OLD | NEW |
| (Empty) |
1 /* | |
2 * Various and sundry protocol constants. DON'T CHANGE THESE. These values | |
3 * are mostly defined by the SSL2, SSL3, or TLS protocol specifications. | |
4 * Cipher kinds and ciphersuites are part of the public API. | |
5 * | |
6 * This Source Code Form is subject to the terms of the Mozilla Public | |
7 * License, v. 2.0. If a copy of the MPL was not distributed with this | |
8 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | |
9 | |
10 #ifndef __sslproto_h_ | |
11 #define __sslproto_h_ | |
12 | |
13 /* clang-format off */ | |
14 | |
15 /* All versions less than 3_0 are treated as SSL version 2 */ | |
16 #define SSL_LIBRARY_VERSION_2 0x0002 | |
17 #define SSL_LIBRARY_VERSION_3_0 0x0300 | |
18 #define SSL_LIBRARY_VERSION_TLS_1_0 0x0301 | |
19 #define SSL_LIBRARY_VERSION_TLS_1_1 0x0302 | |
20 #define SSL_LIBRARY_VERSION_TLS_1_2 0x0303 | |
21 #define SSL_LIBRARY_VERSION_TLS_1_3 0x0304 | |
22 | |
23 /* Note: this is the internal format, not the wire format */ | |
24 #define SSL_LIBRARY_VERSION_DTLS_1_0 0x0302 | |
25 #define SSL_LIBRARY_VERSION_DTLS_1_2 0x0303 | |
26 #define SSL_LIBRARY_VERSION_DTLS_1_3 0x0304 | |
27 | |
28 /* deprecated old name */ | |
29 #define SSL_LIBRARY_VERSION_3_1_TLS SSL_LIBRARY_VERSION_TLS_1_0 | |
30 | |
31 /* The DTLS versions used in the spec */ | |
32 #define SSL_LIBRARY_VERSION_DTLS_1_0_WIRE ((~0x0100) & 0xffff) | |
33 #define SSL_LIBRARY_VERSION_DTLS_1_2_WIRE ((~0x0102) & 0xffff) | |
34 #define SSL_LIBRARY_VERSION_DTLS_1_3_WIRE ((~0x0103) & 0xffff) | |
35 | |
36 /* Header lengths of some of the messages */ | |
37 #define SSL_HL_ERROR_HBYTES 3 | |
38 #define SSL_HL_CLIENT_HELLO_HBYTES 9 | |
39 #define SSL_HL_CLIENT_MASTER_KEY_HBYTES 10 | |
40 #define SSL_HL_CLIENT_FINISHED_HBYTES 1 | |
41 #define SSL_HL_SERVER_HELLO_HBYTES 11 | |
42 #define SSL_HL_SERVER_VERIFY_HBYTES 1 | |
43 #define SSL_HL_SERVER_FINISHED_HBYTES 1 | |
44 #define SSL_HL_REQUEST_CERTIFICATE_HBYTES 2 | |
45 #define SSL_HL_CLIENT_CERTIFICATE_HBYTES 6 | |
46 | |
47 /* Security handshake protocol codes */ | |
48 #define SSL_MT_ERROR 0 | |
49 #define SSL_MT_CLIENT_HELLO 1 | |
50 #define SSL_MT_CLIENT_MASTER_KEY 2 | |
51 #define SSL_MT_CLIENT_FINISHED 3 | |
52 #define SSL_MT_SERVER_HELLO 4 | |
53 #define SSL_MT_SERVER_VERIFY 5 | |
54 #define SSL_MT_SERVER_FINISHED 6 | |
55 #define SSL_MT_REQUEST_CERTIFICATE 7 | |
56 #define SSL_MT_CLIENT_CERTIFICATE 8 | |
57 | |
58 /* Certificate types */ | |
59 #define SSL_CT_X509_CERTIFICATE 0x01 | |
60 #if 0 /* XXX Not implemented yet */ | |
61 #define SSL_PKCS6_CERTIFICATE 0x02 | |
62 #endif | |
63 #define SSL_AT_MD5_WITH_RSA_ENCRYPTION 0x01 | |
64 | |
65 /* Error codes */ | |
66 #define SSL_PE_NO_CYPHERS 0x0001 | |
67 #define SSL_PE_NO_CERTIFICATE 0x0002 | |
68 #define SSL_PE_BAD_CERTIFICATE 0x0004 | |
69 #define SSL_PE_UNSUPPORTED_CERTIFICATE_TYPE 0x0006 | |
70 | |
71 /* Cypher kinds (not the spec version!) */ | |
72 #define SSL_CK_RC4_128_WITH_MD5 0x01 | |
73 #define SSL_CK_RC4_128_EXPORT40_WITH_MD5 0x02 | |
74 #define SSL_CK_RC2_128_CBC_WITH_MD5 0x03 | |
75 #define SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 0x04 | |
76 #define SSL_CK_IDEA_128_CBC_WITH_MD5 0x05 | |
77 #define SSL_CK_DES_64_CBC_WITH_MD5 0x06 | |
78 #define SSL_CK_DES_192_EDE3_CBC_WITH_MD5 0x07 | |
79 | |
80 /* Cipher enables. These are used only for SSL_EnableCipher | |
81 * These values define the SSL2 suites, and do not colide with the | |
82 * SSL3 Cipher suites defined below. | |
83 */ | |
84 #define SSL_EN_RC4_128_WITH_MD5 0xFF01 | |
85 #define SSL_EN_RC4_128_EXPORT40_WITH_MD5 0xFF02 | |
86 #define SSL_EN_RC2_128_CBC_WITH_MD5 0xFF03 | |
87 #define SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5 0xFF04 | |
88 #define SSL_EN_IDEA_128_CBC_WITH_MD5 0xFF05 | |
89 #define SSL_EN_DES_64_CBC_WITH_MD5 0xFF06 | |
