Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1 | /** |
| 2 | * \file ssl.h |
Paul Bakker | e0ccd0a | 2009-01-04 16:27:10 +0000 | [diff] [blame] | 3 | * |
Paul Bakker | 37ca75d | 2011-01-06 12:28:03 +0000 | [diff] [blame] | 4 | * \brief SSL/TLS functions. |
| 5 | * |
Manuel Pégourié-Gonnard | a658a40 | 2015-01-23 09:45:19 +0000 | [diff] [blame] | 6 | * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved |
Paul Bakker | b96f154 | 2010-07-18 20:36:00 +0000 | [diff] [blame] | 7 | * |
Manuel Pégourié-Gonnard | fe44643 | 2015-03-06 13:17:10 +0000 | [diff] [blame] | 8 | * This file is part of mbed TLS (https://tls.mbed.org) |
Paul Bakker | e0ccd0a | 2009-01-04 16:27:10 +0000 | [diff] [blame] | 9 | * |
Paul Bakker | e0ccd0a | 2009-01-04 16:27:10 +0000 | [diff] [blame] | 10 | * This program is free software; you can redistribute it and/or modify |
| 11 | * it under the terms of the GNU General Public License as published by |
| 12 | * the Free Software Foundation; either version 2 of the License, or |
| 13 | * (at your option) any later version. |
| 14 | * |
| 15 | * This program is distributed in the hope that it will be useful, |
| 16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 18 | * GNU General Public License for more details. |
| 19 | * |
| 20 | * You should have received a copy of the GNU General Public License along |
| 21 | * with this program; if not, write to the Free Software Foundation, Inc., |
| 22 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 23 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 24 | #ifndef MBEDTLS_SSL_H |
| 25 | #define MBEDTLS_SSL_H |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 26 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 27 | #if !defined(MBEDTLS_CONFIG_FILE) |
Paul Bakker | ed27a04 | 2013-04-18 22:46:23 +0200 | [diff] [blame] | 28 | #include "config.h" |
Manuel Pégourié-Gonnard | cef4ad2 | 2014-04-29 12:39:06 +0200 | [diff] [blame] | 29 | #else |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 30 | #include MBEDTLS_CONFIG_FILE |
Manuel Pégourié-Gonnard | cef4ad2 | 2014-04-29 12:39:06 +0200 | [diff] [blame] | 31 | #endif |
Manuel Pégourié-Gonnard | 0371704 | 2014-11-04 19:52:10 +0100 | [diff] [blame] | 32 | |
Paul Bakker | ed27a04 | 2013-04-18 22:46:23 +0200 | [diff] [blame] | 33 | #include "bignum.h" |
Manuel Pégourié-Gonnard | 481fcfd | 2014-07-03 16:12:50 +0200 | [diff] [blame] | 34 | #include "ecp.h" |
Paul Bakker | ed27a04 | 2013-04-18 22:46:23 +0200 | [diff] [blame] | 35 | |
Paul Bakker | 68884e3 | 2013-01-07 18:20:04 +0100 | [diff] [blame] | 36 | #include "ssl_ciphersuites.h" |
Paul Bakker | 43b7e35 | 2011-01-18 15:27:19 +0000 | [diff] [blame] | 37 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 38 | #if defined(MBEDTLS_MD5_C) |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 39 | #include "md5.h" |
| 40 | #endif |
| 41 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 42 | #if defined(MBEDTLS_SHA1_C) |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 43 | #include "sha1.h" |
| 44 | #endif |
| 45 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 46 | #if defined(MBEDTLS_SHA256_C) |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 47 | #include "sha256.h" |
| 48 | #endif |
| 49 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 50 | #if defined(MBEDTLS_SHA512_C) |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 51 | #include "sha512.h" |
| 52 | #endif |
| 53 | |
Manuel Pégourié-Gonnard | 7da0a38 | 2013-09-05 16:56:03 +0200 | [diff] [blame] | 54 | // for session tickets |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 55 | #if defined(MBEDTLS_AES_C) |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 56 | #include "aes.h" |
| 57 | #endif |
| 58 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 59 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
Paul Bakker | 7c6b2c3 | 2013-09-16 13:49:26 +0200 | [diff] [blame] | 60 | #include "x509_crt.h" |
Paul Bakker | 7c6b2c3 | 2013-09-16 13:49:26 +0200 | [diff] [blame] | 61 | #include "x509_crl.h" |
Manuel Pégourié-Gonnard | 834ea85 | 2013-09-23 14:46:13 +0200 | [diff] [blame] | 62 | #endif |
Paul Bakker | ed27a04 | 2013-04-18 22:46:23 +0200 | [diff] [blame] | 63 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 64 | #if defined(MBEDTLS_DHM_C) |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 65 | #include "dhm.h" |
| 66 | #endif |
| 67 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 68 | #if defined(MBEDTLS_ECDH_C) |
Paul Bakker | 41c83d3 | 2013-03-20 14:39:14 +0100 | [diff] [blame] | 69 | #include "ecdh.h" |
| 70 | #endif |
| 71 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 72 | #if defined(MBEDTLS_ZLIB_SUPPORT) |
Paul Bakker | 2770fbd | 2012-07-03 13:30:23 +0000 | [diff] [blame] | 73 | #include "zlib.h" |
| 74 | #endif |
| 75 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 76 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
Manuel Pégourié-Gonnard | db2858c | 2014-09-29 14:04:42 +0200 | [diff] [blame] | 77 | #include "timing.h" |
| 78 | #endif |
| 79 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 80 | #if defined(MBEDTLS_HAVE_TIME) |
Paul Bakker | fa9b100 | 2013-07-03 15:31:03 +0200 | [diff] [blame] | 81 | #include <time.h> |
| 82 | #endif |
| 83 | |
Manuel Pégourié-Gonnard | 8a3c64d | 2013-10-14 19:54:10 +0200 | [diff] [blame] | 84 | /* For convenience below and in programs */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 85 | #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \ |
| 86 | defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \ |
| 87 | defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \ |
| 88 | defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) |
| 89 | #define MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED |
Manuel Pégourié-Gonnard | 8a3c64d | 2013-10-14 19:54:10 +0200 | [diff] [blame] | 90 | #endif |
| 91 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 92 | #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ |
| 93 | defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ |
| 94 | defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) |
| 95 | #define MBEDTLS_KEY_EXCHANGE__SOME__ECDHE_ENABLED |
Gergely Budai | 987bfb5 | 2014-01-19 21:48:42 +0100 | [diff] [blame] | 96 | #endif |
| 97 | |
Paul Bakker | 09b1ec6 | 2011-07-27 16:28:54 +0000 | [diff] [blame] | 98 | #if defined(_MSC_VER) && !defined(inline) |
Paul Bakker | af5c85f | 2011-04-18 03:47:52 +0000 | [diff] [blame] | 99 | #define inline _inline |
Paul Bakker | 569df2c | 2011-06-21 07:48:07 +0000 | [diff] [blame] | 100 | #else |
Paul Bakker | 09b1ec6 | 2011-07-27 16:28:54 +0000 | [diff] [blame] | 101 | #if defined(__ARMCC_VERSION) && !defined(inline) |
Paul Bakker | 569df2c | 2011-06-21 07:48:07 +0000 | [diff] [blame] | 102 | #define inline __inline |
Paul Bakker | 74fb74e | 2011-06-21 13:36:18 +0000 | [diff] [blame] | 103 | #endif /* __ARMCC_VERSION */ |
Paul Bakker | 569df2c | 2011-06-21 07:48:07 +0000 | [diff] [blame] | 104 | #endif /*_MSC_VER */ |
Paul Bakker | af5c85f | 2011-04-18 03:47:52 +0000 | [diff] [blame] | 105 | |
Paul Bakker | 13e2dfe | 2009-07-28 07:18:38 +0000 | [diff] [blame] | 106 | /* |
| 107 | * SSL Error codes |
| 108 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 109 | #define MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE -0x7080 /**< The requested feature is not available. */ |
| 110 | #define MBEDTLS_ERR_SSL_BAD_INPUT_DATA -0x7100 /**< Bad input parameters to function. */ |
| 111 | #define MBEDTLS_ERR_SSL_INVALID_MAC -0x7180 /**< Verification of the message MAC failed. */ |
| 112 | #define MBEDTLS_ERR_SSL_INVALID_RECORD -0x7200 /**< An invalid SSL record was received. */ |
| 113 | #define MBEDTLS_ERR_SSL_CONN_EOF -0x7280 /**< The connection indicated an EOF. */ |
| 114 | #define MBEDTLS_ERR_SSL_UNKNOWN_CIPHER -0x7300 /**< An unknown cipher was received. */ |
| 115 | #define MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN -0x7380 /**< The server has no ciphersuites in common with the client. */ |
| 116 | #define MBEDTLS_ERR_SSL_NO_RNG -0x7400 /**< No RNG was provided to the SSL module. */ |
| 117 | #define MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE -0x7480 /**< No client certification received from the client, but required by the authentication mode. */ |
| 118 | #define MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE -0x7500 /**< Our own certificate(s) is/are too large to send in an SSL message. */ |
| 119 | #define MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED -0x7580 /**< The own certificate is not set, but needed by the server. */ |
| 120 | #define MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED -0x7600 /**< The own private key or pre-shared key is not set, but needed. */ |
| 121 | #define MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED -0x7680 /**< No CA Chain is set, but required to operate. */ |
| 122 | #define MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE -0x7700 /**< An unexpected message was received from our peer. */ |
| 123 | #define MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE -0x7780 /**< A fatal alert message was received from our peer. */ |
| 124 | #define MBEDTLS_ERR_SSL_PEER_VERIFY_FAILED -0x7800 /**< Verification of our peer failed. */ |
| 125 | #define MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY -0x7880 /**< The peer notified us that the connection is going to be closed. */ |
| 126 | #define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO -0x7900 /**< Processing of the ClientHello handshake message failed. */ |
| 127 | #define MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO -0x7980 /**< Processing of the ServerHello handshake message failed. */ |
| 128 | #define MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE -0x7A00 /**< Processing of the Certificate handshake message failed. */ |
| 129 | #define MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST -0x7A80 /**< Processing of the CertificateRequest handshake message failed. */ |
| 130 | #define MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE -0x7B00 /**< Processing of the ServerKeyExchange handshake message failed. */ |
| 131 | #define MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO_DONE -0x7B80 /**< Processing of the ServerHelloDone handshake message failed. */ |
| 132 | #define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE -0x7C00 /**< Processing of the ClientKeyExchange handshake message failed. */ |
| 133 | #define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP -0x7C80 /**< Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Read Public. */ |
| 134 | #define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS -0x7D00 /**< Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Calculate Secret. */ |
| 135 | #define MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY -0x7D80 /**< Processing of the CertificateVerify handshake message failed. */ |
| 136 | #define MBEDTLS_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC -0x7E00 /**< Processing of the ChangeCipherSpec handshake message failed. */ |
| 137 | #define MBEDTLS_ERR_SSL_BAD_HS_FINISHED -0x7E80 /**< Processing of the Finished handshake message failed. */ |
| 138 | #define MBEDTLS_ERR_SSL_MALLOC_FAILED -0x7F00 /**< Memory allocation failed */ |
| 139 | #define MBEDTLS_ERR_SSL_HW_ACCEL_FAILED -0x7F80 /**< Hardware acceleration function returned with error */ |
| 140 | #define MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH -0x6F80 /**< Hardware acceleration function skipped / left alone data */ |
| 141 | #define MBEDTLS_ERR_SSL_COMPRESSION_FAILED -0x6F00 /**< Processing of the compression / decompression failed */ |
| 142 | #define MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION -0x6E80 /**< Handshake protocol not within min/max boundaries */ |
| 143 | #define MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET -0x6E00 /**< Processing of the NewSessionTicket handshake message failed. */ |
| 144 | #define MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED -0x6D80 /**< Session ticket has expired. */ |
| 145 | #define MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH -0x6D00 /**< Public key type mismatch (eg, asked for RSA key exchange and presented EC key) */ |
| 146 | #define MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY -0x6C80 /**< Unknown identity received (eg, PSK identity) */ |
| 147 | #define MBEDTLS_ERR_SSL_INTERNAL_ERROR -0x6C00 /**< Internal error (eg, unexpected failure in lower-level module) */ |
| 148 | #define MBEDTLS_ERR_SSL_COUNTER_WRAPPING -0x6B80 /**< A counter would wrap (eg, too many messages exchanged). */ |
| 149 | #define MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO -0x6B00 /**< Unexpected message at ServerHello in renegotiation. */ |
| 150 | #define MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED -0x6A80 /**< DTLS client must retry for hello verification */ |
| 151 | #define MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL -0x6A00 /**< A buffer is too small to receive or write a message */ |
| 152 | #define MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE -0x6980 /**< None of the common ciphersuites is usable (eg, no suitable certificate, see debug messages). */ |
Manuel Pégourié-Gonnard | 8836994 | 2015-05-06 16:19:31 +0100 | [diff] [blame] | 153 | #define MBEDTLS_ERR_SSL_WANT_READ -0x6900 /**< Connection requires a read call. */ |
| 154 | #define MBEDTLS_ERR_SSL_WANT_WRITE -0x6880 /**< Connection requires a write call. */ |
| 155 | #define MBEDTLS_ERR_SSL_TIMEOUT -0x6800 /**< The operation timed out. */ |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 156 | |
| 157 | /* |
| 158 | * Various constants |
| 159 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 160 | #define MBEDTLS_SSL_MAJOR_VERSION_3 3 |
| 161 | #define MBEDTLS_SSL_MINOR_VERSION_0 0 /*!< SSL v3.0 */ |
| 162 | #define MBEDTLS_SSL_MINOR_VERSION_1 1 /*!< TLS v1.0 */ |
| 163 | #define MBEDTLS_SSL_MINOR_VERSION_2 2 /*!< TLS v1.1 */ |
| 164 | #define MBEDTLS_SSL_MINOR_VERSION_3 3 /*!< TLS v1.2 */ |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 165 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 166 | #define MBEDTLS_SSL_TRANSPORT_STREAM 0 /*!< TLS */ |
| 167 | #define MBEDTLS_SSL_TRANSPORT_DATAGRAM 1 /*!< DTLS */ |
Manuel Pégourié-Gonnard | 0b1ff29 | 2014-02-06 13:04:16 +0100 | [diff] [blame] | 168 | |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 169 | /* Determine minimum supported version */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 170 | #define MBEDTLS_SSL_MIN_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3 |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 171 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 172 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
| 173 | #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_0 |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 174 | #else |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 175 | #if defined(MBEDTLS_SSL_PROTO_TLS1) |
| 176 | #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1 |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 177 | #else |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 178 | #if defined(MBEDTLS_SSL_PROTO_TLS1_1) |
| 179 | #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_2 |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 180 | #else |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 181 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
| 182 | #define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3 |
| 183 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
| 184 | #endif /* MBEDTLS_SSL_PROTO_TLS1_1 */ |
| 185 | #endif /* MBEDTLS_SSL_PROTO_TLS1 */ |
| 186 | #endif /* MBEDTLS_SSL_PROTO_SSL3 */ |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 187 | |
| 188 | /* Determine maximum supported version */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 189 | #define MBEDTLS_SSL_MAX_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3 |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 190 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 191 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
| 192 | #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3 |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 193 | #else |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 194 | #if defined(MBEDTLS_SSL_PROTO_TLS1_1) |
| 195 | #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_2 |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 196 | #else |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 197 | #if defined(MBEDTLS_SSL_PROTO_TLS1) |
| 198 | #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1 |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 199 | #else |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 200 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
| 201 | #define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_0 |
| 202 | #endif /* MBEDTLS_SSL_PROTO_SSL3 */ |
| 203 | #endif /* MBEDTLS_SSL_PROTO_TLS1 */ |
| 204 | #endif /* MBEDTLS_SSL_PROTO_TLS1_1 */ |
| 205 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 206 | |
Manuel Pégourié-Gonnard | 581e6b6 | 2013-07-18 12:32:27 +0200 | [diff] [blame] | 207 | /* RFC 6066 section 4, see also mfl_code_to_length in ssl_tls.c |
Manuel Pégourié-Gonnard | e048b67 | 2013-07-19 12:47:00 +0200 | [diff] [blame] | 208 | * NONE must be zero so that memset()ing structure to zero works */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 209 | #define MBEDTLS_SSL_MAX_FRAG_LEN_NONE 0 /*!< don't use this extension */ |
| 210 | #define MBEDTLS_SSL_MAX_FRAG_LEN_512 1 /*!< MaxFragmentLength 2^9 */ |
| 211 | #define MBEDTLS_SSL_MAX_FRAG_LEN_1024 2 /*!< MaxFragmentLength 2^10 */ |
| 212 | #define MBEDTLS_SSL_MAX_FRAG_LEN_2048 3 /*!< MaxFragmentLength 2^11 */ |
| 213 | #define MBEDTLS_SSL_MAX_FRAG_LEN_4096 4 /*!< MaxFragmentLength 2^12 */ |
| 214 | #define MBEDTLS_SSL_MAX_FRAG_LEN_INVALID 5 /*!< first invalid value */ |
Manuel Pégourié-Gonnard | 8b46459 | 2013-07-16 12:45:26 +0200 | [diff] [blame] | 215 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 216 | #define MBEDTLS_SSL_IS_CLIENT 0 |
| 217 | #define MBEDTLS_SSL_IS_SERVER 1 |
Manuel Pégourié-Gonnard | 55e4ff2 | 2014-08-19 11:16:35 +0200 | [diff] [blame] | 218 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 219 | #define MBEDTLS_SSL_IS_NOT_FALLBACK 0 |
| 220 | #define MBEDTLS_SSL_IS_FALLBACK 1 |
Manuel Pégourié-Gonnard | 1cbd39d | 2014-10-20 13:34:59 +0200 | [diff] [blame] | 221 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 222 | #define MBEDTLS_SSL_EXTENDED_MS_DISABLED 0 |
| 223 | #define MBEDTLS_SSL_EXTENDED_MS_ENABLED 1 |
Manuel Pégourié-Gonnard | 367381f | 2014-10-20 18:40:56 +0200 | [diff] [blame] | 224 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 225 | #define MBEDTLS_SSL_ETM_DISABLED 0 |
| 226 | #define MBEDTLS_SSL_ETM_ENABLED 1 |
Manuel Pégourié-Gonnard | 699cafa | 2014-10-27 13:57:03 +0100 | [diff] [blame] | 227 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 228 | #define MBEDTLS_SSL_COMPRESS_NULL 0 |
| 229 | #define MBEDTLS_SSL_COMPRESS_DEFLATE 1 |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 230 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 231 | #define MBEDTLS_SSL_VERIFY_NONE 0 |
| 232 | #define MBEDTLS_SSL_VERIFY_OPTIONAL 1 |
| 233 | #define MBEDTLS_SSL_VERIFY_REQUIRED 2 |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 234 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 235 | #define MBEDTLS_SSL_INITIAL_HANDSHAKE 0 |
| 236 | #define MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS 1 /* In progress */ |
| 237 | #define MBEDTLS_SSL_RENEGOTIATION_DONE 2 /* Done or aborted */ |
| 238 | #define MBEDTLS_SSL_RENEGOTIATION_PENDING 3 /* Requested (server only) */ |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 239 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 240 | #define MBEDTLS_SSL_LEGACY_RENEGOTIATION 0 |
| 241 | #define MBEDTLS_SSL_SECURE_RENEGOTIATION 1 |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 242 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 243 | #define MBEDTLS_SSL_RENEGOTIATION_DISABLED 0 |
| 244 | #define MBEDTLS_SSL_RENEGOTIATION_ENABLED 1 |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 245 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 246 | #define MBEDTLS_SSL_ANTI_REPLAY_DISABLED 0 |
| 247 | #define MBEDTLS_SSL_ANTI_REPLAY_ENABLED 1 |
Manuel Pégourié-Gonnard | 2739313 | 2014-09-24 14:41:11 +0200 | [diff] [blame] | 248 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 249 | #define MBEDTLS_SSL_RENEGOTIATION_NOT_ENFORCED -1 |
| 250 | #define MBEDTLS_SSL_RENEGO_MAX_RECORDS_DEFAULT 16 |
Manuel Pégourié-Gonnard | a9964db | 2014-07-03 19:29:16 +0200 | [diff] [blame] | 251 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 252 | #define MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION 0 |
| 253 | #define MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION 1 |
| 254 | #define MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE 2 |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 255 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 256 | #define MBEDTLS_SSL_TRUNC_HMAC_DISABLED 0 |
| 257 | #define MBEDTLS_SSL_TRUNC_HMAC_ENABLED 1 |
| 258 | #define MBEDTLS_SSL_TRUNCATED_HMAC_LEN 10 /* 80 bits, rfc 6066 section 7 */ |
Manuel Pégourié-Gonnard | e980a99 | 2013-07-19 11:08:52 +0200 | [diff] [blame] | 259 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 260 | #define MBEDTLS_SSL_SESSION_TICKETS_DISABLED 0 |
| 261 | #define MBEDTLS_SSL_SESSION_TICKETS_ENABLED 1 |
Manuel Pégourié-Gonnard | aa0d4d1 | 2013-08-03 13:02:31 +0200 | [diff] [blame] | 262 | |
Manuel Pégourié-Gonnard | 17eab2b | 2015-05-05 16:34:53 +0100 | [diff] [blame] | 263 | #define MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED 0 |
| 264 | #define MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED 1 |
Manuel Pégourié-Gonnard | cfa477e | 2015-01-07 14:50:54 +0100 | [diff] [blame] | 265 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 266 | #define MBEDTLS_SSL_ARC4_ENABLED 0 |
| 267 | #define MBEDTLS_SSL_ARC4_DISABLED 1 |
Manuel Pégourié-Gonnard | bd47a58 | 2015-01-12 13:43:29 +0100 | [diff] [blame] | 268 | |
Manuel Pégourié-Gonnard | ffa67be | 2014-09-19 11:18:57 +0200 | [diff] [blame] | 269 | /* |
| 270 | * DTLS retransmission states, see RFC 6347 4.2.4 |
Manuel Pégourié-Gonnard | 23b7b70 | 2014-09-25 13:50:12 +0200 | [diff] [blame] | 271 | * |
Manuel Pégourié-Gonnard | 7de3c9e | 2014-09-29 15:29:48 +0200 | [diff] [blame] | 272 | * The SENDING state is merged in PREPARING for initial sends, |
| 273 | * but is distinct for resends. |
Manuel Pégourié-Gonnard | 6c1fa3a | 2014-10-01 16:58:16 +0200 | [diff] [blame] | 274 | * |
| 275 | * Note: initial state is wrong for server, but is not used anyway. |
Manuel Pégourié-Gonnard | ffa67be | 2014-09-19 11:18:57 +0200 | [diff] [blame] | 276 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 277 | #define MBEDTLS_SSL_RETRANS_PREPARING 0 |
| 278 | #define MBEDTLS_SSL_RETRANS_SENDING 1 |
| 279 | #define MBEDTLS_SSL_RETRANS_WAITING 2 |
| 280 | #define MBEDTLS_SSL_RETRANS_FINISHED 3 |
Manuel Pégourié-Gonnard | ffa67be | 2014-09-19 11:18:57 +0200 | [diff] [blame] | 281 | |
Manuel Pégourié-Gonnard | 0ac247f | 2014-09-30 22:21:31 +0200 | [diff] [blame] | 282 | /* |
| 283 | * Default range for DTLS retransmission timer value, in milliseconds. |
| 284 | * RFC 6347 4.2.4.1 says from 1 second to 60 seconds. |
| 285 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 286 | #define MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN 1000 |
| 287 | #define MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MAX 60000 |
Manuel Pégourié-Gonnard | 0ac247f | 2014-09-30 22:21:31 +0200 | [diff] [blame] | 288 | |
Paul Bakker | 088c5c5 | 2014-04-25 11:11:10 +0200 | [diff] [blame] | 289 | /** |
| 290 | * \name SECTION: Module settings |
| 291 | * |
| 292 | * The configuration options you can set for this module are in this section. |
| 293 | * Either change them in config.h or define them on the compiler command line. |
| 294 | * \{ |
| 295 | */ |
| 296 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 297 | #if !defined(MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME) |
