2 * Copyright (c) 1999-2001,2005-2014 Apple Inc. All Rights Reserved.
4 * @APPLE_LICENSE_HEADER_START@
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
21 * @APPLE_LICENSE_HEADER_END@
25 * sslContext.h - Private SSL typedefs: SSLContext and its components
28 #ifndef _SSLCONTEXT_H_
29 #define _SSLCONTEXT_H_ 1
31 #include "SecureTransport.h"
32 #include "sslBuildFlags.h"
34 #include <tls_handshake.h>
35 #include <tls_record.h>
36 #include <tls_stream_parser.h>
37 #include <tls_cache.h>
39 #ifdef USE_CDSA_CRYPTO
40 #include <Security/cssmtype.h>
43 #include <Security/SecDH.h>
44 #include <Security/SecKeyInternal.h>
46 #include "../sec/Security/SecDH.h" // hack to get SecDH.
47 // typedef struct OpaqueSecDHContext *SecDHContext;
49 #include <corecrypto/ccec.h>
52 #include <CoreFoundation/CFRuntime.h>
53 #include <AssertMacros.h>
56 #include "sslRecord.h"
57 #include "cipherSpecs.h"
59 #include <dispatch/dispatch.h>
68 SSLConnectionRef ioRef
;
71 //FIXME should not need this.
74 SSL_HdskStateUninit
= 0, /* No Handshake yet */
75 SSL_HdskStatePending
, /* Handshake in Progress */
76 SSL_HdskStateReady
, /* Handshake is done */
77 SSL_HdskStateGracefulClose
,
78 SSL_HdskStateErrorClose
,
79 SSL_HdskStateNoNotifyClose
, /* server disconnected with no
83 #define SSLChangeHdskState(ctx, newState) { ctx->state=newState; }
90 const struct SSLRecordFuncs
*recFuncs
;
91 SSLRecordContextRef recCtx
;
96 int writeCipher_ready
;
98 SSLHandshakeState state
;
101 * Prior to successful protocol negotiation, negProtocolVersion
102 * is SSL_Version_Undetermined. Subsequent to successful
103 * negotiation, negProtocolVersion contains the actual over-the-wire
106 * The Boolean versionEnable flags are set by
107 * SSLSetProtocolVersionEnabled or SSLSetProtocolVersion and
108 * remain invariant once negotiation has started. If there
109 * were a large number of these and/or we were adding new
110 * protocol versions on a regular basis, we'd probably want
111 * to implement these as a word of flags. For now, in the
112 * real world, this is the most straightforward implementation.
114 tls_protocol_version negProtocolVersion
; /* negotiated */
115 tls_protocol_version clientReqProtocol
; /* requested by client in hello msg */
116 tls_protocol_version minProtocolVersion
;
117 tls_protocol_version maxProtocolVersion
;
118 Boolean isDTLS
; /* if this is a Datagram Context */
119 SSLProtocolSide protocolSide
; /* ConnectionEnd enum { server, client } in rfc5246. */
121 SSLBuffer dtlsCookie
; /* DTLS ClientHello cookie */
124 uint16_t selectedCipher
; /* currently selected */
126 /* Server DH Parameters */
127 SSLBuffer dhParamsEncoded
; /* PKCS3 encoded blob - prime + generator */
130 * The arrays we are given via SSLSetCertificate() and SSLSetEncryptionCertificate().
131 * We keep them here, refcounted, solely for the associated getter.
133 CFArrayRef localCertArray
;
134 CFArrayRef encryptCertArray
;
136 /* peer certs as SecTrustRef */
137 SecTrustRef peerSecTrust
;
139 CFMutableArrayRef trustedCerts
;
140 Boolean trustedCertsOnly
;
142 #if !TARGET_OS_IPHONE
144 * trusted leaf certs as specified in SSLSetTrustedLeafCertificates()
146 CFArrayRef trustedLeafCerts
;
149 Boolean allowExpiredCerts
;
150 Boolean allowExpiredRoots
;
151 Boolean enableCertVerify
;
155 SSLBuffer resumableSession
; /* We keep a copy for now - but eventually this should go away if we get refcounted SSLBuffers */
157 uint16_t *ecdhCurves
;
158 unsigned ecdhNumCurves
;
160 /* server-side only */
161 SSLAuthenticate clientAuth
; /* kNeverAuthenticate, etc. */
163 /* client and server */
164 SSLClientCertificateState clientCertState
;
166 DNListElem
*acceptableDNList
; /* client and server */
167 CFMutableArrayRef acceptableCAs
; /* server only - SecCertificateRefs */
174 unsigned sessionMatch
;
177 /* Transport layer fields */
178 SSLBuffer receivedDataBuffer
;
179 size_t receivedDataPos
;
181 Boolean allowAnyRoot
; // don't require known roots
182 Boolean sentFatalAlert
; // this session terminated by fatal alert
183 Boolean rsaBlindingEnable
;
184 Boolean oneByteRecordEnable
; /* enable 1/n-1 data splitting for TLSv1 and SSLv3 */
186 /* optional session cache timeout (in seconds) override - 0 means default */
187 uint32_t sessionCacheTimeout
;
189 /* optional SessionTicket */
190 SSLBuffer sessionTicket
;
192 /* optional callback to obtain master secret, with its opaque arg */
193 SSLInternalMasterSecretFunction masterSecretCallback
;
194 const void *masterSecretArg
;
196 #if SSL_PAC_SERVER_ENABLE
197 /* server PAC resume sets serverRandom early to allow for secret acquisition */
198 uint8_t serverRandomValid
;
201 Boolean anonCipherEnable
;
203 /* optional switches to enable additional returns from SSLHandshake */
204 Boolean breakOnServerAuth
;
205 Boolean breakOnCertRequest
;
206 Boolean breakOnClientAuth
;
207 Boolean signalServerAuth
;
208 Boolean signalCertRequest
;
209 Boolean signalClientAuth
;
210 Boolean breakOnClientHello
;
212 /* List of peer-specified supported_signature_algorithms */
213 unsigned numPeerSigAlgs
;
214 const tls_signature_and_hash_algorithm
*peerSigAlgs
;
216 /* List of server-specified client auth types */
217 unsigned numAuthTypes
;
218 const tls_client_auth_type
*clientAuthTypes
;
220 /* Timeout for DTLS retransmit */
221 CFAbsoluteTime timeout_deadline
;
222 CFAbsoluteTime timeout_duration
;
225 /* RFC 5746: Secure renegotiation */
226 Boolean secure_renegotiation
;
227 Boolean secure_renegotiation_received
;
228 SSLBuffer ownVerifyData
;
229 SSLBuffer peerVerifyData
;
231 /* RFC 4279: TLS PSK */
232 SSLBuffer pskSharedSecret
;
233 SSLBuffer pskIdentity
;
235 /* TLS False Start */
236 Boolean falseStartEnabled
; //FalseStart enabled (by API call)
237 /* Fallback behavior */
238 Boolean fallbackEnabled
; // Fallback behavior enabled.
244 SSLALPNFunc alpnFunc
;
247 /* Enable DHE or not */
250 /* For early failure reporting */
251 bool serverHelloReceived
;
254 OSStatus
SSLUpdateNegotiatedClientAuthType(SSLContextRef ctx
);
256 Boolean
sslIsSessionActive(const SSLContext
*ctx
);
258 static inline bool sslVersionIsLikeTls12(SSLContext
*ctx
)
260 check(ctx
->negProtocolVersion
!=SSL_Version_Undetermined
);
261 return ctx
->isDTLS
? ctx
->negProtocolVersion
> DTLS_Version_1_0
: ctx
->negProtocolVersion
>= TLS_Version_1_2
;
264 /* This is implemented in tls_callbacks.c */
265 int sslGetSessionID(SSLContext
*myCtx
, SSLBuffer
*sessionID
);
271 #endif /* _SSLCONTEXT_H_ */