* This file is part of the openHiTLS project.
*
* openHiTLS is licensed under the Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
*
* http://license.coscl.org.cn/MulanPSL2
*
* THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
* EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
* MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
* See the Mulan PSL v2 for more details.
*/
#ifndef HS_MSG_H
#define HS_MSG_H
#include <stdint.h>
#include <stdbool.h>
#include "hitls_build.h"
#include "bsl_module_list.h"
#include "cert.h"
#include "hitls_crypt_type.h"
#include "hitls_cert_type.h"
#include "hitls_type.h"
#ifdef __cplusplus
extern "C" {
#endif
#define UINT24_SIZE 3u
#define HS_MSG_HEADER_SIZE 4u
#define DTLS_HS_MSG_HEADER_SIZE 12u
#define HS_RANDOM_SIZE 32u
#define HS_RANDOM_DOWNGRADE_SIZE 8u
#define TLS_HS_MAX_SESSION_ID_SIZE 32u
#define TLS_HS_MIN_SESSION_ID_SIZE 24u
#define TLS_HS_MIN_COOKIE_SIZE 1u
#define TLS_HS_MAX_COOKIE_SIZE 255u
#define DTLS_HS_MSGLEN_ADDR 1u
#define DTLS_HS_MSGSEQ_ADDR 4u
#define DTLS_HS_FRAGMENT_OFFSET_ADDR 6u
#define DTLS_HS_FRAGMENT_LEN_ADDR 9u
typedef enum {
HELLO_REQUEST = 0,
CLIENT_HELLO = 1,
SERVER_HELLO = 2,
HELLO_VERIFY_REQUEST = 3,
NEW_SESSION_TICKET = 4,
END_OF_EARLY_DATA = 5,
HELLO_RETRY_REQUEST = 6,
ENCRYPTED_EXTENSIONS = 8,
CERTIFICATE = 11,
SERVER_KEY_EXCHANGE = 12,
CERTIFICATE_REQUEST = 13,
SERVER_HELLO_DONE = 14,
CERTIFICATE_VERIFY = 15,
CLIENT_KEY_EXCHANGE = 16,
FINISHED = 20,
CERTIFICATE_URL = 21,
CERTIFICATION_STATUS = 22,
SUPPLEMENTAL_DATA = 23,
KEY_UPDATE = 24,
MESSAGE_HASH = 254,
HS_MSG_TYPE_END = 255
} HS_MsgType;
typedef enum {
PSK_KE = 0,
PSK_DHE_KE = 1,
PSK_KEY_EXCHANGEMODE_END = 255
} HS_PskKeyExchMode;
typedef struct {
HITLS_KeyUpdateRequest requestUpdate;
} KeyUpdateMsg;
typedef struct {
ListHead head;
uint16_t group;
uint16_t keyExchangeSize;
uint8_t *keyExchange;
} KeyShare;
typedef struct OfferedPsks {
ListHead pskNode;
following fields */
uint8_t *identity;
uint8_t *binder;
uint32_t obfuscatedTicketAge;
uint16_t identitySize;
uint8_t binderSize;
bool isValid;
} PreSharedKey;
typedef struct {
uint16_t *supportedGroups;
uint16_t *signatureAlgorithms;
uint16_t *signatureAlgorithmsCert;
uint8_t *pointFormats;
uint8_t *alpnList;
uint8_t *serverName;
uint8_t *secRenegoInfo;
uint8_t *ticket;
uint32_t ticketSize;
uint16_t supportedGroupsSize;
uint16_t signatureAlgorithmsSize;
uint16_t signatureAlgorithmsCertSize;
uint16_t alpnListSize;
uint16_t serverNameSize;
uint16_t recordSizeLimit;
uint8_t pointFormatsSize;
uint8_t serverNameType;
uint8_t secRenegoInfoSize;
uint8_t reserved[1];
uint16_t *supportedVersions;
uint8_t *cookie;
uint8_t *keModes;
uint8_t keModesSize;
uint8_t supportedVersionsCount;
uint16_t cookieLen;
HITLS_TrustedCAList *caList;
PreSharedKey *preSharedKey;
KeyShare *keyShare;
} ExtensionContent;
typedef struct {
bool haveSupportedGroups;
bool haveSignatureAlgorithms;
bool haveSignatureAlgorithmsCert;
bool havePointFormats;
bool haveExtendedMasterSecret;
bool haveSupportedVers;
bool haveCookie;
bool haveCA;
bool havePostHsAuth;
message. */
bool haveKeyShare;
bool haveEarlyData;
bool havePskExMode;
bool havePreShareKey;
bool haveAlpn;
bool haveServerName;
bool haveSecRenego;
bool haveTicket;
bool haveEncryptThenMac;
bool haveRecordSizeLimit;
} ExtensionFlag;
typedef struct {
ExtensionFlag flag;
ExtensionContent content;
} ClientHelloExt;
typedef struct {
uint8_t randomValue[HS_RANDOM_SIZE];
uint8_t *sessionId;
uint8_t *cookie;
uint16_t *cipherSuites;
uint16_t version;
uint16_t cipherSuitesSize;
uint8_t sessionIdSize;
uint8_t compressionMethodsSize;
uint8_t *compressionMethods;
uint8_t cookieLen;
bool haveEmptyRenegoScsvCipher;
to indicate that security renegotiation is supported. */
bool haveFallBackScsvCipher;
to indicate that a downgrade negotiation process is in progress. */
uint8_t refCnt;
uint32_t truncateHelloLen;
ClientHelloExt extension;
uint64_t extensionTypeMask;
uint8_t *extensionBuff;
uint32_t extensionBuffLen;
uint32_t extensionCount;
} ClientHelloMsg;
typedef struct {
uint16_t version;
uint16_t cipherSuite;
uint8_t randomValue[HS_RANDOM_SIZE];
uint8_t *sessionId;
uint8_t *pointFormats;
uint8_t *alpnSelected;
uint8_t *cookie;
uint8_t *secRenegoInfo;
KeyShare keyShare;
uint16_t alpnSelectedSize;
uint16_t supportedVersion;
uint16_t cookieLen;
uint16_t selectedIdentity;
uint16_t recordSizeLimit;
uint8_t sessionIdSize;
uint8_t pointFormatsSize;
uint8_t secRenegoInfoSize;
uint64_t extensionTypeMask;
bool havePointFormats;
bool haveExtendedMasterSecret;
bool haveSupportedVersion;
bool haveCookie;
bool haveKeyShare;
bool haveSelectedIdentity;
bool haveSelectedAlpn;
bool haveServerName;
bool haveSecRenego;
bool haveTicket;
bool haveEncryptThenMac;
bool haveRecordSizeLimit;
bool reserved[2];
} ServerHelloMsg;
typedef struct {
uint16_t version;
uint8_t cookieLen;
uint8_t reserved[1];
uint8_t *cookie;
} HelloVerifyRequestMsg;
typedef struct {
CERT_Item *cert;
uint32_t certCount;
uint8_t *certificateReqCtx;
uint32_t certificateReqCtxSize;
uint64_t extensionTypeMask;
} CertificateMsg;
typedef struct {
HITLS_ECParameters ecPara;
uint32_t pubKeySize;
uint8_t *pubKey;
uint16_t signAlgorithm;
uint16_t signSize;
uint8_t *signData;
} ServerEcdh;
typedef struct {
uint8_t *p;
uint8_t *g;
uint16_t plen;
uint16_t glen;
uint8_t *pubkey;
uint16_t pubKeyLen;
uint16_t signAlgorithm;
uint16_t signSize;
uint8_t *signData;
} ServerDh;
typedef struct {
uint8_t *pskIdentityHint;
uint32_t hintSize;
HITLS_KeyExchAlgo keyExType;
union {
ServerEcdh ecdh;
ServerDh dh;
} keyEx;
} ServerKeyExchangeMsg;
typedef struct {
uint8_t *pskIdentity;
uint32_t pskIdentitySize;
uint32_t dataSize;
uint8_t *data;
} ClientKeyExchangeMsg;
typedef struct {
uint8_t *certTypes;
uint16_t *signatureAlgorithms;
uint8_t reserved;
uint8_t certTypesSize;
uint16_t signatureAlgorithmsSize;
#ifdef HITLS_TLS_PROTO_TLS13
uint16_t *signatureAlgorithmsCert;
uint16_t signatureAlgorithmsCertSize;
uint8_t *certificateReqCtx;
uint32_t certificateReqCtxSize;
authentication after the handshake */
uint64_t extensionTypeMask;
bool haveSignatureAndHashAlgoCert;
#endif
bool haveSignatureAndHashAlgo;
bool haveDistinguishedName;
} CertificateRequestMsg;
typedef struct {
uint16_t signHashAlg;
uint16_t signSize;
uint8_t *sign;
} CertificateVerifyMsg;
RFC5077 3.3 NewSessionTicket Handshake Message
struct {
uint32 ticket_lifetime_hint;
opaque ticket<0..2^16-1>;
} NewSessionTicket;
TLS1.3:
struct {
uint32 ticket_lifetime;
uint32 ticket_age_add;
opaque ticket_nonce<0..255>;
opaque ticket<1..2^16-1>;
Extension extensions<0..2^16-2>;
} NewSessionTicket;
*/
typedef struct {
uint32_t ticketLifetimeHint;
uint32_t ticketAgeAdd;
uint32_t ticketNonceSize;
uint8_t *ticketNonce;
increasing in ascending order. */
uint32_t ticketSize;
uint8_t *ticket;
uint64_t extensionTypeMask;
} NewSessionTicketMsg;
typedef struct {
uint32_t verifyDataSize;
uint8_t *verifyData;
} FinishedMsg;
typedef struct {
uint16_t *supportedGroups;
uint16_t supportedGroupsSize;
uint16_t recordSizeLimit;
uint16_t alpnSelectedSize;
uint8_t *alpnSelected;
uint64_t extensionTypeMask;
bool haveSupportedGroups;
bool haveEarlyData;
bool haveServerName;
bool haveRecordSizeLimit;
bool haveSelectedAlpn;
} EncryptedExtensions;
typedef struct {
HS_MsgType type;
uint32_t length;
uint16_t sequence;
sent, one is added. Retransmission does not add up */
uint32_t fragmentOffset;
uint32_t fragmentLength;
const uint8_t *rawMsg;
uint32_t headerAndBodyLen;
} HS_MsgInfo;
typedef struct {
HS_MsgType type;
uint32_t length;
uint16_t sequence;
sent, one is added. Retransmission does not add up */
uint8_t reserved[2];
uint32_t fragmentOffset;
uint32_t fragmentLength;
union {
ClientHelloMsg clientHello;
ServerHelloMsg serverHello;
HelloVerifyRequestMsg helloVerifyReq;
EncryptedExtensions encryptedExtensions;
CertificateMsg certificate;
ClientKeyExchangeMsg clientKeyExchange;
ServerKeyExchangeMsg serverKeyExchange;
CertificateRequestMsg certificateReq;
CertificateVerifyMsg certificateVerify;
NewSessionTicketMsg newSessionTicket;
FinishedMsg finished;
KeyUpdateMsg keyUpdate;
} body;
} HS_Msg;
#ifdef HITLS_TLS_PROTO_DTLS12
typedef struct {
ListHead head;
HS_MsgType type;
uint16_t sequence;
sent, one is added. Retransmission does not add up */
bool isReassComplete;
uint8_t reserved;
uint8_t *reassBitMap;
fragmented message are completely reassembled. */
uint8_t *msg;
uint32_t msgLen;
} HS_ReassQueue;
#endif
#ifdef __cplusplus
}
#endif
#endif