1 /* 2 * Various and sundry protocol constants. DON'T CHANGE THESE. These values 3 * are mostly defined by the SSL3 or TLS protocol specifications. 4 * Cipher kinds and ciphersuites are part of the public API. 5 * 6 * This Source Code Form is subject to the terms of the Mozilla Public 7 * License, v. 2.0. If a copy of the MPL was not distributed with this 8 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 9 10 #ifndef __sslproto_h_ 11 #define __sslproto_h_ 12 13 /* clang-format off */ 14 15 /* All versions less than 3_0 are treated as SSL version 2 */ 16 #define SSL_LIBRARY_VERSION_2 0x0002 17 #define SSL_LIBRARY_VERSION_3_0 0x0300 18 #define SSL_LIBRARY_VERSION_TLS_1_0 0x0301 19 #define SSL_LIBRARY_VERSION_TLS_1_1 0x0302 20 #define SSL_LIBRARY_VERSION_TLS_1_2 0x0303 21 #define SSL_LIBRARY_VERSION_TLS_1_3 0x0304 22 23 /* Note: this is the internal format, not the wire format */ 24 #define SSL_LIBRARY_VERSION_DTLS_1_0 SSL_LIBRARY_VERSION_TLS_1_1 25 #define SSL_LIBRARY_VERSION_DTLS_1_2 SSL_LIBRARY_VERSION_TLS_1_2 26 #define SSL_LIBRARY_VERSION_DTLS_1_3 SSL_LIBRARY_VERSION_TLS_1_3 27 28 /* deprecated old name */ 29 #define SSL_LIBRARY_VERSION_3_1_TLS SSL_LIBRARY_VERSION_TLS_1_0 30 31 /* The DTLS versions used in the spec */ 32 #define SSL_LIBRARY_VERSION_DTLS_1_0_WIRE ((~0x0100) & 0xffff) 33 #define SSL_LIBRARY_VERSION_DTLS_1_2_WIRE ((~0x0102) & 0xffff) 34 #define SSL_LIBRARY_VERSION_DTLS_1_3_WIRE SSL_LIBRARY_VERSION_DTLS_1_3 35 36 /* Certificate types */ 37 #define SSL_CT_X509_CERTIFICATE 0x01 38 #if 0 /* XXX Not implemented yet */ 39 #define SSL_PKCS6_CERTIFICATE 0x02 40 #endif 41 #define SSL_AT_MD5_WITH_RSA_ENCRYPTION 0x01 42 43 /* Error codes */ 44 #define SSL_PE_NO_CYPHERS 0x0001 45 #define SSL_PE_NO_CERTIFICATE 0x0002 46 #define SSL_PE_BAD_CERTIFICATE 0x0004 47 #define SSL_PE_UNSUPPORTED_CERTIFICATE_TYPE 0x0006 48 49 /* Deprecated SSL 3.0 & libssl names replaced by IANA-registered TLS names. */ 50 #ifndef SSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES 51 #define SSL_NULL_WITH_NULL_NULL TLS_NULL_WITH_NULL_NULL 52 #define SSL_RSA_WITH_NULL_MD5 TLS_RSA_WITH_NULL_MD5 53 #define SSL_RSA_WITH_NULL_SHA TLS_RSA_WITH_NULL_SHA 54 #define SSL_RSA_WITH_RC4_128_MD5 TLS_RSA_WITH_RC4_128_MD5 55 #define SSL_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_RC4_128_SHA 56 #define SSL_RSA_WITH_IDEA_CBC_SHA TLS_RSA_WITH_IDEA_CBC_SHA 57 #define SSL_RSA_WITH_DES_CBC_SHA TLS_RSA_WITH_DES_CBC_SHA 58 #define SSL_RSA_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA 59 #define SSL_DH_DSS_WITH_DES_CBC_SHA TLS_DH_DSS_WITH_DES_CBC_SHA 60 #define SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA 61 #define SSL_DH_RSA_WITH_DES_CBC_SHA TLS_DH_RSA_WITH_DES_CBC_SHA 62 #define SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA 63 #define SSL_DHE_DSS_WITH_DES_CBC_SHA TLS_DHE_DSS_WITH_DES_CBC_SHA 64 #define SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA 65 #define SSL_DHE_RSA_WITH_DES_CBC_SHA TLS_DHE_RSA_WITH_DES_CBC_SHA 66 #define SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 67 #define SSL_DH_ANON_WITH_RC4_128_MD5 TLS_DH_anon_WITH_RC4_128_MD5 68 #define SSL_DH_ANON_WITH_DES_CBC_SHA TLS_DH_anon_WITH_DES_CBC_SHA 69 #define SSL_DH_ANON_WITH_3DES_EDE_CBC_SHA TLS_DH_anon_WITH_3DES_EDE_CBC_SHA 70 #define TLS_DH_ANON_WITH_AES_128_CBC_SHA TLS_DH_anon_WITH_AES_128_CBC_SHA 71 #define TLS_DH_ANON_WITH_AES_256_CBC_SHA TLS_DH_anon_WITH_AES_256_CBC_SHA 72 #define TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA 73 #define TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA 74 #endif 75 76 #define TLS_NULL_WITH_NULL_NULL 0x0000 77 78 #define TLS_RSA_WITH_NULL_MD5 0x0001 79 #define TLS_RSA_WITH_NULL_SHA 0x0002 80 #define TLS_RSA_WITH_RC4_128_MD5 0x0004 81 #define TLS_RSA_WITH_RC4_128_SHA 0x0005 82 #define TLS_RSA_WITH_IDEA_CBC_SHA 0x0007 83 #define TLS_RSA_WITH_DES_CBC_SHA 0x0009 84 #define TLS_RSA_WITH_3DES_EDE_CBC_SHA 0x000a 85 86 #define TLS_DH_DSS_WITH_DES_CBC_SHA 0x000c 87 #define TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA 0x000d 88 #define TLS_DH_RSA_WITH_DES_CBC_SHA 0x000f 89 #define TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA 0x0010 90 91 #define TLS_DHE_DSS_WITH_DES_CBC_SHA 0x0012 92 #define TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA 0x0013 93 #define TLS_DHE_RSA_WITH_DES_CBC_SHA 0x0015 94 #define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 0x0016 95 96 #define TLS_DH_anon_WITH_RC4_128_MD5 0x0018 97 #define TLS_DH_anon_WITH_DES_CBC_SHA 0x001a 98 #define TLS_DH_anon_WITH_3DES_EDE_CBC_SHA 0x001b 99 100 #define TLS_RSA_WITH_AES_128_CBC_SHA 0x002F 101 #define TLS_DH_DSS_WITH_AES_128_CBC_SHA 0x0030 102 #define TLS_DH_RSA_WITH_AES_128_CBC_SHA 0x0031 103 #define TLS_DHE_DSS_WITH_AES_128_CBC_SHA 0x0032 104 #define TLS_DHE_RSA_WITH_AES_128_CBC_SHA 0x0033 105 #define TLS_DH_anon_WITH_AES_128_CBC_SHA 0x0034 106 107 #define TLS_RSA_WITH_AES_256_CBC_SHA 0x0035 108 #define TLS_DH_DSS_WITH_AES_256_CBC_SHA 0x0036 109 #define TLS_DH_RSA_WITH_AES_256_CBC_SHA 0x0037 110 #define TLS_DHE_DSS_WITH_AES_256_CBC_SHA 0x0038 111 #define TLS_DHE_RSA_WITH_AES_256_CBC_SHA 0x0039 112 #define TLS_DH_anon_WITH_AES_256_CBC_SHA 0x003A 113 #define TLS_RSA_WITH_NULL_SHA256 0x003B 114 #define TLS_RSA_WITH_AES_128_CBC_SHA256 0x003C 115 #define TLS_RSA_WITH_AES_256_CBC_SHA256 0x003D 116 117 #define TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 0x0040 118 #define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 0x0041 119 #define TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x0042 120 #define TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x0043 121 #define TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA 0x0044 122 #define TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x0045 123 #define TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA 0x0046 124 125 #define TLS_DHE_DSS_WITH_RC4_128_SHA 0x0066 126 #define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 0x0067 127 #define TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 0x006A 128 #define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 0x006B 129 130 #define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 0x0084 131 #define TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x0085 132 #define TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x0086 133 #define TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA 0x0087 134 #define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x0088 135 #define TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA 0x0089 136 137 #define TLS_RSA_WITH_SEED_CBC_SHA 0x0096 138 139 #define TLS_RSA_WITH_AES_128_GCM_SHA256 0x009C 140 #define TLS_RSA_WITH_AES_256_GCM_SHA384 0x009D 141 #define TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 0x009E 142 #define TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 0x009F 143 #define TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 0x00A2 144 #define TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 0x00A3 145 146 /* TLS "Signaling Cipher Suite Value" (SCSV). May be requested by client. 147 * Must NEVER be chosen by server. SSL 3.0 server acknowledges by sending 148 * back an empty Renegotiation Info (RI) server hello extension. 149 */ 150 #define TLS_EMPTY_RENEGOTIATION_INFO_SCSV 0x00FF 151 152 /* TLS_FALLBACK_SCSV is a signaling cipher suite value that indicates that a 153 * handshake is the result of TLS version fallback. 154 */ 155 #define TLS_FALLBACK_SCSV 0x5600 156 157 /* Cipher Suite Values starting with 0xC000 are defined in informational 158 * RFCs. 159 */ 160 #define TLS_ECDH_ECDSA_WITH_NULL_SHA 0xC001 161 #define TLS_ECDH_ECDSA_WITH_RC4_128_SHA 0xC002 162 #define TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 0xC003 163 #define TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0xC004 164 #define TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0xC005 165 166 #define TLS_ECDHE_ECDSA_WITH_NULL_SHA 0xC006 167 #define TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 0xC007 168 #define TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 0xC008 169 #define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0xC009 170 #define TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0xC00A 171 172 #define TLS_ECDH_RSA_WITH_NULL_SHA 0xC00B 173 #define TLS_ECDH_RSA_WITH_RC4_128_SHA 0xC00C 174 #define TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 0xC00D 175 #define TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 0xC00E 176 #define TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 0xC00F 177 178 #define TLS_ECDHE_RSA_WITH_NULL_SHA 0xC010 179 #define TLS_ECDHE_RSA_WITH_RC4_128_SHA 0xC011 180 #define TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 0xC012 181 #define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 0xC013 182 #define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 0xC014 183 184 #define TLS_ECDH_anon_WITH_NULL_SHA 0xC015 185 #define TLS_ECDH_anon_WITH_RC4_128_SHA 0xC016 186 #define TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA 0xC017 187 #define TLS_ECDH_anon_WITH_AES_128_CBC_SHA 0xC018 188 #define TLS_ECDH_anon_WITH_AES_256_CBC_SHA 0xC019 189 190 #define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 0xC023 191 #define TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 0xC024 192 #define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 0xC027 193 #define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 0xC028 194 195 #define TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC02B 196 #define TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0xC02C 197 #define TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0xC02D 198 #define TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xC02F 199 #define TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0xC030 200 #define TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 0xC031 201 202 /* draft-ietf-tls-chacha20-poly1305-04 */ 203 #define TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xCCA8 204 #define TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 0xCCA9 205 #define TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xCCAA 206 207 /* Special TLS 1.3 cipher suites that really just specify AEAD */ 208 #define TLS_AES_128_GCM_SHA256 0x1301 209 #define TLS_AES_256_GCM_SHA384 0x1302 210 #define TLS_CHACHA20_POLY1305_SHA256 0x1303 211 212 /* PSK cipher suites. NSS doesn't actually support these, but we 213 * exposed them when TLS 1.3 used them so we need to keep them 214 * in the API. */ 215 #define TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAC 216 #define TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAD 217 #define TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 0xD001 218 #define TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384 0xD002 219 #define TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 0x00AA /* RFC 5487 */ 220 #define TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 0x00AB /* RFC 5487 */ 221 222 /* DTLS-SRTP cipher suites from RFC 5764 */ 223 /* If you modify this, also modify MAX_DTLS_SRTP_CIPHER_SUITES in sslimpl.h */ 224 #define SRTP_AES128_CM_HMAC_SHA1_80 0x0001 225 #define