The Tor Browser / file comparison

comparison: security/nss/lib/ssl/ssl3prot.h

security/nss/lib/ssl/ssl3prot.h

branch
TOR_BUG_9701
changeset 15
b8a032363ba2
equal deleted inserted replaced
-1:000000000000 0:aade69092c5a
1 /* Private header file of libSSL.
2 * Various and sundry protocol constants. DON'T CHANGE THESE. These
3 * values are defined by the SSL 3.0 protocol specification.
4 *
5 * This Source Code Form is subject to the terms of the Mozilla Public
6 * License, v. 2.0. If a copy of the MPL was not distributed with this
7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
8
9 #ifndef __ssl3proto_h_
10 #define __ssl3proto_h_
11
12 typedef PRUint8 SSL3Opaque;
13
14 typedef PRUint16 SSL3ProtocolVersion;
15 /* version numbers are defined in sslproto.h */
16
17 typedef PRUint16 ssl3CipherSuite;
18 /* The cipher suites are defined in sslproto.h */
19
20 #define MAX_CERT_TYPES 10
21 #define MAX_COMPRESSION_METHODS 10
22 #define MAX_MAC_LENGTH 64
23 #define MAX_PADDING_LENGTH 64
24 #define MAX_KEY_LENGTH 64
25 #define EXPORT_KEY_LENGTH 5
26 #define SSL3_RANDOM_LENGTH 32
27
28 #define SSL3_RECORD_HEADER_LENGTH 5
29
30 /* SSL3_RECORD_HEADER_LENGTH + epoch/sequence_number */
31 #define DTLS_RECORD_HEADER_LENGTH 13
32
33 #define MAX_FRAGMENT_LENGTH 16384
34
35 typedef enum {
36 content_change_cipher_spec = 20,
37 content_alert = 21,
38 content_handshake = 22,
39 content_application_data = 23
40 } SSL3ContentType;
41
42 typedef struct {
43 SSL3ContentType type;
44 SSL3ProtocolVersion version;
45 PRUint16 length;
46 SECItem fragment;
47 } SSL3Plaintext;
48
49 typedef struct {
50 SSL3ContentType type;
51 SSL3ProtocolVersion version;
52 PRUint16 length;
53 SECItem fragment;
54 } SSL3Compressed;
55
56 typedef struct {
57 SECItem content;
58 SSL3Opaque MAC[MAX_MAC_LENGTH];
59 } SSL3GenericStreamCipher;
60
61 typedef struct {
62 SECItem content;
63 SSL3Opaque MAC[MAX_MAC_LENGTH];
64 PRUint8 padding[MAX_PADDING_LENGTH];
65 PRUint8 padding_length;
66 } SSL3GenericBlockCipher;
67
68 typedef enum { change_cipher_spec_choice = 1 } SSL3ChangeCipherSpecChoice;
69
70 typedef struct {
71 SSL3ChangeCipherSpecChoice choice;
72 } SSL3ChangeCipherSpec;
73
74 typedef enum { alert_warning = 1, alert_fatal = 2 } SSL3AlertLevel;
75
76 typedef enum {
77 close_notify = 0,
78 unexpected_message = 10,
79 bad_record_mac = 20,
80 decryption_failed_RESERVED = 21, /* do not send; see RFC 5246 */
81 record_overflow = 22, /* TLS only */
82 decompression_failure = 30,
83 handshake_failure = 40,
84 no_certificate = 41, /* SSL3 only, NOT TLS */
85 bad_certificate = 42,
86 unsupported_certificate = 43,
87 certificate_revoked = 44,
88 certificate_expired = 45,
89 certificate_unknown = 46,
90 illegal_parameter = 47,
91
92 /* All alerts below are TLS only. */
93 unknown_ca = 48,
94 access_denied = 49,
95 decode_error = 50,
96 decrypt_error = 51,
97 export_restriction = 60,
98 protocol_version = 70,
99 insufficient_security = 71,
100 internal_error = 80,
101 inappropriate_fallback = 86, /* could also be sent for SSLv3 */
102 user_canceled = 90,
103 no_renegotiation = 100,
104
