00001
00023 #ifndef POLARSSL_SSL_H
00024 #define POLARSSL_SSL_H
00025
00026 #include <time.h>
00027
00028 #include "polarssl/net.h"
00029 #include "polarssl/dhm.h"
00030 #include "polarssl/rsa.h"
00031 #include "polarssl/md5.h"
00032 #include "polarssl/sha1.h"
00033 #include "polarssl/x509.h"
00034
00035
00036
00037
00038 #define POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE -0x1000
00039 #define POLARSSL_ERR_SSL_BAD_INPUT_DATA -0x1800
00040 #define POLARSSL_ERR_SSL_INVALID_MAC -0x2000
00041 #define POLARSSL_ERR_SSL_INVALID_RECORD -0x2800
00042 #define POLARSSL_ERR_SSL_INVALID_MODULUS_SIZE -0x3000
00043 #define POLARSSL_ERR_SSL_UNKNOWN_CIPHER -0x3800
00044 #define POLARSSL_ERR_SSL_NO_CIPHER_CHOSEN -0x4000
00045 #define POLARSSL_ERR_SSL_NO_SESSION_FOUND -0x4800
00046 #define POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE -0x5000
00047 #define POLARSSL_ERR_SSL_CERTIFICATE_TOO_LARGE -0x5800
00048 #define POLARSSL_ERR_SSL_CERTIFICATE_REQUIRED -0x6000
00049 #define POLARSSL_ERR_SSL_PRIVATE_KEY_REQUIRED -0x6800
00050 #define POLARSSL_ERR_SSL_CA_CHAIN_REQUIRED -0x7000
00051 #define POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE -0x7800
00052 #define POLARSSL_ERR_SSL_FATAL_ALERT_MESSAGE -0x8000
00053 #define POLARSSL_ERR_SSL_PEER_VERIFY_FAILED -0x8800
00054 #define POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY -0x9000
00055 #define POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO -0x9800
00056 #define POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO -0xA000
00057 #define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE -0xA800
00058 #define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST -0xB000
00059 #define POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE -0xB800
00060 #define POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO_DONE -0xC000
00061 #define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE -0xC800
00062 #define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY -0xD000
00063 #define POLARSSL_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC -0xD800
00064 #define POLARSSL_ERR_SSL_BAD_HS_FINISHED -0xE000
00065
00066
00067
00068
00069 #define SSL_MAJOR_VERSION_3 3
00070 #define SSL_MINOR_VERSION_0 0
00071 #define SSL_MINOR_VERSION_1 1
00072 #define SSL_MINOR_VERSION_2 2
00074 #define SSL_IS_CLIENT 0
00075 #define SSL_IS_SERVER 1
00076 #define SSL_COMPRESS_NULL 0
00077
00078 #define SSL_VERIFY_NONE 0
00079 #define SSL_VERIFY_OPTIONAL 1
00080 #define SSL_VERIFY_REQUIRED 2
00081
00082 #define SSL_MAX_CONTENT_LEN 16384
00083
00084
00085
00086
00087
00088 #define SSL_BUFFER_LEN (SSL_MAX_CONTENT_LEN + 512)
00089
00090
00091
00092
00093 #define SSL_RSA_RC4_128_MD5 4
00094 #define SSL_RSA_RC4_128_SHA 5
00095 #define SSL_RSA_DES_168_SHA 10
00096 #define SSL_EDH_RSA_DES_168_SHA 22
00097 #define SSL_RSA_AES_128_SHA 47
00098 #define SSL_RSA_AES_256_SHA 53
00099 #define SSL_EDH_RSA_AES_256_SHA 57
00100
00101 #define SSL_RSA_CAMELLIA_128_SHA 0x41
00102 #define SSL_RSA_CAMELLIA_256_SHA 0x84
00103 #define SSL_EDH_RSA_CAMELLIA_256_SHA 0x88
00104
00105
00106
00107
00108 #define SSL_MSG_CHANGE_CIPHER_SPEC 20
00109 #define SSL_MSG_ALERT 21
00110 #define SSL_MSG_HANDSHAKE 22
00111 #define SSL_MSG_APPLICATION_DATA 23
00112
00113 #define SSL_ALERT_CLOSE_NOTIFY 0
00114 #define SSL_ALERT_WARNING 1
00115 #define SSL_ALERT_FATAL 2
00116 #define SSL_ALERT_NO_CERTIFICATE 41
00117
00118 #define SSL_HS_HELLO_REQUEST 0
00119 #define SSL_HS_CLIENT_HELLO 1
00120 #define SSL_HS_SERVER_HELLO 2
00121 #define SSL_HS_CERTIFICATE 11
00122 #define SSL_HS_SERVER_KEY_EXCHANGE 12
00123 #define SSL_HS_CERTIFICATE_REQUEST 13
00124 #define SSL_HS_SERVER_HELLO_DONE 14
00125 #define SSL_HS_CERTIFICATE_VERIFY 15
00126 #define SSL_HS_CLIENT_KEY_EXCHANGE 16
00127 #define SSL_HS_FINISHED 20
00128
00129
00130
00131
00132 #define TLS_EXT_SERVERNAME 0
00133 #define TLS_EXT_SERVERNAME_HOSTNAME 0
00134
00135
00136
00137
00138 typedef enum
00139 {
00140 SSL_HELLO_REQUEST,
00141 SSL_CLIENT_HELLO,
00142 SSL_SERVER_HELLO,
00143 SSL_SERVER_CERTIFICATE,
00144 SSL_SERVER_KEY_EXCHANGE,
00145 SSL_CERTIFICATE_REQUEST,
00146 SSL_SERVER_HELLO_DONE,
00147 SSL_CLIENT_CERTIFICATE,
00148 SSL_CLIENT_KEY_EXCHANGE,
00149 SSL_CERTIFICATE_VERIFY,
00150 SSL_CLIENT_CHANGE_CIPHER_SPEC,
00151 SSL_CLIENT_FINISHED,
00152 SSL_SERVER_CHANGE_CIPHER_SPEC,
00153 SSL_SERVER_FINISHED,
00154 SSL_FLUSH_BUFFERS,
00155 SSL_HANDSHAKE_OVER
00156 }
00157 ssl_states;
00158
00159 typedef struct _ssl_session ssl_session;
00160 typedef struct _ssl_context ssl_context;
00161
00162
00163
00164
00165 struct _ssl_session
00166 {
00167 time_t start;
00168 int cipher;
00169 int length;
00170 unsigned char id[32];
00171 unsigned char master[48];
00172 ssl_session *next;
00173 };
00174
00175 struct _ssl_context
00176 {
00177
00178
00179
00180 int state;
00182 int major_ver;
00183 int minor_ver;
00185 int max_major_ver;
00186 int max_minor_ver;
00188
00189
00190
00191 int (*f_rng)(void *);
00192 void (*f_dbg)(void *, int, char *);
00193 int (*f_recv)(void *, unsigned char *, int);
00194 int (*f_send)(void *, unsigned char *, int);
00195
00196 void *p_rng;
00197 void *p_dbg;
00198 void *p_recv;
00199 void *p_send;
00201
00202
00203
00204 int resume;
00205 int timeout;
00206 ssl_session *session;
00207 int (*s_get)(ssl_context *);
00208 int (*s_set)(ssl_context *);
00210
00211
00212
00213 unsigned char *in_ctr;
00214 unsigned char *in_hdr;
00215 unsigned char *in_msg;
00216 unsigned char *in_offt;
00218 int in_msgtype;
00219 int in_msglen;
00220 int in_left;
00222 int in_hslen;
00223 int nb_zero;
00225
00226
00227
00228 unsigned char *out_ctr;
00229 unsigned char *out_hdr;
00230 unsigned char *out_msg;
00232 int out_msgtype;
00233 int out_msglen;
00234 int out_left;
00236
00237
00238
00239 rsa_context *rsa_key;
00240 x509_cert *own_cert;
00241 x509_cert *ca_chain;
00242 x509_crl *ca_crl;
00243 x509_cert *peer_cert;
00244 char *peer_cn;
00246 int endpoint;
00247 int authmode;
00248 int client_auth;
00249 int verify_result;
00251
00252
00253
00254 dhm_context dhm_ctx;
00255 md5_context fin_md5;
00256 sha1_context fin_sha1;
00258 int do_crypt;
00259 int *ciphers;
00260 int pmslen;
00261 int keylen;
00262 int minlen;
