1 // Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or 2 // http://www.apache.org/licenses/LICENSE-2.0> or the MIT license 3 // <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your 4 // option. This file may not be copied, modified, or distributed 5 // except according to those terms. 6 7 #![allow(dead_code)] 8 9 use crate::ssl; 10 11 // Ideally all of these would be enums, but size matters and we need to allow 12 // for values outside of those that are defined here. 13 14 pub type Alert = u8; 15 16 pub type Epoch = u16; 17 // TLS doesn't really have an "initial" concept that maps to QUIC so directly, 18 // but this should be clear enough. 19 pub const TLS_EPOCH_INITIAL: Epoch = 0_u16; 20 pub const TLS_EPOCH_ZERO_RTT: Epoch = 1_u16; 21 pub const TLS_EPOCH_HANDSHAKE: Epoch = 2_u16; 22 // Also, we don't use TLS epochs > 3. 23 pub const TLS_EPOCH_APPLICATION_DATA: Epoch = 3_u16; 24 25 /// Rather than defining a type alias and a bunch of constants, which leads to a ton of repetition, 26 /// use this macro. 27 macro_rules! remap_enum { 28 { $t:ident: $s:ty { $( $n:ident = $v:path ),+ $(,)? } } => { 29 pub type $t = $s; 30 $( pub const $n: $t = $v as $t; )+ 31 }; 32 { $t:ident: $s:ty => $e:ident { $( $n:ident = $v:ident ),+ $(,)? } } => { 33 remap_enum!{ $t: $s { $( $n = $e::$v ),+ } } 34 }; 35 { $t:ident: $s:ty => $p:ident::$e:ident { $( $n:ident = $v:ident ),+ $(,)? } } => { 36 remap_enum!{ $t: $s { $( $n = $p::$e::$v ),+ } } 37 }; 38 } 39 40 remap_enum! { 41 Version: u16 => ssl { 42 TLS_VERSION_1_2 = SSL_LIBRARY_VERSION_TLS_1_2, 43 TLS_VERSION_1_3 = SSL_LIBRARY_VERSION_TLS_1_3, 44 } 45 } 46 47 mod ciphers { 48 include!(concat!(env!("OUT_DIR"), "/nss_ciphers.rs")); 49 } 50 51 remap_enum! { 52 Cipher: u16 => ciphers { 53 TLS_AES_128_GCM_SHA256 = TLS_AES_128_GCM_SHA256, 54 TLS_AES_256_GCM_SHA384 = TLS_AES_256_GCM_SHA384, 55 TLS_CHACHA20_POLY1305_SHA256 = TLS_CHACHA20_POLY1305_SHA256, 56 } 57 } 58 59 remap_enum! { 60 Group: u16 => ssl::SSLNamedGroup { 61 TLS_GRP_EC_SECP256R1 = ssl_grp_ec_secp256r1, 62 TLS_GRP_EC_SECP384R1 = ssl_grp_ec_secp384r1, 63 TLS_GRP_EC_SECP521R1 = ssl_grp_ec_secp521r1, 64 TLS_GRP_EC_X25519 = ssl_grp_ec_curve25519, 65 } 66 } 67 68 remap_enum! { 69 HandshakeMessage: u8 => ssl::SSLHandshakeType { 70 TLS_HS_HELLO_REQUEST = ssl_hs_hello_request, 71 TLS_HS_CLIENT_HELLO = ssl_hs_client_hello, 72 TLS_HS_SERVER_HELLO = ssl_hs_server_hello, 73 TLS_HS_HELLO_VERIFY_REQUEST = ssl_hs_hello_verify_request, 74 TLS_HS_NEW_SESSION_TICKET = ssl_hs_new_session_ticket, 75 TLS_HS_END_OF_EARLY_DATA = ssl_hs_end_of_early_data, 76 TLS_HS_HELLO_RETRY_REQUEST = ssl_hs_hello_retry_request, 77 TLS_HS_ENCRYPTED_EXTENSIONS = ssl_hs_encrypted_extensions, 78 TLS_HS_CERTIFICATE = ssl_hs_certificate, 79 TLS_HS_SERVER_KEY_EXCHANGE = ssl_hs_server_key_exchange, 80 TLS_HS_CERTIFICATE_REQUEST = ssl_hs_certificate_request, 81 TLS_HS_SERVER_HELLO_DONE = ssl_hs_server_hello_done, 82 TLS_HS_CERTIFICATE_VERIFY = ssl_hs_certificate_verify, 83 TLS_HS_CLIENT_KEY_EXCHANGE = ssl_hs_client_key_exchange, 84 TLS_HS_FINISHED = ssl_hs_finished, 85 TLS_HS_CERT_STATUS = ssl_hs_certificate_status, 86 TLS_HS_KEY_UDPATE = ssl_hs_key_update, 87 } 88 } 89 90 remap_enum! { 91 ContentType: u8 => ssl::SSLContentType { 92 TLS_CT_CHANGE_CIPHER_SPEC = ssl_ct_change_cipher_spec, 93 TLS_CT_ALERT = ssl_ct_alert, 94 TLS_CT_HANDSHAKE = ssl_ct_handshake, 95 TLS_CT_APPLICATION_DATA = ssl_ct_application_data, 96 TLS_CT_ACK = ssl_ct_ack, 97 } 98 } 99 100 remap_enum! { 101 Extension: u16 => ssl::SSLExtensionType { 102 TLS_EXT_SERVER_NAME = ssl_server_name_xtn, 103 TLS_EXT_CERT_STATUS = ssl_cert_status_xtn, 104 TLS_EXT_GROUPS = ssl_supported_groups_xtn, 105 TLS_EXT_EC_POINT_FORMATS = ssl_ec_point_formats_xtn, 106 TLS_EXT_SIG_SCHEMES = ssl_signature_algorithms_xtn, 107 TLS_EXT_USE_SRTP = ssl_use_srtp_xtn, 108 TLS_EXT_ALPN = ssl_app_layer_protocol_xtn, 109 TLS_EXT_SCT = ssl_signed_cert_timestamp_xtn, 110 TLS_EXT_PADDING = ssl_padding_xtn, 111 TLS_EXT_EMS = ssl_extended_master_secret_xtn, 112 TLS_EXT_RECORD_SIZE = ssl_record_size_limit_xtn, 113 TLS_EXT_SESSION_TICKET = ssl_session_ticket_xtn, 114 TLS_EXT_PSK = ssl_tls13_pre_shared_key_xtn, 115 TLS_EXT_EARLY_DATA = ssl_tls13_early_data_xtn, 116 TLS_EXT_VERSIONS = ssl_tls13_supported_versions_xtn, 117 TLS_EXT_COOKIE = ssl_tls13_cookie_xtn, 118 TLS_EXT_PSK_MODES = ssl_tls13_psk_key_exchange_modes_xtn, 119 TLS_EXT_CA = ssl_tls13_certificate_authorities_xtn, 120 TLS_EXT_POST_HS_AUTH = ssl_tls13_post_handshake_auth_xtn, 121 TLS_EXT_CERT_SIG_SCHEMES = ssl_signature_algorithms_cert_xtn, 122 TLS_EXT_KEY_SHARE = ssl_tls13_key_share_xtn, 123 TLS_EXT_RENEGOTIATION_INFO = ssl_renegotiation_info_xtn, 124 } 125 } 126 127 remap_enum! { 128 SignatureScheme: u16 => ssl::SSLSignatureScheme { 129 TLS_SIG_NONE = ssl_sig_none, 130 TLS_SIG_RSA_PKCS1_SHA256 = ssl_sig_rsa_pkcs1_sha256, 131 TLS_SIG_RSA_PKCS1_SHA384 = ssl_sig_rsa_pkcs1_sha384, 132 TLS_SIG_RSA_PKCS1_SHA512 = ssl_sig_rsa_pkcs1_sha512, 133 TLS_SIG_ECDSA_SECP256R1_SHA256 = ssl_sig_ecdsa_secp256r1_sha256, 134 TLS_SIG_ECDSA_SECP384R1_SHA384 = ssl_sig_ecdsa_secp384r1_sha384, 135 TLS_SIG_ECDSA_SECP512R1_SHA512 = ssl_sig_ecdsa_secp521r1_sha512, 136 TLS_SIG_RSA_PSS_RSAE_SHA256 = ssl_sig_rsa_pss_rsae_sha256, 137 TLS_SIG_RSA_PSS_RSAE_SHA384 = ssl_sig_rsa_pss_rsae_sha384, 138 TLS_SIG_RSA_PSS_RSAE_SHA512 = ssl_sig_rsa_pss_rsae_sha512, 139 TLS_SIG_ED25519 = ssl_sig_ed25519, 140 TLS_SIG_ED448 = ssl_sig_ed448, 141 TLS_SIG_RSA_PSS_PSS_SHA256 = ssl_sig_rsa_pss_pss_sha256, 142 TLS_SIG_RSA_PSS_PSS_SHA384 = ssl_sig_rsa_pss_pss_sha384, 143 TLS_SIG_RSA_PSS_PSS_SHA512 = ssl_sig_rsa_pss_pss_sha512, 144 } 145 } 146