ssl.h

Go to the documentation of this file.

 
#ifndef POLARSSL_SSL_H
#define POLARSSL_SSL_H
 
#if !defined(POLARSSL_CONFIG_FILE)
#include "config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#include "net.h"
#include "bignum.h"
#include "ecp.h"
 
#include "ssl_ciphersuites.h"
 
#if defined(POLARSSL_MD5_C)
#include "md5.h"
#endif
 
#if defined(POLARSSL_SHA1_C)
#include "sha1.h"
#endif
 
#if defined(POLARSSL_SHA256_C)
#include "sha256.h"
#endif
 
#if defined(POLARSSL_SHA512_C)
#include "sha512.h"
#endif
 
// for session tickets
#if defined(POLARSSL_AES_C)
#include "aes.h"
#endif
 
#if defined(POLARSSL_X509_CRT_PARSE_C)
#include "x509_crt.h"
#include "x509_crl.h"
#endif
 
#if defined(POLARSSL_DHM_C)
#include "dhm.h"
#endif
 
#if defined(POLARSSL_ECDH_C)
#include "ecdh.h"
#endif
 
#if defined(POLARSSL_ZLIB_SUPPORT)
#include "zlib.h"
#endif
 
#if defined(POLARSSL_HAVE_TIME)
#include <time.h>
#endif
 
/* For convenience below and in programs */
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) ||                           \
    defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED) ||                       \
    defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED) ||                       \
    defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
#define POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED
#endif
 
#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) ||                     \
    defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) ||                   \
    defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
#define POLARSSL_KEY_EXCHANGE__SOME__ECDHE_ENABLED
#endif
 
#if defined(_MSC_VER) && !defined(inline)
#define inline _inline
#else
#if defined(__ARMCC_VERSION) && !defined(inline)
#define inline __inline
#endif /* __ARMCC_VERSION */
#endif /*_MSC_VER */
 
/*
 * SSL Error codes
 */
#define POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE               -0x7080  
#define POLARSSL_ERR_SSL_BAD_INPUT_DATA                    -0x7100  
#define POLARSSL_ERR_SSL_INVALID_MAC                       -0x7180  
#define POLARSSL_ERR_SSL_INVALID_RECORD                    -0x7200  
#define POLARSSL_ERR_SSL_CONN_EOF                          -0x7280  
#define POLARSSL_ERR_SSL_UNKNOWN_CIPHER                    -0x7300  
#define POLARSSL_ERR_SSL_NO_CIPHER_CHOSEN                  -0x7380  
#define POLARSSL_ERR_SSL_NO_RNG                            -0x7400  
#define POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE             -0x7480  
#define POLARSSL_ERR_SSL_CERTIFICATE_TOO_LARGE             -0x7500  
#define POLARSSL_ERR_SSL_CERTIFICATE_REQUIRED              -0x7580  
#define POLARSSL_ERR_SSL_PRIVATE_KEY_REQUIRED              -0x7600  
#define POLARSSL_ERR_SSL_CA_CHAIN_REQUIRED                 -0x7680  
#define POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE                -0x7700  
#define POLARSSL_ERR_SSL_FATAL_ALERT_MESSAGE               -0x7780  
#define POLARSSL_ERR_SSL_PEER_VERIFY_FAILED                -0x7800  
#define POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY                 -0x7880  
#define POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO               -0x7900  
#define POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO               -0x7980  
#define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE                -0x7A00  
#define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST        -0x7A80  
#define POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE        -0x7B00  
#define POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO_DONE          -0x7B80  
#define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE        -0x7C00  
#define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP     -0x7C80  
#define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS     -0x7D00  
#define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY         -0x7D80  
#define POLARSSL_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC         -0x7E00  
#define POLARSSL_ERR_SSL_BAD_HS_FINISHED                   -0x7E80  
#define POLARSSL_ERR_SSL_MALLOC_FAILED                     -0x7F00  
#define POLARSSL_ERR_SSL_HW_ACCEL_FAILED                   -0x7F80  
#define POLARSSL_ERR_SSL_HW_ACCEL_FALLTHROUGH              -0x6F80  
#define POLARSSL_ERR_SSL_COMPRESSION_FAILED                -0x6F00  
#define POLARSSL_ERR_SSL_BAD_HS_PROTOCOL_VERSION           -0x6E80  
#define POLARSSL_ERR_SSL_BAD_HS_NEW_SESSION_TICKET         -0x6E00  
#define POLARSSL_ERR_SSL_SESSION_TICKET_EXPIRED            -0x6D80  
#define POLARSSL_ERR_SSL_PK_TYPE_MISMATCH                  -0x6D00  
#define POLARSSL_ERR_SSL_UNKNOWN_IDENTITY                  -0x6C80  
#define POLARSSL_ERR_SSL_INTERNAL_ERROR                    -0x6C00  
#define POLARSSL_ERR_SSL_COUNTER_WRAPPING                  -0x6B80  
#define POLARSSL_ERR_SSL_WAITING_SERVER_HELLO_RENEGO       -0x6B00  
/*
 * Various constants
 */
#define SSL_MAJOR_VERSION_3             3
#define SSL_MINOR_VERSION_0             0   
#define SSL_MINOR_VERSION_1             1   
#define SSL_MINOR_VERSION_2             2   
#define SSL_MINOR_VERSION_3             3   
/* Determine minimum supported version */
#define SSL_MIN_MAJOR_VERSION           SSL_MAJOR_VERSION_3
 
#if defined(POLARSSL_SSL_PROTO_SSL3)
#define SSL_MIN_MINOR_VERSION           SSL_MINOR_VERSION_0
#else
#if defined(POLARSSL_SSL_PROTO_TLS1)
#define SSL_MIN_MINOR_VERSION           SSL_MINOR_VERSION_1
#else
#if defined(POLARSSL_SSL_PROTO_TLS1_1)
#define SSL_MIN_MINOR_VERSION           SSL_MINOR_VERSION_2
#else
#if defined(POLARSSL_SSL_PROTO_TLS1_2)
#define SSL_MIN_MINOR_VERSION           SSL_MINOR_VERSION_3
#endif /* POLARSSL_SSL_PROTO_TLS1_2 */
#endif /* POLARSSL_SSL_PROTO_TLS1_1 */
#endif /* POLARSSL_SSL_PROTO_TLS1   */
#endif /* POLARSSL_SSL_PROTO_SSL3   */
 
/* Determine maximum supported version */
#define SSL_MAX_MAJOR_VERSION           SSL_MAJOR_VERSION_3
 
#if defined(POLARSSL_SSL_PROTO_TLS1_2)
#define SSL_MAX_MINOR_VERSION           SSL_MINOR_VERSION_3
#else
#if defined(POLARSSL_SSL_PROTO_TLS1_1)
#define SSL_MAX_MINOR_VERSION           SSL_MINOR_VERSION_2
#else
#if defined(POLARSSL_SSL_PROTO_TLS1)
#define SSL_MAX_MINOR_VERSION           SSL_MINOR_VERSION_1
#else
#if defined(POLARSSL_SSL_PROTO_SSL3)
#define SSL_MAX_MINOR_VERSION           SSL_MINOR_VERSION_0
#endif /* POLARSSL_SSL_PROTO_SSL3   */
#endif /* POLARSSL_SSL_PROTO_TLS1   */
#endif /* POLARSSL_SSL_PROTO_TLS1_1 */
#endif /* POLARSSL_SSL_PROTO_TLS1_2 */
 
/* RFC 6066 section 4, see also mfl_code_to_length in ssl_tls.c
 * NONE must be zero so that memset()ing structure to zero works */
#define SSL_MAX_FRAG_LEN_NONE           0   
#define SSL_MAX_FRAG_LEN_512            1   
#define SSL_MAX_FRAG_LEN_1024           2   
#define SSL_MAX_FRAG_LEN_2048           3   
#define SSL_MAX_FRAG_LEN_4096           4   
#define SSL_MAX_FRAG_LEN_INVALID        5   
#define SSL_IS_CLIENT                   0
#define SSL_IS_SERVER                   1
 
#define SSL_COMPRESS_NULL               0
#define SSL_COMPRESS_DEFLATE            1
 
#define SSL_VERIFY_NONE                 0
#define SSL_VERIFY_OPTIONAL             1
#define SSL_VERIFY_REQUIRED             2
 
#define SSL_INITIAL_HANDSHAKE           0
#define SSL_RENEGOTIATION               1   /* In progress */
#define SSL_RENEGOTIATION_DONE          2   /* Done */
#define SSL_RENEGOTIATION_PENDING       3   /* Requested (server only) */
 
#define SSL_LEGACY_RENEGOTIATION        0
#define SSL_SECURE_RENEGOTIATION        1
 
#define SSL_RENEGOTIATION_DISABLED      0
#define SSL_RENEGOTIATION_ENABLED       1
 
#define SSL_RENEGOTIATION_NOT_ENFORCED  -1
#define SSL_RENEGO_MAX_RECORDS_DEFAULT  16
 
#define SSL_LEGACY_NO_RENEGOTIATION     0
#define SSL_LEGACY_ALLOW_RENEGOTIATION  1
#define SSL_LEGACY_BREAK_HANDSHAKE      2
 
#define SSL_TRUNC_HMAC_DISABLED         0
#define SSL_TRUNC_HMAC_ENABLED          1
#define SSL_TRUNCATED_HMAC_LEN          10  /* 80 bits, rfc 6066 section 7 */
 
#define SSL_SESSION_TICKETS_DISABLED     0
#define SSL_SESSION_TICKETS_ENABLED      1
 
#if !defined(SSL_DEFAULT_TICKET_LIFETIME)
#define SSL_DEFAULT_TICKET_LIFETIME     86400 
#endif
 
/*
 * Size of the input / output buffer.
 * Note: the RFC defines the default size of SSL / TLS messages. If you
 * change the value here, other clients / servers may not be able to
 * communicate with you anymore. Only change this value if you control
 * both sides of the connection and have it reduced at both sides, or
 * if you're using the Max Fragment Length extension and you know all your
 * peers are using it too!
 */
#if !defined(SSL_MAX_CONTENT_LEN)
#define SSL_MAX_CONTENT_LEN         16384   
#endif
 
