[apple/security.git] / OSX / libsecurity_ssl / lib / CipherSuite.h

/*
 * Copyright (c) 1999-2002,2005-2007,2010-2014 Apple Inc. All Rights Reserved.
 *
 * @APPLE_LICENSE_HEADER_START@
 * 
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 * 
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 * 
 * @APPLE_LICENSE_HEADER_END@
 */

/*
 * CipherSuite.h - SSL Cipher Suite definitions.
 */

#ifndef _SECURITY_CIPHERSUITE_H_
#define _SECURITY_CIPHERSUITE_H_

#include <TargetConditionals.h>
#include <stdint.h>
#include <CoreFoundation/CFBase.h> /* CF_ENUM */

/*
 * Defined as enum for debugging, but in the protocol
 * it is actually exactly two bytes
 */
#if (TARGET_OS_MAC && !(TARGET_OS_EMBEDDED || TARGET_OS_IPHONE))
/* 32-bit value on OS X */
typedef uint32_t SSLCipherSuite;
#else
/* 16-bit value on iOS */
typedef uint16_t SSLCipherSuite;
#endif

CF_ENUM(SSLCipherSuite)
{   SSL_NULL_WITH_NULL_NULL =                   0x0000,
    SSL_RSA_WITH_NULL_MD5 =                     0x0001,
    SSL_RSA_WITH_NULL_SHA =                     0x0002,
    SSL_RSA_EXPORT_WITH_RC4_40_MD5 =            0x0003,
    SSL_RSA_WITH_RC4_128_MD5 =                  0x0004,
    SSL_RSA_WITH_RC4_128_SHA =                  0x0005,
    SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 =        0x0006,
    SSL_RSA_WITH_IDEA_CBC_SHA =                 0x0007,
    SSL_RSA_EXPORT_WITH_DES40_CBC_SHA =         0x0008,
    SSL_RSA_WITH_DES_CBC_SHA =                  0x0009,
    SSL_RSA_WITH_3DES_EDE_CBC_SHA =             0x000A,
    SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA =      0x000B,
    SSL_DH_DSS_WITH_DES_CBC_SHA =               0x000C,
    SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA =          0x000D,
    SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA =      0x000E,
    SSL_DH_RSA_WITH_DES_CBC_SHA =               0x000F,
    SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA =          0x0010,
    SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA =     0x0011,
    SSL_DHE_DSS_WITH_DES_CBC_SHA =              0x0012,
    SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA =         0x0013,
    SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA =     0x0014,
    SSL_DHE_RSA_WITH_DES_CBC_SHA =              0x0015,
    SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA =         0x0016,
    SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 =        0x0017,
    SSL_DH_anon_WITH_RC4_128_MD5 =              0x0018,
    SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA =     0x0019,
    SSL_DH_anon_WITH_DES_CBC_SHA =              0x001A,
    SSL_DH_anon_WITH_3DES_EDE_CBC_SHA =         0x001B,
    SSL_FORTEZZA_DMS_WITH_NULL_SHA =            0x001C,
    SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA =    0x001D,

	/* TLS addenda using AES, per RFC 3268 */
	TLS_RSA_WITH_AES_128_CBC_SHA	  =			0x002F,
	TLS_DH_DSS_WITH_AES_128_CBC_SHA	  =			0x0030,
	TLS_DH_RSA_WITH_AES_128_CBC_SHA   =			0x0031,
	TLS_DHE_DSS_WITH_AES_128_CBC_SHA  =			0x0032,
	TLS_DHE_RSA_WITH_AES_128_CBC_SHA  =			0x0033,
	TLS_DH_anon_WITH_AES_128_CBC_SHA  =			0x0034,
	TLS_RSA_WITH_AES_256_CBC_SHA      =			0x0035,
	TLS_DH_DSS_WITH_AES_256_CBC_SHA   =			0x0036,
	TLS_DH_RSA_WITH_AES_256_CBC_SHA   =			0x0037,
	TLS_DHE_DSS_WITH_AES_256_CBC_SHA  =			0x0038,
	TLS_DHE_RSA_WITH_AES_256_CBC_SHA  =			0x0039,
	TLS_DH_anon_WITH_AES_256_CBC_SHA  =			0x003A,

