1160814Ssimon/* ssl/dtls1.h */ 2280304Sjkim/* 3160814Ssimon * DTLS implementation written by Nagendra Modadugu 4280304Sjkim * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 5160814Ssimon */ 6160814Ssimon/* ==================================================================== 7160814Ssimon * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. 8160814Ssimon * 9160814Ssimon * Redistribution and use in source and binary forms, with or without 10160814Ssimon * modification, are permitted provided that the following conditions 11160814Ssimon * are met: 12160814Ssimon * 13160814Ssimon * 1. Redistributions of source code must retain the above copyright 14280304Sjkim * notice, this list of conditions and the following disclaimer. 15160814Ssimon * 16160814Ssimon * 2. Redistributions in binary form must reproduce the above copyright 17160814Ssimon * notice, this list of conditions and the following disclaimer in 18160814Ssimon * the documentation and/or other materials provided with the 19160814Ssimon * distribution. 20160814Ssimon * 21160814Ssimon * 3. All advertising materials mentioning features or use of this 22160814Ssimon * software must display the following acknowledgment: 23160814Ssimon * "This product includes software developed by the OpenSSL Project 24160814Ssimon * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 25160814Ssimon * 26160814Ssimon * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 27160814Ssimon * endorse or promote products derived from this software without 28160814Ssimon * prior written permission. For written permission, please contact 29160814Ssimon * openssl-core@OpenSSL.org. 30160814Ssimon * 31160814Ssimon * 5. Products derived from this software may not be called "OpenSSL" 32160814Ssimon * nor may "OpenSSL" appear in their names without prior written 33160814Ssimon * permission of the OpenSSL Project. 34160814Ssimon * 35160814Ssimon * 6. Redistributions of any form whatsoever must retain the following 36160814Ssimon * acknowledgment: 37160814Ssimon * "This product includes software developed by the OpenSSL Project 38160814Ssimon * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 39160814Ssimon * 40160814Ssimon * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 41160814Ssimon * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42160814Ssimon * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 43160814Ssimon * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 44160814Ssimon * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 45160814Ssimon * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 46160814Ssimon * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 47160814Ssimon * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48160814Ssimon * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 49160814Ssimon * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 50160814Ssimon * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 51160814Ssimon * OF THE POSSIBILITY OF SUCH DAMAGE. 52160814Ssimon * ==================================================================== 53160814Ssimon * 54160814Ssimon * This product includes cryptographic software written by Eric Young 55160814Ssimon * (eay@cryptsoft.com). This product includes software written by Tim 56160814Ssimon * Hudson (tjh@cryptsoft.com). 