ssl.h

cryptlib安全工具包

	/* Function pointers to handshaking functions.  These are set up as 
	   required depending on whether the session is client or server */
	CHECK_RETVAL \
	int ( *beginHandshake )( INOUT SESSION_INFO *sessionInfoPtr,
							 struct SL *handshakeInfo ) \
							 STDC_NONNULL_ARG( ( 1, 2 ) );
	CHECK_RETVAL \
	int ( *exchangeKeys )( INOUT SESSION_INFO *sessionInfoPtr,
						   struct SL *handshakeInfo ) \
						   STDC_NONNULL_ARG( ( 1, 2 ) );
	} SSL_HANDSHAKE_INFO;

/* Prototypes for functions in ssl.c */

CHECK_RETVAL \
int readUint24( INOUT STREAM *stream ) \
				STDC_NONNULL_ARG( ( 1 ) );
int writeUint24( INOUT STREAM *stream, const int length ) \
				 STDC_NONNULL_ARG( ( 1 ) );
CHECK_RETVAL \
int processHelloSSL( INOUT SESSION_INFO *sessionInfoPtr, 
					 INOUT SSL_HANDSHAKE_INFO *handshakeInfo, 
					 INOUT STREAM *stream, const BOOLEAN isServer ) \
					 STDC_NONNULL_ARG( ( 1, 2, 3 ) );
CHECK_RETVAL \
int readSSLCertChain( INOUT SESSION_INFO *sessionInfoPtr, 
					  INOUT SSL_HANDSHAKE_INFO *handshakeInfo, 
					  INOUT STREAM *stream,
					  OUT CRYPT_CERTIFICATE *iCertChain, 
					  const BOOLEAN isServer ) \
					  STDC_NONNULL_ARG( ( 1, 2, 3, 4 ) );
CHECK_RETVAL \
int writeSSLCertChain( INOUT SESSION_INFO *sessionInfoPtr, 
					   INOUT STREAM *stream ) \
					   STDC_NONNULL_ARG( ( 1, 2 ) );
CHECK_RETVAL \
int checkPacketHeaderSSL( INOUT SESSION_INFO *sessionInfoPtr, 
						  INOUT STREAM *stream, OUT int *packetLength ) \
						  STDC_NONNULL_ARG( ( 1, 2, 3 ) );
CHECK_RETVAL \
int checkHSPacketHeader( INOUT SESSION_INFO *sessionInfoPtr, 
						 INOUT STREAM *stream, OUT int *packetLength, 
						 const int packetType, const int minSize ) \
						 STDC_NONNULL_ARG( ( 1, 2, 3 ) );
CHECK_RETVAL \
int processVersionInfo( INOUT SESSION_INFO *sessionInfoPtr, 
						INOUT STREAM *stream, OUT_OPT int *clientVersion ) \
						STDC_NONNULL_ARG( ( 1, 2 ) );
CHECK_RETVAL \
int processCipherSuite( INOUT SESSION_INFO *sessionInfoPtr, 
						INOUT SSL_HANDSHAKE_INFO *handshakeInfo, 
						INOUT STREAM *stream, const int noSuites ) \
						STDC_NONNULL_ARG( ( 1, 2, 3 ) );

