3709192002-03-20Martin Nilsson #pike __REAL_VERSION__
f5bb032001-09-17Martin Nilsson //! Protocol constants
332b8c2014-10-23Henrik Grubbström (Grubba) //! Constants for specifying the versions of SSL/TLS to use.
6262d42011-12-15Henrik Grubbström (Grubba) //! //! @seealso
fc7f092014-06-01Martin Nilsson //! @[Context]
caf60e2011-12-15Henrik Grubbström (Grubba) enum ProtocolVersion {
68b67e2014-04-05Henrik Grubbström (Grubba)  PROTOCOL_SSL_3_0 = 0x300, //! SSL 3.0 - The original SSL3 draft version.
dc93732015-08-22Martin Nilsson  PROTOCOL_TLS_1_0 = 0x301, //! TLS 1.0 - The @rfc{2246@} version of TLS. PROTOCOL_TLS_1_1 = 0x302, //! TLS 1.1 - The @rfc{4346@} version of TLS. PROTOCOL_TLS_1_2 = 0x303, //! TLS 1.2 - The @rfc{5246@} version of TLS.
cf9f152014-10-13Martin Nilsson  PROTOCOL_TLS_1_3 = 0x304, //! TLS 1.3 - draft
fc28fb2014-12-19Henrik Grubbström (Grubba) 
dc93732015-08-22Martin Nilsson  PROTOCOL_DTLS_1_0 = 0xfeff, //! DTLS 1.0 - The @rfc{4347@} //! version of DTLS. This is //! essentially TLS 1.1 over UDP.
5ba05c2014-12-20Henrik Grubbström (Grubba) 
dc93732015-08-22Martin Nilsson  PROTOCOL_DTLS_1_2 = 0xfefd, //! DTLS 1.2 - The @rfc{6347@} //! version of DTLS. This is //! essentially TLS 1.2 over UDP.
caf60e2011-12-15Henrik Grubbström (Grubba) }
2958552015-03-06Martin Nilsson //! Max supported TLS version.
f466b62014-04-04Henrik Grubbström (Grubba) constant PROTOCOL_TLS_MAX = PROTOCOL_TLS_1_2;
c5af4b2013-11-25Henrik Grubbström (Grubba) 
33ef431997-03-13Niels Möller /* Packet types */
e1fbac2014-03-16Martin Nilsson constant PACKET_change_cipher_spec = 20; // RFC 5246 constant PACKET_alert = 21; // RFC 5246 constant PACKET_handshake = 22; // RFC 5246 constant PACKET_application_data = 23; // RFC 5246 constant PACKET_heartbeat = 24; // RFC 6520
33ef431997-03-13Niels Möller constant PACKET_types = (< PACKET_change_cipher_spec, PACKET_alert, PACKET_handshake,
b8d7042014-04-14Henrik Grubbström (Grubba)  PACKET_application_data, PACKET_heartbeat, >);
33ef431997-03-13Niels Möller 
0dd4f82014-03-20Henrik Grubbström (Grubba) constant PACKET_MAX_SIZE = 0x4000; // 2^14.
33ef431997-03-13Niels Möller 
5e3a142014-04-30Martin Nilsson /* Handshake states */
d2e2852014-05-04Henrik Grubbström (Grubba) constant STATE_wait_for_hello = 0;
f13c092015-01-08Henrik Grubbström (Grubba) constant STATE_wait_for_key_share = 1; constant STATE_wait_for_peer = 2; constant STATE_wait_for_verify = 3; constant STATE_wait_for_finish = 4; constant STATE_handshake_finished = 5;
5e3a142014-04-30Martin Nilsson 
2ed01a2014-05-23Henrik Grubbström (Grubba) //! Connection states. //! //! These are the states that a [Connection] may have. //! //! Queueing of more application data is only //! allowed in the states @[CONNECTION_ready] and //! @[CONNECTION_handshaking]. enum ConnectionState { CONNECTION_ready = 0x0000, //! Connection is ready for use.
cb27672014-05-24Henrik Grubbström (Grubba)  // Handshaking.
2ed01a2014-05-23Henrik Grubbström (Grubba)  CONNECTION_handshaking = 0x0100, //! Handshaking not done.
cb27672014-05-24Henrik Grubbström (Grubba)  // Peer.
2ed01a2014-05-23Henrik Grubbström (Grubba)  CONNECTION_peer_closed = 0x0001, //! Peer has closed the connection. CONNECTION_peer_fatal = 0x0002, //! Peer has issued a fatal alert.
cb27672014-05-24Henrik Grubbström (Grubba)  // Local.
2ed01a2014-05-23Henrik Grubbström (Grubba)  CONNECTION_local_closed = 0x0010, //! Local close packet sent. CONNECTION_local_fatal = 0x0020, //! Fatal alert sent. CONNECTION_local_closing = 0x0040, //! Local close packet pending. CONNECTION_local_failing = 0x0080, //! Fatal alert pending.
cb27672014-05-24Henrik Grubbström (Grubba)  // Some composite values. CONNECTION_closed = 0x0011, //! Closed at both ends. CONNECTION_closing = 0x0051, //! Connection closing mask. CONNECTION_peer_down = 0x000f, //! Peer mask. CONNECTION_local_down = 0x00f0, //! Local mask. CONNECTION_failing = 0x00a2, //! Connection failing mask.
2ed01a2014-05-23Henrik Grubbström (Grubba) };
33ef431997-03-13Niels Möller /* Cipher specification */ constant CIPHER_stream = 0; constant CIPHER_block = 1;
d1bd752013-12-04Henrik Grubbström (Grubba) constant CIPHER_aead = 2; constant CIPHER_types = (< CIPHER_stream, CIPHER_block, CIPHER_aead >);
33ef431997-03-13Niels Möller  constant CIPHER_null = 0; constant CIPHER_rc4_40 = 2;
4e3d1d2013-11-28Henrik Grubbström (Grubba) constant CIPHER_rc2_40 = 3;
998e451999-05-23Martin Stjernholm constant CIPHER_des40 = 6; constant CIPHER_rc4 = 1;
33ef431997-03-13Niels Möller constant CIPHER_des = 4; constant CIPHER_3des = 5; constant CIPHER_fortezza = 7; constant CIPHER_idea = 8;
26f1482010-12-21Henrik Grubbström (Grubba) constant CIPHER_aes = 9; constant CIPHER_aes256 = 10;
fbc9502013-10-26Henrik Grubbström (Grubba) constant CIPHER_camellia128 = 11; constant CIPHER_camellia256 = 12;
de55552014-05-16Henrik Grubbström (Grubba) constant CIPHER_chacha20 = 13;
a9bce32011-12-23Henrik Grubbström (Grubba)  //! Mapping from cipher algorithm to effective key length.
ee7a0f2013-10-24Henrik Grubbström (Grubba) constant CIPHER_effective_keylengths = ([
3524712015-05-26Martin Nilsson  CIPHER_null: 0,
4e3d1d2013-11-28Henrik Grubbström (Grubba)  CIPHER_rc2_40: 16, // A 64bit key in RC2 has strength ~34...
cc4ef62015-03-09Henrik Grubbström (Grubba)  CIPHER_rc4_40: 24, // Estimated from plain rc4.
5133f12013-11-30Henrik Grubbström (Grubba)  CIPHER_des40: 32, // A 56bit key in DES has strength ~40...
cc4ef62015-03-09Henrik Grubbström (Grubba)  CIPHER_rc4: 38, // RFC 7465: 13*2^30 encryptions.
ee7a0f2013-10-24Henrik Grubbström (Grubba)  CIPHER_des: 40, CIPHER_3des: 112,
a9bce32011-12-23Henrik Grubbström (Grubba)  CIPHER_fortezza: 96,
9f803a2015-04-10Henrik Grubbström (Grubba)  CIPHER_idea: 128, // 126.1 bits with bicliques attack. CIPHER_aes: 128, // 126.1 bits with bicliques attack. CIPHER_aes256: 256, // 254.4 bits with bicliques attack.
fbc9502013-10-26Henrik Grubbström (Grubba)  CIPHER_camellia128: 128, CIPHER_camellia256: 256,
de55552014-05-16Henrik Grubbström (Grubba)  CIPHER_chacha20: 256,
a9bce32011-12-23Henrik Grubbström (Grubba) ]);
0c4ea52015-08-22Martin Nilsson //! Hash algorithms as per @rfc{5246:7.4.1.4.1@}.
e3b3db2013-10-24Henrik Grubbström (Grubba) enum HashAlgorithm { HASH_none = 0, HASH_md5 = 1, HASH_sha = 2, HASH_sha224 = 3, HASH_sha256 = 4, HASH_sha384 = 5, HASH_sha512 = 6, }
33ef431997-03-13Niels Möller 
d1bd752013-12-04Henrik Grubbström (Grubba) //! Cipher operation modes. enum CipherModes { MODE_cbc = 0, //! CBC - Cipher Block Chaining mode.
e454252014-03-18Henrik Grubbström (Grubba)  MODE_ccm_8 = 1, //! CCM - Counter with 8 bit CBC-MAC mode. MODE_ccm = 2, //! CCM - Counter with CBC-MAC mode. MODE_gcm = 3, //! GCM - Galois Cipher Mode.
de55552014-05-16Henrik Grubbström (Grubba)  MODE_poly1305 = 4, //! Poly1305 - Used only with ChaCha20.
d1bd752013-12-04Henrik Grubbström (Grubba) }
c5af4b2013-11-25Henrik Grubbström (Grubba) //! Lookup from @[HashAlgorithm] to corresponding @[Crypto.Hash]. constant HASH_lookup = ([ #if constant(Crypto.SHA512) HASH_sha512: Crypto.SHA512, #endif #if constant(Crypto.SHA384) HASH_sha384: Crypto.SHA384, #endif HASH_sha256: Crypto.SHA256,
52e8792013-11-27Arne Goedeke #if constant(Crypto.SHA224)
c5af4b2013-11-25Henrik Grubbström (Grubba)  HASH_sha224: Crypto.SHA224,
52e8792013-11-27Arne Goedeke #endif
c5af4b2013-11-25Henrik Grubbström (Grubba)  HASH_sha: Crypto.SHA1, HASH_md5: Crypto.MD5, ]); //! Signature algorithms from TLS 1.2. enum SignatureAlgorithm { SIGNATURE_anonymous = 0, //! No signature. SIGNATURE_rsa = 1, //! RSASSA PKCS1 v1.5 signature. SIGNATURE_dsa = 2, //! DSS signature. SIGNATURE_ecdsa = 3, //! ECDSA signature. }
cd592b2003-11-08Henrik Grubbström (Grubba) //! Key exchange methods. enum KeyExchangeType {
bf52942013-11-24Henrik Grubbström (Grubba)  KE_null = 0, //! None.
cd592b2003-11-08Henrik Grubbström (Grubba)  KE_rsa = 1, //! Rivest-Shamir-Adelman
70997d2015-03-04Henrik Grubbström (Grubba)  KE_rsa_export = 2, //! Rivest-Shamir-Adelman (EXPORT) KE_dh_dss = 3, //! Diffie-Hellman cert signed with DSS KE_dh_rsa = 4, //! Diffie-Hellman cert signed with RSA KE_dhe_dss = 5, //! Diffie-Hellman Ephemeral DSS KE_dhe_rsa = 6, //! Diffie-Hellman Ephemeral RSA KE_dh_anon = 7, //! Diffie-Hellman Anonymous KE_dms = 8, KE_fortezza = 9,
4851ae2014-01-01Henrik Grubbström (Grubba)  // The following five are from RFC 4492.
70997d2015-03-04Henrik Grubbström (Grubba)  KE_ecdh_ecdsa = 10, //! Elliptic Curve DH cert signed with ECDSA KE_ecdhe_ecdsa= 11, //! Elliptic Curve DH Ephemeral with ECDSA KE_ecdh_rsa = 12, //! Elliptic Curve DH cert signed with RSA KE_ecdhe_rsa = 13, //! Elliptic Curve DH Ephemeral with RSA KE_ecdh_anon = 14, //! Elliptic Curve DH Anonymous
9fc7042014-03-19Henrik Grubbström (Grubba)  // The following three are from RFC 4279.
ad787f2015-04-06Martin Nilsson  KE_psk = 15, //! Pre-shared Key KE_dhe_psk = 16, //! Pre-shared Key with DHE KE_rsa_psk = 17, //! Pre-shared Key signed with RSA
ff9a3e2015-04-06Martin Nilsson  // This is from RFC 5489. KE_ecdhe_psk = 18, //! Pre-shared Key with ECDHE
9fc7042014-03-19Henrik Grubbström (Grubba)  // The following three are from RFC 5054.
ff9a3e2015-04-06Martin Nilsson  KE_srp_sha = 19, //! Secure Remote Password (SRP) KE_srp_sha_rsa= 20, //! SRP signed with RSA KE_srp_sha_dss= 21, //! SRP signed with DSS
55ce992014-04-17Henrik Grubbström (Grubba)  // This was used during SSL 3.0 to test TLS 1.0.
ff9a3e2015-04-06Martin Nilsson  KE_rsa_fips = 22, //! Rivest-Shamir-Adelman with FIPS keys.
6501bd2013-11-29Henrik Grubbström (Grubba) }
33ef431997-03-13Niels Möller 
bde0aa2015-02-23Martin Nilsson constant KE_ecc_mask = (1<<KE_ecdh_ecdsa)|(1<<KE_ecdhe_ecdsa)| (1<<KE_ecdh_rsa)|(1<<KE_ecdhe_rsa)|(1<<KE_ecdh_anon);
b3ff3f2014-04-14Martin Nilsson //! Lists @[KeyExchangeType] that doesn't require certificates. constant KE_Anonymous = (< KE_null, KE_dh_anon, KE_ecdh_anon,
4d2d8e2015-02-18Martin Nilsson  KE_psk, KE_dhe_psk,
ad787f2015-04-06Martin Nilsson  KE_ecdhe_psk,
b3ff3f2014-04-14Martin Nilsson >);
beb7ad2014-03-08Henrik Grubbström (Grubba) 
cd592b2003-11-08Henrik Grubbström (Grubba) //! Compression methods. enum CompressionType {
1938502011-01-09Henrik Grubbström (Grubba)  COMPRESSION_null = 0, //! No compression.
