TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 40e46940df33ecf9dfb3507affb25a5f10301b3c / . / include / polarssl / ssl.h
blob: 673783d17f6f6c4e8544991c707fe8eabc6048f6 [file] [log] [blame]
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]1/**
2 * \file ssl.h
3 */
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame^]4#ifndef POLARSSL_SSL_H
5#define POLARSSL_SSL_H
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]6
7#include <time.h>
8
Paul Bakker8e831ed2009-01-03 21:24:11 +0000[diff] [blame]9#include "polarssl/net.h"
10#include "polarssl/dhm.h"
11#include "polarssl/rsa.h"
12#include "polarssl/md5.h"
13#include "polarssl/sha1.h"
14#include "polarssl/x509.h"
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]15
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame^]16#define POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE -0x1000
17#define POLARSSL_ERR_SSL_BAD_INPUT_DATA -0x1800
18#define POLARSSL_ERR_SSL_INVALID_MAC -0x2000
19#define POLARSSL_ERR_SSL_INVALID_RECORD -0x2800
20#define POLARSSL_ERR_SSL_INVALID_MODULUS_SIZE -0x3000
21#define POLARSSL_ERR_SSL_UNKNOWN_CIPHER -0x3800
22#define POLARSSL_ERR_SSL_NO_CIPHER_CHOSEN -0x4000
23#define POLARSSL_ERR_SSL_NO_SESSION_FOUND -0x4800
24#define POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE -0x5000
25#define POLARSSL_ERR_SSL_CERTIFICATE_TOO_LARGE -0x5800
26#define POLARSSL_ERR_SSL_CERTIFICATE_REQUIRED -0x6000
27#define POLARSSL_ERR_SSL_PRIVATE_KEY_REQUIRED -0x6800
28#define POLARSSL_ERR_SSL_CA_CHAIN_REQUIRED -0x7000
29#define POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE -0x7800
30#define POLARSSL_ERR_SSL_FATAL_ALERT_MESSAGE -0x8000
31#define POLARSSL_ERR_SSL_PEER_VERIFY_FAILED -0x8800
32#define POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY -0x9000
33#define POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO -0x9800
34#define POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO -0xA000
35#define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE -0xA800
36#define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST -0xB000
37#define POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE -0xB800
38#define POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO_DONE -0xC000
39#define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE -0xC800
40#define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY -0xD000
41#define POLARSSL_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC -0xD800
42#define POLARSSL_ERR_SSL_BAD_HS_FINISHED -0xE000
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]43
44/*
45 * Various constants
46 */
47#define SSL_MAJOR_VERSION_3 3
48#define SSL_MINOR_VERSION_0 0 /*!< SSL v3.0 */
49#define SSL_MINOR_VERSION_1 1 /*!< TLS v1.0 */
50#define SSL_MINOR_VERSION_2 2 /*!< TLS v1.1 */
51
52#define SSL_IS_CLIENT 0
53#define SSL_IS_SERVER 1
54#define SSL_COMPRESS_NULL 0
55
56#define SSL_VERIFY_NONE 0
57#define SSL_VERIFY_OPTIONAL 1
58#define SSL_VERIFY_REQUIRED 2
59
60#define SSL_MAX_CONTENT_LEN 16384
61
62/*
63 * Allow an extra 512 bytes for the record header
64 * and encryption overhead (counter + MAC + padding).
65 */
66#define SSL_BUFFER_LEN (SSL_MAX_CONTENT_LEN + 512)
67
68/*
69 * Supported ciphersuites
70 */
71#define SSL_RSA_RC4_128_MD5 4
72#define SSL_RSA_RC4_128_SHA 5
73#define SSL_RSA_DES_168_SHA 10
74#define SSL_EDH_RSA_DES_168_SHA 22
75#define SSL_RSA_AES_128_SHA 47
76#define SSL_RSA_AES_256_SHA 53
77#define SSL_EDH_RSA_AES_256_SHA 57
78
79/*
80 * Message, alert and handshake types
81 */
82#define SSL_MSG_CHANGE_CIPHER_SPEC 20
83#define SSL_MSG_ALERT 21
84#define SSL_MSG_HANDSHAKE 22
85#define SSL_MSG_APPLICATION_DATA 23
86
87#define SSL_ALERT_CLOSE_NOTIFY 0
88#define SSL_ALERT_WARNING 1
89#define SSL_ALERT_FATAL 2
90#define SSL_ALERT_NO_CERTIFICATE 41
91
92#define SSL_HS_HELLO_REQUEST 0
93#define SSL_HS_CLIENT_HELLO 1
94#define SSL_HS_SERVER_HELLO 2
95#define SSL_HS_CERTIFICATE 11
96#define SSL_HS_SERVER_KEY_EXCHANGE 12
97#define SSL_HS_CERTIFICATE_REQUEST 13
98#define SSL_HS_SERVER_HELLO_DONE 14
99#define SSL_HS_CERTIFICATE_VERIFY 15
100#define SSL_HS_CLIENT_KEY_EXCHANGE 16
101#define SSL_HS_FINISHED 20
102
103/*
104 * TLS extensions
105 */
106#define TLS_EXT_SERVERNAME 0
107#define TLS_EXT_SERVERNAME_HOSTNAME 0
108
109/*
110 * SSL state machine
111 */
112typedef enum
113{
114 SSL_HELLO_REQUEST,
115 SSL_CLIENT_HELLO,
116 SSL_SERVER_HELLO,
117 SSL_SERVER_CERTIFICATE,
118 SSL_SERVER_KEY_EXCHANGE,
119 SSL_CERTIFICATE_REQUEST,
120 SSL_SERVER_HELLO_DONE,
121 SSL_CLIENT_CERTIFICATE,
122 SSL_CLIENT_KEY_EXCHANGE,
123 SSL_CERTIFICATE_VERIFY,
124 SSL_CLIENT_CHANGE_CIPHER_SPEC,
125 SSL_CLIENT_FINISHED,
126 SSL_SERVER_CHANGE_CIPHER_SPEC,
127 SSL_SERVER_FINISHED,
128 SSL_FLUSH_BUFFERS,
129 SSL_HANDSHAKE_OVER
130}
131ssl_states;
132
133typedef struct _ssl_session ssl_session;
134typedef struct _ssl_context ssl_context;
135
136/*
137 * This structure is used for session resuming.
138 */
139struct _ssl_session
140{
141 time_t start; /*!< starting time */
142 int cipher; /*!< chosen cipher */
143 int length; /*!< session id length */
144 unsigned char id[32]; /*!< session identifier */
145 unsigned char master[48]; /*!< the master secret */
146 ssl_session *next; /*!< next session entry */
147};
148
149struct _ssl_context
150{
151 /*
152 * Miscellaneous
153 */
154 int state; /*!< SSL handshake: current state */
155
156 int major_ver; /*!< equal to SSL_MAJOR_VERSION_3 */
157 int minor_ver; /*!< either 0 (SSL3) or 1 (TLS1.0) */
158
159 int max_major_ver; /*!< max. major version from client */
160 int max_minor_ver; /*!< max. minor version from client */
161
162 /*
163 * Callbacks (RNG, debug, I/O)
164 */
165 int (*f_rng)(void *);
166 void (*f_dbg)(void *, int, char *);
167 int (*f_recv)(void *, unsigned char *, int);
168 int (*f_send)(void *, unsigned char *, int);
169
170 void *p_rng; /*!< context for the RNG function */
171 void *p_dbg; /*!< context for the debug function */
172 void *p_recv; /*!< context for reading operations */
173 void *p_send; /*!< context for writing operations */
174
175 /*
176 * Session layer
177 */
178 int resume; /*!< session resuming flag */
179 int timeout; /*!< sess. expiration time */
180 ssl_session *session; /*!< current session data */
181 int (*s_get)(ssl_context *); /*!< (server) get callback */
182 int (*s_set)(ssl_context *); /*!< (server) set callback */
183
184 /*
185 * Record layer (incoming data)
186 */
187 unsigned char *in_ctr; /*!< 64-bit incoming message counter */
188 unsigned char *in_hdr; /*!< 5-byte record header (in_ctr+8) */
189 unsigned char *in_msg; /*!< the message contents (in_hdr+5) */
190 unsigned char *in_offt; /*!< read offset in application data */
191
192 int in_msgtype; /*!< record header: message type */
193 int in_msglen; /*!< record header: message length */
194 int in_left; /*!< amount of data read so far */
195
196 int in_hslen; /*!< current handshake message length */
197 int nb_zero; /*!< # of 0-length encrypted messages */
198
199 /*
200 * Record layer (outgoing data)
201 */
202 unsigned char *out_ctr; /*!< 64-bit outgoing message counter */
203 unsigned char *out_hdr; /*!< 5-byte record header (out_ctr+8) */
204 unsigned char *out_msg; /*!< the message contents (out_hdr+5) */
205
206 int out_msgtype; /*!< record header: message type */
207 int out_msglen; /*!< record header: message length */
208 int out_left; /*!< amount of data not yet written */
209
210 /*
211 * PKI layer
212 */
213 rsa_context *rsa_key; /*!< own RSA private key */
214 x509_cert *own_cert; /*!< own X.509 certificate */
215 x509_cert *ca_chain; /*!< own trusted CA chain */
216 x509_cert *peer_cert; /*!< peer X.509 cert chain */
217 char *peer_cn; /*!< expected peer CN */
218
219 int endpoint; /*!< 0: client, 1: server */
220 int authmode; /*!< verification mode */
221 int client_auth; /*!< flag for client auth. */
222 int verify_result; /*!< verification result */
223
224 /*
225 * Crypto layer
226 */
227 dhm_context dhm_ctx; /*!< DHM key exchange */
228 md5_context fin_md5; /*!< Finished MD5 checksum */
229 sha1_context fin_sha1; /*!< Finished SHA-1 checksum */
230
231 int do_crypt; /*!< en(de)cryption flag */
232 int *ciphers; /*!< allowed ciphersuites */
233 int pmslen; /*!< premaster length */
234 int keylen; /*!< symmetric key length */
235 int minlen; /*!< min. ciphertext length */
236 int ivlen; /*!< IV length */
237 int maclen; /*!< MAC length */
238
239 unsigned char randbytes[64]; /*!< random bytes */
240 unsigned char premaster[256]; /*!< premaster secret */
241
242 unsigned char iv_enc[16]; /*!< IV (encryption) */
243 unsigned char iv_dec[16]; /*!< IV (decryption) */
244
245 unsigned char mac_enc[32]; /*!< MAC (encryption) */
246 unsigned char mac_dec[32]; /*!< MAC (decryption) */
247
248 unsigned long ctx_enc[128]; /*!< encryption context */
249 unsigned long ctx_dec[128]; /*!< decryption context */
250
251 /*
252 * TLS extensions
253 */
254 unsigned char *hostname;
255 unsigned long hostname_len;
256};
257
258#ifdef __cplusplus
259extern "C" {
260#endif
261
262extern int ssl_default_ciphers[];
263
264/**
265 * \brief Initialize an SSL context
266 *
267 * \param ssl SSL context
268 *
269 * \return 0 if successful, or 1 if memory allocation failed
270 */
271int ssl_init( ssl_context *ssl );
272
273/**
274 * \brief Set the current endpoint type
275 *
276 * \param ssl SSL context
277 * \param endpoint must be SSL_IS_CLIENT or SSL_IS_SERVER
278 */
279void ssl_set_endpoint( ssl_context *ssl, int endpoint );
280
281/**
282 * \brief Set the certificate verification mode
283 *
284 * \param ssl SSL context
285 * \param mode can be:
286 *
287 * SSL_VERIFY_NONE: peer certificate is not checked (default),
288 * this is insecure and SHOULD be avoided.
289 *
290 * SSL_VERIFY_OPTIONAL: peer certificate is checked, however the
291 * handshake continues even if verification failed;
292 * ssl_get_verify_result() can be called after the
293 * handshake is complete.
294 *
295 * SSL_VERIFY_REQUIRED: peer *must* present a valid certificate,
296 * handshake is aborted if verification failed.
297 */
298void ssl_set_authmode( ssl_context *ssl, int authmode );
299
300/**
301 * \brief Set the random number generator callback
302 *
303 * \param ssl SSL context
304 * \param f_rng RNG function
305 * \param p_rng RNG parameter
306 */
307void ssl_set_rng( ssl_context *ssl,
308 int (*f_rng)(void *),
309 void *p_rng );
310
311/**
312 * \brief Set the debug callback
313 *
314 * \param ssl SSL context
315 * \param f_dbg debug function
316 * \param p_dbg debug parameter
317 */
318void ssl_set_dbg( ssl_context *ssl,
319 void (*f_dbg)(void *, int, char *),
320 void *p_dbg );
321
322/**
323 * \brief Set the underlying BIO read and write callbacks
324 *
325 * \param ssl SSL context
326 * \param f_recv read callback
327 * \param p_recv read parameter
328 * \param f_send write callback
329 * \param p_send write parameter
330 */
331void ssl_set_bio( ssl_context *ssl,
332 int (*f_recv)(void *, unsigned char *, int), void *p_recv,
333 int (*f_send)(void *, unsigned char *, int), void *p_send );
334
335/**
336 * \brief Set the session callbacks (server-side only)
337 *
338 * \param ssl SSL context
339 * \param s_get session get callback
340 * \param s_set session set callback
341 */
342void ssl_set_scb( ssl_context *ssl,
343 int (*s_get)(ssl_context *),
344 int (*s_set)(ssl_context *) );
345
346/**
347 * \brief Set the session resuming flag, timeout and data
348 *
349 * \param ssl SSL context
350 * \param resume if 0 (default), the session will not be resumed
351 * \param timeout session timeout in seconds, or 0 (no timeout)
352 * \param session session context
353 */
354void ssl_set_session( ssl_context *ssl, int resume, int timeout,
355 ssl_session *session );
356
357/**
358 * \brief Set the list of allowed ciphersuites
359 *
360 * \param ssl SSL context
361 * \param ciphers 0-terminated list of allowed ciphers
362 */
363void ssl_set_ciphers( ssl_context *ssl, int *ciphers );
364
365/**
366 * \brief Set the data required to verify peer certificate
367 *
368 * \param ssl SSL context
369 * \param ca_chain trusted CA chain
370 * \param peer_cn expected peer CommonName (or NULL)
371 *
372 * \note TODO: add two more parameters: depth and crl
373 */
374void ssl_set_ca_chain( ssl_context *ssl, x509_cert *ca_chain,
375 char *peer_cn );
376
377/**
378 * \brief Set own certificate and private key
379 *
380 * \param ssl SSL context
381 * \param own_cert own public certificate
382 * \param rsa_key own private RSA key
383 */
384void ssl_set_own_cert( ssl_context *ssl, x509_cert *own_cert,
385 rsa_context *rsa_key );
386
387/**
388 * \brief Set the Diffie-Hellman public P and G values,
389 * read as hexadecimal strings (server-side only)
390 *
391 * \param ssl SSL context
392 * \param dhm_P Diffie-Hellman-Merkle modulus
393 * \param dhm_G Diffie-Hellman-Merkle generator
394 *
395 * \return 0 if successful
396 */
397int ssl_set_dh_param( ssl_context *ssl, char *dhm_P, char *dhm_G );
398
399/**
400 * \brief Set hostname for ServerName TLS Extension
401 *
402 *
403 * \param ssl SSL context
404 * \param hostname the server hostname
405 *
406 * \return 0 if successful
407 */
408int ssl_set_hostname( ssl_context *ssl, char *hostname );
409
410/**
411 * \brief Return the number of data bytes available to read
412 *
413 * \param ssl SSL context
414 *
415 * \return how many bytes are available in the read buffer
416 */
417int ssl_get_bytes_avail( ssl_context *ssl );
418
419/**
420 * \brief Return the result of the certificate verification
421 *
422 * \param ssl SSL context
423 *
424 * \return 0 if successful, or a combination of:
425 * BADCERT_EXPIRED
426 * BADCERT_REVOKED
427 * BADCERT_CN_MISMATCH
428 * BADCERT_NOT_TRUSTED
429 */
430int ssl_get_verify_result( ssl_context *ssl );
431
432/**
433 * \brief Return the name of the current cipher
434 *
435 * \param ssl SSL context
436 *
437 * \return a string containing the cipher name
438 */
439char *ssl_get_cipher( ssl_context *ssl );
440
441/**
442 * \brief Perform the SSL handshake
443 *
444 * \param ssl SSL context
445 *
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame^]446 * \return 0 if successful, POLARSSL_ERR_NET_TRY_AGAIN,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]447 * or a specific SSL error code.
448 */
449int ssl_handshake( ssl_context *ssl );
450
451/**
452 * \brief Read at most 'len' application data bytes
453 *
454 * \param ssl SSL context
455 * \param buf buffer that will hold the data
456 * \param len how many bytes must be read
457 *
458 * \return This function returns the number of bytes read,
459 * or a negative error code.
460 */
461int ssl_read( ssl_context *ssl, unsigned char *buf, int len );
462
463/**
464 * \brief Write exactly 'len' application data bytes
465 *
466 * \param ssl SSL context
467 * \param buf buffer holding the data
468 * \param len how many bytes must be written
469 *
470 * \return This function returns the number of bytes written,
471 * or a negative error code.
472 *
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame^]473 * \note When this function returns POLARSSL_ERR_NET_TRY_AGAIN,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]474 * it must be called later with the *same* arguments,
475 * until it returns a positive value.
476 */
477int ssl_write( ssl_context *ssl, unsigned char *buf, int len );
478
479/**
480 * \brief Notify the peer that the connection is being closed
481 */
482int ssl_close_notify( ssl_context *ssl );
483
484/**
485 * \brief Free an SSL context
486 */
487void ssl_free( ssl_context *ssl );
488
489/*
490 * Internal functions (do not call directly)
491 */
492int ssl_handshake_client( ssl_context *ssl );
493int ssl_handshake_server( ssl_context *ssl );
494
495int ssl_derive_keys( ssl_context *ssl );
496void ssl_calc_verify( ssl_context *ssl, unsigned char hash[36] );
497
498int ssl_read_record( ssl_context *ssl );
499int ssl_fetch_input( ssl_context *ssl, int nb_want );
500
501int ssl_write_record( ssl_context *ssl );
502int ssl_flush_output( ssl_context *ssl );
503
504int ssl_parse_certificate( ssl_context *ssl );
505int ssl_write_certificate( ssl_context *ssl );
506
507int ssl_parse_change_cipher_spec( ssl_context *ssl );
508int ssl_write_change_cipher_spec( ssl_context *ssl );
509
510int ssl_parse_finished( ssl_context *ssl );
511int ssl_write_finished( ssl_context *ssl );
512
513#ifdef __cplusplus
514}
515#endif
516
517#endif /* ssl.h */