| OLD | NEW |
|---|
| (Empty) | |
| 1 /* Private header file of libSSL. |
| 2 * Various and sundry protocol constants. DON'T CHANGE THESE. These |
| 3 * values are defined by the SSL 3.0 protocol specification. |
| 4 * |
| 5 * ***** BEGIN LICENSE BLOCK ***** |
| 6 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
| 7 * |
| 8 * The contents of this file are subject to the Mozilla Public License Version |
| 9 * 1.1 (the "License"); you may not use this file except in compliance with |
| 10 * the License. You may obtain a copy of the License at |
| 11 * http://www.mozilla.org/MPL/ |
| 12 * |
| 13 * Software distributed under the License is distributed on an "AS IS" basis, |
| 14 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License |
| 15 * for the specific language governing rights and limitations under the |
| 16 * License. |
| 17 * |
| 18 * The Original Code is the Netscape security libraries. |
| 19 * |
| 20 * The Initial Developer of the Original Code is |
| 21 * Netscape Communications Corporation. |
| 22 * Portions created by the Initial Developer are Copyright (C) 1994-2000 |
| 23 * the Initial Developer. All Rights Reserved. |
| 24 * |
| 25 * Contributor(s): |
| 26 * Dr Vipul Gupta <vipul.gupta@sun.com>, Sun Microsystems Laboratories |
| 27 * |
| 28 * Alternatively, the contents of this file may be used under the terms of |
| 29 * either the GNU General Public License Version 2 or later (the "GPL"), or |
| 30 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), |
| 31 * in which case the provisions of the GPL or the LGPL are applicable instead |
| 32 * of those above. If you wish to allow use of your version of this file only |
| 33 * under the terms of either the GPL or the LGPL, and not to allow others to |
| 34 * use your version of this file under the terms of the MPL, indicate your |
| 35 * decision by deleting the provisions above and replace them with the notice |
| 36 * and other provisions required by the GPL or the LGPL. If you do not delete |
| 37 * the provisions above, a recipient may use your version of this file under |
| 38 * the terms of any one of the MPL, the GPL or the LGPL. |
| 39 * |
| 40 * ***** END LICENSE BLOCK ***** */ |
| 41 /* $Id: ssl3prot.h,v 1.15 2009/11/07 18:23:06 wtc%google.com Exp $ */ |
| 42 |
| 43 #ifndef __ssl3proto_h_ |
| 44 #define __ssl3proto_h_ |
| 45 |
| 46 typedef uint8 SSL3Opaque; |
| 47 |
| 48 typedef uint16 SSL3ProtocolVersion; |
| 49 /* version numbers are defined in sslproto.h */ |
| 50 |
| 51 typedef uint16 ssl3CipherSuite; |
| 52 /* The cipher suites are defined in sslproto.h */ |
| 53 |
| 54 #define MAX_CERT_TYPES 10 |
| 55 #define MAX_COMPRESSION_METHODS 10 |
| 56 #define MAX_MAC_LENGTH 64 |
| 57 #define MAX_PADDING_LENGTH 64 |
| 58 #define MAX_KEY_LENGTH 64 |
| 59 #define EXPORT_KEY_LENGTH 5 |
| 60 #define SSL3_RANDOM_LENGTH 32 |
| 61 |
| 62 #define SSL3_RECORD_HEADER_LENGTH 5 |
| 63 |
| 64 #define MAX_FRAGMENT_LENGTH 16384 |
| 65 |
| 66 typedef enum { |
| 67 content_change_cipher_spec = 20, |
| 68 content_alert = 21, |
| 69 content_handshake = 22, |
| 70 content_application_data = 23 |
| 71 } SSL3ContentType; |
| 72 |
| 73 typedef struct { |
| 74 SSL3ContentType type; |
| 75 SSL3ProtocolVersion version; |
| 76 uint16 length; |
| 77 SECItem fragment; |
| 78 } SSL3Plaintext; |
| 79 |
| 80 typedef struct { |
| 81 SSL3ContentType type; |
| 82 SSL3ProtocolVersion version; |
| 83 uint16 length; |
| 84 SECItem fragment; |
| 85 } SSL3Compressed; |
| 86 |
| 87 typedef struct { |
| 88 SECItem content; |
| 89 SSL3Opaque MAC[MAX_MAC_LENGTH]; |
| 90 } SSL3GenericStreamCipher; |
| 91 |
| 92 typedef struct { |
| 93 SECItem content; |
| 94 SSL3Opaque MAC[MAX_MAC_LENGTH]; |