	/* ECDSA addenda, RFC 4492 */
	TLS_ECDH_ECDSA_WITH_NULL_SHA           =	0xC001,
	TLS_ECDH_ECDSA_WITH_RC4_128_SHA        =	0xC002,
	TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA   =	0xC003,
	TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA    =	0xC004,
	TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA    =	0xC005,
	TLS_ECDHE_ECDSA_WITH_NULL_SHA          =	0xC006,
	TLS_ECDHE_ECDSA_WITH_RC4_128_SHA       =	0xC007,
	TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA  =	0xC008,
	TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA   =	0xC009,
	TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA   =	0xC00A,
	TLS_ECDH_RSA_WITH_NULL_SHA             =	0xC00B,
	TLS_ECDH_RSA_WITH_RC4_128_SHA          =	0xC00C,
	TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA     =	0xC00D,
	TLS_ECDH_RSA_WITH_AES_128_CBC_SHA      =	0xC00E,
	TLS_ECDH_RSA_WITH_AES_256_CBC_SHA      =	0xC00F,
	TLS_ECDHE_RSA_WITH_NULL_SHA            =	0xC010,
	TLS_ECDHE_RSA_WITH_RC4_128_SHA         =	0xC011,
	TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA    =	0xC012,
	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA     =	0xC013,
	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA     =	0xC014,
	TLS_ECDH_anon_WITH_NULL_SHA            =	0xC015,
	TLS_ECDH_anon_WITH_RC4_128_SHA         =	0xC016,
	TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA    =	0xC017,
	TLS_ECDH_anon_WITH_AES_128_CBC_SHA     =	0xC018,
	TLS_ECDH_anon_WITH_AES_256_CBC_SHA     =	0xC019,

    /* TLS 1.2 addenda, RFC 5246 */

    /* Initial state. */
    TLS_NULL_WITH_NULL_NULL                   = 0x0000,

    /* Server provided RSA certificate for key exchange. */
    TLS_RSA_WITH_NULL_MD5                     = 0x0001,
    TLS_RSA_WITH_NULL_SHA                     = 0x0002,
    TLS_RSA_WITH_RC4_128_MD5                  = 0x0004,
    TLS_RSA_WITH_RC4_128_SHA                  = 0x0005,
    TLS_RSA_WITH_3DES_EDE_CBC_SHA             = 0x000A,
    TLS_RSA_WITH_NULL_SHA256                  = 0x003B,
    TLS_RSA_WITH_AES_128_CBC_SHA256           = 0x003C,
    TLS_RSA_WITH_AES_256_CBC_SHA256           = 0x003D,

    /* Server-authenticated (and optionally client-authenticated) Diffie-Hellman. */
    TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA          = 0x000D,
    TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA          = 0x0010,
    TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA         = 0x0013,
    TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA         = 0x0016,
    TLS_DH_DSS_WITH_AES_128_CBC_SHA256        = 0x003E,
    TLS_DH_RSA_WITH_AES_128_CBC_SHA256        = 0x003F,
    TLS_DHE_DSS_WITH_AES_128_CBC_SHA256       = 0x0040,
    TLS_DHE_RSA_WITH_AES_128_CBC_SHA256       = 0x0067,
    TLS_DH_DSS_WITH_AES_256_CBC_SHA256        = 0x0068,
    TLS_DH_RSA_WITH_AES_256_CBC_SHA256        = 0x0069,
    TLS_DHE_DSS_WITH_AES_256_CBC_SHA256       = 0x006A,
    TLS_DHE_RSA_WITH_AES_256_CBC_SHA256       = 0x006B,

    /* Completely anonymous Diffie-Hellman */
    TLS_DH_anon_WITH_RC4_128_MD5              = 0x0018,
    TLS_DH_anon_WITH_3DES_EDE_CBC_SHA         = 0x001B,
    TLS_DH_anon_WITH_AES_128_CBC_SHA256       = 0x006C,
    TLS_DH_anon_WITH_AES_256_CBC_SHA256       = 0x006D,

    /* Addendum from RFC 4279, TLS PSK */
    TLS_PSK_WITH_RC4_128_SHA                  = 0x008A,
    TLS_PSK_WITH_3DES_EDE_CBC_SHA             = 0x008B,
    TLS_PSK_WITH_AES_128_CBC_SHA              = 0x008C,
    TLS_PSK_WITH_AES_256_CBC_SHA              = 0x008D,
    TLS_DHE_PSK_WITH_RC4_128_SHA              = 0x008E,
    TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA         = 0x008F,
    TLS_DHE_PSK_WITH_AES_128_CBC_SHA          = 0x0090,
    TLS_DHE_PSK_WITH_AES_256_CBC_SHA          = 0x0091,
    TLS_RSA_PSK_WITH_RC4_128_SHA              = 0x0092,
    TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA         = 0x0093,
    TLS_RSA_PSK_WITH_AES_128_CBC_SHA          = 0x0094,
    TLS_RSA_PSK_WITH_AES_256_CBC_SHA          = 0x0095,

    /* RFC 4785 - Pre-Shared Key (PSK) Ciphersuites with NULL Encryption */
    TLS_PSK_WITH_NULL_SHA                     = 0x002C,
    TLS_DHE_PSK_WITH_NULL_SHA                 = 0x002D,
    TLS_RSA_PSK_WITH_NULL_SHA                 = 0x002E,

    /* Addenda from rfc 5288 AES Galois Counter Mode (GCM) Cipher Suites for TLS. */
    TLS_RSA_WITH_AES_128_GCM_SHA256           = 0x009C,
    TLS_RSA_WITH_AES_256_GCM_SHA384           = 0x009D,
    TLS_DHE_RSA_WITH_AES_128_GCM_SHA256       = 0x009E,
    TLS_DHE_RSA_WITH_AES_256_GCM_SHA384       = 0x009F,
    TLS_DH_RSA_WITH_AES_128_GCM_SHA256        = 0x00A0,
    TLS_DH_RSA_WITH_AES_256_GCM_SHA384        = 0x00A1,
    TLS_DHE_DSS_WITH_AES_128_GCM_SHA256       = 0x00A2,
    TLS_DHE_DSS_WITH_AES_256_GCM_SHA384       = 0x00A3,
    TLS_DH_DSS_WITH_AES_128_GCM_SHA256        = 0x00A4,
    TLS_DH_DSS_WITH_AES_256_GCM_SHA384        = 0x00A5,
    TLS_DH_anon_WITH_AES_128_GCM_SHA256       = 0x00A6,
    TLS_DH_anon_WITH_AES_256_GCM_SHA384       = 0x00A7,

    /* RFC 5487 - PSK with SHA-256/384 and AES GCM */
    TLS_PSK_WITH_AES_128_GCM_SHA256           = 0x00A8,
    TLS_PSK_WITH_AES_256_GCM_SHA384           = 0x00A9,
    TLS_DHE_PSK_WITH_AES_128_GCM_SHA256       = 0x00AA,
    TLS_DHE_PSK_WITH_AES_256_GCM_SHA384       = 0x00AB,
    TLS_RSA_PSK_WITH_AES_128_GCM_SHA256       = 0x00AC,
    TLS_RSA_PSK_WITH_AES_256_GCM_SHA384       = 0x00AD,

    TLS_PSK_WITH_AES_128_CBC_SHA256           = 0x00AE,
    TLS_PSK_WITH_AES_256_CBC_SHA384           = 0x00AF,
    TLS_PSK_WITH_NULL_SHA256                  = 0x00B0,
    TLS_PSK_WITH_NULL_SHA384                  = 0x00B1,

    TLS_DHE_PSK_WITH_AES_128_CBC_SHA256       = 0x00B2,
    TLS_DHE_PSK_WITH_AES_256_CBC_SHA384       = 0x00B3,
    TLS_DHE_PSK_WITH_NULL_SHA256              = 0x00B4,
    TLS_DHE_PSK_WITH_NULL_SHA384              = 0x00B5,

    TLS_RSA_PSK_WITH_AES_128_CBC_SHA256       = 0x00B6,
    TLS_RSA_PSK_WITH_AES_256_CBC_SHA384       = 0x00B7,
    TLS_RSA_PSK_WITH_NULL_SHA256              = 0x00B8,
    TLS_RSA_PSK_WITH_NULL_SHA384              = 0x00B9,

