Gray C++ Libraries  0.0.2
A set of C++ libraries for MSVC, GNU on Windows, WinCE, Linux
cSSLSession.h
Go to the documentation of this file.
1 //
4 //
5 
6 #ifndef _INC_cSSLSession_H
7 #define _INC_cSSLSession_H
8 #ifndef NO_PRAGMA_ONCE
9 #pragma once
10 #endif
11 
12 #include "cSSLCipherSuite.h"
13 #include "../Cert/cX509Crt.h"
14 #include "GrayCore/include/cTimeInt.h"
15 
16 namespace GrayLib
17 {
18 
19 #pragma pack(push,1)
20 
21  class GRAYLIB_LINK CATTR_PACKED cSSLSessionBase1
22  {
25 
26  public:
27  BYTE m_Id[32];
28  BYTE m_nIdSize;
29 
30  // Format Stuff.
31  SSL_CipherSuite_TYPE m_eCipherSuite;
32  SSL_COMPRESS_TYPE m_eCompression;
33 
34  // Payload stuff.
35  BYTE m_MasterSecret[48];
36  X509_Verify_t m_eVerifyResults;
37 
38  TIMESEC_t m_TimeStamp;
39 
40  public:
41  cSSLSessionBase1() noexcept
42  : m_nIdSize(0)
43  , m_eCipherSuite(TLS_NULL_WITH_NULL_NULL)
44  , m_eCompression(SSL_COMPRESS_NULL)
45  , m_eVerifyResults(X509_VERIFY_INIT)
46  , m_TimeStamp(cTimeInt::GetTimeNow().GetTime())
47  {
48  cMem::Zero(m_Id, sizeof(m_Id));
49  cMem::Zero(m_MasterSecret, sizeof(m_MasterSecret));
50  }
51 
52  bool isIdValid() const noexcept
53  {
54  return(m_nIdSize >= 16 && m_nIdSize <= sizeof(m_Id));
55  }
56 
57  BYTE get_IdSize() const noexcept
58  {
59  return m_nIdSize;
60  }
61 
62  bool isMatchId(BYTE nIdSize, const BYTE* pId) const
63  {
64  if (nIdSize != this->m_nIdSize || !isIdValid())
65  return false;
66  if (::memcmp(pId, this->m_Id, this->m_nIdSize) != 0)
67  return false;
68  return true;
69  }
70 
71  bool isMatchId(const cSSLSessionBase1* pSession) const
72  {
73  return isMatchId(pSession->m_nIdSize, pSession->m_Id);
74  }
75 
76  bool isMatchHead(const cSSLSessionBase1* pSession) const
77  {
78  if (pSession->m_eCipherSuite != this->m_eCipherSuite)
79  return false;
80  if (pSession->m_eCompression != this->m_eCompression)
81  return false;
82  return isMatchId(pSession);
83  }
84 
85  void SetId(BYTE nIdSize, const BYTE* pId)
86  {
87  BYTE nIdSizePrev = m_nIdSize;
88  if (nIdSize != 0)
89  {
90  ASSERT(nIdSize >= 16 && nIdSize <= sizeof(m_Id));
91  ::memcpy(m_Id, pId, nIdSize);
92  }
93  m_nIdSize = nIdSize;
94  if (nIdSize < nIdSizePrev)
95  {
96  ASSERT(nIdSizePrev >= 0 && nIdSizePrev <= sizeof(m_Id));
97  cMem::Zero(m_Id + nIdSize, nIdSizePrev - nIdSizePrev);
98  }
99  }
100 
101  HRESULT SetIdRandom(IRandomNoise* pRandom)
102  {
103  HRESULT hRes = pRandom->GetNoise(m_Id, sizeof(m_Id));
104  if (FAILED(hRes))
105  return FVE_E_FIPS_RNG_CHECK_FAILED;
106  m_nIdSize = sizeof(m_Id);
107  return S_OK;
108  }
109 
110  void SetPayload1(const cSSLSessionBase1* pSession)
111  {
112  // Partial copy.
113  ASSERT(isMatchId(pSession));
114  ::memcpy(m_MasterSecret, pSession->m_MasterSecret, sizeof(m_MasterSecret));
115  m_eVerifyResults = pSession->m_eVerifyResults;
116  }
117  void SetPayload2(const cSSLSessionBase1* pSession)
118  {
119  // Copy all.
120  m_eCipherSuite = pSession->m_eCipherSuite;
121  m_eCompression = pSession->m_eCompression;
122  m_nIdSize = pSession->m_nIdSize;
123  ASSERT(m_nIdSize <= sizeof(m_Id));
124  ::memcpy(m_Id, pSession->m_Id, m_nIdSize);
125  SetPayload1(pSession);
126  }
127 
128  void SetZeroSession()
129  {
130  cMem::ZeroSecure(this, sizeof(*this));
131  }
132  };
133 
134  class GRAYLIB_LINK CATTR_PACKED cSSLSessionConfig
135  {
138 
139  public:
140  SSL_MAX_FRAG_TYPE m_eMaxFragLenCode;
141  bool m_bEncryptThenMac;
142  bool m_bTruncatedHMAC;
143 
144  public:
145  cSSLSessionConfig() noexcept
146  : m_eMaxFragLenCode(SSL_MAX_FRAG_LEN_NONE)
147  , m_bEncryptThenMac(true)
148  , m_bTruncatedHMAC(true) // for server?
149  {
150  }
151  };
152 
153  class GRAYLIB_LINK CATTR_PACKED cSSLSessionBase2 : public cSSLSessionBase1, public cSSLSessionConfig
154  {
157 
158  typedef cSSLSessionBase1 SUPER_t;
159 
160  // TODO VERSION Stamp !!
161 
162  public:
163  cSSLSessionBase2() noexcept
164  {
165  }
166  void SetZeroSession() noexcept
167  {
168  cMem::ZeroSecure(this, sizeof(*this));
169  }
170  };
171 
172 #pragma pack(pop)
173 
174  class GRAYLIB_LINK cSSLSession : public cSSLSessionBase2 // : public cRefBase
175  {
179 
180  typedef cSSLSessionBase2 SUPER_t;
181 
182  public:
183  cRefPtr<cX509Crt> m_pPeerCert;
184  cHeapBlock m_Ticket;
185 
186  public:
187  cSSLSession();
188  ~cSSLSession();
189 
190  void SetZeroSession();
191 
192  size_t WriteSession(BYTE* buf, size_t buf_len) const;
193  HRESULT ReadSession(const BYTE* buf, size_t len);
194  };
195 
196  class cSSLSessionEntry; // store cSSLSessionBase1 with PeerCert cX509Crt
197 
198  class GRAYLIB_LINK cSSLSessionCache
199  {
203 
204  public:
205  cSSLSessionEntry* m_pChain;
206  TIMESECD_t m_nTimeout;
207  int m_nMaxEntries;
208  cThreadLockMutex m_Mutex;
209 
210  public:
211  cSSLSessionCache();
212  virtual ~cSSLSessionCache();
213 
214  void put_CacheMaxEntries(int nMaxEntries);
215  void put_CacheTimeout(TIMESECD_t nTimeout);
216 
217  virtual bool RestoreFromCache(cSSLSession* pSession);
218  virtual HRESULT AddToCache(const cSSLSession* pSession);
219  };
220 }
221 #endif
CATTR_PACKED
#define CATTR_PACKED
Definition: GrayCore.h:87
GRAYLIB_LINK
#define GRAYLIB_LINK
Definition: GrayLibBase.h:35
FAILED
#define FAILED(x)
Definition: HResult.h:30
HRESULT
INT32 HRESULT
_WIN32 style error codes. INT32
Definition: SysTypes.h:465
ASSERT
#define ASSERT(exp)
Definition: cDebugAssert.h:87
GrayLib::cSSLSessionBase1
Definition: cSSLSession.h:22
GrayLib::cSSLSessionBase1::m_eCipherSuite
SSL_CipherSuite_TYPE m_eCipherSuite
chosen ciphersuite. SSL_CipherSuite_TYPE
Definition: cSSLSession.h:31
GrayLib::cSSLSessionBase1::isMatchId
bool isMatchId(BYTE nIdSize, const BYTE *pId) const
Definition: cSSLSession.h:62
GrayLib::cSSLSessionBase1::m_eCompression
SSL_COMPRESS_TYPE m_eCompression
chosen compression. SSL_COMPRESS_TYPE
Definition: cSSLSession.h:32
GrayLib::cSSLSessionBase1::SetPayload1
void SetPayload1(const cSSLSessionBase1 *pSession)
Definition: cSSLSession.h:110
GrayLib::cSSLSessionBase1::m_nIdSize
BYTE m_nIdSize
session m_Id length actually used. >=16 && <=32
Definition: cSSLSession.h:28
GrayLib::cSSLSessionBase1::cSSLSessionBase1
cSSLSessionBase1() noexcept
Definition: cSSLSession.h:41
GrayLib::cSSLSessionBase1::isMatchHead
bool isMatchHead(const cSSLSessionBase1 *pSession) const
Definition: cSSLSession.h:76
GrayLib::cSSLSessionBase1::m_TimeStamp
TIMESEC_t m_TimeStamp
entry time stamp. cTimeInt // When last used.
Definition: cSSLSession.h:38
GrayLib::cSSLSessionBase1::isIdValid
bool isIdValid() const noexcept
Definition: cSSLSession.h:52
GrayLib::cSSLSessionBase1::m_Id
BYTE m_Id[32]
session identifier. unique.
Definition: cSSLSession.h:27
GrayLib::cSSLSessionBase1::get_IdSize
BYTE get_IdSize() const noexcept
Definition: cSSLSession.h:57
GrayLib::cSSLSessionBase1::SetPayload2
void SetPayload2(const cSSLSessionBase1 *pSession)
Definition: cSSLSession.h:117
GrayLib::cSSLSessionBase1::m_MasterSecret
BYTE m_MasterSecret[48]
the master secret
Definition: cSSLSession.h:35
GrayLib::cSSLSessionBase1::m_eVerifyResults
X509_Verify_t m_eVerifyResults
verification result
Definition: cSSLSession.h:36
GrayLib::cSSLSessionBase1::SetZeroSession
void SetZeroSession()
Definition: cSSLSession.h:128
GrayLib::cSSLSessionBase1::isMatchId
bool isMatchId(const cSSLSessionBase1 *pSession) const
Definition: cSSLSession.h:71
GrayLib::cSSLSessionBase1::SetIdRandom
HRESULT SetIdRandom(IRandomNoise *pRandom)
Definition: cSSLSession.h:101
GrayLib::cSSLSessionBase1::SetId
void SetId(BYTE nIdSize, const BYTE *pId)
Definition: cSSLSession.h:85
GrayLib::cSSLSessionBase2
Definition: cSSLSession.h:154
GrayLib::cSSLSessionBase2::SetZeroSession
void SetZeroSession() noexcept
Definition: cSSLSession.h:166
GrayLib::cSSLSessionBase2::cSSLSessionBase2
cSSLSessionBase2() noexcept
Definition: cSSLSession.h:163
GrayLib::cSSLSessionCache
Definition: cSSLSession.h:199
GrayLib::cSSLSessionCache::m_nTimeout
TIMESECD_t m_nTimeout
cache entry timeout
Definition: cSSLSession.h:206
GrayLib::cSSLSessionCache::m_Mutex
cThreadLockMutex m_Mutex
mutex to lock the cache. _MT
Definition: cSSLSession.h:208
GrayLib::cSSLSessionCache::m_nMaxEntries
int m_nMaxEntries
maximum entries
Definition: cSSLSession.h:207
GrayLib::cSSLSessionCache::m_pChain
cSSLSessionEntry * m_pChain
start of the chain of stored sessions.
