X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/72a12576750f52947eb043106ba5c12c0d07decf..b1ab9ed8d0e0f1c3b66d7daa8fd5564444c56195:/libsecurity_ssl/lib/sslContext.h diff --git a/libsecurity_ssl/lib/sslContext.h b/libsecurity_ssl/lib/sslContext.h new file mode 100644 index 00000000..45d1175a --- /dev/null +++ b/libsecurity_ssl/lib/sslContext.h @@ -0,0 +1,441 @@ +/* + * Copyright (c) 1999-2001,2005-2012 Apple Inc. All Rights Reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_LICENSE_HEADER_END@ + */ + +/* + * sslContext.h - Private SSL typedefs: SSLContext and its components + */ + +#ifndef _SSLCONTEXT_H_ +#define _SSLCONTEXT_H_ 1 + +#include "ssl.h" +#include "SecureTransport.h" +#include "sslBuildFlags.h" + +#ifdef USE_CDSA_CRYPTO +#include +#else +#if TARGET_OS_IOS +#include +#include +#else +typedef struct OpaqueSecDHContext *SecDHContext; +#endif +#include +#endif + +#include +#include + +#include "sslPriv.h" +#include "tls_ssl.h" +#include "sslDigests.h" + + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct +{ SSLReadFunc read; + SSLWriteFunc write; + SSLConnectionRef ioRef; +} IOContext; + + +#ifdef USE_SSLCERTIFICATE +/* + * An element in a certificate chain. + */ +typedef struct SSLCertificate +{ + struct SSLCertificate *next; + SSLBuffer derCert; +} SSLCertificate; + +#endif + +#include "cryptType.h" + +/* + * An SSLContext contains four of these - one for each of {read,write} and for + * {current, pending}. + */ +struct CipherContext +{ + + const HashHmacReference *macRef; /* HMAC (TLS) or digest (SSL) */ + const SSLSymmetricCipher *symCipher; + + /* this is a context which is reused once per record */ + HashHmacContext macCtx; + + /* + * Crypto context for CommonCrypto-based symmetric ciphers + */ + CCCryptorRef cryptorRef; + + /* needed in CDSASymmInit */ + uint8_t encrypting; + + sslUint64 sequenceNum; + uint8_t ready; + + /* in SSL2 mode, the macSecret is the same size as the + * cipher key - which is 24 bytes in the 3DES case. */ + uint8_t macSecret[SSL_MAX_DIGEST_LEN]; +}; +/* typedef in cryptType.h */ + +#include "sslHandshake.h" + +typedef struct WaitingRecord +{ struct WaitingRecord *next; + size_t sent; + /* + * These two fields replace a dynamically allocated SSLBuffer; + * the payload to write is contained in the variable-length + * array data[]. + */ + size_t length; + UInt8 data[1]; +} WaitingRecord; + +typedef struct WaitingMessage +{ + struct WaitingMessage *next; + SSLRecord rec; +} WaitingMessage; + +typedef struct DNListElem +{ struct DNListElem *next; + SSLBuffer derDN; +} DNListElem; + +#ifdef USE_CDSA_CRYPTO + +/* Public part of asymmetric key. */ +typedef struct SSLPubKey +{ + CSSM_KEY key; + CSSM_CSP_HANDLE csp; /* may not be needed, we figure this + * one out by trial&error, right? */ +} SSLPubKey; + +/* Private part of asymmetric key. */ +typedef struct SSLPrivKey +{ + SecKeyRef key; + +} SSLPrivKey; + +#else /* !USE_CDSA_CRYPTO */ + +#if TARGET_OS_IOS +typedef struct __SecKey SSLPubKey; +typedef struct __SecKey SSLPrivKey; +#else +typedef struct OpaqueSecKeyRef SSLPubKey; +typedef struct OpaqueSecKeyRef SSLPrivKey; +#endif +/* + * Convert SSLPrivKey/SSLPubKey types to a platform SecKeyRef + * (currently a no-op) + */ +#define SECKEYREF(sslkey) (sslkey) + +#endif + +struct SSLContext +{ + CFRuntimeBase _base; + IOContext ioCtx; + + /* + * Prior to successful protocol negotiation, negProtocolVersion + * is SSL_Version_Undetermined. Subsequent to successful + * negotiation, negProtocolVersion contains the actual over-the-wire + * protocol value. + * + * The Boolean versionEnable flags are set by + * SSLSetProtocolVersionEnabled or SSLSetProtocolVersion and + * remain invariant once negotiation has started. If there + * were a large number of these and/or we were adding new + * protocol versions on a regular basis, we'd probably want + * to implement these as a word of flags. For now, in the + * real world, this