1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
|
/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
/* Private header file of libSSL.
* Various and sundry protocol constants. DON'T CHANGE THESE. These
* values are defined by the SSL 3.0 protocol specification.
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef __ssl3proto_h_
#define __ssl3proto_h_
typedef PRUint16 SSL3ProtocolVersion;
/* version numbers are defined in sslproto.h */
/* DTLS 1.3 is still a draft. */
#define DTLS_1_3_DRAFT_VERSION 43
typedef PRUint16 ssl3CipherSuite;
/* The cipher suites are defined in sslproto.h */
#define MAX_CERT_TYPES 10
#define MAX_MAC_LENGTH 64
#define MAX_PADDING_LENGTH 64
#define MAX_KEY_LENGTH 64
#define EXPORT_KEY_LENGTH 5
#define SSL3_RANDOM_LENGTH 32
#define SSL3_RECORD_HEADER_LENGTH 5
/* SSL3_RECORD_HEADER_LENGTH + epoch/sequence_number */
#define DTLS_RECORD_HEADER_LENGTH 13
/* Max values for TLS records/ciphertexts
* For TLS 1.2 records MUST NOT be longer than 2^14 + 2048
* For TLS 1.3 records MUST NOT exceed 2^14 + 256 bytes.
* [RFC8446 Section 5.2, RFC5246 Section 6.2.3]. */
#define MAX_FRAGMENT_LENGTH 16384
#define TLS_1_2_MAX_EXPANSION 2048
#define TLS_1_3_MAX_EXPANSION (255 + 1)
#define TLS_1_3_MAX_CTEXT_LENGTH ((MAX_FRAGMENT_LENGTH) + (TLS_1_3_MAX_EXPANSION))
#define TLS_1_2_MAX_CTEXT_LENGTH ((MAX_FRAGMENT_LENGTH) + (TLS_1_2_MAX_EXPANSION))
/* DTLS_X_X_MAX_PACKET_LENGTH = TLS_X_X_MAX_RECORD_LENGTH + HEADER_LENGTH,
* used for DTLS datagram buffer size setting. We do not support DTLS CID! */
#define DTLS_1_3_MAX_PACKET_LENGTH ((TLS_1_3_MAX_CTEXT_LENGTH) + (SSL3_RECORD_HEADER_LENGTH))
#define DTLS_1_2_MAX_PACKET_LENGTH ((TLS_1_2_MAX_CTEXT_LENGTH) + (DTLS_RECORD_HEADER_LENGTH))
typedef enum { change_cipher_spec_choice = 1 } SSL3ChangeCipherSpecChoice;
typedef enum { alert_warning = 1,
alert_fatal = 2 } SSL3AlertLevel;
typedef enum {
close_notify = 0,
unexpected_message = 10,
bad_record_mac = 20,
decryption_failed_RESERVED = 21, /* do not send; see RFC 5246 */
record_overflow = 22, /* TLS only */
decompression_failure = 30,
handshake_failure = 40,
no_certificate = 41, /* SSL3 only, NOT TLS */
bad_certificate = 42,
unsupported_certificate = 43,
certificate_revoked = 44,
certificate_expired = 45,
certificate_unknown = 46,
illegal_parameter = 47,
/* All alerts below are TLS only. */
unknown_ca = 48,
access_denied = 49,
decode_error = 50,
decrypt_error = 51,
export_restriction = 60,
protocol_version = 70,
insufficient_security = 71,
internal_error = 80,
inappropriate_fallback = 86, /* could also be sent for SSLv3 */
user_canceled = 90,
no_renegotiation = 100,
/* Alerts for client hello extensions */
missing_extension = 109,
unsupported_extension = 110,
certificate_unobtainable = 111,
unrecognized_name = 112,
bad_certificate_status_response = 113,
bad_certificate_hash_value = 114,
certificate_required = 116,
no_application_protocol = 120,
ech_required = 121,
/* invalid alert */
no_alert = 256
} SSL3AlertDescription;
typedef PRUint8 SSL3Random[SSL3_RANDOM_LENGTH];
typedef struct {
PRUint8 id[32];
PRUint8 length;
} SSL3SessionID;
/* SSL3SignType moved to ssl.h */
/* The SSL key exchange method used */
typedef enum {
kea_null,
kea_rsa,
kea_dh_dss,
kea_dh_rsa,
kea_dhe_dss,
kea_dhe_rsa,
kea_dh_anon,
kea_ecdh_ecdsa,
kea_ecdhe_ecdsa,
kea_ecdh_rsa,
kea_ecdhe_rsa,
kea_ecdh_anon,
kea_ecdhe_psk,
kea_dhe_psk,
kea_tls13_any,
} SSL3KeyExchangeAlgorithm;
/* SSL3HashesIndividually contains a combination MD5/SHA1 hash, as used in TLS
* prior to 1.2. */
typedef struct {
PRUint8 md5[16];
PRUint8 sha[20];
} SSL3HashesIndividually;
/* SSL3Hashes contains an SSL hash value. The digest is contained in |u.raw|
* which, if |hashAlg==ssl_hash_none| is also a SSL3HashesIndividually
* struct. */
typedef struct {
unsigned int len;
SSLHashType hashAlg;
union {
PRUint8 raw[64];
SSL3HashesIndividually s;
} u;
} SSL3Hashes;
typedef enum {
ct_RSA_sign = 1,
ct_DSS_sign = 2,
ct_RSA_fixed_DH = 3,
ct_DSS_fixed_DH = 4,
ct_RSA_ephemeral_DH = 5,
ct_DSS_ephemeral_DH = 6,
ct_ECDSA_sign = 64,
ct_RSA_fixed_ECDH = 65,
ct_ECDSA_fixed_ECDH = 66
} SSL3ClientCertificateType;
typedef enum {
sender_client = 0x434c4e54,
sender_server = 0x53525652
} SSL3Sender;
typedef SSL3HashesIndividually SSL3Finished;
typedef struct {
PRUint8 verify_data[12];
} TLSFinished;
/*
* TLS extension related data structures and constants.
*/
/* SessionTicket extension related data structures. */
/* NewSessionTicket handshake message. */
typedef struct {
PRTime received_timestamp;
PRUint32 ticket_lifetime_hint;
PRUint32 flags;
PRUint32 ticket_age_add;
PRUint32 max_early_data_size;
SECItem ticket;
} NewSessionTicket;
typedef enum {
tls13_psk_ke = 0,
tls13_psk_dh_ke = 1
} TLS13PskKEModes;
typedef enum {
CLIENT_AUTH_ANONYMOUS = 0,
CLIENT_AUTH_CERTIFICATE = 1
} ClientAuthenticationType;
#define SELF_ENCRYPT_KEY_NAME_LEN 16
#define SELF_ENCRYPT_KEY_NAME_PREFIX "NSS!"
#define SELF_ENCRYPT_KEY_NAME_PREFIX_LEN 4
#define SELF_ENCRYPT_KEY_VAR_NAME_LEN 12
#endif /* __ssl3proto_h_ */
|