📄 yassl_int.cpp
字号:
void SSL::Send(const byte* buffer, uint sz)
{
if (socket_.send(buffer, sz) != sz)
SetError(send_error);
}
// get sequence number, if verify get peer's
uint SSL::get_SEQIncrement(bool verify)
{
if (verify)
return secure_.use_connection().peer_sequence_number_++;
else
return secure_.use_connection().sequence_number_++;
}
const byte* SSL::get_macSecret(bool verify)
{
if ( (secure_.get_parms().entity_ == client_end && !verify) ||
(secure_.get_parms().entity_ == server_end && verify) )
return secure_.get_connection().client_write_MAC_secret_;
else
return secure_.get_connection().server_write_MAC_secret_;
}
void SSL::verifyState(const RecordLayerHeader& rlHeader)
{
if (GetError()) return;
if (states_.getRecord() == recordNotReady ||
(rlHeader.type_ == application_data && // data and handshake
states_.getHandShake() != handShakeReady) ) // isn't complete yet
SetError(record_layer);
}
void SSL::verifyState(const HandShakeHeader& hsHeader)
{
if (GetError()) return;
if (states_.getHandShake() == handShakeNotReady) {
SetError(handshake_layer);
return;
}
if (secure_.get_parms().entity_ == client_end)
verifyClientState(hsHeader.get_handshakeType());
else
verifyServerState(hsHeader.get_handshakeType());
}
void SSL::verifyState(ClientState cs)
{
if (GetError()) return;
if (states_.getClient() != cs) order_error();
}
void SSL::verifyState(ServerState ss)
{
if (GetError()) return;
if (states_.getServer() != ss) order_error();
}
void SSL::verfiyHandShakeComplete()
{
if (GetError()) return;
if (states_.getHandShake() != handShakeReady) order_error();
}
void SSL::verifyClientState(HandShakeType hsType)
{
if (GetError()) return;
switch(hsType) {
case server_hello :
if (states_.getClient() != serverNull)
order_error();
break;
case certificate :
if (states_.getClient() != serverHelloComplete)
order_error();
break;
case server_key_exchange :
if (states_.getClient() != serverCertComplete)
order_error();
break;
case certificate_request :
if (states_.getClient() != serverCertComplete &&
states_.getClient() != serverKeyExchangeComplete)
order_error();
break;
case server_hello_done :
if (states_.getClient() != serverCertComplete &&
states_.getClient() != serverKeyExchangeComplete)
order_error();
break;
case finished :
if (states_.getClient() != serverHelloDoneComplete ||
secure_.get_parms().pending_) // no change
order_error(); // cipher yet
break;
default :
order_error();
};
}
void SSL::verifyServerState(HandShakeType hsType)
{
if (GetError()) return;
switch(hsType) {
case client_hello :
if (states_.getServer() != clientNull)
order_error();
break;
case certificate :
if (states_.getServer() != clientHelloComplete)
order_error();
break;
case client_key_exchange :
if (states_.getServer() != clientHelloComplete)
order_error();
break;
case certificate_verify :
if (states_.getServer() != clientKeyExchangeComplete)
order_error();
break;
case finished :
if (states_.getServer() != clientKeyExchangeComplete ||
secure_.get_parms().pending_) // no change
order_error(); // cipher yet
break;
default :
order_error();
};
}
// try to find a suite match
void SSL::matchSuite(const opaque* peer, uint length)
{
if (length == 0 || (length % 2) != 0) {
SetError(bad_input);
return;
}
// start with best, if a match we are good, Ciphers are at odd index
// since all SSL and TLS ciphers have 0x00 first byte
for (uint i = 1; i < secure_.get_parms().suites_size_; i += 2)
for (uint j = 1; j < length; j+= 2)
if (secure_.use_parms().suites_[i] == peer[j]) {
secure_.use_parms().suite_[0] = 0x00;
secure_.use_parms().suite_[1] = peer[j];
return;
}
SetError(match_error);
}
void SSL::set_session(SSL_SESSION* s)
{
if (s && GetSessions().lookup(s->GetID(), &secure_.use_resume()))
secure_.set_resuming(true);
}
const Crypto& SSL::getCrypto() const
{
return crypto_;
}
const Security& SSL::getSecurity() const
{
return secure_;
}
const States& SSL::getStates() const
{
return states_;
}
const sslHashes& SSL::getHashes() const
{
return hashes_;
}
const sslFactory& SSL::getFactory() const
{
return GetSSL_Factory();
}
const Socket& SSL::getSocket() const
{
return socket_;
}
YasslError SSL::GetError() const
{
return states_.What();
}
Crypto& SSL::useCrypto()
{
return crypto_;
}
Security& SSL::useSecurity()
{
return secure_;
}
States& SSL::useStates()
{
return states_;
}
sslHashes& SSL::useHashes()
{
return hashes_;
}
Socket& SSL::useSocket()
{
return socket_;
}
Log& SSL::useLog()
{
return log_;
}
bool SSL::isTLS() const
{
return secure_.get_connection().TLS_;
}
void SSL::addData(input_buffer* data)
{
buffers_.useData().push_back(data);
}
void SSL::addBuffer(output_buffer* b)
{
buffers_.useHandShake().push_back(b);
}
// store connection parameters
SSL_SESSION::SSL_SESSION(const SSL& ssl, RandomPool& ran)
: timeout_(DEFAULT_TIMEOUT), random_(ran)
{
const Connection& conn = ssl.getSecurity().get_connection();
memcpy(sessionID_, conn.sessionID_, ID_LEN);
memcpy(master_secret_, conn.master_secret_, SECRET_LEN);
memcpy(suite_, ssl.getSecurity().get_parms().suite_, SUITE_LEN);
bornOn_ = lowResTimer();
}
// for resumption copy in ssl::parameters
SSL_SESSION::SSL_SESSION(RandomPool& ran)
: bornOn_(0), timeout_(0), random_(ran)
{
memset(sessionID_, 0, ID_LEN);
memset(master_secret_, 0, SECRET_LEN);
memset(suite_, 0, SUITE_LEN);
}
SSL_SESSION& SSL_SESSION::operator=(const SSL_SESSION& that)
{
memcpy(sessionID_, that.sessionID_, ID_LEN);
memcpy(master_secret_, that.master_secret_, SECRET_LEN);
memcpy(suite_, that.suite_, SUITE_LEN);
bornOn_ = that.bornOn_;
timeout_ = that.timeout_;
return *this;
}
const opaque* SSL_SESSION::GetID() const
{
return sessionID_;
}
const opaque* SSL_SESSION::GetSecret() const
{
return master_secret_;
}
const Cipher* SSL_SESSION::GetSuite() const
{
return suite_;
}
uint SSL_SESSION::GetBornOn() const
{
return bornOn_;
}
uint SSL_SESSION::GetTimeOut() const
{
return timeout_;
}
void SSL_SESSION::SetTimeOut(uint t)
{
timeout_ = t;
}
extern void clean(volatile opaque*, uint, RandomPool&);
// clean up secret data
SSL_SESSION::~SSL_SESSION()
{
volatile opaque* p = master_secret_;
clean(p, SECRET_LEN, random_);
}
Sessions Sessions::instance_; // simple singleton
Sessions& GetSessions()
{
return Sessions::instance_;
}
sslFactory sslFactory::instance_; // simple singleton
sslFactory& GetSSL_Factory()
{
return sslFactory::instance_;
}
typedef Mutex::Lock Lock;
void Sessions::add(const SSL& ssl)
{
Lock guard(mutex_);
list_.push_back(NEW_YS SSL_SESSION(ssl, random_));
}
Sessions::~Sessions()
{
mySTL::for_each(list_.begin(), list_.end(), del_ptr_zero());
}
// locals
namespace yassl_int_cpp_local2 { // for explicit templates
typedef mySTL::list<SSL_SESSION*>::iterator iterator;
struct sess_match {
const opaque* id_;
explicit sess_match(const opaque* p) : id_(p) {}
bool operator()(SSL_SESSION* sess)
{
if ( memcmp(sess->GetID(), id_, ID_LEN) == 0)
return true;
return false;
}
};
} // local namespace
using namespace yassl_int_cpp_local2;
// lookup session by id, return a copy if space provided
SSL_SESSION* Sessions::lookup(const opaque* id, SSL_SESSION* copy)
{
Lock guard(mutex_);
iterator find = mySTL::find_if(list_.begin(), list_.end(), sess_match(id));
if (find != list_.end()) {
uint current = lowResTimer();
if ( ((*find)->GetBornOn() + (*find)->GetTimeOut()) < current) {
del_ptr_zero()(*find);
list_.erase(find);
return 0;
}
if (copy)
*copy = *(*find);
return *find;
}
return 0;
}
// remove a session by id
void Sessions::remove(const opaque* id)
{
Lock guard(mutex_);
iterator find = mySTL::find_if(list_.begin(), list_.end(), sess_match(id));
if (find != list_.end()) {
del_ptr_zero()(*find);
list_.erase(find);
}
}
SSL_METHOD::SSL_METHOD(ConnectionEnd ce, ProtocolVersion pv)
: version_(pv), side_(ce), verifyPeer_(false), verifyNone_(false),
failNoCert_(false)
{}
ProtocolVersion SSL_METHOD::getVersion() const
{
return version_;
}
ConnectionEnd SSL_METHOD::getSide() const
{
return side_;
}
void SSL_METHOD::setVerifyPeer()
{
verifyPeer_ = true;
}
void SSL_METHOD::setVerifyNone()
{
verifyNone_ = true;
}
void SSL_METHOD::setFailNoCert()
{
failNoCert_ = true;
}
bool SSL_METHOD::verifyPeer() const
{
return verifyPeer_;
}
bool SSL_METHOD::verifyNone() const
{
return verifyNone_;
}
bool SSL_METHOD::failNoCert() const
{
return failNoCert_;
}
SSL_CTX::SSL_CTX(SSL_METHOD* meth)
: method_(meth), certificate_(0), privateKey_(0)
{}
SSL_CTX::~SSL_CTX()
{
ysDelete(method_);
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -