1 // Copyright (c) 2003-2009 Nokia Corporation and/or its subsidiary(-ies).

     2 // All rights reserved.

     3 // This component and the accompanying materials are made available

     4 // under the terms of "Eclipse Public License v1.0"

     5 // which accompanies this distribution, and is available

     6 // at the URL "http://www.eclipse.org/legal/epl-v10.html".

     7 //

     8 // Initial Contributors:

     9 // Nokia Corporation - initial contribution.

    10 //

    11 // Contributors:

    12 //

    13 // Description:

    14 // This file contains types shared between TLS protocol module and

    15 // Security's component: TLS Provider. 

    16 // 

    17 //

    18 

    19 /**

    20  @file 

    21  @internalTechnology

    22 */

    23 

    24 #ifndef __TLSPROVIDER_H__

    25 #define __TLSPROVIDER_H__

    26 

    27 

    28 #include <e32std.h>

    29 #include <e32base.h>

    30 

    31 #include "3des.h"

    32 #include "rijndael.h"

    33 #include "cbcmode.h"

    34 #include "padding.h"

    35 #include "blocktransformation.h"

    36 #include "bufferedtransformation.h"

    37 #include "arc4.h"

    38 #include "ct.h"

    39 #include "pkixcertchain.h"

    40 #include "x509keys.h"

    41 #include <random.h>

    42 #include <hash.h>

    43 

    44 #include "tlstypedef.h"

    45 #include "tlsprovtokeninterfaces.h"

    46 #include "tlsprovider_log.h"

    47 #include "CTlsEncrypt.h"

    48 #include "Ctlsclntauthenticate.h"

    49 #include "Ctlsbrowsetoken.h"

    50 

    51 #include <ct/rmpointerarray.h>

    52 #include <mctkeystore.h>

    53 #include "cctcertinfo.h"

    54 #include "tlscacheclient.h"

    55 

    56 #include "Tlsprovinterface.h"

    57 

    58 #ifdef _USESECDLGSV_

    59 #include "SECDLGCL.H"

    60 #else

    61 #include "secdlg.h"

    62 #endif

    63 

    64 #ifdef SYMBIAN_ENABLE_SPLIT_HEADERS

    65 #include <tlstypedef_internal.h>

    66 #include <tlsprovtokeninterfaces_internal.h>

    67 #endif

    68 

    69 const TInt KUidUnicodeSSLProtocolModule = 0x1000183d;  //INCLUDE SSL.H

    70 

    71 

    72 class TCTTokenHandle;

    73 class CPKIXCertChain;

    74 class CX509Certificate;

    75 class CPKIXValidationResult;

    76 class CSymmetricCipher;

    77 

    78 class CMessageDigest;

    79 class CTlsEncrypt;

    80 

    81 

    82 //

    83 //  CTlsSessionImpl

    84 //

    85 

    86 class MTLSSession;

    87 

    88 

    89 class CTlsSessionImpl : public CActive

    90 	{

    91 public:

    92 	static CTlsSessionImpl* NewL(

    93 		MTLSSession* aSessionInterface,

    94 		CCTCertInfo* aSelectedCertInfo,

    95 		CCTKeyInfo* aSelectedKeyInfo,

    96 		RPointerArray<CCertificate>* aStoredIntermediatesCACertificates);

    97 	

    98 

    99 	void ConstructL(		

   100 		CTlsCryptoAttributes* aTlsCryptoAttributes, 

   101 		HBufC8*  aEncodedServerCerts,					

   102 		TRequestStatus& aStatus);

   103 

   104 	void ConstructResumedL(

   105 		CTlsCryptoAttributes* aTlsCryptoAttributes,		

   106 		TRequestStatus& aStatus);

   107 

   108 	void ClientKeyExchange(		

   109 		HBufC8*& aClientKeyExch,			

   110 		TRequestStatus& aStatus);

   111 

   112 	void ClientCertificate(

   113 		HBufC8*& aEncodedClientCert,

   114 		TRequestStatus& aStatus);

   115 

   116 

   117 	void ClientCertificate(

   118 		CX509Certificate*& aX509ClientCert,

   119 		TRequestStatus& aStatus);

   120 

   121 	void ClientCertificate(

   122 		RPointerArray<HBufC8>* aClientCertArray,

   123 		TRequestStatus& aStatus);

   124 

   125 

   126 	void ServerCertificate(

   127 		CX509Certificate*& aX509ServerCert,

   128 		TRequestStatus& aStatus);

   129 

   130 	void CertificateVerifySignatureL(

   131 		CMessageDigest* aMd5DigestInput,

   132 		CMessageDigest* aShaDigestInput,

   133 		HBufC8*& aOutput, 

   134 		TRequestStatus& aStatus);

   135 

   136 	void ClientFinishedMsgL(		

   137 		CMessageDigest* aMd5DigestInput,

   138 		CMessageDigest* aShaDigestInput,

   139 		HBufC8*& aOutput, 

   140 		TRequestStatus& aStatus);

   141 

   142 

   143 	void VerifyServerFinishedMsgL(	

   144 		CMessageDigest* aMd5DigestInput,

   145 		CMessageDigest* aShaDigestInput,	

   146 		const TDesC8& aActualFinishedMsg,  

   147 		TRequestStatus& aStatus);

   148 

   149 

   150 	TInt EncryptL(

   151 		const TDesC8& aInput,

   152 		HBufC8*& aOutput,

   153         TInt64& aSeqNumber,

   154 		TRecordProtocol& aType);

   155 	

   156 

   157 	TInt DecryptAndVerifyL(

   158 		const TDesC8& aInput,

   159 		HBufC8*& aOutput,

   160 		TInt64& aSeqNumber,

   161 		TRecordProtocol& aType);

   162 

   163 	TInt KeyDerivation(

   164 		const TDesC8& aLabel, 

   165 		const TTLSMasterSecretInput& aMasterSecretInput, 

   166 		TDes8& aKeyingMaterial);

   167 

   168 	CTlsCryptoAttributes* Attributes() ;

   169 

   170 		

   171 	void CancelRequest();

   172 	

   173 	~CTlsSessionImpl();

   174 private:

   175 

   176 	enum TStateLists {  ENullState,EConstruct, EGetClientCerificate,EGetClientKeyExchange,

   177 						EGetServerCertificate,EKeyGeneration,EClientFinishedMsg,

   178 						EVerifyServerFinishedMsg,EComputeDigitalSignature,

   179 						EConnectionEstablished,EGetClientCerificateX509,ECertificateVerifyMsg,EReturnCert,EGetClientCertificateArray};

   180 

   181 	TTLSMasterSecretInput iMasterSecretInput;

   182 	TTLSProtocolVersion iProtocolVersion;

   183 	TTLSCipherSuite  iCipherSuiteId;

   184 	

   185 

   186 	

   187 	//Helper variables

   188 	TStateLists iOriginalState;

   189 	TStateLists iCurrentState;

   190 	TStateLists iNextState;	

   191 	TInt iServerMsgVerified;

   192 	TInt iAttribute;

   193 	

   194 	RFs iFs;

   195 	

   196 	//Data containers

   197 	HBufC8* iKeyMaterial;

   198 	HBufC8* iEncodedServerCerts;

   199 	HBufC8* iEncodedClientCert;

   200 	HBufC8** iEncodedClientCertHldrPtr;

   201 	

   202 	HBufC8** iComputeDigitalSig;

   203 	HBufC8* iTempHolder;

   204 	HBufC8* iServerCert_rv;

   205 	HBufC8* iServerFinished; 

   206 	HBufC8* iActualFinishedMsg; //Should move it to a comming pointer variable

   207 	

   208 		

   209 	//Caller values

   210 	TRequestStatus* iOriginalRequestStatus;

   211 	CX509Certificate** iClientCertX509;

   212 	CX509Certificate** iX509ServerCert;

   213 	HBufC8** iClientKeyExch;

   214 

   215 	//Handles

   216 	MTLSSession* iSessionInterface;

   217 	CTlsCryptoAttributes* iTlsCryptoAttributes;

   218 	CUnifiedCertStore* iPtrUnifiedCertStore;

   219 	CCTCertInfo* iSelectedCertInfo;

   220 	CCTKeyInfo* iSelectedKeyInfo;

   221 	CTlsEncrypt* iEncrypt;

   222 	TBool iAbbrievatedHandshake;

   223 	

   224 	TPtr8 iTempPtr;

   225 

   226  	RPointerArray<CCertificate>* iStoredIntermediatesCACertificates;

   227 

   228  	TBool iConstructionComplete;

   229 	RPointerArray<HBufC8>* iClientCertArray;

   230 

   231 private:

