Doug Anson / mbedTLSLibrary

mbed TLS library

Dependents:   HTTPClient-SSL WS_SERVER

include/polarssl/ssl.h@0:137634ff4186, 2015-06-11 (annotated)

Committer:
ansond
Date:
Thu Jun 11 03:27:03 2015 +0000
Revision:
0:137634ff4186
initial commit

Who changed what in which revision?

UserRevisionLine numberNew contents of line
ansond 0:137634ff4186 1 /**
ansond 0:137634ff4186 2 * \file ssl.h
ansond 0:137634ff4186 3 *
ansond 0:137634ff4186 4 * \brief SSL/TLS functions.
ansond 0:137634ff4186 5 *
ansond 0:137634ff4186 6 * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
ansond 0:137634ff4186 7 *
ansond 0:137634ff4186 8 * This file is part of mbed TLS (https://tls.mbed.org)
ansond 0:137634ff4186 9 *
ansond 0:137634ff4186 10 * This program is free software; you can redistribute it and/or modify
ansond 0:137634ff4186 11 * it under the terms of the GNU General Public License as published by
ansond 0:137634ff4186 12 * the Free Software Foundation; either version 2 of the License, or
ansond 0:137634ff4186 13 * (at your option) any later version.
ansond 0:137634ff4186 14 *
ansond 0:137634ff4186 15 * This program is distributed in the hope that it will be useful,
ansond 0:137634ff4186 16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
ansond 0:137634ff4186 17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
ansond 0:137634ff4186 18 * GNU General Public License for more details.
ansond 0:137634ff4186 19 *
ansond 0:137634ff4186 20 * You should have received a copy of the GNU General Public License along
ansond 0:137634ff4186 21 * with this program; if not, write to the Free Software Foundation, Inc.,
ansond 0:137634ff4186 22 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
ansond 0:137634ff4186 23 */
ansond 0:137634ff4186 24 #ifndef POLARSSL_SSL_H
ansond 0:137634ff4186 25 #define POLARSSL_SSL_H
ansond 0:137634ff4186 26
ansond 0:137634ff4186 27 #if !defined(POLARSSL_CONFIG_FILE)
ansond 0:137634ff4186 28 #include "config.h"
ansond 0:137634ff4186 29 #else
ansond 0:137634ff4186 30 #include POLARSSL_CONFIG_FILE
ansond 0:137634ff4186 31 #endif
ansond 0:137634ff4186 32
ansond 0:137634ff4186 33 /* Temporary compatibility trick for the current stable branch */
ansond 0:137634ff4186 34 #if !defined(POLARSSL_SSL_DISABLE_RENEGOTIATION)
ansond 0:137634ff4186 35 #define POLARSSL_SSL_RENEGOTIATION
ansond 0:137634ff4186 36 #endif
ansond 0:137634ff4186 37
ansond 0:137634ff4186 38 #include "net.h"
ansond 0:137634ff4186 39 #include "bignum.h"
ansond 0:137634ff4186 40 #include "ecp.h"
ansond 0:137634ff4186 41
ansond 0:137634ff4186 42 #include "ssl_ciphersuites.h"
ansond 0:137634ff4186 43
ansond 0:137634ff4186 44 #if defined(POLARSSL_MD5_C)
ansond 0:137634ff4186 45 #include "md5.h"
ansond 0:137634ff4186 46 #endif
ansond 0:137634ff4186 47
ansond 0:137634ff4186 48 #if defined(POLARSSL_SHA1_C)
ansond 0:137634ff4186 49 #include "sha1.h"
ansond 0:137634ff4186 50 #endif
ansond 0:137634ff4186 51
ansond 0:137634ff4186 52 #if defined(POLARSSL_SHA256_C)
ansond 0:137634ff4186 53 #include "sha256.h"
ansond 0:137634ff4186 54 #endif
ansond 0:137634ff4186 55
ansond 0:137634ff4186 56 #if defined(POLARSSL_SHA512_C)
ansond 0:137634ff4186 57 #include "sha512.h"
ansond 0:137634ff4186 58 #endif
ansond 0:137634ff4186 59
ansond 0:137634ff4186 60 // for session tickets
ansond 0:137634ff4186 61 #if defined(POLARSSL_AES_C)
ansond 0:137634ff4186 62 #include "aes.h"
ansond 0:137634ff4186 63 #endif
ansond 0:137634ff4186 64
ansond 0:137634ff4186 65 #if defined(POLARSSL_X509_CRT_PARSE_C)
ansond 0:137634ff4186 66 #include "x509_crt.h"
ansond 0:137634ff4186 67 #include "x509_crl.h"
ansond 0:137634ff4186 68 #endif
ansond 0:137634ff4186 69
ansond 0:137634ff4186 70 #if defined(POLARSSL_DHM_C)
ansond 0:137634ff4186 71 #include "dhm.h"
ansond 0:137634ff4186 72 #endif
ansond 0:137634ff4186 73
ansond 0:137634ff4186 74 #if defined(POLARSSL_ECDH_C)
ansond 0:137634ff4186 75 #include "ecdh.h"
ansond 0:137634ff4186 76 #endif
ansond 0:137634ff4186 77
ansond 0:137634ff4186 78 #if defined(POLARSSL_ZLIB_SUPPORT)
ansond 0:137634ff4186 79 #include "zlib.h"
ansond 0:137634ff4186 80 #endif
ansond 0:137634ff4186 81
ansond 0:137634ff4186 82 #if defined(POLARSSL_HAVE_TIME)
ansond 0:137634ff4186 83 #include <time.h>
ansond 0:137634ff4186 84 #endif
ansond 0:137634ff4186 85
ansond 0:137634ff4186 86 /* For convenience below and in programs */
ansond 0:137634ff4186 87 #if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) || \
ansond 0:137634ff4186 88 defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
ansond 0:137634ff4186 89 defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
ansond 0:137634ff4186 90 defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
ansond 0:137634ff4186 91 #define POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED
ansond 0:137634ff4186 92 #endif
ansond 0:137634ff4186 93
ansond 0:137634ff4186 94 #if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
ansond 0:137634ff4186 95 defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
ansond 0:137634ff4186 96 defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
ansond 0:137634ff4186 97 #define POLARSSL_KEY_EXCHANGE__SOME__ECDHE_ENABLED
ansond 0:137634ff4186 98 #endif
ansond 0:137634ff4186 99
ansond 0:137634ff4186 100 #if defined(_MSC_VER) && !defined(inline)
ansond 0:137634ff4186 101 #define inline _inline
ansond 0:137634ff4186 102 #else
ansond 0:137634ff4186 103 #if defined(__ARMCC_VERSION) && !defined(inline)
ansond 0:137634ff4186 104 #define inline __inline
ansond 0:137634ff4186 105 #endif /* __ARMCC_VERSION */
ansond 0:137634ff4186 106 #endif /*_MSC_VER */
ansond 0:137634ff4186 107
ansond 0:137634ff4186 108 /*
ansond 0:137634ff4186 109 * SSL Error codes
ansond 0:137634ff4186 110 */
ansond 0:137634ff4186 111 #define POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE -0x7080 /**< The requested feature is not available. */
ansond 0:137634ff4186 112 #define POLARSSL_ERR_SSL_BAD_INPUT_DATA -0x7100 /**< Bad input parameters to function. */
ansond 0:137634ff4186 113 #define POLARSSL_ERR_SSL_INVALID_MAC -0x7180 /**< Verification of the message MAC failed. */
ansond 0:137634ff4186 114 #define POLARSSL_ERR_SSL_INVALID_RECORD -0x7200 /**< An invalid SSL record was received. */
ansond 0:137634ff4186 115 #define POLARSSL_ERR_SSL_CONN_EOF -0x7280 /**< The connection indicated an EOF. */
ansond 0:137634ff4186 116 #define POLARSSL_ERR_SSL_UNKNOWN_CIPHER -0x7300 /**< An unknown cipher was received. */
ansond 0:137634ff4186 117 #define POLARSSL_ERR_SSL_NO_CIPHER_CHOSEN -0x7380 /**< The server has no ciphersuites in common with the client. */
ansond 0:137634ff4186 118 #define POLARSSL_ERR_SSL_NO_RNG -0x7400 /**< No RNG was provided to the SSL module. */
ansond 0:137634ff4186 119 #define POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE -0x7480 /**< No client certification received from the client, but required by the authentication mode. */
ansond 0:137634ff4186 120 #define POLARSSL_ERR_SSL_CERTIFICATE_TOO_LARGE -0x7500 /**< Our own certificate(s) is/are too large to send in an SSL message. */
ansond 0:137634ff4186 121 #define POLARSSL_ERR_SSL_CERTIFICATE_REQUIRED -0x7580 /**< The own certificate is not set, but needed by the server. */
ansond 0:137634ff4186 122 #define POLARSSL_ERR_SSL_PRIVATE_KEY_REQUIRED -0x7600 /**< The own private key or pre-shared key is not set, but needed. */
ansond 0:137634ff4186 123 #define POLARSSL_ERR_SSL_CA_CHAIN_REQUIRED -0x7680 /**< No CA Chain is set, but required to operate. */
ansond 0:137634ff4186 124 #define POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE -0x7700 /**< An unexpected message was received from our peer. */
ansond 0:137634ff4186 125 #define POLARSSL_ERR_SSL_FATAL_ALERT_MESSAGE -0x7780 /**< A fatal alert message was received from our peer. */
ansond 0:137634ff4186 126 #define POLARSSL_ERR_SSL_PEER_VERIFY_FAILED -0x7800 /**< Verification of our peer failed. */
ansond 0:137634ff4186 127 #define POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY -0x7880 /**< The peer notified us that the connection is going to be closed. */
ansond 0:137634ff4186 128 #define POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO -0x7900 /**< Processing of the ClientHello handshake message failed. */
ansond 0:137634ff4186 129 #define POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO -0x7980 /**< Processing of the ServerHello handshake message failed. */
ansond 0:137634ff4186 130 #define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE -0x7A00 /**< Processing of the Certificate handshake message failed. */
ansond 0:137634ff4186 131 #define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST -0x7A80 /**< Processing of the CertificateRequest handshake message failed. */
ansond 0:137634ff4186 132 #define POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE -0x7B00 /**< Processing of the ServerKeyExchange handshake message failed. */
ansond 0:137634ff4186 133 #define POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO_DONE -0x7B80 /**< Processing of the ServerHelloDone handshake message failed. */
ansond 0:137634ff4186 134 #define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE -0x7C00 /**< Processing of the ClientKeyExchange handshake message failed. */
ansond 0:137634ff4186 135 #define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP -0x7C80 /**< Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Read Public. */
ansond 0:137634ff4186 136 #define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS -0x7D00 /**< Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Calculate Secret. */
ansond 0:137634ff4186 137 #define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY -0x7D80 /**< Processing of the CertificateVerify handshake message failed. */
ansond 0:137634ff4186 138 #define POLARSSL_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC -0x7E00 /**< Processing of the ChangeCipherSpec handshake message failed. */
ansond 0:137634ff4186 139 #define POLARSSL_ERR_SSL_BAD_HS_FINISHED -0x7E80 /**< Processing of the Finished handshake message failed. */
ansond 0:137634ff4186 140 #define POLARSSL_ERR_SSL_MALLOC_FAILED -0x7F00 /**< Memory allocation failed */
ansond 0:137634ff4186 141 #define POLARSSL_ERR_SSL_HW_ACCEL_FAILED -0x7F80 /**< Hardware acceleration function returned with error */
ansond 0:137634ff4186 142 #define POLARSSL_ERR_SSL_HW_ACCEL_FALLTHROUGH -0x6F80 /**< Hardware acceleration function skipped / left alone data */
ansond 0:137634ff4186 143 #define POLARSSL_ERR_SSL_COMPRESSION_FAILED -0x6F00 /**< Processing of the compression / decompression failed */
ansond 0:137634ff4186 144 #define POLARSSL_ERR_SSL_BAD_HS_PROTOCOL_VERSION -0x6E80 /**< Handshake protocol not within min/max boundaries */
ansond 0:137634ff4186 145 #define POLARSSL_ERR_SSL_BAD_HS_NEW_SESSION_TICKET -0x6E00 /**< Processing of the NewSessionTicket handshake message failed. */
ansond 0:137634ff4186 146 #define POLARSSL_ERR_SSL_SESSION_TICKET_EXPIRED -0x6D80 /**< Session ticket has expired. */
ansond 0:137634ff4186 147 #define POLARSSL_ERR_SSL_PK_TYPE_MISMATCH -0x6D00 /**< Public key type mismatch (eg, asked for RSA key exchange and presented EC key) */
ansond 0:137634ff4186 148 #define POLARSSL_ERR_SSL_UNKNOWN_IDENTITY -0x6C80 /**< Unknown identity received (eg, PSK identity) */
ansond 0:137634ff4186 149 #define POLARSSL_ERR_SSL_INTERNAL_ERROR -0x6C00 /**< Internal error (eg, unexpected failure in lower-level module) */
ansond 0:137634ff4186 150 #define POLARSSL_ERR_SSL_COUNTER_WRAPPING -0x6B80 /**< A counter would wrap (eg, too many messages exchanged). */
ansond 0:137634ff4186 151 #define POLARSSL_ERR_SSL_WAITING_SERVER_HELLO_RENEGO -0x6B00 /**< Unexpected message at ServerHello in renegotiation. */
ansond 0:137634ff4186 152 #define POLARSSL_ERR_SSL_NO_USABLE_CIPHERSUITE -0x6A80 /**< None of the common ciphersuites is usable (eg, no suitable certificate, see debug messages). */
ansond 0:137634ff4186 153
ansond 0:137634ff4186 154 /*
ansond 0:137634ff4186 155 * Various constants
ansond 0:137634ff4186 156 */
ansond 0:137634ff4186 157 #define SSL_MAJOR_VERSION_3 3
ansond 0:137634ff4186 158 #define SSL_MINOR_VERSION_0 0 /*!< SSL v3.0 */
ansond 0:137634ff4186 159 #define SSL_MINOR_VERSION_1 1 /*!< TLS v1.0 */
ansond 0:137634ff4186 160 #define SSL_MINOR_VERSION_2 2 /*!< TLS v1.1 */
ansond 0:137634ff4186 161 #define SSL_MINOR_VERSION_3 3 /*!< TLS v1.2 */
ansond 0:137634ff4186 162
ansond 0:137634ff4186 163 /* Determine minimum supported version */
ansond 0:137634ff4186 164 #define SSL_MIN_MAJOR_VERSION SSL_MAJOR_VERSION_3
ansond 0:137634ff4186 165
ansond 0:137634ff4186 166 #if defined(POLARSSL_SSL_PROTO_SSL3)
ansond 0:137634ff4186 167 #define SSL_MIN_MINOR_VERSION SSL_MINOR_VERSION_0
ansond 0:137634ff4186 168 #else
ansond 0:137634ff4186 169 #if defined(POLARSSL_SSL_PROTO_TLS1)
ansond 0:137634ff4186 170 #define SSL_MIN_MINOR_VERSION SSL_MINOR_VERSION_1
ansond 0:137634ff4186 171 #else
ansond 0:137634ff4186 172 #if defined(POLARSSL_SSL_PROTO_TLS1_1)
ansond 0:137634ff4186 173 #define SSL_MIN_MINOR_VERSION SSL_MINOR_VERSION_2
ansond 0:137634ff4186 174 #else
ansond 0:137634ff4186 175 #if defined(POLARSSL_SSL_PROTO_TLS1_2)
ansond 0:137634ff4186 176 #define SSL_MIN_MINOR_VERSION SSL_MINOR_VERSION_3
ansond 0:137634ff4186 177 #endif /* POLARSSL_SSL_PROTO_TLS1_2 */
ansond 0:137634ff4186 178 #endif /* POLARSSL_SSL_PROTO_TLS1_1 */
ansond 0:137634ff4186 179 #endif /* POLARSSL_SSL_PROTO_TLS1 */
ansond 0:137634ff4186 180 #endif /* POLARSSL_SSL_PROTO_SSL3 */
ansond 0:137634ff4186 181
ansond 0:137634ff4186 182 /* Determine maximum supported version */
ansond 0:137634ff4186 183 #define SSL_MAX_MAJOR_VERSION SSL_MAJOR_VERSION_3
ansond 0:137634ff4186 184
ansond 0:137634ff4186 185 #if defined(POLARSSL_SSL_PROTO_TLS1_2)
ansond 0:137634ff4186 186 #define SSL_MAX_MINOR_VERSION SSL_MINOR_VERSION_3
ansond 0:137634ff4186 187 #else
ansond 0:137634ff4186 188 #if defined(POLARSSL_SSL_PROTO_TLS1_1)
ansond 0:137634ff4186 189 #define SSL_MAX_MINOR_VERSION SSL_MINOR_VERSION_2
ansond 0:137634ff4186 190 #else
ansond 0:137634ff4186 191 #if defined(POLARSSL_SSL_PROTO_TLS1)
ansond 0:137634ff4186 192 #define SSL_MAX_MINOR_VERSION SSL_MINOR_VERSION_1
ansond 0:137634ff4186 193 #else
ansond 0:137634ff4186 194 #if defined(POLARSSL_SSL_PROTO_SSL3)
ansond 0:137634ff4186 195 #define SSL_MAX_MINOR_VERSION SSL_MINOR_VERSION_0
ansond 0:137634ff4186 196 #endif /* POLARSSL_SSL_PROTO_SSL3 */
ansond 0:137634ff4186 197 #endif /* POLARSSL_SSL_PROTO_TLS1 */
ansond 0:137634ff4186 198 #endif /* POLARSSL_SSL_PROTO_TLS1_1 */
ansond 0:137634ff4186 199 #endif /* POLARSSL_SSL_PROTO_TLS1_2 */
ansond 0:137634ff4186 200
ansond 0:137634ff4186 201 /* RFC 6066 section 4, see also mfl_code_to_length in ssl_tls.c
ansond 0:137634ff4186 202 * NONE must be zero so that memset()ing structure to zero works */
ansond 0:137634ff4186 203 #define SSL_MAX_FRAG_LEN_NONE 0 /*!< don't use this extension */
ansond 0:137634ff4186 204 #define SSL_MAX_FRAG_LEN_512 1 /*!< MaxFragmentLength 2^9 */
ansond 0:137634ff4186 205 #define SSL_MAX_FRAG_LEN_1024 2 /*!< MaxFragmentLength 2^10 */
ansond 0:137634ff4186 206 #define SSL_MAX_FRAG_LEN_2048 3 /*!< MaxFragmentLength 2^11 */
ansond 0:137634ff4186 207 #define SSL_MAX_FRAG_LEN_4096 4 /*!< MaxFragmentLength 2^12 */
ansond 0:137634ff4186 208 #define SSL_MAX_FRAG_LEN_INVALID 5 /*!< first invalid value */
ansond 0:137634ff4186 209
ansond 0:137634ff4186 210 #define SSL_IS_CLIENT 0
ansond 0:137634ff4186 211 #define SSL_IS_SERVER 1
ansond 0:137634ff4186 212
ansond 0:137634ff4186 213 #define SSL_IS_NOT_FALLBACK 0
ansond 0:137634ff4186 214 #define SSL_IS_FALLBACK 1
ansond 0:137634ff4186 215
ansond 0:137634ff4186 216 #define SSL_EXTENDED_MS_DISABLED 0
ansond 0:137634ff4186 217 #define SSL_EXTENDED_MS_ENABLED 1
ansond 0:137634ff4186 218
ansond 0:137634ff4186 219 #define SSL_ETM_DISABLED 0
ansond 0:137634ff4186 220 #define SSL_ETM_ENABLED 1
ansond 0:137634ff4186 221
ansond 0:137634ff4186 222 #define SSL_COMPRESS_NULL 0
ansond 0:137634ff4186 223 #define SSL_COMPRESS_DEFLATE 1
ansond 0:137634ff4186 224
ansond 0:137634ff4186 225 #define SSL_VERIFY_NONE 0
ansond 0:137634ff4186 226 #define SSL_VERIFY_OPTIONAL 1
ansond 0:137634ff4186 227 #define SSL_VERIFY_REQUIRED 2
ansond 0:137634ff4186 228
ansond 0:137634ff4186 229 #define SSL_INITIAL_HANDSHAKE 0
ansond 0:137634ff4186 230 #define SSL_RENEGOTIATION 1 /* In progress */
ansond 0:137634ff4186 231 #define SSL_RENEGOTIATION_DONE 2 /* Done */
ansond 0:137634ff4186 232 #define SSL_RENEGOTIATION_PENDING 3 /* Requested (server only) */
ansond 0:137634ff4186 233
ansond 0:137634ff4186 234 #define SSL_LEGACY_RENEGOTIATION 0
ansond 0:137634ff4186 235 #define SSL_SECURE_RENEGOTIATION 1
ansond 0:137634ff4186 236
ansond 0:137634ff4186 237 #define SSL_RENEGOTIATION_DISABLED 0
ansond 0:137634ff4186 238 #define SSL_RENEGOTIATION_ENABLED 1
ansond 0:137634ff4186 239
ansond 0:137634ff4186 240 #define SSL_RENEGOTIATION_NOT_ENFORCED -1
ansond 0:137634ff4186 241 #define SSL_RENEGO_MAX_RECORDS_DEFAULT 16
ansond 0:137634ff4186 242
ansond 0:137634ff4186 243 #define SSL_LEGACY_NO_RENEGOTIATION 0
ansond 0:137634ff4186 244 #define SSL_LEGACY_ALLOW_RENEGOTIATION 1
ansond 0:137634ff4186 245 #define SSL_LEGACY_BREAK_HANDSHAKE 2
ansond 0:137634ff4186 246
ansond 0:137634ff4186 247 #define SSL_TRUNC_HMAC_DISABLED 0
ansond 0:137634ff4186 248 #define SSL_TRUNC_HMAC_ENABLED 1
ansond 0:137634ff4186 249 #define SSL_TRUNCATED_HMAC_LEN 10 /* 80 bits, rfc 6066 section 7 */
ansond 0:137634ff4186 250
ansond 0:137634ff4186 251 #define SSL_SESSION_TICKETS_DISABLED 0
ansond 0:137634ff4186 252 #define SSL_SESSION_TICKETS_ENABLED 1
ansond 0:137634ff4186 253
ansond 0:137634ff4186 254 #define SSL_CBC_RECORD_SPLITTING_DISABLED -1
ansond 0:137634ff4186 255 #define SSL_CBC_RECORD_SPLITTING_ENABLED 0
ansond 0:137634ff4186 256
ansond 0:137634ff4186 257 #define SSL_ARC4_ENABLED 0
ansond 0:137634ff4186 258 #define SSL_ARC4_DISABLED 1
ansond 0:137634ff4186 259
ansond 0:137634ff4186 260 /**
ansond 0:137634ff4186 261 * \name SECTION: Module settings
ansond 0:137634ff4186 262 *
ansond 0:137634ff4186 263 * The configuration options you can set for this module are in this section.
