• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * This file contains prototypes for the public SSL functions.
3  *
4  * This Source Code Form is subject to the terms of the Mozilla Public
5  * License, v. 2.0. If a copy of the MPL was not distributed with this
6  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
7 
8 #ifndef __sslt_h_
9 #define __sslt_h_
10 
11 #include "prtypes.h"
12 
13 /* SECItemArray is added in NSS 3.15.  Define the type if compiling
14 ** against an older version of NSS.
15 */
16 #include "nssutil.h"
17 #if NSSUTIL_VMAJOR == 3 && NSSUTIL_VMINOR < 15
18 typedef struct SECItemArrayStr SECItemArray;
19 
20 struct SECItemArrayStr {
21     SECItem *items;
22     unsigned int len;
23 };
24 #endif  /* NSSUTIL_VMAJOR == 3 && NSSUTIL_VMINOR < 15 */
25 
26 typedef struct SSL3StatisticsStr {
27     /* statistics from ssl3_SendClientHello (sch) */
28     long sch_sid_cache_hits;
29     long sch_sid_cache_misses;
30     long sch_sid_cache_not_ok;
31 
32     /* statistics from ssl3_HandleServerHello (hsh) */
33     long hsh_sid_cache_hits;
34     long hsh_sid_cache_misses;
35     long hsh_sid_cache_not_ok;
36 
37     /* statistics from ssl3_HandleClientHello (hch) */
38     long hch_sid_cache_hits;
39     long hch_sid_cache_misses;
40     long hch_sid_cache_not_ok;
41 
42     /* statistics related to stateless resume */
43     long sch_sid_stateless_resumes;
44     long hsh_sid_stateless_resumes;
45     long hch_sid_stateless_resumes;
46     long hch_sid_ticket_parse_failures;
47 } SSL3Statistics;
48 
49 /* Key Exchange algorithm values */
50 typedef enum {
51     ssl_kea_null     = 0,
52     ssl_kea_rsa      = 1,
53     ssl_kea_dh       = 2,
54     ssl_kea_fortezza = 3,       /* deprecated, now unused */
55     ssl_kea_ecdh     = 4,
56     ssl_kea_size		/* number of ssl_kea_ algorithms */
57 } SSLKEAType;
58 
59 /* The following defines are for backwards compatibility.
60 ** They will be removed in a forthcoming release to reduce namespace pollution.
61 ** programs that use the kt_ symbols should convert to the ssl_kt_ symbols
62 ** soon.
63 */
64 #define kt_null   	ssl_kea_null
65 #define kt_rsa   	ssl_kea_rsa
66 #define kt_dh   	ssl_kea_dh
67 #define kt_fortezza	ssl_kea_fortezza       /* deprecated, now unused */
68 #define kt_ecdh   	ssl_kea_ecdh
69 #define kt_kea_size	ssl_kea_size
70 
71 typedef enum {
72     ssl_sign_null   = 0,
73     ssl_sign_rsa    = 1,
74     ssl_sign_dsa    = 2,
75     ssl_sign_ecdsa  = 3
76 } SSLSignType;
77 
78 typedef enum {
79     ssl_auth_null   = 0,
80     ssl_auth_rsa    = 1,
81     ssl_auth_dsa    = 2,
82     ssl_auth_kea    = 3,
83     ssl_auth_ecdsa  = 4
84 } SSLAuthType;
85 
86 typedef enum {
87     ssl_calg_null     = 0,
88     ssl_calg_rc4      = 1,
89     ssl_calg_rc2      = 2,
90     ssl_calg_des      = 3,
91     ssl_calg_3des     = 4,
92     ssl_calg_idea     = 5,
93     ssl_calg_fortezza = 6,      /* deprecated, now unused */
94     ssl_calg_aes      = 7,
95     ssl_calg_camellia = 8,
96     ssl_calg_seed     = 9,
97     ssl_calg_aes_gcm  = 10,
98     ssl_calg_chacha20 = 11
99 } SSLCipherAlgorithm;
100 
101 typedef enum {
102     ssl_mac_null      = 0,
103     ssl_mac_md5       = 1,
104     ssl_mac_sha       = 2,
105     ssl_hmac_md5      = 3, 	/* TLS HMAC version of mac_md5 */
106     ssl_hmac_sha      = 4, 	/* TLS HMAC version of mac_sha */
107     ssl_hmac_sha256   = 5,
108     ssl_mac_aead      = 6
109 } SSLMACAlgorithm;
110 
111 typedef enum {
112     ssl_compression_null = 0,
113     ssl_compression_deflate = 1  /* RFC 3749 */
114 } SSLCompressionMethod;
115 
116 typedef struct SSLChannelInfoStr {
117     PRUint32             length;
118     PRUint16             protocolVersion;
119     PRUint16             cipherSuite;
120 
121     /* server authentication info */
122     PRUint32             authKeyBits;
123 
124     /* key exchange algorithm info */
125     PRUint32             keaKeyBits;
126 
127     /* session info */
128     PRUint32             creationTime;		/* seconds since Jan 1, 1970 */
129     PRUint32             lastAccessTime;	/* seconds since Jan 1, 1970 */
130     PRUint32             expirationTime;	/* seconds since Jan 1, 1970 */
131     PRUint32             sessionIDLength;	/* up to 32 */
132     PRUint8              sessionID    [32];
133 
134     /* The following fields are added in NSS 3.12.5. */
135 
136     /* compression method info */
137     const char *         compressionMethodName;
138     SSLCompressionMethod compressionMethod;
139 } SSLChannelInfo;
140 
141 typedef struct SSLCipherSuiteInfoStr {
142     PRUint16             length;
143     PRUint16             cipherSuite;
144 
145     /* Cipher Suite Name */
146     const char *         cipherSuiteName;
147 
148     /* server authentication info */
149     const char *         authAlgorithmName;
150     SSLAuthType          authAlgorithm;
151 
152     /* key exchange algorithm info */
153     const char *         keaTypeName;
154     SSLKEAType           keaType;
155 
156     /* symmetric encryption info */
157     const char *         symCipherName;
158     SSLCipherAlgorithm   symCipher;
159     PRUint16             symKeyBits;
160     PRUint16             symKeySpace;
161     PRUint16             effectiveKeyBits;
162 
163     /* MAC info */
164     /* AEAD ciphers don't have a MAC. For an AEAD cipher, macAlgorithmName
165      * is "AEAD", macAlgorithm is ssl_mac_aead, and macBits is the length in
166      * bits of the authentication tag. */
167     const char *         macAlgorithmName;
168     SSLMACAlgorithm      macAlgorithm;
169     PRUint16             macBits;
170 
171     PRUintn              isFIPS       : 1;
172     PRUintn              isExportable : 1;
173     PRUintn              nonStandard  : 1;
174     PRUintn              reservedBits :29;
175 
176 } SSLCipherSuiteInfo;
177 
178 typedef enum {
179     ssl_variant_stream = 0,
180     ssl_variant_datagram = 1
181 } SSLProtocolVariant;
182 
183 typedef struct SSLVersionRangeStr {
184     PRUint16 min;
185     PRUint16 max;
186 } SSLVersionRange;
187 
188 typedef enum {
189     SSL_sni_host_name                    = 0,
190     SSL_sni_type_total
191 } SSLSniNameType;
192 
193 /* Supported extensions. */
194 /* Update SSL_MAX_EXTENSIONS whenever a new extension type is added. */
195 typedef enum {
196     ssl_server_name_xtn              = 0,
197     ssl_cert_status_xtn              = 5,
198 #ifdef NSS_ENABLE_ECC
199     ssl_elliptic_curves_xtn          = 10,
200     ssl_ec_point_formats_xtn         = 11,
201 #endif
202     ssl_signature_algorithms_xtn     = 13,
203     ssl_use_srtp_xtn                 = 14,
204     ssl_app_layer_protocol_xtn       = 16,
205     ssl_signed_certificate_timestamp_xtn = 18,   /* RFC 6962 */
206     ssl_padding_xtn                  = 21,
207     ssl_session_ticket_xtn           = 35,
208     ssl_next_proto_nego_xtn          = 13172,
209     ssl_channel_id_xtn               = 30032,
210     ssl_renegotiation_info_xtn       = 0xff01	/* experimental number */
211 } SSLExtensionType;
212 
213 #define SSL_MAX_EXTENSIONS             12 /* doesn't include ssl_padding_xtn. */
214 
215 #endif /* __sslt_h_ */
216