/home/dko/Projects/mobilec/src/security/xyssl-0.9/include/xyssl/ssl.h File Reference

#include <time.h>
#include "xyssl/net.h"
#include "xyssl/dhm.h"
#include "xyssl/rsa.h"
#include "xyssl/md5.h"
#include "xyssl/sha1.h"
#include "xyssl/x509.h"

Go to the source code of this file.

Data Structures
struct	_ssl_session
struct	_ssl_context
Defines
#define	XYSSL_ERR_SSL_FEATURE_UNAVAILABLE -0x1000
#define	XYSSL_ERR_SSL_BAD_INPUT_DATA -0x1800
#define	XYSSL_ERR_SSL_INVALID_MAC -0x2000
#define	XYSSL_ERR_SSL_INVALID_RECORD -0x2800
#define	XYSSL_ERR_SSL_INVALID_MODULUS_SIZE -0x3000
#define	XYSSL_ERR_SSL_UNKNOWN_CIPHER -0x3800
#define	XYSSL_ERR_SSL_NO_CIPHER_CHOSEN -0x4000
#define	XYSSL_ERR_SSL_NO_SESSION_FOUND -0x4800
#define	XYSSL_ERR_SSL_NO_CLIENT_CERTIFICATE -0x5000
#define	XYSSL_ERR_SSL_CERTIFICATE_TOO_LARGE -0x5800
#define	XYSSL_ERR_SSL_CERTIFICATE_REQUIRED -0x6000
#define	XYSSL_ERR_SSL_PRIVATE_KEY_REQUIRED -0x6800
#define	XYSSL_ERR_SSL_CA_CHAIN_REQUIRED -0x7000
#define	XYSSL_ERR_SSL_UNEXPECTED_MESSAGE -0x7800
#define	XYSSL_ERR_SSL_FATAL_ALERT_MESSAGE -0x8000
#define	XYSSL_ERR_SSL_PEER_VERIFY_FAILED -0x8800
#define	XYSSL_ERR_SSL_PEER_CLOSE_NOTIFY -0x9000
#define	XYSSL_ERR_SSL_BAD_HS_CLIENT_HELLO -0x9800
#define	XYSSL_ERR_SSL_BAD_HS_SERVER_HELLO -0xA000
#define	XYSSL_ERR_SSL_BAD_HS_CERTIFICATE -0xA800
#define	XYSSL_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST -0xB000
#define	XYSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE -0xB800
#define	XYSSL_ERR_SSL_BAD_HS_SERVER_HELLO_DONE -0xC000
#define	XYSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE -0xC800
#define	XYSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY -0xD000
#define	XYSSL_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC -0xD800
#define	XYSSL_ERR_SSL_BAD_HS_FINISHED -0xE000
#define	SSL_MAJOR_VERSION_3 3
#define	SSL_MINOR_VERSION_0 0
#define	SSL_MINOR_VERSION_1 1
#define	SSL_MINOR_VERSION_2 2
#define	SSL_IS_CLIENT 0
#define	SSL_IS_SERVER 1
#define	SSL_COMPRESS_NULL 0
#define	SSL_VERIFY_NONE 0
#define	SSL_VERIFY_OPTIONAL 1
#define	SSL_VERIFY_REQUIRED 2
#define	SSL_MAX_CONTENT_LEN 16384
#define	SSL_BUFFER_LEN (SSL_MAX_CONTENT_LEN + 512)
#define	SSL_RSA_RC4_128_MD5 4
#define	SSL_RSA_RC4_128_SHA 5
#define	SSL_RSA_DES_168_SHA 10
#define	SSL_EDH_RSA_DES_168_SHA 22
#define	SSL_RSA_AES_128_SHA 47
#define	SSL_RSA_AES_256_SHA 53
#define	SSL_EDH_RSA_AES_256_SHA 57
#define	SSL_MSG_CHANGE_CIPHER_SPEC 20
#define	SSL_MSG_ALERT 21
#define	SSL_MSG_HANDSHAKE 22
#define	SSL_MSG_APPLICATION_DATA 23
#define	SSL_ALERT_CLOSE_NOTIFY 0
#define	SSL_ALERT_WARNING 1
#define	SSL_ALERT_FATAL 2
#define	SSL_ALERT_NO_CERTIFICATE 41
#define	SSL_HS_HELLO_REQUEST 0
#define	SSL_HS_CLIENT_HELLO 1
#define	SSL_HS_SERVER_HELLO 2
#define	SSL_HS_CERTIFICATE 11
#define	SSL_HS_SERVER_KEY_EXCHANGE 12
#define	SSL_HS_CERTIFICATE_REQUEST 13
#define	SSL_HS_SERVER_HELLO_DONE 14
#define	SSL_HS_CERTIFICATE_VERIFY 15
#define	SSL_HS_CLIENT_KEY_EXCHANGE 16
#define	SSL_HS_FINISHED 20
#define	TLS_EXT_SERVERNAME 0
#define	TLS_EXT_SERVERNAME_HOSTNAME 0
Typedefs
typedef struct _ssl_session	ssl_session
typedef struct _ssl_context	ssl_context
Enumerations
enum	ssl_states { SSL_HELLO_REQUEST, SSL_CLIENT_HELLO, SSL_SERVER_HELLO, SSL_SERVER_CERTIFICATE, SSL_SERVER_KEY_EXCHANGE, SSL_CERTIFICATE_REQUEST, SSL_SERVER_HELLO_DONE, SSL_CLIENT_CERTIFICATE, SSL_CLIENT_KEY_EXCHANGE, SSL_CERTIFICATE_VERIFY, SSL_CLIENT_CHANGE_CIPHER_SPEC, SSL_CLIENT_FINISHED, SSL_SERVER_CHANGE_CIPHER_SPEC, SSL_SERVER_FINISHED, SSL_FLUSH_BUFFERS, SSL_HANDSHAKE_OVER }
Functions
int	ssl_init (ssl_context *ssl)
	Initialize an SSL context.
void	ssl_set_endpoint (ssl_context *ssl, int endpoint)
	Set the current endpoint type.
void	ssl_set_authmode (ssl_context *ssl, int authmode)
	Set the certificate verification mode.
void	ssl_set_rng (ssl_context ssl, int(f_rng)(void ), void p_rng)
	Set the random number generator callback.
void	ssl_set_dbg (ssl_context ssl, void(f_dbg)(void , int, char ), void *p_dbg)
	Set the debug callback.
void	ssl_set_bio (ssl_context ssl, int(f_recv)(void , unsigned char , int), void p_recv, int(f_send)(void , unsigned char , int), void *p_send)
	Set the underlying BIO read and write callbacks.
void	ssl_set_scb (ssl_context ssl, int(s_get)(ssl_context ), int(s_set)(ssl_context *))
	Set the session callbacks (server-side only).
void	ssl_set_session (ssl_context ssl, int resume, int timeout, ssl_session session)
	Set the session resuming flag, timeout and data.
void	ssl_set_ciphers (ssl_context ssl, int ciphers)
	Set the list of allowed ciphersuites.
void	ssl_set_ca_chain (ssl_context ssl, x509_cert ca_chain, char *peer_cn)
	Set the data required to verify peer certificate.
void	ssl_set_own_cert (ssl_context ssl, x509_cert own_cert, rsa_context *rsa_key)
	Set own certificate and private key.
int	ssl_set_dh_param (ssl_context ssl, char dhm_P, char *dhm_G)
	Set the Diffie-Hellman public P and G values, read as hexadecimal strings (server-side only).
int	ssl_set_hostname (ssl_context ssl, char hostname)
	Set hostname for ServerName TLS Extension.
int	ssl_get_bytes_avail (ssl_context *ssl)
	Return the number of data bytes available to read.
int	ssl_get_verify_result (ssl_context *ssl)
	Return the result of the certificate verification.
char *	ssl_get_cipher (ssl_context *ssl)
	Return the name of the current cipher.
int	ssl_handshake (ssl_context *ssl)
	Perform the SSL handshake.
int	ssl_read (ssl_context ssl, unsigned char buf, int len)
	Read at most 'len' application data bytes.
int	ssl_write (ssl_context ssl, unsigned char buf, int len)
	Write exactly 'len' application data bytes.
int	ssl_close_notify (ssl_context *ssl)
	Notify the peer that the connection is being closed.
void	ssl_free (ssl_context *ssl)
	Free an SSL context.
int	ssl_handshake_client (ssl_context *ssl)
int	ssl_handshake_server (ssl_context *ssl)
int	ssl_derive_keys (ssl_context *ssl)
void	ssl_calc_verify (ssl_context *ssl, unsigned char hash[36])
int	ssl_read_record (ssl_context *ssl)
int	ssl_fetch_input (ssl_context *ssl, int nb_want)
int	ssl_write_record (ssl_context *ssl)
int	ssl_flush_output (ssl_context *ssl)
int	ssl_parse_certificate (ssl_context *ssl)
int	ssl_write_certificate (ssl_context *ssl)
int	ssl_parse_change_cipher_spec (ssl_context *ssl)
int	ssl_write_change_cipher_spec (ssl_context *ssl)
int	ssl_parse_finished (ssl_context *ssl)
int	ssl_write_finished (ssl_context *ssl)
Variables
int	ssl_default_ciphers []

