]> git.saurik.com Git - apple/security.git/blob - OSX/libsecurity_ssl/lib/sslCipherSpecs.c
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-57336.10.29.tar.gz
[apple/security.git] / OSX / libsecurity_ssl / lib / sslCipherSpecs.c
1 /*
2 * Copyright (c) 1999-2001,2005-2014 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 /*
25 * cipherSpecs.c - SSLCipherSpec declarations
26 */
27
28 #include "sslBuildFlags.h"
29 #include "sslContext.h"
30 #include "sslCipherSpecs.h"
31 #include "sslDebug.h"
32 #include "sslMemory.h"
33 #include "sslDebug.h"
34 #include "sslUtils.h"
35 #include "sslPriv.h"
36
37 #include <tls_handshake.h>
38
39 #include <string.h>
40 #include <assert.h>
41 #include <Security/SecBase.h>
42
43 #include <TargetConditionals.h>
44
45
46 /* SecureTransport needs it's own copy of KnownCipherSuites for now, there is a copy in coreTLS,
47 that is exported, but it actually should only included the "default" not the supported */
48
49 #define ENABLE_ECDH 1
50 #define ENABLE_AES_GCM 1
51 #define ENABLE_PSK 1
52
53 static const uint16_t STKnownCipherSuites[] = {
54 #if ENABLE_AES_GCM
55 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
56 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
57 #endif
58 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
59 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
60 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
61 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
62 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
63 #if ENABLE_AES_GCM
64 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
65 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
66 #endif
67 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
68 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
69 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
70 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
71 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
72 #if ENABLE_ECDH
73 #if ENABLE_AES_GCM
74 TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
75 TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
76 #endif
77 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
78 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
79 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
80 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
81 TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
82 #if ENABLE_AES_GCM
83 TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,
84 TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
85 #endif
86 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
87 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
88 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
89 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
90 TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
91 #endif
92
93 #if ENABLE_AES_GCM
94 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
95 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
96 #endif // ENABLE_AES_GCM
97 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
98 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
99 TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
100 TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
101 SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
102
103 #if ENABLE_AES_GCM
104 TLS_RSA_WITH_AES_256_GCM_SHA384,
105 TLS_RSA_WITH_AES_128_GCM_SHA256,
106 #endif
107 TLS_RSA_WITH_AES_256_CBC_SHA256,
108 TLS_RSA_WITH_AES_128_CBC_SHA256,
109 TLS_RSA_WITH_AES_256_CBC_SHA,
110 TLS_RSA_WITH_AES_128_CBC_SHA,
111 SSL_RSA_WITH_3DES_EDE_CBC_SHA,
112
113 #if ENABLE_RC4
114 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
115 TLS_ECDHE_RSA_WITH_RC4_128_SHA,
116 TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
117 TLS_ECDH_RSA_WITH_RC4_128_SHA,
118 SSL_RSA_WITH_RC4_128_SHA,
119 SSL_RSA_WITH_RC4_128_MD5,
120 #endif
121
122
123 /* Unsafe ciphersuites */
124
125 #if ENABLE_AES_GCM
126 TLS_DH_anon_WITH_AES_256_GCM_SHA384,
127 TLS_DH_anon_WITH_AES_128_GCM_SHA256,
128 #endif
129 TLS_DH_anon_WITH_AES_128_CBC_SHA256,
130 TLS_DH_anon_WITH_AES_256_CBC_SHA256,
131 TLS_DH_anon_WITH_AES_128_CBC_SHA,
132 TLS_DH_anon_WITH_AES_256_CBC_SHA,
133 SSL_DH_anon_WITH_RC4_128_MD5,
134 SSL_DH_anon_WITH_3DES_EDE_CBC_SHA,
135
136 TLS_ECDHE_ECDSA_WITH_NULL_SHA,
137 TLS_ECDHE_RSA_WITH_NULL_SHA,
138 #if ENABLE_ECDH
139 TLS_ECDH_ECDSA_WITH_NULL_SHA,
140 TLS_ECDH_RSA_WITH_NULL_SHA,
141 #endif
142
143 #if ENABLE_PSK
144 TLS_PSK_WITH_AES_256_CBC_SHA384,
145 TLS_PSK_WITH_AES_128_CBC_SHA256,
146 TLS_PSK_WITH_AES_256_CBC_SHA,
147 TLS_PSK_WITH_AES_128_CBC_SHA,
148 TLS_PSK_WITH_RC4_128_SHA,
149 TLS_PSK_WITH_3DES_EDE_CBC_SHA,
150 TLS_PSK_WITH_NULL_SHA384,
151 TLS_PSK_WITH_NULL_SHA256,
152 TLS_PSK_WITH_NULL_SHA,
153 #endif
154
155 TLS_RSA_WITH_NULL_SHA256,
156 SSL_RSA_WITH_NULL_SHA,
157 SSL_RSA_WITH_NULL_MD5
158
159 };
160
161 static const unsigned STCipherSuiteCount = sizeof(STKnownCipherSuites)/sizeof(STKnownCipherSuites[0]);
162
163 /*
164 * Build ctx->validCipherSpecs as a copy of KnownCipherSpecs, assuming that
165 * validCipherSpecs is currently not valid (i.e., SSLSetEnabledCiphers() has
166 * not been called).
167 */
168 OSStatus sslBuildCipherSuiteArray(SSLContext *ctx)
169 {
170 size_t size;
171 unsigned dex;
172
173 assert(ctx != NULL);
174 assert(ctx->validCipherSuites == NULL);
175
176 ctx->numValidCipherSuites = STCipherSuiteCount;
177 size = STCipherSuiteCount * sizeof(uint16_t);
178 ctx->validCipherSuites = (uint16_t *)sslMalloc(size);
179 if(ctx->validCipherSuites == NULL) {
180 ctx->numValidCipherSuites = 0;
181 return errSecAllocate;
182 }
183
184 /*
185 * Trim out inappropriate ciphers:
186 * -- trim anonymous ciphers if !ctx->anonCipherEnable
187 * -- trim ECDSA ciphers for server side if appropriate
188 * -- trim ECDSA ciphers if TLSv1 disable or SSLv2 enabled (since
189 * we MUST do the Client Hello extensions to make these ciphers
190 * work reliably)
191 * -- trim Stream ciphers if DTLSv1 enable
192 * -- trim CBC ciphers when doing SSLv3 fallback
193 */
194 uint16_t *dst = ctx->validCipherSuites;
195 const uint16_t *src = STKnownCipherSuites;
196
197 bool trimDHE = !ctx->dheEnabled;
198 bool trimECDHE = false;
199 const bool trimECDH = true;
200
201 if(ctx->maxProtocolVersion == SSL_Version_3_0) {
202 /* We trim ECDSA cipher suites if SSL2 is enabled or
203 The maximum allowed protocol is SSL3. Note that this
204 won't trim ECDSA cipherspecs for DTLS which should be
205 the right thing to do here. */
206 trimECDHE = true;
207 }
208
209 /* trim Stream Ciphers for DTLS */
210 bool trimRC4 = ctx->isDTLS;
211
212 /* trim CBC cipher when doing SSLv3 only fallback */
213 bool trimCBC = (ctx->protocolSide==kSSLClientSide)
214 && (ctx->maxProtocolVersion == SSL_Version_3_0)
215 && ctx->fallbackEnabled;
216
217 for(dex=0; dex<STCipherSuiteCount; dex++) {
218 KeyExchangeMethod kem = sslCipherSuiteGetKeyExchangeMethod(*src);
219 uint8_t keySize = sslCipherSuiteGetSymmetricCipherKeySize(*src);
220 HMAC_Algs mac = sslCipherSuiteGetMacAlgorithm(*src);
221 SSL_CipherAlgorithm cipher = sslCipherSuiteGetSymmetricCipherAlgorithm(*src);
222 /* Skip ciphers as appropriate */
223 switch(kem) {
224 case SSL_ECDHE_ECDSA:
225 case SSL_ECDHE_RSA:
226 if(trimECDHE) {
227 /* Skip this one */
228 ctx->numValidCipherSuites--;
229 src++;
230 continue;
231 }
232 else {
233 break;
234 }
235 case SSL_ECDH_ECDSA:
236 case SSL_ECDH_RSA:
237 case SSL_ECDH_anon:
238 if(trimECDH) {
239 /* Skip this one */
240 ctx->numValidCipherSuites--;
241 src++;
242 continue;
243 }
244 else {
245 break;
246 }
247 case SSL_DHE_RSA:
248 if(trimDHE) {
249 /* Skip this one */
250 ctx->numValidCipherSuites--;
251 src++;
252 continue;
253 }
