mirror of
https://github.com/zeek/zeek.git
synced 2025-10-10 02:28:21 +00:00
367 lines
15 KiB
C
367 lines
15 KiB
C
// $Id: SSLCiphers.h 1678 2005-11-08 19:16:37Z vern $
|
|
|
|
#ifndef SSL_CIPHERS_H
|
|
#define SSL_CIPHERS_H
|
|
|
|
#include "Dict.h"
|
|
|
|
// --- definitions for sslv3x cipher handling ---------------------------------
|
|
|
|
/*!
|
|
* In SSLv2, a cipher spec consists of three bytes.
|
|
*/
|
|
enum SSLv2_CipherSpec {
|
|
// --- standard SSLv2 ciphers
|
|
SSL_CK_RC4_128_WITH_MD5 = 0x010080,
|
|
SSL_CK_RC4_128_EXPORT40_WITH_MD5 = 0x020080,
|
|
SSL_CK_RC2_128_CBC_WITH_MD5 = 0x030080,
|
|
SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 = 0x040080,
|
|
SSL_CK_IDEA_128_CBC_WITH_MD5 = 0x050080,
|
|
SSL_CK_DES_64_CBC_WITH_MD5 = 0x060040,
|
|
SSL_CK_DES_192_EDE3_CBC_WITH_MD5 = 0x0700C0,
|
|
SSL_CK_RC4_64_WITH_MD5 = 0x080080
|
|
};
|
|
|
|
|
|
/*!
|
|
* In SSLv3x, a cipher spec consists of two bytes.
|
|
*/
|
|
enum SSL3_1_CipherSpec {
|
|
// --- standard SSLv3x ciphers
|
|
TLS_NULL_WITH_NULL_NULL = 0x0000,
|
|
TLS_RSA_WITH_NULL_MD5 = 0x0001,
|
|
TLS_RSA_WITH_NULL_SHA = 0x0002,
|
|
TLS_RSA_EXPORT_WITH_RC4_40_MD5 = 0x0003,
|
|
TLS_RSA_WITH_RC4_128_MD5 = 0x0004,
|
|
TLS_RSA_WITH_RC4_128_SHA = 0x0005,
|
|
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = 0x0006,
|
|
TLS_RSA_WITH_IDEA_CBC_SHA = 0x0007,
|
|
TLS_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0008,
|
|
TLS_RSA_WITH_DES_CBC_SHA = 0x0009,
|
|
TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x000A,
|
|
TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x000B,
|
|
TLS_DH_DSS_WITH_DES_CBC_SHA = 0x000C,
|
|
TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA = 0x000D,
|
|
TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x000E,
|
|
TLS_DH_RSA_WITH_DES_CBC_SHA = 0x000F,
|
|
TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA = 0x0010,
|
|
TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x0011,
|
|
TLS_DHE_DSS_WITH_DES_CBC_SHA = 0x0012,
|
|
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA = 0x0013,
|
|
TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0014,
|
|
TLS_DHE_RSA_WITH_DES_CBC_SHA = 0x0015,
|
|
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x0016,
|
|
TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 = 0x0017,
|
|
TLS_DH_anon_WITH_RC4_128_MD5 = 0x0018,
|
|
TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA = 0x0019,
|
|
TLS_DH_anon_WITH_DES_CBC_SHA = 0x001A,
|
|
TLS_DH_anon_WITH_3DES_EDE_CBC_SHA = 0x001B,
|
|
// --- special SSLv3 ciphers
|
|
SSL_FORTEZZA_KEA_WITH_NULL_SHA = 0x001C,
|
|
SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA = 0x001D,
|
|
//SSL_FORTEZZA_KEA_WITH_RC4_128_SHA = 0x001E,
|
|
// -- RFC 2712 (ciphers not fully described in SSLCiphers.cc)
|
|
TLS_KRB5_WITH_DES_CBC_SHA = 0x001E,
|
|
TLS_KRB5_WITH_3DES_EDE_CBC_SHA = 0x001F,
|
|
TLS_KRB5_WITH_RC4_128_SHA = 0x0020,
|
|
TLS_KRB5_WITH_IDEA_CBC_SHA = 0x0021,
|
|
TLS_KRB5_WITH_DES_CBC_MD5 = 0x0022,
|
|
TLS_KRB5_WITH_3DES_EDE_CBC_MD5 = 0x0023,
|
|
TLS_KRB5_WITH_RC4_128_MD5 = 0x0024,
|
|
TLS_KRB5_WITH_IDEA_CBC_MD5 = 0x0025,
|
|
TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA = 0x0026,
|
|
TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA = 0x0027,
|
|
TLS_KRB5_EXPORT_WITH_RC4_40_SHA = 0x0028,
|
|
TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 = 0x0029,
|
|
TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5 = 0x002A,
