]> git.saurik.com Git - apple/security.git/blob - libsecurity_ssl/lib/sslContext.h
Security-55179.1.tar.gz
[apple/security.git] / libsecurity_ssl / lib / sslContext.h
1 /*
2 * Copyright (c) 1999-2001,2005-2012 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 /*
25 * sslContext.h - Private SSL typedefs: SSLContext and its components
26 */
27
28 #ifndef _SSLCONTEXT_H_
29 #define _SSLCONTEXT_H_ 1
30
31 #include "ssl.h"
32 #include "SecureTransport.h"
33 #include "sslBuildFlags.h"
34
35 #ifdef USE_CDSA_CRYPTO
36 #include <Security/cssmtype.h>
37 #else
38 #if TARGET_OS_IOS
39 #include <Security/SecDH.h>
40 #include <Security/SecKeyInternal.h>
41 #else
42 typedef struct OpaqueSecDHContext *SecDHContext;
43 #endif
44 #include <corecrypto/ccec.h>
45 #endif
46
47 #include <CommonCrypto/CommonCryptor.h>
48 #include <CoreFoundation/CFRuntime.h>
49
50 #include "sslPriv.h"
51 #include "tls_ssl.h"
52 #include "sslDigests.h"
53
54
55 #ifdef __cplusplus
56 extern "C" {
57 #endif
58
59 typedef struct
60 { SSLReadFunc read;
61 SSLWriteFunc write;
62 SSLConnectionRef ioRef;
63 } IOContext;
64
65
66 #ifdef USE_SSLCERTIFICATE
67 /*
68 * An element in a certificate chain.
69 */
70 typedef struct SSLCertificate
71 {
72 struct SSLCertificate *next;
73 SSLBuffer derCert;
74 } SSLCertificate;
75
76 #endif
77
78 #include "cryptType.h"
79
80 /*
81 * An SSLContext contains four of these - one for each of {read,write} and for
82 * {current, pending}.
83 */
84 struct CipherContext
85 {
86
87 const HashHmacReference *macRef; /* HMAC (TLS) or digest (SSL) */
88 const SSLSymmetricCipher *symCipher;
89
90 /* this is a context which is reused once per record */
91 HashHmacContext macCtx;
92
93 /*
94 * Crypto context for CommonCrypto-based symmetric ciphers
95 */
96 CCCryptorRef cryptorRef;
97
98 /* needed in CDSASymmInit */
99 uint8_t encrypting;
100
101 sslUint64 sequenceNum;
102 uint8_t ready;
103
104 /* in SSL2 mode, the macSecret is the same size as the
105 * cipher key - which is 24 bytes in the 3DES case. */
106 uint8_t macSecret[SSL_MAX_DIGEST_LEN];
107 };
108 /* typedef in cryptType.h */
109
110 #include "sslHandshake.h"
111
112 typedef struct WaitingRecord
113 { struct WaitingRecord *next;
114 size_t sent;
115 /*
116 * These two fields replace a dynamically allocated SSLBuffer;
117 * the payload to write is contained in the variable-length
118 * array data[].
