| blob | dc653c91f73ffad958afd529139d695d13db0ba2 |
1 /*
2 * Various and sundry protocol constants. DON'T CHANGE THESE. These values
3 * are mostly defined by the SSL2, SSL3, or TLS protocol specifications.
4 * Cipher kinds and ciphersuites are part of the public API.
5 *
6 * This Source Code Form is subject to the terms of the Mozilla Public
7 * License, v. 2.0. If a copy of the MPL was not distributed with this
8 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
10 #ifndef __sslproto_h_
11 #define __sslproto_h_
13 /* All versions less than 3_0 are treated as SSL version 2 */
14 #define SSL_LIBRARY_VERSION_2 0x0002
15 #define SSL_LIBRARY_VERSION_3_0 0x0300
16 #define SSL_LIBRARY_VERSION_TLS_1_0 0x0301
17 #define SSL_LIBRARY_VERSION_TLS_1_1 0x0302
18 #define SSL_LIBRARY_VERSION_TLS_1_2 0x0303
19 #define SSL_LIBRARY_VERSION_TLS_1_3 0x0304
21 /* Note: this is the internal format, not the wire format */
22 #define SSL_LIBRARY_VERSION_DTLS_1_0 0x0302
23 #define SSL_LIBRARY_VERSION_DTLS_1_2 0x0303
24 #define SSL_LIBRARY_VERSION_DTLS_1_3 0x0304
26 /* deprecated old name */
27 #define SSL_LIBRARY_VERSION_3_1_TLS SSL_LIBRARY_VERSION_TLS_1_0
29 /* The DTLS versions used in the spec */
30 #define SSL_LIBRARY_VERSION_DTLS_1_0_WIRE ((~0x0100) & 0xffff)
31 #define SSL_LIBRARY_VERSION_DTLS_1_2_WIRE ((~0x0102) & 0xffff)
32 #define SSL_LIBRARY_VERSION_DTLS_1_3_WIRE ((~0x0103) & 0xffff)
34 /* Header lengths of some of the messages */
35 #define SSL_HL_ERROR_HBYTES 3
36 #define SSL_HL_CLIENT_HELLO_HBYTES 9
37 #define SSL_HL_CLIENT_MASTER_KEY_HBYTES 10
38 #define SSL_HL_CLIENT_FINISHED_HBYTES 1
39 #define SSL_HL_SERVER_HELLO_HBYTES 11
40 #define SSL_HL_SERVER_VERIFY_HBYTES 1
41 #define SSL_HL_SERVER_FINISHED_HBYTES 1
42 #define SSL_HL_REQUEST_CERTIFICATE_HBYTES 2
43 #define SSL_HL_CLIENT_CERTIFICATE_HBYTES 6
45 /* Security handshake protocol codes */
46 #define SSL_MT_ERROR 0
47 #define SSL_MT_CLIENT_HELLO 1
48 #define SSL_MT_CLIENT_MASTER_KEY 2
49 #define SSL_MT_CLIENT_FINISHED 3
50 #define SSL_MT_SERVER_HELLO 4
51 #define SSL_MT_SERVER_VERIFY 5
52 #define SSL_MT_SERVER_FINISHED 6
53 #define SSL_MT_REQUEST_CERTIFICATE 7
54 #define SSL_MT_CLIENT_CERTIFICATE 8
56 /* Certificate types */
57 #define SSL_CT_X509_CERTIFICATE 0x01
59 #define SSL_PKCS6_CERTIFICATE 0x02
60 #endif
61 #define SSL_AT_MD5_WITH_RSA_ENCRYPTION 0x01
63 /* Error codes */
64 #define SSL_PE_NO_CYPHERS 0x0001
65 #define SSL_PE_NO_CERTIFICATE 0x0002
66 #define SSL_PE_BAD_CERTIFICATE 0x0004
67 #define SSL_PE_UNSUPPORTED_CERTIFICATE_TYPE 0x0006
69 /* Cypher kinds (not the spec version!) */
70 #define SSL_CK_RC4_128_WITH_MD5 0x01
71 #define SSL_CK_RC4_128_EXPORT40_WITH_MD5 0x02
72 #define SSL_CK_RC2_128_CBC_WITH_MD5 0x03
73 #define SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 0x04
74 #define SSL_CK_IDEA_128_CBC_WITH_MD5 0x05
75 #define SSL_CK_DES_64_CBC_WITH_MD5 0x06
76 #define SSL_CK_DES_192_EDE3_CBC_WITH_MD5 0x07
78 /* Cipher enables. These are used only for SSL_EnableCipher
79 * These values define the SSL2 suites, and do not colide with the
80 * SSL3 Cipher suites defined below.
