ssl.h

Go to the documentation of this file.
00001 
00023 #ifndef MBEDTLS_SSL_H
00024 #define MBEDTLS_SSL_H
00025 
00026 #if !defined(MBEDTLS_CONFIG_FILE)
00027 #include "config.h"
00028 #else
00029 #include MBEDTLS_CONFIG_FILE
00030 #endif
00031 
00032 #include "bignum.h"
00033 #include "ecp.h"
00034 
00035 #include "ssl_ciphersuites.h"
00036 
00037 #if defined(MBEDTLS_X509_CRT_PARSE_C)
00038 #include "x509_crt.h"
00039 #include "x509_crl.h"
00040 #endif
00041 
00042 #if defined(MBEDTLS_DHM_C)
00043 #include "dhm.h"
00044 #endif
00045 
00046 #if defined(MBEDTLS_ECDH_C)
00047 #include "ecdh.h"
00048 #endif
00049 
00050 #if defined(MBEDTLS_ZLIB_SUPPORT)
00051 #include "zlib.h"
00052 #endif
00053 
00054 #if defined(MBEDTLS_HAVE_TIME)
00055 #include "mbedtls/platform_time.h"
00056 #endif
00057 
00058 /*
00059  * SSL Error codes
00060  */
00061 #define MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE               -0x7080  
00062 #define MBEDTLS_ERR_SSL_BAD_INPUT_DATA                    -0x7100  
00063 #define MBEDTLS_ERR_SSL_INVALID_MAC                       -0x7180  
00064 #define MBEDTLS_ERR_SSL_INVALID_RECORD                    -0x7200  
00065 #define MBEDTLS_ERR_SSL_CONN_EOF                          -0x7280  
00066 #define MBEDTLS_ERR_SSL_UNKNOWN_CIPHER                    -0x7300  
00067 #define MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN                  -0x7380  
00068 #define MBEDTLS_ERR_SSL_NO_RNG                            -0x7400  
00069 #define MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE             -0x7480  
00070 #define MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE             -0x7500  
00071 #define MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED              -0x7580  
00072 #define MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED              -0x7600  
00073 #define MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED                 -0x7680  
00074 #define MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE                -0x7700  
00075 #define MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE               -0x7780  
00076 #define MBEDTLS_ERR_SSL_PEER_VERIFY_FAILED                -0x7800  
00077 #define MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY                 -0x7880  
00078 #define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO               -0x7900  
00079 #define MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO               -0x7980  
00080 #define MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE                -0x7A00  
00081 #define MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST        -0x7A80  
00082 #define MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE        -0x7B00  
00083 #define MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO_DONE          -0x7B80  
00084 #define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE        -0x7C00  
00085 #define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP     -0x7C80  
00086 #define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS     -0x7D00  
00087 #define MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY         -0x7D80  
00088 #define MBEDTLS_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC         -0x7E00  
00089 #define MBEDTLS_ERR_SSL_BAD_HS_FINISHED                   -0x7E80  
00090 #define MBEDTLS_ERR_SSL_ALLOC_FAILED                      -0x7F00  
00091 #define MBEDTLS_ERR_SSL_HW_ACCEL_FAILED                   -0x7F80  
00092 #define MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH              -0x6F80  
00093 #define MBEDTLS_ERR_SSL_COMPRESSION_FAILED                -0x6F00  
00094 #define MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION           -0x6E80  
00095 #define MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET         -0x6E00  
00096 #define MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED            -0x6D80  
00097 #define MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH                  -0x6D00  
00098 #define MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY                  -0x6C80  
00099 #define MBEDTLS_ERR_SSL_INTERNAL_ERROR                    -0x6C00  
00100 #define MBEDTLS_ERR_SSL_COUNTER_WRAPPING                  -0x6B80  
00101 #define MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO       -0x6B00  
00102 #define MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED             -0x6A80  
00103 #define MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL                  -0x6A00  
00104 #define MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE             -0x6980  
00105 #define MBEDTLS_ERR_SSL_WANT_READ                         -0x6900  
00106 #define MBEDTLS_ERR_SSL_WANT_WRITE                        -0x6880  
00107 #define MBEDTLS_ERR_SSL_TIMEOUT                           -0x6800  
00108 #define MBEDTLS_ERR_SSL_CLIENT_RECONNECT                  -0x6780  
00109 #define MBEDTLS_ERR_SSL_UNEXPECTED_RECORD                 -0x6700  
00110 #define MBEDTLS_ERR_SSL_NON_FATAL                         -0x6680  
00111 #define MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH               -0x6600  
00113 /*
00114  * Various constants
00115  */
00116 #define MBEDTLS_SSL_MAJOR_VERSION_3             3
00117 #define MBEDTLS_SSL_MINOR_VERSION_0             0   
00118 #define MBEDTLS_SSL_MINOR_VERSION_1             1   
00119 #define MBEDTLS_SSL_MINOR_VERSION_2             2   
00120 #define MBEDTLS_SSL_MINOR_VERSION_3             3   
00122 #define MBEDTLS_SSL_TRANSPORT_STREAM            0   
00123 #define MBEDTLS_SSL_TRANSPORT_DATAGRAM          1   
00125 #define MBEDTLS_SSL_MAX_HOST_NAME_LEN           255 
00127 /* RFC 6066 section 4, see also mfl_code_to_length in ssl_tls.c
00128  * NONE must be zero so that memset()ing structure to zero works */
00129 #define MBEDTLS_SSL_MAX_FRAG_LEN_NONE           0   
00130 #define MBEDTLS_SSL_MAX_FRAG_LEN_512            1   
00131 #define MBEDTLS_SSL_MAX_FRAG_LEN_1024           2   
00132 #define MBEDTLS_SSL_MAX_FRAG_LEN_2048           3   
00133 #define MBEDTLS_SSL_MAX_FRAG_LEN_4096           4   
00134 #define MBEDTLS_SSL_MAX_FRAG_LEN_INVALID        5   
00136 #define MBEDTLS_SSL_IS_CLIENT                   0
00137 #define MBEDTLS_SSL_IS_SERVER                   1
00138 
00139 #define MBEDTLS_SSL_IS_NOT_FALLBACK             0
00140 #define MBEDTLS_SSL_IS_FALLBACK                 1
00141 
00142 #define MBEDTLS_SSL_EXTENDED_MS_DISABLED        0
00143 #define MBEDTLS_SSL_EXTENDED_MS_ENABLED         1
00144 
00145 #define MBEDTLS_SSL_ETM_DISABLED                0
00146 #define MBEDTLS_SSL_ETM_ENABLED                 1
00147 
00148 #define MBEDTLS_SSL_COMPRESS_NULL               0
00149 #define MBEDTLS_SSL_COMPRESS_DEFLATE            1
00150 
00151 #define MBEDTLS_SSL_VERIFY_NONE                 0
00152 #define MBEDTLS_SSL_VERIFY_OPTIONAL             1
00153 #define MBEDTLS_SSL_VERIFY_REQUIRED             2
00154 #define MBEDTLS_SSL_VERIFY_UNSET                3 /* Used only for sni_authmode */
00155 
00156 #define MBEDTLS_SSL_LEGACY_RENEGOTIATION        0
00157 #define MBEDTLS_SSL_SECURE_RENEGOTIATION        1
00158 
00159 #define MBEDTLS_SSL_RENEGOTIATION_DISABLED      0
00160 #define MBEDTLS_SSL_RENEGOTIATION_ENABLED       1
00161 
00162 #define MBEDTLS_SSL_ANTI_REPLAY_DISABLED        0
00163 #define MBEDTLS_SSL_ANTI_REPLAY_ENABLED         1
00164 
00165 #define MBEDTLS_SSL_RENEGOTIATION_NOT_ENFORCED  -1
00166 #define MBEDTLS_SSL_RENEGO_MAX_RECORDS_DEFAULT  16
00167 
00168 #define MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION     0
00169 #define MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION  1
00170 #define MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE      2
00171 
00172 #define MBEDTLS_SSL_TRUNC_HMAC_DISABLED         0
00173 #define MBEDTLS_SSL_TRUNC_HMAC_ENABLED          1
00174 #define MBEDTLS_SSL_TRUNCATED_HMAC_LEN          10  /* 80 bits, rfc 6066 section 7 */
00175 
00176 #define MBEDTLS_SSL_SESSION_TICKETS_DISABLED     0
00177 #define MBEDTLS_SSL_SESSION_TICKETS_ENABLED      1
00178 
00179 #define MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED    0
00180 #define MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED     1
00181 
00182 #define MBEDTLS_SSL_ARC4_ENABLED                0
00183 #define MBEDTLS_SSL_ARC4_DISABLED               1
00184 
00185 #define MBEDTLS_SSL_PRESET_DEFAULT              0
00186 #define MBEDTLS_SSL_PRESET_SUITEB               2
00187 
00188 /*
00189  * Default range for DTLS retransmission timer value, in milliseconds.
00190  * RFC 6347 4.2.4.1 says from 1 second to 60 seconds.
00191  */
00192 #define MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN    1000
00193 #define MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MAX   60000
00194 
00203 #if !defined(MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME)
00204 #define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME     86400 
00205 #endif
00206 
00207 /*
00208  * Maxium fragment length in bytes,
00209  * determines the size of each of the two internal I/O buffers.
00210  *
00211  * Note: the RFC defines the default size of SSL / TLS messages. If you
00212  * change the value here, other clients / servers may not be able to
00213  * communicate with you anymore. Only change this value if you control
00214  * both sides of the connection and have it reduced at both sides, or
00215  * if you're using the Max Fragment Length extension and you know all your
00216  * peers are using it too!
00217  */
00218 #if !defined(MBEDTLS_SSL_MAX_CONTENT_LEN)
00219 #define MBEDTLS_SSL_MAX_CONTENT_LEN         16384   
00220 #endif
00221 
00222 /* \} name SECTION: Module settings */
00223 
00224 /*
00225  * Length of the verify data for secure renegotiation
00226  */
00227 #if defined(MBEDTLS_SSL_PROTO_SSL3)
00228 #define MBEDTLS_SSL_VERIFY_DATA_MAX_LEN 36
00229 #else
00230 #define MBEDTLS_SSL_VERIFY_DATA_MAX_LEN 12
00231 #endif
00232 
00233 /*
00234  * Signaling ciphersuite values (SCSV)
00235  */
00236 #define MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO    0xFF   
00237 #define MBEDTLS_SSL_FALLBACK_SCSV_VALUE         0x5600 
00239 /*
00240  * Supported Signature and Hash algorithms (For TLS 1.2)
00241  * RFC 5246 section 7.4.1.4.1
00242  */
00243 #define MBEDTLS_SSL_HASH_NONE                0
00244 #define MBEDTLS_SSL_HASH_MD5                 1
00245 #define MBEDTLS_SSL_HASH_SHA1                2
00246 #define MBEDTLS_SSL_HASH_SHA224              3
00247 #define MBEDTLS_SSL_HASH_SHA256              4
00248 #define MBEDTLS_SSL_HASH_SHA384              5
00249 #define MBEDTLS_SSL_HASH_SHA512              6
00250 
00251 #define MBEDTLS_SSL_SIG_ANON                 0
00252 #define MBEDTLS_SSL_SIG_RSA                  1
00253 #define MBEDTLS_SSL_SIG_ECDSA                3
00254 
00255 /*
00256  * Client Certificate Types
00257  * RFC 5246 section 7.4.4 plus RFC 4492 section 5.5
00258  */
00259 #define MBEDTLS_SSL_CERT_TYPE_RSA_SIGN       1
00260 #define MBEDTLS_SSL_CERT_TYPE_ECDSA_SIGN    64
00261 
00262 /*
00263  * Message, alert and handshake types
00264  */
00265 #define MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC     20
00266 #define MBEDTLS_SSL_MSG_ALERT                  21
00267 #define MBEDTLS_SSL_MSG_HANDSHAKE              22
00268 #define MBEDTLS_SSL_MSG_APPLICATION_DATA       23
00269 
00270 #define MBEDTLS_SSL_ALERT_LEVEL_WARNING         1
00271 #define MBEDTLS_SSL_ALERT_LEVEL_FATAL           2
00272 
00273 #define MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY           0  /* 0x00 */
00274 #define MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE    10  /* 0x0A */
00275 #define MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC        20  /* 0x14 */
00276 #define MBEDTLS_SSL_ALERT_MSG_DECRYPTION_FAILED     21  /* 0x15 */
00277 #define MBEDTLS_SSL_ALERT_MSG_RECORD_OVERFLOW       22  /* 0x16 */
00278 #define MBEDTLS_SSL_ALERT_MSG_DECOMPRESSION_FAILURE 30  /* 0x1E */
