db2f1140de
Modified Files: cmd/lib/SECerrs.h cmd/selfserv/selfserv.c cmd/tstclnt/tstclnt.c lib/cryptohi/keyhi.h lib/cryptohi/keythi.h lib/cryptohi/seckey.c lib/cryptohi/secvfy.c lib/freebl/Makefile lib/freebl/blapi.h lib/freebl/blapit.h lib/freebl/ldvector.c lib/freebl/loader.c lib/freebl/loader.h lib/freebl/manifest.mn lib/nss/nss.def lib/pk11wrap/pk11skey.c lib/pk11wrap/pk11slot.c lib/softoken/lowkeyti.h lib/softoken/manifest.mn lib/softoken/pkcs11.c lib/softoken/pkcs11c.c lib/softoken/pkcs11t.h lib/ssl/ssl3con.c lib/ssl/ssl3prot.h lib/ssl/sslcon.c lib/ssl/sslenum.c lib/ssl/sslimpl.h lib/ssl/sslinfo.c lib/ssl/sslproto.h lib/ssl/sslsecur.c lib/ssl/sslsock.c lib/ssl/sslt.h lib/util/secerr.h lib/util/secoid.c lib/util/secoidt.h Added Files: lib/freebl/GFp_ecl.c lib/freebl/GFp_ecl.h lib/freebl/ec.c lib/freebl/ec.h lib/softoken/ecdecode.c git-svn-id: svn://10.0.0.236/trunk@138574 18797224-902f-48f8-a5cc-f745e15eee43
200 lines
7.7 KiB
C
200 lines
7.7 KiB
C
/*
|
|
* Various and sundry protocol constants. DON'T CHANGE THESE. These values
|
|
* are mostly defined by the SSL2, SSL3, or TLS protocol specifications.
|
|
* Cipher kinds and ciphersuites are part of the public API.
|
|
*
|
|
* The contents of this file are subject to the Mozilla Public
|
|
* License Version 1.1 (the "License"); you may not use this file
|
|
* except in compliance with the License. You may obtain a copy of
|
|
* the License at http://www.mozilla.org/MPL/
|
|
*
|
|
* Software distributed under the License is distributed on an "AS
|
|
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
|
|
* implied. See the License for the specific language governing
|
|
* rights and limitations under the License.
|
|
*
|
|
* The Original Code is the Netscape security libraries.
|
|
*
|
|
* The Initial Developer of the Original Code is Netscape
|
|
* Communications Corporation. Portions created by Netscape are
|
|
* Copyright (C) 1994-2000 Netscape Communications Corporation. All
|
|
* Rights Reserved.
|
|
*
|
|
* Portions created by Sun Microsystems, Inc. are Copyright (C) 2003
|
|
* Sun Microsystems, Inc. All Rights Reserved.
|
|
*
|
|
* Contributor(s):
|
|
* Dr Vipul Gupta <vipul.gupta@sun.com>, Sun Microsystems Laboratories
|
|
*
|
|
* Alternatively, the contents of this file may be used under the
|
|
* terms of the GNU General Public License Version 2 or later (the
|
|
* "GPL"), in which case the provisions of the GPL are applicable
|
|
* instead of those above. If you wish to allow use of your
|
|
* version of this file only under the terms of the GPL and not to
|
|
* allow others to use your version of this file under the MPL,
|
|
* indicate your decision by deleting the provisions above and
|
|
* replace them with the notice and other provisions required by
|
|
* the GPL. If you do not delete the provisions above, a recipient
|
|
* may use your version of this file under either the MPL or the
|
|
* GPL.
|
|
*
|
|
* $Id: sslproto.h,v 1.4 2003-02-27 01:31:35 nelsonb%netscape.com Exp $
|
|
*/
|
|
|
|
#ifndef __sslproto_h_
|
|
#define __sslproto_h_
|
|
|
|
/* All versions less than 3_0 are treated as SSL version 2 */
|
|
#define SSL_LIBRARY_VERSION_2 0x0002
|
|
#define SSL_LIBRARY_VERSION_3_0 0x0300
|
|
#define SSL_LIBRARY_VERSION_3_1_TLS 0x0301
|
|
|
|
/* Header lengths of some of the messages */
|
|
#define SSL_HL_ERROR_HBYTES 3
|
|
#define SSL_HL_CLIENT_HELLO_HBYTES 9
|
|
#define SSL_HL_CLIENT_MASTER_KEY_HBYTES 10
|
|
#define SSL_HL_CLIENT_FINISHED_HBYTES 1
|
|
#define SSL_HL_SERVER_HELLO_HBYTES 11
|
|
#define SSL_HL_SERVER_VERIFY_HBYTES 1
|
|
#define SSL_HL_SERVER_FINISHED_HBYTES 1
|
|
#define SSL_HL_REQUEST_CERTIFICATE_HBYTES 2
|
|
#define SSL_HL_CLIENT_CERTIFICATE_HBYTES 6
|
|
|
|
/* Security handshake protocol codes */
|
|
#define SSL_MT_ERROR 0
|
|
#define SSL_MT_CLIENT_HELLO 1
|
|
#define SSL_MT_CLIENT_MASTER_KEY 2
|
|
#define SSL_MT_CLIENT_FINISHED 3
|
|
#define SSL_MT_SERVER_HELLO 4
|
|
#define SSL_MT_SERVER_VERIFY 5
|
|
#define SSL_MT_SERVER_FINISHED 6
|
|
#define SSL_MT_REQUEST_CERTIFICATE 7
|
|
#define SSL_MT_CLIENT_CERTIFICATE 8
|
|
|
|
/* Certificate types */
|
|
#define SSL_CT_X509_CERTIFICATE 0x01
|
|
#if 0 /* XXX Not implemented yet */
|
|
#define SSL_PKCS6_CERTIFICATE 0x02
|
|
#endif
|
|
#define SSL_AT_MD5_WITH_RSA_ENCRYPTION 0x01
|
|
|
|
/* Error codes */
|
|
#define SSL_PE_NO_CYPHERS 0x0001
|
|
#define SSL_PE_NO_CERTIFICATE 0x0002
|
|
#define SSL_PE_BAD_CERTIFICATE 0x0004
|
|
#define SSL_PE_UNSUPPORTED_CERTIFICATE_TYPE 0x0006
|
|
|
|
/* Cypher kinds (not the spec version!) */
|
|
#define SSL_CK_RC4_128_WITH_MD5 0x01
|
|
#define SSL_CK_RC4_128_EXPORT40_WITH_MD5 0x02
|
|
#define SSL_CK_RC2_128_CBC_WITH_MD5 0x03
|
|
#define SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 0x04
|
|
#define SSL_CK_IDEA_128_CBC_WITH_MD5 0x05
|
|
#define SSL_CK_DES_64_CBC_WITH_MD5 0x06
|
|
#define SSL_CK_DES_192_EDE3_CBC_WITH_MD5 0x07
|
|
|
|
/* Cipher enables. These are used only for SSL_EnableCipher
|
|
* These values define the SSL2 suites, and do not colide with the
|
|
* SSL3 Cipher suites defined below.
|
|
*/
|
|
#define SSL_EN_RC4_128_WITH_MD5 0xFF01
|
|
#define SSL_EN_RC4_128_EXPORT40_WITH_MD5 0xFF02
|
|
#define SSL_EN_RC2_128_CBC_WITH_MD5 0xFF03
|
|
#define SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5 0xFF04
|
|
#define SSL_EN_IDEA_128_CBC_WITH_MD5 0xFF05
|
|
#define SSL_EN_DES_64_CBC_WITH_MD5 0xFF06
|
|
#define SSL_EN_DES_192_EDE3_CBC_WITH_MD5 0xFF07
|
|
|
|
/* SSL v3 Cipher Suites */
|
|
#define SSL_NULL_WITH_NULL_NULL 0x0000
|
|
|
|
#define SSL_RSA_WITH_NULL_MD5 0x0001
|
|
#define SSL_RSA_WITH_NULL_SHA 0x0002
|
|
#define SSL_RSA_EXPORT_WITH_RC4_40_MD5 0x0003
|
|
#define SSL_RSA_WITH_RC4_128_MD5 0x0004
|
|
#define SSL_RSA_WITH_RC4_128_SHA 0x0005
|
|
#define SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 0x0006
|
|
#define SSL_RSA_WITH_IDEA_CBC_SHA 0x0007
|
|
#define SSL_RSA_EXPORT_WITH_DES40_CBC_SHA 0x0008
|
|
#define SSL_RSA_WITH_DES_CBC_SHA 0x0009
|
|
#define SSL_RSA_WITH_3DES_EDE_CBC_SHA 0x000a
|
|
|
|
#define SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA 0x000b
|
|
#define SSL_DH_DSS_WITH_DES_CBC_SHA 0x000c
|
|
#define SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA 0x000d
|
|
#define SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA 0x000e
|
|
#define SSL_DH_RSA_WITH_DES_CBC_SHA 0x000f
|
|
#define SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA 0x0010
|
|
|
|
#define SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA 0x0011
|
|
#define SSL_DHE_DSS_WITH_DES_CBC_SHA 0x0012
|
|
#define SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA 0x0013
|
|
#define SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA 0x0014
|
|
#define SSL_DHE_RSA_WITH_DES_CBC_SHA 0x0015
|
|
#define SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA 0x0016
|
|
|
|
#define SSL_DH_ANON_EXPORT_WITH_RC4_40_MD5 0x0017
|
|
#define SSL_DH_ANON_WITH_RC4_128_MD5 0x0018
|
|
#define SSL_DH_ANON_EXPORT_WITH_DES40_CBC_SHA 0x0019
|
|
#define SSL_DH_ANON_WITH_DES_CBC_SHA 0x001a
|
|
#define SSL_DH_ANON_WITH_3DES_EDE_CBC_SHA 0x001b
|
|
|
|
#define SSL_FORTEZZA_DMS_WITH_NULL_SHA 0x001c
|
|
#define SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA 0x001d
|
|
#define SSL_FORTEZZA_DMS_WITH_RC4_128_SHA 0x001e
|
|
|
|
/* New TLS cipher suites */
|
|
#define TLS_RSA_WITH_AES_128_CBC_SHA 0x002F
|
|
#define TLS_DH_DSS_WITH_AES_128_CBC_SHA 0x0030
|
|
#define TLS_DH_RSA_WITH_AES_128_CBC_SHA 0x0031
|
|
#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA 0x0032
|
|
#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA 0x0033
|
|
#define TLS_DH_ANON_WITH_AES_128_CBC_SHA 0x0034
|
|
|
|
#define TLS_RSA_WITH_AES_256_CBC_SHA 0x0035
|
|
#define TLS_DH_DSS_WITH_AES_256_CBC_SHA 0x0036
|
|
#define TLS_DH_RSA_WITH_AES_256_CBC_SHA 0x0037
|
|
#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA 0x0038
|
|
#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA 0x0039
|
|
#define TLS_DH_ANON_WITH_AES_256_CBC_SHA 0x003A
|
|
|
|
#define TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA 0x0062
|
|
#define TLS_RSA_EXPORT1024_WITH_RC4_56_SHA 0x0064
|
|
|
|
#define TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA 0x0063
|
|
#define TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA 0x0065
|
|
#define TLS_DHE_DSS_WITH_RC4_128_SHA 0x0066
|
|
|
|
#ifdef NSS_ENABLE_ECC
|
|
/* "Experimental" ECC cipher suites.
|
|
** XXX These numbers might change before the current IETF draft
|
|
** on ECC cipher suites for TLS becomes an RFC.
|
|
*/
|
|
#define TLS_ECDH_ECDSA_WITH_NULL_SHA 0x0047
|
|
#define TLS_ECDH_ECDSA_WITH_RC4_128_SHA 0x0048
|
|
#define TLS_ECDH_ECDSA_WITH_DES_CBC_SHA 0x0049
|
|
#define TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 0x004A
|
|
#define TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0x004B
|
|
#define TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0x004C
|
|
|
|
#define TLS_ECDH_RSA_WITH_NULL_SHA 0x004D
|
|
#define TLS_ECDH_RSA_WITH_RC4_128_SHA 0x004E
|
|
#define TLS_ECDH_RSA_WITH_DES_CBC_SHA 0x004F
|
|
#define TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 0x0050
|
|
#define TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 0x0051
|
|
#define TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 0x0052
|
|
|
|
#define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0x0077
|
|
#define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 0x0078
|
|
#endif /* NSS_ENABLE_ECC */
|
|
|
|
/* Netscape "experimental" cipher suites. */
|
|
#define SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA 0xffe0
|
|
#define SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA 0xffe1
|
|
|
|
/* New non-experimental openly spec'ed versions of those cipher suites. */
|
|
#define SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA 0xfeff
|
|
#define SSL_RSA_FIPS_WITH_DES_CBC_SHA 0xfefe
|
|
|
|
#endif /* __sslproto_h_ */
|