ref: 94443daf8e248e65afc8d3f17f26efea22748b51
dir: /module/ssl3.m/
#
# ssl 3.0 protocol
#
SSL3: module {
PATH: con "/dis/lib/crypt/ssl3.dis";
init: fn(): string;
# SSL cipher suites
NULL_WITH_NULL_NULL,
RSA_WITH_NULL_MD5,
RSA_WITH_NULL_SHA,
RSA_EXPORT_WITH_RC4_40_MD5,
RSA_WITH_RC4_128_MD5,
RSA_WITH_RC4_128_SHA,
RSA_EXPORT_WITH_RC2_CBC_40_MD5,
RSA_WITH_IDEA_CBC_SHA,
RSA_EXPORT_WITH_DES40_CBC_SHA,
RSA_WITH_DES_CBC_SHA,
RSA_WITH_3DES_EDE_CBC_SHA,
DH_DSS_EXPORT_WITH_DES40_CBC_SHA,
DH_DSS_WITH_DES_CBC_SHA,
DH_DSS_WITH_3DES_EDE_CBC_SHA,
DH_RSA_EXPORT_WITH_DES40_CBC_SHA,
DH_RSA_WITH_DES_CBC_SHA,
DH_RSA_WITH_3DES_EDE_CBC_SHA,
DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,
DHE_DSS_WITH_DES_CBC_SHA,
DHE_DSS_WITH_3DES_EDE_CBC_SHA,
DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
DHE_RSA_WITH_DES_CBC_SHA,
DHE_RSA_WITH_3DES_EDE_CBC_SHA,
DH_anon_EXPORT_WITH_RC4_40_MD5,
DH_anon_WITH_RC4_128_MD5,
DH_anon_EXPORT_WITH_DES40_CBC_SHA,
DH_anon_WITH_DES_CBC_SHA,
DH_anon_WITH_3DES_EDE_CBC_SHA,
FORTEZZA_KEA_WITH_NULL_SHA,
FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA,
FORTEZZA_KEA_WITH_RC4_128_SHA : con iota;
Authinfo: adt {
suites: array of byte; # [2] x
comprs: array of byte; # [1] x
sk: ref PrivateKey; # for user certs
root_type: int; # root type of certs
certs: list of array of byte; # x509 cert chain
types: array of byte; # acceptable cert types
dns: list of array of byte; # acceptable cert authorities
};
PrivateKey: adt {
pick {
RSA =>
sk : ref PKCS->RSAKey;
DSS =>
sk : ref PKCS->DSSPrivateKey;
DH =>
sk : ref PKCS->DHPrivateKey;
}
};
Record: adt {
content_type : int;
version : array of byte; # [2]
data : array of byte;
};
# key exchange algorithms
KeyExAlg: adt {
pick {
NULL =>
DH =>
params : ref PKCS->DHParams;
sk : ref PKCS->DHPrivateKey;
peer_params : ref PKCS->DHParams;
peer_pk : ref PKCS->DHPublicKey;
exch_pk : ref PKCS->DHPublicKey;
RSA =>
sk : ref PKCS->RSAKey; # for RSA key exchange
export_key : ref PKCS->RSAKey; # server RSA temp key
peer_pk : ref PKCS->RSAKey; # temp key from server
FORTEZZA_KEA =>
# not supported yet
}
};
SigAlg: adt {
pick {
anon =>
RSA =>
sk : ref PKCS->RSAKey; # for sign
peer_pk : ref PKCS->RSAKey; # for verify from peer cert
DSS =>
sk : ref PKCS->DSSPrivateKey; # for sign
peer_pk : ref PKCS->DSSPublicKey; # for verify from peer cert
FORTEZZA_KEA => # not supported yet
}
};
CipherSpec: adt {
is_exportable : int;
bulk_cipher_algorithm : int;
cipher_type : int;
key_material : int;
IV_size : int;
mac_algorithm : int;
hash_size : int;
};
# record format queue
RecordQueue: adt {
macState : ref MacState;
cipherState : ref CipherState;
length : int;
sequence_numbers : array of int;
data : list of ref Record;
fragment : int;
b, e : int;
new: fn(): ref RecordQueue;
read: fn(q: self ref RecordQueue, ctx: ref Context, fd: ref Sys->FD): string;
write: fn(q: self ref RecordQueue, ctx: ref Context, fd: ref Sys->FD, r: ref Record): string;
calcmac: fn(q: self ref RecordQueue, ctx: ref Context, cntype: int, a: array of byte, ofs, n: int) : array of byte;
};
MacState: adt {
hash_size : int;
pick {
null =>
md5 =>
ds : array of ref Keyring->DigestState;
sha =>
ds : array of ref Keyring->DigestState;
}
};
CipherState: adt {
block_size : int;
pick {
null =>
rc4 =>
es : ref Keyring->RC4state;
descbc =>
es : ref Keyring->DESstate;
ideacbc =>
es : ref Keyring->IDEAstate;
}
};
# context for processing both v2 and v3 protocols.
Context: adt {
c : ref Sys->Connection;
session : ref SSLsession->Session;
sel_keyx : ref KeyExAlg;
sel_sign : ref SigAlg;
sel_ciph : ref CipherSpec;
sel_cmpr : int;
local_info : ref Authinfo;
client_random : array of byte; # [32]
server_random : array of byte; # [32]
sha_state : ref Keyring->DigestState;
md5_state : ref Keyring->DigestState;
cw_mac : array of byte;
sw_mac : array of byte;
cw_key : array of byte;
sw_key : array of byte;
cw_IV : array of byte;
sw_IV : array of byte;
in_queue : ref RecordQueue;
out_queue : ref RecordQueue;
status : int;
state : int;
new: fn(): ref Context;
client: fn(ctx: self ref Context, fd: ref Sys->FD, peer: string, ver: int, info: ref Authinfo): (string, int);
server: fn(ctx: self ref Context, fd: ref Sys->FD, info: ref Authinfo, client_auth: int): string;
use_devssl: fn(ctx: self ref Context);
set_version: fn(ctx: self ref Context, vers: int): string;
connect: fn(ctx: self ref Context, fd: ref Sys->FD): string;
read: fn(ctx: self ref Context, a: array of byte, n: int): int;
write: fn(ctx: self ref Context, a: array of byte, n: int): int;
};
};