This package includes the SharkSSL lite library and header files.
Dependents: WebSocket-Client-Example SharkMQ-LED-Demo
SharkSSL-Lite
Description: SharkSSL is an SSL v3.0 TLS v1.0/1.1/1.2 implementation of the TLS and SSL protocol standard. With its array of compile-time options and Raycrypto proprietary cryptographic algorithms, SharkSSL can be fine-tuned to a footprint that occupies less than 20 kB, while maintaining full x.509 authentication. The SharkSSL-Lite download includes a subset of SharkSSL and header files made for use in non-commercial and for evaluation purposes.
Features
- SSL|TLS v1.2
- Size: 21kB
- Encryption: Elliptic Curve Cryptography (ECC) | ChaCha20/Poly1305
- SharkSSL Online Documentation
- SMQ (Simple Message Queues) Client and SMQ Documentation
- Secure WebSocket Client
- Secure MQTT Client
Examples
- SharkMQ LED Demo: Secure control of LEDs on your mbed board using a browser.
- WebSocket Client: Connect to ELIZA the Psychotherapist
Limitations
SharkSSL-Lite includes a limited set of ciphers. To use SharkSSL-Lite, the peer side must support Elliptic Curve Cryptography (ECC) and you must use ECC certificates. The peer side must also support the new ChaCha20/Poly1305 cipher combination.
ChaCha20 and Poly1305 for TLS is published RFC 7905. The development of this new cipher was a response to many attacks discovered against other widely used TLS cipher suites. ChaCha20 is the cipher and Poly1305 is an authenticated encryption mode.
SharkSSL-Lite occupies less than 20kB, while maintaining full x.509 authentication. The ChaCha20/Poly1305 cipher software implementation is equally as fast as many hardware accelerated AES engines.
Creating ECC Certificates for SharkSSL-Lite
The following video shows how to create an Elliptic Curve Cryptography (ECC) certificate for a server, how to install the certificate in the server, and how to make the mbed clients connecting to the server trust this certificate. The server in this video is installed on a private/personal computer on a private network for test purposes. The video was produced for the embedded.com article How to run your own secure IoT cloud server.
inc/SharkSSL.h@1:d5e0e1dcf0d6, 2016-05-23 (annotated)
- Committer:
- wini
- Date:
- Mon May 23 13:56:30 2016 +0000
- Revision:
- 1:d5e0e1dcf0d6
- Parent:
- 0:e0adec41ad6b
Type conflict fix (U8-U32) for latest mbed release.
Who changed what in which revision?
User | Revision | Line number | New contents of line |
---|---|---|---|
wini | 0:e0adec41ad6b | 1 | /* |
wini | 0:e0adec41ad6b | 2 | * ____ _________ __ _ |
wini | 0:e0adec41ad6b | 3 | * / __ \___ ____ _/ /_ __(_)___ ___ ___ / / ____ ____ _(_)____ |
wini | 0:e0adec41ad6b | 4 | * / /_/ / _ \/ __ `/ / / / / / __ `__ \/ _ \/ / / __ \/ __ `/ / ___/ |
wini | 0:e0adec41ad6b | 5 | * / _, _/ __/ /_/ / / / / / / / / / / / __/ /___/ /_/ / /_/ / / /__ |
wini | 0:e0adec41ad6b | 6 | * /_/ |_|\___/\__,_/_/ /_/ /_/_/ /_/ /_/\___/_____/\____/\__, /_/\___/ |
wini | 0:e0adec41ad6b | 7 | * /____/ |
wini | 0:e0adec41ad6b | 8 | * |
wini | 0:e0adec41ad6b | 9 | * SharkSSL Embedded SSL/TLS Stack |
wini | 0:e0adec41ad6b | 10 | **************************************************************************** |
wini | 0:e0adec41ad6b | 11 | * PROGRAM MODULE |
wini | 0:e0adec41ad6b | 12 | * |
wini | 0:e0adec41ad6b | 13 | * $Id: SharkSSL.h 3863 2016-03-19 02:15:11Z wini $ |
wini | 0:e0adec41ad6b | 14 | * |
wini | 0:e0adec41ad6b | 15 | * COPYRIGHT: Real Time Logic LLC, 2010 - 2013 |
wini | 0:e0adec41ad6b | 16 | * |
wini | 0:e0adec41ad6b | 17 | * This software is copyrighted by and is the sole property of Real |
wini | 0:e0adec41ad6b | 18 | * Time Logic LLC. All rights, title, ownership, or other interests in |
wini | 0:e0adec41ad6b | 19 | * the software remain the property of Real Time Logic LLC. This |
wini | 0:e0adec41ad6b | 20 | * software may only be used in accordance with the terms and |
wini | 0:e0adec41ad6b | 21 | * conditions stipulated in the corresponding license agreement under |
wini | 0:e0adec41ad6b | 22 | * which the software has been supplied. Any unauthorized use, |
wini | 0:e0adec41ad6b | 23 | * duplication, transmission, distribution, or disclosure of this |
wini | 0:e0adec41ad6b | 24 | * software is expressly forbidden. |
wini | 0:e0adec41ad6b | 25 | * |
wini | 0:e0adec41ad6b | 26 | * This Copyright notice may not be removed or modified without prior |
wini | 0:e0adec41ad6b | 27 | * written consent of Real Time Logic LLC. |
wini | 0:e0adec41ad6b | 28 | * |
wini | 0:e0adec41ad6b | 29 | * Real Time Logic LLC. reserves the right to modify this software |
wini | 0:e0adec41ad6b | 30 | * without notice. |
wini | 0:e0adec41ad6b | 31 | * |
wini | 0:e0adec41ad6b | 32 | * http://www.realtimelogic.com |
wini | 0:e0adec41ad6b | 33 | * http://www.sharkssl.com |
wini | 0:e0adec41ad6b | 34 | **************************************************************************** |
wini | 0:e0adec41ad6b | 35 | * |
wini | 0:e0adec41ad6b | 36 | */ |
wini | 0:e0adec41ad6b | 37 | #ifndef _SharkSsl_h |
wini | 0:e0adec41ad6b | 38 | #define _SharkSsl_h |
wini | 0:e0adec41ad6b | 39 | |
wini | 0:e0adec41ad6b | 40 | #include "TargConfig.h" /* platform dependencies */ |
wini | 0:e0adec41ad6b | 41 | #include "SharkSSL_cfg.h" /* SharkSSL configuration */ |
wini | 0:e0adec41ad6b | 42 | #ifdef __cplusplus |
wini | 0:e0adec41ad6b | 43 | #include <stddef.h> /* size_t for new, delete */ |
wini | 0:e0adec41ad6b | 44 | #endif |
wini | 0:e0adec41ad6b | 45 | |
wini | 0:e0adec41ad6b | 46 | #ifndef SHARKSSL_API |
wini | 0:e0adec41ad6b | 47 | #define SHARKSSL_API |
wini | 0:e0adec41ad6b | 48 | #else /* Barracuda */ |
wini | 0:e0adec41ad6b | 49 | #define SHARKSSL_BA 1 |
wini | 0:e0adec41ad6b | 50 | #include <ThreadLib.h> |
wini | 0:e0adec41ad6b | 51 | #include <BaServerLib.h> |
wini | 0:e0adec41ad6b | 52 | #endif |
wini | 0:e0adec41ad6b | 53 | |
wini | 0:e0adec41ad6b | 54 | #include "SharkSslCrypto.h" /* Crypto API */ |
wini | 0:e0adec41ad6b | 55 | |
wini | 0:e0adec41ad6b | 56 | /** \defgroup ECDSA ECDSA sign/verify functions |
wini | 0:e0adec41ad6b | 57 | \ingroup RayCryptoApi |
wini | 0:e0adec41ad6b | 58 | |
wini | 0:e0adec41ad6b | 59 | See [Signing and Verifying Binaries](@ref signing) for an example |
wini | 0:e0adec41ad6b | 60 | of how to use the ECDSA ECDSA sign/verify functions. |
wini | 0:e0adec41ad6b | 61 | |
wini | 0:e0adec41ad6b | 62 | */ |
wini | 0:e0adec41ad6b | 63 | |
wini | 0:e0adec41ad6b | 64 | |
wini | 0:e0adec41ad6b | 65 | |
wini | 0:e0adec41ad6b | 66 | |
wini | 0:e0adec41ad6b | 67 | /** \addtogroup SharkSslAlert |
wini | 0:e0adec41ad6b | 68 | @{ |
wini | 0:e0adec41ad6b | 69 | |
wini | 0:e0adec41ad6b | 70 | Alert messages are generated by SharkSSL or the peer side on errors. |
wini | 0:e0adec41ad6b | 71 | |
wini | 0:e0adec41ad6b | 72 | Alert messages are one of: fatal or warning. A fatal error means that |
wini | 0:e0adec41ad6b | 73 | the connection must be closed. |
wini | 0:e0adec41ad6b | 74 | */ |
wini | 0:e0adec41ad6b | 75 | |
wini | 0:e0adec41ad6b | 76 | /** SSL/TLS warning message */ |
wini | 0:e0adec41ad6b | 77 | #define SHARKSSL_ALERT_LEVEL_WARNING 1 |
wini | 0:e0adec41ad6b | 78 | |
wini | 0:e0adec41ad6b | 79 | /** Fatal error message. Connection must be closed. */ |
wini | 0:e0adec41ad6b | 80 | #define SHARKSSL_ALERT_LEVEL_FATAL 2 |
wini | 0:e0adec41ad6b | 81 | |
wini | 0:e0adec41ad6b | 82 | /** \defgroup SharkSslAlertMsg SSL/TLS Alert Messages |
wini | 0:e0adec41ad6b | 83 | \ingroup SharkSslAlert |
wini | 0:e0adec41ad6b | 84 | @{ |
wini | 0:e0adec41ad6b | 85 | |
wini | 0:e0adec41ad6b | 86 | \brief Alert messages returned by function #SharkSslCon_getAlertDescription |
wini | 0:e0adec41ad6b | 87 | |
wini | 0:e0adec41ad6b | 88 | Alert messages are generated by SharkSSL when processing the incoming |
wini | 0:e0adec41ad6b | 89 | data fails. Alert messages can also be received from the peer side, |
wini | 0:e0adec41ad6b | 90 | when the peer fails to process the data. |
wini | 0:e0adec41ad6b | 91 | */ |
wini | 0:e0adec41ad6b | 92 | |
wini | 0:e0adec41ad6b | 93 | /** SHARKSSL_ALERT_CLOSE_NOTIFY */ |
wini | 0:e0adec41ad6b | 94 | #define SHARKSSL_ALERT_CLOSE_NOTIFY 0 |
wini | 0:e0adec41ad6b | 95 | /** SHARKSSL_ALERT_UNEXPECTED_MESSAGE */ |
wini | 0:e0adec41ad6b | 96 | #define SHARKSSL_ALERT_UNEXPECTED_MESSAGE 10 |
wini | 0:e0adec41ad6b | 97 | /** SHARKSSL_ALERT_BAD_RECORD_MAC */ |
wini | 0:e0adec41ad6b | 98 | #define SHARKSSL_ALERT_BAD_RECORD_MAC 20 |
wini | 0:e0adec41ad6b | 99 | /** SHARKSSL_ALERT_DECRYPTION_FAILED */ |
wini | 0:e0adec41ad6b | 100 | #define SHARKSSL_ALERT_DECRYPTION_FAILED 21 |
wini | 0:e0adec41ad6b | 101 | /** SHARKSSL_ALERT_RECORD_OVERFLOW */ |
wini | 0:e0adec41ad6b | 102 | #define SHARKSSL_ALERT_RECORD_OVERFLOW 22 |
wini | 0:e0adec41ad6b | 103 | /** SHARKSSL_ALERT_DECOMPRESSION_FAILURE */ |
wini | 0:e0adec41ad6b | 104 | #define SHARKSSL_ALERT_DECOMPRESSION_FAILURE 30 |
wini | 0:e0adec41ad6b | 105 | /** SHARKSSL_ALERT_HANDSHAKE_FAILURE */ |
wini | 0:e0adec41ad6b | 106 | #define SHARKSSL_ALERT_HANDSHAKE_FAILURE 40 |
wini | 0:e0adec41ad6b | 107 | /** SHARKSSL_ALERT_NO_CERTIFICATE */ |
wini | 0:e0adec41ad6b | 108 | #define SHARKSSL_ALERT_NO_CERTIFICATE 41 /* SSL 3.0 only */ |
wini | 0:e0adec41ad6b | 109 | /** SHARKSSL_ALERT_BAD_CERTIFICATE */ |
wini | 0:e0adec41ad6b | 110 | #define SHARKSSL_ALERT_BAD_CERTIFICATE 42 |
wini | 0:e0adec41ad6b | 111 | /** SHARKSSL_ALERT_UNSUPPORTED_CERTIFICATE */ |
wini | 0:e0adec41ad6b | 112 | #define SHARKSSL_ALERT_UNSUPPORTED_CERTIFICATE 43 |
wini | 0:e0adec41ad6b | 113 | /** SHARKSSL_ALERT_CERTIFICATE_REVOKED */ |
wini | 0:e0adec41ad6b | 114 | #define SHARKSSL_ALERT_CERTIFICATE_REVOKED 44 |
wini | 0:e0adec41ad6b | 115 | /** SHARKSSL_ALERT_CERTIFICATE_EXPIRED */ |
wini | 0:e0adec41ad6b | 116 | #define SHARKSSL_ALERT_CERTIFICATE_EXPIRED 45 |
wini | 0:e0adec41ad6b | 117 | /** SHARKSSL_ALERT_CERTIFICATE_UNKNOWN */ |
wini | 0:e0adec41ad6b | 118 | #define SHARKSSL_ALERT_CERTIFICATE_UNKNOWN 46 |
wini | 0:e0adec41ad6b | 119 | /** SHARKSSL_ALERT_ILLEGAL_PARAMETER */ |
wini | 0:e0adec41ad6b | 120 | #define SHARKSSL_ALERT_ILLEGAL_PARAMETER 47 |
wini | 0:e0adec41ad6b | 121 | /** SHARKSSL_ALERT_UNKNOWN_CA */ |
wini | 0:e0adec41ad6b | 122 | #define SHARKSSL_ALERT_UNKNOWN_CA 48 |
wini | 0:e0adec41ad6b | 123 | /** SHARKSSL_ALERT_ACCESS_DENIED */ |
wini | 0:e0adec41ad6b | 124 | #define SHARKSSL_ALERT_ACCESS_DENIED 49 |
wini | 0:e0adec41ad6b | 125 | /** SHARKSSL_ALERT_DECODE_ERROR */ |
wini | 0:e0adec41ad6b | 126 | #define SHARKSSL_ALERT_DECODE_ERROR 50 |
wini | 0:e0adec41ad6b | 127 | /** SHARKSSL_ALERT_DECRYPT_ERROR */ |
wini | 0:e0adec41ad6b | 128 | #define SHARKSSL_ALERT_DECRYPT_ERROR 51 |
wini | 0:e0adec41ad6b | 129 | /** SHARKSSL_ALERT_EXPORT_RESTRICTION */ |
wini | 0:e0adec41ad6b | 130 | #define SHARKSSL_ALERT_EXPORT_RESTRICTION 60 |
wini | 0:e0adec41ad6b | 131 | /** SHARKSSL_ALERT_PROTOCOL_VERSION */ |
wini | 0:e0adec41ad6b | 132 | #define SHARKSSL_ALERT_PROTOCOL_VERSION 70 |
wini | 0:e0adec41ad6b | 133 | /** SHARKSSL_ALERT_INSUFFICIENT_SECURITY */ |
wini | 0:e0adec41ad6b | 134 | #define SHARKSSL_ALERT_INSUFFICIENT_SECURITY 71 |
wini | 0:e0adec41ad6b | 135 | /** SHARKSSL_ALERT_INTERNAL_ERROR */ |
wini | 0:e0adec41ad6b | 136 | #define SHARKSSL_ALERT_INTERNAL_ERROR 80 |
wini | 0:e0adec41ad6b | 137 | /** SHARKSSL_ALERT_USER_CANCELED */ |
wini | 0:e0adec41ad6b | 138 | #define SHARKSSL_ALERT_USER_CANCELED 90 |
wini | 0:e0adec41ad6b | 139 | /** SHARKSSL_ALERT_NO_RENEGOTIATION */ |
wini | 0:e0adec41ad6b | 140 | #define SHARKSSL_ALERT_NO_RENEGOTIATION 100 |
wini | 0:e0adec41ad6b | 141 | /** SHARKSSL_ALERT_UNKNOWN_PSK_IDENTITY */ |
wini | 0:e0adec41ad6b | 142 | #define SHARKSSL_ALERT_UNKNOWN_PSK_IDENTITY 115 |
wini | 0:e0adec41ad6b | 143 | |
wini | 0:e0adec41ad6b | 144 | /** @} */ /* end group SharkSslAlertMsg */ |
wini | 0:e0adec41ad6b | 145 | /** @} */ /* end group SharkSslAlert */ |
wini | 0:e0adec41ad6b | 146 | |
wini | 0:e0adec41ad6b | 147 | |
wini | 0:e0adec41ad6b | 148 | /** \defgroup SharkSslCiphers Supported Ciphersuites |
wini | 0:e0adec41ad6b | 149 | \ingroup SharkSslInfoAndCodes |
wini | 0:e0adec41ad6b | 150 | @{ |
wini | 0:e0adec41ad6b | 151 | |
wini | 0:e0adec41ad6b | 152 | \brief Supported Ciphersuites and values returned by |
wini | 0:e0adec41ad6b | 153 | SharkSslCon_getCiphersuite. |
wini | 0:e0adec41ad6b | 154 | */ |
wini | 0:e0adec41ad6b | 155 | |
wini | 0:e0adec41ad6b | 156 | /** TLS_NULL_WITH_NULL_NULL */ |
wini | 0:e0adec41ad6b | 157 | #define TLS_NULL_WITH_NULL_NULL 0x0000 |
wini | 0:e0adec41ad6b | 158 | /** TLS_RSA_WITH_NULL_MD5 */ |
wini | 0:e0adec41ad6b | 159 | #define TLS_RSA_WITH_NULL_MD5 0x0001 |
wini | 0:e0adec41ad6b | 160 | /** TLS_RSA_WITH_NULL_SHA */ |
wini | 0:e0adec41ad6b | 161 | #define TLS_RSA_WITH_NULL_SHA 0x0002 |
wini | 0:e0adec41ad6b | 162 | /** TLS_RSA_WITH_RC4_128_MD5 */ |
wini | 0:e0adec41ad6b | 163 | #define TLS_RSA_WITH_RC4_128_MD5 0x0004 |
wini | 0:e0adec41ad6b | 164 | /** TLS_RSA_WITH_RC4_128_SHA */ |
wini | 0:e0adec41ad6b | 165 | #define TLS_RSA_WITH_RC4_128_SHA 0x0005 |
wini | 0:e0adec41ad6b | 166 | /** TLS_RSA_WITH_DES_CBC_SHA */ |
wini | 0:e0adec41ad6b | 167 | #define TLS_RSA_WITH_DES_CBC_SHA 0x0009 |
wini | 0:e0adec41ad6b | 168 | /** TLS_RSA_WITH_3DES_EDE_CBC_SHA */ |
wini | 0:e0adec41ad6b | 169 | #define TLS_RSA_WITH_3DES_EDE_CBC_SHA 0x000A |
wini | 0:e0adec41ad6b | 170 | /** TLS_DHE_RSA_WITH_DES_CBC_SHA */ |
wini | 0:e0adec41ad6b | 171 | #define TLS_DHE_RSA_WITH_DES_CBC_SHA 0x0015 |
wini | 0:e0adec41ad6b | 172 | /** TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA */ |
wini | 0:e0adec41ad6b | 173 | #define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 0x0016 |
wini | 0:e0adec41ad6b | 174 | /** TLS_RSA_WITH_AES_128_CBC_SHA */ |
wini | 0:e0adec41ad6b | 175 | #define TLS_RSA_WITH_AES_128_CBC_SHA 0x002F |
wini | 0:e0adec41ad6b | 176 | /** TLS_DHE_RSA_WITH_AES_128_CBC_SHA */ |
wini | 0:e0adec41ad6b | 177 | #define TLS_DHE_RSA_WITH_AES_128_CBC_SHA 0x0033 |
wini | 0:e0adec41ad6b | 178 | /** TLS_RSA_WITH_AES_256_CBC_SHA */ |
wini | 0:e0adec41ad6b | 179 | #define TLS_RSA_WITH_AES_256_CBC_SHA 0x0035 |
wini | 0:e0adec41ad6b | 180 | /** TLS_DHE_RSA_WITH_AES_256_CBC_SHA */ |
wini | 0:e0adec41ad6b | 181 | #define TLS_DHE_RSA_WITH_AES_256_CBC_SHA 0x0039 |
wini | 0:e0adec41ad6b | 182 | /** TLS_RSA_WITH_NULL_SHA256 */ |
wini | 0:e0adec41ad6b | 183 | #define TLS_RSA_WITH_NULL_SHA256 0x003B |
wini | 0:e0adec41ad6b | 184 | /** TLS_RSA_WITH_AES_128_CBC_SHA256 */ |
wini | 0:e0adec41ad6b | 185 | #define TLS_RSA_WITH_AES_128_CBC_SHA256 0x003C |
wini | 0:e0adec41ad6b | 186 | /** TLS_RSA_WITH_AES_256_CBC_SHA256 */ |
wini | 0:e0adec41ad6b | 187 | #define TLS_RSA_WITH_AES_256_CBC_SHA256 0x003D |
wini | 0:e0adec41ad6b | 188 | /** TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 */ |
wini | 0:e0adec41ad6b | 189 | #define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 0x0067 |
wini | 0:e0adec41ad6b | 190 | /** TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 */ |
wini | 0:e0adec41ad6b | 191 | #define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 0x006B |
wini | 0:e0adec41ad6b | 192 | /** TLS_PSK_WITH_RC4_128_SHA */ |
wini | 0:e0adec41ad6b | 193 | #define TLS_PSK_WITH_RC4_128_SHA 0x008A |
wini | 0:e0adec41ad6b | 194 | /** TLS_PSK_WITH_3DES_EDE_CBC_SHA */ |
wini | 0:e0adec41ad6b | 195 | #define TLS_PSK_WITH_3DES_EDE_CBC_SHA 0x008B |
wini | 0:e0adec41ad6b | 196 | /** TLS_PSK_WITH_AES_128_CBC_SHA */ |
wini | 0:e0adec41ad6b | 197 | #define TLS_PSK_WITH_AES_128_CBC_SHA 0x008C |
wini | 0:e0adec41ad6b | 198 | /** TLS_PSK_WITH_AES_256_CBC_SHA */ |
wini | 0:e0adec41ad6b | 199 | #define TLS_PSK_WITH_AES_256_CBC_SHA 0x008D |
wini | 0:e0adec41ad6b | 200 | /** TLS_RSA_WITH_AES_128_GCM_SHA256 */ |
wini | 0:e0adec41ad6b | 201 | #define TLS_RSA_WITH_AES_128_GCM_SHA256 0x009C |
wini | 0:e0adec41ad6b | 202 | /** TLS_RSA_WITH_AES_256_GCM_SHA384 */ |
wini | 0:e0adec41ad6b | 203 | #define TLS_RSA_WITH_AES_256_GCM_SHA384 0x009D |
wini | 0:e0adec41ad6b | 204 | /** TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 */ |
wini | 0:e0adec41ad6b | 205 | #define TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 0x009E |
wini | 0:e0adec41ad6b | 206 | /** TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 */ |
wini | 0:e0adec41ad6b | 207 | #define TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 0x009F |
wini | 0:e0adec41ad6b | 208 | /** TLS_PSK_WITH_AES_128_GCM_SHA256 */ |
wini | 0:e0adec41ad6b | 209 | #define TLS_PSK_WITH_AES_128_GCM_SHA256 0x00A8 |
wini | 0:e0adec41ad6b | 210 | /** TLS_PSK_WITH_AES_256_GCM_SHA384 */ |
wini | 0:e0adec41ad6b | 211 | #define TLS_PSK_WITH_AES_256_GCM_SHA384 0x00A9 |
wini | 0:e0adec41ad6b | 212 | /** TLS_PSK_WITH_AES_128_CBC_SHA256 */ |
wini | 0:e0adec41ad6b | 213 | #define TLS_PSK_WITH_AES_128_CBC_SHA256 0x00AE |
wini | 0:e0adec41ad6b | 214 | /** TLS_PSK_WITH_AES_256_CBC_SHA384 */ |
wini | 0:e0adec41ad6b | 215 | #define TLS_PSK_WITH_AES_256_CBC_SHA384 0x00AF |
wini | 0:e0adec41ad6b | 216 | /** TLS_ECDH_ECDSA_WITH_NULL_SHA */ |
wini | 0:e0adec41ad6b | 217 | #define TLS_ECDH_ECDSA_WITH_NULL_SHA 0xC001 |
