blob: c764961d036d030d6f3df71aef45be15a8260a7d [file] [log] [blame]
Paul Bakker5121ce52009-01-03 21:22:43 +00001/**
2 * \file ssl.h
Paul Bakkere0ccd0a2009-01-04 16:27:10 +00003 *
Paul Bakker37ca75d2011-01-06 12:28:03 +00004 * \brief SSL/TLS functions.
5 *
Paul Bakker68884e32013-01-07 18:20:04 +01006 * Copyright (C) 2006-2013, Brainspark B.V.
Paul Bakkerb96f1542010-07-18 20:36:00 +00007 *
8 * This file is part of PolarSSL (http://www.polarssl.org)
Paul Bakker84f12b72010-07-18 10:13:04 +00009 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
Paul Bakkerb96f1542010-07-18 20:36:00 +000010 *
Paul Bakker77b385e2009-07-28 17:23:11 +000011 * All rights reserved.
Paul Bakkere0ccd0a2009-01-04 16:27:10 +000012 *
Paul Bakkere0ccd0a2009-01-04 16:27:10 +000013 * This program is free software; you can redistribute it and/or modify
14 * it under the terms of the GNU General Public License as published by
15 * the Free Software Foundation; either version 2 of the License, or
16 * (at your option) any later version.
17 *
18 * This program is distributed in the hope that it will be useful,
19 * but WITHOUT ANY WARRANTY; without even the implied warranty of
20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 * GNU General Public License for more details.
22 *
23 * You should have received a copy of the GNU General Public License along
24 * with this program; if not, write to the Free Software Foundation, Inc.,
25 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
Paul Bakker5121ce52009-01-03 21:22:43 +000026 */
Paul Bakker40e46942009-01-03 21:51:57 +000027#ifndef POLARSSL_SSL_H
28#define POLARSSL_SSL_H
Paul Bakker5121ce52009-01-03 21:22:43 +000029
Paul Bakkered27a042013-04-18 22:46:23 +020030#include "config.h"
Paul Bakker314052f2011-08-15 09:07:52 +000031#include "net.h"
Paul Bakkered27a042013-04-18 22:46:23 +020032#include "bignum.h"
33
Paul Bakker68884e32013-01-07 18:20:04 +010034#include "ssl_ciphersuites.h"
Paul Bakker43b7e352011-01-18 15:27:19 +000035
Paul Bakkerd2f068e2013-08-27 21:19:20 +020036#if defined(POLARSSL_MD5_C)
37#include "md5.h"
38#endif
39
40#if defined(POLARSSL_SHA1_C)
41#include "sha1.h"
42#endif
43
44#if defined(POLARSSL_SHA256_C)
45#include "sha256.h"
46#endif
47
48#if defined(POLARSSL_SHA512_C)
49#include "sha512.h"
50#endif
51
Manuel Pégourié-Gonnard7da0a382013-09-05 16:56:03 +020052// for session tickets
Paul Bakkerd2f068e2013-08-27 21:19:20 +020053#if defined(POLARSSL_AES_C)
54#include "aes.h"
55#endif
56
Paul Bakker7c6b2c32013-09-16 13:49:26 +020057#if defined(POLARSSL_X509_CRT_PARSE_C)
58#include "x509_crt.h"
Paul Bakker7c6b2c32013-09-16 13:49:26 +020059#include "x509_crl.h"
Manuel Pégourié-Gonnard834ea852013-09-23 14:46:13 +020060#endif
Paul Bakkered27a042013-04-18 22:46:23 +020061
Paul Bakker48916f92012-09-16 19:57:18 +000062#if defined(POLARSSL_DHM_C)
63#include "dhm.h"
64#endif
65
Paul Bakker41c83d32013-03-20 14:39:14 +010066#if defined(POLARSSL_ECDH_C)
67#include "ecdh.h"
68#endif
69
Paul Bakker2770fbd2012-07-03 13:30:23 +000070#if defined(POLARSSL_ZLIB_SUPPORT)
71#include "zlib.h"
72#endif
73
Paul Bakkerfa9b1002013-07-03 15:31:03 +020074#if defined(POLARSSL_HAVE_TIME)
75#include <time.h>
76#endif
77
Paul Bakker09b1ec62011-07-27 16:28:54 +000078#if defined(_MSC_VER) && !defined(inline)
Paul Bakkeraf5c85f2011-04-18 03:47:52 +000079#define inline _inline
Paul Bakker569df2c2011-06-21 07:48:07 +000080#else
Paul Bakker09b1ec62011-07-27 16:28:54 +000081#if defined(__ARMCC_VERSION) && !defined(inline)
Paul Bakker569df2c2011-06-21 07:48:07 +000082#define inline __inline
Paul Bakker74fb74e2011-06-21 13:36:18 +000083#endif /* __ARMCC_VERSION */
Paul Bakker569df2c2011-06-21 07:48:07 +000084#endif /*_MSC_VER */
Paul Bakkeraf5c85f2011-04-18 03:47:52 +000085
Paul Bakker13e2dfe2009-07-28 07:18:38 +000086/*
87 * SSL Error codes
88 */
Paul Bakker9d781402011-05-09 16:17:09 +000089#define POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE -0x7080 /**< The requested feature is not available. */
90#define POLARSSL_ERR_SSL_BAD_INPUT_DATA -0x7100 /**< Bad input parameters to function. */
91#define POLARSSL_ERR_SSL_INVALID_MAC -0x7180 /**< Verification of the message MAC failed. */
92#define POLARSSL_ERR_SSL_INVALID_RECORD -0x7200 /**< An invalid SSL record was received. */
Paul Bakker831a7552011-05-18 13:32:51 +000093#define POLARSSL_ERR_SSL_CONN_EOF -0x7280 /**< The connection indicated an EOF. */
Paul Bakker9d781402011-05-09 16:17:09 +000094#define POLARSSL_ERR_SSL_UNKNOWN_CIPHER -0x7300 /**< An unknown cipher was received. */
95#define POLARSSL_ERR_SSL_NO_CIPHER_CHOSEN -0x7380 /**< The server has no ciphersuites in common with the client. */
96#define POLARSSL_ERR_SSL_NO_SESSION_FOUND -0x7400 /**< No session to recover was found. */
97#define POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE -0x7480 /**< No client certification received from the client, but required by the authentication mode. */
98#define POLARSSL_ERR_SSL_CERTIFICATE_TOO_LARGE -0x7500 /**< Our own certificate(s) is/are too large to send in an SSL message.*/
99#define POLARSSL_ERR_SSL_CERTIFICATE_REQUIRED -0x7580 /**< The own certificate is not set, but needed by the server. */
Paul Bakker73a899a2013-04-17 19:11:36 +0200100#define POLARSSL_ERR_SSL_PRIVATE_KEY_REQUIRED -0x7600 /**< The own private key or pre-shared key is not set, but needed. */
Paul Bakker9d781402011-05-09 16:17:09 +0000101#define POLARSSL_ERR_SSL_CA_CHAIN_REQUIRED -0x7680 /**< No CA Chain is set, but required to operate. */
102#define POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE -0x7700 /**< An unexpected message was received from our peer. */
103#define POLARSSL_ERR_SSL_FATAL_ALERT_MESSAGE -0x7780 /**< A fatal alert message was received from our peer. */
104#define POLARSSL_ERR_SSL_PEER_VERIFY_FAILED -0x7800 /**< Verification of our peer failed. */
105#define POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY -0x7880 /**< The peer notified us that the connection is going to be closed. */
106#define POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO -0x7900 /**< Processing of the ClientHello handshake message failed. */
107#define POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO -0x7980 /**< Processing of the ServerHello handshake message failed. */
108#define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE -0x7A00 /**< Processing of the Certificate handshake message failed. */
109#define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST -0x7A80 /**< Processing of the CertificateRequest handshake message failed. */
110#define POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE -0x7B00 /**< Processing of the ServerKeyExchange handshake message failed. */
111#define POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO_DONE -0x7B80 /**< Processing of the ServerHelloDone handshake message failed. */
112#define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE -0x7C00 /**< Processing of the ClientKeyExchange handshake message failed. */
Paul Bakker41c83d32013-03-20 14:39:14 +0100113#define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP -0x7C80 /**< Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Read Public. */
114#define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS -0x7D00 /**< Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Calculate Secret. */
Paul Bakker9d781402011-05-09 16:17:09 +0000115#define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY -0x7D80 /**< Processing of the CertificateVerify handshake message failed. */
116#define POLARSSL_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC -0x7E00 /**< Processing of the ChangeCipherSpec handshake message failed. */
117#define POLARSSL_ERR_SSL_BAD_HS_FINISHED -0x7E80 /**< Processing of the Finished handshake message failed. */
Paul Bakker69e095c2011-12-10 21:55:01 +0000118#define POLARSSL_ERR_SSL_MALLOC_FAILED -0x7F00 /**< Memory allocation failed */
Paul Bakker05ef8352012-05-08 09:17:57 +0000119#define POLARSSL_ERR_SSL_HW_ACCEL_FAILED -0x7F80 /**< Hardware acceleration function returned with error */
120#define POLARSSL_ERR_SSL_HW_ACCEL_FALLTHROUGH -0x6F80 /**< Hardware acceleration function skipped / left alone data */
Paul Bakker2770fbd2012-07-03 13:30:23 +0000121#define POLARSSL_ERR_SSL_COMPRESSION_FAILED -0x6F00 /**< Processing of the compression / decompression failed */
Paul Bakker1d29fb52012-09-28 13:28:45 +0000122#define POLARSSL_ERR_SSL_BAD_HS_PROTOCOL_VERSION -0x6E80 /**< Handshake protocol not within min/max boundaries */
Manuel Pégourié-Gonnarda5cc6022013-07-31 12:58:16 +0200123#define POLARSSL_ERR_SSL_BAD_HS_NEW_SESSION_TICKET -0x6E00 /**< Processing of the NewSessionTicket handshake message failed. */
Paul Bakker606b4ba2013-08-14 16:52:14 +0200124#define POLARSSL_ERR_SSL_SESSION_TICKET_EXPIRED -0x6D80 /**< Session ticket has expired. */
Manuel Pégourié-Gonnardb3d91872013-08-14 15:56:19 +0200125#define POLARSSL_ERR_SSL_PK_TYPE_MISMATCH -0x6D00 /**< Public key type mismatch (eg, asked for RSA key exchange and presented EC key) */
Paul Bakker6db455e2013-09-18 17:29:31 +0200126#define POLARSSL_ERR_SSL_UNKNOWN_IDENTITY -0x6C80 /**< Unkown identity received (eg, PSK identity) */
Paul Bakker5121ce52009-01-03 21:22:43 +0000127
128/*
129 * Various constants
130 */
131#define SSL_MAJOR_VERSION_3 3
132#define SSL_MINOR_VERSION_0 0 /*!< SSL v3.0 */
133#define SSL_MINOR_VERSION_1 1 /*!< TLS v1.0 */
134#define SSL_MINOR_VERSION_2 2 /*!< TLS v1.1 */
Paul Bakker1ef83d62012-04-11 12:09:53 +0000135#define SSL_MINOR_VERSION_3 3 /*!< TLS v1.2 */
Paul Bakker5121ce52009-01-03 21:22:43 +0000136
Paul Bakkerd2f068e2013-08-27 21:19:20 +0200137/* Determine minimum supported version */
138#define SSL_MIN_MAJOR_VERSION SSL_MAJOR_VERSION_3
139
140#if defined(POLARSSL_SSL_PROTO_SSL3)
141#define SSL_MIN_MINOR_VERSION SSL_MINOR_VERSION_0
142#else
143#if defined(POLARSSL_SSL_PROTO_TLS1)
