/home/dko/projects/mobilec/trunk/src/security/xyssl-0.7/include/xyssl/ssl.h File Reference

#include "x509.h"
#include "rsa.h"
#include "dhm.h"
#include "md5.h"
#include "sha1.h"

Detailed Description

Definition in file ssl.h.

Define Documentation

#define ERR_SSL_BAD_HS_CERTIFICATE 0xA000

Definition at line 35 of file ssl.h.

#define ERR_SSL_BAD_HS_CERTIFICATE_REQUEST 0xA800

Definition at line 36 of file ssl.h.

#define ERR_SSL_BAD_HS_CERTIFICATE_VERIFY 0xC800

Definition at line 40 of file ssl.h.

Referenced by ssl_parse_certificate_verify().

#define ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC 0xD000

Definition at line 41 of file ssl.h.

#define ERR_SSL_BAD_HS_CLIENT_HELLO 0x9000

Definition at line 33 of file ssl.h.

Referenced by ssl_parse_client_hello().

#define ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE 0xC000

Definition at line 39 of file ssl.h.

Referenced by ssl_parse_client_key_exchange().

#define ERR_SSL_BAD_HS_FINISHED 0xD800

Definition at line 42 of file ssl.h.

#define ERR_SSL_BAD_HS_SERVER_HELLO 0x9800

Definition at line 34 of file ssl.h.

Referenced by ssl_parse_server_hello().

#define ERR_SSL_BAD_HS_SERVER_HELLO_DONE 0xB800

Definition at line 38 of file ssl.h.

Referenced by ssl_parse_server_hello_done().

#define ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE 0xB000

Definition at line 37 of file ssl.h.

Referenced by ssl_parse_server_key_exchange().

#define ERR_SSL_CA_CHAIN_REQUIRED 0x6800

Definition at line 28 of file ssl.h.

#define ERR_SSL_CERTIFICATE_REQUIRED 0x5800

Definition at line 26 of file ssl.h.

Referenced by ssl_parse_certificate_request(), and ssl_write_certificate().

#define ERR_SSL_CERTIFICATE_TOO_LARGE 0x5000

Definition at line 25 of file ssl.h.

Referenced by ssl_write_certificate().

#define ERR_SSL_FATAL_ALERT_MESSAGE 0x7800

Definition at line 30 of file ssl.h.

#define ERR_SSL_FEATURE_UNAVAILABLE 0x1000

Definition at line 17 of file ssl.h.

Referenced by ssl_decrypt_buf(), ssl_derive_keys(), ssl_encrypt_buf(), ssl_handshake(), ssl_parse_client_key_exchange(), ssl_parse_server_key_exchange(), ssl_write_client_key_exchange(), and ssl_write_server_key_exchange().

#define ERR_SSL_INVALID_MAC 0x1800

Definition at line 18 of file ssl.h.

Referenced by ssl_decrypt_buf().

#define ERR_SSL_INVALID_MODULUS_SIZE 0x2800

Definition at line 20 of file ssl.h.

#define ERR_SSL_INVALID_RECORD 0x2000

Definition at line 19 of file ssl.h.

#define ERR_SSL_NO_CIPHER_CHOSEN 0x3800

Definition at line 22 of file ssl.h.

Referenced by ssl_parse_client_hello(), and ssl_parse_server_hello().

#define ERR_SSL_NO_CLIENT_CERTIFICATE 0x4800

Definition at line 24 of file ssl.h.

#define ERR_SSL_NO_SESSION_FOUND 0x4000

Definition at line 23 of file ssl.h.

Referenced by ssl_get_session().

#define ERR_SSL_PEER_CLOSE_NOTIFY 0x8800

Definition at line 32 of file ssl.h.

Referenced by main().

#define ERR_SSL_PEER_VERIFY_FAILED 0x8000

Definition at line 31 of file ssl.h.

#define ERR_SSL_PRIVATE_KEY_REQUIRED 0x6000

Definition at line 27 of file ssl.h.

Referenced by ssl_parse_certificate_request().

#define ERR_SSL_UNEXPECTED_MESSAGE 0x7000

Definition at line 29 of file ssl.h.

Referenced by ssl_parse_certificate_request(), ssl_parse_server_hello(), ssl_parse_server_hello_done(), ssl_parse_server_key_exchange(), and ssl_read().

#define ERR_SSL_UNKNOWN_CIPHER 0x3000

Definition at line 21 of file ssl.h.

#define SSL3_EDH_RSA_DES_168_SHA 22

Definition at line 76 of file ssl.h.

Referenced by ssl_derive_keys(), ssl_parse_client_key_exchange(), ssl_parse_server_key_exchange(), ssl_write_client_key_exchange(), and ssl_write_server_key_exchange().

#define SSL3_RSA_DES_168_SHA 10

Definition at line 75 of file ssl.h.

Referenced by ssl_derive_keys().

#define SSL3_RSA_RC4_128_MD5 4

Definition at line 73 of file ssl.h.

Referenced by ssl_derive_keys().

#define SSL3_RSA_RC4_128_SHA 5

Definition at line 74 of file ssl.h.

Referenced by ssl_derive_keys().

#define SSL_ALERT_CLOSE_NOTIFY 0

Definition at line 90 of file ssl.h.

Referenced by ssl_close_notify().

#define SSL_ALERT_FATAL 2

Definition at line 92 of file ssl.h.

#define SSL_ALERT_NO_CERTIFICATE 41

Definition at line 93 of file ssl.h.

Referenced by ssl_write_certificate().

#define SSL_ALERT_WARNING 1

Definition at line 91 of file ssl.h.

Referenced by ssl_close_notify(), and ssl_write_certificate().

#define SSL_BUFFER_LEN (SSL_MAX_CONTENT_LEN + 512)

Definition at line 68 of file ssl.h.

Referenced by ssl_free(), and ssl_init().

#define SSL_COMPRESS_NULL 0

Definition at line 54 of file ssl.h.

Referenced by ssl_parse_server_hello(), ssl_write_client_hello(), and ssl_write_server_hello().

#define SSL_EXPIRATION_TIME 86400

Definition at line 62 of file ssl.h.

Referenced by ssl_get_session().

#define SSL_HS_CERTIFICATE 11

Definition at line 98 of file ssl.h.

Referenced by ssl_write_certificate().

#define SSL_HS_CERTIFICATE_REQUEST 13

Definition at line 100 of file ssl.h.

Referenced by ssl_parse_certificate_request(), and ssl_write_certificate_request().

#define SSL_HS_CERTIFICATE_VERIFY 15

Definition at line 102 of file ssl.h.

Referenced by ssl_parse_certificate_verify(), and ssl_write_certificate_verify().

#define SSL_HS_CLIENT_HELLO 1

Definition at line 96 of file ssl.h.

Referenced by ssl_parse_client_hello(), and ssl_write_client_hello().

#define SSL_HS_CLIENT_KEY_EXCHANGE 16

Definition at line 103 of file ssl.h.

Referenced by ssl_parse_client_key_exchange(), and ssl_write_client_key_exchange().

#define SSL_HS_FINISHED 20

Definition at line 104 of file ssl.h.

#define SSL_HS_HELLO_REQUEST 0

Definition at line 95 of file ssl.h.

#define SSL_HS_SERVER_HELLO 2

Definition at line 97 of file ssl.h.

Referenced by ssl_parse_server_hello(), and ssl_write_server_hello().

#define SSL_HS_SERVER_HELLO_DONE 14

Definition at line 101 of file ssl.h.

Referenced by ssl_parse_server_hello_done(), and ssl_write_server_hello_done().

#define SSL_HS_SERVER_KEY_EXCHANGE 12

Definition at line 99 of file ssl.h.

Referenced by ssl_parse_server_key_exchange(), and ssl_write_server_key_exchange().

#define SSL_IS_CLIENT 0

Definition at line 52 of file ssl.h.

Referenced by main(), ssl_derive_keys(), ssl_handshake(), and ssl_write_certificate().

#define SSL_IS_SERVER 1

Definition at line 53 of file ssl.h.

Referenced by main(), and ssl_handshake().

#define SSL_MAX_CONTENT_LEN 16384

Definition at line 61 of file ssl.h.

Referenced by ssl_write(), and ssl_write_certificate().

#define SSL_MSG_ALERT 21

Definition at line 86 of file ssl.h.

Referenced by ssl_close_notify(), and ssl_write_certificate().

#define SSL_MSG_APPLICATION_DATA 23

Definition at line 88 of file ssl.h.

Referenced by ssl_read(), and ssl_write().

#define SSL_MSG_CHANGE_CIPHER_SPEC 20

Definition at line 85 of file ssl.h.

#define SSL_MSG_HANDSHAKE 22

Definition at line 87 of file ssl.h.

Referenced by ssl_parse_certificate_request(), ssl_parse_certificate_verify(), ssl_parse_client_hello(), ssl_parse_client_key_exchange(), ssl_parse_server_hello(), ssl_parse_server_hello_done(), ssl_parse_server_key_exchange(), ssl_write_certificate(), ssl_write_certificate_request(), ssl_write_certificate_verify(), ssl_write_client_hello(), ssl_write_client_key_exchange(), ssl_write_record(), ssl_write_server_hello(), ssl_write_server_hello_done(), and ssl_write_server_key_exchange().

#define SSL_SESSION_TBL_LEN 8192

Definition at line 60 of file ssl.h.

Referenced by ssl_get_session(), and ssl_set_session().

#define SSL_VERIFY_NONE 0

Definition at line 56 of file ssl.h.

Referenced by main(), and ssl_write_certificate_request().

#define SSL_VERIFY_OPTIONAL 1

Definition at line 57 of file ssl.h.

Referenced by main().

#define SSL_VERIFY_REQUIRED 2

Definition at line 58 of file ssl.h.

Referenced by ssl_parse_certificate_verify().

#define SSLV3_MAJOR_VERSION 3

Definition at line 47 of file ssl.h.

Referenced by ssl_parse_client_hello(), ssl_parse_server_hello(), and ssl_write_client_hello().

#define SSLV3_MINOR_VERSION 0

Definition at line 48 of file ssl.h.

Referenced by ssl_calc_verify(), ssl_decrypt_buf(), ssl_derive_keys(), ssl_encrypt_buf(), ssl_parse_client_key_exchange(), ssl_parse_server_hello(), ssl_write_certificate(), ssl_write_client_hello(), and ssl_write_client_key_exchange().

#define TLS10_MINOR_VERSION 1

Definition at line 49 of file ssl.h.

Referenced by ssl_parse_client_hello(), ssl_parse_server_hello(), and ssl_write_client_hello().

#define TLS11_MINOR_VERSION 2

Definition at line 50 of file ssl.h.

#define TLS1_EDH_RSA_AES_256_SHA 57

Definition at line 78 of file ssl.h.

Referenced by ssl_derive_keys(), ssl_parse_client_key_exchange(), ssl_parse_server_key_exchange(), ssl_write_client_key_exchange(), and ssl_write_server_key_exchange().

#define TLS1_RSA_AES_256_SHA 53

Definition at line 77 of file ssl.h.

Referenced by ssl_derive_keys().

Enumeration Type Documentation

enum ssl_states

Enumerator:

SSL_HELLO_REQUEST
SSL_CLIENT_HELLO
SSL_SERVER_HELLO
SSL_SERVER_CERTIFICATE
SSL_SERVER_KEY_EXCHANGE
SSL_CERTIFICATE_REQUEST
SSL_SERVER_HELLO_DONE
SSL_CLIENT_CERTIFICATE
SSL_CLIENT_KEY_EXCHANGE
SSL_CERTIFICATE_VERIFY
SSL_CLIENT_CHANGE_CIPHER_SPEC
SSL_CLIENT_FINISHED
SSL_SERVER_CHANGE_CIPHER_SPEC
SSL_SERVER_FINISHED
SSL_HANDSHAKE_OVER

Definition at line 109 of file ssl.h.

Function Documentation

int ssl_calc_verify	(	ssl_context *	ssl,
		unsigned char	hash[36]
	)

Definition at line 326 of file ssl_tls.c.

References ssl_context::hs_md5, ssl_context::hs_sha1, ssl_context::master, md5(), md5_finish(), md5_starts(), md5_update(), ssl_context::minor_ver, sha1(), sha1_finish(), sha1_starts(), sha1_update(), and SSLV3_MINOR_VERSION.

Referenced by ssl_parse_certificate_verify(), and ssl_write_certificate_verify().

int ssl_client_start ( ssl_context * ssl )

int ssl_close_notify ( ssl_context * ssl )

Notify the peer that the connection is being closed.

Definition at line 1450 of file ssl_tls.c.

References ssl_context::out_msg, ssl_context::out_msglen, ssl_context::out_msgtype, SSL_ALERT_CLOSE_NOTIFY, SSL_ALERT_WARNING, ssl_flush_output(), SSL_HANDSHAKE_OVER, SSL_MSG_ALERT, ssl_write_record(), and ssl_context::state.

Referenced by main().

int ssl_derive_keys ( ssl_context * ssl )

Definition at line 101 of file ssl_tls.c.

References aes_set_key(), arc4_setup(), ssl_context::cipher, ssl_context::ctx_dec, ssl_context::ctx_enc, ssl_context::ctxlen, des3_set_3keys(), ssl_context::endpoint, ERR_SSL_FEATURE_UNAVAILABLE, ssl_context::iv_dec, ssl_context::iv_enc, ssl_context::ivlen, ssl_context::keylen, ssl_context::mac_dec, ssl_context::mac_enc, ssl_context::maclen, ssl_context::master, md5(), md5_finish(), md5_starts(), md5_update(), ssl_context::minlen, ssl_context::minor_ver, ssl_context::pmslen, ssl_context::premaster, ssl_context::randbytes, ssl_context::resumed, sha1(), sha1_finish(), sha1_starts(), sha1_update(), SSL3_EDH_RSA_DES_168_SHA, SSL3_RSA_DES_168_SHA, SSL3_RSA_RC4_128_MD5, SSL3_RSA_RC4_128_SHA, SSL_IS_CLIENT, SSLV3_MINOR_VERSION, TLS1_EDH_RSA_AES_256_SHA, tls1_prf(), and TLS1_RSA_AES_256_SHA.

Referenced by ssl_parse_client_key_exchange(), ssl_parse_server_hello(), ssl_write_client_key_exchange(), and ssl_write_server_hello().

int ssl_flush_output ( ssl_context * ssl )

Definition at line 823 of file ssl_tls.c.

References net_send(), ssl_context::out_hdr, ssl_context::out_left, ssl_context::out_msglen, and ssl_context::write_fd.

Referenced by ssl_client_start(), ssl_close_notify(), and ssl_server_start().

void ssl_free ( ssl_context * ssl )

Free an SSL context.

Definition at line 1473 of file ssl_tls.c.

References ssl_context::ctx_dec, ssl_context::ctx_enc, ssl_context::ctxlen, ssl_context::dhm_ctx, dhm_free(), ssl_context::in_ctr, ssl_context::out_ctr, ssl_context::peer_cert, SSL_BUFFER_LEN, and x509_free_cert().

Referenced by main().

char* ssl_get_cipher_name ( ssl_context * ssl )

Return the name of the current cipher.

Definition at line 1308 of file ssl_tls.c.

Referenced by main().

int ssl_get_verify_result ( ssl_context * ssl )

Return the result of the certificate verification.

Definition at line 1303 of file ssl_tls.c.

References ssl_context::verify_result.

Referenced by main().

int ssl_handshake ( ssl_context * ssl )

Perform the SSL handshake.

Returns:: 0 if successful, ERR_NET_WOULD_BLOCK (only when the socket is set to non-blocking), or a specific SSL error code.

Definition at line 1369 of file ssl_tls.c.

References ssl_context::endpoint, ERR_SSL_FEATURE_UNAVAILABLE, ssl_client_start(), SSL_IS_CLIENT, SSL_IS_SERVER, and ssl_server_start().

Referenced by main(), ssl_read(), and ssl_write().

int ssl_init	(	ssl_context *	ssl,
		int	client_resume
	)

Initialize the SSL context. If client_resume is not null, the session id and premaster secret are preserved (client-side only).

Returns:: 0 if successful, or 1 if memory allocation failed

Definition at line 1199 of file ssl_tls.c.

References ssl_context::in_ctr, ssl_context::in_hdr, ssl_context::in_msg, ssl_context::master, ssl_context::out_ctr, ssl_context::out_hdr, ssl_context::out_msg, ssl_context::sessid, ssl_context::sidlen, and SSL_BUFFER_LEN.

Referenced by main().

int ssl_parse_certificate ( ssl_context * ssl )

Definition at line 914 of file ssl_tls.c.

Referenced by ssl_client_start(), and ssl_server_start().

int ssl_parse_change_cipher_spec ( ssl_context * ssl )

Definition at line 1028 of file ssl_tls.c.

Referenced by ssl_client_start(), and ssl_server_start().

int ssl_parse_finished ( ssl_context * ssl )

Definition at line 1154 of file ssl_tls.c.

Referenced by ssl_client_start(), and ssl_server_start().

int ssl_read	(	ssl_context *	ssl,
		unsigned char *	buf,
		int *	len
	)

Read at most 'len' application data bytes.

Returns:: 0 if successful, ERR_NET_WOULD_BLOCK (only when the socket is set to non-blocking), or a specific SSL error code.

Note:: len is updated to reflect the actual number of data bytes read.

Definition at line 1387 of file ssl_tls.c.

References ERR_SSL_UNEXPECTED_MESSAGE, ssl_context::in_msg, ssl_context::in_msglen, ssl_context::in_msgtype, ssl_context::in_offt, ssl_handshake(), SSL_MSG_APPLICATION_DATA, and ssl_read_record().

Referenced by main().

int ssl_read_record	(	ssl_context *	ssl,
		int	do_crypt
	)

Definition at line 682 of file ssl_tls.c.

Referenced by ssl_parse_certificate_request(), ssl_parse_certificate_verify(), ssl_parse_client_key_exchange(), ssl_parse_server_hello(), ssl_parse_server_hello_done(), ssl_parse_server_key_exchange(), and ssl_read().

int ssl_server_start ( ssl_context * ssl )

Definition at line 663 of file ssl_srv.c.

References SSL_CERTIFICATE_REQUEST, SSL_CERTIFICATE_VERIFY, SSL_CLIENT_CERTIFICATE, SSL_CLIENT_CHANGE_CIPHER_SPEC, SSL_CLIENT_FINISHED, SSL_CLIENT_HELLO, SSL_CLIENT_KEY_EXCHANGE, ssl_flush_output(), SSL_HELLO_REQUEST, ssl_parse_certificate(), ssl_parse_certificate_verify(), ssl_parse_change_cipher_spec(), ssl_parse_client_hello(), ssl_parse_client_key_exchange(), ssl_parse_finished(), SSL_SERVER_CERTIFICATE, SSL_SERVER_CHANGE_CIPHER_SPEC, SSL_SERVER_FINISHED, SSL_SERVER_HELLO, SSL_SERVER_HELLO_DONE, SSL_SERVER_KEY_EXCHANGE, ssl_write_certificate(), ssl_write_certificate_request(), ssl_write_change_cipher_spec(), ssl_write_finished(), ssl_write_server_hello(), ssl_write_server_hello_done(), ssl_write_server_key_exchange(), and ssl_context::state.

Referenced by main(), and ssl_handshake().

void ssl_set_authmode	(	ssl_context *	ssl,
		int	authmode
	)

Set the certificate verification mode.

Parameters:

mode

can be:

SSL_VERIFY_NONE: peer certificate is not checked (default).

SSL_VERIFY_OPTIONAL: peer certificate is checked, however the handshake continues even if verification failed; you may want to check ssl->verify_result after.

SSL_VERIFY_REQUIRED: peer *must* present a valid certificate, handshake is aborted if verification failed.

Definition at line 1249 of file ssl_tls.c.

Referenced by main().

void ssl_set_ca_chain	(	ssl_context *	ssl,
		x509_cert *	ca,
		char *	cn
	)

Set the CA certificate chain used to verify peer cert, and the peer's expected CommonName (or NULL).

Definition at line 1273 of file ssl_tls.c.

Referenced by main().

void ssl_set_ciphlist	(	ssl_context *	ssl,
		int *	ciphers
	)

Set the list of allowed ciphersuites.

Definition at line 1268 of file ssl_tls.c.

Referenced by main().

int ssl_set_dhm_vals	(	ssl_context *	ssl,
		char *	dhm_P,
		char *	dhm_G
	)

Set the Diffie-Hellman public P and G values, provided as hexadecimal strings (server-side only).

Returns:: 0 if successful, or 1 if the values could not be read

Definition at line 1291 of file ssl_tls.c.

Referenced by main().

void ssl_set_endpoint	(	ssl_context *	ssl,
		int	endpoint
	)

Set the current endpoint type, SSL_IS_CLIENT or SSL_IS_SERVER.

Definition at line 1244 of file ssl_tls.c.

References ssl_context::endpoint.

Referenced by main().

void ssl_set_io_files	(	ssl_context *	ssl,
		int	read_fd,
		int	write_fd
	)

Set the read and write file descriptors.

Definition at line 1262 of file ssl_tls.c.

Referenced by main().

void ssl_set_rng_func	(	ssl_context *	ssl,
		int()(void )	rng_f,
		void *	rng_d
	)

Set the random number generator function.

Definition at line 1254 of file ssl_tls.c.

Referenced by main().

void ssl_set_rsa_cert	(	ssl_context *	ssl,
		x509_cert *	own_cert,
		rsa_context *	own_key
	)

Set own certificate and private RSA key.

Definition at line 1279 of file ssl_tls.c.

Referenced by main().

void ssl_set_sidtable	(	ssl_context *	ssl,
		unsigned char *	sidtable
	)

Set the global session ID table (server-side only).

Definition at line 1286 of file ssl_tls.c.

Referenced by main().

int ssl_write	(	ssl_context *	ssl,
		unsigned char *	buf,
		int	len
	)

Write 'len' application data bytes.

Returns:: 0 if successful, ERR_NET_WOULD_BLOCK (only when the socket is set to non-blocking), or a specific SSL error code.

Note:: When the socket is set to non-blocking and this function returns ERR_NET_WOULD_BLOCK, it should be called again with the *same* arguments until it returns 0.

Definition at line 1422 of file ssl_tls.c.

References ssl_context::out_msg, ssl_context::out_msglen, ssl_context::out_msgtype, ssl_context::out_uoff, ssl_handshake(), SSL_MAX_CONTENT_LEN, SSL_MSG_APPLICATION_DATA, and ssl_write_record().

Referenced by main().

int ssl_write_certificate ( ssl_context * ssl )

int ssl_write_change_cipher_spec ( ssl_context * ssl )

Definition at line 1019 of file ssl_tls.c.

Referenced by ssl_client_start(), and ssl_server_start().

int ssl_write_finished ( ssl_context * ssl )

Definition at line 1117 of file ssl_tls.c.

Referenced by ssl_client_start(), and ssl_server_start().

int ssl_write_record	(	ssl_context *	ssl,
		int	do_crypt
	)

Variable Documentation

int ssl_default_ciphers[]

Definition at line 1343 of file ssl_tls.c.

Referenced by main().

Generated on Fri May 16 14:49:56 2008 for Mobile-C by

1.5.4


Data Structures
struct	ssl_context
Defines
#define	ERR_SSL_FEATURE_UNAVAILABLE 0x1000
#define	ERR_SSL_INVALID_MAC 0x1800
#define	ERR_SSL_INVALID_RECORD 0x2000
#define	ERR_SSL_INVALID_MODULUS_SIZE 0x2800
#define	ERR_SSL_UNKNOWN_CIPHER 0x3000
#define	ERR_SSL_NO_CIPHER_CHOSEN 0x3800
#define	ERR_SSL_NO_SESSION_FOUND 0x4000
#define	ERR_SSL_NO_CLIENT_CERTIFICATE 0x4800
#define	ERR_SSL_CERTIFICATE_TOO_LARGE 0x5000
#define	ERR_SSL_CERTIFICATE_REQUIRED 0x5800
#define	ERR_SSL_PRIVATE_KEY_REQUIRED 0x6000
#define	ERR_SSL_CA_CHAIN_REQUIRED 0x6800
#define	ERR_SSL_UNEXPECTED_MESSAGE 0x7000
#define	ERR_SSL_FATAL_ALERT_MESSAGE 0x7800
#define	ERR_SSL_PEER_VERIFY_FAILED 0x8000
#define	ERR_SSL_PEER_CLOSE_NOTIFY 0x8800
#define	ERR_SSL_BAD_HS_CLIENT_HELLO 0x9000
#define	ERR_SSL_BAD_HS_SERVER_HELLO 0x9800
#define	ERR_SSL_BAD_HS_CERTIFICATE 0xA000
#define	ERR_SSL_BAD_HS_CERTIFICATE_REQUEST 0xA800
#define	ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE 0xB000
#define	ERR_SSL_BAD_HS_SERVER_HELLO_DONE 0xB800
#define	ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE 0xC000
#define	ERR_SSL_BAD_HS_CERTIFICATE_VERIFY 0xC800
#define	ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC 0xD000
#define	ERR_SSL_BAD_HS_FINISHED 0xD800
#define	SSLV3_MAJOR_VERSION 3
#define	SSLV3_MINOR_VERSION 0
#define	TLS10_MINOR_VERSION 1
#define	TLS11_MINOR_VERSION 2
#define	SSL_IS_CLIENT 0
#define	SSL_IS_SERVER 1
#define	SSL_COMPRESS_NULL 0
#define	SSL_VERIFY_NONE 0
#define	SSL_VERIFY_OPTIONAL 1
#define	SSL_VERIFY_REQUIRED 2
#define	SSL_SESSION_TBL_LEN 8192
#define	SSL_MAX_CONTENT_LEN 16384
#define	SSL_EXPIRATION_TIME 86400
#define	SSL_BUFFER_LEN (SSL_MAX_CONTENT_LEN + 512)
#define	SSL3_RSA_RC4_128_MD5 4
#define	SSL3_RSA_RC4_128_SHA 5
#define	SSL3_RSA_DES_168_SHA 10
#define	SSL3_EDH_RSA_DES_168_SHA 22
#define	TLS1_RSA_AES_256_SHA 53
#define	TLS1_EDH_RSA_AES_256_SHA 57
#define	SSL_MSG_CHANGE_CIPHER_SPEC 20
#define	SSL_MSG_ALERT 21
#define	SSL_MSG_HANDSHAKE 22
#define	SSL_MSG_APPLICATION_DATA 23
#define	SSL_ALERT_CLOSE_NOTIFY 0
#define	SSL_ALERT_WARNING 1
#define	SSL_ALERT_FATAL 2
#define	SSL_ALERT_NO_CERTIFICATE 41
#define	SSL_HS_HELLO_REQUEST 0
#define	SSL_HS_CLIENT_HELLO 1
#define	SSL_HS_SERVER_HELLO 2
#define	SSL_HS_CERTIFICATE 11
#define	SSL_HS_SERVER_KEY_EXCHANGE 12
#define	SSL_HS_CERTIFICATE_REQUEST 13
#define	SSL_HS_SERVER_HELLO_DONE 14
#define	SSL_HS_CERTIFICATE_VERIFY 15
#define	SSL_HS_CLIENT_KEY_EXCHANGE 16
#define	SSL_HS_FINISHED 20
Enumerations
enum	ssl_states { SSL_HELLO_REQUEST, SSL_CLIENT_HELLO, SSL_SERVER_HELLO, SSL_SERVER_CERTIFICATE, SSL_SERVER_KEY_EXCHANGE, SSL_CERTIFICATE_REQUEST, SSL_SERVER_HELLO_DONE, SSL_CLIENT_CERTIFICATE, SSL_CLIENT_KEY_EXCHANGE, SSL_CERTIFICATE_VERIFY, SSL_CLIENT_CHANGE_CIPHER_SPEC, SSL_CLIENT_FINISHED, SSL_SERVER_CHANGE_CIPHER_SPEC, SSL_SERVER_FINISHED, SSL_HANDSHAKE_OVER }
Functions
int	ssl_client_start (ssl_context *ssl)
int	ssl_server_start (ssl_context *ssl)
int	ssl_derive_keys (ssl_context *ssl)
int	ssl_calc_verify (ssl_context *ssl, unsigned char hash[36])
int	ssl_read_record (ssl_context *ssl, int do_crypt)
int	ssl_write_record (ssl_context *ssl, int do_crypt)
int	ssl_flush_output (ssl_context *ssl)
int	ssl_write_certificate (ssl_context *ssl)
int	ssl_parse_certificate (ssl_context *ssl)
int	ssl_write_change_cipher_spec (ssl_context *ssl)
int	ssl_parse_change_cipher_spec (ssl_context *ssl)
int	ssl_write_finished (ssl_context *ssl)
int	ssl_parse_finished (ssl_context *ssl)
int	ssl_init (ssl_context *ssl, int client_resume)
	Initialize the SSL context. If client_resume is not null, the session id and premaster secret are preserved (client-side only).
void	ssl_set_endpoint (ssl_context *ssl, int endpoint)
	Set the current endpoint type, SSL_IS_CLIENT or SSL_IS_SERVER.
void	ssl_set_authmode (ssl_context *ssl, int authmode)
	Set the certificate verification mode.
void	ssl_set_rng_func (ssl_context ssl, int(rng_f)(void ), void rng_d)
	Set the random number generator function.
void	ssl_set_io_files (ssl_context *ssl, int read_fd, int write_fd)
	Set the read and write file descriptors.
void	ssl_set_ciphlist (ssl_context ssl, int ciphers)
	Set the list of allowed ciphersuites.
void	ssl_set_ca_chain (ssl_context ssl, x509_cert ca, char *cn)
	Set the CA certificate chain used to verify peer cert, and the peer's expected CommonName (or NULL).
void	ssl_set_rsa_cert (ssl_context ssl, x509_cert own_cert, rsa_context *own_key)
	Set own certificate and private RSA key.
void	ssl_set_sidtable (ssl_context ssl, unsigned char sidtable)
	Set the global session ID table (server-side only).
int	ssl_set_dhm_vals (ssl_context ssl, char dhm_P, char *dhm_G)
	Set the Diffie-Hellman public P and G values, provided as hexadecimal strings (server-side only).
int	ssl_get_verify_result (ssl_context *ssl)
	Return the result of the certificate verification.
char *	ssl_get_cipher_name (ssl_context *ssl)
	Return the name of the current cipher.
int	ssl_handshake (ssl_context *ssl)
	Perform the SSL handshake.
int	ssl_read (ssl_context ssl, unsigned char buf, int *len)
	Read at most 'len' application data bytes.
int	ssl_write (ssl_context ssl, unsigned char buf, int len)
	Write 'len' application data bytes.
int	ssl_close_notify (ssl_context *ssl)
	Notify the peer that the connection is being closed.
void	ssl_free (ssl_context *ssl)
	Free an SSL context.
Variables
int	ssl_default_ciphers []

/home/dko/projects/mobilec/trunk/src/security/xyssl-0.7/include/xyssl/ssl.h File Reference

Data Structures

Defines

Enumerations

Functions

Variables

Detailed Description

Define Documentation

Enumeration Type Documentation

Function Documentation

Variable Documentation