1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/nss/lib/ssl/ssl3prot.h Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,364 @@
1.4 +/* Private header file of libSSL.
1.5 + * Various and sundry protocol constants. DON'T CHANGE THESE. These
1.6 + * values are defined by the SSL 3.0 protocol specification.
1.7 + *
1.8 + * This Source Code Form is subject to the terms of the Mozilla Public
1.9 + * License, v. 2.0. If a copy of the MPL was not distributed with this
1.10 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
1.11 +
1.12 +#ifndef __ssl3proto_h_
1.13 +#define __ssl3proto_h_
1.14 +
1.15 +typedef PRUint8 SSL3Opaque;
1.16 +
1.17 +typedef PRUint16 SSL3ProtocolVersion;
1.18 +/* version numbers are defined in sslproto.h */
1.19 +
1.20 +typedef PRUint16 ssl3CipherSuite;
1.21 +/* The cipher suites are defined in sslproto.h */
1.22 +
1.23 +#define MAX_CERT_TYPES 10
1.24 +#define MAX_COMPRESSION_METHODS 10
1.25 +#define MAX_MAC_LENGTH 64
1.26 +#define MAX_PADDING_LENGTH 64
1.27 +#define MAX_KEY_LENGTH 64
1.28 +#define EXPORT_KEY_LENGTH 5
1.29 +#define SSL3_RANDOM_LENGTH 32
1.30 +
1.31 +#define SSL3_RECORD_HEADER_LENGTH 5
1.32 +
1.33 +/* SSL3_RECORD_HEADER_LENGTH + epoch/sequence_number */
1.34 +#define DTLS_RECORD_HEADER_LENGTH 13
1.35 +
1.36 +#define MAX_FRAGMENT_LENGTH 16384
1.37 +
1.38 +typedef enum {
1.39 + content_change_cipher_spec = 20,
1.40 + content_alert = 21,
1.41 + content_handshake = 22,
1.42 + content_application_data = 23
1.43 +} SSL3ContentType;
1.44 +
1.45 +typedef struct {
1.46 + SSL3ContentType type;
1.47 + SSL3ProtocolVersion version;
1.48 + PRUint16 length;
1.49 + SECItem fragment;
1.50 +} SSL3Plaintext;
1.51 +
1.52 +typedef struct {
1.53 + SSL3ContentType type;
1.54 + SSL3ProtocolVersion version;
1.55 + PRUint16 length;
1.56 + SECItem fragment;
1.57 +} SSL3Compressed;
1.58 +
1.59 +typedef struct {
1.60 + SECItem content;
1.61 + SSL3Opaque MAC[MAX_MAC_LENGTH];
1.62 +} SSL3GenericStreamCipher;
1.63 +
1.64 +typedef struct {
1.65 + SECItem content;
1.66 + SSL3Opaque MAC[MAX_MAC_LENGTH];
1.67 + PRUint8 padding[MAX_PADDING_LENGTH];
1.68 + PRUint8 padding_length;
1.69 +} SSL3GenericBlockCipher;
1.70 +
1.71 +typedef enum { change_cipher_spec_choice = 1 } SSL3ChangeCipherSpecChoice;
1.72 +
1.73 +typedef struct {
1.74 + SSL3ChangeCipherSpecChoice choice;
1.75 +} SSL3ChangeCipherSpec;
1.76 +
1.77 +typedef enum { alert_warning = 1, alert_fatal = 2 } SSL3AlertLevel;
1.78 +
1.79 +typedef enum {
1.80 + close_notify = 0,
1.81 + unexpected_message = 10,
1.82 + bad_record_mac = 20,
1.83 + decryption_failed_RESERVED = 21, /* do not send; see RFC 5246 */
1.84 + record_overflow = 22, /* TLS only */
1.85 + decompression_failure = 30,
1.86 + handshake_failure = 40,
1.87 + no_certificate = 41, /* SSL3 only, NOT TLS */
1.88 + bad_certificate = 42,
1.89 + unsupported_certificate = 43,
1.90 + certificate_revoked = 44,
1.91 + certificate_expired = 45,
1.92 + certificate_unknown = 46,
1.93 + illegal_parameter = 47,
1.94 +
1.95 +/* All alerts below are TLS only. */
1.96 + unknown_ca = 48,
1.97 + access_denied = 49,
1.98 + decode_error = 50,
1.99 + decrypt_error = 51,
1.100 + export_restriction = 60,
1.101 + protocol_version = 70,
1.102 + insufficient_security = 71,
1.103 + internal_error = 80,
1.104 + inappropriate_fallback = 86, /* could also be sent for SSLv3 */
1.105 + user_canceled = 90,
1.106 + no_renegotiation = 100,
1.107 +
1.108 +/* Alerts for client hello extensions */
1.109 + unsupported_extension = 110,
1.110 + certificate_unobtainable = 111,
1.111 + unrecognized_name = 112,
1.112 + bad_certificate_status_response = 113,
1.113 + bad_certificate_hash_value = 114,
1.114 + no_application_protocol = 120
1.115 +
1.116 +} SSL3AlertDescription;
1.117 +
1.118 +typedef struct {
1.119 + SSL3AlertLevel level;
1.120 + SSL3AlertDescription description;
1.121 +} SSL3Alert;
1.122 +
1.123 +typedef enum {
1.124 + hello_request = 0,
1.125 + client_hello = 1,
1.126 + server_hello = 2,
1.127 + hello_verify_request = 3,
1.128 + new_session_ticket = 4,
1.129 + certificate = 11,
1.130 + server_key_exchange = 12,
1.131 + certificate_request = 13,
1.132 + server_hello_done = 14,
1.133 + certificate_verify = 15,
1.134 + client_key_exchange = 16,
1.135 + finished = 20,
1.136 + certificate_status = 22,
1.137 + next_proto = 67
1.138 +} SSL3HandshakeType;
1.139 +
1.140 +typedef struct {
1.141 + PRUint8 empty;
1.142 +} SSL3HelloRequest;
1.143 +
1.144 +typedef struct {
1.145 + SSL3Opaque rand[SSL3_RANDOM_LENGTH];
1.146 +} SSL3Random;
1.147 +
1.148 +typedef struct {
1.149 + SSL3Opaque id[32];
1.150 + PRUint8 length;
1.151 +} SSL3SessionID;
1.152 +
1.153 +typedef struct {
1.154 + SSL3ProtocolVersion client_version;
1.155 + SSL3Random random;
1.156 + SSL3SessionID session_id;
1.157 + SECItem cipher_suites;
1.158 + PRUint8 cm_count;
1.159 + SSLCompressionMethod compression_methods[MAX_COMPRESSION_METHODS];
1.160 +} SSL3ClientHello;
1.161 +
1.162 +typedef struct {
1.163 + SSL3ProtocolVersion server_version;
1.164 + SSL3Random random;
1.165 + SSL3SessionID session_id;
1.166 + ssl3CipherSuite cipher_suite;
1.167 + SSLCompressionMethod compression_method;
1.168 +} SSL3ServerHello;
1.169 +
1.170 +typedef struct {
1.171 + SECItem list;
1.172 +} SSL3Certificate;
1.173 +
1.174 +/* SSL3SignType moved to ssl.h */
1.175 +
1.176 +/* The SSL key exchange method used */
1.177 +typedef enum {
1.178 + kea_null,
1.179 + kea_rsa,
1.180 + kea_rsa_export,
1.181 + kea_rsa_export_1024,
1.182 + kea_dh_dss,
1.183 + kea_dh_dss_export,
1.184 + kea_dh_rsa,
1.185 + kea_dh_rsa_export,
1.186 + kea_dhe_dss,
1.187 + kea_dhe_dss_export,
1.188 + kea_dhe_rsa,
1.189 + kea_dhe_rsa_export,
1.190 + kea_dh_anon,
1.191 + kea_dh_anon_export,
1.192 + kea_rsa_fips,
1.193 + kea_ecdh_ecdsa,
1.194 + kea_ecdhe_ecdsa,
1.195 + kea_ecdh_rsa,
1.196 + kea_ecdhe_rsa,
1.197 + kea_ecdh_anon
1.198 +} SSL3KeyExchangeAlgorithm;
1.199 +
1.200 +typedef struct {
1.201 + SECItem modulus;
1.202 + SECItem exponent;
1.203 +} SSL3ServerRSAParams;
1.204 +
1.205 +typedef struct {
1.206 + SECItem p;
1.207 + SECItem g;
1.208 + SECItem Ys;
1.209 +} SSL3ServerDHParams;
1.210 +
1.211 +typedef struct {
1.212 + union {
1.213 + SSL3ServerDHParams dh;
1.214 + SSL3ServerRSAParams rsa;
1.215 + } u;
1.216 +} SSL3ServerParams;
1.217 +
1.218 +/* This enum reflects HashAlgorithm enum from
1.219 + * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1
1.220 + *
1.221 + * When updating, be sure to also update ssl3_TLSHashAlgorithmToOID. */
1.222 +enum {
1.223 + tls_hash_md5 = 1,
1.224 + tls_hash_sha1 = 2,
1.225 + tls_hash_sha224 = 3,
1.226 + tls_hash_sha256 = 4,
1.227 + tls_hash_sha384 = 5,
1.228 + tls_hash_sha512 = 6
1.229 +};
1.230 +
1.231 +/* This enum reflects SignatureAlgorithm enum from
1.232 + * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */
1.233 +typedef enum {
1.234 + tls_sig_rsa = 1,
1.235 + tls_sig_dsa = 2,
1.236 + tls_sig_ecdsa = 3
1.237 +} TLSSignatureAlgorithm;
1.238 +
1.239 +typedef struct {
1.240 + SECOidTag hashAlg;
1.241 + TLSSignatureAlgorithm sigAlg;
1.242 +} SSL3SignatureAndHashAlgorithm;
1.243 +
1.244 +/* SSL3HashesIndividually contains a combination MD5/SHA1 hash, as used in TLS
1.245 + * prior to 1.2. */
1.246 +typedef struct {
1.247 + PRUint8 md5[16];
1.248 + PRUint8 sha[20];
1.249 +} SSL3HashesIndividually;
1.250 +
1.251 +/* SSL3Hashes contains an SSL hash value. The digest is contained in |u.raw|
1.252 + * which, if |hashAlg==SEC_OID_UNKNOWN| is also a SSL3HashesIndividually
1.253 + * struct. */
1.254 +typedef struct {
1.255 + unsigned int len;
1.256 + SECOidTag hashAlg;
1.257 + union {
1.258 + PRUint8 raw[64];
1.259 + SSL3HashesIndividually s;
1.260 + } u;
1.261 +} SSL3Hashes;
1.262 +
1.263 +typedef struct {
1.264 + union {
1.265 + SSL3Opaque anonymous;
1.266 + SSL3Hashes certified;
1.267 + } u;
1.268 +} SSL3ServerKeyExchange;
1.269 +
1.270 +typedef enum {
1.271 + ct_RSA_sign = 1,
1.272 + ct_DSS_sign = 2,
1.273 + ct_RSA_fixed_DH = 3,
1.274 + ct_DSS_fixed_DH = 4,
1.275 + ct_RSA_ephemeral_DH = 5,
1.276 + ct_DSS_ephemeral_DH = 6,
1.277 + ct_ECDSA_sign = 64,
1.278 + ct_RSA_fixed_ECDH = 65,
1.279 + ct_ECDSA_fixed_ECDH = 66
1.280 +
1.281 +} SSL3ClientCertificateType;
1.282 +
1.283 +typedef SECItem *SSL3DistinquishedName;
1.284 +
1.285 +typedef struct {
1.286 + SSL3Opaque client_version[2];
1.287 + SSL3Opaque random[46];
1.288 +} SSL3RSAPreMasterSecret;
1.289 +
1.290 +typedef SECItem SSL3EncryptedPreMasterSecret;
1.291 +
1.292 +
1.293 +typedef SSL3Opaque SSL3MasterSecret[48];
1.294 +
1.295 +typedef enum { implicit, explicit } SSL3PublicValueEncoding;
1.296 +
1.297 +typedef struct {
1.298 + union {
1.299 + SSL3Opaque implicit;
1.300 + SECItem explicit;
1.301 + } dh_public;
1.302 +} SSL3ClientDiffieHellmanPublic;
1.303 +
1.304 +typedef struct {
1.305 + union {
1.306 + SSL3EncryptedPreMasterSecret rsa;
1.307 + SSL3ClientDiffieHellmanPublic diffie_helman;
1.308 + } exchange_keys;
1.309 +} SSL3ClientKeyExchange;
1.310 +
1.311 +typedef SSL3Hashes SSL3PreSignedCertificateVerify;
1.312 +
1.313 +typedef SECItem SSL3CertificateVerify;
1.314 +
1.315 +typedef enum {
1.316 + sender_client = 0x434c4e54,
1.317 + sender_server = 0x53525652
1.318 +} SSL3Sender;
1.319 +
1.320 +typedef SSL3HashesIndividually SSL3Finished;
1.321 +
1.322 +typedef struct {
1.323 + SSL3Opaque verify_data[12];
1.324 +} TLSFinished;
1.325 +
1.326 +/*
1.327 + * TLS extension related data structures and constants.
1.328 + */
1.329 +
1.330 +/* SessionTicket extension related data structures. */
1.331 +
1.332 +/* NewSessionTicket handshake message. */
1.333 +typedef struct {
1.334 + PRUint32 received_timestamp;
1.335 + PRUint32 ticket_lifetime_hint;
1.336 + SECItem ticket;
1.337 +} NewSessionTicket;
1.338 +
1.339 +typedef enum {
1.340 + CLIENT_AUTH_ANONYMOUS = 0,
1.341 + CLIENT_AUTH_CERTIFICATE = 1
1.342 +} ClientAuthenticationType;
1.343 +
1.344 +typedef struct {
1.345 + ClientAuthenticationType client_auth_type;
1.346 + union {
1.347 + SSL3Opaque *certificate_list;
1.348 + } identity;
1.349 +} ClientIdentity;
1.350 +
1.351 +#define SESS_TICKET_KEY_NAME_LEN 16
1.352 +#define SESS_TICKET_KEY_NAME_PREFIX "NSS!"
1.353 +#define SESS_TICKET_KEY_NAME_PREFIX_LEN 4
1.354 +#define SESS_TICKET_KEY_VAR_NAME_LEN 12
1.355 +
1.356 +typedef struct {
1.357 + unsigned char *key_name;
1.358 + unsigned char *iv;
1.359 + SECItem encrypted_state;
1.360 + unsigned char *mac;
1.361 +} EncryptedSessionTicket;
1.362 +
1.363 +#define TLS_EX_SESS_TICKET_MAC_LENGTH 32
1.364 +
1.365 +#define TLS_STE_NO_SERVER_NAME -1
1.366 +
1.367 +#endif /* __ssl3proto_h_ */
