[apple/security.git] / OSX / libsecurity_ssl / lib / sslContext.h

/*
 * Copyright (c) 1999-2001,2005-2014 Apple Inc. All Rights Reserved.
 *
 * @APPLE_LICENSE_HEADER_START@
 * 
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 * 
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 * 
 * @APPLE_LICENSE_HEADER_END@
 */

/*
 * sslContext.h - Private SSL typedefs: SSLContext and its components
 */

#ifndef _SSLCONTEXT_H_
#define _SSLCONTEXT_H_ 1

#include "SecureTransport.h"
#include "sslBuildFlags.h"

#include <tls_handshake.h>
#include <tls_record.h>
#include <tls_stream_parser.h>
#include <tls_cache.h>

#ifdef USE_CDSA_CRYPTO
#include <Security/cssmtype.h>
#else
#if TARGET_OS_IPHONE
#include <Security/SecDH.h>
#include <Security/SecKeyInternal.h>
#else
#include "../sec/Security/SecDH.h"  // hack to get SecDH.
// typedef struct OpaqueSecDHContext *SecDHContext;
#endif
#include <corecrypto/ccec.h>
#endif

#include <CoreFoundation/CFRuntime.h>
#include <AssertMacros.h>

#include "sslPriv.h"
#include "sslRecord.h"
#include "cipherSpecs.h"

#include <dispatch/dispatch.h>

#ifdef __cplusplus
extern "C" {
#endif

typedef struct
{   SSLReadFunc         read;
    SSLWriteFunc        write;
    SSLConnectionRef   	ioRef;
} IOContext;

//FIXME should not need this.
typedef enum
{
    SSL_HdskStateUninit = 0,			/* No Handshake yet */
    SSL_HdskStatePending,               /* Handshake in Progress */
    SSL_HdskStateReady,                 /* Handshake is done */
    SSL_HdskStateGracefulClose,
    SSL_HdskStateErrorClose,
    SSL_HdskStateNoNotifyClose,			/* Server disconnected with no notify msg */
    SSL_HdskStateOutOfBandError,        /* The caller encountered an error with out-of-band message processing */
} SSLHandshakeState;

#define SSLChangeHdskState(ctx, newState) { ctx->state=newState; }

struct SSLContext
{
	CFRuntimeBase		_base;
    IOContext           ioCtx;

    const struct SSLRecordFuncs *recFuncs;
    SSLRecordContextRef recCtx;

    tls_handshake_t hdsk;
    tls_cache_t cache;
    int readCipher_ready;
    int writeCipher_ready;

    SSLHandshakeState   state;
    OSStatus outOfBandError;

	/* 
	 * Prior to successful protocol negotiation, negProtocolVersion
	 * is SSL_Version_Undetermined. Subsequent to successful
	 * negotiation, negProtocolVersion contains the actual over-the-wire
	 * protocol value.
	 *
	 * The Boolean versionEnable flags are set by
	 * SSLSetProtocolVersionEnabled or SSLSetProtocolVersion and
	 * remain invariant once negotiation has started. If there
	 * were a large number of these and/or we were adding new
	 * protocol versions on a regular basis, we'd probably want
	 * to implement these as a word of flags. For now, in the
	 * real world, this is the most straightforward implementation.
	 */
    tls_protocol_version  negProtocolVersion;	/* negotiated */
    tls_protocol_version  clientReqProtocol;	/* requested by client in hello msg */
    tls_protocol_version  minProtocolVersion;
    tls_protocol_version  maxProtocolVersion;
    Boolean             isDTLS;             /* if this is a Datagram Context */
    SSLProtocolSide     protocolSide;		/* ConnectionEnd enum { server, client } in rfc5246. */

    SSLBuffer           dtlsCookie;         /* DTLS ClientHello cookie */


    uint16_t            selectedCipher;		/* currently selected */

    /* Server DH Parameters */
    SSLBuffer			dhParamsEncoded;	/* PKCS3 encoded blob - prime + generator */

	/*
	 * The arrays we are given via SSLSetCertificate() and SSLSetEncryptionCertificate().
	 * We keep them here, refcounted, solely for the associated getter.
	 */
    CFArrayRef			localCertArray;
    CFArrayRef			encryptCertArray;

