TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / e0ccd0a7c3002602a740a7ed3338d03bd1e49a40 / . / include / polarssl / ssl.h
blob: dee88304f3aa76704c253203cac48abb4337b956 [file] [log] [blame]
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]1/**
2 * \file ssl.h
Paul Bakkere0ccd0a2009-01-04 16:27:10 +0000[diff] [blame^]3 *
4 * Based on XySSL: Copyright (C) 2006-2008 Christophe Devine
5 *
6 * Copyright (C) 2009 Paul Bakker
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License along
19 * with this program; if not, write to the Free Software Foundation, Inc.,
20 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]21 */
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]22#ifndef POLARSSL_SSL_H
23#define POLARSSL_SSL_H
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]24
25#include <time.h>
26
Paul Bakker8e831ed2009-01-03 21:24:11 +0000[diff] [blame]27#include "polarssl/net.h"
28#include "polarssl/dhm.h"
29#include "polarssl/rsa.h"
30#include "polarssl/md5.h"
31#include "polarssl/sha1.h"
32#include "polarssl/x509.h"
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]33
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]34#define POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE -0x1000
35#define POLARSSL_ERR_SSL_BAD_INPUT_DATA -0x1800
36#define POLARSSL_ERR_SSL_INVALID_MAC -0x2000
37#define POLARSSL_ERR_SSL_INVALID_RECORD -0x2800
38#define POLARSSL_ERR_SSL_INVALID_MODULUS_SIZE -0x3000
39#define POLARSSL_ERR_SSL_UNKNOWN_CIPHER -0x3800
40#define POLARSSL_ERR_SSL_NO_CIPHER_CHOSEN -0x4000
41#define POLARSSL_ERR_SSL_NO_SESSION_FOUND -0x4800
42#define POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE -0x5000
43#define POLARSSL_ERR_SSL_CERTIFICATE_TOO_LARGE -0x5800
44#define POLARSSL_ERR_SSL_CERTIFICATE_REQUIRED -0x6000
45#define POLARSSL_ERR_SSL_PRIVATE_KEY_REQUIRED -0x6800
46#define POLARSSL_ERR_SSL_CA_CHAIN_REQUIRED -0x7000
47#define POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE -0x7800
48#define POLARSSL_ERR_SSL_FATAL_ALERT_MESSAGE -0x8000
49#define POLARSSL_ERR_SSL_PEER_VERIFY_FAILED -0x8800
50#define POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY -0x9000
51#define POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO -0x9800
52#define POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO -0xA000
53#define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE -0xA800
54#define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST -0xB000
55#define POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE -0xB800
56#define POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO_DONE -0xC000
57#define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE -0xC800
58#define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY -0xD000
59#define POLARSSL_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC -0xD800
60#define POLARSSL_ERR_SSL_BAD_HS_FINISHED -0xE000
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]61
62/*
63 * Various constants
64 */
65#define SSL_MAJOR_VERSION_3 3
66#define SSL_MINOR_VERSION_0 0 /*!< SSL v3.0 */
67#define SSL_MINOR_VERSION_1 1 /*!< TLS v1.0 */
68#define SSL_MINOR_VERSION_2 2 /*!< TLS v1.1 */
69
70#define SSL_IS_CLIENT 0
71#define SSL_IS_SERVER 1
72#define SSL_COMPRESS_NULL 0
73
74#define SSL_VERIFY_NONE 0
75#define SSL_VERIFY_OPTIONAL 1
76#define SSL_VERIFY_REQUIRED 2
77
78#define SSL_MAX_CONTENT_LEN 16384
79
80/*
81 * Allow an extra 512 bytes for the record header
82 * and encryption overhead (counter + MAC + padding).
