TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 27db1f52606db454c70d84506d167fee571b8e74 / . / include / polarssl / ssl.h
blob: f4d7d1acc458295f6bdccdf33a2e91fd5e8422fe [file] [log] [blame]
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]1/**
2 * \file ssl.h
Paul Bakkere0ccd0a2009-01-04 16:27:10 +0000[diff] [blame]3 *
4 * Based on XySSL: Copyright (C) 2006-2008 Christophe Devine
5 *
Paul Bakker27db1f52009-01-25 15:27:00 +0000[diff] [blame^]6 * Copyright (C) 2009 Paul Bakker <polarssl_maintainer at polarssl dot org>
Paul Bakkere0ccd0a2009-01-04 16:27:10 +0000[diff] [blame]7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License along
19 * with this program; if not, write to the Free Software Foundation, Inc.,
20 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]21 */
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]22#ifndef POLARSSL_SSL_H
23#define POLARSSL_SSL_H
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]24
25#include <time.h>
26
Paul Bakker8e831ed2009-01-03 21:24:11 +0000[diff] [blame]27#include "polarssl/net.h"
28#include "polarssl/dhm.h"
29#include "polarssl/rsa.h"
30#include "polarssl/md5.h"
31#include "polarssl/sha1.h"
32#include "polarssl/x509.h"
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]33
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]34#define POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE -0x1000
35#define POLARSSL_ERR_SSL_BAD_INPUT_DATA -0x1800
36#define POLARSSL_ERR_SSL_INVALID_MAC -0x2000
37#define POLARSSL_ERR_SSL_INVALID_RECORD -0x2800
38#define POLARSSL_ERR_SSL_INVALID_MODULUS_SIZE -0x3000
39#define POLARSSL_ERR_SSL_UNKNOWN_CIPHER -0x3800
40#define POLARSSL_ERR_SSL_NO_CIPHER_CHOSEN -0x4000
41#define POLARSSL_ERR_SSL_NO_SESSION_FOUND -0x4800
42#define POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE -0x5000
43#define POLARSSL_ERR_SSL_CERTIFICATE_TOO_LARGE -0x5800
44#define POLARSSL_ERR_SSL_CERTIFICATE_REQUIRED -0x6000
45#define POLARSSL_ERR_SSL_PRIVATE_KEY_REQUIRED -0x6800
46#define POLARSSL_ERR_SSL_CA_CHAIN_REQUIRED -0x7000
47#define POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE -0x7800
48#define POLARSSL_ERR_SSL_FATAL_ALERT_MESSAGE -0x8000
49#define POLARSSL_ERR_SSL_PEER_VERIFY_FAILED -0x8800
50#define POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY -0x9000
51#define POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO -0x9800
52#define POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO -0xA000
53#define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE -0xA800
54#define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST -0xB000
55#define POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE -0xB800
56#define POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO_DONE -0xC000
57#define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE -0xC800
58#define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY -0xD000
59#define POLARSSL_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC -0xD800
60#define POLARSSL_ERR_SSL_BAD_HS_FINISHED -0xE000
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]61
62/*
63 * Various constants
64 */
65#define SSL_MAJOR_VERSION_3 3
66#define SSL_MINOR_VERSION_0 0 /*!< SSL v3.0 */
67#define SSL_MINOR_VERSION_1 1 /*!< TLS v1.0 */
68#define SSL_MINOR_VERSION_2 2 /*!< TLS v1.1 */
69
70#define SSL_IS_CLIENT 0
71#define SSL_IS_SERVER 1
72#define SSL_COMPRESS_NULL 0
73
74#define SSL_VERIFY_NONE 0
75#define SSL_VERIFY_OPTIONAL 1
76#define SSL_VERIFY_REQUIRED 2
77
78#define SSL_MAX_CONTENT_LEN 16384
79
80/*
81 * Allow an extra 512 bytes for the record header
82 * and encryption overhead (counter + MAC + padding).
