[apple/security.git] / OSX / libsecurity_ssl / lib / sslContext.h

/*
 * Copyright (c) 1999-2001,2005-2014 Apple Inc. All Rights Reserved.
 *
 * @APPLE_LICENSE_HEADER_START@
 * 
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 * 
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 * 
 * @APPLE_LICENSE_HEADER_END@
 */

/*
 * sslContext.h - Private SSL typedefs: SSLContext and its components
 */

#ifndef _SSLCONTEXT_H_
#define _SSLCONTEXT_H_ 1

#include "SecureTransport.h"
#include "sslBuildFlags.h"

#include <tls_handshake.h>
#include <tls_record.h>
#include <tls_stream_parser.h>

#ifdef USE_CDSA_CRYPTO
#include <Security/cssmtype.h>
#else
#if TARGET_OS_IPHONE
#include <Security/SecDH.h>
#include <Security/SecKeyInternal.h>
#else
#include "../sec/Security/SecDH.h"  // hack to get SecDH.
// typedef struct OpaqueSecDHContext *SecDHContext;
#endif
#include <corecrypto/ccec.h>
#endif

#include <CoreFoundation/CFRuntime.h>
#include <AssertMacros.h>

#include "sslPriv.h"
#include "sslRecord.h"
#include "cipherSpecs.h"

#include <dispatch/dispatch.h>

#ifdef __cplusplus
extern "C" {
#endif

typedef struct
{   SSLReadFunc         read;
    SSLWriteFunc        write;
    SSLConnectionRef   	ioRef;
} IOContext;

//FIXME should not need this.
typedef enum
{
    SSL_HdskStateUninit = 0,			/* No Handshake yet */
    SSL_HdskStatePending,               /* Handshake in Progress */
    SSL_HdskStateReady,                 /* Handshake is done */
    SSL_HdskStateGracefulClose,
    SSL_HdskStateErrorClose,
    SSL_HdskStateNoNotifyClose,			/* server disconnected with no
                                         *   notify msg */
} SSLHandshakeState;

#define SSLChangeHdskState(ctx, newState) { ctx->state=newState; }

struct SSLContext
{
	CFRuntimeBase		_base;
    IOContext           ioCtx;


    const struct SSLRecordFuncs *recFuncs;
    SSLRecordContextRef recCtx;

    tls_handshake_t hdsk;

    int readCipher_ready;
    int writeCipher_ready;

    SSLHandshakeState   state;

	/* 
	 * Prior to successful protocol negotiation, negProtocolVersion
	 * is SSL_Version_Undetermined. Subsequent to successful
	 * negotiation, negProtocolVersion contains the actual over-the-wire
	 * protocol value.
	 *
	 * The Boolean versionEnable flags are set by
	 * SSLSetProtocolVersionEnabled or SSLSetProtocolVersion and
	 * remain invariant once negotiation has started. If there
	 * were a large number of these and/or we were adding new
	 * protocol versions on a regular basis, we'd probably want
	 * to implement these as a word of flags. For now, in the
	 * real world, this is the most straightforward implementation.
	 */
    tls_protocol_version  negProtocolVersion;	/* negotiated */
    tls_protocol_version  clientReqProtocol;	/* requested by client in hello msg */
    tls_protocol_version  minProtocolVersion;
    tls_protocol_version  maxProtocolVersion;
    Boolean             isDTLS;             /* if this is a Datagram Context */
    SSLProtocolSide     protocolSide;		/* ConnectionEnd enum { server, client } in rfc5246. */

    SSLBuffer           dtlsCookie;         /* DTLS ClientHello cookie */


    uint16_t            selectedCipher;		/* currently selected */


    tls_private_key_t   signingPrivKeyRef;  /* our private key */


    /* Server DH Parameters */
    SSLBuffer			dhParamsEncoded;	/* PKCS3 encoded blob - prime + generator */

    /*
	 * Local and Peer cert chains.
	 * For both, the root is the last in the chain.
  	 */
    SSLCertificate      *localCert;
    CFArrayRef          peerCert;

