Todd Ouska
CyaSSL is an SSL library for devices like mbed.
Dependents: cyassl-client Sync
Embed:
(wiki syntax)
Show/hide line numbers
cyassl_int.h
00001 /* cyassl_int.h 00002 * 00003 * Copyright (C) 2006-2009 Sawtooth Consulting Ltd. 00004 * 00005 * This file is part of CyaSSL. 00006 * 00007 * CyaSSL is free software; you can redistribute it and/or modify 00008 * it under the terms of the GNU General Public License as published by 00009 * the Free Software Foundation; either version 2 of the License, or 00010 * (at your option) any later version. 00011 * 00012 * CyaSSL is distributed in the hope that it will be useful, 00013 * but WITHOUT ANY WARRANTY; without even the implied warranty of 00014 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 00015 * GNU General Public License for more details. 00016 * 00017 * You should have received a copy of the GNU General Public License 00018 * along with this program; if not, write to the Free Software 00019 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA 00020 */ 00021 00022 00023 00024 #ifndef CYASSL_INT_H 00025 #define CYASSL_INT_H 00026 00027 00028 #include "types.h" 00029 #include "random.h" 00030 #include "des3.h" 00031 #include "hc128.h" 00032 #include "rabbit.h" 00033 #include "asn.h" 00034 #include "ctc_md5.h" 00035 #include "ctc_aes.h" 00036 00037 #ifdef CYASSL_CALLBACKS 00038 #include "cyassl_callbacks.h" 00039 #include <signal.h> 00040 #endif 00041 00042 #ifdef USE_WINDOWS_API 00043 #include <windows.h> 00044 #elif defined(THREADX) 00045 #ifndef SINGLE_THREADED 00046 #include "tx_api.h" 00047 #endif 00048 #elif defined(MICRIUM) 00049 /* do nothing, just don't pick Unix */ 00050 #else 00051 #ifndef SINGLE_THREADED 00052 #define CYASSL_PTHREADS 00053 #include <pthread.h> 00054 #endif 00055 #if defined(OPENSSL_EXTRA) || defined(GOAHEAD_WS) 00056 #include <unistd.h> /* for close of BIO */ 00057 #endif 00058 #endif 00059 00060 #ifdef HAVE_LIBZ 00061 #include "zlib.h" 00062 #endif 00063 00064 #ifdef _MSC_VER 00065 /* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */ 00066 #pragma warning(disable: 4996) 00067 #endif 00068 00069 #ifdef NO_AES 00070 #if !defined (ALIGN16) 00071 #define ALIGN16 00072 #endif 00073 #endif 00074 00075 #ifdef __cplusplus 00076 extern "C" { 00077 #endif 00078 00079 00080 #ifdef USE_WINDOWS_API 00081 typedef unsigned int SOCKET_T; 00082 #else 00083 typedef int SOCKET_T; 00084 #endif 00085 00086 00087 typedef byte word24[3]; 00088 00089 /* Define or comment out the cipher suites you'd like to be compiled in 00090 make sure to use at least one BUILD_SSL_xxx or BUILD_TLS_xxx is defined 00091 00092 When adding cipher suites, add name to cipher_names, idx to cipher_name_idx 00093 */ 00094 #ifndef NO_RC4 00095 #define BUILD_SSL_RSA_WITH_RC4_128_SHA 00096 #define BUILD_SSL_RSA_WITH_RC4_128_MD5 00097 #if !defined(NO_TLS) && defined(HAVE_NTRU) 00098 #define BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA 00099 #endif 00100 #endif 00101 00102 #ifndef NO_DES3 00103 #define BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA 00104 #if !defined(NO_TLS) && defined(HAVE_NTRU) 00105 #define BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA 00106 #endif 00107 #endif 00108 00109 #if !defined(NO_AES) && !defined(NO_TLS) 00110 #define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA 00111 #define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA 00112 #if !defined (NO_PSK) 00113 #define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA 00114 #define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA 00115 #endif 00116 #if defined(HAVE_NTRU) 00117 #define BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA 00118 #define BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA 00119 #endif 00120 #endif 00121 00122 #if !defined(NO_HC128) && !defined(NO_TLS) 00123 #define BUILD_TLS_RSA_WITH_HC_128_CBC_MD5 00124 #define BUILD_TLS_RSA_WITH_HC_128_CBC_SHA 00125 #endif 00126 00127 #if !defined(NO_RABBIT) && !defined(NO_TLS) 00128 #define BUILD_TLS_RSA_WITH_RABBIT_CBC_SHA 00129 #endif 00130 00131 #if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && defined(OPENSSL_EXTRA) 00132 #define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA 00133 #define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA 00134 #endif 00135 00136 00137 00138 #if defined(BUILD_SSL_RSA_WITH_RC4_128_SHA) || \ 