michael@0: /* michael@0: * Various and sundry protocol constants. DON'T CHANGE THESE. These values michael@0: * are mostly defined by the SSL2, SSL3, or TLS protocol specifications. michael@0: * Cipher kinds and ciphersuites are part of the public API. michael@0: * michael@0: * This Source Code Form is subject to the terms of the Mozilla Public michael@0: * License, v. 2.0. If a copy of the MPL was not distributed with this michael@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ michael@0: michael@0: #ifndef __sslproto_h_ michael@0: #define __sslproto_h_ michael@0: michael@0: /* All versions less than 3_0 are treated as SSL version 2 */ michael@0: #define SSL_LIBRARY_VERSION_2 0x0002 michael@0: #define SSL_LIBRARY_VERSION_3_0 0x0300 michael@0: #define SSL_LIBRARY_VERSION_TLS_1_0 0x0301 michael@0: #define SSL_LIBRARY_VERSION_TLS_1_1 0x0302 michael@0: #define SSL_LIBRARY_VERSION_TLS_1_2 0x0303 michael@0: /* Note: this is the internal format, not the wire format */ michael@0: #define SSL_LIBRARY_VERSION_DTLS_1_0 0x0302 michael@0: #define SSL_LIBRARY_VERSION_DTLS_1_2 0x0303 michael@0: michael@0: /* deprecated old name */ michael@0: #define SSL_LIBRARY_VERSION_3_1_TLS SSL_LIBRARY_VERSION_TLS_1_0 michael@0: michael@0: /* The DTLS versions used in the spec */ michael@0: #define SSL_LIBRARY_VERSION_DTLS_1_0_WIRE ((~0x0100) & 0xffff) michael@0: #define SSL_LIBRARY_VERSION_DTLS_1_2_WIRE ((~0x0102) & 0xffff) michael@0: michael@0: /* Header lengths of some of the messages */ michael@0: #define SSL_HL_ERROR_HBYTES 3 michael@0: #define SSL_HL_CLIENT_HELLO_HBYTES 9 michael@0: #define SSL_HL_CLIENT_MASTER_KEY_HBYTES 10 michael@0: #define SSL_HL_CLIENT_FINISHED_HBYTES 1 michael@0: #define SSL_HL_SERVER_HELLO_HBYTES 11 michael@0: #define SSL_HL_SERVER_VERIFY_HBYTES 1 michael@0: #define SSL_HL_SERVER_FINISHED_HBYTES 1 michael@0: #define SSL_HL_REQUEST_CERTIFICATE_HBYTES 2 michael@0: #define SSL_HL_CLIENT_CERTIFICATE_HBYTES 6 michael@0: michael@0: /* Security handshake protocol codes */ michael@0: #define SSL_MT_ERROR 0 michael@0: #define SSL_MT_CLIENT_HELLO 1 michael@0: #define SSL_MT_CLIENT_MASTER_KEY 2 michael@0: #define SSL_MT_CLIENT_FINISHED 3 michael@0: #define SSL_MT_SERVER_HELLO 4 michael@0: #define SSL_MT_SERVER_VERIFY 5 michael@0: #define SSL_MT_SERVER_FINISHED 6 michael@0: #define SSL_MT_REQUEST_CERTIFICATE 7 michael@0: #define SSL_MT_CLIENT_CERTIFICATE 8 michael@0: michael@0: /* Certificate types */ michael@0: #define SSL_CT_X509_CERTIFICATE 0x01 michael@0: #if 0 /* XXX Not implemented yet */ michael@0: #define SSL_PKCS6_CERTIFICATE 0x02 michael@0: #endif michael@0: #define SSL_AT_MD5_WITH_RSA_ENCRYPTION 0x01 michael@0: michael@0: /* Error codes */ michael@0: #define SSL_PE_NO_CYPHERS 0x0001 michael@0: #define SSL_PE_NO_CERTIFICATE 0x0002 michael@0: #define SSL_PE_BAD_CERTIFICATE 0x0004 michael@0: #define SSL_PE_UNSUPPORTED_CERTIFICATE_TYPE 0x0006 michael@0: michael@0: /* Cypher kinds (not the spec version!) */ michael@0: #define SSL_CK_RC4_128_WITH_MD5 0x01 michael@0: #define SSL_CK_RC4_128_EXPORT40_WITH_MD5 0x02 michael@0: #define SSL_CK_RC2_128_CBC_WITH_MD5 0x03 michael@0: #define SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 0x04 michael@0: #define SSL_CK_IDEA_128_CBC_WITH_MD5 0x05 michael@0: #define SSL_CK_DES_64_CBC_WITH_MD5 0x06 michael@0: #define SSL_CK_DES_192_EDE3_CBC_WITH_MD5 0x07 michael@0: michael@0: /* Cipher enables. These are used only for SSL_EnableCipher michael@0: * These values define the SSL2 suites, and do not colide with the michael@0: * SSL3 Cipher suites defined below. michael@0: */ michael@0: #define SSL_EN_RC4_128_WITH_MD5 0xFF01 michael@0: #define SSL_EN_RC4_128_EXPORT40_WITH_MD5 0xFF02 michael@0: #define SSL_EN_RC2_128_CBC_WITH_MD5 0xFF03 michael@0: #define SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5 0xFF04 michael@0: #define SSL_EN_IDEA_128_CBC_WITH_MD5 0xFF05 michael@0: #define SSL_EN_DES_64_CBC_WITH_MD5 0xFF06 michael@0: #define SSL_EN_DES_192_EDE3_CBC_WITH_MD5 0xFF07 michael@0: michael@0: /* Deprecated SSL 3.0 & libssl names replaced by IANA-registered TLS names. */ michael@0: #ifndef SSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES michael@0: #define SSL_NULL_WITH_NULL_NULL TLS_NULL_WITH_NULL_NULL michael@0: #define SSL_RSA_WITH_NULL_MD5 TLS_RSA_WITH_NULL_MD5 michael@0: #define SSL_RSA_WITH_NULL_SHA TLS_RSA_WITH_NULL_SHA michael@0: #define SSL_RSA_EXPORT_WITH_RC4_40_MD5 TLS_RSA_EXPORT_WITH_RC4_40_MD5 michael@0: #define SSL_RSA_WITH_RC4_128_MD5 TLS_RSA_WITH_RC4_128_MD5 michael@0: #define SSL_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_RC4_128_SHA michael@0: #define SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 michael@0: #define SSL_RSA_WITH_IDEA_CBC_SHA TLS_RSA_WITH_IDEA_CBC_SHA michael@0: #define SSL_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_RSA_EXPORT_WITH_DES40_CBC_SHA michael@0: #define SSL_RSA_WITH_DES_CBC_SHA TLS_RSA_WITH_DES_CBC_SHA michael@0: #define SSL_RSA_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA michael@0: #define SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA michael@0: #define SSL_DH_DSS_WITH_DES_CBC_SHA TLS_DH_DSS_WITH_DES_CBC_SHA michael@0: #define SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA michael@0: #define SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA michael@0: #define SSL_DH_RSA_WITH_DES_CBC_SHA TLS_DH_RSA_WITH_DES_CBC_SHA michael@0: #define SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA michael@0: #define SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA michael@0: #define SSL_DHE_DSS_WITH_DES_CBC_SHA TLS_DHE_DSS_WITH_DES_CBC_SHA michael@0: #define SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA michael@0: #define SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA michael@0: #define SSL_DHE_RSA_WITH_DES_CBC_SHA TLS_DHE_RSA_WITH_DES_CBC_SHA michael@0: #define SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA michael@0: #define SSL_DH_ANON_WITH_RC4_128_MD5 TLS_DH_anon_WITH_RC4_128_MD5 michael@0: #define SSL_DH_ANON_EXPORT_WITH_DES40_CBC_SHA TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA michael@0: #define SSL_DH_ANON_WITH_DES_CBC_SHA TLS_DH_anon_WITH_DES_CBC_SHA michael@0: #define SSL_DH_ANON_WITH_3DES_EDE_CBC_SHA TLS_DH_anon_WITH_3DES_EDE_CBC_SHA michael@0: #define SSL_DH_ANON_EXPORT_WITH_RC4_40_MD5 TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 michael@0: #define TLS_DH_ANON_WITH_AES_128_CBC_SHA TLS_DH_anon_WITH_AES_128_CBC_SHA michael@0: #define TLS_DH_ANON_WITH_AES_256_CBC_SHA TLS_DH_anon_WITH_AES_256_CBC_SHA michael@0: #define TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA michael@0: #define TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA michael@0: #endif michael@0: michael@0: #define TLS_NULL_WITH_NULL_NULL 0x0000 michael@0: michael@0: #define TLS_RSA_WITH_NULL_MD5 0x0001 michael@0: #define TLS_RSA_WITH_NULL_SHA 0x0002 michael@0: #define TLS_RSA_EXPORT_WITH_RC4_40_MD5 0x0003 michael@0: #define TLS_RSA_WITH_RC4_128_MD5 0x0004 michael@0: #define TLS_RSA_WITH_RC4_128_SHA 0x0005 michael@0: #define TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 0x0006 michael@0: #define TLS_RSA_WITH_IDEA_CBC_SHA 0x0007 michael@0: #define TLS_RSA_EXPORT_WITH_DES40_CBC_SHA 0x0008 michael@0: #define TLS_RSA_WITH_DES_CBC_SHA 0x0009 michael@0: #define TLS_RSA_WITH_3DES_EDE_CBC_SHA 0x000a michael@0: michael@0: #define TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA 0x000b michael@0: #define TLS_DH_DSS_WITH_DES_CBC_SHA 0x000c michael@0: #define TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA 0x000d michael@0: #define TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA 0x000e michael@0: #define TLS_DH_RSA_WITH_DES_CBC_SHA 