57160814Ssimon * 58160814Ssimon */ 59160814Ssimon 60246772Sjkim#ifndef HEADER_DTLS1_H 61280304Sjkim# define HEADER_DTLS1_H 62160814Ssimon 63280304Sjkim# include <openssl/buffer.h> 64280304Sjkim# include <openssl/pqueue.h> 65280304Sjkim# ifdef OPENSSL_SYS_VMS 66280304Sjkim# include <resource.h> 67280304Sjkim# include <sys/timeb.h> 68280304Sjkim# endif 69280304Sjkim# ifdef OPENSSL_SYS_WIN32 70205128Ssimon/* Needed for struct timeval */ 71280304Sjkim# include <winsock.h> 72280304Sjkim# elif defined(OPENSSL_SYS_NETWARE) && !defined(_WINSOCK2API_) 73280304Sjkim# include <sys/timeval.h> 74280304Sjkim# else 75280304Sjkim# if defined(OPENSSL_SYS_VXWORKS) 76280304Sjkim# include <sys/times.h> 77280304Sjkim# else 78280304Sjkim# include <sys/time.h> 79280304Sjkim# endif 80280304Sjkim# endif 81160814Ssimon 82160814Ssimon#ifdef __cplusplus 83160814Ssimonextern "C" { 84160814Ssimon#endif 85160814Ssimon 86280304Sjkim# define DTLS1_VERSION 0xFEFF 87280304Sjkim# define DTLS_MAX_VERSION DTLS1_VERSION 88280304Sjkim# define DTLS1_VERSION_MAJOR 0xFE 89273149Sjkim 90280304Sjkim# define DTLS1_BAD_VER 0x0100 91160814Ssimon 92280304Sjkim# if 0 93194206Ssimon/* this alert description is not specified anywhere... */ 94280304Sjkim# define DTLS1_AD_MISSING_HANDSHAKE_MESSAGE 110 95280304Sjkim# endif 96160814Ssimon 97160814Ssimon/* lengths of messages */ 98280304Sjkim# define DTLS1_COOKIE_LENGTH 256 99160814Ssimon 100280304Sjkim# define DTLS1_RT_HEADER_LENGTH 13 101160814Ssimon 102280304Sjkim# define DTLS1_HM_HEADER_LENGTH 12 103160814Ssimon 104280304Sjkim# define DTLS1_HM_BAD_FRAGMENT -2 105280304Sjkim# define DTLS1_HM_FRAGMENT_RETRY -3 106160814Ssimon 107280304Sjkim# define DTLS1_CCS_HEADER_LENGTH 1 108160814Ssimon 109280304Sjkim# ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE 110280304Sjkim# define DTLS1_AL_HEADER_LENGTH 7 111280304Sjkim# else 112280304Sjkim# define DTLS1_AL_HEADER_LENGTH 2 113280304Sjkim# endif 114160814Ssimon 115280304Sjkim# ifndef OPENSSL_NO_SSL_INTERN 116160814Ssimon 117280304Sjkim# ifndef OPENSSL_NO_SCTP 118280304Sjkim# define DTLS1_SCTP_AUTH_LABEL "EXPORTER_DTLS_OVER_SCTP" 119280304Sjkim# endif 120238405Sjkim 121276864Sjkim/* Max MTU overhead we know about so far is 40 for IPv6 + 8 for UDP */ 122280304Sjkim# define DTLS1_MAX_MTU_OVERHEAD 48 123276864Sjkim 124280304Sjkimtypedef struct dtls1_bitmap_st { 125280304Sjkim unsigned long map; /* track 32 packets on 32-bit systems and 64 126280304Sjkim * - on 64-bit systems */ 127280304Sjkim unsigned char max_seq_num[8]; /* max record number seen so far, 64-bit 128280304Sjkim * value in big-endian encoding */ 129280304Sjkim} DTLS1_BITMAP; 130160814Ssimon 131280304Sjkimstruct dtls1_retransmit_state { 132280304Sjkim EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ 133280304Sjkim EVP_MD_CTX *write_hash; /* used for mac generation */ 134280304Sjkim# ifndef OPENSSL_NO_COMP 135280304Sjkim COMP_CTX *compress; /* compression */ 136280304Sjkim# else 137280304Sjkim char *compress; 138280304Sjkim# endif 139280304Sjkim SSL_SESSION *session; 140280304Sjkim unsigned short epoch; 141280304Sjkim}; 142205128Ssimon 143280304Sjkimstruct hm_header_st { 144280304Sjkim unsigned char type; 145280304Sjkim unsigned long msg_len; 146280304Sjkim unsigned short seq; 147280304Sjkim unsigned long frag_off; 148280304Sjkim unsigned long frag_len; 149280304Sjkim unsigned int is_ccs; 150280304Sjkim struct dtls1_retransmit_state saved_retransmit_state; 151280304Sjkim}; 152160814Ssimon 153280304Sjkimstruct ccs_header_st { 154280304Sjkim unsigned char type; 155280304Sjkim unsigned short seq; 156280304Sjkim}; 157160814Ssimon 158280304Sjkimstruct dtls1_timeout_st { 159280304Sjkim /* Number of read timeouts so far */ 160280304Sjkim unsigned int read_timeouts; 161280304Sjkim /* Number of write timeouts so far */ 162280304Sjkim unsigned int write_timeouts; 163280304Sjkim /* Number of alerts received so far */ 164280304Sjkim unsigned int num_alerts; 165280304Sjkim}; 166160814Ssimon 167280304Sjkimtypedef struct record_pqueue_st { 168280304Sjkim unsigned short epoch; 169280304Sjkim pqueue q; 170280304Sjkim} record_pqueue; 171160814Ssimon 172280304Sjkimtypedef struct hm_fragment_st { 173280304Sjkim struct hm_header_st msg_header; 174280304Sjkim unsigned char *fragment; 175280304Sjkim unsigned char *reassembly; 176280304Sjkim} hm_fragment; 177160814Ssimon 178280304Sjkimtypedef struct dtls1_state_st { 179280304Sjkim unsigned int send_cookie; 180280304Sjkim unsigned char cookie[DTLS1_COOKIE_LENGTH]; 