Home | History | Annotate | Download | only in ssl 
      1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef NET_SSL_SSL_CONNECTION_STATUS_FLAGS_H_
      6 #define NET_SSL_SSL_CONNECTION_STATUS_FLAGS_H_
      7 
      8 #include "base/logging.h"
      9 #include "base/macros.h"
     10 
     11 namespace net {
     12 
     13 // Status flags for SSLInfo::connection_status.
     14 enum {
     15   // The lower 16 bits are reserved for the TLS ciphersuite id.
     16   SSL_CONNECTION_CIPHERSUITE_SHIFT = 0,
     17   SSL_CONNECTION_CIPHERSUITE_MASK = 0xffff,
     18 
     19   // The next two bits are reserved for the compression used.
     20   SSL_CONNECTION_COMPRESSION_SHIFT = 16,
     21   SSL_CONNECTION_COMPRESSION_MASK = 3,
     22 
     23   // We fell back to an older protocol version for this connection.
     24   SSL_CONNECTION_VERSION_FALLBACK = 1 << 18,
     25 
     26   // The server doesn't support the renegotiation_info extension. If this bit
     27   // is not set then either the extension isn't supported, or we don't have any
     28   // knowledge either way. (The latter case will occur when we use an SSL
     29   // library that doesn't report it, like SChannel.)
     30   SSL_CONNECTION_NO_RENEGOTIATION_EXTENSION = 1 << 19,
     31 
     32   // The next three bits are reserved for the SSL version.
     33   SSL_CONNECTION_VERSION_SHIFT = 20,
     34   SSL_CONNECTION_VERSION_MASK = 7,
     35 
     36   // 1 << 31 (the sign bit) is reserved so that the SSL connection status will
     37   // never be negative.
     38 };
     39 
     40 // NOTE: the SSL version enum constants must be between 0 and
     41 // SSL_CONNECTION_VERSION_MASK, inclusive.
     42 enum {
     43   SSL_CONNECTION_VERSION_UNKNOWN = 0,  // Unknown SSL version.
     44   SSL_CONNECTION_VERSION_SSL2 = 1,
     45   SSL_CONNECTION_VERSION_SSL3 = 2,
     46   SSL_CONNECTION_VERSION_TLS1 = 3,
     47   SSL_CONNECTION_VERSION_TLS1_1 = 4,
     48   SSL_CONNECTION_VERSION_TLS1_2 = 5,
     49   // Reserve 6 for TLS 1.3.
     50   SSL_CONNECTION_VERSION_QUIC = 7,
     51   SSL_CONNECTION_VERSION_MAX,
     52 };
     53 COMPILE_ASSERT(SSL_CONNECTION_VERSION_MAX - 1 <= SSL_CONNECTION_VERSION_MASK,
     54                SSL_CONNECTION_VERSION_MASK_too_small);
     55 
     56 inline int SSLConnectionStatusToCipherSuite(int connection_status) {
     57   return (connection_status >> SSL_CONNECTION_CIPHERSUITE_SHIFT) &
     58          SSL_CONNECTION_CIPHERSUITE_MASK;
     59 }
     60 
     61 inline int SSLConnectionStatusToVersion(int connection_status) {
     62   return (connection_status >> SSL_CONNECTION_VERSION_SHIFT) &
     63          SSL_CONNECTION_VERSION_MASK;
     64 }
     65 
     66 inline void SSLConnectionStatusSetCipherSuite(int cipher_suite,
     67                                               int* connection_status) {
     68   // Clear out the old ciphersuite.
     69   *connection_status &=
     70       ~(SSL_CONNECTION_CIPHERSUITE_MASK << SSL_CONNECTION_CIPHERSUITE_SHIFT);
     71   // Set the new ciphersuite.
     72   *connection_status |= ((cipher_suite & SSL_CONNECTION_CIPHERSUITE_MASK)
     73                          << SSL_CONNECTION_CIPHERSUITE_SHIFT);
     74 }
     75 
     76 inline void SSLConnectionStatusSetVersion(int version, int* connection_status) {
     77   DCHECK_GT(version, 0);
     78   DCHECK_LT(version, SSL_CONNECTION_VERSION_MAX);
     79 
     80   // Clear out the old version.
     81   *connection_status &=
     82       ~(SSL_CONNECTION_VERSION_MASK << SSL_CONNECTION_VERSION_SHIFT);
     83   // Set the new version.
     84   *connection_status |=
     85       ((version & SSL_CONNECTION_VERSION_MASK) << SSL_CONNECTION_VERSION_SHIFT);
     86 }
     87 
     88 }  // namespace net
     89 
     90 #endif  // NET_SSL_SSL_CONNECTION_STATUS_FLAGS_H_
     91