依照国密相关补充头文件协议还没弄完

modified: include/gmssl/gmtls.h

依照国密相关补充头文件协议还没弄完
f4e071b2 · guoxin · 662795bc · f4e071b2
Commit f4e071b2 authored Jun 15, 2023 by guoxin
Hide whitespace changes
Inline Side-by-side

Showing with 234 additions and 12 deletions

gmtls.h include/gmssl/gmtls.h +234 -12

No files found.
--- a/include/gmssl/gmtls.h
+++ b/include/gmssl/gmtls.h
@@ -49,8 +49,8 @@ typedef enum {
    sha1,
    sm3
    }   MACAlgorithm;
-    //所以这里用到的压缩算法究竟用啥？？？ 国密里面也没给提示呀，应该是默认null 木有 除非联系的对端有特殊约定
-typedef enum  : char{
+    //所以这里用到的压缩算法究竟用啥？？？ 国密里面也没给提示呀，应该是默认null 木有 除非联系的对端有特殊约定 再说吧
+typedef enum  : unsigned char{
    null, 
    }   CompressionMethod;

@@ -74,7 +74,7 @@ struct {

 /*6.3.2.1*/
 //片段的记录层协议类型
-typedef enum : char{
+typedef enum : unsigned char{
    change_cipher_spec  =           20,
    alert               =           21,
    handshark           =           22,
@@ -89,7 +89,13 @@ typedef struct{
 //以字节为单位的片段长度小于或等于2^14 就是最大16k
 #define GMTLS_TLS_PLAINTEXT_LEN     16384
 #define GMTLS_TLS_COMPRESSED_LEN     16384+1024
-//片段结构
+#define GMTLS_TLS_RECORD_IV_MAX_SIZE    512
+#define GMTLS_TLS_MAC_MAX_SIZE    512
+#define GMTLS_TLS_PADDING_MAX_SIZE    512
+
+
+
+//分段后的片段结构
 typedef struct{
    ContentType         type;
    ProtocolVersion     verison;
@@ -99,6 +105,7 @@ typedef struct{


 /*6.3.2.2 压缩和解压缩*/
+//TLSPlaintext压缩后的数据结构
 typedef struct{
    ContentType         type;
    ProtocolVersion     verison;
@@ -107,14 +114,229 @@ typedef struct{
 } TLSCompressed;

 /*6.3.2.3 加密和校验*/
-// typedef struct{
-//     ContentType         type;
-//     ProtocolVersion     verison;
-//     uint16              length;
-//     int select(CipherSpec){
-//         case block:GenericBlockCipher;
-//     }                   fragment;
-// } TLSCiphertext;
+//加密block
+typedef struct{
+    opaque      content[GMTLS_TLS_COMPRESSED_LEN];
+    opaque      MAC[GMTLS_TLS_MAC_MAX_SIZE];
+    uint8       padding_length;
+    uint8       padding[GMTLS_TLS_PADDING_MAX_SIZE];
+}BlockCiphered;
+
+
+//加密处理前的数据结构
+typedef struct{
+    opaque              IV[GMTLS_TLS_RECORD_IV_MAX_SIZE];
+    BlockCiphered       block_Ciphered;
+}GenericBlockCipher;
+
+
+//压缩分段转成加密分段的加密分段结构
+//当CipherSpec.ciphertype == block 时  fragment 用 GenericBlockCipher 类型接收
+typedef struct{
+    ContentType         type;
+    ProtocolVersion     verison;
+    uint16              length;
+    opaque              fragment;
+} TLSCiphertext;
+
+
+/*6.4.1 密码变更协议*/
+typedef enum {
+    change_cipher_spec =    1
+} ChangeCipherSpec_Type;
+
+typedef struct
+{
+    ChangeCipherSpec_Type   type;
+}ChangeCipherSpec;
+
+/*6.4.2 报警协议*/
+//报警级别
+typedef enum : unsigned char{
+    warring     =   1,
+    fatal       =   2
+}AlectLevel;
+//警报描述
+typedef enum : unsigned char{
+    close_notify            =       0,
+    unexpected_message      =       10,     
+    bad_record_mac          =       20,
+    description_failed      =       21,
+    record_overflow         =       22,
+    decompression_failure   =       30,
+    handshake_failure       =       40,
+    bad_certificate         =       42,
+    unsupported_certificate =       43,
+    certificate_revoke      =       44,
+    certificate_expired     =       45,
+    certificate_unknown     =       46,
+    illegal_parameter       =       47,
+    unknow_ca               =       48,
+    access_defined          =       49,
+    decode_error            =       50,
+    decrypt_error           =       51,
+    protocol_version        =       70,
+    insufficient_security   =       71,
+    internal_error          =       80,
+    user_canceled           =       90,
+    unsupported_site2site   =       200,
+    no_area                 =       201,
+    unsupported_areatype    =       202,
+    bad_ibcparam            =       203,
+    unsupported_ibcparam    =       204,
+    identify_need           =       205
+}AlertDescription;
+
+//报警消息结构
+typedef struct 
+{
+    AlectLevel          level;
+    AlertDescription    description;
+}Alert;
+
+//致命级别的警报，收到或发送该级别警报需要发送关闭通知。
+int  AlertFatal[17] = {10,20,21,22,30,40,47,48,49,50,70,71,80,200,203,204,205};
+
+/*6.4.3 握手协议*/
+//初次握手流程
+/*
+      Client                                               Server
+
+      ClientHello                  -------->
+                                                      ServerHello
+                                                      Certificate
+                                               ServerKeyExchange*
+                                              CertificateRequest*
+                                   <--------      ServerHelloDone
+      Certificate*
+      ClientKeyExchange
+      CertificateVerify*
+      [ChangeCipherSpec]
+      Finished                     -------->
+                                               [ChangeCipherSpec]
+                                   <--------             Finished
+      Application Data             <------->     Application Data
+*/
+//重组握手流程
+/*
+      Client                                               Server
+
+      ClientHello                  -------->
+                                                      ServerHello
+                                               [ChangeCipherSpec]
+                                   <--------             Finished
+      [ChangeCipherSpec]
+      Finished                               
+      Application Data             <------->     Application Data
+*/
+
+/*6.4.4 握手消息类型*/
+typedef enum : unsigned char
+{
+    client_hello            =       1,
+    server_hello            =       2,
+    certificate             =       11,
+    server_key_exchange     =       12,
+    certificate_request     =       13,
+    server_hello_done       =       14,
+    certificate_verify      =       15,
+    client_key_exchange     =       16,
+    finished                =       20
+} HandshakeType;
+
+//握手消息结构
+//body根据msg_type 比对 HandshakeType 用对应的实体类型接收
+typedef struct
+{
+   uint24           length;
+   opaque            body;
+} Handshake;
+
+/* 6.4.4.1.1 client hello*/
+typedef struct 
+{
+    uint32          gmt_unix_time;
+    opaque          random_bytes[28];
+} Random;
+
+//国密支持的算法套件
+#define ECDHE_SM1_SM3		(0xe1|0x01)
+
+typedef enum {
+	TLS_cipher_null_with_null_null		= 0x0000,
+
+	// TLS 1.3, RFC 8998
+	TLS_cipher_sm4_gcm_sm3			= 0x00c6,
+	TLS_cipher_sm4_ccm_sm3			= 0x00c7,
+
+	// TLCP, GB/T 38636-2020, GM/T 0024-2012
+	TLS_cipher_ecdhe_sm4_cbc_sm3		= 0xe011, // 可以让TLSv1.2使用这个
+	TLS_cipher_ecdhe_sm4_gcm_sm3		= 0xe051,
+	TLS_cipher_ecc_sm4_cbc_sm3		= 0xe013,
+	TLS_cipher_ecc_sm4_gcm_sm3		= 0xe053,
+	TLS_cipher_ibsdh_sm4_cbc_sm3		= 0xe015,
+	TLS_cipher_ibsdh_sm4_gcm_sm3		= 0xe055,
+	TLS_cipher_ibc_sm4_cbc_sm3		= 0xe017,
+	TLS_cipher_ibc_sm4_gcm_sm3		= 0xe057,
+	TLS_cipher_rsa_sm4_cbc_sm3		= 0xe019,
+	TLS_cipher_rsa_sm4_gcm_sm3		= 0xe059,
+	TLS_cipher_rsa_sm4_cbc_sha256		= 0xe01c,
+	TLS_cipher_rsa_sm4_gcm_sha256		= 0xe05a,
+
+	// TLS 1.3 RFC 8446
+	TLS_cipher_aes_128_gcm_sha256		= 0x1301, // Mandatory-to-implement
+	TLS_cipher_aes_256_gcm_sha384		= 0x1302, // SHOULD implement
+	TLS_cipher_chacha20_poly1305_sha256	= 0x1303, // SHOULD implement
+	TLS_cipher_aes_128_ccm_sha256		= 0x1304,
+	TLS_cipher_aes_128_ccm_8_sha256		= 0x1305,
+
+	TLS_cipher_empty_renegotiation_info_scsv = 0x00ff,
+} CipherSuite;
+
+//32变长字节的 SessionID 由服务器产生，当客户端没有可用或是协商安全参数时为空  标识生成后的生命周期持续到超时删除或是强制关闭。
+typedef opaque SessionID[32];
+
+typedef struct 
+{
+    ProtocolVersion         client_version;
+    Random                  random;
+    SessionID               session_id;
+    CipherSuite             cipher_suite;
+    CompressionMethod       compresstion_methods;
+}ClientHello;
+
+/* 6.4.4.1.2 Server hello */
+//如果收到客户端的hello 有匹配的算法条件的话 回复该消息。
+typedef struct 
+{
+    ProtocolVersion         client_version;
+    Random                  random;
+    SessionID               session_id;
+    CipherSuite             cipher_suite;
+    CompressionMethod       compresstion_methods;
+} ServerHello;
+
+/* 6.4.4.1.3 Server Certificate */
+//当选择算法为RSA、ECC or  ECDHE 时 传输内容为 服务器端的签名证书和加密证书  （有顺序 签名在前 加密在后）
+/*
+    密钥交换算法与密钥类型关系表
+    ------------------------------------------------------
+    密钥交换算法                    证书密钥类型
+    ------------------------------------------------------
+    RSA                         RSA公钥，必须使用加密证书中的公钥
+    IBC                         服务端标识和IBC公共参数
+    IBSDH                       服务端标识和IBC公共参数
+    ECC                         ECC公钥，必须使用加密证书中的公钥
+    ECDHE                       ECC公钥，必须使用加密证书中的公钥
+*/
+typedef opaque ASN1Cert[0xFFFFFF];
+typedef struct 
+{
+    ASN1Cert        certificate[0xFFFFFF];
+} Certificate;
+
+
+