CPSSslConnection

Definitions

#include <nitroWiFi/cps.h>
typedef struct _CPSSslConnection {
    CPSSslSession *session;			// the session this connection belongs to
    u8 reuse_session;				// non 0 if session should be reused
    u8 padding;
    u16 method;					// cipher suite
    u8 client_random[32];
    u8 server_random[32];
    u8 key_block[2*(20+16+0)];
    u8 *send_mac;				// points to somewhere in key_block[]
    u8 *send_key;				//  ditto
    u8 *send_iv;				//  ditto
    CPSCipherCtx send_cipher;			// cipher context for send
    u8 send_seq[8];				// 64 bit sequence
    u8 *rcv_mac;				// points to somewhere in key_block[]
    u8 *rcv_key;				//  ditto
    u8 *rcv_iv;					//  ditto
    CPSCipherCtx rcv_cipher;			// cipher context for receive
    u8 rcv_seq[8];				// 64 bit sequence
    CPSSha1Ctx sha1_hash;			// hash of handshake messages in SHA1
    CPSSha1Ctx sha1_hash_tmp;
    CPSMd5Ctx md5_hash;				// hash of handshake messages in MD5
    CPSMd5Ctx md5_hash_tmp;
    u8 server;					// non 0 if server type connection
    u8 state;
    u16 padding2;
    //
    //	certificate
    //
    int sig_algorithm;				// signature algorithm
    int pub_algorithm;				// public key algorithm
    u8 *hash_start;				// start address of hash area
    u8 *hash_end;				// end address of hash area + 1
    u8 hash_val[20];				// hash value of hash_start..hash_end
    int hash_len;				// valid length of hash_val[]
    CPSCaInfo midca_info;			// middle ca info
    u8 modulus[CPS_MAX_RSA_LEN];		// modulus
    u32 modulus_len;				// length of modulus in bytes
    u8 exponent[CPS_MAX_RSA_PUBLICEXPONENT_LEN];
									// public exponent
    int exponent_len;				// length of exponent in bytes
    u8 *signature;
    int signature_len;
    u8 seen_validity;				// next string is 'subject', not 'issuer'
    u8 seen_pub_algorithm;			// next BIT STRING is public key information
    u8 seen_attr;
    u8 date_ok;
    char issuer[CPS_MAX_DN_LEN + 1];
    char subject[CPS_MAX_DN_LEN + 1];
    char cn[CPS_MAX_CN_LEN + 1];
    char *server_name;				// server name to match
    u8 *cert;					// for auth_callback
    int certlen;
    u32 cur_date;				// 65536*year + 256*month + day
    int (*auth_callback)(int, struct _CPSSslConnection *, int);
    CPSCaInfo **ca_info;
    int ca_builtins;
    CPSPrivateKey *my_key;
    CPSCertificate *my_certificate;
    //
    //	ssl_read()
    //
    u8 *inbuf;					// pointer to input buffer (NULL if none)
    long inbuf_len;				// length of inbuf
    long inbuf_pnt;				// index of current position (0..inbuf_len-1)
} CPSSslConnection;

Description

This structure defines the SSL connection. The fields inside CPSSoc point to this structure.
The system configures most of the fields. The fields that the application must configure follows:

server_name When the value is not NULL, the value is compared with the certificate's server name (Common Name), and the result of the comparison is passed to the callback function. Wildcards are supported for the certificate's server name.
auth_callback Called each time certificate authentication ends. An error code is passed as the first parameter, the pointer to CPSSslConnection is passed as the second parameter, and the number of steps in the authentication chain (initial value = 0) is passed as the third parameter. Errors can be ignored by changing a passed error code and returning it. Authentication fails if a non-zero value is returned.

The following fields can be referenced from CPSSslConnection * passed to auth_callback.

cert
certlen
This pointer points to the certificate that is currently being authenticated and its certificate length. CPSCaInfo can be created based on this certificate and added to the root certificate.
subject The certificate subject.
issuer The certificate issuer.

See Also

CPSSoc, CPSCaInfo

Revision History

2005/10/24 Initial version.


CONFIDENTIAL