SSLTypes.h

Go to the documentation of this file.

//
//
#ifndef _INC_SSLTypes_H
#define _INC_SSLTypes_H
#ifndef NO_PRAGMA_ONCE
#pragma once
#endif
 
#include "../GrayLibBase.h"
#include "../Hash/cHashCode.h"
#include "../Key/cKeyBase.h"
#include "GrayCore/include/cUnitTestDecl.h"
 
namespace GrayLib
{
        enum SSL_STATE_TYPE
        {
 
                SSL_Unknown = 0,                // Maybe disconnected?
                SSL_ClientHello,                // Ready to send ClientHello (if client) or waiting to receive hello (if server)
                SSL_ServerHello,                // Ready to send ServerHello (if server) or waiting to receive hello (if client)
                SSL_SERVER_CERTIFICATE,
                SSL_SERVER_KEY_EXCHANGE,
                SSL_CERTIFICATE_REQUEST,
                SSL_ServerHello_DONE,
                SSL_CLIENT_CERTIFICATE,
                SSL_CLIENT_KEY_EXCHANGE,
                SSL_CERTIFICATE_VERIFY,
                SSL_CLIENT_CHANGE_CIPHER_SPEC,
                SSL_CLIENT_FINISHED,
                SSL_SERVER_CHANGE_CIPHER_SPEC,
                SSL_SERVER_FINISHED,
                SSL_FLUSH_BUFFERS,
                SSL_HANDSHAKE_WRAPUP,
                SSL_HANDSHAKE_COMPLETE, // normal data mode.
                // SSL_SERVER_NEW_SESSION_TICKET,
        };
 
        enum SSL_MSG_TYPE
        {
 
                SSL_MSG_UNK = 0,
                SSL_MSG_CHANGE_CIPHER_SPEC = 20,        
                SSL_MSG_ALERT = 21,                                     
                SSL_MSG_HANDSHAKE = 22,                         
                SSL_MSG_APPLICATION_DATA = 23,          
 
                SSL_MSG_V2 = 0x80,              
        };
 
 
        enum SSL_VERSION_MAJOR_TYPE     // First byte for SSL_VERSION_t
        {
                SSL_VERSION_MAJOR_BYTE = 3,             // The first byte of the SSL_VERSION_t WORD is ALWAYS 3.
        };
        enum SSL_VERSION_TYPE   // Second byte for SSL_VERSION_t. the only one the matters at this time.
        {
                SSL_VERSION_NULL = -1,
                SSL_VER_SSL_3 = 0,              
                SSL_VER_TLS_1_0 = 1,    
                SSL_VER_TLS_1_1 = 2,    
                SSL_VER_TLS_1_2 = 3,    
                SSL_VERSION_SUPPORT_MAX = SSL_VER_TLS_1_2,
                SSL_VERSION_QTY = 4,
        };
 
        enum SSL_COMPRESS_TYPE
        {
                SSL_COMPRESS_NULL = 0,
                SSL_COMPRESS_DEFLATE = 1,       
        };
        typedef BYTE SSL_Compress_t;    // stored as a byte.
 
        enum SSL_CipherSuite_TYPE
        {
 
                TLS_NULL_WITH_NULL_NULL = 0,            
 
                SSL_EMPTY_RENEGOTIATION_INFO = 0xFF,    
                SSL_FALLBACK_SCSV = 0x5600,                             
 
#define CIPHERSUITEDEF(a,b,c,d,e,f,g,h,i) a = b,
#include "cSSLCipherSuite.tbl"
#undef CIPHERSUITEDEF
        
        };
        typedef WORD SSL_CipherSuite_t; 
 
        enum SSL_KeyExchange_TYPE
        {
 
                SSL_KeyExchange_NONE = 0,
                SSL_KeyExchange_RSA,
                SSL_KeyExchange_DHE_RSA,                // DHM
                SSL_KeyExchange_ECDHE_RSA,
                SSL_KeyExchange_ECDHE_ECDSA,
                SSL_KeyExchange_PSK,                    // NOT with Cert.
                SSL_KeyExchange_DHE_PSK,                
                SSL_KeyExchange_RSA_PSK,
                SSL_KeyExchange_ECDHE_PSK,
                SSL_KeyExchange_ECDH_RSA,
                SSL_KeyExchange_ECDH_ECDSA,
        };
        typedef BYTE SSL_KeyEx_t;       // stored as a byte.
 
        enum SSL_SIG_TYPE       // BYTE
        {
                SSL_SIG_ANON = 0,
                SSL_SIG_RSA = 1,        // KeyType_RSA
                SSL_SIG_ECDSA = 3,      // KeyType_ECDSA ECP
        };
 
        enum SSL_CERT_TYPE
        {
                SSL_CERT_NULL = 0,
                SSL_CERT_TYPE_RSA_SIGN = 1,
                SSL_CERT_TYPE_ECDSA_SIGN = 64,  // ECP
        };
 
        enum SSL_HAND_TYPE
        {
 
                SSL_HAND_HelloRequest = 0,                      
                SSL_HAND_ClientHello = 1,                       
                SSL_HAND_ServerHello = 2,                       
                SSL_HAND_NEW_SESSION_TICKET = 4,
                SSL_HAND_Certificate = 11,                      
                SSL_HAND_ServerKeyExchange = 12,
                SSL_HAND_CertificateRequest = 13,
                SSL_HAND_ServerHelloDone = 14,          
                SSL_HAND_CertificateVerify = 15,
                SSL_HAND_ClientKeyExchange = 16,
                SSL_HAND_Finished = 20,
        };
 
        enum SSL_MAX_FRAG_TYPE
        {
 
                // Convert MaxFragmentLength codes to length.
                // RFC 6066 says:
                //    enum {
                //        2^9(1), 2^10(2), 2^11(3), 2^12(4), (255)
                //    } MaxFragmentLength;
                // and we add 0 -> extension unused
 
                SSL_MAX_FRAG_LEN_NONE = 0,                      
                SSL_MAX_FRAG_LEN_512 = 1,                       
                SSL_MAX_FRAG_LEN_1024 = 2,                      
                SSL_MAX_FRAG_LEN_2048 = 3,                      
                SSL_MAX_FRAG_LEN_4096 = 4,                      
                SSL_MAX_FRAG_LEN_QTY = 5,               
        };
 
        enum TLS_EXT_TYPE
        {
 
                TLS_EXT_server_name = 0,
                TLS_EXT_MaxFragmentLength = 1,          //
 
                TLS_EXT_TruncatedHMAC = 4,
                TLS_EXT_status_request = 5,
 
                TLS_EXT_supported_groups = 10,          
                TLS_EXT_ec_point_formats = 11,          
 
                TLS_EXT_signature_algorithms = 13,              
 
                TLS_EXT_ALPN = 16,                                      
 
                TLS_EXT_EncryptThenMac = 22, // 0x16
                TLS_EXT_ExtendedMasterSecret = 23, // 23 = 0x17
                TLS_EXT_SessionTicket = 35,                     
 
                TLS_EXT_renegotiation_info = 0xFF01,    // 65281
        };
 
        enum TLS_ECP_PF_t
        {
 
                TLS_ECP_PF_UNCOMPRESSED = 0,    
                TLS_ECP_PF_COMPRESSED = 1,              
        };
 
        enum SSL_ALERT_LEVEL_TYPE       // _TYPE??
        {
                SSL_ALERT_LEVEL_WARNING = 1,
                SSL_ALERT_LEVEL_FATAL = 2,
        };
 
        enum SSL_ALERT_TYPE
        {
                SSL_ALERT_SSL3_CLOSE_NOTIFY = 0,                // we are about to legit close the channel.
                SSL_ALERT_SSL3_UNEXPECTED_MESSAGE = 10,      // x'0A' An inappropriate message was received.  This alert is always fatal and should never be observed in communication between proper implementations.
                SSL_ALERT_SSL3_BAD_RECORD_MAC = 20,      // x'14' SSL3
                SSL_ALERT_TLS1_DECRYPTION_FAILED = 21,      // x'15' SSL3
                SSL_ALERT_TLS1_RECORD_OVERFLOW = 22,      // x'16' SSL3
                SSL_ALERT_SSL3_DECOMPRESSION_FAILURE = 30,      // x'1E' TLS1
                SSL_ALERT_SSL3_HANDSHAKE_FAILURE = 40,      // x'28' TLS1
                SSL_ALERT_SSL3_NO_CERTIFICATE = 41,      // x'29' SSL3
                SSL_ALERT_SSL3_BAD_CERTIFICATE = 42,      // x'2A' SSL3
                SSL_ALERT_SSL3_UNSUPPORTED_CERTIFICATE = 43,      // x'2B' SSL3
                SSL_ALERT_SSL3_CERTIFICATE_REVOKED = 44,      // x'2C' SSL3
                SSL_ALERT_SSL3_CERTIFICATE_EXPIRED = 45,      // x'2D' SSL3
                SSL_ALERT_SSL3_CERTIFICATE_UNKNOWN = 46,      // x'2E' SSL3
                SSL_ALERT_SSL3_ILLEGAL_PARAMETER = 47,      // x'2F' SSL3
                SSL_ALERT_TLS1_UNKNOWN_CA = 48,      // x'30' SSL3
                SSL_ALERT_TLS1_ACCESS_DENIED = 49,      // x'31' SSL3
                SSL_ALERT_TLS1_DECODE_ERROR = 50,      // x'32' TLS1
                SSL_ALERT_TLS1_DECRYPT_ERROR = 51,      // x'33' TLS1
                SSL_ALERT_TLS1_EXPORT_RESTRICTION = 60,      // x'3C' TLS1
                SSL_ALERT_TLS1_PROTOCOL_VERSION = 70,      // x'46' TLS1
                SSL_ALERT_TLS1_INSUFFICIENT_SECURITY = 71,      // x'47' TLS1
                SSL_ALERT_TLS1_INTERNAL_ERROR = 80,      // x'50' TLS1
                SSL_ALERT_INAPROPRIATE_FALLBACK = 86,  // 0x56 TLS1
                SSL_ALERT_TLS1_USER_CANCELLED = 90,      // x'5A' TLS1
                SSL_ALERT_TLS1_NO_RENEGOTIATION = 100,     // x'64' TLS1
                SSL_ALERT_UNSUPPORTED_EXT = 110,  // 0x6E
                SSL_ALERT_UNRECOGNIZED_NAME = 112,  // 0x70
                SSL_ALERT_UNKNOWN_PSK_IDENTITY = 115,  // 0x73
                SSL_ALERT_NO_APPLICATION_PROTOCOL = 120, // 0x78
        };
 
        struct GRAYLIB_LINK cSSL // static helpers.
        {
 
                static const size_t k_PSK_Size_Max = 32;        
                static const size_t k_MAC_Size_Max = 48;        
                static const size_t k_Number_Size_Max = 1024; 
 
                static const size_t k_Content_Size_Max = 16384;   
 
                static const WORD k_MaxFragLens[SSL_MAX_FRAG_LEN_QTY];  // SSL_MAX_FRAG_TYPE allowed.
        };
}
 
#endif