dc93732015-08-22Martin Nilsson  COMPRESSION_deflate = 1, //! Deflate compression. @rfc{3749@} COMPRESSION_lzs = 64, //! LZS compression. @rfc{3943@}
6501bd2013-11-29Henrik Grubbström (Grubba) }
33ef431997-03-13Niels Möller 
5321c22015-01-18Henrik Grubbström (Grubba) /* Signature context strings. */ constant SIGN_server_certificate_verify = " "*64 + "TLS 1.3, server CertificateVerify\0"; constant SIGN_client_certificate_verify = " "*64 + "TLS 1.3, client CertificateVerify\0";
33ef431997-03-13Niels Möller /* Alert messages */ constant ALERT_warning = 1; constant ALERT_fatal = 2; constant ALERT_levels = (< ALERT_warning, ALERT_fatal >);
feb6562011-12-15Henrik Grubbström (Grubba) constant ALERT_close_notify = 0; // SSL 3.0 constant ALERT_unexpected_message = 10; // SSL 3.0 constant ALERT_bad_record_mac = 20; // SSL 3.0 constant ALERT_decryption_failed = 21; // TLS 1.0 constant ALERT_record_overflow = 22; // TLS 1.0 constant ALERT_decompression_failure = 30; // SSL 3.0 constant ALERT_handshake_failure = 40; // SSL 3.0 constant ALERT_no_certificate = 41; // SSL 3.0 constant ALERT_bad_certificate = 42; // SSL 3.0 constant ALERT_unsupported_certificate = 43; // SSL 3.0 constant ALERT_certificate_revoked = 44; // SSL 3.0 constant ALERT_certificate_expired = 45; // SSL 3.0 constant ALERT_certificate_unknown = 46; // SSL 3.0 constant ALERT_illegal_parameter = 47; // SSL 3.0 constant ALERT_unknown_ca = 48; // TLS 1.0 constant ALERT_access_denied = 49; // TLS 1.0 constant ALERT_decode_error = 50; // TLS 1.0 constant ALERT_decrypt_error = 51; // TLS 1.0
b3fa862015-04-05Martin Nilsson constant ALERT_export_restriction = 60; // TLS 1.0
feb6562011-12-15Henrik Grubbström (Grubba) constant ALERT_protocol_version = 70; // TLS 1.0 constant ALERT_insufficient_security = 71; // TLS 1.0 constant ALERT_internal_error = 80; // TLS 1.0
28e57a2015-04-25Henrik Grubbström (Grubba) constant ALERT_inappropriate_fallback = 86; // RFC 7507
feb6562011-12-15Henrik Grubbström (Grubba) constant ALERT_user_canceled = 90; // TLS 1.0 constant ALERT_no_renegotiation = 100; // TLS 1.0 constant ALERT_unsupported_extension = 110; // RFC 3546 constant ALERT_certificate_unobtainable = 111; // RFC 3546 constant ALERT_unrecognized_name = 112; // RFC 3546 constant ALERT_bad_certificate_status_response = 113; // RFC 3546 constant ALERT_bad_certificate_hash_value = 114; // RFC 3546
e1fbac2014-03-16Martin Nilsson constant ALERT_unknown_psk_identity = 115; // RFC 4279
73cbaf2013-09-02Martin Nilsson constant ALERT_no_application_protocol = 120; // draft-ietf-tls-applayerprotoneg
feb6562011-12-15Henrik Grubbström (Grubba) constant ALERT_descriptions = ([ ALERT_close_notify: "Connection closed.", ALERT_unexpected_message: "An inappropriate message was received.", ALERT_bad_record_mac: "Incorrect MAC.", ALERT_decryption_failed: "Decryption failure.", ALERT_record_overflow: "Record overflow.", ALERT_decompression_failure: "Decompression failure.", ALERT_handshake_failure: "Handshake failure.", ALERT_no_certificate: "Certificate required.", ALERT_bad_certificate: "Bad certificate.", ALERT_unsupported_certificate: "Unsupported certificate.", ALERT_certificate_revoked: "Certificate revoked.", ALERT_certificate_expired: "Certificate expired.", ALERT_certificate_unknown: "Unknown certificate problem.", ALERT_illegal_parameter: "Illegal parameter.", ALERT_unknown_ca: "Unknown certification authority.", ALERT_access_denied: "Access denied.", ALERT_decode_error: "Decoding error.", ALERT_decrypt_error: "Decryption error.",
b3fa862015-04-05Martin Nilsson  ALERT_export_restriction: "Export restrictions apply.",
feb6562011-12-15Henrik Grubbström (Grubba)  ALERT_protocol_version: "Unsupported protocol.", ALERT_insufficient_security: "Insufficient security.", ALERT_internal_error: "Internal error.",
0e21bb2014-07-06Henrik Grubbström (Grubba)  ALERT_inappropriate_fallback: "Inappropriate fallback.",
feb6562011-12-15Henrik Grubbström (Grubba)  ALERT_user_canceled: "User canceled.", ALERT_no_renegotiation: "Renegotiation not allowed.", ALERT_unsupported_extension: "Unsolicitaded extension.", ALERT_certificate_unobtainable: "Failed to obtain certificate.", ALERT_unrecognized_name: "Unrecognized host name.", ALERT_bad_certificate_status_response: "Bad certificate status response.", ALERT_bad_certificate_hash_value: "Invalid certificate signature.",
b3fa862015-04-05Martin Nilsson  ALERT_unknown_psk_identity: "Unknown PSK identity.", ALERT_no_application_protocol: "No compatible application layer protocol.",
feb6562011-12-15Henrik Grubbström (Grubba) ]);
b3fa862015-04-05Martin Nilsson  constant ALERT_deprecated = ([ ALERT_decryption_failed: PROTOCOL_TLS_1_2, ALERT_decompression_failure: PROTOCOL_TLS_1_3, ALERT_no_certificate: PROTOCOL_TLS_1_1, ALERT_export_restriction: PROTOCOL_TLS_1_1, ]);
33ef431997-03-13Niels Möller constant CONNECTION_client = 0; constant CONNECTION_server = 1; constant CONNECTION_client_auth = 2; /* Cipher suites */
01c60c2013-10-23Henrik Grubbström (Grubba) constant SSL_null_with_null_null = 0x0000; // SSL 3.0 constant SSL_rsa_with_null_md5 = 0x0001; // SSL 3.0 constant SSL_rsa_with_null_sha = 0x0002; // SSL 3.0 constant SSL_rsa_export_with_rc4_40_md5 = 0x0003; // SSL 3.0
fdbe052014-12-03Henrik Grubbström (Grubba) constant SSL_rsa_with_rc4_128_md5 = 0x0004; // SSL 3.0 constant SSL_rsa_with_rc4_128_sha = 0x0005; // SSL 3.0
01c60c2013-10-23Henrik Grubbström (Grubba) constant SSL_rsa_export_with_rc2_cbc_40_md5 = 0x0006; // SSL 3.0
fdbe052014-12-03Henrik Grubbström (Grubba) constant SSL_rsa_with_idea_cbc_sha = 0x0007; // SSL 3.0
8e87e42014-11-20Martin Nilsson constant TLS_rsa_with_idea_cbc_sha = 0x0007; // RFC 5469
01c60c2013-10-23Henrik Grubbström (Grubba) constant SSL_rsa_export_with_des40_cbc_sha = 0x0008; // SSL 3.0
fdbe052014-12-03Henrik Grubbström (Grubba) constant SSL_rsa_with_des_cbc_sha = 0x0009; // SSL 3.0
8e87e42014-11-20Martin Nilsson constant TLS_rsa_with_des_cbc_sha = 0x0009; // RFC 5469
fdbe052014-12-03Henrik Grubbström (Grubba) constant SSL_rsa_with_3des_ede_cbc_sha = 0x000a; // SSL 3.0
01c60c2013-10-23Henrik Grubbström (Grubba) constant SSL_dh_dss_export_with_des40_cbc_sha = 0x000b; // SSL 3.0
fdbe052014-12-03Henrik Grubbström (Grubba) constant SSL_dh_dss_with_des_cbc_sha = 0x000c; // SSL 3.0
8e87e42014-11-20Martin Nilsson constant TLS_dh_dss_with_des_cbc_sha = 0x000c; // RFC 5469
01c60c2013-10-23Henrik Grubbström (Grubba) constant SSL_dh_rsa_export_with_des40_cbc_sha = 0x000e; // SSL 3.0 constant SSL_dh_dss_with_3des_ede_cbc_sha = 0x000d; // SSL 3.0 constant SSL_dh_rsa_with_des_cbc_sha = 0x000f; // SSL 3.0
fdbe052014-12-03Henrik Grubbström (Grubba) constant TLS_dh_rsa_with_des_cbc_sha = 0x000f; // RFC 5469
01c60c2013-10-23Henrik Grubbström (Grubba) constant SSL_dh_rsa_with_3des_ede_cbc_sha = 0x0010; // SSL 3.0
fdbe052014-12-03Henrik Grubbström (Grubba) constant SSL_dhe_dss_export_with_des40_cbc_sha = 0x0011; // SSL 3.0
01c60c2013-10-23Henrik Grubbström (Grubba) constant SSL_dhe_dss_with_des_cbc_sha = 0x0012; // SSL 3.0
fdbe052014-12-03Henrik Grubbström (Grubba) constant TLS_dhe_dss_with_des_cbc_sha = 0x0012; // RFC 5469
01c60c2013-10-23Henrik Grubbström (Grubba) constant SSL_dhe_dss_with_3des_ede_cbc_sha = 0x0013; // SSL 3.0
fdbe052014-12-03Henrik Grubbström (Grubba) constant SSL_dhe_rsa_export_with_des40_cbc_sha = 0x0014; // SSL 3.0
01c60c2013-10-23Henrik Grubbström (Grubba) constant SSL_dhe_rsa_with_des_cbc_sha = 0x0015; // SSL 3.0
fdbe052014-12-03Henrik Grubbström (Grubba) constant TLS_dhe_rsa_with_des_cbc_sha = 0x0015; // RFC 5469
01c60c2013-10-23Henrik Grubbström (Grubba) constant SSL_dhe_rsa_with_3des_ede_cbc_sha = 0x0016; // SSL 3.0
fdbe052014-12-03Henrik Grubbström (Grubba) constant SSL_dh_anon_export_with_rc4_40_md5 = 0x0017; // SSL 3.0
01c60c2013-10-23Henrik Grubbström (Grubba) constant SSL_dh_anon_with_rc4_128_md5 = 0x0018; // SSL 3.0
fdbe052014-12-03Henrik Grubbström (Grubba) constant SSL_dh_anon_export_with_des40_cbc_sha = 0x0019; // SSL 3.0
01c60c2013-10-23Henrik Grubbström (Grubba) constant SSL_dh_anon_with_des_cbc_sha = 0x001a; // SSL 3.0
fdbe052014-12-03Henrik Grubbström (Grubba) constant TLS_dh_anon_with_des_cbc_sha = 0x001a; // RFC 5469
01c60c2013-10-23Henrik Grubbström (Grubba) constant SSL_dh_anon_with_3des_ede_cbc_sha = 0x001b; // SSL 3.0
4833252009-09-07Martin Nilsson  /* SSLv3/TLS conflict */ /* constant SSL_fortezza_dms_with_null_sha = 0x001c; */ /* constant SSL_fortezza_dms_with_fortezza_cbc_sha = 0x001d; */ /* constant SSL_fortezza_dms_with_rc4_128_sha = 0x001e; */
01c60c2013-10-23Henrik Grubbström (Grubba) constant TLS_krb5_with_des_cbc_sha = 0x001e; // RFC 2712 constant TLS_krb5_with_3des_ede_cbc_sha = 0x001f; // RFC 2712 constant TLS_krb5_with_rc4_128_sha = 0x0020; // RFC 2712 constant TLS_krb5_with_idea_cbc_sha = 0x0021; // RFC 2712 constant TLS_krb5_with_des_cbc_md5 = 0x0022; // RFC 2712 constant TLS_krb5_with_3des_ede_cbc_md5 = 0x0023; // RFC 2712 constant TLS_krb5_with_rc4_128_md5 = 0x0024; // RFC 2712 constant TLS_krb5_with_idea_cbc_md5 = 0x0025; // RFC 2712
30ab472015-08-28Henrik Grubbström (Grubba) constant TLS_krb5_export_with_des_cbc_40_sha = 0x0026; // RFC 2712 constant TLS_krb5_export_with_rc2_cbc_40_sha = 0x0027; // RFC 2712 constant TLS_krb5_export_with_rc4_40_sha = 0x0028; // RFC 2712 constant TLS_krb5_export_with_des_cbc_40_md5 = 0x0029; // RFC 2712 constant TLS_krb5_export_with_rc2_cbc_40_md5 = 0x002a; // RFC 2712 constant TLS_krb5_export_with_rc4_40_md5 = 0x002b; // RFC 2712
fdbe052014-12-03Henrik Grubbström (Grubba) constant TLS_psk_with_null_sha = 0x002c; // RFC 4785 constant TLS_dhe_psk_with_null_sha = 0x002d; // RFC 4785 constant TLS_rsa_psk_with_null_sha = 0x002e; // RFC 4785
01c60c2013-10-23Henrik Grubbström (Grubba) constant TLS_rsa_with_aes_128_cbc_sha = 0x002f; // RFC 3268 constant TLS_dh_dss_with_aes_128_cbc_sha = 0x0030; // RFC 3268 constant TLS_dh_rsa_with_aes_128_cbc_sha = 0x0031; // RFC 3268 constant TLS_dhe_dss_with_aes_128_cbc_sha = 0x0032; // RFC 3268 constant TLS_dhe_rsa_with_aes_128_cbc_sha = 0x0033; // RFC 3268 constant TLS_dh_anon_with_aes_128_cbc_sha = 0x0034; // RFC 3268 constant TLS_rsa_with_aes_256_cbc_sha = 0x0035; // RFC 3268 constant TLS_dh_dss_with_aes_256_cbc_sha = 0x0036; // RFC 3268 constant TLS_dh_rsa_with_aes_256_cbc_sha = 0x0037; // RFC 3268 constant TLS_dhe_dss_with_aes_256_cbc_sha = 0x0038; // RFC 3268 constant TLS_dhe_rsa_with_aes_256_cbc_sha = 0x0039; // RFC 3268 constant TLS_dh_anon_with_aes_256_cbc_sha = 0x003a; // RFC 3268
fdbe052014-12-03Henrik Grubbström (Grubba) constant TLS_rsa_with_null_sha256 = 0x003b; // TLS 1.2
01c60c2013-10-23Henrik Grubbström (Grubba) constant TLS_rsa_with_aes_128_cbc_sha256 = 0x003c; // TLS 1.2 constant TLS_rsa_with_aes_256_cbc_sha256 = 0x003d; // TLS 1.2 constant TLS_dh_dss_with_aes_128_cbc_sha256 = 0x003e; // TLS 1.2 constant TLS_dh_rsa_with_aes_128_cbc_sha256 = 0x003f; // TLS 1.2 constant TLS_dhe_dss_with_aes_128_cbc_sha256 = 0x0040; // TLS 1.2 constant TLS_rsa_with_camellia_128_cbc_sha = 0x0041; // RFC 4132 constant TLS_dh_dss_with_camellia_128_cbc_sha = 0x0042; // RFC 4132 constant TLS_dh_rsa_with_camellia_128_cbc_sha = 0x0043; // RFC 4132 constant TLS_dhe_dss_with_camellia_128_cbc_sha = 0x0044; // RFC 4132 constant TLS_dhe_rsa_with_camellia_128_cbc_sha = 0x0045; // RFC 4132 constant TLS_dh_anon_with_camellia_128_cbc_sha = 0x0046; // RFC 4132
2a04e92014-03-21Henrik Grubbström (Grubba) // draft-ietf-tls-ecc-01.txt has ECDH_* suites in the range [0x0047, 0x005a]. // They were moved to 0xc001.. in RFC 4492. // These suites from the 56-bit draft are apparently in use // by some versions of MSIE.
47fd582014-08-16Henrik Grubbström (Grubba) constant TLS_rsa_export1024_with_rc4_56_md5 = 0x0060; // 56bit draft constant TLS_rsa_export1024_with_rc2_cbc_56_md5 = 0x0061; // 56bit draft
2a04e92014-03-21Henrik Grubbström (Grubba) constant TLS_rsa_export1024_with_des_cbc_sha = 0x0062; // 56bit draft constant TLS_dhe_dss_export1024_with_des_cbc_sha= 0x0063; // 56bit draft constant TLS_rsa_export1024_with_rc4_56_sha = 0x0064; // 56bit draft constant TLS_dhe_dss_export1024_with_rc4_56_sha = 0x0065; // 56bit draft constant TLS_dhe_dss_with_rc4_128_sha = 0x0066; // 56bit draft
01c60c2013-10-23Henrik Grubbström (Grubba) constant TLS_dhe_rsa_with_aes_128_cbc_sha256 = 0x0067; // TLS 1.2 constant TLS_dh_dss_with_aes_256_cbc_sha256 = 0x0068; // TLS 1.2 constant TLS_dh_rsa_with_aes_256_cbc_sha256 = 0x0069; // TLS 1.2 constant TLS_dhe_dss_with_aes_256_cbc_sha256 = 0x006a; // TLS 1.2 constant TLS_dhe_rsa_with_aes_256_cbc_sha256 = 0x006b; // TLS 1.2 constant TLS_dh_anon_with_aes_128_cbc_sha256 = 0x006c; // TLS 1.2 constant TLS_dh_anon_with_aes_256_cbc_sha256 = 0x006d; // TLS 1.2 constant TLS_rsa_with_camellia_256_cbc_sha = 0x0084; // RFC 4132 constant TLS_dh_dss_with_camellia_256_cbc_sha = 0x0085; // RFC 4132 constant TLS_dh_rsa_with_camellia_256_cbc_sha = 0x0086; // RFC 4132 constant TLS_dhe_dss_with_camellia_256_cbc_sha = 0x0087; // RFC 4132 constant TLS_dhe_rsa_with_camellia_256_cbc_sha = 0x0088; // RFC 4132 constant TLS_dh_anon_with_camellia_256_cbc_sha = 0x0089; // RFC 4132 constant TLS_psk_with_rc4_128_sha = 0x008a; // RFC 4279 constant TLS_psk_with_3des_ede_cbc_sha = 0x008b; // RFC 4279 constant TLS_psk_with_aes_128_cbc_sha = 0x008c; // RFC 4279 constant TLS_psk_with_aes_256_cbc_sha = 0x008d; // RFC 4279 constant TLS_dhe_psk_with_rc4_128_sha = 0x008e; // RFC 4279 constant TLS_dhe_psk_with_3des_ede_cbc_sha = 0x008f; // RFC 4279 constant TLS_dhe_psk_with_aes_128_cbc_sha = 0x0090; // RFC 4279 constant TLS_dhe_psk_with_aes_256_cbc_sha = 0x0091; // RFC 4279 constant TLS_rsa_psk_with_rc4_128_sha = 0x0092; // RFC 4279 constant TLS_rsa_psk_with_3des_ede_cbc_sha = 0x0093; // RFC 4279 constant TLS_rsa_psk_with_aes_128_cbc_sha = 0x0094; // RFC 4279 constant TLS_rsa_psk_with_aes_256_cbc_sha = 0x0095; // RFC 4279 constant TLS_rsa_with_seed_cbc_sha = 0x0096; // RFC 4162 constant TLS_dh_dss_with_seed_cbc_sha = 0x0097; // RFC 4162 constant TLS_dh_rsa_with_seed_cbc_sha = 0x0098; // RFC 4162 constant TLS_dhe_dss_with_seed_cbc_sha = 0x0099; // RFC 4162 constant TLS_dhe_rsa_with_seed_cbc_sha = 0x009a; // RFC 4162 constant TLS_dh_anon_with_seed_cbc_sha = 0x009b; // RFC 4162 constant TLS_rsa_with_aes_128_gcm_sha256 = 0x009c; // RFC 5288 constant TLS_rsa_with_aes_256_gcm_sha384 = 0x009d; // RFC 5288 constant TLS_dhe_rsa_with_aes_128_gcm_sha256 = 0x009e; // RFC 5288 constant TLS_dhe_rsa_with_aes_256_gcm_sha384 = 0x009f; // RFC 5288 constant TLS_dh_rsa_with_aes_128_gcm_sha256 = 0x00a0; // RFC 5288 constant TLS_dh_rsa_with_aes_256_gcm_sha384 = 0x00a1; // RFC 5288 constant TLS_dhe_dss_with_aes_128_gcm_sha256 = 0x00a2; // RFC 5288 constant TLS_dhe_dss_with_aes_256_gcm_sha384 = 0x00a3; // RFC 5288 constant TLS_dh_dss_with_aes_128_gcm_sha256 = 0x00a4; // RFC 5288 constant TLS_dh_dss_with_aes_256_gcm_sha384 = 0x00a5; // RFC 5288 constant TLS_dh_anon_with_aes_128_gcm_sha256 = 0x00a6; // RFC 5288 constant TLS_dh_anon_with_aes_256_gcm_sha384 = 0x00a7; // RFC 5288 constant TLS_psk_with_aes_128_gcm_sha256 = 0x00a8; // RFC 5487 constant TLS_psk_with_aes_256_gcm_sha384 = 0x00a9; // RFC 5487 constant TLS_dhe_psk_with_aes_128_gcm_sha256 = 0x00aa; // RFC 5487 constant TLS_dhe_psk_with_aes_256_gcm_sha384 = 0x00ab; // RFC 5487 constant TLS_rsa_psk_with_aes_128_gcm_sha256 = 0x00ac; // RFC 5487 constant TLS_rsa_psk_with_aes_256_gcm_sha384 = 0x00ad; // RFC 5487 constant TLS_psk_with_aes_128_cbc_sha256 = 0x00ae; // RFC 5487 constant TLS_psk_with_aes_256_cbc_sha384 = 0x00af; // RFC 5487 constant TLS_psk_with_null_sha256 = 0x00b0; // RFC 5487
