Security-55471.tar.gz

[apple/security.git] / libsecurity_ssl / lib / tls_record.h

diff --git a/libsecurity_ssl/lib/tls_record.h b/libsecurity_ssl/lib/tls_record.h
new file mode 100644 (file)
index 0000000..eacd845
--- /dev/null
+++ b/libsecurity_ssl/lib/tls_record.h
@@ -0,0 +1,158 @@
+/*
+ * Copyright (c) 2002,2005-2007,2010-2011 Apple Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * tls_record.h - Declarations of record layer callout struct to provide indirect calls to
+ *     SSLv3 and TLS routines.
+ */
+
+#ifndef        _TLS_RECORD_H_
+#define _TLS_RECORD_H_
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+// #include "sslRecord.h"
+
+#include "sslTypes.h"
+#include "cryptType.h"
+#include "sslMemory.h"
+#include "SSLRecordInternal.h"
+
+struct SSLRecordInternalContext;
+
+/***
+ *** Each of {TLS, SSLv3} implements each of these functions.
+ ***/
+
+/* unpack, decrypt, validate one record */
+typedef int (*decryptRecordFcn) (
+       uint8_t type,
+       SSLBuffer *payload,
+       struct SSLRecordInternalContext *ctx);
+
+/* pack, encrypt, mac, queue one outgoing record */
+typedef int (*writeRecordFcn) (
+       SSLRecord rec,
+       struct SSLRecordInternalContext *ctx);
+
+/* initialize a per-CipherContext HashHmacContext for use in MACing each record */
+typedef int (*initMacFcn) (
+    CipherContext *cipherCtx           // macRef, macSecret valid on entry
+                                                                       // macCtx valid on return
+);
+
+/* free per-CipherContext HashHmacContext */
+typedef int (*freeMacFcn) (
+       CipherContext *cipherCtx);
+
+/* compute MAC on one record */
+typedef int (*computeMacFcn) (
+       uint8_t type,
+       SSLBuffer data,
+       SSLBuffer mac,                                  // caller mallocs data
+       CipherContext *cipherCtx,               // assumes macCtx, macRef
+       sslUint64 seqNo,
+       struct SSLRecordInternalContext *ctx);
+
+
+typedef struct _SslRecordCallouts {
+       decryptRecordFcn                        decryptRecord;
+       writeRecordFcn                          writeRecord;
+       initMacFcn                                      initMac;
+       freeMacFcn                                      freeMac;
+       computeMacFcn                           computeMac;
+} SslRecordCallouts;
+
+
+/* From ssl3RecordCallouts.c and tls1RecordCallouts.c */
+extern const SslRecordCallouts  Ssl3RecordCallouts;
+extern const SslRecordCallouts Tls1RecordCallouts;
+
+/* one callout routine used in common (for now) */
+int ssl3WriteRecord(
+       SSLRecord rec,
+       struct SSLRecordInternalContext *ctx);
+
+
+typedef struct WaitingRecord
+{   struct WaitingRecord    *next;
+    size_t                  sent;
+    /*
+     * These two fields replace a dynamically allocated SSLBuffer;
+     * the payload to write is contained in the variable-length
+     * array data[].
+     */
+    size_t                                     length;
+    uint8_t                                    data[1];
+} WaitingRecord;
+
+typedef struct {
+    const HashHmacReference     *macAlgorithm;
+    const SSLSymmetricCipher          *cipher;
+} SSLRecordCipherSpec;
+
+
+
+struct SSLRecordInternalContext
+{
+    /* I/O */
+    SSLIOReadFunc       read;
+    SSLIOWriteFunc      write;
+    SSLIOConnectionRef  ioRef;
+    
+    /* buffering */
+    SSLBuffer                  partialReadBuffer;
+    size_t              amountRead;
+    WaitingRecord       *recordWriteQueue;
+    
+    /* ciphers */
+    uint16_t            selectedCipher;                        /* currently selected */
+    SSLRecordCipherSpec selectedCipherSpec;     /* ditto */
+    CipherContext       readCipher;
+    CipherContext       writeCipher;
+    CipherContext       readPending;
+    CipherContext       writePending;
+    CipherContext       prevCipher;             /* previous write cipher context, used for retransmit */
+    
+    /* protocol */
+    bool                isDTLS;
+    SSLProtocolVersion  negProtocolVersion;    /* negotiated */
+    const SslRecordCallouts   *sslTslCalls;
+    
+};
+
+/* Function called from the ssl3/tls1 callouts */
+
+int SSLVerifyMac(
+                 uint8_t type,
+                 SSLBuffer *data,
+                 uint8_t *compareMAC,
+                 struct SSLRecordInternalContext *ctx);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif         /* _TLS_SSL_H_ */