search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Correct PPTP server firewall rules chain.
[tomato/davidwu.git] / release / src / router / cyassl / include / cyassl_int.h
blob684237551aaba4dc9acef62e0e2b8b9831599aa0
1 /* cyassl_int.h
2 *
3 * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
4 *
5 * This file is part of CyaSSL.
6 *
7 * CyaSSL is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
11 *
12 * CyaSSL is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
20 */
21
22
23
24 #ifndef CYASSL_INT_H
25 #define CYASSL_INT_H
26
27
28 #include "types.h"
29 #include "random.h"
30 #include "des3.h"
31 #include "hc128.h"
32 #include "rabbit.h"
33 #include "asn.h"
34 #include "ctc_md5.h"
35 #include "ctc_aes.h"
36 #ifdef HAVE_ECC
37 #include "ctc_ecc.h"
38 #endif
39 #ifndef NO_SHA256
40 #include "sha256.h"
41 #endif
42
43 #ifdef CYASSL_CALLBACKS
44 #include "cyassl_callbacks.h"
45 #include <signal.h>
46 #endif
47
48 #ifdef USE_WINDOWS_API
49 #include <windows.h>
50 #elif defined(THREADX)
51 #ifndef SINGLE_THREADED
52 #include "tx_api.h"
53 #endif
54 #elif defined(MICRIUM)
55 /* do nothing, just don't pick Unix */
56 #else
57 #ifndef SINGLE_THREADED
58 #define CYASSL_PTHREADS
59 #include <pthread.h>
60 #endif
61 #if defined(OPENSSL_EXTRA) || defined(GOAHEAD_WS)
62 #include <unistd.h> /* for close of BIO */
63 #endif
64 #endif
65
66 #ifdef HAVE_LIBZ
67 #include "zlib.h"
68 #endif
69
70 #ifdef _MSC_VER
71 /* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */
72 #pragma warning(disable: 4996)
73 #endif
74
75 #ifdef NO_AES
76 #if !defined (ALIGN16)
77 #define ALIGN16
78 #endif
79 #endif
80
81 #ifdef __cplusplus
82 extern "C" {
83 #endif
84
85
86 #ifdef USE_WINDOWS_API
87 typedef unsigned int SOCKET_T;
88 #else
89 typedef int SOCKET_T;
90 #endif
91
92
93 typedef byte word24[3];
94
95 /* Define or comment out the cipher suites you'd like to be compiled in
96 make sure to use at least one BUILD_SSL_xxx or BUILD_TLS_xxx is defined
97
98 When adding cipher suites, add name to cipher_names, idx to cipher_name_idx
99 */
100 #ifndef NO_RC4
101 #define BUILD_SSL_RSA_WITH_RC4_128_SHA
102 #define BUILD_SSL_RSA_WITH_RC4_128_MD5
103 #if !defined(NO_TLS) && defined(HAVE_NTRU)
104 #define BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
105 #endif
106 #endif
107
108 #ifndef NO_DES3
109 #define BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA
110 #if !defined(NO_TLS) && defined(HAVE_NTRU)
111 #define BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA
112 #endif
113 #endif
114
115 #if !defined(NO_AES) && !defined(NO_TLS)
116 #define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
117 #define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
118 #if !defined (NO_PSK)
119 #define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA
120 #define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA
121 #endif
122 #if defined(HAVE_NTRU)
123 #define BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
124 #define BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
125 #endif
126 #endif
127
128 #if !defined(NO_HC128) && !defined(NO_TLS)
129 #define BUILD_TLS_RSA_WITH_HC_128_CBC_MD5
130 #define BUILD_TLS_RSA_WITH_HC_128_CBC_SHA
131 #endif
132
133 #if !defined(NO_RABBIT) && !defined(NO_TLS)
134 #define BUILD_TLS_RSA_WITH_RABBIT_CBC_SHA
135 #endif
136
137 #if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && defined(OPENSSL_EXTRA)
138 #define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
139 #define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
140 #endif
141
142 #if defined(HAVE_ECC) && !defined(NO_TLS)
143 #if !defined(NO_AES)
144 #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
145 #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
146 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
147 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
148 #endif
149 #if !defined(NO_RC4)
150 #define BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA
151 #define BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
152 #endif
153 #if !defined(NO_DES3)
154 #define BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
155 #define BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
156 #endif
157 #endif
158
159
160 #if defined(BUILD_SSL_RSA_WITH_RC4_128_SHA) || \
161 defined(BUILD_SSL_RSA_WITH_RC4_128_MD5)
162 #define BUILD_ARC4
163 #endif
164