4121232015-02-19Martin Nilsson constant TLS_psk_with_null_sha384 = 0x00b1; // RFC 5487
01c60c2013-10-23Henrik Grubbström (Grubba) constant TLS_dhe_psk_with_aes_128_cbc_sha256 = 0x00b2; // RFC 5487 constant TLS_dhe_psk_with_aes_256_cbc_sha384 = 0x00b3; // RFC 5487 constant TLS_dhe_psk_with_null_sha256 = 0x00b4; // RFC 5487 constant TLS_dhe_psk_with_null_sha384 = 0x00b5; // RFC 5487 constant TLS_rsa_psk_with_aes_128_cbc_sha256 = 0x00b6; // RFC 5487 constant TLS_rsa_psk_with_aes_256_cbc_sha384 = 0x00b7; // RFC 5487 constant TLS_rsa_psk_with_null_sha256 = 0x00b8; // RFC 5487 constant TLS_rsa_psk_with_null_sha384 = 0x00b9; // RFC 5487 constant TLS_rsa_with_camellia_128_cbc_sha256 = 0x00ba; // RFC 5932 constant TLS_dh_dss_with_camellia_128_cbc_sha256= 0x00bb; // RFC 5932 constant TLS_dh_rsa_with_camellia_128_cbc_sha256= 0x00bc; // RFC 5932 constant TLS_dhe_dss_with_camellia_128_cbc_sha256= 0x00bd; // RFC 5932 constant TLS_dhe_rsa_with_camellia_128_cbc_sha256= 0x00be; // RFC 5932 constant TLS_dh_anon_with_camellia_128_cbc_sha256= 0x00bf; // RFC 5932 constant TLS_rsa_with_camellia_256_cbc_sha256 = 0x00c0; // RFC 5932 constant TLS_dh_dss_with_camellia_256_cbc_sha256= 0x00c1; // RFC 5932 constant TLS_dh_rsa_with_camellia_256_cbc_sha256= 0x00c2; // RFC 5932 constant TLS_dhe_dss_with_camellia_256_cbc_sha256= 0x00c3; // RFC 5932 constant TLS_dhe_rsa_with_camellia_256_cbc_sha256= 0x00c4; // RFC 5932 constant TLS_dh_anon_with_camellia_256_cbc_sha256= 0x00c5; // RFC 5932
26f1482010-12-21Henrik Grubbström (Grubba) 
749b032011-01-10Henrik Grubbström (Grubba) constant TLS_empty_renegotiation_info_scsv = 0x00ff; // RFC 5746
01c60c2013-10-23Henrik Grubbström (Grubba) 
28e57a2015-04-25Henrik Grubbström (Grubba) constant TLS_fallback_scsv = 0x5600; // RFC 7507
0e21bb2014-07-06Henrik Grubbström (Grubba) 
01c60c2013-10-23Henrik Grubbström (Grubba) constant TLS_ecdh_ecdsa_with_null_sha = 0xc001; // RFC 4492 constant TLS_ecdh_ecdsa_with_rc4_128_sha = 0xc002; // RFC 4492 constant TLS_ecdh_ecdsa_with_3des_ede_cbc_sha = 0xc003; // RFC 4492 constant TLS_ecdh_ecdsa_with_aes_128_cbc_sha = 0xc004; // RFC 4492 constant TLS_ecdh_ecdsa_with_aes_256_cbc_sha = 0xc005; // RFC 4492 constant TLS_ecdhe_ecdsa_with_null_sha = 0xc006; // RFC 4492 constant TLS_ecdhe_ecdsa_with_rc4_128_sha = 0xc007; // RFC 4492 constant TLS_ecdhe_ecdsa_with_3des_ede_cbc_sha = 0xc008; // RFC 4492 constant TLS_ecdhe_ecdsa_with_aes_128_cbc_sha = 0xc009; // RFC 4492 constant TLS_ecdhe_ecdsa_with_aes_256_cbc_sha = 0xc00a; // RFC 4492 constant TLS_ecdh_rsa_with_null_sha = 0xc00b; // RFC 4492 constant TLS_ecdh_rsa_with_rc4_128_sha = 0xc00c; // RFC 4492 constant TLS_ecdh_rsa_with_3des_ede_cbc_sha = 0xc00d; // RFC 4492 constant TLS_ecdh_rsa_with_aes_128_cbc_sha = 0xc00e; // RFC 4492 constant TLS_ecdh_rsa_with_aes_256_cbc_sha = 0xc00f; // RFC 4492 constant TLS_ecdhe_rsa_with_null_sha = 0xc010; // RFC 4492 constant TLS_ecdhe_rsa_with_rc4_128_sha = 0xc011; // RFC 4492 constant TLS_ecdhe_rsa_with_3des_ede_cbc_sha = 0xc012; // RFC 4492 constant TLS_ecdhe_rsa_with_aes_128_cbc_sha = 0xc013; // RFC 4492 constant TLS_ecdhe_rsa_with_aes_256_cbc_sha = 0xc014; // RFC 4492 constant TLS_ecdh_anon_with_null_sha = 0xc015; // RFC 4492 constant TLS_ecdh_anon_with_rc4_128_sha = 0xc016; // RFC 4492 constant TLS_ecdh_anon_with_3des_ede_cbc_sha = 0xc017; // RFC 4492 constant TLS_ecdh_anon_with_aes_128_cbc_sha = 0xc018; // RFC 4492 constant TLS_ecdh_anon_with_aes_256_cbc_sha = 0xc019; // RFC 4492 constant TLS_srp_sha_with_3des_ede_cbc_sha = 0xc01a; // RFC 5054 constant TLS_srp_sha_rsa_with_3des_ede_cbc_sha = 0xc01b; // RFC 5054 constant TLS_srp_sha_dss_with_3des_ede_cbc_sha = 0xc01c; // RFC 5054 constant TLS_srp_sha_with_aes_128_cbc_sha = 0xc01d; // RFC 5054 constant TLS_srp_sha_rsa_with_aes_128_cbc_sha = 0xc01e; // RFC 5054 constant TLS_srp_sha_dss_with_aes_128_cbc_sha = 0xc01f; // RFC 5054 constant TLS_srp_sha_with_aes_256_cbc_sha = 0xc020; // RFC 5054 constant TLS_srp_sha_rsa_with_aes_256_cbc_sha = 0xc021; // RFC 5054 constant TLS_srp_sha_dss_with_aes_256_cbc_sha = 0xc022; // RFC 5054 constant TLS_ecdhe_ecdsa_with_aes_128_cbc_sha256= 0xc023; // RFC 5289 constant TLS_ecdhe_ecdsa_with_aes_256_cbc_sha384= 0xc024; // RFC 5289 constant TLS_ecdh_ecdsa_with_aes_128_cbc_sha256 = 0xc025; // RFC 5289 constant TLS_ecdh_ecdsa_with_aes_256_cbc_sha384 = 0xc026; // RFC 5289 constant TLS_ecdhe_rsa_with_aes_128_cbc_sha256 = 0xc027; // RFC 5289 constant TLS_ecdhe_rsa_with_aes_256_cbc_sha384 = 0xc028; // RFC 5289 constant TLS_ecdh_rsa_with_aes_128_cbc_sha256 = 0xc029; // RFC 5289 constant TLS_ecdh_rsa_with_aes_256_cbc_sha384 = 0xc02a; // RFC 5289 constant TLS_ecdhe_ecdsa_with_aes_128_gcm_sha256= 0xc02b; // RFC 5289 constant TLS_ecdhe_ecdsa_with_aes_256_gcm_sha384= 0xc02c; // RFC 5289 constant TLS_ecdh_ecdsa_with_aes_128_gcm_sha256 = 0xc02d; // RFC 5289 constant TLS_ecdh_ecdsa_with_aes_256_gcm_sha384 = 0xc02e; // RFC 5289 constant TLS_ecdhe_rsa_with_aes_128_gcm_sha256 = 0xc02f; // RFC 5289 constant TLS_ecdhe_rsa_with_aes_256_gcm_sha384 = 0xc030; // RFC 5289 constant TLS_ecdh_rsa_with_aes_128_gcm_sha256 = 0xc031; // RFC 5289 constant TLS_ecdh_rsa_with_aes_256_gcm_sha384 = 0xc032; // RFC 5289 constant TLS_ecdhe_psk_with_rc4_128_sha = 0xc033; // RFC 5489 constant TLS_ecdhe_psk_with_3des_ede_cbc_sha = 0xc034; // RFC 5489 constant TLS_ecdhe_psk_with_aes_128_cbc_sha = 0xc035; // RFC 5489 constant TLS_ecdhe_psk_with_aes_256_cbc_sha = 0xc036; // RFC 5489 constant TLS_ecdhe_psk_with_aes_128_cbc_sha256 = 0xc037; // RFC 5489 constant TLS_ecdhe_psk_with_aes_256_cbc_sha384 = 0xc038; // RFC 5489 constant TLS_ecdhe_psk_with_null_sha = 0xc039; // RFC 5489 constant TLS_ecdhe_psk_with_null_sha256 = 0xc03a; // RFC 5489 constant TLS_ecdhe_psk_with_null_sha384 = 0xc03b; // RFC 5489 constant TLS_rsa_with_aria_128_cbc_sha256 = 0xc03c; // RFC 6209 constant TLS_rsa_with_aria_256_cbc_sha384 = 0xc03d; // RFC 6209 constant TLS_dh_dss_with_aria_128_cbc_sha256 = 0xc03e; // RFC 6209 constant TLS_dh_dss_with_aria_256_cbc_sha384 = 0xc03f; // RFC 6209 constant TLS_dh_rsa_with_aria_128_cbc_sha256 = 0xc040; // RFC 6209 constant TLS_dh_rsa_with_aria_256_cbc_sha384 = 0xc041; // RFC 6209 constant TLS_dhe_dss_with_aria_128_cbc_sha256 = 0xc042; // RFC 6209 constant TLS_dhe_dss_with_aria_256_cbc_sha384 = 0xc043; // RFC 6209 constant TLS_dhe_rsa_with_aria_128_cbc_sha256 = 0xc044; // RFC 6209 constant TLS_dhe_rsa_with_aria_256_cbc_sha384 = 0xc045; // RFC 6209 constant TLS_dh_anon_with_aria_128_cbc_sha256 = 0xc046; // RFC 6209 constant TLS_dh_anon_with_aria_256_cbc_sha384 = 0xc047; // RFC 6209 constant TLS_ecdhe_ecdsa_with_aria_128_cbc_sha256= 0xc048; // RFC 6209 constant TLS_ecdhe_ecdsa_with_aria_256_cbc_sha384= 0xc049; // RFC 6209 constant TLS_ecdh_ecdsa_with_aria_128_cbc_sha256= 0xc04a; // RFC 6209 constant TLS_ecdh_ecdsa_with_aria_256_cbc_sha384= 0xc04b; // RFC 6209 constant TLS_ecdhe_rsa_with_aria_128_cbc_sha256 = 0xc04c; // RFC 6209 constant TLS_ecdhe_rsa_with_aria_256_cbc_sha384 = 0xc04d; // RFC 6209 constant TLS_ecdh_rsa_with_aria_128_cbc_sha256 = 0xc04e; // RFC 6209 constant TLS_ecdh_rsa_with_aria_256_cbc_sha384 = 0xc04f; // RFC 6209 constant TLS_rsa_with_aria_128_gcm_sha256 = 0xc050; // RFC 6209 constant TLS_rsa_with_aria_256_gcm_sha384 = 0xc051; // RFC 6209 constant TLS_dhe_rsa_with_aria_128_gcm_sha256 = 0xc052; // RFC 6209 constant TLS_dhe_rsa_with_aria_256_gcm_sha384 = 0xc053; // RFC 6209 constant TLS_dh_rsa_with_aria_128_gcm_sha256 = 0xc054; // RFC 6209 constant TLS_dh_rsa_with_aria_256_gcm_sha384 = 0xc055; // RFC 6209 constant TLS_dhe_dss_with_aria_128_gcm_sha256 = 0xc056; // RFC 6209 constant TLS_dhe_dss_with_aria_256_gcm_sha384 = 0xc057; // RFC 6209 constant TLS_dh_dss_with_aria_128_gcm_sha256 = 0xc058; // RFC 6209 constant TLS_dh_dss_with_aria_256_gcm_sha384 = 0xc059; // RFC 6209 constant TLS_dh_anon_with_aria_128_gcm_sha256 = 0xc05a; // RFC 6209 constant TLS_dh_anon_with_aria_256_gcm_sha384 = 0xc05b; // RFC 6209 constant TLS_ecdhe_ecdsa_with_aria_128_gcm_sha256= 0xc05c; // RFC 6209 constant TLS_ecdhe_ecdsa_with_aria_256_gcm_sha384= 0xc05d; // RFC 6209 constant TLS_ecdh_ecdsa_with_aria_128_gcm_sha256= 0xc05e; // RFC 6209 constant TLS_ecdh_ecdsa_with_aria_256_gcm_sha384= 0xc05f; // RFC 6209 constant TLS_ecdhe_rsa_with_aria_128_gcm_sha256 = 0xc060; // RFC 6209 constant TLS_ecdhe_rsa_with_aria_256_gcm_sha384 = 0xc061; // RFC 6209 constant TLS_ecdh_rsa_with_aria_128_gcm_sha256 = 0xc062; // RFC 6209 constant TLS_ecdh_rsa_with_aria_256_gcm_sha384 = 0xc063; // RFC 6209 constant TLS_psk_with_aria_128_cbc_sha256 = 0xc064; // RFC 6209 constant TLS_psk_with_aria_256_cbc_sha384 = 0xc065; // RFC 6209 constant TLS_dhe_psk_with_aria_128_cbc_sha256 = 0xc066; // RFC 6209 constant TLS_dhe_psk_with_aria_256_cbc_sha384 = 0xc067; // RFC 6209 constant TLS_rsa_psk_with_aria_128_cbc_sha256 = 0xc068; // RFC 6209 constant TLS_rsa_psk_with_aria_256_cbc_sha384 = 0xc069; // RFC 6209 constant TLS_psk_with_aria_128_gcm_sha256 = 0xc06a; // RFC 6209 constant TLS_psk_with_aria_256_gcm_sha384 = 0xc06b; // RFC 6209 constant TLS_dhe_psk_with_aria_128_gcm_sha256 = 0xc06c; // RFC 6209 constant TLS_dhe_psk_with_aria_256_gcm_sha384 = 0xc06d; // RFC 6209 constant TLS_rsa_psk_with_aria_128_gcm_sha256 = 0xc06e; // RFC 6209 constant TLS_rsa_psk_with_aria_256_gcm_sha384 = 0xc06f; // RFC 6209 constant TLS_ecdhe_psk_with_aria_128_cbc_sha256 = 0xc070; // RFC 6209 constant TLS_ecdhe_psk_with_aria_256_cbc_sha384 = 0xc071; // RFC 6209 constant TLS_ecdhe_ecdsa_with_camellia_128_cbc_sha256= 0xc072; // RFC 6367 constant TLS_ecdhe_ecdsa_with_camellia_256_cbc_sha384= 0xc073; // RFC 6367 constant TLS_ecdh_ecdsa_with_camellia_128_cbc_sha256 = 0xc074; // RFC 6367 constant TLS_ecdh_ecdsa_with_camellia_256_cbc_sha384 = 0xc075; // RFC 6367 constant TLS_ecdhe_rsa_with_camellia_128_cbc_sha256 = 0xc076; // RFC 6367 constant TLS_ecdhe_rsa_with_camellia_256_cbc_sha384 = 0xc077; // RFC 6367 constant TLS_ecdh_rsa_with_camellia_128_cbc_sha256 = 0xc078; // RFC 6367 constant TLS_ecdh_rsa_with_camellia_256_cbc_sha384 = 0xc079; // RFC 6367 constant TLS_rsa_with_camellia_128_gcm_sha256 = 0xc07a; // RFC 6367 constant TLS_rsa_with_camellia_256_gcm_sha384 = 0xc07b; // RFC 6367 constant TLS_dhe_rsa_with_camellia_128_gcm_sha256 = 0xc07c; // RFC 6367 constant TLS_dhe_rsa_with_camellia_256_gcm_sha384 = 0xc07d; // RFC 6367 constant TLS_dh_rsa_with_camellia_128_gcm_sha256 = 0xc07e; // RFC 6367 constant TLS_dh_rsa_with_camellia_256_gcm_sha384 = 0xc07f; // RFC 6367 constant TLS_dhe_dss_with_camellia_128_gcm_sha256 = 0xc080; // RFC 6367 constant TLS_dhe_dss_with_camellia_256_gcm_sha384 = 0xc081; // RFC 6367 constant TLS_dh_dss_with_camellia_128_gcm_sha256 = 0xc082; // RFC 6367 constant TLS_dh_dss_with_camellia_256_gcm_sha384 = 0xc083; // RFC 6367 constant TLS_dh_anon_with_camellia_128_gcm_sha256 = 0xc084; // RFC 6367 constant TLS_dh_anon_with_camellia_256_gcm_sha384 = 0xc085; // RFC 6367 constant TLS_ecdhe_ecdsa_with_camellia_128_gcm_sha256= 0xc086; // RFC 6367 constant TLS_ecdhe_ecdsa_with_camellia_256_gcm_sha384= 0xc087; // RFC 6367 constant TLS_ecdh_ecdsa_with_camellia_128_gcm_sha256 = 0xc088; // RFC 6367 constant TLS_ecdh_ecdsa_with_camellia_256_gcm_sha384 = 0xc089; // RFC 6367 constant TLS_ecdhe_rsa_with_camellia_128_gcm_sha256 = 0xc08a; // RFC 6367 constant TLS_ecdhe_rsa_with_camellia_256_gcm_sha384 = 0xc08b; // RFC 6367 constant TLS_ecdh_rsa_with_camellia_128_gcm_sha256 = 0xc08c; // RFC 6367 constant TLS_ecdh_rsa_with_camellia_256_gcm_sha384 = 0xc08d; // RFC 6367
5924782014-03-14Henrik Grubbström (Grubba) constant TLS_psk_with_camellia_128_gcm_sha256 = 0xc08e; // RFC 6367
01c60c2013-10-23Henrik Grubbström (Grubba) constant TLS_psk_with_camellia_256_gcm_sha384 = 0xc08f; // RFC 6367 constant TLS_dhe_psk_with_camellia_128_gcm_sha256 = 0xc090; // RFC 6367 constant TLS_dhe_psk_with_camellia_256_gcm_sha384 = 0xc091; // RFC 6367 constant TLS_rsa_psk_with_camellia_128_gcm_sha256 = 0xc092; // RFC 6367 constant TLS_rsa_psk_with_camellia_256_gcm_sha384 = 0xc093; // RFC 6367 constant TLS_psk_with_camellia_128_cbc_sha256 = 0xc094; // RFC 6367 constant TLS_psk_with_camellia_256_cbc_sha384 = 0xc095; // RFC 6367 constant TLS_dhe_psk_with_camellia_128_cbc_sha256 = 0xc096; // RFC 6367 constant TLS_dhe_psk_with_camellia_256_cbc_sha384 = 0xc097; // RFC 6367 constant TLS_rsa_psk_with_camellia_128_cbc_sha256 = 0xc098; // RFC 6367 constant TLS_rsa_psk_with_camellia_256_cbc_sha384 = 0xc099; // RFC 6367 constant TLS_ecdhe_psk_with_camellia_128_cbc_sha256 = 0xc09a; // RFC 6367 constant TLS_ecdhe_psk_with_camellia_256_cbc_sha384 = 0xc09b; // RFC 6367 constant TLS_rsa_with_aes_128_ccm = 0xc09c; // RFC 6655 constant TLS_rsa_with_aes_256_ccm = 0xc09d; // RFC 6655 constant TLS_dhe_rsa_with_aes_128_ccm = 0xc09e; // RFC 6655 constant TLS_dhe_rsa_with_aes_256_ccm = 0xc09f; // RFC 6655 constant TLS_rsa_with_aes_128_ccm_8 = 0xc0a0; // RFC 6655 constant TLS_rsa_with_aes_256_ccm_8 = 0xc0a1; // RFC 6655 constant TLS_dhe_rsa_with_aes_128_ccm_8 = 0xc0a2; // RFC 6655 constant TLS_dhe_rsa_with_aes_256_ccm_8 = 0xc0a3; // RFC 6655
3bc6662014-03-16Henrik Grubbström (Grubba) constant TLS_psk_with_aes_128_ccm = 0xc0a4; // RFC 6655 constant TLS_psk_with_aes_256_ccm = 0xc0a5; // RFC 6655 constant TLS_dhe_psk_with_aes_128_ccm = 0xc0a6; // RFC 6655 constant TLS_dhe_psk_with_aes_256_ccm = 0xc0a7; // RFC 6655 constant TLS_psk_with_aes_128_ccm_8 = 0xc0a8; // RFC 6655 constant TLS_psk_with_aes_256_ccm_8 = 0xc0a9; // RFC 6655 constant TLS_psk_dhe_with_aes_128_ccm_8 = 0xc0aa; // RFC 6655 constant TLS_psk_dhe_with_aes_256_ccm_8 = 0xc0ab; // RFC 6655
a883eb2014-06-30Henrik Grubbström (Grubba) constant TLS_ecdhe_ecdsa_with_aes_128_ccm = 0xc0ac; // RFC 7251 constant TLS_ecdhe_ecdsa_with_aes_256_ccm = 0xc0ad; // RFC 7251 constant TLS_ecdhe_ecdsa_with_aes_128_ccm_8 = 0xc0ae; // RFC 7251 constant TLS_ecdhe_ecdsa_with_aes_256_ccm_8 = 0xc0af; // RFC 7251
2eb9d72014-04-10Martin Nilsson constant TLS_ecdhe_rsa_with_chacha20_poly1305_sha256 = 0xcc13; // draft-agl-tls-chacha20poly1305-02 constant TLS_ecdhe_ecdsa_with_chacha20_poly1305_sha256 = 0xcc14;// draft-agl-tls-chacha20poly1305-02 constant TLS_dhe_rsa_with_chacha20_poly1305_sha256 = 0xcc15; // draft-agl-tls-chacha20poly1305-02
905a7c2014-04-11Martin Nilsson // These were introduced by Netscape while developing SSL 3.1 after // feedback from NIST. Eventually the feedback led to TLS 1.0.
