X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/c38e3ce98599a410a47dc10253faa4d5830f13b2..427c49bcad63d042b29ada2ac27e3dfc4845c779:/libsecurity_ssl/lib/tls_record.h diff --git a/libsecurity_ssl/lib/tls_record.h b/libsecurity_ssl/lib/tls_record.h new file mode 100644 index 00000000..eacd8453 --- /dev/null +++ b/libsecurity_ssl/lib/tls_record.h @@ -0,0 +1,158 @@ +/* + * Copyright (c) 2002,2005-2007,2010-2011 Apple Inc. All Rights Reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_LICENSE_HEADER_END@ + */ + +/* + * tls_record.h - Declarations of record layer callout struct to provide indirect calls to + * SSLv3 and TLS routines. + */ + +#ifndef _TLS_RECORD_H_ +#define _TLS_RECORD_H_ + +#ifdef __cplusplus +extern "C" { +#endif + +// #include "sslRecord.h" + +#include "sslTypes.h" +#include "cryptType.h" +#include "sslMemory.h" +#include "SSLRecordInternal.h" + +struct SSLRecordInternalContext; + +/*** + *** Each of {TLS, SSLv3} implements each of these functions. + ***/ + +/* unpack, decrypt, validate one record */ +typedef int (*decryptRecordFcn) ( + uint8_t type, + SSLBuffer *payload, + struct SSLRecordInternalContext *ctx); + +/* pack, encrypt, mac, queue one outgoing record */ +typedef int (*writeRecordFcn) ( + SSLRecord rec, + struct SSLRecordInternalContext *ctx); + +/* initialize a per-CipherContext HashHmacContext for use in MACing each record */ +typedef int (*initMacFcn) ( + CipherContext *cipherCtx // macRef, macSecret valid on entry + // macCtx valid on return +); + +/* free per-CipherContext HashHmacContext */ +typedef int (*freeMacFcn) ( + CipherContext *cipherCtx); + +/* compute MAC on one record */ +typedef int (*computeMacFcn) ( + uint8_t type, + SSLBuffer data, + SSLBuffer mac, // caller mallocs data + CipherContext *cipherCtx, // assumes macCtx, macRef + sslUint64 seqNo, + struct SSLRecordInternalContext *ctx); + + +typedef struct _SslRecordCallouts { + decryptRecordFcn decryptRecord; + writeRecordFcn writeRecord; + initMacFcn initMac; + freeMacFcn freeMac; + computeMacFcn computeMac; +} SslRecordCallouts; + + +/* From ssl3RecordCallouts.c and tls1RecordCallouts.c */ +extern const SslRecordCallouts Ssl3RecordCallouts; +extern const SslRecordCallouts Tls1RecordCallouts; + +/* one callout routine used in common (for now) */ +int ssl3WriteRecord( + SSLRecord rec, + struct SSLRecordInternalContext *ctx); + + +typedef struct WaitingRecord +{ struct WaitingRecord *next; + size_t sent; + /* + * These two fields replace a dynamically allocated SSLBuffer; + * the payload to write is contained in the variable-length + * array data[]. + */ + size_t length; + uint8_t data[1]; +} WaitingRecord; + +typedef struct { + const HashHmacReference *macAlgorithm; + const SSLSymmetricCipher *cipher; +} SSLRecordCipherSpec; + + + +struct SSLRecordInternalContext +{ + /* I/O */ + SSLIOReadFunc read; + SSLIOWriteFunc write; + SSLIOConnectionRef ioRef; + + /* buffering */ + SSLBuffer partialReadBuffer; + size_t amountRead; + WaitingRecord *recordWriteQueue; + + /* ciphers */ + uint16_t selectedCipher; /* currently selected */ + SSLRecordCipherSpec selectedCipherSpec; /* ditto */ + CipherContext readCipher; + CipherContext writeCipher; + CipherContext readPending; + CipherContext writePending; + CipherContext prevCipher; /* previous write cipher context, used for retransmit */ + + /* protocol */ + bool isDTLS; + SSLProtocolVersion negProtocolVersion; /* negotiated */ + const SslRecordCallouts *sslTslCalls; + +}; + +/* Function called from the ssl3/tls1 callouts */ + +int SSLVerifyMac( + uint8_t type, + SSLBuffer *data, + uint8_t *compareMAC, + struct SSLRecordInternalContext *ctx); + +#ifdef __cplusplus +} +#endif + +#endif /* _TLS_SSL_H_ */