|
1 // Copyright (c) 2003-2009 Nokia Corporation and/or its subsidiary(-ies). |
|
2 // All rights reserved. |
|
3 // This component and the accompanying materials are made available |
|
4 // under the terms of "Eclipse Public License v1.0" |
|
5 // which accompanies this distribution, and is available |
|
6 // at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
7 // |
|
8 // Initial Contributors: |
|
9 // Nokia Corporation - initial contribution. |
|
10 // |
|
11 // Contributors: |
|
12 // |
|
13 // Description: |
|
14 // This file contains types shared between TLS protocol module and |
|
15 // Security's component: TLS Provider. |
|
16 // |
|
17 // |
|
18 |
|
19 /** |
|
20 @file |
|
21 @internalTechnology |
|
22 */ |
|
23 |
|
24 #ifndef __TLSPROVIDER_H__ |
|
25 #define __TLSPROVIDER_H__ |
|
26 |
|
27 |
|
28 #include <e32std.h> |
|
29 #include <e32base.h> |
|
30 |
|
31 #include "3des.h" |
|
32 #include "rijndael.h" |
|
33 #include "cbcmode.h" |
|
34 #include "padding.h" |
|
35 #include "blocktransformation.h" |
|
36 #include "bufferedtransformation.h" |
|
37 #include "arc4.h" |
|
38 #include "ct.h" |
|
39 #include "pkixcertchain.h" |
|
40 #include "x509keys.h" |
|
41 #include <random.h> |
|
42 #include <hash.h> |
|
43 |
|
44 #include "tlstypedef.h" |
|
45 #include "tlsprovtokeninterfaces.h" |
|
46 #include "tlsprovider_log.h" |
|
47 #include "CTlsEncrypt.h" |
|
48 #include "Ctlsclntauthenticate.h" |
|
49 #include "Ctlsbrowsetoken.h" |
|
50 |
|
51 #include <ct/rmpointerarray.h> |
|
52 #include <mctkeystore.h> |
|
53 #include "cctcertinfo.h" |
|
54 #include "tlscacheclient.h" |
|
55 |
|
56 #include "Tlsprovinterface.h" |
|
57 |
|
58 #ifdef _USESECDLGSV_ |
|
59 #include "SECDLGCL.H" |
|
60 #else |
|
61 #include "secdlg.h" |
|
62 #endif |
|
63 |
|
64 #ifdef SYMBIAN_ENABLE_SPLIT_HEADERS |
|
65 #include <tlstypedef_internal.h> |
|
66 #include <tlsprovtokeninterfaces_internal.h> |
|
67 #endif |
|
68 |
|
69 const TInt KUidUnicodeSSLProtocolModule = 0x1000183d; //INCLUDE SSL.H |
|
70 |
|
71 |
|
72 class TCTTokenHandle; |
|
73 class CPKIXCertChain; |
|
74 class CX509Certificate; |
|
75 class CPKIXValidationResult; |
|
76 class CSymmetricCipher; |
|
77 |
|
78 class CMessageDigest; |
|
79 class CTlsEncrypt; |
|
80 |
|
81 |
|
82 // |
|
83 // CTlsSessionImpl |
|
84 // |
|
85 |
|
86 class MTLSSession; |
|
87 |
|
88 |
|
89 class CTlsSessionImpl : public CActive |
|
90 { |
|
91 public: |
|
92 static CTlsSessionImpl* NewL( |
|
93 MTLSSession* aSessionInterface, |
|
94 CCTCertInfo* aSelectedCertInfo, |
|
95 CCTKeyInfo* aSelectedKeyInfo, |
|
96 RPointerArray<CCertificate>* aStoredIntermediatesCACertificates); |
|
97 |
|
98 |
|
99 void ConstructL( |
|
100 CTlsCryptoAttributes* aTlsCryptoAttributes, |
|
101 HBufC8* aEncodedServerCerts, |
|
102 TRequestStatus& aStatus); |
|
103 |
|
104 void ConstructResumedL( |
|
105 CTlsCryptoAttributes* aTlsCryptoAttributes, |
|
106 TRequestStatus& aStatus); |
|
107 |
|
108 void ClientKeyExchange( |
|
109 HBufC8*& aClientKeyExch, |
|
110 TRequestStatus& aStatus); |
|
111 |
|
112 void ClientCertificate( |
|
113 HBufC8*& aEncodedClientCert, |
|
114 TRequestStatus& aStatus); |
|
115 |
|
116 |
|
117 void ClientCertificate( |
|
118 CX509Certificate*& aX509ClientCert, |
|
119 TRequestStatus& aStatus); |
|
120 |
|
