yassl_imp.hpp

这是linux下运行的mysql软件包,可用于linux 下安装 php + mysql + apach 的网络配置

    int             length_;                // total length of message
    opaque*         keyMessage_;            // total exchange message
public:
    DH_Server();
    ~DH_Server();

    void build(SSL&);
    void read(SSL&, input_buffer&);
    int  get_length() const;
    opaque* get_serverKey() const;
private:
    DH_Server(const DH_Server&);            // hide copy
    DH_Server& operator=(const DH_Server&); // and assign
};


// Server's RSA exchange
struct RSA_Server : public ServerKeyBase {
    ServerRSAParams params_;
    opaque*         signature_;   // signed rsa_sa hashes
};


class ServerKeyExchange : public HandShakeBase {
    ServerKeyBase* server_key_;
public:
    explicit ServerKeyExchange(SSL&);
    ServerKeyExchange();
    ~ServerKeyExchange();

    void createKey(SSL&);
    void build(SSL& ssl);
   
    const opaque* getKey()       const;
    int           getKeyLength() const;

    input_buffer&  set(input_buffer& in);
    output_buffer& get(output_buffer& out) const;

    friend output_buffer& operator<<(output_buffer&, const ServerKeyExchange&);

    void Process(input_buffer&, SSL&);
    HandShakeType get_type() const;
private:
    ServerKeyExchange(const ServerKeyExchange&);            // hide copy
    ServerKeyExchange& operator=(const ServerKeyExchange&); // and assign
};



class CertificateRequest : public HandShakeBase  {
    ClientCertificateType         certificate_types_[CERT_TYPES];
    int                           typeTotal_;
    mySTL::list<DistinguishedName>  certificate_authorities_;
public:
    CertificateRequest();
    ~CertificateRequest();

    input_buffer&  set(input_buffer& in);
    output_buffer& get(output_buffer& out) const;

    friend input_buffer&  operator>>(input_buffer&, CertificateRequest&);
    friend output_buffer& operator<<(output_buffer&,
                                     const CertificateRequest&);

    void Process(input_buffer&, SSL&);
    HandShakeType get_type() const;

    void Build();
private:
    CertificateRequest(const CertificateRequest&);              // hide copy
    CertificateRequest& operator=(const CertificateRequest&);   // and assign
};


struct ServerHelloDone : public HandShakeBase {
    ServerHelloDone();
    input_buffer&  set(input_buffer& in);
    output_buffer& get(output_buffer& out) const;

    void Process(input_buffer& input, SSL& ssl);

    HandShakeType get_type() const;
};


struct PreMasterSecret {
    opaque  random_[SECRET_LEN];     // first two bytes Protocol Version
};


struct ClientKeyBase : public virtual_base {
    virtual ~ClientKeyBase() {}
    virtual void build(SSL&) {}
    virtual void read(SSL&, input_buffer&) {}
    virtual int  get_length() const;
    virtual opaque* get_clientKey() const;
};


class EncryptedPreMasterSecret : public ClientKeyBase {
    opaque* secret_;
    int     length_;
public:
    EncryptedPreMasterSecret();
    ~EncryptedPreMasterSecret();

    void    build(SSL&);
    void    read(SSL&, input_buffer&);
    int     get_length()    const;
    opaque* get_clientKey() const;
    void    alloc(int sz);
private:
    // hide copy and assign
    EncryptedPreMasterSecret(const EncryptedPreMasterSecret&);           
    EncryptedPreMasterSecret& operator=(const EncryptedPreMasterSecret&);
};


// Fortezza Key Parameters from page 29
// hard code lengths cause only used here
struct FortezzaKeys : public ClientKeyBase {
    opaque  y_c_                      [128];    // client's Yc, public value
    opaque  r_c_                      [128];    // client's Rc
    opaque  y_signature_              [40];     // DSS signed public key
    opaque  wrapped_client_write_key_ [12];     // wrapped by the TEK
    opaque  wrapped_server_write_key_ [12];     // wrapped by the TEK
    opaque  client_write_iv_          [24];      
    opaque  server_write_iv_          [24];
    opaque  master_secret_iv_         [24];     // IV used to encrypt preMaster
    opaque  encrypted_preMasterSecret_[48];     // random & crypted by the TEK
};



