Varun Bahl / CyaSSL-Encryp

cya_u

Fork of CyaSSL-forEncrypt by Mobius IoT

cyassl_int.h@2:d0516dc143b1, 2017-05-10 (annotated)

Committer:
vbahl2
Date:
Wed May 10 18:20:47 2017 +0000
Revision:
2:d0516dc143b1
Parent:
0:5045d2638c29 
updated

Who changed what in which revision?

UserRevisionLine numberNew contents of line
toddouska 0:5045d2638c29 1 /* cyassl_int.h
toddouska 0:5045d2638c29 2 *
toddouska 0:5045d2638c29 3 * Copyright (C) 2006-2009 Sawtooth Consulting Ltd.
toddouska 0:5045d2638c29 4 *
toddouska 0:5045d2638c29 5 * This file is part of CyaSSL.
toddouska 0:5045d2638c29 6 *
toddouska 0:5045d2638c29 7 * CyaSSL is free software; you can redistribute it and/or modify
toddouska 0:5045d2638c29 8 * it under the terms of the GNU General Public License as published by
toddouska 0:5045d2638c29 9 * the Free Software Foundation; either version 2 of the License, or
toddouska 0:5045d2638c29 10 * (at your option) any later version.
toddouska 0:5045d2638c29 11 *
toddouska 0:5045d2638c29 12 * CyaSSL is distributed in the hope that it will be useful,
toddouska 0:5045d2638c29 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
toddouska 0:5045d2638c29 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
toddouska 0:5045d2638c29 15 * GNU General Public License for more details.
toddouska 0:5045d2638c29 16 *
toddouska 0:5045d2638c29 17 * You should have received a copy of the GNU General Public License
toddouska 0:5045d2638c29 18 * along with this program; if not, write to the Free Software
toddouska 0:5045d2638c29 19 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
toddouska 0:5045d2638c29 20 */
toddouska 0:5045d2638c29 21
toddouska 0:5045d2638c29 22
toddouska 0:5045d2638c29 23
toddouska 0:5045d2638c29 24 #ifndef CYASSL_INT_H
toddouska 0:5045d2638c29 25 #define CYASSL_INT_H
toddouska 0:5045d2638c29 26
toddouska 0:5045d2638c29 27
toddouska 0:5045d2638c29 28 #include "types.h"
toddouska 0:5045d2638c29 29 #include "random.h"
toddouska 0:5045d2638c29 30 #include "des3.h"
toddouska 0:5045d2638c29 31 #include "hc128.h"
toddouska 0:5045d2638c29 32 #include "rabbit.h"
toddouska 0:5045d2638c29 33 #include "asn.h"
toddouska 0:5045d2638c29 34 #include "ctc_md5.h"
toddouska 0:5045d2638c29 35 #include "ctc_aes.h"
toddouska 0:5045d2638c29 36
toddouska 0:5045d2638c29 37 #ifdef CYASSL_CALLBACKS
toddouska 0:5045d2638c29 38 #include "cyassl_callbacks.h"
toddouska 0:5045d2638c29 39 #include <signal.h>
toddouska 0:5045d2638c29 40 #endif
toddouska 0:5045d2638c29 41
toddouska 0:5045d2638c29 42 #ifdef USE_WINDOWS_API
toddouska 0:5045d2638c29 43 #include <windows.h>
toddouska 0:5045d2638c29 44 #elif defined(THREADX)
toddouska 0:5045d2638c29 45 #ifndef SINGLE_THREADED
toddouska 0:5045d2638c29 46 #include "tx_api.h"
toddouska 0:5045d2638c29 47 #endif
toddouska 0:5045d2638c29 48 #elif defined(MICRIUM)
toddouska 0:5045d2638c29 49 /* do nothing, just don't pick Unix */
toddouska 0:5045d2638c29 50 #else
toddouska 0:5045d2638c29 51 #ifndef SINGLE_THREADED
toddouska 0:5045d2638c29 52 #define CYASSL_PTHREADS
toddouska 0:5045d2638c29 53 #include <pthread.h>
toddouska 0:5045d2638c29 54 #endif
toddouska 0:5045d2638c29 55 #if defined(OPENSSL_EXTRA) || defined(GOAHEAD_WS)
toddouska 0:5045d2638c29 56 #include <unistd.h> /* for close of BIO */
toddouska 0:5045d2638c29 57 #endif
toddouska 0:5045d2638c29 58 #endif
toddouska 0:5045d2638c29 59
toddouska 0:5045d2638c29 60 #ifdef HAVE_LIBZ
toddouska 0:5045d2638c29 61 #include "zlib.h"
toddouska 0:5045d2638c29 62 #endif
toddouska 0:5045d2638c29 63
toddouska 0:5045d2638c29 64 #ifdef _MSC_VER
toddouska 0:5045d2638c29 65 /* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */
toddouska 0:5045d2638c29 66 #pragma warning(disable: 4996)
toddouska 0:5045d2638c29 67 #endif
toddouska 0:5045d2638c29 68
toddouska 0:5045d2638c29 69 #ifdef NO_AES
toddouska 0:5045d2638c29 70 #if !defined (ALIGN16)
toddouska 0:5045d2638c29 71 #define ALIGN16
toddouska 0:5045d2638c29 72 #endif
toddouska 0:5045d2638c29 73 #endif
toddouska 0:5045d2638c29 74
toddouska 0:5045d2638c29 75 #ifdef __cplusplus
toddouska 0:5045d2638c29 76 extern "C" {
toddouska 0:5045d2638c29 77 #endif
toddouska 0:5045d2638c29 78
toddouska 0:5045d2638c29 79
toddouska 0:5045d2638c29 80 #ifdef USE_WINDOWS_API
toddouska 0:5045d2638c29 81 typedef unsigned int SOCKET_T;
toddouska 0:5045d2638c29 82 #else
toddouska 0:5045d2638c29 83 typedef int SOCKET_T;
toddouska 0:5045d2638c29 84 #endif
toddouska 0:5045d2638c29 85
toddouska 0:5045d2638c29 86
toddouska 0:5045d2638c29 87 typedef byte word24[3];
toddouska 0:5045d2638c29 88
toddouska 0:5045d2638c29 89 /* Define or comment out the cipher suites you'd like to be compiled in
toddouska 0:5045d2638c29 90 make sure to use at least one BUILD_SSL_xxx or BUILD_TLS_xxx is defined
toddouska 0:5045d2638c29 91
toddouska 0:5045d2638c29 92 When adding cipher suites, add name to cipher_names, idx to cipher_name_idx
toddouska 0:5045d2638c29 93 */
toddouska 0:5045d2638c29 94 #ifndef NO_RC4
toddouska 0:5045d2638c29 95 #define BUILD_SSL_RSA_WITH_RC4_128_SHA
toddouska 0:5045d2638c29 96 #define BUILD_SSL_RSA_WITH_RC4_128_MD5
toddouska 0:5045d2638c29 97 #if !defined(NO_TLS) && defined(HAVE_NTRU)
toddouska 0:5045d2638c29 98 #define BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
toddouska 0:5045d2638c29 99 #endif
toddouska 0:5045d2638c29 100 #endif
toddouska 0:5045d2638c29 101
toddouska 0:5045d2638c29 102 #ifndef NO_DES3
toddouska 0:5045d2638c29 103 #define BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA
toddouska 0:5045d2638c29 104 #if !defined(NO_TLS) && defined(HAVE_NTRU)
toddouska 0:5045d2638c29 105 #define BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA
toddouska 0:5045d2638c29 106 #endif
toddouska 0:5045d2638c29 107 #endif
toddouska 0:5045d2638c29 108
toddouska 0:5045d2638c29 109 #if !defined(NO_AES) && !defined(NO_TLS)
toddouska 0:5045d2638c29 110 #define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
toddouska 0:5045d2638c29 111 #define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
toddouska 0:5045d2638c29 112 #if !defined (NO_PSK)
toddouska 0:5045d2638c29 113 #define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA
toddouska 0:5045d2638c29 114 #define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA
toddouska 0:5045d2638c29 115 #endif
toddouska 0:5045d2638c29 116 #if defined(HAVE_NTRU)
toddouska 0:5045d2638c29 117 #define BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
toddouska 0:5045d2638c29 118 #define BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
toddouska 0:5045d2638c29 119 #endif
toddouska 0:5045d2638c29 120 #endif
toddouska 0:5045d2638c29 121
toddouska 0:5045d2638c29 122 #if !defined(NO_HC128) && !defined(NO_TLS)
toddouska 0:5045d2638c29 123 #define BUILD_TLS_RSA_WITH_HC_128_CBC_MD5
toddouska 0:5045d2638c29 124 #define BUILD_TLS_RSA_WITH_HC_128_CBC_SHA
toddouska 0:5045d2638c29 125 #endif
toddouska 0:5045d2638c29 126
toddouska 0:5045d2638c29 127 #if !defined(NO_RABBIT) && !defined(NO_TLS)
toddouska 0:5045d2638c29 128 #define BUILD_TLS_RSA_WITH_RABBIT_CBC_SHA
toddouska 0:5045d2638c29 129 #endif
toddouska 0:5045d2638c29 130
toddouska 0:5045d2638c29 131 #if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && defined(OPENSSL_EXTRA)
toddouska 0:5045d2638c29 132 #define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
toddouska 0:5045d2638c29 133 #define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
toddouska 0:5045d2638c29 134 #endif
toddouska 0:5045d2638c29 135
toddouska 0:5045d2638c29 136
toddouska 0:5045d2638c29 137
toddouska 0:5045d2638c29 138 #if defined(BUILD_SSL_RSA_WITH_RC4_128_SHA) || \
toddouska 0:5045d2638c29 139 defined(BUILD_SSL_RSA_WITH_RC4_128_MD5)
toddouska 0:5045d2638c29 140 #define BUILD_ARC4
toddouska 0:5045d2638c29 141 #endif
toddouska 0:5045d2638c29 142
toddouska 0:5045d2638c29 143 #if defined(BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA)
toddouska 0:5045d2638c29 144 #define BUILD_DES3
toddouska 0:5045d2638c29 145 #endif
toddouska 0:5045d2638c29 146
toddouska 0:5045d2638c29 147 #if defined(BUILD_TLS_RSA_WITH_AES_128_CBC_SHA) || \
toddouska 0:5045d2638c29 148 defined(BUILD_TLS_RSA_WITH_AES_256_CBC_SHA)
toddouska 0:5045d2638c29 149 #define BUILD_AES
toddouska 0:5045d2638c29 150 #endif
toddouska 0:5045d2638c29 151
toddouska 0:5045d2638c29 152 #if defined(BUILD_TLS_RSA_WITH_HC_128_CBC_SHA) || \
toddouska 0:5045d2638c29 153 defined(BUILD_TLS_RSA_WITH_HC_128_CBC_MD5)
toddouska 0:5045d2638c29 154 #define BUILD_HC128
toddouska 0:5045d2638c29 155 #endif
toddouska 0:5045d2638c29 156
toddouska 0:5045d2638c29 157 #if defined(BUILD_TLS_RSA_WITH_RABBIT_CBC_SHA)
toddouska 0:5045d2638c29 158 #define BUILD_RABBIT
toddouska 0:5045d2638c29 159 #endif
toddouska 0:5045d2638c29 160
toddouska 0:5045d2638c29 161 #ifdef NO_DES3
toddouska 0:5045d2638c29 162 #define DES_BLOCK_SIZE 8
toddouska 0:5045d2638c29 163 #endif
toddouska 0:5045d2638c29 164
toddouska 0:5045d2638c29 165 #ifdef NO_AES
toddouska 0:5045d2638c29 166 #define AES_BLOCK_SIZE 16
toddouska 0:5045d2638c29 167 #endif
toddouska 0:5045d2638c29 168
toddouska 0:5045d2638c29 169
toddouska 0:5045d2638c29 170 /* actual cipher values, 2nd byte */
toddouska 0:5045d2638c29 171 enum {
toddouska 0:5045d2638c29 172 TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x39,
toddouska 0:5045d2638c29 173 TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x33,
toddouska 0:5045d2638c29 174 TLS_RSA_WITH_AES_256_CBC_SHA = 0x35,
toddouska 0:5045d2638c29 175 TLS_RSA_WITH_AES_128_CBC_SHA = 0x2F,
toddouska 0:5045d2638c29 176 TLS_PSK_WITH_AES_256_CBC_SHA = 0x8d,
toddouska 0:5045d2638c29 177 TLS_PSK_WITH_AES_128_CBC_SHA = 0x8c,
toddouska 0:5045d2638c29 178 SSL_RSA_WITH_RC4_128_SHA = 0x05,
toddouska 0:5045d2638c29 179 SSL_RSA_WITH_RC4_128_MD5 = 0x04,
toddouska 0:5045d2638c29 180 SSL_RSA_WITH_3DES_EDE_CBC_SHA = 0x0A,
toddouska 0:5045d2638c29 181
toddouska 0:5045d2638c29 182 /* CyaSSL extension - eSTRAM */
toddouska 0:5045d2638c29 183 TLS_RSA_WITH_HC_128_CBC_MD5 = 0xFB,
toddouska 0:5045d2638c29 184 TLS_RSA_WITH_HC_128_CBC_SHA = 0xFC,
toddouska 0:5045d2638c29 185 TLS_RSA_WITH_RABBIT_CBC_SHA = 0xFD,
toddouska 0:5045d2638c29 186
toddouska 0:5045d2638c29 187 /* CyaSSL extension - NTRU */
toddouska 0:5045d2638c29 188 TLS_NTRU_RSA_WITH_RC4_128_SHA = 0x65,
toddouska 0:5045d2638c29 189 TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA = 0x66,
toddouska 0:5045d2638c29 190 TLS_NTRU_RSA_WITH_AES_128_CBC_SHA = 0x67,
toddouska 0:5045d2638c29 191 TLS_NTRU_RSA_WITH_AES_256_CBC_SHA = 0x68
toddouska 0:5045d2638c29 192 };
toddouska 0:5045d2638c29 193
toddouska 0:5045d2638c29 194
toddouska 0:5045d2638c29 195 enum Misc {
toddouska 0:5045d2638c29 196 SERVER_END = 0,
toddouska 0:5045d2638c29 197 CLIENT_END,
toddouska 0:5045d2638c29 198
toddouska 0:5045d2638c29 199 SEND_CERT = 1,
toddouska 0:5045d2638c29 200 SEND_BLANK_CERT = 2,
toddouska 0:5045d2638c29 201
toddouska 0:5045d2638c29 202 DTLS_MAJOR = 0xfe, /* DTLS major version number */
toddouska 0:5045d2638c29 203 DTLS_MINOR = 0xff, /* DTLS minor version number */
toddouska 0:5045d2638c29 204 SSLv3_MAJOR = 3, /* SSLv3 and TLSv1+ major version number */
toddouska 0:5045d2638c29 205 SSLv3_MINOR = 0, /* TLSv1 minor version number */
toddouska 0:5045d2638c29 206 TLSv1_MINOR = 1, /* TLSv1 minor version number */
toddouska 0:5045d2638c29 207 TLSv1_1_MINOR = 2, /* TLSv1_1 minor version number */
toddouska 0:5045d2638c29 208 TLSv1_2_MINOR = 3, /* TLSv1_2 minor version number */
toddouska 0:5045d2638c29 209 NO_COMPRESSION = 0,
toddouska 0:5045d2638c29 210 ZLIB_COMPRESSION = 221, /* CyaSSL zlib compression */
toddouska 0:5045d2638c29 211 SECRET_LEN = 48, /* pre RSA and all master */
toddouska 0:5045d2638c29 212 ENCRYPT_LEN = 256, /* allow 2048 bit static buffer */
toddouska 0:5045d2638c29 213 SIZEOF_SENDER = 4, /* clnt or srvr */
toddouska 0:5045d2638c29 214 FINISHED_SZ = MD5_DIGEST_SIZE + SHA_DIGEST_SIZE,
toddouska 0:5045d2638c29 215 MAX_RECORD_SIZE = 16384, /* 2^14, max size by standard */
toddouska 0:5045d2638c29 216 MAX_UDP_SIZE = 1400, /* don't exceed MTU */
toddouska 0:5045d2638c29 217 MAX_MSG_EXTRA = 68, /* max added to msg, mac + pad */
toddouska 0:5045d2638c29 218 MAX_COMP_EXTRA = 1024, /* max compression extra */
toddouska 0:5045d2638c29 219 MAX_MTU = 1500, /* max expected MTU */
toddouska 0:5045d2638c29 220 MAX_DH_SZ = 612, /* 2240 p, pub, g + 2 byte size for each */
toddouska 0:5045d2638c29 221 MAX_STR_VERSION = 8, /* string rep of protocol version */
toddouska 0:5045d2638c29 222
toddouska 0:5045d2638c29 223 PAD_MD5 = 48, /* pad length for finished */
toddouska 0:5045d2638c29 224 PAD_SHA = 40, /* pad length for finished */
toddouska 0:5045d2638c29 225 PEM_LINE_LEN = 80, /* PEM line max + fudge */
toddouska 0:5045d2638c29 226 LENGTH_SZ = 2, /* length field for HMAC, data only */
toddouska 0:5045d2638c29 227 VERSION_SZ = 2, /* length of proctocol version */
toddouska 0:5045d2638c29 228 SEQ_SZ = 8, /* 64 bit sequence number */
toddouska 0:5045d2638c29 229 BYTE3_LEN = 3, /* up to 24 bit byte lengths */
toddouska 0:5045d2638c29 230 ALERT_SIZE = 2, /* level + description */
toddouska 0:5045d2638c29 231 REQUEST_HEADER = 2, /* always use 2 bytes */
toddouska 0:5045d2638c29 232 VERIFY_HEADER = 2, /* always use 2 bytes */
toddouska 0:5045d2638c29 233
toddouska 0:5045d2638c29 234 MAX_SUITE_SZ = 128, /* only 64 suites for now! */
toddouska 0:5045d2638c29 235 RAN_LEN = 32, /* random length */
toddouska 0:5045d2638c29 236 SEED_LEN = RAN_LEN * 2, /* tls prf seed length */
toddouska 0:5045d2638c29 237 ID_LEN = 32, /* session id length */
toddouska 0:5045d2638c29 238 MAX_COOKIE_LEN = 32, /* max dtls cookie size */
toddouska 0:5045d2638c29 239 SUITE_LEN = 2, /* cipher suite sz length */
toddouska 0:5045d2638c29 240 ENUM_LEN = 1, /* always a byte */
toddouska 0:5045d2638c29 241 COMP_LEN = 1, /* compression length */
toddouska 0:5045d2638c29 242
toddouska 0:5045d2638c29 243 HANDSHAKE_HEADER_SZ = 4, /* type + length(3) */
toddouska 0:5045d2638c29 244 RECORD_HEADER_SZ = 5, /* type + version + len(2) */
toddouska 0:5045d2638c29 245 CERT_HEADER_SZ = 3, /* always 3 bytes */
toddouska 0:5045d2638c29 246 REQ_HEADER_SZ = 2, /* cert request header sz */
toddouska 0:5045d2638c29 247 HINT_LEN_SZ = 2, /* length of hint size field */
toddouska 0:5045d2638c29 248
toddouska 0:5045d2638c29 249 DTLS_HANDSHAKE_HEADER_SZ = 12, /* normal + seq(2) + offset(3) + length(3) */
toddouska 0:5045d2638c29 250 DTLS_RECORD_HEADER_SZ = 13, /* normal + epoch(2) + seq_num(6) */
toddouska 0:5045d2638c29 251 DTLS_HANDSHAKE_EXTRA = 8, /* diff from normal */
toddouska 0:5045d2638c29 252 DTLS_RECORD_EXTRA = 8, /* diff from normal */
toddouska 0:5045d2638c29 253
toddouska 0:5045d2638c29 254 FINISHED_LABEL_SZ = 15, /* TLS finished label size */
toddouska 0:5045d2638c29 255 TLS_FINISHED_SZ = 12, /* TLS has a shorter size */
toddouska 0:5045d2638c29 256 MASTER_LABEL_SZ = 13, /* TLS master secret label sz */
toddouska 0:5045d2638c29 257 KEY_LABEL_SZ = 13, /* TLS key block expansion sz */
toddouska 0:5045d2638c29 258 MAX_PRF_HALF = 128, /* Maximum half secret len */
toddouska 0:5045d2638c29 259 MAX_PRF_LABSEED = 80, /* Maximum label + seed len */
toddouska 0:5045d2638c29 260 MAX_PRF_DIG = 148, /* Maximum digest len */
toddouska 0:5045d2638c29 261 MAX_REQUEST_SZ = 256, /* Maximum cert req len (no auth yet */
toddouska 0:5045d2638c29 262 SESSION_FLUSH_COUNT = 256, /* Flush session cache unless user turns off */
toddouska 0:5045d2638c29 263
toddouska 0:5045d2638c29 264 RC4_KEY_SIZE = 16, /* always 128bit */
toddouska 0:5045d2638c29 265 DES_KEY_SIZE = 8, /* des */
toddouska 0:5045d2638c29 266 DES3_KEY_SIZE = 24, /* 3 des ede */
toddouska 0:5045d2638c29 267 DES_IV_SIZE = DES_BLOCK_SIZE,
toddouska 0:5045d2638c29 268 AES_256_KEY_SIZE = 32, /* for 256 bit */
toddouska 0:5045d2638c29 269 AES_192_KEY_SIZE = 24, /* for 192 bit */
toddouska 0:5045d2638c29 270 AES_IV_SIZE = 16, /* always block size */
toddouska 0:5045d2638c29 271 AES_128_KEY_SIZE = 16, /* for 128 bit */
toddouska 0:5045d2638c29 272
toddouska 0:5045d2638c29 273 HC_128_KEY_SIZE = 16, /* 128 bits */
toddouska 0:5045d2638c29 274 HC_128_IV_SIZE = 16, /* also 128 bits */
toddouska 0:5045d2638c29 275
toddouska 0:5045d2638c29 276 RABBIT_KEY_SIZE = 16, /* 128 bits */
toddouska 0:5045d2638c29 277 RABBIT_IV_SIZE = 8, /* 64 bits for iv */
toddouska 0:5045d2638c29 278
toddouska 0:5045d2638c29 279 EVP_SALT_SIZE = 8, /* evp salt size 64 bits */
toddouska 0:5045d2638c29 280
toddouska 0:5045d2638c29 281 MAX_HELLO_SZ = 128, /* max client or server hello */
toddouska 0:5045d2638c29 282 MAX_CERT_VERIFY_SZ = 1024, /* max */
toddouska 0:5045d2638c29 283 CLIENT_HELLO_FIRST = 35, /* Protocol + RAN_LEN + sizeof(id_len) */
toddouska 0:5045d2638c29 284 MAX_SUITE_NAME = 48, /* maximum length of cipher suite string */
toddouska 0:5045d2638c29 285 DEFAULT_TIMEOUT = 500, /* default resumption timeout in seconds */
toddouska 0:5045d2638c29 286
toddouska 0:5045d2638c29 287 MAX_PSK_ID_LEN = 128, /* max psk identity/hint supported */
toddouska 0:5045d2638c29 288 MAX_PSK_KEY_LEN = 64, /* max psk key supported */
toddouska 0:5045d2638c29 289
toddouska 0:5045d2638c29 290 MAX_CHAIN_DEPTH = 4, /* max cert chain peer depth */
toddouska 0:5045d2638c29 291 MAX_X509_SIZE = 2048, /* max static x509 buffer size */
toddouska 0:5045d2638c29 292 FILE_BUFFER_SIZE = 1024, /* default static file buffer size for input,
toddouska 0:5045d2638c29 293 will use dynamic buffer if not big enough */
toddouska 0:5045d2638c29 294
toddouska 0:5045d2638c29 295 MAX_NTRU_PUB_KEY_SZ = 1027, /* NTRU max for now */
toddouska 0:5045d2638c29 296 MAX_NTRU_ENCRYPT_SZ = 1027, /* NTRU max for now */
toddouska 0:5045d2638c29 297 MAX_NTRU_BITS = 256, /* max symmetric bit strength */
toddouska 0:5045d2638c29 298 NO_SNIFF = 0, /* not sniffing */
toddouska 0:5045d2638c29 299 SNIFF = 1, /* currently sniffing */
toddouska 0:5045d2638c29 300
toddouska 0:5045d2638c29 301 NO_COPY = 0, /* should we copy static buffer for write */
toddouska 0:5045d2638c29 302 COPY = 1 /* should we copy static buffer for write */
toddouska 0:5045d2638c29 303 };
toddouska 0:5045d2638c29 304
toddouska 0:5045d2638c29 305
toddouska 0:5045d2638c29 306 /* states */
toddouska 0:5045d2638c29 307 enum states {
toddouska 0:5045d2638c29 308 NULL_STATE = 0,
toddouska 0:5045d2638c29 309
toddouska 0:5045d2638c29 310 SERVER_HELLOVERIFYREQUEST_COMPLETE,
toddouska 0:5045d2638c29 311 SERVER_HELLO_COMPLETE,
toddouska 0:5045d2638c29 312 SERVER_CERT_COMPLETE,
toddouska 0:5045d2638c29 313 SERVER_KEYEXCHANGE_COMPLETE,
toddouska 0:5045d2638c29 314 SERVER_HELLODONE_COMPLETE,
toddouska 0:5045d2638c29 315 SERVER_FINISHED_COMPLETE,
toddouska 0:5045d2638c29 316
toddouska 0:5045d2638c29 317 CLIENT_HELLO_COMPLETE,
toddouska 0:5045d2638c29 318 CLIENT_KEYEXCHANGE_COMPLETE,
toddouska 0:5045d2638c29 319 CLIENT_FINISHED_COMPLETE,
toddouska 0:5045d2638c29 320
toddouska 0:5045d2638c29 321 HANDSHAKE_DONE
toddouska 0:5045d2638c29 322 };
toddouska 0:5045d2638c29 323
toddouska 0:5045d2638c29 324
toddouska 0:5045d2638c29 325 #ifndef SSL_TYPES_DEFINED
toddouska 0:5045d2638c29 326 typedef struct SSL_METHOD SSL_METHOD;
toddouska 0:5045d2638c29 327 typedef struct SSL_CTX SSL_CTX;
toddouska 0:5045d2638c29 328 typedef struct SSL_SESSION SSL_SESSION;
toddouska 0:5045d2638c29 329 typedef struct SSL_CIPHER SSL_CIPHER;
toddouska 0:5045d2638c29 330 typedef struct SSL SSL;
toddouska 0:5045d2638c29 331 typedef struct X509 X509;
toddouska 0:5045d2638c29 332 typedef struct X509_CHAIN X509_CHAIN;
toddouska 0:5045d2638c29 333 typedef struct BIO BIO;
toddouska 0:5045d2638c29 334 typedef struct BIO_METHOD BIO_METHOD;
toddouska 0:5045d2638c29 335
toddouska 0:5045d2638c29 336 #undef X509_NAME
toddouska 0:5045d2638c29 337 typedef struct X509_NAME X509_NAME;
toddouska 0:5045d2638c29 338
toddouska 0:5045d2638c29 339 typedef struct X509_STORE_CTX {
toddouska 0:5045d2638c29 340 int error;
toddouska 0:5045d2638c29 341 int error_depth;
toddouska 0:5045d2638c29 342 X509* current_cert; /* stunnel dereference */
toddouska 0:5045d2638c29 343 char* domain; /* subject CN domain name */
toddouska 0:5045d2638c29 344 } X509_STORE_CTX;
toddouska 0:5045d2638c29 345
toddouska 0:5045d2638c29 346
toddouska 0:5045d2638c29 347 typedef int (*pem_password_cb)(char*, int, int, void*);
toddouska 0:5045d2638c29 348 typedef int (*CallbackIORecv)(char *buf, int sz, void *ctx);
toddouska 0:5045d2638c29 349 typedef int (*CallbackIOSend)(char *buf, int sz, void *ctx);
toddouska 0:5045d2638c29 350 typedef int (*VerifyCallback)(int, X509_STORE_CTX*);
toddouska 0:5045d2638c29 351
toddouska 0:5045d2638c29 352 /* make sure C++ programs have C linkage for callbacks */
toddouska 0:5045d2638c29 353 void CyaSSL_SetIORecv(SSL_CTX*, CallbackIORecv);
toddouska 0:5045d2638c29 354 void CyaSSL_SetIOSend(SSL_CTX*, CallbackIOSend);
toddouska 0:5045d2638c29 355
toddouska 0:5045d2638c29 356 void CyaSSL_SetIOReadCtx(SSL* ssl, void *ctx);
toddouska 0:5045d2638c29 357 void CyaSSL_SetIOWriteCtx(SSL* ssl, void *ctx);
toddouska 0:5045d2638c29 358 #endif /* SSL_TYPES_DEFINED */
toddouska 0:5045d2638c29 359
toddouska 0:5045d2638c29 360
toddouska 0:5045d2638c29 361 /* SSL Version */
toddouska 0:5045d2638c29 362 typedef struct ProtocolVersion {
toddouska 0:5045d2638c29 363 byte major;
toddouska 0:5045d2638c29 364 byte minor;
toddouska 0:5045d2638c29 365 } ProtocolVersion;
toddouska 0:5045d2638c29 366
toddouska 0:5045d2638c29 367
toddouska 0:5045d2638c29 368 ProtocolVersion MakeSSLv3(void);
toddouska 0:5045d2638c29 369 ProtocolVersion MakeTLSv1(void);
toddouska 0:5045d2638c29 370 ProtocolVersion MakeTLSv1_1(void);
toddouska 0:5045d2638c29 371 ProtocolVersion MakeTLSv1_2(void);
toddouska 0:5045d2638c29 372
toddouska 0:5045d2638c29 373 #ifdef CYASSL_DTLS
toddouska 0:5045d2638c29 374 ProtocolVersion MakeDTLSv1(void);
toddouska 0:5045d2638c29 375 #endif
toddouska 0:5045d2638c29 376
toddouska 0:5045d2638c29 377
toddouska 0:5045d2638c29 378 enum BIO_TYPE {
toddouska 0:5045d2638c29 379 BIO_BUFFER = 1,
toddouska 0:5045d2638c29 380 BIO_SOCKET = 2,
toddouska 0:5045d2638c29 381 BIO_SSL = 3
toddouska 0:5045d2638c29 382 };
toddouska 0:5045d2638c29 383
toddouska 0:5045d2638c29 384
toddouska 0:5045d2638c29 385 /* OpenSSL BIO_METHOD type */
toddouska 0:5045d2638c29 386 struct BIO_METHOD {
toddouska 0:5045d2638c29 387 byte type; /* method type */
toddouska 0:5045d2638c29 388 };
toddouska 0:5045d2638c29 389
toddouska 0:5045d2638c29 390
toddouska 0:5045d2638c29 391 /* OpenSSL BIO type */
toddouska 0:5045d2638c29 392 struct BIO {
toddouska 0:5045d2638c29 393 byte type; /* method type */
toddouska 0:5045d2638c29 394 byte close; /* close flag */
toddouska 0:5045d2638c29 395 byte eof; /* eof flag */
toddouska 0:5045d2638c29 396 SSL* ssl; /* possible associated ssl */
toddouska 0:5045d2638c29 397 int fd; /* possible file descriptor */
toddouska 0:5045d2638c29 398 BIO* prev; /* previous in chain */
toddouska 0:5045d2638c29 399 BIO* next; /* next in chain */
toddouska 0:5045d2638c29 400 };
toddouska 0:5045d2638c29 401
toddouska 0:5045d2638c29 402
toddouska 0:5045d2638c29 403 /* OpenSSL method type */
toddouska 0:5045d2638c29 404 struct SSL_METHOD {
toddouska 0:5045d2638c29 405 ProtocolVersion version;
toddouska 0:5045d2638c29 406 int side; /* connection side, server or client */
toddouska 0:5045d2638c29 407 int verifyPeer; /* request or send certificate */
toddouska 0:5045d2638c29 408 int verifyNone; /* whether to verify certificate */
toddouska 0:5045d2638c29 409 int failNoCert; /* fail if no certificate */
toddouska 0:5045d2638c29 410 int downgrade; /* whether to downgrade version, default no */
toddouska 0:5045d2638c29 411 };
toddouska 0:5045d2638c29 412
toddouska 0:5045d2638c29 413
toddouska 0:5045d2638c29 414 /* defautls to client */
toddouska 0:5045d2638c29 415 void InitSSL_Method(SSL_METHOD*, ProtocolVersion);
toddouska 0:5045d2638c29 416
toddouska 0:5045d2638c29 417 /* for sniffer */
toddouska 0:5045d2638c29 418 int DoFinished(SSL* ssl, const byte* input, word32* inOutIdx, int sniff);
toddouska 0:5045d2638c29 419 int DoApplicationData(SSL* ssl, byte* input, word32* inOutIdx);
toddouska 0:5045d2638c29 420
toddouska 0:5045d2638c29 421
toddouska 0:5045d2638c29 422 /* CyaSSL buffer type */
toddouska 0:5045d2638c29 423 typedef struct buffer {
toddouska 0:5045d2638c29 424 word32 length;
toddouska 0:5045d2638c29 425 byte* buffer;
toddouska 0:5045d2638c29 426 } buffer;
toddouska 0:5045d2638c29 427
toddouska 0:5045d2638c29 428
toddouska 0:5045d2638c29 429 enum {
toddouska 0:5045d2638c29 430 FORCED_FREE = 1,
toddouska 0:5045d2638c29 431 NO_FORCED_FREE = 0
toddouska 0:5045d2638c29 432 };
toddouska 0:5045d2638c29 433
toddouska 0:5045d2638c29 434
toddouska 0:5045d2638c29 435 /* only use compression extra if using compression */
toddouska 0:5045d2638c29 436 #ifdef HAVE_LIBZ
toddouska 0:5045d2638c29 437 #define COMP_EXTRA MAX_COMP_EXTRA
toddouska 0:5045d2638c29 438 #else
toddouska 0:5045d2638c29 439 #define COMP_EXTRA 0
toddouska 0:5045d2638c29 440 #endif
toddouska 0:5045d2638c29 441
toddouska 0:5045d2638c29 442 /* only the sniffer needs space in the buffer for an extra MTU record */
toddouska 0:5045d2638c29 443 #ifdef CYASSL_SNIFFER
toddouska 0:5045d2638c29 444 #define MTU_EXTRA MAX_MTU
toddouska 0:5045d2638c29 445 #else
toddouska 0:5045d2638c29 446 #define MTU_EXTRA 0
toddouska 0:5045d2638c29 447 #endif
toddouska 0:5045d2638c29 448
toddouska 0:5045d2638c29 449 /* give user option to use 16K static buffers, sniffer needs them too */
toddouska 0:5045d2638c29 450 #if defined(LARGE_STATIC_BUFFERS) || defined(CYASSL_SNIFFER)
toddouska 0:5045d2638c29 451 #define RECORD_SIZE MAX_RECORD_SIZE
toddouska 0:5045d2638c29 452 #else
toddouska 0:5045d2638c29 453 #define RECORD_SIZE 128
toddouska 0:5045d2638c29 454 #endif
toddouska 0:5045d2638c29 455
toddouska 0:5045d2638c29 456
toddouska 0:5045d2638c29 457 /* user option to turn off 16K output option */
toddouska 0:5045d2638c29 458 /* if using small static buffers (default) and SSL_write tries to write data
toddouska 0:5045d2638c29 459 larger than the record we have, dynamically get it, unless user says only
toddouska 0:5045d2638c29 460 write in static buffer chuncks */
toddouska 0:5045d2638c29 461 #ifndef STATIC_CHUNKS_ONLY
toddouska 0:5045d2638c29 462 #define OUTPUT_RECORD_SIZE MAX_RECORD_SIZE
toddouska 0:5045d2638c29 463 #else
toddouska 0:5045d2638c29 464 #define OUTPUT_RECORD_SIZE RECORD_SIZE
toddouska 0:5045d2638c29 465 #endif
toddouska 0:5045d2638c29 466
toddouska 0:5045d2638c29 467 /* CyaSSL input buffer
toddouska 0:5045d2638c29 468
toddouska 0:5045d2638c29 469 RFC 2246:
toddouska 0:5045d2638c29 470
toddouska 0:5045d2638c29 471 length
toddouska 0:5045d2638c29 472 The length (in bytes) of the following TLSPlaintext.fragment.
toddouska 0:5045d2638c29 473 The length should not exceed 2^14.
toddouska 0:5045d2638c29 474 */
toddouska 0:5045d2638c29 475 #define STATIC_BUFFER_LEN RECORD_HEADER_SZ + RECORD_SIZE + COMP_EXTRA + \
toddouska 0:5045d2638c29 476 MTU_EXTRA + MAX_MSG_EXTRA
toddouska 0:5045d2638c29 477
toddouska 0:5045d2638c29 478 typedef struct {
toddouska 0:5045d2638c29 479 word32 length; /* total buffer length used */
toddouska 0:5045d2638c29 480 word32 idx; /* idx to part of length already consumed */
toddouska 0:5045d2638c29 481 byte* buffer; /* place holder for static or dynamic buffer */
toddouska 0:5045d2638c29 482 ALIGN16 byte staticBuffer[STATIC_BUFFER_LEN];
toddouska 0:5045d2638c29 483 word32 bufferSize; /* current buffer size */
toddouska 0:5045d2638c29 484 byte dynamicFlag; /* dynamic memory currently in use */
toddouska 0:5045d2638c29 485 } bufferStatic;
toddouska 0:5045d2638c29 486
toddouska 0:5045d2638c29 487 /* Cipher Suites holder */
toddouska 0:5045d2638c29 488 typedef struct Suites {
toddouska 0:5045d2638c29 489 int setSuites; /* user set suites from default */
toddouska 0:5045d2638c29 490 byte suites[MAX_SUITE_SZ];
toddouska 0:5045d2638c29 491 word16 suiteSz; /* suite length in bytes */
toddouska 0:5045d2638c29 492 } Suites;
toddouska 0:5045d2638c29 493
toddouska 0:5045d2638c29 494
toddouska 0:5045d2638c29 495 void InitSuites(Suites*, ProtocolVersion, byte, byte, byte);
toddouska 0:5045d2638c29 496 int SetCipherList(SSL_CTX* ctx, const char* list);
toddouska 0:5045d2638c29 497
toddouska 0:5045d2638c29 498 #ifndef PSK_TYPES_DEFINED
toddouska 0:5045d2638c29 499 typedef unsigned int (*psk_client_callback)(SSL*, const char*, char*,
toddouska 0:5045d2638c29 500 unsigned int, unsigned char*, unsigned int);
toddouska 0:5045d2638c29 501 typedef unsigned int (*psk_server_callback)(SSL*, const char*,
toddouska 0:5045d2638c29 502 unsigned char*, unsigned int);
toddouska 0:5045d2638c29 503 #endif /* PSK_TYPES_DEFINED */
toddouska 0:5045d2638c29 504
toddouska 0:5045d2638c29 505
toddouska 0:5045d2638c29 506 #ifndef CYASSL_USER_IO
toddouska 0:5045d2638c29 507 /* default IO callbacks */
toddouska 0:5045d2638c29 508 int EmbedReceive(char *buf, int sz, void *ctx);
toddouska 0:5045d2638c29 509 int EmbedSend(char *buf, int sz, void *ctx);
toddouska 0:5045d2638c29 510 #endif
toddouska 0:5045d2638c29 511
toddouska 0:5045d2638c29 512 #ifdef CYASSL_DTLS
toddouska 0:5045d2638c29 513 int IsUDP(void*);
toddouska 0:5045d2638c29 514 #endif
toddouska 0:5045d2638c29 515
toddouska 0:5045d2638c29 516
toddouska 0:5045d2638c29 517 /* OpenSSL Cipher type just points back to SSL */
toddouska 0:5045d2638c29 518 struct SSL_CIPHER {
toddouska 0:5045d2638c29 519 SSL* ssl;
toddouska 0:5045d2638c29 520 };
toddouska 0:5045d2638c29 521
toddouska 0:5045d2638c29 522
toddouska 0:5045d2638c29 523 /* OpenSSL context type */
toddouska 0:5045d2638c29 524 struct SSL_CTX {
toddouska 0:5045d2638c29 525 SSL_METHOD* method;
toddouska 0:5045d2638c29 526 buffer certificate;
toddouska 0:5045d2638c29 527 buffer privateKey;
toddouska 0:5045d2638c29 528 Signer* caList; /* SSL_CTX owns this, SSL will reference */
toddouska 0:5045d2638c29 529 Suites suites;
toddouska 0:5045d2638c29 530 void* heap; /* for user memory overrides */
toddouska 0:5045d2638c29 531 byte verifyPeer;
toddouska 0:5045d2638c29 532 byte verifyNone;
toddouska 0:5045d2638c29 533 byte failNoCert;
toddouska 0:5045d2638c29 534 byte sessionCacheOff;
toddouska 0:5045d2638c29 535 byte sessionCacheFlushOff;
toddouska 0:5045d2638c29 536 byte sendVerify; /* for client side */
toddouska 0:5045d2638c29 537 byte haveDH; /* server DH parms set by user */
toddouska 0:5045d2638c29 538 byte haveNTRU; /* server private NTRU key loaded */
toddouska 0:5045d2638c29 539 byte partialWrite; /* only one msg per write call */
toddouska 0:5045d2638c29 540 byte quietShutdown; /* don't send close notify */
toddouska 0:5045d2638c29 541 CallbackIORecv CBIORecv;
toddouska 0:5045d2638c29 542 CallbackIOSend CBIOSend;
toddouska 0:5045d2638c29 543 VerifyCallback verifyCallback; /* cert verification callback */
toddouska 0:5045d2638c29 544 #ifndef NO_PSK
toddouska 0:5045d2638c29 545 byte havePSK; /* psk key set by user */
toddouska 0:5045d2638c29 546 psk_client_callback client_psk_cb; /* client callback */
toddouska 0:5045d2638c29 547 psk_server_callback server_psk_cb; /* server callback */
toddouska 0:5045d2638c29 548 char server_hint[MAX_PSK_ID_LEN];
toddouska 0:5045d2638c29 549 #endif /* NO_PSK */
toddouska 0:5045d2638c29 550 #ifdef OPENSSL_EXTRA
toddouska 0:5045d2638c29 551 pem_password_cb passwd_cb;
toddouska 0:5045d2638c29 552 void* userdata;
toddouska 0:5045d2638c29 553 #endif /* OPENSSL_EXTRA */
toddouska 0:5045d2638c29 554 };
toddouska 0:5045d2638c29 555
toddouska 0:5045d2638c29 556
toddouska 0:5045d2638c29 557 void InitSSL_Ctx(SSL_CTX*, SSL_METHOD*);
toddouska 0:5045d2638c29 558 void FreeSSL_Ctx(SSL_CTX*);
toddouska 0:5045d2638c29 559 void SSL_CtxResourceFree(SSL_CTX*);
toddouska 0:5045d2638c29 560
toddouska 0:5045d2638c29 561 int DeriveTlsKeys(SSL* ssl);
toddouska 0:5045d2638c29 562 int ProcessOldClientHello(SSL* ssl, const byte* input, word32* inOutIdx,
toddouska 0:5045d2638c29 563 word32 inSz, word16 sz);
toddouska 0:5045d2638c29 564
toddouska 0:5045d2638c29 565 /* All cipher suite related info */
toddouska 0:5045d2638c29 566 typedef struct CipherSpecs {
toddouska 0:5045d2638c29 567 byte bulk_cipher_algorithm;
toddouska 0:5045d2638c29 568 byte cipher_type; /* block or stream */
toddouska 0:5045d2638c29 569 byte mac_algorithm;
toddouska 0:5045d2638c29 570 byte kea; /* key exchange algo */
toddouska 0:5045d2638c29 571 byte sig_algo;
toddouska 0:5045d2638c29 572 byte hash_size;
toddouska 0:5045d2638c29 573 byte pad_size;
toddouska 0:5045d2638c29 574 word16 key_size;
toddouska 0:5045d2638c29 575 word16 iv_size;
toddouska 0:5045d2638c29 576 word16 block_size;
toddouska 0:5045d2638c29 577 } CipherSpecs;
toddouska 0:5045d2638c29 578
toddouska 0:5045d2638c29 579
toddouska 0:5045d2638c29 580
toddouska 0:5045d2638c29 581 /* Supported Ciphers from page 43 */
toddouska 0:5045d2638c29 582 enum BulkCipherAlgorithm {
toddouska 0:5045d2638c29 583 cipher_null,
toddouska 0:5045d2638c29 584 rc4,
toddouska 0:5045d2638c29 585 rc2,
toddouska 0:5045d2638c29 586 des,
toddouska 0:5045d2638c29 587 triple_des, /* leading 3 (3des) not valid identifier */
toddouska 0:5045d2638c29 588 des40,
toddouska 0:5045d2638c29 589 idea,
toddouska 0:5045d2638c29 590 aes,
toddouska 0:5045d2638c29 591 hc128, /* CyaSSL extensions */
toddouska 0:5045d2638c29 592 rabbit
toddouska 0:5045d2638c29 593 };
toddouska 0:5045d2638c29 594
toddouska 0:5045d2638c29 595
toddouska 0:5045d2638c29 596 /* Supported Message Authentication Codes from page 43 */
toddouska 0:5045d2638c29 597 enum MACAlgorithm {
toddouska 0:5045d2638c29 598 no_mac,
toddouska 0:5045d2638c29 599 md5_mac,
toddouska 0:5045d2638c29 600 sha_mac,
toddouska 0:5045d2638c29 601 rmd_mac,
toddouska 0:5045d2638c29 602 sha256_mac
toddouska 0:5045d2638c29 603 };
toddouska 0:5045d2638c29 604
toddouska 0:5045d2638c29 605
toddouska 0:5045d2638c29 606 /* Supported Key Exchange Protocols */
toddouska 0:5045d2638c29 607 enum KeyExchangeAlgorithm {
toddouska 0:5045d2638c29 608 no_kea = 0,
toddouska 0:5045d2638c29 609 rsa_kea,
toddouska 0:5045d2638c29 610 diffie_hellman_kea,
toddouska 0:5045d2638c29 611 fortezza_kea,
toddouska 0:5045d2638c29 612 psk_kea,
toddouska 0:5045d2638c29 613 ntru_kea
toddouska 0:5045d2638c29 614 };
toddouska 0:5045d2638c29 615
toddouska 0:5045d2638c29 616
toddouska 0:5045d2638c29 617 /* Supported Authentication Schemes */
toddouska 0:5045d2638c29 618 enum SignatureAlgorithm {
toddouska 0:5045d2638c29 619 anonymous_sa_algo = 0,
toddouska 0:5045d2638c29 620 rsa_sa_algo,
toddouska 0:5045d2638c29 621 dsa_sa_algo
toddouska 0:5045d2638c29 622 };
toddouska 0:5045d2638c29 623
toddouska 0:5045d2638c29 624
toddouska 0:5045d2638c29 625 /* Valid client certificate request types from page 27 */
toddouska 0:5045d2638c29 626 enum ClientCertificateType {
toddouska 0:5045d2638c29 627 rsa_sign = 1,
toddouska 0:5045d2638c29 628 dss_sign = 2,
toddouska 0:5045d2638c29 629 rsa_fixed_dh = 3,
toddouska 0:5045d2638c29 630 dss_fixed_dh = 4,
toddouska 0:5045d2638c29 631 rsa_ephemeral_dh = 5,
toddouska 0:5045d2638c29 632 dss_ephemeral_dh = 6,
toddouska 0:5045d2638c29 633 fortezza_kea_cert = 20
toddouska 0:5045d2638c29 634 };
toddouska 0:5045d2638c29 635
toddouska 0:5045d2638c29 636
toddouska 0:5045d2638c29 637 enum CipherType { stream, block };
toddouska 0:5045d2638c29 638
toddouska 0:5045d2638c29 639
toddouska 0:5045d2638c29 640 /* keys and secrets */
toddouska 0:5045d2638c29 641 typedef struct Keys {
toddouska 0:5045d2638c29 642 byte client_write_MAC_secret[SHA_DIGEST_SIZE]; /* max sizes */
toddouska 0:5045d2638c29 643 byte server_write_MAC_secret[SHA_DIGEST_SIZE];
toddouska 0:5045d2638c29 644 byte client_write_key[AES_256_KEY_SIZE]; /* max sizes */
toddouska 0:5045d2638c29 645 byte server_write_key[AES_256_KEY_SIZE];
toddouska 0:5045d2638c29 646 byte client_write_IV[AES_IV_SIZE]; /* max sizes */
toddouska 0:5045d2638c29 647 byte server_write_IV[AES_IV_SIZE];
toddouska 0:5045d2638c29 648
toddouska 0:5045d2638c29 649 word32 peer_sequence_number;
toddouska 0:5045d2638c29 650 word32 sequence_number;
toddouska 0:5045d2638c29 651
toddouska 0:5045d2638c29 652 #ifdef CYASSL_DTLS
toddouska 0:5045d2638c29 653 word32 dtls_sequence_number;
toddouska 0:5045d2638c29 654 word32 dtls_peer_sequence_number;
toddouska 0:5045d2638c29 655 word16 dtls_handshake_number;
toddouska 0:5045d2638c29 656 word16 dtls_epoch;
toddouska 0:5045d2638c29 657 word16 dtls_peer_epoch;
toddouska 0:5045d2638c29 658 #endif
toddouska 0:5045d2638c29 659
toddouska 0:5045d2638c29 660 word32 encryptSz; /* last size of encrypted data */
toddouska 0:5045d2638c29 661 byte encryptionOn; /* true after change cipher spec */
toddouska 0:5045d2638c29 662 } Keys;
toddouska 0:5045d2638c29 663
toddouska 0:5045d2638c29 664
toddouska 0:5045d2638c29 665 /* cipher for now */
toddouska 0:5045d2638c29 666 typedef union {
toddouska 0:5045d2638c29 667 #ifdef BUILD_ARC4
toddouska 0:5045d2638c29 668 Arc4 arc4;
toddouska 0:5045d2638c29 669 #endif
toddouska 0:5045d2638c29 670 #ifdef BUILD_DES3
toddouska 0:5045d2638c29 671 Des3 des3;
toddouska 0:5045d2638c29 672 #endif
toddouska 0:5045d2638c29 673 #ifdef BUILD_AES
toddouska 0:5045d2638c29 674 Aes aes;
toddouska 0:5045d2638c29 675 #endif
toddouska 0:5045d2638c29 676 #ifdef BUILD_HC128
toddouska 0:5045d2638c29 677 HC128 hc128;
toddouska 0:5045d2638c29 678 #endif
toddouska 0:5045d2638c29 679 #ifdef BUILD_RABBIT
toddouska 0:5045d2638c29 680 Rabbit rabbit;
toddouska 0:5045d2638c29 681 #endif
toddouska 0:5045d2638c29 682 } Ciphers;
toddouska 0:5045d2638c29 683
toddouska 0:5045d2638c29 684
toddouska 0:5045d2638c29 685 /* hashes type */
toddouska 0:5045d2638c29 686 typedef struct Hashes {
toddouska 0:5045d2638c29 687 byte md5[MD5_DIGEST_SIZE];
toddouska 0:5045d2638c29 688 byte sha[SHA_DIGEST_SIZE];
toddouska 0:5045d2638c29 689 } Hashes;
toddouska 0:5045d2638c29 690
toddouska 0:5045d2638c29 691
toddouska 0:5045d2638c29 692 /* Static x509 buffer */
toddouska 0:5045d2638c29 693 typedef struct x509_buffer {
toddouska 0:5045d2638c29 694 int length; /* actual size */
toddouska 0:5045d2638c29 695 byte buffer[MAX_X509_SIZE]; /* max static cert size */
toddouska 0:5045d2638c29 696 } x509_buffer;
toddouska 0:5045d2638c29 697
toddouska 0:5045d2638c29 698
toddouska 0:5045d2638c29 699 /* CyaSSL X509_CHAIN, for no dynamic memory SESSION_CACHE */
toddouska 0:5045d2638c29 700 struct X509_CHAIN {
toddouska 0:5045d2638c29 701 int count; /* total number in chain */
toddouska 0:5045d2638c29 702 x509_buffer certs[MAX_CHAIN_DEPTH]; /* only allow max depth 4 for now */
toddouska 0:5045d2638c29 703 };
toddouska 0:5045d2638c29 704
toddouska 0:5045d2638c29 705
toddouska 0:5045d2638c29 706 /* openSSL session type */
toddouska 0:5045d2638c29 707 struct SSL_SESSION {
toddouska 0:5045d2638c29 708 byte sessionID[ID_LEN];
toddouska 0:5045d2638c29 709 byte masterSecret[SECRET_LEN];
toddouska 0:5045d2638c29 710 word32 bornOn; /* create time in seconds */
toddouska 0:5045d2638c29 711 word32 timeout; /* timeout in seconds */
toddouska 0:5045d2638c29 712 #ifdef SESSION_CERTS
toddouska 0:5045d2638c29 713 X509_CHAIN chain; /* peer cert chain, static */
toddouska 0:5045d2638c29 714 ProtocolVersion version;
toddouska 0:5045d2638c29 715 byte cipherSuite;
toddouska 0:5045d2638c29 716 #endif
toddouska 0:5045d2638c29 717 };
toddouska 0:5045d2638c29 718
toddouska 0:5045d2638c29 719
toddouska 0:5045d2638c29 720 SSL_SESSION* GetSession(SSL*, byte*);
toddouska 0:5045d2638c29 721 int SetSession(SSL*, SSL_SESSION*);
toddouska 0:5045d2638c29 722
toddouska 0:5045d2638c29 723 typedef void (*hmacfp) (SSL*, byte*, const byte*, word32, int, int);
toddouska 0:5045d2638c29 724
toddouska 0:5045d2638c29 725
toddouska 0:5045d2638c29 726 /* client connect state for nonblocking restart */
toddouska 0:5045d2638c29 727 enum ConnectState {
toddouska 0:5045d2638c29 728 CONNECT_BEGIN = 0,
toddouska 0:5045d2638c29 729 CLIENT_HELLO_SENT,
toddouska 0:5045d2638c29 730 HELLO_AGAIN, /* HELLO_AGAIN s for DTLS case */
toddouska 0:5045d2638c29 731 HELLO_AGAIN_REPLY,
toddouska 0:5045d2638c29 732 FIRST_REPLY_DONE,
toddouska 0:5045d2638c29 733 FIRST_REPLY_FIRST,
toddouska 0:5045d2638c29 734 FIRST_REPLY_SECOND,
toddouska 0:5045d2638c29 735 FIRST_REPLY_THIRD,
toddouska 0:5045d2638c29 736 FIRST_REPLY_FOURTH,
toddouska 0:5045d2638c29 737 FINISHED_DONE,
toddouska 0:5045d2638c29 738 SECOND_REPLY_DONE
toddouska 0:5045d2638c29 739 };
toddouska 0:5045d2638c29 740
toddouska 0:5045d2638c29 741
toddouska 0:5045d2638c29 742 /* server accpet state for nonblocking restart */
toddouska 0:5045d2638c29 743 enum AcceptState {
toddouska 0:5045d2638c29 744 ACCEPT_BEGIN = 0,
toddouska 0:5045d2638c29 745 ACCEPT_CLIENT_HELLO_DONE,
toddouska 0:5045d2638c29 746 HELLO_VERIFY_SENT,
toddouska 0:5045d2638c29 747 ACCEPT_FIRST_REPLY_DONE,
toddouska 0:5045d2638c29 748 SERVER_HELLO_SENT,
toddouska 0:5045d2638c29 749 CERT_SENT,
toddouska 0:5045d2638c29 750 KEY_EXCHANGE_SENT,
toddouska 0:5045d2638c29 751 CERT_REQ_SENT,
toddouska 0:5045d2638c29 752 SERVER_HELLO_DONE,
toddouska 0:5045d2638c29 753 ACCEPT_SECOND_REPLY_DONE,
toddouska 0:5045d2638c29 754 CHANGE_CIPHER_SENT,
toddouska 0:5045d2638c29 755 ACCEPT_FINISHED_DONE,
toddouska 0:5045d2638c29 756 ACCEPT_THIRD_REPLY_DONE
toddouska 0:5045d2638c29 757 };
toddouska 0:5045d2638c29 758
toddouska 0:5045d2638c29 759
toddouska 0:5045d2638c29 760 typedef struct Buffers {
toddouska 0:5045d2638c29 761 buffer certificate; /* SSL_CTX owns */
toddouska 0:5045d2638c29 762 buffer key; /* SSL_CTX owns */
toddouska 0:5045d2638c29 763 buffer domainName; /* for client check */
toddouska 0:5045d2638c29 764 buffer serverDH_P;
toddouska 0:5045d2638c29 765 buffer serverDH_G;
toddouska 0:5045d2638c29 766 buffer serverDH_Pub;
toddouska 0:5045d2638c29 767 buffer serverDH_Priv;
toddouska 0:5045d2638c29 768 bufferStatic inputBuffer;
toddouska 0:5045d2638c29 769 bufferStatic outputBuffer;
toddouska 0:5045d2638c29 770 buffer clearOutputBuffer;
toddouska 0:5045d2638c29 771 int prevSent; /* previous plain text bytes sent
toddouska 0:5045d2638c29 772 when got WANT_WRITE */
toddouska 0:5045d2638c29 773 int plainSz; /* plain text bytes in buffer to send
toddouska 0:5045d2638c29 774 when got WANT_WRITE */
toddouska 0:5045d2638c29 775 } Buffers;
toddouska 0:5045d2638c29 776
toddouska 0:5045d2638c29 777
toddouska 0:5045d2638c29 778 typedef struct Options {
toddouska 0:5045d2638c29 779 byte sessionCacheOff;
toddouska 0:5045d2638c29 780 byte sessionCacheFlushOff;
toddouska 0:5045d2638c29 781 byte cipherSuite;
toddouska 0:5045d2638c29 782 byte serverState;
toddouska 0:5045d2638c29 783 byte clientState;
toddouska 0:5045d2638c29 784 byte handShakeState;
toddouska 0:5045d2638c29 785 byte side; /* client or server end */
toddouska 0:5045d2638c29 786 byte verifyPeer;
toddouska 0:5045d2638c29 787 byte verifyNone;
toddouska 0:5045d2638c29 788 byte failNoCert;
toddouska 0:5045d2638c29 789 byte downgrade; /* allow downgrade of versions */
toddouska 0:5045d2638c29 790 byte sendVerify; /* false = 0, true = 1, sendBlank = 2 */
toddouska 0:5045d2638c29 791 byte resuming;
toddouska 0:5045d2638c29 792 byte tls; /* using TLS ? */
toddouska 0:5045d2638c29 793 byte tls1_1; /* using TLSv1.1+ ? */
toddouska 0:5045d2638c29 794 byte dtls; /* using datagrams ? */
toddouska 0:5045d2638c29 795 byte connReset; /* has the peer reset */
toddouska 0:5045d2638c29 796 byte isClosed; /* if we consider conn closed */
toddouska 0:5045d2638c29 797 byte closeNotify; /* we've recieved a close notify */
toddouska 0:5045d2638c29 798 byte sentNotify; /* we've sent a close notify */
toddouska 0:5045d2638c29 799 byte connectState; /* nonblocking resume */
toddouska 0:5045d2638c29 800 byte acceptState; /* nonblocking resume */
toddouska 0:5045d2638c29 801 byte usingCompression; /* are we using compression */
toddouska 0:5045d2638c29 802 byte haveDH; /* server DH parms set by user */
toddouska 0:5045d2638c29 803 byte haveNTRU; /* server NTRU private key loaded */
toddouska 0:5045d2638c29 804 byte havePeerCert; /* do we have peer's cert */
toddouska 0:5045d2638c29 805 byte usingPSK_cipher; /* whether we're using psk as cipher */
toddouska 0:5045d2638c29 806 byte sendAlertState; /* nonblocking resume */
toddouska 0:5045d2638c29 807 byte processReply; /* nonblocking resume */
toddouska 0:5045d2638c29 808 byte partialWrite; /* only one msg per write call */
toddouska 0:5045d2638c29 809 byte quietShutdown; /* don't send close notify */
toddouska 0:5045d2638c29 810 #ifndef NO_PSK
toddouska 0:5045d2638c29 811 byte havePSK; /* psk key set by user */
toddouska 0:5045d2638c29 812 psk_client_callback client_psk_cb;
toddouska 0:5045d2638c29 813 psk_server_callback server_psk_cb;
toddouska 0:5045d2638c29 814 #endif /* NO_PSK */
toddouska 0:5045d2638c29 815 } Options;
toddouska 0:5045d2638c29 816
toddouska 0:5045d2638c29 817
toddouska 0:5045d2638c29 818 typedef struct Arrays {
toddouska 0:5045d2638c29 819 byte clientRandom[RAN_LEN];
toddouska 0:5045d2638c29 820 byte serverRandom[RAN_LEN];
toddouska 0:5045d2638c29 821 byte sessionID[ID_LEN];
toddouska 0:5045d2638c29 822 byte preMasterSecret[ENCRYPT_LEN];
toddouska 0:5045d2638c29 823 byte masterSecret[SECRET_LEN];
toddouska 0:5045d2638c29 824 #ifdef CYASSL_DTLS
toddouska 0:5045d2638c29 825 byte cookie[MAX_COOKIE_LEN];
toddouska 0:5045d2638c29 826 #endif
toddouska 0:5045d2638c29 827 #ifndef NO_PSK
toddouska 0:5045d2638c29 828 char client_identity[MAX_PSK_ID_LEN];
toddouska 0:5045d2638c29 829 char server_hint[MAX_PSK_ID_LEN];
toddouska 0:5045d2638c29 830 byte psk_key[MAX_PSK_KEY_LEN];
toddouska 0:5045d2638c29 831 word32 psk_keySz; /* acutal size */
toddouska 0:5045d2638c29 832 #endif
toddouska 0:5045d2638c29 833 word32 preMasterSz; /* differs for DH, actual size */
toddouska 0:5045d2638c29 834 } Arrays;
toddouska 0:5045d2638c29 835
toddouska 0:5045d2638c29 836
toddouska 0:5045d2638c29 837 #undef X509_NAME
toddouska 0:5045d2638c29 838
toddouska 0:5045d2638c29 839 struct X509_NAME {
toddouska 0:5045d2638c29 840 char name[ASN_NAME_MAX];
toddouska 0:5045d2638c29 841 int sz;
toddouska 0:5045d2638c29 842 };
toddouska 0:5045d2638c29 843
toddouska 0:5045d2638c29 844
toddouska 0:5045d2638c29 845 struct X509 {
toddouska 0:5045d2638c29 846 X509_NAME issuer;
toddouska 0:5045d2638c29 847 X509_NAME subject;
toddouska 0:5045d2638c29 848 };
toddouska 0:5045d2638c29 849
toddouska 0:5045d2638c29 850
toddouska 0:5045d2638c29 851 /* record layer header for PlainText, Compressed, and CipherText */
toddouska 0:5045d2638c29 852 typedef struct RecordLayerHeader {
toddouska 0:5045d2638c29 853 byte type;
toddouska 0:5045d2638c29 854 ProtocolVersion version;
toddouska 0:5045d2638c29 855 byte length[2];
toddouska 0:5045d2638c29 856 } RecordLayerHeader;
toddouska 0:5045d2638c29 857
toddouska 0:5045d2638c29 858
toddouska 0:5045d2638c29 859 /* record layer header for DTLS PlainText, Compressed, and CipherText */
toddouska 0:5045d2638c29 860 typedef struct DtlsRecordLayerHeader {
toddouska 0:5045d2638c29 861 byte type;
toddouska 0:5045d2638c29 862 ProtocolVersion version;
toddouska 0:5045d2638c29 863 byte epoch[2]; /* increment on cipher state change */
toddouska 0:5045d2638c29 864 byte sequence_number[6]; /* per record */
toddouska 0:5045d2638c29 865 byte length[2];
toddouska 0:5045d2638c29 866 } DtlsRecordLayerHeader;
toddouska 0:5045d2638c29 867
toddouska 0:5045d2638c29 868
toddouska 0:5045d2638c29 869 /* OpenSSL ssl type */
toddouska 0:5045d2638c29 870 struct SSL {
toddouska 0:5045d2638c29 871 SSL_CTX* ctx;
toddouska 0:5045d2638c29 872 int error;
toddouska 0:5045d2638c29 873 ProtocolVersion version; /* negotiated version */
toddouska 0:5045d2638c29 874 ProtocolVersion chVersion; /* client hello version */
toddouska 0:5045d2638c29 875 Suites suites;
toddouska 0:5045d2638c29 876 Ciphers encrypt;
toddouska 0:5045d2638c29 877 Ciphers decrypt;
toddouska 0:5045d2638c29 878 CipherSpecs specs;
toddouska 0:5045d2638c29 879 Keys keys;
toddouska 0:5045d2638c29 880 int rfd; /* read file descriptor */
toddouska 0:5045d2638c29 881 int wfd; /* write file descriptor */
toddouska 0:5045d2638c29 882 BIO* biord; /* socket bio read to free/close */
toddouska 0:5045d2638c29 883 BIO* biowr; /* socket bio write to free/close */
toddouska 0:5045d2638c29 884 void* IOCB_ReadCtx;
toddouska 0:5045d2638c29 885 void* IOCB_WriteCtx;
toddouska 0:5045d2638c29 886 RNG rng;
toddouska 0:5045d2638c29 887 Md5 hashMd5; /* md5 hash of handshake msgs */
toddouska 0:5045d2638c29 888 Sha hashSha; /* sha hash of handshake msgs */
toddouska 0:5045d2638c29 889 Hashes verifyHashes;
toddouska 0:5045d2638c29 890 Hashes certHashes; /* for cert verify */
toddouska 0:5045d2638c29 891 Signer* caList; /* SSL_CTX owns */
toddouska 0:5045d2638c29 892 Buffers buffers;
toddouska 0:5045d2638c29 893 Options options;
toddouska 0:5045d2638c29 894 Arrays arrays;
toddouska 0:5045d2638c29 895 SSL_SESSION session;
toddouska 0:5045d2638c29 896 RsaKey peerRsaKey;
toddouska 0:5045d2638c29 897 byte peerRsaKeyPresent;
toddouska 0:5045d2638c29 898 #ifdef HAVE_NTRU
toddouska 0:5045d2638c29 899 word16 peerNtruKeyLen;
toddouska 0:5045d2638c29 900 byte peerNtruKey[MAX_NTRU_PUB_KEY_SZ];
toddouska 0:5045d2638c29 901 byte peerNtruKeyPresent;
toddouska 0:5045d2638c29 902 #endif
toddouska 0:5045d2638c29 903 hmacfp hmac;
toddouska 0:5045d2638c29 904 void* heap; /* for user overrides */
toddouska 0:5045d2638c29 905 RecordLayerHeader curRL;
toddouska 0:5045d2638c29 906 word16 curSize;
toddouska 0:5045d2638c29 907 SSL_CIPHER cipher;
toddouska 0:5045d2638c29 908 #ifdef HAVE_LIBZ
toddouska 0:5045d2638c29 909 z_stream c_stream; /* compression stream */
toddouska 0:5045d2638c29 910 z_stream d_stream; /* decompression stream */
toddouska 0:5045d2638c29 911 byte didStreamInit; /* for stream init and end */
toddouska 0:5045d2638c29 912 #endif
toddouska 0:5045d2638c29 913 #ifdef CYASSL_CALLBACKS
toddouska 0:5045d2638c29 914 HandShakeInfo handShakeInfo; /* info saved during handshake */
toddouska 0:5045d2638c29 915 TimeoutInfo timeoutInfo; /* info saved during handshake */
toddouska 0:5045d2638c29 916 byte hsInfoOn; /* track handshake info */
toddouska 0:5045d2638c29 917 byte toInfoOn; /* track timeout info */
toddouska 0:5045d2638c29 918 #endif
toddouska 0:5045d2638c29 919 #ifdef OPENSSL_EXTRA
toddouska 0:5045d2638c29 920 X509 peerCert; /* X509 peer cert */
toddouska 0:5045d2638c29 921 #endif
toddouska 0:5045d2638c29 922 };
toddouska 0:5045d2638c29 923
toddouska 0:5045d2638c29 924
toddouska 0:5045d2638c29 925 int InitSSL(SSL*, SSL_CTX*);
toddouska 0:5045d2638c29 926 void FreeSSL(SSL*);
toddouska 0:5045d2638c29 927 void SSL_ResourceFree(SSL*);
toddouska 0:5045d2638c29 928
toddouska 0:5045d2638c29 929
toddouska 0:5045d2638c29 930 enum {
toddouska 0:5045d2638c29 931 IV_SZ = 32, /* max iv sz */
toddouska 0:5045d2638c29 932 NAME_SZ = 80, /* max one line */
toddouska 0:5045d2638c29 933 };
toddouska 0:5045d2638c29 934
toddouska 0:5045d2638c29 935
toddouska 0:5045d2638c29 936 typedef struct EncryptedInfo {
toddouska 0:5045d2638c29 937 char name[NAME_SZ];
toddouska 0:5045d2638c29 938 byte iv[IV_SZ];
toddouska 0:5045d2638c29 939 word32 ivSz;
toddouska 0:5045d2638c29 940 byte set;
toddouska 0:5045d2638c29 941 } EncryptedInfo;
toddouska 0:5045d2638c29 942
toddouska 0:5045d2638c29 943
toddouska 0:5045d2638c29 944 #ifdef CYASSL_CALLBACKS
toddouska 0:5045d2638c29 945 void InitHandShakeInfo(HandShakeInfo*);
toddouska 0:5045d2638c29 946 void FinishHandShakeInfo(HandShakeInfo*, const SSL*);
toddouska 0:5045d2638c29 947 void AddPacketName(const char*, HandShakeInfo*);
toddouska 0:5045d2638c29 948
toddouska 0:5045d2638c29 949 void InitTimeoutInfo(TimeoutInfo*);
toddouska 0:5045d2638c29 950 void FreeTimeoutInfo(TimeoutInfo*, void*);
toddouska 0:5045d2638c29 951 void AddPacketInfo(const char*, TimeoutInfo*, const byte*, int, void*);
toddouska 0:5045d2638c29 952 void AddLateName(const char*, TimeoutInfo*);
toddouska 0:5045d2638c29 953 void AddLateRecordHeader(const RecordLayerHeader* rl, TimeoutInfo* info);
toddouska 0:5045d2638c29 954 #endif
toddouska 0:5045d2638c29 955
toddouska 0:5045d2638c29 956
toddouska 0:5045d2638c29 957 /* Record Layer Header identifier from page 12 */
toddouska 0:5045d2638c29 958 enum ContentType {
toddouska 0:5045d2638c29 959 no_type = 0,
toddouska 0:5045d2638c29 960 change_cipher_spec = 20,
toddouska 0:5045d2638c29 961 alert = 21,
toddouska 0:5045d2638c29 962 handshake = 22,
toddouska 0:5045d2638c29 963 application_data = 23
toddouska 0:5045d2638c29 964 };
toddouska 0:5045d2638c29 965
toddouska 0:5045d2638c29 966
toddouska 0:5045d2638c29 967 /* handshake header, same for each message type, pgs 20/21 */
toddouska 0:5045d2638c29 968 typedef struct HandShakeHeader {
toddouska 0:5045d2638c29 969 byte type;
toddouska 0:5045d2638c29 970 word24 length;
toddouska 0:5045d2638c29 971 } HandShakeHeader;
toddouska 0:5045d2638c29 972
toddouska 0:5045d2638c29 973
toddouska 0:5045d2638c29 974 /* DTLS handshake header, same for each message type */
toddouska 0:5045d2638c29 975 typedef struct DtlsHandShakeHeader {
toddouska 0:5045d2638c29 976 byte type;
toddouska 0:5045d2638c29 977 word24 length;
toddouska 0:5045d2638c29 978 byte message_seq[2]; /* start at 0, restransmit gets same # */
toddouska 0:5045d2638c29 979 word24 fragment_offset; /* bytes in previous fragments */
toddouska 0:5045d2638c29 980 word24 fragment_length; /* length of this fragment */
toddouska 0:5045d2638c29 981 } DtlsHandShakeHeader;
toddouska 0:5045d2638c29 982
toddouska 0:5045d2638c29 983
toddouska 0:5045d2638c29 984 enum HandShakeType {
toddouska 0:5045d2638c29 985 no_shake = -1,
toddouska 0:5045d2638c29 986 hello_request = 0,
toddouska 0:5045d2638c29 987 client_hello = 1,
toddouska 0:5045d2638c29 988 server_hello = 2,
toddouska 0:5045d2638c29 989 hello_verify_request = 3, /* DTLS addition */
toddouska 0:5045d2638c29 990 certificate = 11,
toddouska 0:5045d2638c29 991 server_key_exchange = 12,
toddouska 0:5045d2638c29 992 certificate_request = 13,
toddouska 0:5045d2638c29 993 server_hello_done = 14,
toddouska 0:5045d2638c29 994 certificate_verify = 15,
toddouska 0:5045d2638c29 995 client_key_exchange = 16,
toddouska 0:5045d2638c29 996 finished = 20
toddouska 0:5045d2638c29 997 };
toddouska 0:5045d2638c29 998
toddouska 0:5045d2638c29 999
toddouska 0:5045d2638c29 1000 /* Valid Alert types from page 16/17 */
toddouska 0:5045d2638c29 1001 enum AlertDescription {
toddouska 0:5045d2638c29 1002 close_notify = 0,
toddouska 0:5045d2638c29 1003 unexpected_message = 10,
toddouska 0:5045d2638c29 1004 bad_record_mac = 20,
toddouska 0:5045d2638c29 1005 decompression_failure = 30,
toddouska 0:5045d2638c29 1006 handshake_failure = 40,
toddouska 0:5045d2638c29 1007 no_certificate = 41,
toddouska 0:5045d2638c29 1008 bad_certificate = 42,
toddouska 0:5045d2638c29 1009 unsupported_certificate = 43,
toddouska 0:5045d2638c29 1010 certificate_revoked = 44,
toddouska 0:5045d2638c29 1011 certificate_expired = 45,
toddouska 0:5045d2638c29 1012 certificate_unknown = 46,
toddouska 0:5045d2638c29 1013 illegal_parameter = 47,
toddouska 0:5045d2638c29 1014 decrypt_error = 51
toddouska 0:5045d2638c29 1015 };
toddouska 0:5045d2638c29 1016
toddouska 0:5045d2638c29 1017
toddouska 0:5045d2638c29 1018 /* I/O Callback default errors */
toddouska 0:5045d2638c29 1019 enum IOerrors {
toddouska 0:5045d2638c29 1020 IO_ERR_GENERAL = -1, /* general unexpected err, not in below group */
toddouska 0:5045d2638c29 1021 IO_ERR_WANT_READ = -2, /* need to call read again */
toddouska 0:5045d2638c29 1022 IO_ERR_WANT_WRITE = -2, /* need to call write again */
toddouska 0:5045d2638c29 1023 IO_ERR_CONN_RST = -3, /* connection reset */
toddouska 0:5045d2638c29 1024 IO_ERR_ISR = -4, /* interrupt */
toddouska 0:5045d2638c29 1025 IO_ERR_CONN_CLOSE = -5 /* connection closed or epipe */
toddouska 0:5045d2638c29 1026 };
toddouska 0:5045d2638c29 1027
toddouska 0:5045d2638c29 1028
toddouska 0:5045d2638c29 1029 enum AlertLevel {
toddouska 0:5045d2638c29 1030 alert_warning = 1,
toddouska 0:5045d2638c29 1031 alert_fatal = 2
toddouska 0:5045d2638c29 1032 };
toddouska 0:5045d2638c29 1033
toddouska 0:5045d2638c29 1034
toddouska 0:5045d2638c29 1035 static const byte client[SIZEOF_SENDER] = { 0x43, 0x4C, 0x4E, 0x54 };
toddouska 0:5045d2638c29 1036 static const byte server[SIZEOF_SENDER] = { 0x53, 0x52, 0x56, 0x52 };
toddouska 0:5045d2638c29 1037
toddouska 0:5045d2638c29 1038 static const byte tls_client[FINISHED_LABEL_SZ + 1] = "client finished";
toddouska 0:5045d2638c29 1039 static const byte tls_server[FINISHED_LABEL_SZ + 1] = "server finished";
toddouska 0:5045d2638c29 1040
toddouska 0:5045d2638c29 1041
toddouska 0:5045d2638c29 1042 /* internal functions */
toddouska 0:5045d2638c29 1043 int SendChangeCipher(SSL*);
toddouska 0:5045d2638c29 1044 int SendData(SSL*, const void*, int);
toddouska 0:5045d2638c29 1045 int SendCertificate(SSL*);
toddouska 0:5045d2638c29 1046 int SendCertificateRequest(SSL*);
toddouska 0:5045d2638c29 1047 int SendServerKeyExchange(SSL*);
toddouska 0:5045d2638c29 1048 int SendBuffered(SSL*);
toddouska 0:5045d2638c29 1049 int ReceiveData(SSL*, byte*, int);
toddouska 0:5045d2638c29 1050 int SendFinished(SSL*);
toddouska 0:5045d2638c29 1051 int SendAlert(SSL*, int, int);
toddouska 0:5045d2638c29 1052 int ProcessReply(SSL*);
toddouska 0:5045d2638c29 1053
toddouska 0:5045d2638c29 1054 int SetCipherSpecs(SSL*);
toddouska 0:5045d2638c29 1055 int MakeMasterSecret(SSL*);
toddouska 0:5045d2638c29 1056
toddouska 0:5045d2638c29 1057 int AddSession(SSL*);
toddouska 0:5045d2638c29 1058 int DeriveKeys(SSL* ssl);
toddouska 0:5045d2638c29 1059 int StoreKeys(SSL* ssl, const byte* keyData);
toddouska 0:5045d2638c29 1060
toddouska 0:5045d2638c29 1061 int IsTLS(const SSL* ssl);
toddouska 0:5045d2638c29 1062 int IsAtLeastTLSv1_2(const SSL* ssl);
toddouska 0:5045d2638c29 1063
toddouska 0:5045d2638c29 1064 void ShrinkInputBuffer(SSL* ssl, int forcedFree);
toddouska 0:5045d2638c29 1065 void ShrinkOutputBuffer(SSL* ssl);
toddouska 0:5045d2638c29 1066
toddouska 0:5045d2638c29 1067 #ifndef NO_CYASSL_CLIENT
toddouska 0:5045d2638c29 1068 int SendClientHello(SSL*);
toddouska 0:5045d2638c29 1069 int SendClientKeyExchange(SSL*);
toddouska 0:5045d2638c29 1070 int SendCertificateVerify(SSL*);
toddouska 0:5045d2638c29 1071 #endif /* NO_CYASSL_CLIENT */
toddouska 0:5045d2638c29 1072
toddouska 0:5045d2638c29 1073 #ifndef NO_CYASSL_SERVER
toddouska 0:5045d2638c29 1074 int SendServerHello(SSL*);
toddouska 0:5045d2638c29 1075 int SendServerHelloDone(SSL*);
toddouska 0:5045d2638c29 1076 #ifdef CYASSL_DTLS
toddouska 0:5045d2638c29 1077 int SendHelloVerifyRequest(SSL*);
toddouska 0:5045d2638c29 1078 #endif
toddouska 0:5045d2638c29 1079 #endif /* NO_CYASSL_SERVER */
toddouska 0:5045d2638c29 1080
toddouska 0:5045d2638c29 1081
toddouska 0:5045d2638c29 1082 #ifndef NO_TLS
toddouska 0:5045d2638c29 1083
toddouska 0:5045d2638c29 1084
toddouska 0:5045d2638c29 1085 #endif /* NO_TLS */
toddouska 0:5045d2638c29 1086
toddouska 0:5045d2638c29 1087
toddouska 0:5045d2638c29 1088
toddouska 0:5045d2638c29 1089 typedef double timer_d;
toddouska 0:5045d2638c29 1090
toddouska 0:5045d2638c29 1091 timer_d Timer(void);
toddouska 0:5045d2638c29 1092 word32 LowResTimer(void);
toddouska 0:5045d2638c29 1093
toddouska 0:5045d2638c29 1094
toddouska 0:5045d2638c29 1095 #ifdef SINGLE_THREADED
toddouska 0:5045d2638c29 1096 typedef int CyaSSL_Mutex;
toddouska 0:5045d2638c29 1097 #else /* MULTI_THREADED */
toddouska 0:5045d2638c29 1098 #ifdef USE_WINDOWS_API
toddouska 0:5045d2638c29 1099 typedef CRITICAL_SECTION CyaSSL_Mutex;
toddouska 0:5045d2638c29 1100 #elif defined(CYASSL_PTHREADS)
toddouska 0:5045d2638c29 1101 typedef pthread_mutex_t CyaSSL_Mutex;
toddouska 0:5045d2638c29 1102 #elif defined(THREADX)
toddouska 0:5045d2638c29 1103 typedef TX_MUTEX CyaSSL_Mutex;
toddouska 0:5045d2638c29 1104 #elif defined(MICRIUM)
toddouska 0:5045d2638c29 1105 typedef OS_MUTEX CyaSSL_Mutex;
toddouska 0:5045d2638c29 1106 #else
toddouska 0:5045d2638c29 1107 #error Need a mutex type in multithreaded mode
toddouska 0:5045d2638c29 1108 #endif /* USE_WINDOWS_API */
toddouska 0:5045d2638c29 1109 #endif /* SINGLE_THREADED */
toddouska 0:5045d2638c29 1110
toddouska 0:5045d2638c29 1111 int InitMutex(CyaSSL_Mutex*);
toddouska 0:5045d2638c29 1112 int FreeMutex(CyaSSL_Mutex*);
toddouska 0:5045d2638c29 1113 int LockMutex(CyaSSL_Mutex*);
toddouska 0:5045d2638c29 1114 int UnLockMutex(CyaSSL_Mutex*);
toddouska 0:5045d2638c29 1115
toddouska 0:5045d2638c29 1116
toddouska 0:5045d2638c29 1117 #ifdef DEBUG_CYASSL
toddouska 0:5045d2638c29 1118
toddouska 0:5045d2638c29 1119 void CYASSL_ENTER(const char* msg);
toddouska 0:5045d2638c29 1120 void CYASSL_LEAVE(const char* msg, int ret);
toddouska 0:5045d2638c29 1121
toddouska 0:5045d2638c29 1122 void CYASSL_ERROR(int);
toddouska 0:5045d2638c29 1123 void CYASSL_MSG(const char* msg);
toddouska 0:5045d2638c29 1124
toddouska 0:5045d2638c29 1125 #else /* DEBUG_CYASSL */
toddouska 0:5045d2638c29 1126
toddouska 0:5045d2638c29 1127 #define CYASSL_ENTER(m)
toddouska 0:5045d2638c29 1128 #define CYASSL_LEAVE(m, r)
toddouska 0:5045d2638c29 1129
toddouska 0:5045d2638c29 1130 #define CYASSL_ERROR(e)
toddouska 0:5045d2638c29 1131 #define CYASSL_MSG(m)
toddouska 0:5045d2638c29 1132
toddouska 0:5045d2638c29 1133 #endif /* DEBUG_CYASSL */
toddouska 0:5045d2638c29 1134
toddouska 0:5045d2638c29 1135
toddouska 0:5045d2638c29 1136 #ifdef __cplusplus
toddouska 0:5045d2638c29 1137 } /* extern "C" */
toddouska 0:5045d2638c29 1138 #endif
toddouska 0:5045d2638c29 1139
toddouska 0:5045d2638c29 1140 #endif /* CyaSSL_INT_H */
toddouska 0:5045d2638c29 1141