SharkSSL™ Embedded SSL/TLS Stack
SharkSSL.h
1/*
2 * ____ _________ __ _
3 * / __ \___ ____ _/ /_ __(_)___ ___ ___ / / ____ ____ _(_)____
4 * / /_/ / _ \/ __ `/ / / / / / __ `__ \/ _ \/ / / __ \/ __ `/ / ___/
5 * / _, _/ __/ /_/ / / / / / / / / / / / __/ /___/ /_/ / /_/ / / /__
6 * /_/ |_|\___/\__,_/_/ /_/ /_/_/ /_/ /_/\___/_____/\____/\__, /_/\___/
7 * /____/
8 *
9 * SharkSSL Embedded SSL/TLS Stack
10 ****************************************************************************
11 * PROGRAM MODULE
12 *
13 * $Id: SharkSSL.h 5637 2025-03-02 21:51:18Z gianluca $
14 *
15 * COPYRIGHT: Real Time Logic LLC, 2010 - 2025
16 *
17 * This software is copyrighted by and is the sole property of Real
18 * Time Logic LLC. All rights, title, ownership, or other interests in
19 * the software remain the property of Real Time Logic LLC. This
20 * software may only be used in accordance with the terms and
21 * conditions stipulated in the corresponding license agreement under
22 * which the software has been supplied. Any unauthorized use,
23 * duplication, transmission, distribution, or disclosure of this
24 * software is expressly forbidden.
25 *
26 * This Copyright notice may not be removed or modified without prior
27 * written consent of Real Time Logic LLC.
28 *
29 * Real Time Logic LLC. reserves the right to modify this software
30 * without notice.
31 *
32 * http://www.realtimelogic.com
33 * http://www.sharkssl.com
34 ****************************************************************************
35 *
36 */
37#ifndef _SharkSsl_h
38#define _SharkSsl_h
39
40#include "TargConfig.h" /* platform dependencies */
41
42#if SHARKDBG_PRINTF
43#undef SHARKDBG_PRINTF
44#define SHARKDBG_PRINTF(x) printf x
45#else
46#undef SHARKDBG_PRINTF
47#define SHARKDBG_PRINTF(x)
48#endif
49
50#ifndef SHARKSSL_API
51#define SHARKSSL_API
52#else /* Barracuda */
53#define SHARKSSL_BA 1
54#include <ThreadLib.h>
55#include <BaServerLib.h>
56#endif
57
58#include "SharkSSL_cfg.h" /* SharkSSL configuration */
59#ifdef __cplusplus
60#include <stddef.h> /* size_t for new, delete */
61#endif
62
63#include "SharkSslCrypto.h" /* Crypto API */
64
65#ifndef sharkCertSerialNumber2NetworkEndian
70typedef U64 SharkCertSerialNumber;
71#ifdef B_BIG_ENDIAN
72#define sharkCertSerialNumber2NetworkEndian(n)
73#else
74#define sharkCertSerialNumber2NetworkEndian(n) \
75 do { \
76 U64 nn=0; \
77 register U8* t=(U8*)&nn; \
78 register U8* f=(U8*)&n; \
79 t[7]=f[0]; \
80 t[6]=f[1]; \
81 t[5]=f[2]; \
82 t[4]=f[3]; \
83 t[3]=f[4]; \
84 t[2]=f[5]; \
85 t[1]=f[6]; \
86 t[0]=f[7]; \
87 n=nn; \
88 } while(0)
89#endif
90#endif
91
92/* Forward decl. */
93struct SharkSslCertDN;
96
118#define SHARKSSL_ALERT_LEVEL_WARNING 1
119
121#define SHARKSSL_ALERT_LEVEL_FATAL 2
122
135#define SHARKSSL_ALERT_CLOSE_NOTIFY 0
137#define SHARKSSL_ALERT_UNEXPECTED_MESSAGE 10
139#define SHARKSSL_ALERT_BAD_RECORD_MAC 20
141#define SHARKSSL_ALERT_DECRYPTION_FAILED 21
143#define SHARKSSL_ALERT_RECORD_OVERFLOW 22
145#define SHARKSSL_ALERT_DECOMPRESSION_FAILURE 30
147#define SHARKSSL_ALERT_HANDSHAKE_FAILURE 40
149#define SHARKSSL_ALERT_BAD_CERTIFICATE 42
151#define SHARKSSL_ALERT_UNSUPPORTED_CERTIFICATE 43
153#define SHARKSSL_ALERT_CERTIFICATE_REVOKED 44
155#define SHARKSSL_ALERT_CERTIFICATE_EXPIRED 45
157#define SHARKSSL_ALERT_CERTIFICATE_UNKNOWN 46
159#define SHARKSSL_ALERT_ILLEGAL_PARAMETER 47
161#define SHARKSSL_ALERT_UNKNOWN_CA 48
163#define SHARKSSL_ALERT_ACCESS_DENIED 49
165#define SHARKSSL_ALERT_DECODE_ERROR 50
167#define SHARKSSL_ALERT_DECRYPT_ERROR 51
169#define SHARKSSL_ALERT_EXPORT_RESTRICTION 60
171#define SHARKSSL_ALERT_PROTOCOL_VERSION 70
173#define SHARKSSL_ALERT_INSUFFICIENT_SECURITY 71
175#define SHARKSSL_ALERT_INTERNAL_ERROR 80
177#define SHARKSSL_ALERT_USER_CANCELED 90
179#define SHARKSSL_ALERT_NO_RENEGOTIATION 100
181#define SHARKSSL_ALERT_UNRECOGNIZED_NAME 112
183#define SHARKSSL_ALERT_NO_APPLICATION_PROTOCOL 120 /* RFC 7301 */
184 /* end group SharkSslAlertMsg */ /* end group SharkSslAlert */
187
188
197#if SHARKSSL_TLS_1_3
199#define TLS_AES_128_GCM_SHA256 0x1301
201#define TLS_AES_256_GCM_SHA384 0x1302
203#define TLS_CHACHA20_POLY1305_SHA256 0x1303
204#endif
205#if SHARKSSL_TLS_1_2
207#define TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 0x009E
209#define TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 0x009F
211#define TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC02B
213#define TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0xC02C
215#define TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xC02F
217#define TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0xC030
219#define TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xCCA8
221#define TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 0xCCA9
223#define TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xCCAA
224#endif
225 /* end group SharkSslCiphers */
227
228
236#define SHARKSSL_PROTOCOL_UNKNOWN 0x00
238#define SHARKSSL_PROTOCOL_TLS_1_2 0x33
240#define SHARKSSL_PROTOCOL_TLS_1_3 0x34
241
242/* internal use, with SHARKSSL_PROTOCOL_TLS_1_x as parameter */
243#define SHARKSSL_PROTOCOL_MAJOR(p) (p >> 4)
244#define SHARKSSL_PROTOCOL_MINOR(p) (p & 0xF)
245 /* end group SharkSslProtocol */
247
248
249#if (SHARKSSL_ENABLE_RSA || SHARKSSL_ENABLE_ECDSA)
250#ifndef BA_API /* standalone SharkSSL */
251#define BA_API SHARKSSL_API
252#ifdef _SHARKSSL_C_
253#define SingleListCode 1
254#endif
255#endif
256#include "SingleList.h"
257#endif
258
259
260#if SHARKSSL_ENABLE_SESSION_CACHE || SHARKSSL_NOPACK
261
270 /* end group SharkSslSessionApi */
272
273#ifndef _DOXYGEN
274typedef struct SharkSslSessionCache
275{
276 SharkSslSession *cache;
277 ThreadMutexBase cacheMutex;
278 U16 cacheSize;
279} SharkSslSessionCache;
280#endif
281#endif
282
283
295typedef enum
296{
301 /* end group SharkSslInfoAndCodes */
303
304
305#if (SHARKSSL_ENABLE_RSA || SHARKSSL_ENABLE_ECDSA)
313typedef U8* SharkSslKey;
314
315
321typedef const U8 *SharkSslCert;
322
323#ifdef __cplusplus
324extern "C" {
325#endif
326
332SHARKSSL_API U16 SharkSslCert_len(SharkSslCert cert);
333
336#ifdef __DOXYGEN__
338#endif
339
340#if SHARKSSL_ENABLE_CSR_CREATION
403SHARKSSL_API int
405 SharkSslKey privKey,
406 U8 hashID,
407 struct SharkSslCertDN* certDN,
408 const char *SAN,
409 struct SharkSslBitExtReq* keyUsage,
410 struct SharkSslBitExtReq* nsCertType);
411#endif
412
413#if SHARKSSL_ENABLE_CSR_SIGNING
474SHARKSSL_API int
476 const U8 *csrData,
477 int csrDataLen,
478 const SharkSslCert caCert,
479 const SharkSslKey privKey,
480 const char *validFrom,
481 const char *validTo,
482 SharkCertSerialNumber serialNumber,
483 U8 hashID);
484#endif
485
486#if SHARKSSL_ENABLE_ASN1_KEY_CREATION
493SHARKSSL_API int
495#endif
496
497
498#ifdef __cplusplus
499}
500#endif
501
502
503#if SHARKSSL_ENABLE_CA_LIST
509typedef const U8 *SharkSslCAList;
510#endif
511 /* end group SharkSslInfoAndCodes */
513#endif
514
515#ifndef _DOXYGEN
516struct SharkSsl;
517#endif
518
519
520/* Non documented API used by SharkSslSCMgr when used indirectly by
521 Lua code in the Barracuda Application Server. The code manages
522 automatic destruction of SharkSslSCMgr.
523 */
524#ifndef _DOXYGEN
525struct SharkSslIntf;
526typedef void (*SharkSslIntf_Terminate)(struct SharkSslIntf* o,
527 struct SharkSsl* ssl);
528typedef struct SharkSslIntf
529{
530 SharkSslIntf_Terminate terminate;
531} SharkSslIntf;
532#define SharkSslIntf_constructor(o,terminateFunc) (o)->terminate=terminateFunc
533#endif
534
535
558
559
563typedef struct
565{
566#ifdef __cplusplus
567 void *operator new(size_t s) { return ::baMalloc(s); }
568 void operator delete(void* d) { if(d) ::baFree(d); }
569 void *operator new(size_t, void *place) { return place; }
570 void operator delete(void*, void *) { }
571
572 SharkSsl() {};
573
575 U16 cacheSize = 0,
576 U16 inBufStartSize = 4096,
577 U16 outBufSize = 4096
578 );
579
580 ~SharkSsl();
581 SharkSslCon *createCon(void);
582 U8 setCAList(SharkSslCAList caList);
583 U8 addCertificate(SharkSslCert cert);
584 void terminateCon(SharkSslCon *sslCon);
585#endif
586 #if (SHARKSSL_SSL_SERVER_CODE && SHARKSSL_SSL_CLIENT_CODE) || SHARKSSL_NOPACK
587 SharkSsl_Role role;
588 #endif
589 U16 outBufSize;
590 U16 inBufStartSize;
591 U16 nCon;
592 #if (SHARKSSL_ENABLE_RSA || (SHARKSSL_ENABLE_ECDSA)) || SHARKSSL_NOPACK
593 SingleList certList;
594 #if SHARKSSL_ENABLE_CA_LIST || SHARKSSL_NOPACK
595 SharkSslCAList caList;
596 #endif
597 #endif
598 #if SHARKSSL_ENABLE_SESSION_CACHE || SHARKSSL_NOPACK
599 SharkSslSessionCache sessionCache;
600 /* Reserved for use with one SharkSslSCMgr object */
601 SharkSslIntf* intf;
602 #endif
604 /* end group SharkSslInfoAndCodes */
606
613typedef enum
614{
618
622
633
646
659
673
682
694
700
704
706 /* end group SharkSslCoreApi */
708
709#if (SHARKSSL_ENABLE_RSA || SHARKSSL_ENABLE_ECDSA)
710
722#if SHARKSSL_ENABLE_CERT_KEYUSAGE
723#define SHARKSSL_CERT_KEYUSAGE_DIGITALSIGNATURE 0x00000001
724#define SHARKSSL_CERT_KEYUSAGE_NONREPUDIATION 0x00000002
725#define SHARKSSL_CERT_KEYUSAGE_KEYENCIPHERMENT 0x00000004
726#define SHARKSSL_CERT_KEYUSAGE_DATAENCIPHERMENT 0x00000008
727#define SHARKSSL_CERT_KEYUSAGE_KEYAGREEMENT 0x00000010
728#define SHARKSSL_CERT_KEYUSAGE_KEYCERTSIGN 0x00000020
729#define SHARKSSL_CERT_KEYUSAGE_CRLSIGN 0x00000040
730#define SHARKSSL_CERT_KEYUSAGE_ENCIPHERONLY 0x00000080
731#define SHARKSSL_CERT_KEYUSAGE_DECIPHERONLY 0x00000100
732#define SHARKSSL_CERT_KEYUSAGE_PRESENT 0x00000200
733#define SHARKSSL_CERT_KEYUSAGE_CRITICAL 0x00000400
734
735#define SHARKSSL_CERT_KEYPURPOSE_SERVERAUTH 0x00010000
736#define SHARKSSL_CERT_KEYPURPOSE_CLIENTAUTH 0x00020000
737#define SHARKSSL_CERT_KEYPURPOSE_CODESIGNING 0x00040000
738#define SHARKSSL_CERT_KEYPURPOSE_EMAILPROTECTION 0x00080000
739#define SHARKSSL_CERT_KEYPURPOSE_TIMESTAMPING 0x00100000
740#define SHARKSSL_CERT_KEYPURPOSE_OCSPSIGNING 0x00200000
741
742#define SharkSslCertInfo_KeyFlagSet(o,f) ((o)->keyUsagePurposes & f)
743
747#define SharkSslCertInfo_isKeyUsagePresent(o) SharkSslCertInfo_KeyFlagSet(o, SHARKSSL_CERT_KEYUSAGE_PRESENT)
748#define SharkSslCertInfo_isKeyUsageCritical(o) SharkSslCertInfo_KeyFlagSet(o, SHARKSSL_CERT_KEYUSAGE_CRITICAL)
749#define SharkSslCertInfo_KU_digitalSignature(o) SharkSslCertInfo_KeyFlagSet(o, SHARKSSL_CERT_KEYUSAGE_DIGITALSIGNATURE)
750#define SharkSslCertInfo_KU_nonRepudiation(o) SharkSslCertInfo_KeyFlagSet(o, SHARKSSL_CERT_KEYUSAGE_NONREPUDIATION)
751#define SharkSslCertInfo_KU_keyEncipherment(o) SharkSslCertInfo_KeyFlagSet(o, SHARKSSL_CERT_KEYUSAGE_KEYENCIPHERMENT)
752#define SharkSslCertInfo_KU_dataEncipherment(o) SharkSslCertInfo_KeyFlagSet(o, SHARKSSL_CERT_KEYUSAGE_DATAENCIPHERMENT)
753#define SharkSslCertInfo_KU_keyAgreement(o) SharkSslCertInfo_KeyFlagSet(o, SHARKSSL_CERT_KEYUSAGE_KEYAGREEMENT)
754#define SharkSslCertInfo_KU_keyCertSign(o) SharkSslCertInfo_KeyFlagSet(o, SHARKSSL_CERT_KEYUSAGE_KEYCERTSIGN)
755#define SharkSslCertInfo_KU_cRLSign(o) SharkSslCertInfo_KeyFlagSet(o, SHARKSSL_CERT_KEYUSAGE_CRLSIGN)
756#define SharkSslCertInfo_KU_encipherOnly(o) SharkSslCertInfo_KeyFlagSet(o, SHARKSSL_CERT_KEYUSAGE_ENCIPHERONLY)
757#define SharkSslCertInfo_KU_decipherOnly(o) SharkSslCertInfo_KeyFlagSet(o, SHARKSSL_CERT_KEYUSAGE_DECIPHERONLY)
758
759#define SharkSslCertInfo_kp_serverAuth(o) SharkSslCertInfo_KeyFlagSet(o, SHARKSSL_CERT_KEYPURPOSE_SERVERAUTH)
760#define SharkSslCertInfo_kp_clientAuth(o) SharkSslCertInfo_KeyFlagSet(o, SHARKSSL_CERT_KEYPURPOSE_CLIENTAUTH)
761#define SharkSslCertInfo_kp_codeSigning(o) SharkSslCertInfo_KeyFlagSet(o, SHARKSSL_CERT_KEYPURPOSE_CODESIGNING)
762#define SharkSslCertInfo_kp_emailProtection(o) SharkSslCertInfo_KeyFlagSet(o, SHARKSSL_CERT_KEYPURPOSE_EMAILPROTECTION)
763#define SharkSslCertInfo_kp_timeStamping(o) SharkSslCertInfo_KeyFlagSet(o, SHARKSSL_CERT_KEYPURPOSE_TIMESTAMPING)
764#define SharkSslCertInfo_kp_OCSPSigning(o) SharkSslCertInfo_KeyFlagSet(o, SHARKSSL_CERT_KEYPURPOSE_OCSPSIGNING)
765#endif
766
767
779typedef struct SharkSslCertDN
780{
781 const U8 *countryName;
782 const U8 *province;
783 const U8 *locality;
784 const U8 *organization;
785 const U8 *unit;
789 const U8 *commonName;
790 const U8 *emailAddress;
791
792 U8 countryNameLen;
800
803#define SharkSslCertDN_constructor(o) memset(o,0,sizeof(SharkSslCertDN))
806#define SharkSslCertDN_setCountryName(o, countryNameMA) \
807 (o)->countryName=(const U8*)countryNameMA,(o)->countryNameLen=(U8)strlen(countryNameMA)
