#ifndef _SSLHANDSHAKE_H_
#define _SSLHANDSHAKE_H_
#include "sslRecord.h"
#ifdef __cplusplus
extern "C" {
#endif
typedef enum
{ SSL_HdskHelloRequest = 0,
SSL_HdskClientHello = 1,
SSL_HdskServerHello = 2,
#if ENABLE_DTLS
SSL_HdskHelloVerifyRequest = 3,
#endif
SSL_HdskCert = 11,
SSL_HdskServerKeyExchange = 12,
SSL_HdskCertRequest = 13,
SSL_HdskServerHelloDone = 14,
SSL_HdskCertVerify = 15,
SSL_HdskClientKeyExchange = 16,
SSL_HdskFinished = 20
} SSLHandshakeType;
typedef enum
{
SSL_HE_ServerName = 0,
SSL_HE_MaxFragmentLength = 1,
SSL_HE_ClientCertificateURL = 2,
SSL_HE_TrustedCAKeys = 3,
SSL_HE_TruncatedHMAC = 4,
SSL_HE_StatusReguest = 5,
SSL_HE_EllipticCurves = 10,
SSL_HE_EC_PointFormats = 11,
SSL_HE_SignatureAlgorithms = 13,
SSL_HE_SecureRenegotation = 0xff01,
SSL_HE_SessionTicket = 35
} SSLHelloExtensionType;
typedef enum
{
SSL_NT_HostName = 0
} SSLServerNameType;
#define SSL_ECDSA_NUM_CURVES 3
typedef enum
{
SSL_PointFormatUncompressed = 0,
SSL_PointFormatCompressedPrime = 1,
SSL_PointFormatCompressedChar2 = 2,
} SSL_ECDSA_PointFormats;
typedef enum
{
SSL_CurveTypeExplicitPrime = 1,
SSL_CurveTypeExplicitChar2 = 2,
SSL_CurveTypeNamed = 3
} SSL_ECDSA_CurveTypes;
typedef enum
{ SSL_read,
SSL_write
} CipherSide;
typedef enum
{
SSL_HdskStateUninit = 0,
SSL_HdskStateServerUninit,
SSL_HdskStateClientUninit,
SSL_HdskStateGracefulClose,
SSL_HdskStateErrorClose,
SSL_HdskStateNoNotifyClose,
SSL_HdskStateServerHello,
SSL_HdskStateKeyExchange,
SSL_HdskStateCert,
SSL_HdskStateHelloDone,
SSL_HdskStateClientCert,
SSL_HdskStateClientKeyExchange,
SSL_HdskStateClientCertVerify,
SSL_HdskStateChangeCipherSpec,
SSL_HdskStateFinished,
SSL_HdskStateServerReady,
SSL_HdskStateClientReady
} SSLHandshakeState;
typedef struct
{ SSLHandshakeType type;
SSLBuffer contents;
} SSLHandshakeMsg;
uint8_t *SSLEncodeHandshakeHeader(
SSLContext *ctx,
SSLRecord *rec,
SSLHandshakeType type,
size_t msglen);
#define SSL_Finished_Sender_Server 0x53525652
#define SSL_Finished_Sender_Client 0x434C4E54
typedef OSStatus (*EncodeMessageFunc)(SSLRecord *rec, SSLContext *ctx);
OSStatus SSLProcessHandshakeRecord(SSLRecord rec, SSLContext *ctx);
OSStatus SSLPrepareAndQueueMessage(EncodeMessageFunc msgFunc, SSLContext *ctx);
OSStatus SSLAdvanceHandshake(SSLHandshakeType processed, SSLContext *ctx);
OSStatus SSL3ReceiveSSL2ClientHello(SSLRecord rec, SSLContext *ctx);
OSStatus DTLSProcessHandshakeRecord(SSLRecord rec, SSLContext *ctx);
OSStatus DTLSRetransmit(SSLContext *ctx);
OSStatus SSLResetFlight(SSLContext *ctx);
OSStatus SSLSendFlight(SSLContext *ctx);
OSStatus sslGetMaxProtVersion(SSLContext *ctx, SSLProtocolVersion *version);
#ifdef NDEBUG
#define SSLChangeHdskState(ctx, newState) { ctx->state=newState; }
#define SSLLogHdskMsg(msg, sent)
#else
void SSLChangeHdskState(SSLContext *ctx, SSLHandshakeState newState);
void SSLLogHdskMsg(SSLHandshakeType msg, char sent);
char *hdskStateToStr(SSLHandshakeState state);
#endif
OSStatus SSLEncodeChangeCipherSpec(SSLRecord *rec, SSLContext *ctx);
OSStatus SSLProcessChangeCipherSpec(SSLRecord rec, SSLContext *ctx);
OSStatus SSLEncodeCertificate(SSLRecord *certificate, SSLContext *ctx);
OSStatus SSLProcessCertificate(SSLBuffer message, SSLContext *ctx);
OSStatus SSLEncodeCertificateRequest(SSLRecord *request, SSLContext *ctx);
OSStatus SSLProcessCertificateRequest(SSLBuffer message, SSLContext *ctx);
OSStatus SSLEncodeCertificateVerify(SSLRecord *verify, SSLContext *ctx);
OSStatus SSLProcessCertificateVerify(SSLBuffer message, SSLContext *ctx);
OSStatus SSLEncodeServerHello(SSLRecord *serverHello, SSLContext *ctx);
OSStatus SSLProcessServerHello(SSLBuffer message, SSLContext *ctx);
OSStatus SSLEncodeClientHello(SSLRecord *clientHello, SSLContext *ctx);
OSStatus SSLProcessClientHello(SSLBuffer message, SSLContext *ctx);
OSStatus SSLInitMessageHashes(SSLContext *ctx);
OSStatus SSLEncodeRandom(unsigned char *p, SSLContext *ctx);
#if ENABLE_DTLS
OSStatus SSLEncodeServerHelloVerifyRequest(SSLRecord *helloVerifyRequest, SSLContext *ctx);
OSStatus SSLProcessServerHelloVerifyRequest(SSLBuffer message, SSLContext *ctx);
#endif
OSStatus SSLEncodeServerKeyExchange(SSLRecord *keyExch, SSLContext *ctx);
OSStatus SSLProcessServerKeyExchange(SSLBuffer message, SSLContext *ctx);
OSStatus SSLEncodeKeyExchange(SSLRecord *keyExchange, SSLContext *ctx);
OSStatus SSLProcessKeyExchange(SSLBuffer keyExchange, SSLContext *ctx);
OSStatus SSLInitPendingCiphers(SSLContext *ctx);
OSStatus SSLEncodeFinishedMessage(SSLRecord *finished, SSLContext *ctx);
OSStatus SSLProcessFinished(SSLBuffer message, SSLContext *ctx);
OSStatus SSLEncodeServerHelloDone(SSLRecord *helloDone, SSLContext *ctx);
OSStatus SSLProcessServerHelloDone(SSLBuffer message, SSLContext *ctx);
OSStatus SSLCalculateFinishedMessage(SSLBuffer finished, SSLBuffer shaMsgState, SSLBuffer md5MsgState, UInt32 senderID, SSLContext *ctx);
#ifdef __cplusplus
}
#endif
#endif