[apple/security.git] / libsecurity_ssl / lib / sslHandshake.h

/*
 * Copyright (c) 2000-2001,2005-2007,2010-2012 Apple Inc. All Rights Reserved.
 *
 * The contents of this file constitute Original Code as defined in and are
 * subject to the Apple Public Source License Version 1.2 (the 'License').
 * You may not use this file except in compliance with the License. Please obtain
 * a copy of the License at http://www.apple.com/publicsource and read it before
 * using this file.
 *
 * This Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
 * specific language governing rights and limitations under the License.
 */

/*
 * sslHandshake.h - SSL Handshake Layer
 */

#ifndef _SSLHANDSHAKE_H_
#define _SSLHANDSHAKE_H_

#include "sslRecord.h"

#ifdef __cplusplus
extern "C" {
#endif

typedef enum
{   SSL_HdskHelloRequest = 0,
    SSL_HdskClientHello = 1,
    SSL_HdskServerHello = 2,
#if ENABLE_DTLS
    SSL_HdskHelloVerifyRequest = 3,
#endif /* ENABLE_DTLS */
    SSL_HdskCert = 11,
    SSL_HdskServerKeyExchange = 12,
    SSL_HdskCertRequest = 13,
    SSL_HdskServerHelloDone = 14,
    SSL_HdskCertVerify = 15,
    SSL_HdskClientKeyExchange = 16,
    SSL_HdskFinished = 20
} SSLHandshakeType;

/* Hello Extensions per RFC 3546 */
typedef enum
{
	SSL_HE_ServerName = 0,
	SSL_HE_MaxFragmentLength = 1,
	SSL_HE_ClientCertificateURL = 2,
	SSL_HE_TrustedCAKeys = 3,
	SSL_HE_TruncatedHMAC = 4,
	SSL_HE_StatusReguest = 5,

	/* ECDSA, RFC 4492 */
	SSL_HE_EllipticCurves  = 10,
	SSL_HE_EC_PointFormats = 11,

    /* TLS 1.2 */
    SSL_HE_SignatureAlgorithms = 13,

    /* RFC 5746 */
    SSL_HE_SecureRenegotation = 0xff01,

	/*
	 * This one is suggested but not formally defined in
	 * I.D.salowey-tls-ticket-07
	 */
	SSL_HE_SessionTicket = 35
} SSLHelloExtensionType;

/* SSL_HE_ServerName NameType values */
typedef enum
{
	SSL_NT_HostName = 0
} SSLServerNameType;

/*
 * The number of curves we support
 */
#define SSL_ECDSA_NUM_CURVES	3

/* SSL_HE_EC_PointFormats - point formats */
typedef enum
{
	SSL_PointFormatUncompressed = 0,
	SSL_PointFormatCompressedPrime = 1,
	SSL_PointFormatCompressedChar2 = 2,
} SSL_ECDSA_PointFormats;

/* CurveTypes in a Server Key Exchange msg */
typedef enum
{
	SSL_CurveTypeExplicitPrime = 1,
	SSL_CurveTypeExplicitChar2 = 2,
	SSL_CurveTypeNamed         = 3		/* the only one we support */
} SSL_ECDSA_CurveTypes;

typedef enum
{   SSL_read,
    SSL_write
} CipherSide;

typedef enum
{
	SSL_HdskStateUninit = 0,			/* only valid within SSLContextAlloc */
	SSL_HdskStateServerUninit,			/* no handshake yet */
	SSL_HdskStateClientUninit,			/* no handshake yet */
	SSL_HdskStateGracefulClose,
    SSL_HdskStateErrorClose,
	SSL_HdskStateNoNotifyClose,			/* server disconnected with no
										 *   notify msg */
    /* remainder must be consecutive */
    SSL_HdskStateServerHello,           /* must get server hello; client hello sent */
    SSL_HdskStateKeyExchange,           /* must get key exchange; cipher spec
										 *   requires it */
    SSL_HdskStateCert,               	/* may get certificate or certificate
										 *   request (if no cert request received yet) */
    SSL_HdskStateHelloDone,             /* must get server hello done; after key
										 *   exchange or fixed DH parameters */
    SSL_HdskStateClientCert,         	/* must get certificate or no cert alert
										 *   from client */
    SSL_HdskStateClientKeyExchange,     /* must get client key exchange */
    SSL_HdskStateClientCertVerify,      /* must get certificate verify from client */
    SSL_HdskStateChangeCipherSpec,      /* time to change the cipher spec */
    SSL_HdskStateFinished,              /* must get a finished message in the
										 *   new cipher spec */
    SSL_HdskStateServerReady,          /* ready for I/O; server side */
    SSL_HdskStateClientReady           /* ready for I/O; client side */
} SSLHandshakeState;

