1 // Copyright (c) 1997-2009 Nokia Corporation and/or its subsidiary(-ies).
2 // All rights reserved.
3 // This component and the accompanying materials are made available
4 // under the terms of the License "Symbian Foundation License v1.0" to Symbian Foundation members and "Symbian Foundation End User License Agreement v1.0" to non-members
5 // which accompanies this distribution, and is available
6 // at the URL "http://www.symbianfoundation.org/legal/licencesv10.html".
8 // Initial Contributors:
9 // Nokia Corporation - initial contribution.
14 // SSL exported functions.
30 //TDNInfo & TCertInfo moved to a header file owned by HTTP
31 //included their file here to reduce impact of this move
32 #include <ssl_compatibility.h>
34 // next 3 lines xfer from ssldata.h
36 Code using this const has been commented out.
37 Be careful 0x406 could have been defined in the in_sock.h in the mean time...
38 const TUint KSoCurrentConnectStatus =0x406;
41 * The SSL connection status.
46 * @deprecated No longer used by networking
48 enum TSSLConnectStatus
52 /** Waiting for user to answer. */
53 ESSLWaitingUserAnswer,
54 /** Connection failed. */
63 const TUint KSSLUserDialogMode = 0x02; // no dialogs
66 * SSL Protocol Module's UID.
70 const TInt KUidSSLProtocolModule = 0x100011b2;
73 * Unicode SSL Protocol Module's UID.
77 const TInt KUidUnicodeSSLProtocolModule = 0x1000183d;
80 * SSL v3 Protocol Module's UID.
84 const TInt KUidSSLv3ProtocolModule = 0x10001699;
87 * Socket reads from SSL.
91 const TUint KSockReadFromSSL = 0x10040000;
94 * Socket writes to SSL.
98 const TUint KSockWriteFromSSL = 0x10044000;
100 // SSL/TLS connection Option taken from previous releases. This information has been
101 // removed from in_sock.h. All adaptor options have been removed.
102 const TUint KSolInetSSL = 0x205; ///< SSL setopts/ioctls
104 const TUint KSoCurrentCipherSuite = 0x402; ///< Get current cipher suites
105 const TUint KSoSSLServerCert = 0x403; ///< Get server certificate
106 const TUint KSoDialogMode = 0x404; ///< Get/Set current dialog mode
107 const TUint KSoAvailableCipherSuites = 0x405; ///< Get available cipher suites
108 // 0x406 skipped - See KSoCurrentConnectStatus
109 const TUint KSoKeyingMaterial = 0x407; ///< Get Keying Material for EAP
115 * Enable the use of TLS_RSA_WITH_NULL_MD5 and TLS_RSA_WITH_NULL_SHA ciphersuites
116 * These ciphersuites use NULL encryption and therefore offer no protection against evesdropping.
117 * Server authentication (and client, if a client certificate is used) is performed and data integrity
120 * (Ciphersuite TLS_NULL_WITH_NULL_NULL is never supported).
122 * An argument of 0 disables the ciphersuites and non-zero enables them.
124 const TUint KSoEnableNullCiphers = 0x408; ///< Enable/disable NULL ciphers
130 * Set the PSK Key Exchange configuration. Argument is a TPckgBuf<MSoPskKeyHandler *>.
131 * The structure and buffers will be copied.
133 * @see MSoPskKeyHandler
135 const TUint KSoPskConfig = 0x409; ///< Set PSK key exchange configuration
138 * Interface to the client code which decides which PSK identity and value should be used to secure the connection.
140 class MSoPskKeyHandler
144 Called during the TLS PSK handshake to get the PSK identity and value to be used to secure the connection.
146 @param aPskIdentityHint A ptr to an HBufC8 containing the "PSK identity hint", or NULL if the server did not send one.
147 @param aPskIdentity NULL passed in, must be set to an HBufC8 containing the PSK Identity to be used.
148 @param aPskKey NULL passed in, must be set to an HBufC8 containing the PSK key value to be used.
150 Note: The caller takes ownership of the aPskIdentity and aPskKey buffers.
151 Note: The meaning of the PSK identity hint is NOT defined by the TLS standard, therefore any application
152 using PSK must previously agree the source of the PSK to be used and the interpretion of the (optional) PSK identity
155 virtual void GetPskL(const HBufC8 * aPskIdentityHint, HBufC8 *& aPskIdentity, HBufC8 *& aPskKey) = 0;
162 * Set the list of server names to be passed to the server in the ClientHello as described in RFC3546 "Server Name Indication".
163 * The argument should be a TPckgBuf<CDesC8Array *>.
