Uprev NSS (in libssl) to NSS 3.21

net/third_party/nss/ssl/sslimpl.h

+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
 /*
  * This file is PRIVATE to SSL and should be the first thing included by
  * any SSL implementation file.
  *
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #ifndef __sslimpl_h_
 #define __sslimpl_h_
@@ skipping 163 matching lines @@
 typedef struct sslSecurityInfoStr       sslSecurityInfo;
 typedef struct sslSessionIDStr          sslSessionID;
 typedef struct sslSocketStr             sslSocket;
 typedef struct sslSocketOpsStr          sslSocketOps;
 
 typedef struct ssl3StateStr             ssl3State;
 typedef struct ssl3CertNodeStr          ssl3CertNode;
 typedef struct ssl3BulkCipherDefStr     ssl3BulkCipherDef;
 typedef struct ssl3MACDefStr            ssl3MACDef;
 typedef struct ssl3KeyPairStr           ssl3KeyPair;
+typedef struct ssl3DHParamsStr          ssl3DHParams;
 
 struct ssl3CertNodeStr {
     struct ssl3CertNodeStr *next;
     CERTCertificate *       cert;
 };
 
 typedef SECStatus (*sslHandshakeFunc)(sslSocket *ss);
 
 /* This type points to the low layer send func, 
 ** e.g. ssl2_SendStream or ssl3_SendPlainText.
@@ skipping 99 matching lines @@
     unsigned int    isPresent    :  1;
 #else
     ssl3CipherSuite cipher_suite;
     PRUint8         policy;
     unsigned char   enabled   : 1;
     unsigned char   isPresent : 1;
 #endif
 } ssl3CipherSuiteCfg;
 
 #ifndef NSS_DISABLE_ECC
-#define ssl_V3_SUITES_IMPLEMENTED 63
+#define ssl_V3_SUITES_IMPLEMENTED 66
 #else
-#define ssl_V3_SUITES_IMPLEMENTED 37
+#define ssl_V3_SUITES_IMPLEMENTED 40
 #endif /* NSS_DISABLE_ECC */
 
 #define MAX_DTLS_SRTP_CIPHER_SUITES 4
 
+/* MAX_SIGNATURE_ALGORITHMS allows for a large number of combinations of
+ * SSLSignType and SSLHashType, but not all combinations (specifically, this
+ * doesn't allow space for combinations with MD5). */
+#define MAX_SIGNATURE_ALGORITHMS 15
+
+
 typedef struct sslOptionsStr {
     /* If SSL_SetNextProtoNego has been called, then this contains the
      * list of supported protocols. */
     SECItem nextProtoNego;
 
     unsigned int useSecurity            : 1;  /*  1 */
     unsigned int useSocks               : 1;  /*  2 */
     unsigned int requestCertificate     : 1;  /*  3 */
     unsigned int requireCertificate     : 2;  /*  4-5 */
     unsigned int handshakeAsClient      : 1;  /*  6 */
@@ skipping 12 matching lines @@
     unsigned int enableDeflate          : 1;  /* 19 */
     unsigned int enableRenegotiation    : 2;  /* 20-21 */
     unsigned int requireSafeNegotiation : 1;  /* 22 */
     unsigned int enableFalseStart       : 1;  /* 23 */
     unsigned int cbcRandomIV            : 1;  /* 24 */
     unsigned int enableOCSPStapling     : 1;  /* 25 */
     unsigned int enableNPN              : 1;  /* 26 */
     unsigned int enableALPN             : 1;  /* 27 */
     unsigned int reuseServerECDHEKey    : 1;  /* 28 */
     unsigned int enableFallbackSCSV     : 1;  /* 29 */
-    unsigned int enableSignedCertTimestamps : 1;  /* 30 */
+    unsigned int enableServerDhe        : 1;  /* 30 */
+    unsigned int enableExtendedMS       : 1;  /* 31 */
+    unsigned int enableSignedCertTimestamps : 1;  /* 32 */
 } sslOptions;
 
 typedef enum { sslHandshakingUndetermined = 0,
                sslHandshakingAsClient,
                sslHandshakingAsServer 
 } sslHandshakingType;
 
 typedef struct sslServerCertsStr {
     /* Configuration state for server sockets */
     CERTCertificate *     serverCert;
@@ skipping 161 matching lines @@
 #define MAX_MAC_CONTEXT_LLONGS (MAX_MAC_CONTEXT_BYTES / 8)
 