144#define SSL_MIN_MINOR_VERSION SSL_MINOR_VERSION_1
145#else
146#if defined(POLARSSL_SSL_PROTO_TLS1_1)
147#define SSL_MIN_MINOR_VERSION SSL_MINOR_VERSION_2
148#else
149#if defined(POLARSSL_SSL_PROTO_TLS1_2)
150#define SSL_MIN_MINOR_VERSION SSL_MINOR_VERSION_3
151#endif
152#endif
153#endif
154#endif
155
156/* Determine maximum supported version */
157#define SSL_MAX_MAJOR_VERSION SSL_MAJOR_VERSION_3
158
159#if defined(POLARSSL_SSL_PROTO_TLS1_2)
160#define SSL_MAX_MINOR_VERSION SSL_MINOR_VERSION_3
161#else
162#if defined(POLARSSL_SSL_PROTO_TLS1_1)
163#define SSL_MAX_MINOR_VERSION SSL_MINOR_VERSION_2
164#else
165#if defined(POLARSSL_SSL_PROTO_TLS1)
166#define SSL_MAX_MINOR_VERSION SSL_MINOR_VERSION_1
167#else
168#if defined(POLARSSL_SSL_PROTO_SSL3)
169#define SSL_MAX_MINOR_VERSION SSL_MINOR_VERSION_0
170#endif
171#endif
172#endif
173#endif
174
Manuel Pégourié-Gonnard581e6b62013-07-18 12:32:27 +0200175/* RFC 6066 section 4, see also mfl_code_to_length in ssl_tls.c
Manuel Pégourié-Gonnarde048b672013-07-19 12:47:00 +0200176 * NONE must be zero so that memset()ing structure to zero works */
Manuel Pégourié-Gonnard8b464592013-07-16 12:45:26 +0200177#define SSL_MAX_FRAG_LEN_NONE 0 /*!< don't use this extension */
178#define SSL_MAX_FRAG_LEN_512 1 /*!< MaxFragmentLength 2^9 */
179#define SSL_MAX_FRAG_LEN_1024 2 /*!< MaxFragmentLength 2^10 */
180#define SSL_MAX_FRAG_LEN_2048 3 /*!< MaxFragmentLength 2^11 */
181#define SSL_MAX_FRAG_LEN_4096 4 /*!< MaxFragmentLength 2^12 */
Manuel Pégourié-Gonnarded4af8b2013-07-18 14:07:09 +0200182#define SSL_MAX_FRAG_LEN_INVALID 5 /*!< first invalid value */
Manuel Pégourié-Gonnard8b464592013-07-16 12:45:26 +0200183
Paul Bakker5121ce52009-01-03 21:22:43 +0000184#define SSL_IS_CLIENT 0
185#define SSL_IS_SERVER 1
186#define SSL_COMPRESS_NULL 0
Paul Bakker2770fbd2012-07-03 13:30:23 +0000187#define SSL_COMPRESS_DEFLATE 1
Paul Bakker5121ce52009-01-03 21:22:43 +0000188
189#define SSL_VERIFY_NONE 0
190#define SSL_VERIFY_OPTIONAL 1
191#define SSL_VERIFY_REQUIRED 2
192
Paul Bakker48916f92012-09-16 19:57:18 +0000193#define SSL_INITIAL_HANDSHAKE 0
194#define SSL_RENEGOTIATION 1
195
196#define SSL_LEGACY_RENEGOTIATION 0
197#define SSL_SECURE_RENEGOTIATION 1
198
Paul Bakker7c900782012-11-04 16:29:08 +0000199#define SSL_RENEGOTIATION_DISABLED 0
200#define SSL_RENEGOTIATION_ENABLED 1
Paul Bakker48916f92012-09-16 19:57:18 +0000201
Paul Bakkerd0f6fa72012-09-17 09:18:12 +0000202#define SSL_LEGACY_NO_RENEGOTIATION 0
203#define SSL_LEGACY_ALLOW_RENEGOTIATION 1
204#define SSL_LEGACY_BREAK_HANDSHAKE 2
Paul Bakker48916f92012-09-16 19:57:18 +0000205
Manuel Pégourié-Gonnarde980a992013-07-19 11:08:52 +0200206#define SSL_TRUNC_HMAC_DISABLED 0
207#define SSL_TRUNC_HMAC_ENABLED 1
Manuel Pégourié-Gonnard277f7f22013-07-19 12:19:21 +0200208#define SSL_TRUNCATED_HMAC_LEN 10 /* 80 bits, rfc 6066 section 7 */
Manuel Pégourié-Gonnarde980a992013-07-19 11:08:52 +0200209
Manuel Pégourié-Gonnardaa0d4d12013-08-03 13:02:31 +0200210#define SSL_SESSION_TICKETS_DISABLED 0
211#define SSL_SESSION_TICKETS_ENABLED 1
212
Paul Bakker606b4ba2013-08-14 16:52:14 +0200213#if !defined(POLARSSL_CONFIG_OPTIONS)
214#define SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tickets (if enabled) */
215#endif /* !POLARSSL_CONFIG_OPTIONS */
216
Paul Bakker9bcf16c2013-06-24 19:31:17 +0200217/*
218 * Size of the input / output buffer.
219 * Note: the RFC defines the default size of SSL / TLS messages. If you
220 * change the value here, other clients / servers may not be able to
221 * communicate with you anymore. Only change this value if you control
222 * both sides of the connection and have it reduced at both sides!
223 */
224#if !defined(POLARSSL_CONFIG_OPTIONS)
225#define SSL_MAX_CONTENT_LEN 16384 /**< Size of the input / output buffer */
226#endif /* !POLARSSL_CONFIG_OPTIONS */
Paul Bakker5121ce52009-01-03 21:22:43 +0000227
228/*
229 * Allow an extra 512 bytes for the record header
Paul Bakker2770fbd2012-07-03 13:30:23 +0000230 * and encryption overhead (counter + MAC + padding)
231 * and allow for a maximum of 1024 of compression expansion if
232 * enabled.
Paul Bakker5121ce52009-01-03 21:22:43 +0000233 */
Paul Bakker2770fbd2012-07-03 13:30:23 +0000234#if defined(POLARSSL_ZLIB_SUPPORT)
235#define SSL_COMPRESSION_ADD 1024
236#else
237#define SSL_COMPRESSION_ADD 0
238#endif
239
240#define SSL_BUFFER_LEN (SSL_MAX_CONTENT_LEN + SSL_COMPRESSION_ADD + 512)
Paul Bakker5121ce52009-01-03 21:22:43 +0000241
Paul Bakker48916f92012-09-16 19:57:18 +0000242#define SSL_EMPTY_RENEGOTIATION_INFO 0xFF /**< renegotiation info ext */
243
Paul Bakker5121ce52009-01-03 21:22:43 +0000244/*
Paul Bakker1ef83d62012-04-11 12:09:53 +0000245 * Supported Signature and Hash algorithms (For TLS 1.2)
Manuel Pégourié-Gonnard0b032002013-08-17 13:01:41 +0200246 * RFC 5246 section 7.4.1.4.1
Paul Bakker1ef83d62012-04-11 12:09:53 +0000247 */
248#define SSL_HASH_NONE 0
249#define SSL_HASH_MD5 1
250#define SSL_HASH_SHA1 2
251#define SSL_HASH_SHA224 3
252#define SSL_HASH_SHA256 4
253#define SSL_HASH_SHA384 5
254#define SSL_HASH_SHA512 6
255
Manuel Pégourié-Gonnard0d420492013-08-21 16:14:26 +0200256#define SSL_SIG_ANON 0
Paul Bakker1ef83d62012-04-11 12:09:53 +0000257#define SSL_SIG_RSA 1
Manuel Pégourié-Gonnard0b032002013-08-17 13:01:41 +0200258#define SSL_SIG_ECDSA 3
Paul Bakker1ef83d62012-04-11 12:09:53 +0000259
260/*
Paul Bakker926af752012-11-23 13:38:07 +0100261 * Client Certificate Types
Manuel Pégourié-Gonnard0b032002013-08-17 13:01:41 +0200262 * RFC 5246 section 7.4.4 plus RFC 4492 section 5.5
Paul Bakker926af752012-11-23 13:38:07 +0100263 */
264#define SSL_CERT_TYPE_RSA_SIGN 1
Manuel Pégourié-Gonnard0b032002013-08-17 13:01:41 +0200265#define SSL_CERT_TYPE_ECDSA_SIGN 64
Paul Bakker926af752012-11-23 13:38:07 +0100266
267/*
Paul Bakker5121ce52009-01-03 21:22:43 +0000268 * Message, alert and handshake types
269 */
270#define SSL_MSG_CHANGE_CIPHER_SPEC 20
271#define SSL_MSG_ALERT 21
272#define SSL_MSG_HANDSHAKE 22
273#define SSL_MSG_APPLICATION_DATA 23
274
Paul Bakker2e11f7d2010-07-25 14:24:53 +0000275#define SSL_ALERT_LEVEL_WARNING 1
276#define SSL_ALERT_LEVEL_FATAL 2
277
Paul Bakkere93dfa72012-04-10 08:03:03 +0000278#define SSL_ALERT_MSG_CLOSE_NOTIFY 0 /* 0x00 */
279#define SSL_ALERT_MSG_UNEXPECTED_MESSAGE 10 /* 0x0A */
280#define SSL_ALERT_MSG_BAD_RECORD_MAC 20 /* 0x14 */
281#define SSL_ALERT_MSG_DECRYPTION_FAILED 21 /* 0x15 */
282#define SSL_ALERT_MSG_RECORD_OVERFLOW 22 /* 0x16 */
283#define SSL_ALERT_MSG_DECOMPRESSION_FAILURE 30 /* 0x1E */
Paul Bakkerca4ab492012-04-18 14:23:57 +0000284#define SSL_ALERT_MSG_HANDSHAKE_FAILURE 40 /* 0x28 */
Paul Bakkere93dfa72012-04-10 08:03:03 +0000285#define SSL_ALERT_MSG_NO_CERT 41 /* 0x29 */
286#define SSL_ALERT_MSG_BAD_CERT 42 /* 0x2A */
287#define SSL_ALERT_MSG_UNSUPPORTED_CERT 43 /* 0x2B */
288#define SSL_ALERT_MSG_CERT_REVOKED 44 /* 0x2C */
289#define SSL_ALERT_MSG_CERT_EXPIRED 45 /* 0x2D */
290#define SSL_ALERT_MSG_CERT_UNKNOWN 46 /* 0x2E */
291#define SSL_ALERT_MSG_ILLEGAL_PARAMETER 47 /* 0x2F */
292#define SSL_ALERT_MSG_UNKNOWN_CA 48 /* 0x30 */
293#define SSL_ALERT_MSG_ACCESS_DENIED 49 /* 0x31 */
294#define SSL_ALERT_MSG_DECODE_ERROR 50 /* 0x32 */
295#define SSL_ALERT_MSG_DECRYPT_ERROR 51 /* 0x33 */
296#define SSL_ALERT_MSG_EXPORT_RESTRICTION 60 /* 0x3C */
297#define SSL_ALERT_MSG_PROTOCOL_VERSION 70 /* 0x46 */
298#define SSL_ALERT_MSG_INSUFFICIENT_SECURITY 71 /* 0x47 */
299#define SSL_ALERT_MSG_INTERNAL_ERROR 80 /* 0x50 */
300#define SSL_ALERT_MSG_USER_CANCELED 90 /* 0x5A */
301#define SSL_ALERT_MSG_NO_RENEGOTIATION 100 /* 0x64 */
Paul Bakkerc3f177a2012-04-11 16:11:49 +0000302#define SSL_ALERT_MSG_UNSUPPORTED_EXT 110 /* 0x6E */
Paul Bakker5701cdc2012-09-27 21:49:42 +0000303#define SSL_ALERT_MSG_UNRECOGNIZED_NAME 112 /* 0x70 */
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200304#define SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY 115 /* 0x73 */
Paul Bakker5121ce52009-01-03 21:22:43 +0000305
306#define SSL_HS_HELLO_REQUEST 0
307#define SSL_HS_CLIENT_HELLO 1
308#define SSL_HS_SERVER_HELLO 2
Manuel Pégourié-Gonnarda5cc6022013-07-31 12:58:16 +0200309#define SSL_HS_NEW_SESSION_TICKET 4
Paul Bakker5121ce52009-01-03 21:22:43 +0000310#define SSL_HS_CERTIFICATE 11
311#define SSL_HS_SERVER_KEY_EXCHANGE 12
312#define SSL_HS_CERTIFICATE_REQUEST 13
313#define SSL_HS_SERVER_HELLO_DONE 14
314#define SSL_HS_CERTIFICATE_VERIFY 15
315#define SSL_HS_CLIENT_KEY_EXCHANGE 16
316#define SSL_HS_FINISHED 20
317
318/*
319 * TLS extensions
320 */
Paul Bakker41c83d32013-03-20 14:39:14 +0100321#define TLS_EXT_SERVERNAME 0
322#define TLS_EXT_SERVERNAME_HOSTNAME 0
Paul Bakker5121ce52009-01-03 21:22:43 +0000323
Manuel Pégourié-Gonnard48f8d0d2013-07-17 10:25:37 +0200324#define TLS_EXT_MAX_FRAGMENT_LENGTH 1
325
Manuel Pégourié-Gonnard57c28522013-07-19 11:41:43 +0200326#define TLS_EXT_TRUNCATED_HMAC 4
327
Paul Bakker41c83d32013-03-20 14:39:14 +0100328#define TLS_EXT_SUPPORTED_ELLIPTIC_CURVES 10
329#define TLS_EXT_SUPPORTED_POINT_FORMATS 11
Paul Bakkerc3f177a2012-04-11 16:11:49 +0000330
Paul Bakker41c83d32013-03-20 14:39:14 +0100331#define TLS_EXT_SIG_ALG 13
332
Manuel Pégourié-Gonnard60182ef2013-08-02 14:44:54 +0200333#define TLS_EXT_SESSION_TICKET 35
334
Paul Bakker41c83d32013-03-20 14:39:14 +0100335#define TLS_EXT_RENEGOTIATION_INFO 0xFF01
Paul Bakker48916f92012-09-16 19:57:18 +0000336
Paul Bakkereb2c6582012-09-27 19:15:01 +0000337/*
Paul Bakkered27a042013-04-18 22:46:23 +0200338 * Size defines
339 */
340#if !defined(POLARSSL_MPI_MAX_SIZE)
341#define POLARSSL_PREMASTER_SIZE 512
342#else
343#define POLARSSL_PREMASTER_SIZE POLARSSL_MPI_MAX_SIZE
344#endif
345
Paul Bakker407a0da2013-06-27 14:29:21 +0200346#ifdef __cplusplus
347extern "C" {
348#endif
349
Paul Bakkered27a042013-04-18 22:46:23 +0200350/*
Paul Bakkereb2c6582012-09-27 19:15:01 +0000351 * Generic function pointers for allowing external RSA private key
352 * implementations.