00263 int ivlen;
00264 int maclen;
00266 unsigned char randbytes[64];
00267 unsigned char premaster[256];
00269 unsigned char iv_enc[16];
00270 unsigned char iv_dec[16];
00272 unsigned char mac_enc[32];
00273 unsigned char mac_dec[32];
00275 unsigned long ctx_enc[128];
00276 unsigned long ctx_dec[128];
00278
00279
00280
00281 unsigned char *hostname;
00282 unsigned long hostname_len;
00283 };
00284
00285 #ifdef __cplusplus
00286 extern "C" {
00287 #endif
00288
00289 extern int ssl_default_ciphers[];
00290
00298 int ssl_init( ssl_context *ssl );
00299
00306 void ssl_set_endpoint( ssl_context *ssl, int endpoint );
00307
00325 void ssl_set_authmode( ssl_context *ssl, int authmode );
00326
00334 void ssl_set_rng( ssl_context *ssl,
00335 int (*f_rng)(void *),
00336 void *p_rng );
00337
00345 void ssl_set_dbg( ssl_context *ssl,
00346 void (*f_dbg)(void *, int, char *),
00347 void *p_dbg );
00348
00358 void ssl_set_bio( ssl_context *ssl,
00359 int (*f_recv)(void *, unsigned char *, int), void *p_recv,
00360 int (*f_send)(void *, unsigned char *, int), void *p_send );
00361
00369 void ssl_set_scb( ssl_context *ssl,
00370 int (*s_get)(ssl_context *),
00371 int (*s_set)(ssl_context *) );
00372
00381 void ssl_set_session( ssl_context *ssl, int resume, int timeout,
00382 ssl_session *session );
00383
00390 void ssl_set_ciphers( ssl_context *ssl, int *ciphers );
00391
00402 void ssl_set_ca_chain( ssl_context *ssl, x509_cert *ca_chain,
00403 x509_crl *ca_crl, char *peer_cn );
00404
00412 void ssl_set_own_cert( ssl_context *ssl, x509_cert *own_cert,
00413 rsa_context *rsa_key );
00414
00425 int ssl_set_dh_param( ssl_context *ssl, char *dhm_P, char *dhm_G );
00426
00436 int ssl_set_hostname( ssl_context *ssl, char *hostname );
00437
00445 int ssl_get_bytes_avail( ssl_context *ssl );
00446
00458 int ssl_get_verify_result( ssl_context *ssl );
00459
00467 char *ssl_get_cipher( ssl_context *ssl );
00468
00477 int ssl_handshake( ssl_context *ssl );
00478
00489 int ssl_read( ssl_context *ssl, unsigned char *buf, int len );
00490
00505 int ssl_write( ssl_context *ssl, unsigned char *buf, int len );
00506
00512 int ssl_close_notify( ssl_context *ssl );
00513
00519 void ssl_free( ssl_context *ssl );
00520
00521
00522
00523
00524 int ssl_handshake_client( ssl_context *ssl );
00525 int ssl_handshake_server( ssl_context *ssl );
00526
00527 int ssl_derive_keys( ssl_context *ssl );
00528 void ssl_calc_verify( ssl_context *ssl, unsigned char hash[36] );
00529
00530 int ssl_read_record( ssl_context *ssl );
00531 int ssl_fetch_input( ssl_context *ssl, int nb_want );
00532
00533 int ssl_write_record( ssl_context *ssl );
00534 int ssl_flush_output( ssl_context *ssl );
00535
00536 int ssl_parse_certificate( ssl_context *ssl );
00537 int ssl_write_certificate( ssl_context *ssl );
00538
00539 int ssl_parse_change_cipher_spec( ssl_context *ssl );
00540 int ssl_write_change_cipher_spec( ssl_context *ssl );
00541
00542 int ssl_parse_finished( ssl_context *ssl );
00543 int ssl_write_finished( ssl_context *ssl );
00544
00545 #ifdef __cplusplus
00546 }
00547 #endif
00548
00549 #endif