Source code
Revision control
Copy as Markdown
Other Tools
/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
/*
* This file is PRIVATE to SSL.
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
#ifndef __sslspec_h_
#define __sslspec_h_
#include "sslexp.h"
#include "prclist.h"
typedef enum {
TrafficKeyClearText = 0,
TrafficKeyEarlyApplicationData = 1,
TrafficKeyHandshake = 2,
TrafficKeyApplicationData = 3
} TrafficKeyType;
#define SPEC_DIR(spec) \
((spec->direction == ssl_secret_read) ? "read" : "write")
typedef struct ssl3CipherSpecStr ssl3CipherSpec;
typedef struct ssl3BulkCipherDefStr ssl3BulkCipherDef;
typedef struct ssl3MACDefStr ssl3MACDef;
typedef struct ssl3CipherSuiteDefStr ssl3CipherSuiteDef;
typedef PRUint64 sslSequenceNumber;
typedef PRUint16 DTLSEpoch;
/* The SSL bulk cipher definition */
typedef enum {
cipher_null,
cipher_rc4,
cipher_des,
cipher_3des,
cipher_aes_128,
cipher_aes_256,
cipher_camellia_128,
cipher_camellia_256,
cipher_seed,
cipher_aes_128_gcm,
cipher_aes_256_gcm,
cipher_chacha20,
cipher_missing /* reserved for no such supported cipher */
/* This enum must match ssl3_cipherName[] in ssl3con.c. */
} SSL3BulkCipher;
typedef enum {
type_stream,
type_block,
type_aead
} CipherType;
/*
** There are tables of these, all const.
*/
struct ssl3BulkCipherDefStr {
SSL3BulkCipher cipher;
SSLCipherAlgorithm calg;
unsigned int key_size;
unsigned int secret_key_size;
CipherType type;
unsigned int iv_size;
unsigned int block_size;
unsigned int tag_size; /* for AEAD ciphers. */
unsigned int explicit_nonce_size; /* for AEAD ciphers. */
SECOidTag oid;
const char *short_name;
/* The maximum number of records that can be sent/received with the same
* symmetric key before the connection will be terminated. */
PRUint64 max_records;
};
/* to make some of these old enums public without namespace pollution,
** it was necessary to prepend ssl_ to the names.
** These #defines preserve compatibility with the old code here in libssl.
*/
typedef SSLMACAlgorithm SSL3MACAlgorithm;
/*
* There are tables of these, all const.
*/
struct ssl3MACDefStr {
SSL3MACAlgorithm mac;
CK_MECHANISM_TYPE mmech;
int pad_size;
int mac_size;
SECOidTag oid;
};
#define MAX_IV_LENGTH 24
typedef struct {
PK11SymKey *key;
PK11SymKey *macKey;
PK11Context *macContext;
PRUint8 iv[MAX_IV_LENGTH];
} ssl3KeyMaterial;
typedef SECStatus (*SSLCipher)(void *context,
unsigned char *out,
unsigned int *outlen,
unsigned int maxout,
const unsigned char *in,
unsigned int inlen);
typedef SECStatus (*SSLAEADCipher)(PK11Context *context,
CK_GENERATOR_FUNCTION ivGen,
unsigned int fixedbits,
unsigned char *iv, unsigned int ivlen,
const unsigned char *aad,
unsigned int aadlen,
unsigned char *out, unsigned int *outlen,
unsigned int maxout, unsigned char *tag,
unsigned int taglen,
const unsigned char *in, unsigned int inlen);
/* The DTLS anti-replay window in number of packets. Defined here because we
* need it in the cipher spec. Note that this is a ring buffer but left and
* right represent the true window, with modular arithmetic used to map them
* onto the buffer.
*/
#define DTLS_RECVD_RECORDS_WINDOW 1024
#define RECORD_SEQ_MASK ((1ULL << 48) - 1)
#define RECORD_SEQ_MAX RECORD_SEQ_MASK
PR_STATIC_ASSERT(DTLS_RECVD_RECORDS_WINDOW % 8 == 0);
typedef struct DTLSRecvdRecordsStr {
unsigned char data[DTLS_RECVD_RECORDS_WINDOW / 8];
sslSequenceNumber left;
sslSequenceNumber right;
} DTLSRecvdRecords;
/*
* These are the "specs" used for reading and writing records. Access to the
* pointers to these specs, and all the specs' contents (direct and indirect) is
* protected by the reader/writer lock ss->specLock.
*/
struct ssl3CipherSpecStr {
PRCList link;
PRUint8 refCt;
SSLSecretDirection direction;
SSL3ProtocolVersion version;
SSL3ProtocolVersion recordVersion;
const ssl3BulkCipherDef *cipherDef;
const ssl3MACDef *macDef;
SSLCipher cipher;
void *cipherContext;
PK11SymKey *masterSecret;
ssl3KeyMaterial keyMaterial;
DTLSEpoch epoch;
const char *phase;
/* The next sequence number to be sent or received. */
sslSequenceNumber nextSeqNum;
DTLSRecvdRecords recvdRecords;
/* The number of 0-RTT bytes that can be sent or received in TLS 1.3. This
* will be zero for everything but 0-RTT. */
PRUint32 earlyDataRemaining;
/* The maximum plaintext length. This differs from the configured or
* negotiated value for TLS 1.3; it is reduced by one to account for the
* content type octet. */
PRUint16 recordSizeLimit;
/* DTLS 1.3: Sequence number masking context. */
SSLMaskingContext *maskContext;
/* DTLS 1.3: Count of decryption failures for the given key. */
PRUint64 deprotectionFailures;
};
typedef void (*sslCipherSpecChangedFunc)(void *arg,
PRBool sending,
ssl3CipherSpec *newSpec);
const ssl3BulkCipherDef *ssl_GetBulkCipherDef(const ssl3CipherSuiteDef *cipher_def);
const ssl3MACDef *ssl_GetMacDefByAlg(SSL3MACAlgorithm mac);
const ssl3MACDef *ssl_GetMacDef(const sslSocket *ss, const ssl3CipherSuiteDef *suiteDef);
ssl3CipherSpec *ssl_CreateCipherSpec(sslSocket *ss, SSLSecretDirection direction);
void ssl_SaveCipherSpec(sslSocket *ss, ssl3CipherSpec *spec);
void ssl_CipherSpecAddRef(ssl3CipherSpec *spec);
void ssl_CipherSpecRelease(ssl3CipherSpec *spec);
void ssl_DestroyCipherSpecs(PRCList *list);
SECStatus ssl_SetupNullCipherSpec(sslSocket *ss, SSLSecretDirection dir);
ssl3CipherSpec *ssl_FindCipherSpecByEpoch(sslSocket *ss,
SSLSecretDirection direction,
DTLSEpoch epoch);
void ssl_CipherSpecReleaseByEpoch(sslSocket *ss, SSLSecretDirection direction,
DTLSEpoch epoch);
#endif /* __sslspec_h_ */