Mercurial Mercurial > oss > FCL > sf > os > networkingsrv / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
networksecurity/tls/protocol/tlsconnection.h
changeset 0 af10295192d8 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/networksecurity/tls/protocol/tlsconnection.h	Tue Jan 26 15:23:49 2010 +0200
@@ -0,0 +1,291 @@
+// Copyright (c) 2003-2009 Nokia Corporation and/or its subsidiary(-ies).
+// All rights reserved.
+// This component and the accompanying materials are made available
+// under the terms of "Eclipse Public License v1.0"
+// which accompanies this distribution, and is available
+// at the URL "http://www.eclipse.org/legal/epl-v10.html".
+//
+// Initial Contributors:
+// Nokia Corporation - initial contribution.
+//
+// Contributors:
+//
+// Description:
+// SSL3.0 and TLS1.0 Connection header file.
+// Describes a secure (SSL3.0/TLS1.0) connection.
+// 
+//
+
+/**
+ @file
+*/
+
+#ifndef _TLSCONNECTION_H_
+#define _TLSCONNECTION_H_
+ 
+#include <securesocketinterface.h>
+#include <genericsecuresocket.h>
+#include <ssl.h>
+#include <tlsprovinterface.h> 
+#include <tlstypedef.h>
+#include <comms-infras/statemachine.h>
+#include "LOGFILE.H"
+
+//Tls protocol Panics
+enum TTlsPanic
+{
+	ETlsPanicClientHelloMsgNotSent = 0,
+	ETlsPanicHandshakeMsgAlreadyExists,
+	ETlsPanicChangeCipherMsgNotReceived,
+	ETlsPanicServerHelloMsgNotReceived,
+	ETlsPanicNullHandshakeMsg,
+	ETlsPanicNullServerCertificate,
+	ETlsPanicInvalidProcessState,
+	ETlsPanicInvalidTlsSession,
+	ETlsPanicNullTlsSession,
+	ETlsPanicTlsProviderNotReady,
+	ETlsPanicNoCA,
+	ETlsPanicNoDataToProcess,
+	ETlsPanicNoUserData,
+	ETlsPanicUserDataAlreadySet,
+	ETlsPanicNullPointerToHandshakeHeaderBuffer,
+	ETlsPanicNullPointerToHandshakeRecordParser,
+	ETlsPanicAppDataResumeButNotStarted,
+	ETlsPanicHelloRequestRecWhileInAppData,
+	ETlsPanicSignatureAlreadyExists,
+	ETlsPanicNullStateMachineHistory,
+	ETlsPanicNullStateMachine,
+	ETlsPanicInvalidStateMachine,
+	ETlsPanicStateMachineAlreadyExists,
+	ETlsPanicStateMachineStopped,
+	ETlsPanicInvalidStatus,
+	ETlsPanicAlertReceived,
+	ETlsPanicAlreadyActive,
+};
+
+// Declaration for global panic function for Tls protocol
+GLREF_C void TlsPanic(TTlsPanic aPanic);
+
+// Constant values
+const TInt KProtocolDescMinSize = 8;	//< Minimum size of the descriptor for the Protocol name
+
+/*
+In RFC2716 (PPP EAP TLS Authentication Protocol) section 3.5, label is defined as "client EAP encryption"
+
+In draft-josefsson-pppext-eap-tls-eap-02 (Protected EAP Protocol (PEAP)) section 2.8, label is
+defined as "client PEAP encryption". However, most of radius servers use "client EAP encryption" 
+as the constant keying string.
+
+In draft-ietf-pppext-eap-ttls-04 EAP Tunneled TLS Authentication Protocol (TTLS) section 7,
+label is defined as "ttls keying material".
+
+Following max size is sufficient to all those cases.
+*/
+const TInt KKeyingLabelMaxSize = 100;
+
+// TlsConnection supported protocols 
+_LIT( KProtocolVerSSL30, "SSL3.0" );	//< SSL 3.0 Protocol
+_LIT( KProtocolVerTLS10, "TLS1.0" );	//< TLS 1.0 Protocol
+
+
+// Forward Declarations
+class CRecordParser;
+class CRecordComposer;
+class CSendAlert;
+class CHandshake;
+class CSendAppData;
+class CRecvAppData;
+
+class CTlsConnection : public CActive, public MSecureSocket, public MStateMachineNotify
+/**
+  * A secure (SSL v3.0 or TLS vl.0) connection.
+  * Implements the MSecureSocket interface used by the SECURESOCKET.DLL to talk to 
+  * the protocol implementation. Note that it only implements Client-mode support
+  * for the SSL v3.0 and TLS v1.0 protocols.
+  * Server-mode operation is NOT supported. 
+  */
+{
+public:
+	IMPORT_C static MSecureSocket* NewL(RSocket& aSocket, const TDesC& aProtocol);
+	IMPORT_C static MSecureSocket* NewL(MGenericSecureSocket& aSocket, const TDesC& aProtocol);
+
+	IMPORT_C static void UnloadDll(TAny* /*aPtr*/);
+
+	 ~CTlsConnection();
+
+	// MSecureSocket interface
+	virtual TInt AvailableCipherSuites(TDes8& aCiphers);
+	virtual void CancelAll();
+	virtual void CancelHandshake();
+	virtual void CancelRecv();
+	virtual void CancelSend();
+	virtual const CX509Certificate* ClientCert();
+	virtual TClientCertMode ClientCertMode(); 
+	virtual void Close();
+	virtual TInt CurrentCipherSuite(TDes8& aCipherSuite);
+	virtual TDialogMode	DialogMode(); 
+	virtual void FlushSessionCache();
+	virtual TInt GetOpt(TUint aOptionName,TUint aOptionLevel,TDes8& aOption);
+	virtual TInt GetOpt(TUint aOptionName,TUint aOptionLevel,TInt& aOption);
+	virtual TInt Protocol(TDes& aProtocol);
+	virtual void Recv(TDes8& aDesc, TRequestStatus & aStatus);
+	virtual void RecvOneOrMore(TDes8& aDesc, TRequestStatus& aStatus, TSockXfrLength& aLen);
+	virtual void RenegotiateHandshake(TRequestStatus& aStatus);
+	virtual void Send(const TDesC8& aDesc, TRequestStatus& aStatus);
+	virtual void Send(const TDesC8& aDesc, TRequestStatus& aStatus, TSockXfrLength& aLen);
+	virtual const CX509Certificate* ServerCert();
+	virtual TInt SetAvailableCipherSuites(const TDesC8& aCiphers);
+	virtual TInt SetClientCert(const CX509Certificate& aCert);
+	virtual TInt SetClientCertMode(const TClientCertMode aClientCertMode);
+	virtual TInt SetDialogMode(const TDialogMode aDialogMode);
+	virtual TInt SetOpt(TUint aOptionName,TUint aOptionLevel, const TDesC8& aOption=KNullDesC8());
+	virtual TInt SetOpt(TUint aOptionName,TUint aOptionLevel,TInt aOption);
+	virtual TInt SetProtocol(const TDesC& aProtocol);
+	virtual TInt SetServerCert(const CX509Certificate& aCert);
+	virtual void StartClientHandshake(TRequestStatus& aStatus);
+	virtual void StartServerHandshake(TRequestStatus& aStatus);
+
+	// MStateMachineNotify interface
+	virtual TBool OnCompletion(CStateMachine* aStateMachine); 
+
+	// Internal functions (these 2 functions are only used by this class)
+	void StartRenegotiation( TRequestStatus* aStatus );
+	void StartClientHandshakeStateMachine( TRequestStatus* aStatus );
+
+   void ResetCryptoAttributes();
+
+   //helper getter
+	CTLSProvider&		TlsProvider();
+	CTLSSession*&		TlsSession();
+	CRecordParser&		RecordParser() const;
+	CRecordComposer&	RecordComposer() const;
+	CSendAppData*		SendAppData() const;
+	TBool				SessionReUse() const;
+   void GetServerAddrInfo( TTLSServerAddr& serverInfo );
+
+	// Retrieve or confirm the Connection states
+	TBool IsHandshaking() const;
+	TBool IsReNegotiating() const;
+	TBool IsInDataMode() const;
+	TBool IsIdle() const;
+
+	// Methods from CActive
+	void RunL();
+	void DoCancel();
+
+protected:
+	CTlsConnection(); 
+	void ConstructL(RSocket& aSocket, const TDesC& aProtocol);
+	void ConstructL(MGenericSecureSocket& aSocket, const TDesC& aProtocol);
+	void DeleteStateMachines();
+	void CancelAll(TInt aError);
+	TBool SendData(const TDesC8& aDesc, TRequestStatus& aStatus);
+	TBool RecvData(TDes8& aDesc, TRequestStatus& aStatus);
+
+	TInt GetKeyingMaterial(TDes8& aKeyingMaterial);
+
+protected:
+	CTLSProvider*		iTlsProvider;		//< TLS Provider interface 
+	CTLSSession*		iTlsSession;		//< TLS Session interface
+	CRecordParser*		iRecordParser;		//< Record parser object
+	CRecordComposer*	iRecordComposer;	//< Record composer object
+	CHandshake*			iHandshake;			//< Handshake negotiation state machine
+	CSendAppData*		iSendAppData;		//< Application data transmission state machine
+	CRecvAppData*		iRecvAppData;		//< Application data reception state machine
+	TDialogMode			iDialogMode;		//< Dialog settings
+
+   //to keep the certificates given to client so that the client doesn't have to delete them
+   //=> compatible behaviour with the old tls
+	CX509Certificate* iClientCert;
+	CX509Certificate* iServerCert;
+
+	CGenericSecureSocket<RSocket>* iGenericSocket;
+};
+
+
+// Inline functions
+
+/**
+ * Returns a pointer to an Application data tx. state machine.
+ */
+inline CSendAppData* CTlsConnection::SendAppData() const
+{
+	LOG(Log::Printf(_L("CTlsConnection::CSendAppData()"));)
+	return iSendAppData;
+}
+
+/**
+ * Returns a reference to a TlsProvider object.
+ */ 
+inline CTLSProvider& CTlsConnection::TlsProvider()
+{
+	LOG(Log::Printf(_L("CTlsConnection::TlsProvider()"));)
+	return *iTlsProvider;
+}
+
+/**
+ * Returns a reference to a TlsSession object.
+ */ 
+inline CTLSSession*& CTlsConnection::TlsSession()
+{
+	LOG(Log::Printf(_L("CTlsConnection::TlsSession()"));)
+	return iTlsSession;
+}
+
+/**
+ * Returns a reference to a Record parser object.
+ */
+inline CRecordParser& CTlsConnection::RecordParser() const
+{
+	LOG(Log::Printf(_L("CTlsConnection::RecordParser()"));)
+	return *iRecordParser;
+}
+
+/**
+ * Returns a reference to a Record composer object.
+ */
+inline CRecordComposer& CTlsConnection::RecordComposer() const
+{
+	LOG(Log::Printf(_L("CTlsConnection::RecordComposer()"));)
+	return *iRecordComposer;
+}
+
+/**
+ * Returns a Boolean value that indicates whether a connection is
+ * handshaking.
+ */
+inline TBool CTlsConnection::IsHandshaking() const
+{
+	LOG(Log::Printf(_L("CTlsConnection::IsHandshaking()"));)
+	return iHandshake && !IsInDataMode();
+}
+
+/**
+ * Returns a Boolean value that indicates whether a connection is
+ * renegotiating a handshake.
+ */
+inline TBool CTlsConnection::IsReNegotiating() const
+{
+	LOG(Log::Printf(_L("CTlsConnection::IsReNegotiating()"));)
+	return iHandshake && IsInDataMode();
+}
+
+/**
+ * Returns a Boolean value that indicates whether a connection is
+ * in data mode (transmission or reception).
+ */
+inline TBool CTlsConnection::IsInDataMode() const
+{
+	LOG(Log::Printf(_L("CTlsConnection::IsInDataMode()"));)
+	return iSendAppData != 0; // iSendAppData and iRecvAppData always go together;
+}
+
+inline TBool CTlsConnection::SessionReUse() const
+{
+	LOG(Log::Printf(_L("CTlsConnection::SessionReUse()"));)
+	return ETrue;	//used to return a value set in the FlushSessionChance 
+					//don't think this is a good idea PS
+}
+
+#endif
+
FCL/sf/os/networkingsrv