mirror of
https://github.com/xcat2/xNBA.git
synced 2025-01-21 23:13:14 +00:00
343 lines
11 KiB
C
343 lines
11 KiB
C
// Note: This file still needs some work.
|
|
// Note: I had to redefine the enums to a set of const values,
|
|
// so that the size of the variable would be correct.
|
|
|
|
// Typedefs
|
|
// (As defined by the SSL v3.0 RFC Draft)
|
|
// URL: http://wp.netscape.com/eng/ssl3/draft302.txt
|
|
typedef unsigned char uint8;
|
|
typedef uint8 uint16[2];
|
|
typedef uint8 uint24[3];
|
|
typedef uint8 uint32[4];
|
|
typedef uint8 uint64[8];
|
|
|
|
// Record layers
|
|
typedef struct _ProtocolVersion{
|
|
uint8 major, minor;
|
|
} ProtocolVersion;
|
|
|
|
const ProtocolVersion version = { 3, 0 };
|
|
|
|
typedef uint8 ContentType;
|
|
const ContentType content_type_change_cipher_spec_type = 20;
|
|
const ContentType content_type_alert = 21;
|
|
const ContentType content_type_handshake = 22;
|
|
const ContentType content_type_application_data = 23;
|
|
|
|
typedef struct _SSLPlaintext{
|
|
ContentType type;
|
|
ProtocolVersion version;
|
|
uint16 length; // can not exceed 2^14 bytes
|
|
uint8 fragment[16384]; // 2^14 = 16,384 bytes
|
|
} SSLPlaintext;
|
|
|
|
typedef struct _SSLCompressed{
|
|
ContentType type;
|
|
ProtocolVersion version;
|
|
uint16 length; // can not exceed 2^14 + 1024
|
|
uint8 fragment[17408]; // SSLCompressed.length
|
|
} SSLCompressed;
|
|
|
|
typedef struct _SSLCiphertext{
|
|
ContentType type;
|
|
ProtocolVersion version;
|
|
uint16 length;
|
|
uint8 fragment; // so we have a pointer to the data, and don't have to do math
|
|
// fragment; type GenericStreamCipher or GenericBlockCipher
|
|
} SSLCiphertext; // recast to get fragment
|
|
|
|
typedef struct _GenericStreamCipher{
|
|
uint8 content[17408]; // SSLCompressed.length
|
|
uint8 MAC[]; // CipherSpec.hash_size
|
|
} GenericStreamCipher;
|
|
|
|
typedef struct _SSLStreamCiphertext{
|
|
ContentType type;
|
|
ProtocolVersion version;
|
|
uint16 length; // can not exceed 2^14 + 2048 = 18,456
|
|
GenericStreamCipher fragment;
|
|
} SSLStreamCiphertext;
|
|
|
|
typedef struct _GenericBlockCipher{
|
|
uint8 content[17408]; // SSLConpressed.length
|
|
uint8 MAC[0]; // CipherSpec.hash_size
|
|
// padding is used to bring the plaintext to
|
|
// a multiple of the block cipher's block length.
|
|
uint8 padding[0]; // GenericBlockCipher.padding_length
|
|
uint8 padding_length;
|
|
} GenericBlockCipher;
|
|
|
|
typedef struct _SSLBlockCiphertext{
|
|
ContentType type;
|
|
ProtocolVersion version;
|
|
uint16 length; // can not exceed 2^14 + 2048 = 18,456
|
|
GenericBlockCipher fragment;
|
|
} SSLBlockCiphertext;
|
|
|
|
// Change cipher specs message
|
|
typedef struct _ChangeCipherSpec{
|
|
enum { type_change_cipher_spec=1, type_size=255 } type;
|
|
} ChangeCipherSpec;
|
|
|
|
// Alert messages
|
|
typedef uint8 AlertLevel;
|
|
const AlertLevel alert_level_warning = 1;
|
|
const AlertLevel alert_level_fatal=2;
|
|
|
|
typedef uint8 AlertDescription;
|
|
const AlertDescription alert_description_close_notify = 0;
|
|
const AlertDescription alert_description_unexpected_message = 10;
|
|
const AlertDescription alert_description_bad_record_mac = 20;
|
|
const AlertDescription alert_description_decompression_failure = 30;
|
|
const AlertDescription alert_description_handshake_failure = 40;
|
|
const AlertDescription alert_description_no_certificate = 41;
|
|
const AlertDescription alert_description_bad_certificate = 42;
|
|
const AlertDescription alert_description_unsupported_certificate = 43;
|
|
const AlertDescription alert_description_certificate_revoked = 44;
|
|
const AlertDescription alert_description_certificate_expired = 45;
|
|
const AlertDescription alert_description_certificate_unknown = 46;
|
|
const AlertDescription alert_description_illegal_parameter = 47;
|
|
|
|
typedef struct _Alert{
|
|
AlertLevel level;
|
|
AlertDescription description;
|
|
} Alert;
|
|
|
|
// Handshake protocol
|
|
// What is the best way to have a generic pointer to the body struct??
|
|
typedef uint8 HandshakeType;
|
|
const HandshakeType handshake_type_hello_request = 0;
|
|
const HandshakeType handshake_type_client_hello = 1;
|
|
const HandshakeType handshake_type_server_hello = 2;
|
|
const HandshakeType handshake_type_certificate = 11;
|
|
const HandshakeType handshake_type_server_key_exchange = 12;
|
|
const HandshakeType handshake_type_certificate_request = 13;
|
|
const HandshakeType handshake_type_server_done = 14;
|
|
const HandshakeType handshake_type_certificate_verify = 15;
|
|
const HandshakeType handshake_type_client_key_exchange = 16;
|
|
const HandshakeType handshake_type_finished = 20;
|
|
|
|
typedef struct _Handshake{
|
|
HandshakeType msg_type;
|
|
uint24 length;
|
|
// body; // one of HandshakeType structs
|
|
} Handshake; // generic Handshake, need to recast to get body
|
|
|
|
// Hello messages
|
|
typedef struct _HelloRequest{} HelloRequest;
|
|
|
|
typedef struct _HelloRequestHandshake{
|
|
HandshakeType msg_type;
|
|
uint24 length;
|
|
HelloRequest body;
|
|
} HelloRequestHandshake;
|
|
|
|
typedef struct _Random{
|
|
uint32 gmt_unix_time;
|
|
uint8 random_bytes[28];
|
|
} Random;
|
|
|
|
//typedef uint8 SessionID[32]; // <0..32>
|
|
typedef uint8 SessionIDLength;
|
|
typedef uint8 SessionID;
|
|
|
|
typedef uint16 CipherSuiteLength;
|
|
typedef uint8 CipherSuite[2];
|
|
|
|
typedef uint8 CompressionMethodLength;
|
|
typedef uint8 CompressionMethod;
|
|
const CompressionMethod compression_method_null = 0;
|
|
|
|
|
|
typedef struct _ClientHello{
|
|
ProtocolVersion client_version;
|
|
Random random;
|
|
SessionIDLength session_id_length;
|
|
SessionID *session_id;
|
|
SessionID *session_id_end;
|
|
CipherSuiteLength *cipher_suites_length;
|
|
CipherSuite *cipher_suites; // min size is one entry
|
|
CipherSuite *cipher_suites_end;
|
|
//CipherSuite cipher_suites[32768]; // <2..2^16-1> = 65,536 bytes and CipherSuite is 2 bytes
|
|
CompressionMethodLength *compression_methods_length;
|
|
CompressionMethod *compression_methods;
|
|
CompressionMethod *compression_methods_end;
|
|
//CompressionMethod *compression_methods; // min size is zero
|
|
//CompressionMethod compression_methods[256]; // <0..2^8-1> = 256 bytes and CompressionMethod is 1 byte
|
|
} ClientHello;
|
|
|
|
typedef struct _ClientHelloHandshake{
|
|
//HandshakeType msg_type;
|
|
uint8 msg_type;
|
|
uint24 length;
|
|
ClientHello body;
|
|
} ClientHelloHandshake;
|
|
|
|
typedef struct _ServerHello{
|
|
ProtocolVersion server_version;
|
|
Random random;
|
|
SessionID session_id;
|
|
CipherSuite cipher_suite;
|
|
CompressionMethod compression_method;
|
|
} ServerHello;
|
|
|
|
typedef struct _ServerHelloHandshake{
|
|
HandshakeType msg_type;
|
|
uint24 length;
|
|
ServerHello body;
|
|
} ServerHelloHandshake;
|
|
|
|