165 #if defined(BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA)
166 #define BUILD_DES3
167 #endif
168
169 #if defined(BUILD_TLS_RSA_WITH_AES_128_CBC_SHA) || \
170 defined(BUILD_TLS_RSA_WITH_AES_256_CBC_SHA)
171 #define BUILD_AES
172 #endif
173
174 #if defined(BUILD_TLS_RSA_WITH_HC_128_CBC_SHA) || \
175 defined(BUILD_TLS_RSA_WITH_HC_128_CBC_MD5)
176 #define BUILD_HC128
177 #endif
178
179 #if defined(BUILD_TLS_RSA_WITH_RABBIT_CBC_SHA)
180 #define BUILD_RABBIT
181 #endif
182
183 #ifdef NO_DES3
184 #define DES_BLOCK_SIZE 8
185 #endif
186
187 #ifdef NO_AES
188 #define AES_BLOCK_SIZE 16
189 #endif
190
191
192 /* actual cipher values, 2nd byte */
193 enum {
194 TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x39,
195 TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x33,
196 TLS_RSA_WITH_AES_256_CBC_SHA = 0x35,
197 TLS_RSA_WITH_AES_128_CBC_SHA = 0x2F,
198 TLS_PSK_WITH_AES_256_CBC_SHA = 0x8d,
199 TLS_PSK_WITH_AES_128_CBC_SHA = 0x8c,
200 SSL_RSA_WITH_RC4_128_SHA = 0x05,
201 SSL_RSA_WITH_RC4_128_MD5 = 0x04,
202 SSL_RSA_WITH_3DES_EDE_CBC_SHA = 0x0A,
203
204 /* ECC suites, first byte is 0xC0 (ECC_BYTE) */
205 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0x14,
206 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0x13,
207 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0x0A,
208 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 0x09,
209 TLS_ECDHE_RSA_WITH_RC4_128_SHA = 0x11,
210 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = 0x07,
211 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x12,
212 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = 0x08,
213
214 /* CyaSSL extension - eSTREAM */
215 TLS_RSA_WITH_HC_128_CBC_MD5 = 0xFB,
216 TLS_RSA_WITH_HC_128_CBC_SHA = 0xFC,
217 TLS_RSA_WITH_RABBIT_CBC_SHA = 0xFD,
218
219 /* CyaSSL extension - NTRU */
220 TLS_NTRU_RSA_WITH_RC4_128_SHA = 0x65,
221 TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA = 0x66,
222 TLS_NTRU_RSA_WITH_AES_128_CBC_SHA = 0x67,
223 TLS_NTRU_RSA_WITH_AES_256_CBC_SHA = 0x68
224 };
225
226
227 enum Misc {
228 SERVER_END = 0,
229 CLIENT_END,
230
231 ECC_BYTE = 0xC0, /* ECC first cipher suite byte */
232
233 SEND_CERT = 1,
234 SEND_BLANK_CERT = 2,
235
236 DTLS_MAJOR = 0xfe, /* DTLS major version number */
237 DTLS_MINOR = 0xff, /* DTLS minor version number */
238 SSLv3_MAJOR = 3, /* SSLv3 and TLSv1+ major version number */
239 SSLv3_MINOR = 0, /* TLSv1 minor version number */
240 TLSv1_MINOR = 1, /* TLSv1 minor version number */
241 TLSv1_1_MINOR = 2, /* TLSv1_1 minor version number */
242 TLSv1_2_MINOR = 3, /* TLSv1_2 minor version number */
243 NO_COMPRESSION = 0,
244 ZLIB_COMPRESSION = 221, /* CyaSSL zlib compression */
245 SECRET_LEN = 48, /* pre RSA and all master */
246 ENCRYPT_LEN = 256, /* allow 2048 bit static buffer */
247 SIZEOF_SENDER = 4, /* clnt or srvr */
248 FINISHED_SZ = MD5_DIGEST_SIZE + SHA_DIGEST_SIZE,
249 MAX_RECORD_SIZE = 16384, /* 2^14, max size by standard */
250 MAX_UDP_SIZE = 1400, /* don't exceed MTU */
251 MAX_MSG_EXTRA = 68, /* max added to msg, mac + pad */
252 MAX_COMP_EXTRA = 1024, /* max compression extra */
253 MAX_MTU = 1500, /* max expected MTU */
254 MAX_DH_SZ = 612, /* 2240 p, pub, g + 2 byte size for each */
255 MAX_STR_VERSION = 8, /* string rep of protocol version */
256
257 PAD_MD5 = 48, /* pad length for finished */
258 PAD_SHA = 40, /* pad length for finished */
259 PEM_LINE_LEN = 80, /* PEM line max + fudge */
260 LENGTH_SZ = 2, /* length field for HMAC, data only */
261 VERSION_SZ = 2, /* length of proctocol version */
262 SEQ_SZ = 8, /* 64 bit sequence number */
263 BYTE3_LEN = 3, /* up to 24 bit byte lengths */
264 ALERT_SIZE = 2, /* level + description */
265 REQUEST_HEADER = 2, /* always use 2 bytes */
266 VERIFY_HEADER = 2, /* always use 2 bytes */
267
268 MAX_SUITE_SZ = 200, /* 100 suites for now! */
269 RAN_LEN = 32, /* random length */
270 SEED_LEN = RAN_LEN * 2, /* tls prf seed length */
271 ID_LEN = 32, /* session id length */
272 MAX_COOKIE_LEN = 32, /* max dtls cookie size */
273 SUITE_LEN = 2, /* cipher suite sz length */
274 ENUM_LEN = 1, /* always a byte */
275 COMP_LEN = 1, /* compression length */
276 CURVE_LEN = 2, /* ecc named curve length */
277
278 HANDSHAKE_HEADER_SZ = 4, /* type + length(3) */
279 RECORD_HEADER_SZ = 5, /* type + version + len(2) */
280 CERT_HEADER_SZ = 3, /* always 3 bytes */
281 REQ_HEADER_SZ = 2, /* cert request header sz */
282 HINT_LEN_SZ = 2, /* length of hint size field */
283
284 DTLS_HANDSHAKE_HEADER_SZ = 12, /* normal + seq(2) + offset(3) + length(3) */
285 DTLS_RECORD_HEADER_SZ = 13, /* normal + epoch(2) + seq_num(6) */
286 DTLS_HANDSHAKE_EXTRA = 8, /* diff from normal */
287 DTLS_RECORD_EXTRA = 8, /* diff from normal */
288
289 FINISHED_LABEL_SZ = 15, /* TLS finished label size */
290 TLS_FINISHED_SZ = 12, /* TLS has a shorter size */
291 MASTER_LABEL_SZ = 13, /* TLS master secret label sz */
292 KEY_LABEL_SZ = 13, /* TLS key block expansion sz */
293 MAX_PRF_HALF = 128, /* Maximum half secret len */
294 MAX_PRF_LABSEED = 80, /* Maximum label + seed len */
295 MAX_PRF_DIG = 148, /* Maximum digest len */
296 MAX_REQUEST_SZ = 256, /* Maximum cert req len (no auth yet */
297 SESSION_FLUSH_COUNT = 256, /* Flush session cache unless user turns off */
298
299 RC4_KEY_SIZE = 16, /* always 128bit */
300 DES_KEY_SIZE = 8, /* des */
301 DES3_KEY_SIZE = 24, /* 3 des ede */
302 DES_IV_SIZE = DES_BLOCK_SIZE,
303 AES_256_KEY_SIZE = 32, /* for 256 bit */
304 AES_192_KEY_SIZE = 24, /* for 192 bit */
305 AES_IV_SIZE = 16, /* always block size */
306 AES_128_KEY_SIZE = 16, /* for 128 bit */
307
308 HC_128_KEY_SIZE = 16, /* 128 bits */
309 HC_128_IV_SIZE = 16, /* also 128 bits */
310
311 RABBIT_KEY_SIZE = 16, /* 128 bits */
312 RABBIT_IV_SIZE = 8, /* 64 bits for iv */
313
314 EVP_SALT_SIZE = 8, /* evp salt size 64 bits */
315
316 ECDHE_SIZE = 32, /* ECHDE server size defaults to 256 bit */
317 MAX_EXPORT_ECC_SZ = 256, /* Export ANS X9.62 max future size */
318
319 MAX_HELLO_SZ = 128, /* max client or server hello */
320 MAX_CERT_VERIFY_SZ = 1024, /* max */
321 CLIENT_HELLO_FIRST = 35, /* Protocol + RAN_LEN + sizeof(id_len) */
322 MAX_SUITE_NAME = 48, /* maximum length of cipher suite string */
323 DEFAULT_TIMEOUT = 500, /* default resumption timeout in seconds */
324
325 MAX_PSK_ID_LEN = 128, /* max psk identity/hint supported */
326 MAX_PSK_KEY_LEN = 64, /* max psk key supported */
327
328 MAX_CHAIN_DEPTH = 4, /* max cert chain peer depth */
329 MAX_X509_SIZE = 2048, /* max static x509 buffer size */
330 FILE_BUFFER_SIZE = 1024, /* default static file buffer size for input,
331 will use dynamic buffer if not big enough */
332
333 MAX_NTRU_PUB_KEY_SZ = 1027, /* NTRU max for now */
334 MAX_NTRU_ENCRYPT_SZ = 1027, /* NTRU max for now */
335 MAX_NTRU_BITS = 256, /* max symmetric bit strength */
336 NO_SNIFF = 0, /* not sniffing */
337 SNIFF = 1, /* currently sniffing */
338
339 HASH_SIG_SIZE = 2, /* default SHA1 RSA */
340
341 NO_COPY = 0, /* should we copy static buffer for write */
342 COPY = 1 /* should we copy static buffer for write */
343 };
344
345
346 /* states */
347 enum states {
348 NULL_STATE = 0,
349
350 SERVER_HELLOVERIFYREQUEST_COMPLETE,
351 SERVER_HELLO_COMPLETE,
352 SERVER_CERT_COMPLETE,
353 SERVER_KEYEXCHANGE_COMPLETE,
354 SERVER_HELLODONE_COMPLETE,
355 SERVER_FINISHED_COMPLETE,
356
357 CLIENT_HELLO_COMPLETE,
358 CLIENT_KEYEXCHANGE_COMPLETE,
359 CLIENT_FINISHED_COMPLETE,
360
361 HANDSHAKE_DONE
362 };
363
364
365 #ifndef SSL_TYPES_DEFINED
366 typedef struct SSL_METHOD SSL_METHOD;
367 typedef struct SSL_CTX SSL_CTX;
368 typedef struct SSL_SESSION SSL_SESSION;
369 typedef struct SSL_CIPHER SSL_CIPHER;
370 typedef struct SSL SSL;
371 typedef struct X509 X509;
372 typedef struct X509_CHAIN X509_CHAIN;
373 typedef struct BIO BIO;
374 typedef struct BIO_METHOD BIO_METHOD;
375
376 #undef X509_NAME
377 typedef struct X509_NAME X509_NAME;
378
379 typedef struct X509_STORE_CTX {
380 int error;
381 int error_depth;
382 X509* current_cert; /* stunnel dereference */
383 char* domain; /* subject CN domain name */
384 } X509_STORE_CTX;
385
386
387 typedef int (*pem_password_cb)(char*, int, int, void*);
388 typedef int (*CallbackIORecv)(char *buf, int sz, void *ctx);
389 typedef int (*CallbackIOSend)(char *buf, int sz, void *ctx);
390 typedef int (*VerifyCallback)(int, X509_STORE_CTX*);
391
392 /* make sure external "C" linkage for C++ programs with callbacks */
393 void CyaSSL_SetIORecv(SSL_CTX*, CallbackIORecv);
394 void CyaSSL_SetIOSend(SSL_CTX*, CallbackIOSend);
395
396 void CyaSSL_SetIOReadCtx(SSL* ssl, void *ctx);
397 void CyaSSL_SetIOWriteCtx(SSL* ssl, void *ctx);
398 #endif /* SSL_TYPES_DEFINED */
399
400
401 /* SSL Version */
402 typedef struct ProtocolVersion {
403 byte major;
404 byte minor;
405 } ProtocolVersion;
406
407
408 ProtocolVersion MakeSSLv3(void);
