Ashley Mills / Encrypted

cyassl re-port with cellular comms, PSK test

Dependencies:   VodafoneUSBModem_bleedingedge2 mbed-rtos mbed-src

cyassllib/cyassl/internal.h@1:b211d97b0068, 2013-04-26 (annotated)

Committer:
ashleymills
Date:
Fri Apr 26 16:59:36 2013 +0000
Revision:
1:b211d97b0068
Parent:
0:e979170e02e7 
nothing

Who changed what in which revision?

UserRevisionLine numberNew contents of line
ashleymills 0:e979170e02e7 1 /* internal.h
ashleymills 0:e979170e02e7 2 *
ashleymills 0:e979170e02e7 3 * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
ashleymills 0:e979170e02e7 4 *
ashleymills 0:e979170e02e7 5 * This file is part of CyaSSL.
ashleymills 0:e979170e02e7 6 *
ashleymills 0:e979170e02e7 7 * CyaSSL is free software; you can redistribute it and/or modify
ashleymills 0:e979170e02e7 8 * it under the terms of the GNU General Public License as published by
ashleymills 0:e979170e02e7 9 * the Free Software Foundation; either version 2 of the License, or
ashleymills 0:e979170e02e7 10 * (at your option) any later version.
ashleymills 0:e979170e02e7 11 *
ashleymills 0:e979170e02e7 12 * CyaSSL is distributed in the hope that it will be useful,
ashleymills 0:e979170e02e7 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
ashleymills 0:e979170e02e7 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
ashleymills 0:e979170e02e7 15 * GNU General Public License for more details.
ashleymills 0:e979170e02e7 16 *
ashleymills 0:e979170e02e7 17 * You should have received a copy of the GNU General Public License
ashleymills 0:e979170e02e7 18 * along with this program; if not, write to the Free Software
ashleymills 0:e979170e02e7 19 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
ashleymills 0:e979170e02e7 20 */
ashleymills 0:e979170e02e7 21
ashleymills 0:e979170e02e7 22
ashleymills 0:e979170e02e7 23 #ifndef CYASSL_INT_H
ashleymills 0:e979170e02e7 24 #define CYASSL_INT_H
ashleymills 0:e979170e02e7 25
ashleymills 0:e979170e02e7 26
ashleymills 0:e979170e02e7 27 #include <cyassl/ctaocrypt/types.h>
ashleymills 0:e979170e02e7 28 #include <cyassl/ssl.h>
ashleymills 0:e979170e02e7 29 #include <cyassl/crl.h>
ashleymills 0:e979170e02e7 30 #include <cyassl/ctaocrypt/random.h>
ashleymills 0:e979170e02e7 31 #include <cyassl/ctaocrypt/des3.h>
ashleymills 0:e979170e02e7 32 #include <cyassl/ctaocrypt/hc128.h>
ashleymills 0:e979170e02e7 33 #include <cyassl/ctaocrypt/rabbit.h>
ashleymills 0:e979170e02e7 34 #include <cyassl/ctaocrypt/asn.h>
ashleymills 0:e979170e02e7 35 #include <cyassl/ctaocrypt/md5.h>
ashleymills 0:e979170e02e7 36 #include <cyassl/ctaocrypt/aes.h>
ashleymills 0:e979170e02e7 37 #include <cyassl/ctaocrypt/camellia.h>
ashleymills 0:e979170e02e7 38 #include <cyassl/ctaocrypt/logging.h>
ashleymills 0:e979170e02e7 39 #ifndef NO_RC4
ashleymills 0:e979170e02e7 40 #include <cyassl/ctaocrypt/arc4.h>
ashleymills 0:e979170e02e7 41 #endif
ashleymills 0:e979170e02e7 42 #ifdef HAVE_ECC
ashleymills 0:e979170e02e7 43 #include <cyassl/ctaocrypt/ecc.h>
ashleymills 0:e979170e02e7 44 #endif
ashleymills 0:e979170e02e7 45 #ifndef NO_SHA256
ashleymills 0:e979170e02e7 46 #include <cyassl/ctaocrypt/sha256.h>
ashleymills 0:e979170e02e7 47 #endif
ashleymills 0:e979170e02e7 48 #ifdef HAVE_OCSP
ashleymills 0:e979170e02e7 49 #include <cyassl/ocsp.h>
ashleymills 0:e979170e02e7 50 #endif
ashleymills 0:e979170e02e7 51 #ifdef CYASSL_SHA512
ashleymills 0:e979170e02e7 52 #include <cyassl/ctaocrypt/sha512.h>
ashleymills 0:e979170e02e7 53 #endif
ashleymills 0:e979170e02e7 54 #ifdef CYASSL_RIPEMD
ashleymills 0:e979170e02e7 55 #include <cyassl/ctaocrypt/ripemd.h>
ashleymills 0:e979170e02e7 56 #endif
ashleymills 0:e979170e02e7 57
ashleymills 0:e979170e02e7 58 #ifdef CYASSL_CALLBACKS
ashleymills 0:e979170e02e7 59 #include <cyassl/openssl/cyassl_callbacks.h>
ashleymills 0:e979170e02e7 60 #include <signal.h>
ashleymills 0:e979170e02e7 61 #endif
ashleymills 0:e979170e02e7 62
ashleymills 0:e979170e02e7 63 #ifdef USE_WINDOWS_API
ashleymills 0:e979170e02e7 64 #ifdef CYASSL_GAME_BUILD
ashleymills 0:e979170e02e7 65 #include "system/xtl.h"
ashleymills 0:e979170e02e7 66 #else
ashleymills 0:e979170e02e7 67 #if defined(_WIN32_WCE) || defined(WIN32_LEAN_AND_MEAN)
ashleymills 0:e979170e02e7 68 /* On WinCE winsock2.h must be included before windows.h */
ashleymills 0:e979170e02e7 69 #include <winsock2.h>
ashleymills 0:e979170e02e7 70 #endif
ashleymills 0:e979170e02e7 71 #include <windows.h>
ashleymills 0:e979170e02e7 72 #endif
ashleymills 0:e979170e02e7 73 #elif defined(THREADX)
ashleymills 0:e979170e02e7 74 #ifndef SINGLE_THREADED
ashleymills 0:e979170e02e7 75 #include "tx_api.h"
ashleymills 0:e979170e02e7 76 #endif
ashleymills 0:e979170e02e7 77 #elif defined(MICRIUM)
ashleymills 0:e979170e02e7 78 /* do nothing, just don't pick Unix */
ashleymills 0:e979170e02e7 79 #elif defined(FREERTOS) || defined(CYASSL_SAFERTOS)
ashleymills 0:e979170e02e7 80 /* do nothing */
ashleymills 0:e979170e02e7 81 #elif defined(EBSNET)
ashleymills 0:e979170e02e7 82 /* do nothing */
ashleymills 0:e979170e02e7 83 #elif defined(FREESCALE_MQX)
ashleymills 0:e979170e02e7 84 /* do nothing */
ashleymills 0:e979170e02e7 85 #else
ashleymills 0:e979170e02e7 86 #ifndef SINGLE_THREADED
ashleymills 0:e979170e02e7 87 #define CYASSL_PTHREADS
ashleymills 0:e979170e02e7 88 #include <pthread.h>
ashleymills 0:e979170e02e7 89 #endif
ashleymills 0:e979170e02e7 90 #if defined(OPENSSL_EXTRA) || defined(GOAHEAD_WS)
ashleymills 0:e979170e02e7 91 #include <unistd.h> /* for close of BIO */
ashleymills 0:e979170e02e7 92 #endif
ashleymills 0:e979170e02e7 93 #endif
ashleymills 0:e979170e02e7 94
ashleymills 0:e979170e02e7 95 #ifdef HAVE_LIBZ
ashleymills 0:e979170e02e7 96 #include "zlib.h"
ashleymills 0:e979170e02e7 97 #endif
ashleymills 0:e979170e02e7 98
ashleymills 0:e979170e02e7 99 #ifdef _MSC_VER
ashleymills 0:e979170e02e7 100 /* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */
ashleymills 0:e979170e02e7 101 #pragma warning(disable: 4996)
ashleymills 0:e979170e02e7 102 #endif
ashleymills 0:e979170e02e7 103
ashleymills 0:e979170e02e7 104 #ifdef NO_AES
ashleymills 0:e979170e02e7 105 #if !defined (ALIGN16)
ashleymills 0:e979170e02e7 106 #define ALIGN16
ashleymills 0:e979170e02e7 107 #endif
ashleymills 0:e979170e02e7 108 #endif
ashleymills 0:e979170e02e7 109
ashleymills 0:e979170e02e7 110 #ifdef NO_SHA256
ashleymills 0:e979170e02e7 111 #define SHA256_DIGEST_SIZE 32
ashleymills 0:e979170e02e7 112 #endif
ashleymills 0:e979170e02e7 113
ashleymills 0:e979170e02e7 114 #ifdef __cplusplus
ashleymills 0:e979170e02e7 115 extern "C" {
ashleymills 0:e979170e02e7 116 #endif
ashleymills 0:e979170e02e7 117
ashleymills 0:e979170e02e7 118
ashleymills 0:e979170e02e7 119 #ifdef USE_WINDOWS_API
ashleymills 0:e979170e02e7 120 typedef unsigned int SOCKET_T;
ashleymills 0:e979170e02e7 121 #else
ashleymills 0:e979170e02e7 122 typedef int SOCKET_T;
ashleymills 0:e979170e02e7 123 #endif
ashleymills 0:e979170e02e7 124
ashleymills 0:e979170e02e7 125
ashleymills 0:e979170e02e7 126 typedef byte word24[3];
ashleymills 0:e979170e02e7 127
ashleymills 0:e979170e02e7 128 /* used by ssl.c and cyassl_int.c */
ashleymills 0:e979170e02e7 129 void c32to24(word32 in, word24 out);
ashleymills 0:e979170e02e7 130
ashleymills 0:e979170e02e7 131 /* Define or comment out the cipher suites you'd like to be compiled in
ashleymills 0:e979170e02e7 132 make sure to use at least one BUILD_SSL_xxx or BUILD_TLS_xxx is defined
ashleymills 0:e979170e02e7 133
ashleymills 0:e979170e02e7 134 When adding cipher suites, add name to cipher_names, idx to cipher_name_idx
ashleymills 0:e979170e02e7 135 */
ashleymills 0:e979170e02e7 136 #if !defined(NO_RSA) && !defined(NO_RC4)
ashleymills 0:e979170e02e7 137 #define BUILD_SSL_RSA_WITH_RC4_128_SHA
ashleymills 0:e979170e02e7 138 #define BUILD_SSL_RSA_WITH_RC4_128_MD5
ashleymills 0:e979170e02e7 139 #if !defined(NO_TLS) && defined(HAVE_NTRU)
ashleymills 0:e979170e02e7 140 #define BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
ashleymills 0:e979170e02e7 141 #endif
ashleymills 0:e979170e02e7 142 #endif
ashleymills 0:e979170e02e7 143
ashleymills 0:e979170e02e7 144 #if !defined(NO_RSA) && !defined(NO_DES3)
ashleymills 0:e979170e02e7 145 #define BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA
ashleymills 0:e979170e02e7 146 #if !defined(NO_TLS) && defined(HAVE_NTRU)
ashleymills 0:e979170e02e7 147 #define BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA
ashleymills 0:e979170e02e7 148 #endif
ashleymills 0:e979170e02e7 149 #endif
ashleymills 0:e979170e02e7 150
ashleymills 0:e979170e02e7 151 #if !defined(NO_RSA) && !defined(NO_AES) && !defined(NO_TLS)
ashleymills 0:e979170e02e7 152 #define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
ashleymills 0:e979170e02e7 153 #define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
ashleymills 0:e979170e02e7 154 #if defined(HAVE_NTRU)
ashleymills 0:e979170e02e7 155 #define BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
ashleymills 0:e979170e02e7 156 #define BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
ashleymills 0:e979170e02e7 157 #endif
ashleymills 0:e979170e02e7 158 #if !defined (NO_SHA256)
ashleymills 0:e979170e02e7 159 #define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256
ashleymills 0:e979170e02e7 160 #define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256
ashleymills 0:e979170e02e7 161 #endif
ashleymills 0:e979170e02e7 162 #if defined (HAVE_AESGCM)
ashleymills 0:e979170e02e7 163 #define BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256
ashleymills 0:e979170e02e7 164 #define BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384
ashleymills 0:e979170e02e7 165 #endif
ashleymills 0:e979170e02e7 166 #if defined (HAVE_AESCCM)
ashleymills 0:e979170e02e7 167 #define BUILD_TLS_RSA_WITH_AES_128_CCM_8_SHA256
ashleymills 0:e979170e02e7 168 #define BUILD_TLS_RSA_WITH_AES_256_CCM_8_SHA384
ashleymills 0:e979170e02e7 169 #endif
ashleymills 0:e979170e02e7 170 #endif
ashleymills 0:e979170e02e7 171
ashleymills 0:e979170e02e7 172 #if defined(HAVE_CAMELLIA) && !defined(NO_TLS)
ashleymills 0:e979170e02e7 173 #ifndef NO_RSA
ashleymills 0:e979170e02e7 174 #define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
ashleymills 0:e979170e02e7 175 #define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
ashleymills 0:e979170e02e7 176 #ifndef NO_SHA256
ashleymills 0:e979170e02e7 177 #define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
ashleymills 0:e979170e02e7 178 #define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
ashleymills 0:e979170e02e7 179 #endif
ashleymills 0:e979170e02e7 180 #if !defined(NO_DH) && defined(OPENSSL_EXTRA)
ashleymills 0:e979170e02e7 181 #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
ashleymills 0:e979170e02e7 182 #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
ashleymills 0:e979170e02e7 183 #ifndef NO_SHA256
ashleymills 0:e979170e02e7 184 #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
ashleymills 0:e979170e02e7 185 #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
ashleymills 0:e979170e02e7 186 #endif
ashleymills 0:e979170e02e7 187 #endif
ashleymills 0:e979170e02e7 188 #endif
ashleymills 0:e979170e02e7 189 #endif
ashleymills 0:e979170e02e7 190
ashleymills 0:e979170e02e7 191 #if !defined(NO_PSK) && !defined(NO_AES) && !defined(NO_TLS)
ashleymills 0:e979170e02e7 192 #define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA
ashleymills 0:e979170e02e7 193 #define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA
ashleymills 0:e979170e02e7 194 #ifndef NO_SHA256
ashleymills 0:e979170e02e7 195 #define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256
ashleymills 0:e979170e02e7 196 #endif
ashleymills 0:e979170e02e7 197 #endif
ashleymills 0:e979170e02e7 198
ashleymills 0:e979170e02e7 199 #if !defined(NO_TLS) && defined(HAVE_NULL_CIPHER)
ashleymills 0:e979170e02e7 200 #if !defined(NO_RSA)
ashleymills 0:e979170e02e7 201 #define BUILD_TLS_RSA_WITH_NULL_SHA
ashleymills 0:e979170e02e7 202 #define BUILD_TLS_RSA_WITH_NULL_SHA256
ashleymills 0:e979170e02e7 203 #endif
ashleymills 0:e979170e02e7 204 #if !defined(NO_PSK)
ashleymills 0:e979170e02e7 205 #define BUILD_TLS_PSK_WITH_NULL_SHA
ashleymills 0:e979170e02e7 206 #ifndef NO_SHA256
ashleymills 0:e979170e02e7 207 #define BUILD_TLS_PSK_WITH_NULL_SHA256
ashleymills 0:e979170e02e7 208 #endif
ashleymills 0:e979170e02e7 209 #endif
ashleymills 0:e979170e02e7 210 #endif
ashleymills 0:e979170e02e7 211
ashleymills 0:e979170e02e7 212 #if !defined(NO_HC128) && !defined(NO_RSA) && !defined(NO_TLS)
ashleymills 0:e979170e02e7 213 #define BUILD_TLS_RSA_WITH_HC_128_CBC_MD5
ashleymills 0:e979170e02e7 214 #define BUILD_TLS_RSA_WITH_HC_128_CBC_SHA