is the most straightforward implementation. + */ + SSLProtocolVersion negProtocolVersion; /* negotiated */ + SSLProtocolVersion clientReqProtocol; /* requested by client in hello msg */ + SSLProtocolVersion minProtocolVersion; + SSLProtocolVersion maxProtocolVersion; + Boolean isDTLS; /* if this is a Datagram Context */ + SSLProtocolSide protocolSide; /* ConnectionEnd enum { server, client } in rfc5246. */ + + const struct _SslTlsCallouts *sslTslCalls; /* selects between SSLv3, TLSv1 and TLSv1.2 */ + + SSLPrivKey *signingPrivKeyRef; /* our private signing key */ + SSLPubKey *signingPubKey; /* our public signing key */ + + SSLPrivKey *encryptPrivKeyRef; /* our private encrypt key, for + * server-initiated key exchange */ + SSLPubKey *encryptPubKey; /* public version of above */ + + SSLPubKey *peerPubKey; + +#ifdef USE_SSLCERTIFICATE + /* + * Various cert chains. + * For all three, the root is the first in the chain. + */ + SSLCertificate *localCert; + SSLCertificate *encryptCert; + SSLCertificate *peerCert; + CSSM_ALGORITHMS ourSignerAlg; /* algorithm of the signer of localCert */ +#else + /* + * Various cert chains. + * For all three, the root is the last in the chain. + */ + CFArrayRef localCert; + CFArrayRef encryptCert; + CFArrayRef peerCert; + CFIndex ourSignerAlg; /* algorithm of the signer of localCert */ +#endif /* !USE_SSLCERTIFICATE */ + + /* + * The arrays we are given via SSLSetCertificate() and SSLSetEncryptionCertificate(). + * We keep them here, refcounted, solely for the associated getters. + */ + CFArrayRef localCertArray; + CFArrayRef encryptCertArray; + + /* peer certs as SecTrustRef */ + SecTrustRef peerSecTrust; + +#ifdef USE_CDSA_CRYPTO + + /* + * trusted root certs as specified in SSLSetTrustedRoots() + */ + CFArrayRef trustedCerts; + + /* for symmetric cipher and RNG */ + CSSM_CSP_HANDLE cspHand; + + /* session-wide handles for Apple TP, CL */ + CSSM_TP_HANDLE tpHand; + CSSM_CL_HANDLE clHand; +#else + +#ifdef USE_SSLCERTIFICATE + size_t numTrustedCerts; + SSLCertificate *trustedCerts; +#else + CFMutableArrayRef trustedCerts; + Boolean trustedCertsOnly; +#endif /* !USE_SSLCERTIFICATE */ + +#endif /* !USE_CDSA_CRYPTO */ + + /* + * trusted leaf certs as specified in SSLSetTrustedLeafCertificates() + */ + CFArrayRef trustedLeafCerts; + + #if APPLE_DH + SSLBuffer dhPeerPublic; + SSLBuffer dhExchangePublic; + SSLBuffer dhParamsEncoded; /* PKCS3 encoded blob - prime + generator */ +#ifdef USE_CDSA_CRYPTO + CSSM_KEY_PTR dhPrivate; +#else + SecDHContext secDHContext; +#endif /* !USE_CDSA_CRYPTO */ + #endif /* APPLE_DH */ + + /* + * ECDH support + * + * ecdhCurves[] is the set of currently configured curves; the number + * of valid curves is ecdhNumCurves. + */ + SSL_ECDSA_NamedCurve ecdhCurves[SSL_ECDSA_NUM_CURVES]; + unsigned ecdhNumCurves; + + SSLBuffer ecdhPeerPublic; /* peer's public ECDH key as ECPoint */ + SSL_ECDSA_NamedCurve ecdhPeerCurve; /* named curve associated with ecdhPeerPublic or + * peerPubKey */ + SSLBuffer ecdhExchangePublic; /* Our public key as ECPoint */ +#ifdef USE_CDSA_CRYPTO + CSSM_KEY_PTR ecdhPrivate; /* our private key */ + CSSM_CSP_HANDLE ecdhPrivCspHand; +#else + ccec_full_ctx_decl(ccn_sizeof(521), ecdhContext); // Big enough to hold a 521 bit ecdh key pair. +#endif /* !USE_CDSA_CRYPTO */ + + Boolean allowExpiredCerts; + Boolean allowExpiredRoots; + Boolean enableCertVerify; + + SSLBuffer dtlsCookie; /* DTLS ClientHello cookie */ + Boolean cookieVerified; /* Mark if cookie was verified */ + uint16_t hdskMessageSeq; /* Handshake Seq Num to be sent */ + uint32_t hdskMessageRetryCount; /* retry cont for a given flight of messages */ + uint16_t hdskMessageSeqNext; /* Handshake Seq Num to be received */ + SSLHandshakeMsg hdskMessageCurrent; /* Current Handshake Message */ + uint16_t hdskMessageCurrentOfs; /* Offset in current Handshake Message */ + + SSLBuffer sessionID; + + SSLBuffer peerID; + SSLBuffer resumableSession; + + char *peerDomainName; + size_t peerDomainNameLen; + + CipherContext readCipher; + CipherContext writeCipher; + CipherContext readPending; + CipherContext writePending; + CipherContext prevCipher; /* previous write cipher context, used for retransmit */ + + uint16_t selectedCipher; /* currently selected */ + SSLCipherSpec selectedCipherSpec; /* ditto */ + SSLCipherSuite *validCipherSuites; /* context's valid suites */ + size_t numValidCipherSuites; /* size of validCipherSuites */ +#if ENABLE_SSLV2 + unsigned numValidNonSSLv2Suites; /* number of entries in validCipherSpecs that + * are *not* SSLv2 only */ +#endif + SSLHandshakeState state; + + /* server-side only */ + SSLAuthenticate clientAuth; /* kNeverAuthenticate, etc. */ + Boolean tryClientAuth; + + /* client and server */ + SSLClientCertificateState clientCertState; + + DNListElem *acceptableDNList; /* client and server */ + CFMutableArrayRef acceptableCAs; /* server only - SecCertificateRefs */ + + bool certRequested; + bool certSent; + bool certReceived; + bool x509Requested; + + uint8_t clientRandom[SSL_CLIENT_SRVR_RAND_SIZE]; + uint8_t serverRandom[SSL_CLIENT_SRVR_RAND_SIZE]; + SSLBuffer preMasterSecret; + uint8_t masterSecret[SSL_MASTER_SECRET_SIZE]; + + /* running digests of all handshake messages */ + SSLBuffer shaState, md5State, sha256State, sha512State; + + SSLBuffer fragmentedMessageCache; + + unsigned ssl2ChallengeLength; + unsigned ssl2ConnectionIDLength; + unsigned sessionMatch; + + /* Queue a full flight of messages */ + WaitingMessage *messageWriteQueue; + Boolean messageQueueContainsChangeCipherSpec; + /* Record layer fields */ + SSLBuffer partialReadBuffer; + size_t amountRead; + + /* Transport layer fields */ + WaitingRecord *recordWriteQueue; + SSLBuffer receivedDataBuffer; + size_t receivedDataPos; + + Boolean allowAnyRoot; // don't require known roots + Boolean sentFatalAlert; // this session terminated by fatal alert + Boolean rsaBlindingEnable; + Boolean oneByteRecordEnable; /* enable 1/n-1 data splitting for TLSv1 and SSLv3 */ + Boolean wroteAppData; /* at least one write completed with current writeCipher */ + + /* optional session cache timeout (in seconds) override - 0 means default */ + uint32_t sessionCacheTimeout; + + /* optional SessionTicket */ + SSLBuffer sessionTicket; + + /* optional callback to obtain master secret, with its opaque arg */ + SSLInternalMasterSecretFunction masterSecretCallback; + const void *masterSecretArg; + + #if SSL_PAC_SERVER_ENABLE + /* server PAC resume sets serverRandom early to allow for secret acquisition */ + uint8_t serverRandomValid; + #endif + + Boolean anonCipherEnable; + + /* optional switches to enable additional returns from SSLHandshake */ + Boolean breakOnServerAuth; + Boolean breakOnCertRequest; + Boolean breakOnClientAuth; + Boolean signalServerAuth; + Boolean signalCertRequest; + Boolean signalClientAuth; + + /* true iff ECDSA/ECDH ciphers are configured */ + Boolean ecdsaEnable; + + /* List of server-specified client auth types */ + unsigned numAuthTypes; + SSLClientAuthenticationType *clientAuthTypes; + + /* client auth type actually negotiated */ + SSLClientAuthenticationType negAuthType; + + /* List of client-specified supported_signature_algorithms (for key exchange) */ + unsigned numClientSigAlgs; + SSLSignatureAndHashAlgorithm *clientSigAlgs; + /* List of server-specified supported_signature_algorithms (for client cert) */ + unsigned numServerSigAlgs; + SSLSignatureAndHashAlgorithm *serverSigAlgs; + + + /* Timeout for DTLS retransmit */ + CFAbsoluteTime timeout_deadline; + CFAbsoluteTime timeout_duration; + size_t mtu; + + /* RFC 5746: Secure renegotiation */ + Boolean secure_renegotiation; + Boolean secure_renegotiation_received; + SSLBuffer ownVerifyData; + SSLBuffer peerVerifyData; +}; + +OSStatus SSLUpdateNegotiatedClientAuthType(SSLContextRef ctx); + +#ifdef __cplusplus +} +#endif + +#endif /* _SSLCONTEXT_H_ */