1 /* Private header file of libSSL. 2 * Various and sundry protocol constants. DON'T CHANGE THESE. These 3 * values are defined by the SSL 3.0 protocol specification. 4 * 5 * This Source Code Form is subject to the terms of the Mozilla Public 6 * License, v. 2.0. If a copy of the MPL was not distributed with this 7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 8 9 #ifndef __ssl3proto_h_ 10 #define __ssl3proto_h_ 11 12 typedef PRUint8 SSL3Opaque; 13 14 typedef PRUint16 SSL3ProtocolVersion; 15 /* version numbers are defined in sslproto.h */ 16 17 typedef PRUint16 ssl3CipherSuite; 18 /* The cipher suites are defined in sslproto.h */ 19 20 #define MAX_CERT_TYPES 10 21 #define MAX_COMPRESSION_METHODS 10 22 #define MAX_MAC_LENGTH 64 23 #define MAX_PADDING_LENGTH 64 24 #define MAX_KEY_LENGTH 64 25 #define EXPORT_KEY_LENGTH 5 26 #define SSL3_RANDOM_LENGTH 32 27 28 #define SSL3_RECORD_HEADER_LENGTH 5 29 30 /* SSL3_RECORD_HEADER_LENGTH + epoch/sequence_number */ 31 #define DTLS_RECORD_HEADER_LENGTH 13 32 33 #define MAX_FRAGMENT_LENGTH 16384 34 35 typedef enum { 36 content_change_cipher_spec = 20, 37 content_alert = 21, 38 content_handshake = 22, 39 content_application_data = 23 40 } SSL3ContentType; 41 42 typedef struct { 43 SSL3ContentType type; 44 SSL3ProtocolVersion version; 45 PRUint16 length; 46 SECItem fragment; 47 } SSL3Plaintext; 48 49 typedef struct { 50 SSL3ContentType type; 51 SSL3ProtocolVersion version; 52 PRUint16 length; 53 SECItem fragment; 54 } SSL3Compressed; 55 56 typedef struct { 57 SECItem content; 58 SSL3Opaque MAC[MAX_MAC_LENGTH]; 59 } SSL3GenericStreamCipher; 60 61 typedef struct { 62 SECItem content; 63 SSL3Opaque MAC[MAX_MAC_LENGTH]; 64 PRUint8 padding[MAX_PADDING_LENGTH]; 65 PRUint8 padding_length; 66 } SSL3GenericBlockCipher; 67 68 typedef enum { change_cipher_spec_choice = 1 } SSL3ChangeCipherSpecChoice; 69 70 typedef struct { 71 SSL3ChangeCipherSpecChoice choice; 72 } SSL3ChangeCipherSpec; 73 74 typedef enum { alert_warning = 1, alert_fatal = 2 } SSL3AlertLevel; 75 76 typedef enum { 77 close_notify = 0, 78 unexpected_message = 10, 79 bad_record_mac = 20, 80 decryption_failed_RESERVED = 21, /* do not send; see RFC 5246 */ 81 record_overflow = 22, /* TLS only */ 82 decompression_failure = 30, 83 handshake_failure = 40, 84 no_certificate = 41, /* SSL3 only, NOT TLS */ 85 bad_certificate = 42, 86 unsupported_certificate = 43, 87 certificate_revoked = 44, 88 certificate_expired = 45, 89 certificate_unknown = 46, 90 illegal_parameter = 47, 91 92 /* All alerts below are TLS only. */ 93 unknown_ca = 48, 94 access_denied = 49, 95 decode_error = 50, 96 decrypt_error = 51, 97 export_restriction = 60, 98 protocol_version = 70, 99 insufficient_security = 71, 100 internal_error = 80, 101 user_canceled = 90, 102 no_renegotiation = 100, 103 104 /* Alerts for client hello extensions */ 105 unsupported_extension = 110, 106 certificate_unobtainable = 111, 107 unrecognized_name = 112, 108 bad_certificate_status_response = 113, 109 bad_certificate_hash_value = 114 110 111 } SSL3AlertDescription; 112 113 typedef struct { 114 SSL3AlertLevel level; 115 SSL3AlertDescription description; 116 } SSL3Alert; 117 118 typedef enum { 119 hello_request = 0, 120 client_hello = 1, 121 server_hello = 2, 122 hello_verify_request = 3, 123 new_session_ticket = 4, 124 certificate = 11, 125 server_key_exchange = 12, 126 certificate_request = 13, 127 server_hello_done = 14, 128 certificate_verify = 15, 129 client_key_exchange = 16, 130 finished = 20, 131 certificate_status = 22, 132 next_proto = 67, 133 encrypted_extensions= 203 134 } SSL3HandshakeType; 135 136 typedef struct { 137 PRUint8 empty; 138 } SSL3HelloRequest; 139 140 typedef struct { 141 SSL3Opaque rand[SSL3_RANDOM_LENGTH]; 142 } SSL3Random; 143 144 typedef struct { 145 SSL3Opaque id[32]; 146 PRUint8 length; 147 } SSL3SessionID; 148 149 typedef struct { 150 SSL3ProtocolVersion client_version; 151 SSL3Random random; 152 SSL3SessionID session_id; 153 SECItem cipher_suites; 154 PRUint8 cm_count; 155 SSLCompressionMethod compression_methods[MAX_COMPRESSION_METHODS]; 156 } SSL3ClientHello; 157 158 typedef struct { 159 SSL3ProtocolVersion server_version; 160 SSL3Random random; 161 SSL3SessionID session_id; 162 ssl3CipherSuite cipher_suite; 163 SSLCompressionMethod compression_method; 164 } SSL3ServerHello; 165 166 typedef struct { 167 SECItem list; 168 } SSL3Certificate; 169 170 /* SSL3SignType moved to ssl.h */ 171 172 /* The SSL key exchange method used */ 173 typedef enum { 174 kea_null, 175 kea_rsa, 176 kea_rsa_export, 177 kea_rsa_export_1024, 178 kea_dh_dss, 179 kea_dh_dss_export, 180 kea_dh_rsa, 181 kea_dh_rsa_export, 182 kea_dhe_dss, 183 kea_dhe_dss_export, 184 kea_dhe_rsa, 185 kea_dhe_rsa_export, 186 kea_dh_anon, 187 kea_dh_anon_export, 188 kea_rsa_fips, 189 kea_ecdh_ecdsa, 190 kea_ecdhe_ecdsa, 191 kea_ecdh_rsa, 192 kea_ecdhe_rsa, 193 kea_ecdh_anon 194 } SSL3KeyExchangeAlgorithm; 195 196 typedef struct { 197 SECItem modulus; 198 SECItem exponent; 199 } SSL3ServerRSAParams; 200 201 typedef struct { 202 SECItem p; 203 SECItem g; 204 SECItem Ys; 205 } SSL3ServerDHParams; 206 207 typedef struct { 208 union { 209 SSL3ServerDHParams dh; 210 SSL3ServerRSAParams rsa; 211 } u; 212 } SSL3ServerParams; 213 214 /* This enum reflects HashAlgorithm enum from 215 * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 216 * 217 * When updating, be sure to also update ssl3_TLSHashAlgorithmToOID. */ 218 enum { 219 tls_hash_md5 = 1, 220 tls_hash_sha1 = 2, 221 tls_hash_sha224 = 3, 222 tls_hash_sha256 = 4, 223 tls_hash_sha384 = 5, 224 tls_hash_sha512 = 6 225 }; 226 227 /* This enum reflects SignatureAlgorithm enum from 228 * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */ 229 typedef enum { 230 tls_sig_rsa = 1, 231 tls_sig_dsa = 2, 232 tls_sig_ecdsa = 3 233 } TLSSignatureAlgorithm; 234 235 typedef struct { 236 SECOidTag hashAlg; 237 TLSSignatureAlgorithm sigAlg; 238 } SSL3SignatureAndHashAlgorithm; 239 240 /* SSL3HashesIndividually contains a combination MD5/SHA1 hash, as used in TLS 241 * prior to 1.2. */ 242 typedef struct { 243 PRUint8 md5[16]; 244 PRUint8 sha[20]; 245 } SSL3HashesIndividually; 246 247 /* SSL3Hashes contains an SSL hash value. The digest is contained in |u.raw| 248 * which, if |hashAlg==SEC_OID_UNKNOWN| is also a SSL3HashesIndividually 249 * struct. */ 250 typedef struct { 251 unsigned int len; 252 SECOidTag hashAlg; 253 union { 254 PRUint8 raw[64]; 255 SSL3HashesIndividually s; 256 } u; 257 } SSL3Hashes; 258 259 typedef struct { 260 union { 261 SSL3Opaque anonymous; 262 SSL3Hashes certified; 263 } u; 264 } SSL3ServerKeyExchange; 265 266 typedef enum { 267 ct_RSA_sign = 1, 268 ct_DSS_sign = 2, 269 ct_RSA_fixed_DH = 3, 270 ct_DSS_fixed_DH = 4, 271 ct_RSA_ephemeral_DH = 5, 272 ct_DSS_ephemeral_DH = 6, 273 ct_ECDSA_sign = 64, 274 ct_RSA_fixed_ECDH = 65, 275 ct_ECDSA_fixed_ECDH = 66 276 277 } SSL3ClientCertificateType; 278 279 typedef SECItem *SSL3DistinquishedName; 280 281 typedef struct { 282 SSL3Opaque client_version[2]; 283 SSL3Opaque random[46]; 284 } SSL3RSAPreMasterSecret; 285 286 typedef SECItem SSL3EncryptedPreMasterSecret; 287 288 289 typedef SSL3Opaque SSL3MasterSecret[48]; 290 291 typedef enum { implicit, explicit } SSL3PublicValueEncoding; 292 293 typedef struct { 294 union { 295 SSL3Opaque implicit; 296 SECItem explicit; 297 } dh_public; 298 } SSL3ClientDiffieHellmanPublic; 299 300 typedef struct { 301 union { 302 SSL3EncryptedPreMasterSecret rsa; 303 SSL3ClientDiffieHellmanPublic diffie_helman; 304 } exchange_keys; 305 } SSL3ClientKeyExchange; 306 307 typedef SSL3Hashes SSL3PreSignedCertificateVerify; 308 309 typedef SECItem SSL3CertificateVerify; 310 311 typedef enum { 312 sender_client = 0x434c4e54, 313 sender_server = 0x53525652 314 } SSL3Sender; 315 316 typedef SSL3HashesIndividually SSL3Finished; 317 318 typedef struct { 319 SSL3Opaque verify_data[12]; 320 } TLSFinished; 321 322 /* 323 * TLS extension related data structures and constants. 324 */ 325 326 /* SessionTicket extension related data structures. */ 327 328 /* NewSessionTicket handshake message. */ 329 typedef struct { 330 PRUint32 received_timestamp; 331 PRUint32 ticket_lifetime_hint; 332 SECItem ticket; 333 } NewSessionTicket; 334 335 typedef enum { 336 CLIENT_AUTH_ANONYMOUS = 0, 337 CLIENT_AUTH_CERTIFICATE = 1 338 } ClientAuthenticationType; 339 340 typedef struct { 341 ClientAuthenticationType client_auth_type; 342 union { 343 SSL3Opaque *certificate_list; 344 } identity; 345 } ClientIdentity; 346 347 #define SESS_TICKET_KEY_NAME_LEN 16 348 #define SESS_TICKET_KEY_NAME_PREFIX "NSS!" 349 #define SESS_TICKET_KEY_NAME_PREFIX_LEN 4 350 #define SESS_TICKET_KEY_VAR_NAME_LEN 12 351 352 typedef struct { 353 unsigned char *key_name; 354 unsigned char *iv; 355 SECItem encrypted_state; 356 unsigned char *mac; 357 } EncryptedSessionTicket; 358 359 #define TLS_EX_SESS_TICKET_MAC_LENGTH 32 360 361 #define TLS_STE_NO_SERVER_NAME -1 362 363 #endif /* __ssl3proto_h_ */ 364