net/third_party/nss/ssl/sslt.h

   1 /*
   2  * This file contains prototypes for the public SSL functions.
   3  *
   4  * This Source Code Form is subject to the terms of the Mozilla Public
   5  * License, v. 2.0. If a copy of the MPL was not distributed with this
   6  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
   7
   8 #ifndef __sslt_h_
   9 #define __sslt_h_
  10
  11 #include "prtypes.h"
  12
  13 /* SECItemArray is added in NSS 3.15.  Define the type if compiling
  14 ** against an older version of NSS.
  15 */
  16 #include "nssutil.h"
  17 #if NSSUTIL_VMAJOR == 3 && NSSUTIL_VMINOR < 15
  18 typedef struct SECItemArrayStr SECItemArray;
  19
  20 struct SECItemArrayStr {
  21     SECItem *items;
  22     unsigned int len;
  23 };
  24 #endif  /* NSSUTIL_VMAJOR == 3 && NSSUTIL_VMINOR < 15 */
  25
  26 typedef struct SSL3StatisticsStr {
  27     /* statistics from ssl3_SendClientHello (sch) */
  28     long sch_sid_cache_hits;
  29     long sch_sid_cache_misses;
  30     long sch_sid_cache_not_ok;
  31
  32     /* statistics from ssl3_HandleServerHello (hsh) */
  33     long hsh_sid_cache_hits;
  34     long hsh_sid_cache_misses;
  35     long hsh_sid_cache_not_ok;
  36
  37     /* statistics from ssl3_HandleClientHello (hch) */
  38     long hch_sid_cache_hits;
  39     long hch_sid_cache_misses;
  40     long hch_sid_cache_not_ok;
  41
  42     /* statistics related to stateless resume */
  43     long sch_sid_stateless_resumes;
  44     long hsh_sid_stateless_resumes;
  45     long hch_sid_stateless_resumes;
  46     long hch_sid_ticket_parse_failures;
  47 } SSL3Statistics;
  48
  49 /* Key Exchange algorithm values */
  50 typedef enum {
  51     ssl_kea_null     = 0,
  52     ssl_kea_rsa      = 1,
  53     ssl_kea_dh       = 2,
  54     ssl_kea_fortezza = 3,       /* deprecated, now unused */
  55     ssl_kea_ecdh     = 4,
  56     ssl_kea_size                /* number of ssl_kea_ algorithms */
  57 } SSLKEAType;
  58
  59 /* The following defines are for backwards compatibility.
  60 ** They will be removed in a forthcoming release to reduce namespace pollution.
  61 ** programs that use the kt_ symbols should convert to the ssl_kt_ symbols
  62 ** soon.
  63 */
  64 #define kt_null         ssl_kea_null
  65 #define kt_rsa          ssl_kea_rsa
  66 #define kt_dh           ssl_kea_dh
  67 #define kt_fortezza     ssl_kea_fortezza       /* deprecated, now unused */
  68 #define kt_ecdh         ssl_kea_ecdh
  69 #define kt_kea_size     ssl_kea_size
  70
  71 typedef enum {
  72     ssl_sign_null   = 0,
  73     ssl_sign_rsa    = 1,
  74     ssl_sign_dsa    = 2,
  75     ssl_sign_ecdsa  = 3
  76 } SSLSignType;
  77
  78 typedef enum {
  79     ssl_auth_null   = 0,
  80     ssl_auth_rsa    = 1,
  81     ssl_auth_dsa    = 2,
  82     ssl_auth_kea    = 3,
  83     ssl_auth_ecdsa  = 4
  84 } SSLAuthType;
  85
  86 typedef enum {
  87     ssl_calg_null     = 0,
  88     ssl_calg_rc4      = 1,
  89     ssl_calg_rc2      = 2,
  90     ssl_calg_des      = 3,
  91     ssl_calg_3des     = 4,
  92     ssl_calg_idea     = 5,
  93     ssl_calg_fortezza = 6,      /* deprecated, now unused */
  94     ssl_calg_aes      = 7,
  95     ssl_calg_camellia = 8,
  96     ssl_calg_seed     = 9,
  97     ssl_calg_aes_gcm  = 10,
  98     ssl_calg_chacha20 = 11
  99 } SSLCipherAlgorithm;
 100
 101 typedef enum {
 102     ssl_mac_null      = 0,
 103     ssl_mac_md5       = 1,
 104     ssl_mac_sha       = 2,
 105     ssl_hmac_md5      = 3,      /* TLS HMAC version of mac_md5 */
 106     ssl_hmac_sha      = 4,      /* TLS HMAC version of mac_sha */
 107     ssl_hmac_sha256   = 5,
 108     ssl_mac_aead      = 6
 109 } SSLMACAlgorithm;
 110
 111 typedef enum {
 112     ssl_compression_null = 0,
 113     ssl_compression_deflate = 1  /* RFC 3749 */
 114 } SSLCompressionMethod;
 115
 116 typedef struct SSLChannelInfoStr {
 117     PRUint32             length;
 118     PRUint16             protocolVersion;
 119     PRUint16             cipherSuite;
 120
 121     /* server authentication info */
 122     PRUint32             authKeyBits;
 123
 124     /* key exchange algorithm info */
 125     PRUint32             keaKeyBits;
 126
 127     /* session info */
 128     PRUint32             creationTime;          /* seconds since Jan 1, 1970 */
 129     PRUint32             lastAccessTime;        /* seconds since Jan 1, 1970 */
 130     PRUint32             expirationTime;        /* seconds since Jan 1, 1970 */
 131     PRUint32             sessionIDLength;       /* up to 32 */
 132     PRUint8              sessionID    [32];
 133
 134     /* The following fields are added in NSS 3.12.5. */
 135
 136     /* compression method info */
 137     const char *         compressionMethodName;
 138     SSLCompressionMethod compressionMethod;
 139 } SSLChannelInfo;
 140
 141 typedef struct SSLCipherSuiteInfoStr {
 142     PRUint16             length;
 143     PRUint16             cipherSuite;
 144
 145     /* Cipher Suite Name */
 146     const char *         cipherSuiteName;
 147
 148     /* server authentication info */
 149     const char *         authAlgorithmName;
 150     SSLAuthType          authAlgorithm;
 151
 152     /* key exchange algorithm info */
 153     const char *         keaTypeName;
 154     SSLKEAType           keaType;
 155
 156     /* symmetric encryption info */
 157     const char *         symCipherName;
 158     SSLCipherAlgorithm   symCipher;
 159     PRUint16             symKeyBits;
 160     PRUint16             symKeySpace;
 161     PRUint16             effectiveKeyBits;
 162
 163     /* MAC info */
 164     /* AEAD ciphers don't have a MAC. For an AEAD cipher, macAlgorithmName
 165      * is "AEAD", macAlgorithm is ssl_mac_aead, and macBits is the length in
 166      * bits of the authentication tag. */
 167     const char *         macAlgorithmName;
 168     SSLMACAlgorithm      macAlgorithm;
 169     PRUint16             macBits;
 170
 171     PRUintn              isFIPS       : 1;
 172     PRUintn              isExportable : 1;
 173     PRUintn              nonStandard  : 1;
 174     PRUintn              reservedBits :29;
 175
 176 } SSLCipherSuiteInfo;
 177
 178 typedef enum {
 179     ssl_variant_stream = 0,
 180     ssl_variant_datagram = 1
 181 } SSLProtocolVariant;
 182
 183 typedef struct SSLVersionRangeStr {
 184     PRUint16 min;
 185     PRUint16 max;
 186 } SSLVersionRange;
 187
 188 typedef enum {
 189     SSL_sni_host_name                    = 0,
 190     SSL_sni_type_total
 191 } SSLSniNameType;
 192
 193 /* Supported extensions. */
 194 /* Update SSL_MAX_EXTENSIONS whenever a new extension type is added. */
 195 typedef enum {
 196     ssl_server_name_xtn              = 0,
 197     ssl_cert_status_xtn              = 5,
 198 #ifdef NSS_ENABLE_ECC
 199     ssl_elliptic_curves_xtn          = 10,
 200     ssl_ec_point_formats_xtn         = 11,
 201 #endif
 202     ssl_signature_algorithms_xtn     = 13,
 203     ssl_use_srtp_xtn                 = 14,
 204     ssl_app_layer_protocol_xtn       = 16,
 205     ssl_signed_certificate_timestamp_xtn = 18,   /* RFC 6962 */
 206     ssl_padding_xtn                  = 21,
 207     ssl_session_ticket_xtn           = 35,
 208     ssl_next_proto_nego_xtn          = 13172,
 209     ssl_channel_id_xtn               = 30032,
 210     ssl_renegotiation_info_xtn       = 0xff01   /* experimental number */
 211 } SSLExtensionType;
 212
 213 #define SSL_MAX_EXTENSIONS             12 /* doesn't include ssl_padding_xtn. */
 214
 215 #endif /* __sslt_h_ */