search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Added support for an old version of the DTLS protocol
[gnutls.git] / lib / gnutls_int.h
blob02c4f9524cfd4f77704122d6548ea71920e3a8db
1 /*
2 * Copyright (C) 2000-2012 Free Software Foundation, Inc.
3 *
4 * Author: Nikos Mavrogiannopoulos
5 *
6 * This file is part of GnuTLS.
7 *
8 * The GnuTLS is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 3 of
11 * the License, or (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with this program. If not, see <http://www.gnu.org/licenses/>
20 *
21 */
22
23 #ifndef GNUTLS_INT_H
24 #define GNUTLS_INT_H
25
26 #ifdef HAVE_CONFIG_H
27 #include <config.h>
28 #endif
29
30 #include <stddef.h>
31 #include <string.h>
32 #include <stdlib.h>
33 #include <stdio.h>
34 #include <ctype.h>
35 #include <limits.h>
36 #include <stdint.h>
37
38 #ifdef NO_SSIZE_T
39 #define HAVE_SSIZE_T
40 typedef int ssize_t;
41 #endif
42
43 #include <sys/types.h>
44 #include <unistd.h>
45 #include <sys/stat.h>
46 #if HAVE_SYS_SOCKET_H
47 # include <sys/socket.h>
48 #elif HAVE_WS2TCPIP_H
49 # include <ws2tcpip.h>
50 #endif
51 #include <time.h>
52 #include <u64.h> /* gnulib for uint64_t */
53
54 #ifdef HAVE_LIBNETTLE
55 # include <nettle/memxor.h>
56 #else
57 # include <gl/memxor.h>
58 # define memxor gl_memxor
59 #endif
60
61 #ifdef __GNUC__
62 # ifndef _GNUTLS_GCC_VERSION
63 # define _GNUTLS_GCC_VERSION (__GNUC__ * 10000 + __GNUC_MINOR__ * 100 + __GNUC_PATCHLEVEL__)
64 # endif
65 # if _GNUTLS_GCC_VERSION >= 30100
66 # define likely(x) __builtin_expect((x), 1)
67 # define unlikely(x) __builtin_expect((x), 0)
68 # endif
69 #endif
70
71 #ifndef likely
72 # define likely
73 # define unlikely
74 #endif
75
76 /* some systems had problems with long long int, thus,
77 * it is not used.
78 */
79 typedef struct
80 {
81 unsigned char i[8];
82 } uint64;
83
84 #include <gnutls/gnutls.h>
85 #include <gnutls/abstract.h>
86 #include <system.h>
87
88 /*
89 * They are not needed any more. You can simply enable
90 * the gnutls_log callback to get error descriptions.
91
92 #define BUFFERS_DEBUG
93 #define WRITE_DEBUG
94 #define READ_DEBUG
95 #define HANDSHAKE_DEBUG // Prints some information on handshake
96 #define COMPRESSION_DEBUG
97 #define DEBUG
98 */
99
100 /* The size of a handshake message should not
101 * be larger than this value.
102 */
103 #define MAX_HANDSHAKE_PACKET_SIZE 48*1024
104
105 #define TLS_MAX_SESSION_ID_SIZE 32
106
107 /* The maximum digest size of hash algorithms.
108 */
109 #define MAX_HASH_SIZE 64
110 #define MAX_CIPHER_BLOCK_SIZE 16
111 #define MAX_CIPHER_KEY_SIZE 32
112
113 #define MAX_USERNAME_SIZE 128
114 #define MAX_SERVER_NAME_SIZE 128
115
116 #define SESSION_TICKET_KEY_NAME_SIZE 16
117 #define SESSION_TICKET_KEY_SIZE 16
118 #define SESSION_TICKET_IV_SIZE 16
119 #define SESSION_TICKET_MAC_SECRET_SIZE 32
120
121 #define AEAD_EXPLICIT_DATA_SIZE 8
122 #define AEAD_IMPLICIT_DATA_SIZE 4
123
124 #define GNUTLS_MASTER_SIZE 48
125 #define GNUTLS_RANDOM_SIZE 32
126
127 /* DTLS */
128 #define DTLS_RECORD_WINDOW_SIZE 64
129
130 /* TLS Extensions */
131 /* we can receive up to MAX_EXT_TYPES extensions.
