PolarSSL v1.3.9
ssl.h
Go to the documentation of this file.
1 
27 #ifndef POLARSSL_SSL_H
28 #define POLARSSL_SSL_H
29 
30 #if !defined(POLARSSL_CONFIG_FILE)
31 #include "config.h"
32 #else
33 #include POLARSSL_CONFIG_FILE
34 #endif
35 #include "net.h"
36 #include "bignum.h"
37 #include "ecp.h"
38 
39 #include "ssl_ciphersuites.h"
40 
41 #if defined(POLARSSL_MD5_C)
42 #include "md5.h"
43 #endif
44 
45 #if defined(POLARSSL_SHA1_C)
46 #include "sha1.h"
47 #endif
48 
49 #if defined(POLARSSL_SHA256_C)
50 #include "sha256.h"
51 #endif
52 
53 #if defined(POLARSSL_SHA512_C)
54 #include "sha512.h"
55 #endif
56 
57 // for session tickets
58 #if defined(POLARSSL_AES_C)
59 #include "aes.h"
60 #endif
61 
62 #if defined(POLARSSL_X509_CRT_PARSE_C)
63 #include "x509_crt.h"
64 #include "x509_crl.h"
65 #endif
66 
67 #if defined(POLARSSL_DHM_C)
68 #include "dhm.h"
69 #endif
70 
71 #if defined(POLARSSL_ECDH_C)
72 #include "ecdh.h"
73 #endif
74 
75 #if defined(POLARSSL_ZLIB_SUPPORT)
76 #include "zlib.h"
77 #endif
78 
79 #if defined(POLARSSL_HAVE_TIME)
80 #include <time.h>
81 #endif
82 
83 /* For convenience below and in programs */
84 #if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) || \
85  defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
86  defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
87  defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
88 #define POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED
89 #endif
90 
91 #if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
92  defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
93  defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
94 #define POLARSSL_KEY_EXCHANGE__SOME__ECDHE_ENABLED
95 #endif
96 
97 #if defined(_MSC_VER) && !defined(inline)
98 #define inline _inline
99 #else
100 #if defined(__ARMCC_VERSION) && !defined(inline)
101 #define inline __inline
102 #endif /* __ARMCC_VERSION */
103 #endif /*_MSC_VER */
104 
105 /*
106  * SSL Error codes
107  */
108 #define POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE -0x7080
109 #define POLARSSL_ERR_SSL_BAD_INPUT_DATA -0x7100
110 #define POLARSSL_ERR_SSL_INVALID_MAC -0x7180
111 #define POLARSSL_ERR_SSL_INVALID_RECORD -0x7200
112 #define POLARSSL_ERR_SSL_CONN_EOF -0x7280
113 #define POLARSSL_ERR_SSL_UNKNOWN_CIPHER -0x7300
114 #define POLARSSL_ERR_SSL_NO_CIPHER_CHOSEN -0x7380
115 #define POLARSSL_ERR_SSL_NO_RNG -0x7400
116 #define POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE -0x7480
117 #define POLARSSL_ERR_SSL_CERTIFICATE_TOO_LARGE -0x7500
118 #define POLARSSL_ERR_SSL_CERTIFICATE_REQUIRED -0x7580
119 #define POLARSSL_ERR_SSL_PRIVATE_KEY_REQUIRED -0x7600
120 #define POLARSSL_ERR_SSL_CA_CHAIN_REQUIRED -0x7680
121 #define POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE -0x7700
122 #define POLARSSL_ERR_SSL_FATAL_ALERT_MESSAGE -0x7780
123 #define POLARSSL_ERR_SSL_PEER_VERIFY_FAILED -0x7800
124 #define POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY -0x7880
125 #define POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO -0x7900
126 #define POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO -0x7980
127 #define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE -0x7A00
128 #define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST -0x7A80
129 #define POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE -0x7B00
130 #define POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO_DONE -0x7B80
131 #define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE -0x7C00
132 #define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP -0x7C80
133 #define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS -0x7D00
134 #define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY -0x7D80
135 #define POLARSSL_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC -0x7E00
136 #define POLARSSL_ERR_SSL_BAD_HS_FINISHED -0x7E80
137 #define POLARSSL_ERR_SSL_MALLOC_FAILED -0x7F00
138 #define POLARSSL_ERR_SSL_HW_ACCEL_FAILED -0x7F80
139 #define POLARSSL_ERR_SSL_HW_ACCEL_FALLTHROUGH -0x6F80
140 #define POLARSSL_ERR_SSL_COMPRESSION_FAILED -0x6F00
141 #define POLARSSL_ERR_SSL_BAD_HS_PROTOCOL_VERSION -0x6E80
142 #define POLARSSL_ERR_SSL_BAD_HS_NEW_SESSION_TICKET -0x6E00
143 #define POLARSSL_ERR_SSL_SESSION_TICKET_EXPIRED -0x6D80
144 #define POLARSSL_ERR_SSL_PK_TYPE_MISMATCH -0x6D00
145 #define POLARSSL_ERR_SSL_UNKNOWN_IDENTITY -0x6C80
146 #define POLARSSL_ERR_SSL_INTERNAL_ERROR -0x6C00
147 #define POLARSSL_ERR_SSL_COUNTER_WRAPPING -0x6B80
148 #define POLARSSL_ERR_SSL_WAITING_SERVER_HELLO_RENEGO -0x6B00
150 /*
151  * Various constants
152  */
153 #define SSL_MAJOR_VERSION_3 3
154 #define SSL_MINOR_VERSION_0 0
155 #define SSL_MINOR_VERSION_1 1
156 #define SSL_MINOR_VERSION_2 2
157 #define SSL_MINOR_VERSION_3 3
159 /* Determine minimum supported version */
160 #define SSL_MIN_MAJOR_VERSION SSL_MAJOR_VERSION_3
161 
162 #if defined(POLARSSL_SSL_PROTO_SSL3)
163 #define SSL_MIN_MINOR_VERSION SSL_MINOR_VERSION_0
164 #else
165 #if defined(POLARSSL_SSL_PROTO_TLS1)
166 #define SSL_MIN_MINOR_VERSION SSL_MINOR_VERSION_1
167 #else
168 #if defined(POLARSSL_SSL_PROTO_TLS1_1)
169 #define SSL_MIN_MINOR_VERSION SSL_MINOR_VERSION_2
170 #else
171 #if defined(POLARSSL_SSL_PROTO_TLS1_2)
172 #define SSL_MIN_MINOR_VERSION SSL_MINOR_VERSION_3
173 #endif /* POLARSSL_SSL_PROTO_TLS1_2 */
174 #endif /* POLARSSL_SSL_PROTO_TLS1_1 */
175 #endif /* POLARSSL_SSL_PROTO_TLS1 */
176 #endif /* POLARSSL_SSL_PROTO_SSL3 */
177 
178 /* Determine maximum supported version */
179 #define SSL_MAX_MAJOR_VERSION SSL_MAJOR_VERSION_3
180 
181 #if defined(POLARSSL_SSL_PROTO_TLS1_2)
182 #define SSL_MAX_MINOR_VERSION SSL_MINOR_VERSION_3
183 #else
184 #if defined(POLARSSL_SSL_PROTO_TLS1_1)
185 #define SSL_MAX_MINOR_VERSION SSL_MINOR_VERSION_2
186 #else
