kris
/
boringssl
1
0
Fork 0
Code Issues 0 Pull-Requests 0 Releases 0 Wiki Aktivität
Du kannst nicht mehr als 25 Themen auswählen Themen müssen entweder mit einem Buchstaben oder einer Ziffer beginnen. Sie können Bindestriche („-“) enthalten und bis zu 35 Zeichen lang sein.
1269 Commits
12 Branches
38 MiB
 
 
 
 
 
 
Struktur: 22ccc2d8f1
Branches Tags
${ item.name }
Erstelle Branch ${ searchTerm }
von „22ccc2d8f1“
${ noResults }
boringssl/include/openssl/tls1.h

715 Zeilen
32 KiB
Originalformat Blame Verlauf 

  1. /* ssl/tls1.h */

  2. /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)

  3.  * All rights reserved.

  4.  *

  5.  * This package is an SSL implementation written

  6.  * by Eric Young (eay@cryptsoft.com).

  7.  * The implementation was written so as to conform with Netscapes SSL.

  8.  *

  9.  * This library is free for commercial and non-commercial use as long as

  10.  * the following conditions are aheared to.  The following conditions

  11.  * apply to all code found in this distribution, be it the RC4, RSA,

  12.  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

  13.  * included with this distribution is covered by the same copyright terms

  14.  * except that the holder is Tim Hudson (tjh@cryptsoft.com).

  15.  *

  16.  * Copyright remains Eric Young's, and as such any Copyright notices in

  17.  * the code are not to be removed.

  18.  * If this package is used in a product, Eric Young should be given attribution

  19.  * as the author of the parts of the library used.

  20.  * This can be in the form of a textual message at program startup or

  21.  * in documentation (online or textual) provided with the package.

  22.  *

  23.  * Redistribution and use in source and binary forms, with or without

  24.  * modification, are permitted provided that the following conditions

  25.  * are met:

  26.  * 1. Redistributions of source code must retain the copyright

  27.  *    notice, this list of conditions and the following disclaimer.

  28.  * 2. Redistributions in binary form must reproduce the above copyright

  29.  *    notice, this list of conditions and the following disclaimer in the

  30.  *    documentation and/or other materials provided with the distribution.

  31.  * 3. All advertising materials mentioning features or use of this software

  32.  *    must display the following acknowledgement:

  33.  *    "This product includes cryptographic software written by

  34.  *     Eric Young (eay@cryptsoft.com)"

  35.  *    The word 'cryptographic' can be left out if the rouines from the library

  36.  *    being used are not cryptographic related :-).

  37.  * 4. If you include any Windows specific code (or a derivative thereof) from

  38.  *    the apps directory (application code) you must include an acknowledgement:

  39.  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"

  40.  *

  41.  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

  42.  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  43.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

  44.  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

  45.  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

  46.  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

  47.  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  48.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

  49.  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

  50.  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

  51.  * SUCH DAMAGE.

  52.  *

  53.  * The licence and distribution terms for any publically available version or

  54.  * derivative of this code cannot be changed.  i.e. this code cannot simply be

  55.  * copied and put under another distribution licence

  56.  * [including the GNU Public Licence.]

  57.  */

  58. /* ====================================================================

  59.  * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.

  60.  *

  61.  * Redistribution and use in source and binary forms, with or without

  62.  * modification, are permitted provided that the following conditions

  63.  * are met:

  64.  *

  65.  * 1. Redistributions of source code must retain the above copyright

  66.  *    notice, this list of conditions and the following disclaimer.

  67.  *

  68.  * 2. Redistributions in binary form must reproduce the above copyright

  69.  *    notice, this list of conditions and the following disclaimer in

  70.  *    the documentation and/or other materials provided with the

  71.  *    distribution.

  72.  *

  73.  * 3. All advertising materials mentioning features or use of this

  74.  *    software must display the following acknowledgment:

  75.  *    "This product includes software developed by the OpenSSL Project

  76.  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

  77.  *

  78.  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

  79.  *    endorse or promote products derived from this software without

  80.  *    prior written permission. For written permission, please contact

  81.  *    openssl-core@openssl.org.

  82.  *

  83.  * 5. Products derived from this software may not be called "OpenSSL"

  84.  *    nor may "OpenSSL" appear in their names without prior written

  85.  *    permission of the OpenSSL Project.

  86.  *

  87.  * 6. Redistributions of any form whatsoever must retain the following

  88.  *    acknowledgment:

  89.  *    "This product includes software developed by the OpenSSL Project

  90.  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

  91.  *

  92.  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

  93.  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  94.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

  95.  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

  96.  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

  97.  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

  98.  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

  99.  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  100.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

  101.  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

  102.  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

  103.  * OF THE POSSIBILITY OF SUCH DAMAGE.

  104.  * ====================================================================

  105.  *

  106.  * This product includes cryptographic software written by Eric Young

  107.  * (eay@cryptsoft.com).  This product includes software written by Tim

  108.  * Hudson (tjh@cryptsoft.com).