00139 defined(BUILD_SSL_RSA_WITH_RC4_128_MD5) 00140 #define BUILD_ARC4 00141 #endif 00142 00143 #if defined(BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA) 00144 #define BUILD_DES3 00145 #endif 00146 00147 #if defined(BUILD_TLS_RSA_WITH_AES_128_CBC_SHA) || \ 00148 defined(BUILD_TLS_RSA_WITH_AES_256_CBC_SHA) 00149 #define BUILD_AES 00150 #endif 00151 00152 #if defined(BUILD_TLS_RSA_WITH_HC_128_CBC_SHA) || \ 00153 defined(BUILD_TLS_RSA_WITH_HC_128_CBC_MD5) 00154 #define BUILD_HC128 00155 #endif 00156 00157 #if defined(BUILD_TLS_RSA_WITH_RABBIT_CBC_SHA) 00158 #define BUILD_RABBIT 00159 #endif 00160 00161 #ifdef NO_DES3 00162 #define DES_BLOCK_SIZE 8 00163 #endif 00164 00165 #ifdef NO_AES 00166 #define AES_BLOCK_SIZE 16 00167 #endif 00168 00169 00170 /* actual cipher values, 2nd byte */ 00171 enum { 00172 TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x39, 00173 TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x33, 00174 TLS_RSA_WITH_AES_256_CBC_SHA = 0x35, 00175 TLS_RSA_WITH_AES_128_CBC_SHA = 0x2F, 00176 TLS_PSK_WITH_AES_256_CBC_SHA = 0x8d, 00177 TLS_PSK_WITH_AES_128_CBC_SHA = 0x8c, 00178 SSL_RSA_WITH_RC4_128_SHA = 0x05, 00179 SSL_RSA_WITH_RC4_128_MD5 = 0x04, 00180 SSL_RSA_WITH_3DES_EDE_CBC_SHA = 0x0A, 00181 00182 /* CyaSSL extension - eSTRAM */ 00183 TLS_RSA_WITH_HC_128_CBC_MD5 = 0xFB, 00184 TLS_RSA_WITH_HC_128_CBC_SHA = 0xFC, 00185 TLS_RSA_WITH_RABBIT_CBC_SHA = 0xFD, 00186 00187 /* CyaSSL extension - NTRU */ 00188 TLS_NTRU_RSA_WITH_RC4_128_SHA = 0x65, 00189 TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA = 0x66, 00190 TLS_NTRU_RSA_WITH_AES_128_CBC_SHA = 0x67, 00191 TLS_NTRU_RSA_WITH_AES_256_CBC_SHA = 0x68 00192 }; 00193 00194 00195 enum Misc { 00196 SERVER_END = 0, 00197 CLIENT_END, 00198 00199 SEND_CERT = 1, 00200 SEND_BLANK_CERT = 2, 00201 00202 DTLS_MAJOR = 0xfe, /* DTLS major version number */ 00203 DTLS_MINOR = 0xff, /* DTLS minor version number */ 00204 SSLv3_MAJOR = 3, /* SSLv3 and TLSv1+ major version number */ 00205 SSLv3_MINOR = 0, /* TLSv1 minor version number */ 00206 TLSv1_MINOR = 1, /* TLSv1 minor version number */ 00207 TLSv1_1_MINOR = 2, /* TLSv1_1 minor version number */ 00208 TLSv1_2_MINOR = 3, /* TLSv1_2 minor version number */ 00209 NO_COMPRESSION = 0, 00210 ZLIB_COMPRESSION = 221, /* CyaSSL zlib compression */ 00211 SECRET_LEN = 48, /* pre RSA and all master */ 00212 ENCRYPT_LEN = 256, /* allow 2048 bit static buffer */ 00213 SIZEOF_SENDER = 4, /* clnt or srvr */ 00214 FINISHED_SZ = MD5_DIGEST_SIZE + SHA_DIGEST_SIZE, 00215 MAX_RECORD_SIZE = 16384, /* 2^14, max size by standard */ 00216 MAX_UDP_SIZE = 1400, /* don't exceed MTU */ 00217 MAX_MSG_EXTRA = 68, /* max added to msg, mac + pad */ 00218 MAX_COMP_EXTRA = 1024, /* max compression extra */ 00219 MAX_MTU = 1500, /* max expected MTU */ 00220 MAX_DH_SZ = 612, /* 2240 p, pub, g + 2 byte size for each */ 00221 MAX_STR_VERSION = 8, /* string rep of protocol version */ 00222 00223 PAD_MD5 = 48, /* pad length for finished */ 00224 PAD_SHA = 40, /* pad length for finished */ 00225 PEM_LINE_LEN = 80, /* PEM line max + fudge */ 00226 LENGTH_SZ = 2, /* length field for HMAC, data only */ 00227 VERSION_SZ = 2, /* length of proctocol version */ 00228 SEQ_SZ = 8, /* 64 bit sequence number */ 00229 BYTE3_LEN = 3, /* up to 24 bit byte lengths */ 00230 ALERT_SIZE = 2, /* level + description */ 00231 REQUEST_HEADER = 2, /* always use 2 bytes */ 00232 VERIFY_HEADER = 2, /* always use 2 bytes */ 00233 00234 MAX_SUITE_SZ = 128, /* only 64 suites for now! */ 00235 RAN_LEN = 32, /* random length */ 00236 SEED_LEN = RAN_LEN * 2, /* tls prf seed length */ 00237 ID_LEN = 32, /* session id length */ 00238 MAX_COOKIE_LEN = 32, /* max dtls cookie size */ 00239 SUITE_LEN = 2, /* cipher suite sz length */ 00240 ENUM_LEN = 1, /* always a byte */ 00241 COMP_LEN = 1, /* compression length */ 00242 00243 HANDSHAKE_HEADER_SZ = 4, /* type + length(3) */ 00244 RECORD_HEADER_SZ = 5, /* type + version + len(2) */ 00245 CERT_HEADER_SZ = 3, /* always 3 bytes */ 00246 REQ_HEADER_SZ = 2, /* cert request header sz */ 00247 HINT_LEN_SZ = 2, /* length of hint size field */ 00248 00249 DTLS_HANDSHAKE_HEADER_SZ = 12, /* normal + seq(2) + offset(3) + length(3) */ 00250 DTLS_RECORD_HEADER_SZ = 13, /* normal + epoch(2) + seq_num(6) */ 00251 DTLS_HANDSHAKE_EXTRA = 8, /* diff from normal */ 00252 DTLS_RECORD_EXTRA = 8, /* diff from