ashleymills 0:e979170e02e7 215 #endif
ashleymills 0:e979170e02e7 216
ashleymills 0:e979170e02e7 217 #if !defined(NO_RABBIT) && !defined(NO_TLS) && !defined(NO_RSA)
ashleymills 0:e979170e02e7 218 #define BUILD_TLS_RSA_WITH_RABBIT_CBC_SHA
ashleymills 0:e979170e02e7 219 #endif
ashleymills 0:e979170e02e7 220
ashleymills 0:e979170e02e7 221 #if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \
ashleymills 0:e979170e02e7 222 !defined(NO_RSA) && defined(OPENSSL_EXTRA)
ashleymills 0:e979170e02e7 223 #define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
ashleymills 0:e979170e02e7 224 #define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
ashleymills 0:e979170e02e7 225 #if !defined (NO_SHA256)
ashleymills 0:e979170e02e7 226 #define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
ashleymills 0:e979170e02e7 227 #define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
ashleymills 0:e979170e02e7 228 #if defined (HAVE_AESGCM)
ashleymills 0:e979170e02e7 229 #define BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
ashleymills 0:e979170e02e7 230 #define BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
ashleymills 0:e979170e02e7 231 #endif
ashleymills 0:e979170e02e7 232 #endif
ashleymills 0:e979170e02e7 233 #endif
ashleymills 0:e979170e02e7 234
ashleymills 0:e979170e02e7 235 #if defined(HAVE_ECC) && !defined(NO_TLS)
ashleymills 0:e979170e02e7 236 #if !defined(NO_AES)
ashleymills 0:e979170e02e7 237 #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
ashleymills 0:e979170e02e7 238 #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
ashleymills 0:e979170e02e7 239 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
ashleymills 0:e979170e02e7 240 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
ashleymills 0:e979170e02e7 241
ashleymills 0:e979170e02e7 242 #define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
ashleymills 0:e979170e02e7 243 #define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
ashleymills 0:e979170e02e7 244 #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
ashleymills 0:e979170e02e7 245 #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
ashleymills 0:e979170e02e7 246
ashleymills 0:e979170e02e7 247 #if defined (HAVE_AESGCM)
ashleymills 0:e979170e02e7 248 #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
ashleymills 0:e979170e02e7 249 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
ashleymills 0:e979170e02e7 250 #define BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
ashleymills 0:e979170e02e7 251 #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
ashleymills 0:e979170e02e7 252
ashleymills 0:e979170e02e7 253 #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
ashleymills 0:e979170e02e7 254 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
ashleymills 0:e979170e02e7 255 #define BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
ashleymills 0:e979170e02e7 256 #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
ashleymills 0:e979170e02e7 257 #endif
ashleymills 0:e979170e02e7 258 #if defined (HAVE_AESCCM)
ashleymills 0:e979170e02e7 259 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_SHA256
ashleymills 0:e979170e02e7 260 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8_SHA384
ashleymills 0:e979170e02e7 261 #endif
ashleymills 0:e979170e02e7 262 #endif
ashleymills 0:e979170e02e7 263 #if !defined(NO_RC4)
ashleymills 0:e979170e02e7 264 #define BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA
ashleymills 0:e979170e02e7 265 #define BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
ashleymills 0:e979170e02e7 266
ashleymills 0:e979170e02e7 267 #define BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA
ashleymills 0:e979170e02e7 268 #define BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
ashleymills 0:e979170e02e7 269 #endif
ashleymills 0:e979170e02e7 270 #if !defined(NO_DES3)
ashleymills 0:e979170e02e7 271 #define BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
ashleymills 0:e979170e02e7 272 #define BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
ashleymills 0:e979170e02e7 273
ashleymills 0:e979170e02e7 274 #define BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
ashleymills 0:e979170e02e7 275 #define BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
ashleymills 0:e979170e02e7 276 #endif
ashleymills 0:e979170e02e7 277 #endif
ashleymills 0:e979170e02e7 278
ashleymills 0:e979170e02e7 279
ashleymills 0:e979170e02e7 280 #if defined(BUILD_SSL_RSA_WITH_RC4_128_SHA) || \
ashleymills 0:e979170e02e7 281 defined(BUILD_SSL_RSA_WITH_RC4_128_MD5)
ashleymills 0:e979170e02e7 282 #define BUILD_ARC4
ashleymills 0:e979170e02e7 283 #endif
ashleymills 0:e979170e02e7 284
ashleymills 0:e979170e02e7 285 #if defined(BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA)
ashleymills 0:e979170e02e7 286 #define BUILD_DES3
ashleymills 0:e979170e02e7 287 #endif
ashleymills 0:e979170e02e7 288
ashleymills 0:e979170e02e7 289 #if defined(BUILD_TLS_RSA_WITH_AES_128_CBC_SHA) || \
ashleymills 0:e979170e02e7 290 defined(BUILD_TLS_RSA_WITH_AES_256_CBC_SHA)
ashleymills 0:e979170e02e7 291 #define BUILD_AES
ashleymills 0:e979170e02e7 292 #endif
ashleymills 0:e979170e02e7 293
ashleymills 0:e979170e02e7 294 #if defined(BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256)
ashleymills 0:e979170e02e7 295 #define BUILD_AESGCM
ashleymills 0:e979170e02e7 296 #endif
ashleymills 0:e979170e02e7 297
ashleymills 0:e979170e02e7 298 #if defined(BUILD_TLS_RSA_WITH_HC_128_CBC_SHA) || \
ashleymills 0:e979170e02e7 299 defined(BUILD_TLS_RSA_WITH_HC_128_CBC_MD5)
ashleymills 0:e979170e02e7 300 #define BUILD_HC128
ashleymills 0:e979170e02e7 301 #endif
ashleymills 0:e979170e02e7 302
ashleymills 0:e979170e02e7 303 #if defined(BUILD_TLS_RSA_WITH_RABBIT_CBC_SHA)
ashleymills 0:e979170e02e7 304 #define BUILD_RABBIT
ashleymills 0:e979170e02e7 305 #endif
ashleymills 0:e979170e02e7 306
ashleymills 0:e979170e02e7 307 #ifdef NO_DES3
ashleymills 0:e979170e02e7 308 #define DES_BLOCK_SIZE 8
ashleymills 0:e979170e02e7 309 #endif
ashleymills 0:e979170e02e7 310
ashleymills 0:e979170e02e7 311 #ifdef NO_AES
ashleymills 0:e979170e02e7 312 #define AES_BLOCK_SIZE 16
ashleymills 0:e979170e02e7 313 #endif
ashleymills 0:e979170e02e7 314
ashleymills 0:e979170e02e7 315 #if defined(BUILD_AESGCM) || defined(HAVE_AESCCM)
ashleymills 0:e979170e02e7 316 #define HAVE_AEAD
ashleymills 0:e979170e02e7 317 #endif
ashleymills 0:e979170e02e7 318
ashleymills 0:e979170e02e7 319
ashleymills 0:e979170e02e7 320 /* actual cipher values, 2nd byte */
ashleymills 0:e979170e02e7 321 enum {
ashleymills 0:e979170e02e7 322 TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x39,
ashleymills 0:e979170e02e7 323 TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x33,
ashleymills 0:e979170e02e7 324 TLS_RSA_WITH_AES_256_CBC_SHA = 0x35,
ashleymills 0:e979170e02e7 325 TLS_RSA_WITH_AES_128_CBC_SHA = 0x2F,
ashleymills 0:e979170e02e7 326 TLS_RSA_WITH_NULL_SHA = 0x02,
ashleymills 0:e979170e02e7 327 TLS_PSK_WITH_AES_256_CBC_SHA = 0x8d,
ashleymills 0:e979170e02e7 328 TLS_PSK_WITH_AES_128_CBC_SHA256 = 0xae,
ashleymills 0:e979170e02e7 329 TLS_PSK_WITH_AES_128_CBC_SHA = 0x8c,
ashleymills 0:e979170e02e7 330 TLS_PSK_WITH_NULL_SHA256 = 0xb0,
ashleymills 0:e979170e02e7 331 TLS_PSK_WITH_NULL_SHA = 0x2c,
ashleymills 0:e979170e02e7 332 SSL_RSA_WITH_RC4_128_SHA = 0x05,
ashleymills 0:e979170e02e7 333 SSL_RSA_WITH_RC4_128_MD5 = 0x04,
ashleymills 0:e979170e02e7 334 SSL_RSA_WITH_3DES_EDE_CBC_SHA = 0x0A,
ashleymills 0:e979170e02e7 335
ashleymills 0:e979170e02e7 336 /* ECC suites, first byte is 0xC0 (ECC_BYTE) */
ashleymills 0:e979170e02e7 337 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0x14,
ashleymills 0:e979170e02e7 338 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0x13,
ashleymills 0:e979170e02e7 339 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0x0A,
ashleymills 0:e979170e02e7 340 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 0x09,
ashleymills 0:e979170e02e7 341 TLS_ECDHE_RSA_WITH_RC4_128_SHA = 0x11,
ashleymills 0:e979170e02e7 342 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = 0x07,
ashleymills 0:e979170e02e7 343 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x12,
ashleymills 0:e979170e02e7 344 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = 0x08,
ashleymills 0:e979170e02e7 345
ashleymills 0:e979170e02e7 346 /* static ECDH, first byte is 0xC0 (ECC_BYTE) */
ashleymills 0:e979170e02e7 347 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA = 0x0F,
ashleymills 0:e979170e02e7 348 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA = 0x0E,
ashleymills 0:e979170e02e7 349 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA = 0x05,
ashleymills 0:e979170e02e7 350 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA = 0x04,
ashleymills 0:e979170e02e7 351 TLS_ECDH_RSA_WITH_RC4_128_SHA = 0x0C,
ashleymills 0:e979170e02e7 352 TLS_ECDH_ECDSA_WITH_RC4_128_SHA = 0x02,
ashleymills 0:e979170e02e7 353 TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA = 0x0D,
ashleymills 0:e979170e02e7 354 TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = 0x03,
ashleymills 0:e979170e02e7 355
ashleymills 0:e979170e02e7 356 /* CyaSSL extension - eSTREAM */
ashleymills 0:e979170e02e7 357 TLS_RSA_WITH_HC_128_CBC_MD5 = 0xFB,
ashleymills 0:e979170e02e7 358 TLS_RSA_WITH_HC_128_CBC_SHA = 0xFC,
ashleymills 0:e979170e02e7 359 TLS_RSA_WITH_RABBIT_CBC_SHA = 0xFD,
ashleymills 0:e979170e02e7 360
ashleymills 0:e979170e02e7 361 /* CyaSSL extension - NTRU */
ashleymills 0:e979170e02e7 362 TLS_NTRU_RSA_WITH_RC4_128_SHA = 0xe5,
ashleymills 0:e979170e02e7 363 TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA = 0xe6,
ashleymills 0:e979170e02e7 364 TLS_NTRU_RSA_WITH_AES_128_CBC_SHA = 0xe7, /* clases w/ official SHA-256 */
ashleymills 0:e979170e02e7 365 TLS_NTRU_RSA_WITH_AES_256_CBC_SHA = 0xe8,
ashleymills 0:e979170e02e7 366
ashleymills 0:e979170e02e7 367 /* SHA256 */
ashleymills 0:e979170e02e7 368 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x6b,
ashleymills 0:e979170e02e7 369 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x67,
ashleymills 0:e979170e02e7 370 TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x3d,
ashleymills 0:e979170e02e7 371 TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x3c,
ashleymills 0:e979170e02e7 372 TLS_RSA_WITH_NULL_SHA256 = 0x3b,
ashleymills 0:e979170e02e7 373
ashleymills 0:e979170e02e7 374 /* AES-GCM */
ashleymills 0:e979170e02e7 375 TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x9c,
ashleymills 0:e979170e02e7 376 TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x9d,
ashleymills 0:e979170e02e7 377 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x9e,
ashleymills 0:e979170e02e7 378 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x9f,
ashleymills 0:e979170e02e7 379
ashleymills 0:e979170e02e7 380 /* ECC AES-GCM, first byte is 0xC0 (ECC_BYTE) */
ashleymills 0:e979170e02e7 381 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0x2b,
ashleymills 0:e979170e02e7 382 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 0x2c,
ashleymills 0:e979170e02e7 383 TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 = 0x2d,
ashleymills 0:e979170e02e7 384 TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 = 0x2e,
ashleymills 0:e979170e02e7 385 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0x2f,
ashleymills 0:e979170e02e7 386 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 0x30,
ashleymills 0:e979170e02e7 387 TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 = 0x31,
ashleymills 0:e979170e02e7 388 TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 = 0x32,
ashleymills 0:e979170e02e7 389
ashleymills 0:e979170e02e7 390 /* AES-CCM, first byte is 0xC0 but isn't ECC,
ashleymills 0:e979170e02e7 391 * also, in some of the other AES-CCM suites
ashleymills 0:e979170e02e7 392 * there will be second byte number conflicts
ashleymills 0:e979170e02e7 393 * with non-ECC AES-GCM */
ashleymills 0:e979170e02e7 394 TLS_RSA_WITH_AES_128_CCM_8_SHA256 = 0xa0,
ashleymills 0:e979170e02e7 395 TLS_RSA_WITH_AES_256_CCM_8_SHA384 = 0xa1,
ashleymills 0:e979170e02e7 396 TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_SHA256 = 0xac, /* Still TBD, made up */
ashleymills 0:e979170e02e7 397 TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8_SHA384 = 0xad, /* Still TBD, made up */
ashleymills 0:e979170e02e7 398
ashleymills 0:e979170e02e7 399 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x41,
ashleymills 0:e979170e02e7 400 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x84,
ashleymills 0:e979170e02e7 401 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xba,
ashleymills 0:e979170e02e7 402 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0xc0,