2eb9d72014-04-10Martin Nilsson constant SSL_rsa_fips_with_des_cbc_sha = 0xFEFE; constant SSL_rsa_fips_with_3des_ede_cbc_sha = 0xFEFF;
bf10dd2014-04-17Henrik Grubbström (Grubba) constant SSL_rsa_oldfips_with_des_cbc_sha = 0xFFE1; // experimental constant SSL_rsa_oldfips_with_3des_ede_cbc_sha = 0xFFE0; // experimental
2eb9d72014-04-10Martin Nilsson constant SSL_rsa_with_rc2_cbc_md5 = 0xFF80; constant SSL_rsa_with_idea_cbc_md5 = 0xFF81; constant SSL_rsa_with_des_cbc_md5 = 0xFF82; constant SSL_rsa_with_3des_ede_cbc_md5 = 0xFF83;
01c60c2013-10-23Henrik Grubbström (Grubba) 
adda362013-10-27Henrik Grubbström (Grubba) // Constants from SSL 2.0. // These may appear in HANDSHAKE_hello_v2 and // are here for informational purposes.
a7632b2013-10-27Martin Nilsson constant SSL2_ck_rc4_128_with_md5 = 0x010080; constant SSL2_ck_rc4_128_export40_with_md5 = 0x020080; constant SSL2_ck_rc2_128_cbc_with_md5 = 0x030080; constant SSL2_ck_rc2_128_cbc_export40_with_md5 = 0x040080; constant SSL2_ck_idea_128_cbc_with_md5 = 0x050080; constant SSL2_ck_des_64_cbc_with_md5 = 0x060040; constant SSL2_ck_des_192_ede3_cbc_with_md5 = 0x0700c0;
adda362013-10-27Henrik Grubbström (Grubba) 
9b088c2014-04-10Henrik Grubbström (Grubba) string fmt_constant(int c, string prefix)
ee9b5a2014-02-19Henrik Grubbström (Grubba) { if (!has_suffix(prefix, "_")) prefix += "_"; foreach([array(string)]indices(this), string id) if (has_prefix(id, prefix) && (this[id] == c)) return id; return sprintf("%sunknown(%d)", prefix, c); }
f3dbc62014-03-08Henrik Grubbström (Grubba) protected mapping(int:string) suite_to_symbol = ([]); string fmt_cipher_suite(int suite) { if (!sizeof(suite_to_symbol)) { foreach([array(string)]indices(this), string id) if( has_prefix(id, "SSL_") || has_prefix(id, "TLS_") || has_prefix(id, "SSL2_") ) { suite_to_symbol[this[id]] = id; } } string res = suite_to_symbol[suite]; if (res) return res; return suite_to_symbol[suite] = sprintf("unknown(%d)", suite); }
b3addf2014-02-12Martin Nilsson string fmt_cipher_suites(array(int) s) { String.Buffer b = String.Buffer(); foreach(s, int c)
f3dbc62014-03-08Henrik Grubbström (Grubba)  b->sprintf(" %-6d: %s\n", c, fmt_cipher_suite(c));
b3addf2014-02-12Martin Nilsson  return (string)b; }
09621c2014-03-18Martin Nilsson string fmt_signature_pairs(array(array(int)) pairs) { String.Buffer b = String.Buffer(); foreach(pairs, [int hash, int signature])
9b088c2014-04-10Henrik Grubbström (Grubba)  b->sprintf(" <%s, %s>\n", fmt_constant(hash, "HASH"), fmt_constant(signature, "SIGNATURE"));
09621c2014-03-18Martin Nilsson  return (string)b; }
5731c02014-04-05Henrik Grubbström (Grubba) string fmt_version(ProtocolVersion version) { if (version <= PROTOCOL_SSL_3_0) { return sprintf("SSL %d.%d", version>>8, version & 0xff); } version -= PROTOCOL_TLS_1_0 - 0x100; return sprintf("TLS %d.%d", version>>8, version & 0xff); }
f760111999-03-09Niels Möller /* FIXME: Add SIGN-type element to table */
b406042015-02-19Martin Nilsson  //! A mapping from cipher suite identifier to an array defining the //! algorithms to be used in that suite. //! //! @array
7ac1572015-03-06Martin Nilsson //! @elem KeyExchangeType 0
b406042015-02-19Martin Nilsson //! The key exchange algorithm to be used for this suite, or 0. //! E.g. @[KE_rsa].
7ac1572015-03-06Martin Nilsson //! @elem int 1
b406042015-02-19Martin Nilsson //! The cipher algorithm to be used for this suite, or 0. E.g. //! @[CIPHER_aes].
7ac1572015-03-06Martin Nilsson //! @elem HashAlgorithm 2
b406042015-02-19Martin Nilsson //! The hash algorithm to be used for this suite, or 0. E.g. //! @[HASH_sha].
7ac1572015-03-06Martin Nilsson //! @elem CipherModes 3
b406042015-02-19Martin Nilsson //! Optionally for TLS 1.2 and later cipher suites the mode of //! operation. E.g. @[MODE_cbc]. //! @endarray
33ef431997-03-13Niels Möller constant CIPHER_SUITES =
41491c2013-11-30Henrik Grubbström (Grubba) ([ // The following cipher suites are only intended for testing. SSL_null_with_null_null : ({ 0, 0, 0 }),
3524712015-05-26Martin Nilsson  SSL_rsa_with_null_md5 : ({ KE_rsa_export, 0, HASH_md5 }),
3f0c572015-03-04Henrik Grubbström (Grubba)  SSL_rsa_with_null_sha : ({ KE_rsa_export, 0, HASH_sha }),
55880e2015-04-13Martin Nilsson  TLS_rsa_with_null_sha256 : ({ KE_rsa_export, 0, HASH_sha256, MODE_cbc }),
41491c2013-11-30Henrik Grubbström (Grubba)  // NB: The export suites are obsolete in TLS 1.1 and later. // The RC4/40 suite is required for Netscape 4.05 Intl.
65367c2014-01-05Henrik Grubbström (Grubba) #if constant(Crypto.Arctwo)
3f0c572015-03-04Henrik Grubbström (Grubba)  SSL_rsa_export_with_rc2_cbc_40_md5 : ({ KE_rsa_export, CIPHER_rc2_40, HASH_md5 }),
65367c2014-01-05Henrik Grubbström (Grubba) #endif
3f0c572015-03-04Henrik Grubbström (Grubba)  SSL_rsa_export_with_rc4_40_md5 : ({ KE_rsa_export, CIPHER_rc4_40, HASH_md5 }),
f760111999-03-09Niels Möller  SSL_dhe_dss_export_with_des40_cbc_sha : ({ KE_dhe_dss, CIPHER_des40, HASH_sha }),
28f6452013-10-25Henrik Grubbström (Grubba)  SSL_dhe_rsa_export_with_des40_cbc_sha : ({ KE_dhe_rsa, CIPHER_des40, HASH_sha }),
bb1ab92014-03-13Henrik Grubbström (Grubba)  SSL_dh_dss_export_with_des40_cbc_sha : ({ KE_dh_dss, CIPHER_des40, HASH_sha }), SSL_dh_rsa_export_with_des40_cbc_sha : ({ KE_dh_rsa, CIPHER_des40, HASH_sha }),
3f0c572015-03-04Henrik Grubbström (Grubba)  SSL_rsa_export_with_des40_cbc_sha : ({ KE_rsa_export, CIPHER_des40, HASH_sha }),
41491c2013-11-30Henrik Grubbström (Grubba)  // NB: The IDEA and DES suites are obsolete in TLS 1.2 and later.
65367c2014-01-05Henrik Grubbström (Grubba) #if constant(Crypto.IDEA)
998e451999-05-23Martin Stjernholm  SSL_rsa_with_idea_cbc_sha : ({ KE_rsa, CIPHER_idea, HASH_sha }),
8e87e42014-11-20Martin Nilsson  TLS_rsa_with_idea_cbc_sha : ({ KE_rsa, CIPHER_idea, HASH_sha }),
783a392014-04-10Henrik Grubbström (Grubba)  SSL_rsa_with_idea_cbc_md5 : ({ KE_rsa, CIPHER_idea, HASH_md5 }),
65367c2014-01-05Henrik Grubbström (Grubba) #endif
998e451999-05-23Martin Stjernholm  SSL_rsa_with_des_cbc_sha : ({ KE_rsa, CIPHER_des, HASH_sha }),
8e87e42014-11-20Martin Nilsson  TLS_rsa_with_des_cbc_sha : ({ KE_rsa, CIPHER_des, HASH_sha }),
783a392014-04-10Henrik Grubbström (Grubba)  SSL_rsa_with_des_cbc_md5 : ({ KE_rsa, CIPHER_des, HASH_md5 }),
998e451999-05-23Martin Stjernholm  SSL_dhe_dss_with_des_cbc_sha : ({ KE_dhe_dss, CIPHER_des, HASH_sha }),
8e87e42014-11-20Martin Nilsson  TLS_dhe_dss_with_des_cbc_sha : ({ KE_dhe_dss, CIPHER_des, HASH_sha }),
28f6452013-10-25Henrik Grubbström (Grubba)  SSL_dhe_rsa_with_des_cbc_sha : ({ KE_dhe_rsa, CIPHER_des, HASH_sha }),
8e87e42014-11-20Martin Nilsson  TLS_dhe_rsa_with_des_cbc_sha : ({ KE_dhe_rsa, CIPHER_des, HASH_sha }),
bb1ab92014-03-13Henrik Grubbström (Grubba)  SSL_dh_dss_with_des_cbc_sha : ({ KE_dh_dss, CIPHER_des, HASH_sha }),
8e87e42014-11-20Martin Nilsson  TLS_dh_dss_with_des_cbc_sha : ({ KE_dh_dss, CIPHER_des, HASH_sha }),
bb1ab92014-03-13Henrik Grubbström (Grubba)  SSL_dh_rsa_with_des_cbc_sha : ({ KE_dh_rsa, CIPHER_des, HASH_sha }),
8e87e42014-11-20Martin Nilsson  TLS_dh_rsa_with_des_cbc_sha : ({ KE_dh_rsa, CIPHER_des, HASH_sha }),
b812f32013-10-24Henrik Grubbström (Grubba) 
41491c2013-11-30Henrik Grubbström (Grubba)  SSL_rsa_with_rc4_128_sha : ({ KE_rsa, CIPHER_rc4, HASH_sha }), SSL_rsa_with_rc4_128_md5 : ({ KE_rsa, CIPHER_rc4, HASH_md5 }),
bd79e62014-03-21Henrik Grubbström (Grubba)  TLS_dhe_dss_with_rc4_128_sha : ({ KE_dhe_dss, CIPHER_rc4, HASH_sha }),
41491c2013-11-30Henrik Grubbström (Grubba) 
55ce992014-04-17Henrik Grubbström (Grubba)  // These suites were used to test the TLS 1.0 key derivation // before TLS 1.0 was released. SSL_rsa_fips_with_des_cbc_sha : ({ KE_rsa_fips, CIPHER_des, HASH_sha }), SSL_rsa_fips_with_3des_ede_cbc_sha : ({ KE_rsa_fips, CIPHER_3des, HASH_sha }),
bf10dd2014-04-17Henrik Grubbström (Grubba)  SSL_rsa_oldfips_with_des_cbc_sha : ({ KE_rsa_fips, CIPHER_des, HASH_sha }), SSL_rsa_oldfips_with_3des_ede_cbc_sha : ({ KE_rsa_fips, CIPHER_3des, HASH_sha }),
55ce992014-04-17Henrik Grubbström (Grubba) 
21df722014-01-02Henrik Grubbström (Grubba)  // Some anonymous diffie-hellman variants. SSL_dh_anon_export_with_rc4_40_md5: ({ KE_dh_anon, CIPHER_rc4_40, HASH_md5 }), SSL_dh_anon_export_with_des40_cbc_sha: ({ KE_dh_anon, CIPHER_des40, HASH_sha }), SSL_dh_anon_with_rc4_128_md5: ({ KE_dh_anon, CIPHER_rc4, HASH_md5 }), SSL_dh_anon_with_des_cbc_sha: ({ KE_dh_anon, CIPHER_des, HASH_sha }),
8e87e42014-11-20Martin Nilsson  TLS_dh_anon_with_des_cbc_sha: ({ KE_dh_anon, CIPHER_des, HASH_sha }),
21df722014-01-02Henrik Grubbström (Grubba)  SSL_dh_anon_with_3des_ede_cbc_sha: ({ KE_dh_anon, CIPHER_3des, HASH_sha }), TLS_dh_anon_with_aes_128_cbc_sha: ({ KE_dh_anon, CIPHER_aes, HASH_sha }), TLS_dh_anon_with_aes_256_cbc_sha: ({ KE_dh_anon, CIPHER_aes256, HASH_sha }),
55880e2015-04-13Martin Nilsson  TLS_dh_anon_with_aes_128_cbc_sha256: ({ KE_dh_anon, CIPHER_aes, HASH_sha256, MODE_cbc }), TLS_dh_anon_with_aes_256_cbc_sha256: ({ KE_dh_anon, CIPHER_aes256, HASH_sha256, MODE_cbc }),
dfd5aa2014-05-31Henrik Grubbström (Grubba) #if constant(Crypto.ECC.Curve)
21df722014-01-02Henrik Grubbström (Grubba)  TLS_ecdh_anon_with_null_sha: ({ KE_ecdh_anon, 0, HASH_sha }), TLS_ecdh_anon_with_rc4_128_sha: ({ KE_ecdh_anon, CIPHER_rc4, HASH_sha }), TLS_ecdh_anon_with_3des_ede_cbc_sha: ({ KE_ecdh_anon, CIPHER_3des, HASH_sha }), TLS_ecdh_anon_with_aes_128_cbc_sha: ({ KE_ecdh_anon, CIPHER_aes, HASH_sha }), TLS_ecdh_anon_with_aes_256_cbc_sha: ({ KE_ecdh_anon, CIPHER_aes256, HASH_sha }),
dfd5aa2014-05-31Henrik Grubbström (Grubba) #endif /* Crypto.ECC.Curve */
21df722014-01-02Henrik Grubbström (Grubba) 
41491c2013-11-30Henrik Grubbström (Grubba)  // Required by TLS 1.0 RFC 2246 9.
998e451999-05-23Martin Stjernholm  SSL_dhe_dss_with_3des_ede_cbc_sha : ({ KE_dhe_dss, CIPHER_3des, HASH_sha }),
b812f32013-10-24Henrik Grubbström (Grubba) 
41491c2013-11-30Henrik Grubbström (Grubba)  // Required by TLS 1.1 RFC 4346 9.
b812f32013-10-24Henrik Grubbström (Grubba)  SSL_rsa_with_3des_ede_cbc_sha : ({ KE_rsa, CIPHER_3des, HASH_sha }),
41491c2013-11-30Henrik Grubbström (Grubba)  // Required by TLS 1.2 RFC 5246 9.
26f1482010-12-21Henrik Grubbström (Grubba)  TLS_rsa_with_aes_128_cbc_sha : ({ KE_rsa, CIPHER_aes, HASH_sha }),
b812f32013-10-24Henrik Grubbström (Grubba) 
783a392014-04-10Henrik Grubbström (Grubba)  SSL_rsa_with_3des_ede_cbc_md5 : ({ KE_rsa, CIPHER_3des, HASH_md5 }),
28f6452013-10-25Henrik Grubbström (Grubba)  SSL_dhe_rsa_with_3des_ede_cbc_sha : ({ KE_dhe_rsa, CIPHER_3des, HASH_sha }),
bb1ab92014-03-13Henrik Grubbström (Grubba)  SSL_dh_dss_with_3des_ede_cbc_sha : ({ KE_dh_dss, CIPHER_3des, HASH_sha }), SSL_dh_rsa_with_3des_ede_cbc_sha : ({ KE_dh_rsa, CIPHER_3des, HASH_sha }),
28f6452013-10-25Henrik Grubbström (Grubba) 
26f1482010-12-21Henrik Grubbström (Grubba)  TLS_dhe_dss_with_aes_128_cbc_sha : ({ KE_dhe_dss, CIPHER_aes, HASH_sha }),
28f6452013-10-25Henrik Grubbström (Grubba)  TLS_dhe_rsa_with_aes_128_cbc_sha : ({ KE_dhe_rsa, CIPHER_aes, HASH_sha }),
bb1ab92014-03-13Henrik Grubbström (Grubba)  TLS_dh_dss_with_aes_128_cbc_sha : ({ KE_dh_dss, CIPHER_aes, HASH_sha }), TLS_dh_rsa_with_aes_128_cbc_sha : ({ KE_dh_rsa, CIPHER_aes, HASH_sha }),
26f1482010-12-21Henrik Grubbström (Grubba)  TLS_rsa_with_aes_256_cbc_sha : ({ KE_rsa, CIPHER_aes256, HASH_sha }), TLS_dhe_dss_with_aes_256_cbc_sha : ({ KE_dhe_dss, CIPHER_aes256, HASH_sha }),
28f6452013-10-25Henrik Grubbström (Grubba)  TLS_dhe_rsa_with_aes_256_cbc_sha : ({ KE_dhe_rsa, CIPHER_aes256, HASH_sha }),
6ab85a2014-03-15Henrik Grubbström (Grubba)  TLS_dh_dss_with_aes_256_cbc_sha : ({ KE_dh_dss, CIPHER_aes256, HASH_sha }), TLS_dh_rsa_with_aes_256_cbc_sha : ({ KE_dh_rsa, CIPHER_aes256, HASH_sha }),
fbc9502013-10-26Henrik Grubbström (Grubba) 
dfd5aa2014-05-31Henrik Grubbström (Grubba) #if constant(Crypto.ECC.Curve)
099efc2014-01-01Henrik Grubbström (Grubba)  // Suites from RFC 4492 (TLSECC)
6ab85a2014-03-15Henrik Grubbström (Grubba)  TLS_ecdh_ecdsa_with_null_sha : ({ KE_ecdh_ecdsa, 0, HASH_sha }),
10333f2014-03-12Henrik Grubbström (Grubba)  TLS_ecdh_ecdsa_with_rc4_128_sha : ({ KE_ecdh_ecdsa, CIPHER_rc4, HASH_sha }), TLS_ecdh_ecdsa_with_3des_ede_cbc_sha : ({ KE_ecdh_ecdsa, CIPHER_3des, HASH_sha }), TLS_ecdh_ecdsa_with_aes_128_cbc_sha : ({ KE_ecdh_ecdsa, CIPHER_aes, HASH_sha }), TLS_ecdh_ecdsa_with_aes_256_cbc_sha : ({ KE_ecdh_ecdsa, CIPHER_aes256, HASH_sha }),
6ab85a2014-03-15Henrik Grubbström (Grubba)  TLS_ecdhe_ecdsa_with_null_sha : ({ KE_ecdhe_ecdsa, 0, HASH_sha }),
c32ae82014-01-14Henrik Grubbström (Grubba)  TLS_ecdhe_ecdsa_with_rc4_128_sha : ({ KE_ecdhe_ecdsa, CIPHER_rc4, HASH_sha }), TLS_ecdhe_ecdsa_with_3des_ede_cbc_sha : ({ KE_ecdhe_ecdsa, CIPHER_3des, HASH_sha }), TLS_ecdhe_ecdsa_with_aes_128_cbc_sha : ({ KE_ecdhe_ecdsa, CIPHER_aes, HASH_sha }), TLS_ecdhe_ecdsa_with_aes_256_cbc_sha : ({ KE_ecdhe_ecdsa, CIPHER_aes256, HASH_sha }),
6ab85a2014-03-15Henrik Grubbström (Grubba)  TLS_ecdh_rsa_with_null_sha : ({ KE_ecdh_rsa, 0, HASH_sha }),
10333f2014-03-12Henrik Grubbström (Grubba)  TLS_ecdh_rsa_with_rc4_128_sha : ({ KE_ecdh_rsa, CIPHER_rc4, HASH_sha }), TLS_ecdh_rsa_with_3des_ede_cbc_sha : ({ KE_ecdh_rsa, CIPHER_3des, HASH_sha }), TLS_ecdh_rsa_with_aes_128_cbc_sha : ({ KE_ecdh_rsa, CIPHER_aes, HASH_sha }), TLS_ecdh_rsa_with_aes_256_cbc_sha : ({ KE_ecdh_rsa, CIPHER_aes256, HASH_sha }),
6ab85a2014-03-15Henrik Grubbström (Grubba)  TLS_ecdhe_rsa_with_null_sha : ({ KE_ecdhe_rsa, 0, HASH_sha }),
099efc2014-01-01Henrik Grubbström (Grubba)  TLS_ecdhe_rsa_with_rc4_128_sha : ({ KE_ecdhe_rsa, CIPHER_rc4, HASH_sha }), TLS_ecdhe_rsa_with_3des_ede_cbc_sha : ({ KE_ecdhe_rsa, CIPHER_3des, HASH_sha }), TLS_ecdhe_rsa_with_aes_128_cbc_sha : ({ KE_ecdhe_rsa, CIPHER_aes, HASH_sha }), TLS_ecdhe_rsa_with_aes_256_cbc_sha : ({ KE_ecdhe_rsa, CIPHER_aes256, HASH_sha }),
a883eb2014-06-30Henrik Grubbström (Grubba)  // Suites from RFC 7251 // These are AEAD suites, and thus not valid for TLS prior to TLS 1.2. TLS_ecdhe_ecdsa_with_aes_128_ccm : ({ KE_ecdhe_ecdsa, CIPHER_aes, HASH_sha256, MODE_ccm }), TLS_ecdhe_ecdsa_with_aes_256_ccm : ({ KE_ecdhe_ecdsa, CIPHER_aes256, HASH_sha256, MODE_ccm }), TLS_ecdhe_ecdsa_with_aes_128_ccm_8 : ({ KE_ecdhe_ecdsa, CIPHER_aes, HASH_sha256, MODE_ccm_8 }), TLS_ecdhe_ecdsa_with_aes_256_ccm_8 : ({ KE_ecdhe_ecdsa, CIPHER_aes256, HASH_sha256, MODE_ccm_8 }),
dfd5aa2014-05-31Henrik Grubbström (Grubba) #endif /* Crypto.ECC.Curve */
099efc2014-01-01Henrik Grubbström (Grubba) 
c32ae82014-01-14Henrik Grubbström (Grubba) 
099efc2014-01-01Henrik Grubbström (Grubba)  // Suites from RFC 5246 (TLS 1.2)
55880e2015-04-13Martin Nilsson  TLS_rsa_with_aes_128_cbc_sha256 : ({ KE_rsa, CIPHER_aes, HASH_sha256, MODE_cbc }), TLS_dhe_rsa_with_aes_128_cbc_sha256 : ({ KE_dhe_rsa, CIPHER_aes, HASH_sha256, MODE_cbc }), TLS_dhe_dss_with_aes_128_cbc_sha256 : ({ KE_dhe_dss, CIPHER_aes, HASH_sha256, MODE_cbc }), TLS_dh_rsa_with_aes_128_cbc_sha256 : ({ KE_dh_rsa, CIPHER_aes, HASH_sha256, MODE_cbc }), TLS_dh_dss_with_aes_128_cbc_sha256 : ({ KE_dh_dss, CIPHER_aes, HASH_sha256, MODE_cbc }), TLS_rsa_with_aes_256_cbc_sha256 : ({ KE_rsa, CIPHER_aes256, HASH_sha256, MODE_cbc }), TLS_dhe_rsa_with_aes_256_cbc_sha256 : ({ KE_dhe_rsa, CIPHER_aes256, HASH_sha256, MODE_cbc }), TLS_dhe_dss_with_aes_256_cbc_sha256 : ({ KE_dhe_dss, CIPHER_aes256, HASH_sha256, MODE_cbc }), TLS_dh_rsa_with_aes_256_cbc_sha256 : ({ KE_dh_rsa, CIPHER_aes256, HASH_sha256, MODE_cbc }), TLS_dh_dss_with_aes_256_cbc_sha256 : ({ KE_dh_dss, CIPHER_aes256, HASH_sha256, MODE_cbc }),
d51acc2013-11-26Henrik Grubbström (Grubba) 
dfd5aa2014-05-31Henrik Grubbström (Grubba) #if constant(Crypto.ECC.Curve)
099efc2014-01-01Henrik Grubbström (Grubba)  // Suites from RFC 5289 // Note that these are not valid for TLS versions prior to TLS 1.2.
c32ae82014-01-14Henrik Grubbström (Grubba)  TLS_ecdhe_ecdsa_with_aes_128_cbc_sha256 : ({ KE_ecdhe_ecdsa, CIPHER_aes, HASH_sha256, MODE_cbc }),
10333f2014-03-12Henrik Grubbström (Grubba)  TLS_ecdh_ecdsa_with_aes_128_cbc_sha256 : ({ KE_ecdh_ecdsa, CIPHER_aes, HASH_sha256, MODE_cbc }),
099efc2014-01-01Henrik Grubbström (Grubba)  TLS_ecdhe_rsa_with_aes_128_cbc_sha256 : ({ KE_ecdhe_rsa, CIPHER_aes, HASH_sha256, MODE_cbc }),
10333f2014-03-12Henrik Grubbström (Grubba)  TLS_ecdh_rsa_with_aes_128_cbc_sha256 : ({ KE_ecdh_rsa, CIPHER_aes, HASH_sha256, MODE_cbc }),
03e2672015-02-23Martin Nilsson #if constant(Crypto.SHA384) TLS_ecdhe_ecdsa_with_aes_256_cbc_sha384 : ({ KE_ecdhe_ecdsa, CIPHER_aes256, HASH_sha384, MODE_cbc }), TLS_ecdh_ecdsa_with_aes_256_cbc_sha384 : ({ KE_ecdh_ecdsa, CIPHER_aes256, HASH_sha384, MODE_cbc }), TLS_ecdhe_rsa_with_aes_256_cbc_sha384 : ({ KE_ecdhe_rsa, CIPHER_aes256, HASH_sha384, MODE_cbc }),
10333f2014-03-12Henrik Grubbström (Grubba)  TLS_ecdh_rsa_with_aes_256_cbc_sha384 : ({ KE_ecdh_rsa, CIPHER_aes256, HASH_sha384, MODE_cbc }),
03e2672015-02-23Martin Nilsson #endif /* Crypto.SHA384 */
dfd5aa2014-05-31Henrik Grubbström (Grubba) #endif /* Crypto.ECC.Curve */
099efc2014-01-01Henrik Grubbström (Grubba) 
4641ca2014-03-18Henrik Grubbström (Grubba)  // Suites from RFC 6655 // These are AEAD suites, and thus not valid for TLS prior to TLS 1.2. TLS_rsa_with_aes_128_ccm: ({ KE_rsa, CIPHER_aes, HASH_sha256, MODE_ccm }), TLS_rsa_with_aes_256_ccm: ({ KE_rsa, CIPHER_aes256, HASH_sha256, MODE_ccm }), TLS_dhe_rsa_with_aes_128_ccm: ({ KE_dhe_rsa, CIPHER_aes, HASH_sha256, MODE_ccm }), TLS_dhe_rsa_with_aes_256_ccm: ({ KE_dhe_rsa, CIPHER_aes256, HASH_sha256, MODE_ccm }), TLS_rsa_with_aes_128_ccm_8: ({ KE_rsa, CIPHER_aes, HASH_sha256, MODE_ccm_8 }), TLS_rsa_with_aes_256_ccm_8: ({ KE_rsa, CIPHER_aes256, HASH_sha256, MODE_ccm_8 }), TLS_dhe_rsa_with_aes_128_ccm_8: ({ KE_dhe_rsa, CIPHER_aes, HASH_sha256, MODE_ccm_8 }), TLS_dhe_rsa_with_aes_256_ccm_8: ({ KE_dhe_rsa, CIPHER_aes256, HASH_sha256, MODE_ccm_8 }),
988c202013-12-02Martin Nilsson #if constant(Crypto.Camellia)
21df722014-01-02Henrik Grubbström (Grubba)  // Camellia Suites:
fbc9502013-10-26Henrik Grubbström (Grubba)  TLS_rsa_with_camellia_128_cbc_sha: ({ KE_rsa, CIPHER_camellia128, HASH_sha }), TLS_dhe_dss_with_camellia_128_cbc_sha: ({ KE_dhe_dss, CIPHER_camellia128, HASH_sha }), TLS_dhe_rsa_with_camellia_128_cbc_sha: ({ KE_dhe_rsa, CIPHER_camellia128, HASH_sha }),
bb1ab92014-03-13Henrik Grubbström (Grubba)  TLS_dh_dss_with_camellia_128_cbc_sha: ({ KE_dh_dss, CIPHER_camellia128, HASH_sha }), TLS_dh_rsa_with_camellia_128_cbc_sha: ({ KE_dh_rsa, CIPHER_camellia128, HASH_sha }),
fbc9502013-10-26Henrik Grubbström (Grubba)  TLS_rsa_with_camellia_256_cbc_sha: ({ KE_rsa, CIPHER_camellia256, HASH_sha }), TLS_dhe_dss_with_camellia_256_cbc_sha: ({ KE_dhe_dss, CIPHER_camellia256, HASH_sha }), TLS_dhe_rsa_with_camellia_256_cbc_sha: ({ KE_dhe_rsa, CIPHER_camellia256, HASH_sha }),
bb1ab92014-03-13Henrik Grubbström (Grubba)  TLS_dh_dss_with_camellia_256_cbc_sha: ({ KE_dh_dss, CIPHER_camellia256, HASH_sha }), TLS_dh_rsa_with_camellia_256_cbc_sha: ({ KE_dh_rsa, CIPHER_camellia256, HASH_sha }),
ff3df42013-11-26Henrik Grubbström (Grubba) 
55880e2015-04-13Martin Nilsson  TLS_rsa_with_camellia_128_cbc_sha256: ({ KE_rsa, CIPHER_camellia128, HASH_sha256, MODE_cbc }), TLS_dhe_dss_with_camellia_128_cbc_sha256: ({ KE_dhe_dss, CIPHER_camellia128, HASH_sha256, MODE_cbc }), TLS_dhe_rsa_with_camellia_128_cbc_sha256: ({ KE_dhe_rsa, CIPHER_camellia128, HASH_sha256, MODE_cbc }), TLS_dh_dss_with_camellia_128_cbc_sha256: ({ KE_dh_dss, CIPHER_camellia128, HASH_sha256, MODE_cbc }), TLS_dh_rsa_with_camellia_128_cbc_sha256: ({ KE_dh_rsa, CIPHER_camellia128, HASH_sha256, MODE_cbc }), TLS_rsa_with_camellia_256_cbc_sha256: ({ KE_rsa, CIPHER_camellia256, HASH_sha256, MODE_cbc }), TLS_dhe_dss_with_camellia_256_cbc_sha256: ({ KE_dhe_dss, CIPHER_camellia256, HASH_sha256, MODE_cbc }), TLS_dhe_rsa_with_camellia_256_cbc_sha256: ({ KE_dhe_rsa, CIPHER_camellia256, HASH_sha256, MODE_cbc }), TLS_dh_dss_with_camellia_256_cbc_sha256: ({ KE_dh_dss, CIPHER_camellia256, HASH_sha256, MODE_cbc }), TLS_dh_rsa_with_camellia_256_cbc_sha256: ({ KE_dh_rsa, CIPHER_camellia256, HASH_sha256, MODE_cbc }),
099efc2014-01-01Henrik Grubbström (Grubba) 
21df722014-01-02Henrik Grubbström (Grubba)  // Anonymous variants: TLS_dh_anon_with_camellia_128_cbc_sha: ({ KE_dh_anon, CIPHER_camellia128, HASH_sha }), TLS_dh_anon_with_camellia_256_cbc_sha: ({ KE_dh_anon, CIPHER_camellia256, HASH_sha }),
55880e2015-04-13Martin Nilsson  TLS_dh_anon_with_camellia_128_cbc_sha256: ({ KE_dh_anon, CIPHER_camellia128, HASH_sha256, MODE_cbc }), TLS_dh_anon_with_camellia_256_cbc_sha256: ({ KE_dh_anon, CIPHER_camellia256, HASH_sha256, MODE_cbc }),
21df722014-01-02Henrik Grubbström (Grubba) 
dfd5aa2014-05-31Henrik Grubbström (Grubba) #if constant(Crypto.ECC.Curve)
099efc2014-01-01Henrik Grubbström (Grubba)  // From RFC 6367 // Note that this RFC explicitly allows use of these suites // with TLS versions prior to TLS 1.2 (RFC 6367 3.3).
