1c2c66affSColin Finck /** 2c2c66affSColin Finck * \file ssl.h 3c2c66affSColin Finck * 4c2c66affSColin Finck * \brief SSL/TLS functions. 5*d9e6c9b5SThomas Faber */ 6*d9e6c9b5SThomas Faber /* 7c2c66affSColin Finck * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 8c2c66affSColin Finck * SPDX-License-Identifier: GPL-2.0 9c2c66affSColin Finck * 10c2c66affSColin Finck * This program is free software; you can redistribute it and/or modify 11c2c66affSColin Finck * it under the terms of the GNU General Public License as published by 12c2c66affSColin Finck * the Free Software Foundation; either version 2 of the License, or 13c2c66affSColin Finck * (at your option) any later version. 14c2c66affSColin Finck * 15c2c66affSColin Finck * This program is distributed in the hope that it will be useful, 16c2c66affSColin Finck * but WITHOUT ANY WARRANTY; without even the implied warranty of 17c2c66affSColin Finck * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 18c2c66affSColin Finck * GNU General Public License for more details. 19c2c66affSColin Finck * 20c2c66affSColin Finck * You should have received a copy of the GNU General Public License along 21c2c66affSColin Finck * with this program; if not, write to the Free Software Foundation, Inc., 22c2c66affSColin Finck * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 23c2c66affSColin Finck * 24c2c66affSColin Finck * This file is part of mbed TLS (https://tls.mbed.org) 25c2c66affSColin Finck */ 26c2c66affSColin Finck #ifndef MBEDTLS_SSL_H 27c2c66affSColin Finck #define MBEDTLS_SSL_H 28c2c66affSColin Finck 29c2c66affSColin Finck #if !defined(MBEDTLS_CONFIG_FILE) 30c2c66affSColin Finck #include "config.h" 31c2c66affSColin Finck #else 32c2c66affSColin Finck #include MBEDTLS_CONFIG_FILE 33c2c66affSColin Finck #endif 34c2c66affSColin Finck 35c2c66affSColin Finck #include "bignum.h" 36c2c66affSColin Finck #include "ecp.h" 37c2c66affSColin Finck 38c2c66affSColin Finck #include "ssl_ciphersuites.h" 39c2c66affSColin Finck 40c2c66affSColin Finck #if defined(MBEDTLS_X509_CRT_PARSE_C) 41c2c66affSColin Finck #include "x509_crt.h" 42c2c66affSColin Finck #include "x509_crl.h" 43c2c66affSColin Finck #endif 44c2c66affSColin Finck 45c2c66affSColin Finck #if defined(MBEDTLS_DHM_C) 46c2c66affSColin Finck #include "dhm.h" 47c2c66affSColin Finck #endif 48c2c66affSColin Finck 49c2c66affSColin Finck #if defined(MBEDTLS_ECDH_C) 50c2c66affSColin Finck #include "ecdh.h" 51c2c66affSColin Finck #endif 52c2c66affSColin Finck 53c2c66affSColin Finck #if defined(MBEDTLS_ZLIB_SUPPORT) 54c2c66affSColin Finck #include "zlib.h" 55c2c66affSColin Finck #endif 56c2c66affSColin Finck 57c2c66affSColin Finck #if defined(MBEDTLS_HAVE_TIME) 58*d9e6c9b5SThomas Faber #include "platform_time.h" 59c2c66affSColin Finck #endif 60c2c66affSColin Finck 61c2c66affSColin Finck /* 62c2c66affSColin Finck * SSL Error codes 63c2c66affSColin Finck */ 64c2c66affSColin Finck #define MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE -0x7080 /**< The requested feature is not available. */ 65c2c66affSColin Finck #define MBEDTLS_ERR_SSL_BAD_INPUT_DATA -0x7100 /**< Bad input parameters to function. */ 66c2c66affSColin Finck #define MBEDTLS_ERR_SSL_INVALID_MAC -0x7180 /**< Verification of the message MAC failed. */ 67c2c66affSColin Finck #define MBEDTLS_ERR_SSL_INVALID_RECORD -0x7200 /**< An invalid SSL record was received. */ 68c2c66affSColin Finck #define MBEDTLS_ERR_SSL_CONN_EOF -0x7280 /**< The connection indicated an EOF. */ 69c2c66affSColin Finck #define MBEDTLS_ERR_SSL_UNKNOWN_CIPHER -0x7300 /**< An unknown cipher was received. */ 70c2c66affSColin Finck #define MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN -0x7380 /**< The server has no ciphersuites in common with the client. */ 71c2c66affSColin Finck #define MBEDTLS_ERR_SSL_NO_RNG -0x7400 /**< No RNG was provided to the SSL module. */ 72c2c66affSColin Finck #define MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE -0x7480 /**< No client certification received from the client, but required by the authentication mode. */ 73c2c66affSColin Finck #define MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE -0x7500 /**< Our own certificate(s) is/are too large to send in an SSL message. */ 74c2c66affSColin Finck #define MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED -0x7580 /**< The own certificate is not set, but needed by the server. */ 75c2c66affSColin Finck #define MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED -0x7600 /**< The own private key or pre-shared key is not set, but needed. */ 76c2c66affSColin Finck #define MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED -0x7680 /**< No CA Chain is set, but required to operate. */ 77c2c66affSColin Finck #define MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE -0x7700 /**< An unexpected message was received from our peer. */ 78c2c66affSColin Finck #define MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE -0x7780 /**< A fatal alert message was received from our peer. */ 79c2c66affSColin Finck #define MBEDTLS_ERR_SSL_PEER_VERIFY_FAILED -0x7800 /**< Verification of our peer failed. */ 80c2c66affSColin Finck #define MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY -0x7880 /**< The peer notified us that the connection is going to be closed. */ 81c2c66affSColin Finck #define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO -0x7900 /**< Processing of the ClientHello handshake message failed. */ 82c2c66affSColin Finck #define MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO -0x7980 /**< Processing of the ServerHello handshake message failed. */ 83c2c66affSColin Finck #define MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE -0x7A00 /**< Processing of the Certificate handshake message failed. */ 84c2c66affSColin Finck #define MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST -0x7A80 /**< Processing of the CertificateRequest handshake message failed. */ 85c2c66affSColin Finck #define MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE -0x7B00 /**< Processing of the ServerKeyExchange handshake message failed. */ 86c2c66affSColin Finck #define MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO_DONE -0x7B80 /**< Processing of the ServerHelloDone handshake message failed. */ 87c2c66affSColin Finck #define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE -0x7C00 /**< Processing of the ClientKeyExchange handshake message failed. */ 88c2c66affSColin Finck #define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP -0x7C80 /**< Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Read Public. */ 89c2c66affSColin Finck #define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS -0x7D00 /**< Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Calculate Secret. */ 90c2c66affSColin Finck #define MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY -0x7D80 /**< Processing of the CertificateVerify handshake message failed. */ 91c2c66affSColin Finck #define MBEDTLS_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC -0x7E00 /**< Processing of the ChangeCipherSpec handshake message failed. */ 92c2c66affSColin Finck #define MBEDTLS_ERR_SSL_BAD_HS_FINISHED -0x7E80 /**< Processing of the Finished handshake message failed. */ 93c2c66affSColin Finck #define MBEDTLS_ERR_SSL_ALLOC_FAILED -0x7F00 /**< Memory allocation failed */ 94c2c66affSColin Finck #define MBEDTLS_ERR_SSL_HW_ACCEL_FAILED -0x7F80 /**< Hardware acceleration function returned with error */ 95c2c66affSColin Finck #define MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH -0x6F80 /**< Hardware acceleration function skipped / left alone data */ 96c2c66affSColin Finck #define MBEDTLS_ERR_SSL_COMPRESSION_FAILED -0x6F00 /**< Processing of the compression / decompression failed */ 97c2c66affSColin Finck #define MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION -0x6E80 /**< Handshake protocol not within min/max boundaries */ 98c2c66affSColin Finck #define MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET -0x6E00 /**< Processing of the NewSessionTicket handshake message failed. */ 99c2c66affSColin Finck #define MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED -0x6D80 /**< Session ticket has expired. */ 100c2c66affSColin Finck #define MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH -0x6D00 /**< Public key type mismatch (eg, asked for RSA key exchange and presented EC key) */ 101c2c66affSColin Finck #define MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY -0x6C80 /**< Unknown identity received (eg, PSK identity) */ 102c2c66affSColin Finck #define MBEDTLS_ERR_SSL_INTERNAL_ERROR -0x6C00 /**< Internal error (eg, unexpected failure in lower-level module) */ 103c2c66affSColin Finck #define MBEDTLS_ERR_SSL_COUNTER_WRAPPING -0x6B80 /**< A counter would wrap (eg, too many messages exchanged). */ 104c2c66affSColin Finck #define MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO -0x6B00 /**< Unexpected message at ServerHello in renegotiation. */ 105c2c66affSColin Finck #define MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED -0x6A80 /**< DTLS client must retry for hello verification */ 106c2c66affSColin Finck #define MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL -0x6A00 /**< A buffer is too small to receive or write a message */ 107c2c66affSColin Finck #define MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE -0x6980 /**< None of the common ciphersuites is usable (eg, no suitable certificate, see debug messages). */ 108c2c66affSColin Finck #define MBEDTLS_ERR_SSL_WANT_READ -0x6900 /**< Connection requires a read call. */ 109c2c66affSColin Finck #define MBEDTLS_ERR_SSL_WANT_WRITE -0x6880 /**< Connection requires a write call. */ 110c2c66affSColin Finck #define MBEDTLS_ERR_SSL_TIMEOUT -0x6800 /**< The operation timed out. */ 111c2c66affSColin Finck #define MBEDTLS_ERR_SSL_CLIENT_RECONNECT -0x6780 /**< The client initiated a reconnect from the same port. */ 112c2c66affSColin Finck #define MBEDTLS_ERR_SSL_UNEXPECTED_RECORD -0x6700 /**< Record header looks valid but is not expected. */ 113c2c66affSColin Finck #define MBEDTLS_ERR_SSL_NON_FATAL -0x6680 /**< The alert message received indicates a non-fatal error. */ 114c2c66affSColin Finck #define MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH -0x6600 /**< Couldn't set the hash for verifying CertificateVerify */ 115c2c66affSColin Finck 116c2c66affSColin Finck /* 117c2c66affSColin Finck * Various constants 118c2c66affSColin Finck */ 119c2c66affSColin Finck #define MBEDTLS_SSL_MAJOR_VERSION_3 3 120c2c66affSColin Finck #define MBEDTLS_SSL_MINOR_VERSION_0 0 /*!< SSL v3.0 */ 121c2c66affSColin Finck #define MBEDTLS_SSL_MINOR_VERSION_1 1 /*!< TLS v1.0 */ 122c2c66affSColin Finck #define MBEDTLS_SSL_MINOR_VERSION_2 2 /*!< TLS v1.1 */ 123c2c66affSColin Finck #define MBEDTLS_SSL_MINOR_VERSION_3 3 /*!< TLS v1.2 */ 124c2c66affSColin Finck 125c2c66affSColin Finck #define MBEDTLS_SSL_TRANSPORT_STREAM 0 /*!< TLS */ 126c2c66affSColin Finck #define MBEDTLS_SSL_TRANSPORT_DATAGRAM 1 /*!< DTLS */ 127c2c66affSColin Finck 128c2c66affSColin Finck #define MBEDTLS_SSL_MAX_HOST_NAME_LEN 255 /*!< Maximum host name defined in RFC 1035 */ 129c2c66affSColin Finck 130c2c66affSColin Finck /* RFC 6066 section 4, see also mfl_code_to_length in ssl_tls.c 131c2c66affSColin Finck * NONE must be zero so that memset()ing structure to zero works */ 132c2c66affSColin Finck #define MBEDTLS_SSL_MAX_FRAG_LEN_NONE 0 /*!< don't use this extension */ 133c2c66affSColin Finck #define MBEDTLS_SSL_MAX_FRAG_LEN_512 1 /*!< MaxFragmentLength 2^9 */ 134c2c66affSColin Finck #define MBEDTLS_SSL_MAX_FRAG_LEN_1024 2 /*!< MaxFragmentLength 2^10 */ 135c2c66affSColin Finck #define MBEDTLS_SSL_MAX_FRAG_LEN_2048 3 /*!< MaxFragmentLength 2^11 */ 136c2c66affSColin Finck #define MBEDTLS_SSL_MAX_FRAG_LEN_4096 4 /*!< MaxFragmentLength 2^12 */ 137c2c66affSColin Finck #define MBEDTLS_SSL_MAX_FRAG_LEN_INVALID 5 /*!< first invalid value */ 138c2c66affSColin Finck 139c2c66affSColin Finck #define MBEDTLS_SSL_IS_CLIENT 0 140c2c66affSColin Finck #define MBEDTLS_SSL_IS_SERVER 1 141c2c66affSColin Finck 142c2c66affSColin Finck #define MBEDTLS_SSL_IS_NOT_FALLBACK 0 143c2c66affSColin Finck #define MBEDTLS_SSL_IS_FALLBACK 1 144c2c66affSColin Finck 145c2c66affSColin Finck #define MBEDTLS_SSL_EXTENDED_MS_DISABLED 0 146c2c66affSColin Finck #define MBEDTLS_SSL_EXTENDED_MS_ENABLED 1 147c2c66affSColin Finck 148c2c66affSColin Finck #define MBEDTLS_SSL_ETM_DISABLED 0 149c2c66affSColin Finck #define MBEDTLS_SSL_ETM_ENABLED 1 150c2c66affSColin Finck 151c2c66affSColin Finck #define MBEDTLS_SSL_COMPRESS_NULL 0 152c2c66affSColin Finck #define MBEDTLS_SSL_COMPRESS_DEFLATE 1 153c2c66affSColin Finck 154c2c66affSColin Finck #define MBEDTLS_SSL_VERIFY_NONE 0 155c2c66affSColin Finck #define MBEDTLS_SSL_VERIFY_OPTIONAL 1 156c2c66affSColin Finck #define MBEDTLS_SSL_VERIFY_REQUIRED 2 157c2c66affSColin Finck #define MBEDTLS_SSL_VERIFY_UNSET 3 /* Used only for sni_authmode */ 158c2c66affSColin Finck 159c2c66affSColin Finck #define MBEDTLS_SSL_LEGACY_RENEGOTIATION 0 160c2c66affSColin Finck #define MBEDTLS_SSL_SECURE_RENEGOTIATION 1 161c2c66affSColin Finck 162c2c66affSColin Finck #define MBEDTLS_SSL_RENEGOTIATION_DISABLED 0 163c2c66affSColin Finck #define MBEDTLS_SSL_RENEGOTIATION_ENABLED 1 164c2c66affSColin Finck 165c2c66affSColin Finck #define MBEDTLS_SSL_ANTI_REPLAY_DISABLED 0 166c2c66affSColin Finck #define MBEDTLS_SSL_ANTI_REPLAY_ENABLED 1 167c2c66affSColin Finck 168c2c66affSColin Finck #define MBEDTLS_SSL_RENEGOTIATION_NOT_ENFORCED -1 169c2c66affSColin Finck #define MBEDTLS_SSL_RENEGO_MAX_RECORDS_DEFAULT 16 170c2c66affSColin Finck 171c2c66affSColin Finck #define MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION 0 172c2c66affSColin Finck #define MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION 1 173c2c66affSColin Finck #define MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE 2 174c2c66affSColin Finck 175c2c66affSColin Finck #define MBEDTLS_SSL_TRUNC_HMAC_DISABLED 0 176c2c66affSColin Finck #define MBEDTLS_SSL_TRUNC_HMAC_ENABLED 1 177c2c66affSColin Finck #define MBEDTLS_SSL_TRUNCATED_HMAC_LEN 10 /* 80 bits, rfc 6066 section 7 */ 178c2c66affSColin Finck 179c2c66affSColin Finck #define MBEDTLS_SSL_SESSION_TICKETS_DISABLED 0 180c2c66affSColin Finck #define MBEDTLS_SSL_SESSION_TICKETS_ENABLED 1 181c2c66affSColin Finck 182c2c66affSColin Finck #define MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED 0 183c2c66affSColin Finck #define MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED 1 184c2c66affSColin Finck 185c2c66affSColin Finck #define MBEDTLS_SSL_ARC4_ENABLED 0 186c2c66affSColin Finck #define MBEDTLS_SSL_ARC4_DISABLED 1 187c2c66affSColin Finck 188c2c66affSColin Finck #define MBEDTLS_SSL_PRESET_DEFAULT 0 189c2c66affSColin Finck #define MBEDTLS_SSL_PRESET_SUITEB 2 190c2c66affSColin Finck 191c2c66affSColin Finck #define MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED 1 192c2c66affSColin Finck #define MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED 0 193c2c66affSColin Finck 194c2c66affSColin Finck /* 195c2c66affSColin Finck * Default range for DTLS retransmission timer value, in milliseconds. 196c2c66affSColin Finck * RFC 6347 4.2.4.1 says from 1 second to 60 seconds. 197c2c66affSColin Finck */ 198c2c66affSColin Finck #define MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN 1000 199c2c66affSColin Finck #define MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MAX 60000 200c2c66affSColin Finck 201c2c66affSColin Finck /** 202c2c66affSColin Finck * \name SECTION: Module settings 203c2c66affSColin Finck * 204c2c66affSColin Finck * The configuration options you can set for this module are in this section. 205c2c66affSColin Finck * Either change them in config.h or define them on the compiler command line. 206c2c66affSColin Finck * \{ 207c2c66affSColin Finck */ 208c2c66affSColin Finck 209c2c66affSColin Finck #if !defined(MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME) 210c2c66affSColin Finck #define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tickets (if enabled) */ 211c2c66affSColin Finck #endif 212c2c66affSColin Finck 213c2c66affSColin Finck /* 214c2c66affSColin Finck * Maxium fragment length in bytes, 215c2c66affSColin Finck * determines the size of each of the two internal I/O buffers. 216c2c66affSColin Finck * 217c2c66affSColin Finck * Note: the RFC defines the default size of SSL / TLS messages. If you 218c2c66affSColin Finck * change the value here, other clients / servers may not be able to 219c2c66affSColin Finck * communicate with you anymore. Only change this value if you control 220c2c66affSColin Finck * both sides of the connection and have it reduced at both sides, or 221c2c66affSColin Finck * if you're using the Max Fragment Length extension and you know all your 222c2c66affSColin Finck * peers are using it too! 223c2c66affSColin Finck */ 224c2c66affSColin Finck #if !defined(MBEDTLS_SSL_MAX_CONTENT_LEN) 225c2c66affSColin Finck #define MBEDTLS_SSL_MAX_CONTENT_LEN 16384 /**< Size of the input / output buffer */ 226c2c66affSColin Finck #endif 227c2c66affSColin Finck 228c2c66affSColin Finck /* \} name SECTION: Module settings */ 229c2c66affSColin Finck 230c2c66affSColin Finck /* 231c2c66affSColin Finck * Length of the verify data for secure renegotiation 232c2c66affSColin Finck */ 233c2c66affSColin Finck #if defined(MBEDTLS_SSL_PROTO_SSL3) 234c2c66affSColin Finck #define MBEDTLS_SSL_VERIFY_DATA_MAX_LEN 36 235c2c66affSColin Finck #else 236c2c66affSColin Finck #define MBEDTLS_SSL_VERIFY_DATA_MAX_LEN 12 237c2c66affSColin Finck #endif 238c2c66affSColin Finck 239c2c66affSColin Finck /* 240c2c66affSColin Finck * Signaling ciphersuite values (SCSV) 241c2c66affSColin Finck */ 242c2c66affSColin Finck #define MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO 0xFF /**< renegotiation info ext */ 243c2c66affSColin Finck #define MBEDTLS_SSL_FALLBACK_SCSV_VALUE 0x5600 /**< RFC 7507 section 2 */ 244c2c66affSColin Finck 245c2c66affSColin Finck /* 246c2c66affSColin Finck * Supported Signature and Hash algorithms (For TLS 1.2) 247c2c66affSColin Finck * RFC 5246 section 7.4.1.4.1 248c2c66affSColin Finck */ 249c2c66affSColin Finck #define MBEDTLS_SSL_HASH_NONE 0 250c2c66affSColin Finck #define MBEDTLS_SSL_HASH_MD5 1 251c2c66affSColin Finck #define MBEDTLS_SSL_HASH_SHA1 2 252c2c66affSColin Finck #define MBEDTLS_SSL_HASH_SHA224 3 253c2c66affSColin Finck #define MBEDTLS_SSL_HASH_SHA256 4 254c2c66affSColin Finck #define MBEDTLS_SSL_HASH_SHA384 5 255c2c66affSColin Finck #define MBEDTLS_SSL_HASH_SHA512 6 256c2c66affSColin Finck 257c2c66affSColin Finck #define MBEDTLS_SSL_SIG_ANON 0 258c2c66affSColin Finck #define MBEDTLS_SSL_SIG_RSA 1 259c2c66affSColin Finck #define MBEDTLS_SSL_SIG_ECDSA 3 260c2c66affSColin Finck 261c2c66affSColin Finck /* 262c2c66affSColin Finck * Client Certificate Types 263c2c66affSColin Finck * RFC 5246 section 7.4.4 plus RFC 4492 section 5.5 264c2c66affSColin Finck */ 265c2c66affSColin Finck #define MBEDTLS_SSL_CERT_TYPE_RSA_SIGN 1 266c2c66affSColin Finck #define MBEDTLS_SSL_CERT_TYPE_ECDSA_SIGN 64 267c2c66affSColin Finck 268c2c66affSColin Finck /* 269c2c66affSColin Finck * Message, alert and handshake types 270c2c66affSColin Finck */ 271c2c66affSColin Finck #define MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC 20 272c2c66affSColin Finck #define MBEDTLS_SSL_MSG_ALERT 21 273c2c66affSColin Finck #define MBEDTLS_SSL_MSG_HANDSHAKE 22 274c2c66affSColin Finck #define MBEDTLS_SSL_MSG_APPLICATION_DATA 23 275c2c66affSColin Finck 276c2c66affSColin Finck #define MBEDTLS_SSL_ALERT_LEVEL_WARNING 1 277c2c66affSColin Finck #define MBEDTLS_SSL_ALERT_LEVEL_FATAL 2 278c2c66affSColin Finck 279c2c66affSColin Finck #define MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY 0 /* 0x00 */ 280c2c66affSColin Finck #define MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE 10 /* 0x0A */ 281c2c66affSColin Finck #define MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC 20 /* 0x14 */ 282c2c66affSColin Finck #define MBEDTLS_SSL_ALERT_MSG_DECRYPTION_FAILED 21 /* 0x15 */ 283c2c66affSColin Finck #define MBEDTLS_SSL_ALERT_MSG_RECORD_OVERFLOW 22 /* 0x16 */ 284c2c66affSColin Finck #define MBEDTLS_SSL_ALERT_MSG_DECOMPRESSION_FAILURE 30 /* 0x1E */ 285c2c66affSColin Finck #define MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE 40 /* 0x28 */ 286c2c66affSColin Finck #define MBEDTLS_SSL_ALERT_MSG_NO_CERT 41 /* 0x29 */ 287c2c66affSColin Finck #define MBEDTLS_SSL_ALERT_MSG_BAD_CERT 42 /* 0x2A */ 288c2c66affSColin Finck #define MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT 43 /* 0x2B */ 289c2c66affSColin Finck #define MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED 44 /* 0x2C */ 290c2c66affSColin Finck #define MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED 45 /* 0x2D */ 291c2c66affSColin Finck #define MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN 46 /* 0x2E */ 292c2c66affSColin Finck #define MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER 47 /* 0x2F */ 293c2c66affSColin Finck #define MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA 48 /* 0x30 */ 294c2c66affSColin Finck #define MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED 49 /* 0x31 */ 295c2c66affSColin Finck #define MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR 50 /* 0x32 */ 296c2c66affSColin Finck #define MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR 51 /* 0x33 */ 297c2c66affSColin Finck #define MBEDTLS_SSL_ALERT_MSG_EXPORT_RESTRICTION 60 /* 0x3C */ 298c2c66affSColin Finck #define MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION 70 /* 0x46 */ 299c2c66affSColin Finck #define MBEDTLS_SSL_ALERT_MSG_INSUFFICIENT_SECURITY 71 /* 0x47 */ 300c2c66affSColin Finck #define MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR 80 /* 0x50 */ 301c2c66affSColin Finck #define MBEDTLS_SSL_ALERT_MSG_INAPROPRIATE_FALLBACK 86 /* 0x56 */ 302c2c66affSColin Finck #define MBEDTLS_SSL_ALERT_MSG_USER_CANCELED 90 /* 0x5A */ 303c2c66affSColin Finck #define MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION 100 /* 0x64 */ 304c2c66affSColin Finck #define MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT 110 /* 0x6E */ 305c2c66affSColin Finck #define MBEDTLS_SSL_ALERT_MSG_UNRECOGNIZED_NAME 112 /* 0x70 */ 306c2c66affSColin Finck #define MBEDTLS_SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY 115 /* 0x73 */ 307c2c66affSColin Finck #define MBEDTLS_SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL 120 /* 0x78 */ 308c2c66affSColin Finck 309c2c66affSColin Finck #define MBEDTLS_SSL_HS_HELLO_REQUEST 0 310c2c66affSColin Finck #define MBEDTLS_SSL_HS_CLIENT_HELLO 1 311c2c66affSColin Finck #define MBEDTLS_SSL_HS_SERVER_HELLO 2 312c2c66affSColin Finck #define MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST 3 313c2c66affSColin Finck #define MBEDTLS_SSL_HS_NEW_SESSION_TICKET 4 314c2c66affSColin Finck #define MBEDTLS_SSL_HS_CERTIFICATE 11 315c2c66affSColin Finck #define MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE 12 316c2c66affSColin Finck #define MBEDTLS_SSL_HS_CERTIFICATE_REQUEST 13 317c2c66affSColin Finck #define MBEDTLS_SSL_HS_SERVER_HELLO_DONE 14 318c2c66affSColin Finck #define MBEDTLS_SSL_HS_CERTIFICATE_VERIFY 15 319c2c66affSColin Finck #define MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE 16 320c2c66affSColin Finck #define MBEDTLS_SSL_HS_FINISHED 20 321c2c66affSColin Finck 322c2c66affSColin Finck /* 323c2c66affSColin Finck * TLS extensions 324c2c66affSColin Finck */ 325c2c66affSColin Finck #define MBEDTLS_TLS_EXT_SERVERNAME 0 326c2c66affSColin Finck #define MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME 0 327c2c66affSColin Finck 328c2c66affSColin Finck #define MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH 1 329c2c66affSColin Finck 330c2c66affSColin Finck #define MBEDTLS_TLS_EXT_TRUNCATED_HMAC 4 331c2c66affSColin Finck 332c2c66affSColin Finck #define MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES 10 333c2c66affSColin Finck #define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS 11 334c2c66affSColin Finck 335c2c66affSColin Finck #define MBEDTLS_TLS_EXT_SIG_ALG 13 336c2c66affSColin Finck 337c2c66affSColin Finck #define MBEDTLS_TLS_EXT_ALPN 16 338c2c66affSColin Finck 339c2c66affSColin Finck #define MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC 22 /* 0x16 */ 340c2c66affSColin Finck #define MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET 0x0017 /* 23 */ 341c2c66affSColin Finck 342c2c66affSColin Finck #define MBEDTLS_TLS_EXT_SESSION_TICKET 35 343c2c66affSColin Finck 344c2c66affSColin Finck #define MBEDTLS_TLS_EXT_ECJPAKE_KKPP 256 /* experimental */ 345c2c66affSColin Finck 346c2c66affSColin Finck #define MBEDTLS_TLS_EXT_RENEGOTIATION_INFO 0xFF01 347c2c66affSColin Finck 348c2c66affSColin Finck /* 349c2c66affSColin Finck * Size defines 350c2c66affSColin Finck */ 351c2c66affSColin Finck #if !defined(MBEDTLS_PSK_MAX_LEN) 352c2c66affSColin Finck #define MBEDTLS_PSK_MAX_LEN 32 /* 256 bits */ 353c2c66affSColin Finck #endif 354c2c66affSColin Finck 355c2c66affSColin Finck /* Dummy type used only for its size */ 356c2c66affSColin Finck union mbedtls_ssl_premaster_secret 357c2c66affSColin Finck { 358c2c66affSColin Finck #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) 359c2c66affSColin Finck unsigned char _pms_rsa[48]; /* RFC 5246 8.1.1 */ 360c2c66affSColin Finck #endif 361c2c66affSColin Finck #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) 362c2c66affSColin Finck unsigned char _pms_dhm[MBEDTLS_MPI_MAX_SIZE]; /* RFC 5246 8.1.2 */ 363c2c66affSColin Finck #endif 364c2c66affSColin Finck #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ 365c2c66affSColin Finck defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ 366c2c66affSColin Finck defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ 367c2c66affSColin Finck defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) 368c2c66affSColin Finck unsigned char _pms_ecdh[MBEDTLS_ECP_MAX_BYTES]; /* RFC 4492 5.10 */ 369c2c66affSColin Finck #endif 370c2c66affSColin Finck #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) 371c2c66affSColin Finck unsigned char _pms_psk[4 + 2 * MBEDTLS_PSK_MAX_LEN]; /* RFC 4279 2 */ 372c2c66affSColin Finck #endif 373c2c66affSColin Finck #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) 374c2c66affSColin Finck unsigned char _pms_dhe_psk[4 + MBEDTLS_MPI_MAX_SIZE 375c2c66affSColin Finck + MBEDTLS_PSK_MAX_LEN]; /* RFC 4279 3 */ 376c2c66affSColin Finck #endif 377c2c66affSColin Finck #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) 378c2c66affSColin Finck unsigned char _pms_rsa_psk[52 + MBEDTLS_PSK_MAX_LEN]; /* RFC 4279 4 */ 379c2c66affSColin Finck #endif 380c2c66affSColin Finck #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) 381c2c66affSColin Finck unsigned char _pms_ecdhe_psk[4 + MBEDTLS_ECP_MAX_BYTES 382c2c66affSColin Finck + MBEDTLS_PSK_MAX_LEN]; /* RFC 5489 2 */ 383c2c66affSColin Finck #endif 384c2c66affSColin Finck #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) 385c2c66affSColin Finck unsigned char _pms_ecjpake[32]; /* Thread spec: SHA-256 output */ 386c2c66affSColin Finck #endif 387c2c66affSColin Finck }; 388c2c66affSColin Finck 389c2c66affSColin Finck #define MBEDTLS_PREMASTER_SIZE sizeof( union mbedtls_ssl_premaster_secret ) 390c2c66affSColin Finck 391c2c66affSColin Finck #ifdef __cplusplus 392c2c66affSColin Finck extern "C" { 393c2c66affSColin Finck #endif 394c2c66affSColin Finck 395c2c66affSColin Finck /* 396c2c66affSColin Finck * SSL state machine 397c2c66affSColin Finck */ 398c2c66affSColin Finck typedef enum 399c2c66affSColin Finck { 400c2c66affSColin Finck MBEDTLS_SSL_HELLO_REQUEST, 401c2c66affSColin Finck MBEDTLS_SSL_CLIENT_HELLO, 402c2c66affSColin Finck MBEDTLS_SSL_SERVER_HELLO, 403c2c66affSColin Finck MBEDTLS_SSL_SERVER_CERTIFICATE, 404c2c66affSColin Finck MBEDTLS_SSL_SERVER_KEY_EXCHANGE, 405c2c66affSColin Finck MBEDTLS_SSL_CERTIFICATE_REQUEST, 406c2c66affSColin Finck MBEDTLS_SSL_SERVER_HELLO_DONE, 407c2c66affSColin Finck MBEDTLS_SSL_CLIENT_CERTIFICATE, 408c2c66affSColin Finck MBEDTLS_SSL_CLIENT_KEY_EXCHANGE, 409c2c66affSColin Finck MBEDTLS_SSL_CERTIFICATE_VERIFY, 410c2c66affSColin Finck MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC, 411c2c66affSColin Finck MBEDTLS_SSL_CLIENT_FINISHED, 412c2c66affSColin Finck MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC, 413c2c66affSColin Finck MBEDTLS_SSL_SERVER_FINISHED, 414c2c66affSColin Finck MBEDTLS_SSL_FLUSH_BUFFERS, 415c2c66affSColin Finck MBEDTLS_SSL_HANDSHAKE_WRAPUP, 416c2c66affSColin Finck MBEDTLS_SSL_HANDSHAKE_OVER, 417c2c66affSColin Finck MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET, 418c2c66affSColin Finck MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT, 419c2c66affSColin Finck } 420c2c66affSColin Finck mbedtls_ssl_states; 421c2c66affSColin Finck 422c2c66affSColin Finck /** 423c2c66affSColin Finck * \brief Callback type: send data on the network. 424c2c66affSColin Finck * 425c2c66affSColin Finck * \note That callback may be either blocking or non-blocking. 426c2c66affSColin Finck * 427c2c66affSColin Finck * \param ctx Context for the send callback (typically a file descriptor) 428c2c66affSColin Finck * \param buf Buffer holding the data to send 429c2c66affSColin Finck * \param len Length of the data to send 430c2c66affSColin Finck * 431c2c66affSColin Finck * \return The callback must return the number of bytes sent if any, 432c2c66affSColin Finck * or a non-zero error code. 433c2c66affSColin Finck * If performing non-blocking I/O, \c MBEDTLS_ERR_SSL_WANT_WRITE 434c2c66affSColin Finck * must be returned when the operation would block. 435c2c66affSColin Finck * 436c2c66affSColin Finck * \note The callback is allowed to send fewer bytes than requested. 437c2c66affSColin Finck * It must always return the number of bytes actually sent. 438c2c66affSColin Finck */ 439c2c66affSColin Finck typedef int mbedtls_ssl_send_t( void *ctx, 440c2c66affSColin Finck const unsigned char *buf, 441c2c66affSColin Finck size_t len ); 442c2c66affSColin Finck 443c2c66affSColin Finck /** 444c2c66affSColin Finck * \brief Callback type: receive data from the network. 445c2c66affSColin Finck * 446c2c66affSColin Finck * \note That callback may be either blocking or non-blocking. 447c2c66affSColin Finck * 448c2c66affSColin Finck * \param ctx Context for the receive callback (typically a file 449c2c66affSColin Finck * descriptor) 450c2c66affSColin Finck * \param buf Buffer to write the received data to 451c2c66affSColin Finck * \param len Length of the receive buffer 452c2c66affSColin Finck * 453c2c66affSColin Finck * \return The callback must return the number of bytes received, 454c2c66affSColin Finck * or a non-zero error code. 455c2c66affSColin Finck * If performing non-blocking I/O, \c MBEDTLS_ERR_SSL_WANT_READ 456c2c66affSColin Finck * must be returned when the operation would block. 457c2c66affSColin Finck * 458c2c66affSColin Finck * \note The callback may receive fewer bytes than the length of the 459c2c66affSColin Finck * buffer. It must always return the number of bytes actually 460c2c66affSColin Finck * received and written to the buffer. 461c2c66affSColin Finck */ 462c2c66affSColin Finck typedef int mbedtls_ssl_recv_t( void *ctx, 463c2c66affSColin Finck unsigned char *buf, 464c2c66affSColin Finck size_t len ); 465c2c66affSColin Finck 466c2c66affSColin Finck /** 467c2c66affSColin Finck * \brief Callback type: receive data from the network, with timeout 468c2c66affSColin Finck * 469c2c66affSColin Finck * \note That callback must block until data is received, or the 470c2c66affSColin Finck * timeout delay expires, or the operation is interrupted by a 471c2c66affSColin Finck * signal. 472c2c66affSColin Finck * 473c2c66affSColin Finck * \param ctx Context for the receive callback (typically a file descriptor) 474c2c66affSColin Finck * \param buf Buffer to write the received data to 475c2c66affSColin Finck * \param len Length of the receive buffer 476c2c66affSColin Finck * \param timeout Maximum nomber of millisecondes to wait for data 477c2c66affSColin Finck * 0 means no timeout (potentially waiting forever) 478c2c66affSColin Finck * 479c2c66affSColin Finck * \return The callback must return the number of bytes received, 480c2c66affSColin Finck * or a non-zero error code: 481c2c66affSColin Finck * \c MBEDTLS_ERR_SSL_TIMEOUT if the operation timed out, 482c2c66affSColin Finck * \c MBEDTLS_ERR_SSL_WANT_READ if interrupted by a signal. 483c2c66affSColin Finck * 484c2c66affSColin Finck * \note The callback may receive fewer bytes than the length of the 485c2c66affSColin Finck * buffer. It must always return the number of bytes actually 486c2c66affSColin Finck * received and written to the buffer. 487c2c66affSColin Finck */ 488c2c66affSColin Finck typedef int mbedtls_ssl_recv_timeout_t( void *ctx, 489c2c66affSColin Finck unsigned char *buf, 490c2c66affSColin Finck size_t len, 491c2c66affSColin Finck uint32_t timeout ); 492c2c66affSColin Finck /** 493c2c66affSColin Finck * \brief Callback type: set a pair of timers/delays to watch 494c2c66affSColin Finck * 495c2c66affSColin Finck * \param ctx Context pointer 496c2c66affSColin Finck * \param int_ms Intermediate delay in milliseconds 497c2c66affSColin Finck * \param fin_ms Final delay in milliseconds 498c2c66affSColin Finck * 0 cancels the current timer. 499c2c66affSColin Finck * 500c2c66affSColin Finck * \note This callback must at least store the necessary information 501c2c66affSColin Finck * for the associated \c mbedtls_ssl_get_timer_t callback to 502c2c66affSColin Finck * return correct information. 503c2c66affSColin Finck * 504c2c66affSColin Finck * \note If using a event-driven style of programming, an event must 505c2c66affSColin Finck * be generated when the final delay is passed. The event must 506c2c66affSColin Finck * cause a call to \c mbedtls_ssl_handshake() with the proper 507c2c66affSColin Finck * SSL context to be scheduled. Care must be taken to ensure 508c2c66affSColin Finck * that at most one such call happens at a time. 509c2c66affSColin Finck * 510c2c66affSColin Finck * \note Only one timer at a time must be running. Calling this 511c2c66affSColin Finck * function while a timer is running must cancel it. Cancelled 512c2c66affSColin Finck * timers must not generate any event. 513c2c66affSColin Finck */ 514c2c66affSColin Finck typedef void mbedtls_ssl_set_timer_t( void * ctx, 515c2c66affSColin Finck uint32_t int_ms, 516c2c66affSColin Finck uint32_t fin_ms ); 517c2c66affSColin Finck 518c2c66affSColin Finck /** 519c2c66affSColin Finck * \brief Callback type: get status of timers/delays 520c2c66affSColin Finck * 521c2c66affSColin Finck * \param ctx Context pointer 522c2c66affSColin Finck * 523c2c66affSColin Finck * \return This callback must return: 524c2c66affSColin Finck * -1 if cancelled (fin_ms == 0), 525c2c66affSColin Finck * 0 if none of the delays have passed, 526c2c66affSColin Finck * 1 if only the intermediate delay has passed, 527c2c66affSColin Finck * 2 if the final delay has passed. 528c2c66affSColin Finck */ 529c2c66affSColin Finck typedef int mbedtls_ssl_get_timer_t( void * ctx ); 530c2c66affSColin Finck 531c2c66affSColin Finck 532c2c66affSColin Finck /* Defined below */ 533c2c66affSColin Finck typedef struct mbedtls_ssl_session mbedtls_ssl_session; 534c2c66affSColin Finck typedef struct mbedtls_ssl_context mbedtls_ssl_context; 535c2c66affSColin Finck typedef struct mbedtls_ssl_config mbedtls_ssl_config; 536c2c66affSColin Finck 537c2c66affSColin Finck /* Defined in ssl_internal.h */ 538c2c66affSColin Finck typedef struct mbedtls_ssl_transform mbedtls_ssl_transform; 539c2c66affSColin Finck typedef struct mbedtls_ssl_handshake_params mbedtls_ssl_handshake_params; 540c2c66affSColin Finck typedef struct mbedtls_ssl_sig_hash_set_t mbedtls_ssl_sig_hash_set_t; 541c2c66affSColin Finck #if defined(MBEDTLS_X509_CRT_PARSE_C) 542c2c66affSColin Finck typedef struct mbedtls_ssl_key_cert mbedtls_ssl_key_cert; 543c2c66affSColin Finck #endif 544c2c66affSColin Finck #if defined(MBEDTLS_SSL_PROTO_DTLS) 545c2c66affSColin Finck typedef struct mbedtls_ssl_flight_item mbedtls_ssl_flight_item; 546c2c66affSColin Finck #endif 547c2c66affSColin Finck 548c2c66affSColin Finck /* 549c2c66affSColin Finck * This structure is used for storing current session data. 550c2c66affSColin Finck */ 551c2c66affSColin Finck struct mbedtls_ssl_session 552c2c66affSColin Finck { 553c2c66affSColin Finck #if defined(MBEDTLS_HAVE_TIME) 554c2c66affSColin Finck mbedtls_time_t start; /*!< starting time */ 555c2c66affSColin Finck #endif 556c2c66affSColin Finck int ciphersuite; /*!< chosen ciphersuite */ 557c2c66affSColin Finck int compression; /*!< chosen compression */ 558c2c66affSColin Finck size_t id_len; /*!< session id length */ 559c2c66affSColin Finck unsigned char id[32]; /*!< session identifier */ 560c2c66affSColin Finck unsigned char master[48]; /*!< the master secret */ 561c2c66affSColin Finck 562c2c66affSColin Finck #if defined(MBEDTLS_X509_CRT_PARSE_C) 563c2c66affSColin Finck mbedtls_x509_crt *peer_cert; /*!< peer X.509 cert chain */ 564c2c66affSColin Finck #endif /* MBEDTLS_X509_CRT_PARSE_C */ 565c2c66affSColin Finck uint32_t verify_result; /*!< verification result */ 566c2c66affSColin Finck 567c2c66affSColin Finck #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) 568c2c66affSColin Finck unsigned char *ticket; /*!< RFC 5077 session ticket */ 569c2c66affSColin Finck size_t ticket_len; /*!< session ticket length */ 570c2c66affSColin Finck uint32_t ticket_lifetime; /*!< ticket lifetime hint */ 571c2c66affSColin Finck #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */ 572c2c66affSColin Finck 573c2c66affSColin Finck #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) 574c2c66affSColin Finck unsigned char mfl_code; /*!< MaxFragmentLength negotiated by peer */ 575c2c66affSColin Finck #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ 576c2c66affSColin Finck 577c2c66affSColin Finck #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) 578c2c66affSColin Finck int trunc_hmac; /*!< flag for truncated hmac activation */ 579c2c66affSColin Finck #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ 580c2c66affSColin Finck 581c2c66affSColin Finck #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) 582c2c66affSColin Finck int encrypt_then_mac; /*!< flag for EtM activation */ 583c2c66affSColin Finck #endif 584c2c66affSColin Finck }; 585c2c66affSColin Finck 586c2c66affSColin Finck /** 587c2c66affSColin Finck * SSL/TLS configuration to be shared between mbedtls_ssl_context structures. 588c2c66affSColin Finck */ 589c2c66affSColin Finck struct mbedtls_ssl_config 590c2c66affSColin Finck { 591c2c66affSColin Finck /* Group items by size (largest first) to minimize padding overhead */ 592c2c66affSColin Finck 593c2c66affSColin Finck /* 594c2c66affSColin Finck * Pointers 595c2c66affSColin Finck */ 596c2c66affSColin Finck 597c2c66affSColin Finck const int *ciphersuite_list[4]; /*!< allowed ciphersuites per version */ 598c2c66affSColin Finck 599c2c66affSColin Finck /** Callback for printing debug output */ 600c2c66affSColin Finck void (*f_dbg)(void *, int, const char *, int, const char *); 601c2c66affSColin Finck void *p_dbg; /*!< context for the debug function */ 602c2c66affSColin Finck 603c2c66affSColin Finck /** Callback for getting (pseudo-)random numbers */ 604c2c66affSColin Finck int (*f_rng)(void *, unsigned char *, size_t); 605c2c66affSColin Finck void *p_rng; /*!< context for the RNG function */ 606c2c66affSColin Finck 607c2c66affSColin Finck /** Callback to retrieve a session from the cache */ 608c2c66affSColin Finck int (*f_get_cache)(void *, mbedtls_ssl_session *); 609c2c66affSColin Finck /** Callback to store a session into the cache */ 610c2c66affSColin Finck int (*f_set_cache)(void *, const mbedtls_ssl_session *); 611c2c66affSColin Finck void *p_cache; /*!< context for cache callbacks */ 612c2c66affSColin Finck 613c2c66affSColin Finck #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) 614c2c66affSColin Finck /** Callback for setting cert according to SNI extension */ 615c2c66affSColin Finck int (*f_sni)(void *, mbedtls_ssl_context *, const unsigned char *, size_t); 616c2c66affSColin Finck void *p_sni; /*!< context for SNI callback */ 617c2c66affSColin Finck #endif 618c2c66affSColin Finck 619c2c66affSColin Finck #if defined(MBEDTLS_X509_CRT_PARSE_C) 620c2c66affSColin Finck /** Callback to customize X.509 certificate chain verification */ 621c2c66affSColin Finck int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *); 622c2c66affSColin Finck void *p_vrfy; /*!< context for X.509 verify calllback */ 623c2c66affSColin Finck #endif 624c2c66affSColin Finck 625c2c66affSColin Finck #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) 626c2c66affSColin Finck /** Callback to retrieve PSK key from identity */ 627c2c66affSColin Finck int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *, size_t); 628c2c66affSColin Finck void *p_psk; /*!< context for PSK callback */ 629c2c66affSColin Finck #endif 630c2c66affSColin Finck 631c2c66affSColin Finck #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C) 632c2c66affSColin Finck /** Callback to create & write a cookie for ClientHello veirifcation */ 633c2c66affSColin Finck int (*f_cookie_write)( void *, unsigned char **, unsigned char *, 634c2c66affSColin Finck const unsigned char *, size_t ); 635c2c66affSColin Finck /** Callback to verify validity of a ClientHello cookie */ 636c2c66affSColin Finck int (*f_cookie_check)( void *, const unsigned char *, size_t, 637c2c66affSColin Finck const unsigned char *, size_t ); 638c2c66affSColin Finck void *p_cookie; /*!< context for the cookie callbacks */ 639c2c66affSColin Finck #endif 640c2c66affSColin Finck 641c2c66affSColin Finck #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_SRV_C) 642c2c66affSColin Finck /** Callback to create & write a session ticket */ 643c2c66affSColin Finck int (*f_ticket_write)( void *, const mbedtls_ssl_session *, 644c2c66affSColin Finck unsigned char *, const unsigned char *, size_t *, uint32_t * ); 645c2c66affSColin Finck /** Callback to parse a session ticket into a session structure */ 646c2c66affSColin Finck int (*f_ticket_parse)( void *, mbedtls_ssl_session *, unsigned char *, size_t); 647c2c66affSColin Finck void *p_ticket; /*!< context for the ticket callbacks */ 648c2c66affSColin Finck #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_SRV_C */ 649c2c66affSColin Finck 650c2c66affSColin Finck #if defined(MBEDTLS_SSL_EXPORT_KEYS) 651c2c66affSColin Finck /** Callback to export key block and master secret */ 652c2c66affSColin Finck int (*f_export_keys)( void *, const unsigned char *, 653c2c66affSColin Finck const unsigned char *, size_t, size_t, size_t ); 654c2c66affSColin Finck void *p_export_keys; /*!< context for key export callback */ 655c2c66affSColin Finck #endif 656c2c66affSColin Finck 657c2c66affSColin Finck #if defined(MBEDTLS_X509_CRT_PARSE_C) 658c2c66affSColin Finck const mbedtls_x509_crt_profile *cert_profile; /*!< verification profile */ 659c2c66affSColin Finck mbedtls_ssl_key_cert *key_cert; /*!< own certificate/key pair(s) */ 660c2c66affSColin Finck mbedtls_x509_crt *ca_chain; /*!< trusted CAs */ 661c2c66affSColin Finck mbedtls_x509_crl *ca_crl; /*!< trusted CAs CRLs */ 662c2c66affSColin Finck #endif /* MBEDTLS_X509_CRT_PARSE_C */ 663c2c66affSColin Finck 664c2c66affSColin Finck #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) 665c2c66affSColin Finck const int *sig_hashes; /*!< allowed signature hashes */ 666c2c66affSColin Finck #endif 667c2c66affSColin Finck 668c2c66affSColin Finck #if defined(MBEDTLS_ECP_C) 669c2c66affSColin Finck const mbedtls_ecp_group_id *curve_list; /*!< allowed curves */ 670c2c66affSColin Finck #endif 671c2c66affSColin Finck 672c2c66affSColin Finck #if defined(MBEDTLS_DHM_C) 673c2c66affSColin Finck mbedtls_mpi dhm_P; /*!< prime modulus for DHM */ 674c2c66affSColin Finck mbedtls_mpi dhm_G; /*!< generator for DHM */ 675c2c66affSColin Finck #endif 676c2c66affSColin Finck 677c2c66affSColin Finck #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) 678c2c66affSColin Finck unsigned char *psk; /*!< pre-shared key */ 679c2c66affSColin Finck size_t psk_len; /*!< length of the pre-shared key */ 680c2c66affSColin Finck unsigned char *psk_identity; /*!< identity for PSK negotiation */ 681c2c66affSColin Finck size_t psk_identity_len;/*!< length of identity */ 682c2c66affSColin Finck #endif 683c2c66affSColin Finck 684c2c66affSColin Finck #if defined(MBEDTLS_SSL_ALPN) 685c2c66affSColin Finck const char **alpn_list; /*!< ordered list of protocols */ 686c2c66affSColin Finck #endif 687c2c66affSColin Finck 688c2c66affSColin Finck /* 689c2c66affSColin Finck * Numerical settings (int then char) 690c2c66affSColin Finck */ 691c2c66affSColin Finck 692c2c66affSColin Finck uint32_t read_timeout; /*!< timeout for mbedtls_ssl_read (ms) */ 693c2c66affSColin Finck 694c2c66affSColin Finck #if defined(MBEDTLS_SSL_PROTO_DTLS) 695c2c66affSColin Finck uint32_t hs_timeout_min; /*!< initial value of the handshake 696c2c66affSColin Finck retransmission timeout (ms) */ 697c2c66affSColin Finck uint32_t hs_timeout_max; /*!< maximum value of the handshake 698c2c66affSColin Finck retransmission timeout (ms) */ 699c2c66affSColin Finck #endif 700c2c66affSColin Finck 701c2c66affSColin Finck #if defined(MBEDTLS_SSL_RENEGOTIATION) 702c2c66affSColin Finck int renego_max_records; /*!< grace period for renegotiation */ 703c2c66affSColin Finck unsigned char renego_period[8]; /*!< value of the record counters 704c2c66affSColin Finck that triggers renegotiation */ 705c2c66affSColin Finck #endif 706c2c66affSColin Finck 707c2c66affSColin Finck #if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT) 708c2c66affSColin Finck unsigned int badmac_limit; /*!< limit of records with a bad MAC */ 709c2c66affSColin Finck #endif 710c2c66affSColin Finck 711c2c66affSColin Finck #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C) 712c2c66affSColin Finck unsigned int dhm_min_bitlen; /*!< min. bit length of the DHM prime */ 713c2c66affSColin Finck #endif 714c2c66affSColin Finck 715c2c66affSColin Finck unsigned char max_major_ver; /*!< max. major version used */ 716c2c66affSColin Finck unsigned char max_minor_ver; /*!< max. minor version used */ 717c2c66affSColin Finck unsigned char min_major_ver; /*!< min. major version used */ 718c2c66affSColin Finck unsigned char min_minor_ver; /*!< min. minor version used */ 719c2c66affSColin Finck 720c2c66affSColin Finck /* 721c2c66affSColin Finck * Flags (bitfields) 722c2c66affSColin Finck */ 723c2c66affSColin Finck 724c2c66affSColin Finck unsigned int endpoint : 1; /*!< 0: client, 1: server */ 725c2c66affSColin Finck unsigned int transport : 1; /*!< stream (TLS) or datagram (DTLS) */ 726c2c66affSColin Finck unsigned int authmode : 2; /*!< MBEDTLS_SSL_VERIFY_XXX */ 727c2c66affSColin Finck /* needed even with renego disabled for LEGACY_BREAK_HANDSHAKE */ 728c2c66affSColin Finck unsigned int allow_legacy_renegotiation : 2 ; /*!< MBEDTLS_LEGACY_XXX */ 729c2c66affSColin Finck #if defined(MBEDTLS_ARC4_C) 730c2c66affSColin Finck unsigned int arc4_disabled : 1; /*!< blacklist RC4 ciphersuites? */ 731c2c66affSColin Finck #endif 732c2c66affSColin Finck #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) 733c2c66affSColin Finck unsigned int mfl_code : 3; /*!< desired fragment length */ 734c2c66affSColin Finck #endif 735c2c66affSColin Finck #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) 736c2c66affSColin Finck unsigned int encrypt_then_mac : 1 ; /*!< negotiate encrypt-then-mac? */ 737c2c66affSColin Finck #endif 738c2c66affSColin Finck #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) 739c2c66affSColin Finck unsigned int extended_ms : 1; /*!< negotiate extended master secret? */ 740c2c66affSColin Finck #endif 741c2c66affSColin Finck #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) 742c2c66affSColin Finck unsigned int anti_replay : 1; /*!< detect and prevent replay? */ 743c2c66affSColin Finck #endif 744c2c66affSColin Finck #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) 745c2c66affSColin Finck unsigned int cbc_record_splitting : 1; /*!< do cbc record splitting */ 746c2c66affSColin Finck #endif 747c2c66affSColin Finck #if defined(MBEDTLS_SSL_RENEGOTIATION) 748c2c66affSColin Finck unsigned int disable_renegotiation : 1; /*!< disable renegotiation? */ 749c2c66affSColin Finck #endif 750c2c66affSColin Finck #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) 751c2c66affSColin Finck unsigned int trunc_hmac : 1; /*!< negotiate truncated hmac? */ 752c2c66affSColin Finck #endif 753c2c66affSColin Finck #if defined(MBEDTLS_SSL_SESSION_TICKETS) 754c2c66affSColin Finck unsigned int session_tickets : 1; /*!< use session tickets? */ 755c2c66affSColin Finck #endif 756c2c66affSColin Finck #if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C) 757c2c66affSColin Finck unsigned int fallback : 1; /*!< is this a fallback? */ 758c2c66affSColin Finck #endif 759c2c66affSColin Finck #if defined(MBEDTLS_SSL_SRV_C) 760c2c66affSColin Finck unsigned int cert_req_ca_list : 1; /*!< enable sending CA list in 761c2c66affSColin Finck Certificate Request messages? */ 762c2c66affSColin Finck #endif 763c2c66affSColin Finck }; 764c2c66affSColin Finck 765c2c66affSColin Finck 766c2c66affSColin Finck struct mbedtls_ssl_context 767c2c66affSColin Finck { 768c2c66affSColin Finck const mbedtls_ssl_config *conf; /*!< configuration information */ 769c2c66affSColin Finck 770c2c66affSColin Finck /* 771c2c66affSColin Finck * Miscellaneous 772c2c66affSColin Finck */ 773c2c66affSColin Finck int state; /*!< SSL handshake: current state */ 774c2c66affSColin Finck #if defined(MBEDTLS_SSL_RENEGOTIATION) 775c2c66affSColin Finck int renego_status; /*!< Initial, in progress, pending? */ 776c2c66affSColin Finck int renego_records_seen; /*!< Records since renego request, or with DTLS, 777c2c66affSColin Finck number of retransmissions of request if 778c2c66affSColin Finck renego_max_records is < 0 */ 779c2c66affSColin Finck #endif 780c2c66affSColin Finck 781c2c66affSColin Finck int major_ver; /*!< equal to MBEDTLS_SSL_MAJOR_VERSION_3 */ 782c2c66affSColin Finck int minor_ver; /*!< either 0 (SSL3) or 1 (TLS1.0) */ 783c2c66affSColin Finck 784c2c66affSColin Finck #if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT) 785c2c66affSColin Finck unsigned badmac_seen; /*!< records with a bad MAC received */ 786c2c66affSColin Finck #endif 787c2c66affSColin Finck 788c2c66affSColin Finck mbedtls_ssl_send_t *f_send; /*!< Callback for network send */ 789c2c66affSColin Finck mbedtls_ssl_recv_t *f_recv; /*!< Callback for network receive */ 790c2c66affSColin Finck mbedtls_ssl_recv_timeout_t *f_recv_timeout; 791c2c66affSColin Finck /*!< Callback for network receive with timeout */ 792c2c66affSColin Finck 793c2c66affSColin Finck void *p_bio; /*!< context for I/O operations */ 794c2c66affSColin Finck 795c2c66affSColin Finck /* 796c2c66affSColin Finck * Session layer 797c2c66affSColin Finck */ 798c2c66affSColin Finck mbedtls_ssl_session *session_in; /*!< current session data (in) */ 799c2c66affSColin Finck mbedtls_ssl_session *session_out; /*!< current session data (out) */ 800c2c66affSColin Finck mbedtls_ssl_session *session; /*!< negotiated session data */ 801c2c66affSColin Finck mbedtls_ssl_session *session_negotiate; /*!< session data in negotiation */ 802c2c66affSColin Finck 803c2c66affSColin Finck mbedtls_ssl_handshake_params *handshake; /*!< params required only during 804c2c66affSColin Finck the handshake process */ 805c2c66affSColin Finck 806c2c66affSColin Finck /* 807c2c66affSColin Finck * Record layer transformations 808c2c66affSColin Finck */ 809c2c66affSColin Finck mbedtls_ssl_transform *transform_in; /*!< current transform params (in) */ 810c2c66affSColin Finck mbedtls_ssl_transform *transform_out; /*!< current transform params (in) */ 811c2c66affSColin Finck mbedtls_ssl_transform *transform; /*!< negotiated transform params */ 812c2c66affSColin Finck mbedtls_ssl_transform *transform_negotiate; /*!< transform params in negotiation */ 813c2c66affSColin Finck 814c2c66affSColin Finck /* 815c2c66affSColin Finck * Timers 816c2c66affSColin Finck */ 817c2c66affSColin Finck void *p_timer; /*!< context for the timer callbacks */ 818c2c66affSColin Finck 819c2c66affSColin Finck mbedtls_ssl_set_timer_t *f_set_timer; /*!< set timer callback */ 820c2c66affSColin Finck mbedtls_ssl_get_timer_t *f_get_timer; /*!< get timer callback */ 821c2c66affSColin Finck 822c2c66affSColin Finck /* 823c2c66affSColin Finck * Record layer (incoming data) 824c2c66affSColin Finck */ 825c2c66affSColin Finck unsigned char *in_buf; /*!< input buffer */ 826c2c66affSColin Finck unsigned char *in_ctr; /*!< 64-bit incoming message counter 827c2c66affSColin Finck TLS: maintained by us 828c2c66affSColin Finck DTLS: read from peer */ 829c2c66affSColin Finck unsigned char *in_hdr; /*!< start of record header */ 830c2c66affSColin Finck unsigned char *in_len; /*!< two-bytes message length field */ 831c2c66affSColin Finck unsigned char *in_iv; /*!< ivlen-byte IV */ 832c2c66affSColin Finck unsigned char *in_msg; /*!< message contents (in_iv+ivlen) */ 833c2c66affSColin Finck unsigned char *in_offt; /*!< read offset in application data */ 834c2c66affSColin Finck 835c2c66affSColin Finck int in_msgtype; /*!< record header: message type */ 836c2c66affSColin Finck size_t in_msglen; /*!< record header: message length */ 837c2c66affSColin Finck size_t in_left; /*!< amount of data read so far */ 838c2c66affSColin Finck #if defined(MBEDTLS_SSL_PROTO_DTLS) 839c2c66affSColin Finck uint16_t in_epoch; /*!< DTLS epoch for incoming records */ 840c2c66affSColin Finck size_t next_record_offset; /*!< offset of the next record in datagram 841c2c66affSColin Finck (equal to in_left if none) */ 842c2c66affSColin Finck #endif 843c2c66affSColin Finck #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) 844c2c66affSColin Finck uint64_t in_window_top; /*!< last validated record seq_num */ 845c2c66affSColin Finck uint64_t in_window; /*!< bitmask for replay detection */ 846c2c66affSColin Finck #endif 847c2c66affSColin Finck 848c2c66affSColin Finck size_t in_hslen; /*!< current handshake message length, 849c2c66affSColin Finck including the handshake header */ 850c2c66affSColin Finck int nb_zero; /*!< # of 0-length encrypted messages */ 851c2c66affSColin Finck 852c2c66affSColin Finck int keep_current_message; /*!< drop or reuse current message 853c2c66affSColin Finck on next call to record layer? */ 854c2c66affSColin Finck 855c2c66affSColin Finck /* 856c2c66affSColin Finck * Record layer (outgoing data) 857c2c66affSColin Finck */ 858c2c66affSColin Finck unsigned char *out_buf; /*!< output buffer */ 859c2c66affSColin Finck unsigned char *out_ctr; /*!< 64-bit outgoing message counter */ 860c2c66affSColin Finck unsigned char *out_hdr; /*!< start of record header */ 861c2c66affSColin Finck unsigned char *out_len; /*!< two-bytes message length field */ 862c2c66affSColin Finck unsigned char *out_iv; /*!< ivlen-byte IV */ 863c2c66affSColin Finck unsigned char *out_msg; /*!< message contents (out_iv+ivlen) */ 864c2c66affSColin Finck 865c2c66affSColin Finck int out_msgtype; /*!< record header: message type */ 866c2c66affSColin Finck size_t out_msglen; /*!< record header: message length */ 867c2c66affSColin Finck size_t out_left; /*!< amount of data not yet written */ 868c2c66affSColin Finck 869c2c66affSColin Finck #if defined(MBEDTLS_ZLIB_SUPPORT) 870c2c66affSColin Finck unsigned char *compress_buf; /*!< zlib data buffer */ 871c2c66affSColin Finck #endif 872c2c66affSColin Finck #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) 873c2c66affSColin Finck signed char split_done; /*!< current record already splitted? */ 874c2c66affSColin Finck #endif 875c2c66affSColin Finck 876c2c66affSColin Finck /* 877c2c66affSColin Finck * PKI layer 878c2c66affSColin Finck */ 879c2c66affSColin Finck int client_auth; /*!< flag for client auth. */ 880c2c66affSColin Finck 881c2c66affSColin Finck /* 882c2c66affSColin Finck * User settings 883c2c66affSColin Finck */ 884c2c66affSColin Finck #if defined(MBEDTLS_X509_CRT_PARSE_C) 885c2c66affSColin Finck char *hostname; /*!< expected peer CN for verification 886c2c66affSColin Finck (and SNI if available) */ 887c2c66affSColin Finck #endif 888c2c66affSColin Finck 889c2c66affSColin Finck #if defined(MBEDTLS_SSL_ALPN) 890c2c66affSColin Finck const char *alpn_chosen; /*!< negotiated protocol */ 891c2c66affSColin Finck #endif 892c2c66affSColin Finck 893c2c66affSColin Finck /* 894c2c66affSColin Finck * Information for DTLS hello verify 895c2c66affSColin Finck */ 896c2c66affSColin Finck #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C) 897c2c66affSColin Finck unsigned char *cli_id; /*!< transport-level ID of the client */ 898c2c66affSColin Finck size_t cli_id_len; /*!< length of cli_id */ 899c2c66affSColin Finck #endif 900c2c66affSColin Finck 901c2c66affSColin Finck /* 902c2c66affSColin Finck * Secure renegotiation 903c2c66affSColin Finck */ 904c2c66affSColin Finck /* needed to know when to send extension on server */ 905c2c66affSColin Finck int secure_renegotiation; /*!< does peer support legacy or 906c2c66affSColin Finck secure renegotiation */ 907c2c66affSColin Finck #if defined(MBEDTLS_SSL_RENEGOTIATION) 908c2c66affSColin Finck size_t verify_data_len; /*!< length of verify data stored */ 909c2c66affSColin Finck char own_verify_data[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!< previous handshake verify data */ 910c2c66affSColin Finck char peer_verify_data[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!< previous handshake verify data */ 911c2c66affSColin Finck #endif 912c2c66affSColin Finck }; 913c2c66affSColin Finck 914c2c66affSColin Finck #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) 915c2c66affSColin Finck 916c2c66affSColin Finck #define MBEDTLS_SSL_CHANNEL_OUTBOUND 0 917c2c66affSColin Finck #define MBEDTLS_SSL_CHANNEL_INBOUND 1 918c2c66affSColin Finck 919c2c66affSColin Finck extern int (*mbedtls_ssl_hw_record_init)(mbedtls_ssl_context *ssl, 920c2c66affSColin Finck const unsigned char *key_enc, const unsigned char *key_dec, 921c2c66affSColin Finck size_t keylen, 922c2c66affSColin Finck const unsigned char *iv_enc, const unsigned char *iv_dec, 923c2c66affSColin Finck size_t ivlen, 924c2c66affSColin Finck const unsigned char *mac_enc, const unsigned char *mac_dec, 925c2c66affSColin Finck size_t maclen); 926c2c66affSColin Finck extern int (*mbedtls_ssl_hw_record_activate)(mbedtls_ssl_context *ssl, int direction); 927c2c66affSColin Finck extern int (*mbedtls_ssl_hw_record_reset)(mbedtls_ssl_context *ssl); 928c2c66affSColin Finck extern int (*mbedtls_ssl_hw_record_write)(mbedtls_ssl_context *ssl); 929c2c66affSColin Finck extern int (*mbedtls_ssl_hw_record_read)(mbedtls_ssl_context *ssl); 930c2c66affSColin Finck extern int (*mbedtls_ssl_hw_record_finish)(mbedtls_ssl_context *ssl); 931c2c66affSColin Finck #endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */ 932c2c66affSColin Finck 933c2c66affSColin Finck /** 934c2c66affSColin Finck * \brief Return the name of the ciphersuite associated with the 935c2c66affSColin Finck * given ID 936c2c66affSColin Finck * 937c2c66affSColin Finck * \param ciphersuite_id SSL ciphersuite ID 938c2c66affSColin Finck * 939c2c66affSColin Finck * \return a string containing the ciphersuite name 940c2c66affSColin Finck */ 941c2c66affSColin Finck const char *mbedtls_ssl_get_ciphersuite_name( const int ciphersuite_id ); 942c2c66affSColin Finck 943c2c66affSColin Finck /** 944c2c66affSColin Finck * \brief Return the ID of the ciphersuite associated with the 945c2c66affSColin Finck * given name 946c2c66affSColin Finck * 947c2c66affSColin Finck * \param ciphersuite_name SSL ciphersuite name 948c2c66affSColin Finck * 949c2c66affSColin Finck * \return the ID with the ciphersuite or 0 if not found 950c2c66affSColin Finck */ 951c2c66affSColin Finck int mbedtls_ssl_get_ciphersuite_id( const char *ciphersuite_name ); 952c2c66affSColin Finck 953c2c66affSColin Finck /** 954c2c66affSColin Finck * \brief Initialize an SSL context 955c2c66affSColin Finck * Just makes the context ready for mbedtls_ssl_setup() or 956c2c66affSColin Finck * mbedtls_ssl_free() 957c2c66affSColin Finck * 958c2c66affSColin Finck * \param ssl SSL context 959c2c66affSColin Finck */ 960c2c66affSColin Finck void mbedtls_ssl_init( mbedtls_ssl_context *ssl ); 961c2c66affSColin Finck 962c2c66affSColin Finck /** 963c2c66affSColin Finck * \brief Set up an SSL context for use 964c2c66affSColin Finck * 965c2c66affSColin Finck * \note No copy of the configuration context is made, it can be 966c2c66affSColin Finck * shared by many mbedtls_ssl_context structures. 967c2c66affSColin Finck * 968*d9e6c9b5SThomas Faber * \warning The conf structure will be accessed during the session. 969*d9e6c9b5SThomas Faber * It must not be modified or freed as long as the session 970*d9e6c9b5SThomas Faber * is active. 971*d9e6c9b5SThomas Faber * 972*d9e6c9b5SThomas Faber * \warning This function must be called exactly once per context. 973*d9e6c9b5SThomas Faber * Calling mbedtls_ssl_setup again is not supported, even 974*d9e6c9b5SThomas Faber * if no session is active. 975c2c66affSColin Finck * 976c2c66affSColin Finck * \param ssl SSL context 977c2c66affSColin Finck * \param conf SSL configuration to use 978c2c66affSColin Finck * 979c2c66affSColin Finck * \return 0 if successful, or MBEDTLS_ERR_SSL_ALLOC_FAILED if 980c2c66affSColin Finck * memory allocation failed 981c2c66affSColin Finck */ 982c2c66affSColin Finck int mbedtls_ssl_setup( mbedtls_ssl_context *ssl, 983c2c66affSColin Finck const mbedtls_ssl_config *conf ); 984c2c66affSColin Finck 985c2c66affSColin Finck /** 986c2c66affSColin Finck * \brief Reset an already initialized SSL context for re-use 987c2c66affSColin Finck * while retaining application-set variables, function 988c2c66affSColin Finck * pointers and data. 989c2c66affSColin Finck * 990c2c66affSColin Finck * \param ssl SSL context 991c2c66affSColin Finck * \return 0 if successful, or MBEDTLS_ERR_SSL_ALLOC_FAILED, 992c2c66affSColin Finck MBEDTLS_ERR_SSL_HW_ACCEL_FAILED or 993c2c66affSColin Finck * MBEDTLS_ERR_SSL_COMPRESSION_FAILED 994c2c66affSColin Finck */ 995c2c66affSColin Finck int mbedtls_ssl_session_reset( mbedtls_ssl_context *ssl ); 996c2c66affSColin Finck 997c2c66affSColin Finck /** 998c2c66affSColin Finck * \brief Set the current endpoint type 999c2c66affSColin Finck * 1000c2c66affSColin Finck * \param conf SSL configuration 1001c2c66affSColin Finck * \param endpoint must be MBEDTLS_SSL_IS_CLIENT or MBEDTLS_SSL_IS_SERVER 1002c2c66affSColin Finck */ 1003c2c66affSColin Finck void mbedtls_ssl_conf_endpoint( mbedtls_ssl_config *conf, int endpoint ); 1004c2c66affSColin Finck 1005c2c66affSColin Finck /** 1006c2c66affSColin Finck * \brief Set the transport type (TLS or DTLS). 1007c2c66affSColin Finck * Default: TLS 1008c2c66affSColin Finck * 1009c2c66affSColin Finck * \note For DTLS, you must either provide a recv callback that 1010c2c66affSColin Finck * doesn't block, or one that handles timeouts, see 1011c2c66affSColin Finck * \c mbedtls_ssl_set_bio(). You also need to provide timer 1012c2c66affSColin Finck * callbacks with \c mbedtls_ssl_set_timer_cb(). 1013c2c66affSColin Finck * 1014c2c66affSColin Finck * \param conf SSL configuration 1015c2c66affSColin Finck * \param transport transport type: 1016c2c66affSColin Finck * MBEDTLS_SSL_TRANSPORT_STREAM for TLS, 1017c2c66affSColin Finck * MBEDTLS_SSL_TRANSPORT_DATAGRAM for DTLS. 1018c2c66affSColin Finck */ 1019c2c66affSColin Finck void mbedtls_ssl_conf_transport( mbedtls_ssl_config *conf, int transport ); 1020c2c66affSColin Finck 1021c2c66affSColin Finck /** 1022c2c66affSColin Finck * \brief Set the certificate verification mode 1023c2c66affSColin Finck * Default: NONE on server, REQUIRED on client 1024c2c66affSColin Finck * 1025c2c66affSColin Finck * \param conf SSL configuration 1026c2c66affSColin Finck * \param authmode can be: 1027c2c66affSColin Finck * 1028c2c66affSColin Finck * MBEDTLS_SSL_VERIFY_NONE: peer certificate is not checked 1029c2c66affSColin Finck * (default on server) 1030c2c66affSColin Finck * (insecure on client) 1031c2c66affSColin Finck * 1032c2c66affSColin Finck * MBEDTLS_SSL_VERIFY_OPTIONAL: peer certificate is checked, however the 1033c2c66affSColin Finck * handshake continues even if verification failed; 1034c2c66affSColin Finck * mbedtls_ssl_get_verify_result() can be called after the 1035c2c66affSColin Finck * handshake is complete. 1036c2c66affSColin Finck * 1037c2c66affSColin Finck * MBEDTLS_SSL_VERIFY_REQUIRED: peer *must* present a valid certificate, 1038c2c66affSColin Finck * handshake is aborted if verification failed. 1039c2c66affSColin Finck * (default on client) 1040c2c66affSColin Finck * 1041c2c66affSColin Finck * \note On client, MBEDTLS_SSL_VERIFY_REQUIRED is the recommended mode. 1042c2c66affSColin Finck * With MBEDTLS_SSL_VERIFY_OPTIONAL, the user needs to call mbedtls_ssl_get_verify_result() at 1043c2c66affSColin Finck * the right time(s), which may not be obvious, while REQUIRED always perform 1044c2c66affSColin Finck * the verification as soon as possible. For example, REQUIRED was protecting 1045c2c66affSColin Finck * against the "triple handshake" attack even before it was found. 1046c2c66affSColin Finck */ 1047c2c66affSColin Finck void mbedtls_ssl_conf_authmode( mbedtls_ssl_config *conf, int authmode ); 1048c2c66affSColin Finck 1049c2c66affSColin Finck #if defined(MBEDTLS_X509_CRT_PARSE_C) 1050c2c66affSColin Finck /** 1051c2c66affSColin Finck * \brief Set the verification callback (Optional). 1052c2c66affSColin Finck * 1053c2c66affSColin Finck * If set, the verify callback is called for each 1054c2c66affSColin Finck * certificate in the chain. For implementation 1055c2c66affSColin Finck * information, please see \c mbedtls_x509_crt_verify() 1056c2c66affSColin Finck * 1057c2c66affSColin Finck * \param conf SSL configuration 1058c2c66affSColin Finck * \param f_vrfy verification function 1059c2c66affSColin Finck * \param p_vrfy verification parameter 1060c2c66affSColin Finck */ 1061c2c66affSColin Finck void mbedtls_ssl_conf_verify( mbedtls_ssl_config *conf, 1062c2c66affSColin Finck int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), 1063c2c66affSColin Finck void *p_vrfy ); 1064c2c66affSColin Finck #endif /* MBEDTLS_X509_CRT_PARSE_C */ 1065c2c66affSColin Finck 1066c2c66affSColin Finck /** 1067c2c66affSColin Finck * \brief Set the random number generator callback 1068c2c66affSColin Finck * 1069c2c66affSColin Finck * \param conf SSL configuration 1070c2c66affSColin Finck * \param f_rng RNG function 1071c2c66affSColin Finck * \param p_rng RNG parameter 1072c2c66affSColin Finck */ 1073c2c66affSColin Finck void mbedtls_ssl_conf_rng( mbedtls_ssl_config *conf, 1074c2c66affSColin Finck int (*f_rng)(void *, unsigned char *, size_t), 1075c2c66affSColin Finck void *p_rng ); 1076c2c66affSColin Finck 1077c2c66affSColin Finck /** 1078c2c66affSColin Finck * \brief Set the debug callback 1079c2c66affSColin Finck * 1080c2c66affSColin Finck * The callback has the following argument: 1081c2c66affSColin Finck * void * opaque context for the callback 1082c2c66affSColin Finck * int debug level 1083c2c66affSColin Finck * const char * file name 1084c2c66affSColin Finck * int line number 1085c2c66affSColin Finck * const char * message 1086c2c66affSColin Finck * 1087c2c66affSColin Finck * \param conf SSL configuration 1088c2c66affSColin Finck * \param f_dbg debug function 1089c2c66affSColin Finck * \param p_dbg debug parameter 1090c2c66affSColin Finck */ 1091c2c66affSColin Finck void mbedtls_ssl_conf_dbg( mbedtls_ssl_config *conf, 1092c2c66affSColin Finck void (*f_dbg)(void *, int, const char *, int, const char *), 1093c2c66affSColin Finck void *p_dbg ); 1094c2c66affSColin Finck 1095c2c66affSColin Finck /** 1096c2c66affSColin Finck * \brief Set the underlying BIO callbacks for write, read and 1097c2c66affSColin Finck * read-with-timeout. 1098c2c66affSColin Finck * 1099c2c66affSColin Finck * \param ssl SSL context 1100c2c66affSColin Finck * \param p_bio parameter (context) shared by BIO callbacks 1101c2c66affSColin Finck * \param f_send write callback 1102c2c66affSColin Finck * \param f_recv read callback 1103c2c66affSColin Finck * \param f_recv_timeout blocking read callback with timeout. 1104c2c66affSColin Finck * 1105c2c66affSColin Finck * \note One of f_recv or f_recv_timeout can be NULL, in which case 1106c2c66affSColin Finck * the other is used. If both are non-NULL, f_recv_timeout is 1107c2c66affSColin Finck * used and f_recv is ignored (as if it were NULL). 1108c2c66affSColin Finck * 1109c2c66affSColin Finck * \note The two most common use cases are: 1110c2c66affSColin Finck * - non-blocking I/O, f_recv != NULL, f_recv_timeout == NULL 1111c2c66affSColin Finck * - blocking I/O, f_recv == NULL, f_recv_timout != NULL 1112c2c66affSColin Finck * 1113c2c66affSColin Finck * \note For DTLS, you need to provide either a non-NULL 1114c2c66affSColin Finck * f_recv_timeout callback, or a f_recv that doesn't block. 1115c2c66affSColin Finck * 1116c2c66affSColin Finck * \note See the documentations of \c mbedtls_ssl_sent_t, 1117c2c66affSColin Finck * \c mbedtls_ssl_recv_t and \c mbedtls_ssl_recv_timeout_t for 1118c2c66affSColin Finck * the conventions those callbacks must follow. 1119c2c66affSColin Finck * 1120c2c66affSColin Finck * \note On some platforms, net_sockets.c provides 1121c2c66affSColin Finck * \c mbedtls_net_send(), \c mbedtls_net_recv() and 1122c2c66affSColin Finck * \c mbedtls_net_recv_timeout() that are suitable to be used 1123c2c66affSColin Finck * here. 1124c2c66affSColin Finck */ 1125c2c66affSColin Finck void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl, 1126c2c66affSColin Finck void *p_bio, 1127c2c66affSColin Finck mbedtls_ssl_send_t *f_send, 1128c2c66affSColin Finck mbedtls_ssl_recv_t *f_recv, 1129c2c66affSColin Finck mbedtls_ssl_recv_timeout_t *f_recv_timeout ); 1130c2c66affSColin Finck 1131c2c66affSColin Finck /** 1132c2c66affSColin Finck * \brief Set the timeout period for mbedtls_ssl_read() 1133c2c66affSColin Finck * (Default: no timeout.) 1134c2c66affSColin Finck * 1135c2c66affSColin Finck * \param conf SSL configuration context 1136c2c66affSColin Finck * \param timeout Timeout value in milliseconds. 1137c2c66affSColin Finck * Use 0 for no timeout (default). 1138c2c66affSColin Finck * 1139c2c66affSColin Finck * \note With blocking I/O, this will only work if a non-NULL 1140c2c66affSColin Finck * \c f_recv_timeout was set with \c mbedtls_ssl_set_bio(). 1141c2c66affSColin Finck * With non-blocking I/O, this will only work if timer 1142c2c66affSColin Finck * callbacks were set with \c mbedtls_ssl_set_timer_cb(). 1143c2c66affSColin Finck * 1144c2c66affSColin Finck * \note With non-blocking I/O, you may also skip this function 1145c2c66affSColin Finck * altogether and handle timeouts at the application layer. 1146c2c66affSColin Finck */ 1147c2c66affSColin Finck void mbedtls_ssl_conf_read_timeout( mbedtls_ssl_config *conf, uint32_t timeout ); 1148c2c66affSColin Finck 1149c2c66affSColin Finck /** 1150c2c66affSColin Finck * \brief Set the timer callbacks (Mandatory for DTLS.) 1151c2c66affSColin Finck * 1152c2c66affSColin Finck * \param ssl SSL context 1153c2c66affSColin Finck * \param p_timer parameter (context) shared by timer callbacks 1154c2c66affSColin Finck * \param f_set_timer set timer callback 1155c2c66affSColin Finck * \param f_get_timer get timer callback. Must return: 1156c2c66affSColin Finck * 1157c2c66affSColin Finck * \note See the documentation of \c mbedtls_ssl_set_timer_t and 1158c2c66affSColin Finck * \c mbedtls_ssl_get_timer_t for the conventions this pair of 1159c2c66affSColin Finck * callbacks must follow. 1160c2c66affSColin Finck * 1161c2c66affSColin Finck * \note On some platforms, timing.c provides 1162c2c66affSColin Finck * \c mbedtls_timing_set_delay() and 1163c2c66affSColin Finck * \c mbedtls_timing_get_delay() that are suitable for using 1164c2c66affSColin Finck * here, except if using an event-driven style. 1165c2c66affSColin Finck * 1166c2c66affSColin Finck * \note See also the "DTLS tutorial" article in our knowledge base. 1167c2c66affSColin Finck * https://tls.mbed.org/kb/how-to/dtls-tutorial 1168c2c66affSColin Finck */ 1169c2c66affSColin Finck void mbedtls_ssl_set_timer_cb( mbedtls_ssl_context *ssl, 1170c2c66affSColin Finck void *p_timer, 1171c2c66affSColin Finck mbedtls_ssl_set_timer_t *f_set_timer, 1172c2c66affSColin Finck mbedtls_ssl_get_timer_t *f_get_timer ); 1173c2c66affSColin Finck 1174c2c66affSColin Finck /** 1175c2c66affSColin Finck * \brief Callback type: generate and write session ticket 1176c2c66affSColin Finck * 1177c2c66affSColin Finck * \note This describes what a callback implementation should do. 1178c2c66affSColin Finck * This callback should generate an encrypted and 1179c2c66affSColin Finck * authenticated ticket for the session and write it to the 1180c2c66affSColin Finck * output buffer. Here, ticket means the opaque ticket part 1181c2c66affSColin Finck * of the NewSessionTicket structure of RFC 5077. 1182c2c66affSColin Finck * 1183c2c66affSColin Finck * \param p_ticket Context for the callback 1184c2c66affSColin Finck * \param session SSL session to be written in the ticket 1185c2c66affSColin Finck * \param start Start of the output buffer 1186c2c66affSColin Finck * \param end End of the output buffer 1187c2c66affSColin Finck * \param tlen On exit, holds the length written 1188c2c66affSColin Finck * \param lifetime On exit, holds the lifetime of the ticket in seconds 1189c2c66affSColin Finck * 1190c2c66affSColin Finck * \return 0 if successful, or 1191c2c66affSColin Finck * a specific MBEDTLS_ERR_XXX code. 1192c2c66affSColin Finck */ 1193c2c66affSColin Finck typedef int mbedtls_ssl_ticket_write_t( void *p_ticket, 1194c2c66affSColin Finck const mbedtls_ssl_session *session, 1195c2c66affSColin Finck unsigned char *start, 1196c2c66affSColin Finck const unsigned char *end, 1197c2c66affSColin Finck size_t *tlen, 1198c2c66affSColin Finck uint32_t *lifetime ); 1199c2c66affSColin Finck 1200c2c66affSColin Finck #if defined(MBEDTLS_SSL_EXPORT_KEYS) 1201c2c66affSColin Finck /** 1202c2c66affSColin Finck * \brief Callback type: Export key block and master secret 1203c2c66affSColin Finck * 1204c2c66affSColin Finck * \note This is required for certain uses of TLS, e.g. EAP-TLS 1205c2c66affSColin Finck * (RFC 5216) and Thread. The key pointers are ephemeral and 1206c2c66affSColin Finck * therefore must not be stored. The master secret and keys 1207c2c66affSColin Finck * should not be used directly except as an input to a key 1208c2c66affSColin Finck * derivation function. 1209c2c66affSColin Finck * 1210c2c66affSColin Finck * \param p_expkey Context for the callback 1211c2c66affSColin Finck * \param ms Pointer to master secret (fixed length: 48 bytes) 1212c2c66affSColin Finck * \param kb Pointer to key block, see RFC 5246 section 6.3 1213c2c66affSColin Finck * (variable length: 2 * maclen + 2 * keylen + 2 * ivlen). 1214c2c66affSColin Finck * \param maclen MAC length 1215c2c66affSColin Finck * \param keylen Key length 1216c2c66affSColin Finck * \param ivlen IV length 1217c2c66affSColin Finck * 1218c2c66affSColin Finck * \return 0 if successful, or 1219c2c66affSColin Finck * a specific MBEDTLS_ERR_XXX code. 1220c2c66affSColin Finck */ 1221c2c66affSColin Finck typedef int mbedtls_ssl_export_keys_t( void *p_expkey, 1222c2c66affSColin Finck const unsigned char *ms, 1223c2c66affSColin Finck const unsigned char *kb, 1224c2c66affSColin Finck size_t maclen, 1225c2c66affSColin Finck size_t keylen, 1226c2c66affSColin Finck size_t ivlen ); 1227c2c66affSColin Finck #endif /* MBEDTLS_SSL_EXPORT_KEYS */ 1228c2c66affSColin Finck 1229c2c66affSColin Finck /** 1230c2c66affSColin Finck * \brief Callback type: parse and load session ticket 1231c2c66affSColin Finck * 1232c2c66affSColin Finck * \note This describes what a callback implementation should do. 1233c2c66affSColin Finck * This callback should parse a session ticket as generated 1234c2c66affSColin Finck * by the corresponding mbedtls_ssl_ticket_write_t function, 1235c2c66affSColin Finck * and, if the ticket is authentic and valid, load the 1236c2c66affSColin Finck * session. 1237c2c66affSColin Finck * 1238c2c66affSColin Finck * \note The implementation is allowed to modify the first len 1239c2c66affSColin Finck * bytes of the input buffer, eg to use it as a temporary 1240c2c66affSColin Finck * area for the decrypted ticket contents. 1241c2c66affSColin Finck * 1242c2c66affSColin Finck * \param p_ticket Context for the callback 1243c2c66affSColin Finck * \param session SSL session to be loaded 1244c2c66affSColin Finck * \param buf Start of the buffer containing the ticket 1245c2c66affSColin Finck * \param len Length of the ticket. 1246c2c66affSColin Finck * 1247c2c66affSColin Finck * \return 0 if successful, or 1248c2c66affSColin Finck * MBEDTLS_ERR_SSL_INVALID_MAC if not authentic, or 1249c2c66affSColin Finck * MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED if expired, or 1250c2c66affSColin Finck * any other non-zero code for other failures. 1251c2c66affSColin Finck */ 1252c2c66affSColin Finck typedef int mbedtls_ssl_ticket_parse_t( void *p_ticket, 1253c2c66affSColin Finck mbedtls_ssl_session *session, 1254c2c66affSColin Finck unsigned char *buf, 1255c2c66affSColin Finck size_t len ); 1256c2c66affSColin Finck 1257c2c66affSColin Finck #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_SRV_C) 1258c2c66affSColin Finck /** 1259c2c66affSColin Finck * \brief Configure SSL session ticket callbacks (server only). 1260c2c66affSColin Finck * (Default: none.) 1261c2c66affSColin Finck * 1262c2c66affSColin Finck * \note On server, session tickets are enabled by providing 1263c2c66affSColin Finck * non-NULL callbacks. 1264c2c66affSColin Finck * 1265c2c66affSColin Finck * \note On client, use \c mbedtls_ssl_conf_session_tickets(). 1266c2c66affSColin Finck * 1267c2c66affSColin Finck * \param conf SSL configuration context 1268c2c66affSColin Finck * \param f_ticket_write Callback for writing a ticket 1269c2c66affSColin Finck * \param f_ticket_parse Callback for parsing a ticket 1270c2c66affSColin Finck * \param p_ticket Context shared by the two callbacks 1271c2c66affSColin Finck */ 1272c2c66affSColin Finck void mbedtls_ssl_conf_session_tickets_cb( mbedtls_ssl_config *conf, 1273c2c66affSColin Finck mbedtls_ssl_ticket_write_t *f_ticket_write, 1274c2c66affSColin Finck mbedtls_ssl_ticket_parse_t *f_ticket_parse, 1275c2c66affSColin Finck void *p_ticket ); 1276c2c66affSColin Finck #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_SRV_C */ 1277c2c66affSColin Finck 1278c2c66affSColin Finck #if defined(MBEDTLS_SSL_EXPORT_KEYS) 1279c2c66affSColin Finck /** 1280c2c66affSColin Finck * \brief Configure key export callback. 1281c2c66affSColin Finck * (Default: none.) 1282c2c66affSColin Finck * 1283c2c66affSColin Finck * \note See \c mbedtls_ssl_export_keys_t. 1284c2c66affSColin Finck * 1285c2c66affSColin Finck * \param conf SSL configuration context 1286c2c66affSColin Finck * \param f_export_keys Callback for exporting keys 1287c2c66affSColin Finck * \param p_export_keys Context for the callback 1288c2c66affSColin Finck */ 1289c2c66affSColin Finck void mbedtls_ssl_conf_export_keys_cb( mbedtls_ssl_config *conf, 1290c2c66affSColin Finck mbedtls_ssl_export_keys_t *f_export_keys, 1291c2c66affSColin Finck void *p_export_keys ); 1292c2c66affSColin Finck #endif /* MBEDTLS_SSL_EXPORT_KEYS */ 1293c2c66affSColin Finck 1294c2c66affSColin Finck /** 1295c2c66affSColin Finck * \brief Callback type: generate a cookie 1296c2c66affSColin Finck * 1297c2c66affSColin Finck * \param ctx Context for the callback 1298c2c66affSColin Finck * \param p Buffer to write to, 1299c2c66affSColin Finck * must be updated to point right after the cookie 1300c2c66affSColin Finck * \param end Pointer to one past the end of the output buffer 1301c2c66affSColin Finck * \param info Client ID info that was passed to 1302c2c66affSColin Finck * \c mbedtls_ssl_set_client_transport_id() 1303c2c66affSColin Finck * \param ilen Length of info in bytes 1304c2c66affSColin Finck * 1305c2c66affSColin Finck * \return The callback must return 0 on success, 1306c2c66affSColin Finck * or a negative error code. 1307c2c66affSColin Finck */ 1308c2c66affSColin Finck typedef int mbedtls_ssl_cookie_write_t( void *ctx, 1309c2c66affSColin Finck unsigned char **p, unsigned char *end, 1310c2c66affSColin Finck const unsigned char *info, size_t ilen ); 1311c2c66affSColin Finck 1312c2c66affSColin Finck /** 1313c2c66affSColin Finck * \brief Callback type: verify a cookie 1314c2c66affSColin Finck * 1315c2c66affSColin Finck * \param ctx Context for the callback 1316c2c66affSColin Finck * \param cookie Cookie to verify 1317c2c66affSColin Finck * \param clen Length of cookie 1318c2c66affSColin Finck * \param info Client ID info that was passed to 1319c2c66affSColin Finck * \c mbedtls_ssl_set_client_transport_id() 1320c2c66affSColin Finck * \param ilen Length of info in bytes 1321c2c66affSColin Finck * 1322c2c66affSColin Finck * \return The callback must return 0 if cookie is valid, 1323c2c66affSColin Finck * or a negative error code. 1324c2c66affSColin Finck */ 1325c2c66affSColin Finck typedef int mbedtls_ssl_cookie_check_t( void *ctx, 1326c2c66affSColin Finck const unsigned char *cookie, size_t clen, 1327c2c66affSColin Finck const unsigned char *info, size_t ilen ); 1328c2c66affSColin Finck 1329c2c66affSColin Finck #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C) 1330c2c66affSColin Finck /** 1331c2c66affSColin Finck * \brief Register callbacks for DTLS cookies 1332c2c66affSColin Finck * (Server only. DTLS only.) 1333c2c66affSColin Finck * 1334c2c66affSColin Finck * Default: dummy callbacks that fail, in order to force you to 1335c2c66affSColin Finck * register working callbacks (and initialize their context). 1336c2c66affSColin Finck * 1337c2c66affSColin Finck * To disable HelloVerifyRequest, register NULL callbacks. 1338c2c66affSColin Finck * 1339c2c66affSColin Finck * \warning Disabling hello verification allows your server to be used 1340c2c66affSColin Finck * for amplification in DoS attacks against other hosts. 1341c2c66affSColin Finck * Only disable if you known this can't happen in your 1342c2c66affSColin Finck * particular environment. 1343c2c66affSColin Finck * 1344c2c66affSColin Finck * \note See comments on \c mbedtls_ssl_handshake() about handling 1345c2c66affSColin Finck * the MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED that is expected 1346c2c66affSColin Finck * on the first handshake attempt when this is enabled. 1347c2c66affSColin Finck * 1348c2c66affSColin Finck * \note This is also necessary to handle client reconnection from 1349c2c66affSColin Finck * the same port as described in RFC 6347 section 4.2.8 (only 1350c2c66affSColin Finck * the variant with cookies is supported currently). See 1351c2c66affSColin Finck * comments on \c mbedtls_ssl_read() for details. 1352c2c66affSColin Finck * 1353c2c66affSColin Finck * \param conf SSL configuration 1354c2c66affSColin Finck * \param f_cookie_write Cookie write callback 1355c2c66affSColin Finck * \param f_cookie_check Cookie check callback 1356c2c66affSColin Finck * \param p_cookie Context for both callbacks 1357c2c66affSColin Finck */ 1358c2c66affSColin Finck void mbedtls_ssl_conf_dtls_cookies( mbedtls_ssl_config *conf, 1359c2c66affSColin Finck mbedtls_ssl_cookie_write_t *f_cookie_write, 1360c2c66affSColin Finck mbedtls_ssl_cookie_check_t *f_cookie_check, 1361c2c66affSColin Finck void *p_cookie ); 1362c2c66affSColin Finck 1363c2c66affSColin Finck /** 1364c2c66affSColin Finck * \brief Set client's transport-level identification info. 1365c2c66affSColin Finck * (Server only. DTLS only.) 1366c2c66affSColin Finck * 1367c2c66affSColin Finck * This is usually the IP address (and port), but could be 1368c2c66affSColin Finck * anything identify the client depending on the underlying 1369c2c66affSColin Finck * network stack. Used for HelloVerifyRequest with DTLS. 1370c2c66affSColin Finck * This is *not* used to route the actual packets. 1371c2c66affSColin Finck * 1372c2c66affSColin Finck * \param ssl SSL context 1373c2c66affSColin Finck * \param info Transport-level info identifying the client (eg IP + port) 1374c2c66affSColin Finck * \param ilen Length of info in bytes 1375c2c66affSColin Finck * 1376c2c66affSColin Finck * \note An internal copy is made, so the info buffer can be reused. 1377c2c66affSColin Finck * 1378c2c66affSColin Finck * \return 0 on success, 1379c2c66affSColin Finck * MBEDTLS_ERR_SSL_BAD_INPUT_DATA if used on client, 1380c2c66affSColin Finck * MBEDTLS_ERR_SSL_ALLOC_FAILED if out of memory. 1381c2c66affSColin Finck */ 1382c2c66affSColin Finck int mbedtls_ssl_set_client_transport_id( mbedtls_ssl_context *ssl, 1383c2c66affSColin Finck const unsigned char *info, 1384c2c66affSColin Finck size_t ilen ); 1385c2c66affSColin Finck 1386c2c66affSColin Finck #endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY && MBEDTLS_SSL_SRV_C */ 1387c2c66affSColin Finck 1388c2c66affSColin Finck #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) 1389c2c66affSColin Finck /** 1390c2c66affSColin Finck * \brief Enable or disable anti-replay protection for DTLS. 1391c2c66affSColin Finck * (DTLS only, no effect on TLS.) 1392c2c66affSColin Finck * Default: enabled. 1393c2c66affSColin Finck * 1394c2c66affSColin Finck * \param conf SSL configuration 1395c2c66affSColin Finck * \param mode MBEDTLS_SSL_ANTI_REPLAY_ENABLED or MBEDTLS_SSL_ANTI_REPLAY_DISABLED. 1396c2c66affSColin Finck * 1397c2c66affSColin Finck * \warning Disabling this is a security risk unless the application 1398c2c66affSColin Finck * protocol handles duplicated packets in a safe way. You 1399c2c66affSColin Finck * should not disable this without careful consideration. 1400c2c66affSColin Finck * However, if your application already detects duplicated 1401c2c66affSColin Finck * packets and needs information about them to adjust its 1402c2c66affSColin Finck * transmission strategy, then you'll want to disable this. 1403c2c66affSColin Finck */ 1404c2c66affSColin Finck void mbedtls_ssl_conf_dtls_anti_replay( mbedtls_ssl_config *conf, char mode ); 1405c2c66affSColin Finck #endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */ 1406c2c66affSColin Finck 1407c2c66affSColin Finck #if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT) 1408c2c66affSColin Finck /** 1409c2c66affSColin Finck * \brief Set a limit on the number of records with a bad MAC 1410c2c66affSColin Finck * before terminating the connection. 1411c2c66affSColin Finck * (DTLS only, no effect on TLS.) 1412c2c66affSColin Finck * Default: 0 (disabled). 1413c2c66affSColin Finck * 1414c2c66affSColin Finck * \param conf SSL configuration 1415c2c66affSColin Finck * \param limit Limit, or 0 to disable. 1416c2c66affSColin Finck * 1417c2c66affSColin Finck * \note If the limit is N, then the connection is terminated when 1418c2c66affSColin Finck * the Nth non-authentic record is seen. 1419c2c66affSColin Finck * 1420c2c66affSColin Finck * \note Records with an invalid header are not counted, only the 1421c2c66affSColin Finck * ones going through the authentication-decryption phase. 1422c2c66affSColin Finck * 1423c2c66affSColin Finck * \note This is a security trade-off related to the fact that it's 1424c2c66affSColin Finck * often relatively easy for an active attacker ot inject UDP 1425c2c66affSColin Finck * datagrams. On one hand, setting a low limit here makes it 1426c2c66affSColin Finck * easier for such an attacker to forcibly terminated a 1427c2c66affSColin Finck * connection. On the other hand, a high limit or no limit 1428c2c66affSColin Finck * might make us waste resources checking authentication on 1429c2c66affSColin Finck * many bogus packets. 1430c2c66affSColin Finck */ 1431c2c66affSColin Finck void mbedtls_ssl_conf_dtls_badmac_limit( mbedtls_ssl_config *conf, unsigned limit ); 1432c2c66affSColin Finck #endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */ 1433c2c66affSColin Finck 1434c2c66affSColin Finck #if defined(MBEDTLS_SSL_PROTO_DTLS) 1435c2c66affSColin Finck /** 1436c2c66affSColin Finck * \brief Set retransmit timeout values for the DTLS handshake. 1437c2c66affSColin Finck * (DTLS only, no effect on TLS.) 1438c2c66affSColin Finck * 1439c2c66affSColin Finck * \param conf SSL configuration 1440c2c66affSColin Finck * \param min Initial timeout value in milliseconds. 1441c2c66affSColin Finck * Default: 1000 (1 second). 1442c2c66affSColin Finck * \param max Maximum timeout value in milliseconds. 1443c2c66affSColin Finck * Default: 60000 (60 seconds). 1444c2c66affSColin Finck * 1445c2c66affSColin Finck * \note Default values are from RFC 6347 section 4.2.4.1. 1446c2c66affSColin Finck * 1447c2c66affSColin Finck * \note The 'min' value should typically be slightly above the 1448c2c66affSColin Finck * expected round-trip time to your peer, plus whatever time 1449c2c66affSColin Finck * it takes for the peer to process the message. For example, 1450c2c66affSColin Finck * if your RTT is about 600ms and you peer needs up to 1s to 1451c2c66affSColin Finck * do the cryptographic operations in the handshake, then you 1452c2c66affSColin Finck * should set 'min' slightly above 1600. Lower values of 'min' 1453c2c66affSColin Finck * might cause spurious resends which waste network resources, 1454c2c66affSColin Finck * while larger value of 'min' will increase overall latency 1455c2c66affSColin Finck * on unreliable network links. 1456c2c66affSColin Finck * 1457c2c66affSColin Finck * \note The more unreliable your network connection is, the larger 1458c2c66affSColin Finck * your max / min ratio needs to be in order to achieve 1459c2c66affSColin Finck * reliable handshakes. 1460c2c66affSColin Finck * 1461c2c66affSColin Finck * \note Messages are retransmitted up to log2(ceil(max/min)) times. 1462c2c66affSColin Finck * For example, if min = 1s and max = 5s, the retransmit plan 1463c2c66affSColin Finck * goes: send ... 1s -> resend ... 2s -> resend ... 4s -> 1464c2c66affSColin Finck * resend ... 5s -> give up and return a timeout error. 1465c2c66affSColin Finck */ 1466c2c66affSColin Finck void mbedtls_ssl_conf_handshake_timeout( mbedtls_ssl_config *conf, uint32_t min, uint32_t max ); 1467c2c66affSColin Finck #endif /* MBEDTLS_SSL_PROTO_DTLS */ 1468c2c66affSColin Finck 1469c2c66affSColin Finck #if defined(MBEDTLS_SSL_SRV_C) 1470c2c66affSColin Finck /** 1471c2c66affSColin Finck * \brief Set the session cache callbacks (server-side only) 1472c2c66affSColin Finck * If not set, no session resuming is done (except if session 1473c2c66affSColin Finck * tickets are enabled too). 1474c2c66affSColin Finck * 1475c2c66affSColin Finck * The session cache has the responsibility to check for stale 1476c2c66affSColin Finck * entries based on timeout. See RFC 5246 for recommendations. 1477c2c66affSColin Finck * 1478c2c66affSColin Finck * Warning: session.peer_cert is cleared by the SSL/TLS layer on 1479c2c66affSColin Finck * connection shutdown, so do not cache the pointer! Either set 1480c2c66affSColin Finck * it to NULL or make a full copy of the certificate. 1481c2c66affSColin Finck * 1482c2c66affSColin Finck * The get callback is called once during the initial handshake 1483c2c66affSColin Finck * to enable session resuming. The get function has the 1484c2c66affSColin Finck * following parameters: (void *parameter, mbedtls_ssl_session *session) 1485c2c66affSColin Finck * If a valid entry is found, it should fill the master of 1486c2c66affSColin Finck * the session object with the cached values and return 0, 1487c2c66affSColin Finck * return 1 otherwise. Optionally peer_cert can be set as well 1488c2c66affSColin Finck * if it is properly present in cache entry. 1489c2c66affSColin Finck * 1490c2c66affSColin Finck * The set callback is called once during the initial handshake 1491c2c66affSColin Finck * to enable session resuming after the entire handshake has 1492c2c66affSColin Finck * been finished. The set function has the following parameters: 1493c2c66affSColin Finck * (void *parameter, const mbedtls_ssl_session *session). The function 1494c2c66affSColin Finck * should create a cache entry for future retrieval based on 1495c2c66affSColin Finck * the data in the session structure and should keep in mind 1496c2c66affSColin Finck * that the mbedtls_ssl_session object presented (and all its referenced 1497c2c66affSColin Finck * data) is cleared by the SSL/TLS layer when the connection is 1498c2c66affSColin Finck * terminated. It is recommended to add metadata to determine if 1499c2c66affSColin Finck * an entry is still valid in the future. Return 0 if 1500c2c66affSColin Finck * successfully cached, return 1 otherwise. 1501c2c66affSColin Finck * 1502c2c66affSColin Finck * \param conf SSL configuration 1503c2c66affSColin Finck * \param p_cache parmater (context) for both callbacks 1504c2c66affSColin Finck * \param f_get_cache session get callback 1505c2c66affSColin Finck * \param f_set_cache session set callback 1506c2c66affSColin Finck */ 1507c2c66affSColin Finck void mbedtls_ssl_conf_session_cache( mbedtls_ssl_config *conf, 1508c2c66affSColin Finck void *p_cache, 1509c2c66affSColin Finck int (*f_get_cache)(void *, mbedtls_ssl_session *), 1510c2c66affSColin Finck int (*f_set_cache)(void *, const mbedtls_ssl_session *) ); 1511c2c66affSColin Finck #endif /* MBEDTLS_SSL_SRV_C */ 1512c2c66affSColin Finck 1513c2c66affSColin Finck #if defined(MBEDTLS_SSL_CLI_C) 1514c2c66affSColin Finck /** 1515c2c66affSColin Finck * \brief Request resumption of session (client-side only) 1516c2c66affSColin Finck * Session data is copied from presented session structure. 1517c2c66affSColin Finck * 1518c2c66affSColin Finck * \param ssl SSL context 1519c2c66affSColin Finck * \param session session context 1520c2c66affSColin Finck * 1521c2c66affSColin Finck * \return 0 if successful, 1522c2c66affSColin Finck * MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed, 1523c2c66affSColin Finck * MBEDTLS_ERR_SSL_BAD_INPUT_DATA if used server-side or 1524c2c66affSColin Finck * arguments are otherwise invalid 1525c2c66affSColin Finck * 1526c2c66affSColin Finck * \sa mbedtls_ssl_get_session() 1527c2c66affSColin Finck */ 1528c2c66affSColin Finck int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session *session ); 1529c2c66affSColin Finck #endif /* MBEDTLS_SSL_CLI_C */ 1530c2c66affSColin Finck 1531c2c66affSColin Finck /** 1532c2c66affSColin Finck * \brief Set the list of allowed ciphersuites and the preference 1533c2c66affSColin Finck * order. First in the list has the highest preference. 1534c2c66affSColin Finck * (Overrides all version-specific lists) 1535c2c66affSColin Finck * 1536c2c66affSColin Finck * The ciphersuites array is not copied, and must remain 1537c2c66affSColin Finck * valid for the lifetime of the ssl_config. 1538c2c66affSColin Finck * 1539c2c66affSColin Finck * Note: The server uses its own preferences 1540c2c66affSColin Finck * over the preference of the client unless 1541c2c66affSColin Finck * MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE is defined! 1542c2c66affSColin Finck * 1543c2c66affSColin Finck * \param conf SSL configuration 1544c2c66affSColin Finck * \param ciphersuites 0-terminated list of allowed ciphersuites 1545c2c66affSColin Finck */ 1546c2c66affSColin Finck void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf, 1547c2c66affSColin Finck const int *ciphersuites ); 1548c2c66affSColin Finck 1549c2c66affSColin Finck /** 1550c2c66affSColin Finck * \brief Set the list of allowed ciphersuites and the 1551c2c66affSColin Finck * preference order for a specific version of the protocol. 1552c2c66affSColin Finck * (Only useful on the server side) 1553c2c66affSColin Finck * 1554c2c66affSColin Finck * The ciphersuites array is not copied, and must remain 1555c2c66affSColin Finck * valid for the lifetime of the ssl_config. 1556c2c66affSColin Finck * 1557c2c66affSColin Finck * \param conf SSL configuration 1558c2c66affSColin Finck * \param ciphersuites 0-terminated list of allowed ciphersuites 1559c2c66affSColin Finck * \param major Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3 1560c2c66affSColin Finck * supported) 1561c2c66affSColin Finck * \param minor Minor version number (MBEDTLS_SSL_MINOR_VERSION_0, 1562c2c66affSColin Finck * MBEDTLS_SSL_MINOR_VERSION_1 and MBEDTLS_SSL_MINOR_VERSION_2, 1563c2c66affSColin Finck * MBEDTLS_SSL_MINOR_VERSION_3 supported) 1564c2c66affSColin Finck * 1565c2c66affSColin Finck * \note With DTLS, use MBEDTLS_SSL_MINOR_VERSION_2 for DTLS 1.0 1566c2c66affSColin Finck * and MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2 1567c2c66affSColin Finck */ 1568c2c66affSColin Finck void mbedtls_ssl_conf_ciphersuites_for_version( mbedtls_ssl_config *conf, 1569c2c66affSColin Finck const int *ciphersuites, 1570c2c66affSColin Finck int major, int minor ); 1571c2c66affSColin Finck 1572c2c66affSColin Finck #if defined(MBEDTLS_X509_CRT_PARSE_C) 1573c2c66affSColin Finck /** 1574c2c66affSColin Finck * \brief Set the X.509 security profile used for verification 1575c2c66affSColin Finck * 1576c2c66affSColin Finck * \note The restrictions are enforced for all certificates in the 1577c2c66affSColin Finck * chain. However, signatures in the handshake are not covered 1578c2c66affSColin Finck * by this setting but by \b mbedtls_ssl_conf_sig_hashes(). 1579c2c66affSColin Finck * 1580c2c66affSColin Finck * \param conf SSL configuration 1581c2c66affSColin Finck * \param profile Profile to use 1582c2c66affSColin Finck */ 1583c2c66affSColin Finck void mbedtls_ssl_conf_cert_profile( mbedtls_ssl_config *conf, 1584c2c66affSColin Finck const mbedtls_x509_crt_profile *profile ); 1585c2c66affSColin Finck 1586c2c66affSColin Finck /** 1587c2c66affSColin Finck * \brief Set the data required to verify peer certificate 1588c2c66affSColin Finck * 1589*d9e6c9b5SThomas Faber * \note See \c mbedtls_x509_crt_verify() for notes regarding the 1590*d9e6c9b5SThomas Faber * parameters ca_chain (maps to trust_ca for that function) 1591*d9e6c9b5SThomas Faber * and ca_crl. 1592*d9e6c9b5SThomas Faber * 1593c2c66affSColin Finck * \param conf SSL configuration 1594c2c66affSColin Finck * \param ca_chain trusted CA chain (meaning all fully trusted top-level CAs) 1595c2c66affSColin Finck * \param ca_crl trusted CA CRLs 1596c2c66affSColin Finck */ 1597c2c66affSColin Finck void mbedtls_ssl_conf_ca_chain( mbedtls_ssl_config *conf, 1598c2c66affSColin Finck mbedtls_x509_crt *ca_chain, 1599c2c66affSColin Finck mbedtls_x509_crl *ca_crl ); 1600c2c66affSColin Finck 1601c2c66affSColin Finck /** 1602c2c66affSColin Finck * \brief Set own certificate chain and private key 1603c2c66affSColin Finck * 1604c2c66affSColin Finck * \note own_cert should contain in order from the bottom up your 1605c2c66affSColin Finck * certificate chain. The top certificate (self-signed) 1606c2c66affSColin Finck * can be omitted. 1607c2c66affSColin Finck * 1608c2c66affSColin Finck * \note On server, this function can be called multiple times to 1609c2c66affSColin Finck * provision more than one cert/key pair (eg one ECDSA, one 1610c2c66affSColin Finck * RSA with SHA-256, one RSA with SHA-1). An adequate 1611c2c66affSColin Finck * certificate will be selected according to the client's 1612c2c66affSColin Finck * advertised capabilities. In case mutliple certificates are 1613c2c66affSColin Finck * adequate, preference is given to the one set by the first 1614c2c66affSColin Finck * call to this function, then second, etc. 1615c2c66affSColin Finck * 1616c2c66affSColin Finck * \note On client, only the first call has any effect. That is, 1617c2c66affSColin Finck * only one client certificate can be provisioned. The 1618c2c66affSColin Finck * server's preferences in its CertficateRequest message will 1619c2c66affSColin Finck * be ignored and our only cert will be sent regardless of 1620c2c66affSColin Finck * whether it matches those preferences - the server can then 1621c2c66affSColin Finck * decide what it wants to do with it. 1622c2c66affSColin Finck * 1623c2c66affSColin Finck * \param conf SSL configuration 1624c2c66affSColin Finck * \param own_cert own public certificate chain 1625c2c66affSColin Finck * \param pk_key own private key 1626c2c66affSColin Finck * 1627c2c66affSColin Finck * \return 0 on success or MBEDTLS_ERR_SSL_ALLOC_FAILED 1628c2c66affSColin Finck */ 1629c2c66affSColin Finck int mbedtls_ssl_conf_own_cert( mbedtls_ssl_config *conf, 1630c2c66affSColin Finck mbedtls_x509_crt *own_cert, 1631c2c66affSColin Finck mbedtls_pk_context *pk_key ); 1632c2c66affSColin Finck #endif /* MBEDTLS_X509_CRT_PARSE_C */ 1633c2c66affSColin Finck 1634c2c66affSColin Finck #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) 1635c2c66affSColin Finck /** 1636c2c66affSColin Finck * \brief Set the Pre Shared Key (PSK) and the expected identity name 1637c2c66affSColin Finck * 1638c2c66affSColin Finck * \note This is mainly useful for clients. Servers will usually 1639c2c66affSColin Finck * want to use \c mbedtls_ssl_conf_psk_cb() instead. 1640c2c66affSColin Finck * 1641c2c66affSColin Finck * \note Currently clients can only register one pre-shared key. 1642c2c66affSColin Finck * In other words, the servers' identity hint is ignored. 1643c2c66affSColin Finck * Support for setting multiple PSKs on clients and selecting 1644c2c66affSColin Finck * one based on the identity hint is not a planned feature but 1645c2c66affSColin Finck * feedback is welcomed. 1646c2c66affSColin Finck * 1647c2c66affSColin Finck * \param conf SSL configuration 1648c2c66affSColin Finck * \param psk pointer to the pre-shared key 1649c2c66affSColin Finck * \param psk_len pre-shared key length 1650c2c66affSColin Finck * \param psk_identity pointer to the pre-shared key identity 1651c2c66affSColin Finck * \param psk_identity_len identity key length 1652c2c66affSColin Finck * 1653c2c66affSColin Finck * \return 0 if successful or MBEDTLS_ERR_SSL_ALLOC_FAILED 1654c2c66affSColin Finck */ 1655c2c66affSColin Finck int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf, 1656c2c66affSColin Finck const unsigned char *psk, size_t psk_len, 1657c2c66affSColin Finck const unsigned char *psk_identity, size_t psk_identity_len ); 1658c2c66affSColin Finck 1659c2c66affSColin Finck 1660c2c66affSColin Finck /** 1661c2c66affSColin Finck * \brief Set the Pre Shared Key (PSK) for the current handshake 1662c2c66affSColin Finck * 1663c2c66affSColin Finck * \note This should only be called inside the PSK callback, 1664c2c66affSColin Finck * ie the function passed to \c mbedtls_ssl_conf_psk_cb(). 1665c2c66affSColin Finck * 1666c2c66affSColin Finck * \param ssl SSL context 1667c2c66affSColin Finck * \param psk pointer to the pre-shared key 1668c2c66affSColin Finck * \param psk_len pre-shared key length 1669c2c66affSColin Finck * 1670c2c66affSColin Finck * \return 0 if successful or MBEDTLS_ERR_SSL_ALLOC_FAILED 1671c2c66affSColin Finck */ 1672c2c66affSColin Finck int mbedtls_ssl_set_hs_psk( mbedtls_ssl_context *ssl, 1673c2c66affSColin Finck const unsigned char *psk, size_t psk_len ); 1674c2c66affSColin Finck 1675c2c66affSColin Finck /** 1676c2c66affSColin Finck * \brief Set the PSK callback (server-side only). 1677c2c66affSColin Finck * 1678c2c66affSColin Finck * If set, the PSK callback is called for each 1679c2c66affSColin Finck * handshake where a PSK ciphersuite was negotiated. 1680c2c66affSColin Finck * The caller provides the identity received and wants to 1681c2c66affSColin Finck * receive the actual PSK data and length. 1682c2c66affSColin Finck * 1683c2c66affSColin Finck * The callback has the following parameters: (void *parameter, 1684c2c66affSColin Finck * mbedtls_ssl_context *ssl, const unsigned char *psk_identity, 1685c2c66affSColin Finck * size_t identity_len) 1686c2c66affSColin Finck * If a valid PSK identity is found, the callback should use 1687c2c66affSColin Finck * \c mbedtls_ssl_set_hs_psk() on the ssl context to set the 1688c2c66affSColin Finck * correct PSK and return 0. 1689c2c66affSColin Finck * Any other return value will result in a denied PSK identity. 1690c2c66affSColin Finck * 1691c2c66affSColin Finck * \note If you set a PSK callback using this function, then you 1692c2c66affSColin Finck * don't need to set a PSK key and identity using 1693c2c66affSColin Finck * \c mbedtls_ssl_conf_psk(). 1694c2c66affSColin Finck * 1695c2c66affSColin Finck * \param conf SSL configuration 1696c2c66affSColin Finck * \param f_psk PSK identity function 1697c2c66affSColin Finck * \param p_psk PSK identity parameter 1698c2c66affSColin Finck */ 1699c2c66affSColin Finck void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf, 1700c2c66affSColin Finck int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *, 1701c2c66affSColin Finck size_t), 1702c2c66affSColin Finck void *p_psk ); 1703c2c66affSColin Finck #endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */ 1704c2c66affSColin Finck 1705c2c66affSColin Finck #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C) 1706*d9e6c9b5SThomas Faber 1707*d9e6c9b5SThomas Faber #if !defined(MBEDTLS_DEPRECATED_REMOVED) 1708*d9e6c9b5SThomas Faber 1709*d9e6c9b5SThomas Faber #if defined(MBEDTLS_DEPRECATED_WARNING) 1710*d9e6c9b5SThomas Faber #define MBEDTLS_DEPRECATED __attribute__((deprecated)) 1711*d9e6c9b5SThomas Faber #else 1712*d9e6c9b5SThomas Faber #define MBEDTLS_DEPRECATED 1713*d9e6c9b5SThomas Faber #endif 1714*d9e6c9b5SThomas Faber 1715c2c66affSColin Finck /** 1716c2c66affSColin Finck * \brief Set the Diffie-Hellman public P and G values, 1717c2c66affSColin Finck * read as hexadecimal strings (server-side only) 1718*d9e6c9b5SThomas Faber * (Default values: MBEDTLS_DHM_RFC3526_MODP_2048_[PG]) 1719c2c66affSColin Finck * 1720c2c66affSColin Finck * \param conf SSL configuration 1721c2c66affSColin Finck * \param dhm_P Diffie-Hellman-Merkle modulus 1722c2c66affSColin Finck * \param dhm_G Diffie-Hellman-Merkle generator 1723c2c66affSColin Finck * 1724*d9e6c9b5SThomas Faber * \deprecated Superseded by \c mbedtls_ssl_conf_dh_param_bin. 1725*d9e6c9b5SThomas Faber * 1726c2c66affSColin Finck * \return 0 if successful 1727c2c66affSColin Finck */ 1728*d9e6c9b5SThomas Faber MBEDTLS_DEPRECATED int mbedtls_ssl_conf_dh_param( mbedtls_ssl_config *conf, 1729*d9e6c9b5SThomas Faber const char *dhm_P, 1730*d9e6c9b5SThomas Faber const char *dhm_G ); 1731*d9e6c9b5SThomas Faber 1732*d9e6c9b5SThomas Faber #endif /* MBEDTLS_DEPRECATED_REMOVED */ 1733*d9e6c9b5SThomas Faber 1734*d9e6c9b5SThomas Faber /** 1735*d9e6c9b5SThomas Faber * \brief Set the Diffie-Hellman public P and G values 1736*d9e6c9b5SThomas Faber * from big-endian binary presentations. 1737*d9e6c9b5SThomas Faber * (Default values: MBEDTLS_DHM_RFC3526_MODP_2048_[PG]_BIN) 1738*d9e6c9b5SThomas Faber * 1739*d9e6c9b5SThomas Faber * \param conf SSL configuration 1740*d9e6c9b5SThomas Faber * \param dhm_P Diffie-Hellman-Merkle modulus in big-endian binary form 1741*d9e6c9b5SThomas Faber * \param P_len Length of DHM modulus 1742*d9e6c9b5SThomas Faber * \param dhm_G Diffie-Hellman-Merkle generator in big-endian binary form 1743*d9e6c9b5SThomas Faber * \param G_len Length of DHM generator 1744*d9e6c9b5SThomas Faber * 1745*d9e6c9b5SThomas Faber * \return 0 if successful 1746*d9e6c9b5SThomas Faber */ 1747*d9e6c9b5SThomas Faber int mbedtls_ssl_conf_dh_param_bin( mbedtls_ssl_config *conf, 1748*d9e6c9b5SThomas Faber const unsigned char *dhm_P, size_t P_len, 1749*d9e6c9b5SThomas Faber const unsigned char *dhm_G, size_t G_len ); 1750c2c66affSColin Finck 1751c2c66affSColin Finck /** 1752c2c66affSColin Finck * \brief Set the Diffie-Hellman public P and G values, 1753c2c66affSColin Finck * read from existing context (server-side only) 1754c2c66affSColin Finck * 1755c2c66affSColin Finck * \param conf SSL configuration 1756c2c66affSColin Finck * \param dhm_ctx Diffie-Hellman-Merkle context 1757c2c66affSColin Finck * 1758c2c66affSColin Finck * \return 0 if successful 1759c2c66affSColin Finck */ 1760c2c66affSColin Finck int mbedtls_ssl_conf_dh_param_ctx( mbedtls_ssl_config *conf, mbedtls_dhm_context *dhm_ctx ); 1761c2c66affSColin Finck #endif /* MBEDTLS_DHM_C && defined(MBEDTLS_SSL_SRV_C) */ 1762c2c66affSColin Finck 1763c2c66affSColin Finck #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C) 1764c2c66affSColin Finck /** 1765c2c66affSColin Finck * \brief Set the minimum length for Diffie-Hellman parameters. 1766c2c66affSColin Finck * (Client-side only.) 1767c2c66affSColin Finck * (Default: 1024 bits.) 1768c2c66affSColin Finck * 1769c2c66affSColin Finck * \param conf SSL configuration 1770c2c66affSColin Finck * \param bitlen Minimum bit length of the DHM prime 1771c2c66affSColin Finck */ 1772c2c66affSColin Finck void mbedtls_ssl_conf_dhm_min_bitlen( mbedtls_ssl_config *conf, 1773c2c66affSColin Finck unsigned int bitlen ); 1774c2c66affSColin Finck #endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_CLI_C */ 1775c2c66affSColin Finck 1776c2c66affSColin Finck #if defined(MBEDTLS_ECP_C) 1777c2c66affSColin Finck /** 1778c2c66affSColin Finck * \brief Set the allowed curves in order of preference. 1779c2c66affSColin Finck * (Default: all defined curves.) 1780c2c66affSColin Finck * 1781c2c66affSColin Finck * On server: this only affects selection of the ECDHE curve; 1782c2c66affSColin Finck * the curves used for ECDH and ECDSA are determined by the 1783c2c66affSColin Finck * list of available certificates instead. 1784c2c66affSColin Finck * 1785c2c66affSColin Finck * On client: this affects the list of curves offered for any 1786c2c66affSColin Finck * use. The server can override our preference order. 1787c2c66affSColin Finck * 1788c2c66affSColin Finck * Both sides: limits the set of curves accepted for use in 1789c2c66affSColin Finck * ECDHE and in the peer's end-entity certificate. 1790c2c66affSColin Finck * 1791c2c66affSColin Finck * \note This has no influence on which curves are allowed inside the 1792c2c66affSColin Finck * certificate chains, see \c mbedtls_ssl_conf_cert_profile() 1793c2c66affSColin Finck * for that. For the end-entity certificate however, the key 1794c2c66affSColin Finck * will be accepted only if it is allowed both by this list 1795c2c66affSColin Finck * and by the cert profile. 1796c2c66affSColin Finck * 1797c2c66affSColin Finck * \note This list should be ordered by decreasing preference 1798c2c66affSColin Finck * (preferred curve first). 1799c2c66affSColin Finck * 1800c2c66affSColin Finck * \param conf SSL configuration 1801c2c66affSColin Finck * \param curves Ordered list of allowed curves, 1802c2c66affSColin Finck * terminated by MBEDTLS_ECP_DP_NONE. 1803c2c66affSColin Finck */ 1804c2c66affSColin Finck void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf, 1805c2c66affSColin Finck const mbedtls_ecp_group_id *curves ); 1806c2c66affSColin Finck #endif /* MBEDTLS_ECP_C */ 1807c2c66affSColin Finck 1808c2c66affSColin Finck #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) 1809c2c66affSColin Finck /** 1810c2c66affSColin Finck * \brief Set the allowed hashes for signatures during the handshake. 1811c2c66affSColin Finck * (Default: all available hashes except MD5.) 1812c2c66affSColin Finck * 1813c2c66affSColin Finck * \note This only affects which hashes are offered and can be used 1814c2c66affSColin Finck * for signatures during the handshake. Hashes for message 1815c2c66affSColin Finck * authentication and the TLS PRF are controlled by the 1816c2c66affSColin Finck * ciphersuite, see \c mbedtls_ssl_conf_ciphersuites(). Hashes 1817c2c66affSColin Finck * used for certificate signature are controlled by the 1818c2c66affSColin Finck * verification profile, see \c mbedtls_ssl_conf_cert_profile(). 1819c2c66affSColin Finck * 1820c2c66affSColin Finck * \note This list should be ordered by decreasing preference 1821c2c66affSColin Finck * (preferred hash first). 1822c2c66affSColin Finck * 1823c2c66affSColin Finck * \param conf SSL configuration 1824c2c66affSColin Finck * \param hashes Ordered list of allowed signature hashes, 1825c2c66affSColin Finck * terminated by \c MBEDTLS_MD_NONE. 1826c2c66affSColin Finck */ 1827c2c66affSColin Finck void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf, 1828c2c66affSColin Finck const int *hashes ); 1829c2c66affSColin Finck #endif /* MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */ 1830c2c66affSColin Finck 1831c2c66affSColin Finck #if defined(MBEDTLS_X509_CRT_PARSE_C) 1832c2c66affSColin Finck /** 1833*d9e6c9b5SThomas Faber * \brief Set or reset the hostname to check against the received 1834*d9e6c9b5SThomas Faber * server certificate. It sets the ServerName TLS extension, 1835*d9e6c9b5SThomas Faber * too, if that extension is enabled. (client-side only) 1836c2c66affSColin Finck * 1837c2c66affSColin Finck * \param ssl SSL context 1838*d9e6c9b5SThomas Faber * \param hostname the server hostname, may be NULL to clear hostname 1839c2c66affSColin Finck * 1840*d9e6c9b5SThomas Faber * \note Maximum hostname length MBEDTLS_SSL_MAX_HOST_NAME_LEN. 1841*d9e6c9b5SThomas Faber * 1842*d9e6c9b5SThomas Faber * \return 0 if successful, MBEDTLS_ERR_SSL_ALLOC_FAILED on 1843*d9e6c9b5SThomas Faber * allocation failure, MBEDTLS_ERR_SSL_BAD_INPUT_DATA on 1844*d9e6c9b5SThomas Faber * too long input hostname. 1845*d9e6c9b5SThomas Faber * 1846*d9e6c9b5SThomas Faber * Hostname set to the one provided on success (cleared 1847*d9e6c9b5SThomas Faber * when NULL). On allocation failure hostname is cleared. 1848*d9e6c9b5SThomas Faber * On too long input failure, old hostname is unchanged. 1849c2c66affSColin Finck */ 1850c2c66affSColin Finck int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname ); 1851c2c66affSColin Finck #endif /* MBEDTLS_X509_CRT_PARSE_C */ 1852c2c66affSColin Finck 1853c2c66affSColin Finck #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) 1854c2c66affSColin Finck /** 1855c2c66affSColin Finck * \brief Set own certificate and key for the current handshake 1856c2c66affSColin Finck * 1857c2c66affSColin Finck * \note Same as \c mbedtls_ssl_conf_own_cert() but for use within 1858c2c66affSColin Finck * the SNI callback. 1859c2c66affSColin Finck * 1860c2c66affSColin Finck * \param ssl SSL context 1861c2c66affSColin Finck * \param own_cert own public certificate chain 1862c2c66affSColin Finck * \param pk_key own private key 1863c2c66affSColin Finck * 1864c2c66affSColin Finck * \return 0 on success or MBEDTLS_ERR_SSL_ALLOC_FAILED 1865c2c66affSColin Finck */ 1866c2c66affSColin Finck int mbedtls_ssl_set_hs_own_cert( mbedtls_ssl_context *ssl, 1867c2c66affSColin Finck mbedtls_x509_crt *own_cert, 1868c2c66affSColin Finck mbedtls_pk_context *pk_key ); 1869c2c66affSColin Finck 1870c2c66affSColin Finck /** 1871c2c66affSColin Finck * \brief Set the data required to verify peer certificate for the 1872c2c66affSColin Finck * current handshake 1873c2c66affSColin Finck * 1874c2c66affSColin Finck * \note Same as \c mbedtls_ssl_conf_ca_chain() but for use within 1875c2c66affSColin Finck * the SNI callback. 1876c2c66affSColin Finck * 1877c2c66affSColin Finck * \param ssl SSL context 1878c2c66affSColin Finck * \param ca_chain trusted CA chain (meaning all fully trusted top-level CAs) 1879c2c66affSColin Finck * \param ca_crl trusted CA CRLs 1880c2c66affSColin Finck */ 1881c2c66affSColin Finck void mbedtls_ssl_set_hs_ca_chain( mbedtls_ssl_context *ssl, 1882c2c66affSColin Finck mbedtls_x509_crt *ca_chain, 1883c2c66affSColin Finck mbedtls_x509_crl *ca_crl ); 1884c2c66affSColin Finck 1885c2c66affSColin Finck /** 1886c2c66affSColin Finck * \brief Set authmode for the current handshake. 1887c2c66affSColin Finck * 1888c2c66affSColin Finck * \note Same as \c mbedtls_ssl_conf_authmode() but for use within 1889c2c66affSColin Finck * the SNI callback. 1890c2c66affSColin Finck * 1891c2c66affSColin Finck * \param ssl SSL context 1892c2c66affSColin Finck * \param authmode MBEDTLS_SSL_VERIFY_NONE, MBEDTLS_SSL_VERIFY_OPTIONAL or 1893c2c66affSColin Finck * MBEDTLS_SSL_VERIFY_REQUIRED 1894c2c66affSColin Finck */ 1895c2c66affSColin Finck void mbedtls_ssl_set_hs_authmode( mbedtls_ssl_context *ssl, 1896c2c66affSColin Finck int authmode ); 1897c2c66affSColin Finck 1898c2c66affSColin Finck /** 1899c2c66affSColin Finck * \brief Set server side ServerName TLS extension callback 1900c2c66affSColin Finck * (optional, server-side only). 1901c2c66affSColin Finck * 1902c2c66affSColin Finck * If set, the ServerName callback is called whenever the 1903c2c66affSColin Finck * server receives a ServerName TLS extension from the client 1904c2c66affSColin Finck * during a handshake. The ServerName callback has the 1905c2c66affSColin Finck * following parameters: (void *parameter, mbedtls_ssl_context *ssl, 1906c2c66affSColin Finck * const unsigned char *hostname, size_t len). If a suitable 1907c2c66affSColin Finck * certificate is found, the callback must set the 1908c2c66affSColin Finck * certificate(s) and key(s) to use with \c 1909c2c66affSColin Finck * mbedtls_ssl_set_hs_own_cert() (can be called repeatedly), 1910c2c66affSColin Finck * and may optionally adjust the CA and associated CRL with \c 1911c2c66affSColin Finck * mbedtls_ssl_set_hs_ca_chain() as well as the client 1912c2c66affSColin Finck * authentication mode with \c mbedtls_ssl_set_hs_authmode(), 1913c2c66affSColin Finck * then must return 0. If no matching name is found, the 1914c2c66affSColin Finck * callback must either set a default cert, or 1915c2c66affSColin Finck * return non-zero to abort the handshake at this point. 1916c2c66affSColin Finck * 1917c2c66affSColin Finck * \param conf SSL configuration 1918c2c66affSColin Finck * \param f_sni verification function 1919c2c66affSColin Finck * \param p_sni verification parameter 1920c2c66affSColin Finck */ 1921c2c66affSColin Finck void mbedtls_ssl_conf_sni( mbedtls_ssl_config *conf, 1922c2c66affSColin Finck int (*f_sni)(void *, mbedtls_ssl_context *, const unsigned char *, 1923c2c66affSColin Finck size_t), 1924c2c66affSColin Finck void *p_sni ); 1925c2c66affSColin Finck #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ 1926c2c66affSColin Finck 1927c2c66affSColin Finck #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) 1928c2c66affSColin Finck /** 1929c2c66affSColin Finck * \brief Set the EC J-PAKE password for current handshake. 1930c2c66affSColin Finck * 1931c2c66affSColin Finck * \note An internal copy is made, and destroyed as soon as the 1932c2c66affSColin Finck * handshake is completed, or when the SSL context is reset or 1933c2c66affSColin Finck * freed. 1934c2c66affSColin Finck * 1935c2c66affSColin Finck * \note The SSL context needs to be already set up. The right place 1936c2c66affSColin Finck * to call this function is between \c mbedtls_ssl_setup() or 1937c2c66affSColin Finck * \c mbedtls_ssl_reset() and \c mbedtls_ssl_handshake(). 1938c2c66affSColin Finck * 1939c2c66affSColin Finck * \param ssl SSL context 1940c2c66affSColin Finck * \param pw EC J-PAKE password (pre-shared secret) 1941c2c66affSColin Finck * \param pw_len length of pw in bytes 1942c2c66affSColin Finck * 1943c2c66affSColin Finck * \return 0 on success, or a negative error code. 1944c2c66affSColin Finck */ 1945c2c66affSColin Finck int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl, 1946c2c66affSColin Finck const unsigned char *pw, 1947c2c66affSColin Finck size_t pw_len ); 1948c2c66affSColin Finck #endif /*MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ 1949c2c66affSColin Finck 1950c2c66affSColin Finck #if defined(MBEDTLS_SSL_ALPN) 1951c2c66affSColin Finck /** 1952c2c66affSColin Finck * \brief Set the supported Application Layer Protocols. 1953c2c66affSColin Finck * 1954c2c66affSColin Finck * \param conf SSL configuration 1955c2c66affSColin Finck * \param protos Pointer to a NULL-terminated list of supported protocols, 1956c2c66affSColin Finck * in decreasing preference order. The pointer to the list is 1957c2c66affSColin Finck * recorded by the library for later reference as required, so 1958c2c66affSColin Finck * the lifetime of the table must be atleast as long as the 1959c2c66affSColin Finck * lifetime of the SSL configuration structure. 1960c2c66affSColin Finck * 1961c2c66affSColin Finck * \return 0 on success, or MBEDTLS_ERR_SSL_BAD_INPUT_DATA. 1962c2c66affSColin Finck */ 1963c2c66affSColin Finck int mbedtls_ssl_conf_alpn_protocols( mbedtls_ssl_config *conf, const char **protos ); 1964c2c66affSColin Finck 1965c2c66affSColin Finck /** 1966c2c66affSColin Finck * \brief Get the name of the negotiated Application Layer Protocol. 1967c2c66affSColin Finck * This function should be called after the handshake is 1968c2c66affSColin Finck * completed. 1969c2c66affSColin Finck * 1970c2c66affSColin Finck * \param ssl SSL context 1971c2c66affSColin Finck * 1972c2c66affSColin Finck * \return Protcol name, or NULL if no protocol was negotiated. 1973c2c66affSColin Finck */ 1974c2c66affSColin Finck const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl ); 1975c2c66affSColin Finck #endif /* MBEDTLS_SSL_ALPN */ 1976c2c66affSColin Finck 1977c2c66affSColin Finck /** 1978c2c66affSColin Finck * \brief Set the maximum supported version sent from the client side 1979c2c66affSColin Finck * and/or accepted at the server side 1980c2c66affSColin Finck * (Default: MBEDTLS_SSL_MAX_MAJOR_VERSION, MBEDTLS_SSL_MAX_MINOR_VERSION) 1981c2c66affSColin Finck * 1982c2c66affSColin Finck * \note This ignores ciphersuites from higher versions. 1983c2c66affSColin Finck * 1984c2c66affSColin Finck * \note With DTLS, use MBEDTLS_SSL_MINOR_VERSION_2 for DTLS 1.0 and 1985c2c66affSColin Finck * MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2 1986c2c66affSColin Finck * 1987c2c66affSColin Finck * \param conf SSL configuration 1988c2c66affSColin Finck * \param major Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3 supported) 1989c2c66affSColin Finck * \param minor Minor version number (MBEDTLS_SSL_MINOR_VERSION_0, 1990c2c66affSColin Finck * MBEDTLS_SSL_MINOR_VERSION_1 and MBEDTLS_SSL_MINOR_VERSION_2, 1991c2c66affSColin Finck * MBEDTLS_SSL_MINOR_VERSION_3 supported) 1992c2c66affSColin Finck */ 1993c2c66affSColin Finck void mbedtls_ssl_conf_max_version( mbedtls_ssl_config *conf, int major, int minor ); 1994c2c66affSColin Finck 1995c2c66affSColin Finck /** 1996c2c66affSColin Finck * \brief Set the minimum accepted SSL/TLS protocol version 1997c2c66affSColin Finck * (Default: TLS 1.0) 1998c2c66affSColin Finck * 1999c2c66affSColin Finck * \note Input outside of the SSL_MAX_XXXXX_VERSION and 2000c2c66affSColin Finck * SSL_MIN_XXXXX_VERSION range is ignored. 2001c2c66affSColin Finck * 2002c2c66affSColin Finck * \note MBEDTLS_SSL_MINOR_VERSION_0 (SSL v3) should be avoided. 2003c2c66affSColin Finck * 2004c2c66affSColin Finck * \note With DTLS, use MBEDTLS_SSL_MINOR_VERSION_2 for DTLS 1.0 and 2005c2c66affSColin Finck * MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2 2006c2c66affSColin Finck * 2007c2c66affSColin Finck * \param conf SSL configuration 2008c2c66affSColin Finck * \param major Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3 supported) 2009c2c66affSColin Finck * \param minor Minor version number (MBEDTLS_SSL_MINOR_VERSION_0, 2010c2c66affSColin Finck * MBEDTLS_SSL_MINOR_VERSION_1 and MBEDTLS_SSL_MINOR_VERSION_2, 2011c2c66affSColin Finck * MBEDTLS_SSL_MINOR_VERSION_3 supported) 2012c2c66affSColin Finck */ 2013c2c66affSColin Finck void mbedtls_ssl_conf_min_version( mbedtls_ssl_config *conf, int major, int minor ); 2014c2c66affSColin Finck 2015c2c66affSColin Finck #if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C) 2016c2c66affSColin Finck /** 2017c2c66affSColin Finck * \brief Set the fallback flag (client-side only). 2018c2c66affSColin Finck * (Default: MBEDTLS_SSL_IS_NOT_FALLBACK). 2019c2c66affSColin Finck * 2020c2c66affSColin Finck * \note Set to MBEDTLS_SSL_IS_FALLBACK when preparing a fallback 2021c2c66affSColin Finck * connection, that is a connection with max_version set to a 2022c2c66affSColin Finck * lower value than the value you're willing to use. Such 2023c2c66affSColin Finck * fallback connections are not recommended but are sometimes 2024c2c66affSColin Finck * necessary to interoperate with buggy (version-intolerant) 2025c2c66affSColin Finck * servers. 2026c2c66affSColin Finck * 2027c2c66affSColin Finck * \warning You should NOT set this to MBEDTLS_SSL_IS_FALLBACK for 2028c2c66affSColin Finck * non-fallback connections! This would appear to work for a 2029c2c66affSColin Finck * while, then cause failures when the server is upgraded to 2030c2c66affSColin Finck * support a newer TLS version. 2031c2c66affSColin Finck * 2032c2c66affSColin Finck * \param conf SSL configuration 2033c2c66affSColin Finck * \param fallback MBEDTLS_SSL_IS_NOT_FALLBACK or MBEDTLS_SSL_IS_FALLBACK 2034c2c66affSColin Finck */ 2035c2c66affSColin Finck void mbedtls_ssl_conf_fallback( mbedtls_ssl_config *conf, char fallback ); 2036c2c66affSColin Finck #endif /* MBEDTLS_SSL_FALLBACK_SCSV && MBEDTLS_SSL_CLI_C */ 2037c2c66affSColin Finck 2038c2c66affSColin Finck #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) 2039c2c66affSColin Finck /** 2040c2c66affSColin Finck * \brief Enable or disable Encrypt-then-MAC 2041c2c66affSColin Finck * (Default: MBEDTLS_SSL_ETM_ENABLED) 2042c2c66affSColin Finck * 2043c2c66affSColin Finck * \note This should always be enabled, it is a security 2044c2c66affSColin Finck * improvement, and should not cause any interoperability 2045c2c66affSColin Finck * issue (used only if the peer supports it too). 2046c2c66affSColin Finck * 2047c2c66affSColin Finck * \param conf SSL configuration 2048c2c66affSColin Finck * \param etm MBEDTLS_SSL_ETM_ENABLED or MBEDTLS_SSL_ETM_DISABLED 2049c2c66affSColin Finck */ 2050c2c66affSColin Finck void mbedtls_ssl_conf_encrypt_then_mac( mbedtls_ssl_config *conf, char etm ); 2051c2c66affSColin Finck #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ 2052c2c66affSColin Finck 2053c2c66affSColin Finck #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) 2054c2c66affSColin Finck /** 2055c2c66affSColin Finck * \brief Enable or disable Extended Master Secret negotiation. 2056c2c66affSColin Finck * (Default: MBEDTLS_SSL_EXTENDED_MS_ENABLED) 2057c2c66affSColin Finck * 2058c2c66affSColin Finck * \note This should always be enabled, it is a security fix to the 2059c2c66affSColin Finck * protocol, and should not cause any interoperability issue 2060c2c66affSColin Finck * (used only if the peer supports it too). 2061c2c66affSColin Finck * 2062c2c66affSColin Finck * \param conf SSL configuration 2063c2c66affSColin Finck * \param ems MBEDTLS_SSL_EXTENDED_MS_ENABLED or MBEDTLS_SSL_EXTENDED_MS_DISABLED 2064c2c66affSColin Finck */ 2065c2c66affSColin Finck void mbedtls_ssl_conf_extended_master_secret( mbedtls_ssl_config *conf, char ems ); 2066c2c66affSColin Finck #endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */ 2067c2c66affSColin Finck 2068c2c66affSColin Finck #if defined(MBEDTLS_ARC4_C) 2069c2c66affSColin Finck /** 2070c2c66affSColin Finck * \brief Disable or enable support for RC4 2071c2c66affSColin Finck * (Default: MBEDTLS_SSL_ARC4_DISABLED) 2072c2c66affSColin Finck * 2073c2c66affSColin Finck * \warning Use of RC4 in DTLS/TLS has been prohibited by RFC 7465 2074c2c66affSColin Finck * for security reasons. Use at your own risk. 2075c2c66affSColin Finck * 2076c2c66affSColin Finck * \note This function is deprecated and will likely be removed in 2077c2c66affSColin Finck * a future version of the library. 2078c2c66affSColin Finck * RC4 is disabled by default at compile time and needs to be 2079c2c66affSColin Finck * actively enabled for use with legacy systems. 2080c2c66affSColin Finck * 2081c2c66affSColin Finck * \param conf SSL configuration 2082c2c66affSColin Finck * \param arc4 MBEDTLS_SSL_ARC4_ENABLED or MBEDTLS_SSL_ARC4_DISABLED 2083c2c66affSColin Finck */ 2084c2c66affSColin Finck void mbedtls_ssl_conf_arc4_support( mbedtls_ssl_config *conf, char arc4 ); 2085c2c66affSColin Finck #endif /* MBEDTLS_ARC4_C */ 2086c2c66affSColin Finck 2087c2c66affSColin Finck #if defined(MBEDTLS_SSL_SRV_C) 2088c2c66affSColin Finck /** 2089c2c66affSColin Finck * \brief Whether to send a list of acceptable CAs in 2090c2c66affSColin Finck * CertificateRequest messages. 2091c2c66affSColin Finck * (Default: do send) 2092c2c66affSColin Finck * 2093c2c66affSColin Finck * \param conf SSL configuration 2094c2c66affSColin Finck * \param cert_req_ca_list MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED or 2095c2c66affSColin Finck * MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED 2096c2c66affSColin Finck */ 2097c2c66affSColin Finck void mbedtls_ssl_conf_cert_req_ca_list( mbedtls_ssl_config *conf, 2098c2c66affSColin Finck char cert_req_ca_list ); 2099c2c66affSColin Finck #endif /* MBEDTLS_SSL_SRV_C */ 2100c2c66affSColin Finck 2101c2c66affSColin Finck #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) 2102c2c66affSColin Finck /** 2103c2c66affSColin Finck * \brief Set the maximum fragment length to emit and/or negotiate 2104c2c66affSColin Finck * (Default: MBEDTLS_SSL_MAX_CONTENT_LEN, usually 2^14 bytes) 2105c2c66affSColin Finck * (Server: set maximum fragment length to emit, 2106c2c66affSColin Finck * usually negotiated by the client during handshake 2107c2c66affSColin Finck * (Client: set maximum fragment length to emit *and* 2108c2c66affSColin Finck * negotiate with the server during handshake) 2109c2c66affSColin Finck * 2110c2c66affSColin Finck * \param conf SSL configuration 2111c2c66affSColin Finck * \param mfl_code Code for maximum fragment length (allowed values: 2112c2c66affSColin Finck * MBEDTLS_SSL_MAX_FRAG_LEN_512, MBEDTLS_SSL_MAX_FRAG_LEN_1024, 2113c2c66affSColin Finck * MBEDTLS_SSL_MAX_FRAG_LEN_2048, MBEDTLS_SSL_MAX_FRAG_LEN_4096) 2114c2c66affSColin Finck * 2115c2c66affSColin Finck * \return 0 if successful or MBEDTLS_ERR_SSL_BAD_INPUT_DATA 2116c2c66affSColin Finck */ 2117c2c66affSColin Finck int mbedtls_ssl_conf_max_frag_len( mbedtls_ssl_config *conf, unsigned char mfl_code ); 2118c2c66affSColin Finck #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ 2119c2c66affSColin Finck 2120c2c66affSColin Finck #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) 2121c2c66affSColin Finck /** 2122c2c66affSColin Finck * \brief Activate negotiation of truncated HMAC 2123c2c66affSColin Finck * (Default: MBEDTLS_SSL_TRUNC_HMAC_DISABLED) 2124c2c66affSColin Finck * 2125c2c66affSColin Finck * \param conf SSL configuration 2126c2c66affSColin Finck * \param truncate Enable or disable (MBEDTLS_SSL_TRUNC_HMAC_ENABLED or 2127c2c66affSColin Finck * MBEDTLS_SSL_TRUNC_HMAC_DISABLED) 2128c2c66affSColin Finck */ 2129c2c66affSColin Finck void mbedtls_ssl_conf_truncated_hmac( mbedtls_ssl_config *conf, int truncate ); 2130c2c66affSColin Finck #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ 2131c2c66affSColin Finck 2132c2c66affSColin Finck #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) 2133c2c66affSColin Finck /** 2134c2c66affSColin Finck * \brief Enable / Disable 1/n-1 record splitting 2135c2c66affSColin Finck * (Default: MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED) 2136c2c66affSColin Finck * 2137c2c66affSColin Finck * \note Only affects SSLv3 and TLS 1.0, not higher versions. 2138c2c66affSColin Finck * Does not affect non-CBC ciphersuites in any version. 2139c2c66affSColin Finck * 2140c2c66affSColin Finck * \param conf SSL configuration 2141c2c66affSColin Finck * \param split MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED or 2142c2c66affSColin Finck * MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED 2143c2c66affSColin Finck */ 2144c2c66affSColin Finck void mbedtls_ssl_conf_cbc_record_splitting( mbedtls_ssl_config *conf, char split ); 2145c2c66affSColin Finck #endif /* MBEDTLS_SSL_CBC_RECORD_SPLITTING */ 2146c2c66affSColin Finck 2147c2c66affSColin Finck #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) 2148c2c66affSColin Finck /** 2149c2c66affSColin Finck * \brief Enable / Disable session tickets (client only). 2150c2c66affSColin Finck * (Default: MBEDTLS_SSL_SESSION_TICKETS_ENABLED.) 2151c2c66affSColin Finck * 2152c2c66affSColin Finck * \note On server, use \c mbedtls_ssl_conf_session_tickets_cb(). 2153c2c66affSColin Finck * 2154c2c66affSColin Finck * \param conf SSL configuration 2155c2c66affSColin Finck * \param use_tickets Enable or disable (MBEDTLS_SSL_SESSION_TICKETS_ENABLED or 2156c2c66affSColin Finck * MBEDTLS_SSL_SESSION_TICKETS_DISABLED) 2157c2c66affSColin Finck */ 2158c2c66affSColin Finck void mbedtls_ssl_conf_session_tickets( mbedtls_ssl_config *conf, int use_tickets ); 2159c2c66affSColin Finck #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */ 2160c2c66affSColin Finck 2161c2c66affSColin Finck #if defined(MBEDTLS_SSL_RENEGOTIATION) 2162c2c66affSColin Finck /** 2163c2c66affSColin Finck * \brief Enable / Disable renegotiation support for connection when 2164c2c66affSColin Finck * initiated by peer 2165c2c66affSColin Finck * (Default: MBEDTLS_SSL_RENEGOTIATION_DISABLED) 2166c2c66affSColin Finck * 2167c2c66affSColin Finck * \warning It is recommended to always disable renegotation unless you 2168c2c66affSColin Finck * know you need it and you know what you're doing. In the 2169c2c66affSColin Finck * past, there have been several issues associated with 2170c2c66affSColin Finck * renegotiation or a poor understanding of its properties. 2171c2c66affSColin Finck * 2172c2c66affSColin Finck * \note Server-side, enabling renegotiation also makes the server 2173c2c66affSColin Finck * susceptible to a resource DoS by a malicious client. 2174c2c66affSColin Finck * 2175c2c66affSColin Finck * \param conf SSL configuration 2176c2c66affSColin Finck * \param renegotiation Enable or disable (MBEDTLS_SSL_RENEGOTIATION_ENABLED or 2177c2c66affSColin Finck * MBEDTLS_SSL_RENEGOTIATION_DISABLED) 2178c2c66affSColin Finck */ 2179c2c66affSColin Finck void mbedtls_ssl_conf_renegotiation( mbedtls_ssl_config *conf, int renegotiation ); 2180c2c66affSColin Finck #endif /* MBEDTLS_SSL_RENEGOTIATION */ 2181c2c66affSColin Finck 2182c2c66affSColin Finck /** 2183c2c66affSColin Finck * \brief Prevent or allow legacy renegotiation. 2184c2c66affSColin Finck * (Default: MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION) 2185c2c66affSColin Finck * 2186c2c66affSColin Finck * MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION allows connections to 2187c2c66affSColin Finck * be established even if the peer does not support 2188c2c66affSColin Finck * secure renegotiation, but does not allow renegotiation 2189c2c66affSColin Finck * to take place if not secure. 2190c2c66affSColin Finck * (Interoperable and secure option) 2191c2c66affSColin Finck * 2192c2c66affSColin Finck * MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION allows renegotiations 2193c2c66affSColin Finck * with non-upgraded peers. Allowing legacy renegotiation 2194c2c66affSColin Finck * makes the connection vulnerable to specific man in the 2195c2c66affSColin Finck * middle attacks. (See RFC 5746) 2196c2c66affSColin Finck * (Most interoperable and least secure option) 2197c2c66affSColin Finck * 2198c2c66affSColin Finck * MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE breaks off connections 2199c2c66affSColin Finck * if peer does not support secure renegotiation. Results 2200c2c66affSColin Finck * in interoperability issues with non-upgraded peers 2201c2c66affSColin Finck * that do not support renegotiation altogether. 2202c2c66affSColin Finck * (Most secure option, interoperability issues) 2203c2c66affSColin Finck * 2204c2c66affSColin Finck * \param conf SSL configuration 2205c2c66affSColin Finck * \param allow_legacy Prevent or allow (SSL_NO_LEGACY_RENEGOTIATION, 2206c2c66affSColin Finck * SSL_ALLOW_LEGACY_RENEGOTIATION or 2207c2c66affSColin Finck * MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE) 2208c2c66affSColin Finck */ 2209c2c66affSColin Finck void mbedtls_ssl_conf_legacy_renegotiation( mbedtls_ssl_config *conf, int allow_legacy ); 2210c2c66affSColin Finck 2211c2c66affSColin Finck #if defined(MBEDTLS_SSL_RENEGOTIATION) 2212c2c66affSColin Finck /** 2213c2c66affSColin Finck * \brief Enforce renegotiation requests. 2214c2c66affSColin Finck * (Default: enforced, max_records = 16) 2215c2c66affSColin Finck * 2216c2c66affSColin Finck * When we request a renegotiation, the peer can comply or 2217c2c66affSColin Finck * ignore the request. This function allows us to decide 2218c2c66affSColin Finck * whether to enforce our renegotiation requests by closing 2219c2c66affSColin Finck * the connection if the peer doesn't comply. 2220c2c66affSColin Finck * 2221c2c66affSColin Finck * However, records could already be in transit from the peer 2222c2c66affSColin Finck * when the request is emitted. In order to increase 2223c2c66affSColin Finck * reliability, we can accept a number of records before the 2224c2c66affSColin Finck * expected handshake records. 2225c2c66affSColin Finck * 2226c2c66affSColin Finck * The optimal value is highly dependent on the specific usage 2227c2c66affSColin Finck * scenario. 2228c2c66affSColin Finck * 2229c2c66affSColin Finck * \note With DTLS and server-initiated renegotiation, the 2230c2c66affSColin Finck * HelloRequest is retransmited every time mbedtls_ssl_read() times 2231c2c66affSColin Finck * out or receives Application Data, until: 2232c2c66affSColin Finck * - max_records records have beens seen, if it is >= 0, or 2233c2c66affSColin Finck * - the number of retransmits that would happen during an 2234c2c66affSColin Finck * actual handshake has been reached. 2235c2c66affSColin Finck * Please remember the request might be lost a few times 2236c2c66affSColin Finck * if you consider setting max_records to a really low value. 2237c2c66affSColin Finck * 2238c2c66affSColin Finck * \warning On client, the grace period can only happen during 2239c2c66affSColin Finck * mbedtls_ssl_read(), as opposed to mbedtls_ssl_write() and mbedtls_ssl_renegotiate() 2240c2c66affSColin Finck * which always behave as if max_record was 0. The reason is, 2241c2c66affSColin Finck * if we receive application data from the server, we need a 2242c2c66affSColin Finck * place to write it, which only happens during mbedtls_ssl_read(). 2243c2c66affSColin Finck * 2244c2c66affSColin Finck * \param conf SSL configuration 2245c2c66affSColin Finck * \param max_records Use MBEDTLS_SSL_RENEGOTIATION_NOT_ENFORCED if you don't want to 2246c2c66affSColin Finck * enforce renegotiation, or a non-negative value to enforce 2247c2c66affSColin Finck * it but allow for a grace period of max_records records. 2248c2c66affSColin Finck */ 2249c2c66affSColin Finck void mbedtls_ssl_conf_renegotiation_enforced( mbedtls_ssl_config *conf, int max_records ); 2250c2c66affSColin Finck 2251c2c66affSColin Finck /** 2252c2c66affSColin Finck * \brief Set record counter threshold for periodic renegotiation. 2253c2c66affSColin Finck * (Default: 2^48 - 1) 2254c2c66affSColin Finck * 2255c2c66affSColin Finck * Renegotiation is automatically triggered when a record 2256c2c66affSColin Finck * counter (outgoing or ingoing) crosses the defined 2257c2c66affSColin Finck * threshold. The default value is meant to prevent the 2258c2c66affSColin Finck * connection from being closed when the counter is about to 2259c2c66affSColin Finck * reached its maximal value (it is not allowed to wrap). 2260c2c66affSColin Finck * 2261c2c66affSColin Finck * Lower values can be used to enforce policies such as "keys 2262c2c66affSColin Finck * must be refreshed every N packets with cipher X". 2263c2c66affSColin Finck * 2264c2c66affSColin Finck * The renegotiation period can be disabled by setting 2265c2c66affSColin Finck * conf->disable_renegotiation to 2266c2c66affSColin Finck * MBEDTLS_SSL_RENEGOTIATION_DISABLED. 2267c2c66affSColin Finck * 2268c2c66affSColin Finck * \note When the configured transport is 2269c2c66affSColin Finck * MBEDTLS_SSL_TRANSPORT_DATAGRAM the maximum renegotiation 2270c2c66affSColin Finck * period is 2^48 - 1, and for MBEDTLS_SSL_TRANSPORT_STREAM, 2271c2c66affSColin Finck * the maximum renegotiation period is 2^64 - 1. 2272c2c66affSColin Finck * 2273c2c66affSColin Finck * \param conf SSL configuration 2274c2c66affSColin Finck * \param period The threshold value: a big-endian 64-bit number. 2275c2c66affSColin Finck */ 2276c2c66affSColin Finck void mbedtls_ssl_conf_renegotiation_period( mbedtls_ssl_config *conf, 2277c2c66affSColin Finck const unsigned char period[8] ); 2278c2c66affSColin Finck #endif /* MBEDTLS_SSL_RENEGOTIATION */ 2279c2c66affSColin Finck 2280c2c66affSColin Finck /** 2281c2c66affSColin Finck * \brief Return the number of data bytes available to read 2282c2c66affSColin Finck * 2283c2c66affSColin Finck * \param ssl SSL context 2284c2c66affSColin Finck * 2285c2c66affSColin Finck * \return how many bytes are available in the read buffer 2286c2c66affSColin Finck */ 2287c2c66affSColin Finck size_t mbedtls_ssl_get_bytes_avail( const mbedtls_ssl_context *ssl ); 2288c2c66affSColin Finck 2289c2c66affSColin Finck /** 2290c2c66affSColin Finck * \brief Return the result of the certificate verification 2291c2c66affSColin Finck * 2292c2c66affSColin Finck * \param ssl SSL context 2293c2c66affSColin Finck * 2294c2c66affSColin Finck * \return 0 if successful, 2295c2c66affSColin Finck * -1 if result is not available (eg because the handshake was 2296c2c66affSColin Finck * aborted too early), or 2297c2c66affSColin Finck * a combination of BADCERT_xxx and BADCRL_xxx flags, see 2298c2c66affSColin Finck * x509.h 2299c2c66affSColin Finck */ 2300c2c66affSColin Finck uint32_t mbedtls_ssl_get_verify_result( const mbedtls_ssl_context *ssl ); 2301c2c66affSColin Finck 2302c2c66affSColin Finck /** 2303c2c66affSColin Finck * \brief Return the name of the current ciphersuite 2304c2c66affSColin Finck * 2305c2c66affSColin Finck * \param ssl SSL context 2306c2c66affSColin Finck * 2307c2c66affSColin Finck * \return a string containing the ciphersuite name 2308c2c66affSColin Finck */ 2309c2c66affSColin Finck const char *mbedtls_ssl_get_ciphersuite( const mbedtls_ssl_context *ssl ); 2310c2c66affSColin Finck 2311c2c66affSColin Finck /** 2312c2c66affSColin Finck * \brief Return the current SSL version (SSLv3/TLSv1/etc) 2313c2c66affSColin Finck * 2314c2c66affSColin Finck * \param ssl SSL context 2315c2c66affSColin Finck * 2316c2c66affSColin Finck * \return a string containing the SSL version 2317c2c66affSColin Finck */ 2318c2c66affSColin Finck const char *mbedtls_ssl_get_version( const mbedtls_ssl_context *ssl ); 2319c2c66affSColin Finck 2320c2c66affSColin Finck /** 2321c2c66affSColin Finck * \brief Return the (maximum) number of bytes added by the record 2322c2c66affSColin Finck * layer: header + encryption/MAC overhead (inc. padding) 2323c2c66affSColin Finck * 2324c2c66affSColin Finck * \param ssl SSL context 2325c2c66affSColin Finck * 2326c2c66affSColin Finck * \return Current maximum record expansion in bytes, or 2327c2c66affSColin Finck * MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE if compression is 2328c2c66affSColin Finck * enabled, which makes expansion much less predictable 2329c2c66affSColin Finck */ 2330c2c66affSColin Finck int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl ); 2331c2c66affSColin Finck 2332c2c66affSColin Finck #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) 2333c2c66affSColin Finck /** 2334c2c66affSColin Finck * \brief Return the maximum fragment length (payload, in bytes). 2335c2c66affSColin Finck * This is the value negotiated with peer if any, 2336c2c66affSColin Finck * or the locally configured value. 2337c2c66affSColin Finck * 2338c2c66affSColin Finck * \note With DTLS, \c mbedtls_ssl_write() will return an error if 2339c2c66affSColin Finck * called with a larger length value. 2340c2c66affSColin Finck * With TLS, \c mbedtls_ssl_write() will fragment the input if 2341c2c66affSColin Finck * necessary and return the number of bytes written; it is up 2342c2c66affSColin Finck * to the caller to call \c mbedtls_ssl_write() again in 2343c2c66affSColin Finck * order to send the remaining bytes if any. 2344c2c66affSColin Finck * 2345c2c66affSColin Finck * \param ssl SSL context 2346c2c66affSColin Finck * 2347c2c66affSColin Finck * \return Current maximum fragment length. 2348c2c66affSColin Finck */ 2349c2c66affSColin Finck size_t mbedtls_ssl_get_max_frag_len( const mbedtls_ssl_context *ssl ); 2350c2c66affSColin Finck #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ 2351c2c66affSColin Finck 2352c2c66affSColin Finck #if defined(MBEDTLS_X509_CRT_PARSE_C) 2353c2c66affSColin Finck /** 2354c2c66affSColin Finck * \brief Return the peer certificate from the current connection 2355c2c66affSColin Finck * 2356c2c66affSColin Finck * Note: Can be NULL in case no certificate was sent during 2357c2c66affSColin Finck * the handshake. Different calls for the same connection can 2358c2c66affSColin Finck * return the same or different pointers for the same 2359c2c66affSColin Finck * certificate and even a different certificate altogether. 2360c2c66affSColin Finck * The peer cert CAN change in a single connection if 2361c2c66affSColin Finck * renegotiation is performed. 2362c2c66affSColin Finck * 2363c2c66affSColin Finck * \param ssl SSL context 2364c2c66affSColin Finck * 2365c2c66affSColin Finck * \return the current peer certificate 2366c2c66affSColin Finck */ 2367c2c66affSColin Finck const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert( const mbedtls_ssl_context *ssl ); 2368c2c66affSColin Finck #endif /* MBEDTLS_X509_CRT_PARSE_C */ 2369c2c66affSColin Finck 2370c2c66affSColin Finck #if defined(MBEDTLS_SSL_CLI_C) 2371c2c66affSColin Finck /** 2372c2c66affSColin Finck * \brief Save session in order to resume it later (client-side only) 2373c2c66affSColin Finck * Session data is copied to presented session structure. 2374c2c66affSColin Finck * 2375c2c66affSColin Finck * 2376c2c66affSColin Finck * \param ssl SSL context 2377c2c66affSColin Finck * \param session session context 2378c2c66affSColin Finck * 2379c2c66affSColin Finck * \return 0 if successful, 2380c2c66affSColin Finck * MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed, 2381c2c66affSColin Finck * MBEDTLS_ERR_SSL_BAD_INPUT_DATA if used server-side or 2382*d9e6c9b5SThomas Faber * arguments are otherwise invalid. 2383*d9e6c9b5SThomas Faber * 2384*d9e6c9b5SThomas Faber * \note Only the server certificate is copied, and not the full chain, 2385*d9e6c9b5SThomas Faber * so you should not attempt to validate the certificate again 2386*d9e6c9b5SThomas Faber * by calling \c mbedtls_x509_crt_verify() on it. 2387*d9e6c9b5SThomas Faber * Instead, you should use the results from the verification 2388*d9e6c9b5SThomas Faber * in the original handshake by calling \c mbedtls_ssl_get_verify_result() 2389*d9e6c9b5SThomas Faber * after loading the session again into a new SSL context 2390*d9e6c9b5SThomas Faber * using \c mbedtls_ssl_set_session(). 2391*d9e6c9b5SThomas Faber * 2392*d9e6c9b5SThomas Faber * \note Once the session object is not needed anymore, you should 2393*d9e6c9b5SThomas Faber * free it by calling \c mbedtls_ssl_session_free(). 2394c2c66affSColin Finck * 2395c2c66affSColin Finck * \sa mbedtls_ssl_set_session() 2396c2c66affSColin Finck */ 2397c2c66affSColin Finck int mbedtls_ssl_get_session( const mbedtls_ssl_context *ssl, mbedtls_ssl_session *session ); 2398c2c66affSColin Finck #endif /* MBEDTLS_SSL_CLI_C */ 2399c2c66affSColin Finck 2400c2c66affSColin Finck /** 2401c2c66affSColin Finck * \brief Perform the SSL handshake 2402c2c66affSColin Finck * 2403c2c66affSColin Finck * \param ssl SSL context 2404c2c66affSColin Finck * 2405c2c66affSColin Finck * \return 0 if successful, or 2406c2c66affSColin Finck * MBEDTLS_ERR_SSL_WANT_READ or MBEDTLS_ERR_SSL_WANT_WRITE, or 2407c2c66affSColin Finck * MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED (see below), or 2408c2c66affSColin Finck * a specific SSL error code. 2409c2c66affSColin Finck * 2410c2c66affSColin Finck * \note If this function returns something other than 0 or 2411c2c66affSColin Finck * MBEDTLS_ERR_SSL_WANT_READ/WRITE, then the ssl context 2412c2c66affSColin Finck * becomes unusable, and you should either free it or call 2413c2c66affSColin Finck * \c mbedtls_ssl_session_reset() on it before re-using it for 2414c2c66affSColin Finck * a new connection; the current connection must be closed. 2415c2c66affSColin Finck * 2416c2c66affSColin Finck * \note If DTLS is in use, then you may choose to handle 2417c2c66affSColin Finck * MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED specially for logging 2418c2c66affSColin Finck * purposes, as it is an expected return value rather than an 2419c2c66affSColin Finck * actual error, but you still need to reset/free the context. 2420c2c66affSColin Finck */ 2421c2c66affSColin Finck int mbedtls_ssl_handshake( mbedtls_ssl_context *ssl ); 2422c2c66affSColin Finck 2423c2c66affSColin Finck /** 2424c2c66affSColin Finck * \brief Perform a single step of the SSL handshake 2425c2c66affSColin Finck * 2426c2c66affSColin Finck * \note The state of the context (ssl->state) will be at 2427c2c66affSColin Finck * the next state after execution of this function. Do not 2428c2c66affSColin Finck * call this function if state is MBEDTLS_SSL_HANDSHAKE_OVER. 2429c2c66affSColin Finck * 2430c2c66affSColin Finck * \note If this function returns something other than 0 or 2431c2c66affSColin Finck * MBEDTLS_ERR_SSL_WANT_READ/WRITE, then the ssl context 2432c2c66affSColin Finck * becomes unusable, and you should either free it or call 2433c2c66affSColin Finck * \c mbedtls_ssl_session_reset() on it before re-using it for 2434c2c66affSColin Finck * a new connection; the current connection must be closed. 2435c2c66affSColin Finck * 2436c2c66affSColin Finck * \param ssl SSL context 2437c2c66affSColin Finck * 2438c2c66affSColin Finck * \return 0 if successful, or 2439c2c66affSColin Finck * MBEDTLS_ERR_SSL_WANT_READ or MBEDTLS_ERR_SSL_WANT_WRITE, or 2440c2c66affSColin Finck * a specific SSL error code. 2441c2c66affSColin Finck */ 2442c2c66affSColin Finck int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl ); 2443c2c66affSColin Finck 2444c2c66affSColin Finck #if defined(MBEDTLS_SSL_RENEGOTIATION) 2445c2c66affSColin Finck /** 2446c2c66affSColin Finck * \brief Initiate an SSL renegotiation on the running connection. 2447c2c66affSColin Finck * Client: perform the renegotiation right now. 2448c2c66affSColin Finck * Server: request renegotiation, which will be performed 2449c2c66affSColin Finck * during the next call to mbedtls_ssl_read() if honored by 2450c2c66affSColin Finck * client. 2451c2c66affSColin Finck * 2452c2c66affSColin Finck * \param ssl SSL context 2453c2c66affSColin Finck * 2454c2c66affSColin Finck * \return 0 if successful, or any mbedtls_ssl_handshake() return 2455c2c66affSColin Finck * value. 2456c2c66affSColin Finck * 2457c2c66affSColin Finck * \note If this function returns something other than 0 or 2458c2c66affSColin Finck * MBEDTLS_ERR_SSL_WANT_READ/WRITE, then the ssl context 2459c2c66affSColin Finck * becomes unusable, and you should either free it or call 2460c2c66affSColin Finck * \c mbedtls_ssl_session_reset() on it before re-using it for 2461c2c66affSColin Finck * a new connection; the current connection must be closed. 2462c2c66affSColin Finck */ 2463c2c66affSColin Finck int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl ); 2464c2c66affSColin Finck #endif /* MBEDTLS_SSL_RENEGOTIATION */ 2465c2c66affSColin Finck 2466c2c66affSColin Finck /** 2467c2c66affSColin Finck * \brief Read at most 'len' application data bytes 2468c2c66affSColin Finck * 2469c2c66affSColin Finck * \param ssl SSL context 2470c2c66affSColin Finck * \param buf buffer that will hold the data 2471c2c66affSColin Finck * \param len maximum number of bytes to read 2472c2c66affSColin Finck * 2473c2c66affSColin Finck * \return the number of bytes read, or 2474c2c66affSColin Finck * 0 for EOF, or 2475c2c66affSColin Finck * MBEDTLS_ERR_SSL_WANT_READ or MBEDTLS_ERR_SSL_WANT_WRITE, or 2476c2c66affSColin Finck * MBEDTLS_ERR_SSL_CLIENT_RECONNECT (see below), or 2477c2c66affSColin Finck * another negative error code. 2478c2c66affSColin Finck * 2479c2c66affSColin Finck * \note If this function returns something other than a positive 2480c2c66affSColin Finck * value or MBEDTLS_ERR_SSL_WANT_READ/WRITE or 2481c2c66affSColin Finck * MBEDTLS_ERR_SSL_CLIENT_RECONNECT, then the ssl context 2482c2c66affSColin Finck * becomes unusable, and you should either free it or call 2483c2c66affSColin Finck * \c mbedtls_ssl_session_reset() on it before re-using it for 2484c2c66affSColin Finck * a new connection; the current connection must be closed. 2485c2c66affSColin Finck * 2486c2c66affSColin Finck * \note When this function return MBEDTLS_ERR_SSL_CLIENT_RECONNECT 2487c2c66affSColin Finck * (which can only happen server-side), it means that a client 2488c2c66affSColin Finck * is initiating a new connection using the same source port. 2489c2c66affSColin Finck * You can either treat that as a connection close and wait 2490c2c66affSColin Finck * for the client to resend a ClientHello, or directly 2491c2c66affSColin Finck * continue with \c mbedtls_ssl_handshake() with the same 2492c2c66affSColin Finck * context (as it has beeen reset internally). Either way, you 2493c2c66affSColin Finck * should make sure this is seen by the application as a new 2494c2c66affSColin Finck * connection: application state, if any, should be reset, and 2495c2c66affSColin Finck * most importantly the identity of the client must be checked 2496c2c66affSColin Finck * again. WARNING: not validating the identity of the client 2497c2c66affSColin Finck * again, or not transmitting the new identity to the 2498c2c66affSColin Finck * application layer, would allow authentication bypass! 2499c2c66affSColin Finck */ 2500c2c66affSColin Finck int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ); 2501c2c66affSColin Finck 2502c2c66affSColin Finck /** 2503c2c66affSColin Finck * \brief Try to write exactly 'len' application data bytes 2504c2c66affSColin Finck * 2505c2c66affSColin Finck * \warning This function will do partial writes in some cases. If the 2506c2c66affSColin Finck * return value is non-negative but less than length, the 2507c2c66affSColin Finck * function must be called again with updated arguments: 2508c2c66affSColin Finck * buf + ret, len - ret (if ret is the return value) until 2509c2c66affSColin Finck * it returns a value equal to the last 'len' argument. 2510c2c66affSColin Finck * 2511c2c66affSColin Finck * \param ssl SSL context 2512c2c66affSColin Finck * \param buf buffer holding the data 2513c2c66affSColin Finck * \param len how many bytes must be written 2514c2c66affSColin Finck * 2515c2c66affSColin Finck * \return the number of bytes actually written (may be less than len), 2516c2c66affSColin Finck * or MBEDTLS_ERR_SSL_WANT_WRITE or MBEDTLS_ERR_SSL_WANT_READ, 2517c2c66affSColin Finck * or another negative error code. 2518c2c66affSColin Finck * 2519*d9e6c9b5SThomas Faber * \note If this function returns something other than 0, a positive 2520*d9e6c9b5SThomas Faber * value or MBEDTLS_ERR_SSL_WANT_READ/WRITE, you must stop 2521*d9e6c9b5SThomas Faber * using the SSL context for reading or writing, and either 2522*d9e6c9b5SThomas Faber * free it or call \c mbedtls_ssl_session_reset() on it before 2523*d9e6c9b5SThomas Faber * re-using it for a new connection; the current connection 2524*d9e6c9b5SThomas Faber * must be closed. 2525c2c66affSColin Finck * 2526c2c66affSColin Finck * \note When this function returns MBEDTLS_ERR_SSL_WANT_WRITE/READ, 2527c2c66affSColin Finck * it must be called later with the *same* arguments, 2528*d9e6c9b5SThomas Faber * until it returns a value greater that or equal to 0. When 2529*d9e6c9b5SThomas Faber * the function returns MBEDTLS_ERR_SSL_WANT_WRITE there may be 2530*d9e6c9b5SThomas Faber * some partial data in the output buffer, however this is not 2531*d9e6c9b5SThomas Faber * yet sent. 2532c2c66affSColin Finck * 2533c2c66affSColin Finck * \note If the requested length is greater than the maximum 2534c2c66affSColin Finck * fragment length (either the built-in limit or the one set 2535c2c66affSColin Finck * or negotiated with the peer), then: 2536c2c66affSColin Finck * - with TLS, less bytes than requested are written. 2537c2c66affSColin Finck * - with DTLS, MBEDTLS_ERR_SSL_BAD_INPUT_DATA is returned. 2538c2c66affSColin Finck * \c mbedtls_ssl_get_max_frag_len() may be used to query the 2539c2c66affSColin Finck * active maximum fragment length. 2540*d9e6c9b5SThomas Faber * 2541*d9e6c9b5SThomas Faber * \note Attempting to write 0 bytes will result in an empty TLS 2542*d9e6c9b5SThomas Faber * application record being sent. 2543c2c66affSColin Finck */ 2544c2c66affSColin Finck int mbedtls_ssl_write( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ); 2545c2c66affSColin Finck 2546c2c66affSColin Finck /** 2547c2c66affSColin Finck * \brief Send an alert message 2548c2c66affSColin Finck * 2549c2c66affSColin Finck * \param ssl SSL context 2550c2c66affSColin Finck * \param level The alert level of the message 2551c2c66affSColin Finck * (MBEDTLS_SSL_ALERT_LEVEL_WARNING or MBEDTLS_SSL_ALERT_LEVEL_FATAL) 2552c2c66affSColin Finck * \param message The alert message (SSL_ALERT_MSG_*) 2553c2c66affSColin Finck * 2554c2c66affSColin Finck * \return 0 if successful, or a specific SSL error code. 2555c2c66affSColin Finck * 2556c2c66affSColin Finck * \note If this function returns something other than 0 or 2557c2c66affSColin Finck * MBEDTLS_ERR_SSL_WANT_READ/WRITE, then the ssl context 2558c2c66affSColin Finck * becomes unusable, and you should either free it or call 2559c2c66affSColin Finck * \c mbedtls_ssl_session_reset() on it before re-using it for 2560c2c66affSColin Finck * a new connection; the current connection must be closed. 2561c2c66affSColin Finck */ 2562c2c66affSColin Finck int mbedtls_ssl_send_alert_message( mbedtls_ssl_context *ssl, 2563c2c66affSColin Finck unsigned char level, 2564c2c66affSColin Finck unsigned char message ); 2565c2c66affSColin Finck /** 2566c2c66affSColin Finck * \brief Notify the peer that the connection is being closed 2567c2c66affSColin Finck * 2568c2c66affSColin Finck * \param ssl SSL context 2569c2c66affSColin Finck * 2570c2c66affSColin Finck * \return 0 if successful, or a specific SSL error code. 2571c2c66affSColin Finck * 2572c2c66affSColin Finck * \note If this function returns something other than 0 or 2573c2c66affSColin Finck * MBEDTLS_ERR_SSL_WANT_READ/WRITE, then the ssl context 2574c2c66affSColin Finck * becomes unusable, and you should either free it or call 2575c2c66affSColin Finck * \c mbedtls_ssl_session_reset() on it before re-using it for 2576c2c66affSColin Finck * a new connection; the current connection must be closed. 2577c2c66affSColin Finck */ 2578c2c66affSColin Finck int mbedtls_ssl_close_notify( mbedtls_ssl_context *ssl ); 2579c2c66affSColin Finck 2580c2c66affSColin Finck /** 2581c2c66affSColin Finck * \brief Free referenced items in an SSL context and clear memory 2582c2c66affSColin Finck * 2583c2c66affSColin Finck * \param ssl SSL context 2584c2c66affSColin Finck */ 2585c2c66affSColin Finck void mbedtls_ssl_free( mbedtls_ssl_context *ssl ); 2586c2c66affSColin Finck 2587c2c66affSColin Finck /** 2588c2c66affSColin Finck * \brief Initialize an SSL configuration context 2589c2c66affSColin Finck * Just makes the context ready for 2590c2c66affSColin Finck * mbedtls_ssl_config_defaults() or mbedtls_ssl_config_free(). 2591c2c66affSColin Finck * 2592c2c66affSColin Finck * \note You need to call mbedtls_ssl_config_defaults() unless you 2593c2c66affSColin Finck * manually set all of the relevent fields yourself. 2594c2c66affSColin Finck * 2595c2c66affSColin Finck * \param conf SSL configuration context 2596c2c66affSColin Finck */ 2597c2c66affSColin Finck void mbedtls_ssl_config_init( mbedtls_ssl_config *conf ); 2598c2c66affSColin Finck 2599c2c66affSColin Finck /** 2600c2c66affSColin Finck * \brief Load reasonnable default SSL configuration values. 2601c2c66affSColin Finck * (You need to call mbedtls_ssl_config_init() first.) 2602c2c66affSColin Finck * 2603c2c66affSColin Finck * \param conf SSL configuration context 2604c2c66affSColin Finck * \param endpoint MBEDTLS_SSL_IS_CLIENT or MBEDTLS_SSL_IS_SERVER 2605c2c66affSColin Finck * \param transport MBEDTLS_SSL_TRANSPORT_STREAM for TLS, or 2606c2c66affSColin Finck * MBEDTLS_SSL_TRANSPORT_DATAGRAM for DTLS 2607c2c66affSColin Finck * \param preset a MBEDTLS_SSL_PRESET_XXX value 2608c2c66affSColin Finck * 2609c2c66affSColin Finck * \note See \c mbedtls_ssl_conf_transport() for notes on DTLS. 2610c2c66affSColin Finck * 2611c2c66affSColin Finck * \return 0 if successful, or 2612c2c66affSColin Finck * MBEDTLS_ERR_XXX_ALLOC_FAILED on memory allocation error. 2613c2c66affSColin Finck */ 2614c2c66affSColin Finck int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf, 2615c2c66affSColin Finck int endpoint, int transport, int preset ); 2616c2c66affSColin Finck 2617c2c66affSColin Finck /** 2618c2c66affSColin Finck * \brief Free an SSL configuration context 2619c2c66affSColin Finck * 2620c2c66affSColin Finck * \param conf SSL configuration context 2621c2c66affSColin Finck */ 2622c2c66affSColin Finck void mbedtls_ssl_config_free( mbedtls_ssl_config *conf ); 2623c2c66affSColin Finck 2624c2c66affSColin Finck /** 2625c2c66affSColin Finck * \brief Initialize SSL session structure 2626c2c66affSColin Finck * 2627c2c66affSColin Finck * \param session SSL session 2628c2c66affSColin Finck */ 2629c2c66affSColin Finck void mbedtls_ssl_session_init( mbedtls_ssl_session *session ); 2630c2c66affSColin Finck 2631c2c66affSColin Finck /** 2632c2c66affSColin Finck * \brief Free referenced items in an SSL session including the 2633c2c66affSColin Finck * peer certificate and clear memory 2634c2c66affSColin Finck * 2635*d9e6c9b5SThomas Faber * \note A session object can be freed even if the SSL context 2636*d9e6c9b5SThomas Faber * that was used to retrieve the session is still in use. 2637*d9e6c9b5SThomas Faber * 2638c2c66affSColin Finck * \param session SSL session 2639c2c66affSColin Finck */ 2640c2c66affSColin Finck void mbedtls_ssl_session_free( mbedtls_ssl_session *session ); 2641c2c66affSColin Finck 2642c2c66affSColin Finck #ifdef __cplusplus 2643c2c66affSColin Finck } 2644c2c66affSColin Finck #endif 2645c2c66affSColin Finck 2646c2c66affSColin Finck #endif /* ssl.h */ 2647