📄 session.h
字号:
int pendingPacketPartialLength; /* Length of data already processed */
int pendingPacketRemaining; /* Bytes remaining to be read */
/* Unlike payload data, the packet header can't be read in sectiosn but
must be read atomically since all of the header information needs to
be processed at once. The following value is usually zero, if it's
nonzero it records how much of the header has been read so far */
int partialHeaderLength; /* Header bytes read so far */
/* The session generally has various ephemeral contexts associated with
it, some short-term (e.g.public-key contexts used to establish the
session) and some long-term (e.g.encryption contexts used to perform
bulk data encryption). These contexts are ephemeral ones that are
created as part of the session, long-term ones (e.g.signature keys
used for authentication) are held elsewhere */
CRYPT_CONTEXT iKeyexCryptContext; /* Key exchange encryption */
CRYPT_CONTEXT iKeyexAuthContext; /* Key exchange authentication */
CRYPT_CONTEXT iCryptInContext, iCryptOutContext;
/* In/outgoing data encryption */
CRYPT_CONTEXT iAuthInContext, iAuthOutContext;
/* In/outgoing auth/integrity */
CRYPT_CERTIFICATE iCertRequest, iCertResponse;
/* Cert request/response */
int cryptBlocksize, authBlocksize; /* Block size of crypt, auth.algos */
/* Other session state information. The incoming and outgoing packet
sequence number, for detecting insertion/deletion attacks */
long readSeqNo, writeSeqNo; /* Packet sequence number */
/* User name and password, key fingerprint, and private key, which are
required to authenticate the client or server in some protocols */
char userName[ CRYPT_MAX_TEXTSIZE ], password[ CRYPT_MAX_TEXTSIZE ];
int userNameLength, passwordLength; /* Username and password */
BYTE keyFingerprint[ CRYPT_MAX_HASHSIZE ];
int keyFingerprintSize; /* Server key fingerprint (hash) */
CRYPT_CONTEXT privateKey; /* Authentication private key */
/* Certificate store for cert management protocols like OCSP and CMP
and private-key keyset for PnP PKI protocols */
CRYPT_KEYSET cryptKeyset; /* Certificate store */
CRYPT_HANDLE privKeyset; /* Private-key keyset/device */
/* SSL protocol-specific information. The SSL MAC read/write secrets
are required because SSL 3.0 uses a proto-HMAC that isn't handled
by cryptlib. We leave the data in normal memory because it's only
usable for an active attack which means recovering it from swap
afterwards isn't a problem */
BYTE sslMacReadSecret[ CRYPT_MAX_HASHSIZE ],
sslMacWriteSecret[ CRYPT_MAX_HASHSIZE ]; /* Proto-HMAC keys */
int sslSessionCacheID; /* Session cache ID for this session */
/* SSH protocol-specific information. The type and pad length are
extracted from the packet header during header processing */
int sshPacketType, sshPadLength; /* Packet type and padding length */
char sshSubsystem[ CRYPT_MAX_TEXTSIZE ];
int sshSubsystemLength; /* Requested subsystem */
char sshPortForward[ CRYPT_MAX_TEXTSIZE ];
int sshPortForwardLength; /* Requested port forwarding */
long sshChannel; /* Data channel ID */
long sshWindowCount; /* Bytes sent since window reset */
/* TSP protocol-specific information. The message imprint (hash)
algorithm and hash value */
CRYPT_ALGO_TYPE tspImprintAlgo; /* Imprint (hash) algorithm */
BYTE tspImprint[ CRYPT_MAX_HASHSIZE ];
int tspImprintSize; /* Message imprint (hash) */
/* CMP protocol-specific information. The PKI user info, saved MAC
context from a previous transaction (if any), and request subtype */
CRYPT_CERTIFICATE cmpUserInfo; /* PKI user info */
CRYPT_CONTEXT cmpSavedMacContext; /* MAC context from prev.trans */
int cmpRequestType; /* CMP request subtype */
/* Network connection information */
CRYPT_SESSION transportSession; /* Transport mechanism */
int networkSocket; /* User-supplied network socket */
int timeout, connectTimeout; /* Connect and data xfer.timeouts */
STREAM stream; /* Network I/O stream */
char serverName[ MAX_URL_SIZE + 1 ];/* Server name and port */
int serverPort;
char clientName[ MAX_URL_SIZE + 1 ];/* Client name and port */
int clientPort;
/* Last-error information. To help developers in debugging, we store
the error code and error text (if available) */
int errorCode;
char errorMessage[ MAX_ERRMSG_SIZE + 1 ];
/* Pointers to session access methods. Stateful sessions use the read/
write functions, stateless ones use the transact function */
void ( *shutdownFunction )( struct SI *sessionInfoPtr );
int ( *connectFunction )( struct SI *sessionInfoPtr );
int ( *getAttributeFunction )( struct SI *sessionInfoPtr, void *data,
const CRYPT_ATTRIBUTE_TYPE type );
int ( *setAttributeFunction )( struct SI *sessionInfoPtr, const void *data,
const CRYPT_ATTRIBUTE_TYPE type );
int ( *checkAttributeFunction )( struct SI *sessionInfoPtr,
const CRYPT_HANDLE cryptHandle,
const CRYPT_ATTRIBUTE_TYPE type );
int ( *transactFunction )( struct SI *sessionInfoPtr );
int ( *readHeaderFunction )( struct SI *sessionInfoPtr,
READSTATE_INFO *readInfo );
int ( *processBodyFunction )( struct SI *sessionInfoPtr,
READSTATE_INFO *readInfo );
int ( *writeDataFunction )( struct SI *sessionInfoPtr );
/* Error information */
CRYPT_ATTRIBUTE_TYPE errorLocus;/* Error locus */
CRYPT_ERRTYPE_TYPE errorType; /* Error type */
/* The object's handle and the handle of the user who owns this object.
