SharkSSL™ Embedded SSL/TLS Stack
SharkSSL.h
1/*
2 * ____ _________ __ _
3 * / __ \___ ____ _/ /_ __(_)___ ___ ___ / / ____ ____ _(_)____
4 * / /_/ / _ \/ __ `/ / / / / / __ `__ \/ _ \/ / / __ \/ __ `/ / ___/
5 * / _, _/ __/ /_/ / / / / / / / / / / / __/ /___/ /_/ / /_/ / / /__
6 * /_/ |_|\___/\__,_/_/ /_/ /_/_/ /_/ /_/\___/_____/\____/\__, /_/\___/
7 * /____/
8 *
9 * SharkSSL Embedded SSL/TLS Stack
10 ****************************************************************************
11 * PROGRAM MODULE
12 *
13 * $Id: SharkSSL.h 5658 2025-04-30 05:08:15Z gianluca $
14 *
15 * COPYRIGHT: Real Time Logic LLC, 2010 - 2025
16 *
17 * This software is copyrighted by and is the sole property of Real
18 * Time Logic LLC. All rights, title, ownership, or other interests in
19 * the software remain the property of Real Time Logic LLC. This
20 * software may only be used in accordance with the terms and
21 * conditions stipulated in the corresponding license agreement under
22 * which the software has been supplied. Any unauthorized use,
23 * duplication, transmission, distribution, or disclosure of this
24 * software is expressly forbidden.
25 *
26 * This Copyright notice may not be removed or modified without prior
27 * written consent of Real Time Logic LLC.
28 *
29 * Real Time Logic LLC. reserves the right to modify this software
30 * without notice.
31 *
32 * http://www.realtimelogic.com
33 * http://www.sharkssl.com
34 ****************************************************************************
35 *
36 */
37#ifndef _SharkSsl_h
38#define _SharkSsl_h
39
40#include "TargConfig.h" /* platform dependencies */
41
42#if defined(SHARKDBG_ENABLE) && SHARKDBG_ENABLE
43#define SHARKDBG_PRINTF(x) printf x
44#else
45#define SHARKDBG_PRINTF(x)
46#endif
47
48#ifndef SHARKSSL_API
49#define SHARKSSL_API
50#else /* Barracuda */
51#define SHARKSSL_BA 1
52#include <ThreadLib.h>
53#include <BaServerLib.h>
54#endif
55
56#include "SharkSSL_cfg.h" /* SharkSSL configuration */
57#ifdef __cplusplus
58#include <stddef.h> /* size_t for new, delete */
59#endif
60
61#include "SharkSslCrypto.h" /* Crypto API */
62
63#ifndef sharkCertSerialNumber2NetworkEndian
68typedef U64 SharkCertSerialNumber;
69#ifdef B_BIG_ENDIAN
70#define sharkCertSerialNumber2NetworkEndian(n)
71#else
72#define sharkCertSerialNumber2NetworkEndian(n) \
73 do { \
74 U64 nn=0; \
75 register U8* t=(U8*)&nn; \
76 register U8* f=(U8*)&n; \
77 t[7]=f[0]; \
78 t[6]=f[1]; \
79 t[5]=f[2]; \
80 t[4]=f[3]; \
81 t[3]=f[4]; \
82 t[2]=f[5]; \
83 t[1]=f[6]; \
84 t[0]=f[7]; \
85 n=nn; \
86 } while(0)
87#endif
88#endif
89
90/* Forward decl. */
91struct SharkSslCertDN;
94
116#define SHARKSSL_ALERT_LEVEL_WARNING 1
117
119#define SHARKSSL_ALERT_LEVEL_FATAL 2
120
133#define SHARKSSL_ALERT_CLOSE_NOTIFY 0
135#define SHARKSSL_ALERT_UNEXPECTED_MESSAGE 10
137#define SHARKSSL_ALERT_BAD_RECORD_MAC 20
139#define SHARKSSL_ALERT_DECRYPTION_FAILED 21
141#define SHARKSSL_ALERT_RECORD_OVERFLOW 22
143#define SHARKSSL_ALERT_DECOMPRESSION_FAILURE 30
145#define SHARKSSL_ALERT_HANDSHAKE_FAILURE 40
147#define SHARKSSL_ALERT_BAD_CERTIFICATE 42
149#define SHARKSSL_ALERT_UNSUPPORTED_CERTIFICATE 43
151#define SHARKSSL_ALERT_CERTIFICATE_REVOKED 44
153#define SHARKSSL_ALERT_CERTIFICATE_EXPIRED 45
155#define SHARKSSL_ALERT_CERTIFICATE_UNKNOWN 46
157#define SHARKSSL_ALERT_ILLEGAL_PARAMETER 47
159#define SHARKSSL_ALERT_UNKNOWN_CA 48
161#define SHARKSSL_ALERT_ACCESS_DENIED 49
163#define SHARKSSL_ALERT_DECODE_ERROR 50
165#define SHARKSSL_ALERT_DECRYPT_ERROR 51
167#define SHARKSSL_ALERT_EXPORT_RESTRICTION 60
169#define SHARKSSL_ALERT_PROTOCOL_VERSION 70
171#define SHARKSSL_ALERT_INSUFFICIENT_SECURITY 71
173#define SHARKSSL_ALERT_INTERNAL_ERROR 80
175#define SHARKSSL_ALERT_USER_CANCELED 90
177#define SHARKSSL_ALERT_NO_RENEGOTIATION 100
179#define SHARKSSL_ALERT_MISSING_EXTENSION 109
181#define SHARKSSL_ALERT_UNSUPPORTED_EXTENSION 110
183#define SHARKSSL_ALERT_UNRECOGNIZED_NAME 112
185#define SHARKSSL_ALERT_NO_APPLICATION_PROTOCOL 120 /* RFC 7301 */
186 /* end group SharkSslAlertMsg */ /* end group SharkSslAlert */
189
190
199#if SHARKSSL_TLS_1_3
201#define TLS_AES_128_GCM_SHA256 0x1301
203#define TLS_AES_256_GCM_SHA384 0x1302
205#define TLS_CHACHA20_POLY1305_SHA256 0x1303
206#endif
207#if SHARKSSL_TLS_1_2
209#define TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 0x009E
211#define TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 0x009F
213#define TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC02B
215#define TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0xC02C
217#define TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xC02F
219#define TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0xC030
221#define TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xCCA8
223#define TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 0xCCA9
225#define TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xCCAA
226#endif
227 /* end group SharkSslCiphers */
229
230
238#define SHARKSSL_PROTOCOL_UNKNOWN 0x00
240#define SHARKSSL_PROTOCOL_TLS_1_2 0x33
242#define SHARKSSL_PROTOCOL_TLS_1_3 0x34
243
244/* internal use, with SHARKSSL_PROTOCOL_TLS_1_x as parameter */
245#define SHARKSSL_PROTOCOL_MAJOR(p) (p >> 4)
246#define SHARKSSL_PROTOCOL_MINOR(p) (p & 0xF)
247 /* end group SharkSslProtocol */
249
250
251#if (SHARKSSL_ENABLE_RSA || SHARKSSL_ENABLE_ECDSA)
252#ifndef BA_API /* standalone SharkSSL */
253#define BA_API SHARKSSL_API
254#ifdef _SHARKSSL_C_
255#define SingleListCode 1
256#endif
257#endif
258#include "SingleList.h"
259#endif
260
261
262#if SHARKSSL_ENABLE_SESSION_CACHE || SHARKSSL_NOPACK
263
272 /* end group SharkSslSessionApi */
274
275#ifndef _DOXYGEN
276typedef struct SharkSslSessionCache
277{
278 SharkSslSession *cache;
279 ThreadMutexBase cacheMutex;
280 U16 cacheSize;
281} SharkSslSessionCache;
282#endif
283#endif
284
285
297typedef enum
298{
303 /* end group SharkSslInfoAndCodes */
305
306
307#if (SHARKSSL_ENABLE_RSA || SHARKSSL_ENABLE_ECDSA)
315typedef U8* SharkSslKey;
316
317
323typedef const U8 *SharkSslCert;
324
325#ifdef __cplusplus
326extern "C" {
327#endif
328
334SHARKSSL_API U16 SharkSslCert_len(SharkSslCert cert);
335
338#ifdef __DOXYGEN__
340#endif
341
342#if SHARKSSL_ENABLE_CSR_CREATION
405SHARKSSL_API int
407 SharkSslKey privKey,
408 U8 hashID,
409 struct SharkSslCertDN* certDN,
410 const char *SAN,
411 struct SharkSslBitExtReq* keyUsage,
412 struct SharkSslBitExtReq* nsCertType);
413#endif
414
415#if SHARKSSL_ENABLE_CSR_SIGNING
476SHARKSSL_API int
478 const U8 *csrData,
479 int csrDataLen,
480 const SharkSslCert caCert,
481 const SharkSslKey privKey,
482 const char *validFrom,
483 const char *validTo,
484 SharkCertSerialNumber serialNumber,
485 U8 hashID);
486#endif
487
488#if SHARKSSL_ENABLE_ASN1_KEY_CREATION
495SHARKSSL_API int
497#endif
498
499
500#ifdef __cplusplus
501}
502#endif
503
504
505#if SHARKSSL_ENABLE_CA_LIST
511typedef const U8 *SharkSslCAList;
512#endif
513 /* end group SharkSslInfoAndCodes */
515#endif
516
517#ifndef _DOXYGEN
518struct SharkSsl;
519#endif
520
521
522/* Non documented API used by SharkSslSCMgr when used indirectly by
523 Lua code in the Barracuda Application Server. The code manages
524 automatic destruction of SharkSslSCMgr.