810#define SharkSslCertDN_setProvince(o, provinceMA) \
811 (o)->province=(const U8*)provinceMA,(o)->provinceLen=(U8)strlen(provinceMA)
814#define SharkSslCertDN_setLocality(o, localityMA) \
815 (o)->locality=(const U8*)localityMA,(o)->localityLen=(U8)strlen(localityMA)
818#define SharkSslCertDN_setOrganization(o, organizationMA) \
819 (o)->organization=(const U8*)organizationMA,(o)->organizationLen=(U8)strlen(organizationMA)
822#define SharkSslCertDN_setUnit(o, unitMA) \
823 (o)->unit=(const U8*)unitMA,(o)->unitLen=(U8)strlen(unitMA)
826#define SharkSslCertDN_setCommonName(o, commonNameMA) \
827 (o)->commonName=(const U8*)commonNameMA,(o)->commonNameLen=(U8)strlen(commonNameMA)
830#define SharkSslCertDN_setEmailAddress(o, emailAddressMA) \
831 (o)->emailAddress=(const U8*)emailAddressMA,(o)->emailAddressLen=(U8)strlen(emailAddressMA)
832
833
837typedef struct SharkSslCertInfo
838{
840 U16 snLen;
841
846
851
854 U8 *sn;
855
859 U8 *timeFrom; /* declaration of U8 timeFromLen below */
860
865 U8 *timeTo; /* declaration of U8 timeToLen below */
866
872
878
891 U16 subjectAltNamesLen;
892
895
898
899 #if SHARKSSL_ENABLE_CERT_KEYUSAGE
922 U32 keyUsagePurposes;
923 #endif
924
930 /* end group SharkSslCertInfo */
932#endif
933
939#ifdef __cplusplus
940extern "C" {
941#endif
942
970SHARKSSL_API void SharkSsl_constructor(
971 SharkSsl *o,
972 SharkSsl_Role role,
973 U16 cacheSize,
974 U16 inBufStartSize,
975 U16 outBufSize
976 );
977
985SHARKSSL_API void SharkSsl_destructor(SharkSsl *o);
986
987
1008
1009
1025
1026
1027#if SHARKSSL_ENABLE_SESSION_CACHE
1028
1033SHARKSSL_API U16 SharkSsl_getCacheSize(SharkSsl *o);
1034
1035#define SharkSsl_setIntf(o, sharkSslIntf) (o)->intf=sharkSslIntf
1036#define SharkSsl_getIntf(o) (o)->intf
1037
1038#endif
1039
1040
1047#define SharkSslCon_terminate(o) SharkSsl_terminateCon(0, o)
1048
1071
1072
1098
1099
1109
1110
1128
1129
1140
1152
1153
1168
1199U16 SharkSslCon_copyDecData(SharkSslCon *o, U8 *buf, U16 maxLen);
1200
1201
1211SHARKSSL_API U16 SharkSslCon_getDecData(SharkSslCon *o, U8 **bufPtr);
1212
1213
1226
1227
1241
1242
1258
1259
1270
1271
1284
1285
1293
1294
1298
1299
1310
1311
1322
1323
1333#define SharkSslCon_getAlertData(o) SharkSslCon_getEncData(o)
1334
1335
1345#define SharkSslCon_getAlertDataLen(o) SharkSslCon_getEncDataLen(o)
1346 /* end group SharkSslCoreApi */
1348
1349
1350#if SHARKSSL_ENABLE_INFO_API
1351
1355
1358#if (SHARKSSL_TLS_1_3 && SHARKSSL_TLS_1_2)
1360#elif SHARKSSL_TLS_1_3
1361#define SharkSslCon_getProtocol(o) (SHARKSSL_PROTOCOL_TLS_1_3)
1362#elif SHARKSSL_TLS_1_2
1363#define SharkSslCon_getProtocol(o) (SHARKSSL_PROTOCOL_TLS_1_2)
1364#else
1365#error please enable at least one of SHARKSSL_TLS_1_3, SHARKSSL_TLS_1_2
1366#endif
1367
1368#endif
1369
1370
1371#if SHARKSSL_ENABLE_SNI
1372
1373#if SHARKSSL_SSL_CLIENT_CODE
1376SHARKSSL_API U8 SharkSslCon_setSNI(SharkSslCon *o, const char *name, U16 length);
1377#endif
1378
1379#endif
1380
1381
1382#if (SHARKSSL_ENABLE_RSA || SHARKSSL_ENABLE_ECDSA)
1383#if (SHARKSSL_SSL_CLIENT_CODE && SHARKSSL_ENABLE_CLIENT_AUTH)
1388#endif
1389
1394
1406
1407#if SHARKSSL_ENABLE_CA_LIST
1408
1429SHARKSSL_API U8 SharkSsl_setCAList(SharkSsl *o, SharkSslCAList caList);
1430
1445
1446U8 SharkSslCon_isCAListEmpty(SharkSslCon *o);
1447#else
1448
1449#define SharkSslCon_trustedCA(o) 0
1450#endif /* SHARKSSL_ENABLE_CA_LIST */
1451
1452#if (SHARKSSL_SSL_SERVER_CODE && SHARKSSL_ENABLE_RSA)
1456/* to be used as 'flag' param */
1457#define SHARKSSL_SET_FAVOR_RSA 1
1458#define SHARKSSL_CLEAR_FAVOR_RSA 0
1459
1478#endif /* SHARKSSL_SSL_SERVER_CODE */
1479#endif /* SHARKSSL_ENABLE_RSA || SHARKSSL_ENABLE_ECDSA */
1480
1481#if SHARKSSL_SSL_CLIENT_CODE
1482U8 SharkSslCon_selectProtocol(SharkSslCon *o, U8 protocol);
1483#endif
1484
1489#if SHARKSSL_ENABLE_SESSION_CACHE
1490
1491#if SHARKSSL_ENABLE_INFO_API
1495#endif
1496
1500
1501#if SHARKSSL_SSL_SERVER_CODE
1505#endif
1506
1507#if SHARKSSL_SSL_CLIENT_CODE
1508
1517
1518
1526
1532#endif
1533#endif
1534 /* end group SharkSslSessionApi */
1536
1537#if (SHARKSSL_SSL_SERVER_CODE && SHARKSSL_ENABLE_CLIENT_AUTH && \
1538 (SHARKSSL_ENABLE_RSA || SHARKSSL_ENABLE_ECDSA))
1571 SharkSslCon *o, const void *caList);
1572#endif
1573
1574#if (SHARKSSL_TLS_1_3 && SHARKSSL_SSL_CLIENT_CODE && SHARKSSL_ENABLE_CA_EXTENSION && \
1575 (SHARKSSL_ENABLE_RSA || SHARKSSL_ENABLE_ECDSA))
1603 SharkSslCon *o, const void *caList);
1604#endif
1605
1606#if SHARKSSL_ENABLE_ALPN_EXTENSION
1607#if SHARKSSL_SSL_CLIENT_CODE
1624 SharkSslCon* o, const char* protList);
1625
1639SHARKSSL_API const char *SharkSslCon_getALPNProtocol(SharkSslCon* o);
1640#endif
1641#if SHARKSSL_SSL_SERVER_CODE
1642typedef int(*ALPNFunction)(SharkSslCon*, const char*, void *);
1643SHARKSSL_API U8 SharkSslCon_setALPNFunction(
1644 SharkSslCon *o, ALPNFunction func, void *pvoid);
1645#endif
1646#endif /* SHARKSSL_ENABLE_ALPN_EXTENSION */
1647
1648#if ((SHARKSSL_SSL_SERVER_CODE || SHARKSSL_SSL_CLIENT_CODE) && \
1649 SHARKSSL_ENABLE_SELECT_CIPHERSUITE)
1679SHARKSSL_API U8 SharkSslCon_selectCiphersuite(SharkSslCon *o, U16 cipherSuite);
1680
1684#endif
1685
1686#if (SHARKSSL_SSL_SERVER_CODE && SHARKSSL_ENABLE_SECURE_RENEGOTIATION)
1707#endif
1708 /* end group SharkSslApi */
1710
1711
1712#if SHARKSSL_ENABLE_PEM_API
1720typedef enum
1721{
1724
1727
1730
1733
1736
1739
1742
1745
1748
1751
1754
1757
1760
1763
1766
1769
1772
1775
1779
1780
1810 const char *certPEM, const char *keyPEM,
1811 const char *passphrase, SharkSslCert *sharkSslCert);
1812
1813#if SHARKSSL_ENABLE_ENCRYPTED_PKCS8_SUPPORT
1831SHARKSSL_API int sharkssl_PEM_PBKDF2(
1832 U8 *dk, const char *passphrase,
1833 const char *salt, U32 saltLen,
1834 U32 iterations, U16 dkLen, U8 hashID);
1835#endif
1836 /* end group RayCryptoApi */
1838#endif
1839
1840#if SHARKSSL_ENABLE_RSA
1841
1848#define SHARKSSL_RSA_NO_PADDING 0
1849
1850
1854#define SHARKSSL_RSA_PKCS1_PADDING 1
1855
1856
1862typedef enum
1863{
1866
1869
1872
1875
1878
1881
1884
1887
1890
1893
1896
1899
1903#endif
1904 /* end group SharkSslInfoAndCodes */
1906
1907#if SHARKSSL_ENABLE_RSA_API
1908
1919typedef U8* SharkSslRSAKey;
1920
1921#if SHARKSSL_ENABLE_PEM_API
1946 const char *PEMKey, const char *passphrase);
1947
1971SHARKSSL_API SharkSslKey
1973
1974SHARKSSL_API SharkSslKey
1975sharkssl_PEM_extractPublicKey_ext(const char *certPEM, U8 *keyType);
1976#endif /* SHARKSSL_ENABLE_PEM_API */
1977
1978#if (SHARKSSL_ENABLE_PEM_API || (SHARKSSL_ENABLE_RSA && SHARKSSL_ENABLE_RSAKEY_CREATE))
1983#define _SHARKSSLRSAKEY_FREE 1
1984#endif
1985
1986#if SHARKSSL_ENABLE_RSA
1987#if SHARKSSL_ENABLE_RSAKEY_CREATE
2009SHARKSSL_API int SharkSslRSAKey_create(SharkSslRSAKey *privKey, U16 keyLength);
2010
2025#endif
2026
2032
2056 SharkSslRSAKey pubkey, const U8 *in, int len, U8 *out, int padding);
2057
2058
2077 SharkSslRSAKey privkey, const U8 *in, int len, U8 *out, int padding);
2078
2079
2098 SharkSslRSAKey privkey, U8 *sig, U16 *siglen, const U8 *hash, U8 hashID);
2099
2100
2119 SharkSslRSAKey pubkey, U8 *sig, U16 siglen, const U8 *hash, U8 hashID);
2120
2121
2122#if SHARKSSL_ENABLE_RSA_OAEP
2147SHARKSSL_API sharkssl_RSA_RetVal sharkssl_RSA_private_decrypt_OAEP(
2148 SharkSslRSAKey privkey, U8 *in, int len, U8 hashID, U8 *out, const char *label, U16 labelLen);
2149
2150
2176SHARKSSL_API sharkssl_RSA_RetVal sharkssl_RSA_public_encrypt_OAEP(
2177 SharkSslRSAKey pubkey, const U8 *in, int len, U8 hashID, U8 *out, const char *label, U16 labelLen);
2178#endif
2179
2180
2202 SharkSslRSAKey privkey, const U8 *in, int len, U8 *out, int padding);
2203
2204
2226 SharkSslRSAKey pubkey, const U8 *in, int len, U8 *out, int padding);
2227
2228#endif
2229 /* end group RSA */
2231#endif
2232
2233
2246#if SHARKSSL_USE_ECC
2247
2248/*
2249 * NamedCurve, use as curveID parameter
2250 * SECPxxxR1 - RFC 4492 section 5.1.1
2251 * BRAINPOOLPxxxR1 - RFC 7027 section 2
2252 * CURVE25519,448 - RFC 8446 section 4.2.7
2253 */
2254#define SHARKSSL_EC_CURVE_ID_SECP256R1 23
2255#define SHARKSSL_EC_CURVE_ID_SECP384R1 24
2256#define SHARKSSL_EC_CURVE_ID_SECP521R1 25
2257#define SHARKSSL_EC_CURVE_ID_BRAINPOOLP256R1 26
2258#define SHARKSSL_EC_CURVE_ID_BRAINPOOLP384R1 27
2259#define SHARKSSL_EC_CURVE_ID_BRAINPOOLP512R1 28
2260#define SHARKSSL_EC_CURVE_ID_CURVE25519 29
2261#define SHARKSSL_EC_CURVE_ID_CURVE448 30
2262
2263
2270typedef U8* SharkSslECCKey;
2271
2272#if SHARKSSL_ENABLE_PEM_API
2299 const char *PEMKey, const char *passphrase);
2300
2301
2302#if (SHARKSSL_ENABLE_RSA || SHARKSSL_ENABLE_ECDSA)
2311SHARKSSL_API U16 SharkSslKey_vectSize(const SharkSslKey key);
2312#define SharkSslCert_vectSize(c) SharkSslKey_vectSize((const SharkSslCert)c)
2313#define SharkSslCert_vectSize_keyInfo(c, t, p, a, b, x, y) SharkSslKey_vectSize_keyInfo((const SharkSslKey)c, t, p, a, b, x, y)
2314#if SHARKSSL_ENABLE_RSA
2315#define SharkSslRSAKey_vectSize(k) SharkSslKey_vectSize(k)
2316#define SharkSslRSAKey_vectSize_keyInfo(k, t, p, a, b, x, y) SharkSslKey_vectSize_keyInfo((const SharkSslKey)k, t, p, a, b, x, y)
2317#endif
2318#if SHARKSSL_ENABLE_ECDSA
2319#define SharkSslECCKey_vectSize(k) SharkSslKey_vectSize(k)
2320#define SharkSslECCKey_vectSize_keyInfo(k, t, p, a, b, x, y) SharkSslKey_vectSize_keyInfo((const SharkSslKey)k, t, p, a, b, x, y)
2321#endif
2322
2323/* return values of function SharkSslKey_vectSize_keyInfo for the parameter keyType */
2324#define SHARKSSL_KEYTYPE_RSA 0x00
2325#define SHARKSSL_KEYTYPE_EC 0x02
2326
2343SHARKSSL_API U16 SharkSslKey_vectSize_keyInfo(const SharkSslKey key, U8 *keyType, U8 *isKeyPrivate, U8 **d1, U16 *d1Len, U8 **d2, U16 *d2Len);
2344#endif
2345#endif
2346
2347#if SHARKSSL_ENABLE_ECCKEY_CREATE
2348
2349typedef int (*sharkssl_rngfunc)(void* handle, U8 *ptr, U16 len);
2350
2351
2370#define SharkSslECCKey_create(privKey, curveID) SharkSslECCKey_createEx((privKey), (curveID), 0, 0)
2371
2372
2422SHARKSSL_API int SharkSslECCKey_createEx(SharkSslECCKey* privKey, U16 curveID, void* rngHandle, sharkssl_rngfunc rngFunc);
2423#endif
2424
2425
2426#if (SHARKSSL_ENABLE_PEM_API || SHARKSSL_ENABLE_ECCKEY_CREATE)
2433#define _SHARKSSLECCKEY_FREE 1
2434#endif
2435
2436
2437/*
2438 *-----------------------------------------------------------------------------
2439 * To free up the memory allocated by SharkSslECCKey_create and
2440 * SharkSslRSAKey_create, the following macro is provided
2441 * For instance, this function could be called after saving the key to a file
2442 *-----------------------------------------------------------------------------
2443 * key: input parameter, points to a buffer allocated by either
2444 * SharkSslECCKey_create or SharkSslRSAKey_create
2445 */
2446#if defined(_SHARKSSLRSAKEY_FREE)
2447#define SharkSslKey_free SharkSslRSAKey_free
2448#elif defined (_SHARKSSLECCKEY_FREE)
2449#define SharkSslKey_free SharkSslECCKey_free
2450#else
2451#define SharkSslKey_free
2452#endif
2453#undef _SHARKSSLRSAKEY_FREE
2454#undef _SHARKSSLECCKEY_FREE
2455
2456
2462#if SHARKSSL_ENABLE_ECDSA
2466/* ECDSA API and also internal sharkssl_ECDSA_signASN1 */
2467typedef enum
2468{
2471
2474
2477
2480
2483
2486
2489
2492
2495
2499 /* end group SharkSslInfoAndCodes */
2501
2507#if SHARKSSL_ENABLE_ECDSA_API
2508#if (!SHARKSSL_ECDSA_ONLY_VERIFY)
2517SHARKSSL_API U16 sharkssl_ECDSA_siglen(SharkSslECCKey privkey);
2518
2546 SharkSslECCKey privkey, U8 *sig, U16 *siglen, const U8 *hash, U8 hashID);
2547#endif
2548
2571 SharkSslECCKey pubkey, U8 *sig, U16 siglen, const U8 *hash, U8 hashID);
2572
2573#endif /* SHARKSSL_ENABLE_ECDSA_API */
2574#endif /* SHARKSSL_ENABLE_ECDSA */
2575 /* end group ECC */
2577#endif
2578
2579
2580#if (SHARKSSL_ENABLE_CA_LIST && SHARKSSL_ENABLE_CERTSTORE_API)
2581
2587#ifndef BA_API /* standalone SharkSSL */
2588#define BA_API SHARKSSL_API
2589typedef U8 BaBool;
2590#endif
2591#include "DoubleList.h"
2592
2612typedef struct SharkSslCertStore
2613{
2614 DoubleList certList;
2615 SharkSslCAList caList;
2616 U16 elements; /* number of elements in list */
2618
2628
2632
2634#define SharkSslCertStore_release(o) SharkSslCertStore_destructor(o)
2635
2648SHARKSSL_API U16 SharkSslCertStore_add(
2649 SharkSslCertStore *o, const char *cert, U32 certlen);
2650
2662 SharkSslCertStore *o, SharkSslCAList *outList);
2663 /* end group SharkSslCertApi */
2665#endif /* SHARKSSL_ENABLE_CA_LIST && SHARKSSL_ENABLE_CERTSTORE_API */
2666
2667#if ((SHARKSSL_ENABLE_PEM_API) || (SHARKSSL_ENABLE_CERTSTORE_API))
2668SHARKSSL_API U32 sharkssl_B64Decode(
2669 U8 *outStr, U32 outStrSize, const char *b64beg, const char *b64end);
2670#endif
2671
2672
2673
2674#ifdef __cplusplus
2675}
2676
2677inline SharkSsl::SharkSsl(
2678 SharkSsl_Role role, U16 cacheSize, U16 inBufStartSize, U16 outBufSize) {
2679 SharkSsl_constructor(this, role, cacheSize, inBufStartSize, outBufSize);
2680}
2681inline SharkSsl::~SharkSsl() {
2682 SharkSsl_destructor(this);
2683}
2684inline SharkSslCon *SharkSsl::createCon(void) {
2685 return SharkSsl_createCon(this);
2686}
2687inline void SharkSsl::terminateCon(SharkSslCon *sslCon) {
2688 SharkSsl_terminateCon(this, sslCon);
2689}
2690
2691#if (SHARKSSL_ENABLE_RSA || SHARKSSL_ENABLE_ECDSA)
2692inline U8 SharkSsl::addCertificate(SharkSslCert cert) {
2693 return SharkSsl_addCertificate(this, cert);
2694}
2695#if SHARKSSL_ENABLE_CA_LIST
2696inline U8 SharkSsl::setCAList(SharkSslCAList caList) {
2697 return SharkSsl_setCAList(this, caList);
2698}
2699#endif /* SHARKSSL_ENABLE_CA_LIST */
2700#endif /* SHARKSSL_ENABLE_RSA || SHARKSSL_ENABLE_ECDSA */
2701
2702#endif /* __cplusplus */
2703
2704
2705#endif
SHARKSSL_API SharkSslECCKey sharkssl_PEM_to_ECCKey(const char *PEMKey, const char *passphrase)
Convert an ECC private or public key in PEM format to the SharkSslECCKey format.
SHARKSSL_API sharkssl_ECDSA_RetVal sharkssl_ECDSA_verify_hash(SharkSslECCKey pubkey, U8 *sig, U16 siglen, const U8 *hash, U8 hashID)
Verify a message using the ECC public key and a hash algorithm.
SHARKSSL_API U16 sharkssl_ECDSA_siglen(SharkSslECCKey privkey)
Returns the maximum length (in bytes) of a DER-encoded ECDSA signature generated with the private key...
SHARKSSL_API sharkssl_ECDSA_RetVal sharkssl_ECDSA_sign_hash(SharkSslECCKey privkey, U8 *sig, U16 *siglen, const U8 *hash, U8 hashID)
Generate the signature using the ECC private key and a hash.
U8 * SharkSslECCKey
SharkSslECCKey is an alias for the SharkSslCert type and is a private/public key converted by sharkss...
Definition: SharkSSL.h:2270
SHARKSSL_API SharkSslRSAKey sharkssl_PEM_to_RSAKey(const char *PEMKey, const char *passphrase)
Convert an RSA private or public key in PEM format to the SharkSslRSAKey format.
SHARKSSL_API sharkssl_RSA_RetVal sharkssl_RSA_PKCS1V1_5_verify_hash(SharkSslRSAKey pubkey, U8 *sig, U16 siglen, const U8 *hash, U8 hashID)
Verify a signature hash using a public RSA key.
SHARKSSL_API SharkSslKey sharkssl_PEM_extractPublicKey(const char *certPEM)
Extract the public key form a certificate in PEM format.
SHARKSSL_API sharkssl_RSA_RetVal sharkssl_RSA_private_encrypt(SharkSslRSAKey privkey, const U8 *in, int len, U8 *out, int padding)
Sign a message digest using the private key.
SHARKSSL_API sharkssl_RSA_RetVal sharkssl_RSA_private_decrypt(SharkSslRSAKey privkey, const U8 *in, int len, U8 *out, int padding)
Decrypt ciphertext using the private key.
SHARKSSL_API sharkssl_RSA_RetVal sharkssl_RSA_public_encrypt(SharkSslRSAKey pubkey, const U8 *in, int len, U8 *out, int padding)
Encrypt data using the public key or private key.
SHARKSSL_API sharkssl_RSA_RetVal sharkssl_RSA_PKCS1V1_5_sign_hash(SharkSslRSAKey privkey, U8 *sig, U16 *siglen, const U8 *hash, U8 hashID)
Sign a hash using a private RSA key.
SHARKSSL_API void SharkSslRSAKey_free(SharkSslRSAKey key)
Release a SharkSslRSAKey allocated by functions sharkssl_PEM_to_RSAKey and sharkssl_PEM_extractPublic...