typedef struct
{   SSLHandshakeType    type;
    SSLBuffer           contents;
} SSLHandshakeMsg;


uint8_t *SSLEncodeHandshakeHeader(
    SSLContext *ctx,
    SSLRecord *rec,
    SSLHandshakeType type,
    size_t msglen);


#define SSL_Finished_Sender_Server  0x53525652
#define SSL_Finished_Sender_Client  0x434C4E54

/** sslHandshake.c **/
typedef OSStatus (*EncodeMessageFunc)(SSLRecord *rec, SSLContext *ctx);
OSStatus SSLProcessHandshakeRecord(SSLRecord rec, SSLContext *ctx);
OSStatus SSLPrepareAndQueueMessage(EncodeMessageFunc msgFunc, SSLContext *ctx);
OSStatus SSLAdvanceHandshake(SSLHandshakeType processed, SSLContext *ctx);
OSStatus SSL3ReceiveSSL2ClientHello(SSLRecord rec, SSLContext *ctx);
OSStatus DTLSProcessHandshakeRecord(SSLRecord rec, SSLContext *ctx);
OSStatus DTLSRetransmit(SSLContext *ctx);
OSStatus SSLResetFlight(SSLContext *ctx);
OSStatus SSLSendFlight(SSLContext *ctx);

OSStatus sslGetMaxProtVersion(SSLContext *ctx, SSLProtocolVersion	*version);	// RETURNED

#ifdef	NDEBUG
#define SSLChangeHdskState(ctx, newState) { ctx->state=newState; }
#define SSLLogHdskMsg(msg, sent)
#else
void SSLChangeHdskState(SSLContext *ctx, SSLHandshakeState newState);
void SSLLogHdskMsg(SSLHandshakeType msg, char sent);
char *hdskStateToStr(SSLHandshakeState state);
#endif

/** sslChangeCipher.c **/
OSStatus SSLEncodeChangeCipherSpec(SSLRecord *rec, SSLContext *ctx);
OSStatus SSLProcessChangeCipherSpec(SSLRecord rec, SSLContext *ctx);

/** sslCert.c **/
OSStatus SSLEncodeCertificate(SSLRecord *certificate, SSLContext *ctx);
OSStatus SSLProcessCertificate(SSLBuffer message, SSLContext *ctx);
OSStatus SSLEncodeCertificateRequest(SSLRecord *request, SSLContext *ctx);
OSStatus SSLProcessCertificateRequest(SSLBuffer message, SSLContext *ctx);
OSStatus SSLEncodeCertificateVerify(SSLRecord *verify, SSLContext *ctx);
OSStatus SSLProcessCertificateVerify(SSLBuffer message, SSLContext *ctx);

/** sslHandshakeHello.c **/
OSStatus SSLEncodeServerHello(SSLRecord *serverHello, SSLContext *ctx);
OSStatus SSLProcessServerHello(SSLBuffer message, SSLContext *ctx);
OSStatus SSLEncodeClientHello(SSLRecord *clientHello, SSLContext *ctx);
OSStatus SSLProcessClientHello(SSLBuffer message, SSLContext *ctx);
OSStatus SSLInitMessageHashes(SSLContext *ctx);
OSStatus SSLEncodeRandom(unsigned char *p, SSLContext *ctx);
#if ENABLE_DTLS
OSStatus SSLEncodeServerHelloVerifyRequest(SSLRecord *helloVerifyRequest, SSLContext *ctx);
OSStatus SSLProcessServerHelloVerifyRequest(SSLBuffer message, SSLContext *ctx);
#endif