  109.  *

  110.  */

  111. /* ====================================================================

  112.  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.

  113.  *

  114.  * Portions of the attached software ("Contribution") are developed by

  115.  * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.

  116.  *

  117.  * The Contribution is licensed pursuant to the OpenSSL open source

  118.  * license provided above.

  119.  *

  120.  * ECC cipher suite support in OpenSSL originally written by

  121.  * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.

  122.  *

  123.  */

  124. /* ====================================================================

  125.  * Copyright 2005 Nokia. All rights reserved.

  126.  *

  127.  * The portions of the attached software ("Contribution") is developed by

  128.  * Nokia Corporation and is licensed pursuant to the OpenSSL open source

  129.  * license.

  130.  *

  131.  * The Contribution, originally written by Mika Kousa and Pasi Eronen of

  132.  * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites

  133.  * support (see RFC 4279) to OpenSSL.

  134.  *

  135.  * No patent licenses or other rights except those expressly stated in

  136.  * the OpenSSL open source license shall be deemed granted or received

  137.  * expressly, by implication, estoppel, or otherwise.

  138.  *

  139.  * No assurances are provided by Nokia that the Contribution does not

  140.  * infringe the patent or other intellectual property rights of any third

  141.  * party or that the license provides you with all the necessary rights

  142.  * to make use of the Contribution.

  143.  *

  144.  * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN

  145.  * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA

  146.  * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY

  147.  * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR

  148.  * OTHERWISE.

  149.  */

  150. 

  151. #ifndef HEADER_TLS1_H

  152. #define HEADER_TLS1_H

  153. 

  154. #include <openssl/buf.h>

  155. #include <openssl/stack.h>

  156. 

  157. #ifdef  __cplusplus

  158. extern "C" {

  159. #endif

  160. 

  161. 

  162. #define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 0

  163. 

  164. #define TLS1_2_VERSION 0x0303

  165. #define TLS1_2_VERSION_MAJOR 0x03

  166. #define TLS1_2_VERSION_MINOR 0x03

  167. 

  168. #define TLS1_1_VERSION 0x0302

  169. #define TLS1_1_VERSION_MAJOR 0x03

  170. #define TLS1_1_VERSION_MINOR 0x02

  171. 

  172. #define TLS1_VERSION 0x0301

  173. #define TLS1_VERSION_MAJOR 0x03

  174. #define TLS1_VERSION_MINOR 0x01

  175. 

  176. #define TLS1_get_version(s) \

  177.   ((s->version >> 8) == TLS1_VERSION_MAJOR ? s->version : 0)

  178. 

  179. #define TLS1_get_client_version(s) \

  180.   ((s->client_version >> 8) == TLS1_VERSION_MAJOR ? s->client_version : 0)

  181. 

  182. #define TLS1_AD_DECRYPTION_FAILED 21

  183. #define TLS1_AD_RECORD_OVERFLOW 22

  184. #define TLS1_AD_UNKNOWN_CA 48    /* fatal */

  185. #define TLS1_AD_ACCESS_DENIED 49 /* fatal */

  186. #define TLS1_AD_DECODE_ERROR 50  /* fatal */

  187. #define TLS1_AD_DECRYPT_ERROR 51

  188. #define TLS1_AD_EXPORT_RESTRICTION 60    /* fatal */

  189. #define TLS1_AD_PROTOCOL_VERSION 70      /* fatal */

  190. #define TLS1_AD_INSUFFICIENT_SECURITY 71 /* fatal */

  191. #define TLS1_AD_INTERNAL_ERROR 80        /* fatal */

  192. #define TLS1_AD_USER_CANCELLED 90

  193. #define TLS1_AD_NO_RENEGOTIATION 100

  194. /* codes 110-114 are from RFC3546 */

  195. #define TLS1_AD_UNSUPPORTED_EXTENSION 110

  196. #define TLS1_AD_CERTIFICATE_UNOBTAINABLE 111

  197. #define TLS1_AD_UNRECOGNIZED_NAME 112

  198. #define TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113

  199. #define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114

  200. #define TLS1_AD_UNKNOWN_PSK_IDENTITY 115 /* fatal */

  201. 

  202. /* ExtensionType values from RFC3546 / RFC4366 / RFC6066 */

  203. #define TLSEXT_TYPE_server_name 0

  204. #define TLSEXT_TYPE_max_fragment_length 1

  205. #define TLSEXT_TYPE_client_certificate_url 2

  206. #define TLSEXT_TYPE_trusted_ca_keys 3

  207. #define TLSEXT_TYPE_truncated_hmac 4

  208. #define TLSEXT_TYPE_status_request 5

  209. /* ExtensionType values from RFC4681 */

  210. #define TLSEXT_TYPE_user_mapping 6

  211. 

  212. /* ExtensionType values from RFC5878 */

  213. #define TLSEXT_TYPE_client_authz 7

  214. #define TLSEXT_TYPE_server_authz 8

  215. 

  216. /* ExtensionType values from RFC6091 */

  217. #define TLSEXT_TYPE_cert_type 9

  218. 

  219. /* ExtensionType values from RFC4492 */

  220. #define TLSEXT_TYPE_elliptic_curves 10

  221. #define TLSEXT_TYPE_ec_point_formats 11

  222. 

  223. /* ExtensionType value from RFC5054 */

  224. #define TLSEXT_TYPE_srp 12

  225. 

  226. /* ExtensionType values from RFC5246 */

  227. #define TLSEXT_TYPE_signature_algorithms 13

  228. 

  229. /* ExtensionType value from RFC5764 */

  230. #define TLSEXT_TYPE_use_srtp 14

  231. 

  232. /* ExtensionType value from RFC5620 */

  233. #define TLSEXT_TYPE_heartbeat 15

  234. 

  235. /* ExtensionType value from RFC7301 */

  236. #define TLSEXT_TYPE_application_layer_protocol_negotiation 16

  237. 

  238. /* ExtensionType value for TLS padding extension.

  239.  * http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml

  240.  * http://tools.ietf.org/html/draft-agl-tls-padding-03

  241.  */

  242. #define TLSEXT_TYPE_padding 21

  243. 

  244. /* https://tools.ietf.org/html/draft-ietf-tls-session-hash-01 */

  245. #define TLSEXT_TYPE_extended_master_secret 23

  246. 

  247. /* ExtensionType value from RFC4507 */

  248. #define TLSEXT_TYPE_session_ticket 35

  249. 

  250. /* ExtensionType value from RFC5746 */

  251. #define TLSEXT_TYPE_renegotiate 0xff01

  252. 

  253. /* ExtensionType value from RFC6962 */

  254. #define TLSEXT_TYPE_certificate_timestamp 18

  255. 

  256. /* This is not an IANA defined extension number */

  257. #define TLSEXT_TYPE_next_proto_neg 13172

  258. 

  259. /* This is not an IANA defined extension number */

  260. #define TLSEXT_TYPE_channel_id 30031

  261. #define TLSEXT_TYPE_channel_id_new 30032

  262. 

  263. /* NameType value from RFC 3546 */

  264. #define TLSEXT_NAMETYPE_host_name 0

  265. /* status request value from RFC 3546 */

  266. #define TLSEXT_STATUSTYPE_ocsp 1

  267. 

  268. /* ECPointFormat values from RFC 4492 */

  269. #define TLSEXT_ECPOINTFORMAT_uncompressed 0

  270. #define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime 1

  271. #define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2 2

  272. 

  273. /* Signature and hash algorithms from RFC 5246 */

  274. 

  275. #define TLSEXT_signature_anonymous 0

  276. #define TLSEXT_signature_rsa 1

  277. #define TLSEXT_signature_dsa 2

  278. #define TLSEXT_signature_ecdsa 3

  279. 

  280. #define TLSEXT_hash_none 0

  281. #define TLSEXT_hash_md5 1

  282. #define TLSEXT_hash_sha1 2

  283. #define TLSEXT_hash_sha224 3

  284. #define TLSEXT_hash_sha256 4

  285. #define TLSEXT_hash_sha384 5

  286. #define TLSEXT_hash_sha512 6

  287. 

  288. /* Flag set for unrecognised algorithms */

  289. #define TLSEXT_nid_unknown 0x1000000

  290. 

  291. /* ECC curves */

  292. 

  293. #define TLSEXT_curve_P_256 23

  294. #define TLSEXT_curve_P_384 24

  295. 

  296. 

  297. #define TLSEXT_MAXLEN_host_name 255

  298. 

  299. OPENSSL_EXPORT const char *SSL_get_servername(const SSL *s, const int type);

  300. OPENSSL_EXPORT int SSL_get_servername_type(const SSL *s);

  301. 

  302. /* SSL_export_keying_material exports a value derived from the master secret, as

  303.  * specified in RFC 5705. It writes |out_len| bytes to |out| given a label and

  304.  * optional context. (Since a zero length context is allowed, the |use_context|

  305.  * flag controls whether a context is included.)

  306.  *

  307.  * It returns one on success and zero otherwise. */

  308. OPENSSL_EXPORT int SSL_export_keying_material(

  309.     SSL *s, uint8_t *out, size_t out_len, const char *label, size_t label_len,

  310.     const uint8_t *context, size_t context_len, int use_context);

  311. 

  312. OPENSSL_EXPORT int SSL_get_sigalgs(SSL *s, int idx, int *psign, int *phash,

  313.                                    int *psignandhash, uint8_t *rsig,

  314.                                    uint8_t *rhash);

  315. 

  316. OPENSSL_EXPORT int SSL_get_shared_sigalgs(SSL *s, int idx, int *psign,

  317.                                           int *phash, int *psignandhash,

  318.                                           uint8_t *rsig, uint8_t *rhash);

  319. 

  320. #define SSL_set_tlsext_host_name(s, name)                              \

  321.   SSL_ctrl(s, SSL_CTRL_SET_TLSEXT_HOSTNAME, TLSEXT_NAMETYPE_host_name, \

  322.            (char *)name)

  323. 

  324. #define SSL_set_tlsext_debug_callback(ssl, cb) \

  325.   SSL_callback_ctrl(ssl, SSL_CTRL_SET_TLSEXT_DEBUG_CB, (void (*)(void))cb)

  326. 

  327. #define SSL_set_tlsext_debug_arg(ssl, arg) \

  328.   SSL_ctrl(ssl, SSL_CTRL_SET_TLSEXT_DEBUG_ARG, 0, (void *)arg)

  329. 

  330. #define SSL_CTX_set_tlsext_servername_callback(ctx, cb)         \

  331.   SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TLSEXT_SERVERNAME_CB, \

  332.                         (void (*)(void))cb)

  333. 

  334. #define SSL_TLSEXT_ERR_OK 0

  335. #define SSL_TLSEXT_ERR_ALERT_WARNING 1

  336. #define SSL_TLSEXT_ERR_ALERT_FATAL 2

  337. #define SSL_TLSEXT_ERR_NOACK 3

  338. 

  339. #define SSL_CTX_set_tlsext_servername_arg(ctx, arg) \

  340.   SSL_CTX_ctrl(ctx, SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG, 0, (void *)arg)

  341. 

  342. #define SSL_CTX_get_tlsext_ticket_keys(ctx, keys, keylen) \

  343.   SSL_CTX_ctrl((ctx), SSL_CTRL_GET_TLSEXT_TICKET_KEYS, (keylen), (keys))

  344. #define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \

  345.   SSL_CTX_ctrl((ctx), SSL_CTRL_SET_TLSEXT_TICKET_KEYS, (keylen), (keys))

  346. 

  347. #define SSL_CTX_set_tlsext_status_cb(ssl, cb)                   \

  348.   SSL_CTX_callback_ctrl(ssl, SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB, \

  349.                         (void (*)(void))cb)

  350. 

  351. #define SSL_CTX_set_tlsext_status_arg(ssl, arg) \

  352.   SSL_CTX_ctrl(ssl, SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG, 0, (void *)arg)

  353. 

  354. #define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb)               \

  355.   SSL_CTX_callback_ctrl(ssl, SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB, \

  356.                         (void (*)(void))cb)

  357. 

  358. 

  359. /* PSK ciphersuites from 4279 */

  360. #define TLS1_CK_PSK_WITH_RC4_128_SHA                    0x0300008A

  361. #define TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA               0x0300008B

  362. #define TLS1_CK_PSK_WITH_AES_128_CBC_SHA                0x0300008C

  363. #define TLS1_CK_PSK_WITH_AES_256_CBC_SHA                0x0300008D

  364. 

  365. /* Additional TLS ciphersuites from expired Internet Draft

  366.  * draft-ietf-tls-56-bit-ciphersuites-01.txt

  367.  * (available if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see

  368.  * s3_lib.c).  We actually treat them like SSL 3.0 ciphers, which we probably

  369.  * shouldn't.  Note that the first two are actually not in the IDs. */

  370. #define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5 0x03000060     /* not in ID */

  371. #define TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 0x03000061 /* not in ID */

  372. #define TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA 0x03000062

  373. #define TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA 0x03000063

  374. #define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA 0x03000064

  375. #define TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA 0x03000065

  376. #define TLS1_CK_DHE_DSS_WITH_RC4_128_SHA 0x03000066

  377. 

  378. /* AES ciphersuites from RFC3268 */

  379. 

  380. #define TLS1_CK_RSA_WITH_AES_128_SHA 0x0300002F

  381. #define TLS1_CK_DH_DSS_WITH_AES_128_SHA 0x03000030

  382. #define TLS1_CK_DH_RSA_WITH_AES_128_SHA 0x03000031

  383. #define TLS1_CK_DHE_DSS_WITH_AES_128_SHA 0x03000032

  384. #define TLS1_CK_DHE_RSA_WITH_AES_128_SHA 0x03000033

  385. #define TLS1_CK_ADH_WITH_AES_128_SHA 0x03000034

  386. 

  387. #define TLS1_CK_RSA_WITH_AES_256_SHA 0x03000035

  388. #define TLS1_CK_DH_DSS_WITH_AES_256_SHA 0x03000036

  389. #define TLS1_CK_DH_RSA_WITH_AES_256_SHA 0x03000037

  390. #define TLS1_CK_DHE_DSS_WITH_AES_256_SHA 0x03000038

  391. #define TLS1_CK_DHE_RSA_WITH_AES_256_SHA 0x03000039

  392. #define TLS1_CK_ADH_WITH_AES_256_SHA 0x0300003A

  393. 

  394. /* TLS v1.2 ciphersuites */

  395. #define TLS1_CK_RSA_WITH_NULL_SHA256 0x0300003B

  396. #define TLS1_CK_RSA_WITH_AES_128_SHA256 0x0300003C

  397. #define TLS1_CK_RSA_WITH_AES_256_SHA256 0x0300003D

  398. #define TLS1_CK_DH_DSS_WITH_AES_128_SHA256 0x0300003E

  399. #define TLS1_CK_DH_RSA_WITH_AES_128_SHA256 0x0300003F

  400. #define TLS1_CK_DHE_DSS_WITH_AES_128_SHA256 0x03000040

  401. 

  402. /* Camellia ciphersuites from RFC4132 */

  403. #define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000041

  404. #define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000042

  405. #define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000043

  406. #define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000044

  407. #define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000045

  408. #define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA 0x03000046

  409. 

  410. /* TLS v1.2 ciphersuites */

  411. #define TLS1_CK_DHE_RSA_WITH_AES_128_SHA256 0x03000067

  412. #define TLS1_CK_DH_DSS_WITH_AES_256_SHA256 0x03000068

  413. #define TLS1_CK_DH_RSA_WITH_AES_256_SHA256 0x03000069

  414. #define TLS1_CK_DHE_DSS_WITH_AES_256_SHA256 0x0300006A

  415. #define TLS1_CK_DHE_RSA_WITH_AES_256_SHA256 0x0300006B

  416. #define TLS1_CK_ADH_WITH_AES_128_SHA256 0x0300006C

  417. #define TLS1_CK_ADH_WITH_AES_256_SHA256 0x0300006D

  418. 

  419. /* Camellia ciphersuites from RFC4132 */

  420. #define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000084

  421. #define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000085

  422. #define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000086

  423. #define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000087

  424. #define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000088

  425. #define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA 0x03000089

  426. 

  427. /* SEED ciphersuites from RFC4162 */

  428. #define TLS1_CK_RSA_WITH_SEED_SHA 0x03000096

  429. #define TLS1_CK_DH_DSS_WITH_SEED_SHA 0x03000097

  430. #define TLS1_CK_DH_RSA_WITH_SEED_SHA 0x03000098

  431. #define TLS1_CK_DHE_DSS_WITH_SEED_SHA 0x03000099

  432. #define TLS1_CK_DHE_RSA_WITH_SEED_SHA 0x0300009A

  433. #define TLS1_CK_ADH_WITH_SEED_SHA 0x0300009B

  434. 

  435. /* TLS v1.2 GCM ciphersuites from RFC5288 */

  436. #define TLS1_CK_RSA_WITH_AES_128_GCM_SHA256 0x0300009C

  437. #define TLS1_CK_RSA_WITH_AES_256_GCM_SHA384 0x0300009D

  438. #define TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256 0x0300009E

  439. #define TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384 0x0300009F

  440. #define TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256 0x030000A0

  441. #define TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384 0x030000A1

  442. #define TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256 0x030000A2

  443. #define TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384 0x030000A3

  444. #define TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256 0x030000A4

  445. #define TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384 0x030000A5

  446. #define TLS1_CK_ADH_WITH_AES_128_GCM_SHA256 0x030000A6

  447. #define TLS1_CK_ADH_WITH_AES_256_GCM_SHA384 0x030000A7

  448. 

  449. /* ECC ciphersuites from RFC4492 */

  450. #define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA 0x0300C001

  451. #define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA 0x0300C002

  452. #define TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C003

  453. #define TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0x0300C004

  454. #define TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0x0300C005

  455. 

  456. #define TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA 0x0300C006

  457. #define TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA 0x0300C007

  458. #define TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C008

  459. #define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0x0300C009

  460. #define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0x0300C00A

  461. 

  462. #define TLS1_CK_ECDH_RSA_WITH_NULL_SHA 0x0300C00B

  463. #define TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA 0x0300C00C

  464. #define TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA 0x0300C00D

  465. #define TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA 0x0300C00E

  466. #define TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA 0x0300C00F

  467. 

  468. #define TLS1_CK_ECDHE_RSA_WITH_NULL_SHA 0x0300C010

  469. #define TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA 0x0300C011

  470. #define TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA 0x0300C012

  471. #define TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA 0x0300C013

  472. #define TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA 0x0300C014

  473. 

  474. #define TLS1_CK_ECDH_anon_WITH_NULL_SHA 0x0300C015

  475. #define TLS1_CK_ECDH_anon_WITH_RC4_128_SHA 0x0300C016

  476. #define TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA 0x0300C017

  477. #define TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA 0x0300C018

  478. #define TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA 0x0300C019

  479. 

  480. /* SRP ciphersuites from RFC 5054 */

  481. #define TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA 0x0300C01A

  482. #define TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA 0x0300C01B

  483. #define TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA 0x0300C01C

  484. #define TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA 0x0300C01D

  485. #define TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA 0x0300C01E

  486. #define TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA 0x0300C01F

  487. #define TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA 0x0300C020

  488. #define TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA 0x0300C021

  489. #define TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA 0x0300C022

  490. 

