1/*
2 * Copyright (c) 1999-2002,2005-2007,2010-2014 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24/*
25 * CipherSuite.h - SSL Cipher Suite definitions.
26 */
27
28#ifndef _SECURITY_CIPHERSUITE_H_
29#define _SECURITY_CIPHERSUITE_H_
30
31#include <TargetConditionals.h>
32#include <stdint.h>
33
34/*
35 * Defined as enum for debugging, but in the protocol
36 * it is actually exactly two bytes
37 */
38#if (TARGET_OS_MAC && !(TARGET_OS_EMBEDDED || TARGET_OS_IPHONE))
39/* 32-bit value on OS X */
40typedef uint32_t SSLCipherSuite;
41#else
42/* 16-bit value on iOS */
43typedef uint16_t SSLCipherSuite;
44#endif
45
46enum
47{   SSL_NULL_WITH_NULL_NULL =                   0x0000,
48    SSL_RSA_WITH_NULL_MD5 =                     0x0001,
49    SSL_RSA_WITH_NULL_SHA =                     0x0002,
50    SSL_RSA_EXPORT_WITH_RC4_40_MD5 =            0x0003,
51    SSL_RSA_WITH_RC4_128_MD5 =                  0x0004,
52    SSL_RSA_WITH_RC4_128_SHA =                  0x0005,
53    SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 =        0x0006,
54    SSL_RSA_WITH_IDEA_CBC_SHA =                 0x0007,
55    SSL_RSA_EXPORT_WITH_DES40_CBC_SHA =         0x0008,
56    SSL_RSA_WITH_DES_CBC_SHA =                  0x0009,
57    SSL_RSA_WITH_3DES_EDE_CBC_SHA =             0x000A,
58    SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA =      0x000B,
59    SSL_DH_DSS_WITH_DES_CBC_SHA =               0x000C,
60    SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA =          0x000D,
61    SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA =      0x000E,
62    SSL_DH_RSA_WITH_DES_CBC_SHA =               0x000F,
63    SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA =          0x0010,
64    SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA =     0x0011,
65    SSL_DHE_DSS_WITH_DES_CBC_SHA =              0x0012,
66    SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA =         0x0013,
67    SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA =     0x0014,
68    SSL_DHE_RSA_WITH_DES_CBC_SHA =              0x0015,
69    SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA =         0x0016,
70    SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 =        0x0017,
71    SSL_DH_anon_WITH_RC4_128_MD5 =              0x0018,
72    SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA =     0x0019,
73    SSL_DH_anon_WITH_DES_CBC_SHA =              0x001A,
74    SSL_DH_anon_WITH_3DES_EDE_CBC_SHA =         0x001B,
75    SSL_FORTEZZA_DMS_WITH_NULL_SHA =            0x001C,
76    SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA =    0x001D,
77
78	/* TLS addenda using AES, per RFC 3268 */
79	TLS_RSA_WITH_AES_128_CBC_SHA	  =			0x002F,
80	TLS_DH_DSS_WITH_AES_128_CBC_SHA	  =			0x0030,
81	TLS_DH_RSA_WITH_AES_128_CBC_SHA   =			0x0031,
82	TLS_DHE_DSS_WITH_AES_128_CBC_SHA  =			0x0032,
83	TLS_DHE_RSA_WITH_AES_128_CBC_SHA  =			0x0033,
84	TLS_DH_anon_WITH_AES_128_CBC_SHA  =			0x0034,
85	TLS_RSA_WITH_AES_256_CBC_SHA      =			0x0035,
86	TLS_DH_DSS_WITH_AES_256_CBC_SHA   =			0x0036,
87	TLS_DH_RSA_WITH_AES_256_CBC_SHA   =			0x0037,
88	TLS_DHE_DSS_WITH_AES_256_CBC_SHA  =			0x0038,
89	TLS_DHE_RSA_WITH_AES_256_CBC_SHA  =			0x0039,
90	TLS_DH_anon_WITH_AES_256_CBC_SHA  =			0x003A,
91
92	/* ECDSA addenda, RFC 4492 */
93	TLS_ECDH_ECDSA_WITH_NULL_SHA           =	0xC001,
94	TLS_ECDH_ECDSA_WITH_RC4_128_SHA        =	0xC002,
95	TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA   =	0xC003,
96	TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA    =	0xC004,
97	TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA    =	0xC005,
98	TLS_ECDHE_ECDSA_WITH_NULL_SHA          =	0xC006,
99	TLS_ECDHE_ECDSA_WITH_RC4_128_SHA       =	0xC007,
100	TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA  =	0xC008,
101	TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA   =	0xC009,
102	TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA   =	0xC00A,
103	TLS_ECDH_RSA_WITH_NULL_SHA             =	0xC00B,
104	TLS_ECDH_RSA_WITH_RC4_128_SHA          =	0xC00C,
105	TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA     =	0xC00D,
106	TLS_ECDH_RSA_WITH_AES_128_CBC_SHA      =	0xC00E,
107	TLS_ECDH_RSA_WITH_AES_256_CBC_SHA      =	0xC00F,
108	TLS_ECDHE_RSA_WITH_NULL_SHA            =	0xC010,
109	TLS_ECDHE_RSA_WITH_RC4_128_SHA         =	0xC011,
110	TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA    =	0xC012,
111	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA     =	0xC013,
112	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA     =	0xC014,
113	TLS_ECDH_anon_WITH_NULL_SHA            =	0xC015,
114	TLS_ECDH_anon_WITH_RC4_128_SHA         =	0xC016,
115	TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA    =	0xC017,
116	TLS_ECDH_anon_WITH_AES_128_CBC_SHA     =	0xC018,
117	TLS_ECDH_anon_WITH_AES_256_CBC_SHA     =	0xC019,
118
119    /* TLS 1.2 addenda, RFC 5246 */
120
121    /* Initial state. */
122    TLS_NULL_WITH_NULL_NULL                   = 0x0000,
123
124    /* Server provided RSA certificate for key exchange. */
125    TLS_RSA_WITH_NULL_MD5                     = 0x0001,
126    TLS_RSA_WITH_NULL_SHA                     = 0x0002,
127    TLS_RSA_WITH_RC4_128_MD5                  = 0x0004,
128    TLS_RSA_WITH_RC4_128_SHA                  = 0x0005,
129    TLS_RSA_WITH_3DES_EDE_CBC_SHA             = 0x000A,
130    //TLS_RSA_WITH_AES_128_CBC_SHA              = 0x002F,
131    //TLS_RSA_WITH_AES_256_CBC_SHA              = 0x0035,
132    TLS_RSA_WITH_NULL_SHA256                  = 0x003B,
133    TLS_RSA_WITH_AES_128_CBC_SHA256           = 0x003C,
134    TLS_RSA_WITH_AES_256_CBC_SHA256           = 0x003D,
135
136    /* Server-authenticated (and optionally client-authenticated) Diffie-Hellman. */
137    TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA          = 0x000D,
138    TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA          = 0x0010,
139    TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA         = 0x0013,
140    TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA         = 0x0016,
141    //TLS_DH_DSS_WITH_AES_128_CBC_SHA           = 0x0030,
142    //TLS_DH_RSA_WITH_AES_128_CBC_SHA           = 0x0031,
143    //TLS_DHE_DSS_WITH_AES_128_CBC_SHA          = 0x0032,
144    //TLS_DHE_RSA_WITH_AES_128_CBC_SHA          = 0x0033,
145    //TLS_DH_DSS_WITH_AES_256_CBC_SHA           = 0x0036,
146    //TLS_DH_RSA_WITH_AES_256_CBC_SHA           = 0x0037,
147    //TLS_DHE_DSS_WITH_AES_256_CBC_SHA          = 0x0038,
148    //TLS_DHE_RSA_WITH_AES_256_CBC_SHA          = 0x0039,
149    TLS_DH_DSS_WITH_AES_128_CBC_SHA256        = 0x003E,
150    TLS_DH_RSA_WITH_AES_128_CBC_SHA256        = 0x003F,
151    TLS_DHE_DSS_WITH_AES_128_CBC_SHA256       = 0x0040,
152    TLS_DHE_RSA_WITH_AES_128_CBC_SHA256       = 0x0067,
153    TLS_DH_DSS_WITH_AES_256_CBC_SHA256        = 0x0068,
154    TLS_DH_RSA_WITH_AES_256_CBC_SHA256        = 0x0069,
155    TLS_DHE_DSS_WITH_AES_256_CBC_SHA256       = 0x006A,
156    TLS_DHE_RSA_WITH_AES_256_CBC_SHA256       = 0x006B,
157
158    /* Completely anonymous Diffie-Hellman */
159    TLS_DH_anon_WITH_RC4_128_MD5              = 0x0018,
160    TLS_DH_anon_WITH_3DES_EDE_CBC_SHA         = 0x001B,
161    //TLS_DH_anon_WITH_AES_128_CBC_SHA          = 0x0034,
162    //TLS_DH_anon_WITH_AES_256_CBC_SHA          = 0x003A,
163    TLS_DH_anon_WITH_AES_128_CBC_SHA256       = 0x006C,
164    TLS_DH_anon_WITH_AES_256_CBC_SHA256       = 0x006D,
165
166    /* Addendum from RFC 4279, TLS PSK */
167
168    TLS_PSK_WITH_RC4_128_SHA                  = 0x008A,
169    TLS_PSK_WITH_3DES_EDE_CBC_SHA             = 0x008B,
170    TLS_PSK_WITH_AES_128_CBC_SHA              = 0x008C,
171    TLS_PSK_WITH_AES_256_CBC_SHA              = 0x008D,
172    TLS_DHE_PSK_WITH_RC4_128_SHA              = 0x008E,
173    TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA         = 0x008F,
174    TLS_DHE_PSK_WITH_AES_128_CBC_SHA          = 0x0090,
175    TLS_DHE_PSK_WITH_AES_256_CBC_SHA          = 0x0091,
176    TLS_RSA_PSK_WITH_RC4_128_SHA              = 0x0092,
177    TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA         = 0x0093,
178    TLS_RSA_PSK_WITH_AES_128_CBC_SHA          = 0x0094,
179    TLS_RSA_PSK_WITH_AES_256_CBC_SHA          = 0x0095,
180
181    /* RFC 4785 - Pre-Shared Key (PSK) Ciphersuites with NULL Encryption */
182
183    TLS_PSK_WITH_NULL_SHA                     = 0x002C,
184    TLS_DHE_PSK_WITH_NULL_SHA                 = 0x002D,
185    TLS_RSA_PSK_WITH_NULL_SHA                 = 0x002E,
186
187    /* Addenda from rfc 5288 AES Galois Counter Mode (GCM) Cipher Suites
188       for TLS. */
189    TLS_RSA_WITH_AES_128_GCM_SHA256           = 0x009C,
190    TLS_RSA_WITH_AES_256_GCM_SHA384           = 0x009D,
191    TLS_DHE_RSA_WITH_AES_128_GCM_SHA256       = 0x009E,
192    TLS_DHE_RSA_WITH_AES_256_GCM_SHA384       = 0x009F,
193    TLS_DH_RSA_WITH_AES_128_GCM_SHA256        = 0x00A0,
194    TLS_DH_RSA_WITH_AES_256_GCM_SHA384        = 0x00A1,
195    TLS_DHE_DSS_WITH_AES_128_GCM_SHA256       = 0x00A2,
196    TLS_DHE_DSS_WITH_AES_256_GCM_SHA384       = 0x00A3,
197    TLS_DH_DSS_WITH_AES_128_GCM_SHA256        = 0x00A4,
198    TLS_DH_DSS_WITH_AES_256_GCM_SHA384        = 0x00A5,
199    TLS_DH_anon_WITH_AES_128_GCM_SHA256       = 0x00A6,
200    TLS_DH_anon_WITH_AES_256_GCM_SHA384       = 0x00A7,
201
202    /* RFC 5487 - PSK with SHA-256/384 and AES GCM */