ashleymills 0:e979170e02e7 403 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x45,
ashleymills 0:e979170e02e7 404 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x88,
ashleymills 0:e979170e02e7 405 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xbe,
ashleymills 0:e979170e02e7 406 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0xc4
ashleymills 0:e979170e02e7 407
ashleymills 0:e979170e02e7 408 };
ashleymills 0:e979170e02e7 409
ashleymills 0:e979170e02e7 410
ashleymills 0:e979170e02e7 411 enum Misc {
ashleymills 0:e979170e02e7 412 SERVER_END = 0,
ashleymills 0:e979170e02e7 413 CLIENT_END,
ashleymills 0:e979170e02e7 414
ashleymills 0:e979170e02e7 415 ECC_BYTE = 0xC0, /* ECC first cipher suite byte */
ashleymills 0:e979170e02e7 416
ashleymills 0:e979170e02e7 417 SEND_CERT = 1,
ashleymills 0:e979170e02e7 418 SEND_BLANK_CERT = 2,
ashleymills 0:e979170e02e7 419
ashleymills 0:e979170e02e7 420 DTLS_MAJOR = 0xfe, /* DTLS major version number */
ashleymills 0:e979170e02e7 421 DTLS_MINOR = 0xff, /* DTLS minor version number */
ashleymills 0:e979170e02e7 422 SSLv3_MAJOR = 3, /* SSLv3 and TLSv1+ major version number */
ashleymills 0:e979170e02e7 423 SSLv3_MINOR = 0, /* TLSv1 minor version number */
ashleymills 0:e979170e02e7 424 TLSv1_MINOR = 1, /* TLSv1 minor version number */
ashleymills 0:e979170e02e7 425 TLSv1_1_MINOR = 2, /* TLSv1_1 minor version number */
ashleymills 0:e979170e02e7 426 TLSv1_2_MINOR = 3, /* TLSv1_2 minor version number */
ashleymills 0:e979170e02e7 427 INVALID_BYTE = 0xff, /* Used to initialize cipher specs values */
ashleymills 0:e979170e02e7 428 NO_COMPRESSION = 0,
ashleymills 0:e979170e02e7 429 ZLIB_COMPRESSION = 221, /* CyaSSL zlib compression */
ashleymills 0:e979170e02e7 430 HELLO_EXT_SIG_ALGO = 13, /* ID for the sig_algo hello extension */
ashleymills 0:e979170e02e7 431 SECRET_LEN = 48, /* pre RSA and all master */
ashleymills 0:e979170e02e7 432 ENCRYPT_LEN = 512, /* allow 4096 bit static buffer */
ashleymills 0:e979170e02e7 433 SIZEOF_SENDER = 4, /* clnt or srvr */
ashleymills 0:e979170e02e7 434 #ifndef NO_MD5
ashleymills 0:e979170e02e7 435 FINISHED_SZ = MD5_DIGEST_SIZE + SHA_DIGEST_SIZE,
ashleymills 0:e979170e02e7 436 #else
ashleymills 0:e979170e02e7 437 FINISHED_SZ = 36,
ashleymills 0:e979170e02e7 438 #endif
ashleymills 0:e979170e02e7 439 MAX_RECORD_SIZE = 16384, /* 2^14, max size by standard */
ashleymills 0:e979170e02e7 440 MAX_MSG_EXTRA = 70, /* max added to msg, mac + pad from */
ashleymills 0:e979170e02e7 441 /* RECORD_HEADER_SZ + BLOCK_SZ (pad) + SHA_256
ashleymills 0:e979170e02e7 442 digest sz + BLOC_SZ (iv) + pad byte (1) */
ashleymills 0:e979170e02e7 443 MAX_COMP_EXTRA = 1024, /* max compression extra */
ashleymills 0:e979170e02e7 444 MAX_MTU = 1500, /* max expected MTU */
ashleymills 0:e979170e02e7 445 MAX_UDP_SIZE = MAX_MTU - 100, /* don't exceed MTU w/ 100 byte header */
ashleymills 0:e979170e02e7 446 MAX_DH_SZ = 612, /* 2240 p, pub, g + 2 byte size for each */
ashleymills 0:e979170e02e7 447 MAX_STR_VERSION = 8, /* string rep of protocol version */
ashleymills 0:e979170e02e7 448
ashleymills 0:e979170e02e7 449 PAD_MD5 = 48, /* pad length for finished */
ashleymills 0:e979170e02e7 450 PAD_SHA = 40, /* pad length for finished */
ashleymills 0:e979170e02e7 451 MAX_PAD_SIZE = 256, /* maximum length of padding */
ashleymills 0:e979170e02e7 452 COMPRESS_DUMMY_SIZE = 64, /* compression dummy round size */
ashleymills 0:e979170e02e7 453 COMPRESS_CONSTANT = 13, /* compression calc constant */
ashleymills 0:e979170e02e7 454 COMPRESS_UPPER = 55, /* compression calc numerator */
ashleymills 0:e979170e02e7 455 COMPRESS_LOWER = 64, /* compression calc denominator */
ashleymills 0:e979170e02e7 456
ashleymills 0:e979170e02e7 457 PEM_LINE_LEN = 80, /* PEM line max + fudge */
ashleymills 0:e979170e02e7 458 LENGTH_SZ = 2, /* length field for HMAC, data only */
ashleymills 0:e979170e02e7 459 VERSION_SZ = 2, /* length of proctocol version */
ashleymills 0:e979170e02e7 460 SEQ_SZ = 8, /* 64 bit sequence number */
ashleymills 0:e979170e02e7 461 BYTE3_LEN = 3, /* up to 24 bit byte lengths */
ashleymills 0:e979170e02e7 462 ALERT_SIZE = 2, /* level + description */
ashleymills 0:e979170e02e7 463 REQUEST_HEADER = 2, /* always use 2 bytes */
ashleymills 0:e979170e02e7 464 VERIFY_HEADER = 2, /* always use 2 bytes */
ashleymills 0:e979170e02e7 465 MAX_DH_SIZE = 513, /* 4096 bit plus possible leading 0 */
ashleymills 0:e979170e02e7 466
ashleymills 0:e979170e02e7 467 MAX_SUITE_SZ = 200, /* 100 suites for now! */
ashleymills 0:e979170e02e7 468 RAN_LEN = 32, /* random length */
ashleymills 0:e979170e02e7 469 SEED_LEN = RAN_LEN * 2, /* tls prf seed length */
ashleymills 0:e979170e02e7 470 ID_LEN = 32, /* session id length */
ashleymills 0:e979170e02e7 471 MAX_COOKIE_LEN = 32, /* max dtls cookie size */
ashleymills 0:e979170e02e7 472 COOKIE_SZ = 20, /* use a 20 byte cookie */
ashleymills 0:e979170e02e7 473 SUITE_LEN = 2, /* cipher suite sz length */
ashleymills 0:e979170e02e7 474 ENUM_LEN = 1, /* always a byte */
ashleymills 0:e979170e02e7 475 COMP_LEN = 1, /* compression length */
ashleymills 0:e979170e02e7 476 CURVE_LEN = 2, /* ecc named curve length */
ashleymills 0:e979170e02e7 477
ashleymills 0:e979170e02e7 478 HANDSHAKE_HEADER_SZ = 4, /* type + length(3) */
ashleymills 0:e979170e02e7 479 RECORD_HEADER_SZ = 5, /* type + version + len(2) */
ashleymills 0:e979170e02e7 480 CERT_HEADER_SZ = 3, /* always 3 bytes */
ashleymills 0:e979170e02e7 481 REQ_HEADER_SZ = 2, /* cert request header sz */
ashleymills 0:e979170e02e7 482 HINT_LEN_SZ = 2, /* length of hint size field */
ashleymills 0:e979170e02e7 483 HELLO_EXT_SZ = 14, /* total length of the lazy hello extensions */
ashleymills 0:e979170e02e7 484 HELLO_EXT_LEN = 12, /* length of the lazy hello extensions */
ashleymills 0:e979170e02e7 485 HELLO_EXT_SIGALGO_SZ = 8, /* length of signature algo extension */
ashleymills 0:e979170e02e7 486 HELLO_EXT_SIGALGO_LEN = 6, /* number of items in the signature algo list */
ashleymills 0:e979170e02e7 487
ashleymills 0:e979170e02e7 488 DTLS_HANDSHAKE_HEADER_SZ = 12, /* normal + seq(2) + offset(3) + length(3) */
ashleymills 0:e979170e02e7 489 DTLS_RECORD_HEADER_SZ = 13, /* normal + epoch(2) + seq_num(6) */
ashleymills 0:e979170e02e7 490 DTLS_HANDSHAKE_EXTRA = 8, /* diff from normal */
ashleymills 0:e979170e02e7 491 DTLS_RECORD_EXTRA = 8, /* diff from normal */
ashleymills 0:e979170e02e7 492 DTLS_HANDSHAKE_SEQ_SZ = 2, /* handshake header sequence number */
ashleymills 0:e979170e02e7 493 DTLS_HANDSHAKE_FRAG_SZ = 3, /* fragment offset and length are 24 bit */
ashleymills 0:e979170e02e7 494 DTLS_POOL_SZ = 5, /* buffers to hold in the retry pool */
ashleymills 0:e979170e02e7 495
ashleymills 0:e979170e02e7 496 FINISHED_LABEL_SZ = 15, /* TLS finished label size */
ashleymills 0:e979170e02e7 497 TLS_FINISHED_SZ = 12, /* TLS has a shorter size */
ashleymills 0:e979170e02e7 498 MASTER_LABEL_SZ = 13, /* TLS master secret label sz */
ashleymills 0:e979170e02e7 499 KEY_LABEL_SZ = 13, /* TLS key block expansion sz */
ashleymills 0:e979170e02e7 500 MAX_PRF_HALF = 128, /* Maximum half secret len */
ashleymills 0:e979170e02e7 501 MAX_PRF_LABSEED = 80, /* Maximum label + seed len */
ashleymills 0:e979170e02e7 502 MAX_PRF_DIG = 224, /* Maximum digest len */
ashleymills 0:e979170e02e7 503 MAX_REQUEST_SZ = 256, /* Maximum cert req len (no auth yet */
ashleymills 0:e979170e02e7 504 SESSION_FLUSH_COUNT = 256, /* Flush session cache unless user turns off */
ashleymills 0:e979170e02e7 505
ashleymills 0:e979170e02e7 506 RC4_KEY_SIZE = 16, /* always 128bit */
ashleymills 0:e979170e02e7 507 DES_KEY_SIZE = 8, /* des */
ashleymills 0:e979170e02e7 508 DES3_KEY_SIZE = 24, /* 3 des ede */
ashleymills 0:e979170e02e7 509 DES_IV_SIZE = DES_BLOCK_SIZE,
ashleymills 0:e979170e02e7 510 AES_256_KEY_SIZE = 32, /* for 256 bit */
ashleymills 0:e979170e02e7 511 AES_192_KEY_SIZE = 24, /* for 192 bit */
ashleymills 0:e979170e02e7 512 AES_IV_SIZE = 16, /* always block size */
ashleymills 0:e979170e02e7 513 AES_128_KEY_SIZE = 16, /* for 128 bit */
ashleymills 0:e979170e02e7 514
ashleymills 0:e979170e02e7 515 AEAD_SEQ_OFFSET = 4, /* Auth Data: Sequence number */
ashleymills 0:e979170e02e7 516 AEAD_TYPE_OFFSET = 8, /* Auth Data: Type */
ashleymills 0:e979170e02e7 517 AEAD_VMAJ_OFFSET = 9, /* Auth Data: Major Version */
ashleymills 0:e979170e02e7 518 AEAD_VMIN_OFFSET = 10, /* Auth Data: Minor Version */
ashleymills 0:e979170e02e7 519 AEAD_LEN_OFFSET = 11, /* Auth Data: Length */
ashleymills 0:e979170e02e7 520 AEAD_AUTH_TAG_SZ = 16, /* Size of the authentication tag */
ashleymills 0:e979170e02e7 521 AEAD_AUTH_DATA_SZ = 13, /* Size of the data to authenticate */
ashleymills 0:e979170e02e7 522 AEAD_IMP_IV_SZ = 4, /* Size of the implicit IV */
ashleymills 0:e979170e02e7 523 AEAD_EXP_IV_SZ = 8, /* Size of the explicit IV */
ashleymills 0:e979170e02e7 524 AEAD_NONCE_SZ = AEAD_EXP_IV_SZ + AEAD_IMP_IV_SZ,
ashleymills 0:e979170e02e7 525
ashleymills 0:e979170e02e7 526 CAMELLIA_128_KEY_SIZE = 16, /* for 128 bit */
ashleymills 0:e979170e02e7 527 CAMELLIA_192_KEY_SIZE = 24, /* for 192 bit */
ashleymills 0:e979170e02e7 528 CAMELLIA_256_KEY_SIZE = 32, /* for 256 bit */
ashleymills 0:e979170e02e7 529 CAMELLIA_IV_SIZE = 16, /* always block size */
ashleymills 0:e979170e02e7 530
ashleymills 0:e979170e02e7 531 HC_128_KEY_SIZE = 16, /* 128 bits */
ashleymills 0:e979170e02e7 532 HC_128_IV_SIZE = 16, /* also 128 bits */
ashleymills 0:e979170e02e7 533
ashleymills 0:e979170e02e7 534 RABBIT_KEY_SIZE = 16, /* 128 bits */
ashleymills 0:e979170e02e7 535 RABBIT_IV_SIZE = 8, /* 64 bits for iv */
ashleymills 0:e979170e02e7 536
ashleymills 0:e979170e02e7 537 EVP_SALT_SIZE = 8, /* evp salt size 64 bits */
ashleymills 0:e979170e02e7 538
ashleymills 0:e979170e02e7 539 ECDHE_SIZE = 32, /* ECHDE server size defaults to 256 bit */
ashleymills 0:e979170e02e7 540 MAX_EXPORT_ECC_SZ = 256, /* Export ANS X9.62 max future size */
ashleymills 0:e979170e02e7 541
ashleymills 0:e979170e02e7 542 MAX_HELLO_SZ = 128, /* max client or server hello */
ashleymills 0:e979170e02e7 543 MAX_CERT_VERIFY_SZ = 1024, /* max */
ashleymills 0:e979170e02e7 544 CLIENT_HELLO_FIRST = 35, /* Protocol + RAN_LEN + sizeof(id_len) */
ashleymills 0:e979170e02e7 545 MAX_SUITE_NAME = 48, /* maximum length of cipher suite string */
ashleymills 0:e979170e02e7 546 DEFAULT_TIMEOUT = 500, /* default resumption timeout in seconds */
ashleymills 0:e979170e02e7 547 DTLS_DEFAULT_TIMEOUT = 1, /* default timeout for DTLS receive */
ashleymills 0:e979170e02e7 548
ashleymills 0:e979170e02e7 549 MAX_PSK_ID_LEN = 128, /* max psk identity/hint supported */
ashleymills 0:e979170e02e7 550 MAX_PSK_KEY_LEN = 64, /* max psk key supported */
ashleymills 0:e979170e02e7 551
ashleymills 0:e979170e02e7 552 #ifdef FORTRESS
ashleymills 0:e979170e02e7 553 MAX_EX_DATA = 3, /* allow for three items of ex_data */
ashleymills 0:e979170e02e7 554 #endif
ashleymills 0:e979170e02e7 555
ashleymills 0:e979170e02e7 556 MAX_X509_SIZE = 2048, /* max static x509 buffer size */
ashleymills 0:e979170e02e7 557 CERT_MIN_SIZE = 256, /* min PEM cert size with header/footer */
ashleymills 0:e979170e02e7 558 MAX_FILENAME_SZ = 256, /* max file name length */
ashleymills 0:e979170e02e7 559 FILE_BUFFER_SIZE = 1024, /* default static file buffer size for input,
ashleymills 0:e979170e02e7 560 will use dynamic buffer if not big enough */
ashleymills 0:e979170e02e7 561
ashleymills 0:e979170e02e7 562 MAX_NTRU_PUB_KEY_SZ = 1027, /* NTRU max for now */
ashleymills 0:e979170e02e7 563 MAX_NTRU_ENCRYPT_SZ = 1027, /* NTRU max for now */
ashleymills 0:e979170e02e7 564 MAX_NTRU_BITS = 256, /* max symmetric bit strength */
ashleymills 0:e979170e02e7 565 NO_SNIFF = 0, /* not sniffing */
ashleymills 0:e979170e02e7 566 SNIFF = 1, /* currently sniffing */
ashleymills 0:e979170e02e7 567
ashleymills 0:e979170e02e7 568 HASH_SIG_SIZE = 2, /* default SHA1 RSA */
ashleymills 0:e979170e02e7 569
ashleymills 0:e979170e02e7 570 NO_CAVIUM_DEVICE = -2, /* invalid cavium device id */
ashleymills 0:e979170e02e7 571
ashleymills 0:e979170e02e7 572 NO_COPY = 0, /* should we copy static buffer for write */
ashleymills 0:e979170e02e7 573 COPY = 1 /* should we copy static buffer for write */
ashleymills 0:e979170e02e7 574 };
ashleymills 0:e979170e02e7 575
ashleymills 0:e979170e02e7 576
ashleymills 0:e979170e02e7 577 /* max cert chain peer depth */
ashleymills 0:e979170e02e7 578 #ifndef MAX_CHAIN_DEPTH
ashleymills 0:e979170e02e7 579 #define MAX_CHAIN_DEPTH 9
ashleymills 0:e979170e02e7 580 #endif
ashleymills 0:e979170e02e7 581
ashleymills 0:e979170e02e7 582
ashleymills 0:e979170e02e7 583 /* don't use extra 3/4k stack space unless need to */
ashleymills 0:e979170e02e7 584 #ifdef HAVE_NTRU
ashleymills 0:e979170e02e7 585 #define MAX_ENCRYPT_SZ MAX_NTRU_ENCRYPT_SZ
ashleymills 0:e979170e02e7 586 #else
ashleymills 0:e979170e02e7 587 #define MAX_ENCRYPT_SZ ENCRYPT_LEN
ashleymills 0:e979170e02e7 588 #endif
ashleymills 0:e979170e02e7 589
ashleymills 0:e979170e02e7 590
ashleymills 0:e979170e02e7 591 /* states */
ashleymills 0:e979170e02e7 592 enum states {
ashleymills 0:e979170e02e7 593 NULL_STATE = 0,
ashleymills 0:e979170e02e7 594
ashleymills 0:e979170e02e7 595 SERVER_HELLOVERIFYREQUEST_COMPLETE,
ashleymills 0:e979170e02e7 596 SERVER_HELLO_COMPLETE,
ashleymills 0:e979170e02e7 597 SERVER_CERT_COMPLETE,
ashleymills 0:e979170e02e7 598 SERVER_KEYEXCHANGE_COMPLETE,
ashleymills 0:e979170e02e7 599 SERVER_HELLODONE_COMPLETE,
ashleymills 0:e979170e02e7 600 SERVER_FINISHED_COMPLETE,
ashleymills 0:e979170e02e7 601
ashleymills 0:e979170e02e7 602 CLIENT_HELLO_COMPLETE,
ashleymills 0:e979170e02e7 603 CLIENT_KEYEXCHANGE_COMPLETE,
ashleymills 0:e979170e02e7 604 CLIENT_FINISHED_COMPLETE,
ashleymills 0:e979170e02e7 605
ashleymills 0:e979170e02e7 606 HANDSHAKE_DONE
ashleymills 0:e979170e02e7 607 };
ashleymills 0:e979170e02e7 608
ashleymills 0:e979170e02e7 609
ashleymills 0:e979170e02e7 610
ashleymills 0:e979170e02e7 611 /* SSL Version */
ashleymills 0:e979170e02e7 612 typedef struct ProtocolVersion {
ashleymills 0:e979170e02e7 613 byte major;
ashleymills 0:e979170e02e7 614 byte minor;
ashleymills 0:e979170e02e7 615 } ProtocolVersion;
ashleymills 0:e979170e02e7 616
ashleymills 0:e979170e02e7 617
ashleymills 0:e979170e02e7 618 CYASSL_LOCAL ProtocolVersion MakeSSLv3(void);
ashleymills 0:e979170e02e7 619 CYASSL_LOCAL ProtocolVersion MakeTLSv1(void);
ashleymills 0:e979170e02e7 620 CYASSL_LOCAL ProtocolVersion MakeTLSv1_1(void);
ashleymills 0:e979170e02e7 621 CYASSL_LOCAL ProtocolVersion MakeTLSv1_2(void);
ashleymills 0:e979170e02e7 622
ashleymills 0:e979170e02e7 623 #ifdef CYASSL_DTLS
ashleymills 0:e979170e02e7 624 CYASSL_LOCAL ProtocolVersion MakeDTLSv1(void);
ashleymills 0:e979170e02e7 625 #endif
ashleymills 0:e979170e02e7 626
ashleymills 0:e979170e02e7 627
ashleymills 0:e979170e02e7 628 enum BIO_TYPE {
ashleymills 0:e979170e02e7 629 BIO_BUFFER = 1,
ashleymills 0:e979170e02e7 630 BIO_SOCKET = 2,
ashleymills 0:e979170e02e7 631 BIO_SSL = 3,
ashleymills 0:e979170e02e7 632 BIO_MEMORY = 4
ashleymills 0:e979170e02e7 633 };
ashleymills 0:e979170e02e7 634
ashleymills 0:e979170e02e7 635
ashleymills 0:e979170e02e7 636 /* CyaSSL BIO_METHOD type */
ashleymills 0:e979170e02e7 637 struct CYASSL_BIO_METHOD {
ashleymills 0:e979170e02e7 638 byte type; /* method type */
ashleymills 0:e979170e02e7 639 };
ashleymills 0:e979170e02e7 640
ashleymills 0:e979170e02e7 641
ashleymills 0:e979170e02e7 642 /* CyaSSL BIO type */
ashleymills 0:e979170e02e7 643 struct CYASSL_BIO {
ashleymills 0:e979170e02e7 644 byte type; /* method type */
ashleymills 0:e979170e02e7 645 byte close; /* close flag */
ashleymills 0:e979170e02e7 646 byte eof; /* eof flag */
ashleymills 0:e979170e02e7 647 CYASSL* ssl; /* possible associated ssl */
ashleymills 0:e979170e02e7 648 byte* mem; /* memory buffer */
ashleymills 0:e979170e02e7 649 int memLen; /* memory buffer length */
ashleymills 0:e979170e02e7 650 int fd; /* possible file descriptor */
ashleymills 0:e979170e02e7 651 CYASSL_BIO* prev; /* previous in chain */
ashleymills 0:e979170e02e7 652 CYASSL_BIO* next; /* next in chain */
ashleymills 0:e979170e02e7 653 };
ashleymills 0:e979170e02e7 654
ashleymills 0:e979170e02e7 655
ashleymills 0:e979170e02e7 656 /* CyaSSL method type */
ashleymills 0:e979170e02e7 657 struct CYASSL_METHOD {
ashleymills 0:e979170e02e7 658 ProtocolVersion version;
ashleymills 0:e979170e02e7 659 byte side; /* connection side, server or client */
ashleymills 0:e979170e02e7 660 byte downgrade; /* whether to downgrade version, default no */
ashleymills 0:e979170e02e7 661 };
ashleymills 0:e979170e02e7 662
ashleymills 0:e979170e02e7 663
ashleymills 0:e979170e02e7 664 /* defautls to client */
ashleymills 0:e979170e02e7 665 CYASSL_LOCAL void InitSSL_Method(CYASSL_METHOD*, ProtocolVersion);
ashleymills 0:e979170e02e7 666
ashleymills 0:e979170e02e7 667 /* for sniffer */
ashleymills 0:e979170e02e7 668 CYASSL_LOCAL int DoFinished(CYASSL* ssl, const byte* input, word32* inOutIdx,
ashleymills 0:e979170e02e7 669 int sniff);
ashleymills 0:e979170e02e7 670 CYASSL_LOCAL int DoApplicationData(CYASSL* ssl, byte* input, word32* inOutIdx);
ashleymills 0:e979170e02e7 671
ashleymills 0:e979170e02e7 672
ashleymills 0:e979170e02e7 673 /* CyaSSL buffer type */
ashleymills 0:e979170e02e7 674 typedef struct buffer {
ashleymills 0:e979170e02e7 675 word32 length;
ashleymills 0:e979170e02e7 676 byte* buffer;
ashleymills 0:e979170e02e7 677 } buffer;
ashleymills 0:e979170e02e7 678
ashleymills 0:e979170e02e7 679
ashleymills 0:e979170e02e7 680 enum {
ashleymills 0:e979170e02e7 681 FORCED_FREE = 1,
ashleymills 0:e979170e02e7 682 NO_FORCED_FREE = 0
ashleymills 0:e979170e02e7 683 };
ashleymills 0:e979170e02e7 684
ashleymills 0:e979170e02e7 685
ashleymills 0:e979170e02e7 686 /* only use compression extra if using compression */
ashleymills 0:e979170e02e7 687 #ifdef HAVE_LIBZ
ashleymills 0:e979170e02e7 688 #define COMP_EXTRA MAX_COMP_EXTRA
ashleymills 0:e979170e02e7 689 #else
ashleymills 0:e979170e02e7 690 #define COMP_EXTRA 0
ashleymills 0:e979170e02e7 691 #endif
ashleymills 0:e979170e02e7 692
ashleymills 0:e979170e02e7 693 /* only the sniffer needs space in the buffer for extra MTU record(s) */
ashleymills 0:e979170e02e7 694 #ifdef CYASSL_SNIFFER
ashleymills 0:e979170e02e7 695 #define MTU_EXTRA MAX_MTU * 3
ashleymills 0:e979170e02e7 696 #else
ashleymills 0:e979170e02e7 697 #define MTU_EXTRA 0
ashleymills 0:e979170e02e7 698 #endif
ashleymills 0:e979170e02e7 699
ashleymills 0:e979170e02e7 700 /* give user option to use 16K static buffers */
ashleymills 0:e979170e02e7 701 #if defined(LARGE_STATIC_BUFFERS)
ashleymills 0:e979170e02e7 702 #define RECORD_SIZE MAX_RECORD_SIZE
ashleymills 0:e979170e02e7 703 #else
ashleymills 0:e979170e02e7 704 #ifdef CYASSL_DTLS
ashleymills 0:e979170e02e7 705 #define RECORD_SIZE MAX_MTU
ashleymills 0:e979170e02e7 706 #else
ashleymills 0:e979170e02e7 707 #define RECORD_SIZE 128
ashleymills 0:e979170e02e7 708 #endif
ashleymills 0:e979170e02e7 709 #endif
ashleymills 0:e979170e02e7 710
ashleymills 0:e979170e02e7 711
ashleymills 0:e979170e02e7 712 /* user option to turn off 16K output option */
ashleymills 0:e979170e02e7 713 /* if using small static buffers (default) and SSL_write tries to write data
ashleymills 0:e979170e02e7 714 larger than the record we have, dynamically get it, unless user says only
ashleymills 0:e979170e02e7 715 write in static buffer chuncks */
ashleymills 0:e979170e02e7 716 #ifndef STATIC_CHUNKS_ONLY
ashleymills 0:e979170e02e7 717 #define OUTPUT_RECORD_SIZE MAX_RECORD_SIZE
ashleymills 0:e979170e02e7 718 #else
ashleymills 0:e979170e02e7 719 #define OUTPUT_RECORD_SIZE RECORD_SIZE
ashleymills 0:e979170e02e7 720 #endif
ashleymills 0:e979170e02e7 721
ashleymills 0:e979170e02e7 722 /* CyaSSL input buffer
ashleymills 0:e979170e02e7 723
ashleymills 0:e979170e02e7 724 RFC 2246:
ashleymills 0:e979170e02e7 725
ashleymills 0:e979170e02e7 726 length
ashleymills 0:e979170e02e7 727 The length (in bytes) of the following TLSPlaintext.fragment.
ashleymills 0:e979170e02e7 728 The length should not exceed 2^14.
ashleymills 0:e979170e02e7 729 */
ashleymills 0:e979170e02e7 730 #if defined(LARGE_STATIC_BUFFERS) || defined(CYASSL_DTLS)
ashleymills 0:e979170e02e7 731 #define STATIC_BUFFER_LEN RECORD_HEADER_SZ + RECORD_SIZE + COMP_EXTRA + \
ashleymills 0:e979170e02e7 732 MTU_EXTRA + MAX_MSG_EXTRA
ashleymills 0:e979170e02e7 733 #else
ashleymills 0:e979170e02e7 734 /* zero length arrays may not be supported */
ashleymills 0:e979170e02e7 735 #define STATIC_BUFFER_LEN 1
ashleymills 0:e979170e02e7 736 #endif
ashleymills 0:e979170e02e7 737
ashleymills 0:e979170e02e7 738 typedef struct {
ashleymills 0:e979170e02e7 739 word32 length; /* total buffer length used */
ashleymills 0:e979170e02e7 740 word32 idx; /* idx to part of length already consumed */
ashleymills 0:e979170e02e7 741 byte* buffer; /* place holder for static or dynamic buffer */
ashleymills 0:e979170e02e7 742 word32 bufferSize; /* current buffer size */
ashleymills 0:e979170e02e7 743 byte dynamicFlag; /* dynamic memory currently in use */
ashleymills 0:e979170e02e7 744 ALIGN16 byte staticBuffer[STATIC_BUFFER_LEN];
ashleymills 0:e979170e02e7 745 } bufferStatic;
ashleymills 0:e979170e02e7 746
ashleymills 0:e979170e02e7 747 /* Cipher Suites holder */
ashleymills 0:e979170e02e7 748 typedef struct Suites {
ashleymills 0:e979170e02e7 749 int setSuites; /* user set suites from default */
ashleymills 0:e979170e02e7 750 byte suites[MAX_SUITE_SZ];
ashleymills 0:e979170e02e7 751 word16 suiteSz; /* suite length in bytes */
ashleymills 0:e979170e02e7 752 } Suites;
ashleymills 0:e979170e02e7 753
ashleymills 0:e979170e02e7 754
ashleymills 0:e979170e02e7 755 CYASSL_LOCAL
ashleymills 0:e979170e02e7 756 void InitSuites(Suites*, ProtocolVersion,
ashleymills 0:e979170e02e7 757 byte, byte, byte, byte, byte, byte, int);
ashleymills 0:e979170e02e7 758 CYASSL_LOCAL
ashleymills 0:e979170e02e7 759 int SetCipherList(Suites*, const char* list);
ashleymills 0:e979170e02e7 760
ashleymills 0:e979170e02e7 761 #ifndef PSK_TYPES_DEFINED
ashleymills 0:e979170e02e7 762 typedef unsigned int (*psk_client_callback)(CYASSL*, const char*, char*,
ashleymills 0:e979170e02e7 763 unsigned int, unsigned char*, unsigned int);
ashleymills 0:e979170e02e7 764 typedef unsigned int (*psk_server_callback)(CYASSL*, const char*,
ashleymills 0:e979170e02e7 765 unsigned char*, unsigned int);
ashleymills 0:e979170e02e7 766 #endif /* PSK_TYPES_DEFINED */
ashleymills 0:e979170e02e7 767
ashleymills 0:e979170e02e7 768 #undef CYASSL_USER_IO
ashleymills 0:e979170e02e7 769 #ifndef CYASSL_USER_IO
ashleymills 0:e979170e02e7 770 /* default IO callbacks */
ashleymills 0:e979170e02e7 771 CYASSL_LOCAL
ashleymills 0:e979170e02e7 772 int EmbedReceive(CYASSL *ssl, char *buf, int sz, void *ctx);
ashleymills 0:e979170e02e7 773 CYASSL_LOCAL
ashleymills 0:e979170e02e7 774 int EmbedSend(CYASSL *ssl, char *buf, int sz, void *ctx);
ashleymills 0:e979170e02e7 775
ashleymills 0:e979170e02e7 776 #ifdef HAVE_OCSP
ashleymills 0:e979170e02e7 777 CYASSL_LOCAL
ashleymills 0:e979170e02e7 778 int EmbedOcspLookup(void*, const char*, int, byte*, int, byte**);
ashleymills 0:e979170e02e7 779 CYASSL_LOCAL
ashleymills 0:e979170e02e7 780 void EmbedOcspRespFree(void*, byte*);
ashleymills 0:e979170e02e7 781 #endif
ashleymills 0:e979170e02e7 782 #endif
ashleymills 0:e979170e02e7 783
ashleymills 0:e979170e02e7 784 #ifdef CYASSL_DTLS
ashleymills 0:e979170e02e7 785 CYASSL_LOCAL
ashleymills 0:e979170e02e7 786 int EmbedReceiveFrom(CYASSL *ssl, char *buf, int sz, void *ctx);
ashleymills 0:e979170e02e7 787 CYASSL_LOCAL
ashleymills 0:e979170e02e7 788 int EmbedSendTo(CYASSL *ssl, char *buf, int sz, void *ctx);
ashleymills 0:e979170e02e7 789 CYASSL_LOCAL
ashleymills 0:e979170e02e7 790 int EmbedGenerateCookie(byte *buf, int sz, void *ctx);
ashleymills 0:e979170e02e7 791 CYASSL_LOCAL
ashleymills 0:e979170e02e7 792 int IsUDP(void*);
ashleymills 0:e979170e02e7 793 #endif
ashleymills 0:e979170e02e7 794
ashleymills 0:e979170e02e7 795
ashleymills 0:e979170e02e7 796 /* CyaSSL Cipher type just points back to SSL */
ashleymills 0:e979170e02e7 797 struct CYASSL_CIPHER {
ashleymills 0:e979170e02e7 798 CYASSL* ssl;
ashleymills 0:e979170e02e7 799 };
ashleymills 0:e979170e02e7 800
ashleymills 0:e979170e02e7 801
ashleymills 0:e979170e02e7 802 #ifdef SINGLE_THREADED
ashleymills 0:e979170e02e7 803 typedef int CyaSSL_Mutex;
ashleymills 0:e979170e02e7 804 #else /* MULTI_THREADED */
ashleymills 0:e979170e02e7 805 /* FREERTOS comes first to enable use of FreeRTOS Windows simulator only */
ashleymills 0:e979170e02e7 806 #ifdef FREERTOS
ashleymills 0:e979170e02e7 807 typedef xSemaphoreHandle CyaSSL_Mutex;
ashleymills 0:e979170e02e7 808 #elif defined(CYASSL_SAFERTOS)
ashleymills 0:e979170e02e7 809 typedef struct CyaSSL_Mutex {
ashleymills 0:e979170e02e7 810 signed char mutexBuffer[portQUEUE_OVERHEAD_BYTES];
ashleymills 0:e979170e02e7 811 xSemaphoreHandle mutex;
ashleymills 0:e979170e02e7 812 } CyaSSL_Mutex;
ashleymills 0:e979170e02e7 813 #elif defined(USE_WINDOWS_API)
ashleymills 0:e979170e02e7 814 typedef CRITICAL_SECTION CyaSSL_Mutex;
ashleymills 0:e979170e02e7 815 #elif defined(CYASSL_PTHREADS)
ashleymills 0:e979170e02e7 816 typedef pthread_mutex_t CyaSSL_Mutex;
ashleymills 0:e979170e02e7 817 #elif defined(THREADX)
ashleymills 0:e979170e02e7 818 typedef TX_MUTEX CyaSSL_Mutex;
ashleymills 0:e979170e02e7 819 #elif defined(MICRIUM)
ashleymills 0:e979170e02e7 820 typedef OS_MUTEX CyaSSL_Mutex;
ashleymills 0:e979170e02e7 821 #elif defined(EBSNET)
ashleymills 0:e979170e02e7 822 typedef RTP_MUTEX CyaSSL_Mutex;
ashleymills 0:e979170e02e7 823 #elif defined(FREESCALE_MQX)
ashleymills 0:e979170e02e7 824 typedef MUTEX_STRUCT CyaSSL_Mutex;
ashleymills 0:e979170e02e7 825 #else
ashleymills 0:e979170e02e7 826 #error Need a mutex type in multithreaded mode
ashleymills 0:e979170e02e7 827 #endif /* USE_WINDOWS_API */
ashleymills 0:e979170e02e7 828 #endif /* SINGLE_THREADED */
ashleymills 0:e979170e02e7 829
ashleymills 0:e979170e02e7 830 CYASSL_LOCAL int InitMutex(CyaSSL_Mutex*);
ashleymills 0:e979170e02e7 831 CYASSL_LOCAL int FreeMutex(CyaSSL_Mutex*);
ashleymills 0:e979170e02e7 832 CYASSL_LOCAL int LockMutex(CyaSSL_Mutex*);
ashleymills 0:e979170e02e7 833 CYASSL_LOCAL int UnLockMutex(CyaSSL_Mutex*);
ashleymills 0:e979170e02e7 834
ashleymills 0:e979170e02e7 835
ashleymills 0:e979170e02e7 836
ashleymills 0:e979170e02e7 837 typedef struct OCSP_Entry OCSP_Entry;
ashleymills 0:e979170e02e7 838
ashleymills 0:e979170e02e7 839 struct OCSP_Entry {
ashleymills 0:e979170e02e7 840 OCSP_Entry* next; /* next entry */
ashleymills 0:e979170e02e7 841 byte issuerHash[SHA_DIGEST_SIZE]; /* issuer hash */
ashleymills 0:e979170e02e7 842 byte issuerKeyHash[SHA_DIGEST_SIZE]; /* issuer public key hash */
ashleymills 0:e979170e02e7 843 CertStatus* status; /* OCSP response list */
ashleymills 0:e979170e02e7 844 int totalStatus; /* number on list */
ashleymills 0:e979170e02e7 845 };
ashleymills 0:e979170e02e7 846
ashleymills 0:e979170e02e7 847
ashleymills 0:e979170e02e7 848 /* CyaSSL OCSP controller */
ashleymills 0:e979170e02e7 849 struct CYASSL_OCSP {
ashleymills 0:e979170e02e7 850 byte enabled;
ashleymills 0:e979170e02e7 851 byte useOverrideUrl;
ashleymills 0:e979170e02e7 852 byte useNonce;
ashleymills 0:e979170e02e7 853 char overrideUrl[80];
ashleymills 0:e979170e02e7 854 OCSP_Entry* ocspList;
ashleymills 0:e979170e02e7 855 void* IOCB_OcspCtx;
ashleymills 0:e979170e02e7 856 CallbackIOOcsp CBIOOcsp;
ashleymills 0:e979170e02e7 857 CallbackIOOcspRespFree CBIOOcspRespFree;
ashleymills 0:e979170e02e7 858 };
ashleymills 0:e979170e02e7 859
ashleymills 0:e979170e02e7 860
ashleymills 0:e979170e02e7 861 typedef struct CRL_Entry CRL_Entry;
ashleymills 0:e979170e02e7 862
ashleymills 0:e979170e02e7 863 /* Complete CRL */
ashleymills 0:e979170e02e7 864 struct CRL_Entry {
ashleymills 0:e979170e02e7 865 CRL_Entry* next; /* next entry */
ashleymills 0:e979170e02e7 866 byte issuerHash[SHA_DIGEST_SIZE]; /* issuer hash */
ashleymills 0:e979170e02e7 867 /* byte crlHash[SHA_DIGEST_SIZE]; raw crl data hash */
ashleymills 0:e979170e02e7 868 /* restore the hash here if needed for optimized comparisons */
ashleymills 0:e979170e02e7 869 byte lastDate[MAX_DATE_SIZE]; /* last date updated */
ashleymills 0:e979170e02e7 870 byte nextDate[MAX_DATE_SIZE]; /* next update date */
ashleymills 0:e979170e02e7 871 byte lastDateFormat; /* last date format */
ashleymills 0:e979170e02e7 872 byte nextDateFormat; /* next date format */
ashleymills 0:e979170e02e7 873 RevokedCert* certs; /* revoked cert list */
ashleymills 0:e979170e02e7 874 int totalCerts; /* number on list */
ashleymills 0:e979170e02e7 875 };
ashleymills 0:e979170e02e7 876
ashleymills 0:e979170e02e7 877
ashleymills 0:e979170e02e7 878 typedef struct CRL_Monitor CRL_Monitor;
ashleymills 0:e979170e02e7 879
ashleymills 0:e979170e02e7 880 /* CRL directory monitor */
ashleymills 0:e979170e02e7 881 struct CRL_Monitor {
ashleymills 0:e979170e02e7 882 char* path; /* full dir path, if valid pointer we're using */
ashleymills 0:e979170e02e7 883 int type; /* PEM or ASN1 type */
ashleymills 0:e979170e02e7 884 };
ashleymills 0:e979170e02e7 885
ashleymills 0:e979170e02e7 886
ashleymills 0:e979170e02e7 887 /* CyaSSL CRL controller */
ashleymills 0:e979170e02e7 888 struct CYASSL_CRL {
ashleymills 0:e979170e02e7 889 CYASSL_CERT_MANAGER* cm; /* pointer back to cert manager */
ashleymills 0:e979170e02e7 890 CRL_Entry* crlList; /* our CRL list */
ashleymills 0:e979170e02e7 891 CyaSSL_Mutex crlLock; /* CRL list lock */
ashleymills 0:e979170e02e7 892 CRL_Monitor monitors[2]; /* PEM and DER possible */
ashleymills 0:e979170e02e7 893 #ifdef HAVE_CRL_MONITOR
ashleymills 0:e979170e02e7 894 pthread_t tid; /* monitoring thread */
ashleymills 0:e979170e02e7 895 #endif
ashleymills 0:e979170e02e7 896 };
ashleymills 0:e979170e02e7 897
ashleymills 0:e979170e02e7 898
ashleymills 0:e979170e02e7 899 /* CyaSSL Certificate Manager */
ashleymills 0:e979170e02e7 900 struct CYASSL_CERT_MANAGER {
ashleymills 0:e979170e02e7 901 Signer* caList; /* the CA signer list */
ashleymills 0:e979170e02e7 902 CyaSSL_Mutex caLock; /* CA list lock */
ashleymills 0:e979170e02e7 903 CallbackCACache caCacheCallback; /* CA cache addition callback */
ashleymills 0:e979170e02e7 904 void* heap; /* heap helper */
ashleymills 0:e979170e02e7 905 CYASSL_CRL* crl; /* CRL checker */
ashleymills 0:e979170e02e7 906 byte crlEnabled; /* is CRL on ? */
ashleymills 0:e979170e02e7 907 byte crlCheckAll; /* always leaf, but all ? */
ashleymills 0:e979170e02e7 908 CbMissingCRL cbMissingCRL; /* notify through cb of missing crl */
ashleymills 0:e979170e02e7 909 };
ashleymills 0:e979170e02e7 910
ashleymills 0:e979170e02e7 911
ashleymills 0:e979170e02e7 912 /* CyaSSL Sock Addr */
ashleymills 0:e979170e02e7 913 struct CYASSL_SOCKADDR {
ashleymills 0:e979170e02e7 914 unsigned int sz; /* sockaddr size */
ashleymills 0:e979170e02e7 915 void* sa; /* pointer to the sockaddr_in or sockaddr_in6 */
ashleymills 0:e979170e02e7 916 };
ashleymills 0:e979170e02e7 917
ashleymills 0:e979170e02e7 918 typedef struct CYASSL_DTLS_CTX {
ashleymills 0:e979170e02e7 919 CYASSL_SOCKADDR peer;
ashleymills 0:e979170e02e7 920 int fd;
ashleymills 0:e979170e02e7 921 } CYASSL_DTLS_CTX;
ashleymills 0:e979170e02e7 922
ashleymills 0:e979170e02e7 923
ashleymills 0:e979170e02e7 924 /* CyaSSL context type */
ashleymills 0:e979170e02e7 925 struct CYASSL_CTX {
ashleymills 0:e979170e02e7 926 CYASSL_METHOD* method;
ashleymills 0:e979170e02e7 927 CyaSSL_Mutex countMutex; /* reference count mutex */
ashleymills 0:e979170e02e7 928 int refCount; /* reference count */
ashleymills 0:e979170e02e7 929 #ifndef NO_CERTS
ashleymills 0:e979170e02e7 930 buffer certificate;
ashleymills 0:e979170e02e7 931 buffer certChain;
ashleymills 0:e979170e02e7 932 /* chain after self, in DER, with leading size for each cert */
ashleymills 0:e979170e02e7 933 buffer privateKey;
ashleymills 0:e979170e02e7 934 buffer serverDH_P;
ashleymills 0:e979170e02e7 935 buffer serverDH_G;
ashleymills 0:e979170e02e7 936 CYASSL_CERT_MANAGER* cm; /* our cert manager, ctx owns SSL will use */
ashleymills 0:e979170e02e7 937 #endif
ashleymills 0:e979170e02e7 938 Suites suites;
ashleymills 0:e979170e02e7 939 void* heap; /* for user memory overrides */
ashleymills 0:e979170e02e7 940 byte verifyPeer;
ashleymills 0:e979170e02e7 941 byte verifyNone;
ashleymills 0:e979170e02e7 942 byte failNoCert;
ashleymills 0:e979170e02e7 943 byte sessionCacheOff;
ashleymills 0:e979170e02e7 944 byte sessionCacheFlushOff;
ashleymills 0:e979170e02e7 945 byte sendVerify; /* for client side */
ashleymills 0:e979170e02e7 946 byte haveRSA; /* RSA available */
ashleymills 0:e979170e02e7 947 byte haveDH; /* server DH parms set by user */
ashleymills 0:e979170e02e7 948 byte haveNTRU; /* server private NTRU key loaded */
ashleymills 0:e979170e02e7 949 byte haveECDSAsig; /* server cert signed w/ ECDSA */
ashleymills 0:e979170e02e7 950 byte haveStaticECC; /* static server ECC private key */
ashleymills 0:e979170e02e7 951 byte partialWrite; /* only one msg per write call */
ashleymills 0:e979170e02e7 952 byte quietShutdown; /* don't send close notify */
ashleymills 0:e979170e02e7 953 byte groupMessages; /* group handshake messages before sending */
ashleymills 0:e979170e02e7 954 CallbackIORecv CBIORecv;
ashleymills 0:e979170e02e7 955 CallbackIOSend CBIOSend;
ashleymills 0:e979170e02e7 956 VerifyCallback verifyCallback; /* cert verification callback */
ashleymills 0:e979170e02e7 957 word32 timeout; /* session timeout */
ashleymills 0:e979170e02e7 958 #ifdef HAVE_ECC
ashleymills 0:e979170e02e7 959 word16 eccTempKeySz; /* in octets 20 - 66 */
ashleymills 0:e979170e02e7 960 #endif
ashleymills 0:e979170e02e7 961 #ifndef NO_PSK
ashleymills 0:e979170e02e7 962 byte havePSK; /* psk key set by user */
ashleymills 0:e979170e02e7 963 psk_client_callback client_psk_cb; /* client callback */
ashleymills 0:e979170e02e7 964 psk_server_callback server_psk_cb; /* server callback */
ashleymills 0:e979170e02e7 965 char server_hint[MAX_PSK_ID_LEN];
ashleymills 0:e979170e02e7 966 #endif /* NO_PSK */
ashleymills 0:e979170e02e7 967 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
ashleymills 0:e979170e02e7 968 pem_password_cb passwd_cb;
ashleymills 0:e979170e02e7 969 void* userdata;
ashleymills 0:e979170e02e7 970 #endif /* OPENSSL_EXTRA */
ashleymills 0:e979170e02e7 971 #ifdef HAVE_OCSP
ashleymills 0:e979170e02e7 972 CYASSL_OCSP ocsp;
ashleymills 0:e979170e02e7 973 #endif
ashleymills 0:e979170e02e7 974 #ifdef HAVE_CAVIUM
ashleymills 0:e979170e02e7 975 int devId; /* cavium device id to use */
ashleymills 0:e979170e02e7 976 #endif
ashleymills 0:e979170e02e7 977 };
ashleymills 0:e979170e02e7 978
ashleymills 0:e979170e02e7 979
ashleymills 0:e979170e02e7 980 CYASSL_LOCAL
ashleymills 0:e979170e02e7 981 int InitSSL_Ctx(CYASSL_CTX*, CYASSL_METHOD*);
ashleymills 0:e979170e02e7 982 CYASSL_LOCAL
ashleymills 0:e979170e02e7 983 void FreeSSL_Ctx(CYASSL_CTX*);
ashleymills 0:e979170e02e7 984 CYASSL_LOCAL
ashleymills 0:e979170e02e7 985 void SSL_CtxResourceFree(CYASSL_CTX*);
ashleymills 0:e979170e02e7 986
ashleymills 0:e979170e02e7 987 CYASSL_LOCAL
ashleymills 0:e979170e02e7 988 int DeriveTlsKeys(CYASSL* ssl);
ashleymills 0:e979170e02e7 989 CYASSL_LOCAL
ashleymills 0:e979170e02e7 990 int ProcessOldClientHello(CYASSL* ssl, const byte* input, word32* inOutIdx,
ashleymills 0:e979170e02e7 991 word32 inSz, word16 sz);
ashleymills 0:e979170e02e7 992 #ifndef NO_CERTS
ashleymills 0:e979170e02e7 993 CYASSL_LOCAL
ashleymills 0:e979170e02e7 994 int AddCA(CYASSL_CERT_MANAGER* ctx, buffer der, int type, int verify);
ashleymills 0:e979170e02e7 995 CYASSL_LOCAL
ashleymills 0:e979170e02e7 996 int AlreadySigner(CYASSL_CERT_MANAGER* cm, byte* hash);
ashleymills 0:e979170e02e7 997 #endif
ashleymills 0:e979170e02e7 998
ashleymills 0:e979170e02e7 999 /* All cipher suite related info */
ashleymills 0:e979170e02e7 1000 typedef struct CipherSpecs {
ashleymills 0:e979170e02e7 1001 byte bulk_cipher_algorithm;
ashleymills 0:e979170e02e7 1002 byte cipher_type; /* block, stream, or aead */
ashleymills 0:e979170e02e7 1003 byte mac_algorithm;
ashleymills 0:e979170e02e7 1004 byte kea; /* key exchange algo */
ashleymills 0:e979170e02e7 1005 byte sig_algo;
ashleymills 0:e979170e02e7 1006 byte hash_size;
ashleymills 0:e979170e02e7 1007 byte pad_size;
ashleymills 0:e979170e02e7 1008 byte static_ecdh;
ashleymills 0:e979170e02e7 1009 word16 key_size;
ashleymills 0:e979170e02e7 1010 word16 iv_size;
ashleymills 0:e979170e02e7 1011 word16 block_size;
ashleymills 0:e979170e02e7 1012 } CipherSpecs;
ashleymills 0:e979170e02e7 1013
ashleymills 0:e979170e02e7 1014
ashleymills 0:e979170e02e7 1015 void InitCipherSpecs(CipherSpecs* cs);
ashleymills 0:e979170e02e7 1016
ashleymills 0:e979170e02e7 1017
ashleymills 0:e979170e02e7 1018 /* Supported Ciphers from page 43 */
ashleymills 0:e979170e02e7 1019 enum BulkCipherAlgorithm {
ashleymills 0:e979170e02e7 1020 cipher_null,
ashleymills 0:e979170e02e7 1021 rc4,
ashleymills 0:e979170e02e7 1022 rc2,
ashleymills 0:e979170e02e7 1023 des,
ashleymills 0:e979170e02e7 1024 triple_des, /* leading 3 (3des) not valid identifier */
ashleymills 0:e979170e02e7 1025 des40,
ashleymills 0:e979170e02e7 1026 idea,
ashleymills 0:e979170e02e7 1027 aes,
ashleymills 0:e979170e02e7 1028 aes_gcm,
ashleymills 0:e979170e02e7 1029 aes_ccm,
ashleymills 0:e979170e02e7 1030 camellia,
ashleymills 0:e979170e02e7 1031 hc128, /* CyaSSL extensions */
ashleymills 0:e979170e02e7 1032 rabbit
ashleymills 0:e979170e02e7 1033 };
ashleymills 0:e979170e02e7 1034
ashleymills 0:e979170e02e7 1035
ashleymills 0:e979170e02e7 1036 /* Supported Message Authentication Codes from page 43 */
ashleymills 0:e979170e02e7 1037 enum MACAlgorithm {
ashleymills 0:e979170e02e7 1038 no_mac,
ashleymills 0:e979170e02e7 1039 md5_mac,
ashleymills 0:e979170e02e7 1040 sha_mac,
ashleymills 0:e979170e02e7 1041 sha224_mac,
ashleymills 0:e979170e02e7 1042 sha256_mac,
