1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
|
/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
/*
* This file is PRIVATE to SSL.
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef __tls13con_h_
#define __tls13con_h_
#include "sslexp.h"
#include "sslspec.h"
typedef enum {
tls13_extension_allowed,
tls13_extension_disallowed,
tls13_extension_unknown
} tls13ExtensionStatus;
#define TLS13_MAX_FINISHED_SIZE 64
#define TLS13_COOKIE_SENTINEL 0xff
SECStatus tls13_UnprotectRecord(
sslSocket *ss, ssl3CipherSpec *spec,
SSL3Ciphertext *cText, sslBuffer *plaintext,
SSLContentType *innerType,
SSL3AlertDescription *alert);
#if defined(WIN32)
#define __func__ __FUNCTION__
#endif
void tls13_SetHsState(sslSocket *ss, SSL3WaitState ws,
const char *func, const char *file, int line);
#define TLS13_SET_HS_STATE(ss, ws) \
tls13_SetHsState(ss, ws, __func__, __FILE__, __LINE__)
/* Return PR_TRUE if the socket is in one of the given states, else return
* PR_FALSE. Only call the macro not the function, because the trailing
* wait_invalid is needed to terminate the argument list. */
PRBool tls13_InHsState(sslSocket *ss, ...);
#define TLS13_IN_HS_STATE(ss, ...) \
tls13_InHsState(ss, __VA_ARGS__, wait_invalid)
PRBool tls13_IsPostHandshake(const sslSocket *ss);
SSLHashType tls13_GetHash(const sslSocket *ss);
SECStatus tls13_GetHashAndCipher(PRUint16 version, PRUint16 cipherSuite,
SSLHashType *hash, const ssl3BulkCipherDef **cipher);
SSLHashType tls13_GetHashForCipherSuite(ssl3CipherSuite suite);
unsigned int tls13_GetHashSize(const sslSocket *ss);
unsigned int tls13_GetHashSizeForHash(SSLHashType hash);
SECStatus tls13_ComputeHash(sslSocket *ss, SSL3Hashes *hashes,
const PRUint8 *buf, unsigned int len,
SSLHashType hash);
SECStatus tls13_ComputeHandshakeHashes(sslSocket *ss,
SSL3Hashes *hashes);
SECStatus tls13_DeriveSecretNullHash(sslSocket *ss, PK11SymKey *key,
const char *label,
unsigned int labelLen,
PK11SymKey **dest,
SSLHashType hash);
void tls13_FatalError(sslSocket *ss, PRErrorCode prError,
SSL3AlertDescription desc);
SECStatus tls13_SetupClientHello(sslSocket *ss, sslClientHelloType chType);
SECStatus tls13_MaybeDo0RTTHandshake(sslSocket *ss);
PRInt32 tls13_LimitEarlyData(sslSocket *ss, SSLContentType type, PRInt32 toSend);
PRBool tls13_AllowPskCipher(const sslSocket *ss,
const ssl3CipherSuiteDef *cipher_def);
PRBool tls13_PskSuiteEnabled(sslSocket *ss);
SECStatus tls13_WriteExtensionsWithBinder(sslSocket *ss, sslBuffer *extensions,
sslBuffer *chBuf);
SECStatus tls13_HandleClientHelloPart2(sslSocket *ss,
const SECItem *suites,
sslSessionID *sid,
const PRUint8 *msg,
unsigned int len);
SECStatus tls13_HandleServerHelloPart2(sslSocket *ss, const PRUint8 *savedMsg, PRUint32 savedLength);
SECStatus tls13_HandlePostHelloHandshakeMessage(sslSocket *ss, PRUint8 *b,
PRUint32 length);
SECStatus tls13_ConstructHelloRetryRequest(sslSocket *ss,
ssl3CipherSuite cipherSuite,
const sslNamedGroupDef *selectedGroup,
PRUint8 *cookie,
unsigned int cookieLen,
const PRUint8 *cookieGreaseEchSignal,
sslBuffer *buffer);
SECStatus tls13_HandleHelloRetryRequest(sslSocket *ss, const PRUint8 *b,
PRUint32 length);
SECStatus tls13_HandleKeyShare(sslSocket *ss,
TLS13KeyShareEntry *entry,
sslKeyPair *keyPair,
SSLHashType hash,
PK11SymKey **out);
TLS13KeyShareEntry *tls13_CopyKeyShareEntry(TLS13KeyShareEntry *o);
void tls13_DestroyKeyShareEntry(TLS13KeyShareEntry *entry);
void tls13_DestroyKeyShares(PRCList *list);
SECStatus tls13_CreateKeyShare(sslSocket *ss, const sslNamedGroupDef *groupDef,
sslEphemeralKeyPair **keyPair);
SECStatus tls13_AddKeyShare(sslSocket *ss, const sslNamedGroupDef *groupDef);
void tls13_DestroyEarlyData(PRCList *list);
SECStatus tls13_SetAlertCipherSpec(sslSocket *ss);
tls13ExtensionStatus tls13_ExtensionStatus(PRUint16 extension,
SSLHandshakeType message);
SECStatus tls13_ProtectRecord(sslSocket *ss,
ssl3CipherSpec *cwSpec,
SSLContentType type,
const PRUint8 *pIn,
PRUint32 contentLen,
sslBuffer *wrBuf);
PRInt32 tls13_Read0RttData(sslSocket *ss, PRUint8 *buf, PRInt32 len);
SECStatus tls13_HandleEarlyApplicationData(sslSocket *ss, sslBuffer *origBuf);
PRBool tls13_ClientAllow0Rtt(const sslSocket *ss, const sslSessionID *sid);
PRUint16 tls13_EncodeVersion(SSL3ProtocolVersion version,
SSLProtocolVariant variant);
SECStatus tls13_ClientReadSupportedVersion(sslSocket *ss);
SECStatus tls13_NegotiateVersion(sslSocket *ss,
const TLSExtension *supported_versions);
PRBool tls13_ShouldRequestClientAuth(sslSocket *ss);
PRBool tls13_IsReplay(const sslSocket *ss, const sslSessionID *sid);
void tls13_AntiReplayRollover(SSLAntiReplayContext *ctx, PRTime now);
SSLAntiReplayContext *tls13_RefAntiReplayContext(SSLAntiReplayContext *ctx);
void tls13_ReleaseAntiReplayContext(SSLAntiReplayContext *ctx);
SECStatus SSLExp_CreateAntiReplayContext(
PRTime now, PRTime window, unsigned int k, unsigned int bits,
SSLAntiReplayContext **ctx);
SECStatus SSLExp_SetAntiReplayContext(PRFileDesc *fd,
SSLAntiReplayContext *ctx);
SECStatus SSLExp_ReleaseAntiReplayContext(SSLAntiReplayContext *ctx);
SECStatus SSLExp_HelloRetryRequestCallback(PRFileDesc *fd,
SSLHelloRetryRequestCallback cb,
void *arg);
SECStatus tls13_SendKeyUpdate(sslSocket *ss, tls13KeyUpdateRequest request,
PRBool buffer);
SECStatus SSLExp_KeyUpdate(PRFileDesc *fd, PRBool requestUpdate);
PRBool tls13_MaybeTls13(sslSocket *ss);
unsigned int tls13_SetupAeadIv(PRBool isDTLS, unsigned char *ivOut,
unsigned char *ivIn, unsigned int offset,
unsigned int ivLen, DTLSEpoch epoch);
SECStatus tls13_AEAD(PK11Context *context, PRBool decrypt,
CK_GENERATOR_FUNCTION ivGen, unsigned int fixedbits,
const unsigned char *ivIn, unsigned char *ivOut,
unsigned int ivLen,
const unsigned char *nonceIn, unsigned int nonceLen,
const unsigned char *aad, unsigned int aadLen,
unsigned char *out, unsigned int *outLen,
unsigned int maxout, unsigned int tagLen,
const unsigned char *in, unsigned int inLen);
void tls13_SetSpecRecordVersion(sslSocket *ss, ssl3CipherSpec *spec);
SECStatus SSLExp_SendCertificateRequest(PRFileDesc *fd);
SECStatus tls13_ClientGreaseSetup(sslSocket *ss);
void tls13_ClientGreaseDestroy(sslSocket *ss);
SECStatus tls13_RandomGreaseValue(PRUint16 *out);
SECStatus tls13_MaybeGreaseExtensionType(const sslSocket *ss,
const SSLHandshakeType message,
PRUint16 *exType);
/* Use this instead of FATAL_ERROR when no alert shall be sent. */
#define LOG_ERROR(ss, prError) \
do { \
SSL_TRC(3, ("%d: TLS13[%d]: fatal error %d in %s (%s:%d)", \
SSL_GETPID(), ss->fd, prError, __func__, __FILE__, __LINE__)); \
PORT_SetError(prError); \
} while (0)
/* Log an error and generate an alert because something is irreparably wrong. */
#define FATAL_ERROR(ss, prError, desc) \
do { \
LOG_ERROR(ss, prError); \
tls13_FatalError(ss, prError, desc); \
} while (0)
#endif /* __tls13con_h_ */
|