]> git.saurik.com Git - apple/security.git/blob - libsecurity_ssl/lib/sslHandshake.h
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-55163.44.tar.gz
[apple/security.git] / libsecurity_ssl / lib / sslHandshake.h
1 /*
2 * Copyright (c) 2000-2001,2005-2007,2010-2012 Apple Inc. All Rights Reserved.
3 *
4 * The contents of this file constitute Original Code as defined in and are
5 * subject to the Apple Public Source License Version 1.2 (the 'License').
6 * You may not use this file except in compliance with the License. Please obtain
7 * a copy of the License at http://www.apple.com/publicsource and read it before
8 * using this file.
9 *
10 * This Original Code and all software distributed under the License are
11 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
12 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
13 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
14 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
15 * specific language governing rights and limitations under the License.
16 */
17
18 /*
19 * sslHandshake.h - SSL Handshake Layer
20 */
21
22 #ifndef _SSLHANDSHAKE_H_
23 #define _SSLHANDSHAKE_H_
24
25 #include "cryptType.h"
26 #include "sslRecord.h"
27
28 #ifdef __cplusplus
29 extern "C" {
30 #endif
31
32 typedef enum
33 { SSL_HdskHelloRequest = 0,
34 SSL_HdskClientHello = 1,
35 SSL_HdskServerHello = 2,
36 #if ENABLE_DTLS
37 SSL_HdskHelloVerifyRequest = 3,
38 #endif /* ENABLE_DTLS */
39 SSL_HdskCert = 11,
40 SSL_HdskServerKeyExchange = 12,
41 SSL_HdskCertRequest = 13,
42 SSL_HdskServerHelloDone = 14,
43 SSL_HdskCertVerify = 15,
44 SSL_HdskClientKeyExchange = 16,
45 SSL_HdskFinished = 20
46 } SSLHandshakeType;
47
48 /* Hello Extensions per RFC 3546 */
49 typedef enum
50 {
51 SSL_HE_ServerName = 0,
52 SSL_HE_MaxFragmentLength = 1,
53 SSL_HE_ClientCertificateURL = 2,
54 SSL_HE_TrustedCAKeys = 3,
55 SSL_HE_TruncatedHMAC = 4,
56 SSL_HE_StatusReguest = 5,
57
58 /* ECDSA, RFC 4492 */
59 SSL_HE_EllipticCurves = 10,
60 SSL_HE_EC_PointFormats = 11,
61
62 /* TLS 1.2 */
63 SSL_HE_SignatureAlgorithms = 13,
64
65 /* RFC 5746 */
66 SSL_HE_SecureRenegotation = 0xff01,
67
68 /*
69 * This one is suggested but not formally defined in
70 * I.D.salowey-tls-ticket-07
71 */
72 SSL_HE_SessionTicket = 35
73 } SSLHelloExtensionType;
74
75 /* SSL_HE_ServerName NameType values */
76 typedef enum
77 {
78 SSL_NT_HostName = 0
79 } SSLServerNameType;
80
81 /*
82 * The number of curves we support
83 */
84 #define SSL_ECDSA_NUM_CURVES 3
85
86 /* SSL_HE_EC_PointFormats - point formats */
87 typedef enum
88 {
89 SSL_PointFormatUncompressed = 0,
90 SSL_PointFormatCompressedPrime = 1,
91 SSL_PointFormatCompressedChar2 = 2,
92 } SSL_ECDSA_PointFormats;
93
94 /* CurveTypes in a Server Key Exchange msg */
95 typedef enum
96 {
97 SSL_CurveTypeExplicitPrime = 1,
98 SSL_CurveTypeExplicitChar2 = 2,
99 SSL_CurveTypeNamed = 3 /* the only one we support */
100 } SSL_ECDSA_CurveTypes;
101
102 typedef enum
103 { SSL_read,
104 SSL_write
105 } CipherSide;
106
107 typedef enum
108 {
109 SSL_HdskStateUninit = 0, /* only valid within SSLContextAlloc */
110 SSL_HdskStateServerUninit, /* no handshake yet */
111 SSL_HdskStateClientUninit, /* no handshake yet */
112 SSL_HdskStateGracefulClose,
113 SSL_HdskStateErrorClose,
114 SSL_HdskStateNoNotifyClose, /* server disconnected with no
115 * notify msg */
116 /* remainder must be consecutive */
117 SSL_HdskStateServerHello, /* must get server hello; client hello sent */
118 SSL_HdskStateServerHelloUnknownVersion,
119 /* Could get SSL 2 or SSL 3 server hello back */
120 SSL_HdskStateKeyExchange, /* must get key exchange; cipher spec
121 * requires it */
122 SSL_HdskStateCert, /* may get certificate or certificate
123 * request (if no cert request received yet) */
124 SSL_HdskStateHelloDone, /* must get server hello done; after key
125 * exchange or fixed DH parameters */
126 SSL_HdskStateClientCert, /* must get certificate or no cert alert
127 * from client */
128 SSL_HdskStateClientKeyExchange, /* must get client key exchange */
129 SSL_HdskStateClientCertVerify, /* must get certificate verify from client */
130 SSL_HdskStateChangeCipherSpec, /* time to change the cipher spec */
131 SSL_HdskStateFinished, /* must get a finished message in the
132 * new cipher spec */
133 SSL2_HdskStateClientMasterKey,
134 SSL2_HdskStateClientFinished,
135 SSL2_HdskStateServerHello,
136 SSL2_HdskStateServerVerify,
137 SSL2_HdskStateServerFinished,
138 SSL_HdskStateServerReady, /* ready for I/O; server side */
139 SSL_HdskStateClientReady /* ready for I/O; client side */
140 } SSLHandshakeState;
141
142 typedef struct
143 { SSLHandshakeType type;
144 SSLBuffer contents;
145 } SSLHandshakeMsg;
146
147 #define SSL_Finished_Sender_Server 0x53525652
148 #define SSL_Finished_Sender_Client 0x434C4E54
149
150 /** sslHandshake.c **/
151 typedef OSStatus (*EncodeMessageFunc)(SSLRecord *rec, SSLContext *ctx);
152 OSStatus SSLProcessHandshakeRecord(SSLRecord rec, SSLContext *ctx);
153 OSStatus SSLPrepareAndQueueMessage(EncodeMessageFunc msgFunc, SSLContext *ctx);
154 OSStatus SSLAdvanceHandshake(SSLHandshakeType processed, SSLContext *ctx);
155 OSStatus SSL3ReceiveSSL2ClientHello(SSLRecord rec, SSLContext *ctx);
156 OSStatus DTLSProcessHandshakeRecord(SSLRecord rec, SSLContext *ctx);
157 OSStatus DTLSRetransmit(SSLContext *ctx);
158 OSStatus SSLResetFlight(SSLContext *ctx);
159 OSStatus SSLSendFlight(SSLContext *ctx);
160
161
162 /** sslChangeCipher.c **/
163 OSStatus SSLEncodeChangeCipherSpec(SSLRecord *rec, SSLContext *ctx);
164 OSStatus SSLProcessChangeCipherSpec(SSLRecord rec, SSLContext *ctx);
165 OSStatus SSLDisposeCipherSuite(CipherContext *cipher, SSLContext *ctx);
166
167 /** sslCert.c **/
168 OSStatus SSLEncodeCertificate(SSLRecord *certificate, SSLContext *ctx);
169 OSStatus SSLProcessCertificate(SSLBuffer message, SSLContext *ctx);
170 OSStatus SSLEncodeCertificateRequest(SSLRecord *request, SSLContext *ctx);
171 OSStatus SSLProcessCertificateRequest(SSLBuffer message, SSLContext *ctx);
172 OSStatus SSLEncodeCertificateVerify(SSLRecord *verify, SSLContext *ctx);
173 OSStatus SSLProcessCertificateVerify(SSLBuffer message, SSLContext *ctx);
174
175 /** sslHandshakeHello.c **/
176 OSStatus SSLEncodeServerHello(SSLRecord *serverHello, SSLContext *ctx);
177 OSStatus SSLProcessServerHello(SSLBuffer message, SSLContext *ctx);
178 OSStatus SSLEncodeClientHello(SSLRecord *clientHello, SSLContext *ctx);
179 OSStatus SSLProcessClientHello(SSLBuffer message, SSLContext *ctx);
180 OSStatus SSLInitMessageHashes(SSLContext *ctx);
181 OSStatus SSLEncodeRandom(unsigned char *p, SSLContext *ctx);
182 #if ENABLE_DTLS
183 OSStatus SSLEncodeServerHelloVerifyRequest(SSLRecord *helloVerifyRequest, SSLContext *ctx);
184 OSStatus SSLProcessServerHelloVerifyRequest(SSLBuffer message, SSLContext *ctx);
185 #endif
186
187 /** sslKeyExchange.c **/
188 OSStatus SSLEncodeServerKeyExchange(SSLRecord *keyExch, SSLContext *ctx);
189 OSStatus SSLProcessServerKeyExchange(SSLBuffer message, SSLContext *ctx);
190 OSStatus SSLEncodeKeyExchange(SSLRecord *keyExchange, SSLContext *ctx);
191 OSStatus SSLProcessKeyExchange(SSLBuffer keyExchange, SSLContext *ctx);
192 OSStatus SSLInitPendingCiphers(SSLContext *ctx);
193
194 /** sslHandshakeFinish.c **/
195 OSStatus SSLEncodeFinishedMessage(SSLRecord *finished, SSLContext *ctx);
196 OSStatus SSLProcessFinished(SSLBuffer message, SSLContext *ctx);
197 OSStatus SSLEncodeServerHelloDone(SSLRecord *helloDone, SSLContext *ctx);
198 OSStatus SSLProcessServerHelloDone(SSLBuffer message, SSLContext *ctx);
199 OSStatus SSLCalculateFinishedMessage(SSLBuffer finished, SSLBuffer shaMsgState, SSLBuffer md5MsgState, UInt32 senderID, SSLContext *ctx);
200
201 #ifdef __cplusplus
202 }
203 #endif
204
205 #endif /* _SSLHANDSHAKE_H_ */
mirror of Security