]> git.saurik.com Git - apple/security.git/blob - SecureTransport/privateInc/sslctx.h
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-30.1.tar.gz
[apple/security.git] / SecureTransport / privateInc / sslctx.h
1 /*
2 * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
3 *
4 * The contents of this file constitute Original Code as defined in and are
5 * subject to the Apple Public Source License Version 1.2 (the 'License').
6 * You may not use this file except in compliance with the License. Please obtain
7 * a copy of the License at http://www.apple.com/publicsource and read it before
8 * using this file.
9 *
10 * This Original Code and all software distributed under the License are
11 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
12 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
13 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
14 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
15 * specific language governing rights and limitations under the License.
16 */
17
18
19 /*
20 File: sslctx.h
21
22 Contains: Private SSL typedefs: SSLContext and its components
23
24 Written by: Doug Mitchell, based on Netscape SSLRef 3.0
25
26 Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved.
27
28 */
29
30 /* *********************************************************************
31 File: sslctx.h
32
33 SSLRef 3.0 Final -- 11/19/96
34
35 Copyright (c)1996 by Netscape Communications Corp.
36
37 By retrieving this software you are bound by the licensing terms
38 disclosed in the file "LICENSE.txt". Please read it, and if you don't
39 accept the terms, delete this software.
40
41 SSLRef 3.0 was developed by Netscape Communications Corp. of Mountain
42 View, California <http://home.netscape.com/> and Consensus Development
43 Corporation of Berkeley, California <http://www.consensus.com/>.
44
45 *********************************************************************
46
47 File: sslctx.h Internal state of an SSL connection
48
49 Contains the SSLContext structure which encapsulates the state of the
50 connection at any time. Whenever SSLREF might have to return (mostly
51 when I/O is done), this structure must completely represent the
52 connection state
53
54 ****************************************************************** */
55
56 #ifndef _SSLCTX_H_
57 #define _SSLCTX_H_ 1
58
59 #include <Security/SecureTransport.h>
60 #include "sslBuildFlags.h"
61
62 #ifdef _APPLE_CDSA_
63
64 #include <Security/cssmtype.h>
65
66 #if ST_KEYCHAIN_ENABLE
67 #include <Keychain.h>
68 #endif /* ST_KEYCHAIN_ENABLE */
69
70 #endif /* _APPLE_CDSA_ */
71
72 #ifndef _APPLE_CDSA_
73 #include "sslalloc.h"
74 #endif
75
76 #include "sslerrs.h"
77 #include "sslPriv.h"
78
79
80 /*
81 * These were originally in ssl.h; they're not exposed as client-specified
82 * functions here.
83 */
84 #ifndef _APPLE_CDSA_
85 typedef SSLErr (*SSLRandomFunc) (
86 SSLBuffer data,
87 void *randomRef);
88 typedef SSLErr (*SSLTimeFunc) (
89 UInt32 *time,
90 void *timeRef);
91 typedef SSLErr (*SSLConvertTimeFunc) (
92 UInt32 *time,
93 void *timeRef);
94 typedef SSLErr (*SSLAddSessionFunc) (
95 SSLBuffer sessionKey,
96 SSLBuffer sessionData,
97 void *sessionRef);
98 typedef SSLErr (*SSLGetSessionFunc) (
99 SSLBuffer sessionKey,
100 SSLBuffer *sessionData,
101 void *sessionRef);
102 typedef SSLErr (*SSLDeleteSessionFunc) (
103 SSLBuffer sessionKey,
104 void *sessionRef);
105 typedef SSLErr (*SSLCheckCertificateFunc) (
106 int certCount,
107 SSLBuffer *derCerts,
108 void *checkCertificateRef);
109 #endif /* _APPLE_CDSA_ */
110
111 typedef struct
112 { SSLReadFunc read;
113 SSLWriteFunc write;
114 SSLConnectionRef ioRef;
115 } IOContext;
116
117 struct SystemContext
118 {
119 /* FIXME - this probably goes away; we keep it as a struct due
120 * to its pervasive use in calls to SSLAllocBuffer. We have to
121 * have *an* element in it for compiler reasons.
