]>
Commit | Line | Data |
---|---|---|
1d39ada8 | 1 | /* ssl/dtls1.h */ |
3285f539 | 2 | /* |
1d39ada8 PJ |
3 | * DTLS implementation written by Nagendra Modadugu |
4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | |
5 | */ | |
6 | /* ==================================================================== | |
7 | * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. | |
8 | * | |
9 | * Redistribution and use in source and binary forms, with or without | |
10 | * modification, are permitted provided that the following conditions | |
11 | * are met: | |
12 | * | |
13 | * 1. Redistributions of source code must retain the above copyright | |
14 | * notice, this list of conditions and the following disclaimer. | |
15 | * | |
16 | * 2. Redistributions in binary form must reproduce the above copyright | |
17 | * notice, this list of conditions and the following disclaimer in | |
18 | * the documentation and/or other materials provided with the | |
19 | * distribution. | |
20 | * | |
21 | * 3. All advertising materials mentioning features or use of this | |
22 | * software must display the following acknowledgment: | |
23 | * "This product includes software developed by the OpenSSL Project | |
24 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | |
25 | * | |
26 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
27 | * endorse or promote products derived from this software without | |
28 | * prior written permission. For written permission, please contact | |
29 | * openssl-core@OpenSSL.org. | |
30 | * | |
31 | * 5. Products derived from this software may not be called "OpenSSL" | |
32 | * nor may "OpenSSL" appear in their names without prior written | |
33 | * permission of the OpenSSL Project. | |
34 | * | |
35 | * 6. Redistributions of any form whatsoever must retain the following | |
36 | * acknowledgment: | |
37 | * "This product includes software developed by the OpenSSL Project | |
38 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | |
39 | * | |
40 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
41 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
42 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
43 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
44 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
45 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
46 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
47 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
49 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
50 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
51 | * OF THE POSSIBILITY OF SUCH DAMAGE. | |
52 | * ==================================================================== | |
53 | * | |
54 | * This product includes cryptographic software written by Eric Young | |
55 | * (eay@cryptsoft.com). This product includes software written by Tim | |
56 | * Hudson (tjh@cryptsoft.com). | |
9579a363 MG |
57 | * |
58 | */ | |
59 | ||
3285f539 GCPL |
60 | #ifndef HEADER_DTLS1_H |
61 | # define HEADER_DTLS1_H | |
9579a363 | 62 | |
1d39ada8 PJ |
63 | # include <openssl/buffer.h> |
64 | # include <openssl/pqueue.h> | |
65 | # ifdef OPENSSL_SYS_VMS | |
66 | # include <resource.h> | |
67 | # include <sys/timeb.h> | |
68 | # endif | |
69 | # ifdef OPENSSL_SYS_WIN32 | |
70 | /* Needed for struct timeval */ | |
71 | # include <winsock.h> | |
72 | # elif defined(OPENSSL_SYS_NETWARE) && !defined(_WINSOCK2API_) | |
73 | # include <sys/timeval.h> | |
74 | # else | |
75 | # if defined(OPENSSL_SYS_VXWORKS) | |
76 | # include <sys/times.h> | |
