release/src/router/matrixssl/matrixSsl.h

   1 /*
   2  *      matrixSsl.h
   3  *      Release $Name: MATRIXSSL_1_8_8_OPEN $
   4  *
   5  *      Public header file for MatrixSSL
   6  *      Implementations interacting with the matrixssl library should
   7  *      only use the APIs and definitions used in this file.
   8  */
   9 /*
  10  *      Copyright (c) PeerSec Networks, 2002-2009. All Rights Reserved.
  11  *      The latest version of this code is available at http://www.matrixssl.org
  12  *
  13  *      This software is open source; you can redistribute it and/or modify
  14  *      it under the terms of the GNU General Public License as published by
  15  *      the Free Software Foundation; either version 2 of the License, or
  16  *      (at your option) any later version.
  17  *
  18  *      This General Public License does NOT permit incorporating this software
  19  *      into proprietary programs.  If you are unable to comply with the GPL, a
  20  *      commercial license for this software may be purchased from PeerSec Networks
  21  *      at http://www.peersec.com
  22  *
  23  *      This program is distributed in WITHOUT ANY WARRANTY; without even the
  24  *      implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
  25  *      See the GNU General Public License for more details.
  26  *
  27  *      You should have received a copy of the GNU General Public License
  28  *      along with this program; if not, write to the Free Software
  29  *      Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  30  *      http://www.gnu.org/copyleft/gpl.html
  31  */
  32 /******************************************************************************/
  33
  34 #ifndef _h_MATRIXSSL
  35 #define _h_MATRIXSSL
  36
  37 #ifdef __cplusplus
  38 extern "C" {
  39 #endif
  40
  41 #include "matrixCommon.h"
  42
  43 /******************************************************************************/
  44 /*
  45         Maximum SSL record size, per specification
  46 */
  47 #define         SSL_MAX_PLAINTEXT_LEN   0x4000  /* 16KB */
  48 #define         SSL_MAX_RECORD_LEN              SSL_MAX_PLAINTEXT_LEN + 2048
  49 #define         SSL_MAX_BUF_SIZE                SSL_MAX_RECORD_LEN + 0x5
  50
  51 /*
  52         Return codes from public apis
  53         Not all apis return all codes.  See documentation for more details.
  54 */
  55 #define         SSL_SUCCESS                     0       /* Generic success */
  56 #define         SSL_ERROR                       -1      /* generic ssl error, see error code */
  57 #define         SSL_FULL                        -2      /* must call sslRead before decoding */
  58 #define         SSL_PARTIAL                     -3      /* more data reqired to parse full msg */
  59 #define         SSL_SEND_RESPONSE       -4      /* decode produced output data */
  60 #define         SSL_PROCESS_DATA        -5      /* succesfully decoded application data */
  61 #define         SSL_ALERT                       -6      /* we've decoded an alert */
  62 #define         SSL_FILE_NOT_FOUND      -7      /* File not found */
  63 #define         SSL_MEM_ERROR           -8      /* Memory allocation failure */
  64
  65 /*
  66         SSL Alert levels and descriptions
  67         This implementation treats all alerts as fatal
  68 */
  69 #define SSL_ALERT_LEVEL_WARNING                         1
  70 #define SSL_ALERT_LEVEL_FATAL                           2
  71
  72 #define SSL_ALERT_CLOSE_NOTIFY                          0
  73 #define SSL_ALERT_UNEXPECTED_MESSAGE            10
  74 #define SSL_ALERT_BAD_RECORD_MAC                        20
  75 #define SSL_ALERT_DECOMPRESSION_FAILURE         30
  76 #define SSL_ALERT_HANDSHAKE_FAILURE                     40
  77 #define SSL_ALERT_NO_CERTIFICATE                        41
  78 #define SSL_ALERT_BAD_CERTIFICATE                       42
  79 #define SSL_ALERT_UNSUPPORTED_CERTIFICATE       43
  80 #define SSL_ALERT_CERTIFICATE_REVOKED           44
  81 #define SSL_ALERT_CERTIFICATE_EXPIRED           45
  82 #define SSL_ALERT_CERTIFICATE_UNKNOWN           46
  83 #define SSL_ALERT_ILLEGAL_PARAMETER                     47
  84
  85 /*
  86         Use as return code in user validation callback to allow
  87         anonymous connections to proceed
  88 */
  89 #define SSL_ALLOW_ANON_CONNECTION                       67
  90
  91 /******************************************************************************/
  92 /*
  93  *      Public API set
  94  */
  95 MATRIXPUBLIC int32      matrixSslOpen(void);
  96 MATRIXPUBLIC void       matrixSslClose(void);
  97
  98 MATRIXPUBLIC int32      matrixSslReadKeys(sslKeys_t **keys, const char *certFile,
  99                                                 const char *privFile, const char *privPass,
 100                                                 const char *trustedCAFile);
 101
 102 MATRIXPUBLIC int32      matrixSslReadKeysMem(sslKeys_t **keys,
 103                                                 unsigned char *certBuf, int32 certLen,
 104                                                 unsigned char *privBuf, int32 privLen,
 105                                                 unsigned char *trustedCABuf, int32 trustedCALen);
 106
 107 MATRIXPUBLIC void       matrixSslFreeKeys(sslKeys_t *keys);
 108
 109 MATRIXPUBLIC int32      matrixSslNewSession(ssl_t **ssl, sslKeys_t *keys,
 110                                                 sslSessionId_t *session, int32 flags);
 111 MATRIXPUBLIC void       matrixSslDeleteSession(ssl_t *ssl);
 112
 113 MATRIXPUBLIC int32      matrixSslDecode(ssl_t *ssl, sslBuf_t *in, sslBuf_t *out,
 114                                                 unsigned char *error, unsigned char *alertLevel,
 115                                                 unsigned char *alertDescription);
 116 MATRIXPUBLIC int32      matrixSslEncode(ssl_t *ssl, unsigned char *in, int32 inlen,
 117                                                 sslBuf_t *out);
 118 MATRIXPUBLIC int32      matrixSslEncodeClosureAlert(ssl_t *ssl, sslBuf_t *out);
 119
 120 MATRIXPUBLIC int32      matrixSslHandshakeIsComplete(ssl_t *ssl);
 121
 122 MATRIXPUBLIC void       matrixSslSetCertValidator(ssl_t *ssl,
 123                                                 int32 (*certValidator)(sslCertInfo_t *, void *arg),
 124                                                 void *arg);
 125
 126 MATRIXPUBLIC void       matrixSslSetSessionOption(ssl_t *ssl, int32 option,
 127                                                 void *arg);
 128 MATRIXPUBLIC void       matrixSslGetAnonStatus(ssl_t *ssl, int32 *anonArg);
 129 MATRIXPUBLIC void       matrixSslAssignNewKeys(ssl_t *ssl, sslKeys_t *keys);
 130
 131 /*
 132         Client side APIs
 133 */
 134 MATRIXPUBLIC int32      matrixSslEncodeClientHello(ssl_t *ssl, sslBuf_t *out,
 135                                                 unsigned short cipherSpec);
 136
 137 MATRIXPUBLIC int32      matrixSslGetSessionId(ssl_t *ssl,
 138                                                 sslSessionId_t **sessionId);
 139 MATRIXPUBLIC void       matrixSslFreeSessionId(sslSessionId_t *sessionId);
 140
 141
 142 /*
 143         Server side APIs
 144 */
 145 MATRIXPUBLIC int32      matrixSslEncodeHelloRequest(ssl_t *ssl, sslBuf_t *out);
 146
 147 MATRIXPUBLIC int32 matrixSslSetResumptionFlag(ssl_t *ssl, char flag);
 148 MATRIXPUBLIC int32 matrixSslGetResumptionFlag(ssl_t *ssl, char *flag);
 149
 150
 151
 152
 153
 154
 155 /******************************************************************************/
 156
 157 #ifdef __cplusplus
 158 }
 159 #endif
 160
 161 #endif /* _h_MATRIXSSL */
 162
 163 /******************************************************************************/
 164