[apple/security.git] / Security / libsecurity_ssl / lib / sslContext.h

/*
 * Copyright (c) 1999-2001,2005-2014 Apple Inc. All Rights Reserved.
 *
 * @APPLE_LICENSE_HEADER_START@
 * 
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 * 
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 * 
 * @APPLE_LICENSE_HEADER_END@
 */

/*
 * sslContext.h - Private SSL typedefs: SSLContext and its components
 */

#ifndef _SSLCONTEXT_H_
#define _SSLCONTEXT_H_ 1

#include "SecureTransport.h"
#include "sslBuildFlags.h"

#include <tls_handshake.h>
#include <tls_record.h>
#include <tls_stream_parser.h>

#ifdef USE_CDSA_CRYPTO
#include <Security/cssmtype.h>
#else
#if TARGET_OS_IPHONE
#include <Security/SecDH.h>
#include <Security/SecKeyInternal.h>
#else
#include "../sec/Security/SecDH.h"  // hack to get SecDH.
// typedef struct OpaqueSecDHContext *SecDHContext;
#endif
#include <corecrypto/ccec.h>
#endif

#include <CoreFoundation/CFRuntime.h>
#include <AssertMacros.h>

#include "sslPriv.h"
#include "tls_ssl.h"
#include "sslDigests.h"
#include "sslRecord.h"
#include "cipherSpecs.h"

#include <dispatch/dispatch.h>

#ifdef __cplusplus
extern "C" {
#endif

typedef struct
{   SSLReadFunc         read;
    SSLWriteFunc        write;
    SSLConnectionRef   	ioRef;
} IOContext;

//FIXME should not need this.
typedef enum
{
    SSL_HdskStateUninit = 0,			/* No Handshake yet */
    SSL_HdskStatePending,               /* Handshake in Progress */
    SSL_HdskStateReady,                 /* Handshake is done */
    SSL_HdskStateGracefulClose,
    SSL_HdskStateErrorClose,
    SSL_HdskStateNoNotifyClose,			/* server disconnected with no
                                         *   notify msg */
} SSLHandshakeState;

#define SSLChangeHdskState(ctx, newState) { ctx->state=newState; }

struct SSLContext
{
	CFRuntimeBase		_base;
    IOContext           ioCtx;


    const struct SSLRecordFuncs *recFuncs;
    SSLRecordContextRef recCtx;

    tls_handshake_t hdsk;

    int readCipher_ready;
    int writeCipher_ready;

    SSLHandshakeState   state;

	/* 
	 * Prior to successful protocol negotiation, negProtocolVersion
	 * is SSL_Version_Undetermined. Subsequent to successful
	 * negotiation, negProtocolVersion contains the actual over-the-wire
	 * protocol value.
	 *
	 * The Boolean versionEnable flags are set by
	 * SSLSetProtocolVersionEnabled or SSLSetProtocolVersion and
	 * remain invariant once negotiation has started. If there
	 * were a large number of these and/or we were adding new
	 * protocol versions on a regular basis, we'd probably want
	 * to implement these as a word of flags. For now, in the
	 * real world, this is the most straightforward implementation.
	 */
    SSLProtocolVersion  negProtocolVersion;	/* negotiated */
    SSLProtocolVersion  clientReqProtocol;	/* requested by client in hello msg */
    SSLProtocolVersion  minProtocolVersion;
    SSLProtocolVersion  maxProtocolVersion;
    Boolean             isDTLS;             /* if this is a Datagram Context */
    SSLProtocolSide     protocolSide;		/* ConnectionEnd enum { server, client } in rfc5246. */

    SSLBuffer           dtlsCookie;         /* DTLS ClientHello cookie */


    uint16_t            selectedCipher;			/* currently selected */


    tls_private_key_t   signingPrivKeyRef;  /* our private signing key */

    tls_private_key_t   encryptPrivKeyRef;  /* our private encrypt key, for
                                              * server-initiated key exchange */