353 */
354typedef int (*rsa_decrypt_func)( void *ctx, int mode, size_t *olen,
355 const unsigned char *input, unsigned char *output,
356 size_t output_max_len );
357typedef int (*rsa_sign_func)( void *ctx,
358 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
359 int mode, int hash_id, unsigned int hashlen,
360 const unsigned char *hash, unsigned char *sig );
361typedef size_t (*rsa_key_len_func)( void *ctx );
362
Paul Bakker5121ce52009-01-03 21:22:43 +0000363/*
364 * SSL state machine
365 */
366typedef enum
367{
368 SSL_HELLO_REQUEST,
369 SSL_CLIENT_HELLO,
370 SSL_SERVER_HELLO,
371 SSL_SERVER_CERTIFICATE,
372 SSL_SERVER_KEY_EXCHANGE,
373 SSL_CERTIFICATE_REQUEST,
374 SSL_SERVER_HELLO_DONE,
375 SSL_CLIENT_CERTIFICATE,
376 SSL_CLIENT_KEY_EXCHANGE,
377 SSL_CERTIFICATE_VERIFY,
378 SSL_CLIENT_CHANGE_CIPHER_SPEC,
379 SSL_CLIENT_FINISHED,
380 SSL_SERVER_CHANGE_CIPHER_SPEC,
381 SSL_SERVER_FINISHED,
382 SSL_FLUSH_BUFFERS,
Paul Bakker48916f92012-09-16 19:57:18 +0000383 SSL_HANDSHAKE_WRAPUP,
Manuel Pégourié-Gonnarda5cc6022013-07-31 12:58:16 +0200384 SSL_HANDSHAKE_OVER,
385 SSL_SERVER_NEW_SESSION_TICKET,
Paul Bakker5121ce52009-01-03 21:22:43 +0000386}
387ssl_states;
388
389typedef struct _ssl_session ssl_session;
390typedef struct _ssl_context ssl_context;
Paul Bakker48916f92012-09-16 19:57:18 +0000391typedef struct _ssl_transform ssl_transform;
392typedef struct _ssl_handshake_params ssl_handshake_params;
Paul Bakkera503a632013-08-14 13:48:06 +0200393#if defined(POLARSSL_SSL_SESSION_TICKETS)
Manuel Pégourié-Gonnard779e4292013-08-03 13:50:48 +0200394typedef struct _ssl_ticket_keys ssl_ticket_keys;
Paul Bakkera503a632013-08-14 13:48:06 +0200395#endif
Manuel Pégourié-Gonnard834ea852013-09-23 14:46:13 +0200396#if defined(POLARSSL_X509_CRT_PARSE_C)
397typedef struct _ssl_key_cert ssl_key_cert;
398#endif
Paul Bakker5121ce52009-01-03 21:22:43 +0000399
400/*
Paul Bakker0a597072012-09-25 21:55:46 +0000401 * This structure is used for storing current session data.
Paul Bakker5121ce52009-01-03 21:22:43 +0000402 */
403struct _ssl_session
404{
Paul Bakkerfa9b1002013-07-03 15:31:03 +0200405#if defined(POLARSSL_HAVE_TIME)
Paul Bakker5121ce52009-01-03 21:22:43 +0000406 time_t start; /*!< starting time */
Paul Bakkerfa9b1002013-07-03 15:31:03 +0200407#endif
Paul Bakkere3166ce2011-01-27 17:40:50 +0000408 int ciphersuite; /*!< chosen ciphersuite */
Paul Bakker2770fbd2012-07-03 13:30:23 +0000409 int compression; /*!< chosen compression */
Paul Bakker23986e52011-04-24 08:57:21 +0000410 size_t length; /*!< session id length */
Paul Bakker5121ce52009-01-03 21:22:43 +0000411 unsigned char id[32]; /*!< session identifier */
412 unsigned char master[48]; /*!< the master secret */
Paul Bakkered27a042013-04-18 22:46:23 +0200413
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200414#if defined(POLARSSL_X509_CRT_PARSE_C)
Paul Bakkerc559c7a2013-09-18 14:13:26 +0200415 x509_crt *peer_cert; /*!< peer X.509 cert chain */
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200416#endif /* POLARSSL_X509_CRT_PARSE_C */
Manuel Pégourié-Gonnard38d1eba2013-08-23 10:44:29 +0200417 int verify_result; /*!< verification result */
Manuel Pégourié-Gonnarded4af8b2013-07-18 14:07:09 +0200418
Paul Bakkera503a632013-08-14 13:48:06 +0200419#if defined(POLARSSL_SSL_SESSION_TICKETS)
Manuel Pégourié-Gonnard75d44012013-08-02 14:44:04 +0200420 unsigned char *ticket; /*!< RFC 5077 session ticket */
421 size_t ticket_len; /*!< session ticket length */
Manuel Pégourié-Gonnarda5cc6022013-07-31 12:58:16 +0200422 uint32_t ticket_lifetime; /*!< ticket lifetime hint */
Paul Bakkera503a632013-08-14 13:48:06 +0200423#endif /* POLARSSL_SSL_SESSION_TICKETS */
Manuel Pégourié-Gonnard75d44012013-08-02 14:44:04 +0200424
Paul Bakker05decb22013-08-15 13:33:48 +0200425#if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
Manuel Pégourié-Gonnarded4af8b2013-07-18 14:07:09 +0200426 unsigned char mfl_code; /*!< MaxFragmentLength negotiated by peer */
Paul Bakker05decb22013-08-15 13:33:48 +0200427#endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */
428
Paul Bakker1f2bc622013-08-15 13:45:55 +0200429#if defined(POLARSSL_SSL_TRUNCATED_HMAC)
Manuel Pégourié-Gonnard57c28522013-07-19 11:41:43 +0200430 int trunc_hmac; /*!< flag for truncated hmac activation */
Paul Bakker1f2bc622013-08-15 13:45:55 +0200431#endif /* POLARSSL_SSL_TRUNCATED_HMAC */
Paul Bakker5121ce52009-01-03 21:22:43 +0000432};
433
Paul Bakker48916f92012-09-16 19:57:18 +0000434/*
435 * This structure contains a full set of runtime transform parameters
436 * either in negotiation or active.
437 */
438struct _ssl_transform
439{
440 /*
441 * Session specific crypto layer
442 */
Paul Bakker68884e32013-01-07 18:20:04 +0100443 const ssl_ciphersuite_t *ciphersuite_info;
444 /*!< Chosen cipersuite_info */
Paul Bakker48916f92012-09-16 19:57:18 +0000445 unsigned int keylen; /*!< symmetric key length */
446 size_t minlen; /*!< min. ciphertext length */
447 size_t ivlen; /*!< IV length */
448 size_t fixed_ivlen; /*!< Fixed part of IV (AEAD) */
449 size_t maclen; /*!< MAC length */
450
451 unsigned char iv_enc[16]; /*!< IV (encryption) */
452 unsigned char iv_dec[16]; /*!< IV (decryption) */
453
Paul Bakkerd2f068e2013-08-27 21:19:20 +0200454#if defined(POLARSSL_SSL_PROTO_SSL3)
Paul Bakker68884e32013-01-07 18:20:04 +0100455 /* Needed only for SSL v3.0 secret */
456 unsigned char mac_enc[32]; /*!< SSL v3.0 secret (enc) */
457 unsigned char mac_dec[32]; /*!< SSL v3.0 secret (dec) */
Paul Bakkerd2f068e2013-08-27 21:19:20 +0200458#endif /* POLARSSL_SSL_PROTO_SSL3 */
Paul Bakker68884e32013-01-07 18:20:04 +0100459
460 md_context_t md_ctx_enc; /*!< MAC (encryption) */
461 md_context_t md_ctx_dec; /*!< MAC (decryption) */
Paul Bakker48916f92012-09-16 19:57:18 +0000462
Paul Bakkerda02a7f2013-08-31 17:25:14 +0200463 cipher_context_t cipher_ctx_enc; /*!< encryption context */
464 cipher_context_t cipher_ctx_dec; /*!< decryption context */
465
Paul Bakker48916f92012-09-16 19:57:18 +0000466 /*
467 * Session specific compression layer
468 */
469#if defined(POLARSSL_ZLIB_SUPPORT)
470 z_stream ctx_deflate; /*!< compression context */
471 z_stream ctx_inflate; /*!< decompression context */
472#endif
473};
474
475/*
476 * This structure contains the parameters only needed during handshake.
