--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/networksecurity/tlsprovider/inc/tlsprovider.h Tue Jan 26 15:23:49 2010 +0200
@@ -0,0 +1,461 @@
+// Copyright (c) 2003-2009 Nokia Corporation and/or its subsidiary(-ies).
+// All rights reserved.
+// This component and the accompanying materials are made available
+// under the terms of "Eclipse Public License v1.0"
+// which accompanies this distribution, and is available
+// at the URL "http://www.eclipse.org/legal/epl-v10.html".
+//
+// Initial Contributors:
+// Nokia Corporation - initial contribution.
+//
+// Contributors:
+//
+// Description:
+// This file contains types shared between TLS protocol module and
+// Security's component: TLS Provider.
+//
+//
+
+/**
+ @file
+ @internalTechnology
+*/
+
+#ifndef __TLSPROVIDER_H__
+#define __TLSPROVIDER_H__
+
+
+#include <e32std.h>
+#include <e32base.h>
+
+#include "3des.h"
+#include "rijndael.h"
+#include "cbcmode.h"
+#include "padding.h"
+#include "blocktransformation.h"
+#include "bufferedtransformation.h"
+#include "arc4.h"
+#include "ct.h"
+#include "pkixcertchain.h"
+#include "x509keys.h"
+#include <random.h>
+#include <hash.h>
+
+#include "tlstypedef.h"
+#include "tlsprovtokeninterfaces.h"
+#include "tlsprovider_log.h"
+#include "CTlsEncrypt.h"
+#include "Ctlsclntauthenticate.h"
+#include "Ctlsbrowsetoken.h"
+
+#include <ct/rmpointerarray.h>
+#include <mctkeystore.h>
+#include "cctcertinfo.h"
+#include "tlscacheclient.h"
+
+#include "Tlsprovinterface.h"
+
+#ifdef _USESECDLGSV_
+#include "SECDLGCL.H"
+#else
+#include "secdlg.h"
+#endif
+
+#ifdef SYMBIAN_ENABLE_SPLIT_HEADERS
+#include <tlstypedef_internal.h>
+#include <tlsprovtokeninterfaces_internal.h>
+#endif
+
+const TInt KUidUnicodeSSLProtocolModule = 0x1000183d; //INCLUDE SSL.H
+
+
+class TCTTokenHandle;
+class CPKIXCertChain;
+class CX509Certificate;
+class CPKIXValidationResult;
+class CSymmetricCipher;
+
+class CMessageDigest;
+class CTlsEncrypt;
+
+
+//
+// CTlsSessionImpl
+//
+
+class MTLSSession;
+
+
+class CTlsSessionImpl : public CActive
+ {
+public:
+ static CTlsSessionImpl* NewL(
+ MTLSSession* aSessionInterface,
+ CCTCertInfo* aSelectedCertInfo,
+ CCTKeyInfo* aSelectedKeyInfo,
+ RPointerArray<CCertificate>* aStoredIntermediatesCACertificates);
+
+
+ void ConstructL(
+ CTlsCryptoAttributes* aTlsCryptoAttributes,
+ HBufC8* aEncodedServerCerts,
+ TRequestStatus& aStatus);
+
+ void ConstructResumedL(
+ CTlsCryptoAttributes* aTlsCryptoAttributes,
+ TRequestStatus& aStatus);
+
+ void ClientKeyExchange(
+ HBufC8*& aClientKeyExch,
+ TRequestStatus& aStatus);
+
+ void ClientCertificate(
+ HBufC8*& aEncodedClientCert,
+ TRequestStatus& aStatus);
+
+
+ void ClientCertificate(
+ CX509Certificate*& aX509ClientCert,
+ TRequestStatus& aStatus);
+
+ void ClientCertificate(
+ RPointerArray<HBufC8>* aClientCertArray,
+ TRequestStatus& aStatus);
+
+
+ void ServerCertificate(
+ CX509Certificate*& aX509ServerCert,
+ TRequestStatus& aStatus);
+
+ void CertificateVerifySignatureL(
+ CMessageDigest* aMd5DigestInput,
+ CMessageDigest* aShaDigestInput,
+ HBufC8*& aOutput,
+ TRequestStatus& aStatus);
+
+ void ClientFinishedMsgL(
+ CMessageDigest* aMd5DigestInput,
+ CMessageDigest* aShaDigestInput,
+ HBufC8*& aOutput,
+ TRequestStatus& aStatus);
+
+
+ void VerifyServerFinishedMsgL(
+ CMessageDigest* aMd5DigestInput,
+ CMessageDigest* aShaDigestInput,
+ const TDesC8& aActualFinishedMsg,
+ TRequestStatus& aStatus);
+
+
+ TInt EncryptL(
+ const TDesC8& aInput,
+ HBufC8*& aOutput,
+ TInt64& aSeqNumber,
+ TRecordProtocol& aType);
+
+
+ TInt DecryptAndVerifyL(
+ const TDesC8& aInput,
+ HBufC8*& aOutput,
+ TInt64& aSeqNumber,
+ TRecordProtocol& aType);
+
+ TInt KeyDerivation(
+ const TDesC8& aLabel,
+ const TTLSMasterSecretInput& aMasterSecretInput,
+ TDes8& aKeyingMaterial);
+
+ CTlsCryptoAttributes* Attributes() ;
+
+
+ void CancelRequest();
+
+ ~CTlsSessionImpl();
+private:
+
+ enum TStateLists { ENullState,EConstruct, EGetClientCerificate,EGetClientKeyExchange,
+ EGetServerCertificate,EKeyGeneration,EClientFinishedMsg,
+ EVerifyServerFinishedMsg,EComputeDigitalSignature,
+ EConnectionEstablished,EGetClientCerificateX509,ECertificateVerifyMsg,EReturnCert,EGetClientCertificateArray};
+
+ TTLSMasterSecretInput iMasterSecretInput;
+ TTLSProtocolVersion iProtocolVersion;
+ TTLSCipherSuite iCipherSuiteId;
+
+
+
+ //Helper variables
+ TStateLists iOriginalState;
+ TStateLists iCurrentState;
+ TStateLists iNextState;
+ TInt iServerMsgVerified;
+ TInt iAttribute;
+
+ RFs iFs;
+
+ //Data containers
+ HBufC8* iKeyMaterial;
+ HBufC8* iEncodedServerCerts;
+ HBufC8* iEncodedClientCert;
+ HBufC8** iEncodedClientCertHldrPtr;
+
+ HBufC8** iComputeDigitalSig;
+ HBufC8* iTempHolder;
+ HBufC8* iServerCert_rv;
+ HBufC8* iServerFinished;
+ HBufC8* iActualFinishedMsg; //Should move it to a comming pointer variable
+
+
+ //Caller values
+ TRequestStatus* iOriginalRequestStatus;
+ CX509Certificate** iClientCertX509;
+ CX509Certificate** iX509ServerCert;
+ HBufC8** iClientKeyExch;
+
+ //Handles
+ MTLSSession* iSessionInterface;
+ CTlsCryptoAttributes* iTlsCryptoAttributes;
+ CUnifiedCertStore* iPtrUnifiedCertStore;
+ CCTCertInfo* iSelectedCertInfo;
+ CCTKeyInfo* iSelectedKeyInfo;
+ CTlsEncrypt* iEncrypt;
+ TBool iAbbrievatedHandshake;
+
+ TPtr8 iTempPtr;
+
+ RPointerArray<CCertificate>* iStoredIntermediatesCACertificates;
+
+ TBool iConstructionComplete;
+ RPointerArray<HBufC8>* iClientCertArray;
+
+private:
+ CTlsSessionImpl();
+
+ //Active
+ void DoCancel();
+ void RunL();
+ TInt RunError(TInt aError);
+
+ void GetX509CertL(HBufC8*& aEncodedCert,CX509Certificate*& aOutputX509);
+ void GenerateFinishedMessageL(CMessageDigest* aMd5DigestInput,
+ CMessageDigest* aShaDigestInput,
+ HBufC8*& aOutput,
+ TBool aIsServer);
+ void GenerateKeysL();
+
+ void BuildClientIntermediateCertChainL(RPointerArray<CCertificate> &aCertChain,
+ const CX509Certificate* aClientCert) const;
+
+ TBool MatchRequestedIssuerDN(const CCertificate* aCert) const;
+
+};
+
+
+
+//
+// CTlsProviderImpl
+//
+
+class MTLSTokenProvider;
+
+
+class CTokenTypesAndTokens : public CBase
+ {
+public:
+ MTLSTokenProvider* iProviderInterface;
+ CTokenInfo* iTokenInfo;
+ TInt iTotalTokenCount;
+ TBool iSoftwareToken;
+public:
+ void Release();
+ ~CTokenTypesAndTokens();
+ };
+
+class TSessiondata
+ {
+public:
+ TTLSSessionId iSessionId;
+ MTLSTokenProvider* iProviderInterface;
+ };
+
+
+const TUid UidProv = { KInterfaceTLSTokenProvider };
+const TUid UidSess = { KInterfaceTLSSession };
+
+class CTlsProviderImpl : public CActive
+ {
+public:
+ static CTlsProviderImpl* ConnectL();
+
+
+ void CreateL(
+ CTLSSession*& aTlsSession,
+ TRequestStatus& aStatus);
+
+
+ void CipherSuitesL(
+ RArray<TTLSCipherSuite>& aUserCipherSuiteList,
+ TRequestStatus& aStatus);
+
+
+ void VerifyServerCertificate(
+ const TDesC8& aEncodedServerCerts,
+ CX509Certificate*& aServerCert,
+ TRequestStatus& aStatus);
+
+
+ TBool VerifySignatureL(
+ const CSubjectPublicKeyInfo& aServerPublicKey,
+ const TDesC8& aDigest,
+ const TDesC8& aSig);
+
+
+ void GenerateRandom(TDes8& aBuffer);
+
+
+ void GetSessionL(
+ TTLSServerAddr& aServerName,
+ TTLSSessionId& aSessionId,
+ TRequestStatus& aStatus) ;
+
+
+ void ClearSessionCacheL(
+ TTLSSessionNameAndID& aServerNameAndId,
+ TRequestStatus& aStatus);
+
+ CTlsCryptoAttributes* Attributes();
+
+ CTlsSessionImpl* TlsSessionPtr();
+
+
+ void CancelRequest();
+
+ MCTToken* GetTokenHandle();
+
+ //Constructor and Destructor
+ CTlsProviderImpl();
+ ~CTlsProviderImpl();
+
+private:
+
+ enum TStateLists { ENullState,ECreate,EGetCiphers,EValidateCertificate,
+ EClearSessionCache,EOpenToken,EGetSession,EGetSessionInterface,
+ EStartSession,EGetKeyAndSignExAlgrthm,EConstructResumed,
+ EConstruct,EClientAuthenticate,EBrowseTokens,EQueryCache,EUserDialog,ENextOrEnd};
+
+
+ //Data containers
+ RArray<CTokenTypesAndTokens> iListAllTokensAndTypes;
+ HBufC8* iEncodedServerCerts;
+ TSessiondata iSessionData;
+
+
+ //Helper variables
+ TStateLists iOriginalState;
+ TStateLists iCurrentState;
+ TStateLists iNextState;
+
+ //Flags
+ TBool iAbbreviatedHandshake;
+
+
+ TInt iTotalTokenTypeCount;
+ TInt iCurrentTokentype;
+ TInt iCurrentToken;
+ TInt iSelectedTypeIndex;
+ RFs iFs;
+
+ //Key and certstore helpers
+ CCTKeyInfo* iSelectedKeyInfo;
+ CCTCertInfo* iSelectedCertInfo;
+ RPointerArray<CCertificate> iStoredIntermediatesCACertificates;
+
+ //Handles
+ CTlsCryptoAttributes* iTlsCryptoAttributes;
+#ifdef _USESECDLGSV_
+ RSecurityDialogServer iDialogServ;
+ TBool iProceed;
+#else
+ MSecurityDialog* iSecurityDialog;
+#endif
+ RTlsCacheClient iCacheClient;
+ TValidationStatus iValidationStatus;
+ CPKIXCertChain* iServerCertsChain;
+ CPKIXValidationResult* iCertVerificationResult;
+
+ //Class Handles
+ CTlsClntAuthenticate* iClntAuthenticate;
+ CTlsBrowseToken* iPtrTokenSearch;
+
+
+ //Caller values
+ TRequestStatus* iOriginalRequestStatus;
+ CX509Certificate** iX509ServerCert;
+ CTlsSessionImpl* iTlsSessionImpl;
+ CTLSSession** iTlsSessionHldr;
+ RArray<TTLSCipherSuite>* iUserCipherSuiteList;
+ TTLSSessionData iOutputSessionData;
+ TTLSSessionNameAndID iServerNameAndId;
+ TTLSServerAddr* iPServerName;
+ TTLSSessionId* iPSessionId;
+ MTLSSession* iSessionInterface;
+ TBool iTlsSessionOwnershipPassedToCaller;
+
+ RArray<TTLSProtocolVersion> iReqProtList;
+ RArray<TTLSCipherSuite> iSupportedCipherSuiteList;
+ CTlsProviderPolicy* iTlsProviderPolicy;
+
+private:
+
+
+ //Active
+ void ConstructL();
+ void DoCancel();
+ void RunL();
+
+ TInt RunError(TInt aError);
+
+ void GetX509CertL(HBufC8*& aEncodedCert,CX509Certificate*& aOutputX509);
+ TBool ValidateDNSNameL(const CX509Certificate& aSource);
+ TBool NameIsInSubtree(CX509DNSName& aServerName, CX509DNSName& aCertName, TBool aIsWildcard);
+
+ //Local functions
+ void NextOrEnd();
+ void GetAvailableKeyListL();
+ void ReturnCipherListL();
+ void ReturnSession();
+ TBool SelectToken();
+ TBool IsCipherAvailable( const TTLSCipherSuiteMapping& aCipherSuiteMapping ) const;
+
+ void ShowUntrustedDialogL(const TValidationStatus aResult);
+ void HandleBadCertificateL(const TValidationStatus aResult);
+ TBool CheckExtendedKeyUsageL(const CX509Certificate& aSource);
+
+ //Active Handlers
+ void OnEGetSession();
+ void OnEStartSession();
+ void OnEBrowseTokens();
+ void OnEGetSessionInterfaceL();
+ void ReturnResult();
+ void RetrieveSession();
+ void OnQueryCacheL();
+ void OnEUserDialogL();
+
+#ifdef _DEBUG
+ enum TPanic
+ {
+ ERCLBadUserOrder = 0x10, ERCLBadTokenOrder
+ };
+ static void Panic(TPanic aPanic);
+#endif
+
+ };
+
+
+#endif //__TLSPROVIDER_H__
+
+
+
+
+
+