6 // define TLS_LEGACY_SUPPORT to support TLS 1.1/1.0 (legacy)
7 // legacy support it will use an additional 272 bytes / context
8 #ifndef NO_TLS_LEGACY_SUPPORT
9 #define TLS_LEGACY_SUPPORT
11 // SSL_* style blocking APIs
12 #ifndef NO_SSL_COMPATIBLE_INTERFACE
13 #define SSL_COMPATIBLE_INTERFACE
15 // support ChaCha20/Poly1305
16 #if !defined(__BIG_ENDIAN__) && ((!defined(__BYTE_ORDER)) || (__BYTE_ORDER == __LITTLE_ENDIAN))
17 // not working on big endian machines
18 #ifndef NO_TLS_WITH_CHACHA20_POLY1305
19 #define TLS_WITH_CHACHA20_POLY1305
22 // support forward secrecy (Diffie-Hellman ephemeral)
23 #ifndef NO_TLS_FORWARD_SECRECY
24 #define TLS_FORWARD_SECRECY
26 // support client-side ECDHE
27 #ifndef NO_TLS_CLIENT_ECDHE
28 #define TLS_CLIENT_ECDHE
31 #ifndef NO_TLS_ECDSA_SUPPORTED
32 #define TLS_ECDSA_SUPPORTED
34 // suport ecdsa client-side
35 // #define TLS_CLIENT_ECDSA
36 // TLS renegotiation is disabled by default (secured or not)
37 // do not uncomment next line!
38 // #define TLS_ACCEPT_SECURE_RENEGOTIATION
39 // basic superficial X509v1 certificate support
40 #ifndef NO_TLS_X509_V1_SUPPORT
41 #define TLS_X509_V1_SUPPORT
44 // disable TLS_RSA_WITH_* ciphers
45 #ifndef NO_TLS_ROBOT_MITIGATION
46 #define TLS_ROBOT_MITIGATION
49 #define SSL_V30 0x0300
50 #define TLS_V10 0x0301
51 #define TLS_V11 0x0302
52 #define TLS_V12 0x0303
53 #define DTLS_V10 0xFEFF
54 #define DTLS_V12 0xFEFD
56 #define TLS_NEED_MORE_DATA 0
57 #define TLS_GENERIC_ERROR -1
58 #define TLS_BROKEN_PACKET -2
59 #define TLS_NOT_UNDERSTOOD -3
60 #define TLS_NOT_SAFE -4
61 #define TLS_NO_COMMON_CIPHER -5
62 #define TLS_UNEXPECTED_MESSAGE -6
63 #define TLS_CLOSE_CONNECTION -7
64 #define TLS_COMPRESSION_NOT_SUPPORTED -8
65 #define TLS_NO_MEMORY -9
66 #define TLS_NOT_VERIFIED -10
67 #define TLS_INTEGRITY_FAILED -11
68 #define TLS_ERROR_ALERT -12
69 #define TLS_BROKEN_CONNECTION -13
70 #define TLS_BAD_CERTIFICATE -14
71 #define TLS_UNSUPPORTED_CERTIFICATE -15
72 #define TLS_NO_RENEGOTIATION -16
73 #define TLS_FEATURE_NOT_SUPPORTED -17
75 #define TLS_RSA_WITH_AES_128_CBC_SHA 0x002F
76 #define TLS_RSA_WITH_AES_256_CBC_SHA 0x0035
77 #define TLS_RSA_WITH_AES_128_CBC_SHA256 0x003C
78 #define TLS_RSA_WITH_AES_256_CBC_SHA256 0x003D
79 #define TLS_RSA_WITH_AES_128_GCM_SHA256 0x009C
80 #define TLS_RSA_WITH_AES_256_GCM_SHA384 0x009D
83 #define TLS_DHE_RSA_WITH_AES_128_CBC_SHA 0x0033
84 #define TLS_DHE_RSA_WITH_AES_256_CBC_SHA 0x0039
85 #define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 0x0067
86 #define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 0x006B
87 #define TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 0x009E
88 #define TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 0x009F
90 #define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 0xC013
91 #define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 0xC014
