From 5f8de423f190bbb79a62f804151bc24824fa32d8 Mon Sep 17 00:00:00 2001 From: "Matt A. Tobin" Date: Fri, 2 Feb 2018 04:16:08 -0500 Subject: Add m-esr52 at 52.6.0 --- security/nss/lib/ssl/sslt.h | 415 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 415 insertions(+) create mode 100644 security/nss/lib/ssl/sslt.h (limited to 'security/nss/lib/ssl/sslt.h') diff --git a/security/nss/lib/ssl/sslt.h b/security/nss/lib/ssl/sslt.h new file mode 100644 index 000000000..506b78d64 --- /dev/null +++ b/security/nss/lib/ssl/sslt.h @@ -0,0 +1,415 @@ +/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* + * This file contains prototypes for the public SSL functions. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef __sslt_h_ +#define __sslt_h_ + +#include "prtypes.h" +#include "secitem.h" +#include "certt.h" + +typedef struct SSL3StatisticsStr { + /* statistics from ssl3_SendClientHello (sch) */ + long sch_sid_cache_hits; + long sch_sid_cache_misses; + long sch_sid_cache_not_ok; + + /* statistics from ssl3_HandleServerHello (hsh) */ + long hsh_sid_cache_hits; + long hsh_sid_cache_misses; + long hsh_sid_cache_not_ok; + + /* statistics from ssl3_HandleClientHello (hch) */ + long hch_sid_cache_hits; + long hch_sid_cache_misses; + long hch_sid_cache_not_ok; + + /* statistics related to stateless resume */ + long sch_sid_stateless_resumes; + long hsh_sid_stateless_resumes; + long hch_sid_stateless_resumes; + long hch_sid_ticket_parse_failures; +} SSL3Statistics; + +/* Key Exchange algorithm values */ +typedef enum { + ssl_kea_null = 0, + ssl_kea_rsa = 1, + ssl_kea_dh = 2, + ssl_kea_fortezza = 3, /* deprecated, now unused */ + ssl_kea_ecdh = 4, + ssl_kea_ecdh_psk = 5, + ssl_kea_dh_psk = 6, + ssl_kea_tls13_any = 7, + ssl_kea_size /* number of ssl_kea_ algorithms */ +} SSLKEAType; + +/* The following defines are for backwards compatibility. +** They will be removed in a forthcoming release to reduce namespace pollution. +** programs that use the kt_ symbols should convert to the ssl_kt_ symbols +** soon. +*/ +#define kt_null ssl_kea_null +#define kt_rsa ssl_kea_rsa +#define kt_dh ssl_kea_dh +#define kt_fortezza ssl_kea_fortezza /* deprecated, now unused */ +#define kt_ecdh ssl_kea_ecdh +#define kt_kea_size ssl_kea_size + +/* Values of this enum match the SignatureAlgorithm enum from + * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */ +typedef enum { + ssl_sign_null = 0, /* "anonymous" in TLS */ + ssl_sign_rsa = 1, + ssl_sign_dsa = 2, + ssl_sign_ecdsa = 3 +} SSLSignType; + +/* Values of this enum match the HashAlgorithm enum from + * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */ +typedef enum { + /* ssl_hash_none is used internally to mean the pre-1.2 combination of MD5 + * and SHA1. The other values are only used in TLS 1.2. */ + ssl_hash_none = 0, + ssl_hash_md5 = 1, + ssl_hash_sha1 = 2, + ssl_hash_sha224 = 3, + ssl_hash_sha256 = 4, + ssl_hash_sha384 = 5, + ssl_hash_sha512 = 6 +} SSLHashType; + +/* Deprecated */ +typedef struct SSLSignatureAndHashAlgStr { + SSLHashType hashAlg; + SSLSignType sigAlg; +} SSLSignatureAndHashAlg; + +typedef enum { + ssl_sig_none = 0, + ssl_sig_rsa_pkcs1_sha1 = 0x0201, + ssl_sig_rsa_pkcs1_sha256 = 0x0401, + ssl_sig_rsa_pkcs1_sha384 = 0x0501, + ssl_sig_rsa_pkcs1_sha512 = 0x0601, + /* For ECDSA, the pairing of the hash with a specific curve is only enforced + * in TLS 1.3; in TLS 1.2 any curve can be used with each of these. */ + ssl_sig_ecdsa_secp256r1_sha256 = 0x0403, + ssl_sig_ecdsa_secp384r1_sha384 = 0x0503, + ssl_sig_ecdsa_secp521r1_sha512 = 0x0603, + ssl_sig_rsa_pss_sha256 = 0x0804, + ssl_sig_rsa_pss_sha384 = 0x0805, + ssl_sig_rsa_pss_sha512 = 0x0806, + ssl_sig_ed25519 = 0x0807, + ssl_sig_ed448 = 0x0808, + + ssl_sig_dsa_sha1 = 0x0202, + ssl_sig_dsa_sha256 = 0x0402, + ssl_sig_dsa_sha384 = 0x0502, + ssl_sig_dsa_sha512 = 0x0602, + ssl_sig_ecdsa_sha1 = 0x0203, + + /* The following value (which can't be used in the protocol), represents + * the RSA signature using SHA-1 and MD5 that is used in TLS 1.0 and 1.1. + * This is reported as a signature scheme when TLS 1.0 or 1.1 is used. + * This should not be passed to SSL_SignatureSchemePrefSet(); this + * signature scheme is always used and cannot be disabled. */ + ssl_sig_rsa_pkcs1_sha1md5 = 0x10101, +} SSLSignatureScheme; + +/* +** SSLAuthType describes the type of key that is used to authenticate a +** connection. That is, the type of key in the end-entity certificate. +*/ +typedef enum { + ssl_auth_null = 0, + ssl_auth_rsa_decrypt = 1, /* static RSA */ + ssl_auth_dsa = 2, + ssl_auth_kea = 3, /* unused */ + ssl_auth_ecdsa = 4, + ssl_auth_ecdh_rsa = 5, /* ECDH cert with an RSA signature */ + ssl_auth_ecdh_ecdsa = 6, /* ECDH cert with an ECDSA signature */ + ssl_auth_rsa_sign = 7, /* RSA PKCS#1.5 signing */ + ssl_auth_rsa_pss = 8, + ssl_auth_psk = 9, + ssl_auth_tls13_any = 10, + ssl_auth_size /* number of authentication types */ +} SSLAuthType; + +/* This is defined for backward compatibility reasons */ +#define ssl_auth_rsa ssl_auth_rsa_decrypt + +typedef enum { + ssl_calg_null = 0, + ssl_calg_rc4 = 1, + ssl_calg_rc2 = 2, + ssl_calg_des = 3, + ssl_calg_3des = 4, + ssl_calg_idea = 5, + ssl_calg_fortezza = 6, /* deprecated, now unused */ + ssl_calg_aes = 7, + ssl_calg_camellia = 8, + ssl_calg_seed = 9, + ssl_calg_aes_gcm = 10, + ssl_calg_chacha20 = 11 +} SSLCipherAlgorithm; + +typedef enum { + ssl_mac_null = 0, + ssl_mac_md5 = 1, + ssl_mac_sha = 2, + ssl_hmac_md5 = 3, /* TLS HMAC version of mac_md5 */ + ssl_hmac_sha = 4, /* TLS HMAC version of mac_sha */ + ssl_hmac_sha256 = 5, + ssl_mac_aead = 6, + ssl_hmac_sha384 = 7 +} SSLMACAlgorithm; + +typedef enum { + ssl_compression_null = 0, + ssl_compression_deflate = 1 /* RFC 3749 */ +} SSLCompressionMethod; + +typedef enum { + ssl_grp_ec_sect163k1 = 1, + ssl_grp_ec_sect163r1 = 2, + ssl_grp_ec_sect163r2 = 3, + ssl_grp_ec_sect193r1 = 4, + ssl_grp_ec_sect193r2 = 5, + ssl_grp_ec_sect233k1 = 6, + ssl_grp_ec_sect233r1 = 7, + ssl_grp_ec_sect239k1 = 8, + ssl_grp_ec_sect283k1 = 9, + ssl_grp_ec_sect283r1 = 10, + ssl_grp_ec_sect409k1 = 11, + ssl_grp_ec_sect409r1 = 12, + ssl_grp_ec_sect571k1 = 13, + ssl_grp_ec_sect571r1 = 14, + ssl_grp_ec_secp160k1 = 15, + ssl_grp_ec_secp160r1 = 16, + ssl_grp_ec_secp160r2 = 17, + ssl_grp_ec_secp192k1 = 18, + ssl_grp_ec_secp192r1 = 19, + ssl_grp_ec_secp224k1 = 20, + ssl_grp_ec_secp224r1 = 21, + ssl_grp_ec_secp256k1 = 22, + ssl_grp_ec_secp256r1 = 23, + ssl_grp_ec_secp384r1 = 24, + ssl_grp_ec_secp521r1 = 25, + ssl_grp_ec_curve25519 = 29, /* RFC4492 */ + ssl_grp_ffdhe_2048 = 256, /* RFC7919 */ + ssl_grp_ffdhe_3072 = 257, + ssl_grp_ffdhe_4096 = 258, + ssl_grp_ffdhe_6144 = 259, + ssl_grp_ffdhe_8192 = 260, + ssl_grp_none = 65537, /* special value */ + ssl_grp_ffdhe_custom = 65538 /* special value */ +} SSLNamedGroup; + +typedef struct SSLExtraServerCertDataStr { + /* When this struct is passed to SSL_ConfigServerCert, and