1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ 2 /* 3 * This file is PRIVATE to SSL. 4 * 5 * This Source Code Form is subject to the terms of the Mozilla Public 6 * License, v. 2.0. If a copy of the MPL was not distributed with this 7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 8 9 #ifndef __ssl3ext_h_ 10 #define __ssl3ext_h_ 11 12 #include "pk11hpke.h" 13 #include "sslencode.h" 14 15 typedef enum { 16 sni_nametype_hostname 17 } SNINameType; 18 typedef struct TLSExtensionDataStr TLSExtensionData; 19 20 /* Registerable callback function that either appends extension to buffer 21 * or returns length of data that it would have appended. 22 */ 23 typedef SECStatus (*sslExtensionBuilderFunc)(const sslSocket *ss, 24 TLSExtensionData *xtnData, 25 sslBuffer *buf, PRBool *added); 26 27 /* row in a table of hello extension senders */ 28 typedef struct { 29 PRInt32 ex_type; 30 sslExtensionBuilderFunc ex_sender; 31 } sslExtensionBuilder; 32 33 struct TLSExtensionDataStr { 34 /* registered callbacks that send server hello extensions */ 35 sslExtensionBuilder serverHelloSenders[SSL_MAX_EXTENSIONS]; 36 sslExtensionBuilder encryptedExtensionsSenders[SSL_MAX_EXTENSIONS]; 37 sslExtensionBuilder certificateSenders[SSL_MAX_EXTENSIONS]; 38 39 /* Keep track of the extensions that are advertised or negotiated. */ 40 PRUint16 numAdvertised; 41 PRUint16 *advertised; /* Allocated dynamically. */ 42 PRUint16 echNumAdvertised; /* Tracks Xtns offered in ClientHelloInner. */ 43 PRUint16 *echAdvertised; 44 PRUint16 numNegotiated; 45 PRUint16 negotiated[SSL_MAX_EXTENSIONS]; 46 47 /* SessionTicket Extension related data. */ 48 PRBool ticketTimestampVerified; 49 PRBool emptySessionTicket; 50 PRBool sentSessionTicketInClientHello; 51 SECItem psk_ke_modes; 52 PRUint32 max_early_data_size; 53 54 /* SNI Extension related data 55 * Names data is not coppied from the input buffer. It can not be 56 * used outside the scope where input buffer is defined and that 57 * is beyond ssl3_HandleClientHello function. */ 58 SECItem *sniNameArr; 59 PRUint32 sniNameArrSize; 60 61 /* Signed Certificate Timestamps extracted from the TLS extension. 62 * (client only). 63 * This container holds a temporary pointer to the extension data, 64 * until a session structure (the sec.ci.sid of an sslSocket) is setup 65 * that can hold a permanent copy of the data 66 * (in sec.ci.sid.u.ssl3.signedCertTimestamps). 67 * The data pointed to by this structure is neither explicitly allocated 68 * nor copied: the pointer points to the handshake message buffer and is 69 * only valid in the scope of ssl3_HandleServerHello. 70 */ 71 SECItem signedCertTimestamps; 72 73 PRBool peerSupportsFfdheGroups; /* if the peer supports named ffdhe groups */ 74 75 /* clientSigAndHash contains the contents of the signature_algorithms 76 * extension (if any) the other side supports. This is only valid for TLS 77 * 1.2 or later. In TLS 1.3, it is also used for CertificateRequest. */ 78 SSLSignatureScheme *sigSchemes; 79 unsigned int numSigSchemes; 80 81 /* Keep track of signature schemes that the remote peer supports for 82 * Delegated Credentials signatures, as well was those we have 83 * advertised (for purposes of validating any received DC). 84 * This list may not be the same as those supported for certificates. 85 * Only valid for TLS 1.3. */ 86 SSLSignatureScheme *delegCredSigSchemes; 87 unsigned int numDelegCredSigSchemes; 88 SSLSignatureScheme *delegCredSigSchemesAdvertised; 89 unsigned int numDelegCredSigSchemesAdvertised; 90 91 SECItem certReqContext; 92 CERTDistNames certReqAuthorities; 93 94 /* In a client: if the server supports Next Protocol Negotiation, then 95 * this is the protocol that was negotiated. 96 */ 97 SECItem nextProto; 98 SSLNextProtoState nextProtoState; 99 100 PRUint16 dtlsSRTPCipherSuite; /* 0 if not selected */ 101 102 unsigned int echXtnOffset; /* The start of the ECH Xtn (if any) */ 103 unsigned int lastXtnOffset; /* Where to insert any other extensions. 