83 */
84#define SSL_BUFFER_LEN (SSL_MAX_CONTENT_LEN + 512)
85
86/*
87 * Supported ciphersuites
88 */
89#define SSL_RSA_RC4_128_MD5 4
90#define SSL_RSA_RC4_128_SHA 5
91#define SSL_RSA_DES_168_SHA 10
92#define SSL_EDH_RSA_DES_168_SHA 22
93#define SSL_RSA_AES_128_SHA 47
94#define SSL_RSA_AES_256_SHA 53
95#define SSL_EDH_RSA_AES_256_SHA 57
96
Paul Bakkerb5ef0ba2009-01-11 20:25:36 +0000[diff] [blame]97#define SSL_RSA_CAMELLIA_128_SHA 0x41
98#define SSL_RSA_CAMELLIA_256_SHA 0x84
99#define SSL_EDH_RSA_CAMELLIA_256_SHA 0x88
100
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]101/*
102 * Message, alert and handshake types
103 */
104#define SSL_MSG_CHANGE_CIPHER_SPEC 20
105#define SSL_MSG_ALERT 21
106#define SSL_MSG_HANDSHAKE 22
107#define SSL_MSG_APPLICATION_DATA 23
108
109#define SSL_ALERT_CLOSE_NOTIFY 0
110#define SSL_ALERT_WARNING 1
111#define SSL_ALERT_FATAL 2
112#define SSL_ALERT_NO_CERTIFICATE 41
113
114#define SSL_HS_HELLO_REQUEST 0
115#define SSL_HS_CLIENT_HELLO 1
116#define SSL_HS_SERVER_HELLO 2
117#define SSL_HS_CERTIFICATE 11
118#define SSL_HS_SERVER_KEY_EXCHANGE 12
119#define SSL_HS_CERTIFICATE_REQUEST 13
120#define SSL_HS_SERVER_HELLO_DONE 14
121#define SSL_HS_CERTIFICATE_VERIFY 15
122#define SSL_HS_CLIENT_KEY_EXCHANGE 16
123#define SSL_HS_FINISHED 20
124
125/*
126 * TLS extensions
127 */
128#define TLS_EXT_SERVERNAME 0
129#define TLS_EXT_SERVERNAME_HOSTNAME 0
130
131/*
132 * SSL state machine
133 */
134typedef enum
135{
136 SSL_HELLO_REQUEST,
137 SSL_CLIENT_HELLO,
138 SSL_SERVER_HELLO,
139 SSL_SERVER_CERTIFICATE,
140 SSL_SERVER_KEY_EXCHANGE,
141 SSL_CERTIFICATE_REQUEST,
142 SSL_SERVER_HELLO_DONE,
143 SSL_CLIENT_CERTIFICATE,
144 SSL_CLIENT_KEY_EXCHANGE,
145 SSL_CERTIFICATE_VERIFY,
146 SSL_CLIENT_CHANGE_CIPHER_SPEC,
147 SSL_CLIENT_FINISHED,
148 SSL_SERVER_CHANGE_CIPHER_SPEC,
149 SSL_SERVER_FINISHED,
150 SSL_FLUSH_BUFFERS,
151 SSL_HANDSHAKE_OVER
152}
153ssl_states;
154
155typedef struct _ssl_session ssl_session;
156typedef struct _ssl_context ssl_context;
157
158/*
159 * This structure is used for session resuming.