	/* peer certs as SecTrustRef */
	SecTrustRef			peerSecTrust;

    CFMutableArrayRef   trustedCerts;
    Boolean             trustedCertsOnly;

#if !TARGET_OS_IPHONE
    /*
     * trusted leaf certs as specified in SSLSetTrustedLeafCertificates()
     */
    CFArrayRef			trustedLeafCerts;
#endif

	Boolean					allowExpiredCerts;
	Boolean					allowExpiredRoots;
	Boolean					enableCertVerify;

    SSLBuffer		    sessionID;
    SSLBuffer			peerID;
    SSLBuffer			resumableSession;       /* We keep a copy for now - but eventually this should go away if we get refcounted SSLBuffers */

    uint16_t            *ecdhCurves;
    unsigned            ecdhNumCurves;

	/* server-side only */
    SSLAuthenticate		clientAuth;				/* kNeverAuthenticate, etc. */

	/* client and server */
	SSLClientCertificateState	clientCertState;

    DNListElem          *acceptableDNList;		/* client and server */
	CFMutableArrayRef	acceptableCAs;			/* server only - SecCertificateRefs */

    bool                certRequested;
    bool                certSent;
    bool                certReceived;
    bool                x509Requested;

    unsigned            sessionMatch;


	/* Transport layer fields */
    SSLBuffer			receivedDataBuffer;
    size_t              receivedDataPos;

	Boolean				allowAnyRoot;		// don't require known roots
	Boolean				sentFatalAlert;		// this session terminated by fatal alert
	Boolean				rsaBlindingEnable;
	Boolean				oneByteRecordEnable;    /* enable 1/n-1 data splitting for TLSv1 and SSLv3 */

	/* optional session cache timeout (in seconds) override - 0 means default */
	uint32_t 			sessionCacheTimeout;

	/* optional SessionTicket */
	SSLBuffer			sessionTicket;

	/* optional callback to obtain master secret, with its opaque arg */
	SSLInternalMasterSecretFunction	masterSecretCallback;
	const void 			*masterSecretArg;

	#if 	SSL_PAC_SERVER_ENABLE
	/* server PAC resume sets serverRandom early to allow for secret acquisition */
	uint8_t				serverRandomValid;
	#endif

	Boolean				anonCipherEnable;

	/* optional switches to enable additional returns from SSLHandshake */
    Boolean             breakOnServerAuth;
    Boolean             breakOnCertRequest;
    Boolean             breakOnClientAuth;
    Boolean             signalServerAuth;
    Boolean             signalCertRequest;
    Boolean             signalClientAuth;
    Boolean             breakOnClientHello;
    Boolean             allowServerIdentityChange;
    Boolean             allowRenegotiation;
    Boolean             enableSessionTickets;

    /* cached configuration buffer */
    SSLBuffer           contextConfigurationBuffer;

    /* List of peer-specified supported_signature_algorithms */
	unsigned					 numPeerSigAlgs;
	const tls_signature_and_hash_algorithm *peerSigAlgs;

	/* List of server-specified client auth types */
	unsigned					numAuthTypes;
	const tls_client_auth_type *clientAuthTypes;

    /* Timeout for DTLS retransmit */
    CFAbsoluteTime      timeout_deadline;
    CFAbsoluteTime      timeout_duration;
    size_t              mtu;

    /* RFC 5746: Secure renegotiation */
    Boolean             secure_renegotiation;
    Boolean             secure_renegotiation_received;
    SSLBuffer           ownVerifyData;
    SSLBuffer           peerVerifyData;

    /* RFC 4279: TLS PSK */
    SSLBuffer           pskSharedSecret;
    SSLBuffer           pskIdentity;

    /* TLS False Start */
    Boolean             falseStartEnabled; //FalseStart enabled (by API call)
    /* Fallback behavior */
    Boolean             fallbackEnabled; // Fallback behavior enabled.
    /* NPN */
    SSLNPNFunc      npnFunc;
    void            *npnFuncInfo;

    /* ALPN */
    SSLALPNFunc     alpnFunc;
    void            *alpnFuncInfo;

    /* Enable DHE or not */
    bool            dheEnabled;

    /* For early failure reporting */
    bool    serverHelloReceived;
};

