-/*
- * Copyright (c) 2000-2001,2005-2007,2010-2012 Apple Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please obtain
- * a copy of the License at http://www.apple.com/publicsource and read it before
- * using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
- * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
- * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
- * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
- * specific language governing rights and limitations under the License.
- */
-
-/*
- * sslHandshake.h - SSL Handshake Layer
- */
-
-#ifndef _SSLHANDSHAKE_H_
-#define _SSLHANDSHAKE_H_
-
-#include "sslRecord.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-typedef enum
-{ SSL_HdskHelloRequest = 0,
- SSL_HdskClientHello = 1,
- SSL_HdskServerHello = 2,
-#if ENABLE_DTLS
- SSL_HdskHelloVerifyRequest = 3,
-#endif /* ENABLE_DTLS */
- SSL_HdskCert = 11,
- SSL_HdskServerKeyExchange = 12,
- SSL_HdskCertRequest = 13,
- SSL_HdskServerHelloDone = 14,
- SSL_HdskCertVerify = 15,
- SSL_HdskClientKeyExchange = 16,
- SSL_HdskFinished = 20
-} SSLHandshakeType;
-
-/* Hello Extensions per RFC 3546 */
-typedef enum
-{
- SSL_HE_ServerName = 0,
- SSL_HE_MaxFragmentLength = 1,
- SSL_HE_ClientCertificateURL = 2,
- SSL_HE_TrustedCAKeys = 3,
- SSL_HE_TruncatedHMAC = 4,
- SSL_HE_StatusReguest = 5,
-
- /* ECDSA, RFC 4492 */
- SSL_HE_EllipticCurves = 10,
- SSL_HE_EC_PointFormats = 11,
-
- /* TLS 1.2 */
- SSL_HE_SignatureAlgorithms = 13,
-
- /* RFC 5746 */
- SSL_HE_SecureRenegotation = 0xff01,
-
- /*
- * This one is suggested but not formally defined in
- * I.D.salowey-tls-ticket-07
- */
- SSL_HE_SessionTicket = 35
-} SSLHelloExtensionType;
-
-/* SSL_HE_ServerName NameType values */
-typedef enum
-{
- SSL_NT_HostName = 0
-} SSLServerNameType;
-
-/*
- * The number of curves we support
- */
-#define SSL_ECDSA_NUM_CURVES 3
-
-/* SSL_HE_EC_PointFormats - point formats */
-typedef enum
-{
- SSL_PointFormatUncompressed = 0,
- SSL_PointFormatCompressedPrime = 1,
- SSL_PointFormatCompressedChar2 = 2,
-} SSL_ECDSA_PointFormats;
-
-/* CurveTypes in a Server Key Exchange msg */
-typedef enum
-{
- SSL_CurveTypeExplicitPrime = 1,
- SSL_CurveTypeExplicitChar2 = 2,
- SSL_CurveTypeNamed = 3 /* the only one we support */
-} SSL_ECDSA_CurveTypes;
-
-typedef enum
-{ SSL_read,
- SSL_write
-} CipherSide;
-
-typedef enum
-{
- SSL_HdskStateUninit = 0, /* only valid within SSLContextAlloc */
- SSL_HdskStateServerUninit, /* no handshake yet */
- SSL_HdskStateClientUninit, /* no handshake yet */
- SSL_HdskStateGracefulClose,
- SSL_HdskStateErrorClose,
- SSL_HdskStateNoNotifyClose, /* server disconnected with no
- * notify msg */
- /* remainder must be consecutive */
- SSL_HdskStateServerHello, /* must get server hello; client hello sent */
- SSL_HdskStateKeyExchange, /* must get key exchange; cipher spec
- * requires it */
- SSL_HdskStateCert, /* may get certificate or certificate
- * request (if no cert request received yet) */
- SSL_HdskStateHelloDone, /* must get server hello done; after key
- * exchange or fixed DH parameters */
- SSL_HdskStateClientCert, /* must get certificate or no cert alert
- * from client */
- SSL_HdskStateClientKeyExchange, /* must get client key exchange */
- SSL_HdskStateClientCertVerify, /* must get certificate verify from client */
- SSL_HdskStateChangeCipherSpec, /* time to change the cipher spec */
- SSL_HdskStateFinished, /* must get a finished message in the
- * new cipher spec */
- SSL_HdskStateServerReady, /* ready for I/O; server side */
- SSL_HdskStateClientReady /* ready for I/O; client side */
