--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/networksecurity/tlsprovider/inc/tlstypedef.h Tue Jan 26 15:23:49 2010 +0200
@@ -0,0 +1,463 @@
+/**
+* Copyright (c) 2003-2009 Nokia Corporation and/or its subsidiary(-ies).
+* All rights reserved.
+* This component and the accompanying materials are made available
+* under the terms of "Eclipse Public License v1.0"
+* which accompanies this distribution, and is available
+* at the URL "http://www.eclipse.org/legal/epl-v10.html".
+*
+* Initial Contributors:
+* Nokia Corporation - initial contribution.
+*
+* Contributors:
+*
+* Description:
+* This file contains shared types and data structures between TLS protocol,Provider and Token
+*
+*
+*/
+
+
+
+/**
+ @file
+ @publishedPartner
+ @released
+*/
+
+#ifndef __TLSTYPEDEF_H__
+#define __TLSTYPEDEF_H__
+
+#include <e32std.h>
+#include <e32base.h>
+
+
+#include "pkixcertchain.h"
+#include <sslerr.h>
+
+#ifndef BULLSEYE_OFF
+#ifdef _BullseyeCoverage
+#define BULLSEYE_OFF "BullseyeCoverage save off";
+#define BULLSEYE_RESTORE "BullseyeCoverage restore";
+#else
+#define BULLSEYE_OFF
+#define BULLSEYE_RESTORE
+#endif
+#endif
+
+#define KTLSServerClientRandomLen 32
+#define KTLSMaxSessionIdLen 32
+
+
+/*ERROR CODES: The final list had to be drafted
+along with Protocol and token
+*/
+#define KTLSProviderErrBase -11100
+#define KErrYetToEnumerate KTLSProviderErrBase - 1
+#define KErrCannotObtainList KTLSProviderErrBase - 2
+#define KErrNoTokenTypes KTLSProviderErrBase - 3
+#define KErrNoTokensPresent KTLSProviderErrBase - 4
+#define KErrKeyGenerationFailed KTLSProviderErrBase - 5
+#define KErrCipherNotSupported KTLSProviderErrBase - 6
+#define KErrCannotOpenToken KTLSProviderErrBase - 7
+#define KErrNoCertsAvailable KTLSProviderErrBase - 8
+#define KErrCertValidationFailed KTLSProviderErrBase - 9
+#define KErrBadServerFinishedMsg KTLSProviderErrBase - 10
+#define KErrBadMAC KTLSProviderErrBase - 11
+
+//token error codes
+const TInt KTLSErrUnknownRequest = KTLSProviderErrBase - 12;
+const TInt KTLSErrBadSignAlg = KTLSProviderErrBase - 13;
+const TInt KTLSErrBadKeyExchAlg = KTLSProviderErrBase - 14;
+const TInt KTLSErrBadProtocolVersion = KTLSProviderErrBase - 15;
+const TInt KTLSErrBadCipherSuite = KTLSProviderErrBase - 16;
+const TInt KTLSErrCacheEntryInUse = KTLSProviderErrBase - 17;
+const TInt KTLSErrNotCached = KTLSProviderErrBase - 18;
+const TInt KTLSErrNotInitialized = KTLSProviderErrBase - 19;
+const TInt KTLSErrBadArgument = KTLSProviderErrBase - 20;
+
+
+/**
+ * @publishedPartner
+ * @released
+ */
+typedef TBuf8<KTLSMaxSessionIdLen> TTLSSessionId;
+
+
+/**
+ * @publishedPartner
+ * @released
+ */
+enum TTLSKeyExchangeAlgorithm { ENullKeyEx, ERsa, EDiffieHellman, EDHE, EDHanon, ECDH, EPsk, EDhePsk, ERsaPsk };
+/**
+ * @publishedPartner
+ * @released
+ */
+enum TTLSSignatureAlgorithm { EAnonymous, ERsaSigAlg, EDsa, ECDsa, EPskSigAlg };
+/**
+ * @publishedPartner
+ * @released
+ */
+enum TTLSBulkCipherAlgorithm { ENullSymCiph, ERc4, ERc2, EDes, E3Des, EDes40, EIdea, EAes };
+/**
+ * @publishedPartner
