#ifndef __RELAY_H__ #define __RELAY_H__ #include #include #include #include "ptwist.h" #include "slitheen.h" #define MAX_FLOWS 10 #define TLS_HELLO_REQ 0x00 #define TLS_CLNT_HELLO 0x01 #define TLS_SERV_HELLO 0x02 #define TLS_NEW_SESS 0x04 #define TLS_CERT 0x0b #define TLS_SRVR_KEYEX 0x0c #define TLS_CERT_REQ 0x0d #define TLS_SRVR_HELLO_DONE 0x0e #define TLS_CERT_VERIFY 0x0f #define TLS_CLNT_KEYEX 0x10 #define TLS_FINISHED 0x14 struct packet_st{ uint32_t seq_num; uint16_t len; uint16_t data_len; uint8_t *data; struct packet_st *next; int incoming; //0 for outgoing, 1 for incoming }; typedef struct queue_block_st{ int32_t len; int32_t offset; uint8_t *data; struct queue_block_st *next; } queue_block; typedef struct packet_st packet; typedef struct session_st { uint8_t session_id_len; uint8_t session_id[SSL_MAX_SSL_SESSION_ID_LENGTH]; struct session_st *next; uint8_t master_secret[SSL3_MASTER_SECRET_SIZE]; uint8_t client_random[SSL3_RANDOM_SIZE]; uint8_t server_random[SSL3_RANDOM_SIZE]; uint32_t session_ticket_len; uint8_t *session_ticket; } session; typedef struct session_cache_st { session *first_session; uint32_t length; } session_cache; typedef struct flow_st { struct in_addr src_ip, dst_ip; /* Source (client) and Destination (server) addresses */ uint16_t src_port, dst_port; /* Source and Destination ports */ uint32_t seq_num; /* sequence number */ byte key[16]; /* negotiated key */ int state; /* TLS handshake state */ int in_encrypted; /* indicates whether incoming flow is encrypted */ int out_encrypted; /* indicates whether outgoing flow is encrypted */ int application; /* indicates handshake is complete */ int resume_session; packet *packet_chain; /* currently held data */ queue_block *censored_queue; DH *dh; uint8_t handshake_hash[EVP_MAX_MD_SIZE]; EVP_MD_CTX *finish_md_ctx; EVP_CIPHER_CTX *clnt_read_ctx; EVP_CIPHER_CTX *clnt_write_ctx; EVP_CIPHER_CTX *srvr_read_ctx; EVP_CIPHER_CTX *srvr_write_ctx; EVP_MD_CTX *read_mac_ctx; EVP_MD_CTX *write_mac_ctx; uint8_t client_random[SSL3_RANDOM_SIZE]; uint8_t server_random[SSL3_RANDOM_SIZE]; uint8_t master_secret[SSL3_MASTER_SECRET_SIZE]; session *current_session; uint8_t read_seq[8]; uint8_t write_seq[8]; uint8_t *outbox; int32_t outbox_len; //locking //pthread_mutex_t flow_lock = PTHREAD_MUTEX_INITIALIZER; } flow; typedef struct flow_table_st { flow *table; int len; int max_len; } flow_table; int init_flow_table (void); flow *add_flow(flow newFlow); int update_flow(flow *f); int remove_flow(int index); int check_flow(flow observed); flow *get_flow(int index); int init_session_cache (void); int verify_session_id(flow *f, uint8_t *hs); int check_session(flow *f, uint8_t *hs, uint32_t len); int save_session_id(flow *f, uint8_t *hs); int save_session_ticket(flow *f, uint8_t *hs, uint32_t len); int add_packet(flow *f, struct packet_info *info); #endif /* __RELAY_H__ */