1*46439007SCharles.Forsyth# 2*46439007SCharles.Forsyth# ssl 3.0 protocol 3*46439007SCharles.Forsyth# 4*46439007SCharles.Forsyth 5*46439007SCharles.ForsythSSL3: module { 6*46439007SCharles.Forsyth 7*46439007SCharles.Forsyth PATH: con "/dis/lib/crypt/ssl3.dis"; 8*46439007SCharles.Forsyth 9*46439007SCharles.Forsyth init: fn(): string; 10*46439007SCharles.Forsyth 11*46439007SCharles.Forsyth # SSL cipher suites 12*46439007SCharles.Forsyth 13*46439007SCharles.Forsyth NULL_WITH_NULL_NULL, 14*46439007SCharles.Forsyth RSA_WITH_NULL_MD5, 15*46439007SCharles.Forsyth RSA_WITH_NULL_SHA, 16*46439007SCharles.Forsyth RSA_EXPORT_WITH_RC4_40_MD5, 17*46439007SCharles.Forsyth RSA_WITH_RC4_128_MD5, 18*46439007SCharles.Forsyth RSA_WITH_RC4_128_SHA, 19*46439007SCharles.Forsyth RSA_EXPORT_WITH_RC2_CBC_40_MD5, 20*46439007SCharles.Forsyth RSA_WITH_IDEA_CBC_SHA, 21*46439007SCharles.Forsyth RSA_EXPORT_WITH_DES40_CBC_SHA, 22*46439007SCharles.Forsyth RSA_WITH_DES_CBC_SHA, 23*46439007SCharles.Forsyth RSA_WITH_3DES_EDE_CBC_SHA, 24*46439007SCharles.Forsyth DH_DSS_EXPORT_WITH_DES40_CBC_SHA, 25*46439007SCharles.Forsyth DH_DSS_WITH_DES_CBC_SHA, 26*46439007SCharles.Forsyth DH_DSS_WITH_3DES_EDE_CBC_SHA, 27*46439007SCharles.Forsyth DH_RSA_EXPORT_WITH_DES40_CBC_SHA, 28*46439007SCharles.Forsyth DH_RSA_WITH_DES_CBC_SHA, 29*46439007SCharles.Forsyth DH_RSA_WITH_3DES_EDE_CBC_SHA, 30*46439007SCharles.Forsyth DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, 31*46439007SCharles.Forsyth DHE_DSS_WITH_DES_CBC_SHA, 32*46439007SCharles.Forsyth DHE_DSS_WITH_3DES_EDE_CBC_SHA, 33*46439007SCharles.Forsyth DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, 34*46439007SCharles.Forsyth DHE_RSA_WITH_DES_CBC_SHA, 35*46439007SCharles.Forsyth DHE_RSA_WITH_3DES_EDE_CBC_SHA, 36*46439007SCharles.Forsyth DH_anon_EXPORT_WITH_RC4_40_MD5, 37*46439007SCharles.Forsyth DH_anon_WITH_RC4_128_MD5, 38*46439007SCharles.Forsyth DH_anon_EXPORT_WITH_DES40_CBC_SHA, 39*46439007SCharles.Forsyth DH_anon_WITH_DES_CBC_SHA, 40*46439007SCharles.Forsyth DH_anon_WITH_3DES_EDE_CBC_SHA, 41*46439007SCharles.Forsyth FORTEZZA_KEA_WITH_NULL_SHA, 42*46439007SCharles.Forsyth FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA, 43*46439007SCharles.Forsyth FORTEZZA_KEA_WITH_RC4_128_SHA : con iota; 44*46439007SCharles.Forsyth 45*46439007SCharles.Forsyth Authinfo: adt { 46*46439007SCharles.Forsyth suites: array of byte; # [2] x 47*46439007SCharles.Forsyth comprs: array of byte; # [1] x 48*46439007SCharles.Forsyth 49*46439007SCharles.Forsyth sk: ref PrivateKey; # for user certs 50*46439007SCharles.Forsyth root_type: int; # root type of certs 51*46439007SCharles.Forsyth certs: list of array of byte; # x509 cert chain 52*46439007SCharles.Forsyth 53*46439007SCharles.Forsyth types: array of byte; # acceptable cert types 54*46439007SCharles.Forsyth dns: list of array of byte; # acceptable cert authorities 55*46439007SCharles.Forsyth }; 56*46439007SCharles.Forsyth 57*46439007SCharles.Forsyth PrivateKey: adt { 58*46439007SCharles.Forsyth pick { 59*46439007SCharles.Forsyth RSA => 60*46439007SCharles.Forsyth sk : ref PKCS->RSAKey; 61*46439007SCharles.Forsyth DSS => 62*46439007SCharles.Forsyth sk : ref PKCS->DSSPrivateKey; 63*46439007SCharles.Forsyth DH => 64*46439007SCharles.Forsyth sk : ref PKCS->DHPrivateKey; 65*46439007SCharles.Forsyth } 66*46439007SCharles.Forsyth }; 67*46439007SCharles.Forsyth 68*46439007SCharles.Forsyth Record: adt { 69*46439007SCharles.Forsyth content_type : int; 70*46439007SCharles.Forsyth version : array of byte; # [2] 71*46439007SCharles.Forsyth data : array of byte; 72*46439007SCharles.Forsyth }; 73*46439007SCharles.Forsyth 74*46439007SCharles.Forsyth # key exchange algorithms 75*46439007SCharles.Forsyth 76*46439007SCharles.Forsyth KeyExAlg: adt { 77*46439007SCharles.Forsyth pick { 78*46439007SCharles.Forsyth NULL => 79*46439007SCharles.Forsyth DH => 80*46439007SCharles.Forsyth params : ref PKCS->DHParams; 81*46439007SCharles.Forsyth sk : ref PKCS->DHPrivateKey; 82*46439007SCharles.Forsyth peer_params : ref PKCS->DHParams; 83*46439007SCharles.Forsyth peer_pk : ref PKCS->DHPublicKey; 84*46439007SCharles.Forsyth exch_pk : ref PKCS->DHPublicKey; 85*46439007SCharles.Forsyth RSA => 86*46439007SCharles.Forsyth sk : ref PKCS->RSAKey; # for RSA key exchange 87*46439007SCharles.Forsyth export_key : ref PKCS->RSAKey; # server RSA temp key 88*46439007SCharles.Forsyth peer_pk : ref PKCS->RSAKey; # temp key from server 89*46439007SCharles.Forsyth FORTEZZA_KEA => 90*46439007SCharles.Forsyth # not supported yet 91*46439007SCharles.Forsyth } 92*46439007SCharles.Forsyth }; 93*46439007SCharles.Forsyth 94*46439007SCharles.Forsyth SigAlg: adt { 95*46439007SCharles.Forsyth pick { 96*46439007SCharles.Forsyth anon => 97*46439007SCharles.Forsyth RSA => 98*46439007SCharles.Forsyth sk : ref PKCS->RSAKey; # for sign 99*46439007SCharles.Forsyth peer_pk : ref PKCS->RSAKey; # for verify from peer cert 100*46439007SCharles.Forsyth DSS => 101*46439007SCharles.Forsyth sk : ref PKCS->DSSPrivateKey; # for sign 102*46439007SCharles.Forsyth peer_pk : ref PKCS->DSSPublicKey; # for verify from peer cert 103*46439007SCharles.Forsyth FORTEZZA_KEA => # not supported yet 104*46439007SCharles.Forsyth } 105*46439007SCharles.Forsyth }; 106*46439007SCharles.Forsyth 107*46439007SCharles.Forsyth CipherSpec: adt { 108*46439007SCharles.Forsyth is_exportable : int; 109*46439007SCharles.Forsyth 110*46439007SCharles.Forsyth bulk_cipher_algorithm : int; 111*46439007SCharles.Forsyth cipher_type : int; 112*46439007SCharles.Forsyth key_material : int; 113*46439007SCharles.Forsyth IV_size : int; 114*46439007SCharles.Forsyth 115*46439007SCharles.Forsyth mac_algorithm : int; 116*46439007SCharles.Forsyth hash_size : int; 117*46439007SCharles.Forsyth }; 118*46439007SCharles.Forsyth 119*46439007SCharles.Forsyth # record format queue 120*46439007SCharles.Forsyth 121*46439007SCharles.Forsyth RecordQueue: adt { 122*46439007SCharles.Forsyth macState : ref MacState; 123*46439007SCharles.Forsyth cipherState : ref CipherState; 124*46439007SCharles.Forsyth 125*46439007SCharles.Forsyth length : int; 126*46439007SCharles.Forsyth sequence_numbers : array of int; 127*46439007SCharles.Forsyth 128*46439007SCharles.Forsyth data : list of ref Record; 129*46439007SCharles.Forsyth fragment : int; 130*46439007SCharles.Forsyth b, e : int; 131*46439007SCharles.Forsyth 132*46439007SCharles.Forsyth new: fn(): ref RecordQueue; 133*46439007SCharles.Forsyth read: fn(q: self ref RecordQueue, ctx: ref Context, fd: ref Sys->FD): string; 134*46439007SCharles.Forsyth write: fn(q: self ref RecordQueue, ctx: ref Context, fd: ref Sys->FD, r: ref Record): string; 135*46439007SCharles.Forsyth calcmac: fn(q: self ref RecordQueue, ctx: ref Context, cntype: int, a: array of byte, ofs, n: int) : array of byte; 136*46439007SCharles.Forsyth }; 137*46439007SCharles.Forsyth 138*46439007SCharles.Forsyth MacState: adt { 139*46439007SCharles.Forsyth hash_size : int; 140*46439007SCharles.Forsyth pick { 141*46439007SCharles.Forsyth null => 142*46439007SCharles.Forsyth md5 => 143*46439007SCharles.Forsyth ds : array of ref Keyring->DigestState; 144*46439007SCharles.Forsyth sha => 145*46439007SCharles.Forsyth ds : array of ref Keyring->DigestState; 146*46439007SCharles.Forsyth } 147*46439007SCharles.Forsyth }; 148*46439007SCharles.Forsyth 149*46439007SCharles.Forsyth CipherState: adt { 150*46439007SCharles.Forsyth block_size : int; 151*46439007SCharles.Forsyth pick { 152*46439007SCharles.Forsyth null => 153*46439007SCharles.Forsyth rc4 => 154*46439007SCharles.Forsyth es : ref Keyring->RC4state; 155*46439007SCharles.Forsyth descbc => 156*46439007SCharles.Forsyth es : ref Keyring->DESstate; 157*46439007SCharles.Forsyth ideacbc => 158*46439007SCharles.Forsyth es : ref Keyring->IDEAstate; 159*46439007SCharles.Forsyth } 160*46439007SCharles.Forsyth }; 161*46439007SCharles.Forsyth 162*46439007SCharles.Forsyth # context for processing both v2 and v3 protocols. 163*46439007SCharles.Forsyth 164*46439007SCharles.Forsyth Context: adt { 165*46439007SCharles.Forsyth c : ref Sys->Connection; 166*46439007SCharles.Forsyth session : ref SSLsession->Session; 167*46439007SCharles.Forsyth 168*46439007SCharles.Forsyth sel_keyx : ref KeyExAlg; 169*46439007SCharles.Forsyth sel_sign : ref SigAlg; 170*46439007SCharles.Forsyth sel_ciph : ref CipherSpec; 171*46439007SCharles.Forsyth sel_cmpr : int; 172*46439007SCharles.Forsyth 173*46439007SCharles.Forsyth local_info : ref Authinfo; 174*46439007SCharles.Forsyth 175*46439007SCharles.Forsyth client_random : array of byte; # [32] 176*46439007SCharles.Forsyth server_random : array of byte; # [32] 177*46439007SCharles.Forsyth 178*46439007SCharles.Forsyth sha_state : ref Keyring->DigestState; 179*46439007SCharles.Forsyth md5_state : ref Keyring->DigestState; 180*46439007SCharles.Forsyth 181*46439007SCharles.Forsyth cw_mac : array of byte; 182*46439007SCharles.Forsyth sw_mac : array of byte; 183*46439007SCharles.Forsyth cw_key : array of byte; 184*46439007SCharles.Forsyth sw_key : array of byte; 185*46439007SCharles.Forsyth cw_IV : array of byte; 186*46439007SCharles.Forsyth sw_IV : array of byte; 187*46439007SCharles.Forsyth 188*46439007SCharles.Forsyth in_queue : ref RecordQueue; 189*46439007SCharles.Forsyth out_queue : ref RecordQueue; 190*46439007SCharles.Forsyth 191*46439007SCharles.Forsyth status : int; 192*46439007SCharles.Forsyth state : int; 193*46439007SCharles.Forsyth 194*46439007SCharles.Forsyth 195*46439007SCharles.Forsyth new: fn(): ref Context; 196*46439007SCharles.Forsyth client: fn(ctx: self ref Context, fd: ref Sys->FD, peer: string, ver: int, info: ref Authinfo): (string, int); 197*46439007SCharles.Forsyth server: fn(ctx: self ref Context, fd: ref Sys->FD, info: ref Authinfo, client_auth: int): string; 198*46439007SCharles.Forsyth use_devssl: fn(ctx: self ref Context); 199*46439007SCharles.Forsyth set_version: fn(ctx: self ref Context, vers: int): string; 200*46439007SCharles.Forsyth connect: fn(ctx: self ref Context, fd: ref Sys->FD): string; 201*46439007SCharles.Forsyth read: fn(ctx: self ref Context, a: array of byte, n: int): int; 202*46439007SCharles.Forsyth write: fn(ctx: self ref Context, a: array of byte, n: int): int; 203*46439007SCharles.Forsyth }; 204*46439007SCharles.Forsyth}; 205