]> git.saurik.com Git - apple/security.git/blob - OSX/libsecurity_ssl/lib/sslCipherSpecs.c
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-59306.11.20.tar.gz
[apple/security.git] / OSX / libsecurity_ssl / lib / sslCipherSpecs.c
1 /*
2 * Copyright (c) 1999-2001,2005-2014 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 /*
25 * cipherSpecs.c - SSLCipherSpec declarations
26 */
27
28 #include "sslBuildFlags.h"
29 #include "sslContext.h"
30 #include "sslCipherSpecs.h"
31 #include "sslDebug.h"
32 #include "sslMemory.h"
33 #include "sslDebug.h"
34 #include "sslPriv.h"
35
36 #include <tls_handshake.h>
37
38 #include <string.h>
39 #include <assert.h>
40 #include <Security/SecBase.h>
41 #include <Security/SecureTransportPriv.h>
42
43 #include "SecProtocolInternal.h"
44
45 #include <TargetConditionals.h>
46
47
48 /* SecureTransport needs it's own copy of KnownCipherSuites for now, there is a copy in coreTLS,
49 that is exported, but it actually should only included the "default" not the supported */
50
51 #define ENABLE_ECDH 1
52 #define ENABLE_AES_GCM 1
53 #define ENABLE_PSK 1
54 #define ENABLE_CHACHA20_POLY1305 1
55 #define ENABLE_AES_CCM 0
56
57
58 static const uint16_t STKnownCipherSuites[] = {
59 #if ENABLE_AES_GCM
60 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
61 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
62 #endif
63 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
64 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
65 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
66 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
67 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
68 #if ENABLE_AES_GCM
69 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
70 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
71 #endif
72 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
73 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
74 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
75 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
76 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
77 #if ENABLE_ECDH
78 #if ENABLE_AES_GCM
79 TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
80 TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
81 #endif
82 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
83 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
84 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
85 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
86 TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
87 #if ENABLE_AES_GCM
88 TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,
89 TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
90 #endif
91 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
92 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
93 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
94 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
95 TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
96 #endif
97
98 #if ENABLE_AES_GCM
99 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
100 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
101 #endif // ENABLE_AES_GCM
102 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
103 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
104 TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
105 TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
106 SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
107
108 #if ENABLE_AES_GCM
109 TLS_RSA_WITH_AES_256_GCM_SHA384,
110 TLS_RSA_WITH_AES_128_GCM_SHA256,
111 #endif
112 TLS_RSA_WITH_AES_256_CBC_SHA256,
113 TLS_RSA_WITH_AES_128_CBC_SHA256,
114 TLS_RSA_WITH_AES_256_CBC_SHA,
115 TLS_RSA_WITH_AES_128_CBC_SHA,
116 SSL_RSA_WITH_3DES_EDE_CBC_SHA,
117
118 /* TLS 1.3 ciphersuites */
119 #if ENABLE_AES_GCM
120 TLS_AES_128_GCM_SHA256,
121 TLS_AES_256_GCM_SHA384,
122 #endif
123 #if ENABLE_CHACHA20_POLY1305
124 TLS_CHACHA20_POLY1305_SHA256,
125 #endif
126 #if ENABLE_AES_CCM
127 TLS_AES_128_CCM_SHA256,
128 TLS_AES_128_CCM_8_SHA256,
129 #endif
130
131 /* Unsafe ciphersuites */
132
133 #if ENABLE_AES_GCM
134 TLS_DH_anon_WITH_AES_256_GCM_SHA384,
135 TLS_DH_anon_WITH_AES_128_GCM_SHA256,
136 #endif
137 TLS_DH_anon_WITH_AES_128_CBC_SHA256,
138 TLS_DH_anon_WITH_AES_256_CBC_SHA256,
139 TLS_DH_anon_WITH_AES_128_CBC_SHA,
140 TLS_DH_anon_WITH_AES_256_CBC_SHA,
141 SSL_DH_anon_WITH_3DES_EDE_CBC_SHA,
142
143 TLS_ECDHE_ECDSA_WITH_NULL_SHA,
144 TLS_ECDHE_RSA_WITH_NULL_SHA,
145 #if ENABLE_ECDH
146 TLS_ECDH_ECDSA_WITH_NULL_SHA,
147 TLS_ECDH_RSA_WITH_NULL_SHA,
148 #endif
149
150 #if ENABLE_PSK
151 TLS_PSK_WITH_AES_256_CBC_SHA384,
152 TLS_PSK_WITH_AES_128_CBC_SHA256,
153 TLS_PSK_WITH_AES_256_CBC_SHA,
154 TLS_PSK_WITH_AES_128_CBC_SHA,
155 TLS_PSK_WITH_3DES_EDE_CBC_SHA,
156 TLS_PSK_WITH_NULL_SHA384,
157 TLS_PSK_WITH_NULL_SHA256,
158 TLS_PSK_WITH_NULL_SHA,
159 #endif
160
161 TLS_RSA_WITH_NULL_SHA256,
162 SSL_RSA_WITH_NULL_SHA,
163 SSL_RSA_WITH_NULL_MD5
164 };
165
166 static const unsigned STCipherSuiteCount = sizeof(STKnownCipherSuites)/sizeof(STKnownCipherSuites[0]);
167
168 static tls_ciphersuite_group_t
169 _SSLCiphersuteGroupToTLSCiphersuiteGroup(SSLCiphersuiteGroup group)
170 {
171 switch (group) {
172 case kSSLCiphersuiteGroupDefault:
173 return tls_ciphersuite_group_default;
174 case kSSLCiphersuiteGroupCompatibility:
175 return tls_ciphersuite_group_compatibility;
176 case kSSLCiphersuiteGroupLegacy:
177 return tls_ciphersuite_group_legacy;
178 case kSSLCiphersuiteGroupATS:
179 return tls_ciphersuite_group_ats;
180 case kSSLCiphersuiteGroupATSCompatibility:
181 return tls_ciphersuite_group_ats_compatibility;
182 }
183 return tls_ciphersuite_group_default;
184 }
185
186 const SSLCipherSuite *
187 SSLCiphersuiteGroupToCiphersuiteList(SSLCiphersuiteGroup group, size_t *listSize)
188 {
189 tls_ciphersuite_group_t tls_group = _SSLCiphersuteGroupToTLSCiphersuiteGroup(group);
190 const tls_ciphersuite_t *list = sec_protocol_helper_ciphersuite_group_to_ciphersuite_list(tls_group, listSize);
191 return (const SSLCipherSuite *)list;
192 }
193
194 bool
195 SSLCiphersuiteGroupContainsCiphersuite(SSLCiphersuiteGroup group, SSLCipherSuite suite)
196 {
197 tls_ciphersuite_group_t tls_group = _SSLCiphersuteGroupToTLSCiphersuiteGroup(group);
198 return sec_protocol_helper_ciphersuite_group_contains_ciphersuite(tls_group, (tls_ciphersuite_t)suite);
199 }
200
201 static struct ssl_protocol_version_map_entry {
202 SSLProtocol protocol;
203 uint16_t codepoint;
204 } ssl_protocol_version_map[] = {
205 { .protocol = kTLSProtocol13, .codepoint = tls_protocol_version_TLSv13 },
206 { .protocol = kTLSProtocol12, .codepoint = tls_protocol_version_TLSv12 },
207 { .protocol = kTLSProtocol11, .codepoint = tls_protocol_version_TLSv11 },
208 { .protocol = kTLSProtocol1, .codepoint = tls_protocol_version_TLSv10 },
209 { .protocol = kDTLSProtocol12, .codepoint = tls_protocol_version_DTLSv12 },
210 { .protocol = kDTLSProtocol1, .codepoint = tls_protocol_version_DTLSv10 },
211 { .protocol = kSSLProtocol3, .codepoint = 0x0300 },
212 { .protocol = kSSLProtocol2, .codepoint = 0x0000 },
213 };
214 static size_t ssl_protocol_version_map_len = sizeof(ssl_protocol_version_map) / sizeof(ssl_protocol_version_map[0]);
215
216 uint16_t
217 SSLProtocolGetVersionCodepoint(SSLProtocol protocol_version)
218 {
219 for (size_t i = 0; i < ssl_protocol_version_map_len; i++) {
220 if (ssl_protocol_version_map[i].protocol == protocol_version) {
221 return ssl_protocol_version_map[i].codepoint;
222 }
223 }
224 return 0;
225 }
226
227 SSLProtocol
228 SSLProtocolFromVersionCodepoint(uint16_t protocol_version)
229 {
230 for (size_t i = 0; i < ssl_protocol_version_map_len; i++) {
231 if (ssl_protocol_version_map[i].codepoint == protocol_version) {
232 return ssl_protocol_version_map[i].protocol;
233 }
234 }
235 return kSSLProtocolUnknown;
236 }
237
238 SSLProtocol
239 SSLCiphersuiteMinimumTLSVersion(SSLCipherSuite ciphersuite)
240 {
241 tls_protocol_version_t version = sec_protocol_helper_ciphersuite_minimum_TLS_version((tls_ciphersuite_t)ciphersuite);
242 return SSLProtocolFromVersionCodepoint((uint16_t)version);
243 }
244
245 SSLProtocol
246 SSLCiphersuiteMaximumTLSVersion(SSLCipherSuite ciphersuite)
247 {
248 tls_protocol_version_t version = sec_protocol_helper_ciphersuite_maximum_TLS_version((tls_ciphersuite_t)ciphersuite);
249 return SSLProtocolFromVersionCodepoint((uint16_t)version);
250 }
251
252 const char *
253 SSLCiphersuiteGetName(SSLCipherSuite ciphersuite)
254 {
255 return sec_protocol_helper_get_ciphersuite_name((tls_ciphersuite_t)ciphersuite);
256 }
257
258 /*
259 * Convert an array of uint16_t
260 * to an array of SSLCipherSuites.
261 */
262 static OSStatus
263 cipherSuitesToCipherSuites(
264 size_t numCipherSuites,
265 const uint16_t *cipherSuites,
266 SSLCipherSuite *ciphers, /* RETURNED */
267 size_t *numCiphers) /* IN/OUT */
268 {
269 size_t i;
270 if(*numCiphers < numCipherSuites) {
271 return errSSLBufferOverflow;
272 }
273
274 /* NOTE: this is required to go from uint16_t to SSLCipherSuite
275 which is either 32 or 16 bits, depending on the platform */
276 for(i=0;i<numCipherSuites; i++) {
277 ciphers[i]=cipherSuites[i];
278 }
279 *numCiphers = numCipherSuites;
280 return errSecSuccess;
281 }
282
283 /***
284 *** Publically exported functions declared in SecureTransport.h
285 ***/
286
287 /*
288 * Determine number and values of all of the SSLCipherSuites we support.
289 * Caller allocates output buffer for SSLGetSupportedCiphers() and passes in
290 * its size in *numCiphers. If supplied buffer is too small, errSSLBufferOverflow
291 * will be returned.
292 */
293 OSStatus
294 SSLGetNumberSupportedCiphers (SSLContextRef ctx,
295 size_t *numCiphers)
296 {
297 if((ctx == NULL) || (numCiphers == NULL)) {
298 return errSecParam;
299 }
300 *numCiphers = STCipherSuiteCount;
301 return errSecSuccess;
302 }
303
304 OSStatus
305 SSLGetSupportedCiphers (SSLContextRef ctx,
306 SSLCipherSuite *ciphers, /* RETURNED */
307 size_t *numCiphers) /* IN/OUT */
308 {
309 if((ctx == NULL) || (ciphers == NULL) || (numCiphers == NULL)) {
310 return errSecParam;
311 }
312 return cipherSuitesToCipherSuites(STCipherSuiteCount,
313 STKnownCipherSuites,
314 ciphers,
315 numCiphers);
316 }
317
318 /*
319 * Specify a (typically) restricted set of SSLCipherSuites to be enabled by
320 * the current SSLContext. Can only be called when no session is active. Default
321 * set of enabled SSLCipherSuites is NOT the same as the complete set of supported
322 * SSLCipherSuites as obtained by SSLGetSupportedCiphers().
323 */
324 OSStatus
325 SSLSetEnabledCiphers (SSLContextRef ctx,
326 const SSLCipherSuite *ciphers,
327 size_t numCiphers)
328 {
329 uint16_t *cs;
330
331 if((ctx == NULL) || (ciphers == NULL) || (numCiphers == 0)) {
332 return errSecParam;
333 }
334
335 if(sslIsSessionActive(ctx)) {
336 /* can't do this with an active session */
337 return errSecBadReq;
338 }
339
340 int matchCount = 0;
341 for(int i=0; i<numCiphers; i++) {
342 for (int j=0; j < STCipherSuiteCount; j++) {
343 if (STKnownCipherSuites[j] == ciphers[i]) {
344 matchCount++;
345 break;
346 }
347 }
348 }
349
350 // If the caller specified no ciphersuites that we actually support, return an error code.
351 if (matchCount == 0) {
352 return errSecParam;
353 }
354
355 cs = (uint16_t *)sslMalloc(matchCount * sizeof(uint16_t));
356 if(cs == NULL) {
357 return errSecAllocate;
358 }
359
360 matchCount = 0;
361 for(int i=0; i<numCiphers; i++) {
362 for (int j=0; j < STCipherSuiteCount; j++) {
363 if (STKnownCipherSuites[j] == ciphers[i]) {
364 cs[matchCount++] = ciphers[i];
365 break;
366 }
367 }
368 }
369
370
371 OSStatus result = tls_handshake_set_ciphersuites(ctx->hdsk, cs, (unsigned) matchCount);
372
373 sslFree(cs);
374
375 return result;
376 }
377
378 /*
379 * Determine number and values of all of the SSLCipherSuites currently enabled.
380 * Caller allocates output buffer for SSLGetEnabledCiphers() and passes in
381 * its size in *numCiphers. If supplied buffer is too small, errSSLBufferOverflow
382 * will be returned.
383 */
384 OSStatus
385 SSLGetNumberEnabledCiphers (SSLContextRef ctx,
386 size_t *numCiphers)
387 {
388 if((ctx == NULL) || (numCiphers == NULL)) {
389 return errSecParam;
390 }
391
392 unsigned n;
393 const uint16_t *ciphersuites;
394 int err;
395
396 err = tls_handshake_get_ciphersuites(ctx->hdsk, &ciphersuites, &n);
397
398 if(err) {
399 return err;
400 } else {
401 *numCiphers = n;
402 return errSecSuccess;
403 }
404 }
405
406 OSStatus
407 SSLGetEnabledCiphers (SSLContextRef ctx,
408 SSLCipherSuite *ciphers, /* RETURNED */
409 size_t *numCiphers) /* IN/OUT */
410 {
411 if((ctx == NULL) || (ciphers == NULL) || (numCiphers == NULL)) {
412 return errSecParam;
413 }
414
415 unsigned n;
416 const uint16_t *ciphersuites;
417 int err;
418
419 err = tls_handshake_get_ciphersuites(ctx->hdsk, &ciphersuites, &n);
420
421 if(err) {
422 return err;
423 } else {
424 return cipherSuitesToCipherSuites(n,
425 ciphersuites,
426 ciphers,
427 numCiphers);
428 }
429 }
430
431 OSStatus
432 SSLSetSessionTicketsEnabled (SSLContextRef context,
433 Boolean enabled)
434 {
435 if (context == NULL) {
436 return errSecParam;
437 }
438
439 return tls_handshake_set_session_ticket_enabled(context->hdsk, enabled);
440 }
mirror of Security