📄 ssl.h
字号:
} SSL_CIPHERSUITE_TYPE;
/* TLS extension types */
typedef enum {
TLS_EXT_SERVER_NAME, TLS_EXT_MAX_FRAGMENT_LENTH,
TLS_EXT_CLIENT_CERTIFICATE_URL, TLS_EXT_TRUSTED_CA_KEYS,
TLS_EXT_TRUNCATED_HMAC, TLS_EXT_STATUS_REQUEST, TLS_EXT_LAST
} TLS_EXT_TYPE;
/* SSL and TLS major and minor version numbers */
#define SSL_MAJOR_VERSION 3
#define SSL_MINOR_VERSION_SSL 0
#define SSL_MINOR_VERSION_TLS 1
#define SSL_MINOR_VERSION_TLS11 2
/* SSL sender label values for the finished message MAC */
#define SSL_SENDER_CLIENTLABEL "CLNT"
#define SSL_SENDER_SERVERLABEL "SRVR"
#define SSL_SENDERLABEL_SIZE 4
/* Fixed-format message templates for SSL, TLS 1.0, and TLS 1.1. The second
subscript is a worst-case, unfortunately this is the only way we can
statically initialise a two-dimensional array of chars */
typedef BYTE SSL_MESSAGE_TEMPLATE[ 3 ][ 8 ];
/* SSL handshake state information. This is passed around various
subfunctions that handle individual parts of the handshake */
typedef struct SL {
/* Client and server proto-HMAC/dual-hash contexts */
CRYPT_CONTEXT clientMD5context, clientSHA1context;
CRYPT_CONTEXT serverMD5context, serverSHA1context;
/* Client and server nonces and session ID */
BYTE clientNonce[ SSL_NONCE_SIZE + 8 ];
BYTE serverNonce[ SSL_NONCE_SIZE + 8 ];
BYTE sessionID[ MAX_SESSIONID_SIZE + 8 ];
int sessionIDlength;
/* Premaster/master secret */
BYTE premasterSecret[ CRYPT_MAX_PKCSIZE + CRYPT_MAX_TEXTSIZE + 8 ];
int premasterSecretSize;
/* Encryption/security info */
CRYPT_CONTEXT dhContext; /* DH ctx.if DHE is being used */
int cipherSuite; /* Selected cipher suite */
CRYPT_ALGO_TYPE keyexAlgo, authAlgo;/* Selected cipher suite algos */
int cryptKeysize; /* Size of session key */
BOOLEAN serverSigKey; /* Server sig.key can auth.DH exchange */
/* Other info */
int clientOfferedVersion; /* Prot.vers.originally offered by client */
BOOLEAN isSSLv2; /* Client hello is SSLv2 */
BOOLEAN hasExtensions; /* Hello has TLS extensions */
/* The packet data stream. Since SSL can encapsulate multiple handshake
packets within a single SSL packet, the stream has to be persistent
across the different handshake functions to allow the continuation of
packets */
STREAM stream; /* Packet data stream */
/* Function pointers to handshaking functions. These are set up as
required depending on whether the session is client or server */
int ( *beginHandshake )( SESSION_INFO *sessionInfoPtr,
struct SL *handshakeInfo );
int ( *exchangeKeys )( SESSION_INFO *sessionInfoPtr,
struct SL *handshakeInfo );
} SSL_HANDSHAKE_INFO;
/* Session cache management functions */
int findSessionCacheEntryID( const void *sessionID,
const int sessionIDlength );
int addSessionCacheEntry( const void *sessionID, const int sessionIDlength,
const void *masterSecret,
const int masterSecretLength,
const BOOLEAN isFixedEntry );
void deleteSessionCacheEntry( const int uniqueID );
/* Prototypes for functions in ssl.c */
int readUint24( STREAM *stream );
int writeUint24( STREAM *stream, const int length );
int processHelloSSL( SESSION_INFO *sessionInfoPtr,
SSL_HANDSHAKE_INFO *handshakeInfo,
STREAM *stream, const BOOLEAN isServer );
int readSSLCertChain( SESSION_INFO *sessionInfoPtr,
SSL_HANDSHAKE_INFO *handshakeInfo, STREAM *stream,
CRYPT_CERTIFICATE *iCertChain,
const BOOLEAN isServer );
int writeSSLCertChain( SESSION_INFO *sessionInfoPtr, STREAM *stream );
int checkPacketHeaderSSL( SESSION_INFO *sessionInfoPtr, STREAM *stream );
int checkHSPacketHeader( SESSION_INFO *sessionInfoPtr, STREAM *stream,
const int packetType, const int minSize );
int processVersionInfo( SESSION_INFO *sessionInfoPtr, STREAM *stream,
int *clientVersion );
/* Only needed for legacy SSLv2 support */
int processCipherSuite( SESSION_INFO *sessionInfoPtr,
SSL_HANDSHAKE_INFO *handshakeInfo,
STREAM *stream, const int noSuites );
/* Prototypes for functions in ssl_rw.c */
int unwrapPacketSSL( SESSION_INFO *sessionInfoPtr, STREAM *stream,
const int packetType );
int readPacketSSL( SESSION_INFO *sessionInfoPtr,
SSL_HANDSHAKE_INFO *handshakeInfo, const int packetType );
int refreshHSStream( SESSION_INFO *sessionInfoPtr,
SSL_HANDSHAKE_INFO *handshakeInfo );
int wrapPacketSSL( SESSION_INFO *sessionInfoPtr, STREAM *stream,
const int offset );
int sendPacketSSL( SESSION_INFO *sessionInfoPtr, STREAM *stream,
const BOOLEAN sendOnly );
void openPacketStreamSSL( STREAM *stream, const SESSION_INFO *sessionInfoPtr,
const int bufferSize, const int packetType );
int continuePacketStreamSSL( STREAM *stream,
const SESSION_INFO *sessionInfoPtr,
const int packetType );
int completePacketStreamSSL( STREAM *stream, const int offset );
int continueHSPacketStream( STREAM *stream, const int packetType );
int completeHSPacketStream( STREAM *stream, const int offset );
int processAlert( SESSION_INFO *sessionInfoPtr, const void *header,
const int headerLength );
void sendCloseAlert( SESSION_INFO *sessionInfoPtr,
const BOOLEAN alertReceived );
void sendHandshakeFailAlert( SESSION_INFO *sessionInfoPtr );
/* Prototypes for functions in ssl_cry.c */
int initSecurityContextsSSL( SESSION_INFO *sessionInfoPtr );
void destroySecurityContextsSSL( SESSION_INFO *sessionInfoPtr );
int initHandshakeCryptInfo( SSL_HANDSHAKE_INFO *handshakeInfo );
int destroyHandshakeCryptInfo( SSL_HANDSHAKE_INFO *handshakeInfo );
int initDHcontextSSL( CRYPT_CONTEXT *iCryptContext, const void *keyData,
const int keyDataLength );
int createSharedPremasterSecret( void *premasterSecret,
int *premasterSecretLength,
const SESSION_INFO *sessionInfoPtr );
int wrapPremasterSecret( SESSION_INFO *sessionInfoPtr,
SSL_HANDSHAKE_INFO *handshakeInfo,
void *data, int *dataLength );
int unwrapPremasterSecret( SESSION_INFO *sessionInfoPtr,
SSL_HANDSHAKE_INFO *handshakeInfo,
const void *data, const int dataLength );
int premasterToMaster( const SESSION_INFO *sessionInfoPtr,
const SSL_HANDSHAKE_INFO *handshakeInfo,
void *masterSecret, const int masterSecretLength );
int masterToKeys( const SESSION_INFO *sessionInfoPtr,
const SSL_HANDSHAKE_INFO *handshakeInfo,
const void *masterSecret, const int masterSecretLength,
void *keyBlock, const int keyBlockLength );
int loadKeys( SESSION_INFO *sessionInfoPtr,
const SSL_HANDSHAKE_INFO *handshakeInfo,
const BOOLEAN isClient, const void *keyBlock );
int loadExplicitIV( SESSION_INFO *sessionInfoPtr, STREAM *stream );
int encryptData( const SESSION_INFO *sessionInfoPtr, BYTE *data,
const int dataLength );
int decryptData( SESSION_INFO *sessionInfoPtr, BYTE *data,
const int dataLength );
int dualMacData( const SSL_HANDSHAKE_INFO *handshakeInfo,
const STREAM *stream, const BOOLEAN isRawData );
int completeSSLDualMAC( const CRYPT_CONTEXT md5context,
const CRYPT_CONTEXT sha1context, BYTE *hashValues,
const char *label, const BYTE *masterSecret );
int completeTLSHashedMAC( const CRYPT_CONTEXT md5context,
const CRYPT_CONTEXT sha1context, BYTE *hashValues,
const char *label, const BYTE *masterSecret );
int macDataSSL( SESSION_INFO *sessionInfoPtr, const void *data,
const int dataLength, const int type, const BOOLEAN isRead,
const BOOLEAN noReportError );
int macDataTLS( SESSION_INFO *sessionInfoPtr, const void *data,
const int dataLength, const int type, const BOOLEAN isRead,
const BOOLEAN noReportError );
int createCertVerify( const SESSION_INFO *sessionInfoPtr,
const SSL_HANDSHAKE_INFO *handshakeInfo,
STREAM *stream );
int checkCertVerify( const SESSION_INFO *sessionInfoPtr,
const SSL_HANDSHAKE_INFO *handshakeInfo,
STREAM *stream, const int sigLength );
int createKeyexSignature( SESSION_INFO *sessionInfoPtr,
SSL_HANDSHAKE_INFO *handshakeInfo,
STREAM *stream, const void *keyData,
const int keyDataLength );
int checkKeyexSignature( SESSION_INFO *sessionInfoPtr,
SSL_HANDSHAKE_INFO *handshakeInfo,
STREAM *stream, const void *keyData,
const int keyDataLength );
/* Prototypes for session mapping functions */
void initSSLclientProcessing( SSL_HANDSHAKE_INFO *handshakeInfo );
void initSSLserverProcessing( SSL_HANDSHAKE_INFO *handshakeInfo );
#endif /* _SSL_DEFINED */
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -