]> git.saurik.com Git - apple/security.git/blob - OSX/libsecurity_ssl/lib/sslCipherSpecs.c
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-59754.60.13.tar.gz
[apple/security.git] / OSX / libsecurity_ssl / lib / sslCipherSpecs.c
1 /*
2 * Copyright (c) 1999-2001,2005-2014 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 /*
25 * cipherSpecs.c - SSLCipherSpec declarations
26 */
27
28 #include "sslBuildFlags.h"
29 #include "sslContext.h"
30 #include "sslCipherSpecs.h"
31 #include "sslDebug.h"
32 #include "sslMemory.h"
33 #include "sslDebug.h"
34 #include "sslPriv.h"
35
36 #include <tls_handshake.h>
37
38 #include <string.h>
39 #include <Security/SecBase.h>
40 #include <Security/SecureTransportPriv.h>
41
42 #include "SecProtocolInternal.h"
43
44 #include <TargetConditionals.h>
45
46
47 /* SecureTransport needs it's own copy of KnownCipherSuites for now, there is a copy in coreTLS,
48 that is exported, but it actually should only included the "default" not the supported */
49
50 #define ENABLE_ECDH 1
51 #define ENABLE_AES_GCM 1
52 #define ENABLE_PSK 1
53 #define ENABLE_CHACHA20_POLY1305 1
54 #define ENABLE_AES_CCM 0
55
56
57 static const uint16_t STKnownCipherSuites[] = {
58 #if ENABLE_AES_GCM
59 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
60 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
61 #endif
62 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
63 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
64 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
65 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
66 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
67 #if ENABLE_AES_GCM
68 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
69 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
70 #endif
71 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
72 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
73 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
74 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
75 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
76 #if ENABLE_ECDH
77 #if ENABLE_AES_GCM
78 TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
79 TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
80 #endif
81 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
82 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
83 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
84 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
85 TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
86 #if ENABLE_AES_GCM
87 TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,
88 TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
89 #endif
90 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
91 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
92 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
93 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
94 TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
95 #endif
96
97 #if ENABLE_AES_GCM
98 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
99 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
100 #endif // ENABLE_AES_GCM
101 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
102 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
103 TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
104 TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
105 SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
106
107 #if ENABLE_AES_GCM
108 TLS_RSA_WITH_AES_256_GCM_SHA384,
109 TLS_RSA_WITH_AES_128_GCM_SHA256,
110 #endif
111 TLS_RSA_WITH_AES_256_CBC_SHA256,
112 TLS_RSA_WITH_AES_128_CBC_SHA256,
113 TLS_RSA_WITH_AES_256_CBC_SHA,
114 TLS_RSA_WITH_AES_128_CBC_SHA,
115 SSL_RSA_WITH_3DES_EDE_CBC_SHA,
116
117 /* TLS 1.3 ciphersuites */
118 #if ENABLE_AES_GCM
119 TLS_AES_128_GCM_SHA256,
120 TLS_AES_256_GCM_SHA384,
121 #endif
122 #if ENABLE_CHACHA20_POLY1305
123 TLS_CHACHA20_POLY1305_SHA256,
124 #endif
125 #if ENABLE_AES_CCM
126 TLS_AES_128_CCM_SHA256,
127 TLS_AES_128_CCM_8_SHA256,
128 #endif
129
130 /* Unsafe ciphersuites */
131
132 #if ENABLE_AES_GCM
133 TLS_DH_anon_WITH_AES_256_GCM_SHA384,
134 TLS_DH_anon_WITH_AES_128_GCM_SHA256,
135 #endif
136 TLS_DH_anon_WITH_AES_128_CBC_SHA256,
137 TLS_DH_anon_WITH_AES_256_CBC_SHA256,
138 TLS_DH_anon_WITH_AES_128_CBC_SHA,
139 TLS_DH_anon_WITH_AES_256_CBC_SHA,
140 SSL_DH_anon_WITH_3DES_EDE_CBC_SHA,
141
142 TLS_ECDHE_ECDSA_WITH_NULL_SHA,
143 TLS_ECDHE_RSA_WITH_NULL_SHA,
144 #if ENABLE_ECDH
145 TLS_ECDH_ECDSA_WITH_NULL_SHA,
146 TLS_ECDH_RSA_WITH_NULL_SHA,
147 #endif
148
149 #if ENABLE_PSK
150 TLS_PSK_WITH_AES_256_CBC_SHA384,
151 TLS_PSK_WITH_AES_128_CBC_SHA256,
152 TLS_PSK_WITH_AES_256_CBC_SHA,
153 TLS_PSK_WITH_AES_128_CBC_SHA,
154 TLS_PSK_WITH_3DES_EDE_CBC_SHA,
155 TLS_PSK_WITH_NULL_SHA384,
156 TLS_PSK_WITH_NULL_SHA256,
157 TLS_PSK_WITH_NULL_SHA,
158 #endif
159
160 TLS_RSA_WITH_NULL_SHA256,
161 SSL_RSA_WITH_NULL_SHA,
162 SSL_RSA_WITH_NULL_MD5
163 };
164
165 static const unsigned STCipherSuiteCount = sizeof(STKnownCipherSuites)/sizeof(STKnownCipherSuites[0]);
166
167 static tls_ciphersuite_group_t
168 _SSLCiphersuteGroupToTLSCiphersuiteGroup(SSLCiphersuiteGroup group)
169 {
170 switch (group) {
171 case kSSLCiphersuiteGroupDefault:
172 return tls_ciphersuite_group_default;
173 case kSSLCiphersuiteGroupCompatibility:
174 return tls_ciphersuite_group_compatibility;
175 case kSSLCiphersuiteGroupLegacy:
176 return tls_ciphersuite_group_legacy;
177 case kSSLCiphersuiteGroupATS:
178 return tls_ciphersuite_group_ats;
179 case kSSLCiphersuiteGroupATSCompatibility:
180 return tls_ciphersuite_group_ats_compatibility;
181 }
182 return tls_ciphersuite_group_default;
183 }
184
185 const SSLCipherSuite *
186 SSLCiphersuiteGroupToCiphersuiteList(SSLCiphersuiteGroup group, size_t *listSize)
187 {
188 tls_ciphersuite_group_t tls_group = _SSLCiphersuteGroupToTLSCiphersuiteGroup(group);
189 const tls_ciphersuite_t *list = sec_protocol_helper_ciphersuite_group_to_ciphersuite_list(tls_group, listSize);
190 return (const SSLCipherSuite *)list;
191 }
192
193 bool
194 SSLCiphersuiteGroupContainsCiphersuite(SSLCiphersuiteGroup group, SSLCipherSuite suite)
195 {
196 tls_ciphersuite_group_t tls_group = _SSLCiphersuteGroupToTLSCiphersuiteGroup(group);
197 return sec_protocol_helper_ciphersuite_group_contains_ciphersuite(tls_group, (tls_ciphersuite_t)suite);
198 }
199
200 static struct ssl_protocol_version_map_entry {
201 SSLProtocol protocol;
202 uint16_t codepoint;
203 } ssl_protocol_version_map[] = {
204 { .protocol = kTLSProtocol13, .codepoint = tls_protocol_version_TLSv13 },
205 { .protocol = kTLSProtocol12, .codepoint = tls_protocol_version_TLSv12 },
206 { .protocol = kTLSProtocol11, .codepoint = tls_protocol_version_TLSv11 },
207 { .protocol = kTLSProtocol1, .codepoint = tls_protocol_version_TLSv10 },
208 { .protocol = kDTLSProtocol12, .codepoint = tls_protocol_version_DTLSv12 },
209 { .protocol = kDTLSProtocol1, .codepoint = tls_protocol_version_DTLSv10 },
210 { .protocol = kSSLProtocol3, .codepoint = 0x0300 },