477 */
478struct _ssl_handshake_params
479{
480 /*
481 * Handshake specific crypto variables
482 */
Paul Bakker23f36802012-09-28 14:15:14 +0000483 int sig_alg; /*!< Signature algorithm */
Paul Bakker926af752012-11-23 13:38:07 +0100484 int cert_type; /*!< Requested cert type */
485 int verify_sig_alg; /*!< Signature algorithm for verify */
Paul Bakker48916f92012-09-16 19:57:18 +0000486#if defined(POLARSSL_DHM_C)
487 dhm_context dhm_ctx; /*!< DHM key exchange */
488#endif
Paul Bakker41c83d32013-03-20 14:39:14 +0100489#if defined(POLARSSL_ECDH_C)
490 ecdh_context ecdh_ctx; /*!< ECDH key exchange */
491#endif
Manuel Pégourié-Gonnard0b272672013-08-15 19:38:07 +0200492#if defined(POLARSSL_ECDH_C) || defined(POLARSSL_ECDSA_C)
Paul Bakker41c83d32013-03-20 14:39:14 +0100493 int ec_curve; /*!< Selected elliptic curve */
Manuel Pégourié-Gonnard0b272672013-08-15 19:38:07 +0200494#endif
Paul Bakker48916f92012-09-16 19:57:18 +0000495
496 /*
497 * Checksum contexts
498 */
Paul Bakkerd2f068e2013-08-27 21:19:20 +0200499#if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1) || \
500 defined(POLARSSL_SSL_PROTO_TLS1_1)
Paul Bakker9e36f042013-06-30 14:34:05 +0200501 md5_context fin_md5;
502 sha1_context fin_sha1;
Paul Bakkerd2f068e2013-08-27 21:19:20 +0200503#endif
504#if defined(POLARSSL_SSL_PROTO_TLS1_2)
505#if defined(POLARSSL_SHA256_C)
Paul Bakker9e36f042013-06-30 14:34:05 +0200506 sha256_context fin_sha256;
Paul Bakkerd2f068e2013-08-27 21:19:20 +0200507#endif
Paul Bakkerfb08fd22013-08-27 15:06:26 +0200508#if defined(POLARSSL_SHA512_C)
Paul Bakker9e36f042013-06-30 14:34:05 +0200509 sha512_context fin_sha512;
Paul Bakkerfb08fd22013-08-27 15:06:26 +0200510#endif
Paul Bakkerd2f068e2013-08-27 21:19:20 +0200511#endif /* POLARSSL_SSL_PROTO_TLS1_2 */
Paul Bakker48916f92012-09-16 19:57:18 +0000512
Paul Bakkerb6c5d2e2013-06-25 16:25:17 +0200513 void (*update_checksum)(ssl_context *, const unsigned char *, size_t);
Paul Bakker48916f92012-09-16 19:57:18 +0000514 void (*calc_verify)(ssl_context *, unsigned char *);
515 void (*calc_finished)(ssl_context *, unsigned char *, int);
Paul Bakkerb6c5d2e2013-06-25 16:25:17 +0200516 int (*tls_prf)(const unsigned char *, size_t, const char *,
517 const unsigned char *, size_t,
Paul Bakker48916f92012-09-16 19:57:18 +0000518 unsigned char *, size_t);
519
520 size_t pmslen; /*!< premaster length */
521
522 unsigned char randbytes[64]; /*!< random bytes */
Paul Bakkered27a042013-04-18 22:46:23 +0200523 unsigned char premaster[POLARSSL_PREMASTER_SIZE];
Paul Bakkerdf2bb752012-10-24 14:30:00 +0000524 /*!< premaster secret */
Paul Bakker0a597072012-09-25 21:55:46 +0000525
526 int resume; /*!< session resume indicator*/
Paul Bakker2fbefde2013-06-29 16:01:15 +0200527 int max_major_ver; /*!< max. major version client*/
528 int max_minor_ver; /*!< max. minor version client*/
Manuel Pégourié-Gonnarda5cc6022013-07-31 12:58:16 +0200529
Paul Bakkera503a632013-08-14 13:48:06 +0200530#if defined(POLARSSL_SSL_SESSION_TICKETS)
Manuel Pégourié-Gonnarda5cc6022013-07-31 12:58:16 +0200531 int new_session_ticket; /*!< use NewSessionTicket? */
Paul Bakkera503a632013-08-14 13:48:06 +0200532#endif /* POLARSSL_SSL_SESSION_TICKETS */
Paul Bakker48916f92012-09-16 19:57:18 +0000533};
534
Paul Bakkera503a632013-08-14 13:48:06 +0200535#if defined(POLARSSL_SSL_SESSION_TICKETS)
Manuel Pégourié-Gonnard779e4292013-08-03 13:50:48 +0200536/*
537 * Parameters needed to secure session tickets
538 */
539struct _ssl_ticket_keys
540{
541 unsigned char key_name[16]; /*!< name to quickly discard bad tickets */
Manuel Pégourié-Gonnard990c51a2013-08-03 15:37:58 +0200542 aes_context enc; /*!< encryption context */
543 aes_context dec; /*!< decryption context */
Manuel Pégourié-Gonnard56dc9e82013-08-03 17:16:31 +0200544 unsigned char mac_key[16]; /*!< authentication key */
Manuel Pégourié-Gonnard779e4292013-08-03 13:50:48 +0200545};
Paul Bakkera503a632013-08-14 13:48:06 +0200546#endif /* POLARSSL_SSL_SESSION_TICKETS */
Manuel Pégourié-Gonnard779e4292013-08-03 13:50:48 +0200547
Manuel Pégourié-Gonnard834ea852013-09-23 14:46:13 +0200548#if defined(POLARSSL_X509_CRT_PARSE_C)
549/*
550 * List of certificate + private key pairs
551 */
552struct _ssl_key_cert
553{
554 x509_crt *cert; /*!< cert */
555 pk_context *key; /*!< private key */
556 int key_own_alloc; /*!< did we allocate key? */
557 ssl_key_cert *next; /*!< next key/cert pair */
558};
559#endif /* POLARSSL_X509_CRT_PARSE_C */
560
Paul Bakker5121ce52009-01-03 21:22:43 +0000561struct _ssl_context
562{
563 /*
564 * Miscellaneous
565 */
566 int state; /*!< SSL handshake: current state */
Paul Bakker48916f92012-09-16 19:57:18 +0000567 int renegotiation; /*!< Initial or renegotiation */
Paul Bakker5121ce52009-01-03 21:22:43 +0000568
569 int major_ver; /*!< equal to SSL_MAJOR_VERSION_3 */
570 int minor_ver; /*!< either 0 (SSL3) or 1 (TLS1.0) */
571
Paul Bakker2fbefde2013-06-29 16:01:15 +0200572 int max_major_ver; /*!< max. major version used */
573 int max_minor_ver; /*!< max. minor version used */
574 int min_major_ver; /*!< min. major version used */
575 int min_minor_ver; /*!< min. minor version used */
Paul Bakker5121ce52009-01-03 21:22:43 +0000576
577 /*
Paul Bakkerb63b0af2011-01-13 17:54:59 +0000578 * Callbacks (RNG, debug, I/O, verification)
Paul Bakker5121ce52009-01-03 21:22:43 +0000579 */
Paul Bakkera3d195c2011-11-27 21:07:34 +0000580 int (*f_rng)(void *, unsigned char *, size_t);
Paul Bakkerff60ee62010-03-16 21:09:09 +0000581 void (*f_dbg)(void *, int, const char *);
Paul Bakker23986e52011-04-24 08:57:21 +0000582 int (*f_recv)(void *, unsigned char *, size_t);
Paul Bakker39bb4182011-06-21 07:36:43 +0000583 int (*f_send)(void *, const unsigned char *, size_t);
Paul Bakker0a597072012-09-25 21:55:46 +0000584 int (*f_get_cache)(void *, ssl_session *);
585 int (*f_set_cache)(void *, const ssl_session *);
Paul Bakker5121ce52009-01-03 21:22:43 +0000586
587 void *p_rng; /*!< context for the RNG function */
588 void *p_dbg; /*!< context for the debug function */
589 void *p_recv; /*!< context for reading operations */
590 void *p_send; /*!< context for writing operations */
Paul Bakker0a597072012-09-25 21:55:46 +0000591 void *p_get_cache; /*!< context for cache retrieval */
592 void *p_set_cache; /*!< context for cache store */
Paul Bakkere667c982012-11-20 13:50:22 +0100593 void *p_hw_data; /*!< context for HW acceleration */
Paul Bakker5121ce52009-01-03 21:22:43 +0000594
Paul Bakker0be444a2013-08-27 21:55:01 +0200595#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
596 int (*f_sni)(void *, ssl_context *, const unsigned char *, size_t);
597 void *p_sni; /*!< context for SNI extension */
598#endif
599
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200600#if defined(POLARSSL_X509_CRT_PARSE_C)
Paul Bakkerc559c7a2013-09-18 14:13:26 +0200601 int (*f_vrfy)(void *, x509_crt *, int, int *);
Paul Bakkered27a042013-04-18 22:46:23 +0200602 void *p_vrfy; /*!< context for verification */
603#endif
604
Paul Bakker6db455e2013-09-18 17:29:31 +0200605#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
606 int (*f_psk)(void *, ssl_context *, const unsigned char *, size_t);
607 void *p_psk; /*!< context for PSK retrieval */
608#endif
609
Paul Bakker5121ce52009-01-03 21:22:43 +0000610 /*
611 * Session layer
612 */
Paul Bakker48916f92012-09-16 19:57:18 +0000613 ssl_session *session_in; /*!< current session data (in) */
614 ssl_session *session_out; /*!< current session data (out) */
615 ssl_session *session; /*!< negotiated session data */
616 ssl_session *session_negotiate; /*!< session data in negotiation */
Paul Bakker5121ce52009-01-03 21:22:43 +0000617
Paul Bakker48916f92012-09-16 19:57:18 +0000618 ssl_handshake_params *handshake; /*!< params required only during
619 the handshake process */
620
621 /*
622 * Record layer transformations
623 */
624 ssl_transform *transform_in; /*!< current transform params (in) */
625 ssl_transform *transform_out; /*!< current transform params (in) */
626 ssl_transform *transform; /*!< negotiated transform params */
627 ssl_transform *transform_negotiate; /*!< transform params in negotiation */
628
Paul Bakker5121ce52009-01-03 21:22:43 +0000629 /*
630 * Record layer (incoming data)
631 */
632 unsigned char *in_ctr; /*!< 64-bit incoming message counter */
633 unsigned char *in_hdr; /*!< 5-byte record header (in_ctr+8) */
Paul Bakker92be97b2013-01-02 17:30:03 +0100634 unsigned char *in_iv; /*!< ivlen-byte IV (in_hdr+5) */
635 unsigned char *in_msg; /*!< message contents (in_iv+ivlen) */
Paul Bakker5121ce52009-01-03 21:22:43 +0000636 unsigned char *in_offt; /*!< read offset in application data */
637
638 int in_msgtype; /*!< record header: message type */
Paul Bakker23986e52011-04-24 08:57:21 +0000639 size_t in_msglen; /*!< record header: message length */
640 size_t in_left; /*!< amount of data read so far */
Paul Bakker5121ce52009-01-03 21:22:43 +0000641
Paul Bakker23986e52011-04-24 08:57:21 +0000642 size_t in_hslen; /*!< current handshake message length */
Paul Bakker5121ce52009-01-03 21:22:43 +0000643 int nb_zero; /*!< # of 0-length encrypted messages */
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200644 int record_read; /*!< record is already present */
Paul Bakker5121ce52009-01-03 21:22:43 +0000645
646 /*
647 * Record layer (outgoing data)
648 */
649 unsigned char *out_ctr; /*!< 64-bit outgoing message counter */
650 unsigned char *out_hdr; /*!< 5-byte record header (out_ctr+8) */
Paul Bakker92be97b2013-01-02 17:30:03 +0100651 unsigned char *out_iv; /*!< ivlen-byte IV (out_hdr+5) */
652 unsigned char *out_msg; /*!< message contents (out_iv+ivlen) */
Paul Bakker5121ce52009-01-03 21:22:43 +0000653
654 int out_msgtype; /*!< record header: message type */
Paul Bakker23986e52011-04-24 08:57:21 +0000655 size_t out_msglen; /*!< record header: message length */
656 size_t out_left; /*!< amount of data not yet written */
Paul Bakker5121ce52009-01-03 21:22:43 +0000657
Paul Bakker05decb22013-08-15 13:33:48 +0200658#if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
Manuel Pégourié-Gonnarded4af8b2013-07-18 14:07:09 +0200659 unsigned char mfl_code; /*!< MaxFragmentLength chosen by us */
Paul Bakker05decb22013-08-15 13:33:48 +0200660#endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */
Manuel Pégourié-Gonnard8b464592013-07-16 12:45:26 +0200661
Paul Bakker5121ce52009-01-03 21:22:43 +0000662 /*
663 * PKI layer
664 */
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200665#if defined(POLARSSL_X509_CRT_PARSE_C)
Manuel Pégourié-Gonnard834ea852013-09-23 14:46:13 +0200666 ssl_key_cert *key_cert; /*!< own certificate(s)/key(s) */
Paul Bakker5121ce52009-01-03 21:22:43 +0000667
Manuel Pégourié-Gonnard834ea852013-09-23 14:46:13 +0200668 x509_crt *ca_chain; /*!< own trusted CA chain */
669 x509_crl *ca_crl; /*!< trusted CA CRLs */
670 const char *peer_cn; /*!< expected peer CN */
671#endif /* POLARSSL_X509_CRT_PARSE_C */
672
Paul Bakker48916f92012-09-16 19:57:18 +0000673 /*
Manuel Pégourié-Gonnard779e4292013-08-03 13:50:48 +0200674 * Support for generating and checking session tickets
675 */
Manuel Pégourié-Gonnard834ea852013-09-23 14:46:13 +0200676#if defined(POLARSSL_SSL_SESSION_TICKETS)
Manuel Pégourié-Gonnard779e4292013-08-03 13:50:48 +0200677 ssl_ticket_keys *ticket_keys; /*!< keys for ticket encryption */
Paul Bakkera503a632013-08-14 13:48:06 +0200678#endif /* POLARSSL_SSL_SESSION_TICKETS */
Manuel Pégourié-Gonnard779e4292013-08-03 13:50:48 +0200679
680 /*
Paul Bakker48916f92012-09-16 19:57:18 +0000681 * User settings
682 */
Paul Bakker5121ce52009-01-03 21:22:43 +0000683 int endpoint; /*!< 0: client, 1: server */
684 int authmode; /*!< verification mode */
685 int client_auth; /*!< flag for client auth. */
686 int verify_result; /*!< verification result */
Paul Bakker48916f92012-09-16 19:57:18 +0000687 int disable_renegotiation; /*!< enable/disable renegotiation */
688 int allow_legacy_renegotiation; /*!< allow legacy renegotiation */
Paul Bakker8f4ddae2013-04-15 15:09:54 +0200689 const int *ciphersuite_list[4]; /*!< allowed ciphersuites / version */
Paul Bakker1f2bc622013-08-15 13:45:55 +0200690#if defined(POLARSSL_SSL_TRUNCATED_HMAC)
Manuel Pégourié-Gonnarde980a992013-07-19 11:08:52 +0200691 int trunc_hmac; /*!< negotiate truncated hmac? */
Paul Bakker1f2bc622013-08-15 13:45:55 +0200692#endif
Paul Bakker606b4ba2013-08-14 16:52:14 +0200693#if defined(POLARSSL_SSL_SESSION_TICKETS)
Manuel Pégourié-Gonnardaa0d4d12013-08-03 13:02:31 +0200694 int session_tickets; /*!< use session tickets? */
Paul Bakker606b4ba2013-08-14 16:52:14 +0200695 int ticket_lifetime; /*!< session ticket lifetime */
696#endif
Paul Bakker5121ce52009-01-03 21:22:43 +0000697
Paul Bakker48916f92012-09-16 19:57:18 +0000698#if defined(POLARSSL_DHM_C)
699 mpi dhm_P; /*!< prime modulus for DHM */
700 mpi dhm_G; /*!< generator for DHM */
Paul Bakker2770fbd2012-07-03 13:30:23 +0000701#endif
702
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200703#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
704 /*
705 * PSK values
706 */
Paul Bakker6db455e2013-09-18 17:29:31 +0200707 unsigned char *psk;
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200708 size_t psk_len;
Paul Bakker6db455e2013-09-18 17:29:31 +0200709 unsigned char *psk_identity;
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200710 size_t psk_identity_len;
711#endif
712
Paul Bakker0be444a2013-08-27 21:55:01 +0200713#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
Paul Bakker5121ce52009-01-03 21:22:43 +0000714 /*
Paul Bakker0be444a2013-08-27 21:55:01 +0200715 * SNI extension
Paul Bakker5121ce52009-01-03 21:22:43 +0000716 */
717 unsigned char *hostname;
Paul Bakker23986e52011-04-24 08:57:21 +0000718 size_t hostname_len;
Paul Bakker0be444a2013-08-27 21:55:01 +0200719#endif
Paul Bakker48916f92012-09-16 19:57:18 +0000720
721 /*
722 * Secure renegotiation
723 */
724 int secure_renegotiation; /*!< does peer support legacy or
725 secure renegotiation */
726 size_t verify_data_len; /*!< length of verify data stored */
727 char own_verify_data[36]; /*!< previous handshake verify data */
728 char peer_verify_data[36]; /*!< previous handshake verify data */
Paul Bakker5121ce52009-01-03 21:22:43 +0000729};
730
Paul Bakker05ef8352012-05-08 09:17:57 +0000731#if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
Paul Bakker07eb38b2012-12-19 14:42:06 +0100732
733#define SSL_CHANNEL_OUTBOUND 0
734#define SSL_CHANNEL_INBOUND 1
735
Paul Bakker05ef8352012-05-08 09:17:57 +0000736extern int (*ssl_hw_record_init)(ssl_context *ssl,
737 const unsigned char *key_enc, const unsigned char *key_dec,
Paul Bakker07eb38b2012-12-19 14:42:06 +0100738 size_t keylen,
Paul Bakker05ef8352012-05-08 09:17:57 +0000739 const unsigned char *iv_enc, const unsigned char *iv_dec,
Paul Bakker07eb38b2012-12-19 14:42:06 +0100740 size_t ivlen,
741 const unsigned char *mac_enc, const unsigned char *mac_dec,
742 size_t maclen);
743extern int (*ssl_hw_record_activate)(ssl_context *ssl, int direction);
Paul Bakker05ef8352012-05-08 09:17:57 +0000744extern int (*ssl_hw_record_reset)(ssl_context *ssl);
745extern int (*ssl_hw_record_write)(ssl_context *ssl);
746extern int (*ssl_hw_record_read)(ssl_context *ssl);
747extern int (*ssl_hw_record_finish)(ssl_context *ssl);
748#endif
749
Paul Bakker5121ce52009-01-03 21:22:43 +0000750/**
Paul Bakkere3166ce2011-01-27 17:40:50 +0000751 * \brief Returns the list of ciphersuites supported by the SSL/TLS module.