| 95 uint8 padding[MAX_PADDING_LENGTH]; |
| 96 uint8 padding_length; |
| 97 } SSL3GenericBlockCipher; |
| 98 |
| 99 typedef enum { change_cipher_spec_choice = 1 } SSL3ChangeCipherSpecChoice; |
| 100 |
| 101 typedef struct { |
| 102 SSL3ChangeCipherSpecChoice choice; |
| 103 } SSL3ChangeCipherSpec; |
| 104 |
| 105 typedef enum { alert_warning = 1, alert_fatal = 2 } SSL3AlertLevel; |
| 106 |
| 107 typedef enum { |
| 108 close_notify = 0, |
| 109 unexpected_message = 10, |
| 110 bad_record_mac = 20, |
| 111 decryption_failed = 21, /* TLS only */ |
| 112 record_overflow = 22, /* TLS only */ |
| 113 decompression_failure = 30, |
| 114 handshake_failure = 40, |
| 115 no_certificate = 41, /* SSL3 only, NOT TLS */ |
| 116 bad_certificate = 42, |
| 117 unsupported_certificate = 43, |
| 118 certificate_revoked = 44, |
| 119 certificate_expired = 45, |
| 120 certificate_unknown = 46, |
| 121 illegal_parameter = 47, |
| 122 |
| 123 /* All alerts below are TLS only. */ |
| 124 unknown_ca = 48, |
| 125 access_denied = 49, |
| 126 decode_error = 50, |
| 127 decrypt_error = 51, |
| 128 export_restriction = 60, |
| 129 protocol_version = 70, |
| 130 insufficient_security = 71, |
| 131 internal_error = 80, |
| 132 user_canceled = 90, |
| 133 no_renegotiation = 100, |
| 134 |
| 135 /* Alerts for client hello extensions */ |
| 136 unsupported_extension = 110, |
| 137 certificate_unobtainable = 111, |
| 138 unrecognized_name = 112, |
| 139 bad_certificate_status_response = 113, |
| 140 bad_certificate_hash_value = 114 |
| 141 |
| 142 } SSL3AlertDescription; |
| 143 |
| 144 typedef struct { |
| 145 SSL3AlertLevel level; |
| 146 SSL3AlertDescription description; |
| 147 } SSL3Alert; |
| 148 |
| 149 typedef enum { |
| 150 hello_request = 0, |
| 151 client_hello = 1, |
| 152 server_hello = 2, |
| 153 new_session_ticket = 4, |
| 154 certificate = 11, |
| 155 server_key_exchange = 12, |
| 156 certificate_request = 13, |
| 157 server_hello_done = 14, |
| 158 certificate_verify = 15, |
| 159 client_key_exchange = 16, |
| 160 finished = 20 |
| 161 } SSL3HandshakeType; |
| 162 |
| 163 typedef struct { |
| 164 uint8 empty; |
| 165 } SSL3HelloRequest; |
| 166 |
| 167 typedef struct { |
| 168 SSL3Opaque rand[SSL3_RANDOM_LENGTH]; |
| 169 } SSL3Random; |
| 170 |
| 171 typedef struct { |
| 172 SSL3Opaque id[32]; |
| 173 uint8 length; |
| 174 } SSL3SessionID; |
| 175 |
| 176 typedef struct { |
| 177 SSL3ProtocolVersion client_version; |
| 178 SSL3Random random; |
| 179 SSL3SessionID session_id; |
| 180 SECItem cipher_suites; |
| 181 uint8 cm_count; |
| 182 SSLCompressionMethod compression_methods[MAX_COMPRESSION_METHODS]; |
| 183 } SSL3ClientHello; |
| 184 |
| 185 typedef struct { |
| 186 SSL3ProtocolVersion server_version; |
| 187 SSL3Random random; |
| 188 SSL3SessionID session_id; |
| 189 ssl3CipherSuite cipher_suite; |
| 190 SSLCompressionMethod compression_method; |
| 191 } SSL3ServerHello; |
| 192 |
| 193 typedef struct { |
| 194 SECItem list; |
| 195 } SSL3Certificate; |
| 196 |
| 197 /* SSL3SignType moved to ssl.h */ |
| 198 |
| 199 /* The SSL key exchange method used */ |
| 200 typedef enum { |
| 201 kea_null, |
| 202 kea_rsa, |
| 203 kea_rsa_export, |
| 204 kea_rsa_export_1024, |
| 205 kea_dh_dss, |
| 206 kea_dh_dss_export, |
| 207 kea_dh_rsa, |
| 208 kea_dh_rsa_export, |
| 209 kea_dhe_dss, |
| 210 kea_dhe_dss_export, |
| 211 kea_dhe_rsa, |
| 212 kea_dhe_rsa_export, |
| 213 kea_dh_anon, |
| 214 kea_dh_anon_export, |
| 215 kea_rsa_fips, |
| 216 kea_ecdh_ecdsa, |
| 217 kea_ecdhe_ecdsa, |
| 218 kea_ecdh_rsa, |
| 219 kea_ecdhe_rsa, |
| 220 kea_ecdh_anon |
| 221 } SSL3KeyExchangeAlgorithm; |
| 222 |
| 223 typedef struct { |
| 224 SECItem modulus; |
| 225 SECItem exponent; |
| 226 } SSL3ServerRSAParams; |
| 227 |
| 228 typedef struct { |
| 229 SECItem p; |
| 230 SECItem g; |
| 231 SECItem Ys; |
| 232 } SSL3ServerDHParams; |
| 233 |
| 234 typedef struct { |
| 235 union { |
| 236 SSL3ServerDHParams dh; |
| 237 SSL3ServerRSAParams rsa; |
| 238 } u; |
| 239 } SSL3ServerParams; |
| 240 |
| 241 typedef struct { |
| 242 uint8 md5[16]; |
| 243 uint8 sha[20]; |
| 244 } SSL3Hashes; |
| 245 |
| 246 typedef struct { |
| 247 union { |
| 248 SSL3Opaque anonymous; |
| 249 SSL3Hashes certified; |
| 250 } u; |
| 251 } SSL3ServerKeyExchange; |
| 252 |
| 253 typedef enum { |
| 254 ct_RSA_sign = 1, |
| 255 ct_DSS_sign = 2, |
| 256 ct_RSA_fixed_DH = 3, |
| 257 ct_DSS_fixed_DH = 4, |
| 258 ct_RSA_ephemeral_DH = 5, |
| 259 ct_DSS_ephemeral_DH = 6, |
| 260 ct_ECDSA_sign = 64, |
| 261 ct_RSA_fixed_ECDH = 65, |
| 262 ct_ECDSA_fixed_ECDH = 66 |
| 263 |
| 264 } SSL3ClientCertificateType; |
| 265 |
| 266 typedef SECItem *SSL3DistinquishedName; |
| 267 |
| 268 typedef struct { |
| 269 SSL3Opaque client_version[2]; |
| 270 SSL3Opaque random[46]; |
| 271 } SSL3RSAPreMasterSecret; |
| 272 |
| 273 typedef SECItem SSL3EncryptedPreMasterSecret; |
| 274 |
| 275 |
| 276 typedef SSL3Opaque SSL3MasterSecret[48]; |
| 277 |
| 278 typedef enum { implicit, explicit } SSL3PublicValueEncoding; |
| 279 |
| 280 typedef struct { |
| 281 union { |
| 282 SSL3Opaque implicit; |
| 283 SECItem explicit; |
| 284 } dh_public; |
| 285 } SSL3ClientDiffieHellmanPublic; |
| 286 |
| 287 typedef struct { |
| 288 union { |
| 289 SSL3EncryptedPreMasterSecret rsa; |
| 290 SSL3ClientDiffieHellmanPublic diffie_helman; |
| 291 } exchange_keys; |
| 292 } SSL3ClientKeyExchange; |
| 293 |
| 294 typedef SSL3Hashes SSL3PreSignedCertificateVerify; |
| 295 |
| 296 typedef SECItem SSL3CertificateVerify; |
| 297 |
| 298 typedef enum { |
| 299 sender_client = 0x434c4e54, |
| 300 sender_server = 0x53525652 |
| 301 } SSL3Sender; |
| 302 |
| 303 typedef SSL3Hashes SSL3Finished; |
| 304 |
| 305 typedef struct { |
| 306 SSL3Opaque verify_data[12]; |
| 307 } TLSFinished; |
| 308 |
| 309 /* |
| 310 * TLS extension related data structures and constants. |
| 311 */ |
| 312 |
| 313 /* SessionTicket extension related data structures. */ |
| 314 |
| 315 /* NewSessionTicket handshake message. */ |
| 316 typedef struct { |
| 317 uint32 received_timestamp; |
| 318 uint32 ticket_lifetime_hint; |
| 319 SECItem ticket; |
| 320 } NewSessionTicket; |
| 321 |
| 322 typedef enum { |
| 323 CLIENT_AUTH_ANONYMOUS = 0, |
| 324 CLIENT_AUTH_CERTIFICATE = 1 |
| 325 } ClientAuthenticationType; |
| 326 |
| 327 typedef struct { |
| 328 ClientAuthenticationType client_auth_type; |
| 329 union { |
| 330 SSL3Opaque *certificate_list; |
| 331 } identity; |
| 332 } ClientIdentity; |
| 333 |
| 334 #define SESS_TICKET_KEY_NAME_LEN 16 |
| 335 #define SESS_TICKET_KEY_NAME_PREFIX "NSS!" |
| 336 #define SESS_TICKET_KEY_NAME_PREFIX_LEN 4 |
| 337 #define SESS_TICKET_KEY_VAR_NAME_LEN 12 |
| 338 |
| 339 typedef struct { |
| 340 unsigned char *key_name; |
| 341 unsigned char *iv; |
| 342 SECItem encrypted_state; |
| 343 unsigned char *mac; |
| 344 } EncryptedSessionTicket; |
| 345 |
| 346 /* Supported extensions. */ |
| 347 /* Update MAX_EXTENSIONS whenever a new extension type is added. */ |
| 348 typedef enum { |
| 349 server_name_xtn = 0, |
| 350 #ifdef NSS_ENABLE_ECC |
| 351 elliptic_curves_xtn = 10, |
| 352 ec_point_formats_xtn = 11, |
| 353 #endif |
| 354 session_ticket_xtn = 35 |
| 355 } ExtensionType; |
| 356 |
| 357 #define MAX_EXTENSIONS 4 |
| 358 |
| 359 #define TLS_EX_SESS_TICKET_MAC_LENGTH 32 |
| 360 |
| 361 #endif /* __ssl3proto_h_ */ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 394003:
Linux: enable building with a local version of libssl. (Closed)
