The Tor Browser / file revision

security/nss/lib/ssl/sslproto.h@b8a032363ba2

security/nss/lib/ssl/sslproto.h

Thu, 22 Jan 2015 13:21:57 +0100

author
Michael Schloh von Bennewitz <michael@schloh.com>
date
Thu, 22 Jan 2015 13:21:57 +0100
branch
TOR_BUG_9701
changeset 15
b8a032363ba2
permissions
-rw-r--r--

Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6

     1 /*

     2  * Various and sundry protocol constants. DON'T CHANGE THESE. These values

     3  * are mostly defined by the SSL2, SSL3, or TLS protocol specifications.

     4  * Cipher kinds and ciphersuites are part of the public API.

     5  *

     6  * This Source Code Form is subject to the terms of the Mozilla Public

     7  * License, v. 2.0. If a copy of the MPL was not distributed with this

     8  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

     9 

    10 #ifndef __sslproto_h_

    11 #define __sslproto_h_

    12 

    13 /* All versions less than 3_0 are treated as SSL version 2 */

    14 #define SSL_LIBRARY_VERSION_2                   0x0002

    15 #define SSL_LIBRARY_VERSION_3_0                 0x0300

    16 #define SSL_LIBRARY_VERSION_TLS_1_0             0x0301

    17 #define SSL_LIBRARY_VERSION_TLS_1_1             0x0302

    18 #define SSL_LIBRARY_VERSION_TLS_1_2             0x0303

    19 /* Note: this is the internal format, not the wire format */

    20 #define SSL_LIBRARY_VERSION_DTLS_1_0            0x0302

    21 #define SSL_LIBRARY_VERSION_DTLS_1_2            0x0303

    22 

    23 /* deprecated old name */

    24 #define SSL_LIBRARY_VERSION_3_1_TLS SSL_LIBRARY_VERSION_TLS_1_0

    25 

    26 /* The DTLS versions used in the spec */

    27 #define SSL_LIBRARY_VERSION_DTLS_1_0_WIRE       ((~0x0100) & 0xffff)

    28 #define SSL_LIBRARY_VERSION_DTLS_1_2_WIRE       ((~0x0102) & 0xffff)