authType is set + * to a value other than ssl_auth_null, this limits the use of the key to + * the type defined; otherwise, the certificate is configured for all + * compatible types. */ + SSLAuthType authType; + /* The remainder of the certificate chain. */ + const CERTCertificateList* certChain; + /* A set of one or more stapled OCSP responses for the certificate. This is + * used to generate the OCSP stapling answer provided by the server. */ + const SECItemArray* stapledOCSPResponses; + /* A serialized sign_certificate_timestamp extension, used to answer + * requests from clients for this data. */ + const SECItem* signedCertTimestamps; +} SSLExtraServerCertData; + +typedef struct SSLChannelInfoStr { + /* On return, SSL_GetChannelInfo sets |length| to the smaller of + * the |len| argument and the length of the struct used by NSS. + * Callers must ensure the application uses a version of NSS that + * isn't older than the version used at compile time. */ + PRUint32 length; + PRUint16 protocolVersion; + PRUint16 cipherSuite; + + /* server authentication info */ + PRUint32 authKeyBits; + + /* key exchange algorithm info */ + PRUint32 keaKeyBits; + + /* session info */ + PRUint32 creationTime; /* seconds since Jan 1, 1970 */ + PRUint32 lastAccessTime; /* seconds since Jan 1, 1970 */ + PRUint32 expirationTime; /* seconds since Jan 1, 1970 */ + PRUint32 sessionIDLength; /* up to 32 */ + PRUint8 sessionID[32]; + + /* The following fields are added in NSS 3.12.5. */ + + /* compression method info */ + const char* compressionMethodName; + SSLCompressionMethod compressionMethod; + + /* The following fields are added in NSS 3.21. + * This field only has meaning in TLS < 1.3 and will be set to + * PR_FALSE in TLS 1.3. + */ + PRBool extendedMasterSecretUsed; + + /* The following fields were added in NSS 3.25. + * This field only has meaning in TLS >= 1.3, and indicates on the + * client side that the server accepted early (0-RTT) data. + */ + PRBool earlyDataAccepted; + + /* The following fields were added in NSS 3.28. */ + /* These fields have the same meaning as in SSLCipherSuiteInfo. */ + SSLKEAType keaType; + SSLNamedGroup keaGroup; + SSLCipherAlgorithm symCipher; + SSLMACAlgorithm macAlgorithm; + SSLAuthType authType; + SSLSignatureScheme signatureScheme; + + /* When adding new fields to this structure, please document the + * NSS version in which they were added. */ +} SSLChannelInfo; + +/* Preliminary channel info */ +#define ssl_preinfo_version (1U << 0) +#define ssl_preinfo_cipher_suite (1U << 1) +#define ssl_preinfo_all (ssl_preinfo_version | ssl_preinfo_cipher_suite) + +typedef struct SSLPreliminaryChannelInfoStr { + /* On return, SSL_GetPreliminaryChannelInfo sets |length| to the smaller of + * the |len| argument and the length of the struct used by NSS. + * Callers must ensure the application uses a version of NSS that + * isn't older than the version used at compile time. */ + PRUint32 length; + /* A bitfield over SSLPreliminaryValueSet that describes which + * preliminary values are set (see ssl_preinfo_*). */ + PRUint32 valuesSet; + /* Protocol version: test (valuesSet & ssl_preinfo_version) */ + PRUint16 protocolVersion; + /* Cipher suite: test (valuesSet & ssl_preinfo_cipher_suite) */ + PRUint16 cipherSuite; + + /* When adding new fields to this structure, please document the + * NSS version in which they were added. */ +} SSLPreliminaryChannelInfo; + +typedef struct