90 #define SSL_EN_DES_192_EDE3_CBC_WITH_MD5 0xFF07 | |
91 | |
92 /* Deprecated SSL 3.0 & libssl names replaced by IANA-registered TLS names. */ | |
93 #ifndef SSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES | |
94 #define SSL_NULL_WITH_NULL_NULL TLS_NULL_WITH_NULL_NULL | |
95 #define SSL_RSA_WITH_NULL_MD5 TLS_RSA_WITH_NULL_MD5 | |
96 #define SSL_RSA_WITH_NULL_SHA TLS_RSA_WITH_NULL_SHA | |
97 #define SSL_RSA_EXPORT_WITH_RC4_40_MD5 TLS_RSA_EXPORT_WITH_RC4_40_MD5 | |
98 #define SSL_RSA_WITH_RC4_128_MD5 TLS_RSA_WITH_RC4_128_MD5 | |
99 #define SSL_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_RC4_128_SHA | |
100 #define SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD
5 | |
101 #define SSL_RSA_WITH_IDEA_CBC_SHA TLS_RSA_WITH_IDEA_CBC_SHA | |
102 #define SSL_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_RSA_EXPORT_WITH_DES40_CBC_SHA | |
103 #define SSL_RSA_WITH_DES_CBC_SHA TLS_RSA_WITH_DES_CBC_SHA | |
104 #define SSL_RSA_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA | |
105 #define SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA TLS_DH_DSS_EXPORT_WITH_DES40_CBC_
SHA | |
106 #define SSL_DH_DSS_WITH_DES_CBC_SHA TLS_DH_DSS_WITH_DES_CBC_SHA | |
107 #define SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA | |
108 #define SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_DH_RSA_EXPORT_WITH_DES40_CBC_
SHA | |
109 #define SSL_DH_RSA_WITH_DES_CBC_SHA TLS_DH_RSA_WITH_DES_CBC_SHA | |
110 #define SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA | |
111 #define SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA TLS_DHE_DSS_EXPORT_WITH_DES40_CBC
_SHA | |
112 #define SSL_DHE_DSS_WITH_DES_CBC_SHA TLS_DHE_DSS_WITH_DES_CBC_SHA | |
113 #define SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA | |
114 #define SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_DHE_RSA_EXPORT_WITH_DES40_CBC
_SHA | |
115 #define SSL_DHE_RSA_WITH_DES_CBC_SHA TLS_DHE_RSA_WITH_DES_CBC_SHA | |
116 #define SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA | |
117 #define SSL_DH_ANON_WITH_RC4_128_MD5 TLS_DH_anon_WITH_RC4_128_MD5 | |
118 #define SSL_DH_ANON_EXPORT_WITH_DES40_CBC_SHA TLS_DH_anon_EXPORT_WITH_DES40_CBC
_SHA | |
119 #define SSL_DH_ANON_WITH_DES_CBC_SHA TLS_DH_anon_WITH_DES_CBC_SHA | |
120 #define SSL_DH_ANON_WITH_3DES_EDE_CBC_SHA TLS_DH_anon_WITH_3DES_EDE_CBC_SHA | |
121 #define SSL_DH_ANON_EXPORT_WITH_RC4_40_MD5 TLS_DH_anon_EXPORT_WITH_RC4_40_MD
5 | |
122 #define TLS_DH_ANON_WITH_AES_128_CBC_SHA TLS_DH_anon_WITH_AES_128_CBC_SHA | |
123 #define TLS_DH_ANON_WITH_AES_256_CBC_SHA TLS_DH_anon_WITH_AES_256_CBC_SHA | |
124 #define TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA TLS_DH_anon_WITH_CAMELLIA_128_CBC
_SHA | |
125 #define TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA TLS_DH_anon_WITH_CAMELLIA_256_CBC
_SHA | |
126 #endif | |
127 | |
128 #define TLS_NULL_WITH_NULL_NULL 0x0000 | |
129 | |
130 #define TLS_RSA_WITH_NULL_MD5 0x0001 | |
131 #define TLS_RSA_WITH_NULL_SHA 0x0002 | |
132 #define TLS_RSA_EXPORT_WITH_RC4_40_MD5 0x0003 | |
133 #define TLS_RSA_WITH_RC4_128_MD5 0x0004 | |
134 #define TLS_RSA_WITH_RC4_128_SHA 0x0005 | |
135 #define TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 0x0006 | |
136 #define TLS_RSA_WITH_IDEA_CBC_SHA 0x0007 | |
137 #define TLS_RSA_EXPORT_WITH_DES40_CBC_SHA 0x0008 | |
138 #define TLS_RSA_WITH_DES_CBC_SHA 0x0009 | |
139 #define TLS_RSA_WITH_3DES_EDE_CBC_SHA 0x000a | |
140 | |
141 #define TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA 0x000b | |
142 #define TLS_DH_DSS_WITH_DES_CBC_SHA 0x000c | |
143 #define TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA 0x000d | |
144 #define TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA 0x000e | |
145 #define TLS_DH_RSA_WITH_DES_CBC_SHA 0x000f | |
146 #define TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA 0x0010 | |
