xref: /inferno-os/module/ssl3.m (revision 46439007cf417cbd9ac8049bb4122c890097a0fa) 
1#
2# ssl 3.0 protocol
3#
4
5SSL3: module {
6
7	PATH: con "/dis/lib/crypt/ssl3.dis";
8
9	init: fn(): string;
10
11	# SSL cipher suites
12
13	NULL_WITH_NULL_NULL,
14	RSA_WITH_NULL_MD5,
15	RSA_WITH_NULL_SHA,
16	RSA_EXPORT_WITH_RC4_40_MD5,
17	RSA_WITH_RC4_128_MD5,
18	RSA_WITH_RC4_128_SHA,
19	RSA_EXPORT_WITH_RC2_CBC_40_MD5,
20	RSA_WITH_IDEA_CBC_SHA,
21	RSA_EXPORT_WITH_DES40_CBC_SHA,
22	RSA_WITH_DES_CBC_SHA,
23	RSA_WITH_3DES_EDE_CBC_SHA,
24	DH_DSS_EXPORT_WITH_DES40_CBC_SHA,
25	DH_DSS_WITH_DES_CBC_SHA,
26	DH_DSS_WITH_3DES_EDE_CBC_SHA,
27	DH_RSA_EXPORT_WITH_DES40_CBC_SHA,
28	DH_RSA_WITH_DES_CBC_SHA,
29	DH_RSA_WITH_3DES_EDE_CBC_SHA,
30	DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,
31	DHE_DSS_WITH_DES_CBC_SHA,
32	DHE_DSS_WITH_3DES_EDE_CBC_SHA,
33	DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
34	DHE_RSA_WITH_DES_CBC_SHA,
35	DHE_RSA_WITH_3DES_EDE_CBC_SHA,
36	DH_anon_EXPORT_WITH_RC4_40_MD5,
37	DH_anon_WITH_RC4_128_MD5,
38	DH_anon_EXPORT_WITH_DES40_CBC_SHA,
39	DH_anon_WITH_DES_CBC_SHA,
40	DH_anon_WITH_3DES_EDE_CBC_SHA,
41	FORTEZZA_KEA_WITH_NULL_SHA,
42	FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA,
43	FORTEZZA_KEA_WITH_RC4_128_SHA 		: con iota;
44
45	Authinfo: adt {
46		suites: array of byte; # [2] x
47		comprs: array of byte; # [1] x
48
49		sk: ref PrivateKey; # for user certs
50		root_type: int; # root type of certs
51		certs: list of array of byte; # x509 cert chain
52
53		types: array of byte; # acceptable cert types
54		dns: list of array of byte; # acceptable cert authorities
55	};
56
57	PrivateKey: adt {
58		pick {
59		RSA =>
60			sk			: ref PKCS->RSAKey;
61		DSS =>
62			sk			: ref PKCS->DSSPrivateKey;
63		DH =>
64			sk			: ref PKCS->DHPrivateKey;
65		}
66	};
67
68	Record: adt {
69		content_type			: int;
70		version			 	: array of byte; # [2]
71		data				: array of byte;
72	};
73
74	# key exchange algorithms
75
76	KeyExAlg: adt {
77		pick {
78		NULL =>
79		DH =>
80			params			: ref PKCS->DHParams;
81			sk			: ref PKCS->DHPrivateKey;
82			peer_params		: ref PKCS->DHParams;
83			peer_pk			: ref PKCS->DHPublicKey;
84			exch_pk			: ref PKCS->DHPublicKey;
85		RSA =>
86			sk	 		: ref PKCS->RSAKey; # for RSA key exchange
87			export_key 		: ref PKCS->RSAKey; # server RSA temp key
88			peer_pk			: ref PKCS->RSAKey; # temp key from server
89		FORTEZZA_KEA =>
90			# not supported yet
91		}
92	};
93
94	SigAlg: adt {
95		pick {
96		anon =>
97		RSA =>
98			sk	 		: ref PKCS->RSAKey; # for sign
99			peer_pk			: ref PKCS->RSAKey; # for verify from peer cert
100		DSS =>
101			sk	 		: ref PKCS->DSSPrivateKey; # for sign
102			peer_pk			: ref PKCS->DSSPublicKey; # for verify from peer cert
103		FORTEZZA_KEA =>	# not supported yet
104		}
105	};
106
107	CipherSpec: adt {
108		is_exportable			: int;
109
110		bulk_cipher_algorithm		: int;
111		cipher_type			: int;
112		key_material			: int;
113		IV_size				: int;
114
115		mac_algorithm			: int;
116		hash_size			: int;
117	};
118
119	# record format queue
120
121	RecordQueue: adt {
122		macState			: ref MacState;
123		cipherState			: ref CipherState;
124
125		length				: int;
126		sequence_numbers		: array of int;
127
128		data				: list of ref Record;
129		fragment			: int;
130		b, e				: int;
131
132		new: fn(): ref RecordQueue;
133		read: fn(q: self ref RecordQueue, ctx: ref Context, fd: ref Sys->FD): string;
134		write: fn(q: self ref RecordQueue, ctx: ref Context, fd: ref Sys->FD, r: ref Record): string;
135		calcmac: fn(q: self ref RecordQueue, ctx: ref Context, cntype: int, a: array of byte, ofs, n: int) : array of byte;
136	};
137
138	MacState: adt {
139		hash_size			: int;
140		pick {
141		null =>
142		md5 =>
143			ds			: array of ref Keyring->DigestState;
144		sha =>
145			ds			: array of ref Keyring->DigestState;
146		}
147	};
148
149	CipherState: adt {
150		block_size			: int;
151		pick {
152		null =>
153		rc4 =>
154			es			: ref Keyring->RC4state;
155		descbc =>
156			es			: ref Keyring->DESstate;
157		ideacbc =>
158			es			: ref Keyring->IDEAstate;
159		}
160	};
161
162	# context for processing both v2 and v3 protocols.
163
164	Context: adt {
165		c				: ref Sys->Connection;
166		session				: ref SSLsession->Session;
167
168		sel_keyx			: ref KeyExAlg;
169		sel_sign			: ref SigAlg;
170		sel_ciph			: ref CipherSpec;
171		sel_cmpr			: int;
172
173		local_info			: ref Authinfo;
174
175		client_random			: array of byte; # [32]
176		server_random			: array of byte; # [32]
177
178		sha_state			: ref Keyring->DigestState;
179		md5_state			: ref Keyring->DigestState;
180
181		cw_mac				: array of byte;
182		sw_mac				: array of byte;
183		cw_key				: array of byte;
184		sw_key				: array of byte;
185		cw_IV				: array of byte;
186		sw_IV				: array of byte;
187
188		in_queue			: ref RecordQueue;
189		out_queue			: ref RecordQueue;
190
191		status				: int;
192		state				: int;
193
194
195		new: fn(): ref Context;
196		client: fn(ctx: self ref Context, fd: ref Sys->FD, peer: string, ver: int, info: ref Authinfo): (string, int);
197		server: fn(ctx: self ref Context, fd: ref Sys->FD, info: ref Authinfo, client_auth: int): string;
198		use_devssl: fn(ctx: self ref Context);
199		set_version: fn(ctx: self ref Context, vers: int): string;
200		connect: fn(ctx: self ref Context, fd: ref Sys->FD): string;
201		read: fn(ctx: self ref Context, a: array of byte, n: int): int;
202		write: fn(ctx: self ref Context, a: array of byte, n: int): int;
203	};
204};
205