The former is used when sending messages to the object when only the
xxx_INFO is available, the latter is used to avoid having to fetch the
same information from the system object table */
CRYPT_HANDLE objectHandle;
CRYPT_USER ownerHandle;
} SESSION_INFO;
/* Prototypes for various utility functions in cryptses.c. retExt() returns
after setting extended error information for the session. We use a macro
to make it match the standard return statement, the slightly unusual form
is required to handle the fact that the helper function is a varargs
function. readFixedHeader() performs an atomic read of the fixed portion
of a secure data session packet header. read/writePkiDatagram() read and
write a PKI (ASN.1-encoded) message. initSessionNetConnectInfo() is an
extended form of the STREAM-level initNetConnectInfo() that initialises the
connect info using the session object data */
int retExtFnSession( SESSION_INFO *sessionInfoPtr, const int status,
const char *format, ... );
#define retExt return retExtFnSession
int readFixedHeader( SESSION_INFO *sessionInfoPtr, const int headerSize );
int readPkiDatagram( SESSION_INFO *sessionInfoPtr );
int writePkiDatagram( SESSION_INFO *sessionInfoPtr );
void initSessionNetConnectInfo( const SESSION_INFO *sessionInfoPtr,
NET_CONNECT_INFO *connectInfo );
/* Prototypes for session mapping functions */
#ifdef USE_CMP
int setAccessMethodCMP( SESSION_INFO *sessionInfoPtr );
#else
#define setAccessMethodCMP( x ) CRYPT_ARGERROR_NUM1
#endif /* USE_CMP */
#ifdef USE_RTCS
int setAccessMethodRTCS( SESSION_INFO *sessionInfoPtr );
#else
#define setAccessMethodRTCS( x ) CRYPT_ARGERROR_NUM1
#endif /* USE_RTCS */
#ifdef USE_OCSP
int setAccessMethodOCSP( SESSION_INFO *sessionInfoPtr );
#else
#define setAccessMethodOCSP( x ) CRYPT_ARGERROR_NUM1
#endif /* USE_OCSP */
#ifdef USE_SCEP
int setAccessMethodSCEP( SESSION_INFO *sessionInfoPtr );
#else
#define setAccessMethodSCEP( x ) CRYPT_ARGERROR_NUM1
#endif /* USE_SCEP */
#if defined( USE_SSH1 ) || defined( USE_SSH2 )
int setAccessMethodSSH( SESSION_INFO *sessionInfoPtr );
#else
#define setAccessMethodSSH( x ) CRYPT_ARGERROR_NUM1
#endif /* USE_SSH1 || USE_SSH2 */
#ifdef USE_SSL
int setAccessMethodSSL( SESSION_INFO *sessionInfoPtr );
int initSessionCache( void );
void endSessionCache( void );
#else
#define setAccessMethodSSL( x ) CRYPT_ARGERROR_NUM1
#define initSessionCache() CRYPT_OK
#define endSessionCache()
#endif /* USE_SSL */
#ifdef USE_TSP
int setAccessMethodTSP( SESSION_INFO *sessionInfoPtr );
#else
#define setAccessMethodTSP( x ) CRYPT_ARGERROR_NUM1
#endif /* USE_TCP */
#endif /* _SES_DEFINED */
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -