1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/nss/lib/ssl/sslproto.h Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,272 @@
1.4 +/*
1.5 + * Various and sundry protocol constants. DON'T CHANGE THESE. These values
1.6 + * are mostly defined by the SSL2, SSL3, or TLS protocol specifications.
1.7 + * Cipher kinds and ciphersuites are part of the public API.
1.8 + *
1.9 + * This Source Code Form is subject to the terms of the Mozilla Public
1.10 + * License, v. 2.0. If a copy of the MPL was not distributed with this
1.11 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
1.12 +
1.13 +#ifndef __sslproto_h_
1.14 +#define __sslproto_h_
1.15 +
1.16 +/* All versions less than 3_0 are treated as SSL version 2 */
1.17 +#define SSL_LIBRARY_VERSION_2 0x0002
1.18 +#define SSL_LIBRARY_VERSION_3_0 0x0300
1.19 +#define SSL_LIBRARY_VERSION_TLS_1_0 0x0301
1.20 +#define SSL_LIBRARY_VERSION_TLS_1_1 0x0302
1.21 +#define SSL_LIBRARY_VERSION_TLS_1_2 0x0303
1.22 +/* Note: this is the internal format, not the wire format */
1.23 +#define SSL_LIBRARY_VERSION_DTLS_1_0 0x0302
1.24 +#define SSL_LIBRARY_VERSION_DTLS_1_2 0x0303
1.25 +
1.26 +/* deprecated old name */
1.27 +#define SSL_LIBRARY_VERSION_3_1_TLS SSL_LIBRARY_VERSION_TLS_1_0
1.28 +
1.29 +/* The DTLS versions used in the spec */
1.30 +#define SSL_LIBRARY_VERSION_DTLS_1_0_WIRE ((~0x0100) & 0xffff)
1.31 +#define SSL_LIBRARY_VERSION_DTLS_1_2_WIRE ((~0x0102) & 0xffff)
1.32 +
1.33 +/* Header lengths of some of the messages */
1.34 +#define SSL_HL_ERROR_HBYTES 3
1.35 +#define SSL_HL_CLIENT_HELLO_HBYTES 9
1.36 +#define SSL_HL_CLIENT_MASTER_KEY_HBYTES 10
1.37 +#define SSL_HL_CLIENT_FINISHED_HBYTES 1
1.38 +#define SSL_HL_SERVER_HELLO_HBYTES 11
1.39 +#define SSL_HL_SERVER_VERIFY_HBYTES 1
1.40 +#define SSL_HL_SERVER_FINISHED_HBYTES 1
1.41 +#define SSL_HL_REQUEST_CERTIFICATE_HBYTES 2
1.42 +#define SSL_HL_CLIENT_CERTIFICATE_HBYTES 6
1.43 +
1.44 +/* Security handshake protocol codes */
1.45 +#define SSL_MT_ERROR 0
1.46 +#define SSL_MT_CLIENT_HELLO 1
1.47 +#define SSL_MT_CLIENT_MASTER_KEY 2
1.48 +#define SSL_MT_CLIENT_FINISHED 3
1.49 +#define SSL_MT_SERVER_HELLO 4
1.50 +#define SSL_MT_SERVER_VERIFY 5
1.51 +#define SSL_MT_SERVER_FINISHED 6
1.52 +#define SSL_MT_REQUEST_CERTIFICATE 7
1.53 +#define SSL_MT_CLIENT_CERTIFICATE 8
1.54 +
1.55 +/* Certificate types */
1.56 +#define SSL_CT_X509_CERTIFICATE 0x01
1.57 +#if 0 /* XXX Not implemented yet */
1.58 +#define SSL_PKCS6_CERTIFICATE 0x02
1.59 +#endif
1.60 +#define SSL_AT_MD5_WITH_RSA_ENCRYPTION 0x01
1.61 +
1.62 +/* Error codes */
1.63 +#define SSL_PE_NO_CYPHERS 0x0001
1.64 +#define SSL_PE_NO_CERTIFICATE 0x0002
1.65 +#define SSL_PE_BAD_CERTIFICATE 0x0004
1.66 +#define SSL_PE_UNSUPPORTED_CERTIFICATE_TYPE 0x0006
1.67 +
1.68 +/* Cypher kinds (not the spec version!) */
1.69 +#define SSL_CK_RC4_128_WITH_MD5 0x01
1.70 +#define SSL_CK_RC4_128_EXPORT40_WITH_MD5 0x02
1.71 +#define SSL_CK_RC2_128_CBC_WITH_MD5 0x03
1.72 +#define SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 0x04
1.73 +#define SSL_CK_IDEA_128_CBC_WITH_MD5 0x05
1.74 +#define SSL_CK_DES_64_CBC_WITH_MD5 0x06
1.75 +#define SSL_CK_DES_192_EDE3_CBC_WITH_MD5 0x07
1.76 +
1.77 +/* Cipher enables. These are used only for SSL_EnableCipher
1.78 + * These values define the SSL2 suites, and do not colide with the
1.79 + * SSL3 Cipher suites defined below.
1.80 + */
1.81 +#define SSL_EN_RC4_128_WITH_MD5 0xFF01
1.82 +#define SSL_EN_RC4_128_EXPORT40_WITH_MD5 0xFF02
1.83 +#define SSL_EN_RC2_128_CBC_WITH_MD5 0xFF03
1.84 +#define SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5 0xFF04
1.85 +#define SSL_EN_IDEA_128_CBC_WITH_MD5 0xFF05
1.86 +#define SSL_EN_DES_64_CBC_WITH_MD5 0xFF06
1.87 +#define SSL_EN_DES_192_EDE3_CBC_WITH_MD5 0xFF07
1.88 +
1.89 +/* Deprecated SSL 3.0 & libssl names replaced by IANA-registered TLS names. */
1.90 +#ifndef SSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES
1.91 +#define SSL_NULL_WITH_NULL_NULL TLS_NULL_WITH_NULL_NULL
1.92 +#define SSL_RSA_WITH_NULL_MD5 TLS_RSA_WITH_NULL_MD5
1.93 +#define SSL_RSA_WITH_NULL_SHA TLS_RSA_WITH_NULL_SHA
1.94 +#define SSL_RSA_EXPORT_WITH_RC4_40_MD5 TLS_RSA_EXPORT_WITH_RC4_40_MD5
1.95 +#define SSL_RSA_WITH_RC4_128_MD5 TLS_RSA_WITH_RC4_128_MD5
1.96 +#define SSL_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_RC4_128_SHA
1.97 +#define SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
1.98 +#define SSL_RSA_WITH_IDEA_CBC_SHA TLS_RSA_WITH_IDEA_CBC_SHA
1.99 +#define SSL_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
1.100 +#define SSL_RSA_WITH_DES_CBC_SHA TLS_RSA_WITH_DES_CBC_SHA
1.101 +#define SSL_RSA_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA
1.102 +#define SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA
1.103 +#define SSL_DH_DSS_WITH_DES_CBC_SHA TLS_DH_DSS_WITH_DES_CBC_SHA
1.104 +#define SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA
1.105 +#define SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA
1.106 +#define SSL_DH_RSA_WITH_DES_CBC_SHA TLS_DH_RSA_WITH_DES_CBC_SHA
1.107 +#define SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA
1.108 +#define SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
1.109 +#define SSL_DHE_DSS_WITH_DES_CBC_SHA TLS_DHE_DSS_WITH_DES_CBC_SHA
1.110 +#define SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
1.111 +#define SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
1.112 +#define SSL_DHE_RSA_WITH_DES_CBC_SHA TLS_DHE_RSA_WITH_DES_CBC_SHA
1.113 +#define SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
1.114 +#define SSL_DH_ANON_WITH_RC4_128_MD5 TLS_DH_anon_WITH_RC4_128_MD5
1.115 +#define SSL_DH_ANON_EXPORT_WITH_DES40_CBC_SHA TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA
1.116 +#define SSL_DH_ANON_WITH_DES_CBC_SHA TLS_DH_anon_WITH_DES_CBC_SHA
1.117 +#define SSL_DH_ANON_WITH_3DES_EDE_CBC_SHA TLS_DH_anon_WITH_3DES_EDE_CBC_SHA
1.118 +#define SSL_DH_ANON_EXPORT_WITH_RC4_40_MD5 TLS_DH_anon_EXPORT_WITH_RC4_40_MD5
1.119 +#define TLS_DH_ANON_WITH_AES_128_CBC_SHA TLS_DH_anon_WITH_AES_128_CBC_SHA
1.120 +#define TLS_DH_ANON_WITH_AES_256_CBC_SHA TLS_DH_anon_WITH_AES_256_CBC_SHA
1.121 +#define TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA
1.122 +#define TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA
1.123 +#endif
1.124 +
1.125 +#define TLS_NULL_WITH_NULL_NULL 0x0000
1.126 +
1.127 +#define TLS_RSA_WITH_NULL_MD5 0x0001
1.128 +#define TLS_RSA_WITH_NULL_SHA 0x0002
1.129 +#define TLS_RSA_EXPORT_WITH_RC4_40_MD5 0x0003
1.130 +#define TLS_RSA_WITH_RC4_128_MD5 0x0004
1.131 +#define TLS_RSA_WITH_RC4_128_SHA 0x0005
1.132 +#define TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 0x0006
1.133 +#define TLS_RSA_WITH_IDEA_CBC_SHA 0x0007
1.134 +#define TLS_RSA_EXPORT_WITH_DES40_CBC_SHA 0x0008
1.135 +#define TLS_RSA_WITH_DES_CBC_SHA 0x0009
1.136 +#define TLS_RSA_WITH_3DES_EDE_CBC_SHA 0x000a
1.137 +
1.138 +#define TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA 0x000b
1.139 +#define TLS_DH_DSS_WITH_DES_CBC_SHA 0x000c
1.140 +#define TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA 0x000d
1.141 +#define TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA 0x000e
1.142 +#define TLS_DH_RSA_WITH_DES_CBC_SHA 0x000f
1.143 +#define TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA 0x0010
1.144 +
1.145 +#define TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA 0x0011
1.146 +#define TLS_DHE_DSS_WITH_DES_CBC_SHA 0x0012
1.147 +#define TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA 0x0013
1.148 +#define TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA 0x0014
1.149 +#define TLS_DHE_RSA_WITH_DES_CBC_SHA 0x0015
1.150 +#define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 0x0016
1.151 +
1.152 +#define TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 0x0017
1.153 +#define TLS_DH_anon_WITH_RC4_128_MD5 0x0018
1.154 +#define TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA 0x0019
1.155 +#define TLS_DH_anon_WITH_DES_CBC_SHA 0x001a
1.156 +#define TLS_DH_anon_WITH_3DES_EDE_CBC_SHA 0x001b
1.157 +
1.158 +#define SSL_FORTEZZA_DMS_WITH_NULL_SHA 0x001c /* deprecated */
1.159 +#define SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA 0x001d /* deprecated */
1.160 +#define SSL_FORTEZZA_DMS_WITH_RC4_128_SHA 0x001e /* deprecated */
1.161 +
1.162 +#define TLS_RSA_WITH_AES_128_CBC_SHA 0x002F
1.163 +#define TLS_DH_DSS_WITH_AES_128_CBC_SHA 0x0030
1.164 +#define TLS_DH_RSA_WITH_AES_128_CBC_SHA 0x0031
1.165 +#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA 0x0032
1.166 +#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA 0x0033
1.167 +#define TLS_DH_anon_WITH_AES_128_CBC_SHA 0x0034
1.168 +
1.169 +#define TLS_RSA_WITH_AES_256_CBC_SHA 0x0035
1.170 +#define TLS_DH_DSS_WITH_AES_256_CBC_SHA 0x0036
1.171 +#define TLS_DH_RSA_WITH_AES_256_CBC_SHA 0x0037
1.172 +#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA 0x0038
1.173 +#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA 0x0039
1.174 +#define TLS_DH_anon_WITH_AES_256_CBC_SHA 0x003A
1.175 +#define TLS_RSA_WITH_NULL_SHA256 0x003B
1.176 +#define TLS_RSA_WITH_AES_128_CBC_SHA256 0x003C
1.177 +#define TLS_RSA_WITH_AES_256_CBC_SHA256 0x003D
1.178 +
1.179 +#define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 0x0041
1.180 +#define TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x0042
1.181 +#define TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x0043
1.182 +#define TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA 0x0044
1.183 +#define TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x0045
1.184 +#define TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA 0x0046
1.185 +
1.186 +#define TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA 0x0062
1.187 +#define TLS_RSA_EXPORT1024_WITH_RC4_56_SHA 0x0064
1.188 +
1.189 +#define TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA 0x0063
1.190 +#define TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA 0x0065
1.191 +#define TLS_DHE_DSS_WITH_RC4_128_SHA 0x0066
1.192 +#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 0x0067
1.193 +#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 0x006B
1.194 +
1.195 +#define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 0x0084
1.196 +#define TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x0085
1.197 +#define TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x0086
1.198 +#define TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA 0x0087
1.199 +#define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x0088
1.200 +#define TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA 0x0089
1.201 +
1.202 +#define TLS_RSA_WITH_SEED_CBC_SHA 0x0096
1.203 +
1.204 +#define TLS_RSA_WITH_AES_128_GCM_SHA256 0x009C
1.205 +#define TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 0x009E
1.206 +#define TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 0x00A2
1.207 +
1.208 +/* TLS "Signaling Cipher Suite Value" (SCSV). May be requested by client.
