aboutsummaryrefslogtreecommitdiff
path: root/mysql/extra/yassl/include/yassl_imp.hpp
diff options
context:
space:
mode:
Diffstat (limited to 'mysql/extra/yassl/include/yassl_imp.hpp')
-rw-r--r--mysql/extra/yassl/include/yassl_imp.hpp748
1 files changed, 748 insertions, 0 deletions
diff --git a/mysql/extra/yassl/include/yassl_imp.hpp b/mysql/extra/yassl/include/yassl_imp.hpp
new file mode 100644
index 0000000..a952da0
--- /dev/null
+++ b/mysql/extra/yassl/include/yassl_imp.hpp
@@ -0,0 +1,748 @@
+/*
+ Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; see the file COPYING. If not, write to the
+ Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
+ MA 02110-1301 USA.
+*/
+
+/* yaSSL implementation header defines all strucutres from the SSL.v3
+ * specification "draft-freier-ssl-version3-02.txt"
+ * all page citations refer to this document unless otherwise noted.
+ */
+
+
+#ifndef yaSSL_IMP_HPP
+#define yaSSL_IMP_HPP
+
+#ifdef _MSC_VER
+ // disable truncated debug symbols
+ #pragma warning(disable:4786)
+#endif
+
+#include "yassl_types.hpp"
+#include "factory.hpp"
+#include STL_LIST_FILE
+
+
+namespace STL = STL_NAMESPACE;
+
+
+namespace yaSSL {
+
+
+class SSL; // forward decls
+class input_buffer;
+class output_buffer;
+
+
+struct ProtocolVersion {
+ uint8 major_;
+ uint8 minor_; // major and minor SSL/TLS version numbers
+
+ ProtocolVersion(uint8 maj = 3, uint8 min = 0);
+};
+
+
+// Record Layer Header for PlainText, Compressed, and CipherText
+struct RecordLayerHeader {
+ ContentType type_;
+ ProtocolVersion version_;
+ uint16 length_; // should not exceed 2^14
+};
+
+
+// base for all messages
+struct Message : public virtual_base {
+ virtual input_buffer& set(input_buffer&) =0;
+ virtual output_buffer& get(output_buffer&) const =0;
+
+ virtual void Process(input_buffer&, SSL&) =0;
+ virtual ContentType get_type() const =0;
+ virtual uint16 get_length() const =0;
+
+ virtual ~Message() {}
+};
+
+
+class ChangeCipherSpec : public Message {
+ CipherChoice type_;
+public:
+ ChangeCipherSpec();
+
+ friend input_buffer& operator>>(input_buffer&, ChangeCipherSpec&);
+ friend output_buffer& operator<<(output_buffer&, const ChangeCipherSpec&);
+
+ input_buffer& set(input_buffer& in);
+ output_buffer& get(output_buffer& out) const;
+
+ ContentType get_type() const;
+ uint16 get_length() const;
+ void Process(input_buffer&, SSL&);
+private:
+ ChangeCipherSpec(const ChangeCipherSpec&); // hide copy
+ ChangeCipherSpec& operator=(const ChangeCipherSpec&); // and assign
+};
+
+
+
+class Alert : public Message {
+ AlertLevel level_;
+ AlertDescription description_;
+public:
+ Alert() {}
+ Alert(AlertLevel al, AlertDescription ad);
+
+ ContentType get_type() const;
+ uint16 get_length() const;
+ void Process(input_buffer&, SSL&);
+
+ friend input_buffer& operator>>(input_buffer&, Alert&);
+ friend output_buffer& operator<<(output_buffer&, const Alert&);
+
+ input_buffer& set(input_buffer& in);
+ output_buffer& get(output_buffer& out) const;
+private:
+ Alert(const Alert&); // hide copy
+ Alert& operator=(const Alert&); // and assign
+};
+
+
+class Data : public Message {
+ uint16 length_;
+ opaque* buffer_; // read buffer used by fillData input
+ const opaque* write_buffer_; // write buffer used by output operator
+public:
+ Data();
+ Data(uint16 len, opaque* b);
