Home | History | Annotate | Download | only in ssl 
      1 /* Private header file of libSSL.
      2  * Various and sundry protocol constants. DON'T CHANGE THESE. These
      3  * values are defined by the SSL 3.0 protocol specification.
      4  *
      5  * This Source Code Form is subject to the terms of the Mozilla Public
      6  * License, v. 2.0. If a copy of the MPL was not distributed with this
      7  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
      8 
      9 #ifndef __ssl3proto_h_
     10 #define __ssl3proto_h_
     11 
     12 typedef PRUint8 SSL3Opaque;
     13 
     14 typedef PRUint16 SSL3ProtocolVersion;
     15 /* version numbers are defined in sslproto.h */
     16 
     17 typedef PRUint16 ssl3CipherSuite;
     18 /* The cipher suites are defined in sslproto.h */
     19 
     20 #define MAX_CERT_TYPES			10
     21 #define MAX_COMPRESSION_METHODS		10
     22 #define MAX_MAC_LENGTH			64
     23 #define MAX_PADDING_LENGTH		64
     24 #define MAX_KEY_LENGTH			64
     25 #define EXPORT_KEY_LENGTH		 5
     26 #define SSL3_RANDOM_LENGTH		32
     27 
     28 #define SSL3_RECORD_HEADER_LENGTH	 5
     29 
     30 /* SSL3_RECORD_HEADER_LENGTH + epoch/sequence_number */
     31 #define DTLS_RECORD_HEADER_LENGTH       13
     32 
     33 #define MAX_FRAGMENT_LENGTH		16384
     34 
     35 typedef enum {
     36     content_change_cipher_spec = 20,
     37     content_alert              = 21,
     38     content_handshake          = 22,
     39     content_application_data   = 23
     40 } SSL3ContentType;
     41 
     42 typedef struct {
     43     SSL3ContentType     type;
     44     SSL3ProtocolVersion version;
     45     PRUint16            length;
     46     SECItem             fragment;
     47 } SSL3Plaintext;
     48 
     49 typedef struct {
     50     SSL3ContentType     type;
     51     SSL3ProtocolVersion version;
     52     PRUint16            length;
     53     SECItem             fragment;
     54 } SSL3Compressed;
     55 
     56 typedef struct {
     57     SECItem    content;
     58     SSL3Opaque MAC[MAX_MAC_LENGTH];
     59 } SSL3GenericStreamCipher;
     60 
     61 typedef struct {
     62     SECItem    content;
     63     SSL3Opaque MAC[MAX_MAC_LENGTH];
     64     PRUint8    padding[MAX_PADDING_LENGTH];
     65     PRUint8    padding_length;
     66 } SSL3GenericBlockCipher;
     67 
     68 typedef enum { change_cipher_spec_choice = 1 } SSL3ChangeCipherSpecChoice;
     69 
     70 typedef struct {
     71     SSL3ChangeCipherSpecChoice choice;
     72 } SSL3ChangeCipherSpec;
     73 
     74 typedef enum { alert_warning = 1, alert_fatal = 2 } SSL3AlertLevel;
     75 
     76 typedef enum {
     77     close_notify            = 0,
     78     unexpected_message      = 10,
     79     bad_record_mac          = 20,
     80     decryption_failed_RESERVED = 21,	/* do not send; see RFC 5246 */
     81     record_overflow         = 22,	/* TLS only */
     82     decompression_failure   = 30,
     83     handshake_failure       = 40,
     84     no_certificate          = 41,	/* SSL3 only, NOT TLS */
     85     bad_certificate         = 42,
     86     unsupported_certificate = 43,
     87     certificate_revoked     = 44,
     88     certificate_expired     = 45,
     89     certificate_unknown     = 46,
     90     illegal_parameter       = 47,
     91 
     92 /* All alerts below are TLS only. */
     93     unknown_ca              = 48,
     94     access_denied           = 49,
     95     decode_error            = 50,
     96     decrypt_error           = 51,
     97     export_restriction      = 60,
     98     protocol_version        = 70,
     99     insufficient_security   = 71,
    100     internal_error          = 80,
    101     inappropriate_fallback  = 86,	/* could also be sent for SSLv3 */
    102     user_canceled           = 90,
    103     no_renegotiation        = 100,
    104 
