X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/5dd5f9ec28f304ca377c42fd7f711d6cf12b90e1..5c19dc3ae3bd8e40a9c028b0deddd50ff337692c:/Security/libsecurity_ssl/lib/sslHandshake.h diff --git a/Security/libsecurity_ssl/lib/sslHandshake.h b/Security/libsecurity_ssl/lib/sslHandshake.h deleted file mode 100644 index dd296557..00000000 --- a/Security/libsecurity_ssl/lib/sslHandshake.h +++ /dev/null @@ -1,223 +0,0 @@ -/* - * Copyright (c) 2000-2001,2005-2007,2010-2013 Apple Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - -/* - * sslHandshake.h - SSL Handshake Layer - */ - -#ifndef _SSLHANDSHAKE_H_ -#define _SSLHANDSHAKE_H_ - -#include "sslRecord.h" - -#ifdef __cplusplus -extern "C" { -#endif - -typedef enum -{ SSL_HdskHelloRequest = 0, - SSL_HdskClientHello = 1, - SSL_HdskServerHello = 2, -#if ENABLE_DTLS - SSL_HdskHelloVerifyRequest = 3, -#endif /* ENABLE_DTLS */ - SSL_HdskCert = 11, - SSL_HdskServerKeyExchange = 12, - SSL_HdskCertRequest = 13, - SSL_HdskServerHelloDone = 14, - SSL_HdskCertVerify = 15, - SSL_HdskClientKeyExchange = 16, - SSL_HdskFinished = 20, - SSL_HdskNPNEncryptedExtension = 67 -} SSLHandshakeType; - -/* Hello Extensions per RFC 3546 */ -typedef enum -{ - SSL_HE_ServerName = 0, - SSL_HE_MaxFragmentLength = 1, - SSL_HE_ClientCertificateURL = 2, - SSL_HE_TrustedCAKeys = 3, - SSL_HE_TruncatedHMAC = 4, - SSL_HE_StatusReguest = 5, - - /* ECDSA, RFC 4492 */ - SSL_HE_EllipticCurves = 10, - SSL_HE_EC_PointFormats = 11, - - /* TLS 1.2 */ - SSL_HE_SignatureAlgorithms = 13, - - /* RFC 5746 */ - SSL_HE_SecureRenegotation = 0xff01, - - /* - * This one is suggested but not formally defined in - * I.D.salowey-tls-ticket-07 - */ - SSL_HE_SessionTicket = 35, - - /* - * NPN support for SPDY - * WARNING: This is NOT an extension registered with the IANA - */ - SSL_HE_NPN = 13172 -} SSLHelloExtensionType; - -/* SSL_HE_ServerName NameType values */ -typedef enum -{ - SSL_NT_HostName = 0 -} SSLServerNameType; - -/* - * The number of curves we support - */ -#define SSL_ECDSA_NUM_CURVES 3 - -/* SSL_HE_EC_PointFormats - point formats */ -typedef enum -{ - SSL_PointFormatUncompressed = 0, - SSL_PointFormatCompressedPrime = 1, - SSL_PointFormatCompressedChar2 = 2, -} SSL_ECDSA_PointFormats; - -/* CurveTypes in a Server Key Exchange msg */ -typedef enum -{ - SSL_CurveTypeExplicitPrime = 1, - SSL_CurveTypeExplicitChar2 = 2, - SSL_CurveTypeNamed = 3 /* the only one we support */ -} SSL_ECDSA_CurveTypes; - -typedef enum -{ SSL_read, - SSL_write -} CipherSide; - -typedef enum -{ - SSL_HdskStateUninit = 0, /* only valid within SSLContextAlloc */ - SSL_HdskStateServerUninit, /* no handshake yet */ - SSL_HdskStateClientUninit, /* no handshake yet */ - SSL_HdskStateGracefulClose, - SSL_HdskStateErrorClose, - SSL_HdskStateNoNotifyClose, /* server disconnected with no - * notify msg */ - /* remainder must be consecutive */ - SSL_HdskStateServerHello, /* must get server hello; client hello sent */ - SSL_HdskStateKeyExchange, /* must get key exchange; cipher spec - * requires it */ - SSL_HdskStateCert, /* may get certificate or certificate - * request (if no cert request received yet) */ - SSL_HdskStateHelloDone, /* must get server hello done; after key - * exchange or fixed DH parameters */ - SSL_HdskStateClientCert, /* must get certificate or no cert alert - * from client */ - SSL_HdskStateClientKeyExchange, /* must get client key exchange */ - SSL_HdskStateClientCertVerify, /* must get certificate verify from client */ - SSL_HdskStateChangeCipherSpec, /* time to change the cipher spec */ - SSL_HdskStateFinished, /* must get a finished message in the - * new cipher spec */ - SSL_HdskStateServerReady, /* ready for I/O; server side */ - SSL_HdskStateClientReady /* ready for I/O; client side */ -} SSLHandshakeState; - -typedef struct -{ SSLHandshakeType type; - SSLBuffer contents; -} SSLHandshakeMsg; - - -uint8_t *SSLEncodeHandshakeHeader( - SSLContext *ctx, - SSLRecord *rec, - SSLHandshakeType type, - size_t msglen); - - -#define SSL_Finished_Sender_Server 0x53525652 -#define SSL_Finished_Sender_Client 0x434C4E54 - -/** sslHandshake.c **/ -typedef OSStatus (*EncodeMessageFunc)(SSLRecord *rec, SSLContext *ctx); -OSStatus SSLProcessHandshakeRecord(SSLRecord rec, SSLContext *ctx); -OSStatus SSLPrepareAndQueueMessage(EncodeMessageFunc msgFunc, SSLContext *ctx); -OSStatus SSLAdvanceHandshake(SSLHandshakeType processed, SSLContext *ctx); -OSStatus SSL3ReceiveSSL2ClientHello(SSLRecord rec, SSLContext *ctx); -OSStatus DTLSProcessHandshakeRecord(SSLRecord rec, SSLContext *ctx); -OSStatus DTLSRetransmit(SSLContext *ctx); -OSStatus SSLResetFlight(SSLContext *ctx); -OSStatus SSLSendFlight(SSLContext *ctx); - -OSStatus sslGetMaxProtVersion(SSLContext *ctx, SSLProtocolVersion *version); // RETURNED - -#ifdef NDEBUG -#define SSLChangeHdskState(ctx, newState) { ctx->state=newState; } -#define SSLLogHdskMsg(msg, sent) -#else -void SSLChangeHdskState(SSLContext *ctx, SSLHandshakeState newState); -void SSLLogHdskMsg(SSLHandshakeType msg, char sent); -char *hdskStateToStr(SSLHandshakeState state); -#endif - -/** sslChangeCipher.c **/ -OSStatus SSLEncodeChangeCipherSpec(SSLRecord *rec, SSLContext *ctx); -OSStatus SSLProcessChangeCipherSpec(SSLRecord rec, SSLContext *ctx); - -/** sslCert.c **/ -OSStatus SSLEncodeCertificate(SSLRecord *certificate, SSLContext *ctx); -OSStatus SSLProcessCertificate(SSLBuffer message, SSLContext *ctx); -OSStatus SSLEncodeCertificateRequest(SSLRecord *request, SSLContext *ctx); -OSStatus SSLProcessCertificateRequest(SSLBuffer message, SSLContext *ctx); -OSStatus SSLEncodeCertificateVerify(SSLRecord *verify, SSLContext *ctx); -OSStatus SSLProcessCertificateVerify(SSLBuffer message, SSLContext *ctx); - -/** sslHandshakeHello.c **/ -OSStatus SSLEncodeServerHello(SSLRecord *serverHello, SSLContext *ctx); -OSStatus SSLProcessServerHello(SSLBuffer message, SSLContext *ctx); -OSStatus SSLEncodeClientHello(SSLRecord *clientHello, SSLContext *ctx); -OSStatus SSLProcessClientHello(SSLBuffer message, SSLContext *ctx); -OSStatus SSLInitMessageHashes(SSLContext *ctx); -OSStatus SSLEncodeRandom(unsigned char *p, SSLContext *ctx); -#if ENABLE_DTLS -OSStatus SSLEncodeServerHelloVerifyRequest(SSLRecord *helloVerifyRequest, SSLContext *ctx); -OSStatus SSLProcessServerHelloVerifyRequest(SSLBuffer message, SSLContext *ctx); -#endif - -/** sslKeyExchange.c **/ -OSStatus SSLEncodeServerKeyExchange(SSLRecord *keyExch, SSLContext *ctx); -OSStatus SSLProcessServerKeyExchange(SSLBuffer message, SSLContext *ctx); -OSStatus SSLEncodeKeyExchange(SSLRecord *keyExchange, SSLContext *ctx); -OSStatus SSLProcessKeyExchange(SSLBuffer keyExchange, SSLContext *ctx); -OSStatus SSLInitPendingCiphers(SSLContext *ctx); - -/** sslHandshakeFinish.c **/ -OSStatus SSLEncodeFinishedMessage(SSLRecord *finished, SSLContext *ctx); -OSStatus SSLProcessFinished(SSLBuffer message, SSLContext *ctx); -OSStatus SSLEncodeServerHelloDone(SSLRecord *helloDone, SSLContext *ctx); -OSStatus SSLProcessServerHelloDone(SSLBuffer message, SSLContext *ctx); -OSStatus SSLCalculateFinishedMessage(SSLBuffer finished, SSLBuffer shaMsgState, SSLBuffer md5MsgState, UInt32 senderID, SSLContext *ctx); -OSStatus SSLEncodeNPNEncryptedExtensionMessage(SSLRecord *rec, SSLContext *ctx); -OSStatus SSLProcessEncryptedExtension(SSLBuffer message, SSLContext *ctx); - -#ifdef __cplusplus -} -#endif - -#endif /* _SSLHANDSHAKE_H_ */