ansond 0:137634ff4186 264 * Either change them in config.h or define them on the compiler command line.
ansond 0:137634ff4186 265 * \{
ansond 0:137634ff4186 266 */
ansond 0:137634ff4186 267
ansond 0:137634ff4186 268 #if !defined(SSL_DEFAULT_TICKET_LIFETIME)
ansond 0:137634ff4186 269 #define SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tickets (if enabled) */
ansond 0:137634ff4186 270 #endif
ansond 0:137634ff4186 271
ansond 0:137634ff4186 272 /*
ansond 0:137634ff4186 273 * Size of the input / output buffer.
ansond 0:137634ff4186 274 * Note: the RFC defines the default size of SSL / TLS messages. If you
ansond 0:137634ff4186 275 * change the value here, other clients / servers may not be able to
ansond 0:137634ff4186 276 * communicate with you anymore. Only change this value if you control
ansond 0:137634ff4186 277 * both sides of the connection and have it reduced at both sides, or
ansond 0:137634ff4186 278 * if you're using the Max Fragment Length extension and you know all your
ansond 0:137634ff4186 279 * peers are using it too!
ansond 0:137634ff4186 280 */
ansond 0:137634ff4186 281 #if !defined(SSL_MAX_CONTENT_LEN)
ansond 0:137634ff4186 282 #define SSL_MAX_CONTENT_LEN 16384 /**< Size of the input / output buffer */
ansond 0:137634ff4186 283 #endif
ansond 0:137634ff4186 284
ansond 0:137634ff4186 285 /* \} name SECTION: Module settings */
ansond 0:137634ff4186 286
ansond 0:137634ff4186 287 /*
ansond 0:137634ff4186 288 * Allow extra bytes for record, authentication and encryption overhead:
ansond 0:137634ff4186 289 * counter (8) + header (5) + IV(16) + MAC (16-48) + padding (0-256)
ansond 0:137634ff4186 290 * and allow for a maximum of 1024 of compression expansion if
ansond 0:137634ff4186 291 * enabled.
ansond 0:137634ff4186 292 */
ansond 0:137634ff4186 293 #if defined(POLARSSL_ZLIB_SUPPORT)
ansond 0:137634ff4186 294 #define SSL_COMPRESSION_ADD 1024
ansond 0:137634ff4186 295 #else
ansond 0:137634ff4186 296 #define SSL_COMPRESSION_ADD 0
ansond 0:137634ff4186 297 #endif
ansond 0:137634ff4186 298
ansond 0:137634ff4186 299 #if defined(POLARSSL_RC4_C) || defined(POLARSSL_CIPHER_MODE_CBC)
ansond 0:137634ff4186 300 /* Ciphersuites using HMAC */
ansond 0:137634ff4186 301 #if defined(POLARSSL_SHA512_C)
ansond 0:137634ff4186 302 #define SSL_MAC_ADD 48 /* SHA-384 used for HMAC */
ansond 0:137634ff4186 303 #elif defined(POLARSSL_SHA256_C)
ansond 0:137634ff4186 304 #define SSL_MAC_ADD 32 /* SHA-256 used for HMAC */
ansond 0:137634ff4186 305 #else
ansond 0:137634ff4186 306 #define SSL_MAC_ADD 20 /* SHA-1 used for HMAC */
ansond 0:137634ff4186 307 #endif
ansond 0:137634ff4186 308 #else
ansond 0:137634ff4186 309 /* AEAD ciphersuites: GCM and CCM use a 128 bits tag */
ansond 0:137634ff4186 310 #define SSL_MAC_ADD 16
ansond 0:137634ff4186 311 #endif
ansond 0:137634ff4186 312
ansond 0:137634ff4186 313 #if defined(POLARSSL_CIPHER_MODE_CBC)
ansond 0:137634ff4186 314 #define SSL_PADDING_ADD 256
ansond 0:137634ff4186 315 #else
ansond 0:137634ff4186 316 #define SSL_PADDING_ADD 0
ansond 0:137634ff4186 317 #endif
ansond 0:137634ff4186 318
ansond 0:137634ff4186 319 #define SSL_BUFFER_LEN ( SSL_MAX_CONTENT_LEN \
ansond 0:137634ff4186 320 + SSL_COMPRESSION_ADD \
ansond 0:137634ff4186 321 + 29 /* counter + header + IV */ \
ansond 0:137634ff4186 322 + SSL_MAC_ADD \
ansond 0:137634ff4186 323 + SSL_PADDING_ADD \
ansond 0:137634ff4186 324 )
ansond 0:137634ff4186 325
ansond 0:137634ff4186 326 /*
ansond 0:137634ff4186 327 * Length of the verify data for secure renegotiation
ansond 0:137634ff4186 328 */
ansond 0:137634ff4186 329 #if defined(POLARSSL_SSL_PROTO_SSL3)
ansond 0:137634ff4186 330 #define SSL_VERIFY_DATA_MAX_LEN 36
ansond 0:137634ff4186 331 #else
ansond 0:137634ff4186 332 #define SSL_VERIFY_DATA_MAX_LEN 12
ansond 0:137634ff4186 333 #endif
ansond 0:137634ff4186 334
ansond 0:137634ff4186 335 /*
ansond 0:137634ff4186 336 * Signaling ciphersuite values (SCSV)
ansond 0:137634ff4186 337 */
ansond 0:137634ff4186 338 #define SSL_EMPTY_RENEGOTIATION_INFO 0xFF /**< renegotiation info ext */
ansond 0:137634ff4186 339 #define SSL_FALLBACK_SCSV 0x5600 /**< draft-ietf-tls-downgrade-scsv-00 */
ansond 0:137634ff4186 340
ansond 0:137634ff4186 341 /*
ansond 0:137634ff4186 342 * Supported Signature and Hash algorithms (For TLS 1.2)
ansond 0:137634ff4186 343 * RFC 5246 section 7.4.1.4.1
ansond 0:137634ff4186 344 */
ansond 0:137634ff4186 345 #define SSL_HASH_NONE 0
ansond 0:137634ff4186 346 #define SSL_HASH_MD5 1
ansond 0:137634ff4186 347 #define SSL_HASH_SHA1 2
ansond 0:137634ff4186 348 #define SSL_HASH_SHA224 3
ansond 0:137634ff4186 349 #define SSL_HASH_SHA256 4
ansond 0:137634ff4186 350 #define SSL_HASH_SHA384 5
ansond 0:137634ff4186 351 #define SSL_HASH_SHA512 6
ansond 0:137634ff4186 352
ansond 0:137634ff4186 353 #define SSL_SIG_ANON 0
ansond 0:137634ff4186 354 #define SSL_SIG_RSA 1
ansond 0:137634ff4186 355 #define SSL_SIG_ECDSA 3
ansond 0:137634ff4186 356
ansond 0:137634ff4186 357 /*
ansond 0:137634ff4186 358 * Client Certificate Types
ansond 0:137634ff4186 359 * RFC 5246 section 7.4.4 plus RFC 4492 section 5.5
ansond 0:137634ff4186 360 */
ansond 0:137634ff4186 361 #define SSL_CERT_TYPE_RSA_SIGN 1
ansond 0:137634ff4186 362 #define SSL_CERT_TYPE_ECDSA_SIGN 64
ansond 0:137634ff4186 363
ansond 0:137634ff4186 364 /*
ansond 0:137634ff4186 365 * Message, alert and handshake types
ansond 0:137634ff4186 366 */
ansond 0:137634ff4186 367 #define SSL_MSG_CHANGE_CIPHER_SPEC 20
ansond 0:137634ff4186 368 #define SSL_MSG_ALERT 21
ansond 0:137634ff4186 369 #define SSL_MSG_HANDSHAKE 22
ansond 0:137634ff4186 370 #define SSL_MSG_APPLICATION_DATA 23
ansond 0:137634ff4186 371
ansond 0:137634ff4186 372 #define SSL_ALERT_LEVEL_WARNING 1
ansond 0:137634ff4186 373 #define SSL_ALERT_LEVEL_FATAL 2
ansond 0:137634ff4186 374
ansond 0:137634ff4186 375 #define SSL_ALERT_MSG_CLOSE_NOTIFY 0 /* 0x00 */
ansond 0:137634ff4186 376 #define SSL_ALERT_MSG_UNEXPECTED_MESSAGE 10 /* 0x0A */
ansond 0:137634ff4186 377 #define SSL_ALERT_MSG_BAD_RECORD_MAC 20 /* 0x14 */
ansond 0:137634ff4186 378 #define SSL_ALERT_MSG_DECRYPTION_FAILED 21 /* 0x15 */
ansond 0:137634ff4186 379 #define SSL_ALERT_MSG_RECORD_OVERFLOW 22 /* 0x16 */
ansond 0:137634ff4186 380 #define SSL_ALERT_MSG_DECOMPRESSION_FAILURE 30 /* 0x1E */
ansond 0:137634ff4186 381 #define SSL_ALERT_MSG_HANDSHAKE_FAILURE 40 /* 0x28 */
ansond 0:137634ff4186 382 #define SSL_ALERT_MSG_NO_CERT 41 /* 0x29 */
ansond 0:137634ff4186 383 #define SSL_ALERT_MSG_BAD_CERT 42 /* 0x2A */
ansond 0:137634ff4186 384 #define SSL_ALERT_MSG_UNSUPPORTED_CERT 43 /* 0x2B */
ansond 0:137634ff4186 385 #define SSL_ALERT_MSG_CERT_REVOKED 44 /* 0x2C */
ansond 0:137634ff4186 386 #define SSL_ALERT_MSG_CERT_EXPIRED 45 /* 0x2D */
ansond 0:137634ff4186 387 #define SSL_ALERT_MSG_CERT_UNKNOWN 46 /* 0x2E */
ansond 0:137634ff4186 388 #define SSL_ALERT_MSG_ILLEGAL_PARAMETER 47 /* 0x2F */
ansond 0:137634ff4186 389 #define SSL_ALERT_MSG_UNKNOWN_CA 48 /* 0x30 */
ansond 0:137634ff4186 390 #define SSL_ALERT_MSG_ACCESS_DENIED 49 /* 0x31 */
ansond 0:137634ff4186 391 #define SSL_ALERT_MSG_DECODE_ERROR 50 /* 0x32 */
ansond 0:137634ff4186 392 #define SSL_ALERT_MSG_DECRYPT_ERROR 51 /* 0x33 */
ansond 0:137634ff4186 393 #define SSL_ALERT_MSG_EXPORT_RESTRICTION 60 /* 0x3C */
ansond 0:137634ff4186 394 #define SSL_ALERT_MSG_PROTOCOL_VERSION 70 /* 0x46 */
ansond 0:137634ff4186 395 #define SSL_ALERT_MSG_INSUFFICIENT_SECURITY 71 /* 0x47 */
ansond 0:137634ff4186 396 #define SSL_ALERT_MSG_INTERNAL_ERROR 80 /* 0x50 */
ansond 0:137634ff4186 397 #define SSL_ALERT_MSG_INAPROPRIATE_FALLBACK 86 /* 0x56 */
ansond 0:137634ff4186 398 #define SSL_ALERT_MSG_USER_CANCELED 90 /* 0x5A */
ansond 0:137634ff4186 399 #define SSL_ALERT_MSG_NO_RENEGOTIATION 100 /* 0x64 */
ansond 0:137634ff4186 400 #define SSL_ALERT_MSG_UNSUPPORTED_EXT 110 /* 0x6E */
ansond 0:137634ff4186 401 #define SSL_ALERT_MSG_UNRECOGNIZED_NAME 112 /* 0x70 */
ansond 0:137634ff4186 402 #define SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY 115 /* 0x73 */
ansond 0:137634ff4186 403 #define SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL 120 /* 0x78 */
ansond 0:137634ff4186 404
ansond 0:137634ff4186 405 #define SSL_HS_HELLO_REQUEST 0
ansond 0:137634ff4186 406 #define SSL_HS_CLIENT_HELLO 1
ansond 0:137634ff4186 407 #define SSL_HS_SERVER_HELLO 2
ansond 0:137634ff4186 408 #define SSL_HS_NEW_SESSION_TICKET 4
ansond 0:137634ff4186 409 #define SSL_HS_CERTIFICATE 11
ansond 0:137634ff4186 410 #define SSL_HS_SERVER_KEY_EXCHANGE 12
ansond 0:137634ff4186 411 #define SSL_HS_CERTIFICATE_REQUEST 13
ansond 0:137634ff4186 412 #define SSL_HS_SERVER_HELLO_DONE 14
ansond 0:137634ff4186 413 #define SSL_HS_CERTIFICATE_VERIFY 15
ansond 0:137634ff4186 414 #define SSL_HS_CLIENT_KEY_EXCHANGE 16
ansond 0:137634ff4186 415 #define SSL_HS_FINISHED 20
ansond 0:137634ff4186 416
ansond 0:137634ff4186 417 /*
ansond 0:137634ff4186 418 * TLS extensions
ansond 0:137634ff4186 419 */
ansond 0:137634ff4186 420 #define TLS_EXT_SERVERNAME 0
ansond 0:137634ff4186 421 #define TLS_EXT_SERVERNAME_HOSTNAME 0
ansond 0:137634ff4186 422
ansond 0:137634ff4186 423 #define TLS_EXT_MAX_FRAGMENT_LENGTH 1
ansond 0:137634ff4186 424
ansond 0:137634ff4186 425 #define TLS_EXT_TRUNCATED_HMAC 4
ansond 0:137634ff4186 426
ansond 0:137634ff4186 427 #define TLS_EXT_SUPPORTED_ELLIPTIC_CURVES 10
ansond 0:137634ff4186 428 #define TLS_EXT_SUPPORTED_POINT_FORMATS 11
ansond 0:137634ff4186 429
ansond 0:137634ff4186 430 #define TLS_EXT_SIG_ALG 13
ansond 0:137634ff4186 431
ansond 0:137634ff4186 432 #define TLS_EXT_ALPN 16
ansond 0:137634ff4186 433
ansond 0:137634ff4186 434 #define TLS_EXT_ENCRYPT_THEN_MAC 22 /* 0x16 */
ansond 0:137634ff4186 435 #define TLS_EXT_EXTENDED_MASTER_SECRET 0x0017 /* 23 */
ansond 0:137634ff4186 436
ansond 0:137634ff4186 437 #define TLS_EXT_SESSION_TICKET 35
ansond 0:137634ff4186 438
ansond 0:137634ff4186 439 #define TLS_EXT_RENEGOTIATION_INFO 0xFF01
ansond 0:137634ff4186 440
ansond 0:137634ff4186 441 /*
ansond 0:137634ff4186 442 * TLS extension flags (for extensions with outgoing ServerHello content
ansond 0:137634ff4186 443 * that need it (e.g. for RENEGOTIATION_INFO the server already knows because
ansond 0:137634ff4186 444 * of state of the renegotiation flag, so no indicator is required)
ansond 0:137634ff4186 445 */
ansond 0:137634ff4186 446 #define TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT (1 << 0)
ansond 0:137634ff4186 447
ansond 0:137634ff4186 448 /*
ansond 0:137634ff4186 449 * Size defines
ansond 0:137634ff4186 450 */
ansond 0:137634ff4186 451 #if !defined(POLARSSL_PSK_MAX_LEN)
ansond 0:137634ff4186 452 #define POLARSSL_PSK_MAX_LEN 32 /* 256 bits */
ansond 0:137634ff4186 453 #endif
ansond 0:137634ff4186 454
ansond 0:137634ff4186 455 /* Dummy type used only for its size */
ansond 0:137634ff4186 456 union _ssl_premaster_secret
ansond 0:137634ff4186 457 {
ansond 0:137634ff4186 458 #if defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED)
ansond 0:137634ff4186 459 unsigned char _pms_rsa[48]; /* RFC 5246 8.1.1 */
ansond 0:137634ff4186 460 #endif
ansond 0:137634ff4186 461 #if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED)
ansond 0:137634ff4186 462 unsigned char _pms_dhm[POLARSSL_MPI_MAX_SIZE]; /* RFC 5246 8.1.2 */
ansond 0:137634ff4186 463 #endif
ansond 0:137634ff4186 464 #if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
ansond 0:137634ff4186 465 defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
ansond 0:137634ff4186 466 defined(POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
ansond 0:137634ff4186 467 defined(POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
ansond 0:137634ff4186 468 unsigned char _pms_ecdh[POLARSSL_ECP_MAX_BYTES]; /* RFC 4492 5.10 */
ansond 0:137634ff4186 469 #endif
ansond 0:137634ff4186 470 #if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
ansond 0:137634ff4186 471 unsigned char _pms_psk[4 + 2 * POLARSSL_PSK_MAX_LEN]; /* RFC 4279 2 */
ansond 0:137634ff4186 472 #endif
ansond 0:137634ff4186 473 #if defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED)
ansond 0:137634ff4186 474 unsigned char _pms_dhe_psk[4 + POLARSSL_MPI_MAX_SIZE
ansond 0:137634ff4186 475 + POLARSSL_PSK_MAX_LEN]; /* RFC 4279 3 */
ansond 0:137634ff4186 476 #endif
ansond 0:137634ff4186 477 #if defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED)
ansond 0:137634ff4186 478 unsigned char _pms_rsa_psk[52 + POLARSSL_PSK_MAX_LEN]; /* RFC 4279 4 */
ansond 0:137634ff4186 479 #endif
ansond 0:137634ff4186 480 #if defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
ansond 0:137634ff4186 481 unsigned char _pms_ecdhe_psk[4 + POLARSSL_ECP_MAX_BYTES
ansond 0:137634ff4186 482 + POLARSSL_PSK_MAX_LEN]; /* RFC 5489 2 */
ansond 0:137634ff4186 483 #endif
ansond 0:137634ff4186 484 };
ansond 0:137634ff4186 485
ansond 0:137634ff4186 486 #define POLARSSL_PREMASTER_SIZE sizeof( union _ssl_premaster_secret )
ansond 0:137634ff4186 487
ansond 0:137634ff4186 488 #ifdef __cplusplus
ansond 0:137634ff4186 489 extern "C" {
ansond 0:137634ff4186 490 #endif
ansond 0:137634ff4186 491
ansond 0:137634ff4186 492 /*
ansond 0:137634ff4186 493 * Generic function pointers for allowing external RSA private key
ansond 0:137634ff4186 494 * implementations.
ansond 0:137634ff4186 495 */
ansond 0:137634ff4186 496 typedef int (*rsa_decrypt_func)( void *ctx, int mode, size_t *olen,
ansond 0:137634ff4186 497 const unsigned char *input, unsigned char *output,
ansond 0:137634ff4186 498 size_t output_max_len );
ansond 0:137634ff4186 499 typedef int (*rsa_sign_func)( void *ctx,
ansond 0:137634ff4186 500 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
ansond 0:137634ff4186 501 int mode, md_type_t md_alg, unsigned int hashlen,
ansond 0:137634ff4186 502 const unsigned char *hash, unsigned char *sig );
ansond 0:137634ff4186 503 typedef size_t (*rsa_key_len_func)( void *ctx );
ansond 0:137634ff4186 504
ansond 0:137634ff4186 505 /*
ansond 0:137634ff4186 506 * SSL state machine
ansond 0:137634ff4186 507 */
ansond 0:137634ff4186 508 typedef enum
ansond 0:137634ff4186 509 {
ansond 0:137634ff4186 510 SSL_HELLO_REQUEST,
ansond 0:137634ff4186 511 SSL_CLIENT_HELLO,
ansond 0:137634ff4186 512 SSL_SERVER_HELLO,
ansond 0:137634ff4186 513 SSL_SERVER_CERTIFICATE,
ansond 0:137634ff4186 514 SSL_SERVER_KEY_EXCHANGE,
ansond 0:137634ff4186 515 SSL_CERTIFICATE_REQUEST,
ansond 0:137634ff4186 516 SSL_SERVER_HELLO_DONE,
ansond 0:137634ff4186 517 SSL_CLIENT_CERTIFICATE,
ansond 0:137634ff4186 518 SSL_CLIENT_KEY_EXCHANGE,
ansond 0:137634ff4186 519 SSL_CERTIFICATE_VERIFY,
ansond 0:137634ff4186 520 SSL_CLIENT_CHANGE_CIPHER_SPEC,
ansond 0:137634ff4186 521 SSL_CLIENT_FINISHED,
ansond 0:137634ff4186 522 SSL_SERVER_CHANGE_CIPHER_SPEC,
ansond 0:137634ff4186 523 SSL_SERVER_FINISHED,
ansond 0:137634ff4186 524 SSL_FLUSH_BUFFERS,
ansond 0:137634ff4186 525 SSL_HANDSHAKE_WRAPUP,
ansond 0:137634ff4186 526 SSL_HANDSHAKE_OVER,
ansond 0:137634ff4186 527 SSL_SERVER_NEW_SESSION_TICKET,
ansond 0:137634ff4186 528 }
ansond 0:137634ff4186 529 ssl_states;
ansond 0:137634ff4186 530
ansond 0:137634ff4186 531 typedef struct _ssl_session ssl_session;
ansond 0:137634ff4186 532 typedef struct _ssl_context ssl_context;
ansond 0:137634ff4186 533 typedef struct _ssl_transform ssl_transform;
ansond 0:137634ff4186 534 typedef struct _ssl_handshake_params ssl_handshake_params;
ansond 0:137634ff4186 535 #if defined(POLARSSL_SSL_SESSION_TICKETS)
ansond 0:137634ff4186 536 typedef struct _ssl_ticket_keys ssl_ticket_keys;
ansond 0:137634ff4186 537 #endif
ansond 0:137634ff4186 538 #if defined(POLARSSL_X509_CRT_PARSE_C)
ansond 0:137634ff4186 539 typedef struct _ssl_key_cert ssl_key_cert;
ansond 0:137634ff4186 540 #endif
ansond 0:137634ff4186 541
ansond 0:137634ff4186 542 /*
ansond 0:137634ff4186 543 * This structure is used for storing current session data.
ansond 0:137634ff4186 544 */
ansond 0:137634ff4186 545 struct _ssl_session
ansond 0:137634ff4186 546 {
ansond 0:137634ff4186 547 #if defined(POLARSSL_HAVE_TIME)
ansond 0:137634ff4186 548 time_t start; /*!< starting time */
ansond 0:137634ff4186 549 #endif
ansond 0:137634ff4186 550 int ciphersuite; /*!< chosen ciphersuite */
ansond 0:137634ff4186 551 int compression; /*!< chosen compression */
ansond 0:137634ff4186 552 size_t length; /*!< session id length */
ansond 0:137634ff4186 553 unsigned char id[32]; /*!< session identifier */
ansond 0:137634ff4186 554 unsigned char master[48]; /*!< the master secret */
ansond 0:137634ff4186 555
ansond 0:137634ff4186 556 #if defined(POLARSSL_X509_CRT_PARSE_C)
ansond 0:137634ff4186 557 x509_crt *peer_cert; /*!< peer X.509 cert chain */
ansond 0:137634ff4186 558 #endif /* POLARSSL_X509_CRT_PARSE_C */
ansond 0:137634ff4186 559 int verify_result; /*!< verification result */
ansond 0:137634ff4186 560
ansond 0:137634ff4186 561 #if defined(POLARSSL_SSL_SESSION_TICKETS)
ansond 0:137634ff4186 562 unsigned char *ticket; /*!< RFC 5077 session ticket */
ansond 0:137634ff4186 563 size_t ticket_len; /*!< session ticket length */
ansond 0:137634ff4186 564 uint32_t ticket_lifetime; /*!< ticket lifetime hint */
ansond 0:137634ff4186 565 #endif /* POLARSSL_SSL_SESSION_TICKETS */
ansond 0:137634ff4186 566
ansond 0:137634ff4186 567 #if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
ansond 0:137634ff4186 568 unsigned char mfl_code; /*!< MaxFragmentLength negotiated by peer */
ansond 0:137634ff4186 569 #endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */
ansond 0:137634ff4186 570
ansond 0:137634ff4186 571 #if defined(POLARSSL_SSL_TRUNCATED_HMAC)
ansond 0:137634ff4186 572 int trunc_hmac; /*!< flag for truncated hmac activation */
ansond 0:137634ff4186 573 #endif /* POLARSSL_SSL_TRUNCATED_HMAC */
ansond 0:137634ff4186 574
ansond 0:137634ff4186 575 #if defined(POLARSSL_SSL_ENCRYPT_THEN_MAC)
ansond 0:137634ff4186 576 int encrypt_then_mac; /*!< flag for EtM activation */
ansond 0:137634ff4186 577 #endif
ansond 0:137634ff4186 578 };
ansond 0:137634ff4186 579
ansond 0:137634ff4186 580 /*
ansond 0:137634ff4186 581 * This structure contains a full set of runtime transform parameters
ansond 0:137634ff4186 582 * either in negotiation or active.
ansond 0:137634ff4186 583 */
ansond 0:137634ff4186 584 struct _ssl_transform
ansond 0:137634ff4186 585 {
ansond 0:137634ff4186 586 /*
ansond 0:137634ff4186 587 * Session specific crypto layer
ansond 0:137634ff4186 588 */
ansond 0:137634ff4186 589 const ssl_ciphersuite_t *ciphersuite_info;
ansond 0:137634ff4186 590 /*!< Chosen cipersuite_info */
ansond 0:137634ff4186 591 unsigned int keylen; /*!< symmetric key length */
ansond 0:137634ff4186 592 size_t minlen; /*!< min. ciphertext length */
ansond 0:137634ff4186 593 size_t ivlen; /*!< IV length */
ansond 0:137634ff4186 594 size_t fixed_ivlen; /*!< Fixed part of IV (AEAD) */
ansond 0:137634ff4186 595 size_t maclen; /*!< MAC length */
ansond 0:137634ff4186 596
ansond 0:137634ff4186 597 unsigned char iv_enc[16]; /*!< IV (encryption) */
ansond 0:137634ff4186 598 unsigned char iv_dec[16]; /*!< IV (decryption) */
ansond 0:137634ff4186 599
ansond 0:137634ff4186 600 #if defined(POLARSSL_SSL_PROTO_SSL3)
ansond 0:137634ff4186 601 /* Needed only for SSL v3.0 secret */
ansond 0:137634ff4186 602 unsigned char mac_enc[20]; /*!< SSL v3.0 secret (enc) */
ansond 0:137634ff4186 603 unsigned char mac_dec[20]; /*!< SSL v3.0 secret (dec) */
ansond 0:137634ff4186 604 #endif /* POLARSSL_SSL_PROTO_SSL3 */
ansond 0:137634ff4186 605
ansond 0:137634ff4186 606 md_context_t md_ctx_enc; /*!< MAC (encryption) */
ansond 0:137634ff4186 607 md_context_t md_ctx_dec; /*!< MAC (decryption) */
ansond 0:137634ff4186 608
ansond 0:137634ff4186 609 cipher_context_t cipher_ctx_enc; /*!< encryption context */
ansond 0:137634ff4186 610 cipher_context_t cipher_ctx_dec; /*!< decryption context */
ansond 0:137634ff4186 611
ansond 0:137634ff4186 612 /*
ansond 0:137634ff4186 613 * Session specific compression layer
ansond 0:137634ff4186 614 */
ansond 0:137634ff4186 615 #if defined(POLARSSL_ZLIB_SUPPORT)
ansond 0:137634ff4186 616 z_stream ctx_deflate; /*!< compression context */
ansond 0:137634ff4186 617 z_stream ctx_inflate; /*!< decompression context */
ansond 0:137634ff4186 618 #endif
ansond 0:137634ff4186 619 };
ansond 0:137634ff4186 620
ansond 0:137634ff4186 621 /*
ansond 0:137634ff4186 622 * This structure contains the parameters only needed during handshake.
ansond 0:137634ff4186 623 */
ansond 0:137634ff4186 624 struct _ssl_handshake_params
ansond 0:137634ff4186 625 {
ansond 0:137634ff4186 626 /*
ansond 0:137634ff4186 627 * Handshake specific crypto variables
ansond 0:137634ff4186 628 */
ansond 0:137634ff4186 629 int sig_alg; /*!< Hash algorithm for signature */
ansond 0:137634ff4186 630 int cert_type; /*!< Requested cert type */
ansond 0:137634ff4186 631 int verify_sig_alg; /*!< Signature algorithm for verify */
ansond 0:137634ff4186 632 #if defined(POLARSSL_DHM_C)
ansond 0:137634ff4186 633 dhm_context dhm_ctx; /*!< DHM key exchange */
ansond 0:137634ff4186 634 #endif
ansond 0:137634ff4186 635 #if defined(POLARSSL_ECDH_C)
ansond 0:137634ff4186 636 ecdh_context ecdh_ctx; /*!< ECDH key exchange */
ansond 0:137634ff4186 637 #endif
ansond 0:137634ff4186 638 #if defined(POLARSSL_ECDH_C) || defined(POLARSSL_ECDSA_C)
ansond 0:137634ff4186 639 const ecp_curve_info **curves; /*!< Supported elliptic curves */
ansond 0:137634ff4186 640 #endif
ansond 0:137634ff4186 641 #if defined(POLARSSL_X509_CRT_PARSE_C)
ansond 0:137634ff4186 642 /**
ansond 0:137634ff4186 643 * Current key/cert or key/cert list.
ansond 0:137634ff4186 644 * On client: pointer to ssl->key_cert, only the first entry used.
ansond 0:137634ff4186 645 * On server: starts as a pointer to ssl->key_cert, then becomes
ansond 0:137634ff4186 646 * a pointer to the chosen key from this list or the SNI list.
ansond 0:137634ff4186 647 */
ansond 0:137634ff4186 648 ssl_key_cert *key_cert;
ansond 0:137634ff4186 649 #if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
ansond 0:137634ff4186 650 ssl_key_cert *sni_key_cert; /*!< key/cert list from SNI */
ansond 0:137634ff4186 651 #endif
ansond 0:137634ff4186 652 #endif /* POLARSSL_X509_CRT_PARSE_C */
ansond 0:137634ff4186 653
ansond 0:137634ff4186 654 /*
ansond 0:137634ff4186 655 * Checksum contexts
ansond 0:137634ff4186 656 */
ansond 0:137634ff4186 657 #if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1) || \
ansond 0:137634ff4186 658 defined(POLARSSL_SSL_PROTO_TLS1_1)
ansond 0:137634ff4186 659 md5_context fin_md5;
ansond 0:137634ff4186 660 sha1_context fin_sha1;
ansond 0:137634ff4186 661 #endif
ansond 0:137634ff4186 662 #if defined(POLARSSL_SSL_PROTO_TLS1_2)
ansond 0:137634ff4186 663 #if defined(POLARSSL_SHA256_C)
ansond 0:137634ff4186 664 sha256_context fin_sha256;
ansond 0:137634ff4186 665 #endif
ansond 0:137634ff4186 666 #if defined(POLARSSL_SHA512_C)
ansond 0:137634ff4186 667 sha512_context fin_sha512;
ansond 0:137634ff4186 668 #endif
ansond 0:137634ff4186 669 #endif /* POLARSSL_SSL_PROTO_TLS1_2 */
ansond 0:137634ff4186 670
ansond 0:137634ff4186 671 void (*update_checksum)(ssl_context *, const unsigned char *, size_t);
ansond 0:137634ff4186 672 void (*calc_verify)(ssl_context *, unsigned char *);
ansond 0:137634ff4186 673 void (*calc_finished)(ssl_context *, unsigned char *, int);
ansond 0:137634ff4186 674 int (*tls_prf)(const unsigned char *, size_t, const char *,
ansond 0:137634ff4186 675 const unsigned char *, size_t,
ansond 0:137634ff4186 676 unsigned char *, size_t);
ansond 0:137634ff4186 677
ansond 0:137634ff4186 678 size_t pmslen; /*!< premaster length */
ansond 0:137634ff4186 679
ansond 0:137634ff4186 680 unsigned char randbytes[64]; /*!< random bytes */
ansond 0:137634ff4186 681 unsigned char premaster[POLARSSL_PREMASTER_SIZE];
ansond 0:137634ff4186 682 /*!< premaster secret */
ansond 0:137634ff4186 683
ansond 0:137634ff4186 684 int resume; /*!< session resume indicator*/
ansond 0:137634ff4186 685 int max_major_ver; /*!< max. major version client*/
ansond 0:137634ff4186 686 int max_minor_ver; /*!< max. minor version client*/
ansond 0:137634ff4186 687 int cli_exts; /*!< client extension presence*/
ansond 0:137634ff4186 688
ansond 0:137634ff4186 689 #if defined(POLARSSL_SSL_SESSION_TICKETS)
ansond 0:137634ff4186 690 int new_session_ticket; /*!< use NewSessionTicket? */
ansond 0:137634ff4186 691 #endif /* POLARSSL_SSL_SESSION_TICKETS */
ansond 0:137634ff4186 692 #if defined(POLARSSL_SSL_EXTENDED_MASTER_SECRET)
ansond 0:137634ff4186 693 int extended_ms; /*!< use Extended Master Secret? */
ansond 0:137634ff4186 694 #endif
ansond 0:137634ff4186 695 };
ansond 0:137634ff4186 696
ansond 0:137634ff4186 697 #if defined(POLARSSL_SSL_SESSION_TICKETS)
ansond 0:137634ff4186 698 /*
ansond 0:137634ff4186 699 * Parameters needed to secure session tickets
ansond 0:137634ff4186 700 */
ansond 0:137634ff4186 701 struct _ssl_ticket_keys
ansond 0:137634ff4186 702 {
ansond 0:137634ff4186 703 unsigned char key_name[16]; /*!< name to quickly discard bad tickets */
ansond 0:137634ff4186 704 aes_context enc; /*!< encryption context */
ansond 0:137634ff4186 705 aes_context dec; /*!< decryption context */
ansond 0:137634ff4186 706 unsigned char mac_key[16]; /*!< authentication key */
ansond 0:137634ff4186 707 };
ansond 0:137634ff4186 708 #endif /* POLARSSL_SSL_SESSION_TICKETS */
ansond 0:137634ff4186 709
ansond 0:137634ff4186 710 #if defined(POLARSSL_X509_CRT_PARSE_C)
ansond 0:137634ff4186 711 /*
ansond 0:137634ff4186 712 * List of certificate + private key pairs
ansond 0:137634ff4186 713 */
ansond 0:137634ff4186 714 struct _ssl_key_cert
ansond 0:137634ff4186 715 {
ansond 0:137634ff4186 716 x509_crt *cert; /*!< cert */
ansond 0:137634ff4186 717 pk_context *key; /*!< private key */
ansond 0:137634ff4186 718 int key_own_alloc; /*!< did we allocate key? */
ansond 0:137634ff4186 719 ssl_key_cert *next; /*!< next key/cert pair */
ansond 0:137634ff4186 720 };
ansond 0:137634ff4186 721 #endif /* POLARSSL_X509_CRT_PARSE_C */
ansond 0:137634ff4186 722
ansond 0:137634ff4186 723 struct _ssl_context
ansond 0:137634ff4186 724 {
ansond 0:137634ff4186 725 /*
ansond 0:137634ff4186 726 * Miscellaneous
ansond 0:137634ff4186 727 */
ansond 0:137634ff4186 728 int state; /*!< SSL handshake: current state */
ansond 0:137634ff4186 729 int renegotiation; /*!< Initial or renegotiation */
ansond 0:137634ff4186 730 #if defined(POLARSSL_SSL_RENEGOTIATION)
ansond 0:137634ff4186 731 int renego_records_seen; /*!< Records since renego request */
ansond 0:137634ff4186 732 #endif
ansond 0:137634ff4186 733
ansond 0:137634ff4186 734 int major_ver; /*!< equal to SSL_MAJOR_VERSION_3 */
ansond 0:137634ff4186 735 int minor_ver; /*!< either 0 (SSL3) or 1 (TLS1.0) */
ansond 0:137634ff4186 736
ansond 0:137634ff4186 737 int max_major_ver; /*!< max. major version used */
ansond 0:137634ff4186 738 int max_minor_ver; /*!< max. minor version used */
ansond 0:137634ff4186 739 int min_major_ver; /*!< min. major version used */
ansond 0:137634ff4186 740 int min_minor_ver; /*!< min. minor version used */
ansond 0:137634ff4186 741
ansond 0:137634ff4186 742 #if defined(POLARSSL_SSL_FALLBACK_SCSV) && defined(POLARSSL_SSL_CLI_C)
ansond 0:137634ff4186 743 char fallback; /*!< flag for fallback connections */
ansond 0:137634ff4186 744 #endif
ansond 0:137634ff4186 745 #if defined(POLARSSL_SSL_ENCRYPT_THEN_MAC)
ansond 0:137634ff4186 746 char encrypt_then_mac; /*!< flag for encrypt-then-mac */
ansond 0:137634ff4186 747 #endif
ansond 0:137634ff4186 748 #if defined(POLARSSL_SSL_EXTENDED_MASTER_SECRET)
ansond 0:137634ff4186 749 char extended_ms; /*!< flag for extended master secret */
ansond 0:137634ff4186 750 #endif
ansond 0:137634ff4186 751 char arc4_disabled; /*!< flag for disabling RC4 */
ansond 0:137634ff4186 752
ansond 0:137634ff4186 753 /*
ansond 0:137634ff4186 754 * Callbacks (RNG, debug, I/O, verification)
ansond 0:137634ff4186 755 */
ansond 0:137634ff4186 756 int (*f_rng)(void *, unsigned char *, size_t);
ansond 0:137634ff4186 757 void (*f_dbg)(void *, int, const char *);
ansond 0:137634ff4186 758 int (*f_recv)(void *, unsigned char *, size_t);
ansond 0:137634ff4186 759 int (*f_send)(void *, const unsigned char *, size_t);
ansond 0:137634ff4186 760 int (*f_get_cache)(void *, ssl_session *);
ansond 0:137634ff4186 761 int (*f_set_cache)(void *, const ssl_session *);
ansond 0:137634ff4186 762
ansond 0:137634ff4186 763 void *p_rng; /*!< context for the RNG function */
ansond 0:137634ff4186 764 void *p_dbg; /*!< context for the debug function */
ansond 0:137634ff4186 765 void *p_recv; /*!< context for reading operations */
ansond 0:137634ff4186 766 void *p_send; /*!< context for writing operations */
ansond 0:137634ff4186 767 void *p_get_cache; /*!< context for cache retrieval */
ansond 0:137634ff4186 768 void *p_set_cache; /*!< context for cache store */
ansond 0:137634ff4186 769 void *p_hw_data; /*!< context for HW acceleration */
ansond 0:137634ff4186 770
ansond 0:137634ff4186 771 #if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
ansond 0:137634ff4186 772 int (*f_sni)(void *, ssl_context *, const unsigned char *, size_t);
ansond 0:137634ff4186 773 void *p_sni; /*!< context for SNI extension */
ansond 0:137634ff4186 774 #endif
ansond 0:137634ff4186 775
ansond 0:137634ff4186 776 #if defined(POLARSSL_X509_CRT_PARSE_C)
ansond 0:137634ff4186 777 int (*f_vrfy)(void *, x509_crt *, int, int *);
ansond 0:137634ff4186 778 void *p_vrfy; /*!< context for verification */
ansond 0:137634ff4186 779 #endif
ansond 0:137634ff4186 780
ansond 0:137634ff4186 781 #if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
ansond 0:137634ff4186 782 int (*f_psk)(void *, ssl_context *, const unsigned char *, size_t);
ansond 0:137634ff4186 783 void *p_psk; /*!< context for PSK retrieval */
ansond 0:137634ff4186 784 #endif
ansond 0:137634ff4186 785
ansond 0:137634ff4186 786 /*
ansond 0:137634ff4186 787 * Session layer
ansond 0:137634ff4186 788 */
ansond 0:137634ff4186 789 ssl_session *session_in; /*!< current session data (in) */
ansond 0:137634ff4186 790 ssl_session *session_out; /*!< current session data (out) */
ansond 0:137634ff4186 791 ssl_session *session; /*!< negotiated session data */
ansond 0:137634ff4186 792 ssl_session *session_negotiate; /*!< session data in negotiation */
ansond 0:137634ff4186 793
ansond 0:137634ff4186 794 ssl_handshake_params *handshake; /*!< params required only during
ansond 0:137634ff4186 795 the handshake process */
ansond 0:137634ff4186 796
ansond 0:137634ff4186 797 /*
ansond 0:137634ff4186 798 * Record layer transformations
ansond 0:137634ff4186 799 */
ansond 0:137634ff4186 800 ssl_transform *transform_in; /*!< current transform params (in) */
ansond 0:137634ff4186 801 ssl_transform *transform_out; /*!< current transform params (in) */
ansond 0:137634ff4186 802 ssl_transform *transform; /*!< negotiated transform params */
ansond 0:137634ff4186 803 ssl_transform *transform_negotiate; /*!< transform params in negotiation */
ansond 0:137634ff4186 804
ansond 0:137634ff4186 805 /*
ansond 0:137634ff4186 806 * Record layer (incoming data)
ansond 0:137634ff4186 807 */
ansond 0:137634ff4186 808 unsigned char *in_ctr; /*!< 64-bit incoming message counter */
ansond 0:137634ff4186 809 unsigned char *in_hdr; /*!< 5-byte record header (in_ctr+8) */
ansond 0:137634ff4186 810 unsigned char *in_iv; /*!< ivlen-byte IV (in_hdr+5) */
ansond 0:137634ff4186 811 unsigned char *in_msg; /*!< message contents (in_iv+ivlen) */
ansond 0:137634ff4186 812 unsigned char *in_offt; /*!< read offset in application data */
ansond 0:137634ff4186 813
ansond 0:137634ff4186 814 int in_msgtype; /*!< record header: message type */
ansond 0:137634ff4186 815 size_t in_msglen; /*!< record header: message length */
ansond 0:137634ff4186 816 size_t in_left; /*!< amount of data read so far */
ansond 0:137634ff4186 817
ansond 0:137634ff4186 818 size_t in_hslen; /*!< current handshake message length */
ansond 0:137634ff4186 819 int nb_zero; /*!< # of 0-length encrypted messages */
ansond 0:137634ff4186 820 int record_read; /*!< record is already present */
ansond 0:137634ff4186 821
ansond 0:137634ff4186 822 /*
ansond 0:137634ff4186 823 * Record layer (outgoing data)
ansond 0:137634ff4186 824 */
ansond 0:137634ff4186 825 unsigned char *out_ctr; /*!< 64-bit outgoing message counter */
ansond 0:137634ff4186 826 unsigned char *out_hdr; /*!< 5-byte record header (out_ctr+8) */
ansond 0:137634ff4186 827 unsigned char *out_iv; /*!< ivlen-byte IV (out_hdr+5) */
ansond 0:137634ff4186 828 unsigned char *out_msg; /*!< message contents (out_iv+ivlen) */
ansond 0:137634ff4186 829
ansond 0:137634ff4186 830 int out_msgtype; /*!< record header: message type */
ansond 0:137634ff4186 831 size_t out_msglen; /*!< record header: message length */
ansond 0:137634ff4186 832 size_t out_left; /*!< amount of data not yet written */
ansond 0:137634ff4186 833
ansond 0:137634ff4186 834 #if defined(POLARSSL_ZLIB_SUPPORT)
ansond 0:137634ff4186 835 unsigned char *compress_buf; /*!< zlib data buffer */
ansond 0:137634ff4186 836 #endif
ansond 0:137634ff4186 837 #if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
ansond 0:137634ff4186 838 unsigned char mfl_code; /*!< MaxFragmentLength chosen by us */
ansond 0:137634ff4186 839 #endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */
ansond 0:137634ff4186 840 #if defined(POLARSSL_SSL_CBC_RECORD_SPLITTING)
ansond 0:137634ff4186 841 signed char split_done; /*!< flag for record splitting:
ansond 0:137634ff4186 842 -1 disabled, 0 todo, 1 done */
ansond 0:137634ff4186 843 #endif
ansond 0:137634ff4186 844
ansond 0:137634ff4186 845 /*
ansond 0:137634ff4186 846 * PKI layer
ansond 0:137634ff4186 847 */
ansond 0:137634ff4186 848 #if defined(POLARSSL_X509_CRT_PARSE_C)
ansond 0:137634ff4186 849 ssl_key_cert *key_cert; /*!< own certificate(s)/key(s) */
ansond 0:137634ff4186 850
ansond 0:137634ff4186 851 x509_crt *ca_chain; /*!< own trusted CA chain */
ansond 0:137634ff4186 852 x509_crl *ca_crl; /*!< trusted CA CRLs */
ansond 0:137634ff4186 853 const char *peer_cn; /*!< expected peer CN */
ansond 0:137634ff4186 854 #endif /* POLARSSL_X509_CRT_PARSE_C */
ansond 0:137634ff4186 855
ansond 0:137634ff4186 856 /*
ansond 0:137634ff4186 857 * Support for generating and checking session tickets
ansond 0:137634ff4186 858 */
ansond 0:137634ff4186 859 #if defined(POLARSSL_SSL_SESSION_TICKETS)
ansond 0:137634ff4186 860 ssl_ticket_keys *ticket_keys; /*!< keys for ticket encryption */
ansond 0:137634ff4186 861 #endif /* POLARSSL_SSL_SESSION_TICKETS */
ansond 0:137634ff4186 862
ansond 0:137634ff4186 863 /*
ansond 0:137634ff4186 864 * User settings
ansond 0:137634ff4186 865 */
ansond 0:137634ff4186 866 int endpoint; /*!< 0: client, 1: server */
ansond 0:137634ff4186 867 int authmode; /*!< verification mode */
ansond 0:137634ff4186 868 int client_auth; /*!< flag for client auth. */
ansond 0:137634ff4186 869 int verify_result; /*!< verification result */
ansond 0:137634ff4186 870 #if defined(POLARSSL_SSL_RENEGOTIATION)
ansond 0:137634ff4186 871 int disable_renegotiation; /*!< enable/disable renegotiation */
ansond 0:137634ff4186 872 int renego_max_records; /*!< grace period for renegotiation */
ansond 0:137634ff4186 873 unsigned char renego_period[8]; /*!< value of the record counters
ansond 0:137634ff4186 874 that triggers renegotiation */
ansond 0:137634ff4186 875 #endif
ansond 0:137634ff4186 876 int allow_legacy_renegotiation; /*!< allow legacy renegotiation */
ansond 0:137634ff4186 877 const int *ciphersuite_list[4]; /*!< allowed ciphersuites / version */
ansond 0:137634ff4186 878 #if defined(POLARSSL_SSL_SET_CURVES)
ansond 0:137634ff4186 879 const ecp_group_id *curve_list; /*!< allowed curves */
ansond 0:137634ff4186 880 #endif
ansond 0:137634ff4186 881 #if defined(POLARSSL_SSL_TRUNCATED_HMAC)
ansond 0:137634ff4186 882 int trunc_hmac; /*!< negotiate truncated hmac? */
ansond 0:137634ff4186 883 #endif
ansond 0:137634ff4186 884 #if defined(POLARSSL_SSL_SESSION_TICKETS)
ansond 0:137634ff4186 885 int session_tickets; /*!< use session tickets? */
ansond 0:137634ff4186 886 int ticket_lifetime; /*!< session ticket lifetime */
ansond 0:137634ff4186 887 #endif
ansond 0:137634ff4186 888
ansond 0:137634ff4186 889 #if defined(POLARSSL_DHM_C)
ansond 0:137634ff4186 890 mpi dhm_P; /*!< prime modulus for DHM */
ansond 0:137634ff4186 891 mpi dhm_G; /*!< generator for DHM */
ansond 0:137634ff4186 892 #endif
ansond 0:137634ff4186 893
ansond 0:137634ff4186 894 #if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
ansond 0:137634ff4186 895 /*
ansond 0:137634ff4186 896 * PSK values
ansond 0:137634ff4186 897 */
ansond 0:137634ff4186 898 unsigned char *psk;
ansond 0:137634ff4186 899 size_t psk_len;
ansond 0:137634ff4186 900 unsigned char *psk_identity;
ansond 0:137634ff4186 901 size_t psk_identity_len;
ansond 0:137634ff4186 902 #endif
ansond 0:137634ff4186 903
ansond 0:137634ff4186 904 #if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
ansond 0:137634ff4186 905 /*
ansond 0:137634ff4186 906 * SNI extension
ansond 0:137634ff4186 907 */
ansond 0:137634ff4186 908 unsigned char *hostname;
ansond 0:137634ff4186 909 size_t hostname_len;
ansond 0:137634ff4186 910 #endif
ansond 0:137634ff4186 911
ansond 0:137634ff4186 912 #if defined(POLARSSL_SSL_ALPN)
ansond 0:137634ff4186 913 /*
ansond 0:137634ff4186 914 * ALPN extension
ansond 0:137634ff4186 915 */
ansond 0:137634ff4186 916 const char **alpn_list; /*!< ordered list of supported protocols */
ansond 0:137634ff4186 917 const char *alpn_chosen; /*!< negotiated protocol */
ansond 0:137634ff4186 918 #endif
ansond 0:137634ff4186 919
ansond 0:137634ff4186 920 /*
ansond 0:137634ff4186 921 * Secure renegotiation
ansond 0:137634ff4186 922 */
ansond 0:137634ff4186 923 int secure_renegotiation; /*!< does peer support legacy or
ansond 0:137634ff4186 924 secure renegotiation */
ansond 0:137634ff4186 925 #if defined(POLARSSL_SSL_RENEGOTIATION)
ansond 0:137634ff4186 926 size_t verify_data_len; /*!< length of verify data stored */
ansond 0:137634ff4186 927 char own_verify_data[SSL_VERIFY_DATA_MAX_LEN]; /*!< previous handshake verify data */
ansond 0:137634ff4186 928 char peer_verify_data[SSL_VERIFY_DATA_MAX_LEN]; /*!< previous handshake verify data */
ansond 0:137634ff4186 929 #endif
ansond 0:137634ff4186 930 };
ansond 0:137634ff4186 931
ansond 0:137634ff4186 932 #if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
ansond 0:137634ff4186 933
ansond 0:137634ff4186 934 #define SSL_CHANNEL_OUTBOUND 0
ansond 0:137634ff4186 935 #define SSL_CHANNEL_INBOUND 1
ansond 0:137634ff4186 936
ansond 0:137634ff4186 937 extern int (*ssl_hw_record_init)(ssl_context *ssl,
ansond 0:137634ff4186 938 const unsigned char *key_enc, const unsigned char *key_dec,
ansond 0:137634ff4186 939 size_t keylen,
ansond 0:137634ff4186 940 const unsigned char *iv_enc, const unsigned char *iv_dec,
ansond 0:137634ff4186 941 size_t ivlen,
ansond 0:137634ff4186 942 const unsigned char *mac_enc, const unsigned char *mac_dec,
ansond 0:137634ff4186 943 size_t maclen);
ansond 0:137634ff4186 944 extern int (*ssl_hw_record_activate)(ssl_context *ssl, int direction);
ansond 0:137634ff4186 945 extern int (*ssl_hw_record_reset)(ssl_context *ssl);
ansond 0:137634ff4186 946 extern int (*ssl_hw_record_write)(ssl_context *ssl);
ansond 0:137634ff4186 947 extern int (*ssl_hw_record_read)(ssl_context *ssl);
ansond 0:137634ff4186 948 extern int (*ssl_hw_record_finish)(ssl_context *ssl);
ansond 0:137634ff4186 949 #endif /* POLARSSL_SSL_HW_RECORD_ACCEL */
ansond 0:137634ff4186 950
ansond 0:137634ff4186 951 /**
ansond 0:137634ff4186 952 * \brief Returns the list of ciphersuites supported by the SSL/TLS module.
ansond 0:137634ff4186 953 *
ansond 0:137634ff4186 954 * \return a statically allocated array of ciphersuites, the last
ansond 0:137634ff4186 955 * entry is 0.