edb7372014-03-15Henrik Grubbström (Grubba)  TLS_ecdh_ecdsa_with_camellia_128_cbc_sha256: ({ KE_ecdh_ecdsa, CIPHER_camellia128, HASH_sha256 }), TLS_ecdh_rsa_with_camellia_128_cbc_sha256: ({ KE_ecdh_rsa, CIPHER_camellia128, HASH_sha256 }),
c32ae82014-01-14Henrik Grubbström (Grubba)  TLS_ecdhe_ecdsa_with_camellia_128_cbc_sha256: ({ KE_ecdhe_ecdsa, CIPHER_camellia128, HASH_sha256 }),
099efc2014-01-01Henrik Grubbström (Grubba)  TLS_ecdhe_rsa_with_camellia_128_cbc_sha256: ({ KE_ecdhe_rsa, CIPHER_camellia128, HASH_sha256 }),
03e2672015-02-23Martin Nilsson #if constant(Crypto.SHA384) TLS_ecdh_ecdsa_with_camellia_256_cbc_sha384: ({ KE_ecdh_ecdsa, CIPHER_camellia256, HASH_sha384 }), TLS_ecdh_rsa_with_camellia_256_cbc_sha384: ({ KE_ecdh_rsa, CIPHER_camellia256, HASH_sha384 }), TLS_ecdhe_ecdsa_with_camellia_256_cbc_sha384: ({ KE_ecdhe_ecdsa, CIPHER_camellia256, HASH_sha384 }),
099efc2014-01-01Henrik Grubbström (Grubba)  TLS_ecdhe_rsa_with_camellia_256_cbc_sha384: ({ KE_ecdhe_rsa, CIPHER_camellia256, HASH_sha384 }),
03e2672015-02-23Martin Nilsson #endif /* Crypto.SHA384 */
dfd5aa2014-05-31Henrik Grubbström (Grubba) #endif /* Crypto.ECC.Curve */
50aaf02013-12-04Henrik Grubbström (Grubba) #endif /* Crypto.Camellia */
fbc9502013-10-26Henrik Grubbström (Grubba) 
ef84602014-04-26Henrik Grubbström (Grubba) #if constant(Crypto.AES.GCM)
21df722014-01-02Henrik Grubbström (Grubba)  // GCM Suites:
50aaf02013-12-04Henrik Grubbström (Grubba)  TLS_rsa_with_aes_128_gcm_sha256: ({ KE_rsa, CIPHER_aes, HASH_sha256, MODE_gcm }), TLS_dhe_rsa_with_aes_128_gcm_sha256: ({ KE_dhe_rsa, CIPHER_aes, HASH_sha256, MODE_gcm }), TLS_dhe_dss_with_aes_128_gcm_sha256: ({ KE_dhe_dss, CIPHER_aes, HASH_sha256, MODE_gcm }),
bb1ab92014-03-13Henrik Grubbström (Grubba)  TLS_dh_rsa_with_aes_128_gcm_sha256: ({ KE_dh_rsa, CIPHER_aes, HASH_sha256, MODE_gcm }), TLS_dh_dss_with_aes_128_gcm_sha256: ({ KE_dh_dss, CIPHER_aes, HASH_sha256, MODE_gcm }),
3f1f0f2013-12-04Henrik Grubbström (Grubba) 
03e2672015-02-23Martin Nilsson #if constant(Crypto.SHA384)
3f1f0f2013-12-04Henrik Grubbström (Grubba)  TLS_rsa_with_aes_256_gcm_sha384: ({ KE_rsa, CIPHER_aes256, HASH_sha384, MODE_gcm }), TLS_dhe_rsa_with_aes_256_gcm_sha384: ({ KE_dhe_rsa, CIPHER_aes256, HASH_sha384, MODE_gcm }), TLS_dhe_dss_with_aes_256_gcm_sha384: ({ KE_dhe_dss, CIPHER_aes256, HASH_sha384, MODE_gcm }),
bb1ab92014-03-13Henrik Grubbström (Grubba)  TLS_dh_rsa_with_aes_256_gcm_sha384: ({ KE_dh_rsa, CIPHER_aes256, HASH_sha384, MODE_gcm }), TLS_dh_dss_with_aes_256_gcm_sha384: ({ KE_dh_dss, CIPHER_aes256, HASH_sha384, MODE_gcm }),
03e2672015-02-23Martin Nilsson #endif /* Crypto.SHA384 */
dfd5aa2014-05-31Henrik Grubbström (Grubba)  #if constant(Crypto.ECC.Curve) TLS_ecdhe_ecdsa_with_aes_128_gcm_sha256: ({ KE_ecdhe_ecdsa, CIPHER_aes, HASH_sha256, MODE_gcm }), TLS_ecdh_ecdsa_with_aes_128_gcm_sha256: ({ KE_ecdh_ecdsa, CIPHER_aes, HASH_sha256, MODE_gcm }), TLS_ecdhe_rsa_with_aes_128_gcm_sha256: ({ KE_ecdhe_rsa, CIPHER_aes, HASH_sha256, MODE_gcm }), TLS_ecdh_rsa_with_aes_128_gcm_sha256: ({ KE_ecdh_rsa, CIPHER_aes, HASH_sha256, MODE_gcm }),
03e2672015-02-23Martin Nilsson #if constant(Crypto.SHA384)
c32ae82014-01-14Henrik Grubbström (Grubba)  TLS_ecdhe_ecdsa_with_aes_256_gcm_sha384: ({ KE_ecdhe_ecdsa, CIPHER_aes256, HASH_sha384, MODE_gcm }),
10333f2014-03-12Henrik Grubbström (Grubba)  TLS_ecdh_ecdsa_with_aes_256_gcm_sha384: ({ KE_ecdh_ecdsa, CIPHER_aes256, HASH_sha384, MODE_gcm }),
099efc2014-01-01Henrik Grubbström (Grubba)  TLS_ecdhe_rsa_with_aes_256_gcm_sha384: ({ KE_ecdhe_rsa, CIPHER_aes256, HASH_sha384, MODE_gcm }),
10333f2014-03-12Henrik Grubbström (Grubba)  TLS_ecdh_rsa_with_aes_256_gcm_sha384: ({ KE_ecdh_rsa, CIPHER_aes256, HASH_sha384, MODE_gcm }),
03e2672015-02-23Martin Nilsson #endif /* Crypto.SHA384 */
dfd5aa2014-05-31Henrik Grubbström (Grubba) #endif /* Crypto.ECC.Curve */
21df722014-01-02Henrik Grubbström (Grubba)  // Anonymous variants: TLS_dh_anon_with_aes_128_gcm_sha256: ({ KE_dh_anon, CIPHER_aes, HASH_sha256, MODE_gcm }),
03e2672015-02-23Martin Nilsson #if constant(Crypto.SHA384)
21df722014-01-02Henrik Grubbström (Grubba)  TLS_dh_anon_with_aes_256_gcm_sha384: ({ KE_dh_anon, CIPHER_aes256, HASH_sha384, MODE_gcm }),
03e2672015-02-23Martin Nilsson #endif /* Crypto.SHA384 */
21df722014-01-02Henrik Grubbström (Grubba) 
4433d32013-12-09Henrik Grubbström (Grubba) #if constant(Crypto.Camellia)
21df722014-01-02Henrik Grubbström (Grubba)  // Camellia and GCM.
4433d32013-12-09Henrik Grubbström (Grubba)  TLS_rsa_with_camellia_128_gcm_sha256:({ KE_rsa, CIPHER_camellia128, HASH_sha256, MODE_gcm }), TLS_dhe_rsa_with_camellia_128_gcm_sha256:({ KE_dhe_rsa, CIPHER_camellia128, HASH_sha256, MODE_gcm }), TLS_dhe_dss_with_camellia_128_gcm_sha256:({ KE_dhe_dss, CIPHER_camellia128, HASH_sha256, MODE_gcm }),
bb1ab92014-03-13Henrik Grubbström (Grubba)  TLS_dh_rsa_with_camellia_128_gcm_sha256:({ KE_dh_rsa, CIPHER_camellia128, HASH_sha256, MODE_gcm }), TLS_dh_dss_with_camellia_128_gcm_sha256:({ KE_dh_dss, CIPHER_camellia128, HASH_sha256, MODE_gcm }),
03e2672015-02-23Martin Nilsson #if constant(Crypto.SHA384) TLS_rsa_with_camellia_256_gcm_sha384:({ KE_rsa, CIPHER_camellia256, HASH_sha384, MODE_gcm }), TLS_dhe_rsa_with_camellia_256_gcm_sha384:({ KE_dhe_rsa, CIPHER_camellia256, HASH_sha384, MODE_gcm }), TLS_dhe_dss_with_camellia_256_gcm_sha384:({ KE_dhe_dss, CIPHER_camellia256, HASH_sha384, MODE_gcm }), TLS_dh_rsa_with_camellia_256_gcm_sha384:({ KE_dh_rsa, CIPHER_camellia256, HASH_sha384, MODE_gcm }),
bb1ab92014-03-13Henrik Grubbström (Grubba)  TLS_dh_dss_with_camellia_256_gcm_sha384:({ KE_dh_dss, CIPHER_camellia256, HASH_sha384, MODE_gcm }),
03e2672015-02-23Martin Nilsson #endif /* Crypto.SHA384 */
099efc2014-01-01Henrik Grubbström (Grubba) 
21df722014-01-02Henrik Grubbström (Grubba)  // Anonymous variants: TLS_dh_anon_with_camellia_128_gcm_sha256: ({ KE_dh_anon, CIPHER_camellia128, HASH_sha256, MODE_gcm }),
03e2672015-02-23Martin Nilsson #if constant(Crypto.SHA384)
21df722014-01-02Henrik Grubbström (Grubba)  TLS_dh_anon_with_camellia_256_gcm_sha384: ({ KE_dh_anon, CIPHER_camellia256, HASH_sha384, MODE_gcm }),
03e2672015-02-23Martin Nilsson #endif /* Crypto.SHA384 */
21df722014-01-02Henrik Grubbström (Grubba) 
dfd5aa2014-05-31Henrik Grubbström (Grubba) #if constant(Crypto.ECC.Curve)
099efc2014-01-01Henrik Grubbström (Grubba)  // From RFC 6367
c32ae82014-01-14Henrik Grubbström (Grubba)  TLS_ecdhe_ecdsa_with_camellia_128_gcm_sha256: ({ KE_ecdhe_ecdsa, CIPHER_camellia128, HASH_sha256, MODE_gcm }),
10333f2014-03-12Henrik Grubbström (Grubba)  TLS_ecdh_ecdsa_with_camellia_128_gcm_sha256: ({ KE_ecdh_ecdsa, CIPHER_camellia128, HASH_sha256, MODE_gcm }),
099efc2014-01-01Henrik Grubbström (Grubba)  TLS_ecdhe_rsa_with_camellia_128_gcm_sha256: ({ KE_ecdhe_rsa, CIPHER_camellia128, HASH_sha256, MODE_gcm }),
10333f2014-03-12Henrik Grubbström (Grubba)  TLS_ecdh_rsa_with_camellia_128_gcm_sha256: ({ KE_ecdh_rsa, CIPHER_camellia128, HASH_sha256, MODE_gcm }),
03e2672015-02-23Martin Nilsson #if constant(Crypto.SHA384) TLS_ecdhe_ecdsa_with_camellia_256_gcm_sha384: ({ KE_ecdhe_ecdsa, CIPHER_camellia256, HASH_sha384, MODE_gcm }), TLS_ecdh_ecdsa_with_camellia_256_gcm_sha384: ({ KE_ecdh_ecdsa, CIPHER_camellia256, HASH_sha384, MODE_gcm }), TLS_ecdhe_rsa_with_camellia_256_gcm_sha384: ({ KE_ecdhe_rsa, CIPHER_camellia256, HASH_sha384, MODE_gcm }),
10333f2014-03-12Henrik Grubbström (Grubba)  TLS_ecdh_rsa_with_camellia_256_gcm_sha384: ({ KE_ecdh_rsa, CIPHER_camellia256, HASH_sha384, MODE_gcm }),
03e2672015-02-23Martin Nilsson #endif /* Crypto.SHA384 */
dfd5aa2014-05-31Henrik Grubbström (Grubba) #endif /* Crypto.ECC.Curve */
4433d32013-12-09Henrik Grubbström (Grubba) #endif /* Crypto.Camellia */
ef84602014-04-26Henrik Grubbström (Grubba) #endif /* Crypto.AES.GCM */
de55552014-05-16Henrik Grubbström (Grubba) 
d6f05c2015-09-07Martin Nilsson #if constant(Crypto.ChaCha20.POLY1305) && defined(NOT_BROKEN)
dfd5aa2014-05-31Henrik Grubbström (Grubba) #if constant(Crypto.ECC.Curve)
de55552014-05-16Henrik Grubbström (Grubba)  // Draft. TLS_ecdhe_rsa_with_chacha20_poly1305_sha256: ({ KE_ecdhe_rsa, CIPHER_chacha20, HASH_sha256, MODE_poly1305 }), TLS_ecdhe_ecdsa_with_chacha20_poly1305_sha256: ({ KE_ecdhe_ecdsa, CIPHER_chacha20, HASH_sha256, MODE_poly1305 }),
dfd5aa2014-05-31Henrik Grubbström (Grubba) #endif /* Crypto.ECC.Curve */
de55552014-05-16Henrik Grubbström (Grubba)  TLS_dhe_rsa_with_chacha20_poly1305_sha256: ({ KE_dhe_rsa, CIPHER_chacha20, HASH_sha256, MODE_poly1305 }), #endif /* Crypto.ChaCha20.POLY1305 */
0f7fd72015-02-19Martin Nilsson  // PSK without any KE TLS_psk_with_null_sha : ({ KE_psk, 0, HASH_sha }), TLS_psk_with_rc4_128_sha : ({ KE_psk, CIPHER_rc4, HASH_sha }), TLS_psk_with_3des_ede_cbc_sha : ({ KE_psk, CIPHER_3des, HASH_sha }), TLS_psk_with_aes_128_cbc_sha : ({ KE_psk, CIPHER_aes, HASH_sha }), TLS_psk_with_aes_256_cbc_sha : ({ KE_psk, CIPHER_aes256, HASH_sha }),
9f14882015-02-19Henrik Grubbström (Grubba) #if constant(Crypto.AES.GCM)
0f7fd72015-02-19Martin Nilsson  TLS_psk_with_aes_128_gcm_sha256 : ({ KE_psk, CIPHER_aes, HASH_sha256, MODE_gcm }),
03e2672015-02-23Martin Nilsson #if constant(Crypto.SHA384)
0f7fd72015-02-19Martin Nilsson  TLS_psk_with_aes_256_gcm_sha384 : ({ KE_psk, CIPHER_aes256, HASH_sha384, MODE_gcm }),
03e2672015-02-23Martin Nilsson #endif /* Crypto.SHA384 */
9f14882015-02-19Henrik Grubbström (Grubba) #endif /* Crypto.AES.GCM */
55880e2015-04-13Martin Nilsson  TLS_psk_with_aes_128_cbc_sha256 : ({ KE_psk, CIPHER_aes, HASH_sha256, MODE_cbc }),
0f7fd72015-02-19Martin Nilsson  TLS_psk_with_aes_256_cbc_sha384 : ({ KE_psk, CIPHER_aes256, HASH_sha384, MODE_cbc }),
55880e2015-04-13Martin Nilsson  TLS_psk_with_null_sha256 : ({ KE_psk, 0, HASH_sha256, MODE_cbc }),
03e2672015-02-23Martin Nilsson #if constant(Crypto.SHA384)
4121232015-02-19Martin Nilsson  TLS_psk_with_null_sha384 : ({ KE_psk, 0, HASH_sha384, MODE_cbc }),
03e2672015-02-23Martin Nilsson #endif /* Crypto.SHA384 */
9f14882015-02-19Henrik Grubbström (Grubba) #if constant(Crypto.Camellia) #if constant(Crypto.Camellia.GCM)
0f7fd72015-02-19Martin Nilsson  TLS_psk_with_camellia_128_gcm_sha256 : ({ KE_psk, CIPHER_camellia128, HASH_sha256, MODE_gcm }),
03e2672015-02-23Martin Nilsson #if constant(Crypto.SHA384)
0f7fd72015-02-19Martin Nilsson  TLS_psk_with_camellia_256_gcm_sha384 : ({ KE_psk, CIPHER_camellia256, HASH_sha384, MODE_gcm }),
03e2672015-02-23Martin Nilsson #endif /* Crypto.SHA384 */
9f14882015-02-19Henrik Grubbström (Grubba) #endif /* Crypto.Camellia.GCM */
55880e2015-04-13Martin Nilsson  TLS_psk_with_camellia_128_cbc_sha256 : ({ KE_psk, CIPHER_camellia128, HASH_sha256, MODE_cbc }),
03e2672015-02-23Martin Nilsson #if constant(Crypto.SHA384)
0f7fd72015-02-19Martin Nilsson  TLS_psk_with_camellia_256_cbc_sha384 : ({ KE_psk, CIPHER_camellia256, HASH_sha384, MODE_cbc }),
03e2672015-02-23Martin Nilsson #endif /* Crypto.SHA384 */
9f14882015-02-19Henrik Grubbström (Grubba) #endif /* Crypto.Camellia */
0f7fd72015-02-19Martin Nilsson  TLS_psk_with_aes_128_ccm : ({ KE_psk, CIPHER_aes, HASH_sha256, MODE_ccm }), TLS_psk_with_aes_256_ccm : ({ KE_psk, CIPHER_aes256, HASH_sha256, MODE_ccm }), TLS_psk_with_aes_128_ccm_8 : ({ KE_psk, CIPHER_aes, HASH_sha256, MODE_ccm_8 }), TLS_psk_with_aes_256_ccm_8 : ({ KE_psk, CIPHER_aes256, HASH_sha256, MODE_ccm_8 }),
