OLD | NEW |
| (Empty) |
1 /* ssl/dtls1.h */ | |
2 /* | |
3 * DTLS implementation written by Nagendra Modadugu | |
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | |
5 */ | |
6 /* ==================================================================== | |
7 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. | |
8 * | |
9 * Redistribution and use in source and binary forms, with or without | |
10 * modification, are permitted provided that the following conditions | |
11 * are met: | |
12 * | |
13 * 1. Redistributions of source code must retain the above copyright | |
14 * notice, this list of conditions and the following disclaimer. | |
15 * | |
16 * 2. Redistributions in binary form must reproduce the above copyright | |
17 * notice, this list of conditions and the following disclaimer in | |
18 * the documentation and/or other materials provided with the | |
19 * distribution. | |
20 * | |
21 * 3. All advertising materials mentioning features or use of this | |
22 * software must display the following acknowledgment: | |
23 * "This product includes software developed by the OpenSSL Project | |
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | |
25 * | |
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
27 * endorse or promote products derived from this software without | |
28 * prior written permission. For written permission, please contact | |
29 * openssl-core@OpenSSL.org. | |
30 * | |
31 * 5. Products derived from this software may not be called "OpenSSL" | |
32 * nor may "OpenSSL" appear in their names without prior written | |
33 * permission of the OpenSSL Project. | |
34 * | |
35 * 6. Redistributions of any form whatsoever must retain the following | |
36 * acknowledgment: | |
37 * "This product includes software developed by the OpenSSL Project | |
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | |
39 * | |
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
51 * OF THE POSSIBILITY OF SUCH DAMAGE. | |
52 * ==================================================================== | |
53 * | |
54 * This product includes cryptographic software written by Eric Young | |
55 * (eay@cryptsoft.com). This product includes software written by Tim | |
56 * Hudson (tjh@cryptsoft.com). | |
57 * | |
58 */ | |
59 | |
60 #ifndef HEADER_DTLS1_H | |
61 #define HEADER_DTLS1_H | |
62 | |
63 #include <openssl/buffer.h> | |
64 #include <openssl/pqueue.h> | |
65 #ifdef OPENSSL_SYS_VMS | |
66 #include <resource.h> | |
67 #include <sys/timeb.h> | |
68 #endif | |
69 #ifdef OPENSSL_SYS_WIN32 | |
70 /* Needed for struct timeval */ | |
71 #include <winsock.h> | |
72 #elif defined(OPENSSL_SYS_NETWARE) && !defined(_WINSOCK2API_) | |
73 #include <sys/timeval.h> | |
74 #else | |
75 #if defined(OPENSSL_SYS_VXWORKS) | |
76 #include <sys/times.h> | |
77 #else | |
78 #include <sys/time.h> | |
79 #endif | |
80 #endif | |
81 | |
82 #ifdef __cplusplus | |
83 extern "C" { | |
84 #endif | |
85 | |
86 #define DTLS1_VERSION 0xFEFF | |
87 #define DTLS1_BAD_VER 0x0100 | |
88 | |
89 #if 0 | |
90 /* this alert description is not specified anywhere... */ | |
91 #define DTLS1_AD_MISSING_HANDSHAKE_MESSAGE 110 | |
92 #endif | |
93 | |
94 /* lengths of messages */ | |
95 #define DTLS1_COOKIE_LENGTH 256 | |
96 | |
97 #define DTLS1_RT_HEADER_LENGTH 13 | |
98 | |
99 #define DTLS1_HM_HEADER_LENGTH 12 | |
100 | |
101 #define DTLS1_HM_BAD_FRAGMENT -2 | |
102 #define DTLS1_HM_FRAGMENT_RETRY -3 | |
103 | |
104 #define DTLS1_CCS_HEADER_LENGTH 1 | |
105 | |
106 #ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE | |
107 #define DTLS1_AL_HEADER_LENGTH 7 | |
108 #else | |
109 #define DTLS1_AL_HEADER_LENGTH 2 | |
110 #endif | |
111 | |
112 #ifndef OPENSSL_NO_SSL_INTERN | |
113 | |
114 #ifndef OPENSSL_NO_SCTP | |
115 #define DTLS1_SCTP_AUTH_LABEL "EXPORTER_DTLS_OVER_SCTP" | |
116 #endif | |
117 | |
118 typedef struct dtls1_bitmap_st | |
119 { | |
120 unsigned long map; /* track 32 packets on 32-bit systems | |
121 and 64 - on 64-bit systems */ | |
122 unsigned char max_seq_num[8]; /* max record number seen so far, | |
123 64-bit value in big-endian | |
124 encoding */ | |
125 } DTLS1_BITMAP; | |
126 | |
127 struct dtls1_retransmit_state | |
128 { | |
129 EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ | |
130 EVP_MD_CTX *write_hash; /* used for mac generation */ | |
131 #ifndef OPENSSL_NO_COMP | |
132 COMP_CTX *compress; /* compression */ | |
133 #else | |
134 char *compress; | |
135 #endif | |
