|
1 // Copyright (c) 2003-2009 Nokia Corporation and/or its subsidiary(-ies). |
|
2 // All rights reserved. |
|
3 // This component and the accompanying materials are made available |
|
4 // under the terms of "Eclipse Public License v1.0" |
|
5 // which accompanies this distribution, and is available |
|
6 // at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
7 // |
|
8 // Initial Contributors: |
|
9 // Nokia Corporation - initial contribution. |
|
10 // |
|
11 // Contributors: |
|
12 // |
|
13 // Description: |
|
14 // SSL3.0 and TLS1.0 Connection header file. |
|
15 // Describes a secure (SSL3.0/TLS1.0) connection. |
|
16 // |
|
17 // |
|
18 |
|
19 /** |
|
20 @file |
|
21 */ |
|
22 |
|
23 #ifndef _TLSCONNECTION_H_ |
|
24 #define _TLSCONNECTION_H_ |
|
25 |
|
26 #include <securesocketinterface.h> |
|
27 #include <genericsecuresocket.h> |
|
28 #include <ssl.h> |
|
29 #include <tlsprovinterface.h> |
|
30 #include <tlstypedef.h> |
|
31 #include <comms-infras/statemachine.h> |
|
32 #include "LOGFILE.H" |
|
33 |
|
34 //Tls protocol Panics |
|
35 enum TTlsPanic |
|
36 { |
|
37 ETlsPanicClientHelloMsgNotSent = 0, |
|
38 ETlsPanicHandshakeMsgAlreadyExists, |
|
39 ETlsPanicChangeCipherMsgNotReceived, |
|
40 ETlsPanicServerHelloMsgNotReceived, |
|
41 ETlsPanicNullHandshakeMsg, |
|
42 ETlsPanicNullServerCertificate, |
|
43 ETlsPanicInvalidProcessState, |
|
44 ETlsPanicInvalidTlsSession, |
|
45 ETlsPanicNullTlsSession, |
|
46 ETlsPanicTlsProviderNotReady, |
|
47 ETlsPanicNoCA, |
|
48 ETlsPanicNoDataToProcess, |
|
49 ETlsPanicNoUserData, |
|
50 ETlsPanicUserDataAlreadySet, |
|
51 ETlsPanicNullPointerToHandshakeHeaderBuffer, |
|
52 ETlsPanicNullPointerToHandshakeRecordParser, |
|
53 ETlsPanicAppDataResumeButNotStarted, |
|
54 ETlsPanicHelloRequestRecWhileInAppData, |
|
55 ETlsPanicSignatureAlreadyExists, |
|
56 ETlsPanicNullStateMachineHistory, |
|
57 ETlsPanicNullStateMachine, |
|
58 ETlsPanicInvalidStateMachine, |
|
59 ETlsPanicStateMachineAlreadyExists, |
|
60 ETlsPanicStateMachineStopped, |
|
61 ETlsPanicInvalidStatus, |
|
62 ETlsPanicAlertReceived, |
|
63 ETlsPanicAlreadyActive, |
|
64 }; |
|
65 |
|
66 // Declaration for global panic function for Tls protocol |
|
67 GLREF_C void TlsPanic(TTlsPanic aPanic); |
|
68 |
|
69 // Constant values |
|
70 const TInt KProtocolDescMinSize = 8; //< Minimum size of the descriptor for the Protocol name |
|
71 |
|
72 /* |
|
73 In RFC2716 (PPP EAP TLS Authentication Protocol) section 3.5, label is defined as "client EAP encryption" |
|
74 |
|
75 In draft-josefsson-pppext-eap-tls-eap-02 (Protected EAP Protocol (PEAP)) section 2.8, label is |
|
76 defined as "client PEAP encryption". However, most of radius servers use "client EAP encryption" |
|
77 as the constant keying string. |
|
78 |
|
79 In draft-ietf-pppext-eap-ttls-04 EAP Tunneled TLS Authentication Protocol (TTLS) section 7, |
|
80 label is defined as "ttls keying material". |
|
81 |
|
82 Following max size is sufficient to all those cases. |
|
83 */ |
|
84 const TInt KKeyingLabelMaxSize = 100; |
|
85 |
|
86 // TlsConnection supported protocols |
|
87 _LIT( KProtocolVerSSL30, "SSL3.0" ); //< SSL 3.0 Protocol |
|
88 _LIT( KProtocolVerTLS10, "TLS1.0" ); //< TLS 1.0 Protocol |
|
89 |
|
90 |
|
91 // Forward Declarations |
|
92 class CRecordParser; |
|
93 class CRecordComposer; |
|
94 class CSendAlert; |
|
95 class CHandshake; |
|
96 class CSendAppData; |
|
97 class CRecvAppData; |
|
98 |
|
99 class CTlsConnection : public CActive, public MSecureSocket, public MStateMachineNotify |
|
100 /** |
|
101 * A secure (SSL v3.0 or TLS vl.0) connection. |
|
102 * Implements the MSecureSocket interface used by the SECURESOCKET.DLL to talk to |
|
103 * the protocol implementation. Note that it only implements Client-mode support |
|
104 * for the SSL v3.0 and TLS v1.0 protocols. |
|
105 * Server-mode operation is NOT supported. |
|
106 */ |
|
107 { |
|
108 public: |
|
109 IMPORT_C static MSecureSocket* NewL(RSocket& aSocket, const TDesC& aProtocol); |
|
110 IMPORT_C static MSecureSocket* NewL(MGenericSecureSocket& aSocket, const TDesC& aProtocol); |
|
111 |
|
112 IMPORT_C static void UnloadDll(TAny* /*aPtr*/); |
|
113 |
|
114 ~CTlsConnection(); |
|
115 |
|
116 // MSecureSocket interface |
|
117 virtual TInt AvailableCipherSuites(TDes8& aCiphers); |
|
118 virtual void CancelAll(); |
|
119 virtual void CancelHandshake(); |
|
120 virtual void CancelRecv(); |
|
121 virtual void CancelSend(); |
|
122 virtual const CX509Certificate* ClientCert(); |
|
123 virtual TClientCertMode ClientCertMode(); |
|
124 virtual void Close(); |
|
125 virtual TInt CurrentCipherSuite(TDes8& aCipherSuite); |
|
126 virtual TDialogMode DialogMode(); |
|
127 virtual void FlushSessionCache(); |
|
128 virtual TInt GetOpt(TUint aOptionName,TUint aOptionLevel,TDes8& aOption); |
|
129 virtual TInt GetOpt(TUint aOptionName,TUint aOptionLevel,TInt& aOption); |
|
130 virtual TInt Protocol(TDes& aProtocol); |
|
131 virtual void Recv(TDes8& aDesc, TRequestStatus & aStatus); |
|
132 virtual void RecvOneOrMore(TDes8& aDesc, TRequestStatus& aStatus, TSockXfrLength& aLen); |
|
133 virtual void RenegotiateHandshake(TRequestStatus& aStatus); |
|
134 virtual void Send(const TDesC8& aDesc, TRequestStatus& aStatus); |
|
135 virtual void Send(const TDesC8& aDesc, TRequestStatus& aStatus, TSockXfrLength& aLen); |
|
136 virtual const CX509Certificate* ServerCert(); |
|
137 virtual TInt SetAvailableCipherSuites(const TDesC8& aCiphers); |
|
138 virtual TInt SetClientCert(const CX509Certificate& aCert); |
|
139 virtual TInt SetClientCertMode(const TClientCertMode aClientCertMode); |
|
140 virtual TInt SetDialogMode(const TDialogMode aDialogMode); |
|
141 virtual TInt SetOpt(TUint aOptionName,TUint aOptionLevel, const TDesC8& aOption=KNullDesC8()); |
|
142 virtual TInt SetOpt(TUint aOptionName,TUint aOptionLevel,TInt aOption); |
|
143 virtual TInt SetProtocol(const TDesC& aProtocol); |
|
144 virtual TInt SetServerCert(const CX509Certificate& aCert); |
|
145 virtual void StartClientHandshake(TRequestStatus& aStatus); |
|
146 virtual void StartServerHandshake(TRequestStatus& aStatus); |
|
147 |
|
148 // MStateMachineNotify interface |
|
149 virtual TBool OnCompletion(CStateMachine* aStateMachine); |
|
150 |
|
151 // Internal functions (these 2 functions are only used by this class) |
|
152 void StartRenegotiation( TRequestStatus* aStatus ); |
|
153 void StartClientHandshakeStateMachine( TRequestStatus* aStatus ); |
|
154 |
|
155 void ResetCryptoAttributes(); |
|
156 |
|
157 //helper getter |
|
158 CTLSProvider& TlsProvider(); |
|
159 CTLSSession*& TlsSession(); |
|
160 CRecordParser& RecordParser() const; |
|
161 CRecordComposer& RecordComposer() const; |
|
162 CSendAppData* SendAppData() const; |
|
163 TBool SessionReUse() const; |
|
164 void GetServerAddrInfo( TTLSServerAddr& serverInfo ); |
|
165 |
|
166 // Retrieve or confirm the Connection states |
|
167 TBool IsHandshaking() const; |
|
168 TBool IsReNegotiating() const; |
|
169 TBool IsInDataMode() const; |
|
170 TBool IsIdle() const; |
|
171 |
|
172 // Methods from CActive |
|
173 void RunL(); |
|
174 void DoCancel(); |
|
175 |
|
176 protected: |
|
177 CTlsConnection(); |
|
178 void ConstructL(RSocket& aSocket, const TDesC& aProtocol); |
|
179 void ConstructL(MGenericSecureSocket& aSocket, const TDesC& aProtocol); |
|
180 void DeleteStateMachines(); |
|
181 void CancelAll(TInt aError); |
|
182 TBool SendData(const TDesC8& aDesc, TRequestStatus& aStatus); |
|
183 TBool RecvData(TDes8& aDesc, TRequestStatus& aStatus); |
|
184 |
|
185 TInt GetKeyingMaterial(TDes8& aKeyingMaterial); |
|
186 |
|
187 protected: |
|
188 CTLSProvider* iTlsProvider; //< TLS Provider interface |
|
189 CTLSSession* iTlsSession; //< TLS Session interface |
|
190 CRecordParser* iRecordParser; //< Record parser object |
|
191 CRecordComposer* iRecordComposer; //< Record composer object |
|
192 CHandshake* iHandshake; //< Handshake negotiation state machine |
|
193 CSendAppData* iSendAppData; //< Application data transmission state machine |
|
194 CRecvAppData* iRecvAppData; //< Application data reception state machine |
|
195 TDialogMode iDialogMode; //< Dialog settings |
|
196 |
|
197 //to keep the certificates given to client so that the client doesn't have to delete them |
|
198 //=> compatible behaviour with the old tls |
|
199 CX509Certificate* iClientCert; |
|
200 CX509Certificate* iServerCert; |
|
201 |
|
202 CGenericSecureSocket<RSocket>* iGenericSocket; |
|
203 }; |
|
204 |
|
205 |
|
206 // Inline functions |
|
207 |
|
208 /** |
|
209 * Returns a pointer to an Application data tx. state machine. |
|
210 */ |
|
211 inline CSendAppData* CTlsConnection::SendAppData() const |
|
212 { |
|
213 LOG(Log::Printf(_L("CTlsConnection::CSendAppData()"));) |
|
214 return iSendAppData; |
|
215 } |
|
216 |
|
217 /** |
|
218 * Returns a reference to a TlsProvider object. |
|
219 */ |
|
220 inline CTLSProvider& CTlsConnection::TlsProvider() |
|
221 { |
|
222 LOG(Log::Printf(_L("CTlsConnection::TlsProvider()"));) |
|
223 return *iTlsProvider; |
|
224 } |
|
225 |
|
226 /** |
|
227 * Returns a reference to a TlsSession object. |
|
228 */ |
|
229 inline CTLSSession*& CTlsConnection::TlsSession() |
|
230 { |
|
231 LOG(Log::Printf(_L("CTlsConnection::TlsSession()"));) |
|
232 return iTlsSession; |
|
233 } |
|
234 |
|
235 /** |
|
236 * Returns a reference to a Record parser object. |
|
237 */ |
|
238 inline CRecordParser& CTlsConnection::RecordParser() const |
|
239 { |
|
240 LOG(Log::Printf(_L("CTlsConnection::RecordParser()"));) |
|
241 return *iRecordParser; |
|
242 } |
|
243 |
|
244 /** |
|
245 * Returns a reference to a Record composer object. |
|
246 */ |
|
247 inline CRecordComposer& CTlsConnection::RecordComposer() const |
|
248 { |
|
249 LOG(Log::Printf(_L("CTlsConnection::RecordComposer()"));) |
|
250 return *iRecordComposer; |
|
251 } |
|
252 |
|
253 /** |
|
254 * Returns a Boolean value that indicates whether a connection is |
|
255 * handshaking. |
|
256 */ |
|
257 inline TBool CTlsConnection::IsHandshaking() const |
|
258 { |
|
259 LOG(Log::Printf(_L("CTlsConnection::IsHandshaking()"));) |
|
260 return iHandshake && !IsInDataMode(); |
|
261 } |
|
262 |
|
263 /** |
|
264 * Returns a Boolean value that indicates whether a connection is |
|
265 * renegotiating a handshake. |
|
266 */ |
|
267 inline TBool CTlsConnection::IsReNegotiating() const |
|
268 { |
|
269 LOG(Log::Printf(_L("CTlsConnection::IsReNegotiating()"));) |
|
270 return iHandshake && IsInDataMode(); |
|
271 } |
|
272 |
|
273 /** |
|
274 * Returns a Boolean value that indicates whether a connection is |
|
275 * in data mode (transmission or reception). |
|
276 */ |
|
277 inline TBool CTlsConnection::IsInDataMode() const |
|
278 { |
|
279 LOG(Log::Printf(_L("CTlsConnection::IsInDataMode()"));) |
|
280 return iSendAppData != 0; // iSendAppData and iRecvAppData always go together; |
|
281 } |
|
282 |
|
283 inline TBool CTlsConnection::SessionReUse() const |
|
284 { |
|
285 LOG(Log::Printf(_L("CTlsConnection::SessionReUse()"));) |
|
286 return ETrue; //used to return a value set in the FlushSessionChance |
|
287 //don't think this is a good idea PS |
|
288 } |
|
289 |
|
290 #endif |
|
291 |