?lang_form? ?lang_select? ?lang_submit? ?lang_endform?
{HEADER END}
{BLAME START}

library

?curdirlinks? -

Blame information for rev 32

Line No. Rev Author Line
1 32 kaklik /*********************************************************************
2 *
3 * SSLv3 Module Headers
4 *
5 *********************************************************************
6 * FileName: SSL.h
7 * Dependencies: None
8 * Processor: PIC18, PIC24F, PIC24H, dsPIC30F, dsPIC33F, PIC32
9 * Compiler: Microchip C32 v1.05 or higher
10 * Microchip C30 v3.12 or higher
11 * Microchip C18 v3.30 or higher
12 * Company: Microchip Technology, Inc.
13 *
14 * Software License Agreement
15 *
16 * Copyright (C) 2002-2009 Microchip Technology Inc. All rights
17 * reserved.
18 *
19 * Microchip licenses to you the right to use, modify, copy, and
20 * distribute:
21 * (i) the Software when embedded on a Microchip microcontroller or
22 * digital signal controller product ("Device") which is
23 * integrated into Licensee's product; or
24 * (ii) ONLY the Software driver source files ENC28J60.c, ENC28J60.h,
25 * ENCX24J600.c and ENCX24J600.h ported to a non-Microchip device
26 * used in conjunction with a Microchip ethernet controller for
27 * the sole purpose of interfacing with the ethernet controller.
28 *
29 * You should refer to the license agreement accompanying this
30 * Software for additional information regarding your rights and
31 * obligations.
32 *
33 * THE SOFTWARE AND DOCUMENTATION ARE PROVIDED "AS IS" WITHOUT
34 * WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING WITHOUT
35 * LIMITATION, ANY WARRANTY OF MERCHANTABILITY, FITNESS FOR A
36 * PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT SHALL
37 * MICROCHIP BE LIABLE FOR ANY INCIDENTAL, SPECIAL, INDIRECT OR
38 * CONSEQUENTIAL DAMAGES, LOST PROFITS OR LOST DATA, COST OF
39 * PROCUREMENT OF SUBSTITUTE GOODS, TECHNOLOGY OR SERVICES, ANY CLAIMS
40 * BY THIRD PARTIES (INCLUDING BUT NOT LIMITED TO ANY DEFENSE
41 * THEREOF), ANY CLAIMS FOR INDEMNITY OR CONTRIBUTION, OR OTHER
42 * SIMILAR COSTS, WHETHER ASSERTED ON THE BASIS OF CONTRACT, TORT
43 * (INCLUDING NEGLIGENCE), BREACH OF WARRANTY, OR OTHERWISE.
44 *
45 *
46 * Author Date Comment
47 *~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
48 * Elliott Wood 6/20/07 Original
49 * Elliott Wood 12/17/07 Rewritten to integrate with TCP
50 * and support both client & server
51 ********************************************************************/
52  
53 #ifndef __SSL_H
54 #define __SSL_H
55  
56 /****************************************************************************
57 Section:
58 Configuration Settings
59 ***************************************************************************/
60 #define SSL_VERSION (0x0300u) // SSL version number
61 #define SSL_VERSION_HI (0x03u) // SSL version number (high byte)
62 #define SSL_VERSION_LO (0x00u) // SSL version number (low byte)
63  
64 #define SSL_INVALID_ID (0xFFu) // Identifier for invalid SSL allocations
65  
66 // Minimum lifetime for SSL Sessions
67 // Sessions cannot be reallocated until this much time has elapsed
68 #define SSL_MIN_SESSION_LIFETIME (1*TICK_SECOND)
69  
70 // Lifetime extension for RSA operations
71 // Sessions lifetime is extended by this amount when an RSA calculation is made
72 #define SSL_RSA_LIFETIME_EXTENSION (8*TICK_SECOND)
73  
74  
75 /****************************************************************************
76 Section:
77 SSL Commands and Responses
78 ***************************************************************************/
79  
80 #define SSL_CHANGE_CIPHER_SPEC 20u // Protocol code for Change Cipher Spec records
81 #define SSL_ALERT 21u // Protocol code for Alert records
82 #define SSL_HANDSHAKE 22u // Protocol code for Handshake records
83 #define SSL_APPLICATION 23u // Protocol code for Application data records
84  
85 // Describes the types of SSL messages (handshake and alerts)
86 typedef enum
87 {
88 SSL_HELLO_REQUEST = 0u, // HelloRequest handshake message (not currently supported)
89 SSL_CLIENT_HELLO = 1u, // ClientHello handshake message
90 SSL_ANTIQUE_CLIENT_HELLO = 18u, // SSLv2 ClientHello handshake message (Supported for backwards compatibility. This is an internally defined value.)
91 SSL_SERVER_HELLO = 2u, // ServerHello handshake message
92 SSL_CERTIFICATE = 11u, // ServerCertifiate handshake message
93 SSL_SERVER_HELLO_DONE = 14u, // ServerHelloDone handshake message
94 SSL_CLIENT_KEY_EXCHANGE = 16u, // ClientKeyExchange handshake message
95 SSL_FINISHED = 20u, // Finished handshake message
96  
97 // Alert Messages
98 SSL_ALERT_CLOSE_NOTIFY = 0u + 0x80, // CloseNotify alert message (dummy value used internally)
99 SSL_ALERT_UNEXPECTED_MESSAGE = 10u + 0x80, // UnexpectedMessage alert message (dummy value used internally)
100 SSL_ALERT_BAD_RECORD_MAC = 20u + 0x80, // BadRecordMAC alert message (dummy value used internally)
101 SSL_ALERT_HANDSHAKE_FAILURE = 40u + 0x80, // HandshakeFailure alert message (dummy value used internally)
102  
103 // No Message
104 SSL_NO_MESSAGE = 0xff // No message is currently requested (internally used value)
105  
106 } SSL_MESSAGES;
107  
108 // Describes the two types of Alert records
109 typedef enum
110 {
111 SSL_ALERT_WARNING = 1u, // Alert message is a warning (session can be resumed)
112 SSL_ALERT_FATAL = 2u // Alert message is fatal (session is non-resumable)
113 } SSL_ALERT_LEVEL;
114  
115 // SSL Session Type Enumeration
116 typedef enum
117 {
118 SSL_CLIENT, // Local device is the SSL client
119 SSL_SERVER // Local device is the SSL host
120 } SSL_SESSION_TYPE;
121  
122  
123 /****************************************************************************
124 Section:
125 State Machines
126 ***************************************************************************/
127  
128 // State machine for SSLRxServerHello
129 typedef enum
130 {
131 RX_SERVER_CERT_START = 0u,
132 RX_SERVER_CERT_FIND_KEY,
133 RX_SERVER_CERT_FIND_N,
134 RX_SERVER_CERT_READ_N,
135 RX_SERVER_CERT_READ_E,
136 RX_SERVER_CERT_CLEAR
137 } SM_SSL_RX_SERVER_HELLO;
138  
139  
140 /****************************************************************************
141 Section:
142 Connection Struct Definitions
143 ***************************************************************************/
144  
145 // Memory holder for general information associated with
146 // an SSL connections.