/* Prototypes for functions in ssl_rw.c */

CHECK_RETVAL \
int unwrapPacketSSL( INOUT SESSION_INFO *sessionInfoPtr, 
					 INOUT_BUFFER( dataMaxLength, *dataLength ) \
					 void *data, const int dataMaxLength, int *dataLength,
					 const int packetType ) \
					 STDC_NONNULL_ARG( ( 1, 2, 4 ) );
CHECK_RETVAL \
int readHSPacketSSL( INOUT SESSION_INFO *sessionInfoPtr,
					 INOUT_OPT SSL_HANDSHAKE_INFO *handshakeInfo, 
					 OUT int *packetLength, const int packetType ) \
					 STDC_NONNULL_ARG( ( 1, 3 ) );
CHECK_RETVAL \
int refreshHSStream( INOUT SESSION_INFO *sessionInfoPtr, 
					 INOUT SSL_HANDSHAKE_INFO *handshakeInfo ) \
					 STDC_NONNULL_ARG( ( 1, 2 ) );
CHECK_RETVAL \
int wrapPacketSSL( INOUT SESSION_INFO *sessionInfoPtr, INOUT STREAM *stream, 
				   const int offset ) \
				   STDC_NONNULL_ARG( ( 1, 2 ) );
CHECK_RETVAL \
int sendPacketSSL( INOUT SESSION_INFO *sessionInfoPtr, INOUT STREAM *stream, 
				   const BOOLEAN sendOnly ) \
				   STDC_NONNULL_ARG( ( 1, 2 ) );
CHECK_RETVAL \
int openPacketStreamSSL( INOUT STREAM *stream, 
						 const SESSION_INFO *sessionInfoPtr, 
						 const int bufferSize, const int packetType ) \
						 STDC_NONNULL_ARG( ( 1, 2 ) );
CHECK_RETVAL \
int continuePacketStreamSSL( INOUT STREAM *stream, 
							 const SESSION_INFO *sessionInfoPtr, 
							 const int packetType ) \
							 STDC_NONNULL_ARG( ( 1, 2 ) );
CHECK_RETVAL \
int completePacketStreamSSL( INOUT STREAM *stream, const int offset ) \
							 STDC_NONNULL_ARG( ( 1 ) );
CHECK_RETVAL \
int continueHSPacketStream( INOUT STREAM *stream, const int packetType ) \
							STDC_NONNULL_ARG( ( 1 ) );
CHECK_RETVAL \
int completeHSPacketStream( INOUT STREAM *stream, const int offset ) \
							STDC_NONNULL_ARG( ( 1 ) );
CHECK_RETVAL \
int processAlert( INOUT SESSION_INFO *sessionInfoPtr, 
				  IN_BUFFER( headerLength ) \
				  const void *header, const int headerLength ) \
				  STDC_NONNULL_ARG( ( 1, 2 ) );
void sendCloseAlert( INOUT SESSION_INFO *sessionInfoPtr, 
					 const BOOLEAN alertReceived ) \
					 STDC_NONNULL_ARG( ( 1 ) );
void sendHandshakeFailAlert( INOUT SESSION_INFO *sessionInfoPtr ) \
							 STDC_NONNULL_ARG( ( 1 ) );

