1 /* 2 * This file contains prototypes for the public SSL functions. 3 * 4 * This Source Code Form is subject to the terms of the Mozilla Public 5 * License, v. 2.0. If a copy of the MPL was not distributed with this 6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 7 8 #ifndef __sslt_h_ 9 #define __sslt_h_ 10 11 #include "prtypes.h" 12 13 /* SECItemArray is added in NSS 3.15. Define the type if compiling 14 ** against an older version of NSS. 15 */ 16 #include "nssutil.h" 17 #if NSSUTIL_VMAJOR == 3 && NSSUTIL_VMINOR < 15 18 typedef struct SECItemArrayStr SECItemArray; 19 20 struct SECItemArrayStr { 21 SECItem *items; 22 unsigned int len; 23 }; 24 #endif /* NSSUTIL_VMAJOR == 3 && NSSUTIL_VMINOR < 15 */ 25 26 typedef struct SSL3StatisticsStr { 27 /* statistics from ssl3_SendClientHello (sch) */ 28 long sch_sid_cache_hits; 29 long sch_sid_cache_misses; 30 long sch_sid_cache_not_ok; 31 32 /* statistics from ssl3_HandleServerHello (hsh) */ 33 long hsh_sid_cache_hits; 34 long hsh_sid_cache_misses; 35 long hsh_sid_cache_not_ok; 36 37 /* statistics from ssl3_HandleClientHello (hch) */ 38 long hch_sid_cache_hits; 39 long hch_sid_cache_misses; 40 long hch_sid_cache_not_ok; 41 42 /* statistics related to stateless resume */ 43 long sch_sid_stateless_resumes; 44 long hsh_sid_stateless_resumes; 45 long hch_sid_stateless_resumes; 46 long hch_sid_ticket_parse_failures; 47 } SSL3Statistics; 48 49 /* Key Exchange algorithm values */ 50 typedef enum { 51 ssl_kea_null = 0, 52 ssl_kea_rsa = 1, 53 ssl_kea_dh = 2, 54 ssl_kea_fortezza = 3, /* deprecated, now unused */ 55 ssl_kea_ecdh = 4, 56 ssl_kea_size /* number of ssl_kea_ algorithms */ 57 } SSLKEAType; 58 59 /* The following defines are for backwards compatibility. 60 ** They will be removed in a forthcoming release to reduce namespace pollution. 61 ** programs that use the kt_ symbols should convert to the ssl_kt_ symbols 62 ** soon. 63 */ 64 #define kt_null ssl_kea_null 65 #define kt_rsa ssl_kea_rsa 66 #define kt_dh ssl_kea_dh 67 #define kt_fortezza ssl_kea_fortezza /* deprecated, now unused */ 68 #define kt_ecdh ssl_kea_ecdh 69 #define kt_kea_size ssl_kea_size 70 71 typedef enum { 72 ssl_sign_null = 0, 73 ssl_sign_rsa = 1, 74 ssl_sign_dsa = 2, 75 ssl_sign_ecdsa = 3 76 } SSLSignType; 77 78 typedef enum { 79 ssl_auth_null = 0, 80 ssl_auth_rsa = 1, 81 ssl_auth_dsa = 2, 82 ssl_auth_kea = 3, 83 ssl_auth_ecdsa = 4 84 } SSLAuthType; 85 86 typedef enum { 87 ssl_calg_null = 0, 88 ssl_calg_rc4 = 1, 89 ssl_calg_rc2 = 2, 90 ssl_calg_des = 3, 91 ssl_calg_3des = 4, 92 ssl_calg_idea = 5, 93 ssl_calg_fortezza = 6, /* deprecated, now unused */ 94 ssl_calg_aes = 7, 95 ssl_calg_camellia = 8, 96 ssl_calg_seed = 9, 97 ssl_calg_aes_gcm = 10, 98 ssl_calg_chacha20 = 11 99 } SSLCipherAlgorithm; 100 101 typedef enum { 102 ssl_mac_null = 0, 103 ssl_mac_md5 = 1, 104 ssl_mac_sha = 2, 105 ssl_hmac_md5 = 3, /* TLS HMAC version of mac_md5 */ 106 ssl_hmac_sha = 4, /* TLS HMAC version of mac_sha */ 107 ssl_hmac_sha256 = 5, 108 ssl_mac_aead = 6 109 } SSLMACAlgorithm; 110 111 typedef enum { 112 ssl_compression_null = 0, 113 ssl_compression_deflate = 1 /* RFC 3749 */ 114 } SSLCompressionMethod; 115 116 typedef struct SSLChannelInfoStr { 117 PRUint32 length; 118 PRUint16 protocolVersion; 119 PRUint16 cipherSuite; 120 121 /* server authentication info */ 122 PRUint32 authKeyBits; 123 124 /* key exchange algorithm info */ 125 PRUint32 keaKeyBits; 126 127 /* session info */ 128 PRUint32 creationTime; /* seconds since Jan 1, 1970 */ 129 PRUint32 lastAccessTime; /* seconds since Jan 1, 1970 */ 130 PRUint32 expirationTime; /* seconds since Jan 1, 1970 */ 131 PRUint32 sessionIDLength; /* up to 32 */ 132 PRUint8 sessionID [32]; 133 134 /* The following fields are added in NSS 3.12.5. */ 135 136 /* compression method info */ 137 const char * compressionMethodName; 138 SSLCompressionMethod compressionMethod; 139 } SSLChannelInfo; 140 141 typedef struct SSLCipherSuiteInfoStr { 142 PRUint16 length; 143 PRUint16 cipherSuite; 144 145 /* Cipher Suite Name */ 146 const char * cipherSuiteName; 147 148 /* server authentication info */ 149 const char * authAlgorithmName; 150 SSLAuthType authAlgorithm; 151 152 /* key exchange algorithm info */ 153 const char * keaTypeName; 154 SSLKEAType keaType; 155 156 /* symmetric encryption info */ 157 const char * symCipherName; 158 SSLCipherAlgorithm symCipher; 159 PRUint16 symKeyBits; 160 PRUint16 symKeySpace; 161 PRUint16 effectiveKeyBits; 162 163 /* MAC info */ 164 /* AEAD ciphers don't have a MAC. For an AEAD cipher, macAlgorithmName 165 * is "AEAD", macAlgorithm is ssl_mac_aead, and macBits is the length in 166 * bits of the authentication tag. */ 167 const char * macAlgorithmName; 168 SSLMACAlgorithm macAlgorithm; 169 PRUint16 macBits; 170 171 PRUintn isFIPS : 1; 172 PRUintn isExportable : 1; 173 PRUintn nonStandard : 1; 174 PRUintn reservedBits :29; 175 176 } SSLCipherSuiteInfo; 177 178 typedef enum { 179 ssl_variant_stream = 0, 180 ssl_variant_datagram = 1 181 } SSLProtocolVariant; 182 183 typedef struct SSLVersionRangeStr { 184 PRUint16 min; 185 PRUint16 max; 186 } SSLVersionRange; 187 188 typedef enum { 189 SSL_sni_host_name = 0, 190 SSL_sni_type_total 191 } SSLSniNameType; 192 193 /* Supported extensions. */ 194 /* Update SSL_MAX_EXTENSIONS whenever a new extension type is added. */ 195 typedef enum { 196 ssl_server_name_xtn = 0, 197 ssl_cert_status_xtn = 5, 198 #ifdef NSS_ENABLE_ECC 199 ssl_elliptic_curves_xtn = 10, 200 ssl_ec_point_formats_xtn = 11, 201 #endif 202 ssl_signature_algorithms_xtn = 13, 203 ssl_use_srtp_xtn = 14, 204 ssl_app_layer_protocol_xtn = 16, 205 ssl_signed_certificate_timestamp_xtn = 18, /* RFC 6962 */ 206 ssl_session_ticket_xtn = 35, 207 ssl_next_proto_nego_xtn = 13172, 208 ssl_channel_id_xtn = 30032, 209 ssl_padding_xtn = 35655, 210 ssl_renegotiation_info_xtn = 0xff01 /* experimental number */ 211 } SSLExtensionType; 212 213 #define SSL_MAX_EXTENSIONS 12 /* doesn't include ssl_padding_xtn. */ 214 215 #endif /* __sslt_h_ */ 216
