1 //! Cipher Suites supported by Secure Transport 2 3 use security_framework_sys::cipher_suite::*; 4 5 macro_rules! make_suites { 6 ($($suite:ident),+) => { 7 /// TLS cipher suites. 8 #[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] 9 pub struct CipherSuite(SSLCipherSuite); 10 11 #[allow(missing_docs)] 12 impl CipherSuite { 13 $( 14 pub const $suite: CipherSuite = CipherSuite($suite); 15 )+ 16 17 pub fn from_raw(raw: SSLCipherSuite) -> CipherSuite { 18 CipherSuite(raw) 19 } 20 21 pub fn to_raw(&self) -> SSLCipherSuite { 22 self.0 23 } 24 } 25 } 26 } 27 28 make_suites! { 29 // The commented out ones up here are aliases of the matching TLS suites 30 SSL_NULL_WITH_NULL_NULL, 31 SSL_RSA_WITH_NULL_MD5, 32 SSL_RSA_WITH_NULL_SHA, 33 SSL_RSA_EXPORT_WITH_RC4_40_MD5, 34 SSL_RSA_WITH_RC4_128_MD5, 35 SSL_RSA_WITH_RC4_128_SHA, 36 SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, 37 SSL_RSA_WITH_IDEA_CBC_SHA, 38 SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, 39 SSL_RSA_WITH_DES_CBC_SHA, 40 //SSL_RSA_WITH_3DES_EDE_CBC_SHA, 41 SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA, 42 SSL_DH_DSS_WITH_DES_CBC_SHA, 43 //SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA, 44 SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA, 45 SSL_DH_RSA_WITH_DES_CBC_SHA, 46 //SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA, 47 SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, 48 SSL_DHE_DSS_WITH_DES_CBC_SHA, 49 //SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, 50 SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, 51 SSL_DHE_RSA_WITH_DES_CBC_SHA, 52 //SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, 53 SSL_DH_anon_EXPORT_WITH_RC4_40_MD5, 54 //SSL_DH_anon_WITH_RC4_128_MD5, 55 SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA, 56 SSL_DH_anon_WITH_DES_CBC_SHA, 57 //SSL_DH_anon_WITH_3DES_EDE_CBC_SHA, 58 SSL_FORTEZZA_DMS_WITH_NULL_SHA, 59 SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA, 60 61 /* TLS addenda using AES, per RFC 3268 */ 62 TLS_RSA_WITH_AES_128_CBC_SHA, 63 TLS_DH_DSS_WITH_AES_128_CBC_SHA, 64 TLS_DH_RSA_WITH_AES_128_CBC_SHA, 65 TLS_DHE_DSS_WITH_AES_128_CBC_SHA, 66 TLS_DHE_RSA_WITH_AES_128_CBC_SHA, 67 TLS_DH_anon_WITH_AES_128_CBC_SHA, 68 TLS_RSA_WITH_AES_256_CBC_SHA, 69 TLS_DH_DSS_WITH_AES_256_CBC_SHA, 70 TLS_DH_RSA_WITH_AES_256_CBC_SHA, 71 TLS_DHE_DSS_WITH_AES_256_CBC_SHA, 72 TLS_DHE_RSA_WITH_AES_256_CBC_SHA, 73 TLS_DH_anon_WITH_AES_256_CBC_SHA, 74 75 /* ECDSA addenda, RFC 4492 */ 76 TLS_ECDH_ECDSA_WITH_NULL_SHA, 77 TLS_ECDH_ECDSA_WITH_RC4_128_SHA, 78 TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, 79 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, 80 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, 81 TLS_ECDHE_ECDSA_WITH_NULL_SHA, 82 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, 83 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, 84 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 85 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 86 TLS_ECDH_RSA_WITH_NULL_SHA, 87 TLS_ECDH_RSA_WITH_RC4_128_SHA, 88 TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, 89 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, 90 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, 91 TLS_ECDHE_RSA_WITH_NULL_SHA, 92 TLS_ECDHE_RSA_WITH_RC4_128_SHA, 93 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, 94 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, 95 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, 96 TLS_ECDH_anon_WITH_NULL_SHA, 97 TLS_ECDH_anon_WITH_RC4_128_SHA, 98 TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA, 99 TLS_ECDH_anon_WITH_AES_128_CBC_SHA, 100 TLS_ECDH_anon_WITH_AES_256_CBC_SHA, 101 102 /* TLS 1.2 addenda, RFC 5246 */ 103 104 /* Initial state. */ 105 TLS_NULL_WITH_NULL_NULL, 106 107 /* Server provided RSA certificate for key exchange. */ 108 TLS_RSA_WITH_NULL_MD5, 109 TLS_RSA_WITH_NULL_SHA, 110 TLS_RSA_WITH_RC4_128_MD5, 111 TLS_RSA_WITH_RC4_128_SHA, 112 TLS_RSA_WITH_3DES_EDE_CBC_SHA, 113 //TLS_RSA_WITH_AES_128_CBC_SHA, 114 //TLS_RSA_WITH_AES_256_CBC_SHA, 115 TLS_RSA_WITH_NULL_SHA256, 116 TLS_RSA_WITH_AES_128_CBC_SHA256, 117 TLS_RSA_WITH_AES_256_CBC_SHA256, 118 119 /* Server-authenticated (and optionally client-authenticated) Diffie-Hellman. */ 120 TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA, 121 TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA, 122 TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, 123 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, 124 //TLS_DH_DSS_WITH_AES_128_CBC_SHA, 125 //TLS_DH_RSA_WITH_AES_128_CBC_SHA, 