4121232015-02-19Martin Nilsson  // PSK with DHE TLS_dhe_psk_with_null_sha : ({ KE_dhe_psk, 0, HASH_sha }), TLS_dhe_psk_with_rc4_128_sha : ({ KE_dhe_psk, CIPHER_rc4, HASH_sha }), TLS_dhe_psk_with_3des_ede_cbc_sha : ({ KE_dhe_psk, CIPHER_3des, HASH_sha }), TLS_dhe_psk_with_aes_128_cbc_sha : ({ KE_dhe_psk, CIPHER_aes, HASH_sha }), TLS_dhe_psk_with_aes_256_cbc_sha : ({ KE_dhe_psk, CIPHER_aes256, HASH_sha }),
9f14882015-02-19Henrik Grubbström (Grubba) #if constant(Crypto.AES.GCM)
4121232015-02-19Martin Nilsson  TLS_dhe_psk_with_aes_128_gcm_sha256 : ({ KE_dhe_psk, CIPHER_aes, HASH_sha256, MODE_gcm }),
03e2672015-02-23Martin Nilsson #if constant(Crypto.SHA384)
4121232015-02-19Martin Nilsson  TLS_dhe_psk_with_aes_256_gcm_sha384 : ({ KE_dhe_psk, CIPHER_aes256, HASH_sha384, MODE_gcm }),
03e2672015-02-23Martin Nilsson #endif /* Crypto.SHA384 */
9f14882015-02-19Henrik Grubbström (Grubba) #endif /* Crypto.AES.GCM */
55880e2015-04-13Martin Nilsson  TLS_dhe_psk_with_aes_128_cbc_sha256 : ({ KE_dhe_psk, CIPHER_aes, HASH_sha256, MODE_cbc }),
03e2672015-02-23Martin Nilsson #if constant(Crypto.SHA384)
4121232015-02-19Martin Nilsson  TLS_dhe_psk_with_aes_256_cbc_sha384 : ({ KE_dhe_psk, CIPHER_aes256, HASH_sha384, MODE_cbc }),
03e2672015-02-23Martin Nilsson #endif /* Crypto.SHA384 */
55880e2015-04-13Martin Nilsson  TLS_dhe_psk_with_null_sha256 : ({ KE_dhe_psk, 0, HASH_sha256, MODE_cbc }),
03e2672015-02-23Martin Nilsson #if constant(Crypto.SHA384)
4121232015-02-19Martin Nilsson  TLS_dhe_psk_with_null_sha384 : ({ KE_dhe_psk, 0, HASH_sha384, MODE_cbc }),
03e2672015-02-23Martin Nilsson #endif /* Crypto.SHA384 */
9f14882015-02-19Henrik Grubbström (Grubba) #if constant(Crypto.Camellia) #if constant(Crypto.Camellia.GCM)
4121232015-02-19Martin Nilsson  TLS_dhe_psk_with_camellia_128_gcm_sha256 : ({ KE_dhe_psk, CIPHER_camellia128, HASH_sha256, MODE_gcm }),
03e2672015-02-23Martin Nilsson #if constant(Crypto.SHA384)
4121232015-02-19Martin Nilsson  TLS_dhe_psk_with_camellia_256_gcm_sha384 : ({ KE_dhe_psk, CIPHER_camellia256, HASH_sha384, MODE_gcm }),
03e2672015-02-23Martin Nilsson #endif /* Crypto.SHA384 */
9f14882015-02-19Henrik Grubbström (Grubba) #endif /* Crypto.Camellia.GCM */
55880e2015-04-13Martin Nilsson  TLS_dhe_psk_with_camellia_128_cbc_sha256 : ({ KE_dhe_psk, CIPHER_camellia128, HASH_sha256, MODE_cbc }),
03e2672015-02-23Martin Nilsson #if constant(Crypto.SHA384)
4121232015-02-19Martin Nilsson  TLS_dhe_psk_with_camellia_256_cbc_sha384 : ({ KE_dhe_psk, CIPHER_camellia256, HASH_sha384, MODE_cbc }),
03e2672015-02-23Martin Nilsson #endif /* Crypto.SHA384 */
9f14882015-02-19Henrik Grubbström (Grubba) #endif /* Crypto.Camellia */
4121232015-02-19Martin Nilsson  TLS_dhe_psk_with_aes_128_ccm : ({ KE_dhe_psk, CIPHER_aes, HASH_sha256, MODE_ccm }), TLS_dhe_psk_with_aes_256_ccm : ({ KE_dhe_psk, CIPHER_aes256, HASH_sha256, MODE_ccm }),
42cb932015-02-23Martin Nilsson  TLS_psk_dhe_with_aes_128_ccm_8 : ({ KE_dhe_psk, CIPHER_aes, HASH_sha256, MODE_ccm_8 }), TLS_psk_dhe_with_aes_256_ccm_8 : ({ KE_dhe_psk, CIPHER_aes256, HASH_sha256, MODE_ccm_8 }), // PSK with RSA TLS_rsa_psk_with_null_sha : ({ KE_rsa_psk, 0, HASH_sha }), TLS_rsa_psk_with_rc4_128_sha : ({ KE_rsa_psk, CIPHER_rc4, HASH_sha }), TLS_rsa_psk_with_3des_ede_cbc_sha : ({ KE_rsa_psk, CIPHER_3des, HASH_sha }), TLS_rsa_psk_with_aes_128_cbc_sha : ({ KE_rsa_psk, CIPHER_aes, HASH_sha }), TLS_rsa_psk_with_aes_256_cbc_sha : ({ KE_rsa_psk, CIPHER_aes256, HASH_sha }), #if constant(Crypto.AES.GCM) TLS_rsa_psk_with_aes_128_gcm_sha256 : ({ KE_rsa_psk, CIPHER_aes, HASH_sha256, MODE_gcm }), #if constant(Crypto.SHA384) TLS_rsa_psk_with_aes_256_gcm_sha384 : ({ KE_rsa_psk, CIPHER_aes256, HASH_sha384, MODE_gcm }), #endif /* Crypto.SHA384 */ #endif /* Crypto.AES.GCM */
55880e2015-04-13Martin Nilsson  TLS_rsa_psk_with_aes_128_cbc_sha256 : ({ KE_rsa_psk, CIPHER_aes, HASH_sha256, MODE_cbc }),
42cb932015-02-23Martin Nilsson #if constant(Crypto.SHA384) TLS_rsa_psk_with_aes_256_cbc_sha384 : ({ KE_rsa_psk, CIPHER_aes256, HASH_sha384, MODE_cbc }), #endif /* Crypto.SHA384 */
55880e2015-04-13Martin Nilsson  TLS_rsa_psk_with_null_sha256 : ({ KE_rsa_psk, 0, HASH_sha256, MODE_cbc }),
42cb932015-02-23Martin Nilsson #if constant(Crypto.SHA384) TLS_rsa_psk_with_null_sha384 : ({ KE_rsa_psk, 0, HASH_sha384, MODE_cbc }), #endif /* Crypto.SHA384 */ #if constant(Crypto.Camellia) #if constant(Crypto.Camellia.GCM) TLS_rsa_psk_with_camellia_128_gcm_sha256 : ({ KE_rsa_psk, CIPHER_camellia128, HASH_sha256, MODE_gcm }), #if constant(Crypto.SHA384) TLS_rsa_psk_with_camellia_256_gcm_sha384 : ({ KE_rsa_psk, CIPHER_camellia256, HASH_sha384, MODE_gcm }), #endif /* Crypto.SHA384 */ #endif /* Crypto.Camellia.GCM */
55880e2015-04-13Martin Nilsson  TLS_rsa_psk_with_camellia_128_cbc_sha256 : ({ KE_rsa_psk, CIPHER_camellia128, HASH_sha256, MODE_cbc }),
42cb932015-02-23Martin Nilsson #if constant(Crypto.SHA384) TLS_rsa_psk_with_camellia_256_cbc_sha384 : ({ KE_rsa_psk, CIPHER_camellia256, HASH_sha384, MODE_cbc }), #endif /* Crypto.SHA384 */ #endif /* Crypto.Camellia */
ad787f2015-04-06Martin Nilsson  // PSK with ECDHE #if constant(Crypto.ECC.Curve) TLS_ecdhe_psk_with_null_sha : ({ KE_ecdhe_psk, 0, HASH_sha }),
55880e2015-04-13Martin Nilsson  TLS_ecdhe_psk_with_null_sha256 : ({ KE_ecdhe_psk, 0, HASH_sha256, MODE_cbc }),
ad787f2015-04-06Martin Nilsson #if constant(Crypto.SHA384) TLS_ecdhe_psk_with_null_sha384 : ({ KE_ecdhe_psk, 0, HASH_sha384, MODE_cbc }), #endif /* Crypto.SHA384 */ TLS_ecdhe_psk_with_rc4_128_sha : ({ KE_ecdhe_psk, CIPHER_rc4, HASH_sha }), TLS_ecdhe_psk_with_3des_ede_cbc_sha : ({ KE_ecdhe_psk, CIPHER_3des, HASH_sha }), TLS_ecdhe_psk_with_aes_128_cbc_sha : ({ KE_ecdhe_psk, CIPHER_aes, HASH_sha }), TLS_ecdhe_psk_with_aes_256_cbc_sha : ({ KE_ecdhe_psk, CIPHER_aes256, HASH_sha }),
55880e2015-04-13Martin Nilsson  TLS_ecdhe_psk_with_aes_128_cbc_sha256 : ({ KE_ecdhe_psk, CIPHER_aes, HASH_sha256, MODE_cbc }),
ad787f2015-04-06Martin Nilsson #if constant(Crypto.SHA384) TLS_ecdhe_psk_with_aes_256_cbc_sha384 : ({ KE_ecdhe_psk, CIPHER_aes256, HASH_sha384, MODE_cbc }), #endif /* Crypto.SHA384 */ #if constant(Crypto.Camellia)
55880e2015-04-13Martin Nilsson  TLS_ecdhe_psk_with_camellia_128_cbc_sha256 : ({ KE_ecdhe_psk, CIPHER_camellia128, HASH_sha256, MODE_cbc }),
ad787f2015-04-06Martin Nilsson #if constant(Crypto.SHA384) TLS_ecdhe_psk_with_camellia_256_cbc_sha384 : ({ KE_ecdhe_psk, CIPHER_camellia256, HASH_sha384, MODE_cbc }), #endif /* Crypto.SHA384 */ #endif /* Crypto.Camellia */ #endif /* Crypto.ECC.Curve */
f760111999-03-09Niels Möller ]);
33ef431997-03-13Niels Möller 
e1fbac2014-03-16Martin Nilsson constant HANDSHAKE_hello_request = 0; // RFC 5246 constant HANDSHAKE_client_hello = 1; // RFC 5246 constant HANDSHAKE_server_hello = 2; // RFC 5246 constant HANDSHAKE_hello_verify_request = 3; // RFC 6347 constant HANDSHAKE_NewSessionTicket = 4; // RFC 4507
58a1a62015-01-01Henrik Grubbström (Grubba) constant HANDSHAKE_client_key_share = 5; // TLS 1.3 draft. constant HANDSHAKE_hello_retry_request = 6; // TLS 1.3 draft. constant HANDSHAKE_server_key_share = 7; // TLS 1.3 draft.
e1fbac2014-03-16Martin Nilsson constant HANDSHAKE_certificate = 11; // RFC 5246 constant HANDSHAKE_server_key_exchange = 12; // RFC 5246 constant HANDSHAKE_certificate_request = 13; // RFC 5246 constant HANDSHAKE_server_hello_done = 14; // RFC 5246 constant HANDSHAKE_certificate_verify = 15; // RFC 5246 constant HANDSHAKE_client_key_exchange = 16; // RFC 5246 constant HANDSHAKE_finished = 20; // RFC 5246 constant HANDSHAKE_cerificate_url = 21; // RFC 6066 constant HANDSHAKE_certificate_status = 22; // RFC 6066 constant HANDSHAKE_supplemental_data = 23; // RFC 4680
27e1172012-04-07Arne Goedeke constant HANDSHAKE_next_protocol = 67; // draft-agl-tls-nextprotoneg
33ef431997-03-13Niels Möller 
5678b72015-01-19Martin Nilsson  //! Don't request nor check any certificate.
33ef431997-03-13Niels Möller constant AUTHLEVEL_none = 1;
5678b72015-01-19Martin Nilsson  //! As a server, request a certificate, but don't require a response. //! This AUTHLEVEL is not relevant for clients.
33ef431997-03-13Niels Möller constant AUTHLEVEL_ask = 2;
5678b72015-01-19Martin Nilsson  //! Require other party to send a valid certificate.
33ef431997-03-13Niels Möller constant AUTHLEVEL_require = 3;
5678b72015-01-19Martin Nilsson 
f760111999-03-09Niels Möller /* FIXME: CERT_* would be better names for these constants */
01c60c2013-10-23Henrik Grubbström (Grubba) constant AUTH_rsa_sign = 1; // SSL 3.0 constant AUTH_dss_sign = 2; // SSL 3.0 constant AUTH_rsa_fixed_dh = 3; // SSL 3.0 constant AUTH_dss_fixed_dh = 4; // SSL 3.0 constant AUTH_rsa_ephemeral_dh = 5; // SSL 3.0 constant AUTH_dss_ephemeral_dh = 6; // SSL 3.0 constant AUTH_fortezza_kea = 20; // SSL 3.0
33ef431997-03-13Niels Möller constant AUTH_fortezza_dms = 20;
bff45d2013-12-29Henrik Grubbström (Grubba) constant AUTH_ecdsa_sign = 64; // RFC 4492 constant AUTH_rsa_fixed_ecdh = 65; // RFC 4492 constant AUTH_ecdsa_fixed_ecdh = 66; // RFC 4492
797b112014-11-27Martin Nilsson /* ECC curve types from RFC 4492 5.4 (ECCurveType). */
bff45d2013-12-29Henrik Grubbström (Grubba) enum CurveType { CURVETYPE_explicit_prime = 1, CURVETYPE_explicit_char2 = 2, CURVETYPE_named_curve = 3, } /* ECBasis types from RFC 4492 5.4 errata. */ enum ECBasisType { ECBASIS_trinomial = 1, ECBASIS_pentanomial = 2, }
cf9f152014-10-13Martin Nilsson /* Groups used for elliptic curves DHE (ECDHE) and finite field DH
797b112014-11-27Martin Nilsson  (FFDHE). RFC 4492 5.1.1 (NamedCurve) / TLS 1.3 7.4.2.5.2. */
4644fc2014-10-13Martin Nilsson enum NamedGroup { GROUP_sect163k1 = 1, // RFC 4492 GROUP_sect163r1 = 2, // RFC 4492 GROUP_sect163r2 = 3, // RFC 4492 GROUP_sect193r1 = 4, // RFC 4492 GROUP_sect193r2 = 5, // RFC 4492 GROUP_sect233k1 = 6, // RFC 4492 GROUP_sect233r1 = 7, // RFC 4492 GROUP_sect239k1 = 8, // RFC 4492 GROUP_sect283k1 = 9, // RFC 4492 GROUP_sect283r1 = 10, // RFC 4492 GROUP_sect409k1 = 11, // RFC 4492 GROUP_sect409r1 = 12, // RFC 4492 GROUP_sect571k1 = 13, // RFC 4492 GROUP_sect571r1 = 14, // RFC 4492 GROUP_secp160k1 = 15, // RFC 4492 GROUP_secp160r1 = 16, // RFC 4492 GROUP_secp160r2 = 17, // RFC 4492 GROUP_secp192k1 = 18, // RFC 4492 GROUP_secp192r1 = 19, // RFC 4492 GROUP_secp224k1 = 20, // RFC 4492 GROUP_secp224r1 = 21, // RFC 4492 GROUP_secp256k1 = 22, // RFC 4492 GROUP_secp256r1 = 23, // RFC 4492 GROUP_secp384r1 = 24, // RFC 4492 GROUP_secp521r1 = 25, // RFC 4492 GROUP_brainpoolP256r1 = 26, // RFC 7027 GROUP_brainpoolP384r1 = 27, // RFC 7027 GROUP_brainpoolP512r1 = 28, // RFC 7027
3462422015-03-05Henrik Grubbström (Grubba)  GROUP_ffdhe2048 = 256, // draft-ietf-tls-negotiated-ff-dhe-07 GROUP_ffdhe3072 = 257, // draft-ietf-tls-negotiated-ff-dhe-07 GROUP_ffdhe4096 = 258, // draft-ietf-tls-negotiated-ff-dhe-07 GROUP_ffdhe6144 = 259, // draft-ietf-tls-negotiated-ff-dhe-07 GROUP_ffdhe8192 = 260, // draft-ietf-tls-negotiated-ff-dhe-07
4644fc2014-10-13Martin Nilsson 
7eb8e72015-03-05Henrik Grubbström (Grubba)  GROUP_ffdhe_private0 = 508, // draft-ietf-tls-negotiated-ff-dhe-07 GROUP_ffdhe_private1 = 509, // draft-ietf-tls-negotiated-ff-dhe-07 GROUP_ffdhe_private2 = 510, // draft-ietf-tls-negotiated-ff-dhe-07 GROUP_ffdhe_private3 = 511, // draft-ietf-tls-negotiated-ff-dhe-07
4644fc2014-10-13Martin Nilsson  GROUP_arbitrary_explicit_prime_curves = 0xFF01, GROUP_arbitrary_explicit_char2_curves = 0xFF02,
bff45d2013-12-29Henrik Grubbström (Grubba) }
4644fc2014-10-13Martin Nilsson //! Lookup for Pike ECC name to @[NamedGroup].
beb7ad2014-03-08Henrik Grubbström (Grubba) constant ECC_NAME_TO_CURVE = ([
4644fc2014-10-13Martin Nilsson  "SECP_192R1": GROUP_secp192r1, "SECP_224R1": GROUP_secp224r1, "SECP_256R1": GROUP_secp256r1, "SECP_384R1": GROUP_secp384r1, "SECP_521R1": GROUP_secp521r1,
beb7ad2014-03-08Henrik Grubbström (Grubba) ]);
797b112014-11-27Martin Nilsson /* ECC point formats from RFC 4492 5.1.2 (ECPointFormat). */
bff45d2013-12-29Henrik Grubbström (Grubba) enum PointFormat { POINT_uncompressed = 0, POINT_ansiX962_compressed_prime = 1, POINT_ansiX962_compressed_char2 = 2, }
749b032011-01-10Henrik Grubbström (Grubba) 
0dd4f82014-03-20Henrik Grubbström (Grubba) //! Fragment lengths for @[EXTENSION_max_fragment_length]. enum FragmentLength { FRAGMENT_512 = 1, FRAGMENT_1024 = 2, FRAGMENT_2048 = 3, FRAGMENT_4096 = 4, }
dc93732015-08-22Martin Nilsson //! Certificate format types as per @rfc{6091@} and @rfc{7250@}.
c24aab2014-07-01Henrik Grubbström (Grubba) enum CertificateType { CERTTYPE_x509 = 0, // RFC 6091 CERTTYPE_openpgp = 1, // RFC 6091 CERTTYPE_raw_public_key = 2, // RFC 7250 };
5312142013-10-21Martin Nilsson constant EXTENSION_server_name = 0; // RFC 6066 constant EXTENSION_max_fragment_length = 1; // RFC 6066 constant EXTENSION_client_certificate_url = 2; // RFC 6066 constant EXTENSION_trusted_ca_keys = 3; // RFC 6066 constant EXTENSION_truncated_hmac = 4; // RFC 6066 constant EXTENSION_status_request = 5; // RFC 6066
7e864b2014-01-08Henrik Grubbström (Grubba) constant EXTENSION_user_mapping = 6; // RFC 4681
5312142013-10-21Martin Nilsson constant EXTENSION_client_authz = 7; // RFC 5878 constant EXTENSION_server_authz = 8; // RFC 5878 constant EXTENSION_cert_type = 9; // RFC 6091 constant EXTENSION_elliptic_curves = 10; // RFC 4492 constant EXTENSION_ec_point_formats = 11; // RFC 4492 constant EXTENSION_srp = 12; // RFC 5054 constant EXTENSION_signature_algorithms = 13; // RFC 5246 constant EXTENSION_use_srtp = 14; // RFC 5764 constant EXTENSION_heartbeat = 15; // RFC 6520
4152802014-08-16Henrik Grubbström (Grubba) constant EXTENSION_application_layer_protocol_negotiation = 16; // RFC 7301
5f89602015-10-26Henrik Grubbström (Grubba) constant EXTENSION_status_request_v2 = 17; // RFC 6961
5312142013-10-21Martin Nilsson constant EXTENSION_signed_certificate_timestamp = 18; // RFC 6962
5f89602015-10-26Henrik Grubbström (Grubba) constant EXTENSION_client_certificate_type = 19; // RFC 7250 (Only in registry!) constant EXTENSION_server_certificate_type = 20; // RFC 7250 (Only in registry!)
c6d3d32015-10-25Henrik Grubbström (Grubba) constant EXTENSION_padding = 21; // RFC 7685 constant EXTENSION_encrypt_then_mac = 22; // RFC 7366 constant EXTENSION_extended_master_secret = 23; // RFC 7627
7e864b2014-01-08Henrik Grubbström (Grubba) constant EXTENSION_session_ticket_tls = 35; // RFC 4507 / RFC 5077
2eb9d72014-04-10Martin Nilsson constant EXTENSION_extended_random = 40; // draft-rescorla-tls-extended-random
f72a412015-01-05Henrik Grubbström (Grubba) constant EXTENSION_early_data = 128; // TBD TLS 1.3 draft
27e1172012-04-07Arne Goedeke constant EXTENSION_next_protocol_negotiation = 13172; // draft-agl-tls-nextprotoneg
2eb9d72014-04-10Martin Nilsson constant EXTENSION_origin_bound_certificates = 13175; constant EXTENSION_encrypted_client_certificates= 13180; constant EXTENSION_channel_id = 30031; constant EXTENSION_channel_id_new = 30032; constant EXTENSION_old_padding = 35655;
7e864b2014-01-08Henrik Grubbström (Grubba) constant EXTENSION_renegotiation_info = 0xff01; // RFC 5746
bff45d2013-12-29Henrik Grubbström (Grubba)  constant ECC_CURVES = ([ #if constant(Crypto.ECC.Curve)
4644fc2014-10-13Martin Nilsson  GROUP_secp192r1: Crypto.ECC.SECP_192R1, GROUP_secp224r1: Crypto.ECC.SECP_224R1, GROUP_secp256r1: Crypto.ECC.SECP_256R1, GROUP_secp384r1: Crypto.ECC.SECP_384R1, GROUP_secp521r1: Crypto.ECC.SECP_521R1,
bff45d2013-12-29Henrik Grubbström (Grubba) #endif ]);
06a5882014-03-08Henrik Grubbström (Grubba) 
6a27ea2014-12-14Henrik Grubbström (Grubba) constant FFDHE_GROUPS = ([
3462422015-03-05Henrik Grubbström (Grubba)  GROUP_ffdhe2048: Crypto.DH.FFDHE2048,
6a27ea2014-12-14Henrik Grubbström (Grubba)  GROUP_ffdhe3072: Crypto.DH.FFDHE3072, GROUP_ffdhe4096: Crypto.DH.FFDHE4096,
a04d0e2015-03-04Martin Nilsson  GROUP_ffdhe6144: Crypto.DH.FFDHE6144,
6a27ea2014-12-14Henrik Grubbström (Grubba)  GROUP_ffdhe8192: Crypto.DH.FFDHE8192, ]);
882b162014-12-16Henrik Grubbström (Grubba) // These groups have equivalent strength to the FFDHE groups // above, but don't have codepoints of their own. As they are // popular groups to use for DHE, we also allow them. constant MODP_GROUPS = ([ GROUP_ffdhe3072: Crypto.DH.MODPGroup15, GROUP_ffdhe4096: Crypto.DH.MODPGroup16,
ea68ec2015-03-05Martin Nilsson  GROUP_ffdhe6144: Crypto.DH.MODPGroup17,
882b162014-12-16Henrik Grubbström (Grubba)  GROUP_ffdhe8192: Crypto.DH.MODPGroup18, ]);
4b28272014-03-30Henrik Grubbström (Grubba) enum HeartBeatModeType { HEARTBEAT_MODE_disabled = 0, HEARTBEAT_MODE_peer_allowed_to_send = 1, HEARTBEAT_MODE_peer_not_allowed_to_send = 1, }; enum HeartBeatMessageType { HEARTBEAT_MESSAGE_request = 1, HEARTBEAT_MESSAGE_response = 2, };
9dd0182015-07-09Henrik Grubbström (Grubba) enum ALPNProtocol { ALPN_http_1_1 = "http/1.1", // RFC 7301 ALPN_spdy_1 = "spdy/1", // RFC 7301 ALPN_spdy_2 = "spdy/2", // RFC 7301 ALPN_spdy_3 = "spdy/3", // RFC 7301 ALPN_turn = "stun.turn", // RFC 7443 ALPN_stun = "stun.nat-discovery", // RFC 7443 ALPN_http_2 = "h2", // RFC 7540 ALPN_http_2_reserved = "h2c", // RFC 7540 };
06a5882014-03-08Henrik Grubbström (Grubba) protected mapping(string(8bit):array(HashAlgorithm|SignatureAlgorithm)) pkcs_der_to_sign_alg = ([ // RSA Standards.PKCS.Identifiers.rsa_md5_id->get_der(): ({ HASH_md5, SIGNATURE_rsa }), Standards.PKCS.Identifiers.rsa_sha1_id->get_der(): ({ HASH_sha, SIGNATURE_rsa }), Standards.PKCS.Identifiers.rsa_sha256_id->get_der(): ({ HASH_sha256, SIGNATURE_rsa }), Standards.PKCS.Identifiers.rsa_sha384_id->get_der(): ({ HASH_sha384, SIGNATURE_rsa }), Standards.PKCS.Identifiers.rsa_sha512_id->get_der(): ({ HASH_sha512, SIGNATURE_rsa }), // DSA Standards.PKCS.Identifiers.dsa_sha_id->get_der(): ({ HASH_sha, SIGNATURE_dsa }), Standards.PKCS.Identifiers.dsa_sha224_id->get_der(): ({ HASH_sha224, SIGNATURE_dsa }), Standards.PKCS.Identifiers.dsa_sha256_id->get_der(): ({ HASH_sha256, SIGNATURE_dsa }), // ECDSA Standards.PKCS.Identifiers.ecdsa_sha1_id->get_der(): ({ HASH_sha, SIGNATURE_ecdsa }), Standards.PKCS.Identifiers.ecdsa_sha224_id->get_der(): ({ HASH_sha224, SIGNATURE_ecdsa }), Standards.PKCS.Identifiers.ecdsa_sha256_id->get_der(): ({ HASH_sha256, SIGNATURE_ecdsa }), Standards.PKCS.Identifiers.ecdsa_sha384_id->get_der(): ({ HASH_sha384, SIGNATURE_ecdsa }), Standards.PKCS.Identifiers.ecdsa_sha512_id->get_der(): ({ HASH_sha512, SIGNATURE_ecdsa }), ]); //! A chain of X509 certificates with corresponding private key. //! //! It also contains some derived metadata. class CertificatePair {
9e18402014-04-05Henrik Grubbström (Grubba)  //! Cerificate type for the leaf cert. //! //! One of the @[AUTH_*] constants. int cert_type;
06a5882014-03-08Henrik Grubbström (Grubba)  //! Private key.
6222d22014-08-14Henrik Grubbström (Grubba)  Crypto.Sign.State key;
06a5882014-03-08Henrik Grubbström (Grubba)  //! Chain of certificates, root cert last. array(string(8bit)) certs; //! Array of DER for the issuers matching @[certs]. array(string(8bit)) issuers; //! Array of commonName globs from the first certificate in @[certs]. array(string(8bit)) globs; //! TLS 1.2-style hash and signature pairs matching the @[certs]. array(array(HashAlgorithm|SignatureAlgorithm)) sign_algs;
d77a6e2014-03-14Henrik Grubbström (Grubba)  //! Bitmask of the key exchange algorithms supported by the main certificate. //! This is used for TLS 1.1 and earlier. //! @seealso //! @[ke_mask_invariant] int(0..) ke_mask; //! Bitmask of the key exchange algorithms supported by the main certificate. //! This is the same as @[ke_mask], but unified with respect to //! @[KE_dh_dss]/@[KE_dh_rsa] and @[KE_ecdh_ecdsa]/@[KE_ecdh_rsa], //! as supported by TLS 1.2 and later. int(0..) ke_mask_invariant;
f1f46f2014-07-15Martin Nilsson  // Returns the comparable strength of the leaf certificate in bits. protected int bit_strength(int bits, int sign) { // Adjust the bits to be comparable for the different algorithms. switch(sign) { case SIGNATURE_rsa: // The normative size. break; case SIGNATURE_dsa: // The consensus seems to be that DSA keys are about // the same strength as the corresponding RSA length. break; case SIGNATURE_ecdsa: // ECDSA size: NIST says: Our approximation: // 160 bits ~1024 bits RSA 960 bits RSA // 224 bits ~2048 bits RSA 2240 bits RSA // 256 bits ~4096 bits RSA 3072 bits RSA // 384 bits ~7680 bits RSA 7680 bits RSA // 521 bits ~15360 bits RSA 14881 bits RSA bits = (bits * (bits - 64))>>4; if (bits < 0) bits = 128; break; } return bits; } // Comparison operator that sorts the CertificatePairs according to // their relative strength. protected int(0..1) `<(mixed o) { if(!objectp(o)) return this < o; if( !o->key || !o->sign_algs ) return this < o; int s = sign_algs[0][1], os = o->sign_algs[0][1]; // FIXME: Let hash bits influence strength. The signature bits // doesn't overshadow hash completely. // FIXME: We only look at leaf certificate. We could look at // weakest link in the chain. // These tests are reversed to reverse-sort the certificates // (Strongest first). int bs = bit_strength(key->key_size(), s); int obs = bit_strength(o->key->key_size(), os); if( bs < obs ) return 0; if( bs > obs ) return 1; int h = sign_algs[0][0], oh = o->sign_algs[0][0]; if( h < oh ) return 0; if( h > oh ) return 1; if( s < os ) return 0; return 1; } // Set the globs array based on certificate common name and subject // alternative name extension.
2d9ada2014-07-15Martin Nilsson  protected void set_globs(Standards.X509.TBSCertificate tbs, array(string(8bit))|void extra) { globs = Standards.PKCS.Certificate. decode_distinguished_name(tbs->subject)->commonName - ({ 0 }); if( tbs->ext_subjectAltName_dNSName ) globs += tbs->ext_subjectAltName_dNSName; if (extra) globs += extra; if (!sizeof(globs)) error("No common name.\n"); globs = Array.uniq( map(globs, lower_case) ); }
06a5882014-03-08Henrik Grubbström (Grubba)  //! Initializa a new @[CertificatePair]. //! //! @param key //! Private key. //! //! @param certs //! Chain of certificates, root cert last. //! //! @param extra_globs //! The set of @[globs] from the first certificate //! is optionally extended with these. //! //! @note //! Performs various validation checks.
6222d22014-08-14Henrik Grubbström (Grubba)  protected void create(Crypto.Sign.State key, array(string(8bit)) certs,
06a5882014-03-08Henrik Grubbström (Grubba)  array(string(8bit))|void extra_name_globs) { if (!sizeof(certs)) { error("Empty list of certificates.\n"); } array(Standards.X509.TBSCertificate) tbss = map(certs, Standards.X509.decode_certificate); if (has_value(tbss, 0)) error("Invalid cert\n"); // Validate that the key matches the cert.
2b1ba62014-09-04Martin Nilsson  if (!key || !key->public_key_equal(tbss[0]->public_key->pkc)) {
9489422015-05-20Per Hedbor  if(sizeof(tbss) > 1 && key && key->public_key_equal(tbss[-1]->public_key->pkc)) { tbss = reverse(tbss); certs = reverse(certs); } else error("Private key doesn't match certificate.\n");
06a5882014-03-08Henrik Grubbström (Grubba)  }
8e06a32014-09-30Martin Nilsson  this::key = key; this::certs = certs;
06a5882014-03-08Henrik Grubbström (Grubba)  issuers = tbss->issuer->get_der(); sign_algs = map(map(tbss->algorithm, `[], 0)->get_der(), pkcs_der_to_sign_alg); if (has_value(sign_algs, 0)) error("Unknown signature algorithm.\n");
9e18402014-04-05Henrik Grubbström (Grubba)  // FIXME: This probably needs to look at the leaf cert extensions!
8e06a32014-09-30Martin Nilsson  this::cert_type = ([
9e18402014-04-05Henrik Grubbström (Grubba)  SIGNATURE_rsa: AUTH_rsa_sign, SIGNATURE_dsa: AUTH_dss_sign, SIGNATURE_ecdsa: AUTH_ecdsa_sign, ])[sign_algs[0][1]];
2d9ada2014-07-15Martin Nilsson  set_globs(tbss[0], extra_name_globs);
d77a6e2014-03-14Henrik Grubbström (Grubba)  // FIXME: Ought to check certificate extensions. // cf RFC 5246 7.4.2. ke_mask = 0; ke_mask_invariant = 0; switch(sign_algs[0][1]) { case SIGNATURE_rsa:
70997d2015-03-04Henrik Grubbström (Grubba)  foreach(({ KE_rsa, KE_rsa_fips, KE_dhe_rsa, KE_ecdhe_rsa, KE_rsa_psk, KE_rsa_export, }),
55ce992014-04-17Henrik Grubbström (Grubba)  KeyExchangeType ke) {
d77a6e2014-03-14Henrik Grubbström (Grubba)  ke_mask |= 1<<ke; } ke_mask_invariant = ke_mask; break; case SIGNATURE_dsa: ke_mask |= 1<<KE_dhe_dss; if ((sizeof(sign_algs) == 1) || (sign_algs[1][1] == SIGNATURE_dsa)) { // RFC 4346 7.4.2: DH_DSS // Diffie-Hellman key. The algorithm used // to sign the certificate MUST be DSS. ke_mask |= 1<<KE_dh_dss; } else if (sign_algs[1][1] == SIGNATURE_rsa) { // RFC 4346 7.4.2: DH_RSA // Diffie-Hellman key. The algorithm used // to sign the certificate MUST be RSA. ke_mask |= 1<<KE_dh_rsa; } ke_mask_invariant = ke_mask | ((1<<KE_dh_dss) | (1<<KE_dh_rsa)); break; case SIGNATURE_ecdsa: ke_mask |= 1<<KE_ecdhe_ecdsa; if ((sizeof(sign_algs) == 1) || (sign_algs[1][1] == SIGNATURE_ecdsa)) { // RFC 4492 2.1: ECDH_ECDSA // In ECDH_ECDSA, the server's certificate MUST contain // an ECDH-capable public key and be signed with ECDSA. ke_mask |= 1<<KE_ecdh_ecdsa; } else if (sign_algs[1][1] == SIGNATURE_rsa) { // RFC 4492 2.3: ECDH_RSA // This key exchange algorithm is the same as ECDH_ECDSA // except that the server's certificate MUST be signed // with RSA rather than ECDSA. ke_mask |= 1<<KE_ecdh_rsa; } ke_mask_invariant = ke_mask | ((1<<KE_ecdh_ecdsa) | (1<<KE_ecdh_rsa)); break; } if (!ke_mask) error("Certificate not useful for TLS!\n");
06a5882014-03-08Henrik Grubbström (Grubba)  }
e3b7d52014-03-10Henrik Grubbström (Grubba)  protected string _sprintf(int c) {
f1f46f2014-07-15Martin Nilsson  string k = sprintf("%O", key); sscanf(k, "Crypto.%s", k); string h = fmt_constant(sign_algs[0][0], "HASH"); sscanf(h, "HASH_%s", h);
cece572014-07-15Martin Nilsson  return sprintf("CertificatePair(%s, %s, ({%{%O, %}}))", k, h, globs);
e3b7d52014-03-10Henrik Grubbström (Grubba)  }
06a5882014-03-08Henrik Grubbström (Grubba) }