    105 /* Alerts for client hello extensions */
    106     unsupported_extension           = 110,
    107     certificate_unobtainable        = 111,
    108     unrecognized_name               = 112,
    109     bad_certificate_status_response = 113,
    110     bad_certificate_hash_value      = 114
    111 
    112 } SSL3AlertDescription;
    113 
    114 typedef struct {
    115     SSL3AlertLevel       level;
    116     SSL3AlertDescription description;
    117 } SSL3Alert;
    118 
    119 typedef enum {
    120     hello_request	= 0,
    121     client_hello	= 1,
    122     server_hello	= 2,
    123     hello_verify_request = 3,
    124     new_session_ticket	= 4,
    125     certificate 	= 11,
    126     server_key_exchange = 12,
    127     certificate_request	= 13,
    128     server_hello_done	= 14,
    129     certificate_verify	= 15,
    130     client_key_exchange	= 16,
    131     finished		= 20,
    132     certificate_status  = 22,
    133     next_proto		= 67,
    134     encrypted_extensions= 203
    135 } SSL3HandshakeType;
    136 
    137 typedef struct {
    138     PRUint8 empty;
    139 } SSL3HelloRequest;
    140 
    141 typedef struct {
    142     SSL3Opaque rand[SSL3_RANDOM_LENGTH];
    143 } SSL3Random;
    144 
    145 typedef struct {
    146     SSL3Opaque id[32];
    147     PRUint8 length;
    148 } SSL3SessionID;
    149 
    150 typedef struct {
    151     SSL3ProtocolVersion   client_version;
    152     SSL3Random            random;
    153     SSL3SessionID         session_id;
    154     SECItem               cipher_suites;
    155     PRUint8                 cm_count;
    156     SSLCompressionMethod  compression_methods[MAX_COMPRESSION_METHODS];
    157 } SSL3ClientHello;
    158 
    159 typedef struct  {
    160     SSL3ProtocolVersion   server_version;
    161     SSL3Random            random;
    162     SSL3SessionID         session_id;
    163     ssl3CipherSuite       cipher_suite;
    164     SSLCompressionMethod  compression_method;
    165 } SSL3ServerHello;
    166 
    167 typedef struct {
    168     SECItem list;
    169 } SSL3Certificate;
    170 
    171 /* SSL3SignType moved to ssl.h */
    172 
    173 /* The SSL key exchange method used */
    174 typedef enum {
    175     kea_null,
    176     kea_rsa,
    177     kea_rsa_export,
    178     kea_rsa_export_1024,
    179     kea_dh_dss,
    180     kea_dh_dss_export,
    181     kea_dh_rsa,
    182     kea_dh_rsa_export,
    183     kea_dhe_dss,
    184     kea_dhe_dss_export,
    185     kea_dhe_rsa,
    186     kea_dhe_rsa_export,
    187     kea_dh_anon,
    188     kea_dh_anon_export,
    189     kea_rsa_fips,
    190     kea_ecdh_ecdsa,
    191     kea_ecdhe_ecdsa,
    192     kea_ecdh_rsa,
    193     kea_ecdhe_rsa,
    194     kea_ecdh_anon
    195 } SSL3KeyExchangeAlgorithm;
    196 
    197 typedef struct {
    198     SECItem modulus;
    199     SECItem exponent;
    200 } SSL3ServerRSAParams;
    201 
    202 typedef struct {
    203     SECItem p;
    204     SECItem g;
    205     SECItem Ys;
    206 } SSL3ServerDHParams;
    207 
    208 typedef struct {
    209     union {
    210 	SSL3ServerDHParams dh;
    211 	SSL3ServerRSAParams rsa;
    212     } u;
    213 } SSL3ServerParams;
    214 
    215 /* This enum reflects HashAlgorithm enum from
    216  * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1
    217  *
    218  * When updating, be sure to also update ssl3_TLSHashAlgorithmToOID. */
    219 enum {
    220     tls_hash_md5 = 1,
    221     tls_hash_sha1 = 2,
    222     tls_hash_sha224 = 3,
    223     tls_hash_sha256 = 4,
    224     tls_hash_sha384 = 5,
    225     tls_hash_sha512 = 6
    226 };
    227 
    228 /* This enum reflects SignatureAlgorithm enum from
    229  * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */
    230 typedef enum {
    231     tls_sig_rsa = 1,
    232     tls_sig_dsa = 2,
    233     tls_sig_ecdsa = 3