0x000f michael@0: #define TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA 0x0010 michael@0: michael@0: #define TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA 0x0011 michael@0: #define TLS_DHE_DSS_WITH_DES_CBC_SHA 0x0012 michael@0: #define TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA 0x0013 michael@0: #define TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA 0x0014 michael@0: #define TLS_DHE_RSA_WITH_DES_CBC_SHA 0x0015 michael@0: #define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 0x0016 michael@0: michael@0: #define TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 0x0017 michael@0: #define TLS_DH_anon_WITH_RC4_128_MD5 0x0018 michael@0: #define TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA 0x0019 michael@0: #define TLS_DH_anon_WITH_DES_CBC_SHA 0x001a michael@0: #define TLS_DH_anon_WITH_3DES_EDE_CBC_SHA 0x001b michael@0: michael@0: #define SSL_FORTEZZA_DMS_WITH_NULL_SHA 0x001c /* deprecated */ michael@0: #define SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA 0x001d /* deprecated */ michael@0: #define SSL_FORTEZZA_DMS_WITH_RC4_128_SHA 0x001e /* deprecated */ michael@0: michael@0: #define TLS_RSA_WITH_AES_128_CBC_SHA 0x002F michael@0: #define TLS_DH_DSS_WITH_AES_128_CBC_SHA 0x0030 michael@0: #define TLS_DH_RSA_WITH_AES_128_CBC_SHA 0x0031 michael@0: #define TLS_DHE_DSS_WITH_AES_128_CBC_SHA 0x0032 michael@0: #define TLS_DHE_RSA_WITH_AES_128_CBC_SHA 0x0033 michael@0: #define TLS_DH_anon_WITH_AES_128_CBC_SHA 0x0034 michael@0: michael@0: #define TLS_RSA_WITH_AES_256_CBC_SHA 0x0035 michael@0: #define TLS_DH_DSS_WITH_AES_256_CBC_SHA 0x0036 michael@0: #define TLS_DH_RSA_WITH_AES_256_CBC_SHA 0x0037 michael@0: #define TLS_DHE_DSS_WITH_AES_256_CBC_SHA 0x0038 michael@0: #define TLS_DHE_RSA_WITH_AES_256_CBC_SHA 0x0039 michael@0: #define TLS_DH_anon_WITH_AES_256_CBC_SHA 0x003A michael@0: #define TLS_RSA_WITH_NULL_SHA256 0x003B michael@0: #define TLS_RSA_WITH_AES_128_CBC_SHA256 0x003C michael@0: #define TLS_RSA_WITH_AES_256_CBC_SHA256 0x003D michael@0: michael@0: #define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 0x0041 michael@0: #define TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x0042 michael@0: #define TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x0043 michael@0: #define TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA 0x0044 michael@0: #define TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x0045 michael@0: #define TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA 0x0046 michael@0: michael@0: #define TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA 0x0062 michael@0: #define TLS_RSA_EXPORT1024_WITH_RC4_56_SHA 0x0064 michael@0: michael@0: #define TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA 0x0063 michael@0: #define TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA 0x0065 michael@0: #define TLS_DHE_DSS_WITH_RC4_128_SHA 0x0066 michael@0: #define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 0x0067 michael@0: #define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 0x006B michael@0: michael@0: #define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 0x0084 michael@0: #define TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x0085 michael@0: #define TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x0086 michael@0: #define TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA 0x0087 michael@0: #define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x0088 michael@0: #define TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA 0x0089 michael@0: michael@0: #define TLS_RSA_WITH_SEED_CBC_SHA 0x0096 michael@0: michael@0: #define TLS_RSA_WITH_AES_128_GCM_SHA256 0x009C michael@0: #define TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 0x009E michael@0: #define TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 0x00A2 