normal */ 00253 00254 FINISHED_LABEL_SZ = 15, /* TLS finished label size */ 00255 TLS_FINISHED_SZ = 12, /* TLS has a shorter size */ 00256 MASTER_LABEL_SZ = 13, /* TLS master secret label sz */ 00257 KEY_LABEL_SZ = 13, /* TLS key block expansion sz */ 00258 MAX_PRF_HALF = 128, /* Maximum half secret len */ 00259 MAX_PRF_LABSEED = 80, /* Maximum label + seed len */ 00260 MAX_PRF_DIG = 148, /* Maximum digest len */ 00261 MAX_REQUEST_SZ = 256, /* Maximum cert req len (no auth yet */ 00262 SESSION_FLUSH_COUNT = 256, /* Flush session cache unless user turns off */ 00263 00264 RC4_KEY_SIZE = 16, /* always 128bit */ 00265 DES_KEY_SIZE = 8, /* des */ 00266 DES3_KEY_SIZE = 24, /* 3 des ede */ 00267 DES_IV_SIZE = DES_BLOCK_SIZE, 00268 AES_256_KEY_SIZE = 32, /* for 256 bit */ 00269 AES_192_KEY_SIZE = 24, /* for 192 bit */ 00270 AES_IV_SIZE = 16, /* always block size */ 00271 AES_128_KEY_SIZE = 16, /* for 128 bit */ 00272 00273 HC_128_KEY_SIZE = 16, /* 128 bits */ 00274 HC_128_IV_SIZE = 16, /* also 128 bits */ 00275 00276 RABBIT_KEY_SIZE = 16, /* 128 bits */ 00277 RABBIT_IV_SIZE = 8, /* 64 bits for iv */ 00278 00279 EVP_SALT_SIZE = 8, /* evp salt size 64 bits */ 00280 00281 MAX_HELLO_SZ = 128, /* max client or server hello */ 00282 MAX_CERT_VERIFY_SZ = 1024, /* max */ 00283 CLIENT_HELLO_FIRST = 35, /* Protocol + RAN_LEN + sizeof(id_len) */ 00284 MAX_SUITE_NAME = 48, /* maximum length of cipher suite string */ 00285 DEFAULT_TIMEOUT = 500, /* default resumption timeout in seconds */ 00286 00287 MAX_PSK_ID_LEN = 128, /* max psk identity/hint supported */ 00288 MAX_PSK_KEY_LEN = 64, /* max psk key supported */ 00289 00290 MAX_CHAIN_DEPTH = 4, /* max cert chain peer depth */ 00291 MAX_X509_SIZE = 2048, /* max static x509 buffer size */ 00292 FILE_BUFFER_SIZE = 1024, /* default static file buffer size for input, 00293 will use dynamic buffer if not big enough */ 00294 00295 MAX_NTRU_PUB_KEY_SZ = 1027, /* NTRU max for now */ 00296 MAX_NTRU_ENCRYPT_SZ = 1027, /* NTRU max for now */ 00297 MAX_NTRU_BITS = 256, /* max symmetric bit strength */ 00298 NO_SNIFF = 0, /* not sniffing */ 00299 SNIFF = 1, /* currently sniffing */ 00300 00301 NO_COPY = 0, /* should we copy static buffer for write */ 00302 COPY = 1 /* should we copy static buffer for write */ 00303 }; 00304 00305 00306 /* states */ 00307 enum states { 00308 NULL_STATE = 0, 00309 00310 SERVER_HELLOVERIFYREQUEST_COMPLETE, 00311 SERVER_HELLO_COMPLETE, 00312 SERVER_CERT_COMPLETE, 00313 SERVER_KEYEXCHANGE_COMPLETE, 00314 SERVER_HELLODONE_COMPLETE, 00315 SERVER_FINISHED_COMPLETE, 00316 00317 CLIENT_HELLO_COMPLETE, 00318 CLIENT_KEYEXCHANGE_COMPLETE, 00319 CLIENT_FINISHED_COMPLETE, 00320 00321 HANDSHAKE_DONE 00322 }; 00323 00324 00325 #ifndef SSL_TYPES_DEFINED 00326 typedef struct SSL_METHOD SSL_METHOD; 00327 typedef struct SSL_CTX SSL_CTX; 00328 typedef struct SSL_SESSION SSL_SESSION; 00329 typedef struct SSL_CIPHER SSL_CIPHER; 00330 typedef struct SSL SSL; 00331 typedef struct X509 X509; 00332 typedef struct X509_CHAIN X509_CHAIN; 00333 typedef struct BIO BIO; 00334 typedef struct BIO_METHOD BIO_METHOD; 00335 00336 #undef X509_NAME 00337 typedef struct X509_NAME X509_NAME; 00338 00339 typedef struct X509_STORE_CTX { 00340 int error; 00341 int error_depth; 00342 X509* current_cert; /* stunnel dereference */ 00343 char* domain; /* subject CN domain name */ 00344 } X509_STORE_CTX; 00345 00346 00347 typedef int (*pem_password_cb)(char*, int, int, void*); 00348 typedef int (*CallbackIORecv)(char *buf, int sz, void *ctx); 00349 typedef int (*CallbackIOSend)(char *buf, int sz, void *ctx); 00350 typedef int (*VerifyCallback)(int, X509_STORE_CTX*); 00351 00352 /* make sure C++ programs have C linkage for callbacks */ 00353 void CyaSSL_SetIORecv(SSL_CTX*, CallbackIORecv); 00354 void CyaSSL_SetIOSend(SSL_CTX*, CallbackIOSend); 00355 00356 void CyaSSL_SetIOReadCtx(SSL* ssl, void *ctx); 00357 void CyaSSL_SetIOWriteCtx(SSL* ssl, void *ctx); 00358 #endif /* SSL_TYPES_DEFINED */ 00359 00360 00361 /* SSL Version */ 00362 typedef struct ProtocolVersion { 00363 byte major; 00364 byte minor; 00365 } ProtocolVersion; 00366 00367 00368 ProtocolVersion MakeSSLv3(void); 00369 ProtocolVersion MakeTLSv1(void); 00370 ProtocolVersion MakeTLSv1_1(void); 00371 ProtocolVersion MakeTLSv1_2(void); 00372 00373 #ifdef CYASSL_DTLS 00374 ProtocolVersion MakeDTLSv1(void); 00375 #endif 00376 