1 /* $OpenBSD: dtls_locl.h,v 1.10 2021/10/23 13:45:44 jsing Exp $ */ 2 /* 3 * DTLS implementation written by Nagendra Modadugu 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 5 */ 6 /* ==================================================================== 7 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 16 * 2. Redistributions in binary form must reproduce the above copyright 17 * notice, this list of conditions and the following disclaimer in 18 * the documentation and/or other materials provided with the 19 * distribution. 20 * 21 * 3. All advertising materials mentioning features or use of this 22 * software must display the following acknowledgment: 23 * "This product includes software developed by the OpenSSL Project 24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 25 * 26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 27 * endorse or promote products derived from this software without 28 * prior written permission. For written permission, please contact 29 * openssl-core@OpenSSL.org. 30 * 31 * 5. Products derived from this software may not be called "OpenSSL" 32 * nor may "OpenSSL" appear in their names without prior written 33 * permission of the OpenSSL Project. 34 * 35 * 6. Redistributions of any form whatsoever must retain the following 36 * acknowledgment: 37 * "This product includes software developed by the OpenSSL Project 38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 39 * 40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 51 * OF THE POSSIBILITY OF SUCH DAMAGE. 52 * ==================================================================== 53 * 54 * This product includes cryptographic software written by Eric Young 55 * (eay@cryptsoft.com). This product includes software written by Tim 56 * Hudson (tjh@cryptsoft.com). 57 * 58 */ 59 60 #ifndef HEADER_DTLS_LOCL_H 61 #define HEADER_DTLS_LOCL_H 62 63 #include <sys/time.h> 64 65 #include <openssl/dtls1.h> 66 67 #include "ssl_locl.h" 68 69 __BEGIN_HIDDEN_DECLS 70 71 typedef struct dtls1_bitmap_st { 72 unsigned long map; /* track 32 packets on 32-bit systems 73 and 64 - on 64-bit systems */ 74 unsigned char max_seq_num[8]; /* max record number seen so far, 75 64-bit value in big-endian 76 encoding */ 77 } DTLS1_BITMAP; 78 79 struct dtls1_retransmit_state { 80 SSL_SESSION *session; 81 unsigned short epoch; 82 }; 83 84 struct hm_header_st { 85 unsigned char type; 86 unsigned long msg_len; 87 unsigned short seq; 88 unsigned long frag_off; 89 unsigned long frag_len; 90 unsigned int is_ccs; 91 struct dtls1_retransmit_state saved_retransmit_state; 92 }; 93 94 struct dtls1_timeout_st { 95 /* Number of read timeouts so far */ 96 unsigned int read_timeouts; 97 98 /* Number of write timeouts so far */ 99 unsigned int write_timeouts; 100 101 /* Number of alerts received so far */ 102 unsigned int num_alerts; 103 }; 104 105 struct _pqueue; 106 107 typedef struct record_pqueue_st { 108 unsigned short epoch; 109 struct _pqueue *q; 110 } record_pqueue; 111 112 typedef struct hm_fragment_st { 113 struct hm_header_st msg_header; 114 unsigned char *fragment; 115 unsigned char *reassembly; 116 } hm_fragment; 117 118 typedef struct dtls1_record_data_internal_st { 119 unsigned char *packet; 120 unsigned int packet_length; 121 SSL3_BUFFER_INTERNAL rbuf; 122 SSL3_RECORD_INTERNAL rrec; 123 } DTLS1_RECORD_DATA_INTERNAL; 124 125 struct dtls1_state_st { 126 /* Buffered (sent) handshake records */ 127 struct _pqueue *sent_messages; 128 129 /* Indicates when the last handshake msg or heartbeat sent will timeout */ 130 struct timeval next_timeout; 131 132 /* Timeout duration */ 133 unsigned short timeout_duration; 134 135 unsigned int send_cookie; 136 unsigned char cookie[DTLS1_COOKIE_LENGTH]; 137 unsigned char rcvd_cookie[DTLS1_COOKIE_LENGTH]; 138 unsigned int cookie_len; 139 140 /* records being received in the current epoch */ 141 DTLS1_BITMAP bitmap; 142 143 /* renegotiation starts a new set of sequence numbers */ 144 DTLS1_BITMAP next_bitmap; 145 146 /* handshake message numbers */ 147 unsigned short handshake_write_seq; 148 unsigned short next_handshake_write_seq; 149 150 unsigned short handshake_read_seq; 151 152 /* Received handshake records (unprocessed) */ 153 record_pqueue unprocessed_rcds; 154 155 /* Buffered handshake messages */ 156 struct _pqueue *buffered_messages; 157 158 /* Buffered application records. 159 * Only for records between CCS and Finished 160 * to prevent either protocol violation or 161 * unnecessary message loss. 162 */ 163 record_pqueue buffered_app_data; 164 165 /* Is set when listening for new connections with dtls1_listen() */ 166 unsigned int listen; 167 168 unsigned int mtu; /* max DTLS packet size */ 169 170 struct hm_header_st w_msg_hdr; 171 struct hm_header_st r_msg_hdr; 172 173 struct dtls1_timeout_st timeout; 174 175 unsigned int retransmitting; 176 unsigned int change_cipher_spec_ok; 177 }; 178 179 int dtls1_do_write(SSL *s, int type); 180 int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek); 181 void dtls1_set_message_header(SSL *s, unsigned char mt, unsigned long len, 182 unsigned long frag_off, unsigned long frag_len); 183 void dtls1_set_message_header_int(SSL *s, unsigned char mt, 184 unsigned long len, unsigned short seq_num, unsigned long frag_off, 185 unsigned long frag_len); 186 187 int do_dtls1_write(SSL *s, int type, const unsigned char *buf, 188 unsigned int len); 189 190 int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf, int len); 191 int dtls1_write_bytes(SSL *s, int type, const void *buf, int len); 192 193 int dtls1_read_failed(SSL *s, int code); 194 int dtls1_buffer_message(SSL *s, int ccs); 195 int dtls1_retransmit_message(SSL *s, unsigned short seq, 196 unsigned long frag_off, int *found); 197 int dtls1_get_queue_priority(unsigned short seq, int is_ccs); 198 int dtls1_retransmit_buffered_messages(SSL *s); 199 void dtls1_clear_record_buffer(SSL *s); 200 int dtls1_get_message_header(CBS *header, struct hm_header_st *msg_hdr); 201 void dtls1_reset_read_seq_numbers(SSL *s); 202 struct timeval* dtls1_get_timeout(SSL *s, struct timeval* timeleft); 203 int dtls1_check_timeout_num(SSL *s); 204 int dtls1_handle_timeout(SSL *s); 205 const SSL_CIPHER *dtls1_get_cipher(unsigned int u); 206 void dtls1_start_timer(SSL *s); 207 void dtls1_stop_timer(SSL *s); 208 int dtls1_is_timer_expired(SSL *s); 209 void dtls1_double_timeout(SSL *s); 210 unsigned int dtls1_min_mtu(void); 211 212 int dtls1_new(SSL *s); 213 void dtls1_free(SSL *s); 214 void dtls1_clear(SSL *s); 215 long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg); 216 217 int dtls1_get_message(SSL *s, int st1, int stn, int mt, long max); 218 int dtls1_get_record(SSL *s); 219 220 __END_HIDDEN_DECLS 221 222 #endif 223