SecureTransport/privateInc/cryptType.h

   1 /*
   2  * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
   3  *
   4  * The contents of this file constitute Original Code as defined in and are
   5  * subject to the Apple Public Source License Version 1.2 (the 'License').
   6  * You may not use this file except in compliance with the License. Please obtain
   7  * a copy of the License at http://www.apple.com/publicsource and read it before
   8  * using this file.
   9  *
  10  * This Original Code and all software distributed under the License are
  11  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
  12  * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
  13  * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
  14  * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
  15  * specific language governing rights and limitations under the License.
  16  */
  17
  18
  19 /*
  20         File:           cryptType.h
  21
  22         Contains:       Crypto structures and routines
  23
  24         Written by:     Doug Mitchell, based on Netscape SSLRef 3.0
  25
  26         Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved.
  27
  28 */
  29 /*  *********************************************************************
  30     File: cryptype.h
  31
  32     SSLRef 3.0 Final -- 11/19/96
  33
  34     Copyright (c)1996 by Netscape Communications Corp.
  35
  36     By retrieving this software you are bound by the licensing terms
  37     disclosed in the file "LICENSE.txt". Please read it, and if you don't
  38     accept the terms, delete this software.
  39
  40     SSLRef 3.0 was developed by Netscape Communications Corp. of Mountain
  41     View, California <http://home.netscape.com/> and Consensus Development
  42     Corporation of Berkeley, California <http://www.consensus.com/>.
  43
  44     *********************************************************************
  45
  46     File: cryptype.h   Crypto structures and routines
  47
  48     Types associated with cryptographic functionality, including hashes,
  49     symmetric ciphers, and cipher specs.
  50
  51     ****************************************************************** */
  52
  53 #ifndef _CRYPTTYPE_H_
  54 #define _CRYPTTYPE_H_ 1
  55
  56 #include "sslerrs.h"
  57 #include <Security/CipherSuite.h>
  58 #include "sslPriv.h"
  59 #include "sslctx.h"
  60 #include "tls_hmac.h"
  61
  62 #ifdef __cplusplus
  63 extern "C" {
  64 #endif
  65
  66 typedef enum
  67 {   SSL2_RC4_128_WITH_MD5 =                 0x010080,
  68     SSL2_RC4_128_EXPORT_40_WITH_MD5 =       0x020080,
  69     SSL2_RC2_128_CBC_WITH_MD5 =             0x030080,
  70     SSL2_RC2_128_CBC_EXPORT40_WITH_MD5 =    0x040080,
  71     SSL2_IDEA_128_CBC_WITH_MD5 =            0x050080,
  72     SSL2_DES_64_CBC_WITH_MD5 =              0x060040,
  73     SSL2_DES_192_EDE3_CBC_WITH_MD5 =        0x0700C0
  74 } SSL2CipherKind;
  75
  76 typedef struct
  77 {   SSL2CipherKind      cipherKind;
  78     SSLCipherSuite      cipherSuite;
  79 } SSLCipherMapping;
  80
  81 typedef SSLErr (*HashInit)(SSLBuffer digestCtx, SSLContext *sslCtx);
  82 typedef SSLErr (*HashUpdate)(SSLBuffer digestCtx, SSLBuffer data);
  83 /* HashFinal also does HashClose */
  84 typedef SSLErr (*HashFinal)(SSLBuffer digestCtx, SSLBuffer digest);
  85 typedef SSLErr (*HashClose)(SSLBuffer digestCtx, SSLContext *sslCtx);
  86 typedef SSLErr (*HashClone)(SSLBuffer src, SSLBuffer dest);
  87 typedef struct
  88 {   UInt32      contextSize;
  89     UInt32      digestSize;
  90     UInt32      macPadSize;
  91     HashInit    init;
  92     HashUpdate  update;
  93     HashFinal   final;
  94         HashClose       close;
  95     HashClone   clone;
  96 } HashReference;
  97
  98 /*
  99  * TLS extension:
 100  *              -- new struct HashHmacReference
 101  *              -- structs which used to use HashReference now use HashHmacReference
 102  *              -- new union HashHmacContext, used in CipherContext.
 103  */
 104 typedef struct {
 105         const HashReference     *hash;
 106         const HMACReference     *hmac;
 107 } HashHmacReference;
 108
 109 typedef union {
 110         SSLBuffer                       hashCtx;
 111         HMACContextRef          hmacCtx;
 112 } HashHmacContext;
 113
 114 /* these are declared in tls_hmac.c */
 115 extern const HashHmacReference HashHmacNull;
 116 extern const HashHmacReference HashHmacMD5;
 117 extern const HashHmacReference HashHmacSHA1;
 118
 119 /*
 120  * Hack to avoid circular dependency with tls_ssl.h.
 121  */
 122 struct _SslTlsCallouts;
 123
 124 /*
 125  * All symmetric ciphers go thru CDSA, but we'll keep these callouts for
 126  * now. The major change here from SSLRef3 is the inclusion of the CipherContext
 127  * arg, for alg/mode and key storage.
 128  */
 129 struct CipherContext;
 130 typedef struct CipherContext CipherContext;
 131
 132 typedef SSLErr (*SSLKeyFunc)(
 133         UInt8 *key,
 134         UInt8 *iv,
 135         CipherContext *cipherCtx,
 136         SSLContext *ctx);
 137 typedef SSLErr (*SSLCryptFunc)(
 138         SSLBuffer src,
 139         SSLBuffer dest,
 140         CipherContext *cipherCtx,
 141         SSLContext *ctx);
 142 typedef SSLErr (*SSLFinishFunc)(
 143         CipherContext *cipherCtx,
 144         SSLContext *ctx);
 145
 146 typedef enum
 147 {   NotExportable = 0,
 148     Exportable = 1
 149 } Exportability;
 150
 151 /*
 152  * Statically defined description of a symmetric sipher.
 153  */
 154 typedef struct {
 155     UInt8               keySize;            /* Sizes are in bytes */
 156     UInt8               secretKeySize;
 157     UInt8               ivSize;
 158     UInt8                       blockSize;
 159     CSSM_ALGORITHMS             keyAlg;                         /* CSSM_ALGID_DES, etc. */
 160     CSSM_ALGORITHMS             encrAlg;                        /* ditto */
 161     CSSM_ENCRYPT_MODE   encrMode;                       /* CSSM_ALGMODE_CBCPadIV8, etc. */
 162         CSSM_PADDING            encrPad;
 163     SSLKeyFunc          initialize;
 164     SSLCryptFunc        encrypt;
 165     SSLCryptFunc        decrypt;
 166     SSLFinishFunc       finish;
 167 } SSLSymmetricCipher;
 168
 169 #define MAX_DIGEST_SIZE 20          /* SHA digest size = 160 bits */
 170 #define MAX_MAC_PADDING 48          /* MD5 MAC padding size = 48 bytes */
 171 #define MASTER_SECRET_LEN 48        /* master secret = 3 x MD5 hashes concatenated */
 172
 173 /* SSL V2 - mac secret is the size of symmetric key, not digest */
 174 #define MAX_SYMKEY_SIZE         24
 175
 176 typedef enum
 177 {   SSL_NULL_auth,
 178         /*
 179          * FIXME: I have no idea what the difference is between
 180          * e.g. SSL_RSA and SS_RSA_EXPORT. These don't go over the
 181          * wire.
 182          * The few times the SSLRef code behaves differently between
 183          * these two look wrong. See SSLDecodeRSAKeyExchange(),
 184          * SSLAdvanceHandshake().
 185          *
 186          * UPDATE: see comments for SSL_SERVER_KEYEXCH_HACK hack.
 187          */
 188     SSL_RSA,
 189     SSL_RSA_EXPORT,
 190     SSL_DH_DSS,
 191     SSL_DH_DSS_EXPORT,
 192     SSL_DH_RSA,
 193     SSL_DH_RSA_EXPORT,
 194     SSL_DHE_DSS,
 195     SSL_DHE_DSS_EXPORT,
 196     SSL_DHE_RSA,
 197     SSL_DHE_RSA_EXPORT,
 198     SSL_DH_anon,
 199     SSL_DH_anon_EXPORT,
 200     SSL_Fortezza
 201 } KeyExchangeMethod;
 202
 203 typedef struct {
 204     SSLCipherSuite                      cipherSpec;
 205     Exportability                       isExportable;
 206     KeyExchangeMethod                   keyExchangeMethod;
 207     const HashHmacReference     *macAlgorithm;
 208     const SSLSymmetricCipher    *cipher;
 209 } SSLCipherSpec;
 210
 211 extern const SSLCipherMapping SSL2CipherMap[];
 212 extern const int SSL2CipherMapCount;
 213 extern UInt8 SSLMACPad1[], SSLMACPad2[];
 214
 215 #ifdef __cplusplus
 216 }
 217 #endif
 218
 219 #endif /* _CRYPTTYPE_H_ */