Detailed Description

Definition in file ssl.h.

Define Documentation

#define SSL_ALERT_CLOSE_NOTIFY 0

Definition at line 87 of file ssl.h.

Referenced by ssl_close_notify(), and ssl_read_record().

#define SSL_ALERT_FATAL 2

Definition at line 89 of file ssl.h.

Referenced by ssl_read_record().

#define SSL_ALERT_NO_CERTIFICATE 41

Definition at line 90 of file ssl.h.

Referenced by ssl_parse_certificate(), and ssl_write_certificate().

#define SSL_ALERT_WARNING 1

Definition at line 88 of file ssl.h.

Referenced by ssl_close_notify(), ssl_parse_certificate(), ssl_read_record(), and ssl_write_certificate().

#define SSL_BUFFER_LEN (SSL_MAX_CONTENT_LEN + 512)

Definition at line 66 of file ssl.h.

Referenced by ssl_free(), and ssl_init().

#define SSL_COMPRESS_NULL 0

Definition at line 54 of file ssl.h.

Referenced by ssl_parse_server_hello(), ssl_write_client_hello(), and ssl_write_server_hello().

#define SSL_EDH_RSA_AES_256_SHA 57

Definition at line 77 of file ssl.h.

Referenced by main(), ssl_derive_keys(), ssl_get_cipher(), ssl_parse_client_key_exchange(), ssl_parse_server_key_exchange(), ssl_write_client_key_exchange(), and ssl_write_server_key_exchange().

#define SSL_EDH_RSA_DES_168_SHA 22

Definition at line 74 of file ssl.h.

Referenced by main(), ssl_derive_keys(), ssl_get_cipher(), ssl_parse_client_key_exchange(), ssl_parse_server_key_exchange(), ssl_write_client_key_exchange(), and ssl_write_server_key_exchange().

#define SSL_HS_CERTIFICATE 11

Definition at line 95 of file ssl.h.

Referenced by ssl_parse_certificate(), and ssl_write_certificate().

