cryptlib  3.4.1
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Properties Macros
ssl.h
Go to the documentation of this file.
1 /****************************************************************************
2 * *
3 * SSL v3/TLS Definitions Header File *
4 * Copyright Peter Gutmann 1998-2011 *
5 * *
6 ****************************************************************************/
7 
8 #ifndef _SSL_DEFINED
9 
10 #define _SSL_DEFINED
11 
12 #if defined( INC_ALL )
13  #include "scorebrd.h"
14 #else
15  #include "session/scorebrd.h"
16 #endif /* _STREAM_DEFINED */
17 
18 /****************************************************************************
19 * *
20 * SSL Constants *
21 * *
22 ****************************************************************************/
23 
24 /* Default SSL/TLS port */
25 
26 #define SSL_PORT 443
27 
28 /* SSL and TLS constants */
29 
30 #define ID_SIZE 1 /* ID byte */
31 #define LENGTH_SIZE 3 /* 24 bits */
32 #define SEQNO_SIZE 8 /* 64 bits */
33 #define VERSIONINFO_SIZE 2 /* 0x03, 0x0n */
34 #define ALERTINFO_SIZE 2 /* level + description */
35 #define SSL_HEADER_SIZE 5 /* Type, version, length */
36 #define SSL_NONCE_SIZE 32 /* Size of client/svr nonce */
37 #define SSL_SECRET_SIZE 48 /* Size of premaster/master secret */
38 #define MD5MAC_SIZE 16 /* Size of MD5 proto-HMAC/dual hash */
39 #define SHA1MAC_SIZE 20 /* Size of SHA-1 proto-HMAC/dual hash */
40 #define SHA2MAC_SIZE 32 /* Size of SHA-2 HMAC hash */
41 #define GCMICV_SIZE 16 /* Size of GCM ICV */
42 #define GCM_SALT_SIZE 4 /* Size of implicit portion of GCM IV */
43 #define GCM_IV_SIZE 12 /* Overall size of GCM IV */
44 #define TLS_HASHEDMAC_SIZE 12 /* Size of TLS PRF( MD5 + SHA1 ) */
45 #define SESSIONID_SIZE 16 /* Size of session ID */
46 #define MAX_SESSIONID_SIZE 32 /* Max.allowed session ID size */
47 #define MAX_KEYBLOCK_SIZE ( ( 64 + 32 + 16 ) * 2 )
48  /* HMAC-SHA2 + AES-256 key + AES IV */
49 #define MIN_PACKET_SIZE 4 /* Minimum SSL packet size */
50 #define MAX_PACKET_SIZE 16384 /* Maximum SSL packet size */
51 #define MAX_CIPHERSUITES 200 /* Max.allowed cipher suites */
52 
53 /* SSL/TLS packet/buffer size information. The extra packet size is
54  somewhat large because it can contains the packet header (5 bytes), IV
55  (0/8/16 bytes), MAC/ICV (12/16/20 bytes), and cipher block padding (up to
56  256 bytes) */
57 
58 #define EXTRA_PACKET_SIZE 512
59 
60 /* We can default to preferring either RSA key transport or DH key
61  agreement, DH has numerous benefits (PFS and resistance to side-channel
62  attacks) but one major disadvantage, it has the same relatively high cost
63  on the client as it does on the server, requiring a DH (pseudo-)private
64  key operation on both client and server while RSA only has the high cost
65  on the server. The problem with automatically preferring DH to RSA is
66  that the people who least understand how the crypto works will then run a
67  timing test and decide that it's too slow based on the DH timing rather
68  than the much faster RSA timing. There isn't really any easy way out of
69  this, since the benefits of using DH are rather significant and the
70  client, if it really needs performance over everything, can force the use
71  of RSA, we prefer DH to RSA unless the behaviour is toggled via the
72  following define */
73 
74 /* #define PREFER_RSA_TO_DH */
75 
76 #if defined( PREFER_RSA_TO_DH ) && defined( _MSC_VER )
77  #pragma message( " Building with RSA as preferred SSL/TLS cipher suite." )
78 #endif /* PREFER_RSA_TO_DH with VC++ */
79 
80 /* SSLv2 was finally removed in MSIE and Firefox in 2008, however some
81  implementations still send SSLv2 hellos. Define the following to enable
82  handling of SSLv2 client hellos. Note that this code is not maintained,
83  and your warranty is void when you enable SSLv2 hello handling */
84 
85 /* #define ALLOW_SSLV2_HELLO */
86 
87 /* SSL/TLS protocol-specific flags that augment the general session flags:
88 
89  FLAG_ALERTSENT: Whether we've already sent a close-alert. Keeping track
90  of this is necessary because we're required to send a close alert
91  when shutting down to prevent a truncation attack, however lower-
92  level code may have already sent an alert so we have to remember not
93  to send it twice.
94 
95  FLAG_CHECKREHANDSHAKE: The header-read got a handshake packet instead of
96  a data packet, when the body-read decrypts the payload it should
97  check for a rehandshake request in the payload.
98 
99  SSL_PFLAG_CLIAUTHSKIPPED: The client saw an auth-request from the server
100  and responded with a no-certificates alert, if we later get a close
101  alert from the server then provide additional error information
102  indicating that this may be due to the lack of a client certificate.
103 
104  FLAG_GCM: The encryption used is GCM and not the usual CBC, which
105  unifies encryption and MACing into a single operation.
