michael@0: /* michael@0: * This file contains prototypes for the public SSL functions. michael@0: * michael@0: * This Source Code Form is subject to the terms of the Mozilla Public michael@0: * License, v. 2.0. If a copy of the MPL was not distributed with this michael@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ michael@0: michael@0: #ifndef __sslt_h_ michael@0: #define __sslt_h_ michael@0: michael@0: #include "prtypes.h" michael@0: michael@0: typedef struct SSL3StatisticsStr { michael@0: /* statistics from ssl3_SendClientHello (sch) */ michael@0: long sch_sid_cache_hits; michael@0: long sch_sid_cache_misses; michael@0: long sch_sid_cache_not_ok; michael@0: michael@0: /* statistics from ssl3_HandleServerHello (hsh) */ michael@0: long hsh_sid_cache_hits; michael@0: long hsh_sid_cache_misses; michael@0: long hsh_sid_cache_not_ok; michael@0: michael@0: /* statistics from ssl3_HandleClientHello (hch) */ michael@0: long hch_sid_cache_hits; michael@0: long hch_sid_cache_misses; michael@0: long hch_sid_cache_not_ok; michael@0: michael@0: /* statistics related to stateless resume */ michael@0: long sch_sid_stateless_resumes; michael@0: long hsh_sid_stateless_resumes; michael@0: long hch_sid_stateless_resumes; michael@0: long hch_sid_ticket_parse_failures; michael@0: } SSL3Statistics; michael@0: michael@0: /* Key Exchange algorithm values */ michael@0: typedef enum { michael@0: ssl_kea_null = 0, michael@0: ssl_kea_rsa = 1, michael@0: ssl_kea_dh = 2, michael@0: ssl_kea_fortezza = 3, /* deprecated, now unused */ michael@0: ssl_kea_ecdh = 4, michael@0: ssl_kea_size /* number of ssl_kea_ algorithms */ michael@0: } SSLKEAType; michael@0: michael@0: /* The following defines are for backwards compatibility. michael@0: ** They will be removed in a forthcoming release to reduce namespace pollution. michael@0: ** programs that use the kt_ symbols should convert to the ssl_kt_ symbols michael@0: ** soon. michael@0: */ michael@0: #define kt_null ssl_kea_null michael@0: #define kt_rsa ssl_kea_rsa michael@0: #define kt_dh ssl_kea_dh michael@0: #define kt_fortezza ssl_kea_fortezza /* deprecated, now unused */ michael@0: #define kt_ecdh ssl_kea_ecdh michael@0: #define kt_kea_size ssl_kea_size michael@0: michael@0: typedef enum { michael@0: ssl_sign_null = 0, michael@0: ssl_sign_rsa = 1, michael@0: ssl_sign_dsa = 2, michael@0: ssl_sign_ecdsa = 3 michael@0: } SSLSignType; michael@0: michael@0: typedef enum { michael@0: ssl_auth_null = 0, michael@0: ssl_auth_rsa = 1, michael@0: ssl_auth_dsa = 2, michael@0: ssl_auth_kea = 3, michael@0: ssl_auth_ecdsa = 4 michael@0: } SSLAuthType; michael@0: michael@0: typedef enum { michael@0: ssl_calg_null = 0, michael@0: ssl_calg_rc4 = 1, michael@0: ssl_calg_rc2 = 2, michael@0: ssl_calg_des = 3, michael@0: ssl_calg_3des = 4, michael@0: ssl_calg_idea = 5, michael@0: ssl_calg_fortezza = 6, /* deprecated, now unused */ michael@0: ssl_calg_aes = 7, michael@0: ssl_calg_camellia = 8, michael@0: ssl_calg_seed = 9, michael@0: ssl_calg_aes_gcm = 10 michael@0: } SSLCipherAlgorithm; michael@0: michael@0: typedef enum { michael@0: ssl_mac_null = 0, michael@0: ssl_mac_md5 = 1, michael@0: ssl_mac_sha = 2, michael@0: ssl_hmac_md5 = 3, /* TLS HMAC version of mac_md5 */ michael@0: ssl_hmac_sha = 4, /* TLS HMAC version of mac_sha */ michael@0: ssl_hmac_sha256 = 5, michael@0: ssl_mac_aead = 6 michael@0: } SSLMACAlgorithm; michael@0: michael@0: typedef enum { michael@0: ssl_compression_null = 0, michael@0: ssl_compression_deflate = 1 /* RFC 3749 */ michael@0: } SSLCompressionMethod; michael@0: michael@0: typedef struct SSLChannelInfoStr { michael@0: PRUint32 length; michael@0: PRUint16 protocolVersion; michael@0: PRUint16 cipherSuite; michael@0: michael@0: /* server authentication info */ michael@0: PRUint32 authKeyBits; michael@0: michael@0: /* key exchange algorithm info */ michael@0: PRUint32 keaKeyBits; michael@0: michael@0: /* session info */ michael@0: PRUint32 creationTime; /* seconds since Jan 1, 1970 */ michael@0: PRUint32 lastAccessTime; /* seconds since Jan 1, 1970 */ michael@0: PRUint32 expirationTime; /* seconds since Jan 1, 1970 */ michael@0: PRUint32 sessionIDLength; /* up to 32 */ michael@0: PRUint8 sessionID [32]; michael@0: michael@0: /* The following fields are added in NSS 3.12.5. */ michael@0: michael@0: /* compression method info */ michael@0: const char * compressionMethodName; michael@0: SSLCompressionMethod compressionMethod; michael@0: } SSLChannelInfo; michael@0: michael@0: typedef struct SSLCipherSuiteInfoStr { michael@0: PRUint16 length; michael@0: PRUint16 cipherSuite; michael@0: michael@0: /* Cipher Suite Name */ michael@0: const char * cipherSuiteName; michael@0: michael@0: /* server authentication info */ michael@0: const char * authAlgorithmName; michael@0: SSLAuthType authAlgorithm; michael@0: michael@0: /* key exchange algorithm info */ michael@0: const char * keaTypeName; michael@0: SSLKEAType keaType; michael@0: michael@0: /* symmetric encryption info */ michael@0: const char * symCipherName; michael@0: SSLCipherAlgorithm symCipher; michael@0: PRUint16 symKeyBits; michael@0: PRUint16 symKeySpace; michael@0: PRUint16 effectiveKeyBits; michael@0: michael@0: /* MAC info */ michael@0: /* AEAD ciphers don't have a MAC. For an AEAD cipher, macAlgorithmName michael@0: * is "AEAD", macAlgorithm is ssl_mac_aead, and macBits is the length in michael@0: * bits of the authentication tag. */ michael@0: const char * macAlgorithmName; michael@0: SSLMACAlgorithm macAlgorithm; michael@0: PRUint16 macBits; michael@0: michael@0: PRUintn isFIPS : 1; michael@0: PRUintn isExportable : 1; michael@0: PRUintn nonStandard : 1; michael@0: PRUintn reservedBits :29; michael@0: michael@0: } SSLCipherSuiteInfo; michael@0: michael@0: typedef enum { michael@0: ssl_variant_stream = 0, michael@0: ssl_variant_datagram = 1 michael@0: } SSLProtocolVariant; michael@0: michael@0: typedef struct SSLVersionRangeStr { michael@0: PRUint16 min; michael@0: PRUint16 max; michael@0: } SSLVersionRange; michael@0: michael@0: typedef enum { michael@0: SSL_sni_host_name = 0, michael@0: SSL_sni_type_total michael@0: } SSLSniNameType; michael@0: michael@0: /* Supported extensions. */ michael@0: /* Update SSL_MAX_EXTENSIONS whenever a new extension type is added. */ michael@0: typedef enum { michael@0: ssl_server_name_xtn = 0, michael@0: ssl_cert_status_xtn = 5, michael@0: #ifndef NSS_DISABLE_ECC michael@0: ssl_elliptic_curves_xtn = 10, michael@0: ssl_ec_point_formats_xtn = 11, michael@0: #endif michael@0: ssl_signature_algorithms_xtn = 13, michael@0: ssl_use_srtp_xtn = 14, michael@0: ssl_app_layer_protocol_xtn = 16, michael@0: ssl_padding_xtn = 21, michael@0: ssl_session_ticket_xtn = 35, michael@0: ssl_next_proto_nego_xtn = 13172, michael@0: ssl_renegotiation_info_xtn = 0xff01 /* experimental number */ michael@0: } SSLExtensionType; michael@0: michael@0: #define SSL_MAX_EXTENSIONS 10 /* doesn't include ssl_padding_xtn. */ michael@0: michael@0: #endif /* __sslt_h_ */