wini | 0:e0adec41ad6b | 218 | /** TLS_ECDH_ECDSA_WITH_RC4_128_SHA */ |
wini | 0:e0adec41ad6b | 219 | #define TLS_ECDH_ECDSA_WITH_RC4_128_SHA 0xC002 |
wini | 0:e0adec41ad6b | 220 | /** TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA */ |
wini | 0:e0adec41ad6b | 221 | #define TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 0xC003 |
wini | 0:e0adec41ad6b | 222 | /** TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA */ |
wini | 0:e0adec41ad6b | 223 | #define TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0xC004 |
wini | 0:e0adec41ad6b | 224 | /** TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA */ |
wini | 0:e0adec41ad6b | 225 | #define TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0xC005 |
wini | 0:e0adec41ad6b | 226 | /** TLS_ECDHE_ECDSA_WITH_NULL_SHA */ |
wini | 0:e0adec41ad6b | 227 | #define TLS_ECDHE_ECDSA_WITH_NULL_SHA 0xC006 |
wini | 0:e0adec41ad6b | 228 | /** TLS_ECDHE_ECDSA_WITH_RC4_128_SHA */ |
wini | 0:e0adec41ad6b | 229 | #define TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 0xC007 |
wini | 0:e0adec41ad6b | 230 | /** TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA */ |
wini | 0:e0adec41ad6b | 231 | #define TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 0xC008 |
wini | 0:e0adec41ad6b | 232 | /** TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA */ |
wini | 0:e0adec41ad6b | 233 | #define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0xC009 |
wini | 0:e0adec41ad6b | 234 | /** TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA */ |
wini | 0:e0adec41ad6b | 235 | #define TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0xC00A |
wini | 0:e0adec41ad6b | 236 | /** TLS_ECDH_RSA_WITH_NULL_SHA */ |
wini | 0:e0adec41ad6b | 237 | #define TLS_ECDH_RSA_WITH_NULL_SHA 0xC00B |
wini | 0:e0adec41ad6b | 238 | /** TLS_ECDH_RSA_WITH_RC4_128_SHA */ |
wini | 0:e0adec41ad6b | 239 | #define TLS_ECDH_RSA_WITH_RC4_128_SHA 0xC00C |
wini | 0:e0adec41ad6b | 240 | /** TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA */ |
wini | 0:e0adec41ad6b | 241 | #define TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 0xC00D |
wini | 0:e0adec41ad6b | 242 | /** TLS_ECDH_RSA_WITH_AES_128_CBC_SHA */ |
wini | 0:e0adec41ad6b | 243 | #define TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 0xC00E |
wini | 0:e0adec41ad6b | 244 | /** TLS_ECDH_RSA_WITH_AES_256_CBC_SHA */ |
wini | 0:e0adec41ad6b | 245 | #define TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 0xC00F |
wini | 0:e0adec41ad6b | 246 | /** TLS_ECDHE_RSA_WITH_NULL_SHA */ |
wini | 0:e0adec41ad6b | 247 | #define TLS_ECDHE_RSA_WITH_NULL_SHA 0xC010 |
wini | 0:e0adec41ad6b | 248 | /** TLS_ECDHE_RSA_WITH_RC4_128_SHA */ |
wini | 0:e0adec41ad6b | 249 | #define TLS_ECDHE_RSA_WITH_RC4_128_SHA 0xC011 |
wini | 0:e0adec41ad6b | 250 | /** TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA */ |
wini | 0:e0adec41ad6b | 251 | #define TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 0xC012 |
wini | 0:e0adec41ad6b | 252 | /** TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA */ |
wini | 0:e0adec41ad6b | 253 | #define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 0xC013 |
wini | 0:e0adec41ad6b | 254 | /** TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA */ |
wini | 0:e0adec41ad6b | 255 | #define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 0xC014 |
wini | 0:e0adec41ad6b | 256 | /** TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 */ |
wini | 0:e0adec41ad6b | 257 | #define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 0xC023 |
wini | 0:e0adec41ad6b | 258 | /** TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 */ |
wini | 0:e0adec41ad6b | 259 | #define TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 0xC024 |
wini | 0:e0adec41ad6b | 260 | /** TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 */ |
wini | 0:e0adec41ad6b | 261 | #define TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 0xC025 |
wini | 0:e0adec41ad6b | 262 | /** TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 */ |
wini | 0:e0adec41ad6b | 263 | #define TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 0xC026 |
wini | 0:e0adec41ad6b | 264 | /** TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 */ |
wini | 0:e0adec41ad6b | 265 | #define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 0xC027 |
wini | 0:e0adec41ad6b | 266 | /** TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 */ |
wini | 0:e0adec41ad6b | 267 | #define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 0xC028 |
wini | 0:e0adec41ad6b | 268 | /** TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 */ |
wini | 0:e0adec41ad6b | 269 | #define TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 0xC029 |
wini | 0:e0adec41ad6b | 270 | /** TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 */ |
wini | 0:e0adec41ad6b | 271 | #define TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 0xC02A |
wini | 0:e0adec41ad6b | 272 | /** TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 */ |
wini | 0:e0adec41ad6b | 273 | #define TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC02B |
wini | 0:e0adec41ad6b | 274 | /** TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 */ |
wini | 0:e0adec41ad6b | 275 | #define TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0xC02C |
wini | 0:e0adec41ad6b | 276 | /** TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 */ |
wini | 0:e0adec41ad6b | 277 | #define TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0xC02D |
wini | 0:e0adec41ad6b | 278 | /** TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 */ |
wini | 0:e0adec41ad6b | 279 | #define TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 0xC02E |
wini | 0:e0adec41ad6b | 280 | /** TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 */ |
wini | 0:e0adec41ad6b | 281 | #define TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xC02F |
wini | 0:e0adec41ad6b | 282 | /** TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 */ |
wini | 0:e0adec41ad6b | 283 | #define TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0xC030 |
wini | 0:e0adec41ad6b | 284 | /** TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 */ |
wini | 0:e0adec41ad6b | 285 | #define TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 0xC031 |
wini | 0:e0adec41ad6b | 286 | /** TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 */ |
wini | 0:e0adec41ad6b | 287 | #define TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 0xC032 |
wini | 0:e0adec41ad6b | 288 | /** TLS_RSA_WITH_AES_128_CCM */ |
wini | 0:e0adec41ad6b | 289 | #define TLS_RSA_WITH_AES_128_CCM 0xC09C |
wini | 0:e0adec41ad6b | 290 | /** TLS_RSA_WITH_AES_256_CCM */ |
wini | 0:e0adec41ad6b | 291 | #define TLS_RSA_WITH_AES_256_CCM 0xC09D |
wini | 0:e0adec41ad6b | 292 | /** TLS_DHE_RSA_WITH_AES_128_CCM */ |
wini | 0:e0adec41ad6b | 293 | #define TLS_DHE_RSA_WITH_AES_128_CCM 0xC09E |
wini | 0:e0adec41ad6b | 294 | /** TLS_DHE_RSA_WITH_AES_256_CCM */ |
wini | 0:e0adec41ad6b | 295 | #define TLS_DHE_RSA_WITH_AES_256_CCM 0xC09F |
wini | 0:e0adec41ad6b | 296 | /** TLS_RSA_WITH_AES_128_CCM_8 */ |
wini | 0:e0adec41ad6b | 297 | #define TLS_RSA_WITH_AES_128_CCM_8 0xC0A0 |
wini | 0:e0adec41ad6b | 298 | /** TLS_RSA_WITH_AES_256_CCM_8 */ |
wini | 0:e0adec41ad6b | 299 | #define TLS_RSA_WITH_AES_256_CCM_8 0xC0A1 |
wini | 0:e0adec41ad6b | 300 | /** TLS_DHE_RSA_WITH_AES_128_CCM_8 */ |
wini | 0:e0adec41ad6b | 301 | #define TLS_DHE_RSA_WITH_AES_128_CCM_8 0xC0A2 |
wini | 0:e0adec41ad6b | 302 | /** TLS_DHE_RSA_WITH_AES_256_CCM_8 */ |
wini | 0:e0adec41ad6b | 303 | #define TLS_DHE_RSA_WITH_AES_256_CCM_8 0xC0A3 |
wini | 0:e0adec41ad6b | 304 | /** TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 */ |
wini | 0:e0adec41ad6b | 305 | #define TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xCC13 |
wini | 0:e0adec41ad6b | 306 | /** TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 */ |
wini | 0:e0adec41ad6b | 307 | #define TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 0xCC14 |
wini | 0:e0adec41ad6b | 308 | /** TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 */ |
wini | 0:e0adec41ad6b | 309 | #define TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xCC15 |
wini | 0:e0adec41ad6b | 310 | |
wini | 0:e0adec41ad6b | 311 | /** @} */ /* end group SharkSslCiphers */ |
wini | 0:e0adec41ad6b | 312 | |
wini | 0:e0adec41ad6b | 313 | |
wini | 0:e0adec41ad6b | 314 | /** \defgroup SharkSslProtocol SSL and TLS protocol version |
wini | 0:e0adec41ad6b | 315 | \ingroup SharkSslInfoAndCodes |
wini | 0:e0adec41ad6b | 316 | @{ |
wini | 0:e0adec41ad6b | 317 | \brief Return values from function #SharkSslCon_getProtocol. |
wini | 0:e0adec41ad6b | 318 | */ |
wini | 0:e0adec41ad6b | 319 | |
wini | 0:e0adec41ad6b | 320 | /** SHARKSSL_PROTOCOL_UNKNOWN */ |
wini | 0:e0adec41ad6b | 321 | #define SHARKSSL_PROTOCOL_UNKNOWN 0x00 |
wini | 0:e0adec41ad6b | 322 | /** SHARKSSL_PROTOCOL_SSL_3_0 */ |
wini | 0:e0adec41ad6b | 323 | #define SHARKSSL_PROTOCOL_SSL_3_0 0x30 |
wini | 0:e0adec41ad6b | 324 | /** SHARKSSL_PROTOCOL_TLS_1_0 */ |
wini | 0:e0adec41ad6b | 325 | #define SHARKSSL_PROTOCOL_TLS_1_0 0x31 |
wini | 0:e0adec41ad6b | 326 | /** SHARKSSL_PROTOCOL_TLS_1_1 */ |
wini | 0:e0adec41ad6b | 327 | #define SHARKSSL_PROTOCOL_TLS_1_1 0x32 |
wini | 0:e0adec41ad6b | 328 | /** SHARKSSL_PROTOCOL_TLS_1_2 */ |
wini | 0:e0adec41ad6b | 329 | #define SHARKSSL_PROTOCOL_TLS_1_2 0x33 |
wini | 0:e0adec41ad6b | 330 | |
wini | 0:e0adec41ad6b | 331 | /** @} */ /* end group SharkSslProtocol */ |
wini | 0:e0adec41ad6b | 332 | |
wini | 0:e0adec41ad6b | 333 | |
wini | 0:e0adec41ad6b | 334 | #if (SHARKSSL_ENABLE_RSA || SHARKSSL_ENABLE_ECDSA) |
wini | 0:e0adec41ad6b | 335 | #ifndef BA_API /* standalone SharkSSL */ |
wini | 0:e0adec41ad6b | 336 | #define BA_API SHARKSSL_API |
wini | 0:e0adec41ad6b | 337 | #ifdef _SHARKSSL_C_ |
wini | 0:e0adec41ad6b | 338 | #define SingleListCode 1 |
wini | 0:e0adec41ad6b | 339 | #endif |
wini | 0:e0adec41ad6b | 340 | #endif |
wini | 0:e0adec41ad6b | 341 | #include "SingleList.h" |
wini | 0:e0adec41ad6b | 342 | #endif |
wini | 0:e0adec41ad6b | 343 | |
wini | 0:e0adec41ad6b | 344 | |
wini | 0:e0adec41ad6b | 345 | #if SHARKSSL_ENABLE_SESSION_CACHE || SHARKSSL_NOPACK |
wini | 0:e0adec41ad6b | 346 | |
wini | 0:e0adec41ad6b | 347 | /** @addtogroup SharkSslSessionApi |
wini | 0:e0adec41ad6b | 348 | @{ |
wini | 0:e0adec41ad6b | 349 | */ |
wini | 0:e0adec41ad6b | 350 | |
wini | 0:e0adec41ad6b | 351 | /** SharkSslSession is an opaque handle returned by function |
wini | 0:e0adec41ad6b | 352 | #SharkSslCon_acquireSession. |
wini | 0:e0adec41ad6b | 353 | */ |
wini | 0:e0adec41ad6b | 354 | typedef struct SharkSslSession SharkSslSession; |
wini | 0:e0adec41ad6b | 355 | |
wini | 0:e0adec41ad6b | 356 | /** @} */ /* end group SharkSslSessionApi */ |
wini | 0:e0adec41ad6b | 357 | |
wini | 0:e0adec41ad6b | 358 | #ifndef _DOXYGEN |
wini | 0:e0adec41ad6b | 359 | typedef struct SharkSslSessionCache |
wini | 0:e0adec41ad6b | 360 | { |
wini | 0:e0adec41ad6b | 361 | SharkSslSession *cache; |
wini | 0:e0adec41ad6b | 362 | ThreadMutexBase cacheMutex; |
wini | 0:e0adec41ad6b | 363 | U16 cacheSize; |
wini | 0:e0adec41ad6b | 364 | } SharkSslSessionCache; |
wini | 0:e0adec41ad6b | 365 | #endif |
wini | 0:e0adec41ad6b | 366 | #endif |
wini | 0:e0adec41ad6b | 367 | |
wini | 0:e0adec41ad6b | 368 | |
wini | 0:e0adec41ad6b | 369 | /** \addtogroup SharkSslInfoAndCodes |
wini | 0:e0adec41ad6b | 370 | @{ |
wini | 0:e0adec41ad6b | 371 | */ |
wini | 0:e0adec41ad6b | 372 | |
wini | 0:e0adec41ad6b | 373 | /** Select one of client or server mode when creating a #SharkSsl |
wini | 0:e0adec41ad6b | 374 | object. |
wini | 0:e0adec41ad6b | 375 | |
wini | 0:e0adec41ad6b | 376 | __Note:__ A SharkSsl instance in server mode requires that you |
wini | 0:e0adec41ad6b | 377 | install at a minimum one certificate by calling function |
wini | 0:e0adec41ad6b | 378 | #SharkSsl_addCertificate. |
wini | 0:e0adec41ad6b | 379 | */ |
wini | 0:e0adec41ad6b | 380 | typedef enum |
wini | 0:e0adec41ad6b | 381 | { |
wini | 0:e0adec41ad6b | 382 | SharkSsl_Unspecified, /*!< Invalid value */ |
wini | 0:e0adec41ad6b | 383 | SharkSsl_Server, /*!< Select SSL server mode */ |
wini | 0:e0adec41ad6b | 384 | SharkSsl_Client /*!< Select SSL client mode */ |
wini | 0:e0adec41ad6b | 385 | } SharkSsl_Role; |
wini | 0:e0adec41ad6b | 386 | |
wini | 0:e0adec41ad6b | 387 | /** @} */ /* end group SharkSslInfoAndCodes */ |
wini | 0:e0adec41ad6b | 388 | |
wini | 0:e0adec41ad6b | 389 | |
wini | 0:e0adec41ad6b | 390 | #if (SHARKSSL_ENABLE_RSA || SHARKSSL_ENABLE_ECDSA) |
wini | 0:e0adec41ad6b | 391 | /** \addtogroup SharkSslInfoAndCodes |
wini | 0:e0adec41ad6b | 392 | @{ |
wini | 0:e0adec41ad6b | 393 | */ |
wini | 0:e0adec41ad6b | 394 | |
wini | 0:e0adec41ad6b | 395 | /** The SharkSSL Certificate is in a binary format optimized for speed |
wini | 0:e0adec41ad6b | 396 | and size. The certificate can be created by calling #sharkssl_PEM |
wini | 0:e0adec41ad6b | 397 | or by using the command line tool |
wini | 0:e0adec41ad6b | 398 | [SharkSslParseCert](\ref SharkSslParseCert) |
wini | 0:e0adec41ad6b | 399 | */ |
wini | 0:e0adec41ad6b | 400 | typedef const U8 *SharkSslCert; |
wini | 0:e0adec41ad6b | 401 | |
wini | 0:e0adec41ad6b | 402 | #if SHARKSSL_ENABLE_CA_LIST |
wini | 0:e0adec41ad6b | 403 | /** The SharkSSL Certificate Authority (CA) List is in a binary format |
wini | 0:e0adec41ad6b | 404 | optimized for speed and size. The list can be created by calling |
wini | 0:e0adec41ad6b | 405 | #SharkSslCertStore_assemble or by using the command line tool |
wini | 0:e0adec41ad6b | 406 | [SharkSSLParseCAList](\ref SharkSSLParseCAList). |
wini | 0:e0adec41ad6b | 407 | */ |
wini | 0:e0adec41ad6b | 408 | typedef const U8 *SharkSslCAList; |
wini | 0:e0adec41ad6b | 409 | #endif |
wini | 0:e0adec41ad6b | 410 | |
wini | 0:e0adec41ad6b | 411 | /** @} */ /* end group SharkSslInfoAndCodes */ |
wini | 0:e0adec41ad6b | 412 | #endif |
wini | 0:e0adec41ad6b | 413 | |
wini | 0:e0adec41ad6b | 414 | #if SHARKSSL_ENABLE_PSK || SHARKSSL_NOPACK |
wini | 0:e0adec41ad6b | 415 | /** \addtogroup SharkSslInfoAndCodes |
wini | 0:e0adec41ad6b | 416 | @{ |
wini | 0:e0adec41ad6b | 417 | */ |
wini | 0:e0adec41ad6b | 418 | |
wini | 0:e0adec41ad6b | 419 | /** The SharkSSL PSK table is in an optimized binary format. |
wini | 0:e0adec41ad6b | 420 | The table can be created by using the command line tool |
wini | 0:e0adec41ad6b | 421 | [SharkSslParsePSKTable](\ref SharkSSLParsePSKTable). |
wini | 0:e0adec41ad6b | 422 | */ |
wini | 0:e0adec41ad6b | 423 | typedef const U8 *SharkSslPSKTable; |
wini | 0:e0adec41ad6b | 424 | |
wini | 0:e0adec41ad6b | 425 | /** @} */ /* end group SharkSslInfoAndCodes */ |
wini | 0:e0adec41ad6b | 426 | #endif |
wini | 0:e0adec41ad6b | 427 | |
wini | 0:e0adec41ad6b | 428 | #ifndef _DOXYGEN |
wini | 0:e0adec41ad6b | 429 | struct SharkSsl; |
wini | 0:e0adec41ad6b | 430 | #endif |
wini | 0:e0adec41ad6b | 431 | |
wini | 0:e0adec41ad6b | 432 | |
wini | 0:e0adec41ad6b | 433 | /* Non documented API used by SharkSslSCMgr when used indirectly by |
wini | 0:e0adec41ad6b | 434 | Lua code in the Barracuda Application Server. The code manages |
wini | 0:e0adec41ad6b | 435 | automatic destruction of SharkSslSCMgr. |
wini | 0:e0adec41ad6b | 436 | */ |
wini | 0:e0adec41ad6b | 437 | #ifndef _DOXYGEN |
wini | 0:e0adec41ad6b | 438 | struct SharkSslIntf; |
wini | 0:e0adec41ad6b | 439 | typedef void (*SharkSslIntf_Terminate)(struct SharkSslIntf* o, |
wini | 0:e0adec41ad6b | 440 | struct SharkSsl* ssl); |
wini | 0:e0adec41ad6b | 441 | typedef struct SharkSslIntf |
wini | 0:e0adec41ad6b | 442 | { |
wini | 0:e0adec41ad6b | 443 | SharkSslIntf_Terminate terminate; |
wini | 0:e0adec41ad6b | 444 | } SharkSslIntf; |
wini | 0:e0adec41ad6b | 445 | #define SharkSslIntf_constructor(o,terminateFunc) (o)->terminate=terminateFunc |
wini | 0:e0adec41ad6b | 446 | #endif |
wini | 0:e0adec41ad6b | 447 | |
wini | 0:e0adec41ad6b | 448 | |
wini | 0:e0adec41ad6b | 449 | /** \addtogroup SharkSslInfoAndCodes |
wini | 0:e0adec41ad6b | 450 | @{ |
wini | 0:e0adec41ad6b | 451 | */ |
wini | 0:e0adec41ad6b | 452 | |
wini | 0:e0adec41ad6b | 453 | /** SharkSslCon is an opaque handle returned by function |
wini | 0:e0adec41ad6b | 454 | #SharkSsl_createCon. |
wini | 0:e0adec41ad6b | 455 | |
wini | 0:e0adec41ad6b | 456 | The lifetime of a SharkSslCon object is as follows: |
wini | 0:e0adec41ad6b | 457 | |
wini | 0:e0adec41ad6b | 458 | - Create a network connection and create a SharkSslCon object by |
wini | 0:e0adec41ad6b | 459 | calling #SharkSsl_createCon |
wini | 0:e0adec41ad6b | 460 | |
wini | 0:e0adec41ad6b | 461 | - Use the SharkSslCon functions to encode and decode data sent |
wini | 0:e0adec41ad6b | 462 | and received over the network. See #SharkSslCon_encrypt and |
wini | 0:e0adec41ad6b | 463 | #SharkSslCon_decrypt for more information. |
wini | 0:e0adec41ad6b | 464 | |
wini | 0:e0adec41ad6b | 465 | - When you are ready to close the connection: close the network |