1.209 + * Must NEVER be chosen by server. SSL 3.0 server acknowledges by sending
1.210 + * back an empty Renegotiation Info (RI) server hello extension.
1.211 + */
1.212 +#define TLS_EMPTY_RENEGOTIATION_INFO_SCSV 0x00FF
1.213 +
1.214 +/* TLS_FALLBACK_SCSV is a signaling cipher suite value that indicates that a
1.215 + * handshake is the result of TLS version fallback.
1.216 + */
1.217 +#define TLS_FALLBACK_SCSV 0x5600
1.218 +
1.219 +/* Cipher Suite Values starting with 0xC000 are defined in informational
1.220 + * RFCs.
1.221 + */
1.222 +#define TLS_ECDH_ECDSA_WITH_NULL_SHA 0xC001
1.223 +#define TLS_ECDH_ECDSA_WITH_RC4_128_SHA 0xC002
1.224 +#define TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 0xC003
1.225 +#define TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0xC004
1.226 +#define TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0xC005
1.227 +
1.228 +#define TLS_ECDHE_ECDSA_WITH_NULL_SHA 0xC006
1.229 +#define TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 0xC007
1.230 +#define TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 0xC008
1.231 +#define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0xC009
1.232 +#define TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0xC00A
1.233 +
1.234 +#define TLS_ECDH_RSA_WITH_NULL_SHA 0xC00B
1.235 +#define TLS_ECDH_RSA_WITH_RC4_128_SHA 0xC00C
1.236 +#define TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 0xC00D
1.237 +#define TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 0xC00E
1.238 +#define TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 0xC00F
1.239 +
1.240 +#define TLS_ECDHE_RSA_WITH_NULL_SHA 0xC010
1.241 +#define TLS_ECDHE_RSA_WITH_RC4_128_SHA 0xC011
1.242 +#define TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 0xC012
1.243 +#define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 0xC013
1.244 +#define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 0xC014
1.245 +
1.246 +#define TLS_ECDH_anon_WITH_NULL_SHA 0xC015
1.247 +#define TLS_ECDH_anon_WITH_RC4_128_SHA 0xC016
1.248 +#define TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA 0xC017
1.249 +#define TLS_ECDH_anon_WITH_AES_128_CBC_SHA 0xC018
1.250 +#define TLS_ECDH_anon_WITH_AES_256_CBC_SHA 0xC019
1.251 +
1.252 +#define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 0xC023
1.253 +#define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 0xC027
1.254 +
1.255 +#define TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC02B
1.256 +#define TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0xC02D
1.257 +#define TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xC02F
1.258 +#define TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 0xC031
1.259 +
1.260 +/* Netscape "experimental" cipher suites. */
1.261 +#define SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA 0xffe0
1.262 +#define SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA 0xffe1
1.263 +
1.264 +/* New non-experimental openly spec'ed versions of those cipher suites. */
1.265 +#define SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA 0xfeff
1.266 +#define SSL_RSA_FIPS_WITH_DES_CBC_SHA 0xfefe
1.267 +
1.268 +/* DTLS-SRTP cipher suites from RFC 5764 */
1.269 +/* If you modify this, also modify MAX_DTLS_SRTP_CIPHER_SUITES in sslimpl.h */
1.270 +#define SRTP_AES128_CM_HMAC_SHA1_80 0x0001
1.271 +#define SRTP_AES128_CM_HMAC_SHA1_32 0x0002
1.272 +#define SRTP_NULL_HMAC_SHA1_80 0x0005
1.273 +#define SRTP_NULL_HMAC_SHA1_32 0x0006
1.274 +
1.275 +#endif /* __sslproto_h_ */