187 #if defined(POLARSSL_SSL_PROTO_TLS1)
188 #define SSL_MAX_MINOR_VERSION SSL_MINOR_VERSION_1
189 #else
190 #if defined(POLARSSL_SSL_PROTO_SSL3)
191 #define SSL_MAX_MINOR_VERSION SSL_MINOR_VERSION_0
192 #endif /* POLARSSL_SSL_PROTO_SSL3 */
193 #endif /* POLARSSL_SSL_PROTO_TLS1 */
194 #endif /* POLARSSL_SSL_PROTO_TLS1_1 */
195 #endif /* POLARSSL_SSL_PROTO_TLS1_2 */
196 
197 /* RFC 6066 section 4, see also mfl_code_to_length in ssl_tls.c
198  * NONE must be zero so that memset()ing structure to zero works */
199 #define SSL_MAX_FRAG_LEN_NONE 0
200 #define SSL_MAX_FRAG_LEN_512 1
201 #define SSL_MAX_FRAG_LEN_1024 2
202 #define SSL_MAX_FRAG_LEN_2048 3
203 #define SSL_MAX_FRAG_LEN_4096 4
204 #define SSL_MAX_FRAG_LEN_INVALID 5
206 #define SSL_IS_CLIENT 0
207 #define SSL_IS_SERVER 1
208 
209 #define SSL_COMPRESS_NULL 0
210 #define SSL_COMPRESS_DEFLATE 1
211 
212 #define SSL_VERIFY_NONE 0
213 #define SSL_VERIFY_OPTIONAL 1
214 #define SSL_VERIFY_REQUIRED 2
215 
216 #define SSL_INITIAL_HANDSHAKE 0
217 #define SSL_RENEGOTIATION 1 /* In progress */
218 #define SSL_RENEGOTIATION_DONE 2 /* Done */
219 #define SSL_RENEGOTIATION_PENDING 3 /* Requested (server only) */
220 
221 #define SSL_LEGACY_RENEGOTIATION 0
222 #define SSL_SECURE_RENEGOTIATION 1
223 
224 #define SSL_RENEGOTIATION_DISABLED 0
225 #define SSL_RENEGOTIATION_ENABLED 1
226 
227 #define SSL_RENEGOTIATION_NOT_ENFORCED -1
228 #define SSL_RENEGO_MAX_RECORDS_DEFAULT 16
229 
230 #define SSL_LEGACY_NO_RENEGOTIATION 0
231 #define SSL_LEGACY_ALLOW_RENEGOTIATION 1
232 #define SSL_LEGACY_BREAK_HANDSHAKE 2
233 
234 #define SSL_TRUNC_HMAC_DISABLED 0
235 #define SSL_TRUNC_HMAC_ENABLED 1
236 #define SSL_TRUNCATED_HMAC_LEN 10 /* 80 bits, rfc 6066 section 7 */
237 
238 #define SSL_SESSION_TICKETS_DISABLED 0
239 #define SSL_SESSION_TICKETS_ENABLED 1
240 
249 #if !defined(SSL_DEFAULT_TICKET_LIFETIME)
250 #define SSL_DEFAULT_TICKET_LIFETIME 86400
251 #endif
252 
253 /*
254  * Size of the input / output buffer.
255  * Note: the RFC defines the default size of SSL / TLS messages. If you
256  * change the value here, other clients / servers may not be able to
257  * communicate with you anymore. Only change this value if you control
258  * both sides of the connection and have it reduced at both sides, or
259  * if you're using the Max Fragment Length extension and you know all your
260  * peers are using it too!
261  */
262 #if !defined(SSL_MAX_CONTENT_LEN)
263 #define SSL_MAX_CONTENT_LEN 16384
264 #endif
265 
266 /* \} name SECTION: Module settings */
267 
268 /*
269  * Allow extra bytes for record, authentication and encryption overhead:
270  * counter (8) + header (5) + IV(16) + MAC (16-48) + padding (0-256)
271  * and allow for a maximum of 1024 of compression expansion if
272  * enabled.
273  */
274 #if defined(POLARSSL_ZLIB_SUPPORT)
275 #define SSL_COMPRESSION_ADD 1024
276 #else
277 #define SSL_COMPRESSION_ADD 0
278 #endif
279 
280 #if defined(POLARSSL_RC4_C) || defined(POLARSSL_CIPHER_MODE_CBC)
281 /* Ciphersuites using HMAC */
282 #if defined(POLARSSL_SHA512_C)
283 #define SSL_MAC_ADD 48 /* SHA-384 used for HMAC */
284 #elif defined(POLARSSL_SHA256_C)
285 #define SSL_MAC_ADD 32 /* SHA-256 used for HMAC */
286 #else
287 #define SSL_MAC_ADD 20 /* SHA-1 used for HMAC */
288 #endif
289 #else
290 /* AEAD ciphersuites: GCM and CCM use a 128 bits tag */
291 #define SSL_MAC_ADD 16
292 #endif
293 
294 #if defined(POLARSSL_CIPHER_MODE_CBC)
295 #define SSL_PADDING_ADD 256
296 #else
297 #define SSL_PADDING_ADD 0
298 #endif
299 
300 #define SSL_BUFFER_LEN ( SSL_MAX_CONTENT_LEN \
301  + SSL_COMPRESSION_ADD \
302  + 29 /* counter + header + IV */ \
303  + SSL_MAC_ADD \
304  + SSL_PADDING_ADD \
305  )
306 
307 /*
308  * Signaling ciphersuite values (SCSV)
309  */
310 #define SSL_EMPTY_RENEGOTIATION_INFO 0xFF
312 /*
313  * Supported Signature and Hash algorithms (For TLS 1.2)
314  * RFC 5246 section 7.4.1.4.1
315  */
316 #define SSL_HASH_NONE 0
317 #define SSL_HASH_MD5 1
318 #define SSL_HASH_SHA1 2
319 #define SSL_HASH_SHA224 3
320 #define SSL_HASH_SHA256 4
321 #define SSL_HASH_SHA384 5
322 #define SSL_HASH_SHA512 6
323 
324 #define SSL_SIG_ANON 0
325 #define SSL_SIG_RSA 1
326 #define SSL_SIG_ECDSA 3
327 
328 /*
329  * Client Certificate Types
330  * RFC 5246 section 7.4.4 plus RFC 4492 section 5.5
331  */
332 #define SSL_CERT_TYPE_RSA_SIGN 1
333 #define SSL_CERT_TYPE_ECDSA_SIGN 64
334 
335 /*
336  * Message, alert and handshake types
337  */
338 #define SSL_MSG_CHANGE_CIPHER_SPEC 20
339 #define SSL_MSG_ALERT 21
340 #define SSL_MSG_HANDSHAKE 22
341 #define SSL_MSG_APPLICATION_DATA 23
342 
343 #define SSL_ALERT_LEVEL_WARNING 1
344 #define SSL_ALERT_LEVEL_FATAL 2
345 
346 #define SSL_ALERT_MSG_CLOSE_NOTIFY 0 /* 0x00 */
347 #define SSL_ALERT_MSG_UNEXPECTED_MESSAGE 10 /* 0x0A */
348 #define SSL_ALERT_MSG_BAD_RECORD_MAC 20 /* 0x14 */
349 #define SSL_ALERT_MSG_DECRYPTION_FAILED 21 /* 0x15 */
350 #define SSL_ALERT_MSG_RECORD_OVERFLOW 22 /* 0x16 */
351 #define SSL_ALERT_MSG_DECOMPRESSION_FAILURE 30 /* 0x1E */
352 #define SSL_ALERT_MSG_HANDSHAKE_FAILURE 40 /* 0x28 */
353 #define SSL_ALERT_MSG_NO_CERT 41 /* 0x29 */
354 #define SSL_ALERT_MSG_BAD_CERT 42 /* 0x2A */
355 #define SSL_ALERT_MSG_UNSUPPORTED_CERT 43 /* 0x2B */
356 #define SSL_ALERT_MSG_CERT_REVOKED 44 /* 0x2C */
357 #define SSL_ALERT_MSG_CERT_EXPIRED 45 /* 0x2D */
358 #define SSL_ALERT_MSG_CERT_UNKNOWN 46 /* 0x2E */
359 #define SSL_ALERT_MSG_ILLEGAL_PARAMETER 47 /* 0x2F */
360 #define SSL_ALERT_MSG_UNKNOWN_CA 48 /* 0x30 */
361 #define SSL_ALERT_MSG_ACCESS_DENIED 49 /* 0x31 */
362 #define SSL_ALERT_MSG_DECODE_ERROR 50 /* 0x32 */
363 #define SSL_ALERT_MSG_DECRYPT_ERROR 51 /* 0x33 */
364 #define SSL_ALERT_MSG_EXPORT_RESTRICTION 60 /* 0x3C */
365 #define SSL_ALERT_MSG_PROTOCOL_VERSION 70 /* 0x46 */