00377 00378 enum BIO_TYPE { 00379 BIO_BUFFER = 1, 00380 BIO_SOCKET = 2, 00381 BIO_SSL = 3 00382 }; 00383 00384 00385 /* OpenSSL BIO_METHOD type */ 00386 struct BIO_METHOD { 00387 byte type; /* method type */ 00388 }; 00389 00390 00391 /* OpenSSL BIO type */ 00392 struct BIO { 00393 byte type; /* method type */ 00394 byte close; /* close flag */ 00395 byte eof; /* eof flag */ 00396 SSL* ssl; /* possible associated ssl */ 00397 int fd; /* possible file descriptor */ 00398 BIO* prev; /* previous in chain */ 00399 BIO* next; /* next in chain */ 00400 }; 00401 00402 00403 /* OpenSSL method type */ 00404 struct SSL_METHOD { 00405 ProtocolVersion version; 00406 int side; /* connection side, server or client */ 00407 int verifyPeer; /* request or send certificate */ 00408 int verifyNone; /* whether to verify certificate */ 00409 int failNoCert; /* fail if no certificate */ 00410 int downgrade; /* whether to downgrade version, default no */ 00411 }; 00412 00413 00414 /* defautls to client */ 00415 void InitSSL_Method(SSL_METHOD*, ProtocolVersion); 00416 00417 /* for sniffer */ 00418 int DoFinished(SSL* ssl, const byte* input, word32* inOutIdx, int sniff); 00419 int DoApplicationData(SSL* ssl, byte* input, word32* inOutIdx); 00420 00421 00422 /* CyaSSL buffer type */ 00423 typedef struct buffer { 00424 word32 length; 00425 byte* buffer; 00426 } buffer; 00427 00428 00429 enum { 00430 FORCED_FREE = 1, 00431 NO_FORCED_FREE = 0 00432 }; 00433 00434 00435 /* only use compression extra if using compression */ 00436 #ifdef HAVE_LIBZ 00437 #define COMP_EXTRA MAX_COMP_EXTRA 00438 #else 00439 #define COMP_EXTRA 0 00440 #endif 00441 00442 /* only the sniffer needs space in the buffer for an extra MTU record */ 00443 #ifdef CYASSL_SNIFFER 00444 #define MTU_EXTRA MAX_MTU 00445 #else 00446 #define MTU_EXTRA 0 00447 #endif 00448 00449 /* give user option to use 16K static buffers, sniffer needs them too */ 00450 #if defined(LARGE_STATIC_BUFFERS) || defined(CYASSL_SNIFFER) 00451 #define RECORD_SIZE MAX_RECORD_SIZE 00452 #else 00453 #define RECORD_SIZE 128 00454 #endif 00455 00456 00457 /* user option to turn off 16K output option */ 00458 /* if using small static buffers (default) and SSL_write tries to write data 00459 larger than the record we have, dynamically get it, unless user says only 00460 write in static buffer chuncks */ 00461 #ifndef STATIC_CHUNKS_ONLY 00462 #define OUTPUT_RECORD_SIZE MAX_RECORD_SIZE 00463 #else 00464 #define OUTPUT_RECORD_SIZE RECORD_SIZE 00465 #endif 00466 00467 /* CyaSSL input buffer 00468 00469 RFC 2246: 00470 00471 length 00472 The length (in bytes) of the following TLSPlaintext.fragment. 00473 The length should not exceed 2^14. 00474 */ 00475 #define STATIC_BUFFER_LEN RECORD_HEADER_SZ + RECORD_SIZE + COMP_EXTRA + \ 00476 MTU_EXTRA + MAX_MSG_EXTRA 00477 00478 typedef struct { 00479 word32 length; /* total buffer length used */ 00480 word32 idx; /* idx to part of length already consumed */ 00481 byte* buffer; /* place holder for static or dynamic buffer */ 00482 ALIGN16 byte staticBuffer[STATIC_BUFFER_LEN]; 00483 word32 bufferSize; /* current buffer size */ 00484 byte dynamicFlag; /* dynamic memory currently in use */ 00485 } bufferStatic; 00486 00487 /* Cipher Suites holder */ 00488 typedef struct Suites { 00489 int setSuites; /* user set suites from default */ 00490 byte suites[MAX_SUITE_SZ]; 00491 word16 suiteSz; /* suite length in bytes */ 00492 } Suites; 00493 00494 00495 void InitSuites(Suites*, ProtocolVersion, byte, byte, byte); 00496 int SetCipherList(SSL_CTX* ctx, const char* list); 00497 00498 #ifndef PSK_TYPES_DEFINED 00499 typedef unsigned int (*psk_client_callback)(SSL*, const char*, char*, 00500 unsigned int, unsigned char*, unsigned int); 00501 typedef unsigned int (*psk_server_callback)(SSL*, const char*, 00502 unsigned char*, unsigned int); 00503 #endif /* PSK_TYPES_DEFINED */ 00504 00505 00506 #ifndef CYASSL_USER_IO 00507 /* default IO callbacks */ 00508 int EmbedReceive(char *buf, int sz, void *ctx); 00509 int EmbedSend(char *buf, int sz, void *ctx); 00510 #endif 00511 00512 #ifdef CYASSL_DTLS 00513 int IsUDP(void*); 00514 #endif 00515 00516 00517 /* OpenSSL Cipher type just points back to SSL */ 00518 struct SSL_CIPHER { 00519 SSL* ssl; 00520 }; 00521 00522 00523 /* OpenSSL context type */ 00524 struct SSL_CTX { 00525 SSL_METHOD* method; 00526 buffer