#ifndef _SSLHANDSHAKE_H_
#define _SSLHANDSHAKE_H_
#include "sslBuildFlags.h"
#ifdef __cplusplus
extern "C" {
#endif
typedef enum
{ SSL_HdskHelloRequest = 0,
SSL_HdskClientHello = 1,
SSL_HdskServerHello = 2,
SSL_HdskHelloVerifyRequest = 3,
SSL_HdskNewSessionTicket = 4,
SSL_HdskCert = 11,
SSL_HdskServerKeyExchange = 12,
SSL_HdskCertRequest = 13,
SSL_HdskServerHelloDone = 14,
SSL_HdskCertVerify = 15,
SSL_HdskClientKeyExchange = 16,
SSL_HdskFinished = 20,
SSL_HdskCertificateStatus = 22,
SSL_HdskNPNEncryptedExtension = 67
} SSLHandshakeType;
typedef enum
{
SSL_HE_ServerName = 0,
SSL_HE_MaxFragmentLength = 1,
SSL_HE_ClientCertificateURL = 2,
SSL_HE_TrustedCAKeys = 3,
SSL_HE_TruncatedHMAC = 4,
SSL_HE_StatusReguest = 5,
SSL_HE_EllipticCurves = 10,
SSL_HE_EC_PointFormats = 11,
SSL_HE_SignatureAlgorithms = 13,
SSL_HE_ALPN = 16,
SSL_HE_SCT = 18,
SSL_HE_Padding = 21,
SSL_HE_SessionTicket = 35,
SSL_HE_SecureRenegotation = 0xff01,
SSL_HE_NPN = 13172
} SSLHelloExtensionType;
typedef enum
{
SSL_NT_HostName = 0
} SSLServerNameType;
typedef enum
{
SSL_CST_Ocsp = 1
} SSLCertificateStatusType;
#define SSL_ECDSA_NUM_CURVES 3
typedef enum
{
SSL_PointFormatUncompressed = 0,
SSL_PointFormatCompressedPrime = 1,
SSL_PointFormatCompressedChar2 = 2,
} SSL_ECDSA_PointFormats;
typedef enum
{
SSL_CurveTypeExplicitPrime = 1,
SSL_CurveTypeExplicitChar2 = 2,
SSL_CurveTypeNamed = 3
} SSL_ECDSA_CurveTypes;
typedef enum
{ SSL_read,
SSL_write
} CipherSide;
typedef enum
{
SSL_HdskStateUninit = 0,
SSL_HdskStateServerUninit,
SSL_HdskStateClientUninit,
SSL_HdskStateGracefulClose,
SSL_HdskStateErrorClose,
SSL_HdskStateNoNotifyClose,
SSL_HdskStateServerHello,
SSL_HdskStateKeyExchange,
SSL_HdskStateCert,
SSL_HdskStateHelloDone,
SSL_HdskStateClientCert,
SSL_HdskStateClientKeyExchange,
SSL_HdskStateClientCertVerify,
SSL_HdskStateNewSessionTicket,
SSL_HdskStateChangeCipherSpec,
SSL_HdskStateFinished,
SSL_HdskStateServerReady,
SSL_HdskStateClientReady
} SSLHandshakeState;
typedef struct
{ SSLHandshakeType type;
tls_buffer contents;
} SSLHandshakeMsg;
uint8_t *SSLEncodeHandshakeHeader(
tls_handshake_t ctx,
tls_buffer *rec,
SSLHandshakeType type,
size_t msglen);
#define SSL_Finished_Sender_Server 0x53525652
#define SSL_Finished_Sender_Client 0x434C4E54
typedef int (*EncodeMessageFunc)(tls_buffer *rec, tls_handshake_t ctx);
int SSLProcessHandshakeRecordInner(tls_buffer rec, tls_handshake_t ctx);
int SSLProcessHandshakeRecord(tls_buffer rec, tls_handshake_t ctx);
int SSLProcessSSL2Message(tls_buffer rec, tls_handshake_t ctx);
int SSLPrepareAndQueueMessage(EncodeMessageFunc msgFunc, uint8_t contentType, tls_handshake_t ctx);
int SSLAdvanceHandshake(SSLHandshakeType processed, tls_handshake_t ctx);
int DTLSProcessHandshakeRecord(tls_buffer rec, tls_handshake_t ctx);
int DTLSRetransmit(tls_handshake_t ctx);
int SSLResetFlight(tls_handshake_t ctx);
int SSLSendFlight(tls_handshake_t ctx);
int sslGetMaxProtVersion(tls_handshake_t ctx, tls_protocol_version *version);
#ifdef NDEBUG
#define SSLChangeHdskState(ctx, newState) { ctx->state=newState; }
#define SSLLogHdskMsg(msg, sent)
#else
void SSLChangeHdskState(tls_handshake_t ctx, SSLHandshakeState newState);
void SSLLogHdskMsg(SSLHandshakeType msg, char sent);
char *hdskStateToStr(SSLHandshakeState state);
#endif
int SSLEncodeChangeCipherSpec(tls_buffer *rec, tls_handshake_t ctx);
int SSLProcessChangeCipherSpec(tls_buffer rec, tls_handshake_t ctx);
int SSLFreeCertificates(SSLCertificate *certs);
int SSLFreeDNList(DNListElem *dn);
int SSLEncodeCertificate(tls_buffer *certificate, tls_handshake_t ctx);
int SSLProcessCertificate(tls_buffer message, tls_handshake_t ctx);
int SSLEncodeCertificateStatus(tls_buffer *status, tls_handshake_t ctx);
int SSLProcessCertificateStatus(tls_buffer message, tls_handshake_t ctx);
int SSLEncodeCertificateRequest(tls_buffer *request, tls_handshake_t ctx);
int SSLProcessCertificateRequest(tls_buffer message, tls_handshake_t ctx);
int SSLEncodeCertificateVerify(tls_buffer *verify, tls_handshake_t ctx);
int SSLProcessCertificateVerify(tls_buffer message, tls_handshake_t ctx);
int SSLEncodeServerHelloRequest(tls_buffer *helloDone, tls_handshake_t ctx);
int SSLEncodeServerHello(tls_buffer *serverHello, tls_handshake_t ctx);
int SSLProcessServerHello(tls_buffer message, tls_handshake_t ctx);
int SSLEncodeClientHello(tls_buffer *clientHello, tls_handshake_t ctx);
int SSLProcessClientHello(tls_buffer message, tls_handshake_t ctx);
int SSLProcessSSL2ClientHello(tls_buffer message, tls_handshake_t ctx);
int SSLProcessNewSessionTicket(tls_buffer message, tls_handshake_t ctx);
int SSLInitMessageHashes(tls_handshake_t ctx);
int SSLEncodeRandom(unsigned char *p, tls_handshake_t ctx);
#if ENABLE_DTLS
int SSLEncodeServerHelloVerifyRequest(tls_buffer *helloVerifyRequest, tls_handshake_t ctx);
int SSLProcessServerHelloVerifyRequest(tls_buffer message, tls_handshake_t ctx);
#endif
int SSLEncodeServerKeyExchange(tls_buffer *keyExch, tls_handshake_t ctx);
int SSLProcessServerKeyExchange(tls_buffer message, tls_handshake_t ctx);
int SSLEncodeKeyExchange(tls_buffer *keyExchange, tls_handshake_t ctx);
int SSLProcessKeyExchange(tls_buffer keyExchange, tls_handshake_t ctx);
int SSLInitPendingCiphers(tls_handshake_t ctx);
int SSLEncodeFinishedMessage(tls_buffer *finished, tls_handshake_t ctx);
int SSLProcessFinished(tls_buffer message, tls_handshake_t ctx);
int SSLEncodeServerHelloDone(tls_buffer *helloDone, tls_handshake_t ctx);
int SSLProcessServerHelloDone(tls_buffer message, tls_handshake_t ctx);
int SSLCalculateFinishedMessage(tls_buffer finished, tls_buffer shaMsgState, tls_buffer md5MsgState, uint32_t senderID, tls_handshake_t ctx);
int SSLEncodeNPNEncryptedExtensionMessage(tls_buffer *npn, tls_handshake_t ctx);
int SSLProcessEncryptedExtension(tls_buffer message, tls_handshake_t ctx);
#ifdef __cplusplus
}
#endif
#endif