1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef NET_SSL_SSL_CONNECTION_STATUS_FLAGS_H_
6#define NET_SSL_SSL_CONNECTION_STATUS_FLAGS_H_
7
8#include "base/logging.h"
9#include "base/macros.h"
10
11namespace net {
12
13// Status flags for SSLInfo::connection_status.
14enum {
15  // The lower 16 bits are reserved for the TLS ciphersuite id.
16  SSL_CONNECTION_CIPHERSUITE_SHIFT = 0,
17  SSL_CONNECTION_CIPHERSUITE_MASK = 0xffff,
18
19  // The next two bits are reserved for the compression used.
20  SSL_CONNECTION_COMPRESSION_SHIFT = 16,
21  SSL_CONNECTION_COMPRESSION_MASK = 3,
22
23  // We fell back to an older protocol version for this connection.
24  SSL_CONNECTION_VERSION_FALLBACK = 1 << 18,
25
26  // The server doesn't support the renegotiation_info extension. If this bit
27  // is not set then either the extension isn't supported, or we don't have any
28  // knowledge either way. (The latter case will occur when we use an SSL
29  // library that doesn't report it, like SChannel.)
30  SSL_CONNECTION_NO_RENEGOTIATION_EXTENSION = 1 << 19,
31
32  // The next three bits are reserved for the SSL version.
33  SSL_CONNECTION_VERSION_SHIFT = 20,
34  SSL_CONNECTION_VERSION_MASK = 7,
35
36  // 1 << 31 (the sign bit) is reserved so that the SSL connection status will
37  // never be negative.
38};
39
40// NOTE: the SSL version enum constants must be between 0 and
41// SSL_CONNECTION_VERSION_MASK, inclusive.
42enum {
43  SSL_CONNECTION_VERSION_UNKNOWN = 0,  // Unknown SSL version.
44  SSL_CONNECTION_VERSION_SSL2 = 1,
45  SSL_CONNECTION_VERSION_SSL3 = 2,
46  SSL_CONNECTION_VERSION_TLS1 = 3,
47  SSL_CONNECTION_VERSION_TLS1_1 = 4,
48  SSL_CONNECTION_VERSION_TLS1_2 = 5,
49  // Reserve 6 for TLS 1.3.
50  SSL_CONNECTION_VERSION_QUIC = 7,
51  SSL_CONNECTION_VERSION_MAX,
52};
53COMPILE_ASSERT(SSL_CONNECTION_VERSION_MAX - 1 <= SSL_CONNECTION_VERSION_MASK,
54               SSL_CONNECTION_VERSION_MASK_too_small);
55
56inline int SSLConnectionStatusToCipherSuite(int connection_status) {
57  return (connection_status >> SSL_CONNECTION_CIPHERSUITE_SHIFT) &
58         SSL_CONNECTION_CIPHERSUITE_MASK;
59}
60
61inline int SSLConnectionStatusToVersion(int connection_status) {
62  return (connection_status >> SSL_CONNECTION_VERSION_SHIFT) &
63         SSL_CONNECTION_VERSION_MASK;
64}
65
66inline void SSLConnectionStatusSetCipherSuite(int cipher_suite,
67                                              int* connection_status) {
68  // Clear out the old ciphersuite.
69  *connection_status &=
70      ~(SSL_CONNECTION_CIPHERSUITE_MASK << SSL_CONNECTION_CIPHERSUITE_SHIFT);
71  // Set the new ciphersuite.
72  *connection_status |= ((cipher_suite & SSL_CONNECTION_CIPHERSUITE_MASK)
73                         << SSL_CONNECTION_CIPHERSUITE_SHIFT);
74}
75
76inline void SSLConnectionStatusSetVersion(int version, int* connection_status) {
77  DCHECK_GT(version, 0);
78  DCHECK_LT(version, SSL_CONNECTION_VERSION_MAX);
79
80  // Clear out the old version.
81  *connection_status &=
82      ~(SSL_CONNECTION_VERSION_MASK << SSL_CONNECTION_VERSION_SHIFT);
83  // Set the new version.
84  *connection_status |=
85      ((version & SSL_CONNECTION_VERSION_MASK) << SSL_CONNECTION_VERSION_SHIFT);
86}
87
88}  // namespace net
89
90#endif  // NET_SSL_SSL_CONNECTION_STATUS_FLAGS_H_
91