| OLD | NEW |
|---|
| 1 /* Private header file of libSSL. | 1 /* Private header file of libSSL. |
| 2 * Various and sundry protocol constants. DON'T CHANGE THESE. These | 2 * Various and sundry protocol constants. DON'T CHANGE THESE. These |
| 3 * values are defined by the SSL 3.0 protocol specification. | 3 * values are defined by the SSL 3.0 protocol specification. |
| 4 * | 4 * |
| 5 * This Source Code Form is subject to the terms of the Mozilla Public | 5 * This Source Code Form is subject to the terms of the Mozilla Public |
| 6 * License, v. 2.0. If a copy of the MPL was not distributed with this | 6 * License, v. 2.0. If a copy of the MPL was not distributed with this |
| 7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| 8 | 8 |
| 9 #ifndef __ssl3proto_h_ | 9 #ifndef __ssl3proto_h_ |
| 10 #define __ssl3proto_h_ | 10 #define __ssl3proto_h_ |
| 11 | 11 |
| 12 typedef PRUint8 SSL3Opaque; | 12 typedef PRUint8 SSL3Opaque; |
| 13 | 13 |
| 14 typedef PRUint16 SSL3ProtocolVersion; | 14 typedef PRUint16 SSL3ProtocolVersion; |
| 15 /* version numbers are defined in sslproto.h */ | 15 /* version numbers are defined in sslproto.h */ |
| 16 | 16 |
| 17 /* The TLS 1.3 draft version. Used to avoid negotiating |
| 18 * between incompatible pre-standard TLS 1.3 drafts. |
| 19 * TODO(ekr@rtfm.com): Remove when TLS 1.3 is published. */ |
| 20 #define TLS_1_3_DRAFT_VERSION 3 |
| 21 |
| 17 typedef PRUint16 ssl3CipherSuite; | 22 typedef PRUint16 ssl3CipherSuite; |
| 18 /* The cipher suites are defined in sslproto.h */ | 23 /* The cipher suites are defined in sslproto.h */ |
| 19 | 24 |
| 20 #define MAX_CERT_TYPES» » » 10 | 25 #define MAX_CERT_TYPES 10 |
| 21 #define MAX_COMPRESSION_METHODS»» 10 | 26 #define MAX_COMPRESSION_METHODS 10 |
| 22 #define MAX_MAC_LENGTH» » » 64 | 27 #define MAX_MAC_LENGTH 64 |
| 23 #define MAX_PADDING_LENGTH» » 64 | 28 #define MAX_PADDING_LENGTH 64 |
| 24 #define MAX_KEY_LENGTH» » » 64 | 29 #define MAX_KEY_LENGTH 64 |
| 25 #define EXPORT_KEY_LENGTH» » 5 | 30 #define EXPORT_KEY_LENGTH 5 |
| 26 #define SSL3_RANDOM_LENGTH» » 32 | 31 #define SSL3_RANDOM_LENGTH 32 |
| 27 | 32 |
| 28 #define SSL3_RECORD_HEADER_LENGTH» 5 | 33 #define SSL3_RECORD_HEADER_LENGTH 5 |
| 29 | 34 |
| 30 /* SSL3_RECORD_HEADER_LENGTH + epoch/sequence_number */ | 35 /* SSL3_RECORD_HEADER_LENGTH + epoch/sequence_number */ |
| 31 #define DTLS_RECORD_HEADER_LENGTH 13 | 36 #define DTLS_RECORD_HEADER_LENGTH 13 |
| 32 | 37 |
| 33 #define MAX_FRAGMENT_LENGTH» » 16384 | 38 #define MAX_FRAGMENT_LENGTH 16384 |
| 34 | 39 |
| 35 typedef enum { | 40 typedef enum { |
| 36 content_change_cipher_spec = 20, | 41 content_change_cipher_spec = 20, |
| 37 content_alert = 21, | 42 content_alert = 21, |
| 38 content_handshake = 22, | 43 content_handshake = 22, |
| 39 content_application_data = 23 | 44 content_application_data = 23 |
| 40 } SSL3ContentType; | 45 } SSL3ContentType; |
