00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024
00025 #ifndef GNUTLS_INT_H
00026 #define GNUTLS_INT_H
00027
00028 #include <defines.h>
00029
00030 #include "gnutls.h"
00031 #include "microhttpd.h"
00032
00033 #include "gnutls_mem.h"
00034
00035
00036
00037 #define KEYRING_HACK
00038
00039 #ifndef MAX
00040 #define MAX(X,Y) ((X) > (Y) ? (X) : (Y))
00041 #endif
00042
00043 #define MAX32 4294967295
00044 #define MAX24 16777215
00045 #define MAX16 65535
00046
00047
00048
00049
00050 #define MAX_HANDSHAKE_PACKET_SIZE 48*1024
00051
00052 #define TLS_RANDOM_SIZE 32
00053 #define TLS_MAX_SESSION_ID_SIZE 32
00054 #define TLS_MASTER_SIZE 48
00055
00056
00057
00058 #define MAX_HASH_SIZE 64
00059
00060 #define MAX_LOG_SIZE 1024
00061 #define MAX_SERVER_NAME_SIZE 128
00062
00063
00064
00065 #define MAX_EXT_TYPES 64
00066
00067
00068
00069
00070
00071 #define INITIAL_RECV_BUFFER_SIZE 256
00072
00073
00074 #define DEFAULT_LOWAT 1
00075
00076
00077 #define DEFAULT_EXPIRE_TIME 3600
00078
00079
00080 #define DEFAULT_MAX_RECORD_SIZE 16384
00081 #define RECORD_HEADER_SIZE 5
00082 #define MAX_RECORD_SEND_SIZE (size_t)session->security_parameters.max_record_send_size
00083 #define MAX_RECORD_RECV_SIZE (size_t)session->security_parameters.max_record_recv_size
00084 #define MAX_PAD_SIZE 255
00085 #define EXTRA_COMP_SIZE 2048
00086 #define MAX_RECORD_OVERHEAD MAX_PAD_SIZE+EXTRA_COMP_SIZE
00087 #define MAX_RECV_SIZE MAX_RECORD_OVERHEAD+MAX_RECORD_RECV_SIZE+RECORD_HEADER_SIZE
00088
00089 #define HANDSHAKE_HEADER_SIZE 4
00090
00091
00092
00093 #define DEFAULT_VERIFY_DEPTH 32
00094 #define DEFAULT_VERIFY_BITS 16*1024
00095
00096 #define DECR_LEN(len, x) do { len-=x; if (len<0) {MHD_gnutls_assert(); return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;} } while (0)
00097 #define DECR_LENGTH_RET(len, x, RET) do { len-=x; if (len<0) {MHD_gnutls_assert(); return RET;} } while (0)
00098 #define DECR_LENGTH_COM(len, x, COM) do { len-=x; if (len<0) {MHD_gnutls_assert(); COM;} } while (0)
00099
00100 #define HASH2MAC(x) ((enum MHD_GNUTLS_HashAlgorithm)x)
00101
00102
00103
00104 #define GNUTLS_POINTER_TO_INT_CAST (long)
00105
00106 #define GNUTLS_POINTER_TO_INT(_) ((int) GNUTLS_POINTER_TO_INT_CAST (_))
00107 #define GNUTLS_INT_TO_POINTER(_) ((void*) GNUTLS_POINTER_TO_INT_CAST (_))
00108
00109 typedef unsigned char opaque;
00110 typedef struct
00111 {
00112 opaque pint[3];
00113 } uint24;
00114
00115 #include <gnutls_mpi.h>
00116
00117 typedef enum change_cipher_spec_t
00118 {
00119 GNUTLS_TYPE_CHANGE_CIPHER_SPEC = 1
00120 } change_cipher_spec_t;
00121
00122 typedef enum handshake_state_t
00123 {
00124 STATE0 = 0, STATE1, STATE2,
00125 STATE3, STATE4, STATE5,
00126 STATE6, STATE7, STATE8, STATE9, STATE20 = 20, STATE21,
00127 STATE30 = 30, STATE31, STATE50 = 50, STATE60 = 60, STATE61, STATE62,
00128 STATE70, STATE71
00129 } handshake_state_t;
00130
00131 #include <gnutls_str.h>
00132
00133 typedef MHD_gtls_string MHD_gtls_buffer;
00134
00135 #define MHD_gtls_buffer_init(buf) MHD_gtls_string_init(buf, MHD_gnutls_malloc, MHD_gnutls_realloc, MHD_gnutls_free);
00136 #define MHD_gtls_buffer_clear MHD_gtls_string_clear
00137 #define MHD_gtls_buffer_append MHD_gtls_string_append_data
00138
00139
00140
00141
00142 #define MAX_ALGOS 16
00143
00144 #define MAX_CIPHERSUITES 256
00145
00146 typedef enum extensions_t