409 ProtocolVersion MakeTLSv1(void);
410 ProtocolVersion MakeTLSv1_1(void);
411 ProtocolVersion MakeTLSv1_2(void);
412
413 #ifdef CYASSL_DTLS
414 ProtocolVersion MakeDTLSv1(void);
415 #endif
416
417
418 enum BIO_TYPE {
419 BIO_BUFFER = 1,
420 BIO_SOCKET = 2,
421 BIO_SSL = 3
422 };
423
424
425 /* OpenSSL BIO_METHOD type */
426 struct BIO_METHOD {
427 byte type; /* method type */
428 };
429
430
431 /* OpenSSL BIO type */
432 struct BIO {
433 byte type; /* method type */
434 byte close; /* close flag */
435 byte eof; /* eof flag */
436 SSL* ssl; /* possible associated ssl */
437 int fd; /* possible file descriptor */
438 BIO* prev; /* previous in chain */
439 BIO* next; /* next in chain */
440 };
441
442
443 /* OpenSSL method type */
444 struct SSL_METHOD {
445 ProtocolVersion version;
446 int side; /* connection side, server or client */
447 int verifyPeer; /* request or send certificate */
448 int verifyNone; /* whether to verify certificate */
449 int failNoCert; /* fail if no certificate */
450 int downgrade; /* whether to downgrade version, default no */
451 };
452
453
454 /* defautls to client */
455 void InitSSL_Method(SSL_METHOD*, ProtocolVersion);
456
457 /* for sniffer */
458 int DoFinished(SSL* ssl, const byte* input, word32* inOutIdx, int sniff);
459 int DoApplicationData(SSL* ssl, byte* input, word32* inOutIdx);
460
461
462 /* CyaSSL buffer type */
463 typedef struct buffer {
464 word32 length;
465 byte* buffer;
466 } buffer;
467
468
469 enum {
470 FORCED_FREE = 1,
471 NO_FORCED_FREE = 0
472 };
473
474
475 /* only use compression extra if using compression */
476 #ifdef HAVE_LIBZ
477 #define COMP_EXTRA MAX_COMP_EXTRA
478 #else
479 #define COMP_EXTRA 0
480 #endif
481
482 /* only the sniffer needs space in the buffer for an extra MTU record */
483 #ifdef CYASSL_SNIFFER
484 #define MTU_EXTRA MAX_MTU
485 #else
486 #define MTU_EXTRA 0
487 #endif
488
489 /* give user option to use 16K static buffers, sniffer needs them too */
490 #if defined(LARGE_STATIC_BUFFERS) || defined(CYASSL_SNIFFER)
491 #define RECORD_SIZE MAX_RECORD_SIZE
492 #else
493 #ifdef CYASSL_DTLS
494 #define RECORD_SIZE 1500
495 #else
496 #define RECORD_SIZE 128
497 #endif
498 #endif
499
500
501 /* user option to turn off 16K output option */
502 /* if using small static buffers (default) and SSL_write tries to write data
503 larger than the record we have, dynamically get it, unless user says only
504 write in static buffer chuncks */
505 #ifndef STATIC_CHUNKS_ONLY
506 #define OUTPUT_RECORD_SIZE MAX_RECORD_SIZE
507 #else
508 #define OUTPUT_RECORD_SIZE RECORD_SIZE
509 #endif
510
511 /* CyaSSL input buffer
512
513 RFC 2246:
514
515 length
516 The length (in bytes) of the following TLSPlaintext.fragment.
517 The length should not exceed 2^14.
518 */
519 #define STATIC_BUFFER_LEN RECORD_HEADER_SZ + RECORD_SIZE + COMP_EXTRA + \
520 MTU_EXTRA + MAX_MSG_EXTRA
521
522 typedef struct {
523 word32 length; /* total buffer length used */
524 word32 idx; /* idx to part of length already consumed */
525 byte* buffer; /* place holder for static or dynamic buffer */
526 ALIGN16 byte staticBuffer[STATIC_BUFFER_LEN];
527 word32 bufferSize; /* current buffer size */
528 byte dynamicFlag; /* dynamic memory currently in use */
529 } bufferStatic;
530
531 /* Cipher Suites holder */
532 typedef struct Suites {
533 int setSuites; /* user set suites from default */
534 byte suites[MAX_SUITE_SZ];
535 word16 suiteSz; /* suite length in bytes */
536 } Suites;
537
538
539 void InitSuites(Suites*, ProtocolVersion, byte, byte, byte, byte, int);
540 int SetCipherList(SSL_CTX* ctx, const char* list);
541
542 #ifndef PSK_TYPES_DEFINED
543 typedef unsigned int (*psk_client_callback)(SSL*, const char*, char*,
544 unsigned int, unsigned char*, unsigned int);
545 typedef unsigned int (*psk_server_callback)(SSL*, const char*,
546 unsigned char*, unsigned int);
547 #endif /* PSK_TYPES_DEFINED */
548
549
550 #ifndef CYASSL_USER_IO
551 /* default IO callbacks */
552 int EmbedReceive(char *buf, int sz, void *ctx);
553 int EmbedSend(char *buf, int sz, void *ctx);
554 #endif
555
556 #ifdef CYASSL_DTLS
557 int IsUDP(void*);
558 #endif
559
560
561 /* OpenSSL Cipher type just points back to SSL */
562 struct SSL_CIPHER {
563 SSL* ssl;
564 };
565
566
567 /* OpenSSL context type */
568 struct SSL_CTX {
569 SSL_METHOD* method;
570 buffer certificate;
571 buffer privateKey;
