1 /* ==================================================================== 2 * The Kannel Software License, Version 1.0 3 * 4 * Copyright (c) 2001-2014 Kannel Group 5 * Copyright (c) 1998-2001 WapIT Ltd. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in 17 * the documentation and/or other materials provided with the 18 * distribution. 19 * 20 * 3. The end-user documentation included with the redistribution, 21 * if any, must include the following acknowledgment: 22 * "This product includes software developed by the 23 * Kannel Group (http://www.kannel.org/)." 24 * Alternately, this acknowledgment may appear in the software itself, 25 * if and wherever such third-party acknowledgments normally appear. 26 * 27 * 4. The names "Kannel" and "Kannel Group" must not be used to 28 * endorse or promote products derived from this software without 29 * prior written permission. For written permission, please 30 * contact org@kannel.org. 31 * 32 * 5. Products derived from this software may not be called "Kannel", 33 * nor may "Kannel" appear in their name, without prior written 34 * permission of the Kannel Group. 35 * 36 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED 37 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 38 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 39 * DISCLAIMED. IN NO EVENT SHALL THE KANNEL GROUP OR ITS CONTRIBUTORS 40 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, 41 * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT 42 * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR 43 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 44 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE 45 * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, 46 * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 47 * ==================================================================== 48 * 49 * This software consists of voluntary contributions made by many 50 * individuals on behalf of the Kannel Group. For more information on 51 * the Kannel Group, please see <http://www.kannel.org/>. 52 * 53 * Portions of this software are based upon software originally written at 54 * WapIT Ltd., Helsinki, Finland for the Kannel project. 55 */ 56 57 /* wtls_statesupport.h 58 * 59 * Nikos Balkanas, Inaccess Networks (2009) 60 */ 61 #ifndef WTLS_STATESUPPORT_H 62 #define WTLS_STATESUPPORT_H 63 64 #include "gwlib/gwlib.h" 65 #include "wtls_pdu.h" 66 #include "wtls.h" 67 #define KEYSIZE_MAX 2048 68 #define NOT_EXPORTABLE 0 69 #define EXPORTABLE 1 70 #define BLOCK 0 71 #define STREAM 1 72 #define ALG EVP_rc5_32_12_16_cbc() 73 74 /* These enums and tables are pulled straight from the WTLS appendices. 75 Go and have a look at them if these aren't particularly clear. Obviously, since NULL 76 is a builtin, and since RSA/MD5/SHA are all macros referenced by the openssl 77 libraries, the names have had to be slightly altered to protect the innocent :-> 78 */ 79 80 enum key_exchange_suites { 81 NULL_keyxchg, 82 SHARED_SECRET, 83 DH_anon, 84 DH_anon_512, 85 RSA_anon, 86 RSA_anon_512, 87 RSA_anon_768, 88 RSA_NOLIMIT, 89 RSA_512, 90 RSA_768, 91 ECDH_anon, 92 ECDH_anon_113, 93 ECDH_anon_131, 94 ECDH_ECDSA_NOLIMIT 95 }; 96 97 enum bulk_algorithms { 98 NULL_bulk, 99 RC5_CBC_40, 100 RC5_CBC_56, 101 RC5_CBC, 102 DES_CBC_40, 103 DES_CBC, 104 TRIPLE_DES_CBC_EDE, 105 IDEA_CBC_40, 106 IDEA_CBC_56, 107 IDEA_CBC 108 }; 109 110 enum keyed_macs { 111 SHA_0, 112 SHA_40, 113 SHA_80, 114 SHA_NOLIMIT, 115 SHA_XOR_40, 116 MD5_40, 117 MD5_80, 118 MD5_NOLIMIT 119 }; 120 121 typedef struct { 122 const char *title; 123 int key_size_limit; 124 } keyxchg_table_t; 125 126 typedef struct { 127 const char *title; 128 int is_exportable; 129 int block_or_stream; 130 int key_material; 131 int expanded_key_material; 132 int effective_key_bits; 133 int iv_size; 134 int block_size; 135 } bulk_table_t; 136 137 typedef struct { 138 const char *title; 139 int key_size; 140 int mac_size; 141 } hash_table_t; 142 143 Octstr *wtls_calculate_prf(Octstr * secret, Octstr * label, 144 Octstr * seed, int byteLength, 145 WTLSMachine * wtls_machine); 146 RSAPublicKey *wtls_get_rsapublickey(void); 147 Random *wtls_get_random(void); 148 Octstr *wtls_decrypt(wtls_Payload * payload, WTLSMachine * wtls_machine); 149 Octstr *wtls_encrypt(Octstr * buffer, WTLSMachine * wtls_machine, 150 int recordType); 151 Octstr *wtls_decrypt_key(int type, Octstr * encryptedData); 152 void wtls_decrypt_pdu_list(WTLSMachine * wtls_machine, List * pdu_list); 153 Octstr *wtls_hash(Octstr * inputData, WTLSMachine * wtls_machine); 154 155 /* The wtls_choose* functions implement the decision making process behind the 156 protocol negotiations in wtls. */ 157 CipherSuite *wtls_choose_ciphersuite(List * ciphersuites); 158 int wtls_choose_clientkeyid(List * clientKeyIDs, int *algo); 159 int wtls_choose_snmode(int snmode); 160 int wtls_choose_krefresh(int krefresh); 161 162 /* The *_are_identical functions all return 1 if the packets match the condition as 163 * expressed in the function name. As each packet can contain a "list" of pdus, we 164 * need to search that list and return whether or not they contain identical pdus as listed. 165 * On failure, they will return non-zero 166 */ 167 int clienthellos_are_identical(List * pdu_list, List * last_received_packet); 168 int certifcateverifys_are_identical(List * pdu_list, List 169 *last_received_packet); 170 int certificates_are_identical(List * pdu_list, List * last_received_packet); 171 int clientkeyexchanges_are_identical(List * pdu_list, List 172 *last_received_packet); 173 int changecipherspecs_are_identical(List * pdu_list, List 174 *last_received_packet); 175 int finishes_are_indentical(List * pdu_list, List * last_received_packet); 176 177 /* the packet_contains_* functions all return 1 if the packet contains a pdu of the type 178 * expressed in the function name. 179 */ 180 int packet_contains_changecipherspec(List * pdu_list); 181 int packet_contains_finished(List * pdu_list); 182 int packet_contains_optional_stuff(List * pdu_list); 183 int packet_contains_userdata(List * pdu_list); 184 int packet_contains_clienthello(List * pdu_list); 185 186 /* the is_type functions return 1 if all pdus in the list are of said type. 187 * Else return 0. 188 */ 189 int packet_is_application_data(List * pdu_list); 190 191 /* the is_*_alert functions return 1 if the packet is a pdu of the type expressed in the 192 * function name. 193 */ 194 int is_critical_alert(List * pdu_list, WTLSMachine * wtls_machine); 195 int is_warning_alert(List * pdu_list, WTLSMachine * wtls_machine); 196 197 void calculate_client_key_block(WTLSMachine * wtls_machine); 198 void calculate_server_key_block(WTLSMachine * wtls_machine); 199 200 /* Printing naming functions. Free result from calling program. */ 201 202 void cipherName(char *name, int cipher); 203 void keyName(char *name, int key); 204 void macName(char *name, int mac); 205 void alertName(char *name, int alert); 206 void pduName(char *name, int pdu); 207 void hsName(char *name, int handshake); 208 209 #endif /* WTLS_STATESUPPORT_H */ 210