1
0

ssl.h 18 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474
  1. /*
  2. * Copyright (c) 2007, Cameron Rich
  3. *
  4. * All rights reserved.
  5. *
  6. * Redistribution and use in source and binary forms, with or without
  7. * modification, are permitted provided that the following conditions are met:
  8. *
  9. * * Redistributions of source code must retain the above copyright notice,
  10. * this list of conditions and the following disclaimer.
  11. * * Redistributions in binary form must reproduce the above copyright notice,
  12. * this list of conditions and the following disclaimer in the documentation
  13. * and/or other materials provided with the distribution.
  14. * * Neither the name of the axTLS project nor the names of its contributors
  15. * may be used to endorse or promote products derived from this software
  16. * without specific prior written permission.
  17. *
  18. * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  19. * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  20. * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
  21. * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
  22. * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
  23. * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
  24. * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
  25. * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
  26. * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
  27. * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
  28. * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  29. */
  30. /**
  31. * @mainpage axTLS API
  32. *
  33. * @image html axolotl.jpg
  34. *
  35. * The axTLS library has features such as:
  36. * - The TLSv1 SSL client/server protocol
  37. * - No requirement to use any openssl libraries.
  38. * - A choice between AES block (128/256 bit) and RC4 (128 bit) stream ciphers.
  39. * - RSA encryption/decryption with variable sized keys (up to 4096 bits).
  40. * - Certificate chaining and peer authentication.
  41. * - Session resumption, session renegotiation.
  42. * - ASN.1, X.509, PKCS#8, PKCS#12 keys/certificates with DER/PEM encoding.
  43. * - Highly configurable compile time options.
  44. * - Portable across many platforms (written in ANSI C), and has language
  45. * bindings in C, C#, VB.NET, Java, Perl and Lua.
  46. * - Partial openssl API compatibility (via a wrapper).
  47. * - A very small footprint (around 50-60kB for the library in 'server-only'
  48. * mode).
  49. * - No dependencies on sockets - can use serial connections for example.
  50. * - A very simple API - ~ 20 functions/methods.
  51. *
  52. * A list of these functions/methods are described below.
  53. *
  54. * @ref c_api
  55. *
  56. * @ref bigint_api
  57. *
  58. * @ref csharp_api
  59. *
  60. * @ref java_api
  61. */
  62. #ifndef HEADER_SSL_H
  63. #define HEADER_SSL_H
  64. #ifdef __cplusplus
  65. extern "C" {
  66. #endif
  67. #include <time.h>
  68. //#include "crypto.h"
  69. /* need to predefine before ssl_lib.h gets to it */
  70. #define SSL_SESSION_ID_SIZE 32
  71. #include "tls1.h"
  72. /* The optional parameters that can be given to the client/server SSL engine */
  73. #define SSL_CLIENT_AUTHENTICATION 0x00010000
  74. #define SSL_SERVER_VERIFY_LATER 0x00020000
  75. #define SSL_NO_DEFAULT_KEY 0x00040000
  76. #define SSL_DISPLAY_STATES 0x00080000
  77. #define SSL_DISPLAY_BYTES 0x00100000
  78. #define SSL_DISPLAY_CERTS 0x00200000
  79. #define SSL_DISPLAY_RSA 0x00400000
  80. /* errors that can be generated */
  81. #define SSL_OK 0
  82. #define SSL_NOT_OK -1
  83. #define SSL_ERROR_DEAD -2
  84. #define SSL_ERROR_CONN_LOST -256
  85. #define SSL_ERROR_SOCK_SETUP_FAILURE -258
  86. #define SSL_ERROR_INVALID_HANDSHAKE -260
  87. #define SSL_ERROR_INVALID_PROT_MSG -261
  88. #define SSL_ERROR_INVALID_HMAC -262
  89. #define SSL_ERROR_INVALID_VERSION -263
  90. #define SSL_ERROR_INVALID_SESSION -265
  91. #define SSL_ERROR_NO_CIPHER -266
  92. #define SSL_ERROR_BAD_CERTIFICATE -268
  93. #define SSL_ERROR_INVALID_KEY -269
  94. #define SSL_ERROR_FINISHED_INVALID -271
  95. #define SSL_ERROR_NO_CERT_DEFINED -272
  96. #define SSL_ERROR_NOT_SUPPORTED -274
  97. #define SSL_X509_OFFSET -512
  98. #define SSL_X509_ERROR(A) (SSL_X509_OFFSET+A)
  99. /* these are all the alerts that are recognized */
  100. #define SSL_ALERT_CLOSE_NOTIFY 0
  101. #define SSL_ALERT_UNEXPECTED_MESSAGE 10
  102. #define SSL_ALERT_BAD_RECORD_MAC 20
  103. #define SSL_ALERT_HANDSHAKE_FAILURE 40
  104. #define SSL_ALERT_BAD_CERTIFICATE 42
  105. #define SSL_ALERT_ILLEGAL_PARAMETER 47
  106. #define SSL_ALERT_DECODE_ERROR 50
  107. #define SSL_ALERT_DECRYPT_ERROR 51
  108. #define SSL_ALERT_INVALID_VERSION 70
  109. /* The ciphers that are supported */
  110. #define SSL_AES128_SHA 0x2f
  111. #define SSL_AES256_SHA 0x35
  112. #define SSL_RC4_128_SHA 0x05
  113. #define SSL_RC4_128_MD5 0x04
  114. /* build mode ids' */
  115. #define SSL_BUILD_SKELETON_MODE 0x01
  116. #define SSL_BUILD_SERVER_ONLY 0x02
  117. #define SSL_BUILD_ENABLE_VERIFICATION 0x03
  118. #define SSL_BUILD_ENABLE_CLIENT 0x04
  119. #define SSL_BUILD_FULL_MODE 0x05
  120. /* offsets to retrieve configuration information */
  121. #define SSL_BUILD_MODE 0
  122. #define SSL_MAX_CERT_CFG_OFFSET 1
  123. #define SSL_MAX_CA_CERT_CFG_OFFSET 2
  124. #define SSL_HAS_PEM 3
  125. /* default session sizes */
  126. #define SSL_DEFAULT_SVR_SESS 5
  127. #define SSL_DEFAULT_CLNT_SESS 1
  128. /* X.509/X.520 distinguished name types */
  129. #define SSL_X509_CERT_COMMON_NAME 0
  130. #define SSL_X509_CERT_ORGANIZATION 1
  131. #define SSL_X509_CERT_ORGANIZATIONAL_NAME 2
  132. #define SSL_X509_CA_CERT_COMMON_NAME 3
  133. #define SSL_X509_CA_CERT_ORGANIZATION 4
  134. #define SSL_X509_CA_CERT_ORGANIZATIONAL_NAME 5
  135. /* SSL object loader types */
  136. #define SSL_OBJ_X509_CERT 1
  137. #define SSL_OBJ_X509_CACERT 2
  138. #define SSL_OBJ_RSA_KEY 3
  139. #define SSL_OBJ_PKCS8 4
  140. #define SSL_OBJ_PKCS12 5
  141. /**
  142. * @defgroup c_api Standard C API
  143. * @brief The standard interface in C.
  144. * @{
  145. */
  146. /**
  147. * @brief Establish a new client/server context.
  148. *
  149. * This function is called before any client/server SSL connections are made.
  150. *
  151. * Each new connection will use the this context's private key and
  152. * certificate chain. If a different certificate chain is required, then a
  153. * different context needs to be be used.
  154. *
  155. * There are two threading models supported - a single thread with one
  156. * SSL_CTX can support any number of SSL connections - and multiple threads can
  157. * support one SSL_CTX object each (the default). But if a single SSL_CTX
  158. * object uses many SSL objects in individual threads, then the
  159. * CONFIG_SSL_CTX_MUTEXING option needs to be configured.
  160. *
  161. * @param options [in] Any particular options. At present the options
  162. * supported are:
  163. * - SSL_SERVER_VERIFY_LATER (client only): Don't stop a handshake if the server
  164. * authentication fails. The certificate can be authenticated later with a
  165. * call to ssl_verify_cert().
  166. * - SSL_CLIENT_AUTHENTICATION (server only): Enforce client authentication
  167. * i.e. each handshake will include a "certificate request" message from the
  168. * server. Only available if verification has been enabled.
  169. * - SSL_DISPLAY_BYTES (full mode build only): Display the byte sequences
  170. * during the handshake.
  171. * - SSL_DISPLAY_STATES (full mode build only): Display the state changes
  172. * during the handshake.
  173. * - SSL_DISPLAY_CERTS (full mode build only): Display the certificates that
  174. * are passed during a handshake.
  175. * - SSL_DISPLAY_RSA (full mode build only): Display the RSA key details that
  176. * are passed during a handshake.
  177. *
  178. * @param num_sessions [in] The number of sessions to be used for session
  179. * caching. If this value is 0, then there is no session caching. This option
  180. * is not used in skeleton mode.
  181. * @return A client/server context.
  182. */
  183. EXP_FUNC SSL_CTX * STDCALL ssl_ctx_new(uint32_t options, int num_sessions);
  184. /**
  185. * @brief Remove a client/server context.
  186. *
  187. * Frees any used resources used by this context. Each connection will be
  188. * sent a "Close Notify" alert (if possible).
  189. * @param ssl_ctx [in] The client/server context.
  190. */
  191. EXP_FUNC void STDCALL ssl_ctx_free(SSL_CTX *ssl_ctx);
  192. /**
  193. * @brief (server only) Establish a new SSL connection to an SSL client.
  194. *
  195. * It is up to the application to establish the logical connection (whether it
  196. * is a socket, serial connection etc).
  197. * @param ssl_ctx [in] The server context.
  198. * @param client_fd [in] The client's file descriptor.
  199. * @return An SSL object reference.
  200. */
  201. EXP_FUNC SSL * STDCALL ssl_server_new(SSL_CTX *ssl_ctx, int client_fd);
  202. /**
  203. * @brief (client only) Establish a new SSL connection to an SSL server.
  204. *
  205. * It is up to the application to establish the initial logical connection
  206. * (whether it is a socket, serial connection etc).
  207. *
  208. * This is a blocking call - it will finish when the handshake is complete (or
  209. * has failed).
  210. * @param ssl_ctx [in] The client context.
  211. * @param client_fd [in] The client's file descriptor.
  212. * @param session_id [in] A 32 byte session id for session resumption. This
  213. * can be null if no session resumption is being used or required. This option
  214. * is not used in skeleton mode.
  215. * @param sess_id_size The size of the session id (max 32)
  216. * @return An SSL object reference. Use ssl_handshake_status() to check
  217. * if a handshake succeeded.
  218. */
  219. EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const uint8_t *session_id, uint8_t sess_id_size);
  220. /**
  221. * @brief Free any used resources on this connection.
  222. * A "Close Notify" message is sent on this connection (if possible). It is up
  223. * to the application to close the socket or file descriptor.
  224. * @param ssl [in] The ssl object reference.
  225. */
  226. EXP_FUNC void STDCALL ssl_free(SSL *ssl);
  227. /**
  228. * @brief Read the SSL data stream.
  229. * The socket must be in blocking mode.
  230. * @param ssl [in] An SSL object reference.
  231. * @param in_data [out] If the read was successful, a pointer to the read
  232. * buffer will be here. Do NOT ever free this memory as this buffer is used in
  233. * sucessive calls. If the call was unsuccessful, this value will be null.
  234. * @return The number of decrypted bytes:
  235. * - if > 0, then the handshaking is complete and we are returning the number
  236. * of decrypted bytes.
  237. * - SSL_OK if the handshaking stage is successful (but not yet complete).
  238. * - < 0 if an error.
  239. * @see ssl.h for the error code list.
  240. * @note Use in_data before doing any successive ssl calls.
  241. */
  242. EXP_FUNC int STDCALL ssl_read(SSL *ssl, uint8_t **in_data);
  243. /**
  244. * @brief Write to the SSL data stream.
  245. * The socket must be in blocking mode.
  246. * @param ssl [in] An SSL obect reference.
  247. * @param out_data [in] The data to be written
  248. * @param out_len [in] The number of bytes to be written.
  249. * @return The number of bytes sent, or if < 0 if an error.
  250. * @see ssl.h for the error code list.
  251. */
  252. EXP_FUNC int STDCALL ssl_write(SSL *ssl, const uint8_t *out_data, int out_len);
  253. /**
  254. * @brief Find an ssl object based on a file descriptor.
  255. *
  256. * Goes through the list of SSL objects maintained in a client/server context
  257. * to look for a file descriptor match.
  258. * @param ssl_ctx [in] The client/server context.
  259. * @param client_fd [in] The file descriptor.
  260. * @return A reference to the SSL object. Returns null if the object could not
  261. * be found.
  262. */
  263. EXP_FUNC SSL * STDCALL ssl_find(SSL_CTX *ssl_ctx, int client_fd);
  264. /**
  265. * @brief Get the session id for a handshake.
  266. *
  267. * This will be a 32 byte sequence and is available after the first
  268. * handshaking messages are sent.
  269. * @param ssl [in] An SSL object reference.
  270. * @return The session id as a 32 byte sequence.
  271. * @note A SSLv23 handshake may have only 16 valid bytes.
  272. */
  273. EXP_FUNC const uint8_t * STDCALL ssl_get_session_id(const SSL *ssl);
  274. /**
  275. * @brief Get the session id size for a handshake.
  276. *
  277. * This will normally be 32 but could be 0 (no session id) or something else.
  278. * @param ssl [in] An SSL object reference.
  279. * @return The size of the session id.
  280. */
  281. EXP_FUNC uint8_t STDCALL ssl_get_session_id_size(const SSL *ssl);
  282. /**
  283. * @brief Return the cipher id (in the SSL form).
  284. * @param ssl [in] An SSL object reference.
  285. * @return The cipher id. This will be one of the following:
  286. * - SSL_AES128_SHA (0x2f)
  287. * - SSL_AES256_SHA (0x35)
  288. * - SSL_RC4_128_SHA (0x05)
  289. * - SSL_RC4_128_MD5 (0x04)
  290. */
  291. EXP_FUNC uint8_t STDCALL ssl_get_cipher_id(const SSL *ssl);
  292. /**
  293. * @brief Return the status of the handshake.
  294. * @param ssl [in] An SSL object reference.
  295. * @return SSL_OK if the handshake is complete and ok.
  296. * @see ssl.h for the error code list.
  297. */
  298. EXP_FUNC int STDCALL ssl_handshake_status(const SSL *ssl);
  299. /**
  300. * @brief Retrieve various parameters about the axTLS engine.
  301. * @param offset [in] The configuration offset. It will be one of the following:
  302. * - SSL_BUILD_MODE The build mode. This will be one of the following:
  303. * - SSL_BUILD_SERVER_ONLY (basic server mode)
  304. * - SSL_BUILD_ENABLE_VERIFICATION (server can do client authentication)
  305. * - SSL_BUILD_ENABLE_CLIENT (client/server capabilties)
  306. * - SSL_BUILD_FULL_MODE (client/server with diagnostics)
  307. * - SSL_BUILD_SKELETON_MODE (skeleton mode)
  308. * - SSL_MAX_CERT_CFG_OFFSET The maximum number of certificates allowed.
  309. * - SSL_MAX_CA_CERT_CFG_OFFSET The maximum number of CA certificates allowed.
  310. * - SSL_HAS_PEM 1 if supported
  311. * @return The value of the requested parameter.
  312. */
  313. EXP_FUNC int STDCALL ssl_get_config(int offset);
  314. /**
  315. * @brief Display why the handshake failed.
  316. *
  317. * This call is only useful in a 'full mode' build. The output is to stdout.
  318. * @param error_code [in] An error code.
  319. * @see ssl.h for the error code list.
  320. */
  321. EXP_FUNC void STDCALL ssl_display_error(int error_code);
  322. /**
  323. * @brief Authenticate a received certificate.
  324. *
  325. * This call is usually made by a client after a handshake is complete and the
  326. * context is in SSL_SERVER_VERIFY_LATER mode.
  327. * @param ssl [in] An SSL object reference.
  328. * @return SSL_OK if the certificate is verified.
  329. */
  330. EXP_FUNC int STDCALL ssl_verify_cert(const SSL *ssl);
  331. /**
  332. * @brief Retrieve an X.509 distinguished name component.
  333. *
  334. * When a handshake is complete and a certificate has been exchanged, then the
  335. * details of the remote certificate can be retrieved.
  336. *
  337. * This will usually be used by a client to check that the server's common
  338. * name matches the URL.
  339. *
  340. * A full handshake needs to occur for this call to work properly.
  341. *
  342. * @param ssl [in] An SSL object reference.
  343. * @param component [in] one of:
  344. * - SSL_X509_CERT_COMMON_NAME
  345. * - SSL_X509_CERT_ORGANIZATION
  346. * - SSL_X509_CERT_ORGANIZATIONAL_NAME
  347. * - SSL_X509_CA_CERT_COMMON_NAME
  348. * - SSL_X509_CA_CERT_ORGANIZATION
  349. * - SSL_X509_CA_CERT_ORGANIZATIONAL_NAME
  350. * @return The appropriate string (or null if not defined)
  351. * @note Verification build mode must be enabled.
  352. */
  353. EXP_FUNC const char * STDCALL ssl_get_cert_dn(const SSL *ssl, int component);
  354. /**
  355. * @brief Force the client to perform its handshake again.
  356. *
  357. * For a client this involves sending another "client hello" message.
  358. * For the server is means sending a "hello request" message.
  359. *
  360. * This is a blocking call on the client (until the handshake completes).
  361. *
  362. * @param ssl [in] An SSL object reference.
  363. * @return SSL_OK if renegotiation instantiation was ok
  364. */
  365. EXP_FUNC int STDCALL ssl_renegotiate(SSL *ssl);
  366. /**
  367. * @brief Process a file that is in binary DER or ASCII PEM format.
  368. *
  369. * These are temporary objects that are used to load private keys,
  370. * certificates etc into memory.
  371. * @param ssl_ctx [in] The client/server context.
  372. * @param obj_type [in] The format of the file. Can be one of:
  373. * - SSL_OBJ_X509_CERT (no password required)
  374. * - SSL_OBJ_X509_CACERT (no password required)
  375. * - SSL_OBJ_RSA_KEY (AES128/AES256 PEM encryption supported)
  376. * - SSL_OBJ_PKCS8 (RC4-128 encrypted data supported)
  377. * - SSL_OBJ_PKCS12 (RC4-128 encrypted data supported)
  378. *
  379. * PEM files are automatically detected (if supported). The object type is
  380. * also detected, and so is not relevant for these types of files.
  381. * @param filename [in] The location of a file in DER/PEM format.
  382. * @param password [in] The password used. Can be null if not required.
  383. * @return SSL_OK if all ok
  384. * @note Not available in skeleton build mode.
  385. */
  386. EXP_FUNC int STDCALL ssl_obj_load(SSL_CTX *ssl_ctx, int obj_type, const char *filename, const char *password);
  387. /**
  388. * @brief Process binary data.
  389. *
  390. * These are temporary objects that are used to load private keys,
  391. * certificates etc into memory.
  392. * @param ssl_ctx [in] The client/server context.
  393. * @param obj_type [in] The format of the memory data.
  394. * @param data [in] The binary data to be loaded.
  395. * @param len [in] The amount of data to be loaded.
  396. * @param password [in] The password used. Can be null if not required.
  397. * @return SSL_OK if all ok
  398. * @see ssl_obj_load for more details on obj_type.
  399. */
  400. EXP_FUNC int STDCALL ssl_obj_memory_load(SSL_CTX *ssl_ctx, int obj_type, const uint8_t *data, int len, const char *password);
  401. #ifdef CONFIG_SSL_GENERATE_X509_CERT
  402. /**
  403. * @brief Create an X.509 certificate.
  404. *
  405. * This certificate is a self-signed v1 cert with a fixed start/stop validity
  406. * times. It is signed with an internal private key in ssl_ctx.
  407. *
  408. * @param ssl_ctx [in] The client/server context.
  409. * @param options [in] Not used yet.
  410. * @param dn [in] An array of distinguished name strings. The array is defined
  411. * by:
  412. * - SSL_X509_CERT_COMMON_NAME (0)
  413. * - If SSL_X509_CERT_COMMON_NAME is empty or not defined, then the
  414. * hostname will be used.
  415. * - SSL_X509_CERT_ORGANIZATION (1)
  416. * - If SSL_X509_CERT_ORGANIZATION is empty or not defined, then $USERNAME
  417. * will be used.
  418. * - SSL_X509_CERT_ORGANIZATIONAL_NAME (2)
  419. * - SSL_X509_CERT_ORGANIZATIONAL_NAME is optional.
  420. * @param cert_data [out] The certificate as a sequence of bytes.
  421. * @return < 0 if an error, or the size of the certificate in bytes.
  422. * @note cert_data must be freed when there is no more need for it.
  423. */
  424. EXP_FUNC int STDCALL ssl_x509_create(SSL_CTX *ssl_ctx, uint32_t options, const char * dn[], uint8_t **cert_data);
  425. #endif
  426. /**
  427. * @brief Return the axTLS library version as a string.
  428. */
  429. EXP_FUNC const char * STDCALL ssl_version(void);
  430. /** @} */
  431. #ifdef __cplusplus
  432. }
  433. #endif
  434. #endif