572 Signer* caList; /* SSL_CTX owns this, SSL will reference */
573 Suites suites;
574 void* heap; /* for user memory overrides */
575 byte verifyPeer;
576 byte verifyNone;
577 byte failNoCert;
578 byte sessionCacheOff;
579 byte sessionCacheFlushOff;
580 byte sendVerify; /* for client side */
581 byte haveDH; /* server DH parms set by user */
582 byte haveNTRU; /* server private NTRU key loaded */
583 byte haveECDSA; /* server private ECDSA key loaded */
584 byte partialWrite; /* only one msg per write call */
585 byte quietShutdown; /* don't send close notify */
586 CallbackIORecv CBIORecv;
587 CallbackIOSend CBIOSend;
588 VerifyCallback verifyCallback; /* cert verification callback */
589 #ifndef NO_PSK
590 byte havePSK; /* psk key set by user */
591 psk_client_callback client_psk_cb; /* client callback */
592 psk_server_callback server_psk_cb; /* server callback */
593 char server_hint[MAX_PSK_ID_LEN];
594 #endif /* NO_PSK */
595 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
596 pem_password_cb passwd_cb;
597 void* userdata;
598 #endif /* OPENSSL_EXTRA */
599 };
600
601
602 void InitSSL_Ctx(SSL_CTX*, SSL_METHOD*);
603 void FreeSSL_Ctx(SSL_CTX*);
604 void SSL_CtxResourceFree(SSL_CTX*);
605
606 int DeriveTlsKeys(SSL* ssl);
607 int ProcessOldClientHello(SSL* ssl, const byte* input, word32* inOutIdx,
608 word32 inSz, word16 sz);
609
610 /* All cipher suite related info */
611 typedef struct CipherSpecs {
612 byte bulk_cipher_algorithm;
613 byte cipher_type; /* block or stream */
614 byte mac_algorithm;
615 byte kea; /* key exchange algo */
616 byte sig_algo;
617 byte hash_size;
618 byte pad_size;
619 word16 key_size;
620 word16 iv_size;
621 word16 block_size;
622 } CipherSpecs;
623
624
625
626 /* Supported Ciphers from page 43 */
627 enum BulkCipherAlgorithm {
628 cipher_null,
629 rc4,
630 rc2,
631 des,
632 triple_des, /* leading 3 (3des) not valid identifier */
633 des40,
634 idea,
635 aes,
636 hc128, /* CyaSSL extensions */
637 rabbit
638 };
639
640
641 /* Supported Message Authentication Codes from page 43 */
642 enum MACAlgorithm {
643 no_mac = 0,
644 md5_mac,
645 sha_mac,
646 sha224_mac,
647 sha256_mac,
648 sha384_mac,
649 sha512_mac,
650 rmd_mac
651 };
652
653
654 /* Supported Key Exchange Protocols */
655 enum KeyExchangeAlgorithm {
656 no_kea = 0,
657 rsa_kea,
658 diffie_hellman_kea,
659 fortezza_kea,
660 psk_kea,
661 ntru_kea,
662 ecc_diffie_hellman_kea
663 };
664
665
666 /* Supported Authentication Schemes */
667 enum SignatureAlgorithm {
668 anonymous_sa_algo = 0,
669 rsa_sa_algo,
670 dsa_sa_algo,
671 ecc_dsa_sa_algo
672 };
673
674
675 /* Supprted ECC Curve Types */
676 enum EccCurves {
677 named_curve = 3
678 };
679
680
681 /* Supprted ECC Named Curves */
682 enum EccNamedCurves {
683 secp256r1 = 0x17, /* default, OpenSSL also calls it prime256v1 */
684 secp384r1 = 0x18,
685 secp521r1 = 0x19,
686
687 secp160r1 = 0x10,
688 secp192r1 = 0x13, /* Openssl also call it prime192v1 */
689 secp224r1 = 0x15
690 };
691
692
693 /* Valid client certificate request types from page 27 */
694 enum ClientCertificateType {
695 rsa_sign = 1,
696 dss_sign = 2,
697 rsa_fixed_dh = 3,
698 dss_fixed_dh = 4,
699 rsa_ephemeral_dh = 5,
700 dss_ephemeral_dh = 6,
701 fortezza_kea_cert = 20
702 };
703
704
705 enum CipherType { stream, block };
706
707
708 /* keys and secrets */
709 typedef struct Keys {
710 byte client_write_MAC_secret[SHA_DIGEST_SIZE]; /* max sizes */
711 byte server_write_MAC_secret[SHA_DIGEST_SIZE];
712 byte client_write_key[AES_256_KEY_SIZE]; /* max sizes */
713 byte server_write_key[AES_256_KEY_SIZE];
714 byte client_write_IV[AES_IV_SIZE]; /* max sizes */
715 byte server_write_IV[AES_IV_SIZE];
716
717 word32 peer_sequence_number;
718 word32 sequence_number;
719
720 #ifdef CYASSL_DTLS
721 word32 dtls_sequence_number;
722 word32 dtls_peer_sequence_number;
723 word16 dtls_handshake_number;
724 word16 dtls_epoch;
725 word16 dtls_peer_epoch;
726 #endif
727
728 word32 encryptSz; /* last size of encrypted data */
729 byte encryptionOn; /* true after change cipher spec */
730 } Keys;
731
732
733 /* cipher for now */
734 typedef union {
735 #ifdef BUILD_ARC4
736 Arc4 arc4;
737 #endif
738 #ifdef BUILD_DES3
739 Des3 des3;
740 #endif
741 #ifdef BUILD_AES
742 Aes aes;
743 #endif
744 #ifdef BUILD_HC128
745 HC128 hc128;
746 #endif
747 #ifdef BUILD_RABBIT
748 Rabbit rabbit;
749 #endif
750 } Ciphers;
751
752
753 /* hashes type */
754 typedef struct Hashes {
755 byte md5[MD5_DIGEST_SIZE];
756 byte sha[SHA_DIGEST_SIZE];
757 } Hashes;
758
759
760 /* Static x509 buffer */
761 typedef struct x509_buffer {
762 int length; /* actual size */
763 byte buffer[MAX_X509_SIZE]; /* max static cert size */
764 } x509_buffer;
765
766
767 /* CyaSSL X509_CHAIN, for no dynamic memory SESSION_CACHE */
768 struct X509_CHAIN {
769 int count; /* total number in chain */
770 x509_buffer certs[MAX_CHAIN_DEPTH]; /* only allow max depth 4 for now */
771 };
772
773
774 /* openSSL session type */
775 struct SSL_SESSION {
776 byte sessionID[ID_LEN];
777 byte masterSecret[SECRET_LEN];
778 word32 bornOn; /* create time in seconds */
779 word32 timeout; /* timeout in seconds */
780 #ifdef SESSION_CERTS
781 X509_CHAIN chain; /* peer cert chain, static */
782 ProtocolVersion version;
783 byte cipherSuite0; /* first byte, normally 0 */
784 byte cipherSuite; /* 2nd byte, actual suite */
785 #endif
786 };
787
788
789 SSL_SESSION* GetSession(SSL*, byte*);
790 int SetSession(SSL*, SSL_SESSION*);
791
792 typedef void (*hmacfp) (SSL*, byte*, const byte*, word32, int, int);
793
794
795 /* client connect state for nonblocking restart */
796 enum ConnectState {
797 CONNECT_BEGIN = 0,
798 CLIENT_HELLO_SENT,
799 HELLO_AGAIN, /* HELLO_AGAIN s for DTLS case */
800 HELLO_AGAIN_REPLY,
801 FIRST_REPLY_DONE,
802 FIRST_REPLY_FIRST,
803 FIRST_REPLY_SECOND,
804 FIRST_REPLY_THIRD,
805 FIRST_REPLY_FOURTH,
806 FINISHED_DONE,
807 SECOND_REPLY_DONE
808 };
809
810
811 /* server accpet state for nonblocking restart */
812 enum AcceptState {
813 ACCEPT_BEGIN = 0,
814 ACCEPT_CLIENT_HELLO_DONE,
815 HELLO_VERIFY_SENT,
816 ACCEPT_FIRST_REPLY_DONE,
817 SERVER_HELLO_SENT,
818 CERT_SENT,
819 KEY_EXCHANGE_SENT,
820 CERT_REQ_SENT,
821 SERVER_HELLO_DONE,
822 ACCEPT_SECOND_REPLY_DONE,
823 CHANGE_CIPHER_SENT,
824 ACCEPT_FINISHED_DONE,
825 ACCEPT_THIRD_REPLY_DONE
826 };
827
828
829 typedef struct Buffers {
830 buffer certificate; /* SSL_CTX owns */
831 buffer key; /* SSL_CTX owns */
832 buffer domainName; /* for client check */
833 buffer serverDH_P;
834 buffer serverDH_G;
835 buffer serverDH_Pub;
836 buffer serverDH_Priv;
837 bufferStatic inputBuffer;
838 bufferStatic outputBuffer;
839 buffer clearOutputBuffer;
840 int prevSent; /* previous plain text bytes sent
841 when got WANT_WRITE */
842 int plainSz; /* plain text bytes in buffer to send
843 when got WANT_WRITE */
844 } Buffers;
845
846
847 typedef struct Options {
848 byte sessionCacheOff;
849 byte sessionCacheFlushOff;
850 byte cipherSuite0; /* first byte, normally 0 */
851 byte cipherSuite; /* second byte, actual suite */
852 byte serverState;
853 byte clientState;
854 byte handShakeState;
855 byte side; /* client or server end */
856 byte verifyPeer;
857 byte verifyNone;
858 byte failNoCert;
859 byte downgrade; /* allow downgrade of versions */
860 byte sendVerify; /* false = 0, true = 1, sendBlank = 2 */
861 byte resuming;
862 byte tls; /* using TLS ? */
863 byte tls1_1; /* using TLSv1.1+ ? */
864 byte dtls; /* using datagrams ? */
865 byte connReset; /* has the peer reset */
866 byte isClosed; /* if we consider conn closed */
867 byte closeNotify; /* we've recieved a close notify */
868 byte sentNotify; /* we've sent a close notify */
869 byte connectState; /* nonblocking resume */
870 byte acceptState; /* nonblocking resume */
871 byte usingCompression; /* are we using compression */
872 byte haveDH; /* server DH parms set by user */
873 byte haveNTRU; /* server NTRU private key loaded */
874 byte haveECDSA; /* server ECDSA private key loaded */
875 byte havePeerCert; /* do we have peer's cert */
876 byte usingPSK_cipher; /* whether we're using psk as cipher */
877 byte sendAlertState; /* nonblocking resume */
878 byte processReply; /* nonblocking resume */
879 byte partialWrite; /* only one msg per write call */
880 byte quietShutdown; /* don't send close notify */
881 #ifndef NO_PSK
882 byte havePSK; /* psk key set by user */
883 psk_client_callback client_psk_cb;
884 psk_server_callback server_psk_cb;
885 #endif /* NO_PSK */
886 } Options;
887
888
889 typedef struct Arrays {
890 byte clientRandom[RAN_LEN];
891 byte serverRandom[RAN_LEN];
892 byte sessionID[ID_LEN];
893 byte preMasterSecret[ENCRYPT_LEN];
894 byte masterSecret[SECRET_LEN];
895 #ifdef CYASSL_DTLS
896 byte cookie[MAX_COOKIE_LEN];
897 #endif
898 #ifndef NO_PSK
899 char client_identity[MAX_PSK_ID_LEN];