/** sslKeyExchange.c **/
OSStatus SSLEncodeServerKeyExchange(SSLRecord *keyExch, SSLContext *ctx);
OSStatus SSLProcessServerKeyExchange(SSLBuffer message, SSLContext *ctx);
OSStatus SSLEncodeKeyExchange(SSLRecord *keyExchange, SSLContext *ctx);
OSStatus SSLProcessKeyExchange(SSLBuffer keyExchange, SSLContext *ctx);
OSStatus SSLInitPendingCiphers(SSLContext *ctx);

/** sslHandshakeFinish.c **/
OSStatus SSLEncodeFinishedMessage(SSLRecord *finished, SSLContext *ctx);
OSStatus SSLProcessFinished(SSLBuffer message, SSLContext *ctx);
OSStatus SSLEncodeServerHelloDone(SSLRecord *helloDone, SSLContext *ctx);
OSStatus SSLProcessServerHelloDone(SSLBuffer message, SSLContext *ctx);
OSStatus SSLCalculateFinishedMessage(SSLBuffer finished, SSLBuffer shaMsgState, SSLBuffer md5MsgState, UInt32 senderID, SSLContext *ctx);

#ifdef __cplusplus
}
#endif

#endif /* _SSLHANDSHAKE_H_ */
Commit	Line	Data
b1ab9ed8 A	1	/*
	2	* Copyright (c) 2000-2001,2005-2007,2010-2012 Apple Inc. All Rights Reserved.
	3	*
	4	* The contents of this file constitute Original Code as defined in and are
	5	* subject to the Apple Public Source License Version 1.2 (the 'License').
	6	* You may not use this file except in compliance with the License. Please obtain
	7	* a copy of the License at http://www.apple.com/publicsource and read it before
	8	* using this file.
	9	*
	10	* This Original Code and all software distributed under the License are
	11	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
	12	* OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
	13	* LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
	14	* PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
	15	* specific language governing rights and limitations under the License.
	16	*/
	17
	18	/*
	19	* sslHandshake.h - SSL Handshake Layer
	20	*/
	21
	22	#ifndef _SSLHANDSHAKE_H_
	23	#define _SSLHANDSHAKE_H_
	24
b1ab9ed8 A	25	#include "sslRecord.h"
	26
	27	#ifdef __cplusplus
	28	extern "C" {
	29	#endif
	30
	31	typedef enum
	32	{ SSL_HdskHelloRequest = 0,
	33	SSL_HdskClientHello = 1,
	34	SSL_HdskServerHello = 2,
	35	#if ENABLE_DTLS
	36	SSL_HdskHelloVerifyRequest = 3,
	37	#endif /* ENABLE_DTLS */
	38	SSL_HdskCert = 11,
	39	SSL_HdskServerKeyExchange = 12,
	40	SSL_HdskCertRequest = 13,
	41	SSL_HdskServerHelloDone = 14,
	42	SSL_HdskCertVerify = 15,
	43	SSL_HdskClientKeyExchange = 16,
	44	SSL_HdskFinished = 20
	45	} SSLHandshakeType;
	46
	47	/* Hello Extensions per RFC 3546 */
	48	typedef enum
	49	{
	50	SSL_HE_ServerName = 0,
	51	SSL_HE_MaxFragmentLength = 1,
	52	SSL_HE_ClientCertificateURL = 2,
	53	SSL_HE_TrustedCAKeys = 3,
	54	SSL_HE_TruncatedHMAC = 4,
	55	SSL_HE_StatusReguest = 5,
	56
	57	/* ECDSA, RFC 4492 */
	58	SSL_HE_EllipticCurves = 10,
	59	SSL_HE_EC_PointFormats = 11,
	60
	61	/* TLS 1.2 */
	62	SSL_HE_SignatureAlgorithms = 13,
	63
	64	/* RFC 5746 */
	65	SSL_HE_SecureRenegotation = 0xff01,
	66
	67	/*
	68	* This one is suggested but not formally defined in
	69	* I.D.salowey-tls-ticket-07