// Server authentication and key exchange messages
|
|
typedef uint8 ASN1Cert[16777216]; // <1..2^24-1> = 16,777,216 bytes
|
|
|
|
typedef struct _Certificate{
|
|
ASN1Cert certificate_list[1]; // <1..2^24-1> / ANS1Cert = 1
|
|
// for some reason the size of certificate_list and ASN1Cert is the same, so only one certificate in the list
|
|
} Certificate;
|
|
|
|
typedef uint8 KeyExchangeAlgorithm;
|
|
const KeyExchangeAlgorithm key_exchange_algorithm_rsa = 0;
|
|
const KeyExchangeAlgorithm key_exchange_algorithm_diffie_hellman = 1;
|
|
const KeyExchangeAlgorithm key_exchange_algorithm_fortezza_kea = 2;
|
|
|
|
typedef struct _AnonSignature{
|
|
struct {};
|
|
} AnonSignature;
|
|
|
|
typedef struct _RSASignature{
|
|
uint8 md5_hash[16];
|
|
uint8 sha_hash[20];
|
|
} RSASignature;
|
|
|
|
typedef struct _DSASignature{
|
|
uint8 sha_hash[20];
|
|
} DSASignature;
|
|
|
|
// use union??, make a mess to reference, but easy to make Signature type.
|
|
typedef union _Signature{ AnonSignature anon; RSASignature rsa; DSASignature dsa; } Signature;
|
|
|
|
typedef struct _ServerRSAParams{
|
|
uint8 RSA_modulus[65536]; // <1..2^16-1> = 65,536
|
|
uint8 RSA_exponent[65536]; // <1..2^16-1> = 65,536
|
|
} ServerRSAParams;
|
|
|
|
typedef struct _ServerDHParams{
|
|
uint8 DH_p[65536]; // <1..2^16-1>
|
|
uint8 DH_g[65536]; // <1..2^16-1>
|
|
uint8 DH_Ys[65536]; // <1..2^16-1>
|
|
} ServerDHParams;
|
|
|
|
typedef struct _ServerDHKeyExchange{
|
|
ServerDHParams params;
|
|
Signature signed_params;
|
|
} ServerDHKeyExchange;
|
|
|
|
typedef struct _ServerRSAKeyExchange{
|
|
ServerRSAParams params;
|
|
Signature signed_params;
|
|
} ServerRSAKeyExchange;
|
|
|
|
typedef uint8 SignatureAlgorithm;
|
|
const SignatureAlgorithm signature_algorithm_anonymous = 0;
|
|
const SignatureAlgorithm signature_algorithm_rsa = 1;
|
|
const SignatureAlgorithm signature_algorithm_dsa = 2;
|
|
|
|
typedef uint8 CertificateType;
|
|
const CertificateType certificate_type_RSA_sign = 1;
|
|
const CertificateType certificate_type_DSS_sign = 2;
|
|
const CertificateType certificate_type_RSA_fixed_DH = 3;
|
|
const CertificateType certificate_type_DSS_fixed_DH = 4;
|
|
const CertificateType certificate_type_RSA_ephemeral_DH = 5;
|
|
const CertificateType certificate_type_DSS_ephemeral_DH = 6;
|
|
const CertificateType certificate_type_FORTEZZA_MISSI = 20;
|
|
|
|
typedef uint8 DistinguishedName[65536]; // <1..2^16-1> = 65,536
|
|
|
|
typedef struct _CertificateRequest{
|
|
CertificateType certificate_types[256]; // <1..2^8-1>
|
|
DistinguishedName certificate_authorities[1]; // <3...2^16-1> / DistinguishedName
|
|
// this is another one that is odd with a list size of 1
|
|
} CertificateRequest;
|
|
|
|
typedef struct _ServerHelloDone{} ServerHelloDone;
|
|
|
|
// Client authentication and key exchange messages
|
|
typedef struct _PreMasterSecret{
|
|
ProtocolVersion client_version;
|
|
uint8 random[46];
|
|
} PreMasterSecret;
|
|
|
|
typedef struct _EncryptedPreMasterSecret{
|
|
PreMasterSecret pre_master_secret;
|
|
} EncryptedPreMasterSecret;
|
|
|
|
typedef struct _RSAClientKeyExchange{
|
|
EncryptedPreMasterSecret exchange_keys;
|
|
} RSAClientKeyExchange;
|
|
|
|
typedef uint8 PublicValueEncoding;
|
|
const PublicValueEncoding public_value_encoding_implicit = 0;
|
|
const PublicValueEncoding public_value_encoding_explicit = 1;
|
|
|
|
typedef struct _ClientDiffieHellmanPublic{
|
|
// This is a select on PublicValueEncoding, and I chose the larger size
|
|
uint8 dh_public[65536]; // DH_Yc<1..2^16-1>, the dh public value
|
|
} ClientDiffieHellmanPublic;
|
|
|
|
typedef struct _DHClientKeyExhange{
|
|
ClientDiffieHellmanPublic exchange_keys;
|
|
} DHClientKeyExchange;
|
|
|
|
typedef struct _CertificateVerify{
|
|
Signature signature;
|
|
} CertificateVerify;
|
|
|
|
// Handshake finalization message
|
|
typedef struct _Finished{
|
|
uint8 md5_hash[16];
|
|
uint8 sha_hash[20];
|
|
} Finished;
|
|
|
|
// The CipherSuite
|
|
CipherSuite SSL_NULL_WITH_NULL_NULL = { 0x00, 0x13 };
|
|
CipherSuite SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA = { 0x00, 0x0B };
|
|
CipherSuite SSL_DH_DSS_WITH_DES_CBC_SHA = { 0x00, 0x0C };
|
|
CipherSuite SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA = { 0x00, 0x11 };
|
|
CipherSuite SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 = { 0x00, 0x17 };
|
|
CipherSuite SSL_DH_anon_WITH_RC4_128_MD5 = { 0x00, 0x18 };
|
|
|
|
// The CipherSpec
|
|
typedef uint8 CipherType;
|
|
const CipherType cipher_type_stream = 0;
|
|
const CipherType cipher_type_block = 1;
|
|
|
|
typedef uint8 IsExportable;
|
|
const IsExportable is_exportable_true = 0;
|
|
const IsExportable is_exportable_false = 1;
|
|
|
|
typedef uint8 BulkCipherAlgorithm;
|
|
const BulkCipherAlgorithm bulk_cipher_algorithm_null = 0;
|
|
const BulkCipherAlgorithm bulk_cipher_algorithm_rc4 = 1;
|
|
const BulkCipherAlgorithm bulk_cipher_algorithm_rc2 = 2;
|
|
const BulkCipherAlgorithm bulk_cipher_algorithm_des = 3;
|
|
const BulkCipherAlgorithm bulk_cipher_algorithm_3des = 4;
|
|
const BulkCipherAlgorithm bulk_cipher_algorithm_des40 = 5;
|
|
const BulkCipherAlgorithm bulk_cipher_algorithm_fortezza = 6;
|
|
|
|
typedef uint8 MACAlgorithm;
|
|
const MACAlgorithm mac_algorithm_null = 0;
|
|
const MACAlgorithm mac_algorithm_md5 = 1;
|
|
const MACAlgorithm mac_algorithm_sha = 2;
|
|
|
|
typedef struct _CipherSpec{
|
|
BulkCipherAlgorithm bulk_cipher_algorithm;
|
|
MACAlgorithm mac_algorithm;
|
|
CipherType cipher_type;
|
|
IsExportable is_exportable;
|
|
uint8 hash_size;
|
|
uint8 key_material;
|
|
uint8 IV_size;
|
|
} CipherSpec;
|
|
|
|
|