security_framework/
cipher_suite.rs

1//! Cipher Suites supported by Secure Transport
2
3use security_framework_sys::cipher_suite::*;
4
5macro_rules! make_suites {
6    ($($suite:ident),+) => {
7        /// TLS cipher suites.
8        #[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)]
9        pub struct CipherSuite(SSLCipherSuite);
10
11        #[allow(missing_docs)]
12        impl CipherSuite {
13            $(
14                pub const $suite: Self = Self($suite);
15            )+
16
17            #[inline(always)]
18            #[must_use]
19            pub const fn from_raw(raw: SSLCipherSuite) -> Self {
20                Self(raw)
21            }
22
23            #[inline(always)]
24            #[must_use]
25            pub const fn to_raw(&self) -> SSLCipherSuite {
26                self.0
27            }
28        }
29    }
30}
31
32make_suites! {
33    // The commented out ones up here are aliases of the matching TLS suites
34    SSL_NULL_WITH_NULL_NULL,
35    SSL_RSA_WITH_NULL_MD5,
36    SSL_RSA_WITH_NULL_SHA,
37    SSL_RSA_EXPORT_WITH_RC4_40_MD5,
38    SSL_RSA_WITH_RC4_128_MD5,
39    SSL_RSA_WITH_RC4_128_SHA,
40    SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
41    SSL_RSA_WITH_IDEA_CBC_SHA,
42    SSL_RSA_EXPORT_WITH_DES40_CBC_SHA,
43    SSL_RSA_WITH_DES_CBC_SHA,
44    //SSL_RSA_WITH_3DES_EDE_CBC_SHA,
45    SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA,
46    SSL_DH_DSS_WITH_DES_CBC_SHA,
47    //SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA,
48    SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA,
49    SSL_DH_RSA_WITH_DES_CBC_SHA,
50    //SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA,
51    SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,
52    SSL_DHE_DSS_WITH_DES_CBC_SHA,
53    //SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
54    SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
55    SSL_DHE_RSA_WITH_DES_CBC_SHA,
56    //SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
57    SSL_DH_anon_EXPORT_WITH_RC4_40_MD5,
58    //SSL_DH_anon_WITH_RC4_128_MD5,
59    SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA,
60    SSL_DH_anon_WITH_DES_CBC_SHA,
61    //SSL_DH_anon_WITH_3DES_EDE_CBC_SHA,
62    SSL_FORTEZZA_DMS_WITH_NULL_SHA,
63    SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,
64
65    /* TLS addenda using AES, per RFC 3268 */
66    TLS_RSA_WITH_AES_128_CBC_SHA,
67    TLS_DH_DSS_WITH_AES_128_CBC_SHA,
68    TLS_DH_RSA_WITH_AES_128_CBC_SHA,
69    TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
70    TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
71    TLS_DH_anon_WITH_AES_128_CBC_SHA,
72    TLS_RSA_WITH_AES_256_CBC_SHA,
73    TLS_DH_DSS_WITH_AES_256_CBC_SHA,
74    TLS_DH_RSA_WITH_AES_256_CBC_SHA,
75    TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
76    TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
77    TLS_DH_anon_WITH_AES_256_CBC_SHA,
78
79    /* ECDSA addenda, RFC 4492 */
80    TLS_ECDH_ECDSA_WITH_NULL_SHA,
81    TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
82    TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
83    TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
84    TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
85    TLS_ECDHE_ECDSA_WITH_NULL_SHA,
86    TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
87    TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
88    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
89    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
90    TLS_ECDH_RSA_WITH_NULL_SHA,
91    TLS_ECDH_RSA_WITH_RC4_128_SHA,
92    TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
93    TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
94    TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
95    TLS_ECDHE_RSA_WITH_NULL_SHA,
96    TLS_ECDHE_RSA_WITH_RC4_128_SHA,
97    TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
98    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
99    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
100    TLS_ECDH_anon_WITH_NULL_SHA,
101    TLS_ECDH_anon_WITH_RC4_128_SHA,
102    TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA,
103    TLS_ECDH_anon_WITH_AES_128_CBC_SHA,
104    TLS_ECDH_anon_WITH_AES_256_CBC_SHA,
105
106    /* TLS 1.2 addenda, RFC 5246 */
107
108    /* Initial state. */
109    TLS_NULL_WITH_NULL_NULL,
110
111    /* Server provided RSA certificate for key exchange. */
112    TLS_RSA_WITH_NULL_MD5,
113    TLS_RSA_WITH_NULL_SHA,
114    TLS_RSA_WITH_RC4_128_MD5,
115    TLS_RSA_WITH_RC4_128_SHA,
116    TLS_RSA_WITH_3DES_EDE_CBC_SHA,
117    //TLS_RSA_WITH_AES_128_CBC_SHA,
118    //TLS_RSA_WITH_AES_256_CBC_SHA,
119    TLS_RSA_WITH_NULL_SHA256,
120    TLS_RSA_WITH_AES_128_CBC_SHA256,
121    TLS_RSA_WITH_AES_256_CBC_SHA256,
122
123    /* Server-authenticated (and optionally client-authenticated) Diffie-Hellman. */
124    TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA,
125    TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA,
126    TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
127    TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
128    //TLS_DH_DSS_WITH_AES_128_CBC_SHA,
129    //TLS_DH_RSA_WITH_AES_128_CBC_SHA,
130    //TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
131    //TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
132    //TLS_DH_DSS_WITH_AES_256_CBC_SHA,
133    //TLS_DH_RSA_WITH_AES_256_CBC_SHA,
134    //TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
135    //TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
136    TLS_DH_DSS_WITH_AES_128_CBC_SHA256,
137    TLS_DH_RSA_WITH_AES_128_CBC_SHA256,
138    TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
139    TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
140    TLS_DH_DSS_WITH_AES_256_CBC_SHA256,
141    TLS_DH_RSA_WITH_AES_256_CBC_SHA256,
142    TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,
143    TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
144
145    /* Completely anonymous Diffie-Hellman */
146    TLS_DH_anon_WITH_RC4_128_MD5,
147    TLS_DH_anon_WITH_3DES_EDE_CBC_SHA,
148    //TLS_DH_anon_WITH_AES_128_CBC_SHA,
149    //TLS_DH_anon_WITH_AES_256_CBC_SHA,
150    TLS_DH_anon_WITH_AES_128_CBC_SHA256,
151    TLS_DH_anon_WITH_AES_256_CBC_SHA256,
152
153    /* Addendum from RFC 4279, TLS PSK */
154
155    TLS_PSK_WITH_RC4_128_SHA,
156    TLS_PSK_WITH_3DES_EDE_CBC_SHA,
157    TLS_PSK_WITH_AES_128_CBC_SHA,
158    TLS_PSK_WITH_AES_256_CBC_SHA,
159    TLS_DHE_PSK_WITH_RC4_128_SHA,
160    TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
161    TLS_DHE_PSK_WITH_AES_128_CBC_SHA,
162    TLS_DHE_PSK_WITH_AES_256_CBC_SHA,
163    TLS_RSA_PSK_WITH_RC4_128_SHA,
164    TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
165    TLS_RSA_PSK_WITH_AES_128_CBC_SHA,
166    TLS_RSA_PSK_WITH_AES_256_CBC_SHA,
167
168    /* RFC 4785 - Pre-Shared Key (PSK) Ciphersuites with NULL Encryption */
169
170    TLS_PSK_WITH_NULL_SHA,
171    TLS_DHE_PSK_WITH_NULL_SHA,
172    TLS_RSA_PSK_WITH_NULL_SHA,
173
174    /* Addenda from rfc 5288 AES Galois Counter Mode (GCM) Cipher Suites
175       for TLS. */
176    TLS_RSA_WITH_AES_128_GCM_SHA256,
177    TLS_RSA_WITH_AES_256_GCM_SHA384,
178    TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
179    TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
180    TLS_DH_RSA_WITH_AES_128_GCM_SHA256,
181    TLS_DH_RSA_WITH_AES_256_GCM_SHA384,
182    TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,
183    TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,
184    TLS_DH_DSS_WITH_AES_128_GCM_SHA256,
185    TLS_DH_DSS_WITH_AES_256_GCM_SHA384,
186    TLS_DH_anon_WITH_AES_128_GCM_SHA256,
187    TLS_DH_anon_WITH_AES_256_GCM_SHA384,
188
189    /* RFC 5487 - PSK with SHA-256/384 and AES GCM */
190    TLS_PSK_WITH_AES_128_GCM_SHA256,
191    TLS_PSK_WITH_AES_256_GCM_SHA384,
192    TLS_DHE_PSK_WITH_AES_128_GCM_SHA256,
193    TLS_DHE_PSK_WITH_AES_256_GCM_SHA384,
194    TLS_RSA_PSK_WITH_AES_128_GCM_SHA256,
195    TLS_RSA_PSK_WITH_AES_256_GCM_SHA384,
196
197    TLS_PSK_WITH_AES_128_CBC_SHA256,
198    TLS_PSK_WITH_AES_256_CBC_SHA384,
199    TLS_PSK_WITH_NULL_SHA256,
200    TLS_PSK_WITH_NULL_SHA384,
201
202    TLS_DHE_PSK_WITH_AES_128_CBC_SHA256,
203    TLS_DHE_PSK_WITH_AES_256_CBC_SHA384,
204    TLS_DHE_PSK_WITH_NULL_SHA256,
205    TLS_DHE_PSK_WITH_NULL_SHA384,
206
207    TLS_RSA_PSK_WITH_AES_128_CBC_SHA256,
208    TLS_RSA_PSK_WITH_AES_256_CBC_SHA384,
209    TLS_RSA_PSK_WITH_NULL_SHA256,
210    TLS_RSA_PSK_WITH_NULL_SHA384,
211
212
213    /* Addenda from rfc 5289  Elliptic Curve Cipher Suites with
214       HMAC SHA-256/384. */
215    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
216    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
217    TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
218    TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
219    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
220    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
221    TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
222    TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
223
224    /* Addenda from rfc 5289  Elliptic Curve Cipher Suites with
225       SHA-256/384 and AES Galois Counter Mode (GCM) */
226    TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
227    TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
228    TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
229    TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
230    TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
231    TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
232    TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
233    TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,
234
235    /* RFC 5746 - Secure Renegotiation */
236    TLS_EMPTY_RENEGOTIATION_INFO_SCSV,
237    /*
238     * Tags for SSL 2 cipher kinds which are not specified
239     * for SSL 3.
240     */
241    SSL_RSA_WITH_RC2_CBC_MD5,
242    SSL_RSA_WITH_IDEA_CBC_MD5,
243    SSL_RSA_WITH_DES_CBC_MD5,
244    SSL_RSA_WITH_3DES_EDE_CBC_MD5,
245    SSL_NO_SUCH_CIPHERSUITE
246}
security_framework/cipher_suite.rs

security_framework/
cipher_suite.rs