certificate; 00527 buffer privateKey; 00528 Signer* caList; /* SSL_CTX owns this, SSL will reference */ 00529 Suites suites; 00530 void* heap; /* for user memory overrides */ 00531 byte verifyPeer; 00532 byte verifyNone; 00533 byte failNoCert; 00534 byte sessionCacheOff; 00535 byte sessionCacheFlushOff; 00536 byte sendVerify; /* for client side */ 00537 byte haveDH; /* server DH parms set by user */ 00538 byte haveNTRU; /* server private NTRU key loaded */ 00539 byte partialWrite; /* only one msg per write call */ 00540 byte quietShutdown; /* don't send close notify */ 00541 CallbackIORecv CBIORecv; 00542 CallbackIOSend CBIOSend; 00543 VerifyCallback verifyCallback; /* cert verification callback */ 00544 #ifndef NO_PSK 00545 byte havePSK; /* psk key set by user */ 00546 psk_client_callback client_psk_cb; /* client callback */ 00547 psk_server_callback server_psk_cb; /* server callback */ 00548 char server_hint[MAX_PSK_ID_LEN]; 00549 #endif /* NO_PSK */ 00550 #ifdef OPENSSL_EXTRA 00551 pem_password_cb passwd_cb; 00552 void* userdata; 00553 #endif /* OPENSSL_EXTRA */ 00554 }; 00555 00556 00557 void InitSSL_Ctx(SSL_CTX*, SSL_METHOD*); 00558 void FreeSSL_Ctx(SSL_CTX*); 00559 void SSL_CtxResourceFree(SSL_CTX*); 00560 00561 int DeriveTlsKeys(SSL* ssl); 00562 int ProcessOldClientHello(SSL* ssl, const byte* input, word32* inOutIdx, 00563 word32 inSz, word16 sz); 00564 00565 /* All cipher suite related info */ 00566 typedef struct CipherSpecs { 00567 byte bulk_cipher_algorithm; 00568 byte cipher_type; /* block or stream */ 00569 byte mac_algorithm; 00570 byte kea; /* key exchange algo */ 00571 byte sig_algo; 00572 byte hash_size; 00573 byte pad_size; 00574 word16 key_size; 00575 word16 iv_size; 00576 word16 block_size; 00577 } CipherSpecs; 00578 00579 00580 00581 /* Supported Ciphers from page 43 */ 00582 enum BulkCipherAlgorithm { 00583 cipher_null, 00584 rc4, 00585 rc2, 00586 des, 00587 triple_des, /* leading 3 (3des) not valid identifier */ 00588 des40, 00589 idea, 00590 aes, 00591 hc128, /* CyaSSL extensions */ 00592 rabbit 00593 }; 00594 00595 00596 /* Supported Message Authentication Codes from page 43 */ 00597 enum MACAlgorithm { 00598 no_mac, 00599 md5_mac, 00600 sha_mac, 00601 rmd_mac, 00602 sha256_mac 00603 }; 00604 00605 00606 /* Supported Key Exchange Protocols */ 00607 enum KeyExchangeAlgorithm { 00608 no_kea = 0, 00609 rsa_kea, 00610 diffie_hellman_kea, 00611 fortezza_kea, 00612 psk_kea, 00613 ntru_kea 00614 }; 00615 00616 00617 /* Supported Authentication Schemes */ 00618 enum SignatureAlgorithm { 00619 anonymous_sa_algo = 0, 00620 rsa_sa_algo, 00621 dsa_sa_algo 00622 }; 00623 00624 00625 /* Valid client certificate request types from page 27 */ 00626 enum ClientCertificateType { 00627 rsa_sign = 1, 00628 dss_sign = 2, 00629 rsa_fixed_dh = 3, 00630 dss_fixed_dh = 4, 00631 rsa_ephemeral_dh = 5, 00632 dss_ephemeral_dh = 6, 00633 fortezza_kea_cert = 20 00634 }; 00635 00636 00637 enum CipherType { stream, block }; 00638 00639 00640 /* keys and secrets */ 00641 typedef struct Keys { 00642 byte client_write_MAC_secret[SHA_DIGEST_SIZE]; /* max sizes */ 00643 byte server_write_MAC_secret[SHA_DIGEST_SIZE]; 00644 byte client_write_key[AES_256_KEY_SIZE]; /* max sizes */ 00645 byte server_write_key[AES_256_KEY_SIZE]; 00646 byte client_write_IV[AES_IV_SIZE]; /* max sizes */ 00647 byte server_write_IV[AES_IV_SIZE]; 00648 00649 word32 peer_sequence_number; 00650 word32 sequence_number; 00651 00652 #ifdef CYASSL_DTLS 00653 word32 dtls_sequence_number; 00654 word32 dtls_peer_sequence_number; 00655 word16 dtls_handshake_number; 00656 word16 dtls_epoch; 00657 word16 dtls_peer_epoch; 00658 #endif 00659 00660 word32 encryptSz; /* last size of encrypted data */ 00661 byte encryptionOn; /* true after change cipher spec */ 00662 } Keys; 00663 00664 00665 /* cipher for now */ 00666 typedef union { 00667 #ifdef BUILD_ARC4 00668 Arc4 arc4; 00669 #endif 00670 #ifdef BUILD_DES3 00671 Des3 des3; 00672 #endif 00673 #ifdef BUILD_AES 00674 Aes aes; 00675 #endif 00676 #ifdef BUILD_HC128 00677 HC128 hc128; 00678 #endif 00679 #ifdef BUILD_RABBIT 00680 Rabbit rabbit; 00681 #endif 00682 } Ciphers; 00683 00684 00685 /* hashes type */ 00686 typedef struct Hashes { 00687 byte md5[MD5_DIGEST_SIZE]; 00688 byte sha[SHA_DIGEST_SIZE]; 00689 } Hashes; 00690 00691 00692 /* Static x509 buffer */ 00693 typedef struct x509_buffer { 