/home/dko/projects/mobilec/trunk/src/security/xyssl-0.9/include/xyssl/ssl.h

Go to the documentation of this file. 
00001 
00004 #ifndef XYSSL_SSL_H
00005 #define XYSSL_SSL_H
00006 
00007 #include <time.h>
00008 
00009 #include "xyssl/net.h"
00010 #include "xyssl/dhm.h"
00011 #include "xyssl/rsa.h"
00012 #include "xyssl/md5.h"
00013 #include "xyssl/sha1.h"
00014 #include "xyssl/x509.h"
00015 
00016 #define XYSSL_ERR_SSL_FEATURE_UNAVAILABLE -0x1000
00017 #define XYSSL_ERR_SSL_BAD_INPUT_DATA -0x1800
00018 #define XYSSL_ERR_SSL_INVALID_MAC -0x2000
00019 #define XYSSL_ERR_SSL_INVALID_RECORD -0x2800
00020 #define XYSSL_ERR_SSL_INVALID_MODULUS_SIZE -0x3000
00021 #define XYSSL_ERR_SSL_UNKNOWN_CIPHER -0x3800
00022 #define XYSSL_ERR_SSL_NO_CIPHER_CHOSEN -0x4000
00023 #define XYSSL_ERR_SSL_NO_SESSION_FOUND -0x4800
00024 #define XYSSL_ERR_SSL_NO_CLIENT_CERTIFICATE -0x5000
00025 #define XYSSL_ERR_SSL_CERTIFICATE_TOO_LARGE -0x5800
00026 #define XYSSL_ERR_SSL_CERTIFICATE_REQUIRED -0x6000
00027 #define XYSSL_ERR_SSL_PRIVATE_KEY_REQUIRED -0x6800
00028 #define XYSSL_ERR_SSL_CA_CHAIN_REQUIRED -0x7000
00029 #define XYSSL_ERR_SSL_UNEXPECTED_MESSAGE -0x7800
00030 #define XYSSL_ERR_SSL_FATAL_ALERT_MESSAGE -0x8000
00031 #define XYSSL_ERR_SSL_PEER_VERIFY_FAILED -0x8800
00032 #define XYSSL_ERR_SSL_PEER_CLOSE_NOTIFY -0x9000
00033 #define XYSSL_ERR_SSL_BAD_HS_CLIENT_HELLO -0x9800
00034 #define XYSSL_ERR_SSL_BAD_HS_SERVER_HELLO -0xA000
00035 #define XYSSL_ERR_SSL_BAD_HS_CERTIFICATE -0xA800
00036 #define XYSSL_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST -0xB000
00037 #define XYSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE -0xB800
00038 #define XYSSL_ERR_SSL_BAD_HS_SERVER_HELLO_DONE -0xC000
00039 #define XYSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE -0xC800
00040 #define XYSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY -0xD000
00041 #define XYSSL_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC -0xD800
00042 #define XYSSL_ERR_SSL_BAD_HS_FINISHED -0xE000
00043 
00044 /*
00045  * Various constants
00046  */
00047 #define SSL_MAJOR_VERSION_3 3
00048 #define SSL_MINOR_VERSION_0 0 
00049 #define SSL_MINOR_VERSION_1 1 
00050 #define SSL_MINOR_VERSION_2 2 
00052 #define SSL_IS_CLIENT 0
00053 #define SSL_IS_SERVER 1
00054 #define SSL_COMPRESS_NULL 0
00055 
00056 #define SSL_VERIFY_NONE 0
00057 #define SSL_VERIFY_OPTIONAL 1
00058 #define SSL_VERIFY_REQUIRED 2
00059 
00060 #define SSL_MAX_CONTENT_LEN 16384
00061 
00062 /*
00063  * Allow an extra 512 bytes for the record header
00064  * and encryption overhead (counter + MAC + padding).
00065  */
00066 #define SSL_BUFFER_LEN (SSL_MAX_CONTENT_LEN + 512)
00067 
00068 /*
00069  * Supported ciphersuites
00070  */
00071 #define SSL_RSA_RC4_128_MD5 4
00072 #define SSL_RSA_RC4_128_SHA 5
00073 #define SSL_RSA_DES_168_SHA 10
00074 #define SSL_EDH_RSA_DES_168_SHA 22
00075 #define SSL_RSA_AES_128_SHA 47
00076 #define SSL_RSA_AES_256_SHA 53
00077 #define SSL_EDH_RSA_AES_256_SHA 57
00078 
00079 /*
00080  * Message, alert and handshake types
00081  */
00082 #define SSL_MSG_CHANGE_CIPHER_SPEC 20
00083 #define SSL_MSG_ALERT 21
00084 #define SSL_MSG_HANDSHAKE 22
00085 #define SSL_MSG_APPLICATION_DATA 23
00086 
00087 #define SSL_ALERT_CLOSE_NOTIFY 0
00088 #define SSL_ALERT_WARNING 1
00089 #define SSL_ALERT_FATAL 2
00090 #define SSL_ALERT_NO_CERTIFICATE 41
00091 
00092 #define SSL_HS_HELLO_REQUEST 0
00093 #define SSL_HS_CLIENT_HELLO 1
00094 #define SSL_HS_SERVER_HELLO 2
00095 #define SSL_HS_CERTIFICATE 11
00096 #define SSL_HS_SERVER_KEY_EXCHANGE 12
00097 #define SSL_HS_CERTIFICATE_REQUEST 13
00098 #define SSL_HS_SERVER_HELLO_DONE 14
00099 #define SSL_HS_CERTIFICATE_VERIFY 15
00100 #define SSL_HS_CLIENT_KEY_EXCHANGE 16
00101 #define SSL_HS_FINISHED 20
00102 
00103 /*
00104  * TLS extensions
00105  */
00106 #define TLS_EXT_SERVERNAME 0
00107 #define TLS_EXT_SERVERNAME_HOSTNAME 0
00108 
00109 /*
00110  * SSL state machine
00111  */
00112 typedef enum
00113 {
00114 SSL_HELLO_REQUEST,
00115 SSL_CLIENT_HELLO,
00116 SSL_SERVER_HELLO,
00117 SSL_SERVER_CERTIFICATE,
00118 SSL_SERVER_KEY_EXCHANGE,
00119 SSL_CERTIFICATE_REQUEST,
00120 SSL_SERVER_HELLO_DONE,
00121 SSL_CLIENT_CERTIFICATE,
00122 SSL_CLIENT_KEY_EXCHANGE,
00123 SSL_CERTIFICATE_VERIFY,
00124 SSL_CLIENT_CHANGE_CIPHER_SPEC,
00125 SSL_CLIENT_FINISHED,
00126 SSL_SERVER_CHANGE_CIPHER_SPEC,
00127 SSL_SERVER_FINISHED,
00128 SSL_FLUSH_BUFFERS,
00129 SSL_HANDSHAKE_OVER
00130 }
00131 ssl_states;
00132 
00133 typedef struct _ssl_session ssl_session;
00134 typedef struct _ssl_context ssl_context;
00135 
00136 /*
00137  * This structure is used for session resuming.
00138  */
00139 struct _ssl_session
00140 {
00141 time_t start; 
00142 int cipher; 
00143 int length; 
00144 unsigned char id[32]; 
00145 unsigned char master[48]; 
00146 ssl_session *next; 
00147 };
00148 
00149 struct _ssl_context
00150 {
00151 /*
00152  * Miscellaneous
00153  */
00154 int state; 
00156 int major_ver; 
00157 int minor_ver; 
00159 int max_major_ver; 
00160 int max_minor_ver; 
00162 /*
00163  * Callbacks (RNG, debug, I/O)
00164  */
00165 int (*f_rng)(void *);
00166 void (*f_dbg)(void *, int, char *);
00167 int (*f_recv)(void *, unsigned char *, int);
00168 int (*f_send)(void *, unsigned char *, int);
00169 
00170 void *p_rng; 
00171 void *p_dbg; 
00172 void *p_recv; 
00173 void *p_send; 
00175 /*
00176  * Session layer
00177  */
00178 int resume; 
00179 int timeout; 
00180 ssl_session *session; 
00181 int (*s_get)(ssl_context *); 
00182 int (*s_set)(ssl_context *); 
00184 /*
00185  * Record layer (incoming data)
00186  */
00187 unsigned char *in_ctr; 
00188 unsigned char *in_hdr; 
00189 unsigned char *in_msg; 
00190 unsigned char *in_offt; 
00192 int in_msgtype; 
00193 int in_msglen; 
00194 int in_left; 
00196 int in_hslen; 
00197 int nb_zero; 
00199 /*
00200  * Record layer (outgoing data)
00201  */
00202 unsigned char *out_ctr; 
00203 unsigned char *out_hdr; 
00204 unsigned char *out_msg; 
00206 int out_msgtype; 
00207 int out_msglen; 
00208 int out_left; 
00210 /*
00211  * PKI layer
00212  */
00213 rsa_context *rsa_key; 
00214 x509_cert *own_cert; 
00215 x509_cert *ca_chain; 
00216 x509_cert *peer_cert; 
00217 char *peer_cn; 
00219 int endpoint; 
00220 int authmode; 
00221 int client_auth; 
00222 int verify_result; 
00224 /*
00225  * Crypto layer
00226  */
00227 dhm_context dhm_ctx; 
00228 md5_context fin_md5; 
00229 sha1_context fin_sha1; 
00231 int do_crypt; 
00232 int *ciphers; 
00233 int pmslen; 
00234 int keylen; 
00235 int minlen; 
00236 int ivlen; 
00237 int maclen; 
00239 unsigned char randbytes[64]; 
00240 unsigned char premaster[256]; 
00242 unsigned char iv_enc[16]; 
00243 unsigned char iv_dec[16]; 
00245 unsigned char mac_enc[32]; 
00246 unsigned char mac_dec[32]; 
00248 unsigned long ctx_enc[128]; 
00249 unsigned long ctx_dec[128]; 
00251 /*
00252  * TLS extensions
00253  */
00254 unsigned char *hostname;
00255 unsigned long hostname_len;
00256 };
00257 
00258 #ifdef __cplusplus
00259 extern "C" {
00260 #endif
00261 
00262 extern int ssl_default_ciphers[];
00263 
00271 int ssl_init( ssl_context *ssl );
00272 
00279 void ssl_set_endpoint( ssl_context *ssl, int endpoint );
00280 
00298 void ssl_set_authmode( ssl_context *ssl, int authmode );
00299 
00307 void ssl_set_rng( ssl_context *ssl,
00308 int (*f_rng)(void *),
00309 void *p_rng );
00310 
00318 void ssl_set_dbg( ssl_context *ssl,
00319 void (*f_dbg)(void *, int, char *),
00320 void *p_dbg );
00321 
00331 void ssl_set_bio( ssl_context *ssl,
00332 int (*f_recv)(void *, unsigned char *, int), void *p_recv,
00333 int (*f_send)(void *, unsigned char *, int), void *p_send );
00334 
00342 void ssl_set_scb( ssl_context *ssl,
00343 int (*s_get)(ssl_context *),
00344 int (*s_set)(ssl_context *) );
00345 
00354 void ssl_set_session( ssl_context *ssl, int resume, int timeout,
00355 ssl_session *session );
00356 
00363 void ssl_set_ciphers( ssl_context *ssl, int *ciphers );
00364 
00374 void ssl_set_ca_chain( ssl_context *ssl, x509_cert *ca_chain,
00375 char *peer_cn );
00376 
00384 void ssl_set_own_cert( ssl_context *ssl, x509_cert *own_cert,
00385 rsa_context *rsa_key );
00386 
00397 int ssl_set_dh_param( ssl_context *ssl, char *dhm_P, char *dhm_G );
00398 
00408 int ssl_set_hostname( ssl_context *ssl, char *hostname );
00409 
00417 int ssl_get_bytes_avail( ssl_context *ssl );
00418 
00430 int ssl_get_verify_result( ssl_context *ssl );
00431 
00439 char *ssl_get_cipher( ssl_context *ssl );
00440 
00449 int ssl_handshake( ssl_context *ssl );
00450 
00461 int ssl_read( ssl_context *ssl, unsigned char *buf, int len );
00462 
00477 int ssl_write( ssl_context *ssl, unsigned char *buf, int len );
00478 
00482 int ssl_close_notify( ssl_context *ssl );
00483 
00487 void ssl_free( ssl_context *ssl );
00488 
00489 /*
00490  * Internal functions (do not call directly)
00491  */
00492 int ssl_handshake_client( ssl_context *ssl );
00493 int ssl_handshake_server( ssl_context *ssl );
00494 
00495 int ssl_derive_keys( ssl_context *ssl );
00496 void ssl_calc_verify( ssl_context *ssl, unsigned char hash[36] );
00497 
00498 int ssl_read_record( ssl_context *ssl );
00499 int ssl_fetch_input( ssl_context *ssl, int nb_want );
00500 
00501 int ssl_write_record( ssl_context *ssl );
00502 int ssl_flush_output( ssl_context *ssl );
00503 
00504 int ssl_parse_certificate( ssl_context *ssl );
00505 int ssl_write_certificate( ssl_context *ssl );
00506 
00507 int ssl_parse_change_cipher_spec( ssl_context *ssl );
00508 int ssl_write_change_cipher_spec( ssl_context *ssl );
00509 
00510 int ssl_parse_finished( ssl_context *ssl );
00511 int ssl_write_finished( ssl_context *ssl );
00512 
00513 #ifdef __cplusplus
00514 }
00515 #endif
00516 
00517 #endif /* ssl.h */
Generated on Tue Oct 28 17:03:22 2008 for Mobile-C by doxygen 1.5.5

AltStyle によって変換されたページ (->オリジナル) /