1.1 --- a/epoc32/include/ssl.h Tue Nov 24 13:55:44 2009 +0000
1.2 +++ b/epoc32/include/ssl.h Tue Mar 16 16:12:26 2010 +0000
1.3 @@ -1,1 +1,498 @@
1.4 -ssl.h
1.5 +// Copyright (c) 1997-2009 Nokia Corporation and/or its subsidiary(-ies).
1.6 +// All rights reserved.
1.7 +// This component and the accompanying materials are made available
1.8 +// under the terms of the License "Symbian Foundation License v1.0" to Symbian Foundation members and "Symbian Foundation End User License Agreement v1.0" to non-members
1.9 +// which accompanies this distribution, and is available
1.10 +// at the URL "http://www.symbianfoundation.org/legal/licencesv10.html".
1.11 +//
1.12 +// Initial Contributors:
1.13 +// Nokia Corporation - initial contribution.
1.14 +//
1.15 +// Contributors:
1.16 +//
1.17 +// Description:
1.18 +// SSL exported functions.
1.19 +//
1.20 +//
1.21 +
1.22 +
1.23 +
1.24 +/**
1.25 + @file
1.26 +*/
1.27 +
1.28 +#ifndef __TCPSSL_H__
1.29 +#define __TCPSSL_H__
1.30 +
1.31 +#include <in_sock.h>
1.32 +#include <sslerr.h>
1.33 +
1.34 +//TDNInfo & TCertInfo moved to a header file owned by HTTP
1.35 +//included their file here to reduce impact of this move
1.36 +#include <ssl_compatibility.h>
1.37 +
1.38 +// next 3 lines xfer from ssldata.h
1.39 +/*
1.40 +Code using this const has been commented out.
1.41 +Be careful 0x406 could have been defined in the in_sock.h in the mean time...
1.42 +const TUint KSoCurrentConnectStatus =0x406;
1.43 +*/
1.44 +/**
1.45 + * The SSL connection status.
1.46 + *
1.47 + * @internalComponent
1.48 + *
1.49 + * @since v6.0 *
1.50 + * @deprecated No longer used by networking
1.51 + */
1.52 +enum TSSLConnectStatus
1.53 + {
1.54 + /** Connected. */
1.55 + ESSLConnected,
1.56 + /** Waiting for user to answer. */
1.57 + ESSLWaitingUserAnswer,
1.58 + /** Connection failed. */
1.59 + ESSLConnectFailed
1.60 + };
1.61 +
1.62 +/**
1.63 + * No dialogs.
1.64 + *
1.65 + * @internalComponent
1.66 + */
1.67 +const TUint KSSLUserDialogMode = 0x02; // no dialogs
1.68 +
1.69 +/**
1.70 + * SSL Protocol Module's UID.
1.71 + *
1.72 + * @internalComponent
1.73 + */
1.74 +const TInt KUidSSLProtocolModule = 0x100011b2;
1.75 +
1.76 +/**
1.77 + * Unicode SSL Protocol Module's UID.
1.78 + *
1.79 + * @internalComponent
1.80 + */
1.81 +const TInt KUidUnicodeSSLProtocolModule = 0x1000183d;
1.82 +
1.83 +/**
1.84 + * SSL v3 Protocol Module's UID.
1.85 + *
1.86 + * @internalComponent
1.87 + */
1.88 +const TInt KUidSSLv3ProtocolModule = 0x10001699;
1.89 +
1.90 +/**
1.91 + * Socket reads from SSL.
1.92 + *
1.93 + * @internalComponent
1.94 + */
1.95 +const TUint KSockReadFromSSL = 0x10040000;
1.96 +
1.97 +/**
1.98 + * Socket writes to SSL.
1.99 + *
1.100 + * @internalComponent
1.101 + */
1.102 +const TUint KSockWriteFromSSL = 0x10044000;
1.103 +
1.104 +// SSL/TLS connection Option taken from previous releases. This information has been
1.105 +// removed from in_sock.h. All adaptor options have been removed.
1.106 +const TUint KSolInetSSL = 0x205; ///< SSL setopts/ioctls
1.107 +
1.108 +const TUint KSoCurrentCipherSuite = 0x402; ///< Get current cipher suites
1.109 +const TUint KSoSSLServerCert = 0x403; ///< Get server certificate
1.110 +const TUint KSoDialogMode = 0x404; ///< Get/Set current dialog mode
1.111 +const TUint KSoAvailableCipherSuites = 0x405; ///< Get available cipher suites
1.112 + // 0x406 skipped - See KSoCurrentConnectStatus
1.113 +const TUint KSoKeyingMaterial = 0x407; ///< Get Keying Material for EAP
1.114 +
1.115 +/**
1.116 + * @publishedAll
1.117 + * @released
1.118 + *
1.119 + * Enable the use of TLS_RSA_WITH_NULL_MD5 and TLS_RSA_WITH_NULL_SHA ciphersuites
1.120 + * These ciphersuites use NULL encryption and therefore offer no protection against evesdropping.
1.121 + * Server authentication (and client, if a client certificate is used) is performed and data integrity
1.122 + * is still checked.
1.123 + *
1.124 + * (Ciphersuite TLS_NULL_WITH_NULL_NULL is never supported).
1.125 + *
1.126 + * An argument of 0 disables the ciphersuites and non-zero enables them.
1.127 +*/
1.128 +const TUint KSoEnableNullCiphers = 0x408; ///< Enable/disable NULL ciphers
1.129 +
1.130 +/**
1.131 + * @publishedAll
1.132 + * @released
1.133 + *
1.134 + * Set the PSK Key Exchange configuration. Argument is a TPckgBuf<MSoPskKeyHandler *>.
1.135 + * The structure and buffers will be copied.
1.136 + *
1.137 + * @see MSoPskKeyHandler
1.138 +*/
1.139 +const TUint KSoPskConfig = 0x409; ///< Set PSK key exchange configuration
1.140 +
1.141 +/**
1.142 + * Interface to the client code which decides which PSK identity and value should be used to secure the connection.
1.143 +*/
1.144 +class MSoPskKeyHandler
1.145 + {
1.146 +public:
1.147 + /**
1.148 + Called during the TLS PSK handshake to get the PSK identity and value to be used to secure the connection.
1.149 +
1.150 + @param aPskIdentityHint A ptr to an HBufC8 containing the "PSK identity hint", or NULL if the server did not send one.
1.151 + @param aPskIdentity NULL passed in, must be set to an HBufC8 containing the PSK Identity to be used.
1.152 + @param aPskKey NULL passed in, must be set to an HBufC8 containing the PSK key value to be used.
1.153 +
1.154 + Note: The caller takes ownership of the aPskIdentity and aPskKey buffers.
1.155 + Note: The meaning of the PSK identity hint is NOT defined by the TLS standard, therefore any application
1.156 + using PSK must previously agree the source of the PSK to be used and the interpretion of the (optional) PSK identity
1.157 + hint.
1.158 + */
1.159 + virtual void GetPskL(const HBufC8 * aPskIdentityHint, HBufC8 *& aPskIdentity, HBufC8 *& aPskKey) = 0;
1.160 + };
1.161 +
1.162 +/**
1.163 + * @publishedAll
1.164 + * @released
1.165 + *
1.166 + * Set the list of server names to be passed to the server in the ClientHello as described in RFC3546 "Server Name Indication".
1.167 + * The argument should be a TPckgBuf<CDesC8Array *>.
1.168 +*/
1.169 +const TUint KSoServerNameIndication = 0x40a; ///< Set Server Name Indication
1.170 +
1.171 +/**
1.172 + *
1.173 + * @internalComponent
1.174 + */
1.175 +const TUint KSoSSLDomainName = 0x505; ///< Set Domain name
1.176 +
1.177 +// Adaptor layer specific options
1.178 +// all SSL related options are supposed to be here
1.179 +// rather then in insock/inc/in_sock.h
1.180 +/**
1.181 + * Use SSL v2 handschake.
1.182 + *
1.183 + * @internalAll
1.184 + * @deprecated the option is no longer supported
1.185 + */
1.186 +const TUint KSoUseSSLv2Handshake = 0x500;
1.187 +
1.188 +// For KSoDialogMode
1.189 +const TUint KSSLDialogUnattendedMode= 0x01; ///< No dialogs
1.190 +const TUint KSSLDialogAttendedMode = 0x00; ///< dialogs
1.191 +
1.192 +
1.193 +// A version must be specified when creating an SSL factory
1.194 +/**
1.195 + * SSL module major version number.
1.196 + *
1.197 + * @internalComponent
1.198 + */
1.199 +const TUint KSSLMajorVersionNumber=1;
1.200 +/**
1.201 + * SSL module minor version number.
1.202 + *
1.203 + * @internalComponent
1.204 + */
1.205 +const TUint KSSLMinorVersionNumber=0;
1.206 +/**
1.207 + * SSL module build version number.
1.208 + *
1.209 + * @internalComponent
1.210 + */
1.211 +const TUint KSSLBuildVersionNumber=500;
1.212 +
1.213 +class RMBufChain;
1.214 +class CSSLSessionStore;
1.215 +class CSSLSessionState;
1.216 +class CNifFactory;
1.217 +class CSSLProviderBase;
1.218 +class CSymmetricCipher;
1.219 +class CCryptoFactory;
1.220 +class CCertFactory;
1.221 +class CSSLTimers;
1.222 +class MSSLSocketNotify
1.223 + /**
1.224 + * Abstract base class used to notify the SSL socket server that various events
1.225 + * have occurred. The class provides several up-call member functions.
1.226 + *
1.227 + * @internalComponent
1.228 + *
1.229 + * @since v5.0
1.230 + *
1.231 + * @deprecated No longer used by networking
1.232 + */
1.233 + {
1.234 +public:
1.235 +// NOTE: THESE ARE A SUBSET OF MSocketNotify
1.236 + /** Called with unencrypted data to be given to the client application.
1.237 + *
1.238 + * @param aDesc Descriptor holding the unencrypted data.
1.239 + * @param aRestingData
1.240 + */
1.241 + virtual void SSLDeliver(const TDesC8 &aDesc, TUint aRestingData)=0;
1.242 +
1.243 + virtual TUint SSLWrite(const TDesC8 &aDesc,TUint options, TSockAddr* aAddr=NULL)=0;
1.244 +
1.245 + /** Indicates that new buffer space is available. */
1.246 + virtual void SSLCanSend()=0;
1.247 +
1.248 + /** Indicates that a connection attempt has completed successfully. */
1.249 + virtual void SSLConnectComplete()=0;
1.250 +
1.251 + /** Indicates that the SAP has finished closing down. */
1.252 + virtual void SSLCanClose()=0;
1.253 +
1.254 + /** Tells the socket server that an error state has arisen within the protocol.
1.255 + *
1.256 + * It should not be used to report programmatic errors, either in the protocol
1.257 + * itself or the socket server (a panic should be used in these cases).
1.258 + *
1.259 + * @param anError Error that has arisen. */
1.260 + virtual void SSLError(TInt anError)=0;
1.261 +
1.262 + /** Called when the connection is closed due to an error. */
1.263 + virtual void SSLDisconnectIndication(void)=0;
1.264 +
1.265 + /** Called when the connection is closed due to an error.
1.266 + *
1.267 + * @param aDisconnectData Descriptor holding the disconnect data. */
1.268 + virtual void SSLDisconnectIndication(TDesC8& aDisconnectData)=0;
1.269 +
1.270 + /** Called when the connection is closed due to an error.
1.271 + *
1.272 + * @param aError The disconnect error. */
1.273 + virtual void SSLDisconnectIndication(TInt aError)=0;
1.274 +
1.275 + virtual void SSLIoctlComplete(TDesC8 *aBuf)=0;
1.276 + };
1.277 +
1.278 +class CSSLTimers : public CBase
1.279 + /**
1.280 + * Base class for SSL timers.
1.281 + *
1.282 + * @internalComponent
1.283 + *
1.284 + * @since v5.0
1.285 + *
1.286 + * @deprecated No longer used by networking
1.287 + */
1.288 + {
1.289 +public:
1.290 + /** Stops the SSLTimer, if it is running and destructs the object. */
1.291 + virtual ~CSSLTimers();
1.292 +
1.293 + /** Creates a new SSL Timer.
1.294 + *
1.295 + * @return KErrNone if successful; otherwise, a system-wide error code. */
1.296 + static CSSLTimers *NewL();
1.297 +
1.298 + /** Starts the SSL timer.
1.299 + *
1.300 + * @param aCallBack Call back function.
1.301 + * @param aTimeout Time. */
1.302 + void StartSSLTimer(TCallBack aCallBack,TInt aTimeout);
1.303 +
1.304 + /** Stops the timer. */
1.305 + void StopSSLTimer();
1.306 +
1.307 + /** Stops and cancels the time recorded by the timer. */
1.308 + void DoSSLTimerExpired();
1.309 +private:
1.310 + CSSLTimers();
1.311 +private:
1.312 + TDeltaTimerEntry iSSLTimer;
1.313 + TDeltaTimerEntry *iSSLTimerH;
1.314 + };
1.315 +
1.316 +class SSLGlobals
1.317 + /**
1.318 + * @internalComponent
1.319 + *
1.320 + * @deprecated No longer used by networking
1.321 + */
1.322 + {
1.323 +public:
1.324 + CObjectConIx *iContainer;
1.325 + CObjectCon *iSSLFactories;
1.326 + TInt iSSLUnloadTimeout;
1.327 + TInt iSecureSocketCount;
1.328 + };
1.329 +
1.330 +class RSSLDialogServer;
1.331 +class CSSLFactory : public CObject
1.332 + /**
1.333 + * Factory base for creating a concrete instance of a CSSLBase.
1.334 + *
1.335 + * @internalComponent
1.336 + *
1.337 + * @since v5.0
1.338 + * @deprecated No longer used by networking
1.339 + */
1.340 + {
1.341 +public:
1.342 + CSSLFactory();
1.343 + virtual ~CSSLFactory();
1.344 + virtual CSSLProviderBase* NewSecureSocketL(MSSLSocketNotify* aParent);
1.345 + virtual TInt Open();
1.346 + virtual void Close();
1.347 + virtual void InitL(RLibrary& aLib, CObjectCon& aCon);
1.348 + virtual TVersion Version() const;
1.349 +// static void Cleanup(TAny* aObject);
1.350 +// static TInt ControlledDelete(TAny* aSSLFactory);
1.351 + void SecureSocketShutdown(CSSLProviderBase *aSecureSocket);
1.352 + // other public members
1.353 + void SetSessionStateL(CSSLSessionState* aState,const TDesC8&);//const TDesC8& aSessionID,const TDesC8& aMasterSecret);
1.354 + TPtrC8 GetSession(const TDesC8&,CSSLSessionState*);
1.355 + void ConstructL();
1.356 +private:
1.357 + void InitCryptoL();
1.358 +public:
1.359 + RLibrary iLib;
1.360 +private:
1.361 +// RLibrary iCryptLibrary;
1.362 +// RLibrary iCertLibrary;
1.363 + TDblQue<CSSLProviderBase> iSecureSocketsList;
1.364 + TUint iSecureSocketsCount;
1.365 + CSSLSessionStore *iSessStore;
1.366 + };
1.367 +
1.368 +class CSSLProviderBase : public CBase
1.369 + /**
1.370 + * Abstract base class for all SSL protocol implementations.
1.371 + *
1.372 + * @internalComponent
1.373 + *
1.374 + * @since v5.0
1.375 + *
1.376 + * @deprecated No longer used by networking
1.377 + */
1.378 + {
1.379 +public:
1.380 + friend class CSSLFactory;
1.381 +/** Connection closing type. */
1.382 + enum TCloseType
1.383 + {
1.384 + /** Normal. */
1.385 + ENormal,
1.386 + /** Stop input. */
1.387 + EStopInput,
1.388 + /** Stop output. */
1.389 + EStopOutput,
1.390 + /** Close immediately. */
1.391 + EImmediate
1.392 + };
1.393 +
1.394 + CSSLProviderBase(CSSLFactory& aFactory);
1.395 + virtual ~CSSLProviderBase();
1.396 +
1.397 + /** Set the notification parent,
1.398 + *
1.399 + * @param aNotify Parent to be notified. */
1.400 + inline void SetNotify(MSSLSocketNotify* aNotify);
1.401 +public:
1.402 +// NOTE I'VE COPIED THESE DIRECTLY FROM CServProviderBase
1.403 + virtual const TInt GetOption(TUint level,TUint name,TDes8& anOption) =0;
1.404 + virtual void Ioctl(TUint level,TUint name,TDes8* anOption)=0;
1.405 + virtual void CancelIoctl(TUint aLevel,TUint aName)=0;
1.406 +
1.407 + /** Sets an option.
1.408 + *
1.409 + * @param level Integer constant identifying the option.
1.410 + * @param name Option name.
1.411 + * @param anOption Option value packaged in a descriptor.
1.412 + * @return KErrNone if successful; otherwise, a system-wide error code. */
1.413 + virtual TInt SetOption(TUint level,TUint name,const TDesC8 &anOption)=0;
1.414 +
1.415 + virtual TUint Write(const TDesC8& aDesc,TUint options,TSockAddr* anAddr=NULL)=0;
1.416 +
1.417 + /** Process the event in the buffer.
1.418 + *
1.419 + * @param aBuf Chain with events to process. */
1.420 + virtual void Process(RMBufChain& aBuf)=0;
1.421 +
1.422 + virtual void ProcessL(const TDesC8 &aDesc)=0;
1.423 +
1.424 + /** Initiates a connection operation.
1.425 + *
1.426 + * This means that it tells the protocol to
1.427 + * attempt to connect to a peer. It is called by the socket server in response
1.428 + * to a connect request from a client. ActiveOpen() is only ever called on connection-oriented
1.429 + * sockets. Such a socket should always have both the local address and the remote
1.430 + * address specified before ActiveOpen() is called. If this is not the case,
1.431 + * then the protocol should panic. When a connection has completed, the protocol
1.432 + * should call ConnectComplete() on its TNotify.
1.433 + *
1.434 + * If an error occurs during connection the protocol should not call ConnectComplete()
1.435 + * at all; instead it should call Error().
1.436 + *
1.437 + * @return KErrNone if successful; otherwise, a system-wide error code. */
1.438 + virtual TInt ActiveOpen()=0;
1.439 +
1.440 + /** Same as ActiveOpen(), but with user data in the connection frame.
1.441 + *
1.442 + * @param aConnectionData User specified connection data.
1.443 + * @return KErrNone if successful; otherwise, a system-wide error code. */
1.444 + virtual TInt ActiveOpen(const TDesC8& aConnectionData)=0;
1.445 +
1.446 + /** Tells the protocol to start waiting for an incoming connection request on this
1.447 + * socket (i.e. port).
1.448 + *
1.449 + * It is called by the socket server in response to a listen request from a client.
1.450 + *
1.451 + * PassiveOpen() is only ever called on connection-oriented sockets. Such a socket
1.452 + * should always have both the local address and the remote address specified
1.453 + * before PassiveOpen() is called. If this is not the case, then the protocol
1.454 + * should panic.
1.455 + *
1.456 + * The protocol should keep a count of sockets in Start state - incrementing
1.457 + * a variable in ConnectComplete(), and decrementing it in Start().
1.458 + *
1.459 + * When a connection has completed, the protocol should call ConnectComplete()
1.460 + * on its TNotify.
1.461 + *
1.462 + * If an error occurs during connection the protocol should not call ConnectComplete()
1.463 + * at all; instead it should call Error().
1.464 + *
1.465 + * @param aQueSize The number of sockets which can be waiting for an outstanding
1.466 + * Start() after calling ConnectComplete().
1.467 + * @return KErrNone if successful; otherwise, a system-wide error code. */
1.468 + virtual TInt PassiveOpen(TUint aQueSize)=0;
1.469 +
1.470 + /** Same as PassiveOpen(), but with user data in the connection frame.
1.471 + *
1.472 + * @param aQueSize The number of sockets which can be waiting for an outstanding
1.473 + * Start() after calling ConnectComplete().
1.474 + * @param aConnectionData User specified connection data
1.475 + * @return KErrNone if successful, a system-wide error code if not. */
1.476 + virtual TInt PassiveOpen(TUint aQueSize,const TDesC8& aConnectionData)=0;
1.477 +
1.478 + /** Terminates a connection (or closes a non connection-oriented socket down).
1.479 + *
1.480 + * Normally, when the socket server has called Shutdown() for a socket, it will
1.481 + * wait for the socket to call CanClose() before destroying the CServProviderBase
1.482 + * object. */
1.483 + virtual void Shutdown()=0;
1.484 +
1.485 + /** Closes the connection. */
1.486 + virtual void Close()=0;
1.487 + /** Second phase contructor.
1.488 + *
1.489 + * @param aParent Parent to be notified. */
1.490 + virtual void ConstructL(MSSLSocketNotify *aParent)=0;
1.491 + /** Indicates that the connection has been completed. */
1.492 + virtual void ConnectCompleted()=0;
1.493 +
1.494 +public:
1.495 + TDblQueLink iLink;
1.496 +protected:
1.497 + CSSLFactory* iFactory;
1.498 +private:
1.499 + MSSLSocketNotify* iSocket;
1.500 + };
1.501 +
1.502 +#endif