]> git.saurik.com Git - apple/security.git/blob - libsecurity_ssl/lib/sslHandshake.h
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-55471.14.tar.gz
[apple/security.git] / libsecurity_ssl / lib / sslHandshake.h
1 /*
2 * Copyright (c) 2000-2001,2005-2007,2010-2012 Apple Inc. All Rights Reserved.
3 *
4 * The contents of this file constitute Original Code as defined in and are
5 * subject to the Apple Public Source License Version 1.2 (the 'License').
6 * You may not use this file except in compliance with the License. Please obtain
7 * a copy of the License at http://www.apple.com/publicsource and read it before
8 * using this file.
9 *
10 * This Original Code and all software distributed under the License are
11 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
12 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
13 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
14 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
15 * specific language governing rights and limitations under the License.
16 */
17
18 /*
19 * sslHandshake.h - SSL Handshake Layer
20 */
21
22 #ifndef _SSLHANDSHAKE_H_
23 #define _SSLHANDSHAKE_H_
24
25 #include "sslRecord.h"
26
27 #ifdef __cplusplus
28 extern "C" {
29 #endif
30
31 typedef enum
32 { SSL_HdskHelloRequest = 0,
33 SSL_HdskClientHello = 1,
34 SSL_HdskServerHello = 2,
35 #if ENABLE_DTLS
36 SSL_HdskHelloVerifyRequest = 3,
37 #endif /* ENABLE_DTLS */
38 SSL_HdskCert = 11,
39 SSL_HdskServerKeyExchange = 12,
40 SSL_HdskCertRequest = 13,
41 SSL_HdskServerHelloDone = 14,
42 SSL_HdskCertVerify = 15,
43 SSL_HdskClientKeyExchange = 16,
44 SSL_HdskFinished = 20
45 } SSLHandshakeType;
46
47 /* Hello Extensions per RFC 3546 */
48 typedef enum
49 {
50 SSL_HE_ServerName = 0,
51 SSL_HE_MaxFragmentLength = 1,
52 SSL_HE_ClientCertificateURL = 2,
53 SSL_HE_TrustedCAKeys = 3,
54 SSL_HE_TruncatedHMAC = 4,
55 SSL_HE_StatusReguest = 5,
56
57 /* ECDSA, RFC 4492 */
58 SSL_HE_EllipticCurves = 10,
59 SSL_HE_EC_PointFormats = 11,
60
61 /* TLS 1.2 */
62 SSL_HE_SignatureAlgorithms = 13,
63
64 /* RFC 5746 */
65 SSL_HE_SecureRenegotation = 0xff01,
66
67 /*
68 * This one is suggested but not formally defined in
69 * I.D.salowey-tls-ticket-07
70 */
71 SSL_HE_SessionTicket = 35
72 } SSLHelloExtensionType;
73
74 /* SSL_HE_ServerName NameType values */
75 typedef enum
76 {
77 SSL_NT_HostName = 0
78 } SSLServerNameType;
79
80 /*
81 * The number of curves we support
82 */
83 #define SSL_ECDSA_NUM_CURVES 3
84
85 /* SSL_HE_EC_PointFormats - point formats */
86 typedef enum
87 {
88 SSL_PointFormatUncompressed = 0,
89 SSL_PointFormatCompressedPrime = 1,
90 SSL_PointFormatCompressedChar2 = 2,
91 } SSL_ECDSA_PointFormats;
92
93 /* CurveTypes in a Server Key Exchange msg */
94 typedef enum
95 {
96 SSL_CurveTypeExplicitPrime = 1,
97 SSL_CurveTypeExplicitChar2 = 2,
98 SSL_CurveTypeNamed = 3 /* the only one we support */
99 } SSL_ECDSA_CurveTypes;
100
101 typedef enum
102 { SSL_read,
103 SSL_write
104 } CipherSide;
105
106 typedef enum
107 {
108 SSL_HdskStateUninit = 0, /* only valid within SSLContextAlloc */
109 SSL_HdskStateServerUninit, /* no handshake yet */
110 SSL_HdskStateClientUninit, /* no handshake yet */
111 SSL_HdskStateGracefulClose,
112 SSL_HdskStateErrorClose,
113 SSL_HdskStateNoNotifyClose, /* server disconnected with no
114 * notify msg */
115 /* remainder must be consecutive */
116 SSL_HdskStateServerHello, /* must get server hello; client hello sent */
117 SSL_HdskStateKeyExchange, /* must get key exchange; cipher spec
118 * requires it */
119 SSL_HdskStateCert, /* may get certificate or certificate
120 * request (if no cert request received yet) */
121 SSL_HdskStateHelloDone, /* must get server hello done; after key
122 * exchange or fixed DH parameters */
123 SSL_HdskStateClientCert, /* must get certificate or no cert alert
124 * from client */
125 SSL_HdskStateClientKeyExchange, /* must get client key exchange */
126 SSL_HdskStateClientCertVerify, /* must get certificate verify from client */
