1 /* 2 * This file contains prototypes for the public SSL functions. 3 * 4 * This Source Code Form is subject to the terms of the Mozilla Public 5 * License, v. 2.0. If a copy of the MPL was not distributed with this 6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 7 8 #ifndef __sslt_h_ 9 #define __sslt_h_ 10 11 #include "prtypes.h" 12 13 /* SECItemArray is added in NSS 3.15. Define the type if compiling 14 ** against an older version of NSS. 15 */ 16 #include "nssutil.h" 17 #if NSSUTIL_VMAJOR == 3 && NSSUTIL_VMINOR < 15 18 typedef struct SECItemArrayStr SECItemArray; 19 20 struct SECItemArrayStr { 21 SECItem *items; 22 unsigned int len; 23 }; 24 #endif /* NSSUTIL_VMAJOR == 3 && NSSUTIL_VMINOR < 15 */ 25 26 typedef struct SSL3StatisticsStr { 27 /* statistics from ssl3_SendClientHello (sch) */ 28 long sch_sid_cache_hits; 29 long sch_sid_cache_misses; 30 long sch_sid_cache_not_ok; 31 32 /* statistics from ssl3_HandleServerHello (hsh) */ 33 long hsh_sid_cache_hits; 34 long hsh_sid_cache_misses; 35 long hsh_sid_cache_not_ok; 36 37 /* statistics from ssl3_HandleClientHello (hch) */ 38 long hch_sid_cache_hits; 39 long hch_sid_cache_misses; 40 long hch_sid_cache_not_ok; 41 42 /* statistics related to stateless resume */ 43 long sch_sid_stateless_resumes; 44 long hsh_sid_stateless_resumes; 45 long hch_sid_stateless_resumes; 46 long hch_sid_ticket_parse_failures; 47 } SSL3Statistics; 48 49 /* Key Exchange algorithm values */ 50 typedef enum { 51 ssl_kea_null = 0, 52 ssl_kea_rsa = 1, 53 ssl_kea_dh = 2, 54 ssl_kea_fortezza = 3, /* deprecated, now unused */ 55 ssl_kea_ecdh = 4, 56 ssl_kea_size /* number of ssl_kea_ algorithms */ 57 } SSLKEAType; 58 59 /* The following defines are for backwards compatibility. 60 ** They will be removed in a forthcoming release to reduce namespace pollution. 61 ** programs that use the kt_ symbols should convert to the ssl_kt_ symbols 62 ** soon. 63 */ 64 #define kt_null ssl_kea_null 65 #define kt_rsa ssl_kea_rsa 66 #define kt_dh ssl_kea_dh 67 #define kt_fortezza ssl_kea_fortezza /* deprecated, now unused */ 68 #define kt_ecdh ssl_kea_ecdh 69 #define kt_kea_size ssl_kea_size 70 71 typedef enum { 72 ssl_sign_null = 0, 73 ssl_sign_rsa = 1, 74 ssl_sign_dsa = 2, 75 ssl_sign_ecdsa = 3 76 } SSLSignType; 77 78 typedef enum { 79 ssl_auth_null = 0, 80 ssl_auth_rsa = 1, 81 ssl_auth_dsa = 2, 82 ssl_auth_kea = 3, 83 ssl_auth_ecdsa = 4 84 } SSLAuthType; 85 86 typedef enum { 87 ssl_calg_null = 0, 88 ssl_calg_rc4 = 1, 89 ssl_calg_rc2 = 2, 90 ssl_calg_des = 3, 91 ssl_calg_3des = 4, 92 ssl_calg_idea = 5, 93 ssl_calg_fortezza = 6, /* deprecated, now unused */ 94 ssl_calg_aes = 7, /* coming soon */ 95 ssl_calg_camellia = 8, 96 ssl_calg_seed = 9 97 } SSLCipherAlgorithm; 98 99 typedef enum { 100 ssl_mac_null = 0, 101 ssl_mac_md5 = 1, 102 ssl_mac_sha = 2, 103 ssl_hmac_md5 = 3, /* TLS HMAC version of mac_md5 */ 104 ssl_hmac_sha = 4, /* TLS HMAC version of mac_sha */ 105 ssl_hmac_sha256 = 5 106 } SSLMACAlgorithm; 107 108 typedef enum { 109 ssl_compression_null = 0, 110 ssl_compression_deflate = 1 /* RFC 3749 */ 111 } SSLCompressionMethod; 112 113 typedef struct SSLChannelInfoStr { 114 PRUint32 length; 115 PRUint16 protocolVersion; 116 PRUint16 cipherSuite; 117 118 /* server authentication info */ 119 PRUint32 authKeyBits; 120 121 /* key exchange algorithm info */ 122 PRUint32 keaKeyBits; 123 124 /* session info */ 125 PRUint32 creationTime; /* seconds since Jan 1, 1970 */ 126 PRUint32 lastAccessTime; /* seconds since Jan 1, 1970 */ 127 PRUint32 expirationTime; /* seconds since Jan 1, 1970 */ 128 PRUint32 sessionIDLength; /* up to 32 */ 129 PRUint8 sessionID [32]; 130 131 /* The following fields are added in NSS 3.12.5. */ 132 133 /* compression method info */ 134 const char * compressionMethodName; 135 SSLCompressionMethod compressionMethod; 136 } SSLChannelInfo; 137 138 typedef struct SSLCipherSuiteInfoStr { 139 PRUint16 length; 140 PRUint16 cipherSuite; 141 142 /* Cipher Suite Name */ 143 const char * cipherSuiteName; 144 145 /* server authentication info */ 146 const char * authAlgorithmName; 147 SSLAuthType authAlgorithm; 148 149 /* key exchange algorithm info */ 150 const char * keaTypeName; 151 SSLKEAType keaType; 152 153 /* symmetric encryption info */ 154 const char * symCipherName; 155 SSLCipherAlgorithm symCipher; 156 PRUint16 symKeyBits; 157 PRUint16 symKeySpace; 158 PRUint16 effectiveKeyBits; 159 160 /* MAC info */ 161 const char * macAlgorithmName; 162 SSLMACAlgorithm macAlgorithm; 163 PRUint16 macBits; 164 165 PRUintn isFIPS : 1; 166 PRUintn isExportable : 1; 167 PRUintn nonStandard : 1; 168 PRUintn reservedBits :29; 169 170 } SSLCipherSuiteInfo; 171 172 typedef enum { 173 ssl_variant_stream = 0, 174 ssl_variant_datagram = 1 175 } SSLProtocolVariant; 176 177 typedef struct SSLVersionRangeStr { 178 PRUint16 min; 179 PRUint16 max; 180 } SSLVersionRange; 181 182 typedef enum { 183 SSL_sni_host_name = 0, 184 SSL_sni_type_total 185 } SSLSniNameType; 186 187 /* Supported extensions. */ 188 /* Update SSL_MAX_EXTENSIONS whenever a new extension type is added. */ 189 typedef enum { 190 ssl_server_name_xtn = 0, 191 ssl_cert_status_xtn = 5, 192 #ifdef NSS_ENABLE_ECC 193 ssl_elliptic_curves_xtn = 10, 194 ssl_ec_point_formats_xtn = 11, 195 #endif 196 ssl_signature_algorithms_xtn = 13, 197 ssl_use_srtp_xtn = 14, 198 ssl_app_layer_protocol_xtn = 16, 199 ssl_session_ticket_xtn = 35, 200 ssl_next_proto_nego_xtn = 13172, 201 ssl_channel_id_xtn = 30031, 202 ssl_renegotiation_info_xtn = 0xff01 /* experimental number */ 203 } SSLExtensionType; 204 205 #define SSL_MAX_EXTENSIONS 11 206 207 #endif /* __sslt_h_ */ 208