You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
262 lines
12 KiB
262 lines
12 KiB
6 years ago
|
/*
|
||
|
* Copyright (c) 1999-2002,2005-2007,2010-2014 Apple Inc. All Rights Reserved.
|
||
|
*
|
||
|
* @APPLE_LICENSE_HEADER_START@
|
||
|
*
|
||
|
* This file contains Original Code and/or Modifications of Original Code
|
||
|
* as defined in and that are subject to the Apple Public Source License
|
||
|
* Version 2.0 (the 'License'). You may not use this file except in
|
||
|
* compliance with the License. Please obtain a copy of the License at
|
||
|
* http://www.opensource.apple.com/apsl/ and read it before using this
|
||
|
* file.
|
||
|
*
|
||
|
* The Original Code and all software distributed under the License are
|
||
|
* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
|
||
|
* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
|
||
|
* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
|
||
|
* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
|
||
|
* Please see the License for the specific language governing rights and
|
||
|
* limitations under the License.
|
||
|
*
|
||
|
* @APPLE_LICENSE_HEADER_END@
|
||
|
*/
|
||
|
|
||
|
/*
|
||
|
* CipherSuite.h - SSL Cipher Suite definitions.
|
||
|
*/
|
||
|
|
||
|
#ifndef _SECURITY_CIPHERSUITE_H_
|
||
|
#define _SECURITY_CIPHERSUITE_H_
|
||
|
|
||
|
#include <TargetConditionals.h>
|
||
|
#include <stdint.h>
|
||
|
|
||
|
/*
|
||
|
* Defined as enum for debugging, but in the protocol
|
||
|
* it is actually exactly two bytes
|
||
|
*/
|
||
|
#if (TARGET_OS_MAC && !(TARGET_OS_EMBEDDED || TARGET_OS_IPHONE))
|
||
|
/* 32-bit value on OS X */
|
||
|
typedef uint32_t SSLCipherSuite;
|
||
|
#else
|
||
|
/* 16-bit value on iOS */
|
||
|
typedef uint16_t SSLCipherSuite;
|
||
|
#endif
|
||
|
|
||
|
CF_ENUM(SSLCipherSuite)
|
||
|
{ SSL_NULL_WITH_NULL_NULL = 0x0000,
|
||
|
SSL_RSA_WITH_NULL_MD5 = 0x0001,
|
||
|
SSL_RSA_WITH_NULL_SHA = 0x0002,
|
||
|
SSL_RSA_EXPORT_WITH_RC4_40_MD5 = 0x0003,
|
||
|
SSL_RSA_WITH_RC4_128_MD5 = 0x0004,
|
||
|
SSL_RSA_WITH_RC4_128_SHA = 0x0005,
|
||
|
SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = 0x0006,
|
||
|
SSL_RSA_WITH_IDEA_CBC_SHA = 0x0007,
|
||
|
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0008,
|
||
|
SSL_RSA_WITH_DES_CBC_SHA = 0x0009,
|
||
|
SSL_RSA_WITH_3DES_EDE_CBC_SHA = 0x000A,
|
||
|
SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x000B,
|
||
|
SSL_DH_DSS_WITH_DES_CBC_SHA = 0x000C,
|
||
|
SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA = 0x000D,
|
||
|
SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x000E,
|
||
|
SSL_DH_RSA_WITH_DES_CBC_SHA = 0x000F,
|
||
|
SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA = 0x0010,
|
||
|
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x0011,
|
||
|
SSL_DHE_DSS_WITH_DES_CBC_SHA = 0x0012,
|
||
|
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA = 0x0013,
|
||
|
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0014,
|
||
|
SSL_DHE_RSA_WITH_DES_CBC_SHA = 0x0015,
|
||
|
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x0016,
|
||
|
SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 = 0x0017,
|
||
|
SSL_DH_anon_WITH_RC4_128_MD5 = 0x0018,
|
||
|
SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA = 0x0019,
|
||
|
SSL_DH_anon_WITH_DES_CBC_SHA = 0x001A,
|
||
|
SSL_DH_anon_WITH_3DES_EDE_CBC_SHA = 0x001B,
|
||
|
SSL_FORTEZZA_DMS_WITH_NULL_SHA = 0x001C,
|
||
|
SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA = 0x001D,
|
||
|
|
||
|
/* TLS addenda using AES, per RFC 3268 */
|
||
|
TLS_RSA_WITH_AES_128_CBC_SHA = 0x002F,
|
||
|
TLS_DH_DSS_WITH_AES_128_CBC_SHA = 0x0030,
|
||
|
TLS_DH_RSA_WITH_AES_128_CBC_SHA = 0x0031,
|
||
|
TLS_DHE_DSS_WITH_AES_128_CBC_SHA = 0x0032,
|
||
|
TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x0033,
|
||
|
TLS_DH_anon_WITH_AES_128_CBC_SHA = 0x0034,
|
||
|
TLS_RSA_WITH_AES_256_CBC_SHA = 0x0035,
|
||
|
TLS_DH_DSS_WITH_AES_256_CBC_SHA = 0x0036,
|
||
|
TLS_DH_RSA_WITH_AES_256_CBC_SHA = 0x0037,
|
||
|
TLS_DHE_DSS_WITH_AES_256_CBC_SHA = 0x0038,
|
||
|
TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x0039,
|
||
|
TLS_DH_anon_WITH_AES_256_CBC_SHA = 0x003A,
|
||
|
|
||
|
/* ECDSA addenda, RFC 4492 */
|
||
|
TLS_ECDH_ECDSA_WITH_NULL_SHA = 0xC001,
|
||
|
TLS_ECDH_ECDSA_WITH_RC4_128_SHA = 0xC002,
|
||
|
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = 0xC003,
|
||
|
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA = 0xC004,
|
||
|
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA = 0xC005,
|
||
|
TLS_ECDHE_ECDSA_WITH_NULL_SHA = 0xC006,
|
||
|
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = 0xC007,
|
||
|
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = 0xC008,
|
||
|
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 0xC009,
|
||
|
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0xC00A,
|
||
|
TLS_ECDH_RSA_WITH_NULL_SHA = 0xC00B,
|
||
|
TLS_ECDH_RSA_WITH_RC4_128_SHA = 0xC00C,
|
||
|
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA = 0xC00D,
|
||
|
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA = 0xC00E,
|
||
|
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA = 0xC00F,
|
||
|
TLS_ECDHE_RSA_WITH_NULL_SHA = 0xC010,
|
||
|
TLS_ECDHE_RSA_WITH_RC4_128_SHA = 0xC011,
|
||
|
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 0xC012,
|
||
|
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0xC013,
|
||
|
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0xC014,
|
||
|
TLS_ECDH_anon_WITH_NULL_SHA = 0xC015,
|
||
|
TLS_ECDH_anon_WITH_RC4_128_SHA = 0xC016,
|
||
|
TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA = 0xC017,
|
||
|
TLS_ECDH_anon_WITH_AES_128_CBC_SHA = 0xC018,
|
||
|
TLS_ECDH_anon_WITH_AES_256_CBC_SHA = 0xC019,
|
||
|
|
||
|
/* TLS 1.2 addenda, RFC 5246 */
|
||
|
|
||
|
/* Initial state. */
|
||
|
TLS_NULL_WITH_NULL_NULL = 0x0000,
|
||
|
|
||
|
/* Server provided RSA certificate for key exchange. */
|
||
|
TLS_RSA_WITH_NULL_MD5 = 0x0001,
|
||
|
TLS_RSA_WITH_NULL_SHA = 0x0002,
|
||
|
TLS_RSA_WITH_RC4_128_MD5 = 0x0004,
|
||
|
TLS_RSA_WITH_RC4_128_SHA = 0x0005,
|
||
|
TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x000A,
|
||
|
//TLS_RSA_WITH_AES_128_CBC_SHA = 0x002F,
|
||
|
//TLS_RSA_WITH_AES_256_CBC_SHA = 0x0035,
|
||
|
TLS_RSA_WITH_NULL_SHA256 = 0x003B,
|
||
|
TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x003C,
|
||
|
TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x003D,
|
||
|
|
||
|
/* Server-authenticated (and optionally client-authenticated) Diffie-Hellman. */
|
||
|
TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA = 0x000D,
|
||
|
TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA = 0x0010,
|
||
|
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA = 0x0013,
|
||
|
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x0016,
|
||
|
//TLS_DH_DSS_WITH_AES_128_CBC_SHA = 0x0030,
|
||
|
//TLS_DH_RSA_WITH_AES_128_CBC_SHA = 0x0031,
|
||
|
//TLS_DHE_DSS_WITH_AES_128_CBC_SHA = 0x0032,
|
||
|
//TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x0033,
|
||
|
//TLS_DH_DSS_WITH_AES_256_CBC_SHA = 0x0036,
|
||
|
//TLS_DH_RSA_WITH_AES_256_CBC_SHA = 0x0037,
|
||
|
//TLS_DHE_DSS_WITH_AES_256_CBC_SHA = 0x0038,
|
||
|
//TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x0039,
|
||
|
TLS_DH_DSS_WITH_AES_128_CBC_SHA256 = 0x003E,
|
||
|
TLS_DH_RSA_WITH_AES_128_CBC_SHA256 = 0x003F,
|
||
|
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 = 0x0040,
|
||
|
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x0067,
|
||
|
TLS_DH_DSS_WITH_AES_256_CBC_SHA256 = 0x0068,
|
||
|
TLS_DH_RSA_WITH_AES_256_CBC_SHA256 = 0x0069,
|
||
|
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 = 0x006A,
|
||
|
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x006B,
|
||
|
|
||
|
/* Completely anonymous Diffie-Hellman */
|
||
|
TLS_DH_anon_WITH_RC4_128_MD5 = 0x0018,
|
||
|
TLS_DH_anon_WITH_3DES_EDE_CBC_SHA = 0x001B,
|
||
|
//TLS_DH_anon_WITH_AES_128_CBC_SHA = 0x0034,
|
||
|
//TLS_DH_anon_WITH_AES_256_CBC_SHA = 0x003A,
|
||
|
TLS_DH_anon_WITH_AES_128_CBC_SHA256 = 0x006C,
|
||
|
TLS_DH_anon_WITH_AES_256_CBC_SHA256 = 0x006D,
|
||
|
|
||
|
/* Addendum from RFC 4279, TLS PSK */
|
||
|
|
||
|
TLS_PSK_WITH_RC4_128_SHA = 0x008A,
|
||
|
TLS_PSK_WITH_3DES_EDE_CBC_SHA = 0x008B,
|
||
|
TLS_PSK_WITH_AES_128_CBC_SHA = 0x008C,
|
||
|
TLS_PSK_WITH_AES_256_CBC_SHA = 0x008D,
|
||
|
TLS_DHE_PSK_WITH_RC4_128_SHA = 0x008E,
|
||
|
TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA = 0x008F,
|
||
|
TLS_DHE_PSK_WITH_AES_128_CBC_SHA = 0x0090,
|
||
|
TLS_DHE_PSK_WITH_AES_256_CBC_SHA = 0x0091,
|
||
|
TLS_RSA_PSK_WITH_RC4_128_SHA = 0x0092,
|
||
|
TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA = 0x0093,
|
||
|
TLS_RSA_PSK_WITH_AES_128_CBC_SHA = 0x0094,
|
||
|
TLS_RSA_PSK_WITH_AES_256_CBC_SHA = 0x0095,
|
||
|
|
||
|
/* RFC 4785 - Pre-Shared Key (PSK) Ciphersuites with NULL Encryption */
|
||
|
|
||
|
TLS_PSK_WITH_NULL_SHA = 0x002C,
|
||
|
TLS_DHE_PSK_WITH_NULL_SHA = 0x002D,
|
||
|
TLS_RSA_PSK_WITH_NULL_SHA = 0x002E,
|
||
|
|
||
|
/* Addenda from rfc 5288 AES Galois Counter Mode (GCM) Cipher Suites
|
||
|
for TLS. */
|
||
|
TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x009C,
|
||
|
TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x009D,
|
||
|
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x009E,
|
||
|
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x009F,
|
||
|
TLS_DH_RSA_WITH_AES_128_GCM_SHA256 = 0x00A0,
|
||
|
TLS_DH_RSA_WITH_AES_256_GCM_SHA384 = 0x00A1,
|
||
|
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 = 0x00A2,
|
||
|
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 = 0x00A3,
|
||
|
TLS_DH_DSS_WITH_AES_128_GCM_SHA256 = 0x00A4,
|
||
|
TLS_DH_DSS_WITH_AES_256_GCM_SHA384 = 0x00A5,
|
||
|
TLS_DH_anon_WITH_AES_128_GCM_SHA256 = 0x00A6,
|
||
|
TLS_DH_anon_WITH_AES_256_GCM_SHA384 = 0x00A7,
|
||
|
|
||
|
/* RFC 5487 - PSK with SHA-256/384 and AES GCM */
|
||
|
TLS_PSK_WITH_AES_128_GCM_SHA256 = 0x00A8,
|
||
|
TLS_PSK_WITH_AES_256_GCM_SHA384 = 0x00A9,
|
||
|
TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 = 0x00AA,
|
||
|
TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 = 0x00AB,
|
||
|
TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 = 0x00AC,
|
||
|
TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 = 0x00AD,
|
||
|
|
||
|
TLS_PSK_WITH_AES_128_CBC_SHA256 = 0x00AE,
|
||
|
TLS_PSK_WITH_AES_256_CBC_SHA384 = 0x00AF,
|
||
|
TLS_PSK_WITH_NULL_SHA256 = 0x00B0,
|
||
|
TLS_PSK_WITH_NULL_SHA384 = 0x00B1,
|
||
|
|
||
|
TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 = 0x00B2,
|
||
|
TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 = 0x00B3,
|
||
|
TLS_DHE_PSK_WITH_NULL_SHA256 = 0x00B4,
|
||
|
TLS_DHE_PSK_WITH_NULL_SHA384 = 0x00B5,
|
||
|
|
||
|
TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 = 0x00B6,
|
||
|
TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 = 0x00B7,
|
||
|
TLS_RSA_PSK_WITH_NULL_SHA256 = 0x00B8,
|
||
|
TLS_RSA_PSK_WITH_NULL_SHA384 = 0x00B9,
|
||
|
|
||
|
|
||
|
/* Addenda from rfc 5289 Elliptic Curve Cipher Suites with
|
||
|
HMAC SHA-256/384. */
|
||
|
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0xC023,
|
||
|
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 0xC024,
|
||
|
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 = 0xC025,
|
||
|
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 = 0xC026,
|
||
|
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0xC027,
|
||
|
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = 0xC028,
|
||
|
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 = 0xC029,
|
||
|
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 = 0xC02A,
|
||
|
|
||
|
/* Addenda from rfc 5289 Elliptic Curve Cipher Suites with
|
||
|
SHA-256/384 and AES Galois Counter Mode (GCM) */
|
||
|
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0xC02B,
|
||
|
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 0xC02C,
|
||
|
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 = 0xC02D,
|
||
|
TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 = 0xC02E,
|
||
|
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0xC02F,
|
||
|
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 0xC030,
|
||
|
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 = 0xC031,
|
||
|
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 = 0xC032,
|
||
|
|
||
|
/* RFC 5746 - Secure Renegotiation */
|
||
|
TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0x00FF,
|
||
|
/*
|
||
|
* Tags for SSL 2 cipher kinds which are not specified
|
||
|
* for SSL 3.
|
||
|
*/
|
||
|
SSL_RSA_WITH_RC2_CBC_MD5 = 0xFF80,
|
||
|
SSL_RSA_WITH_IDEA_CBC_MD5 = 0xFF81,
|
||
|
SSL_RSA_WITH_DES_CBC_MD5 = 0xFF82,
|
||
|
SSL_RSA_WITH_3DES_EDE_CBC_MD5 = 0xFF83,
|
||
|
SSL_NO_SUCH_CIPHERSUITE = 0xFFFF
|
||
|
};
|
||
|
|
||
|
#endif /* !_SECURITY_CIPHERSUITE_H_ */
|