Make the AES-GCM cipher suites work in DTLS, by moving the

net/third_party/nss/ssl/sslt.h

 /*
  * This file contains prototypes for the public SSL functions.
  *
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #ifndef __sslt_h_
 #define __sslt_h_
 
@@ skipping 85 matching lines @@
     ssl_calg_seed     = 9,
     ssl_calg_aes_gcm  = 10
 } SSLCipherAlgorithm;
 
 typedef enum { 
     ssl_mac_null      = 0, 
     ssl_mac_md5       = 1, 
     ssl_mac_sha       = 2, 
     ssl_hmac_md5      = 3,      /* TLS HMAC version of mac_md5 */
     ssl_hmac_sha      = 4,      /* TLS HMAC version of mac_sha */
-    ssl_hmac_sha256   = 5
+    ssl_hmac_sha256   = 5,
+    ssl_hmac_sha384   = 6,
+    ssl_hmac_sha512   = 7,

[wtc, 2013/08/17 00:21:15]

Question: to be future-proof, I added ssl_hmac_sha384 and ssl_hmac_sha512.
The sslt.h header is a public header, so the values of these enums cannot
change.

But, given our current opinion of HMAC-SHA256 ciphers, it seems unlikely
that we will implement HMAC-SHA384 ciphers. (I don't know of any
HMAC-SHA512 ciphers.) So perhaps I should not reserve the enums for
ssl_hmac_sha384 and ssl_hmac_sha512 now. What do you think?

Reserving these two enums resulted in two extra entries in the mac_defs
array in ssl3con.c, because that array is indexed by this enum type.

[Ryan Sleevi, 2013/08/17 02:00:23]

My preference would be not to introduce them until they're actually used, and to
deal with the asymmetry then. Given all the performance concerns, and Keccak, it
does seem unlikely to see these used or to provide significant value.

[wtc, 2013/08/19 23:31:56]

Done.

+    ssl_mac_aead      = 8
 } SSLMACAlgorithm;
 
 typedef enum {
     ssl_compression_null = 0,
     ssl_compression_deflate = 1  /* RFC 3749 */
 } SSLCompressionMethod;
 
 typedef struct SSLChannelInfoStr {
     PRUint32             length;
     PRUint16             protocolVersion;
@@ skipping 35 matching lines @@
     SSLKEAType           keaType;
 
     /* symmetric encryption info */
     const char *         symCipherName;
     SSLCipherAlgorithm   symCipher;
     PRUint16             symKeyBits;
     PRUint16             symKeySpace;
     PRUint16             effectiveKeyBits;
 
     /* MAC info */
+    /* AEAD ciphers don't have a MAC. For an AEAD cipher, macAlgorithmName
+     * is "AEAD", macAlgorithm is ssl_mac_aead, and macBits is the length in
+     * bits of the authentication tag. */
     const char *         macAlgorithmName;
     SSLMACAlgorithm      macAlgorithm;
     PRUint16             macBits;
 
     PRUintn              isFIPS       : 1;
     PRUintn              isExportable : 1;
     PRUintn              nonStandard  : 1;
     PRUintn              reservedBits :29;
 
 } SSLCipherSuiteInfo;
@@ skipping 27 matching lines @@
     ssl_app_layer_protocol_xtn       = 16,
     ssl_session_ticket_xtn           = 35,
     ssl_next_proto_nego_xtn          = 13172,
     ssl_channel_id_xtn               = 30031,
     ssl_renegotiation_info_xtn       = 0xff01   /* experimental number */
 } SSLExtensionType;
 
 #define SSL_MAX_EXTENSIONS             11
 
 #endif /* __sslt_h_ */