00279 #define MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE     40  /* 0x28 */
00280 #define MBEDTLS_SSL_ALERT_MSG_NO_CERT               41  /* 0x29 */
00281 #define MBEDTLS_SSL_ALERT_MSG_BAD_CERT              42  /* 0x2A */
00282 #define MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT      43  /* 0x2B */
00283 #define MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED          44  /* 0x2C */
00284 #define MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED          45  /* 0x2D */
00285 #define MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN          46  /* 0x2E */
00286 #define MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER     47  /* 0x2F */
00287 #define MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA            48  /* 0x30 */
00288 #define MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED         49  /* 0x31 */
00289 #define MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR          50  /* 0x32 */
00290 #define MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR         51  /* 0x33 */
00291 #define MBEDTLS_SSL_ALERT_MSG_EXPORT_RESTRICTION    60  /* 0x3C */
00292 #define MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION      70  /* 0x46 */
00293 #define MBEDTLS_SSL_ALERT_MSG_INSUFFICIENT_SECURITY 71  /* 0x47 */
00294 #define MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR        80  /* 0x50 */
00295 #define MBEDTLS_SSL_ALERT_MSG_INAPROPRIATE_FALLBACK 86  /* 0x56 */
00296 #define MBEDTLS_SSL_ALERT_MSG_USER_CANCELED         90  /* 0x5A */
00297 #define MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION     100  /* 0x64 */
00298 #define MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT      110  /* 0x6E */
00299 #define MBEDTLS_SSL_ALERT_MSG_UNRECOGNIZED_NAME    112  /* 0x70 */
00300 #define MBEDTLS_SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY 115  /* 0x73 */
00301 #define MBEDTLS_SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL 120 /* 0x78 */
00302 
00303 #define MBEDTLS_SSL_HS_HELLO_REQUEST            0
00304 #define MBEDTLS_SSL_HS_CLIENT_HELLO             1
00305 #define MBEDTLS_SSL_HS_SERVER_HELLO             2
00306 #define MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST     3
00307 #define MBEDTLS_SSL_HS_NEW_SESSION_TICKET       4
00308 #define MBEDTLS_SSL_HS_CERTIFICATE             11
00309 #define MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE     12
00310 #define MBEDTLS_SSL_HS_CERTIFICATE_REQUEST     13
00311 #define MBEDTLS_SSL_HS_SERVER_HELLO_DONE       14
00312 #define MBEDTLS_SSL_HS_CERTIFICATE_VERIFY      15
00313 #define MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE     16
00314 #define MBEDTLS_SSL_HS_FINISHED                20
00315 
00316 /*
00317  * TLS extensions
00318  */
00319 #define MBEDTLS_TLS_EXT_SERVERNAME                   0
00320 #define MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME          0
00321 
00322 #define MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH          1
00323 
00324 #define MBEDTLS_TLS_EXT_TRUNCATED_HMAC               4
00325 
00326 #define MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES   10
00327 #define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS     11
00328 
00329 #define MBEDTLS_TLS_EXT_SIG_ALG                     13
00330 
00331 #define MBEDTLS_TLS_EXT_ALPN                        16
00332 
00333 #define MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC            22 /* 0x16 */
00334 #define MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET  0x0017 /* 23 */
00335 
00336 #define MBEDTLS_TLS_EXT_SESSION_TICKET              35
00337 
00338 #define MBEDTLS_TLS_EXT_ECJPAKE_KKPP               256 /* experimental */
00339 
00340 #define MBEDTLS_TLS_EXT_RENEGOTIATION_INFO      0xFF01
00341 
00342 /*
00343  * Size defines
00344  */
00345 #if !defined(MBEDTLS_PSK_MAX_LEN)
00346 #define MBEDTLS_PSK_MAX_LEN            32 /* 256 bits */
00347 #endif
00348 
00349 /* Dummy type used only for its size */
00350 union mbedtls_ssl_premaster_secret
00351 {
00352 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
00353     unsigned char _pms_rsa[48];                         /* RFC 5246 8.1.1 */
00354 #endif
00355 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
00356     unsigned char _pms_dhm[MBEDTLS_MPI_MAX_SIZE];      /* RFC 5246 8.1.2 */
00357 #endif
00358 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)    || \
00359     defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)  || \
00360     defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)     || \
00361     defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
00362     unsigned char _pms_ecdh[MBEDTLS_ECP_MAX_BYTES];    /* RFC 4492 5.10 */
00363 #endif
00364 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
00365     unsigned char _pms_psk[4 + 2 * MBEDTLS_PSK_MAX_LEN];       /* RFC 4279 2 */
00366 #endif
00367 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
00368     unsigned char _pms_dhe_psk[4 + MBEDTLS_MPI_MAX_SIZE
00369                                  + MBEDTLS_PSK_MAX_LEN];       /* RFC 4279 3 */
00370 #endif
00371 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
00372     unsigned char _pms_rsa_psk[52 + MBEDTLS_PSK_MAX_LEN];      /* RFC 4279 4 */
00373 #endif
00374 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
00375     unsigned char _pms_ecdhe_psk[4 + MBEDTLS_ECP_MAX_BYTES
00376                                    + MBEDTLS_PSK_MAX_LEN];     /* RFC 5489 2 */
00377 #endif
00378 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
00379     unsigned char _pms_ecjpake[32];     /* Thread spec: SHA-256 output */
00380 #endif
00381 };
00382 
00383 #define MBEDTLS_PREMASTER_SIZE     sizeof( union mbedtls_ssl_premaster_secret )
00384 
00385 #ifdef __cplusplus
00386 extern "C" {
00387 #endif
00388 
00389 /*
00390  * SSL state machine
00391  */
00392 typedef enum
00393 {
00394     MBEDTLS_SSL_HELLO_REQUEST,
00395     MBEDTLS_SSL_CLIENT_HELLO,
00396     MBEDTLS_SSL_SERVER_HELLO,
00397     MBEDTLS_SSL_SERVER_CERTIFICATE,
00398     MBEDTLS_SSL_SERVER_KEY_EXCHANGE,
00399     MBEDTLS_SSL_CERTIFICATE_REQUEST,
00400     MBEDTLS_SSL_SERVER_HELLO_DONE,
00401     MBEDTLS_SSL_CLIENT_CERTIFICATE,
00402     MBEDTLS_SSL_CLIENT_KEY_EXCHANGE,
00403     MBEDTLS_SSL_CERTIFICATE_VERIFY,
00404     MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC,
00405     MBEDTLS_SSL_CLIENT_FINISHED,
00406     MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC,
00407     MBEDTLS_SSL_SERVER_FINISHED,
00408     MBEDTLS_SSL_FLUSH_BUFFERS,
00409     MBEDTLS_SSL_HANDSHAKE_WRAPUP,
00410     MBEDTLS_SSL_HANDSHAKE_OVER,
00411     MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET,
00412     MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT,
00413 }
00414 mbedtls_ssl_states;
00415 
00433 typedef int mbedtls_ssl_send_t( void *ctx,
00434                                 const unsigned char *buf,
00435                                 size_t len );
00436 
00456 typedef int mbedtls_ssl_recv_t( void *ctx,
00457                                 unsigned char *buf,
00458                                 size_t len );
00459 
00482 typedef int mbedtls_ssl_recv_timeout_t( void *ctx,
00483                                         unsigned char *buf,
00484                                         size_t len,
00485                                         uint32_t timeout );
00508 typedef void mbedtls_ssl_set_timer_t( void * ctx,
00509                                       uint32_t int_ms,
00510                                       uint32_t fin_ms );
00511 
00523 typedef int mbedtls_ssl_get_timer_t( void * ctx );
00524 
00525 
00526 /* Defined below */
00527 typedef struct mbedtls_ssl_session mbedtls_ssl_session;
00528 typedef struct mbedtls_ssl_context mbedtls_ssl_context;
00529 typedef struct mbedtls_ssl_config  mbedtls_ssl_config;
00530 
00531 /* Defined in ssl_internal.h */
00532 typedef struct mbedtls_ssl_transform mbedtls_ssl_transform;
00533 typedef struct mbedtls_ssl_handshake_params mbedtls_ssl_handshake_params;
00534 #if defined(MBEDTLS_X509_CRT_PARSE_C)
00535 typedef struct mbedtls_ssl_key_cert mbedtls_ssl_key_cert;
00536 #endif
00537 #if defined(MBEDTLS_SSL_PROTO_DTLS)
00538 typedef struct mbedtls_ssl_flight_item mbedtls_ssl_flight_item;
00539 #endif
00540 
00541 /*
00542  * This structure is used for storing current session data.
00543  */
00544 struct mbedtls_ssl_session
00545 {
00546 #if defined(MBEDTLS_HAVE_TIME)
00547     mbedtls_time_t start;       
00548 #endif
00549     int ciphersuite;            
00550     int compression;            
00551     size_t id_len;              
00552     unsigned char id[32];       
00553     unsigned char master[48];   
00555 #if defined(MBEDTLS_X509_CRT_PARSE_C)
00556     mbedtls_x509_crt *peer_cert;        
00557 #endif /* MBEDTLS_X509_CRT_PARSE_C */
00558     uint32_t verify_result;          
00560 #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
00561     unsigned char *ticket;      
00562     size_t ticket_len;          
00563     uint32_t ticket_lifetime;   
00564 #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
00565 
00566 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
00567     unsigned char mfl_code;     
00568 #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
00569 
00570 #if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
00571     int trunc_hmac;             
00572 #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
00573 
00574 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
00575     int encrypt_then_mac;       
00576 #endif
00577 };
00578 
00582 struct mbedtls_ssl_config
00583 {
00584     /* Group items by size (largest first) to minimize padding overhead */
00585 
00586     /*
00587      * Pointers
00588      */
00589 
00590     const int *ciphersuite_list[4]; 
00593     void (*f_dbg)(void *, int, const char *, int, const char *);
00594     void *p_dbg;                    
00597     int  (*f_rng)(void *, unsigned char *, size_t);
00598     void *p_rng;                    
00601     int (*f_get_cache)(void *, mbedtls_ssl_session *);
00603     int (*f_set_cache)(void *, const mbedtls_ssl_session *);
00604     void *p_cache;                  
00606 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
00607 
00608     int (*f_sni)(void *, mbedtls_ssl_context *, const unsigned char *, size_t);
00609     void *p_sni;                    
00610 #endif
00611 
00612 #if defined(MBEDTLS_X509_CRT_PARSE_C)
00613 
00614     int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *);
00615     void *p_vrfy;                   
00616 #endif
00617 
00618 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
00619 
00620     int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *, size_t);
00621     void *p_psk;                    
00622 #endif
00623 
00624 #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
00625 
00626     int (*f_cookie_write)( void *, unsigned char **, unsigned char *,
00627                            const unsigned char *, size_t );
00629     int (*f_cookie_check)( void *, const unsigned char *, size_t,
00630                            const unsigned char *, size_t );
00631     void *p_cookie;                 
00632 #endif
00633 
00634 #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_SRV_C)
00635 
00636     int (*f_ticket_write)( void *, const mbedtls_ssl_session *,
00637             unsigned char *, const unsigned char *, size_t *, uint32_t * );
00639     int (*f_ticket_parse)( void *, mbedtls_ssl_session *, unsigned char *, size_t);
00640     void *p_ticket;                 
00641 #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_SRV_C */
00642 
00643 #if defined(MBEDTLS_SSL_EXPORT_KEYS)
00644 
00645     int (*f_export_keys)( void *, const unsigned char *,
00646             const unsigned char *, size_t, size_t, size_t );
00647     void *p_export_keys;            
00648 #endif
00649 
00650 #if defined(MBEDTLS_X509_CRT_PARSE_C)
00651     const mbedtls_x509_crt_profile *cert_profile; 