	/*
	 * The arrays we are given via SSLSetCertificate() and SSLSetEncryptionCertificate().
	 * We keep them here, refcounted, solely for the associated getter.
	 */
    CFArrayRef			localCertArray;
    CFArrayRef			encryptCertArray;

	/* peer certs as SecTrustRef */
	SecTrustRef			peerSecTrust;

    CFMutableArrayRef   trustedCerts;
    Boolean             trustedCertsOnly;

    /*
     * trusted leaf certs as specified in SSLSetTrustedLeafCertificates()
     */
    CFArrayRef			trustedLeafCerts;

	Boolean					allowExpiredCerts;
	Boolean					allowExpiredRoots;
	Boolean					enableCertVerify;

    SSLBuffer		    sessionID;
    SSLBuffer			peerID;
    SSLBuffer			resumableSession;       /* We keep a copy for now - but eventually this should go away if we get refcounted SSLBuffers */


    uint16_t            *ecdhCurves;
    unsigned            ecdhNumCurves;

	/* server-side only */
    SSLAuthenticate		clientAuth;				/* kNeverAuthenticate, etc. */
    //Boolean				tryClientAuth;

	/* client and server */
	SSLClientCertificateState	clientCertState;

    DNListElem          *acceptableDNList;		/* client and server */
	CFMutableArrayRef	acceptableCAs;			/* server only - SecCertificateRefs */

    bool                certRequested;
    bool                certSent;
    bool                certReceived;
    bool                x509Requested;

    unsigned            sessionMatch;


	/* Transport layer fields */
    SSLBuffer			receivedDataBuffer;
    size_t              receivedDataPos;

	Boolean				allowAnyRoot;		// don't require known roots
	Boolean				sentFatalAlert;		// this session terminated by fatal alert
	Boolean				rsaBlindingEnable;
	Boolean				oneByteRecordEnable;    /* enable 1/n-1 data splitting for TLSv1 and SSLv3 */

	/* optional session cache timeout (in seconds) override - 0 means default */
	uint32_t 			sessionCacheTimeout;

	/* optional SessionTicket */
	SSLBuffer			sessionTicket;

	/* optional callback to obtain master secret, with its opaque arg */
	SSLInternalMasterSecretFunction	masterSecretCallback;
	const void 			*masterSecretArg;

	#if 	SSL_PAC_SERVER_ENABLE
	/* server PAC resume sets serverRandom early to allow for secret acquisition */
	uint8_t				serverRandomValid;
	#endif

	Boolean				anonCipherEnable;

	/* optional switches to enable additional returns from SSLHandshake */
    Boolean             breakOnServerAuth;
    Boolean             breakOnCertRequest;
    Boolean             breakOnClientAuth;
    Boolean             signalServerAuth;
    Boolean             signalCertRequest;
    Boolean             signalClientAuth;
    Boolean             breakOnClientHello;

    /* List of peer-specified supported_signature_algorithms */
	unsigned					 numPeerSigAlgs;
	const tls_signature_and_hash_algorithm *peerSigAlgs;

	/* List of server-specified client auth types */
	unsigned					numAuthTypes;
	const tls_client_auth_type *clientAuthTypes;

	/* client auth type actually negotiated */
	tls_client_auth_type	negAuthType;

    /* Timeout for DTLS retransmit */
    CFAbsoluteTime      timeout_deadline;
    CFAbsoluteTime      timeout_duration;
    size_t              mtu;

    /* RFC 5746: Secure renegotiation */
    Boolean             secure_renegotiation;
    Boolean             secure_renegotiation_received;
    SSLBuffer           ownVerifyData;
    SSLBuffer           peerVerifyData;

    /* RFC 4279: TLS PSK */
    SSLBuffer           pskSharedSecret;
    SSLBuffer           pskIdentity;

    /* TLS False Start */
    Boolean             falseStartEnabled; //FalseStart enabled (by API call)
    /* Fallback behavior */
    Boolean             fallbackEnabled; // Fallback behavior enabled.
    /* NPN */
    SSLNPNFunc      npnFunc;
    void            *npnFuncInfo;

    /* ALPN */
    SSLALPNFunc     alpnFunc;
    void            *alpnFuncInfo;

    /* Enable DHE or not */
    bool            dheEnabled;

    /* For early failure reporting */
    bool    serverHelloReceived;
};

OSStatus SSLUpdateNegotiatedClientAuthType(SSLContextRef ctx);

Boolean sslIsSessionActive(const SSLContext *ctx);

static inline bool sslVersionIsLikeTls12(SSLContext *ctx)
{
    check(ctx->negProtocolVersion!=SSL_Version_Undetermined);
    return ctx->isDTLS ? ctx->negProtocolVersion > DTLS_Version_1_0 : ctx->negProtocolVersion >= TLS_Version_1_2;
}

/* This is implemented in tls_callbacks.c */
    int sslGetSessionID(SSLContext *myCtx, SSLBuffer *sessionID);

#ifdef __cplusplus
}
#endif

#endif /* _SSLCONTEXT_H_ */
Commit	Line	Data
d8f41ccd A	1	/*
	2	* Copyright (c) 1999-2001,2005-2014 Apple Inc. All Rights Reserved.
	3	*
	4	* @APPLE_LICENSE_HEADER_START@
	5	*
	6	* This file contains Original Code and/or Modifications of Original Code
	7	* as defined in and that are subject to the Apple Public Source License
	8	* Version 2.0 (the 'License'). You may not use this file except in
	9	* compliance with the License. Please obtain a copy of the License at
	10	* http://www.opensource.apple.com/apsl/ and read it before using this
	11	* file.
	12	*
	13	* The Original Code and all software distributed under the License are
	14	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	15	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	16	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
	17	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
	18	* Please see the License for the specific language governing rights and
	19	* limitations under the License.
	20	*
	21	* @APPLE_LICENSE_HEADER_END@
	22	*/
	23
	24	/*
	25	* sslContext.h - Private SSL typedefs: SSLContext and its components
	26	*/
	27
	28	#ifndef _SSLCONTEXT_H_
	29	#define _SSLCONTEXT_H_ 1
	30
	31	#include "SecureTransport.h"
	32	#include "sslBuildFlags.h"
	33
	34	#include <tls_handshake.h>
	35	#include <tls_record.h>
	36	#include <tls_stream_parser.h>
	37
	38	#ifdef USE_CDSA_CRYPTO
	39	#include <Security/cssmtype.h>
	40	#else
	41	#if TARGET_OS_IPHONE
	42	#include <Security/SecDH.h>
	43	#include <Security/SecKeyInternal.h>
	44	#else
	45	#include "../sec/Security/SecDH.h" // hack to get SecDH.
	46	// typedef struct OpaqueSecDHContext *SecDHContext;
	47	#endif
	48	#include <corecrypto/ccec.h>
	49	#endif
	50
	51	#include <CoreFoundation/CFRuntime.h>
	52	#include <AssertMacros.h>
	53
	54	#include "sslPriv.h"
d8f41ccd A	55	#include "sslRecord.h"
	56	#include "cipherSpecs.h"
	57
	58	#include <dispatch/dispatch.h>
	59
	60	#ifdef __cplusplus
	61	extern "C" {
	62	#endif
	63
	64	typedef struct
	65	{ SSLReadFunc read;
	66	SSLWriteFunc write;
	67	SSLConnectionRef ioRef;
	68	} IOContext;
	69
	70	//FIXME should not need this.
	71	typedef enum
	72	{
	73	SSL_HdskStateUninit = 0, /* No Handshake yet */
	74	SSL_HdskStatePending, /* Handshake in Progress */
	75	SSL_HdskStateReady, /* Handshake is done */
	76	SSL_HdskStateGracefulClose,
	77	SSL_HdskStateErrorClose,
	78	SSL_HdskStateNoNotifyClose, /* server disconnected with no
	79	* notify msg */
	80	} SSLHandshakeState;
	81
	82	#define SSLChangeHdskState(ctx, newState) { ctx->state=newState; }
