OLD | NEW |
1 /* Private header file of libSSL. | 1 /* Private header file of libSSL. |
2 * Various and sundry protocol constants. DON'T CHANGE THESE. These | 2 * Various and sundry protocol constants. DON'T CHANGE THESE. These |
3 * values are defined by the SSL 3.0 protocol specification. | 3 * values are defined by the SSL 3.0 protocol specification. |
4 * | 4 * |
5 * This Source Code Form is subject to the terms of the Mozilla Public | 5 * This Source Code Form is subject to the terms of the Mozilla Public |
6 * License, v. 2.0. If a copy of the MPL was not distributed with this | 6 * License, v. 2.0. If a copy of the MPL was not distributed with this |
7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
8 | 8 |
9 #ifndef __ssl3proto_h_ | 9 #ifndef __ssl3proto_h_ |
10 #define __ssl3proto_h_ | 10 #define __ssl3proto_h_ |
11 | 11 |
12 typedef PRUint8 SSL3Opaque; | 12 typedef PRUint8 SSL3Opaque; |
13 | 13 |
14 typedef PRUint16 SSL3ProtocolVersion; | 14 typedef PRUint16 SSL3ProtocolVersion; |
15 /* version numbers are defined in sslproto.h */ | 15 /* version numbers are defined in sslproto.h */ |
16 | 16 |
17 /* The TLS 1.3 draft version. Used to avoid negotiating | 17 /* The TLS 1.3 draft version. Used to avoid negotiating |
18 * between incompatible pre-standard TLS 1.3 drafts. | 18 * between incompatible pre-standard TLS 1.3 drafts. |
19 * TODO(ekr@rtfm.com): Remove when TLS 1.3 is published. */ | 19 * TODO(ekr@rtfm.com): Remove when TLS 1.3 is published. */ |
20 #define TLS_1_3_DRAFT_VERSION 3 | 20 #define TLS_1_3_DRAFT_VERSION 11 |
21 | 21 |
22 typedef PRUint16 ssl3CipherSuite; | 22 typedef PRUint16 ssl3CipherSuite; |
23 /* The cipher suites are defined in sslproto.h */ | 23 /* The cipher suites are defined in sslproto.h */ |
24 | 24 |
25 #define MAX_CERT_TYPES 10 | 25 #define MAX_CERT_TYPES 10 |
26 #define MAX_COMPRESSION_METHODS 10 | 26 #define MAX_COMPRESSION_METHODS 10 |
27 #define MAX_MAC_LENGTH 64 | 27 #define MAX_MAC_LENGTH 64 |
28 #define MAX_PADDING_LENGTH 64 | 28 #define MAX_PADDING_LENGTH 64 |
29 #define MAX_KEY_LENGTH 64 | 29 #define MAX_KEY_LENGTH 64 |
30 #define EXPORT_KEY_LENGTH 5 | 30 #define EXPORT_KEY_LENGTH 5 |
31 #define SSL3_RANDOM_LENGTH 32 | 31 #define SSL3_RANDOM_LENGTH 32 |
32 | 32 |
33 #define SSL3_RECORD_HEADER_LENGTH 5 | 33 #define SSL3_RECORD_HEADER_LENGTH 5 |
34 | 34 |
35 /* SSL3_RECORD_HEADER_LENGTH + epoch/sequence_number */ | 35 /* SSL3_RECORD_HEADER_LENGTH + epoch/sequence_number */ |
36 #define DTLS_RECORD_HEADER_LENGTH 13 | 36 #define DTLS_RECORD_HEADER_LENGTH 13 |
37 | 37 |
38 #define MAX_FRAGMENT_LENGTH 16384 | 38 #define MAX_FRAGMENT_LENGTH 16384 |
39 | 39 |
40 typedef enum { | 40 typedef enum { |
41 content_change_cipher_spec = 20, | 41 content_change_cipher_spec = 20, |
42 content_alert = 21, | 42 content_alert = 21, |
43 content_handshake = 22, | 43 content_handshake = 22, |
44 content_application_data = 23 | 44 content_application_data = 23 |
45 } SSL3ContentType; | 45 } SSL3ContentType; |
46 | 46 |
47 typedef struct { | 47 typedef struct { |