|
|
TLS_KRB5_EXPORT_WITH_RC4_40_MD5 = 0x002B,
|
|
|
|
// --- new AES ciphers
|
|
TLS_RSA_WITH_AES_128_CBC_SHA = 0x002F,
|
|
TLS_DH_DSS_WITH_AES_128_CBC_SHA = 0x0030,
|
|
TLS_DH_RSA_WITH_AES_128_CBC_SHA = 0x0031,
|
|
TLS_DHE_DSS_WITH_AES_128_CBC_SHA = 0x0032,
|
|
TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x0033,
|
|
TLS_DH_anon_WITH_AES_128_CBC_SHA = 0x0034,
|
|
TLS_RSA_WITH_AES_256_CBC_SHA = 0x0035,
|
|
TLS_DH_DSS_WITH_AES_256_CBC_SHA = 0x0036,
|
|
TLS_DH_RSA_WITH_AES_256_CBC_SHA = 0x0037,
|
|
TLS_DHE_DSS_WITH_AES_256_CBC_SHA = 0x0038,
|
|
TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x0039,
|
|
TLS_DH_anon_WITH_AES_256_CBC_SHA = 0x003A,
|
|
TLS_RSA_WITH_NULL_SHA256 = 0x003B,
|
|
TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x003C,
|
|
TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x003D,
|
|
TLS_DH_DSS_WITH_AES_128_CBC_SHA256 = 0x003E,
|
|
TLS_DH_RSA_WITH_AES_128_CBC_SHA256 = 0x003F,
|
|
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 = 0x0040,
|
|
// -- RFC 4132
|
|
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0041,
|
|
TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA = 0x0042,
|
|
TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0043,
|
|
TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA = 0x0044,
|
|
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0045,
|
|
TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA = 0x0046,
|
|
// -- Non-RFC. Widely deployed implementation (ciphers not fully described in SSLCiphers.cc)
|
|
TLS_RSA_EXPORT1024_WITH_RC4_56_MD5 = 0x0060,
|
|
TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 = 0x0061,
|
|
TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA = 0x0062,
|
|
TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA = 0x0063,
|
|
TLS_RSA_EXPORT1024_WITH_RC4_56_SHA = 0x0064,
|
|
TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA = 0x0065,
|
|
TLS_DHE_DSS_WITH_RC4_128_SHA = 0x0066,
|
|
// -- RFC 5246 (ciphers not fully described in SSLCiphers.cc)
|
|
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x0067,
|
|
TLS_DH_DSS_WITH_AES_256_CBC_SHA256 = 0x0068,
|
|
TLS_DH_RSA_WITH_AES_256_CBC_SHA256 = 0x0069,
|
|
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 = 0x006A,
|
|
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x006B,
|
|
TLS_DH_anon_WITH_AES_128_CBC_SHA256 = 0x006C,
|
|
TLS_DH_anon_WITH_AES_256_CBC_SHA256 = 0x006D,
|
|
// -- RFC 5932
|
|
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0084,
|
|
TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA = 0x0085,
|
|
TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0086,
|
|
TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA = 0x0087,
|
|
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0088,
|
|
TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA = 0x0089,
|
|
// -- RFC 4279 (ciphers not fully described in SSLCiphers.cc)
|
|
TLS_PSK_WITH_RC4_128_SHA = 0x008A,
|
|
TLS_PSK_WITH_3DES_EDE_CBC_SHA = 0x008B,
|
|
TLS_PSK_WITH_AES_128_CBC_SHA = 0x008C,
|
|
TLS_PSK_WITH_AES_256_CBC_SHA = 0x008D,
|
|
TLS_DHE_PSK_WITH_RC4_128_SHA = 0x008E,
|
|
TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA = 0x008F,
|
|
TLS_DHE_PSK_WITH_AES_128_CBC_SHA = 0x0090,
|
|
TLS_DHE_PSK_WITH_AES_256_CBC_SHA = 0x0091,
|
|
TLS_RSA_PSK_WITH_RC4_128_SHA = 0x0092,
|
|
TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA = 0x0093,
|
|
TLS_RSA_PSK_WITH_AES_128_CBC_SHA = 0x0094,
|
|
TLS_RSA_PSK_WITH_AES_256_CBC_SHA = 0x0095,
|
|
// -- RFC 4162
|
|
TLS_RSA_WITH_SEED_CBC_SHA = 0x0096,
|
|
TLS_DH_DSS_WITH_SEED_CBC_SHA = 0x0097,
|
|
TLS_DH_RSA_WITH_SEED_CBC_SHA = 0x0098,
|
|
TLS_DHE_DSS_WITH_SEED_CBC_SHA = 0x0099,
|
|
TLS_DHE_RSA_WITH_SEED_CBC_SHA = 0x009A,
|
|
TLS_DH_anon_WITH_SEED_CBC_SHA = 0x009B,
|
|
// -- RFC 5288 (ciphers not fully described in SSLCiphers.cc)
|
|
TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x009C,
|
|
TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x009D,
|
|
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x009E,
|
|
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x009F,
|
|
TLS_DH_RSA_WITH_AES_128_GCM_SHA256 = 0x00A0,
|
|
TLS_DH_RSA_WITH_AES_256_GCM_SHA384 = 0x00A1,
|
|
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 = 0x00A2,
|
|
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 = 0x00A3,
|
|
TLS_DH_DSS_WITH_AES_128_GCM_SHA256 = 0x00A4,
|
|
TLS_DH_DSS_WITH_AES_256_GCM_SHA384 = 0x00A5,
|
|
TLS_DH_anon_WITH_AES_128_GCM_SHA256 = 0x00A6,
|
|
TLS_DH_anon_WITH_AES_256_GCM_SHA384 = 0x00A7,
|
|
// -- RFC 5487 (ciphers not fully described in SSLCiphers.cc)
|
|
TLS_PSK_WITH_AES_128_GCM_SHA256 = 0x00A8,
|
|
TLS_PSK_WITH_AES_256_GCM_SHA384 = 0x00A9,
|
|
TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 = 0x00AA,
|
|
TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 = 0x00AB,
|
|
TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 = 0x00AC,
|
|
TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 = 0x00AD,
|
|
TLS_PSK_WITH_AES_128_CBC_SHA256 = 0x00AE,
|
|
TLS_PSK_WITH_AES_256_CBC_SHA384 = 0x00AF,
|
|
TLS_PSK_WITH_NULL_SHA256 = 0x00B0,
|
|
TLS_PSK_WITH_NULL_SHA384 = 0x00B1,
|
|
TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 = 0x00B2,
|
|
TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 = 0x00B3,
|
|
TLS_DHE_PSK_WITH_NULL_SHA256 = 0x00B4,
|
|
TLS_DHE_PSK_WITH_NULL_SHA384 = 0x00B5,
|
|
TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 = 0x00B6,
|
|
TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 = 0x00B7,
|
|
TLS_RSA_PSK_WITH_NULL_SHA256 = 0x00B8,
|
|
TLS_RSA_PSK_WITH_NULL_SHA384 = 0x00B9,
|
|
// -- RFC 5932 (ciphers not fully described in SSLCiphers.cc)
|
|
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BA,
|
|
TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BB,
|
|
TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BC,
|
|
TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BD,
|
|
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BE,
|
|
TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BF,
|
|
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C0,
|
|
TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C1,
|
|
TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C2,
|
|
TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C3,
|
|
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C4,
|
|
TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C5,
|
|
// -- RFC 4492
|
|
TLS_ECDH_ECDSA_WITH_NULL_SHA = 0xC001,
|
|
TLS_ECDH_ECDSA_WITH_RC4_128_SHA = 0xC002,
|
|
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = 0xC003,
|
|
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA = 0xC004,
|
|
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA = 0xC005,
|
|
TLS_ECDHE_ECDSA_WITH_NULL_SHA = 0xC006,
|
|
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = 0xC007,
|
|