147 | |
148 #define TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA 0x0011 | |
149 #define TLS_DHE_DSS_WITH_DES_CBC_SHA 0x0012 | |
150 #define TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA 0x0013 | |
151 #define TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA 0x0014 | |
152 #define TLS_DHE_RSA_WITH_DES_CBC_SHA 0x0015 | |
153 #define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 0x0016 | |
154 | |
155 #define TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 0x0017 | |
156 #define TLS_DH_anon_WITH_RC4_128_MD5 0x0018 | |
157 #define TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA 0x0019 | |
158 #define TLS_DH_anon_WITH_DES_CBC_SHA 0x001a | |
159 #define TLS_DH_anon_WITH_3DES_EDE_CBC_SHA 0x001b | |
160 | |
161 #define SSL_FORTEZZA_DMS_WITH_NULL_SHA 0x001c /* deprecated */ | |
162 #define SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA 0x001d /* deprecated */ | |
163 #define SSL_FORTEZZA_DMS_WITH_RC4_128_SHA 0x001e /* deprecated */ | |
164 | |
165 #define TLS_RSA_WITH_AES_128_CBC_SHA 0x002F | |
166 #define TLS_DH_DSS_WITH_AES_128_CBC_SHA 0x0030 | |
167 #define TLS_DH_RSA_WITH_AES_128_CBC_SHA 0x0031 | |
168 #define TLS_DHE_DSS_WITH_AES_128_CBC_SHA 0x0032 | |
169 #define TLS_DHE_RSA_WITH_AES_128_CBC_SHA 0x0033 | |
170 #define TLS_DH_anon_WITH_AES_128_CBC_SHA 0x0034 | |
171 | |
172 #define TLS_RSA_WITH_AES_256_CBC_SHA 0x0035 | |
173 #define TLS_DH_DSS_WITH_AES_256_CBC_SHA 0x0036 | |
174 #define TLS_DH_RSA_WITH_AES_256_CBC_SHA 0x0037 | |
175 #define TLS_DHE_DSS_WITH_AES_256_CBC_SHA 0x0038 | |
176 #define TLS_DHE_RSA_WITH_AES_256_CBC_SHA 0x0039 | |
177 #define TLS_DH_anon_WITH_AES_256_CBC_SHA 0x003A | |
178 #define TLS_RSA_WITH_NULL_SHA256 0x003B | |
179 #define TLS_RSA_WITH_AES_128_CBC_SHA256 0x003C | |
180 #define TLS_RSA_WITH_AES_256_CBC_SHA256 0x003D | |
181 | |
182 #define TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 0x0040 | |
183 #define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 0x0041 | |
184 #define TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x0042 | |
185 #define TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x0043 | |
186 #define TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA 0x0044 | |
187 #define TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x0045 | |
188 #define TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA 0x0046 | |
189 | |
190 #define TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA 0x0062 | |
191 #define TLS_RSA_EXPORT1024_WITH_RC4_56_SHA 0x0064 | |
192 | |
193 #define TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA 0x0063 | |
194 #define TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA 0x0065 | |
195 #define TLS_DHE_DSS_WITH_RC4_128_SHA 0x0066 | |
196 #define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 0x0067 | |
197 #define TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 0x006A | |
198 #define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 0x006B | |
199 | |
200 #define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 0x0084 | |
201 #define TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x0085 | |
202 #define TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x0086 | |
203 #define TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA 0x0087 | |
204 #define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x0088 | |
205 #define TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA 0x0089 | |
206 | |
207 #define TLS_RSA_WITH_SEED_CBC_SHA 0x0096 | |
208 | |
209 #define TLS_RSA_WITH_AES_128_GCM_SHA256 0x009C | |
210 #define TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 0x009E | |
211 #define TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 0x00A2 | |
212 | |
213 /* TLS "Signaling Cipher Suite Value" (SCSV). May be requested by client. | |