48 SSL3ContentType type; | 48 SSL3ContentType type; |
49 SSL3ProtocolVersion version; | 49 SSL3ProtocolVersion version; |
50 PRUint16 length; | 50 PRUint16 length; |
51 SECItem fragment; | 51 SECItem fragment; |
52 } SSL3Plaintext; | 52 } SSL3Plaintext; |
53 | 53 |
54 typedef struct { | 54 typedef struct { |
55 SSL3ContentType type; | 55 SSL3ContentType type; |
56 SSL3ProtocolVersion version; | 56 SSL3ProtocolVersion version; |
57 PRUint16 length; | 57 PRUint16 length; |
58 SECItem fragment; | 58 SECItem fragment; |
59 } SSL3Compressed; | 59 } SSL3Compressed; |
60 | 60 |
61 typedef struct { | 61 typedef struct { |
62 SECItem content; | 62 SECItem content; |
63 SSL3Opaque MAC[MAX_MAC_LENGTH]; | 63 SSL3Opaque MAC[MAX_MAC_LENGTH]; |
64 } SSL3GenericStreamCipher; | 64 } SSL3GenericStreamCipher; |
65 | 65 |
66 typedef struct { | 66 typedef struct { |
67 SECItem content; | 67 SECItem content; |
68 SSL3Opaque MAC[MAX_MAC_LENGTH]; | 68 SSL3Opaque MAC[MAX_MAC_LENGTH]; |
69 PRUint8 padding[MAX_PADDING_LENGTH]; | 69 PRUint8 padding[MAX_PADDING_LENGTH]; |
70 PRUint8 padding_length; | 70 PRUint8 padding_length; |
71 } SSL3GenericBlockCipher; | 71 } SSL3GenericBlockCipher; |
72 | 72 |
73 typedef enum { change_cipher_spec_choice = 1 } SSL3ChangeCipherSpecChoice; | 73 typedef enum { change_cipher_spec_choice = 1 } SSL3ChangeCipherSpecChoice; |
74 | 74 |
75 typedef struct { | 75 typedef struct { |
76 SSL3ChangeCipherSpecChoice choice; | 76 SSL3ChangeCipherSpecChoice choice; |
77 } SSL3ChangeCipherSpec; | 77 } SSL3ChangeCipherSpec; |
78 | 78 |
79 typedef enum { alert_warning = 1, alert_fatal = 2 } SSL3AlertLevel; | 79 typedef enum { alert_warning = 1, |
| 80 alert_fatal = 2 } SSL3AlertLevel; |
80 | 81 |
81 typedef enum { | 82 typedef enum { |
82 close_notify = 0, | 83 close_notify = 0, |
83 unexpected_message = 10, | 84 unexpected_message = 10, |
84 bad_record_mac = 20, | 85 bad_record_mac = 20, |
85 decryption_failed_RESERVED = 21, /* do not send; see RFC 5246 */ | 86 decryption_failed_RESERVED = 21, /* do not send; see RFC 5246 */ |
86 record_overflow = 22, /* TLS only */ | 87 record_overflow = 22, /* TLS only */ |
87 decompression_failure = 30, | 88 decompression_failure = 30, |
88 handshake_failure = 40, | 89 handshake_failure = 40, |
89 no_certificate = 41, /* SSL3 only, NOT TLS */ | 90 no_certificate = 41, /* SSL3 only, NOT TLS */ |
90 bad_certificate = 42, | 91 bad_certificate = 42, |
91 unsupported_certificate = 43, | 92 unsupported_certificate = 43, |
92 certificate_revoked = 44, | 93 certificate_revoked = 44, |
93 certificate_expired = 45, | 94 certificate_expired = 45, |
94 certificate_unknown = 46, | 95 certificate_unknown = 46, |
95 illegal_parameter = 47, | 96 illegal_parameter = 47, |
96 | 97 |
97 /* All alerts below are TLS only. */ | 98 /* All alerts below are TLS only. */ |
98 unknown_ca = 48, | 99 unknown_ca = 48, |
99 access_denied = 49, | 100 access_denied = 49, |
100 decode_error = 50, | 101 decode_error = 50, |
101 decrypt_error = 51, | 102 decrypt_error = 51, |
102 export_restriction = 60, | 103 export_restriction = 60, |
