2009-01-03 22:22:43 +01:00
/**
* \ file ssl . h
2009-01-04 17:27:10 +01:00
*
2011-01-06 13:28:03 +01:00
* \ brief SSL / TLS functions .
*
2014-05-01 14:18:25 +02:00
* Copyright ( C ) 2006 - 2014 , Brainspark B . V .
2010-07-18 22:36:00 +02:00
*
* This file is part of PolarSSL ( http : //www.polarssl.org)
2010-07-18 12:13:04 +02:00
* Lead Maintainer : Paul Bakker < polarssl_maintainer at polarssl . org >
2010-07-18 22:36:00 +02:00
*
2009-07-28 19:23:11 +02:00
* All rights reserved .
2009-01-04 17:27:10 +01:00
*
* This program is free software ; you can redistribute it and / or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation ; either version 2 of the License , or
* ( at your option ) any later version .
*
* This program is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU General Public License for more details .
*
* You should have received a copy of the GNU General Public License along
* with this program ; if not , write to the Free Software Foundation , Inc . ,
* 51 Franklin Street , Fifth Floor , Boston , MA 02110 - 1301 USA .
2009-01-03 22:22:43 +01:00
*/
2009-01-03 22:51:57 +01:00
# ifndef POLARSSL_SSL_H
# define POLARSSL_SSL_H
2009-01-03 22:22:43 +01:00
2014-04-29 12:39:06 +02:00
# if !defined(POLARSSL_CONFIG_FILE)
2013-04-18 22:46:23 +02:00
# include "config.h"
2014-04-29 12:39:06 +02:00
# else
# include POLARSSL_CONFIG_FILE
# endif
2011-08-15 11:07:52 +02:00
# include "net.h"
2013-04-18 22:46:23 +02:00
# include "bignum.h"
2014-07-03 16:12:50 +02:00
# include "ecp.h"
2013-04-18 22:46:23 +02:00
2013-08-27 21:19:20 +02:00
# include "ssl_ciphersuites.h"
# if defined(POLARSSL_MD5_C)
2011-08-15 11:07:52 +02:00
# include "md5.h"
2013-08-27 21:19:20 +02:00
# endif
# if defined(POLARSSL_SHA1_C)
2011-08-15 11:07:52 +02:00
# include "sha1.h"
2013-08-27 21:19:20 +02:00
# endif
# if defined(POLARSSL_SHA256_C)
2013-06-30 14:49:12 +02:00
# include "sha256.h"
2013-08-27 21:19:20 +02:00
# endif
# if defined(POLARSSL_SHA512_C)
2013-06-30 14:49:12 +02:00
# include "sha512.h"
2013-08-27 21:19:20 +02:00
# endif
2013-04-18 22:46:23 +02:00
2013-09-05 16:56:03 +02:00
// for session tickets
2013-08-27 21:19:20 +02:00
# if defined(POLARSSL_AES_C)
# include "aes.h"
# endif
2011-01-18 16:27:19 +01:00
2013-09-16 13:49:26 +02:00
# if defined(POLARSSL_X509_CRT_PARSE_C)
# include "x509_crt.h"
# include "x509_crl.h"
2013-09-23 14:46:13 +02:00
# endif
2013-04-18 22:46:23 +02:00
2012-09-16 21:57:18 +02:00
# if defined(POLARSSL_DHM_C)
# include "dhm.h"
# endif
2013-03-20 14:39:14 +01:00
# if defined(POLARSSL_ECDH_C)
# include "ecdh.h"
# endif
2012-07-03 15:30:23 +02:00
# if defined(POLARSSL_ZLIB_SUPPORT)
# include "zlib.h"
# endif
2014-09-29 14:04:42 +02:00
# if defined(POLARSSL_TIMING_C)
# include "timing.h"
# endif
2013-07-03 15:31:03 +02:00
# if defined(POLARSSL_HAVE_TIME)
# include <time.h>
# endif
2013-10-14 19:54:10 +02:00
/* For convenience below and in programs */
# if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) || \
defined ( POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED ) | | \
defined ( POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED ) | | \
defined ( POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED )
# define POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED
# endif
2014-01-19 21:48:42 +01:00
# if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
defined ( POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ) | | \
defined ( POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED )
# define POLARSSL_KEY_EXCHANGE__SOME__ECDHE_ENABLED
# endif
2011-07-27 18:28:54 +02:00
# if defined(_MSC_VER) && !defined(inline)
2011-04-18 05:47:52 +02:00
# define inline _inline
2011-06-21 09:48:07 +02:00
# else
2011-07-27 18:28:54 +02:00
# if defined(__ARMCC_VERSION) && !defined(inline)
2011-06-21 09:48:07 +02:00
# define inline __inline
2011-06-21 15:36:18 +02:00
# endif /* __ARMCC_VERSION */
2011-06-21 09:48:07 +02:00
# endif /*_MSC_VER */
2011-04-18 05:47:52 +02:00
2009-07-28 09:18:38 +02:00
/*
* SSL Error codes
*/
2011-05-09 18:17:09 +02:00
# define POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE -0x7080 /**< The requested feature is not available. */
# define POLARSSL_ERR_SSL_BAD_INPUT_DATA -0x7100 /**< Bad input parameters to function. */
# define POLARSSL_ERR_SSL_INVALID_MAC -0x7180 /**< Verification of the message MAC failed. */
# define POLARSSL_ERR_SSL_INVALID_RECORD -0x7200 /**< An invalid SSL record was received. */
2011-05-18 15:32:51 +02:00
# define POLARSSL_ERR_SSL_CONN_EOF -0x7280 /**< The connection indicated an EOF. */
2011-05-09 18:17:09 +02:00
# define POLARSSL_ERR_SSL_UNKNOWN_CIPHER -0x7300 /**< An unknown cipher was received. */
# define POLARSSL_ERR_SSL_NO_CIPHER_CHOSEN -0x7380 /**< The server has no ciphersuites in common with the client. */
2013-11-21 17:31:06 +01:00
# define POLARSSL_ERR_SSL_NO_RNG -0x7400 /**< No RNG was provided to the SSL module. */
2011-05-09 18:17:09 +02:00
# define POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE -0x7480 /**< No client certification received from the client, but required by the authentication mode. */
# define POLARSSL_ERR_SSL_CERTIFICATE_TOO_LARGE -0x7500 /**< Our own certificate(s) is/are too large to send in an SSL message.*/
# define POLARSSL_ERR_SSL_CERTIFICATE_REQUIRED -0x7580 /**< The own certificate is not set, but needed by the server. */
2013-04-17 19:11:36 +02:00
# define POLARSSL_ERR_SSL_PRIVATE_KEY_REQUIRED -0x7600 /**< The own private key or pre-shared key is not set, but needed. */
2011-05-09 18:17:09 +02:00
# define POLARSSL_ERR_SSL_CA_CHAIN_REQUIRED -0x7680 /**< No CA Chain is set, but required to operate. */
# define POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE -0x7700 /**< An unexpected message was received from our peer. */
# define POLARSSL_ERR_SSL_FATAL_ALERT_MESSAGE -0x7780 /**< A fatal alert message was received from our peer. */
# define POLARSSL_ERR_SSL_PEER_VERIFY_FAILED -0x7800 /**< Verification of our peer failed. */
# define POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY -0x7880 /**< The peer notified us that the connection is going to be closed. */
# define POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO -0x7900 /**< Processing of the ClientHello handshake message failed. */
# define POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO -0x7980 /**< Processing of the ServerHello handshake message failed. */
# define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE -0x7A00 /**< Processing of the Certificate handshake message failed. */
# define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST -0x7A80 /**< Processing of the CertificateRequest handshake message failed. */
# define POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE -0x7B00 /**< Processing of the ServerKeyExchange handshake message failed. */
# define POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO_DONE -0x7B80 /**< Processing of the ServerHelloDone handshake message failed. */
# define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE -0x7C00 /**< Processing of the ClientKeyExchange handshake message failed. */
2013-03-20 14:39:14 +01:00
# define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP -0x7C80 /**< Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Read Public. */
# define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS -0x7D00 /**< Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Calculate Secret. */
2011-05-09 18:17:09 +02:00
# define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY -0x7D80 /**< Processing of the CertificateVerify handshake message failed. */
# define POLARSSL_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC -0x7E00 /**< Processing of the ChangeCipherSpec handshake message failed. */
# define POLARSSL_ERR_SSL_BAD_HS_FINISHED -0x7E80 /**< Processing of the Finished handshake message failed. */
2011-12-10 22:55:01 +01:00
# define POLARSSL_ERR_SSL_MALLOC_FAILED -0x7F00 /**< Memory allocation failed */
2012-05-08 11:17:57 +02:00
# define POLARSSL_ERR_SSL_HW_ACCEL_FAILED -0x7F80 /**< Hardware acceleration function returned with error */
# define POLARSSL_ERR_SSL_HW_ACCEL_FALLTHROUGH -0x6F80 /**< Hardware acceleration function skipped / left alone data */
2012-07-03 15:30:23 +02:00
# define POLARSSL_ERR_SSL_COMPRESSION_FAILED -0x6F00 /**< Processing of the compression / decompression failed */
2012-09-28 15:28:45 +02:00
# define POLARSSL_ERR_SSL_BAD_HS_PROTOCOL_VERSION -0x6E80 /**< Handshake protocol not within min/max boundaries */
2013-07-31 12:58:16 +02:00
# define POLARSSL_ERR_SSL_BAD_HS_NEW_SESSION_TICKET -0x6E00 /**< Processing of the NewSessionTicket handshake message failed. */
2013-08-14 16:52:14 +02:00
# define POLARSSL_ERR_SSL_SESSION_TICKET_EXPIRED -0x6D80 /**< Session ticket has expired. */
2013-08-14 15:56:19 +02:00
# define POLARSSL_ERR_SSL_PK_TYPE_MISMATCH -0x6D00 /**< Public key type mismatch (eg, asked for RSA key exchange and presented EC key) */
2014-04-08 17:35:40 +02:00
# define POLARSSL_ERR_SSL_UNKNOWN_IDENTITY -0x6C80 /**< Unknown identity received (eg, PSK identity) */
2013-10-27 13:48:15 +01:00
# define POLARSSL_ERR_SSL_INTERNAL_ERROR -0x6C00 /**< Internal error (eg, unexpected failure in lower-level module) */
2014-03-10 21:20:29 +01:00
# define POLARSSL_ERR_SSL_COUNTER_WRAPPING -0x6B80 /**< A counter would wrap (eg, too many messages exchanged). */
2014-08-19 12:50:30 +02:00
# define POLARSSL_ERR_SSL_WAITING_SERVER_HELLO_RENEGO -0x6B00 /**< Unexpected message at ServerHello in renegotiation. */
2014-07-22 11:45:03 +02:00
# define POLARSSL_ERR_SSL_HELLO_VERIFY_REQUIRED -0x6A80 /**< DTLS client must retry for hello verification */
2014-07-23 23:41:53 +02:00
# define POLARSSL_ERR_SSL_BUFFER_TOO_SMALL -0x6A00 /**< A buffer is too small to receive or write a message */
2009-01-03 22:22:43 +01:00
/*
* Various constants
*/
# define SSL_MAJOR_VERSION_3 3
# define SSL_MINOR_VERSION_0 0 /*!< SSL v3.0 */
# define SSL_MINOR_VERSION_1 1 /*!< TLS v1.0 */
# define SSL_MINOR_VERSION_2 2 /*!< TLS v1.1 */
2012-04-11 14:09:53 +02:00
# define SSL_MINOR_VERSION_3 3 /*!< TLS v1.2 */
2009-01-03 22:22:43 +01:00
2014-02-06 13:04:16 +01:00
# define SSL_TRANSPORT_STREAM 0 /*!< TLS */
# define SSL_TRANSPORT_DATAGRAM 1 /*!< DTLS */
2013-08-27 21:19:20 +02:00
/* Determine minimum supported version */
# define SSL_MIN_MAJOR_VERSION SSL_MAJOR_VERSION_3
# if defined(POLARSSL_SSL_PROTO_SSL3)
# define SSL_MIN_MINOR_VERSION SSL_MINOR_VERSION_0
# else
# if defined(POLARSSL_SSL_PROTO_TLS1)
# define SSL_MIN_MINOR_VERSION SSL_MINOR_VERSION_1
# else
# if defined(POLARSSL_SSL_PROTO_TLS1_1)
# define SSL_MIN_MINOR_VERSION SSL_MINOR_VERSION_2
# else
# if defined(POLARSSL_SSL_PROTO_TLS1_2)
# define SSL_MIN_MINOR_VERSION SSL_MINOR_VERSION_3
2014-05-01 13:03:14 +02:00
# endif /* POLARSSL_SSL_PROTO_TLS1_2 */
# endif /* POLARSSL_SSL_PROTO_TLS1_1 */
# endif /* POLARSSL_SSL_PROTO_TLS1 */
# endif /* POLARSSL_SSL_PROTO_SSL3 */
2013-08-27 21:19:20 +02:00
/* Determine maximum supported version */
# define SSL_MAX_MAJOR_VERSION SSL_MAJOR_VERSION_3
# if defined(POLARSSL_SSL_PROTO_TLS1_2)
# define SSL_MAX_MINOR_VERSION SSL_MINOR_VERSION_3
# else
# if defined(POLARSSL_SSL_PROTO_TLS1_1)
# define SSL_MAX_MINOR_VERSION SSL_MINOR_VERSION_2
# else
# if defined(POLARSSL_SSL_PROTO_TLS1)
# define SSL_MAX_MINOR_VERSION SSL_MINOR_VERSION_1
# else
# if defined(POLARSSL_SSL_PROTO_SSL3)
# define SSL_MAX_MINOR_VERSION SSL_MINOR_VERSION_0
2014-05-01 13:03:14 +02:00
# endif /* POLARSSL_SSL_PROTO_SSL3 */
# endif /* POLARSSL_SSL_PROTO_TLS1 */
# endif /* POLARSSL_SSL_PROTO_TLS1_1 */
# endif /* POLARSSL_SSL_PROTO_TLS1_2 */
2013-08-27 21:19:20 +02:00
2013-07-18 12:32:27 +02:00
/* RFC 6066 section 4, see also mfl_code_to_length in ssl_tls.c
2013-07-19 12:47:00 +02:00
* NONE must be zero so that memset ( ) ing structure to zero works */
2013-07-16 12:45:26 +02:00
# define SSL_MAX_FRAG_LEN_NONE 0 /*!< don't use this extension */
# define SSL_MAX_FRAG_LEN_512 1 /*!< MaxFragmentLength 2^9 */
# define SSL_MAX_FRAG_LEN_1024 2 /*!< MaxFragmentLength 2^10 */
# define SSL_MAX_FRAG_LEN_2048 3 /*!< MaxFragmentLength 2^11 */
# define SSL_MAX_FRAG_LEN_4096 4 /*!< MaxFragmentLength 2^12 */
2013-07-18 14:07:09 +02:00
# define SSL_MAX_FRAG_LEN_INVALID 5 /*!< first invalid value */
2013-07-16 12:45:26 +02:00
2009-01-03 22:22:43 +01:00
# define SSL_IS_CLIENT 0
# define SSL_IS_SERVER 1
2014-08-19 11:16:35 +02:00
2009-01-03 22:22:43 +01:00
# define SSL_COMPRESS_NULL 0
2012-07-03 15:30:23 +02:00
# define SSL_COMPRESS_DEFLATE 1
2009-01-03 22:22:43 +01:00
# define SSL_VERIFY_NONE 0
# define SSL_VERIFY_OPTIONAL 1
# define SSL_VERIFY_REQUIRED 2
2012-09-16 21:57:18 +02:00
# define SSL_INITIAL_HANDSHAKE 0
2013-10-30 12:47:35 +01:00
# define SSL_RENEGOTIATION 1 /* In progress */
# define SSL_RENEGOTIATION_DONE 2 /* Done */
2013-10-30 16:41:45 +01:00
# define SSL_RENEGOTIATION_PENDING 3 /* Requested (server only) */
2012-09-16 21:57:18 +02:00
# define SSL_LEGACY_RENEGOTIATION 0
# define SSL_SECURE_RENEGOTIATION 1
2012-11-04 17:29:08 +01:00
# define SSL_RENEGOTIATION_DISABLED 0
# define SSL_RENEGOTIATION_ENABLED 1
2012-09-16 21:57:18 +02:00
2014-09-24 14:41:11 +02:00
# define SSL_ANTI_REPLAY_DISABLED 0
# define SSL_ANTI_REPLAY_ENABLED 1
2014-07-03 19:29:16 +02:00
# define SSL_RENEGOTIATION_NOT_ENFORCED -1
# define SSL_RENEGO_MAX_RECORDS_DEFAULT 16
2012-09-17 11:18:12 +02:00
# define SSL_LEGACY_NO_RENEGOTIATION 0
# define SSL_LEGACY_ALLOW_RENEGOTIATION 1
# define SSL_LEGACY_BREAK_HANDSHAKE 2
2012-09-16 21:57:18 +02:00
2013-07-19 11:08:52 +02:00
# define SSL_TRUNC_HMAC_DISABLED 0
# define SSL_TRUNC_HMAC_ENABLED 1
2013-07-19 12:19:21 +02:00
# define SSL_TRUNCATED_HMAC_LEN 10 /* 80 bits, rfc 6066 section 7 */
2013-07-19 11:08:52 +02:00
2013-08-03 13:02:31 +02:00
# define SSL_SESSION_TICKETS_DISABLED 0
# define SSL_SESSION_TICKETS_ENABLED 1
2014-09-19 11:18:57 +02:00
/*
* DTLS retransmission states , see RFC 6347 4.2 .4
2014-09-25 13:50:12 +02:00
*
2014-09-29 15:29:48 +02:00
* The SENDING state is merged in PREPARING for initial sends ,
* but is distinct for resends .
2014-09-19 11:18:57 +02:00
*/
# define SSL_RETRANS_PREPARING 0
# define SSL_RETRANS_SENDING 1
# define SSL_RETRANS_WAITING 2
# define SSL_RETRANS_FINISHED 3
2014-09-30 22:21:31 +02:00
/*
* Default range for DTLS retransmission timer value , in milliseconds .
* RFC 6347 4.2 .4 .1 says from 1 second to 60 seconds .
*/
# define SSL_DTLS_TIMEOUT_DFL_MIN 1000
# define SSL_DTLS_TIMEOUT_DFL_MAX 60000
2014-04-25 11:11:10 +02:00
/**
* \ name SECTION : Module settings
*
* The configuration options you can set for this module are in this section .
* Either change them in config . h or define them on the compiler command line .
* \ {
*/
# if !defined(SSL_DEFAULT_TICKET_LIFETIME)
2013-08-14 16:52:14 +02:00
# define SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tickets (if enabled) */
2014-04-25 11:11:10 +02:00
# endif
2013-08-14 16:52:14 +02:00
2013-06-24 19:31:17 +02:00
/*
* Size of the input / output buffer .
* Note : the RFC defines the default size of SSL / TLS messages . If you
* change the value here , other clients / servers may not be able to
* communicate with you anymore . Only change this value if you control
2014-06-30 17:27:49 +02:00
* both sides of the connection and have it reduced at both sides , or
* if you ' re using the Max Fragment Length extension and you know all your
* peers are using it too !
2013-06-24 19:31:17 +02:00
*/
2014-04-25 11:11:10 +02:00
# if !defined(SSL_MAX_CONTENT_LEN)
2013-06-24 19:31:17 +02:00
# define SSL_MAX_CONTENT_LEN 16384 /**< Size of the input / output buffer */
2014-04-25 11:11:10 +02:00
# endif
/* \} name SECTION: Module settings */
2009-01-03 22:22:43 +01:00
/*
2014-06-30 17:27:49 +02:00
* Allow extra bytes for record , authentication and encryption overhead :
* counter ( 8 ) + header ( 5 ) + IV ( 16 ) + MAC ( 16 - 48 ) + padding ( 0 - 256 )
2012-07-03 15:30:23 +02:00
* and allow for a maximum of 1024 of compression expansion if
* enabled .
2009-01-03 22:22:43 +01:00
*/
2012-07-03 15:30:23 +02:00
# if defined(POLARSSL_ZLIB_SUPPORT)
# define SSL_COMPRESSION_ADD 1024
# else
# define SSL_COMPRESSION_ADD 0
# endif
2014-06-30 17:27:49 +02:00
# if defined(POLARSSL_RC4_C) || defined(POLARSSL_CIPHER_MODE_CBC)
/* Ciphersuites using HMAC */
# if defined(POLARSSL_SHA512_C)
# define SSL_MAC_ADD 48 /* SHA-384 used for HMAC */
# elif defined(POLARSSL_SHA256_C)
# define SSL_MAC_ADD 32 /* SHA-256 used for HMAC */
# else
# define SSL_MAC_ADD 20 /* SHA-1 used for HMAC */
# endif
# else
/* AEAD ciphersuites: GCM and CCM use a 128 bits tag */
# define SSL_MAC_ADD 16
# endif
2009-01-03 22:22:43 +01:00
2014-06-30 17:27:49 +02:00
# if defined(POLARSSL_CIPHER_MODE_CBC)
# define SSL_PADDING_ADD 256
# else
# define SSL_PADDING_ADD 0
# endif
# define SSL_BUFFER_LEN ( SSL_MAX_CONTENT_LEN \
+ SSL_COMPRESSION_ADD \
+ 29 /* counter + header + IV */ \
+ SSL_MAC_ADD \
+ SSL_PADDING_ADD \
)
/*
* Signaling ciphersuite values ( SCSV )
*/
2013-12-19 14:42:28 +01:00
# define SSL_EMPTY_RENEGOTIATION_INFO 0xFF /**< renegotiation info ext */
2012-09-16 21:57:18 +02:00
2012-04-11 14:09:53 +02:00
/*
* Supported Signature and Hash algorithms ( For TLS 1.2 )
2013-08-17 13:01:41 +02:00
* RFC 5246 section 7.4 .1 .4 .1
2012-04-11 14:09:53 +02:00
*/
# define SSL_HASH_NONE 0
# define SSL_HASH_MD5 1
# define SSL_HASH_SHA1 2
# define SSL_HASH_SHA224 3
# define SSL_HASH_SHA256 4
# define SSL_HASH_SHA384 5
# define SSL_HASH_SHA512 6
2013-08-21 16:14:26 +02:00
# define SSL_SIG_ANON 0
2012-04-11 14:09:53 +02:00
# define SSL_SIG_RSA 1
2013-08-17 13:01:41 +02:00
# define SSL_SIG_ECDSA 3
2012-04-11 14:09:53 +02:00
2012-11-23 13:38:07 +01:00
/*
* Client Certificate Types
2013-08-17 13:01:41 +02:00
* RFC 5246 section 7.4 .4 plus RFC 4492 section 5.5
2012-11-23 13:38:07 +01:00
*/
# define SSL_CERT_TYPE_RSA_SIGN 1
2013-08-17 13:01:41 +02:00
# define SSL_CERT_TYPE_ECDSA_SIGN 64
2012-11-23 13:38:07 +01:00
2009-01-03 22:22:43 +01:00
/*
* Message , alert and handshake types
*/
# define SSL_MSG_CHANGE_CIPHER_SPEC 20
# define SSL_MSG_ALERT 21
# define SSL_MSG_HANDSHAKE 22
# define SSL_MSG_APPLICATION_DATA 23
2010-07-25 16:24:53 +02:00
# define SSL_ALERT_LEVEL_WARNING 1
# define SSL_ALERT_LEVEL_FATAL 2
2012-04-10 10:03:03 +02:00
# define SSL_ALERT_MSG_CLOSE_NOTIFY 0 /* 0x00 */
# define SSL_ALERT_MSG_UNEXPECTED_MESSAGE 10 /* 0x0A */
# define SSL_ALERT_MSG_BAD_RECORD_MAC 20 /* 0x14 */
# define SSL_ALERT_MSG_DECRYPTION_FAILED 21 /* 0x15 */
# define SSL_ALERT_MSG_RECORD_OVERFLOW 22 /* 0x16 */
# define SSL_ALERT_MSG_DECOMPRESSION_FAILURE 30 /* 0x1E */
2012-04-18 16:23:57 +02:00
# define SSL_ALERT_MSG_HANDSHAKE_FAILURE 40 /* 0x28 */
2012-04-10 10:03:03 +02:00
# define SSL_ALERT_MSG_NO_CERT 41 /* 0x29 */
# define SSL_ALERT_MSG_BAD_CERT 42 /* 0x2A */
# define SSL_ALERT_MSG_UNSUPPORTED_CERT 43 /* 0x2B */
# define SSL_ALERT_MSG_CERT_REVOKED 44 /* 0x2C */
# define SSL_ALERT_MSG_CERT_EXPIRED 45 /* 0x2D */
# define SSL_ALERT_MSG_CERT_UNKNOWN 46 /* 0x2E */
# define SSL_ALERT_MSG_ILLEGAL_PARAMETER 47 /* 0x2F */
# define SSL_ALERT_MSG_UNKNOWN_CA 48 /* 0x30 */
# define SSL_ALERT_MSG_ACCESS_DENIED 49 /* 0x31 */
# define SSL_ALERT_MSG_DECODE_ERROR 50 /* 0x32 */
# define SSL_ALERT_MSG_DECRYPT_ERROR 51 /* 0x33 */
# define SSL_ALERT_MSG_EXPORT_RESTRICTION 60 /* 0x3C */
# define SSL_ALERT_MSG_PROTOCOL_VERSION 70 /* 0x46 */
# define SSL_ALERT_MSG_INSUFFICIENT_SECURITY 71 /* 0x47 */
# define SSL_ALERT_MSG_INTERNAL_ERROR 80 /* 0x50 */
# define SSL_ALERT_MSG_USER_CANCELED 90 /* 0x5A */
# define SSL_ALERT_MSG_NO_RENEGOTIATION 100 /* 0x64 */
2012-04-11 18:11:49 +02:00
# define SSL_ALERT_MSG_UNSUPPORTED_EXT 110 /* 0x6E */
2012-09-27 23:49:42 +02:00
# define SSL_ALERT_MSG_UNRECOGNIZED_NAME 112 /* 0x70 */
2013-04-16 18:05:29 +02:00
# define SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY 115 /* 0x73 */
2014-04-07 12:10:30 +02:00
# define SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL 120 /* 0x78 */
2009-01-03 22:22:43 +01:00
# define SSL_HS_HELLO_REQUEST 0
# define SSL_HS_CLIENT_HELLO 1
# define SSL_HS_SERVER_HELLO 2
2014-07-11 02:43:49 +02:00
# define SSL_HS_HELLO_VERIFY_REQUEST 3
2013-07-31 12:58:16 +02:00
# define SSL_HS_NEW_SESSION_TICKET 4
2009-01-03 22:22:43 +01:00
# define SSL_HS_CERTIFICATE 11
# define SSL_HS_SERVER_KEY_EXCHANGE 12
# define SSL_HS_CERTIFICATE_REQUEST 13
# define SSL_HS_SERVER_HELLO_DONE 14
# define SSL_HS_CERTIFICATE_VERIFY 15
# define SSL_HS_CLIENT_KEY_EXCHANGE 16
# define SSL_HS_FINISHED 20
/*
* TLS extensions
*/
2013-03-20 14:39:14 +01:00
# define TLS_EXT_SERVERNAME 0
# define TLS_EXT_SERVERNAME_HOSTNAME 0
2013-07-17 10:25:37 +02:00
# define TLS_EXT_MAX_FRAGMENT_LENGTH 1
2013-07-19 11:41:43 +02:00
# define TLS_EXT_TRUNCATED_HMAC 4
2013-03-20 14:39:14 +01:00
# define TLS_EXT_SUPPORTED_ELLIPTIC_CURVES 10
# define TLS_EXT_SUPPORTED_POINT_FORMATS 11
2009-01-03 22:22:43 +01:00
2013-03-20 14:39:14 +01:00
# define TLS_EXT_SIG_ALG 13
2012-04-11 18:11:49 +02:00
2014-04-07 10:57:45 +02:00
# define TLS_EXT_ALPN 16
2013-08-02 14:44:54 +02:00
# define TLS_EXT_SESSION_TICKET 35
2013-03-20 14:39:14 +01:00
# define TLS_EXT_RENEGOTIATION_INFO 0xFF01
2012-09-16 21:57:18 +02:00
2013-10-28 12:54:26 +01:00
/*
* TLS extension flags ( for extensions with outgoing ServerHello content
* that need it ( e . g . for RENEGOTIATION_INFO the server already knows because
* of state of the renegotiation flag , so no indicator is required )
*/
# define TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT (1 << 0)
2013-04-18 22:46:23 +02:00
/*
* Size defines
*/
2014-07-03 16:12:50 +02:00
# if !defined(POLARSSL_PSK_MAX_LEN)
# define POLARSSL_PSK_MAX_LEN 32 /* 256 bits */
# endif
/* Dummy type used only for its size */
union _ssl_premaster_secret
{
# if defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED)
unsigned char _pms_rsa [ 48 ] ; /* RFC 5246 8.1.1 */
# endif
# if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED)
unsigned char _pms_dhm [ POLARSSL_MPI_MAX_SIZE ] ; /* RFC 5246 8.1.2 */
# endif
# if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
defined ( POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ) | | \
defined ( POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED ) | | \
defined ( POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED )
unsigned char _pms_ecdh [ POLARSSL_ECP_MAX_BYTES ] ; /* RFC 4492 5.10 */
2013-04-18 22:46:23 +02:00
# endif
2014-07-03 16:12:50 +02:00
# if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
unsigned char _pms_psk [ 4 + 2 * POLARSSL_PSK_MAX_LEN ] ; /* RFC 4279 2 */
# endif
# if defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED)
unsigned char _pms_dhe_psk [ 4 + POLARSSL_MPI_MAX_SIZE
+ POLARSSL_PSK_MAX_LEN ] ; /* RFC 4279 3 */
# endif
# if defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED)
unsigned char _pms_rsa_psk [ 52 + POLARSSL_PSK_MAX_LEN ] ; /* RFC 4279 4 */
# endif
# if defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED)
unsigned char _pms_ecdhe_psk [ 4 + POLARSSL_ECP_MAX_BYTES
+ POLARSSL_PSK_MAX_LEN ] ; /* RFC 5489 2 */
# endif
} ;
# define POLARSSL_PREMASTER_SIZE sizeof( union _ssl_premaster_secret )
2013-04-18 22:46:23 +02:00
2013-06-27 14:29:21 +02:00
# ifdef __cplusplus
extern " C " {
# endif
2012-09-27 21:15:01 +02:00
/*
* Generic function pointers for allowing external RSA private key
* implementations .
*/
typedef int ( * rsa_decrypt_func ) ( void * ctx , int mode , size_t * olen ,
const unsigned char * input , unsigned char * output ,
2014-05-01 13:03:14 +02:00
size_t output_max_len ) ;
2012-09-27 21:15:01 +02:00
typedef int ( * rsa_sign_func ) ( void * ctx ,
int ( * f_rng ) ( void * , unsigned char * , size_t ) , void * p_rng ,
2013-11-13 16:57:58 +01:00
int mode , md_type_t md_alg , unsigned int hashlen ,
2012-09-27 21:15:01 +02:00
const unsigned char * hash , unsigned char * sig ) ;
typedef size_t ( * rsa_key_len_func ) ( void * ctx ) ;
2009-01-03 22:22:43 +01:00
/*
* SSL state machine
*/
typedef enum
{
SSL_HELLO_REQUEST ,
SSL_CLIENT_HELLO ,
SSL_SERVER_HELLO ,
SSL_SERVER_CERTIFICATE ,
SSL_SERVER_KEY_EXCHANGE ,
SSL_CERTIFICATE_REQUEST ,
SSL_SERVER_HELLO_DONE ,
SSL_CLIENT_CERTIFICATE ,
SSL_CLIENT_KEY_EXCHANGE ,
SSL_CERTIFICATE_VERIFY ,
SSL_CLIENT_CHANGE_CIPHER_SPEC ,
SSL_CLIENT_FINISHED ,
SSL_SERVER_CHANGE_CIPHER_SPEC ,
SSL_SERVER_FINISHED ,
SSL_FLUSH_BUFFERS ,
2012-09-16 21:57:18 +02:00
SSL_HANDSHAKE_WRAPUP ,
2013-07-31 12:58:16 +02:00
SSL_HANDSHAKE_OVER ,
SSL_SERVER_NEW_SESSION_TICKET ,
2014-09-29 17:47:33 +02:00
SSL_SERVER_HELLO_VERIFY_REQUEST_SENT ,
2009-01-03 22:22:43 +01:00
}
ssl_states ;
typedef struct _ssl_session ssl_session ;
typedef struct _ssl_context ssl_context ;
2012-09-16 21:57:18 +02:00
typedef struct _ssl_transform ssl_transform ;
typedef struct _ssl_handshake_params ssl_handshake_params ;
2013-08-14 13:48:06 +02:00
# if defined(POLARSSL_SSL_SESSION_TICKETS)
2013-08-03 13:50:48 +02:00
typedef struct _ssl_ticket_keys ssl_ticket_keys ;
2013-08-14 13:48:06 +02:00
# endif
2013-09-23 14:46:13 +02:00
# if defined(POLARSSL_X509_CRT_PARSE_C)
typedef struct _ssl_key_cert ssl_key_cert ;
# endif
2014-09-19 11:18:57 +02:00
# if defined(POLARSSL_SSL_PROTO_DTLS)
typedef struct _ssl_flight_item ssl_flight_item ;
# endif
2009-01-03 22:22:43 +01:00
/*
2012-09-25 23:55:46 +02:00
* This structure is used for storing current session data .
2009-01-03 22:22:43 +01:00
*/
struct _ssl_session
{
2013-07-03 15:31:03 +02:00
# if defined(POLARSSL_HAVE_TIME)
2009-01-03 22:22:43 +01:00
time_t start ; /*!< starting time */
2013-07-03 15:31:03 +02:00
# endif
2011-01-27 18:40:50 +01:00
int ciphersuite ; /*!< chosen ciphersuite */
2012-07-03 15:30:23 +02:00
int compression ; /*!< chosen compression */
2011-04-24 10:57:21 +02:00
size_t length ; /*!< session id length */
2009-01-03 22:22:43 +01:00
unsigned char id [ 32 ] ; /*!< session identifier */
unsigned char master [ 48 ] ; /*!< the master secret */
2013-04-18 22:46:23 +02:00
2013-09-16 13:49:26 +02:00
# if defined(POLARSSL_X509_CRT_PARSE_C)
2013-09-18 14:13:26 +02:00
x509_crt * peer_cert ; /*!< peer X.509 cert chain */
2013-09-16 13:49:26 +02:00
# endif /* POLARSSL_X509_CRT_PARSE_C */
2013-08-23 10:44:29 +02:00
int verify_result ; /*!< verification result */
2013-07-18 14:07:09 +02:00
2013-08-14 13:48:06 +02:00
# if defined(POLARSSL_SSL_SESSION_TICKETS)
2013-08-02 14:44:04 +02:00
unsigned char * ticket ; /*!< RFC 5077 session ticket */
size_t ticket_len ; /*!< session ticket length */
2013-07-31 12:58:16 +02:00
uint32_t ticket_lifetime ; /*!< ticket lifetime hint */
2013-08-14 13:48:06 +02:00
# endif /* POLARSSL_SSL_SESSION_TICKETS */
2013-08-02 14:44:04 +02:00
2013-08-15 13:33:48 +02:00
# if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
2013-07-18 14:07:09 +02:00
unsigned char mfl_code ; /*!< MaxFragmentLength negotiated by peer */
2013-08-15 13:33:48 +02:00
# endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */
2013-08-15 13:45:55 +02:00
# if defined(POLARSSL_SSL_TRUNCATED_HMAC)
2013-07-19 11:41:43 +02:00
int trunc_hmac ; /*!< flag for truncated hmac activation */
2013-08-15 13:45:55 +02:00
# endif /* POLARSSL_SSL_TRUNCATED_HMAC */
2009-01-03 22:22:43 +01:00
} ;
2012-09-16 21:57:18 +02:00
/*
* This structure contains a full set of runtime transform parameters
* either in negotiation or active .
*/
struct _ssl_transform
{
/*
* Session specific crypto layer
*/
2013-01-07 18:20:04 +01:00
const ssl_ciphersuite_t * ciphersuite_info ;
/*!< Chosen cipersuite_info */
2012-09-16 21:57:18 +02:00
unsigned int keylen ; /*!< symmetric key length */
size_t minlen ; /*!< min. ciphertext length */
size_t ivlen ; /*!< IV length */
size_t fixed_ivlen ; /*!< Fixed part of IV (AEAD) */
size_t maclen ; /*!< MAC length */
unsigned char iv_enc [ 16 ] ; /*!< IV (encryption) */
unsigned char iv_dec [ 16 ] ; /*!< IV (decryption) */
2013-08-27 21:19:20 +02:00
# if defined(POLARSSL_SSL_PROTO_SSL3)
2013-01-07 18:20:04 +01:00
/* Needed only for SSL v3.0 secret */
2014-07-13 14:43:28 +02:00
unsigned char mac_enc [ 20 ] ; /*!< SSL v3.0 secret (enc) */
unsigned char mac_dec [ 20 ] ; /*!< SSL v3.0 secret (dec) */
2013-08-27 21:19:20 +02:00
# endif /* POLARSSL_SSL_PROTO_SSL3 */
2013-01-07 18:20:04 +01:00
md_context_t md_ctx_enc ; /*!< MAC (encryption) */
md_context_t md_ctx_dec ; /*!< MAC (decryption) */
2012-09-16 21:57:18 +02:00
2013-08-31 17:25:14 +02:00
cipher_context_t cipher_ctx_enc ; /*!< encryption context */
cipher_context_t cipher_ctx_dec ; /*!< decryption context */
2012-09-16 21:57:18 +02:00
/*
* Session specific compression layer
*/
# if defined(POLARSSL_ZLIB_SUPPORT)
z_stream ctx_deflate ; /*!< compression context */
z_stream ctx_inflate ; /*!< decompression context */
# endif
} ;
/*
* This structure contains the parameters only needed during handshake .
*/
struct _ssl_handshake_params
{
/*
* Handshake specific crypto variables
*/
2014-07-08 12:56:25 +02:00
int sig_alg ; /*!< Hash algorithm for signature */
int cert_type ; /*!< Requested cert type */
2012-11-23 13:38:07 +01:00
int verify_sig_alg ; /*!< Signature algorithm for verify */
2012-09-16 21:57:18 +02:00
# if defined(POLARSSL_DHM_C)
dhm_context dhm_ctx ; /*!< DHM key exchange */
# endif
2013-03-20 14:39:14 +01:00
# if defined(POLARSSL_ECDH_C)
ecdh_context ecdh_ctx ; /*!< ECDH key exchange */
# endif
2013-08-15 19:38:07 +02:00
# if defined(POLARSSL_ECDH_C) || defined(POLARSSL_ECDSA_C)
2013-09-23 19:11:32 +02:00
const ecp_curve_info * * curves ; /*!< Supported elliptic curves */
2013-08-15 19:38:07 +02:00
# endif
2013-09-23 17:00:18 +02:00
# if defined(POLARSSL_X509_CRT_PARSE_C)
2013-09-24 22:30:56 +02:00
/**
* Current key / cert or key / cert list .
* On client : pointer to ssl - > key_cert , only the first entry used .
* On server : starts as a pointer to ssl - > key_cert , then becomes
* a pointer to the chosen key from this list or the SNI list .