81 */
82 #define SSL_EN_RC4_128_WITH_MD5 0xFF01
83 #define SSL_EN_RC4_128_EXPORT40_WITH_MD5 0xFF02
84 #define SSL_EN_RC2_128_CBC_WITH_MD5 0xFF03
85 #define SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5 0xFF04
86 #define SSL_EN_IDEA_128_CBC_WITH_MD5 0xFF05
87 #define SSL_EN_DES_64_CBC_WITH_MD5 0xFF06
88 #define SSL_EN_DES_192_EDE3_CBC_WITH_MD5 0xFF07
90 /* Deprecated SSL 3.0 & libssl names replaced by IANA-registered TLS names. */
91 #ifndef SSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES
92 #define SSL_NULL_WITH_NULL_NULL TLS_NULL_WITH_NULL_NULL
93 #define SSL_RSA_WITH_NULL_MD5 TLS_RSA_WITH_NULL_MD5
94 #define SSL_RSA_WITH_NULL_SHA TLS_RSA_WITH_NULL_SHA
95 #define SSL_RSA_EXPORT_WITH_RC4_40_MD5 TLS_RSA_EXPORT_WITH_RC4_40_MD5
96 #define SSL_RSA_WITH_RC4_128_MD5 TLS_RSA_WITH_RC4_128_MD5
97 #define SSL_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_RC4_128_SHA
98 #define SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
99 #define SSL_RSA_WITH_IDEA_CBC_SHA TLS_RSA_WITH_IDEA_CBC_SHA
100 #define SSL_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
101 #define SSL_RSA_WITH_DES_CBC_SHA TLS_RSA_WITH_DES_CBC_SHA
102 #define SSL_RSA_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA
103 #define SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA
104 #define SSL_DH_DSS_WITH_DES_CBC_SHA TLS_DH_DSS_WITH_DES_CBC_SHA
105 #define SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA
106 #define SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA
107 #define SSL_DH_RSA_WITH_DES_CBC_SHA TLS_DH_RSA_WITH_DES_CBC_SHA
108 #define SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA
109 #define SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
110 #define SSL_DHE_DSS_WITH_DES_CBC_SHA TLS_DHE_DSS_WITH_DES_CBC_SHA
111 #define SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
112 #define SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
113 #define SSL_DHE_RSA_WITH_DES_CBC_SHA TLS_DHE_RSA_WITH_DES_CBC_SHA
114 #define SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
115 #define SSL_DH_ANON_WITH_RC4_128_MD5 TLS_DH_anon_WITH_RC4_128_MD5
116 #define SSL_DH_ANON_EXPORT_WITH_DES40_CBC_SHA TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA
117 #define SSL_DH_ANON_WITH_DES_CBC_SHA TLS_DH_anon_WITH_DES_CBC_SHA
118 #define SSL_DH_ANON_WITH_3DES_EDE_CBC_SHA TLS_DH_anon_WITH_3DES_EDE_CBC_SHA
119 #define SSL_DH_ANON_EXPORT_WITH_RC4_40_MD5 TLS_DH_anon_EXPORT_WITH_RC4_40_MD5
120 #define TLS_DH_ANON_WITH_AES_128_CBC_SHA TLS_DH_anon_WITH_AES_128_CBC_SHA
121 #define TLS_DH_ANON_WITH_AES_256_CBC_SHA TLS_DH_anon_WITH_AES_256_CBC_SHA
122 #define TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA
123 #define TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA
124 #endif
126 #define TLS_NULL_WITH_NULL_NULL 0x0000
128 #define TLS_RSA_WITH_NULL_MD5 0x0001
129 #define TLS_RSA_WITH_NULL_SHA 0x0002
130 #define TLS_RSA_EXPORT_WITH_RC4_40_MD5 0x0003
131 #define TLS_RSA_WITH_RC4_128_MD5 0x0004
132 #define TLS_RSA_WITH_RC4_128_SHA 0x0005
133 #define TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 0x0006
134 #define TLS_RSA_WITH_IDEA_CBC_SHA 0x0007
135 #define TLS_RSA_EXPORT_WITH_DES40_CBC_SHA 0x0008
136 #define TLS_RSA_WITH_DES_CBC_SHA 0x0009
137 #define TLS_RSA_WITH_3DES_EDE_CBC_SHA 0x000a
139 #define TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA 0x000b
140 #define TLS_DH_DSS_WITH_DES_CBC_SHA 0x000c
141 #define TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA 0x000d
142 #define TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA 0x000e
143 #define TLS_DH_RSA_WITH_DES_CBC_SHA 0x000f
144 #define TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA 0x0010
146 #define TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA 0x0011
147 #define TLS_DHE_DSS_WITH_DES_CBC_SHA 0x0012
148 #define TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA 0x0013
149 #define TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA 0x0014
150 #define TLS_DHE_RSA_WITH_DES_CBC_SHA 0x0015
151 #define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 0x0016
153 #define TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 0x0017
154 #define TLS_DH_anon_WITH_RC4_128_MD5 0x0018
155 #define TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA 0x0019
156 #define TLS_DH_anon_WITH_DES_CBC_SHA 0x001a
157 #define TLS_DH_anon_WITH_3DES_EDE_CBC_SHA 0x001b
163 #define TLS_RSA_WITH_AES_128_CBC_SHA 0x002F
164 #define TLS_DH_DSS_WITH_AES_128_CBC_SHA 0x0030
165 #define TLS_DH_RSA_WITH_AES_128_CBC_SHA 0x0031
166 #define TLS_DHE_DSS_WITH_AES_128_CBC_SHA 0x0032
167 #define TLS_DHE_RSA_WITH_AES_128_CBC_SHA 0x0033
168 #define TLS_DH_anon_WITH_AES_128_CBC_SHA 0x0034
170 #define TLS_RSA_WITH_AES_256_CBC_SHA 0x0035
171 #define TLS_DH_DSS_WITH_AES_256_CBC_SHA 0x0036
172 #define TLS_DH_RSA_WITH_AES_256_CBC_SHA 0x0037
173 #define TLS_DHE_DSS_WITH_AES_256_CBC_SHA 0x0038
174 #define TLS_DHE_RSA_WITH_AES_256_CBC_SHA 0x0039
175 #define TLS_DH_anon_WITH_AES_256_CBC_SHA 0x003A
176 #define TLS_RSA_WITH_NULL_SHA256 0x003B
177 #define TLS_RSA_WITH_AES_128_CBC_SHA256 0x003C