+
+ friend output_buffer& operator<<(output_buffer&, const Data&);
+
+ input_buffer& set(input_buffer& in);
+ output_buffer& get(output_buffer& out) const;
+
+ ContentType get_type() const;
+ uint16 get_length() const;
+ void set_length(uint16 l);
+ opaque* set_buffer();
+ void SetData(uint16, const opaque*);
+ void Process(input_buffer&, SSL&);
+private:
+ Data(const Data&); // hide copy
+ Data& operator=(const Data&); // and assign
+};
+
+
+uint32 c24to32(const uint24); // forward form internal header
+void c32to24(uint32, uint24&);
+
+
+// HandShake header, same for each message type from page 20/21
+class HandShakeHeader : public Message {
+ HandShakeType type_;
+ uint24 length_; // length of message
+public:
+ HandShakeHeader() {}
+
+ ContentType get_type() const;
+ uint16 get_length() const;
+ HandShakeType get_handshakeType() const;
+ void Process(input_buffer&, SSL&);
+
+ void set_type(HandShakeType hst);
+ void set_length(uint32 u32);
+
+ friend input_buffer& operator>>(input_buffer&, HandShakeHeader&);
+ friend output_buffer& operator<<(output_buffer&, const HandShakeHeader&);
+
+ input_buffer& set(input_buffer& in);
+ output_buffer& get(output_buffer& out) const;
+private:
+ HandShakeHeader(const HandShakeHeader&); // hide copy
+ HandShakeHeader& operator=(const HandShakeHeader&); // and assign
+};
+
+
+// Base Class for all handshake messages
+class HandShakeBase : public virtual_base {
+ int length_;
+public:
+ int get_length() const;
+ void set_length(int);
+
+ // for building buffer's type field
+ virtual HandShakeType get_type() const =0;
+
+ // handles dispactch of proper >>
+ virtual input_buffer& set(input_buffer& in) =0;
+ virtual output_buffer& get(output_buffer& out) const =0;
+
+ virtual void Process(input_buffer&, SSL&) =0;
+
+ virtual ~HandShakeBase() {}
+};
+
+
+struct HelloRequest : public HandShakeBase {
+ input_buffer& set(input_buffer& in);
+ output_buffer& get(output_buffer& out) const;
+
+ void Process(input_buffer&, SSL&);
+
+ HandShakeType get_type() const;
+};
+
+
+// The Client's Hello Message from page 23
+class ClientHello : public HandShakeBase {
+ ProtocolVersion client_version_;
+ Random random_;
+ uint8 id_len_; // session id length
+ opaque session_id_[ID_LEN];
+ uint16 suite_len_; // cipher suite length
+ opaque cipher_suites_[MAX_SUITE_SZ];
+ uint8 comp_len_; // compression length
+ CompressionMethod compression_methods_;
+public:
+ friend input_buffer& operator>>(input_buffer&, ClientHello&);
+ friend output_buffer& operator<<(output_buffer&, const ClientHello&);
+
+ input_buffer& set(input_buffer& in);
+ output_buffer& get(output_buffer& out) const;
+
+ HandShakeType get_type() const;
+ void Process(input_buffer&, SSL&);
+
+ const opaque* get_random() const;
+ friend void buildClientHello(SSL&, ClientHello&);
+ friend void ProcessOldClientHello(input_buffer& input, SSL& ssl);
+
+ ClientHello();
+ ClientHello(ProtocolVersion pv, bool useCompression);
+private:
+ ClientHello(const ClientHello&); // hide copy
+ ClientHello& operator=(const ClientHello&); // and assign
+};
+
+
+
+// The Server's Hello Message from page 24
+class ServerHello : public HandShakeBase {
+ ProtocolVersion server_version_;
+ Random random_;
+ uint8 id_len_; // session id length
+ opaque session_id_[ID_LEN];
+ opaque cipher_suite_[SUITE_LEN];
+ CompressionMethod compression_method_;
+public:
+ ServerHello(ProtocolVersion pv, bool useCompression);
+ ServerHello();
+
+ friend input_buffer& operator>>(input_buffer&, ServerHello&);
+ friend output_buffer& operator<<(output_buffer&, const ServerHello&);
+
+ input_buffer& set(input_buffer& in);
+ output_buffer& get(output_buffer& out) const;
+
+ HandShakeType get_type() const;
+ void Process(input_buffer&, SSL&);
+
+ const opaque* get_random() const;
+ friend void buildServerHello(SSL&, ServerHello&);
+private:
+ ServerHello(const ServerHello&); // hide copy
+ ServerHello& operator=(const ServerHello&); // and assign
+};
+
+
+class x509;
+
+// Certificate could be a chain
+class Certificate : public HandShakeBase {
+ const x509* cert_;
+public:
+ Certificate();
+ explicit Certificate(const x509* cert);
+ friend output_buffer& operator<<(output_buffer&, const Certificate&);
+
+ const opaque* get_buffer() const;
+
+ // Process handles input, needs SSL
+ input_buffer& set(input_buffer& in);
+ output_buffer& get(output_buffer& out) const;
+
+ HandShakeType get_type() const;
+ void Process(input_buffer&, SSL&);
+private:
+ Certificate(const Certificate&); // hide copy
+ Certificate& operator=(const Certificate&); // and assign
+};
+
+
+
+// RSA Public Key
+struct ServerRSAParams {
+ opaque* rsa_modulus_;
+ opaque* rsa_exponent_;
+};
+
+
+// Ephemeral Diffie-Hellman Parameters
+class ServerDHParams {
+ int pSz_;
+ int gSz_;
+ int pubSz_;
+ opaque* p_;
+ opaque* g_;
+ opaque* Ys_;
+public:
+ ServerDHParams();
+ ~ServerDHParams();
+
+ int get_pSize() const;
+ int get_gSize() const;
+ int get_pubSize() const;
+
+ const opaque* get_p() const;
+ const opaque* get_g() const;
+ const opaque* get_pub() const;
+
+ opaque* alloc_p(int sz);
+ opaque* alloc_g(int sz);
+ opaque* alloc_pub(int sz);
+private:
+ ServerDHParams(const ServerDHParams&); // hide copy
+ ServerDHParams& operator=(const ServerDHParams&); // and assign
+};
+
+
+struct ServerKeyBase : public virtual_base {
+ virtual ~ServerKeyBase() {}
+ virtual void build(SSL&) {}
+ virtual void read(SSL&, input_buffer&) {}
+ virtual int get_length() const;
+ virtual opaque* get_serverKey() const;
+};
+
+
+// Server random number for FORTEZZA KEA
+struct Fortezza_Server : public ServerKeyBase {
+ opaque r_s_[FORTEZZA_MAX];
+};
+
+
+struct SignatureBase : public virtual_base {
+ virtual ~SignatureBase() {}
+};
+
+struct anonymous_sa : public SignatureBase {};
+
+
+struct Hashes {
+ uint8 md5_[MD5_LEN];
+ uint8 sha_[SHA_LEN];
+};
+
+
+struct rsa_sa : public SignatureBase {
+ Hashes hashes_;
+};
+
+
+struct dsa_sa : public SignatureBase {
+ uint8 sha_[SHA_LEN];
+};
+
+
+// Server's Diffie-Hellman exchange
+class DH_Server : public ServerKeyBase {
+ ServerDHParams parms_;
+ opaque* signature_;
+
+ int length_; // total length of message
+ opaque* keyMessage_; // total exchange message
+public:
+ DH_Server();
+ ~DH_Server();
+
+ void build(SSL&);
+ void read(SSL&, input_buffer&);
+ int get_length() const;
+ opaque* get_serverKey() const;
+private:
+ DH_Server(const DH_Server&); // hide copy
+ DH_Server& operator=(const DH_Server&); // and assign
+};
+
+
+// Server's RSA exchange
+struct RSA_Server : public ServerKeyBase {
+ ServerRSAParams params_;
+ opaque* signature_; // signed rsa_sa hashes
