X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=ssl%2Ftls1.h;h=be15445384122f7a3ddfdf2455c28274a52ce4f3;hb=5abe32d8611b26630305731f7dd4ea564264719e;hp=a931efa936a0e5f642b29b7b15ae12ce3cb15151;hpb=ca570cfdbcaf35ba7e2554fd18eda8cfab2176e4;p=oweals%2Fopenssl.git

diff --git a/ssl/tls1.h b/ssl/tls1.h
index a931efa936..be15445384 100644
--- a/ssl/tls1.h
+++ b/ssl/tls1.h
@@ -55,6 +55,19 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by 
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+ *
+ * The Contribution is licensed pursuant to the OpenSSL open source
+ * license provided above.
+ *
+ * ECC cipher suite support in OpenSSL originally written by
+ * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
+ *
+ */
 
 #ifndef HEADER_TLS1_H 
 #define HEADER_TLS1_H 
@@ -65,7 +78,7 @@
 extern "C" {
 #endif
 
-#define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES	0
+#define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES	1
 
 #define TLS1_VERSION			0x0301
 #define TLS1_VERSION_MAJOR		0x03
@@ -77,13 +90,17 @@ extern "C" {
 #define TLS1_AD_ACCESS_DENIED		49	/* fatal */
 #define TLS1_AD_DECODE_ERROR		50	/* fatal */
 #define TLS1_AD_DECRYPT_ERROR		51
-#define TLS1_AD_EXPORT_RESTRICION	60	/* fatal */
+#define TLS1_AD_EXPORT_RESTRICTION	60	/* fatal */
 #define TLS1_AD_PROTOCOL_VERSION	70	/* fatal */
 #define TLS1_AD_INSUFFICIENT_SECURITY	71	/* fatal */
 #define TLS1_AD_INTERNAL_ERROR		80	/* fatal */
-#define TLS1_AD_USER_CANCLED		90
+#define TLS1_AD_USER_CANCELLED		90
 #define TLS1_AD_NO_RENEGOTIATION	100
 
+/* Additional TLS ciphersuites from draft-ietf-tls-56-bit-ciphersuites-00.txt
+ * (available if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see
+ * s3_lib.c).  We actually treat them like SSL 3.0 ciphers, which we probably
+ * shouldn't. */
 #define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5		0x03000060
 #define TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5	0x03000061
 #define TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA		0x03000062
@@ -92,6 +109,75 @@ extern "C" {
 #define TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA	0x03000065
 #define TLS1_CK_DHE_DSS_WITH_RC4_128_SHA		0x03000066
 
+/* AES ciphersuites from RFC3268 */
+
+#define TLS1_CK_RSA_WITH_AES_128_SHA			0x0300002F
+#define TLS1_CK_DH_DSS_WITH_AES_128_SHA			0x03000030
+#define TLS1_CK_DH_RSA_WITH_AES_128_SHA			0x03000031
+#define TLS1_CK_DHE_DSS_WITH_AES_128_SHA		0x03000032
+#define TLS1_CK_DHE_RSA_WITH_AES_128_SHA		0x03000033
+#define TLS1_CK_ADH_WITH_AES_128_SHA			0x03000034
+
+#define TLS1_CK_RSA_WITH_AES_256_SHA			0x03000035
+#define TLS1_CK_DH_DSS_WITH_AES_256_SHA			0x03000036
+#define TLS1_CK_DH_RSA_WITH_AES_256_SHA			0x03000037
+#define TLS1_CK_DHE_DSS_WITH_AES_256_SHA		0x03000038
+#define TLS1_CK_DHE_RSA_WITH_AES_256_SHA		0x03000039
+#define TLS1_CK_ADH_WITH_AES_256_SHA			0x0300003A
+
+/* ECC ciphersuites from draft-ietf-tls-ecc-01.txt (Mar 15, 2001).
+ * XXX NOTE: There is a bug in the draft, cipher numbers 4B, and 4C
+ * are defined twice so we define ECDH_ECDSA_EXPORT cipher
+ * suites to use 5B and 5C instead (this may change with future
+ * updates to the IETF draft).
+ */
+/* draft-ietf-tls-ecc-03.txt (June 2003) gives a changed list of
+ * ciphersuites, but does not define numbers for all of them
+ * because of possible conflicts with other Internet Drafts;
+ * most numbers are still subject to change. */
+#define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA                0x03000047
+#define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA             0x03000048
+#define TLS1_CK_ECDH_ECDSA_WITH_DES_CBC_SHA             0x03000049
+#define TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA        0x0300004A
+#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA         0x0300004B
+#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA         0x0300004C
+#define TLS1_CK_ECDH_ECDSA_EXPORT_WITH_RC4_40_SHA       0x0300005B
+#define TLS1_CK_ECDH_ECDSA_EXPORT_WITH_RC4_56_SHA       0x0300005C
+
+#define TLS1_CK_ECDH_RSA_WITH_NULL_SHA                  0x0300004D
+#define TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA               0x0300004E
+#define TLS1_CK_ECDH_RSA_WITH_DES_CBC_SHA               0x0300004F
+#define TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA          0x03000050
+#define TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA           0x03000051
+#define TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA           0x03000052
+#define TLS1_CK_ECDH_RSA_EXPORT_WITH_RC4_40_SHA         0x03000053
+#define TLS1_CK_ECDH_RSA_EXPORT_WITH_RC4_56_SHA         0x03000054
+
+#define TLS1_CK_ECDH_anon_WITH_NULL_SHA                 0x03000055
+#define TLS1_CK_ECDH_anon_WITH_RC4_128_SHA              0x03000056
+#define TLS1_CK_ECDH_anon_WITH_DES_CBC_SHA              0x03000057
+#define TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA         0x03000058
+#define TLS1_CK_ECDH_anon_EXPORT_WITH_DES_40_CBC_SHA    0x03000059
+#define TLS1_CK_ECDH_anon_EXPORT_WITH_RC4_40_SHA        0x0300005A
+
+/* XXX: ECC ciphersuites offering forward secrecy are not yet specified
+ * in the ECC/TLS draft but our code allows them to be implemented
+ * very easily. To add such a cipher suite, one needs to add two constant
+ * definitions to this file and a new structure in s3_lib.c. We illustrate
+ * the process for the made-up ciphers ECDHE-ECDSA-AES128-SHA and
+ * ECDHE-RSA-AES128-SHA.
+ */
+#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA        0x03000077
+#define TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA          0x03000078
+
+
+/* XXX
+ * Inconsistency alert:
+ * The OpenSSL names of ciphers with ephemeral DH here include the string
+ * "DHE", while elsewhere it has always been "EDH".
+ * (The alias for the list of all such ciphers also is "EDH".)
+ * The specifications speak of "EDH"; maybe we should allow both forms
+ * for everything. */
 #define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5		"EXP1024-RC4-MD5"
 #define TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5	"EXP1024-RC2-CBC-MD5"
 #define TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA	"EXP1024-DES-CBC-SHA"
@@ -100,12 +186,62 @@ extern "C" {
 #define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA	"EXP1024-DHE-DSS-RC4-SHA"
 #define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA		"DHE-DSS-RC4-SHA"
 
