714 unsigned char *compress_buf; /*!< zlib data buffer */ 00715 #endif 00716 #if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH) 00717 unsigned char mfl_code; /*!< MaxFragmentLength chosen by us */ 00718 #endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */ 00719 00720 /* 00721 * PKI layer 00722 */ 00723 #if defined(POLARSSL_X509_CRT_PARSE_C) 00724 ssl_key_cert *key_cert; /*!< own certificate(s)/key(s) */ 00725 00726 x509_crt *ca_chain; /*!< own trusted CA chain */ 00727 x509_crl *ca_crl; /*!< trusted CA CRLs */ 00728 const char *peer_cn; /*!< expected peer CN */ 00729 #endif /* POLARSSL_X509_CRT_PARSE_C */ 00730 00731 /* 00732 * Support for generating and checking session tickets 00733 */ 00734 #if defined(POLARSSL_SSL_SESSION_TICKETS) 00735 ssl_ticket_keys *ticket_keys; /*!< keys for ticket encryption */ 00736 #endif /* POLARSSL_SSL_SESSION_TICKETS */ 00737 00738 /* 00739 * User settings 00740 */ 00741 int endpoint; /*!< 0: client, 1: server */ 00742 int authmode; /*!< verification mode */ 00743 int client_auth; /*!< flag for client auth. */ 00744 int verify_result; /*!< verification result */ 00745 int disable_renegotiation; /*!< enable/disable renegotiation */ 00746 int allow_legacy_renegotiation; /*!< allow legacy renegotiation */ 00747 const int *ciphersuite_list[4]; /*!< allowed ciphersuites / version */ 00748 #if defined(POLARSSL_SSL_SET_CURVES) 00749 const ecp_group_id *curve_list; /*!< allowed curves */ 00750 #endif 00751 #if defined(POLARSSL_SSL_TRUNCATED_HMAC) 00752 int trunc_hmac; /*!< negotiate truncated hmac? */ 00753 #endif 00754 #if defined(POLARSSL_SSL_SESSION_TICKETS) 00755 int session_tickets; /*!< use session tickets? */ 00756 int ticket_lifetime; /*!< session ticket lifetime */ 00757 #endif 00758 00759 #if defined(POLARSSL_DHM_C) 00760 mpi dhm_P; /*!< prime modulus for DHM */ 00761 mpi dhm_G; /*!< generator for DHM */ 00762 #endif 00763 00764 #if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED) 00765 /* 00766 * PSK values 00767 */ 00768 unsigned char *psk; 00769 size_t psk_len; 00770 unsigned char *psk_identity; 00771 size_t psk_identity_len; 00772 #endif 00773 00774 #if defined(POLARSSL_SSL_SERVER_NAME_INDICATION) 00775 /* 00776 * SNI extension 00777 */ 00778 unsigned char *hostname; 00779 size_t hostname_len; 00780 #endif 00781 00782 #if defined(POLARSSL_SSL_ALPN) 00783 /* 00784 * ALPN extension 00785 */ 00786 const char **alpn_list; /*!< ordered list of supported protocols */ 00787 const char *alpn_chosen; /*!< negotiated protocol */ 00788 #endif 00789 00790 /* 00791 * Secure renegotiation 00792 */ 00793 int secure_renegotiation; /*!< does peer support legacy or 00794 secure renegotiation */ 00795 size_t verify_data_len; /*!< length of verify data stored */ 00796 char own_verify_data[36]; /*!< previous handshake verify data */ 00797 char peer_verify_data[36]; /*!< previous handshake verify data */ 00798 }; 00799 00800 #if defined(POLARSSL_SSL_HW_RECORD_ACCEL) 00801 00802 #define SSL_CHANNEL_OUTBOUND 0 00803 #define SSL_CHANNEL_INBOUND 1 00804 00805 extern int (*ssl_hw_record_init)(ssl_context *ssl, 00806 const unsigned char *key_enc, const unsigned char *key_dec, 00807 size_t keylen, 00808 const unsigned char *iv_enc, const unsigned char *iv_dec, 00809 size_t ivlen, 00810 const unsigned char *mac_enc, const unsigned char *mac_dec, 00811 size_t maclen); 00812 extern int (*ssl_hw_record_activate)(ssl_context *ssl, int direction); 00813 extern int (*ssl_hw_record_reset)(ssl_context *ssl); 00814 extern int (*ssl_hw_record_write)(ssl_context *ssl); 00815 extern int (*ssl_hw_record_read)(ssl_context *ssl); 00816 extern int (*ssl_hw_record_finish)(ssl_context *ssl); 00817 #endif /* POLARSSL_SSL_HW_RECORD_ACCEL */ 00818 00819 /** 00820 * \brief Returns the list of ciphersuites supported by the SSL/TLS module. 00821 * 00822 * \return a statically allocated array of ciphersuites, the last 00823 * entry is 0. 