1 /* 2 * Copyright (c) Facebook, Inc. and its affiliates. 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #pragma once 18 19 #include <map> 20 #include <vector> 21 22 #include <folly/io/Cursor.h> 23 #include <folly/io/IOBuf.h> 24 25 namespace folly { 26 namespace ssl { 27 28 // http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml 29 enum class TLSExtension : uint16_t { 30 SERVER_NAME = 0, 31 MAX_FRAGMENT_LENGTH = 1, 32 CLIENT_CERTIFICATE_URL = 2, 33 TRUSTED_CA_KEYS = 3, 34 TRUNCATED_HMAC = 4, 35 STATUS_REQUEST = 5, 36 USER_MAPPING = 6, 37 CLIENT_AUTHZ = 7, 38 SERVER_AUTHZ = 8, 39 CERT_TYPE = 9, 40 SUPPORTED_GROUPS = 10, 41 EC_POINT_FORMATS = 11, 42 SRP = 12, 43 SIGNATURE_ALGORITHMS = 13, 44 USE_SRTP = 14, 45 HEARTBEAT = 15, 46 APPLICATION_LAYER_PROTOCOL_NEGOTIATION = 16, 47 STATUS_REQUEST_V2 = 17, 48 SIGNED_CERTIFICATE_TIMESTAMP = 18, 49 CLIENT_CERTIFICATE_TYPE = 19, 50 SERVER_CERTIFICATE_TYPE = 20, 51 PADDING = 21, 52 ENCRYPT_THEN_MAC = 22, 53 EXTENDED_MASTER_SECRET = 23, 54 SESSION_TICKET = 35, 55 SUPPORTED_VERSIONS = 43, 56 // Facebook-specific, not IANA assigned yet 57 TLS_CACHED_INFO_FB = 60001, 58 // End Facebook-specific 59 RENEGOTIATION_INFO = 65281 60 }; 61 62 // http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-18 63 enum class HashAlgorithm : uint8_t { 64 NONE = 0, 65 MD5 = 1, 66 SHA1 = 2, 67 SHA224 = 3, 68 SHA256 = 4, 69 SHA384 = 5, 70 SHA512 = 6 71 }; 72 73 // http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-16 74 enum class SignatureAlgorithm : uint8_t { 75 ANONYMOUS = 0, 76 RSA = 1, 77 DSA = 2, 78 ECDSA = 3 79 }; 80 81 enum class NameType : uint8_t { 82 HOST_NAME = 0, 83 }; 84 85 struct ClientHelloInfo { 86 folly::IOBufQueue clientHelloBuf_; 87 uint8_t clientHelloMajorVersion_; 88 uint8_t clientHelloMinorVersion_; 89 std::vector<uint16_t> clientHelloCipherSuites_; 90 std::vector<uint8_t> clientHelloCompressionMethods_; 91 std::vector<TLSExtension> clientHelloExtensions_; 92 std::vector<std::pair<HashAlgorithm, SignatureAlgorithm>> clientHelloSigAlgs_; 93 std::vector<uint16_t> clientHelloSupportedVersions_; 94 95 // Technically, the TLS spec allows for multiple ServerNames to be sent (as 96 // long as each ServerName has a distinct type). In practice, the only one 97 // we really care about is HOST_NAME. 98 std::string clientHelloSNIHostname_; 99 std::vector<std::string> clientAlpns_; 100 }; 101 102 } // namespace ssl 103 } // namespace folly 104