2 * Copyright (C) 2000,2001,2002 Nikos Mavroyanopoulos
4 * This file is part of GNUTLS.
6 * The GNUTLS library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
29 #define IO_DEBUG 3 // define this to check non blocking behaviour
34 #define HANDSHAKE_DEBUG // Prints some information on handshake
40 /* It might be a good idea to replace int with void*
43 #define GNUTLS_TRANSPORT_PTR int
45 typedef const int* GNUTLS_LIST
;
49 #define MAX32 4294967295
50 #define MAX24 16777215
53 /* The size of a handshake message should not
54 * be larger than this value.
56 #define MAX_HANDSHAKE_PACKET_SIZE 16*1024
58 #define TLS_RANDOM_SIZE 32
59 #define TLS_MAX_SESSION_ID_SIZE 32
60 #define TLS_MASTER_SIZE 48
61 #define MAX_HASH_SIZE 20
63 #define MAX_X509_CERT_SIZE 10*1024
64 #define MAX_LOG_SIZE 1024 /* maximum number of log message */
65 #define MAX_SRP_USERNAME 256
67 #define MAX_EXT_TYPES 16
69 /* The initial size of the receive
70 * buffer size. This will grow if larger
71 * packets are received.
73 #define INITIAL_RECV_BUFFER_SIZE 256
75 /* the default for TCP */
76 #define DEFAULT_LOWAT 1
78 /* expire time for resuming sessions */
79 #define DEFAULT_EXPIRE_TIME 3600
81 /* the maximum size of encrypted packets */
82 #define DEFAULT_MAX_RECORD_SIZE 16384
83 #define RECORD_HEADER_SIZE 5
84 #define MAX_RECORD_SIZE state->security_parameters.max_record_size
85 #define MAX_PAD_SIZE 255
86 #define EXTRA_COMP_SIZE 2048
87 #define MAX_RECORD_OVERHEAD MAX_PAD_SIZE+EXTRA_COMP_SIZE
88 #define MAX_RECV_SIZE MAX_RECORD_OVERHEAD+MAX_RECORD_SIZE+RECORD_HEADER_SIZE
90 #define HANDSHAKE_HEADER_SIZE 4
92 #include <gnutls_mem.h>
93 #include <gnutls_ui.h>
95 #define DECR_LEN(len, x) len-=x; if (len<0) {gnutls_assert(); return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;}
96 #define DECR_LENGTH_RET(len, x, RET) len-=x; if (len<0) {gnutls_assert(); return RET;}
97 #define DECR_LENGTH_COM(len, x, COM) len-=x; if (len<0) {gnutls_assert(); COM;}
99 typedef unsigned char opaque
;
100 typedef struct { opaque pint
[3]; } uint24
;
102 # include <gnutls_mpi.h>
104 typedef enum crypt_algo
{ SRPSHA1_CRYPT
, BLOWFISH_CRYPT
=2 } crypt_algo
;
105 typedef enum ChangeCipherSpecType
{ GNUTLS_TYPE_CHANGE_CIPHER_SPEC
=1 } ChangeCipherSpecType
;
107 typedef enum CertificateStatus
{
108 GNUTLS_CERT_NOT_TRUSTED
=2,
109 GNUTLS_CERT_INVALID
=4,
110 GNUTLS_CERT_CORRUPTED
=16,
111 GNUTLS_CERT_REVOKED
=32
113 #define GNUTLS_CertificateStatus CertificateStatus
115 typedef enum CertificateRequest
{ GNUTLS_CERT_IGNORE
,
116 GNUTLS_CERT_REQUEST
=1, GNUTLS_CERT_REQUIRE
117 } CertificateRequest
;
118 #define GNUTLS_CertificateRequest CertificateRequest
120 typedef enum GNUTLS_OpenPGPKeyStatus
{ GNUTLS_OPENPGP_KEY
,
121 GNUTLS_OPENPGP_KEY_FINGERPRINT
122 } GNUTLS_OpenPGPKeyStatus
;
124 typedef enum CloseRequest
{ GNUTLS_SHUT_RDWR
=0, GNUTLS_SHUT_WR
=1
126 #define GNUTLS_CloseRequest CloseRequest
128 typedef enum HandshakeState
{ STATE0
=0, STATE1
, STATE2
, STATE3
, STATE4
, STATE5
,
129 STATE6
, STATE7
, STATE8
, STATE9
, STATE10
, STATE11
, STATE20
=20, STATE21
,
130 STATE30
=30, STATE31
, STATE50
=50, STATE60
=60, STATE61
} HandshakeState
;
132 typedef enum HandshakeType
{ GNUTLS_HELLO_REQUEST
, GNUTLS_CLIENT_HELLO
, GNUTLS_SERVER_HELLO
,
133 GNUTLS_CERTIFICATE_PKT
=11, GNUTLS_SERVER_KEY_EXCHANGE
,
134 GNUTLS_CERTIFICATE_REQUEST
, GNUTLS_SERVER_HELLO_DONE
,
135 GNUTLS_CERTIFICATE_VERIFY
, GNUTLS_CLIENT_KEY_EXCHANGE
,
136 GNUTLS_FINISHED
=20 } HandshakeType
;
142 typedef gnutls_datum gnutls_sdatum
;
145 #define MAX_CIPHERSUITES 256
148 typedef enum ConnectionEnd
{ GNUTLS_SERVER
=1, GNUTLS_CLIENT
150 #define GNUTLS_ConnectionEnd ConnectionEnd
152 typedef enum BulkCipherAlgorithm
{ GNUTLS_CIPHER_NULL
=1,
153 GNUTLS_CIPHER_ARCFOUR
, GNUTLS_CIPHER_3DES_CBC
, GNUTLS_CIPHER_RIJNDAEL_128_CBC
,
154 GNUTLS_CIPHER_TWOFISH_128_CBC
, GNUTLS_CIPHER_RIJNDAEL_256_CBC
155 } BulkCipherAlgorithm
;
156 #define GNUTLS_BulkCipherAlgorithm BulkCipherAlgorithm
158 typedef enum Extensions
{ GNUTLS_EXTENSION_MAX_RECORD_SIZE
=1, GNUTLS_EXTENSION_SRP
=6, GNUTLS_EXTENSION_CERT_TYPE
=7
161 typedef enum KXAlgorithm
{ GNUTLS_KX_RSA
=1, GNUTLS_KX_DHE_DSS
,
162 GNUTLS_KX_DHE_RSA
, GNUTLS_KX_ANON_DH
, GNUTLS_KX_SRP
164 #define GNUTLS_KXAlgorithm KXAlgorithm
166 typedef enum CertificateType
{ GNUTLS_CRT_X509
=1, GNUTLS_CRT_OPENPGP
168 #define GNUTLS_CertificateType CertificateType
170 typedef enum CredType
{ GNUTLS_CRD_CERTIFICATE
=1, GNUTLS_CRD_ANON
, GNUTLS_CRD_SRP
172 #define GNUTLS_CredType CredType
174 typedef enum CipherType
{ CIPHER_STREAM
, CIPHER_BLOCK
} CipherType
;
176 typedef enum CompressionMethod
{ GNUTLS_COMP_NULL
=1, GNUTLS_COMP_ZLIB
178 #define GNUTLS_CompressionMethod CompressionMethod
180 typedef enum MACAlgorithm
{ GNUTLS_MAC_NULL
=1, GNUTLS_MAC_MD5
,
183 #define GNUTLS_MACAlgorithm MACAlgorithm
185 typedef enum ValidSession
{ VALID_TRUE
, VALID_FALSE
} ValidSession
;
186 typedef enum ResumableSession
{ RESUME_TRUE
, RESUME_FALSE
} ResumableSession
;
188 /* Record Protocol */
189 typedef enum ContentType
{ GNUTLS_CHANGE_CIPHER_SPEC
=20, GNUTLS_ALERT
,
190 GNUTLS_HANDSHAKE
, GNUTLS_APPLICATION_DATA
193 typedef enum GNUTLS_X509_CertificateFmt
{ GNUTLS_X509_FMT_DER
,
194 GNUTLS_X509_FMT_PEM
} GNUTLS_X509_CertificateFmt
;
196 typedef enum PKAlgorithm
{ GNUTLS_PK_RSA
= 1, GNUTLS_PK_DSA
, /* sign only */
200 #define GNUTLS_PKAlgorithm PKAlgorithm
205 /* Pull & Push functions defines:
207 typedef ssize_t (*PULL_FUNC
)(GNUTLS_TRANSPORT_PTR
, void*, size_t);
208 typedef ssize_t (*PUSH_FUNC
)(GNUTLS_TRANSPORT_PTR
, const void*, size_t);
209 #define GNUTLS_PULL_FUNC PULL_FUNC
210 #define GNUTLS_PUSH_FUNC PUSH_FUNC
212 /* Store & Retrieve functions defines:
214 typedef int (*DB_STORE_FUNC
)(void*, gnutls_datum key
, gnutls_datum data
);
215 typedef int (*DB_REMOVE_FUNC
)(void*, gnutls_datum key
);
216 typedef gnutls_datum (*DB_RETR_FUNC
)(void*, gnutls_datum key
);
217 #define GNUTLS_DB_STORE_FUNC DB_STORE_FUNC
218 #define GNUTLS_DB_REMOVE_FUNC DB_REMOVE_FUNC
219 #define GNUTLS_DB_RETR_FUNC DB_RETR_FUNC
221 typedef struct AUTH_CRED
{
222 KXAlgorithm algorithm
;
223 /* the type of credentials depends on algorithm */
225 struct AUTH_CRED
* next
;
229 struct GNUTLS_KEY_INT
{
245 /* RSA: does not use these.
248 /* this is used to hold the peers authentication data
250 /* AUTH_INFO structures MAY contain malloced
251 * elements. Check gnutls_session_pack.c, and gnutls_auth.c.
252 * Rememember that this should be calloced!
255 CredType auth_info_type
;
256 int auth_info_size
; /* needed in order to store to db for restoring
260 AUTH_CRED
* cred
; /* used to specify keys/certificates etc */
262 int certificate_requested
;
263 /* some ciphersuites use this
264 * to provide client authentication.
265 * 1 if client auth was requested
266 * by the peer, 0 otherwise
267 *** In case of a server this
268 * holds 1 if we should wait
269 * for a client certificate verify
272 typedef struct GNUTLS_KEY_INT
* GNUTLS_KEY
;
277 #include <gnutls_hash_int.h>
278 #include <gnutls_cipher_int.h>
279 #include <gnutls_compress_int.h>
280 #include <gnutls_cert.h>
283 uint8 CipherSuite
[2];
284 } GNUTLS_CipherSuite
;
286 /* Versions should be in order of the oldest
287 * (eg. SSL3 is before TLS1)
289 typedef enum GNUTLS_Version
{ GNUTLS_SSL3
=1, GNUTLS_TLS1
, GNUTLS_VERSION_UNKNOWN
=0xff } GNUTLS_Version
;
291 /* This structure holds parameters got from TLS extension
292 * mechanism. (some extensions may hold parameters in AUTH_INFO
293 * structures also - see SRP).
297 opaque srp_username
[MAX_SRP_USERNAME
];
300 /* AUTH_INFO structures now MAY contain malloced
304 /* This structure and AUTH_INFO, are stored in the resume database,
305 * and are restored, in case of resume.
306 * Holds all the required parameters to resume the current
310 /* if you add anything in Security_Parameters struct, then
311 * also modify CPY_COMMON in gnutls_constate.c
314 ConnectionEnd entity
;
315 KXAlgorithm kx_algorithm
;
316 /* we've got separate write/read bulk/macs because
317 * there is a time in handshake where the peer has
318 * null cipher and we don't
320 BulkCipherAlgorithm read_bulk_cipher_algorithm
;
321 MACAlgorithm read_mac_algorithm
;
322 CompressionMethod read_compression_algorithm
;
324 BulkCipherAlgorithm write_bulk_cipher_algorithm
;
325 MACAlgorithm write_mac_algorithm
;
326 CompressionMethod write_compression_algorithm
;
328 /* this is the ciphersuite we are going to use
329 * moved here from gnutls_internals in order to be restored
332 GNUTLS_CipherSuite current_cipher_suite
;
333 opaque master_secret
[TLS_MASTER_SIZE
];
334 opaque client_random
[TLS_RANDOM_SIZE
];
335 opaque server_random
[TLS_RANDOM_SIZE
];
336 opaque session_id
[TLS_MAX_SESSION_ID_SIZE
];
337 uint8 session_id_size
;
339 TLSExtensions extensions
;
340 uint16 max_record_size
;
341 /* holds the negotiated certificate type */
342 CertificateType cert_type
;
343 GNUTLS_Version version
; /* moved here */
344 } SecurityParameters
;
346 /* This structure holds the generated keys
349 gnutls_datum server_write_mac_secret
;
350 gnutls_datum client_write_mac_secret
;
351 gnutls_datum server_write_IV
;
352 gnutls_datum client_write_IV
;
353 gnutls_datum server_write_key
;
354 gnutls_datum client_write_key
;
355 int generated_keys
; /* zero if keys have not
356 * been generated. Non zero
363 GNUTLS_CIPHER_HANDLE write_cipher_state
;
364 GNUTLS_CIPHER_HANDLE read_cipher_state
;
365 GNUTLS_COMP_HANDLE read_compression_state
;
366 GNUTLS_COMP_HANDLE write_compression_state
;
367 gnutls_datum read_mac_secret
;
368 gnutls_datum write_mac_secret
;
369 uint64 read_sequence_number
;
370 uint64 write_sequence_number
;
375 int algorithm_priority
[MAX_ALGOS
];
379 #define BulkCipherAlgorithm_Priority GNUTLS_Priority
380 #define MACAlgorithm_Priority GNUTLS_Priority
381 #define KXAlgorithm_Priority GNUTLS_Priority
382 #define CompressionMethod_Priority GNUTLS_Priority
383 #define Protocol_Priority GNUTLS_Priority
384 #define CertType_Priority GNUTLS_Priority
386 typedef int certificate_client_select_func(struct GNUTLS_STATE_INT
*, const gnutls_datum
*, int, const gnutls_datum
*, int);
387 typedef int certificate_server_select_func(struct GNUTLS_STATE_INT
*, const gnutls_datum
*, int);
388 typedef int srp_server_select_func(struct GNUTLS_STATE_INT
*, char**, char**, int);
391 opaque header
[HANDSHAKE_HEADER_SIZE
];
392 /* this holds the number of bytes in the handshake_header[] */
394 /* this holds the length of the handshake packet */
396 HandshakeType recv_type
;
397 } HANDSHAKE_HEADER_BUFFER
;
400 gnutls_datum application_data_buffer
; /* holds data to be delivered to application layer */
401 gnutls_datum handshake_hash_buffer
; /* used to keep all handshake messages */
402 GNUTLS_MAC_HANDLE handshake_mac_handle_sha
; /* hash of the handshake messages */
403 GNUTLS_MAC_HANDLE handshake_mac_handle_md5
; /* hash of the handshake messages */
405 gnutls_datum handshake_data_buffer
; /* this is a buffer that holds the current handshake message */
406 ResumableSession resumable
; /* TRUE or FALSE - if we can resume that session */
407 HandshakeState handshake_state
; /* holds
408 * a number which indicates where
409 * the handshake procedure has been
410 * interrupted. If it is 0 then
411 * no interruption has happened.
414 ValidSession valid_connection
; /* true or FALSE - if this session is valid */
416 int may_read
; /* if it's 0 then we can read/write, otherwise it's forbiden to read/write
420 int last_alert
; /* last alert received */
421 /* this is the compression method we are going to use */
422 CompressionMethod compression_method
;
424 BulkCipherAlgorithm_Priority BulkCipherAlgorithmPriority
;
425 MACAlgorithm_Priority MACAlgorithmPriority
;
426 KXAlgorithm_Priority KXAlgorithmPriority
;
427 CompressionMethod_Priority CompressionMethodPriority
;
428 Protocol_Priority ProtocolPriority
;
429 CertType_Priority cert_type_priority
;
431 /* resumed session */
432 ResumableSession resumed
; /* RESUME_TRUE or FALSE - if we are resuming a session */
433 SecurityParameters resumed_security_parameters
;
435 /* sockets internals */
438 /* These buffers are used in the handshake
439 * protocol only. freed using _gnutls_handshake_io_buffer_clear();
441 gnutls_datum handshake_send_buffer
;
442 size_t handshake_send_buffer_prev_size
;
443 ContentType handshake_send_buffer_type
;
444 HandshakeType handshake_send_buffer_htype
;
445 ContentType handshake_recv_buffer_type
;
446 HandshakeType handshake_recv_buffer_htype
;
447 gnutls_datum handshake_recv_buffer
;
449 /* this buffer holds a record packet -mostly used for
452 gnutls_datum record_recv_buffer
;
453 gnutls_datum record_send_buffer
; /* holds cached data
454 * for the gnutls_io_write_buffered()
457 size_t record_send_buffer_prev_size
; /* holds the
458 * data written in the previous runs.
460 size_t record_send_buffer_user_size
; /* holds the
461 * size of the user specified data to
465 /* 0 if no peeked data was kept, 1 otherwise.
467 int have_peeked_data
;
471 int expire_time
; /* after expire_time seconds this session will expire */
472 struct MOD_AUTH_STRUCT_INT
* auth_struct
; /* used in handshake packets and KX algorithms */
473 int v2_hello
; /* 0 if the client hello is v3+.
474 * non-zero if we got a v2 hello.
479 /* keeps the headers of the handshake packet
481 HANDSHAKE_HEADER_BUFFER handshake_header_buffer
;
483 /* this is the highest version available
484 * to the peer. (advertized version).
485 * This is obtained by the Handshake Client Hello
486 * message. (some implementations read the Record version)
488 uint8 adv_version_major
;
489 uint8 adv_version_minor
;
491 /* if this is non zero a certificate request message
492 * will be sent to the client. - only if the ciphersuite
497 /* this is a callback function to call if no appropriate
498 * client certificates were found.
500 certificate_client_select_func
* client_cert_callback
;
501 certificate_server_select_func
* server_cert_callback
;
503 /* Callback to select the proper password file
505 srp_server_select_func
* server_srp_callback
;
507 /* bits to use for DHE and DHA
508 * use _gnutls_dh_get_prime_bits() and gnutls_dh_set_prime_bits()
513 int max_handshake_data_buffer_size
;
515 /* PUSH & PULL functions.
517 PULL_FUNC _gnutls_pull_func
;
518 PUSH_FUNC _gnutls_push_func
;
519 /* Holds the first argument of PUSH and PULL
524 /* STORE & RETRIEVE functions. Only used if other
525 * backend than gdbm is used.
527 DB_STORE_FUNC db_store_func
;
528 DB_RETR_FUNC db_retrieve_func
;
529 DB_REMOVE_FUNC db_remove_func
;
532 /* Holds the record size requested by the
535 uint16 proposed_record_size
;
537 /* holds the index of the selected certificate.
540 int selected_cert_index
;
542 /* holds the extensions we sent to the peer
543 * (in case of a client)
545 uint8 extensions_sent
[MAX_EXT_TYPES
];
546 uint8 extensions_sent_size
;
548 /* is 0 if we are to send the whole PGP key, or non zero
549 * if the fingerprint is to be sent.
553 /* This holds the default version that our first
554 * record packet will have. */
555 GNUTLS_Version default_record_version
;
557 int cbc_protection_hack
;
558 int rsa_pms_check
; /* 0 means enabled */
562 /* If you add anything here, check _gnutls_handshake_internal_state_clear().
566 struct GNUTLS_STATE_INT
{
567 SecurityParameters security_parameters
;
568 CipherSpecs cipher_specs
;
569 ConnectionState connection_state
;
570 GNUTLS_INTERNALS gnutls_internals
;
571 GNUTLS_KEY gnutls_key
;
574 typedef struct GNUTLS_STATE_INT
*GNUTLS_STATE
;
580 gnutls_datum generator
;
582 int local
; /* indicates if it is
583 * not malloced, !=0 indicates malloced
587 #define GNUTLS_DH_PARAMS _GNUTLS_DH_PARAMS*
590 void _gnutls_set_current_version(GNUTLS_STATE state
, GNUTLS_Version version
);
591 GNUTLS_Version
gnutls_protocol_get_version(GNUTLS_STATE state
);
592 void _gnutls_free_auth_info( GNUTLS_STATE state
);
594 /* These two macros return the advertized TLS version of
597 #define _gnutls_get_adv_version_major( state) \
598 state->gnutls_internals.adv_version_major
600 #define _gnutls_get_adv_version_minor( state) \
601 state->gnutls_internals.adv_version_minor
603 #define set_adv_version( state, major, minor) \
604 state->gnutls_internals.adv_version_major = major; \
605 state->gnutls_internals.adv_version_minor = minor
607 void _gnutls_set_adv_version( GNUTLS_STATE
, GNUTLS_Version
);
608 GNUTLS_Version
_gnutls_get_adv_version( GNUTLS_STATE
);
610 #endif /* GNUTLS_INT_H */