gecko-dev/security/nss/lib/ssl/sslimpl.h
nelsonb%netscape.com 14c87961d5 Add implementation of SSL_RSA_WITH_RC4_128_SHA SSL3 cipher suite,
which is not enabled by default.  Bug 59795.
2001-01-13 02:05:15 +00:00

1240 lines
44 KiB
C

/*
* This file is PRIVATE to SSL and should be the first thing included by
* any SSL implementation file.
*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1994-2000 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
* "GPL"), in which case the provisions of the GPL are applicable
* instead of those above. If you wish to allow use of your
* version of this file only under the terms of the GPL and not to
* allow others to use your version of this file under the MPL,
* indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by
* the GPL. If you do not delete the provisions above, a recipient
* may use your version of this file under either the MPL or the
* GPL.
*
* $Id: sslimpl.h,v 1.8 2001/01/13 02:05:08 nelsonb%netscape.com Exp $
*/
#ifndef __sslimpl_h_
#define __sslimpl_h_
#ifdef DEBUG
#undef NDEBUG
#else
#undef NDEBUG
#define NDEBUG
#endif
#include "secport.h"
#include "secerr.h"
#include "sslerr.h"
#include "ssl3prot.h"
#include "hasht.h"
#include "nssilock.h"
#include "pkcs11t.h"
#ifdef XP_UNIX
#include "unistd.h"
#endif
#include "nssrwlk.h"
#if defined(DEBUG) || defined(TRACE)
#ifdef __cplusplus
#define Debug 1
#else
extern int Debug;
#endif
#else
#undef Debug
#endif
#if defined(DEBUG)
#define TRACE
#endif
#ifdef TRACE
#define SSL_TRC(a,b) if (ssl_trace >= (a)) ssl_Trace b
#define PRINT_BUF(a,b) if (ssl_trace >= (a)) ssl_PrintBuf b
#define DUMP_MSG(a,b) if (ssl_trace >= (a)) ssl_DumpMsg b
#else
#define SSL_TRC(a,b)
#define PRINT_BUF(a,b)
#define DUMP_MSG(a,b)
#endif
#ifdef DEBUG
#define SSL_DBG(b) if (ssl_debug) ssl_Trace b
#else
#define SSL_DBG(b)
#endif
#if defined (DEBUG)
#ifdef macintosh
#include "pprthred.h"
#else
#include "private/pprthred.h" /* for PR_InMonitor() */
#endif
#define ssl_InMonitor(m) PZ_InMonitor(m)
#endif
#define LSB(x) ((unsigned char) (x & 0xff))
#define MSB(x) ((unsigned char) (((unsigned)(x)) >> 8))
/************************************************************************/
typedef enum { SSLAppOpRead = 0,
SSLAppOpWrite,
SSLAppOpRDWR,
SSLAppOpPost,
SSLAppOpHeader
} SSLAppOperation;
#define SSL_MIN_MASTER_KEY_BYTES 5
#define SSL_MAX_MASTER_KEY_BYTES 64
#define SSL_SESSIONID_BYTES 16
#define SSL3_SESSIONID_BYTES 32
#define SSL_MIN_CHALLENGE_BYTES 16
#define SSL_MAX_CHALLENGE_BYTES 32
#define SSL_CHALLENGE_BYTES 16
#define SSL_CONNECTIONID_BYTES 16
#define SSL_MIN_CYPHER_ARG_BYTES 0
#define SSL_MAX_CYPHER_ARG_BYTES 32
#define SSL_MAX_MAC_BYTES 16
/* number of wrap mechanisms potentially used to wrap master secrets. */
#define SSL_NUM_WRAP_MECHS 13
/* This makes the cert cache entry exactly 4k. */
#define SSL_MAX_CACHED_CERT_LEN 4060
typedef struct sslBufferStr sslBuffer;
typedef struct sslConnectInfoStr sslConnectInfo;
typedef struct sslGatherStr sslGather;
typedef struct sslSecurityInfoStr sslSecurityInfo;
typedef struct sslSessionIDStr sslSessionID;
typedef struct sslSocketStr sslSocket;
typedef struct sslSocketOpsStr sslSocketOps;
typedef struct ssl3StateStr ssl3State;
typedef struct ssl3CertNodeStr ssl3CertNode;
typedef struct ssl3BulkCipherDefStr ssl3BulkCipherDef;
typedef struct ssl3MACDefStr ssl3MACDef;
typedef struct ssl3KeyPairStr ssl3KeyPair;
struct ssl3CertNodeStr {
struct ssl3CertNodeStr *next;
CERTCertificate * cert;
};
typedef SECStatus (*sslHandshakeFunc)(sslSocket *ss);
/* This type points to the low layer send func,
** e.g. ssl2_SendStream or ssl3_SendPlainText.
** These functions return the same values as PR_Send,
** i.e. >= 0 means number of bytes sent, < 0 means error.
*/
typedef PRInt32 (*sslSendFunc)(sslSocket *ss, const unsigned char *buf,
PRInt32 n, PRInt32 flags);
typedef void (*sslSessionIDCacheFunc) (sslSessionID *sid);
typedef void (*sslSessionIDUncacheFunc)(sslSessionID *sid);
typedef sslSessionID *(*sslSessionIDLookupFunc)(const PRIPv6Addr *addr,
unsigned char* sid,
unsigned int sidLen,
CERTCertDBHandle * dbHandle);
/* Socket ops */
struct sslSocketOpsStr {
int (*connect) (sslSocket *, const PRNetAddr *);
PRFileDesc *(*accept) (sslSocket *, PRNetAddr *);
int (*bind) (sslSocket *, const PRNetAddr *);
int (*listen) (sslSocket *, int);
int (*shutdown)(sslSocket *, int);
int (*close) (sslSocket *);
int (*recv) (sslSocket *, unsigned char *, int, int);
/* points to the higher-layer send func, e.g. ssl_SecureSend. */
int (*send) (sslSocket *, const unsigned char *, int, int);
int (*read) (sslSocket *, unsigned char *, int);
int (*write) (sslSocket *, const unsigned char *, int);
int (*getpeername)(sslSocket *, PRNetAddr *);
int (*getsockname)(sslSocket *, PRNetAddr *);
};
/* Flags interpreted by ssl send functions. */
#define ssl_SEND_FLAG_FORCE_INTO_BUFFER 0x40000000
#define ssl_SEND_FLAG_NO_BUFFER 0x20000000
#define ssl_SEND_FLAG_MASK 0x7f000000
/*
** A buffer object.
*/
struct sslBufferStr {
unsigned char * buf;
unsigned int len;
unsigned int space;
};
/*
** SSL3 cipher suite policy and preference struct.
*/
typedef struct {
#ifdef AIX
unsigned int cipher_suite : 16;
unsigned int policy : 8;
unsigned int enabled : 1;
unsigned int isPresent : 1;
#else
ssl3CipherSuite cipher_suite;
PRUint8 policy;
unsigned char enabled : 1;
unsigned char isPresent : 1;
#endif
} ssl3CipherSuiteCfg;
#define ssl_V3_SUITES_IMPLEMENTED 14
typedef struct sslOptionsStr {
unsigned int useSecurity : 1; /* 1 */
unsigned int useSocks : 1; /* 2 */
unsigned int requestCertificate : 1; /* 3 */
unsigned int requireCertificate : 2; /* 4-5 */
unsigned int handshakeAsClient : 1; /* 6 */
unsigned int handshakeAsServer : 1; /* 7 */
unsigned int enableSSL2 : 1; /* 8 */
unsigned int enableSSL3 : 1; /* 9 */
unsigned int enableTLS : 1; /* 10 */
unsigned int noCache : 1; /* 11 */
unsigned int fdx : 1; /* 12 */
unsigned int v2CompatibleHello : 1; /* 13 */
unsigned int detectRollBack : 1; /* 14 */
} sslOptions;
/*
** SSL Socket struct
**
** Protection: XXX
*/
struct sslSocketStr {
PRFileDesc * fd;
/* Pointer to operations vector for this socket */
const sslSocketOps * ops;
/* State flags */
unsigned int useSocks : 1;
unsigned int useSecurity : 1;
unsigned int requestCertificate : 1;
unsigned int requireCertificate : 2;
unsigned int handshakeAsClient : 1;
unsigned int handshakeAsServer : 1;
unsigned int enableSSL2 : 1;
unsigned int enableSSL3 : 1;
unsigned int enableTLS : 1;
unsigned int clientAuthRequested: 1;
unsigned int noCache : 1;
unsigned int fdx : 1; /* simultaneous read/write threads */
unsigned int v2CompatibleHello : 1; /* Send v3+ client hello in v2 format */
unsigned int detectRollBack : 1; /* Detect rollback to SSL v3 */
unsigned int connected : 1; /* initial handshake is complete. */
unsigned int recvdCloseNotify : 1; /* received SSL EOF. */
/* version of the protocol to use */
SSL3ProtocolVersion version;
SSL3ProtocolVersion clientHelloVersion; /* version sent in client hello. */
/* Non-zero if security is enabled */
sslSecurityInfo *sec;
/* protected by firstHandshakeLock AND (in ssl3) ssl3HandshakeLock. */
const char *url; /* ssl 2 & 3 */
/* Gather object used for gathering data */
sslGather * gather; /*recvBufLock*/
sslHandshakeFunc handshake; /*firstHandshakeLock*/
sslHandshakeFunc nextHandshake; /*firstHandshakeLock*/
sslHandshakeFunc securityHandshake; /*firstHandshakeLock*/
sslBuffer saveBuf; /*xmitBufLock*/
sslBuffer pendingBuf; /*xmitBufLock*/
/* the following variable is only used with socks or other proxies. */
char * peerID; /* String uniquely identifies target server. */
ssl3State * ssl3;
unsigned char * cipherSpecs;
unsigned int sizeCipherSpecs;
const unsigned char * preferredCipher;
/* Configuration state for server sockets */
CERTCertificate * serverCert[kt_kea_size];
CERTCertificateList * serverCertChain[kt_kea_size];
SECKEYPrivateKey * serverKey[kt_kea_size];
ssl3KeyPair * stepDownKeyPair; /* RSA step down keys */
/* Callbacks */
SSLAuthCertificate authCertificate;
void *authCertificateArg;
SSLGetClientAuthData getClientAuthData;
void *getClientAuthDataArg;
SSLBadCertHandler handleBadCert;
void *badCertArg;
SSLHandshakeCallback handshakeCallback;
void *handshakeCallbackData;
void *pkcs11PinArg;
PRIntervalTime rTimeout; /* timeout for NSPR I/O */
PRIntervalTime wTimeout; /* timeout for NSPR I/O */
PRIntervalTime cTimeout; /* timeout for NSPR I/O */
PZLock * recvLock; /* lock against multiple reader threads. */
PZLock * sendLock; /* lock against multiple sender threads. */
PZMonitor * recvBufLock; /* locks low level recv buffers. */
PZMonitor * xmitBufLock; /* locks low level xmit buffers. */
/* Only one thread may operate on the socket until the initial handshake
** is complete. This Monitor ensures that. Since SSL2 handshake is
** only done once, this is also effectively the SSL2 handshake lock.
*/
PZMonitor * firstHandshakeLock;
/* This monitor protects the ssl3 handshake state machine data.
** Only one thread (reader or writer) may be in the ssl3 handshake state
** machine at any time. */
PZMonitor * ssl3HandshakeLock;
/* reader/writer lock, protects the secret data needed to encrypt and MAC
** outgoing records, and to decrypt and MAC check incoming ciphertext
** records. */
NSSRWLock * specLock;
/* handle to perm cert db (and implicitly to the temp cert db) used
** with this socket.
*/
CERTCertDBHandle * dbHandle;
PRUint16 shutdownHow; /* See ssl_SHUTDOWN defines below. */
PRUint16 allowedByPolicy; /* copy of global policy bits. */
PRUint16 maybeAllowedByPolicy; /* copy of global policy bits. */
PRUint16 chosenPreference; /* SSL2 cipher preferences. */
ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED];
};
#define SSL_LOCK_RANK_SPEC 255
#define SSL_LOCK_RANK_GLOBAL NSS_RWLOCK_RANK_NONE
/* These are the valid values for shutdownHow.
** These values are each 1 greater than the NSPR values, and the code
** depends on that relation to efficiently convert PR_SHUTDOWN values
** into ssl_SHUTDOWN values. These values use one bit for read, and
** another bit for write, and can be used as bitmasks.
*/
#define ssl_SHUTDOWN_NONE 0 /* NOT shutdown at all */
#define ssl_SHUTDOWN_RCV 1 /* PR_SHUTDOWN_RCV +1 */
#define ssl_SHUTDOWN_SEND 2 /* PR_SHUTDOWN_SEND +1 */
#define ssl_SHUTDOWN_BOTH 3 /* PR_SHUTDOWN_BOTH +1 */
/*
** A gather object. Used to read some data until a count has been
** satisfied. Primarily for support of async sockets.
** Everything in here is protected by the recvBufLock.
*/
struct sslGatherStr {
int state; /* see GS_ values below. */ /* ssl 2 & 3 */
/* "buf" holds received plaintext SSL records, after decrypt and MAC check.
* SSL2: recv'd ciphertext records are put here, then decrypted in place.
* SSL3: recv'd ciphertext records are put in inbuf (see below), then
* decrypted into buf.
*/
sslBuffer buf; /*recvBufLock*/ /* ssl 2 & 3 */
/* number of bytes previously read into hdr or buf(ssl2) or inbuf (ssl3).
** (offset - writeOffset) is the number of ciphertext bytes read in but
** not yet deciphered.
*/
unsigned int offset; /* ssl 2 & 3 */
/* number of bytes to read in next call to ssl_DefRecv (recv) */
unsigned int remainder; /* ssl 2 & 3 */
/* Number of ciphertext bytes to read in after 2-byte SSL record header. */
unsigned int count; /* ssl2 only */
/* size of the final plaintext record.
** == count - (recordPadding + MAC size)
*/
unsigned int recordLen; /* ssl2 only */
/* number of bytes of padding to be removed after decrypting. */
/* This value is taken from the record's hdr[2], which means a too large
* value could crash us.
*/
unsigned int recordPadding; /* ssl2 only */
/* plaintext DATA begins this many bytes into "buf". */
unsigned int recordOffset; /* ssl2 only */
int encrypted; /* SSL2 session is now encrypted. ssl2 only */
/* These next two values are used by SSL2 and SSL3.
** DoRecv uses them to extract application data.
** The difference between writeOffset and readOffset is the amount of
** data available to the application. Note that the actual offset of
** the data in "buf" is recordOffset (above), not readOffset.
** In the current implementation, this is made available before the
** MAC is checked!!
*/
unsigned int readOffset; /* Spot where DATA reader (e.g. application
** or handshake code) will read next.
** Always zero for SSl3 application data.
*/
/* offset in buf/inbuf/hdr into which new data will be read from socket. */
unsigned int writeOffset;
/* Buffer for ssl3 to read (encrypted) data from the socket */
sslBuffer inbuf; /*recvBufLock*/ /* ssl3 only */
/* The ssl[23]_GatherData functions read data into this buffer, rather
** than into buf or inbuf, while in the GS_HEADER state.
** The portion of the SSL record header put here always comes off the wire
** as plaintext, never ciphertext.
** For SSL2, the plaintext portion is two bytes long. For SSl3 it is 5.
*/
unsigned char hdr[5]; /* ssl 2 & 3 */
};
/* sslGather.state */
#define GS_INIT 0
#define GS_HEADER 1
#define GS_MAC 2
#define GS_DATA 3
#define GS_PAD 4
typedef SECStatus (*SSLCipher)(void * context,
unsigned char * out,
int * outlen,
int maxout,
const unsigned char *in,
int inlen);
typedef SECStatus (*SSLDestroy)(void *context, PRBool freeit);
/*
* SSL2 buffers used in SSL3.
* writeBuf in the SecurityInfo maintained by sslsecur.c is used
* to hold the data just about to be passed to the kernel
* sendBuf in the ConnectInfo maintained by sslcon.c is used
* to hold handshake messages as they are accumulated
*/
/*
** This is "ci", as in "ss->sec.ci".
**
** Protection: All the variables in here are protected by
** firstHandshakeLock AND (in ssl3) ssl3HandshakeLock
*/
struct sslConnectInfoStr {
/* outgoing handshakes appended to this. */
sslBuffer sendBuf; /*xmitBufLock*/ /* ssl 2 & 3 */
PRIPv6Addr peer; /* ssl 2 & 3 */
unsigned short port; /* ssl 2 & 3 */
sslSessionID *sid; /* ssl 2 & 3 */
/* see CIS_HAVE defines below for the bit values in *elements. */
char elements; /* ssl2 only */
char requiredElements; /* ssl2 only */
char sentElements; /* ssl2 only */
char sentFinished; /* ssl2 only */
/* Length of server challenge. Used by client when saving challenge */
int serverChallengeLen; /* ssl2 only */
/* type of authentication requested by server */
unsigned char authType; /* ssl2 only */
/* Challenge sent by client to server in client-hello message */
/* SSL3 gets a copy of this. See ssl3_StartHandshakeHash(). */
unsigned char clientChallenge[SSL_MAX_CHALLENGE_BYTES]; /* ssl 2 & 3 */
/* Connection-id sent by server to client in server-hello message */
unsigned char connectionID[SSL_CONNECTIONID_BYTES]; /* ssl2 only */
/* Challenge sent by server to client in request-certificate message */
unsigned char serverChallenge[SSL_MAX_CHALLENGE_BYTES]; /* ssl2 only */
/* Information kept to handle a request-certificate message */
unsigned char readKey[SSL_MAX_MASTER_KEY_BYTES]; /* ssl2 only */
unsigned char writeKey[SSL_MAX_MASTER_KEY_BYTES]; /* ssl2 only */
unsigned keySize; /* ssl2 only */
};
/* bit values for ci->elements, ci->requiredElements, sentElements. */
#define CIS_HAVE_MASTER_KEY 0x01
#define CIS_HAVE_CERTIFICATE 0x02
#define CIS_HAVE_FINISHED 0x04
#define CIS_HAVE_VERIFY 0x08
/* Note: The entire content of this struct and whatever it points to gets
* blown away by SSL_ResetHandshake(). This is "sec" as in "ss->sec".
*
* Unless otherwise specified below, the contents of this struct are
* protected by firstHandshakeLock AND (in ssl3) ssl3HandshakeLock.
*/
struct sslSecurityInfoStr {
sslSendFunc send; /*xmitBufLock*/ /* ssl 2 & 3 */
int isServer; /* Spec Lock?*/ /* ssl 2 & 3 */
sslBuffer writeBuf; /*xmitBufLock*/ /* ssl 2 & 3 */
int cipherType; /* ssl 2 & 3 */
int keyBits; /* ssl 2 & 3 */
int secretKeyBits; /* ssl 2 & 3 */
CERTCertificate *peerCert; /* ssl 2 & 3 */
SECKEYPublicKey *peerKey; /* ssl3 only */
/*
** Procs used for SID cache (nonce) management.
** Different implementations exist for clients/servers
** The lookup proc is only used for servers. Baloney!
*/
sslSessionIDCacheFunc cache; /* ssl 2 & 3 */
sslSessionIDUncacheFunc uncache; /* ssl 2 & 3 */
/*
** everything below here is for ssl2 only.
** This stuff is equivalent to SSL3's "spec", and is protected by the
** same "Spec Lock" as used for SSL3's specs.
*/
uint32 sendSequence; /*xmitBufLock*/ /* ssl2 only */
uint32 rcvSequence; /*recvBufLock*/ /* ssl2 only */
/* Hash information; used for one-way-hash functions (MD2, MD5, etc.) */
const SECHashObject *hash; /* Spec Lock */ /* ssl2 only */
void *hashcx; /* Spec Lock */ /* ssl2 only */
SECItem sendSecret; /* Spec Lock */ /* ssl2 only */
SECItem rcvSecret; /* Spec Lock */ /* ssl2 only */
/* Session cypher contexts; one for each direction */
void *readcx; /* Spec Lock */ /* ssl2 only */
void *writecx; /* Spec Lock */ /* ssl2 only */
SSLCipher enc; /* Spec Lock */ /* ssl2 only */
SSLCipher dec; /* Spec Lock */ /* ssl2 only */
void (*destroy)(void *, PRBool); /* Spec Lock */ /* ssl2 only */
/* Blocking information for the session cypher */
int blockShift; /* Spec Lock */ /* ssl2 only */
int blockSize; /* Spec Lock */ /* ssl2 only */
/* These are used during a connection handshake */
sslConnectInfo ci; /* ssl 2 & 3 */
};
/*
** ssl3State and CipherSpec structs
*/
/* The SSL bulk cipher definition */
typedef enum {
cipher_null,
cipher_rc4,
cipher_rc4_40,
cipher_rc4_56,
cipher_rc2,
cipher_rc2_40,
cipher_des,
cipher_3des,
cipher_des40,
cipher_idea,
cipher_fortezza,
cipher_missing /* reserved for no such supported cipher */
} SSL3BulkCipher;
/* The specific cipher algorithm */
typedef enum {
calg_null = (int)0x80000000L,
calg_rc4 = CKM_RC4,
calg_rc2 = CKM_RC2_CBC,
calg_des = CKM_DES_CBC,
calg_3des = CKM_DES3_CBC,
calg_idea = CKM_IDEA_CBC,
calg_fortezza = CKM_SKIPJACK_CBC64,
calg_init = (int) 0x7fffffffL
} CipherAlgorithm;
/* hmac added to help TLS conversion by rjr... */
typedef enum {
malg_null = (int)0x80000000L,
malg_md5 = CKM_SSL3_MD5_MAC,
malg_sha = CKM_SSL3_SHA1_MAC,
malg_md5_hmac = CKM_MD5_HMAC,
malg_sha_hmac = CKM_SHA_1_HMAC
} MACAlgorithm;
/* Key Exchange values moved to ssl.h */
typedef SSLKEAType SSL3KEAType;
typedef enum {
mac_null,
mac_md5,
mac_sha,
hmac_md5, /* TLS HMAC version of mac_md5 */
hmac_sha /* TLS HMAC version of mac_sha */
} SSL3MACAlgorithm;
typedef enum { type_stream, type_block } CipherType;
#define MAX_IV_LENGTH 64
/*
* Do not depend upon 64 bit arithmetic in the underlying machine.
*/
typedef struct {
uint32 high;
uint32 low;
} SSL3SequenceNumber;
typedef struct {
SSL3Opaque write_iv[MAX_IV_LENGTH];
PK11SymKey *write_key;
PK11SymKey *write_mac_key;
PK11Context *write_mac_context;
} ssl3KeyMaterial;
typedef struct {
SSL3Opaque wrapped_client_write_key[12]; /* wrapped with Ks */
SSL3Opaque wrapped_server_write_key[12]; /* wrapped with Ks */
SSL3Opaque client_write_iv [24];
SSL3Opaque server_write_iv [24];
SSL3Opaque wrapped_master_secret [48];
PRUint16 wrapped_master_secret_len;
} ssl3SidKeys;
