1 /* 2 * Various and sundry protocol constants. DON'T CHANGE THESE. These values 3 * are mostly defined by the SSL2, SSL3, or TLS protocol specifications. 4 * Cipher kinds and ciphersuites are part of the public API. 5 * 6 * This Source Code Form is subject to the terms of the Mozilla Public 7 * License, v. 2.0. If a copy of the MPL was not distributed with this 8 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 9 10 #ifndef __sslproto_h_ 11 #define __sslproto_h_ 12 13 /* All versions less than 3_0 are treated as SSL version 2 */ 14 #define SSL_LIBRARY_VERSION_2 0x0002 15 #define SSL_LIBRARY_VERSION_3_0 0x0300 16 #define SSL_LIBRARY_VERSION_TLS_1_0 0x0301 17 #define SSL_LIBRARY_VERSION_TLS_1_1 0x0302 18 #define SSL_LIBRARY_VERSION_TLS_1_2 0x0303 19 /* Note: this is the internal format, not the wire format */ 20 #define SSL_LIBRARY_VERSION_DTLS_1_0 0x0302 21 22 /* deprecated old name */ 23 #define SSL_LIBRARY_VERSION_3_1_TLS SSL_LIBRARY_VERSION_TLS_1_0 24 25 /* The DTLS version used in the spec */ 26 #define SSL_LIBRARY_VERSION_DTLS_1_0_WIRE ((~0x0100) & 0xffff) 27 28 /* Header lengths of some of the messages */ 29 #define SSL_HL_ERROR_HBYTES 3 30 #define SSL_HL_CLIENT_HELLO_HBYTES 9 31 #define SSL_HL_CLIENT_MASTER_KEY_HBYTES 10 32 #define SSL_HL_CLIENT_FINISHED_HBYTES 1 33 #define SSL_HL_SERVER_HELLO_HBYTES 11 34 #define SSL_HL_SERVER_VERIFY_HBYTES 1 35 #define SSL_HL_SERVER_FINISHED_HBYTES 1 36 #define SSL_HL_REQUEST_CERTIFICATE_HBYTES 2 37 #define SSL_HL_CLIENT_CERTIFICATE_HBYTES 6 38 39 /* Security handshake protocol codes */ 40 #define SSL_MT_ERROR 0 41 #define SSL_MT_CLIENT_HELLO 1 42 #define SSL_MT_CLIENT_MASTER_KEY 2 43 #define SSL_MT_CLIENT_FINISHED 3 44 #define SSL_MT_SERVER_HELLO 4 45 #define SSL_MT_SERVER_VERIFY 5 46 #define SSL_MT_SERVER_FINISHED 6 47 #define SSL_MT_REQUEST_CERTIFICATE 7 48 #define SSL_MT_CLIENT_CERTIFICATE 8 49 50 /* Certificate types */ 51 #define SSL_CT_X509_CERTIFICATE 0x01 52 #if 0 /* XXX Not implemented yet */ 53 #define SSL_PKCS6_CERTIFICATE 0x02 54 #endif 55 #define SSL_AT_MD5_WITH_RSA_ENCRYPTION 0x01 56 57 /* Error codes */ 58 #define SSL_PE_NO_CYPHERS 0x0001 59 #define SSL_PE_NO_CERTIFICATE 0x0002 60 #define SSL_PE_BAD_CERTIFICATE 0x0004 61 #define SSL_PE_UNSUPPORTED_CERTIFICATE_TYPE 0x0006 62 63 /* Cypher kinds (not the spec version!) */ 64 #define SSL_CK_RC4_128_WITH_MD5 0x01 65 #define SSL_CK_RC4_128_EXPORT40_WITH_MD5 0x02 66 #define SSL_CK_RC2_128_CBC_WITH_MD5 0x03 67 #define SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 0x04 68 #define SSL_CK_IDEA_128_CBC_WITH_MD5 0x05 69 #define SSL_CK_DES_64_CBC_WITH_MD5 0x06 70 #define SSL_CK_DES_192_EDE3_CBC_WITH_MD5 0x07 71 72 /* Cipher enables. These are used only for SSL_EnableCipher 73 * These values define the SSL2 suites, and do not colide with the 74 * SSL3 Cipher suites defined below. 75 */ 76 #define SSL_EN_RC4_128_WITH_MD5 0xFF01 77 #define SSL_EN_RC4_128_EXPORT40_WITH_MD5 0xFF02 78 #define SSL_EN_RC2_128_CBC_WITH_MD5 0xFF03 79 #define SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5 0xFF04 80 #define SSL_EN_IDEA_128_CBC_WITH_MD5 0xFF05 81 #define SSL_EN_DES_64_CBC_WITH_MD5 0xFF06 82 #define SSL_EN_DES_192_EDE3_CBC_WITH_MD5 0xFF07 83 84 /* SSL v3 Cipher Suites */ 85 #define SSL_NULL_WITH_NULL_NULL 0x0000 86 87 #define SSL_RSA_WITH_NULL_MD5 0x0001 88 #define SSL_RSA_WITH_NULL_SHA 0x0002 89 #define SSL_RSA_EXPORT_WITH_RC4_40_MD5 0x0003 90 #define SSL_RSA_WITH_RC4_128_MD5 0x0004 91 #define SSL_RSA_WITH_RC4_128_SHA 0x0005 92 #define SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 0x0006 93 #define SSL_RSA_WITH_IDEA_CBC_SHA 0x0007 94 #define SSL_RSA_EXPORT_WITH_DES40_CBC_SHA 0x0008 95 #define SSL_RSA_WITH_DES_CBC_SHA 0x0009 96 #define SSL_RSA_WITH_3DES_EDE_CBC_SHA 0x000a 97 98 #define SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA 0x000b 99 #define SSL_DH_DSS_WITH_DES_CBC_SHA 0x000c 100 #define SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA 0x000d 101 #define SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA 0x000e 102 #define SSL_DH_RSA_WITH_DES_CBC_SHA 0x000f 103 #define SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA 0x0010 104 105 #define SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA 0x0011 106 #define SSL_DHE_DSS_WITH_DES_CBC_SHA 0x0012 107 #define SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA 0x0013 108 #define SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA 0x0014 109 #define SSL_DHE_RSA_WITH_DES_CBC_SHA 0x0015 110 #define SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA 0x0016 111 112 #define SSL_DH_ANON_EXPORT_WITH_RC4_40_MD5 0x0017 113 #define SSL_DH_ANON_WITH_RC4_128_MD5 0x0018 114 #define SSL_DH_ANON_EXPORT_WITH_DES40_CBC_SHA 0x0019 115 #define SSL_DH_ANON_WITH_DES_CBC_SHA 0x001a 116 #define SSL_DH_ANON_WITH_3DES_EDE_CBC_SHA 0x001b 117 118 #define SSL_FORTEZZA_DMS_WITH_NULL_SHA 0x001c /* deprecated */ 119 #define SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA 0x001d /* deprecated */ 120 #define SSL_FORTEZZA_DMS_WITH_RC4_128_SHA 0x001e /* deprecated */ 121 122 /* New TLS cipher suites */ 123 #define TLS_RSA_WITH_AES_128_CBC_SHA 0x002F 124 #define TLS_DH_DSS_WITH_AES_128_CBC_SHA 0x0030 125 #define TLS_DH_RSA_WITH_AES_128_CBC_SHA 0x0031 126 #define TLS_DHE_DSS_WITH_AES_128_CBC_SHA 0x0032 127 #define TLS_DHE_RSA_WITH_AES_128_CBC_SHA 0x0033 128 #define TLS_DH_ANON_WITH_AES_128_CBC_SHA 0x0034 129 130 #define TLS_RSA_WITH_AES_256_CBC_SHA 0x0035 131 #define TLS_DH_DSS_WITH_AES_256_CBC_SHA 0x0036 132 #define TLS_DH_RSA_WITH_AES_256_CBC_SHA 0x0037 133 #define TLS_DHE_DSS_WITH_AES_256_CBC_SHA 0x0038 134 #define TLS_DHE_RSA_WITH_AES_256_CBC_SHA 0x0039 135 #define TLS_DH_ANON_WITH_AES_256_CBC_SHA 0x003A 136 #define TLS_RSA_WITH_NULL_SHA256 0x003B 137 #define TLS_RSA_WITH_AES_128_CBC_SHA256 0x003C 138 #define TLS_RSA_WITH_AES_256_CBC_SHA256 0x003D 139 140 #define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 0x0041 141 #define TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x0042 142 #define TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x0043 143 #define TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA 0x0044 144 #define TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x0045 145 #define TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA 0x0046 146 147 #define TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA 0x0062 148 #define TLS_RSA_EXPORT1024_WITH_RC4_56_SHA 0x0064 149 150 #define TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA 0x0063 151 #define TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA 0x0065 152 #define TLS_DHE_DSS_WITH_RC4_128_SHA 0x0066 153 #define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 0x0067 154 #define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 0x006B 155 156 #define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 0x0084 157 #define TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x0085 158 #define TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x0086 159 #define TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA 0x0087 160 #define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x0088 161 #define TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA 0x0089 162 163 #define TLS_RSA_WITH_SEED_CBC_SHA 0x0096 164 165 /* TLS "Signaling Cipher Suite Value" (SCSV). May be requested by client. 166 * Must NEVER be chosen by server. SSL 3.0 server acknowledges by sending 167 * back an empty Renegotiation Info (RI) server hello extension. 168 */ 169 #define TLS_EMPTY_RENEGOTIATION_INFO_SCSV 0x00FF 170 171 /* Cipher Suite Values starting with 0xC000 are defined in informational 172 * RFCs. 173 */ 174 #define TLS_ECDH_ECDSA_WITH_NULL_SHA 0xC001 175 #define TLS_ECDH_ECDSA_WITH_RC4_128_SHA 0xC002 176 #define TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 0xC003 177 #define TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0xC004 178 #define TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0xC005 179 180 #define TLS_ECDHE_ECDSA_WITH_NULL_SHA 0xC006 181 #define TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 0xC007 182 #define TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 0xC008 183 #define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0xC009 184 #define TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0xC00A 185 186 #define TLS_ECDH_RSA_WITH_NULL_SHA 0xC00B 187 #define TLS_ECDH_RSA_WITH_RC4_128_SHA 0xC00C 188 #define TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 0xC00D 189 #define TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 0xC00E 190 #define TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 0xC00F 191 192 #define TLS_ECDHE_RSA_WITH_NULL_SHA 0xC010 193 #define TLS_ECDHE_RSA_WITH_RC4_128_SHA 0xC011 194 #define TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 0xC012 195 #define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 0xC013 196 #define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 0xC014 197 198 #define TLS_ECDH_anon_WITH_NULL_SHA 0xC015 199 #define TLS_ECDH_anon_WITH_RC4_128_SHA 0xC016 200 #define TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA 0xC017 201 #define TLS_ECDH_anon_WITH_AES_128_CBC_SHA 0xC018 202 #define TLS_ECDH_anon_WITH_AES_256_CBC_SHA 0xC019 203 204 #define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 0xC023 205 #define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 0xC027 206 207 /* Netscape "experimental" cipher suites. */ 208 #define SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA 0xffe0 209 #define SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA 0xffe1 210 211 /* New non-experimental openly spec'ed versions of those cipher suites. */ 212 #define SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA 0xfeff 213 #define SSL_RSA_FIPS_WITH_DES_CBC_SHA 0xfefe 214 215 /* DTLS-SRTP cipher suites from RFC 5764 */ 216 /* If you modify this, also modify MAX_DTLS_SRTP_CIPHER_SUITES in sslimpl.h */ 217 #define SRTP_AES128_CM_HMAC_SHA1_80 0x0001 218 #define SRTP_AES128_CM_HMAC_SHA1_32 0x0002 219 #define SRTP_NULL_HMAC_SHA1_80 0x0005 220 #define SRTP_NULL_HMAC_SHA1_32 0x0006 221 222 #endif /* __sslproto_h_ */ 223