"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "nss/lib/ssl/tls13ech.h" between
nss-3.61.tar.gz and nss-3.62.tar.gz

About: NSS is a set of libraries, APIs, utilities, and documentation designed to support cross-platform development of security-enabled client and server applications. It provides a complete implementation of the crypto libraries used by Mozilla and other companies.

tls13ech.h  (nss-3.61):tls13ech.h  (nss-3.62)
skipping to change at line 14 skipping to change at line 14
* *
* This Source Code Form is subject to the terms of the Mozilla Public * This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this * License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef __tls13ech_h_ #ifndef __tls13ech_h_
#define __tls13ech_h_ #define __tls13ech_h_
#include "pk11hpke.h" #include "pk11hpke.h"
/* draft-08, shared-mode only. /* draft-09, supporting shared-mode and split-mode as a backend server only.
* Notes on the implementation status: * Notes on the implementation status:
* - Padding (https://tools.ietf.org/html/draft-ietf-tls-esni-08#section-6.2), * - Padding (https://tools.ietf.org/html/draft-ietf-tls-esni-08#section-6.2),
* is not implemented (see bug 1677181). * is not implemented (see bug 1677181).
* - When multiple ECHConfigs are provided by the server, the first compatible * - When multiple ECHConfigs are provided by the server, the first compatible
* config is selected by the client. Ciphersuite choices are limited and only * config is selected by the client. Ciphersuite choices are limited and only
* the AEAD may vary (AES-128-GCM or ChaCha20Poly1305). * the AEAD may vary (AES-128-GCM or ChaCha20Poly1305).
* - Some of the buffering (construction/compression/decompression) could likely * - Some of the buffering (construction/compression/decompression) could likely
* be optimized, but the spec is still evolving so that work is deferred. * be optimized, but the spec is still evolving so that work is deferred.
*/ */
#define TLS13_ECH_VERSION 0xfe08 #define TLS13_ECH_VERSION 0xfe09
#define TLS13_ECH_SIGNAL_LEN 8 #define TLS13_ECH_SIGNAL_LEN 8
static const char kHpkeInfoEch[] = "tls ech"; static const char kHpkeInfoEch[] = "tls ech";
static const char kHpkeInfoEchHrr[] = "tls ech hrr key";
static const char kHpkeLabelHrrPsk[] = "hrr key";
static const char hHkdfInfoEchConfigID[] = "tls ech config id"; static const char hHkdfInfoEchConfigID[] = "tls ech config id";
static const char kHkdfInfoEchConfirm[] = "ech accept confirmation"; static const char kHkdfInfoEchConfirm[] = "ech accept confirmation";
struct sslEchConfigContentsStr { struct sslEchConfigContentsStr {
char *publicName; char *publicName;
SECItem publicKey; /* NULL on server. Use the keypair in sslEchConfig instea d. */ SECItem publicKey; /* NULL on server. Use the keypair in sslEchConfig instea d. */
HpkeKemId kemId; HpkeKemId kemId;
HpkeKdfId kdfId; HpkeKdfId kdfId;
HpkeAeadId aeadId; HpkeAeadId aeadId;
SECItem suites; /* One or more HpkeCipherSuites. The selected s SECItem suites; /* One or more HpkeCipherSuites. The selected s
* suite is placed in kdfId and aeadId. */ * suite is placed in kdfId and aeadId. */
PRUint16 maxNameLen; PRUint16 maxNameLen;
/* No supported extensions. */ /* No supported extensions. */
}; };
struct sslEchConfigStr { struct sslEchConfigStr {
PRCList link; PRCList link;
SECItem raw; SECItem raw;
PRUint8 configId[32]; PRUint8 configId[8];
PRUint16 version; PRUint16 version;
sslEchConfigContents contents; sslEchConfigContents contents;
}; };
struct sslEchXtnStateStr {
SECItem innerCh; /* Server: ClientECH.payload */
SECItem senderPubKey; /* Server: ClientECH.enc */
SECItem configId; /* Server: ClientECH.config_id */
HpkeKdfId kdfId; /* Server: ClientECH.cipher_suite.kdf */
HpkeAeadId aeadId; /* Server: ClientECH.cipher_suite.aead */
SECItem retryConfigs; /* Client: ServerECH.retry_configs*/
PRBool retryConfigsValid; /* Client: Extraction of retry_configss is allowed
.
* This is set once the handshake completes (havi
ng
* verified to the ECHConfig public name). */
};
SECStatus SSLExp_EncodeEchConfig(const char *publicName, const PRUint32 *hpkeSui tes, SECStatus SSLExp_EncodeEchConfig(const char *publicName, const PRUint32 *hpkeSui tes,
unsigned int hpkeSuiteCount, HpkeKemId kemId, unsigned int hpkeSuiteCount, HpkeKemId kemId,
const SECKEYPublicKey *pubKey, PRUint16 maxName Len, const SECKEYPublicKey *pubKey, PRUint16 maxName Len,
PRUint8 *out, unsigned int *outlen, unsigned in t maxlen); PRUint8 *out, unsigned int *outlen, unsigned in t maxlen);
SECStatus SSLExp_GetEchRetryConfigs(PRFileDesc *fd, SECItem *retryConfigs); SECStatus SSLExp_GetEchRetryConfigs(PRFileDesc *fd, SECItem *retryConfigs);
SECStatus SSLExp_SetClientEchConfigs(PRFileDesc *fd, const PRUint8 *echConfigs, SECStatus SSLExp_SetClientEchConfigs(PRFileDesc *fd, const PRUint8 *echConfigs,
unsigned int echConfigsLen); unsigned int echConfigsLen);
SECStatus SSLExp_SetServerEchConfigs(PRFileDesc *fd, SECStatus SSLExp_SetServerEchConfigs(PRFileDesc *fd,
const SECKEYPublicKey *pubKey, const SECKEY PrivateKey *privKey, const SECKEYPublicKey *pubKey, const SECKEY PrivateKey *privKey,
const PRUint8 *echConfigs, unsigned int num EchConfigs); const PRUint8 *echConfigs, unsigned int num EchConfigs);
SECStatus SSLExp_RemoveEchConfigs(PRFileDesc *fd); SECStatus SSLExp_RemoveEchConfigs(PRFileDesc *fd);
SECStatus tls13_ClientSetupEch(sslSocket *ss, sslClientHelloType type); SECStatus tls13_ClientSetupEch(sslSocket *ss, sslClientHelloType type);
SECStatus tls13_ConstructClientHelloWithEch(sslSocket *ss, const sslSessionID *s id, SECStatus tls13_ConstructClientHelloWithEch(sslSocket *ss, const sslSessionID *s id,
PRBool freshSid, sslBuffer *chOuterB uf, PRBool freshSid, sslBuffer *chOuterB uf,
sslBuffer *chInnerXtnsBuf); sslBuffer *chInnerXtnsBuf);
SECStatus tls13_CopyEchConfigs(PRCList *oconfigs, PRCList *configs); SECStatus tls13_CopyEchConfigs(PRCList *oconfigs, PRCList *configs);
SECStatus tls13_DecodeEchConfigs(const SECItem *data, PRCList *configs); SECStatus tls13_DecodeEchConfigs(const SECItem *data, PRCList *configs);
void tls13_DestroyEchConfigs(PRCList *list); void tls13_DestroyEchConfigs(PRCList *list);
void tls13_DestroyEchXtnState(sslEchXtnState *state);
SECStatus tls13_GetMatchingEchConfig(const sslSocket *ss, HpkeKdfId kdf, HpkeAea dId aead, SECStatus tls13_GetMatchingEchConfig(const sslSocket *ss, HpkeKdfId kdf, HpkeAea dId aead,
const SECItem *configId, sslEchConfig **cfg ); const SECItem *configId, sslEchConfig **cfg );
SECStatus tls13_MaybeHandleEch(sslSocket *ss, const PRUint8 *msg, PRUint32 msgLe n, SECItem *sidBytes, SECStatus tls13_MaybeHandleEch(sslSocket *ss, const PRUint8 *msg, PRUint32 msgLe n, SECItem *sidBytes,
SECItem *comps, SECItem *cookieBytes, SECItem *su ites, SECItem **echInner); SECItem *comps, SECItem *cookieBytes, SECItem *su ites, SECItem **echInner);
SECStatus tls13_MaybeHandleEchSignal(sslSocket *ss); SECStatus tls13_MaybeHandleEchSignal(sslSocket *ss, const PRUint8 *savedMsg, PRU int32 savedLength);
SECStatus tls13_MaybeAcceptEch(sslSocket *ss, const SECItem *sidBytes, const PRU int8 *chOuter, SECStatus tls13_MaybeAcceptEch(sslSocket *ss, const SECItem *sidBytes, const PRU int8 *chOuter,
unsigned int chOuterLen, SECItem **chInner); unsigned int chOuterLen, SECItem **chInner);
SECStatus tls13_MaybeGreaseEch(sslSocket *ss, unsigned int prefixLen, sslBuffer *buf); SECStatus tls13_MaybeGreaseEch(sslSocket *ss, unsigned int prefixLen, sslBuffer *buf);
SECStatus tls13_WriteServerEchSignal(sslSocket *ss); SECStatus tls13_WriteServerEchSignal(sslSocket *ss, PRUint8 *sh, unsigned int sh Len);
#endif #endif
 End of changes. 8 change blocks. 
7 lines changed or deleted 20 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)