106 
107  FLAG_SUITEB_128: Enforce Suite B semantics on top of the standard TLS
108  FLAG_SUITEB_256: 1.2 + ECC + AES-GCM ones. _128 = P256 + P384,
109  _256 = P384 only */
110 
111 #define SSL_PFLAG_NONE 0x00 /* No protocol-specific flags */
112 #define SSL_PFLAG_ALERTSENT 0x01 /* Close alert sent */
113 #define SSL_PFLAG_CLIAUTHSKIPPED 0x02 /* Client auth-req.skipped */
114 #define SSL_PFLAG_GCM 0x04 /* Encryption uses GCM, not CBC */
115 #define SSL_PFLAG_SUITEB_128 0x08 /* Enforce Suite B 128-bit semantics */
116 #define SSL_PFLAG_SUITEB_256 0x10 /* Enforce Suite B 256-bit semantics */
117 #define SSL_PFLAG_CHECKREHANDSHAKE 0x20 /* Check decrypted pkt.for rehandshake */
118 #define SSL_PFLAG_MAX 0x2F /* Maximum possible flag value */
119 
120 /* Suite B consists of two subclasses, the 128-bit security level (AES-128
121  with P256 and SHA2-256) and the 192-bit security level (AES-256 with P384
122  and SHA2-384), in order to identify generic use of Suite B we provide a
123  pseudo-value that combines the 128-bit and 192-bit subclasses */
124 
125 #define SSL_PFLAG_SUITEB ( SSL_PFLAG_SUITEB_128 | \
126  SSL_PFLAG_SUITEB_256 )
127 
128 /* SSL/TLS message types */
129 
130 #define SSL_MSG_CHANGE_CIPHER_SPEC 20
131 #define SSL_MSG_ALERT 21
132 #define SSL_MSG_HANDSHAKE 22
133 #define SSL_MSG_APPLICATION_DATA 23
134 
135 #define SSL_MSG_FIRST SSL_MSG_CHANGE_CIPHER_SPEC
136 #define SSL_MSG_LAST SSL_MSG_APPLICATION_DATA
137 
138 /* Special expected packet-type values that are passed to readHSPacketSSL()
139  to handle situations where special-case handling is required for read
140  packets. The first handshake packet from the client or server is treated
141  specially in that the version number information is taken from this
142  packet, and the attempt to read the first encrypted handshake packet may
143  be met with a TCP close from the peer if it handles errors badly, in
144  which case we provide a special-case error message that indicates more
145  than just "connection closed" */
146 
147 #define SSL_MSG_FIRST_HANDSHAKE 0xFE
148 #define SSL_MSG_FIRST_ENCRHANDSHAKE 0xFF
149 #define SSL_MSG_LAST_SPECIAL SSL_MSG_FIRST_ENCRHANDSHAKE
150 #define SSL_MSG_V2HANDSHAKE 0x80
151 
152 /* SSL/TLS handshake message subtypes */
153 
154 #define SSL_HAND_CLIENT_HELLO 1
155 #define SSL_HAND_SERVER_HELLO 2
156 #define SSL_HAND_CERTIFICATE 11
157 #define SSL_HAND_SERVER_KEYEXCHANGE 12
158 #define SSL_HAND_SERVER_CERTREQUEST 13
159 #define SSL_HAND_SERVER_HELLODONE 14
160 #define SSL_HAND_CLIENT_CERTVERIFY 15
161 #define SSL_HAND_CLIENT_KEYEXCHANGE 16
162 #define SSL_HAND_FINISHED 20
163 #define SSL_HAND_SUPPLEMENTAL_DATA 23
164 
165 #define SSL_HAND_FIRST SSL_HAND_CLIENT_HELLO
166 #define SSL_HAND_LAST SSL_HAND_SUPPLEMENTAL_DATA
167 
168 /* SSL and TLS alert levels and types */
169 
170 #define SSL_ALERTLEVEL_WARNING 1
171 #define SSL_ALERTLEVEL_FATAL 2
172 
173 #define SSL_ALERT_CLOSE_NOTIFY 0
174 #define SSL_ALERT_UNEXPECTED_MESSAGE 10
175 #define SSL_ALERT_BAD_RECORD_MAC 20
176 #define TLS_ALERT_DECRYPTION_FAILED 21
177 #define TLS_ALERT_RECORD_OVERFLOW 22
178 #define SSL_ALERT_DECOMPRESSION_FAILURE 30
179 #define SSL_ALERT_HANDSHAKE_FAILURE 40
180 #define SSL_ALERT_NO_CERTIFICATE 41
181 #define SSL_ALERT_BAD_CERTIFICATE 42
182 #define SSL_ALERT_UNSUPPORTED_CERTIFICATE 43
183 #define SSL_ALERT_CERTIFICATE_REVOKED 44
184 #define SSL_ALERT_CERTIFICATE_EXPIRED 45
185 #define SSL_ALERT_CERTIFICATE_UNKNOWN 46
186 #define TLS_ALERT_ILLEGAL_PARAMETER 47
187 #define TLS_ALERT_UNKNOWN_CA 48
188 #define TLS_ALERT_ACCESS_DENIED 49
189 #define TLS_ALERT_DECODE_ERROR 50
190 #define TLS_ALERT_DECRYPT_ERROR 51
191 #define TLS_ALERT_EXPORT_RESTRICTION 60
192 #define TLS_ALERT_PROTOCOL_VERSION 70
193 #define TLS_ALERT_INSUFFICIENT_SECURITY 71
194 #define TLS_ALERT_INTERNAL_ERROR 80
195 #define TLS_ALERT_USER_CANCELLED 90
196 #define TLS_ALERT_NO_RENEGOTIATION 100
197 #define TLS_ALERT_UNSUPPORTED_EXTENSION 110
198 #define TLS_ALERT_CERTIFICATE_UNOBTAINABLE 111
199 #define TLS_ALERT_UNRECOGNIZED_NAME 112
200 #define TLS_ALERT_BAD_CERTIFICATE_STATUS_RESPONSE 113
201 #define TLS_ALERT_BAD_CERTIFICATE_HASH_VALUE 114
202 #define TLS_ALERT_UNKNOWN_PSK_IDENTITY 115
203 
204 #define SSL_ALERT_FIRST SSL_ALERT_CLOSE_NOTIFY
205 #define SSL_ALERT_LAST TLS_ALERT_UNKNOWN_PSK_IDENTITY
206 
207 /* TLS supplemental data subtypes */
208 
209 #define TLS_SUPPDATA_USERMAPPING 0
210 
211 /* SSL and TLS cipher suites */
212 
213 typedef enum {
214  /* SSLv3 cipher suites (0-10) */
215  SSL_NULL_WITH_NULL, SSL_RSA_WITH_NULL_MD5, SSL_RSA_WITH_NULL_SHA,
216  SSL_RSA_EXPORT_WITH_RC4_40_MD5, /* Non-valid/accapted suites */
217  SSL_RSA_WITH_RC4_128_MD5, SSL_FIRST_VALID_SUITE = SSL_RSA_WITH_RC4_128_MD5,
218  SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
219  SSL_RSA_WITH_IDEA_CBC_SHA, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA,
220  SSL_RSA_WITH_DES_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA,
221 
222  /* TLS (RFC 2246) DH cipher suites (11-22) */
223  TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_DH_DSS_WITH_DES_CBC_SHA,
224  TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA, TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA,
225  TLS_DH_RSA_WITH_DES_CBC_SHA, TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA,
226  TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_DHE_DSS_WITH_DES_CBC_SHA,
