Home | History | Annotate | Download | only in ssl 
      1 /* Private header file of libSSL.
      2  * Various and sundry protocol constants. DON'T CHANGE THESE. These
      3  * values are defined by the SSL 3.0 protocol specification.
      4  *
      5  * This Source Code Form is subject to the terms of the Mozilla Public
      6  * License, v. 2.0. If a copy of the MPL was not distributed with this
      7  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
      8 
      9 #ifndef __ssl3proto_h_
     10 #define __ssl3proto_h_
     11 
     12 typedef PRUint8 SSL3Opaque;
     13 
     14 typedef PRUint16 SSL3ProtocolVersion;
     15 /* version numbers are defined in sslproto.h */
     16 
     17 typedef PRUint16 ssl3CipherSuite;
     18 /* The cipher suites are defined in sslproto.h */
     19 
     20 #define MAX_CERT_TYPES			10
     21 #define MAX_COMPRESSION_METHODS		10
     22 #define MAX_MAC_LENGTH			64
     23 #define MAX_PADDING_LENGTH		64
     24 #define MAX_KEY_LENGTH			64
     25 #define EXPORT_KEY_LENGTH		 5
     26 #define SSL3_RANDOM_LENGTH		32
     27 
     28 #define SSL3_RECORD_HEADER_LENGTH	 5
     29 
     30 /* SSL3_RECORD_HEADER_LENGTH + epoch/sequence_number */
     31 #define DTLS_RECORD_HEADER_LENGTH       13
     32 
     33 #define MAX_FRAGMENT_LENGTH		16384
     34 
     35 typedef enum {
     36     content_change_cipher_spec = 20,
     37     content_alert              = 21,
     38     content_handshake          = 22,
     39     content_application_data   = 23
     40 } SSL3ContentType;
     41 
     42 typedef struct {
     43     SSL3ContentType     type;
     44     SSL3ProtocolVersion version;
     45     PRUint16            length;
     46     SECItem             fragment;
     47 } SSL3Plaintext;
     48 
     49 typedef struct {
     50     SSL3ContentType     type;
     51     SSL3ProtocolVersion version;
     52     PRUint16            length;
     53     SECItem             fragment;
     54 } SSL3Compressed;
     55 
     56 typedef struct {
     57     SECItem    content;
     58     SSL3Opaque MAC[MAX_MAC_LENGTH];
     59 } SSL3GenericStreamCipher;
     60 
     61 typedef struct {
     62     SECItem    content;
     63     SSL3Opaque MAC[MAX_MAC_LENGTH];
     64     PRUint8    padding[MAX_PADDING_LENGTH];
     65     PRUint8    padding_length;
     66 } SSL3GenericBlockCipher;
     67 
     68 typedef enum { change_cipher_spec_choice = 1 } SSL3ChangeCipherSpecChoice;
     69 
     70 typedef struct {
     71     SSL3ChangeCipherSpecChoice choice;
     72 } SSL3ChangeCipherSpec;
     73 
     74 typedef enum { alert_warning = 1, alert_fatal = 2 } SSL3AlertLevel;
     75 
     76 typedef enum {
     77     close_notify            = 0,
     78     unexpected_message      = 10,
     79     bad_record_mac          = 20,
     80     decryption_failed_RESERVED = 21,	/* do not send; see RFC 5246 */
     81     record_overflow         = 22,	/* TLS only */
     82     decompression_failure   = 30,
     83     handshake_failure       = 40,
     84     no_certificate          = 41,	/* SSL3 only, NOT TLS */
     85     bad_certificate         = 42,
     86     unsupported_certificate = 43,
     87     certificate_revoked     = 44,
     88     certificate_expired     = 45,
     89     certificate_unknown     = 46,
     90     illegal_parameter       = 47,
     91 
     92 /* All alerts below are TLS only. */
     93     unknown_ca              = 48,
     94     access_denied           = 49,
     95     decode_error            = 50,
     96     decrypt_error           = 51,
     97     export_restriction      = 60,
     98     protocol_version        = 70,
     99     insufficient_security   = 71,
    100     internal_error          = 80,
    101     user_canceled           = 90,
    102     no_renegotiation        = 100,
    103 
    104 /* Alerts for client hello extensions */
    105     unsupported_extension           = 110,
    106     certificate_unobtainable        = 111,
    107     unrecognized_name               = 112,
    108     bad_certificate_status_response = 113,
    109     bad_certificate_hash_value      = 114
    110 
    111 } SSL3AlertDescription;
    112 
    113 typedef struct {
    114     SSL3AlertLevel       level;
    115     SSL3AlertDescription description;
    116 } SSL3Alert;
    117 
    118 typedef enum {
    119     hello_request	= 0,
    120     client_hello	= 1,
    121     server_hello	= 2,
    122     hello_verify_request = 3,
    123     new_session_ticket	= 4,
    124     certificate 	= 11,
    125     server_key_exchange = 12,
    126     certificate_request	= 13,
    127     server_hello_done	= 14,
    128     certificate_verify	= 15,
    129     client_key_exchange	= 16,
    130     finished		= 20,
    131     certificate_status  = 22,
    132     next_proto		= 67,
    133     encrypted_extensions= 203
    134 } SSL3HandshakeType;
    135 
    136 typedef struct {
    137     PRUint8 empty;
    138 } SSL3HelloRequest;
    139 
    140 typedef struct {
    141     SSL3Opaque rand[SSL3_RANDOM_LENGTH];
    142 } SSL3Random;
    143 
    144 typedef struct {
    145     SSL3Opaque id[32];
    146     PRUint8 length;
    147 } SSL3SessionID;
    148 
    149 typedef struct {
    150     SSL3ProtocolVersion   client_version;
    151     SSL3Random            random;
    152     SSL3SessionID         session_id;
    153     SECItem               cipher_suites;
    154     PRUint8                 cm_count;
    155     SSLCompressionMethod  compression_methods[MAX_COMPRESSION_METHODS];
    156 } SSL3ClientHello;
    157 
    158 typedef struct  {
    159     SSL3ProtocolVersion   server_version;
    160     SSL3Random            random;
    161     SSL3SessionID         session_id;
    162     ssl3CipherSuite       cipher_suite;
    163     SSLCompressionMethod  compression_method;
    164 } SSL3ServerHello;
    165 
    166 typedef struct {
    167     SECItem list;
    168 } SSL3Certificate;
    169 
    170 /* SSL3SignType moved to ssl.h */
    171 
    172 /* The SSL key exchange method used */
    173 typedef enum {
    174     kea_null,
    175     kea_rsa,
    176     kea_rsa_export,
    177     kea_rsa_export_1024,
    178     kea_dh_dss,
    179     kea_dh_dss_export,
    180     kea_dh_rsa,
    181     kea_dh_rsa_export,
    182     kea_dhe_dss,
    183     kea_dhe_dss_export,
    184     kea_dhe_rsa,
    185     kea_dhe_rsa_export,
    186     kea_dh_anon,
    187     kea_dh_anon_export,
    188     kea_rsa_fips,
    189     kea_ecdh_ecdsa,
    190     kea_ecdhe_ecdsa,
    191     kea_ecdh_rsa,
    192     kea_ecdhe_rsa,
    193     kea_ecdh_anon
    194 } SSL3KeyExchangeAlgorithm;
    195 
    196 typedef struct {
    197     SECItem modulus;
    198     SECItem exponent;
    199 } SSL3ServerRSAParams;
    200 
    201 typedef struct {
    202     SECItem p;
    203     SECItem g;
    204     SECItem Ys;
    205 } SSL3ServerDHParams;
    206 
    207 typedef struct {
    208     union {
    209 	SSL3ServerDHParams dh;
    210 	SSL3ServerRSAParams rsa;
    211     } u;
    212 } SSL3ServerParams;
    213 
    214 /* This enum reflects HashAlgorithm enum from
    215  * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1
    216  *
    217  * When updating, be sure to also update ssl3_TLSHashAlgorithmToOID. */
    218 enum {
    219     tls_hash_md5 = 1,
    220     tls_hash_sha1 = 2,
    221     tls_hash_sha224 = 3,
    222     tls_hash_sha256 = 4,
    223     tls_hash_sha384 = 5,
    224     tls_hash_sha512 = 6
    225 };
    226 
    227 /* This enum reflects SignatureAlgorithm enum from
    228  * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */
    229 typedef enum {
    230     tls_sig_rsa = 1,
    231     tls_sig_dsa = 2,
    232     tls_sig_ecdsa = 3
    233 } TLSSignatureAlgorithm;
    234 
    235 typedef struct {
    236     SECOidTag hashAlg;
    237     TLSSignatureAlgorithm sigAlg;
    238 } SSL3SignatureAndHashAlgorithm;
    239 
    240 /* SSL3HashesIndividually contains a combination MD5/SHA1 hash, as used in TLS
    241  * prior to 1.2. */
    242 typedef struct {
    243     PRUint8 md5[16];
    244     PRUint8 sha[20];
    245 } SSL3HashesIndividually;
    246 
    247 /* SSL3Hashes contains an SSL hash value. The digest is contained in |u.raw|
    248  * which, if |hashAlg==SEC_OID_UNKNOWN| is also a SSL3HashesIndividually
    249  * struct. */
    250 typedef struct {
    251     unsigned int len;
    252     SECOidTag hashAlg;
    253     union {
    254 	PRUint8 raw[64];
    255 	SSL3HashesIndividually s;
    256     } u;
    257 } SSL3Hashes;
    258 
    259 typedef struct {
    260     union {
    261 	SSL3Opaque anonymous;
    262 	SSL3Hashes certified;
    263     } u;
    264 } SSL3ServerKeyExchange;
    265 
    266 typedef enum {
    267     ct_RSA_sign 	=  1,
    268     ct_DSS_sign 	=  2,
    269     ct_RSA_fixed_DH 	=  3,
    270     ct_DSS_fixed_DH 	=  4,
    271     ct_RSA_ephemeral_DH =  5,
    272     ct_DSS_ephemeral_DH =  6,
    273     ct_ECDSA_sign	=  64,
    274     ct_RSA_fixed_ECDH	=  65,
    275     ct_ECDSA_fixed_ECDH	=  66
    276 
    277 } SSL3ClientCertificateType;
    278 
    279 typedef SECItem *SSL3DistinquishedName;
    280 
    281 typedef struct {
    282     SSL3Opaque client_version[2];
    283     SSL3Opaque random[46];
    284 } SSL3RSAPreMasterSecret;
    285 
    286 typedef SECItem SSL3EncryptedPreMasterSecret;
    287 
    288 
    289 typedef SSL3Opaque SSL3MasterSecret[48];
    290 
    291 typedef enum { implicit, explicit } SSL3PublicValueEncoding;
    292 
    293 typedef struct {
    294     union {
    295 	SSL3Opaque implicit;
    296 	SECItem    explicit;
    297     } dh_public;
    298 } SSL3ClientDiffieHellmanPublic;
    299 
    300 typedef struct {
    301     union {
    302 	SSL3EncryptedPreMasterSecret  rsa;
    303 	SSL3ClientDiffieHellmanPublic diffie_helman;
    304     } exchange_keys;
    305 } SSL3ClientKeyExchange;
    306 
    307 typedef SSL3Hashes SSL3PreSignedCertificateVerify;
    308 
    309 typedef SECItem SSL3CertificateVerify;
    310 
    311 typedef enum {
    312     sender_client = 0x434c4e54,
    313     sender_server = 0x53525652
    314 } SSL3Sender;
    315 
    316 typedef SSL3HashesIndividually SSL3Finished;
    317 
    318 typedef struct {
    319     SSL3Opaque verify_data[12];
    320 } TLSFinished;
    321 
    322 /*
    323  * TLS extension related data structures and constants.
    324  */
    325 
    326 /* SessionTicket extension related data structures. */
    327 
    328 /* NewSessionTicket handshake message. */
    329 typedef struct {
    330     PRUint32 received_timestamp;
    331     PRUint32 ticket_lifetime_hint;
    332     SECItem  ticket;
    333 } NewSessionTicket;
    334 
    335 typedef enum {
    336     CLIENT_AUTH_ANONYMOUS   = 0,
    337     CLIENT_AUTH_CERTIFICATE = 1
    338 } ClientAuthenticationType;
    339 
    340 typedef struct {
    341     ClientAuthenticationType client_auth_type;
    342     union {
    343 	SSL3Opaque *certificate_list;
    344     } identity;
    345 } ClientIdentity;
    346 
    347 #define SESS_TICKET_KEY_NAME_LEN       16
    348 #define SESS_TICKET_KEY_NAME_PREFIX    "NSS!"
    349 #define SESS_TICKET_KEY_NAME_PREFIX_LEN 4
    350 #define SESS_TICKET_KEY_VAR_NAME_LEN   12
    351 
    352 typedef struct {
    353     unsigned char *key_name;
    354     unsigned char *iv;
    355     SECItem encrypted_state;
    356     unsigned char *mac;
    357 } EncryptedSessionTicket;
    358 
    359 #define TLS_EX_SESS_TICKET_MAC_LENGTH       32
    360 
    361 #define TLS_STE_NO_SERVER_NAME        -1
    362 
    363 #endif /* __ssl3proto_h_ */
    364