104 * 0 = end, otherwise base of PSK xtn. */ 105 PRCList remoteKeyShares; /* The other side's public keys (TLS 1.3) */ 106 107 /* The following are used by a TLS 1.3 server. */ 108 SECItem pskBinder; /* The binder for the first PSK. */ 109 unsigned int pskBindersLen; /* The length of the binders. */ 110 PRUint32 ticketAge; /* Used to accept early data. */ 111 SECItem cookie; /* HRR Cookie. */ 112 const sslNamedGroupDef *selectedGroup; /* For HRR. */ 113 /* The application token contains a value that was passed to the client via 114 * a session ticket, or the cookie in a HelloRetryRequest. */ 115 SECItem applicationToken; 116 117 /* The record size limit set by the peer. Our value is kept in ss->opt. */ 118 PRUint16 recordSizeLimit; 119 120 /* Delegated credentials. 121 * 122 * The delegated credential sent by the peer. Set by 123 * |tls13_ReadDelegatedCredential|. 124 */ 125 sslDelegatedCredential *peerDelegCred; 126 /* Whether the peer requested a delegated credential. */ 127 PRBool peerRequestedDelegCred; 128 /* Whether the host is committed to using a delegated credential. Set by 129 * |tls13_MaybeSetDelegatedCredential|. 130 */ 131 PRBool sendingDelegCredToPeer; 132 133 /* A non-owning reference to the selected PSKs. MUST NOT be freed directly, 134 * rather through tls13_DestoryPskList(). */ 135 sslPsk *selectedPsk; 136 137 /* ECH working state. Non-null when a valid Encrypted Client Hello extension 138 * was received. */ 139 sslEchXtnState *ech; 140 }; 141 142 typedef struct TLSExtensionStr { 143 PRCList link; /* The linked list link */ 144 PRUint16 type; /* Extension type */ 145 SECItem data; /* Pointers into the handshake data. */ 146 } TLSExtension; 147 148 typedef struct sslCustomExtensionHooks { 149 PRCList link; 150 PRUint16 type; 151 SSLExtensionWriter writer; 152 void *writerArg; 153 SSLExtensionHandler handler; 154 void *handlerArg; 155 } sslCustomExtensionHooks; 156 157 SECStatus ssl3_HandleExtensions(sslSocket *ss, 158 PRUint8 **b, PRUint32 *length, 159 SSLHandshakeType handshakeMessage); 160 SECStatus ssl3_ParseExtensions(sslSocket *ss, 161 PRUint8 **b, PRUint32 *length); 162 SECStatus ssl3_HandleParsedExtensions(sslSocket *ss, 163 SSLHandshakeType handshakeMessage); 164 TLSExtension *ssl3_FindExtension(sslSocket *ss, 165 SSLExtensionType extension_type); 166 void ssl3_DestroyRemoteExtensions(PRCList *list); 167 void ssl3_MoveRemoteExtensions(PRCList *dst, PRCList *src); 168 void ssl3_InitExtensionData(TLSExtensionData *xtnData, const sslSocket *ss); 169 void ssl3_DestroyExtensionData(TLSExtensionData *xtnData); 170 void ssl3_ResetExtensionData(TLSExtensionData *xtnData, const sslSocket *ss); 171 172 PRBool ssl3_ExtensionNegotiated(const sslSocket *ss, PRUint16 ex_type); 173 PRBool ssl3_ExtensionAdvertised(const sslSocket *ss, PRUint16 ex_type); 174 175 SECStatus ssl3_RegisterExtensionSender(const sslSocket *ss, 176 TLSExtensionData *xtnData, 177 PRUint16 ex_type, 178 sslExtensionBuilderFunc cb); 179 SECStatus ssl_ConstructExtensions(sslSocket *ss, sslBuffer *buf, 180 SSLHandshakeType message); 181 SECStatus ssl_SendEmptyExtension(const sslSocket *ss, TLSExtensionData *xtnData, 182 sslBuffer *buf, PRBool *append); 183 SECStatus ssl3_EmplaceExtension(sslSocket *ss, sslBuffer *buf, PRUint16 exType, 184 const PRUint8 *data, unsigned int len, PRBool advertise); 185 SECStatus ssl_InsertPaddingExtension(sslSocket *ss, unsigned int prefixLen, 186 sslBuffer *buf); 187 188 /* Thunks to let us operate on const sslSocket* objects. */ 189 void ssl3_ExtSendAlert(const sslSocket *ss, SSL3AlertLevel level, 190 SSL3AlertDescription desc); 191 void ssl3_ExtDecodeError(const sslSocket *ss); 192 SECStatus ssl3_ExtConsumeHandshake(const sslSocket *ss, void *v, PRUint32 bytes, 193 PRUint8 **b, PRUint32 *length); 194 SECStatus ssl3_ExtConsumeHandshakeNumber(const sslSocket *ss, PRUint32 *num, 195 PRUint32 bytes, PRUint8 **b, 196 PRUint32 *length); 197 SECStatus ssl3_ExtConsumeHandshakeVariable(const sslSocket *ss, SECItem *i, 198 PRUint32 bytes, PRUint8 **b, 199 PRUint32 *length); 200 201 SECStatus SSLExp_GetExtensionSupport(PRUint16 type, 202 SSLExtensionSupport *support); 203 SECStatus SSLExp_InstallExtensionHooks( 204 PRFileDesc *fd, PRUint16 extension, SSLExtensionWriter writer, 205 void *writerArg, SSLExtensionHandler handler, void *handlerArg); 206 sslCustomExtensionHooks *ssl_FindCustomExtensionHooks(sslSocket *ss, PRUint16 extension); 207 SECStatus ssl_CallCustomExtensionSenders(sslSocket *ss, sslBuffer *buf, 208 SSLHandshakeType message); 209 210 #endif 211