diff options
Diffstat (limited to 'FreeRTOS-Plus/Source/WolfSSL/wolfssl/sniffer.h')
-rw-r--r-- | FreeRTOS-Plus/Source/WolfSSL/wolfssl/sniffer.h | 163 |
1 files changed, 151 insertions, 12 deletions
diff --git a/FreeRTOS-Plus/Source/WolfSSL/wolfssl/sniffer.h b/FreeRTOS-Plus/Source/WolfSSL/wolfssl/sniffer.h index a14f883ff..519518f3c 100644 --- a/FreeRTOS-Plus/Source/WolfSSL/wolfssl/sniffer.h +++ b/FreeRTOS-Plus/Source/WolfSSL/wolfssl/sniffer.h @@ -1,8 +1,8 @@ /* sniffer.h * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,10 +16,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef WOLFSSL_SNIFFER_H #define WOLFSSL_SNIFFER_H @@ -40,10 +41,10 @@ extern "C" { #endif -/* @param typeK: (formerly keyType) was shadowing a global declaration in +/* @param typeK: (formerly keyType) was shadowing a global declaration in * wolfssl/wolfcrypt/asn.h line 175 */ -WOLFSSL_API +WOLFSSL_API SSL_SNIFFER_API int ssl_SetPrivateKey(const char* address, int port, const char* keyFile, int typeK, const char* password, char* error); @@ -54,19 +55,37 @@ SSL_SNIFFER_API int ssl_SetNamedPrivateKey(const char* name, const char* keyFile, int typeK, const char* password, char* error); -WOLFSSL_API +WOLFSSL_API SSL_SNIFFER_API int ssl_DecodePacket(const unsigned char* packet, int length, - unsigned char* data, char* error); + unsigned char** data, char* error); + +WOLFSSL_API +SSL_SNIFFER_API int ssl_FreeDecodeBuffer(unsigned char** data, char* error); + +WOLFSSL_API +SSL_SNIFFER_API int ssl_FreeZeroDecodeBuffer(unsigned char** data, int sz, + char* error); -WOLFSSL_API +WOLFSSL_API SSL_SNIFFER_API int ssl_Trace(const char* traceFile, char* error); - - + +WOLFSSL_API +SSL_SNIFFER_API int ssl_EnableRecovery(int onOff, int maxMemory, char* error); + +WOLFSSL_API +SSL_SNIFFER_API int ssl_GetSessionStats(unsigned int* active, + unsigned int* total, + unsigned int* peak, + unsigned int* maxSessions, + unsigned int* missedData, + unsigned int* reassemblyMemory, + char* error); + WOLFSSL_API void ssl_InitSniffer(void); - + WOLFSSL_API void ssl_FreeSniffer(void); - + /* ssl_SetPrivateKey typeKs */ enum { FILETYPE_PEM = 1, @@ -74,6 +93,126 @@ enum { }; +/* + * New Sniffer API that provides read-only access to the TLS and cipher + * information associated with the SSL session. + */ + +typedef struct SSLInfo +{ + unsigned char isValid; + /* indicates if the info in this struct is valid: 0 = no, 1 = yes */ + unsigned char protocolVersionMajor; /* SSL Version: major */ + unsigned char protocolVersionMinor; /* SSL Version: minor */ + unsigned char serverCipherSuite0; /* first byte, normally 0 */ + unsigned char serverCipherSuite; /* second byte, actual suite */ + unsigned char serverCipherSuiteName[256]; + /* cipher name, e.g., "TLS_RSA_..." */ + unsigned char serverNameIndication[128]; + unsigned int keySize; +} SSLInfo; + + +WOLFSSL_API +SSL_SNIFFER_API int ssl_DecodePacketWithSessionInfo( + const unsigned char* packet, int length, + unsigned char** data, SSLInfo* sslInfo, char* error); + +typedef void (*SSLConnCb)(const void* session, SSLInfo* info, void* ctx); + +WOLFSSL_API +SSL_SNIFFER_API int ssl_SetConnectionCb(SSLConnCb cb); + +WOLFSSL_API +SSL_SNIFFER_API int ssl_SetConnectionCtx(void* ctx); + + +typedef struct SSLStats +{ + unsigned long int sslStandardConns; + unsigned long int sslClientAuthConns; + unsigned long int sslResumedConns; + unsigned long int sslEphemeralMisses; + unsigned long int sslResumeMisses; + unsigned long int sslCiphersUnsupported; + unsigned long int sslKeysUnmatched; + unsigned long int sslKeyFails; + unsigned long int sslDecodeFails; + unsigned long int sslAlerts; + unsigned long int sslDecryptedBytes; + unsigned long int sslEncryptedBytes; + unsigned long int sslEncryptedPackets; + unsigned long int sslDecryptedPackets; + unsigned long int sslKeyMatches; + unsigned long int sslEncryptedConns; + + unsigned long int sslResumptionValid; + unsigned long int sslResumptionInserts; +} SSLStats; + + +WOLFSSL_API +SSL_SNIFFER_API int ssl_ResetStatistics(void); + + +WOLFSSL_API +SSL_SNIFFER_API int ssl_ReadStatistics(SSLStats* stats); + + +WOLFSSL_API +SSL_SNIFFER_API int ssl_ReadResetStatistics(SSLStats* stats); + + +typedef int (*SSLWatchCb)(void* vSniffer, + const unsigned char* certHash, + unsigned int certHashSz, + const unsigned char* certChain, + unsigned int certChainSz, + void* ctx, char* error); + +WOLFSSL_API +SSL_SNIFFER_API int ssl_SetWatchKeyCallback(SSLWatchCb cb, char* error); + +WOLFSSL_API +SSL_SNIFFER_API int ssl_SetWatchKeyCallback_ex(SSLWatchCb cb, int devId, + char* error); + +WOLFSSL_API +SSL_SNIFFER_API int ssl_SetWatchKeyCtx(void* ctx, char* error); + +WOLFSSL_API +SSL_SNIFFER_API int ssl_SetWatchKey_buffer(void* vSniffer, + const unsigned char* key, unsigned int keySz, + int keyType, char* error); + +WOLFSSL_API +SSL_SNIFFER_API int ssl_SetWatchKey_file(void* vSniffer, + const char* keyFile, int keyType, + const char* password, char* error); + + +typedef int (*SSLStoreDataCb)(const unsigned char* decryptBuf, + unsigned int decryptBufSz, unsigned int decryptBufOffset, void* ctx); + +WOLFSSL_API +SSL_SNIFFER_API int ssl_SetStoreDataCallback(SSLStoreDataCb cb); + +WOLFSSL_API +SSL_SNIFFER_API int ssl_DecodePacketWithSessionInfoStoreData( + const unsigned char* packet, int length, void* ctx, + SSLInfo* sslInfo, char* error); + + +WOLFSSL_API +SSL_SNIFFER_API int ssl_DecodePacketWithChain(void* vChain, + unsigned int chainSz, unsigned char** data, char* error); + + +WOLFSSL_API +SSL_SNIFFER_API int ssl_DecodePacketWithChainSessionInfoStoreData( + void* vChain, unsigned int chainSz, void* ctx, SSLInfo* sslInfo, + char* error); + #ifdef __cplusplus } /* extern "C" */ #endif |