| /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ |
| /* |
| * This file is PRIVATE to SSL. |
| * |
| * This Source Code Form is subject to the terms of the Mozilla Public |
| * License, v. 2.0. If a copy of the MPL was not distributed with this |
| * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| |
| #ifndef __sslspec_h_ |
| #define __sslspec_h_ |
| |
| #include "sslexp.h" |
| #include "prclist.h" |
| |
| typedef enum { |
| TrafficKeyClearText = 0, |
| TrafficKeyEarlyApplicationData = 1, |
| TrafficKeyHandshake = 2, |
| TrafficKeyApplicationData = 3 |
| } TrafficKeyType; |
| |
| #define SPEC_DIR(spec) \ |
| ((spec->direction == ssl_secret_read) ? "read" : "write") |
| |
| typedef struct ssl3CipherSpecStr ssl3CipherSpec; |
| typedef struct ssl3BulkCipherDefStr ssl3BulkCipherDef; |
| typedef struct ssl3MACDefStr ssl3MACDef; |
| typedef struct ssl3CipherSuiteDefStr ssl3CipherSuiteDef; |
| typedef PRUint64 sslSequenceNumber; |
| typedef PRUint16 DTLSEpoch; |
| |
| /* The SSL bulk cipher definition */ |
| typedef enum { |
| cipher_null, |
| cipher_rc4, |
| cipher_des, |
| cipher_3des, |
| cipher_aes_128, |
| cipher_aes_256, |
| cipher_camellia_128, |
| cipher_camellia_256, |
| cipher_seed, |
| cipher_aes_128_gcm, |
| cipher_aes_256_gcm, |
| cipher_chacha20, |
| cipher_missing /* reserved for no such supported cipher */ |
| /* This enum must match ssl3_cipherName[] in ssl3con.c. */ |
| } SSL3BulkCipher; |
| |
| typedef enum { |
| type_stream, |
| type_block, |
| type_aead |
| } CipherType; |
| |
| /* |
| ** There are tables of these, all const. |
| */ |
| struct ssl3BulkCipherDefStr { |
| SSL3BulkCipher cipher; |
| SSLCipherAlgorithm calg; |
| unsigned int key_size; |
| unsigned int secret_key_size; |
| CipherType type; |
| unsigned int iv_size; |
| unsigned int block_size; |
| unsigned int tag_size; /* for AEAD ciphers. */ |
| unsigned int explicit_nonce_size; /* for AEAD ciphers. */ |
| SECOidTag oid; |
| const char *short_name; |
| /* The maximum number of records that can be sent/received with the same |
| * symmetric key before the connection will be terminated. */ |
| PRUint64 max_records; |
| }; |
| |
| /* to make some of these old enums public without namespace pollution, |
| ** it was necessary to prepend ssl_ to the names. |
| ** These #defines preserve compatibility with the old code here in libssl. |
| */ |
| typedef SSLMACAlgorithm SSL3MACAlgorithm; |
| |
| /* |
| * There are tables of these, all const. |
| */ |
| struct ssl3MACDefStr { |
| SSL3MACAlgorithm mac; |
| CK_MECHANISM_TYPE mmech; |
| int pad_size; |
| int mac_size; |
| SECOidTag oid; |
| }; |
| |
| #define MAX_IV_LENGTH 24 |
| |
| typedef struct { |
| PK11SymKey *key; |
| PK11SymKey *macKey; |
| PK11Context *macContext; |
| PRUint8 iv[MAX_IV_LENGTH]; |
| } ssl3KeyMaterial; |
| |
| typedef SECStatus (*SSLCipher)(void *context, |
| unsigned char *out, |
| unsigned int *outlen, |
| unsigned int maxout, |
| const unsigned char *in, |
| unsigned int inlen); |
| typedef SECStatus (*SSLAEADCipher)(PK11Context *context, |
| CK_GENERATOR_FUNCTION ivGen, |
| unsigned int fixedbits, |
| unsigned char *iv, unsigned int ivlen, |
| const unsigned char *aad, |
| unsigned int aadlen, |
| unsigned char *out, unsigned int *outlen, |
| unsigned int maxout, unsigned char *tag, |
| unsigned int taglen, |
| const unsigned char *in, unsigned int inlen); |
| |
| /* The DTLS anti-replay window in number of packets. Defined here because we |
| * need it in the cipher spec. Note that this is a ring buffer but left and |
| * right represent the true window, with modular arithmetic used to map them |
| * onto the buffer. |
| */ |
| #define DTLS_RECVD_RECORDS_WINDOW 1024 |
| #define RECORD_SEQ_MASK ((1ULL << 48) - 1) |
| #define RECORD_SEQ_MAX RECORD_SEQ_MASK |
| PR_STATIC_ASSERT(DTLS_RECVD_RECORDS_WINDOW % 8 == 0); |
| |
| typedef struct DTLSRecvdRecordsStr { |
| unsigned char data[DTLS_RECVD_RECORDS_WINDOW / 8]; |
| sslSequenceNumber left; |
| sslSequenceNumber right; |
| } DTLSRecvdRecords; |
| |
| /* |
| * These are the "specs" used for reading and writing records. Access to the |
| * pointers to these specs, and all the specs' contents (direct and indirect) is |
| * protected by the reader/writer lock ss->specLock. |
| */ |
| struct ssl3CipherSpecStr { |
| PRCList link; |
| PRUint8 refCt; |
| |
| SSLSecretDirection direction; |
| SSL3ProtocolVersion version; |
| SSL3ProtocolVersion recordVersion; |
| |
| const ssl3BulkCipherDef *cipherDef; |
| const ssl3MACDef *macDef; |
| |
| SSLCipher cipher; |
| void *cipherContext; |
| |
| PK11SymKey *masterSecret; |
| ssl3KeyMaterial keyMaterial; |
| |
| DTLSEpoch epoch; |
| const char *phase; |
| |
| /* The next sequence number to be sent or received. */ |
| sslSequenceNumber nextSeqNum; |
| DTLSRecvdRecords recvdRecords; |
| |
| /* The number of 0-RTT bytes that can be sent or received in TLS 1.3. This |
| * will be zero for everything but 0-RTT. */ |
| PRUint32 earlyDataRemaining; |
| /* The maximum plaintext length. This differs from the configured or |
| * negotiated value for TLS 1.3; it is reduced by one to account for the |
| * content type octet. */ |
| PRUint16 recordSizeLimit; |
| |
| /* DTLS 1.3: Sequence number masking context. */ |
| SSLMaskingContext *maskContext; |
| |
| /* DTLS 1.3: Count of decryption failures for the given key. */ |
| PRUint64 deprotectionFailures; |
| }; |
| |
| typedef void (*sslCipherSpecChangedFunc)(void *arg, |
| PRBool sending, |
| ssl3CipherSpec *newSpec); |
| |
| const ssl3BulkCipherDef *ssl_GetBulkCipherDef(const ssl3CipherSuiteDef *cipher_def); |
| const ssl3MACDef *ssl_GetMacDefByAlg(SSL3MACAlgorithm mac); |
| const ssl3MACDef *ssl_GetMacDef(const sslSocket *ss, const ssl3CipherSuiteDef *suiteDef); |
| |
| ssl3CipherSpec *ssl_CreateCipherSpec(sslSocket *ss, SSLSecretDirection direction); |
| void ssl_SaveCipherSpec(sslSocket *ss, ssl3CipherSpec *spec); |
| void ssl_CipherSpecAddRef(ssl3CipherSpec *spec); |
| void ssl_CipherSpecRelease(ssl3CipherSpec *spec); |
| void ssl_DestroyCipherSpecs(PRCList *list); |
| SECStatus ssl_SetupNullCipherSpec(sslSocket *ss, SSLSecretDirection dir); |
| |
| ssl3CipherSpec *ssl_FindCipherSpecByEpoch(sslSocket *ss, |
| SSLSecretDirection direction, |
| DTLSEpoch epoch); |
| void ssl_CipherSpecReleaseByEpoch(sslSocket *ss, SSLSecretDirection direction, |
| DTLSEpoch epoch); |
| |
| #endif /* __sslspec_h_ */ |