1/* 2 * Copyright (c) 2000-2001,2005-2007,2010-2013 Apple Inc. All Rights Reserved. 3 * 4 * The contents of this file constitute Original Code as defined in and are 5 * subject to the Apple Public Source License Version 1.2 (the 'License'). 6 * You may not use this file except in compliance with the License. Please obtain 7 * a copy of the License at http://www.apple.com/publicsource and read it before 8 * using this file. 9 * 10 * This Original Code and all software distributed under the License are 11 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS 12 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT 13 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR 14 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the 15 * specific language governing rights and limitations under the License. 16 */ 17 18/* 19 * sslHandshake.h - SSL Handshake Layer 20 */ 21 22#ifndef _SSLHANDSHAKE_H_ 23#define _SSLHANDSHAKE_H_ 24 25#include "sslRecord.h" 26 27#ifdef __cplusplus 28extern "C" { 29#endif 30 31typedef enum 32{ SSL_HdskHelloRequest = 0, 33 SSL_HdskClientHello = 1, 34 SSL_HdskServerHello = 2, 35#if ENABLE_DTLS 36 SSL_HdskHelloVerifyRequest = 3, 37#endif /* ENABLE_DTLS */ 38 SSL_HdskCert = 11, 39 SSL_HdskServerKeyExchange = 12, 40 SSL_HdskCertRequest = 13, 41 SSL_HdskServerHelloDone = 14, 42 SSL_HdskCertVerify = 15, 43 SSL_HdskClientKeyExchange = 16, 44 SSL_HdskFinished = 20, 45 SSL_HdskNPNEncryptedExtension = 67 46} SSLHandshakeType; 47 48/* Hello Extensions per RFC 3546 */ 49typedef enum 50{ 51 SSL_HE_ServerName = 0, 52 SSL_HE_MaxFragmentLength = 1, 53 SSL_HE_ClientCertificateURL = 2, 54 SSL_HE_TrustedCAKeys = 3, 55 SSL_HE_TruncatedHMAC = 4, 56 SSL_HE_StatusReguest = 5, 57 58 /* ECDSA, RFC 4492 */ 59 SSL_HE_EllipticCurves = 10, 60 SSL_HE_EC_PointFormats = 11, 61 62 /* TLS 1.2 */ 63 SSL_HE_SignatureAlgorithms = 13, 64 65 /* RFC 5746 */ 66 SSL_HE_SecureRenegotation = 0xff01, 67 68 /* 69 * This one is suggested but not formally defined in 70 * I.D.salowey-tls-ticket-07 71 */ 72 SSL_HE_SessionTicket = 35, 73 74 /* 75 * NPN support for SPDY 76 * WARNING: This is NOT an extension registered with the IANA 77 */ 78 SSL_HE_NPN = 13172 79} SSLHelloExtensionType; 80 81/* SSL_HE_ServerName NameType values */ 82typedef enum 83{ 84 SSL_NT_HostName = 0 85} SSLServerNameType; 86 87/* 88 * The number of curves we support 89 */ 90#define SSL_ECDSA_NUM_CURVES 3 91 92/* SSL_HE_EC_PointFormats - point formats */ 93typedef enum 94{ 95 SSL_PointFormatUncompressed = 0, 96 SSL_PointFormatCompressedPrime = 1, 97 SSL_PointFormatCompressedChar2 = 2, 98} SSL_ECDSA_PointFormats; 99 100/* CurveTypes in a Server Key Exchange msg */ 101typedef enum 102{ 103 SSL_CurveTypeExplicitPrime = 1, 104 SSL_CurveTypeExplicitChar2 = 2, 105 SSL_CurveTypeNamed = 3 /* the only one we support */ 106} SSL_ECDSA_CurveTypes; 107 108typedef enum 109{ SSL_read, 110 SSL_write 111} CipherSide; 112 113typedef enum 114{ 115 SSL_HdskStateUninit = 0, /* only valid within SSLContextAlloc */ 116 SSL_HdskStateServerUninit, /* no handshake yet */ 117 SSL_HdskStateClientUninit, /* no handshake yet */ 118 SSL_HdskStateGracefulClose, 119 SSL_HdskStateErrorClose, 120 SSL_HdskStateNoNotifyClose, /* server disconnected with no 121 * notify msg */ 122 /* remainder must be consecutive */ 123 SSL_HdskStateServerHello, /* must get server hello; client hello sent */ 124 SSL_HdskStateKeyExchange, /* must get key exchange; cipher spec 125 * requires it */ 126 SSL_HdskStateCert, /* may get certificate or certificate 127 * request (if no cert request received yet) */ 128 SSL_HdskStateHelloDone, /* must get server hello done; after key 129 * exchange or fixed DH parameters */ 130 SSL_HdskStateClientCert, /* must get certificate or no cert alert 131 * from client */ 132 SSL_HdskStateClientKeyExchange, /* must get client key exchange */ 133 SSL_HdskStateClientCertVerify, /* must get certificate verify from client */ 134 SSL_HdskStateChangeCipherSpec, /* time to change the cipher spec */ 135 