#define SSL_HS_CERTIFICATE_REQUEST 13

Definition at line 97 of file ssl.h.

Referenced by ssl_parse_certificate_request(), and ssl_write_certificate_request().

#define SSL_HS_CERTIFICATE_VERIFY 15

Definition at line 99 of file ssl.h.

Referenced by ssl_parse_certificate_verify(), and ssl_write_certificate_verify().

#define SSL_HS_CLIENT_HELLO 1

Definition at line 93 of file ssl.h.

Referenced by ssl_parse_client_hello(), and ssl_write_client_hello().

#define SSL_HS_CLIENT_KEY_EXCHANGE 16

Definition at line 100 of file ssl.h.

Referenced by ssl_parse_client_key_exchange(), and ssl_write_client_key_exchange().

#define SSL_HS_FINISHED 20

Definition at line 101 of file ssl.h.

Referenced by ssl_parse_finished(), and ssl_write_finished().

#define SSL_HS_HELLO_REQUEST 0

Definition at line 92 of file ssl.h.

#define SSL_HS_SERVER_HELLO 2

Definition at line 94 of file ssl.h.

Referenced by ssl_parse_server_hello(), and ssl_write_server_hello().

#define SSL_HS_SERVER_HELLO_DONE 14

Definition at line 98 of file ssl.h.

Referenced by ssl_parse_server_hello_done(), and ssl_write_server_hello_done().

#define SSL_HS_SERVER_KEY_EXCHANGE 12

Definition at line 96 of file ssl.h.

Referenced by ssl_parse_server_key_exchange(), and ssl_write_server_key_exchange().

#define SSL_IS_CLIENT 0

Definition at line 52 of file ssl.h.

Referenced by main(), ssl_calc_finished(), ssl_derive_keys(), ssl_handshake(), ssl_parse_finished(), ssl_test(), ssl_write_certificate(), and ssl_write_finished().

#define SSL_IS_SERVER 1

Definition at line 53 of file ssl.h.

Referenced by main(), ssl_handshake(), ssl_parse_certificate(), ssl_parse_finished(), and ssl_test().

#define SSL_MAJOR_VERSION_3 3

Definition at line 47 of file ssl.h.

Referenced by ssl_parse_client_hello(), ssl_parse_server_hello(), and ssl_write_client_hello().

#define SSL_MAX_CONTENT_LEN 16384

Definition at line 60 of file ssl.h.

Referenced by ssl_read_record(), ssl_write(), and ssl_write_certificate().

#define SSL_MINOR_VERSION_0 0

SSL v3.0

Definition at line 48 of file ssl.h.

Referenced by ssl_calc_finished(), ssl_calc_verify(), ssl_decrypt_buf(), ssl_derive_keys(), ssl_encrypt_buf(), ssl_parse_certificate(), ssl_parse_client_key_exchange(), ssl_parse_finished(), ssl_parse_server_hello(), ssl_read_record(), ssl_write_certificate(), ssl_write_client_hello(), ssl_write_client_key_exchange(), and ssl_write_finished().

#define SSL_MINOR_VERSION_1 1

TLS v1.0

Definition at line 49 of file ssl.h.

Referenced by ssl_parse_client_hello(), ssl_parse_server_hello(), ssl_read_record(), and ssl_write_client_hello().

#define SSL_MINOR_VERSION_2 2

TLS v1.1

Definition at line 50 of file ssl.h.

#define SSL_MSG_ALERT 21

Definition at line 83 of file ssl.h.

Referenced by ssl_close_notify(), ssl_parse_certificate(), ssl_read_record(), and ssl_write_certificate().

#define SSL_MSG_APPLICATION_DATA 23

Definition at line 85 of file ssl.h.

Referenced by ssl_read(), and ssl_write().

#define SSL_MSG_CHANGE_CIPHER_SPEC 20

Definition at line 82 of file ssl.h.

Referenced by ssl_parse_change_cipher_spec(), and ssl_write_change_cipher_spec().

#define SSL_RSA_AES_128_SHA 47

Definition at line 75 of file ssl.h.

Referenced by main(), ssl_derive_keys(), and ssl_get_cipher().

#define SSL_RSA_AES_256_SHA 53

Definition at line 76 of file ssl.h.

Referenced by main(), ssl_derive_keys(), and ssl_get_cipher().

#define SSL_RSA_DES_168_SHA 10

Definition at line 73 of file ssl.h.

Referenced by main(), ssl_derive_keys(), and ssl_get_cipher().

#define SSL_RSA_RC4_128_MD5 4

Definition at line 71 of file ssl.h.

Referenced by main(), ssl_derive_keys(), and ssl_get_cipher().

#define SSL_RSA_RC4_128_SHA 5

Definition at line 72 of file ssl.h.

Referenced by main(), ssl_derive_keys(), and ssl_get_cipher().

#define SSL_VERIFY_NONE 0

Definition at line 56 of file ssl.h.

Referenced by main(), ssl_parse_certificate(), ssl_test(), and ssl_write_certificate_request().

#define SSL_VERIFY_OPTIONAL 1

Definition at line 57 of file ssl.h.

Referenced by main(), and ssl_parse_certificate().

#define SSL_VERIFY_REQUIRED 2

Definition at line 58 of file ssl.h.

Referenced by ssl_parse_certificate().

#define TLS_EXT_SERVERNAME 0

Definition at line 106 of file ssl.h.

Referenced by ssl_write_client_hello().

#define TLS_EXT_SERVERNAME_HOSTNAME 0

Definition at line 107 of file ssl.h.

Referenced by ssl_write_client_hello().