121 void ClientCertificate( |
|
122 RPointerArray<HBufC8>* aClientCertArray, |
|
123 TRequestStatus& aStatus); |
|
124 |
|
125 |
|
126 void ServerCertificate( |
|
127 CX509Certificate*& aX509ServerCert, |
|
128 TRequestStatus& aStatus); |
|
129 |
|
130 void CertificateVerifySignatureL( |
|
131 CMessageDigest* aMd5DigestInput, |
|
132 CMessageDigest* aShaDigestInput, |
|
133 HBufC8*& aOutput, |
|
134 TRequestStatus& aStatus); |
|
135 |
|
136 void ClientFinishedMsgL( |
|
137 CMessageDigest* aMd5DigestInput, |
|
138 CMessageDigest* aShaDigestInput, |
|
139 HBufC8*& aOutput, |
|
140 TRequestStatus& aStatus); |
|
141 |
|
142 |
|
143 void VerifyServerFinishedMsgL( |
|
144 CMessageDigest* aMd5DigestInput, |
|
145 CMessageDigest* aShaDigestInput, |
|
146 const TDesC8& aActualFinishedMsg, |
|
147 TRequestStatus& aStatus); |
|
148 |
|
149 |
|
150 TInt EncryptL( |
|
151 const TDesC8& aInput, |
|
152 HBufC8*& aOutput, |
|
153 TInt64& aSeqNumber, |
|
154 TRecordProtocol& aType); |
|
155 |
|
156 |
|
157 TInt DecryptAndVerifyL( |
|
158 const TDesC8& aInput, |
|
159 HBufC8*& aOutput, |
|
160 TInt64& aSeqNumber, |
|
161 TRecordProtocol& aType); |
|
162 |
|
163 TInt KeyDerivation( |
|
164 const TDesC8& aLabel, |
|
165 const TTLSMasterSecretInput& aMasterSecretInput, |
|
166 TDes8& aKeyingMaterial); |
|
167 |
|
168 CTlsCryptoAttributes* Attributes() ; |
|
169 |
|
170 |
|
171 void CancelRequest(); |
|
172 |
|
173 ~CTlsSessionImpl(); |
|
174 private: |
|
175 |
|
176 enum TStateLists { ENullState,EConstruct, EGetClientCerificate,EGetClientKeyExchange, |
|
177 EGetServerCertificate,EKeyGeneration,EClientFinishedMsg, |
|
178 EVerifyServerFinishedMsg,EComputeDigitalSignature, |
|
179 EConnectionEstablished,EGetClientCerificateX509,ECertificateVerifyMsg,EReturnCert,EGetClientCertificateArray}; |
|
180 |
|
181 TTLSMasterSecretInput iMasterSecretInput; |
|
182 TTLSProtocolVersion iProtocolVersion; |
|
183 TTLSCipherSuite iCipherSuiteId; |
|
184 |
|
185 |
|
186 |
|
187 //Helper variables |
|
188 TStateLists iOriginalState; |
|
189 TStateLists iCurrentState; |
|
190 TStateLists iNextState; |
|
191 TInt iServerMsgVerified; |
|
192 TInt iAttribute; |
|
193 |
|
194 RFs iFs; |
|
195 |
|
196 //Data containers |
|
197 HBufC8* iKeyMaterial; |
|
198 HBufC8* iEncodedServerCerts; |
|
199 HBufC8* iEncodedClientCert; |
|
200 HBufC8** iEncodedClientCertHldrPtr; |
|
201 |
|
202 HBufC8** iComputeDigitalSig; |
|
203 HBufC8* iTempHolder; |
|
204 HBufC8* iServerCert_rv; |
|
205 HBufC8* iServerFinished; |
|
206 HBufC8* iActualFinishedMsg; //Should move it to a comming pointer variable |
|
207 |
|
208 |
|
209 //Caller values |
|
210 TRequestStatus* iOriginalRequestStatus; |
|
211 CX509Certificate** iClientCertX509; |
|
212 CX509Certificate** iX509ServerCert; |
|
213 HBufC8** iClientKeyExch; |
|
214 |
|
215 //Handles |
|
216 MTLSSession* iSessionInterface; |
|
217 CTlsCryptoAttributes* iTlsCryptoAttributes; |
|
218 CUnifiedCertStore* iPtrUnifiedCertStore; |
|
219 CCTCertInfo* iSelectedCertInfo; |
|
220 CCTKeyInfo* iSelectedKeyInfo; |
|
221 CTlsEncrypt* iEncrypt; |
|
222 TBool iAbbrievatedHandshake; |
|
223 |
|
224 TPtr8 iTempPtr; |
|
225 |
|
226 RPointerArray<CCertificate>* iStoredIntermediatesCACertificates; |
|
227 |
|
228 TBool iConstructionComplete; |
|
229 RPointerArray<HBufC8>* iClientCertArray; |
|
230 |
|
231 private: |
|
232 CTlsSessionImpl(); |
|
233 |
|
234 //Active |
|
235 void DoCancel(); |
|
236 void RunL(); |
|
237 TInt RunError(TInt aError); |
|
238 |
|
239 void GetX509CertL(HBufC8*& aEncodedCert,CX509Certificate*& aOutputX509); |
|
240 void GenerateFinishedMessageL(CMessageDigest* aMd5DigestInput, |
|
241 CMessageDigest* aShaDigestInput, |
|
242 HBufC8*& aOutput, |
|
243 TBool aIsServer); |
|
244 void GenerateKeysL(); |
|
245 |
|
246 void BuildClientIntermediateCertChainL(RPointerArray<CCertificate> &aCertChain, |
|
247 const CX509Certificate* aClientCert) const; |
|
248 |
|
249 TBool MatchRequestedIssuerDN(const CCertificate* aCert) const; |
|
250 |
|
251 }; |
|
252 |
|
253 |
|
254 |
|
255 // |
|
256 // CTlsProviderImpl |
|
257 // |
|
258 |
|
259 class MTLSTokenProvider; |
|
260 |
|
261 |
|
262 class CTokenTypesAndTokens : public CBase |
|
263 { |
|
264 public: |
|
265 MTLSTokenProvider* iProviderInterface; |
|
266 CTokenInfo* iTokenInfo; |
|
267 TInt iTotalTokenCount; |
|
268 TBool iSoftwareToken; |
|
269 public: |
|
270 void Release(); |
|
271 ~CTokenTypesAndTokens(); |
|
272 }; |
|
273 |
|
274 class TSessiondata |
|
275 { |
|
276 public: |
|
277 TTLSSessionId iSessionId; |
|
278 MTLSTokenProvider* iProviderInterface; |
|
279 }; |
|
280 |
|
281 |
|
282 const TUid UidProv = { KInterfaceTLSTokenProvider }; |
|
283 const TUid UidSess = { KInterfaceTLSSession }; |
|
284 |
|
285 class CTlsProviderImpl : public CActive |
|
286 { |
|
287 public: |
|
288 static CTlsProviderImpl* ConnectL(); |
|
289 |
|
290 |
|
291 void CreateL( |
|
292 CTLSSession*& aTlsSession, |
|
293 TRequestStatus& aStatus); |
|
294 |
|
295 |
|
296 void CipherSuitesL( |
|
297 RArray<TTLSCipherSuite>& aUserCipherSuiteList, |
|
298 TRequestStatus& aStatus); |
|
299 |
|
300 |
|
301 void VerifyServerCertificate( |
|
302 const TDesC8& aEncodedServerCerts, |
|
303 CX509Certificate*& aServerCert, |
|
304 TRequestStatus& aStatus); |
|
305 |
|
306 |
|
307 TBool VerifySignatureL( |
|
308 const CSubjectPublicKeyInfo& aServerPublicKey, |
|
309 const TDesC8& aDigest, |
|
310 const TDesC8& aSig); |
|
311 |
|
312 |
|
313 void GenerateRandom(TDes8& aBuffer); |
|
314 |
|
315 |
|
316 void GetSessionL( |
|
317 TTLSServerAddr& aServerName, |
|
318 TTLSSessionId& aSessionId, |
|
319 TRequestStatus& aStatus) ; |
|
320 |
|
321 |
|
322 void ClearSessionCacheL( |
|
323 TTLSSessionNameAndID& aServerNameAndId, |
|
324 TRequestStatus& aStatus); |
|
325 |
|
326 CTlsCryptoAttributes* Attributes(); |
|
327 |
|
328 CTlsSessionImpl* TlsSessionPtr(); |
|
329 |
|
330 |
|
331 void CancelRequest(); |
|
332 |
|
333 MCTToken* GetTokenHandle(); |
|
334 |
|
335 //Constructor and Destructor |
|
336 CTlsProviderImpl(); |
|
337 ~CTlsProviderImpl(); |
|
338 |
|
339 private: |
|
340 |
|
341 enum TStateLists { ENullState,ECreate,EGetCiphers,EValidateCertificate, |
|
342 EClearSessionCache,EOpenToken,EGetSession,EGetSessionInterface, |
|
343 EStartSession,EGetKeyAndSignExAlgrthm,EConstructResumed, |
|
344 EConstruct,EClientAuthenticate,EBrowseTokens,EQueryCache,EUserDialog,ENextOrEnd}; |
|
345 |
|
346 |
|
347 //Data containers |
|
348 RArray<CTokenTypesAndTokens> iListAllTokensAndTypes; |
|
349 HBufC8* iEncodedServerCerts; |
|
350 TSessiondata iSessionData; |
|
351 |
|
352 |
|
353 //Helper variables |
|
354 TStateLists iOriginalState; |
|
355 TStateLists iCurrentState; |
|
356 TStateLists iNextState; |
|
357 |
|
358 //Flags |
|
359 TBool iAbbreviatedHandshake; |
|
360 |
|
361 |
|
362 TInt iTotalTokenTypeCount; |
|
363 TInt iCurrentTokentype; |
|
364 TInt iCurrentToken; |
|
365 TInt iSelectedTypeIndex; |
|
366 RFs iFs; |
|
367 |
|
368 //Key and certstore helpers |
|
369 CCTKeyInfo* iSelectedKeyInfo; |
|
370 CCTCertInfo* iSelectedCertInfo; |
|
371 RPointerArray<CCertificate> iStoredIntermediatesCACertificates; |
|
372 |
|
373 //Handles |
|
374 CTlsCryptoAttributes* iTlsCryptoAttributes; |
|
375 #ifdef _USESECDLGSV_ |
|
376 RSecurityDialogServer iDialogServ; |
|
377 TBool iProceed; |
|
378 #else |
|
379 MSecurityDialog* iSecurityDialog; |
|
380 #endif |
|
381 RTlsCacheClient iCacheClient; |
|
382 TValidationStatus iValidationStatus; |
|
383 CPKIXCertChain* iServerCertsChain; |
|
384 CPKIXValidationResult* iCertVerificationResult; |
|
385 |
|
386 //Class Handles |
|
387 CTlsClntAuthenticate* iClntAuthenticate; |
|
388 CTlsBrowseToken* iPtrTokenSearch; |
|
389 |
|
390 |
|
391 //Caller values |
|
392 TRequestStatus* iOriginalRequestStatus; |
|
393 CX509Certificate** iX509ServerCert; |
|
394 CTlsSessionImpl* iTlsSessionImpl; |
|
395 CTLSSession** iTlsSessionHldr; |
|
396 RArray<TTLSCipherSuite>* iUserCipherSuiteList; |
|
397 TTLSSessionData iOutputSessionData; |
|
398 TTLSSessionNameAndID iServerNameAndId; |
|
399 TTLSServerAddr* iPServerName; |
|
400 TTLSSessionId* iPSessionId; |
|
401 MTLSSession* iSessionInterface; |
|
402 TBool iTlsSessionOwnershipPassedToCaller; |
|
403 |
|
404 RArray<TTLSProtocolVersion> iReqProtList; |
|
405 RArray<TTLSCipherSuite> iSupportedCipherSuiteList; |
|
406 CTlsProviderPolicy* iTlsProviderPolicy; |
|
407 |
|
408 private: |
|
409 |
|
410 |
|
411 //Active |
|
412 void ConstructL(); |
|
413 void DoCancel(); |
|
414 void RunL(); |
|
415 |
|
416 TInt RunError(TInt aError); |
|
417 |
|
418 void GetX509CertL(HBufC8*& aEncodedCert,CX509Certificate*& aOutputX509); |
|
419 TBool ValidateDNSNameL(const CX509Certificate& aSource); |
|
420 TBool NameIsInSubtree(CX509DNSName& aServerName, CX509DNSName& aCertName, TBool aIsWildcard); |
|
421 |
|
422 //Local functions |
|
423 void NextOrEnd(); |
|
424 void GetAvailableKeyListL(); |
|
425 void ReturnCipherListL(); |
|
426 void ReturnSession(); |
|
427 TBool SelectToken(); |
|
428 TBool IsCipherAvailable( const TTLSCipherSuiteMapping& aCipherSuiteMapping ) const; |
|
429 |
|
430 void ShowUntrustedDialogL(const TValidationStatus aResult); |
|
431 void HandleBadCertificateL(const TValidationStatus aResult); |
|
432 TBool CheckExtendedKeyUsageL(const CX509Certificate& aSource); |
|
433 |
|
434 //Active Handlers |
|
435 void OnEGetSession(); |
|
436 void OnEStartSession(); |
|
437 void OnEBrowseTokens(); |
|
438 void OnEGetSessionInterfaceL(); |
|
439 void ReturnResult(); |
|
440 void RetrieveSession(); |
|
441 void OnQueryCacheL(); |
|
442 void OnEUserDialogL(); |
|
443 |
|
444 #ifdef _DEBUG |
|
445 enum TPanic |
|
446 { |
|
447 ERCLBadUserOrder = 0x10, ERCLBadTokenOrder |
|
448 }; |
|
449 static void Panic(TPanic aPanic); |
|
450 #endif |
|
451 |
|
452 }; |
|
453 |
|
454 |
|
455 #endif //__TLSPROVIDER_H__ |
|
456 |
|
457 |
|
458 |
|
459 |
|
460 |
|
461 |