libsecurity_ssl/Security/CipherSuite.h

   1 /*
   2  * Copyright (c) 1999-2002,2005-2007,2010-2012 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24 /*
  25  * CipherSuite.h - SSL Cipher Suite definitions.
  26  */
  27
  28 #ifndef _SECURITY_CIPHERSUITE_H_
  29 #define _SECURITY_CIPHERSUITE_H_
  30
  31 /* fetch Uint32 */
  32 #include <CoreFoundation/CFBase.h>
  33 #include <TargetConditionals.h>
  34
  35 /*
  36  * Defined as enum for debugging, but in the protocol
  37  * it is actually exactly two bytes
  38  */
  39 #if (TARGET_OS_MAC && !(TARGET_OS_EMBEDDED || TARGET_OS_IPHONE))
  40 /* 32-bit value on OS X */
  41 typedef uint32_t SSLCipherSuite;
  42 #else
  43 /* 16-bit value on iOS */
  44 typedef uint16_t SSLCipherSuite;
  45 #endif
  46
  47 enum
  48 {   SSL_NULL_WITH_NULL_NULL =                   0x0000,
  49     SSL_RSA_WITH_NULL_MD5 =                     0x0001,
  50     SSL_RSA_WITH_NULL_SHA =                     0x0002,
  51     SSL_RSA_EXPORT_WITH_RC4_40_MD5 =            0x0003,
  52     SSL_RSA_WITH_RC4_128_MD5 =                  0x0004,
  53     SSL_RSA_WITH_RC4_128_SHA =                  0x0005,
  54     SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 =        0x0006,
  55     SSL_RSA_WITH_IDEA_CBC_SHA =                 0x0007,
  56     SSL_RSA_EXPORT_WITH_DES40_CBC_SHA =         0x0008,
  57     SSL_RSA_WITH_DES_CBC_SHA =                  0x0009,
  58     SSL_RSA_WITH_3DES_EDE_CBC_SHA =             0x000A,
  59     SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA =      0x000B,
  60     SSL_DH_DSS_WITH_DES_CBC_SHA =               0x000C,
  61     SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA =          0x000D,
  62     SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA =      0x000E,
  63     SSL_DH_RSA_WITH_DES_CBC_SHA =               0x000F,
  64     SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA =          0x0010,
  65     SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA =     0x0011,
  66     SSL_DHE_DSS_WITH_DES_CBC_SHA =              0x0012,
  67     SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA =         0x0013,
  68     SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA =     0x0014,
  69     SSL_DHE_RSA_WITH_DES_CBC_SHA =              0x0015,
  70     SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA =         0x0016,
  71     SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 =        0x0017,
  72     SSL_DH_anon_WITH_RC4_128_MD5 =              0x0018,
  73     SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA =     0x0019,
  74     SSL_DH_anon_WITH_DES_CBC_SHA =              0x001A,
  75     SSL_DH_anon_WITH_3DES_EDE_CBC_SHA =         0x001B,
  76     SSL_FORTEZZA_DMS_WITH_NULL_SHA =            0x001C,
  77     SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA =    0x001D,
  78
  79         /* TLS addenda using AES, per RFC 3268 */
  80         TLS_RSA_WITH_AES_128_CBC_SHA      =                     0x002F,
  81         TLS_DH_DSS_WITH_AES_128_CBC_SHA   =                     0x0030,
  82         TLS_DH_RSA_WITH_AES_128_CBC_SHA   =                     0x0031,
  83         TLS_DHE_DSS_WITH_AES_128_CBC_SHA  =                     0x0032,
  84         TLS_DHE_RSA_WITH_AES_128_CBC_SHA  =                     0x0033,
  85         TLS_DH_anon_WITH_AES_128_CBC_SHA  =                     0x0034,
  86         TLS_RSA_WITH_AES_256_CBC_SHA      =                     0x0035,
  87         TLS_DH_DSS_WITH_AES_256_CBC_SHA   =                     0x0036,
  88         TLS_DH_RSA_WITH_AES_256_CBC_SHA   =                     0x0037,
  89         TLS_DHE_DSS_WITH_AES_256_CBC_SHA  =                     0x0038,
  90         TLS_DHE_RSA_WITH_AES_256_CBC_SHA  =                     0x0039,
  91         TLS_DH_anon_WITH_AES_256_CBC_SHA  =                     0x003A,
