/home/dko/projects/mobilec/trunk/src/security/xyssl-0.7/include/xyssl/ssl.h

Go to the documentation of this file.
00001 /* SVN FILE INFO
00002  * $Revision: 174 $ : Last Committed Revision
00003  * $Date: 2008-06-24 10:50:29 -0700 (Tue, 24 Jun 2008) $ : Last Committed Date */
00007 #ifndef _SSL_H
00008 #define _SSL_H
00009 
00010 #ifdef __cplusplus
00011 extern "C" {
00012 #endif
00013 
00014 #include "x509.h"
00015 #include "rsa.h"
00016 #include "dhm.h"
00017 #include "md5.h"
00018 #include "sha1.h"
00019 
00020 #define ERR_SSL_FEATURE_UNAVAILABLE             0x1000
00021 #define ERR_SSL_INVALID_MAC                     0x1800
00022 #define ERR_SSL_INVALID_RECORD                  0x2000
00023 #define ERR_SSL_INVALID_MODULUS_SIZE            0x2800
00024 #define ERR_SSL_UNKNOWN_CIPHER                  0x3000
00025 #define ERR_SSL_NO_CIPHER_CHOSEN                0x3800
00026 #define ERR_SSL_NO_SESSION_FOUND                0x4000
00027 #define ERR_SSL_NO_CLIENT_CERTIFICATE           0x4800
00028 #define ERR_SSL_CERTIFICATE_TOO_LARGE           0x5000
00029 #define ERR_SSL_CERTIFICATE_REQUIRED            0x5800
00030 #define ERR_SSL_PRIVATE_KEY_REQUIRED            0x6000
00031 #define ERR_SSL_CA_CHAIN_REQUIRED               0x6800
00032 #define ERR_SSL_UNEXPECTED_MESSAGE              0x7000
00033 #define ERR_SSL_FATAL_ALERT_MESSAGE             0x7800
00034 #define ERR_SSL_PEER_VERIFY_FAILED              0x8000
00035 #define ERR_SSL_PEER_CLOSE_NOTIFY               0x8800
00036 #define ERR_SSL_BAD_HS_CLIENT_HELLO             0x9000
00037 #define ERR_SSL_BAD_HS_SERVER_HELLO             0x9800
00038 #define ERR_SSL_BAD_HS_CERTIFICATE              0xA000
00039 #define ERR_SSL_BAD_HS_CERTIFICATE_REQUEST      0xA800
00040 #define ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE      0xB000
00041 #define ERR_SSL_BAD_HS_SERVER_HELLO_DONE        0xB800
00042 #define ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE      0xC000
00043 #define ERR_SSL_BAD_HS_CERTIFICATE_VERIFY       0xC800
00044 #define ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC       0xD000
00045 #define ERR_SSL_BAD_HS_FINISHED                 0xD800
00046 
00047 /*
00048  * Various constants
00049  */
00050 #define SSLV3_MAJOR_VERSION             3
00051 #define SSLV3_MINOR_VERSION             0
00052 #define TLS10_MINOR_VERSION             1
00053 #define TLS11_MINOR_VERSION             2
00054 
00055 #define SSL_IS_CLIENT                   0
00056 #define SSL_IS_SERVER                   1
00057 #define SSL_COMPRESS_NULL               0
00058 
00059 #define SSL_VERIFY_NONE                 0
00060 #define SSL_VERIFY_OPTIONAL             1
00061 #define SSL_VERIFY_REQUIRED             2
00062 
00063 #define SSL_SESSION_TBL_LEN          8192
00064 #define SSL_MAX_CONTENT_LEN         16384
00065 #define SSL_EXPIRATION_TIME         86400
00066 
00067 /*
00068  * Allow an extra 512 bytes for the record header
00069  * and encryption overhead (counter + MAC + padding).
00070  */
00071 #define SSL_BUFFER_LEN (SSL_MAX_CONTENT_LEN + 512)
00072 
00073 /*
00074  * Supported ciphersuites
00075  */
00076 #define SSL3_RSA_RC4_128_MD5            4
00077 #define SSL3_RSA_RC4_128_SHA            5
00078 #define SSL3_RSA_DES_168_SHA           10
00079 #define SSL3_EDH_RSA_DES_168_SHA       22
00080 #define TLS1_RSA_AES_256_SHA           53
00081 #define TLS1_EDH_RSA_AES_256_SHA       57
00082 
00083 extern int ssl_default_ciphers[];
00084 
00085 /*
00086  * Message, alert and handshake types
00087  */
00088 #define SSL_MSG_CHANGE_CIPHER_SPEC     20
00089 #define SSL_MSG_ALERT                  21
00090 #define SSL_MSG_HANDSHAKE              22
00091 #define SSL_MSG_APPLICATION_DATA       23
00092 
00093 #define SSL_ALERT_CLOSE_NOTIFY          0
00094 #define SSL_ALERT_WARNING               1
00095 #define SSL_ALERT_FATAL                 2
00096 #define SSL_ALERT_NO_CERTIFICATE       41
00097 
00098 #define SSL_HS_HELLO_REQUEST            0
00099 #define SSL_HS_CLIENT_HELLO             1
00100 #define SSL_HS_SERVER_HELLO             2
00101 #define SSL_HS_CERTIFICATE             11
00102 #define SSL_HS_SERVER_KEY_EXCHANGE     12
00103 #define SSL_HS_CERTIFICATE_REQUEST     13
00104 #define SSL_HS_SERVER_HELLO_DONE       14
00105 #define SSL_HS_CERTIFICATE_VERIFY      15
00106 #define SSL_HS_CLIENT_KEY_EXCHANGE     16
00107 #define SSL_HS_FINISHED                20
00108 
00109 /*
00110  * SSL state machine
00111  */
00112 typedef enum
00113 {
00114     SSL_HELLO_REQUEST,
00115     SSL_CLIENT_HELLO,
00116     SSL_SERVER_HELLO,
00117     SSL_SERVER_CERTIFICATE,
00118     SSL_SERVER_KEY_EXCHANGE,
00119     SSL_CERTIFICATE_REQUEST,
00120     SSL_SERVER_HELLO_DONE,
00121     SSL_CLIENT_CERTIFICATE,
00122     SSL_CLIENT_KEY_EXCHANGE,
00123     SSL_CERTIFICATE_VERIFY,
00124     SSL_CLIENT_CHANGE_CIPHER_SPEC,
00125     SSL_CLIENT_FINISHED,
00126     SSL_SERVER_CHANGE_CIPHER_SPEC,
00127     SSL_SERVER_FINISHED,
00128     SSL_HANDSHAKE_OVER
00129 }
00130 ssl_states;
00131 
00132 typedef struct
00133 {
00134     int state;                  
00136     /*
00137      * Negotiated protocol version
00138      */
00139     int major_ver;              
00140     int minor_ver;              
00141     unsigned char max_ver[2];   
00143     /*
00144      * Record layer -- incoming data
00145      */
00146     unsigned char *in_ctr;      
00147     unsigned char *in_hdr;      
00148     unsigned char *in_msg;      
00149     unsigned char *in_offt;     
00151     int read_fd;                
00152     int in_msgtype;             
00153     int in_msglen;              
00155     int in_left;                
00156     int in_hslen;               
00157     int nb_zero;                
00159     /*
00160      * Record layer -- outgoing data
00161      */
00162     unsigned char *out_ctr;     
00163     unsigned char *out_hdr;     
00164     unsigned char *out_msg;     
00166     int write_fd;               
00167     int out_msgtype;            
00168     int out_msglen;             
00170     int out_left;               
00171     int out_uoff;               
00173     /*
00174      * PKI stuff
00175      */
00176     rsa_context *own_key;               
00177     x509_cert *own_cert;                
00178     x509_cert *ca_chain;                
00179     x509_cert *peer_cert;               
00180     char *peer_cn;                      
00182     int endpoint;                       
00183     int authmode;                       
00184     int client_auth;                    
00185     int verify_result;                  
00187     /*
00188      * Session stuff
00189      */
00190     int resumed;                        
00191     int sidlen;                         
00192     unsigned char sessid[32];           
00193     unsigned char *sidtable;            
00195     /*
00196      * Crypto stuff
00197      */
00198      md5_context hs_md5;                
00199     sha1_context hs_sha1;               
00200      dhm_context dhm_ctx;               
00202     int (*rng_f)(void *);               
00203     void *rng_d;                        
00205     int pmslen;                         
00206     unsigned char premaster[256];       
00207     unsigned char randbytes[64];        
00208     unsigned char master[48];           
00210     int *cipherlist;                    
00211     int cipher;                         
00212     int keylen;                         
00213     int minlen;                         
00215     int ctxlen;                         
00216     void *ctx_enc;                      
00217     void *ctx_dec;                      
00219     int ivlen;                          
00220     unsigned char iv_enc[16];           
00221     unsigned char iv_dec[16];           
00223     int maclen;                         
00224     unsigned char mac_enc[32];          
00225     unsigned char mac_dec[32];          
00226 }
00227 ssl_context;
00228 
00229 /*
00230  * Internal functions (do not call directly)
00231  */
00232 int ssl_client_start( ssl_context *ssl );
00233 int ssl_server_start( ssl_context *ssl );
00234 
00235 int ssl_derive_keys( ssl_context *ssl );
00236 int ssl_calc_verify( ssl_context *ssl, unsigned char hash[36] );
00237 
00238 int ssl_read_record(  ssl_context *ssl, int do_crypt );
00239 int ssl_write_record( ssl_context *ssl, int do_crypt );
00240 int ssl_flush_output( ssl_context *ssl );
00241 
00242 int ssl_write_certificate( ssl_context *ssl );
00243 int ssl_parse_certificate( ssl_context *ssl );
00244 
00245 int ssl_write_change_cipher_spec( ssl_context *ssl );
00246 int ssl_parse_change_cipher_spec( ssl_context *ssl );
00247 
00248 int ssl_write_finished( ssl_context *ssl );
00249 int ssl_parse_finished( ssl_context *ssl );
00250 
00258 int ssl_init( ssl_context *ssl, int client_resume );
00259 
00264 void ssl_set_endpoint( ssl_context *ssl, int endpoint );
00265 
00280 void ssl_set_authmode( ssl_context *ssl, int authmode );
00281 
00285 void ssl_set_rng_func( ssl_context *ssl,
00286                        int (*rng_f)(void *),
00287                        void *rng_d );
00288 
00292 void ssl_set_io_files( ssl_context *ssl, int read_fd, int write_fd );
00293 
00297 void ssl_set_ciphlist( ssl_context *ssl, int *ciphers );
00298 
00303 void ssl_set_ca_chain( ssl_context *ssl, x509_cert *ca, char *cn );
00304 
00308 void ssl_set_rsa_cert( ssl_context *ssl, x509_cert *own_cert,
00309                        rsa_context *own_key );
00310 
00314 void ssl_set_sidtable( ssl_context *ssl, unsigned char *sidtable );
00315 
00322 int ssl_set_dhm_vals( ssl_context *ssl, char *dhm_P, char *dhm_G );
00323 
00327 int ssl_get_verify_result( ssl_context *ssl );
00328 
00332 char *ssl_get_cipher_name( ssl_context *ssl );
00333 
00341 int ssl_handshake( ssl_context *ssl );
00342 
00353 int ssl_read( ssl_context *ssl, unsigned char *buf, int *len );
00354 
00367 int ssl_write( ssl_context *ssl, unsigned char *buf, int len );
00368 
00372 int ssl_close_notify( ssl_context *ssl );
00373 
00377 void ssl_free( ssl_context *ssl );
00378 
00379 #ifdef __cplusplus
00380 }
00381 #endif
00382 
00383 #endif /* ssl.h */
Generated on Tue Jul 1 15:29:58 2008 for Mobile-C by  doxygen 1.5.4