  491. /* ECDH HMAC based ciphersuites from RFC5289 */

  492. 

  493. #define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256 0x0300C023

  494. #define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384 0x0300C024

  495. #define TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256 0x0300C025

  496. #define TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384 0x0300C026

  497. #define TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256 0x0300C027

  498. #define TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384 0x0300C028

  499. #define TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256 0x0300C029

  500. #define TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384 0x0300C02A

  501. 

  502. /* ECDH GCM based ciphersuites from RFC5289 */

  503. #define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0x0300C02B

  504. #define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0x0300C02C

  505. #define TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0x0300C02D

  506. #define TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 0x0300C02E

  507. #define TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0x0300C02F

  508. #define TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0x0300C030

  509. #define TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256 0x0300C031

  510. #define TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384 0x0300C032

  511. 

  512. #define TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305 0x0300CC13

  513. #define TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305 0x0300CC14

  514. #define TLS1_CK_DHE_RSA_CHACHA20_POLY1305 0x0300CC15

  515. 

  516. /* Non-standard ECDHE PSK ciphersuites */

  517. #define TLS1_CK_ECDHE_PSK_WITH_AES_128_GCM_SHA256 0x0300CAFE

  518. 

  519. /* XXX

  520.  * Inconsistency alert:

  521.  * The OpenSSL names of ciphers with ephemeral DH here include the string

  522.  * "DHE", while elsewhere it has always been "EDH".

  523.  * (The alias for the list of all such ciphers also is "EDH".)

  524.  * The specifications speak of "EDH"; maybe we should allow both forms

  525.  * for everything. */

  526. #define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5 "EXP1024-RC4-MD5"

  527. #define TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 "EXP1024-RC2-CBC-MD5"

  528. #define TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA "EXP1024-DES-CBC-SHA"

  529. #define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA \

  530.   "EXP1024-DHE-DSS-DES-CBC-SHA"

  531. #define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA "EXP1024-RC4-SHA"

  532. #define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA "EXP1024-DHE-DSS-RC4-SHA"

  533. #define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA "DHE-DSS-RC4-SHA"

  534. 

  535. /* AES ciphersuites from RFC3268 */

  536. #define TLS1_TXT_RSA_WITH_AES_128_SHA "AES128-SHA"

  537. #define TLS1_TXT_DH_DSS_WITH_AES_128_SHA "DH-DSS-AES128-SHA"

  538. #define TLS1_TXT_DH_RSA_WITH_AES_128_SHA "DH-RSA-AES128-SHA"

  539. #define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA "DHE-DSS-AES128-SHA"

  540. #define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA "DHE-RSA-AES128-SHA"

  541. #define TLS1_TXT_ADH_WITH_AES_128_SHA "ADH-AES128-SHA"

  542. 

  543. #define TLS1_TXT_RSA_WITH_AES_256_SHA "AES256-SHA"

  544. #define TLS1_TXT_DH_DSS_WITH_AES_256_SHA "DH-DSS-AES256-SHA"

  545. #define TLS1_TXT_DH_RSA_WITH_AES_256_SHA "DH-RSA-AES256-SHA"

  546. #define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA "DHE-DSS-AES256-SHA"

  547. #define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA "DHE-RSA-AES256-SHA"

  548. #define TLS1_TXT_ADH_WITH_AES_256_SHA "ADH-AES256-SHA"

  549. 

  550. /* ECC ciphersuites from RFC4492 */

  551. #define TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA "ECDH-ECDSA-NULL-SHA"

  552. #define TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA "ECDH-ECDSA-RC4-SHA"

  553. #define TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA "ECDH-ECDSA-DES-CBC3-SHA"

  554. #define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA "ECDH-ECDSA-AES128-SHA"

  555. #define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA "ECDH-ECDSA-AES256-SHA"

  556. 

  557. #define TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA "ECDHE-ECDSA-NULL-SHA"

  558. #define TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA "ECDHE-ECDSA-RC4-SHA"

  559. #define TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA "ECDHE-ECDSA-DES-CBC3-SHA"

  560. #define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA "ECDHE-ECDSA-AES128-SHA"

  561. #define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA "ECDHE-ECDSA-AES256-SHA"

  562. 

  563. #define TLS1_TXT_ECDH_RSA_WITH_NULL_SHA "ECDH-RSA-NULL-SHA"

  564. #define TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA "ECDH-RSA-RC4-SHA"

  565. #define TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA "ECDH-RSA-DES-CBC3-SHA"

  566. #define TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA "ECDH-RSA-AES128-SHA"

  567. #define TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA "ECDH-RSA-AES256-SHA"

  568. 

  569. #define TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA "ECDHE-RSA-NULL-SHA"

  570. #define TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA "ECDHE-RSA-RC4-SHA"

  571. #define TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA "ECDHE-RSA-DES-CBC3-SHA"

  572. #define TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA "ECDHE-RSA-AES128-SHA"

  573. #define TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA "ECDHE-RSA-AES256-SHA"

  574. 

  575. #define TLS1_TXT_ECDH_anon_WITH_NULL_SHA "AECDH-NULL-SHA"

  576. #define TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA "AECDH-RC4-SHA"

  577. #define TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA "AECDH-DES-CBC3-SHA"

  578. #define TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA "AECDH-AES128-SHA"

  579. #define TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA "AECDH-AES256-SHA"

  580. 

  581. /* PSK ciphersuites from RFC 4279 */

  582. #define TLS1_TXT_PSK_WITH_RC4_128_SHA "PSK-RC4-SHA"

  583. #define TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA "PSK-3DES-EDE-CBC-SHA"

  584. #define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA "PSK-AES128-CBC-SHA"

  585. #define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA "PSK-AES256-CBC-SHA"

  586. 

  587. /* SRP ciphersuite from RFC 5054 */

  588. #define TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA "SRP-3DES-EDE-CBC-SHA"

  589. #define TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA "SRP-RSA-3DES-EDE-CBC-SHA"

  590. #define TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA "SRP-DSS-3DES-EDE-CBC-SHA"

  591. #define TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA "SRP-AES-128-CBC-SHA"

  592. #define TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA "SRP-RSA-AES-128-CBC-SHA"

  593. #define TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA "SRP-DSS-AES-128-CBC-SHA"

  594. #define TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA "SRP-AES-256-CBC-SHA"

  595. #define TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA "SRP-RSA-AES-256-CBC-SHA"

  596. #define TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA "SRP-DSS-AES-256-CBC-SHA"

  597. 

  598. /* Camellia ciphersuites from RFC4132 */

  599. #define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA "CAMELLIA128-SHA"

  600. #define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA "DH-DSS-CAMELLIA128-SHA"

  601. #define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA "DH-RSA-CAMELLIA128-SHA"

  602. #define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA "DHE-DSS-CAMELLIA128-SHA"

  603. #define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA "DHE-RSA-CAMELLIA128-SHA"

  604. #define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA "ADH-CAMELLIA128-SHA"

  605. 

  606. #define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA "CAMELLIA256-SHA"

  607. #define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA "DH-DSS-CAMELLIA256-SHA"

  608. #define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA "DH-RSA-CAMELLIA256-SHA"

  609. #define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA "DHE-DSS-CAMELLIA256-SHA"

  610. #define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA "DHE-RSA-CAMELLIA256-SHA"

  611. #define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA "ADH-CAMELLIA256-SHA"

  612. 

  613. /* SEED ciphersuites from RFC4162 */

  614. #define TLS1_TXT_RSA_WITH_SEED_SHA "SEED-SHA"

  615. #define TLS1_TXT_DH_DSS_WITH_SEED_SHA "DH-DSS-SEED-SHA"

  616. #define TLS1_TXT_DH_RSA_WITH_SEED_SHA "DH-RSA-SEED-SHA"

  617. #define TLS1_TXT_DHE_DSS_WITH_SEED_SHA "DHE-DSS-SEED-SHA"

  618. #define TLS1_TXT_DHE_RSA_WITH_SEED_SHA "DHE-RSA-SEED-SHA"

  619. #define TLS1_TXT_ADH_WITH_SEED_SHA "ADH-SEED-SHA"

  620. 

  621. /* TLS v1.2 ciphersuites */

  622. #define TLS1_TXT_RSA_WITH_NULL_SHA256 "NULL-SHA256"

  623. #define TLS1_TXT_RSA_WITH_AES_128_SHA256 "AES128-SHA256"

  624. #define TLS1_TXT_RSA_WITH_AES_256_SHA256 "AES256-SHA256"

  625. #define TLS1_TXT_DH_DSS_WITH_AES_128_SHA256 "DH-DSS-AES128-SHA256"

  626. #define TLS1_TXT_DH_RSA_WITH_AES_128_SHA256 "DH-RSA-AES128-SHA256"

  627. #define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256 "DHE-DSS-AES128-SHA256"

  628. #define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256 "DHE-RSA-AES128-SHA256"

  629. #define TLS1_TXT_DH_DSS_WITH_AES_256_SHA256 "DH-DSS-AES256-SHA256"

  630. #define TLS1_TXT_DH_RSA_WITH_AES_256_SHA256 "DH-RSA-AES256-SHA256"

  631. #define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256 "DHE-DSS-AES256-SHA256"

  632. #define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256 "DHE-RSA-AES256-SHA256"

  633. #define TLS1_TXT_ADH_WITH_AES_128_SHA256 "ADH-AES128-SHA256"

  634. #define TLS1_TXT_ADH_WITH_AES_256_SHA256 "ADH-AES256-SHA256"

  635. 