michael@0: michael@0: /* TLS "Signaling Cipher Suite Value" (SCSV). May be requested by client. michael@0: * Must NEVER be chosen by server. SSL 3.0 server acknowledges by sending michael@0: * back an empty Renegotiation Info (RI) server hello extension. michael@0: */ michael@0: #define TLS_EMPTY_RENEGOTIATION_INFO_SCSV 0x00FF michael@0: michael@0: /* TLS_FALLBACK_SCSV is a signaling cipher suite value that indicates that a michael@0: * handshake is the result of TLS version fallback. michael@0: */ michael@0: #define TLS_FALLBACK_SCSV 0x5600 michael@0: michael@0: /* Cipher Suite Values starting with 0xC000 are defined in informational michael@0: * RFCs. michael@0: */ michael@0: #define TLS_ECDH_ECDSA_WITH_NULL_SHA 0xC001 michael@0: #define TLS_ECDH_ECDSA_WITH_RC4_128_SHA 0xC002 michael@0: #define TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 0xC003 michael@0: #define TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0xC004 michael@0: #define TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0xC005 michael@0: michael@0: #define TLS_ECDHE_ECDSA_WITH_NULL_SHA 0xC006 michael@0: #define TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 0xC007 michael@0: #define TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 0xC008 michael@0: #define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0xC009 michael@0: #define TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0xC00A michael@0: michael@0: #define TLS_ECDH_RSA_WITH_NULL_SHA 0xC00B michael@0: #define TLS_ECDH_RSA_WITH_RC4_128_SHA 0xC00C michael@0: #define TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 0xC00D michael@0: #define TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 0xC00E michael@0: #define TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 0xC00F michael@0: michael@0: #define TLS_ECDHE_RSA_WITH_NULL_SHA 0xC010 michael@0: #define TLS_ECDHE_RSA_WITH_RC4_128_SHA 0xC011 michael@0: #define TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 0xC012 michael@0: #define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 0xC013 michael@0: #define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 0xC014 michael@0: michael@0: #define TLS_ECDH_anon_WITH_NULL_SHA 0xC015 michael@0: #define TLS_ECDH_anon_WITH_RC4_128_SHA 0xC016 michael@0: #define TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA 0xC017 michael@0: #define TLS_ECDH_anon_WITH_AES_128_CBC_SHA 0xC018 michael@0: #define TLS_ECDH_anon_WITH_AES_256_CBC_SHA 0xC019 michael@0: michael@0: #define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 0xC023 michael@0: #define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 0xC027 michael@0: michael@0: #define TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC02B michael@0: #define TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0xC02D michael@0: #define TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xC02F michael@0: #define TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 0xC031 michael@0: michael@0: /* Netscape "experimental" cipher suites. */ michael@0: #define SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA 0xffe0 michael@0: #define SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA 0xffe1 michael@0: michael@0: /* New non-experimental openly spec'ed versions of those cipher suites. */ michael@0: #define SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA 0xfeff michael@0: #define SSL_RSA_FIPS_WITH_DES_CBC_SHA 0xfefe michael@0: michael@0: /* DTLS-SRTP cipher suites from RFC 5764 */ michael@0: /* If you modify this, also modify MAX_DTLS_SRTP_CIPHER_SUITES in sslimpl.h */ michael@0: #define SRTP_AES128_CM_HMAC_SHA1_80 0x0001 michael@0: #define SRTP_AES128_CM_HMAC_SHA1_32 0x0002 michael@0: #define SRTP_NULL_HMAC_SHA1_80 0x0005 michael@0: #define SRTP_NULL_HMAC_SHA1_32 0x0006 michael@0: michael@0: #endif /* __sslproto_h_ */