/home/dko/projects/mobilec/trunk/src/security/xyssl-0.7/include/xyssl/ssl.h

Go to the documentation of this file.
00001 
00004 #ifndef _SSL_H
00005 #define _SSL_H
00006 
00007 #ifdef __cplusplus
00008 extern "C" {
00009 #endif
00010 
00011 #include "x509.h"
00012 #include "rsa.h"
00013 #include "dhm.h"
00014 #include "md5.h"
00015 #include "sha1.h"
00016 
00017 #define ERR_SSL_FEATURE_UNAVAILABLE             0x1000
00018 #define ERR_SSL_INVALID_MAC                     0x1800
00019 #define ERR_SSL_INVALID_RECORD                  0x2000
00020 #define ERR_SSL_INVALID_MODULUS_SIZE            0x2800
00021 #define ERR_SSL_UNKNOWN_CIPHER                  0x3000
00022 #define ERR_SSL_NO_CIPHER_CHOSEN                0x3800
00023 #define ERR_SSL_NO_SESSION_FOUND                0x4000
00024 #define ERR_SSL_NO_CLIENT_CERTIFICATE           0x4800
00025 #define ERR_SSL_CERTIFICATE_TOO_LARGE           0x5000
00026 #define ERR_SSL_CERTIFICATE_REQUIRED            0x5800
00027 #define ERR_SSL_PRIVATE_KEY_REQUIRED            0x6000
00028 #define ERR_SSL_CA_CHAIN_REQUIRED               0x6800
00029 #define ERR_SSL_UNEXPECTED_MESSAGE              0x7000
00030 #define ERR_SSL_FATAL_ALERT_MESSAGE             0x7800
00031 #define ERR_SSL_PEER_VERIFY_FAILED              0x8000
00032 #define ERR_SSL_PEER_CLOSE_NOTIFY               0x8800
00033 #define ERR_SSL_BAD_HS_CLIENT_HELLO             0x9000
00034 #define ERR_SSL_BAD_HS_SERVER_HELLO             0x9800
00035 #define ERR_SSL_BAD_HS_CERTIFICATE              0xA000
00036 #define ERR_SSL_BAD_HS_CERTIFICATE_REQUEST      0xA800
00037 #define ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE      0xB000
00038 #define ERR_SSL_BAD_HS_SERVER_HELLO_DONE        0xB800
00039 #define ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE      0xC000
00040 #define ERR_SSL_BAD_HS_CERTIFICATE_VERIFY       0xC800
00041 #define ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC       0xD000
00042 #define ERR_SSL_BAD_HS_FINISHED                 0xD800
00043 
00044 /*
00045  * Various constants
00046  */
00047 #define SSLV3_MAJOR_VERSION             3
00048 #define SSLV3_MINOR_VERSION             0
00049 #define TLS10_MINOR_VERSION             1
00050 #define TLS11_MINOR_VERSION             2
00051 
00052 #define SSL_IS_CLIENT                   0
00053 #define SSL_IS_SERVER                   1
00054 #define SSL_COMPRESS_NULL               0
00055 
00056 #define SSL_VERIFY_NONE                 0
00057 #define SSL_VERIFY_OPTIONAL             1
00058 #define SSL_VERIFY_REQUIRED             2
00059 
00060 #define SSL_SESSION_TBL_LEN          8192
00061 #define SSL_MAX_CONTENT_LEN         16384
00062 #define SSL_EXPIRATION_TIME         86400
00063 
00064 /*
00065  * Allow an extra 512 bytes for the record header
00066  * and encryption overhead (counter + MAC + padding).
