1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #ifndef NET_SSL_SSL_CONNECTION_STATUS_FLAGS_H_
6 #define NET_SSL_SSL_CONNECTION_STATUS_FLAGS_H_
7
8 #include "base/logging.h"
9 #include "base/macros.h"
10
11 namespace net {
12
13 // Status flags for SSLInfo::connection_status.
14 enum {
15 // The lower 16 bits are reserved for the TLS ciphersuite id.
16 SSL_CONNECTION_CIPHERSUITE_SHIFT = 0,
17 SSL_CONNECTION_CIPHERSUITE_MASK = 0xffff,
18
19 // The next two bits are reserved for the compression used.
20 SSL_CONNECTION_COMPRESSION_SHIFT = 16,
21 SSL_CONNECTION_COMPRESSION_MASK = 3,
22
23 // We fell back to an older protocol version for this connection.
24 SSL_CONNECTION_VERSION_FALLBACK = 1 << 18,
25
26 // The server doesn't support the renegotiation_info extension. If this bit
27 // is not set then either the extension isn't supported, or we don't have any
28 // knowledge either way. (The latter case will occur when we use an SSL
29 // library that doesn't report it, like SChannel.)
30 SSL_CONNECTION_NO_RENEGOTIATION_EXTENSION = 1 << 19,
31
32 // The next three bits are reserved for the SSL version.
33 SSL_CONNECTION_VERSION_SHIFT = 20,
34 SSL_CONNECTION_VERSION_MASK = 7,
35
36 // 1 << 31 (the sign bit) is reserved so that the SSL connection status will
37 // never be negative.
38 };
39
40 // NOTE: the SSL version enum constants must be between 0 and
41 // SSL_CONNECTION_VERSION_MASK, inclusive.
42 enum {
43 SSL_CONNECTION_VERSION_UNKNOWN = 0, // Unknown SSL version.
44 SSL_CONNECTION_VERSION_SSL2 = 1,
45 SSL_CONNECTION_VERSION_SSL3 = 2,
46 SSL_CONNECTION_VERSION_TLS1 = 3,
47 SSL_CONNECTION_VERSION_TLS1_1 = 4,
48 SSL_CONNECTION_VERSION_TLS1_2 = 5,
49 // Reserve 6 for TLS 1.3.
50 SSL_CONNECTION_VERSION_QUIC = 7,
51 SSL_CONNECTION_VERSION_MAX,
52 };
53 COMPILE_ASSERT(SSL_CONNECTION_VERSION_MAX - 1 <= SSL_CONNECTION_VERSION_MASK,
54 SSL_CONNECTION_VERSION_MASK_too_small);
55
SSLConnectionStatusToCipherSuite(int connection_status)56 inline int SSLConnectionStatusToCipherSuite(int connection_status) {
57 return (connection_status >> SSL_CONNECTION_CIPHERSUITE_SHIFT) &
58 SSL_CONNECTION_CIPHERSUITE_MASK;
59 }
60
SSLConnectionStatusToVersion(int connection_status)61 inline int SSLConnectionStatusToVersion(int connection_status) {
62 return (connection_status >> SSL_CONNECTION_VERSION_SHIFT) &
63 SSL_CONNECTION_VERSION_MASK;
64 }
65
SSLConnectionStatusSetCipherSuite(int cipher_suite,int * connection_status)66 inline void SSLConnectionStatusSetCipherSuite(int cipher_suite,
67 int* connection_status) {
68 // Clear out the old ciphersuite.
69 *connection_status &=
70 ~(SSL_CONNECTION_CIPHERSUITE_MASK << SSL_CONNECTION_CIPHERSUITE_SHIFT);
71 // Set the new ciphersuite.
72 *connection_status |= ((cipher_suite & SSL_CONNECTION_CIPHERSUITE_MASK)
73 << SSL_CONNECTION_CIPHERSUITE_SHIFT);
74 }
75
SSLConnectionStatusSetVersion(int version,int * connection_status)76 inline void SSLConnectionStatusSetVersion(int version, int* connection_status) {
77 DCHECK_GT(version, 0);
78 DCHECK_LT(version, SSL_CONNECTION_VERSION_MAX);
79
80 // Clear out the old version.
81 *connection_status &=
82 ~(SSL_CONNECTION_VERSION_MASK << SSL_CONNECTION_VERSION_SHIFT);
83 // Set the new version.
84 *connection_status |=
85 ((version & SSL_CONNECTION_VERSION_MASK) << SSL_CONNECTION_VERSION_SHIFT);
86 }
87
88 } // namespace net
89
90 #endif // NET_SSL_SSL_CONNECTION_STATUS_FLAGS_H_
91