#define XYSSL_ERR_SSL_BAD_HS_CERTIFICATE -0xA800

Definition at line 35 of file ssl.h.

Referenced by ssl_parse_certificate().

#define XYSSL_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST -0xB000

Definition at line 36 of file ssl.h.

#define XYSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY -0xD000

Definition at line 40 of file ssl.h.

Referenced by ssl_parse_certificate_verify().

#define XYSSL_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC -0xD800

Definition at line 41 of file ssl.h.

Referenced by ssl_parse_change_cipher_spec().

#define XYSSL_ERR_SSL_BAD_HS_CLIENT_HELLO -0x9800

Definition at line 33 of file ssl.h.

Referenced by ssl_parse_client_hello().

#define XYSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE -0xC800

Definition at line 39 of file ssl.h.

Referenced by ssl_parse_client_key_exchange().

#define XYSSL_ERR_SSL_BAD_HS_FINISHED -0xE000

Definition at line 42 of file ssl.h.

Referenced by ssl_parse_finished().

#define XYSSL_ERR_SSL_BAD_HS_SERVER_HELLO -0xA000

Definition at line 34 of file ssl.h.

Referenced by ssl_parse_server_hello().

#define XYSSL_ERR_SSL_BAD_HS_SERVER_HELLO_DONE -0xC000

Definition at line 38 of file ssl.h.

Referenced by ssl_parse_server_hello_done().

#define XYSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE -0xB800

Definition at line 37 of file ssl.h.

Referenced by ssl_parse_server_key_exchange().

#define XYSSL_ERR_SSL_BAD_INPUT_DATA -0x1800

Definition at line 17 of file ssl.h.

Referenced by ssl_handshake_client(), ssl_handshake_server(), ssl_set_hostname(), and tls1_prf().

#define XYSSL_ERR_SSL_CA_CHAIN_REQUIRED -0x7000

Definition at line 28 of file ssl.h.

Referenced by ssl_parse_certificate().

#define XYSSL_ERR_SSL_CERTIFICATE_REQUIRED -0x6000

Definition at line 26 of file ssl.h.

Referenced by ssl_write_certificate().

#define XYSSL_ERR_SSL_CERTIFICATE_TOO_LARGE -0x5800

Definition at line 25 of file ssl.h.

Referenced by ssl_write_certificate().

#define XYSSL_ERR_SSL_FATAL_ALERT_MESSAGE -0x8000

Definition at line 30 of file ssl.h.

Referenced by ssl_read_record().

#define XYSSL_ERR_SSL_FEATURE_UNAVAILABLE -0x1000

Definition at line 16 of file ssl.h.

Referenced by ssl_decrypt_buf(), ssl_derive_keys(), ssl_encrypt_buf(), ssl_handshake(), ssl_parse_client_key_exchange(), ssl_parse_server_key_exchange(), ssl_write_client_key_exchange(), and ssl_write_server_key_exchange().

#define XYSSL_ERR_SSL_INVALID_MAC -0x2000

Definition at line 18 of file ssl.h.

Referenced by ssl_decrypt_buf().

#define XYSSL_ERR_SSL_INVALID_MODULUS_SIZE -0x3000

Definition at line 20 of file ssl.h.

#define XYSSL_ERR_SSL_INVALID_RECORD -0x2800

Definition at line 19 of file ssl.h.

Referenced by ssl_read_record().

#define XYSSL_ERR_SSL_NO_CIPHER_CHOSEN -0x4000

Definition at line 22 of file ssl.h.

Referenced by ssl_parse_client_hello().

#define XYSSL_ERR_SSL_NO_CLIENT_CERTIFICATE -0x5000

Definition at line 24 of file ssl.h.

Referenced by ssl_parse_certificate().

#define XYSSL_ERR_SSL_NO_SESSION_FOUND -0x4800

Definition at line 23 of file ssl.h.

#define XYSSL_ERR_SSL_PEER_CLOSE_NOTIFY -0x9000

Definition at line 32 of file ssl.h.

Referenced by main(), ssl_read_record(), and ssl_test().

#define XYSSL_ERR_SSL_PEER_VERIFY_FAILED -0x8800

Definition at line 31 of file ssl.h.

#define XYSSL_ERR_SSL_PRIVATE_KEY_REQUIRED -0x6800

Definition at line 27 of file ssl.h.

Referenced by ssl_write_certificate_verify().

#define XYSSL_ERR_SSL_UNEXPECTED_MESSAGE -0x7800

Definition at line 29 of file ssl.h.

Referenced by ssl_parse_certificate(), ssl_parse_certificate_request(), ssl_parse_change_cipher_spec(), ssl_parse_finished(), ssl_parse_server_hello(), ssl_parse_server_hello_done(), ssl_parse_server_key_exchange(), and ssl_read().

#define XYSSL_ERR_SSL_UNKNOWN_CIPHER -0x3800

Definition at line 21 of file ssl.h.

Typedef Documentation

typedef struct _ssl_context ssl_context

Definition at line 134 of file ssl.h.

typedef struct _ssl_session ssl_session

Definition at line 133 of file ssl.h.

Enumeration Type Documentation

enum ssl_states

Enumerator:

SSL_HELLO_REQUEST
SSL_CLIENT_HELLO
SSL_SERVER_HELLO
SSL_SERVER_CERTIFICATE
SSL_SERVER_KEY_EXCHANGE
SSL_CERTIFICATE_REQUEST
SSL_SERVER_HELLO_DONE
SSL_CLIENT_CERTIFICATE
SSL_CLIENT_KEY_EXCHANGE
SSL_CERTIFICATE_VERIFY
SSL_CLIENT_CHANGE_CIPHER_SPEC
SSL_CLIENT_FINISHED
SSL_SERVER_CHANGE_CIPHER_SPEC
SSL_SERVER_FINISHED
SSL_FLUSH_BUFFERS
SSL_HANDSHAKE_OVER

Definition at line 112 of file ssl.h.