525 */
526#ifndef _DOXYGEN
527struct SharkSslIntf;
528typedef void (*SharkSslIntf_Terminate)(struct SharkSslIntf* o,
529 struct SharkSsl* ssl);
530typedef struct SharkSslIntf
531{
532 SharkSslIntf_Terminate terminate;
533} SharkSslIntf;
534#define SharkSslIntf_constructor(o,terminateFunc) (o)->terminate=terminateFunc
535#endif
536
537
560
561
565typedef struct
567{
568#ifdef __cplusplus
569 void *operator new(size_t s) { return ::baMalloc(s); }
570 void operator delete(void* d) { if(d) ::baFree(d); }
571 void *operator new(size_t, void *place) { return place; }
572 void operator delete(void*, void *) { }
573
574 SharkSsl() {};
575
577 U16 cacheSize = 0,
578 U16 inBufStartSize = 4096,
579 U16 outBufSize = 4096
580 );
581
582 ~SharkSsl();
583 SharkSslCon *createCon(void);
584 U8 setCAList(SharkSslCAList caList);
585 U8 addCertificate(SharkSslCert cert);
586 void terminateCon(SharkSslCon *sslCon);
587#endif
588 #if (SHARKSSL_SSL_SERVER_CODE && SHARKSSL_SSL_CLIENT_CODE) || SHARKSSL_NOPACK
589 SharkSsl_Role role;
590 #endif
591 U16 outBufSize;
592 U16 inBufStartSize;
593 U16 nCon;
594 #if (SHARKSSL_ENABLE_RSA || (SHARKSSL_ENABLE_ECDSA)) || SHARKSSL_NOPACK
595 SingleList certList;
596 #if SHARKSSL_ENABLE_CA_LIST || SHARKSSL_NOPACK
597 SharkSslCAList caList;
598 #endif
599 #endif
600 #if SHARKSSL_ENABLE_SESSION_CACHE || SHARKSSL_NOPACK
601 SharkSslSessionCache sessionCache;
602 /* Reserved for use with one SharkSslSCMgr object */
603 SharkSslIntf* intf;
604 #endif
606 /* end group SharkSslInfoAndCodes */
608
615typedef enum
616{
620
624
635
648
661
675
684
696
702
706
708 /* end group SharkSslCoreApi */
710
711#if (SHARKSSL_ENABLE_RSA || SHARKSSL_ENABLE_ECDSA)
712
724#if SHARKSSL_ENABLE_CERT_KEYUSAGE
725#define SHARKSSL_CERT_KEYUSAGE_DIGITALSIGNATURE 0x00000001
726#define SHARKSSL_CERT_KEYUSAGE_NONREPUDIATION 0x00000002
727#define SHARKSSL_CERT_KEYUSAGE_KEYENCIPHERMENT 0x00000004
728#define SHARKSSL_CERT_KEYUSAGE_DATAENCIPHERMENT 0x00000008
729#define SHARKSSL_CERT_KEYUSAGE_KEYAGREEMENT 0x00000010
730#define SHARKSSL_CERT_KEYUSAGE_KEYCERTSIGN 0x00000020
731#define SHARKSSL_CERT_KEYUSAGE_CRLSIGN 0x00000040
732#define SHARKSSL_CERT_KEYUSAGE_ENCIPHERONLY 0x00000080
733#define SHARKSSL_CERT_KEYUSAGE_DECIPHERONLY 0x00000100
734#define SHARKSSL_CERT_KEYUSAGE_PRESENT 0x00000200
735#define SHARKSSL_CERT_KEYUSAGE_CRITICAL 0x00000400
736
737#define SHARKSSL_CERT_KEYPURPOSE_SERVERAUTH 0x00010000
738#define SHARKSSL_CERT_KEYPURPOSE_CLIENTAUTH 0x00020000
739#define SHARKSSL_CERT_KEYPURPOSE_CODESIGNING 0x00040000
740#define SHARKSSL_CERT_KEYPURPOSE_EMAILPROTECTION 0x00080000
741#define SHARKSSL_CERT_KEYPURPOSE_TIMESTAMPING 0x00100000
742#define SHARKSSL_CERT_KEYPURPOSE_OCSPSIGNING 0x00200000
743
744#define SharkSslCertInfo_KeyFlagSet(o,f) ((o)->keyUsagePurposes & f)
745
749#define SharkSslCertInfo_isKeyUsagePresent(o) SharkSslCertInfo_KeyFlagSet(o, SHARKSSL_CERT_KEYUSAGE_PRESENT)
750#define SharkSslCertInfo_isKeyUsageCritical(o) SharkSslCertInfo_KeyFlagSet(o, SHARKSSL_CERT_KEYUSAGE_CRITICAL)
751#define SharkSslCertInfo_KU_digitalSignature(o) SharkSslCertInfo_KeyFlagSet(o, SHARKSSL_CERT_KEYUSAGE_DIGITALSIGNATURE)
752#define SharkSslCertInfo_KU_nonRepudiation(o) SharkSslCertInfo_KeyFlagSet(o, SHARKSSL_CERT_KEYUSAGE_NONREPUDIATION)
753#define SharkSslCertInfo_KU_keyEncipherment(o) SharkSslCertInfo_KeyFlagSet(o, SHARKSSL_CERT_KEYUSAGE_KEYENCIPHERMENT)
754#define SharkSslCertInfo_KU_dataEncipherment(o) SharkSslCertInfo_KeyFlagSet(o, SHARKSSL_CERT_KEYUSAGE_DATAENCIPHERMENT)
755#define SharkSslCertInfo_KU_keyAgreement(o) SharkSslCertInfo_KeyFlagSet(o, SHARKSSL_CERT_KEYUSAGE_KEYAGREEMENT)
756#define SharkSslCertInfo_KU_keyCertSign(o) SharkSslCertInfo_KeyFlagSet(o, SHARKSSL_CERT_KEYUSAGE_KEYCERTSIGN)
757#define SharkSslCertInfo_KU_cRLSign(o) SharkSslCertInfo_KeyFlagSet(o, SHARKSSL_CERT_KEYUSAGE_CRLSIGN)
758#define SharkSslCertInfo_KU_encipherOnly(o) SharkSslCertInfo_KeyFlagSet(o, SHARKSSL_CERT_KEYUSAGE_ENCIPHERONLY)
759#define SharkSslCertInfo_KU_decipherOnly(o) SharkSslCertInfo_KeyFlagSet(o, SHARKSSL_CERT_KEYUSAGE_DECIPHERONLY)
760
761#define SharkSslCertInfo_kp_serverAuth(o) SharkSslCertInfo_KeyFlagSet(o, SHARKSSL_CERT_KEYPURPOSE_SERVERAUTH)
762#define SharkSslCertInfo_kp_clientAuth(o) SharkSslCertInfo_KeyFlagSet(o, SHARKSSL_CERT_KEYPURPOSE_CLIENTAUTH)
763#define SharkSslCertInfo_kp_codeSigning(o) SharkSslCertInfo_KeyFlagSet(o, SHARKSSL_CERT_KEYPURPOSE_CODESIGNING)
764#define SharkSslCertInfo_kp_emailProtection(o) SharkSslCertInfo_KeyFlagSet(o, SHARKSSL_CERT_KEYPURPOSE_EMAILPROTECTION)
765#define SharkSslCertInfo_kp_timeStamping(o) SharkSslCertInfo_KeyFlagSet(o, SHARKSSL_CERT_KEYPURPOSE_TIMESTAMPING)
766#define SharkSslCertInfo_kp_OCSPSigning(o) SharkSslCertInfo_KeyFlagSet(o, SHARKSSL_CERT_KEYPURPOSE_OCSPSIGNING)
767#endif
768
769
781typedef struct SharkSslCertDN
782{
783 const U8 *countryName;
784 const U8 *province;
785 const U8 *locality;
786 const U8 *organization;
787 const U8 *unit;
791 const U8 *commonName;
792 const U8 *emailAddress;
793
794 U8 countryNameLen;
802
805#define SharkSslCertDN_constructor(o) memset(o,0,sizeof(SharkSslCertDN))
808#define SharkSslCertDN_setCountryName(o, countryNameMA) \
809 (o)->countryName=(const U8*)countryNameMA,(o)->countryNameLen=(U8)strlen(countryNameMA)