00824 */ 00825 const int *ssl_list_ciphersuites( void ); 00826 00827 /** 00828 * \brief Return the name of the ciphersuite associated with the 00829 * given ID 00830 * 00831 * \param ciphersuite_id SSL ciphersuite ID 00832 * 00833 * \return a string containing the ciphersuite name 00834 */ 00835 const char *ssl_get_ciphersuite_name( const int ciphersuite_id ); 00836 00837 /** 00838 * \brief Return the ID of the ciphersuite associated with the 00839 * given name 00840 * 00841 * \param ciphersuite_name SSL ciphersuite name 00842 * 00843 * \return the ID with the ciphersuite or 0 if not found 00844 */ 00845 int ssl_get_ciphersuite_id( const char *ciphersuite_name ); 00846 00847 /** 00848 * \brief Initialize an SSL context 00849 * (An individual SSL context is not thread-safe) 00850 * 00851 * \param ssl SSL context 00852 * 00853 * \return 0 if successful, or POLARSSL_ERR_SSL_MALLOC_FAILED if 00854 * memory allocation failed 00855 */ 00856 int ssl_init( ssl_context *ssl ); 00857 00858 /** 00859 * \brief Reset an already initialized SSL context for re-use 00860 * while retaining application-set variables, function 00861 * pointers and data. 00862 * 00863 * \param ssl SSL context 00864 * \return 0 if successful, or POLASSL_ERR_SSL_MALLOC_FAILED, 00865 POLARSSL_ERR_SSL_HW_ACCEL_FAILED or 00866 * POLARSSL_ERR_SSL_COMPRESSION_FAILED 00867 */ 00868 int ssl_session_reset( ssl_context *ssl ); 00869 00870 /** 00871 * \brief Set the current endpoint type 00872 * 00873 * \param ssl SSL context 00874 * \param endpoint must be SSL_IS_CLIENT or SSL_IS_SERVER 00875 * 00876 * \note This function should be called right after ssl_init() since 00877 * some other ssl_set_foo() functions depend on it. 00878 */ 00879 void ssl_set_endpoint( ssl_context *ssl, int endpoint ); 00880 00881 /** 00882 * \brief Set the certificate verification mode 00883 * 00884 * \param ssl SSL context 00885 * \param authmode can be: 00886 * 00887 * SSL_VERIFY_NONE: peer certificate is not checked (default), 00888 * this is insecure and SHOULD be avoided. 00889 * 00890 * SSL_VERIFY_OPTIONAL: peer certificate is checked, however the 00891 * handshake continues even if verification failed; 00892 * ssl_get_verify_result() can be called after the 00893 * handshake is complete. 00894 * 00895 * SSL_VERIFY_REQUIRED: peer *must* present a valid certificate, 00896 * handshake is aborted if verification failed. 00897 * 00898 * \note On client, SSL_VERIFY_REQUIRED is the recommended mode. 00899 * With SSL_VERIFY_OPTIONAL, the user needs to call ssl_get_verify_result() at 00900 * the right time(s), which may not be obvious, while REQUIRED always perform 00901 * the verification as soon as possible. For example, REQUIRED was protecting 00902 * against the "triple handshake" attack even before it was found. 00903 */ 00904 void ssl_set_authmode( ssl_context *ssl, int authmode ); 00905 00906 #if defined(POLARSSL_X509_CRT_PARSE_C) 00907 /** 00908 * \brief Set the verification callback (Optional). 00909 * 00910 * If set, the verify callback is called for each 00911 * certificate in the chain. For implementation 00912 * information, please see \c x509parse_verify() 00913 * 00914 * \param ssl SSL context 00915 * \param f_vrfy verification function 00916 * \param p_vrfy verification parameter 00917 */ 00918 void ssl_set_verify( ssl_context *ssl, 00919 int (*f_vrfy)(void *, x509_crt *, int, int *), 00920 void *p_vrfy ); 00921 #endif /* POLARSSL_X509_CRT_PARSE_C */ 00922 00923 /** 00924 * \brief Set the random number generator callback 00925 * 00926 * \param ssl SSL context 00927 * \param f_rng RNG function 00928 * \param p_rng RNG parameter 00929 */ 00930 void ssl_set_rng( ssl_context *ssl, 00931 int (*f_rng)(void *, unsigned char *, size_t), 00932 void *p_rng ); 00933 00934 /** 00935 * \brief Set the debug callback 00936 * 00937 * \param ssl SSL context 00938 * \param f_dbg debug function 00939 * \param p_dbg debug parameter 00940 */ 00941 void ssl_set_dbg( ssl_context *ssl, 00942 void (*f_dbg)(void *, int, const char *), 00943 void *p_dbg ); 00944 00945 /** 00946 * \brief Set the underlying BIO read and write callbacks 00947 * 00948 * \param ssl SSL context 00949 * \param f_recv read callback 00950 * \param p_recv read parameter 00951 * \param f_send write callback 00952 * \param p_send write parameter 00953 */ 00954 void ssl_set_bio( ssl_context *ssl, 00955 int (*f_recv)(void *, unsigned char *, size_t), void *p_recv, 00956 int (*f_send)(void *, const unsigned char *, size_t), void *p_send ); 00957 00958 /** 00959 * \brief Set the session cache callbacks (server-side only) 00960 * If not set, no session resuming is done. 00961 * 00962 * The session cache has the responsibility to check for stale 00963 * entries based on timeout. See RFC 5246 for recommendations. 00964 * 00965 * Warning: session.peer_cert is cleared by the SSL/TLS layer on 00966 * connection shutdown, so do not cache the pointer! Either set 00967 * it to NULL or make a full copy of the certificate. 00968 * 00969 * The get callback is called once during the initial handshake 00970 * to enable session resuming. The get function has the 00971 * following parameters: (void *parameter, ssl_session *session) 00972 * If a valid entry is found, it should fill the master of 00973 * the session object with the cached values and return 0, 00974 * return 1 otherwise. Optionally peer_cert can be set as well 00975 * if it is properly present in cache entry. 00976 * 00977 * The set callback is called once during the initial handshake 00978 * to enable session resuming after the entire handshake has 00979 * been finished. The set function has the following parameters: 00980 * (void *parameter, const ssl_session *session). The function 00981 * should create a cache entry for future retrieval based on 00982 * the data in the session structure and should keep in mind 00983 * that the ssl_session object presented (and all its referenced 00984 * data) is cleared by the SSL/TLS layer when the connection is 00985 * terminated. It is recommended to add metadata to determine if 00986 * an entry is still valid in the future. Return 0 if 00987 * successfully cached, return 1 otherwise. 00988 * 00989 * \param ssl SSL context 00990 * \param f_get_cache session get callback 00991 * \param p_get_cache session get parameter 00992 * \param f_set_cache session set callback 00993 * \param p_set_cache session set parameter 00994 */ 00995 void ssl_set_session_cache( ssl_context *ssl, 00996 int (*f_get_cache)(void *, ssl_session *), void *p_get_cache, 00997 int (*f_set_cache)(void *, const ssl_session *), void *p_set_cache ); 00998 00999 /** 01000 * \brief Request resumption of session (client-side only) 01001 * Session data is copied from presented session structure. 01002 * 01003 * \param ssl SSL context 01004 * \param session session context 01005 * 01006 * \return 0 if successful, 01007 * POLARSSL_ERR_SSL_MALLOC_FAILED if memory allocation failed, 01008 * POLARSSL_ERR_SSL_BAD_INPUT_DATA if used server-side or 01009 * arguments are otherwise invalid 01010 * 01011 * \sa ssl_get_session() 01012 */ 01013 int ssl_set_session( ssl_context *ssl, const ssl_session *session ); 01014 01015 /** 01016 * \brief Set the list of allowed ciphersuites and the preference 01017 * order. First in the list has the highest preference. 01018 * (Overrides all version specific lists) 01019 * 01020 * Note: The PolarSSL SSL server uses its own preferences 01021 * over the preference of the connection SSL client unless 01022 * POLARSSL_SSL_SRV_RESPECT_CLIENT_PREFERENCE is defined! 01023 * 01024 * \param ssl SSL context 01025 * \param ciphersuites 0-terminated list of allowed ciphersuites 01026 */ 01027 void ssl_set_ciphersuites( ssl_context *ssl, const int *ciphersuites ); 01028 01029 /** 01030 * \brief Set the list of allowed ciphersuites and the 01031 * preference order for a specific version of the protocol. 01032 * (Only useful on the server side) 01033 * 01034 * \param ssl SSL context 01035 * \param ciphersuites 0-terminated list of allowed ciphersuites 01036 * \param major Major version number (only SSL_MAJOR_VERSION_3 01037 * supported) 01038 * \param minor Minor version number (SSL_MINOR_VERSION_0, 01039 * SSL_MINOR_VERSION_1 and SSL_MINOR_VERSION_2, 01040 * SSL_MINOR_VERSION_3 supported) 01041 */ 01042 void ssl_set_ciphersuites_for_version( ssl_context *ssl, 01043 const int *ciphersuites, 01044 int major, int minor ); 01045 01046 #if defined(POLARSSL_X509_CRT_PARSE_C) 01047 /** 01048 * \brief Set the data required to verify peer certificate 01049 * 01050 * \param ssl SSL context 01051 * \param ca_chain trusted CA chain (meaning all fully trusted top-level CAs) 01052 * \param ca_crl trusted CA CRLs 01053 * \param peer_cn expected peer CommonName (or NULL) 01054 */ 01055 void ssl_set_ca_chain( ssl_context *ssl, x509_crt *ca_chain, 01056 x509_crl *ca_crl, const char *peer_cn ); 01057 01058 /** 01059 * \brief Set own certificate chain and private key 01060 * 01061 * \note own_cert should contain in order from the bottom up your 01062 * certificate chain. The top certificate (self-signed) 01063 * can be omitted. 01064 * 01065 * \note This function may be called more than once if you want to 01066 * support multiple certificates (eg, one using RSA and one 01067 * using ECDSA). However, on client, currently only the first 01068 * certificate is used (subsequent calls have no effect). 01069 * 01070 * \param ssl SSL context 01071 * \param own_cert own public certificate chain 01072 * \param pk_key own private key 01073 * 01074 * \return 0 on success or POLARSSL_ERR_SSL_MALLOC_FAILED 01075 */ 01076 int ssl_set_own_cert( ssl_context *ssl, x509_crt *own_cert, 01077 pk_context *pk_key ); 01078 01079 #if defined(POLARSSL_RSA_C) 01080 /** 01081 * \brief Set own certificate chain and private RSA key 01082 * 01083 * Note: own_cert should contain IN order from the bottom 01084 * up your certificate chain. The top certificate (self-signed) 01085 * can be omitted. 01086 * 01087 * \warning This backwards-compatibility function is deprecated! 01088 * Please use \c ssl_set_own_cert() instead. 01089 * 01090 * \param ssl SSL context 01091 * \param own_cert own public certificate chain 01092 * \param rsa_key own private RSA key 01093 * 01094 * \return 0 on success, or a specific error code. 01095 */ 01096 int ssl_set_own_cert_rsa( ssl_context *ssl, x509_crt *own_cert, 01097 rsa_context *rsa_key ); 01098 #endif /* POLARSSL_RSA_C */ 01099 01100 /** 01101 * \brief Set own certificate and alternate non-PolarSSL RSA private 01102 * key and handling callbacks, such as the PKCS#11 wrappers 01103 * or any other external private key handler. 01104 * (see the respective RSA functions in rsa.h for documentation 01105 * of the callback parameters, with the only change being 01106 * that the rsa_context * is a void * in the callbacks) 01107 * 01108 * Note: own_cert should contain IN order from the bottom 01109 * up your certificate chain. The top certificate (self-signed) 01110 * can be omitted. 01111 * 01112 * \warning This backwards-compatibility function is deprecated! 01113 * Please use \c pk_init_ctx_rsa_alt() 01114 * and \c ssl_set_own_cert() instead. 01115 * 01116 * \param ssl SSL context 01117 * \param own_cert own public certificate chain 01118 * \param rsa_key alternate implementation private RSA key 01119 * \param rsa_decrypt alternate implementation of \c rsa_pkcs1_decrypt() 01120 * \param rsa_sign alternate implementation of \c rsa_pkcs1_sign() 01121 * \param rsa_key_len function returning length of RSA key in bytes 01122 * 01123 * \return 0 on success, or a specific error code. 01124 */ 01125 int ssl_set_own_cert_alt( ssl_context *ssl, x509_crt *own_cert, 01126 void *rsa_key, 01127 rsa_decrypt_func rsa_decrypt, 01128 rsa_sign_func rsa_sign, 01129 rsa_key_len_func rsa_key_len ); 01130 #endif /* POLARSSL_X509_CRT_PARSE_C */ 01131 01132 #if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED) 01133 /** 01134 * \brief Set the Pre Shared Key (PSK) and the identity name connected 01135 * to it. 01136 * 01137 * \param ssl SSL context 01138 * \param psk pointer to the pre-shared key 01139 * \param psk_len pre-shared key length 01140 * \param psk_identity pointer to the pre-shared key identity 01141 * \param psk_identity_len identity key length 01142 * 01143 * \return 0 if successful or POLARSSL_ERR_SSL_MALLOC_FAILED 01144 */ 01145 int ssl_set_psk( ssl_context *ssl, const unsigned char *psk, size_t psk_len, 01146 const unsigned char *psk_identity, size_t psk_identity_len ); 01147 01148 /** 01149 * \brief Set the PSK callback (server-side only) (Optional). 01150 * 01151 * If set, the PSK callback is called for each 01152 * handshake where a PSK ciphersuite was negotiated. 01153 * The caller provides the identity received and wants to 01154 * receive the actual PSK data and length. 01155 * 01156 * The callback has the following parameters: (void *parameter, 01157 * ssl_context *ssl, const unsigned char *psk_identity, 01158 * size_t identity_len) 01159 * If a valid PSK identity is found, the callback should use 01160 * ssl_set_psk() on the ssl context to set the correct PSK and 01161 * identity and return 0. 01162 * Any other return value will result in a denied PSK identity. 01163 * 01164 * \param ssl SSL context 01165 * \param f_psk PSK identity function 01166 * \param p_psk PSK identity parameter 01167 */ 01168 void ssl_set_psk_cb( ssl_context *ssl, 01169 int (*f_psk)(void *, ssl_context *, const unsigned char *, 01170 size_t), 01171 void *p_psk ); 01172 #endif /* POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED */ 01173 01174 #if defined(POLARSSL_DHM_C) 01175 /** 01176 * \brief Set the Diffie-Hellman public P and G values, 01177 * read as hexadecimal strings (server-side only) 01178 * (Default: POLARSSL_DHM_RFC5114_MODP_1024_[PG]) 01179 * 01180 * \param ssl SSL context 01181 * \param dhm_P Diffie-Hellman-Merkle modulus 01182 * \param dhm_G Diffie-Hellman-Merkle generator 01183 * 01184 * \return 0 if successful 01185 */ 01186 int ssl_set_dh_param( ssl_context *ssl, const char *dhm_P, const char *dhm_G ); 01187 01188 /** 01189 * \brief Set the Diffie-Hellman public P and G values, 01190 * read from existing context (server-side only) 01191 * 01192 * \param ssl SSL context 01193 * \param dhm_ctx Diffie-Hellman-Merkle context 01194 * 01195 * \return 0 if successful 01196 */ 01197 int ssl_set_dh_param_ctx( ssl_context *ssl, dhm_context *dhm_ctx ); 01198 #endif /* POLARSSL_DHM_C */ 01199 01200 #if defined(POLARSSL_SSL_SET_CURVES) 01201 /** 01202 * \brief Set the allowed curves in order of preference. 01203 * (Default: all defined curves.) 01204 * 01205 * On server: this only affects selection of the ECDHE curve; 01206 * the curves used for ECDH and ECDSA are determined by the 01207 * list of available certificates instead. 01208 * 01209 * On client: this affects the list of curves offered for any 01210 * use. The server can override our preference order. 01211 * 01212 * Both sides: limits the set of curves used by peer to the 01213 * listed curves for any use (ECDH(E), certificates). 01214 * 01215 * \param ssl SSL context 01216 * \param curves Ordered list of allowed curves, 01217 * terminated by POLARSSL_ECP_DP_NONE. 01218 */ 01219 void ssl_set_curves( ssl_context *ssl, const ecp_group_id *curves ); 01220 #endif /* POLARSSL_SSL_SET_CURVES */ 01221 01222 #if defined(POLARSSL_SSL_SERVER_NAME_INDICATION) 01223 /** 01224 * \brief Set hostname for ServerName TLS extension 01225 * (client-side only) 01226 * 01227 * 01228 * \param ssl SSL context 01229 * \param hostname the server hostname 01230 * 01231 * \return 0 if successful or POLARSSL_ERR_SSL_MALLOC_FAILED 01232 */ 01233 int ssl_set_hostname( ssl_context *ssl, const char *hostname ); 01234 01235 /** 01236 * \brief Set server side ServerName TLS extension callback 01237 * (optional, server-side only). 01238 * 01239 * If set, the ServerName callback is called whenever the 01240 * server receives a ServerName TLS extension from the client 01241 * during a handshake. The ServerName callback has the 01242 * following parameters: (void *parameter, ssl_context *ssl, 01243 * const unsigned char *hostname, size_t len). If a suitable 01244 * certificate is found, the callback should set the 01245 * certificate and key to use with ssl_set_own_cert() (and 01246 * possibly adjust the CA chain as well) and return 0. The 01247 * callback should return -1 to abort the handshake at this 01248 * point. 01249 * 01250 * \param ssl SSL context 01251 * \param f_sni verification function 01252 * \param p_sni verification parameter 01253 */ 01254 void ssl_set_sni( ssl_context *ssl, 01255 int (*f_sni)(void *, ssl_context *, const unsigned char *, 01256 size_t), 01257 void *p_sni ); 01258 #endif /* POLARSSL_SSL_SERVER_NAME_INDICATION */ 01259 01260 #if defined(POLARSSL_SSL_ALPN) 01261 /** 01262 * \brief Set the supported Application Layer Protocols. 01263 * 01264 * \param ssl SSL context 01265 * \param protos NULL-terminated list of supported protocols, 01266 * in decreasing preference order. 01267 * 01268 * \return 0 on success, or POLARSSL_ERR_SSL_BAD_INPUT_DATA. 01269 */ 01270 int ssl_set_alpn_protocols( ssl_context *ssl, const char **protos ); 01271 01272 /** 01273 * \brief Get the name of the negotiated Application Layer Protocol. 01274 * This function should be called after the handshake is 01275 * completed. 01276 * 01277 * \param ssl SSL context 01278 * 01279 * \return Protcol name, or NULL if no protocol was negotiated. 01280 */ 01281 const char *ssl_get_alpn_protocol( const ssl_context *ssl ); 01282 #endif /* POLARSSL_SSL_ALPN */ 01283 01284 /** 01285 * \brief Set the maximum supported version sent from the client side 01286 * and/or accepted at the server side 01287 * (Default: SSL_MAX_MAJOR_VERSION, SSL_MAX_MINOR_VERSION) 01288 * 01289 * Note: This ignores ciphersuites from 'higher' versions. 01290 * Note: Input outside of the SSL_MAX_XXXXX_VERSION and 01291 * SSL_MIN_XXXXX_VERSION range is ignored. 01292 * 01293 * \param ssl SSL context 01294 * \param major Major version number (only SSL_MAJOR_VERSION_3 supported) 01295 * \param minor Minor version number (SSL_MINOR_VERSION_0, 01296 * SSL_MINOR_VERSION_1 and SSL_MINOR_VERSION_2, 01297 * SSL_MINOR_VERSION_3 supported) 01298 */ 01299 void ssl_set_max_version( ssl_context *ssl, int major, int minor ); 01300 01301 01302 /** 01303 * \brief Set the minimum accepted SSL/TLS protocol version 01304 * (Default: SSL_MIN_MAJOR_VERSION, SSL_MIN_MINOR_VERSION) 01305 * 01306 * Note: Input outside of the SSL_MAX_XXXXX_VERSION and 01307 * SSL_MIN_XXXXX_VERSION range is ignored. 01308 * 01309 * \param ssl SSL context 01310 * \param major Major version number (only SSL_MAJOR_VERSION_3 supported) 01311 * \param minor Minor version number (SSL_MINOR_VERSION_0, 01312 * SSL_MINOR_VERSION_1 and SSL_MINOR_VERSION_2, 01313 * SSL_MINOR_VERSION_3 supported) 01314 */ 01315 void ssl_set_min_version( ssl_context *ssl, int major, int minor ); 01316 01317 #if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH) 01318 /** 01319 * \brief Set the maximum fragment length to emit and/or negotiate 01320 * (Default: SSL_MAX_CONTENT_LEN, usually 2^14 bytes) 01321 * (Server: set maximum fragment length to emit, 01322 * usually negotiated by the client during handshake 01323 * (Client: set maximum fragment length to emit *and* 01324 * negotiate with the server during handshake) 01325 * 01326 * \param ssl SSL context 01327 * \param mfl_code Code for maximum fragment length (allowed values: 01328 * SSL_MAX_FRAG_LEN_512, SSL_MAX_FRAG_LEN_1024, 01329 * SSL_MAX_FRAG_LEN_2048, SSL_MAX_FRAG_LEN_4096) 01330 * 01331 * \return O if successful or POLARSSL_ERR_SSL_BAD_INPUT_DATA 01332 */ 01333 int ssl_set_max_frag_len( ssl_context *ssl, unsigned char mfl_code ); 01334 #endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */ 01335 01336 #if defined(POLARSSL_SSL_TRUNCATED_HMAC) 01337 /** 01338 * \brief Activate negotiation of truncated HMAC (Client only) 01339 * (Default: SSL_TRUNC_HMAC_ENABLED) 01340 * 01341 * \param ssl SSL context 01342 * \param truncate Enable or disable (SSL_TRUNC_HMAC_ENABLED or 01343 * SSL_TRUNC_HMAC_DISABLED) 01344 * 01345 * \return O if successful, 01346 * POLARSSL_ERR_SSL_BAD_INPUT_DATA if used server-side 01347 */ 01348 int ssl_set_truncated_hmac( ssl_context *ssl, int truncate ); 01349 #endif /* POLARSSL_SSL_TRUNCATED_HMAC */ 01350 01351 #if defined(POLARSSL_SSL_SESSION_TICKETS) 01352 /** 01353 * \brief Enable / Disable session tickets 01354 * (Default: SSL_SESSION_TICKETS_ENABLED on client, 01355 * SSL_SESSION_TICKETS_DISABLED on server) 01356 * 01357 * \note On server, ssl_set_rng() must be called before this function 01358 * to allow generating the ticket encryption and 01359 * authentication keys. 01360 * 01361 * \param ssl SSL context 01362 * \param use_tickets Enable or disable (SSL_SESSION_TICKETS_ENABLED or 01363 * SSL_SESSION_TICKETS_DISABLED) 01364 * 01365 * \return O if successful, 01366 * or a specific error code (server only). 01367 */ 01368 int ssl_set_session_tickets( ssl_context *ssl, int use_tickets ); 01369 01370 /** 01371 * \brief Set session ticket lifetime (server only) 01372 * (Default: SSL_DEFAULT_TICKET_LIFETIME (86400 secs / 1 day)) 01373 * 01374 * \param ssl SSL context 01375 * \param lifetime session ticket lifetime 01376 */ 01377 void ssl_set_session_ticket_lifetime( ssl_context *ssl, int lifetime ); 01378 #endif /* POLARSSL_SSL_SESSION_TICKETS */ 01379 01380 /** 01381 * \brief Enable / Disable renegotiation support for connection when 01382 * initiated by peer 01383 * (Default: SSL_RENEGOTIATION_DISABLED) 01384 * 01385 * Note: A server with support enabled is more vulnerable for a 01386 * resource DoS by a malicious client. You should enable this on 01387 * a client to enable server-initiated renegotiation. 01388 * 01389 * \param ssl SSL context 01390 * \param renegotiation Enable or disable (SSL_RENEGOTIATION_ENABLED or 01391 * SSL_RENEGOTIATION_DISABLED) 01392 */ 01393 void ssl_set_renegotiation( ssl_context *ssl, int renegotiation ); 01394 01395 /** 01396 * \brief Prevent or allow legacy renegotiation. 01397 * (Default: SSL_LEGACY_NO_RENEGOTIATION) 01398 * 01399 * SSL_LEGACY_NO_RENEGOTIATION allows connections to 01400 * be established even if the peer does not support 01401 * secure renegotiation, but does not allow renegotiation 01402 * to take place if not secure. 01403 * (Interoperable and secure option) 01404 * 01405 * SSL_LEGACY_ALLOW_RENEGOTIATION allows renegotiations 01406 * with non-upgraded peers. Allowing legacy renegotiation 01407 * makes the connection vulnerable to specific man in the 01408 * middle attacks. (See RFC 5746) 01409 * (Most interoperable and least secure option) 01410 * 01411 * SSL_LEGACY_BREAK_HANDSHAKE breaks off connections 01412 * if peer does not support secure renegotiation. Results 01413 * in interoperability issues with non-upgraded peers 01414 * that do not support renegotiation altogether. 01415 * (Most secure option, interoperability issues) 01416 * 01417 * \param ssl SSL context 01418 * \param allow_legacy Prevent or allow (SSL_NO_LEGACY_RENEGOTIATION, 01419 * SSL_ALLOW_LEGACY_RENEGOTIATION or 01420 * SSL_LEGACY_BREAK_HANDSHAKE) 01421 */ 01422 void ssl_legacy_renegotiation( ssl_context *ssl, int allow_legacy ); 01423 01424 /** 01425 * \brief Return the number of data bytes available to read 01426 * 01427 * \param ssl SSL context 01428 * 01429 * \return how many bytes are available in the read buffer 01430 */ 01431 size_t ssl_get_bytes_avail( const ssl_context *ssl ); 01432 01433 /** 01434 * \brief Return the result of the certificate verification 01435 * 01436 * \param ssl SSL context 01437 * 01438 * \return 0 if successful, or a combination of: 01439 * BADCERT_EXPIRED 01440 * BADCERT_REVOKED 01441 * BADCERT_CN_MISMATCH 01442 * BADCERT_NOT_TRUSTED 01443 */ 01444 int ssl_get_verify_result( const ssl_context *ssl ); 01445 01446 /** 01447 * \brief Return the name of the current ciphersuite 01448 * 01449 * \param ssl SSL context 01450 * 01451 * \return a string containing the ciphersuite name 01452 */ 01453 const char *ssl_get_ciphersuite( const ssl_context *ssl ); 01454 01455 /** 01456 * \brief Return the current SSL version (SSLv3/TLSv1/etc) 01457 * 01458 * \param ssl SSL context 01459 * 01460 * \return a string containing the SSL version 01461 */ 01462 const char *ssl_get_version( const ssl_context *ssl ); 01463 01464 #if defined(POLARSSL_X509_CRT_PARSE_C) 01465 /** 01466 * \brief Return the peer certificate from the current connection 01467 * 01468 * Note: Can be NULL in case no certificate was sent during 01469 * the handshake. Different calls for the same connection can 01470 * return the same or different pointers for the same 01471 * certificate and even a different certificate altogether. 01472 * The peer cert CAN change in a single connection if 01473 * renegotiation is performed. 01474 * 01475 * \param ssl SSL context 01476 * 01477 * \return the current peer certificate 01478 */ 01479 const x509_crt *ssl_get_peer_cert( const ssl_context *ssl ); 01480 #endif /* POLARSSL_X509_CRT_PARSE_C */ 01481 01482 /** 01483 * \brief Save session in order to resume it later (client-side only) 01484 * Session data is copied to presented session structure. 01485 * 01486 * \warning Currently, peer certificate is lost in the operation. 01487 * 01488 * \param ssl SSL context 01489 * \param session session context 01490 * 01491 * \return 0 if successful, 01492 * POLARSSL_ERR_SSL_MALLOC_FAILED if memory allocation failed, 01493 * POLARSSL_ERR_SSL_BAD_INPUT_DATA if used server-side or 01494 * arguments are otherwise invalid 01495 * 01496 * \sa ssl_set_session() 01497 */ 01498 int ssl_get_session( const ssl_context *ssl, ssl_session *session ); 01499 01500 /** 01501 * \brief Perform the SSL handshake 01502 * 01503 * \param ssl SSL context 01504 * 01505 * \return 0 if successful, POLARSSL_ERR_NET_WANT_READ, 01506 * POLARSSL_ERR_NET_WANT_WRITE, or a specific SSL error code. 01507 */ 01508 int ssl_handshake( ssl_context *ssl ); 01509 01510 /** 01511 * \brief Perform a single step of the SSL handshake 01512 * 01513 * Note: the state of the context (ssl->state) will be at 01514 * the following state after execution of this function. 01515 * Do not call this function if state is SSL_HANDSHAKE_OVER. 01516 * 01517 * \param ssl SSL context 01518 * 01519 * \return 0 if successful, POLARSSL_ERR_NET_WANT_READ, 01520 * POLARSSL_ERR_NET_WANT_WRITE, or a specific SSL error code. 01521 */ 01522 int ssl_handshake_step( ssl_context *ssl ); 01523 01524 /** 01525 * \brief Initiate an SSL renegotiation on the running connection. 01526 * Client: perform the renegotiation right now. 01527 * Server: request renegotiation, which will be performed 01528 * during the next call to ssl_read() if honored by client. 01529 * 01530 * \param ssl SSL context 01531 * 01532 * \return 0 if successful, or any ssl_handshake() return value. 01533 */ 01534 int ssl_renegotiate( ssl_context *ssl ); 01535 01536 /** 01537 * \brief Read at most 'len' application data bytes 01538 * 01539 * \param ssl SSL context 01540 * \param buf buffer that will hold the data 01541 * \param len how many bytes must be read 01542 * 01543 * \return This function returns the number of bytes read, 0 for EOF, 01544 * or a negative error code. 01545 */ 01546 int ssl_read( ssl_context *ssl, unsigned char *buf, size_t len ); 01547 01548 /** 01549 * \brief Write exactly 'len' application data bytes 01550 * 01551 * \param ssl SSL context 01552 * \param buf buffer holding the data 01553 * \param len how many bytes must be written 01554 * 01555 * \return This function returns the number of bytes written, 01556 * or a negative error code. 01557 * 01558 * \note When this function returns POLARSSL_ERR_NET_WANT_WRITE, 01559 * it must be called later with the *same* arguments, 01560 * until it returns a positive value. 01561 */ 01562 int ssl_write( ssl_context *ssl, const unsigned char *buf, size_t len ); 01563 01564 /** 01565 * \brief Send an alert message 01566 * 01567 * \param ssl SSL context 01568 * \param level The alert level of the message 01569 * (SSL_ALERT_LEVEL_WARNING or SSL_ALERT_LEVEL_FATAL) 01570 * \param message The alert message (SSL_ALERT_MSG_*) 01571 * 01572 * \return 0 if successful, or a specific SSL error code. 01573 */ 01574 int ssl_send_alert_message( ssl_context *ssl, 01575 unsigned char level, 01576 unsigned char message ); 01577 /** 01578 * \brief Notify the peer that the connection is being closed 01579 * 01580 * \param ssl SSL context 01581 */ 01582 int ssl_close_notify( ssl_context *ssl ); 01583 01584 /** 01585 * \brief Free referenced items in an SSL context and clear memory 01586 * 01587 * \param ssl SSL context 01588 */ 01589 void ssl_free( ssl_context *ssl ); 01590 01591 /** 01592 * \brief Free referenced items in an SSL session including the 01593 * peer certificate and clear memory 01594 * 01595 * \param session SSL session 01596 */ 01597 void ssl_session_free( ssl_session *session ); 01598 01599 /** 01600 * \brief Free referenced items in an SSL transform context and clear 01601 * memory 01602 * 01603 * \param transform SSL transform context 01604 */ 01605 void ssl_transform_free( ssl_transform *transform ); 01606 01607 /** 01608 * \brief Free referenced items in an SSL handshake context and clear 01609 * memory 01610 * 01611 * \param handshake SSL handshake context 01612 */ 01613 void ssl_handshake_free( ssl_handshake_params *handshake ); 01614 01615 /* 01616 * Internal functions (do not call directly) 01617 */ 01618 int ssl_handshake_client_step( ssl_context *ssl ); 01619 int ssl_handshake_server_step( ssl_context *ssl ); 01620 void ssl_handshake_wrapup( ssl_context *ssl ); 01621 01622 int ssl_send_fatal_handshake_failure( ssl_context *ssl ); 01623 01624 int ssl_derive_keys( ssl_context *ssl ); 01625 01626 int ssl_read_record ( ssl_context *ssl ); 01627 /** 01628 * \return 0 if successful, POLARSSL_ERR_SSL_CONN_EOF on EOF or 01629 * another negative error code. 01630 */ 01631 int ssl_fetch_input ( ssl_context *ssl, size_t nb_want ); 01632 01633 int ssl_write_record( ssl_context *ssl ); 01634 int ssl_flush_output( ssl_context *ssl ); 01635 01636 int ssl_parse_certificate( ssl_context *ssl ); 01637 int ssl_write_certificate( ssl_context *ssl ); 01638 01639 int ssl_parse_change_cipher_spec( ssl_context *ssl ); 01640 int ssl_write_change_cipher_spec( ssl_context *ssl ); 01641 01642 int ssl_parse_finished( ssl_context *ssl ); 01643 int ssl_write_finished( ssl_context *ssl ); 01644 01645 void ssl_optimize_checksum( ssl_context *ssl, 01646 const ssl_ciphersuite_t *ciphersuite_info ); 01647 01648 #if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED) 01649 int ssl_psk_derive_premaster( ssl_context *ssl, key_exchange_type_t key_ex ); 01650 #endif 01651 01652 #if defined(POLARSSL_PK_C) 01653 unsigned char ssl_sig_from_pk( pk_context *pk ); 01654 pk_type_t ssl_pk_alg_from_sig( unsigned char sig ); 01655 #endif 01656 01657 md_type_t ssl_md_alg_from_hash( unsigned char hash ); 01658 01659 #if defined(POLARSSL_SSL_SET_CURVES) 01660 int ssl_curve_is_acceptable( const ssl_context *ssl, ecp_group_id grp_id ); 01661 #endif 01662 01663 #if defined(POLARSSL_X509_CRT_PARSE_C) 01664 static inline pk_context *ssl_own_key( ssl_context *ssl ) 01665 { 01666 return( ssl->handshake->key_cert == NULL ? NULL 01667 : ssl->handshake->key_cert->key ); 01668 } 01669 01670 static inline x509_crt *ssl_own_cert( ssl_context *ssl ) 01671 { 01672 return( ssl->handshake->key_cert == NULL ? NULL 01673 : ssl->handshake->key_cert->cert ); 01674 } 01675 01676 /* 01677 * Check usage of a certificate wrt extensions: 01678 * keyUsage, extendedKeyUsage (later), and nSCertType (later). 01679 * 01680 * Warning: cert_endpoint is the endpoint of the cert (ie, of our peer when we 01681 * check a cert we received from them)! 01682 * 01683 * Return 0 if everything is OK, -1 if not. 01684 */ 01685 int ssl_check_cert_usage( const x509_crt *cert, 01686 const ssl_ciphersuite_t *ciphersuite, 01687 int cert_endpoint ); 01688 #endif /* POLARSSL_X509_CRT_PARSE_C */ 01689 01690 /* constant-time buffer comparison */ 01691 static inline int safer_memcmp( const void *a, const void *b, size_t n ) 01692 { 01693 size_t i; 01694 const unsigned char *A = (const unsigned char *) a; 01695 const unsigned char *B = (const unsigned char *) b; 01696 unsigned char diff = 0; 01697 01698 for( i = 0; i < n; i++ ) 01699 diff |= A[i] ^ B[i]; 01700 01701 return( diff ); 01702 } 01703 01704 #ifdef __cplusplus 01705 } 01706 #endif 01707 01708 #endif /* ssl.h */ 01709 01710
Generated on Tue Jul 12 2022 19:40:20 by
1.7.2