00694 int length; /* actual size */ 00695 byte buffer[MAX_X509_SIZE]; /* max static cert size */ 00696 } x509_buffer; 00697 00698 00699 /* CyaSSL X509_CHAIN, for no dynamic memory SESSION_CACHE */ 00700 struct X509_CHAIN { 00701 int count; /* total number in chain */ 00702 x509_buffer certs[MAX_CHAIN_DEPTH]; /* only allow max depth 4 for now */ 00703 }; 00704 00705 00706 /* openSSL session type */ 00707 struct SSL_SESSION { 00708 byte sessionID[ID_LEN]; 00709 byte masterSecret[SECRET_LEN]; 00710 word32 bornOn; /* create time in seconds */ 00711 word32 timeout; /* timeout in seconds */ 00712 #ifdef SESSION_CERTS 00713 X509_CHAIN chain; /* peer cert chain, static */ 00714 ProtocolVersion version; 00715 byte cipherSuite; 00716 #endif 00717 }; 00718 00719 00720 SSL_SESSION* GetSession(SSL*, byte*); 00721 int SetSession(SSL*, SSL_SESSION*); 00722 00723 typedef void (*hmacfp) (SSL*, byte*, const byte*, word32, int, int); 00724 00725 00726 /* client connect state for nonblocking restart */ 00727 enum ConnectState { 00728 CONNECT_BEGIN = 0, 00729 CLIENT_HELLO_SENT, 00730 HELLO_AGAIN, /* HELLO_AGAIN s for DTLS case */ 00731 HELLO_AGAIN_REPLY, 00732 FIRST_REPLY_DONE, 00733 FIRST_REPLY_FIRST, 00734 FIRST_REPLY_SECOND, 00735 FIRST_REPLY_THIRD, 00736 FIRST_REPLY_FOURTH, 00737 FINISHED_DONE, 00738 SECOND_REPLY_DONE 00739 }; 00740 00741 00742 /* server accpet state for nonblocking restart */ 00743 enum AcceptState { 00744 ACCEPT_BEGIN = 0, 00745 ACCEPT_CLIENT_HELLO_DONE, 00746 HELLO_VERIFY_SENT, 00747 ACCEPT_FIRST_REPLY_DONE, 00748 SERVER_HELLO_SENT, 00749 CERT_SENT, 00750 KEY_EXCHANGE_SENT, 00751 CERT_REQ_SENT, 00752 SERVER_HELLO_DONE, 00753 ACCEPT_SECOND_REPLY_DONE, 00754 CHANGE_CIPHER_SENT, 00755 ACCEPT_FINISHED_DONE, 00756 ACCEPT_THIRD_REPLY_DONE 00757 }; 00758 00759 00760 typedef struct Buffers { 00761 buffer certificate; /* SSL_CTX owns */ 00762 buffer key; /* SSL_CTX owns */ 00763 buffer domainName; /* for client check */ 00764 buffer serverDH_P; 00765 buffer serverDH_G; 00766 buffer serverDH_Pub; 00767 buffer serverDH_Priv; 00768 bufferStatic inputBuffer; 00769 bufferStatic outputBuffer; 00770 buffer clearOutputBuffer; 00771 int prevSent; /* previous plain text bytes sent 00772 when got WANT_WRITE */ 00773 int plainSz; /* plain text bytes in buffer to send 00774 when got WANT_WRITE */ 00775 } Buffers; 00776 00777 00778 typedef struct Options { 00779 byte sessionCacheOff; 00780 byte sessionCacheFlushOff; 00781 byte cipherSuite; 00782 byte serverState; 00783 byte clientState; 00784 byte handShakeState; 00785 byte side; /* client or server end */ 00786 byte verifyPeer; 00787 byte verifyNone; 00788 byte failNoCert; 00789 byte downgrade; /* allow downgrade of versions */ 00790 byte sendVerify; /* false = 0, true = 1, sendBlank = 2 */ 00791 byte resuming; 00792 byte tls; /* using TLS ? */ 00793 byte tls1_1; /* using TLSv1.1+ ? */ 00794 byte dtls; /* using datagrams ? */ 00795 byte connReset; /* has the peer reset */ 00796 byte isClosed; /* if we consider conn closed */ 00797 byte closeNotify; /* we've recieved a close notify */ 00798 byte sentNotify; /* we've sent a close notify */ 00799 byte connectState; /* nonblocking resume */ 00800 byte acceptState; /* nonblocking resume */ 00801 byte usingCompression; /* are we using compression */ 00802 byte haveDH; /* server DH parms set by user */ 00803 byte haveNTRU; /* server NTRU private key loaded */ 00804 byte havePeerCert; /* do we have peer's cert */ 00805 byte usingPSK_cipher; /* whether we're using psk as cipher */ 00806 byte sendAlertState; /* nonblocking resume */ 00807 byte processReply; /* nonblocking resume */ 00808 byte partialWrite; /* only one msg per write call */ 00809 byte quietShutdown; /* don't send close notify */ 00810 #ifndef NO_PSK 00811 byte havePSK; /* psk key set by user */ 00812 psk_client_callback client_psk_cb; 00813 psk_server_callback server_psk_cb; 00814 #endif /* NO_PSK */ 00815 } Options; 00816 00817 00818 typedef struct Arrays { 00819 byte clientRandom[RAN_LEN]; 00820 byte serverRandom[RAN_LEN]; 00821 byte sessionID[ID_LEN]; 00822 byte preMasterSecret[ENCRYPT_LEN]; 00823 byte masterSecret[SECRET_LEN]; 00824 #ifdef CYASSL_DTLS 00825 byte cookie[MAX_COOKIE_LEN]; 00826 #endif 00827 #ifndef NO_PSK 00828 char client_identity[MAX_PSK_ID_LEN]; 00829 char server_hint[MAX_PSK_ID_LEN]; 00830 byte psk_key[MAX_PSK_KEY_LEN]; 00831 word32 psk_keySz; /* acutal size */ 00832 #endif 00833 word32 preMasterSz; /* differs for DH, actual size */ 00834 } Arrays; 00835 00836 00837 #undef X509_NAME 00838 00839 struct X509_NAME { 00840 char name[ASN_NAME_MAX]; 00841 int sz; 00842 }; 00843 00844 00845 struct X509 { 00846 X509_NAME issuer; 00847 X509_NAME subject; 00848 }; 00849 00850 00851 /* record layer header for PlainText, Compressed, and CipherText */ 00852 typedef struct RecordLayerHeader { 00853 byte type; 00854 ProtocolVersion version; 00855 byte length[2]; 00856 } RecordLayerHeader; 00857 00858 00859 /* record layer header for DTLS PlainText, Compressed, and CipherText */ 00860 typedef struct DtlsRecordLayerHeader { 00861 byte type; 00862 ProtocolVersion version; 00863 byte epoch[2]; /* increment on cipher state change */ 00864 byte sequence_number[6]; /* per record */ 00865 byte length[2]; 00866 } DtlsRecordLayerHeader; 00867 00868 00869 /* OpenSSL ssl type */ 00870 struct SSL { 00871 SSL_CTX* ctx; 00872 int error; 00873 ProtocolVersion version; /* negotiated version */ 00874 ProtocolVersion chVersion; /* client hello version */ 00875 Suites suites; 00876 Ciphers encrypt; 00877 Ciphers decrypt; 00878 CipherSpecs specs; 00879 Keys keys; 00880 int rfd; /* read file descriptor */ 00881 int wfd; /* write file descriptor */ 00882 BIO* biord; /* socket bio read to free/close */ 00883 BIO* biowr; /* socket bio write to free/close */ 00884 void* IOCB_ReadCtx; 00885 void* IOCB_WriteCtx; 00886 RNG rng; 00887 Md5 hashMd5; /* md5 hash of handshake msgs */ 00888 Sha hashSha; /* sha hash of handshake msgs */ 00889 Hashes verifyHashes; 00890 Hashes certHashes; /* for cert verify */ 00891 Signer* caList; /* SSL_CTX owns */ 00892 Buffers buffers; 00893 Options options; 00894 Arrays arrays; 00895 SSL_SESSION session; 00896 RsaKey peerRsaKey; 00897 byte peerRsaKeyPresent; 00898 #ifdef HAVE_NTRU 00899 word16 peerNtruKeyLen; 00900 byte peerNtruKey[MAX_NTRU_PUB_KEY_SZ]; 00901 byte peerNtruKeyPresent; 00902 #endif 00903 hmacfp hmac; 00904 void* heap; /* for user overrides */ 00905 RecordLayerHeader curRL; 00906 word16 curSize; 00907 SSL_CIPHER cipher; 00908 #ifdef HAVE_LIBZ 00909 z_stream c_stream; /* compression stream */ 00910 z_stream d_stream; /* decompression stream */ 00911 byte didStreamInit; /* for stream init and end */ 00912 #endif 00913 #ifdef CYASSL_CALLBACKS 00914 HandShakeInfo handShakeInfo; /* info saved during handshake */ 00915 TimeoutInfo timeoutInfo; /* info saved during handshake */ 00916 byte hsInfoOn; /* track handshake info */ 00917 byte toInfoOn; /* track timeout info */ 00918 #endif 00919 #ifdef OPENSSL_EXTRA 00920 X509 peerCert; /* X509 peer cert */ 00921 #endif 00922 }; 00923 00924 00925 int InitSSL(SSL*, SSL_CTX*); 00926 void FreeSSL(SSL*); 00927 void SSL_ResourceFree(SSL*); 00928 00929 00930 enum { 00931 IV_SZ = 32, /* max iv sz */ 00932 NAME_SZ = 80, /* max one line */ 00933 }; 00934 00935 00936 typedef struct EncryptedInfo { 00937 char name[NAME_SZ]; 00938 byte iv[IV_SZ]; 00939 word32 ivSz; 00940 byte set; 00941 } EncryptedInfo; 00942 00943 00944 #ifdef CYASSL_CALLBACKS 00945 void InitHandShakeInfo(HandShakeInfo*); 00946 void FinishHandShakeInfo(HandShakeInfo*, const SSL*); 00947 void AddPacketName(const char*, HandShakeInfo*); 00948 00949 void InitTimeoutInfo(TimeoutInfo*); 00950 void FreeTimeoutInfo(TimeoutInfo*, void*); 00951 void AddPacketInfo(const char*, TimeoutInfo*, const byte*, int, void*); 00952 void AddLateName(const char*, TimeoutInfo*); 00953 void AddLateRecordHeader(const RecordLayerHeader* rl, TimeoutInfo* info); 00954 #endif 00955 00956 00957 /* Record Layer Header identifier from page 12 */ 00958 enum ContentType { 00959 no_type = 0, 00960 change_cipher_spec = 20, 00961 alert = 21, 00962 handshake = 22, 00963 application_data = 23 00964 }; 00965 00966 00967 /* handshake header, same for each message type, pgs 20/21 */ 00968 typedef struct HandShakeHeader { 00969 byte type; 00970 word24 length; 00971 } HandShakeHeader; 00972 00973 00974 /* DTLS handshake header, same for each message type */ 00975 typedef struct DtlsHandShakeHeader { 00976 byte type; 00977 word24 length; 00978 byte message_seq[2]; /* start at 0, restransmit gets same # */ 00979 word24 fragment_offset; /* bytes in previous fragments */ 00980 word24 fragment_length; /* length of this fragment */ 00981 } DtlsHandShakeHeader; 00982 00983 00984 enum HandShakeType { 00985 no_shake = -1, 00986 hello_request = 0, 00987 client_hello = 1, 00988 server_hello = 2, 00989 hello_verify_request = 3, /* DTLS addition */ 00990 certificate = 11, 00991 server_key_exchange = 12, 00992 certificate_request = 13, 00993 server_hello_done = 14, 00994 certificate_verify = 15, 00995 client_key_exchange = 16, 00996 finished = 20 00997 }; 00998 00999 01000 /* Valid Alert types from page 16/17 */ 01001 enum AlertDescription { 01002 close_notify = 0, 01003 unexpected_message = 10, 01004 bad_record_mac = 20, 01005 decompression_failure = 30, 01006 handshake_failure = 40, 01007 no_certificate = 41, 01008 bad_certificate = 42, 01009 unsupported_certificate = 43, 01010 certificate_revoked = 44, 01011 certificate_expired = 45, 01012 certificate_unknown = 46, 01013 illegal_parameter = 47, 01014 decrypt_error = 51 01015 }; 01016 01017 01018 /* I/O Callback default errors */ 01019 enum IOerrors { 01020 IO_ERR_GENERAL = -1, /* general unexpected err, not in below group */ 01021 IO_ERR_WANT_READ = -2, /* need to call read again */ 01022 IO_ERR_WANT_WRITE = -2, /* need to call write again */ 01023 IO_ERR_CONN_RST = -3, /* connection reset */ 01024 IO_ERR_ISR = -4, /* interrupt */ 01025 IO_ERR_CONN_CLOSE = -5 /* connection closed or epipe */ 01026 }; 01027 01028 01029 enum AlertLevel { 01030 alert_warning = 1, 01031 alert_fatal = 2 01032 }; 01033 01034 01035 static const byte client[SIZEOF_SENDER] = { 0x43, 0x4C, 0x4E, 0x54 }; 01036 static const byte server[SIZEOF_SENDER] = { 0x53, 0x52, 0x56, 0x52 }; 01037 01038 static const byte tls_client[FINISHED_LABEL_SZ + 1] = "client finished"; 01039 static const byte tls_server[FINISHED_LABEL_SZ + 1] = "server finished"; 01040 01041 01042 /* internal functions */ 01043 int SendChangeCipher(SSL*); 01044 int SendData(SSL*, const void*, int); 01045 int SendCertificate(SSL*); 01046 int SendCertificateRequest(SSL*); 01047 int SendServerKeyExchange(SSL*); 01048 int SendBuffered(SSL*); 01049 int ReceiveData(SSL*, byte*, int); 01050 int SendFinished(SSL*); 01051 int SendAlert(SSL*, int, int); 01052 int ProcessReply(SSL*); 01053 01054 int SetCipherSpecs(SSL*); 01055 int MakeMasterSecret(SSL*); 01056 01057 int AddSession(SSL*); 01058 int DeriveKeys(SSL* ssl); 01059 int StoreKeys(SSL* ssl, const byte* keyData); 01060 01061 int IsTLS(const SSL* ssl); 01062 int IsAtLeastTLSv1_2(const SSL* ssl); 01063 01064 void ShrinkInputBuffer(SSL* ssl, int forcedFree); 01065 void ShrinkOutputBuffer(SSL* ssl); 01066 01067 #ifndef NO_CYASSL_CLIENT 01068 int SendClientHello(SSL*); 01069 int SendClientKeyExchange(SSL*); 01070 int SendCertificateVerify(SSL*); 01071 #endif /* NO_CYASSL_CLIENT */ 01072 01073 #ifndef NO_CYASSL_SERVER 01074 int SendServerHello(SSL*); 01075 int SendServerHelloDone(SSL*); 01076 #ifdef CYASSL_DTLS 01077 int SendHelloVerifyRequest(SSL*); 01078 #endif 01079 #endif /* NO_CYASSL_SERVER */ 01080 01081 01082 #ifndef NO_TLS 01083 01084 01085 #endif /* NO_TLS */ 01086 01087 01088 01089 typedef double timer_d; 01090 01091 timer_d Timer(void); 01092 word32 LowResTimer(void); 01093 01094 01095 #ifdef SINGLE_THREADED 01096 typedef int CyaSSL_Mutex; 01097 #else /* MULTI_THREADED */ 01098 #ifdef USE_WINDOWS_API 01099 typedef CRITICAL_SECTION CyaSSL_Mutex; 01100 #elif defined(CYASSL_PTHREADS) 01101 typedef pthread_mutex_t CyaSSL_Mutex; 01102 #elif defined(THREADX) 01103 typedef TX_MUTEX CyaSSL_Mutex; 01104 #elif defined(MICRIUM) 01105 typedef OS_MUTEX CyaSSL_Mutex; 01106 #else 01107 #error Need a mutex type in multithreaded mode 01108 #endif /* USE_WINDOWS_API */ 01109 #endif /* SINGLE_THREADED */ 01110 01111 int InitMutex(CyaSSL_Mutex*); 01112 int FreeMutex(CyaSSL_Mutex*); 01113 int LockMutex(CyaSSL_Mutex*); 01114 int UnLockMutex(CyaSSL_Mutex*); 01115 01116 01117 #ifdef DEBUG_CYASSL 01118 01119 void CYASSL_ENTER(const char* msg); 01120 void CYASSL_LEAVE(const char* msg, int ret); 01121 01122 void CYASSL_ERROR(int); 01123 void CYASSL_MSG(const char* msg); 01124 01125 #else /* DEBUG_CYASSL */ 01126 01127 #define CYASSL_ENTER(m) 01128 #define CYASSL_LEAVE(m, r) 01129 01130 #define CYASSL_ERROR(e) 01131 #define CYASSL_MSG(m) 01132 01133 #endif /* DEBUG_CYASSL */ 01134 01135 01136 #ifdef __cplusplus 01137 } /* extern "C" */ 01138 #endif 01139 01140 #endif /* CyaSSL_INT_H */ 01141
Generated on Tue Jul 12 2022 18:43:19 by
1.7.2