812#define SharkSslCertDN_setProvince(o, provinceMA) \
813 (o)->province=(const U8*)provinceMA,(o)->provinceLen=(U8)strlen(provinceMA)
816#define SharkSslCertDN_setLocality(o, localityMA) \
817 (o)->locality=(const U8*)localityMA,(o)->localityLen=(U8)strlen(localityMA)
820#define SharkSslCertDN_setOrganization(o, organizationMA) \
821 (o)->organization=(const U8*)organizationMA,(o)->organizationLen=(U8)strlen(organizationMA)
824#define SharkSslCertDN_setUnit(o, unitMA) \
825 (o)->unit=(const U8*)unitMA,(o)->unitLen=(U8)strlen(unitMA)
828#define SharkSslCertDN_setCommonName(o, commonNameMA) \
829 (o)->commonName=(const U8*)commonNameMA,(o)->commonNameLen=(U8)strlen(commonNameMA)
832#define SharkSslCertDN_setEmailAddress(o, emailAddressMA) \
833 (o)->emailAddress=(const U8*)emailAddressMA,(o)->emailAddressLen=(U8)strlen(emailAddressMA)
834
835
839typedef struct SharkSslCertInfo
840{
842 U16 snLen;
843
848
853
856 U8 *sn;
857
861 U8 *timeFrom; /* declaration of U8 timeFromLen below */
862
867 U8 *timeTo; /* declaration of U8 timeToLen below */
868
874
880
893 U16 subjectAltNamesLen;
894
897
900
901 #if SHARKSSL_ENABLE_CERT_KEYUSAGE
924 U32 keyUsagePurposes;
925 #endif
926
932 /* end group SharkSslCertInfo */
934#endif
935
941#ifdef __cplusplus
942extern "C" {
943#endif
944
972SHARKSSL_API void SharkSsl_constructor(
973 SharkSsl *o,
974 SharkSsl_Role role,
975 U16 cacheSize,
976 U16 inBufStartSize,
977 U16 outBufSize
978 );
979
987SHARKSSL_API void SharkSsl_destructor(SharkSsl *o);
988
989
1010
1011
1027
1028
1029#if SHARKSSL_ENABLE_SESSION_CACHE
1030
1035SHARKSSL_API U16 SharkSsl_getCacheSize(SharkSsl *o);
1036
1037#define SharkSsl_setIntf(o, sharkSslIntf) (o)->intf=sharkSslIntf
1038#define SharkSsl_getIntf(o) (o)->intf
1039
1040#endif
1041
1042
1049#define SharkSslCon_terminate(o) SharkSsl_terminateCon(0, o)
1050
1073
1074
1100
1101
1111
1112
1130
1131
1142
1154
1155
1170
1201U16 SharkSslCon_copyDecData(SharkSslCon *o, U8 *buf, U16 maxLen);
1202
1203
1213SHARKSSL_API U16 SharkSslCon_getDecData(SharkSslCon *o, U8 **bufPtr);
1214
1215
1228
1229
1243
1244
1260
1261
1272
1273
1286
1287
1295
1296
1300
1301
1312
1313
1324
1325
1335#define SharkSslCon_getAlertData(o) SharkSslCon_getEncData(o)
1336
1337
1347#define SharkSslCon_getAlertDataLen(o) SharkSslCon_getEncDataLen(o)
1348 /* end group SharkSslCoreApi */
1350
1351
1352#if SHARKSSL_ENABLE_INFO_API
1353
1357
1360#if (SHARKSSL_TLS_1_3 && SHARKSSL_TLS_1_2)
1362#elif SHARKSSL_TLS_1_3
1363#define SharkSslCon_getProtocol(o) (SHARKSSL_PROTOCOL_TLS_1_3)
1364#elif SHARKSSL_TLS_1_2
1365#define SharkSslCon_getProtocol(o) (SHARKSSL_PROTOCOL_TLS_1_2)
1366#else
1367#error please enable at least one of SHARKSSL_TLS_1_3, SHARKSSL_TLS_1_2
1368#endif
1369
1370#endif
1371
1372
1373#if SHARKSSL_ENABLE_SNI
1374
1375#if SHARKSSL_SSL_CLIENT_CODE
1378SHARKSSL_API U8 SharkSslCon_setSNI(SharkSslCon *o, const char *name, U16 length);
1379#endif
1380
1381#endif
1382
1383
1384#if (SHARKSSL_ENABLE_RSA || SHARKSSL_ENABLE_ECDSA)
1385#if (SHARKSSL_SSL_CLIENT_CODE && SHARKSSL_ENABLE_CLIENT_AUTH)
1390#endif
1391
1396
1408
1409#if SHARKSSL_ENABLE_CA_LIST
1410
1431SHARKSSL_API U8 SharkSsl_setCAList(SharkSsl *o, SharkSslCAList caList);
1432
1447
1448U8 SharkSslCon_isCAListEmpty(SharkSslCon *o);
1449#else
1450
1451#define SharkSslCon_trustedCA(o) 0
1452#endif /* SHARKSSL_ENABLE_CA_LIST */
1453
1454#if (SHARKSSL_SSL_SERVER_CODE && SHARKSSL_ENABLE_RSA)
1458/* to be used as 'flag' param */
1459#define SHARKSSL_SET_FAVOR_RSA 1
1460#define SHARKSSL_CLEAR_FAVOR_RSA 0
1461
1480#endif /* SHARKSSL_SSL_SERVER_CODE */
1481#endif /* SHARKSSL_ENABLE_RSA || SHARKSSL_ENABLE_ECDSA */
1482
1483#if SHARKSSL_SSL_CLIENT_CODE
1484U8 SharkSslCon_selectProtocol(SharkSslCon *o, U8 protocol);
1485#endif
1486
1491#if SHARKSSL_ENABLE_SESSION_CACHE
1492
1493#if SHARKSSL_ENABLE_INFO_API
1497#endif
1498
1502
1503#if SHARKSSL_SSL_SERVER_CODE
1507#endif
1508
1509#if SHARKSSL_SSL_CLIENT_CODE
1510
1519
1520
1528
1534#endif
1535#endif
1536 /* end group SharkSslSessionApi */
1538
1539#if (SHARKSSL_SSL_SERVER_CODE && SHARKSSL_ENABLE_CLIENT_AUTH && \
1540 (SHARKSSL_ENABLE_RSA || SHARKSSL_ENABLE_ECDSA))
1573 SharkSslCon *o, const void *caList);
1574#endif
1575
1576#if (SHARKSSL_TLS_1_3 && SHARKSSL_SSL_CLIENT_CODE && SHARKSSL_ENABLE_CA_EXTENSION && \
1577 (SHARKSSL_ENABLE_RSA || SHARKSSL_ENABLE_ECDSA))
1605 SharkSslCon *o, const void *caList);
1606#endif
1607
1608#if SHARKSSL_ENABLE_ALPN_EXTENSION
1609#if SHARKSSL_SSL_CLIENT_CODE
1626 SharkSslCon* o, const char* protList);
1627
1641SHARKSSL_API const char *SharkSslCon_getALPNProtocol(SharkSslCon* o);
1642#endif
1643#if SHARKSSL_SSL_SERVER_CODE
1644typedef int(*ALPNFunction)(SharkSslCon*, const char*, void *);
1645SHARKSSL_API U8 SharkSslCon_setALPNFunction(
1646 SharkSslCon *o, ALPNFunction func, void *pvoid);
1647#endif
1648#endif /* SHARKSSL_ENABLE_ALPN_EXTENSION */
1649
1650#if ((SHARKSSL_SSL_SERVER_CODE || SHARKSSL_SSL_CLIENT_CODE) && \
1651 SHARKSSL_ENABLE_SELECT_CIPHERSUITE)
1681SHARKSSL_API U8 SharkSslCon_selectCiphersuite(SharkSslCon *o, U16 cipherSuite);
1682
1686#endif
1687
1688#if (SHARKSSL_SSL_SERVER_CODE && SHARKSSL_ENABLE_SECURE_RENEGOTIATION)
1709#endif
1710 /* end group SharkSslApi */
1712
1713