SSL_HdskStateFinished, /* must get a finished message in the 136 * new cipher spec */ 137 SSL_HdskStateServerReady, /* ready for I/O; server side */ 138 SSL_HdskStateClientReady /* ready for I/O; client side */ 139} SSLHandshakeState; 140 141typedef struct 142{ SSLHandshakeType type; 143 SSLBuffer contents; 144} SSLHandshakeMsg; 145 146 147uint8_t *SSLEncodeHandshakeHeader( 148 SSLContext *ctx, 149 SSLRecord *rec, 150 SSLHandshakeType type, 151 size_t msglen); 152 153 154#define SSL_Finished_Sender_Server 0x53525652 155#define SSL_Finished_Sender_Client 0x434C4E54 156 157/** sslHandshake.c **/ 158typedef OSStatus (*EncodeMessageFunc)(SSLRecord *rec, SSLContext *ctx); 159OSStatus SSLProcessHandshakeRecord(SSLRecord rec, SSLContext *ctx); 160OSStatus SSLPrepareAndQueueMessage(EncodeMessageFunc msgFunc, SSLContext *ctx); 161OSStatus SSLAdvanceHandshake(SSLHandshakeType processed, SSLContext *ctx); 162OSStatus SSL3ReceiveSSL2ClientHello(SSLRecord rec, SSLContext *ctx); 163OSStatus DTLSProcessHandshakeRecord(SSLRecord rec, SSLContext *ctx); 164OSStatus DTLSRetransmit(SSLContext *ctx); 165OSStatus SSLResetFlight(SSLContext *ctx); 166OSStatus SSLSendFlight(SSLContext *ctx); 167 168OSStatus sslGetMaxProtVersion(SSLContext *ctx, SSLProtocolVersion *version); // RETURNED 169 170#ifdef NDEBUG 171#define SSLChangeHdskState(ctx, newState) { ctx->state=newState; } 172#define SSLLogHdskMsg(msg, sent) 173#else 174void SSLChangeHdskState(SSLContext *ctx, SSLHandshakeState newState); 175void SSLLogHdskMsg(SSLHandshakeType msg, char sent); 176char *hdskStateToStr(SSLHandshakeState state); 177#endif 178 179/** sslChangeCipher.c **/ 180OSStatus SSLEncodeChangeCipherSpec(SSLRecord *rec, SSLContext *ctx); 181OSStatus SSLProcessChangeCipherSpec(SSLRecord rec, SSLContext *ctx); 182 183/** sslCert.c **/ 184OSStatus SSLEncodeCertificate(SSLRecord *certificate, SSLContext *ctx); 185OSStatus SSLProcessCertificate(SSLBuffer message, SSLContext *ctx); 186OSStatus SSLEncodeCertificateRequest(SSLRecord *request, SSLContext *ctx); 187OSStatus SSLProcessCertificateRequest(SSLBuffer message, SSLContext *ctx); 188OSStatus SSLEncodeCertificateVerify(SSLRecord *verify, SSLContext *ctx); 189OSStatus SSLProcessCertificateVerify(SSLBuffer message, SSLContext *ctx); 190 191/** sslHandshakeHello.c **/ 192OSStatus SSLEncodeServerHello(SSLRecord *serverHello, SSLContext *ctx); 193OSStatus SSLProcessServerHello(SSLBuffer message, SSLContext *ctx); 194OSStatus SSLEncodeClientHello(SSLRecord *clientHello, SSLContext *ctx); 195OSStatus SSLProcessClientHello(SSLBuffer message, SSLContext *ctx); 196OSStatus SSLInitMessageHashes(SSLContext *ctx); 197OSStatus SSLEncodeRandom(unsigned char *p, SSLContext *ctx); 198#if ENABLE_DTLS 199OSStatus SSLEncodeServerHelloVerifyRequest(SSLRecord *helloVerifyRequest, SSLContext *ctx); 200OSStatus SSLProcessServerHelloVerifyRequest(SSLBuffer message, SSLContext *ctx); 201#endif 202 203/** sslKeyExchange.c **/ 204OSStatus SSLEncodeServerKeyExchange(SSLRecord *keyExch, SSLContext *ctx); 205OSStatus SSLProcessServerKeyExchange(SSLBuffer message, SSLContext *ctx); 206OSStatus SSLEncodeKeyExchange(SSLRecord *keyExchange, SSLContext *ctx); 207OSStatus SSLProcessKeyExchange(SSLBuffer keyExchange, SSLContext *ctx); 208OSStatus SSLInitPendingCiphers(SSLContext *ctx); 209 210/** sslHandshakeFinish.c **/ 211OSStatus SSLEncodeFinishedMessage(SSLRecord *finished, SSLContext *ctx); 212OSStatus SSLProcessFinished(SSLBuffer message, SSLContext *ctx); 213OSStatus SSLEncodeServerHelloDone(SSLRecord *helloDone, SSLContext *ctx); 214OSStatus SSLProcessServerHelloDone(SSLBuffer message, SSLContext *ctx); 215OSStatus SSLCalculateFinishedMessage(SSLBuffer finished, SSLBuffer shaMsgState, SSLBuffer md5MsgState, UInt32 senderID, SSLContext *ctx); 216OSStatus SSLEncodeNPNEncryptedExtensionMessage(SSLRecord *rec, SSLContext *ctx); 217OSStatus SSLProcessEncryptedExtension(SSLBuffer message, SSLContext *ctx); 218 219#ifdef __cplusplus 220} 221#endif 222 223#endif /* _SSLHANDSHAKE_H_ */ 224