132 */
133 #define MAX_EXT_TYPES 32
134
135 /**
136 * gnutls_ext_parse_type_t:
137 * @GNUTLS_EXT_NONE: Never parsed
138 * @GNUTLS_EXT_ANY: Any extension type.
139 * @GNUTLS_EXT_APPLICATION: Application extension.
140 * @GNUTLS_EXT_TLS: TLS-internal extension.
141 * @GNUTLS_EXT_MANDATORY: Extension parsed even if resuming (or extensions are disabled).
142 *
143 * Enumeration of different TLS extension types. This flag
144 * indicates for an extension whether it is useful to application
145 * level or TLS level only. This is (only) used to parse the
146 * application level extensions before the "client_hello" callback
147 * is called.
148 */
149 typedef enum
150 {
151 GNUTLS_EXT_ANY = 0,
152 GNUTLS_EXT_APPLICATION = 1,
153 GNUTLS_EXT_TLS = 2,
154 GNUTLS_EXT_MANDATORY = 3,
155 GNUTLS_EXT_NONE = 4
156 } gnutls_ext_parse_type_t;
157
158
159 /* expire time for resuming sessions */
160 #define DEFAULT_EXPIRE_TIME 3600
161
162 typedef enum transport_t
163 {
164 GNUTLS_STREAM,
165 GNUTLS_DGRAM
166 } transport_t;
167
168 /* the maximum size of encrypted packets */
169 #define IS_DTLS(session) (session->internals.transport == GNUTLS_DGRAM)
170
171 #define DEFAULT_MAX_RECORD_SIZE 16384
172 #define TLS_RECORD_HEADER_SIZE 5
173 #define DTLS_RECORD_HEADER_SIZE (TLS_RECORD_HEADER_SIZE+8)
174 #define RECORD_HEADER_SIZE(session) (IS_DTLS(session) ? DTLS_RECORD_HEADER_SIZE : TLS_RECORD_HEADER_SIZE)
175 #define MAX_RECORD_HEADER_SIZE DTLS_RECORD_HEADER_SIZE
176
177 #define MAX_RECORD_SEND_SIZE(session) (IS_DTLS(session)?((size_t)session->internals.dtls.mtu-DTLS_RECORD_HEADER_SIZE):(size_t)session->security_parameters.max_record_send_size)
178 #define MAX_RECORD_RECV_SIZE(session) ((size_t)session->security_parameters.max_record_recv_size)
179 #define MAX_PAD_SIZE 255
180 #define EXTRA_COMP_SIZE 2048
181 #define MAX_RECORD_OVERHEAD (MAX_CIPHER_BLOCK_SIZE/*iv*/+MAX_PAD_SIZE+EXTRA_COMP_SIZE+MAX_HASH_SIZE/*MAC*/)
182 #define MAX_RECV_SIZE(session) (MAX_RECORD_OVERHEAD+MAX_RECORD_RECV_SIZE(session)+RECORD_HEADER_SIZE(session))
183
184 #define TLS_HANDSHAKE_HEADER_SIZE 4
185 #define DTLS_HANDSHAKE_HEADER_SIZE (TLS_HANDSHAKE_HEADER_SIZE+8)
186 #define HANDSHAKE_HEADER_SIZE(session) (IS_DTLS(session) ? DTLS_HANDSHAKE_HEADER_SIZE : TLS_HANDSHAKE_HEADER_SIZE)
187 #define MAX_HANDSHAKE_HEADER_SIZE DTLS_HANDSHAKE_HEADER_SIZE
188
189 /* This is the maximum handshake message size we send without
190 fragmentation. This currently ignores record layer overhead. */
191 #define DTLS_DEFAULT_MTU 1200
192
193 /* the maximum size of the DTLS cookie */
194 #define DTLS_MAX_COOKIE_SIZE 32
195
196 /* The maximum number of HELLO_VERIFY_REQUEST messages the client
197 processes before aborting. */
198 #define MAX_HANDSHAKE_HELLO_VERIFY_REQUESTS 5
199
200 /* defaults for verification functions
201 */
202 #define DEFAULT_VERIFY_DEPTH 32
203 #define DEFAULT_VERIFY_BITS 16*1024
204
205 #include <gnutls_mem.h>
206
207 #define MEMSUB(x,y) ((ssize_t)((ptrdiff_t)x-(ptrdiff_t)y))
208
209 #define DECR_LEN(len, x) do { len-=x; if (len<0) {gnutls_assert(); return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;} } while (0)
210 #define DECR_LENGTH_RET(len, x, RET) do { len-=x; if (len<0) {gnutls_assert(); return RET;} } while (0)
211 #define DECR_LENGTH_COM(len, x, COM) do { len-=x; if (len<0) {gnutls_assert(); COM;} } while (0)
212
213 #define GNUTLS_POINTER_TO_INT(_) ((int) GNUTLS_POINTER_TO_INT_CAST (_))
214 #define GNUTLS_INT_TO_POINTER(_) ((void*) GNUTLS_POINTER_TO_INT_CAST (_))
215
216 typedef struct
217 {
218 uint8_t pint[3];
219 } uint24;
220
221 #include <gnutls_mpi.h>
222
223 typedef enum handshake_state_t
224 { STATE0 = 0, STATE1, STATE2,
225 STATE3, STATE4, STATE5,
226 STATE6, STATE7, STATE8, STATE9, STATE11 = 11,
227 STATE20 = 20, STATE21, STATE22,
228 STATE30 = 30, STATE31, STATE40 = 40, STATE41, STATE50 = 50,
229 STATE60 = 60, STATE61, STATE62, STATE70, STATE71
230 } handshake_state_t;
231
232 #include <gnutls_str.h>
233
234 /* This is the maximum number of algorithms (ciphers or macs etc).
235 * keep it synced with GNUTLS_MAX_ALGORITHM_NUM in gnutls.h
236 */
237 #define MAX_ALGOS GNUTLS_MAX_ALGORITHM_NUM
238
239 typedef enum extensions_t
240 {
241 GNUTLS_EXTENSION_SERVER_NAME = 0,
242 GNUTLS_EXTENSION_MAX_RECORD_SIZE = 1,
243 GNUTLS_EXTENSION_CERT_TYPE = 9,
244 GNUTLS_EXTENSION_SUPPORTED_ECC = 10,
245 GNUTLS_EXTENSION_SUPPORTED_ECC_PF = 11,
246 GNUTLS_EXTENSION_SRP = 12,
247 GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS = 13,
248 GNUTLS_EXTENSION_SESSION_TICKET = 35,
249 GNUTLS_EXTENSION_SAFE_RENEGOTIATION = 65281 /* aka: 0xff01 */
250 } extensions_t;
251
252 typedef enum
253 { CIPHER_STREAM, CIPHER_BLOCK } cipher_type_t;
254
255 #define RESUME_TRUE 1
256 #define RESUME_FALSE 0
257
258 /* Record Protocol */
259 typedef enum content_type_t
260 {
261 GNUTLS_CHANGE_CIPHER_SPEC = 20, GNUTLS_ALERT,
262 GNUTLS_HANDSHAKE, GNUTLS_APPLICATION_DATA,
263 } content_type_t;
264
265
266 #define GNUTLS_PK_ANY (gnutls_pk_algorithm_t)-1
267 #define GNUTLS_PK_NONE (gnutls_pk_algorithm_t)-2
268
269 /* Message buffers (mbuffers) structures */
270
271 /* this is actually the maximum number of distinct handshake
272 * messages that can arrive in a single flight
273 */
274 #define MAX_HANDSHAKE_MSGS 6
275 typedef struct
276 {
277 /* Handshake layer type and sequence of message */
278 gnutls_handshake_description_t htype;
279 uint32_t length;
280
281 /* valid in DTLS */
282 uint16_t sequence;
283
284 /* indicate whether that message is complete.
285 * complete means start_offset == 0 and end_offset == length
286 */
287 uint32_t start_offset;
288 uint32_t end_offset;
289
290 uint8_t header[MAX_HANDSHAKE_HEADER_SIZE];
291 int header_size;
292
293 gnutls_buffer_st data;
294 } handshake_buffer_st;
295
296 typedef struct mbuffer_st
297 {
298 /* when used in mbuffer_head_st */
299 struct mbuffer_st *next;
300 struct mbuffer_st *prev;
301
302 /* msg->size - mark = number of bytes left to process in this
303 message. Mark should only be non-zero when this buffer is the
304 head of the queue. */
305 size_t mark;
306
307
308 /* the data */
309 gnutls_datum_t msg;
310 size_t maximum_size;
311
312 /* used during fill in, to separate header from data
313 * body. */
314 unsigned int user_mark;
315
316 /* Filled in by record layer on recv:
317 * type, record_sequence
318 */
319
320 /* record layer content type */
321 content_type_t type;
322
323 /* record layer sequence */
324 uint64 record_sequence;
325
326 /* Filled in by handshake layer on send:
327 * type, epoch, htype, handshake_sequence
328 */
329
330 /* Record layer epoch of message */
331 uint16_t epoch;
332
333 /* Handshake layer type and sequence of message */
334 gnutls_handshake_description_t htype;
335 uint16_t handshake_sequence;
336 } mbuffer_st;
337
338 typedef struct mbuffer_head_st
339 {
340 mbuffer_st *head;
341 mbuffer_st *tail;
342
343 unsigned int length;
344 size_t byte_length;
345 } mbuffer_head_st;
346
347 /* Store & Retrieve functions defines:
348 */
349
350 typedef struct auth_cred_st
351 {
352 gnutls_credentials_type_t algorithm;
353
354 /* the type of credentials depends on algorithm
355 */
356 void *credentials;
357 struct auth_cred_st *next;
358 } auth_cred_st;
359
360 struct gnutls_key_st
361 {
362 /* For ECDH KX */
363 gnutls_pk_params_st ecdh_params;
364 bigint_t ecdh_x;
365 bigint_t ecdh_y;
366
367 /* For DH KX */
368 gnutls_datum_t key;
369 bigint_t KEY;
370 bigint_t client_Y;
371 bigint_t client_g;
372 bigint_t client_p;
373 bigint_t dh_secret;
374 /* for SRP */
375 bigint_t A;
376 bigint_t B;
377 bigint_t u;
378 bigint_t b;
379 bigint_t a;
380 bigint_t x;
381 /* RSA: e, m
382 */
383 bigint_t rsa[2];
384
385 /* this is used to hold the peers authentication data
386 */
387 /* auth_info_t structures SHOULD NOT contain malloced
388 * elements. Check gnutls_session_pack.c, and gnutls_auth.c.
389 * Remember that this should be calloced!
390 */
391 void *auth_info;
392 gnutls_credentials_type_t auth_info_type;
393 int auth_info_size; /* needed in order to store to db for restoring
394 */
395 uint8_t crypt_algo;
396
397 auth_cred_st *cred; /* used to specify keys/certificates etc */
398
399 int crt_requested;
400 /* some ciphersuites use this
401 * to provide client authentication.
402 * 1 if client auth was requested
403 * by the peer, 0 otherwise
404 *** In case of a server this
405 * holds 1 if we should wait
406 * for a client certificate verify
407 */
408 };
409 typedef struct gnutls_key_st *gnutls_key_st;
410
411
412 struct record_state_st;
413 typedef struct record_state_st record_state_st;
414
415 struct record_parameters_st;
416 typedef struct record_parameters_st record_parameters_st;
417
418 /* STATE (cont) */
419
420 #include <gnutls_hash_int.h>
421 #include <gnutls_cipher_int.h>
422 #include <gnutls_compress.h>
423
424 typedef struct
425 {
426 uint8_t hash_algorithm;
427 uint8_t sign_algorithm; /* pk algorithm actually */
428 } sign_algorithm_st;
429
430 /* This structure holds parameters got from TLS extension
431 * mechanism. (some extensions may hold parameters in auth_info_t
432 * structures also - see SRP).
433 */
434
435 #define MAX_SIGNATURE_ALGORITHMS 16
436 #define MAX_SIGN_ALGO_SIZE (2 + MAX_SIGNATURE_ALGORITHMS * 2)
437
438 #define MAX_VERIFY_DATA_SIZE 36 /* in SSL 3.0, 12 in TLS 1.0 */
439
440 /* auth_info_t structures now MAY contain malloced
441 * elements.
442 */
443
444 /* This structure and auth_info_t, are stored in the resume database,
445 * and are restored, in case of resume.
446 * Holds all the required parameters to resume the current
447 * session.
448 */
449
450 /* if you add anything in Security_Parameters struct, then
451 * also modify CPY_COMMON in gnutls_constate.c.
452 */
453
454 /* Note that the security parameters structure is set up after the
455 * handshake has finished. The only value you may depend on while
456 * the handshake is in progress is the cipher suite value.
457 */
458 typedef struct
459 {
460 unsigned int entity; /* GNUTLS_SERVER or GNUTLS_CLIENT */
461 gnutls_kx_algorithm_t kx_algorithm;
462
463 /* The epoch used to read and write */
464 uint16_t epoch_read;
465 uint16_t epoch_write;
466
467 /* The epoch that the next handshake will initialize. */
468 uint16_t epoch_next;
469
470 /* The epoch at index 0 of record_parameters. */
471 uint16_t epoch_min;
472
473 /* this is the ciphersuite we are going to use
474 * moved here from internals in order to be restored
475 * on resume;
476 */
477 uint8_t cipher_suite[2];
478 gnutls_compression_method_t compression_method;
479 uint8_t master_secret[GNUTLS_MASTER_SIZE];
480 uint8_t client_random[GNUTLS_RANDOM_SIZE];
481 uint8_t server_random[GNUTLS_RANDOM_SIZE];
482 uint8_t session_id[TLS_MAX_SESSION_ID_SIZE];
483 uint8_t session_id_size;
484 time_t timestamp;
485
486 /* The send size is the one requested by the programmer.
487 * The recv size is the one negotiated with the peer.
488 */
489 uint16_t max_record_send_size;
490 uint16_t max_record_recv_size;
491 /* holds the negotiated certificate type */
492 gnutls_certificate_type_t cert_type;
493 gnutls_ecc_curve_t ecc_curve; /* holds the first supported ECC curve requested by client */
494 gnutls_protocol_t version; /* moved here */
495
496 /* FIXME: The following are not saved in the session storage
497 * for session resumption.
498 */
499
500 /* Used by extensions that enable supplemental data: Which ones
501 * do that? Do they belong in security parameters?
502 */
503 int do_recv_supplemental, do_send_supplemental;
504 } security_parameters_st;
505
506 struct record_state_st
507 {
508 gnutls_datum_t mac_secret;
509 gnutls_datum_t IV;
510 gnutls_datum_t key;
511 auth_cipher_hd_st cipher_state;
512 comp_hd_st compression_state;
513 uint64 sequence_number;
514 };
515
516 /* These are used to resolve relative epochs. These values are just
517 outside the 16 bit range to prevent off-by-one errors. An absolute
518 epoch may be referred to by its numeric id in the range
519 0x0000-0xffff. */
520 #define EPOCH_READ_CURRENT 70000
521 #define EPOCH_WRITE_CURRENT 70001
522 #define EPOCH_NEXT 70002
523
524 struct record_parameters_st
525 {
526 uint16_t epoch;
527 int initialized;
528
529 gnutls_cipher_algorithm_t cipher_algorithm;
530 gnutls_mac_algorithm_t mac_algorithm;
531 gnutls_compression_method_t compression_algorithm;
532
533 /* for DTLS */
534 uint64_t record_sw[DTLS_RECORD_WINDOW_SIZE];
535 unsigned int record_sw_size;
536
537 record_state_st read;
538 record_state_st write;
539
540 /* Whether this state is in use, i.e., if there is
541 a pending handshake message waiting to be encrypted
542 under this epoch's parameters.
543 */
544 int usage_cnt;
545 };
546
547 typedef struct
548 {
549 unsigned int priority[MAX_ALGOS];
550 unsigned int algorithms;
551 } priority_st;
552
553 typedef enum
554 {
555 SR_DISABLED,
556 SR_UNSAFE,
557 SR_PARTIAL,
558 SR_SAFE
559 } safe_renegotiation_t;
560
561 /* For the external api */
562 struct gnutls_priority_st
563 {
564 priority_st cipher;
565 priority_st mac;
566 priority_st kx;
567 priority_st compression;
568 priority_st protocol;
569 priority_st cert_type;
570 priority_st sign_algo;
571 priority_st supported_ecc;
572
573 /* to disable record padding */
574 unsigned int no_extensions:1;
575 unsigned int no_padding:1;
576 unsigned int allow_large_records:1;
577 safe_renegotiation_t sr;
578 unsigned int ssl3_record_version:1;
579 unsigned int server_precedence:1;
580 unsigned int additional_verify_flags;
581 };
582
583
584 /* DH and RSA parameters types.
585 */
586 typedef struct gnutls_dh_params_int
587 {
588 /* [0] is the prime, [1] is the generator.
589 */
590 bigint_t params[2];
591 int q_bits; /* length of q in bits. If zero then length is unknown.
592 */
593 } dh_params_st;
594
595 typedef struct
596 {
597 gnutls_dh_params_t dh_params;
598 int free_dh_params;
599 gnutls_rsa_params_t rsa_params;
600 int free_rsa_params;
601 } internal_params_st;
602
603 /* DTLS session state
604 */
605 typedef struct
606 {
607 /* HelloVerifyRequest DOS prevention cookie */
608 uint8_t cookie[DTLS_MAX_COOKIE_SIZE];
609 uint8_t cookie_len;
610
611 /* For DTLS handshake fragmentation and reassembly. */
612 uint16_t hsk_write_seq;
613 /* the sequence number of the expected packet */
614 unsigned int hsk_read_seq;
615 uint16_t mtu;
616
617 /* a flight transmission is in process */
618 unsigned int flight_init:1;
619 /* whether this is the last flight in the protocol */
620 unsigned int last_flight:1;
621
622 /* the retransmission timeout in milliseconds */
623 unsigned int retrans_timeout_ms;
624 /* the connection timeout in milliseconds */
625 unsigned int total_timeout_ms;
626
627 unsigned int hsk_hello_verify_requests;
628
629 /* non blocking stuff variables */
630 unsigned int blocking:1;
631 /* starting time of current handshake */
632 struct timespec handshake_start_time;
633
634 /* The actual retrans_timeout for the next message (e.g. doubled or so)
635 */
636 unsigned int actual_retrans_timeout_ms;
637
638 /* timers to handle async handshake after gnutls_handshake()
639 * has terminated. Required to handle retransmissions.
640 */
641 time_t async_term;
642
643 /* last retransmission triggered by record layer */
644 struct timespec last_retransmit;
645 unsigned int packets_dropped;
646 } dtls_st;
647
648
649 typedef union
650 {
651 void *ptr;
652 uint32_t num;
653 } extension_priv_data_t;
654
655 typedef struct
656 {
657 /* holds all the parsed data received by the record layer */
658 mbuffer_head_st record_buffer;
659
660 int handshake_hash_buffer_prev_len; /* keeps the length of handshake_hash_buffer, excluding
661 * the last received message */
662 gnutls_buffer_st handshake_hash_buffer; /* used to keep the last received handshake
663 * message */
664 unsigned int resumable:1; /* TRUE or FALSE - if we can resume that session */
665 unsigned int ticket_sent:1; /* whether a session ticket was sent */
666 handshake_state_t handshake_state; /* holds
667 * a number which indicates where
668 * the handshake procedure has been
669 * interrupted. If it is 0 then
670 * no interruption has happened.
671 */
672
673 int invalid_connection:1; /* true or FALSE - if this session is valid */
674
675 int may_not_read:1; /* if it's 0 then we can read/write, otherwise it's forbiden to read/write
676 */
677 int may_not_write:1;
678 int read_eof:1; /* non-zero if we have received a closure alert. */
679
680 int last_alert; /* last alert received */
681
682 /* The last handshake messages sent or received.
683 */
684 int last_handshake_in;
685 int last_handshake_out;
686
687 /* priorities */
688 struct gnutls_priority_st priorities;
689
690 /* resumed session */
691 unsigned int resumed:1; /* RESUME_TRUE or FALSE - if we are resuming a session */
692 unsigned int resumption_requested:1; /* non-zero if resumption was requested by client */
693 security_parameters_st resumed_security_parameters;
694
695 /* These buffers are used in the handshake
696 * protocol only. freed using _gnutls_handshake_io_buffer_clear();
697 */
698 mbuffer_head_st handshake_send_buffer;
699 handshake_buffer_st handshake_recv_buffer[MAX_HANDSHAKE_MSGS];
700 int handshake_recv_buffer_size;
701
702 /* this buffer holds a record packet -mostly used for
703 * non blocking IO.
704 */
705 mbuffer_head_st record_recv_buffer; /* buffer holding the unparsed record that is currently
706 * being received */
707 mbuffer_head_st record_send_buffer; /* holds cached data
708 * for the gnutls_io_write_buffered()
709 * function.
710 */
711 size_t record_send_buffer_user_size; /* holds the
712 * size of the user specified data to
713 * send.
714 */
715
716 int expire_time; /* after expire_time seconds this session will expire */
717 struct mod_auth_st_int *auth_struct; /* used in handshake packets and KX algorithms */
718
719 /* this is the highest version available
720 * to the peer. (advertized version).
721 * This is obtained by the Handshake Client Hello
722 * message. (some implementations read the Record version)
723 */
724 uint8_t adv_version_major;
725 uint8_t adv_version_minor;
726
727 /* if this is non zero a certificate request message
728 * will be sent to the client. - only if the ciphersuite
729 * supports it.
730 */
731 int send_cert_req;
732
733 /* bits to use for DHE and DHA
734 * use _gnutls_dh_get_prime_bits() and gnutls_dh_set_prime_bits()
735 * to access it.
736 */
737 uint16_t dh_prime_bits;
738
739 size_t max_handshake_data_buffer_size;
740
741 /* PUSH & PULL functions.
742 */
743 gnutls_pull_timeout_func pull_timeout_func;
744 gnutls_pull_func pull_func;
745 gnutls_push_func push_func;
746 gnutls_vec_push_func vec_push_func;
747 gnutls_errno_func errno_func;
748 /* Holds the first argument of PUSH and PULL
749 * functions;
750 */
751 gnutls_transport_ptr_t transport_recv_ptr;
752 gnutls_transport_ptr_t transport_send_ptr;
753
754 /* STORE & RETRIEVE functions. Only used if other
755 * backend than gdbm is used.
756 */
757 gnutls_db_store_func db_store_func;
758 gnutls_db_retr_func db_retrieve_func;
759 gnutls_db_remove_func db_remove_func;
760 void *db_ptr;
761
762 /* post client hello callback (server side only)
763 */
764 gnutls_handshake_post_client_hello_func user_hello_func;
765
766 /* holds the selected certificate and key.
767 * use _gnutls_selected_certs_deinit() and _gnutls_selected_certs_set()
768 * to change them.
769 */
770 gnutls_pcert_st *selected_cert_list;
771 int selected_cert_list_length;
772 struct gnutls_privkey_st *selected_key;
773 int selected_need_free:1;
774
775 /* holds the extensions we sent to the peer
776 * (in case of a client)
777 */
778 uint16_t extensions_sent[MAX_EXT_TYPES];
779 uint16_t extensions_sent_size;
780
781 /* is 0 if we are to send the whole PGP key, or non zero
782 * if the fingerprint is to be sent.
783 */
784 int pgp_fingerprint;
785
786 /* This holds the default version that our first
787 * record packet will have. */
788 uint8_t default_record_version[2];
789
790 void *user_ptr;
791
792 int enable_private; /* non zero to
793 * enable cipher suites
794 * which have 0xFF status.
795 */
796
797 /* Holds 0 if the last called function was interrupted while
798 * receiving, and non zero otherwise.
