/* ** This file is a part of DSSL library. ** ** Copyright (C) 2008, SSLTech LLC ** Copyright (C) 2005-2008, Vladimir Shcherbakov <vladimir@ssltech.net> ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation; either version 2 of the License, or ** (at your option) any later version. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. ** */ #ifndef __DSSL_SSL_SESSION_H__ #define __DSSL_SSL_SESSION_H__ #include "ssl_ctx.h" #include "decoder_stack.h" #ifdef __cplusplus extern "C" { #endif /* session flags */ /* SSF_CLIENT_SESSION_ID_SET means that ClientHello message contained non-null session id field */ #define SSF_CLIENT_SESSION_ID_SET 1 #define SSF_CLOSE_NOTIFY_RECEIVED 2 #define SSF_FATAL_ALERT_RECEIVED 4 struct DSSL_Session_ { DSSL_Env* env; uint16_t version; /* negotiated session version */ uint16_t client_version; /* actual client version */ /* decoders */ dssl_decoder_stack c_dec; /* client-to-server stream decoder*/ dssl_decoder_stack s_dec; /* server-to-client stream decoder */ u_char client_random[SSL3_RANDOM_SIZE]; /* challenge for SSL 2*/ u_char server_random[SSL3_RANDOM_SIZE]; /* connection-id for SSL 2 */ u_char PMS[SSL_MAX_MASTER_KEY_LENGTH]; u_char master_secret[SSL3_MASTER_SECRET_SIZE]; u_char session_id[DSSL_SESSION_ID_SIZE]; uint32_t flags; DSSL_ServerInfo* ssl_si; uint16_t cipher_suite; u_char compression_method; EVP_MD_CTX handshake_digest_sha; EVP_MD_CTX handshake_digest_md5; int (*decode_finished_proc)( struct DSSL_Session_* sess, NM_PacketDir dir, u_char* data, uint32_t len ); int (*caclulate_mac_proc)( dssl_decoder_stack* stack, u_char type, u_char* data, uint32_t len, u_char* mac ); /* callbacks and user-defined state */ DataCallbackProc data_callback; ErrorCallbackProc error_callback; void* user_data; /* SSL 2.0 specific data */ uint32_t client_challenge_len; /* CHALLENGE-LENGTH */ uint32_t server_connection_id_len; /* CONNECTION-ID-LENGTH */ uint32_t master_key_len; }; void DSSL_SessionInit( DSSL_Env* env, DSSL_Session* s, DSSL_ServerInfo* si ); void DSSL_SessionDeInit( DSSL_Session* s ); void DSSL_SessionSetCallback( DSSL_Session* sess, DataCallbackProc data_callback, ErrorCallbackProc error_callback, void* user_data ); /* DSSL_SessionProcessData: Decodes captured network SSL session data dir - data (stream) direction {data, len} input should be a chunk of the reassembled TCP stream data. Deciphered SSL payload will be returned through the session data callback routine (see DSSL_SessionSetCallback) */ int DSSL_SessionProcessData( DSSL_Session* sess, NM_PacketDir dir, u_char* data, uint32_t len ); /* TODO: move to ssl_session_priv.h */ /* Internal routines */ EVP_PKEY* ssls_get_session_private_key( DSSL_Session* sess ); int ssls_decode_master_secret( DSSL_Session* sess ); int ssls_generate_keys( DSSL_Session* sess ); int ssls2_generate_keys( DSSL_Session* sess, u_char* keyArg, uint32_t keyArgLen ); int ssls_set_session_version( DSSL_Session* sess, uint16_t ver ); int ssls_get_decrypt_buffer( DSSL_Session* sess, u_char** data, uint32_t len ); void ssls_release_decrypt_buffer( DSSL_Session* sess ); int ssls_get_decompress_buffer( DSSL_Session* sess, u_char** data, uint32_t len ); void ssls_release_decompress_buffer( DSSL_Session* sess ); int ssls_lookup_session( DSSL_Session* sess ); void ssls_store_session( DSSL_Session* sess ); #ifdef __cplusplus } #endif #endif