зеркало из https://github.com/mozilla/gecko-dev.git
160 строки
6.8 KiB
C
160 строки
6.8 KiB
C
/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
|
|
/*
|
|
* This file is PRIVATE to SSL.
|
|
*
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
#ifndef __ssl3ext_h_
|
|
#define __ssl3ext_h_
|
|
|
|
typedef enum {
|
|
sni_nametype_hostname
|
|
} SNINameType;
|
|
typedef struct TLSExtensionDataStr TLSExtensionData;
|
|
|
|
/* registerable callback function that either appends extension to buffer
|
|
* or returns length of data that it would have appended.
|
|
*/
|
|
typedef PRInt32 (*ssl3HelloExtensionSenderFunc)(const sslSocket *ss,
|
|
TLSExtensionData *xtnData,
|
|
PRBool append,
|
|
PRUint32 maxBytes);
|
|
|
|
/* registerable callback function that handles a received extension,
|
|
* of the given type.
|
|
*/
|
|
typedef SECStatus (*ssl3ExtensionHandlerFunc)(const sslSocket *ss,
|
|
TLSExtensionData *xtnData,
|
|
PRUint16 ex_type,
|
|
SECItem *data);
|
|
|
|
/* row in a table of hello extension senders */
|
|
typedef struct {
|
|
PRInt32 ex_type;
|
|
ssl3HelloExtensionSenderFunc ex_sender;
|
|
} ssl3HelloExtensionSender;
|
|
|
|
/* row in a table of hello extension handlers */
|
|
typedef struct {
|
|
PRInt32 ex_type;
|
|
ssl3ExtensionHandlerFunc ex_handler;
|
|
} ssl3ExtensionHandler;
|
|
|
|
struct TLSExtensionDataStr {
|
|
/* registered callbacks that send server hello extensions */
|
|
ssl3HelloExtensionSender serverHelloSenders[SSL_MAX_EXTENSIONS];
|
|
ssl3HelloExtensionSender encryptedExtensionsSenders[SSL_MAX_EXTENSIONS];
|
|
ssl3HelloExtensionSender certificateSenders[SSL_MAX_EXTENSIONS];
|
|
|
|
/* Keep track of the extensions that are negotiated. */
|
|
PRUint16 numAdvertised;
|
|
PRUint16 numNegotiated;
|
|
PRUint16 advertised[SSL_MAX_EXTENSIONS];
|
|
PRUint16 negotiated[SSL_MAX_EXTENSIONS];
|
|
|
|
/* Amount of padding we need to add. */
|
|
PRUint16 paddingLen;
|
|
|
|
/* SessionTicket Extension related data. */
|
|
PRBool ticketTimestampVerified;
|
|
PRBool emptySessionTicket;
|
|
PRBool sentSessionTicketInClientHello;
|
|
SECItem psk_ke_modes;
|
|
PRUint32 max_early_data_size;
|
|
|
|
/* SNI Extension related data
|
|
* Names data is not coppied from the input buffer. It can not be
|
|
* used outside the scope where input buffer is defined and that
|
|
* is beyond ssl3_HandleClientHello function. */
|
|
SECItem *sniNameArr;
|
|
PRUint32 sniNameArrSize;
|
|
|
|
/* Signed Certificate Timestamps extracted from the TLS extension.
|
|
* (client only).
|
|
* This container holds a temporary pointer to the extension data,
|
|
* until a session structure (the sec.ci.sid of an sslSocket) is setup
|
|
* that can hold a permanent copy of the data
|
|
* (in sec.ci.sid.u.ssl3.signedCertTimestamps).
|
|
* The data pointed to by this structure is neither explicitly allocated
|
|
* nor copied: the pointer points to the handshake message buffer and is
|
|
* only valid in the scope of ssl3_HandleServerHello.
|
|
*/
|
|
SECItem signedCertTimestamps;
|
|
|
|
PRBool peerSupportsFfdheGroups; /* if the peer supports named ffdhe groups */
|
|
|
|
/* clientSigAndHash contains the contents of the signature_algorithms
|
|
* extension (if any) from the client. This is only valid for TLS 1.2
|
|
* or later. */
|
|
SSLSignatureScheme *clientSigSchemes;
|
|
unsigned int numClientSigScheme;
|
|
|
|
/* In a client: if the server supports Next Protocol Negotiation, then
|
|
* this is the protocol that was negotiated.
|
|
*/
|
|
SECItem nextProto;
|
|
SSLNextProtoState nextProtoState;
|
|
|
|
PRUint16 dtlsSRTPCipherSuite; /* 0 if not selected */
|
|
|
|
SECItem pskBinder; /* The PSK binder for the first PSK (TLS 1.3) */
|
|
unsigned long pskBinderPrefixLen; /* The length of the binder input. */
|
|
PRCList remoteKeyShares; /* The other side's public keys (TLS 1.3) */
|
|
};
|
|
|
|
typedef struct TLSExtensionStr {
|
|
PRCList link; /* The linked list link */
|
|
PRUint16 type; /* Extension type */
|
|
SECItem data; /* Pointers into the handshake data. */
|
|
} TLSExtension;
|
|
|
|
SECStatus ssl3_HandleExtensions(sslSocket *ss,
|
|
PRUint8 **b, PRUint32 *length,
|
|
SSL3HandshakeType handshakeMessage);
|
|
SECStatus ssl3_ParseExtensions(sslSocket *ss,
|
|
PRUint8 **b, PRUint32 *length);
|
|
SECStatus ssl3_HandleParsedExtensions(sslSocket *ss,
|
|
SSL3HandshakeType handshakeMessage);
|
|
TLSExtension *ssl3_FindExtension(sslSocket *ss,
|
|
SSLExtensionType extension_type);
|
|
void ssl3_DestroyRemoteExtensions(PRCList *list);
|
|
void ssl3_InitExtensionData(TLSExtensionData *xtnData);
|
|
void ssl3_ResetExtensionData(TLSExtensionData *xtnData);
|
|
|
|
PRBool ssl3_ExtensionNegotiated(const sslSocket *ss, PRUint16 ex_type);
|
|
PRBool ssl3_ClientExtensionAdvertised(const sslSocket *ss, PRUint16 ex_type);
|
|
|
|
SECStatus ssl3_RegisterExtensionSender(const sslSocket *ss,
|
|
TLSExtensionData *xtnData,
|
|
PRUint16 ex_type,
|
|
ssl3HelloExtensionSenderFunc cb);
|
|
PRInt32 ssl3_CallHelloExtensionSenders(sslSocket *ss, PRBool append, PRUint32 maxBytes,
|
|
const ssl3HelloExtensionSender *sender);
|
|
|
|
void ssl3_CalculatePaddingExtLen(sslSocket *ss,
|
|
unsigned int clientHelloLength);
|
|
|
|
/* Thunks to let us operate on const sslSocket* objects. */
|
|
SECStatus ssl3_ExtAppendHandshake(const sslSocket *ss, const void *void_src,
|
|
PRInt32 bytes);
|
|
SECStatus ssl3_ExtAppendHandshakeNumber(const sslSocket *ss, PRInt32 num,
|
|
PRInt32 lenSize);
|
|
SECStatus ssl3_ExtAppendHandshakeVariable(const sslSocket *ss,
|
|
const PRUint8 *src, PRInt32 bytes,
|
|
PRInt32 lenSize);
|
|
void ssl3_ExtSendAlert(const sslSocket *ss, SSL3AlertLevel level,
|
|
SSL3AlertDescription desc);
|
|
void ssl3_ExtDecodeError(const sslSocket *ss);
|
|
SECStatus ssl3_ExtConsumeHandshake(const sslSocket *ss, void *v, PRUint32 bytes,
|
|
PRUint8 **b, PRUint32 *length);
|
|
SECStatus ssl3_ExtConsumeHandshakeNumber(const sslSocket *ss, PRUint32 *num,
|
|
PRUint32 bytes, PRUint8 **b,
|
|
PRUint32 *length);
|
|
SECStatus ssl3_ExtConsumeHandshakeVariable(const sslSocket *ss, SECItem *i,
|
|
PRUint32 bytes, PRUint8 **b,
|
|
PRUint32 *length);
|
|
|
|
#endif
|