 #define MAX_CIPHER_CONTEXT_BYTES 2080
 #define MAX_CIPHER_CONTEXT_LLONGS (MAX_CIPHER_CONTEXT_BYTES / 8)
 
 typedef struct {
     SSL3Opaque        wrapped_master_secret[48];
     PRUint16          wrapped_master_secret_len;
     PRUint8           msIsWrapped;
     PRUint8           resumable;
+    PRUint8           extendedMasterSecretUsed;
 } ssl3SidKeys; /* 52 bytes */
 
 typedef struct {
     PK11SymKey  *write_key;
     PK11SymKey  *write_mac_key;
     PK11Context *write_mac_context;
     SECItem     write_key_item;
     SECItem     write_iv_item;
     SECItem     write_mac_key_item;
     SSL3Opaque  write_iv[MAX_IV_LENGTH];
@@ skipping 225 matching lines @@
 ** There are tables of these, all const.
 */
 typedef struct {
     SSL3KeyExchangeAlgorithm kea;
     SSL3KEAType              exchKeyType;
     SSL3SignType             signKeyType;
     /* For export cipher suites:
      * is_limited identifies a suite as having a limit on the key size.
      * key_size_limit provides the corresponding limit. */
     PRBool                   is_limited;
-    int                      key_size_limit;
+    unsigned int key_size_limit;
     PRBool                   tls_keygen;
-    /* True if the key exchange for the suite can be ephemeral.  Or to be more
-     * precise: true if the ServerKeyExchange message is required. */
+    /* True if the key exchange for the suite is ephemeral.  Or to be more
+     * precise: true if the ServerKeyExchange message is always required. */
     PRBool                   ephemeral;
 } ssl3KEADef;
 
 /*
 ** There are tables of these, all const.
 */
 struct ssl3BulkCipherDefStr {
     SSL3BulkCipher  cipher;
     SSLCipherAlgorithm calg;
     int             key_size;
@@ skipping 165 matching lines @@
 
     PRBool                authCertificatePending;
     /* Which function should SSL_RestartHandshake* call if we're blocked?
      * One of NULL, ssl3_SendClientSecondRound, ssl3_FinishHandshake,
      * or ssl3_AlwaysFail */
     sslRestartTarget      restartTarget;
     /* Shared state between ssl3_HandleFinished and ssl3_FinishHandshake */
     PRBool                cacheSID;
 
     PRBool                canFalseStart;   /* Can/did we False Start */
+    /* Which preliminaryinfo values have been set. */
+    PRUint32              preliminaryInfo;
 
     /* clientSigAndHash contains the contents of the signature_algorithms
      * extension (if any) from the client. This is only valid for TLS 1.2
      * or later. */
-    SSL3SignatureAndHashAlgorithm *clientSigAndHash;
-    unsigned int          numClientSigAndHash;
+    SSLSignatureAndHashAlg *clientSigAndHash;
+    unsigned int numClientSigAndHash;
 
     /* This group of values is used for DTLS */
     PRUint16              sendMessageSeq;  /* The sending message sequence
                                             * number */
     PRCList               lastMessageFlight; /* The last message flight we
                                               * sent */
     PRUint16              maxMessageSent;    /* The largest message we sent */
     PRUint16              recvMessageSeq;  /* The receiving message sequence
                                             * number */
     sslBuffer             recvdFragments;  /* The fragments we have received in
@@ skipping 63 matching lines @@
     SECItem              nextProto;
     SSLNextProtoState    nextProtoState;
 
     PRUint16             mtu;   /* Our estimate of the MTU */
 
     /* DTLS-SRTP cipher suite preferences (if any) */
     PRUint16             dtlsSRTPCiphers[MAX_DTLS_SRTP_CIPHER_SUITES];
     PRUint16             dtlsSRTPCipherCount;
     PRUint16             dtlsSRTPCipherSuite;   /* 0 if not selected */
     PRBool               fatalAlertSent;
+    PRUint16             numDHEGroups;        /* used by server */
+    SSLDHEGroupType *    dheGroups;           /* used by server */
+    PRBool               dheWeakGroupEnabled; /* used by server */
+
+    /* TLS 1.2 introduces separate signature algorithm negotiation.
+     * This is our preference order. */
+    SSLSignatureAndHashAlg signatureAlgorithms[MAX_SIGNATURE_ALGORITHMS];
+    unsigned int signatureAlgorithmCount;
 };
 
-#define DTLS_MAX_MTU  1500      /* Ethernet MTU but without subtracting the
+#define DTLS_MAX_MTU  1500U     /* Ethernet MTU but without subtracting the
                                  * headers, so slightly larger than expected */
 #define IS_DTLS(ss) (ss->protocolVariant == ssl_variant_datagram)
 
 typedef struct {
     SSL3ContentType      type;
     SSL3ProtocolVersion  version;
     SSL3SequenceNumber   seq_num;  /* DTLS only */
     sslBuffer *          buf;
 } SSL3Ciphertext;
 
 struct ssl3KeyPairStr {
     SECKEYPrivateKey *    privKey;
     SECKEYPublicKey *     pubKey;
     PRInt32               refCount;     /* use PR_Atomic calls for this. */
 };
 
+struct ssl3DHParamsStr {
+    SECItem prime; /* p */
+    SECItem base; /* g */
+};
+
 typedef struct SSLWrappedSymWrappingKeyStr {
     SSL3Opaque        wrappedSymmetricWrappingkey[512];
     CK_MECHANISM_TYPE symWrapMechanism;  
                     /* unwrapped symmetric wrapping key uses this mechanism */
     CK_MECHANISM_TYPE asymWrapMechanism; 
                     /* mechanism used to wrap the SymmetricWrappingKey using
                      * server's public and/or private keys. */
     SSL3KEAType       exchKeyType;   /* type of keys used to wrap SymWrapKey*/
     PRInt32           symWrapMechIndex;
     PRUint16          wrappedSymKeyLen;
@@ skipping 10 matching lines @@
     PRUint32              keaKeyBits;
     /*
      * exchKeyType and msWrapMech contain meaningful values only if
      * ms_is_wrapped is true.
      */
     PRUint8               ms_is_wrapped;
     SSLKEAType            exchKeyType; /* XXX(wtc): same as keaType above? */
     CK_MECHANISM_TYPE     msWrapMech;
     PRUint16              ms_length;
     SSL3Opaque            master_secret[48];
+    PRBool                extendedMasterSecretUsed;
     ClientIdentity        client_identity;
     SECItem               peer_cert;
     PRUint32              timestamp;
     SECItem               srvName; /* negotiated server name */
 }  SessionTicket;
 
 /*
  * SSL2 buffers used in SSL3.
  *     writeBuf in the SecurityInfo maintained by sslsecur.c is used
  *              to hold the data just about to be passed to the kernel
@@ skipping 162 matching lines @@
     unsigned char *  cipherSpecs;
     unsigned int     sizeCipherSpecs;
 const unsigned char *  preferredCipher;
 
     /* TLS ClientCertificateTypes requested during HandleCertificateRequest. */
     /* Will be NULL at all other times. */
     const SECItem      *requestedCertTypes;
 
     ssl3KeyPair *         stepDownKeyPair;      /* RSA step down keys */
 
+    const ssl3DHParams *dheParams;          /* DHE param */
+    ssl3KeyPair *       dheKeyPair;         /* DHE keys */
+
     /* Callbacks */
     SSLAuthCertificate        authCertificate;
     void                     *authCertificateArg;
     SSLGetClientAuthData      getClientAuthData;
     void                     *getClientAuthDataArg;
 #ifdef NSS_PLATFORM_CLIENT_AUTH
     SSLGetPlatformClientAuthData getPlatformClientAuthData;
     void                        *getPlatformClientAuthDataArg;
 #endif  /* NSS_PLATFORM_CLIENT_AUTH */
     SSLSNISocketConfig        sniSocketConfig;
@@ skipping 339 matching lines @@
 /* Rename this macro SSL_ALL_VERSIONS_DISABLED when SSL 2.0 is removed. */
 #define SSL3_ALL_VERSIONS_DISABLED(vrange) \
     ((vrange)->min == SSL_LIBRARY_VERSION_NONE)
 
 extern PRBool ssl3_VersionIsSupported(SSLProtocolVariant protocolVariant,
                                       SSL3ProtocolVersion version);
 
 extern SECStatus ssl3_KeyAndMacDeriveBypass(ssl3CipherSpec * pwSpec,
                     const unsigned char * cr, const unsigned char * sr,
                     PRBool isTLS, PRBool isExport);
-extern  SECStatus ssl3_MasterKeyDeriveBypass( ssl3CipherSpec * pwSpec,
+extern  SECStatus ssl3_MasterSecretDeriveBypass( ssl3CipherSpec * pwSpec,
                     const unsigned char * cr, const unsigned char * sr,
                     const SECItem * pms, PRBool isTLS, PRBool isRSA);
 
 /* These functions are called from secnav, even though they're "private". */
 
 extern int ssl2_SendErrorMessage(struct sslSocketStr *ss, int error);
 extern sslSocket *ssl_FindSocket(PRFileDesc *fd);
 extern void ssl_FreeSocket(struct sslSocketStr *ssl);
 extern SECStatus SSL3_SendAlert(sslSocket *ss, SSL3AlertLevel level,
                                 SSL3AlertDescription desc);
@@ skipping 33 matching lines @@
 int ssl3_GatherAppDataRecord(sslSocket *ss, int flags);
 int ssl3_GatherCompleteHandshake(sslSocket *ss, int flags);
 /*
  * When talking to export clients or using export cipher suites, servers 
  * with public RSA keys larger than 512 bits need to use a 512-bit public
  * key, signed by the larger key.  The smaller key is a "step down" key.
  * Generate that key pair and keep it around.
  */
 extern SECStatus ssl3_CreateRSAStepDownKeys(sslSocket *ss);
 
+extern SECStatus ssl3_SelectDHParams(sslSocket *ss);
+
 #ifndef NSS_DISABLE_ECC
 extern void      ssl3_FilterECCipherSuitesByServerCerts(sslSocket *ss);
 extern PRBool    ssl3_IsECCEnabled(sslSocket *ss);
 extern SECStatus ssl3_DisableECCSuites(sslSocket * ss, 
                                        const ssl3CipherSuite * suite);
 extern PRUint32  ssl3_GetSupportedECCurveMask(sslSocket *ss);
 
 
 /* Macro for finding a curve equivalent in strength to RSA key's */
 #define SSL_RSASTRENGTH_TO_ECSTRENGTH(s) \
@@ skipping 82 matching lines @@
 #ifndef NSS_DISABLE_ECC
 /* ECDH functions */
 extern SECStatus ssl3_SendECDHClientKeyExchange(sslSocket * ss, 
                              SECKEYPublicKey * svrPubKey);
 extern SECStatus ssl3_HandleECDHServerKeyExchange(sslSocket *ss, 
                                         SSL3Opaque *b, PRUint32 length);
 extern SECStatus ssl3_HandleECDHClientKeyExchange(sslSocket *ss, 
                                      SSL3Opaque *b, PRUint32 length,
                                      SECKEYPublicKey *srvrPubKey,
                                      SECKEYPrivateKey *srvrPrivKey);
-extern SECStatus ssl3_SendECDHServerKeyExchange(sslSocket *ss,
-                        const SSL3SignatureAndHashAlgorithm *sigAndHash);
+extern SECStatus ssl3_SendECDHServerKeyExchange(
+    sslSocket *ss, const SSLSignatureAndHashAlg *sigAndHash);
 #endif
 
-extern SECStatus ssl3_ComputeCommonKeyHash(SECOidTag hashAlg,
+extern SECStatus ssl3_ComputeCommonKeyHash(SSLHashType hashAlg,
                                 PRUint8 * hashBuf,
                                 unsigned int bufLen, SSL3Hashes *hashes, 
                                 PRBool bypassPKCS11);
 extern void ssl3_DestroyCipherSpec(ssl3CipherSpec *spec, PRBool freeSrvName);
 extern SECStatus ssl3_InitPendingCipherSpec(sslSocket *ss, PK11SymKey *pms);
 extern SECStatus ssl3_AppendHandshake(sslSocket *ss, const void *void_src, 
                         PRInt32 bytes);
 extern SECStatus ssl3_AppendHandshakeHeader(sslSocket *ss, 
                         SSL3HandshakeType t, PRUint32 length);
 extern SECStatus ssl3_AppendHandshakeNumber(sslSocket *ss, PRInt32 num, 
                         PRInt32 lenSize);
 extern SECStatus ssl3_AppendHandshakeVariable( sslSocket *ss, 
                         const SSL3Opaque *src, PRInt32 bytes, PRInt32 lenSize);
-extern SECStatus ssl3_AppendSignatureAndHashAlgorithm(sslSocket *ss,
-                        const SSL3SignatureAndHashAlgorithm* sigAndHash);
+extern SECStatus ssl3_AppendSignatureAndHashAlgorithm(
+    sslSocket *ss, const SSLSignatureAndHashAlg* sigAndHash);
 extern SECStatus ssl3_ConsumeHandshake(sslSocket *ss, void *v, PRInt32 bytes, 
                         SSL3Opaque **b, PRUint32 *length);
 extern PRInt32   ssl3_ConsumeHandshakeNumber(sslSocket *ss, PRInt32 bytes, 
                         SSL3Opaque **b, PRUint32 *length);
 extern SECStatus ssl3_ConsumeHandshakeVariable(sslSocket *ss, SECItem *i, 
                         PRInt32 bytes, SSL3Opaque **b, PRUint32 *length);
-extern SECOidTag ssl3_TLSHashAlgorithmToOID(int hashFunc);
+extern PRBool ssl3_IsSupportedSignatureAlgorithm(
+    const SSLSignatureAndHashAlg *alg);
 extern SECStatus ssl3_CheckSignatureAndHashAlgorithmConsistency(
-                        const SSL3SignatureAndHashAlgorithm *sigAndHash,
-                        CERTCertificate* cert);
-extern SECStatus ssl3_ConsumeSignatureAndHashAlgorithm(sslSocket *ss,
-                        SSL3Opaque **b, PRUint32 *length,
-                        SSL3SignatureAndHashAlgorithm *out);
+    sslSocket *ss, const SSLSignatureAndHashAlg *sigAndHash,
+    CERTCertificate* cert);
+extern SECStatus ssl3_ConsumeSignatureAndHashAlgorithm(
+    sslSocket *ss, SSL3Opaque **b, PRUint32 *length,
+    SSLSignatureAndHashAlg *out);
 extern SECStatus ssl3_SignHashes(SSL3Hashes *hash, SECKEYPrivateKey *key, 
                         SECItem *buf, PRBool isTLS);
 extern SECStatus ssl3_VerifySignedHashes(SSL3Hashes *hash, 
                         CERTCertificate *cert, SECItem *buf, PRBool isTLS, 
                         void *pwArg);
 extern SECStatus ssl3_CacheWrappedMasterSecret(sslSocket *ss,
                         sslSessionID *sid, ssl3CipherSpec *spec,
                         SSL3KEAType effectiveExchKeyType);
 
 /* Functions that handle ClientHello and ServerHello extensions. */
@@ skipping 47 matching lines @@
 extern SECStatus ssl3_SendNewSessionTicket(sslSocket *ss);
 extern PRBool ssl_GetSessionTicketKeys(unsigned char *keyName,
                         unsigned char *encKey, unsigned char *macKey);
 extern PRBool ssl_GetSessionTicketKeysPKCS11(SECKEYPrivateKey *svrPrivKey,
                         SECKEYPublicKey *svrPubKey, void *pwArg,
                         unsigned char *keyName, PK11SymKey **aesKey,
                         PK11SymKey **macKey);
 
 /* Tell clients to consider tickets valid for this long. */
 #define TLS_EX_SESS_TICKET_LIFETIME_HINT    (2 * 24 * 60 * 60) /* 2 days */
-#define TLS_EX_SESS_TICKET_VERSION          (0x0100)
+#define TLS_EX_SESS_TICKET_VERSION          (0x0101)
 
 extern SECStatus ssl3_ValidateNextProtoNego(const unsigned char* data,
                                             unsigned int length);
 
 extern SECStatus ssl3_GetTLSUniqueChannelBinding(sslSocket *ss,
                                                  unsigned char *out,
                                                  unsigned int *outLen,
                                                  unsigned int outLenMax);
 
 /* Construct a new NSPR socket for the app to use */
@@ skipping 113 matching lines @@
 
 SECStatus SSL_DisableDefaultExportCipherSuites(void);
 SECStatus SSL_DisableExportCipherSuites(PRFileDesc * fd);
 PRBool    SSL_IsExportCipherSuite(PRUint16 cipherSuite);
 
 extern SECStatus
 ssl3_TLSPRFWithMasterSecret(ssl3CipherSpec *spec,
                             const char *label, unsigned int labelLen,
                             const unsigned char *val, unsigned int valLen,
                             unsigned char *out, unsigned int outLen);
+extern SECOidTag
+ssl3_TLSHashAlgorithmToOID(SSLHashType hashFunc);
 
 #ifdef TRACE
 #define SSL_TRACE(msg) ssl_Trace msg
 #else
 #define SSL_TRACE(msg)
 #endif
 
 void ssl_Trace(const char *format, ...);
 
 SEC_END_PROTOS
 
 #if defined(XP_UNIX) || defined(XP_OS2) || defined(XP_BEOS)
 #define SSL_GETPID getpid
 #elif defined(WIN32)
 extern int __cdecl _getpid(void);
 #define SSL_GETPID _getpid
 #else
 #define SSL_GETPID() 0
 #endif
 
 #endif /* __sslimpl_h_ */