    29 

    30 /* Header lengths of some of the messages */

    31 #define SSL_HL_ERROR_HBYTES                     3

    32 #define SSL_HL_CLIENT_HELLO_HBYTES              9

    33 #define SSL_HL_CLIENT_MASTER_KEY_HBYTES         10

    34 #define SSL_HL_CLIENT_FINISHED_HBYTES           1

    35 #define SSL_HL_SERVER_HELLO_HBYTES              11

    36 #define SSL_HL_SERVER_VERIFY_HBYTES             1

    37 #define SSL_HL_SERVER_FINISHED_HBYTES           1

    38 #define SSL_HL_REQUEST_CERTIFICATE_HBYTES       2

    39 #define SSL_HL_CLIENT_CERTIFICATE_HBYTES        6

    40 

    41 /* Security handshake protocol codes */

    42 #define SSL_MT_ERROR                            0

    43 #define SSL_MT_CLIENT_HELLO                     1

    44 #define SSL_MT_CLIENT_MASTER_KEY                2

    45 #define SSL_MT_CLIENT_FINISHED                  3

    46 #define SSL_MT_SERVER_HELLO                     4

    47 #define SSL_MT_SERVER_VERIFY                    5

    48 #define SSL_MT_SERVER_FINISHED                  6

    49 #define SSL_MT_REQUEST_CERTIFICATE              7

    50 #define SSL_MT_CLIENT_CERTIFICATE               8

    51 

    52 /* Certificate types */

    53 #define SSL_CT_X509_CERTIFICATE                 0x01

    54 #if 0 /* XXX Not implemented yet */

    55 #define SSL_PKCS6_CERTIFICATE                   0x02

    56 #endif

    57 #define SSL_AT_MD5_WITH_RSA_ENCRYPTION          0x01

    58 

    59 /* Error codes */

    60 #define SSL_PE_NO_CYPHERS                       0x0001

    61 #define SSL_PE_NO_CERTIFICATE                   0x0002

    62 #define SSL_PE_BAD_CERTIFICATE                  0x0004

    63 #define SSL_PE_UNSUPPORTED_CERTIFICATE_TYPE     0x0006

    64 

    65 /* Cypher kinds (not the spec version!) */

    66 #define SSL_CK_RC4_128_WITH_MD5                 0x01

    67 #define SSL_CK_RC4_128_EXPORT40_WITH_MD5        0x02

    68 #define SSL_CK_RC2_128_CBC_WITH_MD5             0x03

    69 #define SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5    0x04

    70 #define SSL_CK_IDEA_128_CBC_WITH_MD5            0x05

    71 #define SSL_CK_DES_64_CBC_WITH_MD5              0x06

    72 #define SSL_CK_DES_192_EDE3_CBC_WITH_MD5        0x07

    73 

    74 /* Cipher enables.  These are used only for SSL_EnableCipher

    75  * These values define the SSL2 suites, and do not colide with the

    76  * SSL3 Cipher suites defined below.

    77  */

    78 #define SSL_EN_RC4_128_WITH_MD5                 0xFF01

    79 #define SSL_EN_RC4_128_EXPORT40_WITH_MD5        0xFF02

    80 #define SSL_EN_RC2_128_CBC_WITH_MD5             0xFF03

    81 #define SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5    0xFF04

    82 #define SSL_EN_IDEA_128_CBC_WITH_MD5            0xFF05

    83 #define SSL_EN_DES_64_CBC_WITH_MD5              0xFF06

    84 #define SSL_EN_DES_192_EDE3_CBC_WITH_MD5        0xFF07

    85 

    86 /* Deprecated SSL 3.0 & libssl names replaced by IANA-registered TLS names. */

    87 #ifndef SSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES

    88 #define SSL_NULL_WITH_NULL_NULL                TLS_NULL_WITH_NULL_NULL

    89 #define SSL_RSA_WITH_NULL_MD5                  TLS_RSA_WITH_NULL_MD5

    90 #define SSL_RSA_WITH_NULL_SHA                  TLS_RSA_WITH_NULL_SHA

    91 #define SSL_RSA_EXPORT_WITH_RC4_40_MD5         TLS_RSA_EXPORT_WITH_RC4_40_MD5

    92 #define SSL_RSA_WITH_RC4_128_MD5               TLS_RSA_WITH_RC4_128_MD5

    93 #define SSL_RSA_WITH_RC4_128_SHA               TLS_RSA_WITH_RC4_128_SHA

    94 #define SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5     TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5

    95 #define SSL_RSA_WITH_IDEA_CBC_SHA              TLS_RSA_WITH_IDEA_CBC_SHA

    96 #define SSL_RSA_EXPORT_WITH_DES40_CBC_SHA      TLS_RSA_EXPORT_WITH_DES40_CBC_SHA

    97 #define SSL_RSA_WITH_DES_CBC_SHA               TLS_RSA_WITH_DES_CBC_SHA

    98 #define SSL_RSA_WITH_3DES_EDE_CBC_SHA          TLS_RSA_WITH_3DES_EDE_CBC_SHA

    99 #define SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA   TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA

   100 #define SSL_DH_DSS_WITH_DES_CBC_SHA            TLS_DH_DSS_WITH_DES_CBC_SHA

   101 #define SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA       TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA

   102 #define SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA   TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA

   103 #define SSL_DH_RSA_WITH_DES_CBC_SHA            TLS_DH_RSA_WITH_DES_CBC_SHA

   104 #define SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA       TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA

   105 #define SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA  TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA

   106 #define SSL_DHE_DSS_WITH_DES_CBC_SHA           TLS_DHE_DSS_WITH_DES_CBC_SHA

   107 #define SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA      TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA

   108 #define SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA  TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA

   109 #define SSL_DHE_RSA_WITH_DES_CBC_SHA           TLS_DHE_RSA_WITH_DES_CBC_SHA

   110 #define SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA      TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA

   111 #define SSL_DH_ANON_WITH_RC4_128_MD5           TLS_DH_anon_WITH_RC4_128_MD5

   112 #define SSL_DH_ANON_EXPORT_WITH_DES40_CBC_SHA  TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA

   113 #define SSL_DH_ANON_WITH_DES_CBC_SHA           TLS_DH_anon_WITH_DES_CBC_SHA

   114 #define SSL_DH_ANON_WITH_3DES_EDE_CBC_SHA      TLS_DH_anon_WITH_3DES_EDE_CBC_SHA

   115 #define SSL_DH_ANON_EXPORT_WITH_RC4_40_MD5     TLS_DH_anon_EXPORT_WITH_RC4_40_MD5

   116 #define TLS_DH_ANON_WITH_AES_128_CBC_SHA       TLS_DH_anon_WITH_AES_128_CBC_SHA

