Home | History | Annotate | Download | only in ssl
      1 /*
      2  * This file contains prototypes for the public SSL functions.
      3  *
      4  * This Source Code Form is subject to the terms of the Mozilla Public
      5  * License, v. 2.0. If a copy of the MPL was not distributed with this
      6  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
      7 
      8 #ifndef __sslt_h_
      9 #define __sslt_h_
     10 
     11 #include "prtypes.h"
     12 
     13 /* SECItemArray is added in NSS 3.15.  Define the type if compiling
     14 ** against an older version of NSS.
     15 */
     16 #include "nssutil.h"
     17 #if NSSUTIL_VMAJOR == 3 && NSSUTIL_VMINOR < 15
     18 typedef struct SECItemArrayStr SECItemArray;
     19 
     20 struct SECItemArrayStr {
     21     SECItem *items;
     22     unsigned int len;
     23 };
     24 #endif  /* NSSUTIL_VMAJOR == 3 && NSSUTIL_VMINOR < 15 */
     25 
     26 typedef struct SSL3StatisticsStr {
     27     /* statistics from ssl3_SendClientHello (sch) */
     28     long sch_sid_cache_hits;
     29     long sch_sid_cache_misses;
     30     long sch_sid_cache_not_ok;
     31 
     32     /* statistics from ssl3_HandleServerHello (hsh) */
     33     long hsh_sid_cache_hits;
     34     long hsh_sid_cache_misses;
     35     long hsh_sid_cache_not_ok;
     36 
     37     /* statistics from ssl3_HandleClientHello (hch) */
     38     long hch_sid_cache_hits;
     39     long hch_sid_cache_misses;
     40     long hch_sid_cache_not_ok;
     41 
     42     /* statistics related to stateless resume */
     43     long sch_sid_stateless_resumes;
     44     long hsh_sid_stateless_resumes;
     45     long hch_sid_stateless_resumes;
     46     long hch_sid_ticket_parse_failures;
     47 } SSL3Statistics;
     48 
     49 /* Key Exchange algorithm values */
     50 typedef enum {
     51     ssl_kea_null     = 0,
     52     ssl_kea_rsa      = 1,
     53     ssl_kea_dh       = 2,
     54     ssl_kea_fortezza = 3,       /* deprecated, now unused */
     55     ssl_kea_ecdh     = 4,
     56     ssl_kea_size		/* number of ssl_kea_ algorithms */
     57 } SSLKEAType;
     58 
     59 /* The following defines are for backwards compatibility.
     60 ** They will be removed in a forthcoming release to reduce namespace pollution.
     61 ** programs that use the kt_ symbols should convert to the ssl_kt_ symbols
     62 ** soon.
     63 */
     64 #define kt_null   	ssl_kea_null
     65 #define kt_rsa   	ssl_kea_rsa
     66 #define kt_dh   	ssl_kea_dh
     67 #define kt_fortezza	ssl_kea_fortezza       /* deprecated, now unused */
     68 #define kt_ecdh   	ssl_kea_ecdh
     69 #define kt_kea_size	ssl_kea_size
     70 
     71 typedef enum {
     72     ssl_sign_null   = 0,
     73     ssl_sign_rsa    = 1,
     74     ssl_sign_dsa    = 2,
     75     ssl_sign_ecdsa  = 3
     76 } SSLSignType;
     77 
     78 typedef enum {
     79     ssl_auth_null   = 0,
     80     ssl_auth_rsa    = 1,
     81     ssl_auth_dsa    = 2,
     82     ssl_auth_kea    = 3,
     83     ssl_auth_ecdsa  = 4
     84 } SSLAuthType;
     85 
     86 typedef enum {
     87     ssl_calg_null     = 0,
     88     ssl_calg_rc4      = 1,
     89     ssl_calg_rc2      = 2,
     90     ssl_calg_des      = 3,
     91     ssl_calg_3des     = 4,
     92     ssl_calg_idea     = 5,
     93     ssl_calg_fortezza = 6,      /* deprecated, now unused */
     94     ssl_calg_aes      = 7,
     95     ssl_calg_camellia = 8,
     96     ssl_calg_seed     = 9,
     97     ssl_calg_aes_gcm  = 10,
     98     ssl_calg_chacha20 = 11
     99 } SSLCipherAlgorithm;
    100 
    101 typedef enum {
    102     ssl_mac_null      = 0,
    103     ssl_mac_md5       = 1,
    104     ssl_mac_sha       = 2,
    105     ssl_hmac_md5      = 3, 	/* TLS HMAC version of mac_md5 */
    106     ssl_hmac_sha      = 4, 	/* TLS HMAC version of mac_sha */
    107     ssl_hmac_sha256   = 5,
    108     ssl_mac_aead      = 6
    109 } SSLMACAlgorithm;
    110 
    111 typedef enum {
    112     ssl_compression_null = 0,
