]> git.saurik.com Git - apple/security.git/blob - libsecurity_ssl/lib/sslContext.h
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-55471.14.tar.gz
[apple/security.git] / libsecurity_ssl / lib / sslContext.h
1 /*
2 * Copyright (c) 1999-2001,2005-2012 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 /*
25 * sslContext.h - Private SSL typedefs: SSLContext and its components
26 */
27
28 #ifndef _SSLCONTEXT_H_
29 #define _SSLCONTEXT_H_ 1
30
31 #include "SecureTransport.h"
32 #include "sslBuildFlags.h"
33
34 #ifdef USE_CDSA_CRYPTO
35 #include <Security/cssmtype.h>
36 #else
37 #if TARGET_OS_IPHONE
38 #include <Security/SecDH.h>
39 #include <Security/SecKeyInternal.h>
40 #else
41 #include "../sec/Security/SecDH.h" // hack to get SecDH.
42 // typedef struct OpaqueSecDHContext *SecDHContext;
43 #endif
44 #include <corecrypto/ccec.h>
45 #endif
46
47 #include <CoreFoundation/CFRuntime.h>
48 #include <AssertMacros.h>
49
50 #include "sslPriv.h"
51 #include "tls_ssl.h"
52 #include "sslDigests.h"
53 #include "sslRecord.h"
54 #include "cipherSpecs.h"
55
56 #ifdef __cplusplus
57 extern "C" {
58 #endif
59
60 typedef struct
61 { SSLReadFunc read;
62 SSLWriteFunc write;
63 SSLConnectionRef ioRef;
64 } IOContext;
65
66
67 #ifdef USE_SSLCERTIFICATE
68
69 /*
70 * An element in a certificate chain.
71 */
72 typedef struct SSLCertificate
73 {
74 struct SSLCertificate *next;
75 SSLBuffer derCert;
76 } SSLCertificate;
77
78 size_t SSLGetCertificateChainLength(
79 const SSLCertificate *c);
80 OSStatus sslDeleteCertificateChain(
81 SSLCertificate *certs,
82 SSLContext *ctx);
83
84 #endif /* USE_SSLCERTIFICATE */
85
86
87 #include "sslHandshake.h"
88
89 typedef struct WaitingMessage
90 {
91 struct WaitingMessage *next;
92 SSLRecord rec;
93 } WaitingMessage;
94
95 typedef struct DNListElem
96 { struct DNListElem *next;
97 SSLBuffer derDN;
98 } DNListElem;
99
100 #ifdef USE_CDSA_CRYPTO
101
102 /* Public part of asymmetric key. */
103 typedef struct SSLPubKey
104 {
105 CSSM_KEY key;
106 CSSM_CSP_HANDLE csp; /* may not be needed, we figure this
107 * one out by trial&error, right? */
108 } SSLPubKey;
109
110 /* Private part of asymmetric key. */
111 typedef struct SSLPrivKey
112 {
113 SecKeyRef key;
114
115 } SSLPrivKey;
116
117 #else /* !USE_CDSA_CRYPTO */
118
119 #if TARGET_OS_IPHONE
120 typedef struct __SecKey SSLPubKey;
121 typedef struct __SecKey SSLPrivKey;
122 #else
123 typedef struct OpaqueSecKeyRef SSLPubKey;
124 typedef struct OpaqueSecKeyRef SSLPrivKey;
125 #endif
126 /*
127 * Convert SSLPrivKey/SSLPubKey types to a platform SecKeyRef
128 * (currently a no-op)
129 */
130 #define SECKEYREF(sslkey) (sslkey)
131
132 #endif
133
134 typedef struct {
135 SSLCipherSuite cipherSpec;
136 KeyExchangeMethod keyExchangeMethod;
137 uint8_t keySize; /* size in bytes */
138 uint8_t ivSize;
139 uint8_t blockSize;
140 uint8_t macSize;
141 HMAC_Algs macAlg;
142 } SSLCipherSpecParams;
143
144 struct SSLContext
145 {
146 CFRuntimeBase _base;
147 IOContext ioCtx;
148
149 const struct SSLRecordFuncs *recFuncs;
150 SSLRecordContextRef recCtx;
151
152 /*
153 * Prior to successful protocol negotiation, negProtocolVersion
154 * is SSL_Version_Undetermined. Subsequent to successful
155 * negotiation, negProtocolVersion contains the actual over-the-wire
156 * protocol value.
157 *
158 * The Boolean versionEnable flags are set by
159 * SSLSetProtocolVersionEnabled or SSLSetProtocolVersion and
160 * remain invariant once negotiation has started. If there
161 * were a large number of these and/or we were adding new
162 * protocol versions on a regular basis, we'd probably want
163 * to implement these as a word of flags. For now, in the
164 * real world, this is the most straightforward implementation.
165 */
166 SSLProtocolVersion negProtocolVersion; /* negotiated */
167 SSLProtocolVersion clientReqProtocol; /* requested by client in hello msg */
168 SSLProtocolVersion minProtocolVersion;
169 SSLProtocolVersion maxProtocolVersion;
170 Boolean isDTLS; /* if this is a Datagram Context */
171 SSLProtocolSide protocolSide; /* ConnectionEnd enum { server, client } in rfc5246. */
172
173 const struct _SslTlsCallouts *sslTslCalls; /* selects between SSLv3, TLSv1 and TLSv1.2 */
174
175 SSLPrivKey *signingPrivKeyRef; /* our private signing key */
176 SSLPubKey *signingPubKey; /* our public signing key */
177
178 SSLPrivKey *encryptPrivKeyRef; /* our private encrypt key, for
179 * server-initiated key exchange */
180 SSLPubKey *encryptPubKey; /* public version of above */
181
182 SSLPubKey *peerPubKey;
183
184 #ifdef USE_SSLCERTIFICATE
185 /*
186 * Various cert chains.
187 * For all three, the root is the first in the chain.
188 */
189 SSLCertificate *localCert;
190 SSLCertificate *encryptCert;
191 SSLCertificate *peerCert;
192 CSSM_ALGORITHMS ourSignerAlg; /* algorithm of the signer of localCert */
193 #else
194 /*
195 * Various cert chains.
196 * For all three, the root is the last in the chain.
197 */
198 CFArrayRef localCert;
199 CFArrayRef encryptCert;
200 CFArrayRef peerCert;
201 CFIndex ourSignerAlg; /* algorithm of the signer of localCert */
202 #endif /* !USE_SSLCERTIFICATE */
203
204 /*
205 * The arrays we are given via SSLSetCertificate() and SSLSetEncryptionCertificate().
206 * We keep them here, refcounted, solely for the associated getters.
207 */
208 CFArrayRef localCertArray;
209 CFArrayRef encryptCertArray;
210
211 /* peer certs as SecTrustRef */
212 SecTrustRef peerSecTrust;
213
214 #ifdef USE_CDSA_CRYPTO
215
216 /*
217 * trusted root certs as specified in SSLSetTrustedRoots()
218 */
219 CFArrayRef trustedCerts;
220
221 /* for symmetric cipher and RNG */
222 CSSM_CSP_HANDLE cspHand;
223
224 /* session-wide handles for Apple TP, CL */
225 CSSM_TP_HANDLE tpHand;
226 CSSM_CL_HANDLE clHand;
227 #else
228
229 #ifdef USE_SSLCERTIFICATE
230 size_t numTrustedCerts;
231 SSLCertificate *trustedCerts;
232 #else
233 CFMutableArrayRef trustedCerts;
234 Boolean trustedCertsOnly;
235 #endif /* !USE_SSLCERTIFICATE */
236
237 #endif /* !USE_CDSA_CRYPTO */
238
239 /*
240 * trusted leaf certs as specified in SSLSetTrustedLeafCertificates()
241 */
242 CFArrayRef trustedLeafCerts;
243
244 #if APPLE_DH
245 SSLBuffer dhPeerPublic;
246 SSLBuffer dhExchangePublic;
247 SSLBuffer dhParamsEncoded; /* PKCS3 encoded blob - prime + generator */
248 #ifdef USE_CDSA_CRYPTO
249 CSSM_KEY_PTR dhPrivate;
250 #else
251 SecDHContext secDHContext;
252 #endif /* !USE_CDSA_CRYPTO */
253 #endif /* APPLE_DH */
254
255 /*
256 * ECDH support
257 *
258 * ecdhCurves[] is the set of currently configured curves; the number
259 * of valid curves is ecdhNumCurves.