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = 0xC008,
|
|
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 0xC009,
|
|
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0xC00A,
|
|
TLS_ECDH_RSA_WITH_NULL_SHA = 0xC00B,
|
|
TLS_ECDH_RSA_WITH_RC4_128_SHA = 0xC00C,
|
|
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA = 0xC00D,
|
|
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA = 0xC00E,
|
|
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA = 0xC00F,
|
|
TLS_ECDHE_RSA_WITH_NULL_SHA = 0xC010,
|
|
TLS_ECDHE_RSA_WITH_RC4_128_SHA = 0xC011,
|
|
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 0xC012,
|
|
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0xC013,
|
|
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0xC014,
|
|
TLS_ECDH_anon_WITH_NULL_SHA = 0xC015,
|
|
TLS_ECDH_anon_WITH_RC4_128_SHA = 0xC016,
|
|
TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA = 0xC017,
|
|
TLS_ECDH_anon_WITH_AES_128_CBC_SHA = 0xC018,
|
|
TLS_ECDH_anon_WITH_AES_256_CBC_SHA = 0xC019,
|
|
// -- RFC 5054 (ciphers not fully described in SSLCiphers.cc)
|
|
TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA = 0xC01A,
|
|
TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA = 0xC01B,
|
|
TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA = 0xC01C,
|
|
TLS_SRP_SHA_WITH_AES_128_CBC_SHA = 0xC01D,
|
|
TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA = 0xC01E,
|
|
TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA = 0xC01F,
|
|
TLS_SRP_SHA_WITH_AES_256_CBC_SHA = 0xC020,
|
|
TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA = 0xC021,
|
|
TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA = 0xC022,
|
|
// -- RFC 5289 (ciphers not fully described in SSLCiphers.cc)
|
|
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0xC023,
|
|
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 0xC024,
|
|
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 = 0xC025,
|
|
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 = 0xC026,
|
|
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0xC027,
|
|
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = 0xC028,
|
|
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 = 0xC029,
|
|
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 = 0xC02A,
|
|
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0xC02B,
|
|
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 0xC02C,
|
|
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 = 0xC02D,
|
|
TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 = 0xC02E,
|
|
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0xC02F,
|
|
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 0xC030,
|
|
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 = 0xC031,
|
|
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 = 0xC032,
|
|
// -- RFC 5489 (ciphers not fully described in SSLCiphers.cc)
|
|
TLS_ECDHE_PSK_WITH_RC4_128_SHA = 0xC033,
|
|
TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA = 0xC034,
|
|
TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA = 0xC035,
|
|
TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA = 0xC036,
|
|
TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 = 0xC037,
|
|
TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 = 0xC038,
|
|
TLS_ECDHE_PSK_WITH_NULL_SHA = 0xC039,
|
|
TLS_ECDHE_PSK_WITH_NULL_SHA256 = 0xC03A,
|
|
TLS_ECDHE_PSK_WITH_NULL_SHA384 = 0xC03B,
