1 // Copyright Joyent, Inc. and other Node contributors.
3 // Permission is hereby granted, free of charge, to any person obtaining a
4 // copy of this software and associated documentation files (the
5 // "Software"), to deal in the Software without restriction, including
6 // without limitation the rights to use, copy, modify, merge, publish,
7 // distribute, sublicense, and/or sell copies of the Software, and to permit
8 // persons to whom the Software is furnished to do so, subject to the
9 // following conditions:
11 // The above copyright notice and this permission notice shall be included
12 // in all copies or substantial portions of the Software.
14 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
15 // OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
16 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
17 // NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
18 // DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
19 // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
20 // USE OR OTHER DEALINGS IN THE SOFTWARE.
22 #ifndef SRC_NODE_CRYPTO_CLIENTHELLO_H_
23 #define SRC_NODE_CRYPTO_CLIENTHELLO_H_
25 #if defined(NODE_WANT_INTERNALS) && NODE_WANT_INTERNALS
27 #include <cstddef> // size_t
33 // Parse the client hello so we can do async session resumption. OpenSSL's
34 // session resumption uses synchronous callbacks, see SSL_CTX_sess_set_get_cb
35 // and get_session_cb.
37 // TLS1.3 handshakes masquerade as TLS1.2 session resumption, and to do this,
38 // they always include a session_id in the ClientHello, making up a bogus value
39 // if necessary. The parser can't know if its a bogus id, and will cause a
40 // 'newSession' event to be emitted. This should do no harm, the id won't be
41 // found, and the handshake will continue.
42 class ClientHelloParser {
44 inline ClientHelloParser();
48 inline uint8_t session_size() const { return session_size_; }
49 inline const uint8_t* session_id() const { return session_id_; }
50 inline bool has_ticket() const { return has_ticket_; }
51 inline uint8_t servername_size() const { return servername_size_; }
52 inline const uint8_t* servername() const { return servername_; }
55 uint8_t session_size_;
56 const uint8_t* session_id_;
58 uint8_t servername_size_;
59 const uint8_t* servername_;
61 friend class ClientHelloParser;
64 typedef void (*OnHelloCb)(void* arg, const ClientHello& hello);
65 typedef void (*OnEndCb)(void* arg);
67 void Parse(const uint8_t* data, size_t avail);
70 inline void Start(OnHelloCb onhello_cb, OnEndCb onend_cb, void* onend_arg);
72 inline bool IsPaused() const;
73 inline bool IsEnded() const;
76 static const size_t kMaxTLSFrameLen = 16 * 1024 + 5;
77 static const size_t kMaxSSLExFrameLen = 32 * 1024;
78 static const uint8_t kServernameHostname = 0;
79 static const size_t kMinStatusRequestSize = 5;
89 kChangeCipherSpec = 20,
92 kApplicationData = 23,
102 kTLSSessionTicket = 35
105 bool ParseRecordHeader(const uint8_t* data, size_t avail);
106 void ParseHeader(const uint8_t* data, size_t avail);
107 void ParseExtension(const uint16_t type,
110 bool ParseTLSClientHello(const uint8_t* data, size_t avail);
113 OnHelloCb onhello_cb_;
116 size_t frame_len_ = 0;
117 size_t body_offset_ = 0;
118 size_t extension_offset_ = 0;
119 uint8_t session_size_ = 0;
120 const uint8_t* session_id_ = nullptr;
121 uint16_t servername_size_ = 0;
122 const uint8_t* servername_ = nullptr;
123 uint16_t tls_ticket_size_ = -1;
124 const uint8_t* tls_ticket_ = nullptr;
127 } // namespace crypto
130 #endif // defined(NODE_WANT_INTERNALS) && NODE_WANT_INTERNALS
132 #endif // SRC_NODE_CRYPTO_CLIENTHELLO_H_