/src/node/src/crypto/crypto_clienthello.h
Line | Count | Source (jump to first uncovered line) |
1 | | // Copyright Joyent, Inc. and other Node contributors. |
2 | | // |
3 | | // Permission is hereby granted, free of charge, to any person obtaining a |
4 | | // copy of this software and associated documentation files (the |
5 | | // "Software"), to deal in the Software without restriction, including |
6 | | // without limitation the rights to use, copy, modify, merge, publish, |
7 | | // distribute, sublicense, and/or sell copies of the Software, and to permit |
8 | | // persons to whom the Software is furnished to do so, subject to the |
9 | | // following conditions: |
10 | | // |
11 | | // The above copyright notice and this permission notice shall be included |
12 | | // in all copies or substantial portions of the Software. |
13 | | // |
14 | | // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS |
15 | | // OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF |
16 | | // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN |
17 | | // NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, |
18 | | // DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR |
19 | | // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE |
20 | | // USE OR OTHER DEALINGS IN THE SOFTWARE. |
21 | | |
22 | | #ifndef SRC_CRYPTO_CRYPTO_CLIENTHELLO_H_ |
23 | | #define SRC_CRYPTO_CRYPTO_CLIENTHELLO_H_ |
24 | | |
25 | | #if defined(NODE_WANT_INTERNALS) && NODE_WANT_INTERNALS |
26 | | |
27 | | #include <cstddef> // size_t |
28 | | #include <cstdint> |
29 | | |
30 | | namespace node { |
31 | | namespace crypto { |
32 | | // Parse the client hello so we can do async session resumption. OpenSSL's |
33 | | // session resumption uses synchronous callbacks, see SSL_CTX_sess_set_get_cb |
34 | | // and get_session_cb. |
35 | | // |
36 | | // TLS1.3 handshakes masquerade as TLS1.2 session resumption, and to do this, |
37 | | // they always include a session_id in the ClientHello, making up a bogus value |
38 | | // if necessary. The parser can't know if its a bogus id, and will cause a |
39 | | // 'newSession' event to be emitted. This should do no harm, the id won't be |
40 | | // found, and the handshake will continue. |
41 | | class ClientHelloParser { |
42 | | public: |
43 | | inline ClientHelloParser(); |
44 | | |
45 | | class ClientHello { |
46 | | public: |
47 | 0 | inline uint8_t session_size() const { return session_size_; } |
48 | 0 | inline const uint8_t* session_id() const { return session_id_; } |
49 | 0 | inline bool has_ticket() const { return has_ticket_; } |
50 | 0 | inline uint8_t servername_size() const { return servername_size_; } |
51 | 0 | inline const uint8_t* servername() const { return servername_; } |
52 | | |
53 | | private: |
54 | | uint8_t session_size_; |
55 | | const uint8_t* session_id_; |
56 | | bool has_ticket_; |
57 | | uint8_t servername_size_; |
58 | | const uint8_t* servername_; |
59 | | |
60 | | friend class ClientHelloParser; |
61 | | }; |
62 | | |
63 | | typedef void (*OnHelloCb)(void* arg, const ClientHello& hello); |
64 | | typedef void (*OnEndCb)(void* arg); |
65 | | |
66 | | void Parse(const uint8_t* data, size_t avail); |
67 | | |
68 | | inline void Reset(); |
69 | | inline void Start(OnHelloCb onhello_cb, OnEndCb onend_cb, void* cb_arg); |
70 | | inline void End(); |
71 | | inline bool IsPaused() const; |
72 | | inline bool IsEnded() const; |
73 | | |
74 | | private: |
75 | | static const size_t kMaxTLSFrameLen = 16 * 1024 + 5; |
76 | | static const size_t kMaxSSLExFrameLen = 32 * 1024; |
77 | | static const uint8_t kServernameHostname = 0; |
78 | | static const size_t kMinStatusRequestSize = 5; |
79 | | |
80 | | enum ParseState { |
81 | | kWaiting, |
82 | | kTLSHeader, |
83 | | kPaused, |
84 | | kEnded |
85 | | }; |
86 | | |
87 | | enum FrameType { |
88 | | kChangeCipherSpec = 20, |
89 | | kAlert = 21, |
90 | | kHandshake = 22, |
91 | | kApplicationData = 23, |
92 | | kOther = 255 |
93 | | }; |
94 | | |
95 | | enum HandshakeType { |
96 | | kClientHello = 1 |
97 | | }; |
98 | | |
99 | | enum ExtensionType { |
100 | | kServerName = 0, |
101 | | kTLSSessionTicket = 35 |
102 | | }; |
103 | | |
104 | | bool ParseRecordHeader(const uint8_t* data, size_t avail); |
105 | | void ParseHeader(const uint8_t* data, size_t avail); |
106 | | void ParseExtension(const uint16_t type, |
107 | | const uint8_t* data, |
108 | | size_t len); |
109 | | bool ParseTLSClientHello(const uint8_t* data, size_t avail); |
110 | | |
111 | | ParseState state_; |
112 | | OnHelloCb onhello_cb_; |
113 | | OnEndCb onend_cb_; |
114 | | void* cb_arg_; |
115 | | size_t frame_len_ = 0; |
116 | | size_t body_offset_ = 0; |
117 | | size_t extension_offset_ = 0; |
118 | | uint8_t session_size_ = 0; |
119 | | const uint8_t* session_id_ = nullptr; |
120 | | uint16_t servername_size_ = 0; |
121 | | const uint8_t* servername_ = nullptr; |
122 | | uint16_t tls_ticket_size_ = -1; |
123 | | const uint8_t* tls_ticket_ = nullptr; |
124 | | }; |
125 | | |
126 | | } // namespace crypto |
127 | | } // namespace node |
128 | | |
129 | | #endif // defined(NODE_WANT_INTERNALS) && NODE_WANT_INTERNALS |
130 | | |
131 | | #endif // SRC_CRYPTO_CRYPTO_CLIENTHELLO_H_ |