2 * This file contains prototypes for the public SSL functions.
4 * This Source Code Form is subject to the terms of the Mozilla Public
5 * License, v. 2.0. If a copy of the MPL was not distributed with this
6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
13 /* SECItemArray is added in NSS 3.15. Define the type if compiling
14 ** against an older version of NSS.
17 #if NSSUTIL_VMAJOR == 3 && NSSUTIL_VMINOR < 15
18 typedef struct SECItemArrayStr SECItemArray;
20 struct SECItemArrayStr {
24 #endif /* NSSUTIL_VMAJOR == 3 && NSSUTIL_VMINOR < 15 */
26 typedef struct SSL3StatisticsStr {
27 /* statistics from ssl3_SendClientHello (sch) */
28 long sch_sid_cache_hits;
29 long sch_sid_cache_misses;
30 long sch_sid_cache_not_ok;
32 /* statistics from ssl3_HandleServerHello (hsh) */
33 long hsh_sid_cache_hits;
34 long hsh_sid_cache_misses;
35 long hsh_sid_cache_not_ok;
37 /* statistics from ssl3_HandleClientHello (hch) */
38 long hch_sid_cache_hits;
39 long hch_sid_cache_misses;
40 long hch_sid_cache_not_ok;
42 /* statistics related to stateless resume */
43 long sch_sid_stateless_resumes;
44 long hsh_sid_stateless_resumes;
45 long hch_sid_stateless_resumes;
46 long hch_sid_ticket_parse_failures;
49 /* Key Exchange algorithm values */
54 ssl_kea_fortezza = 3, /* deprecated, now unused */
56 ssl_kea_size /* number of ssl_kea_ algorithms */
59 /* The following defines are for backwards compatibility.
60 ** They will be removed in a forthcoming release to reduce namespace pollution.
61 ** programs that use the kt_ symbols should convert to the ssl_kt_ symbols
64 #define kt_null ssl_kea_null
65 #define kt_rsa ssl_kea_rsa
66 #define kt_dh ssl_kea_dh
67 #define kt_fortezza ssl_kea_fortezza /* deprecated, now unused */
68 #define kt_ecdh ssl_kea_ecdh
69 #define kt_kea_size ssl_kea_size
93 ssl_calg_fortezza = 6, /* deprecated, now unused */
95 ssl_calg_camellia = 8,
97 ssl_calg_aes_gcm = 10,
98 ssl_calg_chacha20 = 11
105 ssl_hmac_md5 = 3, /* TLS HMAC version of mac_md5 */
106 ssl_hmac_sha = 4, /* TLS HMAC version of mac_sha */
112 ssl_compression_null = 0,
113 ssl_compression_deflate = 1 /* RFC 3749 */
114 } SSLCompressionMethod;
116 typedef struct SSLChannelInfoStr {
118 PRUint16 protocolVersion;
119 PRUint16 cipherSuite;
121 /* server authentication info */
122 PRUint32 authKeyBits;
124 /* key exchange algorithm info */
128 PRUint32 creationTime; /* seconds since Jan 1, 1970 */
129 PRUint32 lastAccessTime; /* seconds since Jan 1, 1970 */
130 PRUint32 expirationTime; /* seconds since Jan 1, 1970 */
131 PRUint32 sessionIDLength; /* up to 32 */
132 PRUint8 sessionID [32];
134 /* The following fields are added in NSS 3.12.5. */
136 /* compression method info */
137 const char * compressionMethodName;
138 SSLCompressionMethod compressionMethod;
141 typedef struct SSLCipherSuiteInfoStr {
143 PRUint16 cipherSuite;
145 /* Cipher Suite Name */
146 const char * cipherSuiteName;
148 /* server authentication info */
149 const char * authAlgorithmName;
150 SSLAuthType authAlgorithm;
152 /* key exchange algorithm info */
153 const char * keaTypeName;
156 /* symmetric encryption info */
157 const char * symCipherName;
158 SSLCipherAlgorithm symCipher;
160 PRUint16 symKeySpace;
161 PRUint16 effectiveKeyBits;
164 /* AEAD ciphers don't have a MAC. For an AEAD cipher, macAlgorithmName
165 * is "AEAD", macAlgorithm is ssl_mac_aead, and macBits is the length in
166 * bits of the authentication tag. */
167 const char * macAlgorithmName;
168 SSLMACAlgorithm macAlgorithm;
172 PRUintn isExportable : 1;
173 PRUintn nonStandard : 1;
174 PRUintn reservedBits :29;
176 } SSLCipherSuiteInfo;
179 ssl_variant_stream = 0,
180 ssl_variant_datagram = 1
181 } SSLProtocolVariant;
183 typedef struct SSLVersionRangeStr {
189 SSL_sni_host_name = 0,
193 /* Supported extensions. */
194 /* Update SSL_MAX_EXTENSIONS whenever a new extension type is added. */
196 ssl_server_name_xtn = 0,
197 ssl_cert_status_xtn = 5,
198 #ifdef NSS_ENABLE_ECC
199 ssl_elliptic_curves_xtn = 10,
200 ssl_ec_point_formats_xtn = 11,
202 ssl_signature_algorithms_xtn = 13,
203 ssl_use_srtp_xtn = 14,
204 ssl_app_layer_protocol_xtn = 16,
205 ssl_signed_certificate_timestamp_xtn = 18, /* RFC 6962 */
206 ssl_padding_xtn = 21,
207 ssl_session_ticket_xtn = 35,
208 ssl_next_proto_nego_xtn = 13172,
209 ssl_channel_id_xtn = 30032,
210 ssl_renegotiation_info_xtn = 0xff01 /* experimental number */
213 #define SSL_MAX_EXTENSIONS 12 /* doesn't include ssl_padding_xtn. */
215 #endif /* __sslt_h_ */