SRTP_AES128_CM_HMAC_SHA1_32 0x0002 226 #define SRTP_NULL_HMAC_SHA1_80 0x0005 227 #define SRTP_NULL_HMAC_SHA1_32 0x0006 228 229 /* DO NOT USE. (deprecated, will be removed) */ 230 #define SSL_HL_ERROR_HBYTES 3 231 #define SSL_HL_CLIENT_HELLO_HBYTES 9 232 #define SSL_HL_CLIENT_MASTER_KEY_HBYTES 10 233 #define SSL_HL_CLIENT_FINISHED_HBYTES 1 234 #define SSL_HL_SERVER_HELLO_HBYTES 11 235 #define SSL_HL_SERVER_VERIFY_HBYTES 1 236 #define SSL_HL_SERVER_FINISHED_HBYTES 1 237 #define SSL_HL_REQUEST_CERTIFICATE_HBYTES 2 238 #define SSL_HL_CLIENT_CERTIFICATE_HBYTES 6 239 #define SSL_MT_ERROR 0 240 #define SSL_MT_CLIENT_HELLO 1 241 #define SSL_MT_CLIENT_MASTER_KEY 2 242 #define SSL_MT_CLIENT_FINISHED 3 243 #define SSL_MT_SERVER_HELLO 4 244 #define SSL_MT_SERVER_VERIFY 5 245 #define SSL_MT_SERVER_FINISHED 6 246 #define SSL_MT_REQUEST_CERTIFICATE 7 247 #define SSL_MT_CLIENT_CERTIFICATE 8 248 #define SSL_CK_RC4_128_WITH_MD5 0x01 249 #define SSL_CK_RC4_128_EXPORT40_WITH_MD5 0x02 250 #define SSL_CK_RC2_128_CBC_WITH_MD5 0x03 251 #define SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 0x04 252 #define SSL_CK_IDEA_128_CBC_WITH_MD5 0x05 253 #define SSL_CK_DES_64_CBC_WITH_MD5 0x06 254 #define SSL_CK_DES_192_EDE3_CBC_WITH_MD5 0x07 255 #define SSL_EN_RC4_128_WITH_MD5 0xFF01 256 #define SSL_EN_RC4_128_EXPORT40_WITH_MD5 0xFF02 257 #define SSL_EN_RC2_128_CBC_WITH_MD5 0xFF03 258 #define SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5 0xFF04 259 #define SSL_EN_IDEA_128_CBC_WITH_MD5 0xFF05 260 #define SSL_EN_DES_64_CBC_WITH_MD5 0xFF06 261 #define SSL_EN_DES_192_EDE3_CBC_WITH_MD5 0xFF07 262 #define TLS_RSA_EXPORT_WITH_RC4_40_MD5 0x0003 263 #define TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 0x0006 264 #define TLS_RSA_EXPORT_WITH_DES40_CBC_SHA 0x0008 265 #define TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA 0x0062 266 #define TLS_RSA_EXPORT1024_WITH_RC4_56_SHA 0x0064 267 #define TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA 0x0014 268 #define TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA 0x000e 269 #define TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA 0x0063 270 #define TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA 0x0065 271 #define TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA 0x000b 272 #define TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA 0x0011 273 #define TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 0x0017 274 #define TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA 0x0019 275 #define SSL_FORTEZZA_DMS_WITH_NULL_SHA 0x001c 276 #define SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA 0x001d 277 #define SSL_FORTEZZA_DMS_WITH_RC4_128_SHA 0x001e 278 #define SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA 0xffe0 279 #define SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA 0xffe1 280 #define SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA 0xfeff 281 #define SSL_RSA_FIPS_WITH_DES_CBC_SHA 0xfefe 282 #define SSL_RSA_EXPORT_WITH_RC4_40_MD5 TLS_RSA_EXPORT_WITH_RC4_40_MD5 283 #define SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 284 #define SSL_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_RSA_EXPORT_WITH_DES40_CBC_SHA 285 #define SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA 286 #define SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA 287 #define SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA 288 #define SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA 289 #define SSL_DH_ANON_EXPORT_WITH_DES40_CBC_SHA TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA 290 #define SSL_DH_ANON_EXPORT_WITH_RC4_40_MD5 TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 291 292 /* clang-format on */ 293 294 #endif /* __sslproto_h_ */ 295