227  TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
228  TLS_DHE_RSA_WITH_DES_CBC_SHA, TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
229 
230  /* TLS (RFC 2246) anon-DH cipher suites (23-27) */
231  TLS_DH_anon_EXPORT_WITH_RC4_40_MD5, TLS_DH_anon_WITH_RC4_128_MD5,
232  TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA, TLS_DH_anon_WITH_DES_CBC_SHA,
233  TLS_DH_anon_WITH_3DES_EDE_CBC_SHA,
234 
235  /* TLS (RFC 2246) reserved cipher suites (28-29, used for Fortezza in
236  SSLv3) */
237  TLS_reserved_1, TLS_reserved_2,
238 
239  /* TLS with Kerberos (RFC 2712) suites (30-43) */
240  TLS_KRB5_WITH_DES_CBC_SHA, TLS_KRB5_WITH_3DES_EDE_CBC_SHA,
241  TLS_KRB5_WITH_RC4_128_SHA, TLS_KRB5_WITH_IDEA_CBC_SHA,
242  TLS_KRB5_WITH_DES_CBC_MD5, TLS_KRB5_WITH_3DES_EDE_CBC_MD5,
243  TLS_KRB5_WITH_RC4_128_MD5, TLS_KRB5_WITH_IDEA_CBC_MD5,
244  TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA, TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA,
245  TLS_KRB5_EXPORT_WITH_RC4_40_SHA, TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5,
246  TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5, TLS_KRB5_EXPORT_WITH_RC4_40_MD5,
247 
248  /* Unknown suites (44-46) */
249 
250  /* TLS 1.1 (RFC 4346) cipher suites (47-58) */
251  TLS_RSA_WITH_AES_128_CBC_SHA = 0x2F, TLS_DH_DSS_WITH_AES_128_CBC_SHA,
252  TLS_DH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
253  TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DH_anon_WITH_AES_128_CBC_SHA,
254  TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DH_DSS_WITH_AES_256_CBC_SHA,
255  TLS_DH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
256  TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DH_anon_WITH_AES_256_CBC_SHA,
257 
258  /* TLS 1.2 (RFC 5246) cipher suites (59-61) */
259  TLS_RSA_WITH_NULL_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256,
260  TLS_RSA_WITH_AES_256_CBC_SHA256,
261 
262  /* TLS 1.2 (RFC 5246) DH cipher suites (62-64), continued at 103 */
263  TLS_DH_DSS_WITH_AES_128_CBC_SHA256, TLS_DH_RSA_WITH_AES_128_CBC_SHA256,
264  TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
265 
266  /* Camellia (RFC 4132) AES-128 suites (65-70) */
267  TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
268  TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA, TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
269  TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA,
270 
271  /* Unknown suites (71-103) */
272 
273  /* More TLS 1.2 (RFC 5246) DH cipher suites (103-109) */
274  TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 103, TLS_DH_DSS_WITH_AES_256_CBC_SHA256,
275  TLS_DH_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,
276  TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DH_anon_WITH_AES_128_CBC_SHA256,
277  TLS_DH_anon_WITH_AES_256_CBC_SHA256,
278 
279  /* Camellia (RFC 4132) AES-256 suites (132-137) */
280  TLS_RSA_WITH_CAMELLIA_256_CBC_SHA = 132,
281  TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA, TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
282  TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
283  TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA,
284 
285  /* TLS-PSK (RFC 4279) cipher suites (138-149) */
286  TLS_PSK_WITH_RC4_128_SHA, TLS_PSK_WITH_3DES_EDE_CBC_SHA,
287  TLS_PSK_WITH_AES_128_CBC_SHA, TLS_PSK_WITH_AES_256_CBC_SHA,
288  TLS_DHE_PSK_WITH_RC4_128_SHA, TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
289  TLS_DHE_PSK_WITH_AES_128_CBC_SHA, TLS_DHE_PSK_WITH_AES_256_CBC_SHA,
290  TLS_RSA_PSK_WITH_RC4_128_SHA, TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
291  TLS_RSA_PSK_WITH_AES_128_CBC_SHA, TLS_RSA_PSK_WITH_AES_256_CBC_SHA,
292 
293  /* Unknown suites (150-155) */
294 
295  /* TLS 1.2 (RFC 5288) GCM cipher suites (156-167) */
296  TLS_RSA_WITH_AES_128_GCM_SHA256 = 156, TLS_RSA_WITH_AES_256_GCM_SHA384,
297  TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
298  TLS_DH_RSA_WITH_AES_128_GCM_SHA256, TLS_DH_RSA_WITH_AES_256_GCM_SHA384,
299  TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,
300  TLS_DH_DSS_WITH_AES_128_GCM_SHA256, TLS_DH_DSS_WITH_AES_256_GCM_SHA384,
301  TLS_DH_anon_WITH_AES_128_GCM_SHA256, TLS_DH_anon_WITH_AES_256_GCM_SHA384,
302 
303  /* TLS-ECC (RFC 4492) cipher suites. For some unknown reason these
304  start above 49152/0xC000, so the range is 49153...49177 */
305  TLS_ECDH_ECDSA_WITH_NULL_SHA = 49153, TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
306  TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
307  TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_NULL_SHA,
308  TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
309  TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
310  TLS_ECDH_RSA_WITH_NULL_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA,
311  TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
312  TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_NULL_SHA,
313  TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
314  TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
315  TLS_ECDH_anon_WITH_NULL_SHA, TLS_ECDH_anon_WITH_RC4_128_SHA,
316  TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_anon_WITH_AES_128_CBC_SHA,
317  TLS_ECDH_anon_WITH_AES_256_CBC_SHA,
318 
319  /* TLS-SRP (RFC 5054) cipher suites, following the pattern from
320  above at 49178/0xC01A...49186 */
