OLD | NEW |
1 /* | 1 /* |
2 * This file is PRIVATE to SSL and should be the first thing included by | 2 * This file is PRIVATE to SSL and should be the first thing included by |
3 * any SSL implementation file. | 3 * any SSL implementation file. |
4 * | 4 * |
5 * This Source Code Form is subject to the terms of the Mozilla Public | 5 * This Source Code Form is subject to the terms of the Mozilla Public |
6 * License, v. 2.0. If a copy of the MPL was not distributed with this | 6 * License, v. 2.0. If a copy of the MPL was not distributed with this |
7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
8 | 8 |
9 #ifndef __sslimpl_h_ | 9 #ifndef __sslimpl_h_ |
10 #define __sslimpl_h_ | 10 #define __sslimpl_h_ |
(...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
57 #define calg_null ssl_calg_null | 57 #define calg_null ssl_calg_null |
58 #define calg_rc4 ssl_calg_rc4 | 58 #define calg_rc4 ssl_calg_rc4 |
59 #define calg_rc2 ssl_calg_rc2 | 59 #define calg_rc2 ssl_calg_rc2 |
60 #define calg_des ssl_calg_des | 60 #define calg_des ssl_calg_des |
61 #define calg_3des ssl_calg_3des | 61 #define calg_3des ssl_calg_3des |
62 #define calg_idea ssl_calg_idea | 62 #define calg_idea ssl_calg_idea |
63 #define calg_fortezza ssl_calg_fortezza /* deprecated, must preserve */ | 63 #define calg_fortezza ssl_calg_fortezza /* deprecated, must preserve */ |
64 #define calg_aes ssl_calg_aes | 64 #define calg_aes ssl_calg_aes |
65 #define calg_camellia ssl_calg_camellia | 65 #define calg_camellia ssl_calg_camellia |
66 #define calg_seed ssl_calg_seed | 66 #define calg_seed ssl_calg_seed |
| 67 #define calg_aes_gcm ssl_calg_aes_gcm |
67 | 68 |
68 #define mac_null ssl_mac_null | 69 #define mac_null ssl_mac_null |
69 #define mac_md5 ssl_mac_md5 | 70 #define mac_md5 ssl_mac_md5 |
70 #define mac_sha ssl_mac_sha | 71 #define mac_sha ssl_mac_sha |
71 #define hmac_md5 ssl_hmac_md5 | 72 #define hmac_md5 ssl_hmac_md5 |
72 #define hmac_sha ssl_hmac_sha | 73 #define hmac_sha ssl_hmac_sha |
73 #define hmac_sha256 ssl_hmac_sha256 | 74 #define hmac_sha256 ssl_hmac_sha256 |
74 | 75 |
75 #define SET_ERROR_CODE /* reminder */ | 76 #define SET_ERROR_CODE /* reminder */ |
76 #define SEND_ALERT /* reminder */ | 77 #define SEND_ALERT /* reminder */ |
(...skipping 206 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
283 unsigned int isPresent : 1; | 284 unsigned int isPresent : 1; |
284 #else | 285 #else |
285 ssl3CipherSuite cipher_suite; | 286 ssl3CipherSuite cipher_suite; |
286 PRUint8 policy; | 287 PRUint8 policy; |
287 unsigned char enabled : 1; | 288 unsigned char enabled : 1; |
288 unsigned char isPresent : 1; | 289 unsigned char isPresent : 1; |
289 #endif | 290 #endif |
290 } ssl3CipherSuiteCfg; | 291 } ssl3CipherSuiteCfg; |
291 | 292 |
292 #ifdef NSS_ENABLE_ECC | 293 #ifdef NSS_ENABLE_ECC |
293 #define ssl_V3_SUITES_IMPLEMENTED 57 | 294 #define ssl_V3_SUITES_IMPLEMENTED 61 |
294 #else | 295 #else |
295 #define ssl_V3_SUITES_IMPLEMENTED 35 | 296 #define ssl_V3_SUITES_IMPLEMENTED 37 |
296 #endif /* NSS_ENABLE_ECC */ | 297 #endif /* NSS_ENABLE_ECC */ |
297 | 298 |
298 #define MAX_DTLS_SRTP_CIPHER_SUITES 4 | 299 #define MAX_DTLS_SRTP_CIPHER_SUITES 4 |
299 | 300 |
300 typedef struct sslOptionsStr { | 301 typedef struct sslOptionsStr { |
301 /* If SSL_SetNextProtoNego has been called, then this contains the | 302 /* If SSL_SetNextProtoNego has been called, then this contains the |
302 * list of supported protocols. */ | 303 * list of supported protocols. */ |
303 SECItem nextProtoNego; | 304 SECItem nextProtoNego; |
304 | 305 |
305 unsigned int useSecurity : 1; /* 1 */ | 306 unsigned int useSecurity : 1; /* 1 */ |
(...skipping 127 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
433 unsigned int dtlsPacketOffset; | 434 unsigned int dtlsPacketOffset; |
434 }; | 435 }; |
435 | 436 |
436 /* sslGather.state */ | 437 /* sslGather.state */ |
437 #define GS_INIT 0 | 438 #define GS_INIT 0 |
438 #define GS_HEADER 1 | 439 #define GS_HEADER 1 |
439 #define GS_MAC 2 | 440 #define GS_MAC 2 |
440 #define GS_DATA 3 | 441 #define GS_DATA 3 |
441 #define GS_PAD 4 | 442 #define GS_PAD 4 |
442 | 443 |
443 typedef SECStatus (*SSLCipher)(void * context, | |
444 unsigned char * out, | |
445 int * outlen, | |
446 int maxout, | |
447 const unsigned char *in, | |
448 int inlen); | |
449 typedef SECStatus (*SSLCompressor)(void * context, | |
450 unsigned char * out, | |
451 int * outlen, | |
452 int maxout, | |
453 const unsigned char *in, | |
454 int inlen); | |
455 typedef SECStatus (*SSLDestroy)(void *context, PRBool freeit); | |
456 | |
457 #if defined(NSS_PLATFORM_CLIENT_AUTH) && defined(XP_WIN32) | 444 #if defined(NSS_PLATFORM_CLIENT_AUTH) && defined(XP_WIN32) |
458 typedef PCERT_KEY_CONTEXT PlatformKey; | 445 typedef PCERT_KEY_CONTEXT PlatformKey; |
459 #elif defined(NSS_PLATFORM_CLIENT_AUTH) && defined(XP_MACOSX) | 446 #elif defined(NSS_PLATFORM_CLIENT_AUTH) && defined(XP_MACOSX) |
460 typedef SecKeyRef PlatformKey; | 447 typedef SecKeyRef PlatformKey; |
461 #else | 448 #else |
462 typedef void *PlatformKey; | 449 typedef void *PlatformKey; |
463 #endif | 450 #endif |
464 | 451 |
465 | 452 |
466 | 453 |
(...skipping 11 matching lines...) Expand all Loading... |
478 cipher_rc2_40, | 465 cipher_rc2_40, |
479 cipher_des, | 466 cipher_des, |
480 cipher_3des, | 467 cipher_3des, |
481 cipher_des40, | 468 cipher_des40, |
482 cipher_idea, | 469 cipher_idea, |
483 cipher_aes_128, | 470 cipher_aes_128, |
484 cipher_aes_256, | 471 cipher_aes_256, |
485 cipher_camellia_128, | 472 cipher_camellia_128, |
486 cipher_camellia_256, | 473 cipher_camellia_256, |
487 cipher_seed, | 474 cipher_seed, |
| 475 cipher_aes_128_gcm, |
488 cipher_missing /* reserved for no such supported cipher */ | 476 cipher_missing /* reserved for no such supported cipher */ |
489 /* This enum must match ssl3_cipherName[] in ssl3con.c. */ | 477 /* This enum must match ssl3_cipherName[] in ssl3con.c. */ |
490 } SSL3BulkCipher; | 478 } SSL3BulkCipher; |
491 | 479 |
492 typedef enum { type_stream, type_block } CipherType; | 480 typedef enum { type_stream, type_block, type_aead } CipherType; |
493 | 481 |
494 #define MAX_IV_LENGTH 24 | 482 #define MAX_IV_LENGTH 24 |
495 | 483 |
496 /* | 484 /* |
497 * Do not depend upon 64 bit arithmetic in the underlying machine. | 485 * Do not depend upon 64 bit arithmetic in the underlying machine. |
498 */ | 486 */ |
499 typedef struct { | 487 typedef struct { |
500 PRUint32 high; | 488 PRUint32 high; |
501 PRUint32 low; | 489 PRUint32 low; |
502 } SSL3SequenceNumber; | 490 } SSL3SequenceNumber; |
(...skipping 21 matching lines...) Expand all Loading... |
524 PK11SymKey *write_key; | 512 PK11SymKey *write_key; |
525 PK11SymKey *write_mac_key; | 513 PK11SymKey *write_mac_key; |
526 PK11Context *write_mac_context; | 514 PK11Context *write_mac_context; |
527 SECItem write_key_item; | 515 SECItem write_key_item; |
528 SECItem write_iv_item; | 516 SECItem write_iv_item; |
529 SECItem write_mac_key_item; | 517 SECItem write_mac_key_item; |
530 SSL3Opaque write_iv[MAX_IV_LENGTH]; | 518 SSL3Opaque write_iv[MAX_IV_LENGTH]; |
531 PRUint64 cipher_context[MAX_CIPHER_CONTEXT_LLONGS]; | 519 PRUint64 cipher_context[MAX_CIPHER_CONTEXT_LLONGS]; |
532 } ssl3KeyMaterial; | 520 } ssl3KeyMaterial; |
533 | 521 |
| 522 typedef SECStatus (*SSLCipher)(void * context, |
| 523 unsigned char * out, |
| 524 int * outlen, |
| 525 int maxout, |
| 526 const unsigned char *in, |
| 527 int inlen); |
| 528 typedef SECStatus (*SSLAEADCipher)( |
| 529 ssl3KeyMaterial * keys, |
| 530 PRBool doDecrypt, |
| 531 unsigned char * out, |
| 532 int * outlen, |
| 533 int maxout, |
| 534 const unsigned char *in, |
| 535 int inlen, |
| 536 SSL3ContentType type, |
| 537 SSL3ProtocolVersion version, |
| 538 SSL3SequenceNumber seqnum); |
| 539 typedef SECStatus (*SSLCompressor)(void * context, |
| 540 unsigned char * out, |
| 541 int * outlen, |
| 542 int maxout, |
| 543 const unsigned char *in, |
| 544 int inlen); |
| 545 typedef SECStatus (*SSLDestroy)(void *context, PRBool freeit); |
| 546 |
534 /* The DTLS anti-replay window. Defined here because we need it in | 547 /* The DTLS anti-replay window. Defined here because we need it in |
535 * the cipher spec. Note that this is a ring buffer but left and | 548 * the cipher spec. Note that this is a ring buffer but left and |
536 * right represent the true window, with modular arithmetic used to | 549 * right represent the true window, with modular arithmetic used to |
537 * map them onto the buffer. | 550 * map them onto the buffer. |
538 */ | 551 */ |
539 #define DTLS_RECVD_RECORDS_WINDOW 1024 /* Packets; approximate | 552 #define DTLS_RECVD_RECORDS_WINDOW 1024 /* Packets; approximate |
540 * Must be divisible by 8 | 553 * Must be divisible by 8 |
541 */ | 554 */ |
542 typedef struct DTLSRecvdRecordsStr { | 555 typedef struct DTLSRecvdRecordsStr { |
543 unsigned char data[DTLS_RECVD_RECORDS_WINDOW/8]; | 556 unsigned char data[DTLS_RECVD_RECORDS_WINDOW/8]; |
544 PRUint64 left; | 557 PRUint64 left; |
545 PRUint64 right; | 558 PRUint64 right; |
546 } DTLSRecvdRecords; | 559 } DTLSRecvdRecords; |
547 | 560 |
548 /* | 561 /* |
549 ** These are the "specs" in the "ssl3" struct. | 562 ** These are the "specs" in the "ssl3" struct. |
550 ** Access to the pointers to these specs, and all the specs' contents | 563 ** Access to the pointers to these specs, and all the specs' contents |
551 ** (direct and indirect) is protected by the reader/writer lock ss->specLock. | 564 ** (direct and indirect) is protected by the reader/writer lock ss->specLock. |
552 */ | 565 */ |
553 typedef struct { | 566 typedef struct { |
554 const ssl3BulkCipherDef *cipher_def; | 567 const ssl3BulkCipherDef *cipher_def; |
555 const ssl3MACDef * mac_def; | 568 const ssl3MACDef * mac_def; |
556 SSLCompressionMethod compression_method; | 569 SSLCompressionMethod compression_method; |
557 int mac_size; | 570 int mac_size; |
558 SSLCipher encode; | 571 SSLCipher encode; |
559 SSLCipher decode; | 572 SSLCipher decode; |
| 573 SSLAEADCipher aead; |
560 SSLDestroy destroy; | 574 SSLDestroy destroy; |
561 void * encodeContext; | 575 void * encodeContext; |
562 void * decodeContext; | 576 void * decodeContext; |
563 SSLCompressor compressor; /* Don't name these fields compress */ | 577 SSLCompressor compressor; /* Don't name these fields compress */ |
564 SSLCompressor decompressor; /* and uncompress because zconf.h */ | 578 SSLCompressor decompressor; /* and uncompress because zconf.h */ |
565 /* may define them as macros. */ | 579 /* may define them as macros. */ |
566 SSLDestroy destroyCompressContext; | 580 SSLDestroy destroyCompressContext; |
567 void * compressContext; | 581 void * compressContext; |
568 SSLDestroy destroyDecompressContext; | 582 SSLDestroy destroyDecompressContext; |
569 void * decompressContext; | 583 void * decompressContext; |
(...skipping 129 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
699 */ | 713 */ |
700 typedef struct { | 714 typedef struct { |
701 SSL3KeyExchangeAlgorithm kea; | 715 SSL3KeyExchangeAlgorithm kea; |
702 SSL3KEAType exchKeyType; | 716 SSL3KEAType exchKeyType; |
703 SSL3SignType signKeyType; | 717 SSL3SignType signKeyType; |
704 PRBool is_limited; | 718 PRBool is_limited; |
705 int key_size_limit; | 719 int key_size_limit; |
706 PRBool tls_keygen; | 720 PRBool tls_keygen; |
707 } ssl3KEADef; | 721 } ssl3KEADef; |
708 | 722 |
709 typedef enum { kg_null, kg_strong, kg_export } SSL3KeyGenMode; | |
710 | |
711 /* | 723 /* |
712 ** There are tables of these, all const. | 724 ** There are tables of these, all const. |
713 */ | 725 */ |
714 struct ssl3BulkCipherDefStr { | 726 struct ssl3BulkCipherDefStr { |
715 SSL3BulkCipher cipher; | 727 SSL3BulkCipher cipher; |
716 SSLCipherAlgorithm calg; | 728 SSLCipherAlgorithm calg; |
717 int key_size; | 729 int key_size; |
718 int secret_key_size; | 730 int secret_key_size; |
719 CipherType type; | 731 CipherType type; |
720 int iv_size; | 732 int iv_size; |
721 int block_size; | 733 int block_size; |
722 SSL3KeyGenMode keygen_mode; | 734 int tag_size; /* authentication tag size for AEAD ciphers. */ |
| 735 int explicit_nonce_size; /* for AEAD ciphers. */ |
723 }; | 736 }; |
724 | 737 |
725 /* | 738 /* |
726 ** There are tables of these, all const. | 739 ** There are tables of these, all const. |
727 */ | 740 */ |
728 struct ssl3MACDefStr { | 741 struct ssl3MACDefStr { |
729 SSL3MACAlgorithm mac; | 742 SSL3MACAlgorithm mac; |
730 CK_MECHANISM_TYPE mmech; | 743 CK_MECHANISM_TYPE mmech; |
731 int pad_size; | 744 int pad_size; |
732 int mac_size; | 745 int mac_size; |
(...skipping 1186 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1919 #if defined(XP_UNIX) || defined(XP_OS2) || defined(XP_BEOS) | 1932 #if defined(XP_UNIX) || defined(XP_OS2) || defined(XP_BEOS) |
1920 #define SSL_GETPID getpid | 1933 #define SSL_GETPID getpid |
1921 #elif defined(WIN32) | 1934 #elif defined(WIN32) |
1922 extern int __cdecl _getpid(void); | 1935 extern int __cdecl _getpid(void); |
1923 #define SSL_GETPID _getpid | 1936 #define SSL_GETPID _getpid |
1924 #else | 1937 #else |
1925 #define SSL_GETPID() 0 | 1938 #define SSL_GETPID() 0 |
1926 #endif | 1939 #endif |
1927 | 1940 |
1928 #endif /* __sslimpl_h_ */ | 1941 #endif /* __sslimpl_h_ */ |
OLD | NEW |