1/* Private header file of libSSL. 2 * Various and sundry protocol constants. DON'T CHANGE THESE. These 3 * values are defined by the SSL 3.0 protocol specification. 4 * 5 * This Source Code Form is subject to the terms of the Mozilla Public 6 * License, v. 2.0. If a copy of the MPL was not distributed with this 7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 8 9#ifndef __ssl3proto_h_ 10#define __ssl3proto_h_ 11 12typedef PRUint8 SSL3Opaque; 13 14typedef PRUint16 SSL3ProtocolVersion; 15/* version numbers are defined in sslproto.h */ 16 17typedef PRUint16 ssl3CipherSuite; 18/* The cipher suites are defined in sslproto.h */ 19 20#define MAX_CERT_TYPES 10 21#define MAX_COMPRESSION_METHODS 10 22#define MAX_MAC_LENGTH 64 23#define MAX_PADDING_LENGTH 64 24#define MAX_KEY_LENGTH 64 25#define EXPORT_KEY_LENGTH 5 26#define SSL3_RANDOM_LENGTH 32 27 28#define SSL3_RECORD_HEADER_LENGTH 5 29 30/* SSL3_RECORD_HEADER_LENGTH + epoch/sequence_number */ 31#define DTLS_RECORD_HEADER_LENGTH 13 32 33#define MAX_FRAGMENT_LENGTH 16384 34 35typedef enum { 36 content_change_cipher_spec = 20, 37 content_alert = 21, 38 content_handshake = 22, 39 content_application_data = 23 40} SSL3ContentType; 41 42typedef struct { 43 SSL3ContentType type; 44 SSL3ProtocolVersion version; 45 PRUint16 length; 46 SECItem fragment; 47} SSL3Plaintext; 48 49typedef struct { 50 SSL3ContentType type; 51 SSL3ProtocolVersion version; 52 PRUint16 length; 53 SECItem fragment; 54} SSL3Compressed; 55 56typedef struct { 57 SECItem content; 58 SSL3Opaque MAC[MAX_MAC_LENGTH]; 59} SSL3GenericStreamCipher; 60 61typedef struct { 62 SECItem content; 63 SSL3Opaque MAC[MAX_MAC_LENGTH]; 64 PRUint8 padding[MAX_PADDING_LENGTH]; 65 PRUint8 padding_length; 66} SSL3GenericBlockCipher; 67 68typedef enum { change_cipher_spec_choice = 1 } SSL3ChangeCipherSpecChoice; 69 70typedef struct { 71 SSL3ChangeCipherSpecChoice choice; 72} SSL3ChangeCipherSpec; 73 74typedef enum { alert_warning = 1, alert_fatal = 2 } SSL3AlertLevel; 75 76typedef enum { 77 close_notify = 0, 78 unexpected_message = 10, 79 bad_record_mac = 20, 80 decryption_failed_RESERVED = 21, /* do not send; see RFC 5246 */ 81 record_overflow = 22, /* TLS only */ 82 decompression_failure = 30, 83 handshake_failure = 40, 84 no_certificate = 41, /* SSL3 only, NOT TLS */ 85 bad_certificate = 42, 86 unsupported_certificate = 43, 87 certificate_revoked = 44, 88 certificate_expired = 45, 89 certificate_unknown = 46, 90 illegal_parameter = 47, 91 92/* All alerts below are TLS only. */ 93 unknown_ca = 48, 94 access_denied = 49, 95 decode_error = 50, 96 decrypt_error = 51, 97 export_restriction = 60, 98 protocol_version = 70, 99 insufficient_security = 71, 100 internal_error = 80, 101 inappropriate_fallback = 86, /* could also be sent for SSLv3 */ 102 user_canceled = 90, 103 no_renegotiation = 100, 104 105/* Alerts for client hello extensions */ 106 unsupported_extension = 110, 107 certificate_unobtainable = 111, 108 unrecognized_name = 112, 109 bad_certificate_status_response = 113, 110 bad_certificate_hash_value = 114 111 112} SSL3AlertDescription; 113 114typedef struct { 115 SSL3AlertLevel level; 116 SSL3AlertDescription description; 117} SSL3Alert; 118 119typedef enum { 120 hello_request = 0, 121 client_hello = 1, 122 server_hello = 2, 123 hello_verify_request = 3, 124 new_session_ticket = 4, 125 certificate = 11, 126 server_key_exchange = 12, 127 certificate_request = 13, 128 server_hello_done = 14, 129 certificate_verify = 15, 130 client_key_exchange = 16, 131 finished = 20, 132 certificate_status = 22, 133 next_proto = 67, 134 encrypted_extensions= 203 135} SSL3HandshakeType; 136 137typedef struct { 138 PRUint8 empty; 139} SSL3HelloRequest; 140 141typedef struct { 142 SSL3Opaque rand[SSL3_RANDOM_LENGTH]; 143} SSL3Random; 144 145typedef struct { 146 SSL3Opaque id[32]; 147 PRUint8 length; 148} SSL3SessionID; 149 150typedef struct { 151 SSL3ProtocolVersion client_version; 152 SSL3Random random; 153 SSL3SessionID session_id; 154 SECItem cipher_suites; 155 PRUint8 cm_count; 156 SSLCompressionMethod compression_methods[MAX_COMPRESSION_METHODS]; 157} SSL3ClientHello; 158 159typedef struct { 160 SSL3ProtocolVersion server_version; 161 SSL3Random random; 162 SSL3SessionID session_id; 163 ssl3CipherSuite cipher_suite; 164 SSLCompressionMethod compression_method; 165} SSL3ServerHello; 166 167typedef struct { 168 SECItem list; 169} SSL3Certificate; 170 171/* SSL3SignType moved to ssl.h */ 172 173/* The SSL key exchange method used */ 174typedef enum { 175 kea_null, 176 kea_rsa, 177 kea_rsa_export, 178 kea_rsa_export_1024, 179 kea_dh_dss, 180 kea_dh_dss_export, 181 kea_dh_rsa, 182 kea_dh_rsa_export, 183 kea_dhe_dss, 184 kea_dhe_dss_export, 185 kea_dhe_rsa, 186 kea_dhe_rsa_export, 187 kea_dh_anon, 188 kea_dh_anon_export, 189 kea_rsa_fips, 190 kea_ecdh_ecdsa, 191 kea_ecdhe_ecdsa, 192 kea_ecdh_rsa, 193 kea_ecdhe_rsa, 194 kea_ecdh_anon 195} SSL3KeyExchangeAlgorithm; 196 197typedef struct { 198 SECItem modulus; 199 SECItem exponent; 200} SSL3ServerRSAParams; 201 202typedef struct { 203 SECItem p; 204 SECItem g; 205 SECItem Ys; 206} SSL3ServerDHParams; 207 208typedef struct { 209 union { 210 SSL3ServerDHParams dh; 211 SSL3ServerRSAParams rsa; 212 } u; 213} SSL3ServerParams; 214 215/* This enum reflects HashAlgorithm enum from 216 * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 217 * 218 * When updating, be sure to also update ssl3_TLSHashAlgorithmToOID. */ 219enum { 220 tls_hash_md5 = 1, 221 tls_hash_sha1 = 2, 222 tls_hash_sha224 = 3, 223 tls_hash_sha256 = 4, 224 tls_hash_sha384 = 5, 225 tls_hash_sha512 = 6 226}; 227 228/* This enum reflects SignatureAlgorithm enum from 229 * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */ 230typedef enum { 231 tls_sig_rsa = 1, 232 tls_sig_dsa = 2, 233 tls_sig_ecdsa = 3 234} TLSSignatureAlgorithm; 235 236typedef struct { 237 SECOidTag hashAlg; 238 TLSSignatureAlgorithm sigAlg; 239} SSL3SignatureAndHashAlgorithm; 240 241/* SSL3HashesIndividually contains a combination MD5/SHA1 hash, as used in TLS 242 * prior to 1.2. */ 243typedef struct { 244 PRUint8 md5[16]; 245 PRUint8 sha[20]; 246} SSL3HashesIndividually; 247 248/* SSL3Hashes contains an SSL hash value. The digest is contained in |u.raw| 249 * which, if |hashAlg==SEC_OID_UNKNOWN| is also a SSL3HashesIndividually 250 * struct. */ 251typedef struct { 252 unsigned int len; 253 SECOidTag hashAlg; 254 union { 255 PRUint8 raw[64]; 256 SSL3HashesIndividually s; 257 } u; 258} SSL3Hashes; 259 260typedef struct { 261 union { 262 SSL3Opaque anonymous; 263 SSL3Hashes certified; 264 } u; 265} SSL3ServerKeyExchange; 266 267typedef enum { 268 ct_RSA_sign = 1, 269 ct_DSS_sign = 2, 270 ct_RSA_fixed_DH = 3, 271 ct_DSS_fixed_DH = 4, 272 ct_RSA_ephemeral_DH = 5, 273 ct_DSS_ephemeral_DH = 6, 274 ct_ECDSA_sign = 64, 275 ct_RSA_fixed_ECDH = 65, 276 ct_ECDSA_fixed_ECDH = 66 277 278} SSL3ClientCertificateType; 279 280typedef SECItem *SSL3DistinquishedName; 281 282typedef struct { 283 SSL3Opaque client_version[2]; 284 SSL3Opaque random[46]; 285} SSL3RSAPreMasterSecret; 286 287typedef SECItem SSL3EncryptedPreMasterSecret; 288 289 290typedef SSL3Opaque SSL3MasterSecret[48]; 291 292typedef enum { implicit, explicit } SSL3PublicValueEncoding; 293 294typedef struct { 295 union { 296 SSL3Opaque implicit; 297 SECItem explicit; 298 } dh_public; 299} SSL3ClientDiffieHellmanPublic; 300 301typedef struct { 302 union { 303 SSL3EncryptedPreMasterSecret rsa; 304 SSL3ClientDiffieHellmanPublic diffie_helman; 305 } exchange_keys; 306} SSL3ClientKeyExchange; 307 308typedef SSL3Hashes SSL3PreSignedCertificateVerify; 309 310typedef SECItem SSL3CertificateVerify; 311 312typedef enum { 313 sender_client = 0x434c4e54, 314 sender_server = 0x53525652 315} SSL3Sender; 316 317typedef SSL3HashesIndividually SSL3Finished; 318 319typedef struct { 320 SSL3Opaque verify_data[12]; 321} TLSFinished; 322 323/* 324 * TLS extension related data structures and constants. 325 */ 326 327/* SessionTicket extension related data structures. */ 328 329/* NewSessionTicket handshake message. */ 330typedef struct { 331 PRUint32 received_timestamp; 332 PRUint32 ticket_lifetime_hint; 333 SECItem ticket; 334} NewSessionTicket; 335 336typedef enum { 337 CLIENT_AUTH_ANONYMOUS = 0, 338 CLIENT_AUTH_CERTIFICATE = 1 339} ClientAuthenticationType; 340 341typedef struct { 342 ClientAuthenticationType client_auth_type; 343 union { 344 SSL3Opaque *certificate_list; 345 } identity; 346} ClientIdentity; 347 348#define SESS_TICKET_KEY_NAME_LEN 16 349#define SESS_TICKET_KEY_NAME_PREFIX "NSS!" 350#define SESS_TICKET_KEY_NAME_PREFIX_LEN 4 351#define SESS_TICKET_KEY_VAR_NAME_LEN 12 352 353typedef struct { 354 unsigned char *key_name; 355 unsigned char *iv; 356 SECItem encrypted_state; 357 unsigned char *mac; 358} EncryptedSessionTicket; 359 360#define TLS_EX_SESS_TICKET_MAC_LENGTH 32 361 362#define TLS_STE_NO_SERVER_NAME -1 363 364#endif /* __ssl3proto_h_ */ 365