1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
2 /*
3  * This file is PRIVATE to SSL.
4  *
5  * This Source Code Form is subject to the terms of the Mozilla Public
6  * License, v. 2.0. If a copy of the MPL was not distributed with this
7  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
8 
9 #ifndef __ssl3ext_h_
10 #define __ssl3ext_h_
11 
12 #include "sslencode.h"
13 
14 typedef enum {
15     sni_nametype_hostname
16 } SNINameType;
17 typedef struct TLSExtensionDataStr TLSExtensionData;
18 
19 /* Registerable callback function that either appends extension to buffer
20  * or returns length of data that it would have appended.
21  */
22 typedef SECStatus (*sslExtensionBuilderFunc)(const sslSocket *ss,
23                                              TLSExtensionData *xtnData,
24                                              sslBuffer *buf, PRBool *added);
25 
26 /* row in a table of hello extension senders */
27 typedef struct {
28     PRInt32 ex_type;
29     sslExtensionBuilderFunc ex_sender;
30 } sslExtensionBuilder;
31 
32 struct TLSExtensionDataStr {
33     /* registered callbacks that send server hello extensions */
34     sslExtensionBuilder serverHelloSenders[SSL_MAX_EXTENSIONS];
35     sslExtensionBuilder encryptedExtensionsSenders[SSL_MAX_EXTENSIONS];
36     sslExtensionBuilder certificateSenders[SSL_MAX_EXTENSIONS];
37 
38     /* Keep track of the extensions that are advertised or negotiated. */
39     PRUint16 numAdvertised;
40     PRUint16 *advertised; /* Allocated dynamically. */
41     PRUint16 numNegotiated;
42     PRUint16 negotiated[SSL_MAX_EXTENSIONS];
43 
44     /* SessionTicket Extension related data. */
45     PRBool ticketTimestampVerified;
46     PRBool emptySessionTicket;
47     PRBool sentSessionTicketInClientHello;
48     SECItem psk_ke_modes;
49     PRUint32 max_early_data_size;
50 
51     /* SNI Extension related data
52      * Names data is not coppied from the input buffer. It can not be
53      * used outside the scope where input buffer is defined and that
54      * is beyond ssl3_HandleClientHello function. */
55     SECItem *sniNameArr;
56     PRUint32 sniNameArrSize;
57 
58     /* Signed Certificate Timestamps extracted from the TLS extension.
59      * (client only).
60      * This container holds a temporary pointer to the extension data,
61      * until a session structure (the sec.ci.sid of an sslSocket) is setup
62      * that can hold a permanent copy of the data
63      * (in sec.ci.sid.u.ssl3.signedCertTimestamps).
64      * The data pointed to by this structure is neither explicitly allocated
65      * nor copied: the pointer points to the handshake message buffer and is
66      * only valid in the scope of ssl3_HandleServerHello.
67      */
68     SECItem signedCertTimestamps;
69 
70     PRBool peerSupportsFfdheGroups; /* if the peer supports named ffdhe groups */
71 
72     /* clientSigAndHash contains the contents of the signature_algorithms
73      * extension (if any) the other side supports. This is only valid for TLS
74      * 1.2 or later. In TLS 1.3, it is also used for CertificateRequest. */
75     SSLSignatureScheme *sigSchemes;
76     unsigned int numSigSchemes;
77 
78     SECItem certReqContext;
79     CERTDistNames certReqAuthorities;
80 
81     /* In a client: if the server supports Next Protocol Negotiation, then
82      * this is the protocol that was negotiated.
83      */
84     SECItem nextProto;
85     SSLNextProtoState nextProtoState;
86 
87     PRUint16 dtlsSRTPCipherSuite; /* 0 if not selected */
88 
89     unsigned int lastXtnOffset; /* Where to insert padding. 0 = end. */
90     PRCList remoteKeyShares;    /* The other side's public keys (TLS 1.3) */
91 
92     /* The following are used by a TLS 1.3 server. */
93     SECItem pskBinder;                     /* The binder for the first PSK. */
94     unsigned int pskBindersLen;            /* The length of the binders. */
95     PRUint32 ticketAge;                    /* Used to accept early data. */
96     SECItem cookie;                        /* HRR Cookie. */
97     const sslNamedGroupDef *selectedGroup; /* For HRR. */
98     /* The application token contains a value that was passed to the client via
99      * a session ticket, or the cookie in a HelloRetryRequest. */
100     SECItem applicationToken;
101 };
102 
103 typedef struct TLSExtensionStr {
104     PRCList link;  /* The linked list link */
105     PRUint16 type; /* Extension type */
106     SECItem data;  /* Pointers into the handshake data. */
107 } TLSExtension;
108 
109 typedef struct sslCustomExtensionHooks {
110     PRCList link;
111     PRUint16 type;
112     SSLExtensionWriter writer;
113     void *writerArg;
114     SSLExtensionHandler handler;
115     void *handlerArg;
116 } sslCustomExtensionHooks;
117 
118 SECStatus ssl3_HandleExtensions(sslSocket *ss,
119                                 PRUint8 **b, PRUint32 *length,
120                                 SSLHandshakeType handshakeMessage);
121 SECStatus ssl3_ParseExtensions(sslSocket *ss,
122                                PRUint8 **b, PRUint32 *length);
123 SECStatus ssl3_HandleParsedExtensions(sslSocket *ss,
124                                       SSLHandshakeType handshakeMessage);
125 TLSExtension *ssl3_FindExtension(sslSocket *ss,
126                                  SSLExtensionType extension_type);
127 void ssl3_DestroyRemoteExtensions(PRCList *list);
128 void ssl3_InitExtensionData(TLSExtensionData *xtnData, const sslSocket *ss);
129 void ssl3_DestroyExtensionData(TLSExtensionData *xtnData);
130 void ssl3_ResetExtensionData(TLSExtensionData *xtnData, const sslSocket *ss);
131 
132 PRBool ssl3_ExtensionNegotiated(const sslSocket *ss, PRUint16 ex_type);
133 PRBool ssl3_ExtensionAdvertised(const sslSocket *ss, PRUint16 ex_type);
134 
135 SECStatus ssl3_RegisterExtensionSender(const sslSocket *ss,
136                                        TLSExtensionData *xtnData,
137                                        PRUint16 ex_type,
138                                        sslExtensionBuilderFunc cb);
139 SECStatus ssl_ConstructExtensions(sslSocket *ss, sslBuffer *buf,
140                                   SSLHandshakeType message);
141 SECStatus ssl_SendEmptyExtension(const sslSocket *ss, TLSExtensionData *xtnData,
142                                  sslBuffer *buf, PRBool *append);
143 SECStatus ssl_InsertPaddingExtension(const sslSocket *ss, unsigned int prefixLen,
144                                      sslBuffer *buf);
145 
146 /* Thunks to let us operate on const sslSocket* objects. */
147 void ssl3_ExtSendAlert(const sslSocket *ss, SSL3AlertLevel level,
148                        SSL3AlertDescription desc);
149 void ssl3_ExtDecodeError(const sslSocket *ss);
150 SECStatus ssl3_ExtConsumeHandshake(const sslSocket *ss, void *v, PRUint32 bytes,
151                                    PRUint8 **b, PRUint32 *length);
152 SECStatus ssl3_ExtConsumeHandshakeNumber(const sslSocket *ss, PRUint32 *num,
153                                          PRUint32 bytes, PRUint8 **b,
154                                          PRUint32 *length);
155 SECStatus ssl3_ExtConsumeHandshakeVariable(const sslSocket *ss, SECItem *i,
156                                            PRUint32 bytes, PRUint8 **b,
157                                            PRUint32 *length);
158 
159 SECStatus SSLExp_GetExtensionSupport(PRUint16 type,
160                                      SSLExtensionSupport *support);
161 SECStatus SSLExp_InstallExtensionHooks(
162     PRFileDesc *fd, PRUint16 extension, SSLExtensionWriter writer,
163     void *writerArg, SSLExtensionHandler handler, void *handlerArg);
164 
165 #endif
166