1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/nss/lib/ssl/sslt.h Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,199 @@
1.4 +/*
1.5 + * This file contains prototypes for the public SSL functions.
1.6 + *
1.7 + * This Source Code Form is subject to the terms of the Mozilla Public
1.8 + * License, v. 2.0. If a copy of the MPL was not distributed with this
1.9 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
1.10 +
1.11 +#ifndef __sslt_h_
1.12 +#define __sslt_h_
1.13 +
1.14 +#include "prtypes.h"
1.15 +
1.16 +typedef struct SSL3StatisticsStr {
1.17 + /* statistics from ssl3_SendClientHello (sch) */
1.18 + long sch_sid_cache_hits;
1.19 + long sch_sid_cache_misses;
1.20 + long sch_sid_cache_not_ok;
1.21 +
1.22 + /* statistics from ssl3_HandleServerHello (hsh) */
1.23 + long hsh_sid_cache_hits;
1.24 + long hsh_sid_cache_misses;
1.25 + long hsh_sid_cache_not_ok;
1.26 +
1.27 + /* statistics from ssl3_HandleClientHello (hch) */
1.28 + long hch_sid_cache_hits;
1.29 + long hch_sid_cache_misses;
1.30 + long hch_sid_cache_not_ok;
1.31 +
1.32 + /* statistics related to stateless resume */
1.33 + long sch_sid_stateless_resumes;
1.34 + long hsh_sid_stateless_resumes;
1.35 + long hch_sid_stateless_resumes;
1.36 + long hch_sid_ticket_parse_failures;
1.37 +} SSL3Statistics;
1.38 +
1.39 +/* Key Exchange algorithm values */
1.40 +typedef enum {
1.41 + ssl_kea_null = 0,
1.42 + ssl_kea_rsa = 1,
1.43 + ssl_kea_dh = 2,
1.44 + ssl_kea_fortezza = 3, /* deprecated, now unused */
1.45 + ssl_kea_ecdh = 4,
1.46 + ssl_kea_size /* number of ssl_kea_ algorithms */
1.47 +} SSLKEAType;
1.48 +
1.49 +/* The following defines are for backwards compatibility.
1.50 +** They will be removed in a forthcoming release to reduce namespace pollution.
1.51 +** programs that use the kt_ symbols should convert to the ssl_kt_ symbols
1.52 +** soon.
1.53 +*/
1.54 +#define kt_null ssl_kea_null
1.55 +#define kt_rsa ssl_kea_rsa
1.56 +#define kt_dh ssl_kea_dh
1.57 +#define kt_fortezza ssl_kea_fortezza /* deprecated, now unused */
1.58 +#define kt_ecdh ssl_kea_ecdh
1.59 +#define kt_kea_size ssl_kea_size
1.60 +
1.61 +typedef enum {
1.62 + ssl_sign_null = 0,
1.63 + ssl_sign_rsa = 1,
1.64 + ssl_sign_dsa = 2,
1.65 + ssl_sign_ecdsa = 3
1.66 +} SSLSignType;
1.67 +
1.68 +typedef enum {
1.69 + ssl_auth_null = 0,
1.70 + ssl_auth_rsa = 1,
1.71 + ssl_auth_dsa = 2,
1.72 + ssl_auth_kea = 3,
1.73 + ssl_auth_ecdsa = 4
1.74 +} SSLAuthType;
1.75 +
1.76 +typedef enum {
1.77 + ssl_calg_null = 0,
1.78 + ssl_calg_rc4 = 1,
1.79 + ssl_calg_rc2 = 2,
1.80 + ssl_calg_des = 3,
1.81 + ssl_calg_3des = 4,
1.82 + ssl_calg_idea = 5,
1.83 + ssl_calg_fortezza = 6, /* deprecated, now unused */
1.84 + ssl_calg_aes = 7,
1.85 + ssl_calg_camellia = 8,
1.86 + ssl_calg_seed = 9,
1.87 + ssl_calg_aes_gcm = 10
1.88 +} SSLCipherAlgorithm;
1.89 +
1.90 +typedef enum {
1.91 + ssl_mac_null = 0,
1.92 + ssl_mac_md5 = 1,
1.93 + ssl_mac_sha = 2,
1.94 + ssl_hmac_md5 = 3, /* TLS HMAC version of mac_md5 */
1.95 + ssl_hmac_sha = 4, /* TLS HMAC version of mac_sha */
1.96 + ssl_hmac_sha256 = 5,
1.97 + ssl_mac_aead = 6
1.98 +} SSLMACAlgorithm;
1.99 +
1.100 +typedef enum {
1.101 + ssl_compression_null = 0,
1.102 + ssl_compression_deflate = 1 /* RFC 3749 */
1.103 +} SSLCompressionMethod;
1.104 +
1.105 +typedef struct SSLChannelInfoStr {
1.106 + PRUint32 length;
1.107 + PRUint16 protocolVersion;
1.108 + PRUint16 cipherSuite;
1.109 +
1.110 + /* server authentication info */
1.111 + PRUint32 authKeyBits;
1.112 +
1.113 + /* key exchange algorithm info */
1.114 + PRUint32 keaKeyBits;
1.115 +
1.116 + /* session info */
1.117 + PRUint32 creationTime; /* seconds since Jan 1, 1970 */
1.118 + PRUint32 lastAccessTime; /* seconds since Jan 1, 1970 */
1.119 + PRUint32 expirationTime; /* seconds since Jan 1, 1970 */
1.120 + PRUint32 sessionIDLength; /* up to 32 */
1.121 + PRUint8 sessionID [32];
1.122 +
1.123 + /* The following fields are added in NSS 3.12.5. */
1.124 +
1.125 + /* compression method info */
1.126 + const char * compressionMethodName;
1.127 + SSLCompressionMethod compressionMethod;
1.128 +} SSLChannelInfo;
1.129 +
1.130 +typedef struct SSLCipherSuiteInfoStr {
1.131 + PRUint16 length;
1.132 + PRUint16 cipherSuite;
1.133 +
1.134 + /* Cipher Suite Name */
1.135 + const char * cipherSuiteName;
1.136 +
1.137 + /* server authentication info */
1.138 + const char * authAlgorithmName;
1.139 + SSLAuthType authAlgorithm;
1.140 +
1.141 + /* key exchange algorithm info */
1.142 + const char * keaTypeName;
1.143 + SSLKEAType keaType;
1.144 +
1.145 + /* symmetric encryption info */
1.146 + const char * symCipherName;
1.147 + SSLCipherAlgorithm symCipher;
1.148 + PRUint16 symKeyBits;
1.149 + PRUint16 symKeySpace;
1.150 + PRUint16 effectiveKeyBits;
1.151 +
1.152 + /* MAC info */
1.153 + /* AEAD ciphers don't have a MAC. For an AEAD cipher, macAlgorithmName
1.154 + * is "AEAD", macAlgorithm is ssl_mac_aead, and macBits is the length in
1.155 + * bits of the authentication tag. */
1.156 + const char * macAlgorithmName;
1.157 + SSLMACAlgorithm macAlgorithm;
1.158 + PRUint16 macBits;
1.159 +
1.160 + PRUintn isFIPS : 1;
1.161 + PRUintn isExportable : 1;
1.162 + PRUintn nonStandard : 1;
1.163 + PRUintn reservedBits :29;
1.164 +
1.165 +} SSLCipherSuiteInfo;
1.166 +
1.167 +typedef enum {
1.168 + ssl_variant_stream = 0,
1.169 + ssl_variant_datagram = 1
1.170 +} SSLProtocolVariant;
1.171 +
1.172 +typedef struct SSLVersionRangeStr {
1.173 + PRUint16 min;
1.174 + PRUint16 max;
1.175 +} SSLVersionRange;
1.176 +
1.177 +typedef enum {
1.178 + SSL_sni_host_name = 0,
1.179 + SSL_sni_type_total
1.180 +} SSLSniNameType;
1.181 +
1.182 +/* Supported extensions. */
1.183 +/* Update SSL_MAX_EXTENSIONS whenever a new extension type is added. */
1.184 +typedef enum {
1.185 + ssl_server_name_xtn = 0,
1.186 + ssl_cert_status_xtn = 5,
1.187 +#ifndef NSS_DISABLE_ECC
1.188 + ssl_elliptic_curves_xtn = 10,
1.189 + ssl_ec_point_formats_xtn = 11,
1.190 +#endif
1.191 + ssl_signature_algorithms_xtn = 13,
1.192 + ssl_use_srtp_xtn = 14,
1.193 + ssl_app_layer_protocol_xtn = 16,
1.194 + ssl_padding_xtn = 21,
1.195 + ssl_session_ticket_xtn = 35,
1.196 + ssl_next_proto_nego_xtn = 13172,
1.197 + ssl_renegotiation_info_xtn = 0xff01 /* experimental number */
1.198 +} SSLExtensionType;
1.199 +
1.200 +#define SSL_MAX_EXTENSIONS 10 /* doesn't include ssl_padding_xtn. */
1.201 +
1.202 +#endif /* __sslt_h_ */
