• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Various and sundry protocol constants. DON'T CHANGE THESE. These values
3  * are mostly defined by the SSL2, SSL3, or TLS protocol specifications.
4  * Cipher kinds and ciphersuites are part of the public API.
5  *
6  * ***** BEGIN LICENSE BLOCK *****
7  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
8  *
9  * The contents of this file are subject to the Mozilla Public License Version
10  * 1.1 (the "License"); you may not use this file except in compliance with
11  * the License. You may obtain a copy of the License at
12  * http://www.mozilla.org/MPL/
13  *
14  * Software distributed under the License is distributed on an "AS IS" basis,
15  * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
16  * for the specific language governing rights and limitations under the
17  * License.
18  *
19  * The Original Code is the Netscape security libraries.
20  *
21  * The Initial Developer of the Original Code is
22  * Netscape Communications Corporation.
23  * Portions created by the Initial Developer are Copyright (C) 1994-2000
24  * the Initial Developer. All Rights Reserved.
25  *
26  * Contributor(s):
27  *   Dr Vipul Gupta <vipul.gupta@sun.com>, Sun Microsystems Laboratories
28  *
29  * Alternatively, the contents of this file may be used under the terms of
30  * either the GNU General Public License Version 2 or later (the "GPL"), or
31  * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
32  * in which case the provisions of the GPL or the LGPL are applicable instead
33  * of those above. If you wish to allow use of your version of this file only
34  * under the terms of either the GPL or the LGPL, and not to allow others to
35  * use your version of this file under the terms of the MPL, indicate your
36  * decision by deleting the provisions above and replace them with the notice
37  * and other provisions required by the GPL or the LGPL. If you do not delete
38  * the provisions above, a recipient may use your version of this file under
39  * the terms of any one of the MPL, the GPL or the LGPL.
40  *
41  * ***** END LICENSE BLOCK ***** */
42 /* $Id: sslproto.h,v 1.13 2008/12/17 06:09:19 nelson%bolyard.com Exp $ */
43 
44 #ifndef __sslproto_h_
45 #define __sslproto_h_
46 
47 /* All versions less than 3_0 are treated as SSL version 2 */
48 #define SSL_LIBRARY_VERSION_2			0x0002
49 #define SSL_LIBRARY_VERSION_3_0			0x0300
50 #define SSL_LIBRARY_VERSION_3_1_TLS		0x0301
51 
52 /* Header lengths of some of the messages */
53 #define SSL_HL_ERROR_HBYTES			3
54 #define SSL_HL_CLIENT_HELLO_HBYTES		9
55 #define SSL_HL_CLIENT_MASTER_KEY_HBYTES		10
56 #define SSL_HL_CLIENT_FINISHED_HBYTES		1
57 #define SSL_HL_SERVER_HELLO_HBYTES		11
58 #define SSL_HL_SERVER_VERIFY_HBYTES		1
59 #define SSL_HL_SERVER_FINISHED_HBYTES		1
60 #define SSL_HL_REQUEST_CERTIFICATE_HBYTES	2
61 #define SSL_HL_CLIENT_CERTIFICATE_HBYTES	6
62 
63 /* Security handshake protocol codes */
64 #define SSL_MT_ERROR				0
65 #define SSL_MT_CLIENT_HELLO			1
66 #define SSL_MT_CLIENT_MASTER_KEY		2
67 #define SSL_MT_CLIENT_FINISHED			3
68 #define SSL_MT_SERVER_HELLO			4
69 #define SSL_MT_SERVER_VERIFY			5
70 #define SSL_MT_SERVER_FINISHED			6
71 #define SSL_MT_REQUEST_CERTIFICATE		7
72 #define SSL_MT_CLIENT_CERTIFICATE		8
73 
74 /* Certificate types */
75 #define SSL_CT_X509_CERTIFICATE			0x01
76 #if 0 /* XXX Not implemented yet */
77 #define SSL_PKCS6_CERTIFICATE			0x02
78 #endif
79 #define SSL_AT_MD5_WITH_RSA_ENCRYPTION		0x01
80 
81 /* Error codes */
82 #define SSL_PE_NO_CYPHERS			0x0001
83 #define SSL_PE_NO_CERTIFICATE			0x0002
84 #define SSL_PE_BAD_CERTIFICATE			0x0004
85 #define SSL_PE_UNSUPPORTED_CERTIFICATE_TYPE	0x0006
86 
87 /* Cypher kinds (not the spec version!) */
88 #define SSL_CK_RC4_128_WITH_MD5			0x01
89 #define SSL_CK_RC4_128_EXPORT40_WITH_MD5	0x02
90 #define SSL_CK_RC2_128_CBC_WITH_MD5		0x03
91 #define SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5	0x04
92 #define SSL_CK_IDEA_128_CBC_WITH_MD5		0x05
93 #define SSL_CK_DES_64_CBC_WITH_MD5		0x06
94 #define SSL_CK_DES_192_EDE3_CBC_WITH_MD5	0x07
95 
96 /* Cipher enables.  These are used only for SSL_EnableCipher
97  * These values define the SSL2 suites, and do not colide with the
98  * SSL3 Cipher suites defined below.
99  */
100 #define SSL_EN_RC4_128_WITH_MD5			0xFF01
101 #define SSL_EN_RC4_128_EXPORT40_WITH_MD5	0xFF02
102 #define SSL_EN_RC2_128_CBC_WITH_MD5		0xFF03
103 #define SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5	0xFF04
104 #define SSL_EN_IDEA_128_CBC_WITH_MD5		0xFF05
105 #define SSL_EN_DES_64_CBC_WITH_MD5		0xFF06
106 #define SSL_EN_DES_192_EDE3_CBC_WITH_MD5	0xFF07
107 
108 /* SSL v3 Cipher Suites */
109 #define SSL_NULL_WITH_NULL_NULL			0x0000
110 
111 #define SSL_RSA_WITH_NULL_MD5			0x0001
112 #define SSL_RSA_WITH_NULL_SHA			0x0002
113 #define SSL_RSA_EXPORT_WITH_RC4_40_MD5		0x0003
114 #define SSL_RSA_WITH_RC4_128_MD5		0x0004
115 #define SSL_RSA_WITH_RC4_128_SHA		0x0005
116 #define SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5	0x0006
117 #define SSL_RSA_WITH_IDEA_CBC_SHA		0x0007
118 #define SSL_RSA_EXPORT_WITH_DES40_CBC_SHA	0x0008
119 #define SSL_RSA_WITH_DES_CBC_SHA		0x0009
120 #define SSL_RSA_WITH_3DES_EDE_CBC_SHA		0x000a
121 
122 #define SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA	0x000b
123 #define SSL_DH_DSS_WITH_DES_CBC_SHA		0x000c
124 #define SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA	0x000d
125 #define SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA	0x000e
126 #define SSL_DH_RSA_WITH_DES_CBC_SHA		0x000f
127 #define SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA	0x0010
128 
129 #define SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA	0x0011
130 #define SSL_DHE_DSS_WITH_DES_CBC_SHA		0x0012
131 #define SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA	0x0013
132 #define SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA	0x0014
133 #define SSL_DHE_RSA_WITH_DES_CBC_SHA		0x0015
134 #define SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA	0x0016
135 
136 #define SSL_DH_ANON_EXPORT_WITH_RC4_40_MD5	0x0017
137 #define SSL_DH_ANON_WITH_RC4_128_MD5		0x0018
138 #define SSL_DH_ANON_EXPORT_WITH_DES40_CBC_SHA	0x0019
139 #define SSL_DH_ANON_WITH_DES_CBC_SHA		0x001a
140 #define SSL_DH_ANON_WITH_3DES_EDE_CBC_SHA	0x001b
141 
142 #define SSL_FORTEZZA_DMS_WITH_NULL_SHA		0x001c /* deprecated */
143 #define SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA	0x001d /* deprecated */
144 #define SSL_FORTEZZA_DMS_WITH_RC4_128_SHA	0x001e /* deprecated */
145 
146 /* New TLS cipher suites */
147 #define TLS_RSA_WITH_AES_128_CBC_SHA      	0x002F
148 #define TLS_DH_DSS_WITH_AES_128_CBC_SHA   	0x0030
149 #define TLS_DH_RSA_WITH_AES_128_CBC_SHA   	0x0031
150 #define TLS_DHE_DSS_WITH_AES_128_CBC_SHA  	0x0032
151 #define TLS_DHE_RSA_WITH_AES_128_CBC_SHA  	0x0033
152 #define TLS_DH_ANON_WITH_AES_128_CBC_SHA  	0x0034
153 
154 #define TLS_RSA_WITH_AES_256_CBC_SHA      	0x0035
155 #define TLS_DH_DSS_WITH_AES_256_CBC_SHA   	0x0036
156 #define TLS_DH_RSA_WITH_AES_256_CBC_SHA   	0x0037
157 #define TLS_DHE_DSS_WITH_AES_256_CBC_SHA  	0x0038
158 #define TLS_DHE_RSA_WITH_AES_256_CBC_SHA  	0x0039
159 #define TLS_DH_ANON_WITH_AES_256_CBC_SHA  	0x003A
160 
161 #define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA      	0x0041
162 #define TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA   	0x0042
163 #define TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA   	0x0043
164 #define TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA  	0x0044
165 #define TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA  	0x0045
166 #define TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA  	0x0046
167 
168 #define TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA     0x0062
169 #define TLS_RSA_EXPORT1024_WITH_RC4_56_SHA      0x0064
170 
171 #define TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA 0x0063
172 #define TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA  0x0065
173 #define TLS_DHE_DSS_WITH_RC4_128_SHA            0x0066
174 
175 #define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA      	0x0084
176 #define TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA   	0x0085
177 #define TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA   	0x0086
178 #define TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA  	0x0087
179 #define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA  	0x0088
180 #define TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA  	0x0089
181 
182 #define TLS_RSA_WITH_SEED_CBC_SHA		0x0096
183 
184 #define TLS_ECDH_ECDSA_WITH_NULL_SHA            0xC001
185 #define TLS_ECDH_ECDSA_WITH_RC4_128_SHA         0xC002
186 #define TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA    0xC003
187 #define TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA     0xC004
188 #define TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA     0xC005
189 
190 #define TLS_ECDHE_ECDSA_WITH_NULL_SHA           0xC006
191 #define TLS_ECDHE_ECDSA_WITH_RC4_128_SHA        0xC007
192 #define TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA   0xC008
193 #define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA    0xC009
194 #define TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA    0xC00A
195 
196 #define TLS_ECDH_RSA_WITH_NULL_SHA              0xC00B
197 #define TLS_ECDH_RSA_WITH_RC4_128_SHA           0xC00C
198 #define TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA      0xC00D
199 #define TLS_ECDH_RSA_WITH_AES_128_CBC_SHA       0xC00E
200 #define TLS_ECDH_RSA_WITH_AES_256_CBC_SHA       0xC00F
201 
202 #define TLS_ECDHE_RSA_WITH_NULL_SHA             0xC010
203 #define TLS_ECDHE_RSA_WITH_RC4_128_SHA          0xC011
204 #define TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA     0xC012
205 #define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA      0xC013
206 #define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA      0xC014
207 
208 #define TLS_ECDH_anon_WITH_NULL_SHA             0xC015
209 #define TLS_ECDH_anon_WITH_RC4_128_SHA          0xC016
210 #define TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA     0xC017
211 #define TLS_ECDH_anon_WITH_AES_128_CBC_SHA      0xC018
212 #define TLS_ECDH_anon_WITH_AES_256_CBC_SHA      0xC019
213 
214 /* Netscape "experimental" cipher suites. */
215 #define SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA	0xffe0
216 #define SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA	0xffe1
217 
218 /* New non-experimental openly spec'ed versions of those cipher suites. */
219 #define SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA 	0xfeff
220 #define SSL_RSA_FIPS_WITH_DES_CBC_SHA      	0xfefe
221 
222 #endif /* __sslproto_h_ */
223