122 */
123 #ifdef _APPLE_CDSA_
124 int foo;
125 #else
126 SSLAllocFunc alloc;
127 SSLFreeFunc free;
128 SSLReallocFunc realloc;
129 void *allocRef;
130 SSLTimeFunc time;
131 SSLConvertTimeFunc convertTime;
132 void *timeRef;
133 SSLRandomFunc random;
134 void *randomRef;
135 #endif /* _APPLE_CDSA_ */
136 };
137
138 typedef struct SystemContext SystemContext;
139
140 typedef struct
141 {
142 #ifndef _APPLE_CDSA_
143 /* these functions are hard-coded */
144 SSLAddSessionFunc addSession;
145 SSLGetSessionFunc getSession;
146 SSLDeleteSessionFunc deleteSession;
147 #endif
148 void *sessionRef;
149 } SessionContext;
150
151 #ifndef _APPLE_CDSA_
152 /* not used, cert functions via CDSA */
153 typedef struct
154 { SSLCheckCertificateFunc checkCertFunc;
155 void *checkCertRef;
156 } CertificateContext;
157 #endif
158
159 /*
160 * A carryover from original SSLRef 3.0 - we'll store the DER-encoded
161 * certs in an SSLCertificate this way for now; there's a lot of code
162 * which munges these lists.
163 */
164 typedef struct SSLCertificate
165 {
166 struct SSLCertificate *next;
167 SSLBuffer derCert;
168 #ifndef _APPLE_CDSA_
169 /* but not decoded...we never do that! */
170 X509Cert cert;
171 #endif /* _APPLE_CDSA_ */
172 } SSLCertificate;
173
174 #include "cryptType.h"
175
176 struct CipherContext
177 { const HashReference *hash;
178 const SSLSymmetricCipher *symCipher;
179
180 #ifdef _APPLE_CDSA_
181
182 /*
183 * symKey is obtained from the CSP at cspHand. Normally this
184 * cspHand is the same as ctx->cspHand; some day they might differ.
185 * Code which deals with this struct doesn't ever have to
186 * attach or detach from cspHand - that's taken care of at the
187 * SSLContext level.
188 */
189 CSSM_KEY_PTR symKey;
190 CSSM_CSP_HANDLE cspHand;
191 CSSM_CC_HANDLE ccHand;
192
193 /* needed in CDSASymmInit */
194 uint8 encrypting;
195
196 #else
197 void *symCipherState;
198 #endif /* _APPLE_CDSA_*/
199 sslUint64 sequenceNum;
200 uint8 ready;
201 #ifdef __APPLE__
202 /* in SSL2 mode, the macSecret is the same size as the
203 * cipher key - which is 24 bytes in the 3DDES case. */
204 uint8 macSecret[MAX_SYMKEY_SIZE];
205 #else
206 uint8 macSecret[MAX_DIGEST_SIZE];
207 #endif /* __APPLE__ */
208 };
209 /* typedef in cryptType.h */
210
211 #include "sslhdshk.h"
212
213 typedef struct WaitingRecord
214 { struct WaitingRecord *next;
215 SSLBuffer data;
216 uint32 sent;
217 } WaitingRecord;
218
219 typedef struct DNListElem
220 { struct DNListElem *next;
221 SSLBuffer derDN;
222 } DNListElem;
223
224 struct SSLContext
225 {
226 /*
227 * For _APPLE_CDSA_, SystemContext is empty; we'll leave it in for now
228 * 'cause it gets passed around so often for SSLAllocBuffer().
229 */
230 SystemContext sysCtx;
231 IOContext ioCtx;
232 SessionContext sessionCtx;
233 #ifndef _APPLE_CDSA_
234 CertificateContext certCtx;
235 #endif
236
237 SSLProtocolVersion reqProtocolVersion; /* requested by app */
238 SSLProtocolVersion negProtocolVersion; /* negotiated */
239 SSLProtocolSide protocolSide;
240
241 #ifdef _APPLE_CDSA_
242
243 /* crypto state in CDSA-centric terms */
244
245 CSSM_KEY_PTR signingPrivKey; /* our private signing key */
246 CSSM_KEY_PTR signingPubKey; /* our public signing key */
247 CSSM_CSP_HANDLE signingKeyCsp; /* associated DL/CSP */
248 #if ST_KEYCHAIN_ENABLE
249 KCItemRef signingKeyRef; /* for signingPrivKey */
250 #endif
251
252 /* this stuff should probably be #if ST_SERVER_MODE_ENABLE.... */
253 CSSM_KEY_PTR encryptPrivKey; /* our private encrypt key, for
254 * server-initiated key exchange */
255 CSSM_KEY_PTR encryptPubKey; /* public version of above */
256 CSSM_CSP_HANDLE encryptKeyCsp;
257 #if ST_KEYCHAIN_ENABLE
258 /* but we'll just do this so we can compile it */
259 KCItemRef encryptKeyRef; /* for encryptPrivKey */
260 #endif /* ST_KEYCHAIN_ENABLE */
261
262 CSSM_KEY_PTR peerPubKey;
263 CSSM_CSP_HANDLE peerPubKeyCsp; /* may not be needed, we figure this
264 * one out by trial&error, right? */
265
266 /*
267 * Various cert chains stored in an SSLRef-centric way for now
268 * (see comments above re: SSLCertificate).
269 * For all three, the root is the first in the chain.
270 */
271 SSLCertificate *localCert;
272 SSLCertificate *encryptCert;
273 SSLCertificate *peerCert;
274
275 /*
276 * trusted root certs; specific to this implementation, we'll store
277 * them conveniently...these will be used as AnchorCerts in a TP
278 * call.
279 */
280 UInt32 numTrustedCerts;
281 CSSM_DATA_PTR trustedCerts;
282
283 /*
284 * Keychain to which newly encountered root certs are attempted
285 * to be added. AccessCreds untyped for now.
286 */
287 #if ST_KEYCHAIN_ENABLE
288 KCRef newRootCertKc;
289 void *accessCreds;
290 #endif /* ST_KEYCHAIN_ENABLE */
291
292 /* for symmetric cipher and RNG */
293 CSSM_CSP_HANDLE cspHand;
294
295 /* session-wide handles for Apple TP, CL */
296 CSSM_TP_HANDLE tpHand;
297 CSSM_CL_HANDLE clHand;
298
299 /* FIXME - how will we represent this? */
300 void *dhAnonParams;
301 void *peerDHParams;
302
303 /* context and allocator for CF */
304 CFAllocatorRef cfAllocatorRef;
305 CFAllocatorContext lCFAllocatorContext;
306
307 Boolean allowExpiredCerts;
308
309 #else
310 /* from SSLRef 3.0 */
311 SSLRSAPrivateKey localKey;
312 SSLRSAPrivateKey exportKey;
313 SSLCertificate *localCert;
314 SSLCertificate *peerCert;
315 SSLRSAPublicKey peerKey;
316 SSLDHParams dhAnonParams;
317 SSLDHParams peerDHParams;
318 #endif _APPLE_CDSA_
319
320 SSLBuffer sessionID;
321
322 SSLBuffer dhPeerPublic;
323 SSLBuffer dhExchangePublic;
324 SSLBuffer dhPrivate;
325
326 SSLBuffer peerID;
327 SSLBuffer resumableSession;
328
329 CipherContext readCipher;
330 CipherContext writeCipher;
331 CipherContext readPending;
332 CipherContext writePending;
333
334 uint16 selectedCipher; /* currently selected */
335 const SSLCipherSpec *selectedCipherSpec; /* ditto */
336 SSLCipherSpec *validCipherSpecs; /* context's valid specs */
337 unsigned numValidCipherSpecs; /* size of validCipherSpecs */
338 SSLHandshakeState state;
339
340 #ifdef _APPLE_CDSA_
341 #if ST_SERVER_MODE_ENABLE
342 SSLAuthenticate clientAuth; /* kNeverAuthenticate, etc. */
343 Boolean tryClientAuth;
344 #endif /* ST_SERVER_MODE_ENABLE */
345 #else
346 int requestClientCert;
347 #endif
348 int certRequested;
349 int certSent;
350 int certReceived;
351 int x509Requested;
352 DNListElem *acceptableDNList;
353
354 uint8 clientRandom[32];
355 uint8 serverRandom[32];
356 SSLBuffer preMasterSecret;
357 uint8 masterSecret[48];
358
359 SSLBuffer shaState, md5State;
360
361 SSLBuffer fragmentedMessageCache;
362
363 int ssl2ChallengeLength;
364 int ssl2ConnectionIDLength;
365 int ssl2SessionMatch;
366
367 /* Record layer fields */
368 SSLBuffer partialReadBuffer;
369 uint32 amountRead;
370
371 /* Transport layer fields */
372 WaitingRecord *recordWriteQueue;
373 SSLBuffer receivedDataBuffer;
374 uint32 receivedDataPos;
375
376 #ifdef _APPLE_CDSA_
377 Boolean allowAnyRoot; // don't require known roots
378 #if SSL_DEBUG
379 char *rootCertName; // if non-null, write root cert here
380 #endif /* SSL_DEBUG */
381 #endif /* _APPLE_CDSA_ */
382
383 };
384
385 #endif /* _SSLCTX_H_ */
mirror of Security