diff options
Diffstat (limited to 'lib/ssl/src/ssl_handshake.hrl')
-rw-r--r-- | lib/ssl/src/ssl_handshake.hrl | 200 |
1 files changed, 200 insertions, 0 deletions
diff --git a/lib/ssl/src/ssl_handshake.hrl b/lib/ssl/src/ssl_handshake.hrl new file mode 100644 index 0000000000..b2bdfa0934 --- /dev/null +++ b/lib/ssl/src/ssl_handshake.hrl @@ -0,0 +1,200 @@ +%% +%% %CopyrightBegin% +%% +%% Copyright Ericsson AB 2007-2009. All Rights Reserved. +%% +%% The contents of this file are subject to the Erlang Public License, +%% Version 1.1, (the "License"); you may not use this file except in +%% compliance with the License. You should have received a copy of the +%% Erlang Public License along with this software. If not, it can be +%% retrieved online at http://www.erlang.org/. +%% +%% Software distributed under the License is distributed on an "AS IS" +%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See +%% the License for the specific language governing rights and limitations +%% under the License. +%% +%% %CopyrightEnd% +%% + +%% +%%---------------------------------------------------------------------- +%% Purpose: Record and constant defenitions for the SSL-handshake protocol +%% see RFC 4346 +%%---------------------------------------------------------------------- + +-ifndef(ssl_handshake). +-define(ssl_handshake, true). + +-record(session, { + session_id, + peer_certificate, + compression_method, + cipher_suite, + master_secret, + is_resumable, + time_stamp + }). + +-define(NUM_OF_SESSION_ID_BYTES, 32). % TSL 1.1 & SSL 3 +-define(NUM_OF_PREMASTERSECRET_BYTES, 48). + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%%% Handsake protocol - RFC 4346 section 7.4 +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +%% enum { +%% hello_request(0), client_hello(1), server_hello(2), +%% certificate(11), server_key_exchange (12), +%% certificate_request(13), server_hello_done(14), +%% certificate_verify(15), client_key_exchange(16), +%% finished(20), (255) +%% } HandshakeType; + +-define(HELLO_REQUEST, 0). +-define(CLIENT_HELLO, 1). +-define(CLIENT_HELLO_V2, 3). +-define(SERVER_HELLO, 2). +-define(CERTIFICATE, 11). +-define(SERVER_KEY_EXCHANGE, 12). +-define(CERTIFICATE_REQUEST, 13). +-define(SERVER_HELLO_DONE, 14). +-define(CERTIFICATE_VERIFY, 15). +-define(CLIENT_KEY_EXCHANGE, 16). +-define(FINISHED, 20). + +-record(random, { + gmt_unix_time, % uint32 + random_bytes % opaque random_bytes[28] + }). + +%% enum { null(0), (255) } CompressionMethod; +% -define(NULL, 0). %% Already defined by ssl_internal.hrl + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%%% Hello messages - RFC 4346 section 7.4.2 +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +-record(client_hello, { + client_version, + random, + session_id, % opaque SessionID<0..32> + cipher_suites, % cipher_suites<2..2^16-1> + compression_methods % compression_methods<1..2^8-1> + }). + +-record(server_hello, { + server_version, + random, + session_id, % opaque SessionID<0..32> + cipher_suite, % cipher_suites + compression_method % compression_method + }). + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%%% Server authentication and key exchange messages - RFC 4346 section 7.4.3 +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +%% opaque ASN.1Cert<2^24-1>; + +-record(certificate, { + asn1_certificates %% certificate_list<1..2^24-1> + }). + +%% enum { rsa, diffie_hellman } KeyExchangeAlgorithm; + +-define(KEY_EXCHANGE_RSA, 0). +-define(KEY_EXCHANGE_DIFFIE_HELLMAN, 1). + +-record(server_rsa_params, { + rsa_modulus, %% opaque RSA_modulus<1..2^16-1> + rsa_exponent %% opaque RSA_exponent<1..2^16-1> + }). + +-record(server_dh_params, { + dh_p, %% opaque DH_p<1..2^16-1> + dh_g, %% opaque DH_g<1..2^16-1> + dh_y %% opaque DH_Ys<1..2^16-1> + }). + +-record(server_key_exchange, { + params, %% #server_rsa_params{} | #server_dh_params{} + signed_params %% #signature{} + }). + +%% enum { anonymous, rsa, dsa } SignatureAlgorithm; + +-define(SIGNATURE_ANONYMOUS, 0). +-define(SIGNATURE_RSA, 1). +-define(SIGNATURE_DSA, 2). + +-record(hello_request, {}). +-record(server_hello_done, {}). + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%%% Certificate request - RFC 4346 section 7.4.4 +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +%% enum { +%% rsa_sign(1), dss_sign(2), rsa_fixed_dh(3), dss_fixed_dh(4), +%% (255) +%% } ClientCertificateType; + +-define(RSA_SIGN, 1). +-define(DSS_SIGN, 2). +-define(RSA_FIXED_DH, 3). +-define(DSS_FIXED_DH, 4). + +% opaque DistinguishedName<1..2^16-1>; + +-record(certificate_request, { + certificate_types, %ClientCertificateType <1..2^8-1> + certificate_authorities %DistinguishedName <0..2^16-1> + }). + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%%% Client authentication and key exchange messages - RFC 4346 section 7.4.7 +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +-record(client_key_exchange, { + exchange_keys %% #encrypted_premaster_secret{} (rsa ) | + %% DiffieHellmanClientPublicValue + }). + +-record(pre_master_secret, { + client_version, % ProtocolVersion client_version + random % opaque random[46]; + }). + +-record(encrypted_premaster_secret, { + premaster_secret + }). + +%% enum { implicit, explicit } PublicValueEncoding; + +-define(IMPLICIT, 0). +-define(EXPLICIT, 1). + +-record(client_diffie_hellman_public, { + dh_public + }). + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%%% Certificate verify - RFC 4346 section 7.4.8 +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +-record(certificate_verify, { + signature % binary() + }). + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%% Handshake finalization message RFC 4346 section 7.4.9 +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +-record(finished, { + verify_data %opaque verify_data[12] + }). + +-endif. % -ifdef(ssl_handshake). + + + |