1714#if SHARKSSL_ENABLE_PEM_API
1722typedef enum
1723{
1726
1729
1732
1735
1738
1741
1744
1747
1750
1753
1756
1759
1762
1765
1768
1771
1774
1777
1781
1782
1812 const char *certPEM, const char *keyPEM,
1813 const char *passphrase, SharkSslCert *sharkSslCert);
1814
1815#if SHARKSSL_ENABLE_ENCRYPTED_PKCS8_SUPPORT
1833SHARKSSL_API int sharkssl_PEM_PBKDF2(
1834 U8 *dk, const char *passphrase,
1835 const char *salt, U32 saltLen,
1836 U32 iterations, U16 dkLen, U8 hashID);
1837#endif
1838 /* end group RayCryptoApi */
1840#endif
1841
1842#if SHARKSSL_ENABLE_RSA
1843
1850#define SHARKSSL_RSA_NO_PADDING 0
1851
1852
1856#define SHARKSSL_RSA_PKCS1_PADDING 1
1857
1858
1864typedef enum
1865{
1868
1871
1874
1877
1880
1883
1886
1889
1892
1895
1898
1901
1905#endif
1906 /* end group SharkSslInfoAndCodes */
1908
1909#if SHARKSSL_ENABLE_RSA_API
1910
1921typedef U8* SharkSslRSAKey;
1922
1923#if SHARKSSL_ENABLE_PEM_API
1948 const char *PEMKey, const char *passphrase);
1949
1973SHARKSSL_API SharkSslKey
1975
1976SHARKSSL_API SharkSslKey
1977sharkssl_PEM_extractPublicKey_ext(const char *certPEM, U8 *keyType);
1978#endif /* SHARKSSL_ENABLE_PEM_API */
1979
1980#if (SHARKSSL_ENABLE_PEM_API || (SHARKSSL_ENABLE_RSA && SHARKSSL_ENABLE_RSAKEY_CREATE))
1985#define _SHARKSSLRSAKEY_FREE 1
1986#endif
1987
1988#if SHARKSSL_ENABLE_RSA
1989#if SHARKSSL_ENABLE_RSAKEY_CREATE
2011SHARKSSL_API int SharkSslRSAKey_create(SharkSslRSAKey *privKey, U16 keyLength);
2012
2027#endif
2028
2034
2058 SharkSslRSAKey pubkey, const U8 *in, int len, U8 *out, int padding);
2059
2060
2079 SharkSslRSAKey privkey, const U8 *in, int len, U8 *out, int padding);
2080
2081
2100 SharkSslRSAKey privkey, U8 *sig, U16 *siglen, const U8 *hash, U8 hashID);
2101
2102
2121 SharkSslRSAKey pubkey, U8 *sig, U16 siglen, const U8 *hash, U8 hashID);
2122
2123
2124#if SHARKSSL_ENABLE_RSA_OAEP
2149SHARKSSL_API sharkssl_RSA_RetVal sharkssl_RSA_private_decrypt_OAEP(
2150 SharkSslRSAKey privkey, U8 *in, int len, U8 hashID, U8 *out, const char *label, U16 labelLen);
2151
2152
2178SHARKSSL_API sharkssl_RSA_RetVal sharkssl_RSA_public_encrypt_OAEP(
2179 SharkSslRSAKey pubkey, const U8 *in, int len, U8 hashID, U8 *out, const char *label, U16 labelLen);
2180#endif
2181
2182
2204 SharkSslRSAKey privkey, const U8 *in, int len, U8 *out, int padding);
2205
2206
2228 SharkSslRSAKey pubkey, const U8 *in, int len, U8 *out, int padding);
2229
2230#endif
2231 /* end group RSA */
2233#endif
2234
2235
2248#if SHARKSSL_USE_ECC
2249
2250/*
2251 * NamedCurve, use as curveID parameter
2252 * SECPxxxR1 - RFC 4492 section 5.1.1
2253 * BRAINPOOLPxxxR1 - RFC 7027 section 2
2254 * CURVE25519,448 - RFC 8446 section 4.2.7
2255 */
2256#define SHARKSSL_EC_CURVE_ID_SECP256R1 23
2257#define SHARKSSL_EC_CURVE_ID_SECP384R1 24
2258#define SHARKSSL_EC_CURVE_ID_SECP521R1 25
2259#define SHARKSSL_EC_CURVE_ID_BRAINPOOLP256R1 26
2260#define SHARKSSL_EC_CURVE_ID_BRAINPOOLP384R1 27
2261#define SHARKSSL_EC_CURVE_ID_BRAINPOOLP512R1 28
2262#define SHARKSSL_EC_CURVE_ID_CURVE25519 29
2263#define SHARKSSL_EC_CURVE_ID_CURVE448 30
2264
2265
2272typedef U8* SharkSslECCKey;
2273
2274#if SHARKSSL_ENABLE_PEM_API
2301 const char *PEMKey, const char *passphrase);
2302
2303
2304#if (SHARKSSL_ENABLE_RSA || SHARKSSL_ENABLE_ECDSA)
2313SHARKSSL_API U16 SharkSslKey_vectSize(const SharkSslKey key);
2314#define SharkSslCert_vectSize(c) SharkSslKey_vectSize((const SharkSslCert)c)
2315#define SharkSslCert_vectSize_keyInfo(c, t, p, a, b, x, y) SharkSslKey_vectSize_keyInfo((const SharkSslKey)c, t, p, a, b, x, y)
2316#if SHARKSSL_ENABLE_RSA
2317#define SharkSslRSAKey_vectSize(k) SharkSslKey_vectSize(k)
2318#define SharkSslRSAKey_vectSize_keyInfo(k, t, p, a, b, x, y) SharkSslKey_vectSize_keyInfo((const SharkSslKey)k, t, p, a, b, x, y)
2319#endif
2320#if SHARKSSL_ENABLE_ECDSA
2321#define SharkSslECCKey_vectSize(k) SharkSslKey_vectSize(k)
2322#define SharkSslECCKey_vectSize_keyInfo(k, t, p, a, b, x, y) SharkSslKey_vectSize_keyInfo((const SharkSslKey)k, t, p, a, b, x, y)
2323#endif
2324
2325/* return values of function SharkSslKey_vectSize_keyInfo for the parameter keyType */
2326#define SHARKSSL_KEYTYPE_RSA 0x00
2327#define SHARKSSL_KEYTYPE_EC 0x02
2328
2345SHARKSSL_API U16 SharkSslKey_vectSize_keyInfo(const SharkSslKey key, U8 *keyType, U8 *isKeyPrivate, U8 **d1, U16 *d1Len, U8 **d2, U16 *d2Len);
2346#endif
2347#endif
2348
2349#if SHARKSSL_ENABLE_ECCKEY_CREATE
2350
2351typedef int (*sharkssl_rngfunc)(void* handle, U8 *ptr, U16 len);
2352
2353
2372#define SharkSslECCKey_create(privKey, curveID) SharkSslECCKey_createEx((privKey), (curveID), 0, 0)
2373
2374
2424SHARKSSL_API int SharkSslECCKey_createEx(SharkSslECCKey* privKey, U16 curveID, void* rngHandle, sharkssl_rngfunc rngFunc);
2425#endif
2426
2427
2428#if (SHARKSSL_ENABLE_PEM_API || SHARKSSL_ENABLE_ECCKEY_CREATE)
2435#define _SHARKSSLECCKEY_FREE 1
2436#endif
2437
2438
2439/*
2440 *-----------------------------------------------------------------------------
2441 * To free up the memory allocated by SharkSslECCKey_create and
2442 * SharkSslRSAKey_create, the following macro is provided
2443 * For instance, this function could be called after saving the key to a file
2444 *-----------------------------------------------------------------------------