ashleymills 0:e979170e02e7 1043 sha384_mac,
ashleymills 0:e979170e02e7 1044 sha512_mac,
ashleymills 0:e979170e02e7 1045 rmd_mac
ashleymills 0:e979170e02e7 1046 };
ashleymills 0:e979170e02e7 1047
ashleymills 0:e979170e02e7 1048
ashleymills 0:e979170e02e7 1049 /* Supported Key Exchange Protocols */
ashleymills 0:e979170e02e7 1050 enum KeyExchangeAlgorithm {
ashleymills 0:e979170e02e7 1051 no_kea,
ashleymills 0:e979170e02e7 1052 rsa_kea,
ashleymills 0:e979170e02e7 1053 diffie_hellman_kea,
ashleymills 0:e979170e02e7 1054 fortezza_kea,
ashleymills 0:e979170e02e7 1055 psk_kea,
ashleymills 0:e979170e02e7 1056 ntru_kea,
ashleymills 0:e979170e02e7 1057 ecc_diffie_hellman_kea,
ashleymills 0:e979170e02e7 1058 ecc_static_diffie_hellman_kea /* for verify suite only */
ashleymills 0:e979170e02e7 1059 };
ashleymills 0:e979170e02e7 1060
ashleymills 0:e979170e02e7 1061
ashleymills 0:e979170e02e7 1062 /* Supported Authentication Schemes */
ashleymills 0:e979170e02e7 1063 enum SignatureAlgorithm {
ashleymills 0:e979170e02e7 1064 anonymous_sa_algo,
ashleymills 0:e979170e02e7 1065 rsa_sa_algo,
ashleymills 0:e979170e02e7 1066 dsa_sa_algo,
ashleymills 0:e979170e02e7 1067 ecc_dsa_sa_algo
ashleymills 0:e979170e02e7 1068 };
ashleymills 0:e979170e02e7 1069
ashleymills 0:e979170e02e7 1070
ashleymills 0:e979170e02e7 1071 /* Supprted ECC Curve Types */
ashleymills 0:e979170e02e7 1072 enum EccCurves {
ashleymills 0:e979170e02e7 1073 named_curve = 3
ashleymills 0:e979170e02e7 1074 };
ashleymills 0:e979170e02e7 1075
ashleymills 0:e979170e02e7 1076
ashleymills 0:e979170e02e7 1077 /* Supprted ECC Named Curves */
ashleymills 0:e979170e02e7 1078 enum EccNamedCurves {
ashleymills 0:e979170e02e7 1079 secp256r1 = 0x17, /* default, OpenSSL also calls it prime256v1 */
ashleymills 0:e979170e02e7 1080 secp384r1 = 0x18,
ashleymills 0:e979170e02e7 1081 secp521r1 = 0x19,
ashleymills 0:e979170e02e7 1082
ashleymills 0:e979170e02e7 1083 secp160r1 = 0x10,
ashleymills 0:e979170e02e7 1084 secp192r1 = 0x13, /* Openssl also call it prime192v1 */
ashleymills 0:e979170e02e7 1085 secp224r1 = 0x15
ashleymills 0:e979170e02e7 1086 };
ashleymills 0:e979170e02e7 1087
ashleymills 0:e979170e02e7 1088
ashleymills 0:e979170e02e7 1089 /* Valid client certificate request types from page 27 */
ashleymills 0:e979170e02e7 1090 enum ClientCertificateType {
ashleymills 0:e979170e02e7 1091 rsa_sign = 1,
ashleymills 0:e979170e02e7 1092 dss_sign = 2,
ashleymills 0:e979170e02e7 1093 rsa_fixed_dh = 3,
ashleymills 0:e979170e02e7 1094 dss_fixed_dh = 4,
ashleymills 0:e979170e02e7 1095 rsa_ephemeral_dh = 5,
ashleymills 0:e979170e02e7 1096 dss_ephemeral_dh = 6,
ashleymills 0:e979170e02e7 1097 fortezza_kea_cert = 20
ashleymills 0:e979170e02e7 1098 };
ashleymills 0:e979170e02e7 1099
ashleymills 0:e979170e02e7 1100
ashleymills 0:e979170e02e7 1101 enum CipherType { stream, block, aead };
ashleymills 0:e979170e02e7 1102
ashleymills 0:e979170e02e7 1103
ashleymills 0:e979170e02e7 1104 /* keys and secrets */
ashleymills 0:e979170e02e7 1105 typedef struct Keys {
ashleymills 0:e979170e02e7 1106 byte client_write_MAC_secret[SHA256_DIGEST_SIZE]; /* max sizes */
ashleymills 0:e979170e02e7 1107 byte server_write_MAC_secret[SHA256_DIGEST_SIZE];
ashleymills 0:e979170e02e7 1108 byte client_write_key[AES_256_KEY_SIZE]; /* max sizes */
ashleymills 0:e979170e02e7 1109 byte server_write_key[AES_256_KEY_SIZE];
ashleymills 0:e979170e02e7 1110 byte client_write_IV[AES_IV_SIZE]; /* max sizes */
ashleymills 0:e979170e02e7 1111 byte server_write_IV[AES_IV_SIZE];
ashleymills 0:e979170e02e7 1112 #ifdef HAVE_AEAD
ashleymills 0:e979170e02e7 1113 byte aead_exp_IV[AEAD_EXP_IV_SZ];
ashleymills 0:e979170e02e7 1114 byte aead_enc_imp_IV[AEAD_IMP_IV_SZ];
ashleymills 0:e979170e02e7 1115 byte aead_dec_imp_IV[AEAD_IMP_IV_SZ];
ashleymills 0:e979170e02e7 1116 #endif
ashleymills 0:e979170e02e7 1117
ashleymills 0:e979170e02e7 1118 word32 peer_sequence_number;
ashleymills 0:e979170e02e7 1119 word32 sequence_number;
ashleymills 0:e979170e02e7 1120
ashleymills 0:e979170e02e7 1121 #ifdef CYASSL_DTLS
ashleymills 0:e979170e02e7 1122 word32 dtls_sequence_number;
ashleymills 0:e979170e02e7 1123 word32 dtls_peer_sequence_number;
ashleymills 0:e979170e02e7 1124 word32 dtls_expected_peer_sequence_number;
ashleymills 0:e979170e02e7 1125 word16 dtls_handshake_number;
ashleymills 0:e979170e02e7 1126 word16 dtls_peer_handshake_number;
ashleymills 0:e979170e02e7 1127 word16 dtls_expected_peer_handshake_number;
ashleymills 0:e979170e02e7 1128 word16 dtls_epoch;
ashleymills 0:e979170e02e7 1129 word16 dtls_peer_epoch;
ashleymills 0:e979170e02e7 1130 word16 dtls_expected_peer_epoch;
ashleymills 0:e979170e02e7 1131 #endif
ashleymills 0:e979170e02e7 1132
ashleymills 0:e979170e02e7 1133 word32 encryptSz; /* last size of encrypted data */
ashleymills 0:e979170e02e7 1134 byte encryptionOn; /* true after change cipher spec */
ashleymills 0:e979170e02e7 1135 byte decryptedCur; /* only decrypt current record once */
ashleymills 0:e979170e02e7 1136 } Keys;
ashleymills 0:e979170e02e7 1137
ashleymills 0:e979170e02e7 1138
ashleymills 0:e979170e02e7 1139 /* cipher for now */
ashleymills 0:e979170e02e7 1140 typedef struct Ciphers {
ashleymills 0:e979170e02e7 1141 #ifdef BUILD_ARC4
ashleymills 0:e979170e02e7 1142 Arc4* arc4;
ashleymills 0:e979170e02e7 1143 #endif
ashleymills 0:e979170e02e7 1144 #ifdef BUILD_DES3
ashleymills 0:e979170e02e7 1145 Des3* des3;
ashleymills 0:e979170e02e7 1146 #endif
ashleymills 0:e979170e02e7 1147 #ifdef BUILD_AES
ashleymills 0:e979170e02e7 1148 Aes* aes;
ashleymills 0:e979170e02e7 1149 #endif
ashleymills 0:e979170e02e7 1150 #ifdef HAVE_CAMELLIA
ashleymills 0:e979170e02e7 1151 Camellia* cam;
ashleymills 0:e979170e02e7 1152 #endif
ashleymills 0:e979170e02e7 1153 #ifdef HAVE_HC128
ashleymills 0:e979170e02e7 1154 HC128* hc128;
ashleymills 0:e979170e02e7 1155 #endif
ashleymills 0:e979170e02e7 1156 #ifdef BUILD_RABBIT
ashleymills 0:e979170e02e7 1157 Rabbit* rabbit;
ashleymills 0:e979170e02e7 1158 #endif
ashleymills 0:e979170e02e7 1159 byte setup; /* have we set it up flag for detection */
ashleymills 0:e979170e02e7 1160 } Ciphers;
ashleymills 0:e979170e02e7 1161
ashleymills 0:e979170e02e7 1162
ashleymills 0:e979170e02e7 1163 CYASSL_LOCAL void InitCiphers(CYASSL* ssl);
ashleymills 0:e979170e02e7 1164 CYASSL_LOCAL void FreeCiphers(CYASSL* ssl);
ashleymills 0:e979170e02e7 1165
ashleymills 0:e979170e02e7 1166
ashleymills 0:e979170e02e7 1167 /* hashes type */
ashleymills 0:e979170e02e7 1168 typedef struct Hashes {
ashleymills 0:e979170e02e7 1169 #ifndef NO_MD5
ashleymills 0:e979170e02e7 1170 byte md5[MD5_DIGEST_SIZE];
ashleymills 0:e979170e02e7 1171 byte sha[SHA_DIGEST_SIZE];
ashleymills 0:e979170e02e7 1172 #else
ashleymills 0:e979170e02e7 1173 byte hash[FINISHED_SZ];
ashleymills 0:e979170e02e7 1174 #endif
ashleymills 0:e979170e02e7 1175 } Hashes;
ashleymills 0:e979170e02e7 1176
ashleymills 0:e979170e02e7 1177
ashleymills 0:e979170e02e7 1178 /* Static x509 buffer */
ashleymills 0:e979170e02e7 1179 typedef struct x509_buffer {
ashleymills 0:e979170e02e7 1180 int length; /* actual size */
ashleymills 0:e979170e02e7 1181 byte buffer[MAX_X509_SIZE]; /* max static cert size */
ashleymills 0:e979170e02e7 1182 } x509_buffer;
ashleymills 0:e979170e02e7 1183
ashleymills 0:e979170e02e7 1184
ashleymills 0:e979170e02e7 1185 /* CyaSSL X509_CHAIN, for no dynamic memory SESSION_CACHE */
ashleymills 0:e979170e02e7 1186 struct CYASSL_X509_CHAIN {
ashleymills 0:e979170e02e7 1187 int count; /* total number in chain */
ashleymills 0:e979170e02e7 1188 x509_buffer certs[MAX_CHAIN_DEPTH]; /* only allow max depth 4 for now */
ashleymills 0:e979170e02e7 1189 };
ashleymills 0:e979170e02e7 1190
ashleymills 0:e979170e02e7 1191
ashleymills 0:e979170e02e7 1192 /* CyaSSL session type */
ashleymills 0:e979170e02e7 1193 struct CYASSL_SESSION {
ashleymills 0:e979170e02e7 1194 byte sessionID[ID_LEN];
ashleymills 0:e979170e02e7 1195 byte masterSecret[SECRET_LEN];
ashleymills 0:e979170e02e7 1196 word32 bornOn; /* create time in seconds */
ashleymills 0:e979170e02e7 1197 word32 timeout; /* timeout in seconds */
ashleymills 0:e979170e02e7 1198 #ifdef SESSION_CERTS
ashleymills 0:e979170e02e7 1199 CYASSL_X509_CHAIN chain; /* peer cert chain, static */
ashleymills 0:e979170e02e7 1200 ProtocolVersion version;
ashleymills 0:e979170e02e7 1201 byte cipherSuite0; /* first byte, normally 0 */
ashleymills 0:e979170e02e7 1202 byte cipherSuite; /* 2nd byte, actual suite */
ashleymills 0:e979170e02e7 1203 #endif
ashleymills 0:e979170e02e7 1204 };
ashleymills 0:e979170e02e7 1205
ashleymills 0:e979170e02e7 1206
ashleymills 0:e979170e02e7 1207 CYASSL_LOCAL
ashleymills 0:e979170e02e7 1208 CYASSL_SESSION* GetSession(CYASSL*, byte*);
ashleymills 0:e979170e02e7 1209 CYASSL_LOCAL
ashleymills 0:e979170e02e7 1210 int SetSession(CYASSL*, CYASSL_SESSION*);
ashleymills 0:e979170e02e7 1211
ashleymills 0:e979170e02e7 1212 typedef void (*hmacfp) (CYASSL*, byte*, const byte*, word32, int, int);
ashleymills 0:e979170e02e7 1213
ashleymills 0:e979170e02e7 1214
ashleymills 0:e979170e02e7 1215 /* client connect state for nonblocking restart */
ashleymills 0:e979170e02e7 1216 enum ConnectState {
ashleymills 0:e979170e02e7 1217 CONNECT_BEGIN = 0,
ashleymills 0:e979170e02e7 1218 CLIENT_HELLO_SENT,
ashleymills 0:e979170e02e7 1219 HELLO_AGAIN, /* HELLO_AGAIN s for DTLS case */
ashleymills 0:e979170e02e7 1220 HELLO_AGAIN_REPLY,
ashleymills 0:e979170e02e7 1221 FIRST_REPLY_DONE,
ashleymills 0:e979170e02e7 1222 FIRST_REPLY_FIRST,
ashleymills 0:e979170e02e7 1223 FIRST_REPLY_SECOND,
ashleymills 0:e979170e02e7 1224 FIRST_REPLY_THIRD,
ashleymills 0:e979170e02e7 1225 FIRST_REPLY_FOURTH,
ashleymills 0:e979170e02e7 1226 FINISHED_DONE,
ashleymills 0:e979170e02e7 1227 SECOND_REPLY_DONE
ashleymills 0:e979170e02e7 1228 };
ashleymills 0:e979170e02e7 1229
ashleymills 0:e979170e02e7 1230
ashleymills 0:e979170e02e7 1231 /* server accept state for nonblocking restart */
ashleymills 0:e979170e02e7 1232 enum AcceptState {
ashleymills 0:e979170e02e7 1233 ACCEPT_BEGIN = 0,
ashleymills 0:e979170e02e7 1234 ACCEPT_CLIENT_HELLO_DONE,
ashleymills 0:e979170e02e7 1235 HELLO_VERIFY_SENT,
ashleymills 0:e979170e02e7 1236 ACCEPT_FIRST_REPLY_DONE,
ashleymills 0:e979170e02e7 1237 SERVER_HELLO_SENT,
ashleymills 0:e979170e02e7 1238 CERT_SENT,
ashleymills 0:e979170e02e7 1239 KEY_EXCHANGE_SENT,
ashleymills 0:e979170e02e7 1240 CERT_REQ_SENT,
ashleymills 0:e979170e02e7 1241 SERVER_HELLO_DONE,
ashleymills 0:e979170e02e7 1242 ACCEPT_SECOND_REPLY_DONE,
ashleymills 0:e979170e02e7 1243 CHANGE_CIPHER_SENT,
ashleymills 0:e979170e02e7 1244 ACCEPT_FINISHED_DONE,
ashleymills 0:e979170e02e7 1245 ACCEPT_THIRD_REPLY_DONE
ashleymills 0:e979170e02e7 1246 };
ashleymills 0:e979170e02e7 1247
ashleymills 0:e979170e02e7 1248
ashleymills 0:e979170e02e7 1249 typedef struct Buffers {
ashleymills 0:e979170e02e7 1250 #ifndef NO_CERTS
ashleymills 0:e979170e02e7 1251 buffer certificate; /* CYASSL_CTX owns, unless we own */
ashleymills 0:e979170e02e7 1252 buffer key; /* CYASSL_CTX owns, unless we own */
ashleymills 0:e979170e02e7 1253 buffer certChain; /* CYASSL_CTX owns */
ashleymills 0:e979170e02e7 1254 /* chain after self, in DER, with leading size for each cert */
ashleymills 0:e979170e02e7 1255 buffer serverDH_P; /* CYASSL_CTX owns, unless we own */
ashleymills 0:e979170e02e7 1256 buffer serverDH_G; /* CYASSL_CTX owns, unless we own */
ashleymills 0:e979170e02e7 1257 buffer serverDH_Pub;
ashleymills 0:e979170e02e7 1258 buffer serverDH_Priv;
ashleymills 0:e979170e02e7 1259 #endif
ashleymills 0:e979170e02e7 1260 buffer domainName; /* for client check */
ashleymills 0:e979170e02e7 1261 bufferStatic inputBuffer;
ashleymills 0:e979170e02e7 1262 bufferStatic outputBuffer;
ashleymills 0:e979170e02e7 1263 buffer clearOutputBuffer;
ashleymills 0:e979170e02e7 1264 int prevSent; /* previous plain text bytes sent
ashleymills 0:e979170e02e7 1265 when got WANT_WRITE */
ashleymills 0:e979170e02e7 1266 int plainSz; /* plain text bytes in buffer to send
ashleymills 0:e979170e02e7 1267 when got WANT_WRITE */
ashleymills 0:e979170e02e7 1268 byte weOwnCert; /* SSL own cert flag */
ashleymills 0:e979170e02e7 1269 byte weOwnKey; /* SSL own key flag */
ashleymills 0:e979170e02e7 1270 byte weOwnDH; /* SSL own dh (p,g) flag */
ashleymills 0:e979170e02e7 1271 #ifdef CYASSL_DTLS
ashleymills 0:e979170e02e7 1272 buffer dtlsHandshake; /* DTLS handshake defragment buf */
ashleymills 0:e979170e02e7 1273 word32 dtlsUsed; /* DTLS bytes used in buffer */
ashleymills 0:e979170e02e7 1274 byte dtlsType; /* DTLS handshake frag type */
ashleymills 0:e979170e02e7 1275 CYASSL_DTLS_CTX dtlsCtx; /* DTLS connection context */
ashleymills 0:e979170e02e7 1276 #endif
ashleymills 0:e979170e02e7 1277 } Buffers;
ashleymills 0:e979170e02e7 1278
ashleymills 0:e979170e02e7 1279
ashleymills 0:e979170e02e7 1280 typedef struct Options {
ashleymills 0:e979170e02e7 1281 byte sessionCacheOff;
ashleymills 0:e979170e02e7 1282 byte sessionCacheFlushOff;
ashleymills 0:e979170e02e7 1283 byte cipherSuite0; /* first byte, normally 0 */
ashleymills 0:e979170e02e7 1284 byte cipherSuite; /* second byte, actual suite */
ashleymills 0:e979170e02e7 1285 byte serverState;
ashleymills 0:e979170e02e7 1286 byte clientState;
ashleymills 0:e979170e02e7 1287 byte handShakeState;
ashleymills 0:e979170e02e7 1288 byte side; /* client or server end */
ashleymills 0:e979170e02e7 1289 byte verifyPeer;
ashleymills 0:e979170e02e7 1290 byte verifyNone;
ashleymills 0:e979170e02e7 1291 byte failNoCert;
ashleymills 0:e979170e02e7 1292 byte downgrade; /* allow downgrade of versions */
ashleymills 0:e979170e02e7 1293 byte sendVerify; /* false = 0, true = 1, sendBlank = 2 */
ashleymills 0:e979170e02e7 1294 byte resuming;
ashleymills 0:e979170e02e7 1295 byte haveSessionId; /* server may not send */
ashleymills 0:e979170e02e7 1296 byte tls; /* using TLS ? */
ashleymills 0:e979170e02e7 1297 byte tls1_1; /* using TLSv1.1+ ? */
ashleymills 0:e979170e02e7 1298 byte dtls; /* using datagrams ? */
ashleymills 0:e979170e02e7 1299 byte connReset; /* has the peer reset */
ashleymills 0:e979170e02e7 1300 byte isClosed; /* if we consider conn closed */
ashleymills 0:e979170e02e7 1301 byte closeNotify; /* we've recieved a close notify */
ashleymills 0:e979170e02e7 1302 byte sentNotify; /* we've sent a close notify */
ashleymills 0:e979170e02e7 1303 byte connectState; /* nonblocking resume */
ashleymills 0:e979170e02e7 1304 byte acceptState; /* nonblocking resume */
ashleymills 0:e979170e02e7 1305 byte usingCompression; /* are we using compression */
ashleymills 0:e979170e02e7 1306 byte haveRSA; /* RSA available */
ashleymills 0:e979170e02e7 1307 byte haveDH; /* server DH parms set by user */
ashleymills 0:e979170e02e7 1308 byte haveNTRU; /* server NTRU private key loaded */
ashleymills 0:e979170e02e7 1309 byte haveECDSAsig; /* server ECDSA signed cert */
ashleymills 0:e979170e02e7 1310 byte haveStaticECC; /* static server ECC private key */
ashleymills 0:e979170e02e7 1311 byte havePeerCert; /* do we have peer's cert */
ashleymills 0:e979170e02e7 1312 byte usingPSK_cipher; /* whether we're using psk as cipher */
ashleymills 0:e979170e02e7 1313 byte sendAlertState; /* nonblocking resume */
ashleymills 0:e979170e02e7 1314 byte processReply; /* nonblocking resume */
ashleymills 0:e979170e02e7 1315 byte partialWrite; /* only one msg per write call */
ashleymills 0:e979170e02e7 1316 byte quietShutdown; /* don't send close notify */
ashleymills 0:e979170e02e7 1317 byte certOnly; /* stop once we get cert */
ashleymills 0:e979170e02e7 1318 byte groupMessages; /* group handshake messages */
ashleymills 0:e979170e02e7 1319 byte usingNonblock; /* set when using nonblocking socket */
ashleymills 0:e979170e02e7 1320 byte saveArrays; /* save array Memory for user get keys
ashleymills 0:e979170e02e7 1321 or psk */
ashleymills 0:e979170e02e7 1322 #ifndef NO_PSK
ashleymills 0:e979170e02e7 1323 byte havePSK; /* psk key set by user */
ashleymills 0:e979170e02e7 1324 psk_client_callback client_psk_cb;
ashleymills 0:e979170e02e7 1325 psk_server_callback server_psk_cb;
ashleymills 0:e979170e02e7 1326 #endif /* NO_PSK */
ashleymills 0:e979170e02e7 1327 } Options;
ashleymills 0:e979170e02e7 1328
ashleymills 0:e979170e02e7 1329
ashleymills 0:e979170e02e7 1330 typedef struct Arrays {
ashleymills 0:e979170e02e7 1331 byte clientRandom[RAN_LEN];
ashleymills 0:e979170e02e7 1332 byte serverRandom[RAN_LEN];
ashleymills 0:e979170e02e7 1333 byte sessionID[ID_LEN];
ashleymills 0:e979170e02e7 1334 byte preMasterSecret[ENCRYPT_LEN];
ashleymills 0:e979170e02e7 1335 byte masterSecret[SECRET_LEN];
ashleymills 0:e979170e02e7 1336 #ifdef CYASSL_DTLS
ashleymills 0:e979170e02e7 1337 byte cookie[MAX_COOKIE_LEN];
ashleymills 0:e979170e02e7 1338 byte cookieSz;
ashleymills 0:e979170e02e7 1339 #endif
ashleymills 0:e979170e02e7 1340 #ifndef NO_PSK
ashleymills 0:e979170e02e7 1341 char client_identity[MAX_PSK_ID_LEN];
ashleymills 0:e979170e02e7 1342 char server_hint[MAX_PSK_ID_LEN];
ashleymills 0:e979170e02e7 1343 byte psk_key[MAX_PSK_KEY_LEN];
ashleymills 0:e979170e02e7 1344 word32 psk_keySz; /* acutal size */
ashleymills 0:e979170e02e7 1345 #endif
ashleymills 0:e979170e02e7 1346 word32 preMasterSz; /* differs for DH, actual size */
ashleymills 0:e979170e02e7 1347 } Arrays;
ashleymills 0:e979170e02e7 1348
ashleymills 0:e979170e02e7 1349
ashleymills 0:e979170e02e7 1350 struct CYASSL_X509_NAME {
ashleymills 0:e979170e02e7 1351 char name[ASN_NAME_MAX];
ashleymills 0:e979170e02e7 1352 int sz;
ashleymills 0:e979170e02e7 1353 };
ashleymills 0:e979170e02e7 1354
ashleymills 0:e979170e02e7 1355
ashleymills 0:e979170e02e7 1356 struct CYASSL_X509 {
ashleymills 0:e979170e02e7 1357 CYASSL_X509_NAME issuer;
ashleymills 0:e979170e02e7 1358 CYASSL_X509_NAME subject;
ashleymills 0:e979170e02e7 1359 int serialSz;
ashleymills 0:e979170e02e7 1360 byte serial[EXTERNAL_SERIAL_SIZE];
ashleymills 0:e979170e02e7 1361 char subjectCN[ASN_NAME_MAX]; /* common name short cut */
ashleymills 0:e979170e02e7 1362 buffer derCert; /* may need */
ashleymills 0:e979170e02e7 1363 DNS_entry* altNames; /* alt names list */
ashleymills 0:e979170e02e7 1364 DNS_entry* altNamesNext; /* hint for retrieval */
ashleymills 0:e979170e02e7 1365 };
ashleymills 0:e979170e02e7 1366
ashleymills 0:e979170e02e7 1367
ashleymills 0:e979170e02e7 1368 /* record layer header for PlainText, Compressed, and CipherText */
ashleymills 0:e979170e02e7 1369 typedef struct RecordLayerHeader {
ashleymills 0:e979170e02e7 1370 byte type;
ashleymills 0:e979170e02e7 1371 byte pvMajor;
ashleymills 0:e979170e02e7 1372 byte pvMinor;
ashleymills 0:e979170e02e7 1373 byte length[2];
ashleymills 0:e979170e02e7 1374 } RecordLayerHeader;
ashleymills 0:e979170e02e7 1375
ashleymills 0:e979170e02e7 1376
ashleymills 0:e979170e02e7 1377 /* record layer header for DTLS PlainText, Compressed, and CipherText */
ashleymills 0:e979170e02e7 1378 typedef struct DtlsRecordLayerHeader {
ashleymills 0:e979170e02e7 1379 byte type;
ashleymills 0:e979170e02e7 1380 byte pvMajor;
ashleymills 0:e979170e02e7 1381 byte pvMinor;
ashleymills 0:e979170e02e7 1382 byte epoch[2]; /* increment on cipher state change */
ashleymills 0:e979170e02e7 1383 byte sequence_number[6]; /* per record */
ashleymills 0:e979170e02e7 1384 byte length[2];
ashleymills 0:e979170e02e7 1385 } DtlsRecordLayerHeader;
ashleymills 0:e979170e02e7 1386
ashleymills 0:e979170e02e7 1387
ashleymills 0:e979170e02e7 1388 typedef struct DtlsPool {
ashleymills 0:e979170e02e7 1389 buffer buf[DTLS_POOL_SZ];
ashleymills 0:e979170e02e7 1390 int used;
ashleymills 0:e979170e02e7 1391 } DtlsPool;
ashleymills 0:e979170e02e7 1392
ashleymills 0:e979170e02e7 1393
ashleymills 0:e979170e02e7 1394 /* CyaSSL ssl type */
ashleymills 0:e979170e02e7 1395 struct CYASSL {
ashleymills 0:e979170e02e7 1396 CYASSL_CTX* ctx;
ashleymills 0:e979170e02e7 1397 int error;
ashleymills 0:e979170e02e7 1398 ProtocolVersion version; /* negotiated version */
ashleymills 0:e979170e02e7 1399 ProtocolVersion chVersion; /* client hello version */
ashleymills 0:e979170e02e7 1400 Suites* suites; /* only need during handshake */
ashleymills 0:e979170e02e7 1401 Ciphers encrypt;
ashleymills 0:e979170e02e7 1402 Ciphers decrypt;
ashleymills 0:e979170e02e7 1403 CipherSpecs specs;
ashleymills 0:e979170e02e7 1404 Keys keys;
ashleymills 0:e979170e02e7 1405 int rfd; /* read file descriptor */
ashleymills 0:e979170e02e7 1406 int wfd; /* write file descriptor */
ashleymills 0:e979170e02e7 1407 int rflags; /* user read flags */
ashleymills 0:e979170e02e7 1408 int wflags; /* user write flags */
ashleymills 0:e979170e02e7 1409 CYASSL_BIO* biord; /* socket bio read to free/close */
ashleymills 0:e979170e02e7 1410 CYASSL_BIO* biowr; /* socket bio write to free/close */
ashleymills 0:e979170e02e7 1411 void* IOCB_ReadCtx;
ashleymills 0:e979170e02e7 1412 void* IOCB_WriteCtx;
ashleymills 0:e979170e02e7 1413 RNG* rng;
ashleymills 0:e979170e02e7 1414 Sha hashSha; /* sha hash of handshake msgs */
ashleymills 0:e979170e02e7 1415 #ifndef NO_MD5
ashleymills 0:e979170e02e7 1416 Md5 hashMd5; /* md5 hash of handshake msgs */
ashleymills 0:e979170e02e7 1417 #endif
ashleymills 0:e979170e02e7 1418 #ifndef NO_SHA256
ashleymills 0:e979170e02e7 1419 Sha256 hashSha256; /* sha256 hash of handshake msgs */
ashleymills 0:e979170e02e7 1420 #endif
ashleymills 0:e979170e02e7 1421 #ifdef CYASSL_SHA384
ashleymills 0:e979170e02e7 1422 Sha384 hashSha384; /* sha384 hash of handshake msgs */
ashleymills 0:e979170e02e7 1423 #endif
ashleymills 0:e979170e02e7 1424 Hashes verifyHashes;
ashleymills 0:e979170e02e7 1425 Hashes certHashes; /* for cert verify */
ashleymills 0:e979170e02e7 1426 Buffers buffers;
ashleymills 0:e979170e02e7 1427 Options options;
ashleymills 0:e979170e02e7 1428 Arrays* arrays;
ashleymills 0:e979170e02e7 1429 CYASSL_SESSION session;
ashleymills 0:e979170e02e7 1430 VerifyCallback verifyCallback; /* cert verification callback */
ashleymills 0:e979170e02e7 1431 #ifndef NO_RSA
ashleymills 0:e979170e02e7 1432 RsaKey* peerRsaKey;
ashleymills 0:e979170e02e7 1433 byte peerRsaKeyPresent;
ashleymills 0:e979170e02e7 1434 #endif
ashleymills 0:e979170e02e7 1435 #ifdef HAVE_NTRU
ashleymills 0:e979170e02e7 1436 word16 peerNtruKeyLen;
ashleymills 0:e979170e02e7 1437 byte peerNtruKey[MAX_NTRU_PUB_KEY_SZ];
ashleymills 0:e979170e02e7 1438 byte peerNtruKeyPresent;
ashleymills 0:e979170e02e7 1439 #endif
ashleymills 0:e979170e02e7 1440 #ifdef HAVE_ECC
ashleymills 0:e979170e02e7 1441 ecc_key* peerEccKey; /* peer's ECDHE key */
ashleymills 0:e979170e02e7 1442 ecc_key* peerEccDsaKey; /* peer's ECDSA key */
ashleymills 0:e979170e02e7 1443 ecc_key* eccTempKey; /* private ECDHE key */
ashleymills 0:e979170e02e7 1444 ecc_key* eccDsaKey; /* private ECDSA key */
ashleymills 0:e979170e02e7 1445 word16 eccTempKeySz; /* in octets 20 - 66 */
ashleymills 0:e979170e02e7 1446 byte peerEccKeyPresent;
ashleymills 0:e979170e02e7 1447 byte peerEccDsaKeyPresent;
ashleymills 0:e979170e02e7 1448 byte eccTempKeyPresent;
ashleymills 0:e979170e02e7 1449 byte eccDsaKeyPresent;
ashleymills 0:e979170e02e7 1450 #endif
ashleymills 0:e979170e02e7 1451 hmacfp hmac;
ashleymills 0:e979170e02e7 1452 void* heap; /* for user overrides */
ashleymills 0:e979170e02e7 1453 RecordLayerHeader curRL;
ashleymills 0:e979170e02e7 1454 word16 curSize;
ashleymills 0:e979170e02e7 1455 word32 timeout; /* session timeout */
ashleymills 0:e979170e02e7 1456 CYASSL_CIPHER cipher;
ashleymills 0:e979170e02e7 1457 #ifdef HAVE_LIBZ
ashleymills 0:e979170e02e7 1458 z_stream c_stream; /* compression stream */
ashleymills 0:e979170e02e7 1459 z_stream d_stream; /* decompression stream */
ashleymills 0:e979170e02e7 1460 byte didStreamInit; /* for stream init and end */
ashleymills 0:e979170e02e7 1461 #endif
ashleymills 0:e979170e02e7 1462 #ifdef CYASSL_DTLS
ashleymills 0:e979170e02e7 1463 int dtls_timeout;
ashleymills 0:e979170e02e7 1464 DtlsPool* dtls_pool;
ashleymills 0:e979170e02e7 1465 #endif
ashleymills 0:e979170e02e7 1466 #ifdef CYASSL_CALLBACKS
ashleymills 0:e979170e02e7 1467 HandShakeInfo handShakeInfo; /* info saved during handshake */
ashleymills 0:e979170e02e7 1468 TimeoutInfo timeoutInfo; /* info saved during handshake */
ashleymills 0:e979170e02e7 1469 byte hsInfoOn; /* track handshake info */
ashleymills 0:e979170e02e7 1470 byte toInfoOn; /* track timeout info */
ashleymills 0:e979170e02e7 1471 #endif
ashleymills 0:e979170e02e7 1472 #ifdef OPENSSL_EXTRA
ashleymills 0:e979170e02e7 1473 CYASSL_X509 peerCert; /* X509 peer cert */
ashleymills 0:e979170e02e7 1474 #endif
ashleymills 0:e979170e02e7 1475 #ifdef FORTRESS
ashleymills 0:e979170e02e7 1476 void* ex_data[MAX_EX_DATA]; /* external data, for Fortress */
ashleymills 0:e979170e02e7 1477 #endif
ashleymills 0:e979170e02e7 1478 #ifdef HAVE_CAVIUM
ashleymills 0:e979170e02e7 1479 int devId; /* cavium device id to use */
ashleymills 0:e979170e02e7 1480 #endif
ashleymills 0:e979170e02e7 1481 };
ashleymills 0:e979170e02e7 1482
ashleymills 0:e979170e02e7 1483
ashleymills 0:e979170e02e7 1484 CYASSL_LOCAL
ashleymills 0:e979170e02e7 1485 int InitSSL(CYASSL*, CYASSL_CTX*);
ashleymills 0:e979170e02e7 1486 CYASSL_LOCAL
ashleymills 0:e979170e02e7 1487 void FreeSSL(CYASSL*);
ashleymills 0:e979170e02e7 1488 CYASSL_API void SSL_ResourceFree(CYASSL*); /* Micrium uses */
ashleymills 0:e979170e02e7 1489
ashleymills 0:e979170e02e7 1490
ashleymills 0:e979170e02e7 1491 enum {