Paul Bakker72f62662011-01-16 21:27:44 +0000752 *
Paul Bakkere3166ce2011-01-27 17:40:50 +0000753 * \return a statically allocated array of ciphersuites, the last
754 * entry is 0.
Paul Bakker72f62662011-01-16 21:27:44 +0000755 */
Paul Bakker68884e32013-01-07 18:20:04 +0100756const int *ssl_list_ciphersuites( void );
Paul Bakker72f62662011-01-16 21:27:44 +0000757
758/**
Paul Bakkere3166ce2011-01-27 17:40:50 +0000759 * \brief Return the name of the ciphersuite associated with the given
760 * ID
Paul Bakker72f62662011-01-16 21:27:44 +0000761 *
Paul Bakkere3166ce2011-01-27 17:40:50 +0000762 * \param ciphersuite_id SSL ciphersuite ID
Paul Bakker72f62662011-01-16 21:27:44 +0000763 *
Paul Bakkere3166ce2011-01-27 17:40:50 +0000764 * \return a string containing the ciphersuite name
Paul Bakker72f62662011-01-16 21:27:44 +0000765 */
Paul Bakkere3166ce2011-01-27 17:40:50 +0000766const char *ssl_get_ciphersuite_name( const int ciphersuite_id );
767
768/**
769 * \brief Return the ID of the ciphersuite associated with the given
770 * name
771 *
772 * \param ciphersuite_name SSL ciphersuite name
773 *
774 * \return the ID with the ciphersuite or 0 if not found
775 */
776int ssl_get_ciphersuite_id( const char *ciphersuite_name );
Paul Bakker72f62662011-01-16 21:27:44 +0000777
778/**
Paul Bakker5121ce52009-01-03 21:22:43 +0000779 * \brief Initialize an SSL context
780 *
781 * \param ssl SSL context
782 *
Paul Bakker69e095c2011-12-10 21:55:01 +0000783 * \return 0 if successful, or POLARSSL_ERR_SSL_MALLOC_FAILED if
784 * memory allocation failed
Paul Bakker5121ce52009-01-03 21:22:43 +0000785 */
786int ssl_init( ssl_context *ssl );
787
788/**
Paul Bakker7eb013f2011-10-06 12:37:39 +0000789 * \brief Reset an already initialized SSL context for re-use
790 * while retaining application-set variables, function
791 * pointers and data.
792 *
793 * \param ssl SSL context
Paul Bakker48916f92012-09-16 19:57:18 +0000794 * \return 0 if successful, or POLASSL_ERR_SSL_MALLOC_FAILED,
795 POLARSSL_ERR_SSL_HW_ACCEL_FAILED or
Paul Bakker2770fbd2012-07-03 13:30:23 +0000796 * POLARSSL_ERR_SSL_COMPRESSION_FAILED
Paul Bakker7eb013f2011-10-06 12:37:39 +0000797 */
Paul Bakker2770fbd2012-07-03 13:30:23 +0000798int ssl_session_reset( ssl_context *ssl );
Paul Bakker7eb013f2011-10-06 12:37:39 +0000799
800/**
Paul Bakker5121ce52009-01-03 21:22:43 +0000801 * \brief Set the current endpoint type
802 *
803 * \param ssl SSL context
804 * \param endpoint must be SSL_IS_CLIENT or SSL_IS_SERVER
Manuel Pégourié-Gonnardaa0d4d12013-08-03 13:02:31 +0200805 *
806 * \note This function should be called right after ssl_init() since
807 * some other ssl_set_foo() functions depend on it.
Paul Bakker5121ce52009-01-03 21:22:43 +0000808 */
809void ssl_set_endpoint( ssl_context *ssl, int endpoint );
810
811/**
812 * \brief Set the certificate verification mode
813 *
814 * \param ssl SSL context
Paul Bakker37ca75d2011-01-06 12:28:03 +0000815 * \param authmode can be:
Paul Bakker5121ce52009-01-03 21:22:43 +0000816 *
817 * SSL_VERIFY_NONE: peer certificate is not checked (default),
818 * this is insecure and SHOULD be avoided.
819 *
820 * SSL_VERIFY_OPTIONAL: peer certificate is checked, however the
821 * handshake continues even if verification failed;
822 * ssl_get_verify_result() can be called after the
823 * handshake is complete.
824 *
825 * SSL_VERIFY_REQUIRED: peer *must* present a valid certificate,
826 * handshake is aborted if verification failed.
827 */
828void ssl_set_authmode( ssl_context *ssl, int authmode );
829
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200830#if defined(POLARSSL_X509_CRT_PARSE_C)
Paul Bakker5121ce52009-01-03 21:22:43 +0000831/**
Paul Bakkerb63b0af2011-01-13 17:54:59 +0000832 * \brief Set the verification callback (Optional).
833 *
Paul Bakker915275b2012-09-28 07:10:55 +0000834 * If set, the verify callback is called for each
835 * certificate in the chain. For implementation
836 * information, please see \c x509parse_verify()
Paul Bakkerb63b0af2011-01-13 17:54:59 +0000837 *
838 * \param ssl SSL context
839 * \param f_vrfy verification function
840 * \param p_vrfy verification parameter
841 */
842void ssl_set_verify( ssl_context *ssl,
Paul Bakkerc559c7a2013-09-18 14:13:26 +0200843 int (*f_vrfy)(void *, x509_crt *, int, int *),
Paul Bakkerb63b0af2011-01-13 17:54:59 +0000844 void *p_vrfy );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200845#endif /* POLARSSL_X509_CRT_PARSE_C */
Paul Bakkerb63b0af2011-01-13 17:54:59 +0000846
847/**
Paul Bakker5121ce52009-01-03 21:22:43 +0000848 * \brief Set the random number generator callback
849 *
850 * \param ssl SSL context
851 * \param f_rng RNG function
852 * \param p_rng RNG parameter
853 */
854void ssl_set_rng( ssl_context *ssl,
Paul Bakkera3d195c2011-11-27 21:07:34 +0000855 int (*f_rng)(void *, unsigned char *, size_t),
Paul Bakker5121ce52009-01-03 21:22:43 +0000856 void *p_rng );
857
858/**
859 * \brief Set the debug callback
860 *
861 * \param ssl SSL context
862 * \param f_dbg debug function
863 * \param p_dbg debug parameter
864 */
865void ssl_set_dbg( ssl_context *ssl,
Paul Bakkerff60ee62010-03-16 21:09:09 +0000866 void (*f_dbg)(void *, int, const char *),
Paul Bakker5121ce52009-01-03 21:22:43 +0000867 void *p_dbg );
868
869/**
870 * \brief Set the underlying BIO read and write callbacks
871 *
872 * \param ssl SSL context
873 * \param f_recv read callback
874 * \param p_recv read parameter
875 * \param f_send write callback
876 * \param p_send write parameter
877 */
878void ssl_set_bio( ssl_context *ssl,
Paul Bakker23986e52011-04-24 08:57:21 +0000879 int (*f_recv)(void *, unsigned char *, size_t), void *p_recv,
Paul Bakker39bb4182011-06-21 07:36:43 +0000880 int (*f_send)(void *, const unsigned char *, size_t), void *p_send );
Paul Bakker5121ce52009-01-03 21:22:43 +0000881
882/**
Paul Bakker0a597072012-09-25 21:55:46 +0000883 * \brief Set the session cache callbacks (server-side only)
884 * If not set, no session resuming is done.
Paul Bakker5121ce52009-01-03 21:22:43 +0000885 *
Paul Bakker0a597072012-09-25 21:55:46 +0000886 * The session cache has the responsibility to check for stale
887 * entries based on timeout. See RFC 5246 for recommendations.
888 *
889 * Warning: session.peer_cert is cleared by the SSL/TLS layer on
890 * connection shutdown, so do not cache the pointer! Either set
891 * it to NULL or make a full copy of the certificate.
892 *
893 * The get callback is called once during the initial handshake
894 * to enable session resuming. The get function has the
895 * following parameters: (void *parameter, ssl_session *session)
896 * If a valid entry is found, it should fill the master of
897 * the session object with the cached values and return 0,
898 * return 1 otherwise. Optionally peer_cert can be set as well
899 * if it is properly present in cache entry.
900 *
901 * The set callback is called once during the initial handshake
902 * to enable session resuming after the entire handshake has
903 * been finished. The set function has the following parameters:
904 * (void *parameter, const ssl_session *session). The function
905 * should create a cache entry for future retrieval based on
906 * the data in the session structure and should keep in mind
907 * that the ssl_session object presented (and all its referenced
908 * data) is cleared by the SSL/TLS layer when the connection is
909 * terminated. It is recommended to add metadata to determine if
910 * an entry is still valid in the future. Return 0 if
Paul Bakker7a2538e2012-11-02 10:59:36 +0000911 * successfully cached, return 1 otherwise.