254 default:
255 break;
256 }
257 if(!ctx->anonCipherEnable) {
258 /* trim out the anonymous (and null-auth-cipher) ciphers */
259 if(mac == HA_Null) {
260 /* skip this one */
261 ctx->numValidCipherSuites--;
262 src++;
263 continue;
264 }
265 switch(kem) {
266 case SSL_DH_anon:
267 case SSL_DH_anon_EXPORT:
268 case SSL_ECDH_anon:
269 /* skip this one */
270 ctx->numValidCipherSuites--;
271 src++;
272 continue;
273 default:
274 break;
275 }
276 }
277
278 /* This will skip the simple DES cipher suites, but not the NULL cipher ones */
279 if (keySize == 8)
280 {
281 /* skip this one */
282 ctx->numValidCipherSuites--;
283 src++;
284 continue;
285 }
286
287 /* Trim PSK ciphersuites, they need to be enabled explicitely */
288 if (kem==TLS_PSK) {
289 ctx->numValidCipherSuites--;
290 src++;
291 continue;
292 }
293
294 if (trimRC4 && (cipher==SSL_CipherAlgorithmRC4_128)) {
295 ctx->numValidCipherSuites--;
296 src++;
297 continue;
298 }
299
300 if(trimCBC) {
301 switch (cipher) {
302 case SSL_CipherAlgorithmAES_128_CBC:
303 case SSL_CipherAlgorithmAES_256_CBC:
304 case SSL_CipherAlgorithm3DES_CBC:
305 ctx->numValidCipherSuites--;
306 src++;
307 continue;
308 default:
309 break;
310 }
311 }
312
313 if(cipher==SSL_CipherAlgorithmNull) {
314 ctx->numValidCipherSuites--;
315 src++;
316 continue;
317 }
318
319 /* This one is good to go */
320 *dst++ = *src++;
321 }
322
323 tls_handshake_set_ciphersuites(ctx->hdsk, ctx->validCipherSuites, ctx->numValidCipherSuites);
324
325 return errSecSuccess;
326 }
327
328
329 /*
330 * Convert an array of uint16_t
331 * to an array of SSLCipherSuites.
332 */
333 static OSStatus
334 cipherSuitesToCipherSuites(
335 size_t numCipherSuites,
336 const uint16_t *cipherSuites,
337 SSLCipherSuite *ciphers, /* RETURNED */
338 size_t *numCiphers) /* IN/OUT */
339 {
340 size_t i;
341 if(*numCiphers < numCipherSuites) {
342 return errSSLBufferOverflow;
343 }
344
345 /* NOTE: this is required to go from uint16_t to SSLCipherSuite
346 which is either 32 or 16 bits, depending on the platform */
347 for(i=0;i<numCipherSuites; i++) {
348 ciphers[i]=cipherSuites[i];
349 }
350 *numCiphers = numCipherSuites;
351 return errSecSuccess;
352 }
353
354 /***
355 *** Publically exported functions declared in SecureTransport.h
356 ***/
357
358 /*
359 * Determine number and values of all of the SSLCipherSuites we support.
360 * Caller allocates output buffer for SSLGetSupportedCiphers() and passes in
361 * its size in *numCiphers. If supplied buffer is too small, errSSLBufferOverflow
362 * will be returned.
363 */
364 OSStatus
365 SSLGetNumberSupportedCiphers (SSLContextRef ctx,
366 size_t *numCiphers)
367 {
368 if((ctx == NULL) || (numCiphers == NULL)) {
369 return errSecParam;
370 }
371 *numCiphers = STCipherSuiteCount;
372 return errSecSuccess;
373 }
374
375 OSStatus
376 SSLGetSupportedCiphers (SSLContextRef ctx,
377 SSLCipherSuite *ciphers, /* RETURNED */
378 size_t *numCiphers) /* IN/OUT */
379 {
380 if((ctx == NULL) || (ciphers == NULL) || (numCiphers == NULL)) {
381 return errSecParam;
382 }
383 return cipherSuitesToCipherSuites(STCipherSuiteCount,
384 STKnownCipherSuites,
385 ciphers,
386 numCiphers);
387 }
388
389 /*
390 * Specify a (typically) restricted set of SSLCipherSuites to be enabled by
391 * the current SSLContext. Can only be called when no session is active. Default
392 * set of enabled SSLCipherSuites is NOT the same as the complete set of supported
393 * SSLCipherSuites as obtained by SSLGetSupportedCiphers().
394 */
395 OSStatus
396 SSLSetEnabledCiphers (SSLContextRef ctx,
397 const SSLCipherSuite *ciphers,
398 size_t numCiphers)
399 {
400 size_t size;
401 unsigned foundCiphers=0;
402 unsigned callerDex;
403 unsigned tableDex;
404
405 if((ctx == NULL) || (ciphers == NULL) || (numCiphers == 0)) {
406 return errSecParam;
407 }
408 if(sslIsSessionActive(ctx)) {
409 /* can't do this with an active session */
410 return errSecBadReq;
411 }
412 size = numCiphers * sizeof(uint16_t);
413 ctx->validCipherSuites = (uint16_t *)sslMalloc(size);
414 if(ctx->validCipherSuites == NULL) {
415 ctx->numValidCipherSuites = 0;
416 return errSecAllocate;
417 }
418
419 /*
420 * Run thru caller's specs, keep only the supported ones.
421 */
422 for(callerDex=0; callerDex<numCiphers; callerDex++) {
423 /* find matching CipherSpec in our known table */
424 for(tableDex=0; tableDex<STCipherSuiteCount; tableDex++) {
425 if(ciphers[callerDex] == STKnownCipherSuites[tableDex]) {
426 ctx->validCipherSuites[foundCiphers] = STKnownCipherSuites[tableDex];
427 foundCiphers++;
428 break;
429 }
430 }
431 }
432
433 if(foundCiphers==0) {
434 /* caller specified only unsupported ciphersuites */
435 sslFree(ctx->validCipherSuites);
436 ctx->validCipherSuites = NULL;
437 return errSSLBadCipherSuite;
438 }
439
440 /* success */
441 ctx->numValidCipherSuites = foundCiphers;
442
443 tls_handshake_set_ciphersuites(ctx->hdsk, ctx->validCipherSuites, ctx->numValidCipherSuites);
444
445 return errSecSuccess;
446 }
447
448 /*
449 * Determine number and values of all of the SSLCipherSuites currently enabled.
450 * Caller allocates output buffer for SSLGetEnabledCiphers() and passes in
451 * its size in *numCiphers. If supplied buffer is too small, errSSLBufferOverflow
452 * will be returned.
453 */
454 OSStatus
455 SSLGetNumberEnabledCiphers (SSLContextRef ctx,
456 size_t *numCiphers)
457 {
458 if((ctx == NULL) || (numCiphers == NULL)) {
459 return errSecParam;
460 }
461
462 unsigned n;
463 const uint16_t *ciphersuites;
464 int err;
465
466 err = tls_handshake_get_ciphersuites(ctx->hdsk, &ciphersuites, &n);
467
468 if(err) {
469 return err;
470 } else {
471 *numCiphers = n;
472 return errSecSuccess;
473 }
474 }
475
476 OSStatus
477 SSLGetEnabledCiphers (SSLContextRef ctx,
478 SSLCipherSuite *ciphers, /* RETURNED */
479 size_t *numCiphers) /* IN/OUT */
480 {
481 if((ctx == NULL) || (ciphers == NULL) || (numCiphers == NULL)) {
482 return errSecParam;
483 }
484
485 unsigned n;
486 const uint16_t *ciphersuites;
487 int err;
488
489 err = tls_handshake_get_ciphersuites(ctx->hdsk, &ciphersuites, &n);
490
491 return cipherSuitesToCipherSuites(n,
492 ciphersuites,
493 ciphers,
494 numCiphers);
495
496 }
mirror of Security