127 SSL_HdskStateChangeCipherSpec, /* time to change the cipher spec */
128 SSL_HdskStateFinished, /* must get a finished message in the
129 * new cipher spec */
130 SSL_HdskStateServerReady, /* ready for I/O; server side */
131 SSL_HdskStateClientReady /* ready for I/O; client side */
132 } SSLHandshakeState;
133
134 typedef struct
135 { SSLHandshakeType type;
136 SSLBuffer contents;
137 } SSLHandshakeMsg;
138
139
140 uint8_t *SSLEncodeHandshakeHeader(
141 SSLContext *ctx,
142 SSLRecord *rec,
143 SSLHandshakeType type,
144 size_t msglen);
145
146
147 #define SSL_Finished_Sender_Server 0x53525652
148 #define SSL_Finished_Sender_Client 0x434C4E54
149
150 /** sslHandshake.c **/
151 typedef OSStatus (*EncodeMessageFunc)(SSLRecord *rec, SSLContext *ctx);
152 OSStatus SSLProcessHandshakeRecord(SSLRecord rec, SSLContext *ctx);
153 OSStatus SSLPrepareAndQueueMessage(EncodeMessageFunc msgFunc, SSLContext *ctx);
154 OSStatus SSLAdvanceHandshake(SSLHandshakeType processed, SSLContext *ctx);
155 OSStatus SSL3ReceiveSSL2ClientHello(SSLRecord rec, SSLContext *ctx);
156 OSStatus DTLSProcessHandshakeRecord(SSLRecord rec, SSLContext *ctx);
157 OSStatus DTLSRetransmit(SSLContext *ctx);
158 OSStatus SSLResetFlight(SSLContext *ctx);
159 OSStatus SSLSendFlight(SSLContext *ctx);
160
161 OSStatus sslGetMaxProtVersion(SSLContext *ctx, SSLProtocolVersion *version); // RETURNED
162
163 #ifdef NDEBUG
164 #define SSLChangeHdskState(ctx, newState) { ctx->state=newState; }
165 #define SSLLogHdskMsg(msg, sent)
166 #else
167 void SSLChangeHdskState(SSLContext *ctx, SSLHandshakeState newState);
168 void SSLLogHdskMsg(SSLHandshakeType msg, char sent);
169 char *hdskStateToStr(SSLHandshakeState state);
170 #endif
171
172 /** sslChangeCipher.c **/
173 OSStatus SSLEncodeChangeCipherSpec(SSLRecord *rec, SSLContext *ctx);
174 OSStatus SSLProcessChangeCipherSpec(SSLRecord rec, SSLContext *ctx);
175
176 /** sslCert.c **/
177 OSStatus SSLEncodeCertificate(SSLRecord *certificate, SSLContext *ctx);
178 OSStatus SSLProcessCertificate(SSLBuffer message, SSLContext *ctx);
179 OSStatus SSLEncodeCertificateRequest(SSLRecord *request, SSLContext *ctx);
180 OSStatus SSLProcessCertificateRequest(SSLBuffer message, SSLContext *ctx);
181 OSStatus SSLEncodeCertificateVerify(SSLRecord *verify, SSLContext *ctx);
182 OSStatus SSLProcessCertificateVerify(SSLBuffer message, SSLContext *ctx);
183
184 /** sslHandshakeHello.c **/
185 OSStatus SSLEncodeServerHello(SSLRecord *serverHello, SSLContext *ctx);
186 OSStatus SSLProcessServerHello(SSLBuffer message, SSLContext *ctx);
187 OSStatus SSLEncodeClientHello(SSLRecord *clientHello, SSLContext *ctx);
188 OSStatus SSLProcessClientHello(SSLBuffer message, SSLContext *ctx);
189 OSStatus SSLInitMessageHashes(SSLContext *ctx);
190 OSStatus SSLEncodeRandom(unsigned char *p, SSLContext *ctx);
191 #if ENABLE_DTLS
192 OSStatus SSLEncodeServerHelloVerifyRequest(SSLRecord *helloVerifyRequest, SSLContext *ctx);
193 OSStatus SSLProcessServerHelloVerifyRequest(SSLBuffer message, SSLContext *ctx);
194 #endif
195
196 /** sslKeyExchange.c **/
197 OSStatus SSLEncodeServerKeyExchange(SSLRecord *keyExch, SSLContext *ctx);
198 OSStatus SSLProcessServerKeyExchange(SSLBuffer message, SSLContext *ctx);
199 OSStatus SSLEncodeKeyExchange(SSLRecord *keyExchange, SSLContext *ctx);
200 OSStatus SSLProcessKeyExchange(SSLBuffer keyExchange, SSLContext *ctx);
201 OSStatus SSLInitPendingCiphers(SSLContext *ctx);
202
203 /** sslHandshakeFinish.c **/
204 OSStatus SSLEncodeFinishedMessage(SSLRecord *finished, SSLContext *ctx);
205 OSStatus SSLProcessFinished(SSLBuffer message, SSLContext *ctx);
206 OSStatus SSLEncodeServerHelloDone(SSLRecord *helloDone, SSLContext *ctx);
207 OSStatus SSLProcessServerHelloDone(SSLBuffer message, SSLContext *ctx);
208 OSStatus SSLCalculateFinishedMessage(SSLBuffer finished, SSLBuffer shaMsgState, SSLBuffer md5MsgState, UInt32 senderID, SSLContext *ctx);
209
210 #ifdef __cplusplus
211 }
212 #endif
213
214 #endif /* _SSLHANDSHAKE_H_ */
mirror of Security