| 41 | 46 |
| 42 typedef struct { | 47 typedef struct { |
| 43 SSL3ContentType type; | 48 SSL3ContentType type; |
| 44 SSL3ProtocolVersion version; | 49 SSL3ProtocolVersion version; |
| 45 PRUint16 length; | 50 PRUint16 length; |
| 46 SECItem fragment; | 51 SECItem fragment; |
| 47 } SSL3Plaintext; | 52 } SSL3Plaintext; |
| 48 | 53 |
| (...skipping 21 matching lines...) Expand all Loading... |
| 70 typedef struct { | 75 typedef struct { |
| 71 SSL3ChangeCipherSpecChoice choice; | 76 SSL3ChangeCipherSpecChoice choice; |
| 72 } SSL3ChangeCipherSpec; | 77 } SSL3ChangeCipherSpec; |
| 73 | 78 |
| 74 typedef enum { alert_warning = 1, alert_fatal = 2 } SSL3AlertLevel; | 79 typedef enum { alert_warning = 1, alert_fatal = 2 } SSL3AlertLevel; |
| 75 | 80 |
| 76 typedef enum { | 81 typedef enum { |
| 77 close_notify = 0, | 82 close_notify = 0, |
| 78 unexpected_message = 10, | 83 unexpected_message = 10, |
| 79 bad_record_mac = 20, | 84 bad_record_mac = 20, |
| 80 decryption_failed_RESERVED = 21,» /* do not send; see RFC 5246 */ | 85 decryption_failed_RESERVED = 21, /* do not send; see RFC 5246 */ |
| 81 record_overflow = 22,» /* TLS only */ | 86 record_overflow = 22, /* TLS only */ |
| 82 decompression_failure = 30, | 87 decompression_failure = 30, |
| 83 handshake_failure = 40, | 88 handshake_failure = 40, |
| 84 no_certificate = 41,» /* SSL3 only, NOT TLS */ | 89 no_certificate = 41, /* SSL3 only, NOT TLS */ |
| 85 bad_certificate = 42, | 90 bad_certificate = 42, |
| 86 unsupported_certificate = 43, | 91 unsupported_certificate = 43, |
| 87 certificate_revoked = 44, | 92 certificate_revoked = 44, |
| 88 certificate_expired = 45, | 93 certificate_expired = 45, |
| 89 certificate_unknown = 46, | 94 certificate_unknown = 46, |
| 90 illegal_parameter = 47, | 95 illegal_parameter = 47, |
| 91 | 96 |
| 92 /* All alerts below are TLS only. */ | 97 /* All alerts below are TLS only. */ |
| 93 unknown_ca = 48, | 98 unknown_ca = 48, |
| 94 access_denied = 49, | 99 access_denied = 49, |
| (...skipping 16 matching lines...) Expand all Loading... |
| 111 no_application_protocol = 120 | 116 no_application_protocol = 120 |
| 112 | 117 |
| 113 } SSL3AlertDescription; | 118 } SSL3AlertDescription; |
| 114 | 119 |
| 115 typedef struct { | 120 typedef struct { |
| 116 SSL3AlertLevel level; | 121 SSL3AlertLevel level; |
| 117 SSL3AlertDescription description; | 122 SSL3AlertDescription description; |
| 118 } SSL3Alert; | 123 } SSL3Alert; |
| 119 | 124 |
| 120 typedef enum { | 125 typedef enum { |
| 121 hello_request» = 0, | 126 hello_request = 0, |
| 122 client_hello» = 1, | 127 client_hello = 1, |
| 123 server_hello» = 2, | 128 server_hello = 2, |
| 124 hello_verify_request = 3, | 129 hello_verify_request = 3, |
| 125 new_session_ticket» = 4, | 130 new_session_ticket = 4, |
| 126 certificate » = 11, | 131 certificate = 11, |
