root / lab4 / .minix-src / include / openssl / dtls1.h @ 13
History | View | Annotate | Download (8.68 KB)
| 1 | 13 | up20180614 | /* ssl/dtls1.h */
|
|---|---|---|---|
| 2 | /*
|
||
| 3 | * DTLS implementation written by Nagendra Modadugu
|
||
| 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
|
||
| 5 | */
|
||
| 6 | /* ====================================================================
|
||
| 7 | * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
|
||
| 8 | *
|
||
| 9 | * Redistribution and use in source and binary forms, with or without
|
||
| 10 | * modification, are permitted provided that the following conditions
|
||
| 11 | * are met:
|
||
| 12 | *
|
||
| 13 | * 1. Redistributions of source code must retain the above copyright
|
||
| 14 | * notice, this list of conditions and the following disclaimer.
|
||
| 15 | *
|
||
| 16 | * 2. Redistributions in binary form must reproduce the above copyright
|
||
| 17 | * notice, this list of conditions and the following disclaimer in
|
||
| 18 | * the documentation and/or other materials provided with the
|
||
| 19 | * distribution.
|
||
| 20 | *
|
||
| 21 | * 3. All advertising materials mentioning features or use of this
|
||
| 22 | * software must display the following acknowledgment:
|
||
| 23 | * "This product includes software developed by the OpenSSL Project
|
||
| 24 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
|
||
| 25 | *
|
||
| 26 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
||
| 27 | * endorse or promote products derived from this software without
|
||
| 28 | * prior written permission. For written permission, please contact
|
||
| 29 | * openssl-core@OpenSSL.org.
|
||
| 30 | *
|
||
| 31 | * 5. Products derived from this software may not be called "OpenSSL"
|
||
| 32 | * nor may "OpenSSL" appear in their names without prior written
|
||
| 33 | * permission of the OpenSSL Project.
|
||
| 34 | *
|
||
| 35 | * 6. Redistributions of any form whatsoever must retain the following
|
||
| 36 | * acknowledgment:
|
||
| 37 | * "This product includes software developed by the OpenSSL Project
|
||
| 38 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
|
||
| 39 | *
|
||
| 40 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
||
| 41 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||
| 42 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||
| 43 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
||
| 44 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||
| 45 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||
| 46 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||
| 47 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||
| 49 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||
| 50 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||
| 51 | * OF THE POSSIBILITY OF SUCH DAMAGE.
|
||
| 52 | * ====================================================================
|
||
| 53 | *
|
||
| 54 | * This product includes cryptographic software written by Eric Young
|
||
| 55 | * (eay@cryptsoft.com). This product includes software written by Tim
|
||
| 56 | * Hudson (tjh@cryptsoft.com).
|
||
| 57 | *
|
||
| 58 | */
|
||
| 59 | |||
| 60 | #ifndef HEADER_DTLS1_H
|
||
| 61 | # define HEADER_DTLS1_H
|
||
| 62 | |||
| 63 | # include <openssl/buffer.h> |
||
| 64 | # include <openssl/pqueue.h> |
||
| 65 | # ifdef OPENSSL_SYS_VMS
|
||
| 66 | # include <resource.h> |
||
| 67 | # include <sys/timeb.h> |
||
| 68 | # endif
|
||
| 69 | # ifdef OPENSSL_SYS_WIN32
|
||
| 70 | /* Needed for struct timeval */
|
||
| 71 | # include <winsock.h> |
||
| 72 | # elif defined(OPENSSL_SYS_NETWARE) && !defined(_WINSOCK2API_)
|
||
| 73 | # include <sys/timeval.h> |
||
| 74 | # else
|
||
| 75 | # if defined(OPENSSL_SYS_VXWORKS)
|
||
| 76 | # include <sys/times.h> |
||
| 77 | # else
|
||
| 78 | # include <sys/time.h> |
||
| 79 | # endif
|
||
| 80 | # endif
|
||
| 81 | |||
| 82 | #ifdef __cplusplus
|
||
| 83 | extern "C" { |
||
| 84 | #endif
|
||
| 85 | |||
| 86 | # define DTLS1_VERSION 0xFEFF |
||
| 87 | # define DTLS_MAX_VERSION DTLS1_VERSION
|
||
| 88 | # define DTLS1_VERSION_MAJOR 0xFE |
||
| 89 | |||
| 90 | # define DTLS1_BAD_VER 0x0100 |
||
| 91 | |||
| 92 | # if 0
|
||
| 93 | /* this alert description is not specified anywhere... */
|
||
| 94 | # define DTLS1_AD_MISSING_HANDSHAKE_MESSAGE 110
|
||
| 95 | # endif
|
||
| 96 | |||
| 97 | /* lengths of messages */
|
||
| 98 | # define DTLS1_COOKIE_LENGTH 256
|
||
| 99 | |||
| 100 | # define DTLS1_RT_HEADER_LENGTH 13
|
||
| 101 | |||
| 102 | # define DTLS1_HM_HEADER_LENGTH 12
|
||
| 103 | |||
| 104 | # define DTLS1_HM_BAD_FRAGMENT -2
|
||
| 105 | # define DTLS1_HM_FRAGMENT_RETRY -3
|
||
| 106 | |||
| 107 | # define DTLS1_CCS_HEADER_LENGTH 1
|
||
| 108 | |||
| 109 | # ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
|
||
| 110 | # define DTLS1_AL_HEADER_LENGTH 7
|
||
| 111 | # else
|
||
| 112 | # define DTLS1_AL_HEADER_LENGTH 2
|
||
| 113 | # endif
|
||
| 114 | |||
| 115 | # ifndef OPENSSL_NO_SSL_INTERN
|
||
| 116 | |||
| 117 | # ifndef OPENSSL_NO_SCTP
|
||
| 118 | # define DTLS1_SCTP_AUTH_LABEL "EXPORTER_DTLS_OVER_SCTP"
|
||
| 119 | # endif
|
||
| 120 | |||
| 121 | /* Max MTU overhead we know about so far is 40 for IPv6 + 8 for UDP */
|
||
| 122 | # define DTLS1_MAX_MTU_OVERHEAD 48
|
||
| 123 | |||
| 124 | typedef struct dtls1_bitmap_st {
|
||
| 125 | unsigned long map; /* track 32 packets on 32-bit systems and 64
|
||
| 126 | * - on 64-bit systems */
|
||
| 127 | unsigned char max_seq_num[8]; /* max record number seen so far, 64-bit
|
||
| 128 | * value in big-endian encoding */
|
||
| 129 | } DTLS1_BITMAP;
|
||
| 130 | |||
| 131 | struct dtls1_retransmit_state {
|
||
| 132 | EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */
|
||
| 133 | EVP_MD_CTX *write_hash; /* used for mac generation */
|
||
| 134 | # ifndef OPENSSL_NO_COMP
|
||
| 135 | COMP_CTX *compress; /* compression */
|
||
| 136 | # else
|
||
| 137 | char *compress;
|
||
| 138 | # endif
|
||
| 139 | SSL_SESSION *session;
|
||
| 140 | unsigned short epoch;
|
||
| 141 | };
|
||
| 142 | |||
| 143 | struct hm_header_st {
|
||
| 144 | unsigned char type;
|
||
| 145 | unsigned long msg_len;
|
||
| 146 | unsigned short seq;
|
||
| 147 | unsigned long frag_off;
|
||
| 148 | unsigned long frag_len;
|
||
| 149 | unsigned int is_ccs;
|
||
| 150 | struct dtls1_retransmit_state saved_retransmit_state;
|
||
| 151 | };
|
||
| 152 | |||
| 153 | struct ccs_header_st {
|
||
| 154 | unsigned char type;
|
||
| 155 | unsigned short seq;
|
||
| 156 | };
|
||
| 157 | |||
| 158 | struct dtls1_timeout_st {
|
||
| 159 | /* Number of read timeouts so far */
|
||
| 160 | unsigned int read_timeouts;
|
||
| 161 | /* Number of write timeouts so far */
|
||
| 162 | unsigned int write_timeouts;
|
||
| 163 | /* Number of alerts received so far */
|
||
| 164 | unsigned int num_alerts;
|
||
| 165 | };
|
||
| 166 | |||
| 167 | typedef struct record_pqueue_st {
|
||
| 168 | unsigned short epoch;
|
||
| 169 | pqueue q;
|
||
| 170 | } record_pqueue;
|
||
| 171 | |||
| 172 | typedef struct hm_fragment_st {
|
||
| 173 | struct hm_header_st msg_header;
|
||
| 174 | unsigned char *fragment;
|
||
| 175 | unsigned char *reassembly;
|
||
| 176 | } hm_fragment;
|
||
| 177 | |||
| 178 | typedef struct dtls1_state_st {
|
||
| 179 | unsigned int send_cookie;
|
||
| 180 | unsigned char cookie[DTLS1_COOKIE_LENGTH];
|
||
| 181 | unsigned char rcvd_cookie[DTLS1_COOKIE_LENGTH];
|
||
| 182 | unsigned int cookie_len;
|
||
| 183 | /*
|
||
| 184 | * The current data and handshake epoch. This is initially
|
||
| 185 | * undefined, and starts at zero once the initial handshake is
|
||
| 186 | * completed
|
||
| 187 | */
|
||
| 188 | unsigned short r_epoch;
|
||
| 189 | unsigned short w_epoch;
|
||
| 190 | /* records being received in the current epoch */
|
||
| 191 | DTLS1_BITMAP bitmap;
|
||
| 192 | /* renegotiation starts a new set of sequence numbers */
|
||
| 193 | DTLS1_BITMAP next_bitmap;
|
||
| 194 | /* handshake message numbers */
|
||
| 195 | unsigned short handshake_write_seq;
|
||
| 196 | unsigned short next_handshake_write_seq;
|
||
| 197 | unsigned short handshake_read_seq;
|
||
| 198 | /* save last sequence number for retransmissions */
|
||
| 199 | unsigned char last_write_sequence[8];
|
||
| 200 | /* Received handshake records (processed and unprocessed) */
|
||
| 201 | record_pqueue unprocessed_rcds;
|
||
| 202 | record_pqueue processed_rcds;
|
||
| 203 | /* Buffered handshake messages */
|
||
| 204 | pqueue buffered_messages;
|
||
| 205 | /* Buffered (sent) handshake records */
|
||
| 206 | pqueue sent_messages;
|
||
| 207 | /*
|
||
| 208 | * Buffered application records. Only for records between CCS and
|
||
| 209 | * Finished to prevent either protocol violation or unnecessary message
|
||
| 210 | * loss.
|
||
| 211 | */
|
||
| 212 | record_pqueue buffered_app_data;
|
||
| 213 | /* Is set when listening for new connections with dtls1_listen() */
|
||
| 214 | unsigned int listen;
|
||
| 215 | unsigned int link_mtu; /* max on-the-wire DTLS packet size */
|
||
| 216 | unsigned int mtu; /* max DTLS packet size */
|
||
| 217 | struct hm_header_st w_msg_hdr;
|
||
| 218 | struct hm_header_st r_msg_hdr;
|
||
| 219 | struct dtls1_timeout_st timeout;
|
||
| 220 | /*
|
||
| 221 | * Indicates when the last handshake msg or heartbeat sent will timeout
|
||
| 222 | */
|
||
| 223 | struct timeval next_timeout;
|
||
| 224 | /* Timeout duration */
|
||
| 225 | unsigned short timeout_duration;
|
||
| 226 | /*
|
||
| 227 | * storage for Alert/Handshake protocol data received but not yet
|
||
| 228 | * processed by ssl3_read_bytes:
|
||
| 229 | */
|
||
| 230 | unsigned char alert_fragment[DTLS1_AL_HEADER_LENGTH];
|
||
| 231 | unsigned int alert_fragment_len;
|
||
| 232 | unsigned char handshake_fragment[DTLS1_HM_HEADER_LENGTH];
|
||
| 233 | unsigned int handshake_fragment_len;
|
||
| 234 | unsigned int retransmitting;
|
||
| 235 | /*
|
||
| 236 | * Set when the handshake is ready to process peer's ChangeCipherSpec message.
|
||
| 237 | * Cleared after the message has been processed.
|
||
| 238 | */
|
||
| 239 | unsigned int change_cipher_spec_ok;
|
||
| 240 | # ifndef OPENSSL_NO_SCTP
|
||
| 241 | /* used when SSL_ST_XX_FLUSH is entered */
|
||
| 242 | int next_state;
|
||
| 243 | int shutdown_received;
|
||
| 244 | # endif
|
||
| 245 | } DTLS1_STATE;
|
||
| 246 | |||
| 247 | typedef struct dtls1_record_data_st {
|
||
| 248 | unsigned char *packet;
|
||
| 249 | unsigned int packet_length;
|
||
| 250 | SSL3_BUFFER rbuf;
|
||
| 251 | SSL3_RECORD rrec;
|
||
| 252 | # ifndef OPENSSL_NO_SCTP
|
||
| 253 | struct bio_dgram_sctp_rcvinfo recordinfo;
|
||
| 254 | # endif
|
||
| 255 | } DTLS1_RECORD_DATA;
|
||
| 256 | |||
| 257 | # endif
|
||
| 258 | |||
| 259 | /* Timeout multipliers (timeout slice is defined in apps/timeouts.h */
|
||
| 260 | # define DTLS1_TMO_READ_COUNT 2
|
||
| 261 | # define DTLS1_TMO_WRITE_COUNT 2
|
||
| 262 | |||
| 263 | # define DTLS1_TMO_ALERT_COUNT 12
|
||
| 264 | |||
| 265 | #ifdef __cplusplus
|
||
| 266 | }
|
||
| 267 | #endif
|
||
| 268 | #endif |