+ * @released
+ */
+enum TTLSMACAlgorithm { ENullMac, EMd5, ESha };
+/**
+ * @publishedPartner
+ * @released
+ */
+enum TTLSCipherType { EStream, EBlock };
+/**
+ * @publishedPartner
+ * @released
+ */
+enum TTLSCompressionMethod { ENullCompression };
+
+class CSubjectPublicKeyInfo;
+class CMessageDigest;
+class TTLSCipherSuiteMapping;
+
+/**
+This class belongs to Cipher Suite Types.This follows the convention of cipher suites identification from RFC2246 - compare A.5
+@publishedPartner
+@released
+*/
+class TTLSCipherSuite
+ {
+public:
+ TBool operator==(TTLSCipherSuite aInput) const
+ {
+ return((iHiByte == aInput.iHiByte) && (iLoByte == aInput.iLoByte) );
+ }
+
+ inline const TTLSCipherSuiteMapping* CipherDetails() const;
+
+public:
+ TUint8 iHiByte;
+ TUint8 iLoByte;
+
+// This makes this class big enough to be in a RArray, note that
+// adding 2 TUint8 does not make the class big enough yet!
+ TInt iAlign;
+ };
+
+/**
+The TMasterSecretInput class is used for passing information necessary for the
+generation of a master secret
+@publishedPartner
+@released
+*/
+class TTLSMasterSecretInput
+ {
+public:
+ TBuf8<KTLSServerClientRandomLen> iServerRandom;
+ TBuf8<KTLSServerClientRandomLen> iClientRandom;
+ };
+
+/**
+This component provides with the data which are used to create the private keys.new type with
+flag: ERsa or EDHE (or EDiffieHellman) then value1, value2, value3 of which 1,2 are rsa_modulus,
+rsa_exponent in RSA case,or 1,2,3 are dh_p, dh_g, dh_Ys in DH case.
+If using PSK key exchange, args 4 and 5 are the psk identity and psk value
+@publishedPartner
+@released
+*/
+class CTLSPublicKeyParams : public CBase
+ {
+public:
+ TTLSKeyExchangeAlgorithm iKeyType;
+ HBufC8* iValue1; /// rsa_modulus or dh_p
+ HBufC8* iValue2; /// rsa_exponent or dh_g
+ HBufC8* iValue3; /// - or dh_Ys
+ HBufC8* iValue4; /// 0 or PSK identity
+ HBufC8* iValue5; /// 0 or PSK key
+public:
+ virtual ~CTLSPublicKeyParams();
+
+ };
+/**
+This class is used for server identification. Its definition conforms with the definition of the 'Peers' Data Object structure
+@publishedPartner
+@released
+*/
+class TTLSServerAddr
+ {
+public:
+ TUint16 iPort;
+ TBuf8<18> iAddress;
+ };
+
+/**
+Provide a description of session and ID what this does (and where it's used).
+@publishedPartner
+@released
+@see Rename TTLSSessionNameAndID to TTlsServerNameAndID
+*/
+class TTLSSessionNameAndID
+ {
+public:
+ TTLSSessionId iSessionId;
+ TTLSServerAddr iServerName;
+ };
+
+/**
+This class specifies the SSL or TLS protocol version.
+@publishedPartner
+@released
+*/
+class TTLSProtocolVersion
+ {
+public:
+
+ TBool operator==(const TTLSProtocolVersion aInput) const
+ {
+ return((iMajor == aInput.iMajor) && (iMinor == aInput.iMinor) );
+ }
+
+ TBool operator!=( const TTLSProtocolVersion aInput) const
+ {
+ return((iMajor != aInput.iMajor) && (iMinor != aInput.iMinor) );
+ }
+
+public:
+ TUint8 iMajor;
+ TUint8 iMinor;
+
+// This makes this class big enough to be in a RArray, note that
+// adding 2 TUint8 does not make the class big enough yet!
+ TInt iAlign;
+ };
+
+/**
+The TSessionData class is used for passing session specific data between cryptographic tokens and the TLS provider interface.
+@publishedPartner
+@released
+*/
+class TTLSSessionData
+ {
+public:
+ TTLSSessionId iSessionId;
+ TTLSCipherSuite iCipherSuite;
+ TTLSProtocolVersion iProtocolVersion;
+ TTLSCompressionMethod iCompressionMethod;
+ TBool iServerAuthenticated;
+ TBool iClientAuthenticated;
+
+ TTLSMACAlgorithm iMacAlgorithm;
+ TTLSBulkCipherAlgorithm iBulkCipherAlgorithm;
+ TBool iResumable;
+ };
+
+const TTLSProtocolVersion KTLS1_0 = {3,1};
+const TTLSProtocolVersion KSSL3_0 = {3,0};
+
+/**
+used re-map cipher suite identifiers specified by the TTLSCipherSuite type object into
+concrete cryptographic algorithms and associated parameters. In order to define this
+re-mapping the following class is specified:
+@publishedPartner
+@released
+*/
+class TTLSCipherSuiteMapping
+ {
+public:
+ TTLSCipherSuite iCipherSuite;
+ TTLSKeyExchangeAlgorithm iKeyExAlg;
+ TTLSSignatureAlgorithm iSigAlg;
+ TTLSBulkCipherAlgorithm iBulkCiphAlg;
+ TTLSMACAlgorithm iMacAlg;
+ TTLSCipherType iCipherType;
+ TBool iIsExportable;
+ TUint iHashSize;
+ TUint iKeyMaterial;
+ TUint iIVSize;
+ TUint iPriority;
+ TBool iSupported;
+ TUint iExpKeySize;
+ };
+
+// Ciphersuites 0,0 to 0,0x1b + 0,0x2f + 0,0x35 + 0,0x8a to 0,0x95
+#define TLS_CIPHER_SUITES_NUMBER (0x1c + 2 + 12)
+
+/**
+ Cipher priority. This determines the order in which
+ the ciphers are sent. Numerically lower priorities
+ are listed first.
+ */
+#define pri2(hi,lo) ((hi << 16) | lo)
+/**
+ Cipher priority. This only takes the high
+ halfword, leaving the low halfword available
+ for inserting new ciphers later.
+ */
+#define pri(hi) pri2(hi,0x0000)
+/**
+ Unsupported cipher priority. This is numerically greater
+ than any supported priority, although that is academic because
+ it will not be listed by CTlsProviderImpl::ReturnCipherListL.
+
+ @see CTlsProviderImpl::ReturnCipherListL
+ */
+#define pri_unsupp pri(0x2000)
+/**
+ Supported priority. This should numerically greater
+ than any priority directly specified with the pri macro,
+ but less than any unsupported priority. The effect is
+ to list supported but unprioritised ciphers last.
+
+ To simplify checking the returned cipher suites, these
+ ciphers must also be ordered.
+ */
+#define pri_supp_last(lo) pri2(0x1000,lo)
+
+// If CSecureSocket::SetAvailableCipherSuites is used to specify an ordered list
+// of ciphersuites to offer to the server in the ClientHelllo, then that list will be used
+// (after filtering out any which are not supported by a tls token).
+//
+// If CSecureSocket::SetAvailableCipherSuites is not called, the following table will be
+// used to construct an ordered list to use.
+//
+// Only ciphersuties marked as supported and allowed by the security setting (weak/strong)
+// will be used.
+//
+// The ciphersuites will be sorted by the pri column (lower value means higher priority).
+// The order is intended to be most secure first. Ciphersuites which use PSK are
+// considered to be slightly more secure (because they also offer client authentication)
+// than the similar non-PSK ciphersuites.
+const TTLSCipherSuiteMapping KSetOfTLSCipherSuites[TLS_CIPHER_SUITES_NUMBER] =
+/**
+ Available cipher suites. View this table with TAB=4.
+ */
+ {
+ // id, iKeyExAlg iSigAlg, iBulkCiphAlg iMacAlg iCipherType, iIsExp, hshsz, keymat, iVSz, pri, iSupported, iEKeySize
+ //TLS_NULL_WITH_NULL_NULL
+ {{0,0}, ENullKeyEx, EAnonymous, ENullSymCiph, ENullMac, EStream, EFalse, 0, 0, 0, pri_unsupp, EFalse, 0},
+ //TLS_RSA_WITH_NULL_MD5
+ {{0,1}, ERsa, ERsaSigAlg, ENullSymCiph, EMd5, EStream, ETrue, 16, 0, 0, pri(210), ETrue, 0},
+ //TLS_RSA_WITH_NULL_SHA
+ {{0,2}, ERsa, ERsaSigAlg, ENullSymCiph, ESha, EStream, ETrue, 20, 0, 0, pri(200), ETrue, 0},
+ //TLS_RSA_EXPORT_WITH_RC4_40_MD5
+ {{0,3}, ERsa, ERsaSigAlg, ERc4, EMd5, EStream, ETrue, 16, 5, 0, pri(110), ETrue, 16},
+
+ // id, iKeyExAlg iSigAlg, iBulkCiphAlg iMacAlg iCipherType,iIsExp, hshsz, keymat, iVSz, pri, iSupported
+ //TLS_RSA_WITH_RC4_128_MD5
+ {{0,4}, ERsa, ERsaSigAlg, ERc4, EMd5, EStream, EFalse, 16, 16, 0, pri(70), ETrue, 16},
+ //TLS_RSA_WITH_RC4_128_SHA
+ {{0,5}, ERsa, ERsaSigAlg, ERc4, ESha, EStream, EFalse, 20, 16, 0, pri(60), ETrue, 16},
+ //TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
+ {{0,6}, ERsa, ERsaSigAlg, ERc2, EMd5, EBlock, ETrue, 16, 5, 8, pri_unsupp, EFalse, 16},
+ //TLS_RSA_WITH_IDEA_CBC_SHA
+ {{0,7}, ERsa, ERsaSigAlg, EIdea, ESha, EBlock, EFalse, 20, 16, 8, pri_unsupp, EFalse, 16},
+
+ // id, iKeyExAlg iSigAlg, iBulkCiphAlg iMacAlg iCipherType,iIsExp, hshsz, keymat, iVSz, pri, iSupported
+ //TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
+ {{0,8}, ERsa, ERsaSigAlg, EDes40, ESha, EBlock, ETrue, 20, 5, 8, pri(100), ETrue, 8},
+ //TLS_RSA_WITH_DES_CBC_SHA
+ {{0,9}, ERsa, ERsaSigAlg, EDes, ESha, EBlock, EFalse, 20, 8, 8, pri(80), ETrue, 8},
+ //TLS_RSA_WITH_3DES_EDE_CBC_SHA
+ {{0,0xA},ERsa, ERsaSigAlg, E3Des, ESha, EBlock, EFalse, 20, 24, 8, pri(30), ETrue, 24},
+ //TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA
+ {{0,0xB}, EDiffieHellman, EDsa, EDes40, ESha, EBlock, ETrue, 20, 5, 8, pri_unsupp, EFalse, 8},
+
+ // id, iKeyExAlg iSigAlg, iBulkCiphAlg iMacAlg iCipherType,iIsExp, hshsz, keymat, iVSz, pri, iSupported
+ //TLS_DH_DSS_WITH_DES_CBC_SHA
+ {{0,0xC}, EDiffieHellman, EDsa, EDes, ESha, EBlock, EFalse, 20, 8, 8, pri_unsupp, EFalse, 8},
+ //TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA
+ {{0,0xD}, EDiffieHellman, EDsa, E3Des, ESha, EBlock, EFalse, 20, 24, 8, pri_unsupp, EFalse, 24},
+ //TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA
+ {{0,0xE}, EDiffieHellman, ERsaSigAlg, EDes40, ESha, EBlock, ETrue, 20, 5, 8, pri_unsupp, EFalse, 8},
+ //TLS_DH_RSA_WITH_DES_CBC_SHA
+ {{0,0xF}, EDiffieHellman, ERsaSigAlg, EDes, ESha, EBlock, EFalse, 20, 8, 8, pri_unsupp, EFalse, 8},
+
+ // id, iKeyExAlg iSigAlg, iBulkCiphAlg iMacAlg iCipherType,iIsExp, hshsz, keymat, iVSz, pri, iSupported
+ //TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA
+ {{0,0x10}, EDiffieHellman, ERsaSigAlg, E3Des, ESha, EBlock, EFalse, 20, 24, 8, pri_unsupp, EFalse, 24},
+ //TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
+ {{0,0x11}, EDHE, EDsa, EDes40, ESha, EBlock, ETrue, 20, 5, 8, pri(120), ETrue, 8},
+ //TLS_DHE_DSS_WITH_DES_CBC_SHA
+ {{0,0x12}, EDHE, EDsa, EDes, ESha, EBlock, EFalse, 20, 8, 8, pri(90), ETrue, 8},
+ //TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
+ {{0,0x13}, EDHE, EDsa, E3Des, ESha, EBlock, EFalse, 20, 24, 8, pri(50), ETrue, 24},
+
+ // id, iKeyExAlg iSigAlg, iBulkCiphAlg iMacAlg iCipherType,iIsExp, hshsz, keymat, iVSz, pri, iSupported
+ //TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
+ {{0,0x14}, EDHE, ERsaSigAlg, EDes40, ESha, EBlock, ETrue, 20, 5, 8, pri(130), ETrue, 8},
+ //TLS_DHE_RSA_WITH_DES_CBC_SHA
+ {{0,0x15}, EDHE, ERsaSigAlg, EDes, ESha, EBlock, EFalse, 20, 8, 8, pri_unsupp, EFalse, 8},
+ //TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
+ {{0,0x16}, EDHE, ERsaSigAlg, E3Des, ESha, EBlock, EFalse, 20, 24, 8, pri(40), ETrue, 24},
+ //TLS_DH_anon_EXPORT_WITH_RC4_40_MD5
+ {{0,0x17}, EDHanon, EAnonymous, ERc4, EMd5, EStream, ETrue, 16, 5, 0, pri_unsupp, EFalse, 16},
+
+ // id, iKeyExAlg iSigAlg, iBulkCiphAlg iMacAlg iCipherType,iIsExp, hshsz, keymat, iVSz, pri, iSupported
+ //TLS_DH_anon_WITH_RC4_128_MD5
+ {{0,0x18}, EDHanon, EAnonymous, ERc4, EMd5, EStream, EFalse, 16, 16, 0, pri_unsupp, EFalse, 16},
+ //TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA
+ {{0,0x19}, EDHanon, EAnonymous, EDes40, ESha, EBlock, EFalse, 20, 5, 8, pri(140), ETrue, 8},
+ //TLS_DH_anon_WITH_DES_CBC_SHA
+ {{0,0x1A}, EDHanon, EAnonymous, EDes, ESha, EBlock, EFalse, 20, 8, 8, pri_unsupp, EFalse, 8},
+ //TLS_DH_anon_WITH_3DES_EDE_CBC_SHA
+ {{0,0x1B}, EDHanon, EAnonymous, E3Des, ESha, EBlock, EFalse, 20, 24, 8, pri_unsupp, EFalse, 24},
+
+ // id, iKeyExAlg iSigAlg, iBulkCiphAlg iMacAlg iCipherType,iIsExp, hshsz, keymat, iVSz, pri, iSupported
+ //TLS_RSA_WITH_AES_128_CBC_SHA
+ {{0,0x2F}, ERsa, ERsaSigAlg, EAes, ESha, EBlock, EFalse, 20, 16, 16, pri(20), ETrue, 16},
+ //TLS_RSA_WITH_AES_256_CBC_SHA
+ {{0,0x35}, ERsa, ERsaSigAlg, EAes, ESha, EBlock, EFalse, 20, 32, 16, pri(10), ETrue, 32},
+
+ // id, iKeyExAlg iSigAlg, iBulkCiphAlg iMacAlg iCipherType, iIsExp, hshsz, keymat, iVSz, pri, iSupported
+ // TLS_PSK_WITH_RC4_128_SHA
+ {{0,0x8a}, EPsk, EPskSigAlg, ERc4, ESha, EStream, EFalse, 20, 16, 0, pri(59), ETrue, 16},
+ // TLS_PSK_WITH_3DES_EDE_CBC_SHA
+ {{0,0x8b}, EPsk, EPskSigAlg, E3Des, ESha, EBlock, EFalse, 20, 24, 8, pri(29), ETrue, 24},
+ // TLS_PSK_WITH_AES_128_CBC_SHA
+ {{0,0x8c}, EPsk, EPskSigAlg, EAes, ESha, EBlock, EFalse, 20, 16, 16, pri(19), ETrue, 16},
+ // TLS_PSK_WITH_AES_256_CBC_SHA
+ {{0,0x8d}, EPsk, EPskSigAlg, EAes, ESha, EBlock, EFalse, 20, 32, 16, pri(9), ETrue, 32},
+
+ // id, iKeyExAlg iSigAlg, iBulkCiphAlg iMacAlg iCipherType, iIsExp, hshsz, keymat, iVSz, pri, iSupported
+ // TLS_DHE_PSK_WITH_RC4_128_SHA
+ {{0,0x8e}, EDhePsk, EPskSigAlg, ERc4, ESha, EStream, EFalse, 20, 16, 0, pri(58), EFalse, 16},
+ // TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
+ {{0,0x8f}, EDhePsk, EPskSigAlg, E3Des, ESha, EBlock, EFalse, 20, 24, 8, pri(28), EFalse, 24},
+ // TLS_DHE_PSK_WITH_AES_128_CBC_SHA
+ {{0,0x90}, EDhePsk, EPskSigAlg, EAes, ESha, EBlock, EFalse, 20, 16, 16, pri(18), EFalse, 16},
+ // TLS_DHE_PSK_WITH_AES_256_CBC_SHA
+ {{0,0x91}, EDhePsk, EPskSigAlg, EAes, ESha, EBlock, EFalse, 20, 32, 16, pri(8), EFalse, 32},
+
+ // id, iKeyExAlg iSigAlg, iBulkCiphAlg iMacAlg iCipherType, iIsExp, hshsz, keymat, iVSz, pri, iSupported
+ // TLS_RSA_PSK_WITH_RC4_128_SHA
+ {{0,0x92}, ERsaPsk, EPskSigAlg, ERc4, ESha, EStream, EFalse, 20, 16, 0, pri(57), EFalse, 16},
+ // TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
+ {{0,0x93}, ERsaPsk, EPskSigAlg, E3Des, ESha, EBlock, EFalse, 20, 24, 8, pri(27), EFalse, 24},
+ // TLS_RSA_PSK_WITH_AES_128_CBC_SHA
+ {{0,0x94}, ERsaPsk, EPskSigAlg, EAes, ESha, EBlock, EFalse, 20, 16, 16, pri(17), EFalse, 16},
+ // TLS_RSA_PSK_WITH_AES_256_CBC_SHA
+ {{0,0x95}, ERsaPsk, EPskSigAlg, EAes, ESha, EBlock, EFalse, 20, 32, 16, pri(7), EFalse, 32}
+ };
+
+
+
+
+inline const TTLSCipherSuiteMapping* TTLSCipherSuite::CipherDetails() const
+ {
+ TInt cipherIndex = 0;
+
+ while(cipherIndex < TLS_CIPHER_SUITES_NUMBER) //For every cipher defined
+ {
+ if((KSetOfTLSCipherSuites[cipherIndex].iCipherSuite) == *this)
+ {
+ return(&KSetOfTLSCipherSuites[cipherIndex]);
+ }
+ cipherIndex++;
+ }
+ return NULL;
+ }
+
+#ifndef SYMBIAN_ENABLE_SPLIT_HEADERS
+#include <tlstypedef_internal.h>
+#endif
+
+#endif //__TLSTYPEDEF_H__