	70	*/
	71	SSL_HE_SessionTicket = 35
	72	} SSLHelloExtensionType;
	73
	74	/* SSL_HE_ServerName NameType values */
	75	typedef enum
	76	{
	77	SSL_NT_HostName = 0
	78	} SSLServerNameType;
	79
	80	/*
	81	* The number of curves we support
	82	*/
	83	#define SSL_ECDSA_NUM_CURVES 3
	84
	85	/* SSL_HE_EC_PointFormats - point formats */
	86	typedef enum
	87	{
	88	SSL_PointFormatUncompressed = 0,
89	SSL_PointFormatCompressedPrime = 1,
90	SSL_PointFormatCompressedChar2 = 2,
91	} SSL_ECDSA_PointFormats;
92
93	/* CurveTypes in a Server Key Exchange msg */
94	typedef enum
95	{
96	SSL_CurveTypeExplicitPrime = 1,
97	SSL_CurveTypeExplicitChar2 = 2,
98	SSL_CurveTypeNamed = 3 /* the only one we support */
99	} SSL_ECDSA_CurveTypes;
100
101	typedef enum
102	{ SSL_read,
103	SSL_write
104	} CipherSide;
105
106	typedef enum
107	{
108	SSL_HdskStateUninit = 0, /* only valid within SSLContextAlloc */
109	SSL_HdskStateServerUninit, /* no handshake yet */
110	SSL_HdskStateClientUninit, /* no handshake yet */
111	SSL_HdskStateGracefulClose,
112	SSL_HdskStateErrorClose,
113	SSL_HdskStateNoNotifyClose, /* server disconnected with no
114	* notify msg */
115	/* remainder must be consecutive */
116	SSL_HdskStateServerHello, /* must get server hello; client hello sent */
b1ab9ed8 A	117	SSL_HdskStateKeyExchange, /* must get key exchange; cipher spec
	118	* requires it */
	119	SSL_HdskStateCert, /* may get certificate or certificate
	120	* request (if no cert request received yet) */
	121	SSL_HdskStateHelloDone, /* must get server hello done; after key
	122	* exchange or fixed DH parameters */
	123	SSL_HdskStateClientCert, /* must get certificate or no cert alert
	124	* from client */
	125	SSL_HdskStateClientKeyExchange, /* must get client key exchange */
	126	SSL_HdskStateClientCertVerify, /* must get certificate verify from client */
	127	SSL_HdskStateChangeCipherSpec, /* time to change the cipher spec */
	128	SSL_HdskStateFinished, /* must get a finished message in the
	129	* new cipher spec */
b1ab9ed8 A	130	SSL_HdskStateServerReady, /* ready for I/O; server side */
	131	SSL_HdskStateClientReady /* ready for I/O; client side */
	132	} SSLHandshakeState;
	133
	134	typedef struct
	135	{ SSLHandshakeType type;
	136	SSLBuffer contents;
	137	} SSLHandshakeMsg;
	138
427c49bc A	139
	140	uint8_t *SSLEncodeHandshakeHeader(
	141	SSLContext *ctx,
	142	SSLRecord *rec,
	143	SSLHandshakeType type,
	144	size_t msglen);
	145
	146
b1ab9ed8 A	147	#define SSL_Finished_Sender_Server 0x53525652
	148	#define SSL_Finished_Sender_Client 0x434C4E54
	149
	150	/ sslHandshake.c /
	151	typedef OSStatus (EncodeMessageFunc)(SSLRecord rec, SSLContext *ctx);
	152	OSStatus SSLProcessHandshakeRecord(SSLRecord rec, SSLContext *ctx);
	153	OSStatus SSLPrepareAndQueueMessage(EncodeMessageFunc msgFunc, SSLContext *ctx);
	154	OSStatus SSLAdvanceHandshake(SSLHandshakeType processed, SSLContext *ctx);
	155	OSStatus SSL3ReceiveSSL2ClientHello(SSLRecord rec, SSLContext *ctx);