wini | 0:e0adec41ad6b | 466 | connection and call function #SharkSsl_terminateCon |
wini | 0:e0adec41ad6b | 467 | |
wini | 0:e0adec41ad6b | 468 | \sa SharkSsl |
wini | 0:e0adec41ad6b | 469 | */ |
wini | 0:e0adec41ad6b | 470 | typedef struct SharkSslCon SharkSslCon; |
wini | 0:e0adec41ad6b | 471 | |
wini | 0:e0adec41ad6b | 472 | |
wini | 0:e0adec41ad6b | 473 | /** A SharkSsl object is the coordinator for managing #SharkSslCon |
wini | 0:e0adec41ad6b | 474 | objects (See #SharkSsl_constructor for details). |
wini | 0:e0adec41ad6b | 475 | */ |
wini | 0:e0adec41ad6b | 476 | typedef struct |
wini | 0:e0adec41ad6b | 477 | SharkSsl |
wini | 0:e0adec41ad6b | 478 | { |
wini | 0:e0adec41ad6b | 479 | #ifdef __cplusplus |
wini | 0:e0adec41ad6b | 480 | void *operator new(size_t s) { return ::baMalloc(s); } |
wini | 0:e0adec41ad6b | 481 | void operator delete(void* d) { if(d) ::baFree(d); } |
wini | 0:e0adec41ad6b | 482 | void *operator new(size_t, void *place) { return place; } |
wini | 0:e0adec41ad6b | 483 | void operator delete(void*, void *) { } |
wini | 0:e0adec41ad6b | 484 | |
wini | 0:e0adec41ad6b | 485 | SharkSsl() {}; |
wini | 0:e0adec41ad6b | 486 | |
wini | 0:e0adec41ad6b | 487 | SharkSsl(SharkSsl_Role role, |
wini | 0:e0adec41ad6b | 488 | U16 cacheSize = 0, |
wini | 0:e0adec41ad6b | 489 | U16 inBufStartSize = 4096, |
wini | 0:e0adec41ad6b | 490 | U16 outBufSize = 4096 |
wini | 0:e0adec41ad6b | 491 | ); |
wini | 0:e0adec41ad6b | 492 | |
wini | 0:e0adec41ad6b | 493 | ~SharkSsl(); |
wini | 0:e0adec41ad6b | 494 | SharkSslCon *createCon(void); |
wini | 0:e0adec41ad6b | 495 | U8 setCAList(SharkSslCAList caList); |
wini | 0:e0adec41ad6b | 496 | U8 addCertificate(SharkSslCert cert); |
wini | 0:e0adec41ad6b | 497 | void terminateCon(SharkSslCon *sslCon); |
wini | 0:e0adec41ad6b | 498 | #endif |
wini | 0:e0adec41ad6b | 499 | #if (SHARKSSL_SSL_SERVER_CODE && SHARKSSL_SSL_CLIENT_CODE) || SHARKSSL_NOPACK |
wini | 0:e0adec41ad6b | 500 | SharkSsl_Role role; |
wini | 0:e0adec41ad6b | 501 | #endif |
wini | 0:e0adec41ad6b | 502 | U16 outBufSize; |
wini | 0:e0adec41ad6b | 503 | U16 inBufStartSize; |
wini | 0:e0adec41ad6b | 504 | U16 nCon; |
wini | 0:e0adec41ad6b | 505 | #if (SHARKSSL_ENABLE_RSA || (SHARKSSL_ENABLE_ECDSA)) || SHARKSSL_NOPACK |
wini | 0:e0adec41ad6b | 506 | SingleList certList; |
wini | 0:e0adec41ad6b | 507 | #if SHARKSSL_ENABLE_CA_LIST || SHARKSSL_NOPACK |
wini | 0:e0adec41ad6b | 508 | SharkSslCAList caList; |
wini | 0:e0adec41ad6b | 509 | #endif |
wini | 0:e0adec41ad6b | 510 | #endif |
wini | 0:e0adec41ad6b | 511 | #if SHARKSSL_ENABLE_PSK || SHARKSSL_NOPACK |
wini | 0:e0adec41ad6b | 512 | SharkSslPSKTable tablePSK; |
wini | 0:e0adec41ad6b | 513 | #endif |
wini | 0:e0adec41ad6b | 514 | #if SHARKSSL_ENABLE_SESSION_CACHE || SHARKSSL_NOPACK |
wini | 0:e0adec41ad6b | 515 | SharkSslSessionCache sessionCache; |
wini | 0:e0adec41ad6b | 516 | /* Reserved for use with one SharkSslSCMgr object */ |
wini | 0:e0adec41ad6b | 517 | SharkSslIntf* intf; |
wini | 0:e0adec41ad6b | 518 | #endif |
wini | 0:e0adec41ad6b | 519 | } SharkSsl; |
wini | 0:e0adec41ad6b | 520 | |
wini | 0:e0adec41ad6b | 521 | /** @} */ /* end group SharkSslInfoAndCodes */ |
wini | 0:e0adec41ad6b | 522 | |
wini | 0:e0adec41ad6b | 523 | /** @addtogroup SharkSslCoreApi |
wini | 0:e0adec41ad6b | 524 | @{ |
wini | 0:e0adec41ad6b | 525 | */ |
wini | 0:e0adec41ad6b | 526 | |
wini | 0:e0adec41ad6b | 527 | /** The #SharkSslCon_decrypt and #SharkSslCon_encrypt return values. |
wini | 0:e0adec41ad6b | 528 | */ |
wini | 0:e0adec41ad6b | 529 | typedef enum |
wini | 0:e0adec41ad6b | 530 | { |
wini | 0:e0adec41ad6b | 531 | /** Indicates general errors, including configuration errors. |
wini | 0:e0adec41ad6b | 532 | */ |
wini | 0:e0adec41ad6b | 533 | SharkSslCon_Error = 1, |
wini | 0:e0adec41ad6b | 534 | |
wini | 0:e0adec41ad6b | 535 | /** The memory pool is too small. |
wini | 0:e0adec41ad6b | 536 | */ |
wini | 0:e0adec41ad6b | 537 | SharkSslCon_AllocationError, |
wini | 0:e0adec41ad6b | 538 | |
wini | 0:e0adec41ad6b | 539 | /** Returned when a block of received data has been successfully decrypted. |
wini | 0:e0adec41ad6b | 540 | |
wini | 0:e0adec41ad6b | 541 | __selib.c code snippet:__ |
wini | 0:e0adec41ad6b | 542 | \dontinclude selib.c |
wini | 0:e0adec41ad6b | 543 | \skipline case SharkSslCon_Decrypted: |
wini | 0:e0adec41ad6b | 544 | \until return |
wini | 0:e0adec41ad6b | 545 | |
wini | 0:e0adec41ad6b | 546 | \sa SharkSslCon_getDecData |
wini | 0:e0adec41ad6b | 547 | */ |
wini | 0:e0adec41ad6b | 548 | SharkSslCon_Decrypted, |
wini | 0:e0adec41ad6b | 549 | |
wini | 0:e0adec41ad6b | 550 | /** Returned when an SSL/TLS handshake message has been received or |
wini | 0:e0adec41ad6b | 551 | is to be sent. During this phase, one must call |
wini | 0:e0adec41ad6b | 552 | #SharkSslCon_getHandshakeData and |
wini | 0:e0adec41ad6b | 553 | #SharkSslCon_getHandshakeDataLen, and send the handshake data to |
wini | 0:e0adec41ad6b | 554 | the peer side. |
wini | 0:e0adec41ad6b | 555 | |
wini | 0:e0adec41ad6b | 556 | __selib.c code snippet:__ |
wini | 0:e0adec41ad6b | 557 | \dontinclude selib.c |
wini | 0:e0adec41ad6b | 558 | \skipline case SharkSslCon_Handshake: |
wini | 0:e0adec41ad6b | 559 | \until xprintf(("handshake complete")); |
wini | 0:e0adec41ad6b | 560 | */ |
wini | 0:e0adec41ad6b | 561 | SharkSslCon_Handshake, |
wini | 0:e0adec41ad6b | 562 | |
wini | 0:e0adec41ad6b | 563 | /** Returned when SharkSSL holds an incomplete SSL/TLS record or |
wini | 0:e0adec41ad6b | 564 | when the connection is initially established and the readLen |
wini | 0:e0adec41ad6b | 565 | parameter is zero. |
wini | 0:e0adec41ad6b | 566 | |
wini | 0:e0adec41ad6b | 567 | __selib.c code snippet:__ |
wini | 0:e0adec41ad6b | 568 | \dontinclude selib.c |
wini | 0:e0adec41ad6b | 569 | \skipline case SharkSslCon_NeedMoreData: |
wini | 0:e0adec41ad6b | 570 | \until decrypt next record |
wini | 0:e0adec41ad6b | 571 | |
wini | 0:e0adec41ad6b | 572 | \sa #SharkSslCon_getBuf and #SharkSslCon_getBufLen |
wini | 0:e0adec41ad6b | 573 | */ |
wini | 0:e0adec41ad6b | 574 | SharkSslCon_NeedMoreData, |
wini | 0:e0adec41ad6b | 575 | |
wini | 0:e0adec41ad6b | 576 | /** Returned when an [SSL/TLS alert message](@ref SharkSslAlertMsg) |
wini | 0:e0adec41ad6b | 577 | must be sent to the peer side. The error code, which must be |
wini | 0:e0adec41ad6b | 578 | sent to the peer, indicates that SharkSSL was unable to decode |
wini | 0:e0adec41ad6b | 579 | the data sent from the peer. |
wini | 0:e0adec41ad6b | 580 | |
wini | 0:e0adec41ad6b | 581 | __selib.c code snippet:__ |
wini | 0:e0adec41ad6b | 582 | \dontinclude selib.c |
wini | 0:e0adec41ad6b | 583 | \skipline case SharkSslCon_AlertSend: |
wini | 0:e0adec41ad6b | 584 | \until return |
wini | 0:e0adec41ad6b | 585 | |
wini | 0:e0adec41ad6b | 586 | \sa #SharkSslCon_getAlertData and #SharkSslCon_getAlertDataLen |
wini | 0:e0adec41ad6b | 587 | */ |
wini | 0:e0adec41ad6b | 588 | SharkSslCon_AlertSend, |
wini | 0:e0adec41ad6b | 589 | |
wini | 0:e0adec41ad6b | 590 | /** SharkSSL received an [SSL/TLS alert message](@ref SharkSslAlertMsg) |
wini | 0:e0adec41ad6b | 591 | from the peer, which means that the peer either failed to |
wini | 0:e0adec41ad6b | 592 | decode the message from SharkSSL or the peer entered an |
wini | 0:e0adec41ad6b | 593 | exception state. |
wini | 0:e0adec41ad6b | 594 | |
wini | 0:e0adec41ad6b | 595 | \sa SharkSslCon_getAlertLevel and SharkSslCon_getAlertDescription |
wini | 0:e0adec41ad6b | 596 | */ |
wini | 0:e0adec41ad6b | 597 | SharkSslCon_AlertRecv, |
wini | 0:e0adec41ad6b | 598 | |
wini | 0:e0adec41ad6b | 599 | /** SharkSSL has successfully decrypted a chunk of data. The data |
wini | 0:e0adec41ad6b | 600 | is available in the SharkSSL receive buffer, which is returned |
wini | 0:e0adec41ad6b | 601 | by function #SharkSslCon_getEncData. The length is returned by |
wini | 0:e0adec41ad6b | 602 | function #SharkSslCon_getEncDataLen. |
wini | 0:e0adec41ad6b | 603 | |
wini | 0:e0adec41ad6b | 604 | __selib.c code snippet:__ |
wini | 0:e0adec41ad6b | 605 | \dontinclude selib.c |
wini | 0:e0adec41ad6b | 606 | \skipline case SharkSslCon_Encrypted: |
wini | 0:e0adec41ad6b | 607 | \until return maxLen |
wini | 0:e0adec41ad6b | 608 | */ |
wini | 0:e0adec41ad6b | 609 | SharkSslCon_Encrypted, |
wini | 0:e0adec41ad6b | 610 | |
wini | 0:e0adec41ad6b | 611 | /** An error condition returned by function #SharkSslCon_encrypt if |
wini | 0:e0adec41ad6b | 612 | the SSL handshake is not completed. You cannot send encrypted |
wini | 0:e0adec41ad6b | 613 | data before completing the handshake phase. |
wini | 0:e0adec41ad6b | 614 | */ |
wini | 0:e0adec41ad6b | 615 | SharkSslCon_HandshakeNotComplete, |
wini | 0:e0adec41ad6b | 616 | |
wini | 0:e0adec41ad6b | 617 | /** Returned by function #SharkSslCon_encrypt if |
wini | 0:e0adec41ad6b | 618 | #SHARKSSL_ENABLE_CLONE_CERTINFO is disabled and when a complete |
wini | 0:e0adec41ad6b | 619 | certificate is received from the peer during the SSL handshake |
wini | 0:e0adec41ad6b | 620 | phase. Fixme more... |
wini | 0:e0adec41ad6b | 621 | */ |
wini | 0:e0adec41ad6b | 622 | SharkSslCon_Certificate, |
wini | 0:e0adec41ad6b | 623 | |
wini | 0:e0adec41ad6b | 624 | /** Unrecognized format of a provided certificate. |
wini | 0:e0adec41ad6b | 625 | */ |
wini | 0:e0adec41ad6b | 626 | SharkSslCon_CertificateError |
wini | 0:e0adec41ad6b | 627 | |
wini | 0:e0adec41ad6b | 628 | } SharkSslCon_RetVal; |
wini | 0:e0adec41ad6b | 629 | |
wini | 0:e0adec41ad6b | 630 | /** @} */ /* end group SharkSslCoreApi */ |
wini | 0:e0adec41ad6b | 631 | |
wini | 0:e0adec41ad6b | 632 | #if (SHARKSSL_ENABLE_RSA || SHARKSSL_ENABLE_ECDSA) |
wini | 0:e0adec41ad6b | 633 | |
wini | 0:e0adec41ad6b | 634 | /** \defgroup SharkSslCertInfo Peer's certificate information |
wini | 0:e0adec41ad6b | 635 | \ingroup SharkSslInfoAndCodes |
wini | 0:e0adec41ad6b | 636 | |
wini | 0:e0adec41ad6b | 637 | \brief Certificate information returned by #SharkSslCon_getCertInfo |
wini | 0:e0adec41ad6b | 638 | |
wini | 0:e0adec41ad6b | 639 | @{ |
wini | 0:e0adec41ad6b | 640 | */ |
wini | 0:e0adec41ad6b | 641 | |
wini | 0:e0adec41ad6b | 642 | /** Certificate KeyUsage and ExtendedKeyUsage flags and relative |
wini | 0:e0adec41ad6b | 643 | pseudofunctions |
wini | 0:e0adec41ad6b | 644 | */ |
wini | 0:e0adec41ad6b | 645 | #if SHARKSSL_ENABLE_CERT_KEYUSAGE |
wini | 0:e0adec41ad6b | 646 | #define SHARKSSL_CERT_KEYUSAGE_DIGITALSIGNATURE 0x00000001 |
wini | 0:e0adec41ad6b | 647 | #define SHARKSSL_CERT_KEYUSAGE_NONREPUDIATION 0x00000002 |
wini | 0:e0adec41ad6b | 648 | #define SHARKSSL_CERT_KEYUSAGE_KEYENCIPHERMENT 0x00000004 |
wini | 0:e0adec41ad6b | 649 | #define SHARKSSL_CERT_KEYUSAGE_DATAENCIPHERMENT 0x00000008 |
wini | 0:e0adec41ad6b | 650 | #define SHARKSSL_CERT_KEYUSAGE_KEYAGREEMENT 0x00000010 |
wini | 0:e0adec41ad6b | 651 | #define SHARKSSL_CERT_KEYUSAGE_KEYCERTSIGN 0x00000020 |
wini | 0:e0adec41ad6b | 652 | #define SHARKSSL_CERT_KEYUSAGE_CRLSIGN 0x00000040 |
wini | 0:e0adec41ad6b | 653 | #define SHARKSSL_CERT_KEYUSAGE_ENCIPHERONLY 0x00000080 |
wini | 0:e0adec41ad6b | 654 | #define SHARKSSL_CERT_KEYUSAGE_DECIPHERONLY 0x00000100 |
wini | 0:e0adec41ad6b | 655 | #define SHARKSSL_CERT_KEYUSAGE_PRESENT 0x00000200 |
wini | 0:e0adec41ad6b | 656 | #define SHARKSSL_CERT_KEYUSAGE_CRITICAL 0x00000400 |
wini | 0:e0adec41ad6b | 657 | |
wini | 0:e0adec41ad6b | 658 | #define SHARKSSL_CERT_KEYPURPOSE_SERVERAUTH 0x00010000 |
wini | 0:e0adec41ad6b | 659 | #define SHARKSSL_CERT_KEYPURPOSE_CLIENTAUTH 0x00020000 |
wini | 0:e0adec41ad6b | 660 | #define SHARKSSL_CERT_KEYPURPOSE_CODESIGNING 0x00040000 |
wini | 0:e0adec41ad6b | 661 | #define SHARKSSL_CERT_KEYPURPOSE_EMAILPROTECTION 0x00080000 |
wini | 0:e0adec41ad6b | 662 | #define SHARKSSL_CERT_KEYPURPOSE_TIMESTAMPING 0x00100000 |
wini | 0:e0adec41ad6b | 663 | #define SHARKSSL_CERT_KEYPURPOSE_OCSPSIGNING 0x00200000 |
wini | 0:e0adec41ad6b | 664 | |
wini | 0:e0adec41ad6b | 665 | #define SharkSslCertInfo_KeyFlagSet(o,f) ((o)->keyUsagePurposes & f) |
wini | 0:e0adec41ad6b | 666 | |
wini | 0:e0adec41ad6b | 667 | /** The following pseudo-functions return a non-zero value |
wini | 0:e0adec41ad6b | 668 | if the corresponding flag is set |
wini | 0:e0adec41ad6b | 669 | */ |
wini | 0:e0adec41ad6b | 670 | #define SharkSslCertInfo_isKeyUsagePresent(o) SharkSslCertInfo_KeyFlagSet(o, SHARKSSL_CERT_KEYUSAGE_PRESENT) |
wini | 0:e0adec41ad6b | 671 | #define SharkSslCertInfo_isKeyUsageCritical(o) SharkSslCertInfo_KeyFlagSet(o, SHARKSSL_CERT_KEYUSAGE_CRITICAL) |
wini | 0:e0adec41ad6b | 672 | #define SharkSslCertInfo_KU_digitalSignature(o) SharkSslCertInfo_KeyFlagSet(o, SHARKSSL_CERT_KEYUSAGE_DIGITALSIGNATURE) |
wini | 0:e0adec41ad6b | 673 | #define SharkSslCertInfo_KU_nonRepudiation(o) SharkSslCertInfo_KeyFlagSet(o, SHARKSSL_CERT_KEYUSAGE_NONREPUDIATION) |
wini | 0:e0adec41ad6b | 674 | #define SharkSslCertInfo_KU_keyEncipherment(o) SharkSslCertInfo_KeyFlagSet(o, SHARKSSL_CERT_KEYUSAGE_KEYENCIPHERMENT) |
wini | 0:e0adec41ad6b | 675 | #define SharkSslCertInfo_KU_dataEncipherment(o) SharkSslCertInfo_KeyFlagSet(o, SHARKSSL_CERT_KEYUSAGE_DATAENCIPHERMENT) |
wini | 0:e0adec41ad6b | 676 | #define SharkSslCertInfo_KU_keyAgreement(o) SharkSslCertInfo_KeyFlagSet(o, SHARKSSL_CERT_KEYUSAGE_KEYAGREEMENT) |
wini | 0:e0adec41ad6b | 677 | #define SharkSslCertInfo_KU_keyCertSign(o) SharkSslCertInfo_KeyFlagSet(o, SHARKSSL_CERT_KEYUSAGE_KEYCERTSIGN) |
wini | 0:e0adec41ad6b | 678 | #define SharkSslCertInfo_KU_cRLSign(o) SharkSslCertInfo_KeyFlagSet(o, SHARKSSL_CERT_KEYUSAGE_CRLSIGN) |
wini | 0:e0adec41ad6b | 679 | #define SharkSslCertInfo_KU_encipherOnly(o) SharkSslCertInfo_KeyFlagSet(o, SHARKSSL_CERT_KEYUSAGE_ENCIPHERONLY) |
wini | 0:e0adec41ad6b | 680 | #define SharkSslCertInfo_KU_decipherOnly(o) SharkSslCertInfo_KeyFlagSet(o, SHARKSSL_CERT_KEYUSAGE_DECIPHERONLY) |
wini | 0:e0adec41ad6b | 681 | |
wini | 0:e0adec41ad6b | 682 | #define SharkSslCertInfo_kp_serverAuth(o) SharkSslCertInfo_KeyFlagSet(o, SHARKSSL_CERT_KEYPURPOSE_SERVERAUTH) |
wini | 0:e0adec41ad6b | 683 | #define SharkSslCertInfo_kp_clientAuth(o) SharkSslCertInfo_KeyFlagSet(o, SHARKSSL_CERT_KEYPURPOSE_CLIENTAUTH) |
wini | 0:e0adec41ad6b | 684 | #define SharkSslCertInfo_kp_codeSigning(o) SharkSslCertInfo_KeyFlagSet(o, SHARKSSL_CERT_KEYPURPOSE_CODESIGNING) |
wini | 0:e0adec41ad6b | 685 | #define SharkSslCertInfo_kp_emailProtection(o) SharkSslCertInfo_KeyFlagSet(o, SHARKSSL_CERT_KEYPURPOSE_EMAILPROTECTION) |
wini | 0:e0adec41ad6b | 686 | #define SharkSslCertInfo_kp_timeStamping(o) SharkSslCertInfo_KeyFlagSet(o, SHARKSSL_CERT_KEYPURPOSE_TIMESTAMPING) |
wini | 0:e0adec41ad6b | 687 | #define SharkSslCertInfo_kp_OCSPSigning(o) SharkSslCertInfo_KeyFlagSet(o, SHARKSSL_CERT_KEYPURPOSE_OCSPSIGNING) |
wini | 0:e0adec41ad6b | 688 | #endif |
wini | 0:e0adec41ad6b | 689 | |
wini | 0:e0adec41ad6b | 690 | |
wini | 0:e0adec41ad6b | 691 | /** Certificate Distinguished Name |
wini | 0:e0adec41ad6b | 692 | |
wini | 0:e0adec41ad6b | 693 | Example from certcheck.c: |
wini | 0:e0adec41ad6b | 694 | |
wini | 0:e0adec41ad6b | 695 | \dontinclude certcheck.c |
wini | 0:e0adec41ad6b | 696 | \skip Begin Cert Info |
wini | 0:e0adec41ad6b | 697 | \until End Cert Info |
wini | 0:e0adec41ad6b | 698 | |
wini | 0:e0adec41ad6b | 699 | \sa SharkSslCertInfo |
wini | 0:e0adec41ad6b | 700 | |
wini | 0:e0adec41ad6b | 701 | */ |
wini | 0:e0adec41ad6b | 702 | typedef struct SharkSslCertDN |
wini | 0:e0adec41ad6b | 703 | { |
wini | 0:e0adec41ad6b | 704 | const U8 *countryName; /**< ISO3166 country code */ |
wini | 0:e0adec41ad6b | 705 | const U8 *province; /**< State or Province */ |
wini | 0:e0adec41ad6b | 706 | const U8 *locality; /**< The city or town name */ |
wini | 0:e0adec41ad6b | 707 | const U8 *organization; /**< Organization Name (company or department) */ |
wini | 0:e0adec41ad6b | 708 | const U8 *unit; /**< Organizational Unit (OU: department or organization unit) */ |
wini | 0:e0adec41ad6b | 709 | /** Common Name is the Host + Domain Name (example: |
wini | 0:e0adec41ad6b | 710 | www.mycompany.com, where www is host and mycompany.com is Domain |
wini | 0:e0adec41ad6b | 711 | Name) */ |
wini | 0:e0adec41ad6b | 712 | const U8 *commonName; |
wini | 0:e0adec41ad6b | 713 | const U8 *emailAddress; |
wini | 0:e0adec41ad6b | 714 | |
wini | 0:e0adec41ad6b | 715 | U8 countryNameLen; /** length in bytes of the field "country" */ |
wini | 0:e0adec41ad6b | 716 | U8 provinceLen; /** length in bytes of the field "province" */ |
wini | 0:e0adec41ad6b | 717 | U8 localityLen; /** length in bytes of the field "locality" */ |
wini | 0:e0adec41ad6b | 718 | U8 organizationLen; /** length in bytes of the field "organization" */ |
wini | 0:e0adec41ad6b | 719 | U8 unitLen; /** length in bytes of the field "unit" */ |
wini | 0:e0adec41ad6b | 720 | U8 commonNameLen; /** length in bytes of the field "common name" */ |
wini | 0:e0adec41ad6b | 721 | U8 emailAddressLen; /** length in bytes of the field "emailAddress" */ |
wini | 0:e0adec41ad6b | 722 | } SharkSslCertDN; |
wini | 0:e0adec41ad6b | 723 | |