00067  */
00068 #define SSL_BUFFER_LEN (SSL_MAX_CONTENT_LEN + 512)
00069 
00070 /*
00071  * Supported ciphersuites
00072  */
00073 #define SSL3_RSA_RC4_128_MD5            4
00074 #define SSL3_RSA_RC4_128_SHA            5
00075 #define SSL3_RSA_DES_168_SHA           10
00076 #define SSL3_EDH_RSA_DES_168_SHA       22
00077 #define TLS1_RSA_AES_256_SHA           53
00078 #define TLS1_EDH_RSA_AES_256_SHA       57
00079 
00080 extern int ssl_default_ciphers[];
00081 
00082 /*
00083  * Message, alert and handshake types
00084  */
00085 #define SSL_MSG_CHANGE_CIPHER_SPEC     20
00086 #define SSL_MSG_ALERT                  21
00087 #define SSL_MSG_HANDSHAKE              22
00088 #define SSL_MSG_APPLICATION_DATA       23
00089 
00090 #define SSL_ALERT_CLOSE_NOTIFY          0
00091 #define SSL_ALERT_WARNING               1
00092 #define SSL_ALERT_FATAL                 2
00093 #define SSL_ALERT_NO_CERTIFICATE       41
00094 
00095 #define SSL_HS_HELLO_REQUEST            0
00096 #define SSL_HS_CLIENT_HELLO             1
00097 #define SSL_HS_SERVER_HELLO             2
00098 #define SSL_HS_CERTIFICATE             11
00099 #define SSL_HS_SERVER_KEY_EXCHANGE     12
00100 #define SSL_HS_CERTIFICATE_REQUEST     13
00101 #define SSL_HS_SERVER_HELLO_DONE       14
00102 #define SSL_HS_CERTIFICATE_VERIFY      15
00103 #define SSL_HS_CLIENT_KEY_EXCHANGE     16
00104 #define SSL_HS_FINISHED                20
00105 
00106 /*
00107  * SSL state machine
00108  */
00109 typedef enum
00110 {
00111     SSL_HELLO_REQUEST,
00112     SSL_CLIENT_HELLO,
00113     SSL_SERVER_HELLO,
00114     SSL_SERVER_CERTIFICATE,
00115     SSL_SERVER_KEY_EXCHANGE,
00116     SSL_CERTIFICATE_REQUEST,
00117     SSL_SERVER_HELLO_DONE,
00118     SSL_CLIENT_CERTIFICATE,
00119     SSL_CLIENT_KEY_EXCHANGE,
00120     SSL_CERTIFICATE_VERIFY,
00121     SSL_CLIENT_CHANGE_CIPHER_SPEC,
00122     SSL_CLIENT_FINISHED,
00123     SSL_SERVER_CHANGE_CIPHER_SPEC,
00124     SSL_SERVER_FINISHED,
00125     SSL_HANDSHAKE_OVER
00126 }
00127 ssl_states;
00128 
00129 typedef struct
00130 {
00131     int state;                  
00133     /*
00134      * Negotiated protocol version
00135      */
00136     int major_ver;              
00137     int minor_ver;              
00138     unsigned char max_ver[2];   
00140     /*
00141      * Record layer -- incoming data
00142      */
00143     unsigned char *in_ctr;      
00144     unsigned char *in_hdr;      
00145     unsigned char *in_msg;      
00146     unsigned char *in_offt;     
00148     int read_fd;                
00149     int in_msgtype;             
00150     int in_msglen;              
00152     int in_left;                
00153     int in_hslen;               
00154     int nb_zero;                
00156     /*
00157      * Record layer -- outgoing data
00158      */
00159     unsigned char *out_ctr;     
00160     unsigned char *out_hdr;     
00161     unsigned char *out_msg;     
00163     int write_fd;               
00164     int out_msgtype;            
00165     int out_msglen;             
00167     int out_left;               
00168     int out_uoff;               
00170     /*
00171      * PKI stuff
00172      */
00173     rsa_context *own_key;               
00174     x509_cert *own_cert;                
00175     x509_cert *ca_chain;                
00176     x509_cert *peer_cert;               
00177     char *peer_cn;                      
00179     int endpoint;                       
00180     int authmode;                       
00181     int client_auth;                    
00182     int verify_result;                  
00184     /*
00185      * Session stuff
00186      */
00187     int resumed;                        
00188     int sidlen;                         
00189     unsigned char sessid[32];           
00190     unsigned char *sidtable;            
00192     /*
00193      * Crypto stuff
00194      */
00195      md5_context hs_md5;                
00196     sha1_context hs_sha1;               
00197      dhm_context dhm_ctx;               
00199     int (*rng_f)(void *);               
00200     void *rng_d;                        
00202     int pmslen;                         
00203     unsigned char premaster[256];       
00204     unsigned char randbytes[64];        
00205     unsigned char master[48];           
00207     int *cipherlist;                    
00208     int cipher;                         
00209     int keylen;                         
00210     int minlen;                         
00212     int ctxlen;                         
00213     void *ctx_enc;                      
00214     void *ctx_dec;                      
00216     int ivlen;                          
00217     unsigned char iv_enc[16];           
00218     unsigned char iv_dec[16];           
00220     int maclen;                         
00221     unsigned char mac_enc[32];          
00222     unsigned char mac_dec[32];          
00223 }
00224 ssl_context;
00225 
00226 /*
00227  * Internal functions (do not call directly)
00228  */
00229 int ssl_client_start( ssl_context *ssl );
00230 int ssl_server_start( ssl_context *ssl );
00231 
00232 int ssl_derive_keys( ssl_context *ssl );
00233 int ssl_calc_verify( ssl_context *ssl, unsigned char hash[36] );
00234 
00235 int ssl_read_record(  ssl_context *ssl, int do_crypt );
00236 int ssl_write_record( ssl_context *ssl, int do_crypt );
00237 int ssl_flush_output( ssl_context *ssl );
00238 
00239 int ssl_write_certificate( ssl_context *ssl );
00240 int ssl_parse_certificate( ssl_context *ssl );
00241 
00242 int ssl_write_change_cipher_spec( ssl_context *ssl );
00243 int ssl_parse_change_cipher_spec( ssl_context *ssl );
00244 
00245 int ssl_write_finished( ssl_context *ssl );
00246 int ssl_parse_finished( ssl_context *ssl );
00247 
00255 int ssl_init( ssl_context *ssl, int client_resume );
00256 
00261 void ssl_set_endpoint( ssl_context *ssl, int endpoint );
00262 
00277 void ssl_set_authmode( ssl_context *ssl, int authmode );
00278 
00282 void ssl_set_rng_func( ssl_context *ssl,
00283                        int (*rng_f)(void *),
00284                        void *rng_d );
00285 
00289 void ssl_set_io_files( ssl_context *ssl, int read_fd, int write_fd );
00290 
00294 void ssl_set_ciphlist( ssl_context *ssl, int *ciphers );
00295 
00300 void ssl_set_ca_chain( ssl_context *ssl, x509_cert *ca, char *cn );
00301 
00305 void ssl_set_rsa_cert( ssl_context *ssl, x509_cert *own_cert,
00306                        rsa_context *own_key );
00307 
00311 void ssl_set_sidtable( ssl_context *ssl, unsigned char *sidtable );
00312 
00319 int ssl_set_dhm_vals( ssl_context *ssl, char *dhm_P, char *dhm_G );
00320 
00324 int ssl_get_verify_result( ssl_context *ssl );
00325 
00329 char *ssl_get_cipher_name( ssl_context *ssl );
00330 
00338 int ssl_handshake( ssl_context *ssl );
00339 
00350 int ssl_read( ssl_context *ssl, unsigned char *buf, int *len );
00351 
00364 int ssl_write( ssl_context *ssl, unsigned char *buf, int len );
00365 
00369 int ssl_close_notify( ssl_context *ssl );
00370 
00374 void ssl_free( ssl_context *ssl );
00375 
00376 #ifdef __cplusplus
00377 }
00378 #endif
00379 
00380 #endif /* ssl.h */
Generated on Fri May 16 14:49:55 2008 for Mobile-C by  doxygen 1.5.4