1 /* $OpenBSD: ssl_tlsext.h,v 1.22 2020/01/25 12:58:27 jsing Exp $ */ 2 /* 3 * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org> 4 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> 5 * Copyright (c) 2019 Bob Beck <beck@openbsd.org> 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 #ifndef HEADER_SSL_TLSEXT_H 21 #define HEADER_SSL_TLSEXT_H 22 23 /* TLSv1.3 - RFC 8446 Section 4.2. */ 24 #define SSL_TLSEXT_MSG_CH 0x0001 /* ClientHello */ 25 #define SSL_TLSEXT_MSG_SH 0x0002 /* ServerHello */ 26 #define SSL_TLSEXT_MSG_EE 0x0004 /* EncryptedExtension */ 27 #define SSL_TLSEXT_MSG_CT 0x0008 /* Certificate */ 28 #define SSL_TLSEXT_MSG_CR 0x0010 /* CertificateRequest */ 29 #define SSL_TLSEXT_MSG_NST 0x0020 /* NewSessionTicket */ 30 #define SSL_TLSEXT_MSG_HRR 0x0040 /* HelloRetryRequest */ 31 32 __BEGIN_HIDDEN_DECLS 33 34 int tlsext_alpn_client_needs(SSL *s); 35 int tlsext_alpn_client_build(SSL *s, CBB *cbb); 36 int tlsext_alpn_client_parse(SSL *s, CBS *cbs, int *alert); 37 int tlsext_alpn_server_needs(SSL *s); 38 int tlsext_alpn_server_build(SSL *s, CBB *cbb); 39 int tlsext_alpn_server_parse(SSL *s, CBS *cbs, int *alert); 40 41 int tlsext_ri_client_needs(SSL *s); 42 int tlsext_ri_client_build(SSL *s, CBB *cbb); 43 int tlsext_ri_client_parse(SSL *s, CBS *cbs, int *alert); 44 int tlsext_ri_server_needs(SSL *s); 45 int tlsext_ri_server_build(SSL *s, CBB *cbb); 46 int tlsext_ri_server_parse(SSL *s, CBS *cbs, int *alert); 47 48 int tlsext_sigalgs_client_needs(SSL *s); 49 int tlsext_sigalgs_client_build(SSL *s, CBB *cbb); 50 int tlsext_sigalgs_client_parse(SSL *s, CBS *cbs, int *alert); 51 int tlsext_sigalgs_server_needs(SSL *s); 52 int tlsext_sigalgs_server_build(SSL *s, CBB *cbb); 53 int tlsext_sigalgs_server_parse(SSL *s, CBS *cbs, int *alert); 54 55 int tlsext_sni_client_needs(SSL *s); 56 int tlsext_sni_client_build(SSL *s, CBB *cbb); 57 int tlsext_sni_client_parse(SSL *s, CBS *cbs, int *alert); 58 int tlsext_sni_server_needs(SSL *s); 59 int tlsext_sni_server_build(SSL *s, CBB *cbb); 60 int tlsext_sni_server_parse(SSL *s, CBS *cbs, int *alert); 61 62 int tlsext_supportedgroups_client_needs(SSL *s); 63 int tlsext_supportedgroups_client_build(SSL *s, CBB *cbb); 64 int tlsext_supportedgroups_client_parse(SSL *s, CBS *cbs, int *alert); 65 int tlsext_supportedgroups_server_needs(SSL *s); 66 int tlsext_supportedgroups_server_build(SSL *s, CBB *cbb); 67 int tlsext_supportedgroups_server_parse(SSL *s, CBS *cbs, int *alert); 68 69 int tlsext_ecpf_client_needs(SSL *s); 70 int tlsext_ecpf_client_build(SSL *s, CBB *cbb); 71 int tlsext_ecpf_client_parse(SSL *s, CBS *cbs, int *alert); 72 int tlsext_ecpf_server_needs(SSL *s); 73 int tlsext_ecpf_server_build(SSL *s, CBB *cbb); 74 int tlsext_ecpf_server_parse(SSL *s, CBS *cbs, int *alert); 75 76 int tlsext_ocsp_client_needs(SSL *s); 77 int tlsext_ocsp_client_build(SSL *s, CBB *cbb); 78 int tlsext_ocsp_client_parse(SSL *s, CBS *cbs, int *alert); 79 int tlsext_ocsp_server_needs(SSL *s); 80 int tlsext_ocsp_server_build(SSL *s, CBB *cbb); 81 int tlsext_ocsp_server_parse(SSL *s, CBS *cbs, int *alert); 82 83 int tlsext_sessionticket_client_needs(SSL *s); 84 int tlsext_sessionticket_client_build(SSL *s, CBB *cbb); 85 int tlsext_sessionticket_client_parse(SSL *s, CBS *cbs, int *alert); 86 int tlsext_sessionticket_server_needs(SSL *s); 87 int tlsext_sessionticket_server_build(SSL *s, CBB *cbb); 88 int tlsext_sessionticket_server_parse(SSL *s, CBS *cbs, int *alert); 89 90 int tlsext_versions_client_needs(SSL *s); 91 int tlsext_versions_client_build(SSL *s, CBB *cbb); 92 int tlsext_versions_client_parse(SSL *s, CBS *cbs, int *alert); 93 int tlsext_versions_server_needs(SSL *s); 94 int tlsext_versions_server_build(SSL *s, CBB *cbb); 95 int tlsext_versions_server_parse(SSL *s, CBS *cbs, int *alert); 96 97 int tlsext_keyshare_client_needs(SSL *s); 98 int tlsext_keyshare_client_build(SSL *s, CBB *cbb); 99 int tlsext_keyshare_client_parse(SSL *s, CBS *cbs, int *alert); 100 int tlsext_keyshare_server_needs(SSL *s); 101 int tlsext_keyshare_server_build(SSL *s, CBB *cbb); 102 int tlsext_keyshare_server_parse(SSL *s, CBS *cbs, int *alert); 103 104 int tlsext_cookie_client_needs(SSL *s); 105 int tlsext_cookie_client_build(SSL *s, CBB *cbb); 106 int tlsext_cookie_client_parse(SSL *s, CBS *cbs, int *alert); 107 int tlsext_cookie_server_needs(SSL *s); 108 int tlsext_cookie_server_build(SSL *s, CBB *cbb); 109 int tlsext_cookie_server_parse(SSL *s, CBS *cbs, int *alert); 110 111 #ifndef OPENSSL_NO_SRTP 112 int tlsext_srtp_client_needs(SSL *s); 113 int tlsext_srtp_client_build(SSL *s, CBB *cbb); 114 int tlsext_srtp_client_parse(SSL *s, CBS *cbs, int *alert); 115 int tlsext_srtp_server_needs(SSL *s); 116 int tlsext_srtp_server_build(SSL *s, CBB *cbb); 117 int tlsext_srtp_server_parse(SSL *s, CBS *cbs, int *alert); 118 #endif 119 120 int tlsext_client_build(SSL *s, CBB *cbb, uint16_t msg_type); 121 int tlsext_client_parse(SSL *s, CBS *cbs, int *alert, uint16_t msg_type); 122 123 int tlsext_server_build(SSL *s, CBB *cbb, uint16_t msg_type); 124 int tlsext_server_parse(SSL *s, CBS *cbs, int *alert, uint16_t msg_type); 125 126 struct tls_extension *tls_extension_find(uint16_t, size_t *); 127 int tlsext_extension_seen(SSL *s, uint16_t); 128 __END_HIDDEN_DECLS 129 130 #endif 131