Gray C++ Libraries  0.0.2
A set of C++ libraries for MSVC, GNU on Windows, WinCE, Linux
cSSLHandshake.h
Go to the documentation of this file.
1 //
4 //
5 #ifndef _INC_cSSLHandshake_H
6 #define _INC_cSSLHandshake_H
7 #ifndef NO_PRAGMA_ONCE
8 #pragma once
9 #endif
10 
11 #include "GraySSLInt.h"
12 #include "GrayLib/include/SSL/cSSLCipherSuite.h"
13 #include "GrayLib/include/Cert/cX509KeyCrtPair.h"
14 
15 #if defined(USE_SSL_DHM)
16 #include "GrayLib/include/KeyEx/cKeyExDHM.h"
17 #endif
18 #if defined(USE_SSL_ECDH)
19 #include "GrayLib/include/KeyEx/cKeyExECDH.h"
20 #endif
21 
22 #include "GrayLib/include/Key/cECPGroupPrefs.h"
23 #include "GrayLib/include/Hash/cHashMD5.h"
24 #include "GrayLib/include/Hash/cHashSHA1.h"
25 #include "GrayLib/include/Hash/cHashSHA256.h"
26 #include "GrayLib/include/Hash/cHashSHA512.h"
27 #include "GrayLib/include/SSL/cSSL.h"
28 
29 namespace GraySSL
30 {
31  class cSSLCommon;
32 
33  // cKeyExPremasterSecret
34 
35  union uSSLPremasterSecret
36  {
40 
41 #if defined(USE_SSL_KeyExchange_RSA)
42  BYTE m_rsa[48]; // RFC 5246 8.1.1 - k_MAC_Size_Max
43 #endif
44 #if defined(USE_SSL_KeyExchange_DHE_RSA)
45  BYTE m_dhm[cSSL::k_Number_Size_Max]; // RFC 5246 8.1.2 - 3072 bits is a reasonable max.
46 #endif
47 #if defined(USE_SSL_KeyExchange_ECDHE_RSA) || \
48  defined(USE_SSL_KeyExchange_ECDHE_ECDSA) || \
49  defined(USE_SSL_KeyExchange_ECDH_RSA) || \
50  defined(USE_SSL_KeyExchange_ECDH_ECDSA)
51  BYTE m_ecdh[cECPGroupParams::k_ECP_MAX_BYTES]; // RFC 4492 5.10
52 #endif
53 #if defined(USE_SSL_KeyExchange_PSK)
54  BYTE m_psk[4 + 2 * cSSL::k_PSK_Size_Max]; // RFC 4279 2 - SSL_KeyExchange_PSK
55 #endif
56 #if defined(USE_SSL_KeyExchange_DHE_PSK)
57  BYTE m_dhe_psk[4 + cSSL::k_Number_Size_Max + cSSL::k_PSK_Size_Max]; // RFC 4279 3
58 #endif
59 #if defined(USE_SSL_KeyExchange_RSA_PSK)
60  BYTE m_rsa_psk[52 + cSSL::k_PSK_Size_Max]; // RFC 4279 4
61 #endif
62 #if defined(USE_SSL_KeyExchange_ECDHE_PSK)
63  BYTE m_ecdhe_psk[4 + cECPGroupParams::k_ECP_MAX_BYTES + cSSL::k_PSK_Size_Max]; // RFC 5489 2
64 #endif
65  };
66 
67  DECLARE_INTERFACE(ISSLHandshakeHasher)
68  {
71  IGNORE_WARN_INTERFACE(ISSLHandshakeHasher);
72  virtual HRESULT CalcBegin(BYTE* pOutput, size_t dlen, const BYTE* secret, size_t slen, const char* pszLabel, const BYTE* random, size_t rlen) const = 0;
73  virtual void CalcVerify(const cSSLCommon* pSSL, BYTE* pHash) const = 0;
74  virtual void CalcFinished(const cSSLCommon* pSSL, BYTE* pBuffer, bool bEndpointIsServer) const = 0;
75  };
76 
77  class GRAYSSL_LINK cSSLHandshake : public cSSL
78  {
82 
83  public:
84  SSL_Hash_TYPE m_eSignHashType;
85  SSL_CERT_TYPE m_eCertType;
86  SSL_Hash_TYPE m_eHashTypeVerify;
87 
88  // cKeyExBase
89 #if defined(USE_SSL_DHM)
90  cKeyExDHM m_KeyExchDHM;
91 #endif
92 #if defined(USE_SSL_ECDH)
93  cKeyExECDH m_KeyExchECDH;
94 #endif
95 
96 #if defined(USE_SSL_ECDH) || defined(USE_Key_ECDSA)
97  cECPGroupPrefs m_ECPGroups;
98 #endif
99 
100 #if defined(USE_SSL_X509_CRT_PARSE)
105  cX509KeyCrtPair* m_pKeyCrtHand;
106 #if defined(USE_SSL_SERVER_NAME_INDICATION)
107  cX509KeyCrtPair* m_pKeyCrtSNI;