    /* TLS 1.3 standard cipher suites for ChaCha20+Poly1305.
       Note: TLS 1.3 ciphersuites do not specify the key exchange
       algorithm -- they only specify the symmetric ciphers. */
    TLS_AES_128_GCM_SHA256                    = 0x1301,
    TLS_AES_256_GCM_SHA384                    = 0x1302,
    TLS_CHACHA20_POLY1305_SHA256              = 0x1303,
    TLS_AES_128_CCM_SHA256                    = 0x1304,
    TLS_AES_128_CCM_8_SHA256                  = 0x1305,

    /* Addenda from rfc 5289  Elliptic Curve Cipher Suites with
       HMAC SHA-256/384. */
    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256   = 0xC023,
    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384   = 0xC024,
    TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256    = 0xC025,
    TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384    = 0xC026,
    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256     = 0xC027,
    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384     = 0xC028,
    TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256      = 0xC029,
    TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384      = 0xC02A,

    /* Addenda from rfc 5289  Elliptic Curve Cipher Suites with
       SHA-256/384 and AES Galois Counter Mode (GCM) */
    TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256   = 0xC02B,
    TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384   = 0xC02C,
    TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256    = 0xC02D,
    TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384    = 0xC02E,
    TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256     = 0xC02F,
    TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384     = 0xC030,
    TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256      = 0xC031,
    TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384      = 0xC032,

    /* Addenda from rfc 7905  ChaCha20-Poly1305 Cipher Suites for
     Transport Layer Security (TLS). */
    TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256   = 0xCCA8,
    TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = 0xCCA9,

    /* RFC 5746 - Secure Renegotiation */
    TLS_EMPTY_RENEGOTIATION_INFO_SCSV         = 0x00FF,

	/* Tags for SSL 2 cipher kinds which are not specified
	 * for SSL 3. */
    SSL_RSA_WITH_RC2_CBC_MD5 =                  0xFF80,
    SSL_RSA_WITH_IDEA_CBC_MD5 =                 0xFF81,
    SSL_RSA_WITH_DES_CBC_MD5 =                  0xFF82,
    SSL_RSA_WITH_3DES_EDE_CBC_MD5 =             0xFF83,
    SSL_NO_SUCH_CIPHERSUITE =                   0xFFFF
};