/* \} name SECTION: Module settings */
 
/*
 * Allow extra bytes for record, authentication and encryption overhead:
 * counter (8) + header (5) + IV(16) + MAC (16-48) + padding (0-256)
 * and allow for a maximum of 1024 of compression expansion if
 * enabled.
 */
#if defined(POLARSSL_ZLIB_SUPPORT)
#define SSL_COMPRESSION_ADD          1024
#else
#define SSL_COMPRESSION_ADD             0
#endif
 
#if defined(POLARSSL_RC4_C) || defined(POLARSSL_CIPHER_MODE_CBC)
/* Ciphersuites using HMAC */
#if defined(POLARSSL_SHA512_C)
#define SSL_MAC_ADD                 48  /* SHA-384 used for HMAC */
#elif defined(POLARSSL_SHA256_C)
#define SSL_MAC_ADD                 32  /* SHA-256 used for HMAC */
#else
#define SSL_MAC_ADD                 20  /* SHA-1   used for HMAC */
#endif
#else
/* AEAD ciphersuites: GCM and CCM use a 128 bits tag */
#define SSL_MAC_ADD                 16
#endif
 
#if defined(POLARSSL_CIPHER_MODE_CBC)
#define SSL_PADDING_ADD            256
#else
#define SSL_PADDING_ADD              0
#endif
 
#define SSL_BUFFER_LEN  ( SSL_MAX_CONTENT_LEN               \
                        + SSL_COMPRESSION_ADD               \
                        + 29 /* counter + header + IV */    \
                        + SSL_MAC_ADD                       \
                        + SSL_PADDING_ADD                   \
                        )
 
/*
 * Signaling ciphersuite values (SCSV)
 */
#define SSL_EMPTY_RENEGOTIATION_INFO    0xFF   
/*
 * Supported Signature and Hash algorithms (For TLS 1.2)
 * RFC 5246 section 7.4.1.4.1
 */
#define SSL_HASH_NONE                0
#define SSL_HASH_MD5                 1
#define SSL_HASH_SHA1                2
#define SSL_HASH_SHA224              3
#define SSL_HASH_SHA256              4
#define SSL_HASH_SHA384              5
#define SSL_HASH_SHA512              6
 
#define SSL_SIG_ANON                 0
#define SSL_SIG_RSA                  1
#define SSL_SIG_ECDSA                3
 
/*
 * Client Certificate Types
 * RFC 5246 section 7.4.4 plus RFC 4492 section 5.5
 */
#define SSL_CERT_TYPE_RSA_SIGN       1
#define SSL_CERT_TYPE_ECDSA_SIGN    64
 
/*
 * Message, alert and handshake types
 */
#define SSL_MSG_CHANGE_CIPHER_SPEC     20
#define SSL_MSG_ALERT                  21
#define SSL_MSG_HANDSHAKE              22
#define SSL_MSG_APPLICATION_DATA       23
 
#define SSL_ALERT_LEVEL_WARNING         1
#define SSL_ALERT_LEVEL_FATAL           2
 
#define SSL_ALERT_MSG_CLOSE_NOTIFY           0  /* 0x00 */
#define SSL_ALERT_MSG_UNEXPECTED_MESSAGE    10  /* 0x0A */
#define SSL_ALERT_MSG_BAD_RECORD_MAC        20  /* 0x14 */
#define SSL_ALERT_MSG_DECRYPTION_FAILED     21  /* 0x15 */
#define SSL_ALERT_MSG_RECORD_OVERFLOW       22  /* 0x16 */
#define SSL_ALERT_MSG_DECOMPRESSION_FAILURE 30  /* 0x1E */
#define SSL_ALERT_MSG_HANDSHAKE_FAILURE     40  /* 0x28 */
#define SSL_ALERT_MSG_NO_CERT               41  /* 0x29 */
#define SSL_ALERT_MSG_BAD_CERT              42  /* 0x2A */
#define SSL_ALERT_MSG_UNSUPPORTED_CERT      43  /* 0x2B */
#define SSL_ALERT_MSG_CERT_REVOKED          44  /* 0x2C */
#define SSL_ALERT_MSG_CERT_EXPIRED          45  /* 0x2D */
#define SSL_ALERT_MSG_CERT_UNKNOWN          46  /* 0x2E */
#define SSL_ALERT_MSG_ILLEGAL_PARAMETER     47  /* 0x2F */
#define SSL_ALERT_MSG_UNKNOWN_CA            48  /* 0x30 */
#define SSL_ALERT_MSG_ACCESS_DENIED         49  /* 0x31 */
#define SSL_ALERT_MSG_DECODE_ERROR          50  /* 0x32 */
#define SSL_ALERT_MSG_DECRYPT_ERROR         51  /* 0x33 */
#define SSL_ALERT_MSG_EXPORT_RESTRICTION    60  /* 0x3C */
#define SSL_ALERT_MSG_PROTOCOL_VERSION      70  /* 0x46 */
#define SSL_ALERT_MSG_INSUFFICIENT_SECURITY 71  /* 0x47 */
#define SSL_ALERT_MSG_INTERNAL_ERROR        80  /* 0x50 */
#define SSL_ALERT_MSG_USER_CANCELED         90  /* 0x5A */
#define SSL_ALERT_MSG_NO_RENEGOTIATION     100  /* 0x64 */
#define SSL_ALERT_MSG_UNSUPPORTED_EXT      110  /* 0x6E */
#define SSL_ALERT_MSG_UNRECOGNIZED_NAME    112  /* 0x70 */
#define SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY 115  /* 0x73 */
#define SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL 120 /* 0x78 */
 
#define SSL_HS_HELLO_REQUEST            0
#define SSL_HS_CLIENT_HELLO             1
#define SSL_HS_SERVER_HELLO             2
#define SSL_HS_NEW_SESSION_TICKET       4
#define SSL_HS_CERTIFICATE             11
#define SSL_HS_SERVER_KEY_EXCHANGE     12
#define SSL_HS_CERTIFICATE_REQUEST     13
#define SSL_HS_SERVER_HELLO_DONE       14
#define SSL_HS_CERTIFICATE_VERIFY      15
#define SSL_HS_CLIENT_KEY_EXCHANGE     16
#define SSL_HS_FINISHED                20
 
/*
 * TLS extensions
 */
#define TLS_EXT_SERVERNAME                   0
#define TLS_EXT_SERVERNAME_HOSTNAME          0
 
#define TLS_EXT_MAX_FRAGMENT_LENGTH          1
 
#define TLS_EXT_TRUNCATED_HMAC               4
 
#define TLS_EXT_SUPPORTED_ELLIPTIC_CURVES   10
#define TLS_EXT_SUPPORTED_POINT_FORMATS     11
 
#define TLS_EXT_SIG_ALG                     13
 
#define TLS_EXT_ALPN                        16
 
#define TLS_EXT_SESSION_TICKET              35
 
#define TLS_EXT_RENEGOTIATION_INFO      0xFF01
 
/*
 * TLS extension flags (for extensions with outgoing ServerHello content
 * that need it (e.g. for RENEGOTIATION_INFO the server already knows because
 * of state of the renegotiation flag, so no indicator is required)
 */
#define TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT (1 << 0)
 
/*
 * Size defines
 */
#if !defined(POLARSSL_PSK_MAX_LEN)
#define POLARSSL_PSK_MAX_LEN            32 /* 256 bits */
#endif
 
/* Dummy type used only for its size */
union _ssl_premaster_secret
{
#if defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED)
    unsigned char _pms_rsa[48];                         /* RFC 5246 8.1.1 */
#endif
#if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED)
    unsigned char _pms_dhm[POLARSSL_MPI_MAX_SIZE];      /* RFC 5246 8.1.2 */
#endif
#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED)    || \
    defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)  || \
    defined(POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED)     || \
    defined(POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
    unsigned char _pms_ecdh[POLARSSL_ECP_MAX_BYTES];    /* RFC 4492 5.10 */
#endif
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
    unsigned char _pms_psk[4 + 2 * POLARSSL_PSK_MAX_LEN];       /* RFC 4279 2 */
#endif
#if defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED)
    unsigned char _pms_dhe_psk[4 + POLARSSL_MPI_MAX_SIZE
                                 + POLARSSL_PSK_MAX_LEN];       /* RFC 4279 3 */
#endif
#if defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED)
    unsigned char _pms_rsa_psk[52 + POLARSSL_PSK_MAX_LEN];      /* RFC 4279 4 */
#endif
#if defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED)
    unsigned char _pms_ecdhe_psk[4 + POLARSSL_ECP_MAX_BYTES
                                   + POLARSSL_PSK_MAX_LEN];     /* RFC 5489 2 */
#endif
};
 
#define POLARSSL_PREMASTER_SIZE     sizeof( union _ssl_premaster_secret )
 
#ifdef __cplusplus
extern "C" {
#endif
 
/*
 * Generic function pointers for allowing external RSA private key
 * implementations.
 */
typedef int (*rsa_decrypt_func)( void *ctx, int mode, size_t *olen,
                        const unsigned char *input, unsigned char *output,
                        size_t output_max_len );
typedef int (*rsa_sign_func)( void *ctx,
                     int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
                     int mode, md_type_t md_alg, unsigned int hashlen,
                     const unsigned char *hash, unsigned char *sig );
typedef size_t (*rsa_key_len_func)( void *ctx );
 
/*
 * SSL state machine
 */
typedef enum
{
    SSL_HELLO_REQUEST,
    SSL_CLIENT_HELLO,
    SSL_SERVER_HELLO,
    SSL_SERVER_CERTIFICATE,
    SSL_SERVER_KEY_EXCHANGE,
    SSL_CERTIFICATE_REQUEST,
    SSL_SERVER_HELLO_DONE,
    SSL_CLIENT_CERTIFICATE,
    SSL_CLIENT_KEY_EXCHANGE,
    SSL_CERTIFICATE_VERIFY,
    SSL_CLIENT_CHANGE_CIPHER_SPEC,
    SSL_CLIENT_FINISHED,
    SSL_SERVER_CHANGE_CIPHER_SPEC,
    SSL_SERVER_FINISHED,
    SSL_FLUSH_BUFFERS,
    SSL_HANDSHAKE_WRAPUP,
    SSL_HANDSHAKE_OVER,
    SSL_SERVER_NEW_SESSION_TICKET,
}
ssl_states;
 
typedef struct _ssl_session ssl_session;
typedef struct _ssl_context ssl_context;
typedef struct _ssl_transform ssl_transform;
typedef struct _ssl_handshake_params ssl_handshake_params;
#if defined(POLARSSL_SSL_SESSION_TICKETS)
typedef struct _ssl_ticket_keys ssl_ticket_keys;
#endif
#if defined(POLARSSL_X509_CRT_PARSE_C)
typedef struct _ssl_key_cert ssl_key_cert;
#endif
 
/*
 * This structure is used for storing current session data.
 */
struct _ssl_session
{
#if defined(POLARSSL_HAVE_TIME)
    time_t start;               
#endif
    int ciphersuite;            
    int compression;            
    size_t length;              
    unsigned char id[32];       
    unsigned char master[48];   
#if defined(POLARSSL_X509_CRT_PARSE_C)
    x509_crt *peer_cert;        
#endif /* POLARSSL_X509_CRT_PARSE_C */
    int verify_result;          
#if defined(POLARSSL_SSL_SESSION_TICKETS)
    unsigned char *ticket;      
    size_t ticket_len;          
    uint32_t ticket_lifetime;   
#endif /* POLARSSL_SSL_SESSION_TICKETS */
 
#if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
    unsigned char mfl_code;     
#endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */
 
#if defined(POLARSSL_SSL_TRUNCATED_HMAC)
    int trunc_hmac;             
#endif /* POLARSSL_SSL_TRUNCATED_HMAC */
};
 
/*
 * This structure contains a full set of runtime transform parameters
 * either in negotiation or active.
 */
struct _ssl_transform
{
    /*
     * Session specific crypto layer
     */
    const ssl_ciphersuite_t *ciphersuite_info;
    unsigned int keylen;                
    size_t minlen;                      
    size_t ivlen;                       
    size_t fixed_ivlen;                 
    size_t maclen;                      
    unsigned char iv_enc[16];           
    unsigned char iv_dec[16];           
#if defined(POLARSSL_SSL_PROTO_SSL3)
    /* Needed only for SSL v3.0 secret */
    unsigned char mac_enc[20];          
    unsigned char mac_dec[20];          
#endif /* POLARSSL_SSL_PROTO_SSL3 */
 
    md_context_t md_ctx_enc;            
    md_context_t md_ctx_dec;            
    cipher_context_t cipher_ctx_enc;    
    cipher_context_t cipher_ctx_dec;    
    /*
     * Session specific compression layer
     */
#if defined(POLARSSL_ZLIB_SUPPORT)
    z_stream ctx_deflate;               
    z_stream ctx_inflate;               
#endif
};
 
/*
 * This structure contains the parameters only needed during handshake.
 */
struct _ssl_handshake_params
{
    /*
     * Handshake specific crypto variables
     */
    int sig_alg;                        
    int cert_type;                      
    int verify_sig_alg;                 
#if defined(POLARSSL_DHM_C)
    dhm_context dhm_ctx;                
#endif
#if defined(POLARSSL_ECDH_C)
    ecdh_context ecdh_ctx;              
#endif
#if defined(POLARSSL_ECDH_C) || defined(POLARSSL_ECDSA_C)
    const ecp_curve_info **curves;      
#endif
#if defined(POLARSSL_X509_CRT_PARSE_C)
    ssl_key_cert *key_cert;
#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
    ssl_key_cert *sni_key_cert;         
#endif
#endif /* POLARSSL_X509_CRT_PARSE_C */
 
    /*
     * Checksum contexts
     */
#if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1) || \
    defined(POLARSSL_SSL_PROTO_TLS1_1)
       md5_context fin_md5;
      sha1_context fin_sha1;
#endif
#if defined(POLARSSL_SSL_PROTO_TLS1_2)
#if defined(POLARSSL_SHA256_C)
    sha256_context fin_sha256;
#endif
#if defined(POLARSSL_SHA512_C)
    sha512_context fin_sha512;
#endif
#endif /* POLARSSL_SSL_PROTO_TLS1_2 */
 
    void (*update_checksum)(ssl_context *, const unsigned char *, size_t);
    void (*calc_verify)(ssl_context *, unsigned char *);
    void (*calc_finished)(ssl_context *, unsigned char *, int);
    int  (*tls_prf)(const unsigned char *, size_t, const char *,
                    const unsigned char *, size_t,
                    unsigned char *, size_t);
 
    size_t pmslen;                      
    unsigned char randbytes[64];        
    unsigned char premaster[POLARSSL_PREMASTER_SIZE];
    int resume;                         
    int max_major_ver;                  
    int max_minor_ver;                  
    int cli_exts;                       
#if defined(POLARSSL_SSL_SESSION_TICKETS)
    int new_session_ticket;             
#endif /* POLARSSL_SSL_SESSION_TICKETS */
};
 
#if defined(POLARSSL_SSL_SESSION_TICKETS)
/*
 * Parameters needed to secure session tickets
 */
struct _ssl_ticket_keys
{
    unsigned char key_name[16];     
    aes_context enc;                
    aes_context dec;                
    unsigned char mac_key[16];      
};
#endif /* POLARSSL_SSL_SESSION_TICKETS */
 
#if defined(POLARSSL_X509_CRT_PARSE_C)
/*
 * List of certificate + private key pairs
 */
struct _ssl_key_cert
{
    x509_crt *cert;                 
    pk_context *key;                
    int key_own_alloc;              
    ssl_key_cert *next;             
};
#endif /* POLARSSL_X509_CRT_PARSE_C */
 
struct _ssl_context
{
    /*
     * Miscellaneous
     */
    int state;                  
    int renegotiation;          
    int renego_records_seen;    
    int major_ver;              
    int minor_ver;              
    int max_major_ver;          
    int max_minor_ver;          
    int min_major_ver;          
    int min_minor_ver;          
    /*
     * Callbacks (RNG, debug, I/O, verification)
     */
    int  (*f_rng)(void *, unsigned char *, size_t);
    void (*f_dbg)(void *, int, const char *);
    int (*f_recv)(void *, unsigned char *, size_t);
    int (*f_send)(void *, const unsigned char *, size_t);
    int (*f_get_cache)(void *, ssl_session *);
    int (*f_set_cache)(void *, const ssl_session *);
 
    void *p_rng;                
    void *p_dbg;                
    void *p_recv;               
    void *p_send;               
    void *p_get_cache;          
    void *p_set_cache;          
    void *p_hw_data;            
#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
    int (*f_sni)(void *, ssl_context *, const unsigned char *, size_t);
    void *p_sni;                
#endif
 
#if defined(POLARSSL_X509_CRT_PARSE_C)
    int (*f_vrfy)(void *, x509_crt *, int, int *);
    void *p_vrfy;               
#endif
 
#if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
    int (*f_psk)(void *, ssl_context *, const unsigned char *, size_t);
    void *p_psk;               
#endif
 
    /*
     * Session layer
     */
    ssl_session *session_in;            
    ssl_session *session_out;           
    ssl_session *session;               
    ssl_session *session_negotiate;     
    ssl_handshake_params *handshake;    
    /*
     * Record layer transformations
     */
    ssl_transform *transform_in;        
    ssl_transform *transform_out;       
    ssl_transform *transform;           
    ssl_transform *transform_negotiate; 
    /*
     * Record layer (incoming data)
     */
    unsigned char *in_ctr;      
    unsigned char *in_hdr;      
    unsigned char *in_iv;       
    unsigned char *in_msg;      
    unsigned char *in_offt;     
    int in_msgtype;             
    size_t in_msglen;           
    size_t in_left;             
    size_t in_hslen;            
    int nb_zero;                
    int record_read;            
    /*
     * Record layer (outgoing data)
     */
    unsigned char *out_ctr;     
    unsigned char *out_hdr;     
    unsigned char *out_iv;      
    unsigned char *out_msg;     
    int out_msgtype;            
    size_t out_msglen;          
    size_t out_left;            
#if defined(POLARSSL_ZLIB_SUPPORT)
    unsigned char *compress_buf;        
#endif
#if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
    unsigned char mfl_code;     
#endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */
 
    /*
     * PKI layer
     */
#if defined(POLARSSL_X509_CRT_PARSE_C)
    ssl_key_cert *key_cert;             
    x509_crt *ca_chain;                 
    x509_crl *ca_crl;                   
    const char *peer_cn;                
#endif /* POLARSSL_X509_CRT_PARSE_C */
 
    /*
     * Support for generating and checking session tickets
     */
#if defined(POLARSSL_SSL_SESSION_TICKETS)
    ssl_ticket_keys *ticket_keys;       
#endif /* POLARSSL_SSL_SESSION_TICKETS */
 
    /*
     * User settings
     */
    int endpoint;                       
    int authmode;                       
    int client_auth;                    
    int verify_result;                  
    int disable_renegotiation;          
    int allow_legacy_renegotiation;     
    int renego_max_records;             
    const int *ciphersuite_list[4];     
#if defined(POLARSSL_SSL_SET_CURVES)
    const ecp_group_id *curve_list;     
#endif
#if defined(POLARSSL_SSL_TRUNCATED_HMAC)
    int trunc_hmac;                     
#endif
#if defined(POLARSSL_SSL_SESSION_TICKETS)
    int session_tickets;                
    int ticket_lifetime;                
#endif
 
#if defined(POLARSSL_DHM_C)
    mpi dhm_P;                          
    mpi dhm_G;                          
#endif
 
#if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
    /*
     * PSK values
     */
    unsigned char *psk;
    size_t         psk_len;
    unsigned char *psk_identity;
    size_t         psk_identity_len;
#endif
 
#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
    /*
     * SNI extension
     */
    unsigned char *hostname;
    size_t         hostname_len;
#endif
 
#if defined(POLARSSL_SSL_ALPN)
    /*
     * ALPN extension
     */
    const char **alpn_list;     
    const char *alpn_chosen;    
#endif
 
    /*
     * Secure renegotiation
     */
    int secure_renegotiation;           
    size_t verify_data_len;             
    char own_verify_data[36];           
    char peer_verify_data[36];          
};
 
#if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
 
#define SSL_CHANNEL_OUTBOUND    0
#define SSL_CHANNEL_INBOUND     1
 
extern int (*ssl_hw_record_init)(ssl_context *ssl,
                const unsigned char *key_enc, const unsigned char *key_dec,
                size_t keylen,
                const unsigned char *iv_enc,  const unsigned char *iv_dec,
                size_t ivlen,
                const unsigned char *mac_enc, const unsigned char *mac_dec,
                size_t maclen);
extern int (*ssl_hw_record_activate)(ssl_context *ssl, int direction);
extern int (*ssl_hw_record_reset)(ssl_context *ssl);
extern int (*ssl_hw_record_write)(ssl_context *ssl);
extern int (*ssl_hw_record_read)(ssl_context *ssl);
extern int (*ssl_hw_record_finish)(ssl_context *ssl);
#endif /* POLARSSL_SSL_HW_RECORD_ACCEL */
 
const int *ssl_list_ciphersuites( void );
 
const char *ssl_get_ciphersuite_name( const int ciphersuite_id );
 
int ssl_get_ciphersuite_id( const char *ciphersuite_name );
 
int ssl_init( ssl_context *ssl );
 
int ssl_session_reset( ssl_context *ssl );
 
void ssl_set_endpoint( ssl_context *ssl, int endpoint );
 
void ssl_set_authmode( ssl_context *ssl, int authmode );
 
#if defined(POLARSSL_X509_CRT_PARSE_C)
void ssl_set_verify( ssl_context *ssl,
                     int (*f_vrfy)(void *, x509_crt *, int, int *),
                     void *p_vrfy );
#endif /* POLARSSL_X509_CRT_PARSE_C */
 
void ssl_set_rng( ssl_context *ssl,
                  int (*f_rng)(void *, unsigned char *, size_t),
                  void *p_rng );
 
void ssl_set_dbg( ssl_context *ssl,
                  void (*f_dbg)(void *, int, const char *),
                  void  *p_dbg );
 
void ssl_set_bio( ssl_context *ssl,
        int (*f_recv)(void *, unsigned char *, size_t), void *p_recv,
        int (*f_send)(void *, const unsigned char *, size_t), void *p_send );
 
void ssl_set_session_cache( ssl_context *ssl,
        int (*f_get_cache)(void *, ssl_session *), void *p_get_cache,
        int (*f_set_cache)(void *, const ssl_session *), void *p_set_cache );
 
int ssl_set_session( ssl_context *ssl, const ssl_session *session );
 
void ssl_set_ciphersuites( ssl_context *ssl, const int *ciphersuites );
 
void ssl_set_ciphersuites_for_version( ssl_context *ssl,
                                       const int *ciphersuites,
                                       int major, int minor );
 
#if defined(POLARSSL_X509_CRT_PARSE_C)
void ssl_set_ca_chain( ssl_context *ssl, x509_crt *ca_chain,
                       x509_crl *ca_crl, const char *peer_cn );
 
int ssl_set_own_cert( ssl_context *ssl, x509_crt *own_cert,
                       pk_context *pk_key );
 
#if defined(POLARSSL_RSA_C)
int ssl_set_own_cert_rsa( ssl_context *ssl, x509_crt *own_cert,
                          rsa_context *rsa_key );
#endif /* POLARSSL_RSA_C */
 
int ssl_set_own_cert_alt( ssl_context *ssl, x509_crt *own_cert,
                          void *rsa_key,
                          rsa_decrypt_func rsa_decrypt,
                          rsa_sign_func rsa_sign,
                          rsa_key_len_func rsa_key_len );
#endif /* POLARSSL_X509_CRT_PARSE_C */
 
#if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
int ssl_set_psk( ssl_context *ssl, const unsigned char *psk, size_t psk_len,
                 const unsigned char *psk_identity, size_t psk_identity_len );
 
void ssl_set_psk_cb( ssl_context *ssl,
                     int (*f_psk)(void *, ssl_context *, const unsigned char *,
                                  size_t),
                     void *p_psk );
#endif /* POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED */
 
#if defined(POLARSSL_DHM_C)
int ssl_set_dh_param( ssl_context *ssl, const char *dhm_P, const char *dhm_G );
 
int ssl_set_dh_param_ctx( ssl_context *ssl, dhm_context *dhm_ctx );
#endif /* POLARSSL_DHM_C */
 
#if defined(POLARSSL_SSL_SET_CURVES)
void ssl_set_curves( ssl_context *ssl, const ecp_group_id *curves );
#endif /* POLARSSL_SSL_SET_CURVES */
 
#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
int ssl_set_hostname( ssl_context *ssl, const char *hostname );
 
void ssl_set_sni( ssl_context *ssl,
                  int (*f_sni)(void *, ssl_context *, const unsigned char *,
                               size_t),
                  void *p_sni );
#endif /* POLARSSL_SSL_SERVER_NAME_INDICATION */
 
#if defined(POLARSSL_SSL_ALPN)
int ssl_set_alpn_protocols( ssl_context *ssl, const char **protos );
 
const char *ssl_get_alpn_protocol( const ssl_context *ssl );
#endif /* POLARSSL_SSL_ALPN */
 
void ssl_set_max_version( ssl_context *ssl, int major, int minor );
 
 
void ssl_set_min_version( ssl_context *ssl, int major, int minor );
 
#if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
int ssl_set_max_frag_len( ssl_context *ssl, unsigned char mfl_code );
#endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */
 
#if defined(POLARSSL_SSL_TRUNCATED_HMAC)
int ssl_set_truncated_hmac( ssl_context *ssl, int truncate );
#endif /* POLARSSL_SSL_TRUNCATED_HMAC */
 
#if defined(POLARSSL_SSL_SESSION_TICKETS)
int ssl_set_session_tickets( ssl_context *ssl, int use_tickets );
 
void ssl_set_session_ticket_lifetime( ssl_context *ssl, int lifetime );
#endif /* POLARSSL_SSL_SESSION_TICKETS */
 
void ssl_set_renegotiation( ssl_context *ssl, int renegotiation );
 
void ssl_legacy_renegotiation( ssl_context *ssl, int allow_legacy );
 
void ssl_set_renegotiation_enforced( ssl_context *ssl, int max_records );
 
size_t ssl_get_bytes_avail( const ssl_context *ssl );
 
int ssl_get_verify_result( const ssl_context *ssl );
 
const char *ssl_get_ciphersuite( const ssl_context *ssl );
 
const char *ssl_get_version( const ssl_context *ssl );
 
#if defined(POLARSSL_X509_CRT_PARSE_C)
const x509_crt *ssl_get_peer_cert( const ssl_context *ssl );
#endif /* POLARSSL_X509_CRT_PARSE_C */
 
int ssl_get_session( const ssl_context *ssl, ssl_session *session );
 
int ssl_handshake( ssl_context *ssl );
 
int ssl_handshake_step( ssl_context *ssl );
 
int ssl_renegotiate( ssl_context *ssl );
 
int ssl_read( ssl_context *ssl, unsigned char *buf, size_t len );
 
int ssl_write( ssl_context *ssl, const unsigned char *buf, size_t len );
 
int ssl_send_alert_message( ssl_context *ssl,
                            unsigned char level,
                            unsigned char message );
int ssl_close_notify( ssl_context *ssl );
 
void ssl_free( ssl_context *ssl );
 
void ssl_session_init( ssl_session *session );
 
void ssl_session_free( ssl_session *session );
 
void ssl_transform_free( ssl_transform *transform );
 
void ssl_handshake_free( ssl_handshake_params *handshake );
 
/*
 * Internal functions (do not call directly)
 */
int ssl_handshake_client_step( ssl_context *ssl );
int ssl_handshake_server_step( ssl_context *ssl );
void ssl_handshake_wrapup( ssl_context *ssl );
 
int ssl_send_fatal_handshake_failure( ssl_context *ssl );
 
int ssl_derive_keys( ssl_context *ssl );
 
int ssl_read_record( ssl_context *ssl );
int ssl_fetch_input( ssl_context *ssl, size_t nb_want );
 
int ssl_write_record( ssl_context *ssl );
int ssl_flush_output( ssl_context *ssl );
 
int ssl_parse_certificate( ssl_context *ssl );
int ssl_write_certificate( ssl_context *ssl );
 
int ssl_parse_change_cipher_spec( ssl_context *ssl );
int ssl_write_change_cipher_spec( ssl_context *ssl );
 
int ssl_parse_finished( ssl_context *ssl );
int ssl_write_finished( ssl_context *ssl );
 
void ssl_optimize_checksum( ssl_context *ssl,
                            const ssl_ciphersuite_t *ciphersuite_info );
 
#if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
int ssl_psk_derive_premaster( ssl_context *ssl, key_exchange_type_t key_ex );
#endif
 
#if defined(POLARSSL_PK_C)
unsigned char ssl_sig_from_pk( pk_context *pk );
pk_type_t ssl_pk_alg_from_sig( unsigned char sig );
#endif
 
md_type_t ssl_md_alg_from_hash( unsigned char hash );
 
#if defined(POLARSSL_SSL_SET_CURVES)
int ssl_curve_is_acceptable( const ssl_context *ssl, ecp_group_id grp_id );
#endif
 
#if defined(POLARSSL_X509_CRT_PARSE_C)
static inline pk_context *ssl_own_key( ssl_context *ssl )
{
    return( ssl->handshake->key_cert == NULL ? NULL
            : ssl->handshake->key_cert->key );
}
 
static inline x509_crt *ssl_own_cert( ssl_context *ssl )
{
    return( ssl->handshake->key_cert == NULL ? NULL
            : ssl->handshake->key_cert->cert );
}
 
/*
 * Check usage of a certificate wrt extensions:
 * keyUsage, extendedKeyUsage (later), and nSCertType (later).
 *
 * Warning: cert_endpoint is the endpoint of the cert (ie, of our peer when we
 * check a cert we received from them)!
 *
 * Return 0 if everything is OK, -1 if not.
 */
int ssl_check_cert_usage( const x509_crt *cert,
                          const ssl_ciphersuite_t *ciphersuite,
                          int cert_endpoint );
#endif /* POLARSSL_X509_CRT_PARSE_C */
 
/* constant-time buffer comparison */
static inline int safer_memcmp( const void *a, const void *b, size_t n )
{
    size_t i;
    const unsigned char *A = (const unsigned char *) a;
    const unsigned char *B = (const unsigned char *) b;
    unsigned char diff = 0;
 
    for( i = 0; i < n; i++ )
        diff |= A[i] ^ B[i];
 
    return( diff );
}
 
#ifdef __cplusplus
}
#endif
 
#endif /* ssl.h */