OSStatus SSLUpdateNegotiatedClientAuthType(SSLContextRef ctx);

Boolean sslIsSessionActive(const SSLContext *ctx);

static inline bool sslVersionIsLikeTls12(SSLContext *ctx)
{
    check(ctx->negProtocolVersion!=SSL_Version_Undetermined);
    return ctx->isDTLS ? ctx->negProtocolVersion > DTLS_Version_1_0 : ctx->negProtocolVersion >= TLS_Version_1_2;
}

OSStatus SSLGetSessionConfigurationIdentifier(SSLContext *ctx, SSLBuffer *buffer);

/* This is implemented in tls_callbacks.c */
int sslGetSessionID(SSLContext *myCtx, SSLBuffer *sessionID);

#ifdef __cplusplus
}
#endif

#endif /* _SSLCONTEXT_H_ */
Commit	Line	Data
d8f41ccd A	1	/*
	2	* Copyright (c) 1999-2001,2005-2014 Apple Inc. All Rights Reserved.
	3	*
	4	* @APPLE_LICENSE_HEADER_START@
	5	*
	6	* This file contains Original Code and/or Modifications of Original Code
	7	* as defined in and that are subject to the Apple Public Source License
	8	* Version 2.0 (the 'License'). You may not use this file except in
	9	* compliance with the License. Please obtain a copy of the License at
	10	* http://www.opensource.apple.com/apsl/ and read it before using this
	11	* file.
	12	*
	13	* The Original Code and all software distributed under the License are
	14	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	15	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	16	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
	17	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
	18	* Please see the License for the specific language governing rights and
	19	* limitations under the License.
	20	*
	21	* @APPLE_LICENSE_HEADER_END@
	22	*/
	23
	24	/*
	25	* sslContext.h - Private SSL typedefs: SSLContext and its components
	26	*/
	27
	28	#ifndef _SSLCONTEXT_H_
	29	#define _SSLCONTEXT_H_ 1
	30
	31	#include "SecureTransport.h"
	32	#include "sslBuildFlags.h"
	33
	34	#include <tls_handshake.h>
	35	#include <tls_record.h>
	36	#include <tls_stream_parser.h>
fa7225c8	37	#include <tls_cache.h>
d8f41ccd	38
866f8763 A	39	#ifdef USE_CDSA_CRYPTO
	40	#include <Security/cssmtype.h>
	41	#else
d8f41ccd A	42	#if TARGET_OS_IPHONE
	43	#include <Security/SecDH.h>
	44	#include <Security/SecKeyInternal.h>
	45	#else
	46	#include "../sec/Security/SecDH.h" // hack to get SecDH.
	47	// typedef struct OpaqueSecDHContext *SecDHContext;
	48	#endif
	49	#include <corecrypto/ccec.h>
866f8763	50	#endif
d8f41ccd A	51
	52	#include <CoreFoundation/CFRuntime.h>
	53	#include <AssertMacros.h>
	54
	55	#include "sslPriv.h"
d8f41ccd A	56	#include "sslRecord.h"
	57	#include "cipherSpecs.h"
	58
	59	#include <dispatch/dispatch.h>
	60
	61	#ifdef __cplusplus
	62	extern "C" {
	63	#endif
	64
	65	typedef struct
	66	{ SSLReadFunc read;
	67	SSLWriteFunc write;
	68	SSLConnectionRef ioRef;
	69	} IOContext;
	70
	71	//FIXME should not need this.
	72	typedef enum
	73	{
	74	SSL_HdskStateUninit = 0, /* No Handshake yet */
	75	SSL_HdskStatePending, /* Handshake in Progress */
	76	SSL_HdskStateReady, /* Handshake is done */
	77	SSL_HdskStateGracefulClose,
	78	SSL_HdskStateErrorClose,
866f8763 A	79	SSL_HdskStateNoNotifyClose, /* Server disconnected with no notify msg */
866f8763 A	80	SSL_HdskStateOutOfBandError, /* The caller encountered an error with out-of-band message processing */
d8f41ccd A	81	} SSLHandshakeState;
	82
	83	#define SSLChangeHdskState(ctx, newState) { ctx->state=newState; }