105 /* Alerts for client hello extensions */
106 unsupported_extension = 110,
107 certificate_unobtainable = 111,
108 unrecognized_name = 112,
109 bad_certificate_status_response = 113,
110 bad_certificate_hash_value = 114,
111 no_application_protocol = 120
112
113 } SSL3AlertDescription;
114
115 typedef struct {
116 SSL3AlertLevel level;
117 SSL3AlertDescription description;
118 } SSL3Alert;
119
120 typedef enum {
121 hello_request = 0,
122 client_hello = 1,
123 server_hello = 2,
124 hello_verify_request = 3,
125 new_session_ticket = 4,
126 certificate = 11,
127 server_key_exchange = 12,
128 certificate_request = 13,
129 server_hello_done = 14,
130 certificate_verify = 15,
131 client_key_exchange = 16,
132 finished = 20,
133 certificate_status = 22,
134 next_proto = 67
135 } SSL3HandshakeType;
136
137 typedef struct {
138 PRUint8 empty;
139 } SSL3HelloRequest;
140
141 typedef struct {
142 SSL3Opaque rand[SSL3_RANDOM_LENGTH];
143 } SSL3Random;
144
145 typedef struct {
146 SSL3Opaque id[32];
147 PRUint8 length;
148 } SSL3SessionID;
149
150 typedef struct {
151 SSL3ProtocolVersion client_version;
152 SSL3Random random;
153 SSL3SessionID session_id;
154 SECItem cipher_suites;
155 PRUint8 cm_count;
156 SSLCompressionMethod compression_methods[MAX_COMPRESSION_METHODS];
157 } SSL3ClientHello;
158
159 typedef struct {
160 SSL3ProtocolVersion server_version;
161 SSL3Random random;
162 SSL3SessionID session_id;
163 ssl3CipherSuite cipher_suite;
164 SSLCompressionMethod compression_method;
165 } SSL3ServerHello;
166
167 typedef struct {
168 SECItem list;
169 } SSL3Certificate;
170
171 /* SSL3SignType moved to ssl.h */
172
173 /* The SSL key exchange method used */
174 typedef enum {
175 kea_null,
176 kea_rsa,
177 kea_rsa_export,
178 kea_rsa_export_1024,
179 kea_dh_dss,
180 kea_dh_dss_export,
181 kea_dh_rsa,
182 kea_dh_rsa_export,
183 kea_dhe_dss,
184 kea_dhe_dss_export,
185 kea_dhe_rsa,
186 kea_dhe_rsa_export,
187 kea_dh_anon,
188 kea_dh_anon_export,
189 kea_rsa_fips,
190 kea_ecdh_ecdsa,
191 kea_ecdhe_ecdsa,
192 kea_ecdh_rsa,
193 kea_ecdhe_rsa,
194 kea_ecdh_anon
195 } SSL3KeyExchangeAlgorithm;
196
197 typedef struct {
198 SECItem modulus;
199 SECItem exponent;
200 } SSL3ServerRSAParams;
201
202 typedef struct {
203 SECItem p;
204 SECItem g;
205 SECItem Ys;
206 } SSL3ServerDHParams;
207
208 typedef struct {
209 union {
210 SSL3ServerDHParams dh;
211 SSL3ServerRSAParams rsa;
212 } u;
213 } SSL3ServerParams;
214
215 /* This enum reflects HashAlgorithm enum from
216 * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1
217 *
218 * When updating, be sure to also update ssl3_TLSHashAlgorithmToOID. */
219 enum {
220 tls_hash_md5 = 1,
221 tls_hash_sha1 = 2,
222 tls_hash_sha224 = 3,
223 tls_hash_sha256 = 4,
224 tls_hash_sha384 = 5,
225 tls_hash_sha512 = 6
226 };
227
228 /* This enum reflects SignatureAlgorithm enum from
229 * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */
230 typedef enum {
231 tls_sig_rsa = 1,
232 tls_sig_dsa = 2,
233 tls_sig_ecdsa = 3
234 } TLSSignatureAlgorithm;
235
236 typedef struct {
237 SECOidTag hashAlg;
238 TLSSignatureAlgorithm sigAlg;
239 } SSL3SignatureAndHashAlgorithm;
240
241 /* SSL3HashesIndividually contains a combination MD5/SHA1 hash, as used in TLS
242 * prior to 1.2. */
243 typedef struct {
244 PRUint8 md5[16];
245 PRUint8 sha[20];
246 } SSL3HashesIndividually;
247
248 /* SSL3Hashes contains an SSL hash value. The digest is contained in |u.raw|
249 * which, if |hashAlg==SEC_OID_UNKNOWN| is also a SSL3HashesIndividually
250 * struct. */
251 typedef struct {
252 unsigned int len;
253 SECOidTag hashAlg;
254 union {
255 PRUint8 raw[64];
256 SSL3HashesIndividually s;
257 } u;
258 } SSL3Hashes;
259
260 typedef struct {
261 union {
262 SSL3Opaque anonymous;
263 SSL3Hashes certified;
264 } u;
265 } SSL3ServerKeyExchange;
266
267 typedef enum {
268 ct_RSA_sign = 1,
269 ct_DSS_sign = 2,
270 ct_RSA_fixed_DH = 3,
271 ct_DSS_fixed_DH = 4,
272 ct_RSA_ephemeral_DH = 5,
273 ct_DSS_ephemeral_DH = 6,
274 ct_ECDSA_sign = 64,
275 ct_RSA_fixed_ECDH = 65,
276 ct_ECDSA_fixed_ECDH = 66
277
278 } SSL3ClientCertificateType;
279
280 typedef SECItem *SSL3DistinquishedName;
281
282 typedef struct {
283 SSL3Opaque client_version[2];
284 SSL3Opaque random[46];
285 } SSL3RSAPreMasterSecret;
286
287 typedef SECItem SSL3EncryptedPreMasterSecret;
288
289
290 typedef SSL3Opaque SSL3MasterSecret[48];
291
292 typedef enum { implicit, explicit } SSL3PublicValueEncoding;
293
294 typedef struct {
295 union {
296 SSL3Opaque implicit;
297 SECItem explicit;
298 } dh_public;
299 } SSL3ClientDiffieHellmanPublic;
300
301 typedef struct {
302 union {
303 SSL3EncryptedPreMasterSecret rsa;
304 SSL3ClientDiffieHellmanPublic diffie_helman;
305 } exchange_keys;
306 } SSL3ClientKeyExchange;
307
308 typedef SSL3Hashes SSL3PreSignedCertificateVerify;
309
310 typedef SECItem SSL3CertificateVerify;
311
312 typedef enum {
313 sender_client = 0x434c4e54,
314 sender_server = 0x53525652
315 } SSL3Sender;
316
317 typedef SSL3HashesIndividually SSL3Finished;
318
319 typedef struct {
320 SSL3Opaque verify_data[12];
321 } TLSFinished;
322
323 /*
324 * TLS extension related data structures and constants.
325 */
326
327 /* SessionTicket extension related data structures. */
328
329 /* NewSessionTicket handshake message. */
330 typedef struct {
331 PRUint32 received_timestamp;
332 PRUint32 ticket_lifetime_hint;
333 SECItem ticket;
334 } NewSessionTicket;
335
336 typedef enum {
337 CLIENT_AUTH_ANONYMOUS = 0,
338 CLIENT_AUTH_CERTIFICATE = 1
339 } ClientAuthenticationType;
340
341 typedef struct {
342 ClientAuthenticationType client_auth_type;
343 union {
344 SSL3Opaque *certificate_list;
345 } identity;
346 } ClientIdentity;
347
348 #define SESS_TICKET_KEY_NAME_LEN 16
349 #define SESS_TICKET_KEY_NAME_PREFIX "NSS!"
350 #define SESS_TICKET_KEY_NAME_PREFIX_LEN 4
351 #define SESS_TICKET_KEY_VAR_NAME_LEN 12
352
353 typedef struct {
354 unsigned char *key_name;
355 unsigned char *iv;
356 SECItem encrypted_state;
357 unsigned char *mac;
358 } EncryptedSessionTicket;
359
360 #define TLS_EX_SESS_TICKET_MAC_LENGTH 32
361
362 #define TLS_STE_NO_SERVER_NAME -1
363
364 #endif /* __ssl3proto_h_ */

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial