Mobile-C: /home/dko/projects/mobilec/tags/MobileC-v1.10.2/MobileC-v1.10.2/src/security/xyssl-0.9/include/xyssl/ssl.h Source File

00001 
00004 #ifndef XYSSL_SSL_H
00005 #define XYSSL_SSL_H
00006 
00007 #include <time.h>
00008 
00009 #include "xyssl/net.h"
00010 #include "xyssl/dhm.h"
00011 #include "xyssl/rsa.h"
00012 #include "xyssl/md5.h"
00013 #include "xyssl/sha1.h"
00014 #include "xyssl/x509.h"
00015 
00016 #define XYSSL_ERR_SSL_FEATURE_UNAVAILABLE               -0x1000
00017 #define XYSSL_ERR_SSL_BAD_INPUT_DATA                    -0x1800
00018 #define XYSSL_ERR_SSL_INVALID_MAC                       -0x2000
00019 #define XYSSL_ERR_SSL_INVALID_RECORD                    -0x2800
00020 #define XYSSL_ERR_SSL_INVALID_MODULUS_SIZE              -0x3000
00021 #define XYSSL_ERR_SSL_UNKNOWN_CIPHER                    -0x3800
00022 #define XYSSL_ERR_SSL_NO_CIPHER_CHOSEN                  -0x4000
00023 #define XYSSL_ERR_SSL_NO_SESSION_FOUND                  -0x4800
00024 #define XYSSL_ERR_SSL_NO_CLIENT_CERTIFICATE             -0x5000
00025 #define XYSSL_ERR_SSL_CERTIFICATE_TOO_LARGE             -0x5800
00026 #define XYSSL_ERR_SSL_CERTIFICATE_REQUIRED              -0x6000
00027 #define XYSSL_ERR_SSL_PRIVATE_KEY_REQUIRED              -0x6800
00028 #define XYSSL_ERR_SSL_CA_CHAIN_REQUIRED                 -0x7000
00029 #define XYSSL_ERR_SSL_UNEXPECTED_MESSAGE                -0x7800
00030 #define XYSSL_ERR_SSL_FATAL_ALERT_MESSAGE               -0x8000
00031 #define XYSSL_ERR_SSL_PEER_VERIFY_FAILED                -0x8800
00032 #define XYSSL_ERR_SSL_PEER_CLOSE_NOTIFY                 -0x9000
00033 #define XYSSL_ERR_SSL_BAD_HS_CLIENT_HELLO               -0x9800
00034 #define XYSSL_ERR_SSL_BAD_HS_SERVER_HELLO               -0xA000
00035 #define XYSSL_ERR_SSL_BAD_HS_CERTIFICATE                -0xA800
00036 #define XYSSL_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST        -0xB000
00037 #define XYSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE        -0xB800
00038 #define XYSSL_ERR_SSL_BAD_HS_SERVER_HELLO_DONE          -0xC000
00039 #define XYSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE        -0xC800
00040 #define XYSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY         -0xD000
00041 #define XYSSL_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC         -0xD800
00042 #define XYSSL_ERR_SSL_BAD_HS_FINISHED                   -0xE000
00043 
00044 /*
00045  * Various constants
00046  */
00047 #define SSL_MAJOR_VERSION_3             3
00048 #define SSL_MINOR_VERSION_0             0   
00049 #define SSL_MINOR_VERSION_1             1   
00050 #define SSL_MINOR_VERSION_2             2   
00052 #define SSL_IS_CLIENT                   0
00053 #define SSL_IS_SERVER                   1
00054 #define SSL_COMPRESS_NULL               0
00055 
00056 #define SSL_VERIFY_NONE                 0
00057 #define SSL_VERIFY_OPTIONAL             1
00058 #define SSL_VERIFY_REQUIRED             2
00059 
00060 #define SSL_MAX_CONTENT_LEN         16384
00061 
00062 /*
00063  * Allow an extra 512 bytes for the record header
00064  * and encryption overhead (counter + MAC + padding).
