1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
2 /*
3  * This file is PRIVATE to SSL.
4  *
5  * This Source Code Form is subject to the terms of the Mozilla Public
6  * License, v. 2.0. If a copy of the MPL was not distributed with this
7  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
8 
9 #ifndef __ssl3ext_h_
10 #define __ssl3ext_h_
11 
12 typedef enum {
13     sni_nametype_hostname
14 } SNINameType;
15 typedef struct TLSExtensionDataStr TLSExtensionData;
16 
17 /* registerable callback function that either appends extension to buffer
18  * or returns length of data that it would have appended.
19  */
20 typedef PRInt32 (*ssl3HelloExtensionSenderFunc)(const sslSocket *ss,
21                                                 TLSExtensionData *xtnData,
22                                                 PRBool append,
23                                                 PRUint32 maxBytes);
24 
25 /* registerable callback function that handles a received extension,
26  * of the given type.
27  */
28 typedef SECStatus (*ssl3ExtensionHandlerFunc)(const sslSocket *ss,
29                                               TLSExtensionData *xtnData,
30                                               PRUint16 ex_type,
31                                               SECItem *data);
32 
33 /* row in a table of hello extension senders */
34 typedef struct {
35     PRInt32 ex_type;
36     ssl3HelloExtensionSenderFunc ex_sender;
37 } ssl3HelloExtensionSender;
38 
39 /* row in a table of hello extension handlers */
40 typedef struct {
41     PRInt32 ex_type;
42     ssl3ExtensionHandlerFunc ex_handler;
43 } ssl3ExtensionHandler;
44 
45 struct TLSExtensionDataStr {
46     /* registered callbacks that send server hello extensions */
47     ssl3HelloExtensionSender serverHelloSenders[SSL_MAX_EXTENSIONS];
48     ssl3HelloExtensionSender encryptedExtensionsSenders[SSL_MAX_EXTENSIONS];
49     ssl3HelloExtensionSender certificateSenders[SSL_MAX_EXTENSIONS];
50 
51     /* Keep track of the extensions that are negotiated. */
52     PRUint16 numAdvertised;
53     PRUint16 numNegotiated;
54     PRUint16 advertised[SSL_MAX_EXTENSIONS];
55     PRUint16 negotiated[SSL_MAX_EXTENSIONS];
56 
57     /* SessionTicket Extension related data. */
58     PRBool ticketTimestampVerified;
59     PRBool emptySessionTicket;
60     PRBool sentSessionTicketInClientHello;
61     SECItem psk_ke_modes;
62     PRUint32 max_early_data_size;
63 
64     /* SNI Extension related data
65      * Names data is not coppied from the input buffer. It can not be
66      * used outside the scope where input buffer is defined and that
67      * is beyond ssl3_HandleClientHello function. */
68     SECItem *sniNameArr;
69     PRUint32 sniNameArrSize;
70 
71     /* Signed Certificate Timestamps extracted from the TLS extension.
72      * (client only).
73      * This container holds a temporary pointer to the extension data,
74      * until a session structure (the sec.ci.sid of an sslSocket) is setup
75      * that can hold a permanent copy of the data
76      * (in sec.ci.sid.u.ssl3.signedCertTimestamps).
77      * The data pointed to by this structure is neither explicitly allocated
78      * nor copied: the pointer points to the handshake message buffer and is
79      * only valid in the scope of ssl3_HandleServerHello.
80      */
81     SECItem signedCertTimestamps;
82 
83     PRBool peerSupportsFfdheGroups; /* if the peer supports named ffdhe groups */
84 
85     /* clientSigAndHash contains the contents of the signature_algorithms
86      * extension (if any) from the client. This is only valid for TLS 1.2
87      * or later. */
88     SSLSignatureScheme *clientSigSchemes;
89     unsigned int numClientSigScheme;
90 
91     /* In a client: if the server supports Next Protocol Negotiation, then
92      * this is the protocol that was negotiated.
93      */
94     SECItem nextProto;
95     SSLNextProtoState nextProtoState;
96 
97     PRUint16 dtlsSRTPCipherSuite; /* 0 if not selected */
98 
99     SECItem pskBinder;                /* The PSK binder for the first PSK (TLS 1.3) */
100     unsigned long pskBinderPrefixLen; /* The length of the binder input. */
101     PRCList remoteKeyShares;          /* The other side's public keys (TLS 1.3) */
102 };
103 
104 typedef struct TLSExtensionStr {
105     PRCList link;  /* The linked list link */
106     PRUint16 type; /* Extension type */
107     SECItem data;  /* Pointers into the handshake data. */
108 } TLSExtension;
109 
110 SECStatus ssl3_HandleExtensions(sslSocket *ss,
111                                 SSL3Opaque **b, PRUint32 *length,
112                                 SSL3HandshakeType handshakeMessage);
113 SECStatus ssl3_ParseExtensions(sslSocket *ss,
114                                SSL3Opaque **b, PRUint32 *length);
115 SECStatus ssl3_HandleParsedExtensions(sslSocket *ss,
116                                       SSL3HandshakeType handshakeMessage);
117 TLSExtension *ssl3_FindExtension(sslSocket *ss,
118                                  SSLExtensionType extension_type);
119 void ssl3_DestroyRemoteExtensions(PRCList *list);
120 void ssl3_InitExtensionData(TLSExtensionData *xtnData);
121 void ssl3_ResetExtensionData(TLSExtensionData *xtnData);
122 
123 PRBool ssl3_ExtensionNegotiated(const sslSocket *ss, PRUint16 ex_type);
124 PRBool ssl3_ClientExtensionAdvertised(const sslSocket *ss, PRUint16 ex_type);
125 
126 SECStatus ssl3_RegisterExtensionSender(const sslSocket *ss,
127                                        TLSExtensionData *xtnData,
128                                        PRUint16 ex_type,
129                                        ssl3HelloExtensionSenderFunc cb);
130 PRInt32 ssl3_CallHelloExtensionSenders(sslSocket *ss, PRBool append, PRUint32 maxBytes,
131                                        const ssl3HelloExtensionSender *sender);
132 
133 unsigned int ssl3_CalculatePaddingExtensionLength(unsigned int clientHelloLength);
134 PRInt32 ssl3_AppendPaddingExtension(sslSocket *ss, unsigned int extensionLen,
135                                     PRUint32 maxBytes);
136 
137 /* Thunks to let us operate on const sslSocket* objects. */
138 SECStatus ssl3_ExtAppendHandshake(const sslSocket *ss, const void *void_src,
139                                   PRInt32 bytes);
140 SECStatus ssl3_ExtAppendHandshakeNumber(const sslSocket *ss, PRInt32 num,
141                                         PRInt32 lenSize);
142 SECStatus ssl3_ExtAppendHandshakeVariable(const sslSocket *ss,
143                                           const SSL3Opaque *src, PRInt32 bytes,
144                                           PRInt32 lenSize);
145 void ssl3_ExtSendAlert(const sslSocket *ss, SSL3AlertLevel level,
146                        SSL3AlertDescription desc);
147 void ssl3_ExtDecodeError(const sslSocket *ss);
148 SECStatus ssl3_ExtConsumeHandshake(const sslSocket *ss, void *v, PRInt32 bytes,
149                                    SSL3Opaque **b, PRUint32 *length);
150 PRInt32 ssl3_ExtConsumeHandshakeNumber(const sslSocket *ss, PRInt32 bytes,
151                                        SSL3Opaque **b, PRUint32 *length);
152 SECStatus ssl3_ExtConsumeHandshakeVariable(const sslSocket *ss, SECItem *i,
153                                            PRInt32 bytes, SSL3Opaque **b,
154                                            PRUint32 *length);
155 
156 #endif
157