136 SSL_SESSION *session; | |
137 unsigned short epoch; | |
138 }; | |
139 | |
140 struct hm_header_st | |
141 { | |
142 unsigned char type; | |
143 unsigned long msg_len; | |
144 unsigned short seq; | |
145 unsigned long frag_off; | |
146 unsigned long frag_len; | |
147 unsigned int is_ccs; | |
148 struct dtls1_retransmit_state saved_retransmit_state; | |
149 }; | |
150 | |
151 struct ccs_header_st | |
152 { | |
153 unsigned char type; | |
154 unsigned short seq; | |
155 }; | |
156 | |
157 struct dtls1_timeout_st | |
158 { | |
159 /* Number of read timeouts so far */ | |
160 unsigned int read_timeouts; | |
161 | |
162 /* Number of write timeouts so far */ | |
163 unsigned int write_timeouts; | |
164 | |
165 /* Number of alerts received so far */ | |
166 unsigned int num_alerts; | |
167 }; | |
168 | |
169 typedef struct record_pqueue_st | |
170 { | |
171 unsigned short epoch; | |
172 pqueue q; | |
173 } record_pqueue; | |
174 | |
175 typedef struct hm_fragment_st | |
176 { | |
177 struct hm_header_st msg_header; | |
178 unsigned char *fragment; | |
179 unsigned char *reassembly; | |
180 } hm_fragment; | |
181 | |
182 typedef struct dtls1_state_st | |
183 { | |
184 unsigned int send_cookie; | |
185 unsigned char cookie[DTLS1_COOKIE_LENGTH]; | |
186 unsigned char rcvd_cookie[DTLS1_COOKIE_LENGTH]; | |
187 unsigned int cookie_len; | |
188 | |
189 /* | |
190 * The current data and handshake epoch. This is initially | |
191 * undefined, and starts at zero once the initial handshake is | |
192 * completed | |
193 */ | |
194 unsigned short r_epoch; | |
195 unsigned short w_epoch; | |
196 | |
197 /* records being received in the current epoch */ | |
198 DTLS1_BITMAP bitmap; | |
199 | |
200 /* renegotiation starts a new set of sequence numbers */ | |
201 DTLS1_BITMAP next_bitmap; | |
202 | |
203 /* handshake message numbers */ | |
204 unsigned short handshake_write_seq; | |
205 unsigned short next_handshake_write_seq; | |
206 | |
207 unsigned short handshake_read_seq; | |
208 | |
209 /* save last sequence number for retransmissions */ | |
210 unsigned char last_write_sequence[8]; | |
211 | |
212 /* Received handshake records (processed and unprocessed) */ | |
213 record_pqueue unprocessed_rcds; | |
214 record_pqueue processed_rcds; | |
215 | |
216 /* Buffered handshake messages */ | |
217 pqueue buffered_messages; | |
218 | |
219 /* Buffered (sent) handshake records */ | |
220 pqueue sent_messages; | |
221 | |
222 /* Buffered application records. | |
223 * Only for records between CCS and Finished | |
224 * to prevent either protocol violation or | |
225 * unnecessary message loss. | |
226 */ | |
227 record_pqueue buffered_app_data; | |
228 | |
229 /* Is set when listening for new connections with dtls1_listen() */ | |
230 unsigned int listen; | |
231 | |
232 unsigned int mtu; /* max DTLS packet size */ | |
233 | |
234 struct hm_header_st w_msg_hdr; | |
235 struct hm_header_st r_msg_hdr; | |
236 | |
237 struct dtls1_timeout_st timeout; | |
238 | |
239 /* Indicates when the last handshake msg or heartbeat sent will timeout
*/ | |
240 struct timeval next_timeout; | |
241 | |
242 /* Timeout duration */ | |
243 unsigned short timeout_duration; | |
244 | |
245 /* storage for Alert/Handshake protocol data received but not | |
246 * yet processed by ssl3_read_bytes: */ | |
247 unsigned char alert_fragment[DTLS1_AL_HEADER_LENGTH]; | |
248 unsigned int alert_fragment_len; | |
249 unsigned char handshake_fragment[DTLS1_HM_HEADER_LENGTH]; | |
250 unsigned int handshake_fragment_len; | |
251 | |
252 unsigned int retransmitting; | |
253 unsigned int change_cipher_spec_ok; | |
254 | |
255 #ifndef OPENSSL_NO_SCTP | |
256 /* used when SSL_ST_XX_FLUSH is entered */ | |
257 int next_state; | |
258 | |
259 int shutdown_received; | |
260 #endif | |
261 | |
262 } DTLS1_STATE; | |
263 | |
264 typedef struct dtls1_record_data_st | |
265 { | |
266 unsigned char *packet; | |
267 unsigned int packet_length; | |
268 SSL3_BUFFER rbuf; | |
269 SSL3_RECORD rrec; | |
270 #ifndef OPENSSL_NO_SCTP | |
271 struct bio_dgram_sctp_rcvinfo recordinfo; | |
272 #endif | |
273 } DTLS1_RECORD_DATA; | |
274 | |
275 #endif | |
276 | |
277 /* Timeout multipliers (timeout slice is defined in apps/timeouts.h */ | |
278 #define DTLS1_TMO_READ_COUNT 2 | |
279 #define DTLS1_TMO_WRITE_COUNT 2 | |
280 | |
281 #define DTLS1_TMO_ALERT_COUNT 12 | |
282 | |
283 #ifdef __cplusplus | |
284 } | |
285 #endif | |
286 #endif | |
287 | |
OLD | NEW |