TLS v1.0/v1.1/v1.2 server (RFC 2246, RFC 4346, RFC 5246) More...

#include "includes.h"
#include "common.h"
#include "crypto/sha1.h"
#include "crypto/tls.h"
#include "tlsv1_common.h"
#include "tlsv1_record.h"
#include "tlsv1_server.h"
#include "tlsv1_server_i.h"

Functions
void	tlsv1_server_log (struct tlsv1_server conn, const char fmt,...)

void	tlsv1_server_alert (struct tlsv1_server *conn, u8 level, u8 description)

int	tlsv1_server_derive_keys (struct tlsv1_server conn, const u8 pre_master_secret, size_t pre_master_secret_len)

u8 *	tlsv1_server_handshake (struct tlsv1_server conn, const u8 in_data, size_t in_len, size_t *out_len)
	Process TLS handshake. More...

int	tlsv1_server_encrypt (struct tlsv1_server conn, const u8 in_data, size_t in_len, u8 *out_data, size_t out_len)
	Encrypt data into TLS tunnel. More...

int	tlsv1_server_decrypt (struct tlsv1_server conn, const u8 in_data, size_t in_len, u8 *out_data, size_t out_len)
	Decrypt data from TLS tunnel. More...

int	tlsv1_server_global_init (void)
	Initialize TLSv1 server. More...

void	tlsv1_server_global_deinit (void)
	Deinitialize TLSv1 server. More...

struct tlsv1_server *	tlsv1_server_init (struct tlsv1_credentials *cred)
	Initialize TLSv1 server connection. More...

void	tlsv1_server_deinit (struct tlsv1_server *conn)
	Deinitialize TLSv1 server connection. More...

int	tlsv1_server_established (struct tlsv1_server *conn)
	Check whether connection has been established. More...

int	tlsv1_server_prf (struct tlsv1_server conn, const char label, int server_random_first, u8 *out, size_t out_len)
	Use TLS-PRF to derive keying material. More...

int	tlsv1_server_get_cipher (struct tlsv1_server conn, char buf, size_t buflen)
	Get current cipher name. More...

int	tlsv1_server_shutdown (struct tlsv1_server *conn)
	Shutdown TLS connection. More...

int	tlsv1_server_resumed (struct tlsv1_server *conn)
	Was session resumption used. More...

int	tlsv1_server_get_random (struct tlsv1_server conn, struct tls_random keys)
	Get random data from TLS connection. More...

int	tlsv1_server_get_keyblock_size (struct tlsv1_server *conn)
	Get TLS key_block size. More...

int	tlsv1_server_set_cipher_list (struct tlsv1_server conn, u8 ciphers)
	Configure acceptable cipher suites. More...

int	tlsv1_server_set_verify (struct tlsv1_server *conn, int verify_peer)

void	tlsv1_server_set_session_ticket_cb (struct tlsv1_server conn, tlsv1_server_session_ticket_cb cb, void ctx)

void	tlsv1_server_set_log_cb (struct tlsv1_server conn, void(cb)(void ctx, const char msg), void *ctx)

void	tlsv1_server_get_dh_p (struct tlsv1_server conn, const u8 dh_p, size_t dh_p_len)

Detailed Description

TLS v1.0/v1.1/v1.2 server (RFC 2246, RFC 4346, RFC 5246)

Function Documentation

int tlsv1_server_decrypt	(	struct tlsv1_server *	conn,
		const u8 *	in_data,
		size_t	in_len,
		u8 *	out_data,
		size_t	out_len
	)

Decrypt data from TLS tunnel.

Parameters

conn	TLSv1 server connection data from tlsv1_server_init()
in_data	Pointer to input buffer (encrypted TLS data)
in_len	Input buffer length
out_data	Pointer to output buffer (decrypted data from TLS tunnel)
out_len	Maximum out_data length

Returns: Number of bytes written to out_data, -1 on failure

This function is used after TLS handshake has been completed successfully to receive data from the encrypted tunnel.

void tlsv1_server_deinit ( struct tlsv1_server * conn )

Deinitialize TLSv1 server connection.

Parameters

conn	TLSv1 server connection data from tlsv1_server_init()

int tlsv1_server_encrypt	(	struct tlsv1_server *	conn,
		const u8 *	in_data,
		size_t	in_len,
		u8 *	out_data,
		size_t	out_len
	)

Encrypt data into TLS tunnel.

Parameters

conn	TLSv1 server connection data from tlsv1_server_init()
in_data	Pointer to plaintext data to be encrypted
in_len	Input buffer length
out_data	Pointer to output buffer (encrypted TLS data)
out_len	Maximum out_data length

Returns: Number of bytes written to out_data, -1 on failure

This function is used after TLS handshake has been completed successfully to send data in the encrypted tunnel.

int tlsv1_server_established ( struct tlsv1_server * conn )

Check whether connection has been established.

Parameters

conn	TLSv1 server connection data from tlsv1_server_init()

Returns: 1 if connection is established, 0 if not

int tlsv1_server_get_cipher	(	struct tlsv1_server *	conn,
		char *	buf,
		size_t	buflen
	)

Get current cipher name.

Parameters

conn	TLSv1 server connection data from tlsv1_server_init()
buf	Buffer for the cipher name
buflen	buf size

Returns: 0 on success, -1 on failure

Get the name of the currently used cipher.

int tlsv1_server_get_keyblock_size ( struct tlsv1_server * conn )

Get TLS key_block size.

Parameters

conn	TLSv1 server connection data from tlsv1_server_init()

Returns: Size of the key_block for the negotiated cipher suite or -1 on failure

int tlsv1_server_get_random	(	struct tlsv1_server *	conn,
		struct tls_random *	keys
	)

Get random data from TLS connection.

Parameters

conn	TLSv1 server connection data from tlsv1_server_init()
keys	Structure of random data (filled on success)

Returns: 0 on success, -1 on failure

void tlsv1_server_global_deinit ( void )

Deinitialize TLSv1 server.

This function can be used to deinitialize the TLSv1 server that was initialized by calling tlsv1_server_global_init(). No TLSv1 server functions can be called after this before calling tlsv1_server_global_init() again.

int tlsv1_server_global_init ( void )

Initialize TLSv1 server.

Returns: 0 on success, -1 on failure

This function must be called before using any other TLSv1 server functions.

u8* tlsv1_server_handshake	(	struct tlsv1_server *	conn,
		const u8 *	in_data,
		size_t	in_len,
		size_t *	out_len
	)

Process TLS handshake.

Parameters

conn	TLSv1 server connection data from tlsv1_server_init()
in_data	Input data from TLS peer
in_len	Input data length
out_len	Length of the output buffer.

Returns: Pointer to output data, NULL on failure

struct tlsv1_server* tlsv1_server_init ( struct tlsv1_credentials * cred )

Initialize TLSv1 server connection.

Parameters

cred	Pointer to server credentials from tlsv1_server_cred_alloc()

Returns: Pointer to TLSv1 server connection data or NULL on failure

int tlsv1_server_prf	(	struct tlsv1_server *	conn,
		const char *	label,
		int	server_random_first,
		u8 *	out,
		size_t	out_len
	)

Use TLS-PRF to derive keying material.

Parameters

conn	TLSv1 server connection data from tlsv1_server_init()
label	Label (e.g., description of the key) for PRF
server_random_first	seed is 0 = client_random\|server_random, 1 = server_random\|client_random
out	Buffer for output data from TLS-PRF
out_len	Length of the output buffer

Returns: 0 on success, -1 on failure

int tlsv1_server_resumed ( struct tlsv1_server * conn )

Was session resumption used.

Parameters

conn	TLSv1 server connection data from tlsv1_server_init()

Returns: 1 if current session used session resumption, 0 if not

int tlsv1_server_set_cipher_list	(	struct tlsv1_server *	conn,
		u8 *	ciphers
	)

Configure acceptable cipher suites.

Parameters

conn	TLSv1 server connection data from tlsv1_server_init()
ciphers	Zero (TLS_CIPHER_NONE) terminated list of allowed ciphers (TLS_CIPHER_*).

Returns: 0 on success, -1 on failure

int tlsv1_server_shutdown ( struct tlsv1_server * conn )

Shutdown TLS connection.

Parameters

conn	TLSv1 server connection data from tlsv1_server_init()

Returns: 0 on success, -1 on failure

Functions

Detailed Description

Function Documentation