#endif	/* !_SECURITY_CIPHERSUITE_H_ */
Commit	Line	Data
b1ab9ed8	1	/*
d8f41ccd	2	* Copyright (c) 1999-2002,2005-2007,2010-2014 Apple Inc. All Rights Reserved.
b1ab9ed8 A	3	*
b1ab9ed8 A	4	* @APPLE_LICENSE_HEADER_START@
d8f41ccd	5	*
b1ab9ed8 A	6	* This file contains Original Code and/or Modifications of Original Code
	7	* as defined in and that are subject to the Apple Public Source License
	8	* Version 2.0 (the 'License'). You may not use this file except in
	9	* compliance with the License. Please obtain a copy of the License at
	10	* http://www.opensource.apple.com/apsl/ and read it before using this
	11	* file.
d8f41ccd	12	*
b1ab9ed8 A	13	* The Original Code and all software distributed under the License are
	14	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	15	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	16	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
	17	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
	18	* Please see the License for the specific language governing rights and
	19	* limitations under the License.
d8f41ccd	20	*
b1ab9ed8 A	21	* @APPLE_LICENSE_HEADER_END@
	22	*/
	23
	24	/*
	25	* CipherSuite.h - SSL Cipher Suite definitions.
	26	*/
	27
	28	#ifndef _SECURITY_CIPHERSUITE_H_
	29	#define _SECURITY_CIPHERSUITE_H_
	30
b1ab9ed8	31	#include <TargetConditionals.h>
427c49bc	32	#include <stdint.h>
866f8763	33	#include <CoreFoundation/CFBase.h> /* CF_ENUM */
b1ab9ed8 A	34
	35	/*
	36	* Defined as enum for debugging, but in the protocol
	37	* it is actually exactly two bytes
	38	*/
	39	#if (TARGET_OS_MAC && !(TARGET_OS_EMBEDDED \|\| TARGET_OS_IPHONE))
	40	/* 32-bit value on OS X */
	41	typedef uint32_t SSLCipherSuite;
	42	#else
	43	/* 16-bit value on iOS */
	44	typedef uint16_t SSLCipherSuite;
	45	#endif
	46
5c19dc3a	47	CF_ENUM(SSLCipherSuite)
b1ab9ed8 A	48	{ SSL_NULL_WITH_NULL_NULL = 0x0000,
	49	SSL_RSA_WITH_NULL_MD5 = 0x0001,
	50	SSL_RSA_WITH_NULL_SHA = 0x0002,
	51	SSL_RSA_EXPORT_WITH_RC4_40_MD5 = 0x0003,
	52	SSL_RSA_WITH_RC4_128_MD5 = 0x0004,
	53	SSL_RSA_WITH_RC4_128_SHA = 0x0005,
	54	SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = 0x0006,
	55	SSL_RSA_WITH_IDEA_CBC_SHA = 0x0007,
	56	SSL_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0008,
	57	SSL_RSA_WITH_DES_CBC_SHA = 0x0009,
	58	SSL_RSA_WITH_3DES_EDE_CBC_SHA = 0x000A,
	59	SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x000B,
	60	SSL_DH_DSS_WITH_DES_CBC_SHA = 0x000C,
	61	SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA = 0x000D,
	62	SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x000E,
	63	SSL_DH_RSA_WITH_DES_CBC_SHA = 0x000F,
	64	SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA = 0x0010,
	65	SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x0011,
	66	SSL_DHE_DSS_WITH_DES_CBC_SHA = 0x0012,
	67	SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA = 0x0013,
	68	SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0014,
	69	SSL_DHE_RSA_WITH_DES_CBC_SHA = 0x0015,
	70	SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x0016,
	71	SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 = 0x0017,
	72	SSL_DH_anon_WITH_RC4_128_MD5 = 0x0018,
	73	SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA = 0x0019,
	74	SSL_DH_anon_WITH_DES_CBC_SHA = 0x001A,
	75	SSL_DH_anon_WITH_3DES_EDE_CBC_SHA = 0x001B,
	76	SSL_FORTEZZA_DMS_WITH_NULL_SHA = 0x001C,
	77	SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA = 0x001D,
	78
	79	/* TLS addenda using AES, per RFC 3268 */
	80	TLS_RSA_WITH_AES_128_CBC_SHA = 0x002F,
	81	TLS_DH_DSS_WITH_AES_128_CBC_SHA = 0x0030,
	82	TLS_DH_RSA_WITH_AES_128_CBC_SHA = 0x0031,
	83	TLS_DHE_DSS_WITH_AES_128_CBC_SHA = 0x0032,
	84	TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x0033,
	85	TLS_DH_anon_WITH_AES_128_CBC_SHA = 0x0034,
	86	TLS_RSA_WITH_AES_256_CBC_SHA = 0x0035,
	87	TLS_DH_DSS_WITH_AES_256_CBC_SHA = 0x0036,
	88	TLS_DH_RSA_WITH_AES_256_CBC_SHA = 0x0037,
	89	TLS_DHE_DSS_WITH_AES_256_CBC_SHA = 0x0038,
	90	TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x0039,
	91	TLS_DH_anon_WITH_AES_256_CBC_SHA = 0x003A,
	92
	93	/* ECDSA addenda, RFC 4492 */
	94	TLS_ECDH_ECDSA_WITH_NULL_SHA = 0xC001,
	95	TLS_ECDH_ECDSA_WITH_RC4_128_SHA = 0xC002,
	96	TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = 0xC003,
	97	TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA = 0xC004,
	98	TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA = 0xC005,
	99	TLS_ECDHE_ECDSA_WITH_NULL_SHA = 0xC006,
	100	TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = 0xC007,
	101	TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = 0xC008,
	102	TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 0xC009,
	103	TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0xC00A,
	104	TLS_ECDH_RSA_WITH_NULL_SHA = 0xC00B,
	105	TLS_ECDH_RSA_WITH_RC4_128_SHA = 0xC00C,
	106	TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA = 0xC00D,
	107	TLS_ECDH_RSA_WITH_AES_128_CBC_SHA = 0xC00E,
	108	TLS_ECDH_RSA_WITH_AES_256_CBC_SHA = 0xC00F,
	109	TLS_ECDHE_RSA_WITH_NULL_SHA = 0xC010,
	110	TLS_ECDHE_RSA_WITH_RC4_128_SHA = 0xC011,
	111	TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 0xC012,
112	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0xC013,
113	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0xC014,
114	TLS_ECDH_anon_WITH_NULL_SHA = 0xC015,
115	TLS_ECDH_anon_WITH_RC4_128_SHA = 0xC016,
116	TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA = 0xC017,
117	TLS_ECDH_anon_WITH_AES_128_CBC_SHA = 0xC018,
118	TLS_ECDH_anon_WITH_AES_256_CBC_SHA = 0xC019,
119
120	/* TLS 1.2 addenda, RFC 5246 */
121
122	/* Initial state. */
123	TLS_NULL_WITH_NULL_NULL = 0x0000,
124
125	/* Server provided RSA certificate for key exchange. */
126	TLS_RSA_WITH_NULL_MD5 = 0x0001,
127	TLS_RSA_WITH_NULL_SHA = 0x0002,
128	TLS_RSA_WITH_RC4_128_MD5 = 0x0004,
129	TLS_RSA_WITH_RC4_128_SHA = 0x0005,
130	TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x000A,
b1ab9ed8 A	131	TLS_RSA_WITH_NULL_SHA256 = 0x003B,
	132	TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x003C,
	133	TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x003D,
	134
	135	/* Server-authenticated (and optionally client-authenticated) Diffie-Hellman. */
	136	TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA = 0x000D,
	137	TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA = 0x0010,
	138	TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA = 0x0013,
	139	TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x0016,
b1ab9ed8 A	140	TLS_DH_DSS_WITH_AES_128_CBC_SHA256 = 0x003E,
	141	TLS_DH_RSA_WITH_AES_128_CBC_SHA256 = 0x003F,
	142	TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 = 0x0040,
	143	TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x0067,
	144	TLS_DH_DSS_WITH_AES_256_CBC_SHA256 = 0x0068,
	145	TLS_DH_RSA_WITH_AES_256_CBC_SHA256 = 0x0069,
	146	TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 = 0x006A,
	147	TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x006B,
	148
	149	/* Completely anonymous Diffie-Hellman */
	150	TLS_DH_anon_WITH_RC4_128_MD5 = 0x0018,
	151	TLS_DH_anon_WITH_3DES_EDE_CBC_SHA = 0x001B,
b1ab9ed8 A	152	TLS_DH_anon_WITH_AES_128_CBC_SHA256 = 0x006C,
	153	TLS_DH_anon_WITH_AES_256_CBC_SHA256 = 0x006D,
	154
427c49bc	155	/* Addendum from RFC 4279, TLS PSK */
427c49bc A	156	TLS_PSK_WITH_RC4_128_SHA = 0x008A,
	157	TLS_PSK_WITH_3DES_EDE_CBC_SHA = 0x008B,
	158	TLS_PSK_WITH_AES_128_CBC_SHA = 0x008C,
	159	TLS_PSK_WITH_AES_256_CBC_SHA = 0x008D,
	160	TLS_DHE_PSK_WITH_RC4_128_SHA = 0x008E,
	161	TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA = 0x008F,
	162	TLS_DHE_PSK_WITH_AES_128_CBC_SHA = 0x0090,
	163	TLS_DHE_PSK_WITH_AES_256_CBC_SHA = 0x0091,
	164	TLS_RSA_PSK_WITH_RC4_128_SHA = 0x0092,
	165	TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA = 0x0093,
	166	TLS_RSA_PSK_WITH_AES_128_CBC_SHA = 0x0094,
	167	TLS_RSA_PSK_WITH_AES_256_CBC_SHA = 0x0095,
	168
	169	/* RFC 4785 - Pre-Shared Key (PSK) Ciphersuites with NULL Encryption */
427c49bc A	170	TLS_PSK_WITH_NULL_SHA = 0x002C,
	171	TLS_DHE_PSK_WITH_NULL_SHA = 0x002D,
	172	TLS_RSA_PSK_WITH_NULL_SHA = 0x002E,
	173
866f8763	174	/* Addenda from rfc 5288 AES Galois Counter Mode (GCM) Cipher Suites for TLS. */
b1ab9ed8 A	175	TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x009C,
	176	TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x009D,