	83
	84	struct SSLContext
	85	{
	86	CFRuntimeBase _base;
	87	IOContext ioCtx;
	88
	89
	90	const struct SSLRecordFuncs *recFuncs;
	91	SSLRecordContextRef recCtx;
	92
	93	tls_handshake_t hdsk;
	94
	95	int readCipher_ready;
	96	int writeCipher_ready;
	97
	98	SSLHandshakeState state;
	99
	100	/*
	101	* Prior to successful protocol negotiation, negProtocolVersion
	102	* is SSL_Version_Undetermined. Subsequent to successful
	103	* negotiation, negProtocolVersion contains the actual over-the-wire
	104	* protocol value.
	105	*
	106	* The Boolean versionEnable flags are set by
	107	* SSLSetProtocolVersionEnabled or SSLSetProtocolVersion and
	108	* remain invariant once negotiation has started. If there
	109	* were a large number of these and/or we were adding new
	110	* protocol versions on a regular basis, we'd probably want
	111	* to implement these as a word of flags. For now, in the
	112	* real world, this is the most straightforward implementation.
	113	*/
5c19dc3a A	114	tls_protocol_version negProtocolVersion; /* negotiated */
	115	tls_protocol_version clientReqProtocol; /* requested by client in hello msg */
	116	tls_protocol_version minProtocolVersion;
	117	tls_protocol_version maxProtocolVersion;
d8f41ccd A	118	Boolean isDTLS; /* if this is a Datagram Context */
	119	SSLProtocolSide protocolSide; /* ConnectionEnd enum { server, client } in rfc5246. */
	120
	121	SSLBuffer dtlsCookie; /* DTLS ClientHello cookie */
	122
	123
5c19dc3a	124	uint16_t selectedCipher; /* currently selected */
d8f41ccd A	125
d8f41ccd A	126
5c19dc3a	127	tls_private_key_t signingPrivKeyRef; /* our private key */
d8f41ccd A	128
	129
	130	/* Server DH Parameters */
	131	SSLBuffer dhParamsEncoded; /* PKCS3 encoded blob - prime + generator */
	132
	133	/*
5c19dc3a A	134	* Local and Peer cert chains.
5c19dc3a A	135	* For both, the root is the last in the chain.
d8f41ccd	136	*/
5c19dc3a	137	SSLCertificate *localCert;
d8f41ccd A	138	CFArrayRef peerCert;
	139
	140	/*
	141	* The arrays we are given via SSLSetCertificate() and SSLSetEncryptionCertificate().
5c19dc3a	142	* We keep them here, refcounted, solely for the associated getter.
d8f41ccd	143	*/
5c19dc3a A	144	CFArrayRef localCertArray;
5c19dc3a A	145	CFArrayRef encryptCertArray;
d8f41ccd A	146
	147	/* peer certs as SecTrustRef */
	148	SecTrustRef peerSecTrust;
	149
	150	CFMutableArrayRef trustedCerts;
	151	Boolean trustedCertsOnly;
	152
	153	/*
	154	* trusted leaf certs as specified in SSLSetTrustedLeafCertificates()
	155	*/
	156	CFArrayRef trustedLeafCerts;
	157
	158	Boolean allowExpiredCerts;
	159	Boolean allowExpiredRoots;
	160	Boolean enableCertVerify;
	161
	162	SSLBuffer sessionID;
	163	SSLBuffer peerID;
	164	SSLBuffer resumableSession; /* We keep a copy for now - but eventually this should go away if we get refcounted SSLBuffers */
	165
d8f41ccd A	166
	167
	168	uint16_t *ecdhCurves;
	169	unsigned ecdhNumCurves;
	170
	171	/* server-side only */
	172	SSLAuthenticate clientAuth; /* kNeverAuthenticate, etc. */
	173	//Boolean tryClientAuth;
	174
	175	/* client and server */
	176	SSLClientCertificateState clientCertState;
	177
	178	DNListElem acceptableDNList; / client and server */
	179	CFMutableArrayRef acceptableCAs; /* server only - SecCertificateRefs */
	180