119 */
120 size_t length;
121 UInt8 data[1];
122 } WaitingRecord;
123
124 typedef struct WaitingMessage
125 {
126 struct WaitingMessage *next;
127 SSLRecord rec;
128 } WaitingMessage;
129
130 typedef struct DNListElem
131 { struct DNListElem *next;
132 SSLBuffer derDN;
133 } DNListElem;
134
135 #ifdef USE_CDSA_CRYPTO
136
137 /* Public part of asymmetric key. */
138 typedef struct SSLPubKey
139 {
140 CSSM_KEY key;
141 CSSM_CSP_HANDLE csp; /* may not be needed, we figure this
142 * one out by trial&error, right? */
143 } SSLPubKey;
144
145 /* Private part of asymmetric key. */
146 typedef struct SSLPrivKey
147 {
148 SecKeyRef key;
149
150 } SSLPrivKey;
151
152 #else /* !USE_CDSA_CRYPTO */
153
154 #if TARGET_OS_IOS
155 typedef struct __SecKey SSLPubKey;
156 typedef struct __SecKey SSLPrivKey;
157 #else
158 typedef struct OpaqueSecKeyRef SSLPubKey;
159 typedef struct OpaqueSecKeyRef SSLPrivKey;
160 #endif
161 /*
162 * Convert SSLPrivKey/SSLPubKey types to a platform SecKeyRef
163 * (currently a no-op)
164 */
165 #define SECKEYREF(sslkey) (sslkey)
166
167 #endif
168
169 struct SSLContext
170 {
171 CFRuntimeBase _base;
172 IOContext ioCtx;
173
174 /*
175 * Prior to successful protocol negotiation, negProtocolVersion
176 * is SSL_Version_Undetermined. Subsequent to successful
177 * negotiation, negProtocolVersion contains the actual over-the-wire
178 * protocol value.
179 *
180 * The Boolean versionEnable flags are set by
181 * SSLSetProtocolVersionEnabled or SSLSetProtocolVersion and
182 * remain invariant once negotiation has started. If there
183 * were a large number of these and/or we were adding new
184 * protocol versions on a regular basis, we'd probably want
185 * to implement these as a word of flags. For now, in the
186 * real world, this is the most straightforward implementation.
187 */
188 SSLProtocolVersion negProtocolVersion; /* negotiated */
189 SSLProtocolVersion clientReqProtocol; /* requested by client in hello msg */
190 SSLProtocolVersion minProtocolVersion;
191 SSLProtocolVersion maxProtocolVersion;
192 Boolean isDTLS; /* if this is a Datagram Context */
193 SSLProtocolSide protocolSide; /* ConnectionEnd enum { server, client } in rfc5246. */
194
195 const struct _SslTlsCallouts *sslTslCalls; /* selects between SSLv3, TLSv1 and TLSv1.2 */
196
197 SSLPrivKey *signingPrivKeyRef; /* our private signing key */
198 SSLPubKey *signingPubKey; /* our public signing key */
199
200 SSLPrivKey *encryptPrivKeyRef; /* our private encrypt key, for
201 * server-initiated key exchange */
202 SSLPubKey *encryptPubKey; /* public version of above */
203
204 SSLPubKey *peerPubKey;
205
206 #ifdef USE_SSLCERTIFICATE
207 /*
208 * Various cert chains.
209 * For all three, the root is the first in the chain.
210 */
211 SSLCertificate *localCert;
212 SSLCertificate *encryptCert;
213 SSLCertificate *peerCert;
214 CSSM_ALGORITHMS ourSignerAlg; /* algorithm of the signer of localCert */
215 #else
216 /*
217 * Various cert chains.
218 * For all three, the root is the last in the chain.
219 */
220 CFArrayRef localCert;
221 CFArrayRef encryptCert;
222 CFArrayRef peerCert;
223 CFIndex ourSignerAlg; /* algorithm of the signer of localCert */
224 #endif /* !USE_SSLCERTIFICATE */
225
226 /*
227 * The arrays we are given via SSLSetCertificate() and SSLSetEncryptionCertificate().
228 * We keep them here, refcounted, solely for the associated getters.
229 */
230 CFArrayRef localCertArray;
231 CFArrayRef encryptCertArray;
232
233 /* peer certs as SecTrustRef */
234 SecTrustRef peerSecTrust;
235
236 #ifdef USE_CDSA_CRYPTO
237
238 /*
239 * trusted root certs as specified in SSLSetTrustedRoots()
240 */
241 CFArrayRef trustedCerts;
242
243 /* for symmetric cipher and RNG */
244 CSSM_CSP_HANDLE cspHand;
245
246 /* session-wide handles for Apple TP, CL */
247 CSSM_TP_HANDLE tpHand;
248 CSSM_CL_HANDLE clHand;
249 #else
250
251 #ifdef USE_SSLCERTIFICATE
252 size_t numTrustedCerts;
253 SSLCertificate *trustedCerts;
254 #else
255 CFMutableArrayRef trustedCerts;
256 Boolean trustedCertsOnly;
257 #endif /* !USE_SSLCERTIFICATE */
258
259 #endif /* !USE_CDSA_CRYPTO */
260
261 /*
262 * trusted leaf certs as specified in SSLSetTrustedLeafCertificates()
263 */
264 CFArrayRef trustedLeafCerts;
265
266 #if APPLE_DH
267 SSLBuffer dhPeerPublic;
268 SSLBuffer dhExchangePublic;
269 SSLBuffer dhParamsEncoded; /* PKCS3 encoded blob - prime + generator */
270 #ifdef USE_CDSA_CRYPTO
271 CSSM_KEY_PTR dhPrivate;
272 #else
273 SecDHContext secDHContext;
274 #endif /* !USE_CDSA_CRYPTO */
275 #endif /* APPLE_DH */
276
277 /*
278 * ECDH support
279 *
280 * ecdhCurves[] is the set of currently configured curves; the number
281 * of valid curves is ecdhNumCurves.
282 */
283 SSL_ECDSA_NamedCurve ecdhCurves[SSL_ECDSA_NUM_CURVES];
284 unsigned ecdhNumCurves;
285
286 SSLBuffer ecdhPeerPublic; /* peer's public ECDH key as ECPoint */
287 SSL_ECDSA_NamedCurve ecdhPeerCurve; /* named curve associated with ecdhPeerPublic or
288 * peerPubKey */
289 SSLBuffer ecdhExchangePublic; /* Our public key as ECPoint */
290 #ifdef USE_CDSA_CRYPTO
291 CSSM_KEY_PTR ecdhPrivate; /* our private key */
292 CSSM_CSP_HANDLE ecdhPrivCspHand;
293 #else
294 ccec_full_ctx_decl(ccn_sizeof(521), ecdhContext); // Big enough to hold a 521 bit ecdh key pair.
295 #endif /* !USE_CDSA_CRYPTO */
296
297 Boolean allowExpiredCerts;
298 Boolean allowExpiredRoots;
299 Boolean enableCertVerify;
300
301 SSLBuffer dtlsCookie; /* DTLS ClientHello cookie */
302 Boolean cookieVerified; /* Mark if cookie was verified */
303 uint16_t hdskMessageSeq; /* Handshake Seq Num to be sent */
304 uint32_t hdskMessageRetryCount; /* retry cont for a given flight of messages */
305 uint16_t hdskMessageSeqNext; /* Handshake Seq Num to be received */
306 SSLHandshakeMsg hdskMessageCurrent; /* Current Handshake Message */
307 uint16_t hdskMessageCurrentOfs; /* Offset in current Handshake Message */
308
309 SSLBuffer sessionID;
310
311 SSLBuffer peerID;
312 SSLBuffer resumableSession;
313
314 char *peerDomainName;
315 size_t peerDomainNameLen;
316
317 CipherContext readCipher;
318 CipherContext writeCipher;
319 CipherContext readPending;
320 CipherContext writePending;
321 CipherContext prevCipher; /* previous write cipher context, used for retransmit */
322
323 uint16_t selectedCipher; /* currently selected */
324 SSLCipherSpec selectedCipherSpec; /* ditto */
325 SSLCipherSuite *validCipherSuites; /* context's valid suites */
326 size_t numValidCipherSuites; /* size of validCipherSuites */
327 #if ENABLE_SSLV2
328 unsigned numValidNonSSLv2Suites; /* number of entries in validCipherSpecs that
329 * are *not* SSLv2 only */
330 #endif
331 SSLHandshakeState state;
332
333 /* server-side only */
334 SSLAuthenticate clientAuth; /* kNeverAuthenticate, etc. */
335 Boolean tryClientAuth;