SSLCipherSuiteInfoStr { + /* On return, SSL_GetCipherSuitelInfo sets |length| to the smaller of + * the |len| argument and the length of the struct used by NSS. + * Callers must ensure the application uses a version of NSS that + * isn't older than the version used at compile time. */ + PRUint16 length; + PRUint16 cipherSuite; + + /* Cipher Suite Name */ + const char* cipherSuiteName; + + /* server authentication info */ + const char* authAlgorithmName; + SSLAuthType authAlgorithm; /* deprecated, use |authType| */ + + /* key exchange algorithm info */ + const char* keaTypeName; + SSLKEAType keaType; + + /* symmetric encryption info */ + const char* symCipherName; + SSLCipherAlgorithm symCipher; + PRUint16 symKeyBits; + PRUint16 symKeySpace; + PRUint16 effectiveKeyBits; + + /* MAC info */ + /* AEAD ciphers don't have a MAC. For an AEAD cipher, macAlgorithmName + * is "AEAD", macAlgorithm is ssl_mac_aead, and macBits is the length in + * bits of the authentication tag. */ + const char* macAlgorithmName; + SSLMACAlgorithm macAlgorithm; + PRUint16 macBits; + + PRUintn isFIPS : 1; + PRUintn isExportable : 1; /* deprecated, don't use */ + PRUintn nonStandard : 1; + PRUintn reservedBits : 29; + + /* The following fields were added in NSS 3.24. */ + /* This reports the correct authentication type for the cipher suite, use + * this instead of |authAlgorithm|. */ + SSLAuthType authType; + + /* When adding new fields to this structure, please document the + * NSS version in which they were added. */ +} SSLCipherSuiteInfo; + +typedef enum { + ssl_variant_stream = 0, + ssl_variant_datagram = 1 +} SSLProtocolVariant; + +typedef struct SSLVersionRangeStr { + PRUint16 min; + PRUint16 max; +} SSLVersionRange; + +typedef enum { + SSL_sni_host_name = 0, + SSL_sni_type_total +} SSLSniNameType; + +/* Supported extensions. */ +/* Update SSL_MAX_EXTENSIONS whenever a new extension type is added. */ +typedef enum { + ssl_server_name_xtn = 0, + ssl_cert_status_xtn = 5, + ssl_supported_groups_xtn = 10, + ssl_ec_point_formats_xtn = 11, + ssl_signature_algorithms_xtn = 13, + ssl_use_srtp_xtn = 14, + ssl_app_layer_protocol_xtn = 16, + /* signed_certificate_timestamp extension, RFC 6962 */ + ssl_signed_cert_timestamp_xtn = 18, + ssl_padding_xtn = 21, + ssl_extended_master_secret_xtn = 23, + ssl_session_ticket_xtn = 35, + ssl_tls13_key_share_xtn = 40, + ssl_tls13_pre_shared_key_xtn = 41, + ssl_tls13_early_data_xtn = 42, + ssl_tls13_supported_versions_xtn = 43, + ssl_tls13_cookie_xtn = 44, + ssl_tls13_psk_key_exchange_modes_xtn = 45, + ssl_tls13_ticket_early_data_info_xtn = 46, + ssl_next_proto_nego_xtn = 13172, + ssl_renegotiation_info_xtn = 0xff01, + ssl_tls13_short_header_xtn = 0xff03 +} SSLExtensionType; + +/* This is the old name for the supported_groups extensions. */ +#define ssl_elliptic_curves_xtn ssl_supported_groups_xtn + +/* SSL_MAX_EXTENSIONS doesn't include ssl_padding_xtn. It includes the maximum + * number of extensions that are supported for any single message type. That + * is, a ClientHello; ServerHello and TLS 1.3 NewSessionTicket and + * HelloRetryRequest extensions are smaller. */ +#define SSL_MAX_EXTENSIONS 19 + +/* Deprecated */ +typedef enum { + ssl_dhe_group_none = 0, + ssl_ff_dhe_2048_group = 1, + ssl_ff_dhe_3072_group = 2, + ssl_ff_dhe_4096_group = 3, + ssl_ff_dhe_6144_group = 4, + ssl_ff_dhe_8192_group = 5, + ssl_dhe_group_max +} SSLDHEGroupType; + +#endif /* __sslt_h_ */ -- cgit v1.2.3