321  TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA, TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
322  TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA, TLS_SRP_SHA_WITH_AES_128_CBC_SHA,
323  TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA, TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
324  TLS_SRP_SHA_WITH_AES_256_CBC_SHA, TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
325  TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
326 
327  /* TLS-ECC (RFC 5289) SHA-2 cipher suites, following the pattern from
328  above at 49187/0xC023...49194 */
329  TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
330  TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
331  TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
332  TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
333 
334  /* TLS-ECC (RFC 5289) GCM cipher suites, following the pattern from above
335  at 49195/0xC02B...49202 */
336  TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
337  TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
338  TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
339  TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,
340 
341  /* TLS-ECC (RFC 5489) PSK cipher suites, following the pattern from above
342  at 49203/0xC033...49211 */
343  TLS_ECDHE_PSK_WITH_RC4_128_SHA, TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
344  TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA,
345  TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
346  TLS_ECDHE_PSK_WITH_NULL_SHA, TLS_ECDHE_PSK_WITH_NULL_SHA256,
347  TLS_ECDHE_PSK_WITH_NULL_SHA384,
348 
349  SSL_LAST_SUITE
350  } SSL_CIPHERSUITE_TYPE;
351 
352 /* TLS extension types */
353 
354 typedef enum {
355  TLS_EXT_SERVER_NAME, /* Name of virtual server to contact */
356  TLS_EXT_MAX_FRAGMENT_LENTH, /* Max.fragment length if smaller than 2^14 bytes */
357  TLS_EXT_CLIENT_CERTIFICATE_URL, /* Location for server to find client certificate */
358  TLS_EXT_TRUSTED_CA_KEYS, /* Indication of which CAs clients trust */
359  TLS_EXT_TRUNCATED_HMAC, /* Use 80-bit truncated HMAC */
360  TLS_EXT_STATUS_REQUEST, /* OCSP status request from server */
361  TLS_EXT_USER_MAPPING, /* RFC 4681 mapping of user name to account */
362  TLS_EXT_CLIENT_AUTHZ, /* RFC 5878 authorisation exts */
363  TLS_EXT_SERVER_AUTHZ, /* RFC 5878 authorisation exts */
364  TLS_EXT_CERTTYPE, /* RFC 5081/6091 OpenPGP key support */
365  TLS_EXT_ELLIPTIC_CURVES, /* RFC 4492 ECDH/ECDSA support */
366  TLS_EXT_EC_POINT_FORMATS, /* RFC 4492 ECDH/ECDSA support */
367  TLS_EXT_SRP, /* RFC 5054 SRP support */
368  TLS_EXT_SIGNATURE_ALGORITHMS, /* RFC 5246 TLSv1.2 */
369  /* 14...34 unused */
370  TLS_EXT_SESSIONTICKET = 35, /* RFC 4507 session ticket support */
371  TLS_EXT_LAST,
372 
373  /* The secure-renegotiation extension, for some unknown reason, is given
374  a value of 65281 / 0xFF01, so we defined it outside the usual
375  extension range in order for the standard range-checking to be a bit
376  more sensible */
377  TLS_EXT_SECURE_RENEG = 65281,/* RFC 5746 secure renegotiation */
378  } TLS_EXT_TYPE;
379 
380 /* SSL/TLS certificate types */
381 
382 typedef enum {
383  TLS_CERTTYPE_NONE, TLS_CERTTYPE_RSA, TLS_CERTTYPE_DSA,
384  TLS_CERTTYPE_DUMMY1 /* RSA+DH */, TLS_CERTTYPE_DUMMY2 /* DSA+DH */,
385  TLS_CERTTYPE_DUMMY3 /* RSA+EDH */, TLS_CERTTYPE_DUMMY4 /* DSA+EDH */,
386  TLS_CERTTYPE_ECDSA = 64, TLS_CERTTYPE_LAST
387  } TLS_CERTTYPE_TYPE;
388 
389 /* TLS signature and hash algorithm identifiers */
390 
391 typedef enum {
392  TLS_SIGALGO_NONE, TLS_SIGALGO_RSA, TLS_SIGALGO_DSA, TLS_SIGALGO_ECDSA,
393  TLS_SIGALGO_LAST
394  } TLS_SIGALGO_TYPE;
395 
396 typedef enum {
397  TLS_HASHALGO_NONE, TLS_HASHALGO_MD5, TLS_HASHALGO_SHA1,
398  TLS_HASHALGO_DUMMY1 /* SHA2-224 */, TLS_HASHALGO_SHA2,
399  TLS_HASHALGO_SHA384, TLS_HASHALGO_DUMMY3 /* SHA2-512 */,
400  TLS_HASHALGO_LAST
401  } TLS_HASHALGO_TYPE;
402 
403 /* TLS ECC curve identifiers */
404 
405 typedef enum {
406  TLS_CURVE_NONE, TLS_CURVE_SECT163K1, TLS_CURVE_SECT163R1,
407  TLS_CURVE_SECT163R2, TLS_CURVE_SECT193R1, TLS_CURVE_SECT193R2,
408  TLS_CURVE_SECT233K1, TLS_CURVE_SECT233R1, TLS_CURVE_SECT239K1,
409  TLS_CURVE_SECT283K1, TLS_CURVE_SECT283R1, TLS_CURVE_SECT409K1,
410  TLS_CURVE_SECT409R1, TLS_CURVE_SECT571K1, TLS_CURVE_SECT571R1,
411  TLS_CURVE_SECP160K1, TLS_CURVE_SECP160R1, TLS_CURVE_SECP160R2,
412  TLS_CURVE_SECP192K1, TLS_CURVE_SECP192R1 /* P192 */,
413  TLS_CURVE_SECP224K1, TLS_CURVE_SECP224R1 /* P224 */,
414  TLS_CURVE_SECP256K1, TLS_CURVE_SECP256R1 /* P256 */,
415  TLS_CURVE_SECP384R1 /* P384 */, TLS_CURVE_SECP521R1 /* P521 */,
416  TLS_CURVE_LAST
417  } TLS_CURVE_TYPE;
418 
419 /* SSL and TLS major and minor version numbers */
420 
421 #define SSL_MAJOR_VERSION 3
422 #define SSL_MINOR_VERSION_SSL 0
423 #define SSL_MINOR_VERSION_TLS 1
424 #define SSL_MINOR_VERSION_TLS11 2
425 #define SSL_MINOR_VERSION_TLS12 3
426 
427 /* SSL sender label values for the finished message MAC */
428 
429 #define SSL_SENDER_CLIENTLABEL "CLNT"
430 #define SSL_SENDER_SERVERLABEL "SRVR"
431 #define SSL_SENDERLABEL_SIZE 4
432 
433 /* SSL/TLS cipher suite flags. These are:
434 
435  CIPHERSUITE_PSK: Suite is a TLS-PSK suite and is used only if we're
436  using TLS-PSK.
437 
438  CIPHERSUITE_DH: Suite is a DH suite.
439 
440  CIPHERSUITE_ECC: Suite is an ECC suite and is used only if ECC is
441  enabled.
442 
443  CIPHERSUITE_GCM: Encryption uses GCM instead of the usual CBC.
444 
445  CIPHERSUITE_TLS12: Suite is a TLS 1.2 suite and is only sent if
446  TLS 1.2 is enabled */
447 
448 #define CIPHERSUITE_FLAG_NONE 0x00 /* No suite */
449 #define CIPHERSUITE_FLAG_PSK 0x01 /* TLS-PSK suite */
450 #define CIPHERSUITE_FLAG_DH 0x02 /* DH suite */
451 #define CIPHERSUITE_FLAG_ECC 0x04 /* ECC suite */
452 #define CIPHERSUITE_FLAG_TLS12 0x08 /* TLS 1.2 suite */
453 #define CIPHERSUITE_FLAG_GCM 0x10 /* GCM instead of CBC */
454 #define CIPHERSUITE_FLAG_MAX 0x1F /* Maximum possible flag value */
455 
456 typedef struct {
457  /* The SSL/TLS cipher suite */
458  const int cipherSuite;
459 #ifndef NDEBUG
460  const char *description;
461 #endif /* NDEBUG */
462 
463  /* cryptlib algorithms for the cipher suite */
464  const CRYPT_ALGO_TYPE keyexAlgo, authAlgo, cryptAlgo, macAlgo;
465 
466  /* Auxiliary information for the suite */
467  const int macParam, cryptKeySize, macBlockSize;
468  const int flags;
469  } CIPHERSUITE_INFO;
470 
471 /* When building the debug version of the code we include a text string
472  describing the cipher suite which is being processed, this makes it
473  easier to track down problems */
474 
475 #ifndef NDEBUG
476  #define DESCRIPTION( text ) text,
477 #else
478  #define DESCRIPTION( text )
479 #endif /* NDEBUG */
480 
481 /* If we're configured to only use Suite B algorithms, we override the
482  algoAvailable() check to report that only Suite B algorithms are
483  available */
484 
485 #ifdef CONFIG_SUITEB
486 
487 #if defined( _MSC_VER )
488  #pragma message( " Building with Suite B algorithms only." )
489 #endif /* VC++ */
490 
491 #define algoAvailable( algo ) \
492  ( ( ( algo ) == CRYPT_ALGO_AES || ( algo ) == CRYPT_ALGO_ECDSA || \
493  ( algo ) == CRYPT_ALGO_ECDH || ( algo ) == CRYPT_ALGO_SHA2 || \
494  ( algo ) == CRYPT_ALGO_HMAC_SHA2 ) ? TRUE : FALSE )
495 
496  /* Special configuration defines to enable nonstandard behaviour for
497  Suite B tests */
498  #ifdef CONFIG_SUITEB_TESTS
499  typedef enum {
500  SUITEB_TEST_NONE, /* No special test behaviour */
501 
502  /* RFC 5430bis tests */
503  SUITEB_TEST_CLIINVALIDCURVE,/* Client sends non-Suite B curve */
504  SUITEB_TEST_SVRINVALIDCURVE,/* Server sends non-Suite B curve */
505  SUITEB_TEST_BOTHCURVES, /* Client must send P256 and P384 as supp.curves */
506  SUITEB_TEST_BOTHSIGALGOS, /* Client must send SHA256 and SHA384 as sig.algos */
507 
508  SUITEB_TEST_LAST
509  } SUITEB_TEST_VALUE;
510 
511  extern SUITEB_TEST_VALUE suiteBTestValue;
512  extern BOOLEAN suiteBTestClientCert;
513  #endif /* CONFIG_SUITEB_TESTS */
514 #endif /* Suite B algorithms only */
515 
516 /****************************************************************************
517 * *
518 * SSL Structures *
519 * *
520 ****************************************************************************/
521 
522 /* SSL/TLS handshake state information. This is passed around various
523  subfunctions that handle individual parts of the handshake */
524 
525 typedef struct SL {
526  /* Client and server dual-hash/hash contexts */
527  CRYPT_CONTEXT md5context, sha1context, sha2context;
528 #ifdef CONFIG_SUITEB
529  CRYPT_CONTEXT sha384context;
530 #endif /* CONFIG_SUITEB */
531 
532  /* Client and server nonces and session ID */
533  BUFFER_FIXED( SSL_NONCE_SIZE ) \
534  BYTE clientNonce[ SSL_NONCE_SIZE + 8 ];
535  BUFFER_FIXED( SSL_NONCE_SIZE ) \
536  BYTE serverNonce[ SSL_NONCE_SIZE + 8 ];
537  BUFFER( MAX_SESSIONID_SIZE, sessionIDlength ) \
538  BYTE sessionID[ MAX_SESSIONID_SIZE + 8 ];
539  int sessionIDlength;
540 
541  /* Premaster/master secret */
542  BUFFER( CRYPT_MAX_PKCSIZE + CRYPT_MAX_TEXTSIZE, premasterSecretSize ) \
543  BYTE premasterSecret[ CRYPT_MAX_PKCSIZE + CRYPT_MAX_TEXTSIZE + 8 ];
544  int premasterSecretSize;
545 
546  /* Encryption/security information. The encryption algorithm (cryptAlgo)
547  and integrity algorithm (integrityAlgo) are stored with the session
548  information, although the optional integrity-algorithm parameters are
549  stored here */
550  CRYPT_CONTEXT dhContext; /* DH context if DHE is being used */
551  CRYPT_CONTEXT certVerifyContext;/* Hash context if client certs used */
552  int cipherSuite; /* Selected cipher suite */
553  CRYPT_ALGO_TYPE keyexAlgo, authAlgo;/* Selected cipher suite algos */
554  int integrityAlgoParam; /* Optional param.for integrity algo */
555  CRYPT_ALGO_TYPE keyexSigHashAlgo;/* Algo.for keyex authentication */
556  int keyexSigHashAlgoParam; /* Optional params.for keyex hash */
557  int cryptKeysize; /* Size of session key */
558 
559  /* Other information */
560  int clientOfferedVersion; /* Prot.vers.originally offered by client */
561  int originalVersion; /* Original version set by the user before
562  it was modified based on what the peer
563  requested */
564 #ifdef ALLOW_SSLV2_HELLO /* 28/01/08 Disabled since it's now finally
565  removed in MSIE and Firefox */
566  BOOLEAN isSSLv2; /* Client hello is SSLv2 */
567 #endif /* ALLOW_SSLV2_HELLO */
568  BOOLEAN hasExtensions; /* Hello has TLS extensions */
569  BOOLEAN needSNIResponse; /* Server needs to respond to SNI */
570  BOOLEAN needRenegResponse; /* Server needs to respond to reneg.ind.*/
571 
572  /* ECC-related information. Since ECC algorithms have a huge pile of
573  parameters we need to parse any extensions that the client sends in
574  order to locate any additional information required to handle them.
575  In the worst case these can retroactively modify the already-
576  negotiated cipher suites, disabling the use of ECC algorithms after
577  they were agreed on via cipher suites. To handle this we remember
578  both the preferred mainstream suite and a pointer to the preferred
579  ECC suite in 'eccSuiteInfoPtr', if it later turns out that the use
580  of ECC is OK we reset the crypto parameters using the save ECC suite
581  pointer.
582 
583  If the use of ECC isn't retroactively disabled then the eccCurveID
584  and sendECCPointExtn values indicate which curve to use and whether
585  the server needs to respond with a point-extension indicator */
586  BOOLEAN disableECC; /* Extn.disabled use of ECC suites */
587  CRYPT_ECCCURVE_TYPE eccCurveID; /* cryptlib ID of ECC curve to use */
588  BOOLEAN sendECCPointExtn; /* Whether svr.has to respond with ECC point ext.*/
589  const void *eccSuiteInfoPtr; /* ECC suite information */
590 
591  /* The packet data stream. Since SSL can encapsulate multiple handshake
592  packets within a single SSL packet, the stream has to be persistent
593  across the different handshake functions to allow the continuation of
594  packets */
595  STREAM stream; /* Packet data stream */
596 
597  /* Function pointers to handshaking functions. These are set up as
598  required depending on whether the session is client or server */
599  CHECK_RETVAL_FNPTR STDC_NONNULL_ARG( ( 1, 2 ) ) \
600  int ( *beginHandshake )( INOUT SESSION_INFO *sessionInfoPtr,
601  struct SL *handshakeInfo );
602  CHECK_RETVAL_FNPTR STDC_NONNULL_ARG( ( 1, 2 ) ) \
603  int ( *exchangeKeys )( INOUT SESSION_INFO *sessionInfoPtr,
604  struct SL *handshakeInfo );
605  } SSL_HANDSHAKE_INFO;
606 
607 /****************************************************************************
608 * *
609 * SSL/TLS Functions *
610 * *
611 ****************************************************************************/
612 
613 /* Prototypes for functions in ssl.c */
614 
615 CHECK_RETVAL_LENGTH STDC_NONNULL_ARG( ( 1 ) ) \
616 int readUint24( INOUT STREAM *stream );
617 STDC_NONNULL_ARG( ( 1 ) ) \
618 int writeUint24( INOUT STREAM *stream, IN_LENGTH const int length );
619 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2, 4 ) ) \
620 int readEcdhValue( INOUT STREAM *stream,
621  OUT_BUFFER( *valueLen, valueMaxLen ) void *value,
622  IN_LENGTH_SHORT_MIN( 64 ) const int valueMaxLen,
623  OUT_LENGTH_PKC_Z int *valueLen );
624 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2, 3, 4 ) ) \
625 int readSSLCertChain( INOUT SESSION_INFO *sessionInfoPtr,
626  INOUT SSL_HANDSHAKE_INFO *handshakeInfo,
627  INOUT STREAM *stream,
628  OUT_HANDLE_OPT CRYPT_CERTIFICATE *iCertChain,
629  const BOOLEAN isServer );
630 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \
631 int writeSSLCertChain( INOUT SESSION_INFO *sessionInfoPtr,
632  INOUT STREAM *stream );
633 
634 /* Prototypes for functions in ssl_cry.c */
635 
636 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2, 4 ) ) \
637 int encryptData( const SESSION_INFO *sessionInfoPtr,
638  INOUT_BUFFER( dataMaxLength, *dataLength ) \
639  BYTE *data,
640  IN_LENGTH const int dataMaxLength,
641  OUT_LENGTH_Z int *dataLength,
642  IN_LENGTH const int payloadLength );
643  /* This one's a bit tricky, the input is
644  { data, payloadLength } which is padded (if necessary)
645  and the padded length returned in '*dataLength' */
646 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2, 4 ) ) \
647 int decryptData( SESSION_INFO *sessionInfoPtr,
648  INOUT_BUFFER_FIXED( dataLength ) \
649  BYTE *data,
650  IN_LENGTH const int dataLength,
651  OUT_LENGTH_Z int *processedDataLength );
652  /* This one's also tricky, the entire data block will be
653  processed but only 'processedDataLength' bytes of result
654  are valid output */
655 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2, 4 ) ) \
656 int createMacSSL( INOUT SESSION_INFO *sessionInfoPtr,
657  INOUT_BUFFER( dataMaxLength, *dataLength ) void *data,
658  IN_LENGTH const int dataMaxLength,
659  OUT_LENGTH_Z int *dataLength,
660  IN_LENGTH const int payloadLength,
661  IN_RANGE( 0, 255 ) const int type );
662 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2, 4 ) ) \
663 int createMacTLS( INOUT SESSION_INFO *sessionInfoPtr,
664  OUT_BUFFER( dataMaxLength, *dataLength ) void *data,
665  IN_LENGTH const int dataMaxLength,
666  OUT_LENGTH_Z int *dataLength,
667  IN_LENGTH const int payloadLength,
668  IN_RANGE( 0, 255 ) const int type );
669 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \
670 int checkMacSSL( INOUT SESSION_INFO *sessionInfoPtr,
671  IN_BUFFER( dataLength ) const void *data,
672  IN_LENGTH const int dataLength,
673  IN_LENGTH_Z const int payloadLength,
674  IN_RANGE( 0, 255 ) const int type,
675  const BOOLEAN noReportError );
676 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \
677 int checkMacTLS( INOUT SESSION_INFO *sessionInfoPtr,
678  IN_BUFFER( dataLength ) const void *data,
679  IN_LENGTH const int dataLength,
680  IN_LENGTH_Z const int payloadLength,
681  IN_RANGE( 0, 255 ) const int type,
682  const BOOLEAN noReportError );
683 CHECK_RETVAL \
684 int macDataTLSGCM( IN_HANDLE const CRYPT_CONTEXT iCryptContext,
685  IN_INT_Z const long seqNo,
686  IN_RANGE( SSL_MINOR_VERSION_TLS, \
687  SSL_MINOR_VERSION_TLS12 ) const int version,
688  IN_LENGTH_Z const int payloadLength,
689  IN_RANGE( 0, 255 ) const int type );
690 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \
691 int hashHSPacketRead( const SSL_HANDSHAKE_INFO *handshakeInfo,
692  INOUT STREAM *stream );
693 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \
694 int hashHSPacketWrite( const SSL_HANDSHAKE_INFO *handshakeInfo,
695  INOUT STREAM *stream,
696  IN_LENGTH_Z const int offset );
697 CHECK_RETVAL STDC_NONNULL_ARG( ( 3, 5, 6, 8 ) ) \
698 int completeSSLDualMAC( IN_HANDLE const CRYPT_CONTEXT md5context,
699  IN_HANDLE const CRYPT_CONTEXT sha1context,
700  OUT_BUFFER( hashValuesMaxLen, *hashValuesLen )
701  BYTE *hashValues,
702  IN_LENGTH_SHORT_MIN( MD5MAC_SIZE + SHA1MAC_SIZE ) \
703  const int hashValuesMaxLen,
704  OUT_LENGTH_SHORT_Z int *hashValuesLen,
705  IN_BUFFER( labelLength ) const char *label,
706  IN_RANGE( 1, 64 ) const int labelLength,
707  IN_BUFFER( masterSecretLen ) const BYTE *masterSecret,
708  IN_LENGTH_SHORT const int masterSecretLen );
709 CHECK_RETVAL STDC_NONNULL_ARG( ( 3, 5, 6, 8 ) ) \
710 int completeTLSHashedMAC( IN_HANDLE const CRYPT_CONTEXT md5context,
711  IN_HANDLE const CRYPT_CONTEXT sha1context,
712  OUT_BUFFER( hashValuesMaxLen, *hashValuesLen ) \
713  BYTE *hashValues,
714  IN_LENGTH_SHORT_MIN( TLS_HASHEDMAC_SIZE ) \
715  const int hashValuesMaxLen,
716  OUT_LENGTH_SHORT_Z int *hashValuesLen,
717  IN_BUFFER( labelLength ) const char *label,
718  IN_RANGE( 1, 64 ) const int labelLength,
719  IN_BUFFER( masterSecretLen ) const BYTE *masterSecret,
720  IN_LENGTH_SHORT const int masterSecretLen );
721 CHECK_RETVAL STDC_NONNULL_ARG( ( 2, 4, 5, 7 ) ) \
722 int completeTLS12HashedMAC( IN_HANDLE const CRYPT_CONTEXT sha2context,
723  OUT_BUFFER( hashValuesMaxLen, *hashValuesLen ) \
724  BYTE *hashValues,
725  IN_LENGTH_SHORT_MIN( TLS_HASHEDMAC_SIZE ) \
726  const int hashValuesMaxLen,
727  OUT_LENGTH_SHORT_Z int *hashValuesLen,
728  IN_BUFFER( labelLength ) const char *label,
729  IN_RANGE( 1, 64 ) const int labelLength,
730  IN_BUFFER( masterSecretLen ) const BYTE *masterSecret,
731  IN_LENGTH_SHORT const int masterSecretLen );
732 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \
733 int createCertVerifyHash( const SESSION_INFO *sessionInfoPtr,
734  INOUT SSL_HANDSHAKE_INFO *handshakeInfo );
735 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2, 3 ) ) \
736 int createCertVerify( const SESSION_INFO *sessionInfoPtr,
737  INOUT SSL_HANDSHAKE_INFO *handshakeInfo,
738  INOUT STREAM *stream );
739 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2, 3 ) ) \
740 int checkCertVerify( const SESSION_INFO *sessionInfoPtr,
741  INOUT SSL_HANDSHAKE_INFO *handshakeInfo,
742  INOUT STREAM *stream,
743  IN_LENGTH_SHORT_MIN( MIN_CRYPT_OBJECTSIZE ) \
744  const int sigLength );
745 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2, 3, 4 ) ) \
746 int createKeyexSignature( INOUT SESSION_INFO *sessionInfoPtr,
747  INOUT SSL_HANDSHAKE_INFO *handshakeInfo,
748  INOUT STREAM *stream,
749  IN_BUFFER( keyDataLength ) const void *keyData,
750  IN_LENGTH_SHORT const int keyDataLength );
751 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2, 3, 4 ) ) \
752 int checkKeyexSignature( INOUT SESSION_INFO *sessionInfoPtr,
753  INOUT SSL_HANDSHAKE_INFO *handshakeInfo,
754  INOUT STREAM *stream,
755  IN_BUFFER( keyDataLength ) const void *keyData,
756  IN_LENGTH_SHORT const int keyDataLength,
757  const BOOLEAN isECC );
758 
759 /* Prototypes for functions in ssl_ext.c */
760 
761 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2, 3 ) ) \
762 int readExtensions( INOUT SESSION_INFO *sessionInfoPtr,
763  INOUT SSL_HANDSHAKE_INFO *handshakeInfo,
764  INOUT STREAM *stream,
765  IN_LENGTH_SHORT const int length );
766 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \
767 int writeClientExtensions( INOUT STREAM *stream,
768  INOUT SESSION_INFO *sessionInfoPtr );
769 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \
770 int writeServerExtensions( INOUT STREAM *stream,
771  INOUT SSL_HANDSHAKE_INFO *handshakeInfo );
772 
773 /* Prototypes for functions in ssl_hs.c/ssl_hsc.c */
774 
775 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2, 3 ) ) \
776 int processHelloSSL( INOUT SESSION_INFO *sessionInfoPtr,
777  INOUT SSL_HANDSHAKE_INFO *handshakeInfo,
778  INOUT STREAM *stream, const BOOLEAN isServer );
779 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \
780 int completeHandshakeSSL( INOUT SESSION_INFO *sessionInfoPtr,
781  INOUT SSL_HANDSHAKE_INFO *handshakeInfo,
782  const BOOLEAN isClient,
783  const BOOLEAN isResumedSession );
784 
785 /* Prototypes for functions in ssl_keymgmt.c */
786 
787 STDC_NONNULL_ARG( ( 1 ) ) \
788 void destroySecurityContextsSSL( INOUT SESSION_INFO *sessionInfoPtr );
789 CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
790 int initHandshakeCryptInfo( INOUT SSL_HANDSHAKE_INFO *handshakeInfo,
791  const BOOLEAN isTLS12 );
792 STDC_NONNULL_ARG( ( 1 ) ) \
793 void destroyHandshakeCryptInfo( INOUT SSL_HANDSHAKE_INFO *handshakeInfo );
794 CHECK_RETVAL STDC_NONNULL_ARG( ( 2 ) ) \
795 int cloneHashContext( IN_HANDLE const CRYPT_CONTEXT hashContext,
796  OUT_HANDLE_OPT CRYPT_CONTEXT *clonedHashContext );
797 CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
798 int initDHcontextSSL( OUT_HANDLE_OPT CRYPT_CONTEXT *iCryptContext,
799  IN_BUFFER_OPT( keyDataLength ) const void *keyData,
800  IN_LENGTH_SHORT_Z const int keyDataLength,
801  IN_HANDLE_OPT const CRYPT_CONTEXT iServerKeyTemplate,
802  IN_ENUM_OPT( CRYPT_ECCCURVE ) \
803  const CRYPT_ECCCURVE_TYPE eccParams );
804 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 3, 4 ) ) \
805 int createSharedPremasterSecret( OUT_BUFFER( premasterSecretMaxLength, \
806  *premasterSecretLength ) \
807  void *premasterSecret,
808  IN_LENGTH_SHORT \
809  const int premasterSecretMaxLength,
810  OUT_LENGTH_SHORT_Z int *premasterSecretLength,
811  IN_BUFFER( sharedSecretLength ) \
812  const void *sharedSecret,
813  IN_LENGTH_SHORT const int sharedSecretLength,
814  const BOOLEAN isEncodedValue );
815 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2, 3, 5 ) ) \
816 int wrapPremasterSecret( INOUT SESSION_INFO *sessionInfoPtr,
817  INOUT SSL_HANDSHAKE_INFO *handshakeInfo,
818  OUT_BUFFER( dataMaxLength, *dataLength ) void *data,
819  IN_LENGTH_SHORT const int dataMaxLength,