    113     ssl_compression_deflate = 1  /* RFC 3749 */
    114 } SSLCompressionMethod;
    115 
    116 typedef struct SSLChannelInfoStr {
    117     PRUint32             length;
    118     PRUint16             protocolVersion;
    119     PRUint16             cipherSuite;
    120 
    121     /* server authentication info */
    122     PRUint32             authKeyBits;
    123 
    124     /* key exchange algorithm info */
    125     PRUint32             keaKeyBits;
    126 
    127     /* session info */
    128     PRUint32             creationTime;		/* seconds since Jan 1, 1970 */
    129     PRUint32             lastAccessTime;	/* seconds since Jan 1, 1970 */
    130     PRUint32             expirationTime;	/* seconds since Jan 1, 1970 */
    131     PRUint32             sessionIDLength;	/* up to 32 */
    132     PRUint8              sessionID    [32];
    133 
    134     /* The following fields are added in NSS 3.12.5. */
    135 
    136     /* compression method info */
    137     const char *         compressionMethodName;
    138     SSLCompressionMethod compressionMethod;
    139 } SSLChannelInfo;
    140 
    141 typedef struct SSLCipherSuiteInfoStr {
    142     PRUint16             length;
    143     PRUint16             cipherSuite;
    144 
    145     /* Cipher Suite Name */
    146     const char *         cipherSuiteName;
    147 
    148     /* server authentication info */
    149     const char *         authAlgorithmName;
    150     SSLAuthType          authAlgorithm;
    151 
    152     /* key exchange algorithm info */
    153     const char *         keaTypeName;
    154     SSLKEAType           keaType;
    155 
    156     /* symmetric encryption info */
    157     const char *         symCipherName;
    158     SSLCipherAlgorithm   symCipher;
    159     PRUint16             symKeyBits;
    160     PRUint16             symKeySpace;
    161     PRUint16             effectiveKeyBits;
    162 
    163     /* MAC info */
    164     /* AEAD ciphers don't have a MAC. For an AEAD cipher, macAlgorithmName
    165      * is "AEAD", macAlgorithm is ssl_mac_aead, and macBits is the length in
    166      * bits of the authentication tag. */
    167     const char *         macAlgorithmName;
    168     SSLMACAlgorithm      macAlgorithm;
    169     PRUint16             macBits;
    170 
    171     PRUintn              isFIPS       : 1;
    172     PRUintn              isExportable : 1;
    173     PRUintn              nonStandard  : 1;
    174     PRUintn              reservedBits :29;
    175 
    176 } SSLCipherSuiteInfo;
    177 
    178 typedef enum {
    179     ssl_variant_stream = 0,
    180     ssl_variant_datagram = 1
    181 } SSLProtocolVariant;
    182 
    183 typedef struct SSLVersionRangeStr {
    184     PRUint16 min;
    185     PRUint16 max;
    186 } SSLVersionRange;
    187 
    188 typedef enum {
    189     SSL_sni_host_name                    = 0,
    190     SSL_sni_type_total
    191 } SSLSniNameType;
    192 
    193 /* Supported extensions. */
    194 /* Update SSL_MAX_EXTENSIONS whenever a new extension type is added. */
    195 typedef enum {
    196     ssl_server_name_xtn              = 0,
    197     ssl_cert_status_xtn              = 5,
    198 #ifdef NSS_ENABLE_ECC
    199     ssl_elliptic_curves_xtn          = 10,
    200     ssl_ec_point_formats_xtn         = 11,
    201 #endif
    202     ssl_signature_algorithms_xtn     = 13,
    203     ssl_use_srtp_xtn                 = 14,
    204     ssl_app_layer_protocol_xtn       = 16,
    205     ssl_signed_certificate_timestamp_xtn = 18,   /* RFC 6962 */
    206     ssl_session_ticket_xtn           = 35,
    207     ssl_next_proto_nego_xtn          = 13172,
    208     ssl_channel_id_xtn               = 30032,
    209     ssl_padding_xtn                  = 35655,
    210     ssl_renegotiation_info_xtn       = 0xff01	/* experimental number */
    211 } SSLExtensionType;
    212 
    213 #define SSL_MAX_EXTENSIONS             12 /* doesn't include ssl_padding_xtn. */
    214 
    215 #endif /* __sslt_h_ */
    216