2015-10-21 05:03:22 +02:00
|
|
|
/*
|
|
|
|
|
* This file contains prototypes for the public SSL functions.
|
|
|
|
|
*
|
2018-05-04 16:08:28 +02:00
|
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
|
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
|
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
2015-10-21 05:03:22 +02:00
|
|
|
|
|
|
|
|
#ifndef __sslt_h_
|
|
|
|
|
#define __sslt_h_
|
|
|
|
|
|
|
|
|
|
#include "prtypes.h"
|
|
|
|
|
|
|
|
|
|
typedef struct SSL3StatisticsStr {
|
|
|
|
|
/* statistics from ssl3_SendClientHello (sch) */
|
|
|
|
|
long sch_sid_cache_hits;
|
|
|
|
|
long sch_sid_cache_misses;
|
|
|
|
|
long sch_sid_cache_not_ok;
|
|
|
|
|
|
|
|
|
|
/* statistics from ssl3_HandleServerHello (hsh) */
|
|
|
|
|
long hsh_sid_cache_hits;
|
|
|
|
|
long hsh_sid_cache_misses;
|
|
|
|
|
long hsh_sid_cache_not_ok;
|
|
|
|
|
|
|
|
|
|
/* statistics from ssl3_HandleClientHello (hch) */
|
|
|
|
|
long hch_sid_cache_hits;
|
|
|
|
|
long hch_sid_cache_misses;
|
|
|
|
|
long hch_sid_cache_not_ok;
|
|
|
|
|
|
|
|
|
|
/* statistics related to stateless resume */
|
|
|
|
|
long sch_sid_stateless_resumes;
|
|
|
|
|
long hsh_sid_stateless_resumes;
|
|
|
|
|
long hch_sid_stateless_resumes;
|
|
|
|
|
long hch_sid_ticket_parse_failures;
|
|
|
|
|
} SSL3Statistics;
|
|
|
|
|
|
|
|
|
|
/* Key Exchange algorithm values */
|
|
|
|
|
typedef enum {
|
|
|
|
|
ssl_kea_null = 0,
|
|
|
|
|
ssl_kea_rsa = 1,
|
|
|
|
|
ssl_kea_dh = 2,
|
|
|
|
|
ssl_kea_fortezza = 3, /* deprecated, now unused */
|
|
|
|
|
ssl_kea_ecdh = 4,
|
|
|
|
|
ssl_kea_size /* number of ssl_kea_ algorithms */
|
|
|
|
|
} SSLKEAType;
|
|
|
|
|
|
|
|
|
|
/* The following defines are for backwards compatibility.
|
|
|
|
|
** They will be removed in a forthcoming release to reduce namespace pollution.
|
|
|
|
|
** programs that use the kt_ symbols should convert to the ssl_kt_ symbols
|
|
|
|
|
** soon.
|
|
|
|
|
*/
|
|
|
|
|
#define kt_null ssl_kea_null
|
|
|
|
|
#define kt_rsa ssl_kea_rsa
|
|
|
|
|
#define kt_dh ssl_kea_dh
|
|
|
|
|
#define kt_fortezza ssl_kea_fortezza /* deprecated, now unused */
|
|
|
|
|
#define kt_ecdh ssl_kea_ecdh
|
|
|
|
|
#define kt_kea_size ssl_kea_size
|
|
|
|
|
|
|
|
|
|
typedef enum {
|
|
|
|
|
ssl_sign_null = 0,
|
|
|
|
|
ssl_sign_rsa = 1,
|
|
|
|
|
ssl_sign_dsa = 2,
|
|
|
|
|
ssl_sign_ecdsa = 3
|
|
|
|
|
} SSLSignType;
|
|
|
|
|
|
|
|
|
|
typedef enum {
|
|
|
|
|
ssl_auth_null = 0,
|
|
|
|
|
ssl_auth_rsa = 1,
|
|
|
|
|
ssl_auth_dsa = 2,
|
|
|
|
|
ssl_auth_kea = 3,
|
|
|
|
|
ssl_auth_ecdsa = 4
|
|
|
|
|
} SSLAuthType;
|
|
|
|
|
|
|
|
|
|
typedef enum {
|
|
|
|
|
ssl_calg_null = 0,
|
|
|
|
|
ssl_calg_rc4 = 1,
|
|
|
|
|
ssl_calg_rc2 = 2,
|
|
|
|
|
ssl_calg_des = 3,
|
|
|
|
|
ssl_calg_3des = 4,
|
|
|
|
|
ssl_calg_idea = 5,
|
|
|
|
|
ssl_calg_fortezza = 6, /* deprecated, now unused */
|
2018-05-04 16:08:28 +02:00
|
|
|
ssl_calg_aes = 7,
|
2015-10-21 05:03:22 +02:00
|
|
|
ssl_calg_camellia = 8,
|
2018-05-04 16:08:28 +02:00
|
|
|
ssl_calg_seed = 9,
|
|
|
|
|
ssl_calg_aes_gcm = 10
|
2015-10-21 05:03:22 +02:00
|
|
|
} SSLCipherAlgorithm;
|
|
|
|
|
|
|
|
|
|
typedef enum {
|
|
|
|
|
ssl_mac_null = 0,
|
|
|
|
|
ssl_mac_md5 = 1,
|
|
|
|
|
ssl_mac_sha = 2,
|
|
|
|
|
ssl_hmac_md5 = 3, /* TLS HMAC version of mac_md5 */
|
2018-05-04 16:08:28 +02:00