  636. /* TLS v1.2 GCM ciphersuites from RFC5288 */

  637. #define TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256 "AES128-GCM-SHA256"

  638. #define TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384 "AES256-GCM-SHA384"

  639. #define TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256 "DHE-RSA-AES128-GCM-SHA256"

  640. #define TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384 "DHE-RSA-AES256-GCM-SHA384"

  641. #define TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256 "DH-RSA-AES128-GCM-SHA256"

  642. #define TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384 "DH-RSA-AES256-GCM-SHA384"

  643. #define TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256 "DHE-DSS-AES128-GCM-SHA256"

  644. #define TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384 "DHE-DSS-AES256-GCM-SHA384"

  645. #define TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256 "DH-DSS-AES128-GCM-SHA256"

  646. #define TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384 "DH-DSS-AES256-GCM-SHA384"

  647. #define TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256 "ADH-AES128-GCM-SHA256"

  648. #define TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384 "ADH-AES256-GCM-SHA384"

  649. 

  650. /* ECDH HMAC based ciphersuites from RFC5289 */

  651. 

  652. #define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256 "ECDHE-ECDSA-AES128-SHA256"

  653. #define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384 "ECDHE-ECDSA-AES256-SHA384"

  654. #define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256 "ECDH-ECDSA-AES128-SHA256"

  655. #define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384 "ECDH-ECDSA-AES256-SHA384"

  656. #define TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256 "ECDHE-RSA-AES128-SHA256"

  657. #define TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384 "ECDHE-RSA-AES256-SHA384"

  658. #define TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256 "ECDH-RSA-AES128-SHA256"

  659. #define TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384 "ECDH-RSA-AES256-SHA384"

  660. 

  661. /* ECDH GCM based ciphersuites from RFC5289 */

  662. #define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 \

  663.   "ECDHE-ECDSA-AES128-GCM-SHA256"

  664. #define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 \

  665.   "ECDHE-ECDSA-AES256-GCM-SHA384"

  666. #define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 \

  667.   "ECDH-ECDSA-AES128-GCM-SHA256"

  668. #define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 \

  669.   "ECDH-ECDSA-AES256-GCM-SHA384"

  670. #define TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256 "ECDHE-RSA-AES128-GCM-SHA256"

  671. #define TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384 "ECDHE-RSA-AES256-GCM-SHA384"

  672. #define TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256 "ECDH-RSA-AES128-GCM-SHA256"

  673. #define TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384 "ECDH-RSA-AES256-GCM-SHA384"

  674. 

  675. #define TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305 "ECDHE-RSA-CHACHA20-POLY1305"

  676. #define TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 \

  677.   "ECDHE-ECDSA-CHACHA20-POLY1305"

  678. #define TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305 "DHE-RSA-CHACHA20-POLY1305"

  679. 

  680. /* Non-standard ECDHE PSK ciphersuites */

  681. #define TLS1_TXT_ECDHE_PSK_WITH_AES_128_GCM_SHA256 \

  682.   "ECDHE-PSK-WITH-AES-128-GCM-SHA256"

  683. 

  684. #define TLS_CT_RSA_SIGN 1

  685. #define TLS_CT_DSS_SIGN 2

  686. #define TLS_CT_RSA_FIXED_DH 3

  687. #define TLS_CT_DSS_FIXED_DH 4

  688. #define TLS_CT_ECDSA_SIGN 64

  689. #define TLS_CT_RSA_FIXED_ECDH 65

  690. #define TLS_CT_ECDSA_FIXED_ECDH 66

  691. 

  692. #define TLS_MD_MAX_CONST_SIZE 20

  693. #define TLS_MD_CLIENT_FINISH_CONST "client finished"

  694. #define TLS_MD_CLIENT_FINISH_CONST_SIZE 15

  695. #define TLS_MD_SERVER_FINISH_CONST "server finished"

  696. #define TLS_MD_SERVER_FINISH_CONST_SIZE 15

  697. #define TLS_MD_KEY_EXPANSION_CONST "key expansion"

  698. #define TLS_MD_KEY_EXPANSION_CONST_SIZE 13

  699. #define TLS_MD_CLIENT_WRITE_KEY_CONST "client write key"

  700. #define TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE 16

  701. #define TLS_MD_SERVER_WRITE_KEY_CONST "server write key"

  702. #define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE 16

  703. #define TLS_MD_IV_BLOCK_CONST "IV block"

  704. #define TLS_MD_IV_BLOCK_CONST_SIZE 8

  705. #define TLS_MD_MASTER_SECRET_CONST "master secret"

  706. #define TLS_MD_MASTER_SECRET_CONST_SIZE 13

  707. #define TLS_MD_EXTENDED_MASTER_SECRET_CONST "extended master secret"

  708. #define TLS_MD_EXTENDED_MASTER_SECRET_CONST_SIZE 22

  709. 

  710. 

  711. #ifdef  __cplusplus

  712. }

  713. #endif

  714. #endif