+/* AES ciphersuites from RFC3268 */
+#define TLS1_TXT_RSA_WITH_AES_128_SHA			"AES128-SHA"
+#define TLS1_TXT_DH_DSS_WITH_AES_128_SHA		"DH-DSS-AES128-SHA"
+#define TLS1_TXT_DH_RSA_WITH_AES_128_SHA		"DH-RSA-AES128-SHA"
+#define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA		"DHE-DSS-AES128-SHA"
+#define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA		"DHE-RSA-AES128-SHA"
+#define TLS1_TXT_ADH_WITH_AES_128_SHA			"ADH-AES128-SHA"
+
+#define TLS1_TXT_RSA_WITH_AES_256_SHA			"AES256-SHA"
+#define TLS1_TXT_DH_DSS_WITH_AES_256_SHA		"DH-DSS-AES256-SHA"
+#define TLS1_TXT_DH_RSA_WITH_AES_256_SHA		"DH-RSA-AES256-SHA"
+#define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA		"DHE-DSS-AES256-SHA"
+#define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA		"DHE-RSA-AES256-SHA"
+#define TLS1_TXT_ADH_WITH_AES_256_SHA			"ADH-AES256-SHA"
+
+/* ECC ciphersuites from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) */
+#define TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA               "ECDH-ECDSA-NULL-SHA"
+#define TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA            "ECDH-ECDSA-RC4-SHA"
+#define TLS1_TXT_ECDH_ECDSA_WITH_DES_CBC_SHA            "ECDH-ECDSA-DES-CBC-SHA"
+#define TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA       "ECDH-ECDSA-DES-CBC3-SHA"
+#define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA        "ECDH-ECDSA-AES128-SHA"
+#define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA        "ECDH-ECDSA-AES256-SHA"
+#define TLS1_TXT_ECDH_ECDSA_EXPORT_WITH_RC4_40_SHA      "EXP-ECDH-ECDSA-RC4-40-SHA"
+#define TLS1_TXT_ECDH_ECDSA_EXPORT_WITH_RC4_56_SHA      "EXP-ECDH-ECDSA-RC4-56-SHA"
+
+#define TLS1_TXT_ECDH_RSA_WITH_NULL_SHA                 "ECDH-RSA-NULL-SHA"
+#define TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA              "ECDH-RSA-RC4-SHA"
+#define TLS1_TXT_ECDH_RSA_WITH_DES_CBC_SHA              "ECDH-RSA-DES-CBC-SHA"
+#define TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA         "ECDH-RSA-DES-CBC3-SHA"
+#define TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA          "ECDH-RSA-AES128-SHA"
+#define TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA          "ECDH-RSA-AES256-SHA"
+#define TLS1_TXT_ECDH_RSA_EXPORT_WITH_RC4_40_SHA        "EXP-ECDH-RSA-RC4-40-SHA"
+#define TLS1_TXT_ECDH_RSA_EXPORT_WITH_RC4_56_SHA        "EXP-ECDH-RSA-RC4-56-SHA"
+
+#define TLS1_TXT_ECDH_anon_WITH_NULL_SHA                "AECDH-NULL-SHA"
+#define TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA             "AECDH-RC4-SHA"
+#define TLS1_TXT_ECDH_anon_WITH_DES_CBC_SHA             "AECDH-DES-CBC-SHA"
+#define TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA        "AECDH-DES-CBC3-SHA"
+#define TLS1_TXT_ECDH_anon_EXPORT_WITH_DES_40_CBC_SHA   "EXP-AECDH-DES-40-CBC-SHA"
+#define TLS1_TXT_ECDH_anon_EXPORT_WITH_RC4_40_SHA       "EXP-AECDH-RC4-40-SHA"
+
+/* XXX: Made-up ECC cipher suites offering forward secrecy. This is for 
+ * illustration only. 
+ */
+#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA       "ECDHE-ECDSA-AES128-SHA"
+#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA         "ECDHE-RSA-AES128-SHA"
+
 
 #define TLS_CT_RSA_SIGN			1
 #define TLS_CT_DSS_SIGN			2
 #define TLS_CT_RSA_FIXED_DH		3
 #define TLS_CT_DSS_FIXED_DH		4
-#define TLS_CT_NUMBER			4
+#define TLS_CT_ECDSA_SIGN		5
+#define TLS_CT_RSA_FIXED_ECDH		6
+#define TLS_CT_ECDSA_FIXED_ECDH 	7
+#define TLS_CT_NUMBER			7
 
 #define TLS1_FINISH_MAC_LENGTH		12
 
@@ -151,3 +287,5 @@ extern "C" {
 #endif
 #endif
 
+
+