| 127 server_key_exchange = 12, | 132 server_key_exchange = 12, |
| 128 certificate_request»= 13, | 133 certificate_request = 13, |
| 129 server_hello_done» = 14, | 134 server_hello_done = 14, |
| 130 certificate_verify» = 15, | 135 certificate_verify = 15, |
| 131 client_key_exchange»= 16, | 136 client_key_exchange = 16, |
| 132 finished» » = 20, | 137 finished = 20, |
| 133 certificate_status = 22, | 138 certificate_status = 22, |
| 134 next_proto» » = 67, | 139 next_proto = 67, |
| 135 encrypted_extensions= 203 | 140 encrypted_extensions = 203, |
| 136 } SSL3HandshakeType; | 141 } SSL3HandshakeType; |
| 137 | 142 |
| 138 typedef struct { | 143 typedef struct { |
| 139 PRUint8 empty; | 144 PRUint8 empty; |
| 140 } SSL3HelloRequest; | 145 } SSL3HelloRequest; |
| 141 | 146 |
| 142 typedef struct { | 147 typedef struct { |
| 143 SSL3Opaque rand[SSL3_RANDOM_LENGTH]; | 148 SSL3Opaque rand[SSL3_RANDOM_LENGTH]; |
| 144 } SSL3Random; | 149 } SSL3Random; |
| 145 | 150 |
| 146 typedef struct { | 151 typedef struct { |
| 147 SSL3Opaque id[32]; | 152 SSL3Opaque id[32]; |
| 148 PRUint8 length; | 153 PRUint8 length; |
| 149 } SSL3SessionID; | 154 } SSL3SessionID; |
| 150 | 155 |
| 151 typedef struct { | 156 typedef struct { |
| 152 SSL3ProtocolVersion client_version; | 157 SSL3ProtocolVersion client_version; |
| 153 SSL3Random random; | 158 SSL3Random random; |
| 154 SSL3SessionID session_id; | 159 SSL3SessionID session_id; |
| 155 SECItem cipher_suites; | 160 SECItem cipher_suites; |
| 156 PRUint8 cm_count; | 161 PRUint8 cm_count; |
| 157 SSLCompressionMethod compression_methods[MAX_COMPRESSION_METHODS]; | 162 SSLCompressionMethod compression_methods[MAX_COMPRESSION_METHODS]; |
| 158 } SSL3ClientHello; | 163 } SSL3ClientHello; |
| 159 | 164 |
| 160 typedef struct { | 165 typedef struct { |
| 161 SSL3ProtocolVersion server_version; | 166 SSL3ProtocolVersion server_version; |
| 162 SSL3Random random; | 167 SSL3Random random; |
| 163 SSL3SessionID session_id; | 168 SSL3SessionID session_id; |
| 164 ssl3CipherSuite cipher_suite; | 169 ssl3CipherSuite cipher_suite; |
| 165 SSLCompressionMethod compression_method; | 170 SSLCompressionMethod compression_method; |
| 166 } SSL3ServerHello; | 171 } SSL3ServerHello; |
| 167 | 172 |
| 168 typedef struct { | 173 typedef struct { |
| 169 SECItem list; | 174 SECItem list; |
| 170 } SSL3Certificate; | 175 } SSL3Certificate; |
| 171 | 176 |
| 172 /* SSL3SignType moved to ssl.h */ | 177 /* SSL3SignType moved to ssl.h */ |
| 173 | 178 |
| 174 /* The SSL key exchange method used */ | 179 /* The SSL key exchange method used */ |
| 175 typedef enum { | 180 typedef enum { |
| 176 kea_null, | 181 kea_null, |
| 177 kea_rsa, | 182 kea_rsa, |
| 178 kea_rsa_export, | 183 kea_rsa_export, |
| 179 kea_rsa_export_1024, | 184 kea_rsa_export_1024, |
| 180 kea_dh_dss, | 185 kea_dh_dss, |
| 181 kea_dh_dss_export, | 186 kea_dh_dss_export, |
| 182 kea_dh_rsa, | 187 kea_dh_rsa, |