900 char server_hint[MAX_PSK_ID_LEN];
901 byte psk_key[MAX_PSK_KEY_LEN];
902 word32 psk_keySz; /* acutal size */
903 #endif
904 word32 preMasterSz; /* differs for DH, actual size */
905 } Arrays;
906
907
908 #undef X509_NAME
909
910 struct X509_NAME {
911 char name[ASN_NAME_MAX];
912 int sz;
913 };
914
915
916 struct X509 {
917 X509_NAME issuer;
918 X509_NAME subject;
919 };
920
921
922 /* record layer header for PlainText, Compressed, and CipherText */
923 typedef struct RecordLayerHeader {
924 byte type;
925 ProtocolVersion version;
926 byte length[2];
927 } RecordLayerHeader;
928
929
930 /* record layer header for DTLS PlainText, Compressed, and CipherText */
931 typedef struct DtlsRecordLayerHeader {
932 byte type;
933 ProtocolVersion version;
934 byte epoch[2]; /* increment on cipher state change */
935 byte sequence_number[6]; /* per record */
936 byte length[2];
937 } DtlsRecordLayerHeader;
938
939
940 /* OpenSSL ssl type */
941 struct SSL {
942 SSL_CTX* ctx;
943 int error;
944 ProtocolVersion version; /* negotiated version */
945 ProtocolVersion chVersion; /* client hello version */
946 Suites suites;
947 Ciphers encrypt;
948 Ciphers decrypt;
949 CipherSpecs specs;
950 Keys keys;
951 int rfd; /* read file descriptor */
952 int wfd; /* write file descriptor */
953 BIO* biord; /* socket bio read to free/close */
954 BIO* biowr; /* socket bio write to free/close */
955 void* IOCB_ReadCtx;
956 void* IOCB_WriteCtx;
957 RNG rng;
958 Md5 hashMd5; /* md5 hash of handshake msgs */
959 Sha hashSha; /* sha hash of handshake msgs */
960 #ifndef NO_SHA256
961 Sha256 hashSha256; /* sha256 hash of handshake msgs */
962 #endif
963 Hashes verifyHashes;
964 Hashes certHashes; /* for cert verify */
965 Signer* caList; /* SSL_CTX owns */
966 Buffers buffers;
967 Options options;
968 Arrays arrays;
969 SSL_SESSION session;
970 RsaKey peerRsaKey;
971 byte peerRsaKeyPresent;
972 #ifdef HAVE_NTRU
973 word16 peerNtruKeyLen;
974 byte peerNtruKey[MAX_NTRU_PUB_KEY_SZ];
975 byte peerNtruKeyPresent;
976 #endif
977 #ifdef HAVE_ECC
978 ecc_key peerEccKey; /* peer's ECDHE key */
979 byte peerEccKeyPresent;
980 ecc_key peerEccDsaKey; /* peer's ECDSA key */
981 byte peerEccDsaKeyPresent;
982 ecc_key eccTempKey; /* private ECDHE key */
983 byte eccTempKeyPresent;
984 ecc_key eccDsaKey; /* private ECDSA key */
985 byte eccDsaKeyPresent;
986 #endif
987 hmacfp hmac;
988 void* heap; /* for user overrides */
989 RecordLayerHeader curRL;
990 word16 curSize;
991 SSL_CIPHER cipher;
992 #ifdef HAVE_LIBZ
993 z_stream c_stream; /* compression stream */
994 z_stream d_stream; /* decompression stream */
995 byte didStreamInit; /* for stream init and end */
996 #endif
997 #ifdef CYASSL_CALLBACKS
998 HandShakeInfo handShakeInfo; /* info saved during handshake */
999 TimeoutInfo timeoutInfo; /* info saved during handshake */
1000 byte hsInfoOn; /* track handshake info */
1001 byte toInfoOn; /* track timeout info */
1002 #endif
1003 #ifdef OPENSSL_EXTRA
1004 X509 peerCert; /* X509 peer cert */
1005 #endif
1006 };
1007
1008
1009 int InitSSL(SSL*, SSL_CTX*);
1010 void FreeSSL(SSL*);
1011 void SSL_ResourceFree(SSL*);
1012
1013
1014 enum {
1015 IV_SZ = 32, /* max iv sz */
1016 NAME_SZ = 80, /* max one line */
1017 };
1018
1019
1020 typedef struct EncryptedInfo {
1021 char name[NAME_SZ];
1022 byte iv[IV_SZ];
1023 word32 ivSz;
1024 byte set;
1025 } EncryptedInfo;
1026
1027
1028 #ifdef CYASSL_CALLBACKS
1029 void InitHandShakeInfo(HandShakeInfo*);
1030 void FinishHandShakeInfo(HandShakeInfo*, const SSL*);
1031 void AddPacketName(const char*, HandShakeInfo*);
1032
1033 void InitTimeoutInfo(TimeoutInfo*);
1034 void FreeTimeoutInfo(TimeoutInfo*, void*);
1035 void AddPacketInfo(const char*, TimeoutInfo*, const byte*, int, void*);
1036 void AddLateName(const char*, TimeoutInfo*);
1037 void AddLateRecordHeader(const RecordLayerHeader* rl, TimeoutInfo* info);
1038 #endif
1039
1040
1041 /* Record Layer Header identifier from page 12 */
1042 enum ContentType {
1043 no_type = 0,
1044 change_cipher_spec = 20,
1045 alert = 21,
1046 handshake = 22,
1047 application_data = 23
1048 };
1049
1050
1051 /* handshake header, same for each message type, pgs 20/21 */
1052 typedef struct HandShakeHeader {
1053 byte type;
1054 word24 length;
1055 } HandShakeHeader;
1056
1057
1058 /* DTLS handshake header, same for each message type */
1059 typedef struct DtlsHandShakeHeader {
1060 byte type;
1061 word24 length;
1062 byte message_seq[2]; /* start at 0, restransmit gets same # */
1063 word24 fragment_offset; /* bytes in previous fragments */
1064 word24 fragment_length; /* length of this fragment */
1065 } DtlsHandShakeHeader;
1066
1067
1068 enum HandShakeType {
1069 no_shake = -1,
1070 hello_request = 0,
1071 client_hello = 1,
1072 server_hello = 2,
1073 hello_verify_request = 3, /* DTLS addition */
1074 certificate = 11,
1075 server_key_exchange = 12,
1076 certificate_request = 13,
1077 server_hello_done = 14,
1078 certificate_verify = 15,
1079 client_key_exchange = 16,
1080 finished = 20
1081 };
1082
1083
1084 /* Valid Alert types from page 16/17 */
1085 enum AlertDescription {
1086 close_notify = 0,
1087 unexpected_message = 10,
1088 bad_record_mac = 20,
1089 decompression_failure = 30,
1090 handshake_failure = 40,
1091 no_certificate = 41,
1092 bad_certificate = 42,
1093 unsupported_certificate = 43,
1094 certificate_revoked = 44,
1095 certificate_expired = 45,
1096 certificate_unknown = 46,
1097 illegal_parameter = 47,
1098 decrypt_error = 51
1099 };
1100
1101
1102 /* I/O Callback default errors */
1103 enum IOerrors {
1104 IO_ERR_GENERAL = -1, /* general unexpected err, not in below group */
1105 IO_ERR_WANT_READ = -2, /* need to call read again */
1106 IO_ERR_WANT_WRITE = -2, /* need to call write again */
1107 IO_ERR_CONN_RST = -3, /* connection reset */
1108 IO_ERR_ISR = -4, /* interrupt */
1109 IO_ERR_CONN_CLOSE = -5 /* connection closed or epipe */
1110 };
1111
1112
1113 enum AlertLevel {
1114 alert_warning = 1,
1115 alert_fatal = 2
1116 };
1117
1118
1119 static const byte client[SIZEOF_SENDER] = { 0x43, 0x4C, 0x4E, 0x54 };
1120 static const byte server[SIZEOF_SENDER] = { 0x53, 0x52, 0x56, 0x52 };
1121
1122 static const byte tls_client[FINISHED_LABEL_SZ + 1] = "client finished";
1123 static const byte tls_server[FINISHED_LABEL_SZ + 1] = "server finished";
1124
1125
1126 /* internal functions */
1127 int SendChangeCipher(SSL*);
1128 int SendData(SSL*, const void*, int);
1129 int SendCertificate(SSL*);
1130 int SendCertificateRequest(SSL*);
1131 int SendServerKeyExchange(SSL*);
1132 int SendBuffered(SSL*);
1133 int ReceiveData(SSL*, byte*, int);
1134 int SendFinished(SSL*);
1135 int SendAlert(SSL*, int, int);
1136 int ProcessReply(SSL*);
1137
1138 int SetCipherSpecs(SSL*);
1139 int MakeMasterSecret(SSL*);
1140
1141 int AddSession(SSL*);
1142 int DeriveKeys(SSL* ssl);
1143 int StoreKeys(SSL* ssl, const byte* keyData);
1144
1145 int IsTLS(const SSL* ssl);
1146 int IsAtLeastTLSv1_2(const SSL* ssl);
1147
1148 void ShrinkInputBuffer(SSL* ssl, int forcedFree);
1149 void ShrinkOutputBuffer(SSL* ssl);
1150
1151 #ifndef NO_CYASSL_CLIENT
1152 int SendClientHello(SSL*);
1153 int SendClientKeyExchange(SSL*);
1154 int SendCertificateVerify(SSL*);
1155 #endif /* NO_CYASSL_CLIENT */
1156
1157 #ifndef NO_CYASSL_SERVER
1158 int SendServerHello(SSL*);
1159 int SendServerHelloDone(SSL*);
1160 #ifdef CYASSL_DTLS
1161 int SendHelloVerifyRequest(SSL*);
1162 #endif
1163 #endif /* NO_CYASSL_SERVER */
1164
1165
1166 #ifndef NO_TLS
1167
1168
1169 #endif /* NO_TLS */
1170
1171
1172
1173 typedef double timer_d;
1174
1175 timer_d Timer(void);
1176 word32 LowResTimer(void);
1177
1178
1179 #ifdef SINGLE_THREADED
1180 typedef int CyaSSL_Mutex;
1181 #else /* MULTI_THREADED */
1182 #ifdef USE_WINDOWS_API
1183 typedef CRITICAL_SECTION CyaSSL_Mutex;
1184 #elif defined(CYASSL_PTHREADS)
1185 typedef pthread_mutex_t CyaSSL_Mutex;
1186 #elif defined(THREADX)
1187 typedef TX_MUTEX CyaSSL_Mutex;
1188 #elif defined(MICRIUM)
1189 typedef OS_MUTEX CyaSSL_Mutex;
1190 #else
1191 #error Need a mutex type in multithreaded mode
1192 #endif /* USE_WINDOWS_API */
1193 #endif /* SINGLE_THREADED */
1194
1195 int InitMutex(CyaSSL_Mutex*);
1196 int FreeMutex(CyaSSL_Mutex*);
1197 int LockMutex(CyaSSL_Mutex*);
1198 int UnLockMutex(CyaSSL_Mutex*);
1199
1200
1201 #ifdef DEBUG_CYASSL
1202
1203 void CYASSL_ENTER(const char* msg);
1204 void CYASSL_LEAVE(const char* msg, int ret);
1205
1206 void CYASSL_ERROR(int);
1207 void CYASSL_MSG(const char* msg);
1208
1209 #else /* DEBUG_CYASSL */
1210
1211 #define CYASSL_ENTER(m)
1212 #define CYASSL_LEAVE(m, r)
1213
1214 #define CYASSL_ERROR(e)
1215 #define CYASSL_MSG(m)
1216
1217 #endif /* DEBUG_CYASSL */
1218
1219
1220 #ifdef __cplusplus
1221 } /* extern "C" */
1222 #endif
1223
1224 #endif /* CyaSSL_INT_H */
1225