Security/libsecurity_ssl/lib/sslHandshake.h

   1 /*
   2  * Copyright (c) 2000-2001,2005-2007,2010-2013 Apple Inc. All Rights Reserved.
   3  *
   4  * The contents of this file constitute Original Code as defined in and are
   5  * subject to the Apple Public Source License Version 1.2 (the 'License').
   6  * You may not use this file except in compliance with the License. Please obtain
   7  * a copy of the License at http://www.apple.com/publicsource and read it before
   8  * using this file.
   9  *
  10  * This Original Code and all software distributed under the License are
  11  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
  12  * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
  13  * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
  14  * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
  15  * specific language governing rights and limitations under the License.
  16  */
  17
  18 /*
  19  * sslHandshake.h - SSL Handshake Layer
  20  */
  21
  22 #ifndef _SSLHANDSHAKE_H_
  23 #define _SSLHANDSHAKE_H_
  24
  25 #include "sslRecord.h"
  26
  27 #ifdef __cplusplus
  28 extern "C" {
  29 #endif
  30
  31 typedef enum
  32 {   SSL_HdskHelloRequest = 0,
  33     SSL_HdskClientHello = 1,
  34     SSL_HdskServerHello = 2,
  35 #if ENABLE_DTLS
  36     SSL_HdskHelloVerifyRequest = 3,
  37 #endif /* ENABLE_DTLS */
  38     SSL_HdskCert = 11,
  39     SSL_HdskServerKeyExchange = 12,
  40     SSL_HdskCertRequest = 13,
  41     SSL_HdskServerHelloDone = 14,
  42     SSL_HdskCertVerify = 15,
  43     SSL_HdskClientKeyExchange = 16,
  44     SSL_HdskFinished = 20,
  45     SSL_HdskNPNEncryptedExtension = 67
  46 } SSLHandshakeType;
  47
  48 /* Hello Extensions per RFC 3546 */
  49 typedef enum
  50 {
  51         SSL_HE_ServerName = 0,
  52         SSL_HE_MaxFragmentLength = 1,
  53         SSL_HE_ClientCertificateURL = 2,
  54         SSL_HE_TrustedCAKeys = 3,
  55         SSL_HE_TruncatedHMAC = 4,
  56         SSL_HE_StatusReguest = 5,
  57
  58         /* ECDSA, RFC 4492 */
  59         SSL_HE_EllipticCurves  = 10,
  60         SSL_HE_EC_PointFormats = 11,
  61
  62     /* TLS 1.2 */
  63     SSL_HE_SignatureAlgorithms = 13,
  64
  65     /* RFC 5746 */
  66     SSL_HE_SecureRenegotation = 0xff01,
  67
  68         /*
  69          * This one is suggested but not formally defined in
  70          * I.D.salowey-tls-ticket-07
  71          */
  72         SSL_HE_SessionTicket = 35,
  73
  74     /*
  75      * NPN support for SPDY
  76      * WARNING: This is NOT an extension registered with the IANA
  77      */
  78     SSL_HE_NPN = 13172
  79 } SSLHelloExtensionType;
  80
  81 /* SSL_HE_ServerName NameType values */
  82 typedef enum
  83 {
  84         SSL_NT_HostName = 0
  85 } SSLServerNameType;
  86
  87 /*
  88  * The number of curves we support
  89  */
  90 #define SSL_ECDSA_NUM_CURVES    3
  91
  92 /* SSL_HE_EC_PointFormats - point formats */
  93 typedef enum
  94 {
  95         SSL_PointFormatUncompressed = 0,
  96         SSL_PointFormatCompressedPrime = 1,
  97         SSL_PointFormatCompressedChar2 = 2,
  98 } SSL_ECDSA_PointFormats;
  99
 100 /* CurveTypes in a Server Key Exchange msg */
 101 typedef enum
 102 {
 103         SSL_CurveTypeExplicitPrime = 1,
 104         SSL_CurveTypeExplicitChar2 = 2,
 105         SSL_CurveTypeNamed         = 3          /* the only one we support */
 106 } SSL_ECDSA_CurveTypes;
 107
 108 typedef enum
 109 {   SSL_read,
 110     SSL_write
 111 } CipherSide;
 112
 113 typedef enum
 114 {
 115         SSL_HdskStateUninit = 0,                        /* only valid within SSLContextAlloc */
 116         SSL_HdskStateServerUninit,                      /* no handshake yet */
 117         SSL_HdskStateClientUninit,                      /* no handshake yet */
 118         SSL_HdskStateGracefulClose,
 119     SSL_HdskStateErrorClose,
 120         SSL_HdskStateNoNotifyClose,                     /* server disconnected with no
 121                                                                                  *   notify msg */
 122     /* remainder must be consecutive */
 123     SSL_HdskStateServerHello,           /* must get server hello; client hello sent */
 124     SSL_HdskStateKeyExchange,           /* must get key exchange; cipher spec
 125                                                                                  *   requires it */
 126     SSL_HdskStateCert,                  /* may get certificate or certificate
 127                                                                                  *   request (if no cert request received yet) */
 128     SSL_HdskStateHelloDone,             /* must get server hello done; after key
 129                                                                                  *   exchange or fixed DH parameters */
 130     SSL_HdskStateClientCert,            /* must get certificate or no cert alert
 131                                                                                  *   from client */
 132     SSL_HdskStateClientKeyExchange,     /* must get client key exchange */
 133     SSL_HdskStateClientCertVerify,      /* must get certificate verify from client */
 134     SSL_HdskStateChangeCipherSpec,      /* time to change the cipher spec */
 135     SSL_HdskStateFinished,              /* must get a finished message in the
 136                                                                                  *   new cipher spec */
 137     SSL_HdskStateServerReady,          /* ready for I/O; server side */
 138     SSL_HdskStateClientReady           /* ready for I/O; client side */
 139 } SSLHandshakeState;
 140
 141 typedef struct
 142 {   SSLHandshakeType    type;
 143     SSLBuffer           contents;
 144 } SSLHandshakeMsg;
 145
 146
 147 uint8_t *SSLEncodeHandshakeHeader(
 148     SSLContext *ctx,
 149     SSLRecord *rec,
 150     SSLHandshakeType type,
 151     size_t msglen);
 152
 153
 154 #define SSL_Finished_Sender_Server  0x53525652
 155 #define SSL_Finished_Sender_Client  0x434C4E54
 156
 157 /** sslHandshake.c **/
 158 typedef OSStatus (*EncodeMessageFunc)(SSLRecord *rec, SSLContext *ctx);
 159 OSStatus SSLProcessHandshakeRecord(SSLRecord rec, SSLContext *ctx);
 160 OSStatus SSLPrepareAndQueueMessage(EncodeMessageFunc msgFunc, SSLContext *ctx);
 161 OSStatus SSLAdvanceHandshake(SSLHandshakeType processed, SSLContext *ctx);
 162 OSStatus SSL3ReceiveSSL2ClientHello(SSLRecord rec, SSLContext *ctx);
 163 OSStatus DTLSProcessHandshakeRecord(SSLRecord rec, SSLContext *ctx);
 164 OSStatus DTLSRetransmit(SSLContext *ctx);
 165 OSStatus SSLResetFlight(SSLContext *ctx);
 166 OSStatus SSLSendFlight(SSLContext *ctx);
 167
 168 OSStatus sslGetMaxProtVersion(SSLContext *ctx, SSLProtocolVersion       *version);      // RETURNED
 169
 170 #ifdef  NDEBUG
 171 #define SSLChangeHdskState(ctx, newState) { ctx->state=newState; }
 172 #define SSLLogHdskMsg(msg, sent)
 173 #else
 174 void SSLChangeHdskState(SSLContext *ctx, SSLHandshakeState newState);
 175 void SSLLogHdskMsg(SSLHandshakeType msg, char sent);
 176 char *hdskStateToStr(SSLHandshakeState state);
 177 #endif
 178
 179 /** sslChangeCipher.c **/
 180 OSStatus SSLEncodeChangeCipherSpec(SSLRecord *rec, SSLContext *ctx);
 181 OSStatus SSLProcessChangeCipherSpec(SSLRecord rec, SSLContext *ctx);
 182
 183 /** sslCert.c **/
 184 OSStatus SSLEncodeCertificate(SSLRecord *certificate, SSLContext *ctx);
 185 OSStatus SSLProcessCertificate(SSLBuffer message, SSLContext *ctx);
 186 OSStatus SSLEncodeCertificateRequest(SSLRecord *request, SSLContext *ctx);
 187 OSStatus SSLProcessCertificateRequest(SSLBuffer message, SSLContext *ctx);
 188 OSStatus SSLEncodeCertificateVerify(SSLRecord *verify, SSLContext *ctx);
 189 OSStatus SSLProcessCertificateVerify(SSLBuffer message, SSLContext *ctx);
 190
 191 /** sslHandshakeHello.c **/
 192 OSStatus SSLEncodeServerHello(SSLRecord *serverHello, SSLContext *ctx);
 193 OSStatus SSLProcessServerHello(SSLBuffer message, SSLContext *ctx);
 194 OSStatus SSLEncodeClientHello(SSLRecord *clientHello, SSLContext *ctx);
 195 OSStatus SSLProcessClientHello(SSLBuffer message, SSLContext *ctx);
 196 OSStatus SSLInitMessageHashes(SSLContext *ctx);
 197 OSStatus SSLEncodeRandom(unsigned char *p, SSLContext *ctx);
 198 #if ENABLE_DTLS
 199 OSStatus SSLEncodeServerHelloVerifyRequest(SSLRecord *helloVerifyRequest, SSLContext *ctx);
 200 OSStatus SSLProcessServerHelloVerifyRequest(SSLBuffer message, SSLContext *ctx);
 201 #endif
 202
 203 /** sslKeyExchange.c **/
 204 OSStatus SSLEncodeServerKeyExchange(SSLRecord *keyExch, SSLContext *ctx);
 205 OSStatus SSLProcessServerKeyExchange(SSLBuffer message, SSLContext *ctx);
 206 OSStatus SSLEncodeKeyExchange(SSLRecord *keyExchange, SSLContext *ctx);
 207 OSStatus SSLProcessKeyExchange(SSLBuffer keyExchange, SSLContext *ctx);
 208 OSStatus SSLInitPendingCiphers(SSLContext *ctx);
 209
 210 /** sslHandshakeFinish.c **/
 211 OSStatus SSLEncodeFinishedMessage(SSLRecord *finished, SSLContext *ctx);
 212 OSStatus SSLProcessFinished(SSLBuffer message, SSLContext *ctx);
 213 OSStatus SSLEncodeServerHelloDone(SSLRecord *helloDone, SSLContext *ctx);
 214 OSStatus SSLProcessServerHelloDone(SSLBuffer message, SSLContext *ctx);
 215 OSStatus SSLCalculateFinishedMessage(SSLBuffer finished, SSLBuffer shaMsgState, SSLBuffer md5MsgState, UInt32 senderID, SSLContext *ctx);
 216 OSStatus SSLEncodeNPNEncryptedExtensionMessage(SSLRecord *rec, SSLContext *ctx);
 217 OSStatus SSLProcessEncryptedExtension(SSLBuffer message, SSLContext *ctx);
 218
 219 #ifdef __cplusplus
 220 }
 221 #endif
 222
 223 #endif /* _SSLHANDSHAKE_H_ */