336
337 /* client and server */
338 SSLClientCertificateState clientCertState;
339
340 DNListElem *acceptableDNList; /* client and server */
341 CFMutableArrayRef acceptableCAs; /* server only - SecCertificateRefs */
342
343 bool certRequested;
344 bool certSent;
345 bool certReceived;
346 bool x509Requested;
347
348 uint8_t clientRandom[SSL_CLIENT_SRVR_RAND_SIZE];
349 uint8_t serverRandom[SSL_CLIENT_SRVR_RAND_SIZE];
350 SSLBuffer preMasterSecret;
351 uint8_t masterSecret[SSL_MASTER_SECRET_SIZE];
352
353 /* running digests of all handshake messages */
354 SSLBuffer shaState, md5State, sha256State, sha512State;
355
356 SSLBuffer fragmentedMessageCache;
357
358 unsigned ssl2ChallengeLength;
359 unsigned ssl2ConnectionIDLength;
360 unsigned sessionMatch;
361
362 /* Queue a full flight of messages */
363 WaitingMessage *messageWriteQueue;
364 Boolean messageQueueContainsChangeCipherSpec;
365 /* Record layer fields */
366 SSLBuffer partialReadBuffer;
367 size_t amountRead;
368
369 /* Transport layer fields */
370 WaitingRecord *recordWriteQueue;
371 SSLBuffer receivedDataBuffer;
372 size_t receivedDataPos;
373
374 Boolean allowAnyRoot; // don't require known roots
375 Boolean sentFatalAlert; // this session terminated by fatal alert
376 Boolean rsaBlindingEnable;
377 Boolean oneByteRecordEnable; /* enable 1/n-1 data splitting for TLSv1 and SSLv3 */
378 Boolean wroteAppData; /* at least one write completed with current writeCipher */
379
380 /* optional session cache timeout (in seconds) override - 0 means default */
381 uint32_t sessionCacheTimeout;
382
383 /* optional SessionTicket */
384 SSLBuffer sessionTicket;
385
386 /* optional callback to obtain master secret, with its opaque arg */
387 SSLInternalMasterSecretFunction masterSecretCallback;
388 const void *masterSecretArg;
389
390 #if SSL_PAC_SERVER_ENABLE
391 /* server PAC resume sets serverRandom early to allow for secret acquisition */
392 uint8_t serverRandomValid;
393 #endif
394
395 Boolean anonCipherEnable;
396
397 /* optional switches to enable additional returns from SSLHandshake */
398 Boolean breakOnServerAuth;
399 Boolean breakOnCertRequest;
400 Boolean breakOnClientAuth;
401 Boolean signalServerAuth;
402 Boolean signalCertRequest;
403 Boolean signalClientAuth;
404
405 /* true iff ECDSA/ECDH ciphers are configured */
406 Boolean ecdsaEnable;
407
408 /* List of server-specified client auth types */
409 unsigned numAuthTypes;
410 SSLClientAuthenticationType *clientAuthTypes;
411
412 /* client auth type actually negotiated */
413 SSLClientAuthenticationType negAuthType;
414
415 /* List of client-specified supported_signature_algorithms (for key exchange) */
416 unsigned numClientSigAlgs;
417 SSLSignatureAndHashAlgorithm *clientSigAlgs;
418 /* List of server-specified supported_signature_algorithms (for client cert) */
419 unsigned numServerSigAlgs;
420 SSLSignatureAndHashAlgorithm *serverSigAlgs;
421
422
423 /* Timeout for DTLS retransmit */
424 CFAbsoluteTime timeout_deadline;
425 CFAbsoluteTime timeout_duration;
426 size_t mtu;
427
428 /* RFC 5746: Secure renegotiation */
429 Boolean secure_renegotiation;
430 Boolean secure_renegotiation_received;
431 SSLBuffer ownVerifyData;
432 SSLBuffer peerVerifyData;
433 };
434
435 OSStatus SSLUpdateNegotiatedClientAuthType(SSLContextRef ctx);
436
437 #ifdef __cplusplus
438 }
439 #endif
440
441 #endif /* _SSLCONTEXT_H_ */