| 298 | #define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tickets (if enabled) */ |
Paul Bakker | 088c5c5 | 2014-04-25 11:11:10 +0200 | [diff] [blame] | 299 | #endif |
Paul Bakker | 606b4ba | 2013-08-14 16:52:14 +0200 | [diff] [blame] | 300 | |
Paul Bakker | 9bcf16c | 2013-06-24 19:31:17 +0200 | [diff] [blame] | 301 | /* |
| 302 | * Size of the input / output buffer. |
| 303 | * Note: the RFC defines the default size of SSL / TLS messages. If you |
| 304 | * change the value here, other clients / servers may not be able to |
| 305 | * communicate with you anymore. Only change this value if you control |
Manuel Pégourié-Gonnard | c27807d | 2014-06-30 17:27:49 +0200 | [diff] [blame] | 306 | * both sides of the connection and have it reduced at both sides, or |
| 307 | * if you're using the Max Fragment Length extension and you know all your |
| 308 | * peers are using it too! |
Paul Bakker | 9bcf16c | 2013-06-24 19:31:17 +0200 | [diff] [blame] | 309 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 310 | #if !defined(MBEDTLS_SSL_MAX_CONTENT_LEN) |
| 311 | #define MBEDTLS_SSL_MAX_CONTENT_LEN 16384 /**< Size of the input / output buffer */ |
Paul Bakker | 088c5c5 | 2014-04-25 11:11:10 +0200 | [diff] [blame] | 312 | #endif |
| 313 | |
| 314 | /* \} name SECTION: Module settings */ |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 315 | |
| 316 | /* |
Manuel Pégourié-Gonnard | c27807d | 2014-06-30 17:27:49 +0200 | [diff] [blame] | 317 | * Allow extra bytes for record, authentication and encryption overhead: |
| 318 | * counter (8) + header (5) + IV(16) + MAC (16-48) + padding (0-256) |
Paul Bakker | 2770fbd | 2012-07-03 13:30:23 +0000 | [diff] [blame] | 319 | * and allow for a maximum of 1024 of compression expansion if |
| 320 | * enabled. |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 321 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 322 | #if defined(MBEDTLS_ZLIB_SUPPORT) |
| 323 | #define MBEDTLS_SSL_COMPRESSION_ADD 1024 |
Paul Bakker | 2770fbd | 2012-07-03 13:30:23 +0000 | [diff] [blame] | 324 | #else |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 325 | #define MBEDTLS_SSL_COMPRESSION_ADD 0 |
Paul Bakker | 2770fbd | 2012-07-03 13:30:23 +0000 | [diff] [blame] | 326 | #endif |
| 327 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 328 | #if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_MODE_CBC) |
Manuel Pégourié-Gonnard | c27807d | 2014-06-30 17:27:49 +0200 | [diff] [blame] | 329 | /* Ciphersuites using HMAC */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 330 | #if defined(MBEDTLS_SHA512_C) |
| 331 | #define MBEDTLS_SSL_MAC_ADD 48 /* SHA-384 used for HMAC */ |
| 332 | #elif defined(MBEDTLS_SHA256_C) |
| 333 | #define MBEDTLS_SSL_MAC_ADD 32 /* SHA-256 used for HMAC */ |
Manuel Pégourié-Gonnard | c27807d | 2014-06-30 17:27:49 +0200 | [diff] [blame] | 334 | #else |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 335 | #define MBEDTLS_SSL_MAC_ADD 20 /* SHA-1 used for HMAC */ |
Manuel Pégourié-Gonnard | c27807d | 2014-06-30 17:27:49 +0200 | [diff] [blame] | 336 | #endif |
| 337 | #else |
| 338 | /* AEAD ciphersuites: GCM and CCM use a 128 bits tag */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 339 | #define MBEDTLS_SSL_MAC_ADD 16 |
Manuel Pégourié-Gonnard | c27807d | 2014-06-30 17:27:49 +0200 | [diff] [blame] | 340 | #endif |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 341 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 342 | #if defined(MBEDTLS_CIPHER_MODE_CBC) |
| 343 | #define MBEDTLS_SSL_PADDING_ADD 256 |
Manuel Pégourié-Gonnard | c27807d | 2014-06-30 17:27:49 +0200 | [diff] [blame] | 344 | #else |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 345 | #define MBEDTLS_SSL_PADDING_ADD 0 |
Manuel Pégourié-Gonnard | c27807d | 2014-06-30 17:27:49 +0200 | [diff] [blame] | 346 | #endif |
| 347 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 348 | #define MBEDTLS_SSL_BUFFER_LEN ( MBEDTLS_SSL_MAX_CONTENT_LEN \ |
| 349 | + MBEDTLS_SSL_COMPRESSION_ADD \ |
Manuel Pégourié-Gonnard | c27807d | 2014-06-30 17:27:49 +0200 | [diff] [blame] | 350 | + 29 /* counter + header + IV */ \ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 351 | + MBEDTLS_SSL_MAC_ADD \ |
| 352 | + MBEDTLS_SSL_PADDING_ADD \ |
Manuel Pégourié-Gonnard | c27807d | 2014-06-30 17:27:49 +0200 | [diff] [blame] | 353 | ) |
| 354 | |
| 355 | /* |
Manuel Pégourié-Gonnard | 6186019 | 2014-11-04 13:05:42 +0100 | [diff] [blame] | 356 | * Length of the verify data for secure renegotiation |
| 357 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 358 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
| 359 | #define MBEDTLS_SSL_VERIFY_DATA_MAX_LEN 36 |
Manuel Pégourié-Gonnard | 6186019 | 2014-11-04 13:05:42 +0100 | [diff] [blame] | 360 | #else |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 361 | #define MBEDTLS_SSL_VERIFY_DATA_MAX_LEN 12 |
Manuel Pégourié-Gonnard | 6186019 | 2014-11-04 13:05:42 +0100 | [diff] [blame] | 362 | #endif |
| 363 | |
| 364 | /* |
Manuel Pégourié-Gonnard | c27807d | 2014-06-30 17:27:49 +0200 | [diff] [blame] | 365 | * Signaling ciphersuite values (SCSV) |
| 366 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 367 | #define MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO 0xFF /**< renegotiation info ext */ |
| 368 | #define MBEDTLS_SSL_FALLBACK_SCSV_VALUE 0x5600 /**< draft-ietf-tls-downgrade-scsv-00 */ |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 369 | |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 370 | /* |
Paul Bakker | 1ef83d6 | 2012-04-11 12:09:53 +0000 | [diff] [blame] | 371 | * Supported Signature and Hash algorithms (For TLS 1.2) |
Manuel Pégourié-Gonnard | 0b03200 | 2013-08-17 13:01:41 +0200 | [diff] [blame] | 372 | * RFC 5246 section 7.4.1.4.1 |
Paul Bakker | 1ef83d6 | 2012-04-11 12:09:53 +0000 | [diff] [blame] | 373 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 374 | #define MBEDTLS_SSL_HASH_NONE 0 |
| 375 | #define MBEDTLS_SSL_HASH_MD5 1 |
| 376 | #define MBEDTLS_SSL_HASH_SHA1 2 |
| 377 | #define MBEDTLS_SSL_HASH_SHA224 3 |
| 378 | #define MBEDTLS_SSL_HASH_SHA256 4 |
| 379 | #define MBEDTLS_SSL_HASH_SHA384 5 |
| 380 | #define MBEDTLS_SSL_HASH_SHA512 6 |
Paul Bakker | 1ef83d6 | 2012-04-11 12:09:53 +0000 | [diff] [blame] | 381 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 382 | #define MBEDTLS_SSL_SIG_ANON 0 |
| 383 | #define MBEDTLS_SSL_SIG_RSA 1 |
| 384 | #define MBEDTLS_SSL_SIG_ECDSA 3 |
Paul Bakker | 1ef83d6 | 2012-04-11 12:09:53 +0000 | [diff] [blame] | 385 | |
| 386 | /* |
Paul Bakker | 926af75 | 2012-11-23 13:38:07 +0100 | [diff] [blame] | 387 | * Client Certificate Types |
Manuel Pégourié-Gonnard | 0b03200 | 2013-08-17 13:01:41 +0200 | [diff] [blame] | 388 | * RFC 5246 section 7.4.4 plus RFC 4492 section 5.5 |
Paul Bakker | 926af75 | 2012-11-23 13:38:07 +0100 | [diff] [blame] | 389 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 390 | #define MBEDTLS_SSL_CERT_TYPE_RSA_SIGN 1 |
| 391 | #define MBEDTLS_SSL_CERT_TYPE_ECDSA_SIGN 64 |
Paul Bakker | 926af75 | 2012-11-23 13:38:07 +0100 | [diff] [blame] | 392 | |
| 393 | /* |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 394 | * Message, alert and handshake types |
| 395 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 396 | #define MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC 20 |
| 397 | #define MBEDTLS_SSL_MSG_ALERT 21 |
| 398 | #define MBEDTLS_SSL_MSG_HANDSHAKE 22 |
| 399 | #define MBEDTLS_SSL_MSG_APPLICATION_DATA 23 |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 400 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 401 | #define MBEDTLS_SSL_ALERT_LEVEL_WARNING 1 |
| 402 | #define MBEDTLS_SSL_ALERT_LEVEL_FATAL 2 |
Paul Bakker | 2e11f7d | 2010-07-25 14:24:53 +0000 | [diff] [blame] | 403 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 404 | #define MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY 0 /* 0x00 */ |
| 405 | #define MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE 10 /* 0x0A */ |
| 406 | #define MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC 20 /* 0x14 */ |
| 407 | #define MBEDTLS_SSL_ALERT_MSG_DECRYPTION_FAILED 21 /* 0x15 */ |
| 408 | #define MBEDTLS_SSL_ALERT_MSG_RECORD_OVERFLOW 22 /* 0x16 */ |
| 409 | #define MBEDTLS_SSL_ALERT_MSG_DECOMPRESSION_FAILURE 30 /* 0x1E */ |
| 410 | #define MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE 40 /* 0x28 */ |
| 411 | #define MBEDTLS_SSL_ALERT_MSG_NO_CERT 41 /* 0x29 */ |
| 412 | #define MBEDTLS_SSL_ALERT_MSG_BAD_CERT 42 /* 0x2A */ |
| 413 | #define MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT 43 /* 0x2B */ |
| 414 | #define MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED 44 /* 0x2C */ |
| 415 | #define MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED 45 /* 0x2D */ |
| 416 | #define MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN 46 /* 0x2E */ |
| 417 | #define MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER 47 /* 0x2F */ |
| 418 | #define MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA 48 /* 0x30 */ |
| 419 | #define MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED 49 /* 0x31 */ |
| 420 | #define MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR 50 /* 0x32 */ |
| 421 | #define MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR 51 /* 0x33 */ |
| 422 | #define MBEDTLS_SSL_ALERT_MSG_EXPORT_RESTRICTION 60 /* 0x3C */ |
| 423 | #define MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION 70 /* 0x46 */ |
| 424 | #define MBEDTLS_SSL_ALERT_MSG_INSUFFICIENT_SECURITY 71 /* 0x47 */ |
| 425 | #define MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR 80 /* 0x50 */ |
| 426 | #define MBEDTLS_SSL_ALERT_MSG_INAPROPRIATE_FALLBACK 86 /* 0x56 */ |
| 427 | #define MBEDTLS_SSL_ALERT_MSG_USER_CANCELED 90 /* 0x5A */ |
| 428 | #define MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION 100 /* 0x64 */ |
| 429 | #define MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT 110 /* 0x6E */ |
| 430 | #define MBEDTLS_SSL_ALERT_MSG_UNRECOGNIZED_NAME 112 /* 0x70 */ |
| 431 | #define MBEDTLS_SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY 115 /* 0x73 */ |
| 432 | #define MBEDTLS_SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL 120 /* 0x78 */ |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 433 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 434 | #define MBEDTLS_SSL_HS_HELLO_REQUEST 0 |
| 435 | #define MBEDTLS_SSL_HS_CLIENT_HELLO 1 |
| 436 | #define MBEDTLS_SSL_HS_SERVER_HELLO 2 |
| 437 | #define MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST 3 |
| 438 | #define MBEDTLS_SSL_HS_NEW_SESSION_TICKET 4 |
| 439 | #define MBEDTLS_SSL_HS_CERTIFICATE 11 |
| 440 | #define MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE 12 |
| 441 | #define MBEDTLS_SSL_HS_CERTIFICATE_REQUEST 13 |
| 442 | #define MBEDTLS_SSL_HS_SERVER_HELLO_DONE 14 |
| 443 | #define MBEDTLS_SSL_HS_CERTIFICATE_VERIFY 15 |
| 444 | #define MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE 16 |
| 445 | #define MBEDTLS_SSL_HS_FINISHED 20 |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 446 | |
| 447 | /* |
| 448 | * TLS extensions |
| 449 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 450 | #define MBEDTLS_TLS_EXT_SERVERNAME 0 |
| 451 | #define MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME 0 |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 452 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 453 | #define MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH 1 |
Manuel Pégourié-Gonnard | 48f8d0d | 2013-07-17 10:25:37 +0200 | [diff] [blame] | 454 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 455 | #define MBEDTLS_TLS_EXT_TRUNCATED_HMAC 4 |
Manuel Pégourié-Gonnard | 57c2852 | 2013-07-19 11:41:43 +0200 | [diff] [blame] | 456 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 457 | #define MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES 10 |
| 458 | #define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS 11 |
Paul Bakker | c3f177a | 2012-04-11 16:11:49 +0000 | [diff] [blame] | 459 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 460 | #define MBEDTLS_TLS_EXT_SIG_ALG 13 |
Paul Bakker | 41c83d3 | 2013-03-20 14:39:14 +0100 | [diff] [blame] | 461 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 462 | #define MBEDTLS_TLS_EXT_ALPN 16 |
Manuel Pégourié-Gonnard | 0b874dc | 2014-04-07 10:57:45 +0200 | [diff] [blame] | 463 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 464 | #define MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC 22 /* 0x16 */ |
| 465 | #define MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET 0x0017 /* 23 */ |
Manuel Pégourié-Gonnard | 367381f | 2014-10-20 18:40:56 +0200 | [diff] [blame] | 466 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 467 | #define MBEDTLS_TLS_EXT_SESSION_TICKET 35 |
Manuel Pégourié-Gonnard | 60182ef | 2013-08-02 14:44:54 +0200 | [diff] [blame] | 468 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 469 | #define MBEDTLS_TLS_EXT_RENEGOTIATION_INFO 0xFF01 |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 470 | |
Paul Bakker | eb2c658 | 2012-09-27 19:15:01 +0000 | [diff] [blame] | 471 | /* |
Paul Bakker | 677377f | 2013-10-28 12:54:26 +0100 | [diff] [blame] | 472 | * TLS extension flags (for extensions with outgoing ServerHello content |
| 473 | * that need it (e.g. for RENEGOTIATION_INFO the server already knows because |
| 474 | * of state of the renegotiation flag, so no indicator is required) |
| 475 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 476 | #define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT (1 << 0) |
Paul Bakker | 677377f | 2013-10-28 12:54:26 +0100 | [diff] [blame] | 477 | |
| 478 | /* |
Paul Bakker | ed27a04 | 2013-04-18 22:46:23 +0200 | [diff] [blame] | 479 | * Size defines |
| 480 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 481 | #if !defined(MBEDTLS_PSK_MAX_LEN) |
| 482 | #define MBEDTLS_PSK_MAX_LEN 32 /* 256 bits */ |
Paul Bakker | ed27a04 | 2013-04-18 22:46:23 +0200 | [diff] [blame] | 483 | #endif |
| 484 | |
Manuel Pégourié-Gonnard | 481fcfd | 2014-07-03 16:12:50 +0200 | [diff] [blame] | 485 | /* Dummy type used only for its size */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 486 | union mbedtls_ssl_premaster_secret |
Manuel Pégourié-Gonnard | 481fcfd | 2014-07-03 16:12:50 +0200 | [diff] [blame] | 487 | { |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 488 | #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) |
Manuel Pégourié-Gonnard | 481fcfd | 2014-07-03 16:12:50 +0200 | [diff] [blame] | 489 | unsigned char _pms_rsa[48]; /* RFC 5246 8.1.1 */ |
| 490 | #endif |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 491 | #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) |
| 492 | unsigned char _pms_dhm[MBEDTLS_MPI_MAX_SIZE]; /* RFC 5246 8.1.2 */ |
Manuel Pégourié-Gonnard | 481fcfd | 2014-07-03 16:12:50 +0200 | [diff] [blame] | 493 | #endif |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 494 | #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ |
| 495 | defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ |
| 496 | defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ |
| 497 | defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) |
| 498 | unsigned char _pms_ecdh[MBEDTLS_ECP_MAX_BYTES]; /* RFC 4492 5.10 */ |
Manuel Pégourié-Gonnard | 481fcfd | 2014-07-03 16:12:50 +0200 | [diff] [blame] | 499 | #endif |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 500 | #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) |
| 501 | unsigned char _pms_psk[4 + 2 * MBEDTLS_PSK_MAX_LEN]; /* RFC 4279 2 */ |
Manuel Pégourié-Gonnard | 481fcfd | 2014-07-03 16:12:50 +0200 | [diff] [blame] | 502 | #endif |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 503 | #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) |
| 504 | unsigned char _pms_dhe_psk[4 + MBEDTLS_MPI_MAX_SIZE |
| 505 | + MBEDTLS_PSK_MAX_LEN]; /* RFC 4279 3 */ |
Manuel Pégourié-Gonnard | 481fcfd | 2014-07-03 16:12:50 +0200 | [diff] [blame] | 506 | #endif |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 507 | #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) |
| 508 | unsigned char _pms_rsa_psk[52 + MBEDTLS_PSK_MAX_LEN]; /* RFC 4279 4 */ |
Manuel Pégourié-Gonnard | 481fcfd | 2014-07-03 16:12:50 +0200 | [diff] [blame] | 509 | #endif |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 510 | #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) |
| 511 | unsigned char _pms_ecdhe_psk[4 + MBEDTLS_ECP_MAX_BYTES |
| 512 | + MBEDTLS_PSK_MAX_LEN]; /* RFC 5489 2 */ |
Manuel Pégourié-Gonnard | 481fcfd | 2014-07-03 16:12:50 +0200 | [diff] [blame] | 513 | #endif |
| 514 | }; |
| 515 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 516 | #define MBEDTLS_PREMASTER_SIZE sizeof( union mbedtls_ssl_premaster_secret ) |
Manuel Pégourié-Gonnard | 481fcfd | 2014-07-03 16:12:50 +0200 | [diff] [blame] | 517 | |
Paul Bakker | 407a0da | 2013-06-27 14:29:21 +0200 | [diff] [blame] | 518 | #ifdef __cplusplus |
| 519 | extern "C" { |
| 520 | #endif |
| 521 | |
Paul Bakker | ed27a04 | 2013-04-18 22:46:23 +0200 | [diff] [blame] | 522 | /* |
Paul Bakker | eb2c658 | 2012-09-27 19:15:01 +0000 | [diff] [blame] | 523 | * Generic function pointers for allowing external RSA private key |
| 524 | * implementations. |
| 525 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 526 | typedef int (*mbedtls_rsa_decrypt_func)( void *ctx, int mode, size_t *olen, |
Paul Bakker | eb2c658 | 2012-09-27 19:15:01 +0000 | [diff] [blame] | 527 | const unsigned char *input, unsigned char *output, |
Paul Bakker | 9af723c | 2014-05-01 13:03:14 +0200 | [diff] [blame] | 528 | size_t output_max_len ); |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 529 | typedef int (*mbedtls_rsa_sign_func)( void *ctx, |
Paul Bakker | eb2c658 | 2012-09-27 19:15:01 +0000 | [diff] [blame] | 530 | int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 531 | int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, |
Paul Bakker | eb2c658 | 2012-09-27 19:15:01 +0000 | [diff] [blame] | 532 | const unsigned char *hash, unsigned char *sig ); |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 533 | typedef size_t (*mbedtls_rsa_key_len_func)( void *ctx ); |
Paul Bakker | eb2c658 | 2012-09-27 19:15:01 +0000 | [diff] [blame] | 534 | |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 535 | /* |
| 536 | * SSL state machine |
| 537 | */ |
| 538 | typedef enum |
| 539 | { |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 540 | MBEDTLS_SSL_HELLO_REQUEST, |
| 541 | MBEDTLS_SSL_CLIENT_HELLO, |
| 542 | MBEDTLS_SSL_SERVER_HELLO, |
| 543 | MBEDTLS_SSL_SERVER_CERTIFICATE, |
| 544 | MBEDTLS_SSL_SERVER_KEY_EXCHANGE, |
| 545 | MBEDTLS_SSL_CERTIFICATE_REQUEST, |
| 546 | MBEDTLS_SSL_SERVER_HELLO_DONE, |
| 547 | MBEDTLS_SSL_CLIENT_CERTIFICATE, |
| 548 | MBEDTLS_SSL_CLIENT_KEY_EXCHANGE, |
| 549 | MBEDTLS_SSL_CERTIFICATE_VERIFY, |
| 550 | MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC, |
| 551 | MBEDTLS_SSL_CLIENT_FINISHED, |
| 552 | MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC, |
| 553 | MBEDTLS_SSL_SERVER_FINISHED, |
| 554 | MBEDTLS_SSL_FLUSH_BUFFERS, |
| 555 | MBEDTLS_SSL_HANDSHAKE_WRAPUP, |
| 556 | MBEDTLS_SSL_HANDSHAKE_OVER, |
| 557 | MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET, |
| 558 | MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT, |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 559 | } |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 560 | mbedtls_ssl_states; |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 561 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 562 | typedef struct mbedtls_ssl_session mbedtls_ssl_session; |
| 563 | typedef struct mbedtls_ssl_context mbedtls_ssl_context; |
| 564 | typedef struct mbedtls_ssl_transform mbedtls_ssl_transform; |
| 565 | typedef struct mbedtls_ssl_handshake_params mbedtls_ssl_handshake_params; |
| 566 | #if defined(MBEDTLS_SSL_SESSION_TICKETS) |
| 567 | typedef struct mbedtls_ssl_ticket_keys mbedtls_ssl_ticket_keys; |
Paul Bakker | a503a63 | 2013-08-14 13:48:06 +0200 | [diff] [blame] | 568 | #endif |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 569 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
| 570 | typedef struct mbedtls_ssl_key_cert mbedtls_ssl_key_cert; |
Manuel Pégourié-Gonnard | 834ea85 | 2013-09-23 14:46:13 +0200 | [diff] [blame] | 571 | #endif |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 572 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| 573 | typedef struct mbedtls_ssl_flight_item mbedtls_ssl_flight_item; |
Manuel Pégourié-Gonnard | ffa67be | 2014-09-19 11:18:57 +0200 | [diff] [blame] | 574 | #endif |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 575 | |
| 576 | /* |
Paul Bakker | 0a59707 | 2012-09-25 21:55:46 +0000 | [diff] [blame] | 577 | * This structure is used for storing current session data. |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 578 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 579 | struct mbedtls_ssl_session |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 580 | { |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 581 | #if defined(MBEDTLS_HAVE_TIME) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 582 | time_t start; /*!< starting time */ |
Paul Bakker | fa9b100 | 2013-07-03 15:31:03 +0200 | [diff] [blame] | 583 | #endif |
Paul Bakker | e3166ce | 2011-01-27 17:40:50 +0000 | [diff] [blame] | 584 | int ciphersuite; /*!< chosen ciphersuite */ |
Paul Bakker | 2770fbd | 2012-07-03 13:30:23 +0000 | [diff] [blame] | 585 | int compression; /*!< chosen compression */ |
Paul Bakker | 23986e5 | 2011-04-24 08:57:21 +0000 | [diff] [blame] | 586 | size_t length; /*!< session id length */ |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 587 | unsigned char id[32]; /*!< session identifier */ |
| 588 | unsigned char master[48]; /*!< the master secret */ |
Paul Bakker | ed27a04 | 2013-04-18 22:46:23 +0200 | [diff] [blame] | 589 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 590 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
| 591 | mbedtls_x509_crt *peer_cert; /*!< peer X.509 cert chain */ |
| 592 | #endif /* MBEDTLS_X509_CRT_PARSE_C */ |
Manuel Pégourié-Gonnard | e6ef16f | 2015-05-11 19:54:43 +0200 | [diff] [blame] | 593 | uint32_t verify_result; /*!< verification result */ |
Manuel Pégourié-Gonnard | ed4af8b | 2013-07-18 14:07:09 +0200 | [diff] [blame] | 594 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 595 | #if defined(MBEDTLS_SSL_SESSION_TICKETS) |
Manuel Pégourié-Gonnard | 75d4401 | 2013-08-02 14:44:04 +0200 | [diff] [blame] | 596 | unsigned char *ticket; /*!< RFC 5077 session ticket */ |
| 597 | size_t ticket_len; /*!< session ticket length */ |
Manuel Pégourié-Gonnard | a5cc602 | 2013-07-31 12:58:16 +0200 | [diff] [blame] | 598 | uint32_t ticket_lifetime; /*!< ticket lifetime hint */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 599 | #endif /* MBEDTLS_SSL_SESSION_TICKETS */ |
Manuel Pégourié-Gonnard | 75d4401 | 2013-08-02 14:44:04 +0200 | [diff] [blame] | 600 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 601 | #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) |
Manuel Pégourié-Gonnard | ed4af8b | 2013-07-18 14:07:09 +0200 | [diff] [blame] | 602 | unsigned char mfl_code; /*!< MaxFragmentLength negotiated by peer */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 603 | #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ |
Paul Bakker | 05decb2 | 2013-08-15 13:33:48 +0200 | [diff] [blame] | 604 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 605 | #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) |
Manuel Pégourié-Gonnard | 57c2852 | 2013-07-19 11:41:43 +0200 | [diff] [blame] | 606 | int trunc_hmac; /*!< flag for truncated hmac activation */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 607 | #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ |
Manuel Pégourié-Gonnard | 699cafa | 2014-10-27 13:57:03 +0100 | [diff] [blame] | 608 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 609 | #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) |
Manuel Pégourié-Gonnard | 699cafa | 2014-10-27 13:57:03 +0100 | [diff] [blame] | 610 | int encrypt_then_mac; /*!< flag for EtM activation */ |
| 611 | #endif |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 612 | }; |
| 613 | |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 614 | /* |
| 615 | * This structure contains a full set of runtime transform parameters |
| 616 | * either in negotiation or active. |
| 617 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 618 | struct mbedtls_ssl_transform |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 619 | { |
| 620 | /* |
| 621 | * Session specific crypto layer |
| 622 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 623 | const mbedtls_ssl_ciphersuite_t *ciphersuite_info; |
Paul Bakker | 68884e3 | 2013-01-07 18:20:04 +0100 | [diff] [blame] | 624 | /*!< Chosen cipersuite_info */ |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 625 | unsigned int keylen; /*!< symmetric key length */ |
| 626 | size_t minlen; /*!< min. ciphertext length */ |
| 627 | size_t ivlen; /*!< IV length */ |
| 628 | size_t fixed_ivlen; /*!< Fixed part of IV (AEAD) */ |
| 629 | size_t maclen; /*!< MAC length */ |
| 630 | |
| 631 | unsigned char iv_enc[16]; /*!< IV (encryption) */ |
| 632 | unsigned char iv_dec[16]; /*!< IV (decryption) */ |
| 633 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 634 | #if defined(MBEDTLS_SSL_PROTO_SSL3) |
Paul Bakker | 68884e3 | 2013-01-07 18:20:04 +0100 | [diff] [blame] | 635 | /* Needed only for SSL v3.0 secret */ |
Manuel Pégourié-Gonnard | 8d4ad07 | 2014-07-13 14:43:28 +0200 | [diff] [blame] | 636 | unsigned char mac_enc[20]; /*!< SSL v3.0 secret (enc) */ |
| 637 | unsigned char mac_dec[20]; /*!< SSL v3.0 secret (dec) */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 638 | #endif /* MBEDTLS_SSL_PROTO_SSL3 */ |
Paul Bakker | 68884e3 | 2013-01-07 18:20:04 +0100 | [diff] [blame] | 639 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 640 | mbedtls_md_context_t md_ctx_enc; /*!< MAC (encryption) */ |
| 641 | mbedtls_md_context_t md_ctx_dec; /*!< MAC (decryption) */ |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 642 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 643 | mbedtls_cipher_context_t cipher_ctx_enc; /*!< encryption context */ |
| 644 | mbedtls_cipher_context_t cipher_ctx_dec; /*!< decryption context */ |
Paul Bakker | da02a7f | 2013-08-31 17:25:14 +0200 | [diff] [blame] | 645 | |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 646 | /* |
| 647 | * Session specific compression layer |
| 648 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 649 | #if defined(MBEDTLS_ZLIB_SUPPORT) |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 650 | z_stream ctx_deflate; /*!< compression context */ |
| 651 | z_stream ctx_inflate; /*!< decompression context */ |
| 652 | #endif |
| 653 | }; |
| 654 | |
| 655 | /* |
| 656 | * This structure contains the parameters only needed during handshake. |
| 657 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 658 | struct mbedtls_ssl_handshake_params |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 659 | { |
| 660 | /* |
| 661 | * Handshake specific crypto variables |
| 662 | */ |
Manuel Pégourié-Gonnard | 08e81e0 | 2014-07-08 12:56:25 +0200 | [diff] [blame] | 663 | int sig_alg; /*!< Hash algorithm for signature */ |
| 664 | int cert_type; /*!< Requested cert type */ |
Paul Bakker | 926af75 | 2012-11-23 13:38:07 +0100 | [diff] [blame] | 665 | int verify_sig_alg; /*!< Signature algorithm for verify */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 666 | #if defined(MBEDTLS_DHM_C) |
| 667 | mbedtls_dhm_context dhm_ctx; /*!< DHM key exchange */ |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 668 | #endif |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 669 | #if defined(MBEDTLS_ECDH_C) |
| 670 | mbedtls_ecdh_context ecdh_ctx; /*!< ECDH key exchange */ |
Paul Bakker | 41c83d3 | 2013-03-20 14:39:14 +0100 | [diff] [blame] | 671 | #endif |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 672 | #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) |
| 673 | const mbedtls_ecp_curve_info **curves; /*!< Supported elliptic curves */ |
Manuel Pégourié-Gonnard | 0b27267 | 2013-08-15 19:38:07 +0200 | [diff] [blame] | 674 | #endif |
Manuel Pégourié-Gonnard | 4b68296 | 2015-05-07 15:59:54 +0100 | [diff] [blame] | 675 | #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) |
| 676 | unsigned char *psk; /*!< PSK from the callback */ |
| 677 | size_t psk_len; /*!< Length of PSK from callback */ |
| 678 | #endif |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 679 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
Manuel Pégourié-Gonnard | 8f618a8 | 2015-05-10 21:13:36 +0200 | [diff] [blame] | 680 | mbedtls_ssl_key_cert *key_cert; /*!< chosen key/cert pair (server) */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 681 | #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) |
Manuel Pégourié-Gonnard | 8f618a8 | 2015-05-10 21:13:36 +0200 | [diff] [blame] | 682 | mbedtls_ssl_key_cert *sni_key_cert; /*!< key/cert list from SNI */ |
Manuel Pégourié-Gonnard | 22bfa4b | 2015-05-11 08:46:37 +0200 | [diff] [blame] | 683 | mbedtls_x509_crt *sni_ca_chain; /*!< trusted CAs from SNI callback */ |
| 684 | mbedtls_x509_crl *sni_ca_crl; /*!< trusted CAs CRLs from SNI */ |
Manuel Pégourié-Gonnard | 8372454 | 2013-09-24 22:30:56 +0200 | [diff] [blame] | 685 | #endif |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 686 | #endif /* MBEDTLS_X509_CRT_PARSE_C */ |
| 687 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
Manuel Pégourié-Gonnard | d9ba0d9 | 2014-09-02 18:30:26 +0200 | [diff] [blame] | 688 | unsigned int out_msg_seq; /*!< Outgoing handshake sequence number */ |
| 689 | unsigned int in_msg_seq; /*!< Incoming handshake sequence number */ |
Manuel Pégourié-Gonnard | ffa67be | 2014-09-19 11:18:57 +0200 | [diff] [blame] | 690 | |
Manuel Pégourié-Gonnard | d7f9bc5 | 2014-07-23 11:09:27 +0200 | [diff] [blame] | 691 | unsigned char *verify_cookie; /*!< Cli: HelloVerifyRequest cookie |
| 692 | Srv: unused */ |
| 693 | unsigned char verify_cookie_len; /*!< Cli: cookie length |
| 694 | Srv: flag for sending a cookie */ |
Manuel Pégourié-Gonnard | ffa67be | 2014-09-19 11:18:57 +0200 | [diff] [blame] | 695 | |
Manuel Pégourié-Gonnard | 502bf30 | 2014-08-20 13:12:58 +0200 | [diff] [blame] | 696 | unsigned char *hs_msg; /*!< Reassembled handshake message */ |
Manuel Pégourié-Gonnard | ffa67be | 2014-09-19 11:18:57 +0200 | [diff] [blame] | 697 | |
Manuel Pégourié-Gonnard | 0ac247f | 2014-09-30 22:21:31 +0200 | [diff] [blame] | 698 | uint32_t retransmit_timeout; /*!< Current value of timeout */ |
Manuel Pégourié-Gonnard | ffa67be | 2014-09-19 11:18:57 +0200 | [diff] [blame] | 699 | unsigned char retransmit_state; /*!< Retransmission state */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 700 | mbedtls_ssl_flight_item *flight; /*!< Current outgoing flight */ |
| 701 | mbedtls_ssl_flight_item *cur_msg; /*!< Current message in flight */ |
Manuel Pégourié-Gonnard | 5d8ba53 | 2014-09-19 15:09:21 +0200 | [diff] [blame] | 702 | unsigned int in_flight_start_seq; /*!< Minimum message sequence in the |
| 703 | flight being received */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 704 | mbedtls_ssl_transform *alt_transform_out; /*!< Alternative transform for |
Manuel Pégourié-Gonnard | 5d8ba53 | 2014-09-19 15:09:21 +0200 | [diff] [blame] | 705 | resending messages */ |
| 706 | unsigned char alt_out_ctr[8]; /*!< Alternative record epoch/counter |
| 707 | for resending messages */ |
Manuel Pégourié-Gonnard | e89bcf0 | 2014-02-18 18:50:02 +0100 | [diff] [blame] | 708 | #endif |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 709 | |
| 710 | /* |
| 711 | * Checksum contexts |
| 712 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 713 | #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ |
| 714 | defined(MBEDTLS_SSL_PROTO_TLS1_1) |
| 715 | mbedtls_md5_context fin_md5; |
| 716 | mbedtls_sha1_context fin_sha1; |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 717 | #endif |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 718 | #if defined(MBEDTLS_SSL_PROTO_TLS1_2) |
| 719 | #if defined(MBEDTLS_SHA256_C) |
| 720 | mbedtls_sha256_context fin_sha256; |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 721 | #endif |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 722 | #if defined(MBEDTLS_SHA512_C) |
| 723 | mbedtls_sha512_context fin_sha512; |
Paul Bakker | fb08fd2 | 2013-08-27 15:06:26 +0200 | [diff] [blame] | 724 | #endif |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 725 | #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 726 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 727 | void (*update_checksum)(mbedtls_ssl_context *, const unsigned char *, size_t); |
| 728 | void (*calc_verify)(mbedtls_ssl_context *, unsigned char *); |
| 729 | void (*calc_finished)(mbedtls_ssl_context *, unsigned char *, int); |
Paul Bakker | b6c5d2e | 2013-06-25 16:25:17 +0200 | [diff] [blame] | 730 | int (*tls_prf)(const unsigned char *, size_t, const char *, |
| 731 | const unsigned char *, size_t, |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 732 | unsigned char *, size_t); |
| 733 | |
| 734 | size_t pmslen; /*!< premaster length */ |
| 735 | |
| 736 | unsigned char randbytes[64]; /*!< random bytes */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 737 | unsigned char premaster[MBEDTLS_PREMASTER_SIZE]; |
Paul Bakker | df2bb75 | 2012-10-24 14:30:00 +0000 | [diff] [blame] | 738 | /*!< premaster secret */ |
Paul Bakker | 0a59707 | 2012-09-25 21:55:46 +0000 | [diff] [blame] | 739 | |
| 740 | int resume; /*!< session resume indicator*/ |
Paul Bakker | 2fbefde | 2013-06-29 16:01:15 +0200 | [diff] [blame] | 741 | int max_major_ver; /*!< max. major version client*/ |
| 742 | int max_minor_ver; /*!< max. minor version client*/ |
Paul Bakker | 677377f | 2013-10-28 12:54:26 +0100 | [diff] [blame] | 743 | int cli_exts; /*!< client extension presence*/ |
Manuel Pégourié-Gonnard | a5cc602 | 2013-07-31 12:58:16 +0200 | [diff] [blame] | 744 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 745 | #if defined(MBEDTLS_SSL_SESSION_TICKETS) |
Manuel Pégourié-Gonnard | a5cc602 | 2013-07-31 12:58:16 +0200 | [diff] [blame] | 746 | int new_session_ticket; /*!< use NewSessionTicket? */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 747 | #endif /* MBEDTLS_SSL_SESSION_TICKETS */ |
| 748 | #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) |
Manuel Pégourié-Gonnard | 367381f | 2014-10-20 18:40:56 +0200 | [diff] [blame] | 749 | int extended_ms; /*!< use Extended Master Secret? */ |
| 750 | #endif |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 751 | }; |
| 752 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 753 | #if defined(MBEDTLS_SSL_SESSION_TICKETS) |
Manuel Pégourié-Gonnard | 779e429 | 2013-08-03 13:50:48 +0200 | [diff] [blame] | 754 | /* |
| 755 | * Parameters needed to secure session tickets |
| 756 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 757 | struct mbedtls_ssl_ticket_keys |
Manuel Pégourié-Gonnard | 779e429 | 2013-08-03 13:50:48 +0200 | [diff] [blame] | 758 | { |
| 759 | unsigned char key_name[16]; /*!< name to quickly discard bad tickets */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 760 | mbedtls_aes_context enc; /*!< encryption context */ |
| 761 | mbedtls_aes_context dec; /*!< decryption context */ |
Manuel Pégourié-Gonnard | 56dc9e8 | 2013-08-03 17:16:31 +0200 | [diff] [blame] | 762 | unsigned char mac_key[16]; /*!< authentication key */ |
Manuel Pégourié-Gonnard | 779e429 | 2013-08-03 13:50:48 +0200 | [diff] [blame] | 763 | }; |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 764 | #endif /* MBEDTLS_SSL_SESSION_TICKETS */ |
Manuel Pégourié-Gonnard | 779e429 | 2013-08-03 13:50:48 +0200 | [diff] [blame] | 765 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 766 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
Manuel Pégourié-Gonnard | 834ea85 | 2013-09-23 14:46:13 +0200 | [diff] [blame] | 767 | /* |
| 768 | * List of certificate + private key pairs |
| 769 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 770 | struct mbedtls_ssl_key_cert |
Manuel Pégourié-Gonnard | 834ea85 | 2013-09-23 14:46:13 +0200 | [diff] [blame] | 771 | { |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 772 | mbedtls_x509_crt *cert; /*!< cert */ |
| 773 | mbedtls_pk_context *key; /*!< private key */ |
| 774 | mbedtls_ssl_key_cert *next; /*!< next key/cert pair */ |
Manuel Pégourié-Gonnard | 834ea85 | 2013-09-23 14:46:13 +0200 | [diff] [blame] | 775 | }; |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 776 | #endif /* MBEDTLS_X509_CRT_PARSE_C */ |
Manuel Pégourié-Gonnard | 834ea85 | 2013-09-23 14:46:13 +0200 | [diff] [blame] | 777 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 778 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
Manuel Pégourié-Gonnard | ffa67be | 2014-09-19 11:18:57 +0200 | [diff] [blame] | 779 | /* |
| 780 | * List of handshake messages kept around for resending |
| 781 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 782 | struct mbedtls_ssl_flight_item |
Manuel Pégourié-Gonnard | ffa67be | 2014-09-19 11:18:57 +0200 | [diff] [blame] | 783 | { |
| 784 | unsigned char *p; /*!< message, including handshake headers */ |
Manuel Pégourié-Gonnard | 5d8ba53 | 2014-09-19 15:09:21 +0200 | [diff] [blame] | 785 | size_t len; /*!< length of p */ |
| 786 | unsigned char type; /*!< type of the message: handshake or CCS */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 787 | mbedtls_ssl_flight_item *next; /*!< next handshake message(s) */ |
Manuel Pégourié-Gonnard | ffa67be | 2014-09-19 11:18:57 +0200 | [diff] [blame] | 788 | }; |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 789 | #endif /* MBEDTLS_SSL_PROTO_DTLS */ |
Manuel Pégourié-Gonnard | ffa67be | 2014-09-19 11:18:57 +0200 | [diff] [blame] | 790 | |
Manuel Pégourié-Gonnard | fa6473d | 2015-04-30 18:03:08 +0200 | [diff] [blame] | 791 | /** |
Manuel Pégourié-Gonnard | 6729e79 | 2015-05-11 09:50:24 +0200 | [diff] [blame] | 792 | * SSL/TLS configuration to be shared between mbedtls_ssl_context structures. |
Manuel Pégourié-Gonnard | fa6473d | 2015-04-30 18:03:08 +0200 | [diff] [blame] | 793 | */ |
| 794 | typedef struct |
| 795 | { |
| 796 | /* Group items by size (largest first) to minimize padding overhead */ |
| 797 | |
| 798 | /* |
| 799 | * Pointers |
| 800 | */ |
| 801 | |
Manuel Pégourié-Gonnard | 750e4d7 | 2015-05-07 12:35:38 +0100 | [diff] [blame] | 802 | const int *ciphersuite_list[4]; /*!< allowed ciphersuites per version */ |
Manuel Pégourié-Gonnard | fa6473d | 2015-04-30 18:03:08 +0200 | [diff] [blame] | 803 | |
| 804 | /** Callback for printing debug output */ |
| 805 | void (*f_dbg)(void *, int, const char *); |
| 806 | void *p_dbg; /*!< context for the debug function */ |
| 807 | |
Manuel Pégourié-Gonnard | 750e4d7 | 2015-05-07 12:35:38 +0100 | [diff] [blame] | 808 | /** Callback for getting (pseudo-)random numbers */ |
| 809 | int (*f_rng)(void *, unsigned char *, size_t); |
| 810 | void *p_rng; /*!< context for the RNG function */ |
| 811 | |
Manuel Pégourié-Gonnard | fa6473d | 2015-04-30 18:03:08 +0200 | [diff] [blame] | 812 | /** Callback to retrieve a session from the cache */ |
| 813 | int (*f_get_cache)(void *, mbedtls_ssl_session *); |
Manuel Pégourié-Gonnard | fa6473d | 2015-04-30 18:03:08 +0200 | [diff] [blame] | 814 | /** Callback to store a session into the cache */ |
| 815 | int (*f_set_cache)(void *, const mbedtls_ssl_session *); |
Manuel Pégourié-Gonnard | 5cb3308 | 2015-05-06 18:06:26 +0100 | [diff] [blame] | 816 | void *p_cache; /*!< context for cache callbacks */ |
Manuel Pégourié-Gonnard | fa6473d | 2015-04-30 18:03:08 +0200 | [diff] [blame] | 817 | |
| 818 | #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) |
| 819 | /** Callback for setting cert according to SNI extension */ |
| 820 | int (*f_sni)(void *, mbedtls_ssl_context *, const unsigned char *, size_t); |
| 821 | void *p_sni; /*!< context for SNI callback */ |
| 822 | #endif |
| 823 | |
| 824 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
| 825 | /** Callback to customize X.509 certificate chain verification */ |
Manuel Pégourié-Gonnard | e6ef16f | 2015-05-11 19:54:43 +0200 | [diff] [blame] | 826 | int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *); |
Manuel Pégourié-Gonnard | fa6473d | 2015-04-30 18:03:08 +0200 | [diff] [blame] | 827 | void *p_vrfy; /*!< context for X.509 verify calllback */ |
| 828 | #endif |
| 829 | |
| 830 | #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) |
| 831 | /** Callback to retrieve PSK key from identity */ |
| 832 | int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *, size_t); |
| 833 | void *p_psk; /*!< context for PSK callback */ |
| 834 | #endif |
| 835 | |
| 836 | #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) |
| 837 | /** Callback to create & write a cookie for ClientHello veirifcation */ |
| 838 | int (*f_cookie_write)( void *, unsigned char **, unsigned char *, |
| 839 | const unsigned char *, size_t ); |
| 840 | /** Callback to verify validity of a ClientHello cookie */ |
| 841 | int (*f_cookie_check)( void *, const unsigned char *, size_t, |
| 842 | const unsigned char *, size_t ); |
Manuel Pégourié-Gonnard | 750e4d7 | 2015-05-07 12:35:38 +0100 | [diff] [blame] | 843 | void *p_cookie; /*!< context for the cookie callbacks */ |
Manuel Pégourié-Gonnard | fa6473d | 2015-04-30 18:03:08 +0200 | [diff] [blame] | 844 | #endif |
| 845 | |
| 846 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
| 847 | mbedtls_ssl_key_cert *key_cert; /*!< own certificate/key pair(s) */ |
| 848 | mbedtls_x509_crt *ca_chain; /*!< trusted CAs */ |
| 849 | mbedtls_x509_crl *ca_crl; /*!< trusted CAs CRLs */ |
| 850 | #endif /* MBEDTLS_X509_CRT_PARSE_C */ |
| 851 | |
| 852 | #if defined(MBEDTLS_SSL_SET_CURVES) |
Manuel Pégourié-Gonnard | 750e4d7 | 2015-05-07 12:35:38 +0100 | [diff] [blame] | 853 | const mbedtls_ecp_group_id *curve_list; /*!< allowed curves */ |
Manuel Pégourié-Gonnard | fa6473d | 2015-04-30 18:03:08 +0200 | [diff] [blame] | 854 | #endif |
| 855 | |
| 856 | #if defined(MBEDTLS_DHM_C) |
| 857 | mbedtls_mpi dhm_P; /*!< prime modulus for DHM */ |
| 858 | mbedtls_mpi dhm_G; /*!< generator for DHM */ |
| 859 | #endif |
| 860 | |
| 861 | #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) |
| 862 | unsigned char *psk; /*!< pre-shared key */ |
| 863 | size_t psk_len; /*!< length of the pre-shared key */ |
| 864 | unsigned char *psk_identity; /*!< identity for PSK negotiation */ |
| 865 | size_t psk_identity_len;/*!< length of identity */ |
| 866 | #endif |
| 867 | |
| 868 | #if defined(MBEDTLS_SSL_ALPN) |
| 869 | const char **alpn_list; /*!< ordered list of protocols */ |
| 870 | #endif |
| 871 | |
Manuel Pégourié-Gonnard | 2b49445 | 2015-05-06 10:05:11 +0100 | [diff] [blame] | 872 | #if defined(MBEDTLS_SSL_SESSION_TICKETS) |
| 873 | mbedtls_ssl_ticket_keys *ticket_keys; /*!< keys for ticket encryption */ |
| 874 | #endif /* MBEDTLS_SSL_SESSION_TICKETS */ |
| 875 | |
Manuel Pégourié-Gonnard | fa6473d | 2015-04-30 18:03:08 +0200 | [diff] [blame] | 876 | /* |
| 877 | * Numerical settings (int then char) |
| 878 | */ |
| 879 | |
Manuel Pégourié-Gonnard | 7ca4e4d | 2015-05-04 10:55:58 +0200 | [diff] [blame] | 880 | uint32_t read_timeout; /*!< timeout for mbedtls_ssl_read (ms) */ |
| 881 | |
Manuel Pégourié-Gonnard | fa6473d | 2015-04-30 18:03:08 +0200 | [diff] [blame] | 882 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| 883 | uint32_t hs_timeout_min; /*!< initial value of the handshake |
Manuel Pégourié-Gonnard | 7ca4e4d | 2015-05-04 10:55:58 +0200 | [diff] [blame] | 884 | retransmission timeout (ms) */ |
Manuel Pégourié-Gonnard | fa6473d | 2015-04-30 18:03:08 +0200 | [diff] [blame] | 885 | uint32_t hs_timeout_max; /*!< maximum value of the handshake |
Manuel Pégourié-Gonnard | 7ca4e4d | 2015-05-04 10:55:58 +0200 | [diff] [blame] | 886 | retransmission timeout (ms) */ |
Manuel Pégourié-Gonnard | fa6473d | 2015-04-30 18:03:08 +0200 | [diff] [blame] | 887 | #endif |
| 888 | |
| 889 | #if defined(MBEDTLS_SSL_RENEGOTIATION) |
| 890 | int renego_max_records; /*!< grace period for renegotiation */ |
| 891 | unsigned char renego_period[8]; /*!< value of the record counters |
| 892 | that triggers renegotiation */ |
| 893 | #endif |
| 894 | |
| 895 | #if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT) |
| 896 | unsigned int badmac_limit; /*!< limit of records with a bad MAC */ |
| 897 | #endif |
| 898 | |
| 899 | #if defined(MBEDTLS_SSL_SESSION_TICKETS) |
| 900 | int ticket_lifetime; /*!< session ticket lifetime (seconds) */ |
| 901 | #endif |
| 902 | |
| 903 | unsigned char max_major_ver; /*!< max. major version used */ |
| 904 | unsigned char max_minor_ver; /*!< max. minor version used */ |
| 905 | unsigned char min_major_ver; /*!< min. major version used */ |
| 906 | unsigned char min_minor_ver; /*!< min. minor version used */ |
| 907 | |
Manuel Pégourié-Gonnard | fa6473d | 2015-04-30 18:03:08 +0200 | [diff] [blame] | 908 | /* |
| 909 | * Flags (bitfields) |
| 910 | */ |
| 911 | |
| 912 | unsigned int endpoint : 1; /*!< 0: client, 1: server */ |
| 913 | unsigned int transport : 1; /*!< stream (TLS) or datagram (DTLS) */ |
| 914 | unsigned int arc4_disabled : 1; /*!< blacklist RC4 ciphersuites? */ |
| 915 | unsigned int authmode : 2; /*!< MBEDTLS_SSL_VERIFY_XXX */ |
| 916 | /* needed even with renego disabled for LEGACY_BREAK_HANDSHAKE */ |
| 917 | unsigned int allow_legacy_renegotiation : 2 ; /*!< MBEDTLS_LEGACY_XXX */ |
Manuel Pégourié-Gonnard | e51bba0 | 2015-05-06 09:33:13 +0100 | [diff] [blame] | 918 | #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) |
| 919 | unsigned int mfl_code : 3; /*!< desired fragment length */ |
| 920 | #endif |
Manuel Pégourié-Gonnard | fa6473d | 2015-04-30 18:03:08 +0200 | [diff] [blame] | 921 | #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) |
| 922 | unsigned int encrypt_then_mac : 1 ; /*!< negotiate encrypt-then-mac? */ |
| 923 | #endif |
| 924 | #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) |
| 925 | unsigned int extended_ms : 1; /*!< negotiate extended master secret? */ |
| 926 | #endif |
| 927 | #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) |
| 928 | unsigned int anti_replay : 1; /*!< detect and prevent replay? */ |
| 929 | #endif |
| 930 | #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) |
| 931 | unsigned int cbc_record_splitting : 1; /*!< do cbc record splitting */ |
| 932 | #endif |
| 933 | #if defined(MBEDTLS_SSL_RENEGOTIATION) |
| 934 | unsigned int disable_renegotiation : 1; /*!< disable renegotiation? */ |
| 935 | #endif |
| 936 | #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) |
| 937 | unsigned int trunc_hmac : 1; /*!< negotiate truncated hmac? */ |
| 938 | #endif |
| 939 | #if defined(MBEDTLS_SSL_SESSION_TICKETS) |
| 940 | unsigned int session_tickets : 1; /*!< use session tickets? */ |
| 941 | #endif |
Manuel Pégourié-Gonnard | 684b059 | 2015-05-06 09:27:31 +0100 | [diff] [blame] | 942 | #if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C) |
| 943 | unsigned int fallback : 1; /*!< is this a fallback? */ |
| 944 | #endif |
Manuel Pégourié-Gonnard | fa6473d | 2015-04-30 18:03:08 +0200 | [diff] [blame] | 945 | } |
| 946 | mbedtls_ssl_config; |
| 947 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 948 | struct mbedtls_ssl_context |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 949 | { |
Manuel Pégourié-Gonnard | 1897af9 | 2015-05-10 23:27:38 +0200 | [diff] [blame] | 950 | const mbedtls_ssl_config *conf; /*!< configuration information */ |
Manuel Pégourié-Gonnard | 7ca4e4d | 2015-05-04 10:55:58 +0200 | [diff] [blame] | 951 | |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 952 | /* |
| 953 | * Miscellaneous |
| 954 | */ |
| 955 | int state; /*!< SSL handshake: current state */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 956 | #if defined(MBEDTLS_SSL_RENEGOTIATION) |
Manuel Pégourié-Gonnard | 852a6d3 | 2015-03-19 16:15:20 +0000 | [diff] [blame] | 957 | int renego_status; /*!< Initial, in progress, pending? */ |
Manuel Pégourié-Gonnard | df3acd8 | 2014-10-15 15:07:45 +0200 | [diff] [blame] | 958 | int renego_records_seen; /*!< Records since renego request, or with DTLS, |
| 959 | number of retransmissions of request if |
| 960 | renego_max_records is < 0 */ |
Manuel Pégourié-Gonnard | 615e677 | 2014-11-03 08:23:14 +0100 | [diff] [blame] | 961 | #endif |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 962 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 963 | int major_ver; /*!< equal to MBEDTLS_SSL_MAJOR_VERSION_3 */ |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 964 | int minor_ver; /*!< either 0 (SSL3) or 1 (TLS1.0) */ |
| 965 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 966 | #if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT) |
Manuel Pégourié-Gonnard | b0643d1 | 2014-10-14 18:30:36 +0200 | [diff] [blame] | 967 | unsigned badmac_seen; /*!< records with a bad MAC received */ |
| 968 | #endif |
| 969 | |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 970 | /* |
Manuel Pégourié-Gonnard | 7ca4e4d | 2015-05-04 10:55:58 +0200 | [diff] [blame] | 971 | * Callbacks |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 972 | */ |
Paul Bakker | 39bb418 | 2011-06-21 07:36:43 +0000 | [diff] [blame] | 973 | int (*f_send)(void *, const unsigned char *, size_t); |
Manuel Pégourié-Gonnard | 8fa6dfd | 2014-09-17 10:47:43 +0200 | [diff] [blame] | 974 | int (*f_recv)(void *, unsigned char *, size_t); |
Manuel Pégourié-Gonnard | c8d8e97 | 2014-10-01 15:01:39 +0200 | [diff] [blame] | 975 | int (*f_recv_timeout)(void *, unsigned char *, size_t, uint32_t); |
Manuel Pégourié-Gonnard | e6bdc44 | 2014-09-17 11:34:57 +0200 | [diff] [blame] | 976 | void *p_bio; /*!< context for I/O operations */ |
Paul Bakker | 6db455e | 2013-09-18 17:29:31 +0200 | [diff] [blame] | 977 | |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 978 | /* |
| 979 | * Session layer |
| 980 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 981 | mbedtls_ssl_session *session_in; /*!< current session data (in) */ |
| 982 | mbedtls_ssl_session *session_out; /*!< current session data (out) */ |
| 983 | mbedtls_ssl_session *session; /*!< negotiated session data */ |
| 984 | mbedtls_ssl_session *session_negotiate; /*!< session data in negotiation */ |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 985 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 986 | mbedtls_ssl_handshake_params *handshake; /*!< params required only during |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 987 | the handshake process */ |
| 988 | |
| 989 | /* |
| 990 | * Record layer transformations |
| 991 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 992 | mbedtls_ssl_transform *transform_in; /*!< current transform params (in) */ |
| 993 | mbedtls_ssl_transform *transform_out; /*!< current transform params (in) */ |
| 994 | mbedtls_ssl_transform *transform; /*!< negotiated transform params */ |
| 995 | mbedtls_ssl_transform *transform_negotiate; /*!< transform params in negotiation */ |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 996 | |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 997 | /* |
Manuel Pégourié-Gonnard | 8e704f0 | 2014-10-14 20:03:35 +0200 | [diff] [blame] | 998 | * Timers |
Manuel Pégourié-Gonnard | db2858c | 2014-09-29 14:04:42 +0200 | [diff] [blame] | 999 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1000 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
Manuel Pégourié-Gonnard | 2e01291 | 2015-05-12 20:55:41 +0200 | [diff] [blame] | 1001 | mbedtls_timing_delay_context WIP_timer; /* temporary */ |
| 1002 | void *p_timer; /*!< context for the timer callbacks */ |
| 1003 | void (*f_set_timer)(void *, uint32_t, uint32_t); /*!< set timer callback */ |
| 1004 | int (*f_get_timer)(void *); /*!< get timer callback */ |
Manuel Pégourié-Gonnard | 905dd24 | 2014-10-01 12:03:55 +0200 | [diff] [blame] | 1005 | #endif |
| 1006 | |
Manuel Pégourié-Gonnard | db2858c | 2014-09-29 14:04:42 +0200 | [diff] [blame] | 1007 | /* |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1008 | * Record layer (incoming data) |
| 1009 | */ |
Manuel Pégourié-Gonnard | 7ee6f0e | 2014-02-13 10:54:07 +0100 | [diff] [blame] | 1010 | unsigned char *in_buf; /*!< input buffer */ |
Manuel Pégourié-Gonnard | 246c13a | 2014-09-24 13:56:09 +0200 | [diff] [blame] | 1011 | unsigned char *in_ctr; /*!< 64-bit incoming message counter |
| 1012 | TLS: maintained by us |
| 1013 | DTLS: read from peer */ |
Manuel Pégourié-Gonnard | 7ee6f0e | 2014-02-13 10:54:07 +0100 | [diff] [blame] | 1014 | unsigned char *in_hdr; /*!< start of record header */ |
| 1015 | unsigned char *in_len; /*!< two-bytes message length field */ |
| 1016 | unsigned char *in_iv; /*!< ivlen-byte IV */ |
Paul Bakker | 92be97b | 2013-01-02 17:30:03 +0100 | [diff] [blame] | 1017 | unsigned char *in_msg; /*!< message contents (in_iv+ivlen) */ |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1018 | unsigned char *in_offt; /*!< read offset in application data */ |
| 1019 | |
| 1020 | int in_msgtype; /*!< record header: message type */ |
Paul Bakker | 23986e5 | 2011-04-24 08:57:21 +0000 | [diff] [blame] | 1021 | size_t in_msglen; /*!< record header: message length */ |
| 1022 | size_t in_left; /*!< amount of data read so far */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1023 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
Manuel Pégourié-Gonnard | 246c13a | 2014-09-24 13:56:09 +0200 | [diff] [blame] | 1024 | uint16_t in_epoch; /*!< DTLS epoch for incoming records */ |
Manuel Pégourié-Gonnard | 64dffc5 | 2014-09-02 13:39:16 +0200 | [diff] [blame] | 1025 | size_t next_record_offset; /*!< offset of the next record in datagram |
| 1026 | (equal to in_left if none) */ |
Manuel Pégourié-Gonnard | b2f3be8 | 2014-07-10 17:54:52 +0200 | [diff] [blame] | 1027 | #endif |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1028 | #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) |
Manuel Pégourié-Gonnard | 7a7e140 | 2014-09-24 10:52:58 +0200 | [diff] [blame] | 1029 | uint64_t in_window_top; /*!< last validated record seq_num */ |
| 1030 | uint64_t in_window; /*!< bitmask for replay detection */ |
| 1031 | #endif |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1032 | |
Manuel Pégourié-Gonnard | 9d1d719 | 2014-09-03 11:01:14 +0200 | [diff] [blame] | 1033 | size_t in_hslen; /*!< current handshake message length, |
| 1034 | including the handshake header */ |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1035 | int nb_zero; /*!< # of 0-length encrypted messages */ |
Paul Bakker | d4a56ec | 2013-04-16 18:05:29 +0200 | [diff] [blame] | 1036 | int record_read; /*!< record is already present */ |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1037 | |
| 1038 | /* |
| 1039 | * Record layer (outgoing data) |
| 1040 | */ |
Manuel Pégourié-Gonnard | 7ee6f0e | 2014-02-13 10:54:07 +0100 | [diff] [blame] | 1041 | unsigned char *out_buf; /*!< output buffer */ |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1042 | unsigned char *out_ctr; /*!< 64-bit outgoing message counter */ |
Manuel Pégourié-Gonnard | 7ee6f0e | 2014-02-13 10:54:07 +0100 | [diff] [blame] | 1043 | unsigned char *out_hdr; /*!< start of record header */ |
| 1044 | unsigned char *out_len; /*!< two-bytes message length field */ |
| 1045 | unsigned char *out_iv; /*!< ivlen-byte IV */ |
Paul Bakker | 92be97b | 2013-01-02 17:30:03 +0100 | [diff] [blame] | 1046 | unsigned char *out_msg; /*!< message contents (out_iv+ivlen) */ |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1047 | |
| 1048 | int out_msgtype; /*!< record header: message type */ |
Paul Bakker | 23986e5 | 2011-04-24 08:57:21 +0000 | [diff] [blame] | 1049 | size_t out_msglen; /*!< record header: message length */ |
| 1050 | size_t out_left; /*!< amount of data not yet written */ |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1051 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1052 | #if defined(MBEDTLS_ZLIB_SUPPORT) |
Paul Bakker | 1677033 | 2013-10-11 09:59:44 +0200 | [diff] [blame] | 1053 | unsigned char *compress_buf; /*!< zlib data buffer */ |
| 1054 | #endif |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1055 | #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) |
Manuel Pégourié-Gonnard | 17eab2b | 2015-05-05 16:34:53 +0100 | [diff] [blame] | 1056 | signed char split_done; /*!< current record already splitted? */ |
Manuel Pégourié-Gonnard | d76314c | 2015-01-07 12:39:44 +0100 | [diff] [blame] | 1057 | #endif |
Manuel Pégourié-Gonnard | 8b46459 | 2013-07-16 12:45:26 +0200 | [diff] [blame] | 1058 | |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1059 | /* |
| 1060 | * PKI layer |
| 1061 | */ |
Manuel Pégourié-Gonnard | 7ca4e4d | 2015-05-04 10:55:58 +0200 | [diff] [blame] | 1062 | int client_auth; /*!< flag for client auth. */ |
| 1063 | int verify_result; /*!< verification result */ |
| 1064 | |
Manuel Pégourié-Gonnard | 779e429 | 2013-08-03 13:50:48 +0200 | [diff] [blame] | 1065 | /* |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 1066 | * User settings |
| 1067 | */ |
Manuel Pégourié-Gonnard | bc2b771 | 2015-05-06 11:14:19 +0100 | [diff] [blame] | 1068 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
| 1069 | char *hostname; /*!< expected peer CN for verification |
| 1070 | (and SNI if available) */ |
Paul Bakker | 0be444a | 2013-08-27 21:55:01 +0200 | [diff] [blame] | 1071 | #endif |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 1072 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1073 | #if defined(MBEDTLS_SSL_ALPN) |
Manuel Pégourié-Gonnard | 7e250d4 | 2014-04-04 16:08:41 +0200 | [diff] [blame] | 1074 | const char *alpn_chosen; /*!< negotiated protocol */ |
| 1075 | #endif |
| 1076 | |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 1077 | /* |
Manuel Pégourié-Gonnard | d485d19 | 2014-07-23 14:56:15 +0200 | [diff] [blame] | 1078 | * Information for DTLS hello verify |
Manuel Pégourié-Gonnard | 43c0218 | 2014-07-22 17:32:01 +0200 | [diff] [blame] | 1079 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1080 | #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) |
Manuel Pégourié-Gonnard | 43c0218 | 2014-07-22 17:32:01 +0200 | [diff] [blame] | 1081 | unsigned char *cli_id; /*!< transport-level ID of the client */ |
| 1082 | size_t cli_id_len; /*!< length of cli_id */ |
| 1083 | #endif |
| 1084 | |
| 1085 | /* |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 1086 | * Secure renegotiation |
| 1087 | */ |
Manuel Pégourié-Gonnard | 3b2c0d6 | 2015-03-10 13:20:49 +0000 | [diff] [blame] | 1088 | /* needed to know when to send extension on server */ |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 1089 | int secure_renegotiation; /*!< does peer support legacy or |
| 1090 | secure renegotiation */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1091 | #if defined(MBEDTLS_SSL_RENEGOTIATION) |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 1092 | size_t verify_data_len; /*!< length of verify data stored */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1093 | char own_verify_data[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!< previous handshake verify data */ |
| 1094 | char peer_verify_data[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!< previous handshake verify data */ |
Manuel Pégourié-Gonnard | 615e677 | 2014-11-03 08:23:14 +0100 | [diff] [blame] | 1095 | #endif |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1096 | }; |
| 1097 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1098 | #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) |
Paul Bakker | 07eb38b | 2012-12-19 14:42:06 +0100 | [diff] [blame] | 1099 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1100 | #define MBEDTLS_SSL_CHANNEL_OUTBOUND 0 |
| 1101 | #define MBEDTLS_SSL_CHANNEL_INBOUND 1 |
Paul Bakker | 07eb38b | 2012-12-19 14:42:06 +0100 | [diff] [blame] | 1102 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1103 | extern int (*mbedtls_ssl_hw_record_init)(mbedtls_ssl_context *ssl, |
Paul Bakker | 05ef835 | 2012-05-08 09:17:57 +0000 | [diff] [blame] | 1104 | const unsigned char *key_enc, const unsigned char *key_dec, |
Paul Bakker | 07eb38b | 2012-12-19 14:42:06 +0100 | [diff] [blame] | 1105 | size_t keylen, |
Paul Bakker | 05ef835 | 2012-05-08 09:17:57 +0000 | [diff] [blame] | 1106 | const unsigned char *iv_enc, const unsigned char *iv_dec, |
Paul Bakker | 07eb38b | 2012-12-19 14:42:06 +0100 | [diff] [blame] | 1107 | size_t ivlen, |
| 1108 | const unsigned char *mac_enc, const unsigned char *mac_dec, |
| 1109 | size_t maclen); |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1110 | extern int (*mbedtls_ssl_hw_record_activate)(mbedtls_ssl_context *ssl, int direction); |
| 1111 | extern int (*mbedtls_ssl_hw_record_reset)(mbedtls_ssl_context *ssl); |
| 1112 | extern int (*mbedtls_ssl_hw_record_write)(mbedtls_ssl_context *ssl); |
| 1113 | extern int (*mbedtls_ssl_hw_record_read)(mbedtls_ssl_context *ssl); |
| 1114 | extern int (*mbedtls_ssl_hw_record_finish)(mbedtls_ssl_context *ssl); |
| 1115 | #endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */ |
Paul Bakker | 05ef835 | 2012-05-08 09:17:57 +0000 | [diff] [blame] | 1116 | |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1117 | /** |
Paul Bakker | e3166ce | 2011-01-27 17:40:50 +0000 | [diff] [blame] | 1118 | * \brief Returns the list of ciphersuites supported by the SSL/TLS module. |
Paul Bakker | 72f6266 | 2011-01-16 21:27:44 +0000 | [diff] [blame] | 1119 | * |
Paul Bakker | e3166ce | 2011-01-27 17:40:50 +0000 | [diff] [blame] | 1120 | * \return a statically allocated array of ciphersuites, the last |
| 1121 | * entry is 0. |
Paul Bakker | 72f6266 | 2011-01-16 21:27:44 +0000 | [diff] [blame] | 1122 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1123 | const int *mbedtls_ssl_list_ciphersuites( void ); |
Paul Bakker | 72f6266 | 2011-01-16 21:27:44 +0000 | [diff] [blame] | 1124 | |
| 1125 | /** |
Paul Bakker | b9e4e2c | 2014-05-01 14:18:25 +0200 | [diff] [blame] | 1126 | * \brief Return the name of the ciphersuite associated with the |
| 1127 | * given ID |
Paul Bakker | 72f6266 | 2011-01-16 21:27:44 +0000 | [diff] [blame] | 1128 | * |
Paul Bakker | e3166ce | 2011-01-27 17:40:50 +0000 | [diff] [blame] | 1129 | * \param ciphersuite_id SSL ciphersuite ID |
Paul Bakker | 72f6266 | 2011-01-16 21:27:44 +0000 | [diff] [blame] | 1130 | * |
Paul Bakker | e3166ce | 2011-01-27 17:40:50 +0000 | [diff] [blame] | 1131 | * \return a string containing the ciphersuite name |
Paul Bakker | 72f6266 | 2011-01-16 21:27:44 +0000 | [diff] [blame] | 1132 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1133 | const char *mbedtls_ssl_get_ciphersuite_name( const int ciphersuite_id ); |
Paul Bakker | e3166ce | 2011-01-27 17:40:50 +0000 | [diff] [blame] | 1134 | |
| 1135 | /** |
Paul Bakker | b9e4e2c | 2014-05-01 14:18:25 +0200 | [diff] [blame] | 1136 | * \brief Return the ID of the ciphersuite associated with the |
| 1137 | * given name |
Paul Bakker | e3166ce | 2011-01-27 17:40:50 +0000 | [diff] [blame] | 1138 | * |
| 1139 | * \param ciphersuite_name SSL ciphersuite name |
| 1140 | * |
| 1141 | * \return the ID with the ciphersuite or 0 if not found |
| 1142 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1143 | int mbedtls_ssl_get_ciphersuite_id( const char *ciphersuite_name ); |
Paul Bakker | 72f6266 | 2011-01-16 21:27:44 +0000 | [diff] [blame] | 1144 | |
| 1145 | /** |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1146 | * \brief Initialize an SSL context |
Manuel Pégourié-Gonnard | 41d479e | 2015-04-29 00:48:22 +0200 | [diff] [blame] | 1147 | * Just makes the context ready for mbetls_ssl_setup() or |
| 1148 | * mbedtls_ssl_free() |
| 1149 | * |
| 1150 | * \param ssl SSL context |
| 1151 | */ |
| 1152 | void mbedtls_ssl_init( mbedtls_ssl_context *ssl ); |
| 1153 | |
| 1154 | /** |
| 1155 | * \brief Set up an SSL context for use |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1156 | * |
Manuel Pégourié-Gonnard | 06939ce | 2015-05-11 11:25:46 +0200 | [diff] [blame] | 1157 | * \note No copy of the configuration context is made, it can be |
| 1158 | * shared by many ssl_context structures. |
| 1159 | * |
| 1160 | * \warning Modifying the conf structure after is has been used in this |
| 1161 | * function is unsupported! |
| 1162 | * |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1163 | * \param ssl SSL context |
Manuel Pégourié-Gonnard | def0bbe | 2015-05-04 14:56:36 +0200 | [diff] [blame] | 1164 | * \param conf SSL configuration to use |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1165 | * |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1166 | * \return 0 if successful, or MBEDTLS_ERR_SSL_MALLOC_FAILED if |
Paul Bakker | 69e095c | 2011-12-10 21:55:01 +0000 | [diff] [blame] | 1167 | * memory allocation failed |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1168 | */ |
Manuel Pégourié-Gonnard | def0bbe | 2015-05-04 14:56:36 +0200 | [diff] [blame] | 1169 | int mbedtls_ssl_setup( mbedtls_ssl_context *ssl, |
Manuel Pégourié-Gonnard | 1897af9 | 2015-05-10 23:27:38 +0200 | [diff] [blame] | 1170 | const mbedtls_ssl_config *conf ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1171 | |
| 1172 | /** |
Paul Bakker | 7eb013f | 2011-10-06 12:37:39 +0000 | [diff] [blame] | 1173 | * \brief Reset an already initialized SSL context for re-use |
| 1174 | * while retaining application-set variables, function |
| 1175 | * pointers and data. |
| 1176 | * |
| 1177 | * \param ssl SSL context |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 1178 | * \return 0 if successful, or POLASSL_ERR_SSL_MALLOC_FAILED, |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1179 | MBEDTLS_ERR_SSL_HW_ACCEL_FAILED or |
| 1180 | * MBEDTLS_ERR_SSL_COMPRESSION_FAILED |
Paul Bakker | 7eb013f | 2011-10-06 12:37:39 +0000 | [diff] [blame] | 1181 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1182 | int mbedtls_ssl_session_reset( mbedtls_ssl_context *ssl ); |
Paul Bakker | 7eb013f | 2011-10-06 12:37:39 +0000 | [diff] [blame] | 1183 | |
| 1184 | /** |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1185 | * \brief Set the current endpoint type |
| 1186 | * |
Manuel Pégourié-Gonnard | d36e33f | 2015-05-05 10:45:39 +0200 | [diff] [blame] | 1187 | * \param conf SSL configuration |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1188 | * \param endpoint must be MBEDTLS_SSL_IS_CLIENT or MBEDTLS_SSL_IS_SERVER |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1189 | */ |
Manuel Pégourié-Gonnard | 6729e79 | 2015-05-11 09:50:24 +0200 | [diff] [blame] | 1190 | void mbedtls_ssl_conf_endpoint( mbedtls_ssl_config *conf, int endpoint ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1191 | |
| 1192 | /** |
Manuel Pégourié-Gonnard | 8fa6dfd | 2014-09-17 10:47:43 +0200 | [diff] [blame] | 1193 | * \brief Set the transport type (TLS or DTLS). |
| 1194 | * Default: TLS |
Manuel Pégourié-Gonnard | 0b1ff29 | 2014-02-06 13:04:16 +0100 | [diff] [blame] | 1195 | * |
Manuel Pégourié-Gonnard | 01e5e8c | 2015-05-11 10:11:56 +0200 | [diff] [blame] | 1196 | * \note For DTLS, you must either provide a recv callback that |
| 1197 | * doesn't block, or one that handles timeouts, see |
Manuel Pégourié-Gonnard | bbd28f7 | 2015-05-13 10:21:19 +0200 | [diff] [blame^] | 1198 | * \c mbedtls_ssl_set_bio(). You also need to provide timer |
| 1199 | * callbacks with \c mbedtls_ssl_set_timer_cb(). |
Manuel Pégourié-Gonnard | 01e5e8c | 2015-05-11 10:11:56 +0200 | [diff] [blame] | 1200 | * |
Manuel Pégourié-Gonnard | d36e33f | 2015-05-05 10:45:39 +0200 | [diff] [blame] | 1201 | * \param conf SSL configuration |
Manuel Pégourié-Gonnard | 0b1ff29 | 2014-02-06 13:04:16 +0100 | [diff] [blame] | 1202 | * \param transport transport type: |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1203 | * MBEDTLS_SSL_TRANSPORT_STREAM for TLS, |
| 1204 | * MBEDTLS_SSL_TRANSPORT_DATAGRAM for DTLS. |
Manuel Pégourié-Gonnard | 0b1ff29 | 2014-02-06 13:04:16 +0100 | [diff] [blame] | 1205 | */ |
Manuel Pégourié-Gonnard | 01e5e8c | 2015-05-11 10:11:56 +0200 | [diff] [blame] | 1206 | void mbedtls_ssl_conf_transport( mbedtls_ssl_config *conf, int transport ); |
Manuel Pégourié-Gonnard | 0b1ff29 | 2014-02-06 13:04:16 +0100 | [diff] [blame] | 1207 | |
| 1208 | /** |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1209 | * \brief Set the certificate verification mode |
Manuel Pégourié-Gonnard | d36e33f | 2015-05-05 10:45:39 +0200 | [diff] [blame] | 1210 | * Default: NONE on server, REQUIRED on client |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1211 | * |
Manuel Pégourié-Gonnard | d36e33f | 2015-05-05 10:45:39 +0200 | [diff] [blame] | 1212 | * \param conf SSL configuration |
Paul Bakker | 37ca75d | 2011-01-06 12:28:03 +0000 | [diff] [blame] | 1213 | * \param authmode can be: |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1214 | * |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1215 | * MBEDTLS_SSL_VERIFY_NONE: peer certificate is not checked |
Manuel Pégourié-Gonnard | fa44f20 | 2015-03-27 17:52:25 +0100 | [diff] [blame] | 1216 | * (default on server) |
| 1217 | * (insecure on client) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1218 | * |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1219 | * MBEDTLS_SSL_VERIFY_OPTIONAL: peer certificate is checked, however the |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1220 | * handshake continues even if verification failed; |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1221 | * mbedtls_ssl_get_verify_result() can be called after the |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1222 | * handshake is complete. |
| 1223 | * |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1224 | * MBEDTLS_SSL_VERIFY_REQUIRED: peer *must* present a valid certificate, |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1225 | * handshake is aborted if verification failed. |
Manuel Pégourié-Gonnard | e2ce211 | 2014-03-11 10:50:48 +0100 | [diff] [blame] | 1226 | * |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1227 | * \note On client, MBEDTLS_SSL_VERIFY_REQUIRED is the recommended mode. |
| 1228 | * With MBEDTLS_SSL_VERIFY_OPTIONAL, the user needs to call mbedtls_ssl_get_verify_result() at |
Manuel Pégourié-Gonnard | e2ce211 | 2014-03-11 10:50:48 +0100 | [diff] [blame] | 1229 | * the right time(s), which may not be obvious, while REQUIRED always perform |
| 1230 | * the verification as soon as possible. For example, REQUIRED was protecting |
| 1231 | * against the "triple handshake" attack even before it was found. |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1232 | */ |
Manuel Pégourié-Gonnard | 6729e79 | 2015-05-11 09:50:24 +0200 | [diff] [blame] | 1233 | void mbedtls_ssl_conf_authmode( mbedtls_ssl_config *conf, int authmode ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1234 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1235 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1236 | /** |
Paul Bakker | b63b0af | 2011-01-13 17:54:59 +0000 | [diff] [blame] | 1237 | * \brief Set the verification callback (Optional). |
| 1238 | * |
Paul Bakker | 915275b | 2012-09-28 07:10:55 +0000 | [diff] [blame] | 1239 | * If set, the verify callback is called for each |
| 1240 | * certificate in the chain. For implementation |
| 1241 | * information, please see \c x509parse_verify() |
Paul Bakker | b63b0af | 2011-01-13 17:54:59 +0000 | [diff] [blame] | 1242 | * |
Manuel Pégourié-Gonnard | d36e33f | 2015-05-05 10:45:39 +0200 | [diff] [blame] | 1243 | * \param conf SSL configuration |
Paul Bakker | b63b0af | 2011-01-13 17:54:59 +0000 | [diff] [blame] | 1244 | * \param f_vrfy verification function |
| 1245 | * \param p_vrfy verification parameter |
| 1246 | */ |
Manuel Pégourié-Gonnard | 6729e79 | 2015-05-11 09:50:24 +0200 | [diff] [blame] | 1247 | void mbedtls_ssl_conf_verify( mbedtls_ssl_config *conf, |
Manuel Pégourié-Gonnard | e6ef16f | 2015-05-11 19:54:43 +0200 | [diff] [blame] | 1248 | int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), |
Paul Bakker | b63b0af | 2011-01-13 17:54:59 +0000 | [diff] [blame] | 1249 | void *p_vrfy ); |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1250 | #endif /* MBEDTLS_X509_CRT_PARSE_C */ |
Paul Bakker | b63b0af | 2011-01-13 17:54:59 +0000 | [diff] [blame] | 1251 | |
| 1252 | /** |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1253 | * \brief Set the random number generator callback |
| 1254 | * |
Manuel Pégourié-Gonnard | 750e4d7 | 2015-05-07 12:35:38 +0100 | [diff] [blame] | 1255 | * \param conf SSL configuration |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1256 | * \param f_rng RNG function |
| 1257 | * \param p_rng RNG parameter |