103 protocol_version = 70, | 104 protocol_version = 70, |
104 insufficient_security = 71, | 105 insufficient_security = 71, |
105 internal_error = 80, | 106 internal_error = 80, |
106 inappropriate_fallback = 86,» /* could also be sent for SSLv3 */ | 107 inappropriate_fallback = 86, /* could also be sent for SSLv3 */ |
107 user_canceled = 90, | 108 user_canceled = 90, |
108 no_renegotiation = 100, | 109 no_renegotiation = 100, |
109 | 110 |
110 /* Alerts for client hello extensions */ | 111 /* Alerts for client hello extensions */ |
111 unsupported_extension = 110, | 112 missing_extension = 109, |
112 certificate_unobtainable = 111, | 113 unsupported_extension = 110, |
113 unrecognized_name = 112, | 114 certificate_unobtainable = 111, |
| 115 unrecognized_name = 112, |
114 bad_certificate_status_response = 113, | 116 bad_certificate_status_response = 113, |
115 bad_certificate_hash_value = 114, | 117 bad_certificate_hash_value = 114, |
116 no_application_protocol = 120 | 118 no_application_protocol = 120 |
117 | 119 |
118 } SSL3AlertDescription; | 120 } SSL3AlertDescription; |
119 | 121 |
120 typedef struct { | 122 typedef struct { |
121 SSL3AlertLevel level; | 123 SSL3AlertLevel level; |
122 SSL3AlertDescription description; | 124 SSL3AlertDescription description; |
123 } SSL3Alert; | 125 } SSL3Alert; |
124 | 126 |
125 typedef enum { | 127 typedef enum { |
126 hello_request = 0, | 128 hello_request = 0, |
127 client_hello = 1, | 129 client_hello = 1, |
128 server_hello = 2, | 130 server_hello = 2, |
129 hello_verify_request = 3, | 131 hello_verify_request = 3, |
130 new_session_ticket = 4, | 132 new_session_ticket = 4, |
131 certificate = 11, | 133 hello_retry_request = 6, |
| 134 encrypted_extensions = 8, |
| 135 certificate = 11, |
132 server_key_exchange = 12, | 136 server_key_exchange = 12, |
133 certificate_request = 13, | 137 certificate_request = 13, |
134 server_hello_done = 14, | 138 server_hello_done = 14, |
135 certificate_verify = 15, | 139 certificate_verify = 15, |
136 client_key_exchange = 16, | 140 client_key_exchange = 16, |
137 finished = 20, | 141 finished = 20, |
138 certificate_status = 22, | 142 certificate_status = 22, |
139 next_proto = 67, | 143 next_proto = 67, |
140 encrypted_extensions = 203, | 144 channelid_encrypted_extensions = 203 |
141 } SSL3HandshakeType; | 145 } SSL3HandshakeType; |
142 | 146 |
143 typedef struct { | 147 typedef struct { |
144 PRUint8 empty; | 148 PRUint8 empty; |
145 } SSL3HelloRequest; | 149 } SSL3HelloRequest; |
146 | 150 |
147 typedef struct { | 151 typedef struct { |
148 SSL3Opaque rand[SSL3_RANDOM_LENGTH]; | 152 SSL3Opaque rand[SSL3_RANDOM_LENGTH]; |
149 } SSL3Random; | 153 } SSL3Random; |
150 | 154 |
151 typedef struct { | 155 typedef struct { |
152 SSL3Opaque id[32]; | 156 SSL3Opaque id[32]; |
153 PRUint8 length; | 157 PRUint8 length; |
154 } SSL3SessionID; | 158 } SSL3SessionID; |
155 | 159 |
156 typedef struct { | 160 typedef struct { |
157 SSL3ProtocolVersion client_version; | 161 SSL3ProtocolVersion client_version; |
158 SSL3Random random; | 162 SSL3Random random; |
159 SSL3SessionID session_id; | 163 SSL3SessionID session_id; |
160 SECItem cipher_suites; | 164 SECItem cipher_suites; |
161 PRUint8 cm_count; | 165 PRUint8 cm_count; |
162 SSLCompressionMethod compression_methods[MAX_COMPRESSION_METHODS]; | 166 SSLCompressionMethod compression_methods[MAX_COMPRESSION_METHODS]; |
163 } SSL3ClientHello; | 167 } SSL3ClientHello; |
164 | 168 |
165 typedef struct { | 169 typedef struct { |
166 SSL3ProtocolVersion server_version; | 170 SSL3ProtocolVersion server_version; |
167 SSL3Random random; | 171 SSL3Random random; |
168 SSL3SessionID session_id; | 172 SSL3SessionID session_id; |
169 ssl3CipherSuite cipher_suite; | 173 ssl3CipherSuite cipher_suite; |
170 SSLCompressionMethod compression_method; | 174 SSLCompressionMethod compression_method; |
171 } SSL3ServerHello; | 175 } SSL3ServerHello; |
172 | 176 |
173 typedef struct { | 177 typedef struct { |
174 SECItem list; | 178 SECItem list; |
175 } SSL3Certificate; | 179 } SSL3Certificate; |
176 | 180 |
177 /* SSL3SignType moved to ssl.h */ | 181 /* SSL3SignType moved to ssl.h */ |
178 | 182 |
179 /* The SSL key exchange method used */ | 183 /* The SSL key exchange method used */ |
180 typedef enum { | 184 typedef enum { |
(...skipping 57 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
238 } SSL3Hashes; | 242 } SSL3Hashes; |
239 | 243 |
240 typedef struct { | 244 typedef struct { |
241 union { | 245 union { |
242 SSL3Opaque anonymous; | 246 SSL3Opaque anonymous; |
243 SSL3Hashes certified; | 247 SSL3Hashes certified; |
244 } u; | 248 } u; |
245 } SSL3ServerKeyExchange; | 249 } SSL3ServerKeyExchange; |
246 | 250 |
247 typedef enum { | 251 typedef enum { |
248 ct_RSA_sign = 1, | 252 ct_RSA_sign = 1, |
249 ct_DSS_sign = 2, | 253 ct_DSS_sign = 2, |
250 ct_RSA_fixed_DH = 3, | 254 ct_RSA_fixed_DH = 3, |
251 ct_DSS_fixed_DH = 4, | 255 ct_DSS_fixed_DH = 4, |
252 ct_RSA_ephemeral_DH = 5, | 256 ct_RSA_ephemeral_DH = 5, |
253 ct_DSS_ephemeral_DH = 6, | 257 ct_DSS_ephemeral_DH = 6, |
254 ct_ECDSA_sign = 64, | 258 ct_ECDSA_sign = 64, |
255 ct_RSA_fixed_ECDH = 65, | 259 ct_RSA_fixed_ECDH = 65, |
256 ct_ECDSA_fixed_ECDH = 66 | 260 ct_ECDSA_fixed_ECDH = 66 |
257 | 261 |
258 } SSL3ClientCertificateType; | 262 } SSL3ClientCertificateType; |
259 | 263 |
260 typedef SECItem *SSL3DistinquishedName; | |
261 | |
262 typedef struct { | 264 typedef struct { |
263 SSL3Opaque client_version[2]; | 265 SSL3Opaque client_version[2]; |
264 SSL3Opaque random[46]; | 266 SSL3Opaque random[46]; |
265 } SSL3RSAPreMasterSecret; | 267 } SSL3RSAPreMasterSecret; |
266 | 268 |
267 typedef SECItem SSL3EncryptedPreMasterSecret; | |
268 | |
269 | |
270 typedef SSL3Opaque SSL3MasterSecret[48]; | 269 typedef SSL3Opaque SSL3MasterSecret[48]; |
271 | 270 |
272 typedef enum { implicit, explicit } SSL3PublicValueEncoding; | |
273 | |
274 typedef struct { | |
275 union { | |
276 SSL3Opaque implicit; | |
277 SECItem explicit; | |
278 } dh_public; | |
279 } SSL3ClientDiffieHellmanPublic; | |
280 | |
281 typedef struct { | |
282 union { | |
283 SSL3EncryptedPreMasterSecret rsa; | |
284 SSL3ClientDiffieHellmanPublic diffie_helman; | |
285 } exchange_keys; | |
286 } SSL3ClientKeyExchange; | |
287 | |
288 typedef SSL3Hashes SSL3PreSignedCertificateVerify; | |
289 | |
290 typedef SECItem SSL3CertificateVerify; | |
291 | |
292 typedef enum { | 271 typedef enum { |
293 sender_client = 0x434c4e54, | 272 sender_client = 0x434c4e54, |
294 sender_server = 0x53525652 | 273 sender_server = 0x53525652 |
295 } SSL3Sender; | 274 } SSL3Sender; |
296 | 275 |
297 typedef SSL3HashesIndividually SSL3Finished; | 276 typedef SSL3HashesIndividually SSL3Finished; |
298 | 277 |
299 typedef struct { | 278 typedef struct { |
300 SSL3Opaque verify_data[12]; | 279 SSL3Opaque verify_data[12]; |
301 } TLSFinished; | 280 } TLSFinished; |
302 | 281 |
303 /* | 282 /* |
304 * TLS extension related data structures and constants. | 283 * TLS extension related data structures and constants. |
305 */ | 284 */ |
306 | 285 |
307 /* SessionTicket extension related data structures. */ | 286 /* SessionTicket extension related data structures. */ |
308 | 287 |
309 /* NewSessionTicket handshake message. */ | 288 /* NewSessionTicket handshake message. */ |
310 typedef struct { | 289 typedef struct { |
311 PRUint32 received_timestamp; | 290 PRUint32 received_timestamp; |
312 PRUint32 ticket_lifetime_hint; | 291 PRUint32 ticket_lifetime_hint; |
313 SECItem ticket; | 292 SECItem ticket; |
314 } NewSessionTicket; | 293 } NewSessionTicket; |
315 | 294 |
316 typedef enum { | 295 typedef enum { |
317 CLIENT_AUTH_ANONYMOUS = 0, | 296 CLIENT_AUTH_ANONYMOUS = 0, |
318 CLIENT_AUTH_CERTIFICATE = 1 | 297 CLIENT_AUTH_CERTIFICATE = 1 |
319 } ClientAuthenticationType; | 298 } ClientAuthenticationType; |
320 | 299 |
321 typedef struct { | 300 typedef struct { |
322 ClientAuthenticationType client_auth_type; | 301 ClientAuthenticationType client_auth_type; |
323 union { | 302 union { |
324 SSL3Opaque *certificate_list; | 303 SSL3Opaque *certificate_list; |
325 } identity; | 304 } identity; |
326 } ClientIdentity; | 305 } ClientIdentity; |
327 | 306 |
328 #define SESS_TICKET_KEY_NAME_LEN 16 | 307 #define SESS_TICKET_KEY_NAME_LEN 16 |
329 #define SESS_TICKET_KEY_NAME_PREFIX "NSS!" | 308 #define SESS_TICKET_KEY_NAME_PREFIX "NSS!" |
330 #define SESS_TICKET_KEY_NAME_PREFIX_LEN 4 | 309 #define SESS_TICKET_KEY_NAME_PREFIX_LEN 4 |
331 #define SESS_TICKET_KEY_VAR_NAME_LEN 12 | 310 #define SESS_TICKET_KEY_VAR_NAME_LEN 12 |
332 | 311 |
333 typedef struct { | 312 typedef struct { |
334 unsigned char *key_name; | 313 unsigned char *key_name; |
335 unsigned char *iv; | 314 unsigned char *iv; |
336 SECItem encrypted_state; | 315 SECItem encrypted_state; |
337 unsigned char *mac; | 316 unsigned char *mac; |
338 } EncryptedSessionTicket; | 317 } EncryptedSessionTicket; |
339 | 318 |
340 #define TLS_EX_SESS_TICKET_MAC_LENGTH 32 | 319 #define TLS_EX_SESS_TICKET_MAC_LENGTH 32 |
341 | 320 |
342 #define TLS_STE_NO_SERVER_NAME -1 | 321 #define TLS_STE_NO_SERVER_NAME -1 |
343 | 322 |
344 #endif /* __ssl3proto_h_ */ | 323 #endif /* __ssl3proto_h_ */ |
OLD | NEW |