wini | 0:e0adec41ad6b | 724 | #define SharkSslCertDN_constructor(o) memset(o,0,sizeof(SharkSslCertDN)) |
wini | 0:e0adec41ad6b | 725 | |
wini | 0:e0adec41ad6b | 726 | #define SharkSslCertDN_setCountryName(o, countryNameMA) \ |
wini | 0:e0adec41ad6b | 727 | (o)->countryName=(const U8*)countryNameMA,(o)->countryNameLen=(U8)strlen(countryNameMA) |
wini | 0:e0adec41ad6b | 728 | #define SharkSslCertDN_setProvince(o, provinceMA) \ |
wini | 0:e0adec41ad6b | 729 | (o)->province=(const U8*)provinceMA,(o)->provinceLen=(U8)strlen(provinceMA) |
wini | 0:e0adec41ad6b | 730 | #define SharkSslCertDN_setLocality(o, localityMA) \ |
wini | 0:e0adec41ad6b | 731 | (o)->locality=(const U8*)localityMA,(o)->localityLen=(U8)strlen(localityMA) |
wini | 0:e0adec41ad6b | 732 | #define SharkSslCertDN_setOrganization(o, organizationMA) \ |
wini | 0:e0adec41ad6b | 733 | (o)->organization=(const U8*)organizationMA,(o)->organizationLen=(U8)strlen(organizationMA) |
wini | 0:e0adec41ad6b | 734 | #define SharkSslCertDN_setUnit(o, unitMA) \ |
wini | 0:e0adec41ad6b | 735 | (o)->unit=(const U8*)unitMA,(o)->unitLen=(U8)strlen(unitMA) |
wini | 0:e0adec41ad6b | 736 | #define SharkSslCertDN_setCommonName(o, commonNameMA) \ |
wini | 0:e0adec41ad6b | 737 | (o)->commonName=(const U8*)commonNameMA,(o)->commonNameLen=(U8)strlen(commonNameMA) |
wini | 0:e0adec41ad6b | 738 | |
wini | 0:e0adec41ad6b | 739 | |
wini | 0:e0adec41ad6b | 740 | /** The peer's certificate information returned by #SharkSslCon_getCertInfo. |
wini | 0:e0adec41ad6b | 741 | \sa SharkSslCertDN |
wini | 0:e0adec41ad6b | 742 | */ |
wini | 0:e0adec41ad6b | 743 | typedef struct SharkSslCertInfo |
wini | 0:e0adec41ad6b | 744 | { |
wini | 0:e0adec41ad6b | 745 | /** Length of 'sn' (serial number) */ |
wini | 0:e0adec41ad6b | 746 | U16 snLen; |
wini | 0:e0adec41ad6b | 747 | |
wini | 0:e0adec41ad6b | 748 | /** Certificate version is offset at 0 so add +1 for actual |
wini | 0:e0adec41ad6b | 749 | version number. |
wini | 0:e0adec41ad6b | 750 | */ |
wini | 0:e0adec41ad6b | 751 | U8 version; |
wini | 0:e0adec41ad6b | 752 | |
wini | 0:e0adec41ad6b | 753 | /** The Certificate Authority flag (CA) is set to one if the |
wini | 0:e0adec41ad6b | 754 | certificate is a CA i.e. a root certificate. |
wini | 0:e0adec41ad6b | 755 | */ |
wini | 0:e0adec41ad6b | 756 | U8 CAflag; |
wini | 0:e0adec41ad6b | 757 | |
wini | 0:e0adec41ad6b | 758 | /** Binary serial number. The length is provided in 'snLen' |
wini | 0:e0adec41ad6b | 759 | */ |
wini | 0:e0adec41ad6b | 760 | U8 *sn; |
wini | 0:e0adec41ad6b | 761 | |
wini | 0:e0adec41ad6b | 762 | /** Certificate is valid from date (in UTCTime format: YYMMDDHHMMSSZ) |
wini | 0:e0adec41ad6b | 763 | */ |
wini | 0:e0adec41ad6b | 764 | U8 *timeFrom; |
wini | 0:e0adec41ad6b | 765 | |
wini | 0:e0adec41ad6b | 766 | /** Certificate expiration date (in UTCTime format: YYMMDDHHMMSSZ) |
wini | 0:e0adec41ad6b | 767 | */ |
wini | 0:e0adec41ad6b | 768 | U8 *timeTo; |
wini | 0:e0adec41ad6b | 769 | |
wini | 0:e0adec41ad6b | 770 | /** The entity who has signed and issued the certificate (<a |
wini | 0:e0adec41ad6b | 771 | href="http://tools.ietf.org/html/rfc2459#section-4.1.2.4" |
wini | 0:e0adec41ad6b | 772 | >RFC2459 4.1.2.4</a>) |
wini | 0:e0adec41ad6b | 773 | */ |
wini | 0:e0adec41ad6b | 774 | SharkSslCertDN issuer; |
wini | 0:e0adec41ad6b | 775 | |
wini | 0:e0adec41ad6b | 776 | /** The entity associated with the public key (<a |
wini | 0:e0adec41ad6b | 777 | href="http://tools.ietf.org/html/rfc2459#section-4.1.2.6" |
wini | 0:e0adec41ad6b | 778 | >RFC2459 4.1.2.6</a>). |
wini | 0:e0adec41ad6b | 779 | */ |
wini | 0:e0adec41ad6b | 780 | SharkSslCertDN subject; |
wini | 0:e0adec41ad6b | 781 | |
wini | 0:e0adec41ad6b | 782 | /** Subject Alternative DNS Names, if set, is a pointer to a list |
wini | 0:e0adec41ad6b | 783 | of alternative names. Each entry in the list is prefixed with |
wini | 0:e0adec41ad6b | 784 | a 1-byte length, followed by a string of 'length' bytes; |
wini | 0:e0adec41ad6b | 785 | the list ends with a zero length. |
wini | 0:e0adec41ad6b | 786 | The following example is from certcheck.c: |
wini | 0:e0adec41ad6b | 787 | |
wini | 0:e0adec41ad6b | 788 | \dontinclude certcheck.c |
wini | 0:e0adec41ad6b | 789 | \skipline U8 *tp |
wini | 0:e0adec41ad6b | 790 | \until xprintf(("\n")) |
wini | 0:e0adec41ad6b | 791 | */ |
wini | 0:e0adec41ad6b | 792 | U8 *subjectAltDNSNames; |
wini | 0:e0adec41ad6b | 793 | |
wini | 0:e0adec41ad6b | 794 | #if SHARKSSL_ENABLE_CERT_KEYUSAGE |
wini | 0:e0adec41ad6b | 795 | /** KeyUsage & ExtendedKeyUsage (key purposes) flags. |
wini | 0:e0adec41ad6b | 796 | Verify that the KeyUsage extension is present through the |
wini | 0:e0adec41ad6b | 797 | SharkSslCertInfo_isKeyUsagePresent(o) pseudo-function, |
wini | 0:e0adec41ad6b | 798 | then verify all the flags through the pseudo-functions: |
wini | 0:e0adec41ad6b | 799 | SharkSslCertInfo_KU_digitalSignature(o) |
wini | 0:e0adec41ad6b | 800 | SharkSslCertInfo_KU_nonRepudiation(o) |
wini | 0:e0adec41ad6b | 801 | SharkSslCertInfo_KU_keyEncipherment(o) |
wini | 0:e0adec41ad6b | 802 | SharkSslCertInfo_KU_dataEncipherment(o) |
wini | 0:e0adec41ad6b | 803 | SharkSslCertInfo_KU_keyAgreement(o) |
wini | 0:e0adec41ad6b | 804 | SharkSslCertInfo_KU_keyCertSign(o) |
wini | 0:e0adec41ad6b | 805 | SharkSslCertInfo_KU_cRLSign(o) |
wini | 0:e0adec41ad6b | 806 | SharkSslCertInfo_KU_encipherOnly(o) |
wini | 0:e0adec41ad6b | 807 | SharkSslCertInfo_KU_decipherOnly(o) |
wini | 0:e0adec41ad6b | 808 | |
wini | 0:e0adec41ad6b | 809 | Verify the ExtendedKeyUsage purposes through the following: |
wini | 0:e0adec41ad6b | 810 | SharkSslCertInfo_kp_serverAuth(o) |
wini | 0:e0adec41ad6b | 811 | SharkSslCertInfo_kp_clientAuth(o) |
wini | 0:e0adec41ad6b | 812 | SharkSslCertInfo_kp_codeSigning(o) |
wini | 0:e0adec41ad6b | 813 | SharkSslCertInfo_kp_emailProtection(o) |
wini | 0:e0adec41ad6b | 814 | SharkSslCertInfo_kp_timeStamping(o) |
wini | 0:e0adec41ad6b | 815 | SharkSslCertInfo_kp_OCSPSigning(o) |
wini | 0:e0adec41ad6b | 816 | */ |
wini | 0:e0adec41ad6b | 817 | U32 keyUsagePurposes; |
wini | 0:e0adec41ad6b | 818 | #endif |
wini | 0:e0adec41ad6b | 819 | |
wini | 0:e0adec41ad6b | 820 | /** Pointer to parent node when the SharkSslCertInfo object is part of |
wini | 0:e0adec41ad6b | 821 | a certificate chain. You walk up the chain until you reach the root. |
wini | 0:e0adec41ad6b | 822 | */ |
wini | 0:e0adec41ad6b | 823 | struct SharkSslCertInfo *parent; |
wini | 0:e0adec41ad6b | 824 | } SharkSslCertInfo; |
wini | 0:e0adec41ad6b | 825 | |
wini | 0:e0adec41ad6b | 826 | /** @} */ /* end group SharkSslCertInfo */ |
wini | 0:e0adec41ad6b | 827 | #endif |
wini | 0:e0adec41ad6b | 828 | |
wini | 0:e0adec41ad6b | 829 | /** @addtogroup SharkSslApi |
wini | 0:e0adec41ad6b | 830 | @{ |
wini | 0:e0adec41ad6b | 831 | */ |
wini | 0:e0adec41ad6b | 832 | |
wini | 0:e0adec41ad6b | 833 | |
wini | 0:e0adec41ad6b | 834 | #ifdef __cplusplus |
wini | 0:e0adec41ad6b | 835 | extern "C" { |
wini | 0:e0adec41ad6b | 836 | #endif |
wini | 0:e0adec41ad6b | 837 | |
wini | 0:e0adec41ad6b | 838 | /** A SharkSsl object is the coordinator for managing SharkSslCon |
wini | 0:e0adec41ad6b | 839 | objects. |
wini | 0:e0adec41ad6b | 840 | |
wini | 0:e0adec41ad6b | 841 | You must at a minimum create one SharkSsl object. A more advanced |
wini | 0:e0adec41ad6b | 842 | configuration may include several SharkSsl objects. For example, a |
wini | 0:e0adec41ad6b | 843 | system that includes both a client and server SSL stack must |
wini | 0:e0adec41ad6b | 844 | create and initialize two SharkSsl objects. |
wini | 0:e0adec41ad6b | 845 | |
wini | 0:e0adec41ad6b | 846 | \param o Uninitialized data of size sizeof(SharkSsl). |
wini | 0:e0adec41ad6b | 847 | |
wini | 0:e0adec41ad6b | 848 | \param role Select client or server SSL mode. See #SharkSsl_Role |
wini | 0:e0adec41ad6b | 849 | for details. |
wini | 0:e0adec41ad6b | 850 | |
wini | 0:e0adec41ad6b | 851 | \param cacheSize The session resumption cache size. Setting this |
wini | 0:e0adec41ad6b | 852 | to zero disables the cache management code. See |
wini | 0:e0adec41ad6b | 853 | [SSL Session Management](@ref SharkSslSessionApi) for details. |
wini | 0:e0adec41ad6b | 854 | |
wini | 0:e0adec41ad6b | 855 | \param inBufStartSize |
wini | 0:e0adec41ad6b | 856 | \param outBufSize |
wini | 0:e0adec41ad6b | 857 | |
wini | 0:e0adec41ad6b | 858 | parameter must be provided if you plan on using function |
wini | 0:e0adec41ad6b | 859 | #SharkSslCon_trustedCA or #SharkSslCon_trusted. See |
wini | 0:e0adec41ad6b | 860 | #SharkSslCAList for details. |
wini | 0:e0adec41ad6b | 861 | |
wini | 0:e0adec41ad6b | 862 | \sa #SharkSsl_addCertificate, #SharkSsl_setCAList, |
wini | 0:e0adec41ad6b | 863 | SharkSsl_createCon, and SharkSsl_terminateCon. |
wini | 0:e0adec41ad6b | 864 | */ |
wini | 0:e0adec41ad6b | 865 | SHARKSSL_API void SharkSsl_constructor( |
wini | 0:e0adec41ad6b | 866 | SharkSsl *o, |
wini | 0:e0adec41ad6b | 867 | SharkSsl_Role role, |
wini | 0:e0adec41ad6b | 868 | U16 cacheSize, |
wini | 0:e0adec41ad6b | 869 | U16 inBufStartSize, |
wini | 0:e0adec41ad6b | 870 | U16 outBufSize |
wini | 0:e0adec41ad6b | 871 | ); |
wini | 0:e0adec41ad6b | 872 | |
wini | 0:e0adec41ad6b | 873 | /** Close the SharkSsl object. Closing a SharkSsl object is not |
wini | 0:e0adec41ad6b | 874 | common in embedded devices. You would normally keep the SharkSsl |
wini | 0:e0adec41ad6b | 875 | object for the lifetime of the application. You must make sure |
wini | 0:e0adec41ad6b | 876 | all #SharkSslCon objects are terminated by calling |
wini | 0:e0adec41ad6b | 877 | #SharkSslCon_terminate for each active connection prior to calling |
wini | 0:e0adec41ad6b | 878 | the SharkSsl_destructor. |
wini | 0:e0adec41ad6b | 879 | */ |
wini | 0:e0adec41ad6b | 880 | SHARKSSL_API void SharkSsl_destructor(SharkSsl *o); |
wini | 0:e0adec41ad6b | 881 | |
wini | 0:e0adec41ad6b | 882 | |
wini | 0:e0adec41ad6b | 883 | /** Create a #SharkSslCon object. You must create one SharkSslCon |
wini | 0:e0adec41ad6b | 884 | object for each active network connection that requires encryption. |
wini | 0:e0adec41ad6b | 885 | |
wini | 0:e0adec41ad6b | 886 | The following code snippet is from the |
wini | 0:e0adec41ad6b | 887 | [example programs](\ref SharkExamples). |
wini | 0:e0adec41ad6b | 888 | \code |
wini | 0:e0adec41ad6b | 889 | int rc; |
wini | 0:e0adec41ad6b | 890 | SharkSslCon* scon; |
wini | 0:e0adec41ad6b | 891 | if( (rc=se_connect(&sock, "realtimelogic.com", 443)) == 0) // open socket |
wini | 0:e0adec41ad6b | 892 | { |
wini | 0:e0adec41ad6b | 893 | if( (scon = SharkSsl_createCon(&sharkSsl)) != NULL) |
wini | 0:e0adec41ad6b | 894 | { |
wini | 0:e0adec41ad6b | 895 | // success |
wini | 0:e0adec41ad6b | 896 | \endcode |
wini | 0:e0adec41ad6b | 897 | |
wini | 0:e0adec41ad6b | 898 | \return a SharkSslCon object or NULL if memory is exhausted. |
wini | 0:e0adec41ad6b | 899 | |
wini | 0:e0adec41ad6b | 900 | \sa SharkSsl_terminateCon and SharkSslCon_terminate |
wini | 0:e0adec41ad6b | 901 | */ |
wini | 0:e0adec41ad6b | 902 | SharkSslCon *SharkSsl_createCon(SharkSsl *o); |
wini | 0:e0adec41ad6b | 903 | |
wini | 0:e0adec41ad6b | 904 | |
wini | 0:e0adec41ad6b | 905 | /** Terminate a SharkSslCon object created by function SharkSsl_createCon. |
wini | 0:e0adec41ad6b | 906 | |
wini | 0:e0adec41ad6b | 907 | \param o the SharkSsl object. Setting this parameter to NULL is |
wini | 0:e0adec41ad6b | 908 | the same as calling macro #SharkSslCon_terminate. |
wini | 0:e0adec41ad6b | 909 | |
wini | 0:e0adec41ad6b | 910 | \param con the SharkSslCon object to reclaim. |
wini | 0:e0adec41ad6b | 911 | |
wini | 0:e0adec41ad6b | 912 | Code snippet from the example code: sessioncache.c |
wini | 0:e0adec41ad6b | 913 | |
wini | 0:e0adec41ad6b | 914 | \dontinclude sessioncache.c |
wini | 0:e0adec41ad6b | 915 | \skipline Release resources |
wini | 0:e0adec41ad6b | 916 | \until se_close |
wini | 0:e0adec41ad6b | 917 | |
wini | 0:e0adec41ad6b | 918 | */ |
wini | 0:e0adec41ad6b | 919 | void SharkSsl_terminateCon(const SharkSsl *o, SharkSslCon* con); |
wini | 0:e0adec41ad6b | 920 | |
wini | 0:e0adec41ad6b | 921 | |
wini | 0:e0adec41ad6b | 922 | #if SHARKSSL_ENABLE_SESSION_CACHE |
wini | 0:e0adec41ad6b | 923 | |
wini | 0:e0adec41ad6b | 924 | /** Returns the SharkSsl session cache size. |
wini | 0:e0adec41ad6b | 925 | \sa SharkSsl_constructor (parameter cacheSize) and |
wini | 0:e0adec41ad6b | 926 | #SHARKSSL_ENABLE_SESSION_CACHE |
wini | 0:e0adec41ad6b | 927 | */ |
wini | 0:e0adec41ad6b | 928 | SHARKSSL_API U16 SharkSsl_getCacheSize(SharkSsl *o); |
wini | 0:e0adec41ad6b | 929 | |
wini | 0:e0adec41ad6b | 930 | #define SharkSsl_setIntf(o, sharkSslIntf) (o)->intf=sharkSslIntf |
wini | 0:e0adec41ad6b | 931 | #define SharkSsl_getIntf(o) (o)->intf |
wini | 0:e0adec41ad6b | 932 | |
wini | 0:e0adec41ad6b | 933 | #endif |
wini | 0:e0adec41ad6b | 934 | |
wini | 0:e0adec41ad6b | 935 | |
wini | 0:e0adec41ad6b | 936 | /** The SharkSslCon object must be reclaimed when you close the |
wini | 0:e0adec41ad6b | 937 | * network connection. |
wini | 0:e0adec41ad6b | 938 | |
wini | 0:e0adec41ad6b | 939 | \sa #SharkSsl_createCon |
wini | 0:e0adec41ad6b | 940 | \sa SharkSsl_terminateCon |
wini | 0:e0adec41ad6b | 941 | */ |
wini | 0:e0adec41ad6b | 942 | #define SharkSslCon_terminate(o) SharkSsl_terminateCon(0, o) |
wini | 0:e0adec41ad6b | 943 | |
wini | 0:e0adec41ad6b | 944 | /** @addtogroup SharkSslCoreApi |
wini | 0:e0adec41ad6b | 945 | @{ |
wini | 0:e0adec41ad6b | 946 | */ |
wini | 0:e0adec41ad6b | 947 | |
wini | 0:e0adec41ad6b | 948 | /** Decrypt the received data copied into the SharkSslCon receive |
wini | 0:e0adec41ad6b | 949 | buffer (the buffer returned by #SharkSslCon_getBuf). See |
wini | 0:e0adec41ad6b | 950 | #SharkSslCon_RetVal for example code. |
wini | 0:e0adec41ad6b | 951 | |
wini | 0:e0adec41ad6b | 952 | The SharkSslCon_decrypt function keeps decrypt state information |
wini | 0:e0adec41ad6b | 953 | in the SharkSslCon object and the function can therefore be used |
wini | 0:e0adec41ad6b | 954 | in event driven systems. |
wini | 0:e0adec41ad6b | 955 | |
wini | 0:e0adec41ad6b | 956 | \param o the SharkSslCon object returned by function #SharkSsl_createCon. |
wini | 0:e0adec41ad6b | 957 | |
wini | 0:e0adec41ad6b | 958 | \param readLen the length of the received network data copied into |
wini | 0:e0adec41ad6b | 959 | the buffer returned by #SharkSslCon_getBuf. |
wini | 0:e0adec41ad6b | 960 | |
wini | 0:e0adec41ad6b | 961 | \return the decrypt state information #SharkSslCon_RetVal. |
wini | 0:e0adec41ad6b | 962 | |
wini | 0:e0adec41ad6b | 963 | \sa SharkSslCon_getBuf, SharkSslCon_getBufLen, SharkSslCon_encrypt |
wini | 0:e0adec41ad6b | 964 | */ |
wini | 0:e0adec41ad6b | 965 | SharkSslCon_RetVal SharkSslCon_decrypt(SharkSslCon *o, U16 readLen); |
wini | 0:e0adec41ad6b | 966 | |
wini | 0:e0adec41ad6b | 967 | |
wini | 0:e0adec41ad6b | 968 | /** Encrypt the data provided by parameter 'buf' or encrypt data in |
wini | 0:e0adec41ad6b | 969 | the SharkSslCon send buffer. SharkSSL provides a zero copy API and |
wini | 0:e0adec41ad6b | 970 | you can optionally copy data directly to the SharkSslCon send |
wini | 0:e0adec41ad6b | 971 | buffer. The send buffer is returned by calling function |
wini | 0:e0adec41ad6b | 972 | #SharkSslCon_getEncBufPtr. |
wini | 0:e0adec41ad6b | 973 | |
wini | 0:e0adec41ad6b | 974 | The SharkSslCon_encrypt function keeps decrypt state information |
wini | 0:e0adec41ad6b | 975 | in the SharkSslCon object and the function can therefore be used |
wini | 0:e0adec41ad6b | 976 | in event driven systems. |
wini | 0:e0adec41ad6b | 977 | |
wini | 0:e0adec41ad6b | 978 | \param o the SharkSslCon object returned by function #SharkSsl_createCon. |
wini | 0:e0adec41ad6b | 979 | |
wini | 0:e0adec41ad6b | 980 | \param buf the data to be encrypted or NULL when encrypting data |
wini | 0:e0adec41ad6b | 981 | copied directly to the SharkSslCon send buffer i.e. when copying |
wini | 0:e0adec41ad6b | 982 | the data to the pointer returned by function |
wini | 0:e0adec41ad6b | 983 | #SharkSslCon_getEncBufPtr. |
wini | 0:e0adec41ad6b | 984 | |
wini | 0:e0adec41ad6b | 985 | \param maxLen is the length of 'buf' or the length of the data |
wini | 0:e0adec41ad6b | 986 | data copied directly to the SharkSslCon send buffer. |
wini | 0:e0adec41ad6b | 987 | |
wini | 0:e0adec41ad6b | 988 | \return the decrypt state information #SharkSslCon_RetVal. |
wini | 0:e0adec41ad6b | 989 | |
wini | 0:e0adec41ad6b | 990 | \sa SharkSslCon_getEncBufPtr, SharkSslCon_getEncBufSize, SharkSslCon_decrypt |
wini | 0:e0adec41ad6b | 991 | */ |
wini | 0:e0adec41ad6b | 992 | SharkSslCon_RetVal SharkSslCon_encrypt(SharkSslCon *o, U8 *buf, U16 maxLen); |
wini | 0:e0adec41ad6b | 993 | |
wini | 0:e0adec41ad6b | 994 | |
wini | 0:e0adec41ad6b | 995 | /** Returns TRUE if the SSL handshake phase is completed. See |
wini | 0:e0adec41ad6b | 996 | state #SharkSslCon_Handshake for example code. |
wini | 0:e0adec41ad6b | 997 | */ |
wini | 0:e0adec41ad6b | 998 | U8 SharkSslCon_isHandshakeComplete(SharkSslCon *o); |
wini | 0:e0adec41ad6b | 999 | |
wini | 0:e0adec41ad6b | 1000 | |
wini | 0:e0adec41ad6b | 1001 | /** This function is used in conjunction with state |
wini | 0:e0adec41ad6b | 1002 | SharkSslCon_Encrypted returned by function |
wini | 0:e0adec41ad6b | 1003 | #SharkSslCon_encrypt. |
wini | 0:e0adec41ad6b | 1004 | |
wini | 0:e0adec41ad6b | 1005 | The function returns TRUE if the SharkSslCon send buffer is full |
wini | 0:e0adec41ad6b | 1006 | and must be flushed out. |
wini | 0:e0adec41ad6b | 1007 | |
wini | 0:e0adec41ad6b | 1008 | The maximum size of the output buffer is set with parameter |
wini | 0:e0adec41ad6b | 1009 | 'outBufSize' when calling the #SharkSsl_constructor. When the |
wini | 0:e0adec41ad6b | 1010 | unencrypted buffer is larger than what fits into the internal |
wini | 0:e0adec41ad6b | 1011 | output buffer, SharkSSL breaks the unencrypted data into multiple |
wini | 0:e0adec41ad6b | 1012 | chunks and SharkSslCon_encryptMore lets the application know when |
wini | 0:e0adec41ad6b | 1013 | the buffer must be flushed. |
wini | 0:e0adec41ad6b | 1014 | |
wini | 0:e0adec41ad6b | 1015 | See #SharkSslCon_Encrypted for example code. |
wini | 0:e0adec41ad6b | 1016 | */ |
wini | 0:e0adec41ad6b | 1017 | U8 SharkSslCon_encryptMore(SharkSslCon *o); |
wini | 0:e0adec41ad6b | 1018 | |
wini | 0:e0adec41ad6b | 1019 | |
wini | 0:e0adec41ad6b | 1020 | /** This function is used in conjunction with state |
wini | 0:e0adec41ad6b | 1021 | SharkSslCon_Decrypted returned by function |
wini | 0:e0adec41ad6b | 1022 | #SharkSslCon_decrypt. |
wini | 0:e0adec41ad6b | 1023 | |
wini | 0:e0adec41ad6b | 1024 | The function returns TRUE if a complete SSL frame has been |
wini | 0:e0adec41ad6b | 1025 | decrypted and is ready for consumption. See #SharkSslCon_Decrypted |
wini | 0:e0adec41ad6b | 1026 | for example code. |
wini | 0:e0adec41ad6b | 1027 | |
wini | 0:e0adec41ad6b | 1028 | */ |
wini | 0:e0adec41ad6b | 1029 | U8 SharkSslCon_decryptMore(SharkSslCon *o); |
wini | 0:e0adec41ad6b | 1030 | |
wini | 0:e0adec41ad6b | 1031 | /** Returns a pointer to the SharkSslCon input/receive buffer. The |
wini | 0:e0adec41ad6b | 1032 | pointer returned by SharkSslCon_getBuf is where you copy the |
wini | 0:e0adec41ad6b | 1033 | encrypted data you receive from the network. |
wini | 0:e0adec41ad6b | 1034 | |
wini | 0:e0adec41ad6b | 1035 | Example code: |
wini | 0:e0adec41ad6b | 1036 | \code |
wini | 0:e0adec41ad6b | 1037 | readLen = recv(mysocket, SharkSslCon_getBuf(s),SharkSslCon_getBufLen(s), 0); |
wini | 0:e0adec41ad6b | 1038 | \endcode |
wini | 0:e0adec41ad6b | 1039 | \sa SharkSslCon_getBufLen and SharkSslCon_getDecData |
wini | 0:e0adec41ad6b | 1040 | */ |
wini | 0:e0adec41ad6b | 1041 | U8 *SharkSslCon_getBuf(SharkSslCon *o); |
wini | 0:e0adec41ad6b | 1042 | |
wini | 0:e0adec41ad6b | 1043 | |
wini | 0:e0adec41ad6b | 1044 | /** Returns the length of the SharkSslCon input buffer. The buffer is |
wini | 0:e0adec41ad6b | 1045 | internally managed by SharkSSL and may dynamically grow as large |
wini | 0:e0adec41ad6b | 1046 | as 16Kbytes. The SharkSslCon input buffer start size is set with |
wini | 0:e0adec41ad6b | 1047 | parameter inBufStartSize when calling the #SharkSsl_constructor. |
wini | 0:e0adec41ad6b | 1048 | |
wini | 0:e0adec41ad6b | 1049 | Many ciphers are block based and the receiving end must read the |
wini | 0:e0adec41ad6b | 1050 | complete block before it can be decrypted. The SSL/TLS |
wini | 0:e0adec41ad6b | 1051 | specification enables blocks up to 16K in size. Note, the block |
wini | 0:e0adec41ad6b | 1052 | will not be larger than the size of the packet sent by the peer |
wini | 0:e0adec41ad6b | 1053 | side. |
wini | 0:e0adec41ad6b | 1054 | |
wini | 0:e0adec41ad6b | 1055 | \sa SharkSslCon_getBuf |
wini | 0:e0adec41ad6b | 1056 | */ |
wini | 0:e0adec41ad6b | 1057 | U16 SharkSslCon_getBufLen(SharkSslCon *o); |
wini | 0:e0adec41ad6b | 1058 | |
wini | 0:e0adec41ad6b | 1059 | /** Copy decoded data to 'buf'. Provides an alternative to using the |
wini | 0:e0adec41ad6b | 1060 | zero copy API and the buffer returned by #SharkSslCon_getDecData. |
wini | 0:e0adec41ad6b | 1061 | |
wini | 0:e0adec41ad6b | 1062 | \param o the SharkSslCon object returned by function #SharkSsl_createCon. |
wini | 0:e0adec41ad6b | 1063 | \param buf a buffer provided by the caller |
wini | 0:e0adec41ad6b | 1064 | \param maxLen the size of parameter 'buf'. SharkSSL will copy at |
wini | 0:e0adec41ad6b | 1065 | most maxLen bytes to 'buf'. |
wini | 0:e0adec41ad6b | 1066 | |
wini | 0:e0adec41ad6b | 1067 | Example: |
wini | 0:e0adec41ad6b | 1068 | \code |
wini | 0:e0adec41ad6b | 1069 | for(;;) |
wini | 0:e0adec41ad6b | 1070 | { |
wini | 0:e0adec41ad6b | 1071 | switch (SharkSslCon_decrypt(s, (U16)readLen)) |
wini | 0:e0adec41ad6b | 1072 | { |
wini | 0:e0adec41ad6b | 1073 | case SharkSslCon_Decrypted: |
wini | 0:e0adec41ad6b | 1074 | readLen = SharkSslCon_copyDecData(s, buf, maxLen); |
wini | 0:e0adec41ad6b | 1075 | // decrypted readLen bytes |
wini | 0:e0adec41ad6b | 1076 | if (SharkSslCon_decryptMore(s)) |
wini | 0:e0adec41ad6b | 1077 | { |
wini | 0:e0adec41ad6b | 1078 | if ((readLen == 0) && (maxLen > 0)) |
wini | 0:e0adec41ad6b | 1079 | { |
wini | 0:e0adec41ad6b | 1080 | break; // zero-length record, decrypt next one |
wini | 0:e0adec41ad6b | 1081 | } |
wini | 0:e0adec41ad6b | 1082 | } |
wini | 0:e0adec41ad6b | 1083 | return readLen; |
wini | 0:e0adec41ad6b | 1084 | |
wini | 0:e0adec41ad6b | 1085 | // other cases not shown here |
wini | 0:e0adec41ad6b | 1086 | \endcode |
wini | 0:e0adec41ad6b | 1087 | \sa SharkSslCon_getDecData |
wini | 0:e0adec41ad6b | 1088 | */ |
wini | 0:e0adec41ad6b | 1089 | U16 SharkSslCon_copyDecData(SharkSslCon *o, U8 *buf, U16 maxLen); |
wini | 0:e0adec41ad6b | 1090 | |
wini | 0:e0adec41ad6b | 1091 | |
wini | 0:e0adec41ad6b | 1092 | /** Get a pointer to the decoded data. |
wini | 0:e0adec41ad6b | 1093 | |
wini | 0:e0adec41ad6b | 1094 | See #SharkSslCon_Decrypted for example code. |
wini | 0:e0adec41ad6b | 1095 | |
wini | 0:e0adec41ad6b | 1096 | \param o the SharkSslCon object returned by function #SharkSsl_createCon. |
wini | 0:e0adec41ad6b | 1097 | \param bufPtr is set to the beginning of the decoded data. |
wini | 0:e0adec41ad6b | 1098 | \returns Number of bytes decoded. |
wini | 0:e0adec41ad6b | 1099 | \sa SharkSslCon_copyDecData |
wini | 0:e0adec41ad6b | 1100 | */ |
wini | 0:e0adec41ad6b | 1101 | SHARKSSL_API U16 SharkSslCon_getDecData(SharkSslCon *o, U8 **bufPtr); |
wini | 0:e0adec41ad6b | 1102 | |
wini | 0:e0adec41ad6b | 1103 | |
wini | 0:e0adec41ad6b | 1104 | /** This function is used in conjunction with state |
wini | 0:e0adec41ad6b | 1105 | SharkSslCon_Handshake returned by function |
wini | 0:e0adec41ad6b | 1106 | #SharkSslCon_encrypt. |
wini | 0:e0adec41ad6b | 1107 | |
wini | 0:e0adec41ad6b | 1108 | The function returns the handshake data that must be sent to the |
wini | 0:e0adec41ad6b | 1109 | peer side, if any. |
wini | 0:e0adec41ad6b | 1110 | |
wini | 0:e0adec41ad6b | 1111 | See #SharkSslCon_Handshake for example code. |
wini | 0:e0adec41ad6b | 1112 | |
wini | 0:e0adec41ad6b | 1113 | \sa SharkSslCon_getHandshakeDataLen |
wini | 0:e0adec41ad6b | 1114 | */ |
wini | 0:e0adec41ad6b | 1115 | U8 *SharkSslCon_getHandshakeData(SharkSslCon *o); |
wini | 0:e0adec41ad6b | 1116 | |
wini | 0:e0adec41ad6b | 1117 | |
wini | 0:e0adec41ad6b | 1118 | /** This function is used in conjunction with state |
wini | 0:e0adec41ad6b | 1119 | SharkSslCon_Handshake returned by function |
wini | 0:e0adec41ad6b | 1120 | #SharkSslCon_decrypt. |
wini | 0:e0adec41ad6b | 1121 | |
wini | 0:e0adec41ad6b | 1122 | The function returns the length of the handshake data that must be |
wini | 0:e0adec41ad6b | 1123 | sent to the peer side, if any. The function returns zero if no |
wini | 0:e0adec41ad6b | 1124 | handshake data should be sent. |
wini | 0:e0adec41ad6b | 1125 | |
wini | 0:e0adec41ad6b | 1126 | See #SharkSslCon_Handshake for example code. |
wini | 0:e0adec41ad6b | 1127 | |
wini | 0:e0adec41ad6b | 1128 | \sa SharkSslCon_getHandshakeData |
wini | 0:e0adec41ad6b | 1129 | */ |
wini | 0:e0adec41ad6b | 1130 | U16 SharkSslCon_getHandshakeDataLen(SharkSslCon *o); |
wini | 0:e0adec41ad6b | 1131 | |
wini | 0:e0adec41ad6b | 1132 | |
wini | 0:e0adec41ad6b | 1133 | /** This function is used in conjunction with state |
wini | 0:e0adec41ad6b | 1134 | SharkSslCon_Encrypted returned by function |
wini | 0:e0adec41ad6b | 1135 | #SharkSslCon_encrypt. |
wini | 0:e0adec41ad6b | 1136 | |
wini | 0:e0adec41ad6b | 1137 | The function returns a pointer to the encoded data that must be |
wini | 0:e0adec41ad6b | 1138 | sent to the peer side. |
wini | 0:e0adec41ad6b | 1139 | |
wini | 0:e0adec41ad6b | 1140 | \sa SharkSslCon_getEncDataLen and SharkSslCon_encryptMore |
wini | 0:e0adec41ad6b | 1141 | */ |
wini | 0:e0adec41ad6b | 1142 | U8 *SharkSslCon_getEncData(SharkSslCon *o); |
wini | 0:e0adec41ad6b | 1143 | |
wini | 0:e0adec41ad6b | 1144 | |
wini | 0:e0adec41ad6b | 1145 | /** This function is used in conjunction with state |
wini | 0:e0adec41ad6b | 1146 | SharkSslCon_Encrypted returned by function |
wini | 0:e0adec41ad6b | 1147 | #SharkSslCon_encrypt. |
wini | 0:e0adec41ad6b | 1148 | |
wini | 0:e0adec41ad6b | 1149 | The function returns the length of the encoded data that must be |
wini | 0:e0adec41ad6b | 1150 | sent to the peer side. |
wini | 0:e0adec41ad6b | 1151 | |
wini | 0:e0adec41ad6b | 1152 | See #SharkSslCon_Encrypted for example code. |
wini | 0:e0adec41ad6b | 1153 | |
wini | 0:e0adec41ad6b | 1154 | \sa SharkSslCon_getEncData and SharkSslCon_encryptMore |
wini | 0:e0adec41ad6b | 1155 | */ |
wini | 0:e0adec41ad6b | 1156 | U16 SharkSslCon_getEncDataLen(SharkSslCon *o); |
wini | 0:e0adec41ad6b | 1157 | |
wini | 0:e0adec41ad6b | 1158 | |
wini | 0:e0adec41ad6b | 1159 | /** This function is used in conjunction with #SharkSslCon_encrypt |
wini | 0:e0adec41ad6b | 1160 | when using the zero copy send API. |
wini | 0:e0adec41ad6b | 1161 | |
wini | 0:e0adec41ad6b | 1162 | \return a pointer to the internal SharkSslCon send buffer. |
wini | 0:e0adec41ad6b | 1163 | \sa SharkSslCon_getEncBufSize. |
wini | 0:e0adec41ad6b | 1164 | */ |
wini | 0:e0adec41ad6b | 1165 | U8 *SharkSslCon_getEncBufPtr(SharkSslCon *o); |
wini | 0:e0adec41ad6b | 1166 | |
wini | 0:e0adec41ad6b | 1167 | |
wini | 0:e0adec41ad6b | 1168 | /** Returns the length of the buffer returned by #SharkSslCon_getEncBufPtr |
wini | 0:e0adec41ad6b | 1169 | */ |
wini | 0:e0adec41ad6b | 1170 | U16 SharkSslCon_getEncBufSize(SharkSslCon *o); |
wini | 0:e0adec41ad6b | 1171 | |
wini | 0:e0adec41ad6b | 1172 | |
wini | 0:e0adec41ad6b | 1173 | /** This function is used in conjunction with state |
wini | 0:e0adec41ad6b | 1174 | #SharkSslCon_AlertSend returned by function #SharkSslCon_encrypt or |
wini | 0:e0adec41ad6b | 1175 | in conjunction with state #SharkSslCon_AlertRecv returned by |
wini | 0:e0adec41ad6b | 1176 | function #SharkSslCon_decrypt. |
wini | 0:e0adec41ad6b | 1177 | |
wini | 0:e0adec41ad6b | 1178 | \returns #SHARKSSL_ALERT_LEVEL_WARNING or #SHARKSSL_ALERT_LEVEL_FATAL |
wini | 0:e0adec41ad6b | 1179 | |
wini | 0:e0adec41ad6b | 1180 | \sa #SharkSslCon_getAlertDescription and #SharkSslCon_getAlertData |
wini | 0:e0adec41ad6b | 1181 | */ |
wini | 0:e0adec41ad6b | 1182 | U8 SharkSslCon_getAlertLevel(SharkSslCon *o); |
wini | 0:e0adec41ad6b | 1183 | |
wini | 0:e0adec41ad6b | 1184 | |
wini | 0:e0adec41ad6b | 1185 | /** This function is used in conjunction with state |
wini | 0:e0adec41ad6b | 1186 | #SharkSslCon_AlertSend returned by function #SharkSslCon_encrypt or |
wini | 0:e0adec41ad6b | 1187 | in conjunction with state #SharkSslCon_AlertRecv returned by |
wini | 0:e0adec41ad6b | 1188 | function #SharkSslCon_decrypt. |
wini | 0:e0adec41ad6b | 1189 | |
wini | 0:e0adec41ad6b | 1190 | returns the [SSL/TLS alert message](@ref SharkSslAlertMsg) |
wini | 0:e0adec41ad6b | 1191 | |
wini | 0:e0adec41ad6b | 1192 | \sa #SharkSslCon_getAlertLevel and #SharkSslCon_getAlertData |
wini | 0:e0adec41ad6b | 1193 | */ |
wini | 0:e0adec41ad6b | 1194 | U8 SharkSslCon_getAlertDescription(SharkSslCon *o); |
wini | 0:e0adec41ad6b | 1195 | |
wini | 0:e0adec41ad6b | 1196 | |
wini | 0:e0adec41ad6b | 1197 | /** This function is used in conjunction with state |
wini | 0:e0adec41ad6b | 1198 | #SharkSslCon_AlertSend returned by function |
wini | 0:e0adec41ad6b | 1199 | #SharkSslCon_encrypt. |
wini | 0:e0adec41ad6b | 1200 | |
wini | 0:e0adec41ad6b | 1201 | The function returns a pointer to the alert data that must be sent |
wini | 0:e0adec41ad6b | 1202 | to the peer side. |
wini | 0:e0adec41ad6b | 1203 | |
wini | 0:e0adec41ad6b | 1204 | \sa #SharkSslCon_getAlertDataLen |
wini | 0:e0adec41ad6b | 1205 | */ |
wini | 0:e0adec41ad6b | 1206 | #define SharkSslCon_getAlertData(o) SharkSslCon_getEncData(o) |
wini | 0:e0adec41ad6b | 1207 | |
wini | 0:e0adec41ad6b | 1208 | |
wini | 0:e0adec41ad6b | 1209 | /** This function is used in conjunction with state |
wini | 0:e0adec41ad6b | 1210 | #SharkSslCon_AlertSend returned by function |
wini | 0:e0adec41ad6b | 1211 | #SharkSslCon_encrypt. |
wini | 0:e0adec41ad6b | 1212 | |
wini | 0:e0adec41ad6b | 1213 | The function returns the length of the alert data that must be |
wini | 0:e0adec41ad6b | 1214 | sent to the peer side. |
wini | 0:e0adec41ad6b | 1215 | |
wini | 0:e0adec41ad6b | 1216 | \sa #SharkSslCon_getAlertData |
wini | 0:e0adec41ad6b | 1217 | */ |
wini | 0:e0adec41ad6b | 1218 | #define SharkSslCon_getAlertDataLen(o) SharkSslCon_getEncDataLen(o) |
wini | 0:e0adec41ad6b | 1219 | |
wini | 0:e0adec41ad6b | 1220 | /** @} */ /* end group SharkSslCoreApi */ |
wini | 0:e0adec41ad6b | 1221 | |
wini | 0:e0adec41ad6b | 1222 | #if SHARKSSL_ENABLE_INFO_API |
wini | 0:e0adec41ad6b | 1223 | |
wini | 0:e0adec41ad6b | 1224 | /** Returns the active session's [chiper suite](@ref Ciphersuites) |
wini | 0:e0adec41ad6b | 1225 | */ |
wini | 0:e0adec41ad6b | 1226 | SHARKSSL_API U16 SharkSslCon_getCiphersuite(SharkSslCon *o); |
wini | 0:e0adec41ad6b | 1227 | |
wini | 0:e0adec41ad6b | 1228 | /** Returns the active session's [protocol version](@ref SharkSslProtocol) |
wini | 0:e0adec41ad6b | 1229 | */ |
wini | 0:e0adec41ad6b | 1230 | SHARKSSL_API U8 SharkSslCon_getProtocol(SharkSslCon *o); |
wini | 0:e0adec41ad6b | 1231 | |
wini | 0:e0adec41ad6b | 1232 | #endif |
wini | 0:e0adec41ad6b | 1233 | |
wini | 0:e0adec41ad6b | 1234 | #if SHARKSSL_ENABLE_SNI |
wini | 0:e0adec41ad6b | 1235 | |
wini | 0:e0adec41ad6b | 1236 | #if SHARKSSL_SSL_CLIENT_CODE |
wini | 0:e0adec41ad6b | 1237 | /** set Server Name Indication for TLS client connections |
wini | 0:e0adec41ad6b | 1238 | */ |
wini | 0:e0adec41ad6b | 1239 | SHARKSSL_API U8 SharkSslCon_setSNI(SharkSslCon *o, const char *name, U16 length); |
wini | 0:e0adec41ad6b | 1240 | #endif |
wini | 0:e0adec41ad6b | 1241 | |
wini | 0:e0adec41ad6b | 1242 | #endif |
wini | 0:e0adec41ad6b | 1243 | |
wini | 0:e0adec41ad6b | 1244 | |
wini | 0:e0adec41ad6b | 1245 | #if (SHARKSSL_ENABLE_RSA || SHARKSSL_ENABLE_ECDSA) |
wini | 0:e0adec41ad6b | 1246 | #if (SHARKSSL_SSL_CLIENT_CODE && SHARKSSL_ENABLE_CLIENT_AUTH) |
wini | 0:e0adec41ad6b | 1247 | /** Returns TRUE if the server requested a certificate from the client |
wini | 0:e0adec41ad6b | 1248 | to verify that the client's identity (authentication) |
wini | 0:e0adec41ad6b | 1249 | */ |
wini | 0:e0adec41ad6b | 1250 | U8 SharkSslCon_certificateRequested(SharkSslCon *o); |
wini | 0:e0adec41ad6b | 1251 | #endif |
wini | 0:e0adec41ad6b | 1252 | |
wini | 0:e0adec41ad6b | 1253 | /** Returns the peer's certificate if the handshaking has |
wini | 0:e0adec41ad6b | 1254 | completed. The certificate is available at any time if the code is |
wini | 0:e0adec41ad6b | 1255 | compiled with #SHARKSSL_ENABLE_CLONE_CERTINFO enabled. The |
wini | 0:e0adec41ad6b | 1256 | certificate is only available when #SharkSslCon_decrypt returns the |
wini | 0:e0adec41ad6b | 1257 | state #SharkSslCon_Certificate if the certificate cloning code is |
wini | 0:e0adec41ad6b | 1258 | not enabled. |
wini | 0:e0adec41ad6b | 1259 | */ |
wini | 0:e0adec41ad6b | 1260 | SHARKSSL_API SharkSslCertInfo *SharkSslCon_getCertInfo(SharkSslCon *o); |
wini | 0:e0adec41ad6b | 1261 | |
wini | 0:e0adec41ad6b | 1262 | |
wini | 0:e0adec41ad6b | 1263 | /** Add a certificate to the SharkSsl object. A SharkSsl object in |
wini | 0:e0adec41ad6b | 1264 | [server mode](\ref #SharkSsl_Server) is required to have at least |
wini | 0:e0adec41ad6b | 1265 | one certificate. |
wini | 0:e0adec41ad6b | 1266 | |
wini | 0:e0adec41ad6b | 1267 | __Note:__ You must install the certificate(s) before using the |
wini | 0:e0adec41ad6b | 1268 | SharkSsl object -- i.e. before calling #SharkSsl_createCon. |
wini | 0:e0adec41ad6b | 1269 | |
wini | 0:e0adec41ad6b | 1270 | \returns TRUE on success or FALSE on error. The function |
wini | 0:e0adec41ad6b | 1271 | fails if you have existing connections in the SharkSsl object. |
wini | 0:e0adec41ad6b | 1272 | */ |
wini | 0:e0adec41ad6b | 1273 | SHARKSSL_API U8 SharkSsl_addCertificate(SharkSsl *o, SharkSslCert cert); |
wini | 0:e0adec41ad6b | 1274 | |
