OLD | NEW |
1 /* Private header file of libSSL. | 1 /* Private header file of libSSL. |
2 * Various and sundry protocol constants. DON'T CHANGE THESE. These | 2 * Various and sundry protocol constants. DON'T CHANGE THESE. These |
3 * values are defined by the SSL 3.0 protocol specification. | 3 * values are defined by the SSL 3.0 protocol specification. |
4 * | 4 * |
5 * This Source Code Form is subject to the terms of the Mozilla Public | 5 * This Source Code Form is subject to the terms of the Mozilla Public |
6 * License, v. 2.0. If a copy of the MPL was not distributed with this | 6 * License, v. 2.0. If a copy of the MPL was not distributed with this |
7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
8 | 8 |
9 #ifndef __ssl3proto_h_ | 9 #ifndef __ssl3proto_h_ |
10 #define __ssl3proto_h_ | 10 #define __ssl3proto_h_ |
11 | 11 |
12 typedef PRUint8 SSL3Opaque; | 12 typedef PRUint8 SSL3Opaque; |
13 | 13 |
14 typedef PRUint16 SSL3ProtocolVersion; | 14 typedef PRUint16 SSL3ProtocolVersion; |
15 /* version numbers are defined in sslproto.h */ | 15 /* version numbers are defined in sslproto.h */ |
16 | 16 |
| 17 /* The TLS 1.3 draft version. Used to avoid negotiating |
| 18 * between incompatible pre-standard TLS 1.3 drafts. |
| 19 * TODO(ekr@rtfm.com): Remove when TLS 1.3 is published. */ |
| 20 #define TLS_1_3_DRAFT_VERSION 3 |
| 21 |
17 typedef PRUint16 ssl3CipherSuite; | 22 typedef PRUint16 ssl3CipherSuite; |
18 /* The cipher suites are defined in sslproto.h */ | 23 /* The cipher suites are defined in sslproto.h */ |
19 | 24 |
20 #define MAX_CERT_TYPES» » » 10 | 25 #define MAX_CERT_TYPES 10 |
21 #define MAX_COMPRESSION_METHODS»» 10 | 26 #define MAX_COMPRESSION_METHODS 10 |
22 #define MAX_MAC_LENGTH» » » 64 | 27 #define MAX_MAC_LENGTH 64 |
23 #define MAX_PADDING_LENGTH» » 64 | 28 #define MAX_PADDING_LENGTH 64 |
24 #define MAX_KEY_LENGTH» » » 64 | 29 #define MAX_KEY_LENGTH 64 |
25 #define EXPORT_KEY_LENGTH» » 5 | 30 #define EXPORT_KEY_LENGTH 5 |
26 #define SSL3_RANDOM_LENGTH» » 32 | 31 #define SSL3_RANDOM_LENGTH 32 |
27 | 32 |
28 #define SSL3_RECORD_HEADER_LENGTH» 5 | 33 #define SSL3_RECORD_HEADER_LENGTH 5 |
29 | 34 |
30 /* SSL3_RECORD_HEADER_LENGTH + epoch/sequence_number */ | 35 /* SSL3_RECORD_HEADER_LENGTH + epoch/sequence_number */ |
31 #define DTLS_RECORD_HEADER_LENGTH 13 | 36 #define DTLS_RECORD_HEADER_LENGTH 13 |
32 | 37 |
33 #define MAX_FRAGMENT_LENGTH» » 16384 | 38 #define MAX_FRAGMENT_LENGTH 16384 |
34 | 39 |
35 typedef enum { | 40 typedef enum { |
36 content_change_cipher_spec = 20, | 41 content_change_cipher_spec = 20, |
37 content_alert = 21, | 42 content_alert = 21, |
38 content_handshake = 22, | 43 content_handshake = 22, |
39 content_application_data = 23 | 44 content_application_data = 23 |
40 } SSL3ContentType; | 45 } SSL3ContentType; |
41 | 46 |
42 typedef struct { | 47 typedef struct { |
43 SSL3ContentType type; | 48 SSL3ContentType type; |
44 SSL3ProtocolVersion version; | 49 SSL3ProtocolVersion version; |
45 PRUint16 length; | 50 PRUint16 length; |
46 SECItem fragment; | 51 SECItem fragment; |
47 } SSL3Plaintext; | 52 } SSL3Plaintext; |
48 | 53 |
(...skipping 21 matching lines...) Expand all Loading... |
70 typedef struct { | 75 typedef struct { |
71 SSL3ChangeCipherSpecChoice choice; | 76 SSL3ChangeCipherSpecChoice choice; |
