The Tor Browser / file comparison
comparison: security/nss/lib/ssl/sslproto.h
security/nss/lib/ssl/sslproto.h
- branch
- TOR_BUG_9701
- changeset 15
- b8a032363ba2
equal
deleted
inserted
replaced
| -1:000000000000 | 0:1772c4082813 |
|---|---|
| 1 /* | |
| 2 * Various and sundry protocol constants. DON'T CHANGE THESE. These values | |
| 3 * are mostly defined by the SSL2, SSL3, or TLS protocol specifications. | |
| 4 * Cipher kinds and ciphersuites are part of the public API. | |
| 5 * | |
| 6 * This Source Code Form is subject to the terms of the Mozilla Public | |
| 7 * License, v. 2.0. If a copy of the MPL was not distributed with this | |
| 8 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | |
| 9 | |
| 10 #ifndef __sslproto_h_ | |
| 11 #define __sslproto_h_ | |
| 12 | |
| 13 /* All versions less than 3_0 are treated as SSL version 2 */ | |
| 14 #define SSL_LIBRARY_VERSION_2 0x0002 | |
| 15 #define SSL_LIBRARY_VERSION_3_0 0x0300 | |
| 16 #define SSL_LIBRARY_VERSION_TLS_1_0 0x0301 | |
| 17 #define SSL_LIBRARY_VERSION_TLS_1_1 0x0302 | |
| 18 #define SSL_LIBRARY_VERSION_TLS_1_2 0x0303 | |
| 19 /* Note: this is the internal format, not the wire format */ | |
| 20 #define SSL_LIBRARY_VERSION_DTLS_1_0 0x0302 | |
| 21 #define SSL_LIBRARY_VERSION_DTLS_1_2 0x0303 | |
| 22 | |
| 23 /* deprecated old name */ | |
| 24 #define SSL_LIBRARY_VERSION_3_1_TLS SSL_LIBRARY_VERSION_TLS_1_0 | |
| 25 | |
| 26 /* The DTLS versions used in the spec */ | |
| 27 #define SSL_LIBRARY_VERSION_DTLS_1_0_WIRE ((~0x0100) & 0xffff) | |
| 28 #define SSL_LIBRARY_VERSION_DTLS_1_2_WIRE ((~0x0102) & 0xffff) | |
| 29 | |
| 30 /* Header lengths of some of the messages */ | |
| 31 #define SSL_HL_ERROR_HBYTES 3 | |
| 32 #define SSL_HL_CLIENT_HELLO_HBYTES 9 | |
| 33 #define SSL_HL_CLIENT_MASTER_KEY_HBYTES 10 | |
| 34 #define SSL_HL_CLIENT_FINISHED_HBYTES 1 | |
| 35 #define SSL_HL_SERVER_HELLO_HBYTES 11 | |
| 36 #define SSL_HL_SERVER_VERIFY_HBYTES 1 | |
| 37 #define SSL_HL_SERVER_FINISHED_HBYTES 1 | |
| 38 #define SSL_HL_REQUEST_CERTIFICATE_HBYTES 2 | |
| 39 #define SSL_HL_CLIENT_CERTIFICATE_HBYTES 6 | |
| 40 | |
| 41 /* Security handshake protocol codes */ | |
| 42 #define SSL_MT_ERROR 0 | |
| 43 #define SSL_MT_CLIENT_HELLO 1 | |
| 44 #define SSL_MT_CLIENT_MASTER_KEY 2 | |
| 45 #define SSL_MT_CLIENT_FINISHED 3 | |
| 46 #define SSL_MT_SERVER_HELLO 4 | |
| 47 #define SSL_MT_SERVER_VERIFY 5 | |
| 48 #define SSL_MT_SERVER_FINISHED 6 | |
| 49 #define SSL_MT_REQUEST_CERTIFICATE 7 | |
| 50 #define SSL_MT_CLIENT_CERTIFICATE 8 | |
| 51 | |
| 52 /* Certificate types */ | |
| 53 #define SSL_CT_X509_CERTIFICATE 0x01 | |
| 54 #if 0 /* XXX Not implemented yet */ | |
| 55 #define SSL_PKCS6_CERTIFICATE 0x02 | |
| 56 #endif | |
| 57 #define SSL_AT_MD5_WITH_RSA_ENCRYPTION 0x01 | |
| 58 | |
| 59 /* Error codes */ | |
| 60 #define SSL_PE_NO_CYPHERS 0x0001 | |
| 61 #define SSL_PE_NO_CERTIFICATE 0x0002 | |
| 62 #define SSL_PE_BAD_CERTIFICATE 0x0004 | |
| 63 #define SSL_PE_UNSUPPORTED_CERTIFICATE_TYPE 0x0006 | |
| 64 | |
| 65 /* Cypher kinds (not the spec version!) */ | |
| 66 #define SSL_CK_RC4_128_WITH_MD5 0x01 | |
| 67 #define SSL_CK_RC4_128_EXPORT40_WITH_MD5 0x02 | |
| 68 #define SSL_CK_RC2_128_CBC_WITH_MD5 0x03 | |
| 69 #define SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 0x04 | |
| 70 #define SSL_CK_IDEA_128_CBC_WITH_MD5 0x05 | |
| 71 #define SSL_CK_DES_64_CBC_WITH_MD5 0x06 | |
| 72 #define SSL_CK_DES_192_EDE3_CBC_WITH_MD5 0x07 | |
| 73 | |
| 74 /* Cipher enables. These are used only for SSL_EnableCipher | |
| 75 * These values define the SSL2 suites, and do not colide with the | |
| 76 * SSL3 Cipher suites defined below. | |
| 77 */ | |
| 78 #define SSL_EN_RC4_128_WITH_MD5 0xFF01 | |
| 79 #define SSL_EN_RC4_128_EXPORT40_WITH_MD5 0xFF02 | |
| 80 #define SSL_EN_RC2_128_CBC_WITH_MD5 0xFF03 | |
| 81 #define SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5 0xFF04 | |
| 82 #define SSL_EN_IDEA_128_CBC_WITH_MD5 0xFF05 | |
| 83 #define SSL_EN_DES_64_CBC_WITH_MD5 0xFF06 | |
| 84 #define SSL_EN_DES_192_EDE3_CBC_WITH_MD5 0xFF07 | |
| 85 | |
| 86 /* Deprecated SSL 3.0 & libssl names replaced by IANA-registered TLS names. */ | |
| 87 #ifndef SSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES | |
| 88 #define SSL_NULL_WITH_NULL_NULL TLS_NULL_WITH_NULL_NULL | |
| 89 #define SSL_RSA_WITH_NULL_MD5 TLS_RSA_WITH_NULL_MD5 | |
| 90 #define SSL_RSA_WITH_NULL_SHA TLS_RSA_WITH_NULL_SHA | |
| 91 #define SSL_RSA_EXPORT_WITH_RC4_40_MD5 TLS_RSA_EXPORT_WITH_RC4_40_MD5 | |
| 92 #define SSL_RSA_WITH_RC4_128_MD5 TLS_RSA_WITH_RC4_128_MD5 | |
| 93 #define SSL_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_RC4_128_SHA | |
| 94 #define SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 | |
| 95 #define SSL_RSA_WITH_IDEA_CBC_SHA TLS_RSA_WITH_IDEA_CBC_SHA | |
| 96 #define SSL_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_RSA_EXPORT_WITH_DES40_CBC_SHA | |
| 97 #define SSL_RSA_WITH_DES_CBC_SHA TLS_RSA_WITH_DES_CBC_SHA | |
| 98 #define SSL_RSA_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA | |
| 99 #define SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA | |
| 100 #define SSL_DH_DSS_WITH_DES_CBC_SHA TLS_DH_DSS_WITH_DES_CBC_SHA | |
| 101 #define SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA | |
| 102 #define SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA | |
| 103 #define SSL_DH_RSA_WITH_DES_CBC_SHA TLS_DH_RSA_WITH_DES_CBC_SHA | |
| 104 #define SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA | |
| 105 #define SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA | |
| 106 #define SSL_DHE_DSS_WITH_DES_CBC_SHA TLS_DHE_DSS_WITH_DES_CBC_SHA | |
| 107 #define SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA | |
| 108 #define SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA | |
| 109 #define SSL_DHE_RSA_WITH_DES_CBC_SHA TLS_DHE_RSA_WITH_DES_CBC_SHA | |
| 110 #define SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA | |
| 111 #define SSL_DH_ANON_WITH_RC4_128_MD5 TLS_DH_anon_WITH_RC4_128_MD5 | |
| 112 #define SSL_DH_ANON_EXPORT_WITH_DES40_CBC_SHA TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA | |
| 113 #define SSL_DH_ANON_WITH_DES_CBC_SHA TLS_DH_anon_WITH_DES_CBC_SHA | |
| 114 #define SSL_DH_ANON_WITH_3DES_EDE_CBC_SHA TLS_DH_anon_WITH_3DES_EDE_CBC_SHA | |
| 115 #define SSL_DH_ANON_EXPORT_WITH_RC4_40_MD5 TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 | |
| 116 #define TLS_DH_ANON_WITH_AES_128_CBC_SHA TLS_DH_anon_WITH_AES_128_CBC_SHA | |
| 117 #define TLS_DH_ANON_WITH_AES_256_CBC_SHA TLS_DH_anon_WITH_AES_256_CBC_SHA | |
| 118 #define TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA | |
| 119 #define TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA | |
| 120 #endif | |
| 121 | |
| 122 #define TLS_NULL_WITH_NULL_NULL 0x0000 | |
| 123 | |
| 124 #define TLS_RSA_WITH_NULL_MD5 0x0001 | |
| 125 #define TLS_RSA_WITH_NULL_SHA 0x0002 | |
| 126 #define TLS_RSA_EXPORT_WITH_RC4_40_MD5 0x0003 | |
| 127 #define TLS_RSA_WITH_RC4_128_MD5 0x0004 | |
| 128 #define TLS_RSA_WITH_RC4_128_SHA 0x0005 | |
| 129 #define TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 0x0006 | |
| 130 #define TLS_RSA_WITH_IDEA_CBC_SHA 0x0007 | |
| 131 #define TLS_RSA_EXPORT_WITH_DES40_CBC_SHA 0x0008 | |
| 132 #define TLS_RSA_WITH_DES_CBC_SHA 0x0009 | |
| 133 #define TLS_RSA_WITH_3DES_EDE_CBC_SHA 0x000a | |
| 134 | |
| 135 #define TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA 0x000b | |
| 136 #define TLS_DH_DSS_WITH_DES_CBC_SHA 0x000c | |
| 137 #define TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA 0x000d | |
| 138 #define TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA 0x000e | |
| 139 #define TLS_DH_RSA_WITH_DES_CBC_SHA 0x000f | |
| 140 #define TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA 0x0010 | |
| 141 | |
| 142 #define TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA 0x0011 | |
| 143 #define TLS_DHE_DSS_WITH_DES_CBC_SHA 0x0012 | |
| 144 #define TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA 0x0013 | |
| 145 #define TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA 0x0014 | |
| 146 #define TLS_DHE_RSA_WITH_DES_CBC_SHA 0x0015 | |
| 147 #define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 0x0016 | |
| 148 | |
| 149 #define TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 0x0017 | |
| 150 #define TLS_DH_anon_WITH_RC4_128_MD5 0x0018 | |
| 151 #define TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA 0x0019 | |
| 152 #define TLS_DH_anon_WITH_DES_CBC_SHA 0x001a | |
| 153 #define TLS_DH_anon_WITH_3DES_EDE_CBC_SHA 0x001b | |
| 154 | |
| 155 #define SSL_FORTEZZA_DMS_WITH_NULL_SHA 0x001c /* deprecated */ | |
| 156 #define SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA 0x001d /* deprecated */ | |
| 157 #define SSL_FORTEZZA_DMS_WITH_RC4_128_SHA 0x001e /* deprecated */ | |
| 158 | |
| 159 #define TLS_RSA_WITH_AES_128_CBC_SHA 0x002F | |
| 160 #define TLS_DH_DSS_WITH_AES_128_CBC_SHA 0x0030 | |
| 161 #define TLS_DH_RSA_WITH_AES_128_CBC_SHA 0x0031 | |
| 162 #define TLS_DHE_DSS_WITH_AES_128_CBC_SHA 0x0032 | |
| 163 #define TLS_DHE_RSA_WITH_AES_128_CBC_SHA 0x0033 | |
| 164 #define TLS_DH_anon_WITH_AES_128_CBC_SHA 0x0034 | |
| 165 | |
| 166 #define TLS_RSA_WITH_AES_256_CBC_SHA 0x0035 | |
| 167 #define TLS_DH_DSS_WITH_AES_256_CBC_SHA 0x0036 | |
| 168 #define TLS_DH_RSA_WITH_AES_256_CBC_SHA 0x0037 | |
| 169 #define TLS_DHE_DSS_WITH_AES_256_CBC_SHA 0x0038 | |
| 170 #define TLS_DHE_RSA_WITH_AES_256_CBC_SHA 0x0039 | |
| 171 #define TLS_DH_anon_WITH_AES_256_CBC_SHA 0x003A | |
| 172 #define TLS_RSA_WITH_NULL_SHA256 0x003B | |
| 173 #define TLS_RSA_WITH_AES_128_CBC_SHA256 0x003C | |
| 174 #define TLS_RSA_WITH_AES_256_CBC_SHA256 0x003D | |
| 175 | |
| 176 #define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 0x0041 | |
| 177 #define TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x0042 | |
| 178 #define TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x0043 | |
| 179 #define TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA 0x0044 | |
| 180 #define TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x0045 | |
| 181 #define TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA 0x0046 | |
| 182 | |
| 183 #define TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA 0x0062 | |
| 184 #define TLS_RSA_EXPORT1024_WITH_RC4_56_SHA 0x0064 | |
| 185 | |
| 186 #define TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA 0x0063 | |
| 187 #define TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA 0x0065 | |
| 188 #define TLS_DHE_DSS_WITH_RC4_128_SHA 0x0066 | |
| 189 #define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 0x0067 | |
| 190 #define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 0x006B | |
| 191 | |
| 192 #define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 0x0084 | |
| 193 #define TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x0085 | |
| 194 #define TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x0086 | |
| 195 #define TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA 0x0087 | |
| 196 #define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x0088 | |
| 197 #define TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA 0x0089 | |
| 198 | |
| 199 #define TLS_RSA_WITH_SEED_CBC_SHA 0x0096 | |
| 200 | |
| 201 #define TLS_RSA_WITH_AES_128_GCM_SHA256 0x009C | |
| 202 #define TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 0x009E | |
| 203 #define TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 0x00A2 | |