/* Prototypes for functions in ssl_keymgmt.c */

CHECK_RETVAL \
int initSecurityContextsSSL( INOUT SESSION_INFO *sessionInfoPtr ) \
							 STDC_NONNULL_ARG( ( 1 ) );
void destroySecurityContextsSSL( INOUT SESSION_INFO *sessionInfoPtr ) \
								 STDC_NONNULL_ARG( ( 1 ) );
CHECK_RETVAL \
int initHandshakeCryptInfo( INOUT SSL_HANDSHAKE_INFO *handshakeInfo ) \
							STDC_NONNULL_ARG( ( 1 ) );
void destroyHandshakeCryptInfo( INOUT SSL_HANDSHAKE_INFO *handshakeInfo ) \
							    STDC_NONNULL_ARG( ( 1 ) );
CHECK_RETVAL \
int initDHcontextSSL( OUT CRYPT_CONTEXT *iCryptContext, 
					  IN_BUFFER_OPT( keyDataLength ) \
					  const void *keyData, const int keyDataLength,
					  const CRYPT_CONTEXT iServerKeyTemplate ) \
					  STDC_NONNULL_ARG( ( 1 ) );
CHECK_RETVAL \
int createSharedPremasterSecret( OUT_BUFFER( premasterSecretMaxLength, *premasterSecretLength ) \
								 void *premasterSecret, 
								 const int premasterSecretMaxLength, 
								 int *premasterSecretLength,
								 const ATTRIBUTE_LIST *attributeListPtr ) \
								 STDC_NONNULL_ARG( ( 1, 3, 4 ) );
CHECK_RETVAL \
int wrapPremasterSecret( INOUT SESSION_INFO *sessionInfoPtr,
						 INOUT SSL_HANDSHAKE_INFO *handshakeInfo,
						 OUT_BUFFER( dataMaxLength, *dataLength ) \
						 void *data, const int dataMaxLength, 
						 int *dataLength ) \
						 STDC_NONNULL_ARG( ( 1, 2, 3, 5 ) );
CHECK_RETVAL \
int unwrapPremasterSecret( INOUT SESSION_INFO *sessionInfoPtr, 
						   INOUT SSL_HANDSHAKE_INFO *handshakeInfo,
						   IN_BUFFER( dataLength ) \
						   const void *data, const int dataLength ) \
						   STDC_NONNULL_ARG( ( 1, 2 ) );
CHECK_RETVAL \
int premasterToMaster( const SESSION_INFO *sessionInfoPtr, 
					   const SSL_HANDSHAKE_INFO *handshakeInfo, 
					   OUT_BUFFER_FIXED( masterSecretLength ) \
					   void *masterSecret, const int masterSecretLength ) \
					   STDC_NONNULL_ARG( ( 1, 2, 3 ) );
CHECK_RETVAL \
int masterToKeys( const SESSION_INFO *sessionInfoPtr, 
				  const SSL_HANDSHAKE_INFO *handshakeInfo, 
				  IN_BUFFER( masterSecretLength ) \
				  const void *masterSecret, const int masterSecretLength,
				  OUT_BUFFER_FIXED( keyBlockLength ) \
				  void *keyBlock, const int keyBlockLength ) \
				  STDC_NONNULL_ARG( ( 1, 2, 3, 5 ) );
CHECK_RETVAL \
int loadKeys( INOUT SESSION_INFO *sessionInfoPtr,
			  const SSL_HANDSHAKE_INFO *handshakeInfo,
			  IN_BUFFER( keyBlockLength ) \
			  const void *keyBlock, const int keyBlockLength,
			  const BOOLEAN isClient ) \
			  STDC_NONNULL_ARG( ( 1, 2, 3 ) );
CHECK_RETVAL \
int loadExplicitIV( INOUT SESSION_INFO *sessionInfoPtr, 
					INOUT STREAM *stream, OUT int *ivLength ) \
					STDC_NONNULL_ARG( ( 1, 2, 3 ) );