00065  */
00066 #define SSL_BUFFER_LEN (SSL_MAX_CONTENT_LEN + 512)
00067 
00068 /*
00069  * Supported ciphersuites
00070  */
00071 #define SSL_RSA_RC4_128_MD5              4
00072 #define SSL_RSA_RC4_128_SHA              5
00073 #define SSL_RSA_DES_168_SHA             10
00074 #define SSL_EDH_RSA_DES_168_SHA         22
00075 #define SSL_RSA_AES_128_SHA             47
00076 #define SSL_RSA_AES_256_SHA             53
00077 #define SSL_EDH_RSA_AES_256_SHA         57
00078 
00079 /*
00080  * Message, alert and handshake types
00081  */
00082 #define SSL_MSG_CHANGE_CIPHER_SPEC     20
00083 #define SSL_MSG_ALERT                  21
00084 #define SSL_MSG_HANDSHAKE              22
00085 #define SSL_MSG_APPLICATION_DATA       23
00086 
00087 #define SSL_ALERT_CLOSE_NOTIFY          0
00088 #define SSL_ALERT_WARNING               1
00089 #define SSL_ALERT_FATAL                 2
00090 #define SSL_ALERT_NO_CERTIFICATE       41
00091 
00092 #define SSL_HS_HELLO_REQUEST            0
00093 #define SSL_HS_CLIENT_HELLO             1
00094 #define SSL_HS_SERVER_HELLO             2
00095 #define SSL_HS_CERTIFICATE             11
00096 #define SSL_HS_SERVER_KEY_EXCHANGE     12
00097 #define SSL_HS_CERTIFICATE_REQUEST     13
00098 #define SSL_HS_SERVER_HELLO_DONE       14
00099 #define SSL_HS_CERTIFICATE_VERIFY      15
00100 #define SSL_HS_CLIENT_KEY_EXCHANGE     16
00101 #define SSL_HS_FINISHED                20
00102 
00103 /*
00104  * TLS extensions
00105  */
00106 #define TLS_EXT_SERVERNAME              0
00107 #define TLS_EXT_SERVERNAME_HOSTNAME     0
00108 
00109 /*
00110  * SSL state machine
00111  */
00112 typedef enum
00113 {
00114     SSL_HELLO_REQUEST,
00115     SSL_CLIENT_HELLO,
00116     SSL_SERVER_HELLO,
00117     SSL_SERVER_CERTIFICATE,
00118     SSL_SERVER_KEY_EXCHANGE,
00119     SSL_CERTIFICATE_REQUEST,
00120     SSL_SERVER_HELLO_DONE,
00121     SSL_CLIENT_CERTIFICATE,
00122     SSL_CLIENT_KEY_EXCHANGE,
00123     SSL_CERTIFICATE_VERIFY,
00124     SSL_CLIENT_CHANGE_CIPHER_SPEC,
00125     SSL_CLIENT_FINISHED,
00126     SSL_SERVER_CHANGE_CIPHER_SPEC,
00127     SSL_SERVER_FINISHED,
00128     SSL_FLUSH_BUFFERS,
00129     SSL_HANDSHAKE_OVER
00130 }
00131 ssl_states;
00132 
00133 typedef struct _ssl_session ssl_session;
00134 typedef struct _ssl_context ssl_context;
00135 
00136 /*
00137  * This structure is used for session resuming.
00138  */
00139 struct _ssl_session
00140 {
00141     time_t start;               
00142     int cipher;                 
00143     int length;                 
00144     unsigned char id[32];       
00145     unsigned char master[48];   
00146     ssl_session *next;          
00147 };
00148 
00149 struct _ssl_context
00150 {
00151     /*
00152      * Miscellaneous
00153      */
00154     int state;                  
00156     int major_ver;              
00157     int minor_ver;              
00159     int max_major_ver;          
00160     int max_minor_ver;          
00162     /*
00163      * Callbacks (RNG, debug, I/O)
00164      */
00165     int  (*f_rng)(void *);
00166     void (*f_dbg)(void *, int, char *);
00167     int (*f_recv)(void *, unsigned char *, int);
00168     int (*f_send)(void *, unsigned char *, int);
00169 
00170     void *p_rng;                
00171     void *p_dbg;                
00172     void *p_recv;               
00173     void *p_send;               
00175     /*
00176      * Session layer
00177      */
00178     int resume;                         
00179     int timeout;                        
00180     ssl_session *session;               
00181     int (*s_get)(ssl_context *);        
00182     int (*s_set)(ssl_context *);        
00184     /*
00185      * Record layer (incoming data)
00186      */
00187     unsigned char *in_ctr;      
00188     unsigned char *in_hdr;      
00189     unsigned char *in_msg;      
00190     unsigned char *in_offt;     
00192     int in_msgtype;             
00193     int in_msglen;              
00194     int in_left;                
00196     int in_hslen;               
00197     int nb_zero;                
00199     /*
00200      * Record layer (outgoing data)
00201      */
00202     unsigned char *out_ctr;     
00203     unsigned char *out_hdr;     
00204     unsigned char *out_msg;     
00206     int out_msgtype;            
00207     int out_msglen;             
00208     int out_left;               
00210     /*
00211      * PKI layer
00212      */
