tls_handshake_priv.h [plain text]
#ifndef _TLS_HANDSHAKE_PRIV_H_
#define _TLS_HANDSHAKE_PRIV_H_ 1
#include <tls_handshake.h>
#include <tls_ciphersuites.h>
#include "sslHandshake.h"
#include "sslBuildFlags.h"
#include "CipherSuite.h"
#include <corecrypto/ccec.h>
#include <corecrypto/ccdh.h>
#include <corecrypto/ccrsa.h>
#include <AssertMacros.h>
#include <corecrypto/ccrsa.h>
#include <corecrypto/ccec.h>
typedef struct _SSLPubKey SSLPubKey;
struct _SSLPubKey {
bool isRSA;
union {
ccrsa_pub_ctx_t rsa;
ccec_pub_ctx_t ecc;
};
};
struct _tls_private_key {
tls_private_key_ctx_t ctx;
tls_private_key_ctx_release ctx_release;
tls_private_key_desc_t desc;
};
enum {
errSSLSuccess = 0,
errSSLUnimplemented = -4,
errSSLParam = -50,
errSSLAllocate = -108,
errSSLProtocol = -9800,
errSSLNegotiation = -9801,
errSSLFatalAlert = -9802,
errSSLWouldBlock = -9803,
errSSLSessionNotFound = -9804,
errSSLClosedGraceful = -9805,
errSSLClosedAbort = -9806,
errSSLXCertChainInvalid = -9807,
errSSLBadCert = -9808,
errSSLCrypto = -9809,
errSSLInternal = -9810,
errSSLModuleAttach = -9811,
errSSLUnknownRootCert = -9812,
errSSLNoRootCert = -9813,
errSSLCertExpired = -9814,
errSSLCertNotYetValid = -9815,
errSSLClosedNoNotify = -9816,
errSSLBufferOverflow = -9817,
errSSLBadCipherSuite = -9818,
errSSLPeerUnexpectedMsg = -9819,
errSSLPeerBadRecordMac = -9820,
errSSLPeerDecryptionFail = -9821,
errSSLPeerRecordOverflow = -9822,
errSSLPeerDecompressFail = -9823,
errSSLPeerHandshakeFail = -9824,
errSSLPeerBadCert = -9825,
errSSLPeerUnsupportedCert = -9826,
errSSLPeerCertRevoked = -9827,
errSSLPeerCertExpired = -9828,
errSSLPeerCertUnknown = -9829,
errSSLIllegalParam = -9830,
errSSLPeerUnknownCA = -9831,
errSSLPeerAccessDenied = -9832,
errSSLPeerDecodeError = -9833,
errSSLPeerDecryptError = -9834,
errSSLPeerExportRestriction = -9835,
errSSLPeerProtocolVersion = -9836,
errSSLPeerInsufficientSecurity = -9837,
errSSLPeerInternalError = -9838,
errSSLPeerUserCancelled = -9839,
errSSLPeerNoRenegotiation = -9840,
errSSLPeerAuthCompleted = -9841,
errSSLClientCertRequested = -9842,
errSSLHostNameMismatch = -9843,
errSSLConnectionRefused = -9844,
errSSLDecryptionFail = -9845,
errSSLBadRecordMac = -9846,
errSSLRecordOverflow = -9847,
errSSLBadConfiguration = -9848,
errSSLUnexpectedRecord = -9849,
errSSLWeakPeerEphemeralDHKey = -9850,
};
typedef struct {
uint16_t cipherSpec;
KeyExchangeMethod keyExchangeMethod;
uint8_t keySize;
uint8_t ivSize;
uint8_t blockSize;
uint8_t macSize;
HMAC_Algs macAlg;
} SSLCipherSpecParams;
typedef enum {
kNeverAuthenticate,
kAlwaysAuthenticate,
kTryAuthenticate
} SSLAuthenticate;
typedef enum {
kSSLClientCertNone,
kSSLClientCertRequested,
kSSLClientCertSent,
kSSLClientCertRejected
} SSLClientCertificateState;
typedef int (*generateKeyMaterialFcn) (
tls_buffer key, tls_handshake_t ctx);
typedef int (*generateExportKeyAndIvFcn) (
tls_handshake_t ctx, const tls_buffer clientWriteKey,
const tls_buffer serverWriteKey,
tls_buffer finalClientWriteKey, tls_buffer finalServerWriteKey, tls_buffer finalClientIV, tls_buffer finalServerIV);
typedef int (*generateMasterSecretFcn) (
tls_handshake_t ctx);
typedef int (*computeFinishedMacFcn) (
tls_handshake_t ctx,
tls_buffer finished, bool isServer);
typedef int (*computeCertVfyMacFcn) (
tls_handshake_t ctx,
tls_buffer *finished, tls_hash_algorithm hash);
typedef struct _SslTlsCallouts {
generateKeyMaterialFcn generateKeyMaterial;
generateMasterSecretFcn generateMasterSecret;
computeFinishedMacFcn computeFinishedMac;
computeCertVfyMacFcn computeCertVfyMac;
} SslTlsCallouts;
extern const SslTlsCallouts Ssl3Callouts;
extern const SslTlsCallouts Tls1Callouts;
extern const SslTlsCallouts Tls12Callouts;
typedef struct WaitingMessage
{
struct WaitingMessage *next;
tls_buffer rec;
uint8_t contentType;
} WaitingMessage;
#define SSL_CLIENT_SRVR_RAND_SIZE 32
#define SSL_RSA_PREMASTER_SECRET_SIZE 48
#define SSL_MASTER_SECRET_SIZE 48
struct _tls_handshake_s {
tls_protocol_version negProtocolVersion;
tls_protocol_version clientReqProtocol;
tls_protocol_version minProtocolVersion;
tls_protocol_version maxProtocolVersion;
bool isDTLS;
bool isServer;
const struct _SslTlsCallouts *sslTslCalls;
tls_private_key_t signingPrivKeyRef;
SSLPubKey peerPubKey;
SSLCertificate *localCert;
SSLCertificate *peerCert;
tls_handshake_trust_t peerTrust;
#if APPLE_DH
unsigned dhMinGroupSize;
tls_buffer dhPeerPublic;
ccdh_gp_t dhParams;
ccdh_full_ctx_t dhContext;
#endif
uint16_t *ecdhCurves;
unsigned ecdhNumCurves;
tls_buffer ecdhPeerPublic;
tls_named_curve ecdhPeerCurve;
ccec_full_ctx_t ecdhContext;
#if ALLOW_RSA_SERVER_KEY_EXCHANGE
bool forceRsaServerKeyExchange;
SSLPubKey rsaEncryptPubKey;
#endif
tls_buffer dtlsCookie;
bool cookieVerified;
uint16_t hdskMessageSeq;
uint32_t hdskMessageRetryCount;
uint16_t hdskMessageSeqNext;
SSLHandshakeMsg hdskMessageCurrent;
uint16_t hdskMessageCurrentOfs;
tls_buffer peerID;
tls_buffer resumableSession;
bool allowResumption;
tls_buffer proposedSessionID;
tls_buffer sessionID;
bool sessionMatch;
bool allowRenegotiation;
bool readCipher_ready;
bool writeCipher_ready;
bool readPending_ready;
bool writePending_ready;
bool prevCipher_ready;
uint16_t selectedCipher;
SSLCipherSpecParams selectedCipherSpecParams;
uint16_t *enabledCipherSuites;
unsigned numEnabledCipherSuites;
uint16_t *requestedCipherSuites;
unsigned numRequestedCipherSuites;
SSLHandshakeState state;
DNListElem *acceptableDNList;
tls_buffer peerDomainName;
char *userAgent;
bool advanceHandshake;
tls_handshake_message_t currentMessage;
bool tryClientAuth;
SSLClientCertificateState clientCertState;
bool certRequested;
bool certSent;
bool certReceived;
bool x509Requested;
uint8_t clientRandom[SSL_CLIENT_SRVR_RAND_SIZE];
uint8_t serverRandom[SSL_CLIENT_SRVR_RAND_SIZE];
tls_buffer preMasterSecret;
uint8_t masterSecret[SSL_MASTER_SECRET_SIZE];
tls_buffer shaState, md5State, sha256State, sha384State, sha512State;
tls_buffer fragmentedMessageCache;
WaitingMessage *messageWriteQueue;
bool messageQueueContainsChangeCipherSpec;
tls_buffer receivedDataBuffer;
size_t receivedDataPos;
bool sentFatalAlert;
bool sessionTicket_enabled;
bool sessionTicket_announced;
bool sessionTicket_confirmed;
tls_buffer sessionTicket;
uint32_t sessionTicket_lifetime;
tls_buffer externalSessionTicket;
tls_handshake_master_secret_function_t masterSecretCallback;
const void *masterSecretArg;
bool extMSEnabled;
bool extMSReceived;
#if SSL_PAC_SERVER_ENABLE
uint8_t serverRandomValid;
#endif
bool anonCipherEnable;
bool ecdsaEnable;
unsigned numAuthTypes;
tls_client_auth_type *clientAuthTypes;
tls_client_auth_type negAuthType;
unsigned numPeerSigAlgs;
tls_signature_and_hash_algorithm *peerSigAlgs;
unsigned numLocalSigAlgs;
tls_signature_and_hash_algorithm *localSigAlgs;
tls_signature_and_hash_algorithm certSigAlg;
tls_signature_and_hash_algorithm kxSigAlg;
int retransmit_attempt;
size_t mtu;
bool secure_renegotiation;
bool secure_renegotiation_received;
bool empty_renegotation_info_scsv;
tls_buffer ownVerifyData;
tls_buffer peerVerifyData;
bool allowServerIdentityChange;
tls_buffer pskSharedSecret;
tls_buffer pskIdentity;
bool falseStartEnabled;
bool npn_enabled;
bool npn_announced;
bool npn_confirmed;
bool npn_received;
tls_buffer npnOwnData;
tls_buffer npnPeerData;
bool alpn_enabled;
bool alpn_announced;
bool alpn_confirmed;
bool alpn_received;
tls_buffer alpnOwnData;
tls_buffer alpnPeerData;
bool ocsp_enabled;
bool ocsp_peer_enabled;
tls_buffer ocsp_request_extensions;
tls_buffer_list_t *ocsp_responder_id_list;
bool ocsp_response_received;
tls_buffer ocsp_response;
bool fallback;
bool tls_fallback_scsv;
bool sct_enabled;
bool sct_peer_enabled;
tls_buffer_list_t *sct_list;
uint16_t *requested_ecdh_curves;
unsigned num_ec_curves;
tls_handshake_config_t config;
tls_handshake_ctx_t ctx;
tls_handshake_ctx_t *callback_ctx;
tls_handshake_callbacks_t *callbacks;
};
static inline bool sslVersionIsLikeTls12(tls_handshake_t ctx)
{
check(ctx->negProtocolVersion!=tls_protocol_version_Undertermined);
return ctx->isDTLS ? ctx->negProtocolVersion > tls_protocol_version_DTLS_1_0 : ctx->negProtocolVersion >= tls_protocol_version_TLS_1_2;
}
static inline size_t getMaxDataGramSize(tls_handshake_t ctx)
{
size_t max_fragment_size = ctx->mtu-13;
SSLCipherSpecParams *currCipher = &ctx->selectedCipherSpecParams;
size_t blockSize = currCipher->blockSize;
size_t macSize = currCipher->macSize;
if (blockSize > 0) {
max_fragment_size = max_fragment_size & ~(blockSize-1);
max_fragment_size -= blockSize;
max_fragment_size -= 1;
}
max_fragment_size -= macSize;
assert(max_fragment_size<ctx->mtu);
return max_fragment_size;
}
static inline
int SSLHandshakeHeaderSize(tls_handshake_t ctx)
{
if(ctx->isDTLS)
return 12;
else
return 4;
}
static inline
void sslReadReady(tls_handshake_t ctx, bool ready)
{
if(ctx->readCipher_ready!=ready) {
ctx->readCipher_ready=ready;
ctx->callbacks->ready(ctx->callback_ctx, false, ready);
}
}
static inline
void sslWriteReady(tls_handshake_t ctx, bool ready)
{
if(ctx->writeCipher_ready!=ready) {
ctx->writeCipher_ready=ready;
ctx->callbacks->ready(ctx->callback_ctx, true, ready);
}
}
#endif