OLD | NEW |
1 /* | 1 /* |
2 * This file contains prototypes for the public SSL functions. | 2 * This file contains prototypes for the public SSL functions. |
3 * | 3 * |
4 * This Source Code Form is subject to the terms of the Mozilla Public | 4 * This Source Code Form is subject to the terms of the Mozilla Public |
5 * License, v. 2.0. If a copy of the MPL was not distributed with this | 5 * License, v. 2.0. If a copy of the MPL was not distributed with this |
6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
7 | 7 |
8 #ifndef __sslt_h_ | 8 #ifndef __sslt_h_ |
9 #define __sslt_h_ | 9 #define __sslt_h_ |
10 | 10 |
11 #include "prtypes.h" | 11 #include "prtypes.h" |
12 | 12 |
13 typedef struct SSL3StatisticsStr { | 13 typedef struct SSL3StatisticsStr { |
14 /* statistics from ssl3_SendClientHello (sch) */ | 14 /* statistics from ssl3_SendClientHello (sch) */ |
15 long sch_sid_cache_hits; | 15 long sch_sid_cache_hits; |
16 long sch_sid_cache_misses; | 16 long sch_sid_cache_misses; |
17 long sch_sid_cache_not_ok; | 17 long sch_sid_cache_not_ok; |
18 | 18 |
19 /* statistics from ssl3_HandleServerHello (hsh) */ | 19 /* statistics from ssl3_HandleServerHello (hsh) */ |
20 long hsh_sid_cache_hits; | 20 long hsh_sid_cache_hits; |
21 long hsh_sid_cache_misses; | 21 long hsh_sid_cache_misses; |
22 long hsh_sid_cache_not_ok; | 22 long hsh_sid_cache_not_ok; |
23 | 23 |
24 /* statistics from ssl3_HandleClientHello (hch) */ | 24 /* statistics from ssl3_HandleClientHello (hch) */ |
25 long hch_sid_cache_hits; | 25 long hch_sid_cache_hits; |
26 long hch_sid_cache_misses; | 26 long hch_sid_cache_misses; |
27 long hch_sid_cache_not_ok; | 27 long hch_sid_cache_not_ok; |
28 | 28 |
29 /* statistics related to stateless resume */ | 29 /* statistics related to stateless resume */ |
30 long sch_sid_stateless_resumes; | 30 long sch_sid_stateless_resumes; |
31 long hsh_sid_stateless_resumes; | 31 long hsh_sid_stateless_resumes; |
32 long hch_sid_stateless_resumes; | 32 long hch_sid_stateless_resumes; |
33 long hch_sid_ticket_parse_failures; | 33 long hch_sid_ticket_parse_failures; |
34 } SSL3Statistics; | 34 } SSL3Statistics; |
35 | 35 |
36 /* Key Exchange algorithm values */ | 36 /* Key Exchange algorithm values */ |
37 typedef enum { | 37 typedef enum { |
38 ssl_kea_null = 0, | 38 ssl_kea_null = 0, |
39 ssl_kea_rsa = 1, | 39 ssl_kea_rsa = 1, |
40 ssl_kea_dh = 2, | 40 ssl_kea_dh = 2, |
41 ssl_kea_fortezza = 3, /* deprecated, now unused */ | 41 ssl_kea_fortezza = 3, /* deprecated, now unused */ |
42 ssl_kea_ecdh = 4, | 42 ssl_kea_ecdh = 4, |
43 ssl_kea_size» » /* number of ssl_kea_ algorithms */ | 43 ssl_kea_size /* number of ssl_kea_ algorithms */ |
44 } SSLKEAType; | 44 } SSLKEAType; |
45 | 45 |
46 /* The following defines are for backwards compatibility. | 46 /* The following defines are for backwards compatibility. |
47 ** They will be removed in a forthcoming release to reduce namespace pollution. | 47 ** They will be removed in a forthcoming release to reduce namespace pollution. |
48 ** programs that use the kt_ symbols should convert to the ssl_kt_ symbols | 48 ** programs that use the kt_ symbols should convert to the ssl_kt_ symbols |
49 ** soon. | 49 ** soon. |
50 */ | 50 */ |
51 #define kt_null » ssl_kea_null | 51 #define kt_null ssl_kea_null |
52 #define kt_rsa » ssl_kea_rsa | 52 #define kt_rsa ssl_kea_rsa |
53 #define kt_dh » ssl_kea_dh | 53 #define kt_dh ssl_kea_dh |
54 #define kt_fortezza» ssl_kea_fortezza /* deprecated, now unused */ | 54 #define kt_fortezza ssl_kea_fortezza /* deprecated, now unused */ |
55 #define kt_ecdh » ssl_kea_ecdh | 55 #define kt_ecdh ssl_kea_ecdh |
56 #define kt_kea_size» ssl_kea_size | 56 #define kt_kea_size ssl_kea_size |
57 | 57 |
58 typedef enum { | 58 typedef enum { |
59 ssl_sign_null = 0, | 59 ssl_sign_null = 0, |
60 ssl_sign_rsa = 1, | 60 ssl_sign_rsa = 1, |
61 ssl_sign_dsa = 2, | 61 ssl_sign_dsa = 2, |
62 ssl_sign_ecdsa = 3 | 62 ssl_sign_ecdsa = 3 |
63 } SSLSignType; | 63 } SSLSignType; |
64 | 64 |
65 typedef enum { | 65 typedef enum { |
66 ssl_auth_null = 0, | 66 ssl_auth_null = 0, |
67 ssl_auth_rsa = 1, | 67 ssl_auth_rsa = 1, |
68 ssl_auth_dsa = 2, | 68 ssl_auth_dsa = 2, |
69 ssl_auth_kea = 3, | 69 ssl_auth_kea = 3, |
70 ssl_auth_ecdsa = 4 | 70 ssl_auth_ecdsa = 4 |
71 } SSLAuthType; | 71 } SSLAuthType; |
72 | 72 |
73 typedef enum { | 73 typedef enum { |
74 ssl_calg_null = 0, | 74 ssl_calg_null = 0, |
75 ssl_calg_rc4 = 1, | 75 ssl_calg_rc4 = 1, |
76 ssl_calg_rc2 = 2, | 76 ssl_calg_rc2 = 2, |
77 ssl_calg_des = 3, | 77 ssl_calg_des = 3, |
78 ssl_calg_3des = 4, | 78 ssl_calg_3des = 4, |
79 ssl_calg_idea = 5, | 79 ssl_calg_idea = 5, |
80 ssl_calg_fortezza = 6, /* deprecated, now unused */ | 80 ssl_calg_fortezza = 6, /* deprecated, now unused */ |
81 ssl_calg_aes = 7, | 81 ssl_calg_aes = 7, |
82 ssl_calg_camellia = 8, | 82 ssl_calg_camellia = 8, |
83 ssl_calg_seed = 9, | 83 ssl_calg_seed = 9, |
84 ssl_calg_aes_gcm = 10 | 84 ssl_calg_aes_gcm = 10 |
85 } SSLCipherAlgorithm; | 85 } SSLCipherAlgorithm; |
86 | 86 |
87 typedef enum { | 87 typedef enum { |
88 ssl_mac_null = 0, | 88 ssl_mac_null = 0, |
89 ssl_mac_md5 = 1, | 89 ssl_mac_md5 = 1, |
90 ssl_mac_sha = 2, | 90 ssl_mac_sha = 2, |
91 ssl_hmac_md5 = 3, » /* TLS HMAC version of mac_md5 */ | 91 ssl_hmac_md5 = 3, /* TLS HMAC version of mac_md5 */ |
92 ssl_hmac_sha = 4, » /* TLS HMAC version of mac_sha */ | 92 ssl_hmac_sha = 4, /* TLS HMAC version of mac_sha */ |
93 ssl_hmac_sha256 = 5, | 93 ssl_hmac_sha256 = 5, |
94 ssl_mac_aead = 6 | 94 ssl_mac_aead = 6 |
95 } SSLMACAlgorithm; | 95 } SSLMACAlgorithm; |
96 | 96 |
97 typedef enum { | 97 typedef enum { |
98 ssl_compression_null = 0, | 98 ssl_compression_null = 0, |
99 ssl_compression_deflate = 1 /* RFC 3749 */ | 99 ssl_compression_deflate = 1 /* RFC 3749 */ |
100 } SSLCompressionMethod; | 100 } SSLCompressionMethod; |
101 | 101 |
102 typedef struct SSLChannelInfoStr { | 102 typedef struct SSLChannelInfoStr { |
103 PRUint32 length; | 103 PRUint32 length; |
104 PRUint16 protocolVersion; | 104 PRUint16 protocolVersion; |
105 PRUint16 cipherSuite; | 105 PRUint16 cipherSuite; |
106 | 106 |
107 /* server authentication info */ | 107 /* server authentication info */ |
108 PRUint32 authKeyBits; | 108 PRUint32 authKeyBits; |
109 | 109 |
110 /* key exchange algorithm info */ | 110 /* key exchange algorithm info */ |
111 PRUint32 keaKeyBits; | 111 PRUint32 keaKeyBits; |
112 | 112 |
113 /* session info */ | 113 /* session info */ |
114 PRUint32 creationTime;» » /* seconds since Jan 1, 1970 */ | 114 PRUint32 creationTime; /* seconds since Jan 1, 1970 */ |
115 PRUint32 lastAccessTime;» /* seconds since Jan 1, 1970 */ | 115 PRUint32 lastAccessTime; /* seconds since Jan 1, 1970 */ |
116 PRUint32 expirationTime;» /* seconds since Jan 1, 1970 */ | 116 PRUint32 expirationTime; /* seconds since Jan 1, 1970 */ |
117 PRUint32 sessionIDLength;» /* up to 32 */ | 117 PRUint32 sessionIDLength; /* up to 32 */ |
118 PRUint8 sessionID [32]; | 118 PRUint8 sessionID[32]; |
119 | 119 |
120 /* The following fields are added in NSS 3.12.5. */ | 120 /* The following fields are added in NSS 3.12.5. */ |
121 | 121 |
122 /* compression method info */ | 122 /* compression method info */ |
123 const char * compressionMethodName; | 123 const char* compressionMethodName; |
124 SSLCompressionMethod compressionMethod; | 124 SSLCompressionMethod compressionMethod; |
125 } SSLChannelInfo; | 125 } SSLChannelInfo; |
126 | 126 |
127 typedef struct SSLCipherSuiteInfoStr { | 127 typedef struct SSLCipherSuiteInfoStr { |
128 PRUint16 length; | 128 PRUint16 length; |
129 PRUint16 cipherSuite; | 129 PRUint16 cipherSuite; |
130 | 130 |
131 /* Cipher Suite Name */ | 131 /* Cipher Suite Name */ |
132 const char * cipherSuiteName; | 132 const char* cipherSuiteName; |
133 | 133 |
134 /* server authentication info */ | 134 /* server authentication info */ |
135 const char * authAlgorithmName; | 135 const char* authAlgorithmName; |
136 SSLAuthType authAlgorithm; | 136 SSLAuthType authAlgorithm; |
137 | 137 |
138 /* key exchange algorithm info */ | 138 /* key exchange algorithm info */ |
139 const char * keaTypeName; | 139 const char* keaTypeName; |
140 SSLKEAType keaType; | 140 SSLKEAType keaType; |
141 | 141 |
142 /* symmetric encryption info */ | 142 /* symmetric encryption info */ |
143 const char * symCipherName; | 143 const char* symCipherName; |
144 SSLCipherAlgorithm symCipher; | 144 SSLCipherAlgorithm symCipher; |
145 PRUint16 symKeyBits; | 145 PRUint16 symKeyBits; |
146 PRUint16 symKeySpace; | 146 PRUint16 symKeySpace; |
147 PRUint16 effectiveKeyBits; | 147 PRUint16 effectiveKeyBits; |
148 | 148 |
149 /* MAC info */ | 149 /* MAC info */ |
150 /* AEAD ciphers don't have a MAC. For an AEAD cipher, macAlgorithmName | 150 /* AEAD ciphers don't have a MAC. For an AEAD cipher, macAlgorithmName |
151 * is "AEAD", macAlgorithm is ssl_mac_aead, and macBits is the length in | 151 * is "AEAD", macAlgorithm is ssl_mac_aead, and macBits is the length in |
152 * bits of the authentication tag. */ | 152 * bits of the authentication tag. */ |
153 const char * macAlgorithmName; | 153 const char* macAlgorithmName; |
154 SSLMACAlgorithm macAlgorithm; | 154 SSLMACAlgorithm macAlgorithm; |
155 PRUint16 macBits; | 155 PRUint16 macBits; |
156 | 156 |
157 PRUintn isFIPS : 1; | 157 PRUintn isFIPS : 1; |
158 PRUintn isExportable : 1; | 158 PRUintn isExportable : 1; |
159 PRUintn nonStandard : 1; | 159 PRUintn nonStandard : 1; |
160 PRUintn reservedBits :29; | 160 PRUintn reservedBits : 29; |
161 | 161 |
162 } SSLCipherSuiteInfo; | 162 } SSLCipherSuiteInfo; |
163 | 163 |
164 typedef enum { | 164 typedef enum { |
165 ssl_variant_stream = 0, | 165 ssl_variant_stream = 0, |
166 ssl_variant_datagram = 1 | 166 ssl_variant_datagram = 1 |
167 } SSLProtocolVariant; | 167 } SSLProtocolVariant; |
168 | 168 |
169 typedef struct SSLVersionRangeStr { | 169 typedef struct SSLVersionRangeStr { |
170 PRUint16 min; | 170 PRUint16 min; |
171 PRUint16 max; | 171 PRUint16 max; |
172 } SSLVersionRange; | 172 } SSLVersionRange; |
173 | 173 |
174 typedef enum { | 174 typedef enum { |
175 SSL_sni_host_name = 0, | 175 SSL_sni_host_name = 0, |
176 SSL_sni_type_total | 176 SSL_sni_type_total |
177 } SSLSniNameType; | 177 } SSLSniNameType; |
178 | 178 |
179 /* Supported extensions. */ | 179 /* Supported extensions. */ |
180 /* Update SSL_MAX_EXTENSIONS whenever a new extension type is added. */ | 180 /* Update SSL_MAX_EXTENSIONS whenever a new extension type is added. */ |
181 typedef enum { | 181 typedef enum { |
182 ssl_server_name_xtn = 0, | 182 ssl_server_name_xtn = 0, |
183 ssl_cert_status_xtn = 5, | 183 ssl_cert_status_xtn = 5, |
184 #ifndef NSS_DISABLE_ECC | 184 #ifndef NSS_DISABLE_ECC |
185 ssl_elliptic_curves_xtn = 10, | 185 ssl_elliptic_curves_xtn = 10, |
186 ssl_ec_point_formats_xtn = 11, | 186 ssl_ec_point_formats_xtn = 11, |
187 #endif | 187 #endif |
188 ssl_signature_algorithms_xtn = 13, | 188 ssl_signature_algorithms_xtn = 13, |
189 ssl_use_srtp_xtn = 14, | 189 ssl_use_srtp_xtn = 14, |
190 ssl_app_layer_protocol_xtn = 16, | 190 ssl_app_layer_protocol_xtn = 16, |
191 ssl_padding_xtn = 21, | 191 ssl_padding_xtn = 21, |
192 ssl_session_ticket_xtn = 35, | 192 ssl_session_ticket_xtn = 35, |
193 ssl_next_proto_nego_xtn = 13172, | 193 ssl_next_proto_nego_xtn = 13172, |
194 ssl_renegotiation_info_xtn = 0xff01, | 194 ssl_renegotiation_info_xtn = 0xff01, |
195 ssl_tls13_draft_version_xtn = 0xff02 /* experimental number */ | 195 ssl_tls13_draft_version_xtn = 0xff02 /* experimental number */ |
196 } SSLExtensionType; | 196 } SSLExtensionType; |
197 | 197 |
198 #define SSL_MAX_EXTENSIONS 11 /* doesn't include ssl_padding_xtn. */ | 198 #define SSL_MAX_EXTENSIONS 11 /* doesn't include ssl_padding_xtn. */ |
199 | 199 |
200 #endif /* __sslt_h_ */ | 200 #endif /* __sslt_h_ */ |
OLD | NEW |