00213     rsa_context *rsa_key;               
00214     x509_cert *own_cert;                
00215     x509_cert *ca_chain;                
00216     x509_cert *peer_cert;               
00217     char *peer_cn;                      
00219     int endpoint;                       
00220     int authmode;                       
00221     int client_auth;                    
00222     int verify_result;                  
00224     /*
00225      * Crypto layer
00226      */
00227      dhm_context dhm_ctx;               
00228      md5_context fin_md5;               
00229     sha1_context fin_sha1;              
00231     int do_crypt;                       
00232     int *ciphers;                       
00233     int pmslen;                         
00234     int keylen;                         
00235     int minlen;                         
00236     int ivlen;                          
00237     int maclen;                         
00239     unsigned char randbytes[64];        
00240     unsigned char premaster[256];       
00242     unsigned char iv_enc[16];           
00243     unsigned char iv_dec[16];           
00245     unsigned char mac_enc[32];          
00246     unsigned char mac_dec[32];          
00248     unsigned long ctx_enc[128];         
00249     unsigned long ctx_dec[128];         
00251     /*
00252      * TLS extensions
00253      */
00254     unsigned char *hostname;
00255     unsigned long  hostname_len;
00256 };
00257 
00258 #ifdef __cplusplus
00259 extern "C" {
00260 #endif
00261 
00262 extern int ssl_default_ciphers[];
00263 
00271 int ssl_init( ssl_context *ssl );
00272 
00279 void ssl_set_endpoint( ssl_context *ssl, int endpoint );
00280 
00298 void ssl_set_authmode( ssl_context *ssl, int authmode );
00299 
00307 void ssl_set_rng( ssl_context *ssl,
00308                   int (*f_rng)(void *),
00309                   void *p_rng );
00310 
00318 void ssl_set_dbg( ssl_context *ssl,
00319                   void (*f_dbg)(void *, int, char *),
00320                   void  *p_dbg );
00321 
00331 void ssl_set_bio( ssl_context *ssl,
00332         int (*f_recv)(void *, unsigned char *, int), void *p_recv,
00333         int (*f_send)(void *, unsigned char *, int), void *p_send );
00334 
00342 void ssl_set_scb( ssl_context *ssl,
00343                   int (*s_get)(ssl_context *),
00344                   int (*s_set)(ssl_context *) );
00345 
00354 void ssl_set_session( ssl_context *ssl, int resume, int timeout,
00355                       ssl_session *session );
00356 
00363 void ssl_set_ciphers( ssl_context *ssl, int *ciphers );
00364 
00374 void ssl_set_ca_chain( ssl_context *ssl, x509_cert *ca_chain,
00375                        char *peer_cn );
00376 
00384 void ssl_set_own_cert( ssl_context *ssl, x509_cert *own_cert,
00385                        rsa_context *rsa_key );
00386 
00397 int ssl_set_dh_param( ssl_context *ssl, char *dhm_P, char *dhm_G );
00398 
00408 int ssl_set_hostname( ssl_context *ssl, char *hostname );
00409 
00417 int ssl_get_bytes_avail( ssl_context *ssl );
00418 
00430 int ssl_get_verify_result( ssl_context *ssl );
00431 
00439 char *ssl_get_cipher( ssl_context *ssl );
00440 
00449 int ssl_handshake( ssl_context *ssl );
00450 
00461 int ssl_read( ssl_context *ssl, unsigned char *buf, int len );
00462 
00477 int ssl_write( ssl_context *ssl, unsigned char *buf, int len );
00478 
00482 int ssl_close_notify( ssl_context *ssl );
00483 
00487 void ssl_free( ssl_context *ssl );
00488 
00489 /*
00490  * Internal functions (do not call directly)
00491  */
00492 int ssl_handshake_client( ssl_context *ssl );
00493 int ssl_handshake_server( ssl_context *ssl );
00494 
00495 int ssl_derive_keys( ssl_context *ssl );
00496 void ssl_calc_verify( ssl_context *ssl, unsigned char hash[36] );
00497 
00498 int ssl_read_record( ssl_context *ssl );
00499 int ssl_fetch_input( ssl_context *ssl, int nb_want );
00500 
00501 int ssl_write_record( ssl_context *ssl );
00502 int ssl_flush_output( ssl_context *ssl );
00503 
00504 int ssl_parse_certificate( ssl_context *ssl );
00505 int ssl_write_certificate( ssl_context *ssl );
00506 
00507 int ssl_parse_change_cipher_spec( ssl_context *ssl );
00508 int ssl_write_change_cipher_spec( ssl_context *ssl );
00509 
00510 int ssl_parse_finished( ssl_context *ssl );
00511 int ssl_write_finished( ssl_context *ssl );
00512 
00513 #ifdef __cplusplus
00514 }
00515 #endif
00516 
00517 #endif /* ssl.h */