820  OUT_LENGTH_SHORT_Z int *dataLength );
821 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2, 3 ) ) \
822 int unwrapPremasterSecret( INOUT SESSION_INFO *sessionInfoPtr,
823  INOUT SSL_HANDSHAKE_INFO *handshakeInfo,
824  IN_BUFFER( dataLength ) const void *data,
825  IN_LENGTH_SHORT const int dataLength );
826 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2, 3 ) ) \
827 int initCryptoSSL( INOUT SESSION_INFO *sessionInfoPtr,
828  INOUT SSL_HANDSHAKE_INFO *handshakeInfo,
829  OUT_BUFFER_FIXED( masterSecreSize ) void *masterSecret,
830  IN_LENGTH_SHORT const int masterSecreSize,
831  const BOOLEAN isClient,
832  const BOOLEAN isResumedSession );
833 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2, 3 ) ) \
834 int loadExplicitIV( INOUT SESSION_INFO *sessionInfoPtr,
835  INOUT STREAM *stream,
836  OUT_INT_SHORT_Z int *ivLength );
837 
838 /* Prototypes for functions in ssl_rd.c */
839 
840 CHECK_RETVAL_PTR \
841 const char *getSSLPacketName( IN_RANGE( 0, 255 ) const int packetType );
842 CHECK_RETVAL_PTR \
843 const char *getSSLHSPacketName( IN_RANGE( 0, 255 ) const int packetType );
844 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \
845 int processVersionInfo( INOUT SESSION_INFO *sessionInfoPtr,
846  INOUT STREAM *stream,
847  OUT_OPT_INT_Z int *clientVersion );
848 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2, 3 ) ) \
849 int checkPacketHeaderSSL( INOUT SESSION_INFO *sessionInfoPtr,
850  INOUT STREAM *stream,
851  OUT_LENGTH_Z int *packetLength );
852 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2, 3 ) ) \
853 int checkHSPacketHeader( INOUT SESSION_INFO *sessionInfoPtr,
854  INOUT STREAM *stream,
855  OUT_LENGTH_Z int *packetLength,
856  IN_RANGE( SSL_HAND_FIRST, \
857  SSL_HAND_LAST ) const int packetType,
858  IN_LENGTH_SHORT_Z const int minSize );
859 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2, 4 ) ) \
860 int unwrapPacketSSL( INOUT SESSION_INFO *sessionInfoPtr,
861  INOUT_BUFFER( dataMaxLength, \
862  *dataLength ) void *data,
863  IN_LENGTH const int dataMaxLength,
864  OUT_LENGTH_Z int *dataLength,
865  IN_RANGE( SSL_HAND_FIRST, \
866  SSL_HAND_LAST ) const int packetType );
867 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 3 ) ) \
868 int readHSPacketSSL( INOUT SESSION_INFO *sessionInfoPtr,
869  INOUT_OPT SSL_HANDSHAKE_INFO *handshakeInfo,
870  OUT_LENGTH_Z int *packetLength,
871  IN_RANGE( SSL_HAND_FIRST, \
872  SSL_MSG_LAST_SPECIAL ) const int packetType );
873 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \
874 int refreshHSStream( INOUT SESSION_INFO *sessionInfoPtr,
875  INOUT SSL_HANDSHAKE_INFO *handshakeInfo );
876 
877 /* Prototypes for functions in ssl_suites.c */
878 
879 #ifndef CONFIG_SUITEB
880 
881 CHECK_RETVAL \
882 int getCipherSuiteInfo( OUT const CIPHERSUITE_INFO ***cipherSuiteInfoPtrPtrPtr,
883  OUT_INT_Z int *noSuiteEntries,
884  const BOOLEAN isServer );
885 #else
886 
887 #define getCipherSuiteInfo( infoPtr, noEntries, isServer ) \
888  getSuiteBCipherSuiteInfo( infoPtr, noEntries, isServer, suiteBinfo )
889 
890 CHECK_RETVAL \
891 int getSuiteBCipherSuiteInfo( OUT const CIPHERSUITE_INFO ***cipherSuiteInfoPtrPtrPtr,
892  OUT_INT_Z int *noSuiteEntries,
893  const BOOLEAN isServer,
894  IN_FLAGS_Z( SSL ) const int suiteBinfo );
895 
896 #endif /* CONFIG_SUITEB */
897 
898 /* Prototypes for functions in ssl_wr.c */
899 
900 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \
901 int wrapPacketSSL( INOUT SESSION_INFO *sessionInfoPtr,
902  INOUT STREAM *stream,
903  IN_LENGTH_Z const int offset );
904 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \
905 int sendPacketSSL( INOUT SESSION_INFO *sessionInfoPtr,
906  INOUT STREAM *stream, const BOOLEAN sendOnly );
907 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \
908 int openPacketStreamSSL( OUT STREAM *stream,
909  const SESSION_INFO *sessionInfoPtr,
910  IN_LENGTH_OPT const int bufferSize,
911  IN_RANGE( SSL_HAND_FIRST, \
912  SSL_HAND_LAST ) const int packetType );
913 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2, 4 ) ) \
914 int continuePacketStreamSSL( INOUT STREAM *stream,
915  const SESSION_INFO *sessionInfoPtr,
916  IN_RANGE( SSL_HAND_FIRST, \
917  SSL_HAND_LAST ) const int packetType,
918  OUT_LENGTH_SHORT_Z int *packetOffset );
919 CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
920 int completePacketStreamSSL( INOUT STREAM *stream,
921  IN_LENGTH_Z const int offset );
922 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 3 ) ) \
923 int continueHSPacketStream( INOUT STREAM *stream,
924  IN_RANGE( SSL_HAND_FIRST, \
925  SSL_HAND_LAST ) const int packetType,
926  OUT_LENGTH_SHORT_Z int *packetOffset );
927 CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
928 int completeHSPacketStream( INOUT STREAM *stream,
929  IN_LENGTH const int offset );
930 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \
931 int processAlert( INOUT SESSION_INFO *sessionInfoPtr,
932  IN_BUFFER( headerLength ) const void *header,
933  IN_LENGTH const int headerLength );
934 STDC_NONNULL_ARG( ( 1 ) ) \
935 void sendCloseAlert( INOUT SESSION_INFO *sessionInfoPtr,
936  const BOOLEAN alertReceived );
937 STDC_NONNULL_ARG( ( 1 ) ) \
938 void sendHandshakeFailAlert( INOUT SESSION_INFO *sessionInfoPtr );
939 
940 /* Prototypes for session mapping functions */
941 
942 STDC_NONNULL_ARG( ( 1 ) ) \
943 void initSSLclientProcessing( INOUT SSL_HANDSHAKE_INFO *handshakeInfo );
944 STDC_NONNULL_ARG( ( 1 ) ) \
945 void initSSLserverProcessing( SSL_HANDSHAKE_INFO *handshakeInfo );
946 
947 #endif /* _SSL_DEFINED */
Generated on Thu Jan 10 2013 10:00:53 for cryptlib by   doxygen 1.8.2