1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ 2 /* Private header file of libSSL. 3 * Various and sundry protocol constants. DON'T CHANGE THESE. These 4 * values are defined by the SSL 3.0 protocol specification. 5 * 6 * This Source Code Form is subject to the terms of the Mozilla Public 7 * License, v. 2.0. If a copy of the MPL was not distributed with this 8 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 9 10 #ifndef __ssl3proto_h_ 11 #define __ssl3proto_h_ 12 13 typedef PRUint8 SSL3Opaque; 14 15 typedef PRUint16 SSL3ProtocolVersion; 16 /* version numbers are defined in sslproto.h */ 17 18 /* The TLS 1.3 draft version. Used to avoid negotiating 19 * between incompatible pre-standard TLS 1.3 drafts. 20 * TODO(ekr@rtfm.com): Remove when TLS 1.3 is published. */ 21 #define TLS_1_3_DRAFT_VERSION 18 22 23 typedef PRUint16 ssl3CipherSuite; 24 /* The cipher suites are defined in sslproto.h */ 25 26 #define MAX_CERT_TYPES 10 27 #define MAX_COMPRESSION_METHODS 10 28 #define MAX_MAC_LENGTH 64 29 #define MAX_PADDING_LENGTH 64 30 #define MAX_KEY_LENGTH 64 31 #define EXPORT_KEY_LENGTH 5 32 #define SSL3_RANDOM_LENGTH 32 33 34 #define SSL3_RECORD_HEADER_LENGTH 5 35 #define TLS13_RECORD_HEADER_LENGTH_SHORT 2 36 37 /* SSL3_RECORD_HEADER_LENGTH + epoch/sequence_number */ 38 #define DTLS_RECORD_HEADER_LENGTH 13 39 40 #define MAX_FRAGMENT_LENGTH 16384 41 42 typedef enum { 43 content_change_cipher_spec = 20, 44 content_alert = 21, 45 content_handshake = 22, 46 content_application_data = 23 47 } SSL3ContentType; 48 49 typedef struct { 50 SSL3ContentType type; 51 SSL3ProtocolVersion version; 52 PRUint16 length; 53 SECItem fragment; 54 } SSL3Plaintext; 55 56 typedef struct { 57 SSL3ContentType type; 58 SSL3ProtocolVersion version; 59 PRUint16 length; 60 SECItem fragment; 61 } SSL3Compressed; 62 63 typedef struct { 64 SECItem content; 65 SSL3Opaque MAC[MAX_MAC_LENGTH]; 66 } SSL3GenericStreamCipher; 67 68 typedef struct { 69 SECItem content; 70 SSL3Opaque MAC[MAX_MAC_LENGTH]; 71 PRUint8 padding[MAX_PADDING_LENGTH]; 72 PRUint8 padding_length; 73 } SSL3GenericBlockCipher; 74 75 typedef enum { change_cipher_spec_choice = 1 } SSL3ChangeCipherSpecChoice; 76 77 typedef struct { 78 SSL3ChangeCipherSpecChoice choice; 79 } SSL3ChangeCipherSpec; 80 81 typedef enum { alert_warning = 1, 82 alert_fatal = 2 } SSL3AlertLevel; 83 84 typedef enum { 85 close_notify = 0, 86 end_of_early_data = 1, /* TLS 1.3 */ 87 unexpected_message = 10, 88 bad_record_mac = 20, 89 decryption_failed_RESERVED = 21, /* do not send; see RFC 5246 */ 90 record_overflow = 22, /* TLS only */ 91 decompression_failure = 30, 92 handshake_failure = 40, 93 no_certificate = 41, /* SSL3 only, NOT TLS */ 94 bad_certificate = 42, 95 unsupported_certificate = 43, 96 certificate_revoked = 44, 97 certificate_expired = 45, 98 certificate_unknown = 46, 99 illegal_parameter = 47, 100 101 /* All alerts below are TLS only. */ 102 unknown_ca = 48, 103 access_denied = 49, 104 decode_error = 50, 105 decrypt_error = 51, 106 export_restriction = 60, 107 protocol_version = 70, 108 insufficient_security = 71, 109 internal_error = 80, 110 inappropriate_fallback = 86, /* could also be sent for SSLv3 */ 111 user_canceled = 90, 112 no_renegotiation = 100, 113 114 /* Alerts for client hello extensions */ 115 missing_extension = 109, 116 unsupported_extension = 110, 117 certificate_unobtainable = 111, 118 unrecognized_name = 112, 119 bad_certificate_status_response = 113, 120 bad_certificate_hash_value = 114, 121 no_application_protocol = 120, 122 123 /* invalid alert */ 124 no_alert = 256 125 } SSL3AlertDescription; 126 127 typedef struct { 128 SSL3AlertLevel level; 129 SSL3AlertDescription description; 130 } SSL3Alert; 131 132 typedef enum { 133 hello_request = 0, 134 client_hello = 1, 135 server_hello = 2, 136 hello_verify_request = 3, 137 new_session_ticket = 4, 138 hello_retry_request = 6, 139 encrypted_extensions = 8, 140 certificate = 11, 141 server_key_exchange = 12, 142 certificate_request = 13, 143 server_hello_done = 14, 144 certificate_verify = 15, 145 client_key_exchange = 16, 146 finished = 20, 147 certificate_status = 22, 148 next_proto = 67 149 } SSL3HandshakeType; 150 151 typedef struct { 152 PRUint8 empty; 153 } SSL3HelloRequest; 154 155 typedef struct { 156 SSL3Opaque rand[SSL3_RANDOM_LENGTH]; 157 } SSL3Random; 158 159 typedef struct { 160 SSL3Opaque id[32]; 161 PRUint8 length; 162 } SSL3SessionID; 163 164 typedef struct { 165 SSL3ProtocolVersion client_version; 166 SSL3Random random; 167 SSL3SessionID session_id; 168 SECItem cipher_suites; 169 PRUint8 cm_count; 170 SSLCompressionMethod compression_methods[MAX_COMPRESSION_METHODS]; 171 } SSL3ClientHello; 172 173 typedef struct { 174 SSL3ProtocolVersion server_version; 175 SSL3Random random; 176 SSL3SessionID session_id; 177 ssl3CipherSuite cipher_suite; 178 SSLCompressionMethod compression_method; 179 } SSL3ServerHello; 180 181 typedef struct { 182 SECItem list; 183 } SSL3Certificate; 184 185 /* SSL3SignType moved to ssl.h */ 186 187 /* The SSL key exchange method used */ 188 typedef enum { 189 kea_null, 190 kea_rsa, 191 kea_dh_dss, 192 kea_dh_rsa, 193 kea_dhe_dss, 194 kea_dhe_rsa, 195 kea_dh_anon, 196 kea_ecdh_ecdsa, 197 kea_ecdhe_ecdsa, 198 kea_ecdh_rsa, 199 kea_ecdhe_rsa, 200 kea_ecdh_anon, 201 kea_ecdhe_psk, 202 kea_dhe_psk, 203 kea_tls13_any, 204 } SSL3KeyExchangeAlgorithm; 205 206 typedef struct { 207 SECItem modulus; 208 SECItem exponent; 209 } SSL3ServerRSAParams; 210 211 typedef struct { 212 SECItem p; 213 SECItem g; 214 SECItem Ys; 215 } SSL3ServerDHParams; 216 217 typedef struct { 218 union { 219 SSL3ServerDHParams dh; 220 SSL3ServerRSAParams rsa; 221 } u; 222 } SSL3ServerParams; 223 224 /* SSL3HashesIndividually contains a combination MD5/SHA1 hash, as used in TLS 225 * prior to 1.2. */ 226 typedef struct { 227 PRUint8 md5[16]; 228 PRUint8 sha[20]; 229 } SSL3HashesIndividually; 230 231 /* SSL3Hashes contains an SSL hash value. The digest is contained in |u.raw| 232 * which, if |hashAlg==ssl_hash_none| is also a SSL3HashesIndividually 233 * struct. */ 234 typedef struct { 235 unsigned int len; 236 SSLHashType hashAlg; 237 union { 238 PRUint8 raw[64]; 239 SSL3HashesIndividually s; 240 unsigned int transcriptLen; 241 } u; 242 } SSL3Hashes; 243 244 typedef struct { 245 union { 246 SSL3Opaque anonymous; 247 SSL3Hashes certified; 248 } u; 249 } SSL3ServerKeyExchange; 250 251 typedef enum { 252 ct_RSA_sign = 1, 253 ct_DSS_sign = 2, 254 ct_RSA_fixed_DH = 3, 255 ct_DSS_fixed_DH = 4, 256 ct_RSA_ephemeral_DH = 5, 257 ct_DSS_ephemeral_DH = 6, 258 ct_ECDSA_sign = 64, 259 ct_RSA_fixed_ECDH = 65, 260 ct_ECDSA_fixed_ECDH = 66 261 262 } SSL3ClientCertificateType; 263 264 typedef struct { 265 SSL3Opaque client_version[2]; 266 SSL3Opaque random[46]; 267 } SSL3RSAPreMasterSecret; 268 269 typedef SSL3Opaque SSL3MasterSecret[48]; 270 271 typedef enum { 272 sender_client = 0x434c4e54, 273 sender_server = 0x53525652 274 } SSL3Sender; 275 276 typedef SSL3HashesIndividually SSL3Finished; 277 278 typedef struct { 279 SSL3Opaque verify_data[12]; 280 } TLSFinished; 281 282 /* 283 * TLS extension related data structures and constants. 284 */ 285 286 /* SessionTicket extension related data structures. */ 287 288 /* NewSessionTicket handshake message. */ 289 typedef struct { 290 PRUint32 received_timestamp; 291 PRUint32 ticket_lifetime_hint; 292 PRUint32 flags; 293 PRUint32 ticket_age_add; 294 PRUint32 max_early_data_size; 295 SECItem ticket; 296 } NewSessionTicket; 297 298 typedef enum { 299 tls13_psk_ke = 0, 300 tls13_psk_dh_ke = 1 301 } TLS13PskKEModes; 302 303 typedef enum { 304 CLIENT_AUTH_ANONYMOUS = 0, 305 CLIENT_AUTH_CERTIFICATE = 1 306 } ClientAuthenticationType; 307 308 typedef struct { 309 ClientAuthenticationType client_auth_type; 310 union { 311 SSL3Opaque *certificate_list; 312 } identity; 313 } ClientIdentity; 314 315 #define SESS_TICKET_KEY_NAME_LEN 16 316 #define SESS_TICKET_KEY_NAME_PREFIX "NSS!" 317 #define SESS_TICKET_KEY_NAME_PREFIX_LEN 4 318 #define SESS_TICKET_KEY_VAR_NAME_LEN 12 319 320 typedef struct { 321 unsigned char *key_name; 322 unsigned char *iv; 323 SECItem encrypted_state; 324 unsigned char *mac; 325 } EncryptedSessionTicket; 326 327 #define TLS_EX_SESS_TICKET_MAC_LENGTH 32 328 329 #define TLS_STE_NO_SERVER_NAME -1 330 331 #endif /* __ssl3proto_h_ */ 332