1/* 2 * Copyright (c) 1999-2002,2005-2007,2010-2014 Apple Inc. All Rights Reserved. 3 * 4 * @APPLE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. Please obtain a copy of the License at 10 * http://www.opensource.apple.com/apsl/ and read it before using this 11 * file. 12 * 13 * The Original Code and all software distributed under the License are 14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 18 * Please see the License for the specific language governing rights and 19 * limitations under the License. 20 * 21 * @APPLE_LICENSE_HEADER_END@ 22 */ 23 24/* 25 * CipherSuite.h - SSL Cipher Suite definitions. 26 */ 27 28#ifndef _SECURITY_CIPHERSUITE_H_ 29#define _SECURITY_CIPHERSUITE_H_ 30 31#include <TargetConditionals.h> 32#include <stdint.h> 33 34/* 35 * Defined as enum for debugging, but in the protocol 36 * it is actually exactly two bytes 37 */ 38#if (TARGET_OS_MAC && !(TARGET_OS_EMBEDDED || TARGET_OS_IPHONE)) 39/* 32-bit value on OS X */ 40typedef uint32_t SSLCipherSuite; 41#else 42/* 16-bit value on iOS */ 43typedef uint16_t SSLCipherSuite; 44#endif 45 46enum 47{ SSL_NULL_WITH_NULL_NULL = 0x0000, 48 SSL_RSA_WITH_NULL_MD5 = 0x0001, 49 SSL_RSA_WITH_NULL_SHA = 0x0002, 50 SSL_RSA_EXPORT_WITH_RC4_40_MD5 = 0x0003, 51 SSL_RSA_WITH_RC4_128_MD5 = 0x0004, 52 SSL_RSA_WITH_RC4_128_SHA = 0x0005, 53 SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = 0x0006, 54 SSL_RSA_WITH_IDEA_CBC_SHA = 0x0007, 55 SSL_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0008, 56 SSL_RSA_WITH_DES_CBC_SHA = 0x0009, 57 SSL_RSA_WITH_3DES_EDE_CBC_SHA = 0x000A, 58 SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x000B, 59 SSL_DH_DSS_WITH_DES_CBC_SHA = 0x000C, 60 SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA = 0x000D, 61 SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x000E, 62 SSL_DH_RSA_WITH_DES_CBC_SHA = 0x000F, 63 SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA = 0x0010, 64 SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x0011, 65 SSL_DHE_DSS_WITH_DES_CBC_SHA = 0x0012, 66 SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA = 0x0013, 67 SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0014, 68 SSL_DHE_RSA_WITH_DES_CBC_SHA = 0x0015, 69 SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x0016, 70 SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 = 0x0017, 71 SSL_DH_anon_WITH_RC4_128_MD5 = 0x0018, 72 SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA = 0x0019, 73 SSL_DH_anon_WITH_DES_CBC_SHA = 0x001A, 74 SSL_DH_anon_WITH_3DES_EDE_CBC_SHA = 0x001B, 75 SSL_FORTEZZA_DMS_WITH_NULL_SHA = 0x001C, 76 SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA = 0x001D, 77 78 /* TLS addenda using AES, per RFC 3268 */ 79 TLS_RSA_WITH_AES_128_CBC_SHA = 0x002F, 80 TLS_DH_DSS_WITH_AES_128_CBC_SHA = 0x0030, 81 TLS_DH_RSA_WITH_AES_128_CBC_SHA = 0x0031, 82 TLS_DHE_DSS_WITH_AES_128_CBC_SHA = 0x0032, 83 TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x0033, 84 TLS_DH_anon_WITH_AES_128_CBC_SHA = 0x0034, 85 TLS_RSA_WITH_AES_256_CBC_SHA = 0x0035, 86 TLS_DH_DSS_WITH_AES_256_CBC_SHA = 0x0036, 87 TLS_DH_RSA_WITH_AES_256_CBC_SHA = 0x0037, 88 TLS_DHE_DSS_WITH_AES_256_CBC_SHA = 0x0038, 89 TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x0039, 90 TLS_DH_anon_WITH_AES_256_CBC_SHA = 0x003A, 91 92 /* ECDSA addenda, RFC 4492 */ 93 TLS_ECDH_ECDSA_WITH_NULL_SHA = 0xC001, 94 TLS_ECDH_ECDSA_WITH_RC4_128_SHA = 0xC002, 95 TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = 0xC003, 96 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA = 0xC004, 97 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA = 0xC005, 98 TLS_ECDHE_ECDSA_WITH_NULL_SHA = 0xC006, 99 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = 0xC007, 100 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = 0xC008, 101 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 0xC009, 102 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0xC00A, 103 TLS_ECDH_RSA_WITH_NULL_SHA = 0xC00B, 104 TLS_ECDH_RSA_WITH_RC4_128_SHA = 0xC00C, 105 TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA = 0xC00D, 106 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA = 0xC00E, 107 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA = 0xC00F, 108 TLS_ECDHE_RSA_WITH_NULL_SHA = 0xC010, 109 TLS_ECDHE_RSA_WITH_RC4_128_SHA = 0xC011, 110 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 0xC012, 111 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0xC013, 112 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0xC014, 113 TLS_ECDH_anon_WITH_NULL_SHA = 0xC015, 114 TLS_ECDH_anon_WITH_RC4_128_SHA = 0xC016, 115 TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA = 0xC017, 116 TLS_ECDH_anon_WITH_AES_128_CBC_SHA = 0xC018, 117 TLS_ECDH_anon_WITH_AES_256_CBC_SHA = 0xC019, 118 119 /* TLS 1.2 addenda, RFC 5246 */ 120 121 /* Initial state. */ 122 TLS_NULL_WITH_NULL_NULL = 0x0000, 123 124 /* Server provided RSA certificate for key exchange. */ 125 TLS_RSA_WITH_NULL_MD5 = 0x0001, 126 TLS_RSA_WITH_NULL_SHA = 0x0002, 127 TLS_RSA_WITH_RC4_128_MD5 = 0x0004, 128 TLS_RSA_WITH_RC4_128_SHA = 0x0005, 129 TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x000A, 130 //TLS_RSA_WITH_AES_128_CBC_SHA = 0x002F, 131 //TLS_RSA_WITH_AES_256_CBC_SHA = 0x0035, 132 TLS_RSA_WITH_NULL_SHA256 = 0x003B, 133 TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x003C, 134 TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x003D, 135 136 /* Server-authenticated (and optionally client-authenticated) Diffie-Hellman. */ 137 TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA = 0x000D, 138 TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA = 0x0010, 139 TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA = 0x0013, 140 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x0016, 141 //TLS_DH_DSS_WITH_AES_128_CBC_SHA = 0x0030, 142 //TLS_DH_RSA_WITH_AES_128_CBC_SHA = 0x0031, 143 //TLS_DHE_DSS_WITH_AES_128_CBC_SHA = 0x0032, 144 //TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x0033, 145 //TLS_DH_DSS_WITH_AES_256_CBC_SHA = 0x0036, 146 //TLS_DH_RSA_WITH_AES_256_CBC_SHA = 0x0037, 147 //TLS_DHE_DSS_WITH_AES_256_CBC_SHA = 0x0038, 148 //TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x0039, 149 TLS_DH_DSS_WITH_AES_128_CBC_SHA256 = 0x003E, 150 TLS_DH_RSA_WITH_AES_128_CBC_SHA256 = 0x003F, 151 TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 = 0x0040, 152 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x0067, 153 TLS_DH_DSS_WITH_AES_256_CBC_SHA256 = 0x0068, 154 TLS_DH_RSA_WITH_AES_256_CBC_SHA256 = 0x0069, 155 TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 = 0x006A, 156 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x006B, 157 158 /* Completely anonymous Diffie-Hellman */ 159 TLS_DH_anon_WITH_RC4_128_MD5 = 0x0018, 160 TLS_DH_anon_WITH_3DES_EDE_CBC_SHA = 0x001B, 161 //TLS_DH_anon_WITH_AES_128_CBC_SHA = 0x0034, 162 //TLS_DH_anon_WITH_AES_256_CBC_SHA = 0x003A, 163 TLS_DH_anon_WITH_AES_128_CBC_SHA256 = 0x006C, 164 TLS_DH_anon_WITH_AES_256_CBC_SHA256 = 0x006D, 165 166 /* Addendum from RFC 4279, TLS PSK */ 167 168 TLS_PSK_WITH_RC4_128_SHA = 0x008A, 169 TLS_PSK_WITH_3DES_EDE_CBC_SHA = 0x008B, 170 TLS_PSK_WITH_AES_128_CBC_SHA = 0x008C, 171 TLS_PSK_WITH_AES_256_CBC_SHA = 0x008D, 172 TLS_DHE_PSK_WITH_RC4_128_SHA = 0x008E, 173 TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA = 0x008F, 174 TLS_DHE_PSK_WITH_AES_128_CBC_SHA = 0x0090, 175 TLS_DHE_PSK_WITH_AES_256_CBC_SHA = 0x0091, 176 TLS_RSA_PSK_WITH_RC4_128_SHA = 0x0092, 177 TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA = 0x0093, 178 TLS_RSA_PSK_WITH_AES_128_CBC_SHA = 0x0094, 179 TLS_RSA_PSK_WITH_AES_256_CBC_SHA = 0x0095, 180 181 /* RFC 4785 - Pre-Shared Key (PSK) Ciphersuites with NULL Encryption */ 182 183 TLS_PSK_WITH_NULL_SHA = 0x002C, 184 TLS_DHE_PSK_WITH_NULL_SHA = 0x002D, 185 TLS_RSA_PSK_WITH_NULL_SHA = 0x002E, 186 187 /* Addenda from rfc 5288 AES Galois Counter Mode (GCM) Cipher Suites 188 for TLS. */ 189 TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x009C, 190 TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x009D, 191 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x009E, 192 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x009F, 193 TLS_DH_RSA_WITH_AES_128_GCM_SHA256 = 0x00A0, 194 TLS_DH_RSA_WITH_AES_256_GCM_SHA384 = 0x00A1, 195 TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 = 0x00A2, 196 TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 = 0x00A3, 197 TLS_DH_DSS_WITH_AES_128_GCM_SHA256 = 0x00A4, 198 TLS_DH_DSS_WITH_AES_256_GCM_SHA384 = 0x00A5, 199 TLS_DH_anon_WITH_AES_128_GCM_SHA256 = 0x00A6, 200 TLS_DH_anon_WITH_AES_256_GCM_SHA384 = 0x00A7, 201 202 /* RFC 5487 - PSK with SHA-256/384 and AES GCM */ 203 TLS_PSK_WITH_AES_128_GCM_SHA256 = 0x00A8, 204 TLS_PSK_WITH_AES_256_GCM_SHA384 = 0x00A9, 205 TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 = 0x00AA, 206 TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 = 0x00AB, 207 TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 = 0x00AC, 208 TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 = 0x00AD, 209 210 TLS_PSK_WITH_AES_128_CBC_SHA256 = 0x00AE, 211 TLS_PSK_WITH_AES_256_CBC_SHA384 = 0x00AF, 212 TLS_PSK_WITH_NULL_SHA256 = 0x00B0, 213 TLS_PSK_WITH_NULL_SHA384 = 0x00B1, 214 215 TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 = 0x00B2, 216 TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 = 0x00B3, 217 TLS_DHE_PSK_WITH_NULL_SHA256 = 0x00B4, 218 TLS_DHE_PSK_WITH_NULL_SHA384 = 0x00B5, 219 220 TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 = 0x00B6, 221 TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 = 0x00B7, 222 TLS_RSA_PSK_WITH_NULL_SHA256 = 0x00B8, 223 TLS_RSA_PSK_WITH_NULL_SHA384 = 0x00B9, 224 225 226 /* Addenda from rfc 5289 Elliptic Curve Cipher Suites with 227 HMAC SHA-256/384. */ 228 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0xC023, 229 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 0xC024, 230 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 = 0xC025, 231 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 = 0xC026, 232 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0xC027, 233 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = 0xC028, 234 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 = 0xC029, 235 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 = 0xC02A, 236 237 /* Addenda from rfc 5289 Elliptic Curve Cipher Suites with 238 SHA-256/384 and AES Galois Counter Mode (GCM) */ 239 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0xC02B, 240 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 0xC02C, 241 TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 = 0xC02D, 242 TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 = 0xC02E, 243 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0xC02F, 244 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 0xC030, 245 TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 = 0xC031, 246 TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 = 0xC032, 247 248 /* RFC 5746 - Secure Renegotiation */ 249 TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0x00FF, 250 /* 251 * Tags for SSL 2 cipher kinds which are not specified 252 * for SSL 3. 253 */ 254 SSL_RSA_WITH_RC2_CBC_MD5 = 0xFF80, 255 SSL_RSA_WITH_IDEA_CBC_MD5 = 0xFF81, 256 SSL_RSA_WITH_DES_CBC_MD5 = 0xFF82, 257 SSL_RSA_WITH_3DES_EDE_CBC_MD5 = 0xFF83, 258 SSL_NO_SUCH_CIPHERSUITE = 0xFFFF 259}; 260 261#endif /* !_SECURITY_CIPHERSUITE_H_ */ 262