| 183 kea_dh_rsa_export, | 188 kea_dh_rsa_export, |
| 184 kea_dhe_dss, | 189 kea_dhe_dss, |
| 185 kea_dhe_dss_export, | 190 kea_dhe_dss_export, |
| 186 kea_dhe_rsa, | 191 kea_dhe_rsa, |
| 187 kea_dhe_rsa_export, | 192 kea_dhe_rsa_export, |
| 188 kea_dh_anon, | 193 kea_dh_anon, |
| 189 kea_dh_anon_export, | 194 kea_dh_anon_export, |
| 190 kea_rsa_fips, | 195 kea_rsa_fips, |
| 191 kea_ecdh_ecdsa, | 196 kea_ecdh_ecdsa, |
| 192 kea_ecdhe_ecdsa, | 197 kea_ecdhe_ecdsa, |
| 193 kea_ecdh_rsa, | 198 kea_ecdh_rsa, |
| 194 kea_ecdhe_rsa, | 199 kea_ecdhe_rsa, |
| 195 kea_ecdh_anon | 200 kea_ecdh_anon |
| 196 } SSL3KeyExchangeAlgorithm; | 201 } SSL3KeyExchangeAlgorithm; |
| 197 | 202 |
| 198 typedef struct { | 203 typedef struct { |
| 199 SECItem modulus; | 204 SECItem modulus; |
| 200 SECItem exponent; | 205 SECItem exponent; |
| 201 } SSL3ServerRSAParams; | 206 } SSL3ServerRSAParams; |
| 202 | 207 |
| 203 typedef struct { | 208 typedef struct { |
| 204 SECItem p; | 209 SECItem p; |
| 205 SECItem g; | 210 SECItem g; |
| 206 SECItem Ys; | 211 SECItem Ys; |
| 207 } SSL3ServerDHParams; | 212 } SSL3ServerDHParams; |
| 208 | 213 |
| 209 typedef struct { | 214 typedef struct { |
| 210 union { | 215 union { |
| 211 » SSL3ServerDHParams dh; | 216 SSL3ServerDHParams dh; |
| 212 » SSL3ServerRSAParams rsa; | 217 SSL3ServerRSAParams rsa; |
| 213 } u; | 218 } u; |
| 214 } SSL3ServerParams; | 219 } SSL3ServerParams; |
| 215 | 220 |
| 216 /* This enum reflects HashAlgorithm enum from | 221 /* This enum reflects HashAlgorithm enum from |
| 217 * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 | 222 * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 |
| 218 * | 223 * |
| 219 * When updating, be sure to also update ssl3_TLSHashAlgorithmToOID. */ | 224 * When updating, be sure to also update ssl3_TLSHashAlgorithmToOID. */ |
| 220 enum { | 225 enum { |
| 221 tls_hash_md5 = 1, | 226 tls_hash_md5 = 1, |
| 222 tls_hash_sha1 = 2, | 227 tls_hash_sha1 = 2, |
| (...skipping 23 matching lines...) Expand all Loading... |
| 246 PRUint8 sha[20]; | 251 PRUint8 sha[20]; |
| 247 } SSL3HashesIndividually; | 252 } SSL3HashesIndividually; |
| 248 | 253 |
| 249 /* SSL3Hashes contains an SSL hash value. The digest is contained in |u.raw| | 254 /* SSL3Hashes contains an SSL hash value. The digest is contained in |u.raw| |
| 250 * which, if |hashAlg==SEC_OID_UNKNOWN| is also a SSL3HashesIndividually | 255 * which, if |hashAlg==SEC_OID_UNKNOWN| is also a SSL3HashesIndividually |
| 251 * struct. */ | 256 * struct. */ |
| 252 typedef struct { | 257 typedef struct { |
| 253 unsigned int len; | 258 unsigned int len; |
| 254 SECOidTag hashAlg; | 259 SECOidTag hashAlg; |
| 255 union { | 260 union { |
| 256 » PRUint8 raw[64]; | 261 PRUint8 raw[64]; |
| 257 » SSL3HashesIndividually s; | 262 SSL3HashesIndividually s; |
| 258 } u; | 263 } u; |
| 259 } SSL3Hashes; | 264 } SSL3Hashes; |
| 260 | 265 |
| 261 typedef struct { | 266 typedef struct { |
| 262 union { | 267 union { |
| 263 » SSL3Opaque anonymous; | 268 SSL3Opaque anonymous; |
| 264 » SSL3Hashes certified; | 269 SSL3Hashes certified; |
| 265 } u; | 270 } u; |
| 266 } SSL3ServerKeyExchange; | 271 } SSL3ServerKeyExchange; |
| 267 | 272 |
| 268 typedef enum { | 273 typedef enum { |
| 269 ct_RSA_sign » = 1, | 274 ct_RSA_sign = 1, |
| 270 ct_DSS_sign » = 2, | 275 ct_DSS_sign = 2, |
| 271 ct_RSA_fixed_DH » = 3, | 276 ct_RSA_fixed_DH = 3, |
| 272 ct_DSS_fixed_DH » = 4, | 277 ct_DSS_fixed_DH = 4, |
| 273 ct_RSA_ephemeral_DH = 5, | 278 ct_RSA_ephemeral_DH = 5, |
| 274 ct_DSS_ephemeral_DH = 6, | 279 ct_DSS_ephemeral_DH = 6, |
| 275 ct_ECDSA_sign» = 64, | 280 ct_ECDSA_sign = 64, |
| 276 ct_RSA_fixed_ECDH» = 65, | 281 ct_RSA_fixed_ECDH = 65, |
| 277 ct_ECDSA_fixed_ECDH»= 66 | 282 ct_ECDSA_fixed_ECDH = 66 |
| 278 | 283 |
| 279 } SSL3ClientCertificateType; | 284 } SSL3ClientCertificateType; |
| 280 | 285 |
| 281 typedef SECItem *SSL3DistinquishedName; | 286 typedef SECItem *SSL3DistinquishedName; |
| 282 | 287 |
| 283 typedef struct { | 288 typedef struct { |
| 284 SSL3Opaque client_version[2]; | 289 SSL3Opaque client_version[2]; |
| 285 SSL3Opaque random[46]; | 290 SSL3Opaque random[46]; |
| 286 } SSL3RSAPreMasterSecret; | 291 } SSL3RSAPreMasterSecret; |
| 287 | 292 |
| 288 typedef SECItem SSL3EncryptedPreMasterSecret; | 293 typedef SECItem SSL3EncryptedPreMasterSecret; |
| 289 | 294 |
| 290 | 295 |
| 291 typedef SSL3Opaque SSL3MasterSecret[48]; | 296 typedef SSL3Opaque SSL3MasterSecret[48]; |
| 292 | 297 |
| 293 typedef enum { implicit, explicit } SSL3PublicValueEncoding; | 298 typedef enum { implicit, explicit } SSL3PublicValueEncoding; |
| 294 | 299 |
| 295 typedef struct { | 300 typedef struct { |
| 296 union { | 301 union { |
| 297 » SSL3Opaque implicit; | 302 SSL3Opaque implicit; |
| 298 » SECItem explicit; | 303 SECItem explicit; |
| 299 } dh_public; | 304 } dh_public; |
| 300 } SSL3ClientDiffieHellmanPublic; | 305 } SSL3ClientDiffieHellmanPublic; |
| 301 | 306 |
| 302 typedef struct { | 307 typedef struct { |
| 303 union { | 308 union { |
| 304 » SSL3EncryptedPreMasterSecret rsa; | 309 SSL3EncryptedPreMasterSecret rsa; |
| 305 » SSL3ClientDiffieHellmanPublic diffie_helman; | 310 SSL3ClientDiffieHellmanPublic diffie_helman; |
| 306 } exchange_keys; | 311 } exchange_keys; |
| 307 } SSL3ClientKeyExchange; | 312 } SSL3ClientKeyExchange; |
| 308 | 313 |
| 309 typedef SSL3Hashes SSL3PreSignedCertificateVerify; | 314 typedef SSL3Hashes SSL3PreSignedCertificateVerify; |
| 310 | 315 |
| 311 typedef SECItem SSL3CertificateVerify; | 316 typedef SECItem SSL3CertificateVerify; |
| 312 | 317 |
| 313 typedef enum { | 318 typedef enum { |
| 314 sender_client = 0x434c4e54, | 319 sender_client = 0x434c4e54, |
| 315 sender_server = 0x53525652 | 320 sender_server = 0x53525652 |
| 316 } SSL3Sender; | 321 } SSL3Sender; |
| 317 | 322 |
| 318 typedef SSL3HashesIndividually SSL3Finished; | 323 typedef SSL3HashesIndividually SSL3Finished; |
| 319 | 324 |
| 320 typedef struct { | 325 typedef struct { |
| 321 SSL3Opaque verify_data[12]; | 326 SSL3Opaque verify_data[12]; |
| 322 } TLSFinished; | 327 } TLSFinished; |
| 323 | 328 |
| 324 /* | 329 /* |
| 325 * TLS extension related data structures and constants. | 330 * TLS extension related data structures and constants. |
| 326 */ | 331 */ |
| 327 | 332 |
| 328 /* SessionTicket extension related data structures. */ | 333 /* SessionTicket extension related data structures. */ |
| 329 | 334 |
| 330 /* NewSessionTicket handshake message. */ | 335 /* NewSessionTicket handshake message. */ |
| 331 typedef struct { | 336 typedef struct { |
| 332 PRUint32 received_timestamp; | 337 PRUint32 received_timestamp; |
| 333 PRUint32 ticket_lifetime_hint; | 338 PRUint32 ticket_lifetime_hint; |
| 334 SECItem ticket; | 339 SECItem ticket; |
| 335 } NewSessionTicket; | 340 } NewSessionTicket; |
| 336 | 341 |
| 337 typedef enum { | 342 typedef enum { |
| 338 CLIENT_AUTH_ANONYMOUS = 0, | 343 CLIENT_AUTH_ANONYMOUS = 0, |
| 339 CLIENT_AUTH_CERTIFICATE = 1 | 344 CLIENT_AUTH_CERTIFICATE = 1 |
| 340 } ClientAuthenticationType; | 345 } ClientAuthenticationType; |
| 341 | 346 |
| 342 typedef struct { | 347 typedef struct { |
| 343 ClientAuthenticationType client_auth_type; | 348 ClientAuthenticationType client_auth_type; |
| 344 union { | 349 union { |
| 345 » SSL3Opaque *certificate_list; | 350 SSL3Opaque *certificate_list; |
| 346 } identity; | 351 } identity; |
| 347 } ClientIdentity; | 352 } ClientIdentity; |
| 348 | 353 |
| 349 #define SESS_TICKET_KEY_NAME_LEN 16 | 354 #define SESS_TICKET_KEY_NAME_LEN 16 |
| 350 #define SESS_TICKET_KEY_NAME_PREFIX "NSS!" | 355 #define SESS_TICKET_KEY_NAME_PREFIX "NSS!" |
| 351 #define SESS_TICKET_KEY_NAME_PREFIX_LEN 4 | 356 #define SESS_TICKET_KEY_NAME_PREFIX_LEN 4 |
| 352 #define SESS_TICKET_KEY_VAR_NAME_LEN 12 | 357 #define SESS_TICKET_KEY_VAR_NAME_LEN 12 |
| 353 | 358 |
| 354 typedef struct { | 359 typedef struct { |
| 355 unsigned char *key_name; | 360 unsigned char *key_name; |
| 356 unsigned char *iv; | 361 unsigned char *iv; |
| 357 SECItem encrypted_state; | 362 SECItem encrypted_state; |
| 358 unsigned char *mac; | 363 unsigned char *mac; |
| 359 } EncryptedSessionTicket; | 364 } EncryptedSessionTicket; |
| 360 | 365 |
| 361 #define TLS_EX_SESS_TICKET_MAC_LENGTH 32 | 366 #define TLS_EX_SESS_TICKET_MAC_LENGTH 32 |
| 362 | 367 |
| 363 #define TLS_STE_NO_SERVER_NAME -1 | 368 #define TLS_STE_NO_SERVER_NAME -1 |
| 364 | 369 |
| 365 #endif /* __ssl3proto_h_ */ | 370 #endif /* __ssl3proto_h_ */ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1053903002:
Update libssl to NSS 3.18 RTM (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master