CPSSslConnection

Definitions

#include <nitroWiFi/cps.h>
typedef struct _CPSSslConnection {
CPSSslSession *session;			// the session this connection belongs to
u8 reuse_session;				// non 0 if session should be reused
u8 padding;
u16 method;					// cipher suite
u8 client_random[32];
u8 server_random[32];
u8 key_block[2*(20+16+0)];
u8 *send_mac;				// points to somewhere in key_block[]
u8 *send_key;				//  ditto
u8 *send_iv;				//  ditto
CPSCipherCtx send_cipher;			// cipher context for send
u8 send_seq[8];				// 64 bit sequence
u8 *rcv_mac;				// points to somewhere in key_block[]
u8 *rcv_key;				//  ditto
u8 *rcv_iv;					//  ditto
CPSCipherCtx rcv_cipher;			// cipher context for receive
u8 rcv_seq[8];				// 64 bit sequence
CPSSha1Ctx sha1_hash;			// hash of handshake messages in SHA1
CPSSha1Ctx sha1_hash_tmp;
CPSMd5Ctx md5_hash;				// hash of handshake messages in MD5
CPSMd5Ctx md5_hash_tmp;
u8 server;					// non 0 if server type connection
u8 state;
u16 padding2;
    //
//	certificate
    //
int sig_algorithm;				// signature algorithm
int pub_algorithm;				// public key algorithm
u8 *hash_start;				// start address of hash area
u8 *hash_end;				// end address of hash area + 1
u8 hash_val[20];				// hash value of hash_start..hash_end
int hash_len;				// valid length of hash_val[]
CPSCaInfo midca_info;			// middle ca info
u8 modulus[CPS_MAX_RSA_LEN];		// modulus
u32 modulus_len;				// length of modulus in bytes
u8 exponent[CPS_MAX_RSA_PUBLICEXPONENT_LEN];
									// public exponent
int exponent_len;				// length of exponent in bytes
u8 *signature;
int signature_len;
u8 seen_validity;				// next string is 'subject', not 'issuer'
u8 seen_pub_algorithm;			// next BIT STRING is public key information
u8 seen_attr;
u8 date_ok;
char issuer[CPS_MAX_DN_LEN + 1];
char subject[CPS_MAX_DN_LEN + 1];
char cn[CPS_MAX_CN_LEN + 1];
char *server_name;				// server name to match
u8 *cert;					// for auth_callback
int certlen;
u32 cur_date;				// 65536*year + 256*month + day
int (*auth_callback)(int, struct _CPSSslConnection *, int);
CPSCaInfo **ca_info;
int ca_builtins;
CPSPrivateKey *my_key;
CPSCertificate *my_certificate;
    //
//	ssl_read()
    //
u8 *inbuf;					// pointer to input buffer (NULL if none)
long inbuf_len;				// length of inbuf
long inbuf_pnt;				// index of current position (0..inbuf_len-1)
} CPSSslConnection;

Description

This structure defines the SSL connection. The fields inside CPSSoc point to this structure.
The system configures most of the fields. The fields that the application must configure follows:

server_name When the value is not NULL, the value is compared with the certificate's server name (Common Name), and the result of the comparison is passed to the callback function. Wildcards are supported for the certificate's server name.
auth_callback Called each time certificate authentication ends. An error code is passed as the first parameter, the pointer to CPSSslConnection is passed as the second parameter, and the number of steps in the authentication chain (initial value = 0) is passed as the third parameter. Errors can be ignored by changing a passed error code and returning it. Authentication fails if a non-zero value is returned.

The following fields can be referenced from CPSSslConnection * passed to auth_callback.

cert
certlen
This pointer points to the certificate that is currently being authenticated and its certificate length. CPSCaInfo can be created based on this certificate and added to the root certificate.
subject The certificate subject.
issuer The certificate issuer.

See Also

CPSSoc, CPSCaInfo

Revision History

10/24/2005 Initial version.