3 * Copyright (C) 2006-2014 wolfSSL Inc.
5 * This file is part of CyaSSL.
7 * CyaSSL is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
12 * CyaSSL is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
27 #include <cyassl/ctaocrypt/types.h>
28 #include <cyassl/ssl.h>
29 #include <cyassl/crl.h>
30 #include <cyassl/ctaocrypt/random.h>
31 #include <cyassl/ctaocrypt/des3.h>
32 #include <cyassl/ctaocrypt/hc128.h>
33 #include <cyassl/ctaocrypt/rabbit.h>
34 #include <cyassl/ctaocrypt/asn.h>
35 #include <cyassl/ctaocrypt/md5.h>
36 #include <cyassl/ctaocrypt/sha.h>
37 #include <cyassl/ctaocrypt/aes.h>
38 #include <cyassl/ctaocrypt/camellia.h>
39 #include <cyassl/ctaocrypt/logging.h>
40 #include <cyassl/ctaocrypt/hmac.h>
42 #include <cyassl/ctaocrypt/arc4.h>
45 #include <cyassl/ctaocrypt/ecc.h>
48 #include <cyassl/ctaocrypt/sha256.h>
51 #include <cyassl/ocsp.h>
54 #include <cyassl/ctaocrypt/sha512.h>
58 #include <cyassl/ctaocrypt/sha512.h>
62 #include <cyassl/ctaocrypt/ripemd.h>
65 #ifdef CYASSL_CALLBACKS
66 #include <cyassl/callbacks.h>
70 #ifdef USE_WINDOWS_API
71 #ifdef CYASSL_GAME_BUILD
72 #include "system/xtl.h"
74 #if defined(_WIN32_WCE) || defined(WIN32_LEAN_AND_MEAN)
75 /* On WinCE winsock2.h must be included before windows.h */
80 #elif defined(THREADX)
81 #ifndef SINGLE_THREADED
84 #elif defined(MICRIUM)
85 /* do nothing, just don't pick Unix */
86 #elif defined(FREERTOS) || defined(CYASSL_SAFERTOS)
90 #elif defined(FREESCALE_MQX)
92 #elif defined(CYASSL_MDK_ARM)
93 #if defined(CYASSL_MDK5)
101 #ifndef SINGLE_THREADED
102 #define CYASSL_PTHREADS
105 #if defined(OPENSSL_EXTRA) || defined(GOAHEAD_WS)
106 #include <unistd.h> /* for close of BIO */
116 /* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */
117 #pragma warning(disable: 4996)
121 #if !defined (ALIGN16)
127 #define SHA_DIGEST_SIZE 20
131 #define SHA256_DIGEST_SIZE 32
140 #ifdef USE_WINDOWS_API
141 typedef unsigned int SOCKET_T;
143 typedef int SOCKET_T;
147 typedef byte word24[3];
149 /* used by ssl.c and cyassl_int.c */
150 void c32to24(word32 in, word24 out);
152 /* Define or comment out the cipher suites you'd like to be compiled in
153 make sure to use at least one BUILD_SSL_xxx or BUILD_TLS_xxx is defined
155 When adding cipher suites, add name to cipher_names, idx to cipher_name_idx
157 #if !defined(NO_RSA) && !defined(NO_RC4)
159 #define BUILD_SSL_RSA_WITH_RC4_128_SHA
162 #define BUILD_SSL_RSA_WITH_RC4_128_MD5
164 #if !defined(NO_TLS) && defined(HAVE_NTRU) && !defined(NO_SHA)
165 #define BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
169 #if !defined(NO_RSA) && !defined(NO_DES3)
171 #define BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA
172 #if !defined(NO_TLS) && defined(HAVE_NTRU)
173 #define BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA
178 #if !defined(NO_RSA) && !defined(NO_AES) && !defined(NO_TLS)
180 #define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
181 #define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
182 #if defined(HAVE_NTRU)
183 #define BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
184 #define BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
187 #if !defined (NO_SHA256)
188 #define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256
189 #define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256
191 #if defined (HAVE_AESGCM)
192 #define BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256
193 #if defined (CYASSL_SHA384)
194 #define BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384
197 #if defined (HAVE_AESCCM)
198 #define BUILD_TLS_RSA_WITH_AES_128_CCM_8
199 #define BUILD_TLS_RSA_WITH_AES_256_CCM_8
201 #if defined(HAVE_BLAKE2)
202 #define BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256
203 #define BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256
207 #if defined(HAVE_CAMELLIA) && !defined(NO_TLS)
210 #define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
211 #define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
214 #define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
215 #define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
219 #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
220 #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
223 #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
224 #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
230 #if !defined(NO_PSK) && !defined(NO_AES) && !defined(NO_TLS)
232 #define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA
233 #define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA
236 #define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256
238 #define BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256
241 #define BUILD_TLS_PSK_WITH_AES_128_CCM_8
242 #define BUILD_TLS_PSK_WITH_AES_256_CCM_8
243 #define BUILD_TLS_PSK_WITH_AES_128_CCM
244 #define BUILD_TLS_PSK_WITH_AES_256_CCM
248 #define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384
250 #define BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384
255 #if !defined(NO_TLS) && defined(HAVE_NULL_CIPHER)
258 #define BUILD_TLS_RSA_WITH_NULL_SHA
261 #define BUILD_TLS_RSA_WITH_NULL_SHA256
266 #define BUILD_TLS_PSK_WITH_NULL_SHA
269 #define BUILD_TLS_PSK_WITH_NULL_SHA256
272 #define BUILD_TLS_PSK_WITH_NULL_SHA384
277 #if !defined(NO_HC128) && !defined(NO_RSA) && !defined(NO_TLS)
278 #define BUILD_TLS_RSA_WITH_HC_128_MD5
280 #define BUILD_TLS_RSA_WITH_HC_128_SHA
282 #if defined(HAVE_BLAKE2)
283 #define BUILD_TLS_RSA_WITH_HC_128_B2B256
287 #if !defined(NO_RABBIT) && !defined(NO_TLS) && !defined(NO_RSA)
289 #define BUILD_TLS_RSA_WITH_RABBIT_SHA
293 #if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \
296 #define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
297 #define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
299 #if !defined (NO_SHA256)
300 #define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
301 #define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
302 #if defined (HAVE_AESGCM)
303 #define BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
304 #if defined (CYASSL_SHA384)
305 #define BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
312 #if !defined(NO_DH) && !defined(NO_PSK) && !defined(NO_TLS)
314 #define BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
315 #ifdef HAVE_NULL_CIPHER
316 #define BUILD_TLS_DHE_PSK_WITH_NULL_SHA256
319 #define BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
322 #define BUILD_TLS_DHE_PSK_WITH_AES_128_CCM
323 #define BUILD_TLS_DHE_PSK_WITH_AES_256_CCM
327 #define BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
328 #ifdef HAVE_NULL_CIPHER
329 #define BUILD_TLS_DHE_PSK_WITH_NULL_SHA384
332 #define BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
337 #if defined(HAVE_ECC) && !defined(NO_TLS)
341 #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
342 #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
343 #define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
344 #define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
347 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
348 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
350 #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
351 #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
355 #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
356 #define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
358 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
359 #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
364 #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
365 #define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
367 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
368 #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
371 #if defined (HAVE_AESGCM)
373 #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
374 #define BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
375 #if defined(CYASSL_SHA384)
376 #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
377 #define BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
381 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
382 #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
384 #if defined(CYASSL_SHA384)
385 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
386 #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
389 #if defined (HAVE_AESCCM)
390 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
391 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
397 #define BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA
398 #define BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA
401 #define BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
402 #define BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
405 #if !defined(NO_DES3)
407 #define BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
408 #define BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
411 #define BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
412 #define BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
417 #if defined(BUILD_SSL_RSA_WITH_RC4_128_SHA) || \
418 defined(BUILD_SSL_RSA_WITH_RC4_128_MD5)
422 #if defined(BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA)
426 #if defined(BUILD_TLS_RSA_WITH_AES_128_CBC_SHA) || \
427 defined(BUILD_TLS_RSA_WITH_AES_256_CBC_SHA) || \
428 defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256)
433 #if defined(BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256) || \
434 defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256)
438 #if defined(BUILD_TLS_RSA_WITH_HC_128_SHA) || \
439 defined(BUILD_TLS_RSA_WITH_HC_128_MD5) || \
440 defined(BUILD_TLS_RSA_WITH_HC_128_B2B256)
444 #if defined(BUILD_TLS_RSA_WITH_RABBIT_SHA)
449 #define DES_BLOCK_SIZE 8
456 #define AES_BLOCK_SIZE 16
469 #if defined(BUILD_AESGCM) || defined(HAVE_AESCCM)
474 /* actual cipher values, 2nd byte */
476 TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x39,
477 TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x33,
478 TLS_RSA_WITH_AES_256_CBC_SHA = 0x35,
479 TLS_RSA_WITH_AES_128_CBC_SHA = 0x2F,
480 TLS_RSA_WITH_NULL_SHA = 0x02,
481 TLS_PSK_WITH_AES_256_CBC_SHA = 0x8d,
482 TLS_PSK_WITH_AES_128_CBC_SHA256 = 0xae,
483 TLS_PSK_WITH_AES_256_CBC_SHA384 = 0xaf,
484 TLS_PSK_WITH_AES_128_CBC_SHA = 0x8c,
485 TLS_PSK_WITH_NULL_SHA256 = 0xb0,
486 TLS_PSK_WITH_NULL_SHA384 = 0xb1,
487 TLS_PSK_WITH_NULL_SHA = 0x2c,
488 SSL_RSA_WITH_RC4_128_SHA = 0x05,
489 SSL_RSA_WITH_RC4_128_MD5 = 0x04,
490 SSL_RSA_WITH_3DES_EDE_CBC_SHA = 0x0A,
492 /* ECC suites, first byte is 0xC0 (ECC_BYTE) */
493 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0x14,
494 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0x13,
495 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0x0A,
496 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 0x09,
497 TLS_ECDHE_RSA_WITH_RC4_128_SHA = 0x11,
498 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = 0x07,
499 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x12,
500 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = 0x08,
501 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0x27,
502 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0x23,
503 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = 0x28,
504 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 0x24,
506 /* static ECDH, first byte is 0xC0 (ECC_BYTE) */
507 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA = 0x0F,
508 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA = 0x0E,
509 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA = 0x05,
510 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA = 0x04,
511 TLS_ECDH_RSA_WITH_RC4_128_SHA = 0x0C,
512 TLS_ECDH_ECDSA_WITH_RC4_128_SHA = 0x02,
513 TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA = 0x0D,
514 TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = 0x03,
515 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 = 0x29,
516 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 = 0x25,
517 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 = 0x2A,
518 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 = 0x26,
520 /* CyaSSL extension - eSTREAM */
521 TLS_RSA_WITH_HC_128_MD5 = 0xFB,
522 TLS_RSA_WITH_HC_128_SHA = 0xFC,
523 TLS_RSA_WITH_RABBIT_SHA = 0xFD,
525 /* CyaSSL extension - Blake2b 256 */
526 TLS_RSA_WITH_AES_128_CBC_B2B256 = 0xF8,
527 TLS_RSA_WITH_AES_256_CBC_B2B256 = 0xF9,
528 TLS_RSA_WITH_HC_128_B2B256 = 0xFA, /* eSTREAM too */
530 /* CyaSSL extension - NTRU */
531 TLS_NTRU_RSA_WITH_RC4_128_SHA = 0xe5,
532 TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA = 0xe6,
533 TLS_NTRU_RSA_WITH_AES_128_CBC_SHA = 0xe7, /* clashes w/official SHA-256 */
534 TLS_NTRU_RSA_WITH_AES_256_CBC_SHA = 0xe8,
537 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x6b,
538 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x67,
539 TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x3d,
540 TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x3c,
541 TLS_RSA_WITH_NULL_SHA256 = 0x3b,
542 TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 = 0xb2,
543 TLS_DHE_PSK_WITH_NULL_SHA256 = 0xb4,
546 TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 = 0xb3,
547 TLS_DHE_PSK_WITH_NULL_SHA384 = 0xb5,
550 TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x9c,
551 TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x9d,
552 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x9e,
553 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x9f,
554 TLS_PSK_WITH_AES_128_GCM_SHA256 = 0xa8,
555 TLS_PSK_WITH_AES_256_GCM_SHA384 = 0xa9,
556 TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 = 0xaa,
557 TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 = 0xab,
559 /* ECC AES-GCM, first byte is 0xC0 (ECC_BYTE) */
560 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0x2b,
561 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 0x2c,
562 TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 = 0x2d,
563 TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 = 0x2e,
564 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0x2f,
565 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 0x30,
566 TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 = 0x31,
567 TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 = 0x32,
569 /* AES-CCM, first byte is 0xC0 but isn't ECC,
570 * also, in some of the other AES-CCM suites
571 * there will be second byte number conflicts
572 * with non-ECC AES-GCM */
573 TLS_RSA_WITH_AES_128_CCM_8 = 0xa0,
574 TLS_RSA_WITH_AES_256_CCM_8 = 0xa1,
575 TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 = 0xae,
576 TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 = 0xaf,
577 TLS_PSK_WITH_AES_128_CCM = 0xa4,
578 TLS_PSK_WITH_AES_256_CCM = 0xa5,
579 TLS_PSK_WITH_AES_128_CCM_8 = 0xa8,
580 TLS_PSK_WITH_AES_256_CCM_8 = 0xa9,
581 TLS_DHE_PSK_WITH_AES_128_CCM = 0xa6,
582 TLS_DHE_PSK_WITH_AES_256_CCM = 0xa7,
585 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x41,
586 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x84,
587 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xba,
588 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0xc0,
589 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x45,
590 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x88,
591 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xbe,
592 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0xc4,
594 /* Renegotiation Indication Extension Special Suite */
595 TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0xff
600 ECC_BYTE = 0xC0, /* ECC first cipher suite byte */
605 DTLS_MAJOR = 0xfe, /* DTLS major version number */
606 DTLS_MINOR = 0xff, /* DTLS minor version number */
607 DTLSv1_2_MINOR = 0xfd, /* DTLS minor version number */
608 SSLv3_MAJOR = 3, /* SSLv3 and TLSv1+ major version number */
609 SSLv3_MINOR = 0, /* TLSv1 minor version number */
610 TLSv1_MINOR = 1, /* TLSv1 minor version number */
611 TLSv1_1_MINOR = 2, /* TLSv1_1 minor version number */
612 TLSv1_2_MINOR = 3, /* TLSv1_2 minor version number */
613 INVALID_BYTE = 0xff, /* Used to initialize cipher specs values */
615 ZLIB_COMPRESSION = 221, /* CyaSSL zlib compression */
616 HELLO_EXT_SIG_ALGO = 13, /* ID for the sig_algo hello extension */
617 SECRET_LEN = 48, /* pre RSA and all master */
618 ENCRYPT_LEN = 512, /* allow 4096 bit static buffer */
619 SIZEOF_SENDER = 4, /* clnt or srvr */
620 FINISHED_SZ = 36, /* MD5_DIGEST_SIZE + SHA_DIGEST_SIZE */
621 MAX_RECORD_SIZE = 16384, /* 2^14, max size by standard */
622 MAX_MSG_EXTRA = 38 + MAX_DIGEST_SIZE,
623 /* max added to msg, mac + pad from */
624 /* RECORD_HEADER_SZ + BLOCK_SZ (pad) + Max
625 digest sz + BLOC_SZ (iv) + pad byte (1) */
626 MAX_COMP_EXTRA = 1024, /* max compression extra */
627 MAX_MTU = 1500, /* max expected MTU */
628 MAX_UDP_SIZE = 8192 - 100, /* was MAX_MTU - 100 */
629 MAX_DH_SZ = 612, /* 2240 p, pub, g + 2 byte size for each */
630 MAX_STR_VERSION = 8, /* string rep of protocol version */
632 PAD_MD5 = 48, /* pad length for finished */
633 PAD_SHA = 40, /* pad length for finished */
634 MAX_PAD_SIZE = 256, /* maximum length of padding */
635 COMPRESS_DUMMY_SIZE = 64, /* compression dummy round size */
636 COMPRESS_CONSTANT = 13, /* compression calc constant */
637 COMPRESS_UPPER = 55, /* compression calc numerator */
638 COMPRESS_LOWER = 64, /* compression calc denominator */
640 PEM_LINE_LEN = 80, /* PEM line max + fudge */
641 LENGTH_SZ = 2, /* length field for HMAC, data only */
642 VERSION_SZ = 2, /* length of proctocol version */
643 SEQ_SZ = 8, /* 64 bit sequence number */
644 BYTE3_LEN = 3, /* up to 24 bit byte lengths */
645 ALERT_SIZE = 2, /* level + description */
646 VERIFY_HEADER = 2, /* always use 2 bytes */
647 EXT_ID_SZ = 2, /* always use 2 bytes */
648 MAX_DH_SIZE = 513, /* 4096 bit plus possible leading 0 */
650 MAX_SUITE_SZ = 200, /* 100 suites for now! */
651 RAN_LEN = 32, /* random length */
652 SEED_LEN = RAN_LEN * 2, /* tls prf seed length */
653 ID_LEN = 32, /* session id length */
654 MAX_COOKIE_LEN = 32, /* max dtls cookie size */
655 COOKIE_SZ = 20, /* use a 20 byte cookie */
656 SUITE_LEN = 2, /* cipher suite sz length */
657 ENUM_LEN = 1, /* always a byte */
658 OPAQUE8_LEN = 1, /* 1 byte */
659 OPAQUE16_LEN = 2, /* 2 bytes */
660 OPAQUE24_LEN = 3, /* 3 bytes */
661 COMP_LEN = 1, /* compression length */
662 CURVE_LEN = 2, /* ecc named curve length */
663 SERVER_ID_LEN = 20, /* server session id length */
665 HANDSHAKE_HEADER_SZ = 4, /* type + length(3) */
666 RECORD_HEADER_SZ = 5, /* type + version + len(2) */
667 CERT_HEADER_SZ = 3, /* always 3 bytes */
668 REQ_HEADER_SZ = 2, /* cert request header sz */
669 HINT_LEN_SZ = 2, /* length of hint size field */
670 TRUNCATED_HMAC_SZ = 10, /* length of hmac w/ truncated hmac extension */
671 HELLO_EXT_TYPE_SZ = 2, /* length of a hello extension type */
672 HELLO_EXT_SZ = 8, /* total length of the lazy hello extensions */
673 HELLO_EXT_LEN = 6, /* length of the lazy hello extensions */
674 HELLO_EXT_SIGALGO_SZ = 2, /* length of signature algo extension */
675 HELLO_EXT_SIGALGO_MAX = 32, /* number of items in the signature algo list */
677 DTLS_HANDSHAKE_HEADER_SZ = 12, /* normal + seq(2) + offset(3) + length(3) */
678 DTLS_RECORD_HEADER_SZ = 13, /* normal + epoch(2) + seq_num(6) */
679 DTLS_HANDSHAKE_EXTRA = 8, /* diff from normal */
680 DTLS_RECORD_EXTRA = 8, /* diff from normal */
681 DTLS_HANDSHAKE_SEQ_SZ = 2, /* handshake header sequence number */
682 DTLS_HANDSHAKE_FRAG_SZ = 3, /* fragment offset and length are 24 bit */
683 DTLS_POOL_SZ = 5, /* buffers to hold in the retry pool */
685 FINISHED_LABEL_SZ = 15, /* TLS finished label size */
686 TLS_FINISHED_SZ = 12, /* TLS has a shorter size */
687 MASTER_LABEL_SZ = 13, /* TLS master secret label sz */
688 KEY_LABEL_SZ = 13, /* TLS key block expansion sz */
689 MAX_PRF_HALF = 256, /* Maximum half secret len */
690 MAX_PRF_LABSEED = 128, /* Maximum label + seed len */
691 MAX_PRF_DIG = 224, /* Maximum digest len */
692 MAX_REQUEST_SZ = 256, /* Maximum cert req len (no auth yet */
693 SESSION_FLUSH_COUNT = 256, /* Flush session cache unless user turns off */
695 RC4_KEY_SIZE = 16, /* always 128bit */
696 DES_KEY_SIZE = 8, /* des */
697 DES3_KEY_SIZE = 24, /* 3 des ede */
698 DES_IV_SIZE = DES_BLOCK_SIZE,
699 AES_256_KEY_SIZE = 32, /* for 256 bit */
700 AES_192_KEY_SIZE = 24, /* for 192 bit */
701 AES_IV_SIZE = 16, /* always block size */
702 AES_128_KEY_SIZE = 16, /* for 128 bit */
704 AEAD_SEQ_OFFSET = 4, /* Auth Data: Sequence number */
705 AEAD_TYPE_OFFSET = 8, /* Auth Data: Type */
706 AEAD_VMAJ_OFFSET = 9, /* Auth Data: Major Version */
707 AEAD_VMIN_OFFSET = 10, /* Auth Data: Minor Version */
708 AEAD_LEN_OFFSET = 11, /* Auth Data: Length */
709 AEAD_AUTH_DATA_SZ = 13, /* Size of the data to authenticate */
710 AEAD_IMP_IV_SZ = 4, /* Size of the implicit IV */
711 AEAD_EXP_IV_SZ = 8, /* Size of the explicit IV */
712 AEAD_NONCE_SZ = AEAD_EXP_IV_SZ + AEAD_IMP_IV_SZ,
714 AES_GCM_AUTH_SZ = 16, /* AES-GCM Auth Tag length */
715 AES_CCM_16_AUTH_SZ = 16, /* AES-CCM-16 Auth Tag length */
716 AES_CCM_8_AUTH_SZ = 8, /* AES-CCM-8 Auth Tag Length */
718 CAMELLIA_128_KEY_SIZE = 16, /* for 128 bit */
719 CAMELLIA_192_KEY_SIZE = 24, /* for 192 bit */
720 CAMELLIA_256_KEY_SIZE = 32, /* for 256 bit */
721 CAMELLIA_IV_SIZE = 16, /* always block size */
723 HC_128_KEY_SIZE = 16, /* 128 bits */
724 HC_128_IV_SIZE = 16, /* also 128 bits */
726 RABBIT_KEY_SIZE = 16, /* 128 bits */
727 RABBIT_IV_SIZE = 8, /* 64 bits for iv */
729 EVP_SALT_SIZE = 8, /* evp salt size 64 bits */
731 ECDHE_SIZE = 32, /* ECHDE server size defaults to 256 bit */
732 MAX_EXPORT_ECC_SZ = 256, /* Export ANS X9.62 max future size */
734 MAX_HELLO_SZ = 128, /* max client or server hello */
735 MAX_CERT_VERIFY_SZ = 1024, /* max */
736 CLIENT_HELLO_FIRST = 35, /* Protocol + RAN_LEN + sizeof(id_len) */
737 MAX_SUITE_NAME = 48, /* maximum length of cipher suite string */
738 DEFAULT_TIMEOUT = 500, /* default resumption timeout in seconds */
740 DTLS_TIMEOUT_INIT = 1, /* default timeout init for DTLS receive */
741 DTLS_TIMEOUT_MAX = 64, /* default max timeout for DTLS receive */
742 DTLS_TIMEOUT_MULTIPLIER = 2, /* default timeout multiplier for DTLS recv */
744 MAX_PSK_ID_LEN = 128, /* max psk identity/hint supported */
745 MAX_PSK_KEY_LEN = 64, /* max psk key supported */
747 MAX_CYASSL_FILE_SIZE = 1024 * 1024 * 4, /* 4 mb file size alloc limit */
750 MAX_EX_DATA = 3, /* allow for three items of ex_data */
753 MAX_X509_SIZE = 2048, /* max static x509 buffer size */
754 CERT_MIN_SIZE = 256, /* min PEM cert size with header/footer */
755 MAX_FILENAME_SZ = 256, /* max file name length */
756 FILE_BUFFER_SIZE = 1024, /* default static file buffer size for input,
757 will use dynamic buffer if not big enough */
759 MAX_NTRU_PUB_KEY_SZ = 1027, /* NTRU max for now */
760 MAX_NTRU_ENCRYPT_SZ = 1027, /* NTRU max for now */
761 MAX_NTRU_BITS = 256, /* max symmetric bit strength */
762 NO_SNIFF = 0, /* not sniffing */
763 SNIFF = 1, /* currently sniffing */
765 HASH_SIG_SIZE = 2, /* default SHA1 RSA */
767 NO_CAVIUM_DEVICE = -2, /* invalid cavium device id */
769 NO_COPY = 0, /* should we copy static buffer for write */
770 COPY = 1 /* should we copy static buffer for write */
775 /* Shift values for making a session index */
776 #define SESSIDX_ROW_SHIFT 4
777 #define SESSIDX_IDX_MASK 0x0F
781 /* max cert chain peer depth */
782 #ifndef MAX_CHAIN_DEPTH
783 #define MAX_CHAIN_DEPTH 9
787 /* don't use extra 3/4k stack space unless need to */
789 #define MAX_ENCRYPT_SZ MAX_NTRU_ENCRYPT_SZ
791 #define MAX_ENCRYPT_SZ ENCRYPT_LEN
799 SERVER_HELLOVERIFYREQUEST_COMPLETE,
800 SERVER_HELLO_COMPLETE,
801 SERVER_CERT_COMPLETE,
802 SERVER_KEYEXCHANGE_COMPLETE,
803 SERVER_HELLODONE_COMPLETE,
804 SERVER_FINISHED_COMPLETE,
806 CLIENT_HELLO_COMPLETE,
807 CLIENT_KEYEXCHANGE_COMPLETE,
808 CLIENT_FINISHED_COMPLETE,
814 #if defined(__GNUC__)
815 #define CYASSL_PACK __attribute__ ((packed))
821 typedef struct ProtocolVersion {
824 } CYASSL_PACK ProtocolVersion;
827 CYASSL_LOCAL ProtocolVersion MakeSSLv3(void);
828 CYASSL_LOCAL ProtocolVersion MakeTLSv1(void);
829 CYASSL_LOCAL ProtocolVersion MakeTLSv1_1(void);
830 CYASSL_LOCAL ProtocolVersion MakeTLSv1_2(void);
833 CYASSL_LOCAL ProtocolVersion MakeDTLSv1(void);
834 CYASSL_LOCAL ProtocolVersion MakeDTLSv1_2(void);
846 /* CyaSSL BIO_METHOD type */
847 struct CYASSL_BIO_METHOD {
848 byte type; /* method type */
852 /* CyaSSL BIO type */
854 byte type; /* method type */
855 byte close; /* close flag */
856 byte eof; /* eof flag */
857 CYASSL* ssl; /* possible associated ssl */
858 byte* mem; /* memory buffer */
859 int memLen; /* memory buffer length */
860 int fd; /* possible file descriptor */
861 CYASSL_BIO* prev; /* previous in chain */
862 CYASSL_BIO* next; /* next in chain */
866 /* CyaSSL method type */
867 struct CYASSL_METHOD {
868 ProtocolVersion version;
869 byte side; /* connection side, server or client */
870 byte downgrade; /* whether to downgrade version, default no */
874 /* defautls to client */
875 CYASSL_LOCAL void InitSSL_Method(CYASSL_METHOD*, ProtocolVersion);
878 CYASSL_LOCAL int DoFinished(CYASSL* ssl, const byte* input, word32* inOutIdx,
879 word32 size, word32 totalSz, int sniff);
880 CYASSL_LOCAL int DoApplicationData(CYASSL* ssl, byte* input, word32* inOutIdx);
883 /* CyaSSL buffer type */
884 typedef struct buffer {
896 /* only use compression extra if using compression */
898 #define COMP_EXTRA MAX_COMP_EXTRA
903 /* only the sniffer needs space in the buffer for extra MTU record(s) */
904 #ifdef CYASSL_SNIFFER
905 #define MTU_EXTRA MAX_MTU * 3
911 /* embedded callbacks require large static buffers, make sure on */
912 #ifdef CYASSL_CALLBACKS
913 #undef LARGE_STATIC_BUFFERS
914 #define LARGE_STATIC_BUFFERS
918 /* give user option to use 16K static buffers */
919 #if defined(LARGE_STATIC_BUFFERS)
920 #define RECORD_SIZE MAX_RECORD_SIZE
923 #define RECORD_SIZE MAX_MTU
925 #define RECORD_SIZE 128
930 /* user option to turn off 16K output option */
931 /* if using small static buffers (default) and SSL_write tries to write data
932 larger than the record we have, dynamically get it, unless user says only
933 write in static buffer chuncks */
934 #ifndef STATIC_CHUNKS_ONLY
935 #define OUTPUT_RECORD_SIZE MAX_RECORD_SIZE
937 #define OUTPUT_RECORD_SIZE RECORD_SIZE
940 /* CyaSSL input buffer
945 The length (in bytes) of the following TLSPlaintext.fragment.
946 The length should not exceed 2^14.
948 #if defined(LARGE_STATIC_BUFFERS)
949 #define STATIC_BUFFER_LEN RECORD_HEADER_SZ + RECORD_SIZE + COMP_EXTRA + \
950 MTU_EXTRA + MAX_MSG_EXTRA
952 /* don't fragment memory from the record header */
953 #define STATIC_BUFFER_LEN RECORD_HEADER_SZ
957 word32 length; /* total buffer length used */
958 word32 idx; /* idx to part of length already consumed */
959 byte* buffer; /* place holder for static or dynamic buffer */
960 word32 bufferSize; /* current buffer size */
961 ALIGN16 byte staticBuffer[STATIC_BUFFER_LEN];
962 byte dynamicFlag; /* dynamic memory currently in use */
963 byte offset; /* alignment offset attempt */
966 /* Cipher Suites holder */
967 typedef struct Suites {
968 int setSuites; /* user set suites from default */
969 byte suites[MAX_SUITE_SZ];
970 word16 suiteSz; /* suite length in bytes */
971 byte hashSigAlgo[HELLO_EXT_SIGALGO_MAX]; /* sig/algo to offer */
972 word16 hashSigAlgoSz; /* SigAlgo extension length in bytes */
973 byte hashAlgo; /* selected hash algorithm */
974 byte sigAlgo; /* selected sig algorithm */
979 void InitSuites(Suites*, ProtocolVersion,
980 byte, byte, byte, byte, byte, byte, int);
982 int SetCipherList(Suites*, const char* list);
984 #ifndef PSK_TYPES_DEFINED
985 typedef unsigned int (*psk_client_callback)(CYASSL*, const char*, char*,
986 unsigned int, unsigned char*, unsigned int);
987 typedef unsigned int (*psk_server_callback)(CYASSL*, const char*,
988 unsigned char*, unsigned int);
989 #endif /* PSK_TYPES_DEFINED */
993 CYASSL_LOCAL int NetX_Receive(CYASSL *ssl, char *buf, int sz, void *ctx);
994 CYASSL_LOCAL int NetX_Send(CYASSL *ssl, char *buf, int sz, void *ctx);
995 #endif /* HAVE_NETX */
998 /* CyaSSL Cipher type just points back to SSL */
999 struct CYASSL_CIPHER {
1004 typedef struct OCSP_Entry OCSP_Entry;
1006 #ifdef SHA_DIGEST_SIZE
1007 #define OCSP_DIGEST_SIZE SHA_DIGEST_SIZE
1009 #define OCSP_DIGEST_SIZE 160
1013 /* no_asn won't have */
1014 typedef struct CertStatus CertStatus;
1018 OCSP_Entry* next; /* next entry */
1019 byte issuerHash[OCSP_DIGEST_SIZE]; /* issuer hash */
1020 byte issuerKeyHash[OCSP_DIGEST_SIZE]; /* issuer public key hash */
1021 CertStatus* status; /* OCSP response list */
1022 int totalStatus; /* number on list */
1027 typedef struct CYASSL_OCSP CYASSL_OCSP;
1030 /* CyaSSL OCSP controller */
1031 struct CYASSL_OCSP {
1032 CYASSL_CERT_MANAGER* cm; /* pointer back to cert manager */
1033 OCSP_Entry* ocspList; /* OCSP response list */
1034 CyaSSL_Mutex ocspLock; /* OCSP list lock */
1037 #ifndef MAX_DATE_SIZE
1038 #define MAX_DATE_SIZE 32
1041 typedef struct CRL_Entry CRL_Entry;
1043 #ifdef SHA_DIGEST_SIZE
1044 #define CRL_DIGEST_SIZE SHA_DIGEST_SIZE
1046 #define CRL_DIGEST_SIZE 160
1050 typedef struct RevokedCert RevokedCert;
1055 CRL_Entry* next; /* next entry */
1056 byte issuerHash[CRL_DIGEST_SIZE]; /* issuer hash */
1057 /* byte crlHash[CRL_DIGEST_SIZE]; raw crl data hash */
1058 /* restore the hash here if needed for optimized comparisons */
1059 byte lastDate[MAX_DATE_SIZE]; /* last date updated */
1060 byte nextDate[MAX_DATE_SIZE]; /* next update date */
1061 byte lastDateFormat; /* last date format */
1062 byte nextDateFormat; /* next date format */
1063 RevokedCert* certs; /* revoked cert list */
1064 int totalCerts; /* number on list */
1068 typedef struct CRL_Monitor CRL_Monitor;
1070 /* CRL directory monitor */
1071 struct CRL_Monitor {
1072 char* path; /* full dir path, if valid pointer we're using */
1073 int type; /* PEM or ASN1 type */
1078 typedef struct CYASSL_CRL CYASSL_CRL;
1081 /* CyaSSL CRL controller */
1083 CYASSL_CERT_MANAGER* cm; /* pointer back to cert manager */
1084 CRL_Entry* crlList; /* our CRL list */
1085 CyaSSL_Mutex crlLock; /* CRL list lock */
1086 CRL_Monitor monitors[2]; /* PEM and DER possible */
1087 #ifdef HAVE_CRL_MONITOR
1088 pthread_t tid; /* monitoring thread */
1089 int mfd; /* monitor fd, -1 if no init yet */
1095 typedef struct Signer Signer;
1099 #ifndef CA_TABLE_SIZE
1100 #define CA_TABLE_SIZE 11
1103 /* CyaSSL Certificate Manager */
1104 struct CYASSL_CERT_MANAGER {
1105 Signer* caTable[CA_TABLE_SIZE]; /* the CA signer table */
1106 CyaSSL_Mutex caLock; /* CA list lock */
1107 CallbackCACache caCacheCallback; /* CA cache addition callback */
1108 void* heap; /* heap helper */
1109 CYASSL_CRL* crl; /* CRL checker */
1110 byte crlEnabled; /* is CRL on ? */
1111 byte crlCheckAll; /* always leaf, but all ? */
1112 CbMissingCRL cbMissingCRL; /* notify through cb of missing crl */
1113 CYASSL_OCSP* ocsp; /* OCSP checker */
1114 byte ocspEnabled; /* is OCSP on ? */
1115 byte ocspSendNonce; /* send the OCSP nonce ? */
1116 byte ocspUseOverrideURL; /* ignore cert's responder, override */
1117 char* ocspOverrideURL; /* use this responder */
1118 void* ocspIOCtx; /* I/O callback CTX */
1119 CbOCSPIO ocspIOCb; /* I/O callback for OCSP lookup */
1120 CbOCSPRespFree ocspRespFreeCb; /* Frees OCSP Response from IO Cb */
1123 CYASSL_LOCAL int CM_SaveCertCache(CYASSL_CERT_MANAGER*, const char*);
1124 CYASSL_LOCAL int CM_RestoreCertCache(CYASSL_CERT_MANAGER*, const char*);
1125 CYASSL_LOCAL int CM_MemSaveCertCache(CYASSL_CERT_MANAGER*, void*, int, int*);
1126 CYASSL_LOCAL int CM_MemRestoreCertCache(CYASSL_CERT_MANAGER*, const void*, int);
1127 CYASSL_LOCAL int CM_GetCertCacheMemSize(CYASSL_CERT_MANAGER*);
1129 /* CyaSSL Sock Addr */
1130 struct CYASSL_SOCKADDR {
1131 unsigned int sz; /* sockaddr size */
1132 void* sa; /* pointer to the sockaddr_in or sockaddr_in6 */
1135 typedef struct CYASSL_DTLS_CTX {
1136 CYASSL_SOCKADDR peer;
1140 /* RFC 6066 TLS Extensions */
1141 #ifdef HAVE_TLS_EXTENSIONS
1144 SERVER_NAME_INDICATION = 0,
1145 MAX_FRAGMENT_LENGTH = 1,
1147 ELLIPTIC_CURVES = 10
1150 typedef struct TLSX {
1151 TLSX_Type type; /* Extension Type */
1152 void* data; /* Extension Data */
1153 byte resp; /* IsResponse Flag */
1154 struct TLSX* next; /* List Behavior */
1157 CYASSL_LOCAL TLSX* TLSX_Find(TLSX* list, TLSX_Type type);
1158 CYASSL_LOCAL void TLSX_FreeAll(TLSX* list);
1159 CYASSL_LOCAL int TLSX_SupportExtensions(CYASSL* ssl);
1161 #ifndef NO_CYASSL_CLIENT
1162 CYASSL_LOCAL word16 TLSX_GetRequestSize(CYASSL* ssl);
1163 CYASSL_LOCAL word16 TLSX_WriteRequest(CYASSL* ssl, byte* output);
1166 #ifndef NO_CYASSL_SERVER
1167 CYASSL_LOCAL word16 TLSX_GetResponseSize(CYASSL* ssl);
1168 CYASSL_LOCAL word16 TLSX_WriteResponse(CYASSL* ssl, byte* output);
1171 CYASSL_LOCAL int TLSX_Parse(CYASSL* ssl, byte* input, word16 length,
1172 byte isRequest, Suites *suites);
1174 /* Server Name Indication */
1177 typedef struct SNI {
1178 byte type; /* SNI Type */
1179 union { char* host_name; } data; /* SNI Data */
1180 struct SNI* next; /* List Behavior */
1181 #ifndef NO_CYASSL_SERVER
1182 byte options; /* Behaviour options */
1183 byte status; /* Matching result */
1187 CYASSL_LOCAL int TLSX_UseSNI(TLSX** extensions, byte type, const void* data,
1190 #ifndef NO_CYASSL_SERVER
1191 CYASSL_LOCAL void TLSX_SNI_SetOptions(TLSX* extensions, byte type,
1193 CYASSL_LOCAL byte TLSX_SNI_Status(TLSX* extensions, byte type);
1194 CYASSL_LOCAL word16 TLSX_SNI_GetRequest(TLSX* extensions, byte type,
1196 CYASSL_LOCAL int TLSX_SNI_GetFromBuffer(const byte* buffer, word32 bufferSz,
1197 byte type, byte* sni, word32* inOutSz);
1200 #endif /* HAVE_SNI */
1202 /* Maximum Fragment Length */
1203 #ifdef HAVE_MAX_FRAGMENT
1205 CYASSL_LOCAL int TLSX_UseMaxFragment(TLSX** extensions, byte mfl);
1207 #endif /* HAVE_MAX_FRAGMENT */
1209 #ifdef HAVE_TRUNCATED_HMAC
1211 CYASSL_LOCAL int TLSX_UseTruncatedHMAC(TLSX** extensions);
1213 #endif /* HAVE_TRUNCATED_HMAC */
1215 #ifdef HAVE_SUPPORTED_CURVES
1217 typedef struct EllipticCurve {
1218 word16 name; /* CurveNames */
1219 struct EllipticCurve* next; /* List Behavior */
1223 CYASSL_LOCAL int TLSX_UseSupportedCurve(TLSX** extensions, word16 name);
1225 #ifndef NO_CYASSL_SERVER
1226 CYASSL_LOCAL int TLSX_ValidateEllipticCurves(CYASSL* ssl, byte first,
1230 #endif /* HAVE_SUPPORTED_CURVES */
1232 #endif /* HAVE_TLS_EXTENSIONS */
1234 /* CyaSSL context type */
1236 CYASSL_METHOD* method;
1237 CyaSSL_Mutex countMutex; /* reference count mutex */
1238 int refCount; /* reference count */
1242 /* chain after self, in DER, with leading size for each cert */
1246 CYASSL_CERT_MANAGER* cm; /* our cert manager, ctx owns SSL will use */
1249 void* heap; /* for user memory overrides */
1253 byte sessionCacheOff;
1254 byte sessionCacheFlushOff;
1255 byte sendVerify; /* for client side */
1256 byte haveRSA; /* RSA available */
1257 byte haveDH; /* server DH parms set by user */
1258 byte haveNTRU; /* server private NTRU key loaded */
1259 byte haveECDSAsig; /* server cert signed w/ ECDSA */
1260 byte haveStaticECC; /* static server ECC private key */
1261 byte partialWrite; /* only one msg per write call */
1262 byte quietShutdown; /* don't send close notify */
1263 byte groupMessages; /* group handshake messages before sending */
1264 CallbackIORecv CBIORecv;
1265 CallbackIOSend CBIOSend;
1267 CallbackGenCookie CBIOCookie; /* gen cookie callback */
1269 VerifyCallback verifyCallback; /* cert verification callback */
1270 word32 timeout; /* session timeout */
1272 word16 eccTempKeySz; /* in octets 20 - 66 */
1273 word32 pkCurveOID; /* curve Ecc_Sum */
1276 byte havePSK; /* psk key set by user */
1277 psk_client_callback client_psk_cb; /* client callback */
1278 psk_server_callback server_psk_cb; /* server callback */
1279 char server_hint[MAX_PSK_ID_LEN];
1281 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
1282 pem_password_cb passwd_cb;
1284 #endif /* OPENSSL_EXTRA */
1289 int devId; /* cavium device id to use */
1291 #ifdef HAVE_TLS_EXTENSIONS
1292 TLSX* extensions; /* RFC 6066 TLS Extensions data */
1295 CallbackMacEncrypt MacEncryptCb; /* Atomic User Mac/Encrypt Cb */
1296 CallbackDecryptVerify DecryptVerifyCb; /* Atomic User Decrypt/Verify Cb */
1298 #ifdef HAVE_PK_CALLBACKS
1300 CallbackEccSign EccSignCb; /* User EccSign Callback handler */
1301 CallbackEccVerify EccVerifyCb; /* User EccVerify Callback handler */
1302 #endif /* HAVE_ECC */
1304 CallbackRsaSign RsaSignCb; /* User RsaSign Callback handler */
1305 CallbackRsaVerify RsaVerifyCb; /* User RsaVerify Callback handler */
1306 CallbackRsaEnc RsaEncCb; /* User Rsa Public Encrypt handler */
1307 CallbackRsaDec RsaDecCb; /* User Rsa Private Decrypt handler */
1309 #endif /* HAVE_PK_CALLBACKS */
1314 int InitSSL_Ctx(CYASSL_CTX*, CYASSL_METHOD*);
1316 void FreeSSL_Ctx(CYASSL_CTX*);
1318 void SSL_CtxResourceFree(CYASSL_CTX*);
1321 int DeriveTlsKeys(CYASSL* ssl);
1323 int ProcessOldClientHello(CYASSL* ssl, const byte* input, word32* inOutIdx,
1324 word32 inSz, word16 sz);
1327 int AddCA(CYASSL_CERT_MANAGER* ctx, buffer der, int type, int verify);
1329 int AlreadySigner(CYASSL_CERT_MANAGER* cm, byte* hash);
1332 /* All cipher suite related info */
1333 typedef struct CipherSpecs {
1334 byte bulk_cipher_algorithm;
1335 byte cipher_type; /* block, stream, or aead */
1337 byte kea; /* key exchange algo */
1345 word16 aead_mac_size;
1349 void InitCipherSpecs(CipherSpecs* cs);
1352 /* Supported Message Authentication Codes from page 43 */
1366 /* Supported Key Exchange Protocols */
1367 enum KeyExchangeAlgorithm {
1375 ecc_diffie_hellman_kea,
1376 ecc_static_diffie_hellman_kea /* for verify suite only */
1380 /* Supported Authentication Schemes */
1381 enum SignatureAlgorithm {
1389 /* Supprted ECC Curve Types */
1395 /* Supprted ECC Named Curves */
1396 enum EccNamedCurves {
1397 secp256r1 = 0x17, /* default, OpenSSL also calls it prime256v1 */
1402 secp192r1 = 0x13, /* Openssl also call it prime192v1 */
1407 /* Valid client certificate request types from page 27 */
1408 enum ClientCertificateType {
1413 rsa_ephemeral_dh = 5,
1414 dss_ephemeral_dh = 6,
1415 fortezza_kea_cert = 20,
1417 rsa_fixed_ecdh = 65,
1418 ecdsa_fixed_ecdh = 66
1422 enum CipherType { stream, block, aead };
1427 #ifdef WORD64_AVAILABLE
1428 typedef word64 DtlsSeq;
1430 typedef word32 DtlsSeq;
1432 #define DTLS_SEQ_BITS (sizeof(DtlsSeq) * CHAR_BIT)
1434 typedef struct DtlsState {
1435 DtlsSeq window; /* Sliding window for current epoch */
1436 word16 nextEpoch; /* Expected epoch in next record */
1437 word32 nextSeq; /* Expected sequence in next record */
1439 word16 curEpoch; /* Received epoch in current record */
1440 word32 curSeq; /* Received sequence in current record */
1442 DtlsSeq prevWindow; /* Sliding window for old epoch */
1443 word32 prevSeq; /* Next sequence in allowed old epoch */
1446 #endif /* CYASSL_DTLS */
1449 /* keys and secrets */
1450 typedef struct Keys {
1451 byte client_write_MAC_secret[MAX_DIGEST_SIZE]; /* max sizes */
1452 byte server_write_MAC_secret[MAX_DIGEST_SIZE];
1453 byte client_write_key[AES_256_KEY_SIZE]; /* max sizes */
1454 byte server_write_key[AES_256_KEY_SIZE];
1455 byte client_write_IV[AES_IV_SIZE]; /* max sizes */
1456 byte server_write_IV[AES_IV_SIZE];
1458 byte aead_exp_IV[AEAD_EXP_IV_SZ];
1459 byte aead_enc_imp_IV[AEAD_IMP_IV_SZ];
1460 byte aead_dec_imp_IV[AEAD_IMP_IV_SZ];
1463 word32 peer_sequence_number;
1464 word32 sequence_number;
1467 DtlsState dtls_state; /* Peer's state */
1468 word16 dtls_peer_handshake_number;
1469 word16 dtls_expected_peer_handshake_number;
1471 word16 dtls_epoch; /* Current tx epoch */
1472 word32 dtls_sequence_number; /* Current tx sequence */
1473 word16 dtls_handshake_number; /* Current tx handshake seq */
1476 word32 encryptSz; /* last size of encrypted data */
1477 word32 padSz; /* how much to advance after decrypt part */
1478 byte encryptionOn; /* true after change cipher spec */
1479 byte decryptedCur; /* only decrypt current record once */
1483 /* cipher for now */
1484 typedef struct Ciphers {
1491 #if defined(BUILD_AES) || defined(BUILD_AESGCM)
1494 #ifdef HAVE_CAMELLIA
1503 byte setup; /* have we set it up flag for detection */
1507 CYASSL_LOCAL void InitCiphers(CYASSL* ssl);
1508 CYASSL_LOCAL void FreeCiphers(CYASSL* ssl);
1512 typedef struct Hashes {
1514 byte md5[MD5_DIGEST_SIZE];
1516 byte sha[SHA_DIGEST_SIZE];
1518 byte sha256[SHA256_DIGEST_SIZE];
1520 #ifdef CYASSL_SHA384
1521 byte sha384[SHA384_DIGEST_SIZE];
1526 /* Static x509 buffer */
1527 typedef struct x509_buffer {
1528 int length; /* actual size */
1529 byte buffer[MAX_X509_SIZE]; /* max static cert size */
1533 /* CyaSSL X509_CHAIN, for no dynamic memory SESSION_CACHE */
1534 struct CYASSL_X509_CHAIN {
1535 int count; /* total number in chain */
1536 x509_buffer certs[MAX_CHAIN_DEPTH]; /* only allow max depth 4 for now */
1540 /* CyaSSL session type */
1541 struct CYASSL_SESSION {
1542 byte sessionID[ID_LEN]; /* id for protocol */
1543 byte masterSecret[SECRET_LEN]; /* stored secret */
1544 word32 bornOn; /* create time in seconds */
1545 word32 timeout; /* timeout in seconds */
1546 #ifdef SESSION_CERTS
1547 CYASSL_X509_CHAIN chain; /* peer cert chain, static */
1548 ProtocolVersion version; /* which version was used */
1549 byte cipherSuite0; /* first byte, normally 0 */
1550 byte cipherSuite; /* 2nd byte, actual suite */
1552 #ifndef NO_CLIENT_CACHE
1553 byte serverID[SERVER_ID_LEN]; /* for easier client lookup */
1554 word16 idLen; /* serverID length */
1560 CYASSL_SESSION* GetSession(CYASSL*, byte*);
1562 int SetSession(CYASSL*, CYASSL_SESSION*);
1564 typedef int (*hmacfp) (CYASSL*, byte*, const byte*, word32, int, int);
1566 #ifndef NO_CLIENT_CACHE
1567 CYASSL_SESSION* GetSessionClient(CYASSL*, const byte*, int);
1570 /* client connect state for nonblocking restart */
1574 HELLO_AGAIN, /* HELLO_AGAIN s for DTLS case */
1586 /* server accept state for nonblocking restart */
1589 ACCEPT_CLIENT_HELLO_DONE,
1591 ACCEPT_FIRST_REPLY_DONE,
1597 ACCEPT_SECOND_REPLY_DONE,
1599 ACCEPT_FINISHED_DONE,
1600 ACCEPT_THIRD_REPLY_DONE
1604 typedef struct Buffers {
1606 buffer certificate; /* CYASSL_CTX owns, unless we own */
1607 buffer key; /* CYASSL_CTX owns, unless we own */
1608 buffer certChain; /* CYASSL_CTX owns, unless we own */
1609 /* chain after self, in DER, with leading size for each cert */
1610 buffer serverDH_P; /* CYASSL_CTX owns, unless we own */
1611 buffer serverDH_G; /* CYASSL_CTX owns, unless we own */
1612 buffer serverDH_Pub;
1613 buffer serverDH_Priv;
1615 buffer domainName; /* for client check */
1616 bufferStatic inputBuffer;
1617 bufferStatic outputBuffer;
1618 buffer clearOutputBuffer;
1619 int prevSent; /* previous plain text bytes sent
1620 when got WANT_WRITE */
1621 int plainSz; /* plain text bytes in buffer to send
1622 when got WANT_WRITE */
1623 byte weOwnCert; /* SSL own cert flag */
1624 byte weOwnCertChain; /* SSL own cert chain flag */
1625 byte weOwnKey; /* SSL own key flag */
1626 byte weOwnDH; /* SSL own dh (p,g) flag */
1628 CYASSL_DTLS_CTX dtlsCtx; /* DTLS connection context */
1630 #ifdef HAVE_PK_CALLBACKS
1632 buffer peerEccDsaKey; /* we own for Ecc Verify Callbacks */
1633 #endif /* HAVE_ECC */
1635 buffer peerRsaKey; /* we own for Rsa Verify Callbacks */
1637 #endif /* HAVE_PK_CALLBACKS */
1640 typedef struct Options {
1641 byte sessionCacheOff;
1642 byte sessionCacheFlushOff;
1643 byte cipherSuite0; /* first byte, normally 0 */
1644 byte cipherSuite; /* second byte, actual suite */
1647 byte handShakeState;
1648 byte side; /* client or server end */
1652 byte downgrade; /* allow downgrade of versions */
1653 byte sendVerify; /* false = 0, true = 1, sendBlank = 2 */
1655 byte haveSessionId; /* server may not send */
1656 byte tls; /* using TLS ? */
1657 byte tls1_1; /* using TLSv1.1+ ? */
1658 byte dtls; /* using datagrams ? */
1659 byte connReset; /* has the peer reset */
1660 byte isClosed; /* if we consider conn closed */
1661 byte closeNotify; /* we've recieved a close notify */
1662 byte sentNotify; /* we've sent a close notify */
1663 byte connectState; /* nonblocking resume */
1664 byte acceptState; /* nonblocking resume */
1665 byte usingCompression; /* are we using compression */
1666 byte haveRSA; /* RSA available */
1667 byte haveDH; /* server DH parms set by user */
1668 byte haveNTRU; /* server NTRU private key loaded */
1669 byte haveECDSAsig; /* server ECDSA signed cert */
1670 byte haveStaticECC; /* static server ECC private key */
1671 byte havePeerCert; /* do we have peer's cert */
1672 byte havePeerVerify; /* and peer's cert verify */
1673 byte usingPSK_cipher; /* whether we're using psk as cipher */
1674 byte sendAlertState; /* nonblocking resume */
1675 byte processReply; /* nonblocking resume */
1676 byte partialWrite; /* only one msg per write call */
1677 byte quietShutdown; /* don't send close notify */
1678 byte certOnly; /* stop once we get cert */
1679 byte groupMessages; /* group handshake messages */
1680 byte usingNonblock; /* set when using nonblocking socket */
1681 byte saveArrays; /* save array Memory for user get keys
1684 byte havePSK; /* psk key set by user */
1685 psk_client_callback client_psk_cb;
1686 psk_server_callback server_psk_cb;
1690 typedef struct Arrays {
1691 byte clientRandom[RAN_LEN];
1692 byte serverRandom[RAN_LEN];
1693 byte sessionID[ID_LEN];
1694 byte preMasterSecret[ENCRYPT_LEN];
1695 byte masterSecret[SECRET_LEN];
1697 byte cookie[MAX_COOKIE_LEN];
1701 char client_identity[MAX_PSK_ID_LEN];
1702 char server_hint[MAX_PSK_ID_LEN];
1703 byte psk_key[MAX_PSK_KEY_LEN];
1704 word32 psk_keySz; /* acutal size */
1706 word32 preMasterSz; /* differs for DH, actual size */
1709 #ifndef ASN_NAME_MAX
1710 #define ASN_NAME_MAX 256
1714 #define MAX_DATE_SZ 32
1717 struct CYASSL_X509_NAME {
1719 char staticName[ASN_NAME_MAX];
1722 #ifdef OPENSSL_EXTRA
1723 DecodedName fullName;
1724 #endif /* OPENSSL_EXTRA */
1727 #ifndef EXTERNAL_SERIAL_SIZE
1728 #define EXTERNAL_SERIAL_SIZE 32
1732 typedef struct DNS_entry DNS_entry;
1735 struct CYASSL_X509 {
1737 CYASSL_X509_NAME issuer;
1738 CYASSL_X509_NAME subject;
1740 byte serial[EXTERNAL_SERIAL_SIZE];
1741 char subjectCN[ASN_NAME_MAX]; /* common name short cut */
1744 byte deviceType[EXTERNAL_SERIAL_SIZE];
1746 byte hwType[EXTERNAL_SERIAL_SIZE];
1748 byte hwSerialNum[EXTERNAL_SERIAL_SIZE];
1749 #ifdef OPENSSL_EXTRA
1751 byte certPolicyCrit;
1752 #endif /* OPENSSL_EXTRA */
1755 byte notBefore[MAX_DATE_SZ];
1757 byte notAfter[MAX_DATE_SZ];
1764 #endif /* HAVE_ECC */
1765 buffer derCert; /* may need */
1766 DNS_entry* altNames; /* alt names list */
1767 DNS_entry* altNamesNext; /* hint for retrieval */
1768 byte dynamicMemory; /* dynamic memory flag */
1770 #ifdef OPENSSL_EXTRA
1774 byte basicConstCrit;
1775 byte basicConstPlSet;
1776 byte subjAltNameSet;
1777 byte subjAltNameCrit;
1788 #endif /* OPENSSL_EXTRA */
1792 /* record layer header for PlainText, Compressed, and CipherText */
1793 typedef struct RecordLayerHeader {
1798 } RecordLayerHeader;
1801 /* record layer header for DTLS PlainText, Compressed, and CipherText */
1802 typedef struct DtlsRecordLayerHeader {
1806 byte epoch[2]; /* increment on cipher state change */
1807 byte sequence_number[6]; /* per record */
1809 } DtlsRecordLayerHeader;
1812 typedef struct DtlsPool {
1813 buffer buf[DTLS_POOL_SZ];
1817 typedef struct DtlsMsg {
1818 struct DtlsMsg* next;
1819 word32 seq; /* Handshake sequence number */
1820 word32 sz; /* Length of whole mesage */
1821 word32 fragSz; /* Length of fragments received */
1830 /* NETX I/O Callback default */
1831 typedef struct NetX_Ctx {
1832 NX_TCP_SOCKET* nxSocket; /* send/recv socket handle */
1833 NX_PACKET* nxPacket; /* incoming packet handle for short reads */
1834 ULONG nxOffset; /* offset already read from nxPacket */
1835 ULONG nxWait; /* wait option flag */
1841 /* CyaSSL ssl type */
1845 ProtocolVersion version; /* negotiated version */
1846 ProtocolVersion chVersion; /* client hello version */
1847 Suites* suites; /* only need during handshake */
1852 int rfd; /* read file descriptor */
1853 int wfd; /* write file descriptor */
1854 int rflags; /* user read flags */
1855 int wflags; /* user write flags */
1856 CYASSL_BIO* biord; /* socket bio read to free/close */
1857 CYASSL_BIO* biowr; /* socket bio write to free/close */
1859 void* IOCB_WriteCtx;
1863 Sha hashSha; /* sha hash of handshake msgs */
1866 Md5 hashMd5; /* md5 hash of handshake msgs */
1870 Sha256 hashSha256; /* sha256 hash of handshake msgs */
1872 #ifdef CYASSL_SHA384
1873 Sha384 hashSha384; /* sha384 hash of handshake msgs */
1875 Hashes verifyHashes;
1876 Hashes certHashes; /* for cert verify */
1880 CYASSL_SESSION session;
1881 VerifyCallback verifyCallback; /* cert verification callback */
1882 void* verifyCbCtx; /* cert verify callback user ctx*/
1885 byte peerRsaKeyPresent;
1888 word16 peerNtruKeyLen;
1889 byte peerNtruKey[MAX_NTRU_PUB_KEY_SZ];
1890 byte peerNtruKeyPresent;
1893 ecc_key* peerEccKey; /* peer's ECDHE key */
1894 ecc_key* peerEccDsaKey; /* peer's ECDSA key */
1895 ecc_key* eccTempKey; /* private ECDHE key */
1896 ecc_key* eccDsaKey; /* private ECDSA key */
1897 word16 eccTempKeySz; /* in octets 20 - 66 */
1898 word32 pkCurveOID; /* curve Ecc_Sum */
1899 byte peerEccKeyPresent;
1900 byte peerEccDsaKeyPresent;
1901 byte eccTempKeyPresent;
1902 byte eccDsaKeyPresent;
1905 void* heap; /* for user overrides */
1906 RecordLayerHeader curRL;
1908 word32 timeout; /* session timeout */
1909 CYASSL_CIPHER cipher;
1911 z_stream c_stream; /* compression stream */
1912 z_stream d_stream; /* decompression stream */
1913 byte didStreamInit; /* for stream init and end */
1916 int dtls_timeout_init; /* starting timeout vaule */
1917 int dtls_timeout_max; /* maximum timeout value */
1918 int dtls_timeout; /* current timeout value, changes */
1919 DtlsPool* dtls_pool;
1920 DtlsMsg* dtls_msg_list;
1921 void* IOCB_CookieCtx; /* gen cookie ctx */
1922 word32 dtls_expected_rx;
1924 #ifdef CYASSL_CALLBACKS
1925 HandShakeInfo handShakeInfo; /* info saved during handshake */
1926 TimeoutInfo timeoutInfo; /* info saved during handshake */
1927 byte hsInfoOn; /* track handshake info */
1928 byte toInfoOn; /* track timeout info */
1930 #ifdef KEEP_PEER_CERT
1931 CYASSL_X509 peerCert; /* X509 peer cert */
1934 void* ex_data[MAX_EX_DATA]; /* external data, for Fortress */
1937 int devId; /* cavium device id to use */
1939 #ifdef HAVE_TLS_EXTENSIONS
1940 TLSX* extensions; /* RFC 6066 TLS Extensions data */
1941 #ifdef HAVE_MAX_FRAGMENT
1942 word16 max_fragment;
1944 #ifdef HAVE_TRUNCATED_HMAC
1945 byte truncated_hmac;
1949 NetX_Ctx nxCtx; /* NetX IO Context */
1951 #ifdef SESSION_INDEX
1952 int sessionIndex; /* Session's location in the cache. */
1954 CYASSL_ALERT_HISTORY alert_history;
1956 void* MacEncryptCtx; /* Atomic User Mac/Encrypt Callback Context */
1957 void* DecryptVerifyCtx; /* Atomic User Decrypt/Verify Callback Context */
1959 #ifdef HAVE_PK_CALLBACKS
1961 void* EccSignCtx; /* Ecc Sign Callback Context */
1962 void* EccVerifyCtx; /* Ecc Verify Callback Context */
1963 #endif /* HAVE_ECC */
1965 void* RsaSignCtx; /* Rsa Sign Callback Context */
1966 void* RsaVerifyCtx; /* Rsa Verify Callback Context */
1967 void* RsaEncCtx; /* Rsa Public Encrypt Callback Context */
1968 void* RsaDecCtx; /* Rsa Private Decrypt Callback Context */
1970 #endif /* HAVE_PK_CALLBACKS */
1975 int InitSSL(CYASSL*, CYASSL_CTX*);
1977 void FreeSSL(CYASSL*);
1978 CYASSL_API void SSL_ResourceFree(CYASSL*); /* Micrium uses */
1982 IV_SZ = 32, /* max iv sz */
1983 NAME_SZ = 80 /* max one line */
1987 typedef struct EncryptedInfo {
1988 char name[NAME_SZ]; /* encryption name */
1989 byte iv[IV_SZ]; /* encrypted IV */
1990 word32 ivSz; /* encrypted IV size */
1991 long consumed; /* tracks PEM bytes consumed */
1992 byte set; /* if encryption set */
1993 CYASSL_CTX* ctx; /* CTX owner */
1998 CYASSL_LOCAL int PemToDer(const unsigned char* buff, long sz, int type,
1999 buffer* der, void* heap, EncryptedInfo* info,
2002 CYASSL_LOCAL int ProcessFile(CYASSL_CTX* ctx, const char* fname, int format,
2003 int type, CYASSL* ssl, int userChain,
2008 #ifdef CYASSL_CALLBACKS
2010 void InitHandShakeInfo(HandShakeInfo*);
2012 void FinishHandShakeInfo(HandShakeInfo*, const CYASSL*);
2014 void AddPacketName(const char*, HandShakeInfo*);
2017 void InitTimeoutInfo(TimeoutInfo*);
2019 void FreeTimeoutInfo(TimeoutInfo*, void*);
2021 void AddPacketInfo(const char*, TimeoutInfo*, const byte*, int, void*);
2023 void AddLateName(const char*, TimeoutInfo*);
2025 void AddLateRecordHeader(const RecordLayerHeader* rl, TimeoutInfo* info);
2029 /* Record Layer Header identifier from page 12 */
2032 change_cipher_spec = 20,
2035 application_data = 23
2039 /* handshake header, same for each message type, pgs 20/21 */
2040 typedef struct HandShakeHeader {
2046 /* DTLS handshake header, same for each message type */
2047 typedef struct DtlsHandShakeHeader {
2050 byte message_seq[2]; /* start at 0, restransmit gets same # */
2051 word24 fragment_offset; /* bytes in previous fragments */
2052 word24 fragment_length; /* length of this fragment */
2053 } DtlsHandShakeHeader;
2056 enum HandShakeType {
2061 hello_verify_request = 3, /* DTLS addition */
2064 server_key_exchange = 12,
2065 certificate_request = 13,
2066 server_hello_done = 14,
2067 certificate_verify = 15,
2068 client_key_exchange = 16,
2073 static const byte client[SIZEOF_SENDER] = { 0x43, 0x4C, 0x4E, 0x54 };
2074 static const byte server[SIZEOF_SENDER] = { 0x53, 0x52, 0x56, 0x52 };
2076 static const byte tls_client[FINISHED_LABEL_SZ + 1] = "client finished";
2077 static const byte tls_server[FINISHED_LABEL_SZ + 1] = "server finished";
2080 /* internal functions */
2081 CYASSL_LOCAL int SendChangeCipher(CYASSL*);
2082 CYASSL_LOCAL int SendData(CYASSL*, const void*, int);
2083 CYASSL_LOCAL int SendCertificate(CYASSL*);
2084 CYASSL_LOCAL int SendCertificateRequest(CYASSL*);
2085 CYASSL_LOCAL int SendServerKeyExchange(CYASSL*);
2086 CYASSL_LOCAL int SendBuffered(CYASSL*);
2087 CYASSL_LOCAL int ReceiveData(CYASSL*, byte*, int, int);
2088 CYASSL_LOCAL int SendFinished(CYASSL*);
2089 CYASSL_LOCAL int SendAlert(CYASSL*, int, int);
2090 CYASSL_LOCAL int ProcessReply(CYASSL*);
2092 CYASSL_LOCAL int SetCipherSpecs(CYASSL*);
2093 CYASSL_LOCAL int MakeMasterSecret(CYASSL*);
2095 CYASSL_LOCAL int AddSession(CYASSL*);
2096 CYASSL_LOCAL int DeriveKeys(CYASSL* ssl);
2097 CYASSL_LOCAL int StoreKeys(CYASSL* ssl, const byte* keyData);
2099 CYASSL_LOCAL int IsTLS(const CYASSL* ssl);
2100 CYASSL_LOCAL int IsAtLeastTLSv1_2(const CYASSL* ssl);
2102 CYASSL_LOCAL void FreeHandshakeResources(CYASSL* ssl);
2103 CYASSL_LOCAL void ShrinkInputBuffer(CYASSL* ssl, int forcedFree);
2104 CYASSL_LOCAL void ShrinkOutputBuffer(CYASSL* ssl);
2106 CYASSL_LOCAL int VerifyClientSuite(CYASSL* ssl);
2108 CYASSL_LOCAL Signer* GetCA(void* cm, byte* hash);
2110 CYASSL_LOCAL Signer* GetCAByName(void* cm, byte* hash);
2113 CYASSL_LOCAL int BuildTlsFinished(CYASSL* ssl, Hashes* hashes,
2114 const byte* sender);
2115 CYASSL_LOCAL void FreeArrays(CYASSL* ssl, int keep);
2116 CYASSL_LOCAL int CheckAvailableSize(CYASSL *ssl, int size);
2117 CYASSL_LOCAL int GrowInputBuffer(CYASSL* ssl, int size, int usedLength);
2120 CYASSL_LOCAL int MakeTlsMasterSecret(CYASSL*);
2121 CYASSL_LOCAL int TLS_hmac(CYASSL* ssl, byte* digest, const byte* in,
2122 word32 sz, int content, int verify);
2125 #ifndef NO_CYASSL_CLIENT
2126 CYASSL_LOCAL int SendClientHello(CYASSL*);
2127 CYASSL_LOCAL int SendClientKeyExchange(CYASSL*);
2128 CYASSL_LOCAL int SendCertificateVerify(CYASSL*);
2129 #endif /* NO_CYASSL_CLIENT */
2131 #ifndef NO_CYASSL_SERVER
2132 CYASSL_LOCAL int SendServerHello(CYASSL*);
2133 CYASSL_LOCAL int SendServerHelloDone(CYASSL*);
2135 CYASSL_LOCAL int SendHelloVerifyRequest(CYASSL*);
2137 #endif /* NO_CYASSL_SERVER */
2140 CYASSL_LOCAL int DtlsPoolInit(CYASSL*);
2141 CYASSL_LOCAL int DtlsPoolSave(CYASSL*, const byte*, int);
2142 CYASSL_LOCAL int DtlsPoolTimeout(CYASSL*);
2143 CYASSL_LOCAL int DtlsPoolSend(CYASSL*);
2144 CYASSL_LOCAL void DtlsPoolReset(CYASSL*);
2146 CYASSL_LOCAL DtlsMsg* DtlsMsgNew(word32, void*);
2147 CYASSL_LOCAL void DtlsMsgDelete(DtlsMsg*, void*);
2148 CYASSL_LOCAL void DtlsMsgListDelete(DtlsMsg*, void*);
2149 CYASSL_LOCAL void DtlsMsgSet(DtlsMsg*, word32, const byte*, byte,
2151 CYASSL_LOCAL DtlsMsg* DtlsMsgFind(DtlsMsg*, word32);
2152 CYASSL_LOCAL DtlsMsg* DtlsMsgStore(DtlsMsg*, word32, const byte*, word32,
2153 byte, word32, word32, void*);
2154 CYASSL_LOCAL DtlsMsg* DtlsMsgInsert(DtlsMsg*, DtlsMsg*);
2155 #endif /* CYASSL_DTLS */
2163 CYASSL_LOCAL word32 LowResTimer(void);
2165 CYASSL_LOCAL void InitX509Name(CYASSL_X509_NAME*, int);
2166 CYASSL_LOCAL void FreeX509Name(CYASSL_X509_NAME* name);
2167 CYASSL_LOCAL void InitX509(CYASSL_X509*, int);
2168 CYASSL_LOCAL void FreeX509(CYASSL_X509*);
2170 CYASSL_LOCAL int CopyDecodedToX509(CYASSL_X509*, DecodedCert*);
2178 #endif /* CyaSSL_INT_H */