Paul Bakker0a597072012-09-25 21:55:46 +0000912 *
913 * \param ssl SSL context
914 * \param f_get_cache session get callback
915 * \param p_get_cache session get parameter
916 * \param f_set_cache session set callback
917 * \param p_set_cache session set parameter
Paul Bakker5121ce52009-01-03 21:22:43 +0000918 */
Paul Bakker0a597072012-09-25 21:55:46 +0000919void ssl_set_session_cache( ssl_context *ssl,
920 int (*f_get_cache)(void *, ssl_session *), void *p_get_cache,
921 int (*f_set_cache)(void *, const ssl_session *), void *p_set_cache );
Paul Bakker5121ce52009-01-03 21:22:43 +0000922
923/**
Paul Bakker0a597072012-09-25 21:55:46 +0000924 * \brief Request resumption of session (client-side only)
925 * Session data is copied from presented session structure.
926 *
Paul Bakker5121ce52009-01-03 21:22:43 +0000927 * \param ssl SSL context
Paul Bakker5121ce52009-01-03 21:22:43 +0000928 * \param session session context
Manuel Pégourié-Gonnard74718032013-07-30 12:41:56 +0200929 *
Manuel Pégourié-Gonnard06650f62013-08-02 15:34:52 +0200930 * \return 0 if successful,
931 * POLARSSL_ERR_SSL_MALLOC_FAILED if memory allocation failed,
932 * POLARSSL_ERR_SSL_BAD_INPUT_DATA if used server-side or
933 * arguments are otherwise invalid
934 *
Manuel Pégourié-Gonnard74718032013-07-30 12:41:56 +0200935 * \sa ssl_get_session()
Paul Bakker5121ce52009-01-03 21:22:43 +0000936 */
Manuel Pégourié-Gonnard06650f62013-08-02 15:34:52 +0200937int ssl_set_session( ssl_context *ssl, const ssl_session *session );
Paul Bakker5121ce52009-01-03 21:22:43 +0000938
939/**
Paul Bakkere3166ce2011-01-27 17:40:50 +0000940 * \brief Set the list of allowed ciphersuites
Paul Bakker8f4ddae2013-04-15 15:09:54 +0200941 * (Overrides all version specific lists)
Paul Bakker5121ce52009-01-03 21:22:43 +0000942 *
Paul Bakkere3166ce2011-01-27 17:40:50 +0000943 * \param ssl SSL context
944 * \param ciphersuites 0-terminated list of allowed ciphersuites
Paul Bakker5121ce52009-01-03 21:22:43 +0000945 */
Paul Bakkerb68cad62012-08-23 08:34:18 +0000946void ssl_set_ciphersuites( ssl_context *ssl, const int *ciphersuites );
Paul Bakker5121ce52009-01-03 21:22:43 +0000947
948/**
Paul Bakker8f4ddae2013-04-15 15:09:54 +0200949 * \brief Set the list of allowed ciphersuites for a specific
950 * version of the protocol.
951 * (Only useful on the server side)
952 *
953 * \param ssl SSL context
954 * \param ciphersuites 0-terminated list of allowed ciphersuites
955 * \param major Major version number (only SSL_MAJOR_VERSION_3
956 * supported)
957 * \param minor Minor version number (SSL_MINOR_VERSION_0,
958 * SSL_MINOR_VERSION_1 and SSL_MINOR_VERSION_2,
959 * SSL_MINOR_VERSION_3 supported)
960 */
961void ssl_set_ciphersuites_for_version( ssl_context *ssl,
962 const int *ciphersuites,
963 int major, int minor );
964
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200965#if defined(POLARSSL_X509_CRT_PARSE_C)
Paul Bakker8f4ddae2013-04-15 15:09:54 +0200966/**
Paul Bakker5121ce52009-01-03 21:22:43 +0000967 * \brief Set the data required to verify peer certificate
968 *
969 * \param ssl SSL context
Paul Bakker1f9d02d2012-11-20 10:30:55 +0100970 * \param ca_chain trusted CA chain (meaning all fully trusted top-level CAs)
Paul Bakker40ea7de2009-05-03 10:18:48 +0000971 * \param ca_crl trusted CA CRLs
Paul Bakker5121ce52009-01-03 21:22:43 +0000972 * \param peer_cn expected peer CommonName (or NULL)
Paul Bakker5121ce52009-01-03 21:22:43 +0000973 */
Paul Bakkerc559c7a2013-09-18 14:13:26 +0200974void ssl_set_ca_chain( ssl_context *ssl, x509_crt *ca_chain,
Paul Bakker57b79142010-03-24 06:51:15 +0000975 x509_crl *ca_crl, const char *peer_cn );
Paul Bakker5121ce52009-01-03 21:22:43 +0000976
977/**
Paul Bakker1f9d02d2012-11-20 10:30:55 +0100978 * \brief Set own certificate chain and private key
979 *
Manuel Pégourié-Gonnard834ea852013-09-23 14:46:13 +0200980 * \note own_cert should contain in order from the bottom up your
981 * certificate chain. The top certificate (self-signed)
Paul Bakker1f9d02d2012-11-20 10:30:55 +0100982 * can be omitted.
Paul Bakker5121ce52009-01-03 21:22:43 +0000983 *
Manuel Pégourié-Gonnard834ea852013-09-23 14:46:13 +0200984 * \note This function may be called more than once if you want to
985 * support multiple certificates (eg, one using RSA and one
986 * using ECDSA). However, on client, currently only the first
987 * certificate is used (subsequent calls have no effect).
988 *
Paul Bakker5121ce52009-01-03 21:22:43 +0000989 * \param ssl SSL context
Paul Bakker1f9d02d2012-11-20 10:30:55 +0100990 * \param own_cert own public certificate chain
Manuel Pégourié-Gonnardac755232013-08-19 14:10:16 +0200991 * \param pk_key own private key
Manuel Pégourié-Gonnard834ea852013-09-23 14:46:13 +0200992 *
993 * \return 0 on success or POLARSSL_ERR_SSL_MALLOC_FAILED
Paul Bakker5121ce52009-01-03 21:22:43 +0000994 */
Manuel Pégourié-Gonnard834ea852013-09-23 14:46:13 +0200995int ssl_set_own_cert( ssl_context *ssl, x509_crt *own_cert,
Manuel Pégourié-Gonnard0d420492013-08-21 16:14:26 +0200996 pk_context *pk_key );
Manuel Pégourié-Gonnardac755232013-08-19 14:10:16 +0200997
998#if defined(POLARSSL_RSA_C)
999/**
1000 * \brief Set own certificate chain and private RSA key
1001 *
1002 * Note: own_cert should contain IN order from the bottom
1003 * up your certificate chain. The top certificate (self-signed)
1004 * can be omitted.
1005 *
1006 * \param ssl SSL context
1007 * \param own_cert own public certificate chain
1008 * \param rsa_key own private RSA key
Manuel Pégourié-Gonnard0d420492013-08-21 16:14:26 +02001009 *
1010 * \return 0 on success, or a specific error code.
Manuel Pégourié-Gonnardac755232013-08-19 14:10:16 +02001011 */
Paul Bakkerc559c7a2013-09-18 14:13:26 +02001012int ssl_set_own_cert_rsa( ssl_context *ssl, x509_crt *own_cert,
Manuel Pégourié-Gonnard0d420492013-08-21 16:14:26 +02001013 rsa_context *rsa_key );
Manuel Pégourié-Gonnardac755232013-08-19 14:10:16 +02001014#endif /* POLARSSL_RSA_C */
Paul Bakker5121ce52009-01-03 21:22:43 +00001015
Paul Bakker43b7e352011-01-18 15:27:19 +00001016/**
Manuel Pégourié-Gonnardac755232013-08-19 14:10:16 +02001017 * \brief Set own certificate and alternate non-PolarSSL RSA private
Paul Bakkereb2c6582012-09-27 19:15:01 +00001018 * key and handling callbacks, such as the PKCS#11 wrappers
1019 * or any other external private key handler.
1020 * (see the respective RSA functions in rsa.h for documentation
1021 * of the callback parameters, with the only change being
1022 * that the rsa_context * is a void * in the callbacks)
Paul Bakker43b7e352011-01-18 15:27:19 +00001023 *
Paul Bakker1f9d02d2012-11-20 10:30:55 +01001024 * Note: own_cert should contain IN order from the bottom
1025 * up your certificate chain. The top certificate (self-signed)
1026 * can be omitted.
1027 *
Paul Bakker43b7e352011-01-18 15:27:19 +00001028 * \param ssl SSL context
Paul Bakker1f9d02d2012-11-20 10:30:55 +01001029 * \param own_cert own public certificate chain
Paul Bakkereb2c6582012-09-27 19:15:01 +00001030 * \param rsa_key alternate implementation private RSA key
Paul Bakkerdcbfdcc2013-09-10 16:16:50 +02001031 * \param rsa_decrypt alternate implementation of \c rsa_pkcs1_decrypt()
1032 * \param rsa_sign alternate implementation of \c rsa_pkcs1_sign()
1033 * \param rsa_key_len function returning length of RSA key in bytes
Manuel Pégourié-Gonnard070cc7f2013-08-21 15:09:31 +02001034 *
1035 * \return 0 on success, or a specific error code.
Paul Bakker43b7e352011-01-18 15:27:19 +00001036 */
Paul Bakkerc559c7a2013-09-18 14:13:26 +02001037int ssl_set_own_cert_alt( ssl_context *ssl, x509_crt *own_cert,
Manuel Pégourié-Gonnard2fb15f62013-08-22 17:54:20 +02001038 void *rsa_key,
1039 rsa_decrypt_func rsa_decrypt,
1040 rsa_sign_func rsa_sign,
1041 rsa_key_len_func rsa_key_len );
Paul Bakker7c6b2c32013-09-16 13:49:26 +02001042#endif /* POLARSSL_X509_CRT_PARSE_C */
Paul Bakker43b7e352011-01-18 15:27:19 +00001043
Paul Bakkerd4a56ec2013-04-16 18:05:29 +02001044#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
1045/**
1046 * \brief Set the Pre Shared Key (PSK) and the identity name connected
Paul Bakker6db455e2013-09-18 17:29:31 +02001047 * to it.
Paul Bakkerd4a56ec2013-04-16 18:05:29 +02001048 *
1049 * \param ssl SSL context
1050 * \param psk pointer to the pre-shared key
1051 * \param psk_len pre-shared key length
1052 * \param psk_identity pointer to the pre-shared key identity
1053 * \param psk_identity_len identity key length
Paul Bakker6db455e2013-09-18 17:29:31 +02001054 *
1055 * \return 0 if successful or POLARSSL_ERR_SSL_MALLOC_FAILED
Paul Bakkerd4a56ec2013-04-16 18:05:29 +02001056 */
Paul Bakker6db455e2013-09-18 17:29:31 +02001057int ssl_set_psk( ssl_context *ssl, const unsigned char *psk, size_t psk_len,
1058 const unsigned char *psk_identity, size_t psk_identity_len );
1059
1060/**
1061 * \brief Set the PSK callback (server-side only) (Optional).
1062 *
1063 * If set, the PSK callback is called for each
1064 * handshake where a PSK ciphersuite was negotiated.
1065 * The callback provides the identity received and wants to
1066 * receive the actual PSK data and length.
1067 *
1068 * The callback has the following parameters: (void *parameter,
1069 * ssl_context *ssl, const unsigned char *psk_identity,
1070 * size_t identity_len)
1071 * If a valid PSK identity is found, the callback should use
1072 * ssl_set_psk() on the ssl context to set the correct PSK and
1073 * identity and return 0.
1074 * Any other return value will result in a denied PSK identity.
