tls13con.h (9175B)
1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ 2 /* 3 * This file is PRIVATE to SSL. 4 * 5 * This Source Code Form is subject to the terms of the Mozilla Public 6 * License, v. 2.0. If a copy of the MPL was not distributed with this 7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 8 9 #ifndef __tls13con_h_ 10 #define __tls13con_h_ 11 12 #include "sslexp.h" 13 #include "sslspec.h" 14 15 typedef enum { 16 tls13_extension_allowed, 17 tls13_extension_disallowed, 18 tls13_extension_unknown 19 } tls13ExtensionStatus; 20 21 #define TLS13_MAX_FINISHED_SIZE 64 22 #define TLS13_COOKIE_SENTINEL 0xff 23 24 SECStatus tls13_UnprotectRecord( 25 sslSocket *ss, ssl3CipherSpec *spec, 26 SSL3Ciphertext *cText, sslBuffer *plaintext, 27 SSLContentType *innerType, 28 SSL3AlertDescription *alert); 29 30 #if defined(WIN32) 31 #define __func__ __FUNCTION__ 32 #endif 33 34 void tls13_SetHsState(sslSocket *ss, SSL3WaitState ws, 35 const char *func, const char *file, int line); 36 #define TLS13_SET_HS_STATE(ss, ws) \ 37 tls13_SetHsState(ss, ws, __func__, __FILE__, __LINE__) 38 39 /* Return PR_TRUE if the socket is in one of the given states, else return 40 * PR_FALSE. Only call the macro not the function, because the trailing 41 * wait_invalid is needed to terminate the argument list. */ 42 PRBool tls13_InHsState(sslSocket *ss, ...); 43 #define TLS13_IN_HS_STATE(ss, ...) \ 44 tls13_InHsState(ss, __VA_ARGS__, wait_invalid) 45 46 PRBool tls13_IsPostHandshake(const sslSocket *ss); 47 48 SSLHashType tls13_GetHash(const sslSocket *ss); 49 SECStatus tls13_GetHashAndCipher(PRUint16 version, PRUint16 cipherSuite, 50 SSLHashType *hash, const ssl3BulkCipherDef **cipher); 51 SSLHashType tls13_GetHashForCipherSuite(ssl3CipherSuite suite); 52 unsigned int tls13_GetHashSize(const sslSocket *ss); 53 unsigned int tls13_GetHashSizeForHash(SSLHashType hash); 54 SECStatus tls13_ComputeHash(sslSocket *ss, SSL3Hashes *hashes, 55 const PRUint8 *buf, unsigned int len, 56 SSLHashType hash); 57 SECStatus tls13_ComputeHandshakeHashes(sslSocket *ss, 58 SSL3Hashes *hashes); 59 SECStatus tls13_DeriveSecretNullHash(sslSocket *ss, PK11SymKey *key, 60 const char *label, 61 unsigned int labelLen, 62 PK11SymKey **dest, 63 SSLHashType hash); 64 void tls13_FatalError(sslSocket *ss, PRErrorCode prError, 65 SSL3AlertDescription desc); 66 SECStatus tls13_SetupClientHello(sslSocket *ss, sslClientHelloType chType); 67 SECStatus tls13_MaybeDo0RTTHandshake(sslSocket *ss); 68 PRInt32 tls13_LimitEarlyData(sslSocket *ss, SSLContentType type, PRInt32 toSend); 69 PRBool tls13_AllowPskCipher(const sslSocket *ss, 70 const ssl3CipherSuiteDef *cipher_def); 71 PRBool tls13_PskSuiteEnabled(sslSocket *ss); 72 SECStatus tls13_WriteExtensionsWithBinder(sslSocket *ss, sslBuffer *extensions, 73 sslBuffer *chBuf); 74 SECStatus tls13_HandleClientHelloPart2(sslSocket *ss, 75 const SECItem *suites, 76 sslSessionID *sid, 77 const PRUint8 *msg, 78 unsigned int len); 79 SECStatus tls13_HandleServerHelloPart2(sslSocket *ss, const PRUint8 *savedMsg, PRUint32 savedLength); 80 SECStatus tls13_HandlePostHelloHandshakeMessage(sslSocket *ss, PRUint8 *b, 81 PRUint32 length); 82 SECStatus tls13_ConstructHelloRetryRequest(sslSocket *ss, 83 ssl3CipherSuite cipherSuite, 84 const sslNamedGroupDef *selectedGroup, 85 PRUint8 *cookie, 86 unsigned int cookieLen, 87 const PRUint8 *cookieGreaseEchSignal, 88 sslBuffer *buffer); 89 SECStatus tls13_HandleHelloRetryRequest(sslSocket *ss, const PRUint8 *b, 90 PRUint32 length); 91 SECStatus tls13_HandleKeyShare(sslSocket *ss, 92 TLS13KeyShareEntry *entry, 93 sslKeyPair *keyPair, 94 SSLHashType hash, 95 PK11SymKey **out); 96 TLS13KeyShareEntry *tls13_CopyKeyShareEntry(TLS13KeyShareEntry *o); 97 void tls13_DestroyKeyShareEntry(TLS13KeyShareEntry *entry); 98 void