OLD | NEW |
1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ | 1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ |
2 /* | 2 /* |
3 * This file contains prototypes for the public SSL functions. | 3 * This file contains prototypes for the public SSL functions. |
4 * | 4 * |
5 * This Source Code Form is subject to the terms of the Mozilla Public | 5 * This Source Code Form is subject to the terms of the Mozilla Public |
6 * License, v. 2.0. If a copy of the MPL was not distributed with this | 6 * License, v. 2.0. If a copy of the MPL was not distributed with this |
7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
8 | 8 |
9 #ifndef __sslt_h_ | 9 #ifndef __sslt_h_ |
10 #define __sslt_h_ | 10 #define __sslt_h_ |
11 | 11 |
12 #include "prtypes.h" | 12 #include "prtypes.h" |
13 | 13 |
14 /* SECItemArray is added in NSS 3.15. Define the type if compiling | |
15 ** against an older version of NSS. | |
16 */ | |
17 #include "nssutil.h" | |
18 #if NSSUTIL_VMAJOR == 3 && NSSUTIL_VMINOR < 15 | |
19 typedef struct SECItemArrayStr SECItemArray; | |
20 | |
21 struct SECItemArrayStr { | |
22 SECItem *items; | |
23 unsigned int len; | |
24 }; | |
25 #endif /* NSSUTIL_VMAJOR == 3 && NSSUTIL_VMINOR < 15 */ | |
26 | |
27 typedef struct SSL3StatisticsStr { | 14 typedef struct SSL3StatisticsStr { |
28 /* statistics from ssl3_SendClientHello (sch) */ | 15 /* statistics from ssl3_SendClientHello (sch) */ |
29 long sch_sid_cache_hits; | 16 long sch_sid_cache_hits; |
30 long sch_sid_cache_misses; | 17 long sch_sid_cache_misses; |
31 long sch_sid_cache_not_ok; | 18 long sch_sid_cache_not_ok; |
32 | 19 |
33 /* statistics from ssl3_HandleServerHello (hsh) */ | 20 /* statistics from ssl3_HandleServerHello (hsh) */ |
34 long hsh_sid_cache_hits; | 21 long hsh_sid_cache_hits; |
35 long hsh_sid_cache_misses; | 22 long hsh_sid_cache_misses; |
36 long hsh_sid_cache_not_ok; | 23 long hsh_sid_cache_not_ok; |
37 | 24 |
38 /* statistics from ssl3_HandleClientHello (hch) */ | 25 /* statistics from ssl3_HandleClientHello (hch) */ |
39 long hch_sid_cache_hits; | 26 long hch_sid_cache_hits; |
40 long hch_sid_cache_misses; | 27 long hch_sid_cache_misses; |
41 long hch_sid_cache_not_ok; | 28 long hch_sid_cache_not_ok; |
42 | 29 |
43 /* statistics related to stateless resume */ | 30 /* statistics related to stateless resume */ |
44 long sch_sid_stateless_resumes; | 31 long sch_sid_stateless_resumes; |
45 long hsh_sid_stateless_resumes; | 32 long hsh_sid_stateless_resumes; |
46 long hch_sid_stateless_resumes; | 33 long hch_sid_stateless_resumes; |
47 long hch_sid_ticket_parse_failures; | 34 long hch_sid_ticket_parse_failures; |
48 } SSL3Statistics; | 35 } SSL3Statistics; |
49 | 36 |
50 /* Key Exchange algorithm values */ | 37 /* Key Exchange algorithm values */ |
51 typedef enum { | 38 typedef enum { |
52 ssl_kea_null = 0, | 39 ssl_kea_null = 0, |
53 ssl_kea_rsa = 1, | 40 ssl_kea_rsa = 1, |
54 ssl_kea_dh = 2, | 41 ssl_kea_dh = 2, |
55 ssl_kea_fortezza = 3, /* deprecated, now unused */ | 42 ssl_kea_fortezza = 3, /* deprecated, now unused */ |
56 ssl_kea_ecdh = 4, | 43 ssl_kea_ecdh = 4, |
57 ssl_kea_size» » /* number of ssl_kea_ algorithms */ | 44 ssl_kea_size /* number of ssl_kea_ algorithms */ |
58 } SSLKEAType; | 45 } SSLKEAType; |
59 | 46 |
60 /* The following defines are for backwards compatibility. | 47 /* The following defines are for backwards compatibility. |
61 ** They will be removed in a forthcoming release to reduce namespace pollution. | 48 ** They will be removed in a forthcoming release to reduce namespace pollution. |
62 ** programs that use the kt_ symbols should convert to the ssl_kt_ symbols | 49 ** programs that use the kt_ symbols should convert to the ssl_kt_ symbols |
63 ** soon. | 50 ** soon. |
64 */ | 51 */ |
65 #define kt_null » ssl_kea_null | 52 #define kt_null ssl_kea_null |
66 #define kt_rsa » ssl_kea_rsa | 53 #define kt_rsa ssl_kea_rsa |
67 #define kt_dh » ssl_kea_dh | 54 #define kt_dh ssl_kea_dh |
68 #define kt_fortezza» ssl_kea_fortezza /* deprecated, now unused */ | 55 #define kt_fortezza ssl_kea_fortezza /* deprecated, now unused */ |
69 #define kt_ecdh » ssl_kea_ecdh | 56 #define kt_ecdh ssl_kea_ecdh |
70 #define kt_kea_size» ssl_kea_size | 57 #define kt_kea_size ssl_kea_size |
71 | |
72 | 58 |
73 /* Values of this enum match the SignatureAlgorithm enum from | 59 /* Values of this enum match the SignatureAlgorithm enum from |
74 * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */ | 60 * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */ |
75 typedef enum { | 61 typedef enum { |
76 ssl_sign_null = 0, /* "anonymous" in TLS */ | 62 ssl_sign_null = 0, /* "anonymous" in TLS */ |
77 ssl_sign_rsa = 1, | 63 ssl_sign_rsa = 1, |
78 ssl_sign_dsa = 2, | 64 ssl_sign_dsa = 2, |
79 ssl_sign_ecdsa = 3 | 65 ssl_sign_ecdsa = 3 |
80 } SSLSignType; | 66 } SSLSignType; |
81 | 67 |
82 /* Values of this enum match the HashAlgorithm enum from | 68 /* Values of this enum match the HashAlgorithm enum from |
83 * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */ | 69 * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */ |
84 typedef enum { | 70 typedef enum { |
85 /* ssl_hash_none is used internally to mean the pre-1.2 combination of MD5 | 71 /* ssl_hash_none is used internally to mean the pre-1.2 combination of MD5 |
86 * and SHA1. The other values are only used in TLS 1.2. */ | 72 * and SHA1. The other values are only used in TLS 1.2. */ |
87 ssl_hash_none = 0, | 73 ssl_hash_none = 0, |
88 ssl_hash_md5 = 1, | 74 ssl_hash_md5 = 1, |
89 ssl_hash_sha1 = 2, | 75 ssl_hash_sha1 = 2, |
90 ssl_hash_sha224 = 3, | 76 ssl_hash_sha224 = 3, |
91 ssl_hash_sha256 = 4, | 77 ssl_hash_sha256 = 4, |
92 ssl_hash_sha384 = 5, | 78 ssl_hash_sha384 = 5, |
93 ssl_hash_sha512 = 6 | 79 ssl_hash_sha512 = 6 |
94 } SSLHashType; | 80 } SSLHashType; |
95 | 81 |
96 typedef struct SSLSignatureAndHashAlgStr { | 82 typedef struct SSLSignatureAndHashAlgStr { |
97 SSLHashType hashAlg; | 83 SSLHashType hashAlg; |
98 SSLSignType sigAlg; | 84 SSLSignType sigAlg; |
99 } SSLSignatureAndHashAlg; | 85 } SSLSignatureAndHashAlg; |
100 | 86 |
101 typedef enum { | 87 typedef enum { |
102 ssl_auth_null = 0, | 88 ssl_auth_null = 0, |
103 ssl_auth_rsa = 1, | 89 ssl_auth_rsa = 1, |
104 ssl_auth_dsa = 2, | 90 ssl_auth_dsa = 2, |
105 ssl_auth_kea = 3, | 91 ssl_auth_kea = 3, |
106 ssl_auth_ecdsa = 4 | 92 ssl_auth_ecdsa = 4 |
107 } SSLAuthType; | 93 } SSLAuthType; |
108 | 94 |
109 typedef enum { | 95 typedef enum { |
110 ssl_calg_null = 0, | 96 ssl_calg_null = 0, |
111 ssl_calg_rc4 = 1, | 97 ssl_calg_rc4 = 1, |
112 ssl_calg_rc2 = 2, | 98 ssl_calg_rc2 = 2, |
113 ssl_calg_des = 3, | 99 ssl_calg_des = 3, |
114 ssl_calg_3des = 4, | 100 ssl_calg_3des = 4, |
115 ssl_calg_idea = 5, | 101 ssl_calg_idea = 5, |
116 ssl_calg_fortezza = 6, /* deprecated, now unused */ | 102 ssl_calg_fortezza = 6, /* deprecated, now unused */ |
117 ssl_calg_aes = 7, | 103 ssl_calg_aes = 7, |
118 ssl_calg_camellia = 8, | 104 ssl_calg_camellia = 8, |
119 ssl_calg_seed = 9, | 105 ssl_calg_seed = 9, |
120 ssl_calg_aes_gcm = 10, | 106 ssl_calg_aes_gcm = 10, |
121 ssl_calg_chacha20 = 11 | 107 ssl_calg_chacha20 = 11 |
122 } SSLCipherAlgorithm; | 108 } SSLCipherAlgorithm; |
123 | 109 |
124 typedef enum { | 110 typedef enum { |
125 ssl_mac_null = 0, | 111 ssl_mac_null = 0, |
126 ssl_mac_md5 = 1, | 112 ssl_mac_md5 = 1, |
127 ssl_mac_sha = 2, | 113 ssl_mac_sha = 2, |
128 ssl_hmac_md5 = 3, » /* TLS HMAC version of mac_md5 */ | 114 ssl_hmac_md5 = 3, /* TLS HMAC version of mac_md5 */ |
129 ssl_hmac_sha = 4, » /* TLS HMAC version of mac_sha */ | 115 ssl_hmac_sha = 4, /* TLS HMAC version of mac_sha */ |
130 ssl_hmac_sha256 = 5, | 116 ssl_hmac_sha256 = 5, |
131 ssl_mac_aead = 6 | 117 ssl_mac_aead = 6 |
132 } SSLMACAlgorithm; | 118 } SSLMACAlgorithm; |
133 | 119 |
134 typedef enum { | 120 typedef enum { |
135 ssl_compression_null = 0, | 121 ssl_compression_null = 0, |
136 ssl_compression_deflate = 1 /* RFC 3749 */ | 122 ssl_compression_deflate = 1 /* RFC 3749 */ |
137 } SSLCompressionMethod; | 123 } SSLCompressionMethod; |
138 | 124 |
139 typedef struct SSLChannelInfoStr { | 125 typedef struct SSLChannelInfoStr { |
140 PRUint32 length; | 126 /* |length| is obsolete. On return, SSL_GetChannelInfo sets |length| to the |
141 PRUint16 protocolVersion; | 127 * smaller of the |len| argument and the length of the struct. The caller |
142 PRUint16 cipherSuite; | 128 * may ignore |length|. */ |
| 129 PRUint32 length; |
| 130 PRUint16 protocolVersion; |
| 131 PRUint16 cipherSuite; |
143 | 132 |
144 /* server authentication info */ | 133 /* server authentication info */ |
145 PRUint32 authKeyBits; | 134 PRUint32 authKeyBits; |
146 | 135 |
147 /* key exchange algorithm info */ | 136 /* key exchange algorithm info */ |
148 PRUint32 keaKeyBits; | 137 PRUint32 keaKeyBits; |
149 | 138 |
150 /* session info */ | 139 /* session info */ |
151 PRUint32 creationTime;» » /* seconds since Jan 1, 1970 */ | 140 PRUint32 creationTime; /* seconds since Jan 1, 1970 */ |
152 PRUint32 lastAccessTime;» /* seconds since Jan 1, 1970 */ | 141 PRUint32 lastAccessTime; /* seconds since Jan 1, 1970 */ |
153 PRUint32 expirationTime;» /* seconds since Jan 1, 1970 */ | 142 PRUint32 expirationTime; /* seconds since Jan 1, 1970 */ |
154 PRUint32 sessionIDLength;» /* up to 32 */ | 143 PRUint32 sessionIDLength; /* up to 32 */ |
155 PRUint8 sessionID [32]; | 144 PRUint8 sessionID[32]; |
156 | 145 |
157 /* The following fields are added in NSS 3.12.5. */ | 146 /* The following fields are added in NSS 3.12.5. */ |
158 | 147 |
159 /* compression method info */ | 148 /* compression method info */ |
160 const char * compressionMethodName; | 149 const char* compressionMethodName; |
161 SSLCompressionMethod compressionMethod; | 150 SSLCompressionMethod compressionMethod; |
162 | 151 |
163 /* The following fields are added in NSS 3.21. | 152 /* The following fields are added in NSS 3.21. |
164 * This field only has meaning in TLS < 1.3 and will be set to | 153 * This field only has meaning in TLS < 1.3 and will be set to |
165 * PR_FALSE in TLS 1.3. | 154 * PR_FALSE in TLS 1.3. |
166 */ | 155 */ |
167 PRBool extendedMasterSecretUsed; | 156 PRBool extendedMasterSecretUsed; |
168 } SSLChannelInfo; | 157 } SSLChannelInfo; |
169 | 158 |
170 /* Preliminary channel info */ | 159 /* Preliminary channel info */ |
171 #define ssl_preinfo_version (1U << 0) | 160 #define ssl_preinfo_version (1U << 0) |
172 #define ssl_preinfo_cipher_suite (1U << 1) | 161 #define ssl_preinfo_cipher_suite (1U << 1) |
173 #define ssl_preinfo_all (ssl_preinfo_version|ssl_preinfo_cipher_suite) | 162 #define ssl_preinfo_all (ssl_preinfo_version | ssl_preinfo_cipher_suite) |
174 | 163 |
175 typedef struct SSLPreliminaryChannelInfoStr { | 164 typedef struct SSLPreliminaryChannelInfoStr { |
176 /* This is set to the length of the struct. */ | 165 /* |length| is obsolete. On return, SSL_GetPreliminaryChannelInfo sets |
| 166 * |length| to the smaller of the |len| argument and the length of the |
| 167 * struct. The caller may ignore |length|. */ |
177 PRUint32 length; | 168 PRUint32 length; |
178 /* A bitfield over SSLPreliminaryValueSet that describes which | 169 /* A bitfield over SSLPreliminaryValueSet that describes which |
179 * preliminary values are set (see ssl_preinfo_*). */ | 170 * preliminary values are set (see ssl_preinfo_*). */ |
180 PRUint32 valuesSet; | 171 PRUint32 valuesSet; |
181 /* Protocol version: test (valuesSet & ssl_preinfo_version) */ | 172 /* Protocol version: test (valuesSet & ssl_preinfo_version) */ |
182 PRUint16 protocolVersion; | 173 PRUint16 protocolVersion; |
183 /* Cipher suite: test (valuesSet & ssl_preinfo_cipher_suite) */ | 174 /* Cipher suite: test (valuesSet & ssl_preinfo_cipher_suite) */ |
184 PRUint16 cipherSuite; | 175 PRUint16 cipherSuite; |
185 } SSLPreliminaryChannelInfo; | 176 } SSLPreliminaryChannelInfo; |
186 | 177 |
187 typedef struct SSLCipherSuiteInfoStr { | 178 typedef struct SSLCipherSuiteInfoStr { |
188 PRUint16 length; | 179 /* |length| is obsolete. On return, SSL_GetCipherSuitelInfo sets |length| |
189 PRUint16 cipherSuite; | 180 * to the smaller of the |len| argument and the length of the struct. The |
| 181 * caller may ignore |length|. */ |
| 182 PRUint16 length; |
| 183 PRUint16 cipherSuite; |
190 | 184 |
191 /* Cipher Suite Name */ | 185 /* Cipher Suite Name */ |
192 const char * cipherSuiteName; | 186 const char* cipherSuiteName; |
193 | 187 |
194 /* server authentication info */ | 188 /* server authentication info */ |
195 const char * authAlgorithmName; | 189 const char* authAlgorithmName; |
196 SSLAuthType authAlgorithm; | 190 SSLAuthType authAlgorithm; |
197 | 191 |
198 /* key exchange algorithm info */ | 192 /* key exchange algorithm info */ |
199 const char * keaTypeName; | 193 const char* keaTypeName; |
200 SSLKEAType keaType; | 194 SSLKEAType keaType; |
201 | 195 |
202 /* symmetric encryption info */ | 196 /* symmetric encryption info */ |
203 const char * symCipherName; | 197 const char* symCipherName; |
204 SSLCipherAlgorithm symCipher; | 198 SSLCipherAlgorithm symCipher; |
205 PRUint16 symKeyBits; | 199 PRUint16 symKeyBits; |
206 PRUint16 symKeySpace; | 200 PRUint16 symKeySpace; |
207 PRUint16 effectiveKeyBits; | 201 PRUint16 effectiveKeyBits; |
208 | 202 |
209 /* MAC info */ | 203 /* MAC info */ |
210 /* AEAD ciphers don't have a MAC. For an AEAD cipher, macAlgorithmName | 204 /* AEAD ciphers don't have a MAC. For an AEAD cipher, macAlgorithmName |
211 * is "AEAD", macAlgorithm is ssl_mac_aead, and macBits is the length in | 205 * is "AEAD", macAlgorithm is ssl_mac_aead, and macBits is the length in |
212 * bits of the authentication tag. */ | 206 * bits of the authentication tag. */ |
213 const char * macAlgorithmName; | 207 const char* macAlgorithmName; |
214 SSLMACAlgorithm macAlgorithm; | 208 SSLMACAlgorithm macAlgorithm; |
215 PRUint16 macBits; | 209 PRUint16 macBits; |
216 | 210 |
217 PRUintn isFIPS : 1; | 211 PRUintn isFIPS : 1; |
218 PRUintn isExportable : 1; | 212 PRUintn isExportable : 1; |
219 PRUintn nonStandard : 1; | 213 PRUintn nonStandard : 1; |
220 PRUintn reservedBits :29; | 214 PRUintn reservedBits : 29; |
221 | 215 |
222 } SSLCipherSuiteInfo; | 216 } SSLCipherSuiteInfo; |
223 | 217 |
224 typedef enum { | 218 typedef enum { |
225 ssl_variant_stream = 0, | 219 ssl_variant_stream = 0, |
226 ssl_variant_datagram = 1 | 220 ssl_variant_datagram = 1 |
227 } SSLProtocolVariant; | 221 } SSLProtocolVariant; |
228 | 222 |
229 typedef struct SSLVersionRangeStr { | 223 typedef struct SSLVersionRangeStr { |
230 PRUint16 min; | 224 PRUint16 min; |
231 PRUint16 max; | 225 PRUint16 max; |
232 } SSLVersionRange; | 226 } SSLVersionRange; |
233 | 227 |
234 typedef enum { | 228 typedef enum { |
235 SSL_sni_host_name = 0, | 229 SSL_sni_host_name = 0, |
236 SSL_sni_type_total | 230 SSL_sni_type_total |
237 } SSLSniNameType; | 231 } SSLSniNameType; |
238 | 232 |
239 /* Supported extensions. */ | 233 /* Supported extensions. */ |
240 /* Update SSL_MAX_EXTENSIONS whenever a new extension type is added. */ | 234 /* Update SSL_MAX_EXTENSIONS whenever a new extension type is added. */ |
241 typedef enum { | 235 typedef enum { |
242 ssl_server_name_xtn = 0, | 236 ssl_server_name_xtn = 0, |
243 ssl_cert_status_xtn = 5, | 237 ssl_cert_status_xtn = 5, |
244 #ifndef NSS_DISABLE_ECC | 238 #ifndef NSS_DISABLE_ECC |
245 ssl_elliptic_curves_xtn = 10, | 239 ssl_elliptic_curves_xtn = 10, |
246 ssl_ec_point_formats_xtn = 11, | 240 ssl_ec_point_formats_xtn = 11, |
247 #endif | 241 #endif |
248 ssl_signature_algorithms_xtn = 13, | 242 ssl_signature_algorithms_xtn = 13, |
249 ssl_use_srtp_xtn = 14, | 243 ssl_use_srtp_xtn = 14, |
250 ssl_app_layer_protocol_xtn = 16, | 244 ssl_app_layer_protocol_xtn = 16, |
251 ssl_signed_certificate_timestamp_xtn = 18, /* RFC 6962 */ | 245 /* signed_certificate_timestamp extension, RFC 6962 */ |
252 ssl_padding_xtn = 21, | 246 ssl_signed_cert_timestamp_xtn = 18, |
253 ssl_extended_master_secret_xtn = 23, | 247 ssl_padding_xtn = 21, |
254 ssl_session_ticket_xtn = 35, | 248 ssl_extended_master_secret_xtn = 23, |
255 ssl_next_proto_nego_xtn = 13172, | 249 ssl_session_ticket_xtn = 35, |
256 ssl_channel_id_xtn = 30032, | 250 ssl_tls13_key_share_xtn = 40, /* unofficial TODO(ekr) */ |
257 ssl_renegotiation_info_xtn = 0xff01, | 251 ssl_next_proto_nego_xtn = 13172, |
258 ssl_tls13_draft_version_xtn = 0xff02 /* experimental number */ | 252 ssl_channel_id_xtn = 30032, |
| 253 ssl_renegotiation_info_xtn = 0xff01, |
| 254 ssl_tls13_draft_version_xtn = 0xff02 /* experimental number */ |
259 } SSLExtensionType; | 255 } SSLExtensionType; |
260 | 256 |
261 #define SSL_MAX_EXTENSIONS 14 /* doesn't include ssl_padding_xtn. */ | 257 #define SSL_MAX_EXTENSIONS 15 /* doesn't include ssl_padding_xtn. */ |
262 | 258 |
263 typedef enum { | 259 typedef enum { |
264 ssl_dhe_group_none = 0, | 260 ssl_dhe_group_none = 0, |
265 ssl_ff_dhe_2048_group = 1, | 261 ssl_ff_dhe_2048_group = 1, |
266 ssl_ff_dhe_3072_group = 2, | 262 ssl_ff_dhe_3072_group = 2, |
267 ssl_ff_dhe_4096_group = 3, | 263 ssl_ff_dhe_4096_group = 3, |
268 ssl_ff_dhe_6144_group = 4, | 264 ssl_ff_dhe_6144_group = 4, |
269 ssl_ff_dhe_8192_group = 5, | 265 ssl_ff_dhe_8192_group = 5, |
270 ssl_dhe_group_max | 266 ssl_dhe_group_max |
271 } SSLDHEGroupType; | 267 } SSLDHEGroupType; |
272 | 268 |
273 #endif /* __sslt_h_ */ | 269 #endif /* __sslt_h_ */ |
OLD | NEW |