1/* Private header file of libSSL.
2 * Various and sundry protocol constants. DON'T CHANGE THESE. These
3 * values are defined by the SSL 3.0 protocol specification.
4 *
5 * This Source Code Form is subject to the terms of the Mozilla Public
6 * License, v. 2.0. If a copy of the MPL was not distributed with this
7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
8
9#ifndef __ssl3proto_h_
10#define __ssl3proto_h_
11
12typedef PRUint8 SSL3Opaque;
13
14typedef PRUint16 SSL3ProtocolVersion;
15/* version numbers are defined in sslproto.h */
16
17typedef PRUint16 ssl3CipherSuite;
18/* The cipher suites are defined in sslproto.h */
19
20#define MAX_CERT_TYPES			10
21#define MAX_COMPRESSION_METHODS		10
22#define MAX_MAC_LENGTH			64
23#define MAX_PADDING_LENGTH		64
24#define MAX_KEY_LENGTH			64
25#define EXPORT_KEY_LENGTH		 5
26#define SSL3_RANDOM_LENGTH		32
27
28#define SSL3_RECORD_HEADER_LENGTH	 5
29
30/* SSL3_RECORD_HEADER_LENGTH + epoch/sequence_number */
31#define DTLS_RECORD_HEADER_LENGTH       13
32
33#define MAX_FRAGMENT_LENGTH		16384
34
35typedef enum {
36    content_change_cipher_spec = 20,
37    content_alert              = 21,
38    content_handshake          = 22,
39    content_application_data   = 23
40} SSL3ContentType;
41
42typedef struct {
43    SSL3ContentType     type;
44    SSL3ProtocolVersion version;
45    PRUint16            length;
46    SECItem             fragment;
47} SSL3Plaintext;
48
49typedef struct {
50    SSL3ContentType     type;
51    SSL3ProtocolVersion version;
52    PRUint16            length;
53    SECItem             fragment;
54} SSL3Compressed;
55
56typedef struct {
57    SECItem    content;
58    SSL3Opaque MAC[MAX_MAC_LENGTH];
59} SSL3GenericStreamCipher;
60
61typedef struct {
62    SECItem    content;
63    SSL3Opaque MAC[MAX_MAC_LENGTH];
64    PRUint8    padding[MAX_PADDING_LENGTH];
65    PRUint8    padding_length;
66} SSL3GenericBlockCipher;
67
68typedef enum { change_cipher_spec_choice = 1 } SSL3ChangeCipherSpecChoice;
69
70typedef struct {
71    SSL3ChangeCipherSpecChoice choice;
72} SSL3ChangeCipherSpec;
73
74typedef enum { alert_warning = 1, alert_fatal = 2 } SSL3AlertLevel;
75
76typedef enum {
77    close_notify            = 0,
78    unexpected_message      = 10,
79    bad_record_mac          = 20,
80    decryption_failed_RESERVED = 21,	/* do not send; see RFC 5246 */
81    record_overflow         = 22,	/* TLS only */
82    decompression_failure   = 30,
83    handshake_failure       = 40,
84    no_certificate          = 41,	/* SSL3 only, NOT TLS */
85    bad_certificate         = 42,
86    unsupported_certificate = 43,
87    certificate_revoked     = 44,
88    certificate_expired     = 45,
89    certificate_unknown     = 46,
90    illegal_parameter       = 47,
91
92/* All alerts below are TLS only. */
93    unknown_ca              = 48,
94    access_denied           = 49,
95    decode_error            = 50,
96    decrypt_error           = 51,
97    export_restriction      = 60,
98    protocol_version        = 70,
99    insufficient_security   = 71,
100    internal_error          = 80,
101    inappropriate_fallback  = 86,	/* could also be sent for SSLv3 */
102    user_canceled           = 90,
103    no_renegotiation        = 100,
104
105/* Alerts for client hello extensions */
106    unsupported_extension           = 110,
107    certificate_unobtainable        = 111,
108    unrecognized_name               = 112,
109    bad_certificate_status_response = 113,
110    bad_certificate_hash_value      = 114
111
112} SSL3AlertDescription;
113
114typedef struct {
115    SSL3AlertLevel       level;
116    SSL3AlertDescription description;
117} SSL3Alert;
118
119typedef enum {
120    hello_request	= 0,
121    client_hello	= 1,
122    server_hello	= 2,
123    hello_verify_request = 3,
124    new_session_ticket	= 4,
125    certificate 	= 11,
126    server_key_exchange = 12,
127    certificate_request	= 13,
128    server_hello_done	= 14,
129    certificate_verify	= 15,
130    client_key_exchange	= 16,
131    finished		= 20,
132    certificate_status  = 22,
133    next_proto		= 67,
134    encrypted_extensions= 203
135} SSL3HandshakeType;
136
137typedef struct {
138    PRUint8 empty;
139} SSL3HelloRequest;
140
141typedef struct {
142    SSL3Opaque rand[SSL3_RANDOM_LENGTH];
143} SSL3Random;
144
145typedef struct {
146    SSL3Opaque id[32];
147    PRUint8 length;
148} SSL3SessionID;
149
150typedef struct {
151    SSL3ProtocolVersion   client_version;
152    SSL3Random            random;
153    SSL3SessionID         session_id;
154    SECItem               cipher_suites;
155    PRUint8                 cm_count;
156    SSLCompressionMethod  compression_methods[MAX_COMPRESSION_METHODS];
157} SSL3ClientHello;
158
159typedef struct  {
160    SSL3ProtocolVersion   server_version;
161    SSL3Random            random;
162    SSL3SessionID         session_id;
163    ssl3CipherSuite       cipher_suite;
164    SSLCompressionMethod  compression_method;
165} SSL3ServerHello;
166
167typedef struct {
168    SECItem list;
169} SSL3Certificate;
170
171/* SSL3SignType moved to ssl.h */
172
173/* The SSL key exchange method used */
174typedef enum {
175    kea_null,
176    kea_rsa,
177    kea_rsa_export,
178    kea_rsa_export_1024,
179    kea_dh_dss,
180    kea_dh_dss_export,
181    kea_dh_rsa,
182    kea_dh_rsa_export,
183    kea_dhe_dss,
184    kea_dhe_dss_export,
185    kea_dhe_rsa,
186    kea_dhe_rsa_export,
187    kea_dh_anon,
188    kea_dh_anon_export,
189    kea_rsa_fips,
190    kea_ecdh_ecdsa,
191    kea_ecdhe_ecdsa,
192    kea_ecdh_rsa,
193    kea_ecdhe_rsa,
194    kea_ecdh_anon
195} SSL3KeyExchangeAlgorithm;
196
197typedef struct {
198    SECItem modulus;
199    SECItem exponent;
200} SSL3ServerRSAParams;
201
202typedef struct {
203    SECItem p;
204    SECItem g;
205    SECItem Ys;
206} SSL3ServerDHParams;
207
208typedef struct {
209    union {
210	SSL3ServerDHParams dh;
211	SSL3ServerRSAParams rsa;
212    } u;
213} SSL3ServerParams;
214
215/* This enum reflects HashAlgorithm enum from
216 * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1
217 *
218 * When updating, be sure to also update ssl3_TLSHashAlgorithmToOID. */
219enum {
220    tls_hash_md5 = 1,
221    tls_hash_sha1 = 2,
222    tls_hash_sha224 = 3,
223    tls_hash_sha256 = 4,
224    tls_hash_sha384 = 5,
225    tls_hash_sha512 = 6
226};
227
228/* This enum reflects SignatureAlgorithm enum from
229 * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */
230typedef enum {
231    tls_sig_rsa = 1,
232    tls_sig_dsa = 2,
233    tls_sig_ecdsa = 3
234} TLSSignatureAlgorithm;
235
236typedef struct {
237    SECOidTag hashAlg;
238    TLSSignatureAlgorithm sigAlg;
239} SSL3SignatureAndHashAlgorithm;
240
241/* SSL3HashesIndividually contains a combination MD5/SHA1 hash, as used in TLS
242 * prior to 1.2. */
243typedef struct {
244    PRUint8 md5[16];
245    PRUint8 sha[20];
246} SSL3HashesIndividually;
247
248/* SSL3Hashes contains an SSL hash value. The digest is contained in |u.raw|
249 * which, if |hashAlg==SEC_OID_UNKNOWN| is also a SSL3HashesIndividually
250 * struct. */
251typedef struct {
252    unsigned int len;
253    SECOidTag hashAlg;
254    union {
255	PRUint8 raw[64];
256	SSL3HashesIndividually s;
257    } u;
258} SSL3Hashes;
259
260typedef struct {
261    union {
262	SSL3Opaque anonymous;
263	SSL3Hashes certified;
264    } u;
265} SSL3ServerKeyExchange;
266
267typedef enum {
268    ct_RSA_sign 	=  1,
269    ct_DSS_sign 	=  2,
270    ct_RSA_fixed_DH 	=  3,
271    ct_DSS_fixed_DH 	=  4,
272    ct_RSA_ephemeral_DH =  5,
273    ct_DSS_ephemeral_DH =  6,
274    ct_ECDSA_sign	=  64,
275    ct_RSA_fixed_ECDH	=  65,
276    ct_ECDSA_fixed_ECDH	=  66
277
278} SSL3ClientCertificateType;
279
280typedef SECItem *SSL3DistinquishedName;
281
282typedef struct {
283    SSL3Opaque client_version[2];
284    SSL3Opaque random[46];
285} SSL3RSAPreMasterSecret;
286
287typedef SECItem SSL3EncryptedPreMasterSecret;
288
289
290typedef SSL3Opaque SSL3MasterSecret[48];
291
292typedef enum { implicit, explicit } SSL3PublicValueEncoding;
293
294typedef struct {
295    union {
296	SSL3Opaque implicit;
297	SECItem    explicit;
298    } dh_public;
299} SSL3ClientDiffieHellmanPublic;
300
301typedef struct {
302    union {
303	SSL3EncryptedPreMasterSecret  rsa;
304	SSL3ClientDiffieHellmanPublic diffie_helman;
305    } exchange_keys;
306} SSL3ClientKeyExchange;
307
308typedef SSL3Hashes SSL3PreSignedCertificateVerify;
309
310typedef SECItem SSL3CertificateVerify;
311
312typedef enum {
313    sender_client = 0x434c4e54,
314    sender_server = 0x53525652
315} SSL3Sender;
316
317typedef SSL3HashesIndividually SSL3Finished;
318
319typedef struct {
320    SSL3Opaque verify_data[12];
321} TLSFinished;
322
323/*
324 * TLS extension related data structures and constants.
325 */
326
327/* SessionTicket extension related data structures. */
328
329/* NewSessionTicket handshake message. */
330typedef struct {
331    PRUint32 received_timestamp;
332    PRUint32 ticket_lifetime_hint;
333    SECItem  ticket;
334} NewSessionTicket;
335
336typedef enum {
337    CLIENT_AUTH_ANONYMOUS   = 0,
338    CLIENT_AUTH_CERTIFICATE = 1
339} ClientAuthenticationType;
340
341typedef struct {
342    ClientAuthenticationType client_auth_type;
343    union {
344	SSL3Opaque *certificate_list;
345    } identity;
346} ClientIdentity;
347
348#define SESS_TICKET_KEY_NAME_LEN       16
349#define SESS_TICKET_KEY_NAME_PREFIX    "NSS!"
350#define SESS_TICKET_KEY_NAME_PREFIX_LEN 4
351#define SESS_TICKET_KEY_VAR_NAME_LEN   12
352
353typedef struct {
354    unsigned char *key_name;
355    unsigned char *iv;
356    SECItem encrypted_state;
357    unsigned char *mac;
358} EncryptedSessionTicket;
359
360#define TLS_EX_SESS_TICKET_MAC_LENGTH       32
361
362#define TLS_STE_NO_SERVER_NAME        -1
363
364#endif /* __ssl3proto_h_ */
365