mirror of
https://github.com/rn10950/RetroZilla.git
synced 2024-11-15 12:00:38 +01:00
1c9b432ff7
M1357599, M923089+M1276618+M1278434, M1485864, M1520826, M1558548, #481-X25519, M1586176 with custom changes: - coreconf+makefiles: set NSS_NO_PKCS11_BYPASS by default (to disable, set NSS_PKCS11_BYPASS) and fix logic - curve25519_32: use PRuint32 instead of uint32_t - smime: fix decl on top of block - ssl3con: more VC6 fixes
260 lines
7.8 KiB
C
260 lines
7.8 KiB
C
/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
|
|
/*
|
|
* This file contains prototypes for the public SSL functions.
|
|
*
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
#ifndef __sslt_h_
|
|
#define __sslt_h_
|
|
|
|
#include "prtypes.h"
|
|
|
|
typedef struct SSL3StatisticsStr {
|
|
/* statistics from ssl3_SendClientHello (sch) */
|
|
long sch_sid_cache_hits;
|
|
long sch_sid_cache_misses;
|
|
long sch_sid_cache_not_ok;
|
|
|
|
/* statistics from ssl3_HandleServerHello (hsh) */
|
|
long hsh_sid_cache_hits;
|
|
long hsh_sid_cache_misses;
|
|
long hsh_sid_cache_not_ok;
|
|
|
|
/* statistics from ssl3_HandleClientHello (hch) */
|
|
long hch_sid_cache_hits;
|
|
long hch_sid_cache_misses;
|
|
long hch_sid_cache_not_ok;
|
|
|
|
/* statistics related to stateless resume */
|
|
long sch_sid_stateless_resumes;
|
|
long hsh_sid_stateless_resumes;
|
|
long hch_sid_stateless_resumes;
|
|
long hch_sid_ticket_parse_failures;
|
|
} SSL3Statistics;
|
|
|
|
/* Key Exchange algorithm values */
|
|
typedef enum {
|
|
ssl_kea_null = 0,
|
|
ssl_kea_rsa = 1,
|
|
ssl_kea_dh = 2,
|
|
ssl_kea_fortezza = 3, /* deprecated, now unused */
|
|
ssl_kea_ecdh = 4,
|
|
ssl_kea_size /* number of ssl_kea_ algorithms */
|
|
} SSLKEAType;
|
|
|
|
/* The following defines are for backwards compatibility.
|
|
** They will be removed in a forthcoming release to reduce namespace pollution.
|
|
** programs that use the kt_ symbols should convert to the ssl_kt_ symbols
|
|
** soon.
|
|
*/
|
|
#define kt_null ssl_kea_null
|
|
#define kt_rsa ssl_kea_rsa
|
|
#define kt_dh ssl_kea_dh
|
|
#define kt_fortezza ssl_kea_fortezza /* deprecated, now unused */
|
|
#define kt_ecdh ssl_kea_ecdh
|
|
#define kt_kea_size ssl_kea_size
|
|
|
|
|
|
/* Values of this enum match the SignatureAlgorithm enum from
|
|
* https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */
|
|
typedef enum {
|
|
ssl_sign_null = 0, /* "anonymous" in TLS */
|
|
ssl_sign_rsa = 1,
|
|
ssl_sign_dsa = 2,
|
|
ssl_sign_ecdsa = 3
|
|
} SSLSignType;
|
|
|
|
/* Values of this enum match the HashAlgorithm enum from
|
|
* https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */
|
|
typedef enum {
|
|
/* ssl_hash_none is used internally to mean the pre-1.2 combination of MD5
|
|
* and SHA1. The other values are only used in TLS 1.2. */
|
|
ssl_hash_none = 0,
|
|
ssl_hash_md5 = 1,
|
|
ssl_hash_sha1 = 2,
|
|
ssl_hash_sha224 = 3,
|
|
ssl_hash_sha256 = 4,
|
|
ssl_hash_sha384 = 5,
|
|
ssl_hash_sha512 = 6
|
|
} SSLHashType;
|
|
|
|
typedef struct SSLSignatureAndHashAlgStr {
|
|
SSLHashType hashAlg;
|
|
SSLSignType sigAlg;
|
|
} SSLSignatureAndHashAlg;
|
|
|
|
typedef enum {
|
|
ssl_auth_null = 0,
|
|
ssl_auth_rsa = 1,
|
|
ssl_auth_dsa = 2,
|
|
ssl_auth_kea = 3,
|
|
ssl_auth_ecdsa = 4
|
|
} SSLAuthType;
|
|
|
|
typedef enum {
|
|
ssl_calg_null = 0,
|
|
ssl_calg_rc4 = 1,
|
|
ssl_calg_rc2 = 2,
|
|
ssl_calg_des = 3,
|
|
ssl_calg_3des = 4,
|
|
ssl_calg_idea = 5,
|
|
ssl_calg_fortezza = 6, /* deprecated, now unused */
|
|
ssl_calg_aes = 7,
|
|
ssl_calg_camellia = 8,
|
|
ssl_calg_seed = 9,
|
|
ssl_calg_aes_gcm = 10,
|
|
ssl_calg_camellia_gcm = 11
|
|
} SSLCipherAlgorithm;
|
|
|
|
typedef enum {
|
|
ssl_mac_null = 0,
|
|
ssl_mac_md5 = 1,
|
|
ssl_mac_sha = 2,
|
|
ssl_hmac_md5 = 3, /* TLS HMAC version of mac_md5 */
|
|
ssl_hmac_sha = 4, /* TLS HMAC version of mac_sha */
|
|
ssl_hmac_sha256 = 5,
|
|
ssl_mac_aead = 6,
|
|
ssl_hmac_sha384 = 7
|
|
} SSLMACAlgorithm;
|
|
|
|
typedef enum {
|
|
ssl_compression_null = 0,
|
|
ssl_compression_deflate = 1 /* RFC 3749 */
|
|
} SSLCompressionMethod;
|
|
|
|
typedef struct SSLChannelInfoStr {
|
|
PRUint32 length;
|
|
PRUint16 protocolVersion;
|
|
PRUint16 cipherSuite;
|
|
|
|
/* server authentication info */
|
|
PRUint32 authKeyBits;
|
|
|
|
/* key exchange algorithm info */
|
|
PRUint32 keaKeyBits;
|
|
|
|
/* session info */
|
|
PRUint32 creationTime; /* seconds since Jan 1, 1970 */
|
|
PRUint32 lastAccessTime; /* seconds since Jan 1, 1970 */
|
|
PRUint32 expirationTime; /* seconds since Jan 1, 1970 */
|
|
PRUint32 sessionIDLength; /* up to 32 */
|
|
PRUint8 sessionID [32];
|
|
|
|
/* The following fields are added in NSS 3.12.5. */
|
|
|
|
/* compression method info */
|
|
const char * compressionMethodName;
|
|
SSLCompressionMethod compressionMethod;
|
|
|
|
/* The following fields are added in NSS 3.21.
|
|
* This field only has meaning in TLS < 1.3 and will be set to
|
|
* PR_FALSE in TLS 1.3.