2445 * key: input parameter, points to a buffer allocated by either
2446 * SharkSslECCKey_create or SharkSslRSAKey_create
2447 */
2448#if defined(_SHARKSSLRSAKEY_FREE)
2449#define SharkSslKey_free SharkSslRSAKey_free
2450#elif defined (_SHARKSSLECCKEY_FREE)
2451#define SharkSslKey_free SharkSslECCKey_free
2452#else
2453#define SharkSslKey_free
2454#endif
2455#undef _SHARKSSLRSAKEY_FREE
2456#undef _SHARKSSLECCKEY_FREE
2457
2458
2464#if SHARKSSL_ENABLE_ECDSA
2468/* ECDSA API and also internal sharkssl_ECDSA_signASN1 */
2469typedef enum
2470{
2473
2476
2479
2482
2485
2488
2491
2494
2497
2501 /* end group SharkSslInfoAndCodes */
2503
2509#if SHARKSSL_ENABLE_ECDSA_API
2510#if (!SHARKSSL_ECDSA_ONLY_VERIFY)
2519SHARKSSL_API U16 sharkssl_ECDSA_siglen(SharkSslECCKey privkey);
2520
2548 SharkSslECCKey privkey, U8 *sig, U16 *siglen, const U8 *hash, U8 hashID);
2549#endif
2550
2573 SharkSslECCKey pubkey, U8 *sig, U16 siglen, const U8 *hash, U8 hashID);
2574
2575#endif /* SHARKSSL_ENABLE_ECDSA_API */
2576#endif /* SHARKSSL_ENABLE_ECDSA */
2577 /* end group ECC */
2579#endif
2580
2581
2582#if (SHARKSSL_ENABLE_CA_LIST && SHARKSSL_ENABLE_CERTSTORE_API)
2583
2589#ifndef BA_API /* standalone SharkSSL */
2590#define BA_API SHARKSSL_API
2591typedef U8 BaBool;
2592#endif
2593#include "DoubleList.h"
2594
2614typedef struct SharkSslCertStore
2615{
2616 DoubleList certList;
2617 SharkSslCAList caList;
2618 U16 elements; /* number of elements in list */
2620
2630
2634
2636#define SharkSslCertStore_release(o) SharkSslCertStore_destructor(o)
2637
2650SHARKSSL_API U16 SharkSslCertStore_add(
2651 SharkSslCertStore *o, const char *cert, U32 certlen);
2652
2664 SharkSslCertStore *o, SharkSslCAList *outList);
2665 /* end group SharkSslCertApi */
2667#endif /* SHARKSSL_ENABLE_CA_LIST && SHARKSSL_ENABLE_CERTSTORE_API */
2668
2669#if ((SHARKSSL_ENABLE_PEM_API) || (SHARKSSL_ENABLE_CERTSTORE_API))
2670SHARKSSL_API U32 sharkssl_B64Decode(
2671 U8 *outStr, U32 outStrSize, const char *b64beg, const char *b64end);
2672#endif
2673
2674
2675
2676#ifdef __cplusplus
2677}
2678
2679inline SharkSsl::SharkSsl(
2680 SharkSsl_Role role, U16 cacheSize, U16 inBufStartSize, U16 outBufSize) {
2681 SharkSsl_constructor(this, role, cacheSize, inBufStartSize, outBufSize);
2682}
2683inline SharkSsl::~SharkSsl() {
2684 SharkSsl_destructor(this);
2685}
2686inline SharkSslCon *SharkSsl::createCon(void) {
2687 return SharkSsl_createCon(this);
2688}
2689inline void SharkSsl::terminateCon(SharkSslCon *sslCon) {
2690 SharkSsl_terminateCon(this, sslCon);
2691}
2692
2693#if (SHARKSSL_ENABLE_RSA || SHARKSSL_ENABLE_ECDSA)
2694inline U8 SharkSsl::addCertificate(SharkSslCert cert) {
2695 return SharkSsl_addCertificate(this, cert);
2696}
2697#if SHARKSSL_ENABLE_CA_LIST
2698inline U8 SharkSsl::setCAList(SharkSslCAList caList) {
2699 return SharkSsl_setCAList(this, caList);
2700}
2701#endif /* SHARKSSL_ENABLE_CA_LIST */
2702#endif /* SHARKSSL_ENABLE_RSA || SHARKSSL_ENABLE_ECDSA */
2703
2704#endif /* __cplusplus */
2705
2706
2707#endif
SHARKSSL_API SharkSslECCKey sharkssl_PEM_to_ECCKey(const char *PEMKey, const char *passphrase)
Convert an ECC private or public key in PEM format to the SharkSslECCKey format.
SHARKSSL_API sharkssl_ECDSA_RetVal sharkssl_ECDSA_verify_hash(SharkSslECCKey pubkey, U8 *sig, U16 siglen, const U8 *hash, U8 hashID)
Verify a message using the ECC public key and a hash algorithm.
SHARKSSL_API U16 sharkssl_ECDSA_siglen(SharkSslECCKey privkey)
Returns the maximum length (in bytes) of a DER-encoded ECDSA signature generated with the private key...
SHARKSSL_API sharkssl_ECDSA_RetVal sharkssl_ECDSA_sign_hash(SharkSslECCKey privkey, U8 *sig, U16 *siglen, const U8 *hash, U8 hashID)
Generate the signature using the ECC private key and a hash.
U8 * SharkSslECCKey
SharkSslECCKey is an alias for the SharkSslCert type and is a private/public key converted by sharkss...
Definition: SharkSSL.h:2272
SHARKSSL_API SharkSslRSAKey sharkssl_PEM_to_RSAKey(const char *PEMKey, const char *passphrase)
Convert an RSA private or public key in PEM format to the SharkSslRSAKey format.
SHARKSSL_API sharkssl_RSA_RetVal sharkssl_RSA_PKCS1V1_5_verify_hash(SharkSslRSAKey pubkey, U8 *sig, U16 siglen, const U8 *hash, U8 hashID)
Verify a signature hash using a public RSA key.
SHARKSSL_API SharkSslKey sharkssl_PEM_extractPublicKey(const char *certPEM)
Extract the public key form a certificate in PEM format.
SHARKSSL_API sharkssl_RSA_RetVal sharkssl_RSA_private_encrypt(SharkSslRSAKey privkey, const U8 *in, int len, U8 *out, int padding)
Sign a message digest using the private key.
SHARKSSL_API sharkssl_RSA_RetVal sharkssl_RSA_private_decrypt(SharkSslRSAKey privkey, const U8 *in, int len, U8 *out, int padding)
Decrypt ciphertext using the private key.
SHARKSSL_API sharkssl_RSA_RetVal sharkssl_RSA_public_encrypt(SharkSslRSAKey pubkey, const U8 *in, int len, U8 *out, int padding)
Encrypt data using the public key or private key.
SHARKSSL_API sharkssl_RSA_RetVal sharkssl_RSA_PKCS1V1_5_sign_hash(SharkSslRSAKey privkey, U8 *sig, U16 *siglen, const U8 *hash, U8 hashID)
Sign a hash using a private RSA key.
SHARKSSL_API void SharkSslRSAKey_free(SharkSslRSAKey key)
Release a SharkSslRSAKey allocated by functions sharkssl_PEM_to_RSAKey and sharkssl_PEM_extractPublic...
SHARKSSL_API sharkssl_RSA_RetVal sharkssl_RSA_public_decrypt(SharkSslRSAKey pubkey, const U8 *in, int len, U8 *out, int padding)
Bring back a message digest using the public key or private key.
U8 * SharkSslRSAKey
SharkSslRSAKey is an alias for the SharkSslCert type and is a private/public key converted by sharkss...
Definition: SharkSSL.h:1921
sharkssl_PEM_RetVal
Return values from function sharkssl_PEM.
Definition: SharkSSL.h:1723
SHARKSSL_API sharkssl_PEM_RetVal sharkssl_PEM(const char *certPEM, const char *keyPEM, const char *passphrase, SharkSslCert *sharkSslCert)
Create a SharkSslCert certificate by using a certificate and key in PEM format.
SHARKSSL_API int sharkssl_PEM_PBKDF2(U8 *dk, const char *passphrase, const char *salt, U32 saltLen, U32 iterations, U16 dkLen, U8 hashID)
sharkssl_PEM_PBKDF2 (output, passphrase, salt, salt_len, iterations, dkLen, hashID) Derives a key fro...
@ SHARKSSL_PEM_CERT_UNSUPPORTED_TYPE
CERT_UNSUPPORTED_TYPE.
Definition: SharkSSL.h:1767
@ SHARKSSL_PEM_KEY_UNSUPPORTED_ENCRYPTION_TYPE
KEY_UNSUPPORTED_ENCRYPTION_TYPE.
Definition: SharkSSL.h:1758
@ SHARKSSL_PEM_OK
OK.
Definition: SharkSSL.h:1725
@ SHARKSSL_PEM_OK_PUBLIC
OK_PUBLIC.
Definition: SharkSSL.h:1728
@ SHARKSSL_PEM_KEY_PRIVATE_KEY_REQUIRED
A PRIVATE KEY IS REQUIRED.
Definition: SharkSSL.h:1776
@ SHARKSSL_PEM_KEY_UNSUPPORTED_EXPONENT_LENGTH
KEY_UNSUPPORTED_EXPONENT_LENGTH.
Definition: SharkSSL.h:1755
@ SHARKSSL_PEM_KEY_UNSUPPORTED_FORMAT
KEY_UNSUPPORTED_FORMAT.
Definition: SharkSSL.h:1749
@ SHARKSSL_PEM_KEY_UNRECOGNIZED_FORMAT
KEY_UNRECOGNIZED_FORMAT.
Definition: SharkSSL.h:1746
@ SHARKSSL_PEM_KEY_UNSUPPORTED_VERSION
KEY_UNSUPPORTED_VERSION.
Definition: SharkSSL.h:1770
@ SHARKSSL_PEM_KEY_PASSPHRASE_REQUIRED
KEY_PASSPHRASE_REQUIRED.
Definition: SharkSSL.h:1743
@ SHARKSSL_PEM_KEY_WRONG_LENGTH
KEY_WRONG_LENGTH.
Definition: SharkSSL.h:1740
@ SHARKSSL_PEM_KEY_PARSE_ERROR
KEY_PARSE_ERROR.
Definition: SharkSSL.h:1734
@ SHARKSSL_PEM_CERT_UNRECOGNIZED_FORMAT
CERT_UNRECOGNIZED_FORMAT.
Definition: SharkSSL.h:1764
@ SHARKSSL_PEM_KEY_REQUIRED
KEY_REQUIRED.
Definition: SharkSSL.h:1773
@ SHARKSSL_PEM_ALLOCATION_ERROR
ALLOCATION_ERROR.
Definition: SharkSSL.h:1731
@ SHARKSSL_PEM_KEY_WRONG_IV
KEY_WRONG_IV.
Definition: SharkSSL.h:1737
@ SHARKSSL_PEM_INTERNAL_ERROR
INTERNAL ERROR.
Definition: SharkSSL.h:1779
@ SHARKSSL_PEM_KEY_CERT_MISMATCH
KEY_CERT_MISMATCH.
Definition: SharkSSL.h:1761
@ SHARKSSL_PEM_KEY_UNSUPPORTED_MODULUS_LENGTH
KEY_UNSUPPORTED_MODULUS_LENGTH.
Definition: SharkSSL.h:1752
U8 SharkSslCon_favorRSA(SharkSslCon *o, U8 flag)
A SharkSSL server can have multiple certificates, such as RSA certificates with various strengths,...
SHARKSSL_API U16 SharkSsl_getCacheSize(SharkSsl *o)
Returns the SharkSsl session cache size.
SharkSslCon * SharkSsl_createCon(SharkSsl *o)
Create a SharkSslCon object.
SHARKSSL_API U8 SharkSslCon_setSNI(SharkSslCon *o, const char *name, U16 length)
set Server Name Indication for TLS client connections
SHARKSSL_API U8 SharkSslCon_trustedCA(SharkSslCon *o)
Returns TRUE if the certificate is valid and is signed with a root certificate trusted by SharkSSL.
SHARKSSL_API U8 SharkSslCon_requestClientCert(SharkSslCon *o, const void *caList)
This function is used by server solutions that require client SSL certificate authentication.
SHARKSSL_API void SharkSsl_destructor(SharkSsl *o)
Close the SharkSsl object.
SHARKSSL_API U8 SharkSslCon_setCertificateAuthorities(SharkSslCon *o, const void *caList)
This function is used by client solutions that require server SSL certificate authentication.
SHARKSSL_API U8 SharkSslCon_clearCiphersuiteSelection(SharkSslCon *o)
Clears the selection, thus enabling all ciphers.
SHARKSSL_API U8 SharkSslCon_getProtocol(SharkSslCon *o)
Returns the active session's protocol version.
SHARKSSL_API U8 SharkSslCon_setALPNProtocols(SharkSslCon *o, const char *protList)
This function is used by client solutions to specify a list of application layer protocols according ...
U8 SharkSslCon_certificateRequested(SharkSslCon *o)
Returns TRUE if the server requested a certificate from the client to verify that the client's identi...
SHARKSSL_API U8 SharkSsl_addCertificate(SharkSsl *o, SharkSslCert cert)
Add a certificate to the SharkSsl object.
SHARKSSL_API U8 SharkSslCon_selectCiphersuite(SharkSslCon *o, U16 cipherSuite)
This function enables you to limit the number of ciphers at runtime.
SHARKSSL_API U8 SharkSsl_setCAList(SharkSsl *o, SharkSslCAList caList)
Set a Certificate Authority (CA) list so the SharkSSL object can permform certificate validation on t...
void SharkSsl_terminateCon(const SharkSsl *o, SharkSslCon *con)
Terminate a SharkSslCon object created by function SharkSsl_createCon.
SHARKSSL_API SharkSslCertInfo * SharkSslCon_getCertInfo(SharkSslCon *o)
Returns the peer's certificate if the handshaking has completed.
SHARKSSL_API U8 SharkSslCon_renegotiate(SharkSslCon *o)
This function enables you to renegotiate an already established SSL/TLS connection.
SHARKSSL_API U16 SharkSslCon_getCiphersuite(SharkSslCon *o)
Returns the active session's chiper suite.
SHARKSSL_API const char * SharkSslCon_getALPNProtocol(SharkSslCon *o)
This function is used by client solutions to return the application layer protocol selected by the se...
SHARKSSL_API void SharkSsl_constructor(SharkSsl *o, SharkSsl_Role role, U16 cacheSize, U16 inBufStartSize, U16 outBufSize)
A SharkSsl object is the coordinator for managing SharkSslCon objects.
SHARKSSL_API int SharkSslECCKey_createEx(SharkSslECCKey *privKey, U16 curveID, void *rngHandle, sharkssl_rngfunc rngFunc)
Creates an ECC key using the SharkSSL library.
SHARKSSL_API int SharkSslRSAKey_create(SharkSslRSAKey *privKey, U16 keyLength)
RSA key creation.
SHARKSSL_API U16 SharkSslKey_vectSize_keyInfo(const SharkSslKey key, U8 *keyType, U8 *isKeyPrivate, U8 **d1, U16 *d1Len, U8 **d2, U16 *d2Len)
Returns the private or public key's "vector size" in bytes.
SHARKSSL_API int SharkSslASN1Create_CSR(struct SharkSslASN1Create *o, SharkSslKey privKey, U8 hashID, struct SharkSslCertDN *certDN, const char *SAN, struct SharkSslBitExtReq *keyUsage, struct SharkSslBitExtReq *nsCertType)
CSR creation (all parameters are input parameters)
SHARKSSL_API void SharkSslCertStore_constructor(SharkSslCertStore *o)
Initialize a SharkSslCertStore object.
SHARKSSL_API int SharkSslCert_signCSR(SharkSslCert *signedCSR, const U8 *csrData, int csrDataLen, const SharkSslCert caCert, const SharkSslKey privKey, const char *validFrom, const char *validTo, SharkCertSerialNumber serialNumber, U8 hashID)
CSR signing (if not specified, parameters are input parameters)
SHARKSSL_API U16 SharkSslRSAKey_size(SharkSslRSAKey key)
Returns the private or public key's modulus size in bytes.
SHARKSSL_API void SharkSslECCKey_free(SharkSslECCKey key)
Release a SharkSslECCKey allocated by functions sharkssl_PEM_to_ECCKey or SharkSslECCKey_create.
SHARKSSL_API U16 SharkSslCertStore_add(SharkSslCertStore *o, const char *cert, U32 certlen)
add a certificate in PEM or p7b format to the CA store.
SHARKSSL_API U8 SharkSslCertStore_assemble(SharkSslCertStore *o, SharkSslCAList *outList)
Assemble all certificates added by calling SharkSslCertStore_add.
struct SharkSslCertStore SharkSslCertStore
SharkSslCertStore is a container object used when assembling a SharkSslCAList.
SHARKSSL_API void SharkSslCertStore_destructor(SharkSslCertStore *o)
Cleanup all memory used by the SharkSslCAList object.
SHARKSSL_API U16 SharkSslCert_len(SharkSslCert cert)
Get certificate length.
SHARKSSL_API U16 SharkSslKey_vectSize(const SharkSslKey key)
Returns the private or public key's "vector size" in bytes.
SHARKSSL_API U8 * SharkSslRSAKey_getPublic(SharkSslRSAKey privKey)
RSA public key extraction from a private key.
struct SharkSslCertInfo SharkSslCertInfo
The peer's certificate information returned by SharkSslCon_getCertInfo.
struct SharkSslCertDN SharkSslCertDN
Certificate KeyUsage and ExtendedKeyUsage flags and relative pseudofunctions.
U8 * SharkSslCon_getEncData(SharkSslCon *o)
This function is used in conjunction with state SharkSslCon_Encrypted returned by function SharkSslCo...
U16 SharkSslCon_getHandshakeDataLen(SharkSslCon *o)
This function is used in conjunction with state SharkSslCon_Handshake returned by function SharkSslCo...
U16 SharkSslCon_getEncDataLen(SharkSslCon *o)
This function is used in conjunction with state SharkSslCon_Encrypted returned by function SharkSslCo...
U16 SharkSslCon_getBufLen(SharkSslCon *o)
Returns the length of the SharkSslCon input buffer.
SharkSslCon_RetVal
The SharkSslCon_decrypt and SharkSslCon_encrypt return values.
Definition: SharkSSL.h:616
SharkSslCon_RetVal SharkSslCon_decrypt(SharkSslCon *o, U16 readLen)
Decrypt the received data copied into the SharkSslCon receive buffer (the buffer returned by SharkSsl...
U16 SharkSslCon_getEncBufSize(SharkSslCon *o)
Returns the length of the buffer returned by SharkSslCon_getEncBufPtr.
U8 SharkSslCon_encryptMore(SharkSslCon *o)
This function is used in conjunction with state SharkSslCon_Encrypted returned by function SharkSslCo...
U8 SharkSslCon_decryptMore(SharkSslCon *o)
This function is used in conjunction with state SharkSslCon_Decrypted returned by function SharkSslCo...
U8 * SharkSslCon_getBuf(SharkSslCon *o)
Returns a pointer to the SharkSslCon input/receive buffer.
SHARKSSL_API U16 SharkSslCon_getDecData(SharkSslCon *o, U8 **bufPtr)
Get a pointer to the decoded data.
U8 SharkSslCon_getAlertLevel(SharkSslCon *o)
This function is used in conjunction with state SharkSslCon_AlertSend returned by function SharkSslCo...
U16 SharkSslCon_copyDecData(SharkSslCon *o, U8 *buf, U16 maxLen)
Copy decoded data to 'buf'.
U8 * SharkSslCon_getEncBufPtr(SharkSslCon *o)
This function is used in conjunction with SharkSslCon_encrypt when using the zero copy send API.
U16 SharkSslCon_setHandshakeDataSent(SharkSslCon *o, U16 length)
This function is used in conjunction with SharkSslCon_getHandshakeData.
U8 SharkSslCon_getAlertDescription(SharkSslCon *o)
This function is used in conjunction with state SharkSslCon_AlertSend returned by function SharkSslCo...
U8 SharkSslCon_isHandshakeComplete(SharkSslCon *o)
Returns the following values:
U8 * SharkSslCon_getHandshakeData(SharkSslCon *o)
This function is used in conjunction with state SharkSslCon_Handshake returned by function SharkSslCo...
SharkSslCon_RetVal SharkSslCon_encrypt(SharkSslCon *o, U8 *buf, U16 maxLen)
Encrypt the data provided by parameter 'buf' or encrypt data in the SharkSslCon send buffer.
@ SharkSslCon_Encrypted
SharkSSL has successfully decrypted a chunk of data.
Definition: SharkSSL.h:695
@ SharkSslCon_Decrypted
Returned when a block of received data has been successfully decrypted.
Definition: SharkSSL.h:634
@ SharkSslCon_AlertSend
Returned when an SSL/TLS alert message must be sent to the peer side.
Definition: SharkSSL.h:674
@ SharkSslCon_AllocationError
The memory pool is too small.
Definition: SharkSSL.h:623
@ SharkSslCon_Error
Indicates general errors, including configuration errors.
Definition: SharkSSL.h:619
@ SharkSslCon_CertificateError
Unrecognized format of a provided certificate.
Definition: SharkSSL.h:705
@ SharkSslCon_AlertRecv
SharkSSL received an SSL/TLS alert message from the peer, which means that the peer either failed to ...
Definition: SharkSSL.h:683
@ SharkSslCon_HandshakeNotComplete
An error condition returned by function SharkSslCon_encrypt if the SSL handshake is not completed.
Definition: SharkSSL.h:701
@ SharkSslCon_Handshake
Returned when an SSL/TLS handshake message has been received or is to be sent.
Definition: SharkSSL.h:647
@ SharkSslCon_NeedMoreData
Returned when SharkSSL holds an incomplete SSL/TLS record or when the connection is initially establi...
Definition: SharkSSL.h:660
U32 baGetUnixTime(void)
Platform dependent function returning seconds since Jan 1 1970.
struct SharkSsl SharkSsl
A SharkSsl object is the coordinator for managing SharkSslCon objects (See SharkSsl_constructor for d...
const U8 * SharkSslCert
The SharkSSL Certificate is in a binary format optimized for speed and size.
Definition: SharkSSL.h:323
SHARKSSL_API int SharkSslASN1Create_key(struct SharkSslASN1Create *o, const SharkSslKey key)
Convert a SharkSslKey to ASN.1 representation.
const U8 * SharkSslCAList
The SharkSSL Certificate Authority (CA) List is in a binary format optimized for speed and size.
Definition: SharkSSL.h:511
struct SharkSslCon SharkSslCon
SharkSslCon is an opaque handle returned by function SharkSsl_createCon.
Definition: SharkSSL.h:559
SharkSsl_Role
Select one of client or server mode when creating a SharkSsl object.
Definition: SharkSSL.h:298
sharkssl_ECDSA_RetVal
Return values from functions sharkssl_ECDSA_sign_hash, sharkssl_ECDSA_verify_hash.
Definition: SharkSSL.h:2470
sharkssl_RSA_RetVal
Return values from functions sharkssl_RSA_public_encrypt, sharkssl_RSA_private_decrypt,...
Definition: SharkSSL.h:1865
U8 * SharkSslKey
The SharkSslKey type.
Definition: SharkSSL.h:315
@ SharkSsl_Unspecified
Definition: SharkSSL.h:299
@ SharkSsl_Client
Definition: SharkSSL.h:301
@ SharkSsl_Server
Definition: SharkSSL.h:300
@ SHARKSSL_ECDSA_ALLOCATION_ERROR
ALLOCATION_ERROR.
Definition: SharkSSL.h:2475
@ SHARKSSL_ECDSA_WRONG_KEY_FORMAT
WRONG_KEY_FORMAT.
Definition: SharkSSL.h:2484
@ SHARKSSL_ECDSA_WRONG_SIGNATURE
WRONG SIGNATURE.
Definition: SharkSSL.h:2499
@ SHARKSSL_ECDSA_WRONG_PARAMETERS
WRONG_PARAMETERS.
Definition: SharkSSL.h:2481
@ SHARKSSL_ECDSA_OK
OK.
Definition: SharkSSL.h:2472
@ SHARKSSL_ECDSA_VERIFICATION_FAIL
VERIFICATION_FAIL.
Definition: SharkSSL.h:2496
@ SHARKSSL_ECDSA_INTERNAL_ERROR
INTERNAL_ERROR.
Definition: SharkSSL.h:2478
@ SHARKSSL_ECDSA_KEY_NOT_PRIVATE
KEY_IS_NOT_PRIVATE.
Definition: SharkSSL.h:2487
@ SHARKSSL_ECDSA_KEY_NOT_PUBLIC
KEY_IS_NOT_PUBLIC.
Definition: SharkSSL.h:2490
@ SHARKSSL_ECDSA_SIGLEN_TOO_SMALL
SIGLEN_TOO_SMALL.
Definition: SharkSSL.h:2493
@ SHARKSSL_RSA_INPUT_DATA_LENGTH_TOO_BIG
INPUT_DATA_LENGTH_TOO_BIG.
Definition: SharkSSL.h:1885
@ SHARKSSL_RSA_WRONG_LABEL_LENGTH
WRONG_LABEL_LENGTH.
Definition: SharkSSL.h:1903
@ SHARKSSL_RSA_OK
OK.
Definition: SharkSSL.h:1867
@ SHARKSSL_RSA_INTERNAL_ERROR
INTERNAL_ERROR.
Definition: SharkSSL.h:1873
@ SHARKSSL_RSA_WRONG_PARAMETERS
WRONG_PARAMETERS.
Definition: SharkSSL.h:1876
@ SHARKSSL_RSA_WRONG_SIGNATURE
WRONG SIGNATURE.
Definition: SharkSSL.h:1900
@ SHARKSSL_RSA_ALLOCATION_ERROR
ALLOCATION_ERROR.
Definition: SharkSSL.h:1870
@ SHARKSSL_RSA_WRONG_KEY_FORMAT
WRONG_KEY_FORMAT.
Definition: SharkSSL.h:1879
@ SHARKSSL_RSA_PKCS1_PADDING_ERROR
PKCS1_PADDING_ERROR.
Definition: SharkSSL.h:1891
@ SHARKSSL_RSA_INPUT_DATA_LENGTH_AND_KEY_LENGTH_MISMATCH
INPUT_DATA_LENGTH_AND_KEY_LENGTH_MISMATCH.
Definition: SharkSSL.h:1888
@ SHARKSSL_RSA_WRONG_KEY_LENGTH
WRONG_KEY_LENGTH.
Definition: SharkSSL.h:1882
@ SHARKSSL_RSA_VERIFICATION_FAIL
VERIFICATION FAIL.
Definition: SharkSSL.h:1897
@ SHARKSSL_RSA_KEY_NOT_PRIVATE
KEY_IS_NOT_PRIVATE.
Definition: SharkSSL.h:1894
SHARKSSL_API SharkSslSession * SharkSslCon_acquireSession(SharkSslCon *o)
Request a SharkSslSession object from the client's session pool.
SHARKSSL_API U8 SharkSslCon_releaseSession(SharkSslCon *o)
experimental
struct SharkSslSession SharkSslSession
SharkSslSession is an opaque handle returned by function SharkSslCon_acquireSession.
Definition: SharkSSL.h:271
SHARKSSL_API U8 SharkSslCon_resumeSession(SharkSslCon *o, SharkSslSession *s)
Resume an existing session.
SHARKSSL_API U8 SharkSslCon_isResumed(SharkSslCon *o)
Returns 1 if the current session is a resumed one.
SHARKSSL_API U32 SharkSslSession_getLatestAccessTime(SharkSslSession *o)
Returns the last time the session was accessed.
SHARKSSL_API U8 SharkSslSession_release(SharkSslSession *o, SharkSsl *s)
Release a session created by function SharkSslCon_acquireSession.
Opaque object used when creating ASN.1 encoded data.
Definition: SharkSslASN1.h:228
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/nss_tech_notes/nss_tech_note3 http://to...
Definition: SharkSslASN1.h:239
Certificate KeyUsage and ExtendedKeyUsage flags and relative pseudofunctions.
Definition: SharkSSL.h:782
U8 unitLen
length in bytes of the field "organization"
Definition: SharkSSL.h:798
U8 provinceLen
length in bytes of the field "country"
Definition: SharkSSL.h:795
const U8 * province
State or Province.
Definition: SharkSSL.h:784
U8 localityLen
length in bytes of the field "province"
Definition: SharkSSL.h:796
const U8 * unit
Organizational Unit (OU: department or organization unit)
Definition: SharkSSL.h:787
const U8 * organization
Organization Name (company or department)
Definition: SharkSSL.h:786
const U8 * commonName
Common Name is the Host + Domain Name (example: www.mycompany.com, where www is host and mycompany....
Definition: SharkSSL.h:791
const U8 * countryName
ISO3166 country code.
Definition: SharkSSL.h:783
U8 organizationLen
length in bytes of the field "locality"
Definition: SharkSSL.h:797
U8 commonNameLen
length in bytes of the field "unit"
Definition: SharkSSL.h:799
const U8 * locality
The city or town name.
Definition: SharkSSL.h:785
U8 emailAddressLen
length in bytes of the field "common name"
Definition: SharkSSL.h:800
The peer's certificate information returned by SharkSslCon_getCertInfo.
Definition: SharkSSL.h:840
U8 timeFromLen
Length of 'timeFrom'.
Definition: SharkSSL.h:896
U8 timeToLen
Length of 'timeTo'.
Definition: SharkSSL.h:899
U16 snLen
Length of 'sn' (serial number)
Definition: SharkSSL.h:842
U8 * timeTo
Certificate expiration date (in Time format: [YY]YYMMDDHHMMSSZ) UTCTime: 2-digit year; GeneralizedTim...
Definition: SharkSSL.h:867
U8 CAflag
The Certificate Authority flag (CA) is set to one if the certificate is a CA i.e.
Definition: SharkSSL.h:852
SharkSslCertDN issuer
The entity who has signed and issued the certificate (RFC 2459 4.1.2.4)
Definition: SharkSSL.h:873
SharkSslCertDN subject
The entity associated with the public key (RFC 2459 4.1.2.6).
Definition: SharkSSL.h:879
U8 * sn
Binary serial number.
Definition: SharkSSL.h:856
U8 * timeFrom
Certificate is valid from date (in Time format: [YY]YYMMDDHHMMSSZ) UTCTime: 2-digit year; Generalized...
Definition: SharkSSL.h:861
U8 * subjectAltNamesPtr
Subject Alternative Names subjectAltNamesPtr is a pointer to an ASN1 sequence, whose length is subjec...
Definition: SharkSSL.h:892
struct SharkSslCertInfo * parent
Pointer to parent node when the SharkSslCertInfo object is part of a certificate chain.
Definition: SharkSSL.h:930
U8 version
Certificate version is offset at 0 so add +1 for actual version number.
Definition: SharkSSL.h:847
SharkSslCertStore is a container object used when assembling a SharkSslCAList.
Definition: SharkSSL.h:2615
A SharkSsl object is the coordinator for managing SharkSslCon objects (See SharkSsl_constructor for d...
Definition: SharkSSL.h:567