126 //TLS_DHE_DSS_WITH_AES_128_CBC_SHA, 127 //TLS_DHE_RSA_WITH_AES_128_CBC_SHA, 128 //TLS_DH_DSS_WITH_AES_256_CBC_SHA, 129 //TLS_DH_RSA_WITH_AES_256_CBC_SHA, 130 //TLS_DHE_DSS_WITH_AES_256_CBC_SHA, 131 //TLS_DHE_RSA_WITH_AES_256_CBC_SHA, 132 TLS_DH_DSS_WITH_AES_128_CBC_SHA256, 133 TLS_DH_RSA_WITH_AES_128_CBC_SHA256, 134 TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, 135 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, 136 TLS_DH_DSS_WITH_AES_256_CBC_SHA256, 137 TLS_DH_RSA_WITH_AES_256_CBC_SHA256, 138 TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, 139 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, 140 141 /* Completely anonymous Diffie-Hellman */ 142 TLS_DH_anon_WITH_RC4_128_MD5, 143 TLS_DH_anon_WITH_3DES_EDE_CBC_SHA, 144 //TLS_DH_anon_WITH_AES_128_CBC_SHA, 145 //TLS_DH_anon_WITH_AES_256_CBC_SHA, 146 TLS_DH_anon_WITH_AES_128_CBC_SHA256, 147 TLS_DH_anon_WITH_AES_256_CBC_SHA256, 148 149 /* Addendum from RFC 4279, TLS PSK */ 150 151 TLS_PSK_WITH_RC4_128_SHA, 152 TLS_PSK_WITH_3DES_EDE_CBC_SHA, 153 TLS_PSK_WITH_AES_128_CBC_SHA, 154 TLS_PSK_WITH_AES_256_CBC_SHA, 155 TLS_DHE_PSK_WITH_RC4_128_SHA, 156 TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA, 157 TLS_DHE_PSK_WITH_AES_128_CBC_SHA, 158 TLS_DHE_PSK_WITH_AES_256_CBC_SHA, 159 TLS_RSA_PSK_WITH_RC4_128_SHA, 160 TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA, 161 TLS_RSA_PSK_WITH_AES_128_CBC_SHA, 162 TLS_RSA_PSK_WITH_AES_256_CBC_SHA, 163 164 /* RFC 4785 - Pre-Shared Key (PSK) Ciphersuites with NULL Encryption */ 165 166 TLS_PSK_WITH_NULL_SHA, 167 TLS_DHE_PSK_WITH_NULL_SHA, 168 TLS_RSA_PSK_WITH_NULL_SHA, 169 170 /* Addenda from rfc 5288 AES Galois Counter Mode (GCM) Cipher Suites 171 for TLS. */ 172 TLS_RSA_WITH_AES_128_GCM_SHA256, 173 TLS_RSA_WITH_AES_256_GCM_SHA384, 174 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, 175 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, 176 TLS_DH_RSA_WITH_AES_128_GCM_SHA256, 177 TLS_DH_RSA_WITH_AES_256_GCM_SHA384, 178 TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, 179 TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, 180 TLS_DH_DSS_WITH_AES_128_GCM_SHA256, 181 TLS_DH_DSS_WITH_AES_256_GCM_SHA384, 182 TLS_DH_anon_WITH_AES_128_GCM_SHA256, 183 TLS_DH_anon_WITH_AES_256_GCM_SHA384, 184 185 /* RFC 5487 - PSK with SHA-256/384 and AES GCM */ 186 TLS_PSK_WITH_AES_128_GCM_SHA256, 187 TLS_PSK_WITH_AES_256_GCM_SHA384, 188 TLS_DHE_PSK_WITH_AES_128_GCM_SHA256, 189 TLS_DHE_PSK_WITH_AES_256_GCM_SHA384, 190 TLS_RSA_PSK_WITH_AES_128_GCM_SHA256, 191 TLS_RSA_PSK_WITH_AES_256_GCM_SHA384, 192 193 TLS_PSK_WITH_AES_128_CBC_SHA256, 194 TLS_PSK_WITH_AES_256_CBC_SHA384, 195 TLS_PSK_WITH_NULL_SHA256, 196 TLS_PSK_WITH_NULL_SHA384, 197 198 TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, 199 TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, 200 TLS_DHE_PSK_WITH_NULL_SHA256, 201 TLS_DHE_PSK_WITH_NULL_SHA384, 202 203 TLS_RSA_PSK_WITH_AES_128_CBC_SHA256, 204 TLS_RSA_PSK_WITH_AES_256_CBC_SHA384, 205 TLS_RSA_PSK_WITH_NULL_SHA256, 206 TLS_RSA_PSK_WITH_NULL_SHA384, 207 208 209 /* Addenda from rfc 5289 Elliptic Curve Cipher Suites with 210 HMAC SHA-256/384. */ 211 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, 212 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, 213 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, 214 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, 215 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, 216 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, 217 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, 218 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, 219 220 /* Addenda from rfc 5289 Elliptic Curve Cipher Suites with 221 SHA-256/384 and AES Galois Counter Mode (GCM) */ 222 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 223 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 224 TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, 225 TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, 226 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 227 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 228 TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, 229 TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, 230 231 /* RFC 5746 - Secure Renegotiation */ 232 TLS_EMPTY_RENEGOTIATION_INFO_SCSV, 233 /* 234 * Tags for SSL 2 cipher kinds which are not specified 235 * for SSL 3. 236 */ 237 SSL_RSA_WITH_RC2_CBC_MD5, 238 SSL_RSA_WITH_IDEA_CBC_MD5, 239 SSL_RSA_WITH_DES_CBC_MD5, 240 SSL_RSA_WITH_3DES_EDE_CBC_MD5, 241 SSL_NO_SUCH_CIPHERSUITE 242 } 243