|
|
|
|
// --- special SSLv3 FIPS ciphers
|
|
SSL_RSA_FIPS_WITH_DES_CBC_SHA = 0xFEFE,
|
|
SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA = 0xFEFF,
|
|
SSL_RSA_FIPS_WITH_DES_CBC_SHA_2 = 0xFFE1,
|
|
SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA_2 = 0xFFE0,
|
|
|
|
// Tags for SSL 2 cipher kinds which are not specified for SSL 3.
|
|
SSL_RSA_WITH_RC2_CBC_MD5 = 0xFF80,
|
|
SSL_RSA_WITH_IDEA_CBC_MD5 = 0xFF81,
|
|
SSL_RSA_WITH_DES_CBC_MD5 = 0xFF82,
|
|
SSL_RSA_WITH_3DES_EDE_CBC_MD5 = 0xFF83,
|
|
|
|
TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0x00FF,
|
|
};
|
|
|
|
enum SSL_CipherType {
|
|
SSL_CIPHER_TYPE_STREAM,
|
|
SSL_CIPHER_TYPE_BLOCK,
|
|
SSL_CIPHER_TYPE_NULL
|
|
};
|
|
|
|
enum SSL_BulkCipherAlgorithm {
|
|
SSL_CIPHER_NULL,
|
|
SSL_CIPHER_RC4,
|
|
SSL_CIPHER_RC2,
|
|
SSL_CIPHER_DES,
|
|
SSL_CIPHER_3DES,
|
|
SSL_CIPHER_DES40,
|
|
SSL_CIPHER_FORTEZZA,
|
|
SSL_CIPHER_IDEA,
|
|
SSL_CIPHER_AES,
|
|
SSL_CIPHER_CAMELLIA,
|
|
SSL_CIPHER_SEED,
|
|
};
|
|
|
|
enum SSL_MACAlgorithm {
|
|
SSL_MAC_NULL,
|
|
SSL_MAC_MD5,
|
|
SSL_MAC_SHA
|
|
};
|
|
|
|
enum SSL_KeyExchangeAlgorithm {
|
|
SSL_KEY_EXCHANGE_NULL,
|
|
SSL_KEY_EXCHANGE_RSA,
|
|
SSL_KEY_EXCHANGE_RSA_EXPORT,
|
|
SSL_KEY_EXCHANGE_DH,
|
|
SSL_KEY_EXCHANGE_DH_DSS,
|
|
SSL_KEY_EXCHANGE_DH_DSS_EXPORT,
|
|
SSL_KEY_EXCHANGE_DH_RSA,
|
|
SSL_KEY_EXCHANGE_DH_RSA_EXPORT,
|
|
SSL_KEY_EXCHANGE_DHE_DSS,
|
|
SSL_KEY_EXCHANGE_DHE_DSS_EXPORT,
|
|
SSL_KEY_EXCHANGE_DHE_RSA,
|
|
SSL_KEY_EXCHANGE_DHE_RSA_EXPORT,
|
|
SSL_KEY_EXCHANGE_DH_anon,
|
|
SSL_KEY_EXCHANGE_DH_anon_EXPORT,
|
|
SSL_KEY_EXCHANGE_FORTEZZA_KEA,
|
|
// --- new 56 bit export ciphers
|
|
SSL_KEY_EXCHANGE_RSA_EXPORT1024,
|
|
SSL_KEY_EXCHANGE_DHE_DSS_EXPORT1024,
|
|
// -- Elliptic Curve key change algorithms (rfc4492)
|
|
SSL_KEY_EXCHANGE_ECDH_ECDSA,
|
|
SSL_KEY_EXCHANGE_ECDHE_ECDSA,
|
|
SSL_KEY_EXCHANGE_ECDH_RSA,
|
|
SSL_KEY_EXCHANGE_ECDHE_RSA,
|
|
SSL_KEY_EXCHANGE_ECDH_anon,
|
|
};
|
|
|
|
#if 0
|
|
struct SSL_CipherSpecImprove {
|
|
uint32 identifier;
|
|
|
|
// SSL_CipherType cipherType;
|
|
SSL_BulkCipherAlgorithm encryptionAlgorithm;
|
|
SSL_BulkCipherAlgorithm authenticationAlgorithm;
|
|
SSL_BulkCipherAlgorithm keyAlgorithm;
|
|
SSL_MACAlgorithm macAlgorithm;
|
|
|
|
int clearkeySize;
|
|
int encryptedkeySize;
|
|
uint32 flags; // IsExportable IsSSLv2 IsSSLv30 IsSSLv31
|
|
const char* fullName = "TLS_WITH_NULL_NULL";
|
|
|
|
};
|
|
#endif
|
|
|
|
struct SSL_CipherSpec {
|
|
uint32 identifier; ///< type code of the CIPHER-SPEC (2 or 3 Bytes)
|
|
|
|
SSL_CipherType cipherType;
|
|
uint32 flags;
|
|
SSL_BulkCipherAlgorithm bulkCipherAlgorithm;
|
|
SSL_MACAlgorithm macAlgorithm;
|
|
SSL_KeyExchangeAlgorithm keyExchangeAlgorithm;
|
|
|
|
int clearKeySize; ///< size in bits of plaintext part of master key
|
|
int encryptedKeySize; ///< size in bits of encrypted part of master key
|
|
int hashSize;
|
|
};
|
|
|
|
const uint32 SSL_FLAG_EXPORT = 0x0001; ///< set if exportable cipher
|
|
const uint32 SSL_FLAG_SSLv20 = 0x0002; ///< set if cipher defined for SSLv20
|
|
const uint32 SSL_FLAG_SSLv30 = 0x0004; ///< set if cipher defined for SSLv30
|
|
const uint32 SSL_FLAG_SSLv31 = 0x0008; ///< set if cipher defined for SSLv31
|
|
|
|
declare(PDict, SSL_CipherSpec);
|
|
extern PDict(SSL_CipherSpec) SSL_CipherSpecDict;
|
|
extern SSL_CipherSpec SSL_CipherSpecs[];
|
|
extern const uint SSL_CipherSpecs_Count;
|
|
|
|
#endif
|