160 */
161struct _ssl_session
162{
163 time_t start; /*!< starting time */
164 int cipher; /*!< chosen cipher */
165 int length; /*!< session id length */
166 unsigned char id[32]; /*!< session identifier */
167 unsigned char master[48]; /*!< the master secret */
168 ssl_session *next; /*!< next session entry */
169};
170
171struct _ssl_context
172{
173 /*
174 * Miscellaneous
175 */
176 int state; /*!< SSL handshake: current state */
177
178 int major_ver; /*!< equal to SSL_MAJOR_VERSION_3 */
179 int minor_ver; /*!< either 0 (SSL3) or 1 (TLS1.0) */
180
181 int max_major_ver; /*!< max. major version from client */
182 int max_minor_ver; /*!< max. minor version from client */
183
184 /*
185 * Callbacks (RNG, debug, I/O)
186 */
187 int (*f_rng)(void *);
188 void (*f_dbg)(void *, int, char *);
189 int (*f_recv)(void *, unsigned char *, int);
190 int (*f_send)(void *, unsigned char *, int);
191
192 void *p_rng; /*!< context for the RNG function */
193 void *p_dbg; /*!< context for the debug function */
194 void *p_recv; /*!< context for reading operations */
195 void *p_send; /*!< context for writing operations */
196
197 /*
198 * Session layer
199 */
200 int resume; /*!< session resuming flag */
201 int timeout; /*!< sess. expiration time */
202 ssl_session *session; /*!< current session data */
203 int (*s_get)(ssl_context *); /*!< (server) get callback */
204 int (*s_set)(ssl_context *); /*!< (server) set callback */
205
206 /*
207 * Record layer (incoming data)
208 */
209 unsigned char *in_ctr; /*!< 64-bit incoming message counter */
210 unsigned char *in_hdr; /*!< 5-byte record header (in_ctr+8) */
211 unsigned char *in_msg; /*!< the message contents (in_hdr+5) */
212 unsigned char *in_offt; /*!< read offset in application data */
213
214 int in_msgtype; /*!< record header: message type */
215 int in_msglen; /*!< record header: message length */
216 int in_left; /*!< amount of data read so far */
217
218 int in_hslen; /*!< current handshake message length */
219 int nb_zero; /*!< # of 0-length encrypted messages */
220
221 /*
222 * Record layer (outgoing data)
223 */
224 unsigned char *out_ctr; /*!< 64-bit outgoing message counter */
225 unsigned char *out_hdr; /*!< 5-byte record header (out_ctr+8) */
226 unsigned char *out_msg; /*!< the message contents (out_hdr+5) */
227
228 int out_msgtype; /*!< record header: message type */
229 int out_msglen; /*!< record header: message length */
230 int out_left; /*!< amount of data not yet written */
231
232 /*
233 * PKI layer
234 */
235 rsa_context *rsa_key; /*!< own RSA private key */
236 x509_cert *own_cert; /*!< own X.509 certificate */
237 x509_cert *ca_chain; /*!< own trusted CA chain */
238 x509_cert *peer_cert; /*!< peer X.509 cert chain */
239 char *peer_cn; /*!< expected peer CN */
240
241 int endpoint; /*!< 0: client, 1: server */
242 int authmode; /*!< verification mode */
243 int client_auth; /*!< flag for client auth. */
244 int verify_result; /*!< verification result */
245
246 /*
247 * Crypto layer
248 */
249 dhm_context dhm_ctx; /*!< DHM key exchange */
250 md5_context fin_md5; /*!< Finished MD5 checksum */
251 sha1_context fin_sha1; /*!< Finished SHA-1 checksum */
252
253 int do_crypt; /*!< en(de)cryption flag */
254 int *ciphers; /*!< allowed ciphersuites */
255 int pmslen; /*!< premaster length */
256 int keylen; /*!< symmetric key length */
257 int minlen; /*!< min. ciphertext length */
258 int ivlen; /*!< IV length */
259 int maclen; /*!< MAC length */
260
261 unsigned char randbytes[64]; /*!< random bytes */
262 unsigned char premaster[256]; /*!< premaster secret */
263
264 unsigned char iv_enc[16]; /*!< IV (encryption) */
265 unsigned char iv_dec[16]; /*!< IV (decryption) */
266
267 unsigned char mac_enc[32]; /*!< MAC (encryption) */
268 unsigned char mac_dec[32]; /*!< MAC (decryption) */
269
270 unsigned long ctx_enc[128]; /*!< encryption context */
271 unsigned long ctx_dec[128]; /*!< decryption context */
272
273 /*
274 * TLS extensions
275 */
276 unsigned char *hostname;
277 unsigned long hostname_len;
278};
279
280#ifdef __cplusplus
281extern "C" {
282#endif
283
284extern int ssl_default_ciphers[];
285
286/**
287 * \brief Initialize an SSL context
288 *
289 * \param ssl SSL context
290 *
291 * \return 0 if successful, or 1 if memory allocation failed
292 */
293int ssl_init( ssl_context *ssl );
294
295/**
296 * \brief Set the current endpoint type
297 *
298 * \param ssl SSL context
299 * \param endpoint must be SSL_IS_CLIENT or SSL_IS_SERVER
300 */
301void ssl_set_endpoint( ssl_context *ssl, int endpoint );
302
303/**
304 * \brief Set the certificate verification mode
305 *
306 * \param ssl SSL context
307 * \param mode can be:
308 *
309 * SSL_VERIFY_NONE: peer certificate is not checked (default),
310 * this is insecure and SHOULD be avoided.
311 *
312 * SSL_VERIFY_OPTIONAL: peer certificate is checked, however the
313 * handshake continues even if verification failed;
314 * ssl_get_verify_result() can be called after the
315 * handshake is complete.
316 *
317 * SSL_VERIFY_REQUIRED: peer *must* present a valid certificate,
318 * handshake is aborted if verification failed.
319 */
320void ssl_set_authmode( ssl_context *ssl, int authmode );
321
322/**
323 * \brief Set the random number generator callback
324 *
325 * \param ssl SSL context
326 * \param f_rng RNG function
327 * \param p_rng RNG parameter
328 */
329void ssl_set_rng( ssl_context *ssl,
330 int (*f_rng)(void *),
331 void *p_rng );
332
333/**
334 * \brief Set the debug callback
335 *
336 * \param ssl SSL context
337 * \param f_dbg debug function
338 * \param p_dbg debug parameter
339 */
340void ssl_set_dbg( ssl_context *ssl,
341 void (*f_dbg)(void *, int, char *),
342 void *p_dbg );
343
344/**
345 * \brief Set the underlying BIO read and write callbacks
346 *
347 * \param ssl SSL context
348 * \param f_recv read callback
349 * \param p_recv read parameter
350 * \param f_send write callback
351 * \param p_send write parameter
352 */
353void ssl_set_bio( ssl_context *ssl,
354 int (*f_recv)(void *, unsigned char *, int), void *p_recv,
355 int (*f_send)(void *, unsigned char *, int), void *p_send );
356
357/**
358 * \brief Set the session callbacks (server-side only)
359 *
360 * \param ssl SSL context
361 * \param s_get session get callback
362 * \param s_set session set callback
363 */
364void ssl_set_scb( ssl_context *ssl,
365 int (*s_get)(ssl_context *),
366 int (*s_set)(ssl_context *) );
367
368/**
369 * \brief Set the session resuming flag, timeout and data
370 *
371 * \param ssl SSL context
372 * \param resume if 0 (default), the session will not be resumed
373 * \param timeout session timeout in seconds, or 0 (no timeout)
374 * \param session session context
375 */
376void ssl_set_session( ssl_context *ssl, int resume, int timeout,
377 ssl_session *session );
378
379/**
380 * \brief Set the list of allowed ciphersuites
381 *
382 * \param ssl SSL context
383 * \param ciphers 0-terminated list of allowed ciphers
384 */
385void ssl_set_ciphers( ssl_context *ssl, int *ciphers );
386
387/**
388 * \brief Set the data required to verify peer certificate
389 *
390 * \param ssl SSL context
391 * \param ca_chain trusted CA chain
392 * \param peer_cn expected peer CommonName (or NULL)
393 *
394 * \note TODO: add two more parameters: depth and crl
395 */
396void ssl_set_ca_chain( ssl_context *ssl, x509_cert *ca_chain,
397 char *peer_cn );
398
399/**
400 * \brief Set own certificate and private key
401 *
402 * \param ssl SSL context
403 * \param own_cert own public certificate
404 * \param rsa_key own private RSA key
405 */
406void ssl_set_own_cert( ssl_context *ssl, x509_cert *own_cert,
407 rsa_context *rsa_key );
408
409/**
410 * \brief Set the Diffie-Hellman public P and G values,
411 * read as hexadecimal strings (server-side only)
412 *
413 * \param ssl SSL context
414 * \param dhm_P Diffie-Hellman-Merkle modulus
415 * \param dhm_G Diffie-Hellman-Merkle generator
416 *
417 * \return 0 if successful
418 */
419int ssl_set_dh_param( ssl_context *ssl, char *dhm_P, char *dhm_G );
420
421/**
422 * \brief Set hostname for ServerName TLS Extension
423 *
424 *
425 * \param ssl SSL context
426 * \param hostname the server hostname
427 *
428 * \return 0 if successful
429 */
430int ssl_set_hostname( ssl_context *ssl, char *hostname );
431
432/**
433 * \brief Return the number of data bytes available to read
434 *
435 * \param ssl SSL context
436 *
437 * \return how many bytes are available in the read buffer
438 */
439int ssl_get_bytes_avail( ssl_context *ssl );
440
441/**
442 * \brief Return the result of the certificate verification
443 *
444 * \param ssl SSL context
445 *
446 * \return 0 if successful, or a combination of:
447 * BADCERT_EXPIRED
448 * BADCERT_REVOKED
449 * BADCERT_CN_MISMATCH
450 * BADCERT_NOT_TRUSTED
451 */
452int ssl_get_verify_result( ssl_context *ssl );
453
454/**
455 * \brief Return the name of the current cipher
456 *
457 * \param ssl SSL context
458 *
459 * \return a string containing the cipher name
460 */
461char *ssl_get_cipher( ssl_context *ssl );
462
463/**
464 * \brief Perform the SSL handshake
465 *
466 * \param ssl SSL context
467 *
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]468 * \return 0 if successful, POLARSSL_ERR_NET_TRY_AGAIN,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]469 * or a specific SSL error code.
470 */
471int ssl_handshake( ssl_context *ssl );
472
473/**
474 * \brief Read at most 'len' application data bytes
475 *
476 * \param ssl SSL context
477 * \param buf buffer that will hold the data
478 * \param len how many bytes must be read
479 *
480 * \return This function returns the number of bytes read,
481 * or a negative error code.
482 */
483int ssl_read( ssl_context *ssl, unsigned char *buf, int len );
484
485/**
486 * \brief Write exactly 'len' application data bytes
487 *
488 * \param ssl SSL context
489 * \param buf buffer holding the data
490 * \param len how many bytes must be written
491 *
492 * \return This function returns the number of bytes written,
493 * or a negative error code.
494 *
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]495 * \note When this function returns POLARSSL_ERR_NET_TRY_AGAIN,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]496 * it must be called later with the *same* arguments,
497 * until it returns a positive value.
498 */
499int ssl_write( ssl_context *ssl, unsigned char *buf, int len );
500
501/**
502 * \brief Notify the peer that the connection is being closed
503 */
504int ssl_close_notify( ssl_context *ssl );
505
506/**
507 * \brief Free an SSL context
508 */
509void ssl_free( ssl_context *ssl );
510
511/*
512 * Internal functions (do not call directly)
513 */
514int ssl_handshake_client( ssl_context *ssl );
515int ssl_handshake_server( ssl_context *ssl );
516
517int ssl_derive_keys( ssl_context *ssl );
518void ssl_calc_verify( ssl_context *ssl, unsigned char hash[36] );
519
520int ssl_read_record( ssl_context *ssl );
521int ssl_fetch_input( ssl_context *ssl, int nb_want );
522
523int ssl_write_record( ssl_context *ssl );
524int ssl_flush_output( ssl_context *ssl );
525
526int ssl_parse_certificate( ssl_context *ssl );
527int ssl_write_certificate( ssl_context *ssl );
528
529int ssl_parse_change_cipher_spec( ssl_context *ssl );
530int ssl_write_change_cipher_spec( ssl_context *ssl );
531
532int ssl_parse_finished( ssl_context *ssl );
533int ssl_write_finished( ssl_context *ssl );
534
535#ifdef __cplusplus
536}
537#endif
538
539#endif /* ssl.h */