260 */
261 SSL_ECDSA_NamedCurve ecdhCurves[SSL_ECDSA_NUM_CURVES];
262 unsigned ecdhNumCurves;
263
264 SSLBuffer ecdhPeerPublic; /* peer's public ECDH key as ECPoint */
265 SSL_ECDSA_NamedCurve ecdhPeerCurve; /* named curve associated with ecdhPeerPublic or
266 * peerPubKey */
267 SSLBuffer ecdhExchangePublic; /* Our public key as ECPoint */
268 #ifdef USE_CDSA_CRYPTO
269 CSSM_KEY_PTR ecdhPrivate; /* our private key */
270 CSSM_CSP_HANDLE ecdhPrivCspHand;
271 #else
272 ccec_full_ctx_decl(ccn_sizeof(521), ecdhContext); // Big enough to hold a 521 bit ecdh key pair.
273 #endif /* !USE_CDSA_CRYPTO */
274
275 Boolean allowExpiredCerts;
276 Boolean allowExpiredRoots;
277 Boolean enableCertVerify;
278
279 SSLBuffer dtlsCookie; /* DTLS ClientHello cookie */
280 Boolean cookieVerified; /* Mark if cookie was verified */
281 uint16_t hdskMessageSeq; /* Handshake Seq Num to be sent */
282 uint32_t hdskMessageRetryCount; /* retry cont for a given flight of messages */
283 uint16_t hdskMessageSeqNext; /* Handshake Seq Num to be received */
284 SSLHandshakeMsg hdskMessageCurrent; /* Current Handshake Message */
285 uint16_t hdskMessageCurrentOfs; /* Offset in current Handshake Message */
286
287 SSLBuffer sessionID;
288
289 SSLBuffer peerID;
290 SSLBuffer resumableSession;
291
292 char *peerDomainName;
293 size_t peerDomainNameLen;
294
295 uint8_t readCipher_ready;
296 uint8_t writeCipher_ready;
297 uint8_t readPending_ready;
298 uint8_t writePending_ready;
299 uint8_t prevCipher_ready; /* previous write cipher context, used for retransmit */
300
301 uint16_t selectedCipher; /* currently selected */
302 SSLCipherSpecParams selectedCipherSpecParams; /* ditto */
303
304 SSLCipherSuite *validCipherSuites; /* context's valid suites */
305 size_t numValidCipherSuites; /* size of validCipherSuites */
306 #if ENABLE_SSLV2
307 unsigned numValidNonSSLv2Suites; /* number of entries in validCipherSpecs that
308 * are *not* SSLv2 only */
309 #endif
310 SSLHandshakeState state;
311
312 /* server-side only */
313 SSLAuthenticate clientAuth; /* kNeverAuthenticate, etc. */
314 Boolean tryClientAuth;
315
316 /* client and server */
317 SSLClientCertificateState clientCertState;
318
319 DNListElem *acceptableDNList; /* client and server */
320 CFMutableArrayRef acceptableCAs; /* server only - SecCertificateRefs */
321
322 bool certRequested;
323 bool certSent;
324 bool certReceived;
325 bool x509Requested;
326
327 uint8_t clientRandom[SSL_CLIENT_SRVR_RAND_SIZE];
328 uint8_t serverRandom[SSL_CLIENT_SRVR_RAND_SIZE];
329 SSLBuffer preMasterSecret;
330 uint8_t masterSecret[SSL_MASTER_SECRET_SIZE];
331
332 /* running digests of all handshake messages */
333 SSLBuffer shaState, md5State, sha256State, sha512State;
334
335 SSLBuffer fragmentedMessageCache;
336
337 unsigned ssl2ChallengeLength;
338 unsigned ssl2ConnectionIDLength;
339 unsigned sessionMatch;
340
341 /* Queue a full flight of messages */
342 WaitingMessage *messageWriteQueue;
343 Boolean messageQueueContainsChangeCipherSpec;
344
345 /* Transport layer fields */
346 SSLBuffer receivedDataBuffer;
347 size_t receivedDataPos;
348
349 Boolean allowAnyRoot; // don't require known roots
350 Boolean sentFatalAlert; // this session terminated by fatal alert
351 Boolean rsaBlindingEnable;
352 Boolean oneByteRecordEnable; /* enable 1/n-1 data splitting for TLSv1 and SSLv3 */
353 Boolean wroteAppData; /* at least one write completed with current writeCipher */
354
355 /* optional session cache timeout (in seconds) override - 0 means default */
356 uint32_t sessionCacheTimeout;
357
358 /* optional SessionTicket */
359 SSLBuffer sessionTicket;
360
361 /* optional callback to obtain master secret, with its opaque arg */
362 SSLInternalMasterSecretFunction masterSecretCallback;
363 const void *masterSecretArg;
364
365 #if SSL_PAC_SERVER_ENABLE
366 /* server PAC resume sets serverRandom early to allow for secret acquisition */
367 uint8_t serverRandomValid;
368 #endif
369
370 Boolean anonCipherEnable;
371
372 /* optional switches to enable additional returns from SSLHandshake */
373 Boolean breakOnServerAuth;
374 Boolean breakOnCertRequest;
375 Boolean breakOnClientAuth;
376 Boolean signalServerAuth;
377 Boolean signalCertRequest;
378 Boolean signalClientAuth;
379
380 /* true iff ECDSA/ECDH ciphers are configured */
381 Boolean ecdsaEnable;
382
383 /* List of server-specified client auth types */
384 unsigned numAuthTypes;
385 SSLClientAuthenticationType *clientAuthTypes;
386
387 /* client auth type actually negotiated */
388 SSLClientAuthenticationType negAuthType;
389
390 /* List of client-specified supported_signature_algorithms (for key exchange) */
391 unsigned numClientSigAlgs;
392 SSLSignatureAndHashAlgorithm *clientSigAlgs;
393 /* List of server-specified supported_signature_algorithms (for client cert) */
394 unsigned numServerSigAlgs;
395 SSLSignatureAndHashAlgorithm *serverSigAlgs;
396
397
398 /* Timeout for DTLS retransmit */
399 CFAbsoluteTime timeout_deadline;
400 CFAbsoluteTime timeout_duration;
401 size_t mtu;
402
403 /* RFC 5746: Secure renegotiation */
404 Boolean secure_renegotiation;
405 Boolean secure_renegotiation_received;
406 SSLBuffer ownVerifyData;
407 SSLBuffer peerVerifyData;
408
409 /* RFC 4279: TLS PSK */
410 SSLBuffer pskSharedSecret;
411 SSLBuffer pskIdentity;
412
413 /* TLS False Start */
414 Boolean falseStartEnabled; //FalseStart enabled (by API call)
415 };
416
417 OSStatus SSLUpdateNegotiatedClientAuthType(SSLContextRef ctx);
418
419 Boolean sslIsSessionActive(const SSLContext *ctx);
420
421 static inline bool sslVersionIsLikeTls12(SSLContext *ctx)
422 {
423 check(ctx->negProtocolVersion!=SSL_Version_Undetermined);
424 return ctx->isDTLS ? ctx->negProtocolVersion > DTLS_Version_1_0 : ctx->negProtocolVersion >= TLS_Version_1_2;
425 }
426
427 #ifdef __cplusplus
428 }
429 #endif
430
431 #endif /* _SSLCONTEXT_H_ */
mirror of Security