1075 *
1076 * \param ssl SSL context
1077 * \param f_psk PSK identity function
1078 * \param p_psk PSK identity parameter
1079 */
1080void ssl_set_psk_cb( ssl_context *ssl,
1081 int (*f_psk)(void *, ssl_context *, const unsigned char *,
1082 size_t),
1083 void *p_psk );
Paul Bakkerd4a56ec2013-04-16 18:05:29 +02001084#endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED */
1085
Paul Bakker48916f92012-09-16 19:57:18 +00001086#if defined(POLARSSL_DHM_C)
Paul Bakker5121ce52009-01-03 21:22:43 +00001087/**
1088 * \brief Set the Diffie-Hellman public P and G values,
1089 * read as hexadecimal strings (server-side only)
Paul Bakker62f2dee2012-09-28 07:31:51 +00001090 * (Default: POLARSSL_DHM_RFC5114_MODP_1024_[PG])
Paul Bakker5121ce52009-01-03 21:22:43 +00001091 *
1092 * \param ssl SSL context
1093 * \param dhm_P Diffie-Hellman-Merkle modulus
1094 * \param dhm_G Diffie-Hellman-Merkle generator
1095 *
1096 * \return 0 if successful
1097 */
Paul Bakkerff60ee62010-03-16 21:09:09 +00001098int ssl_set_dh_param( ssl_context *ssl, const char *dhm_P, const char *dhm_G );
Paul Bakker5121ce52009-01-03 21:22:43 +00001099
1100/**
Paul Bakker1b57b062011-01-06 15:48:19 +00001101 * \brief Set the Diffie-Hellman public P and G values,
1102 * read from existing context (server-side only)
1103 *
1104 * \param ssl SSL context
1105 * \param dhm_ctx Diffie-Hellman-Merkle context
1106 *
1107 * \return 0 if successful
1108 */
1109int ssl_set_dh_param_ctx( ssl_context *ssl, dhm_context *dhm_ctx );
Paul Bakker48916f92012-09-16 19:57:18 +00001110#endif
Paul Bakker1b57b062011-01-06 15:48:19 +00001111
Paul Bakker0be444a2013-08-27 21:55:01 +02001112#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
Paul Bakker1b57b062011-01-06 15:48:19 +00001113/**
Paul Bakker5701cdc2012-09-27 21:49:42 +00001114 * \brief Set hostname for ServerName TLS extension
1115 * (client-side only)
Paul Bakker6db455e2013-09-18 17:29:31 +02001116 *
Paul Bakker5121ce52009-01-03 21:22:43 +00001117 *
1118 * \param ssl SSL context
1119 * \param hostname the server hostname
1120 *
Paul Bakkerb15b8512012-01-13 13:44:06 +00001121 * \return 0 if successful or POLARSSL_ERR_SSL_MALLOC_FAILED
Paul Bakker5121ce52009-01-03 21:22:43 +00001122 */
Paul Bakkerff60ee62010-03-16 21:09:09 +00001123int ssl_set_hostname( ssl_context *ssl, const char *hostname );
Paul Bakker5121ce52009-01-03 21:22:43 +00001124
1125/**
Paul Bakker5701cdc2012-09-27 21:49:42 +00001126 * \brief Set server side ServerName TLS extension callback
1127 * (optional, server-side only).
1128 *
1129 * If set, the ServerName callback is called whenever the
1130 * server receives a ServerName TLS extension from the client
1131 * during a handshake. The ServerName callback has the
1132 * following parameters: (void *parameter, ssl_context *ssl,
1133 * const unsigned char *hostname, size_t len). If a suitable
1134 * certificate is found, the callback should set the
1135 * certificate and key to use with ssl_set_own_cert() (and
1136 * possibly adjust the CA chain as well) and return 0. The
1137 * callback should return -1 to abort the handshake at this
1138 * point.
1139 *
1140 * \param ssl SSL context
1141 * \param f_sni verification function
1142 * \param p_sni verification parameter
1143 */
1144void ssl_set_sni( ssl_context *ssl,
1145 int (*f_sni)(void *, ssl_context *, const unsigned char *,
1146 size_t),
1147 void *p_sni );
Paul Bakker0be444a2013-08-27 21:55:01 +02001148#endif /* POLARSSL_SSL_SERVER_NAME_INDICATION */
Paul Bakker5701cdc2012-09-27 21:49:42 +00001149
1150/**
Paul Bakker490ecc82011-10-06 13:04:09 +00001151 * \brief Set the maximum supported version sent from the client side
Paul Bakker2fbefde2013-06-29 16:01:15 +02001152 * and/or accepted at the server side
Paul Bakkerd2f068e2013-08-27 21:19:20 +02001153 * (Default: SSL_MAX_MAJOR_VERSION, SSL_MAX_MINOR_VERSION)
Paul Bakker2fbefde2013-06-29 16:01:15 +02001154 *
Paul Bakkerd2f068e2013-08-27 21:19:20 +02001155 * Note: This ignores ciphersuites from 'higher' versions.
1156 * Note: Input outside of the SSL_MAX_XXXXX_VERSION and
1157 * SSL_MIN_XXXXX_VERSION range is ignored.
1158 *
Paul Bakker490ecc82011-10-06 13:04:09 +00001159 * \param ssl SSL context
1160 * \param major Major version number (only SSL_MAJOR_VERSION_3 supported)
1161 * \param minor Minor version number (SSL_MINOR_VERSION_0,
Paul Bakker1ef83d62012-04-11 12:09:53 +00001162 * SSL_MINOR_VERSION_1 and SSL_MINOR_VERSION_2,
1163 * SSL_MINOR_VERSION_3 supported)
Paul Bakker490ecc82011-10-06 13:04:09 +00001164 */
1165void ssl_set_max_version( ssl_context *ssl, int major, int minor );
1166
Paul Bakker1d29fb52012-09-28 13:28:45 +00001167
1168/**
1169 * \brief Set the minimum accepted SSL/TLS protocol version
Paul Bakkerd2f068e2013-08-27 21:19:20 +02001170 * (Default: SSL_MIN_MAJOR_VERSION, SSL_MIN_MINOR_VERSION)
1171 *
1172 * Note: Input outside of the SSL_MAX_XXXXX_VERSION and
1173 * SSL_MIN_XXXXX_VERSION range is ignored.
Paul Bakker1d29fb52012-09-28 13:28:45 +00001174 *
1175 * \param ssl SSL context
1176 * \param major Major version number (only SSL_MAJOR_VERSION_3 supported)
1177 * \param minor Minor version number (SSL_MINOR_VERSION_0,
1178 * SSL_MINOR_VERSION_1 and SSL_MINOR_VERSION_2,
1179 * SSL_MINOR_VERSION_3 supported)
1180 */
1181void ssl_set_min_version( ssl_context *ssl, int major, int minor );
1182
Paul Bakker05decb22013-08-15 13:33:48 +02001183#if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
Paul Bakker490ecc82011-10-06 13:04:09 +00001184/**
Manuel Pégourié-Gonnard8b464592013-07-16 12:45:26 +02001185 * \brief Set the maximum fragment length to emit and/or negotiate
1186 * (Default: SSL_MAX_CONTENT_LEN, usually 2^14 bytes)
1187 * (Server: set maximum fragment length to emit,
1188 * usually negotiated by the client during handshake
1189 * (Client: set maximum fragment length to emit *and*
1190 * negotiate with the server during handshake)
1191 *
1192 * \param ssl SSL context
Paul Bakkerdcbfdcc2013-09-10 16:16:50 +02001193 * \param mfl_code Code for maximum fragment length (allowed values:
Manuel Pégourié-Gonnard8b464592013-07-16 12:45:26 +02001194 * SSL_MAX_FRAG_LEN_512, SSL_MAX_FRAG_LEN_1024,
1195 * SSL_MAX_FRAG_LEN_2048, SSL_MAX_FRAG_LEN_4096)
1196 *
1197 * \return O if successful or POLARSSL_ERR_SSL_BAD_INPUT_DATA
1198 */
1199int ssl_set_max_frag_len( ssl_context *ssl, unsigned char mfl_code );
Paul Bakker05decb22013-08-15 13:33:48 +02001200#endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */
Manuel Pégourié-Gonnard8b464592013-07-16 12:45:26 +02001201
Paul Bakker1f2bc622013-08-15 13:45:55 +02001202#if defined(POLARSSL_SSL_TRUNCATED_HMAC)
Manuel Pégourié-Gonnard8b464592013-07-16 12:45:26 +02001203/**
Manuel Pégourié-Gonnarde980a992013-07-19 11:08:52 +02001204 * \brief Activate negotiation of truncated HMAC (Client only)
Paul Bakker8c1ede62013-07-19 14:14:37 +02001205 * (Default: SSL_TRUNC_HMAC_ENABLED)
Manuel Pégourié-Gonnarde980a992013-07-19 11:08:52 +02001206 *
1207 * \param ssl SSL context
Paul Bakker8c1ede62013-07-19 14:14:37 +02001208 * \param truncate Enable or disable (SSL_TRUNC_HMAC_ENABLED or
1209 * SSL_TRUNC_HMAC_DISABLED)
Manuel Pégourié-Gonnarde980a992013-07-19 11:08:52 +02001210 *
1211 * \return O if successful,
1212 * POLARSSL_ERR_SSL_BAD_INPUT_DATA if used server-side
1213 */
Paul Bakker8c1ede62013-07-19 14:14:37 +02001214int ssl_set_truncated_hmac( ssl_context *ssl, int truncate );
Paul Bakker1f2bc622013-08-15 13:45:55 +02001215#endif /* POLARSSL_SSL_TRUNCATED_HMAC */
Manuel Pégourié-Gonnarde980a992013-07-19 11:08:52 +02001216
Paul Bakkera503a632013-08-14 13:48:06 +02001217#if defined(POLARSSL_SSL_SESSION_TICKETS)
Manuel Pégourié-Gonnarde980a992013-07-19 11:08:52 +02001218/**
Manuel Pégourié-Gonnardaa0d4d12013-08-03 13:02:31 +02001219 * \brief Enable / Disable session tickets
1220 * (Default: SSL_SESSION_TICKETS_ENABLED on client,
1221 * SSL_SESSION_TICKETS_DISABLED on server)
1222 *
1223 * \note On server, ssl_set_rng() must be called before this function
1224 * to allow generating the ticket encryption and
1225 * authentication keys.
1226 *
1227 * \param ssl SSL context
1228 * \param use_tickets Enable or disable (SSL_SESSION_TICKETS_ENABLED or
1229 * SSL_SESSION_TICKETS_DISABLED)
1230 *
1231 * \return O if successful,
1232 * or a specific error code (server only).
1233 */
1234int ssl_set_session_tickets( ssl_context *ssl, int use_tickets );
Paul Bakker606b4ba2013-08-14 16:52:14 +02001235
1236/**
1237 * \brief Set session ticket lifetime (server only)
1238 * (Default: SSL_DEFAULT_TICKET_LIFETIME (86400 secs / 1 day))
1239 *
1240 * \param ssl SSL context
1241 * \param lifetime session ticket lifetime
1242 */
1243void ssl_set_session_ticket_lifetime( ssl_context *ssl, int lifetime );
Paul Bakkera503a632013-08-14 13:48:06 +02001244#endif /* POLARSSL_SSL_SESSION_TICKETS */
Manuel Pégourié-Gonnardaa0d4d12013-08-03 13:02:31 +02001245
1246/**
Paul Bakker09f097d2012-10-23 11:54:56 +00001247 * \brief Enable / Disable renegotiation support for connection when
1248 * initiated by peer
1249 * (Default: SSL_RENEGOTIATION_DISABLED)
1250 *
1251 * Note: A server with support enabled is more vulnerable for a
Paul Bakker7c900782012-11-04 16:29:08 +00001252 * resource DoS by a malicious client. You should enable this on
1253 * a client to enable server-initiated renegotiation.
Paul Bakker48916f92012-09-16 19:57:18 +00001254 *
1255 * \param ssl SSL context
1256 * \param renegotiation Enable or disable (SSL_RENEGOTIATION_ENABLED or
1257 * SSL_RENEGOTIATION_DISABLED)
1258 */
1259void ssl_set_renegotiation( ssl_context *ssl, int renegotiation );
1260
1261/**
1262 * \brief Prevent or allow legacy renegotiation.
Paul Bakkerd0f6fa72012-09-17 09:18:12 +00001263 * (Default: SSL_LEGACY_NO_RENEGOTIATION)
1264 *
1265 * SSL_LEGACY_NO_RENEGOTIATION allows connections to
1266 * be established even if the peer does not support
1267 * secure renegotiation, but does not allow renegotiation
1268 * to take place if not secure.
1269 * (Interoperable and secure option)
1270 *
1271 * SSL_LEGACY_ALLOW_RENEGOTIATION allows renegotiations
1272 * with non-upgraded peers. Allowing legacy renegotiation
1273 * makes the connection vulnerable to specific man in the
1274 * middle attacks. (See RFC 5746)
1275 * (Most interoperable and least secure option)
1276 *
1277 * SSL_LEGACY_BREAK_HANDSHAKE breaks off connections
1278 * if peer does not support secure renegotiation. Results
1279 * in interoperability issues with non-upgraded peers
1280 * that do not support renegotiation altogether.