ashleymills 0:e979170e02e7 1492 IV_SZ = 32, /* max iv sz */
ashleymills 0:e979170e02e7 1493 NAME_SZ = 80 /* max one line */
ashleymills 0:e979170e02e7 1494 };
ashleymills 0:e979170e02e7 1495
ashleymills 0:e979170e02e7 1496
ashleymills 0:e979170e02e7 1497 typedef struct EncryptedInfo {
ashleymills 0:e979170e02e7 1498 char name[NAME_SZ]; /* encryption name */
ashleymills 0:e979170e02e7 1499 byte iv[IV_SZ]; /* encrypted IV */
ashleymills 0:e979170e02e7 1500 word32 ivSz; /* encrypted IV size */
ashleymills 0:e979170e02e7 1501 long consumed; /* tracks PEM bytes consumed */
ashleymills 0:e979170e02e7 1502 byte set; /* if encryption set */
ashleymills 0:e979170e02e7 1503 CYASSL_CTX* ctx; /* CTX owner */
ashleymills 0:e979170e02e7 1504 } EncryptedInfo;
ashleymills 0:e979170e02e7 1505
ashleymills 0:e979170e02e7 1506
ashleymills 0:e979170e02e7 1507 #ifndef NO_CERTS
ashleymills 0:e979170e02e7 1508 CYASSL_LOCAL int PemToDer(const unsigned char* buff, long sz, int type,
ashleymills 0:e979170e02e7 1509 buffer* der, void* heap, EncryptedInfo* info,
ashleymills 0:e979170e02e7 1510 int* eccKey);
ashleymills 0:e979170e02e7 1511
ashleymills 0:e979170e02e7 1512 CYASSL_LOCAL int ProcessFile(CYASSL_CTX* ctx, const char* fname, int format,
ashleymills 0:e979170e02e7 1513 int type, CYASSL* ssl, int userChain,
ashleymills 0:e979170e02e7 1514 CYASSL_CRL* crl);
ashleymills 0:e979170e02e7 1515 #endif
ashleymills 0:e979170e02e7 1516
ashleymills 0:e979170e02e7 1517
ashleymills 0:e979170e02e7 1518 #ifdef CYASSL_CALLBACKS
ashleymills 0:e979170e02e7 1519 CYASSL_LOCAL
ashleymills 0:e979170e02e7 1520 void InitHandShakeInfo(HandShakeInfo*);
ashleymills 0:e979170e02e7 1521 CYASSL_LOCAL
ashleymills 0:e979170e02e7 1522 void FinishHandShakeInfo(HandShakeInfo*, const CYASSL*);
ashleymills 0:e979170e02e7 1523 CYASSL_LOCAL
ashleymills 0:e979170e02e7 1524 void AddPacketName(const char*, HandShakeInfo*);
ashleymills 0:e979170e02e7 1525
ashleymills 0:e979170e02e7 1526 CYASSL_LOCAL
ashleymills 0:e979170e02e7 1527 void InitTimeoutInfo(TimeoutInfo*);
ashleymills 0:e979170e02e7 1528 CYASSL_LOCAL
ashleymills 0:e979170e02e7 1529 void FreeTimeoutInfo(TimeoutInfo*, void*);
ashleymills 0:e979170e02e7 1530 CYASSL_LOCAL
ashleymills 0:e979170e02e7 1531 void AddPacketInfo(const char*, TimeoutInfo*, const byte*, int, void*);
ashleymills 0:e979170e02e7 1532 CYASSL_LOCAL
ashleymills 0:e979170e02e7 1533 void AddLateName(const char*, TimeoutInfo*);
ashleymills 0:e979170e02e7 1534 CYASSL_LOCAL
ashleymills 0:e979170e02e7 1535 void AddLateRecordHeader(const RecordLayerHeader* rl, TimeoutInfo* info);
ashleymills 0:e979170e02e7 1536 #endif
ashleymills 0:e979170e02e7 1537
ashleymills 0:e979170e02e7 1538
ashleymills 0:e979170e02e7 1539 /* Record Layer Header identifier from page 12 */
ashleymills 0:e979170e02e7 1540 enum ContentType {
ashleymills 0:e979170e02e7 1541 no_type = 0,
ashleymills 0:e979170e02e7 1542 change_cipher_spec = 20,
ashleymills 0:e979170e02e7 1543 alert = 21,
ashleymills 0:e979170e02e7 1544 handshake = 22,
ashleymills 0:e979170e02e7 1545 application_data = 23
ashleymills 0:e979170e02e7 1546 };
ashleymills 0:e979170e02e7 1547
ashleymills 0:e979170e02e7 1548
ashleymills 0:e979170e02e7 1549 /* handshake header, same for each message type, pgs 20/21 */
ashleymills 0:e979170e02e7 1550 typedef struct HandShakeHeader {
ashleymills 0:e979170e02e7 1551 byte type;
ashleymills 0:e979170e02e7 1552 word24 length;
ashleymills 0:e979170e02e7 1553 } HandShakeHeader;
ashleymills 0:e979170e02e7 1554
ashleymills 0:e979170e02e7 1555
ashleymills 0:e979170e02e7 1556 /* DTLS handshake header, same for each message type */
ashleymills 0:e979170e02e7 1557 typedef struct DtlsHandShakeHeader {
ashleymills 0:e979170e02e7 1558 byte type;
ashleymills 0:e979170e02e7 1559 word24 length;
ashleymills 0:e979170e02e7 1560 byte message_seq[2]; /* start at 0, restransmit gets same # */
ashleymills 0:e979170e02e7 1561 word24 fragment_offset; /* bytes in previous fragments */
ashleymills 0:e979170e02e7 1562 word24 fragment_length; /* length of this fragment */
ashleymills 0:e979170e02e7 1563 } DtlsHandShakeHeader;
ashleymills 0:e979170e02e7 1564
ashleymills 0:e979170e02e7 1565
ashleymills 0:e979170e02e7 1566 enum HandShakeType {
ashleymills 0:e979170e02e7 1567 no_shake = -1,
ashleymills 0:e979170e02e7 1568 hello_request = 0,
ashleymills 0:e979170e02e7 1569 client_hello = 1,
ashleymills 0:e979170e02e7 1570 server_hello = 2,
ashleymills 0:e979170e02e7 1571 hello_verify_request = 3, /* DTLS addition */
ashleymills 0:e979170e02e7 1572 session_ticket = 4,
ashleymills 0:e979170e02e7 1573 certificate = 11,
ashleymills 0:e979170e02e7 1574 server_key_exchange = 12,
ashleymills 0:e979170e02e7 1575 certificate_request = 13,
ashleymills 0:e979170e02e7 1576 server_hello_done = 14,
ashleymills 0:e979170e02e7 1577 certificate_verify = 15,
ashleymills 0:e979170e02e7 1578 client_key_exchange = 16,
ashleymills 0:e979170e02e7 1579 finished = 20
ashleymills 0:e979170e02e7 1580 };
ashleymills 0:e979170e02e7 1581
ashleymills 0:e979170e02e7 1582
ashleymills 0:e979170e02e7 1583 /* Valid Alert types from page 16/17 */
ashleymills 0:e979170e02e7 1584 enum AlertDescription {
ashleymills 0:e979170e02e7 1585 close_notify = 0,
ashleymills 0:e979170e02e7 1586 unexpected_message = 10,
ashleymills 0:e979170e02e7 1587 bad_record_mac = 20,
ashleymills 0:e979170e02e7 1588 decompression_failure = 30,
ashleymills 0:e979170e02e7 1589 handshake_failure = 40,
ashleymills 0:e979170e02e7 1590 no_certificate = 41,
ashleymills 0:e979170e02e7 1591 bad_certificate = 42,
ashleymills 0:e979170e02e7 1592 unsupported_certificate = 43,
ashleymills 0:e979170e02e7 1593 certificate_revoked = 44,
ashleymills 0:e979170e02e7 1594 certificate_expired = 45,
ashleymills 0:e979170e02e7 1595 certificate_unknown = 46,
ashleymills 0:e979170e02e7 1596 illegal_parameter = 47,
ashleymills 0:e979170e02e7 1597 decrypt_error = 51,
ashleymills 0:e979170e02e7 1598 protocol_version = 70,
ashleymills 0:e979170e02e7 1599 no_renegotiation = 100
ashleymills 0:e979170e02e7 1600 };
ashleymills 0:e979170e02e7 1601
ashleymills 0:e979170e02e7 1602
ashleymills 0:e979170e02e7 1603 /* I/O Callback default errors */
ashleymills 0:e979170e02e7 1604 enum IOerrors {
ashleymills 0:e979170e02e7 1605 IO_ERR_GENERAL = -1, /* general unexpected err, not in below group */
ashleymills 0:e979170e02e7 1606 IO_ERR_WANT_READ = -2, /* need to call read again */
ashleymills 0:e979170e02e7 1607 IO_ERR_WANT_WRITE = -2, /* need to call write again */
ashleymills 0:e979170e02e7 1608 IO_ERR_CONN_RST = -3, /* connection reset */
ashleymills 0:e979170e02e7 1609 IO_ERR_ISR = -4, /* interrupt */
ashleymills 0:e979170e02e7 1610 IO_ERR_CONN_CLOSE = -5, /* connection closed or epipe */
ashleymills 0:e979170e02e7 1611 IO_ERR_TIMEOUT = -6 /* socket timeout */
ashleymills 0:e979170e02e7 1612 };
ashleymills 0:e979170e02e7 1613
ashleymills 0:e979170e02e7 1614
ashleymills 0:e979170e02e7 1615 enum AlertLevel {
ashleymills 0:e979170e02e7 1616 alert_warning = 1,
ashleymills 0:e979170e02e7 1617 alert_fatal = 2
ashleymills 0:e979170e02e7 1618 };
ashleymills 0:e979170e02e7 1619
ashleymills 0:e979170e02e7 1620
ashleymills 0:e979170e02e7 1621 static const byte client[SIZEOF_SENDER] = { 0x43, 0x4C, 0x4E, 0x54 };
ashleymills 0:e979170e02e7 1622 static const byte server[SIZEOF_SENDER] = { 0x53, 0x52, 0x56, 0x52 };
ashleymills 0:e979170e02e7 1623
ashleymills 0:e979170e02e7 1624 static const byte tls_client[FINISHED_LABEL_SZ + 1] = "client finished";
ashleymills 0:e979170e02e7 1625 static const byte tls_server[FINISHED_LABEL_SZ + 1] = "server finished";
ashleymills 0:e979170e02e7 1626
ashleymills 0:e979170e02e7 1627
ashleymills 0:e979170e02e7 1628 /* internal functions */
ashleymills 0:e979170e02e7 1629 CYASSL_LOCAL int SendChangeCipher(CYASSL*);
ashleymills 0:e979170e02e7 1630 CYASSL_LOCAL int SendData(CYASSL*, const void*, int);
ashleymills 0:e979170e02e7 1631 CYASSL_LOCAL int SendCertificate(CYASSL*);
ashleymills 0:e979170e02e7 1632 CYASSL_LOCAL int SendCertificateRequest(CYASSL*);
ashleymills 0:e979170e02e7 1633 CYASSL_LOCAL int SendServerKeyExchange(CYASSL*);
ashleymills 0:e979170e02e7 1634 CYASSL_LOCAL int SendBuffered(CYASSL*);
ashleymills 0:e979170e02e7 1635 CYASSL_LOCAL int ReceiveData(CYASSL*, byte*, int, int);
ashleymills 0:e979170e02e7 1636 CYASSL_LOCAL int SendFinished(CYASSL*);
ashleymills 0:e979170e02e7 1637 CYASSL_LOCAL int SendAlert(CYASSL*, int, int);
ashleymills 0:e979170e02e7 1638 CYASSL_LOCAL int ProcessReply(CYASSL*);
ashleymills 0:e979170e02e7 1639
ashleymills 0:e979170e02e7 1640 CYASSL_LOCAL int SetCipherSpecs(CYASSL*);
ashleymills 0:e979170e02e7 1641 CYASSL_LOCAL int MakeMasterSecret(CYASSL*);
ashleymills 0:e979170e02e7 1642
ashleymills 0:e979170e02e7 1643 CYASSL_LOCAL int AddSession(CYASSL*);
ashleymills 0:e979170e02e7 1644 CYASSL_LOCAL int DeriveKeys(CYASSL* ssl);
ashleymills 0:e979170e02e7 1645 CYASSL_LOCAL int StoreKeys(CYASSL* ssl, const byte* keyData);
ashleymills 0:e979170e02e7 1646
ashleymills 0:e979170e02e7 1647 CYASSL_LOCAL int IsTLS(const CYASSL* ssl);
ashleymills 0:e979170e02e7 1648 CYASSL_LOCAL int IsAtLeastTLSv1_2(const CYASSL* ssl);
ashleymills 0:e979170e02e7 1649
ashleymills 0:e979170e02e7 1650 CYASSL_LOCAL void FreeHandshakeResources(CYASSL* ssl);
ashleymills 0:e979170e02e7 1651 CYASSL_LOCAL void ShrinkInputBuffer(CYASSL* ssl, int forcedFree);
ashleymills 0:e979170e02e7 1652 CYASSL_LOCAL void ShrinkOutputBuffer(CYASSL* ssl);
ashleymills 0:e979170e02e7 1653 #ifndef NO_CERTS
ashleymills 0:e979170e02e7 1654 CYASSL_LOCAL Signer* GetCA(void* cm, byte* hash);
ashleymills 0:e979170e02e7 1655 #endif
ashleymills 0:e979170e02e7 1656 CYASSL_LOCAL void BuildTlsFinished(CYASSL* ssl, Hashes* hashes,
ashleymills 0:e979170e02e7 1657 const byte* sender);
ashleymills 0:e979170e02e7 1658 CYASSL_LOCAL void FreeArrays(CYASSL* ssl, int keep);
ashleymills 0:e979170e02e7 1659 CYASSL_LOCAL int CheckAvalaibleSize(CYASSL *ssl, int size);
ashleymills 0:e979170e02e7 1660 CYASSL_LOCAL int GrowInputBuffer(CYASSL* ssl, int size, int usedLength);
ashleymills 0:e979170e02e7 1661
ashleymills 0:e979170e02e7 1662 #ifndef NO_TLS
ashleymills 0:e979170e02e7 1663 CYASSL_LOCAL int MakeTlsMasterSecret(CYASSL*);
ashleymills 0:e979170e02e7 1664 CYASSL_LOCAL void TLS_hmac(CYASSL* ssl, byte* digest, const byte* in,
ashleymills 0:e979170e02e7 1665 word32 sz, int content, int verify);
ashleymills 0:e979170e02e7 1666 #endif
ashleymills 0:e979170e02e7 1667
ashleymills 0:e979170e02e7 1668 #ifndef NO_CYASSL_CLIENT
ashleymills 0:e979170e02e7 1669 CYASSL_LOCAL int SendClientHello(CYASSL*);
ashleymills 0:e979170e02e7 1670 CYASSL_LOCAL int SendClientKeyExchange(CYASSL*);
ashleymills 0:e979170e02e7 1671 CYASSL_LOCAL int SendCertificateVerify(CYASSL*);
ashleymills 0:e979170e02e7 1672 #endif /* NO_CYASSL_CLIENT */
ashleymills 0:e979170e02e7 1673
ashleymills 0:e979170e02e7 1674 #ifndef NO_CYASSL_SERVER
ashleymills 0:e979170e02e7 1675 CYASSL_LOCAL int SendServerHello(CYASSL*);
ashleymills 0:e979170e02e7 1676 CYASSL_LOCAL int SendServerHelloDone(CYASSL*);
ashleymills 0:e979170e02e7 1677 #ifdef CYASSL_DTLS
ashleymills 0:e979170e02e7 1678 CYASSL_LOCAL int SendHelloVerifyRequest(CYASSL*);
ashleymills 0:e979170e02e7 1679 #endif
ashleymills 0:e979170e02e7 1680 #endif /* NO_CYASSL_SERVER */
ashleymills 0:e979170e02e7 1681
ashleymills 0:e979170e02e7 1682 #ifdef CYASSL_DTLS
ashleymills 0:e979170e02e7 1683 CYASSL_LOCAL int DtlsPoolInit(CYASSL*);
ashleymills 0:e979170e02e7 1684 CYASSL_LOCAL int DtlsPoolSave(CYASSL*, const byte*, int);
ashleymills 0:e979170e02e7 1685 CYASSL_LOCAL int DtlsPoolTimeout(CYASSL*);
ashleymills 0:e979170e02e7 1686 CYASSL_LOCAL int DtlsPoolSend(CYASSL*);
ashleymills 0:e979170e02e7 1687 CYASSL_LOCAL void DtlsPoolReset(CYASSL*);
ashleymills 0:e979170e02e7 1688 #endif /* CYASSL_DTLS */
ashleymills 0:e979170e02e7 1689
ashleymills 0:e979170e02e7 1690 #ifndef NO_TLS
ashleymills 0:e979170e02e7 1691
ashleymills 0:e979170e02e7 1692
ashleymills 0:e979170e02e7 1693 #endif /* NO_TLS */
ashleymills 0:e979170e02e7 1694
ashleymills 0:e979170e02e7 1695
ashleymills 0:e979170e02e7 1696
ashleymills 0:e979170e02e7 1697 typedef double timer_d;
ashleymills 0:e979170e02e7 1698
ashleymills 0:e979170e02e7 1699 CYASSL_LOCAL timer_d Timer(void);
ashleymills 0:e979170e02e7 1700 CYASSL_LOCAL word32 LowResTimer(void);
ashleymills 0:e979170e02e7 1701
ashleymills 0:e979170e02e7 1702
ashleymills 0:e979170e02e7 1703
ashleymills 0:e979170e02e7 1704 #ifdef __cplusplus
ashleymills 0:e979170e02e7 1705 } /* extern "C" */
ashleymills 0:e979170e02e7 1706 #endif
ashleymills 0:e979170e02e7 1707
ashleymills 0:e979170e02e7 1708 #endif /* CyaSSL_INT_H */
ashleymills 0:e979170e02e7 1709