165 const TUint KSoServerNameIndication = 0x40a; ///< Set Server Name Indication
171 const TUint KSoSSLDomainName = 0x505; ///< Set Domain name
173 // Adaptor layer specific options
174 // all SSL related options are supposed to be here
175 // rather then in insock/inc/in_sock.h
177 * Use SSL v2 handschake.
180 * @deprecated the option is no longer supported
182 const TUint KSoUseSSLv2Handshake = 0x500;
185 const TUint KSSLDialogUnattendedMode= 0x01; ///< No dialogs
186 const TUint KSSLDialogAttendedMode = 0x00; ///< dialogs
189 // A version must be specified when creating an SSL factory
191 * SSL module major version number.
195 const TUint KSSLMajorVersionNumber=1;
197 * SSL module minor version number.
201 const TUint KSSLMinorVersionNumber=0;
203 * SSL module build version number.
207 const TUint KSSLBuildVersionNumber=500;
210 class CSSLSessionStore;
211 class CSSLSessionState;
213 class CSSLProviderBase;
214 class CSymmetricCipher;
215 class CCryptoFactory;
218 class MSSLSocketNotify
220 * Abstract base class used to notify the SSL socket server that various events
221 * have occurred. The class provides several up-call member functions.
227 * @deprecated No longer used by networking
231 // NOTE: THESE ARE A SUBSET OF MSocketNotify
232 /** Called with unencrypted data to be given to the client application.
234 * @param aDesc Descriptor holding the unencrypted data.
235 * @param aRestingData
237 virtual void SSLDeliver(const TDesC8 &aDesc, TUint aRestingData)=0;
239 virtual TUint SSLWrite(const TDesC8 &aDesc,TUint options, TSockAddr* aAddr=NULL)=0;
241 /** Indicates that new buffer space is available. */
242 virtual void SSLCanSend()=0;
244 /** Indicates that a connection attempt has completed successfully. */
245 virtual void SSLConnectComplete()=0;
247 /** Indicates that the SAP has finished closing down. */
248 virtual void SSLCanClose()=0;
250 /** Tells the socket server that an error state has arisen within the protocol.
252 * It should not be used to report programmatic errors, either in the protocol
253 * itself or the socket server (a panic should be used in these cases).
255 * @param anError Error that has arisen. */
256 virtual void SSLError(TInt anError)=0;
258 /** Called when the connection is closed due to an error. */
259 virtual void SSLDisconnectIndication(void)=0;
261 /** Called when the connection is closed due to an error.
263 * @param aDisconnectData Descriptor holding the disconnect data. */
264 virtual void SSLDisconnectIndication(TDesC8& aDisconnectData)=0;
266 /** Called when the connection is closed due to an error.
268 * @param aError The disconnect error. */
269 virtual void SSLDisconnectIndication(TInt aError)=0;
271 virtual void SSLIoctlComplete(TDesC8 *aBuf)=0;
274 class CSSLTimers : public CBase
276 * Base class for SSL timers.
282 * @deprecated No longer used by networking
286 /** Stops the SSLTimer, if it is running and destructs the object. */
287 virtual ~CSSLTimers();
289 /** Creates a new SSL Timer.
291 * @return KErrNone if successful; otherwise, a system-wide error code. */
292 static CSSLTimers *NewL();
294 /** Starts the SSL timer.
296 * @param aCallBack Call back function.
297 * @param aTimeout Time. */
298 void StartSSLTimer(TCallBack aCallBack,TInt aTimeout);
300 /** Stops the timer. */
303 /** Stops and cancels the time recorded by the timer. */
304 void DoSSLTimerExpired();
308 TDeltaTimerEntry iSSLTimer;
309 TDeltaTimerEntry *iSSLTimerH;
316 * @deprecated No longer used by networking
320 CObjectConIx *iContainer;
321 CObjectCon *iSSLFactories;
322 TInt iSSLUnloadTimeout;
323 TInt iSecureSocketCount;
326 class RSSLDialogServer;
327 class CSSLFactory : public CObject
329 * Factory base for creating a concrete instance of a CSSLBase.
334 * @deprecated No longer used by networking
339 virtual ~CSSLFactory();
340 virtual CSSLProviderBase* NewSecureSocketL(MSSLSocketNotify* aParent);
342 virtual void Close();
343 virtual void InitL(RLibrary& aLib, CObjectCon& aCon);
344 virtual TVersion Version() const;
345 // static void Cleanup(TAny* aObject);
346 // static TInt ControlledDelete(TAny* aSSLFactory);
347 void SecureSocketShutdown(CSSLProviderBase *aSecureSocket);
348 // other public members
349 void SetSessionStateL(CSSLSessionState* aState,const TDesC8&);//const TDesC8& aSessionID,const TDesC8& aMasterSecret);
350 TPtrC8 GetSession(const TDesC8&,CSSLSessionState*);
357 // RLibrary iCryptLibrary;
358 // RLibrary iCertLibrary;
359 TDblQue<CSSLProviderBase> iSecureSocketsList;
360 TUint iSecureSocketsCount;
361 CSSLSessionStore *iSessStore;
364 class CSSLProviderBase : public CBase
366 * Abstract base class for all SSL protocol implementations.
372 * @deprecated No longer used by networking
376 friend class CSSLFactory;
377 /** Connection closing type. */
386 /** Close immediately. */
390 CSSLProviderBase(CSSLFactory& aFactory);
391 virtual ~CSSLProviderBase();
393 /** Set the notification parent,
395 * @param aNotify Parent to be notified. */
396 inline void SetNotify(MSSLSocketNotify* aNotify);
398 // NOTE I'VE COPIED THESE DIRECTLY FROM CServProviderBase
399 virtual const TInt GetOption(TUint level,TUint name,TDes8& anOption) =0;
400 virtual void Ioctl(TUint level,TUint name,TDes8* anOption)=0;
401 virtual void CancelIoctl(TUint aLevel,TUint aName)=0;
405 * @param level Integer constant identifying the option.
406 * @param name Option name.
407 * @param anOption Option value packaged in a descriptor.
408 * @return KErrNone if successful; otherwise, a system-wide error code. */
409 virtual TInt SetOption(TUint level,TUint name,const TDesC8 &anOption)=0;
411 virtual TUint Write(const TDesC8& aDesc,TUint options,TSockAddr* anAddr=NULL)=0;
413 /** Process the event in the buffer.
415 * @param aBuf Chain with events to process. */
416 virtual void Process(RMBufChain& aBuf)=0;
418 virtual void ProcessL(const TDesC8 &aDesc)=0;
420 /** Initiates a connection operation.
422 * This means that it tells the protocol to
423 * attempt to connect to a peer. It is called by the socket server in response
424 * to a connect request from a client. ActiveOpen() is only ever called on connection-oriented
425 * sockets. Such a socket should always have both the local address and the remote
426 * address specified before ActiveOpen() is called. If this is not the case,
427 * then the protocol should panic. When a connection has completed, the protocol
428 * should call ConnectComplete() on its TNotify.
430 * If an error occurs during connection the protocol should not call ConnectComplete()
431 * at all; instead it should call Error().
433 * @return KErrNone if successful; otherwise, a system-wide error code. */
434 virtual TInt ActiveOpen()=0;
436 /** Same as ActiveOpen(), but with user data in the connection frame.
438 * @param aConnectionData User specified connection data.
439 * @return KErrNone if successful; otherwise, a system-wide error code. */
440 virtual TInt ActiveOpen(const TDesC8& aConnectionData)=0;
442 /** Tells the protocol to start waiting for an incoming connection request on this
443 * socket (i.e. port).
445 * It is called by the socket server in response to a listen request from a client.
447 * PassiveOpen() is only ever called on connection-oriented sockets. Such a socket
448 * should always have both the local address and the remote address specified
449 * before PassiveOpen() is called. If this is not the case, then the protocol
452 * The protocol should keep a count of sockets in Start state - incrementing
453 * a variable in ConnectComplete(), and decrementing it in Start().
455 * When a connection has completed, the protocol should call ConnectComplete()
458 * If an error occurs during connection the protocol should not call ConnectComplete()
459 * at all; instead it should call Error().
461 * @param aQueSize The number of sockets which can be waiting for an outstanding
462 * Start() after calling ConnectComplete().
463 * @return KErrNone if successful; otherwise, a system-wide error code. */
464 virtual TInt PassiveOpen(TUint aQueSize)=0;
466 /** Same as PassiveOpen(), but with user data in the connection frame.
468 * @param aQueSize The number of sockets which can be waiting for an outstanding
469 * Start() after calling ConnectComplete().
470 * @param aConnectionData User specified connection data
471 * @return KErrNone if successful, a system-wide error code if not. */
472 virtual TInt PassiveOpen(TUint aQueSize,const TDesC8& aConnectionData)=0;
474 /** Terminates a connection (or closes a non connection-oriented socket down).
476 * Normally, when the socket server has called Shutdown() for a socket, it will
477 * wait for the socket to call CanClose() before destroying the CServProviderBase
479 virtual void Shutdown()=0;
481 /** Closes the connection. */
482 virtual void Close()=0;
483 /** Second phase contructor.
485 * @param aParent Parent to be notified. */
486 virtual void ConstructL(MSSLSocketNotify *aParent)=0;
487 /** Indicates that the connection has been completed. */
488 virtual void ConnectCompleted()=0;
493 CSSLFactory* iFactory;
495 MSSLSocketNotify* iSocket;