wini | 0:e0adec41ad6b | 1275 | #if SHARKSSL_ENABLE_CA_LIST |
wini | 0:e0adec41ad6b | 1276 | |
wini | 0:e0adec41ad6b | 1277 | /** Set a Certificate Authority (CA) list so the SharkSSL object can |
wini | 0:e0adec41ad6b | 1278 | permform certificate validation on the peer's certificate. |
wini | 0:e0adec41ad6b | 1279 | |
wini | 0:e0adec41ad6b | 1280 | \param o the SharkSsl object. |
wini | 0:e0adec41ad6b | 1281 | |
wini | 0:e0adec41ad6b | 1282 | \param caList list created by calling #SharkSslCertStore_assemble |
wini | 0:e0adec41ad6b | 1283 | or by using the command line tool |
wini | 0:e0adec41ad6b | 1284 | [SharkSSLParseCAList](\ref SharkSSLParseCAList) |
wini | 0:e0adec41ad6b | 1285 | |
wini | 0:e0adec41ad6b | 1286 | __Note:__ You can only set one CA list, thus the CA list must |
wini | 0:e0adec41ad6b | 1287 | include all root certificates required for your system. |
wini | 0:e0adec41ad6b | 1288 | |
wini | 0:e0adec41ad6b | 1289 | The example program certcheck.c includes code that shows how to |
wini | 0:e0adec41ad6b | 1290 | perform complete certificate validation of the connected servers. |
wini | 0:e0adec41ad6b | 1291 | |
wini | 0:e0adec41ad6b | 1292 | \return TRUE if the CA list was successfully installed or FALSE if |
wini | 0:e0adec41ad6b | 1293 | another CA list has previously been installed. |
wini | 0:e0adec41ad6b | 1294 | |
wini | 0:e0adec41ad6b | 1295 | \sa #SharkSslCAList and SharkSslCon_trusted. |
wini | 0:e0adec41ad6b | 1296 | */ |
wini | 0:e0adec41ad6b | 1297 | SHARKSSL_API U8 SharkSsl_setCAList(SharkSsl *o, SharkSslCAList caList); |
wini | 0:e0adec41ad6b | 1298 | |
wini | 0:e0adec41ad6b | 1299 | /** Returns TRUE if the certificate is valid and is signed with a root |
wini | 0:e0adec41ad6b | 1300 | certificate trusted by SharkSSL. Root certificates can optionally |
wini | 0:e0adec41ad6b | 1301 | be installed with parameter #SharkSslCAList when calling |
wini | 0:e0adec41ad6b | 1302 | #SharkSsl_constructor. |
wini | 0:e0adec41ad6b | 1303 | |
wini | 0:e0adec41ad6b | 1304 | Note, the function only validates the certificate. You must |
wini | 0:e0adec41ad6b | 1305 | typically also validate the domain name. Function |
wini | 0:e0adec41ad6b | 1306 | #SharkSslCon_trusted extends the certificate validation and also |
wini | 0:e0adec41ad6b | 1307 | includes domain name validation. |
wini | 0:e0adec41ad6b | 1308 | |
wini | 0:e0adec41ad6b | 1309 | \sa SharkSslCon_trusted |
wini | 0:e0adec41ad6b | 1310 | */ |
wini | 0:e0adec41ad6b | 1311 | SHARKSSL_API U8 SharkSslCon_trustedCA(SharkSslCon *o); |
wini | 0:e0adec41ad6b | 1312 | |
wini | 0:e0adec41ad6b | 1313 | U8 SharkSslCon_isCAListEmpty(SharkSslCon *o); |
wini | 0:e0adec41ad6b | 1314 | #endif /* SHARKSSL_ENABLE_CA_LIST */ |
wini | 0:e0adec41ad6b | 1315 | |
wini | 0:e0adec41ad6b | 1316 | #if (SHARKSSL_SSL_SERVER_CODE && SHARKSSL_ENABLE_RSA) |
wini | 0:e0adec41ad6b | 1317 | /** Description to be added. |
wini | 0:e0adec41ad6b | 1318 | */ |
wini | 0:e0adec41ad6b | 1319 | |
wini | 0:e0adec41ad6b | 1320 | /* to be used as 'flag' param */ |
wini | 0:e0adec41ad6b | 1321 | #define SHARKSSL_SET_FAVOR_RSA 1 |
wini | 0:e0adec41ad6b | 1322 | #define SHARKSSL_CLEAR_FAVOR_RSA 0 |
wini | 0:e0adec41ad6b | 1323 | |
wini | 0:e0adec41ad6b | 1324 | /** A SharkSSL server can have multiple certificates, such as RSA |
wini | 0:e0adec41ad6b | 1325 | certificates with various strengths, and Elliptic Curve |
wini | 0:e0adec41ad6b | 1326 | Certificates (ECC). A SharkSSL server connection will select the |
wini | 0:e0adec41ad6b | 1327 | strongest cipher combination supported by the server and the |
wini | 0:e0adec41ad6b | 1328 | client. In general, the ECC certificate will be preferred by the |
wini | 0:e0adec41ad6b | 1329 | server connection, if supported by the client. Most browsers today |
wini | 0:e0adec41ad6b | 1330 | support ECC, however, Certificate Authorities do not typically |
wini | 0:e0adec41ad6b | 1331 | support ECC. |
wini | 0:e0adec41ad6b | 1332 | |
wini | 0:e0adec41ad6b | 1333 | The purpose with function SharkSslCon_favorRSA is to favor RSA |
wini | 0:e0adec41ad6b | 1334 | certificates over ECC when a client such as browser supports both |
wini | 0:e0adec41ad6b | 1335 | ECC and RSA. An M2M device can then force the use of ECC by |
wini | 0:e0adec41ad6b | 1336 | calling function SharkSslCon_selectCiphersuite, or at compile time |
wini | 0:e0adec41ad6b | 1337 | by removing RSA support. This enables devices to use ECC, with |
wini | 0:e0adec41ad6b | 1338 | self signed Certificate Authority certificates and browsers to use |
wini | 0:e0adec41ad6b | 1339 | RSA certificates signed by well known Certificate Authorities. |
wini | 0:e0adec41ad6b | 1340 | */ |
wini | 0:e0adec41ad6b | 1341 | U8 SharkSslCon_favorRSA(SharkSslCon *o, U8 flag); |
wini | 0:e0adec41ad6b | 1342 | #endif /* SHARKSSL_SSL_SERVER_CODE */ |
wini | 0:e0adec41ad6b | 1343 | #endif /* SHARKSSL_ENABLE_RSA || SHARKSSL_ENABLE_ECDSA */ |
wini | 0:e0adec41ad6b | 1344 | |
wini | 0:e0adec41ad6b | 1345 | #if SHARKSSL_ENABLE_PSK |
wini | 0:e0adec41ad6b | 1346 | /** To be documented |
wini | 0:e0adec41ad6b | 1347 | */ |
wini | 0:e0adec41ad6b | 1348 | SHARKSSL_API U8 SharkSsl_setPSKTable(SharkSsl *o, SharkSslPSKTable tablePSK); |
wini | 0:e0adec41ad6b | 1349 | #endif /* SHARKSSL_ENABLE_PSK */ |
wini | 0:e0adec41ad6b | 1350 | |
wini | 0:e0adec41ad6b | 1351 | #if SHARKSSL_SSL_CLIENT_CODE |
wini | 0:e0adec41ad6b | 1352 | U8 SharkSslCon_selectProtocol(SharkSslCon *o, U8 protocol); |
wini | 0:e0adec41ad6b | 1353 | #endif |
wini | 0:e0adec41ad6b | 1354 | |
wini | 0:e0adec41ad6b | 1355 | /** @addtogroup SharkSslSessionApi |
wini | 0:e0adec41ad6b | 1356 | @{ |
wini | 0:e0adec41ad6b | 1357 | */ |
wini | 0:e0adec41ad6b | 1358 | |
wini | 0:e0adec41ad6b | 1359 | #if SHARKSSL_ENABLE_SESSION_CACHE |
wini | 0:e0adec41ad6b | 1360 | |
wini | 0:e0adec41ad6b | 1361 | /** Release a session created by function #SharkSslCon_acquireSession. |
wini | 0:e0adec41ad6b | 1362 | */ |
wini | 0:e0adec41ad6b | 1363 | SHARKSSL_API U8 SharkSslSession_release(SharkSslSession *o, SharkSsl *s); |
wini | 0:e0adec41ad6b | 1364 | |
wini | 0:e0adec41ad6b | 1365 | #if SHARKSSL_SSL_SERVER_CODE |
wini | 0:e0adec41ad6b | 1366 | /** experimental |
wini | 0:e0adec41ad6b | 1367 | */ |
wini | 0:e0adec41ad6b | 1368 | SHARKSSL_API U8 SharkSslCon_releaseSession(SharkSslCon *o); |
wini | 0:e0adec41ad6b | 1369 | #endif |
wini | 0:e0adec41ad6b | 1370 | |
wini | 0:e0adec41ad6b | 1371 | #if SHARKSSL_SSL_CLIENT_CODE |
wini | 0:e0adec41ad6b | 1372 | |
wini | 0:e0adec41ad6b | 1373 | /** Request a SharkSslSession object from the client's session pool. |
wini | 0:e0adec41ad6b | 1374 | |
wini | 0:e0adec41ad6b | 1375 | \returns a SharkSslSession object on success or NULL if the |
wini | 0:e0adec41ad6b | 1376 | session cache pool is exhausted. See parameter 'cacheSize' in |
wini | 0:e0adec41ad6b | 1377 | function SharkSsl_constructor for more information on the cache |
wini | 0:e0adec41ad6b | 1378 | size. |
wini | 0:e0adec41ad6b | 1379 | */ |
wini | 0:e0adec41ad6b | 1380 | SHARKSSL_API SharkSslSession *SharkSslCon_acquireSession(SharkSslCon *o); |
wini | 0:e0adec41ad6b | 1381 | |
wini | 0:e0adec41ad6b | 1382 | |
wini | 0:e0adec41ad6b | 1383 | /** Resume an existing session. |
wini | 0:e0adec41ad6b | 1384 | \param o the SharkSslCon object. |
wini | 0:e0adec41ad6b | 1385 | \param s a session object created by function #SharkSslCon_acquireSession. |
wini | 0:e0adec41ad6b | 1386 | |
wini | 0:e0adec41ad6b | 1387 | \returns TRUE on success or FALSE if the session cannot be resumed. |
wini | 0:e0adec41ad6b | 1388 | */ |
wini | 0:e0adec41ad6b | 1389 | SHARKSSL_API U8 SharkSslCon_resumeSession(SharkSslCon *o, SharkSslSession *s); |
wini | 0:e0adec41ad6b | 1390 | |
wini | 0:e0adec41ad6b | 1391 | /** Returns the last time the session was accessed. Delta time can be |
wini | 0:e0adec41ad6b | 1392 | calculated as follows: baGetUnixTime() - |
wini | 0:e0adec41ad6b | 1393 | SharkSslSession_getLatestAccessTime(ss); |
wini | 0:e0adec41ad6b | 1394 | */ |
wini | 0:e0adec41ad6b | 1395 | SHARKSSL_API U32 SharkSslSession_getLatestAccessTime(SharkSslSession *o); |
wini | 0:e0adec41ad6b | 1396 | #endif |
wini | 0:e0adec41ad6b | 1397 | #endif |
wini | 0:e0adec41ad6b | 1398 | |
wini | 0:e0adec41ad6b | 1399 | /** @} */ /* end group SharkSslSessionApi */ |
wini | 0:e0adec41ad6b | 1400 | |
wini | 0:e0adec41ad6b | 1401 | #if (SHARKSSL_SSL_SERVER_CODE && SHARKSSL_ENABLE_CLIENT_AUTH && \ |
wini | 0:e0adec41ad6b | 1402 | (SHARKSSL_ENABLE_RSA || SHARKSSL_ENABLE_ECDSA)) |
wini | 0:e0adec41ad6b | 1403 | /** This function is used by server solutions that require client SSL |
wini | 0:e0adec41ad6b | 1404 | certificate authentication. For example, it can be used by an |
wini | 0:e0adec41ad6b | 1405 | HTTPS server that requires the client to authenticate using a |
wini | 0:e0adec41ad6b | 1406 | certificate signed with a Certificate Authority (CA) known to the |
wini | 0:e0adec41ad6b | 1407 | server. The second parameter, caList specifies one or several CA |
wini | 0:e0adec41ad6b | 1408 | certificates the server uses when validating the client |
wini | 0:e0adec41ad6b | 1409 | certificate. |
wini | 0:e0adec41ad6b | 1410 | |
wini | 0:e0adec41ad6b | 1411 | The function must be called before the initial handshake has |
wini | 0:e0adec41ad6b | 1412 | started or just after calling SharkSslCon_renegotiate. Calling |
wini | 0:e0adec41ad6b | 1413 | SharkSslCon_requestClientCert after #SharkSslCon_renegotiate |
wini | 0:e0adec41ad6b | 1414 | enables an existing session to request client authentication at a |
wini | 0:e0adec41ad6b | 1415 | later stage. For example, a server may require that the client |
wini | 0:e0adec41ad6b | 1416 | authenticates when the user navigates to a protected web page. |
wini | 0:e0adec41ad6b | 1417 | |
wini | 0:e0adec41ad6b | 1418 | \param o the SharkSslCon object returned by function #SharkSsl_createCon. |
wini | 0:e0adec41ad6b | 1419 | |
wini | 0:e0adec41ad6b | 1420 | \param caList the SharkSSL CA list is in a binary format optimized |
wini | 0:e0adec41ad6b | 1421 | for speed and size. The list can be created by calling |
wini | 0:e0adec41ad6b | 1422 | #SharkSslCertStore_assemble or by using the command line tool |
wini | 0:e0adec41ad6b | 1423 | [SharkSSLParseCAList](\ref SharkSSLParseCAList). The client is |
wini | 0:e0adec41ad6b | 1424 | then requested to provide an SSL certificate and this certificate |
wini | 0:e0adec41ad6b | 1425 | must be signed using one of the CA certificates provided in the |
wini | 0:e0adec41ad6b | 1426 | caList. The SSL handshake or rehandshake fails if the client's |
wini | 0:e0adec41ad6b | 1427 | certificate is not trusted or not signed with a known CA |
wini | 0:e0adec41ad6b | 1428 | certificate. |
wini | 0:e0adec41ad6b | 1429 | |
wini | 0:e0adec41ad6b | 1430 | \return TRUE (1) if the request is accepted. Returns FALSE (0) if |
wini | 0:e0adec41ad6b | 1431 | the SharkSSL connection is already going through or done with a |
wini | 0:e0adec41ad6b | 1432 | handshaking phase. |
wini | 0:e0adec41ad6b | 1433 | */ |
wini | 0:e0adec41ad6b | 1434 | SHARKSSL_API U8 SharkSslCon_requestClientCert( |
wini | 0:e0adec41ad6b | 1435 | SharkSslCon *o, const void *caList); |
wini | 0:e0adec41ad6b | 1436 | #endif |
wini | 0:e0adec41ad6b | 1437 | |
wini | 0:e0adec41ad6b | 1438 | #if ((SHARKSSL_SSL_SERVER_CODE || SHARKSSL_SSL_CLIENT_CODE) && \ |
wini | 0:e0adec41ad6b | 1439 | SHARKSSL_ENABLE_SELECT_CIPHERSUITE) |
wini | 0:e0adec41ad6b | 1440 | /** |
wini | 0:e0adec41ad6b | 1441 | This function enables you to limit the number of ciphers at |
wini | 0:e0adec41ad6b | 1442 | runtime. Cipher suites can be enabled/disabled at compile time, but |
wini | 0:e0adec41ad6b | 1443 | your application may require that you also allow only specific ciphers |
wini | 0:e0adec41ad6b | 1444 | at runtime. By default, all ciphers enabled at compile time can be |
wini | 0:e0adec41ad6b | 1445 | used by SharkSSL. Calling this function disables the use of all |
wini | 0:e0adec41ad6b | 1446 | ciphers except the selected cipher. You can call this function up to N |
wini | 0:e0adec41ad6b | 1447 | times and re-enable N ciphers. N is by default set to 8 at compile |
wini | 0:e0adec41ad6b | 1448 | time. You can change the N value by setting macro |
wini | 0:e0adec41ad6b | 1449 | #SHARKSSL_SELECT_CIPHERSUITE_LIST_DEPTH. |
wini | 0:e0adec41ad6b | 1450 | |
wini | 0:e0adec41ad6b | 1451 | The function must be called before the initial handshake has completed |
wini | 0:e0adec41ad6b | 1452 | or just after calling SharkSslCon_renegotiate. Calling |
wini | 0:e0adec41ad6b | 1453 | SharkSslCon_selectCiphersuite and then #SharkSslCon_renegotiate |
wini | 0:e0adec41ad6b | 1454 | enables an existing session to change cipher. |
wini | 0:e0adec41ad6b | 1455 | |
wini | 0:e0adec41ad6b | 1456 | <b>Example:</b><br> |
wini | 0:e0adec41ad6b | 1457 | SharkSslCon_selectCiphersuite(myCon, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384) |
wini | 0:e0adec41ad6b | 1458 | |
wini | 0:e0adec41ad6b | 1459 | \param o the SharkSslCon object returned by function #SharkSsl_createCon. |
wini | 0:e0adec41ad6b | 1460 | |
wini | 0:e0adec41ad6b | 1461 | \param cipherSuite is one of the [supported ciphers](\ref SharkSslCiphers) |
wini | 0:e0adec41ad6b | 1462 | enabled at compile time. |
wini | 0:e0adec41ad6b | 1463 | |
wini | 0:e0adec41ad6b | 1464 | \return TRUE (1) if the request is accepted. Returns FALSE (0) if the |
wini | 0:e0adec41ad6b | 1465 | SharkSSL connection is currently in the handshaking phase, if the |
wini | 0:e0adec41ad6b | 1466 | selected cipher was not enabled at compile time, or if called more |
wini | 0:e0adec41ad6b | 1467 | than N times. |
wini | 0:e0adec41ad6b | 1468 | */ |
wini | 0:e0adec41ad6b | 1469 | SHARKSSL_API U8 SharkSslCon_selectCiphersuite(SharkSslCon *o, U16 cipherSuite); |
wini | 0:e0adec41ad6b | 1470 | |
wini | 0:e0adec41ad6b | 1471 | /** Clears the selection, thus enabling all ciphers. |
wini | 0:e0adec41ad6b | 1472 | */ |
wini | 0:e0adec41ad6b | 1473 | SHARKSSL_API U8 SharkSslCon_clearCiphersuiteSelection(SharkSslCon *o); |
wini | 0:e0adec41ad6b | 1474 | #endif |
wini | 0:e0adec41ad6b | 1475 | |
wini | 0:e0adec41ad6b | 1476 | #if (SHARKSSL_SSL_SERVER_CODE && SHARKSSL_ENABLE_SECURE_RENEGOTIATION) |
wini | 0:e0adec41ad6b | 1477 | /** This function enables you to renegotiate an already established |
wini | 0:e0adec41ad6b | 1478 | SSL/TLS connection. Renegotiation is also known as |
wini | 0:e0adec41ad6b | 1479 | rehandshake. The function informs the SharkSSL state machine for |
wini | 0:e0adec41ad6b | 1480 | the active connection that you wish to renegotiate the |
wini | 0:e0adec41ad6b | 1481 | connection. The actual renegotiation is initiated and performed |
wini | 0:e0adec41ad6b | 1482 | the next time you call #SharkSslCon_decrypt. |
wini | 0:e0adec41ad6b | 1483 | |
wini | 0:e0adec41ad6b | 1484 | The function is typically used in combination with |
wini | 0:e0adec41ad6b | 1485 | #SharkSslCon_requestClientCert, when requesting client SSL |
wini | 0:e0adec41ad6b | 1486 | certificate authentication on an existing connection. The function |
wini | 0:e0adec41ad6b | 1487 | can also be used in combination with |
wini | 0:e0adec41ad6b | 1488 | #SharkSslCon_selectCiphersuite, to force a change in the cipher |
wini | 0:e0adec41ad6b | 1489 | being used. |
wini | 0:e0adec41ad6b | 1490 | |
wini | 0:e0adec41ad6b | 1491 | \param o the SharkSslCon object returned by function #SharkSsl_createCon. |
wini | 0:e0adec41ad6b | 1492 | |
wini | 0:e0adec41ad6b | 1493 | \return TRUE (1) if the request is accepted. Returns FALSE (0) if |
wini | 0:e0adec41ad6b | 1494 | the SharkSSL connection is currently in the handshaking phase. |
wini | 0:e0adec41ad6b | 1495 | */ |
wini | 0:e0adec41ad6b | 1496 | SHARKSSL_API U8 SharkSslCon_renegotiate(SharkSslCon *o); |
wini | 0:e0adec41ad6b | 1497 | #endif |
wini | 0:e0adec41ad6b | 1498 | |
wini | 0:e0adec41ad6b | 1499 | /** @} */ /* end group SharkSslApi */ |
wini | 0:e0adec41ad6b | 1500 | |
wini | 0:e0adec41ad6b | 1501 | |
wini | 0:e0adec41ad6b | 1502 | #if SHARKSSL_ENABLE_PEM_API |
wini | 0:e0adec41ad6b | 1503 | /** @addtogroup RayCryptoApi |
wini | 0:e0adec41ad6b | 1504 | @{ |
wini | 0:e0adec41ad6b | 1505 | */ |
wini | 0:e0adec41ad6b | 1506 | |
wini | 0:e0adec41ad6b | 1507 | |
wini | 0:e0adec41ad6b | 1508 | /** Return values from function #sharkssl_PEM |
wini | 0:e0adec41ad6b | 1509 | */ |
wini | 0:e0adec41ad6b | 1510 | typedef enum |
wini | 0:e0adec41ad6b | 1511 | { |
wini | 0:e0adec41ad6b | 1512 | /** OK */ |
wini | 0:e0adec41ad6b | 1513 | SHARKSSL_PEM_OK = 0, |
wini | 0:e0adec41ad6b | 1514 | |
wini | 0:e0adec41ad6b | 1515 | /** OK_PUBLIC */ |
wini | 0:e0adec41ad6b | 1516 | SHARKSSL_PEM_OK_PUBLIC = 1, |
wini | 0:e0adec41ad6b | 1517 | |
wini | 0:e0adec41ad6b | 1518 | /** ALLOCATION_ERROR */ |
wini | 0:e0adec41ad6b | 1519 | SHARKSSL_PEM_ALLOCATION_ERROR = - 3000, |
wini | 0:e0adec41ad6b | 1520 | |
wini | 0:e0adec41ad6b | 1521 | /** KEY_PARSE_ERROR */ |
wini | 0:e0adec41ad6b | 1522 | SHARKSSL_PEM_KEY_PARSE_ERROR, |