211 { .protocol = kSSLProtocol2, .codepoint = 0x0000 },
212 };
213 static size_t ssl_protocol_version_map_len = sizeof(ssl_protocol_version_map) / sizeof(ssl_protocol_version_map[0]);
214
215 uint16_t
216 SSLProtocolGetVersionCodepoint(SSLProtocol protocol_version)
217 {
218 for (size_t i = 0; i < ssl_protocol_version_map_len; i++) {
219 if (ssl_protocol_version_map[i].protocol == protocol_version) {
220 return ssl_protocol_version_map[i].codepoint;
221 }
222 }
223 return 0;
224 }
225
226 SSLProtocol
227 SSLProtocolFromVersionCodepoint(uint16_t protocol_version)
228 {
229 for (size_t i = 0; i < ssl_protocol_version_map_len; i++) {
230 if (ssl_protocol_version_map[i].codepoint == protocol_version) {
231 return ssl_protocol_version_map[i].protocol;
232 }
233 }
234 return kSSLProtocolUnknown;
235 }
236
237 SSLProtocol
238 SSLCiphersuiteMinimumTLSVersion(SSLCipherSuite ciphersuite)
239 {
240 tls_protocol_version_t version = sec_protocol_helper_ciphersuite_minimum_TLS_version((tls_ciphersuite_t)ciphersuite);
241 return SSLProtocolFromVersionCodepoint((uint16_t)version);
242 }
243
244 SSLProtocol
245 SSLCiphersuiteMaximumTLSVersion(SSLCipherSuite ciphersuite)
246 {
247 tls_protocol_version_t version = sec_protocol_helper_ciphersuite_maximum_TLS_version((tls_ciphersuite_t)ciphersuite);
248 return SSLProtocolFromVersionCodepoint((uint16_t)version);
249 }
250
251 const char *
252 SSLCiphersuiteGetName(SSLCipherSuite ciphersuite)
253 {
254 return sec_protocol_helper_get_ciphersuite_name((tls_ciphersuite_t)ciphersuite);
255 }
256
257 /*
258 * Convert an array of uint16_t
259 * to an array of SSLCipherSuites.
260 */
261 static OSStatus
262 cipherSuitesToCipherSuites(
263 size_t numCipherSuites,
264 const uint16_t *cipherSuites,
265 SSLCipherSuite *ciphers, /* RETURNED */
266 size_t *numCiphers) /* IN/OUT */
267 {
268 size_t i;
269 if(*numCiphers < numCipherSuites) {
270 return errSSLBufferOverflow;
271 }
272
273 /* NOTE: this is required to go from uint16_t to SSLCipherSuite
274 which is either 32 or 16 bits, depending on the platform */
275 for(i=0;i<numCipherSuites; i++) {
276 ciphers[i]=cipherSuites[i];
277 }
278 *numCiphers = numCipherSuites;
279 return errSecSuccess;
280 }
281
282 /***
283 *** Publically exported functions declared in SecureTransport.h
284 ***/
285
286 /*
287 * Determine number and values of all of the SSLCipherSuites we support.
288 * Caller allocates output buffer for SSLGetSupportedCiphers() and passes in
289 * its size in *numCiphers. If supplied buffer is too small, errSSLBufferOverflow
290 * will be returned.
291 */
292 OSStatus
293 SSLGetNumberSupportedCiphers (SSLContextRef ctx,
294 size_t *numCiphers)
295 {
296 if((ctx == NULL) || (numCiphers == NULL)) {
297 return errSecParam;
298 }
299 *numCiphers = STCipherSuiteCount;
300 return errSecSuccess;
301 }
302
303 OSStatus
304 SSLGetSupportedCiphers (SSLContextRef ctx,
305 SSLCipherSuite *ciphers, /* RETURNED */
306 size_t *numCiphers) /* IN/OUT */
307 {
308 if((ctx == NULL) || (ciphers == NULL) || (numCiphers == NULL)) {
309 return errSecParam;
310 }
311 return cipherSuitesToCipherSuites(STCipherSuiteCount,
312 STKnownCipherSuites,
313 ciphers,
314 numCiphers);
315 }
316
317 /*
318 * Specify a (typically) restricted set of SSLCipherSuites to be enabled by
319 * the current SSLContext. Can only be called when no session is active. Default
320 * set of enabled SSLCipherSuites is NOT the same as the complete set of supported
321 * SSLCipherSuites as obtained by SSLGetSupportedCiphers().
322 */
323 OSStatus
324 SSLSetEnabledCiphers (SSLContextRef ctx,
325 const SSLCipherSuite *ciphers,
326 size_t numCiphers)
327 {
328 uint16_t *cs;
329
330 if((ctx == NULL) || (ciphers == NULL) || (numCiphers == 0)) {
331 return errSecParam;
332 }
333
334 if(sslIsSessionActive(ctx)) {
335 /* can't do this with an active session */
336 return errSecBadReq;
337 }
338
339 int matchCount = 0;
340 for(int i=0; i<numCiphers; i++) {
341 for (int j=0; j < STCipherSuiteCount; j++) {
342 if (STKnownCipherSuites[j] == ciphers[i]) {
343 matchCount++;
344 break;
345 }
346 }
347 }
348
349 // If the caller specified no ciphersuites that we actually support, return an error code.
350 if (matchCount == 0) {
351 return errSecParam;
352 }
353
354 cs = (uint16_t *)sslMalloc(matchCount * sizeof(uint16_t));
355 if(cs == NULL) {
356 return errSecAllocate;
357 }
358
359 matchCount = 0;
360 for(int i=0; i<numCiphers; i++) {
361 for (int j=0; j < STCipherSuiteCount; j++) {
362 if (STKnownCipherSuites[j] == ciphers[i]) {
363 cs[matchCount++] = ciphers[i];
364 break;
365 }
366 }
367 }
368
369
370 OSStatus result = tls_handshake_set_ciphersuites(ctx->hdsk, cs, (unsigned) matchCount);
371
372 sslFree(cs);
373
374 return result;
375 }
376
377 /*
378 * Determine number and values of all of the SSLCipherSuites currently enabled.
379 * Caller allocates output buffer for SSLGetEnabledCiphers() and passes in
380 * its size in *numCiphers. If supplied buffer is too small, errSSLBufferOverflow
381 * will be returned.
382 */
383 OSStatus
384 SSLGetNumberEnabledCiphers (SSLContextRef ctx,
385 size_t *numCiphers)
386 {
387 if((ctx == NULL) || (numCiphers == NULL)) {
388 return errSecParam;
389 }
390
391 unsigned n;
392 const uint16_t *ciphersuites;
393 int err;
394
395 err = tls_handshake_get_ciphersuites(ctx->hdsk, &ciphersuites, &n);
396
397 if(err) {
398 return err;
399 } else {
400 *numCiphers = n;
401 return errSecSuccess;
402 }
403 }
404
405 OSStatus
406 SSLGetEnabledCiphers (SSLContextRef ctx,
407 SSLCipherSuite *ciphers, /* RETURNED */
408 size_t *numCiphers) /* IN/OUT */
409 {
410 if((ctx == NULL) || (ciphers == NULL) || (numCiphers == NULL)) {
411 return errSecParam;
412 }
413
414 unsigned n;
415 const uint16_t *ciphersuites;
416 int err;
417
418 err = tls_handshake_get_ciphersuites(ctx->hdsk, &ciphersuites, &n);
419
420 if(err) {
421 return err;
422 } else {
423 return cipherSuitesToCipherSuites(n,
424 ciphersuites,
425 ciphers,
426 numCiphers);
427 }
428 }
429
430 OSStatus
431 SSLSetSessionTicketsEnabled (SSLContextRef context,
432 Boolean enabled)
433 {
434 if (context == NULL) {
435 return errSecParam;
436 }
437
438 return tls_handshake_set_session_ticket_enabled(context->hdsk, enabled);
439 }
mirror of Security