[Feature][Modem]Update MTK MODEM V1.6 baseline version: MOLY.NR15.R3.MD700.IVT.MP1MR3.MP.V1.6
MTK modem version: MT2735_IVT_MOLY.NR15.R3.MD700.IVT.MP1MR3.MP.V1.6.tar.gz
RF modem version: NA
Change-Id: I45a4c2752fa9d1a618beacd5d40737fb39ab64fb
diff --git a/mcu/interface/driver/cipher/include/gcu.h b/mcu/interface/driver/cipher/include/gcu.h
new file mode 100644
index 0000000..72bb849
--- /dev/null
+++ b/mcu/interface/driver/cipher/include/gcu.h
@@ -0,0 +1,243 @@
+/*****************************************************************************
+* Copyright Statement:
+* --------------------
+* This software is protected by Copyright and the information contained
+* herein is confidential. The software may not be copied and the information
+* contained herein may not be used or disclosed except with the written
+* permission of MediaTek Inc. (C) 2005
+*
+* BY OPENING THIS FILE, BUYER HEREBY UNEQUIVOCALLY ACKNOWLEDGES AND AGREES
+* THAT THE SOFTWARE/FIRMWARE AND ITS DOCUMENTATIONS ("MEDIATEK SOFTWARE")
+* RECEIVED FROM MEDIATEK AND/OR ITS REPRESENTATIVES ARE PROVIDED TO BUYER ON
+* AN "AS-IS" BASIS ONLY. MEDIATEK EXPRESSLY DISCLAIMS ANY AND ALL WARRANTIES,
+* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF
+* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NONINFRINGEMENT.
+* NEITHER DOES MEDIATEK PROVIDE ANY WARRANTY WHATSOEVER WITH RESPECT TO THE
+* SOFTWARE OF ANY THIRD PARTY WHICH MAY BE USED BY, INCORPORATED IN, OR
+* SUPPLIED WITH THE MEDIATEK SOFTWARE, AND BUYER AGREES TO LOOK ONLY TO SUCH
+* THIRD PARTY FOR ANY WARRANTY CLAIM RELATING THERETO. MEDIATEK SHALL ALSO
+* NOT BE RESPONSIBLE FOR ANY MEDIATEK SOFTWARE RELEASES MADE TO BUYER'S
+* SPECIFICATION OR TO CONFORM TO A PARTICULAR STANDARD OR OPEN FORUM.
+*
+* BUYER'S SOLE AND EXCLUSIVE REMEDY AND MEDIATEK'S ENTIRE AND CUMULATIVE
+* LIABILITY WITH RESPECT TO THE MEDIATEK SOFTWARE RELEASED HEREUNDER WILL BE,
+* AT MEDIATEK'S OPTION, TO REVISE OR REPLACE THE MEDIATEK SOFTWARE AT ISSUE,
+* OR REFUND ANY SOFTWARE LICENSE FEES OR SERVICE CHARGE PAID BY BUYER TO
+* MEDIATEK FOR SUCH MEDIATEK SOFTWARE AT ISSUE.
+*
+* THE TRANSACTION CONTEMPLATED HEREUNDER SHALL BE CONSTRUED IN ACCORDANCE
+* WITH THE LAWS OF THE STATE OF CALIFORNIA, USA, EXCLUDING ITS CONFLICT OF
+* LAWS PRINCIPLES. ANY DISPUTES, CONTROVERSIES OR CLAIMS ARISING THEREOF AND
+* RELATED THERETO SHALL BE SETTLED BY ARBITRATION IN SAN FRANCISCO, CA, UNDER
+* THE RULES OF THE INTERNATIONAL CHAMBER OF COMMERCE (ICC).
+*
+*****************************************************************************/
+
+/*****************************************************************************
+ *
+ * Filename:
+ * ---------
+ * gcu.h
+ *
+ * Project:
+ * --------
+ * Maui_Software
+ *
+ * Description:
+ * ------------
+ * This file is intends for gcu driver.
+ *
+ * Author:
+ * -------
+ * -------
+ *
+ *============================================================================
+ * HISTORY
+ * Below this line, this part is controlled by PVCS VM. DO NOT MODIFY!!
+ *------------------------------------------------------------------------------
+ * removed!
+ * removed!
+ * removed!
+ *
+ * removed!
+ * removed!
+ * removed!
+ *
+ * removed!
+ * removed!
+ * removed!
+ *
+ * removed!
+ * removed!
+ * removed!
+ *
+ * removed!
+ * removed!
+ * removed!
+ *
+ * removed!
+ * removed!
+ * removed!
+ *
+ * removed!
+ * removed!
+ * removed!
+ *
+ * removed!
+ * removed!
+ * removed!
+ *
+ * removed!
+ * removed!
+ * removed!
+ *
+ * removed!
+ * removed!
+ * removed!
+ *
+ * removed!
+ * removed!
+ * removed!
+ *
+ * removed!
+ * removed!
+ * removed!
+ *
+ * removed!
+ * removed!
+ * removed!
+ *
+ * removed!
+ * removed!
+ * removed!
+ *
+ * removed!
+ * removed!
+ * removed!
+ *
+ * removed!
+ * removed!
+ * removed!
+ *
+ * removed!
+ * removed!
+ * removed!
+ *
+ * removed!
+ * removed!
+ * removed!
+ *
+ * removed!
+ * removed!
+ * removed!
+ *
+ * removed!
+ * removed!
+ * removed!
+ * removed!
+ * removed!
+ * removed!
+ * removed!
+ * removed!
+ * removed!
+ * removed!
+ * removed!
+ * removed!
+ * removed!
+ * removed!
+ * removed!
+ * removed!
+ * removed!
+ * removed!
+ * removed!
+ * removed!
+ * removed!
+ * removed!
+ * removed!
+ * removed!
+ * removed!
+ * removed!
+ * removed!
+ * removed!
+ * removed!
+ * removed!
+ * removed!
+ * removed!
+ * removed!
+ * removed!
+ * removed!
+ * removed!
+ * removed!
+ * removed!
+ * removed!
+ * removed!
+ * removed!
+ * removed!
+ * removed!
+ * removed!
+ * removed!
+ * removed!
+ * removed!
+ * removed!
+ * removed!
+ * removed!
+ * removed!
+ * removed!
+ * removed!
+ * removed!
+ * removed!
+ * removed!
+ * removed!
+ * removed!
+ * removed!
+ * removed!
+ * removed!
+ *------------------------------------------------------------------------------
+ * Upper this line, this part is controlled by PVCS VM. DO NOT MODIFY!!
+ *============================================================================
+ ****************************************************************************/
+#ifndef GCU_H
+#define GCU_H
+
+//#include "drv_features.h"
+
+#if defined(__GCU_DVT__)
+#undef DRV_GCU_GEA4
+#define DRV_GCU_GEA4
+#endif
+
+typedef struct __gcu_input
+{
+ kal_uint16 SK0;
+ kal_uint16 SK1;
+ kal_uint16 SK2;
+ kal_uint16 SK3;
+
+#if defined(DRV_GCU_GEA4)
+ kal_uint16 SK4;
+ kal_uint16 SK5;
+ kal_uint16 SK6;
+ kal_uint16 SK7;
+#endif
+
+ kal_uint16 MK0;
+ kal_uint16 MK1;
+ kal_bool DIRECTION; /*=1 or = 0*/
+} gcu_input;
+
+extern kal_bool GCU_isBUZY(void);
+extern void GCU_InputData(gcu_input *data);
+
+extern kal_bool gea_is_support_gea3(void);
+
+extern kal_bool gea_cidecipher (kal_uint8 *src_buff_ptr,
+ kal_uint8 *dest_buff_ptr,
+ kal_uint16 buff_len,
+ kal_uint8 cipher_algo,
+ kal_bool direction,
+ kal_uint8 *input_sk,
+ kal_uint32 input_mk);
+
+#endif
+
+
diff --git a/mcu/interface/driver/cipher/include/ssl_api.h b/mcu/interface/driver/cipher/include/ssl_api.h
new file mode 100644
index 0000000..25fd30f
--- /dev/null
+++ b/mcu/interface/driver/cipher/include/ssl_api.h
@@ -0,0 +1,1452 @@
+/*****************************************************************************
+* Copyright Statement:
+* --------------------
+* This software is protected by Copyright and the information contained
+* herein is confidential. The software may not be copied and the information
+* contained herein may not be used or disclosed except with the written
+* permission of MediaTek Inc. (C) 2005
+*
+* BY OPENING THIS FILE, BUYER HEREBY UNEQUIVOCALLY ACKNOWLEDGES AND AGREES
+* THAT THE SOFTWARE/FIRMWARE AND ITS DOCUMENTATIONS ("MEDIATEK SOFTWARE")
+* RECEIVED FROM MEDIATEK AND/OR ITS REPRESENTATIVES ARE PROVIDED TO BUYER ON
+* AN "AS-IS" BASIS ONLY. MEDIATEK EXPRESSLY DISCLAIMS ANY AND ALL WARRANTIES,
+* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF
+* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NONINFRINGEMENT.
+* NEITHER DOES MEDIATEK PROVIDE ANY WARRANTY WHATSOEVER WITH RESPECT TO THE
+* SOFTWARE OF ANY THIRD PARTY WHICH MAY BE USED BY, INCORPORATED IN, OR
+* SUPPLIED WITH THE MEDIATEK SOFTWARE, AND BUYER AGREES TO LOOK ONLY TO SUCH
+* THIRD PARTY FOR ANY WARRANTY CLAIM RELATING THERETO. MEDIATEK SHALL ALSO
+* NOT BE RESPONSIBLE FOR ANY MEDIATEK SOFTWARE RELEASES MADE TO BUYER'S
+* SPECIFICATION OR TO CONFORM TO A PARTICULAR STANDARD OR OPEN FORUM.
+*
+* BUYER'S SOLE AND EXCLUSIVE REMEDY AND MEDIATEK'S ENTIRE AND CUMULATIVE
+* LIABILITY WITH RESPECT TO THE MEDIATEK SOFTWARE RELEASED HEREUNDER WILL BE,
+* AT MEDIATEK'S OPTION, TO REVISE OR REPLACE THE MEDIATEK SOFTWARE AT ISSUE,
+* OR REFUND ANY SOFTWARE LICENSE FEES OR SERVICE CHARGE PAID BY BUYER TO
+* MEDIATEK FOR SUCH MEDIATEK SOFTWARE AT ISSUE.
+*
+* THE TRANSACTION CONTEMPLATED HEREUNDER SHALL BE CONSTRUED IN ACCORDANCE
+* WITH THE LAWS OF THE STATE OF CALIFORNIA, USA, EXCLUDING ITS CONFLICT OF
+* LAWS PRINCIPLES. ANY DISPUTES, CONTROVERSIES OR CLAIMS ARISING THEREOF AND
+* RELATED THERETO SHALL BE SETTLED BY ARBITRATION IN SAN FRANCISCO, CA, UNDER
+* THE RULES OF THE INTERNATIONAL CHAMBER OF COMMERCE (ICC).
+*
+*****************************************************************************/
+
+/*******************************************************************************
+ * Filename:
+ * ---------
+ * ssl_api.h
+ *
+ * Project:
+ * --------
+ * MAUI
+ *
+ * Description:
+ * ------------
+ * This file contains function prototypes, constants for SSL API.
+ *
+ * Author:
+ * -------
+ * -------
+ *
+ *==============================================================================
+ * HISTORY
+ * Below this line, this part is controlled by PVCS VM. DO NOT MODIFY!!
+ *------------------------------------------------------------------------------
+ * removed!
+ *
+ * removed!
+ * removed!
+ * removed!
+ * removed!
+ *
+ * removed!
+ * removed!
+ * removed!
+ *
+ * removed!
+ * removed!
+ * removed!
+ *
+ * removed!
+ * removed!
+ * removed!
+ *
+ * removed!
+ * removed!
+ * removed!
+ *
+ * removed!
+ * removed!
+ * removed!
+ *
+ * removed!
+ * removed!
+ * removed!
+ *
+ * removed!
+ * removed!
+ * removed!
+ *
+ * removed!
+ * removed!
+ * removed!
+ *
+ * removed!
+ * removed!
+ * removed!
+ *
+ * removed!
+ * removed!
+ * removed!
+ *
+ * removed!
+ * removed!
+ * removed!
+ *
+ * removed!
+ * removed!
+ * removed!
+ *
+ * removed!
+ * removed!
+ * removed!
+ *
+ * removed!
+ * removed!
+ * removed!
+ *
+ * removed!
+ * removed!
+ * removed!
+ *
+ * removed!
+ * removed!
+ * removed!
+ *
+ * removed!
+ * removed!
+ * removed!
+ *
+ * removed!
+ * removed!
+ * removed!
+ *
+ * removed!
+ * removed!
+ * removed!
+ *
+ * removed!
+ * removed!
+ * removed!
+ *
+ * removed!
+ * removed!
+ * removed!
+ *
+ * removed!
+ * removed!
+ * removed!
+ *
+ * removed!
+ * removed!
+ * removed!
+ *
+ * removed!
+ * removed!
+ * removed!
+ *
+ * removed!
+ * removed!
+ * removed!
+ *
+ * removed!
+ * removed!
+ * removed!
+ *
+ * removed!
+ * removed!
+ * removed!
+ *
+ * removed!
+ * removed!
+ * removed!
+ *
+ * removed!
+ * removed!
+ * removed!
+ *
+ *
+ *------------------------------------------------------------------------------
+ * Upper this line, this part is controlled by PVCS VM. DO NOT MODIFY!!
+ *==============================================================================
+ *******************************************************************************/
+#ifndef _SSL_API_H
+#define _SSL_API_H
+
+#include "ssl_consts.h"
+#include "ssl_enums.h"
+#include "ssl_structs.h"
+#include "ssl_callback.h"
+
+#include "kal_general_types.h"
+
+
+/*****************************************************************************
+ * <GROUP Protocol Methods>
+ * FUNCTION
+ * sec_sslv2_client_method
+ * DESCRIPTION
+ * Constructor for the SSLv2 SSL_METHOD structure for a dedicated client.
+ * PARAMETERS
+ * void.
+ * RETURNS
+ * Constructor as a parameter to sec_ssl_ctx_new() to create a client side
+ * SSL context be able to handle SSLv2 messges.
+ * SEE ALSO
+ * sec_ssl_ctx_new
+ *****************************************************************************/
+extern const ssl_method *sec_sslv2_client_method(void);
+
+
+
+/*****************************************************************************
+ * <GROUP Protocol Methods>
+ * FUNCTION
+ * sec_sslv3_client_method
+ * DESCRIPTION
+ * Constructor for the SSLv3 SSL_METHOD structure for a dedicated client.
+ * PARAMETERS
+ * void.
+ * RETURNS
+ * Constructor as a parameter to sec_ssl_ctx_new() to create a client side
+ * SSL context be able to handle SSLv3 messges.
+ * SEE ALSO
+ * sec_ssl_ctx_new
+ *****************************************************************************/
+extern const ssl_method *sec_sslv3_client_method(void);
+
+
+
+/*****************************************************************************
+ * <GROUP Protocol Methods>
+ * FUNCTION
+ * sec_tlsv1_client_method
+ * DESCRIPTION
+ * Constructor for the TLSv1 SSL_METHOD structure for a dedicated client.
+ * PARAMETERS
+ * void.
+ * RETURNS
+ * Constructor as a parameter to sec_ssl_ctx_new() to create a client side
+ * SSL context be able to handle TLSv1 messges.
+ * SEE ALSO
+ * sec_ssl_ctx_new
+ *****************************************************************************/
+extern const ssl_method *sec_tlsv1_client_method(void);
+
+#ifdef __OPENSSL_TLS12__
+extern const ssl_method *sec_tlsv1_1_client_method(void);
+
+extern const ssl_method *sec_tlsv1_2_client_method(void);
+#endif
+
+
+/*****************************************************************************
+ * <GROUP Protocol Methods>
+ * FUNCTION
+ * sec_sslv23_client_method
+ * DESCRIPTION
+ * Constructor for the SSLv2 and SSLv3 SSL_METHOD structure for a
+ * dedicated client.
+ * PARAMETERS
+ * void.
+ * RETURNS
+ * Constructor as a parameter to sec_ssl_ctx_new() to create a client side
+ * SSL context be able to handle both SSLv2 and SSLv3 messges.
+ * SEE ALSO
+ * sec_ssl_ctx_new
+ *****************************************************************************/
+extern const ssl_method *sec_sslv23_client_method(void);
+
+
+
+/*****************************************************************************
+ * <GROUP Protocol Methods>
+ * FUNCTION
+ * sec_tlsv1_sslv3_client_method
+ * DESCRIPTION
+ * Constructor for the TLSv1 and SSLv3 SSL_METHOD structure for a
+ * dedicated client.
+ * PARAMETERS
+ * void.
+ * RETURNS
+ * Constructor as a parameter to sec_ssl_ctx_new() to create a client side
+ * SSL context be able to handle both TLSv1 and SSLv3 messges.
+ * SEE ALSO
+ * sec_ssl_ctx_new
+ *****************************************************************************/
+extern const ssl_method *sec_tlsv1_sslv3_client_method(void);
+
+
+
+/*****************************************************************************
+ * <GROUP Protocol Methods>
+ * FUNCTION
+ * sec_sslv2_server_method
+ * DESCRIPTION
+ * Constructor for the SSLv2 SSL_METHOD structure for a dedicated server.
+ * PARAMETERS
+ * void.
+ * RETURNS
+ * Constructor as a parameter to sec_ssl_ctx_new() to create a server side
+ * SSL context be able to handle SSLv2 messges.
+ * SEE ALSO
+ * sec_ssl_ctx_new
+ *****************************************************************************/
+extern const ssl_method *sec_sslv2_server_method(void);
+
+
+
+/*****************************************************************************
+ * <GROUP Protocol Methods>
+ * FUNCTION
+ * sec_sslv3_server_method
+ * DESCRIPTION
+ * Constructor for the SSLv3 SSL_METHOD structure for a dedicated server.
+ * PARAMETERS
+ * void.
+ * RETURNS
+ * Constructor as a parameter to sec_ssl_ctx_new() to create a server side
+ * SSL context be able to handle SSLv3 messges.
+ * SEE ALSO
+ * sec_ssl_ctx_new
+ *****************************************************************************/
+extern const ssl_method *sec_sslv3_server_method(void);
+
+
+
+/*****************************************************************************
+ * <GROUP Protocol Methods>
+ * FUNCTION
+ * sec_tlsv1_server_method
+ * DESCRIPTION
+ * Constructor for the TLSv1 SSL_METHOD structure for a dedicated server.
+ * PARAMETERS
+ * void.
+ * RETURNS
+ * Constructor as a parameter to sec_ssl_ctx_new() to create a server side
+ * SSL context be able to handle TLSv1 messges.
+ * SEE ALSO
+ * sec_ssl_ctx_new
+ *****************************************************************************/
+extern const ssl_method *sec_tlsv1_server_method(void);
+
+
+
+/*****************************************************************************
+ * <GROUP Protocol Methods>
+ * FUNCTION
+ * sec_sslv23_server_method
+ * DESCRIPTION
+ * Constructor for the SSLv2 and SSLv3 SSL_METHOD structure for a
+ * dedicated server.
+ * PARAMETERS
+ * void.
+ * RETURNS
+ * Constructor as a parameter to sec_ssl_ctx_new() to create a server side
+ * SSL context be able to handle both SSLv2 and SSLv3 messges.
+ * SEE ALSO
+ * sec_ssl_ctx_new
+ *****************************************************************************/
+extern const ssl_method *sec_sslv23_server_method(void);
+
+
+
+/*****************************************************************************
+ * <GROUP Protocol Methods>
+ * FUNCTION
+ * sec_tlsv1_sslv3_server_method
+ * DESCRIPTION
+ * Constructor for the TLSv1 and SSLv3 SSL_METHOD structure for a
+ * dedicated server.
+ * PARAMETERS
+ * void.
+ * RETURNS
+ * Constructor as a parameter to sec_ssl_ctx_new() to create a server side
+ * SSL context be able to handle both TLSv1 and SSLv3 messges.
+ * SEE ALSO
+ * sec_ssl_ctx_new
+ *****************************************************************************/
+extern const ssl_method *sec_tlsv1_sslv3_server_method(void);
+
+
+
+/*****************************************************************************
+ * <GROUP SSL Context APIs>
+ * FUNCTION
+ * sec_ssl_ctx_new
+ * DESCRIPTION
+ * Crete a new SSL context object as framework for TLS/SSL enabled functions.
+ * PARAMETERS
+ * method : [IN] SSL context constructor such as
+ * sec_sslv3_client_method() or sec_sslv23_client_method(), etc.
+ * RETURNS
+ * If an SSL context is created successfully, a pointer to the created
+ * SSL context is returned. Otherwise, NULL is returned if SSL context
+ * is not created.
+ *****************************************************************************/
+extern ssl_ctx*
+sec_ssl_ctx_new(const ssl_method *method);
+
+
+
+/*****************************************************************************
+ * <GROUP SSL Context APIs>
+ * FUNCTION
+ * sec_ssl_ctx_free
+ * DESCRIPTION
+ * Free an allocated SSL context object.
+ * PARAMETERS
+ * ctx : [IN] pointer to SSL context to be freed.
+ * RETURNS
+ * This function returns no diagnostic information.
+ *****************************************************************************/
+extern void sec_ssl_ctx_free(ssl_ctx *ctx);
+
+
+
+/*****************************************************************************
+ * <GROUP SSL Context APIs>
+ * FUNCTION
+ * sec_ssl_ctx_set_prng
+ * DESCRIPTION
+ * Set the pseudo-rnadom-number-generator provider (callback function)
+ * used by the context.
+ * PARAMETERS
+ * ctx : [IN] Pointer to SSL context.
+ * prng : [IN] Pseudo-number-number-generator provider.
+ * RETURN VALUES
+ * SEC_ERROR_NONE : Success.
+ * SEC_ERROR_PTR : No valid pointer.
+ * SEC_ERROR_MEM : Memory allocation failure.
+ *****************************************************************************/
+extern kal_int32
+sec_ssl_ctx_set_prng(ssl_ctx *ctx, const sec_ssl_prng_generator prng);
+
+
+
+/*****************************************************************************
+ * <GROUP SSL Context APIs>
+ * FUNCTION
+ * sec_ssl_ctx_set_cipher_list
+ * DESCRIPTION
+ * Set list of available SSL ciphersuites.
+ * PARAMETERS
+ * ctx : [IN] Pointer to SSL context.
+ * ciphers : [IN] List of ciphers.
+ * num : [IN] Number of ciphers in the list.
+ * EXAMPLE
+ * <code>
+ * sec_cipher_enum ciphers[] =
+ * {AES128_SHA, AES256-SHA, RC4_MD5, RC4_SHA, DES_CBC3_SHA};
+ * rc = sec_ssl_ctx_set_cipher_list(*globalCtx,
+ * ciphers,
+ * sizoef(ciphers) / sizoef(sec_cipher_enum));
+ * </code>
+ * RETURN VALUES
+ * 1 : Success.
+ * 0 : Fail.
+ *****************************************************************************/
+extern kal_int32
+sec_ssl_ctx_set_cipher_list(ssl_ctx *ctx, const sec_cipher_enum ciphers[],
+ const kal_int32 num);
+
+
+
+/*****************************************************************************
+ * <GROUP SSL Context APIs>
+ * FUNCTION
+ * sec_ssl_ctx_set_default_passwd_cb
+ * DESCRIPTION
+ * Set the default password callback called when loading/storing a PEM
+ * certificate with encryption.
+ * PARAMETERS
+ * ctx : [IN] Pointer to SSL context
+ * cb : [IN] Callback function to hand back the password to be used
+ * during decryption.
+ * On invocation, a pointer to 'userdata' is provided.
+ * The callback function must write the password into the
+ * provided buffer 'buf'.
+ * RETURNS
+ * This function returns no diagnostic information.
+ * SEE ALSO
+ * sec_ssl_ctx_set_default_passwd_cb_userdata
+ *****************************************************************************/
+extern void
+sec_ssl_ctx_set_default_passwd_cb(ssl_ctx *ctx, ssl_password_cb cb);
+
+
+
+/*****************************************************************************
+ * <GROUP SSL Context APIs>
+ * FUNCTION
+ * sec_ssl_ctx_set_default_passwd_cb_userdata
+ * DESCRIPTION
+ * Set a pointer to userdata which will be provided to the password callback
+ * on invocation.
+ * PARAMETERS
+ * ctx : [IN] Pointer to SSL context.
+ * u : [IN] Ask for the password once, then keep it in memory and use
+ * it several times. The password could be stored into the
+ * 'userdata' and pem_passwd_cb() returns the password already
+ * stored.
+ * RETURNS
+ * This function returns no diagnostic information.
+ * SEE ALSO
+ * sec_ssl_ctx_set_default_passwd_cb
+ *****************************************************************************/
+extern void
+sec_ssl_ctx_set_default_passwd_cb_userdata(ssl_ctx *ctx, void *u);
+
+
+
+/*****************************************************************************
+ * <GROUP SSL Context APIs>
+ * FUNCTION
+ * sec_ssl_ctx_use_privatekey_file
+ * DESCRIPTION
+ * Adds the first private key found in 'file' to 'ctx'.
+ * PARAMETERS
+ * ctx : [IN] Pointer to SSL context.
+ * file : [IN] File storing the private key to be loaded.
+ * type : [IN] SEC_SSL_FILETYPE_PEM, or SEC_SSL_FILETYPE_ASN1.
+ * RETURN VALUES
+ * SEC_ERROR_NONE : Success.
+ * SEC_ERROR_NULL_PTR : Invalid NULL argument is passed in.
+ * SEC_ERROR_FS : File access error.
+ * otherwise : other internal errors.
+ *****************************************************************************/
+extern kal_int32
+sec_ssl_ctx_use_privatekey_file(ssl_ctx *ctx, const kal_wchar *file,
+ ssl_filetype_enum type);
+
+
+
+/*****************************************************************************
+ * <GROUP SSL Context APIs>
+ * FUNCTION
+ * sec_ssl_ctx_use_certificate_file
+ * DESCRIPTION
+ * Loads the first certificate stored in file into ctx.
+ * PARAMETERS
+ * ctx : [IN] Pointer to SSL context.
+ * file : [IN] File storing the private key to be loaded.
+ * type : [IN] SEC_SSL_FILETYPE_PEM, or SEC_SSL_FILETYPE_ASN1.
+ * RETURN VALUES
+ * SEC_ERROR_NONE : Success.
+ * SEC_ERROR_NULL_PTR : Invalid NULL argument is passed in.
+ * SEC_ERROR_FS : File access error.
+ * otherwise : Other internal errors.
+ *****************************************************************************/
+extern kal_int32
+sec_ssl_ctx_use_certificate_file(ssl_ctx *ctx, const kal_wchar *file,
+ ssl_filetype_enum type);
+
+
+
+/*****************************************************************************
+ * <GROUP SSL Context APIs>
+ * FUNCTION
+ * sec_ssl_ctx_load_verify_locations
+ * DESCRIPTION
+ * Set default locations for trusted CA certificate.
+ * PARAMETERS
+ * ctx : [IN] Pointer to SSL context.
+ * ca_file : [IN] If ca_file is not NULL, it points to a file of CA
+ * certificates in PEM format. The file can contain several
+ * CA certificates identified by -----BEGIN CERTIFICATE-----
+ * and -----END CERTIFICATE-----.
+ * ca_path : [IN] If ca_path is not NULL, it points to a directory
+ * containing CA certificates in PEM format. The files each
+ * contain one CA certificate. The files are lookedup by the
+ * CA subject name hash value.
+ * RETURN VALUES
+ * SEC_ERROR_NONE : Success.
+ * SEC_ERROR_NULL_PTR : Invalid NULL argument is passed in.
+ * SEC_ERROR_FS : File access error.
+ * otherwise : Other internal errors.
+ *****************************************************************************/
+extern kal_int32
+sec_ssl_ctx_load_verify_locations(ssl_ctx *ctx,
+ const kal_wchar *ca_file,
+ const kal_wchar *ca_path);
+
+
+/*****************************************************************************
+ * <GROUP SSL Context APIs>
+ * FUNCTION
+ * sec_ssl_ctx_set_client_auth_modes
+ * DESCRIPTION
+ * Set client authentication mode.
+ * PARAMETERS
+ * ctx : [IN] Pointer to SSL context.
