Class Summary |
AbstractSSLSocketDecorator |
Base class for decorating socket and converting to Secure Socket |
Alert |
struct {
AlertLevel level;
AlertDescription description;
} Alert;
|
AlertDescription |
enum {
close_notify(0),
unexpected_message(10),
bad_record_mac(20),
decompression_failure(30),
handshake_failure(40),
no_certificate(41),
bad_certificate(42),
unsupported_certificate(43),
certificate_revoked(44),
certificate_expired(45),
certificate_unknown(46),
illegal_parameter (47)
(255)
} AlertDescription;
|
AlertLevel |
enum { warning(1), fatal(2), (255) } AlertLevel; |
ASN1Cert |
opaque ASN.1Cert<1..2^24-1>; |
CertificateChain |
struct {
ASN.1Cert certificate_list<1..2^24-1>;
} Certificate;
certificate_list This is a sequence (chain) of X.509.v3
certificates, ordered with the sender's
certificate first followed by any certificate
authority certificates proceeding sequentially
upward. |
CertificateRequest |
enum {
rsa_sign(1), dss_sign(2), rsa_fixed_dh(3), dss_fixed_dh(4),
rsa_ephemeral_dh(5), dss_ephemeral_dh(6), fortezza_kea(20),
(255)
} ClientCertificateType;
opaque DistinguishedName<1..2^16-1>;
struct {
ClientCertificateType certificate_types<1..2^8-1>;
DistinguishedName certificate_authorities<3..2^16-1>;
} CertificateRequest;
|
CertificateVerify |
struct {
Signature signature;
} CertificateVerify;
CertificateVerify.signature.md5_hash
MD5(master_secret + pad_2 +
MD5(handshake_messages + master_secret + pad_1));
CertificateVerify.signature.sha_hash
SHA(master_secret + pad_2 +
SHA(handshake_messages + master_secret + pad_1));
|
ChangeCipherSpec |
struct {
enum { change_cipher_spec(1), (255) } type;
} ChangeCipherSpec;
|
CipherSpec |
uint8 CipherSuite[2];
let uint8[0] == major
unint8[1] == minor
enum { stream, block } CipherType;
enum { true, false } IsExportable;
enum { null, rc4, rc2, des, 3des, des40, fortezza }
BulkCipherAlgorithm;
enum { null, md5, sha } MACAlgorithm;
struct {
BulkCipherAlgorithm bulk_cipher_algorithm;
MACAlgorithm mac_algorithm;
CipherType cipher_type;
IsExportable is_exportable;
uint8 hash_size;
uint8 key_material;
uint8 IV_size;
} CipherSpec;
|
CipherSpecImpl |
uint8 CipherSuite[2];
let uint8[0] == major
unint8[1] == minor
enum { stream, block } CipherType;
enum { true, false } IsExportable;
enum { null, rc4, rc2, des, 3des, des40, fortezza }
BulkCipherAlgorithm;
enum { null, md5, sha } MACAlgorithm;
struct {
BulkCipherAlgorithm bulk_cipher_algorithm;
MACAlgorithm mac_algorithm;
CipherType cipher_type;
IsExportable is_exportable;
uint8 hash_size;
uint8 key_material;
uint8 IV_size;
} CipherSpec;
|
ClientHello |
struct {
ProtocolVersion client_version;
Random random;
SessionID session_id;
CipherSpec cipher_suites<2..2^16-1>;
CompressionMethod compression_methods<1..2^8-1>;
} ClientHello;
|
ClientHelloV2 |
SSL v2 client hello. |
ClientKeyExchange |
struct {
select (KeyExchangeAlgorithm) {
case rsa: EncryptedPreMasterSecret;
case diffie_hellman: ClientDiffieHellmanPublic;
case fortezza_kea: FortezzaKeys;
} exchange_keys;
} ClientKeyExchange;
enum { rsa, diffie_hellman, fortezza_kea }
KeyExchangeAlgorithm;
struct {
ProtocolVersion client_version;
opaque random[46];
} PreMasterSecret;
struct {
public-key-encrypted PreMasterSecret pre_master_secret;
} EncryptedPreMasterSecret;
|
ClientMain |
Client side Test program. |
CompressionMethod |
enum { null(0), (255) } CompressionMethod; |
ContentType |
The higher level protocol used to process the enclosed fragment. |
ExpectedValuesMap |
Map of expected values. |
Finished |
enum { client(0x434C4E54), server(0x53525652) } Sender;
struct {
opaque md5_hash[16];
opaque sha_hash[20];
} Finished;
md5_hash MD5(master_secret + pad2 +
MD5(handshake_messages + Sender +
master_secret + pad1));
sha_hash SHA(master_secret + pad2 +
SHA(handshake_messages + Sender +
master_secret + pad1));
|
Handshake |
struct {
HandshakeType msg_type; // handshake type
uint24 length; // bytes in message
select (HandshakeType) {
case hello_request: HelloRequest;
case client_hello: ClientHello;
case server_hello: ServerHello;
case certificate: Certificate;
case server_key_exchange: ServerKeyExchange;
case certificate_request: CertificateRequest;
case server_hello_done: ServerHelloDone;
case certificate_verify: CertificateVerify;
case client_key_exchange: ClientKeyExchange;
case finished: Finished;
} body;
} Handshake;
|
HandshakeDigest |
Hash digest caluclation. |
HandshakeType |
enum {
hello_request(0), client_hello(1), server_hello(2),
certificate(11), server_key_exchange (12),
certificate_request(13), server_hello_done(14),
certificate_verify(15), client_key_exchange(16),
finished(20), (255)
} HandshakeType;
|
LogCapability |
Base class for other classes. |
Main |
Test program. |
MasterSecret |
master_secret =
MD5(pre_master_secret + SHA('A' + pre_master_secret +
ClientHello.random + ServerHello.random)) +
MD5(pre_master_secret + SHA('BB' + pre_master_secret +
ClientHello.random + ServerHello.random)) +
MD5(pre_master_secret + SHA('CCC' + pre_master_secret +
ClientHello.random + ServerHello.random));
key_block =
MD5(master_secret + SHA(`A' + master_secret +
ServerHello.random +
ClientHello.random)) +
MD5(master_secret + SHA(`BB' + master_secret +
ServerHello.random +
ClientHello.random)) +
MD5(master_secret + SHA(`CCC' + master_secret +
ServerHello.random +
ClientHello.random)) + [...];
client_write_MAC_secret[CipherSpec.hash_size]
server_write_MAC_secret[CipherSpec.hash_size]
client_write_key[CipherSpec.key_material]
server_write_key[CipherSpec.key_material]
client_write_IV[CipherSpec.IV_size] // non-export ciphers
server_write_IV[CipherSpec.IV_size] // non-export ciphers
|
OutputBuffer |
provides methods to read data from a buffer. |
ProtocolVersion |
struct {
uint8 major, minor;
} ProtocolVersion;
|
Random |
struct {
uint32 gmt_unix_time;
opaque random_bytes[28];
} Random;
Single byte entities containing uninterpreted data are of type opaque. |
Record |
struct {
ContentType type;
ProtocolVersion version;
uint16 length;
opaque fragment[SSLPlaintext.length];
} SSLPlaintext;
enum {
change_cipher_spec(20), alert(21), handshake(22),
application_data(23), (255)
} ContentType;
|
Record.Wrapper |
|
ResumedSessionEntry |
Session reuse information
Resumed session has the same master secret and cipher suite as orig. |
SCRecord |
S->C record: outgoing record |
ServerHello |
struct {
ProtocolVersion server_version;
Random random;
SessionID session_id;
CipherSpec cipher_suite;
CompressionMethod compression_method;
} ServerHello;
|
ServerHelloDone |
struct { } ServerHelloDone;
|
SessionID |
opaque SessionID<0..32>;
Session ID should be unique and difficult to guess. |
SSLClientSocketDecorator |
Server Side SSLv3 Protocol. |
SSLContext |
Context for SSL communciation. |
SSLInputStream |
Input stream implementation returned SSL Socket |
SSLOutputStream |
Output stream implementation returned SSL Socket
provide outgoing SSL Recordes
S->C record: outgoing record |
SSLServerSocket |
Server Socket. |
SSLServerSocketDecorator |
Server Side SSLv3 Protocol. |
SSLSocket |
SSL Socket for SSLv3 Protocol. |
SSLUtil |
Utility functions used by SSL. |
StreamCipherSpecImpl |
Concrete Cipher Suite implementation. |
TrustStore |
Contains the list of certificates trusted by the server. |
UnsecureRandomGenerator |
Fast but weak random number generator. |