tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

sslspec.h (6667B)

      1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
      2 /*
      3 * This file is PRIVATE to SSL.
      4 *
      5 * This Source Code Form is subject to the terms of the Mozilla Public
      6 * License, v. 2.0. If a copy of the MPL was not distributed with this
      7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
      8 
      9 #ifndef __sslspec_h_
     10 #define __sslspec_h_
     11 
     12 #include "sslexp.h"
     13 #include "prclist.h"
     14 
     15 typedef enum {
     16    TrafficKeyClearText = 0,
     17    TrafficKeyEarlyApplicationData = 1,
     18    TrafficKeyHandshake = 2,
     19    TrafficKeyApplicationData = 3
     20 } TrafficKeyType;
     21 
     22 #define SPEC_DIR(spec) \
     23    ((spec->direction == ssl_secret_read) ? "read" : "write")
     24 
     25 typedef struct ssl3CipherSpecStr ssl3CipherSpec;
     26 typedef struct ssl3BulkCipherDefStr ssl3BulkCipherDef;
     27 typedef struct ssl3MACDefStr ssl3MACDef;
     28 typedef struct ssl3CipherSuiteDefStr ssl3CipherSuiteDef;
     29 typedef PRUint64 sslSequenceNumber;
     30 typedef PRUint16 DTLSEpoch;
     31 
     32 /* The SSL bulk cipher definition */
     33 typedef enum {
     34    cipher_null,
     35    cipher_rc4,
     36    cipher_des,
     37    cipher_3des,
     38    cipher_aes_128,
     39    cipher_aes_256,
     40    cipher_camellia_128,
     41    cipher_camellia_256,
     42    cipher_seed,
     43    cipher_aes_128_gcm,
     44    cipher_aes_256_gcm,
     45    cipher_chacha20,
     46    cipher_missing /* reserved for no such supported cipher */
     47    /* This enum must match ssl3_cipherName[] in ssl3con.c.  */
     48 } SSL3BulkCipher;
     49 
     50 typedef enum {
     51    type_stream,
     52    type_block,
     53    type_aead
     54 } CipherType;
     55 
     56 /*
     57 ** There are tables of these, all const.
     58 */
     59 struct ssl3BulkCipherDefStr {
     60    SSL3BulkCipher cipher;
     61    SSLCipherAlgorithm calg;
     62    unsigned int key_size;
     63    unsigned int secret_key_size;
     64    CipherType type;
     65    unsigned int iv_size;
     66    unsigned int block_size;
     67    unsigned int tag_size;            /* for AEAD ciphers. */
     68    unsigned int explicit_nonce_size; /* for AEAD ciphers. */
     69    SECOidTag oid;
     70    const char *short_name;
     71    /* The maximum number of records that can be sent/received with the same
     72     * symmetric key before the connection will be terminated. */
     73    PRUint64 max_records;
     74 };
     75 
     76 /* to make some of these old enums public without namespace pollution,
     77 ** it was necessary to prepend ssl_ to the names.
     78 ** These #defines preserve compatibility with the old code here in libssl.
     79 */
     80 typedef SSLMACAlgorithm SSL3MACAlgorithm;
     81 
     82 /*
     83 * There are tables of these, all const.
     84 */
     85 struct ssl3MACDefStr {
     86    SSL3MACAlgorithm mac;
     87    CK_MECHANISM_TYPE mmech;
     88    int pad_size;
     89    int mac_size;
     90    SECOidTag oid;
     91 };
     92 
     93 #define MAX_IV_LENGTH 24
     94 
     95 typedef struct {
     96    PK11SymKey *key;
     97    PK11SymKey *macKey;
     98    PK11Context *macContext;
     99    PRUint8 iv[MAX_IV_LENGTH];
    100 } ssl3KeyMaterial;
    101 
    102 typedef SECStatus (*SSLCipher)(void *context,
    103                               unsigned char *out,
    104                               unsigned int *outlen,
    105                               unsigned int maxout,
    106                               const unsigned char *in,
    107                               unsigned int inlen);
    108 typedef SECStatus (*SSLAEADCipher)(PK11Context *context,
    109                                   CK_GENERATOR_FUNCTION ivGen,
    110                                   unsigned int fixedbits,
    111                                   unsigned char *iv, unsigned int ivlen,
    112                                   const unsigned char *aad,
    113                                   unsigned int aadlen,
    114                                   unsigned char *out, unsigned int *outlen,
    115                                   unsigned int maxout, unsigned char *tag,
    116                                   unsigned int taglen,
    117                                   const unsigned char *in, unsigned int inlen);
    118 
    119 /* The DTLS anti-replay window in number of packets. Defined here because we
    120 * need it in the cipher spec. Note that this is a ring buffer but left and
    121 * right represent the true window, with modular arithmetic used to map them
    122 * onto the buffer.
    123 */
    124 #define DTLS_RECVD_RECORDS_WINDOW 1024
    125 #define RECORD_SEQ_MASK ((1ULL << 48) - 1)
    126 #define RECORD_SEQ_MAX RECORD_SEQ_MASK
    127 PR_STATIC_ASSERT(DTLS_RECVD_RECORDS_WINDOW % 8 == 0);
    128 
    129 typedef struct DTLSRecvdRecordsStr {
    130    unsigned char data[DTLS_RECVD_RECORDS_WINDOW / 8];
    131    sslSequenceNumber left;
    132    sslSequenceNumber right;
    133 } DTLSRecvdRecords;
    134 
    135 /*
    136 * These are the "specs" used for reading and writing records.  Access to the
    137 * pointers to these specs, and all the specs' contents (direct and indirect) is
    138 * protected by the reader/writer lock ss->specLock.
    139 */
    140 struct ssl3CipherSpecStr {
    141    PRCList link;
    142    PRUint8 refCt;
    143 
    144    SSLSecretDirection direction;
    145    SSL3ProtocolVersion version;
    146    SSL3ProtocolVersion recordVersion;
    147 
    148    const ssl3BulkCipherDef *cipherDef;
    149    const ssl3MACDef *macDef;
    150 
    151    SSLCipher cipher;
    152    void *cipherContext;
    153 
    154    PK11SymKey *masterSecret;
    155    ssl3KeyMaterial keyMaterial;
    156 
    157    DTLSEpoch epoch;
    158    const char *phase;
    159 
    160    /* The next sequence number to be sent or received. */
    161    sslSequenceNumber nextSeqNum;
    162    DTLSRecvdRecords recvdRecords;
    163 
    164    /* The number of 0-RTT bytes that can be sent or received in TLS 1.3. This
    165     * will be zero for everything but 0-RTT. */
    166    PRUint32 earlyDataRemaining;
    167    /* The maximum plaintext length.  This differs from the configured or
    168     * negotiated value for TLS 1.3; it is reduced by one to account for the
    169     * content type octet. */
    170    PRUint16 recordSizeLimit;
    171 
    172    /* DTLS 1.3: Sequence number masking context. */
    173    SSLMaskingContext *maskContext;
    174 
    175    /* DTLS 1.3: Count of decryption failures for the given key. */
    176    PRUint64 deprotectionFailures;
    177 };
    178 
    179 typedef void (*sslCipherSpecChangedFunc)(void *arg,
    180                                         PRBool sending,
    181                                         ssl3CipherSpec *newSpec);
    182 
    183 const ssl3BulkCipherDef *ssl_GetBulkCipherDef(const ssl3CipherSuiteDef *cipher_def);
    184 const ssl3MACDef *ssl_GetMacDefByAlg(SSL3MACAlgorithm mac);
    185 const ssl3MACDef *ssl_GetMacDef(const sslSocket *ss, const ssl3CipherSuiteDef *suiteDef);
    186 
    187 ssl3CipherSpec *ssl_CreateCipherSpec(sslSocket *ss, SSLSecretDirection direction);
    188 void ssl_SaveCipherSpec(sslSocket *ss, ssl3CipherSpec *spec);
    189 void ssl_CipherSpecAddRef(ssl3CipherSpec *spec);
    190 void ssl_CipherSpecRelease(ssl3CipherSpec *spec);
    191 void ssl_DestroyCipherSpecs(PRCList *list);
    192 SECStatus ssl_SetupNullCipherSpec(sslSocket *ss, SSLSecretDirection dir);
    193 
    194 ssl3CipherSpec *ssl_FindCipherSpecByEpoch(sslSocket *ss,
    195                                          SSLSecretDirection direction,
    196                                          DTLSEpoch epoch);
    197 void ssl_CipherSpecReleaseByEpoch(sslSocket *ss, SSLSecretDirection direction,
    198                                  DTLSEpoch epoch);
    199 
    200 #endif /* __sslspec_h_ */