108 #endif
109 #endif // USE_SSL_X509_CRT_PARSE
110 
111  // UpdateHandHashes contexts
112 #if defined(USE_SSL_VER_SSL_3) || defined(USE_SSL_VER_TLS_1_0) || defined(USE_SSL_VER_TLS_1_1)
113  cHashMD5Builder m_fin_md5;
114  cHashSHA1Builder m_fin_sha1;
115 #endif
116  cHashSHA256Builder m_fin_sha256;
117  cHashSHA384Builder m_fin_sha384;
118 
119  const ISSLHandshakeHasher* m_pHasher;
120 
121  SSL_Hash_TYPE m_eHashChecksum;
122 
123  BYTE m_randbytes[64];
124 
125  BYTE m_premaster[sizeof(uSSLPremasterSecret)];
126  size_t m_nPremasterLen;
127 
128  bool m_bResume;
129  SSL_VERSION_TYPE m_nVerMax;
130 
134  bool m_bTLS_EXT;
135 
136 #if defined(USE_SSL_SESSION_TICKETS)
137  bool m_bNewSessionTicket;
138 #endif // USE_SSL_SESSION_TICKETS
139 
140  bool m_bExtendedMasterSecret;
141 
142  public:
143  cSSLHandshake();
144  ~cSSLHandshake();
145 
146 #if defined(USE_SSL_ECDH) || defined(USE_Key_ECDSA)
147  HRESULT ReadGroupDefs(UINT nGroupQty, const BYTE* p);
148 #endif
149 
150  void SetHasherVer1(SSL_VERSION_TYPE eVer, const cSSLCipherSuite* pCipherSuite);
151  bool SetHasherVer2(SSL_VERSION_TYPE eVer, const cSSLCipherSuite* pCipherSuite);
152  void UpdateHandHashes(const BYTE* buf, size_t len);
153 
154 #if defined(USE_SSL_X509_CRT_PARSE)
155  bool SelectKeyCrt(const cSSLCipherSuite* pCipherSuite, SSL_VERSION_TYPE nVer);
156 #endif
157 
158  };
159 }
160 
161 #endif
IGNORE_WARN_INTERFACE
#define IGNORE_WARN_INTERFACE(c)
Definition: GrayCore.h:79
GRAYSSL_LINK
#define GRAYSSL_LINK
Definition: GraySSLInt.h:25
DECLARE_INTERFACE
#define DECLARE_INTERFACE(iface)
Definition: SysTypes.h:330
HRESULT
INT32 HRESULT
_WIN32 style error codes. INT32
Definition: SysTypes.h:465
GrayLib::cECPGroupParams::k_ECP_MAX_BYTES
static const WORD k_ECP_MAX_BYTES
Definition: cECPGroupParams.h:118
GrayLib::cECPGroupPrefs
Definition: cECPGroupPrefs.h:16
GrayLib::cHashMD5Builder
Definition: cHashMD5.h:57
GrayLib::cHashSHA1Builder
Definition: cHashSHA1.h:42
GrayLib::cHashSHA384Builder
Definition: cHashSHA512.h:109
GrayLib::cKeyExDHM
Definition: cKeyExDHM.h:15
GrayLib::cKeyExECDH
Definition: cKeyExECDH.h:16
GrayLib::cSSLCipherSuite
Definition: cSSLCipherSuite.h:28
GrayLib::cX509KeyCrtPair
Definition: cX509KeyCrtPair.h:16
GraySSL::cSSLCommon
Definition: cSSLCommon.h:62
GraySSL::cSSLHandshake
Definition: cSSLHandshake.h:78
GraySSL::cSSLHandshake::m_bResume
bool m_bResume
session resume indicator. Get Session from the SessionCache if i can.
Definition: cSSLHandshake.h:128
GraySSL::cSSLHandshake::SelectKeyCrt
bool SelectKeyCrt(const cSSLCipherSuite *pCipherSuite, SSL_VERSION_TYPE nVer)
GraySSL::cSSLHandshake::m_KeyExchDHM
cKeyExDHM m_KeyExchDHM
DHM key exchange.
Definition: cSSLHandshake.h:90
GraySSL::cSSLHandshake::m_bTLS_EXT
bool m_bTLS_EXT
client extension presence TLS_EXT_ec_point_formats_PRESENT
Definition: cSSLHandshake.h:134
GraySSL::cSSLHandshake::m_eHashTypeVerify
SSL_Hash_TYPE m_eHashTypeVerify
Hash algorithm for Signature verify.
Definition: cSSLHandshake.h:86
GraySSL::cSSLHandshake::m_eSignHashType
SSL_Hash_TYPE m_eSignHashType
Hash algorithm for signature.