+ * modes : [IN] Client authentication modes,
+ * ended with CLIENT_AUTH_MODE_END.
+ * RETURN VALUES
+ * SEC_ERROR_NONE : Success.
+ * SEC_ERROR_PTR : No pointer is passed to internal SSL library.
+ * SEC_ERROR_SSL_NEEDS_CIPHER : No client authentication mode is provided.
+ * SEC_ERROR_SSL_BAD_SIDE : Incorrect side for authentication modes.
+ *****************************************************************************/
+extern kal_int32
+sec_ssl_ctx_set_client_auth_modes(ssl_ctx *ctx,
+ const ssl_auth_mode_enum modes[]);
+
+
+/*****************************************************************************
+ * <GROUP SSL Context APIs>
+ * FUNCTION
+ * sec_ssl_ctx_set_io_funcs
+ * DESCRIPTION
+ * Set I/O functions to the SSL context.
+ * PARAMETERS
+ * ctx : [IN] Pointer to SSL context.
+ * read_cb : [IN] Read callback to retrieve data to be processed by SSL
+ * library.
+ * write_cb : [IN] Write callback to write SSL library processed data.
+ *
+ * RETURN VALUES
+ * SEC_ERROR_NONE : Success.
+ * SEC_ERROR_NULL_PTR : Passed invalid SSL context argument.
+ * SEC_ERROR_PTR : No pointer is passed to internal SSL library.
+ *****************************************************************************/
+extern kal_int32
+sec_ssl_ctx_set_io_funcs(ssl_ctx *ctx,
+ const sec_ssl_read_cb read_cb,
+ const sec_ssl_write_cb write_cb);
+
+
+
+/*****************************************************************************
+ * <GROUP SSL Context APIs>
+ * FUNCTION
+ * sec_ssl_ctx_set_alert_func
+ * DESCRIPTION
+ * Set callback function to be invoked while received alert from peer.
+ * PARAMETERS
+ * ctx : [IN] Pointer to SSL context.
+ * alert_cb : [IN] Application's alert callback to be invoked by SSL library.
+ *
+ * RETURN VALUES
+ * This function returns no diagnostic information.
+ *****************************************************************************/
+extern void
+sec_ssl_ctx_set_alert_func(ssl_ctx *ctx, const sec_ssl_alert_func alert_cb);
+
+
+
+/*****************************************************************************
+ * <GROUP SSL Context APIs>
+ * FUNCTION
+ * sec_ssl_ctx_set_cert_verify_callback
+ * DESCRIPTION
+ * Set certificate verification callback on validating the peer certificate.
+ * PARAMETERS
+ * ctx : [IN] Pointer to SSL context.
+ * cert_cb : [IN] Read callback to retrieve data to be processed by SSL
+ * library.
+ * arg : [IN] Write callback to write SSL library processed data.
+ * RETURN VALUES
+ * This function returns no diagnostic information.
+ *****************************************************************************/
+extern void
+sec_ssl_ctx_set_cert_verify_callback(ssl_ctx *ctx,
+ const sec_ssl_cert_verify_callback cert_cb,
+ void *arg);
+
+
+
+/*****************************************************************************
+ * <GROUP SSL Context APIs>
+ * FUNCTION
+ * sec_ssl_ctx_set_new_ssl_option
+ * DESCRIPTION
+ * Set parameters for creating SSL connection context.
+ *
+ * Because some additional parameters need to be configured before creatig a
+ * connection context from global context, this function has to be called
+ * before calling sec_ssl_new() to set the required options.
+ * PARAMETERS
+ * ctx : [IN] Pointer to SSL context.
+ * def_readbuf_len : [IN] Default size (bytes) of the buffer to read SSL
+ * record, if zero is set to this argument, use
+ * default 4096 bytes.
+ * max_readbuf_len : [IN] Max size (bytes) of the buffer to read SSL record
+ * if zero is set to this argument, use default 32768
+ * bytes.
+ * write_frag_len : [IN] Max size of the data record passed to
+ * sec_ssl_write(). If zero is set to this argument,
+ * use default 4096 bytes.
+ * peer : [IN] For client side applications, this is optional
+ * containing the session key passed to
+ * ssl_GetSessionFunc().
+ * For server side, this contains the session id to be
+ * used for non-resumed sessions.
+ * io_ref : [IN] I/O callback reference.
+ * alert_ref : [IN] Alert callback reference.
+ * RETURN VALUES
+ * SEC_ERROR_NONE : success
+ * SEC_ERROR_NULL_PTR : Passed null SSL context pointer
+ *****************************************************************************/
+extern kal_int32
+sec_ssl_ctx_set_new_ssl_option(ssl_ctx *ctx,
+ const kal_uint16 def_readbuf_len,
+ const kal_uint16 max_readbuf_len,
+ const kal_uint16 write_frag_len,
+ const sec_sess_rec peer,
+ void *const io_ref,
+ void *const alert_ref);
+
+
+
+/*****************************************************************************
+ * <GROUP SSL Connection APIs>
+ * FUNCTION
+ * sec_ssl_new
+ * DESCRIPTION
+ * Create SSL connection context.
+ * PARAMETERS
+ * ctx : [IN] pointer to SSL connection context.
+ * RETURNS
+ * Return a pointer to allocated SSL connection context on success,
+ * otherwise, return NULL.
+ *****************************************************************************/
+extern ssl_conn* sec_ssl_new(ssl_ctx *ctx);
+
+
+
+/*****************************************************************************
+ * <GROUP SSL Connection APIs>
+ * FUNCTION
+ * sec_ssl_free
+ * DESCRIPTION
+ * Free SSL connection context.
+ *
+ * <i> Note: </i>
+ * You should call sec_ssl_shutdown() before calling this function.
+ * PARAMETERS
+ * ssl : [IN] Pointer to SSL connection context.
+ * RETURNS
+ * This function returns no diagnostic information.
+ *****************************************************************************/
+extern void sec_ssl_free(ssl_conn *ssl);
+
+
+
+/*****************************************************************************
+ * <GROUP SSL Connection APIs>
+ * FUNCTION
+ * sec_ssl_disable_client_auth
+ * DESCRIPTION
+ * In normal case, if application does not set local identiy and server
+ * sends client authentication request, handshake process will return
+ * SEC_ERROR_LOCAL_IDENTITY_REQUESTED.
+ *
+ * If application would like to proceed without setting client authentication
+ * while receiving client authentication, call this API to skip the check
+ * in the library.
+ * PARAMETERS
+ * ssl : [IN] Pointer to SSL connection context.
+ * RETURN VALUES
+ * 1 : Success.
+ * 0 : Fail.
+ *****************************************************************************/
+extern kal_int32 sec_ssl_disable_client_auth(ssl_conn *ssl);
+
+
+/*****************************************************************************
+ * <GROUP SSL Connection APIs>
+ * FUNCTION
+ * sec_ssl_ocsp_stapling
+ * DESCRIPTION
+ * Set OCSP stapling attributes. Note that this API is only available when
+ * __OCSP_SUPPORT__ is defined.
+ * PARAMETERS
+ * ssl : [IN] Pointer to SSL connection context.
+ * use_ocsp : [IN] enable OCSP stapling or not
+ * must_pass : [IN] Must pass OCSP stapling
+ * RETURNS
+ * 1 : Success.
+ * 0 : Fail.
+ *****************************************************************************/
+extern kal_int32
+sec_ssl_ocsp_stapling(ssl_conn *ssl, kal_bool use_ocsp, kal_bool must_pass);
+
+
+/*****************************************************************************
+ * <GROUP SSL Connection APIs>
+ * FUNCTION
+ * sec_ssl_is_ocsp_stapling_verified
+ * DESCRIPTION
+ * Get the OCSP stapling verification result.
+ * Note that this API is only available when __OCSP_SUPPORT__ is defined.
+ * PARAMETERS
+ * ssl : [IN] Pointer to SSL connection context.
+ * RETURNS
+ * KAL_TRUE : Success.
+ * KAL_FALSE : Fail.
+ *****************************************************************************/
+extern kal_bool sec_ssl_is_ocsp_stapling_verified(ssl_conn *ssl);
+
+
+/*****************************************************************************
+ * <GROUP SSL Connection APIs>
+ * FUNCTION
+ * sec_ssl_invalidate_session_entry
+ * DESCRIPTION
+ * Invalidate the session cache of the connection
+ * PARAMETERS
+ * ssl : [IN] Pointer to SSL connection context.
+ * RETURNS
+ * void
+ *****************************************************************************/
+extern void sec_ssl_invalidate_session_entry(ssl_conn *ssl);
+
+
+/*****************************************************************************
+ * <GROUP SSL Connection APIs>
+ * FUNCTION
+ * sec_ssl_connect
+ * DESCRIPTION
+ * Perform SSL handshake for client side.
+ *
+ * Application should call this API repeatedly until the the return error
+ * code is not WOULD_BLOCK.
+ * On error, call sec_ssl_get_error() to find out the reason.
+ * PARAMETERS
+ * ssl : [IN] Pointer to SSL connection context.
+ * RETURN VALUES
+ * 1 : The TLS/SSL handshake was successfully complete, a TLS/SSL
+ * connection has been established.
+ * 0 : The TLS/SSL handshake was not successful but was shut down
+ * controlled and by the specifications of the TLS/SSL protocol.
+ * <0 : The TLS/SSL handshake was not successful, because a fatal error
+ * occurred either at the protocol level or a connection failure
+ * occurred. The shutdown was not clean.
+ *****************************************************************************/
+extern kal_int32 sec_ssl_connect(ssl_conn *ssl);
+
+
+
+/*****************************************************************************
+ * <GROUP SSL Connection APIs>
+ * FUNCTION
+ * sec_ssl_accept
+ * DESCRIPTION
+ * Perform SSL handshake for server side.
+ *
+ * Application should call this API repeatedly until the the return error
+ * code is not WOULD_BLOCK.
+ * On error, call sec_ssl_get_error() to find out the reason.
+ * PARAMETERS
+ * ssl : [IN] Pointer to SSL connection context.
+ * RETURN VALUES
+ * 1 : The TLS/SSL handshake was successfully complete, a TLS/SSL
+ * connection has been established.
+ * 0 : The TLS/SSL handshake was not successful but was shut down
+ * controlled and by the specifications of the TLS/SSL protocol.
+ * <0 : The TLS/SSL handshake was not successful, because a fatal error
+ * occurred either at the protocol level or a connection failure
+ * occurred. The shutdown was not clean.
+ *****************************************************************************/
+extern kal_int32 sec_ssl_accept(ssl_conn *ssl);
+
+
+
+/*****************************************************************************
+ * <GROUP SSL Connection APIs>
+ * FUNCTION
+ * sec_ssl_renegotiate
+ * DESCRIPTION
+ * Requests a renegotiation of the handshake.
+ * Server side: cause data tobe transferred across the connection using the
+ * I/O write callback.
+ * Client side: does not transfer any data.
+ *
+ * After requesting renegotiation, sec_ssl_do_handshake() must be called
+ * to correctly process the renegotiation procedure.
+ * PARAMETERS
+ * ssl : [IN] Pointer to SSL connection context.
+ * RETURN VALUES
+ * 1 : Success.
+ * 0 : SSL error, call sec_ssl_get_error() to find out the reason.
+ * -1 : Invalid ssl pointer.
+ * SEE ALSO
+ * sec_ssl_do_handshake
+ *****************************************************************************/
+extern kal_int32 sec_ssl_renegotiate(ssl_conn *ssl);
+
+
+
+/*****************************************************************************
+ * <GROUP SSL Connection APIs>
+ * FUNCTION
+ * sec_ssl_do_handshake
+ * DESCRIPTION
+ * Perform SSL rehandshake.
+ *
+ * Application should call this API repeatedly until the the return error
+ * code is not WOULD_BLOCK.
+ * On error, call sec_ssl_get_error() to find out the reason.
+ * PARAMETERS
+ * ssl : [IN] Pointer to SSL connection context.
+ * RETURN VALUES
+ * 1 : The TLS/SSL handshake was successfully complete, a TLS/SSL
+ * connection has been established.
+ * 0 : The TLS/SSL handshake was not successful but was shut down
+ * controlled and by the specifications of the TLS/SSL protocol.
+ * <0 : The TLS/SSL handshake was not successful, because a fatal error
+ * occurred either at the protocol level or a connection failure
+ * occurred. The shutdown was not clean.
+ * SEE ALSO
+ * sec_ssl_renegotiate
+ *****************************************************************************/
+extern kal_int32 sec_ssl_do_handshake(ssl_conn *ssl);
+
+
+/*****************************************************************************
+ * <GROUP SSL Connection APIs>
+ * FUNCTION
+ * sec_ssl_session_reused
+ * DESCRIPTION
+ * To know whether the session is resumed.
+ *
+ * During the negotiation, a client can propose to reuse a session.
+ * The server then looks up the session in its cache. If both client and
+ * server agree on the session, it will be reused and a flag is being set
+ * that can be queried by the application.
+ * PARAMETERS
+ * ssl : [IN] pointer to SSL connection context.
+ * RETURN VALUES
+ * 1 : Session is resumed.
+ * 0 : Session is not resumed.
+ * -1 : Error cases, use sec_ssl_get_error() to find out the reason.
+ *****************************************************************************/
+extern kal_int32 sec_ssl_session_reused(ssl_conn *ssl);
+
+
+
+/*****************************************************************************
+ * <GROUP SSL Connection APIs>
+ * FUNCTION
+ * sec_ssl_session_established
+ * DESCRIPTION
+ * To know whether the session is established.
+ * PARAMETERS
+ * ssl : [IN] pointer to SSL connection context.
+ * RETURN VALUES
+ * 1 : Session is established.
+ * 0 : Session is not estbalished.
+ *****************************************************************************/
+extern kal_int32 sec_ssl_session_established(ssl_conn *ssl);
+
+
+
+/*****************************************************************************
+ * <GROUP SSL Connection APIs>
+ * FUNCTION
+ * sec_ssl_get_master_secret
+ * DESCRIPTION
+ * To retrieve the negotiated master secret
+ *
+ * Gets the negotiated master secret for the connection context after
+ * handshake completed, this
+ * PARAMETERS
+ * ssl : [IN] pointer to SSL connection context
+ * secret_buf_len : [IN] size of buffer provided for storing returned P.M.S.
+ * secret : [OUT] pointer to buffer for storing returned P.M.S.
