ipxe/src/crypto/ssl_constructs.h

// Note: This file still needs some work.
// Note: I had to redefine the enums to a set of const values,
//   so that the size of the variable would be correct.

// Typedefs
// (As defined by the SSL v3.0 RFC Draft)
// URL: http://wp.netscape.com/eng/ssl3/draft302.txt
typedef unsigned char uint8;
typedef uint8 uint16[2];
typedef uint8 uint24[3];
typedef uint8 uint32[4];
typedef uint8 uint64[8];

// Record layers
typedef struct _ProtocolVersion{
  uint8 major, minor;
} ProtocolVersion;

const ProtocolVersion version = { 3, 0 };

typedef uint8 ContentType;
const ContentType content_type_change_cipher_spec_type = 20;
const ContentType content_type_alert = 21;
const ContentType content_type_handshake = 22;
const ContentType content_type_application_data = 23;

typedef struct _SSLPlaintext{
  ContentType type;
  ProtocolVersion version;
  uint16 length; // can not exceed 2^14 bytes
  uint8 fragment[16384]; // 2^14 = 16,384 bytes
} SSLPlaintext;

typedef struct _SSLCompressed{
  ContentType type;
  ProtocolVersion version;
  uint16 length; // can not exceed 2^14 + 1024
  uint8 fragment[17408]; // SSLCompressed.length
} SSLCompressed;

typedef struct _SSLCiphertext{
  ContentType type;
  ProtocolVersion version;
  uint16 length;
  uint8 fragment; // so we have a pointer to the data, and don't have to do math
  // fragment; type GenericStreamCipher or GenericBlockCipher
} SSLCiphertext; // recast to get fragment

typedef struct _GenericStreamCipher{
  uint8 content[17408]; // SSLCompressed.length
  uint8 MAC[]; // CipherSpec.hash_size
} GenericStreamCipher;

typedef struct _SSLStreamCiphertext{
  ContentType type;
  ProtocolVersion version;
  uint16 length; // can not exceed 2^14 + 2048 = 18,456
  GenericStreamCipher fragment;
} SSLStreamCiphertext;

typedef struct _GenericBlockCipher{
  uint8 content[17408]; // SSLConpressed.length
  uint8 MAC[0]; // CipherSpec.hash_size
  // padding is used to bring the plaintext to
  // a multiple of the block cipher's block length.
  uint8 padding[0]; // GenericBlockCipher.padding_length
  uint8 padding_length;
} GenericBlockCipher;

typedef struct _SSLBlockCiphertext{
  ContentType type;
  ProtocolVersion version;
  uint16 length; // can not exceed 2^14 + 2048 = 18,456
  GenericBlockCipher fragment;
} SSLBlockCiphertext;

// Change cipher specs message
typedef struct _ChangeCipherSpec{
  enum { type_change_cipher_spec=1, type_size=255 } type;
} ChangeCipherSpec;

// Alert messages
typedef uint8 AlertLevel;
const AlertLevel alert_level_warning = 1;
const AlertLevel alert_level_fatal=2;

typedef uint8 AlertDescription;
const AlertDescription alert_description_close_notify = 0;
const AlertDescription alert_description_unexpected_message = 10;
const AlertDescription alert_description_bad_record_mac = 20;
const AlertDescription alert_description_decompression_failure = 30;
const AlertDescription alert_description_handshake_failure = 40;
const AlertDescription alert_description_no_certificate = 41;
const AlertDescription alert_description_bad_certificate = 42;
const AlertDescription alert_description_unsupported_certificate = 43;
const AlertDescription alert_description_certificate_revoked = 44;
const AlertDescription alert_description_certificate_expired = 45;
const AlertDescription alert_description_certificate_unknown = 46;
const AlertDescription alert_description_illegal_parameter = 47;

typedef struct _Alert{
  AlertLevel level;
  AlertDescription description;
} Alert;

// Handshake protocol
// What is the best way to have a generic pointer to the body struct??
typedef uint8 HandshakeType;
const HandshakeType handshake_type_hello_request = 0;
const HandshakeType handshake_type_client_hello = 1;
const HandshakeType handshake_type_server_hello = 2;
const HandshakeType handshake_type_certificate = 11;
const HandshakeType handshake_type_server_key_exchange = 12;
const HandshakeType handshake_type_certificate_request = 13;
const HandshakeType handshake_type_server_done = 14;
const HandshakeType handshake_type_certificate_verify = 15;
const HandshakeType handshake_type_client_key_exchange = 16;
const HandshakeType handshake_type_finished = 20;

typedef struct _Handshake{
  HandshakeType msg_type;
  uint24 length;
  // body; // one of HandshakeType structs
} Handshake; // generic Handshake, need to recast to get body

// Hello messages
typedef struct _HelloRequest{} HelloRequest;

typedef struct _HelloRequestHandshake{
  HandshakeType msg_type;
  uint24 length;
  HelloRequest body;
} HelloRequestHandshake;

typedef struct _Random{
  uint32 gmt_unix_time;
  uint8 random_bytes[28];
} Random;

//typedef uint8 SessionID[32]; // <0..32>
typedef uint8 SessionIDLength;
typedef uint8 SessionID;

typedef uint16 CipherSuiteLength;
typedef uint8 CipherSuite[2];

typedef uint8 CompressionMethodLength;
typedef uint8 CompressionMethod;
const CompressionMethod compression_method_null = 0;


typedef struct _ClientHello{
  ProtocolVersion client_version;
  Random random;
  SessionIDLength session_id_length;
  SessionID *session_id;
  SessionID *session_id_end;
  CipherSuiteLength *cipher_suites_length;
  CipherSuite *cipher_suites; // min size is one entry
  CipherSuite *cipher_suites_end;
  //CipherSuite cipher_suites[32768]; // <2..2^16-1> = 65,536 bytes and CipherSuite is 2 bytes
  CompressionMethodLength *compression_methods_length;
  CompressionMethod *compression_methods;
  CompressionMethod *compression_methods_end;
  //CompressionMethod *compression_methods; // min size is zero
  //CompressionMethod compression_methods[256]; // <0..2^8-1> = 256 bytes and CompressionMethod is 1 byte
} ClientHello;

typedef struct _ClientHelloHandshake{
  //HandshakeType msg_type;
  uint8 msg_type;
  uint24 length;
  ClientHello body;
} ClientHelloHandshake;

typedef struct _ServerHello{
  ProtocolVersion server_version;
  Random random;
  SessionID session_id;
  CipherSuite cipher_suite;
  CompressionMethod compression_method;
} ServerHello;

typedef struct _ServerHelloHandshake{
  HandshakeType msg_type;
  uint24 length;
  ServerHello body;
} ServerHelloHandshake;

// Server authentication and key exchange messages
typedef uint8 ASN1Cert[16777216]; // <1..2^24-1> = 16,777,216 bytes

typedef struct _Certificate{
  ASN1Cert certificate_list[1]; // <1..2^24-1> / ANS1Cert = 1
  // for some reason the size of certificate_list and ASN1Cert is the same, so only one certificate in the list
} Certificate;

typedef uint8 KeyExchangeAlgorithm;
const KeyExchangeAlgorithm key_exchange_algorithm_rsa = 0;
const KeyExchangeAlgorithm key_exchange_algorithm_diffie_hellman = 1;
const KeyExchangeAlgorithm key_exchange_algorithm_fortezza_kea = 2;

typedef struct _AnonSignature{
  struct {};
} AnonSignature;

typedef struct _RSASignature{
  uint8 md5_hash[16];
  uint8 sha_hash[20];
} RSASignature;

typedef struct _DSASignature{
  uint8 sha_hash[20];
} DSASignature;

// use union??,  make a mess to reference, but easy to make Signature type.
typedef union _Signature{ AnonSignature anon; RSASignature rsa; DSASignature dsa; } Signature;

typedef struct _ServerRSAParams{
  uint8 RSA_modulus[65536]; // <1..2^16-1> = 65,536
  uint8 RSA_exponent[65536]; // <1..2^16-1> = 65,536
} ServerRSAParams;

typedef struct _ServerDHParams{
  uint8 DH_p[65536]; // <1..2^16-1>
  uint8 DH_g[65536]; // <1..2^16-1>
  uint8 DH_Ys[65536]; // <1..2^16-1>
} ServerDHParams;

typedef struct _ServerDHKeyExchange{
  ServerDHParams params;
  Signature signed_params;
} ServerDHKeyExchange;

typedef struct _ServerRSAKeyExchange{
  ServerRSAParams params;
  Signature signed_params;
} ServerRSAKeyExchange;

typedef uint8 SignatureAlgorithm;
const SignatureAlgorithm signature_algorithm_anonymous = 0;
const SignatureAlgorithm signature_algorithm_rsa = 1;
const SignatureAlgorithm signature_algorithm_dsa = 2;

typedef uint8 CertificateType;
const CertificateType certificate_type_RSA_sign = 1;
const CertificateType certificate_type_DSS_sign = 2;
const CertificateType certificate_type_RSA_fixed_DH = 3;
const CertificateType certificate_type_DSS_fixed_DH = 4;
const CertificateType certificate_type_RSA_ephemeral_DH = 5;
const CertificateType certificate_type_DSS_ephemeral_DH = 6;
const CertificateType certificate_type_FORTEZZA_MISSI = 20;

typedef uint8 DistinguishedName[65536]; // <1..2^16-1> = 65,536

typedef struct _CertificateRequest{
  CertificateType certificate_types[256]; // <1..2^8-1>
  DistinguishedName certificate_authorities[1]; // <3...2^16-1> / DistinguishedName
  // this is another one that is odd with a list size of 1
} CertificateRequest;

typedef struct _ServerHelloDone{} ServerHelloDone;

// Client authentication and key exchange messages
typedef struct _PreMasterSecret{
  ProtocolVersion client_version;
  uint8 random[46];
} PreMasterSecret;

typedef struct _EncryptedPreMasterSecret{
  PreMasterSecret pre_master_secret;
} EncryptedPreMasterSecret;

typedef struct _RSAClientKeyExchange{
  EncryptedPreMasterSecret exchange_keys;
} RSAClientKeyExchange;

typedef uint8 PublicValueEncoding;
const PublicValueEncoding public_value_encoding_implicit = 0;
const PublicValueEncoding public_value_encoding_explicit = 1;

typedef struct _ClientDiffieHellmanPublic{
  // This is a select on PublicValueEncoding,  and I chose the larger size
  uint8 dh_public[65536]; // DH_Yc<1..2^16-1>, the dh public value
} ClientDiffieHellmanPublic;

typedef struct _DHClientKeyExhange{
  ClientDiffieHellmanPublic exchange_keys;
} DHClientKeyExchange;

typedef struct _CertificateVerify{
  Signature signature;
} CertificateVerify;

// Handshake finalization message
typedef struct _Finished{
  uint8 md5_hash[16];
  uint8 sha_hash[20];
} Finished;

// The CipherSuite
CipherSuite SSL_NULL_WITH_NULL_NULL                     = { 0x00, 0x13 };
CipherSuite SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA        = { 0x00, 0x0B };
CipherSuite SSL_DH_DSS_WITH_DES_CBC_SHA                 = { 0x00, 0x0C };
CipherSuite SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA       = { 0x00, 0x11 };
CipherSuite SSL_DH_anon_EXPORT_WITH_RC4_40_MD5          = { 0x00, 0x17 };
CipherSuite SSL_DH_anon_WITH_RC4_128_MD5                = { 0x00, 0x18 };

// The CipherSpec
typedef uint8 CipherType;
const CipherType cipher_type_stream = 0;
const CipherType cipher_type_block = 1;

typedef uint8 IsExportable;
const IsExportable is_exportable_true = 0;
const IsExportable is_exportable_false = 1;

typedef uint8 BulkCipherAlgorithm;
const BulkCipherAlgorithm bulk_cipher_algorithm_null = 0;
const BulkCipherAlgorithm bulk_cipher_algorithm_rc4 = 1;
const BulkCipherAlgorithm bulk_cipher_algorithm_rc2 = 2;
const BulkCipherAlgorithm bulk_cipher_algorithm_des = 3;
const BulkCipherAlgorithm bulk_cipher_algorithm_3des = 4;
const BulkCipherAlgorithm bulk_cipher_algorithm_des40 = 5;
const BulkCipherAlgorithm bulk_cipher_algorithm_fortezza = 6;

typedef uint8 MACAlgorithm;
const MACAlgorithm mac_algorithm_null = 0;
const MACAlgorithm mac_algorithm_md5 = 1;
const MACAlgorithm mac_algorithm_sha = 2;

typedef struct _CipherSpec{
  BulkCipherAlgorithm bulk_cipher_algorithm;
  MACAlgorithm mac_algorithm;
  CipherType cipher_type;
  IsExportable is_exportable;
  uint8 hash_size;
  uint8 key_material;
  uint8 IV_size;
} CipherSpec;