// Diffie-Hellman public key from page 40/41
class  ClientDiffieHellmanPublic : public ClientKeyBase {
    PublicValueEncoding public_value_encoding_;
    int     length_;    // includes two byte length for message
    opaque* Yc_;        // length + Yc_
    // dh_Yc only if explicit, otherwise sent in certificate
    enum { KEY_OFFSET = 2 };
public:
    ClientDiffieHellmanPublic();
    ~ClientDiffieHellmanPublic();

    void    build(SSL&);
    void    read(SSL&, input_buffer&);
    int     get_length()    const;
    opaque* get_clientKey() const;
    void    alloc(int sz, bool offset = false);
private:
    // hide copy and assign
    ClientDiffieHellmanPublic(const ClientDiffieHellmanPublic&);
    ClientDiffieHellmanPublic& operator=(const ClientDiffieHellmanPublic&);
};


class ClientKeyExchange : public HandShakeBase {
    ClientKeyBase*  client_key_;
public:
    explicit ClientKeyExchange(SSL& ssl);
    ClientKeyExchange();
    ~ClientKeyExchange();

    void createKey(SSL&);
    void build(SSL& ssl);
   
    const opaque* getKey()       const;
    int           getKeyLength() const;

    friend output_buffer& operator<<(output_buffer&, const ClientKeyExchange&);
   
    input_buffer&  set(input_buffer& in);
    output_buffer& get(output_buffer& out) const;

    HandShakeType  get_type() const;
    void Process(input_buffer&, SSL&);
private:
    ClientKeyExchange(const ClientKeyExchange&);            // hide copy
    ClientKeyExchange& operator=(const ClientKeyExchange&); // and assign
};


class CertificateVerify : public HandShakeBase {
    Hashes             hashes_;
    byte*              signature_;  // owns
public:
    CertificateVerify();
    ~CertificateVerify();

    input_buffer&  set(input_buffer& in);
    output_buffer& get(output_buffer& out) const;

    friend input_buffer&  operator>>(input_buffer&, CertificateVerify&);
    friend output_buffer& operator<<(output_buffer&, const CertificateVerify&);

    void Process(input_buffer&, SSL&);
    HandShakeType get_type() const;

    void Build(SSL&);
private:
    CertificateVerify(const CertificateVerify&);              // hide copy
    CertificateVerify& operator=(const CertificateVerify&);   // and assign
};


class Finished : public HandShakeBase {
    Hashes hashes_;
public:
    Finished();

    uint8* set_md5();
    uint8* set_sha();

    friend input_buffer& operator>>(input_buffer&, Finished&);
    friend output_buffer& operator<<(output_buffer&, const Finished&);

    input_buffer&  set(input_buffer& in);
    output_buffer& get(output_buffer& out) const;

    void Process(input_buffer&, SSL&);

    HandShakeType get_type() const;
private:
    Finished(const Finished&);            // hide copy
    Finished& operator=(const Finished&); // and assign
};


class RandomPool;  // forward for connection


// SSL Connection defined on page 11
struct Connection {
    opaque          *pre_master_secret_;
    opaque          master_secret_[SECRET_LEN];
    opaque          client_random_[RAN_LEN];
    opaque          server_random_[RAN_LEN];
    opaque          sessionID_[ID_LEN];
    opaque          client_write_MAC_secret_[SHA_LEN]; // sha  is max size
    opaque          server_write_MAC_secret_[SHA_LEN];
    opaque          client_write_key_[AES_256_KEY_SZ]; // aes 256bit is max sz
    opaque          server_write_key_[AES_256_KEY_SZ];
    opaque          client_write_IV_[AES_IV_SZ];       // aes is max size
    opaque          server_write_IV_[AES_IV_SZ];
    uint32          sequence_number_;
    uint32          peer_sequence_number_;
    uint32          pre_secret_len_;                   // pre master length
    bool            send_server_key_;                  // server key exchange?
    bool            master_clean_;                     // master secret clean?
    bool            TLS_;                              // TLSv1 or greater
    ProtocolVersion version_;
    RandomPool&     random_;

    Connection(ProtocolVersion v, RandomPool& ran);
    ~Connection();

    void AllocPreSecret(uint sz);
    void CleanPreMaster();
    void CleanMaster();
    void TurnOffTLS();
private:
    Connection(const Connection&);              // hide copy
    Connection& operator=(const Connection&);   // and assign
};


struct Ciphers;   // forward


// TLSv1 Security Spec, defined on page 56 of RFC 2246
struct Parameters {
    ConnectionEnd        entity_;
    BulkCipherAlgorithm  bulk_cipher_algorithm_;
    CipherType           cipher_type_;
    uint8                key_size_;
    uint8                iv_size_;
    IsExportable         is_exportable_;
    MACAlgorithm         mac_algorithm_;
    uint8                hash_size_;
    CompressionMethod    compression_algorithm_;
    KeyExchangeAlgorithm kea_;                        // yassl additions
    SignatureAlgorithm   sig_algo_;                   // signature auth type
    SignatureAlgorithm   verify_algo_;                // cert verify auth type
    bool                 pending_;                  
    bool                 resumable_;                  // new conns by session
    uint16               encrypt_size_;               // current msg encrypt sz
    Cipher               suite_[SUITE_LEN];           // choosen suite
    uint8                suites_size_;
    Cipher               suites_[MAX_SUITE_SZ];
    char                 cipher_name_[MAX_SUITE_NAME];
    char                 cipher_list_[MAX_CIPHER_LIST];

    Parameters(ConnectionEnd, const Ciphers&, ProtocolVersion);

    void SetSuites(ProtocolVersion pv);
    void SetCipherNames();
private:
    Parameters(const Parameters&);              // hide copy
    Parameters& operator=(const Parameters&);   // and assing
};


input_buffer&  operator>>(input_buffer&,  RecordLayerHeader&);
output_buffer& operator<<(output_buffer&, const RecordLayerHeader&);

input_buffer&  operator>>(input_buffer&,  Message&);
output_buffer& operator<<(output_buffer&, const Message&);

input_buffer&  operator>>(input_buffer&,  HandShakeBase&);
output_buffer& operator<<(output_buffer&, const HandShakeBase&);


// Message Factory definition
// uses the ContentType enumeration for unique id
typedef Factory<Message> MessageFactory;
void    InitMessageFactory(MessageFactory&);     // registers derived classes

// HandShake Factory definition
// uses the HandShakeType enumeration for unique id
typedef Factory<HandShakeBase> HandShakeFactory;  
void    InitHandShakeFactory(HandShakeFactory&); // registers derived classes

// ServerKey Factory definition
// uses KeyExchangeAlgorithm enumeration for unique  id
typedef Factory<ServerKeyBase> ServerKeyFactory;
void    InitServerKeyFactory(ServerKeyFactory&);

// ClientKey Factory definition
// uses KeyExchangeAlgorithm enumeration for unique  id
typedef Factory<ClientKeyBase> ClientKeyFactory;
void    InitClientKeyFactory(ClientKeyFactory&);


// Message Creators
Message* CreateHandShake();
Message* CreateCipherSpec();
Message* CreateAlert();
Message* CreateData();


// HandShake Creators
HandShakeBase* CreateCertificate();
HandShakeBase* CreateHelloRequest();
HandShakeBase* CreateClientHello();
HandShakeBase* CreateServerHello();
HandShakeBase* CreateServerKeyExchange();
HandShakeBase* CreateCertificateRequest();
HandShakeBase* CreateServerHelloDone();
HandShakeBase* CreateClientKeyExchange();
HandShakeBase* CreateCertificateVerify();
HandShakeBase* CreateFinished();


// ServerKey Exchange Creators
ServerKeyBase* CreateRSAServerKEA();
ServerKeyBase* CreateDHServerKEA();
ServerKeyBase* CreateFortezzaServerKEA();

// ClientKey Exchange Creators
ClientKeyBase* CreateRSAClient();
ClientKeyBase* CreateDHClient();
ClientKeyBase* CreateFortezzaClient();



} // naemspace

#endif // yaSSL_IMP_HPP