83 */
84#define SSL_BUFFER_LEN (SSL_MAX_CONTENT_LEN + 512)
85
86/*
87 * Supported ciphersuites
88 */
89#define SSL_RSA_RC4_128_MD5 4
90#define SSL_RSA_RC4_128_SHA 5
91#define SSL_RSA_DES_168_SHA 10
92#define SSL_EDH_RSA_DES_168_SHA 22
93#define SSL_RSA_AES_128_SHA 47
94#define SSL_RSA_AES_256_SHA 53
95#define SSL_EDH_RSA_AES_256_SHA 57
96
97/*
98 * Message, alert and handshake types
99 */
100#define SSL_MSG_CHANGE_CIPHER_SPEC 20
101#define SSL_MSG_ALERT 21
102#define SSL_MSG_HANDSHAKE 22
103#define SSL_MSG_APPLICATION_DATA 23
104
105#define SSL_ALERT_CLOSE_NOTIFY 0
106#define SSL_ALERT_WARNING 1
107#define SSL_ALERT_FATAL 2
108#define SSL_ALERT_NO_CERTIFICATE 41
109
110#define SSL_HS_HELLO_REQUEST 0
111#define SSL_HS_CLIENT_HELLO 1
112#define SSL_HS_SERVER_HELLO 2
113#define SSL_HS_CERTIFICATE 11
114#define SSL_HS_SERVER_KEY_EXCHANGE 12
115#define SSL_HS_CERTIFICATE_REQUEST 13
116#define SSL_HS_SERVER_HELLO_DONE 14
117#define SSL_HS_CERTIFICATE_VERIFY 15
118#define SSL_HS_CLIENT_KEY_EXCHANGE 16
119#define SSL_HS_FINISHED 20
120
121/*
122 * TLS extensions
123 */
124#define TLS_EXT_SERVERNAME 0
125#define TLS_EXT_SERVERNAME_HOSTNAME 0
126
127/*
128 * SSL state machine
129 */
130typedef enum
131{
132 SSL_HELLO_REQUEST,
133 SSL_CLIENT_HELLO,
134 SSL_SERVER_HELLO,
135 SSL_SERVER_CERTIFICATE,
136 SSL_SERVER_KEY_EXCHANGE,
137 SSL_CERTIFICATE_REQUEST,
138 SSL_SERVER_HELLO_DONE,
139 SSL_CLIENT_CERTIFICATE,
140 SSL_CLIENT_KEY_EXCHANGE,
141 SSL_CERTIFICATE_VERIFY,
142 SSL_CLIENT_CHANGE_CIPHER_SPEC,
143 SSL_CLIENT_FINISHED,
144 SSL_SERVER_CHANGE_CIPHER_SPEC,
145 SSL_SERVER_FINISHED,
146 SSL_FLUSH_BUFFERS,
147 SSL_HANDSHAKE_OVER
148}
149ssl_states;
150
151typedef struct _ssl_session ssl_session;
152typedef struct _ssl_context ssl_context;
153
154/*
155 * This structure is used for session resuming.
156 */
157struct _ssl_session
158{
159 time_t start; /*!< starting time */
160 int cipher; /*!< chosen cipher */
161 int length; /*!< session id length */
162 unsigned char id[32]; /*!< session identifier */
163 unsigned char master[48]; /*!< the master secret */
164 ssl_session *next; /*!< next session entry */
165};
166
167struct _ssl_context
168{
169 /*
170 * Miscellaneous
171 */
172 int state; /*!< SSL handshake: current state */
173
174 int major_ver; /*!< equal to SSL_MAJOR_VERSION_3 */
175 int minor_ver; /*!< either 0 (SSL3) or 1 (TLS1.0) */
176
177 int max_major_ver; /*!< max. major version from client */
178 int max_minor_ver; /*!< max. minor version from client */
179
180 /*
181 * Callbacks (RNG, debug, I/O)
182 */
183 int (*f_rng)(void *);
184 void (*f_dbg)(void *, int, char *);
185 int (*f_recv)(void *, unsigned char *, int);
186 int (*f_send)(void *, unsigned char *, int);
187
188 void *p_rng; /*!< context for the RNG function */
189 void *p_dbg; /*!< context for the debug function */
190 void *p_recv; /*!< context for reading operations */
191 void *p_send; /*!< context for writing operations */
192
193 /*
194 * Session layer
195 */
196 int resume; /*!< session resuming flag */
197 int timeout; /*!< sess. expiration time */
198 ssl_session *session; /*!< current session data */
199 int (*s_get)(ssl_context *); /*!< (server) get callback */
200 int (*s_set)(ssl_context *); /*!< (server) set callback */
201
202 /*
203 * Record layer (incoming data)
204 */
205 unsigned char *in_ctr; /*!< 64-bit incoming message counter */
206 unsigned char *in_hdr; /*!< 5-byte record header (in_ctr+8) */
207 unsigned char *in_msg; /*!< the message contents (in_hdr+5) */
208 unsigned char *in_offt; /*!< read offset in application data */
209
210 int in_msgtype; /*!< record header: message type */
211 int in_msglen; /*!< record header: message length */
212 int in_left; /*!< amount of data read so far */
213
214 int in_hslen; /*!< current handshake message length */
215 int nb_zero; /*!< # of 0-length encrypted messages */
216
217 /*
218 * Record layer (outgoing data)
219 */
220 unsigned char *out_ctr; /*!< 64-bit outgoing message counter */
221 unsigned char *out_hdr; /*!< 5-byte record header (out_ctr+8) */
222 unsigned char *out_msg; /*!< the message contents (out_hdr+5) */
223
224 int out_msgtype; /*!< record header: message type */
225 int out_msglen; /*!< record header: message length */
226 int out_left; /*!< amount of data not yet written */
227
228 /*
229 * PKI layer
230 */
231 rsa_context *rsa_key; /*!< own RSA private key */
232 x509_cert *own_cert; /*!< own X.509 certificate */
233 x509_cert *ca_chain; /*!< own trusted CA chain */
234 x509_cert *peer_cert; /*!< peer X.509 cert chain */
235 char *peer_cn; /*!< expected peer CN */
236
237 int endpoint; /*!< 0: client, 1: server */
238 int authmode; /*!< verification mode */
239 int client_auth; /*!< flag for client auth. */
240 int verify_result; /*!< verification result */
241
242 /*
243 * Crypto layer
244 */
245 dhm_context dhm_ctx; /*!< DHM key exchange */
246 md5_context fin_md5; /*!< Finished MD5 checksum */
247 sha1_context fin_sha1; /*!< Finished SHA-1 checksum */
248
249 int do_crypt; /*!< en(de)cryption flag */
250 int *ciphers; /*!< allowed ciphersuites */
251 int pmslen; /*!< premaster length */
252 int keylen; /*!< symmetric key length */
253 int minlen; /*!< min. ciphertext length */
254 int ivlen; /*!< IV length */
255 int maclen; /*!< MAC length */
256
257 unsigned char randbytes[64]; /*!< random bytes */
258 unsigned char premaster[256]; /*!< premaster secret */
259
260 unsigned char iv_enc[16]; /*!< IV (encryption) */
261 unsigned char iv_dec[16]; /*!< IV (decryption) */
262
263 unsigned char mac_enc[32]; /*!< MAC (encryption) */
264 unsigned char mac_dec[32]; /*!< MAC (decryption) */
265
266 unsigned long ctx_enc[128]; /*!< encryption context */
267 unsigned long ctx_dec[128]; /*!< decryption context */
268
269 /*
270 * TLS extensions
271 */
272 unsigned char *hostname;
273 unsigned long hostname_len;
274};
275
276#ifdef __cplusplus
277extern "C" {
278#endif
279
280extern int ssl_default_ciphers[];
281
282/**
283 * \brief Initialize an SSL context
284 *
285 * \param ssl SSL context
286 *
287 * \return 0 if successful, or 1 if memory allocation failed
288 */
289int ssl_init( ssl_context *ssl );
290
291/**
292 * \brief Set the current endpoint type
293 *
294 * \param ssl SSL context
295 * \param endpoint must be SSL_IS_CLIENT or SSL_IS_SERVER
296 */
297void ssl_set_endpoint( ssl_context *ssl, int endpoint );
298
299/**
300 * \brief Set the certificate verification mode
301 *
302 * \param ssl SSL context
303 * \param mode can be:
304 *
305 * SSL_VERIFY_NONE: peer certificate is not checked (default),
306 * this is insecure and SHOULD be avoided.
307 *
308 * SSL_VERIFY_OPTIONAL: peer certificate is checked, however the
309 * handshake continues even if verification failed;
310 * ssl_get_verify_result() can be called after the
311 * handshake is complete.
312 *
313 * SSL_VERIFY_REQUIRED: peer *must* present a valid certificate,
314 * handshake is aborted if verification failed.
315 */
316void ssl_set_authmode( ssl_context *ssl, int authmode );
317
318/**
319 * \brief Set the random number generator callback
320 *
321 * \param ssl SSL context
322 * \param f_rng RNG function
323 * \param p_rng RNG parameter
324 */
325void ssl_set_rng( ssl_context *ssl,
326 int (*f_rng)(void *),
327 void *p_rng );
328
329/**
330 * \brief Set the debug callback
331 *
332 * \param ssl SSL context
333 * \param f_dbg debug function
334 * \param p_dbg debug parameter
335 */
336void ssl_set_dbg( ssl_context *ssl,
337 void (*f_dbg)(void *, int, char *),
338 void *p_dbg );
339
340/**
341 * \brief Set the underlying BIO read and write callbacks
342 *
343 * \param ssl SSL context
344 * \param f_recv read callback
345 * \param p_recv read parameter
346 * \param f_send write callback
347 * \param p_send write parameter
348 */
349void ssl_set_bio( ssl_context *ssl,
350 int (*f_recv)(void *, unsigned char *, int), void *p_recv,
351 int (*f_send)(void *, unsigned char *, int), void *p_send );
352
353/**
354 * \brief Set the session callbacks (server-side only)
355 *
356 * \param ssl SSL context
357 * \param s_get session get callback
358 * \param s_set session set callback
359 */
360void ssl_set_scb( ssl_context *ssl,
361 int (*s_get)(ssl_context *),
362 int (*s_set)(ssl_context *) );
363
364/**
365 * \brief Set the session resuming flag, timeout and data
366 *
367 * \param ssl SSL context
368 * \param resume if 0 (default), the session will not be resumed
369 * \param timeout session timeout in seconds, or 0 (no timeout)
370 * \param session session context
371 */
372void ssl_set_session( ssl_context *ssl, int resume, int timeout,
373 ssl_session *session );
374
375/**
376 * \brief Set the list of allowed ciphersuites
377 *
378 * \param ssl SSL context
379 * \param ciphers 0-terminated list of allowed ciphers
380 */
381void ssl_set_ciphers( ssl_context *ssl, int *ciphers );
382
383/**
384 * \brief Set the data required to verify peer certificate
385 *
386 * \param ssl SSL context
387 * \param ca_chain trusted CA chain
388 * \param peer_cn expected peer CommonName (or NULL)
389 *
390 * \note TODO: add two more parameters: depth and crl
391 */
392void ssl_set_ca_chain( ssl_context *ssl, x509_cert *ca_chain,
393 char *peer_cn );
394
395/**
396 * \brief Set own certificate and private key
397 *
398 * \param ssl SSL context
399 * \param own_cert own public certificate
400 * \param rsa_key own private RSA key
401 */
402void ssl_set_own_cert( ssl_context *ssl, x509_cert *own_cert,
403 rsa_context *rsa_key );
404
405/**
406 * \brief Set the Diffie-Hellman public P and G values,
407 * read as hexadecimal strings (server-side only)
408 *
409 * \param ssl SSL context
410 * \param dhm_P Diffie-Hellman-Merkle modulus
411 * \param dhm_G Diffie-Hellman-Merkle generator
412 *
413 * \return 0 if successful
414 */
415int ssl_set_dh_param( ssl_context *ssl, char *dhm_P, char *dhm_G );
416
417/**
418 * \brief Set hostname for ServerName TLS Extension
419 *
420 *
421 * \param ssl SSL context
422 * \param hostname the server hostname
423 *
424 * \return 0 if successful
425 */
426int ssl_set_hostname( ssl_context *ssl, char *hostname );
427
428/**
429 * \brief Return the number of data bytes available to read
430 *
431 * \param ssl SSL context
432 *
433 * \return how many bytes are available in the read buffer
434 */
435int ssl_get_bytes_avail( ssl_context *ssl );
436
437/**
438 * \brief Return the result of the certificate verification
439 *
440 * \param ssl SSL context
441 *
442 * \return 0 if successful, or a combination of:
443 * BADCERT_EXPIRED
444 * BADCERT_REVOKED
445 * BADCERT_CN_MISMATCH
446 * BADCERT_NOT_TRUSTED
447 */
448int ssl_get_verify_result( ssl_context *ssl );
449
450/**
451 * \brief Return the name of the current cipher
452 *
453 * \param ssl SSL context
454 *
455 * \return a string containing the cipher name
456 */
457char *ssl_get_cipher( ssl_context *ssl );
458
459/**
460 * \brief Perform the SSL handshake
461 *
462 * \param ssl SSL context
463 *
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]464 * \return 0 if successful, POLARSSL_ERR_NET_TRY_AGAIN,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]465 * or a specific SSL error code.
466 */
467int ssl_handshake( ssl_context *ssl );
468
469/**
470 * \brief Read at most 'len' application data bytes
471 *
472 * \param ssl SSL context
473 * \param buf buffer that will hold the data
474 * \param len how many bytes must be read
475 *
476 * \return This function returns the number of bytes read,
477 * or a negative error code.
478 */
479int ssl_read( ssl_context *ssl, unsigned char *buf, int len );
480
481/**
482 * \brief Write exactly 'len' application data bytes
483 *
484 * \param ssl SSL context
485 * \param buf buffer holding the data
486 * \param len how many bytes must be written
487 *
488 * \return This function returns the number of bytes written,
489 * or a negative error code.
490 *
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]491 * \note When this function returns POLARSSL_ERR_NET_TRY_AGAIN,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]492 * it must be called later with the *same* arguments,
493 * until it returns a positive value.
494 */
495int ssl_write( ssl_context *ssl, unsigned char *buf, int len );
496
497/**
498 * \brief Notify the peer that the connection is being closed
499 */
500int ssl_close_notify( ssl_context *ssl );
501
502/**
503 * \brief Free an SSL context
504 */
505void ssl_free( ssl_context *ssl );
506
507/*
508 * Internal functions (do not call directly)
509 */
510int ssl_handshake_client( ssl_context *ssl );
511int ssl_handshake_server( ssl_context *ssl );
512
513int ssl_derive_keys( ssl_context *ssl );
514void ssl_calc_verify( ssl_context *ssl, unsigned char hash[36] );
515
516int ssl_read_record( ssl_context *ssl );
517int ssl_fetch_input( ssl_context *ssl, int nb_want );
518
519int ssl_write_record( ssl_context *ssl );
520int ssl_flush_output( ssl_context *ssl );
521
522int ssl_parse_certificate( ssl_context *ssl );
523int ssl_write_certificate( ssl_context *ssl );
524
525int ssl_parse_change_cipher_spec( ssl_context *ssl );
526int ssl_write_change_cipher_spec( ssl_context *ssl );
527
528int ssl_parse_finished( ssl_context *ssl );
529int ssl_write_finished( ssl_context *ssl );
530
531#ifdef __cplusplus
532}
533#endif
534
535#endif /* ssl.h */