77 | # else | |
78 | # include <sys/time.h> | |
79 | # endif | |
80 | # endif | |
81 | ||
9579a363 MG |
82 | #ifdef __cplusplus |
83 | extern "C" { | |
84 | #endif | |
85 | ||
3285f539 | 86 | # define DTLS1_VERSION 0xFEFF |
4ac84f86 GCPL |
87 | # define DTLS1_2_VERSION 0xFEFD |
88 | # define DTLS_MAX_VERSION DTLS1_2_VERSION | |
89 | # define DTLS1_VERSION_MAJOR 0xFE | |
3285f539 GCPL |
90 | |
91 | # define DTLS1_BAD_VER 0x0100 | |
9579a363 | 92 | |
4ac84f86 GCPL |
93 | /* Special value for method supporting multiple versions */ |
94 | # define DTLS_ANY_VERSION 0x1FFFF | |
95 | ||
1d39ada8 PJ |
96 | # if 0 |
97 | /* this alert description is not specified anywhere... */ | |
98 | # define DTLS1_AD_MISSING_HANDSHAKE_MESSAGE 110 | |
99 | # endif | |
100 | ||
9579a363 | 101 | /* lengths of messages */ |
3285f539 GCPL |
102 | # define DTLS1_COOKIE_LENGTH 256 |
103 | ||
104 | # define DTLS1_RT_HEADER_LENGTH 13 | |
105 | ||
106 | # define DTLS1_HM_HEADER_LENGTH 12 | |
107 | ||
108 | # define DTLS1_HM_BAD_FRAGMENT -2 | |
109 | # define DTLS1_HM_FRAGMENT_RETRY -3 | |
110 | ||
111 | # define DTLS1_CCS_HEADER_LENGTH 1 | |
112 | ||
113 | # ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE | |
114 | # define DTLS1_AL_HEADER_LENGTH 7 | |
115 | # else | |
116 | # define DTLS1_AL_HEADER_LENGTH 2 | |
117 | # endif | |
118 | ||
1d39ada8 PJ |
119 | # ifndef OPENSSL_NO_SSL_INTERN |
120 | ||
121 | # ifndef OPENSSL_NO_SCTP | |
122 | # define DTLS1_SCTP_AUTH_LABEL "EXPORTER_DTLS_OVER_SCTP" | |
123 | # endif | |
124 | ||
125 | /* Max MTU overhead we know about so far is 40 for IPv6 + 8 for UDP */ | |
126 | # define DTLS1_MAX_MTU_OVERHEAD 48 | |
127 | ||
128 | typedef struct dtls1_bitmap_st { | |
129 | unsigned long map; /* track 32 packets on 32-bit systems and 64 | |
130 | * - on 64-bit systems */ | |
131 | unsigned char max_seq_num[8]; /* max record number seen so far, 64-bit | |
132 | * value in big-endian encoding */ | |
133 | } DTLS1_BITMAP; | |
134 | ||
135 | struct dtls1_retransmit_state { | |
136 | EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ | |
137 | EVP_MD_CTX *write_hash; /* used for mac generation */ | |
138 | # ifndef OPENSSL_NO_COMP | |
139 | COMP_CTX *compress; /* compression */ | |
140 | # else | |
141 | char *compress; | |
142 | # endif | |
143 | SSL_SESSION *session; | |
144 | unsigned short epoch; | |
145 | }; | |
146 | ||
147 | struct hm_header_st { | |
148 | unsigned char type; | |
149 | unsigned long msg_len; | |
150 | unsigned short seq; | |
151 | unsigned long frag_off; | |
152 | unsigned long frag_len; | |
153 | unsigned int is_ccs; | |
154 | struct dtls1_retransmit_state saved_retransmit_state; | |
155 | }; | |
156 | ||
157 | struct ccs_header_st { | |
158 | unsigned char type; | |
159 | unsigned short seq; | |
160 | }; | |
161 | ||
162 | struct dtls1_timeout_st { | |
163 | /* Number of read timeouts so far */ | |
164 | unsigned int read_timeouts; | |
165 | /* Number of write timeouts so far */ | |
166 | unsigned int write_timeouts; | |
167 | /* Number of alerts received so far */ | |
168 | unsigned int num_alerts; | |
169 | }; | |
170 | ||
171 | typedef struct record_pqueue_st { | |
172 | unsigned short epoch; | |
173 | pqueue q; | |
174 | } record_pqueue; | |
175 | ||
176 | typedef struct hm_fragment_st { | |
177 | struct hm_header_st msg_header; | |
178 | unsigned char *fragment; | |
179 | unsigned char *reassembly; | |
180 | } hm_fragment; | |
181 | ||
182 | typedef struct dtls1_state_st { | |
183 | unsigned int send_cookie; | |
184 | unsigned char cookie[DTLS1_COOKIE_LENGTH]; | |
185 | unsigned char rcvd_cookie[DTLS1_COOKIE_LENGTH]; | |
186 | unsigned int cookie_len; | |
187 | /* | |
188 | * The current data and handshake epoch. This is initially | |
189 | * undefined, and starts at zero once the initial handshake is | |
190 | * completed | |
191 | */ | |
192 | unsigned short r_epoch; | |
193 | unsigned short w_epoch; | |
194 | /* records being received in the current epoch */ | |
195 | DTLS1_BITMAP bitmap; | |
196 | /* renegotiation starts a new set of sequence numbers */ | |
197 | DTLS1_BITMAP next_bitmap; | |
198 | /* handshake message numbers */ | |
199 | unsigned short handshake_write_seq; | |
200 | unsigned short next_handshake_write_seq; | |
201 | unsigned short handshake_read_seq; | |
202 | /* save last sequence number for retransmissions */ | |
203 | unsigned char last_write_sequence[8]; | |
204 | /* Received handshake records (processed and unprocessed) */ | |
205 | record_pqueue unprocessed_rcds; | |
206 | record_pqueue processed_rcds; | |
207 | /* Buffered handshake messages */ | |
208 | pqueue buffered_messages; | |
209 | /* Buffered (sent) handshake records */ | |
210 | pqueue sent_messages; | |
211 | /* | |
212 | * Buffered application records. Only for records between CCS and | |
213 | * Finished to prevent either protocol violation or unnecessary message | |
214 | * loss. | |
215 | */ | |
216 | record_pqueue buffered_app_data; | |
217 | /* Is set when listening for new connections with dtls1_listen() */ | |
218 | unsigned int listen; | |
219 | unsigned int link_mtu; /* max on-the-wire DTLS packet size */ | |
220 | unsigned int mtu; /* max DTLS packet size */ | |
221 | struct hm_header_st w_msg_hdr; | |
222 | struct hm_header_st r_msg_hdr; | |
223 | struct dtls1_timeout_st timeout; | |
224 | /* | |
225 | * Indicates when the last handshake msg or heartbeat sent will timeout | |
226 | */ | |
227 | struct timeval next_timeout; | |
228 | /* Timeout duration */ | |
229 | unsigned short timeout_duration; | |
230 | /* | |
231 | * storage for Alert/Handshake protocol data received but not yet | |
232 | * processed by ssl3_read_bytes: | |
233 | */ | |
234 | unsigned char alert_fragment[DTLS1_AL_HEADER_LENGTH]; | |
235 | unsigned int alert_fragment_len; | |
236 | unsigned char handshake_fragment[DTLS1_HM_HEADER_LENGTH]; | |
237 | unsigned int handshake_fragment_len; | |
238 | unsigned int retransmitting; | |
239 | /* | |
240 | * Set when the handshake is ready to process peer's ChangeCipherSpec message. | |
241 | * Cleared after the message has been processed. | |
242 | */ | |
243 | unsigned int change_cipher_spec_ok; | |
244 | # ifndef OPENSSL_NO_SCTP | |
245 | /* used when SSL_ST_XX_FLUSH is entered */ | |
246 | int next_state; | |
247 | int shutdown_received; | |
248 | # endif | |
249 | } DTLS1_STATE; | |
250 | ||
251 | typedef struct dtls1_record_data_st { | |
252 | unsigned char *packet; | |
253 | unsigned int packet_length; | |
254 | SSL3_BUFFER rbuf; | |
255 | SSL3_RECORD rrec; | |
256 | # ifndef OPENSSL_NO_SCTP | |
257 | struct bio_dgram_sctp_rcvinfo recordinfo; | |
258 | # endif | |
259 | } DTLS1_RECORD_DATA; | |
260 | ||
261 | # endif | |
4ac84f86 | 262 | |
9579a363 | 263 | /* Timeout multipliers (timeout slice is defined in apps/timeouts.h */ |
3285f539 GCPL |
264 | # define DTLS1_TMO_READ_COUNT 2 |
265 | # define DTLS1_TMO_WRITE_COUNT 2 | |
9579a363 | 266 | |
3285f539 | 267 | # define DTLS1_TMO_ALERT_COUNT 12 |
9579a363 MG |
268 | |
269 | #ifdef __cplusplus | |
270 | } | |
271 | #endif | |
272 | #endif |