diff options
author | wolfbeast <mcwerewolf@wolfbeast.com> | 2020-01-02 21:06:40 +0100 |
---|---|---|
committer | wolfbeast <mcwerewolf@wolfbeast.com> | 2020-01-02 21:06:40 +0100 |
commit | f4a12fc67689a830e9da1c87fd11afe5bc09deb3 (patch) | |
tree | 211ae0cd022a6c11b0026ecc7761a550c584583c /security/nss/lib/ssl/sslimpl.h | |
parent | f7d30133221896638f7bf4f66c504255c4b14f48 (diff) | |
download | UXP-f4a12fc67689a830e9da1c87fd11afe5bc09deb3.tar UXP-f4a12fc67689a830e9da1c87fd11afe5bc09deb3.tar.gz UXP-f4a12fc67689a830e9da1c87fd11afe5bc09deb3.tar.lz UXP-f4a12fc67689a830e9da1c87fd11afe5bc09deb3.tar.xz UXP-f4a12fc67689a830e9da1c87fd11afe5bc09deb3.zip |
Issue #1338 - Part 2: Update NSS to 3.48-RTM
Diffstat (limited to 'security/nss/lib/ssl/sslimpl.h')
-rw-r--r-- | security/nss/lib/ssl/sslimpl.h | 167 |
1 files changed, 136 insertions, 31 deletions
diff --git a/security/nss/lib/ssl/sslimpl.h b/security/nss/lib/ssl/sslimpl.h index 35240d2fb..4a393b281 100644 --- a/security/nss/lib/ssl/sslimpl.h +++ b/security/nss/lib/ssl/sslimpl.h @@ -37,6 +37,7 @@ typedef struct sslSocketStr sslSocket; typedef struct sslNamedGroupDefStr sslNamedGroupDef; typedef struct sslEsniKeysStr sslEsniKeys; +typedef struct sslDelegatedCredentialStr sslDelegatedCredential; typedef struct sslEphemeralKeyPairStr sslEphemeralKeyPair; typedef struct TLS13KeyShareEntryStr TLS13KeyShareEntry; @@ -144,6 +145,11 @@ typedef enum { ticket_allow_psk_sign_auth = 16 } TLS13SessionTicketFlags; +typedef enum { + update_not_requested = 0, + update_requested = 1 +} tls13KeyUpdateRequest; + struct sslNamedGroupDefStr { /* The name is the value that is encoded on the wire in TLS. */ SSLNamedGroup name; @@ -178,10 +184,11 @@ typedef SECStatus (*sslHandshakeFunc)(sslSocket *ss); void ssl_CacheSessionID(sslSocket *ss); void ssl_UncacheSessionID(sslSocket *ss); -void ssl_ServerCacheSessionID(sslSessionID *sid); +void ssl_ServerCacheSessionID(sslSessionID *sid, PRTime creationTime); void ssl_ServerUncacheSessionID(sslSessionID *sid); -typedef sslSessionID *(*sslSessionIDLookupFunc)(const PRIPv6Addr *addr, +typedef sslSessionID *(*sslSessionIDLookupFunc)(PRTime ssl_now, + const PRIPv6Addr *addr, unsigned char *sid, unsigned int sidLen, CERTCertDBHandle *dbHandle); @@ -272,6 +279,8 @@ typedef struct sslOptionsStr { unsigned int enableDtlsShortHeader : 1; unsigned int enableHelloDowngradeCheck : 1; unsigned int enableV2CompatibleHello : 1; + unsigned int enablePostHandshakeAuth : 1; + unsigned int enableDelegatedCredentials : 1; } sslOptions; typedef enum { sslHandshakingUndetermined = 0, @@ -570,8 +579,9 @@ struct TLS13KeyShareEntryStr { }; typedef struct TLS13EarlyDataStr { - PRCList link; /* The linked list link */ - SECItem data; /* The data */ + PRCList link; /* The linked list link */ + unsigned int consumed; /* How much has been read. */ + SECItem data; /* The data */ } TLS13EarlyData; typedef enum { @@ -609,6 +619,7 @@ typedef struct SSL3HandshakeStateStr { * TLS 1.2 and later use only |sha|, for SHA-256. */ PK11Context *md5; PK11Context *sha; + PK11Context *shaPostHandshake; SSLSignatureScheme signatureScheme; const ssl3KEADef *kea_def; ssl3CipherSuite cipher_suite; @@ -622,8 +633,6 @@ typedef struct SSL3HandshakeStateStr { unsigned long msg_len; PRBool isResuming; /* we are resuming (not used in TLS 1.3) */ PRBool sendingSCSV; /* instead of empty RI */ - sslBuffer msgState; /* current state for handshake messages*/ - /* protected by recvBufLock */ /* The session ticket received in a NewSessionTicket message is temporarily * stored in newSessionTicket until the handshake is finished; then it is @@ -744,10 +753,15 @@ struct ssl3StateStr { * update is initiated locally. */ PRBool peerRequestedKeyUpdate; - /* Internal callback for when we do a cipher suite change. Used for - * debugging in TLS 1.3. This can only be set by non-public functions. */ - sslCipherSpecChangedFunc changedCipherSpecFunc; - void *changedCipherSpecArg; + /* This is true if we deferred sending a key update as + * post-handshake auth is in progress. */ + PRBool keyUpdateDeferred; + tls13KeyUpdateRequest deferredKeyUpdateRequest; + + /* This is true after the server requests client certificate; + * false after the client certificate is received. Used by the + * server. */ + PRBool clientCertRequested; CERTCertificate *clientCertificate; /* used by client */ SECKEYPrivateKey *clientPrivateKey; /* used by client */ @@ -935,6 +949,10 @@ struct sslSocketStr { /* Enabled version range */ SSLVersionRange vrange; + /* A function that returns the current time. */ + SSLTimeFunc now; + void *nowArg; + /* State flags */ unsigned long clientAuthRequested; unsigned long delayDisabled; /* Nagle delay disabled */ @@ -994,6 +1012,10 @@ struct sslSocketStr { PRCList extensionHooks; SSLResumptionTokenCallback resumptionTokenCallback; void *resumptionTokenContext; + SSLSecretCallback secretCallback; + void *secretCallbackArg; + SSLRecordWriteCallback recordWriteCallback; + void *recordWriteCallbackArg; PRIntervalTime rTimeout; /* timeout for NSPR I/O */ PRIntervalTime wTimeout; /* timeout for NSPR I/O */ @@ -1074,6 +1096,9 @@ struct sslSocketStr { /* The information from the ESNI keys record * (also the private key for the server). */ sslEsniKeys *esniKeys; + + /* Anti-replay for TLS 1.3 0-RTT. */ + SSLAntiReplayContext *antiReplay; }; struct sslSelfEncryptKeysStr { @@ -1089,8 +1114,7 @@ extern char ssl_trace; extern FILE *ssl_trace_iob; extern FILE *ssl_keylog_iob; extern PZLock *ssl_keylog_lock; -extern PRUint32 ssl3_sid_timeout; -extern PRUint32 ssl_ticket_lifetime; +static const PRUint32 ssl_ticket_lifetime = 2 * 24 * 60 * 60; // 2 days. extern const char *const ssl3_cipherName[]; @@ -1174,14 +1198,15 @@ extern SECStatus ssl_SaveWriteData(sslSocket *ss, const void *p, unsigned int l); extern SECStatus ssl_BeginClientHandshake(sslSocket *ss); extern SECStatus ssl_BeginServerHandshake(sslSocket *ss); -extern int ssl_Do1stHandshake(sslSocket *ss); +extern SECStatus ssl_Do1stHandshake(sslSocket *ss); extern SECStatus ssl3_InitPendingCipherSpecs(sslSocket *ss, PK11SymKey *secret, PRBool derive); extern void ssl_DestroyKeyMaterial(ssl3KeyMaterial *keyMaterial); extern sslSessionID *ssl3_NewSessionID(sslSocket *ss, PRBool is_server); -extern sslSessionID *ssl_LookupSID(const PRIPv6Addr *addr, PRUint16 port, - const char *peerID, const char *urlSvrName); +extern sslSessionID *ssl_LookupSID(PRTime now, const PRIPv6Addr *addr, + PRUint16 port, const char *peerID, + const char *urlSvrName); extern void ssl_FreeSID(sslSessionID *sid); extern void ssl_DestroySID(sslSessionID *sid, PRBool freeIt); extern sslSessionID *ssl_ReferenceSID(sslSessionID *sid); @@ -1206,19 +1231,28 @@ extern SECStatus ssl_CipherPrefSetDefault(PRInt32 which, PRBool enabled); extern SECStatus ssl3_ConstrainRangeByPolicy(void); extern SECStatus ssl3_InitState(sslSocket *ss); -extern SECStatus Null_Cipher(void *ctx, unsigned char *output, int *outputLen, - int maxOutputLen, const unsigned char *input, - int inputLen); +extern SECStatus Null_Cipher(void *ctx, unsigned char *output, unsigned int *outputLen, + unsigned int maxOutputLen, const unsigned char *input, + unsigned int inputLen); extern void ssl3_RestartHandshakeHashes(sslSocket *ss); +typedef SECStatus (*sslUpdateHandshakeHashes)(sslSocket *ss, + const unsigned char *b, + unsigned int l); extern SECStatus ssl3_UpdateHandshakeHashes(sslSocket *ss, const unsigned char *b, unsigned int l); +extern SECStatus ssl3_UpdatePostHandshakeHashes(sslSocket *ss, + const unsigned char *b, + unsigned int l); SECStatus ssl_HashHandshakeMessageInt(sslSocket *ss, SSLHandshakeType type, PRUint32 dtlsSeq, - const PRUint8 *b, PRUint32 length); + const PRUint8 *b, PRUint32 length, + sslUpdateHandshakeHashes cb); SECStatus ssl_HashHandshakeMessage(sslSocket *ss, SSLHandshakeType type, const PRUint8 *b, PRUint32 length); +SECStatus ssl_HashPostHandshakeMessage(sslSocket *ss, SSLHandshakeType type, + const PRUint8 *b, PRUint32 length); /* Returns PR_TRUE if we are still waiting for the server to complete its * response to our client second round. Once we've received the Finished from @@ -1433,6 +1467,11 @@ extern void ssl_FreeEphemeralKeyPairs(sslSocket *ss); extern SECStatus ssl_AppendPaddedDHKeyShare(sslBuffer *buf, const SECKEYPublicKey *pubKey, PRBool appendLength); +extern PRBool ssl_CanUseSignatureScheme(SSLSignatureScheme scheme, + const SSLSignatureScheme *peerSchemes, + unsigned int peerSchemeCount, + PRBool requireSha1, + PRBool slotDoesPss); extern const ssl3DHParams *ssl_GetDHEParams(const sslNamedGroupDef *groupDef); extern SECStatus ssl_SelectDHEGroup(sslSocket *ss, const sslNamedGroupDef **groupDef); @@ -1529,9 +1568,14 @@ extern SECStatus ssl3_ConsumeHandshakeNumber64(sslSocket *ss, PRUint64 *num, extern SECStatus ssl3_ConsumeHandshakeVariable(sslSocket *ss, SECItem *i, PRUint32 bytes, PRUint8 **b, PRUint32 *length); +extern SECStatus ssl_SignatureSchemeFromSpki(const CERTSubjectPublicKeyInfo *spki, + PRBool isTls13, + SSLSignatureScheme *scheme); +extern PRBool ssl_SignatureSchemeEnabled(const sslSocket *ss, + SSLSignatureScheme scheme); extern PRBool ssl_IsSupportedSignatureScheme(SSLSignatureScheme scheme); extern SECStatus ssl_CheckSignatureSchemeConsistency( - sslSocket *ss, SSLSignatureScheme scheme, CERTCertificate *cert); + sslSocket *ss, SSLSignatureScheme scheme, CERTSubjectPublicKeyInfo *spki); extern SECStatus ssl_ParseSignatureSchemes(const sslSocket *ss, PLArenaPool *arena, SSLSignatureScheme **schemesOut, unsigned int *numSchemesOut, @@ -1539,8 +1583,18 @@ extern SECStatus ssl_ParseSignatureSchemes(const sslSocket *ss, PLArenaPool *are unsigned int *len); extern SECStatus ssl_ConsumeSignatureScheme( sslSocket *ss, PRUint8 **b, PRUint32 *length, SSLSignatureScheme *out); +extern SECStatus ssl3_SignHashesWithPrivKey(SSL3Hashes *hash, + SECKEYPrivateKey *key, + SSLSignatureScheme scheme, + PRBool isTls, + SECItem *buf); extern SECStatus ssl3_SignHashes(sslSocket *ss, SSL3Hashes *hash, SECKEYPrivateKey *key, SECItem *buf); +extern SECStatus ssl_VerifySignedHashesWithPubKey(sslSocket *ss, + SECKEYPublicKey *spki, + SSLSignatureScheme scheme, + SSL3Hashes *hash, + SECItem *buf); extern SECStatus ssl3_VerifySignedHashes(sslSocket *ss, SSLSignatureScheme scheme, SSL3Hashes *hash, SECItem *buf); extern SECStatus ssl3_CacheWrappedSecret(sslSocket *ss, sslSessionID *sid, @@ -1582,8 +1636,8 @@ PRBool ssl3_config_match(const ssl3CipherSuiteCfg *suite, PRUint8 policy, /* calls for accessing wrapping keys across processes. */ extern SECStatus -ssl_GetWrappingKey(unsigned int symWrapMechIndex, unsigned int wrapKeyIndex, - SSLWrappedSymWrappingKey *wswk); +ssl_GetWrappingKey(unsigned int symWrapMechIndex, + unsigned int wrapKeyIndex, SSLWrappedSymWrappingKey *wswk); /* The caller passes in the new value it wants * to set. This code tests the wrapped sym key entry in the file on disk. @@ -1623,10 +1677,13 @@ SECStatus ssl3_HandleNoCertificate(sslSocket *ss); SECStatus ssl3_SendEmptyCertificate(sslSocket *ss); void ssl3_CleanupPeerCerts(sslSocket *ss); SECStatus ssl3_SendCertificateStatus(sslSocket *ss); +SECStatus ssl_SetAuthKeyBits(sslSocket *ss, const SECKEYPublicKey *pubKey); +SECStatus ssl3_HandleServerSpki(sslSocket *ss); SECStatus ssl3_AuthCertificate(sslSocket *ss); SECStatus ssl_ReadCertificateStatus(sslSocket *ss, PRUint8 *b, PRUint32 length); -SECStatus ssl3_EncodeSigAlgs(const sslSocket *ss, sslBuffer *buf); +SECStatus ssl3_EncodeSigAlgs(const sslSocket *ss, PRUint16 minVersion, + sslBuffer *buf); SECStatus ssl_GetCertificateRequestCAs(const sslSocket *ss, unsigned int *calenp, const SECItem **namesp, @@ -1660,8 +1717,12 @@ SECStatus ssl3_FillInCachedSID(sslSocket *ss, sslSessionID *sid, const ssl3CipherSuiteDef *ssl_LookupCipherSuiteDef(ssl3CipherSuite suite); const ssl3CipherSuiteCfg *ssl_LookupCipherSuiteCfg(ssl3CipherSuite suite, const ssl3CipherSuiteCfg *suites); +PRBool ssl3_CipherSuiteAllowedForVersionRange(ssl3CipherSuite cipherSuite, + const SSLVersionRange *vrange); SECStatus ssl3_SelectServerCert(sslSocket *ss); +SECStatus ssl_PrivateKeySupportsRsaPss(SECKEYPrivateKey *privKey, + PRBool *supportsRsaPss); SECStatus ssl_PickSignatureScheme(sslSocket *ss, CERTCertificate *cert, SECKEYPublicKey *pubKey, @@ -1677,6 +1738,8 @@ SECStatus ssl3_SetupCipherSuite(sslSocket *ss, PRBool initHashes); SECStatus ssl_InsertRecordHeader(const sslSocket *ss, ssl3CipherSpec *cwSpec, SSLContentType contentType, sslBuffer *wrBuf, PRBool *needsLength); +PRBool ssl_SignatureSchemeValid(SSLSignatureScheme scheme, SECOidTag spkiOid, + PRBool isTls13); /* Pull in DTLS functions */ #include "dtlscon.h" @@ -1693,13 +1756,8 @@ extern void ssl3_CheckCipherSuiteOrderConsistency(); extern int ssl_MapLowLevelError(int hiLevelError); -extern PRUint32 ssl_TimeSec(void); -#ifdef UNSAFE_FUZZER_MODE -#define ssl_TimeUsec() ((PRTime)12345678) -#else -#define ssl_TimeUsec() (PR_Now()) -#endif -extern PRBool ssl_TicketTimeValid(const NewSessionTicket *ticket); +PRTime ssl_Time(const sslSocket *ss); +PRBool ssl_TicketTimeValid(const sslSocket *ss, const NewSessionTicket *ticket); extern void SSL_AtomicIncrementLong(long *x); @@ -1729,7 +1787,15 @@ SECStatus ssl_DecodeResumptionToken(sslSessionID *sid, const PRUint8 *encodedTic PRUint32 encodedTicketLen); PRBool ssl_IsResumptionTokenUsable(sslSocket *ss, sslSessionID *sid); -/* Remove when stable. */ +/* unwrap helper function to handle the case where the wrapKey doesn't wind + * * up in the correct token for the master secret */ +PK11SymKey *ssl_unwrapSymKey(PK11SymKey *wrapKey, + CK_MECHANISM_TYPE wrapType, SECItem *param, + SECItem *wrappedKey, + CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation, + int keySize, CK_FLAGS keyFlags, void *pinArg); + +/* Experimental APIs. Remove when stable. */ SECStatus SSLExp_SetResumptionTokenCallback(PRFileDesc *fd, SSLResumptionTokenCallback cb, @@ -1742,8 +1808,47 @@ SECStatus SSLExp_GetResumptionTokenInfo(const PRUint8 *tokenData, unsigned int t SECStatus SSLExp_DestroyResumptionTokenInfo(SSLResumptionTokenInfo *token); +SECStatus SSLExp_SecretCallback(PRFileDesc *fd, SSLSecretCallback cb, + void *arg); +SECStatus SSLExp_RecordLayerWriteCallback(PRFileDesc *fd, + SSLRecordWriteCallback write, + void *arg); +SECStatus SSLExp_RecordLayerData(PRFileDesc *fd, PRUint16 epoch, + SSLContentType contentType, + const PRUint8 *data, unsigned int len); +SECStatus SSLExp_GetCurrentEpoch(PRFileDesc *fd, PRUint16 *readEpoch, + PRUint16 *writeEpoch); + #define SSLResumptionTokenVersion 2 +SECStatus SSLExp_MakeAead(PRUint16 version, PRUint16 cipherSuite, PK11SymKey *secret, + const char *labelPrefix, unsigned int labelPrefixLen, + SSLAeadContext **ctx); +SECStatus SSLExp_DestroyAead(SSLAeadContext *ctx); +SECStatus SSLExp_AeadEncrypt(const SSLAeadContext *ctx, PRUint64 counter, + const PRUint8 *aad, unsigned int aadLen, + const PRUint8 *plaintext, unsigned int plaintextLen, + PRUint8 *out, unsigned int *outLen, unsigned int maxOut); +SECStatus SSLExp_AeadDecrypt(const SSLAeadContext *ctx, PRUint64 counter, + const PRUint8 *aad, unsigned int aadLen, + const PRUint8 *plaintext, unsigned int plaintextLen, + PRUint8 *out, unsigned int *outLen, unsigned int maxOut); + +SECStatus SSLExp_HkdfExtract(PRUint16 version, PRUint16 cipherSuite, + PK11SymKey *salt, PK11SymKey *ikm, PK11SymKey **keyp); +SECStatus SSLExp_HkdfExpandLabel(PRUint16 version, PRUint16 cipherSuite, PK11SymKey *prk, + const PRUint8 *hsHash, unsigned int hsHashLen, + const char *label, unsigned int labelLen, + PK11SymKey **key); +SECStatus +SSLExp_HkdfExpandLabelWithMech(PRUint16 version, PRUint16 cipherSuite, PK11SymKey *prk, + const PRUint8 *hsHash, unsigned int hsHashLen, + const char *label, unsigned int labelLen, + CK_MECHANISM_TYPE mech, unsigned int keySize, + PK11SymKey **keyp); + +SECStatus SSLExp_SetTimeFunc(PRFileDesc *fd, SSLTimeFunc f, void *arg); + SEC_END_PROTOS #if defined(XP_UNIX) || defined(XP_OS2) || defined(XP_BEOS) |