Definition: cSSLHandshake.h:84
GraySSL::cSSLHandshake::ReadGroupDefs
HRESULT ReadGroupDefs(UINT nGroupQty, const BYTE *p)
GraySSL::cSSLHandshake::m_fin_sha1
cHashSHA1Builder m_fin_sha1
Definition: cSSLHandshake.h:114
GraySSL::cSSLHandshake::m_fin_sha256
cHashSHA256Builder m_fin_sha256
Definition: cSSLHandshake.h:116
GraySSL::cSSLHandshake::m_KeyExchECDH
cKeyExECDH m_KeyExchECDH
ECDH key exchange.
Definition: cSSLHandshake.h:93
GraySSL::cSSLHandshake::m_eHashChecksum
SSL_Hash_TYPE m_eHashChecksum
Definition: cSSLHandshake.h:121
GraySSL::cSSLHandshake::m_bNewSessionTicket
bool m_bNewSessionTicket
use NewSessionTicket? TLS_EXT_SessionTicket
Definition: cSSLHandshake.h:137
GraySSL::cSSLHandshake::m_pKeyCrtHand
cX509KeyCrtPair * m_pKeyCrtHand
Definition: cSSLHandshake.h:105
GraySSL::cSSLHandshake::m_fin_sha384
cHashSHA384Builder m_fin_sha384
Definition: cSSLHandshake.h:117
GraySSL::cSSLHandshake::m_ECPGroups
cECPGroupPrefs m_ECPGroups
Supported elliptic curves. Server side only.
Definition: cSSLHandshake.h:97
GraySSL::cSSLHandshake::m_bExtendedMasterSecret
bool m_bExtendedMasterSecret
use Extended Master Secret?
Definition: cSSLHandshake.h:140
GraySSL::cSSLHandshake::m_pHasher
const ISSLHandshakeHasher * m_pHasher
pointer to static const interface based on SSL version.
Definition: cSSLHandshake.h:119
GraySSL::cSSLHandshake::m_fin_md5
cHashMD5Builder m_fin_md5
Definition: cSSLHandshake.h:113
GraySSL::cSSLHandshake::m_nVerMax
SSL_VERSION_TYPE m_nVerMax
max. version client
Definition: cSSLHandshake.h:129
GraySSL::cSSLHandshake::m_pKeyCrtSNI
cX509KeyCrtPair * m_pKeyCrtSNI
key/cert list selected from m_pSNICallback
Definition: cSSLHandshake.h:107
GraySSL::cSSLHandshake::m_eCertType
SSL_CERT_TYPE m_eCertType
Requested cert type.
Definition: cSSLHandshake.h:85
GraySSL::cSSLHandshake::m_nPremasterLen
size_t m_nPremasterLen
premaster length <= sizeof(uSSLPremasterSecret)
Definition: cSSLHandshake.h:126
ISSLHandshakeHasher
Definition: cSSLHandshake.h:67
GrayLib::SSL_CERT_TYPE
SSL_CERT_TYPE
Definition: SSLTypes.h:142
GrayLib::SSL_VERSION_TYPE
SSL_VERSION_TYPE
Definition: SSLTypes.h:66
GrayLib::SSL_Hash_TYPE
SSL_Hash_TYPE
Definition: cHashCode.h:23
GraySSL
Definition: GraySSL.cpp:11
GrayLib::cSSL
Definition: SSLTypes.h:270
GrayLib::cSSL::k_PSK_Size_Max
static const size_t k_PSK_Size_Max
256 bits
Definition: SSLTypes.h:274
GrayLib::cSSL::k_Number_Size_Max
static const size_t k_Number_Size_Max
Max reasonable size of a big number used for crypt purposes. 8k bits. like cBigInteger::k_SIZE_MAX.
Definition: SSLTypes.h:276
GraySSL::uSSLPremasterSecret
Definition: cSSLHandshake.h:36
GraySSL::uSSLPremasterSecret::m_psk
BYTE m_psk[4+2 *cSSL::k_PSK_Size_Max]
Definition: cSSLHandshake.h:54
GraySSL::uSSLPremasterSecret::m_rsa_psk
BYTE m_rsa_psk[52+cSSL::k_PSK_Size_Max]
Definition: cSSLHandshake.h:60
GraySSL::uSSLPremasterSecret::m_rsa
BYTE m_rsa[48]
Definition: cSSLHandshake.h:42
GraySSL::uSSLPremasterSecret::m_dhe_psk
BYTE m_dhe_psk[4+cSSL::k_Number_Size_Max+cSSL::k_PSK_Size_Max]
Definition: cSSLHandshake.h:57
GraySSL::uSSLPremasterSecret::m_ecdhe_psk
BYTE m_ecdhe_psk[4+cECPGroupParams::k_ECP_MAX_BYTES+cSSL::k_PSK_Size_Max]
Definition: cSSLHandshake.h:63
GraySSL::uSSLPremasterSecret::m_ecdh
BYTE m_ecdh[cECPGroupParams::k_ECP_MAX_BYTES]
Definition: cSSLHandshake.h:51
GraySSL::uSSLPremasterSecret::m_dhm
BYTE m_dhm[cSSL::k_Number_Size_Max]
Definition: cSSLHandshake.h:45