📄 yassl_int.cpp
字号:
/* yassl_int.cpp
*
* Copyright (C) 2003 Sawtooth Consulting Ltd.
*
* This file is part of yaSSL.
*
* yaSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* yaSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
/* yaSSL internal source implements SSL supporting types not specified in the
* draft along with type conversion functions.
*/
#include "runtime.hpp"
#include "yassl_int.hpp"
#include "handshake.hpp"
#include "timer.hpp"
#include "openssl/ssl.h" // for DH
#ifdef YASSL_PURE_C
void* operator new(size_t sz, yaSSL::new_t)
{
void* ptr = malloc(sz ? sz : 1);
if (!ptr) abort();
return ptr;
}
void operator delete(void* ptr, yaSSL::new_t)
{
if (ptr) free(ptr);
}
void* operator new[](size_t sz, yaSSL::new_t nt)
{
return ::operator new(sz, nt);
}
void operator delete[](void* ptr, yaSSL::new_t nt)
{
::operator delete(ptr, nt);
}
namespace yaSSL {
new_t ys; // for yaSSL library new
}
#endif // YASSL_PURE_C
namespace yaSSL {
using mySTL::min;
// convert a 32 bit integer into a 24 bit one
void c32to24(uint32 u32, uint24& u24)
{
u24[0] = (u32 >> 16) & 0xff;
u24[1] = (u32 >> 8) & 0xff;
u24[2] = u32 & 0xff;
}
// convert a 24 bit integer into a 32 bit one
void c24to32(const uint24 u24, uint32& u32)
{
u32 = 0;
u32 = (u24[0] << 16) | (u24[1] << 8) | u24[2];
}
// convert with return for ease of use
uint32 c24to32(const uint24 u24)
{
uint32 ret;
c24to32(u24, ret);
return ret;
}
// using a for opaque since underlying type is unsgined char and o is not a
// good leading identifier
// convert opaque to 16 bit integer
void ato16(const opaque* c, uint16& u16)
{
u16 = 0;
u16 = (c[0] << 8) | (c[1]);
}
// convert (copy) opaque to 24 bit integer
void ato24(const opaque* c, uint24& u24)
{
u24[0] = c[0];
u24[1] = c[1];
u24[2] = c[2];
}
// convert 16 bit integer to opaque
void c16toa(uint16 u16, opaque* c)
{
c[0] = (u16 >> 8) & 0xff;
c[1] = u16 & 0xff;
}
// convert 24 bit integer to opaque
void c24toa(const uint24 u24, opaque* c)
{
c[0] = u24[0];
c[1] = u24[1];
c[2] = u24[2];
}
// convert 32 bit integer to opaque
void c32toa(uint32 u32, opaque* c)
{
c[0] = (u32 >> 24) & 0xff;
c[1] = (u32 >> 16) & 0xff;
c[2] = (u32 >> 8) & 0xff;
c[3] = u32 & 0xff;
}
States::States() : recordLayer_(recordReady), handshakeLayer_(preHandshake),
clientState_(serverNull), serverState_(clientNull),
what_(no_error) {}
const RecordLayerState& States::getRecord() const
{
return recordLayer_;
}
const HandShakeState& States::getHandShake() const
{
return handshakeLayer_;
}
const ClientState& States::getClient() const
{
return clientState_;
}
const ServerState& States::getServer() const
{
return serverState_;
}
const char* States::getString() const
{
return errorString_;
}
YasslError States::What() const
{
return what_;
}
RecordLayerState& States::useRecord()
{
return recordLayer_;
}
HandShakeState& States::useHandShake()
{
return handshakeLayer_;
}
ClientState& States::useClient()
{
return clientState_;
}
ServerState& States::useServer()
{
return serverState_;
}
char* States::useString()
{
return errorString_;
}
void States::SetError(YasslError ye)
{
what_ = ye;
}
sslFactory::sslFactory() :
messageFactory_(InitMessageFactory),
handShakeFactory_(InitHandShakeFactory),
serverKeyFactory_(InitServerKeyFactory),
clientKeyFactory_(InitClientKeyFactory)
{}
const MessageFactory& sslFactory::getMessage() const
{
return messageFactory_;
}
const HandShakeFactory& sslFactory::getHandShake() const
{
return handShakeFactory_;
}
const ServerKeyFactory& sslFactory::getServerKey() const
{
return serverKeyFactory_;
}
