LTKCPP-- LLRP Toolkit C Plus Plus Library
|
00001 /* ssl/dtls1.h */ 00002 /* 00003 * DTLS implementation written by Nagendra Modadugu 00004 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 00005 */ 00006 /* ==================================================================== 00007 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. 00008 * 00009 * Redistribution and use in source and binary forms, with or without 00010 * modification, are permitted provided that the following conditions 00011 * are met: 00012 * 00013 * 1. Redistributions of source code must retain the above copyright 00014 * notice, this list of conditions and the following disclaimer. 00015 * 00016 * 2. Redistributions in binary form must reproduce the above copyright 00017 * notice, this list of conditions and the following disclaimer in 00018 * the documentation and/or other materials provided with the 00019 * distribution. 00020 * 00021 * 3. All advertising materials mentioning features or use of this 00022 * software must display the following acknowledgment: 00023 * "This product includes software developed by the OpenSSL Project 00024 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 00025 * 00026 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 00027 * endorse or promote products derived from this software without 00028 * prior written permission. For written permission, please contact 00029 * openssl-core@OpenSSL.org. 00030 * 00031 * 5. Products derived from this software may not be called "OpenSSL" 00032 * nor may "OpenSSL" appear in their names without prior written 00033 * permission of the OpenSSL Project. 00034 * 00035 * 6. Redistributions of any form whatsoever must retain the following 00036 * acknowledgment: 00037 * "This product includes software developed by the OpenSSL Project 00038 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 00039 * 00040 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 00041 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 00042 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 00043 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 00044 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 00045 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 00046 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 00047 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 00048 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 00049 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 00050 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 00051 * OF THE POSSIBILITY OF SUCH DAMAGE. 00052 * ==================================================================== 00053 * 00054 * This product includes cryptographic software written by Eric Young 00055 * (eay@cryptsoft.com). This product includes software written by Tim 00056 * Hudson (tjh@cryptsoft.com). 00057 * 00058 */ 00059 00060 #ifndef HEADER_DTLS1_H 00061 # define HEADER_DTLS1_H 00062 00063 # include <openssl/buffer.h> 00064 # include <openssl/pqueue.h> 00065 # ifdef OPENSSL_SYS_VMS 00066 # include <resource.h> 00067 # include <sys/timeb.h> 00068 # endif 00069 # ifdef OPENSSL_SYS_WIN32 00070 /* Needed for struct timeval */ 00071 # include <winsock.h> 00072 # elif defined(OPENSSL_SYS_NETWARE) && !defined(_WINSOCK2API_) 00073 # include <sys/timeval.h> 00074 # else 00075 # if defined(OPENSSL_SYS_VXWORKS) 00076 # include <sys/times.h> 00077 # else 00078 # include <sys/time.h> 00079 # endif 00080 # endif 00081 00082 #ifdef __cplusplus 00083 extern "C" { 00084 #endif 00085 00086 # define DTLS1_VERSION 0xFEFF 00087 # define DTLS1_2_VERSION 0xFEFD 00088 # define DTLS_MAX_VERSION DTLS1_2_VERSION 00089 # define DTLS1_VERSION_MAJOR 0xFE 00090 00091 # define DTLS1_BAD_VER 0x0100 00092 00093 /* Special value for method supporting multiple versions */ 00094 # define DTLS_ANY_VERSION 0x1FFFF 00095 00096 # if 0 00097 /* this alert description is not specified anywhere... */ 00098 # define DTLS1_AD_MISSING_HANDSHAKE_MESSAGE 110 00099 # endif 00100 00101 /* lengths of messages */ 00102 # define DTLS1_COOKIE_LENGTH 256 00103 00104 # define DTLS1_RT_HEADER_LENGTH 13 00105 00106 # define DTLS1_HM_HEADER_LENGTH 12 00107 00108 # define DTLS1_HM_BAD_FRAGMENT -2 00109 # define DTLS1_HM_FRAGMENT_RETRY -3 00110 00111 # define DTLS1_CCS_HEADER_LENGTH 1 00112 00113 # ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE 00114 # define DTLS1_AL_HEADER_LENGTH 7 00115 # else 00116 # define DTLS1_AL_HEADER_LENGTH 2 00117 # endif 00118 00119 # ifndef OPENSSL_NO_SSL_INTERN 00120 00121 # ifndef OPENSSL_NO_SCTP 00122 # define DTLS1_SCTP_AUTH_LABEL "EXPORTER_DTLS_OVER_SCTP" 00123 # endif 00124 00125 /* Max MTU overhead we know about so far is 40 for IPv6 + 8 for UDP */ 00126 # define DTLS1_MAX_MTU_OVERHEAD 48 00127 00128 typedef struct dtls1_bitmap_st { 00129 unsigned long map; /* track 32 packets on 32-bit systems and 64 00130 * - on 64-bit systems */ 00131 unsigned char max_seq_num[8]; /* max record number seen so far, 64-bit 00132 * value in big-endian encoding */ 00133 } DTLS1_BITMAP; 00134 00135 struct dtls1_retransmit_state { 00136 EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ 00137 EVP_MD_CTX *write_hash; /* used for mac generation */ 00138 # ifndef OPENSSL_NO_COMP 00139 COMP_CTX *compress; /* compression */ 00140 # else 00141 char *compress; 00142 # endif 00143 SSL_SESSION *session; 00144 unsigned short epoch; 00145 }; 00146 00147 struct hm_header_st { 00148 unsigned char type; 00149 unsigned long msg_len; 00150 unsigned short seq; 00151 unsigned long frag_off; 00152 unsigned long frag_len; 00153 unsigned int is_ccs; 00154 struct dtls1_retransmit_state saved_retransmit_state; 00155 }; 00156 00157 struct ccs_header_st { 00158 unsigned char type; 00159 unsigned short seq; 00160 }; 00161 00162 struct dtls1_timeout_st { 00163 /* Number of read timeouts so far */ 00164 unsigned int read_timeouts; 00165 /* Number of write timeouts so far */ 00166 unsigned int write_timeouts; 00167 /* Number of alerts received so far */ 00168 unsigned int num_alerts; 00169 }; 00170 00171 typedef struct record_pqueue_st { 00172 unsigned short epoch; 00173 pqueue q; 00174 } record_pqueue; 00175 00176 typedef struct hm_fragment_st { 00177 struct hm_header_st msg_header; 00178 unsigned char *fragment; 00179 unsigned char *reassembly; 00180 } hm_fragment; 00181 00182 typedef struct dtls1_state_st { 00183 unsigned int send_cookie; 00184 unsigned char cookie[DTLS1_COOKIE_LENGTH]; 00185 unsigned char rcvd_cookie[DTLS1_COOKIE_LENGTH]; 00186 unsigned int cookie_len; 00187 /* 00188 * The current data and handshake epoch. This is initially 00189 * undefined, and starts at zero once the initial handshake is 00190 * completed 00191 */ 00192 unsigned short r_epoch; 00193 unsigned short w_epoch; 00194 /* records being received in the current epoch */ 00195 DTLS1_BITMAP bitmap; 00196 /* renegotiation starts a new set of sequence numbers */ 00197 DTLS1_BITMAP next_bitmap; 00198 /* handshake message numbers */ 00199 unsigned short handshake_write_seq; 00200 unsigned short next_handshake_write_seq; 00201 unsigned short handshake_read_seq; 00202 /* save last sequence number for retransmissions */ 00203 unsigned char last_write_sequence[8]; 00204 /* Received handshake records (processed and unprocessed) */ 00205 record_pqueue unprocessed_rcds; 00206 record_pqueue processed_rcds; 00207 /* Buffered handshake messages */ 00208 pqueue buffered_messages; 00209 /* Buffered (sent) handshake records */ 00210 pqueue sent_messages; 00211 /* 00212 * Buffered application records. Only for records between CCS and 00213 * Finished to prevent either protocol violation or unnecessary message 00214 * loss. 00215 */ 00216 record_pqueue buffered_app_data; 00217 /* Is set when listening for new connections with dtls1_listen() */ 00218 unsigned int listen; 00219 unsigned int link_mtu; /* max on-the-wire DTLS packet size */ 00220 unsigned int mtu; /* max DTLS packet size */ 00221 struct hm_header_st w_msg_hdr; 00222 struct hm_header_st r_msg_hdr; 00223 struct dtls1_timeout_st timeout; 00224 /* 00225 * Indicates when the last handshake msg or heartbeat sent will timeout 00226 */ 00227 struct timeval next_timeout; 00228 /* Timeout duration */ 00229 unsigned short timeout_duration; 00230 /* 00231 * storage for Alert/Handshake protocol data received but not yet 00232 * processed by ssl3_read_bytes: 00233 */ 00234 unsigned char alert_fragment[DTLS1_AL_HEADER_LENGTH]; 00235 unsigned int alert_fragment_len; 00236 unsigned char handshake_fragment[DTLS1_HM_HEADER_LENGTH]; 00237 unsigned int handshake_fragment_len; 00238 unsigned int retransmitting; 00239 /* 00240 * Set when the handshake is ready to process peer's ChangeCipherSpec message. 00241 * Cleared after the message has been processed. 00242 */ 00243 unsigned int change_cipher_spec_ok; 00244 # ifndef OPENSSL_NO_SCTP 00245 /* used when SSL_ST_XX_FLUSH is entered */ 00246 int next_state; 00247 int shutdown_received; 00248 # endif 00249 } DTLS1_STATE; 00250 00251 typedef struct dtls1_record_data_st { 00252 unsigned char *packet; 00253 unsigned int packet_length; 00254 SSL3_BUFFER rbuf; 00255 SSL3_RECORD rrec; 00256 # ifndef OPENSSL_NO_SCTP 00257 struct bio_dgram_sctp_rcvinfo recordinfo; 00258 # endif 00259 } DTLS1_RECORD_DATA; 00260 00261 # endif 00262 00263 /* Timeout multipliers (timeout slice is defined in apps/timeouts.h */ 00264 # define DTLS1_TMO_READ_COUNT 2 00265 # define DTLS1_TMO_WRITE_COUNT 2 00266 00267 # define DTLS1_TMO_ALERT_COUNT 12 00268 00269 #ifdef __cplusplus 00270 } 00271 #endif 00272 #endif