• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Various and sundry protocol constants. DON'T CHANGE THESE. These values
3  * are mostly defined by the SSL2, SSL3, or TLS protocol specifications.
4  * Cipher kinds and ciphersuites are part of the public API.
5  *
6  * This Source Code Form is subject to the terms of the Mozilla Public
7  * License, v. 2.0. If a copy of the MPL was not distributed with this
8  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
9 
10 #ifndef __sslproto_h_
11 #define __sslproto_h_
12 
13 /* All versions less than 3_0 are treated as SSL version 2 */
14 #define SSL_LIBRARY_VERSION_2			0x0002
15 #define SSL_LIBRARY_VERSION_3_0			0x0300
16 #define SSL_LIBRARY_VERSION_TLS_1_0		0x0301
17 #define SSL_LIBRARY_VERSION_TLS_1_1		0x0302
18 #define SSL_LIBRARY_VERSION_TLS_1_2		0x0303
19 /* Note: this is the internal format, not the wire format */
20 #define SSL_LIBRARY_VERSION_DTLS_1_0		0x0302
21 
22 /* deprecated old name */
23 #define SSL_LIBRARY_VERSION_3_1_TLS SSL_LIBRARY_VERSION_TLS_1_0
24 
25 /* The DTLS version used in the spec */
26 #define SSL_LIBRARY_VERSION_DTLS_1_0_WIRE       ((~0x0100) & 0xffff)
27 
28 /* Header lengths of some of the messages */
29 #define SSL_HL_ERROR_HBYTES			3
30 #define SSL_HL_CLIENT_HELLO_HBYTES		9
31 #define SSL_HL_CLIENT_MASTER_KEY_HBYTES		10
32 #define SSL_HL_CLIENT_FINISHED_HBYTES		1
33 #define SSL_HL_SERVER_HELLO_HBYTES		11
34 #define SSL_HL_SERVER_VERIFY_HBYTES		1
35 #define SSL_HL_SERVER_FINISHED_HBYTES		1
36 #define SSL_HL_REQUEST_CERTIFICATE_HBYTES	2
37 #define SSL_HL_CLIENT_CERTIFICATE_HBYTES	6
38 
39 /* Security handshake protocol codes */
40 #define SSL_MT_ERROR				0
41 #define SSL_MT_CLIENT_HELLO			1
42 #define SSL_MT_CLIENT_MASTER_KEY		2
43 #define SSL_MT_CLIENT_FINISHED			3
44 #define SSL_MT_SERVER_HELLO			4
45 #define SSL_MT_SERVER_VERIFY			5
46 #define SSL_MT_SERVER_FINISHED			6
47 #define SSL_MT_REQUEST_CERTIFICATE		7
48 #define SSL_MT_CLIENT_CERTIFICATE		8
49 
50 /* Certificate types */
51 #define SSL_CT_X509_CERTIFICATE			0x01
52 #if 0 /* XXX Not implemented yet */
53 #define SSL_PKCS6_CERTIFICATE			0x02
54 #endif
55 #define SSL_AT_MD5_WITH_RSA_ENCRYPTION		0x01
56 
57 /* Error codes */
58 #define SSL_PE_NO_CYPHERS			0x0001
59 #define SSL_PE_NO_CERTIFICATE			0x0002
60 #define SSL_PE_BAD_CERTIFICATE			0x0004
61 #define SSL_PE_UNSUPPORTED_CERTIFICATE_TYPE	0x0006
62 
63 /* Cypher kinds (not the spec version!) */
64 #define SSL_CK_RC4_128_WITH_MD5			0x01
65 #define SSL_CK_RC4_128_EXPORT40_WITH_MD5	0x02
66 #define SSL_CK_RC2_128_CBC_WITH_MD5		0x03
67 #define SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5	0x04
68 #define SSL_CK_IDEA_128_CBC_WITH_MD5		0x05
69 #define SSL_CK_DES_64_CBC_WITH_MD5		0x06
70 #define SSL_CK_DES_192_EDE3_CBC_WITH_MD5	0x07
71 
72 /* Cipher enables.  These are used only for SSL_EnableCipher
73  * These values define the SSL2 suites, and do not colide with the
74  * SSL3 Cipher suites defined below.
75  */
76 #define SSL_EN_RC4_128_WITH_MD5			0xFF01
77 #define SSL_EN_RC4_128_EXPORT40_WITH_MD5	0xFF02
78 #define SSL_EN_RC2_128_CBC_WITH_MD5		0xFF03
79 #define SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5	0xFF04
80 #define SSL_EN_IDEA_128_CBC_WITH_MD5		0xFF05
81 #define SSL_EN_DES_64_CBC_WITH_MD5		0xFF06
82 #define SSL_EN_DES_192_EDE3_CBC_WITH_MD5	0xFF07
83 
84 /* SSL v3 Cipher Suites */
85 #define SSL_NULL_WITH_NULL_NULL			0x0000
86 
87 #define SSL_RSA_WITH_NULL_MD5			0x0001
88 #define SSL_RSA_WITH_NULL_SHA			0x0002
89 #define SSL_RSA_EXPORT_WITH_RC4_40_MD5		0x0003
90 #define SSL_RSA_WITH_RC4_128_MD5		0x0004
91 #define SSL_RSA_WITH_RC4_128_SHA		0x0005
92 #define SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5	0x0006
93 #define SSL_RSA_WITH_IDEA_CBC_SHA		0x0007
94 #define SSL_RSA_EXPORT_WITH_DES40_CBC_SHA	0x0008
95 #define SSL_RSA_WITH_DES_CBC_SHA		0x0009
96 #define SSL_RSA_WITH_3DES_EDE_CBC_SHA		0x000a
97 
98 #define SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA	0x000b
99 #define SSL_DH_DSS_WITH_DES_CBC_SHA		0x000c
100 #define SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA	0x000d
101 #define SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA	0x000e
102 #define SSL_DH_RSA_WITH_DES_CBC_SHA		0x000f
103 #define SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA	0x0010
104 
105 #define SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA	0x0011
106 #define SSL_DHE_DSS_WITH_DES_CBC_SHA		0x0012
107 #define SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA	0x0013
108 #define SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA	0x0014
109 #define SSL_DHE_RSA_WITH_DES_CBC_SHA		0x0015
110 #define SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA	0x0016
111 
112 #define SSL_DH_ANON_EXPORT_WITH_RC4_40_MD5	0x0017
113 #define SSL_DH_ANON_WITH_RC4_128_MD5		0x0018
114 #define SSL_DH_ANON_EXPORT_WITH_DES40_CBC_SHA	0x0019
115 #define SSL_DH_ANON_WITH_DES_CBC_SHA		0x001a
116 #define SSL_DH_ANON_WITH_3DES_EDE_CBC_SHA	0x001b
117 
118 #define SSL_FORTEZZA_DMS_WITH_NULL_SHA		0x001c /* deprecated */
119 #define SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA	0x001d /* deprecated */
120 #define SSL_FORTEZZA_DMS_WITH_RC4_128_SHA	0x001e /* deprecated */
121 
122 /* New TLS cipher suites */
123 #define TLS_RSA_WITH_AES_128_CBC_SHA      	0x002F
124 #define TLS_DH_DSS_WITH_AES_128_CBC_SHA   	0x0030
125 #define TLS_DH_RSA_WITH_AES_128_CBC_SHA   	0x0031
126 #define TLS_DHE_DSS_WITH_AES_128_CBC_SHA  	0x0032
127 #define TLS_DHE_RSA_WITH_AES_128_CBC_SHA  	0x0033
128 #define TLS_DH_ANON_WITH_AES_128_CBC_SHA  	0x0034
129 
130 #define TLS_RSA_WITH_AES_256_CBC_SHA      	0x0035
131 #define TLS_DH_DSS_WITH_AES_256_CBC_SHA   	0x0036
132 #define TLS_DH_RSA_WITH_AES_256_CBC_SHA   	0x0037
133 #define TLS_DHE_DSS_WITH_AES_256_CBC_SHA  	0x0038
134 #define TLS_DHE_RSA_WITH_AES_256_CBC_SHA  	0x0039
135 #define TLS_DH_ANON_WITH_AES_256_CBC_SHA  	0x003A
136 #define TLS_RSA_WITH_NULL_SHA256		0x003B
137 #define TLS_RSA_WITH_AES_128_CBC_SHA256  	0x003C
138 #define TLS_RSA_WITH_AES_256_CBC_SHA256  	0x003D
139 
140 #define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA      	0x0041
141 #define TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA   	0x0042
142 #define TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA   	0x0043
143 #define TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA  	0x0044
144 #define TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA  	0x0045
145 #define TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA  	0x0046
146 
147 #define TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA     0x0062
148 #define TLS_RSA_EXPORT1024_WITH_RC4_56_SHA      0x0064
149 
150 #define TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA 0x0063
151 #define TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA  0x0065
152 #define TLS_DHE_DSS_WITH_RC4_128_SHA            0x0066
153 #define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256     0x0067
154 #define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256     0x006B
155 
156 #define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA      	0x0084
157 #define TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA   	0x0085
158 #define TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA   	0x0086
159 #define TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA  	0x0087
160 #define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA  	0x0088
161 #define TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA  	0x0089
162 
163 #define TLS_RSA_WITH_SEED_CBC_SHA		0x0096
164 
165 #define TLS_RSA_WITH_AES_128_GCM_SHA256         0x009C
166 #define TLS_DHE_RSA_WITH_AES_128_GCM_SHA256     0x009E
167 #define TLS_DHE_DSS_WITH_AES_128_GCM_SHA256     0x00A2
168 
169 /* TLS "Signaling Cipher Suite Value" (SCSV). May be requested by client.
170  * Must NEVER be chosen by server.  SSL 3.0 server acknowledges by sending
171  * back an empty Renegotiation Info (RI) server hello extension.
172  */
173 #define TLS_EMPTY_RENEGOTIATION_INFO_SCSV	0x00FF
174 
175 /* TLS_FALLBACK_SCSV is a signaling cipher suite value that indicates that a
176  * handshake is the result of TLS version fallback. This value is not IANA
177  * assigned. */
178 #define TLS_FALLBACK_SCSV			0x5600
179 
180 /* Cipher Suite Values starting with 0xC000 are defined in informational
181  * RFCs.
182  */
183 #define TLS_ECDH_ECDSA_WITH_NULL_SHA            0xC001
184 #define TLS_ECDH_ECDSA_WITH_RC4_128_SHA         0xC002
185 #define TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA    0xC003
186 #define TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA     0xC004
187 #define TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA     0xC005
188 
189 #define TLS_ECDHE_ECDSA_WITH_NULL_SHA           0xC006
190 #define TLS_ECDHE_ECDSA_WITH_RC4_128_SHA        0xC007
191 #define TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA   0xC008
192 #define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA    0xC009
193 #define TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA    0xC00A
194 
195 #define TLS_ECDH_RSA_WITH_NULL_SHA              0xC00B
196 #define TLS_ECDH_RSA_WITH_RC4_128_SHA           0xC00C
197 #define TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA      0xC00D
198 #define TLS_ECDH_RSA_WITH_AES_128_CBC_SHA       0xC00E
199 #define TLS_ECDH_RSA_WITH_AES_256_CBC_SHA       0xC00F
200 
201 #define TLS_ECDHE_RSA_WITH_NULL_SHA             0xC010
202 #define TLS_ECDHE_RSA_WITH_RC4_128_SHA          0xC011
203 #define TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA     0xC012
204 #define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA      0xC013
205 #define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA      0xC014
206 
207 #define TLS_ECDH_anon_WITH_NULL_SHA             0xC015
208 #define TLS_ECDH_anon_WITH_RC4_128_SHA          0xC016
209 #define TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA     0xC017
210 #define TLS_ECDH_anon_WITH_AES_128_CBC_SHA      0xC018
211 #define TLS_ECDH_anon_WITH_AES_256_CBC_SHA      0xC019
212 
213 #define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 0xC023
214 #define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256   0xC027
215 
216 #define TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC02B
217 #define TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256  0xC02D
218 #define TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   0xC02F
219 #define TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256    0xC031
220 
221 #define TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305	0xCC13
222 #define TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305	0xCC14
223 
224 /* Netscape "experimental" cipher suites. */
225 #define SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA	0xffe0
226 #define SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA	0xffe1
227 
228 /* New non-experimental openly spec'ed versions of those cipher suites. */
229 #define SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA 	0xfeff
230 #define SSL_RSA_FIPS_WITH_DES_CBC_SHA      	0xfefe
231 
232 /* DTLS-SRTP cipher suites from RFC 5764 */
233 /* If you modify this, also modify MAX_DTLS_SRTP_CIPHER_SUITES in sslimpl.h */
234 #define SRTP_AES128_CM_HMAC_SHA1_80		0x0001
235 #define SRTP_AES128_CM_HMAC_SHA1_32		0x0002
236 #define SRTP_NULL_HMAC_SHA1_80			0x0005
237 #define SRTP_NULL_HMAC_SHA1_32			0x0006
238 
239 #endif /* __sslproto_h_ */
240