*/
ssl_key_cert * key_cert ;
# if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
ssl_key_cert * sni_key_cert ; /*!< key/cert list from SNI */
# endif
2014-05-01 13:03:14 +02:00
# endif /* POLARSSL_X509_CRT_PARSE_C */
2014-02-18 18:50:02 +01:00
# if defined(POLARSSL_SSL_PROTO_DTLS)
2014-09-02 18:30:26 +02:00
unsigned int out_msg_seq ; /*!< Outgoing handshake sequence number */
unsigned int in_msg_seq ; /*!< Incoming handshake sequence number */
2014-09-19 11:18:57 +02:00
2014-07-23 11:09:27 +02:00
unsigned char * verify_cookie ; /*!< Cli: HelloVerifyRequest cookie
Srv : unused */
unsigned char verify_cookie_len ; /*!< Cli: cookie length
Srv : flag for sending a cookie */
2014-09-19 11:18:57 +02:00
2014-08-20 13:12:58 +02:00
unsigned char * hs_msg ; /*!< Reassembled handshake message */
2014-09-19 11:18:57 +02:00
2014-09-30 22:21:31 +02:00
uint32_t retransmit_timeout ; /*!< Current value of timeout */
2014-09-19 11:18:57 +02:00
unsigned char retransmit_state ; /*!< Retransmission state */
ssl_flight_item * flight ; /*!< Current outgoing flight */
ssl_flight_item * cur_msg ; /*!< Current message in flight */
2014-09-19 15:09:21 +02:00
unsigned int in_flight_start_seq ; /*!< Minimum message sequence in the
flight being received */
ssl_transform * alt_transform_out ; /*!< Alternative transform for
resending messages */
unsigned char alt_out_ctr [ 8 ] ; /*!< Alternative record epoch/counter
for resending messages */
2014-02-18 18:50:02 +01:00
# endif
2012-09-16 21:57:18 +02:00
/*
* Checksum contexts
*/
2013-08-27 21:19:20 +02:00
# if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1) || \
defined ( POLARSSL_SSL_PROTO_TLS1_1 )
2013-06-30 14:34:05 +02:00
md5_context fin_md5 ;
sha1_context fin_sha1 ;
2013-08-27 21:19:20 +02:00
# endif
# if defined(POLARSSL_SSL_PROTO_TLS1_2)
# if defined(POLARSSL_SHA256_C)
2013-06-30 14:34:05 +02:00
sha256_context fin_sha256 ;
2013-08-27 21:19:20 +02:00
# endif
2013-08-27 15:06:26 +02:00
# if defined(POLARSSL_SHA512_C)
2013-06-30 14:34:05 +02:00
sha512_context fin_sha512 ;
2013-08-27 15:06:26 +02:00
# endif
2013-08-27 21:19:20 +02:00
# endif /* POLARSSL_SSL_PROTO_TLS1_2 */
2012-09-16 21:57:18 +02:00
2013-06-25 16:25:17 +02:00
void ( * update_checksum ) ( ssl_context * , const unsigned char * , size_t ) ;
2012-09-16 21:57:18 +02:00
void ( * calc_verify ) ( ssl_context * , unsigned char * ) ;
void ( * calc_finished ) ( ssl_context * , unsigned char * , int ) ;
2013-06-25 16:25:17 +02:00
int ( * tls_prf ) ( const unsigned char * , size_t , const char * ,
const unsigned char * , size_t ,
2012-09-16 21:57:18 +02:00
unsigned char * , size_t ) ;
size_t pmslen ; /*!< premaster length */
unsigned char randbytes [ 64 ] ; /*!< random bytes */
2013-04-18 22:46:23 +02:00
unsigned char premaster [ POLARSSL_PREMASTER_SIZE ] ;
2012-10-24 16:30:00 +02:00
/*!< premaster secret */
2012-09-25 23:55:46 +02:00
int resume ; /*!< session resume indicator*/
2013-06-29 16:01:15 +02:00
int max_major_ver ; /*!< max. major version client*/
int max_minor_ver ; /*!< max. minor version client*/
2013-10-28 12:54:26 +01:00
int cli_exts ; /*!< client extension presence*/
2013-07-31 12:58:16 +02:00
2013-08-14 13:48:06 +02:00
# if defined(POLARSSL_SSL_SESSION_TICKETS)
2013-07-31 12:58:16 +02:00
int new_session_ticket ; /*!< use NewSessionTicket? */
2013-08-14 13:48:06 +02:00
# endif /* POLARSSL_SSL_SESSION_TICKETS */
2012-09-16 21:57:18 +02:00
} ;
2013-08-14 13:48:06 +02:00
# if defined(POLARSSL_SSL_SESSION_TICKETS)
2013-08-03 13:50:48 +02:00
/*
* Parameters needed to secure session tickets
*/
struct _ssl_ticket_keys
{
unsigned char key_name [ 16 ] ; /*!< name to quickly discard bad tickets */
2013-08-03 15:37:58 +02:00
aes_context enc ; /*!< encryption context */
aes_context dec ; /*!< decryption context */
2013-08-03 17:16:31 +02:00
unsigned char mac_key [ 16 ] ; /*!< authentication key */
2013-08-03 13:50:48 +02:00
} ;
2013-08-14 13:48:06 +02:00
# endif /* POLARSSL_SSL_SESSION_TICKETS */
2013-08-03 13:50:48 +02:00
2013-09-23 14:46:13 +02:00
# if defined(POLARSSL_X509_CRT_PARSE_C)
/*
* List of certificate + private key pairs
*/
struct _ssl_key_cert
{
x509_crt * cert ; /*!< cert */
pk_context * key ; /*!< private key */
int key_own_alloc ; /*!< did we allocate key? */
ssl_key_cert * next ; /*!< next key/cert pair */
} ;
# endif /* POLARSSL_X509_CRT_PARSE_C */
2014-09-19 11:18:57 +02:00
# if defined(POLARSSL_SSL_PROTO_DTLS)
/*
* List of handshake messages kept around for resending
*/
struct _ssl_flight_item
{
unsigned char * p ; /*!< message, including handshake headers */
2014-09-19 15:09:21 +02:00
size_t len ; /*!< length of p */
unsigned char type ; /*!< type of the message: handshake or CCS */
2014-09-19 11:18:57 +02:00
ssl_flight_item * next ; /*!< next handshake message(s) */
} ;
# endif /* POLARSSL_SSL_PROTO_DTLS */
2009-01-03 22:22:43 +01:00
struct _ssl_context
{
/*
* Miscellaneous
*/
int state ; /*!< SSL handshake: current state */
2014-02-06 13:04:16 +01:00
int transport ; /*!< Transport: stream or datagram */
2012-09-16 21:57:18 +02:00
int renegotiation ; /*!< Initial or renegotiation */
2014-07-03 19:29:16 +02:00
int renego_records_seen ; /*!< Records since renego request */
2009-01-03 22:22:43 +01:00
int major_ver ; /*!< equal to SSL_MAJOR_VERSION_3 */
int minor_ver ; /*!< either 0 (SSL3) or 1 (TLS1.0) */
2013-06-29 16:01:15 +02:00
int max_major_ver ; /*!< max. major version used */
int max_minor_ver ; /*!< max. minor version used */
int min_major_ver ; /*!< min. major version used */
int min_minor_ver ; /*!< min. minor version used */
2009-01-03 22:22:43 +01:00
2014-09-17 10:47:43 +02:00
unsigned char timeout ; /*!< DTLS: initial value of the timeout
for handshake retransmission */
2009-01-03 22:22:43 +01:00
/*
2011-01-13 18:54:59 +01:00
* Callbacks ( RNG , debug , I / O , verification )
2009-01-03 22:22:43 +01:00
*/
2011-11-27 22:07:34 +01:00
int ( * f_rng ) ( void * , unsigned char * , size_t ) ;
2010-03-16 22:09:09 +01:00
void ( * f_dbg ) ( void * , int , const char * ) ;
2011-06-21 09:36:43 +02:00
int ( * f_send ) ( void * , const unsigned char * , size_t ) ;
2014-09-17 10:47:43 +02:00
int ( * f_recv ) ( void * , unsigned char * , size_t ) ;
2014-10-01 15:01:39 +02:00
int ( * f_recv_timeout ) ( void * , unsigned char * , size_t , uint32_t ) ;
2012-09-25 23:55:46 +02:00
int ( * f_get_cache ) ( void * , ssl_session * ) ;
int ( * f_set_cache ) ( void * , const ssl_session * ) ;
2009-01-03 22:22:43 +01:00
void * p_rng ; /*!< context for the RNG function */
void * p_dbg ; /*!< context for the debug function */
2014-09-17 11:34:57 +02:00
void * p_bio ; /*!< context for I/O operations */
2012-09-25 23:55:46 +02:00
void * p_get_cache ; /*!< context for cache retrieval */
void * p_set_cache ; /*!< context for cache store */
2012-11-20 13:50:22 +01:00
void * p_hw_data ; /*!< context for HW acceleration */
2009-01-03 22:22:43 +01:00
2013-08-27 21:55:01 +02:00
# if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
int ( * f_sni ) ( void * , ssl_context * , const unsigned char * , size_t ) ;
void * p_sni ; /*!< context for SNI extension */
# endif
2013-09-16 13:49:26 +02:00
# if defined(POLARSSL_X509_CRT_PARSE_C)
2013-09-18 14:13:26 +02:00
int ( * f_vrfy ) ( void * , x509_crt * , int , int * ) ;
2013-04-18 22:46:23 +02:00
void * p_vrfy ; /*!< context for verification */
# endif
2013-10-14 19:54:10 +02:00
# if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
2013-09-18 17:29:31 +02:00
int ( * f_psk ) ( void * , ssl_context * , const unsigned char * , size_t ) ;
void * p_psk ; /*!< context for PSK retrieval */
# endif
2009-01-03 22:22:43 +01:00
/*
* Session layer
*/
2012-09-16 21:57:18 +02:00
ssl_session * session_in ; /*!< current session data (in) */
ssl_session * session_out ; /*!< current session data (out) */
ssl_session * session ; /*!< negotiated session data */
ssl_session * session_negotiate ; /*!< session data in negotiation */
2009-01-03 22:22:43 +01:00
2012-09-16 21:57:18 +02:00
ssl_handshake_params * handshake ; /*!< params required only during
the handshake process */
/*
* Record layer transformations
*/
ssl_transform * transform_in ; /*!< current transform params (in) */
ssl_transform * transform_out ; /*!< current transform params (in) */
ssl_transform * transform ; /*!< negotiated transform params */
ssl_transform * transform_negotiate ; /*!< transform params in negotiation */
2014-09-29 14:04:42 +02:00
/*
* Timers ( WIP )
*/
# if defined(POLARSSL_TIMING_C)
struct hr_time time_info ;
unsigned long time_limit ;
# endif
2014-10-01 12:03:55 +02:00
# if defined(POLARSSL_SSL_PROTO_DTLS)
uint32_t hs_timeout_min ; /*!< initial value of the handshake
retransmission timeout */
uint32_t hs_timeout_max ; /*!< maximum value of the handshake
retransmission timeout */
# endif
2009-01-03 22:22:43 +01:00
/*
* Record layer ( incoming data )
*/
2014-02-13 10:54:07 +01:00
unsigned char * in_buf ; /*!< input buffer */
2014-09-24 13:56:09 +02:00
unsigned char * in_ctr ; /*!< 64-bit incoming message counter
TLS : maintained by us
DTLS : read from peer */
2014-02-13 10:54:07 +01:00
unsigned char * in_hdr ; /*!< start of record header */
unsigned char * in_len ; /*!< two-bytes message length field */
unsigned char * in_iv ; /*!< ivlen-byte IV */
2013-01-02 17:30:03 +01:00
unsigned char * in_msg ; /*!< message contents (in_iv+ivlen) */
2009-01-03 22:22:43 +01:00
unsigned char * in_offt ; /*!< read offset in application data */
int in_msgtype ; /*!< record header: message type */
2011-04-24 10:57:21 +02:00
size_t in_msglen ; /*!< record header: message length */
size_t in_left ; /*!< amount of data read so far */
2014-07-10 17:54:52 +02:00
# if defined(POLARSSL_SSL_PROTO_DTLS)
2014-09-24 13:56:09 +02:00
uint16_t in_epoch ; /*!< DTLS epoch for incoming records */
2014-09-02 13:39:16 +02:00
size_t next_record_offset ; /*!< offset of the next record in datagram
( equal to in_left if none ) */
2014-07-10 17:54:52 +02:00
# endif
2014-09-24 10:52:58 +02:00
# if defined(POLARSSL_SSL_DTLS_ANTI_REPLAY)
uint64_t in_window_top ; /*!< last validated record seq_num */
uint64_t in_window ; /*!< bitmask for replay detection */
2014-09-24 14:41:11 +02:00
char anti_replay ; /*!< is anti-replay on? */
2014-09-24 10:52:58 +02:00
# endif
2009-01-03 22:22:43 +01:00
2014-09-03 11:01:14 +02:00
size_t in_hslen ; /*!< current handshake message length,
including the handshake header */
2009-01-03 22:22:43 +01:00
int nb_zero ; /*!< # of 0-length encrypted messages */
2013-04-16 18:05:29 +02:00
int record_read ; /*!< record is already present */
2009-01-03 22:22:43 +01:00
/*
* Record layer ( outgoing data )
*/
2014-02-13 10:54:07 +01:00
unsigned char * out_buf ; /*!< output buffer */
2009-01-03 22:22:43 +01:00
unsigned char * out_ctr ; /*!< 64-bit outgoing message counter */
2014-02-13 10:54:07 +01:00
unsigned char * out_hdr ; /*!< start of record header */
unsigned char * out_len ; /*!< two-bytes message length field */
unsigned char * out_iv ; /*!< ivlen-byte IV */
2013-01-02 17:30:03 +01:00
unsigned char * out_msg ; /*!< message contents (out_iv+ivlen) */
2009-01-03 22:22:43 +01:00
int out_msgtype ; /*!< record header: message type */
2011-04-24 10:57:21 +02:00
size_t out_msglen ; /*!< record header: message length */
size_t out_left ; /*!< amount of data not yet written */
2009-01-03 22:22:43 +01:00
2013-10-11 09:59:44 +02:00
# if defined(POLARSSL_ZLIB_SUPPORT)
unsigned char * compress_buf ; /*!< zlib data buffer */
# endif
2013-08-15 13:33:48 +02:00
# if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
2013-07-18 14:07:09 +02:00
unsigned char mfl_code ; /*!< MaxFragmentLength chosen by us */
2013-08-15 13:33:48 +02:00
# endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */
2013-07-16 12:45:26 +02:00
2009-01-03 22:22:43 +01:00
/*
* PKI layer
*/
2013-09-16 13:49:26 +02:00
# if defined(POLARSSL_X509_CRT_PARSE_C)
2013-09-23 14:46:13 +02:00
ssl_key_cert * key_cert ; /*!< own certificate(s)/key(s) */
x509_crt * ca_chain ; /*!< own trusted CA chain */
x509_crl * ca_crl ; /*!< trusted CA CRLs */
const char * peer_cn ; /*!< expected peer CN */
2013-09-16 13:49:26 +02:00
# endif /* POLARSSL_X509_CRT_PARSE_C */
2009-01-03 22:22:43 +01:00
2013-08-03 13:50:48 +02:00
/*
* Support for generating and checking session tickets
*/
2013-09-23 14:46:13 +02:00
# if defined(POLARSSL_SSL_SESSION_TICKETS)
2013-08-03 13:50:48 +02:00
ssl_ticket_keys * ticket_keys ; /*!< keys for ticket encryption */
2013-08-14 13:48:06 +02:00
# endif /* POLARSSL_SSL_SESSION_TICKETS */
2013-08-03 13:50:48 +02:00
2012-09-16 21:57:18 +02:00
/*
* User settings
*/
2009-01-03 22:22:43 +01:00
int endpoint ; /*!< 0: client, 1: server */
int authmode ; /*!< verification mode */
int client_auth ; /*!< flag for client auth. */
int verify_result ; /*!< verification result */
2012-09-16 21:57:18 +02:00
int disable_renegotiation ; /*!< enable/disable renegotiation */
int allow_legacy_renegotiation ; /*!< allow legacy renegotiation */
2014-07-03 19:29:16 +02:00
int renego_max_records ; /*!< grace period for renegotiation */
2013-04-15 15:09:54 +02:00
const int * ciphersuite_list [ 4 ] ; /*!< allowed ciphersuites / version */
2014-02-04 15:52:33 +01:00
# if defined(POLARSSL_SSL_SET_CURVES)
2014-02-04 13:58:39 +01:00
const ecp_group_id * curve_list ; /*!< allowed curves */
2014-01-19 21:48:42 +01:00
# endif
2013-08-15 13:45:55 +02:00
# if defined(POLARSSL_SSL_TRUNCATED_HMAC)
2013-07-19 11:08:52 +02:00
int trunc_hmac ; /*!< negotiate truncated hmac? */
2013-08-15 13:45:55 +02:00
# endif
2013-08-14 16:52:14 +02:00
# if defined(POLARSSL_SSL_SESSION_TICKETS)
2013-08-03 13:02:31 +02:00
int session_tickets ; /*!< use session tickets? */
2013-08-14 16:52:14 +02:00
int ticket_lifetime ; /*!< session ticket lifetime */
# endif
2009-01-03 22:22:43 +01:00
2012-09-16 21:57:18 +02:00
# if defined(POLARSSL_DHM_C)
mpi dhm_P ; /*!< prime modulus for DHM */
mpi dhm_G ; /*!< generator for DHM */
2012-07-03 15:30:23 +02:00
# endif
2013-10-14 19:54:10 +02:00
# if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
2013-04-16 18:05:29 +02:00
/*
* PSK values
*/
2013-09-18 17:29:31 +02:00
unsigned char * psk ;
2013-04-16 18:05:29 +02:00
size_t psk_len ;
2013-09-18 17:29:31 +02:00
unsigned char * psk_identity ;
2013-04-16 18:05:29 +02:00
size_t psk_identity_len ;
# endif
2013-08-27 21:55:01 +02:00
# if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
2009-01-03 22:22:43 +01:00
/*
2013-08-27 21:55:01 +02:00
* SNI extension
2009-01-03 22:22:43 +01:00
*/
unsigned char * hostname ;
2011-04-24 10:57:21 +02:00
size_t hostname_len ;
2013-08-27 21:55:01 +02:00
# endif
2012-09-16 21:57:18 +02:00
2014-04-04 16:08:41 +02:00
# if defined(POLARSSL_SSL_ALPN)
/*
* ALPN extension
*/
const char * * alpn_list ; /*!< ordered list of supported protocols */
const char * alpn_chosen ; /*!< negotiated protocol */
# endif
2014-07-22 17:32:01 +02:00
/*
2014-07-23 14:56:15 +02:00
* Information for DTLS hello verify
2014-07-22 17:32:01 +02:00
*/
2014-07-23 00:28:58 +02:00
# if defined(POLARSSL_SSL_DTLS_HELLO_VERIFY)
2014-07-22 17:32:01 +02:00
unsigned char * cli_id ; /*!< transport-level ID of the client */
size_t cli_id_len ; /*!< length of cli_id */
2014-07-23 14:56:15 +02:00
int ( * f_cookie_write ) ( void * , unsigned char * * , unsigned char * ,
const unsigned char * , size_t ) ;
int ( * f_cookie_check ) ( void * , const unsigned char * , size_t ,
const unsigned char * , size_t ) ;
void * p_cookie ; /*!< context for the cookie callbacks */
2014-07-22 17:32:01 +02:00
# endif
2012-09-16 21:57:18 +02:00
/*
* Secure renegotiation
*/
int secure_renegotiation ; /*!< does peer support legacy or
secure renegotiation */
size_t verify_data_len ; /*!< length of verify data stored */
char own_verify_data [ 36 ] ; /*!< previous handshake verify data */
char peer_verify_data [ 36 ] ; /*!< previous handshake verify data */
2009-01-03 22:22:43 +01:00
} ;
2012-05-08 11:17:57 +02:00
# if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
2012-12-19 14:42:06 +01:00
# define SSL_CHANNEL_OUTBOUND 0
# define SSL_CHANNEL_INBOUND 1
2012-05-08 11:17:57 +02:00
extern int ( * ssl_hw_record_init ) ( ssl_context * ssl ,
const unsigned char * key_enc , const unsigned char * key_dec ,
2012-12-19 14:42:06 +01:00
size_t keylen ,
2012-05-08 11:17:57 +02:00
const unsigned char * iv_enc , const unsigned char * iv_dec ,
2012-12-19 14:42:06 +01:00
size_t ivlen ,
const unsigned char * mac_enc , const unsigned char * mac_dec ,
size_t maclen ) ;
extern int ( * ssl_hw_record_activate ) ( ssl_context * ssl , int direction ) ;
2012-05-08 11:17:57 +02:00
extern int ( * ssl_hw_record_reset ) ( ssl_context * ssl ) ;
extern int ( * ssl_hw_record_write ) ( ssl_context * ssl ) ;
extern int ( * ssl_hw_record_read ) ( ssl_context * ssl ) ;
extern int ( * ssl_hw_record_finish ) ( ssl_context * ssl ) ;
2014-05-01 13:03:14 +02:00
# endif /* POLARSSL_SSL_HW_RECORD_ACCEL */
2012-05-08 11:17:57 +02:00
2011-01-16 22:27:44 +01:00
/**
2011-01-27 18:40:50 +01:00
* \ brief Returns the list of ciphersuites supported by the SSL / TLS module .
2011-01-16 22:27:44 +01:00
*
2011-01-27 18:40:50 +01:00
* \ return a statically allocated array of ciphersuites , the last
* entry is 0.
2011-01-16 22:27:44 +01:00
*/
2013-01-07 18:20:04 +01:00
const int * ssl_list_ciphersuites ( void ) ;
2011-01-16 22:27:44 +01:00
/**
2014-05-01 14:18:25 +02:00
* \ brief Return the name of the ciphersuite associated with the
* given ID
2011-01-16 22:27:44 +01:00
*
2011-01-27 18:40:50 +01:00
* \ param ciphersuite_id SSL ciphersuite ID
2011-01-16 22:27:44 +01:00
*
2011-01-27 18:40:50 +01:00
* \ return a string containing the ciphersuite name
2011-01-16 22:27:44 +01:00
*/
2011-01-27 18:40:50 +01:00
const char * ssl_get_ciphersuite_name ( const int ciphersuite_id ) ;
/**
2014-05-01 14:18:25 +02:00
* \ brief Return the ID of the ciphersuite associated with the
* given name
2011-01-27 18:40:50 +01:00
*
* \ param ciphersuite_name SSL ciphersuite name
*
* \ return the ID with the ciphersuite or 0 if not found
*/
int ssl_get_ciphersuite_id ( const char * ciphersuite_name ) ;
2011-01-16 22:27:44 +01:00
2009-01-03 22:22:43 +01:00
/**
* \ brief Initialize an SSL context
2013-09-30 13:56:38 +02:00
* ( An individual SSL context is not thread - safe )
2009-01-03 22:22:43 +01:00
*
* \ param ssl SSL context
*
2011-12-10 22:55:01 +01:00
* \ return 0 if successful , or POLARSSL_ERR_SSL_MALLOC_FAILED if
* memory allocation failed
2009-01-03 22:22:43 +01:00
*/
int ssl_init ( ssl_context * ssl ) ;
2011-10-06 14:37:39 +02:00
/**
* \ brief Reset an already initialized SSL context for re - use
* while retaining application - set variables , function
* pointers and data .
*
* \ param ssl SSL context
2012-09-16 21:57:18 +02:00
* \ return 0 if successful , or POLASSL_ERR_SSL_MALLOC_FAILED ,
POLARSSL_ERR_SSL_HW_ACCEL_FAILED or
2012-07-03 15:30:23 +02:00
* POLARSSL_ERR_SSL_COMPRESSION_FAILED
2011-10-06 14:37:39 +02:00
*/
2012-07-03 15:30:23 +02:00
int ssl_session_reset ( ssl_context * ssl ) ;
2011-10-06 14:37:39 +02:00
2009-01-03 22:22:43 +01:00
/**
* \ brief Set the current endpoint type
*
* \ param ssl SSL context
* \ param endpoint must be SSL_IS_CLIENT or SSL_IS_SERVER
2013-08-03 13:02:31 +02:00
*
* \ note This function should be called right after ssl_init ( ) since
* some other ssl_set_foo ( ) functions depend on it .
2009-01-03 22:22:43 +01:00
*/
void ssl_set_endpoint ( ssl_context * ssl , int endpoint ) ;
2014-02-06 13:04:16 +01:00
/**
2014-09-17 10:47:43 +02:00
* \ brief Set the transport type ( TLS or DTLS ) .
* Default : TLS
2014-02-06 13:04:16 +01:00
*
2014-09-17 10:47:43 +02:00
* \ param ssl SSL context
2014-02-06 13:04:16 +01:00
* \ param transport transport type :
* SSL_TRANSPORT_STREAM for TLS ,
* SSL_TRANSPORT_DATAGRAM for DTLS .
2014-09-17 10:47:43 +02:00
* \ return 0 on success or POLARSSL_ERR_SSL_BAD_INPUT_DATA
2014-02-10 13:43:33 +01:00
*
* \ note If DTLS is selected and max and / or min version are less
* than TLS 1.1 ( DTLS 1.0 ) they are upped to that value .
2014-09-17 10:47:43 +02:00
*
* \ note Regarding I / O callbacks , you must either [ TODO - DTLS :
* unimplemented yet : provide a recv callback that doesn ' t
* block ] , or one that handles timeouts , see
* ssl_set_bio_timeout ( )
2014-02-06 13:04:16 +01:00
*/
2014-02-10 14:25:10 +01:00
int ssl_set_transport ( ssl_context * ssl , int transport ) ;
2014-02-06 13:04:16 +01:00
2009-01-03 22:22:43 +01:00
/**
* \ brief Set the certificate verification mode
*
* \ param ssl SSL context
2011-01-06 13:28:03 +01:00
* \ param authmode can be :
2009-01-03 22:22:43 +01:00
*
* SSL_VERIFY_NONE : peer certificate is not checked ( default ) ,
* this is insecure and SHOULD be avoided .
*
* SSL_VERIFY_OPTIONAL : peer certificate is checked , however the
* handshake continues even if verification failed ;
* ssl_get_verify_result ( ) can be called after the
* handshake is complete .
*
* SSL_VERIFY_REQUIRED : peer * must * present a valid certificate ,
* handshake is aborted if verification failed .
2014-03-11 10:50:48 +01:00
*
* \ note On client , SSL_VERIFY_REQUIRED is the recommended mode .
* With SSL_VERIFY_OPTIONAL , the user needs to call ssl_get_verify_result ( ) at
* the right time ( s ) , which may not be obvious , while REQUIRED always perform
* the verification as soon as possible . For example , REQUIRED was protecting
* against the " triple handshake " attack even before it was found .
2009-01-03 22:22:43 +01:00
*/
void ssl_set_authmode ( ssl_context * ssl , int authmode ) ;
2013-09-16 13:49:26 +02:00
# if defined(POLARSSL_X509_CRT_PARSE_C)
2011-01-13 18:54:59 +01:00
/**
* \ brief Set the verification callback ( Optional ) .
*
2012-09-28 09:10:55 +02:00
* If set , the verify callback is called for each
* certificate in the chain . For implementation
* information , please see \ c x509parse_verify ( )
2011-01-13 18:54:59 +01:00
*
* \ param ssl SSL context
* \ param f_vrfy verification function
* \ param p_vrfy verification parameter
*/
void ssl_set_verify ( ssl_context * ssl ,
2013-09-18 14:13:26 +02:00
int ( * f_vrfy ) ( void * , x509_crt * , int , int * ) ,
2011-01-13 18:54:59 +01:00
void * p_vrfy ) ;
2013-09-16 13:49:26 +02:00
# endif /* POLARSSL_X509_CRT_PARSE_C */
2011-01-13 18:54:59 +01:00
2009-01-03 22:22:43 +01:00
/**
* \ brief Set the random number generator callback
*
* \ param ssl SSL context
* \ param f_rng RNG function
* \ param p_rng RNG parameter
*/
void ssl_set_rng ( ssl_context * ssl ,
2011-11-27 22:07:34 +01:00
int ( * f_rng ) ( void * , unsigned char * , size_t ) ,
2009-01-03 22:22:43 +01:00
void * p_rng ) ;
/**
* \ brief Set the debug callback
*
* \ param ssl SSL context
* \ param f_dbg debug function
* \ param p_dbg debug parameter
*/
void ssl_set_dbg ( ssl_context * ssl ,
2010-03-16 22:09:09 +01:00
void ( * f_dbg ) ( void * , int , const char * ) ,
2009-01-03 22:22:43 +01:00
void * p_dbg ) ;
/**
* \ brief Set the underlying BIO read and write callbacks
*
* \ param ssl SSL context
* \ param f_recv read callback
2014-09-17 11:34:57 +02:00
* \ param p_recv read parameter ( must be equal to write parameter )
2009-01-03 22:22:43 +01:00
* \ param f_send write callback
2014-09-17 11:34:57 +02:00
* \ param p_send write parameter ( must be equal to read parameter )
*
* \ warning It is required that p_recv = = p_send . Otherwise , the first
* attempt at sending or receiving will result in a
* POLARSSL_ERR_SSL_BAD_INPUT_DATA error .
2009-01-03 22:22:43 +01:00
*/
void ssl_set_bio ( ssl_context * ssl ,
2011-04-24 10:57:21 +02:00
int ( * f_recv ) ( void * , unsigned char * , size_t ) , void * p_recv ,
2011-06-21 09:36:43 +02:00
int ( * f_send ) ( void * , const unsigned char * , size_t ) , void * p_send ) ;
2009-01-03 22:22:43 +01:00
2014-09-17 10:47:43 +02:00
/**
* \ brief Set the underlying BIO callbacks for write , read and
* read - with - timeout .
*
* \ param ssl SSL context
* \ param p_bio parameter ( context ) shared by BIO callbacks
* \ param f_send write callback
* \ param f_recv read callback
* \ param f_recv_timeout read callback with timeout .
* The last argument of the callback is the timeout in seconds
* \ param timeout Value of the recv timeout in seconds . ( For DTLS , also the
* initial value of the handshake retransmission timeout . )
*
* \ note f_recv_timeout is required for DTLS , [ TODO - TLS :
* unimplmented yet : unless f_recv performs non - blocking
* reads ] .
*
* \ note f_recv_timeout must actually block until it receives
* something or times out ( or is interrupted by a signal )
*
* \ note TODO : with TLS , f_recv_timeout and timeout are ignored for
* now .
*/
void ssl_set_bio_timeout ( ssl_context * ssl ,
void * p_bio ,
int ( * f_send ) ( void * , const unsigned char * , size_t ) ,
int ( * f_recv ) ( void * , unsigned char * , size_t ) ,
2014-10-01 15:01:39 +02:00
int ( * f_recv_timeout ) ( void * , unsigned char * , size_t , uint32_t ) ,
uint32_t timeout ) ;
2014-09-17 10:47:43 +02:00
2014-07-23 00:28:58 +02:00
# if defined(POLARSSL_SSL_DTLS_HELLO_VERIFY)
2014-07-22 17:32:01 +02:00
/**
* \ brief Set client ' s transport - level identification info .
2014-07-23 14:56:15 +02:00
* ( Server only . DTLS only . )
2014-07-22 17:32:01 +02:00
*
* This is usually the IP address ( and port ) , but could be
* anything identify the client depending on the underlying
* network stack . Used for HelloVerifyRequest with DTLS .
* This is * not * used to route the actual packets .
*
* \ param ssl SSL context
* \ param info Transport - level info identifying the client ( eg IP + port )
* \ param ilen Length of info in bytes
*
* \ note An internal copy is made , so the info buffer can be reused .
*
* \ return 0 on success ,
* POLARSSL_ERR_SSL_BAD_INPUT_DATA if used on client ,
* POLARSSL_ERR_SSL_MALLOC_FAILED if out of memory .
*/
int ssl_set_client_transport_id ( ssl_context * ssl ,
const unsigned char * info ,
size_t ilen ) ;
2014-07-22 22:10:43 +02:00
2014-07-23 14:56:15 +02:00
/**
* \ brief Callback type : generate a cookie
*
* \ param ctx Context for the callback
* \ param p Buffer to write to ,
* must be updated to point right after the cookie
* \ param end Pointer to one past the end of the output buffer
* \ param info Client ID info that was passed to
* \ c ssl_set_client_transport_id ( )
* \ param ilen Length of info in bytes
*
* \ return The callback must return 0 on success ,
* or a negative error code .
*/
typedef int ssl_cookie_write_t ( void * ctx ,
unsigned char * * p , unsigned char * end ,
const unsigned char * info , size_t ilen ) ;
/**
* \ brief Callback type : verify a cookie
*
* \ param ctx Context for the callback
* \ param cookie Cookie to verify
* \ param clen Length of cookie
* \ param info Client ID info that was passed to
* \ c ssl_set_client_transport_id ( )
* \ param ilen Length of info in bytes
*
* \ return The callback must return 0 if cookie is valid ,
* or a negative error code .
*/
typedef int ssl_cookie_check_t ( void * ctx ,
const unsigned char * cookie , size_t clen ,
const unsigned char * info , size_t ilen ) ;
/**
* \ brief Register callbacks for DTLS cookies
* ( Server only . DTLS only . )
*
2014-07-23 17:52:09 +02:00
* Default : dummy callbacks that fail , to force you to
* register working callbacks ( and initialize their context ) .
*
* To disable HelloVerifyRequest , register NULL callbacks .
*
* \ warning Disabling hello verification allows your server to be used
* for amplification in DoS attacks against other hosts .
* Only disable if you known this can ' t happen in your
* particular environment .
*
2014-07-23 14:56:15 +02:00
* \ param ssl SSL context
* \ param f_cookie_write Cookie write callback
* \ param f_cookie_check Cookie check callback
* \ param p_cookie Context for both callbacks
*/
void ssl_set_dtls_cookies ( ssl_context * ssl ,
ssl_cookie_write_t * f_cookie_write ,
ssl_cookie_check_t * f_cookie_check ,
void * p_cookie ) ;
2014-07-23 00:28:58 +02:00
# endif /* POLARSSL_SSL_DTLS_HELLO_VERIFY */
2014-07-22 17:32:01 +02:00
2014-09-24 14:41:11 +02:00
# if defined(POLARSSL_SSL_DTLS_ANTI_REPLAY)
/**
* \ brief Enable or disable anti - replay protection for DTLS .
* ( DTLS only , no effect on TLS . )
* Default : enebled .
*
* \ param ssl SSL context
* \ param mode SSL_ANTI_REPLAY_ENABLED or SSL_ANTI_REPLAY_DISABLED .
*/
void ssl_set_dtls_anti_replay ( ssl_context * ssl , char mode ) ;
# endif /* POLARSSL_SSL_DTLS_ANTI_REPLAY */
2014-10-01 12:03:55 +02:00
# if defined(POLARSSL_SSL_PROTO_DTLS)
/**
* \ brief Set retransmit timeout values for the DTLS handshale .
* ( DTLS only , no effect on TLS . )
*
* \ param ssl SSL context
* \ param min Initial timeout value in milliseconds .
* Default : 1000 ( 1 second ) .
* \ param max Maximum timeout value in milliseconds .
* Default : 60000 ( 60 seconds ) .
*
* \ note Default values are from RFC 6347 section 4.2 .4 .1 .
*
* \ note Higher values for initial timeout may increase average
* handshake latency . Lower values may increase the risk of
* network congestion by causing more retransmissions .
*/
void ssl_set_handshake_timeout ( ssl_context * ssl , uint32_t min , uint32_t max ) ;
# endif /* POLARSSL_SSL_PROTO_DTLS */
2014-09-24 14:41:11 +02:00
2009-01-03 22:22:43 +01:00
/**
2012-09-25 23:55:46 +02:00
* \ brief Set the session cache callbacks ( server - side only )
* If not set , no session resuming is done .
2009-01-03 22:22:43 +01:00
*
2012-09-25 23:55:46 +02:00
* The session cache has the responsibility to check for stale
* entries based on timeout . See RFC 5246 for recommendations .
*
* Warning : session . peer_cert is cleared by the SSL / TLS layer on
* connection shutdown , so do not cache the pointer ! Either set
* it to NULL or make a full copy of the certificate .
*
* The get callback is called once during the initial handshake
* to enable session resuming . The get function has the
* following parameters : ( void * parameter , ssl_session * session )
* If a valid entry is found , it should fill the master of
* the session object with the cached values and return 0 ,
* return 1 otherwise . Optionally peer_cert can be set as well
* if it is properly present in cache entry .
*
* The set callback is called once during the initial handshake
* to enable session resuming after the entire handshake has
* been finished . The set function has the following parameters :
* ( void * parameter , const ssl_session * session ) . The function
* should create a cache entry for future retrieval based on
* the data in the session structure and should keep in mind
* that the ssl_session object presented ( and all its referenced
* data ) is cleared by the SSL / TLS layer when the connection is
* terminated . It is recommended to add metadata to determine if
* an entry is still valid in the future . Return 0 if
2012-11-02 11:59:36 +01:00
* successfully cached , return 1 otherwise .
2012-09-25 23:55:46 +02:00
*
* \ param ssl SSL context
* \ param f_get_cache session get callback
* \ param p_get_cache session get parameter
* \ param f_set_cache session set callback
* \ param p_set_cache session set parameter
2009-01-03 22:22:43 +01:00
*/
2012-09-25 23:55:46 +02:00
void ssl_set_session_cache ( ssl_context * ssl ,
int ( * f_get_cache ) ( void * , ssl_session * ) , void * p_get_cache ,
int ( * f_set_cache ) ( void * , const ssl_session * ) , void * p_set_cache ) ;
2009-01-03 22:22:43 +01:00
/**
2012-09-25 23:55:46 +02:00
* \ brief Request resumption of session ( client - side only )
* Session data is copied from presented session structure .
*
2009-01-03 22:22:43 +01:00
* \ param ssl SSL context
* \ param session session context
2013-07-30 12:41:56 +02:00
*
2013-08-02 15:34:52 +02:00
* \ return 0 if successful ,
* POLARSSL_ERR_SSL_MALLOC_FAILED if memory allocation failed ,
* POLARSSL_ERR_SSL_BAD_INPUT_DATA if used server - side or
* arguments are otherwise invalid
*
2013-07-30 12:41:56 +02:00
* \ sa ssl_get_session ( )
2009-01-03 22:22:43 +01:00
*/
2013-08-02 15:34:52 +02:00
int ssl_set_session ( ssl_context * ssl , const ssl_session * session ) ;
2009-01-03 22:22:43 +01:00
/**
2014-01-14 14:08:13 +01:00
* \ brief Set the list of allowed ciphersuites and the preference
* order . First in the list has the highest preference .
2013-04-15 15:09:54 +02:00
* ( Overrides all version specific lists )
2009-01-03 22:22:43 +01:00
*
2014-01-14 14:08:13 +01:00
* Note : The PolarSSL SSL server uses its own preferences
* over the preference of the connection SSL client unless
* POLARSSL_SSL_SRV_RESPECT_CLIENT_PREFERENCE is defined !
*
2011-01-27 18:40:50 +01:00
* \ param ssl SSL context
* \ param ciphersuites 0 - terminated list of allowed ciphersuites
2009-01-03 22:22:43 +01:00
*/
2012-08-23 10:34:18 +02:00
void ssl_set_ciphersuites ( ssl_context * ssl , const int * ciphersuites ) ;
2009-01-03 22:22:43 +01:00
2013-04-15 15:09:54 +02:00
/**
2014-01-14 14:08:13 +01:00
* \ brief Set the list of allowed ciphersuites and the
* preference order for a specific version of the protocol .
2013-04-15 15:09:54 +02:00
* ( Only useful on the server side )
*
* \ param ssl SSL context
* \ param ciphersuites 0 - terminated list of allowed ciphersuites
* \ param major Major version number ( only SSL_MAJOR_VERSION_3
* supported )
* \ param minor Minor version number ( SSL_MINOR_VERSION_0 ,
* SSL_MINOR_VERSION_1 and SSL_MINOR_VERSION_2 ,
* SSL_MINOR_VERSION_3 supported )
2014-02-10 13:43:33 +01:00
*
* \ note With DTLS , use SSL_MINOR_VERSION_2 for DTLS 1.0
* and SSL_MINOR_VERSION_3 for DTLS 1.2
2013-04-15 15:09:54 +02:00
*/
void ssl_set_ciphersuites_for_version ( ssl_context * ssl ,
const int * ciphersuites ,
int major , int minor ) ;
2013-09-16 13:49:26 +02:00
# if defined(POLARSSL_X509_CRT_PARSE_C)
2009-01-03 22:22:43 +01:00
/**
* \ brief Set the data required to verify peer certificate
*
* \ param ssl SSL context
2012-11-20 10:30:55 +01:00
* \ param ca_chain trusted CA chain ( meaning all fully trusted top - level CAs )
2009-05-03 12:18:48 +02:00
* \ param ca_crl trusted CA CRLs
2009-01-03 22:22:43 +01:00
* \ param peer_cn expected peer CommonName ( or NULL )
*/
2013-09-18 14:13:26 +02:00
void ssl_set_ca_chain ( ssl_context * ssl , x509_crt * ca_chain ,
2010-03-24 07:51:15 +01:00
x509_crl * ca_crl , const char * peer_cn ) ;
2009-01-03 22:22:43 +01:00
/**
2012-11-20 10:30:55 +01:00
* \ brief Set own certificate chain and private key
*
2013-09-23 14:46:13 +02:00
* \ note own_cert should contain in order from the bottom up your
* certificate chain . The top certificate ( self - signed )
2012-11-20 10:30:55 +01:00
* can be omitted .
2009-01-03 22:22:43 +01:00
*
2013-09-23 14:46:13 +02:00
* \ note This function may be called more than once if you want to
* support multiple certificates ( eg , one using RSA and one
* using ECDSA ) . However , on client , currently only the first
* certificate is used ( subsequent calls have no effect ) .
*
2009-01-03 22:22:43 +01:00
* \ param ssl SSL context
2012-11-20 10:30:55 +01:00
* \ param own_cert own public certificate chain
2013-08-19 14:10:16 +02:00
* \ param pk_key own private key
2013-09-23 14:46:13 +02:00
*
* \ return 0 on success or POLARSSL_ERR_SSL_MALLOC_FAILED
2009-01-03 22:22:43 +01:00
*/
2013-09-23 14:46:13 +02:00
int ssl_set_own_cert ( ssl_context * ssl , x509_crt * own_cert ,
2013-08-21 16:14:26 +02:00
pk_context * pk_key ) ;
2009-01-03 22:22:43 +01:00
2013-08-19 14:10:16 +02:00
# if defined(POLARSSL_RSA_C)
2011-01-18 16:27:19 +01:00
/**
2013-08-19 14:10:16 +02:00
* \ brief Set own certificate chain and private RSA key
*
* Note : own_cert should contain IN order from the bottom
* up your certificate chain . The top certificate ( self - signed )
* can be omitted .
*
2014-03-25 16:37:27 +01:00
* \ warning This backwards - compatibility function is deprecated !
* Please use \ c ssl_set_own_cert ( ) instead .
*
2013-08-19 14:10:16 +02:00
* \ param ssl SSL context
* \ param own_cert own public certificate chain
* \ param rsa_key own private RSA key
2013-08-21 16:14:26 +02:00
*
* \ return 0 on success , or a specific error code .
2013-08-19 14:10:16 +02:00
*/
2013-09-18 14:13:26 +02:00
int ssl_set_own_cert_rsa ( ssl_context * ssl , x509_crt * own_cert ,
2013-08-21 16:14:26 +02:00
rsa_context * rsa_key ) ;
2013-08-19 14:10:16 +02:00
# endif /* POLARSSL_RSA_C */
2009-01-03 22:22:43 +01:00
2011-01-18 16:27:19 +01:00
/**
2013-08-19 14:10:16 +02:00
* \ brief Set own certificate and alternate non - PolarSSL RSA private
2012-09-27 21:15:01 +02:00
* key and handling callbacks , such as the PKCS # 11 wrappers
* or any other external private key handler .
* ( see the respective RSA functions in rsa . h for documentation
* of the callback parameters , with the only change being
* that the rsa_context * is a void * in the callbacks )
2011-01-18 16:27:19 +01:00
*
2012-11-20 10:30:55 +01:00
* Note : own_cert should contain IN order from the bottom
* up your certificate chain . The top certificate ( self - signed )
* can be omitted .
*
2014-03-25 16:37:27 +01:00
* \ warning This backwards - compatibility function is deprecated !
* Please use \ c pk_init_ctx_rsa_alt ( )
* and \ c ssl_set_own_cert ( ) instead .
*
2011-01-18 16:27:19 +01:00
* \ param ssl SSL context
2012-11-20 10:30:55 +01:00
* \ param own_cert own public certificate chain
2012-09-27 21:15:01 +02:00
* \ param rsa_key alternate implementation private RSA key
2013-09-10 16:16:50 +02:00
* \ param rsa_decrypt alternate implementation of \ c rsa_pkcs1_decrypt ( )
* \ param rsa_sign alternate implementation of \ c rsa_pkcs1_sign ( )
* \ param rsa_key_len function returning length of RSA key in bytes
2013-08-21 15:09:31 +02:00
*
* \ return 0 on success , or a specific error code .
2011-01-18 16:27:19 +01:00
*/
2013-09-18 14:13:26 +02:00
int ssl_set_own_cert_alt ( ssl_context * ssl , x509_crt * own_cert ,
2013-08-22 17:54:20 +02:00
void * rsa_key ,
rsa_decrypt_func rsa_decrypt ,
rsa_sign_func rsa_sign ,
rsa_key_len_func rsa_key_len ) ;
2013-09-16 13:49:26 +02:00
# endif /* POLARSSL_X509_CRT_PARSE_C */
2011-01-18 16:27:19 +01:00
2013-10-14 19:54:10 +02:00
# if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
2013-04-16 18:05:29 +02:00
/**
* \ brief Set the Pre Shared Key ( PSK ) and the identity name connected
2013-09-18 17:29:31 +02:00
* to it .
2013-04-16 18:05:29 +02:00
*
* \ param ssl SSL context
* \ param psk pointer to the pre - shared key
* \ param psk_len pre - shared key length
* \ param psk_identity pointer to the pre - shared key identity
* \ param psk_identity_len identity key length
2013-09-18 17:29:31 +02:00
*
* \ return 0 if successful or POLARSSL_ERR_SSL_MALLOC_FAILED
2013-04-16 18:05:29 +02:00
*/
2013-09-18 17:29:31 +02:00
int ssl_set_psk ( ssl_context * ssl , const unsigned char * psk , size_t psk_len ,
const unsigned char * psk_identity , size_t psk_identity_len ) ;
/**
* \ brief Set the PSK callback ( server - side only ) ( Optional ) .
*
* If set , the PSK callback is called for each
* handshake where a PSK ciphersuite was negotiated .
2014-02-25 13:08:08 +01:00
* The caller provides the identity received and wants to
2013-09-18 17:29:31 +02:00
* receive the actual PSK data and length .
*
* The callback has the following parameters : ( void * parameter ,
* ssl_context * ssl , const unsigned char * psk_identity ,
* size_t identity_len )
* If a valid PSK identity is found , the callback should use
* ssl_set_psk ( ) on the ssl context to set the correct PSK and
* identity and return 0.
* Any other return value will result in a denied PSK identity .
*
* \ param ssl SSL context
* \ param f_psk PSK identity function
* \ param p_psk PSK identity parameter
*/
void ssl_set_psk_cb ( ssl_context * ssl ,
int ( * f_psk ) ( void * , ssl_context * , const unsigned char * ,
size_t ) ,
void * p_psk ) ;
2013-10-14 19:54:10 +02:00
# endif /* POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED */
2013-04-16 18:05:29 +02:00
2012-09-16 21:57:18 +02:00
# if defined(POLARSSL_DHM_C)
2009-01-03 22:22:43 +01:00
/**
* \ brief Set the Diffie - Hellman public P and G values ,
* read as hexadecimal strings ( server - side only )
2012-09-28 09:31:51 +02:00
* ( Default : POLARSSL_DHM_RFC5114_MODP_1024_ [ PG ] )
2009-01-03 22:22:43 +01:00
*
* \ param ssl SSL context
* \ param dhm_P Diffie - Hellman - Merkle modulus
* \ param dhm_G Diffie - Hellman - Merkle generator
*
* \ return 0 if successful
*/
2010-03-16 22:09:09 +01:00
int ssl_set_dh_param ( ssl_context * ssl , const char * dhm_P , const char * dhm_G ) ;
2009-01-03 22:22:43 +01:00
2011-01-06 16:48:19 +01:00
/**
* \ brief Set the Diffie - Hellman public P and G values ,
* read from existing context ( server - side only )
*
* \ param ssl SSL context
* \ param dhm_ctx Diffie - Hellman - Merkle context
*
* \ return 0 if successful
*/
int ssl_set_dh_param_ctx ( ssl_context * ssl , dhm_context * dhm_ctx ) ;
2014-05-01 13:03:14 +02:00
# endif /* POLARSSL_DHM_C */
2011-01-06 16:48:19 +01:00
2014-02-04 15:52:33 +01:00
# if defined(POLARSSL_SSL_SET_CURVES)
2014-01-19 21:48:42 +01:00
/**
2014-02-04 15:14:13 +01:00
* \ brief Set the allowed curves in order of preference .
2014-02-03 15:56:49 +01:00
* ( Default : all defined curves . )
2014-01-19 21:48:42 +01:00
*
2014-02-04 15:14:13 +01:00
* On server : this only affects selection of the ECDHE curve ;
* the curves used for ECDH and ECDSA are determined by the
* list of available certificates instead .
*
* On client : this affects the list of curves offered for any
2014-02-04 16:18:07 +01:00
* use . The server can override our preference order .
*
* Both sides : limits the set of curves used by peer to the
* listed curves for any use ( ECDH ( E ) , certificates ) .
2014-01-19 21:48:42 +01:00
*
* \ param ssl SSL context
2014-02-04 15:14:13 +01:00
* \ param curves Ordered list of allowed curves ,
* terminated by POLARSSL_ECP_DP_NONE .
2014-01-19 21:48:42 +01:00
*/
2014-02-04 13:58:39 +01:00
void ssl_set_curves ( ssl_context * ssl , const ecp_group_id * curves ) ;
2014-05-01 13:03:14 +02:00
# endif /* POLARSSL_SSL_SET_CURVES */
2014-01-19 21:48:42 +01:00
2013-08-27 21:55:01 +02:00
# if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
2009-01-03 22:22:43 +01:00
/**
2012-09-27 23:49:42 +02:00
* \ brief Set hostname for ServerName TLS extension
* ( client - side only )
2013-09-18 17:29:31 +02:00
*
2009-01-03 22:22:43 +01:00
*
* \ param ssl SSL context
* \ param hostname the server hostname
*
2012-01-13 14:44:06 +01:00
* \ return 0 if successful or POLARSSL_ERR_SSL_MALLOC_FAILED
2009-01-03 22:22:43 +01:00
*/
2010-03-16 22:09:09 +01:00
int ssl_set_hostname ( ssl_context * ssl , const char * hostname ) ;
2009-01-03 22:22:43 +01:00
2012-09-27 23:49:42 +02:00
/**
* \ brief Set server side ServerName TLS extension callback
* ( optional , server - side only ) .
*
* If set , the ServerName callback is called whenever the
* server receives a ServerName TLS extension from the client
* during a handshake . The ServerName callback has the
* following parameters : ( void * parameter , ssl_context * ssl ,
* const unsigned char * hostname , size_t len ) . If a suitable
* certificate is found , the callback should set the
* certificate and key to use with ssl_set_own_cert ( ) ( and
* possibly adjust the CA chain as well ) and return 0. The
* callback should return - 1 to abort the handshake at this
* point .
*
* \ param ssl SSL context
* \ param f_sni verification function
* \ param p_sni verification parameter
*/
void ssl_set_sni ( ssl_context * ssl ,
int ( * f_sni ) ( void * , ssl_context * , const unsigned char * ,
size_t ) ,
void * p_sni ) ;
2013-08-27 21:55:01 +02:00
# endif /* POLARSSL_SSL_SERVER_NAME_INDICATION */
2012-09-27 23:49:42 +02:00
2014-04-04 16:08:41 +02:00
# if defined(POLARSSL_SSL_ALPN)
/**
* \ brief Set the supported Application Layer Protocols .
*
* \ param ssl SSL context
* \ param protos NULL - terminated list of supported protocols ,
* in decreasing preference order .
2014-04-07 10:57:45 +02:00
*
* \ return 0 on success , or POLARSSL_ERR_SSL_BAD_INPUT_DATA .
2014-04-04 16:08:41 +02:00
*/
2014-04-07 10:57:45 +02:00
int ssl_set_alpn_protocols ( ssl_context * ssl , const char * * protos ) ;
2014-04-04 16:08:41 +02:00
/**
* \ brief Get the name of the negotiated Application Layer Protocol .
* This function should be called after the handshake is
* completed .
*
* \ param ssl SSL context
*
* \ return Protcol name , or NULL if no protocol was negotiated .
*/
const char * ssl_get_alpn_protocol ( const ssl_context * ssl ) ;
# endif /* POLARSSL_SSL_ALPN */
2011-10-06 15:04:09 +02:00
/**
* \ brief Set the maximum supported version sent from the client side
2013-06-29 16:01:15 +02:00
* and / or accepted at the server side
2013-08-27 21:19:20 +02:00
* ( Default : SSL_MAX_MAJOR_VERSION , SSL_MAX_MINOR_VERSION )
*
* Note : This ignores ciphersuites from ' higher ' versions .
2013-06-29 16:01:15 +02:00
*
2011-10-06 15:04:09 +02:00
* \ param ssl SSL context
* \ param major Major version number ( only SSL_MAJOR_VERSION_3 supported )
* \ param minor Minor version number ( SSL_MINOR_VERSION_0 ,
2012-04-11 14:09:53 +02:00
* SSL_MINOR_VERSION_1 and SSL_MINOR_VERSION_2 ,
* SSL_MINOR_VERSION_3 supported )
2014-02-10 14:25:10 +01:00
* \ return 0 on success or POLARSSL_ERR_SSL_BAD_INPUT_DATA
2014-02-10 13:43:33 +01:00
*
* \ note With DTLS , use SSL_MINOR_VERSION_2 for DTLS 1.0 and
* SSL_MINOR_VERSION_3 for DTLS 1.2
2011-10-06 15:04:09 +02:00
*/
2014-02-10 14:25:10 +01:00
int ssl_set_max_version ( ssl_context * ssl , int major , int minor ) ;
2011-10-06 15:04:09 +02:00
2012-09-28 15:28:45 +02:00
/**
* \ brief Set the minimum accepted SSL / TLS protocol version
2013-08-27 21:19:20 +02:00
* ( Default : SSL_MIN_MAJOR_VERSION , SSL_MIN_MINOR_VERSION )
*
2012-09-28 15:28:45 +02:00
* \ param ssl SSL context
* \ param major Major version number ( only SSL_MAJOR_VERSION_3 supported )
* \ param minor Minor version number ( SSL_MINOR_VERSION_0 ,
* SSL_MINOR_VERSION_1 and SSL_MINOR_VERSION_2 ,
* SSL_MINOR_VERSION_3 supported )
2014-02-10 14:25:10 +01:00
* \ return 0 on success or POLARSSL_ERR_SSL_BAD_INPUT_DATA
2014-02-10 13:43:33 +01:00
*
* \ note With DTLS , use SSL_MINOR_VERSION_2 for DTLS 1.0 and
* SSL_MINOR_VERSION_3 for DTLS 1.2
2012-09-28 15:28:45 +02:00
*/
2014-02-10 14:25:10 +01:00
int ssl_set_min_version ( ssl_context * ssl , int major , int minor ) ;
2012-09-28 15:28:45 +02:00
2013-08-15 13:33:48 +02:00
# if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
2013-07-16 12:45:26 +02:00
/**
* \ brief Set the maximum fragment length to emit and / or negotiate
* ( Default : SSL_MAX_CONTENT_LEN , usually 2 ^ 14 bytes )
* ( Server : set maximum fragment length to emit ,
* usually negotiated by the client during handshake
* ( Client : set maximum fragment length to emit * and *
* negotiate with the server during handshake )
*
* \ param ssl SSL context
2013-09-10 16:16:50 +02:00
* \ param mfl_code Code for maximum fragment length ( allowed values :
2013-07-16 12:45:26 +02:00
* SSL_MAX_FRAG_LEN_512 , SSL_MAX_FRAG_LEN_1024 ,
* SSL_MAX_FRAG_LEN_2048 , SSL_MAX_FRAG_LEN_4096 )
*
* \ return O if successful or POLARSSL_ERR_SSL_BAD_INPUT_DATA
*/
int ssl_set_max_frag_len ( ssl_context * ssl , unsigned char mfl_code ) ;
2013-08-15 13:33:48 +02:00
# endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */
2013-07-16 12:45:26 +02:00
2013-08-15 13:45:55 +02:00
# if defined(POLARSSL_SSL_TRUNCATED_HMAC)
2013-07-19 11:08:52 +02:00
/**
* \ brief Activate negotiation of truncated HMAC ( Client only )
2013-07-19 14:14:37 +02:00
* ( Default : SSL_TRUNC_HMAC_ENABLED )
2013-07-19 11:08:52 +02:00
*
* \ param ssl SSL context
2013-07-19 14:14:37 +02:00
* \ param truncate Enable or disable ( SSL_TRUNC_HMAC_ENABLED or
* SSL_TRUNC_HMAC_DISABLED )
2013-07-19 11:08:52 +02:00
*
* \ return O if successful ,
* POLARSSL_ERR_SSL_BAD_INPUT_DATA if used server - side
*/
2013-07-19 14:14:37 +02:00
int ssl_set_truncated_hmac ( ssl_context * ssl , int truncate ) ;
2013-08-15 13:45:55 +02:00
# endif /* POLARSSL_SSL_TRUNCATED_HMAC */
2013-07-19 11:08:52 +02:00
2013-08-14 13:48:06 +02:00
# if defined(POLARSSL_SSL_SESSION_TICKETS)
2013-08-03 13:02:31 +02:00
/**
* \ brief Enable / Disable session tickets
* ( Default : SSL_SESSION_TICKETS_ENABLED on client ,
* SSL_SESSION_TICKETS_DISABLED on server )
*
* \ note On server , ssl_set_rng ( ) must be called before this function
* to allow generating the ticket encryption and
* authentication keys .
*
* \ param ssl SSL context
* \ param use_tickets Enable or disable ( SSL_SESSION_TICKETS_ENABLED or
* SSL_SESSION_TICKETS_DISABLED )
*
* \ return O if successful ,
* or a specific error code ( server only ) .
*/
int ssl_set_session_tickets ( ssl_context * ssl , int use_tickets ) ;
2013-08-14 16:52:14 +02:00
/**
* \ brief Set session ticket lifetime ( server only )
* ( Default : SSL_DEFAULT_TICKET_LIFETIME ( 86400 secs / 1 day ) )
*
* \ param ssl SSL context
* \ param lifetime session ticket lifetime
*/
void ssl_set_session_ticket_lifetime ( ssl_context * ssl , int lifetime ) ;
2013-08-14 13:48:06 +02:00
# endif /* POLARSSL_SSL_SESSION_TICKETS */
2013-08-03 13:02:31 +02:00
2012-09-16 21:57:18 +02:00
/**
2012-10-23 13:54:56 +02:00
* \ brief Enable / Disable renegotiation support for connection when
* initiated by peer
* ( Default : SSL_RENEGOTIATION_DISABLED )
*
* Note : A server with support enabled is more vulnerable for a
2012-11-04 17:29:08 +01:00
* resource DoS by a malicious client . You should enable this on
* a client to enable server - initiated renegotiation .
2012-09-16 21:57:18 +02:00
*
* \ param ssl SSL context
* \ param renegotiation Enable or disable ( SSL_RENEGOTIATION_ENABLED or
* SSL_RENEGOTIATION_DISABLED )
*/
void ssl_set_renegotiation ( ssl_context * ssl , int renegotiation ) ;
/**
* \ brief Prevent or allow legacy renegotiation .
2012-09-17 11:18:12 +02:00
* ( Default : SSL_LEGACY_NO_RENEGOTIATION )
2014-05-01 13:03:14 +02:00
*
2012-09-17 11:18:12 +02:00
* SSL_LEGACY_NO_RENEGOTIATION allows connections to
* be established even if the peer does not support
* secure renegotiation , but does not allow renegotiation
* to take place if not secure .
* ( Interoperable and secure option )
*
* SSL_LEGACY_ALLOW_RENEGOTIATION allows renegotiations
* with non - upgraded peers . Allowing legacy renegotiation
* makes the connection vulnerable to specific man in the
* middle attacks . ( See RFC 5746 )
* ( Most interoperable and least secure option )
*
* SSL_LEGACY_BREAK_HANDSHAKE breaks off connections
* if peer does not support secure renegotiation . Results
* in interoperability issues with non - upgraded peers
* that do not support renegotiation altogether .
* ( Most secure option , interoperability issues )
2012-09-16 21:57:18 +02:00
*
* \ param ssl SSL context
2012-11-07 20:46:27 +01:00
* \ param allow_legacy Prevent or allow ( SSL_NO_LEGACY_RENEGOTIATION ,
* SSL_ALLOW_LEGACY_RENEGOTIATION or
* SSL_LEGACY_BREAK_HANDSHAKE )
2012-09-16 21:57:18 +02:00
*/
void ssl_legacy_renegotiation ( ssl_context * ssl , int allow_legacy ) ;
2014-07-03 19:29:16 +02:00
/**
* \ brief Enforce server - requested renegotiation .
* ( Default : enforced , max_records = 16 )
*
2014-08-19 13:58:40 +02:00
* When we request a renegotiation , the peer can comply or
* ignore the request . This function allows us to decide
* whether to enforce our renegotiation requests by closing
* the connection if the peer doesn ' t comply .
2014-07-03 19:29:16 +02:00
*
2014-08-19 13:58:40 +02:00
* However , records could already be in transit from the peer
* when the request is emitted . In order to increase
* reliability , we can accept a number of records before the
* expected handshake records .
2014-07-03 19:29:16 +02:00
*
* The optimal value is highly dependent on the specific usage
* scenario .
*
2014-08-19 13:58:40 +02:00
* \ warning On client , the grace period can only happen during
* ssl_read ( ) , as opposed to ssl_write ( ) and ssl_renegotiate ( )
* which always behave as if max_record was 0. The reason is ,
* if we receive application data from the server , we need a
* place to write it , which only happens during ssl_read ( ) .
*
2014-07-03 19:29:16 +02:00
* \ param ssl SSL context
* \ param max_records Use SSL_RENEGOTIATION_NOT_ENFORCED if you don ' t want to
* enforce renegotiation , or a non - negative value to enforce
* it but allow for a grace period of max_records records .
*/
void ssl_set_renegotiation_enforced ( ssl_context * ssl , int max_records ) ;
2009-01-03 22:22:43 +01:00
/**
* \ brief Return the number of data bytes available to read
*
* \ param ssl SSL context
*
* \ return how many bytes are available in the read buffer
*/
2011-04-24 10:57:21 +02:00
size_t ssl_get_bytes_avail ( const ssl_context * ssl ) ;
2009-01-03 22:22:43 +01:00
/**
* \ brief Return the result of the certificate verification
*
* \ param ssl SSL context
*
* \ return 0 if successful , or a combination of :
* BADCERT_EXPIRED
* BADCERT_REVOKED
* BADCERT_CN_MISMATCH
* BADCERT_NOT_TRUSTED
*/
2010-03-16 22:09:09 +01:00
int ssl_get_verify_result ( const ssl_context * ssl ) ;
2009-01-03 22:22:43 +01:00
/**
2011-01-27 18:40:50 +01:00
* \ brief Return the name of the current ciphersuite
2009-01-03 22:22:43 +01:00
*
* \ param ssl SSL context
*
2011-01-27 18:40:50 +01:00
* \ return a string containing the ciphersuite name
2009-01-03 22:22:43 +01:00
*/
2011-01-27 18:40:50 +01:00
const char * ssl_get_ciphersuite ( const ssl_context * ssl ) ;
2009-01-03 22:22:43 +01:00
2011-01-15 18:35:19 +01:00
/**
* \ brief Return the current SSL version ( SSLv3 / TLSv1 / etc )
*
* \ param ssl SSL context
*
* \ return a string containing the SSL version
*/
const char * ssl_get_version ( const ssl_context * ssl ) ;
2013-09-16 13:49:26 +02:00
# if defined(POLARSSL_X509_CRT_PARSE_C)
2012-10-30 08:51:03 +01:00
/**
* \ brief Return the peer certificate from the current connection
*
* Note : Can be NULL in case no certificate was sent during
* the handshake . Different calls for the same connection can
* return the same or different pointers for the same
* certificate and even a different certificate altogether .
* The peer cert CAN change in a single connection if
* renegotiation is performed .
*
* \ param ssl SSL context
*
* \ return the current peer certificate
*/
2013-09-18 14:13:26 +02:00
const x509_crt * ssl_get_peer_cert ( const ssl_context * ssl ) ;
2013-09-16 13:49:26 +02:00
# endif /* POLARSSL_X509_CRT_PARSE_C */
2012-10-30 08:51:03 +01:00
2013-07-30 12:41:56 +02:00
/**
* \ brief Save session in order to resume it later ( client - side only )
* Session data is copied to presented session structure .
*
* \ warning Currently , peer certificate is lost in the operation .
*
* \ param ssl SSL context
* \ param session session context
*
* \ return 0 if successful ,
* POLARSSL_ERR_SSL_MALLOC_FAILED if memory allocation failed ,
* POLARSSL_ERR_SSL_BAD_INPUT_DATA if used server - side or
* arguments are otherwise invalid
*
* \ sa ssl_set_session ( )
*/
int ssl_get_session ( const ssl_context * ssl , ssl_session * session ) ;
2009-01-03 22:22:43 +01:00
/**
* \ brief Perform the SSL handshake
*
* \ param ssl SSL context
*
2011-05-18 15:32:51 +02:00
* \ return 0 if successful , POLARSSL_ERR_NET_WANT_READ ,
* POLARSSL_ERR_NET_WANT_WRITE , or a specific SSL error code .
2009-01-03 22:22:43 +01:00
*/
int ssl_handshake ( ssl_context * ssl ) ;
2013-01-25 14:49:24 +01:00
/**
* \ brief Perform a single step of the SSL handshake
*
* Note : the state of the context ( ssl - > state ) will be at
* the following state after execution of this function .
* Do not call this function if state is SSL_HANDSHAKE_OVER .
*
* \ param ssl SSL context
*
* \ return 0 if successful , POLARSSL_ERR_NET_WANT_READ ,
* POLARSSL_ERR_NET_WANT_WRITE , or a specific SSL error code .
*/
int ssl_handshake_step ( ssl_context * ssl ) ;
2012-09-16 21:57:18 +02:00
/**
2013-10-30 16:41:21 +01:00
* \ brief Initiate an SSL renegotiation on the running connection .
* Client : perform the renegotiation right now .
* Server : request renegotiation , which will be performed
* during the next call to ssl_read ( ) if honored by client .
2012-09-16 21:57:18 +02:00
*
* \ param ssl SSL context
*
2013-10-29 10:02:51 +01:00
* \ return 0 if successful , or any ssl_handshake ( ) return value .
2012-09-16 21:57:18 +02:00
*/
int ssl_renegotiate ( ssl_context * ssl ) ;
2009-01-03 22:22:43 +01:00
/**
* \ brief Read at most ' len ' application data bytes
*
* \ param ssl SSL context
* \ param buf buffer that will hold the data
2014-09-24 11:13:11 +02:00
* \ param len maximum number of bytes to read
2009-01-03 22:22:43 +01:00
*
2011-05-18 15:32:51 +02:00
* \ return This function returns the number of bytes read , 0 for EOF ,
2009-01-03 22:22:43 +01:00
* or a negative error code .
*/
2011-04-24 10:57:21 +02:00
int ssl_read ( ssl_context * ssl , unsigned char * buf , size_t len ) ;
2009-01-03 22:22:43 +01:00
/**
* \ brief Write exactly ' len ' application data bytes
*
* \ param ssl SSL context
* \ param buf buffer holding the data
* \ param len how many bytes must be written
*
* \ return This function returns the number of bytes written ,
* or a negative error code .
*
2011-05-18 15:32:51 +02:00
* \ note When this function returns POLARSSL_ERR_NET_WANT_WRITE ,
2009-01-03 22:22:43 +01:00
* it must be called later with the * same * arguments ,
* until it returns a positive value .
*/
2011-04-24 10:57:21 +02:00
int ssl_write ( ssl_context * ssl , const unsigned char * buf , size_t len ) ;
2009-01-03 22:22:43 +01:00
2012-04-16 08:46:41 +02:00
/**
* \ brief Send an alert message
*
* \ param ssl SSL context
* \ param level The alert level of the message
* ( SSL_ALERT_LEVEL_WARNING or SSL_ALERT_LEVEL_FATAL )
* \ param message The alert message ( SSL_ALERT_MSG_ * )
*
2012-11-07 20:46:27 +01:00
* \ return 0 if successful , or a specific SSL error code .
2012-04-16 08:46:41 +02:00
*/
int ssl_send_alert_message ( ssl_context * ssl ,
unsigned char level ,
unsigned char message ) ;
2009-01-03 22:22:43 +01:00
/**
* \ brief Notify the peer that the connection is being closed
2009-07-28 09:18:38 +02:00
*
* \ param ssl SSL context
2009-01-03 22:22:43 +01:00
*/
int ssl_close_notify ( ssl_context * ssl ) ;
/**
2012-09-16 21:57:18 +02:00
* \ brief Free referenced items in an SSL context and clear memory
2009-07-28 09:18:38 +02:00
*
* \ param ssl SSL context
2009-01-03 22:22:43 +01:00
*/
void ssl_free ( ssl_context * ssl ) ;
2014-06-26 13:37:14 +02:00
/**
* \ brief Initialize SSL session structure
*
* \ param session SSL session
*/
void ssl_session_init ( ssl_session * session ) ;
2012-09-16 21:57:18 +02:00
/**
2012-09-25 23:55:46 +02:00
* \ brief Free referenced items in an SSL session including the
* peer certificate and clear memory
2012-09-16 21:57:18 +02:00
*
* \ param session SSL session
*/
void ssl_session_free ( ssl_session * session ) ;
/**
* \ brief Free referenced items in an SSL transform context and clear
* memory
*
* \ param transform SSL transform context
*/
void ssl_transform_free ( ssl_transform * transform ) ;
/**
* \ brief Free referenced items in an SSL handshake context and clear
* memory
*
* \ param handshake SSL handshake context
*/
void ssl_handshake_free ( ssl_handshake_params * handshake ) ;
2009-01-03 22:22:43 +01:00
/*
* Internal functions ( do not call directly )
*/
2013-01-25 14:49:24 +01:00
int ssl_handshake_client_step ( ssl_context * ssl ) ;
int ssl_handshake_server_step ( ssl_context * ssl ) ;
2012-09-16 21:57:18 +02:00
void ssl_handshake_wrapup ( ssl_context * ssl ) ;
2009-01-03 22:22:43 +01:00
2012-09-17 11:18:12 +02:00
int ssl_send_fatal_handshake_failure ( ssl_context * ssl ) ;
2014-07-11 13:45:34 +02:00
void ssl_reset_checksum ( ssl_context * ssl ) ;
2009-01-03 22:22:43 +01:00
int ssl_derive_keys ( ssl_context * ssl ) ;
int ssl_read_record ( ssl_context * ssl ) ;
2011-04-24 10:57:21 +02:00
int ssl_fetch_input ( ssl_context * ssl , size_t nb_want ) ;
2009-01-03 22:22:43 +01:00
int ssl_write_record ( ssl_context * ssl ) ;
int ssl_flush_output ( ssl_context * ssl ) ;
int ssl_parse_certificate ( ssl_context * ssl ) ;
int ssl_write_certificate ( ssl_context * ssl ) ;
int ssl_parse_change_cipher_spec ( ssl_context * ssl ) ;
int ssl_write_change_cipher_spec ( ssl_context * ssl ) ;
int ssl_parse_finished ( ssl_context * ssl ) ;
int ssl_write_finished ( ssl_context * ssl ) ;
2014-05-01 14:18:25 +02:00
void ssl_optimize_checksum ( ssl_context * ssl ,
const ssl_ciphersuite_t * ciphersuite_info ) ;
2012-04-18 18:10:25 +02:00
2013-10-14 19:54:10 +02:00
# if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
2013-10-14 13:09:25 +02:00
int ssl_psk_derive_premaster ( ssl_context * ssl , key_exchange_type_t key_ex ) ;
# endif
2013-09-20 12:29:15 +02:00
# if defined(POLARSSL_PK_C)
2013-08-21 16:14:26 +02:00
unsigned char ssl_sig_from_pk ( pk_context * pk ) ;
2013-08-22 13:52:48 +02:00
pk_type_t ssl_pk_alg_from_sig ( unsigned char sig ) ;
2013-09-20 12:29:15 +02:00
# endif
2013-08-22 13:52:48 +02:00
md_type_t ssl_md_alg_from_hash ( unsigned char hash ) ;
2013-08-21 16:14:26 +02:00
2014-02-04 16:18:07 +01:00
# if defined(POLARSSL_SSL_SET_CURVES)
int ssl_curve_is_acceptable ( const ssl_context * ssl , ecp_group_id grp_id ) ;
# endif
2013-09-23 14:46:13 +02:00
# if defined(POLARSSL_X509_CRT_PARSE_C)
static inline pk_context * ssl_own_key ( ssl_context * ssl )
{
2013-09-23 17:00:18 +02:00
return ( ssl - > handshake - > key_cert = = NULL ? NULL
: ssl - > handshake - > key_cert - > key ) ;
2013-09-23 14:46:13 +02:00
}
static inline x509_crt * ssl_own_cert ( ssl_context * ssl )
{
2013-09-23 17:00:18 +02:00
return ( ssl - > handshake - > key_cert = = NULL ? NULL
: ssl - > handshake - > key_cert - > cert ) ;
2013-09-23 14:46:13 +02:00
}
2014-04-09 09:50:57 +02:00
/*
* Check usage of a certificate wrt extensions :
* keyUsage , extendedKeyUsage ( later ) , and nSCertType ( later ) .
*
* Warning : cert_endpoint is the endpoint of the cert ( ie , of our peer when we
* check a cert we received from them ) !
*
* Return 0 if everything is OK , - 1 if not .
*/
int ssl_check_cert_usage ( const x509_crt * cert ,
const ssl_ciphersuite_t * ciphersuite ,
int cert_endpoint ) ;
2013-09-23 14:46:13 +02:00
# endif /* POLARSSL_X509_CRT_PARSE_C */
2014-02-11 18:15:03 +01:00
void ssl_write_version ( int major , int minor , int transport ,
unsigned char ver [ 2 ] ) ;
void ssl_read_version ( int * major , int * minor , int transport ,
const unsigned char ver [ 2 ] ) ;
2014-02-14 08:39:32 +01:00
static inline size_t ssl_hdr_len ( const ssl_context * ssl )
{
# if defined(POLARSSL_SSL_PROTO_DTLS)
if ( ssl - > transport = = SSL_TRANSPORT_DATAGRAM )
return ( 13 ) ;
2014-03-25 13:36:22 +01:00
# else
( ( void ) ssl ) ;
2014-02-14 08:39:32 +01:00
# endif
return ( 5 ) ;
}
2014-09-03 11:01:14 +02:00
static inline size_t ssl_hs_hdr_len ( const ssl_context * ssl )
{
# if defined(POLARSSL_SSL_PROTO_DTLS)
if ( ssl - > transport = = SSL_TRANSPORT_DATAGRAM )
return ( 12 ) ;
# else
( ( void ) ssl ) ;
# endif
return ( 4 ) ;
}
2014-09-19 15:09:21 +02:00
# if defined(POLARSSL_SSL_PROTO_DTLS)
2014-09-29 15:29:48 +02:00
void ssl_send_flight_completed ( ssl_context * ssl ) ;
2014-09-19 15:09:21 +02:00
void ssl_recv_flight_completed ( ssl_context * ssl ) ;
int ssl_resend ( ssl_context * ssl ) ;
# endif
2014-09-24 10:52:58 +02:00
/* Visible for testing purposes only */
# if defined(POLARSSL_SSL_DTLS_ANTI_REPLAY)
int ssl_dtls_replay_check ( ssl_context * ssl ) ;
void ssl_dtls_replay_update ( ssl_context * ssl ) ;
# endif
2013-10-28 13:46:11 +01:00
/* constant-time buffer comparison */
static inline int safer_memcmp ( const void * a , const void * b , size_t n )
{
size_t i ;
const unsigned char * A = ( const unsigned char * ) a ;
const unsigned char * B = ( const unsigned char * ) b ;
unsigned char diff = 0 ;
for ( i = 0 ; i < n ; i + + )
diff | = A [ i ] ^ B [ i ] ;
return ( diff ) ;
}
2009-01-03 22:22:43 +01:00
# ifdef __cplusplus
}
# endif
# endif /* ssl.h */