1 //! Cipher Suites supported by Secure Transport
2 
3 use security_framework_sys::cipher_suite::*;
4 
5 macro_rules! make_suites {
6     ($($suite:ident),+) => {
7         /// TLS cipher suites.
8         #[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)]
9         pub struct CipherSuite(SSLCipherSuite);
10 
11         #[allow(missing_docs)]
12         impl CipherSuite {
13             $(
14                 pub const $suite: Self = Self($suite);
15             )+
16 
17             pub fn from_raw(raw: SSLCipherSuite) -> Self {
18                 Self(raw)
19             }
20 
21             pub fn to_raw(&self) -> SSLCipherSuite {
22                 self.0
23             }
24         }
25     }
26 }
27 
28 make_suites! {
29     // The commented out ones up here are aliases of the matching TLS suites
30     SSL_NULL_WITH_NULL_NULL,
31     SSL_RSA_WITH_NULL_MD5,
32     SSL_RSA_WITH_NULL_SHA,
33     SSL_RSA_EXPORT_WITH_RC4_40_MD5,
34     SSL_RSA_WITH_RC4_128_MD5,
35     SSL_RSA_WITH_RC4_128_SHA,
36     SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
37     SSL_RSA_WITH_IDEA_CBC_SHA,
38     SSL_RSA_EXPORT_WITH_DES40_CBC_SHA,
39     SSL_RSA_WITH_DES_CBC_SHA,
40     //SSL_RSA_WITH_3DES_EDE_CBC_SHA,
41     SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA,
42     SSL_DH_DSS_WITH_DES_CBC_SHA,
43     //SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA,
44     SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA,
45     SSL_DH_RSA_WITH_DES_CBC_SHA,
46     //SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA,
47     SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,
48     SSL_DHE_DSS_WITH_DES_CBC_SHA,
49     //SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
50     SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
51     SSL_DHE_RSA_WITH_DES_CBC_SHA,
52     //SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
53     SSL_DH_anon_EXPORT_WITH_RC4_40_MD5,
54     //SSL_DH_anon_WITH_RC4_128_MD5,
55     SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA,
56     SSL_DH_anon_WITH_DES_CBC_SHA,
57     //SSL_DH_anon_WITH_3DES_EDE_CBC_SHA,
58     SSL_FORTEZZA_DMS_WITH_NULL_SHA,
59     SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,
60 
61     /* TLS addenda using AES, per RFC 3268 */
62     TLS_RSA_WITH_AES_128_CBC_SHA,
63     TLS_DH_DSS_WITH_AES_128_CBC_SHA,
64     TLS_DH_RSA_WITH_AES_128_CBC_SHA,
65     TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
66     TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
67     TLS_DH_anon_WITH_AES_128_CBC_SHA,
68     TLS_RSA_WITH_AES_256_CBC_SHA,
69     TLS_DH_DSS_WITH_AES_256_CBC_SHA,
70     TLS_DH_RSA_WITH_AES_256_CBC_SHA,
71     TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
72     TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
73     TLS_DH_anon_WITH_AES_256_CBC_SHA,
74 
75     /* ECDSA addenda, RFC 4492 */
76     TLS_ECDH_ECDSA_WITH_NULL_SHA,
77     TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
78     TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
79     TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
80     TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
81     TLS_ECDHE_ECDSA_WITH_NULL_SHA,
82     TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
83     TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
84     TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
85     TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
86     TLS_ECDH_RSA_WITH_NULL_SHA,
87     TLS_ECDH_RSA_WITH_RC4_128_SHA,
88     TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
89     TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
90     TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
91     TLS_ECDHE_RSA_WITH_NULL_SHA,
92     TLS_ECDHE_RSA_WITH_RC4_128_SHA,
93     TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
94     TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
95     TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
96     TLS_ECDH_anon_WITH_NULL_SHA,
97     TLS_ECDH_anon_WITH_RC4_128_SHA,
98     TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA,
99     TLS_ECDH_anon_WITH_AES_128_CBC_SHA,
100     TLS_ECDH_anon_WITH_AES_256_CBC_SHA,
101 
102     /* TLS 1.2 addenda, RFC 5246 */
103 
104     /* Initial state. */
105     TLS_NULL_WITH_NULL_NULL,
106 
107     /* Server provided RSA certificate for key exchange. */
108     TLS_RSA_WITH_NULL_MD5,
109     TLS_RSA_WITH_NULL_SHA,
110     TLS_RSA_WITH_RC4_128_MD5,
111     TLS_RSA_WITH_RC4_128_SHA,
112     TLS_RSA_WITH_3DES_EDE_CBC_SHA,
113     //TLS_RSA_WITH_AES_128_CBC_SHA,
114     //TLS_RSA_WITH_AES_256_CBC_SHA,
115     TLS_RSA_WITH_NULL_SHA256,
116     TLS_RSA_WITH_AES_128_CBC_SHA256,
117     TLS_RSA_WITH_AES_256_CBC_SHA256,
118 
119     /* Server-authenticated (and optionally client-authenticated) Diffie-Hellman. */
120     TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA,
121     TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA,
122     TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
123     TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
124     //TLS_DH_DSS_WITH_AES_128_CBC_SHA,
125     //TLS_DH_RSA_WITH_AES_128_CBC_SHA,
126     //TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
127     //TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
128     //TLS_DH_DSS_WITH_AES_256_CBC_SHA,
129     //TLS_DH_RSA_WITH_AES_256_CBC_SHA,
130     //TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
131     //TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
132     TLS_DH_DSS_WITH_AES_128_CBC_SHA256,
133     TLS_DH_RSA_WITH_AES_128_CBC_SHA256,
134     TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
135     TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
136     TLS_DH_DSS_WITH_AES_256_CBC_SHA256,
137     TLS_DH_RSA_WITH_AES_256_CBC_SHA256,
138     TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,
139     TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
140 
141     /* Completely anonymous Diffie-Hellman */
142     TLS_DH_anon_WITH_RC4_128_MD5,
143     TLS_DH_anon_WITH_3DES_EDE_CBC_SHA,
144     //TLS_DH_anon_WITH_AES_128_CBC_SHA,
145     //TLS_DH_anon_WITH_AES_256_CBC_SHA,
146     TLS_DH_anon_WITH_AES_128_CBC_SHA256,
147     TLS_DH_anon_WITH_AES_256_CBC_SHA256,
148 
149     /* Addendum from RFC 4279, TLS PSK */
150 
151     TLS_PSK_WITH_RC4_128_SHA,
152     TLS_PSK_WITH_3DES_EDE_CBC_SHA,
153     TLS_PSK_WITH_AES_128_CBC_SHA,
154     TLS_PSK_WITH_AES_256_CBC_SHA,
155     TLS_DHE_PSK_WITH_RC4_128_SHA,
156     TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
157     TLS_DHE_PSK_WITH_AES_128_CBC_SHA,
158     TLS_DHE_PSK_WITH_AES_256_CBC_SHA,
159     TLS_RSA_PSK_WITH_RC4_128_SHA,
160     TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
161     TLS_RSA_PSK_WITH_AES_128_CBC_SHA,
162     TLS_RSA_PSK_WITH_AES_256_CBC_SHA,
163 
164     /* RFC 4785 - Pre-Shared Key (PSK) Ciphersuites with NULL Encryption */
165 
166     TLS_PSK_WITH_NULL_SHA,
167     TLS_DHE_PSK_WITH_NULL_SHA,
168     TLS_RSA_PSK_WITH_NULL_SHA,
169 
170     /* Addenda from rfc 5288 AES Galois Counter Mode (GCM) Cipher Suites
171        for TLS. */
172     TLS_RSA_WITH_AES_128_GCM_SHA256,
173     TLS_RSA_WITH_AES_256_GCM_SHA384,
174     TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
175     TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
176     TLS_DH_RSA_WITH_AES_128_GCM_SHA256,
177     TLS_DH_RSA_WITH_AES_256_GCM_SHA384,
178     TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,
179     TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,
180     TLS_DH_DSS_WITH_AES_128_GCM_SHA256,
181     TLS_DH_DSS_WITH_AES_256_GCM_SHA384,
182     TLS_DH_anon_WITH_AES_128_GCM_SHA256,
183     TLS_DH_anon_WITH_AES_256_GCM_SHA384,
184 
185     /* RFC 5487 - PSK with SHA-256/384 and AES GCM */
186     TLS_PSK_WITH_AES_128_GCM_SHA256,
187     TLS_PSK_WITH_AES_256_GCM_SHA384,
188     TLS_DHE_PSK_WITH_AES_128_GCM_SHA256,
189     TLS_DHE_PSK_WITH_AES_256_GCM_SHA384,
190     TLS_RSA_PSK_WITH_AES_128_GCM_SHA256,
191     TLS_RSA_PSK_WITH_AES_256_GCM_SHA384,
192 
193     TLS_PSK_WITH_AES_128_CBC_SHA256,
194     TLS_PSK_WITH_AES_256_CBC_SHA384,
195     TLS_PSK_WITH_NULL_SHA256,
196     TLS_PSK_WITH_NULL_SHA384,
197 
198     TLS_DHE_PSK_WITH_AES_128_CBC_SHA256,
199     TLS_DHE_PSK_WITH_AES_256_CBC_SHA384,
200     TLS_DHE_PSK_WITH_NULL_SHA256,
201     TLS_DHE_PSK_WITH_NULL_SHA384,
202 
203     TLS_RSA_PSK_WITH_AES_128_CBC_SHA256,
204     TLS_RSA_PSK_WITH_AES_256_CBC_SHA384,
205     TLS_RSA_PSK_WITH_NULL_SHA256,
206     TLS_RSA_PSK_WITH_NULL_SHA384,
207 
208 
209     /* Addenda from rfc 5289  Elliptic Curve Cipher Suites with
210        HMAC SHA-256/384. */
211     TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
212     TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
213     TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
214     TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
215     TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
216     TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
217     TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
218     TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
219 
220     /* Addenda from rfc 5289  Elliptic Curve Cipher Suites with
221        SHA-256/384 and AES Galois Counter Mode (GCM) */
222     TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
223     TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
224     TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
225     TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
226     TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
227     TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
228     TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
229     TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,
230 
231     /* RFC 5746 - Secure Renegotiation */
232     TLS_EMPTY_RENEGOTIATION_INFO_SCSV,
233     /*
234      * Tags for SSL 2 cipher kinds which are not specified
235      * for SSL 3.
236      */
237     SSL_RSA_WITH_RC2_CBC_MD5,
238     SSL_RSA_WITH_IDEA_CBC_MD5,
239     SSL_RSA_WITH_DES_CBC_MD5,
240     SSL_RSA_WITH_3DES_EDE_CBC_MD5,
241     SSL_NO_SUCH_CIPHERSUITE
242 }
243