/* Prototypes for functions in ssl_cry.c */

CHECK_RETVAL \
int encryptData( const SESSION_INFO *sessionInfoPtr, 
				 INOUT_BUFFER( dataMaxLength, *dataLength ) \
				 BYTE *data, const int dataMaxLength,
				 int *dataLength,
				 const int payloadLength ) \
				 STDC_NONNULL_ARG( ( 1, 2, 4 ) );
				 /* This one's a bit tricky, the input is 
				    { data, payloadLength } which is padded (if necessary) 
					and the padded length returned in 'dataLength' */
CHECK_RETVAL \
int decryptData( SESSION_INFO *sessionInfoPtr, 
				 INOUT_BUFFER_FIXED( dataLength ) \
				 BYTE *data, const int dataLength, 
				 OUT int *processedDataLength ) \
				 STDC_NONNULL_ARG( ( 1, 2, 4 ) );
				/* This one's also tricky, the entire data block will be 
				   processed but only 'processedDataLength' bytes of result 
				   are valid output */
CHECK_RETVAL \
int dualMacDataRead( const SSL_HANDSHAKE_INFO *handshakeInfo, 
					 INOUT STREAM *stream ) \
					 STDC_NONNULL_ARG( ( 1, 2 ) );
CHECK_RETVAL \
int dualMacDataWrite( const SSL_HANDSHAKE_INFO *handshakeInfo, 
					  INOUT STREAM *stream ) \
					  STDC_NONNULL_ARG( ( 1, 2 ) );
CHECK_RETVAL \
int completeSSLDualMAC( const CRYPT_CONTEXT md5context,
						const CRYPT_CONTEXT sha1context, 
						OUT_BUFFER( hashValuesMaxLen, *hashValuesLen )
						BYTE *hashValues, const int hashValuesMaxLen,
						int *hashValuesLen,
						IN_BUFFER( labelLength ) \
						const char *label, const int labelLength, 
						IN_BUFFER( masterSecretLen ) \
						const BYTE *masterSecret, const int masterSecretLen ) \
						STDC_NONNULL_ARG( ( 3, 5, 6, 8 ) );
CHECK_RETVAL \
int completeTLSHashedMAC( const CRYPT_CONTEXT md5context,
						  const CRYPT_CONTEXT sha1context, 
						  OUT_BUFFER( hashValuesMaxLen, *hashValuesLen )
						  BYTE *hashValues, const int hashValuesMaxLen,
						  int *hashValuesLen,
						  IN_BUFFER( labelLength ) \
						  const char *label, const int labelLength, 
						  IN_BUFFER( masterSecretLen ) \
						  const BYTE *masterSecret, const int masterSecretLen ) \
						  STDC_NONNULL_ARG( ( 3, 5, 6, 8 ) );
CHECK_RETVAL \
int createMacSSL( INOUT SESSION_INFO *sessionInfoPtr, 
				  OUT_BUFFER( dataMaxLength, *dataLength ) \
				  void *data, const int dataMaxLength, int *dataLength,
				  const int payloadLength, const int type ) \
				  STDC_NONNULL_ARG( ( 1, 2, 4 ) );
CHECK_RETVAL \
int createMacTLS( INOUT SESSION_INFO *sessionInfoPtr, 
				  OUT_BUFFER( dataMaxLength, *dataLength ) \
				  void *data, const int dataMaxLength, int *dataLength,
				  const int payloadLength, const int type ) \
				  STDC_NONNULL_ARG( ( 1, 2, 4 ) );
CHECK_RETVAL \
int checkMacSSL( INOUT SESSION_INFO *sessionInfoPtr, 
				 IN_BUFFER( dataLength ) \
				 const void *data, const int dataLength, 
				 const int payloadLength, const int type, 
				 const BOOLEAN noReportError ) \
				 STDC_NONNULL_ARG( ( 1, 2 ) );
CHECK_RETVAL \
int checkMacTLS( INOUT SESSION_INFO *sessionInfoPtr, 
				 IN_BUFFER( dataLength ) \
				 const void *data, const int dataLength, 
				 const int payloadLength, const int type, 
				 const BOOLEAN noReportError ) \
				 STDC_NONNULL_ARG( ( 1, 2 ) );
CHECK_RETVAL \
int createCertVerify( const SESSION_INFO *sessionInfoPtr,
					  const SSL_HANDSHAKE_INFO *handshakeInfo,
					  INOUT STREAM *stream ) \
					  STDC_NONNULL_ARG( ( 1, 2, 3 ) );
CHECK_RETVAL \
int checkCertVerify( const SESSION_INFO *sessionInfoPtr,
					 const SSL_HANDSHAKE_INFO *handshakeInfo,
					 INOUT STREAM *stream, const int sigLength ) \
					 STDC_NONNULL_ARG( ( 1, 2, 3 ) );
CHECK_RETVAL \
int createKeyexSignature( INOUT SESSION_INFO *sessionInfoPtr, 
						  INOUT SSL_HANDSHAKE_INFO *handshakeInfo,
						  INOUT STREAM *stream, 
						  IN_BUFFER( keyDataLength ) \
						  const void *keyData, const int keyDataLength ) \
						  STDC_NONNULL_ARG( ( 1, 2, 3, 4 ) );
CHECK_RETVAL \
int checkKeyexSignature( INOUT SESSION_INFO *sessionInfoPtr, 
						 INOUT SSL_HANDSHAKE_INFO *handshakeInfo,
						 INOUT STREAM *stream, 
						 IN_BUFFER( keyDataLength ) \
						 const void *keyData, const int keyDataLength ) \
						 STDC_NONNULL_ARG( ( 1, 2, 3, 4 ) );

/* Prototypes for session mapping functions */

void initSSLclientProcessing( SSL_HANDSHAKE_INFO *handshakeInfo ) \
							  STDC_NONNULL_ARG( ( 1 ) );
void initSSLserverProcessing( SSL_HANDSHAKE_INFO *handshakeInfo ) \
							  STDC_NONNULL_ARG( ( 1 ) );

#endif /* _SSL_DEFINED */