|
|
*/
|
|
PRBool extendedMasterSecretUsed;
|
|
} SSLChannelInfo;
|
|
|
|
/* Preliminary channel info */
|
|
#define ssl_preinfo_version (1U << 0)
|
|
#define ssl_preinfo_cipher_suite (1U << 1)
|
|
#define ssl_preinfo_all (ssl_preinfo_version|ssl_preinfo_cipher_suite)
|
|
|
|
typedef struct SSLPreliminaryChannelInfoStr {
|
|
/* This is set to the length of the struct. */
|
|
PRUint32 length;
|
|
/* A bitfield over SSLPreliminaryValueSet that describes which
|
|
* preliminary values are set (see ssl_preinfo_*). */
|
|
PRUint32 valuesSet;
|
|
/* Protocol version: test (valuesSet & ssl_preinfo_version) */
|
|
PRUint16 protocolVersion;
|
|
/* Cipher suite: test (valuesSet & ssl_preinfo_cipher_suite) */
|
|
PRUint16 cipherSuite;
|
|
} SSLPreliminaryChannelInfo;
|
|
|
|
typedef struct SSLCipherSuiteInfoStr {
|
|
PRUint16 length;
|
|
PRUint16 cipherSuite;
|
|
|
|
/* Cipher Suite Name */
|
|
const char * cipherSuiteName;
|
|
|
|
/* server authentication info */
|
|
const char * authAlgorithmName;
|
|
SSLAuthType authAlgorithm;
|
|
|
|
/* key exchange algorithm info */
|
|
const char * keaTypeName;
|
|
SSLKEAType keaType;
|
|
|
|
/* symmetric encryption info */
|
|
const char * symCipherName;
|
|
SSLCipherAlgorithm symCipher;
|
|
PRUint16 symKeyBits;
|
|
PRUint16 symKeySpace;
|
|
PRUint16 effectiveKeyBits;
|
|
|
|
/* MAC info */
|
|
/* AEAD ciphers don't have a MAC. For an AEAD cipher, macAlgorithmName
|
|
* is "AEAD", macAlgorithm is ssl_mac_aead, and macBits is the length in
|
|
* bits of the authentication tag. */
|
|
const char * macAlgorithmName;
|
|
SSLMACAlgorithm macAlgorithm;
|
|
PRUint16 macBits;
|
|
|
|
PRUintn isFIPS : 1;
|
|
PRUintn isExportable : 1;
|
|
PRUintn nonStandard : 1;
|
|
PRUintn reservedBits :29;
|
|
|
|
} SSLCipherSuiteInfo;
|
|
|
|
typedef enum {
|
|
ssl_variant_stream = 0,
|
|
ssl_variant_datagram = 1
|
|
} SSLProtocolVariant;
|
|
|
|
typedef struct SSLVersionRangeStr {
|
|
PRUint16 min;
|
|
PRUint16 max;
|
|
} SSLVersionRange;
|
|
|
|
typedef enum {
|
|
SSL_sni_host_name = 0,
|
|
SSL_sni_type_total
|
|
} SSLSniNameType;
|
|
|
|
/* Supported extensions. */
|
|
/* Update SSL_MAX_EXTENSIONS whenever a new extension type is added. */
|
|
typedef enum {
|
|
ssl_server_name_xtn = 0,
|
|
ssl_cert_status_xtn = 5,
|
|
#ifndef NSS_DISABLE_ECC
|
|
ssl_elliptic_curves_xtn = 10,
|
|
ssl_ec_point_formats_xtn = 11,
|
|
#endif
|
|
ssl_signature_algorithms_xtn = 13,
|
|
ssl_use_srtp_xtn = 14,
|
|
ssl_app_layer_protocol_xtn = 16,
|
|
ssl_padding_xtn = 21,
|
|
ssl_extended_master_secret_xtn = 23,
|
|
ssl_session_ticket_xtn = 35,
|
|
ssl_next_proto_nego_xtn = 13172,
|
|
ssl_renegotiation_info_xtn = 0xff01,
|
|
ssl_tls13_draft_version_xtn = 0xff02 /* experimental number */
|
|
} SSLExtensionType;
|
|
|
|
#define SSL_MAX_EXTENSIONS 12 /* doesn't include ssl_padding_xtn. */
|
|
|
|
typedef enum {
|
|
ssl_dhe_group_none = 0,
|
|
ssl_ff_dhe_2048_group = 1,
|
|
ssl_ff_dhe_3072_group = 2,
|
|
ssl_ff_dhe_4096_group = 3,
|
|
ssl_ff_dhe_6144_group = 4,
|
|
ssl_ff_dhe_8192_group = 5,
|
|
ssl_dhe_group_max
|
|
} SSLDHEGroupType;
|
|
|
|
#endif /* __sslt_h_ */
|