Definition: cSSLSession.h:205
GrayLib::cSSLSessionConfig
Definition: cSSLSession.h:135
GrayLib::cSSLSessionConfig::m_eMaxFragLenCode
SSL_MAX_FRAG_TYPE m_eMaxFragLenCode
MaxFragmentLength chosen by us. RFC 6066.
Definition: cSSLSession.h:140
GrayLib::cSSLSessionConfig::m_bTruncatedHMAC
bool m_bTruncatedHMAC
negotiate truncated hmac? Enable support for RFC 6066 truncated HMAC in SSL.
Definition: cSSLSession.h:142
GrayLib::cSSLSessionConfig::m_bEncryptThenMac
bool m_bEncryptThenMac
flag for encrypt-then-mac for use with CBC. Enable support for Encrypt-then-MAC, RFC 7366.
Definition: cSSLSession.h:141
GrayLib::cSSLSessionConfig::cSSLSessionConfig
cSSLSessionConfig() noexcept
Definition: cSSLSession.h:145
GrayLib::cSSLSession
Definition: cSSLSession.h:175
GrayLib::cSSLSession::m_Ticket
cHeapBlock m_Ticket
RFC 5077 session ticket TLS_EXT_SessionTicket. Client only. opaque blob encrypted by server.
Definition: cSSLSession.h:184
GrayLib::cSSLSession::m_pPeerCert
cRefPtr< cX509Crt > m_pPeerCert
new peer X.509 cert chain. X509.v3 [X509] certificate of the peer. optional
Definition: cSSLSession.h:183
Gray::cHeapBlock
Definition: cHeap.h:156
Gray::cRefPtr
Definition: cRefPtr.h:225
Gray::cThreadLockMutex
Definition: cThreadLock.h:252
Gray::cTimeInt
< similar to the MFC CTime and cTimeSpan, not as accurate or large ranged as COleDateTime
Definition: cTimeInt.h:101
GrayLib
Definition: cMesh.h:22
GrayLib::X509_Verify_t
X509_Verify_t
Definition: cX509.h:41
GrayLib::X509_VERIFY_INIT
@ X509_VERIFY_INIT
All ok.
Definition: cX509.h:47
GrayLib::SSL_MAX_FRAG_TYPE
SSL_MAX_FRAG_TYPE
Definition: SSLTypes.h:170
GrayLib::SSL_MAX_FRAG_LEN_NONE
@ SSL_MAX_FRAG_LEN_NONE
don't use this extension
Definition: SSLTypes.h:183
GrayLib::SSL_COMPRESS_TYPE
SSL_COMPRESS_TYPE
Definition: SSLTypes.h:79
GrayLib::SSL_COMPRESS_NULL
@ SSL_COMPRESS_NULL
Definition: SSLTypes.h:82
GrayLib::SSL_CipherSuite_TYPE
SSL_CipherSuite_TYPE
Definition: SSLTypes.h:88
GrayLib::TLS_NULL_WITH_NULL_NULL
@ TLS_NULL_WITH_NULL_NULL
Definition: SSLTypes.h:100
Gray::TIMESECD_t
int TIMESECD_t
signed delta seconds. like TIMESEC_t. redefined in TimeUnits.h.
Definition: cTimeSys.h:19
Gray::TIMESEC_t
time_t TIMESEC_t
absolute seconds since January 1, 1970. (GMT?)(signed) NOTE: Changing to __time64_t just adds more ra...
Definition: cTimeUnits.h:23
Gray::IRandomNoise
Definition: cRandom.h:19
Gray::IRandomNoise::GetNoise
virtual HRESULT GetNoise(void *pData, size_t iSize)=0
fill array with random bytes. return # bytes filled.
Gray::cMem::Zero
static void Zero(void *pData, size_t nSizeBlock) noexcept
Definition: cMem.h:100
Gray::cMem::ZeroSecure
static void ZeroSecure(void *pData, size_t nSizeBlock) noexcept
Definition: cMem.h:110