| 1258 | */ |
Manuel Pégourié-Gonnard | 6729e79 | 2015-05-11 09:50:24 +0200 | [diff] [blame] | 1259 | void mbedtls_ssl_conf_rng( mbedtls_ssl_config *conf, |
Paul Bakker | a3d195c | 2011-11-27 21:07:34 +0000 | [diff] [blame] | 1260 | int (*f_rng)(void *, unsigned char *, size_t), |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1261 | void *p_rng ); |
| 1262 | |
| 1263 | /** |
| 1264 | * \brief Set the debug callback |
| 1265 | * |
Manuel Pégourié-Gonnard | d36e33f | 2015-05-05 10:45:39 +0200 | [diff] [blame] | 1266 | * \param conf SSL configuration |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1267 | * \param f_dbg debug function |
| 1268 | * \param p_dbg debug parameter |
| 1269 | */ |
Manuel Pégourié-Gonnard | 6729e79 | 2015-05-11 09:50:24 +0200 | [diff] [blame] | 1270 | void mbedtls_ssl_conf_dbg( mbedtls_ssl_config *conf, |
Paul Bakker | ff60ee6 | 2010-03-16 21:09:09 +0000 | [diff] [blame] | 1271 | void (*f_dbg)(void *, int, const char *), |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1272 | void *p_dbg ); |
| 1273 | |
Manuel Pégourié-Gonnard | 8fa6dfd | 2014-09-17 10:47:43 +0200 | [diff] [blame] | 1274 | /** |
| 1275 | * \brief Set the underlying BIO callbacks for write, read and |
| 1276 | * read-with-timeout. |
| 1277 | * |
| 1278 | * \param ssl SSL context |
| 1279 | * \param p_bio parameter (context) shared by BIO callbacks |
| 1280 | * \param f_send write callback |
| 1281 | * \param f_recv read callback |
Manuel Pégourié-Gonnard | 8836994 | 2015-05-06 16:19:31 +0100 | [diff] [blame] | 1282 | * \param f_recv_timeout blocking read callback with timeout. |
Manuel Pégourié-Gonnard | bbd28f7 | 2015-05-13 10:21:19 +0200 | [diff] [blame^] | 1283 | * The last argument is the timeout in milliseconds |
Manuel Pégourié-Gonnard | 8fa6dfd | 2014-09-17 10:47:43 +0200 | [diff] [blame] | 1284 | * |
Manuel Pégourié-Gonnard | bbd28f7 | 2015-05-13 10:21:19 +0200 | [diff] [blame^] | 1285 | * \note One of f_recv or f_recv_timeout can be NULL, in which case |
| 1286 | * the other is used. If both are non-NULL, f_recv_timeout is |
| 1287 | * used and f_recv is ignored (as if it were NULL). |
Manuel Pégourié-Gonnard | 8fa6dfd | 2014-09-17 10:47:43 +0200 | [diff] [blame] | 1288 | * |
Manuel Pégourié-Gonnard | bbd28f7 | 2015-05-13 10:21:19 +0200 | [diff] [blame^] | 1289 | * \note The two most common use cases are: |
| 1290 | * - non-blocking I/O, f_recv != NULL, f_recv_timeout == NULL |
| 1291 | * - blocking I/O, f_recv == NULL, f_recv_timout != NULL |
| 1292 | * |
| 1293 | * \note For DTLS, you need to provide either a non-NULL |
| 1294 | * f_recv_timeout callback, or a f_recv that doesn't block. |
Manuel Pégourié-Gonnard | 8fa6dfd | 2014-09-17 10:47:43 +0200 | [diff] [blame] | 1295 | */ |
Manuel Pégourié-Gonnard | 1b511f9 | 2015-05-06 15:54:23 +0100 | [diff] [blame] | 1296 | void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl, |
Manuel Pégourié-Gonnard | 8fa6dfd | 2014-09-17 10:47:43 +0200 | [diff] [blame] | 1297 | void *p_bio, |
| 1298 | int (*f_send)(void *, const unsigned char *, size_t), |
| 1299 | int (*f_recv)(void *, unsigned char *, size_t), |
Manuel Pégourié-Gonnard | 97fd52c | 2015-05-06 15:38:52 +0100 | [diff] [blame] | 1300 | int (*f_recv_timeout)(void *, unsigned char *, size_t, uint32_t) ); |
| 1301 | |
| 1302 | /** |
| 1303 | * \brief Set the timeout period for mbedtls_ssl_read() |
| 1304 | * (Default: no timeout.) |
| 1305 | * |
| 1306 | * \param conf SSL configuration context |
| 1307 | * \param timeout Timeout value in milliseconds. |
| 1308 | * Use 0 for no timeout (default). |
| 1309 | * |
| 1310 | * \note With blocking I/O, this will only work if a non-NULL |
Manuel Pégourié-Gonnard | 1b511f9 | 2015-05-06 15:54:23 +0100 | [diff] [blame] | 1311 | * \c f_recv_timeout was set with \c mbedtls_ssl_set_bio(). |
Manuel Pégourié-Gonnard | bbd28f7 | 2015-05-13 10:21:19 +0200 | [diff] [blame^] | 1312 | * With non-blocking I/O, this will only work if timer |
| 1313 | * callbacks were set with \c mbedtls_ssl_set_timer_cb(). |
| 1314 | * |
| 1315 | * \note With non-blocking I/O, you may also skip this function |
| 1316 | * altogether and handle timeouts at the application layer. |
Manuel Pégourié-Gonnard | 97fd52c | 2015-05-06 15:38:52 +0100 | [diff] [blame] | 1317 | */ |
Manuel Pégourié-Gonnard | 6729e79 | 2015-05-11 09:50:24 +0200 | [diff] [blame] | 1318 | void mbedtls_ssl_conf_read_timeout( mbedtls_ssl_config *conf, uint32_t timeout ); |
Manuel Pégourié-Gonnard | 8fa6dfd | 2014-09-17 10:47:43 +0200 | [diff] [blame] | 1319 | |
Manuel Pégourié-Gonnard | 2e01291 | 2015-05-12 20:55:41 +0200 | [diff] [blame] | 1320 | /** |
| 1321 | * \brief Set the timer callbacks |
| 1322 | * (Mandatory for DTLS.) |
| 1323 | * |
| 1324 | * \param ssl SSL context |
| 1325 | * \param p_timer parameter (context) shared by timer callback |
| 1326 | * \param f_set_timer set timer callback |
| 1327 | * Accepts an intermediate and a final delay in milliseconcs |
| 1328 | * If the final delay is 0, cancels the running timer. |
| 1329 | * \param f_get_timer get timer callback. Must return: |
| 1330 | * -1 if cancelled |
| 1331 | * 0 if none of the delays is expired |
| 1332 | * 1 if the intermediate delay only is expired |
| 1333 | * 2 if the final delay is expired |
| 1334 | */ |
| 1335 | void mbedtls_ssl_set_timer_cb( mbedtls_ssl_context *ssl, |
| 1336 | void *p_timer, |
| 1337 | void (*f_set_timer)(void *, uint32_t int_ms, uint32_t fin_ms), |
| 1338 | int (*f_get_timer)(void *) ); |
| 1339 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1340 | #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) |
Manuel Pégourié-Gonnard | 43c0218 | 2014-07-22 17:32:01 +0200 | [diff] [blame] | 1341 | /** |
| 1342 | * \brief Set client's transport-level identification info. |
Manuel Pégourié-Gonnard | d485d19 | 2014-07-23 14:56:15 +0200 | [diff] [blame] | 1343 | * (Server only. DTLS only.) |
Manuel Pégourié-Gonnard | 43c0218 | 2014-07-22 17:32:01 +0200 | [diff] [blame] | 1344 | * |
| 1345 | * This is usually the IP address (and port), but could be |
| 1346 | * anything identify the client depending on the underlying |
| 1347 | * network stack. Used for HelloVerifyRequest with DTLS. |
| 1348 | * This is *not* used to route the actual packets. |
| 1349 | * |
Manuel Pégourié-Gonnard | 43c0218 | 2014-07-22 17:32:01 +0200 | [diff] [blame] | 1350 | * \param ssl SSL context |
| 1351 | * \param info Transport-level info identifying the client (eg IP + port) |
| 1352 | * \param ilen Length of info in bytes |
| 1353 | * |
| 1354 | * \note An internal copy is made, so the info buffer can be reused. |
| 1355 | * |
| 1356 | * \return 0 on success, |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1357 | * MBEDTLS_ERR_SSL_BAD_INPUT_DATA if used on client, |
| 1358 | * MBEDTLS_ERR_SSL_MALLOC_FAILED if out of memory. |
Manuel Pégourié-Gonnard | 43c0218 | 2014-07-22 17:32:01 +0200 | [diff] [blame] | 1359 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1360 | int mbedtls_ssl_set_client_transport_id( mbedtls_ssl_context *ssl, |
Manuel Pégourié-Gonnard | 43c0218 | 2014-07-22 17:32:01 +0200 | [diff] [blame] | 1361 | const unsigned char *info, |
| 1362 | size_t ilen ); |
Manuel Pégourié-Gonnard | 98545f1 | 2014-07-22 22:10:43 +0200 | [diff] [blame] | 1363 | |
Manuel Pégourié-Gonnard | d485d19 | 2014-07-23 14:56:15 +0200 | [diff] [blame] | 1364 | /** |
| 1365 | * \brief Callback type: generate a cookie |
| 1366 | * |
| 1367 | * \param ctx Context for the callback |
| 1368 | * \param p Buffer to write to, |
| 1369 | * must be updated to point right after the cookie |
| 1370 | * \param end Pointer to one past the end of the output buffer |
| 1371 | * \param info Client ID info that was passed to |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1372 | * \c mbedtls_ssl_set_client_transport_id() |
Manuel Pégourié-Gonnard | d485d19 | 2014-07-23 14:56:15 +0200 | [diff] [blame] | 1373 | * \param ilen Length of info in bytes |
| 1374 | * |
| 1375 | * \return The callback must return 0 on success, |
| 1376 | * or a negative error code. |
| 1377 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1378 | typedef int mbedtls_ssl_cookie_write_t( void *ctx, |
Manuel Pégourié-Gonnard | d485d19 | 2014-07-23 14:56:15 +0200 | [diff] [blame] | 1379 | unsigned char **p, unsigned char *end, |
| 1380 | const unsigned char *info, size_t ilen ); |
| 1381 | |
| 1382 | /** |
| 1383 | * \brief Callback type: verify a cookie |
| 1384 | * |
| 1385 | * \param ctx Context for the callback |
| 1386 | * \param cookie Cookie to verify |
| 1387 | * \param clen Length of cookie |
| 1388 | * \param info Client ID info that was passed to |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1389 | * \c mbedtls_ssl_set_client_transport_id() |
Manuel Pégourié-Gonnard | d485d19 | 2014-07-23 14:56:15 +0200 | [diff] [blame] | 1390 | * \param ilen Length of info in bytes |
| 1391 | * |
| 1392 | * \return The callback must return 0 if cookie is valid, |
| 1393 | * or a negative error code. |
| 1394 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1395 | typedef int mbedtls_ssl_cookie_check_t( void *ctx, |
Manuel Pégourié-Gonnard | d485d19 | 2014-07-23 14:56:15 +0200 | [diff] [blame] | 1396 | const unsigned char *cookie, size_t clen, |
| 1397 | const unsigned char *info, size_t ilen ); |
| 1398 | |
| 1399 | /** |
| 1400 | * \brief Register callbacks for DTLS cookies |
| 1401 | * (Server only. DTLS only.) |
| 1402 | * |
Manuel Pégourié-Gonnard | 7d38d21 | 2014-07-23 17:52:09 +0200 | [diff] [blame] | 1403 | * Default: dummy callbacks that fail, to force you to |
| 1404 | * register working callbacks (and initialize their context). |
| 1405 | * |
| 1406 | * To disable HelloVerifyRequest, register NULL callbacks. |
| 1407 | * |
| 1408 | * \warning Disabling hello verification allows your server to be used |
| 1409 | * for amplification in DoS attacks against other hosts. |
| 1410 | * Only disable if you known this can't happen in your |
| 1411 | * particular environment. |
| 1412 | * |
Manuel Pégourié-Gonnard | d36e33f | 2015-05-05 10:45:39 +0200 | [diff] [blame] | 1413 | * \param conf SSL configuration |
Manuel Pégourié-Gonnard | d485d19 | 2014-07-23 14:56:15 +0200 | [diff] [blame] | 1414 | * \param f_cookie_write Cookie write callback |
| 1415 | * \param f_cookie_check Cookie check callback |
| 1416 | * \param p_cookie Context for both callbacks |
| 1417 | */ |
Manuel Pégourié-Gonnard | 6729e79 | 2015-05-11 09:50:24 +0200 | [diff] [blame] | 1418 | void mbedtls_ssl_conf_dtls_cookies( mbedtls_ssl_config *conf, |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1419 | mbedtls_ssl_cookie_write_t *f_cookie_write, |
| 1420 | mbedtls_ssl_cookie_check_t *f_cookie_check, |
Manuel Pégourié-Gonnard | d485d19 | 2014-07-23 14:56:15 +0200 | [diff] [blame] | 1421 | void *p_cookie ); |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1422 | #endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */ |
Manuel Pégourié-Gonnard | 43c0218 | 2014-07-22 17:32:01 +0200 | [diff] [blame] | 1423 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1424 | #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) |
Manuel Pégourié-Gonnard | 2739313 | 2014-09-24 14:41:11 +0200 | [diff] [blame] | 1425 | /** |
| 1426 | * \brief Enable or disable anti-replay protection for DTLS. |
| 1427 | * (DTLS only, no effect on TLS.) |
Manuel Pégourié-Gonnard | a6fcffe | 2014-10-13 18:15:52 +0200 | [diff] [blame] | 1428 | * Default: enabled. |
Manuel Pégourié-Gonnard | 2739313 | 2014-09-24 14:41:11 +0200 | [diff] [blame] | 1429 | * |
Manuel Pégourié-Gonnard | d36e33f | 2015-05-05 10:45:39 +0200 | [diff] [blame] | 1430 | * \param conf SSL configuration |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1431 | * \param mode MBEDTLS_SSL_ANTI_REPLAY_ENABLED or MBEDTLS_SSL_ANTI_REPLAY_DISABLED. |
Manuel Pégourié-Gonnard | a6fcffe | 2014-10-13 18:15:52 +0200 | [diff] [blame] | 1432 | * |
| 1433 | * \warning Disabling this is a security risk unless the application |
| 1434 | * protocol handles duplicated packets in a safe way. You |
| 1435 | * should not disable this without careful consideration. |
| 1436 | * However, if your application already detects duplicated |
| 1437 | * packets and needs information about them to adjust its |
| 1438 | * transmission strategy, then you'll want to disable this. |
Manuel Pégourié-Gonnard | 2739313 | 2014-09-24 14:41:11 +0200 | [diff] [blame] | 1439 | */ |
Manuel Pégourié-Gonnard | 6729e79 | 2015-05-11 09:50:24 +0200 | [diff] [blame] | 1440 | void mbedtls_ssl_conf_dtls_anti_replay( mbedtls_ssl_config *conf, char mode ); |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1441 | #endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */ |
Manuel Pégourié-Gonnard | 2739313 | 2014-09-24 14:41:11 +0200 | [diff] [blame] | 1442 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1443 | #if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT) |
Manuel Pégourié-Gonnard | b0643d1 | 2014-10-14 18:30:36 +0200 | [diff] [blame] | 1444 | /** |
| 1445 | * \brief Set a limit on the number of records with a bad MAC |
| 1446 | * before terminating the connection. |
| 1447 | * (DTLS only, no effect on TLS.) |
| 1448 | * Default: 0 (disabled). |
| 1449 | * |
Manuel Pégourié-Gonnard | d36e33f | 2015-05-05 10:45:39 +0200 | [diff] [blame] | 1450 | * \param conf SSL configuration |
Manuel Pégourié-Gonnard | b0643d1 | 2014-10-14 18:30:36 +0200 | [diff] [blame] | 1451 | * \param limit Limit, or 0 to disable. |
| 1452 | * |
| 1453 | * \note If the limit is N, then the connection is terminated when |
| 1454 | * the Nth non-authentic record is seen. |
| 1455 | * |
| 1456 | * \note Records with an invalid header are not counted, only the |
| 1457 | * ones going through the authentication-decryption phase. |
| 1458 | * |
| 1459 | * \note This is a security trade-off related to the fact that it's |
| 1460 | * often relatively easy for an active attacker ot inject UDP |
| 1461 | * datagrams. On one hand, setting a low limit here makes it |
| 1462 | * easier for such an attacker to forcibly terminated a |
| 1463 | * connection. On the other hand, a high limit or no limit |
| 1464 | * might make us waste resources checking authentication on |
| 1465 | * many bogus packets. |
| 1466 | */ |
Manuel Pégourié-Gonnard | 6729e79 | 2015-05-11 09:50:24 +0200 | [diff] [blame] | 1467 | void mbedtls_ssl_conf_dtls_badmac_limit( mbedtls_ssl_config *conf, unsigned limit ); |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1468 | #endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */ |
Manuel Pégourié-Gonnard | b0643d1 | 2014-10-14 18:30:36 +0200 | [diff] [blame] | 1469 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1470 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
Manuel Pégourié-Gonnard | 905dd24 | 2014-10-01 12:03:55 +0200 | [diff] [blame] | 1471 | /** |
| 1472 | * \brief Set retransmit timeout values for the DTLS handshale. |
| 1473 | * (DTLS only, no effect on TLS.) |
| 1474 | * |
Manuel Pégourié-Gonnard | d36e33f | 2015-05-05 10:45:39 +0200 | [diff] [blame] | 1475 | * \param conf SSL configuration |
Manuel Pégourié-Gonnard | 905dd24 | 2014-10-01 12:03:55 +0200 | [diff] [blame] | 1476 | * \param min Initial timeout value in milliseconds. |
| 1477 | * Default: 1000 (1 second). |
| 1478 | * \param max Maximum timeout value in milliseconds. |
| 1479 | * Default: 60000 (60 seconds). |
| 1480 | * |
| 1481 | * \note Default values are from RFC 6347 section 4.2.4.1. |
| 1482 | * |
| 1483 | * \note Higher values for initial timeout may increase average |
| 1484 | * handshake latency. Lower values may increase the risk of |
| 1485 | * network congestion by causing more retransmissions. |
| 1486 | */ |
Manuel Pégourié-Gonnard | 6729e79 | 2015-05-11 09:50:24 +0200 | [diff] [blame] | 1487 | void mbedtls_ssl_conf_handshake_timeout( mbedtls_ssl_config *conf, uint32_t min, uint32_t max ); |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1488 | #endif /* MBEDTLS_SSL_PROTO_DTLS */ |
Manuel Pégourié-Gonnard | 2739313 | 2014-09-24 14:41:11 +0200 | [diff] [blame] | 1489 | |
Manuel Pégourié-Gonnard | cc3195e | 2015-05-06 14:53:09 +0100 | [diff] [blame] | 1490 | #if defined(MBEDTLS_SSL_SRV_C) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1491 | /** |
Paul Bakker | 0a59707 | 2012-09-25 21:55:46 +0000 | [diff] [blame] | 1492 | * \brief Set the session cache callbacks (server-side only) |
Manuel Pégourié-Gonnard | 3e94493 | 2014-11-20 18:29:41 +0100 | [diff] [blame] | 1493 | * If not set, no session resuming is done (except if session |
| 1494 | * tickets are enabled too). |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1495 | * |
Paul Bakker | 0a59707 | 2012-09-25 21:55:46 +0000 | [diff] [blame] | 1496 | * The session cache has the responsibility to check for stale |
| 1497 | * entries based on timeout. See RFC 5246 for recommendations. |
| 1498 | * |
| 1499 | * Warning: session.peer_cert is cleared by the SSL/TLS layer on |
| 1500 | * connection shutdown, so do not cache the pointer! Either set |
| 1501 | * it to NULL or make a full copy of the certificate. |
| 1502 | * |
| 1503 | * The get callback is called once during the initial handshake |
| 1504 | * to enable session resuming. The get function has the |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1505 | * following parameters: (void *parameter, mbedtls_ssl_session *session) |
Paul Bakker | 0a59707 | 2012-09-25 21:55:46 +0000 | [diff] [blame] | 1506 | * If a valid entry is found, it should fill the master of |
| 1507 | * the session object with the cached values and return 0, |
| 1508 | * return 1 otherwise. Optionally peer_cert can be set as well |
| 1509 | * if it is properly present in cache entry. |
| 1510 | * |
| 1511 | * The set callback is called once during the initial handshake |
| 1512 | * to enable session resuming after the entire handshake has |
| 1513 | * been finished. The set function has the following parameters: |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1514 | * (void *parameter, const mbedtls_ssl_session *session). The function |
Paul Bakker | 0a59707 | 2012-09-25 21:55:46 +0000 | [diff] [blame] | 1515 | * should create a cache entry for future retrieval based on |
| 1516 | * the data in the session structure and should keep in mind |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1517 | * that the mbedtls_ssl_session object presented (and all its referenced |
Paul Bakker | 0a59707 | 2012-09-25 21:55:46 +0000 | [diff] [blame] | 1518 | * data) is cleared by the SSL/TLS layer when the connection is |
| 1519 | * terminated. It is recommended to add metadata to determine if |
| 1520 | * an entry is still valid in the future. Return 0 if |
Paul Bakker | 7a2538e | 2012-11-02 10:59:36 +0000 | [diff] [blame] | 1521 | * successfully cached, return 1 otherwise. |
Paul Bakker | 0a59707 | 2012-09-25 21:55:46 +0000 | [diff] [blame] | 1522 | * |
Manuel Pégourié-Gonnard | d36e33f | 2015-05-05 10:45:39 +0200 | [diff] [blame] | 1523 | * \param conf SSL configuration |
Manuel Pégourié-Gonnard | 5cb3308 | 2015-05-06 18:06:26 +0100 | [diff] [blame] | 1524 | * \param p_cache parmater (context) for both callbacks |
Paul Bakker | 0a59707 | 2012-09-25 21:55:46 +0000 | [diff] [blame] | 1525 | * \param f_get_cache session get callback |
Paul Bakker | 0a59707 | 2012-09-25 21:55:46 +0000 | [diff] [blame] | 1526 | * \param f_set_cache session set callback |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1527 | */ |
Manuel Pégourié-Gonnard | 6729e79 | 2015-05-11 09:50:24 +0200 | [diff] [blame] | 1528 | void mbedtls_ssl_conf_session_cache( mbedtls_ssl_config *conf, |
Manuel Pégourié-Gonnard | 5cb3308 | 2015-05-06 18:06:26 +0100 | [diff] [blame] | 1529 | void *p_cache, |
| 1530 | int (*f_get_cache)(void *, mbedtls_ssl_session *), |
| 1531 | int (*f_set_cache)(void *, const mbedtls_ssl_session *) ); |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1532 | #endif /* MBEDTLS_SSL_SRV_C */ |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1533 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1534 | #if defined(MBEDTLS_SSL_CLI_C) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1535 | /** |
Paul Bakker | 0a59707 | 2012-09-25 21:55:46 +0000 | [diff] [blame] | 1536 | * \brief Request resumption of session (client-side only) |
| 1537 | * Session data is copied from presented session structure. |
| 1538 | * |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1539 | * \param ssl SSL context |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1540 | * \param session session context |
Manuel Pégourié-Gonnard | 7471803 | 2013-07-30 12:41:56 +0200 | [diff] [blame] | 1541 | * |
Manuel Pégourié-Gonnard | 06650f6 | 2013-08-02 15:34:52 +0200 | [diff] [blame] | 1542 | * \return 0 if successful, |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1543 | * MBEDTLS_ERR_SSL_MALLOC_FAILED if memory allocation failed, |
| 1544 | * MBEDTLS_ERR_SSL_BAD_INPUT_DATA if used server-side or |
Manuel Pégourié-Gonnard | 06650f6 | 2013-08-02 15:34:52 +0200 | [diff] [blame] | 1545 | * arguments are otherwise invalid |
| 1546 | * |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1547 | * \sa mbedtls_ssl_get_session() |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1548 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1549 | int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session *session ); |
| 1550 | #endif /* MBEDTLS_SSL_CLI_C */ |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1551 | |
| 1552 | /** |
Paul Bakker | cf1d73b | 2014-01-14 14:08:13 +0100 | [diff] [blame] | 1553 | * \brief Set the list of allowed ciphersuites and the preference |
| 1554 | * order. First in the list has the highest preference. |
Paul Bakker | 8f4ddae | 2013-04-15 15:09:54 +0200 | [diff] [blame] | 1555 | * (Overrides all version specific lists) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1556 | * |
Manuel Pégourié-Gonnard | eecb43c | 2015-05-12 12:56:41 +0200 | [diff] [blame] | 1557 | * The ciphersuites array is not copied, and must remain |
| 1558 | * valid for the lifetime of the ssl_config. |
| 1559 | * |
Manuel Pégourié-Gonnard | b4fe3cb | 2015-01-22 16:11:05 +0000 | [diff] [blame] | 1560 | * Note: The server uses its own preferences |
| 1561 | * over the preference of the client unless |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1562 | * MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE is defined! |
Paul Bakker | cf1d73b | 2014-01-14 14:08:13 +0100 | [diff] [blame] | 1563 | * |
Manuel Pégourié-Gonnard | d36e33f | 2015-05-05 10:45:39 +0200 | [diff] [blame] | 1564 | * \param conf SSL configuration |
Paul Bakker | e3166ce | 2011-01-27 17:40:50 +0000 | [diff] [blame] | 1565 | * \param ciphersuites 0-terminated list of allowed ciphersuites |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1566 | */ |
Manuel Pégourié-Gonnard | 6729e79 | 2015-05-11 09:50:24 +0200 | [diff] [blame] | 1567 | void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf, |
Manuel Pégourié-Gonnard | d36e33f | 2015-05-05 10:45:39 +0200 | [diff] [blame] | 1568 | const int *ciphersuites ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1569 | |
| 1570 | /** |
Paul Bakker | cf1d73b | 2014-01-14 14:08:13 +0100 | [diff] [blame] | 1571 | * \brief Set the list of allowed ciphersuites and the |
| 1572 | * preference order for a specific version of the protocol. |
Paul Bakker | 8f4ddae | 2013-04-15 15:09:54 +0200 | [diff] [blame] | 1573 | * (Only useful on the server side) |
| 1574 | * |
Manuel Pégourié-Gonnard | eecb43c | 2015-05-12 12:56:41 +0200 | [diff] [blame] | 1575 | * The ciphersuites array is not copied, and must remain |
| 1576 | * valid for the lifetime of the ssl_config. |
| 1577 | * |
Manuel Pégourié-Gonnard | d36e33f | 2015-05-05 10:45:39 +0200 | [diff] [blame] | 1578 | * \param conf SSL configuration |
Paul Bakker | 8f4ddae | 2013-04-15 15:09:54 +0200 | [diff] [blame] | 1579 | * \param ciphersuites 0-terminated list of allowed ciphersuites |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1580 | * \param major Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3 |
Paul Bakker | 8f4ddae | 2013-04-15 15:09:54 +0200 | [diff] [blame] | 1581 | * supported) |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1582 | * \param minor Minor version number (MBEDTLS_SSL_MINOR_VERSION_0, |
