1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ 2 /* 3 * This file is PRIVATE to SSL. 4 * 5 * This Source Code Form is subject to the terms of the Mozilla Public 6 * License, v. 2.0. If a copy of the MPL was not distributed with this 7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 8 9 #ifndef __ssl3ext_h_ 10 #define __ssl3ext_h_ 11 12 typedef enum { 13 sni_nametype_hostname 14 } SNINameType; 15 typedef struct TLSExtensionDataStr TLSExtensionData; 16 17 /* registerable callback function that either appends extension to buffer 18 * or returns length of data that it would have appended. 19 */ 20 typedef PRInt32 (*ssl3HelloExtensionSenderFunc)(const sslSocket *ss, 21 TLSExtensionData *xtnData, 22 PRBool append, 23 PRUint32 maxBytes); 24 25 /* registerable callback function that handles a received extension, 26 * of the given type. 27 */ 28 typedef SECStatus (*ssl3ExtensionHandlerFunc)(const sslSocket *ss, 29 TLSExtensionData *xtnData, 30 PRUint16 ex_type, 31 SECItem *data); 32 33 /* row in a table of hello extension senders */ 34 typedef struct { 35 PRInt32 ex_type; 36 ssl3HelloExtensionSenderFunc ex_sender; 37 } ssl3HelloExtensionSender; 38 39 /* row in a table of hello extension handlers */ 40 typedef struct { 41 PRInt32 ex_type; 42 ssl3ExtensionHandlerFunc ex_handler; 43 } ssl3ExtensionHandler; 44 45 struct TLSExtensionDataStr { 46 /* registered callbacks that send server hello extensions */ 47 ssl3HelloExtensionSender serverHelloSenders[SSL_MAX_EXTENSIONS]; 48 ssl3HelloExtensionSender encryptedExtensionsSenders[SSL_MAX_EXTENSIONS]; 49 ssl3HelloExtensionSender certificateSenders[SSL_MAX_EXTENSIONS]; 50 51 /* Keep track of the extensions that are negotiated. */ 52 PRUint16 numAdvertised; 53 PRUint16 numNegotiated; 54 PRUint16 advertised[SSL_MAX_EXTENSIONS]; 55 PRUint16 negotiated[SSL_MAX_EXTENSIONS]; 56 57 /* SessionTicket Extension related data. */ 58 PRBool ticketTimestampVerified; 59 PRBool emptySessionTicket; 60 PRBool sentSessionTicketInClientHello; 61 SECItem psk_ke_modes; 62 PRUint32 max_early_data_size; 63 64 /* SNI Extension related data 65 * Names data is not coppied from the input buffer. It can not be 66 * used outside the scope where input buffer is defined and that 67 * is beyond ssl3_HandleClientHello function. */ 68 SECItem *sniNameArr; 69 PRUint32 sniNameArrSize; 70 71 /* Signed Certificate Timestamps extracted from the TLS extension. 72 * (client only). 73 * This container holds a temporary pointer to the extension data, 74 * until a session structure (the sec.ci.sid of an sslSocket) is setup 75 * that can hold a permanent copy of the data 76 * (in sec.ci.sid.u.ssl3.signedCertTimestamps). 77 * The data pointed to by this structure is neither explicitly allocated 78 * nor copied: the pointer points to the handshake message buffer and is 79 * only valid in the scope of ssl3_HandleServerHello. 80 */ 81 SECItem signedCertTimestamps; 82 83 PRBool peerSupportsFfdheGroups; /* if the peer supports named ffdhe groups */ 84 85 /* clientSigAndHash contains the contents of the signature_algorithms 86 * extension (if any) from the client. This is only valid for TLS 1.2 87 * or later. */ 88 SSLSignatureScheme *clientSigSchemes; 89 unsigned int numClientSigScheme; 90 91 /* In a client: if the server supports Next Protocol Negotiation, then 92 * this is the protocol that was negotiated. 93 */ 94 SECItem nextProto; 95 SSLNextProtoState nextProtoState; 96 97 PRUint16 dtlsSRTPCipherSuite; /* 0 if not selected */ 98 99 SECItem pskBinder; /* The PSK binder for the first PSK (TLS 1.3) */ 100 unsigned long pskBinderPrefixLen; /* The length of the binder input. */ 101 PRCList remoteKeyShares; /* The other side's public keys (TLS 1.3) */ 102 }; 103 104 typedef struct TLSExtensionStr { 105 PRCList link; /* The linked list link */ 106 PRUint16 type; /* Extension type */ 107 SECItem data; /* Pointers into the handshake data. */ 108 } TLSExtension; 109 110 SECStatus ssl3_HandleExtensions(sslSocket *ss, 111 SSL3Opaque **b, PRUint32 *length, 112 SSL3HandshakeType handshakeMessage); 113 SECStatus ssl3_ParseExtensions(sslSocket *ss, 114 SSL3Opaque **b, PRUint32 *length); 115 SECStatus ssl3_HandleParsedExtensions(sslSocket *ss, 116 SSL3HandshakeType handshakeMessage); 117 TLSExtension *ssl3_FindExtension(sslSocket *ss, 118 SSLExtensionType extension_type); 119 void ssl3_DestroyRemoteExtensions(PRCList *list); 120 void ssl3_InitExtensionData(TLSExtensionData *xtnData); 121 void ssl3_ResetExtensionData(TLSExtensionData *xtnData); 122 123 PRBool ssl3_ExtensionNegotiated(const sslSocket *ss, PRUint16 ex_type); 124 PRBool ssl3_ClientExtensionAdvertised(const sslSocket *ss, PRUint16 ex_type); 125 126 SECStatus ssl3_RegisterExtensionSender(const sslSocket *ss, 127 TLSExtensionData *xtnData, 128 PRUint16 ex_type, 129 ssl3HelloExtensionSenderFunc cb); 130 PRInt32 ssl3_CallHelloExtensionSenders(sslSocket *ss, PRBool append, PRUint32 maxBytes, 131 const ssl3HelloExtensionSender *sender); 132 133 unsigned int ssl3_CalculatePaddingExtensionLength(unsigned int clientHelloLength); 134 PRInt32 ssl3_AppendPaddingExtension(sslSocket *ss, unsigned int extensionLen, 135 PRUint32 maxBytes); 136 137 /* Thunks to let us operate on const sslSocket* objects. */ 138 SECStatus ssl3_ExtAppendHandshake(const sslSocket *ss, const void *void_src, 139 PRInt32 bytes); 140 SECStatus ssl3_ExtAppendHandshakeNumber(const sslSocket *ss, PRInt32 num, 141 PRInt32 lenSize); 142 SECStatus ssl3_ExtAppendHandshakeVariable(const sslSocket *ss, 143 const SSL3Opaque *src, PRInt32 bytes, 144 PRInt32 lenSize); 145 void ssl3_ExtSendAlert(const sslSocket *ss, SSL3AlertLevel level, 146 SSL3AlertDescription desc); 147 void ssl3_ExtDecodeError(const sslSocket *ss); 148 SECStatus ssl3_ExtConsumeHandshake(const sslSocket *ss, void *v, PRInt32 bytes, 149 SSL3Opaque **b, PRUint32 *length); 150 PRInt32 ssl3_ExtConsumeHandshakeNumber(const sslSocket *ss, PRInt32 bytes, 151 SSL3Opaque **b, PRUint32 *length); 152 SECStatus ssl3_ExtConsumeHandshakeVariable(const sslSocket *ss, SECItem *i, 153 PRInt32 bytes, SSL3Opaque **b, 154 PRUint32 *length); 155 156 #endif 157