72 } SSL3ChangeCipherSpec; | 77 } SSL3ChangeCipherSpec; |
73 | 78 |
74 typedef enum { alert_warning = 1, alert_fatal = 2 } SSL3AlertLevel; | 79 typedef enum { alert_warning = 1, alert_fatal = 2 } SSL3AlertLevel; |
75 | 80 |
76 typedef enum { | 81 typedef enum { |
77 close_notify = 0, | 82 close_notify = 0, |
78 unexpected_message = 10, | 83 unexpected_message = 10, |
79 bad_record_mac = 20, | 84 bad_record_mac = 20, |
80 decryption_failed_RESERVED = 21,» /* do not send; see RFC 5246 */ | 85 decryption_failed_RESERVED = 21, /* do not send; see RFC 5246 */ |
81 record_overflow = 22,» /* TLS only */ | 86 record_overflow = 22, /* TLS only */ |
82 decompression_failure = 30, | 87 decompression_failure = 30, |
83 handshake_failure = 40, | 88 handshake_failure = 40, |
84 no_certificate = 41,» /* SSL3 only, NOT TLS */ | 89 no_certificate = 41, /* SSL3 only, NOT TLS */ |
85 bad_certificate = 42, | 90 bad_certificate = 42, |
86 unsupported_certificate = 43, | 91 unsupported_certificate = 43, |
87 certificate_revoked = 44, | 92 certificate_revoked = 44, |
88 certificate_expired = 45, | 93 certificate_expired = 45, |
89 certificate_unknown = 46, | 94 certificate_unknown = 46, |
90 illegal_parameter = 47, | 95 illegal_parameter = 47, |
91 | 96 |
92 /* All alerts below are TLS only. */ | 97 /* All alerts below are TLS only. */ |
93 unknown_ca = 48, | 98 unknown_ca = 48, |
94 access_denied = 49, | 99 access_denied = 49, |
(...skipping 16 matching lines...) Expand all Loading... |
111 no_application_protocol = 120 | 116 no_application_protocol = 120 |
112 | 117 |
113 } SSL3AlertDescription; | 118 } SSL3AlertDescription; |
114 | 119 |
115 typedef struct { | 120 typedef struct { |
116 SSL3AlertLevel level; | 121 SSL3AlertLevel level; |
117 SSL3AlertDescription description; | 122 SSL3AlertDescription description; |
118 } SSL3Alert; | 123 } SSL3Alert; |
119 | 124 |
120 typedef enum { | 125 typedef enum { |
121 hello_request» = 0, | 126 hello_request = 0, |
122 client_hello» = 1, | 127 client_hello = 1, |
123 server_hello» = 2, | 128 server_hello = 2, |
124 hello_verify_request = 3, | 129 hello_verify_request = 3, |
125 new_session_ticket» = 4, | 130 new_session_ticket = 4, |
126 certificate » = 11, | 131 certificate = 11, |
127 server_key_exchange = 12, | 132 server_key_exchange = 12, |
128 certificate_request»= 13, | 133 certificate_request = 13, |
129 server_hello_done» = 14, | 134 server_hello_done = 14, |
130 certificate_verify» = 15, | 135 certificate_verify = 15, |
131 client_key_exchange»= 16, | 136 client_key_exchange = 16, |
132 finished» » = 20, | 137 finished = 20, |
133 certificate_status = 22, | 138 certificate_status = 22, |
134 next_proto» » = 67, | 139 next_proto = 67, |
135 encrypted_extensions= 203 | 140 encrypted_extensions = 203, |
136 } SSL3HandshakeType; | 141 } SSL3HandshakeType; |
137 | 142 |
138 typedef struct { | 143 typedef struct { |
139 PRUint8 empty; | 144 PRUint8 empty; |
140 } SSL3HelloRequest; | 145 } SSL3HelloRequest; |
141 | 146 |
142 typedef struct { | 147 typedef struct { |
143 SSL3Opaque rand[SSL3_RANDOM_LENGTH]; | 148 SSL3Opaque rand[SSL3_RANDOM_LENGTH]; |
144 } SSL3Random; | 149 } SSL3Random; |
145 | 150 |
146 typedef struct { | 151 typedef struct { |
147 SSL3Opaque id[32]; | 152 SSL3Opaque id[32]; |
148 PRUint8 length; | 153 PRUint8 length; |