00147 { GNUTLS_EXTENSION_SERVER_NAME = 0,
00148 GNUTLS_EXTENSION_MAX_RECORD_SIZE = 1,
00149 GNUTLS_EXTENSION_CERT_TYPE = 9,
00150 GNUTLS_EXTENSION_SRP = 12,
00151 GNUTLS_EXTENSION_INNER_APPLICATION = 37703
00152 } extensions_t;
00153
00154 typedef enum
00155 { CIPHER_STREAM, CIPHER_BLOCK } cipher_type_t;
00156
00157 typedef enum valid_session_t
00158 { VALID_TRUE, VALID_FALSE } valid_session_t;
00159 typedef enum resumable_session_t
00160 { RESUME_TRUE,
00161 RESUME_FALSE
00162 } resumable_session_t;
00163
00164
00165 typedef enum content_type_t
00166 {
00167 GNUTLS_CHANGE_CIPHER_SPEC = 20, GNUTLS_ALERT,
00168 GNUTLS_HANDSHAKE, GNUTLS_APPLICATION_DATA,
00169 GNUTLS_INNER_APPLICATION = 24
00170 } content_type_t;
00171
00172 #define GNUTLS_PK_ANY (enum MHD_GNUTLS_PublicKeyAlgorithm)-1
00173 #define GNUTLS_PK_NONE (enum MHD_GNUTLS_PublicKeyAlgorithm)-2
00174
00175
00176
00177 typedef void (*LOG_FUNC) (int, const char *);
00178
00179
00180 typedef struct MHD_gtls_auth_cred_st
00181 {
00182 enum MHD_GNUTLS_CredentialsType algorithm;
00183
00184
00185
00186 void *credentials;
00187 struct MHD_gtls_auth_cred_st *next;
00188 } auth_cred_st;
00189
00190 struct MHD_gtls_key
00191 {
00192
00193 MHD_gnutls_datum_t key;
00194 mpi_t KEY;
00195 mpi_t client_Y;
00196 mpi_t client_g;
00197 mpi_t client_p;
00198 mpi_t dh_secret;
00199
00200 mpi_t A;
00201 mpi_t B;
00202 mpi_t u;
00203 mpi_t b;
00204 mpi_t a;
00205 mpi_t x;
00206
00207
00208 mpi_t rsa[2];
00209
00210
00211
00212
00213
00214
00215
00216 void *auth_info;
00217 enum MHD_GNUTLS_CredentialsType auth_info_type;
00218 int auth_info_size;
00219
00220 uint8_t crypt_algo;
00221
00222 auth_cred_st *cred;
00223
00224 int certificate_requested;
00225
00226
00227
00228
00229
00230
00231
00232
00233 };
00234 typedef struct MHD_gtls_key *MHD_gtls_key_st;
00235
00236
00237 #include <gnutls_hash_int.h>
00238 #include <gnutls_cipher_int.h>
00239 #include <gnutls_cert.h>
00240
00241 typedef struct
00242 {
00243 uint8_t suite[2];
00244 } cipher_suite_st;
00245
00246
00247
00248
00249
00250 typedef struct
00251 {
00252 opaque name[MAX_SERVER_NAME_SIZE];
00253 unsigned name_length;
00254 MHD_gnutls_server_name_type_t type;
00255 } server_name_st;
00256
00257 #define MAX_SERVER_NAME_EXTENSIONS 3
00258 typedef struct
00259 {
00260 server_name_st server_names[MAX_SERVER_NAME_EXTENSIONS];
00261
00262 unsigned server_names_size;
00263
00264
00265 int MHD_gnutls_ia_enable, MHD_gnutls_ia_peer_enable;
00266 int MHD_gnutls_ia_allowskip, MHD_gnutls_ia_peer_allowskip;
00267
00268
00269 int do_recv_supplemental, do_send_supplemental;
00270
00271 } MHD_gtls_ext_st;
00272
00273
00274
00275
00276
00277
00278 typedef enum tls_ext_parse_type_t
00279 {
00280 EXTENSION_ANY,
00281 EXTENSION_APPLICATION,
00282 EXTENSION_TLS
00283 } MHD_gtls_ext_parse_type_t;
00284
00285
00286
00287
00288
00289
00290
00291
00292
00293
00294
00295
00296
00297
00298
00299
00300
00301
00302
00303 typedef struct
00304 {
00305 MHD_gnutls_connection_end_t entity;
00306 enum MHD_GNUTLS_KeyExchangeAlgorithm kx_algorithm;
00307
00308
00309
00310
00311 enum MHD_GNUTLS_CipherAlgorithm read_bulk_cipher_algorithm;
00312 enum MHD_GNUTLS_HashAlgorithm read_mac_algorithm;
00313 enum MHD_GNUTLS_CompressionMethod read_compression_algorithm;
00314
00315 enum MHD_GNUTLS_CipherAlgorithm write_bulk_cipher_algorithm;
00316 enum MHD_GNUTLS_HashAlgorithm write_mac_algorithm;
00317 enum MHD_GNUTLS_CompressionMethod write_compression_algorithm;
00318
00319
00320
00321
00322
00323 cipher_suite_st current_cipher_suite;
00324 opaque master_secret[TLS_MASTER_SIZE];
00325 opaque client_random[TLS_RANDOM_SIZE];
00326 opaque server_random[TLS_RANDOM_SIZE];
00327 opaque session_id[TLS_MAX_SESSION_ID_SIZE];
00328 uint8_t session_id_size;
00329 time_t timestamp;
00330 MHD_gtls_ext_st extensions;
00331
00332
00333
00334
00335 uint16_t max_record_send_size;
00336 uint16_t max_record_recv_size;
00337
00338 enum MHD_GNUTLS_CertificateType cert_type;
00339 enum MHD_GNUTLS_Protocol version;
00340
00341 opaque inner_secret[TLS_MASTER_SIZE];
00342 } MHD_gtls_security_param_st;
00343
00344
00345
00346 typedef struct
00347 {
00348 MHD_gnutls_datum_t server_write_mac_secret;
00349 MHD_gnutls_datum_t client_write_mac_secret;
00350 MHD_gnutls_datum_t server_write_IV;
00351 MHD_gnutls_datum_t client_write_IV;
00352 MHD_gnutls_datum_t server_write_key;
00353 MHD_gnutls_datum_t client_write_key;
00354 int generated_keys;
00355
00356
00357
00358 } MHD_gtls_cipher_specs_st;
00359
00360 typedef struct
00361 {
00362 cipher_hd_t write_cipher_state;
00363 cipher_hd_t read_cipher_state;
00364 MHD_gnutls_datum_t read_mac_secret;
00365 MHD_gnutls_datum_t write_mac_secret;
00366 uint64 read_sequence_number;
00367 uint64 write_sequence_number;
00368 } MHD_gtls_conn_stat_st;
00369
00370 typedef struct
00371 {
00372 unsigned int priority[MAX_ALGOS];
00373 unsigned int num_algorithms;
00374 } MHD_gtls_priority_st;
00375
00376
00377 struct MHD_gtls_priority_st
00378 {
00379 MHD_gtls_priority_st cipher;
00380 MHD_gtls_priority_st mac;
00381 MHD_gtls_priority_st kx;
00382 MHD_gtls_priority_st compression;
00383 MHD_gtls_priority_st protocol;
00384
00385
00386 MHD_gtls_priority_st cert_type;
00387
00388
00389 int no_padding;
00390 };
00391
00392
00393
00394 typedef struct MHD_gtls_dh_params_int
00395 {
00396
00397
00398 mpi_t params[2];
00399 } MHD_gtls_dh_params_st;
00400
00401 typedef struct
00402 {
00403 MHD_gtls_dh_params_t dh_params;
00404 int free_dh_params;
00405 MHD_gtls_rsa_params_t rsa_params;
00406 int free_rsa_params;
00407 } MHD_gtls_internal_params_st;
00408
00409 typedef struct
00410 {
00411 opaque header[HANDSHAKE_HEADER_SIZE];
00412
00413 size_t header_size;
00414
00415 size_t packet_length;
00416 MHD_gnutls_handshake_description_t recv_type;
00417 } MHD_gtls_handshake_header_buffer_st;
00418
00419 typedef struct
00420 {
00421 MHD_gtls_buffer application_data_buffer;
00422 MHD_gtls_buffer handshake_hash_buffer;
00423
00424 mac_hd_t handshake_mac_handle_sha;
00425 mac_hd_t handshake_mac_handle_md5;
00426
00427 MHD_gtls_buffer handshake_data_buffer;
00428 MHD_gtls_buffer ia_data_buffer;
00429 resumable_session_t resumable;
00430 handshake_state_t handshake_state;
00431
00432
00433
00434
00435
00436
00437 valid_session_t valid_connection;
00438
00439 int may_not_read;
00440
00441 int may_not_write;
00442 int read_eof;
00443
00444 int last_alert;
00445 int last_alert_level;
00446
00447
00448
00449 int last_handshake_in;
00450 int last_handshake_out;
00451
00452
00453 enum MHD_GNUTLS_CompressionMethod compression_method;
00454
00455
00456 struct MHD_gtls_priority_st priorities;
00457
00458
00459 resumable_session_t resumed;
00460 MHD_gtls_security_param_st resumed_security_parameters;
00461
00462
00463 int lowat;
00464
00465
00466
00467
00468 MHD_gtls_buffer handshake_send_buffer;
00469 size_t handshake_send_buffer_prev_size;
00470 content_type_t handshake_send_buffer_type;
00471 MHD_gnutls_handshake_description_t handshake_send_buffer_htype;
00472 content_type_t handshake_recv_buffer_type;
00473 MHD_gnutls_handshake_description_t handshake_recv_buffer_htype;
00474 MHD_gtls_buffer handshake_recv_buffer;
00475
00476
00477
00478
00479 MHD_gtls_buffer record_recv_buffer;
00480 MHD_gtls_buffer record_send_buffer;
00481
00482
00483
00484 size_t record_send_buffer_prev_size;
00485
00486
00487 size_t record_send_buffer_user_size;
00488
00489
00490
00491
00492
00493
00494 int have_peeked_data;
00495
00496 int expire_time;
00497 struct MHD_gtls_mod_auth_st_int *auth_struct;
00498
00499
00500 int v2_hello;
00501
00502
00503
00504
00505 MHD_gtls_handshake_header_buffer_st handshake_header_buffer;
00506
00507
00508
00509
00510
00511
00512 uint8_t adv_version_major;
00513 uint8_t adv_version_minor;
00514
00515
00516
00517
00518
00519 int send_cert_req;
00520
00521
00522
00523
00524
00525 uint16_t dh_prime_bits;
00526
00527 size_t max_handshake_data_buffer_size;
00528
00529
00530
00531 MHD_gtls_pull_func MHD__gnutls_pull_func;
00532 MHD_gtls_push_func MHD__gnutls_push_func;
00533
00534
00535
00536 MHD_gnutls_transport_ptr_t transport_recv_ptr;
00537 MHD_gnutls_transport_ptr_t transport_send_ptr;
00538
00539
00540
00541
00542 uint16_t proposed_record_size;
00543
00544
00545
00546
00547
00548 MHD_gnutls_cert *selected_cert_list;
00549 int selected_cert_list_length;
00550 MHD_gnutls_privkey *selected_key;
00551 int selected_need_free;
00552
00553
00554
00555
00556 uint16_t extensions_sent[MAX_EXT_TYPES];
00557 uint16_t extensions_sent_size;
00558
00559
00560
00561 opaque default_record_version[2];
00562
00563 void *user_ptr;
00564
00565
00566
00567
00568 int direction;
00569
00570
00571
00572
00573 int ignore_rdn_sequence;
00574
00575
00576
00577
00578
00579 opaque rsa_pms_version[2];
00580
00581
00582
00583
00584
00585 MHD_gtls_internal_params_st params;
00586
00587
00588
00589
00590 MHD_gnutls_datum_t recv_buffer;
00591
00592
00593
00594
00595
00596
00597
00598
00599
00600 int errnum;
00601
00602
00603
00604
00605 MHD_gnutls_sign_func sign_func;
00606 void *sign_func_userdata;
00607
00608
00609
00610 } MHD_gtls_internals_st;
00611
00612 struct MHD_gtls_session_int
00613 {
00614 MHD_gtls_security_param_st security_parameters;
00615 MHD_gtls_cipher_specs_st cipher_specs;
00616 MHD_gtls_conn_stat_st connection_state;
00617 MHD_gtls_internals_st internals;
00618 MHD_gtls_key_st key;
00619 };
00620
00621
00622 void MHD_gtls_set_current_version (MHD_gtls_session_t session,
00623 enum MHD_GNUTLS_Protocol version);
00624
00625 void MHD_gtls_free_auth_info (MHD_gtls_session_t session);
00626
00627
00628
00629
00630 #define MHD__gnutls_get_adv_version_major( session) \
00631 session->internals.adv_version_major
00632
00633 #define MHD__gnutls_get_adv_version_minor( session) \
00634 session->internals.adv_version_minor
00635
00636 #define set_adv_version( session, major, minor) \
00637 session->internals.adv_version_major = major; \
00638 session->internals.adv_version_minor = minor
00639
00640 enum MHD_GNUTLS_Protocol MHD_gtls_get_adv_version (MHD_gtls_session_t);
00641
00642 #endif