92 #define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 0xC027
93 #define TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xC02F
94 #define TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0xC030
96 #define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0xC009
97 #define TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0xC00A
98 #define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 0xC023
99 #define TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 0xC024
100 #define TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC02B
101 #define TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0xC02C
103 #define TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xCCA8
104 #define TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 0xCCA9
105 #define TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xCCAA
107 #define TLS_FALLBACK_SCSV 0x5600
109 #define TLS_UNSUPPORTED_ALGORITHM 0x00
110 #define TLS_RSA_SIGN_RSA 0x01
111 #define TLS_RSA_SIGN_MD5 0x04
112 #define TLS_RSA_SIGN_SHA1 0x05
113 #define TLS_RSA_SIGN_SHA256 0x0B
114 #define TLS_RSA_SIGN_SHA384 0x0C
115 #define TLS_RSA_SIGN_SHA512 0x0D
117 #define TLS_EC_PUBLIC_KEY 0x11
118 #define TLS_EC_prime192v1 0x12
119 #define TLS_EC_prime192v2 0x13
120 #define TLS_EC_prime192v3 0x14
121 #define TLS_EC_prime239v1 0x15
122 #define TLS_EC_prime239v2 0x16
123 #define TLS_EC_prime239v3 0x17
124 #define TLS_EC_prime256v1 0x18
125 #define TLS_EC_secp224r1 21
126 #define TLS_EC_secp256r1 23
127 #define TLS_EC_secp384r1 24
128 #define TLS_EC_secp521r1 25
130 #define TLS_ALERT_WARNING 0x01
131 #define TLS_ALERT_CRITICAL 0x02
133 #ifdef TLS_ROBOT_MITIGATION
134 #define TLS_CIPHERS_SIZE(n, mitigated) n * 2
136 #define TLS_CIPHERS_SIZE(n, mitigated) (n + mitigated) * 2
145 unexpected_message = 10,
147 decryption_failed_RESERVED = 21,
148 record_overflow = 22,
149 decompression_failure = 30,
150 handshake_failure = 40,
151 no_certificate_RESERVED = 41,
152 bad_certificate = 42,
153 unsupported_certificate = 43,
154 certificate_revoked = 44,
155 certificate_expired = 45,
156 certificate_unknown = 46,
157 illegal_parameter = 47,
162 export_restriction_RESERVED = 60,
163 protocol_version = 70,
164 insufficient_security = 71,
166 inappropriate_fallback = 86,
168 no_renegotiation = 100,
169 unsupported_extension = 110,
171 } TLSAlertDescription;
173 // forward declarations
175 struct TLSCertificate;
177 struct ECCCurveParameters;
178 typedef struct TLSContext TLS;
179 typedef struct TLSCertificate Certificate;
181 typedef int (*tls_validation_function)(struct TLSContext *context, struct TLSCertificate **certificate_chain, int len);
184 Global initialization. Optional, as it will be called automatically;
185 however, the initialization is not thread-safe, so if you intend to use TLSe
186 from multiple threads, you'll need to call tls_init() once, from a single thread,
187 before using the library.
190 unsigned char *tls_pem_decode(const unsigned char *data_in, unsigned int input_length, int cert_index, unsigned int *output_len);
191 struct TLSCertificate *tls_create_certificate();
192 int tls_certificate_valid_subject(struct TLSCertificate *cert, const char *subject);
193 int tls_certificate_valid_subject_name(const unsigned char *cert_subject, const char *subject);
194 int tls_certificate_is_valid(struct TLSCertificate *cert);
195 void tls_certificate_set_copy(unsigned char **member, const unsigned char *val, int len);
196 void tls_certificate_set_copy_date(unsigned char **member, const unsigned char *val, int len);
197 void tls_certificate_set_key(struct TLSCertificate *cert, const unsigned char *val, int len);
198 void tls_certificate_set_priv(struct TLSCertificate *cert, const unsigned char *val, int len);
199 void tls_certificate_set_sign_key(struct TLSCertificate *cert, const unsigned char *val, int len);
200 char *tls_certificate_to_string(struct TLSCertificate *cert, char *buffer, int len);
201 void tls_certificate_set_exponent(struct TLSCertificate *cert, const unsigned char *val, int len);
202 void tls_certificate_set_serial(struct TLSCertificate *cert, const unsigned char *val, int len);
203 void tls_certificate_set_algorithm(unsigned int *algorithm, const unsigned char *val, int len);
204 void tls_destroy_certificate(struct TLSCertificate *cert);
205 struct TLSPacket *tls_create_packet(struct TLSContext *context, unsigned char type, unsigned short version, int payload_size_hint);
206 void tls_destroy_packet(struct TLSPacket *packet);
207 void tls_packet_update(struct TLSPacket *packet);
208 int tls_packet_append(struct TLSPacket *packet, const unsigned char *buf, unsigned int len);
209 int tls_packet_uint8(struct TLSPacket *packet, unsigned char i);
210 int tls_packet_uint16(struct TLSPacket *packet, unsigned short i);
211 int tls_packet_uint32(struct TLSPacket *packet, unsigned int i);
212 int tls_packet_uint24(struct TLSPacket *packet, unsigned int i);
213 int tls_random(unsigned char *key, int len);
216 Get encrypted data to write, if any. Once you've sent all of it, call
219 const unsigned char *tls_get_write_buffer(struct TLSContext *context, unsigned int *outlen);
221 void tls_buffer_clear(struct TLSContext *context);
223 /* Returns 1 for established, 0 for not established yet, and -1 for a critical error. */
224 int tls_established(struct TLSContext *context);
226 /* Discards any unread decrypted data not consumed by tls_read(). */
227 void tls_read_clear(struct TLSContext *context);
230 Reads any unread decrypted data (see tls_consume_stream). If you don't read all of it,
231 the remainder will be left in the internal buffers for next tls_read(). Returns -1 for
232 fatal error, 0 for no more data, or otherwise the number of bytes copied into the buffer
233 (up to a maximum of the given size).
235 int tls_read(struct TLSContext *context, unsigned char *buf, unsigned int size);
237 struct TLSContext *tls_create_context(unsigned char is_server, unsigned short version);
238 const struct ECCCurveParameters *tls_set_curve(struct TLSContext *context, const struct ECCCurveParameters *curve);
240 /* Create a context for a given client, from a server context. Returns NULL on error. */
241 struct TLSContext *tls_accept(struct TLSContext *context);
243 int tls_set_default_dhe_pg(struct TLSContext *context, const char *p_hex_str, const char *g_hex_str);
244 void tls_destroy_context(struct TLSContext *context);
245 int tls_cipher_supported(struct TLSContext *context, unsigned short cipher);
246 int tls_cipher_is_fs(struct TLSContext *context, unsigned short cipher);
247 int tls_choose_cipher(struct TLSContext *context, const unsigned char *buf, int buf_len, int *scsv_set);
248 int tls_cipher_is_ephemeral(struct TLSContext *context);
249 const char *tls_cipher_name(struct TLSContext *context);
250 int tls_is_ecdsa(struct TLSContext *context);
251 struct TLSPacket *tls_build_client_key_exchange(struct TLSContext *context);
252 struct TLSPacket *tls_build_server_key_exchange(struct TLSContext *context, int method);
253 struct TLSPacket *tls_build_hello(struct TLSContext *context);
254 struct TLSPacket *tls_certificate_request(struct TLSContext *context);
255 struct TLSPacket *tls_build_verify_request(struct TLSContext *context);
256 int tls_parse_hello(struct TLSContext *context, const unsigned char *buf, int buf_len, unsigned int *write_packets, unsigned int *dtls_verified);
257 int tls_parse_certificate(struct TLSContext *context, const unsigned char *buf, int buf_len, int is_client);
258 int tls_parse_server_key_exchange(struct TLSContext *context, const unsigned char *buf, int buf_len);
259 int tls_parse_client_key_exchange(struct TLSContext *context, const unsigned char *buf, int buf_len);
260 int tls_parse_server_hello_done(struct TLSContext *context, const unsigned char *buf, int buf_len);
261 int tls_parse_finished(struct TLSContext *context, const unsigned char *buf, int buf_len, unsigned int *write_packets);
262 int tls_parse_verify(struct TLSContext *context, const unsigned char *buf, int buf_len);
263 int tls_parse_payload(struct TLSContext *context, const unsigned char *buf, int buf_len, tls_validation_function certificate_verify);
264 int tls_parse_message(struct TLSContext *context, unsigned char *buf, int buf_len, tls_validation_function certificate_verify);
265 int tls_certificate_verify_signature(struct TLSCertificate *cert, struct TLSCertificate *parent);
266 int tls_certificate_chain_is_valid(struct TLSCertificate **certificates, int len);
267 int tls_certificate_chain_is_valid_root(struct TLSContext *context, struct TLSCertificate **certificates, int len);
270 Add a certificate or a certificate chain to the given context, in PEM form.
271 Returns a negative value (TLS_GENERIC_ERROR etc.) on error, 0 if there were no
272 certificates in the buffer, or the number of loaded certificates on success.
274 int tls_load_certificates(struct TLSContext *context, const unsigned char *pem_buffer, int pem_size);
277 Add a private key to the given context, in PEM form. Returns a negative value
278 (TLS_GENERIC_ERROR etc.) on error, 0 if there was no private key in the
279 buffer, or 1 on success.
281 int tls_load_private_key(struct TLSContext *context, const unsigned char *pem_buffer, int pem_size);
282 struct TLSPacket *tls_build_certificate(struct TLSContext *context);
283 struct TLSPacket *tls_build_finished(struct TLSContext *context);
284 struct TLSPacket *tls_build_change_cipher_spec(struct TLSContext *context);
285 struct TLSPacket *tls_build_done(struct TLSContext *context);
286 struct TLSPacket *tls_build_message(struct TLSContext *context, const unsigned char *data, unsigned int len);
287 int tls_client_connect(struct TLSContext *context);
288 int tls_write(struct TLSContext *context, const unsigned char *data, unsigned int len);
289 struct TLSPacket *tls_build_alert(struct TLSContext *context, char critical, unsigned char code);
292 Process a given number of input bytes from a socket. If the other side just
293 presented a certificate and certificate_verify is not NULL, it will be called.
295 Returns 0 if there's no data ready yet, a negative value (see
296 TLS_GENERIC_ERROR etc.) for an error, or a positive value (the number of bytes
297 used from buf) if one or more complete TLS messages were received. The data
298 is copied into an internal buffer even if not all of it was consumed,
299 so you should not re-send it the next time.
301 Decrypted data, if any, should be read back with tls_read(). Can change the
302 status of tls_established(). If the library has anything to send back on the
303 socket (e.g. as part of the handshake), tls_get_write_buffer() will return
306 int tls_consume_stream(struct TLSContext *context, const unsigned char *buf, int buf_len, tls_validation_function certificate_verify);
307 void tls_close_notify(struct TLSContext *context);
308 void tls_alert(struct TLSContext *context, unsigned char critical, int code);
310 /* Whether tls_consume_stream() has data in its buffer that is not processed yet. */
311 int tls_pending(struct TLSContext *context);
314 Set the context as serializable or not. Must be called before negotiation.
315 Exportable contexts use a bit more memory, to be able to hold the keys.
317 Note that imported keys are not reexportable unless TLS_REEXPORTABLE is set.
319 void tls_make_exportable(struct TLSContext *context, unsigned char exportable_flag);
321 int tls_export_context(struct TLSContext *context, unsigned char *buffer, unsigned int buf_len, unsigned char small_version);
322 struct TLSContext *tls_import_context(const unsigned char *buffer, unsigned int buf_len);
323 int tls_is_broken(struct TLSContext *context);
324 int tls_request_client_certificate(struct TLSContext *context);
325 int tls_client_verified(struct TLSContext *context);
326 const char *tls_sni(struct TLSContext *context);
327 int tls_sni_set(struct TLSContext *context, const char *sni);
328 int tls_load_root_certificates(struct TLSContext *context, const unsigned char *pem_buffer, int pem_size);
329 int tls_default_verify(struct TLSContext *context, struct TLSCertificate **certificate_chain, int len);
330 void tls_print_certificate(const char *fname);
331 int tls_add_alpn(struct TLSContext *context, const char *alpn);
332 int tls_alpn_contains(struct TLSContext *context, const char *alpn, unsigned char alpn_size);
333 const char *tls_alpn(struct TLSContext *context);
334 // useful when renewing certificates for servers, without the need to restart the server
335 int tls_clear_certificates(struct TLSContext *context);
336 int tls_make_ktls(struct TLSContext *context, int socket);
337 int tls_unmake_ktls(struct TLSContext *context, int socket);
339 #ifdef SSL_COMPATIBLE_INTERFACE
340 #define SSL_SERVER_RSA_CERT 1
341 #define SSL_SERVER_RSA_KEY 2
342 typedef struct TLSContext SSL_CTX;
343 typedef struct TLSContext SSL;
345 #define SSL_FILETYPE_PEM 1
346 #define SSL_VERIFY_NONE 0
347 #define SSL_VERIFY_PEER 1
348 #define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 2
349 #define SSL_VERIFY_CLIENT_ONCE 3
353 tls_validation_function certificate_verify;
359 int SSL_library_init();
360 void SSL_load_error_strings();
361 void OpenSSL_add_all_algorithms();
362 void OpenSSL_add_all_ciphers();
363 void OpenSSL_add_all_digests();
366 int SSLv3_server_method();
367 int SSLv3_client_method();
368 struct TLSContext *SSL_new(struct TLSContext *context);
369 int SSL_CTX_use_certificate_file(struct TLSContext *context, const char *filename, int dummy);
370 int SSL_CTX_use_PrivateKey_file(struct TLSContext *context, const char *filename, int dummy);
371 int SSL_CTX_check_private_key(struct TLSContext *context);
372 struct TLSContext *SSL_CTX_new(int method);
373 void SSL_free(struct TLSContext *context);
374 void SSL_CTX_free(struct TLSContext *context);
375 int SSL_get_error(struct TLSContext *context, int ret);
376 int SSL_set_fd(struct TLSContext *context, int socket);
377 void *SSL_set_userdata(struct TLSContext *context, void *data);
378 void *SSL_userdata(struct TLSContext *context);
379 int SSL_CTX_root_ca(struct TLSContext *context, const char *pem_filename);
380 void SSL_CTX_set_verify(struct TLSContext *context, int mode, tls_validation_function verify_callback);
381 int SSL_accept(struct TLSContext *context);
382 int SSL_connect(struct TLSContext *context);
383 int SSL_shutdown(struct TLSContext *context);
384 int SSL_write(struct TLSContext *context, const void *buf, unsigned int len);
385 int SSL_read(struct TLSContext *context, void *buf, unsigned int len);
386 int SSL_pending(struct TLSContext *context);
387 int SSL_set_io(struct TLSContext *context, void *recv, void *send);
393 #define SRTP_AES_CM 1
394 #define SRTP_AUTH_NULL 0
395 #define SRTP_AUTH_HMAC_SHA1 1
397 struct SRTPContext *srtp_init(unsigned char mode, unsigned char auth_mode);
398 int srtp_key(struct SRTPContext *context, const void *key, int keylen, const void *salt, int saltlen, int tag_bits);
399 int srtp_inline(struct SRTPContext *context, const char *b64, int tag_bits);
400 int srtp_encrypt(struct SRTPContext *context, const unsigned char *pt_header, int pt_len, const unsigned char *payload, unsigned int payload_len, unsigned char *out, int *out_buffer_len);
401 int srtp_decrypt(struct SRTPContext *context, const unsigned char *pt_header, int pt_len, const unsigned char *payload, unsigned int payload_len, unsigned char *out, int *out_buffer_len);
402 void srtp_destroy(struct SRTPContext *context);