147 typedef struct
148 {
149 WORD wRxBytesRem; // Bytes left to read in current record
150 WORD wRxHsBytesRem; // Bytes left to read in current Handshake submessage
151  
152 BYTE rxProtocol; // Protocol for message being read
153 BYTE rxHSType; // Handshake message being received
154  
155 BYTE idSession; // ID for associated session
156 BYTE idMD5, idSHA1; // ID for current hashes
157 BYTE idRxHash; // ID for MAC hash (TX needs no persistence)
158 BYTE idRxBuffer, idTxBuffer; // ID for current buffers (Sboxes)
159  
160 DWORD_VAL dwTemp; // Used for state machine in RxCertificate
161  
162 struct
163 {
164 unsigned char bIsServer : 1; // We are the server
165 unsigned char bClientHello : 1; // ClientHello has been sent/received
166 unsigned char bServerHello : 1; // ServerHello has been sent/received
167 unsigned char bServerCertificate : 1; // ServerCertificate has been sent/received
168 unsigned char bServerHelloDone : 1; // ServerHelloDone has been sent/received
169 unsigned char bClientKeyExchange : 1; // ClientKeyExchange has been sent/received
170 unsigned char bRemoteChangeCipherSpec : 1; // Remote node has sent a ChangeCipherSpec message
171 unsigned char bRemoteFinished : 1; // Remote node has sent a Finished message
172 unsigned char bLocalChangeCipherSpec : 1; // We have sent a ChangeCipherSpec message
173 unsigned char bLocalFinished : 1; // We have sent a Finished message
174 unsigned char bExpectingMAC : 1; // We expect a MAC at end of message
175 unsigned char bNewSession : 1; // TRUE if a new session, FALSE if resuming
176 unsigned char bCloseNotify : 1; // Whether or not a CloseNotify has been sent/received
177 unsigned char bDone : 1; // TRUE if the connection is closed
178 unsigned char bRSAInProgress : 1; // TRUE when RSA op is in progress
179 unsigned char bKeysValid : 1; // TRUE if the session keys have been generated
180 } Flags;
181  
182 BYTE requestedMessage; // Currently requested message to send, or 0xff
183 void * supplementaryBuffer;
184 BYTE supplementaryDataType;
185 } SSL_STUB;
186  
187 typedef enum
188 {
189 SSL_SUPPLEMENTARY_DATA_NONE = 0,
190 SSL_SUPPLEMENTARY_DATA_CERT_PUBLIC_KEY
191 } SSL_SUPPLEMENTARY_DATA_TYPES;
192  
193 // To hash the public key information, we need to actually get
194 // the public key information...
195 // 1024 bit key at 8 bits/byte = 128 bytes needed for the public key.
196 typedef struct
197 {
198 WORD pub_size_bytes;
199 BYTE pub_key[128];
200 BYTE pub_e[3];
201 BYTE pub_guid; // This is used as a TCP_SOCKET which is a BYTE
202 } SSL_PKEY_INFO;
203  
204 // Memory definition for SSL keys. This area is split into Local and
205 // Remote areas. During the handshake, Local.random and Remote.random
206 // hold the ServerRandom and ClientRandom values. Once the session keys
207 // are calculated, the Local.app and Remote.app contain the MAC
208 // secret, record sequence number, and encryption context for the
209 // ARCFOUR module.
210 typedef struct
211 {
212 union
213 {
214 struct
215 {
216 BYTE MACSecret[16]; // Server's MAC write secret
217 DWORD sequence; // Server's write sequence number
218 ARCFOUR_CTX cryptCtx; // Server's write encryption context
219 BYTE reserved[8]; // Future expansion
220 }app;
221 BYTE random[32]; // Server.random value
222 } Local;
223  
224 union
225 {
226 struct
227 {
228 BYTE MACSecret[16]; // Client's MAC write secret
229 DWORD sequence; // Client's write sequence number
230 ARCFOUR_CTX cryptCtx; // Client's write encryption context
231 BYTE reserved[8]; // Future expansion
232 }app;
233 BYTE random[32]; // Client.random value
234 } Remote;
235 } SSL_KEYS;
236  
237 // Generic buffer space for SSL. The hashRounds element is used
238 // when this buffer is needed for handshake hash calculations, and
239 // the full element is used as the Sbox for ARCFOUR calculations.
240 typedef union
241 {
242 struct
243 {
244 HASH_SUM hash;
245 BYTE md5_hash[16];
246 BYTE sha_hash[20];
247 BYTE temp[256-sizeof(HASH_SUM)-16-20];
248 } hashRounds;
249 BYTE full[256];
250 } SSL_BUFFER;
251  
252 // Storage space for SSL Session identifiers. (The SessionID and MasterSecret)
253 typedef struct
254 {
255 BYTE sessionID[32]; // The SSL Session ID for this session
256 BYTE masterSecret[48]; // Associated Master Secret for this session
257 } SSL_SESSION;
258  
259 // Stub value for an SSL_SESSION. The tag associates this session with a
260 // remote node, either by matching to a remote IP address when we are
261 // the client or the first 3 bytes of the session ID when we are the host.
262 // When a session is free/expired, the tag is 0x00000000. The lastUsed
263 // value is the Tick count when the session was last used so that
264 // older sessions may be overwritten first.
265 typedef struct
266 {
267 DWORD_VAL tag; // Identifying tag for connection
268 // When we're a client, this is the remote IP
269 // When we're a host, this is 0x00 followed by first 3 bytes of session ID
270 // When this stub is free/expired, this is 0x00
271 DWORD lastUsed; // Tick count when session was last used
272 } SSL_SESSION_STUB;
273  
274  
275 #define SSL_STUB_SIZE ((DWORD)sizeof(SSL_STUB)) // Amount of space needed by a single SSL stub
276 #define SSL_STUB_SPACE (SSL_STUB_SIZE*MAX_SSL_CONNECTIONS) // Amount of space needed by all SSL stubs
277 #define SSL_KEYS_SIZE ((DWORD)sizeof(SSL_KEYS)) // Amount of space needed by a single SSL key
278 #define SSL_KEYS_SPACE (SSL_KEYS_SIZE*MAX_SSL_CONNECTIONS) // Amount of space needed by all SSL key
279 #define SSL_HASH_SIZE ((DWORD)sizeof(HASH_SUM)) // Amount of space needed by a single SSL hash
280 #define SSL_HASH_SPACE ((DWORD)(SSL_HASH_SIZE*MAX_SSL_HASHES)) // Amount of space needed by all SSL hash
281 #define SSL_BUFFER_SIZE ((DWORD)sizeof(SSL_BUFFER)) // Amount of space needed by a single SSL buffer
282 #define SSL_BUFFER_SPACE (SSL_BUFFER_SIZE*MAX_SSL_BUFFERS) // Amount of space needed by all SSL buffer
283 #define SSL_SESSION_SIZE ((DWORD)sizeof(SSL_SESSION)) // Amount of space needed by a single SSL session
284 #define SSL_SESSION_SPACE (SSL_SESSION_SIZE*MAX_SSL_SESSIONS) // Amount of space needed by all SSL session
285  
286 // Total space needed by all SSL storage requirements
287 #define RESERVED_SSL_MEMORY ((DWORD)(SSL_STUB_SPACE + SSL_KEYS_SPACE + SSL_HASH_SPACE + SSL_BUFFER_SPACE + SSL_SESSION_SPACE))
288  
289  
290 /****************************************************************************
291 Section:
292 Function Prototypes
293 ***************************************************************************/
294  
295 void SSLInit(void);
296  
297 BYTE SSLStartSession(TCP_SOCKET hTCP, void * buffer, BYTE supDataType);
298 void SSLTerminate(BYTE sslStubId);
299 void SSLPeriodic(TCP_SOCKET hTCP, BYTE sslStubID);
300 WORD SSLRxRecord(TCP_SOCKET hTCP, BYTE sslStubID);
301 void SSLRxHandshake(TCP_SOCKET hTCP);
302 void SSLTxRecord(TCP_SOCKET hTCP, BYTE sslStubID, BYTE txProtocol);
303 void SSLTxMessage(TCP_SOCKET hTCP, BYTE sslStubID, BYTE msg);
304  
305 void SSLMACBegin(BYTE* MACSecret, DWORD seq, BYTE protocol, WORD len);
306 void SSLMACAdd(BYTE* data, WORD len);
307 void SSLMACCalc(BYTE* MACSecret, BYTE* result);
308  
309 #if defined(STACK_USE_SSL_SERVER)
310 void SSLStartPartialRecord(TCP_SOCKET hTCP, BYTE sslStubID, BYTE txProtocol, WORD wLen);
311 #define SSLFlushPartialRecord(a) TCPSSLPutRecordHeader(a, NULL, FALSE);
312 #define SSLFinishPartialRecord(a) TCPSSLPutRecordHeader(a, NULL, TRUE);
313 #endif
314  
315 #endif
{BLAME END}
{FOOTER START}

Powered by WebSVN v2.8.3