Function Documentation

void ssl_calc_verify	(	ssl_context *	ssl,
		unsigned char	hash[36]
	)

Definition at line 335 of file ssl_tls.c.

References _ssl_context::fin_md5, _ssl_context::fin_sha1, _ssl_session::master, md5(), md5_finish(), md5_starts(), md5_update(), _ssl_context::minor_ver, _ssl_context::session, sha1(), sha1_finish(), sha1_starts(), sha1_update(), SSL_DEBUG_BUF, SSL_DEBUG_MSG, and SSL_MINOR_VERSION_0.

Referenced by ssl_parse_certificate_verify(), and ssl_write_certificate_verify().

int ssl_close_notify ( ssl_context * ssl )

Notify the peer that the connection is being closed.

Definition at line 1904 of file ssl_tls.c.

References _ssl_context::out_msg, _ssl_context::out_msglen, _ssl_context::out_msgtype, SSL_ALERT_CLOSE_NOTIFY, SSL_ALERT_WARNING, SSL_DEBUG_MSG, SSL_DEBUG_RET, ssl_flush_output(), SSL_HANDSHAKE_OVER, SSL_MSG_ALERT, ssl_write_record(), and _ssl_context::state.

Referenced by main(), and ssl_test().

int ssl_derive_keys ( ssl_context * ssl )

Definition at line 106 of file ssl_tls.c.

References aes_setkey_dec(), aes_setkey_enc(), arc4_setup(), _ssl_session::cipher, _ssl_context::ctx_dec, _ssl_context::ctx_enc, des3_set3key_dec(), des3_set3key_enc(), _ssl_context::endpoint, _ssl_context::iv_dec, _ssl_context::iv_enc, _ssl_context::ivlen, _ssl_context::keylen, _ssl_context::mac_dec, _ssl_context::mac_enc, _ssl_context::maclen, _ssl_session::master, md5(), md5_finish(), md5_starts(), md5_update(), _ssl_context::minlen, _ssl_context::minor_ver, _ssl_context::pmslen, _ssl_context::premaster, _ssl_context::randbytes, _ssl_context::resume, _ssl_context::session, sha1(), sha1_finish(), sha1_starts(), sha1_update(), SSL_DEBUG_BUF, SSL_DEBUG_MSG, SSL_EDH_RSA_AES_256_SHA, SSL_EDH_RSA_DES_168_SHA, ssl_get_cipher(), SSL_IS_CLIENT, SSL_MINOR_VERSION_0, SSL_RSA_AES_128_SHA, SSL_RSA_AES_256_SHA, SSL_RSA_DES_168_SHA, SSL_RSA_RC4_128_MD5, SSL_RSA_RC4_128_SHA, tls1_prf(), and XYSSL_ERR_SSL_FEATURE_UNAVAILABLE.

Referenced by ssl_parse_client_key_exchange(), ssl_parse_server_hello(), ssl_write_client_key_exchange(), and ssl_write_server_hello().

int ssl_fetch_input	(	ssl_context *	ssl,
		int	nb_want
	)

Definition at line 727 of file ssl_tls.c.

References _ssl_context::f_recv, _ssl_context::in_hdr, _ssl_context::in_left, _ssl_context::p_recv, SSL_DEBUG_MSG, and SSL_DEBUG_RET.

Referenced by ssl_parse_client_hello(), and ssl_read_record().

int ssl_flush_output ( ssl_context * ssl )

Definition at line 756 of file ssl_tls.c.

References buf, _ssl_context::f_send, _ssl_context::out_hdr, _ssl_context::out_left, _ssl_context::out_msglen, _ssl_context::p_send, SSL_DEBUG_MSG, and SSL_DEBUG_RET.

Referenced by ssl_close_notify(), ssl_handshake_client(), ssl_handshake_server(), ssl_write(), and ssl_write_record().

void ssl_free ( ssl_context * ssl )

Free an SSL context.

Definition at line 1938 of file ssl_tls.c.

References _ssl_context::dhm_ctx, dhm_free(), _ssl_context::hostname, _ssl_context::hostname_len, _ssl_context::in_ctr, _ssl_context::out_ctr, _ssl_context::peer_cert, SSL_BUFFER_LEN, SSL_DEBUG_MSG, and x509_free().

Referenced by main(), and ssl_test().

int ssl_get_bytes_avail ( ssl_context * ssl )

Return the number of data bytes available to read.

Parameters:

ssl

SSL context

Returns:: how many bytes are available in the read buffer

Definition at line 1691 of file ssl_tls.c.

References _ssl_context::in_msglen, and _ssl_context::in_offt.

char* ssl_get_cipher ( ssl_context * ssl )

Return the name of the current cipher.

Parameters:

ssl

SSL context

Returns:: a string containing the cipher name

Definition at line 1701 of file ssl_tls.c.

References _ssl_session::cipher, _ssl_context::session, SSL_EDH_RSA_AES_256_SHA, SSL_EDH_RSA_DES_168_SHA, SSL_RSA_AES_128_SHA, SSL_RSA_AES_256_SHA, SSL_RSA_DES_168_SHA, SSL_RSA_RC4_128_MD5, and SSL_RSA_RC4_128_SHA.

Referenced by main(), and ssl_derive_keys().

int ssl_get_verify_result ( ssl_context * ssl )

Return the result of the certificate verification.

Parameters:

ssl

SSL context

Returns:: 0 if successful, or a combination of: BADCERT_EXPIRED BADCERT_REVOKED BADCERT_CN_MISMATCH BADCERT_NOT_TRUSTED

Definition at line 1696 of file ssl_tls.c.

References _ssl_context::verify_result.

Referenced by main().

int ssl_handshake ( ssl_context * ssl )

Perform the SSL handshake.

Parameters:

ssl

SSL context

Returns:: 0 if successful, XYSSL_ERR_NET_TRY_AGAIN, or a specific SSL error code.

Definition at line 1767 of file ssl_tls.c.

References _ssl_context::endpoint, SSL_DEBUG_MSG, ssl_handshake_client(), ssl_handshake_server(), SSL_IS_CLIENT, SSL_IS_SERVER, and XYSSL_ERR_SSL_FEATURE_UNAVAILABLE.

Referenced by main(), ssl_read(), and ssl_write().

int ssl_handshake_client ( ssl_context * ssl )

Definition at line 660 of file ssl_cli.c.

References SSL_CERTIFICATE_REQUEST, SSL_CERTIFICATE_VERIFY, SSL_CLIENT_CERTIFICATE, SSL_CLIENT_CHANGE_CIPHER_SPEC, SSL_CLIENT_FINISHED, SSL_CLIENT_HELLO, SSL_CLIENT_KEY_EXCHANGE, SSL_DEBUG_MSG, SSL_FLUSH_BUFFERS, ssl_flush_output(), SSL_HANDSHAKE_OVER, SSL_HELLO_REQUEST, ssl_parse_certificate(), ssl_parse_certificate_request(), ssl_parse_change_cipher_spec(), ssl_parse_finished(), ssl_parse_server_hello(), ssl_parse_server_hello_done(), ssl_parse_server_key_exchange(), SSL_SERVER_CERTIFICATE, SSL_SERVER_CHANGE_CIPHER_SPEC, SSL_SERVER_FINISHED, SSL_SERVER_HELLO, SSL_SERVER_HELLO_DONE, SSL_SERVER_KEY_EXCHANGE, ssl_write_certificate(), ssl_write_certificate_verify(), ssl_write_change_cipher_spec(), ssl_write_client_hello(), ssl_write_client_key_exchange(), ssl_write_finished(), _ssl_context::state, and XYSSL_ERR_SSL_BAD_INPUT_DATA.

Referenced by ssl_handshake().

int ssl_handshake_server ( ssl_context * ssl )

Definition at line 819 of file ssl_srv.c.

References SSL_CERTIFICATE_REQUEST, SSL_CERTIFICATE_VERIFY, SSL_CLIENT_CERTIFICATE, SSL_CLIENT_CHANGE_CIPHER_SPEC, SSL_CLIENT_FINISHED, SSL_CLIENT_HELLO, SSL_CLIENT_KEY_EXCHANGE, SSL_DEBUG_MSG, SSL_FLUSH_BUFFERS, ssl_flush_output(), SSL_HANDSHAKE_OVER, SSL_HELLO_REQUEST, ssl_parse_certificate(), ssl_parse_certificate_verify(), ssl_parse_change_cipher_spec(), ssl_parse_client_hello(), ssl_parse_client_key_exchange(), ssl_parse_finished(), SSL_SERVER_CERTIFICATE, SSL_SERVER_CHANGE_CIPHER_SPEC, SSL_SERVER_FINISHED, SSL_SERVER_HELLO, SSL_SERVER_HELLO_DONE, SSL_SERVER_KEY_EXCHANGE, ssl_write_certificate(), ssl_write_certificate_request(), ssl_write_change_cipher_spec(), ssl_write_finished(), ssl_write_server_hello(), ssl_write_server_hello_done(), ssl_write_server_key_exchange(), _ssl_context::state, and XYSSL_ERR_SSL_BAD_INPUT_DATA.

Referenced by ssl_handshake().

int ssl_init ( ssl_context * ssl )

Initialize an SSL context.

Parameters:

ssl

SSL context

Returns:: 0 if successful, or 1 if memory allocation failed

Definition at line 1542 of file ssl_tls.c.

References _ssl_context::fin_md5, _ssl_context::fin_sha1, _ssl_context::hostname, _ssl_context::hostname_len, _ssl_context::in_ctr, _ssl_context::in_hdr, _ssl_context::in_msg, md5_starts(), _ssl_context::out_ctr, _ssl_context::out_hdr, _ssl_context::out_msg, sha1_starts(), SSL_BUFFER_LEN, and SSL_DEBUG_MSG.

Referenced by main(), and ssl_test().

int ssl_parse_certificate ( ssl_context * ssl )

Definition at line 1140 of file ssl_tls.c.

References _ssl_context::authmode, _ssl_context::ca_chain, _ssl_context::endpoint, _ssl_context::in_hslen, _ssl_context::in_msg, _ssl_context::in_msglen, _ssl_context::in_msgtype, int, _ssl_context::minor_ver, _ssl_context::peer_cert, _ssl_context::peer_cn, SSL_ALERT_NO_CERTIFICATE, SSL_ALERT_WARNING, SSL_DEBUG_CRT, SSL_DEBUG_MSG, SSL_DEBUG_RET, SSL_HS_CERTIFICATE, SSL_IS_SERVER, SSL_MINOR_VERSION_0, SSL_MSG_ALERT, SSL_MSG_HANDSHAKE, ssl_read_record(), SSL_VERIFY_NONE, SSL_VERIFY_OPTIONAL, SSL_VERIFY_REQUIRED, _ssl_context::state, _ssl_context::verify_result, x509parse_crt(), x509parse_verify(), XYSSL_ERR_SSL_BAD_HS_CERTIFICATE, XYSSL_ERR_SSL_CA_CHAIN_REQUIRED, XYSSL_ERR_SSL_NO_CLIENT_CERTIFICATE, and XYSSL_ERR_SSL_UNEXPECTED_MESSAGE.

Referenced by ssl_handshake_client(), and ssl_handshake_server().

int ssl_parse_change_cipher_spec ( ssl_context * ssl )

Definition at line 1311 of file ssl_tls.c.

References _ssl_context::do_crypt, _ssl_context::in_msg, _ssl_context::in_msglen, _ssl_context::in_msgtype, SSL_DEBUG_MSG, SSL_DEBUG_RET, SSL_MSG_CHANGE_CIPHER_SPEC, ssl_read_record(), _ssl_context::state, XYSSL_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC, and XYSSL_ERR_SSL_UNEXPECTED_MESSAGE.

Referenced by ssl_handshake_client(), and ssl_handshake_server().

int ssl_parse_finished ( ssl_context * ssl )

int ssl_read	(	ssl_context *	ssl,
		unsigned char *	buf,
		int	len
	)

Read at most 'len' application data bytes.

Parameters:

	ssl	SSL context
	buf	buffer that will hold the data
	len	how many bytes must be read

Returns:: This function returns the number of bytes read, or a negative error code.

Definition at line 1791 of file ssl_tls.c.

References _ssl_context::in_msg, _ssl_context::in_msglen, _ssl_context::in_msgtype, _ssl_context::in_offt, SSL_DEBUG_MSG, SSL_DEBUG_RET, ssl_handshake(), SSL_HANDSHAKE_OVER, SSL_MSG_APPLICATION_DATA, ssl_read_record(), _ssl_context::state, and XYSSL_ERR_SSL_UNEXPECTED_MESSAGE.

Referenced by main(), and ssl_test().

int ssl_read_record ( ssl_context * ssl )

Definition at line 842 of file ssl_tls.c.

References _ssl_context::do_crypt, _ssl_context::fin_md5, _ssl_context::fin_sha1, _ssl_context::in_hdr, _ssl_context::in_hslen, _ssl_context::in_left, _ssl_context::in_msg, _ssl_context::in_msglen, _ssl_context::in_msgtype, _ssl_context::major_ver, md5_update(), _ssl_context::minlen, _ssl_context::minor_ver, sha1_update(), SSL_ALERT_CLOSE_NOTIFY, SSL_ALERT_FATAL, SSL_ALERT_WARNING, SSL_DEBUG_BUF, SSL_DEBUG_MSG, SSL_DEBUG_RET, ssl_decrypt_buf(), ssl_fetch_input(), SSL_MAX_CONTENT_LEN, SSL_MINOR_VERSION_0, SSL_MINOR_VERSION_1, SSL_MSG_ALERT, SSL_MSG_HANDSHAKE, XYSSL_ERR_SSL_FATAL_ALERT_MESSAGE, XYSSL_ERR_SSL_INVALID_RECORD, and XYSSL_ERR_SSL_PEER_CLOSE_NOTIFY.

Referenced by ssl_parse_certificate(), ssl_parse_certificate_request(), ssl_parse_certificate_verify(), ssl_parse_change_cipher_spec(), ssl_parse_client_key_exchange(), ssl_parse_finished(), ssl_parse_server_hello(), ssl_parse_server_hello_done(), ssl_parse_server_key_exchange(), and ssl_read().

void ssl_set_authmode	(	ssl_context *	ssl,
		int	authmode
	)

Set the certificate verification mode.

Parameters:

	ssl	SSL context
	mode	can be:

SSL_VERIFY_NONE: peer certificate is not checked (default), this is insecure and SHOULD be avoided.

SSL_VERIFY_OPTIONAL: peer certificate is checked, however the handshake continues even if verification failed; ssl_get_verify_result() can be called after the handshake is complete.

SSL_VERIFY_REQUIRED: peer *must* present a valid certificate, handshake is aborted if verification failed.

Definition at line 1589 of file ssl_tls.c.

References _ssl_context::authmode.

Referenced by main(), and ssl_test().

void ssl_set_bio	(	ssl_context *	ssl,
		int()(void , unsigned char *, int)	f_recv,
		void *	p_recv,
		int()(void , unsigned char *, int)	f_send,
		void *	p_send
	)

Set the underlying BIO read and write callbacks.

Parameters:

	ssl	SSL context
	f_recv	read callback
	p_recv	read parameter
	f_send	write callback
	p_send	write parameter

Definition at line 1610 of file ssl_tls.c.

References _ssl_context::f_recv, _ssl_context::f_send, _ssl_context::p_recv, and _ssl_context::p_send.

Referenced by main(), and ssl_test().

void ssl_set_ca_chain	(	ssl_context *	ssl,
		x509_cert *	ca_chain,
		char *	peer_cn
	)

Set the data required to verify peer certificate.

Parameters:

	ssl	SSL context
	ca_chain	trusted CA chain
	peer_cn	expected peer CommonName (or NULL)

Note:: TODO: add two more parameters: depth and crl

Definition at line 1641 of file ssl_tls.c.

References _ssl_context::ca_chain, and _ssl_context::peer_cn.

Referenced by main(), and ssl_test().

void ssl_set_ciphers	(	ssl_context *	ssl,
		int *	ciphers
	)

Set the list of allowed ciphersuites.

Parameters:

	ssl	SSL context
	ciphers	0-terminated list of allowed ciphers

Definition at line 1636 of file ssl_tls.c.

References _ssl_context::ciphers.

Referenced by main(), and ssl_test().

void ssl_set_dbg	(	ssl_context *	ssl,
		void()(void , int, char *)	f_dbg,
		void *	p_dbg
	)

Set the debug callback.