799 */
800 int direction;
801
802 /* This callback will be used (if set) to receive an
803 * openpgp key. (if the peer sends a fingerprint)
804 */
805 gnutls_openpgp_recv_key_func openpgp_recv_key_func;
806
807 /* If non zero the server will not advertise the CA's he
808 * trusts (do not send an RDN sequence).
809 */
810 int ignore_rdn_sequence;
811
812 /* This is used to set an arbitary version in the RSA
813 * PMS secret. Can be used by clients to test whether the
814 * server checks that version. (** only used in gnutls-cli-debug)
815 */
816 uint8_t rsa_pms_version[2];
817
818 /* Here we cache the DH or RSA parameters got from the
819 * credentials structure, or from a callback. That is to
820 * minimize external calls.
821 */
822 internal_params_st params;
823
824 /* To avoid using global variables, and especially on Windows where
825 * the application may use a different errno variable than GnuTLS,
826 * it is possible to use gnutls_transport_set_errno to set a
827 * session-specific errno variable in the user-replaceable push/pull
828 * functions. This value is used by the send/recv functions. (The
829 * strange name of this variable is because 'errno' is typically
830 * #define'd.)
831 */
832 int errnum;
833
834 /* Function used to perform public-key signing operation during
835 handshake. Used by gnutls_sig.c:_gnutls_tls_sign(), see also
836 gnutls_sign_callback_set(). */
837 gnutls_sign_func sign_func;
838 void *sign_func_userdata;
839
840 /* minimum bits to allow for SRP
841 * use gnutls_srp_set_prime_bits() to adjust it.
842 */
843 uint16_t srp_prime_bits;
844
845 /* A handshake process has been completed */
846 unsigned int initial_negotiation_completed:1;
847
848 struct
849 {
850 uint16_t type;
851 extension_priv_data_t priv;
852 int set:1;
853 } extension_int_data[MAX_EXT_TYPES];
854
855 struct
856 {
857 uint16_t type;
858 extension_priv_data_t priv;
859 int set:1;
860 } resumed_extension_int_data[MAX_EXT_TYPES];
861 /* The type of transport protocol; stream or datagram */
862 transport_t transport;
863
864 /* DTLS session state */
865 dtls_st dtls;
866
867 /* if set it means that the master key was set using
868 * gnutls_session_set_master() rather than being negotiated. */
869 unsigned int premaster_set:1;
870
871 unsigned int cb_tls_unique_len;
872 unsigned char cb_tls_unique[MAX_VERIFY_DATA_SIZE];
873
874 /* If you add anything here, check _gnutls_handshake_internal_state_clear().
875 */
876 } internals_st;
877
878 /* Maximum number of epochs we keep around. */
879 #define MAX_EPOCH_INDEX 16
880
881 struct gnutls_session_int
882 {
883 security_parameters_st security_parameters;
884 record_parameters_st *record_parameters[MAX_EPOCH_INDEX];
885 internals_st internals;
886 gnutls_key_st key;
887 };
888
889
890 /* functions
891 */
892 void _gnutls_free_auth_info (gnutls_session_t session);
893
894 /* These two macros return the advertised TLS version of
895 * the peer.
896 */
897 #define _gnutls_get_adv_version_major( session) \
898 session->internals.adv_version_major
899
900 #define _gnutls_get_adv_version_minor( session) \
901 session->internals.adv_version_minor
902
903 #define set_adv_version( session, major, minor) \
904 session->internals.adv_version_major = major; \
905 session->internals.adv_version_minor = minor
906
907 void _gnutls_set_adv_version (gnutls_session_t, gnutls_protocol_t);
908 gnutls_protocol_t _gnutls_get_adv_version (gnutls_session_t);
909
910 int _gnutls_is_secure_mem_null (const void *);
911
912 inline static gnutls_protocol_t
913 _gnutls_protocol_get_version (gnutls_session_t session)
914 {
915 return session->security_parameters.version;
916 }
917
918 #define gnutls_protocol_get_version _gnutls_protocol_get_version
919
920 inline static void
921 _gnutls_set_current_version (gnutls_session_t session,
922 gnutls_protocol_t version)
923 {
924 session->security_parameters.version = version;
925 }
926
927 #endif /* GNUTLS_INT_H */
Implementation of the SSL/TLS protocol