/*
** These are the "specs" in the "ssl3" struct.
** Access to the pointers to these specs, and all the specs' contents
** (direct and indirect) is protected by the reader/writer lock ss->specLock.
*/
typedef struct {
const ssl3BulkCipherDef *cipher_def;
const ssl3MACDef * mac_def;
int mac_size;
SSLCipher encode;
void * encodeContext;
SSLCipher decode;
void * decodeContext;
SSLDestroy destroy;
PK11SymKey * master_secret;
ssl3KeyMaterial client;
ssl3KeyMaterial server;
SSL3SequenceNumber write_seq_num;
SSL3SequenceNumber read_seq_num;
SSL3ProtocolVersion version;
} ssl3CipherSpec;
typedef enum { never_cached,
in_client_cache,
in_server_cache,
invalid_cache /* no longer in any cache. */
} Cached;
struct sslSessionIDStr {
sslSessionID * next; /* chain used for client sockets, only */
CERTCertificate * peerCert;
const char * peerID; /* client only */
const char * urlSvrName; /* client only */
PRIPv6Addr addr;
PRUint16 port;
SSL3ProtocolVersion version;
PRUint32 time;
Cached cached;
int references;
union {
struct {
/* the V2 code depends upon the size of sessionID. */
unsigned char sessionID[SSL_SESSIONID_BYTES];
/* Stuff used to recreate key and read/write cipher objects */
SECItem masterKey;
int cipherType;
SECItem cipherArg;
int keyBits;
int secretKeyBits;
} ssl2;
struct {
/* values that are copied into the server's on-disk SID cache. */
uint8 sessionIDLength;
SSL3Opaque sessionID[SSL3_SESSIONID_BYTES];
ssl3CipherSuite cipherSuite;
SSL3CompressionMethod compression;
PRBool resumable;
int policy;
PRBool hasFortezza;
ssl3SidKeys keys;
CK_MECHANISM_TYPE masterWrapMech;
/* mechanism used to wrap master secret */
SSL3KEAType exchKeyType;
/* key type used in exchange algorithm,
* and to wrap the sym wrapping key. */
/* The following values are NOT restored from the server's on-disk
* session cache, but are restored from the client's cache.
*/
PK11SymKey * clientWriteKey;
PK11SymKey * serverWriteKey;
PK11SymKey * tek;
/* The following values pertain to the slot that wrapped the
** master secret. (used only in client)
*/
SECMODModuleID masterModuleID;
/* what module wrapped the master secret */
CK_SLOT_ID masterSlotID;
PRUint16 masterWrapIndex;
/* what's the key index for the wrapping key */
PRUint16 masterWrapSeries;
/* keep track of the slot series, so we don't
* accidently try to use new keys after the
* card gets removed and replaced.*/
/* The following values pertain to the slot that did the signature
** for client auth. (used only in client)
*/
SECMODModuleID clAuthModuleID;
CK_SLOT_ID clAuthSlotID;
PRUint16 clAuthSeries;
char masterValid;
char clAuthValid;
/* the following values are used only in the client, and only
* with fortezza.
*/
SSL3Opaque clientWriteSave[80];
int clientWriteSaveLen;
} ssl3;
} u;
};
typedef struct ssl3CipherSuiteDefStr {
ssl3CipherSuite cipher_suite;
SSL3BulkCipher bulk_cipher_alg;
SSL3MACAlgorithm mac_alg;
SSL3KeyExchangeAlgorithm key_exchange_alg;
} ssl3CipherSuiteDef;
/*
** There are tables of these, all const.
*/
typedef struct {
SSL3KeyExchangeAlgorithm kea;
SSL3KEAType exchKeyType;
SSL3SignType signKeyType;
PRBool is_limited;
int key_size_limit;
PRBool tls_keygen;
} ssl3KEADef;
typedef enum { kg_null, kg_strong, kg_export } SSL3KeyGenMode;
/*
** There are tables of these, all const.
*/
struct ssl3BulkCipherDefStr {
SSL3BulkCipher cipher;
CipherAlgorithm calg;
int key_size;
int secret_key_size;
CipherType type;
int iv_size;
int block_size;
SSL3KeyGenMode keygen_mode;
};
/*
** There are tables of these, all const.
*/
struct ssl3MACDefStr {
SSL3MACAlgorithm mac;
MACAlgorithm malg;
int pad_size;
int mac_size;
};
typedef enum {
wait_client_hello,
wait_client_cert,
wait_client_key,
wait_cert_verify,
wait_change_cipher,
wait_finished,
wait_server_hello,
wait_server_cert,
wait_server_key,
wait_cert_request,
wait_hello_done,
idle_handshake
} SSL3WaitState;
/*
** This is the "hs" member of the "ssl3" struct.
** This entire struct is protected by ssl3HandshakeLock
*/
typedef struct SSL3HandshakeStateStr {
SSL3Random server_random;
SSL3Random client_random;
SSL3WaitState ws;
PK11Context * md5; /* handshake running hashes */
PK11Context * sha;
const ssl3KEADef * kea_def;
ssl3CipherSuite cipher_suite;
const ssl3CipherSuiteDef *suite_def;
SSL3CompressionMethod compression;
sslBuffer msg_body; /* protected by recvBufLock */
/* partial handshake message from record layer */
unsigned int header_bytes;
/* number of bytes consumed from handshake */
/* message for message type and header length */
SSL3HandshakeType msg_type;
unsigned long msg_len;
SECItem ca_list; /* used only by client */
PRBool isResuming; /* are we resuming a session */
PRBool rehandshake; /* immediately start another handshake
* when this one finishes */
PRBool usedStepDownKey; /* we did a server key exchange. */
sslBuffer msgState; /* current state for handshake messages*/
/* protected by recvBufLock */
} SSL3HandshakeState;
struct SSL3FortezzaKEAParamsStr {
unsigned char R_s[128]; /* server's "random" public key */
PK11SymKey * tek;
};
typedef struct SSL3FortezzaKEAParamsStr SSL3FortezzaKEAParams;
/*
** This is the "ssl3" struct, as in "ss->ssl3".
** note:
** usually, crSpec == cwSpec and prSpec == pwSpec.
** Sometimes, crSpec == pwSpec and prSpec == cwSpec.
** But there are never more than 2 actual specs.
** No spec must ever be modified if either "current" pointer points to it.
*/
struct ssl3StateStr {
/*
** The following Specs and Spec pointers must be protected using the
** Spec Lock.
*/
ssl3CipherSpec * crSpec; /* current read spec. */
ssl3CipherSpec * prSpec; /* pending read spec. */
ssl3CipherSpec * cwSpec; /* current write spec. */
ssl3CipherSpec * pwSpec; /* pending write spec. */
ssl3CipherSpec specs[2]; /* one is current, one is pending. */
SSL3HandshakeState hs;
CERTCertificate * clientCertificate; /* used by client */
SECKEYPrivateKey * clientPrivateKey; /* used by client */
CERTCertificateList *clientCertChain; /* used by client */
PRBool sendEmptyCert; /* used by client */
int policy;
/* This says what cipher suites we can do, and should
* be either SSL_ALLOWED or SSL_RESTRICTED
*/
PRArenaPool * peerCertArena;
/* These are used to keep track of the peer CA */
void * peerCertChain;
/* chain while we are trying to validate it. */
CERTDistNames * ca_list;
/* used by server. trusted CAs for this socket. */
SSL3FortezzaKEAParams fortezza;
};
typedef struct {
SSL3ContentType type;
SSL3ProtocolVersion version;
sslBuffer * buf;
} SSL3Ciphertext;
struct ssl3KeyPairStr {
SECKEYPrivateKey * privKey; /* RSA step down key */
SECKEYPublicKey * pubKey; /* RSA step down key */
PRInt32 refCount; /* use PR_Atomic calls for this. */
};
typedef struct SSLWrappedSymWrappingKeyStr {
SSL3Opaque wrappedSymmetricWrappingkey[512];
SSL3Opaque wrapIV[24];
CK_MECHANISM_TYPE symWrapMechanism;
/* unwrapped symmetric wrapping key uses this mechanism */
CK_MECHANISM_TYPE asymWrapMechanism;
/* mechanism used to wrap the SymmetricWrappingKey using
* server's public and/or private keys. */
SSL3KEAType exchKeyType; /* type of keys used to wrap SymWrapKey*/
PRInt32 symWrapMechIndex;
PRUint16 wrappedSymKeyLen;
PRUint16 wrapIVLen;
} SSLWrappedSymWrappingKey;
/* All the global data items declared here should be protected using the
** ssl_global_data_lock, which is a reader/writer lock.
*/
extern NSSRWLock * ssl_global_data_lock;
extern char ssl_debug;
extern char ssl_trace;
extern CERTDistNames * ssl3_server_ca_list;
extern PRUint32 ssl_sid_timeout;
extern PRUint32 ssl3_sid_timeout;
extern PRBool ssl3_global_policy_some_restricted;
extern const char * const ssl_cipherName[];
extern const char * const ssl3_cipherName[];
extern sslSessionIDLookupFunc ssl_sid_lookup;
extern sslSessionIDCacheFunc ssl_sid_cache;
extern sslSessionIDUncacheFunc ssl_sid_uncache;
/************************************************************************/
SEC_BEGIN_PROTOS
/* Implementation of ops for default (non socks, non secure) case */
extern int ssl_DefConnect(sslSocket *ss, const PRNetAddr *addr);
extern PRFileDesc *ssl_DefAccept(sslSocket *ss, PRNetAddr *addr);
extern int ssl_DefBind(sslSocket *ss, const PRNetAddr *addr);
extern int ssl_DefListen(sslSocket *ss, int backlog);
extern int ssl_DefShutdown(sslSocket *ss, int how);
extern int ssl_DefClose(sslSocket *ss);
extern int ssl_DefRecv(sslSocket *ss, unsigned char *buf, int len, int flags);
extern int ssl_DefSend(sslSocket *ss, const unsigned char *buf,
int len, int flags);
extern int ssl_DefRead(sslSocket *ss, unsigned char *buf, int len);
extern int ssl_DefWrite(sslSocket *ss, const unsigned char *buf, int len);
extern int ssl_DefGetpeername(sslSocket *ss, PRNetAddr *name);
extern int ssl_DefGetsockname(sslSocket *ss, PRNetAddr *name);
extern int ssl_DefGetsockopt(sslSocket *ss, PRSockOption optname,
void *optval, PRInt32 *optlen);
extern int ssl_DefSetsockopt(sslSocket *ss, PRSockOption optname,
const void *optval, PRInt32 optlen);
/* Implementation of ops for socks only case */
extern int ssl_SocksConnect(sslSocket *ss, const PRNetAddr *addr);
extern PRFileDesc *ssl_SocksAccept(sslSocket *ss, PRNetAddr *addr);
extern int ssl_SocksBind(sslSocket *ss, const PRNetAddr *addr);
extern int ssl_SocksListen(sslSocket *ss, int backlog);
extern int ssl_SocksGetsockname(sslSocket *ss, PRNetAddr *name);
extern int ssl_SocksRecv(sslSocket *ss, unsigned char *buf, int len, int flags);
extern int ssl_SocksSend(sslSocket *ss, const unsigned char *buf,
int len, int flags);
extern int ssl_SocksRead(sslSocket *ss, unsigned char *buf, int len);
extern int ssl_SocksWrite(sslSocket *ss, const unsigned char *buf, int len);
/* Implementation of ops for secure only case */
extern int ssl_SecureConnect(sslSocket *ss, const PRNetAddr *addr);
extern PRFileDesc *ssl_SecureAccept(sslSocket *ss, PRNetAddr *addr);
extern int ssl_SecureRecv(sslSocket *ss, unsigned char *buf,
int len, int flags);
extern int ssl_SecureSend(sslSocket *ss, const unsigned char *buf,
int len, int flags);
extern int ssl_SecureRead(sslSocket *ss, unsigned char *buf, int len);
extern int ssl_SecureWrite(sslSocket *ss, const unsigned char *buf, int len);
extern int ssl_SecureShutdown(sslSocket *ss, int how);
extern int ssl_SecureClose(sslSocket *ss);
/* Implementation of ops for secure socks case */
extern int ssl_SecureSocksConnect(sslSocket *ss, const PRNetAddr *addr);
extern PRFileDesc *ssl_SecureSocksAccept(sslSocket *ss, PRNetAddr *addr);
extern PRFileDesc *ssl_FindTop(sslSocket *ss);
/* Gather funcs. */
extern sslGather * ssl_NewGather(void);
extern void ssl_DestroyGather(sslGather *gs);
extern int ssl2_GatherData(sslSocket *ss, sslGather *gs, int flags);
extern int ssl2_GatherRecord(sslSocket *ss, int flags);
extern SECStatus ssl_GatherRecord1stHandshake(sslSocket *ss);
extern SECStatus ssl2_HandleClientHelloMessage(sslSocket *ss);
extern SECStatus ssl2_HandleServerHelloMessage(sslSocket *ss);
extern int ssl2_StartGatherBytes(sslSocket *ss, sslGather *gs,
unsigned int count);
extern SECStatus ssl_CreateSecurityInfo(sslSocket *ss);
extern SECStatus ssl_CopySecurityInfo(sslSocket *ss, sslSocket *os);
extern void ssl_DestroySecurityInfo(sslSecurityInfo *sec);
extern sslSocket * ssl_DupSocket(sslSocket *old);
extern void ssl_PrintBuf(sslSocket *ss, const char *msg, const void *cp, int len);
extern void ssl_DumpMsg(sslSocket *ss, unsigned char *bp, unsigned len);
extern int ssl_SendSavedWriteData(sslSocket *ss, sslBuffer *buf,
sslSendFunc fp);
extern SECStatus ssl_SaveWriteData(sslSocket *ss, sslBuffer *buf,
const void* p, unsigned int l);
extern SECStatus ssl2_BeginClientHandshake(sslSocket *ss);
extern SECStatus ssl2_BeginServerHandshake(sslSocket *ss);
extern int ssl_Do1stHandshake(sslSocket *ss);
extern SECStatus sslBuffer_Grow(sslBuffer *b, unsigned int newLen);
extern void ssl2_UseClearSendFunc(sslSocket *ss);
extern void ssl_ChooseSessionIDProcs(sslSecurityInfo *sec);
extern sslSessionID *ssl_LookupSID(const PRIPv6Addr *addr, PRUint16 port,
const char *peerID, const char *urlSvrName);
extern void ssl_FreeSID(sslSessionID *sid);
extern int ssl3_SendApplicationData(sslSocket *ss, const PRUint8 *in,
int len, int flags);
extern PRBool ssl_FdIsBlocking(PRFileDesc *fd);
extern PRBool ssl_SocketIsBlocking(sslSocket *ss);
extern void ssl_SetAlwaysBlock(sslSocket *ss);
#define SSL_LOCK_READER(ss) if (ss->recvLock) PZ_Lock(ss->recvLock)
#define SSL_UNLOCK_READER(ss) if (ss->recvLock) PZ_Unlock(ss->recvLock)
#define SSL_LOCK_WRITER(ss) if (ss->sendLock) PZ_Lock(ss->sendLock)
#define SSL_UNLOCK_WRITER(ss) if (ss->sendLock) PZ_Unlock(ss->sendLock)
#define ssl_Get1stHandshakeLock(ss) PZ_EnterMonitor((ss)->firstHandshakeLock)
#define ssl_Release1stHandshakeLock(ss) PZ_ExitMonitor((ss)->firstHandshakeLock)
#define ssl_Have1stHandshakeLock(ss) PZ_InMonitor( (ss)->firstHandshakeLock)
#define ssl_GetSSL3HandshakeLock(ss) PZ_EnterMonitor((ss)->ssl3HandshakeLock)
#define ssl_ReleaseSSL3HandshakeLock(ss) PZ_ExitMonitor((ss)->ssl3HandshakeLock)
#define ssl_HaveSSL3HandshakeLock(ss) PZ_InMonitor( (ss)->ssl3HandshakeLock)
#define ssl_GetSpecReadLock(ss) NSSRWLock_LockRead( (ss)->specLock)
#define ssl_ReleaseSpecReadLock(ss) NSSRWLock_UnlockRead( (ss)->specLock)
#define ssl_GetSpecWriteLock(ss) NSSRWLock_LockWrite( (ss)->specLock)
#define ssl_ReleaseSpecWriteLock(ss) NSSRWLock_UnlockWrite((ss)->specLock)
#define ssl_HaveSpecWriteLock(ss) NSSRWLock_HaveWriteLock((ss)->specLock)
#define ssl_GetRecvBufLock(ss) PZ_EnterMonitor((ss)->recvBufLock)
#define ssl_ReleaseRecvBufLock(ss) PZ_ExitMonitor( (ss)->recvBufLock)
#define ssl_HaveRecvBufLock(ss) PZ_InMonitor( (ss)->recvBufLock)
#define ssl_GetXmitBufLock(ss) PZ_EnterMonitor((ss)->xmitBufLock)
#define ssl_ReleaseXmitBufLock(ss) PZ_ExitMonitor( (ss)->xmitBufLock)
#define ssl_HaveXmitBufLock(ss) PZ_InMonitor( (ss)->xmitBufLock)
/* These functions are called from secnav, even though they're "private". */
extern int ssl2_SendErrorMessage(struct sslSocketStr *ss, int error);
extern int SSL_RestartHandshakeAfterServerCert(struct sslSocketStr *ss);
extern int SSL_RestartHandshakeAfterCertReq(struct sslSocketStr *ss,
CERTCertificate *cert,
SECKEYPrivateKey *key,
CERTCertificateList *certChain);
extern sslSocket *ssl_FindSocket(PRFileDesc *fd);
extern void ssl_FreeSocket(struct sslSocketStr *ssl);
extern SECStatus SSL3_SendAlert(sslSocket *ss, SSL3AlertLevel level,
SSL3AlertDescription desc);
extern int ssl2_RestartHandshakeAfterCertReq(sslSocket * ss,
CERTCertificate * cert,
SECKEYPrivateKey * key);
extern SECStatus ssl3_RestartHandshakeAfterCertReq(sslSocket * ss,
CERTCertificate * cert,
SECKEYPrivateKey * key,
CERTCertificateList *certChain);
extern int ssl2_RestartHandshakeAfterServerCert(sslSocket *ss);
extern int ssl3_RestartHandshakeAfterServerCert(sslSocket *ss);
/*
* for dealing with SSL 3.0 clients sending SSL 2.0 format hellos
*/
extern SECStatus ssl3_HandleV2ClientHello(
sslSocket *ss, unsigned char *buffer, int length);
extern SECStatus ssl3_StartHandshakeHash(
sslSocket *ss, unsigned char *buf, int length);
/*
* SSL3 specific routines
*/
SECStatus ssl3_SendClientHello(sslSocket *ss);
/*
* input into the SSL3 machinery from the actualy network reading code
*/
SECStatus ssl3_HandleRecord(
sslSocket *ss, SSL3Ciphertext *cipher, sslBuffer *out);
int ssl3_GatherAppDataRecord(sslSocket *ss, int flags);
int ssl3_GatherCompleteHandshake(sslSocket *ss, int flags);
/*
* When talking to export clients or using export cipher suites, servers
* with public RSA keys larger than 512 bits need to use a 512-bit public
* key, signed by the larger key. The smaller key is a "step down" key.
* Generate that key pair and keep it around.
*/
extern SECStatus ssl3_CreateRSAStepDownKeys(sslSocket *ss);
extern SECStatus ssl3_CipherPrefSetDefault(ssl3CipherSuite which, PRBool on);
extern SECStatus ssl3_CipherPrefGetDefault(ssl3CipherSuite which, PRBool *on);
extern SECStatus ssl2_CipherPrefSetDefault(PRInt32 which, PRBool enabled);
extern SECStatus ssl2_CipherPrefGetDefault(PRInt32 which, PRBool *enabled);
extern SECStatus ssl3_CipherPrefSet(sslSocket *ss, ssl3CipherSuite which, PRBool on);
extern SECStatus ssl3_CipherPrefGet(sslSocket *ss, ssl3CipherSuite which, PRBool *on);
extern SECStatus ssl2_CipherPrefSet(sslSocket *ss, PRInt32 which, PRBool enabled);
extern SECStatus ssl2_CipherPrefGet(sslSocket *ss, PRInt32 which, PRBool *enabled);
extern SECStatus ssl3_SetPolicy(ssl3CipherSuite which, PRInt32 policy);
extern SECStatus ssl3_GetPolicy(ssl3CipherSuite which, PRInt32 *policy);
extern SECStatus ssl2_SetPolicy(PRInt32 which, PRInt32 policy);
extern SECStatus ssl2_GetPolicy(PRInt32 which, PRInt32 *policy);
extern void ssl2_InitSocketPolicy(sslSocket *ss);
extern void ssl3_InitSocketPolicy(sslSocket *ss);
extern SECStatus ssl3_ConstructV2CipherSpecsHack(sslSocket *ss,
unsigned char *cs, int *size);
extern SECStatus ssl3_RedoHandshake(sslSocket *ss, PRBool flushCache);
extern void ssl3_DestroySSL3Info(ssl3State *ssl3);
extern SECStatus ssl3_NegotiateVersion(sslSocket *ss,
SSL3ProtocolVersion peerVersion);
extern SECStatus ssl_GetPeerInfo(sslSocket *ss);
/* Construct a new NSPR socket for the app to use */
extern PRFileDesc *ssl_NewPRSocket(sslSocket *ss, PRFileDesc *fd);
extern void ssl_FreePRSocket(PRFileDesc *fd);
/* Internal config function so SSL2 can initialize the present state of
* various ciphers */
extern int ssl3_config_match_init(sslSocket *);
/* Create a new ref counted key pair object from two keys. */
extern ssl3KeyPair * ssl3_NewKeyPair( SECKEYPrivateKey * privKey,
SECKEYPublicKey * pubKey);
/* get a new reference (bump ref count) to an ssl3KeyPair. */
extern ssl3KeyPair * ssl3_GetKeyPairRef(ssl3KeyPair * keyPair);
/* Decrement keypair's ref count and free if zero. */
extern void ssl3_FreeKeyPair(ssl3KeyPair * keyPair);
/* calls for accessing wrapping keys across processes. */
extern PRBool
ssl_GetWrappingKey( PRInt32 symWrapMechIndex,
SSL3KEAType exchKeyType,
SSLWrappedSymWrappingKey *wswk);
/* The caller passes in the new value it wants
* to set. This code tests the wrapped sym key entry in the file on disk.
* If it is uninitialized, this function writes the caller's value into
* the disk entry, and returns false.
* Otherwise, it overwrites the caller's wswk with the value obtained from
* the disk, and returns PR_TRUE.
* This is all done while holding the locks/semaphores necessary to make
* the operation atomic.
*/
extern PRBool
ssl_SetWrappingKey(SSLWrappedSymWrappingKey *wswk);
/********************** misc calls *********************/
extern int ssl_MapLowLevelError(int hiLevelError);
extern PRUint32 ssl_Time(void);
/* emulation of NSPR routines. */
extern PRInt32
ssl_EmulateAcceptRead( PRFileDesc * sd,
PRFileDesc ** nd,
PRNetAddr ** raddr,
void * buf,
PRInt32 amount,
PRIntervalTime timeout);
extern PRInt32
ssl_EmulateTransmitFile( PRFileDesc * sd,
PRFileDesc * fd,
const void * headers,
PRInt32 hlen,
PRTransmitFileFlags flags,
PRIntervalTime timeout);
extern PRInt32
ssl_EmulateSendFile( PRFileDesc * sd,
PRSendFileData * sfd,
PRTransmitFileFlags flags,
PRIntervalTime timeout);
#ifdef TRACE
#define SSL_TRACE(msg) ssl_Trace msg
#else
#define SSL_TRACE(msg)
#endif
void ssl_Trace(const char *format, ...);
SEC_END_PROTOS
#ifdef XP_UNIX
#define SSL_GETPID() getpid()
#else
#define SSL_GETPID() 0
#endif
#endif /* __sslimpl_h_ */