From 26a029d407be480d791972afb5975cf62c9360a6 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Fri, 19 Apr 2024 02:47:55 +0200 Subject: Adding upstream version 124.0.1. Signed-off-by: Daniel Baumann --- security/nss/lib/ssl/ssl3ext.h | 226 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 226 insertions(+) create mode 100644 security/nss/lib/ssl/ssl3ext.h (limited to 'security/nss/lib/ssl/ssl3ext.h') diff --git a/security/nss/lib/ssl/ssl3ext.h b/security/nss/lib/ssl/ssl3ext.h new file mode 100644 index 0000000000..c1bed29901 --- /dev/null +++ b/security/nss/lib/ssl/ssl3ext.h @@ -0,0 +1,226 @@ +/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* + * This file is PRIVATE to SSL. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef __ssl3ext_h_ +#define __ssl3ext_h_ + +#include "pk11hpke.h" +#include "sslencode.h" + +typedef enum { + sni_nametype_hostname +} SNINameType; +typedef struct TLSExtensionDataStr TLSExtensionData; + +/* Registerable callback function that either appends extension to buffer + * or returns length of data that it would have appended. + */ +typedef SECStatus (*sslExtensionBuilderFunc)(const sslSocket *ss, + TLSExtensionData *xtnData, + sslBuffer *buf, PRBool *added); + +/* row in a table of hello extension senders */ +typedef struct { + PRInt32 ex_type; + sslExtensionBuilderFunc ex_sender; +} sslExtensionBuilder; + +/* RFC 8879: TLS Certificate Compression - 3. Negotiating Certificate Compression +** enum { +** zlib(1), +** brotli(2), +** zstd(3), +** (65535) +** } CertificateCompressionAlgorithm; +*/ +typedef PRUint16 SSLCertificateCompressionAlgorithmID; + +struct TLSExtensionDataStr { + /* registered callbacks that send server hello extensions */ + sslExtensionBuilder serverHelloSenders[SSL_MAX_EXTENSIONS]; + sslExtensionBuilder encryptedExtensionsSenders[SSL_MAX_EXTENSIONS]; + sslExtensionBuilder certificateSenders[SSL_MAX_EXTENSIONS]; + + /* Keep track of the extensions that are advertised or negotiated. */ + PRUint16 numAdvertised; + PRUint16 *advertised; /* Allocated dynamically. */ + PRUint16 echNumAdvertised; /* Tracks Xtns offered in ClientHelloInner. */ + PRUint16 *echAdvertised; + PRUint16 numNegotiated; + PRUint16 negotiated[SSL_MAX_EXTENSIONS]; + + /* SessionTicket Extension related data. */ + PRBool ticketTimestampVerified; + PRBool emptySessionTicket; + PRBool sentSessionTicketInClientHello; + SECItem psk_ke_modes; + PRUint32 max_early_data_size; + + /* SNI Extension related data + * Names data is not coppied from the input buffer. It can not be + * used outside the scope where input buffer is defined and that + * is beyond ssl3_HandleClientHello function. */ + SECItem *sniNameArr; + PRUint32 sniNameArrSize; + + /* Signed Certificate Timestamps extracted from the TLS extension. + * (client only). + * This container holds a temporary pointer to the extension data, + * until a session structure (the sec.ci.sid of an sslSocket) is setup + * that can hold a permanent copy of the data + * (in sec.ci.sid.u.ssl3.signedCertTimestamps). + * The data pointed to by this structure is neither explicitly allocated + * nor copied: the pointer points to the handshake message buffer and is + * only valid in the scope of ssl3_HandleServerHello. + */ + SECItem signedCertTimestamps; + + PRBool peerSupportsFfdheGroups; /* if the peer supports named ffdhe groups */ + + /* clientSigAndHash contains the contents of the signature_algorithms + * extension (if any) the other side supports. This is only valid for TLS + * 1.2 or later. In TLS 1.3, it is also used for CertificateRequest. */ + SSLSignatureScheme *sigSchemes; + unsigned int numSigSchemes; + + /* Keep track of signature schemes that the remote peer supports for + * Delegated Credentials signatures, as well was those we have + * advertised (for purposes of validating any received DC). + * This list may not be the same as those supported for certificates. + * Only valid for TLS 1.3. */ + SSLSignatureScheme *delegCredSigSchemes; + unsigned int numDelegCredSigSchemes; + SSLSignatureScheme *delegCredSigSchemesAdvertised; + unsigned int numDelegCredSigSchemesAdvertised; + + SECItem certReqContext; + CERTDistNames certReqAuthorities; + + /* In a client: if the server supports Next Protocol Negotiation, then + * this is the protocol that was negotiated. + */ + SECItem nextProto; + SSLNextProtoState nextProtoState; + + PRUint16 dtlsSRTPCipherSuite; /* 0 if not selected */ + + unsigned int echXtnOffset; /* The start of the ECH Xtn (if any) */ + unsigned int lastXtnOffset; /* Where to insert any other extensions. + * 0 = end, otherwise base of PSK xtn. */ + PRCList remoteKeyShares; /* The other side's public keys (TLS 1.3) */ + + /* The following are used by a TLS 1.3 server. */ + SECItem pskBinder; /* The binder for the first PSK. */ + unsigned int pskBindersLen; /* The length of the binders. */ + PRUint32 ticketAge; /* Used to accept early data. */ + SECItem cookie; /* HRR Cookie. */ + const sslNamedGroupDef *selectedGroup; /* For HRR. */ + /* The application token contains a value that was passed to the client via + * a session ticket, or the cookie in a HelloRetryRequest. */ + SECItem applicationToken; + + /* The record size limit set by the peer. Our value is kept in ss->opt. */ + PRUint16 recordSizeLimit; + + /* Delegated credentials. + * + * The delegated credential sent by the peer. Set by + * |tls13_ReadDelegatedCredential|. + */ + sslDelegatedCredential *peerDelegCred; + /* Whether the peer requested a delegated credential. */ + PRBool peerRequestedDelegCred; + /* Whether the host is committed to using a delegated credential. Set by + * |tls13_MaybeSetDelegatedCredential|. + */ + PRBool sendingDelegCredToPeer; + + /* A non-owning reference to the selected PSKs. MUST NOT be freed directly, + * rather through tls13_DestoryPskList(). */ + sslPsk *selectedPsk; + + /* ECH working state. Non-null when a valid Encrypted Client Hello extension + * was received. */ + sslEchXtnState *ech; + + /* The compression algorithm that will be used to encode certificates. */ + SSLCertificateCompressionAlgorithmID compressionAlg; + PRBool certificateCompressionAdvertised; +}; + +typedef struct TLSExtensionStr { + PRCList link; /* The linked list link */ + PRUint16 type; /* Extension type */ + SECItem data; /* Pointers into the handshake data. */ +} TLSExtension; + +typedef struct sslCustomExtensionHooks { + PRCList link; + PRUint16 type; + SSLExtensionWriter writer; + void *writerArg; + SSLExtensionHandler handler; + void *handlerArg; +} sslCustomExtensionHooks; + +SECStatus ssl3_HandleExtensions(sslSocket *ss, + PRUint8 **b, PRUint32 *length, + SSLHandshakeType handshakeMessage); +SECStatus ssl3_ParseExtensions(sslSocket *ss, + PRUint8 **b, PRUint32 *length); +SECStatus ssl3_HandleParsedExtensions(sslSocket *ss, + SSLHandshakeType handshakeMessage); +TLSExtension *ssl3_FindExtension(sslSocket *ss, + SSLExtensionType extension_type); +void ssl3_DestroyRemoteExtensions(PRCList *list); +void ssl3_MoveRemoteExtensions(PRCList *dst, PRCList *src); +void ssl3_InitExtensionData(TLSExtensionData *xtnData, const sslSocket *ss); +void ssl3_DestroyExtensionData(TLSExtensionData *xtnData); +void ssl3_ResetExtensionData(TLSExtensionData *xtnData, const sslSocket *ss); + +PRBool ssl3_ExtensionNegotiated(const sslSocket *ss, PRUint16 ex_type); +PRBool ssl3_ExtensionAdvertised(const sslSocket *ss, PRUint16 ex_type); + +SECStatus ssl3_RegisterExtensionSender(const sslSocket *ss, + TLSExtensionData *xtnData, + PRUint16 ex_type, + sslExtensionBuilderFunc cb); +SECStatus ssl_ConstructExtensions(sslSocket *ss, sslBuffer *buf, + SSLHandshakeType message); +SECStatus ssl_SendEmptyExtension(const sslSocket *ss, TLSExtensionData *xtnData, + sslBuffer *buf, PRBool *append); +SECStatus ssl3_EmplaceExtension(sslSocket *ss, sslBuffer *buf, PRUint16 exType, + const PRUint8 *data, unsigned int len, PRBool advertise); +SECStatus ssl_InsertPaddingExtension(sslSocket *ss, unsigned int prefixLen, + sslBuffer *buf); + +/* Thunks to let us operate on const sslSocket* objects. */ +void ssl3_ExtSendAlert(const sslSocket *ss, SSL3AlertLevel level, + SSL3AlertDescription desc); +void ssl3_ExtDecodeError(const sslSocket *ss); +SECStatus ssl3_ExtConsumeHandshake(const sslSocket *ss, void *v, PRUint32 bytes, + PRUint8 **b, PRUint32 *length); +SECStatus ssl3_ExtConsumeHandshakeNumber(const sslSocket *ss, PRUint32 *num, + PRUint32 bytes, PRUint8 **b, + PRUint32 *length); +SECStatus ssl3_ExtConsumeHandshakeVariable(const sslSocket *ss, SECItem *i, + PRUint32 bytes, PRUint8 **b, + PRUint32 *length); + +SECStatus SSLExp_GetExtensionSupport(PRUint16 type, + SSLExtensionSupport *support); +SECStatus SSLExp_InstallExtensionHooks( + PRFileDesc *fd, PRUint16 extension, SSLExtensionWriter writer, + void *writerArg, SSLExtensionHandler handler, void *handlerArg); +sslCustomExtensionHooks *ssl_FindCustomExtensionHooks(sslSocket *ss, PRUint16 extension); +SECStatus ssl_CallCustomExtensionSenders(sslSocket *ss, sslBuffer *buf, + SSLHandshakeType message); +SECStatus tls_ClientHelloExtensionPermutationSetup(sslSocket *ss); +void tls_ClientHelloExtensionPermutationDestroy(sslSocket *ss); + +#endif -- cgit v1.2.3