wini | 0:e0adec41ad6b | 1523 | |
wini | 0:e0adec41ad6b | 1524 | /** KEY_WRONG_IV */ |
wini | 0:e0adec41ad6b | 1525 | SHARKSSL_PEM_KEY_WRONG_IV, |
wini | 0:e0adec41ad6b | 1526 | |
wini | 0:e0adec41ad6b | 1527 | /** KEY_WRONG_LENGTH */ |
wini | 0:e0adec41ad6b | 1528 | SHARKSSL_PEM_KEY_WRONG_LENGTH, |
wini | 0:e0adec41ad6b | 1529 | |
wini | 0:e0adec41ad6b | 1530 | /** KEY_PASSPHRASE_REQUIRED */ |
wini | 0:e0adec41ad6b | 1531 | SHARKSSL_PEM_KEY_PASSPHRASE_REQUIRED, |
wini | 0:e0adec41ad6b | 1532 | |
wini | 0:e0adec41ad6b | 1533 | /** KEY_UNRECOGNIZED_FORMAT */ |
wini | 0:e0adec41ad6b | 1534 | SHARKSSL_PEM_KEY_UNRECOGNIZED_FORMAT, |
wini | 0:e0adec41ad6b | 1535 | |
wini | 0:e0adec41ad6b | 1536 | /** KEY_UNSUPPORTED_FORMAT */ |
wini | 0:e0adec41ad6b | 1537 | SHARKSSL_PEM_KEY_UNSUPPORTED_FORMAT, |
wini | 0:e0adec41ad6b | 1538 | |
wini | 0:e0adec41ad6b | 1539 | /** KEY_UNSUPPORTED_MODULUS_LENGTH */ |
wini | 0:e0adec41ad6b | 1540 | SHARKSSL_PEM_KEY_UNSUPPORTED_MODULUS_LENGTH, |
wini | 0:e0adec41ad6b | 1541 | |
wini | 0:e0adec41ad6b | 1542 | /** KEY_UNSUPPORTED_ENCRYPTION_TYPE */ |
wini | 0:e0adec41ad6b | 1543 | SHARKSSL_PEM_KEY_UNSUPPORTED_ENCRYPTION_TYPE, |
wini | 0:e0adec41ad6b | 1544 | |
wini | 0:e0adec41ad6b | 1545 | /** KEY_CERT_MISMATCH */ |
wini | 0:e0adec41ad6b | 1546 | SHARKSSL_PEM_KEY_CERT_MISMATCH, |
wini | 0:e0adec41ad6b | 1547 | |
wini | 0:e0adec41ad6b | 1548 | /** CERT_UNRECOGNIZED_FORMAT */ |
wini | 0:e0adec41ad6b | 1549 | SHARKSSL_PEM_CERT_UNRECOGNIZED_FORMAT, |
wini | 0:e0adec41ad6b | 1550 | |
wini | 0:e0adec41ad6b | 1551 | /** CERT_UNSUPPORTED_TYPE */ |
wini | 0:e0adec41ad6b | 1552 | SHARKSSL_PEM_CERT_UNSUPPORTED_TYPE, |
wini | 0:e0adec41ad6b | 1553 | |
wini | 0:e0adec41ad6b | 1554 | /** KEY_UNSUPPORTED_VERSION */ |
wini | 0:e0adec41ad6b | 1555 | SHARKSSL_PEM_KEY_UNSUPPORTED_VERSION, |
wini | 0:e0adec41ad6b | 1556 | |
wini | 0:e0adec41ad6b | 1557 | /** INTERNAL ERROR */ |
wini | 0:e0adec41ad6b | 1558 | SHARKSSL_PEM_INTERNAL_ERROR |
wini | 0:e0adec41ad6b | 1559 | } sharkssl_PEM_RetVal; |
wini | 0:e0adec41ad6b | 1560 | |
wini | 0:e0adec41ad6b | 1561 | |
wini | 0:e0adec41ad6b | 1562 | /** fixme doc |
wini | 0:e0adec41ad6b | 1563 | */ |
wini | 0:e0adec41ad6b | 1564 | SHARKSSL_API sharkssl_PEM_RetVal sharkssl_PEM( |
wini | 0:e0adec41ad6b | 1565 | const char *certPEM, const char *keyPEM, |
wini | 0:e0adec41ad6b | 1566 | const char *passphrase, SharkSslCert *sharkSslCert); |
wini | 0:e0adec41ad6b | 1567 | |
wini | 0:e0adec41ad6b | 1568 | /** @} */ /* end group RayCryptoApi */ |
wini | 0:e0adec41ad6b | 1569 | #endif |
wini | 0:e0adec41ad6b | 1570 | |
wini | 0:e0adec41ad6b | 1571 | #if SHARKSSL_ENABLE_RSA |
wini | 0:e0adec41ad6b | 1572 | |
wini | 0:e0adec41ad6b | 1573 | /** \addtogroup SharkSslInfoAndCodes |
wini | 0:e0adec41ad6b | 1574 | @{ |
wini | 0:e0adec41ad6b | 1575 | */ |
wini | 0:e0adec41ad6b | 1576 | |
wini | 0:e0adec41ad6b | 1577 | /** SHARKSSL_RSA_NO_PADDING for raw RSA encryption (insecure). |
wini | 0:e0adec41ad6b | 1578 | */ |
wini | 0:e0adec41ad6b | 1579 | #define SHARKSSL_RSA_NO_PADDING 0 |
wini | 0:e0adec41ad6b | 1580 | |
wini | 0:e0adec41ad6b | 1581 | |
wini | 0:e0adec41ad6b | 1582 | /** SHARKSSL_RSA_PKCS1_PADDING for |
wini | 0:e0adec41ad6b | 1583 | [PKCS #1 v1.5](http://tools.ietf.org/html/rfc2313). |
wini | 0:e0adec41ad6b | 1584 | */ |
wini | 0:e0adec41ad6b | 1585 | #define SHARKSSL_RSA_PKCS1_PADDING 1 |
wini | 0:e0adec41ad6b | 1586 | |
wini | 0:e0adec41ad6b | 1587 | |
wini | 0:e0adec41ad6b | 1588 | /** Return values from functions #sharkssl_RSA_public_encrypt, |
wini | 0:e0adec41ad6b | 1589 | #sharkssl_RSA_private_decrypt, #sharkssl_RSA_public_decrypt, |
wini | 0:e0adec41ad6b | 1590 | #sharkssl_RSA_private_encrypt |
wini | 0:e0adec41ad6b | 1591 | */ |
wini | 0:e0adec41ad6b | 1592 | typedef enum |
wini | 0:e0adec41ad6b | 1593 | { |
wini | 0:e0adec41ad6b | 1594 | /** OK */ |
wini | 0:e0adec41ad6b | 1595 | SHARKSSL_RSA_OK = 0, |
wini | 0:e0adec41ad6b | 1596 | |
wini | 0:e0adec41ad6b | 1597 | /** ALLOCATION_ERROR */ |
wini | 0:e0adec41ad6b | 1598 | SHARKSSL_RSA_ALLOCATION_ERROR = -3000, |
wini | 0:e0adec41ad6b | 1599 | |
wini | 0:e0adec41ad6b | 1600 | /** INTERNAL_ERROR */ |
wini | 0:e0adec41ad6b | 1601 | SHARKSSL_RSA_INTERNAL_ERROR = -3100, |
wini | 0:e0adec41ad6b | 1602 | |
wini | 0:e0adec41ad6b | 1603 | /** WRONG_PARAMETERS */ |
wini | 0:e0adec41ad6b | 1604 | SHARKSSL_RSA_WRONG_PARAMETERS, |
wini | 0:e0adec41ad6b | 1605 | |
wini | 0:e0adec41ad6b | 1606 | /** WRONG_KEY_FORMAT */ |
wini | 0:e0adec41ad6b | 1607 | SHARKSSL_RSA_WRONG_KEY_FORMAT, |
wini | 0:e0adec41ad6b | 1608 | |
wini | 0:e0adec41ad6b | 1609 | /** WRONG_KEY_LENGTH */ |
wini | 0:e0adec41ad6b | 1610 | SHARKSSL_RSA_WRONG_KEY_LENGTH, |
wini | 0:e0adec41ad6b | 1611 | |
wini | 0:e0adec41ad6b | 1612 | /** INPUT_DATA_LENGTH_TOO_BIG */ |
wini | 0:e0adec41ad6b | 1613 | SHARKSSL_RSA_INPUT_DATA_LENGTH_TOO_BIG, |
wini | 0:e0adec41ad6b | 1614 | |
wini | 0:e0adec41ad6b | 1615 | /** INPUT_DATA_LENGTH_AND_KEY_LENGTH_MISMATCH */ |
wini | 0:e0adec41ad6b | 1616 | SHARKSSL_RSA_INPUT_DATA_LENGTH_AND_KEY_LENGTH_MISMATCH, |
wini | 0:e0adec41ad6b | 1617 | |
wini | 0:e0adec41ad6b | 1618 | /** PKCS1_PADDING_ERROR */ |
wini | 0:e0adec41ad6b | 1619 | SHARKSSL_RSA_PKCS1_PADDING_ERROR |
wini | 0:e0adec41ad6b | 1620 | } sharkssl_RSA_RetVal; |
wini | 0:e0adec41ad6b | 1621 | #endif |
wini | 0:e0adec41ad6b | 1622 | |
wini | 0:e0adec41ad6b | 1623 | /** @} */ /* end group SharkSslInfoAndCodes */ |
wini | 0:e0adec41ad6b | 1624 | |
wini | 0:e0adec41ad6b | 1625 | #if SHARKSSL_ENABLE_RSA_API |
wini | 0:e0adec41ad6b | 1626 | |
wini | 0:e0adec41ad6b | 1627 | /** \defgroup RSA RSA encrypt/decrypt functions |
wini | 0:e0adec41ad6b | 1628 | \ingroup RayCryptoApi |
wini | 0:e0adec41ad6b | 1629 | |
wini | 0:e0adec41ad6b | 1630 | @{ |
wini | 0:e0adec41ad6b | 1631 | */ |
wini | 0:e0adec41ad6b | 1632 | |
wini | 0:e0adec41ad6b | 1633 | /** SharkSslRSAKey is an alias for the #SharkSslCert type and is a |
wini | 0:e0adec41ad6b | 1634 | private/public key converted by sharkssl_PEM_to_RSAKey or the |
wini | 0:e0adec41ad6b | 1635 | command line tool [SharkSslParseKey](\ref SharkSslParseKey). |
wini | 0:e0adec41ad6b | 1636 | */ |
wini | 0:e0adec41ad6b | 1637 | typedef U8* SharkSslRSAKey; |
wini | 0:e0adec41ad6b | 1638 | |
wini | 0:e0adec41ad6b | 1639 | #if SHARKSSL_ENABLE_PEM_API |
wini | 0:e0adec41ad6b | 1640 | /** Convert an RSA private or public key in PEM format to the |
wini | 0:e0adec41ad6b | 1641 | #SharkSslRSAKey format. |
wini | 0:e0adec41ad6b | 1642 | |
wini | 0:e0adec41ad6b | 1643 | Note: the converted value must be released by calling |
wini | 0:e0adec41ad6b | 1644 | SharkSslRSAKey_free, when no longer needed. |
wini | 0:e0adec41ad6b | 1645 | |
wini | 0:e0adec41ad6b | 1646 | example: |
wini | 0:e0adec41ad6b | 1647 | \code |
wini | 0:e0adec41ad6b | 1648 | { |
wini | 0:e0adec41ad6b | 1649 | SharkSslRSAKey RSAKey; |
wini | 0:e0adec41ad6b | 1650 | ... |
wini | 0:e0adec41ad6b | 1651 | RSAKey = sharksslPEM_to_RSAKey(key, pass); |
wini | 0:e0adec41ad6b | 1652 | if (RSAKey) |
wini | 0:e0adec41ad6b | 1653 | { |
wini | 0:e0adec41ad6b | 1654 | ... |
wini | 0:e0adec41ad6b | 1655 | void SharkSslRSAKey_free(RSAKey); |
wini | 0:e0adec41ad6b | 1656 | } |
wini | 0:e0adec41ad6b | 1657 | } |
wini | 0:e0adec41ad6b | 1658 | \endcode |
wini | 0:e0adec41ad6b | 1659 | |
wini | 0:e0adec41ad6b | 1660 | \return the private/public key in #SharkSslRSAKey format or NULL if |
wini | 0:e0adec41ad6b | 1661 | the conversion fails. |
wini | 0:e0adec41ad6b | 1662 | */ |
wini | 0:e0adec41ad6b | 1663 | SHARKSSL_API SharkSslRSAKey sharkssl_PEM_to_RSAKey( |
wini | 0:e0adec41ad6b | 1664 | const char *PEMKey, const char *passphrase); |
wini | 0:e0adec41ad6b | 1665 | |
wini | 0:e0adec41ad6b | 1666 | /** Extract the public key form a certificate in PEM format |
wini | 0:e0adec41ad6b | 1667 | |
wini | 0:e0adec41ad6b | 1668 | Note: the converted value must be released by calling |
wini | 0:e0adec41ad6b | 1669 | SharkSslRSAKey_free, when no longer needed. |
wini | 0:e0adec41ad6b | 1670 | |
wini | 0:e0adec41ad6b | 1671 | example: |
wini | 0:e0adec41ad6b | 1672 | \code |
wini | 0:e0adec41ad6b | 1673 | { |
wini | 0:e0adec41ad6b | 1674 | SharkSslRSAKey RSAKey; |
wini | 0:e0adec41ad6b | 1675 | ... |
wini | 0:e0adec41ad6b | 1676 | RSAKey = sharkssl_PEM_extractPublicKey(cert); |
wini | 0:e0adec41ad6b | 1677 | if (RSAKey) |
wini | 0:e0adec41ad6b | 1678 | { |
wini | 0:e0adec41ad6b | 1679 | ... |
wini | 0:e0adec41ad6b | 1680 | void SharkSslRSAKey_free(RSAKey); |
wini | 0:e0adec41ad6b | 1681 | } |
wini | 0:e0adec41ad6b | 1682 | } |
wini | 0:e0adec41ad6b | 1683 | \endcode |
wini | 0:e0adec41ad6b | 1684 | |
wini | 0:e0adec41ad6b | 1685 | \return the certificate's public key in #SharkSslRSAKey format |
wini | 0:e0adec41ad6b | 1686 | or NULL if the conversion fails. |
wini | 0:e0adec41ad6b | 1687 | |
wini | 0:e0adec41ad6b | 1688 | */ |
wini | 0:e0adec41ad6b | 1689 | SHARKSSL_API SharkSslRSAKey |
wini | 0:e0adec41ad6b | 1690 | sharkssl_PEM_extractPublicKey(const char *certPEM); |
wini | 0:e0adec41ad6b | 1691 | |
wini | 0:e0adec41ad6b | 1692 | /** Release a SharkSslRSAKey allocated by functions #sharkssl_PEM_to_RSAKey |
wini | 0:e0adec41ad6b | 1693 | and sharkssl_PEM_extractPublicKey. |
wini | 0:e0adec41ad6b | 1694 | */ |
wini | 0:e0adec41ad6b | 1695 | SHARKSSL_API void SharkSslRSAKey_free(SharkSslRSAKey key); |
wini | 0:e0adec41ad6b | 1696 | #endif |
wini | 0:e0adec41ad6b | 1697 | |
wini | 0:e0adec41ad6b | 1698 | #if SHARKSSL_ENABLE_RSA |
wini | 0:e0adec41ad6b | 1699 | |
wini | 0:e0adec41ad6b | 1700 | /** Returns the private or public key's modulus size in bytes. |
wini | 0:e0adec41ad6b | 1701 | */ |
wini | 0:e0adec41ad6b | 1702 | SHARKSSL_API U16 SharkSslRSAKey_size(SharkSslRSAKey key); |
wini | 0:e0adec41ad6b | 1703 | |
wini | 0:e0adec41ad6b | 1704 | /** Encrypt data using the public key or private key. The private key |
wini | 0:e0adec41ad6b | 1705 | includes the public key an can for this reason be used for |
wini | 0:e0adec41ad6b | 1706 | encrypting the data. |
wini | 0:e0adec41ad6b | 1707 | |
wini | 0:e0adec41ad6b | 1708 | \param in the plaintext |
wini | 0:e0adec41ad6b | 1709 | |
wini | 0:e0adec41ad6b | 1710 | \param len is the length/size of parameter 'in'. This length must be |
wini | 0:e0adec41ad6b | 1711 | exactly #SharkSslRSAKey_size (key) when selecting |
wini | 0:e0adec41ad6b | 1712 | #SHARKSSL_RSA_NO_PADDING or a value between 1 and |
wini | 0:e0adec41ad6b | 1713 | (#SharkSslRSAKey_size (key) - 11) when selecting |
wini | 0:e0adec41ad6b | 1714 | SHARKSSL_RSA_PKCS1_PADDING. |
wini | 0:e0adec41ad6b | 1715 | |
wini | 0:e0adec41ad6b | 1716 | \param out the encrypted ciphertext is copied to this buffer. The |
wini | 0:e0adec41ad6b | 1717 | size of this buffer must be no less than #SharkSslRSAKey_size (key) |
wini | 0:e0adec41ad6b | 1718 | |
wini | 0:e0adec41ad6b | 1719 | \param key is the public key in SharkSslRSAKey format. |
wini | 0:e0adec41ad6b | 1720 | |
wini | 0:e0adec41ad6b | 1721 | \param padding is one of #SHARKSSL_RSA_PKCS1_PADDING or |
wini | 0:e0adec41ad6b | 1722 | #SHARKSSL_RSA_NO_PADDING |
wini | 0:e0adec41ad6b | 1723 | |
wini | 0:e0adec41ad6b | 1724 | \return the size of the encrypted ciphertext, or -1 if any error occurs |
wini | 0:e0adec41ad6b | 1725 | */ |
wini | 0:e0adec41ad6b | 1726 | SHARKSSL_API sharkssl_RSA_RetVal sharkssl_RSA_public_encrypt( |
wini | 0:e0adec41ad6b | 1727 | U16 len, U8 *in, U8 *out, SharkSslRSAKey key, U8 padding); |
wini | 0:e0adec41ad6b | 1728 | |
wini | 0:e0adec41ad6b | 1729 | |
wini | 0:e0adec41ad6b | 1730 | /** Decrypt ciphertext using the private key. |
wini | 0:e0adec41ad6b | 1731 | |
wini | 0:e0adec41ad6b | 1732 | \param len is the length/size of parameter 'in'. This length must be |
wini | 0:e0adec41ad6b | 1733 | exactly #SharkSslRSAKey_size (key). |
wini | 0:e0adec41ad6b | 1734 | |
wini | 0:e0adec41ad6b | 1735 | \param in the ciphertext |
wini | 0:e0adec41ad6b | 1736 | |
wini | 0:e0adec41ad6b | 1737 | \param out the decrypted ciphertext is copied to this buffer. The |
wini | 0:e0adec41ad6b | 1738 | size of this buffer must be no less than #SharkSslRSAKey_size (key) |
wini | 0:e0adec41ad6b | 1739 | |
wini | 0:e0adec41ad6b | 1740 | \param privkey is the private key in SharkSslRSAKey format. |
wini | 0:e0adec41ad6b | 1741 | |
wini | 0:e0adec41ad6b | 1742 | \param padding is one of #SHARKSSL_RSA_PKCS1_PADDING or |
wini | 0:e0adec41ad6b | 1743 | #SHARKSSL_RSA_NO_PADDING |
wini | 0:e0adec41ad6b | 1744 | |
wini | 0:e0adec41ad6b | 1745 | \return the size of the decrypted ciphertext, or -1 if any error occurs |
wini | 0:e0adec41ad6b | 1746 | */ |
wini | 0:e0adec41ad6b | 1747 | SHARKSSL_API sharkssl_RSA_RetVal sharkssl_RSA_private_decrypt( |
wini | 0:e0adec41ad6b | 1748 | U16 len, U8 *in, U8 *out, SharkSslRSAKey privkey, U8 padding); |
wini | 0:e0adec41ad6b | 1749 | |
wini | 0:e0adec41ad6b | 1750 | |
wini | 0:e0adec41ad6b | 1751 | /** Sign a message digest using the private key. |
wini | 0:e0adec41ad6b | 1752 | |
wini | 0:e0adec41ad6b | 1753 | \param in commonly, an algorithm identifier followed by a message digest |
wini | 0:e0adec41ad6b | 1754 | |
wini | 0:e0adec41ad6b | 1755 | \param len is the length/size of parameter 'in'. This length must be |
wini | 0:e0adec41ad6b | 1756 | exactly #SharkSslRSAKey_size (key) when selecting |
wini | 0:e0adec41ad6b | 1757 | #SHARKSSL_RSA_NO_PADDING or a value between 1 and |
wini | 0:e0adec41ad6b | 1758 | (#SharkSslRSAKey_size (key) - 11) when selecting |
wini | 0:e0adec41ad6b | 1759 | SHARKSSL_RSA_PKCS1_PADDING. |
wini | 0:e0adec41ad6b | 1760 | |
wini | 0:e0adec41ad6b | 1761 | \param out the signature is copied to this buffer. The size |
wini | 0:e0adec41ad6b | 1762 | of this buffer must be no less than #SharkSslRSAKey_size (key) |
wini | 0:e0adec41ad6b | 1763 | |
wini | 0:e0adec41ad6b | 1764 | \param privkey is the private key in SharkSslRSAKey format. |
wini | 0:e0adec41ad6b | 1765 | |
wini | 0:e0adec41ad6b | 1766 | \param padding is one of #SHARKSSL_RSA_PKCS1_PADDING or |
wini | 0:e0adec41ad6b | 1767 | #SHARKSSL_RSA_NO_PADDING |
wini | 0:e0adec41ad6b | 1768 | |
wini | 0:e0adec41ad6b | 1769 | \return the size of the signature, or -1 if any error occurs |
wini | 0:e0adec41ad6b | 1770 | */ |
wini | 0:e0adec41ad6b | 1771 | SHARKSSL_API sharkssl_RSA_RetVal sharkssl_RSA_private_encrypt( |
wini | 0:e0adec41ad6b | 1772 | U16 len, U8 *in, U8 *out, SharkSslRSAKey privkey, U8 padding); |
wini | 0:e0adec41ad6b | 1773 | |
wini | 0:e0adec41ad6b | 1774 | |
wini | 0:e0adec41ad6b | 1775 | /** Bring back a message digest using the public key or private key. |
wini | 0:e0adec41ad6b | 1776 | The private key includes the public key an can for this reason be used for |
wini | 0:e0adec41ad6b | 1777 | this operation. |
wini | 0:e0adec41ad6b | 1778 | |
wini | 0:e0adec41ad6b | 1779 | \param in the RSA signature |
wini | 0:e0adec41ad6b | 1780 | |
wini | 0:e0adec41ad6b | 1781 | \param len is the length/size of parameter 'in'. This length must be |
wini | 0:e0adec41ad6b | 1782 | exactly #SharkSslRSAKey_size (key). |
wini | 0:e0adec41ad6b | 1783 | |
wini | 0:e0adec41ad6b | 1784 | \param out the message digest is copied to this buffer. The size |
wini | 0:e0adec41ad6b | 1785 | of this buffer must be no less than #SharkSslRSAKey_size (key) |
wini | 0:e0adec41ad6b | 1786 | |
wini | 0:e0adec41ad6b | 1787 | \param key is the public key in SharkSslRSAKey format. |
wini | 0:e0adec41ad6b | 1788 | |
wini | 0:e0adec41ad6b | 1789 | \param padding is one of #SHARKSSL_RSA_PKCS1_PADDING or |
wini | 0:e0adec41ad6b | 1790 | #SHARKSSL_RSA_NO_PADDING |
wini | 0:e0adec41ad6b | 1791 | |
wini | 0:e0adec41ad6b | 1792 | \return the size of the obtained message digest, or -1 if any error occurs |
wini | 0:e0adec41ad6b | 1793 | */ |
wini | 0:e0adec41ad6b | 1794 | SHARKSSL_API sharkssl_RSA_RetVal sharkssl_RSA_public_decrypt( |
wini | 0:e0adec41ad6b | 1795 | U16 len, U8 *in, U8 *out, SharkSslRSAKey key, U8 padding); |
wini | 0:e0adec41ad6b | 1796 | |
wini | 0:e0adec41ad6b | 1797 | #endif |
wini | 0:e0adec41ad6b | 1798 | |
wini | 0:e0adec41ad6b | 1799 | /** @} */ /* end group RSA */ |
wini | 0:e0adec41ad6b | 1800 | #endif |
wini | 0:e0adec41ad6b | 1801 | |
wini | 0:e0adec41ad6b | 1802 | |
wini | 0:e0adec41ad6b | 1803 | /** To be used as hashlen parameter in sharkssl_ECDSA_ functions |
wini | 0:e0adec41ad6b | 1804 | These are the hash lengths for the functions implemented in SharkSSL/RayCrypto |
wini | 0:e0adec41ad6b | 1805 | |
wini | 0:e0adec41ad6b | 1806 | SHARKSSL_MD5_HASH_LEN |
wini | 0:e0adec41ad6b | 1807 | SHARKSSL_SHA1_HASH_LEN |
wini | 0:e0adec41ad6b | 1808 | SHARKSSL_SHA256_HASH_LEN |
wini | 0:e0adec41ad6b | 1809 | SHARKSSL_SHA384_HASH_LEN |
wini | 0:e0adec41ad6b | 1810 | SHARKSSL_SHA512_HASH_LEN |
wini | 0:e0adec41ad6b | 1811 | SHARKSSL_POLY1305_HASH_LEN |
wini | 0:e0adec41ad6b | 1812 | */ |
wini | 0:e0adec41ad6b | 1813 | |
wini | 0:e0adec41ad6b | 1814 | |
wini | 0:e0adec41ad6b | 1815 | #if SHARKSSL_USE_ECC |
wini | 0:e0adec41ad6b | 1816 | |
wini | 0:e0adec41ad6b | 1817 | /* |