203    TLS_PSK_WITH_AES_128_GCM_SHA256           = 0x00A8,
204    TLS_PSK_WITH_AES_256_GCM_SHA384           = 0x00A9,
205    TLS_DHE_PSK_WITH_AES_128_GCM_SHA256       = 0x00AA,
206    TLS_DHE_PSK_WITH_AES_256_GCM_SHA384       = 0x00AB,
207    TLS_RSA_PSK_WITH_AES_128_GCM_SHA256       = 0x00AC,
208    TLS_RSA_PSK_WITH_AES_256_GCM_SHA384       = 0x00AD,
209
210    TLS_PSK_WITH_AES_128_CBC_SHA256           = 0x00AE,
211    TLS_PSK_WITH_AES_256_CBC_SHA384           = 0x00AF,
212    TLS_PSK_WITH_NULL_SHA256                  = 0x00B0,
213    TLS_PSK_WITH_NULL_SHA384                  = 0x00B1,
214
215    TLS_DHE_PSK_WITH_AES_128_CBC_SHA256       = 0x00B2,
216    TLS_DHE_PSK_WITH_AES_256_CBC_SHA384       = 0x00B3,
217    TLS_DHE_PSK_WITH_NULL_SHA256              = 0x00B4,
218    TLS_DHE_PSK_WITH_NULL_SHA384              = 0x00B5,
219
220    TLS_RSA_PSK_WITH_AES_128_CBC_SHA256       = 0x00B6,
221    TLS_RSA_PSK_WITH_AES_256_CBC_SHA384       = 0x00B7,
222    TLS_RSA_PSK_WITH_NULL_SHA256              = 0x00B8,
223    TLS_RSA_PSK_WITH_NULL_SHA384              = 0x00B9,
224
225
226    /* Addenda from rfc 5289  Elliptic Curve Cipher Suites with
227       HMAC SHA-256/384. */
228    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256   = 0xC023,
229    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384   = 0xC024,
230    TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256    = 0xC025,
231    TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384    = 0xC026,
232    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256     = 0xC027,
233    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384     = 0xC028,
234    TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256      = 0xC029,
235    TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384      = 0xC02A,
236
237    /* Addenda from rfc 5289  Elliptic Curve Cipher Suites with
238       SHA-256/384 and AES Galois Counter Mode (GCM) */
239    TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256   = 0xC02B,
240    TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384   = 0xC02C,
241    TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256    = 0xC02D,
242    TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384    = 0xC02E,
243    TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256     = 0xC02F,
244    TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384     = 0xC030,
245    TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256      = 0xC031,
246    TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384      = 0xC032,
247
248    /* RFC 5746 - Secure Renegotiation */
249    TLS_EMPTY_RENEGOTIATION_INFO_SCSV         = 0x00FF,
250	/*
251	 * Tags for SSL 2 cipher kinds which are not specified
252	 * for SSL 3.
253	 */
254    SSL_RSA_WITH_RC2_CBC_MD5 =                  0xFF80,
255    SSL_RSA_WITH_IDEA_CBC_MD5 =                 0xFF81,
256    SSL_RSA_WITH_DES_CBC_MD5 =                  0xFF82,
257    SSL_RSA_WITH_3DES_EDE_CBC_MD5 =             0xFF83,
258    SSL_NO_SUCH_CIPHERSUITE =                   0xFFFF
259};
260
261#endif	/* !_SECURITY_CIPHERSUITE_H_ */
262