SHARKSSL_API sharkssl_RSA_RetVal sharkssl_RSA_public_decrypt(SharkSslRSAKey pubkey, const U8 *in, int len, U8 *out, int padding)
Bring back a message digest using the public key or private key.
U8 * SharkSslRSAKey
SharkSslRSAKey is an alias for the SharkSslCert type and is a private/public key converted by sharkss...
Definition: SharkSSL.h:1919
sharkssl_PEM_RetVal
Return values from function sharkssl_PEM.
Definition: SharkSSL.h:1721
SHARKSSL_API sharkssl_PEM_RetVal sharkssl_PEM(const char *certPEM, const char *keyPEM, const char *passphrase, SharkSslCert *sharkSslCert)
Create a SharkSslCert certificate by using a certificate and key in PEM format.
SHARKSSL_API int sharkssl_PEM_PBKDF2(U8 *dk, const char *passphrase, const char *salt, U32 saltLen, U32 iterations, U16 dkLen, U8 hashID)
sharkssl_PEM_PBKDF2 (output, passphrase, salt, salt_len, iterations, dkLen, hashID) Derives a key fro...
@ SHARKSSL_PEM_CERT_UNSUPPORTED_TYPE
CERT_UNSUPPORTED_TYPE.
Definition: SharkSSL.h:1765
@ SHARKSSL_PEM_KEY_UNSUPPORTED_ENCRYPTION_TYPE
KEY_UNSUPPORTED_ENCRYPTION_TYPE.
Definition: SharkSSL.h:1756
@ SHARKSSL_PEM_OK
OK.
Definition: SharkSSL.h:1723
@ SHARKSSL_PEM_OK_PUBLIC
OK_PUBLIC.
Definition: SharkSSL.h:1726
@ SHARKSSL_PEM_KEY_PRIVATE_KEY_REQUIRED
A PRIVATE KEY IS REQUIRED.
Definition: SharkSSL.h:1774
@ SHARKSSL_PEM_KEY_UNSUPPORTED_EXPONENT_LENGTH
KEY_UNSUPPORTED_EXPONENT_LENGTH.
Definition: SharkSSL.h:1753
@ SHARKSSL_PEM_KEY_UNSUPPORTED_FORMAT
KEY_UNSUPPORTED_FORMAT.
Definition: SharkSSL.h:1747
@ SHARKSSL_PEM_KEY_UNRECOGNIZED_FORMAT
KEY_UNRECOGNIZED_FORMAT.
Definition: SharkSSL.h:1744
@ SHARKSSL_PEM_KEY_UNSUPPORTED_VERSION
KEY_UNSUPPORTED_VERSION.
Definition: SharkSSL.h:1768
@ SHARKSSL_PEM_KEY_PASSPHRASE_REQUIRED
KEY_PASSPHRASE_REQUIRED.
Definition: SharkSSL.h:1741
@ SHARKSSL_PEM_KEY_WRONG_LENGTH
KEY_WRONG_LENGTH.
Definition: SharkSSL.h:1738
@ SHARKSSL_PEM_KEY_PARSE_ERROR
KEY_PARSE_ERROR.
Definition: SharkSSL.h:1732
@ SHARKSSL_PEM_CERT_UNRECOGNIZED_FORMAT
CERT_UNRECOGNIZED_FORMAT.
Definition: SharkSSL.h:1762
@ SHARKSSL_PEM_KEY_REQUIRED
KEY_REQUIRED.
Definition: SharkSSL.h:1771
@ SHARKSSL_PEM_ALLOCATION_ERROR
ALLOCATION_ERROR.
Definition: SharkSSL.h:1729
@ SHARKSSL_PEM_KEY_WRONG_IV
KEY_WRONG_IV.
Definition: SharkSSL.h:1735
@ SHARKSSL_PEM_INTERNAL_ERROR
INTERNAL ERROR.
Definition: SharkSSL.h:1777
@ SHARKSSL_PEM_KEY_CERT_MISMATCH
KEY_CERT_MISMATCH.
Definition: SharkSSL.h:1759
@ SHARKSSL_PEM_KEY_UNSUPPORTED_MODULUS_LENGTH
KEY_UNSUPPORTED_MODULUS_LENGTH.
Definition: SharkSSL.h:1750
U8 SharkSslCon_favorRSA(SharkSslCon *o, U8 flag)
A SharkSSL server can have multiple certificates, such as RSA certificates with various strengths,...
SHARKSSL_API U16 SharkSsl_getCacheSize(SharkSsl *o)
Returns the SharkSsl session cache size.
SharkSslCon * SharkSsl_createCon(SharkSsl *o)
Create a SharkSslCon object.
SHARKSSL_API U8 SharkSslCon_setSNI(SharkSslCon *o, const char *name, U16 length)
set Server Name Indication for TLS client connections
SHARKSSL_API U8 SharkSslCon_trustedCA(SharkSslCon *o)
Returns TRUE if the certificate is valid and is signed with a root certificate trusted by SharkSSL.
SHARKSSL_API U8 SharkSslCon_requestClientCert(SharkSslCon *o, const void *caList)
This function is used by server solutions that require client SSL certificate authentication.
SHARKSSL_API void SharkSsl_destructor(SharkSsl *o)
Close the SharkSsl object.
SHARKSSL_API U8 SharkSslCon_setCertificateAuthorities(SharkSslCon *o, const void *caList)
This function is used by client solutions that require server SSL certificate authentication.
SHARKSSL_API U8 SharkSslCon_clearCiphersuiteSelection(SharkSslCon *o)
Clears the selection, thus enabling all ciphers.
SHARKSSL_API U8 SharkSslCon_getProtocol(SharkSslCon *o)
Returns the active session's protocol version.
SHARKSSL_API U8 SharkSslCon_setALPNProtocols(SharkSslCon *o, const char *protList)
This function is used by client solutions to specify a list of application layer protocols according ...
U8 SharkSslCon_certificateRequested(SharkSslCon *o)
Returns TRUE if the server requested a certificate from the client to verify that the client's identi...
SHARKSSL_API U8 SharkSsl_addCertificate(SharkSsl *o, SharkSslCert cert)
Add a certificate to the SharkSsl object.
SHARKSSL_API U8 SharkSslCon_selectCiphersuite(SharkSslCon *o, U16 cipherSuite)
This function enables you to limit the number of ciphers at runtime.
SHARKSSL_API U8 SharkSsl_setCAList(SharkSsl *o, SharkSslCAList caList)
Set a Certificate Authority (CA) list so the SharkSSL object can permform certificate validation on t...
void SharkSsl_terminateCon(const SharkSsl *o, SharkSslCon *con)
Terminate a SharkSslCon object created by function SharkSsl_createCon.
SHARKSSL_API SharkSslCertInfo * SharkSslCon_getCertInfo(SharkSslCon *o)
Returns the peer's certificate if the handshaking has completed.
SHARKSSL_API U8 SharkSslCon_renegotiate(SharkSslCon *o)
This function enables you to renegotiate an already established SSL/TLS connection.
SHARKSSL_API U16 SharkSslCon_getCiphersuite(SharkSslCon *o)
Returns the active session's chiper suite.
SHARKSSL_API const char * SharkSslCon_getALPNProtocol(SharkSslCon *o)
This function is used by client solutions to return the application layer protocol selected by the se...
SHARKSSL_API void SharkSsl_constructor(SharkSsl *o, SharkSsl_Role role, U16 cacheSize, U16 inBufStartSize, U16 outBufSize)
A SharkSsl object is the coordinator for managing SharkSslCon objects.
SHARKSSL_API int SharkSslECCKey_createEx(SharkSslECCKey *privKey, U16 curveID, void *rngHandle, sharkssl_rngfunc rngFunc)
Creates an ECC key using the SharkSSL library.
SHARKSSL_API int SharkSslRSAKey_create(SharkSslRSAKey *privKey, U16 keyLength)
RSA key creation.
SHARKSSL_API U16 SharkSslKey_vectSize_keyInfo(const SharkSslKey key, U8 *keyType, U8 *isKeyPrivate, U8 **d1, U16 *d1Len, U8 **d2, U16 *d2Len)
Returns the private or public key's "vector size" in bytes.
SHARKSSL_API int SharkSslASN1Create_CSR(struct SharkSslASN1Create *o, SharkSslKey privKey, U8 hashID, struct SharkSslCertDN *certDN, const char *SAN, struct SharkSslBitExtReq *keyUsage, struct SharkSslBitExtReq *nsCertType)
CSR creation (all parameters are input parameters)
SHARKSSL_API void SharkSslCertStore_constructor(SharkSslCertStore *o)
Initialize a SharkSslCertStore object.
SHARKSSL_API int SharkSslCert_signCSR(SharkSslCert *signedCSR, const U8 *csrData, int csrDataLen, const SharkSslCert caCert, const SharkSslKey privKey, const char *validFrom, const char *validTo, SharkCertSerialNumber serialNumber, U8 hashID)
CSR signing (if not specified, parameters are input parameters)
SHARKSSL_API U16 SharkSslRSAKey_size(SharkSslRSAKey key)
Returns the private or public key's modulus size in bytes.
SHARKSSL_API void SharkSslECCKey_free(SharkSslECCKey key)
Release a SharkSslECCKey allocated by functions sharkssl_PEM_to_ECCKey or SharkSslECCKey_create.
SHARKSSL_API U16 SharkSslCertStore_add(SharkSslCertStore *o, const char *cert, U32 certlen)
add a certificate in PEM or p7b format to the CA store.
SHARKSSL_API U8 SharkSslCertStore_assemble(SharkSslCertStore *o, SharkSslCAList *outList)
Assemble all certificates added by calling SharkSslCertStore_add.
struct SharkSslCertStore SharkSslCertStore
SharkSslCertStore is a container object used when assembling a SharkSslCAList.
SHARKSSL_API void SharkSslCertStore_destructor(SharkSslCertStore *o)
Cleanup all memory used by the SharkSslCAList object.
SHARKSSL_API U16 SharkSslCert_len(SharkSslCert cert)
Get certificate length.
SHARKSSL_API U16 SharkSslKey_vectSize(const SharkSslKey key)
Returns the private or public key's "vector size" in bytes.
SHARKSSL_API U8 * SharkSslRSAKey_getPublic(SharkSslRSAKey privKey)
RSA public key extraction from a private key.
struct SharkSslCertInfo SharkSslCertInfo
The peer's certificate information returned by SharkSslCon_getCertInfo.
struct SharkSslCertDN SharkSslCertDN
Certificate KeyUsage and ExtendedKeyUsage flags and relative pseudofunctions.
U8 * SharkSslCon_getEncData(SharkSslCon *o)
This function is used in conjunction with state SharkSslCon_Encrypted returned by function SharkSslCo...
U16 SharkSslCon_getHandshakeDataLen(SharkSslCon *o)
This function is used in conjunction with state SharkSslCon_Handshake returned by function SharkSslCo...
U16 SharkSslCon_getEncDataLen(SharkSslCon *o)
This function is used in conjunction with state SharkSslCon_Encrypted returned by function SharkSslCo...
U16 SharkSslCon_getBufLen(SharkSslCon *o)
Returns the length of the SharkSslCon input buffer.
SharkSslCon_RetVal
The SharkSslCon_decrypt and SharkSslCon_encrypt return values.
Definition: SharkSSL.h:614
SharkSslCon_RetVal SharkSslCon_decrypt(SharkSslCon *o, U16 readLen)
Decrypt the received data copied into the SharkSslCon receive buffer (the buffer returned by SharkSsl...
U16 SharkSslCon_getEncBufSize(SharkSslCon *o)
Returns the length of the buffer returned by SharkSslCon_getEncBufPtr.
U8 SharkSslCon_encryptMore(SharkSslCon *o)
This function is used in conjunction with state SharkSslCon_Encrypted returned by function SharkSslCo...
U8 SharkSslCon_decryptMore(SharkSslCon *o)
This function is used in conjunction with state SharkSslCon_Decrypted returned by function SharkSslCo...
U8 * SharkSslCon_getBuf(SharkSslCon *o)
Returns a pointer to the SharkSslCon input/receive buffer.
SHARKSSL_API U16 SharkSslCon_getDecData(SharkSslCon *o, U8 **bufPtr)
Get a pointer to the decoded data.
U8 SharkSslCon_getAlertLevel(SharkSslCon *o)
This function is used in conjunction with state SharkSslCon_AlertSend returned by function SharkSslCo...
U16 SharkSslCon_copyDecData(SharkSslCon *o, U8 *buf, U16 maxLen)
Copy decoded data to 'buf'.
U8 * SharkSslCon_getEncBufPtr(SharkSslCon *o)
This function is used in conjunction with SharkSslCon_encrypt when using the zero copy send API.
U16 SharkSslCon_setHandshakeDataSent(SharkSslCon *o, U16 length)
This function is used in conjunction with SharkSslCon_getHandshakeData.
U8 SharkSslCon_getAlertDescription(SharkSslCon *o)
This function is used in conjunction with state SharkSslCon_AlertSend returned by function SharkSslCo...
U8 SharkSslCon_isHandshakeComplete(SharkSslCon *o)
Returns the following values:
U8 * SharkSslCon_getHandshakeData(SharkSslCon *o)
This function is used in conjunction with state SharkSslCon_Handshake returned by function SharkSslCo...
SharkSslCon_RetVal SharkSslCon_encrypt(SharkSslCon *o, U8 *buf, U16 maxLen)
Encrypt the data provided by parameter 'buf' or encrypt data in the SharkSslCon send buffer.
@ SharkSslCon_Encrypted
SharkSSL has successfully decrypted a chunk of data.
Definition: SharkSSL.h:693
@ SharkSslCon_Decrypted
Returned when a block of received data has been successfully decrypted.
Definition: SharkSSL.h:632
@ SharkSslCon_AlertSend
Returned when an SSL/TLS alert message must be sent to the peer side.
Definition: SharkSSL.h:672
@ SharkSslCon_AllocationError
The memory pool is too small.
Definition: SharkSSL.h:621
@ SharkSslCon_Error
Indicates general errors, including configuration errors.
Definition: SharkSSL.h:617
@ SharkSslCon_CertificateError
Unrecognized format of a provided certificate.
Definition: SharkSSL.h:703
@ SharkSslCon_AlertRecv
SharkSSL received an SSL/TLS alert message from the peer, which means that the peer either failed to ...
Definition: SharkSSL.h:681
@ SharkSslCon_HandshakeNotComplete
An error condition returned by function SharkSslCon_encrypt if the SSL handshake is not completed.
Definition: SharkSSL.h:699
@ SharkSslCon_Handshake
Returned when an SSL/TLS handshake message has been received or is to be sent.
Definition: SharkSSL.h:645
@ SharkSslCon_NeedMoreData
Returned when SharkSSL holds an incomplete SSL/TLS record or when the connection is initially establi...
Definition: SharkSSL.h:658
U32 baGetUnixTime(void)
Platform dependent function returning seconds since Jan 1 1970.
struct SharkSsl SharkSsl
A SharkSsl object is the coordinator for managing SharkSslCon objects (See SharkSsl_constructor for d...
const U8 * SharkSslCert
The SharkSSL Certificate is in a binary format optimized for speed and size.
Definition: SharkSSL.h:321
SHARKSSL_API int SharkSslASN1Create_key(struct SharkSslASN1Create *o, const SharkSslKey key)
Convert a SharkSslKey to ASN.1 representation.
const U8 * SharkSslCAList
The SharkSSL Certificate Authority (CA) List is in a binary format optimized for speed and size.
Definition: SharkSSL.h:509
struct SharkSslCon SharkSslCon
SharkSslCon is an opaque handle returned by function SharkSsl_createCon.
Definition: SharkSSL.h:557
SharkSsl_Role
Select one of client or server mode when creating a SharkSsl object.
Definition: SharkSSL.h:296
sharkssl_ECDSA_RetVal
Return values from functions sharkssl_ECDSA_sign_hash, sharkssl_ECDSA_verify_hash.
Definition: SharkSSL.h:2468
sharkssl_RSA_RetVal
Return values from functions sharkssl_RSA_public_encrypt, sharkssl_RSA_private_decrypt,...
Definition: SharkSSL.h:1863
U8 * SharkSslKey
The SharkSslKey type.
Definition: SharkSSL.h:313
@ SharkSsl_Unspecified
Definition: SharkSSL.h:297
@ SharkSsl_Client
Definition: SharkSSL.h:299
@ SharkSsl_Server
Definition: SharkSSL.h:298
@ SHARKSSL_ECDSA_ALLOCATION_ERROR
ALLOCATION_ERROR.
Definition: SharkSSL.h:2473
@ SHARKSSL_ECDSA_WRONG_KEY_FORMAT
WRONG_KEY_FORMAT.
Definition: SharkSSL.h:2482
@ SHARKSSL_ECDSA_WRONG_SIGNATURE
WRONG SIGNATURE.
Definition: SharkSSL.h:2497
@ SHARKSSL_ECDSA_WRONG_PARAMETERS
WRONG_PARAMETERS.
Definition: SharkSSL.h:2479
@ SHARKSSL_ECDSA_OK
OK.
Definition: SharkSSL.h:2470
@ SHARKSSL_ECDSA_VERIFICATION_FAIL
VERIFICATION_FAIL.
Definition: SharkSSL.h:2494
@ SHARKSSL_ECDSA_INTERNAL_ERROR
INTERNAL_ERROR.
Definition: SharkSSL.h:2476
@ SHARKSSL_ECDSA_KEY_NOT_PRIVATE
KEY_IS_NOT_PRIVATE.
Definition: SharkSSL.h:2485
@ SHARKSSL_ECDSA_KEY_NOT_PUBLIC
KEY_IS_NOT_PUBLIC.
Definition: SharkSSL.h:2488
@ SHARKSSL_ECDSA_SIGLEN_TOO_SMALL
SIGLEN_TOO_SMALL.
Definition: SharkSSL.h:2491
@ SHARKSSL_RSA_INPUT_DATA_LENGTH_TOO_BIG
INPUT_DATA_LENGTH_TOO_BIG.
Definition: SharkSSL.h:1883
@ SHARKSSL_RSA_WRONG_LABEL_LENGTH
WRONG_LABEL_LENGTH.
Definition: SharkSSL.h:1901
@ SHARKSSL_RSA_OK
OK.
Definition: SharkSSL.h:1865
@ SHARKSSL_RSA_INTERNAL_ERROR
INTERNAL_ERROR.
Definition: SharkSSL.h:1871
@ SHARKSSL_RSA_WRONG_PARAMETERS
WRONG_PARAMETERS.
Definition: SharkSSL.h:1874
@ SHARKSSL_RSA_WRONG_SIGNATURE
WRONG SIGNATURE.
Definition: SharkSSL.h:1898
@ SHARKSSL_RSA_ALLOCATION_ERROR
ALLOCATION_ERROR.
Definition: SharkSSL.h:1868
@ SHARKSSL_RSA_WRONG_KEY_FORMAT
WRONG_KEY_FORMAT.
Definition: SharkSSL.h:1877
@ SHARKSSL_RSA_PKCS1_PADDING_ERROR
PKCS1_PADDING_ERROR.
Definition: SharkSSL.h:1889
@ SHARKSSL_RSA_INPUT_DATA_LENGTH_AND_KEY_LENGTH_MISMATCH
INPUT_DATA_LENGTH_AND_KEY_LENGTH_MISMATCH.
Definition: SharkSSL.h:1886
@ SHARKSSL_RSA_WRONG_KEY_LENGTH
WRONG_KEY_LENGTH.
Definition: SharkSSL.h:1880
@ SHARKSSL_RSA_VERIFICATION_FAIL
VERIFICATION FAIL.
Definition: SharkSSL.h:1895
@ SHARKSSL_RSA_KEY_NOT_PRIVATE
KEY_IS_NOT_PRIVATE.
Definition: SharkSSL.h:1892
SHARKSSL_API SharkSslSession * SharkSslCon_acquireSession(SharkSslCon *o)
Request a SharkSslSession object from the client's session pool.
SHARKSSL_API U8 SharkSslCon_releaseSession(SharkSslCon *o)
experimental
struct SharkSslSession SharkSslSession
SharkSslSession is an opaque handle returned by function SharkSslCon_acquireSession.
Definition: SharkSSL.h:269
SHARKSSL_API U8 SharkSslCon_resumeSession(SharkSslCon *o, SharkSslSession *s)
Resume an existing session.
SHARKSSL_API U8 SharkSslCon_isResumed(SharkSslCon *o)
Returns 1 if the current session is a resumed one.
SHARKSSL_API U32 SharkSslSession_getLatestAccessTime(SharkSslSession *o)
Returns the last time the session was accessed.
SHARKSSL_API U8 SharkSslSession_release(SharkSslSession *o, SharkSsl *s)
Release a session created by function SharkSslCon_acquireSession.
Opaque object used when creating ASN.1 encoded data.
Definition: SharkSslASN1.h:228
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/nss_tech_notes/nss_tech_note3 http://to...
Definition: SharkSslASN1.h:239
Certificate KeyUsage and ExtendedKeyUsage flags and relative pseudofunctions.
Definition: SharkSSL.h:780
U8 unitLen
length in bytes of the field "organization"
Definition: SharkSSL.h:796
U8 provinceLen
length in bytes of the field "country"
Definition: SharkSSL.h:793
const U8 * province
State or Province.
Definition: SharkSSL.h:782
U8 localityLen
length in bytes of the field "province"
Definition: SharkSSL.h:794
const U8 * unit
Organizational Unit (OU: department or organization unit)
Definition: SharkSSL.h:785
const U8 * organization
Organization Name (company or department)
Definition: SharkSSL.h:784
const U8 * commonName
Common Name is the Host + Domain Name (example: www.mycompany.com, where www is host and mycompany....
Definition: SharkSSL.h:789
const U8 * countryName
ISO3166 country code.
Definition: SharkSSL.h:781
U8 organizationLen
length in bytes of the field "locality"
Definition: SharkSSL.h:795
U8 commonNameLen
length in bytes of the field "unit"
Definition: SharkSSL.h:797
const U8 * locality
The city or town name.
Definition: SharkSSL.h:783
U8 emailAddressLen
length in bytes of the field "common name"
Definition: SharkSSL.h:798
The peer's certificate information returned by SharkSslCon_getCertInfo.
Definition: SharkSSL.h:838
U8 timeFromLen
Length of 'timeFrom'.
Definition: SharkSSL.h:894
U8 timeToLen
Length of 'timeTo'.
Definition: SharkSSL.h:897
U16 snLen
Length of 'sn' (serial number)
Definition: SharkSSL.h:840
U8 * timeTo
Certificate expiration date (in Time format: [YY]YYMMDDHHMMSSZ) UTCTime: 2-digit year; GeneralizedTim...
Definition: SharkSSL.h:865
U8 CAflag
The Certificate Authority flag (CA) is set to one if the certificate is a CA i.e.
Definition: SharkSSL.h:850
SharkSslCertDN issuer
The entity who has signed and issued the certificate (RFC 2459 4.1.2.4)
Definition: SharkSSL.h:871
SharkSslCertDN subject
The entity associated with the public key (RFC 2459 4.1.2.6).
Definition: SharkSSL.h:877
U8 * sn
Binary serial number.
Definition: SharkSSL.h:854
U8 * timeFrom
Certificate is valid from date (in Time format: [YY]YYMMDDHHMMSSZ) UTCTime: 2-digit year; Generalized...
Definition: SharkSSL.h:859
U8 * subjectAltNamesPtr
Subject Alternative Names subjectAltNamesPtr is a pointer to an ASN1 sequence, whose length is subjec...
Definition: SharkSSL.h:890
struct SharkSslCertInfo * parent
Pointer to parent node when the SharkSslCertInfo object is part of a certificate chain.
Definition: SharkSSL.h:928
U8 version
Certificate version is offset at 0 so add +1 for actual version number.
Definition: SharkSSL.h:845
SharkSslCertStore is a container object used when assembling a SharkSslCAList.
Definition: SharkSSL.h:2613
A SharkSsl object is the coordinator for managing SharkSslCon objects (See SharkSsl_constructor for d...
Definition: SharkSSL.h:565