projects / apple / security.git / blame
| Commit | Line | Data |
|---|---|---|
| 427c49bc A |
1 | /* |
| 2 | * Copyright (c) 2002,2005-2007,2010-2011 Apple Inc. All Rights Reserved. | |
| 3 | * | |
| 4 | * @APPLE_LICENSE_HEADER_START@ | |
| 5 | * | |
| 6 | * This file contains Original Code and/or Modifications of Original Code | |
| 7 | * as defined in and that are subject to the Apple Public Source License | |
| 8 | * Version 2.0 (the 'License'). You may not use this file except in | |
| 9 | * compliance with the License. Please obtain a copy of the License at | |
| 10 | * http://www.opensource.apple.com/apsl/ and read it before using this | |
| 11 | * file. | |
| 12 | * | |
| 13 | * The Original Code and all software distributed under the License are | |
| 14 | * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER | |
| 15 | * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, | |
| 16 | * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, | |
| 17 | * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. | |
| 18 | * Please see the License for the specific language governing rights and | |
| 19 | * limitations under the License. | |
| 20 | * | |
| 21 | * @APPLE_LICENSE_HEADER_END@ | |
| 22 | */ | |
| 23 | ||
| 24 | /* | |
| 25 | * tls_record.h - Declarations of record layer callout struct to provide indirect calls to | |
| 26 | * SSLv3 and TLS routines. | |
| 27 | */ | |
| 28 | ||
| 29 | #ifndef _TLS_RECORD_H_ | |
| 30 | #define _TLS_RECORD_H_ | |
| 31 | ||
| 32 | #ifdef __cplusplus | |
| 33 | extern "C" { | |
| 34 | #endif | |
| 35 | ||
| 36 | // #include "sslRecord.h" | |
| 37 | ||
| 38 | #include "sslTypes.h" | |
| 39 | #include "cryptType.h" | |
| 40 | #include "sslMemory.h" | |
| 41 | #include "SSLRecordInternal.h" | |
| 42 | ||
| 43 | struct SSLRecordInternalContext; | |
| 44 | ||
| 45 | /*** | |
| 46 | *** Each of {TLS, SSLv3} implements each of these functions. | |
| 47 | ***/ | |
| 48 | ||
| 49 | /* unpack, decrypt, validate one record */ | |
| 50 | typedef int (*decryptRecordFcn) ( | |
| 51 | uint8_t type, | |
| 52 | SSLBuffer *payload, | |
| 53 | struct SSLRecordInternalContext *ctx); | |
| 54 | ||
| 55 | /* pack, encrypt, mac, queue one outgoing record */ | |
| 56 | typedef int (*writeRecordFcn) ( | |
| 57 | SSLRecord rec, | |
| 58 | struct SSLRecordInternalContext *ctx); | |
| 59 | ||
| 60 | /* initialize a per-CipherContext HashHmacContext for use in MACing each record */ | |
| 61 | typedef int (*initMacFcn) ( | |
| 62 | CipherContext *cipherCtx // macRef, macSecret valid on entry | |
| 63 | // macCtx valid on return | |
| 64 | ); | |
| 65 | ||
| 66 | /* free per-CipherContext HashHmacContext */ | |
| 67 | typedef int (*freeMacFcn) ( | |
| 68 | CipherContext *cipherCtx); | |
| 69 | ||
| 70 | /* compute MAC on one record */ | |
| 71 | typedef int (*computeMacFcn) ( | |
| 72 | uint8_t type, | |
| 73 | SSLBuffer data, | |
| 74 | SSLBuffer mac, // caller mallocs data | |
| 75 | CipherContext *cipherCtx, // assumes macCtx, macRef | |
| 76 | sslUint64 seqNo, | |
| 77 | struct SSLRecordInternalContext *ctx); | |
| 78 | ||
| 79 | ||
| 80 | typedef struct _SslRecordCallouts { | |
| 81 | decryptRecordFcn decryptRecord; | |
| 82 | writeRecordFcn writeRecord; | |
| 83 | initMacFcn initMac; | |
| 84 | freeMacFcn freeMac; | |
| 85 | computeMacFcn computeMac; | |
| 86 | } SslRecordCallouts; | |
| 87 | ||
| 88 | ||
| 89 | /* From ssl3RecordCallouts.c and tls1RecordCallouts.c */ | |
| 90 | extern const SslRecordCallouts Ssl3RecordCallouts; | |
| 91 | extern const SslRecordCallouts Tls1RecordCallouts; | |
| 92 | ||
| 93 | /* one callout routine used in common (for now) */ | |
| 94 | int ssl3WriteRecord( | |
| 95 | SSLRecord rec, | |
| 96 | struct SSLRecordInternalContext *ctx); | |
| 97 | ||
| 98 | ||
| 99 | typedef struct WaitingRecord | |
| 100 | { struct WaitingRecord *next; | |
| 101 | size_t sent; | |
| 102 | /* | |
| 103 | * These two fields replace a dynamically allocated SSLBuffer; | |
| 104 | * the payload to write is contained in the variable-length | |
| 105 | * array data[]. | |
| 106 | */ | |
| 107 | size_t length; | |
| 108 | uint8_t data[1]; | |
| 109 | } WaitingRecord; | |
| 110 | ||
| 111 | typedef struct { | |
| 112 | const HashHmacReference *macAlgorithm; | |
| 113 | const SSLSymmetricCipher *cipher; | |
| 114 | } SSLRecordCipherSpec; | |
| 115 | ||
| 116 | ||
| 117 | ||
| 118 | struct SSLRecordInternalContext | |
| 119 | { | |
| 120 | /* I/O */ | |
| 121 | SSLIOReadFunc read; | |
| 122 | SSLIOWriteFunc write; | |
| 123 | SSLIOConnectionRef ioRef; | |
| 124 | ||
| 125 | /* buffering */ | |
| 126 | SSLBuffer partialReadBuffer; | |
| 127 | size_t amountRead; | |
| 128 | WaitingRecord *recordWriteQueue; | |
| 129 | ||
| 130 | /* ciphers */ | |
| 131 | uint16_t selectedCipher; /* currently selected */ | |
| 132 | SSLRecordCipherSpec selectedCipherSpec; /* ditto */ | |
| 133 | CipherContext readCipher; | |
| 134 | CipherContext writeCipher; | |
| 135 | CipherContext readPending; | |
| 136 | CipherContext writePending; | |
| 137 | CipherContext prevCipher; /* previous write cipher context, used for retransmit */ | |
| 138 | ||
| 139 | /* protocol */ | |
| 140 | bool isDTLS; | |
| 141 | SSLProtocolVersion negProtocolVersion; /* negotiated */ | |
| 142 | const SslRecordCallouts *sslTslCalls; | |
| 143 | ||
| 144 | }; | |
| 145 | ||
| 146 | /* Function called from the ssl3/tls1 callouts */ | |
| 147 | ||
| 148 | int SSLVerifyMac( | |
| 149 | uint8_t type, | |
| 150 | SSLBuffer *data, | |
| 151 | uint8_t *compareMAC, | |
| 152 | struct SSLRecordInternalContext *ctx); | |
| 153 | ||
| 154 | #ifdef __cplusplus | |
| 155 | } | |
| 156 | #endif | |
| 157 | ||
| 158 | #endif /* _TLS_SSL_H_ */ |