00001
00004 #ifndef XYSSL_SSL_H
00005 #define XYSSL_SSL_H
00006
00007 #include <time.h>
00008
00009 #include "xyssl/net.h"
00010 #include "xyssl/dhm.h"
00011 #include "xyssl/rsa.h"
00012 #include "xyssl/md5.h"
00013 #include "xyssl/sha1.h"
00014 #include "xyssl/x509.h"
00015
00016 #define XYSSL_ERR_SSL_FEATURE_UNAVAILABLE -0x1000
00017 #define XYSSL_ERR_SSL_BAD_INPUT_DATA -0x1800
00018 #define XYSSL_ERR_SSL_INVALID_MAC -0x2000
00019 #define XYSSL_ERR_SSL_INVALID_RECORD -0x2800
00020 #define XYSSL_ERR_SSL_INVALID_MODULUS_SIZE -0x3000
00021 #define XYSSL_ERR_SSL_UNKNOWN_CIPHER -0x3800
00022 #define XYSSL_ERR_SSL_NO_CIPHER_CHOSEN -0x4000
00023 #define XYSSL_ERR_SSL_NO_SESSION_FOUND -0x4800
00024 #define XYSSL_ERR_SSL_NO_CLIENT_CERTIFICATE -0x5000
00025 #define XYSSL_ERR_SSL_CERTIFICATE_TOO_LARGE -0x5800
00026 #define XYSSL_ERR_SSL_CERTIFICATE_REQUIRED -0x6000
00027 #define XYSSL_ERR_SSL_PRIVATE_KEY_REQUIRED -0x6800
00028 #define XYSSL_ERR_SSL_CA_CHAIN_REQUIRED -0x7000
00029 #define XYSSL_ERR_SSL_UNEXPECTED_MESSAGE -0x7800
00030 #define XYSSL_ERR_SSL_FATAL_ALERT_MESSAGE -0x8000
00031 #define XYSSL_ERR_SSL_PEER_VERIFY_FAILED -0x8800
00032 #define XYSSL_ERR_SSL_PEER_CLOSE_NOTIFY -0x9000
00033 #define XYSSL_ERR_SSL_BAD_HS_CLIENT_HELLO -0x9800
00034 #define XYSSL_ERR_SSL_BAD_HS_SERVER_HELLO -0xA000
00035 #define XYSSL_ERR_SSL_BAD_HS_CERTIFICATE -0xA800
00036 #define XYSSL_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST -0xB000
00037 #define XYSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE -0xB800
00038 #define XYSSL_ERR_SSL_BAD_HS_SERVER_HELLO_DONE -0xC000
00039 #define XYSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE -0xC800
00040 #define XYSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY -0xD000
00041 #define XYSSL_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC -0xD800
00042 #define XYSSL_ERR_SSL_BAD_HS_FINISHED -0xE000
00043
00044
00045
00046
00047 #define SSL_MAJOR_VERSION_3 3
00048 #define SSL_MINOR_VERSION_0 0
00049 #define SSL_MINOR_VERSION_1 1
00050 #define SSL_MINOR_VERSION_2 2
00052 #define SSL_IS_CLIENT 0
00053 #define SSL_IS_SERVER 1
00054 #define SSL_COMPRESS_NULL 0
00055
00056 #define SSL_VERIFY_NONE 0
00057 #define SSL_VERIFY_OPTIONAL 1
00058 #define SSL_VERIFY_REQUIRED 2
00059
00060 #define SSL_MAX_CONTENT_LEN 16384
00061
00062
00063
00064
00065
00066 #define SSL_BUFFER_LEN (SSL_MAX_CONTENT_LEN + 512)
00067
00068
00069
00070
00071 #define SSL_RSA_RC4_128_MD5 4
00072 #define SSL_RSA_RC4_128_SHA 5
00073 #define SSL_RSA_DES_168_SHA 10
00074 #define SSL_EDH_RSA_DES_168_SHA 22
00075 #define SSL_RSA_AES_128_SHA 47
00076 #define SSL_RSA_AES_256_SHA 53
00077 #define SSL_EDH_RSA_AES_256_SHA 57
00078
00079
00080
00081
00082 #define SSL_MSG_CHANGE_CIPHER_SPEC 20
00083 #define SSL_MSG_ALERT 21
00084 #define SSL_MSG_HANDSHAKE 22
00085 #define SSL_MSG_APPLICATION_DATA 23
00086
00087 #define SSL_ALERT_CLOSE_NOTIFY 0
00088 #define SSL_ALERT_WARNING 1
00089 #define SSL_ALERT_FATAL 2
00090 #define SSL_ALERT_NO_CERTIFICATE 41
00091
00092 #define SSL_HS_HELLO_REQUEST 0
00093 #define SSL_HS_CLIENT_HELLO 1
00094 #define SSL_HS_SERVER_HELLO 2
00095 #define SSL_HS_CERTIFICATE 11
00096 #define SSL_HS_SERVER_KEY_EXCHANGE 12
00097 #define SSL_HS_CERTIFICATE_REQUEST 13
00098 #define SSL_HS_SERVER_HELLO_DONE 14
00099 #define SSL_HS_CERTIFICATE_VERIFY 15
00100 #define SSL_HS_CLIENT_KEY_EXCHANGE 16
00101 #define SSL_HS_FINISHED 20
00102
00103
00104
00105
00106 #define TLS_EXT_SERVERNAME 0
00107 #define TLS_EXT_SERVERNAME_HOSTNAME 0
00108
00109
00110
00111
00112 typedef enum
00113 {
00114 SSL_HELLO_REQUEST,
00115 SSL_CLIENT_HELLO,
00116 SSL_SERVER_HELLO,
00117 SSL_SERVER_CERTIFICATE,
00118 SSL_SERVER_KEY_EXCHANGE,
00119 SSL_CERTIFICATE_REQUEST,
00120 SSL_SERVER_HELLO_DONE,
00121 SSL_CLIENT_CERTIFICATE,
00122 SSL_CLIENT_KEY_EXCHANGE,
00123 SSL_CERTIFICATE_VERIFY,
00124 SSL_CLIENT_CHANGE_CIPHER_SPEC,
00125 SSL_CLIENT_FINISHED,
00126 SSL_SERVER_CHANGE_CIPHER_SPEC,
00127 SSL_SERVER_FINISHED,
00128 SSL_FLUSH_BUFFERS,
00129 SSL_HANDSHAKE_OVER
00130 }
00131 ssl_states;
00132
00133 typedef struct _ssl_session ssl_session;
00134 typedef struct _ssl_context ssl_context;
00135
00136
00137
00138
00139 struct _ssl_session
00140 {
00141 time_t start;
00142 int cipher;
00143 int length;
00144 unsigned char id[32];
00145 unsigned char master[48];
00146 ssl_session *next;
00147 };
00148
00149 struct _ssl_context
00150 {
00151
00152
00153
00154 int state;
00156 int major_ver;
00157 int minor_ver;
00159 int max_major_ver;
00160 int max_minor_ver;
00162
00163
00164
00165 int (*f_rng)(void *);
00166 void (*f_dbg)(void *, int, char *);
00167 int (*f_recv)(void *, unsigned char *, int);
00168 int (*f_send)(void *, unsigned char *, int);
00169
00170 void *p_rng;
00171 void *p_dbg;
00172 void *p_recv;
00173 void *p_send;
00175
00176
00177
00178 int resume;
00179 int timeout;
00180 ssl_session *session;
00181 int (*s_get)(ssl_context *);
00182 int (*s_set)(ssl_context *);
00184
00185
00186
00187 unsigned char *in_ctr;
00188 unsigned char *in_hdr;
00189 unsigned char *in_msg;
00190 unsigned char *in_offt;
00192 int in_msgtype;
00193 int in_msglen;
00194 int in_left;
00196 int in_hslen;
00197 int nb_zero;
00199
00200
00201
00202 unsigned char *out_ctr;
00203 unsigned char *out_hdr;
00204 unsigned char *out_msg;
00206 int out_msgtype;
00207 int out_msglen;
00208 int out_left;
00210
00211
00212
00213 rsa_context *rsa_key;
00214 x509_cert *own_cert;
00215 x509_cert *ca_chain;
00216 x509_cert *peer_cert;
00217 char *peer_cn;
00219 int endpoint;
00220 int authmode;
00221 int client_auth;
00222 int verify_result;
00224
00225
00226
00227 dhm_context dhm_ctx;
00228 md5_context fin_md5;
00229 sha1_context fin_sha1;
00231 int do_crypt;
00232 int *ciphers;
00233 int pmslen;
00234 int keylen;
00235 int minlen;
00236 int ivlen;
00237 int maclen;
00239 unsigned char randbytes[64];
00240 unsigned char premaster[256];
00242 unsigned char iv_enc[16];
00243 unsigned char iv_dec[16];
00245 unsigned char mac_enc[32];
00246 unsigned char mac_dec[32];
00248 unsigned long ctx_enc[128];
00249 unsigned long ctx_dec[128];
00251
00252
00253
00254 unsigned char *hostname;
00255 unsigned long hostname_len;
00256 };
00257
00258 #ifdef __cplusplus
00259 extern "C" {
00260 #endif
00261
00262 extern int ssl_default_ciphers[];
00263
00271 int ssl_init( ssl_context *ssl );
00272
00279 void ssl_set_endpoint( ssl_context *ssl, int endpoint );
00280
00298 void ssl_set_authmode( ssl_context *ssl, int authmode );
00299
00307 void ssl_set_rng( ssl_context *ssl,
00308 int (*f_rng)(void *),
00309 void *p_rng );
00310
00318 void ssl_set_dbg( ssl_context *ssl,
00319 void (*f_dbg)(void *, int, char *),
00320 void *p_dbg );
00321
00331 void ssl_set_bio( ssl_context *ssl,
00332 int (*f_recv)(void *, unsigned char *, int), void *p_recv,
00333 int (*f_send)(void *, unsigned char *, int), void *p_send );
00334
00342 void ssl_set_scb( ssl_context *ssl,
00343 int (*s_get)(ssl_context *),
00344 int (*s_set)(ssl_context *) );
00345
00354 void ssl_set_session( ssl_context *ssl, int resume, int timeout,
00355 ssl_session *session );
00356
00363 void ssl_set_ciphers( ssl_context *ssl, int *ciphers );
00364
00374 void ssl_set_ca_chain( ssl_context *ssl, x509_cert *ca_chain,
00375 char *peer_cn );
00376
00384 void ssl_set_own_cert( ssl_context *ssl, x509_cert *own_cert,
00385 rsa_context *rsa_key );
00386
00397 int ssl_set_dh_param( ssl_context *ssl, char *dhm_P, char *dhm_G );
00398
00408 int ssl_set_hostname( ssl_context *ssl, char *hostname );
00409
00417 int ssl_get_bytes_avail( ssl_context *ssl );
00418
00430 int ssl_get_verify_result( ssl_context *ssl );
00431
00439 char *ssl_get_cipher( ssl_context *ssl );
00440
00449 int ssl_handshake( ssl_context *ssl );
00450
00461 int ssl_read( ssl_context *ssl, unsigned char *buf, int len );
00462
00477 int ssl_write( ssl_context *ssl, unsigned char *buf, int len );
00478
00482 int ssl_close_notify( ssl_context *ssl );
00483
00487 void ssl_free( ssl_context *ssl );
00488
00489
00490
00491
00492 int ssl_handshake_client( ssl_context *ssl );
00493 int ssl_handshake_server( ssl_context *ssl );
00494
00495 int ssl_derive_keys( ssl_context *ssl );
00496 void ssl_calc_verify( ssl_context *ssl, unsigned char hash[36] );
00497
00498 int ssl_read_record( ssl_context *ssl );
00499 int ssl_fetch_input( ssl_context *ssl, int nb_want );
00500
00501 int ssl_write_record( ssl_context *ssl );
00502 int ssl_flush_output( ssl_context *ssl );
00503
00504 int ssl_parse_certificate( ssl_context *ssl );
00505 int ssl_write_certificate( ssl_context *ssl );
00506
00507 int ssl_parse_change_cipher_spec( ssl_context *ssl );
00508 int ssl_write_change_cipher_spec( ssl_context *ssl );
00509
00510 int ssl_parse_finished( ssl_context *ssl );
00511 int ssl_write_finished( ssl_context *ssl );
00512
00513 #ifdef __cplusplus
00514 }
00515 #endif
00516
00517 #endif