ssl3prot.h (5474B)
1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ 2 /* Private header file of libSSL. 3 * Various and sundry protocol constants. DON'T CHANGE THESE. These 4 * values are defined by the SSL 3.0 protocol specification. 5 * 6 * This Source Code Form is subject to the terms of the Mozilla Public 7 * License, v. 2.0. If a copy of the MPL was not distributed with this 8 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 9 10 #ifndef __ssl3proto_h_ 11 #define __ssl3proto_h_ 12 13 typedef PRUint16 SSL3ProtocolVersion; 14 /* version numbers are defined in sslproto.h */ 15 16 typedef PRUint16 ssl3CipherSuite; 17 /* The cipher suites are defined in sslproto.h */ 18 19 #define MAX_CERT_TYPES 10 20 #define MAX_MAC_LENGTH 64 21 #define MAX_PADDING_LENGTH 64 22 #define MAX_KEY_LENGTH 64 23 #define EXPORT_KEY_LENGTH 5 24 #define SSL3_RANDOM_LENGTH 32 25 26 #define SSL3_RECORD_HEADER_LENGTH 5 27 28 /* SSL3_RECORD_HEADER_LENGTH + epoch/sequence_number */ 29 #define DTLS_RECORD_HEADER_LENGTH 13 30 31 /* Max values for TLS records/ciphertexts 32 * For TLS 1.2 records MUST NOT be longer than 2^14 + 2048 33 * For TLS 1.3 records MUST NOT exceed 2^14 + 256 bytes. 34 * [RFC8446 Section 5.2, RFC5246 Section 6.2.3]. */ 35 #define MAX_FRAGMENT_LENGTH 16384 36 #define TLS_1_2_MAX_EXPANSION 2048 37 #define TLS_1_3_MAX_EXPANSION (255 + 1) 38 #define TLS_1_3_MAX_CTEXT_LENGTH ((MAX_FRAGMENT_LENGTH) + (TLS_1_3_MAX_EXPANSION)) 39 #define TLS_1_2_MAX_CTEXT_LENGTH ((MAX_FRAGMENT_LENGTH) + (TLS_1_2_MAX_EXPANSION)) 40 41 /* DTLS_X_X_MAX_PACKET_LENGTH = TLS_X_X_MAX_RECORD_LENGTH + HEADER_LENGTH, 42 * used for DTLS datagram buffer size setting. We do not support DTLS CID! */ 43 #define DTLS_1_3_MAX_PACKET_LENGTH ((TLS_1_3_MAX_CTEXT_LENGTH) + (SSL3_RECORD_HEADER_LENGTH)) 44 #define DTLS_1_2_MAX_PACKET_LENGTH ((TLS_1_2_MAX_CTEXT_LENGTH) + (DTLS_RECORD_HEADER_LENGTH)) 45 46 typedef enum { change_cipher_spec_choice = 1 } SSL3ChangeCipherSpecChoice; 47 48 typedef enum { alert_warning = 1, 49 alert_fatal = 2 } SSL3AlertLevel; 50 51 typedef enum { 52 close_notify = 0, 53 unexpected_message = 10, 54 bad_record_mac = 20, 55 decryption_failed_RESERVED = 21, /* do not send; see RFC 5246 */ 56 record_overflow = 22, /* TLS only */ 57 decompression_failure = 30, 58 handshake_failure = 40, 59 no_certificate = 41, /* SSL3 only, NOT TLS */ 60 bad_certificate = 42, 61 unsupported_certificate = 43, 62 certificate_revoked = 44, 63 certificate_expired = 45, 64 certificate_unknown = 46, 65 illegal_parameter = 47, 66 67 /* All alerts below are TLS only. */ 68 unknown_ca = 48, 69 access_denied = 49, 70 decode_error = 50, 71 decrypt_error = 51, 72 export_restriction = 60, 73 protocol_version = 70, 74 insufficient_security = 71, 75 internal_error = 80, 76 inappropriate_fallback = 86, /* could also be sent for SSLv3 */ 77 user_canceled = 90, 78 no_renegotiation = 100, 79 80 /* Alerts for client hello extensions */ 81 missing_extension = 109, 82 unsupported_extension = 110, 83 certificate_unobtainable = 111, 84 unrecognized_name = 112, 85 bad_certificate_status_response = 113, 86 bad_certificate_hash_value = 114, 87 certificate_required = 116, 88 no_application_protocol = 120, 89 ech_required = 121, 90 91 /* invalid alert */ 92 no_alert = 256 93 } SSL3AlertDescription; 94 95 typedef PRUint8 SSL3Random[SSL3_RANDOM_LENGTH]; 96 97 typedef struct { 98 PRUint8 id[32]; 99 PRUint8 length; 100 } SSL3SessionID; 101 102 /* SSL3SignType moved to ssl.h */ 103 104 /* The SSL key exchange method used */ 105 typedef enum { 106 kea_null, 107 kea_rsa, 108 kea_dh_dss, 109 kea_dh_rsa, 110 kea_dhe_dss, 111 kea_dhe_rsa, 112 kea_dh_anon, 113 kea_ecdh_ecdsa, 114 kea_ecdhe_ecdsa, 115 kea_ecdh_rsa, 116 kea_ecdhe_rsa, 117 kea_ecdh_anon, 118 kea_ecdhe_psk, 119 kea_dhe_psk, 120 kea_tls13_any, 121 } SSL3KeyExchangeAlgorithm; 122 123 /* SSL3HashesIndividually contains a combination MD5/SHA1 hash, as used in TLS 124 * prior to 1.2. */ 125 typedef struct { 126 PRUint8 md5[16]; 127 PRUint8 sha[20]; 128 } SSL3HashesIndividually; 129 130 /* SSL3Hashes contains an SSL hash value. The digest is contained in |u.raw| 131 * which, if |hashAlg==ssl_hash_none| is also a SSL3HashesIndividually 132 * struct. */ 133 typedef struct { 134 unsigned int len; 135 SSLHashType hashAlg; 136 union { 137 PRUint8 raw[64]; 138 SSL3HashesIndividually s; 139 } u; 140 } SSL3Hashes; 141 142 typedef enum { 143 ct_RSA_sign = 1, 144 ct_DSS_sign = 2, 145 ct_RSA_fixed_DH = 3, 146 ct_DSS_fixed_DH = 4, 147 ct_RSA_ephemeral_DH = 5, 148 ct_DSS_ephemeral_DH = 6, 149 ct_ECDSA_sign = 64, 150 ct_RSA_fixed_ECDH = 65, 151 ct_ECDSA_fixed_ECDH = 66 152 } SSL3ClientCertificateType; 153 154 typedef enum { 155 sender_client = 0x434c4e54, 156 sender_server = 0x53525652 157 } SSL3Sender; 158 159 typedef SSL3HashesIndividually SSL3Finished; 160 161 typedef struct { 162 PRUint8 verify_data[12]; 163 } TLSFinished; 164 165 /* 166 * TLS extension related data structures and constants. 167 */ 168 169 /* SessionTicket extension related data structures. */ 170 171 /* NewSessionTicket handshake message. */ 172 typedef struct { 173 PRTime received_timestamp; 174 PRUint32 ticket_lifetime_hint; 175 PRUint32 flags; 176 PRUint32 ticket_age_add; 177 PRUint32 max_early_data_size; 178 SECItem ticket; 179 } NewSessionTicket; 180 181 typedef enum { 182 tls13_psk_ke = 0, 183 tls13_psk_dh_ke = 1 184 } TLS13PskKEModes; 185 186 typedef enum { 187 CLIENT_AUTH_ANONYMOUS = 0, 188 CLIENT_AUTH_CERTIFICATE = 1 189 } ClientAuthenticationType; 190 191 #define SELF_ENCRYPT_KEY_NAME_LEN 16 192 #define SELF_ENCRYPT_KEY_NAME_PREFIX "NSS!" 193 #define SELF_ENCRYPT_KEY_NAME_PREFIX_LEN 4 194 #define SELF_ENCRYPT_KEY_VAR_NAME_LEN 12 195 196 #endif /* __ssl3proto_h_ */