  92
  93         /* ECDSA addenda, RFC 4492 */
  94         TLS_ECDH_ECDSA_WITH_NULL_SHA           =        0xC001,
  95         TLS_ECDH_ECDSA_WITH_RC4_128_SHA        =        0xC002,
  96         TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA   =        0xC003,
  97         TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA    =        0xC004,
  98         TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA    =        0xC005,
  99         TLS_ECDHE_ECDSA_WITH_NULL_SHA          =        0xC006,
 100         TLS_ECDHE_ECDSA_WITH_RC4_128_SHA       =        0xC007,
 101         TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA  =        0xC008,
 102         TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA   =        0xC009,
 103         TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA   =        0xC00A,
 104         TLS_ECDH_RSA_WITH_NULL_SHA             =        0xC00B,
 105         TLS_ECDH_RSA_WITH_RC4_128_SHA          =        0xC00C,
 106         TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA     =        0xC00D,
 107         TLS_ECDH_RSA_WITH_AES_128_CBC_SHA      =        0xC00E,
 108         TLS_ECDH_RSA_WITH_AES_256_CBC_SHA      =        0xC00F,
 109         TLS_ECDHE_RSA_WITH_NULL_SHA            =        0xC010,
 110         TLS_ECDHE_RSA_WITH_RC4_128_SHA         =        0xC011,
 111         TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA    =        0xC012,
 112         TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA     =        0xC013,
 113         TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA     =        0xC014,
 114         TLS_ECDH_anon_WITH_NULL_SHA            =        0xC015,
 115         TLS_ECDH_anon_WITH_RC4_128_SHA         =        0xC016,
 116         TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA    =        0xC017,
 117         TLS_ECDH_anon_WITH_AES_128_CBC_SHA     =        0xC018,
 118         TLS_ECDH_anon_WITH_AES_256_CBC_SHA     =        0xC019,
 119
 120     /* TLS 1.2 addenda, RFC 5246 */
 121
 122     /* Initial state. */
 123     TLS_NULL_WITH_NULL_NULL                   = 0x0000,
 124
 125     /* Server provided RSA certificate for key exchange. */
 126     TLS_RSA_WITH_NULL_MD5                     = 0x0001,
 127     TLS_RSA_WITH_NULL_SHA                     = 0x0002,
 128     TLS_RSA_WITH_RC4_128_MD5                  = 0x0004,
 129     TLS_RSA_WITH_RC4_128_SHA                  = 0x0005,
 130     TLS_RSA_WITH_3DES_EDE_CBC_SHA             = 0x000A,
 131     //TLS_RSA_WITH_AES_128_CBC_SHA              = 0x002F,
 132     //TLS_RSA_WITH_AES_256_CBC_SHA              = 0x0035,
 133     TLS_RSA_WITH_NULL_SHA256                  = 0x003B,
 134     TLS_RSA_WITH_AES_128_CBC_SHA256           = 0x003C,
 135     TLS_RSA_WITH_AES_256_CBC_SHA256           = 0x003D,
 136
 137     /* Server-authenticated (and optionally client-authenticated) Diffie-Hellman. */
 138     TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA          = 0x000D,
 139     TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA          = 0x0010,
 140     TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA         = 0x0013,
 141     TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA         = 0x0016,
 142     //TLS_DH_DSS_WITH_AES_128_CBC_SHA           = 0x0030,
 143     //TLS_DH_RSA_WITH_AES_128_CBC_SHA           = 0x0031,
 144     //TLS_DHE_DSS_WITH_AES_128_CBC_SHA          = 0x0032,
 145     //TLS_DHE_RSA_WITH_AES_128_CBC_SHA          = 0x0033,
 146     //TLS_DH_DSS_WITH_AES_256_CBC_SHA           = 0x0036,
 147     //TLS_DH_RSA_WITH_AES_256_CBC_SHA           = 0x0037,
 148     //TLS_DHE_DSS_WITH_AES_256_CBC_SHA          = 0x0038,
 149     //TLS_DHE_RSA_WITH_AES_256_CBC_SHA          = 0x0039,
 150     TLS_DH_DSS_WITH_AES_128_CBC_SHA256        = 0x003E,
 151     TLS_DH_RSA_WITH_AES_128_CBC_SHA256        = 0x003F,
 152     TLS_DHE_DSS_WITH_AES_128_CBC_SHA256       = 0x0040,
 153     TLS_DHE_RSA_WITH_AES_128_CBC_SHA256       = 0x0067,
 154     TLS_DH_DSS_WITH_AES_256_CBC_SHA256        = 0x0068,
 155     TLS_DH_RSA_WITH_AES_256_CBC_SHA256        = 0x0069,
 156     TLS_DHE_DSS_WITH_AES_256_CBC_SHA256       = 0x006A,
 157     TLS_DHE_RSA_WITH_AES_256_CBC_SHA256       = 0x006B,
 158
 159     /* Completely anonymous Diffie-Hellman */
 160     TLS_DH_anon_WITH_RC4_128_MD5              = 0x0018,
 161     TLS_DH_anon_WITH_3DES_EDE_CBC_SHA         = 0x001B,
 162     //TLS_DH_anon_WITH_AES_128_CBC_SHA          = 0x0034,
 163     //TLS_DH_anon_WITH_AES_256_CBC_SHA          = 0x003A,
 164     TLS_DH_anon_WITH_AES_128_CBC_SHA256       = 0x006C,
 165     TLS_DH_anon_WITH_AES_256_CBC_SHA256       = 0x006D,
 166
 167     /* Addenda from rfc 5288 AES Galois Counter Mode (GCM) Cipher Suites
 168        for TLS. */
 169     TLS_RSA_WITH_AES_128_GCM_SHA256           = 0x009C,
 170     TLS_RSA_WITH_AES_256_GCM_SHA384           = 0x009D,
 171     TLS_DHE_RSA_WITH_AES_128_GCM_SHA256       = 0x009E,
 172     TLS_DHE_RSA_WITH_AES_256_GCM_SHA384       = 0x009F,
 173     TLS_DH_RSA_WITH_AES_128_GCM_SHA256        = 0x00A0,
 174     TLS_DH_RSA_WITH_AES_256_GCM_SHA384        = 0x00A1,
 175     TLS_DHE_DSS_WITH_AES_128_GCM_SHA256       = 0x00A2,
 176     TLS_DHE_DSS_WITH_AES_256_GCM_SHA384       = 0x00A3,
 177     TLS_DH_DSS_WITH_AES_128_GCM_SHA256        = 0x00A4,
 178     TLS_DH_DSS_WITH_AES_256_GCM_SHA384        = 0x00A5,
 179     TLS_DH_anon_WITH_AES_128_GCM_SHA256       = 0x00A6,
 180     TLS_DH_anon_WITH_AES_256_GCM_SHA384       = 0x00A7,
 181
 182     /* Addenda from rfc 5289  Elliptic Curve Cipher Suites with
 183        HMAC SHA-256/384. */
 184     TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256   = 0xC023,
 185     TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384   = 0xC024,
 186     TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256    = 0xC025,
 187     TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384    = 0xC026,
 188     TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256     = 0xC027,
 189     TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384     = 0xC028,
 190     TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256      = 0xC029,
 191     TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384      = 0xC02A,
 192
 193     /* Addenda from rfc 5289  Elliptic Curve Cipher Suites with
 194        SHA-256/384 and AES Galois Counter Mode (GCM) */
 195     TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256   = 0xC02B,
 196     TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384   = 0xC02C,
 197     TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256    = 0xC02D,
 198     TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384    = 0xC02E,
 199     TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256     = 0xC02F,
 200     TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384     = 0xC030,
 201     TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256      = 0xC031,
 202     TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384      = 0xC032,
 203
 204     /* RFC 5746 - Secure Renegotiation */
 205     TLS_EMPTY_RENEGOTIATION_INFO_SCSV         = 0x00FF,
 206         /*
 207          * Tags for SSL 2 cipher kinds which are not specified
 208          * for SSL 3.
 209          */
 210     SSL_RSA_WITH_RC2_CBC_MD5 =                  0xFF80,
 211     SSL_RSA_WITH_IDEA_CBC_MD5 =                 0xFF81,
 212     SSL_RSA_WITH_DES_CBC_MD5 =                  0xFF82,
 213     SSL_RSA_WITH_3DES_EDE_CBC_MD5 =             0xFF83,
 214     SSL_NO_SUCH_CIPHERSUITE =                   0xFFFF
 215 };
 216
 217 #endif  /* !_SECURITY_CIPHERSUITE_H_ */