|
Packit |
40b132 |
/*
|
|
Packit |
40b132 |
* This file contains prototypes for the public SSL functions.
|
|
Packit |
40b132 |
*
|
|
Packit |
40b132 |
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
Packit |
40b132 |
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
Packit |
40b132 |
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
#ifndef __sslt_h_
|
|
Packit |
40b132 |
#define __sslt_h_
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
#include "prtypes.h"
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
typedef struct SSL3StatisticsStr {
|
|
Packit |
40b132 |
/* statistics from ssl3_SendClientHello (sch) */
|
|
Packit |
40b132 |
long sch_sid_cache_hits;
|
|
Packit |
40b132 |
long sch_sid_cache_misses;
|
|
Packit |
40b132 |
long sch_sid_cache_not_ok;
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
/* statistics from ssl3_HandleServerHello (hsh) */
|
|
Packit |
40b132 |
long hsh_sid_cache_hits;
|
|
Packit |
40b132 |
long hsh_sid_cache_misses;
|
|
Packit |
40b132 |
long hsh_sid_cache_not_ok;
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
/* statistics from ssl3_HandleClientHello (hch) */
|
|
Packit |
40b132 |
long hch_sid_cache_hits;
|
|
Packit |
40b132 |
long hch_sid_cache_misses;
|
|
Packit |
40b132 |
long hch_sid_cache_not_ok;
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
/* statistics related to stateless resume */
|
|
Packit |
40b132 |
long sch_sid_stateless_resumes;
|
|
Packit |
40b132 |
long hsh_sid_stateless_resumes;
|
|
Packit |
40b132 |
long hch_sid_stateless_resumes;
|
|
Packit |
40b132 |
long hch_sid_ticket_parse_failures;
|
|
Packit |
40b132 |
} SSL3Statistics;
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
/* Key Exchange algorithm values */
|
|
Packit |
40b132 |
typedef enum {
|
|
Packit |
40b132 |
ssl_kea_null = 0,
|
|
Packit |
40b132 |
ssl_kea_rsa = 1,
|
|
Packit |
40b132 |
ssl_kea_dh = 2,
|
|
Packit |
40b132 |
ssl_kea_fortezza = 3, /* deprecated, now unused */
|
|
Packit |
40b132 |
ssl_kea_ecdh = 4,
|
|
Packit |
40b132 |
ssl_kea_size /* number of ssl_kea_ algorithms */
|
|
Packit |
40b132 |
} SSLKEAType;
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
/* The following defines are for backwards compatibility.
|
|
Packit |
40b132 |
** They will be removed in a forthcoming release to reduce namespace pollution.
|
|
Packit |
40b132 |
** programs that use the kt_ symbols should convert to the ssl_kt_ symbols
|
|
Packit |
40b132 |
** soon.
|
|
Packit |
40b132 |
*/
|
|
Packit |
40b132 |
#define kt_null ssl_kea_null
|
|
Packit |
40b132 |
#define kt_rsa ssl_kea_rsa
|
|
Packit |
40b132 |
#define kt_dh ssl_kea_dh
|
|
Packit |
40b132 |
#define kt_fortezza ssl_kea_fortezza /* deprecated, now unused */
|
|
Packit |
40b132 |
#define kt_ecdh ssl_kea_ecdh
|
|
Packit |
40b132 |
#define kt_kea_size ssl_kea_size
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
typedef enum {
|
|
Packit |
40b132 |
ssl_sign_null = 0,
|
|
Packit |
40b132 |
ssl_sign_rsa = 1,
|
|
Packit |
40b132 |
ssl_sign_dsa = 2,
|
|
Packit |
40b132 |
ssl_sign_ecdsa = 3
|
|
Packit |
40b132 |
} SSLSignType;
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
typedef enum {
|
|
Packit |
40b132 |
ssl_auth_null = 0,
|
|
Packit |
40b132 |
ssl_auth_rsa = 1,
|
|
Packit |
40b132 |
ssl_auth_dsa = 2,
|
|
Packit |
40b132 |
ssl_auth_kea = 3,
|
|
Packit |
40b132 |
ssl_auth_ecdsa = 4
|
|
Packit |
40b132 |
} SSLAuthType;
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
typedef enum {
|
|
Packit |
40b132 |
ssl_calg_null = 0,
|
|
Packit |
40b132 |
ssl_calg_rc4 = 1,
|
|
Packit |
40b132 |
ssl_calg_rc2 = 2,
|
|
Packit |
40b132 |
ssl_calg_des = 3,
|
|
Packit |
40b132 |
ssl_calg_3des = 4,
|
|
Packit |
40b132 |
ssl_calg_idea = 5,
|
|
Packit |
40b132 |
ssl_calg_fortezza = 6, /* deprecated, now unused */
|
|
Packit |
40b132 |
ssl_calg_aes = 7,
|
|
Packit |
40b132 |
ssl_calg_camellia = 8,
|
|
Packit |
40b132 |
ssl_calg_seed = 9,
|
|
Packit |
40b132 |
ssl_calg_aes_gcm = 10
|
|
Packit |
40b132 |
} SSLCipherAlgorithm;
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
typedef enum {
|
|
Packit |
40b132 |
ssl_mac_null = 0,
|
|
Packit |
40b132 |
ssl_mac_md5 = 1,
|
|
Packit |
40b132 |
ssl_mac_sha = 2,
|
|
Packit |
40b132 |
ssl_hmac_md5 = 3, /* TLS HMAC version of mac_md5 */
|
|
Packit |
40b132 |
ssl_hmac_sha = 4, /* TLS HMAC version of mac_sha */
|
|
Packit |
40b132 |
ssl_hmac_sha256 = 5,
|
|
Packit |
40b132 |
ssl_mac_aead = 6
|
|
Packit |
40b132 |
} SSLMACAlgorithm;
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
typedef enum {
|
|
Packit |
40b132 |
ssl_compression_null = 0,
|
|
Packit |
40b132 |
ssl_compression_deflate = 1 /* RFC 3749 */
|
|
Packit |
40b132 |
} SSLCompressionMethod;
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
typedef struct SSLChannelInfoStr {
|
|
Packit |
40b132 |
PRUint32 length;
|
|
Packit |
40b132 |
PRUint16 protocolVersion;
|
|
Packit |
40b132 |
PRUint16 cipherSuite;
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
/* server authentication info */
|
|
Packit |
40b132 |
PRUint32 authKeyBits;
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
/* key exchange algorithm info */
|
|
Packit |
40b132 |
PRUint32 keaKeyBits;
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
/* session info */
|
|
Packit |
40b132 |
PRUint32 creationTime; /* seconds since Jan 1, 1970 */
|
|
Packit |
40b132 |
PRUint32 lastAccessTime; /* seconds since Jan 1, 1970 */
|
|
Packit |
40b132 |
PRUint32 expirationTime; /* seconds since Jan 1, 1970 */
|
|
Packit |
40b132 |
PRUint32 sessionIDLength; /* up to 32 */
|
|
Packit |
40b132 |
PRUint8 sessionID [32];
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
/* The following fields are added in NSS 3.12.5. */
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
/* compression method info */
|
|
Packit |
40b132 |
const char * compressionMethodName;
|
|
Packit |
40b132 |
SSLCompressionMethod compressionMethod;
|
|
Packit |
40b132 |
} SSLChannelInfo;
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
typedef struct SSLCipherSuiteInfoStr {
|
|
Packit |
40b132 |
PRUint16 length;
|
|
Packit |
40b132 |
PRUint16 cipherSuite;
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
/* Cipher Suite Name */
|
|
Packit |
40b132 |
const char * cipherSuiteName;
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
/* server authentication info */
|
|
Packit |
40b132 |
const char * authAlgorithmName;
|
|
Packit |
40b132 |
SSLAuthType authAlgorithm;
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
/* key exchange algorithm info */
|
|
Packit |
40b132 |
const char * keaTypeName;
|
|
Packit |
40b132 |
SSLKEAType keaType;
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
/* symmetric encryption info */
|
|
Packit |
40b132 |
const char * symCipherName;
|
|
Packit |
40b132 |
SSLCipherAlgorithm symCipher;
|
|
Packit |
40b132 |
PRUint16 symKeyBits;
|
|
Packit |
40b132 |
PRUint16 symKeySpace;
|
|
Packit |
40b132 |
PRUint16 effectiveKeyBits;
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
/* MAC info */
|
|
Packit |
40b132 |
/* AEAD ciphers don't have a MAC. For an AEAD cipher, macAlgorithmName
|
|
Packit |
40b132 |
* is "AEAD", macAlgorithm is ssl_mac_aead, and macBits is the length in
|
|
Packit |
40b132 |
* bits of the authentication tag. */
|
|
Packit |
40b132 |
const char * macAlgorithmName;
|
|
Packit |
40b132 |
SSLMACAlgorithm macAlgorithm;
|
|
Packit |
40b132 |
PRUint16 macBits;
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
PRUintn isFIPS : 1;
|
|
Packit |
40b132 |
PRUintn isExportable : 1;
|
|
Packit |
40b132 |
PRUintn nonStandard : 1;
|
|
Packit |
40b132 |
PRUintn reservedBits :29;
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
} SSLCipherSuiteInfo;
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
typedef enum {
|
|
Packit |
40b132 |
ssl_variant_stream = 0,
|
|
Packit |
40b132 |
ssl_variant_datagram = 1
|
|
Packit |
40b132 |
} SSLProtocolVariant;
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
typedef struct SSLVersionRangeStr {
|
|
Packit |
40b132 |
PRUint16 min;
|
|
Packit |
40b132 |
PRUint16 max;
|
|
Packit |
40b132 |
} SSLVersionRange;
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
typedef enum {
|
|
Packit |
40b132 |
SSL_sni_host_name = 0,
|
|
Packit |
40b132 |
SSL_sni_type_total
|
|
Packit |
40b132 |
} SSLSniNameType;
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
/* Supported extensions. */
|
|
Packit |
40b132 |
/* Update SSL_MAX_EXTENSIONS whenever a new extension type is added. */
|
|
Packit |
40b132 |
typedef enum {
|
|
Packit |
40b132 |
ssl_server_name_xtn = 0,
|
|
Packit |
40b132 |
ssl_cert_status_xtn = 5,
|
|
Packit |
40b132 |
#ifndef NSS_DISABLE_ECC
|
|
Packit |
40b132 |
ssl_elliptic_curves_xtn = 10,
|
|
Packit |
40b132 |
ssl_ec_point_formats_xtn = 11,
|
|
Packit |
40b132 |
#endif
|
|
Packit |
40b132 |
ssl_signature_algorithms_xtn = 13,
|
|
Packit |
40b132 |
ssl_use_srtp_xtn = 14,
|
|
Packit |
40b132 |
ssl_app_layer_protocol_xtn = 16,
|
|
Packit |
40b132 |
ssl_padding_xtn = 21,
|
|
Packit |
40b132 |
ssl_session_ticket_xtn = 35,
|
|
Packit |
40b132 |
ssl_next_proto_nego_xtn = 13172,
|
|
Packit |
40b132 |
ssl_renegotiation_info_xtn = 0xff01,
|
|
Packit |
40b132 |
ssl_tls13_draft_version_xtn = 0xff02 /* experimental number */
|
|
Packit |
40b132 |
} SSLExtensionType;
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
#define SSL_MAX_EXTENSIONS 11 /* doesn't include ssl_padding_xtn. */
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
typedef enum {
|
|
Packit |
40b132 |
ssl_dhe_group_none = 0,
|
|
Packit |
40b132 |
ssl_ff_dhe_2048_group = 1,
|
|
Packit |
40b132 |
ssl_ff_dhe_3072_group = 2,
|
|
Packit |
40b132 |
ssl_ff_dhe_4096_group = 3,
|
|
Packit |
40b132 |
ssl_ff_dhe_6144_group = 4,
|
|
Packit |
40b132 |
ssl_ff_dhe_8192_group = 5,
|
|
Packit |
40b132 |
ssl_dhe_group_max
|
|
Packit |
40b132 |
} SSLDHEGroupType;
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
#endif /* __sslt_h_ */
|