181280304Sjkim unsigned char rcvd_cookie[DTLS1_COOKIE_LENGTH]; 182280304Sjkim unsigned int cookie_len; 183280304Sjkim /* 184280304Sjkim * The current data and handshake epoch. This is initially 185280304Sjkim * undefined, and starts at zero once the initial handshake is 186280304Sjkim * completed 187280304Sjkim */ 188280304Sjkim unsigned short r_epoch; 189280304Sjkim unsigned short w_epoch; 190280304Sjkim /* records being received in the current epoch */ 191280304Sjkim DTLS1_BITMAP bitmap; 192280304Sjkim /* renegotiation starts a new set of sequence numbers */ 193280304Sjkim DTLS1_BITMAP next_bitmap; 194280304Sjkim /* handshake message numbers */ 195280304Sjkim unsigned short handshake_write_seq; 196280304Sjkim unsigned short next_handshake_write_seq; 197280304Sjkim unsigned short handshake_read_seq; 198280304Sjkim /* save last sequence number for retransmissions */ 199280304Sjkim unsigned char last_write_sequence[8]; 200280304Sjkim /* Received handshake records (processed and unprocessed) */ 201280304Sjkim record_pqueue unprocessed_rcds; 202280304Sjkim record_pqueue processed_rcds; 203280304Sjkim /* Buffered handshake messages */ 204280304Sjkim pqueue buffered_messages; 205280304Sjkim /* Buffered (sent) handshake records */ 206280304Sjkim pqueue sent_messages; 207280304Sjkim /* 208280304Sjkim * Buffered application records. Only for records between CCS and 209280304Sjkim * Finished to prevent either protocol violation or unnecessary message 210280304Sjkim * loss. 211280304Sjkim */ 212280304Sjkim record_pqueue buffered_app_data; 213280304Sjkim /* Is set when listening for new connections with dtls1_listen() */ 214280304Sjkim unsigned int listen; 215280304Sjkim unsigned int link_mtu; /* max on-the-wire DTLS packet size */ 216280304Sjkim unsigned int mtu; /* max DTLS packet size */ 217280304Sjkim struct hm_header_st w_msg_hdr; 218280304Sjkim struct hm_header_st r_msg_hdr; 219280304Sjkim struct dtls1_timeout_st timeout; 220280304Sjkim /* 221280304Sjkim * Indicates when the last handshake msg or heartbeat sent will timeout 222280304Sjkim */ 223280304Sjkim struct timeval next_timeout; 224280304Sjkim /* Timeout duration */ 225280304Sjkim unsigned short timeout_duration; 226280304Sjkim /* 227280304Sjkim * storage for Alert/Handshake protocol data received but not yet 228280304Sjkim * processed by ssl3_read_bytes: 229280304Sjkim */ 230280304Sjkim unsigned char alert_fragment[DTLS1_AL_HEADER_LENGTH]; 231280304Sjkim unsigned int alert_fragment_len; 232280304Sjkim unsigned char handshake_fragment[DTLS1_HM_HEADER_LENGTH]; 233280304Sjkim unsigned int handshake_fragment_len; 234280304Sjkim unsigned int retransmitting; 235280304Sjkim /* 236280304Sjkim * Set when the handshake is ready to process peer's ChangeCipherSpec message. 237280304Sjkim * Cleared after the message has been processed. 238280304Sjkim */ 239280304Sjkim unsigned int change_cipher_spec_ok; 240280304Sjkim# ifndef OPENSSL_NO_SCTP 241280304Sjkim /* used when SSL_ST_XX_FLUSH is entered */ 242280304Sjkim int next_state; 243280304Sjkim int shutdown_received; 244280304Sjkim# endif 245280304Sjkim} DTLS1_STATE; 246160814Ssimon 247280304Sjkimtypedef struct dtls1_record_data_st { 248280304Sjkim unsigned char *packet; 249280304Sjkim unsigned int packet_length; 250280304Sjkim SSL3_BUFFER rbuf; 251280304Sjkim SSL3_RECORD rrec; 252280304Sjkim# ifndef OPENSSL_NO_SCTP 253280304Sjkim struct bio_dgram_sctp_rcvinfo recordinfo; 254280304Sjkim# endif 255280304Sjkim} DTLS1_RECORD_DATA; 256160814Ssimon 257280304Sjkim# endif 258160814Ssimon 259160814Ssimon/* Timeout multipliers (timeout slice is defined in apps/timeouts.h */ 260280304Sjkim# define DTLS1_TMO_READ_COUNT 2 261280304Sjkim# define DTLS1_TMO_WRITE_COUNT 2 262160814Ssimon 263280304Sjkim# define DTLS1_TMO_ALERT_COUNT 12 264160814Ssimon 265160814Ssimon#ifdef __cplusplus 266160814Ssimon} 267160814Ssimon#endif 268160814Ssimon#endif 269