]> git.saurik.com Git - apple/security.git/blob - Security/libsecurity_ssl/lib/sslCipherSpecs.c
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-57031.40.6.tar.gz
[apple/security.git] / Security / libsecurity_ssl / lib / sslCipherSpecs.c
1 /*
2 * Copyright (c) 1999-2001,2005-2014 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 /*
25 * cipherSpecs.c - SSLCipherSpec declarations
26 */
27
28 #include "sslBuildFlags.h"
29 #include "sslContext.h"
30 #include "sslCipherSpecs.h"
31 #include "sslDebug.h"
32 #include "sslMemory.h"
33 #include "sslDebug.h"
34 #include "sslUtils.h"
35 #include "sslPriv.h"
36
37 #include <tls_handshake.h>
38
39 #include <string.h>
40 #include <assert.h>
41 #include <Security/SecBase.h>
42
43 #include <TargetConditionals.h>
44
45
46 /* SecureTransport needs it's own copy of KnownCipherSuites for now, there is a copy in coreTLS,
47 that is exported, but it actually should only included the "default" not the supported */
48
49 #define ENABLE_ECDH 1
50 #define ENABLE_AES_GCM 0
51 #define ENABLE_PSK 1
52
53 static const uint16_t STKnownCipherSuites[] = {
54 #if ENABLE_AES_GCM
55 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
56 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
57 #endif
58 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
59 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
60 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
61 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
62 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
63 #if ENABLE_AES_GCM
64 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
65 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
66 #endif
67 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
68 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
69 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
70 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
71 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
72 #if ENABLE_ECDH
73 #if ENABLE_AES_GCM
74 TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
75 TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
76 #endif
77 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
78 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
79 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
80 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
81 TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
82 #if ENABLE_AES_GCM
83 TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,
84 TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
85 #endif
86 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
87 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
88 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
89 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
90 TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
91 #endif
92
93 #if ENABLE_AES_GCM
94 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
95 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
96 #endif // ENABLE_AES_GCM
97 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
98 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
99 TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
100 TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
101 SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
102
103 #if ENABLE_AES_GCM
104 TLS_RSA_WITH_AES_256_GCM_SHA384,
105 TLS_RSA_WITH_AES_128_GCM_SHA256,
106 #endif
107 TLS_RSA_WITH_AES_256_CBC_SHA256,
108 TLS_RSA_WITH_AES_128_CBC_SHA256,
109 TLS_RSA_WITH_AES_256_CBC_SHA,
110 TLS_RSA_WITH_AES_128_CBC_SHA,
111 SSL_RSA_WITH_3DES_EDE_CBC_SHA,
112
113 #if ENABLE_RC4
114 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
115 TLS_ECDHE_RSA_WITH_RC4_128_SHA,
116 TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
117 TLS_ECDH_RSA_WITH_RC4_128_SHA,
118 SSL_RSA_WITH_RC4_128_SHA,
119 SSL_RSA_WITH_RC4_128_MD5,
120 #endif
121
122
123 /* Unsafe ciphersuites */
124
125 #if ENABLE_AES_GCM
126 TLS_DH_anon_WITH_AES_256_GCM_SHA384,
127 TLS_DH_anon_WITH_AES_128_GCM_SHA256,
128 #endif
129 TLS_DH_anon_WITH_AES_128_CBC_SHA256,
130 TLS_DH_anon_WITH_AES_256_CBC_SHA256,
131 TLS_DH_anon_WITH_AES_128_CBC_SHA,
132 TLS_DH_anon_WITH_AES_256_CBC_SHA,
133 SSL_DH_anon_WITH_RC4_128_MD5,
134 SSL_DH_anon_WITH_3DES_EDE_CBC_SHA,
135
136 TLS_ECDHE_ECDSA_WITH_NULL_SHA,
137 TLS_ECDHE_RSA_WITH_NULL_SHA,
138 #if ENABLE_ECDH
139 TLS_ECDH_ECDSA_WITH_NULL_SHA,
140 TLS_ECDH_RSA_WITH_NULL_SHA,
141 #endif
142
143 #if ENABLE_PSK
144 TLS_PSK_WITH_AES_256_CBC_SHA384,
145 TLS_PSK_WITH_AES_128_CBC_SHA256,
146 TLS_PSK_WITH_AES_256_CBC_SHA,
147 TLS_PSK_WITH_AES_128_CBC_SHA,
148 TLS_PSK_WITH_RC4_128_SHA,
149 TLS_PSK_WITH_3DES_EDE_CBC_SHA,
150 TLS_PSK_WITH_NULL_SHA384,
151 TLS_PSK_WITH_NULL_SHA256,
152 TLS_PSK_WITH_NULL_SHA,
153 #endif
154
155 TLS_RSA_WITH_NULL_SHA256,
156 SSL_RSA_WITH_NULL_SHA,
157 SSL_RSA_WITH_NULL_MD5
158
159 };
160
161 static const unsigned STCipherSuiteCount = sizeof(STKnownCipherSuites)/sizeof(STKnownCipherSuites[0]);
162
163
164 /*
165 * Build ctx->validCipherSpecs as a copy of KnownCipherSpecs, assuming that
166 * validCipherSpecs is currently not valid (i.e., SSLSetEnabledCiphers() has
167 * not been called).
168 */
169 OSStatus sslBuildCipherSuiteArray(SSLContext *ctx)
170 {
171 size_t size;
172 unsigned dex;
173
174 assert(ctx != NULL);
175 assert(ctx->validCipherSuites == NULL);
176
177 ctx->numValidCipherSuites = STCipherSuiteCount;
178 size = STCipherSuiteCount * sizeof(uint16_t);
179 ctx->validCipherSuites = (uint16_t *)sslMalloc(size);
180 if(ctx->validCipherSuites == NULL) {
181 ctx->numValidCipherSuites = 0;
182 return errSecAllocate;
183 }
184
185 /*
186 * Trim out inappropriate ciphers:
187 * -- trim anonymous ciphers if !ctx->anonCipherEnable
188 * -- trim ECDSA ciphers for server side if appropriate
189 * -- trim ECDSA ciphers if TLSv1 disable or SSLv2 enabled (since
190 * we MUST do the Client Hello extensions to make these ciphers
191 * work reliably)
192 * -- trim Stream ciphers if DTLSv1 enable
193 * -- trim CBC ciphers when doing SSLv3 fallback
194 */
195 uint16_t *dst = ctx->validCipherSuites;
196 const uint16_t *src = STKnownCipherSuites;
197
198 bool trimECDSA = false;
199 if((ctx->protocolSide==kSSLServerSide) && !SSL_ECDSA_SERVER) {
200 trimECDSA = true;
201 }
202 if(ctx->minProtocolVersion == SSL_Version_2_0
203 || ctx->maxProtocolVersion == SSL_Version_3_0) {
204 /* We trim ECDSA cipher suites if SSL2 is enabled or
205 The maximum allowed protocol is SSL3. Note that this
206 won't trim ECDSA cipherspecs for DTLS which should be
207 the right thing to do here. */
208 trimECDSA = true;
209 }
210
211 /* trim Stream Ciphers for DTLS */
212 bool trimRC4 = ctx->isDTLS;
213
214 /* trim CBC cipher when doing SSLv3 only fallback */
215 bool trimCBC = (ctx->protocolSide==kSSLClientSide)
216 && (ctx->maxProtocolVersion == SSL_Version_3_0)
217 && ctx->fallbackEnabled;
218
219 bool trimDHE = (ctx->protocolSide==kSSLServerSide) &&
220 !ctx->dhParamsEncoded.length;
221
222 for(dex=0; dex<STCipherSuiteCount; dex++) {
223 KeyExchangeMethod kem = sslCipherSuiteGetKeyExchangeMethod(*src);
224 uint8_t keySize = sslCipherSuiteGetSymmetricCipherKeySize(*src);
225 HMAC_Algs mac = sslCipherSuiteGetMacAlgorithm(*src);
226 SSL_CipherAlgorithm cipher = sslCipherSuiteGetSymmetricCipherAlgorithm(*src);
227 /* First skip ECDSA ciphers as appropriate */
228 switch(kem) {
229 case SSL_ECDH_ECDSA:
230 case SSL_ECDHE_ECDSA:
231 case SSL_ECDH_RSA:
232 case SSL_ECDHE_RSA:
233 case SSL_ECDH_anon:
234 if(trimECDSA) {
235 /* Skip this one */
236 ctx->numValidCipherSuites--;
237 src++;
238 continue;
239 }
240 else {
241 break;
242 }
243 default:
244 break;
245 }
246 if(!ctx->anonCipherEnable) {
247 /* trim out the anonymous (and null-auth-cipher) ciphers */
248 if(mac == HA_Null) {
249 /* skip this one */
250 ctx->numValidCipherSuites--;
251 src++;
252 continue;
253 }
254 switch(kem) {
255 case SSL_DH_anon:
256 case SSL_DH_anon_EXPORT:
257 case SSL_ECDH_anon:
258 /* skip this one */
259 ctx->numValidCipherSuites--;
260 src++;
261 continue;
262 default:
263 break;
264 }
265 }
266 if(ctx->falseStartEnabled) {
267 switch(kem){
268 case SSL_ECDHE_ECDSA:
269 case SSL_ECDHE_RSA:
270 case SSL_DHE_RSA:
271 case SSL_DHE_DSS:
272 /* Ok for false start */
273 break;
274 default:
275 /* Not ok, skip */
276 ctx->numValidCipherSuites--;
277 src++;
278 continue;
279 }
280 switch(cipher) {
281 case SSL_CipherAlgorithmAES_128_CBC:
282 case SSL_CipherAlgorithmAES_128_GCM:
283 case SSL_CipherAlgorithmAES_256_CBC:
284 case SSL_CipherAlgorithmAES_256_GCM:
285 case SSL_CipherAlgorithmRC4_128:
286 /* Ok for false start */
287 break;
288 default:
289 /* Not ok, skip*/
290 ctx->numValidCipherSuites--;
291 src++;
292 continue;
293 }
294 }
295
296 /* This will skip the simple DES cipher suites, but not the NULL cipher ones */
297 if (keySize == 8)
298 {
299 /* skip this one */
300 ctx->numValidCipherSuites--;
301 src++;
302 continue;
303 }
304
305 /* Trim PSK ciphersuites, they need to be enabled explicitely */
306 if (kem==TLS_PSK) {
307 ctx->numValidCipherSuites--;
308 src++;
309 continue;
310 }
311
312 if (trimDHE) {
313 switch(kem) {
314 case SSL_DHE_DSS:
315 case SSL_DHE_DSS_EXPORT:
316 case SSL_DHE_RSA:
317 case SSL_DHE_RSA_EXPORT:
318 /* skip this one */
319 ctx->numValidCipherSuites--;
320 src++;
321 continue;
322 default:
323 break;
324 }
325 }
326
327 if (trimRC4 && (cipher==SSL_CipherAlgorithmRC4_128)) {
328 ctx->numValidCipherSuites--;
329 src++;
330 continue;
331 }
332
333 if(trimCBC) {
334 switch (cipher) {
335 case SSL_CipherAlgorithmAES_128_CBC:
336 case SSL_CipherAlgorithmAES_256_CBC:
337 case SSL_CipherAlgorithm3DES_CBC:
338 ctx->numValidCipherSuites--;
339 src++;
340 continue;
341 default:
342 break;
343 }
344 }
345
346 if(cipher==SSL_CipherAlgorithmNull) {
347 ctx->numValidCipherSuites--;
348 src++;
349 continue;
350 }
351
352 /* This one is good to go */
353 *dst++ = *src++;
354 }
355
356 // sslAnalyzeCipherSpecs(ctx);
357
358 tls_handshake_set_ciphersuites(ctx->hdsk, ctx->validCipherSuites, ctx->numValidCipherSuites);
359
360 return errSecSuccess;
361 }
362
363
364 /*
365 * Convert an array of SSLCipherSuites (which is always KnownCipherSpecs)
366 * to an array of SSLCipherSuites.
367 */
368 static OSStatus
369 cipherSuitesToCipherSuites(
370 size_t numCipherSuites,
371 const uint16_t *cipherSuites,
372 SSLCipherSuite *ciphers, /* RETURNED */
373 size_t *numCiphers) /* IN/OUT */
374 {
375 size_t i;
376 if(*numCiphers < numCipherSuites) {
377 return errSSLBufferOverflow;
378 }
379
380 /* NOTE: this is required to go from uint16_t to SSLCipherSuite
381 which is either 32 or 16 bits, depending on the platform */
382 for(i=0;i<numCipherSuites; i++) {
383 ciphers[i]=cipherSuites[i];
384 }
385 *numCiphers = numCipherSuites;
386 return errSecSuccess;
387 }
388
389 /***
390 *** Publically exported functions declared in SecureTransport.h
391 ***/
392
393 /*
394 * Determine number and values of all of the SSLCipherSuites we support.
395 * Caller allocates output buffer for SSLGetSupportedCiphers() and passes in
396 * its size in *numCiphers. If supplied buffer is too small, errSSLBufferOverflow
397 * will be returned.
398 */
399 OSStatus
400 SSLGetNumberSupportedCiphers (SSLContextRef ctx,
401 size_t *numCiphers)
402 {
403 if((ctx == NULL) || (numCiphers == NULL)) {
404 return errSecParam;
405 }
406 *numCiphers = STCipherSuiteCount;
407 return errSecSuccess;
408 }
409
410 OSStatus
411 SSLGetSupportedCiphers (SSLContextRef ctx,
412 SSLCipherSuite *ciphers, /* RETURNED */
413 size_t *numCiphers) /* IN/OUT */
414 {
415 if((ctx == NULL) || (ciphers == NULL) || (numCiphers == NULL)) {
416 return errSecParam;
417 }
418 return cipherSuitesToCipherSuites(STCipherSuiteCount,
419 STKnownCipherSuites,
420 ciphers,
421 numCiphers);
422 }
423
424 /*
425 * Specify a (typically) restricted set of SSLCipherSuites to be enabled by
426 * the current SSLContext. Can only be called when no session is active. Default
427 * set of enabled SSLCipherSuites is NOT the same as the complete set of supported
428 * SSLCipherSuites as obtained by SSLGetSupportedCiphers().
429 */
430 OSStatus
431 SSLSetEnabledCiphers (SSLContextRef ctx,
432 const SSLCipherSuite *ciphers,
433 size_t numCiphers)
434 {
435 size_t size;
436 unsigned foundCiphers=0;
437 unsigned callerDex;
438 unsigned tableDex;
439
440 if((ctx == NULL) || (ciphers == NULL) || (numCiphers == 0)) {
441 return errSecParam;
442 }
443 if(sslIsSessionActive(ctx)) {
444 /* can't do this with an active session */
445 return errSecBadReq;
446 }
447 size = numCiphers * sizeof(uint16_t);
448 ctx->validCipherSuites = (uint16_t *)sslMalloc(size);
449 if(ctx->validCipherSuites == NULL) {
450 ctx->numValidCipherSuites = 0;
451 return errSecAllocate;
452 }
453
454 /*
455 * Run thru caller's specs, keep only the supported ones.
456 */
457 for(callerDex=0; callerDex<numCiphers; callerDex++) {
458 /* find matching CipherSpec in our known table */
459 for(tableDex=0; tableDex<STCipherSuiteCount; tableDex++) {
460 if(ciphers[callerDex] == STKnownCipherSuites[tableDex]) {
461 ctx->validCipherSuites[foundCiphers] = STKnownCipherSuites[tableDex];
462 foundCiphers++;
463 break;
464 }
465 }
466 }
467
468 if(foundCiphers==0) {
469 /* caller specified only unsupported ciphersuites */
470 sslFree(ctx->validCipherSuites);
471 ctx->validCipherSuites = NULL;
472 return errSSLBadCipherSuite;
473 }
474
475 /* success */
476 ctx->numValidCipherSuites = foundCiphers;
477
478 tls_handshake_set_ciphersuites(ctx->hdsk, ctx->validCipherSuites, ctx->numValidCipherSuites);
479
480 return errSecSuccess;
481 }
482
483 /*
484 * Determine number and values of all of the SSLCipherSuites currently enabled.
485 * Caller allocates output buffer for SSLGetEnabledCiphers() and passes in
486 * its size in *numCiphers. If supplied buffer is too small, errSSLBufferOverflow
487 * will be returned.
488 */
489 OSStatus
490 SSLGetNumberEnabledCiphers (SSLContextRef ctx,
491 size_t *numCiphers)
492 {
493 if((ctx == NULL) || (numCiphers == NULL)) {
494 return errSecParam;
495 }
496 if(ctx->validCipherSuites == NULL) {
497 /* hasn't been set; use default */
498 *numCiphers = STCipherSuiteCount;
499 }
500 else {
501 /* caller set via SSLSetEnabledCiphers */
502 *numCiphers = ctx->numValidCipherSuites;
503 }
504 return errSecSuccess;
505 }
506
507 OSStatus
508 SSLGetEnabledCiphers (SSLContextRef ctx,
509 SSLCipherSuite *ciphers, /* RETURNED */
510 size_t *numCiphers) /* IN/OUT */
511 {
512 if((ctx == NULL) || (ciphers == NULL) || (numCiphers == NULL)) {
513 return errSecParam;
514 }
515 if(ctx->validCipherSuites == NULL) {
516 /* hasn't been set; use default */
517 return cipherSuitesToCipherSuites(STCipherSuiteCount,
518 STKnownCipherSuites,
519 ciphers,
520 numCiphers);
521 }
522 else {
523 /* use the ones specified in SSLSetEnabledCiphers() */
524 return cipherSuitesToCipherSuites(ctx->numValidCipherSuites,
525 ctx->validCipherSuites,
526 ciphers,
527 numCiphers);
528 }
529 }
mirror of Security