1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
2 /* Private header file of libSSL.
3  * Various and sundry protocol constants. DON'T CHANGE THESE. These
4  * values are defined by the SSL 3.0 protocol specification.
5  *
6  * This Source Code Form is subject to the terms of the Mozilla Public
7  * License, v. 2.0. If a copy of the MPL was not distributed with this
8  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
9 
10 #ifndef __ssl3proto_h_
11 #define __ssl3proto_h_
12 
13 typedef PRUint8 SSL3Opaque;
14 
15 typedef PRUint16 SSL3ProtocolVersion;
16 /* version numbers are defined in sslproto.h */
17 
18 /* The TLS 1.3 draft version. Used to avoid negotiating
19  * between incompatible pre-standard TLS 1.3 drafts.
20  * TODO(ekr@rtfm.com): Remove when TLS 1.3 is published. */
21 #define TLS_1_3_DRAFT_VERSION 18
22 
23 typedef PRUint16 ssl3CipherSuite;
24 /* The cipher suites are defined in sslproto.h */
25 
26 #define MAX_CERT_TYPES 10
27 #define MAX_COMPRESSION_METHODS 10
28 #define MAX_MAC_LENGTH 64
29 #define MAX_PADDING_LENGTH 64
30 #define MAX_KEY_LENGTH 64
31 #define EXPORT_KEY_LENGTH 5
32 #define SSL3_RANDOM_LENGTH 32
33 
34 #define SSL3_RECORD_HEADER_LENGTH 5
35 #define TLS13_RECORD_HEADER_LENGTH_SHORT 2
36 
37 /* SSL3_RECORD_HEADER_LENGTH + epoch/sequence_number */
38 #define DTLS_RECORD_HEADER_LENGTH 13
39 
40 #define MAX_FRAGMENT_LENGTH 16384
41 
42 typedef enum {
43     content_change_cipher_spec = 20,
44     content_alert = 21,
45     content_handshake = 22,
46     content_application_data = 23
47 } SSL3ContentType;
48 
49 typedef struct {
50     SSL3ContentType type;
51     SSL3ProtocolVersion version;
52     PRUint16 length;
53     SECItem fragment;
54 } SSL3Plaintext;
55 
56 typedef struct {
57     SSL3ContentType type;
58     SSL3ProtocolVersion version;
59     PRUint16 length;
60     SECItem fragment;
61 } SSL3Compressed;
62 
63 typedef struct {
64     SECItem content;
65     SSL3Opaque MAC[MAX_MAC_LENGTH];
66 } SSL3GenericStreamCipher;
67 
68 typedef struct {
69     SECItem content;
70     SSL3Opaque MAC[MAX_MAC_LENGTH];
71     PRUint8 padding[MAX_PADDING_LENGTH];
72     PRUint8 padding_length;
73 } SSL3GenericBlockCipher;
74 
75 typedef enum { change_cipher_spec_choice = 1 } SSL3ChangeCipherSpecChoice;
76 
77 typedef struct {
78     SSL3ChangeCipherSpecChoice choice;
79 } SSL3ChangeCipherSpec;
80 
81 typedef enum { alert_warning = 1,
82                alert_fatal = 2 } SSL3AlertLevel;
83 
84 typedef enum {
85     close_notify = 0,
86     end_of_early_data = 1, /* TLS 1.3 */
87     unexpected_message = 10,
88     bad_record_mac = 20,
89     decryption_failed_RESERVED = 21, /* do not send; see RFC 5246 */
90     record_overflow = 22,            /* TLS only */
91     decompression_failure = 30,
92     handshake_failure = 40,
93     no_certificate = 41, /* SSL3 only, NOT TLS */
94     bad_certificate = 42,
95     unsupported_certificate = 43,
96     certificate_revoked = 44,
97     certificate_expired = 45,
98     certificate_unknown = 46,
99     illegal_parameter = 47,
100 
101     /* All alerts below are TLS only. */
102     unknown_ca = 48,
103     access_denied = 49,
104     decode_error = 50,
105     decrypt_error = 51,
106     export_restriction = 60,
107     protocol_version = 70,
108     insufficient_security = 71,
109     internal_error = 80,
110     inappropriate_fallback = 86, /* could also be sent for SSLv3 */
111     user_canceled = 90,
112     no_renegotiation = 100,
113 
114     /* Alerts for client hello extensions */
115     missing_extension = 109,
116     unsupported_extension = 110,
117     certificate_unobtainable = 111,
118     unrecognized_name = 112,
119     bad_certificate_status_response = 113,
120     bad_certificate_hash_value = 114,
121     no_application_protocol = 120,
122 
123     /* invalid alert */
124     no_alert = 256
125 } SSL3AlertDescription;
126 
127 typedef struct {
128     SSL3AlertLevel level;
129     SSL3AlertDescription description;
130 } SSL3Alert;
131 
132 typedef enum {
133     hello_request = 0,
134     client_hello = 1,
135     server_hello = 2,
136     hello_verify_request = 3,
137     new_session_ticket = 4,
138     hello_retry_request = 6,
139     encrypted_extensions = 8,
140     certificate = 11,
141     server_key_exchange = 12,
142     certificate_request = 13,
143     server_hello_done = 14,
144     certificate_verify = 15,
145     client_key_exchange = 16,
146     finished = 20,
147     certificate_status = 22,
148     next_proto = 67
149 } SSL3HandshakeType;
150 
151 typedef struct {
152     PRUint8 empty;
153 } SSL3HelloRequest;
154 
155 typedef struct {
156     SSL3Opaque rand[SSL3_RANDOM_LENGTH];
157 } SSL3Random;
158 
159 typedef struct {
160     SSL3Opaque id[32];
161     PRUint8 length;
162 } SSL3SessionID;
163 
164 typedef struct {
165     SSL3ProtocolVersion client_version;
166     SSL3Random random;
167     SSL3SessionID session_id;
168     SECItem cipher_suites;
169     PRUint8 cm_count;
170     SSLCompressionMethod compression_methods[MAX_COMPRESSION_METHODS];
171 } SSL3ClientHello;
172 
173 typedef struct {
174     SSL3ProtocolVersion server_version;
175     SSL3Random random;
176     SSL3SessionID session_id;
177     ssl3CipherSuite cipher_suite;
178     SSLCompressionMethod compression_method;
179 } SSL3ServerHello;
180 
181 typedef struct {
182     SECItem list;
183 } SSL3Certificate;
184 
185 /* SSL3SignType moved to ssl.h */
186 
187 /* The SSL key exchange method used */
188 typedef enum {
189     kea_null,
190     kea_rsa,
191     kea_dh_dss,
192     kea_dh_rsa,
193     kea_dhe_dss,
194     kea_dhe_rsa,
195     kea_dh_anon,
196     kea_ecdh_ecdsa,
197     kea_ecdhe_ecdsa,
198     kea_ecdh_rsa,
199     kea_ecdhe_rsa,
200     kea_ecdh_anon,
201     kea_ecdhe_psk,
202     kea_dhe_psk,
203     kea_tls13_any,
204 } SSL3KeyExchangeAlgorithm;
205 
206 typedef struct {
207     SECItem modulus;
208     SECItem exponent;
209 } SSL3ServerRSAParams;
210 
211 typedef struct {
212     SECItem p;
213     SECItem g;
214     SECItem Ys;
215 } SSL3ServerDHParams;
216 
217 typedef struct {
218     union {
219         SSL3ServerDHParams dh;
220         SSL3ServerRSAParams rsa;
221     } u;
222 } SSL3ServerParams;
223 
224 /* SSL3HashesIndividually contains a combination MD5/SHA1 hash, as used in TLS
225  * prior to 1.2. */
226 typedef struct {
227     PRUint8 md5[16];
228     PRUint8 sha[20];
229 } SSL3HashesIndividually;
230 
231 /* SSL3Hashes contains an SSL hash value. The digest is contained in |u.raw|
232  * which, if |hashAlg==ssl_hash_none| is also a SSL3HashesIndividually
233  * struct. */
234 typedef struct {
235     unsigned int len;
236     SSLHashType hashAlg;
237     union {
238         PRUint8 raw[64];
239         SSL3HashesIndividually s;
240         unsigned int transcriptLen;
241     } u;
242 } SSL3Hashes;
243 
244 typedef struct {
245     union {
246         SSL3Opaque anonymous;
247         SSL3Hashes certified;
248     } u;
249 } SSL3ServerKeyExchange;
250 
251 typedef enum {
252     ct_RSA_sign = 1,
253     ct_DSS_sign = 2,
254     ct_RSA_fixed_DH = 3,
255     ct_DSS_fixed_DH = 4,
256     ct_RSA_ephemeral_DH = 5,
257     ct_DSS_ephemeral_DH = 6,
258     ct_ECDSA_sign = 64,
259     ct_RSA_fixed_ECDH = 65,
260     ct_ECDSA_fixed_ECDH = 66
261 
262 } SSL3ClientCertificateType;
263 
264 typedef struct {
265     SSL3Opaque client_version[2];
266     SSL3Opaque random[46];
267 } SSL3RSAPreMasterSecret;
268 
269 typedef SSL3Opaque SSL3MasterSecret[48];
270 
271 typedef enum {
272     sender_client = 0x434c4e54,
273     sender_server = 0x53525652
274 } SSL3Sender;
275 
276 typedef SSL3HashesIndividually SSL3Finished;
277 
278 typedef struct {
279     SSL3Opaque verify_data[12];
280 } TLSFinished;
281 
282 /*
283  * TLS extension related data structures and constants.
284  */
285 
286 /* SessionTicket extension related data structures. */
287 
288 /* NewSessionTicket handshake message. */
289 typedef struct {
290     PRUint32 received_timestamp;
291     PRUint32 ticket_lifetime_hint;
292     PRUint32 flags;
293     PRUint32 ticket_age_add;
294     PRUint32 max_early_data_size;
295     SECItem ticket;
296 } NewSessionTicket;
297 
298 typedef enum {
299     tls13_psk_ke = 0,
300     tls13_psk_dh_ke = 1
301 } TLS13PskKEModes;
302 
303 typedef enum {
304     CLIENT_AUTH_ANONYMOUS = 0,
305     CLIENT_AUTH_CERTIFICATE = 1
306 } ClientAuthenticationType;
307 
308 typedef struct {
309     ClientAuthenticationType client_auth_type;
310     union {
311         SSL3Opaque *certificate_list;
312     } identity;
313 } ClientIdentity;
314 
315 #define SESS_TICKET_KEY_NAME_LEN 16
316 #define SESS_TICKET_KEY_NAME_PREFIX "NSS!"
317 #define SESS_TICKET_KEY_NAME_PREFIX_LEN 4
318 #define SESS_TICKET_KEY_VAR_NAME_LEN 12
319 
320 typedef struct {
321     unsigned char *key_name;
322     unsigned char *iv;
323     SECItem encrypted_state;
324     unsigned char *mac;
325 } EncryptedSessionTicket;
326 
327 #define TLS_EX_SESS_TICKET_MAC_LENGTH 32
328 
329 #define TLS_STE_NO_SERVER_NAME -1
330 
331 #endif /* __ssl3proto_h_ */
332