366 #define SSL_ALERT_MSG_INSUFFICIENT_SECURITY 71 /* 0x47 */
367 #define SSL_ALERT_MSG_INTERNAL_ERROR 80 /* 0x50 */
368 #define SSL_ALERT_MSG_USER_CANCELED 90 /* 0x5A */
369 #define SSL_ALERT_MSG_NO_RENEGOTIATION 100 /* 0x64 */
370 #define SSL_ALERT_MSG_UNSUPPORTED_EXT 110 /* 0x6E */
371 #define SSL_ALERT_MSG_UNRECOGNIZED_NAME 112 /* 0x70 */
372 #define SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY 115 /* 0x73 */
373 #define SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL 120 /* 0x78 */
374 
375 #define SSL_HS_HELLO_REQUEST 0
376 #define SSL_HS_CLIENT_HELLO 1
377 #define SSL_HS_SERVER_HELLO 2
378 #define SSL_HS_NEW_SESSION_TICKET 4
379 #define SSL_HS_CERTIFICATE 11
380 #define SSL_HS_SERVER_KEY_EXCHANGE 12
381 #define SSL_HS_CERTIFICATE_REQUEST 13
382 #define SSL_HS_SERVER_HELLO_DONE 14
383 #define SSL_HS_CERTIFICATE_VERIFY 15
384 #define SSL_HS_CLIENT_KEY_EXCHANGE 16
385 #define SSL_HS_FINISHED 20
386 
387 /*
388  * TLS extensions
389  */
390 #define TLS_EXT_SERVERNAME 0
391 #define TLS_EXT_SERVERNAME_HOSTNAME 0
392 
393 #define TLS_EXT_MAX_FRAGMENT_LENGTH 1
394 
395 #define TLS_EXT_TRUNCATED_HMAC 4
396 
397 #define TLS_EXT_SUPPORTED_ELLIPTIC_CURVES 10
398 #define TLS_EXT_SUPPORTED_POINT_FORMATS 11
399 
400 #define TLS_EXT_SIG_ALG 13
401 
402 #define TLS_EXT_ALPN 16
403 
404 #define TLS_EXT_SESSION_TICKET 35
405 
406 #define TLS_EXT_RENEGOTIATION_INFO 0xFF01
407 
408 /*
409  * TLS extension flags (for extensions with outgoing ServerHello content
410  * that need it (e.g. for RENEGOTIATION_INFO the server already knows because
411  * of state of the renegotiation flag, so no indicator is required)
412  */
413 #define TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT (1 << 0)
414 
415 /*
416  * Size defines
417  */
418 #if !defined(POLARSSL_PSK_MAX_LEN)
419 #define POLARSSL_PSK_MAX_LEN 32 /* 256 bits */
420 #endif
421 
422 /* Dummy type used only for its size */
424 {
425 #if defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED)
426  unsigned char _pms_rsa[48]; /* RFC 5246 8.1.1 */
427 #endif
428 #if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED)
429  unsigned char _pms_dhm[POLARSSL_MPI_MAX_SIZE]; /* RFC 5246 8.1.2 */
430 #endif
431 #if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
432  defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
433  defined(POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
434  defined(POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
435  unsigned char _pms_ecdh[POLARSSL_ECP_MAX_BYTES]; /* RFC 4492 5.10 */
436 #endif
437 #if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
438  unsigned char _pms_psk[4 + 2 * POLARSSL_PSK_MAX_LEN]; /* RFC 4279 2 */
439 #endif
440 #if defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED)
441  unsigned char _pms_dhe_psk[4 + POLARSSL_MPI_MAX_SIZE
442  + POLARSSL_PSK_MAX_LEN]; /* RFC 4279 3 */
443 #endif
444 #if defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED)
445  unsigned char _pms_rsa_psk[52 + POLARSSL_PSK_MAX_LEN]; /* RFC 4279 4 */
446 #endif
447 #if defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED)
448  unsigned char _pms_ecdhe_psk[4 + POLARSSL_ECP_MAX_BYTES
449  + POLARSSL_PSK_MAX_LEN]; /* RFC 5489 2 */
450 #endif
451 };
452 
453 #define POLARSSL_PREMASTER_SIZE sizeof( union _ssl_premaster_secret )
454 
455 #ifdef __cplusplus
456 extern "C" {
457 #endif
458 
459 /*
460  * Generic function pointers for allowing external RSA private key
461  * implementations.
462  */
463 typedef int (*rsa_decrypt_func)( void *ctx, int mode, size_t *olen,
464  const unsigned char *input, unsigned char *output,
465  size_t output_max_len );
466 typedef int (*rsa_sign_func)( void *ctx,
467  int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
468  int mode, md_type_t md_alg, unsigned int hashlen,
469  const unsigned char *hash, unsigned char *sig );
470 typedef size_t (*rsa_key_len_func)( void *ctx );
471 
472 /*
473  * SSL state machine
474  */
475 typedef enum
476 {
495 }
496 ssl_states;
497 
498 typedef struct _ssl_session ssl_session;
499 typedef struct _ssl_context ssl_context;
502 #if defined(POLARSSL_SSL_SESSION_TICKETS)
504 #endif
505 #if defined(POLARSSL_X509_CRT_PARSE_C)
507 #endif
508 
509 /*
510  * This structure is used for storing current session data.
511  */
513 {
514 #if defined(POLARSSL_HAVE_TIME)
515  time_t start;
516 #endif
519  size_t length;
520  unsigned char id[32];
521  unsigned char master[48];
523 #if defined(POLARSSL_X509_CRT_PARSE_C)
525 #endif /* POLARSSL_X509_CRT_PARSE_C */
528 #if defined(POLARSSL_SSL_SESSION_TICKETS)
529  unsigned char *ticket;
530  size_t ticket_len;
531  uint32_t ticket_lifetime;
532 #endif /* POLARSSL_SSL_SESSION_TICKETS */
533 
534 #if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
535  unsigned char mfl_code;
536 #endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */
537 
538 #if defined(POLARSSL_SSL_TRUNCATED_HMAC)
540 #endif /* POLARSSL_SSL_TRUNCATED_HMAC */
541 };
542 
543 /*
544  * This structure contains a full set of runtime transform parameters
545  * either in negotiation or active.
546  */
548 {
549  /*
550  * Session specific crypto layer
551  */
554  unsigned int keylen;
555  size_t minlen;
556  size_t ivlen;
557  size_t fixed_ivlen;
558  size_t maclen;
560  unsigned char iv_enc[16];
561  unsigned char iv_dec[16];
563 #if defined(POLARSSL_SSL_PROTO_SSL3)
564  /* Needed only for SSL v3.0 secret */
565  unsigned char mac_enc[20];
566  unsigned char mac_dec[20];
567 #endif /* POLARSSL_SSL_PROTO_SSL3 */
568 
575  /*
576  * Session specific compression layer
577  */
578 #if defined(POLARSSL_ZLIB_SUPPORT)
579  z_stream ctx_deflate;
580  z_stream ctx_inflate;
581 #endif
582 };
583 
584 /*
585  * This structure contains the parameters only needed during handshake.
586  */
588 {
589  /*
590  * Handshake specific crypto variables
591  */
592  int sig_alg;
593  int cert_type;
595 #if defined(POLARSSL_DHM_C)
597 #endif
598 #if defined(POLARSSL_ECDH_C)
600 #endif
601 #if defined(POLARSSL_ECDH_C) || defined(POLARSSL_ECDSA_C)
603 #endif
604 #if defined(POLARSSL_X509_CRT_PARSE_C)
605 
612 #if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
614 #endif
615 #endif /* POLARSSL_X509_CRT_PARSE_C */
616 
617  /*
618  * Checksum contexts
619  */
620 #if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1) || \
621  defined(POLARSSL_SSL_PROTO_TLS1_1)
624 #endif
625 #if defined(POLARSSL_SSL_PROTO_TLS1_2)
626 #if defined(POLARSSL_SHA256_C)
628 #endif
629 #if defined(POLARSSL_SHA512_C)
631 #endif
632 #endif /* POLARSSL_SSL_PROTO_TLS1_2 */
633 
634  void (*update_checksum)(ssl_context *, const unsigned char *, size_t);
635  void (*calc_verify)(ssl_context *, unsigned char *);
636  void (*calc_finished)(ssl_context *, unsigned char *, int);
637  int (*tls_prf)(const unsigned char *, size_t, const char *,
638  const unsigned char *, size_t,
639  unsigned char *, size_t);
640 
641  size_t pmslen;
643  unsigned char randbytes[64];
647  int resume;
650  int cli_exts;
652 #if defined(POLARSSL_SSL_SESSION_TICKETS)
654 #endif /* POLARSSL_SSL_SESSION_TICKETS */
655 };
656 
657 #if defined(POLARSSL_SSL_SESSION_TICKETS)
658 /*
659  * Parameters needed to secure session tickets
660  */
662 {
663  unsigned char key_name[16];
666  unsigned char mac_key[16];
667 };
668 #endif /* POLARSSL_SSL_SESSION_TICKETS */
669 
670 #if defined(POLARSSL_X509_CRT_PARSE_C)
671 /*
672  * List of certificate + private key pairs
673  */
675 {
680 };
681 #endif /* POLARSSL_X509_CRT_PARSE_C */
682 
684 {
685  /*
686  * Miscellaneous
687  */
688  int state;
692  int major_ver;
693  int minor_ver;
700  /*
701  * Callbacks (RNG, debug, I/O, verification)
702  */
703  int (*f_rng)(void *, unsigned char *, size_t);
704  void (*f_dbg)(void *, int, const char *);
705  int (*f_recv)(void *, unsigned char *, size_t);
706  int (*f_send)(void *, const unsigned char *, size_t);
707  int (*f_get_cache)(void *, ssl_session *);
708  int (*f_set_cache)(void *, const ssl_session *);
709 
710  void *p_rng;
711  void *p_dbg;
712  void *p_recv;
713  void *p_send;
714  void *p_get_cache;
715  void *p_set_cache;
716  void *p_hw_data;
718 #if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
719  int (*f_sni)(void *, ssl_context *, const unsigned char *, size_t);
720  void *p_sni;
721 #endif
722 
723 #if defined(POLARSSL_X509_CRT_PARSE_C)
724  int (*f_vrfy)(void *, x509_crt *, int, int *);
725  void *p_vrfy;
726 #endif
727 
728 #if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
729  int (*f_psk)(void *, ssl_context *, const unsigned char *, size_t);
730  void *p_psk;
731 #endif
732 
733  /*
734  * Session layer
735  */
744  /*
745  * Record layer transformations
746  */
752  /*
753  * Record layer (incoming data)
754  */
755  unsigned char *in_ctr;
756  unsigned char *in_hdr;
757  unsigned char *in_iv;
758  unsigned char *in_msg;
759  unsigned char *in_offt;
762  size_t in_msglen;
763  size_t in_left;
765  size_t in_hslen;
766  int nb_zero;
769  /*
770  * Record layer (outgoing data)
771  */
772  unsigned char *out_ctr;
773  unsigned char *out_hdr;
774  unsigned char *out_iv;
775  unsigned char *out_msg;
778  size_t out_msglen;
779  size_t out_left;
781 #if defined(POLARSSL_ZLIB_SUPPORT)
782  unsigned char *compress_buf;
783 #endif
784 #if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
785  unsigned char mfl_code;
786 #endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */
787 
788  /*
789  * PKI layer
790  */
791 #if defined(POLARSSL_X509_CRT_PARSE_C)
796  const char *peer_cn;
797 #endif /* POLARSSL_X509_CRT_PARSE_C */
798 
799  /*
800  * Support for generating and checking session tickets
801  */
802 #if defined(POLARSSL_SSL_SESSION_TICKETS)
804 #endif /* POLARSSL_SSL_SESSION_TICKETS */
805 
806  /*
807  * User settings
808  */
809  int endpoint;
810  int authmode;
816  const int *ciphersuite_list[4];
817 #if defined(POLARSSL_SSL_SET_CURVES)
818  const ecp_group_id *curve_list;
819 #endif
820 #if defined(POLARSSL_SSL_TRUNCATED_HMAC)
822 #endif
823 #if defined(POLARSSL_SSL_SESSION_TICKETS)
826 #endif
827 
828 #if defined(POLARSSL_DHM_C)
831 #endif
832 
833 #if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
834  /*
835  * PSK values
836  */
837  unsigned char *psk;
838  size_t psk_len;
839  unsigned char *psk_identity;
841 #endif
842 
843 #if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
844  /*
845  * SNI extension
846  */
847  unsigned char *hostname;
848  size_t hostname_len;
849 #endif
850 
851 #if defined(POLARSSL_SSL_ALPN)
852  /*
853  * ALPN extension
854  */
855  const char **alpn_list;
856  const char *alpn_chosen;
857 #endif
858 
859  /*
860  * Secure renegotiation
861  */
865  char own_verify_data[36];
866  char peer_verify_data[36];
867 };
868 
869 #if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
870 
871 #define SSL_CHANNEL_OUTBOUND 0
872 #define SSL_CHANNEL_INBOUND 1
873 
874 extern int (*ssl_hw_record_init)(ssl_context *ssl,
875  const unsigned char *key_enc, const unsigned char *key_dec,
876  size_t keylen,
877  const unsigned char *iv_enc, const unsigned char *iv_dec,
878  size_t ivlen,
879  const unsigned char *mac_enc, const unsigned char *mac_dec,
880  size_t maclen);
881 extern int (*ssl_hw_record_activate)(ssl_context *ssl, int direction);
882 extern int (*ssl_hw_record_reset)(ssl_context *ssl);
883 extern int (*ssl_hw_record_write)(ssl_context *ssl);
884 extern int (*ssl_hw_record_read)(ssl_context *ssl);
885 extern int (*ssl_hw_record_finish)(ssl_context *ssl);
886 #endif /* POLARSSL_SSL_HW_RECORD_ACCEL */
887 
894 const int *ssl_list_ciphersuites( void );
895 
904 const char *ssl_get_ciphersuite_name( const int ciphersuite_id );
905 
914 int ssl_get_ciphersuite_id( const char *ciphersuite_name );
915 
925 int ssl_init( ssl_context *ssl );
926 
937 int ssl_session_reset( ssl_context *ssl );
938 
948 void ssl_set_endpoint( ssl_context *ssl, int endpoint );
949 
973 void ssl_set_authmode( ssl_context *ssl, int authmode );
974 
975 #if defined(POLARSSL_X509_CRT_PARSE_C)
976 
987 void ssl_set_verify( ssl_context *ssl,
988  int (*f_vrfy)(void *, x509_crt *, int, int *),
989  void *p_vrfy );
990 #endif /* POLARSSL_X509_CRT_PARSE_C */
991 
999 void ssl_set_rng( ssl_context *ssl,
1000  int (*f_rng)(void *, unsigned char *, size_t),
1001  void *p_rng );
1002 
1010 void ssl_set_dbg( ssl_context *ssl,
1011  void (*f_dbg)(void *, int, const char *),
1012  void *p_dbg );
1013 
1023 void ssl_set_bio( ssl_context *ssl,
1024  int (*f_recv)(void *, unsigned char *, size_t), void *p_recv,
1025  int (*f_send)(void *, const unsigned char *, size_t), void *p_send );
1026 
1065  int (*f_get_cache)(void *, ssl_session *), void *p_get_cache,
1066  int (*f_set_cache)(void *, const ssl_session *), void *p_set_cache );
1067 
1082 int ssl_set_session( ssl_context *ssl, const ssl_session *session );
1083 
1096 void ssl_set_ciphersuites( ssl_context *ssl, const int *ciphersuites );
1097 
1112  const int *ciphersuites,
1113  int major, int minor );
1114 
1115 #if defined(POLARSSL_X509_CRT_PARSE_C)
1116 
1124 void ssl_set_ca_chain( ssl_context *ssl, x509_crt *ca_chain,
1125  x509_crl *ca_crl, const char *peer_cn );
1126 
1145 int ssl_set_own_cert( ssl_context *ssl, x509_crt *own_cert,
1146  pk_context *pk_key );
1147 
1148 #if defined(POLARSSL_RSA_C)
1149 
1165 int ssl_set_own_cert_rsa( ssl_context *ssl, x509_crt *own_cert,
1166  rsa_context *rsa_key );
1167 #endif /* POLARSSL_RSA_C */
1168 
1194 int ssl_set_own_cert_alt( ssl_context *ssl, x509_crt *own_cert,
1195  void *rsa_key,
1196  rsa_decrypt_func rsa_decrypt,
1197  rsa_sign_func rsa_sign,
1198  rsa_key_len_func rsa_key_len );
1199 #endif /* POLARSSL_X509_CRT_PARSE_C */
1200 
1201 #if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
1202 
1214 int ssl_set_psk( ssl_context *ssl, const unsigned char *psk, size_t psk_len,
1215  const unsigned char *psk_identity, size_t psk_identity_len );
1216 
1237 void ssl_set_psk_cb( ssl_context *ssl,
1238  int (*f_psk)(void *, ssl_context *, const unsigned char *,
1239  size_t),
1240  void *p_psk );
1241 #endif /* POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED */
1242 
1243 #if defined(POLARSSL_DHM_C)
1244 
1255 int ssl_set_dh_param( ssl_context *ssl, const char *dhm_P, const char *dhm_G );
1256 
1266 int ssl_set_dh_param_ctx( ssl_context *ssl, dhm_context *dhm_ctx );
1267 #endif /* POLARSSL_DHM_C */
1268 
1269 #if defined(POLARSSL_SSL_SET_CURVES)
1270 
1288 void ssl_set_curves( ssl_context *ssl, const ecp_group_id *curves );
1289 #endif /* POLARSSL_SSL_SET_CURVES */
1290 
1291 #if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
1292 
1302 int ssl_set_hostname( ssl_context *ssl, const char *hostname );
1303 
1323 void ssl_set_sni( ssl_context *ssl,
1324  int (*f_sni)(void *, ssl_context *, const unsigned char *,
1325  size_t),
1326  void *p_sni );
1327 #endif /* POLARSSL_SSL_SERVER_NAME_INDICATION */
1328 
1329 #if defined(POLARSSL_SSL_ALPN)
1330 
1339 int ssl_set_alpn_protocols( ssl_context *ssl, const char **protos );
1340 
1350 const char *ssl_get_alpn_protocol( const ssl_context *ssl );
1351 #endif /* POLARSSL_SSL_ALPN */
1352 
1368 void ssl_set_max_version( ssl_context *ssl, int major, int minor );
1369 
1370 
1384 void ssl_set_min_version( ssl_context *ssl, int major, int minor );
1385 
1386 #if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
1387 
1402 int ssl_set_max_frag_len( ssl_context *ssl, unsigned char mfl_code );
1403 #endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */
1404 
1405 #if defined(POLARSSL_SSL_TRUNCATED_HMAC)
1406 
1417 int ssl_set_truncated_hmac( ssl_context *ssl, int truncate );
1418 #endif /* POLARSSL_SSL_TRUNCATED_HMAC */
1419 
1420 #if defined(POLARSSL_SSL_SESSION_TICKETS)
1421 
1437 int ssl_set_session_tickets( ssl_context *ssl, int use_tickets );
1438 
1446 void ssl_set_session_ticket_lifetime( ssl_context *ssl, int lifetime );
1447 #endif /* POLARSSL_SSL_SESSION_TICKETS */
1448 
1462 void ssl_set_renegotiation( ssl_context *ssl, int renegotiation );
1463 
1491 void ssl_legacy_renegotiation( ssl_context *ssl, int allow_legacy );
1492 
1521 void ssl_set_renegotiation_enforced( ssl_context *ssl, int max_records );
1522 
1530 size_t ssl_get_bytes_avail( const ssl_context *ssl );
1531 
1543 int ssl_get_verify_result( const ssl_context *ssl );
1544 
1552 const char *ssl_get_ciphersuite( const ssl_context *ssl );
1553 
1561 const char *ssl_get_version( const ssl_context *ssl );
1562 
1563 #if defined(POLARSSL_X509_CRT_PARSE_C)
1564 
1578 const x509_crt *ssl_get_peer_cert( const ssl_context *ssl );
1579 #endif /* POLARSSL_X509_CRT_PARSE_C */
1580 
1597 int ssl_get_session( const ssl_context *ssl, ssl_session *session );
1598 
1607 int ssl_handshake( ssl_context *ssl );
1608 
1621 int ssl_handshake_step( ssl_context *ssl );
1622 
1633 int ssl_renegotiate( ssl_context *ssl );
1634 
1645 int ssl_read( ssl_context *ssl, unsigned char *buf, size_t len );
1646 
1661 int ssl_write( ssl_context *ssl, const unsigned char *buf, size_t len );
1662 
1674  unsigned char level,
1675  unsigned char message );
1681 int ssl_close_notify( ssl_context *ssl );
1682 
1688 void ssl_free( ssl_context *ssl );
1689 
1695 void ssl_session_init( ssl_session *session );
1696 
1703 void ssl_session_free( ssl_session *session );
1704 
1711 void ssl_transform_free( ssl_transform *transform );
1712 
1719 void ssl_handshake_free( ssl_handshake_params *handshake );
1720 
1721 /*
1722  * Internal functions (do not call directly)
1723  */
1726 void ssl_handshake_wrapup( ssl_context *ssl );
1727 
1729 
1730 int ssl_derive_keys( ssl_context *ssl );
1731 
1732 int ssl_read_record( ssl_context *ssl );
1737 int ssl_fetch_input( ssl_context *ssl, size_t nb_want );
1738 
1739 int ssl_write_record( ssl_context *ssl );
1740 int ssl_flush_output( ssl_context *ssl );
1741 
1744 
1747 
1748 int ssl_parse_finished( ssl_context *ssl );
1749 int ssl_write_finished( ssl_context *ssl );
1750 
1752  const ssl_ciphersuite_t *ciphersuite_info );
1753 
1754 #if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
1756 #endif
1757 
1758 #if defined(POLARSSL_PK_C)
1759 unsigned char ssl_sig_from_pk( pk_context *pk );
1760 pk_type_t ssl_pk_alg_from_sig( unsigned char sig );
1761 #endif
1762 
1763 md_type_t ssl_md_alg_from_hash( unsigned char hash );
1764 
1765 #if defined(POLARSSL_SSL_SET_CURVES)
1766 int ssl_curve_is_acceptable( const ssl_context *ssl, ecp_group_id grp_id );
1767 #endif
1768 
1769 #if defined(POLARSSL_X509_CRT_PARSE_C)
1770 static inline pk_context *ssl_own_key( ssl_context *ssl )
1771 {
1772  return( ssl->handshake->key_cert == NULL ? NULL
1773  : ssl->handshake->key_cert->key );
1774 }
1775 
1776 static inline x509_crt *ssl_own_cert( ssl_context *ssl )
1777 {
1778  return( ssl->handshake->key_cert == NULL ? NULL
1779  : ssl->handshake->key_cert->cert );
1780 }
1781 
1782 /*
1783  * Check usage of a certificate wrt extensions:
1784  * keyUsage, extendedKeyUsage (later), and nSCertType (later).
1785  *
1786  * Warning: cert_endpoint is the endpoint of the cert (ie, of our peer when we
1787  * check a cert we received from them)!
1788  *
1789  * Return 0 if everything is OK, -1 if not.
1790  */
1791 int ssl_check_cert_usage( const x509_crt *cert,
1792  const ssl_ciphersuite_t *ciphersuite,
1793  int cert_endpoint );
1794 #endif /* POLARSSL_X509_CRT_PARSE_C */
1795 
1796 /* constant-time buffer comparison */
1797 static inline int safer_memcmp( const void *a, const void *b, size_t n )
1798 {
1799  size_t i;
1800  const unsigned char *A = (const unsigned char *) a;
1801  const unsigned char *B = (const unsigned char *) b;
1802  unsigned char diff = 0;
1803 
1804  for( i = 0; i < n; i++ )
1805  diff |= A[i] ^ B[i];
1806 
1807  return( diff );
1808 }
1809 
1810 #ifdef __cplusplus
1811 }
1812 #endif
1813 
1814 #endif /* ssl.h */
const ecp_curve_info ** curves
Definition: ssl.h:602
unsigned char * hostname
Definition: ssl.h:847
ssl_session * session_in
Definition: ssl.h:736
unsigned char mfl_code
Definition: ssl.h:785
size_t length
Definition: ssl.h:519
void * p_set_cache
Definition: ssl.h:715
md_context_t md_ctx_dec
Definition: ssl.h:570
int ciphersuite
Definition: ssl.h:517
int trunc_hmac
Definition: ssl.h:821
size_t in_hslen
Definition: ssl.h:765
int ssl_send_alert_message(ssl_context *ssl, unsigned char level, unsigned char message)
Send an alert message.
void(* f_dbg)(void *, int, const char *)
Definition: ssl.h:704
int(* f_rng)(void *, unsigned char *, size_t)
Definition: ssl.h:703
sha256_context fin_sha256
Definition: ssl.h:627
size_t ivlen
Definition: ssl.h:556
int record_read
Definition: ssl.h:767
int major_ver
Definition: ssl.h:692
int renego_records_seen
Definition: ssl.h:690
Generic cipher context.
Definition: cipher.h:258
#define POLARSSL_PREMASTER_SIZE
Definition: ssl.h:453
SHA-1 context structure.
Definition: sha1.h:58
unsigned char mac_enc[20]
Definition: ssl.h:565
sha1_context fin_sha1
Definition: ssl.h:623
int compression
Definition: ssl.h:518
pk_type_t ssl_pk_alg_from_sig(unsigned char sig)
Network communication functions.
int state
Definition: ssl.h:688
const char * peer_cn
Definition: ssl.h:796
unsigned char master[48]
Definition: ssl.h:521
char peer_verify_data[36]
Definition: ssl.h:866
int ssl_set_truncated_hmac(ssl_context *ssl, int truncate)
Activate negotiation of truncated HMAC (Client only) (Default: SSL_TRUNC_HMAC_ENABLED) ...
ssl_transform * transform_out
Definition: ssl.h:748
int(* f_sni)(void *, ssl_context *, const unsigned char *, size_t)
Definition: ssl.h:719
int nb_zero
Definition: ssl.h:766
void(* calc_verify)(ssl_context *, unsigned char *)
Definition: ssl.h:635
DHM context structure.
Definition: dhm.h:156
void * p_psk
Definition: ssl.h:730
Elliptic curves over GF(p)
size_t ticket_len
Definition: ssl.h:530
ssl_session * session_negotiate
Definition: ssl.h:739
ssl_session * session
Definition: ssl.h:738
void ssl_legacy_renegotiation(ssl_context *ssl, int allow_legacy)
Prevent or allow legacy renegotiation.
int ssl_parse_certificate(ssl_context *ssl)
void ssl_set_dbg(ssl_context *ssl, void(*f_dbg)(void *, int, const char *), void *p_dbg)
Set the debug callback.
ssl_key_cert * key_cert
Definition: ssl.h:792
ssl_key_cert * sni_key_cert
Definition: ssl.h:613
int ssl_set_session_tickets(ssl_context *ssl, int use_tickets)
Enable / Disable session tickets (Default: SSL_SESSION_TICKETS_ENABLED on client, SSL_SESSION_TICKETS...
unsigned char iv_enc[16]
Definition: ssl.h:560
size_t out_msglen
Definition: ssl.h:778
void ssl_set_verify(ssl_context *ssl, int(*f_vrfy)(void *, x509_crt *, int, int *), void *p_vrfy)
Set the verification callback (Optional).
int ticket_lifetime
Definition: ssl.h:825
ssl_transform * transform_in
Definition: ssl.h:747
cipher_context_t cipher_ctx_enc
Definition: ssl.h:572
const int * ciphersuite_list[4]
Definition: ssl.h:816
int ssl_parse_finished(ssl_context *ssl)
void * p_rng
Definition: ssl.h:710
mpi dhm_P
Definition: ssl.h:829
ssl_states
Definition: ssl.h:475
unsigned char premaster[POLARSSL_PREMASTER_SIZE]
Definition: ssl.h:644
void ssl_session_free(ssl_session *session)
Free referenced items in an SSL session including the peer certificate and clear memory.
AES context structure.
Definition: aes.h:68
int ssl_write_finished(ssl_context *ssl)
Configuration options (set of defines)
unsigned char _pms_dhe_psk[4+POLARSSL_MPI_MAX_SIZE+POLARSSL_PSK_MAX_LEN]
Definition: ssl.h:442
ssl_transform * transform
Definition: ssl.h:749
x509_crt * cert
Definition: ssl.h:676
size_t psk_identity_len
Definition: ssl.h:840
unsigned char * out_ctr
Definition: ssl.h:772
void ssl_handshake_wrapup(ssl_context *ssl)
char own_verify_data[36]
Definition: ssl.h:865
int(* f_send)(void *, const unsigned char *, size_t)
Definition: ssl.h:706
size_t in_msglen
Definition: ssl.h:762
int ssl_set_dh_param_ctx(ssl_context *ssl, dhm_context *dhm_ctx)
Set the Diffie-Hellman public P and G values, read from existing context (server-side only) ...
unsigned char * in_hdr
Definition: ssl.h:756
int secure_renegotiation
Definition: ssl.h:862
time_t start
Definition: ssl.h:515
MPI structure.
Definition: bignum.h:182
sha512_context fin_sha512
Definition: ssl.h:630
int ssl_handshake_server_step(ssl_context *ssl)
SSL Ciphersuites for PolarSSL.
int(* tls_prf)(const unsigned char *, size_t, const char *, const unsigned char *, size_t, unsigned char *, size_t)
Definition: ssl.h:637
unsigned char mac_key[16]
Definition: ssl.h:666
void * p_vrfy
Definition: ssl.h:725
size_t psk_len
Definition: ssl.h:838
void ssl_set_max_version(ssl_context *ssl, int major, int minor)
Set the maximum supported version sent from the client side and/or accepted at the server side (Defau...
const ssl_ciphersuite_t * ciphersuite_info
Definition: ssl.h:552
void * p_recv
Definition: ssl.h:712
unsigned char * psk
Definition: ssl.h:837
int renego_max_records
Definition: ssl.h:815
Multi-precision integer library.
void ssl_set_ciphersuites_for_version(ssl_context *ssl, const int *ciphersuites, int major, int minor)
Set the list of allowed ciphersuites and the preference order for a specific version of the protocol...
int ssl_init(ssl_context *ssl)
Initialize an SSL context (An individual SSL context is not thread-safe)
int max_major_ver
Definition: ssl.h:695
int ssl_get_ciphersuite_id(const char *ciphersuite_name)
Return the ID of the ciphersuite associated with the given name.
int ssl_set_psk(ssl_context *ssl, const unsigned char *psk, size_t psk_len, const unsigned char *psk_identity, size_t psk_identity_len)
Set the Pre Shared Key (PSK) and the identity name connected to it.
void ssl_set_psk_cb(ssl_context *ssl, int(*f_psk)(void *, ssl_context *, const unsigned char *, size_t), void *p_psk)
Set the PSK callback (server-side only) (Optional).
unsigned int keylen
Definition: ssl.h:554
int ssl_get_session(const ssl_context *ssl, ssl_session *session)
Save session in order to resume it later (client-side only) Session data is copied to presented sessi...
md_type_t
Definition: md.h:51
int verify_result
Definition: ssl.h:526
const char * ssl_get_alpn_protocol(const ssl_context *ssl)
Get the name of the negotiated Application Layer Protocol.
#define POLARSSL_MPI_MAX_SIZE
const char ** alpn_list
Definition: ssl.h:855
int max_minor_ver
Definition: ssl.h:696
const char * alpn_chosen
Definition: ssl.h:856
void * p_hw_data
Definition: ssl.h:716
unsigned char * in_ctr
Definition: ssl.h:755
ssl_handshake_params * handshake
Definition: ssl.h:741
void(* update_checksum)(ssl_context *, const unsigned char *, size_t)
Definition: ssl.h:634
size_t fixed_ivlen
Definition: ssl.h:557
int ssl_write_certificate(ssl_context *ssl)
size_t(* rsa_key_len_func)(void *ctx)
Definition: ssl.h:470
RSA context structure.
Definition: rsa.h:83
cipher_context_t cipher_ctx_dec
Definition: ssl.h:573
#define POLARSSL_PSK_MAX_LEN
Definition: ssl.h:419
int in_msgtype
Definition: ssl.h:761
Container for an X.509 certificate.
Definition: x509_crt.h:57
size_t verify_data_len
Definition: ssl.h:864
const char * ssl_get_ciphersuite(const ssl_context *ssl)
Return the name of the current ciphersuite.
mpi dhm_G
Definition: ssl.h:830
const char * ssl_get_version(const ssl_context *ssl)
Return the current SSL version (SSLv3/TLSv1/etc)
void ssl_set_renegotiation(ssl_context *ssl, int renegotiation)
Enable / Disable renegotiation support for connection when initiated by peer (Default: SSL_RENEGOTIAT...
int min_minor_ver
Definition: ssl.h:698
unsigned char * out_msg
Definition: ssl.h:775
unsigned char _pms_dhm[POLARSSL_MPI_MAX_SIZE]
Definition: ssl.h:429
int client_auth
Definition: ssl.h:811
void * p_dbg
Definition: ssl.h:711
ssl_key_cert * key_cert
Current key/cert or key/cert list.
Definition: ssl.h:611
void * p_send
Definition: ssl.h:713
ecdh_context ecdh_ctx
Definition: ssl.h:599
x509_crl * ca_crl
Definition: ssl.h:795
static x509_crt * ssl_own_cert(ssl_context *ssl)
Definition: ssl.h:1776
int ssl_set_max_frag_len(ssl_context *ssl, unsigned char mfl_code)
Set the maximum fragment length to emit and/or negotiate (Default: SSL_MAX_CONTENT_LEN, usually 2^14 bytes) (Server: set maximum fragment length to emit, usually negotiated by the client during handshake (Client: set maximum fragment length to emit and negotiate with the server during handshake)
SHA-512 context structure.
Definition: sha512.h:59
int ssl_handshake_client_step(ssl_context *ssl)
unsigned char _pms_ecdhe_psk[4+POLARSSL_ECP_MAX_BYTES+POLARSSL_PSK_MAX_LEN]
Definition: ssl.h:449
unsigned char * ticket
Definition: ssl.h:529
size_t maclen
Definition: ssl.h:558
int new_session_ticket
Definition: ssl.h:653
unsigned char * out_hdr
Definition: ssl.h:773
AES block cipher.
int ssl_set_own_cert(ssl_context *ssl, x509_crt *own_cert, pk_context *pk_key)
Set own certificate chain and private key.
int trunc_hmac
Definition: ssl.h:539
void ssl_set_endpoint(ssl_context *ssl, int endpoint)
Set the current endpoint type.
void ssl_set_ciphersuites(ssl_context *ssl, const int *ciphersuites)
Set the list of allowed ciphersuites and the preference order.
Curve information for use by other modules.
Definition: ecp.h:87
void ssl_set_rng(ssl_context *ssl, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Set the random number generator callback.
void * p_get_cache
Definition: ssl.h:714
void ssl_set_bio(ssl_context *ssl, int(*f_recv)(void *, unsigned char *, size_t), void *p_recv, int(*f_send)(void *, const unsigned char *, size_t), void *p_send)
Set the underlying BIO read and write callbacks.
void ssl_free(ssl_context *ssl)
Free referenced items in an SSL context and clear memory.
unsigned char _pms_rsa[48]
Definition: ssl.h:426
unsigned char ssl_sig_from_pk(pk_context *pk)
void ssl_handshake_free(ssl_handshake_params *handshake)
Free referenced items in an SSL handshake context and clear memory.
int authmode
Definition: ssl.h:810
int ssl_flush_output(ssl_context *ssl)
int ssl_handshake(ssl_context *ssl)
Perform the SSL handshake.
unsigned char * in_offt
Definition: ssl.h:759
void ssl_set_min_version(ssl_context *ssl, int major, int minor)
Set the minimum accepted SSL/TLS protocol version (Default: SSL_MIN_MAJOR_VERSION, SSL_MIN_MINOR_VERSION)
Diffie-Hellman-Merkle key exchange.
X.509 certificate parsing and writing.
int(* rsa_sign_func)(void *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, unsigned char *sig)
Definition: ssl.h:466
unsigned char * in_msg
Definition: ssl.h:758
int ssl_set_hostname(ssl_context *ssl, const char *hostname)
Set hostname for ServerName TLS extension (client-side only)
aes_context dec
Definition: ssl.h:665
int ssl_handshake_step(ssl_context *ssl)
Perform a single step of the SSL handshake.
MD5 context structure.
Definition: md5.h:58
int ssl_check_cert_usage(const x509_crt *cert, const ssl_ciphersuite_t *ciphersuite, int cert_endpoint)
pk_type_t
Public key types.
Definition: pk.h:95
aes_context enc
Definition: ssl.h:664
unsigned char iv_dec[16]
Definition: ssl.h:561
unsigned char _pms_ecdh[POLARSSL_ECP_MAX_BYTES]
Definition: ssl.h:435
int ssl_parse_change_cipher_spec(ssl_context *ssl)
size_t hostname_len
Definition: ssl.h:848
Elliptic curve Diffie-Hellman.
int minor_ver
Definition: ssl.h:693
#define POLARSSL_ECP_MAX_BYTES
Definition: ecp.h:186
ECDH context structure.
