Mercurial > projects > hoofbaby
comparison deps/Platinum/ThirdParty/Neptune/ThirdParty/axTLS/ssl/tls1.h @ 0:3425707ddbf6
Initial import (hopefully this mercurial stuff works...)
author | fraserofthenight |
---|---|
date | Mon, 06 Jul 2009 08:06:28 -0700 |
parents | |
children |
comparison
equal
deleted
inserted
replaced
-1:000000000000 | 0:3425707ddbf6 |
---|---|
1 /* | |
2 * Copyright (c) 2007, Cameron Rich | |
3 * | |
4 * All rights reserved. | |
5 * | |
6 * Redistribution and use in source and binary forms, with or without | |
7 * modification, are permitted provided that the following conditions are met: | |
8 * | |
9 * * Redistributions of source code must retain the above copyright notice, | |
10 * this list of conditions and the following disclaimer. | |
11 * * Redistributions in binary form must reproduce the above copyright notice, | |
12 * this list of conditions and the following disclaimer in the documentation | |
13 * and/or other materials provided with the distribution. | |
14 * * Neither the name of the axTLS project nor the names of its contributors | |
15 * may be used to endorse or promote products derived from this software | |
16 * without specific prior written permission. | |
17 * | |
18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS | |
19 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT | |
20 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR | |
21 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR | |
22 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, | |
23 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, | |
24 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR | |
25 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF | |
26 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING | |
27 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS | |
28 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
29 */ | |
30 | |
31 /** | |
32 * @file tls1.h | |
33 * | |
34 * @brief The definitions for the TLS library. | |
35 */ | |
36 #ifndef HEADER_SSL_LIB_H | |
37 #define HEADER_SSL_LIB_H | |
38 | |
39 #ifdef __cplusplus | |
40 extern "C" { | |
41 #endif | |
42 | |
43 #include "version.h" | |
44 #include "crypto.h" | |
45 #include "os_port.h" | |
46 #include "crypto_misc.h" | |
47 | |
48 #define SSL_RANDOM_SIZE 32 | |
49 #define SSL_SECRET_SIZE 48 | |
50 #define SSL_FINISHED_HASH_SIZE 12 | |
51 #define SSL_RECORD_SIZE 5 | |
52 #define SSL_SERVER_READ 0 | |
53 #define SSL_SERVER_WRITE 1 | |
54 #define SSL_CLIENT_READ 2 | |
55 #define SSL_CLIENT_WRITE 3 | |
56 #define SSL_HS_HDR_SIZE 4 | |
57 | |
58 /* the flags we use while establishing a connection */ | |
59 #define SSL_NEED_RECORD 0x0001 | |
60 #define SSL_TX_ENCRYPTED 0x0002 | |
61 #define SSL_RX_ENCRYPTED 0x0004 | |
62 #define SSL_SESSION_RESUME 0x0008 | |
63 #define SSL_IS_CLIENT 0x0010 | |
64 #define SSL_HAS_CERT_REQ 0x0020 | |
65 | |
66 /* some macros to muck around with flag bits */ | |
67 #define SET_SSL_FLAG(A) (ssl->flag |= A) | |
68 #define CLR_SSL_FLAG(A) (ssl->flag &= ~A) | |
69 #define IS_SET_SSL_FLAG(A) (ssl->flag & A) | |
70 | |
71 #define MAX_KEY_BYTE_SIZE 512 /* for a 4096 bit key */ | |
72 #define RT_MAX_PLAIN_LENGTH 16384 | |
73 #define RT_EXTRA 1024 | |
74 #define BM_RECORD_OFFSET 5 | |
75 | |
76 #ifdef CONFIG_SSL_SKELETON_MODE | |
77 #define NUM_PROTOCOLS 1 | |
78 #else | |
79 #define NUM_PROTOCOLS 4 | |
80 #endif | |
81 | |
82 #define PARANOIA_CHECK(A, B) if (A < B) { \ | |