	84
	85	struct SSLContext
	86	{
	87	CFRuntimeBase _base;
	88	IOContext ioCtx;
	89
d8f41ccd A	90	const struct SSLRecordFuncs *recFuncs;
	91	SSLRecordContextRef recCtx;
	92
	93	tls_handshake_t hdsk;
fa7225c8	94	tls_cache_t cache;
d8f41ccd A	95	int readCipher_ready;
	96	int writeCipher_ready;
	97
	98	SSLHandshakeState state;
866f8763	99	OSStatus outOfBandError;
d8f41ccd A	100
	101	/*
	102	* Prior to successful protocol negotiation, negProtocolVersion
	103	* is SSL_Version_Undetermined. Subsequent to successful
	104	* negotiation, negProtocolVersion contains the actual over-the-wire
	105	* protocol value.
	106	*
	107	* The Boolean versionEnable flags are set by
	108	* SSLSetProtocolVersionEnabled or SSLSetProtocolVersion and
	109	* remain invariant once negotiation has started. If there
	110	* were a large number of these and/or we were adding new
	111	* protocol versions on a regular basis, we'd probably want
	112	* to implement these as a word of flags. For now, in the
	113	* real world, this is the most straightforward implementation.
	114	*/
5c19dc3a A	115	tls_protocol_version negProtocolVersion; /* negotiated */
	116	tls_protocol_version clientReqProtocol; /* requested by client in hello msg */
	117	tls_protocol_version minProtocolVersion;
	118	tls_protocol_version maxProtocolVersion;
d8f41ccd A	119	Boolean isDTLS; /* if this is a Datagram Context */
	120	SSLProtocolSide protocolSide; /* ConnectionEnd enum { server, client } in rfc5246. */
	121
	122	SSLBuffer dtlsCookie; /* DTLS ClientHello cookie */
	123
	124
5c19dc3a	125	uint16_t selectedCipher; /* currently selected */
d8f41ccd	126
d8f41ccd A	127	/* Server DH Parameters */
	128	SSLBuffer dhParamsEncoded; /* PKCS3 encoded blob - prime + generator */
	129
d8f41ccd A	130	/*
d8f41ccd A	131	* The arrays we are given via SSLSetCertificate() and SSLSetEncryptionCertificate().
5c19dc3a	132	* We keep them here, refcounted, solely for the associated getter.
d8f41ccd	133	*/
5c19dc3a A	134	CFArrayRef localCertArray;
5c19dc3a A	135	CFArrayRef encryptCertArray;
d8f41ccd A	136
	137	/* peer certs as SecTrustRef */
	138	SecTrustRef peerSecTrust;
	139
	140	CFMutableArrayRef trustedCerts;
	141	Boolean trustedCertsOnly;
	142
fa7225c8	143	#if !TARGET_OS_IPHONE
d8f41ccd A	144	/*
	145	* trusted leaf certs as specified in SSLSetTrustedLeafCertificates()
	146	*/
	147	CFArrayRef trustedLeafCerts;
fa7225c8	148	#endif
d8f41ccd A	149
	150	Boolean allowExpiredCerts;
	151	Boolean allowExpiredRoots;
	152	Boolean enableCertVerify;
	153
	154	SSLBuffer sessionID;
	155	SSLBuffer peerID;
	156	SSLBuffer resumableSession; /* We keep a copy for now - but eventually this should go away if we get refcounted SSLBuffers */
	157
d8f41ccd A	158	uint16_t *ecdhCurves;
	159	unsigned ecdhNumCurves;
	160
	161	/* server-side only */
	162	SSLAuthenticate clientAuth; /* kNeverAuthenticate, etc. */
d8f41ccd A	163
	164	/* client and server */
	165	SSLClientCertificateState clientCertState;
	166
	167	DNListElem acceptableDNList; / client and server */
	168	CFMutableArrayRef acceptableCAs; /* server only - SecCertificateRefs */
	169
	170	bool certRequested;
	171	bool certSent;
	172	bool certReceived;
	173	bool x509Requested;
	174
	175	unsigned sessionMatch;
	176
	177
	178	/* Transport layer fields */
	179	SSLBuffer receivedDataBuffer;