149 } SSL3SessionID; | 154 } SSL3SessionID; |
150 | 155 |
151 typedef struct { | 156 typedef struct { |
152 SSL3ProtocolVersion client_version; | 157 SSL3ProtocolVersion client_version; |
153 SSL3Random random; | 158 SSL3Random random; |
154 SSL3SessionID session_id; | 159 SSL3SessionID session_id; |
155 SECItem cipher_suites; | 160 SECItem cipher_suites; |
156 PRUint8 cm_count; | 161 PRUint8 cm_count; |
157 SSLCompressionMethod compression_methods[MAX_COMPRESSION_METHODS]; | 162 SSLCompressionMethod compression_methods[MAX_COMPRESSION_METHODS]; |
158 } SSL3ClientHello; | 163 } SSL3ClientHello; |
159 | 164 |
160 typedef struct { | 165 typedef struct { |
161 SSL3ProtocolVersion server_version; | 166 SSL3ProtocolVersion server_version; |
162 SSL3Random random; | 167 SSL3Random random; |
163 SSL3SessionID session_id; | 168 SSL3SessionID session_id; |
164 ssl3CipherSuite cipher_suite; | 169 ssl3CipherSuite cipher_suite; |
165 SSLCompressionMethod compression_method; | 170 SSLCompressionMethod compression_method; |
166 } SSL3ServerHello; | 171 } SSL3ServerHello; |
167 | 172 |
168 typedef struct { | 173 typedef struct { |
169 SECItem list; | 174 SECItem list; |
170 } SSL3Certificate; | 175 } SSL3Certificate; |
171 | 176 |
172 /* SSL3SignType moved to ssl.h */ | 177 /* SSL3SignType moved to ssl.h */ |
173 | 178 |
174 /* The SSL key exchange method used */ | 179 /* The SSL key exchange method used */ |
175 typedef enum { | 180 typedef enum { |
176 kea_null, | 181 kea_null, |
177 kea_rsa, | 182 kea_rsa, |
178 kea_rsa_export, | 183 kea_rsa_export, |
179 kea_rsa_export_1024, | 184 kea_rsa_export_1024, |
180 kea_dh_dss, | 185 kea_dh_dss, |
181 kea_dh_dss_export, | 186 kea_dh_dss_export, |
182 kea_dh_rsa, | 187 kea_dh_rsa, |
183 kea_dh_rsa_export, | 188 kea_dh_rsa_export, |
184 kea_dhe_dss, | 189 kea_dhe_dss, |
185 kea_dhe_dss_export, | 190 kea_dhe_dss_export, |
186 kea_dhe_rsa, | 191 kea_dhe_rsa, |
187 kea_dhe_rsa_export, | 192 kea_dhe_rsa_export, |
188 kea_dh_anon, | 193 kea_dh_anon, |
189 kea_dh_anon_export, | 194 kea_dh_anon_export, |
190 kea_rsa_fips, | 195 kea_rsa_fips, |
191 kea_ecdh_ecdsa, | 196 kea_ecdh_ecdsa, |
192 kea_ecdhe_ecdsa, | 197 kea_ecdhe_ecdsa, |
193 kea_ecdh_rsa, | 198 kea_ecdh_rsa, |
194 kea_ecdhe_rsa, | 199 kea_ecdhe_rsa, |
195 kea_ecdh_anon | 200 kea_ecdh_anon |
196 } SSL3KeyExchangeAlgorithm; | 201 } SSL3KeyExchangeAlgorithm; |
197 | 202 |
198 typedef struct { | 203 typedef struct { |
199 SECItem modulus; | 204 SECItem modulus; |
200 SECItem exponent; | 205 SECItem exponent; |
201 } SSL3ServerRSAParams; | 206 } SSL3ServerRSAParams; |
202 | 207 |
203 typedef struct { | 208 typedef struct { |
204 SECItem p; | 209 SECItem p; |
205 SECItem g; | 210 SECItem g; |
206 SECItem Ys; | 211 SECItem Ys; |
207 } SSL3ServerDHParams; | 212 } SSL3ServerDHParams; |
208 | 213 |
209 typedef struct { | 214 typedef struct { |
210 union { | 215 union { |
211 » SSL3ServerDHParams dh; | 216 SSL3ServerDHParams dh; |
212 » SSL3ServerRSAParams rsa; | 217 SSL3ServerRSAParams rsa; |
213 } u; | 218 } u; |
214 } SSL3ServerParams; | 219 } SSL3ServerParams; |
215 | 220 |
216 /* This enum reflects HashAlgorithm enum from | 221 /* This enum reflects HashAlgorithm enum from |
217 * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 | 222 * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 |
218 * | 223 * |
219 * When updating, be sure to also update ssl3_TLSHashAlgorithmToOID. */ | 224 * When updating, be sure to also update ssl3_TLSHashAlgorithmToOID. */ |
220 enum { | 225 enum { |
221 tls_hash_md5 = 1, | 226 tls_hash_md5 = 1, |
222 tls_hash_sha1 = 2, | 227 tls_hash_sha1 = 2, |
(...skipping 23 matching lines...) Expand all Loading... |
246 PRUint8 sha[20]; | 251 PRUint8 sha[20]; |
247 } SSL3HashesIndividually; | 252 } SSL3HashesIndividually; |
248 | 253 |
249 /* SSL3Hashes contains an SSL hash value. The digest is contained in |u.raw| | 254 /* SSL3Hashes contains an SSL hash value. The digest is contained in |u.raw| |
250 * which, if |hashAlg==SEC_OID_UNKNOWN| is also a SSL3HashesIndividually | 255 * which, if |hashAlg==SEC_OID_UNKNOWN| is also a SSL3HashesIndividually |
251 * struct. */ | 256 * struct. */ |
252 typedef struct { | 257 typedef struct { |
253 unsigned int len; | 258 unsigned int len; |
254 SECOidTag hashAlg; | 259 SECOidTag hashAlg; |
255 union { | 260 union { |
256 » PRUint8 raw[64]; | 261 PRUint8 raw[64]; |
257 » SSL3HashesIndividually s; | 262 SSL3HashesIndividually s; |
258 } u; | 263 } u; |
259 } SSL3Hashes; | 264 } SSL3Hashes; |
260 | 265 |
261 typedef struct { | 266 typedef struct { |
262 union { | 267 union { |
263 » SSL3Opaque anonymous; | 268 SSL3Opaque anonymous; |
264 » SSL3Hashes certified; | 269 SSL3Hashes certified; |
265 } u; | 270 } u; |
266 } SSL3ServerKeyExchange; | 271 } SSL3ServerKeyExchange; |
267 | 272 |
268 typedef enum { | 273 typedef enum { |
269 ct_RSA_sign » = 1, | 274 ct_RSA_sign = 1, |
270 ct_DSS_sign » = 2, | 275 ct_DSS_sign = 2, |
271 ct_RSA_fixed_DH » = 3, | 276 ct_RSA_fixed_DH = 3, |
272 ct_DSS_fixed_DH » = 4, | 277 ct_DSS_fixed_DH = 4, |
273 ct_RSA_ephemeral_DH = 5, | 278 ct_RSA_ephemeral_DH = 5, |
274 ct_DSS_ephemeral_DH = 6, | 279 ct_DSS_ephemeral_DH = 6, |
275 ct_ECDSA_sign» = 64, | 280 ct_ECDSA_sign = 64, |
276 ct_RSA_fixed_ECDH» = 65, | 281 ct_RSA_fixed_ECDH = 65, |
277 ct_ECDSA_fixed_ECDH»= 66 | 282 ct_ECDSA_fixed_ECDH = 66 |
278 | 283 |
279 } SSL3ClientCertificateType; | 284 } SSL3ClientCertificateType; |
280 | 285 |
281 typedef SECItem *SSL3DistinquishedName; | 286 typedef SECItem *SSL3DistinquishedName; |
282 | 287 |
283 typedef struct { | 288 typedef struct { |
284 SSL3Opaque client_version[2]; | 289 SSL3Opaque client_version[2]; |
285 SSL3Opaque random[46]; | 290 SSL3Opaque random[46]; |
286 } SSL3RSAPreMasterSecret; | 291 } SSL3RSAPreMasterSecret; |
287 | 292 |
288 typedef SECItem SSL3EncryptedPreMasterSecret; | 293 typedef SECItem SSL3EncryptedPreMasterSecret; |
289 | 294 |
290 | 295 |
291 typedef SSL3Opaque SSL3MasterSecret[48]; | 296 typedef SSL3Opaque SSL3MasterSecret[48]; |
292 | 297 |
293 typedef enum { implicit, explicit } SSL3PublicValueEncoding; | 298 typedef enum { implicit, explicit } SSL3PublicValueEncoding; |
294 | 299 |
295 typedef struct { | 300 typedef struct { |
296 union { | 301 union { |
297 » SSL3Opaque implicit; | 302 SSL3Opaque implicit; |
298 » SECItem explicit; | 303 SECItem explicit; |
299 } dh_public; | 304 } dh_public; |
300 } SSL3ClientDiffieHellmanPublic; | 305 } SSL3ClientDiffieHellmanPublic; |
301 | 306 |
302 typedef struct { | 307 typedef struct { |
303 union { | 308 union { |
304 » SSL3EncryptedPreMasterSecret rsa; | 309 SSL3EncryptedPreMasterSecret rsa; |
305 » SSL3ClientDiffieHellmanPublic diffie_helman; | 310 SSL3ClientDiffieHellmanPublic diffie_helman; |
306 } exchange_keys; | 311 } exchange_keys; |
307 } SSL3ClientKeyExchange; | 312 } SSL3ClientKeyExchange; |
308 | 313 |
309 typedef SSL3Hashes SSL3PreSignedCertificateVerify; | 314 typedef SSL3Hashes SSL3PreSignedCertificateVerify; |
310 | 315 |
311 typedef SECItem SSL3CertificateVerify; | 316 typedef SECItem SSL3CertificateVerify; |
312 | 317 |
313 typedef enum { | 318 typedef enum { |
314 sender_client = 0x434c4e54, | 319 sender_client = 0x434c4e54, |
315 sender_server = 0x53525652 | 320 sender_server = 0x53525652 |
316 } SSL3Sender; | 321 } SSL3Sender; |
317 | 322 |
318 typedef SSL3HashesIndividually SSL3Finished; | 323 typedef SSL3HashesIndividually SSL3Finished; |
319 | 324 |
320 typedef struct { | 325 typedef struct { |
321 SSL3Opaque verify_data[12]; | 326 SSL3Opaque verify_data[12]; |
322 } TLSFinished; | 327 } TLSFinished; |
323 | 328 |
324 /* | 329 /* |
325 * TLS extension related data structures and constants. | 330 * TLS extension related data structures and constants. |
326 */ | 331 */ |
327 | 332 |
328 /* SessionTicket extension related data structures. */ | 333 /* SessionTicket extension related data structures. */ |
329 | 334 |
330 /* NewSessionTicket handshake message. */ | 335 /* NewSessionTicket handshake message. */ |
331 typedef struct { | 336 typedef struct { |
332 PRUint32 received_timestamp; | 337 PRUint32 received_timestamp; |
333 PRUint32 ticket_lifetime_hint; | 338 PRUint32 ticket_lifetime_hint; |
334 SECItem ticket; | 339 SECItem ticket; |
335 } NewSessionTicket; | 340 } NewSessionTicket; |
336 | 341 |
337 typedef enum { | 342 typedef enum { |
338 CLIENT_AUTH_ANONYMOUS = 0, | 343 CLIENT_AUTH_ANONYMOUS = 0, |
339 CLIENT_AUTH_CERTIFICATE = 1 | 344 CLIENT_AUTH_CERTIFICATE = 1 |
340 } ClientAuthenticationType; | 345 } ClientAuthenticationType; |
341 | 346 |
342 typedef struct { | 347 typedef struct { |
343 ClientAuthenticationType client_auth_type; | 348 ClientAuthenticationType client_auth_type; |
344 union { | 349 union { |
345 » SSL3Opaque *certificate_list; | 350 SSL3Opaque *certificate_list; |
346 } identity; | 351 } identity; |
347 } ClientIdentity; | 352 } ClientIdentity; |
348 | 353 |
349 #define SESS_TICKET_KEY_NAME_LEN 16 | 354 #define SESS_TICKET_KEY_NAME_LEN 16 |
350 #define SESS_TICKET_KEY_NAME_PREFIX "NSS!" | 355 #define SESS_TICKET_KEY_NAME_PREFIX "NSS!" |
351 #define SESS_TICKET_KEY_NAME_PREFIX_LEN 4 | 356 #define SESS_TICKET_KEY_NAME_PREFIX_LEN 4 |
352 #define SESS_TICKET_KEY_VAR_NAME_LEN 12 | 357 #define SESS_TICKET_KEY_VAR_NAME_LEN 12 |
353 | 358 |
354 typedef struct { | 359 typedef struct { |
355 unsigned char *key_name; | 360 unsigned char *key_name; |
356 unsigned char *iv; | 361 unsigned char *iv; |
357 SECItem encrypted_state; | 362 SECItem encrypted_state; |
358 unsigned char *mac; | 363 unsigned char *mac; |
359 } EncryptedSessionTicket; | 364 } EncryptedSessionTicket; |
360 | 365 |
361 #define TLS_EX_SESS_TICKET_MAC_LENGTH 32 | 366 #define TLS_EX_SESS_TICKET_MAC_LENGTH 32 |
362 | 367 |
363 #define TLS_STE_NO_SERVER_NAME -1 | 368 #define TLS_STE_NO_SERVER_NAME -1 |
364 | 369 |
365 #endif /* __ssl3proto_h_ */ | 370 #endif /* __ssl3proto_h_ */ |
OLD | NEW |