    /* Server DH Parameters */
    SSLBuffer			dhParamsEncoded;	/* PKCS3 encoded blob - prime + generator */

    /*
  	 * Various cert chains.
  	 * For all three, the root is the last in the chain.
  	 */
	SSLCertificate      *localCert;
    SSLCertificate      *encryptCert;
    CFArrayRef          peerCert;

	/*
	 * The arrays we are given via SSLSetCertificate() and SSLSetEncryptionCertificate().
	 * We keep them here, refcounted, solely for the associated getters.
	 */
	CFArrayRef			localCertArray;
	CFArrayRef			encryptCertArray;

	/* peer certs as SecTrustRef */
	SecTrustRef			peerSecTrust;

    CFMutableArrayRef   trustedCerts;
    Boolean             trustedCertsOnly;

    /*
     * trusted leaf certs as specified in SSLSetTrustedLeafCertificates()
     */
    CFArrayRef			trustedLeafCerts;

	Boolean					allowExpiredCerts;
	Boolean					allowExpiredRoots;
	Boolean					enableCertVerify;

    SSLBuffer		    sessionID;
    SSLBuffer			peerID;
    SSLBuffer			resumableSession;       /* We keep a copy for now - but eventually this should go away if we get refcounted SSLBuffers */

    uint16_t            *validCipherSuites;		/* context's valid suites */
    unsigned            numValidCipherSuites;	/* size of validCipherSuites */


    uint16_t            *ecdhCurves;
    unsigned            ecdhNumCurves;

	/* server-side only */
    SSLAuthenticate		clientAuth;				/* kNeverAuthenticate, etc. */
    //Boolean				tryClientAuth;

	/* client and server */
	SSLClientCertificateState	clientCertState;

    DNListElem          *acceptableDNList;		/* client and server */
	CFMutableArrayRef	acceptableCAs;			/* server only - SecCertificateRefs */

    bool                certRequested;
    bool                certSent;
    bool                certReceived;
    bool                x509Requested;

    unsigned            sessionMatch;


	/* Transport layer fields */
    SSLBuffer			receivedDataBuffer;
    size_t              receivedDataPos;

	Boolean				allowAnyRoot;		// don't require known roots
	Boolean				sentFatalAlert;		// this session terminated by fatal alert
	Boolean				rsaBlindingEnable;
	Boolean				oneByteRecordEnable;    /* enable 1/n-1 data splitting for TLSv1 and SSLv3 */

	/* optional session cache timeout (in seconds) override - 0 means default */
	uint32_t 			sessionCacheTimeout;

	/* optional SessionTicket */
	SSLBuffer			sessionTicket;

	/* optional callback to obtain master secret, with its opaque arg */
	SSLInternalMasterSecretFunction	masterSecretCallback;
	const void 			*masterSecretArg;

	#if 	SSL_PAC_SERVER_ENABLE
	/* server PAC resume sets serverRandom early to allow for secret acquisition */
	uint8_t				serverRandomValid;
	#endif

	Boolean				anonCipherEnable;

	/* optional switches to enable additional returns from SSLHandshake */
    Boolean             breakOnServerAuth;
    Boolean             breakOnCertRequest;
    Boolean             breakOnClientAuth;
    Boolean             signalServerAuth;
    Boolean             signalCertRequest;
    Boolean             signalClientAuth;

	/* true iff ECDSA/ECDH ciphers are configured */
	Boolean				ecdsaEnable;

    /* List of peer-specified supported_signature_algorithms */
	unsigned					 numPeerSigAlgs;
	const tls_signature_and_hash_algorithm *peerSigAlgs;

	/* List of server-specified client auth types */
	unsigned					numAuthTypes;
	const tls_client_auth_type *clientAuthTypes;

	/* client auth type actually negotiated */
	tls_client_auth_type	negAuthType;

    /* Timeout for DTLS retransmit */
    CFAbsoluteTime      timeout_deadline;
    CFAbsoluteTime      timeout_duration;
    size_t              mtu;

    /* RFC 5746: Secure renegotiation */
    Boolean             secure_renegotiation;
    Boolean             secure_renegotiation_received;
    SSLBuffer           ownVerifyData;
    SSLBuffer           peerVerifyData;

    /* RFC 4279: TLS PSK */
    SSLBuffer           pskSharedSecret;
    SSLBuffer           pskIdentity;

    /* TLS False Start */
    Boolean             falseStartEnabled; //FalseStart enabled (by API call)
    /* Fallback behavior */
    Boolean             fallbackEnabled; // Fallback behavior enabled.
    /* NPN */
    SSLNPNFunc      npnFunc;
    void            *npnFuncInfo;
};

OSStatus SSLUpdateNegotiatedClientAuthType(SSLContextRef ctx);

Boolean sslIsSessionActive(const SSLContext *ctx);

static inline bool sslVersionIsLikeTls12(SSLContext *ctx)
{
    check(ctx->negProtocolVersion!=SSL_Version_Undetermined);
    return ctx->isDTLS ? ctx->negProtocolVersion > DTLS_Version_1_0 : ctx->negProtocolVersion >= TLS_Version_1_2;
}

/* This is implemented in tls_callbacks.c */
    int sslGetSessionID(SSLContext *myCtx, SSLBuffer *sessionID);

#ifdef __cplusplus
}
#endif

#endif /* _SSLCONTEXT_H_ */
Commit	Line	Data
d8f41ccd A	1	/*
	2	* Copyright (c) 1999-2001,2005-2014 Apple Inc. All Rights Reserved.
	3	*
	4	* @APPLE_LICENSE_HEADER_START@
	5	*
	6	* This file contains Original Code and/or Modifications of Original Code
	7	* as defined in and that are subject to the Apple Public Source License
	8	* Version 2.0 (the 'License'). You may not use this file except in
	9	* compliance with the License. Please obtain a copy of the License at
	10	* http://www.opensource.apple.com/apsl/ and read it before using this
	11	* file.
	12	*
	13	* The Original Code and all software distributed under the License are
	14	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	15	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	16	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
	17	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
	18	* Please see the License for the specific language governing rights and
	19	* limitations under the License.
	20	*
	21	* @APPLE_LICENSE_HEADER_END@
	22	*/
	23
	24	/*
	25	* sslContext.h - Private SSL typedefs: SSLContext and its components
	26	*/
	27
	28	#ifndef _SSLCONTEXT_H_
	29	#define _SSLCONTEXT_H_ 1
	30
	31	#include "SecureTransport.h"
	32	#include "sslBuildFlags.h"
	33
	34	#include <tls_handshake.h>
	35	#include <tls_record.h>
	36	#include <tls_stream_parser.h>
	37
	38	#ifdef USE_CDSA_CRYPTO
	39	#include <Security/cssmtype.h>
	40	#else
	41	#if TARGET_OS_IPHONE
	42	#include <Security/SecDH.h>
	43	#include <Security/SecKeyInternal.h>
	44	#else
	45	#include "../sec/Security/SecDH.h" // hack to get SecDH.
	46	// typedef struct OpaqueSecDHContext *SecDHContext;
	47	#endif
	48	#include <corecrypto/ccec.h>
	49	#endif
	50
	51	#include <CoreFoundation/CFRuntime.h>
	52	#include <AssertMacros.h>
	53
	54	#include "sslPriv.h"
	55	#include "tls_ssl.h"
	56	#include "sslDigests.h"
	57	#include "sslRecord.h"
	58	#include "cipherSpecs.h"
	59
	60	#include <dispatch/dispatch.h>
	61
	62	#ifdef __cplusplus
	63	extern "C" {
	64	#endif
65
66	typedef struct
67	{ SSLReadFunc read;
68	SSLWriteFunc write;
69	SSLConnectionRef ioRef;
70	} IOContext;
71
72	//FIXME should not need this.
73	typedef enum
74	{
75	SSL_HdskStateUninit = 0, /* No Handshake yet */
76	SSL_HdskStatePending, /* Handshake in Progress */
77	SSL_HdskStateReady, /* Handshake is done */
78	SSL_HdskStateGracefulClose,
79	SSL_HdskStateErrorClose,
80	SSL_HdskStateNoNotifyClose, /* server disconnected with no
81	* notify msg */
82	} SSLHandshakeState;
83
84	#define SSLChangeHdskState(ctx, newState) { ctx->state=newState; }
85
86	struct SSLContext
87	{
88	CFRuntimeBase _base;
89	IOContext ioCtx;
90
91
92	const struct SSLRecordFuncs *recFuncs;
93	SSLRecordContextRef recCtx;
94
95	tls_handshake_t hdsk;
96
97	int readCipher_ready;
98	int writeCipher_ready;
99
100	SSLHandshakeState state;
101
102	/*
103	* Prior to successful protocol negotiation, negProtocolVersion
104	* is SSL_Version_Undetermined. Subsequent to successful
105	* negotiation, negProtocolVersion contains the actual over-the-wire
106	* protocol value.
107	*
108	* The Boolean versionEnable flags are set by
109	* SSLSetProtocolVersionEnabled or SSLSetProtocolVersion and
110	* remain invariant once negotiation has started. If there
111	* were a large number of these and/or we were adding new
112	* protocol versions on a regular basis, we'd probably want
113	* to implement these as a word of flags. For now, in the
114	* real world, this is the most straightforward implementation.
115	*/
116	SSLProtocolVersion negProtocolVersion; /* negotiated */
117	SSLProtocolVersion clientReqProtocol; /* requested by client in hello msg */
118	SSLProtocolVersion minProtocolVersion;
119	SSLProtocolVersion maxProtocolVersion;
120	Boolean isDTLS; /* if this is a Datagram Context */
121	SSLProtocolSide protocolSide; /* ConnectionEnd enum { server, client } in rfc5246. */
122
123	SSLBuffer dtlsCookie; /* DTLS ClientHello cookie */
124
125
126	uint16_t selectedCipher; /* currently selected */
127
128
129	tls_private_key_t signingPrivKeyRef; /* our private signing key */
130
131	tls_private_key_t encryptPrivKeyRef; /* our private encrypt key, for
132	* server-initiated key exchange */
133
134
135	/* Server DH Parameters */
136	SSLBuffer dhParamsEncoded; /* PKCS3 encoded blob - prime + generator */
137
138	/*
139	* Various cert chains.
140	* For all three, the root is the last in the chain.
