//+--------------------------------------------------------------------------- // // Microsoft Windows // Copyright (C) Microsoft Corporation, 1992 - 1995. // // File: msgs.h // // Contents: // // Classes: // // Functions: // // History: 8-02-95 RichardW Created // //---------------------------------------------------------------------------- #ifndef __SSL2MSG_H__ #define __SSL2MSG_H__ typedef struct _Ssl2_Cipher_Tuple { UCHAR C1; UCHAR C2; UCHAR C3; } Ssl2_Cipher_Tuple, * PSsl2_Cipher_Tuple; /////////////////////////////////////////////////////////////////// // // Useful Macros // /////////////////////////////////////////////////////////////////// #define LSBOF(x) ((UCHAR) ((x) & 0xFF)) #define MSBOF(x) ((UCHAR) (((x) >> 8) & 0xFF) ) #define COMBINEBYTES(Msb, Lsb) ((DWORD) (((DWORD) (Msb) << 8) | (DWORD) (Lsb))) /////////////////////////////////////////////////////////////////// // // Message Constants // /////////////////////////////////////////////////////////////////// #define SSL2_CLIENT_VERSION 0x0002 #define SSL2_SERVER_VERSION 0x0002 #define SSL2_CLIENT_VERSION_MSB 0x00 #define SSL2_CLIENT_VERSION_LSB 0x02 #define SSL2_SERVER_VERSION_MSB 0x00 #define SSL2_SERVER_VERSION_LSB 0x02 #ifdef DO_PCT_COMPAT #define PCT_COMPAT_VERSION_MSB 0x83 #define PCT_COMPAT_VERSION_LSB 0x01 #endif #define SSL2_MT_ERROR 0 #define SSL2_MT_CLIENT_HELLO 1 #define SSL2_MT_CLIENT_MASTER_KEY 2 #define SSL2_MT_CLIENT_FINISHED_V2 3 #define SSL2_MT_SERVER_HELLO 4 #define SSL2_MT_SERVER_VERIFY 5 #define SSL2_MT_SERVER_FINISHED_V2 6 #define SSL2_MT_REQUEST_CERTIFICATE 7 #define SSL2_MT_CLIENT_CERTIFICATE 8 #define SSL2_MT_CLIENT_DH_KEY 9 #define SSL2_MT_CLIENT_SESSION_KEY 10 #define SSL2_MT_CLIENT_FINISHED 11 #define SSL2_MT_SERVER_FINISHED 12 #define SSL_PE_NO_CIPHER 0x0001 #define SSL_PE_NO_CERTIFICATE 0x0002 #define SSL_PE_BAD_CERTIFICATE 0x0004 #define SSL_PE_UNSUPPORTED_CERTIFICATE_TYPE 0x0006 #define SSL_CT_X509_CERTIFICATE 0x01 #define SSL_CT_PKCS7_CERTIFICATE 0x02 #if DBG #define SSL_CT_DEBUG_CERT 0x80 #endif #define SSL2_MAX_CHALLENGE_LEN 32 /* max accepted challenge size */ #define SSL2_CHALLENGE_SIZE 16 /* default generated challenge size */ #define SSL2_SESSION_ID_LEN 16 #define SSL2_GEN_CONNECTION_ID_LEN 16 /* Dont change this, netscape requires 16 byte * id's */ #define SSL2_MAX_CONNECTION_ID_LEN 32 #define SSL3_SESSION_ID_LEN 32 #define SSL2_MAC_LENGTH 16 #define SSL2_MASTER_KEY_SIZE 16 #define SSL2_MAX_KEY_ARGS 8 #define SSL2_MAX_MESSAGE_LENGTH 32768 #define MAX_UNI_CIPHERS 64 #define SSL_MKFAST(a, b, c) (DWORD)(((a)<<16) | ((b)<<8) | (c)) #define SSL_MKSLOW(a) (UCHAR)((a>>16)& 0xff), (UCHAR)((a>>8)& 0xff), (UCHAR)((a)& 0xff) #define SSL_RSA_WITH_RC4_128_MD5 SSL_MKFAST(0x00, 0x00, 0x04) #define SSL_RSA_EXPORT_WITH_RC4_40_MD5 SSL_MKFAST(0x00, 0x00, 0x03) #define SSL_CK_RC4_128_WITH_MD5 SSL_MKFAST(0x01, 0x00, 0x80) #define SSL_CK_RC4_128_EXPORT40_WITH_MD5 SSL_MKFAST(0x02, 0x00, 0x80) #define SSL_CK_RC2_128_CBC_WITH_MD5 SSL_MKFAST(0x03, 0x00, 0x80) #define SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 SSL_MKFAST(0x04, 0x00, 0x80) #define SSL_CK_IDEA_128_CBC_WITH_MD5 SSL_MKFAST(0x05, 0x00, 0x80) #define SSL_CK_DES_64_CBC_WITH_MD5 SSL_MKFAST(0x06, 0x00, 0x40) #define SSL_CK_DES_192_EDE3_CBC_WITH_MD5 SSL_MKFAST(0x07, 0x00, 0xC0) #define SSL_CK_NULL_WITH_MD5 SSL_MKFAST(0x00, 0x00, 0x00) #define SSL_CK_DES_64_CBC_WITH_SHA SSL_MKFAST(0x06, 0x01, 0x40) #define SSL_CK_DES_192_EDE3_WITH_SHA SSL_MKFAST(0x07, 0x01, 0xC0) #define SSL_CK_RC4_128_FINANCE64_WITH_MD5 SSL_MKFAST(0x08, 0x00, 0x80) #ifdef ENABLE_NONE_CIPHER #define SSL_CK_NONE SSL_MKFAST(0x09, 0x00, 0x00) #endif #define SSL_KEA_RSA {(UCHAR) 0x10, (UCHAR) 0x00, (UCHAR) 0x00} #define SSL_KEA_RSA_TOKEN_WITH_DES {(UCHAR) 0x10, (UCHAR) 0x01, (UCHAR) 0x00} #define SSL_KEA_RSA_TOKEN_WITH_DES_EDE3 {(UCHAR) 0x10, (UCHAR) 0x01, (UCHAR) 0x01} #define SSL_KEA_RSA_TOKEN_WITH_RC4 {(UCHAR) 0x10, (UCHAR) 0x01, (UCHAR) 0x02} #define SSL_KEA_DH {(UCHAR) 0x11, (UCHAR) 0x00, (UCHAR) 0x00} #define SSL_KEA_DH_TOKEN_WITH_DES {(UCHAR) 0x11, (UCHAR) 0x01, (UCHAR) 0x00} #define SSL_KEA_DH_TOKEN_WITH_DES_EDE3 {(UCHAR) 0x11, (UCHAR) 0x01, (UCHAR) 0x01} #define SSL_KEA_DH_ANON {(UCHAR) 0x12, (UCHAR) 0x00, (UCHAR) 0x00} #define CRYPTO_RC4_128 0x00010080 #define CRYPTO_RC4_40 0x00020080 #define CRYPTO_RC2_128 0x00030080 #define CRYPTO_RC2_40 0x00040080 #define CRYPTO_IDEA_128 0x00050080 #define CRYPTO_NULL 0x00000000 #define CRYPTO_DES_64 0x00060040 #define CRYPTO_3DES_192 0x000700C0 extern CertTypeMap aSsl2CertEncodingPref[]; extern DWORD cSsl2CertEncodingPref; typedef DWORD Ssl2_Cipher_Kind; //typedef struct _Ssl2CipherMap { // Ssl2_Cipher_Kind Kind; // ALG_ID aiHash; // ALG_ID aiCipher; // DWORD dwStrength; // ExchSpec KeyExch; // ALG_ID aiKeyAlg; //} Ssl2CipherMap, *PSsl2CipherMap; typedef struct _SSL2_MESSAGE_HEADER { UCHAR Byte0; UCHAR Byte1; } SSL2_MESSAGE_HEADER, * PSSL2_MESSAGE_HEADER; typedef struct _SSL2_MESSAGE_HEADER_EX { UCHAR Byte0; UCHAR Byte1; UCHAR PaddingSize; } SSL2_MESSAGE_HEADER_EX, * PSSL2_MESSAGE_HEADER_EX; typedef struct _SSL2_ERROR { SSL2_MESSAGE_HEADER Header; UCHAR MessageId; UCHAR ErrorMsb; UCHAR ErrorLsb; } SSL2_ERROR, * PSSL2_ERROR; typedef struct _SSL2_CLIENT_HELLO { SSL2_MESSAGE_HEADER Header; UCHAR MessageId; UCHAR VersionMsb; UCHAR VersionLsb; UCHAR CipherSpecsLenMsb; UCHAR CipherSpecsLenLsb; UCHAR SessionIdLenMsb; UCHAR SessionIdLenLsb; UCHAR ChallengeLenMsb; UCHAR ChallengeLenLsb; UCHAR VariantData[1]; } SSL2_CLIENT_HELLO, * PSSL2_CLIENT_HELLO; typedef struct _SSL2_SERVER_HELLO { SSL2_MESSAGE_HEADER Header; UCHAR MessageId; UCHAR SessionIdHit; UCHAR CertificateType; UCHAR ServerVersionMsb; UCHAR ServerVersionLsb; UCHAR CertificateLenMsb; UCHAR CertificateLenLsb; UCHAR CipherSpecsLenMsb; UCHAR CipherSpecsLenLsb; UCHAR ConnectionIdLenMsb; UCHAR ConnectionIdLenLsb; UCHAR VariantData[1]; } SSL2_SERVER_HELLO, * PSSL2_SERVER_HELLO; typedef struct _SSL2_CLIENT_MASTER_KEY { SSL2_MESSAGE_HEADER Header; UCHAR MessageId; Ssl2_Cipher_Tuple CipherKind; UCHAR ClearKeyLenMsb; UCHAR ClearKeyLenLsb; UCHAR EncryptedKeyLenMsb; UCHAR EncryptedKeyLenLsb; UCHAR KeyArgLenMsb; UCHAR KeyArgLenLsb; UCHAR VariantData[1]; } SSL2_CLIENT_MASTER_KEY, * PSSL2_CLIENT_MASTER_KEY; typedef struct _SSL2_SERVER_VERIFY { UCHAR MessageId; UCHAR ChallengeData[SSL2_MAX_CHALLENGE_LEN]; } SSL2_SERVER_VERIFY, * PSSL2_SERVER_VERIFY; typedef struct _SSL2_CLIENT_FINISHED { UCHAR MessageId; UCHAR ConnectionID[SSL2_MAX_CONNECTION_ID_LEN]; } SSL2_CLIENT_FINISHED, * PSSL2_CLIENT_FINISHED; typedef struct _SSL2_SERVER_FINISHED { UCHAR MessageId; UCHAR SessionID[SSL2_SESSION_ID_LEN]; } SSL2_SERVER_FINISHED, * PSSL2_SERVER_FINISHED; //////////////////////////////////////////////////// // // Expanded Form Messages: // //////////////////////////////////////////////////// /* Rules for buffer in expanded form */ /* Only things which are going to be allocated * anyway, or are created statically are not created * as arrays */ typedef DWORD CipherSpec; typedef DWORD * PCipherSpec; typedef struct _Ssl2_Client_Hello { DWORD dwVer; DWORD cCipherSpecs; DWORD cbSessionID; DWORD cbChallenge; UCHAR SessionID[SSL3_SESSION_ID_LEN]; //NOTE: changed to 32 bytes long.... UCHAR Challenge[SSL2_MAX_CHALLENGE_LEN]; Ssl2_Cipher_Kind CipherSpecs[MAX_UNI_CIPHERS]; /* points to static array */ } Ssl2_Client_Hello, * PSsl2_Client_Hello; typedef struct _Ssl2_Server_Hello { DWORD SessionIdHit; DWORD CertificateType; DWORD cbCertificate; DWORD cCipherSpecs; DWORD cbConnectionID; UCHAR ConnectionID[SSL2_MAX_CONNECTION_ID_LEN]; PUCHAR pCertificate; /* points to pre-created cert */ Ssl2_Cipher_Kind * pCipherSpecs; /* points to static array */ } Ssl2_Server_Hello, * PSsl2_Server_Hello; typedef struct _Ssl2_Client_Master_Key { DWORD ClearKeyLen; DWORD EncryptedKeyLen; DWORD KeyArgLen; Ssl2_Cipher_Kind CipherKind; UCHAR ClearKey[SSL2_MASTER_KEY_SIZE]; UCHAR * pbEncryptedKey; UCHAR KeyArg[SSL2_MASTER_KEY_SIZE]; } Ssl2_Client_Master_Key, * PSsl2_Client_Master_Key; /////////////////////////////////////////////////// // // Pickling Prototypes // /////////////////////////////////////////////////// SP_STATUS Ssl2PackClientHello( PSsl2_Client_Hello pCanonical, PSPBuffer pCommOutput); SP_STATUS Ssl2UnpackClientHello( PSPBuffer pInput, PSsl2_Client_Hello * ppClient); SP_STATUS Ssl2PackServerHello( PSsl2_Server_Hello pCanonical, PSPBuffer pCommOutput); SP_STATUS Ssl2UnpackServerHello( PSPBuffer pInput, PSsl2_Server_Hello * ppServer); SP_STATUS Ssl2PackClientMasterKey( PSsl2_Client_Master_Key pCanonical, PSPBuffer pCommOutput); SP_STATUS Ssl2UnpackClientMasterKey( PSPBuffer pInput, PSsl2_Client_Master_Key * ppClient); #endif /* __SSL2MSG_H__ */