| 1583 | * MBEDTLS_SSL_MINOR_VERSION_1 and MBEDTLS_SSL_MINOR_VERSION_2, |
| 1584 | * MBEDTLS_SSL_MINOR_VERSION_3 supported) |
Manuel Pégourié-Gonnard | b21ca2a | 2014-02-10 13:43:33 +0100 | [diff] [blame] | 1585 | * |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1586 | * \note With DTLS, use MBEDTLS_SSL_MINOR_VERSION_2 for DTLS 1.0 |
| 1587 | * and MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2 |
Paul Bakker | 8f4ddae | 2013-04-15 15:09:54 +0200 | [diff] [blame] | 1588 | */ |
Manuel Pégourié-Gonnard | 6729e79 | 2015-05-11 09:50:24 +0200 | [diff] [blame] | 1589 | void mbedtls_ssl_conf_ciphersuites_for_version( mbedtls_ssl_config *conf, |
Paul Bakker | 8f4ddae | 2013-04-15 15:09:54 +0200 | [diff] [blame] | 1590 | const int *ciphersuites, |
| 1591 | int major, int minor ); |
| 1592 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1593 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
Paul Bakker | 8f4ddae | 2013-04-15 15:09:54 +0200 | [diff] [blame] | 1594 | /** |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1595 | * \brief Set the data required to verify peer certificate |
| 1596 | * |
Manuel Pégourié-Gonnard | bc2b771 | 2015-05-06 11:14:19 +0100 | [diff] [blame] | 1597 | * \param conf SSL configuration |
Paul Bakker | 1f9d02d | 2012-11-20 10:30:55 +0100 | [diff] [blame] | 1598 | * \param ca_chain trusted CA chain (meaning all fully trusted top-level CAs) |
Paul Bakker | 40ea7de | 2009-05-03 10:18:48 +0000 | [diff] [blame] | 1599 | * \param ca_crl trusted CA CRLs |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1600 | */ |
Manuel Pégourié-Gonnard | 6729e79 | 2015-05-11 09:50:24 +0200 | [diff] [blame] | 1601 | void mbedtls_ssl_conf_ca_chain( mbedtls_ssl_config *conf, |
Manuel Pégourié-Gonnard | bc2b771 | 2015-05-06 11:14:19 +0100 | [diff] [blame] | 1602 | mbedtls_x509_crt *ca_chain, |
| 1603 | mbedtls_x509_crl *ca_crl ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1604 | |
| 1605 | /** |
Paul Bakker | 1f9d02d | 2012-11-20 10:30:55 +0100 | [diff] [blame] | 1606 | * \brief Set own certificate chain and private key |
| 1607 | * |
Manuel Pégourié-Gonnard | 834ea85 | 2013-09-23 14:46:13 +0200 | [diff] [blame] | 1608 | * \note own_cert should contain in order from the bottom up your |
| 1609 | * certificate chain. The top certificate (self-signed) |
Paul Bakker | 1f9d02d | 2012-11-20 10:30:55 +0100 | [diff] [blame] | 1610 | * can be omitted. |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1611 | * |
Manuel Pégourié-Gonnard | 22bfa4b | 2015-05-11 08:46:37 +0200 | [diff] [blame] | 1612 | * \note On server, this function can be called multiple times to |
| 1613 | * provision more than one cert/key pair (eg one ECDSA, one |
| 1614 | * RSA with SHA-256, one RSA with SHA-1). An adequate |
| 1615 | * certificate will be selected according to the client's |
| 1616 | * advertised capabilities. In case mutliple certificates are |
| 1617 | * adequate, preference is given to the one set by the first |
| 1618 | * call to this function, then second, etc. |
| 1619 | * |
| 1620 | * \note On client, only the first call has any effect. |
Manuel Pégourié-Gonnard | 834ea85 | 2013-09-23 14:46:13 +0200 | [diff] [blame] | 1621 | * |
Manuel Pégourié-Gonnard | 17a40cd | 2015-05-10 23:17:17 +0200 | [diff] [blame] | 1622 | * \param conf SSL configuration |
Paul Bakker | 1f9d02d | 2012-11-20 10:30:55 +0100 | [diff] [blame] | 1623 | * \param own_cert own public certificate chain |
Manuel Pégourié-Gonnard | ac75523 | 2013-08-19 14:10:16 +0200 | [diff] [blame] | 1624 | * \param pk_key own private key |
Manuel Pégourié-Gonnard | 834ea85 | 2013-09-23 14:46:13 +0200 | [diff] [blame] | 1625 | * |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1626 | * \return 0 on success or MBEDTLS_ERR_SSL_MALLOC_FAILED |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1627 | */ |
Manuel Pégourié-Gonnard | 6729e79 | 2015-05-11 09:50:24 +0200 | [diff] [blame] | 1628 | int mbedtls_ssl_conf_own_cert( mbedtls_ssl_config *conf, |
Manuel Pégourié-Gonnard | 8f618a8 | 2015-05-10 21:13:36 +0200 | [diff] [blame] | 1629 | mbedtls_x509_crt *own_cert, |
| 1630 | mbedtls_pk_context *pk_key ); |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1631 | #endif /* MBEDTLS_X509_CRT_PARSE_C */ |
Paul Bakker | 43b7e35 | 2011-01-18 15:27:19 +0000 | [diff] [blame] | 1632 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1633 | #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) |
Paul Bakker | d4a56ec | 2013-04-16 18:05:29 +0200 | [diff] [blame] | 1634 | /** |
Manuel Pégourié-Gonnard | 4b68296 | 2015-05-07 15:59:54 +0100 | [diff] [blame] | 1635 | * \brief Set the Pre Shared Key (PSK) and the expected identity name |
| 1636 | * |
| 1637 | * \note This is mainly useful for clients. Servers will usually |
Manuel Pégourié-Gonnard | 6729e79 | 2015-05-11 09:50:24 +0200 | [diff] [blame] | 1638 | * want to use \c mbedtls_ssl_conf_psk_cb() instead. |
Paul Bakker | d4a56ec | 2013-04-16 18:05:29 +0200 | [diff] [blame] | 1639 | * |
Manuel Pégourié-Gonnard | 120fdbd | 2015-05-07 17:07:50 +0100 | [diff] [blame] | 1640 | * \param conf SSL configuration |
Paul Bakker | d4a56ec | 2013-04-16 18:05:29 +0200 | [diff] [blame] | 1641 | * \param psk pointer to the pre-shared key |
| 1642 | * \param psk_len pre-shared key length |
| 1643 | * \param psk_identity pointer to the pre-shared key identity |
| 1644 | * \param psk_identity_len identity key length |
Paul Bakker | 6db455e | 2013-09-18 17:29:31 +0200 | [diff] [blame] | 1645 | * |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1646 | * \return 0 if successful or MBEDTLS_ERR_SSL_MALLOC_FAILED |
Paul Bakker | d4a56ec | 2013-04-16 18:05:29 +0200 | [diff] [blame] | 1647 | */ |
Manuel Pégourié-Gonnard | 6729e79 | 2015-05-11 09:50:24 +0200 | [diff] [blame] | 1648 | int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf, |
Manuel Pégourié-Gonnard | 4b68296 | 2015-05-07 15:59:54 +0100 | [diff] [blame] | 1649 | const unsigned char *psk, size_t psk_len, |
| 1650 | const unsigned char *psk_identity, size_t psk_identity_len ); |
| 1651 | |
Paul Bakker | 6db455e | 2013-09-18 17:29:31 +0200 | [diff] [blame] | 1652 | |
| 1653 | /** |
Manuel Pégourié-Gonnard | 4b68296 | 2015-05-07 15:59:54 +0100 | [diff] [blame] | 1654 | * \brief Set the Pre Shared Key (PSK) for the current handshake |
| 1655 | * |
| 1656 | * \note This should only be called inside the PSK callback, |
Manuel Pégourié-Gonnard | 6729e79 | 2015-05-11 09:50:24 +0200 | [diff] [blame] | 1657 | * ie the function passed to \c mbedtls_ssl_conf_psk_cb(). |
Manuel Pégourié-Gonnard | 4b68296 | 2015-05-07 15:59:54 +0100 | [diff] [blame] | 1658 | * |
| 1659 | * \param ssl SSL context |
| 1660 | * \param psk pointer to the pre-shared key |
| 1661 | * \param psk_len pre-shared key length |
| 1662 | * |
| 1663 | * \return 0 if successful or MBEDTLS_ERR_SSL_MALLOC_FAILED |
| 1664 | */ |
| 1665 | int mbedtls_ssl_set_hs_psk( mbedtls_ssl_context *ssl, |
| 1666 | const unsigned char *psk, size_t psk_len ); |
| 1667 | |
| 1668 | /** |
| 1669 | * \brief Set the PSK callback (server-side only). |
Paul Bakker | 6db455e | 2013-09-18 17:29:31 +0200 | [diff] [blame] | 1670 | * |
| 1671 | * If set, the PSK callback is called for each |
| 1672 | * handshake where a PSK ciphersuite was negotiated. |
Manuel Pégourié-Gonnard | a612b44 | 2014-02-25 13:08:08 +0100 | [diff] [blame] | 1673 | * The caller provides the identity received and wants to |
Paul Bakker | 6db455e | 2013-09-18 17:29:31 +0200 | [diff] [blame] | 1674 | * receive the actual PSK data and length. |
| 1675 | * |
| 1676 | * The callback has the following parameters: (void *parameter, |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1677 | * mbedtls_ssl_context *ssl, const unsigned char *psk_identity, |
Paul Bakker | 6db455e | 2013-09-18 17:29:31 +0200 | [diff] [blame] | 1678 | * size_t identity_len) |
| 1679 | * If a valid PSK identity is found, the callback should use |
Manuel Pégourié-Gonnard | 4b68296 | 2015-05-07 15:59:54 +0100 | [diff] [blame] | 1680 | * \c mbedtls_ssl_set_hs_psk() on the ssl context to set the |
| 1681 | * correct PSK and return 0. |
Paul Bakker | 6db455e | 2013-09-18 17:29:31 +0200 | [diff] [blame] | 1682 | * Any other return value will result in a denied PSK identity. |
| 1683 | * |
Manuel Pégourié-Gonnard | 4b68296 | 2015-05-07 15:59:54 +0100 | [diff] [blame] | 1684 | * \note If you set a PSK callback using this function, then you |
| 1685 | * don't need to set a PSK key and identity using |
Manuel Pégourié-Gonnard | 6729e79 | 2015-05-11 09:50:24 +0200 | [diff] [blame] | 1686 | * \c mbedtls_ssl_conf_psk(). |
Manuel Pégourié-Gonnard | 4b68296 | 2015-05-07 15:59:54 +0100 | [diff] [blame] | 1687 | * |
Manuel Pégourié-Gonnard | d36e33f | 2015-05-05 10:45:39 +0200 | [diff] [blame] | 1688 | * \param conf SSL configuration |
Paul Bakker | 6db455e | 2013-09-18 17:29:31 +0200 | [diff] [blame] | 1689 | * \param f_psk PSK identity function |
| 1690 | * \param p_psk PSK identity parameter |
| 1691 | */ |
Manuel Pégourié-Gonnard | 6729e79 | 2015-05-11 09:50:24 +0200 | [diff] [blame] | 1692 | void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf, |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1693 | int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *, |
Paul Bakker | 6db455e | 2013-09-18 17:29:31 +0200 | [diff] [blame] | 1694 | size_t), |
| 1695 | void *p_psk ); |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1696 | #endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */ |
Paul Bakker | d4a56ec | 2013-04-16 18:05:29 +0200 | [diff] [blame] | 1697 | |
Manuel Pégourié-Gonnard | 1028b74 | 2015-05-06 17:33:07 +0100 | [diff] [blame] | 1698 | #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1699 | /** |
| 1700 | * \brief Set the Diffie-Hellman public P and G values, |
| 1701 | * read as hexadecimal strings (server-side only) |
Manuel Pégourié-Gonnard | 1028b74 | 2015-05-06 17:33:07 +0100 | [diff] [blame] | 1702 | * (Default: MBEDTLS_DHM_RFC5114_MODP_2048_[PG]) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1703 | * |
Manuel Pégourié-Gonnard | d36e33f | 2015-05-05 10:45:39 +0200 | [diff] [blame] | 1704 | * \param conf SSL configuration |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1705 | * \param dhm_P Diffie-Hellman-Merkle modulus |
| 1706 | * \param dhm_G Diffie-Hellman-Merkle generator |
| 1707 | * |
| 1708 | * \return 0 if successful |
| 1709 | */ |
Manuel Pégourié-Gonnard | 6729e79 | 2015-05-11 09:50:24 +0200 | [diff] [blame] | 1710 | int mbedtls_ssl_conf_dh_param( mbedtls_ssl_config *conf, const char *dhm_P, const char *dhm_G ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1711 | |
| 1712 | /** |
Paul Bakker | 1b57b06 | 2011-01-06 15:48:19 +0000 | [diff] [blame] | 1713 | * \brief Set the Diffie-Hellman public P and G values, |
| 1714 | * read from existing context (server-side only) |
| 1715 | * |
Manuel Pégourié-Gonnard | d36e33f | 2015-05-05 10:45:39 +0200 | [diff] [blame] | 1716 | * \param conf SSL configuration |
Paul Bakker | 1b57b06 | 2011-01-06 15:48:19 +0000 | [diff] [blame] | 1717 | * \param dhm_ctx Diffie-Hellman-Merkle context |
| 1718 | * |
| 1719 | * \return 0 if successful |
| 1720 | */ |
Manuel Pégourié-Gonnard | 6729e79 | 2015-05-11 09:50:24 +0200 | [diff] [blame] | 1721 | int mbedtls_ssl_conf_dh_param_ctx( mbedtls_ssl_config *conf, mbedtls_dhm_context *dhm_ctx ); |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1722 | #endif /* MBEDTLS_DHM_C */ |
Paul Bakker | 1b57b06 | 2011-01-06 15:48:19 +0000 | [diff] [blame] | 1723 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1724 | #if defined(MBEDTLS_SSL_SET_CURVES) |
Gergely Budai | 987bfb5 | 2014-01-19 21:48:42 +0100 | [diff] [blame] | 1725 | /** |
Manuel Pégourié-Gonnard | cd49f76 | 2014-02-04 15:14:13 +0100 | [diff] [blame] | 1726 | * \brief Set the allowed curves in order of preference. |
Manuel Pégourié-Gonnard | 5de2580 | 2014-02-03 15:56:49 +0100 | [diff] [blame] | 1727 | * (Default: all defined curves.) |
Gergely Budai | 987bfb5 | 2014-01-19 21:48:42 +0100 | [diff] [blame] | 1728 | * |
Manuel Pégourié-Gonnard | cd49f76 | 2014-02-04 15:14:13 +0100 | [diff] [blame] | 1729 | * On server: this only affects selection of the ECDHE curve; |
| 1730 | * the curves used for ECDH and ECDSA are determined by the |
| 1731 | * list of available certificates instead. |
| 1732 | * |
| 1733 | * On client: this affects the list of curves offered for any |
Manuel Pégourié-Gonnard | ab24010 | 2014-02-04 16:18:07 +0100 | [diff] [blame] | 1734 | * use. The server can override our preference order. |
| 1735 | * |
| 1736 | * Both sides: limits the set of curves used by peer to the |
| 1737 | * listed curves for any use (ECDH(E), certificates). |
Gergely Budai | 987bfb5 | 2014-01-19 21:48:42 +0100 | [diff] [blame] | 1738 | * |
Manuel Pégourié-Gonnard | d36e33f | 2015-05-05 10:45:39 +0200 | [diff] [blame] | 1739 | * \param conf SSL configuration |
Manuel Pégourié-Gonnard | cd49f76 | 2014-02-04 15:14:13 +0100 | [diff] [blame] | 1740 | * \param curves Ordered list of allowed curves, |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1741 | * terminated by MBEDTLS_ECP_DP_NONE. |
Gergely Budai | 987bfb5 | 2014-01-19 21:48:42 +0100 | [diff] [blame] | 1742 | */ |
Manuel Pégourié-Gonnard | 6729e79 | 2015-05-11 09:50:24 +0200 | [diff] [blame] | 1743 | void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf, const mbedtls_ecp_group_id *curves ); |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1744 | #endif /* MBEDTLS_SSL_SET_CURVES */ |
Gergely Budai | 987bfb5 | 2014-01-19 21:48:42 +0100 | [diff] [blame] | 1745 | |
Manuel Pégourié-Gonnard | bc2b771 | 2015-05-06 11:14:19 +0100 | [diff] [blame] | 1746 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
Paul Bakker | 1b57b06 | 2011-01-06 15:48:19 +0000 | [diff] [blame] | 1747 | /** |
Paul Bakker | 5701cdc | 2012-09-27 21:49:42 +0000 | [diff] [blame] | 1748 | * \brief Set hostname for ServerName TLS extension |
| 1749 | * (client-side only) |
Paul Bakker | 6db455e | 2013-09-18 17:29:31 +0200 | [diff] [blame] | 1750 | * |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1751 | * |
| 1752 | * \param ssl SSL context |
| 1753 | * \param hostname the server hostname |
| 1754 | * |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1755 | * \return 0 if successful or MBEDTLS_ERR_SSL_MALLOC_FAILED |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1756 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1757 | int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname ); |
Manuel Pégourié-Gonnard | bc2b771 | 2015-05-06 11:14:19 +0100 | [diff] [blame] | 1758 | #endif /* MBEDTLS_X509_CRT_PARSE_C */ |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1759 | |
Manuel Pégourié-Gonnard | bc2b771 | 2015-05-06 11:14:19 +0100 | [diff] [blame] | 1760 | #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1761 | /** |
Manuel Pégourié-Gonnard | 1af6c85 | 2015-05-10 23:10:37 +0200 | [diff] [blame] | 1762 | * \brief Set own certificate and key for the current handshake |
| 1763 | * |
Manuel Pégourié-Gonnard | 6729e79 | 2015-05-11 09:50:24 +0200 | [diff] [blame] | 1764 | * \note Same as \c mbedtls_ssl_conf_own_cert() but for use within |
Manuel Pégourié-Gonnard | 1af6c85 | 2015-05-10 23:10:37 +0200 | [diff] [blame] | 1765 | * the SNI callback. |
| 1766 | * |
| 1767 | * \param ssl SSL context |
| 1768 | * \param own_cert own public certificate chain |
| 1769 | * \param pk_key own private key |
| 1770 | * |
| 1771 | * \return 0 on success or MBEDTLS_ERR_SSL_MALLOC_FAILED |
| 1772 | */ |
| 1773 | int mbedtls_ssl_set_hs_own_cert( mbedtls_ssl_context *ssl, |
| 1774 | mbedtls_x509_crt *own_cert, |
| 1775 | mbedtls_pk_context *pk_key ); |
| 1776 | |
| 1777 | /** |
Manuel Pégourié-Gonnard | 22bfa4b | 2015-05-11 08:46:37 +0200 | [diff] [blame] | 1778 | * \brief Set the data required to verify peer certificate for the |
| 1779 | * current handshake |
| 1780 | * |
Manuel Pégourié-Gonnard | 6729e79 | 2015-05-11 09:50:24 +0200 | [diff] [blame] | 1781 | * \note Same as \c mbedtls_ssl_conf_ca_chain() but for use within |
Manuel Pégourié-Gonnard | 22bfa4b | 2015-05-11 08:46:37 +0200 | [diff] [blame] | 1782 | * the SNI callback. |
| 1783 | * |
| 1784 | * \param ssl SSL context |
| 1785 | * \param ca_chain trusted CA chain (meaning all fully trusted top-level CAs) |
| 1786 | * \param ca_crl trusted CA CRLs |
| 1787 | */ |
| 1788 | void mbedtls_ssl_set_hs_ca_chain( mbedtls_ssl_context *ssl, |
| 1789 | mbedtls_x509_crt *ca_chain, |
| 1790 | mbedtls_x509_crl *ca_crl ); |
| 1791 | |
| 1792 | /** |
Paul Bakker | 5701cdc | 2012-09-27 21:49:42 +0000 | [diff] [blame] | 1793 | * \brief Set server side ServerName TLS extension callback |
| 1794 | * (optional, server-side only). |
| 1795 | * |
| 1796 | * If set, the ServerName callback is called whenever the |
| 1797 | * server receives a ServerName TLS extension from the client |
| 1798 | * during a handshake. The ServerName callback has the |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1799 | * following parameters: (void *parameter, mbedtls_ssl_context *ssl, |
Paul Bakker | 5701cdc | 2012-09-27 21:49:42 +0000 | [diff] [blame] | 1800 | * const unsigned char *hostname, size_t len). If a suitable |
| 1801 | * certificate is found, the callback should set the |
Manuel Pégourié-Gonnard | 22bfa4b | 2015-05-11 08:46:37 +0200 | [diff] [blame] | 1802 | * certificate(s) and key(s) to use with \c |
| 1803 | * mbedtls_ssl_set_hs_own_cert() (can be called repeatedly), |
| 1804 | * and optionally adjust the CA with \c |
| 1805 | * mbedtls_ssl_set_hs_ca_chain() and return 0. The callback |
| 1806 | * should return -1 to abort the handshake at this point. |
Paul Bakker | 5701cdc | 2012-09-27 21:49:42 +0000 | [diff] [blame] | 1807 | * |
Manuel Pégourié-Gonnard | d36e33f | 2015-05-05 10:45:39 +0200 | [diff] [blame] | 1808 | * \param conf SSL configuration |
Paul Bakker | 5701cdc | 2012-09-27 21:49:42 +0000 | [diff] [blame] | 1809 | * \param f_sni verification function |
| 1810 | * \param p_sni verification parameter |
| 1811 | */ |
Manuel Pégourié-Gonnard | 6729e79 | 2015-05-11 09:50:24 +0200 | [diff] [blame] | 1812 | void mbedtls_ssl_conf_sni( mbedtls_ssl_config *conf, |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1813 | int (*f_sni)(void *, mbedtls_ssl_context *, const unsigned char *, |
Paul Bakker | 5701cdc | 2012-09-27 21:49:42 +0000 | [diff] [blame] | 1814 | size_t), |
| 1815 | void *p_sni ); |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1816 | #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ |
Paul Bakker | 5701cdc | 2012-09-27 21:49:42 +0000 | [diff] [blame] | 1817 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1818 | #if defined(MBEDTLS_SSL_ALPN) |
Manuel Pégourié-Gonnard | 7e250d4 | 2014-04-04 16:08:41 +0200 | [diff] [blame] | 1819 | /** |
| 1820 | * \brief Set the supported Application Layer Protocols. |
| 1821 | * |
Manuel Pégourié-Gonnard | d36e33f | 2015-05-05 10:45:39 +0200 | [diff] [blame] | 1822 | * \param conf SSL configuration |
Manuel Pégourié-Gonnard | 7e250d4 | 2014-04-04 16:08:41 +0200 | [diff] [blame] | 1823 | * \param protos NULL-terminated list of supported protocols, |
| 1824 | * in decreasing preference order. |
Manuel Pégourié-Gonnard | 0b874dc | 2014-04-07 10:57:45 +0200 | [diff] [blame] | 1825 | * |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1826 | * \return 0 on success, or MBEDTLS_ERR_SSL_BAD_INPUT_DATA. |
Manuel Pégourié-Gonnard | 7e250d4 | 2014-04-04 16:08:41 +0200 | [diff] [blame] | 1827 | */ |
Manuel Pégourié-Gonnard | 6729e79 | 2015-05-11 09:50:24 +0200 | [diff] [blame] | 1828 | int mbedtls_ssl_conf_alpn_protocols( mbedtls_ssl_config *conf, const char **protos ); |
Manuel Pégourié-Gonnard | 7e250d4 | 2014-04-04 16:08:41 +0200 | [diff] [blame] | 1829 | |
| 1830 | /** |
| 1831 | * \brief Get the name of the negotiated Application Layer Protocol. |
| 1832 | * This function should be called after the handshake is |
| 1833 | * completed. |
| 1834 | * |
| 1835 | * \param ssl SSL context |
| 1836 | * |
| 1837 | * \return Protcol name, or NULL if no protocol was negotiated. |
| 1838 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1839 | const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl ); |
| 1840 | #endif /* MBEDTLS_SSL_ALPN */ |
Manuel Pégourié-Gonnard | 7e250d4 | 2014-04-04 16:08:41 +0200 | [diff] [blame] | 1841 | |
Paul Bakker | 5701cdc | 2012-09-27 21:49:42 +0000 | [diff] [blame] | 1842 | /** |
Paul Bakker | 490ecc8 | 2011-10-06 13:04:09 +0000 | [diff] [blame] | 1843 | * \brief Set the maximum supported version sent from the client side |
Paul Bakker | 2fbefde | 2013-06-29 16:01:15 +0200 | [diff] [blame] | 1844 | * and/or accepted at the server side |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1845 | * (Default: MBEDTLS_SSL_MAX_MAJOR_VERSION, MBEDTLS_SSL_MAX_MINOR_VERSION) |
Paul Bakker | 2fbefde | 2013-06-29 16:01:15 +0200 | [diff] [blame] | 1846 | * |
Manuel Pégourié-Gonnard | 01e5e8c | 2015-05-11 10:11:56 +0200 | [diff] [blame] | 1847 | * \note This ignores ciphersuites from higher versions. |
| 1848 | * |
| 1849 | * \note With DTLS, use MBEDTLS_SSL_MINOR_VERSION_2 for DTLS 1.0 and |
| 1850 | * MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2 |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 1851 | * |
Manuel Pégourié-Gonnard | d36e33f | 2015-05-05 10:45:39 +0200 | [diff] [blame] | 1852 | * \param conf SSL configuration |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1853 | * \param major Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3 supported) |
| 1854 | * \param minor Minor version number (MBEDTLS_SSL_MINOR_VERSION_0, |
| 1855 | * MBEDTLS_SSL_MINOR_VERSION_1 and MBEDTLS_SSL_MINOR_VERSION_2, |
| 1856 | * MBEDTLS_SSL_MINOR_VERSION_3 supported) |
Paul Bakker | 490ecc8 | 2011-10-06 13:04:09 +0000 | [diff] [blame] | 1857 | */ |
Manuel Pégourié-Gonnard | 01e5e8c | 2015-05-11 10:11:56 +0200 | [diff] [blame] | 1858 | void mbedtls_ssl_conf_max_version( mbedtls_ssl_config *conf, int major, int minor ); |
Paul Bakker | 490ecc8 | 2011-10-06 13:04:09 +0000 | [diff] [blame] | 1859 | |
Paul Bakker | 1d29fb5 | 2012-09-28 13:28:45 +0000 | [diff] [blame] | 1860 | /** |
| 1861 | * \brief Set the minimum accepted SSL/TLS protocol version |
Manuel Pégourié-Gonnard | 8c8be1e | 2015-03-31 14:21:11 +0200 | [diff] [blame] | 1862 | * (Default: TLS 1.0) |
Paul Bakker | d2f068e | 2013-08-27 21:19:20 +0200 | [diff] [blame] | 1863 | * |
Manuel Pégourié-Gonnard | 448ea50 | 2015-01-12 11:40:14 +0100 | [diff] [blame] | 1864 | * \note Input outside of the SSL_MAX_XXXXX_VERSION and |
| 1865 | * SSL_MIN_XXXXX_VERSION range is ignored. |
| 1866 | * |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1867 | * \note MBEDTLS_SSL_MINOR_VERSION_0 (SSL v3) should be avoided. |
Paul Bakker | 1d29fb5 | 2012-09-28 13:28:45 +0000 | [diff] [blame] | 1868 | * |
Manuel Pégourié-Gonnard | 01e5e8c | 2015-05-11 10:11:56 +0200 | [diff] [blame] | 1869 | * \note With DTLS, use MBEDTLS_SSL_MINOR_VERSION_2 for DTLS 1.0 and |
| 1870 | * MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2 |
| 1871 | * |
Manuel Pégourié-Gonnard | d36e33f | 2015-05-05 10:45:39 +0200 | [diff] [blame] | 1872 | * \param conf SSL configuration |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1873 | * \param major Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3 supported) |
| 1874 | * \param minor Minor version number (MBEDTLS_SSL_MINOR_VERSION_0, |
| 1875 | * MBEDTLS_SSL_MINOR_VERSION_1 and MBEDTLS_SSL_MINOR_VERSION_2, |
| 1876 | * MBEDTLS_SSL_MINOR_VERSION_3 supported) |
Paul Bakker | 1d29fb5 | 2012-09-28 13:28:45 +0000 | [diff] [blame] | 1877 | */ |
Manuel Pégourié-Gonnard | 01e5e8c | 2015-05-11 10:11:56 +0200 | [diff] [blame] | 1878 | void mbedtls_ssl_conf_min_version( mbedtls_ssl_config *conf, int major, int minor ); |
Paul Bakker | 1d29fb5 | 2012-09-28 13:28:45 +0000 | [diff] [blame] | 1879 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1880 | #if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C) |
Manuel Pégourié-Gonnard | 1cbd39d | 2014-10-20 13:34:59 +0200 | [diff] [blame] | 1881 | /** |
| 1882 | * \brief Set the fallback flag (client-side only). |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1883 | * (Default: MBEDTLS_SSL_IS_NOT_FALLBACK). |
Manuel Pégourié-Gonnard | 1cbd39d | 2014-10-20 13:34:59 +0200 | [diff] [blame] | 1884 | * |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1885 | * \note Set to MBEDTLS_SSL_IS_FALLBACK when preparing a fallback |
Manuel Pégourié-Gonnard | 1cbd39d | 2014-10-20 13:34:59 +0200 | [diff] [blame] | 1886 | * connection, that is a connection with max_version set to a |
| 1887 | * lower value than the value you're willing to use. Such |
| 1888 | * fallback connections are not recommended but are sometimes |
| 1889 | * necessary to interoperate with buggy (version-intolerant) |
| 1890 | * servers. |
| 1891 | * |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1892 | * \warning You should NOT set this to MBEDTLS_SSL_IS_FALLBACK for |
Manuel Pégourié-Gonnard | 1cbd39d | 2014-10-20 13:34:59 +0200 | [diff] [blame] | 1893 | * non-fallback connections! This would appear to work for a |
| 1894 | * while, then cause failures when the server is upgraded to |
| 1895 | * support a newer TLS version. |
| 1896 | * |
Manuel Pégourié-Gonnard | 684b059 | 2015-05-06 09:27:31 +0100 | [diff] [blame] | 1897 | * \param conf SSL configuration |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1898 | * \param fallback MBEDTLS_SSL_IS_NOT_FALLBACK or MBEDTLS_SSL_IS_FALLBACK |
Manuel Pégourié-Gonnard | 1cbd39d | 2014-10-20 13:34:59 +0200 | [diff] [blame] | 1899 | */ |
Manuel Pégourié-Gonnard | 6729e79 | 2015-05-11 09:50:24 +0200 | [diff] [blame] | 1900 | void mbedtls_ssl_conf_fallback( mbedtls_ssl_config *conf, char fallback ); |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1901 | #endif /* MBEDTLS_SSL_FALLBACK_SCSV && MBEDTLS_SSL_CLI_C */ |
Manuel Pégourié-Gonnard | 1cbd39d | 2014-10-20 13:34:59 +0200 | [diff] [blame] | 1902 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1903 | #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) |
Manuel Pégourié-Gonnard | 699cafa | 2014-10-27 13:57:03 +0100 | [diff] [blame] | 1904 | /** |
| 1905 | * \brief Enable or disable Encrypt-then-MAC |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1906 | * (Default: MBEDTLS_SSL_ETM_ENABLED) |
Manuel Pégourié-Gonnard | 699cafa | 2014-10-27 13:57:03 +0100 | [diff] [blame] | 1907 | * |
| 1908 | * \note This should always be enabled, it is a security |
| 1909 | * improvement, and should not cause any interoperability |
| 1910 | * issue (used only if the peer supports it too). |
| 1911 | * |
Manuel Pégourié-Gonnard | d36e33f | 2015-05-05 10:45:39 +0200 | [diff] [blame] | 1912 | * \param conf SSL configuration |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1913 | * \param etm MBEDTLS_SSL_ETM_ENABLED or MBEDTLS_SSL_ETM_DISABLED |
Manuel Pégourié-Gonnard | 699cafa | 2014-10-27 13:57:03 +0100 | [diff] [blame] | 1914 | */ |
Manuel Pégourié-Gonnard | 6729e79 | 2015-05-11 09:50:24 +0200 | [diff] [blame] | 1915 | void mbedtls_ssl_conf_encrypt_then_mac( mbedtls_ssl_config *conf, char etm ); |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1916 | #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ |
Manuel Pégourié-Gonnard | 699cafa | 2014-10-27 13:57:03 +0100 | [diff] [blame] | 1917 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1918 | #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) |
Manuel Pégourié-Gonnard | 367381f | 2014-10-20 18:40:56 +0200 | [diff] [blame] | 1919 | /** |
| 1920 | * \brief Enable or disable Extended Master Secret negotiation. |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1921 | * (Default: MBEDTLS_SSL_EXTENDED_MS_ENABLED) |
Manuel Pégourié-Gonnard | 367381f | 2014-10-20 18:40:56 +0200 | [diff] [blame] | 1922 | * |
| 1923 | * \note This should always be enabled, it is a security fix to the |
| 1924 | * protocol, and should not cause any interoperability issue |
| 1925 | * (used only if the peer supports it too). |
| 1926 | * |
Manuel Pégourié-Gonnard | d36e33f | 2015-05-05 10:45:39 +0200 | [diff] [blame] | 1927 | * \param conf SSL configuration |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1928 | * \param ems MBEDTLS_SSL_EXTENDED_MS_ENABLED or MBEDTLS_SSL_EXTENDED_MS_DISABLED |
Manuel Pégourié-Gonnard | 367381f | 2014-10-20 18:40:56 +0200 | [diff] [blame] | 1929 | */ |
Manuel Pégourié-Gonnard | 6729e79 | 2015-05-11 09:50:24 +0200 | [diff] [blame] | 1930 | void mbedtls_ssl_conf_extended_master_secret( mbedtls_ssl_config *conf, char ems ); |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1931 | #endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */ |
Manuel Pégourié-Gonnard | 367381f | 2014-10-20 18:40:56 +0200 | [diff] [blame] | 1932 | |
Manuel Pégourié-Gonnard | bd47a58 | 2015-01-12 13:43:29 +0100 | [diff] [blame] | 1933 | /** |
| 1934 | * \brief Disable or enable support for RC4 |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1935 | * (Default: MBEDTLS_SSL_ARC4_DISABLED) |
Manuel Pégourié-Gonnard | bd47a58 | 2015-01-12 13:43:29 +0100 | [diff] [blame] | 1936 | * |
Manuel Pégourié-Gonnard | 849b174 | 2015-03-20 19:13:22 +0000 | [diff] [blame] | 1937 | * \warning Use of RC4 in (D)TLS has been prohibited by RFC ???? |
| 1938 | * for security reasons. Use at your own risks. |
Manuel Pégourié-Gonnard | bd47a58 | 2015-01-12 13:43:29 +0100 | [diff] [blame] | 1939 | * |
| 1940 | * \note This function will likely be removed in future versions as |
| 1941 | * RC4 will then be disabled by default at compile time. |
| 1942 | * |
Manuel Pégourié-Gonnard | d36e33f | 2015-05-05 10:45:39 +0200 | [diff] [blame] | 1943 | * \param conf SSL configuration |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1944 | * \param arc4 MBEDTLS_SSL_ARC4_ENABLED or MBEDTLS_SSL_ARC4_DISABLED |
Manuel Pégourié-Gonnard | bd47a58 | 2015-01-12 13:43:29 +0100 | [diff] [blame] | 1945 | */ |
Manuel Pégourié-Gonnard | 6729e79 | 2015-05-11 09:50:24 +0200 | [diff] [blame] | 1946 | void mbedtls_ssl_conf_arc4_support( mbedtls_ssl_config *conf, char arc4 ); |
Manuel Pégourié-Gonnard | bd47a58 | 2015-01-12 13:43:29 +0100 | [diff] [blame] | 1947 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1948 | #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) |
Paul Bakker | 490ecc8 | 2011-10-06 13:04:09 +0000 | [diff] [blame] | 1949 | /** |
Manuel Pégourié-Gonnard | 8b46459 | 2013-07-16 12:45:26 +0200 | [diff] [blame] | 1950 | * \brief Set the maximum fragment length to emit and/or negotiate |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1951 | * (Default: MBEDTLS_SSL_MAX_CONTENT_LEN, usually 2^14 bytes) |
Manuel Pégourié-Gonnard | 8b46459 | 2013-07-16 12:45:26 +0200 | [diff] [blame] | 1952 | * (Server: set maximum fragment length to emit, |
| 1953 | * usually negotiated by the client during handshake |
| 1954 | * (Client: set maximum fragment length to emit *and* |
| 1955 | * negotiate with the server during handshake) |
| 1956 | * |
Manuel Pégourié-Gonnard | 6bf89d6 | 2015-05-05 17:01:57 +0100 | [diff] [blame] | 1957 | * \param conf SSL configuration |
Paul Bakker | dcbfdcc | 2013-09-10 16:16:50 +0200 | [diff] [blame] | 1958 | * \param mfl_code Code for maximum fragment length (allowed values: |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1959 | * MBEDTLS_SSL_MAX_FRAG_LEN_512, MBEDTLS_SSL_MAX_FRAG_LEN_1024, |
| 1960 | * MBEDTLS_SSL_MAX_FRAG_LEN_2048, MBEDTLS_SSL_MAX_FRAG_LEN_4096) |
Manuel Pégourié-Gonnard | 8b46459 | 2013-07-16 12:45:26 +0200 | [diff] [blame] | 1961 | * |
Manuel Pégourié-Gonnard | eecb43c | 2015-05-12 12:56:41 +0200 | [diff] [blame] | 1962 | * \return 0 if successful or MBEDTLS_ERR_SSL_BAD_INPUT_DATA |
Manuel Pégourié-Gonnard | 8b46459 | 2013-07-16 12:45:26 +0200 | [diff] [blame] | 1963 | */ |
Manuel Pégourié-Gonnard | 6729e79 | 2015-05-11 09:50:24 +0200 | [diff] [blame] | 1964 | int mbedtls_ssl_conf_max_frag_len( mbedtls_ssl_config *conf, unsigned char mfl_code ); |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1965 | #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ |
Manuel Pégourié-Gonnard | 8b46459 | 2013-07-16 12:45:26 +0200 | [diff] [blame] | 1966 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1967 | #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) |
Manuel Pégourié-Gonnard | 8b46459 | 2013-07-16 12:45:26 +0200 | [diff] [blame] | 1968 | /** |
Manuel Pégourié-Gonnard | e117a8f | 2015-01-09 12:39:35 +0100 | [diff] [blame] | 1969 | * \brief Activate negotiation of truncated HMAC |
Manuel Pégourié-Gonnard | 662c6e8 | 2015-05-06 17:39:23 +0100 | [diff] [blame] | 1970 | * (Default: MBEDTLS_SSL_TRUNC_HMAC_DISABLED) |
Manuel Pégourié-Gonnard | e980a99 | 2013-07-19 11:08:52 +0200 | [diff] [blame] | 1971 | * |
Manuel Pégourié-Gonnard | d36e33f | 2015-05-05 10:45:39 +0200 | [diff] [blame] | 1972 | * \param conf SSL configuration |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1973 | * \param truncate Enable or disable (MBEDTLS_SSL_TRUNC_HMAC_ENABLED or |
| 1974 | * MBEDTLS_SSL_TRUNC_HMAC_DISABLED) |
Manuel Pégourié-Gonnard | e980a99 | 2013-07-19 11:08:52 +0200 | [diff] [blame] | 1975 | */ |
Manuel Pégourié-Gonnard | 01e5e8c | 2015-05-11 10:11:56 +0200 | [diff] [blame] | 1976 | void mbedtls_ssl_conf_truncated_hmac( mbedtls_ssl_config *conf, int truncate ); |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1977 | #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ |
Manuel Pégourié-Gonnard | e980a99 | 2013-07-19 11:08:52 +0200 | [diff] [blame] | 1978 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1979 | #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) |
Manuel Pégourié-Gonnard | cfa477e | 2015-01-07 14:50:54 +0100 | [diff] [blame] | 1980 | /** |
| 1981 | * \brief Enable / Disable 1/n-1 record splitting |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1982 | * (Default: MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED) |
Manuel Pégourié-Gonnard | cfa477e | 2015-01-07 14:50:54 +0100 | [diff] [blame] | 1983 | * |
| 1984 | * \note Only affects SSLv3 and TLS 1.0, not higher versions. |
| 1985 | * Does not affect non-CBC ciphersuites in any version. |
| 1986 | * |
Manuel Pégourié-Gonnard | 17eab2b | 2015-05-05 16:34:53 +0100 | [diff] [blame] | 1987 | * \param conf SSL configuration |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1988 | * \param split MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED or |
| 1989 | * MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED |
Manuel Pégourié-Gonnard | cfa477e | 2015-01-07 14:50:54 +0100 | [diff] [blame] | 1990 | */ |
Manuel Pégourié-Gonnard | 6729e79 | 2015-05-11 09:50:24 +0200 | [diff] [blame] | 1991 | void mbedtls_ssl_conf_cbc_record_splitting( mbedtls_ssl_config *conf, char split ); |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1992 | #endif /* MBEDTLS_SSL_CBC_RECORD_SPLITTING */ |
Manuel Pégourié-Gonnard | cfa477e | 2015-01-07 14:50:54 +0100 | [diff] [blame] | 1993 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1994 | #if defined(MBEDTLS_SSL_SESSION_TICKETS) |
Manuel Pégourié-Gonnard | e980a99 | 2013-07-19 11:08:52 +0200 | [diff] [blame] | 1995 | /** |
Manuel Pégourié-Gonnard | aa0d4d1 | 2013-08-03 13:02:31 +0200 | [diff] [blame] | 1996 | * \brief Enable / Disable session tickets |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 1997 | * (Default: MBEDTLS_SSL_SESSION_TICKETS_ENABLED on client, |
| 1998 | * MBEDTLS_SSL_SESSION_TICKETS_DISABLED on server) |
Manuel Pégourié-Gonnard | aa0d4d1 | 2013-08-03 13:02:31 +0200 | [diff] [blame] | 1999 | * |
Manuel Pégourié-Gonnard | 6729e79 | 2015-05-11 09:50:24 +0200 | [diff] [blame] | 2000 | * \note On server, mbedtls_ssl_conf_rng() must be called before this function |
Manuel Pégourié-Gonnard | aa0d4d1 | 2013-08-03 13:02:31 +0200 | [diff] [blame] | 2001 | * to allow generating the ticket encryption and |
| 2002 | * authentication keys. |
| 2003 | * |
Manuel Pégourié-Gonnard | 2b49445 | 2015-05-06 10:05:11 +0100 | [diff] [blame] | 2004 | * \param conf SSL configuration |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 2005 | * \param use_tickets Enable or disable (MBEDTLS_SSL_SESSION_TICKETS_ENABLED or |
| 2006 | * MBEDTLS_SSL_SESSION_TICKETS_DISABLED) |
Manuel Pégourié-Gonnard | aa0d4d1 | 2013-08-03 13:02:31 +0200 | [diff] [blame] | 2007 | * |
Manuel Pégourié-Gonnard | eecb43c | 2015-05-12 12:56:41 +0200 | [diff] [blame] | 2008 | * \return 0 if successful, |
Manuel Pégourié-Gonnard | aa0d4d1 | 2013-08-03 13:02:31 +0200 | [diff] [blame] | 2009 | * or a specific error code (server only). |
| 2010 | */ |
Manuel Pégourié-Gonnard | 6729e79 | 2015-05-11 09:50:24 +0200 | [diff] [blame] | 2011 | int mbedtls_ssl_conf_session_tickets( mbedtls_ssl_config *conf, int use_tickets ); |
Paul Bakker | 606b4ba | 2013-08-14 16:52:14 +0200 | [diff] [blame] | 2012 | |
| 2013 | /** |
| 2014 | * \brief Set session ticket lifetime (server only) |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 2015 | * (Default: MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME (86400 secs / 1 day)) |
Paul Bakker | 606b4ba | 2013-08-14 16:52:14 +0200 | [diff] [blame] | 2016 | * |
Manuel Pégourié-Gonnard | d36e33f | 2015-05-05 10:45:39 +0200 | [diff] [blame] | 2017 | * \param conf SSL configuration |
Paul Bakker | 606b4ba | 2013-08-14 16:52:14 +0200 | [diff] [blame] | 2018 | * \param lifetime session ticket lifetime |
| 2019 | */ |
Manuel Pégourié-Gonnard | 6729e79 | 2015-05-11 09:50:24 +0200 | [diff] [blame] | 2020 | void mbedtls_ssl_conf_session_ticket_lifetime( mbedtls_ssl_config *conf, int lifetime ); |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 2021 | #endif /* MBEDTLS_SSL_SESSION_TICKETS */ |
Manuel Pégourié-Gonnard | aa0d4d1 | 2013-08-03 13:02:31 +0200 | [diff] [blame] | 2022 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 2023 | #if defined(MBEDTLS_SSL_RENEGOTIATION) |
Manuel Pégourié-Gonnard | aa0d4d1 | 2013-08-03 13:02:31 +0200 | [diff] [blame] | 2024 | /** |
Paul Bakker | 09f097d | 2012-10-23 11:54:56 +0000 | [diff] [blame] | 2025 | * \brief Enable / Disable renegotiation support for connection when |
| 2026 | * initiated by peer |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 2027 | * (Default: MBEDTLS_SSL_RENEGOTIATION_DISABLED) |
Paul Bakker | 09f097d | 2012-10-23 11:54:56 +0000 | [diff] [blame] | 2028 | * |
| 2029 | * Note: A server with support enabled is more vulnerable for a |
Paul Bakker | 7c90078 | 2012-11-04 16:29:08 +0000 | [diff] [blame] | 2030 | * resource DoS by a malicious client. You should enable this on |
| 2031 | * a client to enable server-initiated renegotiation. |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 2032 | * |
Manuel Pégourié-Gonnard | d36e33f | 2015-05-05 10:45:39 +0200 | [diff] [blame] | 2033 | * \param conf SSL configuration |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 2034 | * \param renegotiation Enable or disable (MBEDTLS_SSL_RENEGOTIATION_ENABLED or |
| 2035 | * MBEDTLS_SSL_RENEGOTIATION_DISABLED) |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 2036 | */ |
Manuel Pégourié-Gonnard | 6729e79 | 2015-05-11 09:50:24 +0200 | [diff] [blame] | 2037 | void mbedtls_ssl_conf_renegotiation( mbedtls_ssl_config *conf, int renegotiation ); |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 2038 | #endif /* MBEDTLS_SSL_RENEGOTIATION */ |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 2039 | |
| 2040 | /** |
| 2041 | * \brief Prevent or allow legacy renegotiation. |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 2042 | * (Default: MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION) |
Paul Bakker | 9af723c | 2014-05-01 13:03:14 +0200 | [diff] [blame] | 2043 | * |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 2044 | * MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION allows connections to |
Paul Bakker | d0f6fa7 | 2012-09-17 09:18:12 +0000 | [diff] [blame] | 2045 | * be established even if the peer does not support |
| 2046 | * secure renegotiation, but does not allow renegotiation |
| 2047 | * to take place if not secure. |
| 2048 | * (Interoperable and secure option) |
| 2049 | * |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 2050 | * MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION allows renegotiations |
Paul Bakker | d0f6fa7 | 2012-09-17 09:18:12 +0000 | [diff] [blame] | 2051 | * with non-upgraded peers. Allowing legacy renegotiation |
| 2052 | * makes the connection vulnerable to specific man in the |
| 2053 | * middle attacks. (See RFC 5746) |
| 2054 | * (Most interoperable and least secure option) |
| 2055 | * |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 2056 | * MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE breaks off connections |
Paul Bakker | d0f6fa7 | 2012-09-17 09:18:12 +0000 | [diff] [blame] | 2057 | * if peer does not support secure renegotiation. Results |
| 2058 | * in interoperability issues with non-upgraded peers |
| 2059 | * that do not support renegotiation altogether. |
| 2060 | * (Most secure option, interoperability issues) |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 2061 | * |
Manuel Pégourié-Gonnard | d36e33f | 2015-05-05 10:45:39 +0200 | [diff] [blame] | 2062 | * \param conf SSL configuration |
Paul Bakker | 6831c4a | 2012-11-07 19:46:27 +0000 | [diff] [blame] | 2063 | * \param allow_legacy Prevent or allow (SSL_NO_LEGACY_RENEGOTIATION, |
| 2064 | * SSL_ALLOW_LEGACY_RENEGOTIATION or |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 2065 | * MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE) |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 2066 | */ |
Manuel Pégourié-Gonnard | 6729e79 | 2015-05-11 09:50:24 +0200 | [diff] [blame] | 2067 | void mbedtls_ssl_conf_legacy_renegotiation( mbedtls_ssl_config *conf, int allow_legacy ); |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 2068 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 2069 | #if defined(MBEDTLS_SSL_RENEGOTIATION) |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 2070 | /** |
Manuel Pégourié-Gonnard | df3acd8 | 2014-10-15 15:07:45 +0200 | [diff] [blame] | 2071 | * \brief Enforce renegotiation requests. |
Manuel Pégourié-Gonnard | a9964db | 2014-07-03 19:29:16 +0200 | [diff] [blame] | 2072 | * (Default: enforced, max_records = 16) |
Manuel Pégourié-Gonnard | a9964db | 2014-07-03 19:29:16 +0200 | [diff] [blame] | 2073 | * |
Manuel Pégourié-Gonnard | 44ade65 | 2014-08-19 13:58:40 +0200 | [diff] [blame] | 2074 | * When we request a renegotiation, the peer can comply or |
| 2075 | * ignore the request. This function allows us to decide |
| 2076 | * whether to enforce our renegotiation requests by closing |
| 2077 | * the connection if the peer doesn't comply. |
Manuel Pégourié-Gonnard | a9964db | 2014-07-03 19:29:16 +0200 | [diff] [blame] | 2078 | * |
Manuel Pégourié-Gonnard | 44ade65 | 2014-08-19 13:58:40 +0200 | [diff] [blame] | 2079 | * However, records could already be in transit from the peer |
| 2080 | * when the request is emitted. In order to increase |
| 2081 | * reliability, we can accept a number of records before the |
| 2082 | * expected handshake records. |
Manuel Pégourié-Gonnard | a9964db | 2014-07-03 19:29:16 +0200 | [diff] [blame] | 2083 | * |
| 2084 | * The optimal value is highly dependent on the specific usage |
| 2085 | * scenario. |
| 2086 | * |
Manuel Pégourié-Gonnard | df3acd8 | 2014-10-15 15:07:45 +0200 | [diff] [blame] | 2087 | * \note With DTLS and server-initiated renegotiation, the |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 2088 | * HelloRequest is retransmited every time mbedtls_ssl_read() times |
Manuel Pégourié-Gonnard | df3acd8 | 2014-10-15 15:07:45 +0200 | [diff] [blame] | 2089 | * out or receives Application Data, until: |
| 2090 | * - max_records records have beens seen, if it is >= 0, or |
| 2091 | * - the number of retransmits that would happen during an |
| 2092 | * actual handshake has been reached. |
| 2093 | * Please remember the request might be lost a few times |
| 2094 | * if you consider setting max_records to a really low value. |
| 2095 | * |
Manuel Pégourié-Gonnard | 44ade65 | 2014-08-19 13:58:40 +0200 | [diff] [blame] | 2096 | * \warning On client, the grace period can only happen during |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 2097 | * mbedtls_ssl_read(), as opposed to mbedtls_ssl_write() and mbedtls_ssl_renegotiate() |
Manuel Pégourié-Gonnard | 44ade65 | 2014-08-19 13:58:40 +0200 | [diff] [blame] | 2098 | * which always behave as if max_record was 0. The reason is, |
| 2099 | * if we receive application data from the server, we need a |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 2100 | * place to write it, which only happens during mbedtls_ssl_read(). |
Manuel Pégourié-Gonnard | 44ade65 | 2014-08-19 13:58:40 +0200 | [diff] [blame] | 2101 | * |
Manuel Pégourié-Gonnard | d36e33f | 2015-05-05 10:45:39 +0200 | [diff] [blame] | 2102 | * \param conf SSL configuration |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 2103 | * \param max_records Use MBEDTLS_SSL_RENEGOTIATION_NOT_ENFORCED if you don't want to |
Manuel Pégourié-Gonnard | a9964db | 2014-07-03 19:29:16 +0200 | [diff] [blame] | 2104 | * enforce renegotiation, or a non-negative value to enforce |
| 2105 | * it but allow for a grace period of max_records records. |
| 2106 | */ |
Manuel Pégourié-Gonnard | 6729e79 | 2015-05-11 09:50:24 +0200 | [diff] [blame] | 2107 | void mbedtls_ssl_conf_renegotiation_enforced( mbedtls_ssl_config *conf, int max_records ); |
Manuel Pégourié-Gonnard | a9964db | 2014-07-03 19:29:16 +0200 | [diff] [blame] | 2108 | |
| 2109 | /** |
Manuel Pégourié-Gonnard | 837f0fe | 2014-11-05 13:58:53 +0100 | [diff] [blame] | 2110 | * \brief Set record counter threshold for periodic renegotiation. |
| 2111 | * (Default: 2^64 - 256.) |
| 2112 | * |
| 2113 | * Renegotiation is automatically triggered when a record |
| 2114 | * counter (outgoing or ingoing) crosses the defined |
| 2115 | * threshold. The default value is meant to prevent the |
| 2116 | * connection from being closed when the counter is about to |
| 2117 | * reached its maximal value (it is not allowed to wrap). |
| 2118 | * |
| 2119 | * Lower values can be used to enforce policies such as "keys |
| 2120 | * must be refreshed every N packets with cipher X". |
| 2121 | * |
Manuel Pégourié-Gonnard | d36e33f | 2015-05-05 10:45:39 +0200 | [diff] [blame] | 2122 | * \param conf SSL configuration |
Manuel Pégourié-Gonnard | 837f0fe | 2014-11-05 13:58:53 +0100 | [diff] [blame] | 2123 | * \param period The threshold value: a big-endian 64-bit number. |
| 2124 | * Set to 2^64 - 1 to disable periodic renegotiation |
| 2125 | */ |
Manuel Pégourié-Gonnard | 6729e79 | 2015-05-11 09:50:24 +0200 | [diff] [blame] | 2126 | void mbedtls_ssl_conf_renegotiation_period( mbedtls_ssl_config *conf, |
Manuel Pégourié-Gonnard | 837f0fe | 2014-11-05 13:58:53 +0100 | [diff] [blame] | 2127 | const unsigned char period[8] ); |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 2128 | #endif /* MBEDTLS_SSL_RENEGOTIATION */ |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2129 | |
Paul Bakker | 43ca69c | 2011-01-15 17:35:19 +0000 | [diff] [blame] | 2130 | /** |
| 2131 | * \brief Return the number of data bytes available to read |
| 2132 | * |
| 2133 | * \param ssl SSL context |
| 2134 | * |
| 2135 | * \return how many bytes are available in the read buffer |
| 2136 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 2137 | size_t mbedtls_ssl_get_bytes_avail( const mbedtls_ssl_context *ssl ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2138 | |
| 2139 | /** |
| 2140 | * \brief Return the result of the certificate verification |
| 2141 | * |
| 2142 | * \param ssl SSL context |
| 2143 | * |
Manuel Pégourié-Gonnard | e89163c | 2015-01-23 14:30:57 +0000 | [diff] [blame] | 2144 | * \return 0 if successful, |
| 2145 | * -1 if result is not available (eg because the handshake was |
| 2146 | * aborted too early), or |
| 2147 | * a combination of BADCERT_xxx and BADCRL_xxx flags, see |
| 2148 | * x509.h |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2149 | */ |
Manuel Pégourié-Gonnard | e6ef16f | 2015-05-11 19:54:43 +0200 | [diff] [blame] | 2150 | uint32_t mbedtls_ssl_get_verify_result( const mbedtls_ssl_context *ssl ); |
Paul Bakker | 43ca69c | 2011-01-15 17:35:19 +0000 | [diff] [blame] | 2151 | |
| 2152 | /** |
| 2153 | * \brief Return the name of the current ciphersuite |
| 2154 | * |
| 2155 | * \param ssl SSL context |
| 2156 | * |
| 2157 | * \return a string containing the ciphersuite name |