214 * Must NEVER be chosen by server. SSL 3.0 server acknowledges by sending | |
215 * back an empty Renegotiation Info (RI) server hello extension. | |
216 */ | |
217 #define TLS_EMPTY_RENEGOTIATION_INFO_SCSV 0x00FF | |
218 | |
219 /* TLS_FALLBACK_SCSV is a signaling cipher suite value that indicates that a | |
220 * handshake is the result of TLS version fallback. | |
221 */ | |
222 #define TLS_FALLBACK_SCSV 0x5600 | |
223 | |
224 /* Cipher Suite Values starting with 0xC000 are defined in informational | |
225 * RFCs. | |
226 */ | |
227 #define TLS_ECDH_ECDSA_WITH_NULL_SHA 0xC001 | |
228 #define TLS_ECDH_ECDSA_WITH_RC4_128_SHA 0xC002 | |
229 #define TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 0xC003 | |
230 #define TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0xC004 | |
231 #define TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0xC005 | |
232 | |
233 #define TLS_ECDHE_ECDSA_WITH_NULL_SHA 0xC006 | |
234 #define TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 0xC007 | |
235 #define TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 0xC008 | |
236 #define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0xC009 | |
237 #define TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0xC00A | |
238 | |
239 #define TLS_ECDH_RSA_WITH_NULL_SHA 0xC00B | |
240 #define TLS_ECDH_RSA_WITH_RC4_128_SHA 0xC00C | |
241 #define TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 0xC00D | |
242 #define TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 0xC00E | |
243 #define TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 0xC00F | |
244 | |
245 #define TLS_ECDHE_RSA_WITH_NULL_SHA 0xC010 | |
246 #define TLS_ECDHE_RSA_WITH_RC4_128_SHA 0xC011 | |
247 #define TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 0xC012 | |
248 #define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 0xC013 | |
249 #define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 0xC014 | |
250 | |
251 #define TLS_ECDH_anon_WITH_NULL_SHA 0xC015 | |
252 #define TLS_ECDH_anon_WITH_RC4_128_SHA 0xC016 | |
253 #define TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA 0xC017 | |
254 #define TLS_ECDH_anon_WITH_AES_128_CBC_SHA 0xC018 | |
255 #define TLS_ECDH_anon_WITH_AES_256_CBC_SHA 0xC019 | |
256 | |
257 #define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 0xC023 | |
258 #define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 0xC027 | |
259 | |
260 #define TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC02B | |
261 #define TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0xC02D | |
262 #define TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xC02F | |
263 #define TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 0xC031 | |
264 | |
265 #define TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xCCA8 | |
266 #define TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 0xCCA9 | |
267 #define TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xCCAA | |
268 | |
269 /* Netscape "experimental" cipher suites. */ | |
270 #define SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA 0xffe0 | |
271 #define SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA 0xffe1 | |
272 | |
273 /* New non-experimental openly spec'ed versions of those cipher suites. */ | |
274 #define SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA 0xfeff | |
275 #define SSL_RSA_FIPS_WITH_DES_CBC_SHA 0xfefe | |
276 | |
277 /* DTLS-SRTP cipher suites from RFC 5764 */ | |
278 /* If you modify this, also modify MAX_DTLS_SRTP_CIPHER_SUITES in sslimpl.h */ | |
279 #define SRTP_AES128_CM_HMAC_SHA1_80 0x0001 | |
280 #define SRTP_AES128_CM_HMAC_SHA1_32 0x0002 | |
281 #define SRTP_NULL_HMAC_SHA1_80 0x0005 | |
282 #define SRTP_NULL_HMAC_SHA1_32 0x0006 | |
283 | |
284 /* clang-format on */ | |
285 | |
286 #endif /* __sslproto_h_ */ | |
OLD | NEW |