    234 } TLSSignatureAlgorithm;
    235 
    236 typedef struct {
    237     SECOidTag hashAlg;
    238     TLSSignatureAlgorithm sigAlg;
    239 } SSL3SignatureAndHashAlgorithm;
    240 
    241 /* SSL3HashesIndividually contains a combination MD5/SHA1 hash, as used in TLS
    242  * prior to 1.2. */
    243 typedef struct {
    244     PRUint8 md5[16];
    245     PRUint8 sha[20];
    246 } SSL3HashesIndividually;
    247 
    248 /* SSL3Hashes contains an SSL hash value. The digest is contained in |u.raw|
    249  * which, if |hashAlg==SEC_OID_UNKNOWN| is also a SSL3HashesIndividually
    250  * struct. */
    251 typedef struct {
    252     unsigned int len;
    253     SECOidTag hashAlg;
    254     union {
    255 	PRUint8 raw[64];
    256 	SSL3HashesIndividually s;
    257     } u;
    258 } SSL3Hashes;
    259 
    260 typedef struct {
    261     union {
    262 	SSL3Opaque anonymous;
    263 	SSL3Hashes certified;
    264     } u;
    265 } SSL3ServerKeyExchange;
    266 
    267 typedef enum {
    268     ct_RSA_sign 	=  1,
    269     ct_DSS_sign 	=  2,
    270     ct_RSA_fixed_DH 	=  3,
    271     ct_DSS_fixed_DH 	=  4,
    272     ct_RSA_ephemeral_DH =  5,
    273     ct_DSS_ephemeral_DH =  6,
    274     ct_ECDSA_sign	=  64,
    275     ct_RSA_fixed_ECDH	=  65,
    276     ct_ECDSA_fixed_ECDH	=  66
    277 
    278 } SSL3ClientCertificateType;
    279 
    280 typedef SECItem *SSL3DistinquishedName;
    281 
    282 typedef struct {
    283     SSL3Opaque client_version[2];
    284     SSL3Opaque random[46];
    285 } SSL3RSAPreMasterSecret;
    286 
    287 typedef SECItem SSL3EncryptedPreMasterSecret;
    288 
    289 
    290 typedef SSL3Opaque SSL3MasterSecret[48];
    291 
    292 typedef enum { implicit, explicit } SSL3PublicValueEncoding;
    293 
    294 typedef struct {
    295     union {
    296 	SSL3Opaque implicit;
    297 	SECItem    explicit;
    298     } dh_public;
    299 } SSL3ClientDiffieHellmanPublic;
    300 
    301 typedef struct {
    302     union {
    303 	SSL3EncryptedPreMasterSecret  rsa;
    304 	SSL3ClientDiffieHellmanPublic diffie_helman;
    305     } exchange_keys;
    306 } SSL3ClientKeyExchange;
    307 
    308 typedef SSL3Hashes SSL3PreSignedCertificateVerify;
    309 
    310 typedef SECItem SSL3CertificateVerify;
    311 
    312 typedef enum {
    313     sender_client = 0x434c4e54,
    314     sender_server = 0x53525652
    315 } SSL3Sender;
    316 
    317 typedef SSL3HashesIndividually SSL3Finished;
    318 
    319 typedef struct {
    320     SSL3Opaque verify_data[12];
    321 } TLSFinished;
    322 
    323 /*
    324  * TLS extension related data structures and constants.
    325  */
    326 
    327 /* SessionTicket extension related data structures. */
    328 
    329 /* NewSessionTicket handshake message. */
    330 typedef struct {
    331     PRUint32 received_timestamp;
    332     PRUint32 ticket_lifetime_hint;
    333     SECItem  ticket;
    334 } NewSessionTicket;
    335 
    336 typedef enum {
    337     CLIENT_AUTH_ANONYMOUS   = 0,
    338     CLIENT_AUTH_CERTIFICATE = 1
    339 } ClientAuthenticationType;
    340 
    341 typedef struct {
    342     ClientAuthenticationType client_auth_type;
    343     union {
    344 	SSL3Opaque *certificate_list;
    345     } identity;
    346 } ClientIdentity;
    347 
    348 #define SESS_TICKET_KEY_NAME_LEN       16
    349 #define SESS_TICKET_KEY_NAME_PREFIX    "NSS!"
    350 #define SESS_TICKET_KEY_NAME_PREFIX_LEN 4
    351 #define SESS_TICKET_KEY_VAR_NAME_LEN   12
    352 
    353 typedef struct {
    354     unsigned char *key_name;
    355     unsigned char *iv;
    356     SECItem encrypted_state;
    357     unsigned char *mac;
    358 } EncryptedSessionTicket;
    359 
    360 #define TLS_EX_SESS_TICKET_MAC_LENGTH       32
    361 
    362 #define TLS_STE_NO_SERVER_NAME        -1
    363 
    364 #endif /* __ssl3proto_h_ */
    365