+};
+
+
+class ServerKeyExchange : public HandShakeBase {
+ ServerKeyBase* server_key_;
+public:
+ explicit ServerKeyExchange(SSL&);
+ ServerKeyExchange();
+ ~ServerKeyExchange();
+
+ void createKey(SSL&);
+ void build(SSL& ssl);
+
+ const opaque* getKey() const;
+ int getKeyLength() const;
+
+ input_buffer& set(input_buffer& in);
+ output_buffer& get(output_buffer& out) const;
+
+ friend output_buffer& operator<<(output_buffer&, const ServerKeyExchange&);
+
+ void Process(input_buffer&, SSL&);
+ HandShakeType get_type() const;
+private:
+ ServerKeyExchange(const ServerKeyExchange&); // hide copy
+ ServerKeyExchange& operator=(const ServerKeyExchange&); // and assign
+};
+
+
+
+class CertificateRequest : public HandShakeBase {
+ ClientCertificateType certificate_types_[CERT_TYPES];
+ int typeTotal_;
+ STL::list<DistinguishedName> certificate_authorities_;
+public:
+ CertificateRequest();
+ ~CertificateRequest();
+
+ input_buffer& set(input_buffer& in);
+ output_buffer& get(output_buffer& out) const;
+
+ friend input_buffer& operator>>(input_buffer&, CertificateRequest&);
+ friend output_buffer& operator<<(output_buffer&,
+ const CertificateRequest&);
+
+ void Process(input_buffer&, SSL&);
+ HandShakeType get_type() const;
+
+ void Build();
+private:
+ CertificateRequest(const CertificateRequest&); // hide copy
+ CertificateRequest& operator=(const CertificateRequest&); // and assign
+};
+
+
+struct ServerHelloDone : public HandShakeBase {
+ ServerHelloDone();
+ input_buffer& set(input_buffer& in);
+ output_buffer& get(output_buffer& out) const;
+
+ void Process(input_buffer& input, SSL& ssl);
+
+ HandShakeType get_type() const;
+};
+
+
+struct PreMasterSecret {
+ opaque random_[SECRET_LEN]; // first two bytes Protocol Version
+};
+
+
+struct ClientKeyBase : public virtual_base {
+ virtual ~ClientKeyBase() {}
+ virtual void build(SSL&) {}
+ virtual void read(SSL&, input_buffer&) {}
+ virtual int get_length() const;
+ virtual opaque* get_clientKey() const;
+};
+
+
+class EncryptedPreMasterSecret : public ClientKeyBase {
+ opaque* secret_;
+ int length_;
+public:
+ EncryptedPreMasterSecret();
+ ~EncryptedPreMasterSecret();
+
+ void build(SSL&);
+ void read(SSL&, input_buffer&);
+ int get_length() const;
+ opaque* get_clientKey() const;
+ void alloc(int sz);
+private:
+ // hide copy and assign
+ EncryptedPreMasterSecret(const EncryptedPreMasterSecret&);
+ EncryptedPreMasterSecret& operator=(const EncryptedPreMasterSecret&);
+};
+
+
+// Fortezza Key Parameters from page 29
+// hard code lengths cause only used here
+struct FortezzaKeys : public ClientKeyBase {
+ opaque y_c_ [128]; // client's Yc, public value
+ opaque r_c_ [128]; // client's Rc
+ opaque y_signature_ [40]; // DSS signed public key
+ opaque wrapped_client_write_key_ [12]; // wrapped by the TEK
+ opaque wrapped_server_write_key_ [12]; // wrapped by the TEK
+ opaque client_write_iv_ [24];
+ opaque server_write_iv_ [24];
+ opaque master_secret_iv_ [24]; // IV used to encrypt preMaster
+ opaque encrypted_preMasterSecret_[48]; // random & crypted by the TEK
+};
+
+
+
+// Diffie-Hellman public key from page 40/41
+class ClientDiffieHellmanPublic : public ClientKeyBase {
+ PublicValueEncoding public_value_encoding_;
+ int length_; // includes two byte length for message
+ opaque* Yc_; // length + Yc_
+ // dh_Yc only if explicit, otherwise sent in certificate
+ enum { KEY_OFFSET = 2 };
+public:
+ ClientDiffieHellmanPublic();
+ ~ClientDiffieHellmanPublic();
+
+ void build(SSL&);
+ void read(SSL&, input_buffer&);
+ int get_length() const;
+ opaque* get_clientKey() const;
+ void alloc(int sz, bool offset = false);
+private:
+ // hide copy and assign
+ ClientDiffieHellmanPublic(const ClientDiffieHellmanPublic&);
+ ClientDiffieHellmanPublic& operator=(const ClientDiffieHellmanPublic&);
+};
+
+
+class ClientKeyExchange : public HandShakeBase {
+ ClientKeyBase* client_key_;
+public:
+ explicit ClientKeyExchange(SSL& ssl);
+ ClientKeyExchange();
+ ~ClientKeyExchange();
+
+ void createKey(SSL&);
+ void build(SSL& ssl);
+
+ const opaque* getKey() const;
+ int getKeyLength() const;
+
+ friend output_buffer& operator<<(output_buffer&, const ClientKeyExchange&);
+
+ input_buffer& set(input_buffer& in);
+ output_buffer& get(output_buffer& out) const;
+
+ HandShakeType get_type() const;
+ void Process(input_buffer&, SSL&);
+private:
+ ClientKeyExchange(const ClientKeyExchange&); // hide copy
+ ClientKeyExchange& operator=(const ClientKeyExchange&); // and assign
+};
+
+
+class CertificateVerify : public HandShakeBase {
+ Hashes hashes_;
+ byte* signature_; // owns
+public:
+ CertificateVerify();
+ ~CertificateVerify();
+
+ input_buffer& set(input_buffer& in);
+ output_buffer& get(output_buffer& out) const;
+
+ friend input_buffer& operator>>(input_buffer&, CertificateVerify&);
+ friend output_buffer& operator<<(output_buffer&, const CertificateVerify&);
+
+ void Process(input_buffer&, SSL&);
+ HandShakeType get_type() const;
+
+ void Build(SSL&);
+private:
+ CertificateVerify(const CertificateVerify&); // hide copy
+ CertificateVerify& operator=(const CertificateVerify&); // and assign
+};
+
+
+class Finished : public HandShakeBase {
+ Hashes hashes_;
+public:
+ Finished();
+
+ uint8* set_md5();
+ uint8* set_sha();
+
+ friend input_buffer& operator>>(input_buffer&, Finished&);
+ friend output_buffer& operator<<(output_buffer&, const Finished&);
+
+ input_buffer& set(input_buffer& in);
+ output_buffer& get(output_buffer& out) const;
+
+ void Process(input_buffer&, SSL&);
+
+ HandShakeType get_type() const;
+private:
+ Finished(const Finished&); // hide copy
+ Finished& operator=(const Finished&); // and assign
+};
+
+
+class RandomPool; // forward for connection
+
+
+// SSL Connection defined on page 11
+struct Connection {
+ opaque *pre_master_secret_;
+ opaque master_secret_[SECRET_LEN];
+ opaque client_random_[RAN_LEN];
+ opaque server_random_[RAN_LEN];
+ opaque sessionID_[ID_LEN];
+ opaque client_write_MAC_secret_[SHA_LEN]; // sha is max size
+ opaque server_write_MAC_secret_[SHA_LEN];
+ opaque client_write_key_[AES_256_KEY_SZ]; // aes 256bit is max sz
+ opaque server_write_key_[AES_256_KEY_SZ];
+ opaque client_write_IV_[AES_IV_SZ]; // aes is max size
+ opaque server_write_IV_[AES_IV_SZ];
+ uint32 sequence_number_;
+ uint32 peer_sequence_number_;
+ uint32 pre_secret_len_; // pre master length
+ bool send_server_key_; // server key exchange?
+ bool master_clean_; // master secret clean?
+ bool TLS_; // TLSv1 or greater
+ bool TLSv1_1_; // TLSv1.1 or greater
+ bool sessionID_Set_; // do we have a session
+ bool compression_; // zlib compression?
+ ProtocolVersion version_; // negotiated version
+ ProtocolVersion chVersion_; // client hello version
+ RandomPool& random_;
+
+ Connection(ProtocolVersion v, RandomPool& ran);
+ ~Connection();
+
+ void AllocPreSecret(uint sz);
+ void CleanPreMaster();
+ void CleanMaster();
+ void TurnOffTLS();
+ void TurnOffTLS1_1();
+private:
+ Connection(const Connection&); // hide copy
+ Connection& operator=(const Connection&); // and assign
+};
+
+
+struct Ciphers; // forward
+
+
+// TLSv1 Security Spec, defined on page 56 of RFC 2246
+struct Parameters {
+ ConnectionEnd entity_;
+ BulkCipherAlgorithm bulk_cipher_algorithm_;
+ CipherType cipher_type_;
+ uint8 key_size_;
+ uint8 iv_size_;
+ IsExportable is_exportable_;
+ MACAlgorithm mac_algorithm_;
+ uint8 hash_size_;
+ CompressionMethod compression_algorithm_;
+ KeyExchangeAlgorithm kea_; // yassl additions
+ SignatureAlgorithm sig_algo_; // signature auth type
+ SignatureAlgorithm verify_algo_; // cert verify auth type
+ bool pending_;
+ bool resumable_; // new conns by session
+ uint16 encrypt_size_; // current msg encrypt sz
+ Cipher suite_[SUITE_LEN]; // choosen suite
+ uint8 suites_size_;
+ Cipher suites_[MAX_SUITE_SZ];
+ char cipher_name_[MAX_SUITE_NAME];
+ char cipher_list_[MAX_CIPHERS][MAX_SUITE_NAME];
+ bool removeDH_; // for server's later use
+
+ Parameters(ConnectionEnd, const Ciphers&, ProtocolVersion, bool haveDH);
+
+ void SetSuites(ProtocolVersion pv, bool removeDH = false,
+ bool removeRSA = false, bool removeDSA = false);
+ void SetCipherNames();
+private:
+ Parameters(const Parameters&); // hide copy
+ Parameters& operator=(const Parameters&); // and assing
+};
+
+
+input_buffer& operator>>(input_buffer&, RecordLayerHeader&);
+output_buffer& operator<<(output_buffer&, const RecordLayerHeader&);
+
+input_buffer& operator>>(input_buffer&, Message&);
+output_buffer& operator<<(output_buffer&, const Message&);
+
+input_buffer& operator>>(input_buffer&, HandShakeBase&);
+output_buffer& operator<<(output_buffer&, const HandShakeBase&);
+
+
+// Message Factory definition
+// uses the ContentType enumeration for unique id
+typedef Factory<Message> MessageFactory;
+void InitMessageFactory(MessageFactory&); // registers derived classes
+
+// HandShake Factory definition
+// uses the HandShakeType enumeration for unique id
+typedef Factory<HandShakeBase> HandShakeFactory;
+void InitHandShakeFactory(HandShakeFactory&); // registers derived classes
+
+// ServerKey Factory definition
+// uses KeyExchangeAlgorithm enumeration for unique id
+typedef Factory<ServerKeyBase> ServerKeyFactory;
+void InitServerKeyFactory(ServerKeyFactory&);
+
+// ClientKey Factory definition
+// uses KeyExchangeAlgorithm enumeration for unique id
+typedef Factory<ClientKeyBase> ClientKeyFactory;
+void InitClientKeyFactory(ClientKeyFactory&);
+
+
+// Message Creators
+Message* CreateHandShake();
+Message* CreateCipherSpec();
+Message* CreateAlert();
+Message* CreateData();
+
+
+// HandShake Creators
+HandShakeBase* CreateCertificate();
+HandShakeBase* CreateHelloRequest();
+HandShakeBase* CreateClientHello();
+HandShakeBase* CreateServerHello();
+HandShakeBase* CreateServerKeyExchange();
+HandShakeBase* CreateCertificateRequest();
+HandShakeBase* CreateServerHelloDone();
+HandShakeBase* CreateClientKeyExchange();
+HandShakeBase* CreateCertificateVerify();
+HandShakeBase* CreateFinished();
+
+
+// ServerKey Exchange Creators
+ServerKeyBase* CreateRSAServerKEA();
+ServerKeyBase* CreateDHServerKEA();
+ServerKeyBase* CreateFortezzaServerKEA();
+
+// ClientKey Exchange Creators
+ClientKeyBase* CreateRSAClient();
+ClientKeyBase* CreateDHClient();
+ClientKeyBase* CreateFortezzaClient();
+
+
+
+} // naemspace
+
+#endif // yaSSL_IMP_HPP
generated by cgit v1.1 at 2024-04-23 16:06:43 +0000