tls13_DestroyKeyShares(PRCList *list); 99 SECStatus tls13_CreateKeyShare(sslSocket *ss, const sslNamedGroupDef *groupDef, 100 sslEphemeralKeyPair **keyPair); 101 SECStatus tls13_AddKeyShare(sslSocket *ss, const sslNamedGroupDef *groupDef); 102 void tls13_DestroyEarlyData(PRCList *list); 103 SECStatus tls13_SetAlertCipherSpec(sslSocket *ss); 104 tls13ExtensionStatus tls13_ExtensionStatus(PRUint16 extension, 105 SSLHandshakeType message); 106 SECStatus tls13_ProtectRecord(sslSocket *ss, 107 ssl3CipherSpec *cwSpec, 108 SSLContentType type, 109 const PRUint8 *pIn, 110 PRUint32 contentLen, 111 sslBuffer *wrBuf); 112 PRInt32 tls13_Read0RttData(sslSocket *ss, PRUint8 *buf, PRInt32 len); 113 SECStatus tls13_HandleEarlyApplicationData(sslSocket *ss, sslBuffer *origBuf); 114 PRBool tls13_ClientAllow0Rtt(const sslSocket *ss, const sslSessionID *sid); 115 PRUint16 tls13_EncodeVersion(SSL3ProtocolVersion version, 116 SSLProtocolVariant variant); 117 SECStatus tls13_ClientReadSupportedVersion(sslSocket *ss); 118 SECStatus tls13_NegotiateVersion(sslSocket *ss, 119 const TLSExtension *supported_versions); 120 PRBool tls13_ShouldRequestClientAuth(sslSocket *ss); 121 122 PRBool tls13_IsReplay(const sslSocket *ss, const sslSessionID *sid); 123 void tls13_AntiReplayRollover(SSLAntiReplayContext *ctx, PRTime now); 124 SSLAntiReplayContext *tls13_RefAntiReplayContext(SSLAntiReplayContext *ctx); 125 void tls13_ReleaseAntiReplayContext(SSLAntiReplayContext *ctx); 126 127 SECStatus SSLExp_CreateAntiReplayContext( 128 PRTime now, PRTime window, unsigned int k, unsigned int bits, 129 SSLAntiReplayContext **ctx); 130 SECStatus SSLExp_SetAntiReplayContext(PRFileDesc *fd, 131 SSLAntiReplayContext *ctx); 132 SECStatus SSLExp_ReleaseAntiReplayContext(SSLAntiReplayContext *ctx); 133 134 SECStatus SSLExp_HelloRetryRequestCallback(PRFileDesc *fd, 135 SSLHelloRetryRequestCallback cb, 136 void *arg); 137 SECStatus tls13_SendKeyUpdate(sslSocket *ss, tls13KeyUpdateRequest request, 138 PRBool buffer); 139 SECStatus SSLExp_KeyUpdate(PRFileDesc *fd, PRBool requestUpdate); 140 PRBool tls13_MaybeTls13(sslSocket *ss); 141 unsigned int tls13_SetupAeadIv(PRBool isDTLS, SSL3ProtocolVersion v, unsigned char *ivOut, 142 unsigned char *ivIn, unsigned int offset, 143 unsigned int ivLen, DTLSEpoch epoch); 144 SECStatus tls13_AEAD(PK11Context *context, PRBool decrypt, 145 CK_GENERATOR_FUNCTION ivGen, unsigned int fixedbits, 146 const unsigned char *ivIn, unsigned char *ivOut, 147 unsigned int ivLen, 148 const unsigned char *nonceIn, unsigned int nonceLen, 149 const unsigned char *aad, unsigned int aadLen, 150 unsigned char *out, unsigned int *outLen, 151 unsigned int maxout, unsigned int tagLen, 152 const unsigned char *in, unsigned int inLen); 153 void tls13_SetSpecRecordVersion(sslSocket *ss, ssl3CipherSpec *spec); 154 SECStatus SSLExp_SendCertificateRequest(PRFileDesc *fd); 155 SECStatus tls13_ClientGreaseSetup(sslSocket *ss); 156 void tls13_ClientGreaseDestroy(sslSocket *ss); 157 SECStatus tls13_RandomGreaseValue(PRUint16 *out); 158 SECStatus tls13_MaybeGreaseExtensionType(const sslSocket *ss, 159 const SSLHandshakeType message, 160 PRUint16 *exType); 161 162 SECStatus 163 tls13_UpdateTrafficKeys(sslSocket *ss, SSLSecretDirection direction); 164 165 /* Use this instead of FATAL_ERROR when no alert shall be sent. */ 166 #define LOG_ERROR(ss, prError) \ 167 do { \ 168 SSL_TRC(3, ("%d: TLS13[%d]: fatal error %d in %s (%s:%d)", \ 169 SSL_GETPID(), ss->fd, prError, __func__, __FILE__, __LINE__)); \ 170 PORT_SetError(prError); \ 171 } while (0) 172 173 /* Log an error and generate an alert because something is irreparably wrong. */ 174 #define FATAL_ERROR(ss, prError, desc) \ 175 do { \ 176 LOG_ERROR(ss, prError); \ 177 tls13_FatalError(ss, prError, desc); \ 178 } while (0) 179 180 #endif /* __tls13con_h_ */