83 ret = SSL_ERROR_INVALID_HANDSHAKE; goto error; } | |
84 | |
85 /* protocol types */ | |
86 enum | |
87 { | |
88 PT_CHANGE_CIPHER_SPEC = 20, | |
89 PT_ALERT_PROTOCOL, | |
90 PT_HANDSHAKE_PROTOCOL, | |
91 PT_APP_PROTOCOL_DATA | |
92 }; | |
93 | |
94 /* handshaking types */ | |
95 enum | |
96 { | |
97 HS_HELLO_REQUEST, | |
98 HS_CLIENT_HELLO, | |
99 HS_SERVER_HELLO, | |
100 HS_CERTIFICATE = 11, | |
101 HS_SERVER_KEY_XCHG, | |
102 HS_CERT_REQ, | |
103 HS_SERVER_HELLO_DONE, | |
104 HS_CERT_VERIFY, | |
105 HS_CLIENT_KEY_XCHG, | |
106 HS_FINISHED = 20 | |
107 }; | |
108 | |
109 typedef struct | |
110 { | |
111 uint8_t cipher; | |
112 uint8_t key_size; | |
113 uint8_t iv_size; | |
114 uint8_t key_block_size; | |
115 uint8_t padding_size; | |
116 uint8_t digest_size; | |
117 hmac_func hmac; | |
118 crypt_func encrypt; | |
119 crypt_func decrypt; | |
120 } cipher_info_t; | |
121 | |
122 struct _SSLObjLoader | |
123 { | |
124 uint8_t *buf; | |
125 int len; | |
126 }; | |
127 | |
128 typedef struct _SSLObjLoader SSLObjLoader; | |
129 | |
130 typedef struct | |
131 { | |
132 time_t conn_time; | |
133 uint8_t session_id[SSL_SESSION_ID_SIZE]; | |
134 uint8_t master_secret[SSL_SECRET_SIZE]; | |
135 } SSL_SESS; | |
136 | |
137 typedef struct | |
138 { | |
139 uint8_t *buf; | |
140 int size; | |
141 } SSL_CERT; | |
142 | |
143 typedef struct | |
144 { | |
145 MD5_CTX md5_ctx; | |
146 SHA1_CTX sha1_ctx; | |
147 uint8_t final_finish_mac[SSL_FINISHED_HASH_SIZE]; | |
148 uint8_t *key_block; | |
149 uint8_t master_secret[SSL_SECRET_SIZE]; | |
150 uint8_t client_random[SSL_RANDOM_SIZE]; /* client's random sequence */ | |
151 uint8_t server_random[SSL_RANDOM_SIZE]; /* server's random sequence */ | |
152 uint16_t bm_proc_index; | |
153 } DISPOSABLE_CTX; | |
154 | |
155 struct _SSL | |
156 { | |
157 uint32_t flag; | |
158 uint16_t need_bytes; | |
159 uint16_t got_bytes; | |
160 uint8_t record_type; | |
161 uint8_t cipher; | |
162 uint8_t sess_id_size; | |
163 int16_t next_state; | |
164 int16_t hs_status; | |
165 DISPOSABLE_CTX *dc; /* temporary data which we'll get rid of soon */ | |
166 SSL_SOCKET* client_fd; | |
167 const cipher_info_t *cipher_info; | |
168 void *encrypt_ctx; | |
169 void *decrypt_ctx; | |
170 uint8_t bm_all_data[RT_MAX_PLAIN_LENGTH+RT_EXTRA]; | |
171 uint8_t *bm_data; | |
172 uint16_t bm_index; | |
173 uint16_t bm_read_index; | |
174 struct _SSL *next; /* doubly linked list */ | |
175 struct _SSL *prev; | |
176 struct _SSL_CTX *ssl_ctx; /* back reference to a clnt/svr ctx */ | |
177 #ifndef CONFIG_SSL_SKELETON_MODE | |
178 uint16_t session_index; | |
179 SSL_SESS *session; | |
180 #endif | |
181 #ifdef CONFIG_SSL_CERT_VERIFICATION | |
182 X509_CTX *x509_ctx; | |
183 #endif | |
184 | |
185 uint8_t session_id[SSL_SESSION_ID_SIZE]; | |
186 uint8_t client_mac[SHA1_SIZE]; /* for HMAC verification */ | |
187 uint8_t server_mac[SHA1_SIZE]; /* for HMAC verification */ | |
188 uint8_t read_sequence[8]; /* 64 bit sequence number */ | |
189 uint8_t write_sequence[8]; /* 64 bit sequence number */ | |
190 uint8_t hmac_header[SSL_RECORD_SIZE]; /* rx hmac */ | |
191 }; | |
192 | |
193 typedef struct _SSL SSL; | |
194 | |
195 struct _SSL_CTX | |
196 { | |
197 uint32_t options; | |
198 uint8_t chain_length; | |
199 RSA_CTX *rsa_ctx; | |
200 #ifdef CONFIG_SSL_CERT_VERIFICATION | |
201 CA_CERT_CTX *ca_cert_ctx; | |
202 #endif | |
203 SSL *head; | |
204 SSL *tail; | |
205 SSL_CERT certs[CONFIG_SSL_MAX_CERTS]; | |
206 #ifndef CONFIG_SSL_SKELETON_MODE | |
207 uint16_t num_sessions; | |
208 SSL_SESS **ssl_sessions; | |
209 #endif | |
210 #ifdef CONFIG_SSL_CTX_MUTEXING | |
211 SSL_CTX_MUTEX_TYPE mutex; | |
212 #endif | |
213 #ifdef CONFIG_OPENSSL_COMPATIBLE | |
214 void *bonus_attr; | |
215 #endif | |
216 }; | |
217 | |
218 typedef struct _SSL_CTX SSL_CTX; | |
219 | |
220 /* backwards compatibility */ | |
221 typedef struct _SSL_CTX SSLCTX; | |
222 | |
223 extern const uint8_t ssl_prot_prefs[NUM_PROTOCOLS]; | |
224 | |
225 SSL *ssl_new(SSL_CTX *ssl_ctx, void* client_fd); | |
226 void disposable_new(SSL *ssl); | |
227 void disposable_free(SSL *ssl); | |
228 int send_packet(SSL *ssl, uint8_t protocol, | |
229 const uint8_t *in, int length); | |
230 int do_svr_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len); | |
231 int do_clnt_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len); | |
232 int process_finished(SSL *ssl, int hs_len); | |
233 int process_sslv23_client_hello(SSL *ssl); | |
234 int send_alert(SSL *ssl, int error_code); | |
235 int send_finished(SSL *ssl); | |
236 int send_certificate(SSL *ssl); | |
237 int basic_read(SSL *ssl, uint8_t **in_data); | |
238 int send_change_cipher_spec(SSL *ssl); | |
239 void finished_digest(SSL *ssl, const char *label, uint8_t *digest); | |
240 void generate_master_secret(SSL *ssl, const uint8_t *premaster_secret); | |
241 void add_packet(SSL *ssl, const uint8_t *pkt, int len); | |
242 int add_cert(SSL_CTX *ssl_ctx, const uint8_t *buf, int len); | |
243 int add_private_key(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj); | |
244 void ssl_obj_free(SSLObjLoader *ssl_obj); | |
245 int pkcs8_decode(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password); | |
246 int pkcs12_decode(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password); | |
247 int load_key_certs(SSL_CTX *ssl_ctx); | |
248 #ifdef CONFIG_SSL_CERT_VERIFICATION | |
249 int add_cert_auth(SSL_CTX *ssl_ctx, const uint8_t *buf, int len); | |
250 void remove_ca_certs(CA_CERT_CTX *ca_cert_ctx); | |
251 #endif | |
252 #ifdef CONFIG_SSL_ENABLE_CLIENT | |
253 int do_client_connect(SSL *ssl); | |
254 #endif | |
255 | |
256 #ifdef CONFIG_SSL_FULL_MODE | |
257 void DISPLAY_STATE(SSL *ssl, int is_send, uint8_t state, int not_ok); | |
258 void DISPLAY_BYTES(SSL *ssl, const char *format, | |
259 const uint8_t *data, int size, ...); | |
260 void DISPLAY_CERT(SSL *ssl, const X509_CTX *x509_ctx); | |
261 void DISPLAY_RSA(SSL *ssl, const RSA_CTX *rsa_ctx); | |
262 void DISPLAY_ALERT(SSL *ssl, int alert); | |
263 #else | |
264 #define DISPLAY_STATE(A,B,C,D) | |
265 #define DISPLAY_CERT(A,B) | |
266 #define DISPLAY_RSA(A,B) | |
267 #define DISPLAY_ALERT(A, B) | |
268 #ifdef WIN32 | |
269 void DISPLAY_BYTES(SSL *ssl, const char *format,/* win32 has no variadic macros */ | |
270 const uint8_t *data, int size, ...); | |
271 #else | |
272 void DISPLAY_BYTES(SSL *ssl, const char *format,/* win32 has no variadic macros */ | |
273 const uint8_t *data, int size, ...); | |
274 #endif | |
275 #endif | |
276 | |
277 #ifdef CONFIG_SSL_CERT_VERIFICATION | |
278 int process_certificate(SSL *ssl, X509_CTX **x509_ctx); | |
279 #endif | |
280 | |
281 SSL_SESS *ssl_session_update(int max_sessions, | |
282 SSL_SESS *ssl_sessions[], SSL *ssl, | |
283 const uint8_t *session_id); | |
284 void kill_ssl_session(SSL_SESS **ssl_sessions, SSL *ssl); | |
285 | |
286 #ifdef __cplusplus | |
287 } | |
288 #endif | |
289 | |
290 #endif |