00652     mbedtls_ssl_key_cert *key_cert; 
00653     mbedtls_x509_crt *ca_chain;     
00654     mbedtls_x509_crl *ca_crl;       
00655 #endif /* MBEDTLS_X509_CRT_PARSE_C */
00656 
00657 #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
00658     const int *sig_hashes;          
00659 #endif
00660 
00661 #if defined(MBEDTLS_ECP_C)
00662     const mbedtls_ecp_group_id *curve_list; 
00663 #endif
00664 
00665 #if defined(MBEDTLS_DHM_C)
00666     mbedtls_mpi dhm_P;              
00667     mbedtls_mpi dhm_G;              
00668 #endif
00669 
00670 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
00671     unsigned char *psk;             
00672     size_t         psk_len;         
00673     unsigned char *psk_identity;    
00674     size_t         psk_identity_len;
00675 #endif
00676 
00677 #if defined(MBEDTLS_SSL_ALPN)
00678     const char **alpn_list;         
00679 #endif
00680 
00681     /*
00682      * Numerical settings (int then char)
00683      */
00684 
00685     uint32_t read_timeout;          
00687 #if defined(MBEDTLS_SSL_PROTO_DTLS)
00688     uint32_t hs_timeout_min;        
00690     uint32_t hs_timeout_max;        
00692 #endif
00693 
00694 #if defined(MBEDTLS_SSL_RENEGOTIATION)
00695     int renego_max_records;         
00696     unsigned char renego_period[8]; 
00698 #endif
00699 
00700 #if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
00701     unsigned int badmac_limit;      
00702 #endif
00703 
00704 #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
00705     unsigned int dhm_min_bitlen;    
00706 #endif
00707 
00708     unsigned char max_major_ver;    
00709     unsigned char max_minor_ver;    
00710     unsigned char min_major_ver;    
00711     unsigned char min_minor_ver;    
00713     /*
00714      * Flags (bitfields)
00715      */
00716 
00717     unsigned int endpoint : 1;      
00718     unsigned int transport : 1;     
00719     unsigned int authmode : 2;      
00720     /* needed even with renego disabled for LEGACY_BREAK_HANDSHAKE          */
00721     unsigned int allow_legacy_renegotiation : 2 ; 
00722 #if defined(MBEDTLS_ARC4_C)
00723     unsigned int arc4_disabled : 1; 
00724 #endif
00725 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
00726     unsigned int mfl_code : 3;      
00727 #endif
00728 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
00729     unsigned int encrypt_then_mac : 1 ; 
00730 #endif
00731 #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
00732     unsigned int extended_ms : 1;   
00733 #endif
00734 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
00735     unsigned int anti_replay : 1;   
00736 #endif
00737 #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
00738     unsigned int cbc_record_splitting : 1;  
00739 #endif
00740 #if defined(MBEDTLS_SSL_RENEGOTIATION)
00741     unsigned int disable_renegotiation : 1; 
00742 #endif
00743 #if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
00744     unsigned int trunc_hmac : 1;    
00745 #endif
00746 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
00747     unsigned int session_tickets : 1;   
00748 #endif
00749 #if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C)
00750     unsigned int fallback : 1;      
00751 #endif
00752 };
00753 
00754 
00755 struct mbedtls_ssl_context
00756 {
00757     const mbedtls_ssl_config *conf; 
00759     /*
00760      * Miscellaneous
00761      */
00762     int state;                  
00763 #if defined(MBEDTLS_SSL_RENEGOTIATION)
00764     int renego_status;          
00765     int renego_records_seen;    
00768 #endif
00769 
00770     int major_ver;              
00771     int minor_ver;              
00773 #if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
00774     unsigned badmac_seen;       
00775 #endif
00776 
00777     mbedtls_ssl_send_t *f_send; 
00778     mbedtls_ssl_recv_t *f_recv; 
00779     mbedtls_ssl_recv_timeout_t *f_recv_timeout;
00782     void *p_bio;                
00784     /*
00785      * Session layer
00786      */
00787     mbedtls_ssl_session *session_in;            
00788     mbedtls_ssl_session *session_out;           
00789     mbedtls_ssl_session *session;               
00790     mbedtls_ssl_session *session_negotiate;     
00792     mbedtls_ssl_handshake_params *handshake;    
00795     /*
00796      * Record layer transformations
00797      */
00798     mbedtls_ssl_transform *transform_in;        
00799     mbedtls_ssl_transform *transform_out;       
00800     mbedtls_ssl_transform *transform;           
00801     mbedtls_ssl_transform *transform_negotiate; 
00803     /*
00804      * Timers
00805      */
00806     void *p_timer;              
00808     mbedtls_ssl_set_timer_t *f_set_timer;       
00809     mbedtls_ssl_get_timer_t *f_get_timer;       
00811     /*
00812      * Record layer (incoming data)
00813      */
00814     unsigned char *in_buf;      
00815     unsigned char *in_ctr;      
00818     unsigned char *in_hdr;      
00819     unsigned char *in_len;      
00820     unsigned char *in_iv;       
00821     unsigned char *in_msg;      
00822     unsigned char *in_offt;     
00824     int in_msgtype;             
00825     size_t in_msglen;           
00826     size_t in_left;             
00827 #if defined(MBEDTLS_SSL_PROTO_DTLS)
00828     uint16_t in_epoch;          
00829     size_t next_record_offset;  
00831 #endif
00832 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
00833     uint64_t in_window_top;     
00834     uint64_t in_window;         
00835 #endif
00836 
00837     size_t in_hslen;            
00839     int nb_zero;                
00840     int record_read;            
00842     /*
00843      * Record layer (outgoing data)
00844      */
00845     unsigned char *out_buf;     
00846     unsigned char *out_ctr;     
00847     unsigned char *out_hdr;     
00848     unsigned char *out_len;     
00849     unsigned char *out_iv;      
00850     unsigned char *out_msg;     
00852     int out_msgtype;            
00853     size_t out_msglen;          
00854     size_t out_left;            
00856 #if defined(MBEDTLS_ZLIB_SUPPORT)
00857     unsigned char *compress_buf;        
00858 #endif
00859 #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
00860     signed char split_done;     
00861 #endif
00862 
00863     /*
00864      * PKI layer
00865      */
00866     int client_auth;                    
00868     /*
00869      * User settings
00870      */
00871 #if defined(MBEDTLS_X509_CRT_PARSE_C)
00872     char *hostname;             
00874 #endif
00875 
00876 #if defined(MBEDTLS_SSL_ALPN)
00877     const char *alpn_chosen;    
00878 #endif
00879 
00880     /*
00881      * Information for DTLS hello verify
00882      */
00883 #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
00884     unsigned char  *cli_id;         
00885     size_t          cli_id_len;     
00886 #endif
00887 
00888     /*
00889      * Secure renegotiation
00890      */
00891     /* needed to know when to send extension on server */
00892     int secure_renegotiation;           
00894 #if defined(MBEDTLS_SSL_RENEGOTIATION)
00895     size_t verify_data_len;             
00896     char own_verify_data[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; 
00897     char peer_verify_data[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; 
00898 #endif
00899 };
00900 
00901 #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
00902 
00903 #define MBEDTLS_SSL_CHANNEL_OUTBOUND    0
00904 #define MBEDTLS_SSL_CHANNEL_INBOUND     1
00905 
00906 extern int (*mbedtls_ssl_hw_record_init)(mbedtls_ssl_context *ssl,
00907                 const unsigned char *key_enc, const unsigned char *key_dec,
00908                 size_t keylen,
00909                 const unsigned char *iv_enc,  const unsigned char *iv_dec,
00910                 size_t ivlen,
00911                 const unsigned char *mac_enc, const unsigned char *mac_dec,
00912                 size_t maclen);
00913 extern int (*mbedtls_ssl_hw_record_activate)(mbedtls_ssl_context *ssl, int direction);
00914 extern int (*mbedtls_ssl_hw_record_reset)(mbedtls_ssl_context *ssl);
00915 extern int (*mbedtls_ssl_hw_record_write)(mbedtls_ssl_context *ssl);
00916 extern int (*mbedtls_ssl_hw_record_read)(mbedtls_ssl_context *ssl);
00917 extern int (*mbedtls_ssl_hw_record_finish)(mbedtls_ssl_context *ssl);
00918 #endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */
00919 
00926 const int *mbedtls_ssl_list_ciphersuites( void );
00927 
00936 const char *mbedtls_ssl_get_ciphersuite_name( const int ciphersuite_id );
00937 
00946 int mbedtls_ssl_get_ciphersuite_id( const char *ciphersuite_name );
00947 
00955 void mbedtls_ssl_init( mbedtls_ssl_context *ssl );
00956 
00972 int mbedtls_ssl_setup( mbedtls_ssl_context *ssl,
00973                        const mbedtls_ssl_config *conf );
00974 
00985 int mbedtls_ssl_session_reset( mbedtls_ssl_context *ssl );
00986 
00993 void mbedtls_ssl_conf_endpoint( mbedtls_ssl_config *conf, int endpoint );
00994 
01009 void mbedtls_ssl_conf_transport( mbedtls_ssl_config *conf, int transport );
01010 
01037 void mbedtls_ssl_conf_authmode( mbedtls_ssl_config *conf, int authmode );
01038 
01039 #if defined(MBEDTLS_X509_CRT_PARSE_C)
01040 
01051 void mbedtls_ssl_conf_verify( mbedtls_ssl_config *conf,
01052                      int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
01053                      void *p_vrfy );
01054 #endif /* MBEDTLS_X509_CRT_PARSE_C */
01055 
01063 void mbedtls_ssl_conf_rng( mbedtls_ssl_config *conf,
01064                   int (*f_rng)(void *, unsigned char *, size_t),
01065                   void *p_rng );
01066 
01081 void mbedtls_ssl_conf_dbg( mbedtls_ssl_config *conf,
01082                   void (*f_dbg)(void *, int, const char *, int, const char *),
01083                   void  *p_dbg );
01084 
01115 void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl,
01116                           void *p_bio,
01117                           mbedtls_ssl_send_t *f_send,
01118                           mbedtls_ssl_recv_t *f_recv,
01119                           mbedtls_ssl_recv_timeout_t *f_recv_timeout );
01120 
01137 void mbedtls_ssl_conf_read_timeout( mbedtls_ssl_config *conf, uint32_t timeout );
01138 
01159 void mbedtls_ssl_set_timer_cb( mbedtls_ssl_context *ssl,
01160                                void *p_timer,
01161                                mbedtls_ssl_set_timer_t *f_set_timer,
01162                                mbedtls_ssl_get_timer_t *f_get_timer );
01163 
01183 typedef int mbedtls_ssl_ticket_write_t( void *p_ticket,
01184                                         const mbedtls_ssl_session *session,
01185                                         unsigned char *start,
01186                                         const unsigned char *end,
01187                                         size_t *tlen,
01188                                         uint32_t *lifetime );
01189 
01190 #if defined(MBEDTLS_SSL_EXPORT_KEYS)
01191 
01211 typedef int mbedtls_ssl_export_keys_t( void *p_expkey,
01212                                 const unsigned char *ms,
01213                                 const unsigned char *kb,
01214                                 size_t maclen,
01215                                 size_t keylen,
01216                                 size_t ivlen );
01217 #endif /* MBEDTLS_SSL_EXPORT_KEYS */
01218 
01242 typedef int mbedtls_ssl_ticket_parse_t( void *p_ticket,
01243                                         mbedtls_ssl_session *session,
01244                                         unsigned char *buf,
01245                                         size_t len );
01246 
01247 #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_SRV_C)
01248 
01262 void mbedtls_ssl_conf_session_tickets_cb( mbedtls_ssl_config *conf,
01263         mbedtls_ssl_ticket_write_t *f_ticket_write,
01264         mbedtls_ssl_ticket_parse_t *f_ticket_parse,
01265         void *p_ticket );
01266 #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_SRV_C */
01267 
01268 #if defined(MBEDTLS_SSL_EXPORT_KEYS)
01269 
01279 void mbedtls_ssl_conf_export_keys_cb( mbedtls_ssl_config *conf,
01280         mbedtls_ssl_export_keys_t *f_export_keys,
01281         void *p_export_keys );
01282 #endif /* MBEDTLS_SSL_EXPORT_KEYS */
01283 
01298 typedef int mbedtls_ssl_cookie_write_t( void *ctx,
01299                                 unsigned char **p, unsigned char *end,
01300                                 const unsigned char *info, size_t ilen );
01301 
01315 typedef int mbedtls_ssl_cookie_check_t( void *ctx,
01316                                 const unsigned char *cookie, size_t clen,
01317                                 const unsigned char *info, size_t ilen );
01318 
01319 #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
01320 
01348 void mbedtls_ssl_conf_dtls_cookies( mbedtls_ssl_config *conf,
01349                            mbedtls_ssl_cookie_write_t *f_cookie_write,
01350                            mbedtls_ssl_cookie_check_t *f_cookie_check,
01351                            void *p_cookie );
01352 
01372 int mbedtls_ssl_set_client_transport_id( mbedtls_ssl_context *ssl,
01373                                  const unsigned char *info,
01374                                  size_t ilen );
01375 
01376 #endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY && MBEDTLS_SSL_SRV_C */
01377 
01378 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
01379 
01394 void mbedtls_ssl_conf_dtls_anti_replay( mbedtls_ssl_config *conf, char mode );
01395 #endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */
01396 
01397 #if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
01398 
01421 void mbedtls_ssl_conf_dtls_badmac_limit( mbedtls_ssl_config *conf, unsigned limit );
01422 #endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */
01423 
01424 #if defined(MBEDTLS_SSL_PROTO_DTLS)
01425 
01456 void mbedtls_ssl_conf_handshake_timeout( mbedtls_ssl_config *conf, uint32_t min, uint32_t max );
01457 #endif /* MBEDTLS_SSL_PROTO_DTLS */
01458 
01459 #if defined(MBEDTLS_SSL_SRV_C)
01460 
01497 void mbedtls_ssl_conf_session_cache( mbedtls_ssl_config *conf,
01498         void *p_cache,
01499         int (*f_get_cache)(void *, mbedtls_ssl_session *),
01500         int (*f_set_cache)(void *, const mbedtls_ssl_session *) );
01501 #endif /* MBEDTLS_SSL_SRV_C */
01502 
01503 #if defined(MBEDTLS_SSL_CLI_C)
01504 
01518 int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session *session );
01519 #endif /* MBEDTLS_SSL_CLI_C */
01520 
01536 void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf,
01537                                    const int *ciphersuites );
01538 
01558 void mbedtls_ssl_conf_ciphersuites_for_version( mbedtls_ssl_config *conf,
01559                                        const int *ciphersuites,
01560                                        int major, int minor );
01561 
01562 #if defined(MBEDTLS_X509_CRT_PARSE_C)
01563 
01573 void mbedtls_ssl_conf_cert_profile( mbedtls_ssl_config *conf,
01574                                     const mbedtls_x509_crt_profile *profile );
01575 
01583 void mbedtls_ssl_conf_ca_chain( mbedtls_ssl_config *conf,
01584                                mbedtls_x509_crt *ca_chain,
01585                                mbedtls_x509_crl *ca_crl );
01586 
01615 int mbedtls_ssl_conf_own_cert( mbedtls_ssl_config *conf,
01616                               mbedtls_x509_crt *own_cert,
01617                               mbedtls_pk_context *pk_key );
01618 #endif /* MBEDTLS_X509_CRT_PARSE_C */
01619 
01620 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
01621 
01641 int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf,
01642                 const unsigned char *psk, size_t psk_len,
01643                 const unsigned char *psk_identity, size_t psk_identity_len );
01644 
01645 
01658 int mbedtls_ssl_set_hs_psk( mbedtls_ssl_context *ssl,
01659                             const unsigned char *psk, size_t psk_len );
01660 
01685 void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf,
01686                      int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *,
01687                                   size_t),
01688                      void *p_psk );
01689 #endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
01690 
01691 #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C)
01692 
01703 int mbedtls_ssl_conf_dh_param( mbedtls_ssl_config *conf, const char *dhm_P, const char *dhm_G );
01704 
01714 int mbedtls_ssl_conf_dh_param_ctx( mbedtls_ssl_config *conf, mbedtls_dhm_context *dhm_ctx );
01715 #endif /* MBEDTLS_DHM_C && defined(MBEDTLS_SSL_SRV_C) */
01716 
01717 #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
01718 
01726 void mbedtls_ssl_conf_dhm_min_bitlen( mbedtls_ssl_config *conf,
01727                                       unsigned int bitlen );
01728 #endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_CLI_C */
01729 
01730 #if defined(MBEDTLS_ECP_C)
01731 
01758 void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf,
01759                               const mbedtls_ecp_group_id *curves );
01760 #endif /* MBEDTLS_ECP_C */
01761 
01762 #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
01763 
01781 void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,
01782                                   const int *hashes );
01783 #endif /* MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
01784 
01785 #if defined(MBEDTLS_X509_CRT_PARSE_C)
01786 
01797 int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname );
01798 #endif /* MBEDTLS_X509_CRT_PARSE_C */
01799 
01800 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
01801 
01813 int mbedtls_ssl_set_hs_own_cert( mbedtls_ssl_context *ssl,
01814                                  mbedtls_x509_crt *own_cert,
01815                                  mbedtls_pk_context *pk_key );
01816 
01828 void mbedtls_ssl_set_hs_ca_chain( mbedtls_ssl_context *ssl,
01829                                   mbedtls_x509_crt *ca_chain,
01830                                   mbedtls_x509_crl *ca_crl );
01831 
01842 void mbedtls_ssl_set_hs_authmode( mbedtls_ssl_context *ssl,
01843                                   int authmode );
01844 
01868 void mbedtls_ssl_conf_sni( mbedtls_ssl_config *conf,
01869                   int (*f_sni)(void *, mbedtls_ssl_context *, const unsigned char *,
01870                                size_t),
01871                   void *p_sni );
01872 #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
01873 
01874 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
01875 
01892 int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl,
01893                                          const unsigned char *pw,
01894                                          size_t pw_len );
01895 #endif /*MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
01896 
01897 #if defined(MBEDTLS_SSL_ALPN)
01898 
01910 int mbedtls_ssl_conf_alpn_protocols( mbedtls_ssl_config *conf, const char **protos );
01911 
01921 const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl );
01922 #endif /* MBEDTLS_SSL_ALPN */
01923 
01940 void mbedtls_ssl_conf_max_version( mbedtls_ssl_config *conf, int major, int minor );
01941 
01960 void mbedtls_ssl_conf_min_version( mbedtls_ssl_config *conf, int major, int minor );
01961 
01962 #if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C)
01963 
01982 void mbedtls_ssl_conf_fallback( mbedtls_ssl_config *conf, char fallback );
01983 #endif /* MBEDTLS_SSL_FALLBACK_SCSV && MBEDTLS_SSL_CLI_C */
01984 
01985 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
01986 
01997 void mbedtls_ssl_conf_encrypt_then_mac( mbedtls_ssl_config *conf, char etm );
01998 #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
01999 
02000 #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
02001 
02012 void mbedtls_ssl_conf_extended_master_secret( mbedtls_ssl_config *conf, char ems );
02013 #endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
02014 
02015 #if defined(MBEDTLS_ARC4_C)
02016 
02031 void mbedtls_ssl_conf_arc4_support( mbedtls_ssl_config *conf, char arc4 );
02032 #endif /* MBEDTLS_ARC4_C */
02033 
02034 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
02035 
02050 int mbedtls_ssl_conf_max_frag_len( mbedtls_ssl_config *conf, unsigned char mfl_code );
02051 #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
02052 
02053 #if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
02054 
02062 void mbedtls_ssl_conf_truncated_hmac( mbedtls_ssl_config *conf, int truncate );
02063 #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
02064 
02065 #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
02066 
02077 void mbedtls_ssl_conf_cbc_record_splitting( mbedtls_ssl_config *conf, char split );
02078 #endif /* MBEDTLS_SSL_CBC_RECORD_SPLITTING */
02079 
02080 #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
02081 
02091 void mbedtls_ssl_conf_session_tickets( mbedtls_ssl_config *conf, int use_tickets );
02092 #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
02093 
02094 #if defined(MBEDTLS_SSL_RENEGOTIATION)
02095 
02112 void mbedtls_ssl_conf_renegotiation( mbedtls_ssl_config *conf, int renegotiation );
02113 #endif /* MBEDTLS_SSL_RENEGOTIATION */
02114 
02142 void mbedtls_ssl_conf_legacy_renegotiation( mbedtls_ssl_config *conf, int allow_legacy );
02143 
02144 #if defined(MBEDTLS_SSL_RENEGOTIATION)
02145 
02182 void mbedtls_ssl_conf_renegotiation_enforced( mbedtls_ssl_config *conf, int max_records );
02183 
02209 void mbedtls_ssl_conf_renegotiation_period( mbedtls_ssl_config *conf,
02210                                    const unsigned char period[8] );
02211 #endif /* MBEDTLS_SSL_RENEGOTIATION */
02212 
02220 size_t mbedtls_ssl_get_bytes_avail( const mbedtls_ssl_context *ssl );
02221 
02233 uint32_t mbedtls_ssl_get_verify_result( const mbedtls_ssl_context *ssl );
02234 
02242 const char *mbedtls_ssl_get_ciphersuite( const mbedtls_ssl_context *ssl );
02243 
02251 const char *mbedtls_ssl_get_version( const mbedtls_ssl_context *ssl );
02252 
02263 int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl );
02264 
02265 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
02266 
02282 size_t mbedtls_ssl_get_max_frag_len( const mbedtls_ssl_context *ssl );
02283 #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
02284 
02285 #if defined(MBEDTLS_X509_CRT_PARSE_C)
02286 
02300 const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert( const mbedtls_ssl_context *ssl );
02301 #endif /* MBEDTLS_X509_CRT_PARSE_C */
02302 
02303 #if defined(MBEDTLS_SSL_CLI_C)
02304 
02320 int mbedtls_ssl_get_session( const mbedtls_ssl_context *ssl, mbedtls_ssl_session *session );
02321 #endif /* MBEDTLS_SSL_CLI_C */
02322 
02344 int mbedtls_ssl_handshake( mbedtls_ssl_context *ssl );
02345 
02365 int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl );
02366 
02367 #if defined(MBEDTLS_SSL_RENEGOTIATION)
02368 
02386 int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl );
02387 #endif /* MBEDTLS_SSL_RENEGOTIATION */
02388 
02423 int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len );
02424 
02460 int mbedtls_ssl_write( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len );
02461 
02478 int mbedtls_ssl_send_alert_message( mbedtls_ssl_context *ssl,
02479                             unsigned char level,
02480                             unsigned char message );
02494 int mbedtls_ssl_close_notify( mbedtls_ssl_context *ssl );
02495 
02501 void mbedtls_ssl_free( mbedtls_ssl_context *ssl );
02502 
02513 void mbedtls_ssl_config_init( mbedtls_ssl_config *conf );
02514 
02530 int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
02531                                  int endpoint, int transport, int preset );
02532 
02538 void mbedtls_ssl_config_free( mbedtls_ssl_config *conf );
02539 
02545 void mbedtls_ssl_session_init( mbedtls_ssl_session *session );
02546 
02553 void mbedtls_ssl_session_free( mbedtls_ssl_session *session );
02554 
02555 #ifdef __cplusplus
02556 }
02557 #endif
02558 
02559 #endif /* ssl.h */

Generated on 11 Mar 2017 for mbed TLS v2.4.2 by  doxygen 1.4.7