	181	bool certRequested;
	182	bool certSent;
	183	bool certReceived;
	184	bool x509Requested;
	185
	186	unsigned sessionMatch;
	187
	188
	189	/* Transport layer fields */
	190	SSLBuffer receivedDataBuffer;
	191	size_t receivedDataPos;
	192
	193	Boolean allowAnyRoot; // don't require known roots
	194	Boolean sentFatalAlert; // this session terminated by fatal alert
	195	Boolean rsaBlindingEnable;
	196	Boolean oneByteRecordEnable; /* enable 1/n-1 data splitting for TLSv1 and SSLv3 */
	197
	198	/* optional session cache timeout (in seconds) override - 0 means default */
	199	uint32_t sessionCacheTimeout;
	200
	201	/* optional SessionTicket */
	202	SSLBuffer sessionTicket;
	203
	204	/* optional callback to obtain master secret, with its opaque arg */
	205	SSLInternalMasterSecretFunction masterSecretCallback;
	206	const void *masterSecretArg;
	207
	208	#if SSL_PAC_SERVER_ENABLE
	209	/* server PAC resume sets serverRandom early to allow for secret acquisition */
	210	uint8_t serverRandomValid;
	211	#endif
	212
	213	Boolean anonCipherEnable;
	214
	215	/* optional switches to enable additional returns from SSLHandshake */
	216	Boolean breakOnServerAuth;
	217	Boolean breakOnCertRequest;
	218	Boolean breakOnClientAuth;
	219	Boolean signalServerAuth;
	220	Boolean signalCertRequest;
	221	Boolean signalClientAuth;
5c19dc3a	222	Boolean breakOnClientHello;
d8f41ccd A	223
	224	/* List of peer-specified supported_signature_algorithms */
	225	unsigned numPeerSigAlgs;
	226	const tls_signature_and_hash_algorithm *peerSigAlgs;
	227
	228	/* List of server-specified client auth types */
	229	unsigned numAuthTypes;
	230	const tls_client_auth_type *clientAuthTypes;
	231
	232	/* client auth type actually negotiated */
	233	tls_client_auth_type negAuthType;
	234
	235	/* Timeout for DTLS retransmit */
	236	CFAbsoluteTime timeout_deadline;
	237	CFAbsoluteTime timeout_duration;
	238	size_t mtu;
	239
	240	/* RFC 5746: Secure renegotiation */
	241	Boolean secure_renegotiation;
	242	Boolean secure_renegotiation_received;
	243	SSLBuffer ownVerifyData;
	244	SSLBuffer peerVerifyData;
	245
	246	/* RFC 4279: TLS PSK */
	247	SSLBuffer pskSharedSecret;
	248	SSLBuffer pskIdentity;
	249
	250	/* TLS False Start */
	251	Boolean falseStartEnabled; //FalseStart enabled (by API call)
	252	/* Fallback behavior */
	253	Boolean fallbackEnabled; // Fallback behavior enabled.
	254	/* NPN */
	255	SSLNPNFunc npnFunc;
	256	void *npnFuncInfo;
5c19dc3a A	257
	258	/* ALPN */
	259	SSLALPNFunc alpnFunc;
	260	void *alpnFuncInfo;
	261
	262	/* Enable DHE or not */
	263	bool dheEnabled;
	264
	265	/* For early failure reporting */
	266	bool serverHelloReceived;
d8f41ccd A	267	};
	268
	269	OSStatus SSLUpdateNegotiatedClientAuthType(SSLContextRef ctx);
	270
	271	Boolean sslIsSessionActive(const SSLContext *ctx);
	272
	273	static inline bool sslVersionIsLikeTls12(SSLContext *ctx)
	274	{
	275	check(ctx->negProtocolVersion!=SSL_Version_Undetermined);
	276	return ctx->isDTLS ? ctx->negProtocolVersion > DTLS_Version_1_0 : ctx->negProtocolVersion >= TLS_Version_1_2;
	277	}
	278
	279	/* This is implemented in tls_callbacks.c */
	280	int sslGetSessionID(SSLContext myCtx, SSLBuffer sessionID);
	281
	282	#ifdef __cplusplus
	283	}
	284	#endif
	285
	286	#endif /* _SSLCONTEXT_H_ */