141	*/
142	SSLCertificate *localCert;
143	SSLCertificate *encryptCert;
144	CFArrayRef peerCert;
145
146	/*
147	* The arrays we are given via SSLSetCertificate() and SSLSetEncryptionCertificate().
148	* We keep them here, refcounted, solely for the associated getters.
149	*/
150	CFArrayRef localCertArray;
151	CFArrayRef encryptCertArray;
152
153	/* peer certs as SecTrustRef */
154	SecTrustRef peerSecTrust;
155
156	CFMutableArrayRef trustedCerts;
157	Boolean trustedCertsOnly;
158
159	/*
160	* trusted leaf certs as specified in SSLSetTrustedLeafCertificates()
161	*/
162	CFArrayRef trustedLeafCerts;
163
164	Boolean allowExpiredCerts;
165	Boolean allowExpiredRoots;
166	Boolean enableCertVerify;
167
168	SSLBuffer sessionID;
169	SSLBuffer peerID;
170	SSLBuffer resumableSession; /* We keep a copy for now - but eventually this should go away if we get refcounted SSLBuffers */
171
172	uint16_t validCipherSuites; / context's valid suites */
173	unsigned numValidCipherSuites; /* size of validCipherSuites */
174
175
176	uint16_t *ecdhCurves;
177	unsigned ecdhNumCurves;
178
179	/* server-side only */
180	SSLAuthenticate clientAuth; /* kNeverAuthenticate, etc. */
181	//Boolean tryClientAuth;
182
183	/* client and server */
184	SSLClientCertificateState clientCertState;
185
186	DNListElem acceptableDNList; / client and server */
187	CFMutableArrayRef acceptableCAs; /* server only - SecCertificateRefs */
188
189	bool certRequested;
190	bool certSent;
191	bool certReceived;
192	bool x509Requested;
193
194	unsigned sessionMatch;
195
196
197	/* Transport layer fields */
198	SSLBuffer receivedDataBuffer;
199	size_t receivedDataPos;
200
201	Boolean allowAnyRoot; // don't require known roots
202	Boolean sentFatalAlert; // this session terminated by fatal alert
203	Boolean rsaBlindingEnable;
204	Boolean oneByteRecordEnable; /* enable 1/n-1 data splitting for TLSv1 and SSLv3 */
205
206	/* optional session cache timeout (in seconds) override - 0 means default */
207	uint32_t sessionCacheTimeout;
208
209	/* optional SessionTicket */
210	SSLBuffer sessionTicket;
211
212	/* optional callback to obtain master secret, with its opaque arg */
213	SSLInternalMasterSecretFunction masterSecretCallback;
214	const void *masterSecretArg;
215
216	#if SSL_PAC_SERVER_ENABLE
217	/* server PAC resume sets serverRandom early to allow for secret acquisition */
218	uint8_t serverRandomValid;
219	#endif
220
221	Boolean anonCipherEnable;
222
223	/* optional switches to enable additional returns from SSLHandshake */
224	Boolean breakOnServerAuth;
225	Boolean breakOnCertRequest;
226	Boolean breakOnClientAuth;
227	Boolean signalServerAuth;
228	Boolean signalCertRequest;
229	Boolean signalClientAuth;
230
231	/* true iff ECDSA/ECDH ciphers are configured */
232	Boolean ecdsaEnable;
233
234	/* List of peer-specified supported_signature_algorithms */
235	unsigned numPeerSigAlgs;
236	const tls_signature_and_hash_algorithm *peerSigAlgs;
237
238	/* List of server-specified client auth types */
239	unsigned numAuthTypes;
240	const tls_client_auth_type *clientAuthTypes;
241
242	/* client auth type actually negotiated */
243	tls_client_auth_type negAuthType;
244
245	/* Timeout for DTLS retransmit */
246	CFAbsoluteTime timeout_deadline;
247	CFAbsoluteTime timeout_duration;
248	size_t mtu;
249
250	/* RFC 5746: Secure renegotiation */
251	Boolean secure_renegotiation;
252	Boolean secure_renegotiation_received;
253	SSLBuffer ownVerifyData;
254	SSLBuffer peerVerifyData;
255
256	/* RFC 4279: TLS PSK */
257	SSLBuffer pskSharedSecret;
258	SSLBuffer pskIdentity;
259
260	/* TLS False Start */
261	Boolean falseStartEnabled; //FalseStart enabled (by API call)
262	/* Fallback behavior */
263	Boolean fallbackEnabled; // Fallback behavior enabled.
264	/* NPN */
265	SSLNPNFunc npnFunc;
266	void *npnFuncInfo;
267	};
268
269	OSStatus SSLUpdateNegotiatedClientAuthType(SSLContextRef ctx);
270
271	Boolean sslIsSessionActive(const SSLContext *ctx);
272
273	static inline bool sslVersionIsLikeTls12(SSLContext *ctx)
274	{
275	check(ctx->negProtocolVersion!=SSL_Version_Undetermined);
276	return ctx->isDTLS ? ctx->negProtocolVersion > DTLS_Version_1_0 : ctx->negProtocolVersion >= TLS_Version_1_2;
277	}
278
279	/* This is implemented in tls_callbacks.c */
280	int sslGetSessionID(SSLContext myCtx, SSLBuffer sessionID);
281
282	#ifdef __cplusplus
283	}
284	#endif
285
286	#endif /* _SSLCONTEXT_H_ */