net/third_party/nss/ssl/sslproto.h

   1 /*
   2  * Various and sundry protocol constants. DON'T CHANGE THESE. These values
   3  * are mostly defined by the SSL2, SSL3, or TLS protocol specifications.
   4  * Cipher kinds and ciphersuites are part of the public API.
   5  *
   6  * This Source Code Form is subject to the terms of the Mozilla Public
   7  * License, v. 2.0. If a copy of the MPL was not distributed with this
   8  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
   9
  10 #ifndef __sslproto_h_
  11 #define __sslproto_h_
  12
  13 /* All versions less than 3_0 are treated as SSL version 2 */
  14 #define SSL_LIBRARY_VERSION_2                   0x0002
  15 #define SSL_LIBRARY_VERSION_3_0                 0x0300
  16 #define SSL_LIBRARY_VERSION_TLS_1_0             0x0301
  17 #define SSL_LIBRARY_VERSION_TLS_1_1             0x0302
  18 #define SSL_LIBRARY_VERSION_TLS_1_2             0x0303
  19 /* Note: this is the internal format, not the wire format */
  20 #define SSL_LIBRARY_VERSION_DTLS_1_0            0x0302
  21
  22 /* deprecated old name */
  23 #define SSL_LIBRARY_VERSION_3_1_TLS SSL_LIBRARY_VERSION_TLS_1_0
  24
  25 /* The DTLS version used in the spec */
  26 #define SSL_LIBRARY_VERSION_DTLS_1_0_WIRE       ((~0x0100) & 0xffff)
  27
  28 /* Header lengths of some of the messages */
  29 #define SSL_HL_ERROR_HBYTES                     3
  30 #define SSL_HL_CLIENT_HELLO_HBYTES              9
  31 #define SSL_HL_CLIENT_MASTER_KEY_HBYTES         10
  32 #define SSL_HL_CLIENT_FINISHED_HBYTES           1
  33 #define SSL_HL_SERVER_HELLO_HBYTES              11
  34 #define SSL_HL_SERVER_VERIFY_HBYTES             1
  35 #define SSL_HL_SERVER_FINISHED_HBYTES           1
  36 #define SSL_HL_REQUEST_CERTIFICATE_HBYTES       2
  37 #define SSL_HL_CLIENT_CERTIFICATE_HBYTES        6
  38
  39 /* Security handshake protocol codes */
  40 #define SSL_MT_ERROR                            0
  41 #define SSL_MT_CLIENT_HELLO                     1
  42 #define SSL_MT_CLIENT_MASTER_KEY                2
  43 #define SSL_MT_CLIENT_FINISHED                  3
  44 #define SSL_MT_SERVER_HELLO                     4
  45 #define SSL_MT_SERVER_VERIFY                    5
  46 #define SSL_MT_SERVER_FINISHED                  6
  47 #define SSL_MT_REQUEST_CERTIFICATE              7
  48 #define SSL_MT_CLIENT_CERTIFICATE               8
  49
  50 /* Certificate types */
  51 #define SSL_CT_X509_CERTIFICATE                 0x01
  52 #if 0 /* XXX Not implemented yet */
  53 #define SSL_PKCS6_CERTIFICATE                   0x02
  54 #endif
  55 #define SSL_AT_MD5_WITH_RSA_ENCRYPTION          0x01
  56
  57 /* Error codes */
  58 #define SSL_PE_NO_CYPHERS                       0x0001
  59 #define SSL_PE_NO_CERTIFICATE                   0x0002
  60 #define SSL_PE_BAD_CERTIFICATE                  0x0004
  61 #define SSL_PE_UNSUPPORTED_CERTIFICATE_TYPE     0x0006
  62
  63 /* Cypher kinds (not the spec version!) */
  64 #define SSL_CK_RC4_128_WITH_MD5                 0x01
  65 #define SSL_CK_RC4_128_EXPORT40_WITH_MD5        0x02
  66 #define SSL_CK_RC2_128_CBC_WITH_MD5             0x03
  67 #define SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5    0x04
  68 #define SSL_CK_IDEA_128_CBC_WITH_MD5            0x05
  69 #define SSL_CK_DES_64_CBC_WITH_MD5              0x06
  70 #define SSL_CK_DES_192_EDE3_CBC_WITH_MD5        0x07
  71
  72 /* Cipher enables.  These are used only for SSL_EnableCipher
  73  * These values define the SSL2 suites, and do not colide with the
  74  * SSL3 Cipher suites defined below.
  75  */
  76 #define SSL_EN_RC4_128_WITH_MD5                 0xFF01
  77 #define SSL_EN_RC4_128_EXPORT40_WITH_MD5        0xFF02
  78 #define SSL_EN_RC2_128_CBC_WITH_MD5             0xFF03
  79 #define SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5    0xFF04
  80 #define SSL_EN_IDEA_128_CBC_WITH_MD5            0xFF05
  81 #define SSL_EN_DES_64_CBC_WITH_MD5              0xFF06
  82 #define SSL_EN_DES_192_EDE3_CBC_WITH_MD5        0xFF07
  83
  84 /* SSL v3 Cipher Suites */
  85 #define SSL_NULL_WITH_NULL_NULL                 0x0000
  86
  87 #define SSL_RSA_WITH_NULL_MD5                   0x0001
  88 #define SSL_RSA_WITH_NULL_SHA                   0x0002
  89 #define SSL_RSA_EXPORT_WITH_RC4_40_MD5          0x0003
  90 #define SSL_RSA_WITH_RC4_128_MD5                0x0004
  91 #define SSL_RSA_WITH_RC4_128_SHA                0x0005
  92 #define SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5      0x0006
  93 #define SSL_RSA_WITH_IDEA_CBC_SHA               0x0007
  94 #define SSL_RSA_EXPORT_WITH_DES40_CBC_SHA       0x0008
  95 #define SSL_RSA_WITH_DES_CBC_SHA                0x0009
  96 #define SSL_RSA_WITH_3DES_EDE_CBC_SHA           0x000a
  97
  98 #define SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA    0x000b
  99 #define SSL_DH_DSS_WITH_DES_CBC_SHA             0x000c
 100 #define SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA        0x000d
 101 #define SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA    0x000e
 102 #define SSL_DH_RSA_WITH_DES_CBC_SHA             0x000f
 103 #define SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA        0x0010
 104
 105 #define SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA   0x0011
 106 #define SSL_DHE_DSS_WITH_DES_CBC_SHA            0x0012
 107 #define SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA       0x0013
 108 #define SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA   0x0014
 109 #define SSL_DHE_RSA_WITH_DES_CBC_SHA            0x0015
 110 #define SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA       0x0016
 111
 112 #define SSL_DH_ANON_EXPORT_WITH_RC4_40_MD5      0x0017
 113 #define SSL_DH_ANON_WITH_RC4_128_MD5            0x0018
 114 #define SSL_DH_ANON_EXPORT_WITH_DES40_CBC_SHA   0x0019
 115 #define SSL_DH_ANON_WITH_DES_CBC_SHA            0x001a
 116 #define SSL_DH_ANON_WITH_3DES_EDE_CBC_SHA       0x001b
 117
 118 #define SSL_FORTEZZA_DMS_WITH_NULL_SHA          0x001c /* deprecated */
 119 #define SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA  0x001d /* deprecated */
 120 #define SSL_FORTEZZA_DMS_WITH_RC4_128_SHA       0x001e /* deprecated */
 121
 122 /* New TLS cipher suites */
 123 #define TLS_RSA_WITH_AES_128_CBC_SHA            0x002F
 124 #define TLS_DH_DSS_WITH_AES_128_CBC_SHA         0x0030
 125 #define TLS_DH_RSA_WITH_AES_128_CBC_SHA         0x0031
 126 #define TLS_DHE_DSS_WITH_AES_128_CBC_SHA        0x0032
 127 #define TLS_DHE_RSA_WITH_AES_128_CBC_SHA        0x0033
 128 #define TLS_DH_ANON_WITH_AES_128_CBC_SHA        0x0034
 129
 130 #define TLS_RSA_WITH_AES_256_CBC_SHA            0x0035
 131 #define TLS_DH_DSS_WITH_AES_256_CBC_SHA         0x0036
 132 #define TLS_DH_RSA_WITH_AES_256_CBC_SHA         0x0037
 133 #define TLS_DHE_DSS_WITH_AES_256_CBC_SHA        0x0038
 134 #define TLS_DHE_RSA_WITH_AES_256_CBC_SHA        0x0039
 135 #define TLS_DH_ANON_WITH_AES_256_CBC_SHA        0x003A
 136 #define TLS_RSA_WITH_NULL_SHA256                0x003B
 137 #define TLS_RSA_WITH_AES_128_CBC_SHA256         0x003C
 138 #define TLS_RSA_WITH_AES_256_CBC_SHA256         0x003D
 139
 140 #define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA       0x0041
 141 #define TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA    0x0042
 142 #define TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA    0x0043
 143 #define TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA   0x0044
 144 #define TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA   0x0045
 145 #define TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA   0x0046
 146
 147 #define TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA     0x0062
 148 #define TLS_RSA_EXPORT1024_WITH_RC4_56_SHA      0x0064
 149
 150 #define TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA 0x0063
 151 #define TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA  0x0065
 152 #define TLS_DHE_DSS_WITH_RC4_128_SHA            0x0066
 153 #define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256     0x0067
 154 #define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256     0x006B
 155
 156 #define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA       0x0084
 157 #define TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA    0x0085
 158 #define TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA    0x0086
 159 #define TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA   0x0087
 160 #define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA   0x0088
 161 #define TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA   0x0089
 162
 163 #define TLS_RSA_WITH_SEED_CBC_SHA               0x0096
 164
 165 #define TLS_RSA_WITH_AES_128_GCM_SHA256         0x009C
 166 #define TLS_DHE_RSA_WITH_AES_128_GCM_SHA256     0x009E
 167 #define TLS_DHE_DSS_WITH_AES_128_GCM_SHA256     0x00A2
 168
 169 /* TLS "Signaling Cipher Suite Value" (SCSV). May be requested by client.