   232 	CTlsSessionImpl();

   233 

   234 	//Active

   235 	void DoCancel();

   236 	void RunL();

   237 	TInt RunError(TInt aError);

   238 	

   239 	void GetX509CertL(HBufC8*& aEncodedCert,CX509Certificate*& aOutputX509);

   240 	void GenerateFinishedMessageL(CMessageDigest* aMd5DigestInput,

   241 										  CMessageDigest* aShaDigestInput,

   242 										  HBufC8*& aOutput,

   243 										  TBool aIsServer);

   244 	void GenerateKeysL();

   245 

   246 	void BuildClientIntermediateCertChainL(RPointerArray<CCertificate> &aCertChain,

   247 										   const CX509Certificate* aClientCert) const;

   248 										   

   249 	TBool MatchRequestedIssuerDN(const CCertificate* aCert) const;

   250 

   251 };

   252 

   253 

   254 

   255 //

   256 //  CTlsProviderImpl

   257 //

   258 

   259 class MTLSTokenProvider;

   260 

   261 

   262 class CTokenTypesAndTokens : public CBase

   263 	{

   264 public:

   265 	MTLSTokenProvider* iProviderInterface; 

   266 	CTokenInfo* iTokenInfo;

   267 	TInt iTotalTokenCount;

   268 	TBool iSoftwareToken;	

   269 public:

   270 	void Release();

   271 	~CTokenTypesAndTokens();

   272 	};

   273 

   274 class TSessiondata 

   275 	{

   276 public:

   277 	TTLSSessionId	iSessionId;

   278 	MTLSTokenProvider* iProviderInterface; 

   279 	};

   280 

   281 

   282 const TUid UidProv = { KInterfaceTLSTokenProvider };

   283 const TUid UidSess = { KInterfaceTLSSession };

   284 

   285 class CTlsProviderImpl : public CActive

   286 	{

   287 public:

   288 	static CTlsProviderImpl* ConnectL();

   289 

   290 	

   291 	void CreateL( 

   292 		CTLSSession*& aTlsSession,		

   293 		TRequestStatus& aStatus);

   294 		

   295 

   296 	void CipherSuitesL(

   297 		RArray<TTLSCipherSuite>& aUserCipherSuiteList, 

   298 		TRequestStatus& aStatus);

   299 

   300 

   301 	void VerifyServerCertificate(

   302 		const TDesC8& aEncodedServerCerts, 

   303 		CX509Certificate*& aServerCert,		  			

   304 		TRequestStatus& aStatus);

   305 

   306 

   307 	TBool VerifySignatureL(

   308 		const CSubjectPublicKeyInfo& aServerPublicKey, 

   309 		const TDesC8& aDigest, 

   310 		const TDesC8& aSig);

   311 

   312 

   313 	void GenerateRandom(TDes8& aBuffer);

   314 

   315 

   316 	void GetSessionL(	

   317 		TTLSServerAddr& aServerName,

   318 		TTLSSessionId& aSessionId,

   319 		TRequestStatus& aStatus) ;

   320 

   321 

   322 	void ClearSessionCacheL(

   323 		TTLSSessionNameAndID& aServerNameAndId, 		

   324 		TRequestStatus& aStatus);

   325 

   326 	CTlsCryptoAttributes* Attributes();

   327 

   328 	CTlsSessionImpl* TlsSessionPtr();

   329 	

   330 	

   331 	void CancelRequest();

   332 

   333 	MCTToken* GetTokenHandle();

   334 

   335 	//Constructor and Destructor

   336 	CTlsProviderImpl();

   337 	~CTlsProviderImpl();

   338 	

   339 private:

   340 

   341 	enum TStateLists {	ENullState,ECreate,EGetCiphers,EValidateCertificate,

   342 						EClearSessionCache,EOpenToken,EGetSession,EGetSessionInterface,

   343 						EStartSession,EGetKeyAndSignExAlgrthm,EConstructResumed,

   344 						EConstruct,EClientAuthenticate,EBrowseTokens,EQueryCache,EUserDialog,ENextOrEnd};

   345 

   346 	

   347 	//Data containers

   348 	RArray<CTokenTypesAndTokens> iListAllTokensAndTypes;

   349 	HBufC8* iEncodedServerCerts;

   350 	TSessiondata iSessionData;

   351 

   352 

   353 	//Helper variables	

   354 	TStateLists iOriginalState;

   355 	TStateLists iCurrentState;	

   356 	TStateLists iNextState;	

   357 

   358 	//Flags

   359 	TBool iAbbreviatedHandshake;

   360 	

   361 

   362 	TInt iTotalTokenTypeCount;

   363 	TInt iCurrentTokentype;

   364 	TInt iCurrentToken;

   365 	TInt iSelectedTypeIndex;

   366 	RFs iFs;

   367 

   368 	//Key and certstore helpers		

   369 	CCTKeyInfo* iSelectedKeyInfo;

   370 	CCTCertInfo* iSelectedCertInfo;

   371  	RPointerArray<CCertificate>	iStoredIntermediatesCACertificates;

   372 

   373 	//Handles

   374 	CTlsCryptoAttributes* iTlsCryptoAttributes;

   375 #ifdef _USESECDLGSV_

   376 	RSecurityDialogServer iDialogServ;

   377 	TBool iProceed;

   378 #else

   379 	MSecurityDialog* iSecurityDialog;

   380 #endif

   381 	RTlsCacheClient iCacheClient;

   382 	TValidationStatus iValidationStatus;

   383 	CPKIXCertChain* iServerCertsChain;

   384 	CPKIXValidationResult* iCertVerificationResult;

   385 	

   386 	//Class Handles	

   387 	CTlsClntAuthenticate* iClntAuthenticate;

   388 	CTlsBrowseToken* iPtrTokenSearch;

   389 

   390 

   391 	//Caller values

   392 	TRequestStatus* iOriginalRequestStatus;

   393 	CX509Certificate** iX509ServerCert;

   394 	CTlsSessionImpl*  iTlsSessionImpl;

   395 	CTLSSession**   iTlsSessionHldr;

   396 	RArray<TTLSCipherSuite>* iUserCipherSuiteList;

   397 	TTLSSessionData iOutputSessionData;

   398 	TTLSSessionNameAndID iServerNameAndId;

   399 	TTLSServerAddr* iPServerName;

   400 	TTLSSessionId* iPSessionId;

   401 	MTLSSession* iSessionInterface;

   402 	TBool iTlsSessionOwnershipPassedToCaller;

   403 

   404 	RArray<TTLSProtocolVersion> iReqProtList;

   405 	RArray<TTLSCipherSuite> iSupportedCipherSuiteList;

   406 	CTlsProviderPolicy* iTlsProviderPolicy;

   407 	

   408 private:	

   409 	

   410 

   411 	//Active

   412 	void ConstructL();

   413 	void DoCancel();

   414 	void RunL();	

   415 

   416 	TInt RunError(TInt aError);

   417 	

   418 	void GetX509CertL(HBufC8*& aEncodedCert,CX509Certificate*& aOutputX509);

   419 	TBool ValidateDNSNameL(const CX509Certificate& aSource);

   420 	TBool NameIsInSubtree(CX509DNSName& aServerName, CX509DNSName& aCertName, TBool aIsWildcard);

   421 

   422 	//Local functions	

   423 	void  NextOrEnd();

   424 	void  GetAvailableKeyListL();

   425 	void  ReturnCipherListL();

   426 	void  ReturnSession();

   427 	TBool SelectToken();

   428    TBool IsCipherAvailable( const TTLSCipherSuiteMapping& aCipherSuiteMapping ) const;

   429 

   430 	void ShowUntrustedDialogL(const TValidationStatus aResult);

   431 	void HandleBadCertificateL(const TValidationStatus aResult);

   432 	TBool CheckExtendedKeyUsageL(const CX509Certificate& aSource);

   433 	

   434 	//Active Handlers

   435 	void OnEGetSession();

   436 	void OnEStartSession();	

   437 	void OnEBrowseTokens();

   438 	void OnEGetSessionInterfaceL();

   439 	void ReturnResult();

   440 	void RetrieveSession();

   441 	void OnQueryCacheL();

   442 	void OnEUserDialogL();

   443 

   444 #ifdef _DEBUG

   445 	enum TPanic

   446 		{

   447 		ERCLBadUserOrder = 0x10, ERCLBadTokenOrder

   448 		};

   449 	static void Panic(TPanic aPanic);

   450 #endif	

   451 	

   452 	};

   453 

   454 

   455 #endif //__TLSPROVIDER_H__

   456 

   457 

   458 

   459 

   460 

   461