SecureTransport/privateInc/tls_ssl.h

   1 /*
   2  * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
   3  *
   4  * The contents of this file constitute Original Code as defined in and are
   5  * subject to the Apple Public Source License Version 1.2 (the 'License').
   6  * You may not use this file except in compliance with the License. Please obtain
   7  * a copy of the License at http://www.apple.com/publicsource and read it before
   8  * using this file.
   9  *
  10  * This Original Code and all software distributed under the License are
  11  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
  12  * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
  13  * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
  14  * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
  15  * specific language governing rights and limitations under the License.
  16  */
  17
  18
  19 /*
  20         File:           tls_ssl.h
  21
  22         Contains:       Declarations of callout struct to provide indirect calls to
  23                                 SSLv3 and TLS routines.
  24
  25         Written by:     Doug Mitchell
  26 */
  27
  28 #ifndef _TLS_SSL_H_
  29 #define _TLS_SSL_H_
  30
  31 #ifdef  __cplusplus
  32 extern "C" {
  33 #endif
  34
  35 #include "ssl.h"
  36 #include "sslPriv.h"
  37 #include "sslContext.h"
  38 #include "sslRecord.h"
  39 #include "cryptType.h"
  40
  41 /***
  42  *** Each of {TLS, SSLv3} implements each of these functions.
  43  ***/
  44
  45 /* unpack, decrypt, validate one record */
  46 typedef OSStatus (*decryptRecordFcn) (
  47         UInt8 type,
  48         SSLBuffer *payload,
  49         SSLContext *ctx);
  50
  51 /* pack, encrypt, mac, queue one outgoing record */
  52 typedef OSStatus (*writeRecordFcn) (
  53         SSLRecord rec,
  54         SSLContext *ctx);
  55
  56 /* initialize a per-CipherContext HashHmacContext for use in MACing each record */
  57 typedef OSStatus (*initMacFcn) (
  58         CipherContext *cipherCtx,               // macRef, macSecret valid on entry
  59                                                                         // macCtx valid on return
  60         SSLContext *ctx);
  61
  62 /* free per-CipherContext HashHmacContext */
  63 typedef OSStatus (*freeMacFcn) (
  64         CipherContext *cipherCtx);
  65
  66 /* compute MAC on one record */
  67 typedef OSStatus (*computeMacFcn) (
  68         UInt8 type,
  69         SSLBuffer data,
  70         SSLBuffer mac,                                  // caller mallocs data
  71         CipherContext *cipherCtx,               // assumes macCtx, macRef
  72         sslUint64 seqNo,
  73         SSLContext *ctx);
  74
  75 typedef OSStatus (*generateKeyMaterialFcn) (
  76         SSLBuffer key,                                  // caller mallocs and specifies length of
  77                                                                         //   required key material here
  78         SSLContext *ctx);
  79
  80 typedef OSStatus (*generateExportKeyAndIvFcn) (
  81         SSLContext *ctx,                                // clientRandom, serverRandom valid
  82         const SSLBuffer clientWriteKey,
  83         const SSLBuffer serverWriteKey,
  84         SSLBuffer finalClientWriteKey,  // RETURNED, mallocd by caller
  85         SSLBuffer finalServerWriteKey,  // RETURNED, mallocd by caller
  86         SSLBuffer finalClientIV,                // RETURNED, mallocd by caller
  87         SSLBuffer finalServerIV);               // RETURNED, mallocd by caller
  88
  89 /*
  90  * On entry: clientRandom, serverRandom, preMasterSecret valid
  91  * On return: masterSecret valid
  92  */
  93 typedef OSStatus (*generateMasterSecretFcn) (
  94         SSLContext *ctx);
  95
  96 typedef OSStatus (*computeFinishedMacFcn) (
  97         SSLContext *ctx,
  98         SSLBuffer finished,             // output - mallocd by caller
  99         SSLBuffer shaMsgState,          // clone of running digest of all handshake msgs
 100         SSLBuffer md5MsgState,          // ditto
 101         Boolean isServer);
 102
 103 typedef OSStatus (*computeCertVfyMacFcn) (
 104         SSLContext *ctx,
 105         SSLBuffer finished,             // output - mallocd by caller
 106         SSLBuffer shaMsgState,          // clone of running digest of all handshake msgs
 107         SSLBuffer md5MsgState);         // ditto
 108
 109 typedef struct _SslTlsCallouts {
 110         decryptRecordFcn                        decryptRecord;
 111         writeRecordFcn                          writeRecord;
 112         initMacFcn                                      initMac;
 113         freeMacFcn                                      freeMac;
 114         computeMacFcn                           computeMac;
 115         generateKeyMaterialFcn          generateKeyMaterial;
 116         generateExportKeyAndIvFcn       generateExportKeyAndIv;
 117         generateMasterSecretFcn         generateMasterSecret;
 118         computeFinishedMacFcn           computeFinishedMac;
 119         computeCertVfyMacFcn            computeCertVfyMac;
 120 } SslTlsCallouts;
 121
 122 /* From ssl3Callouts.c and tls1Callouts.c */
 123 extern const SslTlsCallouts     Ssl3Callouts;
 124 extern const SslTlsCallouts     Tls1Callouts;
 125
 126 /* one callout routine used in common (for now) */
 127 OSStatus ssl3WriteRecord(
 128         SSLRecord rec,
 129         SSLContext *ctx);
 130
 131 #ifdef  __cplusplus
 132 }
 133 #endif
 134
 135 #endif  /* _TLS_SSL_H_ */