Home | History | Annotate | Download | only in ssl 
      1 /*
      2  * Various and sundry protocol constants. DON'T CHANGE THESE. These values
      3  * are mostly defined by the SSL2, SSL3, or TLS protocol specifications.
      4  * Cipher kinds and ciphersuites are part of the public API.
      5  *
      6  * This Source Code Form is subject to the terms of the Mozilla Public
      7  * License, v. 2.0. If a copy of the MPL was not distributed with this
      8  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
      9 
     10 #ifndef __sslproto_h_
     11 #define __sslproto_h_
     12 
     13 /* All versions less than 3_0 are treated as SSL version 2 */
     14 #define SSL_LIBRARY_VERSION_2			0x0002
     15 #define SSL_LIBRARY_VERSION_3_0			0x0300
     16 #define SSL_LIBRARY_VERSION_TLS_1_0		0x0301
     17 #define SSL_LIBRARY_VERSION_TLS_1_1		0x0302
     18 #define SSL_LIBRARY_VERSION_TLS_1_2		0x0303
     19 /* Note: this is the internal format, not the wire format */
     20 #define SSL_LIBRARY_VERSION_DTLS_1_0		0x0302
     21 
     22 /* deprecated old name */
     23 #define SSL_LIBRARY_VERSION_3_1_TLS SSL_LIBRARY_VERSION_TLS_1_0
     24 
     25 /* The DTLS version used in the spec */
     26 #define SSL_LIBRARY_VERSION_DTLS_1_0_WIRE       ((~0x0100) & 0xffff)
     27 
     28 /* Header lengths of some of the messages */
     29 #define SSL_HL_ERROR_HBYTES			3
     30 #define SSL_HL_CLIENT_HELLO_HBYTES		9
     31 #define SSL_HL_CLIENT_MASTER_KEY_HBYTES		10
     32 #define SSL_HL_CLIENT_FINISHED_HBYTES		1
     33 #define SSL_HL_SERVER_HELLO_HBYTES		11
     34 #define SSL_HL_SERVER_VERIFY_HBYTES		1
     35 #define SSL_HL_SERVER_FINISHED_HBYTES		1
     36 #define SSL_HL_REQUEST_CERTIFICATE_HBYTES	2
     37 #define SSL_HL_CLIENT_CERTIFICATE_HBYTES	6
     38 
     39 /* Security handshake protocol codes */
     40 #define SSL_MT_ERROR				0
     41 #define SSL_MT_CLIENT_HELLO			1
     42 #define SSL_MT_CLIENT_MASTER_KEY		2
     43 #define SSL_MT_CLIENT_FINISHED			3
     44 #define SSL_MT_SERVER_HELLO			4
     45 #define SSL_MT_SERVER_VERIFY			5
     46 #define SSL_MT_SERVER_FINISHED			6
     47 #define SSL_MT_REQUEST_CERTIFICATE		7
     48 #define SSL_MT_CLIENT_CERTIFICATE		8
     49 
     50 /* Certificate types */
     51 #define SSL_CT_X509_CERTIFICATE			0x01
     52 #if 0 /* XXX Not implemented yet */
     53 #define SSL_PKCS6_CERTIFICATE			0x02
     54 #endif
     55 #define SSL_AT_MD5_WITH_RSA_ENCRYPTION		0x01
     56 
     57 /* Error codes */
     58 #define SSL_PE_NO_CYPHERS			0x0001
     59 #define SSL_PE_NO_CERTIFICATE			0x0002
     60 #define SSL_PE_BAD_CERTIFICATE			0x0004
     61 #define SSL_PE_UNSUPPORTED_CERTIFICATE_TYPE	0x0006
     62 
     63 /* Cypher kinds (not the spec version!) */
     64 #define SSL_CK_RC4_128_WITH_MD5			0x01
     65 #define SSL_CK_RC4_128_EXPORT40_WITH_MD5	0x02
     66 #define SSL_CK_RC2_128_CBC_WITH_MD5		0x03
     67 #define SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5	0x04
     68 #define SSL_CK_IDEA_128_CBC_WITH_MD5		0x05
     69 #define SSL_CK_DES_64_CBC_WITH_MD5		0x06
     70 #define SSL_CK_DES_192_EDE3_CBC_WITH_MD5	0x07
     71 
     72 /* Cipher enables.  These are used only for SSL_EnableCipher
     73  * These values define the SSL2 suites, and do not colide with the
     74  * SSL3 Cipher suites defined below.
     75  */
     76 #define SSL_EN_RC4_128_WITH_MD5			0xFF01
     77 #define SSL_EN_RC4_128_EXPORT40_WITH_MD5	0xFF02
     78 #define SSL_EN_RC2_128_CBC_WITH_MD5		0xFF03
     79 #define SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5	0xFF04
     80 #define SSL_EN_IDEA_128_CBC_WITH_MD5		0xFF05
     81 #define SSL_EN_DES_64_CBC_WITH_MD5		0xFF06
     82 #define SSL_EN_DES_192_EDE3_CBC_WITH_MD5	0xFF07
     83 
     84 /* SSL v3 Cipher Suites */
     85 #define SSL_NULL_WITH_NULL_NULL			0x0000
     86 
     87 #define SSL_RSA_WITH_NULL_MD5			0x0001
     88 #define SSL_RSA_WITH_NULL_SHA			0x0002
     89 #define SSL_RSA_EXPORT_WITH_RC4_40_MD5		0x0003
     90 #define SSL_RSA_WITH_RC4_128_MD5		0x0004
     91 #define SSL_RSA_WITH_RC4_128_SHA		0x0005
     92 #define SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5	0x0006
     93 #define SSL_RSA_WITH_IDEA_CBC_SHA		0x0007
     94 #define SSL_RSA_EXPORT_WITH_DES40_CBC_SHA	0x0008
     95 #define SSL_RSA_WITH_DES_CBC_SHA		0x0009
     96 #define SSL_RSA_WITH_3DES_EDE_CBC_SHA		0x000a
     97 
     98 #define SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA	0x000b
     99 #define SSL_DH_DSS_WITH_DES_CBC_SHA		0x000c
    100 #define SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA	0x000d
    101 #define SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA	0x000e
    102 #define SSL_DH_RSA_WITH_DES_CBC_SHA		0x000f
    103 #define SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA	0x0010
    104 
    105 #define SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA	0x0011
    106 #define SSL_DHE_DSS_WITH_DES_CBC_SHA		0x0012
    107 #define SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA	0x0013
    108 #define SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA	0x0014
    109 #define SSL_DHE_RSA_WITH_DES_CBC_SHA		0x0015
    110 #define SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA	0x0016
    111 
    112 #define SSL_DH_ANON_EXPORT_WITH_RC4_40_MD5	0x0017
    113 #define SSL_DH_ANON_WITH_RC4_128_MD5		0x0018
    114 #define SSL_DH_ANON_EXPORT_WITH_DES40_CBC_SHA	0x0019
    115 #define SSL_DH_ANON_WITH_DES_CBC_SHA		0x001a
    116 #define SSL_DH_ANON_WITH_3DES_EDE_CBC_SHA	0x001b
    117 
    118 #define SSL_FORTEZZA_DMS_WITH_NULL_SHA		0x001c /* deprecated */
    119 #define SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA	0x001d /* deprecated */
    120 #define SSL_FORTEZZA_DMS_WITH_RC4_128_SHA	0x001e /* deprecated */
    121 
    122 /* New TLS cipher suites */
    123 #define TLS_RSA_WITH_AES_128_CBC_SHA      	0x002F
    124 #define TLS_DH_DSS_WITH_AES_128_CBC_SHA   	0x0030
    125 #define TLS_DH_RSA_WITH_AES_128_CBC_SHA   	0x0031
    126 #define TLS_DHE_DSS_WITH_AES_128_CBC_SHA  	0x0032
    127 #define TLS_DHE_RSA_WITH_AES_128_CBC_SHA  	0x0033
    128 #define TLS_DH_ANON_WITH_AES_128_CBC_SHA  	0x0034
    129 
    130 #define TLS_RSA_WITH_AES_256_CBC_SHA      	0x0035
    131 #define TLS_DH_DSS_WITH_AES_256_CBC_SHA   	0x0036
    132 #define TLS_DH_RSA_WITH_AES_256_CBC_SHA   	0x0037
    133 #define TLS_DHE_DSS_WITH_AES_256_CBC_SHA  	0x0038
    134 #define TLS_DHE_RSA_WITH_AES_256_CBC_SHA  	0x0039
    135 #define TLS_DH_ANON_WITH_AES_256_CBC_SHA  	0x003A
    136 #define TLS_RSA_WITH_NULL_SHA256		0x003B
    137 #define TLS_RSA_WITH_AES_128_CBC_SHA256  	0x003C
    138 #define TLS_RSA_WITH_AES_256_CBC_SHA256  	0x003D
    139 
    140 #define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA      	0x0041
    141 #define TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA   	0x0042
    142 #define TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA   	0x0043
    143 #define TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA  	0x0044
    144 #define TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA  	0x0045
    145 #define TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA  	0x0046
    146 
    147 #define TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA     0x0062
    148 #define TLS_RSA_EXPORT1024_WITH_RC4_56_SHA      0x0064
    149 
    150 #define TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA 0x0063
    151 #define TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA  0x0065
    152 #define TLS_DHE_DSS_WITH_RC4_128_SHA            0x0066
    153 #define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256     0x0067
    154 #define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256     0x006B
    155 
    156 #define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA      	0x0084
    157 #define TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA   	0x0085
    158 #define TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA   	0x0086
    159 #define TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA  	0x0087
    160 #define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA  	0x0088
    161 #define TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA  	0x0089
    162 
    163 #define TLS_RSA_WITH_SEED_CBC_SHA		0x0096
    164 
    165 #define TLS_RSA_WITH_AES_128_GCM_SHA256         0x009C
    166 #define TLS_DHE_RSA_WITH_AES_128_GCM_SHA256     0x009E
    167 #define TLS_DHE_DSS_WITH_AES_128_GCM_SHA256     0x00A2
    168 
    169 /* TLS "Signaling Cipher Suite Value" (SCSV). May be requested by client.
    170  * Must NEVER be chosen by server.  SSL 3.0 server acknowledges by sending
    171  * back an empty Renegotiation Info (RI) server hello extension.
    172  */
    173 #define TLS_EMPTY_RENEGOTIATION_INFO_SCSV	0x00FF
    174 
    175 /* TLS_FALLBACK_SCSV is a signaling cipher suite value that indicates that a
    176  * handshake is the result of TLS version fallback. This value is not IANA
    177  * assigned. */
    178 #define TLS_FALLBACK_SCSV			0x5600
    179 
    180 /* Cipher Suite Values starting with 0xC000 are defined in informational
    181  * RFCs.
    182  */
    183 #define TLS_ECDH_ECDSA_WITH_NULL_SHA            0xC001
    184 #define TLS_ECDH_ECDSA_WITH_RC4_128_SHA         0xC002
    185 #define TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA    0xC003
    186 #define TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA     0xC004
    187 #define TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA     0xC005
    188 
    189 #define TLS_ECDHE_ECDSA_WITH_NULL_SHA           0xC006
    190 #define TLS_ECDHE_ECDSA_WITH_RC4_128_SHA        0xC007
    191 #define TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA   0xC008
    192 #define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA    0xC009
    193 #define TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA    0xC00A
    194 
    195 #define TLS_ECDH_RSA_WITH_NULL_SHA              0xC00B
    196 #define TLS_ECDH_RSA_WITH_RC4_128_SHA           0xC00C
    197 #define TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA      0xC00D
    198 #define TLS_ECDH_RSA_WITH_AES_128_CBC_SHA       0xC00E
    199 #define TLS_ECDH_RSA_WITH_AES_256_CBC_SHA       0xC00F
    200 
    201 #define TLS_ECDHE_RSA_WITH_NULL_SHA             0xC010
    202 #define TLS_ECDHE_RSA_WITH_RC4_128_SHA          0xC011
    203 #define TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA     0xC012
    204 #define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA      0xC013
    205 #define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA      0xC014
    206 
    207 #define TLS_ECDH_anon_WITH_NULL_SHA             0xC015
    208 #define TLS_ECDH_anon_WITH_RC4_128_SHA          0xC016
    209 #define TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA     0xC017
    210 #define TLS_ECDH_anon_WITH_AES_128_CBC_SHA      0xC018
    211 #define TLS_ECDH_anon_WITH_AES_256_CBC_SHA      0xC019
    212 
    213 #define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 0xC023
    214 #define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256   0xC027
    215 
    216 #define TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC02B
    217 #define TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256  0xC02D
    218 #define TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   0xC02F
    219 #define TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256    0xC031
    220 
    221 #define TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305	0xCC13
    222 #define TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305	0xCC14
    223 
    224 /* Netscape "experimental" cipher suites. */
    225 #define SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA	0xffe0
    226 #define SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA	0xffe1
    227 
    228 /* New non-experimental openly spec'ed versions of those cipher suites. */
    229 #define SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA 	0xfeff
    230 #define SSL_RSA_FIPS_WITH_DES_CBC_SHA      	0xfefe
    231 
    232 /* DTLS-SRTP cipher suites from RFC 5764 */
    233 /* If you modify this, also modify MAX_DTLS_SRTP_CIPHER_SUITES in sslimpl.h */
    234 #define SRTP_AES128_CM_HMAC_SHA1_80		0x0001
    235 #define SRTP_AES128_CM_HMAC_SHA1_32		0x0002
    236 #define SRTP_NULL_HMAC_SHA1_80			0x0005
    237 #define SRTP_NULL_HMAC_SHA1_32			0x0006
    238 
    239 #endif /* __sslproto_h_ */
    240