| 2158 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 2159 | const char *mbedtls_ssl_get_ciphersuite( const mbedtls_ssl_context *ssl ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2160 | |
| 2161 | /** |
Paul Bakker | 43ca69c | 2011-01-15 17:35:19 +0000 | [diff] [blame] | 2162 | * \brief Return the current SSL version (SSLv3/TLSv1/etc) |
| 2163 | * |
| 2164 | * \param ssl SSL context |
| 2165 | * |
| 2166 | * \return a string containing the SSL version |
| 2167 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 2168 | const char *mbedtls_ssl_get_version( const mbedtls_ssl_context *ssl ); |
Paul Bakker | 43ca69c | 2011-01-15 17:35:19 +0000 | [diff] [blame] | 2169 | |
Manuel Pégourié-Gonnard | 9b35f18 | 2014-10-14 17:47:31 +0200 | [diff] [blame] | 2170 | /** |
| 2171 | * \brief Return the (maximum) number of bytes added by the record |
| 2172 | * layer: header + encryption/MAC overhead (inc. padding) |
| 2173 | * |
| 2174 | * \param ssl SSL context |
| 2175 | * |
| 2176 | * \return Current maximum record expansion in bytes, or |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 2177 | * MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE if compression is |
Manuel Pégourié-Gonnard | 932e393 | 2015-04-03 16:37:14 +0200 | [diff] [blame] | 2178 | * enabled, which makes expansion much less predictable |
Manuel Pégourié-Gonnard | 9b35f18 | 2014-10-14 17:47:31 +0200 | [diff] [blame] | 2179 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 2180 | int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl ); |
Manuel Pégourié-Gonnard | 9b35f18 | 2014-10-14 17:47:31 +0200 | [diff] [blame] | 2181 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 2182 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
Paul Bakker | 43ca69c | 2011-01-15 17:35:19 +0000 | [diff] [blame] | 2183 | /** |
Paul Bakker | b0550d9 | 2012-10-30 07:51:03 +0000 | [diff] [blame] | 2184 | * \brief Return the peer certificate from the current connection |
| 2185 | * |
| 2186 | * Note: Can be NULL in case no certificate was sent during |
| 2187 | * the handshake. Different calls for the same connection can |
| 2188 | * return the same or different pointers for the same |
| 2189 | * certificate and even a different certificate altogether. |
| 2190 | * The peer cert CAN change in a single connection if |
| 2191 | * renegotiation is performed. |
| 2192 | * |
| 2193 | * \param ssl SSL context |
| 2194 | * |
| 2195 | * \return the current peer certificate |
| 2196 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 2197 | const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert( const mbedtls_ssl_context *ssl ); |
| 2198 | #endif /* MBEDTLS_X509_CRT_PARSE_C */ |
Paul Bakker | b0550d9 | 2012-10-30 07:51:03 +0000 | [diff] [blame] | 2199 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 2200 | #if defined(MBEDTLS_SSL_CLI_C) |
Paul Bakker | b0550d9 | 2012-10-30 07:51:03 +0000 | [diff] [blame] | 2201 | /** |
Manuel Pégourié-Gonnard | 7471803 | 2013-07-30 12:41:56 +0200 | [diff] [blame] | 2202 | * \brief Save session in order to resume it later (client-side only) |
| 2203 | * Session data is copied to presented session structure. |
| 2204 | * |
| 2205 | * \warning Currently, peer certificate is lost in the operation. |
| 2206 | * |
| 2207 | * \param ssl SSL context |
| 2208 | * \param session session context |
| 2209 | * |
| 2210 | * \return 0 if successful, |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 2211 | * MBEDTLS_ERR_SSL_MALLOC_FAILED if memory allocation failed, |
| 2212 | * MBEDTLS_ERR_SSL_BAD_INPUT_DATA if used server-side or |
Manuel Pégourié-Gonnard | 7471803 | 2013-07-30 12:41:56 +0200 | [diff] [blame] | 2213 | * arguments are otherwise invalid |
| 2214 | * |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 2215 | * \sa mbedtls_ssl_set_session() |
Manuel Pégourié-Gonnard | 7471803 | 2013-07-30 12:41:56 +0200 | [diff] [blame] | 2216 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 2217 | int mbedtls_ssl_get_session( const mbedtls_ssl_context *ssl, mbedtls_ssl_session *session ); |
| 2218 | #endif /* MBEDTLS_SSL_CLI_C */ |
Manuel Pégourié-Gonnard | 7471803 | 2013-07-30 12:41:56 +0200 | [diff] [blame] | 2219 | |
| 2220 | /** |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2221 | * \brief Perform the SSL handshake |
| 2222 | * |
| 2223 | * \param ssl SSL context |
| 2224 | * |
Manuel Pégourié-Gonnard | 8836994 | 2015-05-06 16:19:31 +0100 | [diff] [blame] | 2225 | * \return 0 if successful, MBEDTLS_ERR_SSL_WANT_READ, |
| 2226 | * MBEDTLS_ERR_SSL_WANT_WRITE, or a specific SSL error code. |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2227 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 2228 | int mbedtls_ssl_handshake( mbedtls_ssl_context *ssl ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2229 | |
| 2230 | /** |
Paul Bakker | 1961b70 | 2013-01-25 14:49:24 +0100 | [diff] [blame] | 2231 | * \brief Perform a single step of the SSL handshake |
| 2232 | * |
| 2233 | * Note: the state of the context (ssl->state) will be at |
| 2234 | * the following state after execution of this function. |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 2235 | * Do not call this function if state is MBEDTLS_SSL_HANDSHAKE_OVER. |
Paul Bakker | 1961b70 | 2013-01-25 14:49:24 +0100 | [diff] [blame] | 2236 | * |
| 2237 | * \param ssl SSL context |
| 2238 | * |
Manuel Pégourié-Gonnard | 8836994 | 2015-05-06 16:19:31 +0100 | [diff] [blame] | 2239 | * \return 0 if successful, MBEDTLS_ERR_SSL_WANT_READ, |
| 2240 | * MBEDTLS_ERR_SSL_WANT_WRITE, or a specific SSL error code. |
Paul Bakker | 1961b70 | 2013-01-25 14:49:24 +0100 | [diff] [blame] | 2241 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 2242 | int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl ); |
Paul Bakker | 1961b70 | 2013-01-25 14:49:24 +0100 | [diff] [blame] | 2243 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 2244 | #if defined(MBEDTLS_SSL_RENEGOTIATION) |
Paul Bakker | 1961b70 | 2013-01-25 14:49:24 +0100 | [diff] [blame] | 2245 | /** |
Manuel Pégourié-Gonnard | 9c1e189 | 2013-10-30 16:41:21 +0100 | [diff] [blame] | 2246 | * \brief Initiate an SSL renegotiation on the running connection. |
| 2247 | * Client: perform the renegotiation right now. |
| 2248 | * Server: request renegotiation, which will be performed |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 2249 | * during the next call to mbedtls_ssl_read() if honored by client. |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 2250 | * |
| 2251 | * \param ssl SSL context |
| 2252 | * |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 2253 | * \return 0 if successful, or any mbedtls_ssl_handshake() return value. |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 2254 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 2255 | int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl ); |
| 2256 | #endif /* MBEDTLS_SSL_RENEGOTIATION */ |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 2257 | |
| 2258 | /** |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2259 | * \brief Read at most 'len' application data bytes |
| 2260 | * |
| 2261 | * \param ssl SSL context |
| 2262 | * \param buf buffer that will hold the data |
Paul Bakker | 9e4ff95 | 2014-09-24 11:13:11 +0200 | [diff] [blame] | 2263 | * \param len maximum number of bytes to read |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2264 | * |
Paul Bakker | 831a755 | 2011-05-18 13:32:51 +0000 | [diff] [blame] | 2265 | * \return This function returns the number of bytes read, 0 for EOF, |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2266 | * or a negative error code. |
| 2267 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 2268 | int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2269 | |
| 2270 | /** |
| 2271 | * \brief Write exactly 'len' application data bytes |
| 2272 | * |
| 2273 | * \param ssl SSL context |
| 2274 | * \param buf buffer holding the data |
| 2275 | * \param len how many bytes must be written |
| 2276 | * |
| 2277 | * \return This function returns the number of bytes written, |
| 2278 | * or a negative error code. |
| 2279 | * |
Manuel Pégourié-Gonnard | 8836994 | 2015-05-06 16:19:31 +0100 | [diff] [blame] | 2280 | * \note When this function returns MBEDTLS_ERR_SSL_WANT_WRITE, |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2281 | * it must be called later with the *same* arguments, |
| 2282 | * until it returns a positive value. |
Manuel Pégourié-Gonnard | 37e08e1 | 2014-10-13 17:55:52 +0200 | [diff] [blame] | 2283 | * |
Manuel Pégourié-Gonnard | 8fbb01e | 2015-01-21 13:37:08 +0000 | [diff] [blame] | 2284 | * \note If the requested length is greater than the maximum |
| 2285 | * fragment length (either the built-in limit or the one set |
| 2286 | * or negotiated with the peer), then: |
| 2287 | * - with TLS, less bytes than requested are written. (In |
| 2288 | * order to write larger messages, this function should be |
| 2289 | * called in a loop.) |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 2290 | * - with DTLS, MBEDTLS_ERR_SSL_BAD_INPUT_DATA is returned. |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2291 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 2292 | int mbedtls_ssl_write( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2293 | |
| 2294 | /** |
Paul Bakker | 0a92518 | 2012-04-16 06:46:41 +0000 | [diff] [blame] | 2295 | * \brief Send an alert message |
| 2296 | * |
| 2297 | * \param ssl SSL context |
| 2298 | * \param level The alert level of the message |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 2299 | * (MBEDTLS_SSL_ALERT_LEVEL_WARNING or MBEDTLS_SSL_ALERT_LEVEL_FATAL) |
Paul Bakker | 0a92518 | 2012-04-16 06:46:41 +0000 | [diff] [blame] | 2300 | * \param message The alert message (SSL_ALERT_MSG_*) |
| 2301 | * |
Paul Bakker | 6831c4a | 2012-11-07 19:46:27 +0000 | [diff] [blame] | 2302 | * \return 0 if successful, or a specific SSL error code. |
Paul Bakker | 0a92518 | 2012-04-16 06:46:41 +0000 | [diff] [blame] | 2303 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 2304 | int mbedtls_ssl_send_alert_message( mbedtls_ssl_context *ssl, |
Paul Bakker | 0a92518 | 2012-04-16 06:46:41 +0000 | [diff] [blame] | 2305 | unsigned char level, |
| 2306 | unsigned char message ); |
| 2307 | /** |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2308 | * \brief Notify the peer that the connection is being closed |
Paul Bakker | 13e2dfe | 2009-07-28 07:18:38 +0000 | [diff] [blame] | 2309 | * |
| 2310 | * \param ssl SSL context |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2311 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 2312 | int mbedtls_ssl_close_notify( mbedtls_ssl_context *ssl ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2313 | |
| 2314 | /** |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 2315 | * \brief Free referenced items in an SSL context and clear memory |
Paul Bakker | 13e2dfe | 2009-07-28 07:18:38 +0000 | [diff] [blame] | 2316 | * |
| 2317 | * \param ssl SSL context |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2318 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 2319 | void mbedtls_ssl_free( mbedtls_ssl_context *ssl ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2320 | |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 2321 | /** |
Manuel Pégourié-Gonnard | cd523e2 | 2015-05-04 13:35:39 +0200 | [diff] [blame] | 2322 | * \brief Initialize an SSL configuration context |
| 2323 | * Just makes the context ready for |
| 2324 | * mbedtls_ssl_config_defaults() or mbedtls_ssl_free() |
| 2325 | * |
| 2326 | * \note You need to call mbedtls_ssl_config_defaults() unless you |
| 2327 | * manually set all of the relevent fields yourself. |
| 2328 | * |
| 2329 | * \param conf SSL configuration context |
| 2330 | */ |
| 2331 | void mbedtls_ssl_config_init( mbedtls_ssl_config *conf ); |
| 2332 | |
| 2333 | /** |
| 2334 | * \brief Load reasonnable default SSL configuration values. |
| 2335 | * (You need to call mbedtls_ssl_config_init() first.) |
| 2336 | * |
| 2337 | * \param conf SSL configuration context |
| 2338 | * |
Manuel Pégourié-Gonnard | 6729e79 | 2015-05-11 09:50:24 +0200 | [diff] [blame] | 2339 | * \note See \c mbedtls_ssl_conf_transport() for notes on DTLS. |
Manuel Pégourié-Gonnard | 8620f73 | 2015-05-06 14:42:06 +0100 | [diff] [blame] | 2340 | * |
Manuel Pégourié-Gonnard | cd523e2 | 2015-05-04 13:35:39 +0200 | [diff] [blame] | 2341 | * \return 0 if successful, or |
| 2342 | * MBEDTLS_ERR_XXX_ALLOC_FAILED on memorr allocation error. |
| 2343 | */ |
Manuel Pégourié-Gonnard | 419d5ae | 2015-05-04 19:32:36 +0200 | [diff] [blame] | 2344 | int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf, |
| 2345 | int endpoint, int transport ); |
Manuel Pégourié-Gonnard | cd523e2 | 2015-05-04 13:35:39 +0200 | [diff] [blame] | 2346 | |
| 2347 | /** |
| 2348 | * \brief Free an SSL configuration context |
| 2349 | * |
| 2350 | * \param conf SSL configuration context |
| 2351 | */ |
| 2352 | void mbedtls_ssl_config_free( mbedtls_ssl_config *conf ); |
| 2353 | |
| 2354 | /** |
Paul Bakker | accaffe | 2014-06-26 13:37:14 +0200 | [diff] [blame] | 2355 | * \brief Initialize SSL session structure |
| 2356 | * |
| 2357 | * \param session SSL session |
| 2358 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 2359 | void mbedtls_ssl_session_init( mbedtls_ssl_session *session ); |
Paul Bakker | accaffe | 2014-06-26 13:37:14 +0200 | [diff] [blame] | 2360 | |
| 2361 | /** |
Paul Bakker | 0a59707 | 2012-09-25 21:55:46 +0000 | [diff] [blame] | 2362 | * \brief Free referenced items in an SSL session including the |
| 2363 | * peer certificate and clear memory |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 2364 | * |
| 2365 | * \param session SSL session |
| 2366 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 2367 | void mbedtls_ssl_session_free( mbedtls_ssl_session *session ); |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 2368 | |
| 2369 | /** |
| 2370 | * \brief Free referenced items in an SSL transform context and clear |
| 2371 | * memory |
| 2372 | * |
| 2373 | * \param transform SSL transform context |
| 2374 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 2375 | void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform ); |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 2376 | |
| 2377 | /** |
| 2378 | * \brief Free referenced items in an SSL handshake context and clear |
| 2379 | * memory |
| 2380 | * |
| 2381 | * \param handshake SSL handshake context |
| 2382 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 2383 | void mbedtls_ssl_handshake_free( mbedtls_ssl_handshake_params *handshake ); |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 2384 | |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2385 | /* |
| 2386 | * Internal functions (do not call directly) |
| 2387 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 2388 | int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl ); |
| 2389 | int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl ); |
| 2390 | void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2391 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 2392 | int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl ); |
Paul Bakker | d0f6fa7 | 2012-09-17 09:18:12 +0000 | [diff] [blame] | 2393 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 2394 | void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl ); |
| 2395 | int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2396 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 2397 | int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl ); |
| 2398 | int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2399 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 2400 | int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl ); |
| 2401 | int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2402 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 2403 | int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ); |
| 2404 | int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2405 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 2406 | int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl ); |
| 2407 | int mbedtls_ssl_write_change_cipher_spec( mbedtls_ssl_context *ssl ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2408 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 2409 | int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl ); |
| 2410 | int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2411 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 2412 | void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl, |
| 2413 | const mbedtls_ssl_ciphersuite_t *ciphersuite_info ); |
Paul Bakker | 380da53 | 2012-04-18 16:10:25 +0000 | [diff] [blame] | 2414 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 2415 | #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) |
| 2416 | int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex ); |
Manuel Pégourié-Gonnard | bd1ae24 | 2013-10-14 13:09:25 +0200 | [diff] [blame] | 2417 | #endif |
| 2418 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 2419 | #if defined(MBEDTLS_PK_C) |
| 2420 | unsigned char mbedtls_ssl_sig_from_pk( mbedtls_pk_context *pk ); |
| 2421 | mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig( unsigned char sig ); |
Manuel Pégourié-Gonnard | 1a48383 | 2013-09-20 12:29:15 +0200 | [diff] [blame] | 2422 | #endif |
| 2423 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 2424 | mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash( unsigned char hash ); |
Manuel Pégourié-Gonnard | 0d42049 | 2013-08-21 16:14:26 +0200 | [diff] [blame] | 2425 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 2426 | #if defined(MBEDTLS_SSL_SET_CURVES) |
| 2427 | int mbedtls_ssl_curve_is_acceptable( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id ); |
Manuel Pégourié-Gonnard | ab24010 | 2014-02-04 16:18:07 +0100 | [diff] [blame] | 2428 | #endif |
| 2429 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 2430 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
| 2431 | static inline mbedtls_pk_context *mbedtls_ssl_own_key( mbedtls_ssl_context *ssl ) |
Manuel Pégourié-Gonnard | 834ea85 | 2013-09-23 14:46:13 +0200 | [diff] [blame] | 2432 | { |
Manuel Pégourié-Gonnard | 8f618a8 | 2015-05-10 21:13:36 +0200 | [diff] [blame] | 2433 | mbedtls_ssl_key_cert *key_cert; |
| 2434 | |
| 2435 | if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL ) |
| 2436 | key_cert = ssl->handshake->key_cert; |
| 2437 | else |
| 2438 | key_cert = ssl->conf->key_cert; |
| 2439 | |
| 2440 | return( key_cert == NULL ? NULL : key_cert->key ); |
Manuel Pégourié-Gonnard | 834ea85 | 2013-09-23 14:46:13 +0200 | [diff] [blame] | 2441 | } |
| 2442 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 2443 | static inline mbedtls_x509_crt *mbedtls_ssl_own_cert( mbedtls_ssl_context *ssl ) |
Manuel Pégourié-Gonnard | 834ea85 | 2013-09-23 14:46:13 +0200 | [diff] [blame] | 2444 | { |
Manuel Pégourié-Gonnard | 8f618a8 | 2015-05-10 21:13:36 +0200 | [diff] [blame] | 2445 | mbedtls_ssl_key_cert *key_cert; |
| 2446 | |
| 2447 | if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL ) |
| 2448 | key_cert = ssl->handshake->key_cert; |
| 2449 | else |
| 2450 | key_cert = ssl->conf->key_cert; |
| 2451 | |
| 2452 | return( key_cert == NULL ? NULL : key_cert->cert ); |
Manuel Pégourié-Gonnard | 834ea85 | 2013-09-23 14:46:13 +0200 | [diff] [blame] | 2453 | } |
Manuel Pégourié-Gonnard | 7f2a07d | 2014-04-09 09:50:57 +0200 | [diff] [blame] | 2454 | |
| 2455 | /* |
| 2456 | * Check usage of a certificate wrt extensions: |
| 2457 | * keyUsage, extendedKeyUsage (later), and nSCertType (later). |
| 2458 | * |
| 2459 | * Warning: cert_endpoint is the endpoint of the cert (ie, of our peer when we |
| 2460 | * check a cert we received from them)! |
| 2461 | * |
| 2462 | * Return 0 if everything is OK, -1 if not. |
| 2463 | */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 2464 | int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert, |
| 2465 | const mbedtls_ssl_ciphersuite_t *ciphersuite, |
Manuel Pégourié-Gonnard | e6efa6f | 2015-04-20 11:01:48 +0100 | [diff] [blame] | 2466 | int cert_endpoint, |
Manuel Pégourié-Gonnard | e6ef16f | 2015-05-11 19:54:43 +0200 | [diff] [blame] | 2467 | uint32_t *flags ); |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 2468 | #endif /* MBEDTLS_X509_CRT_PARSE_C */ |
Manuel Pégourié-Gonnard | 834ea85 | 2013-09-23 14:46:13 +0200 | [diff] [blame] | 2469 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 2470 | void mbedtls_ssl_write_version( int major, int minor, int transport, |
Manuel Pégourié-Gonnard | abc7e3b | 2014-02-11 18:15:03 +0100 | [diff] [blame] | 2471 | unsigned char ver[2] ); |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 2472 | void mbedtls_ssl_read_version( int *major, int *minor, int transport, |
Manuel Pégourié-Gonnard | abc7e3b | 2014-02-11 18:15:03 +0100 | [diff] [blame] | 2473 | const unsigned char ver[2] ); |
| 2474 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 2475 | static inline size_t mbedtls_ssl_hdr_len( const mbedtls_ssl_context *ssl ) |
Manuel Pégourié-Gonnard | 0619348 | 2014-02-14 08:39:32 +0100 | [diff] [blame] | 2476 | { |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 2477 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
Manuel Pégourié-Gonnard | 7ca4e4d | 2015-05-04 10:55:58 +0200 | [diff] [blame] | 2478 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
Manuel Pégourié-Gonnard | 0619348 | 2014-02-14 08:39:32 +0100 | [diff] [blame] | 2479 | return( 13 ); |
Manuel Pégourié-Gonnard | 34c1011 | 2014-03-25 13:36:22 +0100 | [diff] [blame] | 2480 | #else |
| 2481 | ((void) ssl); |
Manuel Pégourié-Gonnard | 0619348 | 2014-02-14 08:39:32 +0100 | [diff] [blame] | 2482 | #endif |
| 2483 | return( 5 ); |
| 2484 | } |
| 2485 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 2486 | static inline size_t mbedtls_ssl_hs_hdr_len( const mbedtls_ssl_context *ssl ) |
Manuel Pégourié-Gonnard | 9d1d719 | 2014-09-03 11:01:14 +0200 | [diff] [blame] | 2487 | { |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 2488 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
Manuel Pégourié-Gonnard | 7ca4e4d | 2015-05-04 10:55:58 +0200 | [diff] [blame] | 2489 | if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) |
Manuel Pégourié-Gonnard | 9d1d719 | 2014-09-03 11:01:14 +0200 | [diff] [blame] | 2490 | return( 12 ); |
| 2491 | #else |
| 2492 | ((void) ssl); |
| 2493 | #endif |
| 2494 | return( 4 ); |
| 2495 | } |
| 2496 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 2497 | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
| 2498 | void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl ); |
| 2499 | void mbedtls_ssl_recv_flight_completed( mbedtls_ssl_context *ssl ); |
| 2500 | int mbedtls_ssl_resend( mbedtls_ssl_context *ssl ); |
Manuel Pégourié-Gonnard | 5d8ba53 | 2014-09-19 15:09:21 +0200 | [diff] [blame] | 2501 | #endif |
| 2502 | |
Manuel Pégourié-Gonnard | 7a7e140 | 2014-09-24 10:52:58 +0200 | [diff] [blame] | 2503 | /* Visible for testing purposes only */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 2504 | #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) |
| 2505 | int mbedtls_ssl_dtls_replay_check( mbedtls_ssl_context *ssl ); |
| 2506 | void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl ); |
Manuel Pégourié-Gonnard | 7a7e140 | 2014-09-24 10:52:58 +0200 | [diff] [blame] | 2507 | #endif |
| 2508 | |
Manuel Pégourié-Gonnard | 31ff1d2 | 2013-10-28 13:46:11 +0100 | [diff] [blame] | 2509 | /* constant-time buffer comparison */ |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 2510 | static inline int mbedtls_ssl_safer_memcmp( const void *a, const void *b, size_t n ) |
Manuel Pégourié-Gonnard | 31ff1d2 | 2013-10-28 13:46:11 +0100 | [diff] [blame] | 2511 | { |
| 2512 | size_t i; |
| 2513 | const unsigned char *A = (const unsigned char *) a; |
| 2514 | const unsigned char *B = (const unsigned char *) b; |
| 2515 | unsigned char diff = 0; |
| 2516 | |
| 2517 | for( i = 0; i < n; i++ ) |
| 2518 | diff |= A[i] ^ B[i]; |
| 2519 | |
| 2520 | return( diff ); |
| 2521 | } |
| 2522 | |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 2523 | #ifdef __cplusplus |
| 2524 | } |
| 2525 | #endif |
| 2526 | |
| 2527 | #endif /* ssl.h */ |