	156	OSStatus DTLSProcessHandshakeRecord(SSLRecord rec, SSLContext *ctx);
	157	OSStatus DTLSRetransmit(SSLContext *ctx);
	158	OSStatus SSLResetFlight(SSLContext *ctx);
	159	OSStatus SSLSendFlight(SSLContext *ctx);
	160
427c49bc A	161	OSStatus sslGetMaxProtVersion(SSLContext ctx, SSLProtocolVersion version); // RETURNED
	162
	163	#ifdef NDEBUG
	164	#define SSLChangeHdskState(ctx, newState) { ctx->state=newState; }
	165	#define SSLLogHdskMsg(msg, sent)
	166	#else
	167	void SSLChangeHdskState(SSLContext *ctx, SSLHandshakeState newState);
	168	void SSLLogHdskMsg(SSLHandshakeType msg, char sent);
	169	char *hdskStateToStr(SSLHandshakeState state);
	170	#endif
b1ab9ed8 A	171
	172	/ sslChangeCipher.c /
	173	OSStatus SSLEncodeChangeCipherSpec(SSLRecord rec, SSLContext ctx);
	174	OSStatus SSLProcessChangeCipherSpec(SSLRecord rec, SSLContext *ctx);
b1ab9ed8 A	175
	176	/ sslCert.c /
	177	OSStatus SSLEncodeCertificate(SSLRecord certificate, SSLContext ctx);
	178	OSStatus SSLProcessCertificate(SSLBuffer message, SSLContext *ctx);
	179	OSStatus SSLEncodeCertificateRequest(SSLRecord request, SSLContext ctx);
	180	OSStatus SSLProcessCertificateRequest(SSLBuffer message, SSLContext *ctx);
	181	OSStatus SSLEncodeCertificateVerify(SSLRecord verify, SSLContext ctx);
	182	OSStatus SSLProcessCertificateVerify(SSLBuffer message, SSLContext *ctx);
	183
	184	/ sslHandshakeHello.c /
	185	OSStatus SSLEncodeServerHello(SSLRecord serverHello, SSLContext ctx);
	186	OSStatus SSLProcessServerHello(SSLBuffer message, SSLContext *ctx);
	187	OSStatus SSLEncodeClientHello(SSLRecord clientHello, SSLContext ctx);
	188	OSStatus SSLProcessClientHello(SSLBuffer message, SSLContext *ctx);
	189	OSStatus SSLInitMessageHashes(SSLContext *ctx);
	190	OSStatus SSLEncodeRandom(unsigned char p, SSLContext ctx);
	191	#if ENABLE_DTLS
	192	OSStatus SSLEncodeServerHelloVerifyRequest(SSLRecord helloVerifyRequest, SSLContext ctx);
	193	OSStatus SSLProcessServerHelloVerifyRequest(SSLBuffer message, SSLContext *ctx);
	194	#endif
	195
	196	/ sslKeyExchange.c /
	197	OSStatus SSLEncodeServerKeyExchange(SSLRecord keyExch, SSLContext ctx);
	198	OSStatus SSLProcessServerKeyExchange(SSLBuffer message, SSLContext *ctx);
	199	OSStatus SSLEncodeKeyExchange(SSLRecord keyExchange, SSLContext ctx);
	200	OSStatus SSLProcessKeyExchange(SSLBuffer keyExchange, SSLContext *ctx);
	201	OSStatus SSLInitPendingCiphers(SSLContext *ctx);
	202
	203	/ sslHandshakeFinish.c /
	204	OSStatus SSLEncodeFinishedMessage(SSLRecord finished, SSLContext ctx);
	205	OSStatus SSLProcessFinished(SSLBuffer message, SSLContext *ctx);
	206	OSStatus SSLEncodeServerHelloDone(SSLRecord helloDone, SSLContext ctx);
	207	OSStatus SSLProcessServerHelloDone(SSLBuffer message, SSLContext *ctx);
	208	OSStatus SSLCalculateFinishedMessage(SSLBuffer finished, SSLBuffer shaMsgState, SSLBuffer md5MsgState, UInt32 senderID, SSLContext *ctx);
	209
	210	#ifdef __cplusplus
	211	}
	212	#endif
	213
	214	#endif /* _SSLHANDSHAKE_H_ */