   117 #define TLS_DH_ANON_WITH_AES_256_CBC_SHA       TLS_DH_anon_WITH_AES_256_CBC_SHA

   118 #define TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA  TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA

   119 #define TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA  TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA

   120 #endif

   121 

   122 #define TLS_NULL_WITH_NULL_NULL                 0x0000

   123 

   124 #define TLS_RSA_WITH_NULL_MD5                   0x0001

   125 #define TLS_RSA_WITH_NULL_SHA                   0x0002

   126 #define TLS_RSA_EXPORT_WITH_RC4_40_MD5          0x0003

   127 #define TLS_RSA_WITH_RC4_128_MD5                0x0004

   128 #define TLS_RSA_WITH_RC4_128_SHA                0x0005

   129 #define TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5      0x0006

   130 #define TLS_RSA_WITH_IDEA_CBC_SHA               0x0007

   131 #define TLS_RSA_EXPORT_WITH_DES40_CBC_SHA       0x0008

   132 #define TLS_RSA_WITH_DES_CBC_SHA                0x0009

   133 #define TLS_RSA_WITH_3DES_EDE_CBC_SHA           0x000a

   134 

   135 #define TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA    0x000b

   136 #define TLS_DH_DSS_WITH_DES_CBC_SHA             0x000c

   137 #define TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA        0x000d

   138 #define TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA    0x000e

   139 #define TLS_DH_RSA_WITH_DES_CBC_SHA             0x000f

   140 #define TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA        0x0010

   141 

   142 #define TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA   0x0011

   143 #define TLS_DHE_DSS_WITH_DES_CBC_SHA            0x0012

   144 #define TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA       0x0013

   145 #define TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA   0x0014

   146 #define TLS_DHE_RSA_WITH_DES_CBC_SHA            0x0015

   147 #define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA       0x0016

   148 

   149 #define TLS_DH_anon_EXPORT_WITH_RC4_40_MD5      0x0017

   150 #define TLS_DH_anon_WITH_RC4_128_MD5            0x0018

   151 #define TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA   0x0019

   152 #define TLS_DH_anon_WITH_DES_CBC_SHA            0x001a

   153 #define TLS_DH_anon_WITH_3DES_EDE_CBC_SHA       0x001b

   154 

   155 #define SSL_FORTEZZA_DMS_WITH_NULL_SHA          0x001c /* deprecated */

   156 #define SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA  0x001d /* deprecated */

   157 #define SSL_FORTEZZA_DMS_WITH_RC4_128_SHA       0x001e /* deprecated */

   158 

   159 #define TLS_RSA_WITH_AES_128_CBC_SHA            0x002F

   160 #define TLS_DH_DSS_WITH_AES_128_CBC_SHA         0x0030

   161 #define TLS_DH_RSA_WITH_AES_128_CBC_SHA         0x0031

   162 #define TLS_DHE_DSS_WITH_AES_128_CBC_SHA        0x0032

   163 #define TLS_DHE_RSA_WITH_AES_128_CBC_SHA        0x0033

   164 #define TLS_DH_anon_WITH_AES_128_CBC_SHA        0x0034

   165 

   166 #define TLS_RSA_WITH_AES_256_CBC_SHA            0x0035

   167 #define TLS_DH_DSS_WITH_AES_256_CBC_SHA         0x0036

   168 #define TLS_DH_RSA_WITH_AES_256_CBC_SHA         0x0037

   169 #define TLS_DHE_DSS_WITH_AES_256_CBC_SHA        0x0038

   170 #define TLS_DHE_RSA_WITH_AES_256_CBC_SHA        0x0039

   171 #define TLS_DH_anon_WITH_AES_256_CBC_SHA        0x003A

   172 #define TLS_RSA_WITH_NULL_SHA256                0x003B

   173 #define TLS_RSA_WITH_AES_128_CBC_SHA256         0x003C

   174 #define TLS_RSA_WITH_AES_256_CBC_SHA256         0x003D

   175 

   176 #define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA       0x0041

   177 #define TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA    0x0042

   178 #define TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA    0x0043

   179 #define TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA   0x0044

   180 #define TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA   0x0045

   181 #define TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA   0x0046

   182 

   183 #define TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA     0x0062

   184 #define TLS_RSA_EXPORT1024_WITH_RC4_56_SHA      0x0064

   185 

   186 #define TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA 0x0063

   187 #define TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA  0x0065

   188 #define TLS_DHE_DSS_WITH_RC4_128_SHA            0x0066

   189 #define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256     0x0067

   190 #define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256     0x006B

   191 

   192 #define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA       0x0084

   193 #define TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA    0x0085

   194 #define TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA    0x0086

   195 #define TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA   0x0087

   196 #define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA   0x0088

   197 #define TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA   0x0089

   198 

   199 #define TLS_RSA_WITH_SEED_CBC_SHA               0x0096

   200 

   201 #define TLS_RSA_WITH_AES_128_GCM_SHA256         0x009C

   202 #define TLS_DHE_RSA_WITH_AES_128_GCM_SHA256     0x009E

   203 #define TLS_DHE_DSS_WITH_AES_128_GCM_SHA256     0x00A2

   204 

   205 /* TLS "Signaling Cipher Suite Value" (SCSV). May be requested by client.

   206  * Must NEVER be chosen by server.  SSL 3.0 server acknowledges by sending

   207  * back an empty Renegotiation Info (RI) server hello extension.

   208  */

   209 #define TLS_EMPTY_RENEGOTIATION_INFO_SCSV       0x00FF

   210 

   211 /* TLS_FALLBACK_SCSV is a signaling cipher suite value that indicates that a

   212  * handshake is the result of TLS version fallback.

   213  */

   214 #define TLS_FALLBACK_SCSV                       0x5600

   215 

   216 /* Cipher Suite Values starting with 0xC000 are defined in informational

   217  * RFCs.

   218  */

   219 #define TLS_ECDH_ECDSA_WITH_NULL_SHA            0xC001

   220 #define TLS_ECDH_ECDSA_WITH_RC4_128_SHA         0xC002

   221 #define TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA    0xC003

   222 #define TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA     0xC004

   223 #define TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA     0xC005

   224 

   225 #define TLS_ECDHE_ECDSA_WITH_NULL_SHA           0xC006

   226 #define TLS_ECDHE_ECDSA_WITH_RC4_128_SHA        0xC007

   227 #define TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA   0xC008

   228 #define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA    0xC009

   229 #define TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA    0xC00A

   230 

   231 #define TLS_ECDH_RSA_WITH_NULL_SHA              0xC00B

   232 #define TLS_ECDH_RSA_WITH_RC4_128_SHA           0xC00C

   233 #define TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA      0xC00D

   234 #define TLS_ECDH_RSA_WITH_AES_128_CBC_SHA       0xC00E

   235 #define TLS_ECDH_RSA_WITH_AES_256_CBC_SHA       0xC00F

   236 

   237 #define TLS_ECDHE_RSA_WITH_NULL_SHA             0xC010

   238 #define TLS_ECDHE_RSA_WITH_RC4_128_SHA          0xC011

   239 #define TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA     0xC012

   240 #define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA      0xC013

   241 #define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA      0xC014

   242 

   243 #define TLS_ECDH_anon_WITH_NULL_SHA             0xC015

   244 #define TLS_ECDH_anon_WITH_RC4_128_SHA          0xC016

   245 #define TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA     0xC017

   246 #define TLS_ECDH_anon_WITH_AES_128_CBC_SHA      0xC018

   247 #define TLS_ECDH_anon_WITH_AES_256_CBC_SHA      0xC019

   248 

   249 #define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 0xC023

   250 #define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256   0xC027

   251 

   252 #define TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC02B

   253 #define TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256  0xC02D

   254 #define TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   0xC02F

   255 #define TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256    0xC031

   256 

   257 /* Netscape "experimental" cipher suites. */

   258 #define SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA   0xffe0

   259 #define SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA        0xffe1

   260 

   261 /* New non-experimental openly spec'ed versions of those cipher suites. */

   262 #define SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA      0xfeff

   263 #define SSL_RSA_FIPS_WITH_DES_CBC_SHA           0xfefe

   264 

   265 /* DTLS-SRTP cipher suites from RFC 5764 */

   266 /* If you modify this, also modify MAX_DTLS_SRTP_CIPHER_SUITES in sslimpl.h */

   267 #define SRTP_AES128_CM_HMAC_SHA1_80             0x0001

   268 #define SRTP_AES128_CM_HMAC_SHA1_32             0x0002

   269 #define SRTP_NULL_HMAC_SHA1_80                  0x0005

   270 #define SRTP_NULL_HMAC_SHA1_32                  0x0006

   271 

   272 #endif /* __sslproto_h_ */

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial