diff options
author | Bodo Möller <bodo@openssl.org> | 2002-08-09 08:56:08 +0000 |
---|---|---|
committer | Bodo Möller <bodo@openssl.org> | 2002-08-09 08:56:08 +0000 |
commit | ea262260469e49149cb10b25a87dfd6ad3fbb4ba (patch) | |
tree | 7032110f80ba1888d7b3047cfbacd2d46e4fb67c /ssl/tls1.h | |
parent | 17f627931780f000b8dd47fe030c52cc0fa93ef5 (diff) | |
download | openssl-new-ea262260469e49149cb10b25a87dfd6ad3fbb4ba.tar.gz |
ECC ciphersuite support
Submitted by: Douglas Stebila <douglas.stebila@sun.com>
(Authors: Vipul Gupta and Sumit Gupta, Sun Microsystems Laboratories)
Diffstat (limited to 'ssl/tls1.h')
-rw-r--r-- | ssl/tls1.h | 107 |
1 files changed, 106 insertions, 1 deletions
diff --git a/ssl/tls1.h b/ssl/tls1.h index 38838ea9a5..4d7c9a17b2 100644 --- a/ssl/tls1.h +++ b/ssl/tls1.h @@ -55,6 +55,32 @@ * copied and put under another distribution licence * [including the GNU Public Licence.] */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * + * Portions of the attached software ("Contribution") are developed by + * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. + * + * The Contribution is licensed pursuant to the OpenSSL open source + * license provided above. + * + * In addition, Sun covenants to all licensees who provide a reciprocal + * covenant with respect to their own patents if any, not to sue under + * current and future patent claims necessarily infringed by the making, + * using, practicing, selling, offering for sale and/or otherwise + * disposing of the Contribution as delivered hereunder + * (or portions thereof), provided that such covenant shall not apply: + * 1) for code that a licensee deletes from the Contribution; + * 2) separates from the Contribution; or + * 3) for infringements caused by: + * i) the modification of the Contribution or + * ii) the combination of the Contribution with other software or + * devices where such combination causes the infringement. + * + * ECC cipher suite support in OpenSSL originally written by + * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories. + * + */ #ifndef HEADER_TLS1_H #define HEADER_TLS1_H @@ -112,6 +138,48 @@ extern "C" { #define TLS1_CK_DHE_RSA_WITH_AES_256_SHA 0x03000039 #define TLS1_CK_ADH_WITH_AES_256_SHA 0x0300003A +/* ECC ciphersuites from draft-ietf-tls-ecc-01.txt (Mar 15, 2001). + * XXX NOTE: There is a bug in the draft, cipher numbers 4B, and 4C + * are defined twice so we define ECDH_ECDSA_EXPORT cipher + * suites to use 5B and 5C instead (this may change with future + * updates to the IETF draft). + */ +#define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA 0x03000047 +#define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA 0x03000048 +#define TLS1_CK_ECDH_ECDSA_WITH_DES_CBC_SHA 0x03000049 +#define TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA 0x0300004A +#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0x0300004B +#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0x0300004C +#define TLS1_CK_ECDH_ECDSA_EXPORT_WITH_RC4_40_SHA 0x0300005B +#define TLS1_CK_ECDH_ECDSA_EXPORT_WITH_RC4_56_SHA 0x0300005C + +#define TLS1_CK_ECDH_RSA_WITH_NULL_SHA 0x0300004D +#define TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA 0x0300004E +#define TLS1_CK_ECDH_RSA_WITH_DES_CBC_SHA 0x0300004F +#define TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA 0x03000050 +#define TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA 0x03000051 +#define TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA 0x03000052 +#define TLS1_CK_ECDH_RSA_EXPORT_WITH_RC4_40_SHA 0x03000053 +#define TLS1_CK_ECDH_RSA_EXPORT_WITH_RC4_56_SHA 0x03000054 + +#define TLS1_CK_ECDH_anon_WITH_NULL_SHA 0x03000055 +#define TLS1_CK_ECDH_anon_WITH_RC4_128_SHA 0x03000056 +#define TLS1_CK_ECDH_anon_WITH_DES_CBC_SHA 0x03000057 +#define TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA 0x03000058 +#define TLS1_CK_ECDH_anon_EXPORT_WITH_DES_40_CBC_SHA 0x03000059 +#define TLS1_CK_ECDH_anon_EXPORT_WITH_RC4_40_SHA 0x0300005A + +/* XXX: ECC ciphersuites offering forward secrecy are not yet specified + * in the ECC/TLS draft but our code allows them to be implemented + * very easily. To add such a cipher suite, one needs to add two constant + * definitions to this file and a new structure in s3_lib.c. We illustrate + * the process for the made-up ciphers ECDHE-ECDSA-AES128-SHA and + * ECDHE-RSA-AES128-SHA. + */ +#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0x03000077 +#define TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA 0x03000078 + + /* XXX * Inconsistency alert: * The OpenSSL names of ciphers with ephemeral DH here include the string @@ -142,12 +210,47 @@ extern "C" { #define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA "DHE-RSA-AES256-SHA" #define TLS1_TXT_ADH_WITH_AES_256_SHA "ADH-AES256-SHA" +/* ECC ciphersuites from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) */ +#define TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA "ECDH-ECDSA-NULL-SHA" +#define TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA "ECDH-ECDSA-RC4-SHA" +#define TLS1_TXT_ECDH_ECDSA_WITH_DES_CBC_SHA "ECDH-ECDSA-DES-CBC-SHA" +#define TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA "ECDH-ECDSA-DES-CBC3-SHA" +#define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA "ECDH-ECDSA-AES128-SHA" +#define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA "ECDH-ECDSA-AES256-SHA" +#define TLS1_TXT_ECDH_ECDSA_EXPORT_WITH_RC4_40_SHA "EXP-ECDH-ECDSA-RC4-40-SHA" +#define TLS1_TXT_ECDH_ECDSA_EXPORT_WITH_RC4_56_SHA "EXP-ECDH-ECDSA-RC4-56-SHA" + +#define TLS1_TXT_ECDH_RSA_WITH_NULL_SHA "ECDH-RSA-NULL-SHA" +#define TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA "ECDH-RSA-RC4-SHA" +#define TLS1_TXT_ECDH_RSA_WITH_DES_CBC_SHA "ECDH-RSA-DES-CBC-SHA" +#define TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA "ECDH-RSA-DES-CBC3-SHA" +#define TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA "ECDH-RSA-AES128-SHA" +#define TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA "ECDH-RSA-AES256-SHA" +#define TLS1_TXT_ECDH_RSA_EXPORT_WITH_RC4_40_SHA "EXP-ECDH-RSA-RC4-40-SHA" +#define TLS1_TXT_ECDH_RSA_EXPORT_WITH_RC4_56_SHA "EXP-ECDH-RSA-RC4-56-SHA" + +#define TLS1_TXT_ECDH_anon_WITH_NULL_SHA "AECDH-NULL-SHA" +#define TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA "AECDH-RC4-SHA" +#define TLS1_TXT_ECDH_anon_WITH_DES_CBC_SHA "AECDH-DES-CBC-SHA" +#define TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA "AECDH-DES-CBC3-SHA" +#define TLS1_TXT_ECDH_anon_EXPORT_WITH_DES_40_CBC_SHA "EXP-AECDH-DES-40-CBC-SHA" +#define TLS1_TXT_ECDH_anon_EXPORT_WITH_RC4_40_SHA "EXP-AECDH-RC4-40-SHA" + +/* XXX: Made-up ECC cipher suites offering forward secrecy. This is for + * illustration only. + */ +#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA "ECDHE-ECDSA-AES128-SHA" +#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA "ECDHE-RSA-AES128-SHA" + #define TLS_CT_RSA_SIGN 1 #define TLS_CT_DSS_SIGN 2 #define TLS_CT_RSA_FIXED_DH 3 #define TLS_CT_DSS_FIXED_DH 4 -#define TLS_CT_NUMBER 4 +#define TLS_CT_ECDSA_SIGN 5 +#define TLS_CT_RSA_FIXED_ECDH 6 +#define TLS_CT_ECDSA_FIXED_ECDH 7 +#define TLS_CT_NUMBER 7 #define TLS1_FINISH_MAC_LENGTH 12 @@ -193,3 +296,5 @@ extern "C" { #endif #endif + + |