1281 * (Most secure option, interoperability issues)
Paul Bakker48916f92012-09-16 19:57:18 +00001282 *
1283 * \param ssl SSL context
Paul Bakker6831c4a2012-11-07 19:46:27 +00001284 * \param allow_legacy Prevent or allow (SSL_NO_LEGACY_RENEGOTIATION,
1285 * SSL_ALLOW_LEGACY_RENEGOTIATION or
1286 * SSL_LEGACY_BREAK_HANDSHAKE)
Paul Bakker48916f92012-09-16 19:57:18 +00001287 */
1288void ssl_legacy_renegotiation( ssl_context *ssl, int allow_legacy );
1289
1290/**
Paul Bakker5121ce52009-01-03 21:22:43 +00001291 * \brief Return the number of data bytes available to read
1292 *
1293 * \param ssl SSL context
1294 *
1295 * \return how many bytes are available in the read buffer
1296 */
Paul Bakker23986e52011-04-24 08:57:21 +00001297size_t ssl_get_bytes_avail( const ssl_context *ssl );
Paul Bakker5121ce52009-01-03 21:22:43 +00001298
1299/**
1300 * \brief Return the result of the certificate verification
1301 *
1302 * \param ssl SSL context
1303 *
1304 * \return 0 if successful, or a combination of:
1305 * BADCERT_EXPIRED
1306 * BADCERT_REVOKED
1307 * BADCERT_CN_MISMATCH
1308 * BADCERT_NOT_TRUSTED
1309 */
Paul Bakkerff60ee62010-03-16 21:09:09 +00001310int ssl_get_verify_result( const ssl_context *ssl );
Paul Bakker5121ce52009-01-03 21:22:43 +00001311
1312/**
Paul Bakkere3166ce2011-01-27 17:40:50 +00001313 * \brief Return the name of the current ciphersuite
Paul Bakker5121ce52009-01-03 21:22:43 +00001314 *
1315 * \param ssl SSL context
1316 *
Paul Bakkere3166ce2011-01-27 17:40:50 +00001317 * \return a string containing the ciphersuite name
Paul Bakker5121ce52009-01-03 21:22:43 +00001318 */
Paul Bakkere3166ce2011-01-27 17:40:50 +00001319const char *ssl_get_ciphersuite( const ssl_context *ssl );
Paul Bakker5121ce52009-01-03 21:22:43 +00001320
1321/**
Paul Bakker43ca69c2011-01-15 17:35:19 +00001322 * \brief Return the current SSL version (SSLv3/TLSv1/etc)
1323 *
1324 * \param ssl SSL context
1325 *
1326 * \return a string containing the SSL version
1327 */
1328const char *ssl_get_version( const ssl_context *ssl );
1329
Paul Bakker7c6b2c32013-09-16 13:49:26 +02001330#if defined(POLARSSL_X509_CRT_PARSE_C)
Paul Bakker43ca69c2011-01-15 17:35:19 +00001331/**
Paul Bakkerb0550d92012-10-30 07:51:03 +00001332 * \brief Return the peer certificate from the current connection
1333 *
1334 * Note: Can be NULL in case no certificate was sent during
1335 * the handshake. Different calls for the same connection can
1336 * return the same or different pointers for the same
1337 * certificate and even a different certificate altogether.
1338 * The peer cert CAN change in a single connection if
1339 * renegotiation is performed.
1340 *
1341 * \param ssl SSL context
1342 *
1343 * \return the current peer certificate
1344 */
Paul Bakkerc559c7a2013-09-18 14:13:26 +02001345const x509_crt *ssl_get_peer_cert( const ssl_context *ssl );
Paul Bakker7c6b2c32013-09-16 13:49:26 +02001346#endif /* POLARSSL_X509_CRT_PARSE_C */
Paul Bakkerb0550d92012-10-30 07:51:03 +00001347
1348/**
Manuel Pégourié-Gonnard74718032013-07-30 12:41:56 +02001349 * \brief Save session in order to resume it later (client-side only)
1350 * Session data is copied to presented session structure.
1351 *
1352 * \warning Currently, peer certificate is lost in the operation.
1353 *
1354 * \param ssl SSL context
1355 * \param session session context
1356 *
1357 * \return 0 if successful,
1358 * POLARSSL_ERR_SSL_MALLOC_FAILED if memory allocation failed,
1359 * POLARSSL_ERR_SSL_BAD_INPUT_DATA if used server-side or
1360 * arguments are otherwise invalid
1361 *
1362 * \sa ssl_set_session()
1363 */
1364int ssl_get_session( const ssl_context *ssl, ssl_session *session );
1365
1366/**
Paul Bakker5121ce52009-01-03 21:22:43 +00001367 * \brief Perform the SSL handshake
1368 *
1369 * \param ssl SSL context
1370 *
Paul Bakker831a7552011-05-18 13:32:51 +00001371 * \return 0 if successful, POLARSSL_ERR_NET_WANT_READ,
1372 * POLARSSL_ERR_NET_WANT_WRITE, or a specific SSL error code.
Paul Bakker5121ce52009-01-03 21:22:43 +00001373 */
1374int ssl_handshake( ssl_context *ssl );
1375
1376/**
Paul Bakker1961b702013-01-25 14:49:24 +01001377 * \brief Perform a single step of the SSL handshake
1378 *
1379 * Note: the state of the context (ssl->state) will be at
1380 * the following state after execution of this function.
1381 * Do not call this function if state is SSL_HANDSHAKE_OVER.
1382 *
1383 * \param ssl SSL context
1384 *
1385 * \return 0 if successful, POLARSSL_ERR_NET_WANT_READ,
1386 * POLARSSL_ERR_NET_WANT_WRITE, or a specific SSL error code.
1387 */
1388int ssl_handshake_step( ssl_context *ssl );
1389
1390/**
Paul Bakker48916f92012-09-16 19:57:18 +00001391 * \brief Perform an SSL renegotiation on the running connection
1392 *
1393 * \param ssl SSL context
1394 *
1395 * \return 0 if succesful, or any ssl_handshake() return value.
1396 */
1397int ssl_renegotiate( ssl_context *ssl );
1398
1399/**
Paul Bakker5121ce52009-01-03 21:22:43 +00001400 * \brief Read at most 'len' application data bytes
1401 *
1402 * \param ssl SSL context
1403 * \param buf buffer that will hold the data
1404 * \param len how many bytes must be read
1405 *
Paul Bakker831a7552011-05-18 13:32:51 +00001406 * \return This function returns the number of bytes read, 0 for EOF,
Paul Bakker5121ce52009-01-03 21:22:43 +00001407 * or a negative error code.
1408 */
Paul Bakker23986e52011-04-24 08:57:21 +00001409int ssl_read( ssl_context *ssl, unsigned char *buf, size_t len );
Paul Bakker5121ce52009-01-03 21:22:43 +00001410
1411/**
1412 * \brief Write exactly 'len' application data bytes
1413 *
1414 * \param ssl SSL context
1415 * \param buf buffer holding the data
1416 * \param len how many bytes must be written
1417 *
1418 * \return This function returns the number of bytes written,
1419 * or a negative error code.
1420 *
Paul Bakker831a7552011-05-18 13:32:51 +00001421 * \note When this function returns POLARSSL_ERR_NET_WANT_WRITE,
Paul Bakker5121ce52009-01-03 21:22:43 +00001422 * it must be called later with the *same* arguments,
1423 * until it returns a positive value.
1424 */
Paul Bakker23986e52011-04-24 08:57:21 +00001425int ssl_write( ssl_context *ssl, const unsigned char *buf, size_t len );
Paul Bakker5121ce52009-01-03 21:22:43 +00001426
1427/**
Paul Bakker0a925182012-04-16 06:46:41 +00001428 * \brief Send an alert message
1429 *
1430 * \param ssl SSL context
1431 * \param level The alert level of the message
1432 * (SSL_ALERT_LEVEL_WARNING or SSL_ALERT_LEVEL_FATAL)
1433 * \param message The alert message (SSL_ALERT_MSG_*)
1434 *
Paul Bakker6831c4a2012-11-07 19:46:27 +00001435 * \return 0 if successful, or a specific SSL error code.
Paul Bakker0a925182012-04-16 06:46:41 +00001436 */
1437int ssl_send_alert_message( ssl_context *ssl,
1438 unsigned char level,
1439 unsigned char message );
1440/**
Paul Bakker5121ce52009-01-03 21:22:43 +00001441 * \brief Notify the peer that the connection is being closed
Paul Bakker13e2dfe2009-07-28 07:18:38 +00001442 *
1443 * \param ssl SSL context
Paul Bakker5121ce52009-01-03 21:22:43 +00001444 */
1445int ssl_close_notify( ssl_context *ssl );
1446
1447/**
Paul Bakker48916f92012-09-16 19:57:18 +00001448 * \brief Free referenced items in an SSL context and clear memory
Paul Bakker13e2dfe2009-07-28 07:18:38 +00001449 *
1450 * \param ssl SSL context
Paul Bakker5121ce52009-01-03 21:22:43 +00001451 */
1452void ssl_free( ssl_context *ssl );
1453
Paul Bakker48916f92012-09-16 19:57:18 +00001454/**
Paul Bakker0a597072012-09-25 21:55:46 +00001455 * \brief Free referenced items in an SSL session including the
1456 * peer certificate and clear memory
Paul Bakker48916f92012-09-16 19:57:18 +00001457 *
1458 * \param session SSL session
1459 */
1460void ssl_session_free( ssl_session *session );
1461
1462/**
1463 * \brief Free referenced items in an SSL transform context and clear
1464 * memory
1465 *
1466 * \param transform SSL transform context
1467 */
1468void ssl_transform_free( ssl_transform *transform );
1469
1470/**
1471 * \brief Free referenced items in an SSL handshake context and clear
1472 * memory
1473 *
1474 * \param handshake SSL handshake context
1475 */
1476void ssl_handshake_free( ssl_handshake_params *handshake );
1477
Paul Bakker5121ce52009-01-03 21:22:43 +00001478/*
1479 * Internal functions (do not call directly)
1480 */
Paul Bakker1961b702013-01-25 14:49:24 +01001481int ssl_handshake_client_step( ssl_context *ssl );
1482int ssl_handshake_server_step( ssl_context *ssl );
Paul Bakker48916f92012-09-16 19:57:18 +00001483void ssl_handshake_wrapup( ssl_context *ssl );
Paul Bakker5121ce52009-01-03 21:22:43 +00001484
Paul Bakkerd0f6fa72012-09-17 09:18:12 +00001485int ssl_send_fatal_handshake_failure( ssl_context *ssl );
1486
Paul Bakker5121ce52009-01-03 21:22:43 +00001487int ssl_derive_keys( ssl_context *ssl );
Paul Bakker5121ce52009-01-03 21:22:43 +00001488
1489int ssl_read_record( ssl_context *ssl );
Paul Bakker831a7552011-05-18 13:32:51 +00001490/**
1491 * \return 0 if successful, POLARSSL_ERR_SSL_CONN_EOF on EOF or
1492 * another negative error code.
1493 */
Paul Bakker23986e52011-04-24 08:57:21 +00001494int ssl_fetch_input( ssl_context *ssl, size_t nb_want );
Paul Bakker5121ce52009-01-03 21:22:43 +00001495
1496int ssl_write_record( ssl_context *ssl );
1497int ssl_flush_output( ssl_context *ssl );
1498
1499int ssl_parse_certificate( ssl_context *ssl );
1500int ssl_write_certificate( ssl_context *ssl );
1501
1502int ssl_parse_change_cipher_spec( ssl_context *ssl );
1503int ssl_write_change_cipher_spec( ssl_context *ssl );
1504
1505int ssl_parse_finished( ssl_context *ssl );
1506int ssl_write_finished( ssl_context *ssl );
1507
Paul Bakker41c83d32013-03-20 14:39:14 +01001508void ssl_optimize_checksum( ssl_context *ssl, const ssl_ciphersuite_t *ciphersuite_info );
Paul Bakker380da532012-04-18 16:10:25 +00001509
Manuel Pégourié-Gonnard1a483832013-09-20 12:29:15 +02001510#if defined(POLARSSL_PK_C)
Manuel Pégourié-Gonnard0d420492013-08-21 16:14:26 +02001511unsigned char ssl_sig_from_pk( pk_context *pk );
Manuel Pégourié-Gonnarda20c58c2013-08-22 13:52:48 +02001512pk_type_t ssl_pk_alg_from_sig( unsigned char sig );
Manuel Pégourié-Gonnard1a483832013-09-20 12:29:15 +02001513#endif
1514
Manuel Pégourié-Gonnarda20c58c2013-08-22 13:52:48 +02001515md_type_t ssl_md_alg_from_hash( unsigned char hash );
Manuel Pégourié-Gonnard0d420492013-08-21 16:14:26 +02001516
Manuel Pégourié-Gonnard834ea852013-09-23 14:46:13 +02001517#if defined(POLARSSL_X509_CRT_PARSE_C)
1518static inline pk_context *ssl_own_key( ssl_context *ssl )
1519{
1520 return( ssl->key_cert == NULL ? NULL : ssl->key_cert->key );
1521}
1522
1523static inline x509_crt *ssl_own_cert( ssl_context *ssl )
1524{
1525 return( ssl->key_cert == NULL ? NULL : ssl->key_cert->cert );
1526}
1527#endif /* POLARSSL_X509_CRT_PARSE_C */
1528
Paul Bakker5121ce52009-01-03 21:22:43 +00001529#ifdef __cplusplus
1530}
1531#endif
1532
1533#endif /* ssl.h */