|
|
|
ssl_hmac_sha = 4, /* TLS HMAC version of mac_sha */
|
|
|
|
|
ssl_hmac_sha256 = 5,
|
|
|
|
|
ssl_mac_aead = 6
|
2015-10-21 05:03:22 +02:00
|
|
|
} SSLMACAlgorithm;
|
|
|
|
|
|
2018-05-04 16:08:28 +02:00
|
|
|
typedef enum {
|
|
|
|
|
ssl_compression_null = 0,
|
|
|
|
|
ssl_compression_deflate = 1 /* RFC 3749 */
|
|
|
|
|
} SSLCompressionMethod;
|
|
|
|
|
|
2015-10-21 05:03:22 +02:00
|
|
|
typedef struct SSLChannelInfoStr {
|
|
|
|
|
PRUint32 length;
|
|
|
|
|
PRUint16 protocolVersion;
|
|
|
|
|
PRUint16 cipherSuite;
|
|
|
|
|
|
|
|
|
|
/* server authentication info */
|
|
|
|
|
PRUint32 authKeyBits;
|
|
|
|
|
|
|
|
|
|
/* key exchange algorithm info */
|
|
|
|
|
PRUint32 keaKeyBits;
|
|
|
|
|
|
|
|
|
|
/* session info */
|
|
|
|
|
PRUint32 creationTime; /* seconds since Jan 1, 1970 */
|
|
|
|
|
PRUint32 lastAccessTime; /* seconds since Jan 1, 1970 */
|
|
|
|
|
PRUint32 expirationTime; /* seconds since Jan 1, 1970 */
|
|
|
|
|
PRUint32 sessionIDLength; /* up to 32 */
|
|
|
|
|
PRUint8 sessionID [32];
|
2018-05-04 16:08:28 +02:00
|
|
|
|
|
|
|
|
/* The following fields are added in NSS 3.12.5. */
|
|
|
|
|
|
|
|
|
|
/* compression method info */
|
|
|
|
|
const char * compressionMethodName;
|
|
|
|
|
SSLCompressionMethod compressionMethod;
|
2015-10-21 05:03:22 +02:00
|
|
|
} SSLChannelInfo;
|
|
|
|
|
|
|
|
|
|
typedef struct SSLCipherSuiteInfoStr {
|
|
|
|
|
PRUint16 length;
|
|
|
|
|
PRUint16 cipherSuite;
|
|
|
|
|
|
|
|
|
|
/* Cipher Suite Name */
|
|
|
|
|
const char * cipherSuiteName;
|
|
|
|
|
|
|
|
|
|
/* server authentication info */
|
|
|
|
|
const char * authAlgorithmName;
|
|
|
|
|
SSLAuthType authAlgorithm;
|
|
|
|
|
|
|
|
|
|
/* key exchange algorithm info */
|
|
|
|
|
const char * keaTypeName;
|
|
|
|
|
SSLKEAType keaType;
|
|
|
|
|
|
|
|
|
|
/* symmetric encryption info */
|
|
|
|
|
const char * symCipherName;
|
|
|
|
|
SSLCipherAlgorithm symCipher;
|
|
|
|
|
PRUint16 symKeyBits;
|
|
|
|
|
PRUint16 symKeySpace;
|
|
|
|
|
PRUint16 effectiveKeyBits;
|
|
|
|
|
|
|
|
|
|
/* MAC info */
|
2018-05-04 16:08:28 +02:00
|
|
|
/* AEAD ciphers don't have a MAC. For an AEAD cipher, macAlgorithmName
|
|
|
|
|
* is "AEAD", macAlgorithm is ssl_mac_aead, and macBits is the length in
|
|
|
|
|
* bits of the authentication tag. */
|
2015-10-21 05:03:22 +02:00
|
|
|
const char * macAlgorithmName;
|
|
|
|
|
SSLMACAlgorithm macAlgorithm;
|
|
|
|
|
PRUint16 macBits;
|
|
|
|
|
|
|
|
|
|
PRUintn isFIPS : 1;
|
|
|
|
|
PRUintn isExportable : 1;
|
|
|
|
|
PRUintn nonStandard : 1;
|
|
|
|
|
PRUintn reservedBits :29;
|
|
|
|
|
|
|
|
|
|
} SSLCipherSuiteInfo;
|
|
|
|
|
|
2018-05-04 16:08:28 +02:00
|
|
|
typedef enum {
|
|
|
|
|
ssl_variant_stream = 0,
|
|
|
|
|
ssl_variant_datagram = 1
|
|
|
|
|
} SSLProtocolVariant;
|
|
|
|
|
|
|
|
|
|
typedef struct SSLVersionRangeStr {
|
|
|
|
|
PRUint16 min;
|
|
|
|
|
PRUint16 max;
|
|
|
|
|
} SSLVersionRange;
|
|
|
|
|
|
|
|
|
|
typedef enum {
|
|
|
|
|
SSL_sni_host_name = 0,
|
|
|
|
|
SSL_sni_type_total
|
|
|
|
|
} SSLSniNameType;
|
|
|
|
|
|
|
|
|
|
/* Supported extensions. */
|
|
|
|
|
/* Update SSL_MAX_EXTENSIONS whenever a new extension type is added. */
|
|
|
|
|
typedef enum {
|
|
|
|
|
ssl_server_name_xtn = 0,
|
|
|
|
|
ssl_cert_status_xtn = 5,
|
cherry-picked mozilla NSS upstream changes (to rev f7a4c771997e, which is on par with 3.16.1 but without windows rand() changes):
9934c8faef29, 3c3b381c4865, 5a67f6beee9a, 1b1eb6d77728, a8b668fd72f7, bug962760, bug743700, bug857304, bug972653, bug972450, bug971358, bug903885, bug977073, bug976111, bug949939, bug947653, bug947572, bug903885, bug979106, bug966596, bug979004, bug979752, bug980848, bug938369, bug981170, bug668130, bug974693, bug975056, bug979132, bug370717, bug979070, bug985070, bug900067, bug977673, bug519255, bug989558, bug557299, bug987263, bug369802, a751a5146718, bug992343, bug952572, bug979703, bug994883, bug994869, bug993489, bug984608, bug977869, bug667371, bug672828, bug793347, bug977869
2018-07-10 17:07:31 +02:00
|
|
|
#ifndef NSS_DISABLE_ECC
|
2018-05-04 16:08:28 +02:00
|
|
|
ssl_elliptic_curves_xtn = 10,
|
|
|
|
|
ssl_ec_point_formats_xtn = 11,
|
|
|
|
|
#endif
|
|
|
|
|
ssl_signature_algorithms_xtn = 13,
|
|
|
|
|
ssl_use_srtp_xtn = 14,
|
|
|
|
|
ssl_app_layer_protocol_xtn = 16,
|
cherry-picked mozilla NSS upstream changes (to rev f7a4c771997e, which is on par with 3.16.1 but without windows rand() changes):
9934c8faef29, 3c3b381c4865, 5a67f6beee9a, 1b1eb6d77728, a8b668fd72f7, bug962760, bug743700, bug857304, bug972653, bug972450, bug971358, bug903885, bug977073, bug976111, bug949939, bug947653, bug947572, bug903885, bug979106, bug966596, bug979004, bug979752, bug980848, bug938369, bug981170, bug668130, bug974693, bug975056, bug979132, bug370717, bug979070, bug985070, bug900067, bug977673, bug519255, bug989558, bug557299, bug987263, bug369802, a751a5146718, bug992343, bug952572, bug979703, bug994883, bug994869, bug993489, bug984608, bug977869, bug667371, bug672828, bug793347, bug977869
2018-07-10 17:07:31 +02:00
|
|
|
ssl_padding_xtn = 21,
|
2018-05-04 16:08:28 +02:00
|
|
|
ssl_session_ticket_xtn = 35,
|
|
|
|
|
ssl_next_proto_nego_xtn = 13172,
|
cherry-picked mozilla NSS upstream changes (to rev 902bc119dcdb, which is on par with 3.17.2):
bug920719, bug1026148, bug1028647, bug963150, bug1030486, bug1025729, bug836658, bug1028582, bug1038728, bug1038526, bug1042634, bug1047210, bug1043891, bug1043108, bug1046735, bug1043082, bug1036735, bug1046718, bug1050107, bug1054625, bug1057465, bug1057476, bug1041326, bug1058933, bug1064636, bug1057161, bug1078669, bug1049435, bug1070493, bug1083360, bug1028764, bug1065990, bug1073330, bug1064670, bug1094650
2018-07-11 15:35:15 +02:00
|
|
|
ssl_renegotiation_info_xtn = 0xff01,
|
|
|
|
|
ssl_tls13_draft_version_xtn = 0xff02 /* experimental number */
|
2018-05-04 16:08:28 +02:00
|
|
|
} SSLExtensionType;
|
|
|
|
|
|
cherry-picked mozilla NSS upstream changes (to rev 902bc119dcdb, which is on par with 3.17.2):
bug920719, bug1026148, bug1028647, bug963150, bug1030486, bug1025729, bug836658, bug1028582, bug1038728, bug1038526, bug1042634, bug1047210, bug1043891, bug1043108, bug1046735, bug1043082, bug1036735, bug1046718, bug1050107, bug1054625, bug1057465, bug1057476, bug1041326, bug1058933, bug1064636, bug1057161, bug1078669, bug1049435, bug1070493, bug1083360, bug1028764, bug1065990, bug1073330, bug1064670, bug1094650
2018-07-11 15:35:15 +02:00
|
|
|
#define SSL_MAX_EXTENSIONS 11 /* doesn't include ssl_padding_xtn. */
|
2018-05-04 16:08:28 +02:00
|
|
|
|
2015-10-21 05:03:22 +02:00
|
|
|
#endif /* __sslt_h_ */
|