ansond 0:137634ff4186 956 */
ansond 0:137634ff4186 957 const int *ssl_list_ciphersuites( void );
ansond 0:137634ff4186 958
ansond 0:137634ff4186 959 /**
ansond 0:137634ff4186 960 * \brief Return the name of the ciphersuite associated with the
ansond 0:137634ff4186 961 * given ID
ansond 0:137634ff4186 962 *
ansond 0:137634ff4186 963 * \param ciphersuite_id SSL ciphersuite ID
ansond 0:137634ff4186 964 *
ansond 0:137634ff4186 965 * \return a string containing the ciphersuite name
ansond 0:137634ff4186 966 */
ansond 0:137634ff4186 967 const char *ssl_get_ciphersuite_name( const int ciphersuite_id );
ansond 0:137634ff4186 968
ansond 0:137634ff4186 969 /**
ansond 0:137634ff4186 970 * \brief Return the ID of the ciphersuite associated with the
ansond 0:137634ff4186 971 * given name
ansond 0:137634ff4186 972 *
ansond 0:137634ff4186 973 * \param ciphersuite_name SSL ciphersuite name
ansond 0:137634ff4186 974 *
ansond 0:137634ff4186 975 * \return the ID with the ciphersuite or 0 if not found
ansond 0:137634ff4186 976 */
ansond 0:137634ff4186 977 int ssl_get_ciphersuite_id( const char *ciphersuite_name );
ansond 0:137634ff4186 978
ansond 0:137634ff4186 979 /**
ansond 0:137634ff4186 980 * \brief Initialize an SSL context
ansond 0:137634ff4186 981 * (An individual SSL context is not thread-safe)
ansond 0:137634ff4186 982 *
ansond 0:137634ff4186 983 * \param ssl SSL context
ansond 0:137634ff4186 984 *
ansond 0:137634ff4186 985 * \return 0 if successful, or POLARSSL_ERR_SSL_MALLOC_FAILED if
ansond 0:137634ff4186 986 * memory allocation failed
ansond 0:137634ff4186 987 */
ansond 0:137634ff4186 988 int ssl_init( ssl_context *ssl );
ansond 0:137634ff4186 989
ansond 0:137634ff4186 990 /**
ansond 0:137634ff4186 991 * \brief Reset an already initialized SSL context for re-use
ansond 0:137634ff4186 992 * while retaining application-set variables, function
ansond 0:137634ff4186 993 * pointers and data.
ansond 0:137634ff4186 994 *
ansond 0:137634ff4186 995 * \param ssl SSL context
ansond 0:137634ff4186 996 * \return 0 if successful, or POLASSL_ERR_SSL_MALLOC_FAILED,
ansond 0:137634ff4186 997 POLARSSL_ERR_SSL_HW_ACCEL_FAILED or
ansond 0:137634ff4186 998 * POLARSSL_ERR_SSL_COMPRESSION_FAILED
ansond 0:137634ff4186 999 */
ansond 0:137634ff4186 1000 int ssl_session_reset( ssl_context *ssl );
ansond 0:137634ff4186 1001
ansond 0:137634ff4186 1002 /**
ansond 0:137634ff4186 1003 * \brief Set the current endpoint type
ansond 0:137634ff4186 1004 *
ansond 0:137634ff4186 1005 * \param ssl SSL context
ansond 0:137634ff4186 1006 * \param endpoint must be SSL_IS_CLIENT or SSL_IS_SERVER
ansond 0:137634ff4186 1007 *
ansond 0:137634ff4186 1008 * \note This function should be called right after ssl_init() since
ansond 0:137634ff4186 1009 * some other ssl_set_foo() functions depend on it.
ansond 0:137634ff4186 1010 */
ansond 0:137634ff4186 1011 void ssl_set_endpoint( ssl_context *ssl, int endpoint );
ansond 0:137634ff4186 1012
ansond 0:137634ff4186 1013 /**
ansond 0:137634ff4186 1014 * \brief Set the certificate verification mode
ansond 0:137634ff4186 1015 *
ansond 0:137634ff4186 1016 * \param ssl SSL context
ansond 0:137634ff4186 1017 * \param authmode can be:
ansond 0:137634ff4186 1018 *
ansond 0:137634ff4186 1019 * SSL_VERIFY_NONE: peer certificate is not checked (default),
ansond 0:137634ff4186 1020 * this is insecure and SHOULD be avoided.
ansond 0:137634ff4186 1021 *
ansond 0:137634ff4186 1022 * SSL_VERIFY_OPTIONAL: peer certificate is checked, however the
ansond 0:137634ff4186 1023 * handshake continues even if verification failed;
ansond 0:137634ff4186 1024 * ssl_get_verify_result() can be called after the
ansond 0:137634ff4186 1025 * handshake is complete.
ansond 0:137634ff4186 1026 *
ansond 0:137634ff4186 1027 * SSL_VERIFY_REQUIRED: peer *must* present a valid certificate,
ansond 0:137634ff4186 1028 * handshake is aborted if verification failed.
ansond 0:137634ff4186 1029 *
ansond 0:137634ff4186 1030 * \note On client, SSL_VERIFY_REQUIRED is the recommended mode.
ansond 0:137634ff4186 1031 * With SSL_VERIFY_OPTIONAL, the user needs to call ssl_get_verify_result() at
ansond 0:137634ff4186 1032 * the right time(s), which may not be obvious, while REQUIRED always perform
ansond 0:137634ff4186 1033 * the verification as soon as possible. For example, REQUIRED was protecting
ansond 0:137634ff4186 1034 * against the "triple handshake" attack even before it was found.
ansond 0:137634ff4186 1035 */
ansond 0:137634ff4186 1036 void ssl_set_authmode( ssl_context *ssl, int authmode );
ansond 0:137634ff4186 1037
ansond 0:137634ff4186 1038 #if defined(POLARSSL_X509_CRT_PARSE_C)
ansond 0:137634ff4186 1039 /**
ansond 0:137634ff4186 1040 * \brief Set the verification callback (Optional).
ansond 0:137634ff4186 1041 *
ansond 0:137634ff4186 1042 * If set, the verify callback is called for each
ansond 0:137634ff4186 1043 * certificate in the chain. For implementation
ansond 0:137634ff4186 1044 * information, please see \c x509parse_verify()
ansond 0:137634ff4186 1045 *
ansond 0:137634ff4186 1046 * \param ssl SSL context
ansond 0:137634ff4186 1047 * \param f_vrfy verification function
ansond 0:137634ff4186 1048 * \param p_vrfy verification parameter
ansond 0:137634ff4186 1049 */
ansond 0:137634ff4186 1050 void ssl_set_verify( ssl_context *ssl,
ansond 0:137634ff4186 1051 int (*f_vrfy)(void *, x509_crt *, int, int *),
ansond 0:137634ff4186 1052 void *p_vrfy );
ansond 0:137634ff4186 1053 #endif /* POLARSSL_X509_CRT_PARSE_C */
ansond 0:137634ff4186 1054
ansond 0:137634ff4186 1055 /**
ansond 0:137634ff4186 1056 * \brief Set the random number generator callback
ansond 0:137634ff4186 1057 *
ansond 0:137634ff4186 1058 * \param ssl SSL context
ansond 0:137634ff4186 1059 * \param f_rng RNG function
ansond 0:137634ff4186 1060 * \param p_rng RNG parameter
ansond 0:137634ff4186 1061 */
ansond 0:137634ff4186 1062 void ssl_set_rng( ssl_context *ssl,
ansond 0:137634ff4186 1063 int (*f_rng)(void *, unsigned char *, size_t),
ansond 0:137634ff4186 1064 void *p_rng );
ansond 0:137634ff4186 1065
ansond 0:137634ff4186 1066 /**
ansond 0:137634ff4186 1067 * \brief Set the debug callback
ansond 0:137634ff4186 1068 *
ansond 0:137634ff4186 1069 * \param ssl SSL context
ansond 0:137634ff4186 1070 * \param f_dbg debug function
ansond 0:137634ff4186 1071 * \param p_dbg debug parameter
ansond 0:137634ff4186 1072 */
ansond 0:137634ff4186 1073 void ssl_set_dbg( ssl_context *ssl,
ansond 0:137634ff4186 1074 void (*f_dbg)(void *, int, const char *),
ansond 0:137634ff4186 1075 void *p_dbg );
ansond 0:137634ff4186 1076
ansond 0:137634ff4186 1077 /**
ansond 0:137634ff4186 1078 * \brief Set the underlying BIO read and write callbacks
ansond 0:137634ff4186 1079 *
ansond 0:137634ff4186 1080 * \param ssl SSL context
ansond 0:137634ff4186 1081 * \param f_recv read callback
ansond 0:137634ff4186 1082 * \param p_recv read parameter
ansond 0:137634ff4186 1083 * \param f_send write callback
ansond 0:137634ff4186 1084 * \param p_send write parameter
ansond 0:137634ff4186 1085 */
ansond 0:137634ff4186 1086 void ssl_set_bio( ssl_context *ssl,
ansond 0:137634ff4186 1087 int (*f_recv)(void *, unsigned char *, size_t), void *p_recv,
ansond 0:137634ff4186 1088 int (*f_send)(void *, const unsigned char *, size_t), void *p_send );
ansond 0:137634ff4186 1089
ansond 0:137634ff4186 1090 #if defined(POLARSSL_SSL_SRV_C)
ansond 0:137634ff4186 1091 /**
ansond 0:137634ff4186 1092 * \brief Set the session cache callbacks (server-side only)
ansond 0:137634ff4186 1093 * If not set, no session resuming is done (except if session
ansond 0:137634ff4186 1094 * tickets are enabled too).
ansond 0:137634ff4186 1095 *
ansond 0:137634ff4186 1096 * The session cache has the responsibility to check for stale
ansond 0:137634ff4186 1097 * entries based on timeout. See RFC 5246 for recommendations.
ansond 0:137634ff4186 1098 *
ansond 0:137634ff4186 1099 * Warning: session.peer_cert is cleared by the SSL/TLS layer on
ansond 0:137634ff4186 1100 * connection shutdown, so do not cache the pointer! Either set
ansond 0:137634ff4186 1101 * it to NULL or make a full copy of the certificate.
ansond 0:137634ff4186 1102 *
ansond 0:137634ff4186 1103 * The get callback is called once during the initial handshake
ansond 0:137634ff4186 1104 * to enable session resuming. The get function has the
ansond 0:137634ff4186 1105 * following parameters: (void *parameter, ssl_session *session)
ansond 0:137634ff4186 1106 * If a valid entry is found, it should fill the master of
ansond 0:137634ff4186 1107 * the session object with the cached values and return 0,
ansond 0:137634ff4186 1108 * return 1 otherwise. Optionally peer_cert can be set as well
ansond 0:137634ff4186 1109 * if it is properly present in cache entry.
ansond 0:137634ff4186 1110 *
ansond 0:137634ff4186 1111 * The set callback is called once during the initial handshake
ansond 0:137634ff4186 1112 * to enable session resuming after the entire handshake has
ansond 0:137634ff4186 1113 * been finished. The set function has the following parameters:
ansond 0:137634ff4186 1114 * (void *parameter, const ssl_session *session). The function
ansond 0:137634ff4186 1115 * should create a cache entry for future retrieval based on
ansond 0:137634ff4186 1116 * the data in the session structure and should keep in mind
ansond 0:137634ff4186 1117 * that the ssl_session object presented (and all its referenced
ansond 0:137634ff4186 1118 * data) is cleared by the SSL/TLS layer when the connection is
ansond 0:137634ff4186 1119 * terminated. It is recommended to add metadata to determine if
ansond 0:137634ff4186 1120 * an entry is still valid in the future. Return 0 if
ansond 0:137634ff4186 1121 * successfully cached, return 1 otherwise.
ansond 0:137634ff4186 1122 *
ansond 0:137634ff4186 1123 * \param ssl SSL context
ansond 0:137634ff4186 1124 * \param f_get_cache session get callback
ansond 0:137634ff4186 1125 * \param p_get_cache session get parameter
ansond 0:137634ff4186 1126 * \param f_set_cache session set callback
ansond 0:137634ff4186 1127 * \param p_set_cache session set parameter
ansond 0:137634ff4186 1128 */
ansond 0:137634ff4186 1129 void ssl_set_session_cache( ssl_context *ssl,
ansond 0:137634ff4186 1130 int (*f_get_cache)(void *, ssl_session *), void *p_get_cache,
ansond 0:137634ff4186 1131 int (*f_set_cache)(void *, const ssl_session *), void *p_set_cache );
ansond 0:137634ff4186 1132 #endif /* POLARSSL_SSL_SRV_C */
ansond 0:137634ff4186 1133
ansond 0:137634ff4186 1134 #if defined(POLARSSL_SSL_CLI_C)
ansond 0:137634ff4186 1135 /**
ansond 0:137634ff4186 1136 * \brief Request resumption of session (client-side only)
ansond 0:137634ff4186 1137 * Session data is copied from presented session structure.
ansond 0:137634ff4186 1138 *
ansond 0:137634ff4186 1139 * \param ssl SSL context
ansond 0:137634ff4186 1140 * \param session session context
ansond 0:137634ff4186 1141 *
ansond 0:137634ff4186 1142 * \return 0 if successful,
ansond 0:137634ff4186 1143 * POLARSSL_ERR_SSL_MALLOC_FAILED if memory allocation failed,
ansond 0:137634ff4186 1144 * POLARSSL_ERR_SSL_BAD_INPUT_DATA if used server-side or
ansond 0:137634ff4186 1145 * arguments are otherwise invalid
ansond 0:137634ff4186 1146 *
ansond 0:137634ff4186 1147 * \sa ssl_get_session()
ansond 0:137634ff4186 1148 */
ansond 0:137634ff4186 1149 int ssl_set_session( ssl_context *ssl, const ssl_session *session );
ansond 0:137634ff4186 1150 #endif /* POLARSSL_SSL_CLI_C */
ansond 0:137634ff4186 1151
ansond 0:137634ff4186 1152 /**
ansond 0:137634ff4186 1153 * \brief Set the list of allowed ciphersuites and the preference
ansond 0:137634ff4186 1154 * order. First in the list has the highest preference.
ansond 0:137634ff4186 1155 * (Overrides all version specific lists)
ansond 0:137634ff4186 1156 *
ansond 0:137634ff4186 1157 * The ciphersuites array is not copied, and must remain
ansond 0:137634ff4186 1158 * valid for the lifetime of the ssl_context.
ansond 0:137634ff4186 1159 *
ansond 0:137634ff4186 1160 * Note: The server uses its own preferences
ansond 0:137634ff4186 1161 * over the preference of the client unless
ansond 0:137634ff4186 1162 * POLARSSL_SSL_SRV_RESPECT_CLIENT_PREFERENCE is defined!
ansond 0:137634ff4186 1163 *
ansond 0:137634ff4186 1164 * \param ssl SSL context
ansond 0:137634ff4186 1165 * \param ciphersuites 0-terminated list of allowed ciphersuites
ansond 0:137634ff4186 1166 */
ansond 0:137634ff4186 1167 void ssl_set_ciphersuites( ssl_context *ssl, const int *ciphersuites );
ansond 0:137634ff4186 1168
ansond 0:137634ff4186 1169 /**
ansond 0:137634ff4186 1170 * \brief Set the list of allowed ciphersuites and the
ansond 0:137634ff4186 1171 * preference order for a specific version of the protocol.
ansond 0:137634ff4186 1172 * (Only useful on the server side)
ansond 0:137634ff4186 1173 *
ansond 0:137634ff4186 1174 * \param ssl SSL context
ansond 0:137634ff4186 1175 * \param ciphersuites 0-terminated list of allowed ciphersuites
ansond 0:137634ff4186 1176 * \param major Major version number (only SSL_MAJOR_VERSION_3
ansond 0:137634ff4186 1177 * supported)
ansond 0:137634ff4186 1178 * \param minor Minor version number (SSL_MINOR_VERSION_0,
ansond 0:137634ff4186 1179 * SSL_MINOR_VERSION_1 and SSL_MINOR_VERSION_2,
ansond 0:137634ff4186 1180 * SSL_MINOR_VERSION_3 supported)
ansond 0:137634ff4186 1181 */
ansond 0:137634ff4186 1182 void ssl_set_ciphersuites_for_version( ssl_context *ssl,
ansond 0:137634ff4186 1183 const int *ciphersuites,
ansond 0:137634ff4186 1184 int major, int minor );
ansond 0:137634ff4186 1185
ansond 0:137634ff4186 1186 #if defined(POLARSSL_X509_CRT_PARSE_C)
ansond 0:137634ff4186 1187 /**
ansond 0:137634ff4186 1188 * \brief Set the data required to verify peer certificate
ansond 0:137634ff4186 1189 *
ansond 0:137634ff4186 1190 * \param ssl SSL context
ansond 0:137634ff4186 1191 * \param ca_chain trusted CA chain (meaning all fully trusted top-level CAs)
ansond 0:137634ff4186 1192 * \param ca_crl trusted CA CRLs
ansond 0:137634ff4186 1193 * \param peer_cn expected peer CommonName (or NULL)
ansond 0:137634ff4186 1194 */
ansond 0:137634ff4186 1195 void ssl_set_ca_chain( ssl_context *ssl, x509_crt *ca_chain,
ansond 0:137634ff4186 1196 x509_crl *ca_crl, const char *peer_cn );
ansond 0:137634ff4186 1197
ansond 0:137634ff4186 1198 /**
ansond 0:137634ff4186 1199 * \brief Set own certificate chain and private key
ansond 0:137634ff4186 1200 *
ansond 0:137634ff4186 1201 * \note own_cert should contain in order from the bottom up your
ansond 0:137634ff4186 1202 * certificate chain. The top certificate (self-signed)
ansond 0:137634ff4186 1203 * can be omitted.
ansond 0:137634ff4186 1204 *
ansond 0:137634ff4186 1205 * \note This function may be called more than once if you want to
ansond 0:137634ff4186 1206 * support multiple certificates (eg, one using RSA and one
ansond 0:137634ff4186 1207 * using ECDSA). However, on client, currently only the first
ansond 0:137634ff4186 1208 * certificate is used (subsequent calls have no effect).
ansond 0:137634ff4186 1209 *
ansond 0:137634ff4186 1210 * \param ssl SSL context
ansond 0:137634ff4186 1211 * \param own_cert own public certificate chain
ansond 0:137634ff4186 1212 * \param pk_key own private key
ansond 0:137634ff4186 1213 *
ansond 0:137634ff4186 1214 * \return 0 on success or POLARSSL_ERR_SSL_MALLOC_FAILED
ansond 0:137634ff4186 1215 */
ansond 0:137634ff4186 1216 int ssl_set_own_cert( ssl_context *ssl, x509_crt *own_cert,
ansond 0:137634ff4186 1217 pk_context *pk_key );
ansond 0:137634ff4186 1218
ansond 0:137634ff4186 1219 #if ! defined(POLARSSL_DEPRECATED_REMOVED)
ansond 0:137634ff4186 1220 #if defined(POLARSSL_DEPRECATED_WARNING)
ansond 0:137634ff4186 1221 #define DEPRECATED __attribute__((deprecated))
ansond 0:137634ff4186 1222 #else
ansond 0:137634ff4186 1223 #define DEPRECATED
ansond 0:137634ff4186 1224 #endif
ansond 0:137634ff4186 1225 #if defined(POLARSSL_RSA_C)
ansond 0:137634ff4186 1226 /**
ansond 0:137634ff4186 1227 * \brief Set own certificate chain and private RSA key
ansond 0:137634ff4186 1228 *
ansond 0:137634ff4186 1229 * Note: own_cert should contain IN order from the bottom
ansond 0:137634ff4186 1230 * up your certificate chain. The top certificate (self-signed)
ansond 0:137634ff4186 1231 * can be omitted.