| 204 | |
| 205 /* TLS "Signaling Cipher Suite Value" (SCSV). May be requested by client. | |
| 206 * Must NEVER be chosen by server. SSL 3.0 server acknowledges by sending | |
| 207 * back an empty Renegotiation Info (RI) server hello extension. | |
| 208 */ | |
| 209 #define TLS_EMPTY_RENEGOTIATION_INFO_SCSV 0x00FF | |
| 210 | |
| 211 /* TLS_FALLBACK_SCSV is a signaling cipher suite value that indicates that a | |
| 212 * handshake is the result of TLS version fallback. | |
| 213 */ | |
| 214 #define TLS_FALLBACK_SCSV 0x5600 | |
| 215 | |
| 216 /* Cipher Suite Values starting with 0xC000 are defined in informational | |
| 217 * RFCs. | |
| 218 */ | |
| 219 #define TLS_ECDH_ECDSA_WITH_NULL_SHA 0xC001 | |
| 220 #define TLS_ECDH_ECDSA_WITH_RC4_128_SHA 0xC002 | |
| 221 #define TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 0xC003 | |
| 222 #define TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0xC004 | |
| 223 #define TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0xC005 | |
| 224 | |
| 225 #define TLS_ECDHE_ECDSA_WITH_NULL_SHA 0xC006 | |
| 226 #define TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 0xC007 | |
| 227 #define TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 0xC008 | |
| 228 #define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0xC009 | |
| 229 #define TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0xC00A | |
| 230 | |
| 231 #define TLS_ECDH_RSA_WITH_NULL_SHA 0xC00B | |
| 232 #define TLS_ECDH_RSA_WITH_RC4_128_SHA 0xC00C | |
| 233 #define TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 0xC00D | |
| 234 #define TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 0xC00E | |
| 235 #define TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 0xC00F | |
| 236 | |
| 237 #define TLS_ECDHE_RSA_WITH_NULL_SHA 0xC010 | |
| 238 #define TLS_ECDHE_RSA_WITH_RC4_128_SHA 0xC011 | |
| 239 #define TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 0xC012 | |
| 240 #define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 0xC013 | |
| 241 #define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 0xC014 | |
| 242 | |
| 243 #define TLS_ECDH_anon_WITH_NULL_SHA 0xC015 | |
| 244 #define TLS_ECDH_anon_WITH_RC4_128_SHA 0xC016 | |
| 245 #define TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA 0xC017 | |
| 246 #define TLS_ECDH_anon_WITH_AES_128_CBC_SHA 0xC018 | |
| 247 #define TLS_ECDH_anon_WITH_AES_256_CBC_SHA 0xC019 | |
| 248 | |
| 249 #define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 0xC023 | |
| 250 #define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 0xC027 | |
| 251 | |
| 252 #define TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC02B | |
| 253 #define TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0xC02D | |
| 254 #define TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xC02F | |
| 255 #define TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 0xC031 | |
| 256 | |
| 257 /* Netscape "experimental" cipher suites. */ | |
| 258 #define SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA 0xffe0 | |
| 259 #define SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA 0xffe1 | |
| 260 | |
| 261 /* New non-experimental openly spec'ed versions of those cipher suites. */ | |
| 262 #define SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA 0xfeff | |
| 263 #define SSL_RSA_FIPS_WITH_DES_CBC_SHA 0xfefe | |
| 264 | |
| 265 /* DTLS-SRTP cipher suites from RFC 5764 */ | |
| 266 /* If you modify this, also modify MAX_DTLS_SRTP_CIPHER_SUITES in sslimpl.h */ | |
| 267 #define SRTP_AES128_CM_HMAC_SHA1_80 0x0001 | |
| 268 #define SRTP_AES128_CM_HMAC_SHA1_32 0x0002 | |
| 269 #define SRTP_NULL_HMAC_SHA1_80 0x0005 | |
| 270 #define SRTP_NULL_HMAC_SHA1_32 0x0006 | |
| 271 | |
| 272 #endif /* __sslproto_h_ */ |