	177	TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x009E,
	178	TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x009F,
	179	TLS_DH_RSA_WITH_AES_128_GCM_SHA256 = 0x00A0,
	180	TLS_DH_RSA_WITH_AES_256_GCM_SHA384 = 0x00A1,
	181	TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 = 0x00A2,
	182	TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 = 0x00A3,
	183	TLS_DH_DSS_WITH_AES_128_GCM_SHA256 = 0x00A4,
	184	TLS_DH_DSS_WITH_AES_256_GCM_SHA384 = 0x00A5,
	185	TLS_DH_anon_WITH_AES_128_GCM_SHA256 = 0x00A6,
	186	TLS_DH_anon_WITH_AES_256_GCM_SHA384 = 0x00A7,
	187
427c49bc A	188	/* RFC 5487 - PSK with SHA-256/384 and AES GCM */
	189	TLS_PSK_WITH_AES_128_GCM_SHA256 = 0x00A8,
	190	TLS_PSK_WITH_AES_256_GCM_SHA384 = 0x00A9,
	191	TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 = 0x00AA,
	192	TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 = 0x00AB,
	193	TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 = 0x00AC,
	194	TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 = 0x00AD,
	195
	196	TLS_PSK_WITH_AES_128_CBC_SHA256 = 0x00AE,
	197	TLS_PSK_WITH_AES_256_CBC_SHA384 = 0x00AF,
	198	TLS_PSK_WITH_NULL_SHA256 = 0x00B0,
	199	TLS_PSK_WITH_NULL_SHA384 = 0x00B1,
	200
	201	TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 = 0x00B2,
	202	TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 = 0x00B3,
	203	TLS_DHE_PSK_WITH_NULL_SHA256 = 0x00B4,
	204	TLS_DHE_PSK_WITH_NULL_SHA384 = 0x00B5,
	205
	206	TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 = 0x00B6,
	207	TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 = 0x00B7,
	208	TLS_RSA_PSK_WITH_NULL_SHA256 = 0x00B8,
	209	TLS_RSA_PSK_WITH_NULL_SHA384 = 0x00B9,
	210
866f8763 A	211	/* TLS 1.3 standard cipher suites for ChaCha20+Poly1305.
	212	Note: TLS 1.3 ciphersuites do not specify the key exchange
	213	algorithm -- they only specify the symmetric ciphers. */
	214	TLS_AES_128_GCM_SHA256 = 0x1301,
	215	TLS_AES_256_GCM_SHA384 = 0x1302,
	216	TLS_CHACHA20_POLY1305_SHA256 = 0x1303,
	217	TLS_AES_128_CCM_SHA256 = 0x1304,
	218	TLS_AES_128_CCM_8_SHA256 = 0x1305,
427c49bc	219
b1ab9ed8 A	220	/* Addenda from rfc 5289 Elliptic Curve Cipher Suites with
	221	HMAC SHA-256/384. */
	222	TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0xC023,
	223	TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 0xC024,
	224	TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 = 0xC025,
	225	TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 = 0xC026,
	226	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0xC027,
	227	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = 0xC028,
	228	TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 = 0xC029,
	229	TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 = 0xC02A,
	230
	231	/* Addenda from rfc 5289 Elliptic Curve Cipher Suites with
	232	SHA-256/384 and AES Galois Counter Mode (GCM) */
	233	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0xC02B,
	234	TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 0xC02C,
	235	TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 = 0xC02D,
	236	TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 = 0xC02E,
	237	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0xC02F,
	238	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 0xC030,
	239	TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 = 0xC031,
	240	TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 = 0xC032,
	241
866f8763 A	242	/* Addenda from rfc 7905 ChaCha20-Poly1305 Cipher Suites for
	243	Transport Layer Security (TLS). */
	244	TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0xCCA8,
	245	TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = 0xCCA9,
	246
b1ab9ed8 A	247	/* RFC 5746 - Secure Renegotiation */
b1ab9ed8 A	248	TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0x00FF,
866f8763 A	249
	250	/* Tags for SSL 2 cipher kinds which are not specified
	251	* for SSL 3. */
b1ab9ed8 A	252	SSL_RSA_WITH_RC2_CBC_MD5 = 0xFF80,
	253	SSL_RSA_WITH_IDEA_CBC_MD5 = 0xFF81,
	254	SSL_RSA_WITH_DES_CBC_MD5 = 0xFF82,
	255	SSL_RSA_WITH_3DES_EDE_CBC_MD5 = 0xFF83,
	256	SSL_NO_SUCH_CIPHERSUITE = 0xFFFF
	257	};
	258
	259	#endif /* !_SECURITY_CIPHERSUITE_H_ */