-} SSLHandshakeState;
-
-typedef struct
-{ SSLHandshakeType type;
- SSLBuffer contents;
-} SSLHandshakeMsg;
-
-
-uint8_t *SSLEncodeHandshakeHeader(
- SSLContext *ctx,
- SSLRecord *rec,
- SSLHandshakeType type,
- size_t msglen);
-
-
-#define SSL_Finished_Sender_Server 0x53525652
-#define SSL_Finished_Sender_Client 0x434C4E54
-
-/** sslHandshake.c **/
-typedef OSStatus (*EncodeMessageFunc)(SSLRecord *rec, SSLContext *ctx);
-OSStatus SSLProcessHandshakeRecord(SSLRecord rec, SSLContext *ctx);
-OSStatus SSLPrepareAndQueueMessage(EncodeMessageFunc msgFunc, SSLContext *ctx);
-OSStatus SSLAdvanceHandshake(SSLHandshakeType processed, SSLContext *ctx);
-OSStatus SSL3ReceiveSSL2ClientHello(SSLRecord rec, SSLContext *ctx);
-OSStatus DTLSProcessHandshakeRecord(SSLRecord rec, SSLContext *ctx);
-OSStatus DTLSRetransmit(SSLContext *ctx);
-OSStatus SSLResetFlight(SSLContext *ctx);
-OSStatus SSLSendFlight(SSLContext *ctx);
-
-OSStatus sslGetMaxProtVersion(SSLContext *ctx, SSLProtocolVersion *version); // RETURNED
-
-#ifdef NDEBUG
-#define SSLChangeHdskState(ctx, newState) { ctx->state=newState; }
-#define SSLLogHdskMsg(msg, sent)
-#else
-void SSLChangeHdskState(SSLContext *ctx, SSLHandshakeState newState);
-void SSLLogHdskMsg(SSLHandshakeType msg, char sent);
-char *hdskStateToStr(SSLHandshakeState state);
-#endif
-
-/** sslChangeCipher.c **/
-OSStatus SSLEncodeChangeCipherSpec(SSLRecord *rec, SSLContext *ctx);
-OSStatus SSLProcessChangeCipherSpec(SSLRecord rec, SSLContext *ctx);
-
-/** sslCert.c **/
-OSStatus SSLEncodeCertificate(SSLRecord *certificate, SSLContext *ctx);
-OSStatus SSLProcessCertificate(SSLBuffer message, SSLContext *ctx);
-OSStatus SSLEncodeCertificateRequest(SSLRecord *request, SSLContext *ctx);
-OSStatus SSLProcessCertificateRequest(SSLBuffer message, SSLContext *ctx);
-OSStatus SSLEncodeCertificateVerify(SSLRecord *verify, SSLContext *ctx);
-OSStatus SSLProcessCertificateVerify(SSLBuffer message, SSLContext *ctx);
-
-/** sslHandshakeHello.c **/
-OSStatus SSLEncodeServerHello(SSLRecord *serverHello, SSLContext *ctx);
-OSStatus SSLProcessServerHello(SSLBuffer message, SSLContext *ctx);
-OSStatus SSLEncodeClientHello(SSLRecord *clientHello, SSLContext *ctx);
-OSStatus SSLProcessClientHello(SSLBuffer message, SSLContext *ctx);
-OSStatus SSLInitMessageHashes(SSLContext *ctx);
-OSStatus SSLEncodeRandom(unsigned char *p, SSLContext *ctx);
-#if ENABLE_DTLS
-OSStatus SSLEncodeServerHelloVerifyRequest(SSLRecord *helloVerifyRequest, SSLContext *ctx);
-OSStatus SSLProcessServerHelloVerifyRequest(SSLBuffer message, SSLContext *ctx);
-#endif
-
-/** sslKeyExchange.c **/
-OSStatus SSLEncodeServerKeyExchange(SSLRecord *keyExch, SSLContext *ctx);
-OSStatus SSLProcessServerKeyExchange(SSLBuffer message, SSLContext *ctx);
-OSStatus SSLEncodeKeyExchange(SSLRecord *keyExchange, SSLContext *ctx);
-OSStatus SSLProcessKeyExchange(SSLBuffer keyExchange, SSLContext *ctx);
-OSStatus SSLInitPendingCiphers(SSLContext *ctx);
-
-/** sslHandshakeFinish.c **/
-OSStatus SSLEncodeFinishedMessage(SSLRecord *finished, SSLContext *ctx);
-OSStatus SSLProcessFinished(SSLBuffer message, SSLContext *ctx);
-OSStatus SSLEncodeServerHelloDone(SSLRecord *helloDone, SSLContext *ctx);
-OSStatus SSLProcessServerHelloDone(SSLBuffer message, SSLContext *ctx);
-OSStatus SSLCalculateFinishedMessage(SSLBuffer finished, SSLBuffer shaMsgState, SSLBuffer md5MsgState, UInt32 senderID, SSLContext *ctx);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _SSLHANDSHAKE_H_ */
projects / apple / security.git / blobdiff