	180	size_t receivedDataPos;
	181
	182	Boolean allowAnyRoot; // don't require known roots
	183	Boolean sentFatalAlert; // this session terminated by fatal alert
	184	Boolean rsaBlindingEnable;
	185	Boolean oneByteRecordEnable; /* enable 1/n-1 data splitting for TLSv1 and SSLv3 */
	186
	187	/* optional session cache timeout (in seconds) override - 0 means default */
	188	uint32_t sessionCacheTimeout;
	189
	190	/* optional SessionTicket */
	191	SSLBuffer sessionTicket;
	192
	193	/* optional callback to obtain master secret, with its opaque arg */
	194	SSLInternalMasterSecretFunction masterSecretCallback;
	195	const void *masterSecretArg;
	196
	197	#if SSL_PAC_SERVER_ENABLE
	198	/* server PAC resume sets serverRandom early to allow for secret acquisition */
	199	uint8_t serverRandomValid;
	200	#endif
	201
	202	Boolean anonCipherEnable;
	203
	204	/* optional switches to enable additional returns from SSLHandshake */
	205	Boolean breakOnServerAuth;
	206	Boolean breakOnCertRequest;
	207	Boolean breakOnClientAuth;
	208	Boolean signalServerAuth;
	209	Boolean signalCertRequest;
	210	Boolean signalClientAuth;
5c19dc3a	211	Boolean breakOnClientHello;
866f8763 A	212	Boolean allowServerIdentityChange;
	213	Boolean allowRenegotiation;
	214	Boolean enableSessionTickets;
	215
	216	/* cached configuration buffer */
	217	SSLBuffer contextConfigurationBuffer;
d8f41ccd A	218
	219	/* List of peer-specified supported_signature_algorithms */
	220	unsigned numPeerSigAlgs;
	221	const tls_signature_and_hash_algorithm *peerSigAlgs;
	222
	223	/* List of server-specified client auth types */
	224	unsigned numAuthTypes;
	225	const tls_client_auth_type *clientAuthTypes;
	226
d8f41ccd A	227	/* Timeout for DTLS retransmit */
	228	CFAbsoluteTime timeout_deadline;
	229	CFAbsoluteTime timeout_duration;
	230	size_t mtu;
	231
	232	/* RFC 5746: Secure renegotiation */
	233	Boolean secure_renegotiation;
	234	Boolean secure_renegotiation_received;
	235	SSLBuffer ownVerifyData;
	236	SSLBuffer peerVerifyData;
	237
	238	/* RFC 4279: TLS PSK */
	239	SSLBuffer pskSharedSecret;
	240	SSLBuffer pskIdentity;
	241
	242	/* TLS False Start */
	243	Boolean falseStartEnabled; //FalseStart enabled (by API call)
	244	/* Fallback behavior */
	245	Boolean fallbackEnabled; // Fallback behavior enabled.
	246	/* NPN */
	247	SSLNPNFunc npnFunc;
	248	void *npnFuncInfo;
5c19dc3a A	249
	250	/* ALPN */
	251	SSLALPNFunc alpnFunc;
	252	void *alpnFuncInfo;
	253
	254	/* Enable DHE or not */
	255	bool dheEnabled;
	256
	257	/* For early failure reporting */
	258	bool serverHelloReceived;
d8f41ccd A	259	};
	260
	261	OSStatus SSLUpdateNegotiatedClientAuthType(SSLContextRef ctx);
	262
	263	Boolean sslIsSessionActive(const SSLContext *ctx);
	264
	265	static inline bool sslVersionIsLikeTls12(SSLContext *ctx)
	266	{
	267	check(ctx->negProtocolVersion!=SSL_Version_Undetermined);
	268	return ctx->isDTLS ? ctx->negProtocolVersion > DTLS_Version_1_0 : ctx->negProtocolVersion >= TLS_Version_1_2;
	269	}
	270
866f8763 A	271	OSStatus SSLGetSessionConfigurationIdentifier(SSLContext ctx, SSLBuffer buffer);
866f8763 A	272
d8f41ccd	273	/* This is implemented in tls_callbacks.c */
866f8763	274	int sslGetSessionID(SSLContext myCtx, SSLBuffer sessionID);
d8f41ccd A	275
	276	#ifdef __cplusplus
	277	}
	278	#endif
	279
	280	#endif /* _SSLCONTEXT_H_ */