178 #define TLS_RSA_WITH_AES_256_CBC_SHA256 0x003D
180 #define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 0x0041
181 #define TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x0042
182 #define TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x0043
183 #define TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA 0x0044
184 #define TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x0045
185 #define TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA 0x0046
187 #define TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA 0x0062
188 #define TLS_RSA_EXPORT1024_WITH_RC4_56_SHA 0x0064
190 #define TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA 0x0063
191 #define TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA 0x0065
192 #define TLS_DHE_DSS_WITH_RC4_128_SHA 0x0066
193 #define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 0x0067
194 #define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 0x006B
196 #define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 0x0084
197 #define TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x0085
198 #define TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x0086
199 #define TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA 0x0087
200 #define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x0088
201 #define TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA 0x0089
203 #define TLS_RSA_WITH_SEED_CBC_SHA 0x0096
205 #define TLS_RSA_WITH_AES_128_GCM_SHA256 0x009C
206 #define TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 0x009E
207 #define TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 0x00A2
209 /* TLS "Signaling Cipher Suite Value" (SCSV). May be requested by client.
210 * Must NEVER be chosen by server. SSL 3.0 server acknowledges by sending
211 * back an empty Renegotiation Info (RI) server hello extension.
212 */
213 #define TLS_EMPTY_RENEGOTIATION_INFO_SCSV 0x00FF
215 /* TLS_FALLBACK_SCSV is a signaling cipher suite value that indicates that a
216 * handshake is the result of TLS version fallback.
217 */
218 #define TLS_FALLBACK_SCSV 0x5600
220 /* Cipher Suite Values starting with 0xC000 are defined in informational
221 * RFCs.
222 */
223 #define TLS_ECDH_ECDSA_WITH_NULL_SHA 0xC001
224 #define TLS_ECDH_ECDSA_WITH_RC4_128_SHA 0xC002
225 #define TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 0xC003
226 #define TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0xC004
227 #define TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0xC005
229 #define TLS_ECDHE_ECDSA_WITH_NULL_SHA 0xC006
230 #define TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 0xC007
231 #define TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 0xC008
232 #define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0xC009
233 #define TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0xC00A
235 #define TLS_ECDH_RSA_WITH_NULL_SHA 0xC00B
236 #define TLS_ECDH_RSA_WITH_RC4_128_SHA 0xC00C
237 #define TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 0xC00D
238 #define TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 0xC00E
239 #define TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 0xC00F
241 #define TLS_ECDHE_RSA_WITH_NULL_SHA 0xC010
242 #define TLS_ECDHE_RSA_WITH_RC4_128_SHA 0xC011
243 #define TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 0xC012
244 #define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 0xC013
245 #define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 0xC014
247 #define TLS_ECDH_anon_WITH_NULL_SHA 0xC015
248 #define TLS_ECDH_anon_WITH_RC4_128_SHA 0xC016
249 #define TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA 0xC017
250 #define TLS_ECDH_anon_WITH_AES_128_CBC_SHA 0xC018
251 #define TLS_ECDH_anon_WITH_AES_256_CBC_SHA 0xC019
253 #define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 0xC023
254 #define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 0xC027
256 #define TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC02B
257 #define TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0xC02D
258 #define TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xC02F
259 #define TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 0xC031
261 #define TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 0xCC13
262 #define TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 0xCC14
264 /* Netscape "experimental" cipher suites. */
265 #define SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA 0xffe0
266 #define SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA 0xffe1
268 /* New non-experimental openly spec'ed versions of those cipher suites. */
269 #define SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA 0xfeff
270 #define SSL_RSA_FIPS_WITH_DES_CBC_SHA 0xfefe
272 /* DTLS-SRTP cipher suites from RFC 5764 */
273 /* If you modify this, also modify MAX_DTLS_SRTP_CIPHER_SUITES in sslimpl.h */
274 #define SRTP_AES128_CM_HMAC_SHA1_80 0x0001
275 #define SRTP_AES128_CM_HMAC_SHA1_32 0x0002
276 #define SRTP_NULL_HMAC_SHA1_80 0x0005
277 #define SRTP_NULL_HMAC_SHA1_32 0x0006