ansond 0:137634ff4186 1232 *
ansond 0:137634ff4186 1233 * \deprecated Please use \c ssl_set_own_cert() instead.
ansond 0:137634ff4186 1234 *
ansond 0:137634ff4186 1235 * \param ssl SSL context
ansond 0:137634ff4186 1236 * \param own_cert own public certificate chain
ansond 0:137634ff4186 1237 * \param rsa_key own private RSA key
ansond 0:137634ff4186 1238 *
ansond 0:137634ff4186 1239 * \return 0 on success, or a specific error code.
ansond 0:137634ff4186 1240 */
ansond 0:137634ff4186 1241 int ssl_set_own_cert_rsa( ssl_context *ssl, x509_crt *own_cert,
ansond 0:137634ff4186 1242 rsa_context *rsa_key ) DEPRECATED;
ansond 0:137634ff4186 1243 #endif /* POLARSSL_RSA_C */
ansond 0:137634ff4186 1244
ansond 0:137634ff4186 1245 /**
ansond 0:137634ff4186 1246 * \brief Set own certificate and external RSA private
ansond 0:137634ff4186 1247 * key and handling callbacks, such as the PKCS#11 wrappers
ansond 0:137634ff4186 1248 * or any other external private key handler.
ansond 0:137634ff4186 1249 * (see the respective RSA functions in rsa.h for documentation
ansond 0:137634ff4186 1250 * of the callback parameters, with the only change being
ansond 0:137634ff4186 1251 * that the rsa_context * is a void * in the callbacks)
ansond 0:137634ff4186 1252 *
ansond 0:137634ff4186 1253 * Note: own_cert should contain IN order from the bottom
ansond 0:137634ff4186 1254 * up your certificate chain. The top certificate (self-signed)
ansond 0:137634ff4186 1255 * can be omitted.
ansond 0:137634ff4186 1256 *
ansond 0:137634ff4186 1257 * \deprecated Please use \c pk_init_ctx_rsa_alt()
ansond 0:137634ff4186 1258 * and \c ssl_set_own_cert() instead.
ansond 0:137634ff4186 1259 *
ansond 0:137634ff4186 1260 * \param ssl SSL context
ansond 0:137634ff4186 1261 * \param own_cert own public certificate chain
ansond 0:137634ff4186 1262 * \param rsa_key alternate implementation private RSA key
ansond 0:137634ff4186 1263 * \param rsa_decrypt alternate implementation of \c rsa_pkcs1_decrypt()
ansond 0:137634ff4186 1264 * \param rsa_sign alternate implementation of \c rsa_pkcs1_sign()
ansond 0:137634ff4186 1265 * \param rsa_key_len function returning length of RSA key in bytes
ansond 0:137634ff4186 1266 *
ansond 0:137634ff4186 1267 * \return 0 on success, or a specific error code.
ansond 0:137634ff4186 1268 */
ansond 0:137634ff4186 1269 int ssl_set_own_cert_alt( ssl_context *ssl, x509_crt *own_cert,
ansond 0:137634ff4186 1270 void *rsa_key,
ansond 0:137634ff4186 1271 rsa_decrypt_func rsa_decrypt,
ansond 0:137634ff4186 1272 rsa_sign_func rsa_sign,
ansond 0:137634ff4186 1273 rsa_key_len_func rsa_key_len ) DEPRECATED;
ansond 0:137634ff4186 1274 #undef DEPRECATED
ansond 0:137634ff4186 1275 #endif /* POLARSSL_DEPRECATED_REMOVED */
ansond 0:137634ff4186 1276 #endif /* POLARSSL_X509_CRT_PARSE_C */
ansond 0:137634ff4186 1277
ansond 0:137634ff4186 1278 #if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
ansond 0:137634ff4186 1279 /**
ansond 0:137634ff4186 1280 * \brief Set the Pre Shared Key (PSK) and the identity name connected
ansond 0:137634ff4186 1281 * to it.
ansond 0:137634ff4186 1282 *
ansond 0:137634ff4186 1283 * \param ssl SSL context
ansond 0:137634ff4186 1284 * \param psk pointer to the pre-shared key
ansond 0:137634ff4186 1285 * \param psk_len pre-shared key length
ansond 0:137634ff4186 1286 * \param psk_identity pointer to the pre-shared key identity
ansond 0:137634ff4186 1287 * \param psk_identity_len identity key length
ansond 0:137634ff4186 1288 *
ansond 0:137634ff4186 1289 * \return 0 if successful or POLARSSL_ERR_SSL_MALLOC_FAILED
ansond 0:137634ff4186 1290 */
ansond 0:137634ff4186 1291 int ssl_set_psk( ssl_context *ssl, const unsigned char *psk, size_t psk_len,
ansond 0:137634ff4186 1292 const unsigned char *psk_identity, size_t psk_identity_len );
ansond 0:137634ff4186 1293
ansond 0:137634ff4186 1294 /**
ansond 0:137634ff4186 1295 * \brief Set the PSK callback (server-side only) (Optional).
ansond 0:137634ff4186 1296 *
ansond 0:137634ff4186 1297 * If set, the PSK callback is called for each
ansond 0:137634ff4186 1298 * handshake where a PSK ciphersuite was negotiated.
ansond 0:137634ff4186 1299 * The caller provides the identity received and wants to
ansond 0:137634ff4186 1300 * receive the actual PSK data and length.
ansond 0:137634ff4186 1301 *
ansond 0:137634ff4186 1302 * The callback has the following parameters: (void *parameter,
ansond 0:137634ff4186 1303 * ssl_context *ssl, const unsigned char *psk_identity,
ansond 0:137634ff4186 1304 * size_t identity_len)
ansond 0:137634ff4186 1305 * If a valid PSK identity is found, the callback should use
ansond 0:137634ff4186 1306 * ssl_set_psk() on the ssl context to set the correct PSK and
ansond 0:137634ff4186 1307 * identity and return 0.
ansond 0:137634ff4186 1308 * Any other return value will result in a denied PSK identity.
ansond 0:137634ff4186 1309 *
ansond 0:137634ff4186 1310 * \param ssl SSL context
ansond 0:137634ff4186 1311 * \param f_psk PSK identity function
ansond 0:137634ff4186 1312 * \param p_psk PSK identity parameter
ansond 0:137634ff4186 1313 */
ansond 0:137634ff4186 1314 void ssl_set_psk_cb( ssl_context *ssl,
ansond 0:137634ff4186 1315 int (*f_psk)(void *, ssl_context *, const unsigned char *,
ansond 0:137634ff4186 1316 size_t),
ansond 0:137634ff4186 1317 void *p_psk );
ansond 0:137634ff4186 1318 #endif /* POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED */
ansond 0:137634ff4186 1319
ansond 0:137634ff4186 1320 #if defined(POLARSSL_DHM_C)
ansond 0:137634ff4186 1321 /**
ansond 0:137634ff4186 1322 * \brief Set the Diffie-Hellman public P and G values,
ansond 0:137634ff4186 1323 * read as hexadecimal strings (server-side only)
ansond 0:137634ff4186 1324 * (Default: POLARSSL_DHM_RFC5114_MODP_1024_[PG])
ansond 0:137634ff4186 1325 *
ansond 0:137634ff4186 1326 * \param ssl SSL context
ansond 0:137634ff4186 1327 * \param dhm_P Diffie-Hellman-Merkle modulus
ansond 0:137634ff4186 1328 * \param dhm_G Diffie-Hellman-Merkle generator
ansond 0:137634ff4186 1329 *
ansond 0:137634ff4186 1330 * \return 0 if successful
ansond 0:137634ff4186 1331 */
ansond 0:137634ff4186 1332 int ssl_set_dh_param( ssl_context *ssl, const char *dhm_P, const char *dhm_G );
ansond 0:137634ff4186 1333
ansond 0:137634ff4186 1334 /**
ansond 0:137634ff4186 1335 * \brief Set the Diffie-Hellman public P and G values,
ansond 0:137634ff4186 1336 * read from existing context (server-side only)
ansond 0:137634ff4186 1337 *
ansond 0:137634ff4186 1338 * \param ssl SSL context
ansond 0:137634ff4186 1339 * \param dhm_ctx Diffie-Hellman-Merkle context
ansond 0:137634ff4186 1340 *
ansond 0:137634ff4186 1341 * \return 0 if successful
ansond 0:137634ff4186 1342 */
ansond 0:137634ff4186 1343 int ssl_set_dh_param_ctx( ssl_context *ssl, dhm_context *dhm_ctx );
ansond 0:137634ff4186 1344 #endif /* POLARSSL_DHM_C */
ansond 0:137634ff4186 1345
ansond 0:137634ff4186 1346 #if defined(POLARSSL_SSL_SET_CURVES)
ansond 0:137634ff4186 1347 /**
ansond 0:137634ff4186 1348 * \brief Set the allowed curves in order of preference.
ansond 0:137634ff4186 1349 * (Default: all defined curves.)
ansond 0:137634ff4186 1350 *
ansond 0:137634ff4186 1351 * On server: this only affects selection of the ECDHE curve;
ansond 0:137634ff4186 1352 * the curves used for ECDH and ECDSA are determined by the
ansond 0:137634ff4186 1353 * list of available certificates instead.
ansond 0:137634ff4186 1354 *
ansond 0:137634ff4186 1355 * On client: this affects the list of curves offered for any
ansond 0:137634ff4186 1356 * use. The server can override our preference order.
ansond 0:137634ff4186 1357 *
ansond 0:137634ff4186 1358 * Both sides: limits the set of curves used by peer to the
ansond 0:137634ff4186 1359 * listed curves for any use (ECDH(E), certificates).
ansond 0:137634ff4186 1360 *
ansond 0:137634ff4186 1361 * \param ssl SSL context
ansond 0:137634ff4186 1362 * \param curves Ordered list of allowed curves,
ansond 0:137634ff4186 1363 * terminated by POLARSSL_ECP_DP_NONE.
ansond 0:137634ff4186 1364 */
ansond 0:137634ff4186 1365 void ssl_set_curves( ssl_context *ssl, const ecp_group_id *curves );
ansond 0:137634ff4186 1366 #endif /* POLARSSL_SSL_SET_CURVES */
ansond 0:137634ff4186 1367
ansond 0:137634ff4186 1368 #if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
ansond 0:137634ff4186 1369 /**
ansond 0:137634ff4186 1370 * \brief Set hostname for ServerName TLS extension
ansond 0:137634ff4186 1371 * (client-side only)
ansond 0:137634ff4186 1372 *
ansond 0:137634ff4186 1373 *
ansond 0:137634ff4186 1374 * \param ssl SSL context
ansond 0:137634ff4186 1375 * \param hostname the server hostname
ansond 0:137634ff4186 1376 *
ansond 0:137634ff4186 1377 * \return 0 if successful or POLARSSL_ERR_SSL_MALLOC_FAILED
ansond 0:137634ff4186 1378 */
ansond 0:137634ff4186 1379 int ssl_set_hostname( ssl_context *ssl, const char *hostname );
ansond 0:137634ff4186 1380
ansond 0:137634ff4186 1381 /**
ansond 0:137634ff4186 1382 * \brief Set server side ServerName TLS extension callback
ansond 0:137634ff4186 1383 * (optional, server-side only).
ansond 0:137634ff4186 1384 *
ansond 0:137634ff4186 1385 * If set, the ServerName callback is called whenever the
ansond 0:137634ff4186 1386 * server receives a ServerName TLS extension from the client
ansond 0:137634ff4186 1387 * during a handshake. The ServerName callback has the
ansond 0:137634ff4186 1388 * following parameters: (void *parameter, ssl_context *ssl,
ansond 0:137634ff4186 1389 * const unsigned char *hostname, size_t len). If a suitable
ansond 0:137634ff4186 1390 * certificate is found, the callback should set the
ansond 0:137634ff4186 1391 * certificate and key to use with ssl_set_own_cert() (and
ansond 0:137634ff4186 1392 * possibly adjust the CA chain as well) and return 0. The
ansond 0:137634ff4186 1393 * callback should return -1 to abort the handshake at this
ansond 0:137634ff4186 1394 * point.
ansond 0:137634ff4186 1395 *
ansond 0:137634ff4186 1396 * \param ssl SSL context
ansond 0:137634ff4186 1397 * \param f_sni verification function
ansond 0:137634ff4186 1398 * \param p_sni verification parameter
ansond 0:137634ff4186 1399 */
ansond 0:137634ff4186 1400 void ssl_set_sni( ssl_context *ssl,
ansond 0:137634ff4186 1401 int (*f_sni)(void *, ssl_context *, const unsigned char *,
ansond 0:137634ff4186 1402 size_t),
ansond 0:137634ff4186 1403 void *p_sni );
ansond 0:137634ff4186 1404 #endif /* POLARSSL_SSL_SERVER_NAME_INDICATION */
ansond 0:137634ff4186 1405
ansond 0:137634ff4186 1406 #if defined(POLARSSL_SSL_ALPN)
ansond 0:137634ff4186 1407 /**
ansond 0:137634ff4186 1408 * \brief Set the supported Application Layer Protocols.
ansond 0:137634ff4186 1409 *
ansond 0:137634ff4186 1410 * \param ssl SSL context
ansond 0:137634ff4186 1411 * \param protos NULL-terminated list of supported protocols,
ansond 0:137634ff4186 1412 * in decreasing preference order.
ansond 0:137634ff4186 1413 *
ansond 0:137634ff4186 1414 * \return 0 on success, or POLARSSL_ERR_SSL_BAD_INPUT_DATA.
ansond 0:137634ff4186 1415 */
ansond 0:137634ff4186 1416 int ssl_set_alpn_protocols( ssl_context *ssl, const char **protos );
ansond 0:137634ff4186 1417
ansond 0:137634ff4186 1418 /**
ansond 0:137634ff4186 1419 * \brief Get the name of the negotiated Application Layer Protocol.
ansond 0:137634ff4186 1420 * This function should be called after the handshake is
ansond 0:137634ff4186 1421 * completed.
ansond 0:137634ff4186 1422 *
ansond 0:137634ff4186 1423 * \param ssl SSL context
ansond 0:137634ff4186 1424 *
ansond 0:137634ff4186 1425 * \return Protcol name, or NULL if no protocol was negotiated.
ansond 0:137634ff4186 1426 */
ansond 0:137634ff4186 1427 const char *ssl_get_alpn_protocol( const ssl_context *ssl );
ansond 0:137634ff4186 1428 #endif /* POLARSSL_SSL_ALPN */
ansond 0:137634ff4186 1429
ansond 0:137634ff4186 1430 /**
ansond 0:137634ff4186 1431 * \brief Set the maximum supported version sent from the client side
ansond 0:137634ff4186 1432 * and/or accepted at the server side
ansond 0:137634ff4186 1433 * (Default: SSL_MAX_MAJOR_VERSION, SSL_MAX_MINOR_VERSION)
ansond 0:137634ff4186 1434 *
ansond 0:137634ff4186 1435 * Note: This ignores ciphersuites from 'higher' versions.
ansond 0:137634ff4186 1436 * Note: Input outside of the SSL_MAX_XXXXX_VERSION and
ansond 0:137634ff4186 1437 * SSL_MIN_XXXXX_VERSION range is ignored.
ansond 0:137634ff4186 1438 *
ansond 0:137634ff4186 1439 * \param ssl SSL context
ansond 0:137634ff4186 1440 * \param major Major version number (only SSL_MAJOR_VERSION_3 supported)
ansond 0:137634ff4186 1441 * \param minor Minor version number (SSL_MINOR_VERSION_0,
ansond 0:137634ff4186 1442 * SSL_MINOR_VERSION_1 and SSL_MINOR_VERSION_2,
ansond 0:137634ff4186 1443 * SSL_MINOR_VERSION_3 supported)
ansond 0:137634ff4186 1444 */
ansond 0:137634ff4186 1445 void ssl_set_max_version( ssl_context *ssl, int major, int minor );
ansond 0:137634ff4186 1446
ansond 0:137634ff4186 1447 /**
ansond 0:137634ff4186 1448 * \brief Set the minimum accepted SSL/TLS protocol version
ansond 0:137634ff4186 1449 * (Default: SSL_MIN_MAJOR_VERSION, SSL_MIN_MINOR_VERSION)
ansond 0:137634ff4186 1450 *
ansond 0:137634ff4186 1451 * \note Input outside of the SSL_MAX_XXXXX_VERSION and
ansond 0:137634ff4186 1452 * SSL_MIN_XXXXX_VERSION range is ignored.
ansond 0:137634ff4186 1453 *
ansond 0:137634ff4186 1454 * \note SSL_MINOR_VERSION_0 (SSL v3) should be avoided.
ansond 0:137634ff4186 1455 *
ansond 0:137634ff4186 1456 * \param ssl SSL context
ansond 0:137634ff4186 1457 * \param major Major version number (only SSL_MAJOR_VERSION_3 supported)
ansond 0:137634ff4186 1458 * \param minor Minor version number (SSL_MINOR_VERSION_0,
ansond 0:137634ff4186 1459 * SSL_MINOR_VERSION_1 and SSL_MINOR_VERSION_2,
ansond 0:137634ff4186 1460 * SSL_MINOR_VERSION_3 supported)
ansond 0:137634ff4186 1461 */
ansond 0:137634ff4186 1462 void ssl_set_min_version( ssl_context *ssl, int major, int minor );
ansond 0:137634ff4186 1463
ansond 0:137634ff4186 1464 #if defined(POLARSSL_SSL_FALLBACK_SCSV) && defined(POLARSSL_SSL_CLI_C)
ansond 0:137634ff4186 1465 /**
ansond 0:137634ff4186 1466 * \brief Set the fallback flag (client-side only).
ansond 0:137634ff4186 1467 * (Default: SSL_IS_NOT_FALLBACK).
ansond 0:137634ff4186 1468 *
ansond 0:137634ff4186 1469 * \note Set to SSL_IS_FALLBACK when preparing a fallback
ansond 0:137634ff4186 1470 * connection, that is a connection with max_version set to a
ansond 0:137634ff4186 1471 * lower value than the value you're willing to use. Such
ansond 0:137634ff4186 1472 * fallback connections are not recommended but are sometimes
ansond 0:137634ff4186 1473 * necessary to interoperate with buggy (version-intolerant)
ansond 0:137634ff4186 1474 * servers.
ansond 0:137634ff4186 1475 *
ansond 0:137634ff4186 1476 * \warning You should NOT set this to SSL_IS_FALLBACK for
ansond 0:137634ff4186 1477 * non-fallback connections! This would appear to work for a
ansond 0:137634ff4186 1478 * while, then cause failures when the server is upgraded to
ansond 0:137634ff4186 1479 * support a newer TLS version.
ansond 0:137634ff4186 1480 *
ansond 0:137634ff4186 1481 * \param ssl SSL context
ansond 0:137634ff4186 1482 * \param fallback SSL_IS_NOT_FALLBACK or SSL_IS_FALLBACK
ansond 0:137634ff4186 1483 */
ansond 0:137634ff4186 1484 void ssl_set_fallback( ssl_context *ssl, char fallback );
ansond 0:137634ff4186 1485 #endif /* POLARSSL_SSL_FALLBACK_SCSV && POLARSSL_SSL_CLI_C */
ansond 0:137634ff4186 1486
ansond 0:137634ff4186 1487 #if defined(POLARSSL_SSL_ENCRYPT_THEN_MAC)
ansond 0:137634ff4186 1488 /**
ansond 0:137634ff4186 1489 * \brief Enable or disable Encrypt-then-MAC
ansond 0:137634ff4186 1490 * (Default: SSL_ETM_ENABLED)
ansond 0:137634ff4186 1491 *
ansond 0:137634ff4186 1492 * \note This should always be enabled, it is a security
ansond 0:137634ff4186 1493 * improvement, and should not cause any interoperability
ansond 0:137634ff4186 1494 * issue (used only if the peer supports it too).
ansond 0:137634ff4186 1495 *
ansond 0:137634ff4186 1496 * \param ssl SSL context
ansond 0:137634ff4186 1497 * \param etm SSL_ETM_ENABLED or SSL_ETM_DISABLED
ansond 0:137634ff4186 1498 */
ansond 0:137634ff4186 1499 void ssl_set_encrypt_then_mac( ssl_context *ssl, char etm );
ansond 0:137634ff4186 1500 #endif /* POLARSSL_SSL_ENCRYPT_THEN_MAC */
ansond 0:137634ff4186 1501
ansond 0:137634ff4186 1502 #if defined(POLARSSL_SSL_EXTENDED_MASTER_SECRET)
ansond 0:137634ff4186 1503 /**
ansond 0:137634ff4186 1504 * \brief Enable or disable Extended Master Secret negotiation.
ansond 0:137634ff4186 1505 * (Default: SSL_EXTENDED_MS_ENABLED)
ansond 0:137634ff4186 1506 *
ansond 0:137634ff4186 1507 * \note This should always be enabled, it is a security fix to the
ansond 0:137634ff4186 1508 * protocol, and should not cause any interoperability issue
ansond 0:137634ff4186 1509 * (used only if the peer supports it too).
ansond 0:137634ff4186 1510 *
ansond 0:137634ff4186 1511 * \param ssl SSL context
ansond 0:137634ff4186 1512 * \param ems SSL_EXTENDED_MS_ENABLED or SSL_EXTENDED_MS_DISABLED
ansond 0:137634ff4186 1513 */
ansond 0:137634ff4186 1514 void ssl_set_extended_master_secret( ssl_context *ssl, char ems );
ansond 0:137634ff4186 1515 #endif /* POLARSSL_SSL_EXTENDED_MASTER_SECRET */
ansond 0:137634ff4186 1516
ansond 0:137634ff4186 1517 /**
ansond 0:137634ff4186 1518 * \brief Disable or enable support for RC4
ansond 0:137634ff4186 1519 * (Default: SSL_ARC4_ENABLED)
ansond 0:137634ff4186 1520 *
ansond 0:137634ff4186 1521 * \note Though the default is RC4 for compatibility reasons in the
ansond 0:137634ff4186 1522 * 1.3 branch, the recommended value is SSL_ARC4_DISABLED.
ansond 0:137634ff4186 1523 *
ansond 0:137634ff4186 1524 * \note This function will likely be removed in future versions as
ansond 0:137634ff4186 1525 * RC4 will then be disabled by default at compile time.
ansond 0:137634ff4186 1526 *
ansond 0:137634ff4186 1527 * \param ssl SSL context
ansond 0:137634ff4186 1528 * \param arc4 SSL_ARC4_ENABLED or SSL_ARC4_DISABLED
ansond 0:137634ff4186 1529 */
ansond 0:137634ff4186 1530 void ssl_set_arc4_support( ssl_context *ssl, char arc4 );
ansond 0:137634ff4186 1531
ansond 0:137634ff4186 1532 #if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
ansond 0:137634ff4186 1533 /**
ansond 0:137634ff4186 1534 * \brief Set the maximum fragment length to emit and/or negotiate
ansond 0:137634ff4186 1535 * (Default: SSL_MAX_CONTENT_LEN, usually 2^14 bytes)
ansond 0:137634ff4186 1536 * (Server: set maximum fragment length to emit,
ansond 0:137634ff4186 1537 * usually negotiated by the client during handshake
ansond 0:137634ff4186 1538 * (Client: set maximum fragment length to emit *and*
ansond 0:137634ff4186 1539 * negotiate with the server during handshake)
ansond 0:137634ff4186 1540 *
ansond 0:137634ff4186 1541 * \param ssl SSL context
ansond 0:137634ff4186 1542 * \param mfl_code Code for maximum fragment length (allowed values:
ansond 0:137634ff4186 1543 * SSL_MAX_FRAG_LEN_512, SSL_MAX_FRAG_LEN_1024,
ansond 0:137634ff4186 1544 * SSL_MAX_FRAG_LEN_2048, SSL_MAX_FRAG_LEN_4096)
ansond 0:137634ff4186 1545 *
ansond 0:137634ff4186 1546 * \return 0 if successful or POLARSSL_ERR_SSL_BAD_INPUT_DATA
ansond 0:137634ff4186 1547 */
ansond 0:137634ff4186 1548 int ssl_set_max_frag_len( ssl_context *ssl, unsigned char mfl_code );
ansond 0:137634ff4186 1549 #endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */
ansond 0:137634ff4186 1550
ansond 0:137634ff4186 1551 #if defined(POLARSSL_SSL_TRUNCATED_HMAC)
ansond 0:137634ff4186 1552 /**
ansond 0:137634ff4186 1553 * \brief Activate negotiation of truncated HMAC
ansond 0:137634ff4186 1554 * (Default: SSL_TRUNC_HMAC_DISABLED on client,
ansond 0:137634ff4186 1555 * SSL_TRUNC_HMAC_ENABLED on server.)
ansond 0:137634ff4186 1556 *
ansond 0:137634ff4186 1557 * \param ssl SSL context
ansond 0:137634ff4186 1558 * \param truncate Enable or disable (SSL_TRUNC_HMAC_ENABLED or
ansond 0:137634ff4186 1559 * SSL_TRUNC_HMAC_DISABLED)
ansond 0:137634ff4186 1560 *
ansond 0:137634ff4186 1561 * \return Always 0.
ansond 0:137634ff4186 1562 */
ansond 0:137634ff4186 1563 int ssl_set_truncated_hmac( ssl_context *ssl, int truncate );
ansond 0:137634ff4186 1564 #endif /* POLARSSL_SSL_TRUNCATED_HMAC */
ansond 0:137634ff4186 1565
ansond 0:137634ff4186 1566 #if defined(POLARSSL_SSL_CBC_RECORD_SPLITTING)
ansond 0:137634ff4186 1567 /**
ansond 0:137634ff4186 1568 * \brief Enable / Disable 1/n-1 record splitting
ansond 0:137634ff4186 1569 * (Default: SSL_CBC_RECORD_SPLITTING_ENABLED)
ansond 0:137634ff4186 1570 *
ansond 0:137634ff4186 1571 * \note Only affects SSLv3 and TLS 1.0, not higher versions.
ansond 0:137634ff4186 1572 * Does not affect non-CBC ciphersuites in any version.
ansond 0:137634ff4186 1573 *
ansond 0:137634ff4186 1574 * \param ssl SSL context
ansond 0:137634ff4186 1575 * \param split SSL_CBC_RECORD_SPLITTING_ENABLED or
ansond 0:137634ff4186 1576 * SSL_CBC_RECORD_SPLITTING_DISABLED
ansond 0:137634ff4186 1577 */
ansond 0:137634ff4186 1578 void ssl_set_cbc_record_splitting( ssl_context *ssl, char split );
ansond 0:137634ff4186 1579 #endif /* POLARSSL_SSL_CBC_RECORD_SPLITTING */
ansond 0:137634ff4186 1580
ansond 0:137634ff4186 1581 #if defined(POLARSSL_SSL_SESSION_TICKETS)
ansond 0:137634ff4186 1582 /**
ansond 0:137634ff4186 1583 * \brief Enable / Disable session tickets
ansond 0:137634ff4186 1584 * (Default: SSL_SESSION_TICKETS_ENABLED on client,
ansond 0:137634ff4186 1585 * SSL_SESSION_TICKETS_DISABLED on server)
ansond 0:137634ff4186 1586 *
ansond 0:137634ff4186 1587 * \note On server, ssl_set_rng() must be called before this function
ansond 0:137634ff4186 1588 * to allow generating the ticket encryption and
ansond 0:137634ff4186 1589 * authentication keys.
ansond 0:137634ff4186 1590 *
ansond 0:137634ff4186 1591 * \param ssl SSL context
ansond 0:137634ff4186 1592 * \param use_tickets Enable or disable (SSL_SESSION_TICKETS_ENABLED or
ansond 0:137634ff4186 1593 * SSL_SESSION_TICKETS_DISABLED)
ansond 0:137634ff4186 1594 *
ansond 0:137634ff4186 1595 * \return 0 if successful,
ansond 0:137634ff4186 1596 * or a specific error code (server only).
ansond 0:137634ff4186 1597 */
ansond 0:137634ff4186 1598 int ssl_set_session_tickets( ssl_context *ssl, int use_tickets );
ansond 0:137634ff4186 1599
ansond 0:137634ff4186 1600 /**
ansond 0:137634ff4186 1601 * \brief Set session ticket lifetime (server only)
ansond 0:137634ff4186 1602 * (Default: SSL_DEFAULT_TICKET_LIFETIME (86400 secs / 1 day))
ansond 0:137634ff4186 1603 *
ansond 0:137634ff4186 1604 * \param ssl SSL context
ansond 0:137634ff4186 1605 * \param lifetime session ticket lifetime
ansond 0:137634ff4186 1606 */
ansond 0:137634ff4186 1607 void ssl_set_session_ticket_lifetime( ssl_context *ssl, int lifetime );
ansond 0:137634ff4186 1608 #endif /* POLARSSL_SSL_SESSION_TICKETS */
ansond 0:137634ff4186 1609
ansond 0:137634ff4186 1610 #if defined(POLARSSL_SSL_RENEGOTIATION)
ansond 0:137634ff4186 1611 /**
ansond 0:137634ff4186 1612 * \brief Enable / Disable renegotiation support for connection when
ansond 0:137634ff4186 1613 * initiated by peer
ansond 0:137634ff4186 1614 * (Default: SSL_RENEGOTIATION_DISABLED)
ansond 0:137634ff4186 1615 *
ansond 0:137634ff4186 1616 * Note: A server with support enabled is more vulnerable for a
ansond 0:137634ff4186 1617 * resource DoS by a malicious client. You should enable this on
ansond 0:137634ff4186 1618 * a client to enable server-initiated renegotiation.
ansond 0:137634ff4186 1619 *
ansond 0:137634ff4186 1620 * \param ssl SSL context
ansond 0:137634ff4186 1621 * \param renegotiation Enable or disable (SSL_RENEGOTIATION_ENABLED or
ansond 0:137634ff4186 1622 * SSL_RENEGOTIATION_DISABLED)
ansond 0:137634ff4186 1623 */
ansond 0:137634ff4186 1624 void ssl_set_renegotiation( ssl_context *ssl, int renegotiation );
ansond 0:137634ff4186 1625 #endif /* POLARSSL_SSL_RENEGOTIATION */
ansond 0:137634ff4186 1626
ansond 0:137634ff4186 1627 /**
ansond 0:137634ff4186 1628 * \brief Prevent or allow legacy renegotiation.
ansond 0:137634ff4186 1629 * (Default: SSL_LEGACY_NO_RENEGOTIATION)
ansond 0:137634ff4186 1630 *
ansond 0:137634ff4186 1631 * SSL_LEGACY_NO_RENEGOTIATION allows connections to
ansond 0:137634ff4186 1632 * be established even if the peer does not support
ansond 0:137634ff4186 1633 * secure renegotiation, but does not allow renegotiation
ansond 0:137634ff4186 1634 * to take place if not secure.
ansond 0:137634ff4186 1635 * (Interoperable and secure option)
ansond 0:137634ff4186 1636 *
ansond 0:137634ff4186 1637 * SSL_LEGACY_ALLOW_RENEGOTIATION allows renegotiations
ansond 0:137634ff4186 1638 * with non-upgraded peers. Allowing legacy renegotiation
ansond 0:137634ff4186 1639 * makes the connection vulnerable to specific man in the
ansond 0:137634ff4186 1640 * middle attacks. (See RFC 5746)
ansond 0:137634ff4186 1641 * (Most interoperable and least secure option)
ansond 0:137634ff4186 1642 *
ansond 0:137634ff4186 1643 * SSL_LEGACY_BREAK_HANDSHAKE breaks off connections
ansond 0:137634ff4186 1644 * if peer does not support secure renegotiation. Results
ansond 0:137634ff4186 1645 * in interoperability issues with non-upgraded peers
ansond 0:137634ff4186 1646 * that do not support renegotiation altogether.
ansond 0:137634ff4186 1647 * (Most secure option, interoperability issues)
ansond 0:137634ff4186 1648 *
ansond 0:137634ff4186 1649 * \param ssl SSL context
ansond 0:137634ff4186 1650 * \param allow_legacy Prevent or allow (SSL_NO_LEGACY_RENEGOTIATION,
ansond 0:137634ff4186 1651 * SSL_ALLOW_LEGACY_RENEGOTIATION or
ansond 0:137634ff4186 1652 * SSL_LEGACY_BREAK_HANDSHAKE)
ansond 0:137634ff4186 1653 */
ansond 0:137634ff4186 1654 void ssl_legacy_renegotiation( ssl_context *ssl, int allow_legacy );
ansond 0:137634ff4186 1655
ansond 0:137634ff4186 1656 #if defined(POLARSSL_SSL_RENEGOTIATION)
ansond 0:137634ff4186 1657 /**
ansond 0:137634ff4186 1658 * \brief Enforce requested renegotiation.
ansond 0:137634ff4186 1659 * (Default: enforced, max_records = 16)
ansond 0:137634ff4186 1660 *
ansond 0:137634ff4186 1661 * When we request a renegotiation, the peer can comply or
ansond 0:137634ff4186 1662 * ignore the request. This function allows us to decide
ansond 0:137634ff4186 1663 * whether to enforce our renegotiation requests by closing
ansond 0:137634ff4186 1664 * the connection if the peer doesn't comply.
ansond 0:137634ff4186 1665 *
ansond 0:137634ff4186 1666 * However, records could already be in transit from the peer
ansond 0:137634ff4186 1667 * when the request is emitted. In order to increase
ansond 0:137634ff4186 1668 * reliability, we can accept a number of records before the
ansond 0:137634ff4186 1669 * expected handshake records.
ansond 0:137634ff4186 1670 *
ansond 0:137634ff4186 1671 * The optimal value is highly dependent on the specific usage
ansond 0:137634ff4186 1672 * scenario.
ansond 0:137634ff4186 1673 *
ansond 0:137634ff4186 1674 * \warning On client, the grace period can only happen during
ansond 0:137634ff4186 1675 * ssl_read(), as opposed to ssl_write() and ssl_renegotiate()
ansond 0:137634ff4186 1676 * which always behave as if max_record was 0. The reason is,
ansond 0:137634ff4186 1677 * if we receive application data from the server, we need a
ansond 0:137634ff4186 1678 * place to write it, which only happens during ssl_read().
ansond 0:137634ff4186 1679 *
ansond 0:137634ff4186 1680 * \param ssl SSL context
ansond 0:137634ff4186 1681 * \param max_records Use SSL_RENEGOTIATION_NOT_ENFORCED if you don't want to
ansond 0:137634ff4186 1682 * enforce renegotiation, or a non-negative value to enforce
ansond 0:137634ff4186 1683 * it but allow for a grace period of max_records records.
ansond 0:137634ff4186 1684 */
ansond 0:137634ff4186 1685 void ssl_set_renegotiation_enforced( ssl_context *ssl, int max_records );
ansond 0:137634ff4186 1686
ansond 0:137634ff4186 1687 /**
ansond 0:137634ff4186 1688 * \brief Set record counter threshold for periodic renegotiation.
ansond 0:137634ff4186 1689 * (Default: 2^64 - 256.)
ansond 0:137634ff4186 1690 *
ansond 0:137634ff4186 1691 * Renegotiation is automatically triggered when a record
ansond 0:137634ff4186 1692 * counter (outgoing or ingoing) crosses the defined
ansond 0:137634ff4186 1693 * threshold. The default value is meant to prevent the
ansond 0:137634ff4186 1694 * connection from being closed when the counter is about to
ansond 0:137634ff4186 1695 * reached its maximal value (it is not allowed to wrap).
ansond 0:137634ff4186 1696 *
ansond 0:137634ff4186 1697 * Lower values can be used to enforce policies such as "keys
ansond 0:137634ff4186 1698 * must be refreshed every N packets with cipher X".
ansond 0:137634ff4186 1699 *
ansond 0:137634ff4186 1700 * \param ssl SSL context
ansond 0:137634ff4186 1701 * \param period The threshold value: a big-endian 64-bit number.
ansond 0:137634ff4186 1702 * Set to 2^64 - 1 to disable periodic renegotiation
ansond 0:137634ff4186 1703 */
ansond 0:137634ff4186 1704 void ssl_set_renegotiation_period( ssl_context *ssl,
ansond 0:137634ff4186 1705 const unsigned char period[8] );
ansond 0:137634ff4186 1706 #endif /* POLARSSL_SSL_RENEGOTIATION */
ansond 0:137634ff4186 1707
ansond 0:137634ff4186 1708 /**
ansond 0:137634ff4186 1709 * \brief Return the number of data bytes available to read
ansond 0:137634ff4186 1710 *
ansond 0:137634ff4186 1711 * \param ssl SSL context
ansond 0:137634ff4186 1712 *
ansond 0:137634ff4186 1713 * \return how many bytes are available in the read buffer
ansond 0:137634ff4186 1714 */
ansond 0:137634ff4186 1715 size_t ssl_get_bytes_avail( const ssl_context *ssl );
ansond 0:137634ff4186 1716
ansond 0:137634ff4186 1717 /**
ansond 0:137634ff4186 1718 * \brief Return the result of the certificate verification
ansond 0:137634ff4186 1719 *
ansond 0:137634ff4186 1720 * \param ssl SSL context
ansond 0:137634ff4186 1721 *
ansond 0:137634ff4186 1722 * \return 0 if successful,
ansond 0:137634ff4186 1723 * -1 if result is not available (eg because the handshake was
ansond 0:137634ff4186 1724 * aborted too early), or
ansond 0:137634ff4186 1725 * a combination of BADCERT_xxx and BADCRL_xxx flags, see
ansond 0:137634ff4186 1726 * x509.h
ansond 0:137634ff4186 1727 */
ansond 0:137634ff4186 1728 int ssl_get_verify_result( const ssl_context *ssl );
ansond 0:137634ff4186 1729
ansond 0:137634ff4186 1730 /**
ansond 0:137634ff4186 1731 * \brief Return the name of the current ciphersuite
ansond 0:137634ff4186 1732 *
ansond 0:137634ff4186 1733 * \param ssl SSL context
ansond 0:137634ff4186 1734 *
ansond 0:137634ff4186 1735 * \return a string containing the ciphersuite name
ansond 0:137634ff4186 1736 */
ansond 0:137634ff4186 1737 const char *ssl_get_ciphersuite( const ssl_context *ssl );
ansond 0:137634ff4186 1738
ansond 0:137634ff4186 1739 /**
ansond 0:137634ff4186 1740 * \brief Return the current SSL version (SSLv3/TLSv1/etc)
ansond 0:137634ff4186 1741 *
ansond 0:137634ff4186 1742 * \param ssl SSL context
ansond 0:137634ff4186 1743 *
ansond 0:137634ff4186 1744 * \return a string containing the SSL version
ansond 0:137634ff4186 1745 */
ansond 0:137634ff4186 1746 const char *ssl_get_version( const ssl_context *ssl );
ansond 0:137634ff4186 1747
ansond 0:137634ff4186 1748 #if defined(POLARSSL_X509_CRT_PARSE_C)
ansond 0:137634ff4186 1749 /**
ansond 0:137634ff4186 1750 * \brief Return the peer certificate from the current connection
ansond 0:137634ff4186 1751 *
ansond 0:137634ff4186 1752 * Note: Can be NULL in case no certificate was sent during
ansond 0:137634ff4186 1753 * the handshake. Different calls for the same connection can
ansond 0:137634ff4186 1754 * return the same or different pointers for the same
ansond 0:137634ff4186 1755 * certificate and even a different certificate altogether.
ansond 0:137634ff4186 1756 * The peer cert CAN change in a single connection if
ansond 0:137634ff4186 1757 * renegotiation is performed.
ansond 0:137634ff4186 1758 *
ansond 0:137634ff4186 1759 * \param ssl SSL context
ansond 0:137634ff4186 1760 *
ansond 0:137634ff4186 1761 * \return the current peer certificate
ansond 0:137634ff4186 1762 */
ansond 0:137634ff4186 1763 const x509_crt *ssl_get_peer_cert( const ssl_context *ssl );
ansond 0:137634ff4186 1764 #endif /* POLARSSL_X509_CRT_PARSE_C */
ansond 0:137634ff4186 1765
ansond 0:137634ff4186 1766 #if defined(POLARSSL_SSL_CLI_C)
ansond 0:137634ff4186 1767 /**
ansond 0:137634ff4186 1768 * \brief Save session in order to resume it later (client-side only)
ansond 0:137634ff4186 1769 * Session data is copied to presented session structure.
ansond 0:137634ff4186 1770 *
ansond 0:137634ff4186 1771 * \warning Currently, peer certificate is lost in the operation.
ansond 0:137634ff4186 1772 *
ansond 0:137634ff4186 1773 * \param ssl SSL context
ansond 0:137634ff4186 1774 * \param session session context
ansond 0:137634ff4186 1775 *
ansond 0:137634ff4186 1776 * \return 0 if successful,
ansond 0:137634ff4186 1777 * POLARSSL_ERR_SSL_MALLOC_FAILED if memory allocation failed,
ansond 0:137634ff4186 1778 * POLARSSL_ERR_SSL_BAD_INPUT_DATA if used server-side or
ansond 0:137634ff4186 1779 * arguments are otherwise invalid
ansond 0:137634ff4186 1780 *
ansond 0:137634ff4186 1781 * \sa ssl_set_session()
ansond 0:137634ff4186 1782 */
ansond 0:137634ff4186 1783 int ssl_get_session( const ssl_context *ssl, ssl_session *session );
ansond 0:137634ff4186 1784 #endif /* POLARSSL_SSL_CLI_C */
ansond 0:137634ff4186 1785
ansond 0:137634ff4186 1786 /**
ansond 0:137634ff4186 1787 * \brief Perform the SSL handshake
ansond 0:137634ff4186 1788 *
ansond 0:137634ff4186 1789 * \param ssl SSL context
ansond 0:137634ff4186 1790 *
ansond 0:137634ff4186 1791 * \return 0 if successful, POLARSSL_ERR_NET_WANT_READ,
ansond 0:137634ff4186 1792 * POLARSSL_ERR_NET_WANT_WRITE, or a specific SSL error code.
ansond 0:137634ff4186 1793 */
ansond 0:137634ff4186 1794 int ssl_handshake( ssl_context *ssl );
ansond 0:137634ff4186 1795
ansond 0:137634ff4186 1796 /**
ansond 0:137634ff4186 1797 * \brief Perform a single step of the SSL handshake
ansond 0:137634ff4186 1798 *
ansond 0:137634ff4186 1799 * Note: the state of the context (ssl->state) will be at
ansond 0:137634ff4186 1800 * the following state after execution of this function.
ansond 0:137634ff4186 1801 * Do not call this function if state is SSL_HANDSHAKE_OVER.
ansond 0:137634ff4186 1802 *
ansond 0:137634ff4186 1803 * \param ssl SSL context
ansond 0:137634ff4186 1804 *
ansond 0:137634ff4186 1805 * \return 0 if successful, POLARSSL_ERR_NET_WANT_READ,
ansond 0:137634ff4186 1806 * POLARSSL_ERR_NET_WANT_WRITE, or a specific SSL error code.
ansond 0:137634ff4186 1807 */
ansond 0:137634ff4186 1808 int ssl_handshake_step( ssl_context *ssl );
ansond 0:137634ff4186 1809
ansond 0:137634ff4186 1810 #if defined(POLARSSL_SSL_RENEGOTIATION)
ansond 0:137634ff4186 1811 /**
ansond 0:137634ff4186 1812 * \brief Initiate an SSL renegotiation on the running connection.
ansond 0:137634ff4186 1813 * Client: perform the renegotiation right now.
ansond 0:137634ff4186 1814 * Server: request renegotiation, which will be performed
ansond 0:137634ff4186 1815 * during the next call to ssl_read() if honored by client.
ansond 0:137634ff4186 1816 *
ansond 0:137634ff4186 1817 * \param ssl SSL context
ansond 0:137634ff4186 1818 *
ansond 0:137634ff4186 1819 * \return 0 if successful, or any ssl_handshake() return value.
ansond 0:137634ff4186 1820 */
ansond 0:137634ff4186 1821 int ssl_renegotiate( ssl_context *ssl );
ansond 0:137634ff4186 1822 #endif /* POLARSSL_SSL_RENEGOTIATION */
ansond 0:137634ff4186 1823
ansond 0:137634ff4186 1824 /**
ansond 0:137634ff4186 1825 * \brief Read at most 'len' application data bytes
ansond 0:137634ff4186 1826 *
ansond 0:137634ff4186 1827 * \param ssl SSL context
ansond 0:137634ff4186 1828 * \param buf buffer that will hold the data
ansond 0:137634ff4186 1829 * \param len maximum number of bytes to read
ansond 0:137634ff4186 1830 *
ansond 0:137634ff4186 1831 * \return This function returns the number of bytes read, 0 for EOF,
ansond 0:137634ff4186 1832 * or a negative error code.
ansond 0:137634ff4186 1833 */
ansond 0:137634ff4186 1834 int ssl_read( ssl_context *ssl, unsigned char *buf, size_t len );
ansond 0:137634ff4186 1835
ansond 0:137634ff4186 1836 /**
ansond 0:137634ff4186 1837 * \brief Write exactly 'len' application data bytes
ansond 0:137634ff4186 1838 *
ansond 0:137634ff4186 1839 * \param ssl SSL context
ansond 0:137634ff4186 1840 * \param buf buffer holding the data
ansond 0:137634ff4186 1841 * \param len how many bytes must be written
ansond 0:137634ff4186 1842 *
ansond 0:137634ff4186 1843 * \return This function returns the number of bytes written,
ansond 0:137634ff4186 1844 * or a negative error code.
ansond 0:137634ff4186 1845 *
ansond 0:137634ff4186 1846 * \note When this function returns POLARSSL_ERR_NET_WANT_WRITE,
ansond 0:137634ff4186 1847 * it must be called later with the *same* arguments,
ansond 0:137634ff4186 1848 * until it returns a positive value.
ansond 0:137634ff4186 1849 *
ansond 0:137634ff4186 1850 * \note This function may write less than the number of bytes
ansond 0:137634ff4186 1851 * requested if len is greater than the maximum record length.
ansond 0:137634ff4186 1852 * For arbitrary-sized messages, it should be called in a loop.
ansond 0:137634ff4186 1853 */
ansond 0:137634ff4186 1854 int ssl_write( ssl_context *ssl, const unsigned char *buf, size_t len );
ansond 0:137634ff4186 1855
ansond 0:137634ff4186 1856 /**
ansond 0:137634ff4186 1857 * \brief Send an alert message
ansond 0:137634ff4186 1858 *
ansond 0:137634ff4186 1859 * \param ssl SSL context
ansond 0:137634ff4186 1860 * \param level The alert level of the message
ansond 0:137634ff4186 1861 * (SSL_ALERT_LEVEL_WARNING or SSL_ALERT_LEVEL_FATAL)
ansond 0:137634ff4186 1862 * \param message The alert message (SSL_ALERT_MSG_*)
ansond 0:137634ff4186 1863 *
ansond 0:137634ff4186 1864 * \return 0 if successful, or a specific SSL error code.
ansond 0:137634ff4186 1865 */
ansond 0:137634ff4186 1866 int ssl_send_alert_message( ssl_context *ssl,
ansond 0:137634ff4186 1867 unsigned char level,
ansond 0:137634ff4186 1868 unsigned char message );
ansond 0:137634ff4186 1869 /**
ansond 0:137634ff4186 1870 * \brief Notify the peer that the connection is being closed
ansond 0:137634ff4186 1871 *
ansond 0:137634ff4186 1872 * \param ssl SSL context
ansond 0:137634ff4186 1873 */
ansond 0:137634ff4186 1874 int ssl_close_notify( ssl_context *ssl );
ansond 0:137634ff4186 1875
ansond 0:137634ff4186 1876 /**
ansond 0:137634ff4186 1877 * \brief Free referenced items in an SSL context and clear memory
ansond 0:137634ff4186 1878 *
ansond 0:137634ff4186 1879 * \param ssl SSL context
ansond 0:137634ff4186 1880 */
ansond 0:137634ff4186 1881 void ssl_free( ssl_context *ssl );
ansond 0:137634ff4186 1882
ansond 0:137634ff4186 1883 /**
ansond 0:137634ff4186 1884 * \brief Initialize SSL session structure
ansond 0:137634ff4186 1885 *
ansond 0:137634ff4186 1886 * \param session SSL session
ansond 0:137634ff4186 1887 */
ansond 0:137634ff4186 1888 void ssl_session_init( ssl_session *session );
ansond 0:137634ff4186 1889
ansond 0:137634ff4186 1890 /**
ansond 0:137634ff4186 1891 * \brief Free referenced items in an SSL session including the
ansond 0:137634ff4186 1892 * peer certificate and clear memory
ansond 0:137634ff4186 1893 *
ansond 0:137634ff4186 1894 * \param session SSL session
ansond 0:137634ff4186 1895 */
ansond 0:137634ff4186 1896 void ssl_session_free( ssl_session *session );
ansond 0:137634ff4186 1897
ansond 0:137634ff4186 1898 /**
ansond 0:137634ff4186 1899 * \brief Free referenced items in an SSL transform context and clear
ansond 0:137634ff4186 1900 * memory
ansond 0:137634ff4186 1901 *
ansond 0:137634ff4186 1902 * \param transform SSL transform context
ansond 0:137634ff4186 1903 */
ansond 0:137634ff4186 1904 void ssl_transform_free( ssl_transform *transform );
ansond 0:137634ff4186 1905
ansond 0:137634ff4186 1906 /**
ansond 0:137634ff4186 1907 * \brief Free referenced items in an SSL handshake context and clear
ansond 0:137634ff4186 1908 * memory
ansond 0:137634ff4186 1909 *
ansond 0:137634ff4186 1910 * \param handshake SSL handshake context
ansond 0:137634ff4186 1911 */
ansond 0:137634ff4186 1912 void ssl_handshake_free( ssl_handshake_params *handshake );
ansond 0:137634ff4186 1913
ansond 0:137634ff4186 1914 /*
ansond 0:137634ff4186 1915 * Internal functions (do not call directly)
ansond 0:137634ff4186 1916 */
ansond 0:137634ff4186 1917 int ssl_handshake_client_step( ssl_context *ssl );
ansond 0:137634ff4186 1918 int ssl_handshake_server_step( ssl_context *ssl );
ansond 0:137634ff4186 1919 void ssl_handshake_wrapup( ssl_context *ssl );
ansond 0:137634ff4186 1920
ansond 0:137634ff4186 1921 int ssl_send_fatal_handshake_failure( ssl_context *ssl );
ansond 0:137634ff4186 1922
ansond 0:137634ff4186 1923 int ssl_derive_keys( ssl_context *ssl );
ansond 0:137634ff4186 1924
ansond 0:137634ff4186 1925 int ssl_read_record( ssl_context *ssl );
ansond 0:137634ff4186 1926 /**
ansond 0:137634ff4186 1927 * \return 0 if successful, POLARSSL_ERR_SSL_CONN_EOF on EOF or
ansond 0:137634ff4186 1928 * another negative error code.
ansond 0:137634ff4186 1929 */
ansond 0:137634ff4186 1930 int ssl_fetch_input( ssl_context *ssl, size_t nb_want );
ansond 0:137634ff4186 1931
ansond 0:137634ff4186 1932 int ssl_write_record( ssl_context *ssl );
ansond 0:137634ff4186 1933 int ssl_flush_output( ssl_context *ssl );
ansond 0:137634ff4186 1934
ansond 0:137634ff4186 1935 int ssl_parse_certificate( ssl_context *ssl );
ansond 0:137634ff4186 1936 int ssl_write_certificate( ssl_context *ssl );
ansond 0:137634ff4186 1937
ansond 0:137634ff4186 1938 int ssl_parse_change_cipher_spec( ssl_context *ssl );
ansond 0:137634ff4186 1939 int ssl_write_change_cipher_spec( ssl_context *ssl );
ansond 0:137634ff4186 1940
ansond 0:137634ff4186 1941 int ssl_parse_finished( ssl_context *ssl );
ansond 0:137634ff4186 1942 int ssl_write_finished( ssl_context *ssl );
ansond 0:137634ff4186 1943
ansond 0:137634ff4186 1944 void ssl_optimize_checksum( ssl_context *ssl,
ansond 0:137634ff4186 1945 const ssl_ciphersuite_t *ciphersuite_info );
ansond 0:137634ff4186 1946
ansond 0:137634ff4186 1947 #if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
ansond 0:137634ff4186 1948 int ssl_psk_derive_premaster( ssl_context *ssl, key_exchange_type_t key_ex );
ansond 0:137634ff4186 1949 #endif
ansond 0:137634ff4186 1950
ansond 0:137634ff4186 1951 #if defined(POLARSSL_PK_C)
ansond 0:137634ff4186 1952 unsigned char ssl_sig_from_pk( pk_context *pk );
ansond 0:137634ff4186 1953 pk_type_t ssl_pk_alg_from_sig( unsigned char sig );
ansond 0:137634ff4186 1954 #endif
ansond 0:137634ff4186 1955
ansond 0:137634ff4186 1956 md_type_t ssl_md_alg_from_hash( unsigned char hash );
ansond 0:137634ff4186 1957
ansond 0:137634ff4186 1958 #if defined(POLARSSL_SSL_SET_CURVES)
ansond 0:137634ff4186 1959 int ssl_curve_is_acceptable( const ssl_context *ssl, ecp_group_id grp_id );
ansond 0:137634ff4186 1960 #endif
ansond 0:137634ff4186 1961
ansond 0:137634ff4186 1962 #if defined(POLARSSL_X509_CRT_PARSE_C)
ansond 0:137634ff4186 1963 static inline pk_context *ssl_own_key( ssl_context *ssl )
ansond 0:137634ff4186 1964 {
ansond 0:137634ff4186 1965 return( ssl->handshake->key_cert == NULL ? NULL
ansond 0:137634ff4186 1966 : ssl->handshake->key_cert->key );
ansond 0:137634ff4186 1967 }
ansond 0:137634ff4186 1968
ansond 0:137634ff4186 1969 static inline x509_crt *ssl_own_cert( ssl_context *ssl )
ansond 0:137634ff4186 1970 {
ansond 0:137634ff4186 1971 return( ssl->handshake->key_cert == NULL ? NULL
ansond 0:137634ff4186 1972 : ssl->handshake->key_cert->cert );
ansond 0:137634ff4186 1973 }
ansond 0:137634ff4186 1974
ansond 0:137634ff4186 1975 /*
ansond 0:137634ff4186 1976 * Check usage of a certificate wrt extensions:
ansond 0:137634ff4186 1977 * keyUsage, extendedKeyUsage (later), and nSCertType (later).
ansond 0:137634ff4186 1978 *
ansond 0:137634ff4186 1979 * Warning: cert_endpoint is the endpoint of the cert (ie, of our peer when we
ansond 0:137634ff4186 1980 * check a cert we received from them)!
ansond 0:137634ff4186 1981 *
ansond 0:137634ff4186 1982 * Return 0 if everything is OK, -1 if not.
ansond 0:137634ff4186 1983 */
ansond 0:137634ff4186 1984 int ssl_check_cert_usage( const x509_crt *cert,
ansond 0:137634ff4186 1985 const ssl_ciphersuite_t *ciphersuite,
ansond 0:137634ff4186 1986 int cert_endpoint,
ansond 0:137634ff4186 1987 int *flags );
ansond 0:137634ff4186 1988 #endif /* POLARSSL_X509_CRT_PARSE_C */
ansond 0:137634ff4186 1989
ansond 0:137634ff4186 1990 /* constant-time buffer comparison */
ansond 0:137634ff4186 1991 static inline int safer_memcmp( const void *a, const void *b, size_t n )
ansond 0:137634ff4186 1992 {
ansond 0:137634ff4186 1993 size_t i;
ansond 0:137634ff4186 1994 const unsigned char *A = (const unsigned char *) a;
ansond 0:137634ff4186 1995 const unsigned char *B = (const unsigned char *) b;
ansond 0:137634ff4186 1996 unsigned char diff = 0;
ansond 0:137634ff4186 1997
ansond 0:137634ff4186 1998 for( i = 0; i < n; i++ )
ansond 0:137634ff4186 1999 diff |= A[i] ^ B[i];
ansond 0:137634ff4186 2000
ansond 0:137634ff4186 2001 return( diff );
ansond 0:137634ff4186 2002 }
ansond 0:137634ff4186 2003
ansond 0:137634ff4186 2004 #ifdef __cplusplus
ansond 0:137634ff4186 2005 }
ansond 0:137634ff4186 2006 #endif
ansond 0:137634ff4186 2007
ansond 0:137634ff4186 2008 #endif /* ssl.h */
ansond 0:137634ff4186 2009