2 * Copyright (c) 1999-2001,2005-2014 Apple Inc. All Rights Reserved.
4 * @APPLE_LICENSE_HEADER_START@
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
21 * @APPLE_LICENSE_HEADER_END@
25 * sslContext.h - Private SSL typedefs: SSLContext and its components
28 #ifndef _SSLCONTEXT_H_
29 #define _SSLCONTEXT_H_ 1
31 #include "SecureTransport.h"
32 #include "sslBuildFlags.h"
34 #include <tls_handshake.h>
35 #include <tls_record.h>
36 #include <tls_stream_parser.h>
38 #ifdef USE_CDSA_CRYPTO
39 #include <Security/cssmtype.h>
42 #include <Security/SecDH.h>
43 #include <Security/SecKeyInternal.h>
45 #include "../sec/Security/SecDH.h" // hack to get SecDH.
46 // typedef struct OpaqueSecDHContext *SecDHContext;
48 #include <corecrypto/ccec.h>
51 #include <CoreFoundation/CFRuntime.h>
52 #include <AssertMacros.h>
56 #include "sslDigests.h"
57 #include "sslRecord.h"
58 #include "cipherSpecs.h"
60 #include <dispatch/dispatch.h>
69 SSLConnectionRef ioRef
;
72 //FIXME should not need this.
75 SSL_HdskStateUninit
= 0, /* No Handshake yet */
76 SSL_HdskStatePending
, /* Handshake in Progress */
77 SSL_HdskStateReady
, /* Handshake is done */
78 SSL_HdskStateGracefulClose
,
79 SSL_HdskStateErrorClose
,
80 SSL_HdskStateNoNotifyClose
, /* server disconnected with no
84 #define SSLChangeHdskState(ctx, newState) { ctx->state=newState; }
92 const struct SSLRecordFuncs
*recFuncs
;
93 SSLRecordContextRef recCtx
;
98 int writeCipher_ready
;
100 SSLHandshakeState state
;
103 * Prior to successful protocol negotiation, negProtocolVersion
104 * is SSL_Version_Undetermined. Subsequent to successful
105 * negotiation, negProtocolVersion contains the actual over-the-wire
108 * The Boolean versionEnable flags are set by
109 * SSLSetProtocolVersionEnabled or SSLSetProtocolVersion and
110 * remain invariant once negotiation has started. If there
111 * were a large number of these and/or we were adding new
112 * protocol versions on a regular basis, we'd probably want
113 * to implement these as a word of flags. For now, in the
114 * real world, this is the most straightforward implementation.
116 SSLProtocolVersion negProtocolVersion
; /* negotiated */
117 SSLProtocolVersion clientReqProtocol
; /* requested by client in hello msg */
118 SSLProtocolVersion minProtocolVersion
;
119 SSLProtocolVersion maxProtocolVersion
;
120 Boolean isDTLS
; /* if this is a Datagram Context */
121 SSLProtocolSide protocolSide
; /* ConnectionEnd enum { server, client } in rfc5246. */
123 SSLBuffer dtlsCookie
; /* DTLS ClientHello cookie */
126 uint16_t selectedCipher
; /* currently selected */
129 tls_private_key_t signingPrivKeyRef
; /* our private signing key */
131 tls_private_key_t encryptPrivKeyRef
; /* our private encrypt key, for
132 * server-initiated key exchange */
135 /* Server DH Parameters */
136 SSLBuffer dhParamsEncoded
; /* PKCS3 encoded blob - prime + generator */
139 * Various cert chains.
140 * For all three, the root is the last in the chain.
142 SSLCertificate
*localCert
;
143 SSLCertificate
*encryptCert
;
147 * The arrays we are given via SSLSetCertificate() and SSLSetEncryptionCertificate().
148 * We keep them here, refcounted, solely for the associated getters.
150 CFArrayRef localCertArray
;
151 CFArrayRef encryptCertArray
;
153 /* peer certs as SecTrustRef */
154 SecTrustRef peerSecTrust
;
156 CFMutableArrayRef trustedCerts
;
157 Boolean trustedCertsOnly
;
160 * trusted leaf certs as specified in SSLSetTrustedLeafCertificates()
162 CFArrayRef trustedLeafCerts
;
164 Boolean allowExpiredCerts
;
165 Boolean allowExpiredRoots
;
166 Boolean enableCertVerify
;
170 SSLBuffer resumableSession
; /* We keep a copy for now - but eventually this should go away if we get refcounted SSLBuffers */
172 uint16_t *validCipherSuites
; /* context's valid suites */
173 unsigned numValidCipherSuites
; /* size of validCipherSuites */
176 uint16_t *ecdhCurves
;
177 unsigned ecdhNumCurves
;
179 /* server-side only */
180 SSLAuthenticate clientAuth
; /* kNeverAuthenticate, etc. */
181 //Boolean tryClientAuth;
183 /* client and server */
184 SSLClientCertificateState clientCertState
;
186 DNListElem
*acceptableDNList
; /* client and server */
187 CFMutableArrayRef acceptableCAs
; /* server only - SecCertificateRefs */
194 unsigned sessionMatch
;
197 /* Transport layer fields */
198 SSLBuffer receivedDataBuffer
;
199 size_t receivedDataPos
;
201 Boolean allowAnyRoot
; // don't require known roots
202 Boolean sentFatalAlert
; // this session terminated by fatal alert
203 Boolean rsaBlindingEnable
;
204 Boolean oneByteRecordEnable
; /* enable 1/n-1 data splitting for TLSv1 and SSLv3 */
206 /* optional session cache timeout (in seconds) override - 0 means default */
207 uint32_t sessionCacheTimeout
;
209 /* optional SessionTicket */
210 SSLBuffer sessionTicket
;
212 /* optional callback to obtain master secret, with its opaque arg */
213 SSLInternalMasterSecretFunction masterSecretCallback
;
214 const void *masterSecretArg
;
216 #if SSL_PAC_SERVER_ENABLE
217 /* server PAC resume sets serverRandom early to allow for secret acquisition */
218 uint8_t serverRandomValid
;
221 Boolean anonCipherEnable
;
223 /* optional switches to enable additional returns from SSLHandshake */
224 Boolean breakOnServerAuth
;
225 Boolean breakOnCertRequest
;
226 Boolean breakOnClientAuth
;
227 Boolean signalServerAuth
;
228 Boolean signalCertRequest
;
229 Boolean signalClientAuth
;
231 /* true iff ECDSA/ECDH ciphers are configured */
234 /* List of peer-specified supported_signature_algorithms */
235 unsigned numPeerSigAlgs
;
236 const tls_signature_and_hash_algorithm
*peerSigAlgs
;
238 /* List of server-specified client auth types */
239 unsigned numAuthTypes
;
240 const tls_client_auth_type
*clientAuthTypes
;
242 /* client auth type actually negotiated */
243 tls_client_auth_type negAuthType
;
245 /* Timeout for DTLS retransmit */
246 CFAbsoluteTime timeout_deadline
;
247 CFAbsoluteTime timeout_duration
;
250 /* RFC 5746: Secure renegotiation */
251 Boolean secure_renegotiation
;
252 Boolean secure_renegotiation_received
;
253 SSLBuffer ownVerifyData
;
254 SSLBuffer peerVerifyData
;
256 /* RFC 4279: TLS PSK */
257 SSLBuffer pskSharedSecret
;
258 SSLBuffer pskIdentity
;
260 /* TLS False Start */
261 Boolean falseStartEnabled
; //FalseStart enabled (by API call)
262 /* Fallback behavior */
263 Boolean fallbackEnabled
; // Fallback behavior enabled.
269 OSStatus
SSLUpdateNegotiatedClientAuthType(SSLContextRef ctx
);
271 Boolean
sslIsSessionActive(const SSLContext
*ctx
);
273 static inline bool sslVersionIsLikeTls12(SSLContext
*ctx
)
275 check(ctx
->negProtocolVersion
!=SSL_Version_Undetermined
);
276 return ctx
->isDTLS
? ctx
->negProtocolVersion
> DTLS_Version_1_0
: ctx
->negProtocolVersion
>= TLS_Version_1_2
;
279 /* This is implemented in tls_callbacks.c */
280 int sslGetSessionID(SSLContext
*myCtx
, SSLBuffer
*sessionID
);
286 #endif /* _SSLCONTEXT_H_ */
projects / apple / security.git / blob