Parameters:

	ssl	SSL context
	f_dbg	debug function
	p_dbg	debug parameter

Definition at line 1602 of file ssl_tls.c.

References _ssl_context::f_dbg, and _ssl_context::p_dbg.

Referenced by main(), and ssl_test().

int ssl_set_dh_param	(	ssl_context *	ssl,
		char *	dhm_P,
		char *	dhm_G
	)

Set the Diffie-Hellman public P and G values, read as hexadecimal strings (server-side only).

Parameters:

	ssl	SSL context
	dhm_P	Diffie-Hellman-Merkle modulus
	dhm_G	Diffie-Hellman-Merkle generator

Returns:: 0 if successful

Definition at line 1655 of file ssl_tls.c.

References _ssl_context::dhm_ctx, dhm_context::G, mpi_read_string(), dhm_context::P, and SSL_DEBUG_RET.

Referenced by main(), and ssl_test().

void ssl_set_endpoint	(	ssl_context *	ssl,
		int	endpoint
	)

Set the current endpoint type.

Parameters:

	ssl	SSL context
	endpoint	must be SSL_IS_CLIENT or SSL_IS_SERVER

Definition at line 1584 of file ssl_tls.c.

References _ssl_context::endpoint.

Referenced by main(), and ssl_test().

int ssl_set_hostname	(	ssl_context *	ssl,
		char *	hostname
	)

Set hostname for ServerName TLS Extension.

Parameters:

	ssl	SSL context
	hostname	the server hostname

Returns:: 0 if successful

Definition at line 1674 of file ssl_tls.c.

References _ssl_context::hostname, _ssl_context::hostname_len, and XYSSL_ERR_SSL_BAD_INPUT_DATA.

Referenced by main().

void ssl_set_own_cert	(	ssl_context *	ssl,
		x509_cert *	own_cert,
		rsa_context *	rsa_key
	)

Set own certificate and private key.

Parameters:

	ssl	SSL context
	own_cert	own public certificate
	rsa_key	own private RSA key

Definition at line 1648 of file ssl_tls.c.

References _ssl_context::own_cert, and _ssl_context::rsa_key.

Referenced by main(), and ssl_test().

void ssl_set_rng	(	ssl_context *	ssl,
		int()(void )	f_rng,
		void *	p_rng
	)

Set the random number generator callback.

Parameters:

	ssl	SSL context
	f_rng	RNG function
	p_rng	RNG parameter

Definition at line 1594 of file ssl_tls.c.

References _ssl_context::f_rng, and _ssl_context::p_rng.

Referenced by main(), and ssl_test().

void ssl_set_scb	(	ssl_context *	ssl,
		int()(ssl_context )	s_get,
		int()(ssl_context )	s_set
	)

Set the session callbacks (server-side only).

Parameters:

	ssl	SSL context
	s_get	session get callback
	s_set	session set callback

Definition at line 1620 of file ssl_tls.c.

References _ssl_context::s_get, and _ssl_context::s_set.

Referenced by main().

void ssl_set_session	(	ssl_context *	ssl,
		int	resume,
		int	timeout,
		ssl_session *	session
	)

Set the session resuming flag, timeout and data.

Parameters:

	ssl	SSL context
	resume	if 0 (default), the session will not be resumed
	timeout	session timeout in seconds, or 0 (no timeout)
	session	session context

Definition at line 1628 of file ssl_tls.c.

References _ssl_context::resume, _ssl_context::session, and _ssl_context::timeout.

Referenced by main(), and ssl_test().

int ssl_write	(	ssl_context *	ssl,
		unsigned char *	buf,
		int	len
	)

Write exactly 'len' application data bytes.

Parameters:

	ssl	SSL context
	buf	buffer holding the data
	len	how many bytes must be written

Returns:: This function returns the number of bytes written, or a negative error code.

Note:: When this function returns XYSSL_ERR_NET_TRY_AGAIN, it must be called later with the *same* arguments, until it returns a positive value.

Definition at line 1857 of file ssl_tls.c.

References _ssl_context::out_left, _ssl_context::out_msg, _ssl_context::out_msglen, _ssl_context::out_msgtype, SSL_DEBUG_MSG, SSL_DEBUG_RET, ssl_flush_output(), ssl_handshake(), SSL_HANDSHAKE_OVER, SSL_MAX_CONTENT_LEN, SSL_MSG_APPLICATION_DATA, ssl_write_record(), and _ssl_context::state.

Referenced by main(), and ssl_test().

int ssl_write_certificate ( ssl_context * ssl )

int ssl_write_change_cipher_spec ( ssl_context * ssl )

Definition at line 1287 of file ssl_tls.c.

References _ssl_context::do_crypt, _ssl_context::out_msg, _ssl_context::out_msglen, _ssl_context::out_msgtype, SSL_DEBUG_MSG, SSL_DEBUG_RET, SSL_MSG_CHANGE_CIPHER_SPEC, ssl_write_record(), and _ssl_context::state.

Referenced by ssl_handshake_client(), and ssl_handshake_server().

int ssl_write_finished ( ssl_context * ssl )

int ssl_write_record ( ssl_context * ssl )

Variable Documentation

int ssl_default_ciphers[]

Definition at line 1739 of file ssl_tls.c.

Referenced by main(), and ssl_test().

/home/dko/Projects/mobilec/src/security/xyssl-0.9/include/xyssl/ssl.h File Reference

Data Structures

Defines

Typedefs

Enumerations

Functions

Variables

Detailed Description

Define Documentation

Typedef Documentation

Enumeration Type Documentation

Function Documentation

Variable Documentation