+ * secret_len : [OUT] length of returned P.M.S.
+ * RETURN VALUES
+ * SEC_ERROR_NULL_PTR : NULL SSL context pointer.
+ * SEC_ERROR_NONE : Success.
+ * SEC_ERROR_PTR : NULL pointer was passed to internal library.
+ * SEC_ERROR_BAD_LEN : Secret_buf_len is too small to return secret.
+ * SEC_ERROR_SSL_HSHK_REQUIRED : Handshake must be performed fist.
+ * SEE ALSO
+ * sec_ssl_get_client_random, sec_ssl_get_server_random
+ *****************************************************************************/
+extern kal_int32
+sec_ssl_get_master_secret(ssl_conn *ssl,
+ kal_uint16 secret_buf_len,
+ kal_uint8 *secret,
+ kal_uint16* secret_len);
+
+
+
+/*****************************************************************************
+ * <GROUP SSL Connection APIs>
+ * FUNCTION
+ * sec_ssl_get_client_random
+ * DESCRIPTION
+ * To retrieve the selected random number by local
+ *
+ * Gets the random field which was encoded in the "client_hello" handshake
+ * message. This function is intended for applications to derive key material
+ * used in EAP-TLS or similar protocols.
+ * PARAMETERS
+ * ssl : [IN] Pointer to SSL connection context.
+ * rand_buf_len : [IN] Size of buffer provided for storing returned random.
+ * rand_buf : [OUT] Pointer to buffer for storing returned random.
+ * rand_len : [OUT] Length of returned random.
+ * RETURN VALUES
+ * SEC_ERROR_NULL_PTR : NULL SSL context pointer.
+ * SEC_ERROR_NONE : Success.
+ * SEC_ERROR_PTR : NULL pointer was passed to internal library.
+ * SEC_ERROR_BAD_LEN : Secret_buf_len is too small to return secret.
+ * SEC_ERROR_SSL_HSHK_REQUIRED : Handshake must be performed fist.
+ * SEC_ERROR_SSL_PROTOCOL_VER : Protocol version is smaller than TLS v1.0.
+ * SEE ALSO
+ * sec_ssl_get_server_random, sec_ssl_get_master_secret
+ *****************************************************************************/
+extern kal_int32
+sec_ssl_get_client_random(ssl_conn *ssl,
+ kal_uint16 rand_buf_len,
+ kal_uint8 *rand_buf,
+ kal_uint16* rand_len);
+
+extern kal_int32
+sec_ssl_get_session_id(ssl_conn *ssl,
+ kal_uint16 session_id_buf_len,
+ kal_uint8 *session_id,
+ kal_uint16 *session_id_len);
+
+
+/*****************************************************************************
+ * <GROUP SSL Connection APIs>
+ * FUNCTION
+ * sec_ssl_get_server_random
+ * DESCRIPTION
+ * To retrieve the selected random number by the remote side
+ *
+ * Gets the random field which was encoded in the "server_hello" handshake
+ * message. This function is intended for applications to derive key material
+ * used in EAP-TLS or similar protocols.
+ * PARAMETERS
+ * ssl : [IN] Pointer to SSL connection context.
+ * rand_buf_len : [IN] Size of buffer provided for storing returned random.
+ * rand_buf : [OUT] Pointer to buffer for storing returned random.
+ * rand_len : [OUT] Length of returned random.
+ * RETURN VALUES
+ * SEC_ERROR_NULL_PTR : NULL SSL context pointer.
+ * SEC_ERROR_NONE : Success.
+ * SEC_ERROR_PTR : NULL pointer was passed to internal library.
+ * SEC_ERROR_BAD_LEN : Secret_buf_len is too small to return secret.
+ * SEC_ERROR_SSL_HSHK_REQUIRED : Handshake must be performed fist.
+ * SEC_ERROR_SSL_PROTOCOL_VER : Protocol version is smaller than TLS v1.0.
+ * SEE ALSO
+ * sec_ssl_get_client_random, sec_ssl_get_master_secret
+ *****************************************************************************/
+extern kal_int32
+sec_ssl_get_server_random(ssl_conn *ssl,
+ kal_uint16 rand_buf_len,
+ kal_uint8 *rand_buf,
+ kal_uint16* rand_len);
+
+
+
+/*****************************************************************************
+ * <GROUP SSL Connection APIs>
+ * FUNCTION
+ * sec_ssl_check_peer_cert_cname
+ * DESCRIPTION
+ * To check the Common Name from received peer certificate
+ * PARAMETERS
+ * ssl : [IN] pointer to SSL connection context.
+ * cname : [IN] string of destination srever name,
+ * or set to NULL to disable this function.
+ * RETURN VALUES
+ * SEC_ERROR_NULL_PTR : NULL SSL context pointer.
+ * SEC_ERROR_NONE : Success.
+ *****************************************************************************/
+extern kal_int32
+sec_ssl_check_peer_cert_cname(ssl_conn *const ssl, const kal_char *const cname);
+
+
+
+/*****************************************************************************
+ * <GROUP SSL Connection APIs>
+ * FUNCTION
+ * sec_ssl_read
+ * DESCRIPTION
+ * Read data from SSL connection.
+ *
+ * sec_ssl_read() works based on the SSL/TLS records. The data are received
+ * in records (with a maximum record size of 16kB for SSLv3/TLSv1).
+ * Only when a record has been completely received, it can be processed
+ * (decryption and check of integrity). Therefore data that was not retrieved
+ * at the last call of sec_ssl_read() can still be buffered inside the SSL
+ * layer and will be retrieved on the next call to sec_ssl_read().
+ * If num is higher than the number of bytes buffered, sec_ssl_read() will
+ * return with the bytes buffered.
+ * PARAMETERS
+ * ssl : [IN] pointer to SSL connection context.
+ * buf : [IN] buffer to put decrypted application data.
+ * num : [IN] size of buf in bytes.
+ * RETURN VALUES
+ * >=0 : Operation successfully, return the bytes actually read from
+ * SSL connection.
+ * -1 : Not successful, error occured or action must be taken by the
+ * calling process, call sec_ssl_get_error() to get the reason.
+ * -2 : Not successful, connection closed.
+ *****************************************************************************/
+extern kal_int32 sec_ssl_read(ssl_conn *ssl, void *buf, kal_int32 num);
+
+
+
+/*****************************************************************************
+ * <GROUP SSL Connection APIs>
+ * FUNCTION
+ * sec_ssl_write
+ * DESCRIPTION
+ * Write data to SSL connection.
+ *
+ * sec_ssl_write() will only return with success, when the complete contents
+ * of buf of length num has been written.
+ * PARAMETERS
+ * ssl : [IN] Pointer to SSL connection context
+ * buf : [IN] Buffer holding application data to be encrypted
+ * num : [IN] Size of buf in bytes
+ * RETURN VALUES
+ * >0 : Operation successfully, return the bytes actually read from
+ * SSL connection.
+ * 0 : Not successful, connection closed.
+ * -1 : Not successful, error occured or action must be taken by the
+ * calling process, call sec_ssl_get_error() to get the reason.
+ *****************************************************************************/
+extern kal_int32 sec_ssl_write(ssl_conn *ssl, const void* buf, kal_int32 num);
+
+
+
+/*****************************************************************************
+ * <GROUP SSL Connection APIs>
+ * FUNCTION
+ * sec_ssl_want_read
+ * DESCRIPTION
+ * Probe the staus of the ssl reading buffer.
+ *
+ * There are data in the SSL buffer ready for read to the application buffer.
+ * For socket applications, the encrypted application data might has been
+ * read from socket receiving buffer to SSL read buffer, application can use
+ * this API to probe the SSL buffer state.
+ * PARAMETERS
+ * ssl : [IN] pointer to SSL connection context
+ * RETURN VALUES
+ * 1 : There are data in the SSL buffer to be read for SSL application.
+ * 0 : No data to be read.
+ * -1 : Error occured, call sec_ssl_get_error() to get the reason.
+ *****************************************************************************/
+extern kal_int32 sec_ssl_want_read(ssl_conn *ssl);
+
+
+
+/*****************************************************************************
+ * <GROUP SSL Connection APIs>
+ * FUNCTION
+ * sec_ssl_want_write
+ * DESCRIPTION
+ * Probe the staus of the ssl writing buffer.
+ *
+ * There are data in the SSL buffer that must be written to the underlying
+ * layer in order to complete the actual ssl_*() operation.
+ * PARAMETERS
+ * ssl : [IN] Pointer to SSL connection context.
+ * RETURN VALUES
+ * 1 : There are data in the SSL buffer to be written to complete the
+ * SSL_* operation.
+ * 0 : No data to be written.
+ * -1 : Error occured, call sec_ssl_get_error() to get the reason.
+ *****************************************************************************/
+extern kal_int32 sec_ssl_want_write(ssl_conn *ssl);
+
+
+
+/*****************************************************************************
+ * <GROUP SSL Connection APIs>
+ * FUNCTION
+ * sec_ssl_shutdown
+ * DESCRIPTION
+ * Shutdown the SSL connection by sending a 'close notify' alert to peer.
+ * PARAMETERS
+ * ssl : [IN] Pointer to SSL connection context.
+ * RETURN VALUES
+ * 1 : the SSL shutdown was successfully completed
+ * 0 : the shutdown process is not yet finished, call it one more time.
+ * -1 : shutdown failed because a fatal error occured.
+ *****************************************************************************/
+extern kal_int32 sec_ssl_shutdown(ssl_conn *ssl);
+
+
+
+/*****************************************************************************
+ * <GROUP SSL Connection APIs>
+ * FUNCTION
+ * sec_ssl_get_error
+ * DESCRIPTION
+ * Get last SSL error cause.
+ *
+ * sec_ssl_get_error() returns a result code for a preceding call to
+ * ssl_connect(), ssl_accept(), ssl_do_handshake(), ssl_read(), ssl_peek(),
+ * or ssl_write() on ssl. The value returned by that TLS/SSL I/O function
+ * must be passed to sec_ssl_get_error() in parameter ret.
+ * PARAMETERS
+ * ssl : [IN] Pointer to SSL connection context.
+ * ret : [IN] Currently not used.
+ * RETURN VALUES
+ * != : 0 last eror
+ * 0 : Not valid ssl pointer
+ * EXAMPLE
+ * <code>
+ * ret = sec_ssl_connect(ssl_conn);
+ * if (ret != 1)
+ * err = sec_ssl_get_error(ssl_conn, ret);
+ * </code>
+ *****************************************************************************/
+extern kal_int32 sec_ssl_get_error(const ssl_conn *ssl, kal_int32 ret);
+
+
+
+
+/*****************************************************************************
+ * <GROUP SSL Connection APIs>
+ * FUNCTION
+ * sec_ssl_get_curr_cipher_info
+ * DESCRIPTION
+ * Get the negotiated cipher infomation.
+ * The information contains:
+ * - Protocol version,
+ * - Encryption algorithm,
+ * - Key exchange algorithm,
+ * - Authentication algorithm,
+ * - Hash algorithm.
+ * PARAMETERS
+ * ssl : [IN] Connection context
+ * cipher_info : [OUT] Structure containing the info of negotiated ciphersuite
+ * RETURN VALUES
+ * SEC_ERROR_NONE : Success, the cert is copied to buf, with the
+ * length returned from buflen.
+ * SEC_ERROR_NULL_PTR : NULL pointer is passed.
+ * SEC_ERROR_SSL_HSHK_REQUIRED : Handshake must be completed first.
+ * SEC_ERROR_PTR : SSL internal connection context points to
+ * NULL.
+ * SEC_ERROR_BUFFER_SIZE : Given destination buffer is too small, the
+ * required size is returned in the buflen
+ * argument.
+ *****************************************************************************/
+extern kal_int32
+sec_ssl_get_curr_cipher_info(const ssl_conn *ssl,
+ sec_cipher_info_struct *cipher_info);
+
+
+
+/*****************************************************************************
+ * <GROUP SSL Connection APIs>
+ * FUNCTION
+ * sec_ssl_cipher_get_version
+ * DESCRIPTION
+ * Get the negotiated SSL/TLS version.
+ * PARAMETERS
+ * ssl : [IN] Connection context
+ * RETURNS
+ * SSL protocol version represented in sec_proto_ver_enum.
+ *****************************************************************************/
+extern sec_proto_ver_enum sec_ssl_cipher_get_version(const ssl_conn *ssl);
+
+
+
+/*****************************************************************************
+ * <GROUP SSL Connection APIs>
+ * FUNCTION
+ * sec_ssl_get_ciphersuite
+ * DESCRIPTION
+ * Get the negotiated ciphersuite.
+ * PARAMETERS
+ * ssl : [IN] Connection context
+ * cipher : [OUT] Returning cipher suite enum of negotiated ciphersuite
+ *
+ * RETURN VALUES
+ * SEC_ERROR_NONE : Success, the cert information is extracted.
+ * SEC_ERROR_NULL_PTR : NULL pointer is passed in the argument.
+ * SEC_ERROR_SSL_HSHK_REQUIRED : Handshake must be completed first.
+ * SEC_ERROR_PTR : SSL internal connection context points to
+ * NULL.
+ *****************************************************************************/
+extern kal_int32
+sec_ssl_get_ciphersuite(const ssl_conn *ssl, sec_ciphersuites_enum *cipher);
+
+
+
+/*****************************************************************************
+ * <GROUP SSL Connection APIs>
+ * FUNCTION
+ * sec_ssl_get_peer_certificate
+ * DESCRIPTION
+ * Get the certificate of current session.
+ * PARAMETERS
+ * ssl : [IN] Connection context
+ * cert : [OUT] Buffer to return certificate of current session
+ * RETURN VALUES
+ * SEC_ERROR_NONE : Success, the cert information is extracted.
+ * SEC_ERROR_NULL_PTR : NULL pointer is passed in the argument.
+ * SEC_ERROR_SSL_HSHK_REQUIRED : Handshake must be completed first.
+ * SEC_ERROR_PTR : SSL internal connection context points to
+ * NULL.
+ *****************************************************************************/
+extern kal_int32
+sec_ssl_get_peer_certificate(ssl_conn *const ssl, sec_cert_struct *cert);
+
+
+
+/*****************************************************************************
+ * <GROUP SSL Connection APIs>
+ * FUNCTION
+ * sec_ssl_get_certreq_auth_names
+ * DESCRIPTION
+ * The auth name list sent from peer in a client certificate request message.
+ *
+ * For client authentication, the cert types and auth names and used to
+ * filter the local personal certificates meets the criteria to be used as
+ * local identity. If application encountered client authentication during
+ * handshake, it should call this API to extract the information in the
+ * received client authentication request.
+ *
+ * The authentication names in received client authentication request are
+ * returned from the auth_names parameter. The number of received auth names
+ * are returned from auth_name_cnt as output argument. If the total number of
+ * received auth names is larger than input auth_name_cnt, currently SSL
+ * library supports up to 32 client auth names.
+ * PARAMETERS
+ * ssl : [IN] Connection context
+ * cert_types : [OUT] A list of certificate types of certificates
+ * requested, stored in order of the server's
+ * preference.
+ * auth_name_cnt : [IN/OUT] Number of entries in the certificate authorities.
+ * a) As an input argument, which specifies the
+ * size of "auth_names" array.
+ * b) As an output argument, which return the number
+ * of valid entries in the "auht_names" array.
+ * auth_names : [OUT] A list of the distinguished names of acceptable
+ * certificate authorities.
+ * RETURN VALUES
+ * SEC_ERROR_NONE : Success, the cert is copied to buf, with the
+ * length returned from buflen.
+ * SEC_ERROR_NULL_PTR : NULL pointer is passed.
+ * SEC_ERROR_PTR : SSL internal connection context points to NULL.
+ * Note that the pointers to auth_names are maintained in SSL wrapper.
+ * The memory holding the data will freed while deleting the connection context.
+ * So, application should be responsible for duplicating the data if necessary.
+ *****************************************************************************/
+extern kal_int32
+sec_ssl_get_certreq_auth_names(ssl_conn * ssl,
+ sec_cert_types *cert_types,
+ kal_uint8 *auth_name_cnt,
+ sec_auth_names auth_names[]);
+
+
+
+/*****************************************************************************
+ * <GROUP Utility Functions>
+ * FUNCTION
+ * sec_ssl_extract_cert
+ * DESCRIPTION
+ * Extract the certificate in cert to user buffer.
+ *
+ * For applications would like to extract a certificate stored in
+ * sec_cert structure to user buffer. Application should provide a buffer
+ * to store the extracted certificate. For the first time, application does
+ * not know the required buffer to extract the certificate, application can
+ * pass an NULL buffer and check the value in buf_len to allocate a block of
+ * memory with sufficient size.
+ * PARAMETERS
+ * cert : [IN] Source structure holding certificate to be extracted
+ * buf : [IN] Buffer provided by user to hold the copied cert
+ * buflen : [IN] Length of the given buffer, a argument for both
+ * input and output.
+ * 1. For input, it specifies the size of buffer provided
+ * by user
+ * 2. For ouptut:
+ * a) in error of insufficient size, it returns the
+ * required size for extracting the certificate
+ * b) in success case, it contains the size of the
+ * extracted certificate
+ * RETURN VALUES
+ * SEC_ERROR_NONE : Success, the cert is copied to buf, with the
+ * length returned from buflen.
+ * SEC_ERROR_NULL_PTR : NULL pointer is passed.
+ * SEC_ERROR_PTR : SSL internal connection context points to NULL.
+ * SEC_ERROR_BUFFER_SIZE : given destination buffer is too small, the required
+ * size is returned in the buflen argument.
+ *****************************************************************************/
+extern kal_int32
+sec_ssl_extract_cert(const sec_cert_struct *cert, kal_uint8 *buf, kal_uint32 *buflen);
+
+
+
+/*****************************************************************************
+ * <GROUP Utility Functions>
+ * FUNCTION
+ * sec_ssl_log_plaintext
+ * DESCRIPTION
+ * Enable/disable plaintext logging mechanism, default if off.
+ *
+ * This API is used designed for debugging SSL/TLS applications.
+ * Because all applications over SSL/TLS send and receive encrypted data in
+ * the network, application can invoke this API to turn on the logging
+ * mechanism to check the plaintext content in the application layer.
+ *
+ * For security consideration, This API will only be effective when the
+ * global compile __PRODUCTION_RELEASE__ is not defined.
+ *
+ * As long as this API is invoked to turn on the logging mechanism, all data
+ * flow over SSL/TLS in the system will be logged.
+ *
+ * The message will be logged as MSG_ID_APP_SSL_DATA_INPUT_MSG and
+ * MSG_ID_APP_SSL_DATA_OUTPUT_MSG to MOD_SOC.
+ *
+ * Note:
+ * 1. The ILMs only be sent when a successful SSL read()/write() is invoked.
+ * 2. The ret field in the message is the number of data been read/write.
+ * 3. The len field in the message is the peer buffer allocated for
+ * sending/recving data, if the buffer called in the API is too large
+ * (> 2048-peer_buff_struct), multiple messages will be sent in the log
+ * 4. The mf field in the message indicates whether there are more fragments
+ * for this read/write operation
+ *
+ * PARAMETERS
+ * onoff : [IN] Switch on/off the plaintext logging mechanism.
+ * RETURNS
+ * This function returns no diagnostic information.
+ *****************************************************************************/
+extern void sec_ssl_log_plaintext(const kal_bool onoff);
+
+
+
+/*****************************************************************************
+ * <GROUP Utility Functions>
+ * FUNCTION
+ * sec_ssl_clear_library_error
+ * DESCRIPTION
+ * Clear library error variable.
+ * PARAMETERS
+ * void
+ * RETURNS
+ * This function returns no diagnostic information.
+ *****************************************************************************/
+extern void sec_ssl_clear_library_error(void);
+
+extern void sec_ssl_init_conn_method (ssl_ctx *ctx, ssl_conn *s_conn);
+extern void sec_ssl_set_cert_validate_status (kal_bool status, ssl_conn *s_conn);
+extern kal_int32 sec_ssl_set_host_name(ssl_conn *s, kal_char *host);
+#endif /* !_SSL_API_H */
+
+
diff --git a/mcu/interface/driver/cipher/include/ssl_enums.h b/mcu/interface/driver/cipher/include/ssl_enums.h
new file mode 100644
index 0000000..f18c528
--- /dev/null
+++ b/mcu/interface/driver/cipher/include/ssl_enums.h
@@ -0,0 +1,745 @@
+/*****************************************************************************
+* Copyright Statement:
+* --------------------
+* This software is protected by Copyright and the information contained
+* herein is confidential. The software may not be copied and the information
+* contained herein may not be used or disclosed except with the written
+* permission of MediaTek Inc. (C) 2005
+*
+* BY OPENING THIS FILE, BUYER HEREBY UNEQUIVOCALLY ACKNOWLEDGES AND AGREES
+* THAT THE SOFTWARE/FIRMWARE AND ITS DOCUMENTATIONS ("MEDIATEK SOFTWARE")
+* RECEIVED FROM MEDIATEK AND/OR ITS REPRESENTATIVES ARE PROVIDED TO BUYER ON
+* AN "AS-IS" BASIS ONLY. MEDIATEK EXPRESSLY DISCLAIMS ANY AND ALL WARRANTIES,
+* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF
+* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NONINFRINGEMENT.
+* NEITHER DOES MEDIATEK PROVIDE ANY WARRANTY WHATSOEVER WITH RESPECT TO THE
+* SOFTWARE OF ANY THIRD PARTY WHICH MAY BE USED BY, INCORPORATED IN, OR
+* SUPPLIED WITH THE MEDIATEK SOFTWARE, AND BUYER AGREES TO LOOK ONLY TO SUCH
+* THIRD PARTY FOR ANY WARRANTY CLAIM RELATING THERETO. MEDIATEK SHALL ALSO
+* NOT BE RESPONSIBLE FOR ANY MEDIATEK SOFTWARE RELEASES MADE TO BUYER'S
+* SPECIFICATION OR TO CONFORM TO A PARTICULAR STANDARD OR OPEN FORUM.
+*
+* BUYER'S SOLE AND EXCLUSIVE REMEDY AND MEDIATEK'S ENTIRE AND CUMULATIVE
+* LIABILITY WITH RESPECT TO THE MEDIATEK SOFTWARE RELEASED HEREUNDER WILL BE,
+* AT MEDIATEK'S OPTION, TO REVISE OR REPLACE THE MEDIATEK SOFTWARE AT ISSUE,
+* OR REFUND ANY SOFTWARE LICENSE FEES OR SERVICE CHARGE PAID BY BUYER TO
+* MEDIATEK FOR SUCH MEDIATEK SOFTWARE AT ISSUE.
+*
+* THE TRANSACTION CONTEMPLATED HEREUNDER SHALL BE CONSTRUED IN ACCORDANCE
+* WITH THE LAWS OF THE STATE OF CALIFORNIA, USA, EXCLUDING ITS CONFLICT OF
+* LAWS PRINCIPLES. ANY DISPUTES, CONTROVERSIES OR CLAIMS ARISING THEREOF AND
+* RELATED THERETO SHALL BE SETTLED BY ARBITRATION IN SAN FRANCISCO, CA, UNDER
+* THE RULES OF THE INTERNATIONAL CHAMBER OF COMMERCE (ICC).
+*
+*****************************************************************************/
+
+/*******************************************************************************
+ * Filename:
+ * ---------
+ * ssl_enums.h
+ *
+ * Project:
+ * --------
+ * MAUI
+ *
+ * Description:
+ * ------------
+ * This file contains enums of SSL API.
+ *
+ * Author:
+ * -------
+ * -------
+ *
+ *==============================================================================
+ * HISTORY
+ * Below this line, this part is controlled by PVCS VM. DO NOT MODIFY!!
+ *------------------------------------------------------------------------------
+ * removed!
+ *
+ * removed!
+ * removed!
+ * removed!
+ * removed!
+ *
+ * removed!
+ * removed!
+ * removed!
+ *
+ * removed!
+ * removed!
+ * removed!
+ *
+ * removed!
+ * removed!
+ * removed!
+ *
+ * removed!
+ * removed!
+ * removed!
+ *
+ * removed!
+ * removed!
+ * removed!
+ *
+ * removed!
+ * removed!
+ * removed!
+ *
+ * removed!
+ * removed!
+ * removed!
+ *
+ * removed!
+ * removed!
+ * removed!
+ *
+ * removed!
+ * removed!
+ * removed!
+ *
+ * removed!
+ * removed!
+ * removed!
+ *
+ * removed!
+ * removed!
+ * removed!
+ *
+ * removed!
+ * removed!
+ * removed!
+ *
+ *
+ *
+ *------------------------------------------------------------------------------
+ * Upper this line, this part is controlled by PVCS VM. DO NOT MODIFY!!
+ *==============================================================================
+ *******************************************************************************/
+#ifndef _SSL_ENUMS_H
+#define _SSL_ENUMS_H
+
+#if 0 /* XXX, CODING NOTE DO NOT SHOW IN DOM DOCUMENTS! */
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+#endif /* CODING NOTE DO NOT SHOW IN DOM DOCUMENTS! */
+
+/***************************************************************************
+ * <GROUP Enums>
+ *
+ * Error code of SSL APIs.
+ ***************************************************************************/
+typedef enum {
+ SEC_ERROR_FS = -128, /* File system operation failed. */
+ SEC_ERROR_NULL_PTR = -127, /* No valid pointer to wrapper context. */
+
+ SEC_ERROR_LOCAL_IDENTITY_REQUESTED = -256, /* Server requested for client certificate. */
+ SEC_ERROR_NONE = 0x0000, /* No error. */
+ SEC_ERROR_PTR = 0x0001, /* Null pointer. */
+ SEC_ERROR_PARAM = 0x0002, /* Illegal parameter. */
+ SEC_ERROR_BUFFER_SIZE = 0x0003, /* Buffer too small. */
+ SEC_ERROR_WOULDBLOCK = -0x0004, /* I/O is blocking. */
+ //SEC_ERROR_WOULDBLOCK = 0x0004,
+ SEC_ERROR_TIMEOUT = 0x0005, /* Timeout. */
+ SEC_ERROR_BAD_LEN = 0x0006, /* Bad length. */
+ SEC_ERROR_NOT_FOUND = 0x0007, /* Object not found. */
+ SEC_ERROR_BAD_CTX = 0x0008, /* Bad context. */
+ SEC_ERROR_BAD_IDX = 0x0009, /* Bad index. */
+ SEC_ERROR_RANDOM = 0x000A, /* Entropy generation. */
+ SEC_ERROR_MEM_UNDERRUN = 0x000B, /* Memory no enough. */
+ SEC_ERROR_MEM_OVERRUN = 0x000C, /* Memory overrun. */
+ SEC_ERROR_MEM_FREED = 0x000D, /* CIC_ERR_MEM_WAS_FREED */
+ SEC_ERROR_MEM_NOT_OURS = 0x000E, /* Duplicate free. */
+ SEC_ERROR_MEM_ZERO = 0x000F, /* Freeing unallocated memory. */
+
+ SEC_ERROR_BAD_DER_ENCODING = 0x0218, /* Bad DER encoding. */
+ SEC_ERROR_INCOMPLETE_ID = 0x1001, /* The identity doesn't contain both a private key and a certificate */
+ SEC_ERROR_SSL_BAD_SIDE = 0x1002, /* Incorrect connection side. */
+ SEC_ERROR_SSL_OVERFLOW = 0x1003, /* A record exceeds the size of the read/write buffer. */
+ SEC_ERROR_SSL_UNEXP_MSG = 0x1004, /* Received an unexpected messasge. */
+ SEC_ERROR_SSL_BAD_MAC = 0x1005, /* The record MAC is incorrect. */
+ SEC_ERROR_SSL_DECRYPT = 0x1006, /* Decrypting message failed. */
+ SEC_ERROR_SSL_UNKNOWN_REC = 0x1007, /* Unknown record type. */
+ SEC_ERROR_SSL_NEGOTIATION = 0x1008, /* Renegotiation failed. */
+ SEC_ERROR_SSL_IO = -0x1009, /* I/O error. */
+ SEC_ERROR_SSL_FATAL_ALERT = 0x100A, /* Fatal alert happened. */
+ SEC_ERROR_SSL_PROTOCOL = 0x100B, /* SSL protocol error. */
+ SEC_ERROR_SSL_RESUME_SESS = 0x100C, /* Peer is resuming a session with different parameters. */
+ SEC_ERROR_SSL_BAD_FIN_MSG = 0x100D, /* Received bad "Finished" message. */
+ SEC_ERROR_SSL_GRACE_CLOSED = 0x100E, /* SSL connection is closed with graceful manner. */
+ SEC_ERROR_SSL_CLOSED = 0x100F, /* SSL connection is closed. */
+ SEC_ERROR_SSL_BAD_CERT = 0x1011, /* Bad certificate. */
+ SEC_ERROR_SSL_SESS_NOT_FOUND= 0x1013, /* Session was not found in session DB. */
+ SEC_ERROR_SSL_PROTOCOL_VER = 0x1019, /* Bad protocol version. */
+ SEC_ERROR_SSL_NO_CERT = 0x101E, /* Peer sends no certificate */
+ SEC_ERROR_SSL_NO_MATCHING_CERTS = 0x101F, /* The certificate is not signed by trusted CA. */
+ SEC_ERROR_SSL_CERT_VALIDATE_FAILED = 0x1020, /* User's validation callback returns error. */
+ SEC_ERROR_SSL_NULL_CB = 0x1022, /* Passed NULL callback. */
+ SEC_ERROR_SSL_ENTROPY = 0x1024, /* The entropy fail to generate enough seeds. */
+ SEC_ERROR_SSL_BAD_CONTEXT = 0x102F, /* Incorrect SSL context. */
+ SEC_ERROR_SSL_HSHK_REQUIRED = 0x1030, /* Handshake required for the operation. */
+ SEC_ERROR_SSL_HSHK_REQUESTED= 0x1031, /* Handshake request by peer. */
+ SEC_ERROR_SSL_RENEGOTIATE_REFUSED = 0x1032,/* Rehandshake refused by peer. */
+ SEC_ERROR_SSL_HSHK_COMPLETED = 0x1033,/* Handshake already completed. */
+ SEC_ERROR_SSL_READ_REQUIRED = 0x1035, /* There is application data to be read before handshake. */
+ SEC_ERROR_SSL_UNSUPP_PUBKEY = 0x1036, /* Unsupported public key type. */
+ SEC_ERROR_SSL_BAD_REC_LEN = 0x1037, /* Bad record length. */
+ SEC_ERROR_SSL_NEEDS_CIPHER = 0x1038, /* No cipher suites provided. */
+ SEC_ERROR_SSL_NEEDS_PRNG = 0x103B, /* No PRNG suite is installed. */
+ SEC_ERROR_SSL_CERT_CHAIN_WARN = 0x103C, /* There are warnings in the validation. */
+ SEC_ERROR_SSL_TRUSTED_EXPIRED = 0x103D,/* The certificate is expired. */
+ SEC_ERROR_SSL_NO_TRUSTED_ISSUER = 0x1046,/* No trusted issuer was found while verifing certificate. */
+ SEC_ERROR_SSL_INVALID_CERT_CHAIN = 0x1053,/* The certificate chain is invalid. */
+ SEC_ERROR_SSL_COMPRESS_CALLBACK = 0x1056,/* The compression callback returned an error. */
+ SEC_ERROR_SSL_COMPRESS_EX_MAX_LEN = 0x1057,/* The decompressed output is greater than 2^14 bytes. */
+ SEC_ERROR_SSL_INTERNAL_TP_VALIDATE= 0x106B,/* Unexpected error in certificate chain validation. */
+
+ SEC_ERROR_BAD_ENCODING = 0x0221, /* Bad encoding. */
+ SEC_ERROR_BAD_PEM = 0x0222, /* Bad PEM encoding. */
+ SEC_ERROR_NOT_IMPL = 0x0FFE, /* Feature not implemneted. */
+ SEC_ERROR_INTERNAL = 0x0FFF, /* SSL library internal error. */
+ SEC_ERROR_MEM = 0xF001, /* Memory error. */
+ SEC_ERROR_UNKNOWN = 0xFFFF /* Other errors. */
+} ssl_error_enum;
+
+
+
+/***************************************************************************
+ * <GROUP Enums>
+ *
+ * SSL alert levels, Ref. RFC 4346, Section 7.2.
+ ***************************************************************************/
+typedef enum {
+ SSL_AL_LEVEL_WARNING = 1, /* Warning alert. */
+ SSL_AL_LEVEL_FATAL = 2, /* Fatal alert, application MUST terminate the connection immediately. */
+ SSL_AL_LEVEL_MAX = 255
+} ssl_alert_level;
+
+
+
+/***************************************************************************
+ * <GROUP Enums>
+ *
+ * SSL alert descriptions, Ref. RFC 4346, Section 7.2.2.
+ ***************************************************************************/
+typedef enum {
+ SSL_AL_DESC_CLOSE_NOTIFY = 0, /* Peer shuts down the connection. */
+ SSL_AL_DESC_UNEXPECTED_MESSAGE = 10, /* Received an unexped mesage, always a fatal. */
+ SSL_AL_DESC_BAD_RECORD_MAC = 20, /* Bad MAC, always a fatal */
+ SSL_AL_DESC_DECRYPTION_FAILED = 21, /* Decryption failed, always a fatal. */
+ SSL_AL_DESC_RECORD_OVERFLOW = 22, /* Record size exceeds the limitation, always a fatal. */
+ SSL_AL_DESC_DECOMPRESSION_FAILURE = 30, /* Deccompression failed, always a fatal. */
+ SSL_AL_DESC_HANDSHAKE_FAILURE = 40, /* Handshake failed, fatal. */
+ SSL_AL_DESC_NO_CERTIFICATE_reserved = 41, /* Response to a certification request if no appropriate certificate is available, SSLv3 only. */
+ SSL_AL_DESC_BAD_CERTIFICATE = 42, /* A certificate was corrupt, signatures that did not verify correctly. */
+ SSL_AL_DESC_UNSUPPORTED_CERTIFICATE = 43, /* Unsupported certificate type. */
+ SSL_AL_DESC_CERTIFICATE_REVOKED = 44, /* Received a revoked certificate from peer. */
+ SSL_AL_DESC_CERTIFICATE_EXPIRED = 45, /* A certificate has expired or not yet valid */
+ SSL_AL_DESC_CERTIFICATE_UNKNOWN = 46, /* Some unspecificate issue in processing the certificate. */
+ SSL_AL_DESC_ILLEGAL_PARAMETER = 47, /* Illegal parameter in the message, always a fatal. */
+ SSL_AL_DESC_UNKNOWN_CA = 48, /* The certificate chain cannot be verified successfully due to untrusted CA, always a fatal. */
+ SSL_AL_DESC_ACCESS_DENIED = 49, /* sender decided not to proceed with negotiation when access control was applied, always a fatal. */
+ SSL_AL_DESC_DECODE_ERROR = 50, /* The field in a message is incorrect, always a fatal. */
+ SSL_AL_DESC_DECRYPT_ERROR = 51, /* a handshake cryptographic operation failed, including verify a signature, decrypt a key exchange, or validate a finished mesasge */
+ SSL_AL_DESC_EXPORT_RESTRICTION_reserved = 60, /* A negotiation not in compliance with export restrictions was detected. */
+ SSL_AL_DESC_PROTOCOL_VERSION = 70, /* The protocol version proposed by client is not supported by server side, always a fatal. */
+ SSL_AL_DESC_INSUFFICIENT_SECURITY = 71, /* The server requires cphers more secure than those supported by the client, always a fatal. */
+ SSL_AL_DESC_INTERNAL_ERROR = 80, /* An internal error unrelated to the peer, always a fatal. */
+ SSL_AL_DESC_USER_CANCELED = 90, /* The handshake is canceled for some reason unrelated to a protocol failure, generally a warning. */
+ SSL_AL_DESC_NO_RENEGOTIATION = 100, /* When peer suggest to renegotiate again but local rejects it, always a warning */
+ SSL_AL_DESC_MAX = 255
+} ssl_alert_desc;
+
+
+
+/***************************************************************************
+ * <GROUP Enums>
+ *
+ * Inicating encoding of certificates passed to SSL APIs.
+ ***************************************************************************/
+typedef enum {
+ SEC_SSL_FILETYPE_PEM, /* PEM encoding */
+ SEC_SSL_FILETYPE_ASN1 /* DER encoding */
+} ssl_filetype_enum;
+
+
+#if 0 /* CODING NOTE DO NOT SHOW IN DOM DOCUMENTS! */
+/* under construction !*/
+#endif /* CODING NOTE DO NOT SHOW IN DOM DOCUMENTS! */
+
+/***************************************************************************
+ * <GROUP Enums>
+ *
+ * Client authentication modes to be used in the SSL context,
+ * Ref. sec_ssl_ctx_set_client_auth_modes().
+ ***************************************************************************/
+typedef enum {
+ RSA_SIGN_CLIENTSIDE = 0, /* RSA client side */
+ RSA_SIGN_SERVERSIDE = 1, /* RSA server side */
+ DSS_SIGN_CLIENTSIDE = 2, /* DSS(DSA) cient side */
+ DSS_SIGN_SERVERSIDE = 3, /* DSS(DSA) server side */
+ CLIENT_AUTH_MODE_END = 0xff,
+ SERVER_AUTH_MODE_END = CLIENT_AUTH_MODE_END,
+ SEC_AUTH_MODE_END = CLIENT_AUTH_MODE_END
+} ssl_auth_mode_enum;
+
+
+#if 0 /* CODING NOTE DO NOT SHOW IN DOM DOCUMENTS! */
+/* under construction !*/
+/* under construction !*/
+#endif /* CODING NOTE DO NOT SHOW IN DOM DOCUMENTS! */
+
+/***************************************************************************
+ * <GROUP Enums>
+ *
+ * Supported ciphersuites to be specified in sec_ssl_ctx_set_cipher_list().
+ ***************************************************************************/
+typedef enum {
+ /* SSLv2, SSLv3, TLSv1 cipher suites */
+ NULL_MD5 = 0, /* 0x0001, TLS_RSA_WITH_NULL_MD5 */
+ EXP_RC4_MD5 = 1, /* 0x0003, TLS_RSA_EXPORT_WITH_RC4_40_MD5 */
+ RC4_MD5 = 2, /* 0x0004, TLS_RSA_WITH_RC4_128_MD5 */
+ RC4_SHA = 3, /* 0x0005, TLS_RSA_WITH_RC4_128_SHA, TLS Profile MUST */
+ EXP_DES_CBC_SHA = 4, /* 0x0008, TLS_RSA_EXPORT_WITH_DES40_CBC_SHA */
+ DES_CBC_SHA = 5, /* 0x0009, TLS_RSA_WITH_DES_CBC_SHA */
+ DES_CBC3_SHA = 6, /* 0x000A, TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS Profile MUST */
+ EXP_EDH_DSS_DES_CBC_SHA = 7, /* 0x0011, TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA */
+ EDH_DSS_CBC_SHA = 8, /* 0x0012, TLS_DHE_DSS_WITH_DES_CBC_SHA */
+ EDH_DSS_DES_CBC3_SHA = 9, /* 0x0013, TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA */
+ EXP_EDH_RSA_DES_CBC_SHA = 10, /* 0x0014, TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA */
+ EDH_RSA_DES_CBC_SHA = 11, /* 0x0015, TLS_DHE_RSA_WITH_DES_CBC_SHA */
+ EDH_RSA_DES_CBC3_SHA = 12, /* 0x0016, TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA */
+ EXP_ADH_RC4_MD5 = 13, /* 0x0017, TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 */
+ ADH_RC4_MD5 = 14, /* 0x0018, TLS_DH_anon_WITH_RC4_128_MD5 */
+ EXP_ADH_DES_CBC_SHA = 15, /* 0x0019, TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA */
+ ADH_DES_CBC_SHA = 16, /* 0x001A, TLS_DH_anon_WITH_DES_CBC_SHA */
+ ADH_DES_CBC3_SHA = 17, /* 0x001B, TLS_DH_anon_WITH_3DES_EDE_CBC_SHA */
+
+ /* AES ciphersuites from RFC 3268, extending TLS v1.0 */
+ AES128_SHA = 18, /* 0x002F, TLS_RSA_WITH_AES_128_CBC_SHA */
+ AES256_SHA = 19, /* 0x0035, TLS_RSA_WITH_AES_256_CBC_SHA */
+
+ /* Additional Extport 1024 and other ciphersuites */
+ EXP1024_DES_CBC_SHA = 20, /* 0x0062, TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA */
+ EXP1024_RC4_SHA = 21, /* 0x0064, TLS_RSA_EXPORT1024_WITH_RC4_56_SHA */
+ DHE_DSS_RC4_SHA = 22, /* 0x0066, TLS_DHE_DSS_WITH_RC4_128_SHA */
+
+ /* ECDH */
+ ECDH_SECT163K1_RC4_SHA = 23, /* 0xC002 in RFC 4492, TLS_ECDH_ECDSA_WITH_RC4_128_SHA */
+ ECDH_SECT163K1_NULL_SHA = 24, /* 0xC001 in RFC 4492, TLS_ECDH_ECDSA_WITH_NULL_SHA */
+
+ /* PSK */
+ PSK_AES128_SHA = 25, /* 0x008C in RFC 4279, TLS_PSK_WITH_AES_128_CBC_SHA */
+ PSK_DES_CBC3_SHA = 26, /* 0x008B in RFC 4279, TLS_PSK_WITH_3DES_EDE_CBC_SHA */
+#ifdef __OPENSSL_TLS12__//Start TLS related ciphersuites
+ ECDHE_ECDSA_AES128_GCM_SHA256=27,
+ ECDHE_RSA_AES128_GCM_SHA256=28,
+ ECDHE_ECDSA_AES128_SHA256=29,
+ ECDHE_RSA_AES128_SHA256=30,
+ ECDHE_ECDSA_AES128_SHA=31,
+ ECDHE_RSA_AES128_SHA=32,
+ AES128_GCM_SHA256=33,
+ AES128_SHA256=34,
+ ECDHE_RSA_AES256_SHA=35,
+ ECDHE_ECDSA_AES256_SHA=36,
+ RSA_AES256_GCM_SHA384=37,
+#endif //END of TLS related ciphersuites
+ SEC_TOTAL_CIPHER_NUM
+} sec_cipher_enum;
+
+
+/***************************************************************************
+ * <GROUP Enums>
+ *
+ * SSL protocol versions, Ref. sec_cipher_info_struct().