wini | 0:e0adec41ad6b | 1818 | * use as curveID parameter |
wini | 0:e0adec41ad6b | 1819 | */ |
wini | 0:e0adec41ad6b | 1820 | #define SHARKSSL_EC_CURVE_ID_SECP192R1 19 |
wini | 0:e0adec41ad6b | 1821 | #define SHARKSSL_EC_CURVE_ID_SECP224R1 21 |
wini | 0:e0adec41ad6b | 1822 | #define SHARKSSL_EC_CURVE_ID_SECP256R1 23 |
wini | 0:e0adec41ad6b | 1823 | #define SHARKSSL_EC_CURVE_ID_SECP384R1 24 |
wini | 0:e0adec41ad6b | 1824 | #define SHARKSSL_EC_CURVE_ID_SECP521R1 25 |
wini | 0:e0adec41ad6b | 1825 | |
wini | 0:e0adec41ad6b | 1826 | |
wini | 0:e0adec41ad6b | 1827 | /** |
wini | 0:e0adec41ad6b | 1828 | @ingroup ECDSA |
wini | 0:e0adec41ad6b | 1829 | SharkSslECCKey is an alias for the #SharkSslCert type and is a |
wini | 0:e0adec41ad6b | 1830 | private/public key converted by #sharkssl_PEM_to_ECCKey or the |
wini | 0:e0adec41ad6b | 1831 | command line tool [SharkSslParseKey](\ref SharkSslParseKey). |
wini | 0:e0adec41ad6b | 1832 | */ |
wini | 0:e0adec41ad6b | 1833 | typedef U8* SharkSslECCKey; |
wini | 0:e0adec41ad6b | 1834 | |
wini | 0:e0adec41ad6b | 1835 | #if SHARKSSL_ENABLE_PEM_API |
wini | 0:e0adec41ad6b | 1836 | /** |
wini | 0:e0adec41ad6b | 1837 | @ingroup ECDSA |
wini | 0:e0adec41ad6b | 1838 | Convert an ECC private or public key in PEM format to the |
wini | 0:e0adec41ad6b | 1839 | #SharkSslECCKey format. |
wini | 0:e0adec41ad6b | 1840 | |
wini | 0:e0adec41ad6b | 1841 | Note: the converted value must be released by calling |
wini | 0:e0adec41ad6b | 1842 | SharkSslECCKey_free, when no longer needed. |
wini | 0:e0adec41ad6b | 1843 | |
wini | 0:e0adec41ad6b | 1844 | example: |
wini | 0:e0adec41ad6b | 1845 | \code |
wini | 0:e0adec41ad6b | 1846 | { |
wini | 0:e0adec41ad6b | 1847 | SharkSslECCKey ECCKey; |
wini | 0:e0adec41ad6b | 1848 | ... |
wini | 0:e0adec41ad6b | 1849 | ECCKey = sharksslPEM_to_ECCKey(key, pass); |
wini | 0:e0adec41ad6b | 1850 | if (ECCKey) |
wini | 0:e0adec41ad6b | 1851 | { |
wini | 0:e0adec41ad6b | 1852 | ... |
wini | 0:e0adec41ad6b | 1853 | void SharkSslECCKey_free(ECCKey); |
wini | 0:e0adec41ad6b | 1854 | } |
wini | 0:e0adec41ad6b | 1855 | } |
wini | 0:e0adec41ad6b | 1856 | \endcode |
wini | 0:e0adec41ad6b | 1857 | |
wini | 0:e0adec41ad6b | 1858 | \return the private/public key in #SharkSslECCKey format or NULL if |
wini | 0:e0adec41ad6b | 1859 | the conversion fails. |
wini | 0:e0adec41ad6b | 1860 | */ |
wini | 0:e0adec41ad6b | 1861 | SHARKSSL_API SharkSslECCKey sharkssl_PEM_to_ECCKey( |
wini | 0:e0adec41ad6b | 1862 | const char *PEMKey, const char *passphrase); |
wini | 0:e0adec41ad6b | 1863 | #endif |
wini | 0:e0adec41ad6b | 1864 | |
wini | 0:e0adec41ad6b | 1865 | |
wini | 0:e0adec41ad6b | 1866 | #if SHARKSSL_ENABLE_ECCKEY_CREATE |
wini | 0:e0adec41ad6b | 1867 | int SharkSslECCKey_create(SharkSslECCKey *key, U16 curveID); |
wini | 0:e0adec41ad6b | 1868 | #endif |
wini | 0:e0adec41ad6b | 1869 | |
wini | 0:e0adec41ad6b | 1870 | |
wini | 0:e0adec41ad6b | 1871 | #if (SHARKSSL_ENABLE_PEM_API || SHARKSSL_ENABLE_ECCKEY_CREATE) |
wini | 0:e0adec41ad6b | 1872 | /** Release a SharkSslECCKey allocated by functions #sharkssl_PEM_to_ECCKey |
wini | 0:e0adec41ad6b | 1873 | or #SharkSslECCKey_create |
wini | 0:e0adec41ad6b | 1874 | */ |
wini | 0:e0adec41ad6b | 1875 | SHARKSSL_API void SharkSslECCKey_free(SharkSslECCKey key); |
wini | 0:e0adec41ad6b | 1876 | #endif |
wini | 0:e0adec41ad6b | 1877 | |
wini | 0:e0adec41ad6b | 1878 | /** \addtogroup SharkSslInfoAndCodes |
wini | 0:e0adec41ad6b | 1879 | @{ |
wini | 0:e0adec41ad6b | 1880 | */ |
wini | 0:e0adec41ad6b | 1881 | |
wini | 0:e0adec41ad6b | 1882 | |
wini | 0:e0adec41ad6b | 1883 | #if (SHARKSSL_ENABLE_ECDSA && SHARKSSL_ENABLE_ECDSA_API) |
wini | 0:e0adec41ad6b | 1884 | /** Return values from functions #sharkssl_ECDSA_sign_hash, |
wini | 0:e0adec41ad6b | 1885 | #sharkssl_ECDSA_verify_hash |
wini | 0:e0adec41ad6b | 1886 | */ |
wini | 0:e0adec41ad6b | 1887 | typedef enum |
wini | 0:e0adec41ad6b | 1888 | { |
wini | 0:e0adec41ad6b | 1889 | /** OK */ |
wini | 0:e0adec41ad6b | 1890 | SHARKSSL_ECDSA_OK = 0, |
wini | 0:e0adec41ad6b | 1891 | |
wini | 0:e0adec41ad6b | 1892 | /** ALLOCATION_ERROR */ |
wini | 0:e0adec41ad6b | 1893 | SHARKSSL_ECDSA_ALLOCATION_ERROR = -3200, |
wini | 0:e0adec41ad6b | 1894 | |
wini | 0:e0adec41ad6b | 1895 | /** INTERNAL_ERROR */ |
wini | 0:e0adec41ad6b | 1896 | SHARKSSL_ECDSA_INTERNAL_ERROR = -3300, |
wini | 0:e0adec41ad6b | 1897 | |
wini | 0:e0adec41ad6b | 1898 | /** WRONG_PARAMETERS */ |
wini | 0:e0adec41ad6b | 1899 | SHARKSSL_ECDSA_WRONG_PARAMETERS, |
wini | 0:e0adec41ad6b | 1900 | |
wini | 0:e0adec41ad6b | 1901 | /** WRONG_KEY_FORMAT */ |
wini | 0:e0adec41ad6b | 1902 | SHARKSSL_ECDSA_WRONG_KEY_FORMAT, |
wini | 0:e0adec41ad6b | 1903 | |
wini | 0:e0adec41ad6b | 1904 | /** KEY_IS_NOT_PRIVATE */ |
wini | 0:e0adec41ad6b | 1905 | SHARKSSL_ECDSA_KEY_NOT_PRIVATE, |
wini | 0:e0adec41ad6b | 1906 | |
wini | 0:e0adec41ad6b | 1907 | /** KEY_IS_NOT_PUBLIC */ |
wini | 0:e0adec41ad6b | 1908 | SHARKSSL_ECDSA_KEY_NOT_PUBLIC, |
wini | 0:e0adec41ad6b | 1909 | |
wini | 0:e0adec41ad6b | 1910 | /** SIGLEN_TOO_SMALL */ |
wini | 0:e0adec41ad6b | 1911 | SHARKSSL_ECDSA_SIGLEN_TOO_SMALL, |
wini | 0:e0adec41ad6b | 1912 | |
wini | 0:e0adec41ad6b | 1913 | /** VERIFICATION_FAIL */ |
wini | 0:e0adec41ad6b | 1914 | SHARKSSL_ECDSA_VERIFICATION_FAIL, |
wini | 0:e0adec41ad6b | 1915 | |
wini | 0:e0adec41ad6b | 1916 | /** WRONG SIGNATURE */ |
wini | 0:e0adec41ad6b | 1917 | SHARKSSL_ECDSA_WRONG_SIGNATURE |
wini | 0:e0adec41ad6b | 1918 | } sharkssl_ECDSA_RetVal; |
wini | 0:e0adec41ad6b | 1919 | |
wini | 0:e0adec41ad6b | 1920 | /** @} */ /* end group SharkSslInfoAndCodes */ |
wini | 0:e0adec41ad6b | 1921 | |
wini | 0:e0adec41ad6b | 1922 | /** @addtogroup ECDSA |
wini | 0:e0adec41ad6b | 1923 | @{ |
wini | 0:e0adec41ad6b | 1924 | */ |
wini | 0:e0adec41ad6b | 1925 | |
wini | 0:e0adec41ad6b | 1926 | |
wini | 0:e0adec41ad6b | 1927 | #if (!SHARKSSL_ECDSA_ONLY_VERIFY) |
wini | 0:e0adec41ad6b | 1928 | /** Returns the maximum length (in bytes) of a DER-encoded ECDSA |
wini | 0:e0adec41ad6b | 1929 | signature generated with the private key 'privkey'. This function |
wini | 0:e0adec41ad6b | 1930 | is typically used in combination with #sharkssl_ECDSA_sign_hash to |
wini | 0:e0adec41ad6b | 1931 | compute the maximum length of the signature and to allocate a |
wini | 0:e0adec41ad6b | 1932 | buffer large enough to hold the signature 'sig'. |
wini | 0:e0adec41ad6b | 1933 | |
wini | 0:e0adec41ad6b | 1934 | \param privkey is the private key in SharkSslECCKey format. |
wini | 0:e0adec41ad6b | 1935 | */ |
wini | 0:e0adec41ad6b | 1936 | SHARKSSL_API U16 sharkssl_ECDSA_siglen(SharkSslECCKey privkey); |
wini | 0:e0adec41ad6b | 1937 | |
wini | 0:e0adec41ad6b | 1938 | /** Generate the signature using the ECC private key and a hash. |
wini | 0:e0adec41ad6b | 1939 | |
wini | 0:e0adec41ad6b | 1940 | \param privkey is the private key in #SharkSslECCKey format. |
wini | 0:e0adec41ad6b | 1941 | |
wini | 0:e0adec41ad6b | 1942 | \param sig is a pointer to the buffer where the DER-encoded ECDSA |
wini | 0:e0adec41ad6b | 1943 | signature will be generated. The size of this buffer must not be |
wini | 0:e0adec41ad6b | 1944 | smaller than the value returned by #sharkssl_ECDSA_siglen for |
wini | 0:e0adec41ad6b | 1945 | param 'privkey'. The length of this buffer, which may be larger |
wini | 0:e0adec41ad6b | 1946 | than required, is provided in the next parameter (siglen). |
wini | 0:e0adec41ad6b | 1947 | |
wini | 0:e0adec41ad6b | 1948 | \param siglen is parameter "sig"'s length and is provided as an |
wini | 0:e0adec41ad6b | 1949 | input parameter. The signature length will be returned as output |
wini | 0:e0adec41ad6b | 1950 | parameter. |
wini | 0:e0adec41ad6b | 1951 | |
wini | 0:e0adec41ad6b | 1952 | \param hash the message digest obtained from a hash function |
wini | 0:e0adec41ad6b | 1953 | e.g. SHA256. |
wini | 0:e0adec41ad6b | 1954 | |
wini | 0:e0adec41ad6b | 1955 | \param hashlen the length of the message digest (see above). |
wini | 0:e0adec41ad6b | 1956 | |
wini | 0:e0adec41ad6b | 1957 | \return SHARKSSL_ECDSA_OK if the signature generation is succesful, |
wini | 0:e0adec41ad6b | 1958 | or one of the #sharkssl_ECDSA_RetVal error codes. |
wini | 0:e0adec41ad6b | 1959 | */ |
wini | 0:e0adec41ad6b | 1960 | SHARKSSL_API sharkssl_ECDSA_RetVal sharkssl_ECDSA_sign_hash( |
wini | 0:e0adec41ad6b | 1961 | SharkSslECCKey privkey, U8 *sig, U16 *siglen, U8 *hash, U8 hashlen); |
wini | 0:e0adec41ad6b | 1962 | #endif |
wini | 0:e0adec41ad6b | 1963 | |
wini | 0:e0adec41ad6b | 1964 | /** Verify a message using the ECC public key and a hash algorithm. |
wini | 0:e0adec41ad6b | 1965 | |
wini | 0:e0adec41ad6b | 1966 | \param pubkey is the public key in SharkSslECCKey format. |
wini | 0:e0adec41ad6b | 1967 | |
wini | 0:e0adec41ad6b | 1968 | \param sig is a pointer to the DER-encoded ECDSA signature |
wini | 0:e0adec41ad6b | 1969 | that is to be verified. |
wini | 0:e0adec41ad6b | 1970 | |
wini | 0:e0adec41ad6b | 1971 | \param siglen is parameter "sig"'s length. |
wini | 0:e0adec41ad6b | 1972 | |
wini | 0:e0adec41ad6b | 1973 | \param hash the message digest obtained from a hash function |
wini | 0:e0adec41ad6b | 1974 | e.g. SHA256. |
wini | 0:e0adec41ad6b | 1975 | |
wini | 0:e0adec41ad6b | 1976 | \param hashlen the length of the message digest (see above). |
wini | 0:e0adec41ad6b | 1977 | |
wini | 0:e0adec41ad6b | 1978 | \return SHARKSSL_ECDSA_OK if the signature verification is succesful, |
wini | 0:e0adec41ad6b | 1979 | or one of the #sharkssl_ECDSA_RetVal error codes. |
wini | 0:e0adec41ad6b | 1980 | */ |
wini | 0:e0adec41ad6b | 1981 | SHARKSSL_API sharkssl_ECDSA_RetVal sharkssl_ECDSA_verify_hash( |
wini | 0:e0adec41ad6b | 1982 | SharkSslECCKey pubkey, U8 *sig, U16 siglen, U8 *hash, U8 hashlen); |
wini | 0:e0adec41ad6b | 1983 | |
wini | 0:e0adec41ad6b | 1984 | #endif |
wini | 0:e0adec41ad6b | 1985 | |
wini | 0:e0adec41ad6b | 1986 | /** @} */ /* end group ECC */ |
wini | 0:e0adec41ad6b | 1987 | #endif |
wini | 0:e0adec41ad6b | 1988 | |
wini | 0:e0adec41ad6b | 1989 | |
wini | 0:e0adec41ad6b | 1990 | #if (SHARKSSL_ENABLE_CA_LIST && SHARKSSL_ENABLE_CERTSTORE_API) |
wini | 0:e0adec41ad6b | 1991 | |
wini | 0:e0adec41ad6b | 1992 | /** @addtogroup SharkSslCertApi |
wini | 0:e0adec41ad6b | 1993 | @{ |
wini | 0:e0adec41ad6b | 1994 | */ |
wini | 0:e0adec41ad6b | 1995 | |
wini | 0:e0adec41ad6b | 1996 | |
wini | 0:e0adec41ad6b | 1997 | #ifndef BA_API /* standalone SharkSSL */ |
wini | 0:e0adec41ad6b | 1998 | #define BA_API SHARKSSL_API |
wini | 0:e0adec41ad6b | 1999 | typedef U8 BaBool; |
wini | 0:e0adec41ad6b | 2000 | #endif |
wini | 0:e0adec41ad6b | 2001 | #include "DoubleList.h" |
wini | 0:e0adec41ad6b | 2002 | |
wini | 0:e0adec41ad6b | 2003 | /** SharkSslCertStore is a container object used when assembling a |
wini | 0:e0adec41ad6b | 2004 | #SharkSslCAList. See #SharkSslCertStore_assemble for details. |
wini | 0:e0adec41ad6b | 2005 | */ |
wini | 0:e0adec41ad6b | 2006 | typedef struct SharkSslCertStore |
wini | 0:e0adec41ad6b | 2007 | { |
wini | 0:e0adec41ad6b | 2008 | DoubleList certList; |
wini | 0:e0adec41ad6b | 2009 | SharkSslCAList caList; |
wini | 0:e0adec41ad6b | 2010 | U16 elements; /* number of elements in list */ |
wini | 0:e0adec41ad6b | 2011 | } SharkSslCertStore; |
wini | 0:e0adec41ad6b | 2012 | |
wini | 0:e0adec41ad6b | 2013 | /** Initialize a SharkSslCertStore object. See #SharkSslCertStore for |
wini | 0:e0adec41ad6b | 2014 | details. The object must reside in memory as long as the produced |
wini | 0:e0adec41ad6b | 2015 | SharkSslCAList is used by a SharkSSL object. |
wini | 0:e0adec41ad6b | 2016 | |
wini | 0:e0adec41ad6b | 2017 | \param o Uninitialized data of size sizeof(SharkSsl). |
wini | 0:e0adec41ad6b | 2018 | |
wini | 0:e0adec41ad6b | 2019 | \sa #SharkSslCertStore_assemble. |
wini | 0:e0adec41ad6b | 2020 | */ |
wini | 0:e0adec41ad6b | 2021 | SHARKSSL_API void SharkSslCertStore_constructor(SharkSslCertStore *o); |
wini | 0:e0adec41ad6b | 2022 | |
wini | 0:e0adec41ad6b | 2023 | /** Cleanup all memory used by the SharkSslCAList object. |
wini | 0:e0adec41ad6b | 2024 | */ |
wini | 0:e0adec41ad6b | 2025 | SHARKSSL_API void SharkSslCertStore_destructor(SharkSslCertStore* o); |
wini | 0:e0adec41ad6b | 2026 | |
wini | 0:e0adec41ad6b | 2027 | /** Alias for SharkSslCertStore_destructor */ |
wini | 0:e0adec41ad6b | 2028 | #define SharkSslCertStore_release(o) SharkSslCertStore_destructor(o) |
wini | 0:e0adec41ad6b | 2029 | |
wini | 0:e0adec41ad6b | 2030 | /** add a certificate in PEM or p7b format to the CA store. A |
wini | 0:e0adec41ad6b | 2031 | convenient way to get CA's is to export the certificates from a |
wini | 0:e0adec41ad6b | 2032 | browser in PEM or p7b format. The p7b format is a container format |
wini | 0:e0adec41ad6b | 2033 | that can contain many CA's. |
wini | 0:e0adec41ad6b | 2034 | |
wini | 0:e0adec41ad6b | 2035 | \param o the SharkSslCertStore object. |
wini | 0:e0adec41ad6b | 2036 | \param cert is a one PEM cert or multiple certs in p7b format. |
wini | 0:e0adec41ad6b | 2037 | \param certlen is the length of parameter 'cert' |
wini | 0:e0adec41ad6b | 2038 | \sa SharkSslCertStore_assemble. |
wini | 0:e0adec41ad6b | 2039 | \return the number of certificates successfully parsed and added to |
wini | 0:e0adec41ad6b | 2040 | the certificate store or a negative value if memory could not be allocated. |
wini | 0:e0adec41ad6b | 2041 | */ |
wini | 0:e0adec41ad6b | 2042 | SHARKSSL_API U16 SharkSslCertStore_add( |
wini | 0:e0adec41ad6b | 2043 | SharkSslCertStore *o, const char *cert, U32 certlen); |
wini | 0:e0adec41ad6b | 2044 | |
wini | 0:e0adec41ad6b | 2045 | /** Assemble all certificates added by calling #SharkSslCertStore_add. |
wini | 0:e0adec41ad6b | 2046 | The SharkSslCertStore object can be released as soon as the |
wini | 0:e0adec41ad6b | 2047 | #SharkSslCAList is assembled. |
wini | 0:e0adec41ad6b | 2048 | |
wini | 0:e0adec41ad6b | 2049 | \param o the SharkSslCertStore object |
wini | 0:e0adec41ad6b | 2050 | \param outList is the SharkSslCAList out value |
wini | 0:e0adec41ad6b | 2051 | \return TRUE on success or FALSE if memory could not be allocated |
wini | 0:e0adec41ad6b | 2052 | \sa #SharkSslCertStore_destructor and #SharkSsl_setCAList |
wini | 0:e0adec41ad6b | 2053 | */ |
wini | 0:e0adec41ad6b | 2054 | SHARKSSL_API U8 SharkSslCertStore_assemble( |
wini | 0:e0adec41ad6b | 2055 | SharkSslCertStore *o, SharkSslCAList *outList); |
wini | 0:e0adec41ad6b | 2056 | |
wini | 0:e0adec41ad6b | 2057 | /** @} */ /* end group SharkSslCertApi */ |
wini | 0:e0adec41ad6b | 2058 | #endif /* SHARKSSL_ENABLE_CA_LIST && SHARKSSL_ENABLE_CERTSTORE_API */ |
wini | 0:e0adec41ad6b | 2059 | |
wini | 0:e0adec41ad6b | 2060 | |
wini | 0:e0adec41ad6b | 2061 | |
wini | 0:e0adec41ad6b | 2062 | |
wini | 0:e0adec41ad6b | 2063 | |
wini | 0:e0adec41ad6b | 2064 | #ifdef __cplusplus |
wini | 0:e0adec41ad6b | 2065 | } |
wini | 0:e0adec41ad6b | 2066 | |
wini | 0:e0adec41ad6b | 2067 | inline SharkSsl::SharkSsl( |
wini | 0:e0adec41ad6b | 2068 | SharkSsl_Role role, U16 cacheSize, U16 inBufStartSize, U16 outBufSize) { |
wini | 0:e0adec41ad6b | 2069 | SharkSsl_constructor(this, role, cacheSize, inBufStartSize, outBufSize); |
wini | 0:e0adec41ad6b | 2070 | } |
wini | 0:e0adec41ad6b | 2071 | inline SharkSsl::~SharkSsl() { |
wini | 0:e0adec41ad6b | 2072 | SharkSsl_destructor(this); |
wini | 0:e0adec41ad6b | 2073 | } |
wini | 0:e0adec41ad6b | 2074 | inline SharkSslCon *SharkSsl::createCon(void) { |
wini | 0:e0adec41ad6b | 2075 | return SharkSsl_createCon(this); |
wini | 0:e0adec41ad6b | 2076 | } |
wini | 0:e0adec41ad6b | 2077 | inline void SharkSsl::terminateCon(SharkSslCon *sslCon) { |
wini | 0:e0adec41ad6b | 2078 | SharkSsl_terminateCon(this, sslCon); |
wini | 0:e0adec41ad6b | 2079 | } |
wini | 0:e0adec41ad6b | 2080 | |
wini | 0:e0adec41ad6b | 2081 | #if (SHARKSSL_ENABLE_RSA || SHARKSSL_ENABLE_ECDSA) |
wini | 0:e0adec41ad6b | 2082 | inline U8 SharkSsl::addCertificate(SharkSslCert cert) { |
wini | 0:e0adec41ad6b | 2083 | return SharkSsl_addCertificate(this, cert); |
wini | 0:e0adec41ad6b | 2084 | } |
wini | 0:e0adec41ad6b | 2085 | #if SHARKSSL_ENABLE_CA_LIST |
wini | 0:e0adec41ad6b | 2086 | inline U8 SharkSsl::setCAList(SharkSslCAList caList) { |
wini | 0:e0adec41ad6b | 2087 | return SharkSsl_setCAList(this, caList); |
wini | 0:e0adec41ad6b | 2088 | } |
wini | 0:e0adec41ad6b | 2089 | #endif /* SHARKSSL_ENABLE_CA_LIST */ |
wini | 0:e0adec41ad6b | 2090 | #endif /* SHARKSSL_ENABLE_RSA || SHARKSSL_ENABLE_ECDSA */ |
wini | 0:e0adec41ad6b | 2091 | |
wini | 0:e0adec41ad6b | 2092 | #if SHARKSSL_ENABLE_PSK |
wini | 0:e0adec41ad6b | 2093 | inline U8 SharkSsl::setPSKTable(SharkSslPSKTable tablePSK) { |
wini | 0:e0adec41ad6b | 2094 | return SharkSsl_setPSKTable(this, tablePSK); |
wini | 0:e0adec41ad6b | 2095 | } |
wini | 0:e0adec41ad6b | 2096 | #endif /* SHARKSSL_ENABLE_PSK */ |
wini | 0:e0adec41ad6b | 2097 | |
wini | 0:e0adec41ad6b | 2098 | #endif /* __cplusplus */ |
wini | 0:e0adec41ad6b | 2099 | |
wini | 0:e0adec41ad6b | 2100 | |
wini | 0:e0adec41ad6b | 2101 | #endif |