| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * This file is PRIVATE to SSL and should be the first thing included by | 2 * This file is PRIVATE to SSL and should be the first thing included by |
| 3 * any SSL implementation file. | 3 * any SSL implementation file. |
| 4 * | 4 * |
| 5 * This Source Code Form is subject to the terms of the Mozilla Public | 5 * This Source Code Form is subject to the terms of the Mozilla Public |
| 6 * License, v. 2.0. If a copy of the MPL was not distributed with this | 6 * License, v. 2.0. If a copy of the MPL was not distributed with this |
| 7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| 8 | 8 |
| 9 #ifndef __sslimpl_h_ | 9 #ifndef __sslimpl_h_ |
| 10 #define __sslimpl_h_ | 10 #define __sslimpl_h_ |
| (...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 57 #define calg_null ssl_calg_null | 57 #define calg_null ssl_calg_null |
| 58 #define calg_rc4 ssl_calg_rc4 | 58 #define calg_rc4 ssl_calg_rc4 |
| 59 #define calg_rc2 ssl_calg_rc2 | 59 #define calg_rc2 ssl_calg_rc2 |
| 60 #define calg_des ssl_calg_des | 60 #define calg_des ssl_calg_des |
| 61 #define calg_3des ssl_calg_3des | 61 #define calg_3des ssl_calg_3des |
| 62 #define calg_idea ssl_calg_idea | 62 #define calg_idea ssl_calg_idea |
| 63 #define calg_fortezza ssl_calg_fortezza /* deprecated, must preserve */ | 63 #define calg_fortezza ssl_calg_fortezza /* deprecated, must preserve */ |
| 64 #define calg_aes ssl_calg_aes | 64 #define calg_aes ssl_calg_aes |
| 65 #define calg_camellia ssl_calg_camellia | 65 #define calg_camellia ssl_calg_camellia |
| 66 #define calg_seed ssl_calg_seed | 66 #define calg_seed ssl_calg_seed |
| 67 #define calg_aes_gcm ssl_calg_aes_gcm |
| 67 | 68 |
| 68 #define mac_null ssl_mac_null | 69 #define mac_null ssl_mac_null |
| 69 #define mac_md5 ssl_mac_md5 | 70 #define mac_md5 ssl_mac_md5 |
| 70 #define mac_sha ssl_mac_sha | 71 #define mac_sha ssl_mac_sha |
| 71 #define hmac_md5 ssl_hmac_md5 | 72 #define hmac_md5 ssl_hmac_md5 |
| 72 #define hmac_sha ssl_hmac_sha | 73 #define hmac_sha ssl_hmac_sha |
| 73 #define hmac_sha256 ssl_hmac_sha256 | 74 #define hmac_sha256 ssl_hmac_sha256 |
| 74 | 75 |
| 75 #define SET_ERROR_CODE /* reminder */ | 76 #define SET_ERROR_CODE /* reminder */ |
| 76 #define SEND_ALERT /* reminder */ | 77 #define SEND_ALERT /* reminder */ |
| (...skipping 206 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 283 unsigned int isPresent : 1; | 284 unsigned int isPresent : 1; |
| 284 #else | 285 #else |
| 285 ssl3CipherSuite cipher_suite; | 286 ssl3CipherSuite cipher_suite; |
| 286 PRUint8 policy; | 287 PRUint8 policy; |
| 287 unsigned char enabled : 1; | 288 unsigned char enabled : 1; |
| 288 unsigned char isPresent : 1; | 289 unsigned char isPresent : 1; |
| 289 #endif | 290 #endif |
| 290 } ssl3CipherSuiteCfg; | 291 } ssl3CipherSuiteCfg; |
| 291 | 292 |
| 292 #ifdef NSS_ENABLE_ECC | 293 #ifdef NSS_ENABLE_ECC |
| 293 #define ssl_V3_SUITES_IMPLEMENTED 57 | 294 #define ssl_V3_SUITES_IMPLEMENTED 61 |
| 294 #else | 295 #else |
| 295 #define ssl_V3_SUITES_IMPLEMENTED 35 | 296 #define ssl_V3_SUITES_IMPLEMENTED 37 |
| 296 #endif /* NSS_ENABLE_ECC */ | 297 #endif /* NSS_ENABLE_ECC */ |
| 297 | 298 |
| 298 #define MAX_DTLS_SRTP_CIPHER_SUITES 4 | 299 #define MAX_DTLS_SRTP_CIPHER_SUITES 4 |
| 299 | 300 |
| 300 typedef struct sslOptionsStr { | 301 typedef struct sslOptionsStr { |
| 301 /* If SSL_SetNextProtoNego has been called, then this contains the | 302 /* If SSL_SetNextProtoNego has been called, then this contains the |
| 302 * list of supported protocols. */ | 303 * list of supported protocols. */ |
| 303 SECItem nextProtoNego; | 304 SECItem nextProtoNego; |
| 304 | 305 |
| 305 unsigned int useSecurity : 1; /* 1 */ | 306 unsigned int useSecurity : 1; /* 1 */ |
| (...skipping 127 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 433 unsigned int dtlsPacketOffset; | 434 unsigned int dtlsPacketOffset; |
| 434 }; | 435 }; |
| 435 | 436 |
| 436 /* sslGather.state */ | 437 /* sslGather.state */ |
| 437 #define GS_INIT 0 | 438 #define GS_INIT 0 |
| 438 #define GS_HEADER 1 | 439 #define GS_HEADER 1 |
| 439 #define GS_MAC 2 | 440 #define GS_MAC 2 |
| 440 #define GS_DATA 3 | 441 #define GS_DATA 3 |
| 441 #define GS_PAD 4 | 442 #define GS_PAD 4 |
| 442 | 443 |
| 443 typedef SECStatus (*SSLCipher)(void * context, | |
| 444 unsigned char * out, | |
| 445 int * outlen, | |
| 446 int maxout, | |
| 447 const unsigned char *in, | |
| 448 int inlen); | |
| 449 typedef SECStatus (*SSLCompressor)(void * context, | |
| 450 unsigned char * out, | |
| 451 int * outlen, | |
| 452 int maxout, | |
| 453 const unsigned char *in, | |
| 454 int inlen); | |
| 455 typedef SECStatus (*SSLDestroy)(void *context, PRBool freeit); | |
| 456 | |
| 457 #if defined(NSS_PLATFORM_CLIENT_AUTH) && defined(XP_WIN32) | 444 #if defined(NSS_PLATFORM_CLIENT_AUTH) && defined(XP_WIN32) |
| 458 typedef PCERT_KEY_CONTEXT PlatformKey; | 445 typedef PCERT_KEY_CONTEXT PlatformKey; |
| 459 #elif defined(NSS_PLATFORM_CLIENT_AUTH) && defined(XP_MACOSX) | 446 #elif defined(NSS_PLATFORM_CLIENT_AUTH) && defined(XP_MACOSX) |
| 460 typedef SecKeyRef PlatformKey; | 447 typedef SecKeyRef PlatformKey; |
| 461 #else | 448 #else |
| 462 typedef void *PlatformKey; | 449 typedef void *PlatformKey; |
| 463 #endif | 450 #endif |
| 464 | 451 |
| 465 | 452 |
| 466 | 453 |
| (...skipping 11 matching lines...) Expand all Loading... |
| 478 cipher_rc2_40, | 465 cipher_rc2_40, |
| 479 cipher_des, | 466 cipher_des, |
| 480 cipher_3des, | 467 cipher_3des, |
| 481 cipher_des40, | 468 cipher_des40, |
| 482 cipher_idea, | 469 cipher_idea, |
| 483 cipher_aes_128, | 470 cipher_aes_128, |
| 484 cipher_aes_256, | 471 cipher_aes_256, |
| 485 cipher_camellia_128, | 472 cipher_camellia_128, |
| 486 cipher_camellia_256, | 473 cipher_camellia_256, |
| 487 cipher_seed, | 474 cipher_seed, |
| 475 cipher_aes_128_gcm, |
| 488 cipher_missing /* reserved for no such supported cipher */ | 476 cipher_missing /* reserved for no such supported cipher */ |
| 489 /* This enum must match ssl3_cipherName[] in ssl3con.c. */ | 477 /* This enum must match ssl3_cipherName[] in ssl3con.c. */ |
| 490 } SSL3BulkCipher; | 478 } SSL3BulkCipher; |
| 491 | 479 |
| 492 typedef enum { type_stream, type_block } CipherType; | 480 typedef enum { type_stream, type_block, type_aead } CipherType; |
| 493 | 481 |
| 494 #define MAX_IV_LENGTH 24 | 482 #define MAX_IV_LENGTH 24 |
| 495 | 483 |
| 496 /* | 484 /* |
| 497 * Do not depend upon 64 bit arithmetic in the underlying machine. | 485 * Do not depend upon 64 bit arithmetic in the underlying machine. |
| 498 */ | 486 */ |
| 499 typedef struct { | 487 typedef struct { |
| 500 PRUint32 high; | 488 PRUint32 high; |
| 501 PRUint32 low; | 489 PRUint32 low; |
| 502 } SSL3SequenceNumber; | 490 } SSL3SequenceNumber; |
| (...skipping 21 matching lines...) Expand all Loading... |
| 524 PK11SymKey *write_key; | 512 PK11SymKey *write_key; |
| 525 PK11SymKey *write_mac_key; | 513 PK11SymKey *write_mac_key; |
| 526 PK11Context *write_mac_context; | 514 PK11Context *write_mac_context; |
| 527 SECItem write_key_item; | 515 SECItem write_key_item; |
| 528 SECItem write_iv_item; | 516 SECItem write_iv_item; |
| 529 SECItem write_mac_key_item; | 517 SECItem write_mac_key_item; |
| 530 SSL3Opaque write_iv[MAX_IV_LENGTH]; | 518 SSL3Opaque write_iv[MAX_IV_LENGTH]; |
| 531 PRUint64 cipher_context[MAX_CIPHER_CONTEXT_LLONGS]; | 519 PRUint64 cipher_context[MAX_CIPHER_CONTEXT_LLONGS]; |
| 532 } ssl3KeyMaterial; | 520 } ssl3KeyMaterial; |
| 533 | 521 |
| 522 typedef SECStatus (*SSLCipher)(void * context, |
| 523 unsigned char * out, |
| 524 int * outlen, |
| 525 int maxout, |
| 526 const unsigned char *in, |
| 527 int inlen); |
| 528 typedef SECStatus (*SSLAEADCipher)( |
| 529 ssl3KeyMaterial * keys, |
| 530 PRBool doDecrypt, |
| 531 unsigned char * out, |
| 532 int * outlen, |
| 533 int maxout, |
| 534 const unsigned char *in, |
| 535 int inlen, |
| 536 SSL3ContentType type, |
| 537 SSL3ProtocolVersion version, |
| 538 SSL3SequenceNumber seqnum); |
| 539 typedef SECStatus (*SSLCompressor)(void * context, |
| 540 unsigned char * out, |
| 541 int * outlen, |
| 542 int maxout, |
| 543 const unsigned char *in, |
| 544 int inlen); |
| 545 typedef SECStatus (*SSLDestroy)(void *context, PRBool freeit); |
| 546 |
| 534 /* The DTLS anti-replay window. Defined here because we need it in | 547 /* The DTLS anti-replay window. Defined here because we need it in |
| 535 * the cipher spec. Note that this is a ring buffer but left and | 548 * the cipher spec. Note that this is a ring buffer but left and |
| 536 * right represent the true window, with modular arithmetic used to | 549 * right represent the true window, with modular arithmetic used to |
| 537 * map them onto the buffer. | 550 * map them onto the buffer. |
| 538 */ | 551 */ |
| 539 #define DTLS_RECVD_RECORDS_WINDOW 1024 /* Packets; approximate | 552 #define DTLS_RECVD_RECORDS_WINDOW 1024 /* Packets; approximate |
| 540 * Must be divisible by 8 | 553 * Must be divisible by 8 |
| 541 */ | 554 */ |
| 542 typedef struct DTLSRecvdRecordsStr { | 555 typedef struct DTLSRecvdRecordsStr { |
| 543 unsigned char data[DTLS_RECVD_RECORDS_WINDOW/8]; | 556 unsigned char data[DTLS_RECVD_RECORDS_WINDOW/8]; |
| 544 PRUint64 left; | 557 PRUint64 left; |
| 545 PRUint64 right; | 558 PRUint64 right; |
| 546 } DTLSRecvdRecords; | 559 } DTLSRecvdRecords; |
| 547 | 560 |
| 548 /* | 561 /* |
| 549 ** These are the "specs" in the "ssl3" struct. | 562 ** These are the "specs" in the "ssl3" struct. |
| 550 ** Access to the pointers to these specs, and all the specs' contents | 563 ** Access to the pointers to these specs, and all the specs' contents |
| 551 ** (direct and indirect) is protected by the reader/writer lock ss->specLock. | 564 ** (direct and indirect) is protected by the reader/writer lock ss->specLock. |
| 552 */ | 565 */ |
| 553 typedef struct { | 566 typedef struct { |
| 554 const ssl3BulkCipherDef *cipher_def; | 567 const ssl3BulkCipherDef *cipher_def; |
| 555 const ssl3MACDef * mac_def; | 568 const ssl3MACDef * mac_def; |
| 556 SSLCompressionMethod compression_method; | 569 SSLCompressionMethod compression_method; |
| 557 int mac_size; | 570 int mac_size; |
| 558 SSLCipher encode; | 571 SSLCipher encode; |
| 559 SSLCipher decode; | 572 SSLCipher decode; |
| 573 SSLAEADCipher aead; |
| 560 SSLDestroy destroy; | 574 SSLDestroy destroy; |
| 561 void * encodeContext; | 575 void * encodeContext; |
| 562 void * decodeContext; | 576 void * decodeContext; |
| 563 SSLCompressor compressor; /* Don't name these fields compress */ | 577 SSLCompressor compressor; /* Don't name these fields compress */ |
| 564 SSLCompressor decompressor; /* and uncompress because zconf.h */ | 578 SSLCompressor decompressor; /* and uncompress because zconf.h */ |
| 565 /* may define them as macros. */ | 579 /* may define them as macros. */ |
| 566 SSLDestroy destroyCompressContext; | 580 SSLDestroy destroyCompressContext; |
| 567 void * compressContext; | 581 void * compressContext; |
| 568 SSLDestroy destroyDecompressContext; | 582 SSLDestroy destroyDecompressContext; |
| 569 void * decompressContext; | 583 void * decompressContext; |
| (...skipping 129 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 699 */ | 713 */ |
| 700 typedef struct { | 714 typedef struct { |
| 701 SSL3KeyExchangeAlgorithm kea; | 715 SSL3KeyExchangeAlgorithm kea; |
| 702 SSL3KEAType exchKeyType; | 716 SSL3KEAType exchKeyType; |
| 703 SSL3SignType signKeyType; | 717 SSL3SignType signKeyType; |
| 704 PRBool is_limited; | 718 PRBool is_limited; |
| 705 int key_size_limit; | 719 int key_size_limit; |
| 706 PRBool tls_keygen; | 720 PRBool tls_keygen; |
| 707 } ssl3KEADef; | 721 } ssl3KEADef; |
| 708 | 722 |
| 709 typedef enum { kg_null, kg_strong, kg_export } SSL3KeyGenMode; | |
| 710 | |
| 711 /* | 723 /* |
| 712 ** There are tables of these, all const. | 724 ** There are tables of these, all const. |
| 713 */ | 725 */ |
| 714 struct ssl3BulkCipherDefStr { | 726 struct ssl3BulkCipherDefStr { |
| 715 SSL3BulkCipher cipher; | 727 SSL3BulkCipher cipher; |
| 716 SSLCipherAlgorithm calg; | 728 SSLCipherAlgorithm calg; |
| 717 int key_size; | 729 int key_size; |
| 718 int secret_key_size; | 730 int secret_key_size; |
| 719 CipherType type; | 731 CipherType type; |
| 720 int iv_size; | 732 int iv_size; |
| 721 int block_size; | 733 int block_size; |
| 722 SSL3KeyGenMode keygen_mode; | 734 int tag_size; /* authentication tag size for AEAD ciphers. */ |
| 735 int explicit_nonce_size; /* for AEAD ciphers. */ |
| 723 }; | 736 }; |
| 724 | 737 |
| 725 /* | 738 /* |
| 726 ** There are tables of these, all const. | 739 ** There are tables of these, all const. |
| 727 */ | 740 */ |
| 728 struct ssl3MACDefStr { | 741 struct ssl3MACDefStr { |
| 729 SSL3MACAlgorithm mac; | 742 SSL3MACAlgorithm mac; |
| 730 CK_MECHANISM_TYPE mmech; | 743 CK_MECHANISM_TYPE mmech; |
| 731 int pad_size; | 744 int pad_size; |
| 732 int mac_size; | 745 int mac_size; |
| (...skipping 1186 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1919 #if defined(XP_UNIX) || defined(XP_OS2) || defined(XP_BEOS) | 1932 #if defined(XP_UNIX) || defined(XP_OS2) || defined(XP_BEOS) |
| 1920 #define SSL_GETPID getpid | 1933 #define SSL_GETPID getpid |
| 1921 #elif defined(WIN32) | 1934 #elif defined(WIN32) |
| 1922 extern int __cdecl _getpid(void); | 1935 extern int __cdecl _getpid(void); |
| 1923 #define SSL_GETPID _getpid | 1936 #define SSL_GETPID _getpid |
| 1924 #else | 1937 #else |
| 1925 #define SSL_GETPID() 0 | 1938 #define SSL_GETPID() 0 |
| 1926 #endif | 1939 #endif |
| 1927 | 1940 |
| 1928 #endif /* __sslimpl_h_ */ | 1941 #endif /* __sslimpl_h_ */ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 21696002:
Implement the AES GCM cipher suites for TLS. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/