 170  * Must NEVER be chosen by server.  SSL 3.0 server acknowledges by sending
 171  * back an empty Renegotiation Info (RI) server hello extension.
 172  */
 173 #define TLS_EMPTY_RENEGOTIATION_INFO_SCSV       0x00FF
 174
 175 /* TLS_FALLBACK_SCSV is a signaling cipher suite value that indicates that a
 176  * handshake is the result of TLS version fallback. This value is not IANA
 177  * assigned. */
 178 #define TLS_FALLBACK_SCSV                       0x5600
 179
 180 /* Cipher Suite Values starting with 0xC000 are defined in informational
 181  * RFCs.
 182  */
 183 #define TLS_ECDH_ECDSA_WITH_NULL_SHA            0xC001
 184 #define TLS_ECDH_ECDSA_WITH_RC4_128_SHA         0xC002
 185 #define TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA    0xC003
 186 #define TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA     0xC004
 187 #define TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA     0xC005
 188
 189 #define TLS_ECDHE_ECDSA_WITH_NULL_SHA           0xC006
 190 #define TLS_ECDHE_ECDSA_WITH_RC4_128_SHA        0xC007
 191 #define TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA   0xC008
 192 #define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA    0xC009
 193 #define TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA    0xC00A
 194
 195 #define TLS_ECDH_RSA_WITH_NULL_SHA              0xC00B
 196 #define TLS_ECDH_RSA_WITH_RC4_128_SHA           0xC00C
 197 #define TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA      0xC00D
 198 #define TLS_ECDH_RSA_WITH_AES_128_CBC_SHA       0xC00E
 199 #define TLS_ECDH_RSA_WITH_AES_256_CBC_SHA       0xC00F
 200
 201 #define TLS_ECDHE_RSA_WITH_NULL_SHA             0xC010
 202 #define TLS_ECDHE_RSA_WITH_RC4_128_SHA          0xC011
 203 #define TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA     0xC012
 204 #define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA      0xC013
 205 #define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA      0xC014
 206
 207 #define TLS_ECDH_anon_WITH_NULL_SHA             0xC015
 208 #define TLS_ECDH_anon_WITH_RC4_128_SHA          0xC016
 209 #define TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA     0xC017
 210 #define TLS_ECDH_anon_WITH_AES_128_CBC_SHA      0xC018
 211 #define TLS_ECDH_anon_WITH_AES_256_CBC_SHA      0xC019
 212
 213 #define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 0xC023
 214 #define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256   0xC027
 215
 216 #define TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC02B
 217 #define TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256  0xC02D
 218 #define TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   0xC02F
 219 #define TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256    0xC031
 220
 221 #define TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305    0xCC13
 222 #define TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305  0xCC14
 223
 224 /* Netscape "experimental" cipher suites. */
 225 #define SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA   0xffe0
 226 #define SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA        0xffe1
 227
 228 /* New non-experimental openly spec'ed versions of those cipher suites. */
 229 #define SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA      0xfeff
 230 #define SSL_RSA_FIPS_WITH_DES_CBC_SHA           0xfefe
 231
 232 /* DTLS-SRTP cipher suites from RFC 5764 */
 233 /* If you modify this, also modify MAX_DTLS_SRTP_CIPHER_SUITES in sslimpl.h */
 234 #define SRTP_AES128_CM_HMAC_SHA1_80             0x0001
 235 #define SRTP_AES128_CM_HMAC_SHA1_32             0x0002
 236 #define SRTP_NULL_HMAC_SHA1_80                  0x0005
 237 #define SRTP_NULL_HMAC_SHA1_32                  0x0006
 238
 239 #endif /* __sslproto_h_ */