DXR is a code search and navigation tool aimed at making sense of large projects. It supports full-text and regex searches as well as structural queries.

Untracked file

Line Code
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199
/*
 * Various and sundry protocol constants. DON'T CHANGE THESE. These values 
 * are mostly defined by the SSL2, SSL3, or TLS protocol specifications.
 * Cipher kinds and ciphersuites are part of the public API.
 *
 * The contents of this file are subject to the Mozilla Public
 * License Version 1.1 (the "License"); you may not use this file
 * except in compliance with the License. You may obtain a copy of
 * the License at http://www.mozilla.org/MPL/
 * 
 * Software distributed under the License is distributed on an "AS
 * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
 * implied. See the License for the specific language governing
 * rights and limitations under the License.
 * 
 * The Original Code is the Netscape security libraries.
 * 
 * The Initial Developer of the Original Code is Netscape
 * Communications Corporation.  Portions created by Netscape are 
 * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
 * Rights Reserved.
 * 
 * Portions created by Sun Microsystems, Inc. are Copyright (C) 2003
 * Sun Microsystems, Inc. All Rights Reserved.
 *
 * Contributor(s):
 *	Dr Vipul Gupta <vipul.gupta@sun.com>, Sun Microsystems Laboratories
 * 
 * Alternatively, the contents of this file may be used under the
 * terms of the GNU General Public License Version 2 or later (the
 * "GPL"), in which case the provisions of the GPL are applicable 
 * instead of those above.  If you wish to allow use of your 
 * version of this file only under the terms of the GPL and not to
 * allow others to use your version of this file under the MPL,
 * indicate your decision by deleting the provisions above and
 * replace them with the notice and other provisions required by
 * the GPL.  If you do not delete the provisions above, a recipient
 * may use your version of this file under either the MPL or the
 * GPL.
 *
 * $Id: sslproto.h,v 1.4 2003/02/27 01:31:35 nelsonb%netscape.com Exp $
 */

#ifndef __sslproto_h_
#define __sslproto_h_

/* All versions less than 3_0 are treated as SSL version 2 */
#define SSL_LIBRARY_VERSION_2			0x0002
#define SSL_LIBRARY_VERSION_3_0			0x0300
#define SSL_LIBRARY_VERSION_3_1_TLS		0x0301

/* Header lengths of some of the messages */
#define SSL_HL_ERROR_HBYTES			3
#define SSL_HL_CLIENT_HELLO_HBYTES		9
#define SSL_HL_CLIENT_MASTER_KEY_HBYTES		10
#define SSL_HL_CLIENT_FINISHED_HBYTES		1
#define SSL_HL_SERVER_HELLO_HBYTES		11
#define SSL_HL_SERVER_VERIFY_HBYTES		1
#define SSL_HL_SERVER_FINISHED_HBYTES		1
#define SSL_HL_REQUEST_CERTIFICATE_HBYTES	2
#define SSL_HL_CLIENT_CERTIFICATE_HBYTES	6

/* Security handshake protocol codes */
#define SSL_MT_ERROR				0
#define SSL_MT_CLIENT_HELLO			1
#define SSL_MT_CLIENT_MASTER_KEY		2
#define SSL_MT_CLIENT_FINISHED			3
#define SSL_MT_SERVER_HELLO			4
#define SSL_MT_SERVER_VERIFY			5
#define SSL_MT_SERVER_FINISHED			6
#define SSL_MT_REQUEST_CERTIFICATE		7
#define SSL_MT_CLIENT_CERTIFICATE		8

/* Certificate types */
#define SSL_CT_X509_CERTIFICATE			0x01
#if 0 /* XXX Not implemented yet */
#define SSL_PKCS6_CERTIFICATE			0x02
#endif
#define SSL_AT_MD5_WITH_RSA_ENCRYPTION		0x01

/* Error codes */
#define SSL_PE_NO_CYPHERS			0x0001
#define SSL_PE_NO_CERTIFICATE			0x0002
#define SSL_PE_BAD_CERTIFICATE			0x0004
#define SSL_PE_UNSUPPORTED_CERTIFICATE_TYPE	0x0006

/* Cypher kinds (not the spec version!) */
#define SSL_CK_RC4_128_WITH_MD5			0x01
#define SSL_CK_RC4_128_EXPORT40_WITH_MD5	0x02
#define SSL_CK_RC2_128_CBC_WITH_MD5		0x03
#define SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5	0x04
#define SSL_CK_IDEA_128_CBC_WITH_MD5		0x05
#define SSL_CK_DES_64_CBC_WITH_MD5		0x06
#define SSL_CK_DES_192_EDE3_CBC_WITH_MD5	0x07

/* Cipher enables.  These are used only for SSL_EnableCipher 
 * These values define the SSL2 suites, and do not colide with the 
 * SSL3 Cipher suites defined below.
 */
#define SSL_EN_RC4_128_WITH_MD5			0xFF01
#define SSL_EN_RC4_128_EXPORT40_WITH_MD5	0xFF02
#define SSL_EN_RC2_128_CBC_WITH_MD5		0xFF03
#define SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5	0xFF04
#define SSL_EN_IDEA_128_CBC_WITH_MD5		0xFF05
#define SSL_EN_DES_64_CBC_WITH_MD5		0xFF06
#define SSL_EN_DES_192_EDE3_CBC_WITH_MD5	0xFF07

/* SSL v3 Cipher Suites */
#define SSL_NULL_WITH_NULL_NULL			0x0000

#define SSL_RSA_WITH_NULL_MD5			0x0001
#define SSL_RSA_WITH_NULL_SHA			0x0002
#define SSL_RSA_EXPORT_WITH_RC4_40_MD5		0x0003
#define SSL_RSA_WITH_RC4_128_MD5		0x0004
#define SSL_RSA_WITH_RC4_128_SHA		0x0005
#define SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5	0x0006
#define SSL_RSA_WITH_IDEA_CBC_SHA		0x0007
#define SSL_RSA_EXPORT_WITH_DES40_CBC_SHA	0x0008
#define SSL_RSA_WITH_DES_CBC_SHA		0x0009
#define SSL_RSA_WITH_3DES_EDE_CBC_SHA		0x000a
						       
#define SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA	0x000b
#define SSL_DH_DSS_WITH_DES_CBC_SHA		0x000c
#define SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA	0x000d
#define SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA	0x000e
#define SSL_DH_RSA_WITH_DES_CBC_SHA		0x000f
#define SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA	0x0010
						       
#define SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA	0x0011
#define SSL_DHE_DSS_WITH_DES_CBC_SHA		0x0012
#define SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA	0x0013
#define SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA	0x0014
#define SSL_DHE_RSA_WITH_DES_CBC_SHA		0x0015
#define SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA	0x0016
						       
#define SSL_DH_ANON_EXPORT_WITH_RC4_40_MD5	0x0017
#define SSL_DH_ANON_WITH_RC4_128_MD5		0x0018
#define SSL_DH_ANON_EXPORT_WITH_DES40_CBC_SHA	0x0019
#define SSL_DH_ANON_WITH_DES_CBC_SHA		0x001a
#define SSL_DH_ANON_WITH_3DES_EDE_CBC_SHA	0x001b

#define SSL_FORTEZZA_DMS_WITH_NULL_SHA		0x001c
#define SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA	0x001d
#define SSL_FORTEZZA_DMS_WITH_RC4_128_SHA	0x001e

/* New TLS cipher suites */
#define TLS_RSA_WITH_AES_128_CBC_SHA      	0x002F
#define TLS_DH_DSS_WITH_AES_128_CBC_SHA   	0x0030
#define TLS_DH_RSA_WITH_AES_128_CBC_SHA   	0x0031
#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA  	0x0032
#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA  	0x0033
#define TLS_DH_ANON_WITH_AES_128_CBC_SHA  	0x0034

#define TLS_RSA_WITH_AES_256_CBC_SHA      	0x0035
#define TLS_DH_DSS_WITH_AES_256_CBC_SHA   	0x0036
#define TLS_DH_RSA_WITH_AES_256_CBC_SHA   	0x0037
#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA  	0x0038
#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA  	0x0039
#define TLS_DH_ANON_WITH_AES_256_CBC_SHA  	0x003A

#define TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA     0x0062
#define TLS_RSA_EXPORT1024_WITH_RC4_56_SHA      0x0064

#define TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA 0x0063
#define TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA  0x0065
#define TLS_DHE_DSS_WITH_RC4_128_SHA            0x0066

#ifdef NSS_ENABLE_ECC
/* "Experimental" ECC cipher suites. 
** XXX These numbers might change before the current IETF draft
** on ECC cipher suites for TLS becomes an RFC.
*/
#define TLS_ECDH_ECDSA_WITH_NULL_SHA            0x0047
#define TLS_ECDH_ECDSA_WITH_RC4_128_SHA         0x0048
#define TLS_ECDH_ECDSA_WITH_DES_CBC_SHA         0x0049
#define TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA    0x004A
#define TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA     0x004B
#define TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA     0x004C

#define TLS_ECDH_RSA_WITH_NULL_SHA              0x004D
#define TLS_ECDH_RSA_WITH_RC4_128_SHA           0x004E
#define TLS_ECDH_RSA_WITH_DES_CBC_SHA           0x004F
#define TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA      0x0050
#define TLS_ECDH_RSA_WITH_AES_128_CBC_SHA       0x0051
#define TLS_ECDH_RSA_WITH_AES_256_CBC_SHA       0x0052

#define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA    0x0077
#define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA      0x0078
#endif /* NSS_ENABLE_ECC */

/* Netscape "experimental" cipher suites. */
#define SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA	0xffe0
#define SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA	0xffe1

/* New non-experimental openly spec'ed versions of those cipher suites. */
#define SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA 	0xfeff
#define SSL_RSA_FIPS_WITH_DES_CBC_SHA      	0xfefe

#endif /* __sslproto_h_ */