+ ***************************************************************************/
+typedef enum
+{
+ SSL_VERSION_UNKNOWN = 0,
+ SSL_VERSION_SSLV2, /* SSLv2 */
+ SSL_VERSION_SSLV3, /* SSLv3 */
+ SSL_VERSION_TLSV1, /* TLSv1 */
+ SSL_VERSION_DTLSV1 /* DTLSv1 */
+} sec_proto_ver_enum;
+
+
+/***************************************************************************
+ * <GROUP Enums>
+ *
+ * SSL encryption algorithms, Ref. sec_cipher_info_struct().
+ ***************************************************************************/
+typedef enum
+{
+ SEC_ENC_ALGO_UNKNOWN,
+ SEC_ENC_ALGO_NULL, /* NULL */
+
+ SEC_ENC_ALGO_DES_40, /* DES 40 */
+ SEC_ENC_ALGO_DES, /* DES(56) */
+ SEC_ENC_ALGO_3DES, /* 3DES */
+
+ SEC_ENC_ALGO_RC5, /* RC5 */
+ SEC_ENC_ALGO_RC5_56, /* RC5_56 */
+
+ SEC_ENC_ALGO_AES_128, /* AES_128 */
+ SEC_ENC_ALGO_AES_192, /* AES_192, new for OpenSSL */
+ SEC_ENC_ALGO_AES_256, /* AES_256 */
+
+ SEC_ENC_ALGO_ARC4_40, /* RC4_40 */
+ SEC_ENC_ALGO_ARC4_56, /* RC4_56, new for OpenSSL */
+ SEC_ENC_ALGO_ARC4_64, /* RC4_64, new for OpenSSL */
+ SEC_ENC_ALGO_ARC4_128, /* RC4_128 */
+
+ SEC_ENC_ALGO_ARC2_40, /* RC2_40 */
+ SEC_ENC_ALGO_ARC2_56, /* RC2_56, new for OpenSSL */
+ SEC_ENC_ALGO_ARC2_64, /* RC4_64 */
+ SEC_ENC_ALGO_ARC2_128 /* RC2_128 */
+} sec_bulk_enc_algo_enum;
+
+
+
+/***************************************************************************
+ * <GROUP Enums>
+ *
+ * SSL key exchange algorithms, Ref. sec_cipher_info_struct().
+ ***************************************************************************/
+typedef enum
+{
+ SEC_KEY_ALGO_UNKNOWN,
+ SEC_KEY_ALGO_RSA, /* RSA */
+ SEC_KEY_ALGO_RSA_EXPORT, /* RSA_EXPORT */
+ SEC_KEY_ALGO_DH, /* DH */
+ SEC_KEY_ALGO_DH_EXPORT, /* DH_EXPORT */
+ SEC_KEY_ALGO_DHE, /* DH */
+ SEC_KEY_ALGO_DHE_EXPORT, /* DH_EXPORT */
+ SEC_KEY_ALGO_ECDH, /* ECDH */
+ SEC_KEY_ALGO_ECDHE, /* ECDHE */
+ SEC_KEY_ALGO_ECMQV, /* ECMQV */
+ SEC_KEY_ALGO_DSA, /* DSA */
+ SEC_KEY_ALGO_PSK, /* PSK */
+ SEC_KEY_ALGO_DHE_PSK, /* DHE_PSK */
+ SEC_KEY_ALGO_RSA_PSK, /* RSA_PSK */
+ SEC_KEY_ALGO_MAX
+} sec_key_xchg_algo_enum;
+
+
+
+/***************************************************************************
+ * <GROUP Enums>
+ *
+ * SSL server authentication algorithms, Ref. sec_cipher_info_struct().
+ ***************************************************************************/
+typedef enum
+{
+ SEC_AUTH_ALGO_UNKNOWN,
+ SEC_AUTH_ALGO_ANON, /* ANON */
+ SEC_AUTH_ALGO_RSA, /* RSA */
+ SEC_AUTH_ALGO_DSS, /* DSS */
+ SEC_AUTH_ALGO_ECDSA, /* ECDSA */
+ SEC_AUTH_ALGO_PSK /* PSK */
+} sec_auth_algo_enum;
+
+
+
+/***************************************************************************
+ * <GROUP Enums>
+ *
+ * SSL message digest algorithms, Ref. sec_cipher_info_struct().
+ ***************************************************************************/
+typedef enum
+{
+ SEC_HASH_UNKNOWN,
+ SEC_HASH_MD2, /* MD2 */
+ SEC_HASH_MD4, /* MD4 */
+ SEC_HASH_MD5, /* MD5 */
+ SEC_HASH_SHA1, /* SHA1 */
+ SEC_HASH_SHA224, /* SHA224 */
+ SEC_HASH_SHA256, /* SHA256 */
+ SEC_HASH_SHA384, /* SHA384 */
+ SEC_HASH_SHA512 /* SHA512 */
+} sec_hash_algo_enum;
+
+
+
+/***************************************************************************
+ * <GROUP Enums>
+ *
+ * Random number generator, Ref. sec_ssl_ctx_set_prng().
+ ***************************************************************************/
+typedef enum {
+ SEC_SSL_ANSIPRNG /* ANSI PRNG */
+} sec_ssl_prng_generator;
+
+
+
+/***************************************************************************
+ * <GROUP Enums>
+ *
+ * Ciphersuites, combination of authentication, key exchange, encryption,
+ * and hash algorithms.
+ ***************************************************************************/
+typedef enum {
+ SEC_CIPHER_NULL_WITH_NULL_NULL = 0x0000, /* (NULL, NULL, NULL)*/
+
+ SEC_CIPHER_RSA_WITH_NULL_MD5 = 0x0001, /* (RSA, NULL, MD5) */
+ SEC_CIPHER_RSA_WITH_NULL_SHA = 0x0002, /* (RSA, NULL, SHA) */
+ SEC_CIPHER_RSA_EXPORT_WITH_RC4_40_MD5 = 0x0003, /* (RSA_EXPORT, RC4_40), MD5, TLS 1.0 */
+ SEC_CIPHER_RSA_WITH_RC4_128_MD5 = 0x0004, /* (RSA, RC4_128, MD5) */
+ SEC_CIPHER_RSA_WITH_RC4_128_SHA = 0x0005, /* (RSA, RC4_128, SHA) */
+ SEC_CIPHER_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = 0x0006, /* (RSA_EXPORT, RC2_CBC_40, MD5), TLS 1.0 */
+ SEC_CIPHER_RSA_WITH_IDEA_CBC_SHA = 0x0007, /* (RSA, IDEA_CBC, SHA) */
+ SEC_CIPHER_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0008, /* (RSA_EXPORT, DES40_CBC, SHA), TLS 1.0 */
+ SEC_CIPHER_RSA_WITH_DES_CBC_SHA = 0x0009, /* (RSA, DES_CBC, SHA) */
+ SEC_CIPHER_RSA_WITH_3DES_EDE_CBC_SHA = 0x000A, /* (RSA, 3DES_EDE_CBC, SHA) */
+
+ SEC_CIPHER_DH_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x000B, /* (DH_DSS_EXPORT, DES40_CBC, SHA), TLS 1.0 */
+ SEC_CIPHER_DH_DSS_WITH_DES_CBC_SHA = 0x000C, /* (DH_DSS, DES_CBC, SHA) */
+ SEC_CIPHER_DH_DSS_WITH_3DES_EDE_CBC_SHA = 0x000D, /* (DH_DSS, 3DES_EDE_CBC, SHA) */
+ SEC_CIPHER_DH_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x000E, /* (DH_RSA_EXPORT, DES40_CBC, SHA), TLS 1.0 */
+ SEC_CIPHER_DH_RSA_WITH_DES_CBC_SHA = 0x000F, /* (DH_RSA, DES_CBC, SHA) */
+ SEC_CIPHER_DH_RSA_WITH_3DES_EDE_CBC_SHA = 0x0010, /* (DH_RSA, 3DES_EDE_CBC, SHA) */
+ SEC_CIPHER_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x0011, /* (DHE_DSS_EXPORT, DES40_CBC, SHA), TLS 1.0 */
+ SEC_CIPHER_DHE_DSS_WITH_DES_CBC_SHA = 0x0012, /* (DHE_DSS, DES_CBCi, SHA) */
+ SEC_CIPHER_DHE_DSS_WITH_3DES_EDE_CBC_SHA = 0x0013, /* (DHE_DSS, 3DES_EDE_CBC, SHA) */
+ SEC_CIPHER_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0014, /* (DHE_RSA_EXPORT, DES40_CBC, SHA), TLS 1.0 */
+ SEC_CIPHER_DHE_RSA_WITH_DES_CBC_SHA = 0x0015, /* (DHE_RSA, DES_CBCi, SHA) */
+ SEC_CIPHER_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x0016, /* (DHE_RSA, 3DES_EDE_CBC, SHA) */
+
+ SEC_CIPHER_DH_anon_EXPORT_WITH_RC4_40_MD5 = 0x0017, /* (DH_anon_EXPORT, RC4_40, MD5), TLS 1.0 */
+ SEC_CIPHER_DH_anon_WITH_RC4_128_MD5 = 0x0018, /* (DH_anon, RC4_128, MD5) */
+ SEC_CIPHER_DH_anon_EXPORT_WITH_DES40_CBC_SHA = 0x0019, /* (DH_anon, DES40_CBC, SHA), TLS 1.0 */
+ SEC_CIPHER_DH_anon_WITH_DES_CBC_SHA = 0x001A, /* (DH_anon, DES_CBC, SHA) */
+ SEC_CIPHER_DH_anon_WITH_3DES_EDE_CBC_SHA = 0x001B, /* (DH_anon, DES_CBC, SHA) */
+
+ SEC_CIPHER_KRB5_WITH_DES_CBC_SHA = 0x001E, /* (Kerberos, DES_CBC, SHA) */
+ SEC_CIPHER_KRB5_WITH_3DES_EDE_CBC_SHA = 0x001F, /* (Kerberos, 3DES_EDE_CBC, SHA) */
+ SEC_CIPHER_KRB5_WITH_RC4_128_SHA = 0x0020, /* (Kerberos, RC4_128, SHA) */
+ SEC_CIPHER_KRB5_WITH_IDEA_CBC_SHA = 0x0021, /* (Kerberos, IDEA_CBC, SHA) */
+ SEC_CIPHER_KRB5_WITH_DES_CBC_MD5 = 0x0022, /* (Kerberos, DES_CBC, MD5) */
+ SEC_CIPHER_KRB5_WITH_3DES_EDE_CBC_MD5 = 0x0023, /* (Kerberos, 3DES_EDE_CBC, MD5) */
+ SEC_CIPHER_KRB5_WITH_RC4_128_MD5 = 0x0024, /* (Kerberos, RC4_128, MD5) */
+ SEC_CIPHER_KRB5_WITH_IDEA_CBC_MD5 = 0x0025, /* (Kerberos, IDEA_CBC, MD5) */
+
+ SEC_CIPHER_KRB5_EXPORT_WITH_DES_CBC_40_SHA = 0x0026, /* (Kerberos, DES_CBC_40, SHA), MUST NOT */
+ SEC_CIPHER_KRB5_EXPORT_WITH_RC2_CBC_40_SHA = 0x0027, /* (Kerberos, RC2_CBC_40, SHA), MUST NOT */
+ SEC_CIPHER_KRB5_EXPORT_WITH_RC4_40_SHA = 0x0028, /* (Kerberos, RC4_40, SHA), MUST NOT */
+ SEC_CIPHER_KRB5_EXPORT_WITH_DES_CBC_40_MD5 = 0x0029, /* (Kerberos, DES_DBC_40, MD5), MUST NOT */
+ SEC_CIPHER_KRB5_EXPORT_WITH_RC2_CBC_40_MD5 = 0x002A, /* (Kerberos, RC2_CBC_40, MD5), MUST NOT */
+ SEC_CIPHER_KRB5_EXPORT_WITH_RC4_40_MD5 = 0x002B, /* (Kerberos, RC4_40, MD5), MUST NOT */
+
+ SEC_CIPHER_RSA_WITH_AES_128_CBC_SHA = 0x002F, /* (RSA, AES_128_CBC, SHA) */
+ SEC_CIPHER_DH_DSS_WITH_AES_128_CBC_SHA = 0x0030, /* (DH_DSS, AES_128_CBC, SHA) */
+ SEC_CIPHER_DH_RSA_WITH_AES_128_CBC_SHA = 0x0031, /* (DH_RSA, AES_128_CBC, SHA) */
+ SEC_CIPHER_DHE_DSS_WITH_AES_128_CBC_SHA = 0x0032, /* (DHE_DSS, AES_128_CBC, SHA) */
+ SEC_CIPHER_DHE_RSA_WITH_AES_128_CBC_SHA = 0x0033, /* (DHE_RSA, AES_128_CBC, SHA) */
+ SEC_CIPHER_DH_anon_WITH_AES_128_CBC_SHA = 0x0034, /* (DH_anon, AES_128_CBC, SHA) */
+ SEC_CIPHER_RSA_WITH_AES_256_CBC_SHA = 0x0035, /* (RSA, AES_256_CBC, SHA) */
+ SEC_CIPHER_DH_DSS_WITH_AES_256_CBC_SHA = 0x0036, /* (DH_DSS, AES_256_CBC, SHA) */
+ SEC_CIPHER_DH_RSA_WITH_AES_256_CBC_SHA = 0x0037, /* (DHE_RSA, AES_256_CBC, SHA) */
+ SEC_CIPHER_DHE_DSS_WITH_AES_256_CBC_SHA = 0x0038, /* (DHE_RSA, AES_256_CBC, SHA) */
+ SEC_CIPHER_DHE_RSA_WITH_AES_256_CBC_SHA = 0x0039, /* (DH_anon, AES_256_CBC, SHA) */
+ SEC_CIPHER_DH_anon_WITH_AES_256_CBC_SHA = 0x003A, /* (DH_anon, AES_256_CBC, SHA) */
+#ifdef __OPENSSL_TLS12__//Start TLS related ciphersuites
+ SEC_CIPHER_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256= 0x003B,
+ SEC_CIPHER_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0x003C,
+ SEC_CIPHER_ECDHE_ECDSA_WITH_AES_128_SHA256 = 0x003D,
+ SEC_CIPHER_ECDHE_RSA_WITH_AES_128_SHA256 = 0x003E,
+ SEC_CIPHER_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 0x003F,
+ SEC_CIPHER_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0x004A,
+ SEC_CIPHER_RSA_WITH_AES_128_GCM_SHA256 = 0x004B,
+ SEC_CIPHER_RSA_WITH_AES_128_SHA256 = 0x004C,
+ SEC_CIPHER_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0x004D,
+ SEC_CIPHER_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0x004E,
+#endif //END of TLS related ciphersuites
+ SEC_CIPHER_UNKNOWN = 0xFFFF
+} sec_ciphersuites_enum;
+
+
+
+#if 0 /* XXX, CODING NOTE DO NOT SHOW IN DOM DOCUMENTS! */
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+/* under construction !*/
+#endif /* CODING NOTE DO NOT SHOW IN DOM DOCUMENTS! */
+
+/***************************************************************************
+ * <GROUP Enums>
+ *
+ * Warnings of the certificate chain after validation
+ ***************************************************************************/
+typedef enum {
+ SEC_CERT_WARN_NONE = 0x00000000, /* Validation successfully. */
+ SEC_CERT_WARN_CHAIN = 0x00000001, /* The server responded with a chain of certificates rather than a single certificate. Don't care. */
+ SEC_CERT_WARN_BCONST_NOT_CRITICAL = 0x00000002, /* Basic Constraints field is present but marked as non-critical. */
+
+ SEC_CERT_WARN_UNKNOWN_CRITICAL_EXT = 0x00000008, /* Unknown critical extension in the certificate. */
+ SEC_CERT_WARN_VALIDITY = 0x00000010, /* A certificate was expired, or not yet invalid. */
+ SEC_CERT_WARN_NO_KEY_USAGE = 0x00000020, /* There is no key usage in one of the certificate in the chain. */
+ SEC_CERT_WARN_KEY_MISUSE = 0x00000040, /* One of the certificates in the chain is used not according to its key usage field. */
+ SEC_CERT_WARN_BCONST_FAIL = 0x00000100, /* One of the CA certificates in the chain does not have the CA bit set in its basic constraints extension */
+ SEC_CERT_WARN_NO_TRUSTED_CERTS = 0x00000200, /* There were no trusted certificates for this chain. */
+ SEC_CERT_WARN_INVALID_SIGNATURE = 0x00000400, /* Invalid signature. */
+ SEC_CERT_WARN_INTERNAL = 0x00000800, /* An error occured while processing a cert. */
+ SEC_CERT_WARN_TRUSTED_KEY_MISUSE = 0x00010000, /* Trusted certificate is a server certificate, not a CA certificate. */
+ SEC_CERT_WARN_TRUSTED_EXPIRED = 0x00020000, /* The chosen trusted cert has expired. */
+ SEC_CERT_WARN_CORRUPTED_CERT = 0x00040000, /* Certificate is corrupted. */
+ SEC_CERT_WARN_TRUSTED_NO_KEY_USAGE = 0x00080000, /* Trusted certificate cannot might be not a CA certificate. */
+ SEC_CERT_WARN_NO_CERT_HASH = 0x00100000, /* Hash is not present in the certificate. */
+
+ SEC_CERT_WARN_BAD_CERT = 0x00200000, /* The certificate cannot be decode successfully. */
+ SEC_CERT_WARN_BAD_CRL = 0x00400000, /* Error in CRL fields. */
+ SEC_CERT_WARN_CRL_EXPIRY = 0x00800000, /* The CRL has invalid date. */
+ SEC_CERT_WARN_CERT_PURPOSE = 0x01000000, /* The certificate cannot be used for the specified purpose. */
+ SEC_CERT_WARN_INVALID_KEY_USAGE = 0x02000000, /* Key usage does not include CRL signing. */
+ SEC_CERT_WARN_UNRECOGINZED_CRL_EXT = 0x04000000, /* Unhandled critical CRL extension. */
+ SEC_CERT_WARN_PROXY_CERT = 0x08000000, /* Error in validating proxy certificate. */
+ SEC_CERT_WARN_INVALID_EXT = 0x10000000, /* Invalid or inconsistent certificate extension. */
+ SEC_CERT_WARN_POLICY = 0x20000000, /* No explicit policy. */
+
+ SEC_CERT_WARN_BAD_DOMAIN = 0x40000000, /* Checking domain name failed. */
+
+ SEC_CERT_WARN_BCONST_FAIL_NC = 0x00000102, /* SEC_CERT_WARN_BCONST_FAIL | SEC_CERT_WARN_BCONST_NOT_CRITICAL.
+ Error in checking basic constraints */
+
+ SEC_CERT_WARN_WEAK_SECURITY_MASK = 0x00000021, /* SEC_CERT_WARN_NO_KEY_USAGE | SEC_CERT_WARN_CHAIN.
+ Low security level could expose the connection under attack. */
+
+ SEC_CERT_WARN_MISCONFIG_MASK = 0x001B0112, /* SEC_CERT_WARN_NO_CERT_HASH | SEC_CERT_WARN_TRUSTED_NO_KEY_USAGE |
+ SEC_CERT_WARN_TRUSTED_EXPIRED | SEC_CERT_WARN_TRUSTED_KEY_MISUSE |
+ SEC_CERT_WARN_BCONST_FAIL | SEC_CERT_WARN_VALIDITY |
+ SEC_CERT_WARN_BCONST_NOT_CRITICAL. Probably a misconfiguration. */
+
+ SEC_CERT_WARN_ATTACK_MASK = 0x00000148, /* SEC_CERT_WARN_BCONST_FAIL | SEC_CERT_WARN_KEY_MISUSE |
+ SEC_CERT_WARN_UNKNOWN_CRITICAL_EXT. Probably a attack. */
+
+ SEC_CERT_WARN_AUTH_FAILED_MASK = 0x00040E00 /* SEC_CERT_WARN_CORRUPTED_CERT | SEC_CERT_WARN_NO_TRUSTED_CERTS |
+ SEC_CERT_WARN_INVALID_SIGNATURE | SEC_CERT_WARN_INTERNAL.
+ Authentication failed. */
+} sec_cert_warn_enum;
+
+
+#endif /* !_SSL_ENUMS_H */
diff --git a/mcu/interface/driver/cipher/include/ssl_structs.h b/mcu/interface/driver/cipher/include/ssl_structs.h
new file mode 100644
index 0000000..1c7aeca
--- /dev/null
+++ b/mcu/interface/driver/cipher/include/ssl_structs.h
@@ -0,0 +1,199 @@
+/*****************************************************************************
+* Copyright Statement:
+* --------------------
+* This software is protected by Copyright and the information contained
+* herein is confidential. The software may not be copied and the information
+* contained herein may not be used or disclosed except with the written
+* permission of MediaTek Inc. (C) 2005
+*
+* BY OPENING THIS FILE, BUYER HEREBY UNEQUIVOCALLY ACKNOWLEDGES AND AGREES
+* THAT THE SOFTWARE/FIRMWARE AND ITS DOCUMENTATIONS ("MEDIATEK SOFTWARE")
+* RECEIVED FROM MEDIATEK AND/OR ITS REPRESENTATIVES ARE PROVIDED TO BUYER ON
+* AN "AS-IS" BASIS ONLY. MEDIATEK EXPRESSLY DISCLAIMS ANY AND ALL WARRANTIES,
+* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF
+* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NONINFRINGEMENT.
+* NEITHER DOES MEDIATEK PROVIDE ANY WARRANTY WHATSOEVER WITH RESPECT TO THE
+* SOFTWARE OF ANY THIRD PARTY WHICH MAY BE USED BY, INCORPORATED IN, OR
+* SUPPLIED WITH THE MEDIATEK SOFTWARE, AND BUYER AGREES TO LOOK ONLY TO SUCH
+* THIRD PARTY FOR ANY WARRANTY CLAIM RELATING THERETO. MEDIATEK SHALL ALSO
+* NOT BE RESPONSIBLE FOR ANY MEDIATEK SOFTWARE RELEASES MADE TO BUYER'S
+* SPECIFICATION OR TO CONFORM TO A PARTICULAR STANDARD OR OPEN FORUM.
+*
+* BUYER'S SOLE AND EXCLUSIVE REMEDY AND MEDIATEK'S ENTIRE AND CUMULATIVE
+* LIABILITY WITH RESPECT TO THE MEDIATEK SOFTWARE RELEASED HEREUNDER WILL BE,
+* AT MEDIATEK'S OPTION, TO REVISE OR REPLACE THE MEDIATEK SOFTWARE AT ISSUE,
+* OR REFUND ANY SOFTWARE LICENSE FEES OR SERVICE CHARGE PAID BY BUYER TO
+* MEDIATEK FOR SUCH MEDIATEK SOFTWARE AT ISSUE.
+*
+* THE TRANSACTION CONTEMPLATED HEREUNDER SHALL BE CONSTRUED IN ACCORDANCE
+* WITH THE LAWS OF THE STATE OF CALIFORNIA, USA, EXCLUDING ITS CONFLICT OF
+* LAWS PRINCIPLES. ANY DISPUTES, CONTROVERSIES OR CLAIMS ARISING THEREOF AND
+* RELATED THERETO SHALL BE SETTLED BY ARBITRATION IN SAN FRANCISCO, CA, UNDER
+* THE RULES OF THE INTERNATIONAL CHAMBER OF COMMERCE (ICC).
+*
+*****************************************************************************/
+
+/*******************************************************************************
+ * Filename:
+ * ---------
+ * ssl_structs.h
+ *
+ * Project:
+ * --------
+ * MAUI
+ *
+ * Description:
+ * ------------
+ * This file contains structs of SSL API.
+ *
+ * Author:
+ * -------
+ * -------
+ *
+ *==============================================================================
+ * HISTORY
+ * Below this line, this part is controlled by PVCS VM. DO NOT MODIFY!!
+ *------------------------------------------------------------------------------
+ * removed!
+ *
+ * removed!
+ * removed!
+ * removed!
+ *
+ * removed!
+ * removed!
+ * removed!
+ *
+ * removed!
+ * removed!
+ * removed!
+ *
+ * removed!
+ * removed!
+ * removed!
+ *
+ * removed!
+ * removed!
+ * removed!
+ *
+ *------------------------------------------------------------------------------
+ * Upper this line, this part is controlled by PVCS VM. DO NOT MODIFY!!
+ *==============================================================================
+ *******************************************************************************/
+#ifndef _SSL_STRUCTS_H
+#define _SSL_STRUCTS_H
+
+#include "kal_general_types.h"
+#include "ssl_consts.h"
+#include "ssl_enums.h"
+
+/* SSL context, created by sec_ssl_ctx_new() and its properties can be
+ * customized by other SSL context APIs.
+ * The members in the structure is used by SSL library internally,
+ * so application should not understand the detail in the structure.
+ */
+typedef struct ssl_ctx ssl_ctx;
+
+
+/* SSL connection context, created by sec_ssl_new() and its properties can be
+ * customized by other SSL connection context APIs.
+ * The members in the structure is used by SSL library internally,
+ * so application should not understand the detail in the structure.
+ */
+typedef struct ssl_conn ssl_conn;
+
+
+/***************************************************************************
+ * <GROUP Structures>
+ *
+ * Data structure holding a certificate in DER.
+ * Ref. sec_ssl_get_peer_certificate(), sec_ssl_extract_cert().
+ ***************************************************************************/
+typedef struct
+{
+ kal_uint32 length; /* The size of the certificate in bytes. */
+ kal_uint8* data; /* Data of the certficate in DER format. */
+} sec_cert_struct;
+
+
+/***************************************************************************
+ * <GROUP Structures>
+ *
+ * This is a structure passed to the certificate varify callback set by
+ * sec_ssl_ctx_set_cert_verify_callback().
+ * Ref. sec_ssl_cert_verify_callback().
+ ***************************************************************************/
+typedef struct sec_x509_store_ctx
+{
+ ssl_conn *conn_ctx; /* SSL connection of the SSL connection. */
+ sec_cert_struct **cert_chain; /* Certificate chain sent from peer. */
+ kal_uint32 warnings[SEC_MAX_CERT_CHAIN_LEN]; /* Warning list of each cert in cert_chain. */
+ kal_int32 error; /* Certificate validation result. */
+} sec_x509_store_ctx;
+
+
+/***************************************************************************
+ * <GROUP Structures>
+ *
+ * Data structure holding session record
+ ***************************************************************************/
+typedef struct {
+ kal_uint32 length; /* Size of session record in data field. */
+ kal_uint8 *data; /* Session record. */
+} sec_sess_rec;
+
+
+/***************************************************************************
+ * <GROUP Structures>
+ *
+ * Collection of data structure holding a negotiated ciphersuite.
+ * Ref. sec_ssl_get_curr_cipher_info().
+ ***************************************************************************/
+typedef struct
+{
+ sec_proto_ver_enum version; /* SSL version. */
+ sec_bulk_enc_algo_enum enc_alg; /* Bulk encryption algorithm. */
+ sec_key_xchg_algo_enum key_alg; /* Key exchange algorithm. */
+ sec_auth_algo_enum auth_alg; /* Authentication algorithm. */
+ sec_hash_algo_enum hash_alg; /* Hash algorithm. */
+} sec_cipher_info_struct;
+
+
+/***************************************************************************
+ * Collection of data structure holding a negotiated ciphersuite.
+ * Dummy definition for SSL context constructors.
+ * Ref. sec_ssl_ctx_new().
+ ***************************************************************************/
+typedef kal_uint8 ssl_method;
+
+
+/***************************************************************************
+ * <GROUP Structures>
+ *
+ * Data structure holding certificate types for client authentication.
+ * Ref. sec_ssl_get_certreq_auth_names().
+ ***************************************************************************/
+typedef struct
+{
+ kal_uint8 len; /* Number of effective auth types in types field. */
+ kal_uint8 types[SEC_MAX_CERT_TYPES]; /* Certificate types in certificate
+request from server. */
+} sec_cert_types;
+
+
+/***************************************************************************
+ * <GROUP Structures>
+ *
+ * Data structure holding authority names for client authentication.
+ * Ref. sec_ssl_get_certreq_auth_names().
+ ***************************************************************************/
+typedef struct
+{
+ kal_uint16 len; /* number of bytes in name field */
+ kal_uint8* name; /* auth names in certificate request from server */
+} sec_auth_names;
+
+
+#endif /* !_OSSL_SSL_STRUCTS_H */
+
+