Definition: ecdh.h:48
This structure is used for storing ciphersuite information.
int ssl_close_notify(ssl_context *ssl)
Notify the peer that the connection is being closed.
const x509_crt * ssl_get_peer_cert(const ssl_context *ssl)
Return the peer certificate from the current connection.
void ssl_set_session_cache(ssl_context *ssl, int(*f_get_cache)(void *, ssl_session *), void *p_get_cache, int(*f_set_cache)(void *, const ssl_session *), void *p_set_cache)
Set the session cache callbacks (server-side only) If not set, no session resuming is done...
size_t ssl_get_bytes_avail(const ssl_context *ssl)
Return the number of data bytes available to read.
int ssl_set_session(ssl_context *ssl, const ssl_session *session)
Request resumption of session (client-side only) Session data is copied from presented session struct...
size_t in_left
Definition: ssl.h:763
int session_tickets
Definition: ssl.h:824
pk_context * key
Definition: ssl.h:677
int allow_legacy_renegotiation
Definition: ssl.h:814
ssl_session * session_out
Definition: ssl.h:737
unsigned char _pms_psk[4+2 *POLARSSL_PSK_MAX_LEN]
Definition: ssl.h:438
void(* calc_finished)(ssl_context *, unsigned char *, int)
Definition: ssl.h:636
int ssl_read_record(ssl_context *ssl)
int ssl_set_own_cert_rsa(ssl_context *ssl, x509_crt *own_cert, rsa_context *rsa_key)
Set own certificate chain and private RSA key.
ecp_group_id
Domain parameters (curve, subgroup and generator) identifiers.
Definition: ecp.h:57
int ssl_set_dh_param(ssl_context *ssl, const char *dhm_P, const char *dhm_G)
Set the Diffie-Hellman public P and G values, read as hexadecimal strings (server-side only) (Default...
int(* f_vrfy)(void *, x509_crt *, int, int *)
Definition: ssl.h:724
int out_msgtype
Definition: ssl.h:777
void ssl_set_session_ticket_lifetime(ssl_context *ssl, int lifetime)
Set session ticket lifetime (server only) (Default: SSL_DEFAULT_TICKET_LIFETIME (86400 secs / 1 day))...
size_t out_left
Definition: ssl.h:779
unsigned char mac_dec[20]
Definition: ssl.h:566
SHA-1 cryptographic hash function.
md_context_t md_ctx_enc
Definition: ssl.h:569
int ssl_get_verify_result(const ssl_context *ssl)
Return the result of the certificate verification.
X.509 certificate revocation list parsing.
int ssl_session_reset(ssl_context *ssl)
Reset an already initialized SSL context for re-use while retaining application-set variables...
void ssl_session_init(ssl_session *session)
Initialize SSL session structure.
int min_major_ver
Definition: ssl.h:697
Certificate revocation list structure.
Definition: x509_crl.h:73
const int * ssl_list_ciphersuites(void)
Returns the list of ciphersuites supported by the SSL/TLS module.
SHA-384 and SHA-512 cryptographic hash function.
ssl_transform * transform_negotiate
Definition: ssl.h:750
int ssl_set_alpn_protocols(ssl_context *ssl, const char **protos)
Set the supported Application Layer Protocols.
unsigned char _pms_rsa_psk[52+POLARSSL_PSK_MAX_LEN]
Definition: ssl.h:445
uint32_t ticket_lifetime
Definition: ssl.h:531
void ssl_set_renegotiation_enforced(ssl_context *ssl, int max_records)
Enforce server-requested renegotiation.
unsigned char * in_iv
Definition: ssl.h:757
int disable_renegotiation
Definition: ssl.h:813
int verify_result
Definition: ssl.h:812
int ssl_write_change_cipher_spec(ssl_context *ssl)
int(* f_get_cache)(void *, ssl_session *)
Definition: ssl.h:707
int ssl_derive_keys(ssl_context *ssl)
void ssl_set_authmode(ssl_context *ssl, int authmode)
Set the certificate verification mode.
static pk_context * ssl_own_key(ssl_context *ssl)
Definition: ssl.h:1770
int(* f_set_cache)(void *, const ssl_session *)
Definition: ssl.h:708
SHA-256 context structure.
Definition: sha256.h:58
key_exchange_type_t
unsigned char mfl_code
Definition: ssl.h:535
int ssl_psk_derive_premaster(ssl_context *ssl, key_exchange_type_t key_ex)
int renegotiation
Definition: ssl.h:689
dhm_context dhm_ctx
Definition: ssl.h:596
static int safer_memcmp(const void *a, const void *b, size_t n)
Definition: ssl.h:1797
int ssl_send_fatal_handshake_failure(ssl_context *ssl)
ssl_ticket_keys * ticket_keys
Definition: ssl.h:803
size_t minlen
Definition: ssl.h:555
int ssl_read(ssl_context *ssl, unsigned char *buf, size_t len)
Read at most 'len' application data bytes.
void ssl_transform_free(ssl_transform *transform)
Free referenced items in an SSL transform context and clear memory.
unsigned char * psk_identity
Definition: ssl.h:839
const char * ssl_get_ciphersuite_name(const int ciphersuite_id)
Return the name of the ciphersuite associated with the given ID.
MD5 message digest algorithm (hash function)
int ssl_renegotiate(ssl_context *ssl)
Initiate an SSL renegotiation on the running connection.
SHA-224 and SHA-256 cryptographic hash function.
int(* f_recv)(void *, unsigned char *, size_t)
Definition: ssl.h:705
unsigned char key_name[16]
Definition: ssl.h:663
int key_own_alloc
Definition: ssl.h:678
int ssl_write(ssl_context *ssl, const unsigned char *buf, size_t len)
Write exactly 'len' application data bytes.
ssl_key_cert * next
Definition: ssl.h:679
void ssl_set_ca_chain(ssl_context *ssl, x509_crt *ca_chain, x509_crl *ca_crl, const char *peer_cn)
Set the data required to verify peer certificate.
x509_crt * ca_chain
Definition: ssl.h:794
md5_context fin_md5
Definition: ssl.h:622
int endpoint
Definition: ssl.h:809
int ssl_set_own_cert_alt(ssl_context *ssl, x509_crt *own_cert, void *rsa_key, rsa_decrypt_func rsa_decrypt, rsa_sign_func rsa_sign, rsa_key_len_func rsa_key_len)
Set own certificate and alternate non-PolarSSL RSA private key and handling callbacks, such as the PKCS#11 wrappers or any other external private key handler.
void ssl_set_sni(ssl_context *ssl, int(*f_sni)(void *, ssl_context *, const unsigned char *, size_t), void *p_sni)
Set server side ServerName TLS extension callback (optional, server-side only).
int ssl_fetch_input(ssl_context *ssl, size_t nb_want)
int(* f_psk)(void *, ssl_context *, const unsigned char *, size_t)
Definition: ssl.h:729
int ssl_write_record(ssl_context *ssl)
Public key container.
Definition: pk.h:194
unsigned char * out_iv
Definition: ssl.h:774
unsigned char randbytes[64]
Definition: ssl.h:643
int(* rsa_decrypt_func)(void *ctx, int mode, size_t *olen, const unsigned char *input, unsigned char *output, size_t output_max_len)
Definition: ssl.h:463
Generic message digest context.
Definition: md.h:132
void ssl_optimize_checksum(ssl_context *ssl, const ssl_ciphersuite_t *ciphersuite_info)
x509_crt * peer_cert
Definition: ssl.h:524
md_type_t ssl_md_alg_from_hash(unsigned char hash)
void * p_sni
Definition: ssl.h:720