libsecurity_ssl/lib/tls_record.h

   1 /*
   2  * Copyright (c) 2002,2005-2007,2010-2011 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24 /*
  25  * tls_record.h - Declarations of record layer callout struct to provide indirect calls to
  26  *     SSLv3 and TLS routines.
  27  */
  28
  29 #ifndef _TLS_RECORD_H_
  30 #define _TLS_RECORD_H_
  31
  32 #ifdef  __cplusplus
  33 extern "C" {
  34 #endif
  35
  36 // #include "sslRecord.h"
  37
  38 #include "sslTypes.h"
  39 #include "cryptType.h"
  40 #include "sslMemory.h"
  41 #include "SSLRecordInternal.h"
  42
  43 struct SSLRecordInternalContext;
  44
  45 /***
  46  *** Each of {TLS, SSLv3} implements each of these functions.
  47  ***/
  48
  49 /* unpack, decrypt, validate one record */
  50 typedef int (*decryptRecordFcn) (
  51         uint8_t type,
  52         SSLBuffer *payload,
  53         struct SSLRecordInternalContext *ctx);
  54
  55 /* pack, encrypt, mac, queue one outgoing record */
  56 typedef int (*writeRecordFcn) (
  57         SSLRecord rec,
  58         struct SSLRecordInternalContext *ctx);
  59
  60 /* initialize a per-CipherContext HashHmacContext for use in MACing each record */
  61 typedef int (*initMacFcn) (
  62     CipherContext *cipherCtx            // macRef, macSecret valid on entry
  63                                                                         // macCtx valid on return
  64 );
  65
  66 /* free per-CipherContext HashHmacContext */
  67 typedef int (*freeMacFcn) (
  68         CipherContext *cipherCtx);
  69
  70 /* compute MAC on one record */
  71 typedef int (*computeMacFcn) (
  72         uint8_t type,
  73         SSLBuffer data,
  74         SSLBuffer mac,                                  // caller mallocs data
  75         CipherContext *cipherCtx,               // assumes macCtx, macRef
  76         sslUint64 seqNo,
  77         struct SSLRecordInternalContext *ctx);
  78
  79
  80 typedef struct _SslRecordCallouts {
  81         decryptRecordFcn                        decryptRecord;
  82         writeRecordFcn                          writeRecord;
  83         initMacFcn                                      initMac;
  84         freeMacFcn                                      freeMac;
  85         computeMacFcn                           computeMac;
  86 } SslRecordCallouts;
  87
  88
  89 /* From ssl3RecordCallouts.c and tls1RecordCallouts.c */
  90 extern const SslRecordCallouts  Ssl3RecordCallouts;
  91 extern const SslRecordCallouts  Tls1RecordCallouts;
  92
  93 /* one callout routine used in common (for now) */
  94 int ssl3WriteRecord(
  95         SSLRecord rec,
  96         struct SSLRecordInternalContext *ctx);
  97
  98
  99 typedef struct WaitingRecord
 100 {   struct WaitingRecord    *next;
 101     size_t                  sent;
 102     /*
 103      * These two fields replace a dynamically allocated SSLBuffer;
 104      * the payload to write is contained in the variable-length
 105      * array data[].
 106      */
 107     size_t                                      length;
 108     uint8_t                                     data[1];
 109 } WaitingRecord;
 110
 111 typedef struct {
 112     const HashHmacReference     *macAlgorithm;
 113     const SSLSymmetricCipher          *cipher;
 114 } SSLRecordCipherSpec;
 115
 116
 117
 118 struct SSLRecordInternalContext
 119 {
 120     /* I/O */
 121     SSLIOReadFunc       read;
 122     SSLIOWriteFunc      write;
 123     SSLIOConnectionRef  ioRef;
 124
 125     /* buffering */
 126     SSLBuffer                   partialReadBuffer;
 127     size_t              amountRead;
 128     WaitingRecord       *recordWriteQueue;
 129
 130     /* ciphers */
 131     uint16_t            selectedCipher;                 /* currently selected */
 132     SSLRecordCipherSpec selectedCipherSpec;     /* ditto */
 133     CipherContext       readCipher;
 134     CipherContext       writeCipher;
 135     CipherContext       readPending;
 136     CipherContext       writePending;
 137     CipherContext       prevCipher;             /* previous write cipher context, used for retransmit */
 138
 139     /* protocol */
 140     bool                isDTLS;
 141     SSLProtocolVersion  negProtocolVersion;     /* negotiated */
 142     const SslRecordCallouts   *sslTslCalls;
 143
 144 };
 145
 146 /* Function called from the ssl3/tls1 callouts */
 147
 148 int SSLVerifyMac(
 149                  uint8_t type,
 150                  SSLBuffer *data,
 151                  uint8_t *compareMAC,
 152                  struct SSLRecordInternalContext *ctx);
 153
 154 #ifdef  __cplusplus
 155 }
 156 #endif
 157
 158 #endif  /* _TLS_SSL_H_ */