const ClientKeyFactory& sslFactory::getClientKey() const
{
return clientKeyFactory_;
}
// extract context parameters and store
SSL::SSL(SSL_CTX* ctx)
: secure_(ctx->getMethod()->getVersion(), crypto_.use_random(),
ctx->getMethod()->getSide(), ctx->GetCiphers(), ctx)
{
if (int err = crypto_.get_random().GetError()) {
SetError(YasslError(err));
return;
}
CertManager& cm = crypto_.use_certManager();
cm.CopySelfCert(ctx->getCert());
bool serverSide = secure_.use_parms().entity_ == server_end;
if (ctx->getKey()) {
if (int err = cm.SetPrivateKey(*ctx->getKey())) {
SetError(YasslError(err));
return;
}
}
else if (serverSide) {
SetError(no_key_file);
return;
}
if (ctx->getMethod()->verifyPeer())
cm.setVerifyPeer();
if (ctx->getMethod()->verifyNone())
cm.setVerifyNone();
if (ctx->getMethod()->failNoCert())
cm.setFailNoCert();
if (serverSide)
crypto_.SetDH(ctx->GetDH_Parms());
const SSL_CTX::CertList& ca = ctx->GetCA_List();
SSL_CTX::CertList::const_iterator first(ca.begin());
SSL_CTX::CertList::const_iterator last(ca.end());
while (first != last) {
if (int err = cm.CopyCaCert(*first)) {
SetError(YasslError(err));
return;
}
++first;
}
}
// store pending security parameters from Server Hello
void SSL::set_pending(Cipher suite)
{
Parameters& parms = secure_.use_parms();
switch (suite) {
case TLS_RSA_WITH_AES_256_CBC_SHA:
parms.bulk_cipher_algorithm_ = aes;
parms.mac_algorithm_ = sha;
parms.kea_ = rsa_kea;
parms.hash_size_ = SHA_LEN;
parms.key_size_ = AES_256_KEY_SZ;
parms.iv_size_ = AES_BLOCK_SZ;
parms.cipher_type_ = block;
crypto_.setDigest(NEW_YS SHA);
crypto_.setCipher(NEW_YS AES(AES_256_KEY_SZ));
strncpy(parms.cipher_name_, cipher_names[TLS_RSA_WITH_AES_256_CBC_SHA],
MAX_SUITE_NAME);
break;
case TLS_RSA_WITH_AES_128_CBC_SHA:
parms.bulk_cipher_algorithm_ = aes;
parms.mac_algorithm_ = sha;
parms.kea_ = rsa_kea;
parms.hash_size_ = SHA_LEN;
parms.key_size_ = AES_128_KEY_SZ;
parms.iv_size_ = AES_BLOCK_SZ;
parms.cipher_type_ = block;
crypto_.setDigest(NEW_YS SHA);
crypto_.setCipher(NEW_YS AES);
strncpy(parms.cipher_name_, cipher_names[TLS_RSA_WITH_AES_128_CBC_SHA],
MAX_SUITE_NAME);
break;
case SSL_RSA_WITH_3DES_EDE_CBC_SHA:
parms.bulk_cipher_algorithm_ = triple_des;
parms.mac_algorithm_ = sha;
parms.kea_ = rsa_kea;
parms.hash_size_ = SHA_LEN;
parms.key_size_ = DES_EDE_KEY_SZ;
parms.iv_size_ = DES_IV_SZ;
parms.cipher_type_ = block;
crypto_.setDigest(NEW_YS SHA);
crypto_.setCipher(NEW_YS DES_EDE);
strncpy(parms.cipher_name_, cipher_names[SSL_RSA_WITH_3DES_EDE_CBC_SHA]
, MAX_SUITE_NAME);
break;
case SSL_RSA_WITH_DES_CBC_SHA:
parms.bulk_cipher_algorithm_ = des;
parms.mac_algorithm_ = sha;
parms.kea_ = rsa_kea;
parms.hash_size_ = SHA_LEN;
parms.key_size_ = DES_KEY_SZ;
parms.iv_size_ = DES_IV_SZ;
parms.cipher_type_ = block;
crypto_.setDigest(NEW_YS SHA);
crypto_.setCipher(NEW_YS DES);
strncpy(parms.cipher_name_, cipher_names[SSL_RSA_WITH_DES_CBC_SHA],
MAX_SUITE_NAME);
break;
case SSL_RSA_WITH_RC4_128_SHA:
parms.bulk_cipher_algorithm_ = rc4;
parms.mac_algorithm_ = sha;
parms.kea_ = rsa_kea;
parms.hash_size_ = SHA_LEN;
parms.key_size_ = RC4_KEY_SZ;
parms.iv_size_ = 0;
parms.cipher_type_ = stream;
crypto_.setDigest(NEW_YS SHA);
crypto_.setCipher(NEW_YS RC4);
strncpy(parms.cipher_name_, cipher_names[SSL_RSA_WITH_RC4_128_SHA],
MAX_SUITE_NAME);
break;
case SSL_RSA_WITH_RC4_128_MD5:
parms.bulk_cipher_algorithm_ = rc4;
parms.mac_algorithm_ = md5;
parms.kea_ = rsa_kea;
parms.hash_size_ = MD5_LEN;
parms.key_size_ = RC4_KEY_SZ;
parms.iv_size_ = 0;
parms.cipher_type_ = stream;
crypto_.setDigest(NEW_YS MD5);
crypto_.setCipher(NEW_YS RC4);
strncpy(parms.cipher_name_, cipher_names[SSL_RSA_WITH_RC4_128_MD5],
MAX_SUITE_NAME);
break;
case SSL_DHE_RSA_WITH_DES_CBC_SHA:
parms.bulk_cipher_algorithm_ = des;
parms.mac_algorithm_ = sha;
parms.kea_ = diffie_hellman_kea;
parms.sig_algo_ = rsa_sa_algo;
parms.hash_size_ = SHA_LEN;
parms.key_size_ = DES_KEY_SZ;
parms.iv_size_ = DES_IV_SZ;
parms.cipher_type_ = block;
secure_.use_connection().send_server_key_ = true; // eph
crypto_.setDigest(NEW_YS SHA);
crypto_.setCipher(NEW_YS DES);
strncpy(parms.cipher_name_, cipher_names[SSL_DHE_RSA_WITH_DES_CBC_SHA],
MAX_SUITE_NAME);
break;
case SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
parms.bulk_cipher_algorithm_ = triple_des;
parms.mac_algorithm_ = sha;
parms.kea_ = diffie_hellman_kea;
parms.sig_algo_ = rsa_sa_algo;
parms.hash_size_ = SHA_LEN;
parms.key_size_ = DES_EDE_KEY_SZ;
parms.iv_size_ = DES_IV_SZ;
parms.cipher_type_ = block;
secure_.use_connection().send_server_key_ = true; // eph
crypto_.setDigest(NEW_YS SHA);
crypto_.setCipher(NEW_YS DES_EDE);
strncpy(parms.cipher_name_,
cipher_names[SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA], MAX_SUITE_NAME);
break;
case TLS_DHE_RSA_WITH_AES_256_CBC_SHA:
parms.bulk_cipher_algorithm_ = aes;
parms.mac_algorithm_ = sha;
parms.kea_ = diffie_hellman_kea;
parms.sig_algo_ = rsa_sa_algo;
parms.hash_size_ = SHA_LEN;
parms.key_size_ = AES_256_KEY_SZ;
parms.iv_size_ = AES_BLOCK_SZ;
parms.cipher_type_ = block;
secure_.use_connection().send_server_key_ = true; // eph
crypto_.setDigest(NEW_YS SHA);
crypto_.setCipher(NEW_YS AES(AES_256_KEY_SZ));
strncpy(parms.cipher_name_,
cipher_names[TLS_DHE_RSA_WITH_AES_256_CBC_SHA], MAX_SUITE_NAME);
break;
case TLS_DHE_RSA_WITH_AES_128_CBC_SHA:
parms.bulk_cipher_algorithm_ = aes;
parms.mac_algorithm_ = sha;
parms.kea_ = diffie_hellman_kea;
parms.sig_algo_ = rsa_sa_algo;
parms.hash_size_ = SHA_LEN;
parms.key_size_ = AES_128_KEY_SZ;
parms.iv_size_ = AES_BLOCK_SZ;
parms.cipher_type_ = block;
secure_.use_connection().send_server_key_ = true; // eph
crypto_.setDigest(NEW_YS SHA);
crypto_.setCipher(NEW_YS AES);
strncpy(parms.cipher_name_,
cipher_names[TLS_DHE_RSA_WITH_AES_128_CBC_SHA], MAX_SUITE_NAME);
break;
case SSL_DHE_DSS_WITH_DES_CBC_SHA:
parms.bulk_cipher_algorithm_ = des;
parms.mac_algorithm_ = sha;
parms.kea_ = diffie_hellman_kea;
parms.sig_algo_ = dsa_sa_algo;
parms.hash_size_ = SHA_LEN;
parms.key_size_ = DES_KEY_SZ;
parms.iv_size_ = DES_IV_SZ;
parms.cipher_type_ = block;
secure_.use_connection().send_server_key_ = true; // eph
crypto_.setDigest(NEW_YS SHA);
crypto_.setCipher(NEW_YS DES);
strncpy(parms.cipher_name_, cipher_names[SSL_DHE_DSS_WITH_DES_CBC_SHA],
MAX_SUITE_NAME);
break;
case SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA:
parms.bulk_cipher_algorithm_ = triple_des;
parms.mac_algorithm_ = sha;
parms.kea_ = diffie_hellman_kea;
parms.sig_algo_ = dsa_sa_algo;
parms.hash_size_ = SHA_LEN;
parms.key_size_ = DES_EDE_KEY_SZ;
parms.iv_size_ = DES_IV_SZ;
parms.cipher_type_ = block;
secure_.use_connection().send_server_key_ = true; // eph
crypto_.setDigest(NEW_YS SHA);
crypto_.setCipher(NEW_YS DES_EDE);
strncpy(parms.cipher_name_,
cipher_names[SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA], MAX_SUITE_NAME);
break;
case TLS_DHE_DSS_WITH_AES_256_CBC_SHA:
parms.bulk_cipher_algorithm_ = aes;
parms.mac_algorithm_ = sha;
parms.kea_ = diffie_hellman_kea;
parms.sig_algo_ = dsa_sa_algo;
parms.hash_size_ = SHA_LEN;
parms.key_size_ = AES_256_KEY_SZ;
parms.iv_size_ = AES_BLOCK_SZ;
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -