Appendix A. Protocol Data Structures and Constant Values (协议数据结构和常量值)

本附录提供TLS 1.2协议中使用的所有数据结构和常量值的完整列表.

A.1. Record Layer (记录层)

struct {
    uint8 major;
    uint8 minor;
} ProtocolVersion;

ProtocolVersion version = { 3, 3 };  /* TLS v1.2 */

enum {
    change_cipher_spec(20), alert(21), handshake(22),
    application_data(23), (255)
} ContentType;

struct {
    ContentType type;
    ProtocolVersion version;
    uint16 length;
    opaque fragment[TLSPlaintext.length];
} TLSPlaintext;

struct {
    ContentType type;
    ProtocolVersion version;
    uint16 length;
    opaque fragment[TLSCompressed.length];
} TLSCompressed;

struct {
    ContentType type;
    ProtocolVersion version;
    uint16 length;
    select (SecurityParameters.cipher_type) {
        case stream: GenericStreamCipher;
        case block:  GenericBlockCipher;
        case aead:   GenericAEADCipher;
    } fragment;
} TLSCiphertext;

A.2. Change Cipher Specs Message (更改密码规范消息)

struct {
    enum { change_cipher_spec(1), (255) } type;
} ChangeCipherSpec;

A.3. Alert Messages (警报消息)

enum { warning(1), fatal(2), (255) } AlertLevel;

enum {
    close_notify(0),
    unexpected_message(10),
    bad_record_mac(20),
    decryption_failed_RESERVED(21),
    record_overflow(22),
    decompression_failure(30),
    handshake_failure(40),
    no_certificate_RESERVED(41),
    bad_certificate(42),
    unsupported_certificate(43),
    certificate_revoked(44),
    certificate_expired(45),
    certificate_unknown(46),
    illegal_parameter(47),
    unknown_ca(48),
    access_denied(49),
    decode_error(50),
    decrypt_error(51),
    export_restriction_RESERVED(60),
    protocol_version(70),
    insufficient_security(71),
    internal_error(80),
    user_canceled(90),
    no_renegotiation(100),
    unsupported_extension(110),
    (255)
} AlertDescription;

struct {
    AlertLevel level;
    AlertDescription description;
} Alert;

A.4. Handshake Protocol (握手协议)

enum {
    hello_request(0), client_hello(1), server_hello(2),
    certificate(11), server_key_exchange (12),
    certificate_request(13), server_hello_done(14),
    certificate_verify(15), client_key_exchange(16),
    finished(20),
    (255)
} HandshakeType;

struct {
    HandshakeType msg_type;
    uint24 length;
    select (HandshakeType) {
        case hello_request:       HelloRequest;
        case client_hello:        ClientHello;
        case server_hello:        ServerHello;
        case certificate:         Certificate;
        case server_key_exchange: ServerKeyExchange;
        case certificate_request: CertificateRequest;
        case server_hello_done:   ServerHelloDone;
        case certificate_verify:  CertificateVerify;
        case client_key_exchange: ClientKeyExchange;
        case finished:            Finished;
    } body;
} Handshake;

A.5. The Cipher Suite (密码套件)

以下是TLS 1.2定义的密码套件标识符:

TLS_NULL_WITH_NULL_NULL               = { 0x00,0x00 };
TLS_RSA_WITH_NULL_MD5                 = { 0x00,0x01 };
TLS_RSA_WITH_NULL_SHA                 = { 0x00,0x02 };
TLS_RSA_WITH_NULL_SHA256              = { 0x00,0x3B };
TLS_RSA_WITH_RC4_128_MD5              = { 0x00,0x04 };
TLS_RSA_WITH_RC4_128_SHA              = { 0x00,0x05 };
TLS_RSA_WITH_3DES_EDE_CBC_SHA         = { 0x00,0x0A };
TLS_RSA_WITH_AES_128_CBC_SHA          = { 0x00,0x2F };
TLS_RSA_WITH_AES_256_CBC_SHA          = { 0x00,0x35 };
TLS_RSA_WITH_AES_128_CBC_SHA256       = { 0x00,0x3C };
TLS_RSA_WITH_AES_256_CBC_SHA256       = { 0x00,0x3D };
TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA      = { 0x00,0x0D };
TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA      = { 0x00,0x10 };
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA     = { 0x00,0x13 };
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA     = { 0x00,0x16 };
TLS_DH_DSS_WITH_AES_128_CBC_SHA       = { 0x00,0x30 };
TLS_DH_RSA_WITH_AES_128_CBC_SHA       = { 0x00,0x31 };
TLS_DHE_DSS_WITH_AES_128_CBC_SHA      = { 0x00,0x32 };
TLS_DHE_RSA_WITH_AES_128_CBC_SHA      = { 0x00,0x33 };
TLS_DH_DSS_WITH_AES_256_CBC_SHA       = { 0x00,0x36 };
TLS_DH_RSA_WITH_AES_256_CBC_SHA       = { 0x00,0x37 };
TLS_DHE_DSS_WITH_AES_256_CBC_SHA      = { 0x00,0x38 };
TLS_DHE_RSA_WITH_AES_256_CBC_SHA      = { 0x00,0x39 };
TLS_DH_DSS_WITH_AES_128_CBC_SHA256    = { 0x00,0x3E };
TLS_DH_RSA_WITH_AES_128_CBC_SHA256    = { 0x00,0x3F };
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256   = { 0x00,0x40 };
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256   = { 0x00,0x67 };
TLS_DH_DSS_WITH_AES_256_CBC_SHA256    = { 0x00,0x68 };
TLS_DH_RSA_WITH_AES_256_CBC_SHA256    = { 0x00,0x69 };
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256   = { 0x00,0x6A };
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256   = { 0x00,0x6B };
TLS_DH_anon_WITH_RC4_128_MD5          = { 0x00,0x18 };
TLS_DH_anon_WITH_3DES_EDE_CBC_SHA     = { 0x00,0x1B };
TLS_DH_anon_WITH_AES_128_CBC_SHA      = { 0x00,0x34 };
TLS_DH_anon_WITH_AES_256_CBC_SHA      = { 0x00,0x3A };
TLS_DH_anon_WITH_AES_128_CBC_SHA256   = { 0x00,0x6C };
TLS_DH_anon_WITH_AES_256_CBC_SHA256   = { 0x00,0x6D };

注意: TLS_RSA_WITH_AES_128_CBC_SHA是强制实现的密码套件.

A.6. The Security Parameters (安全参数)

enum { server, client } ConnectionEnd;

enum { tls_prf_sha256 } PRFAlgorithm;

enum { null, rc4, 3des, aes } BulkCipherAlgorithm;

enum { stream, block, aead } CipherType;

enum { null, hmac_md5, hmac_sha1, hmac_sha256,
     hmac_sha384, hmac_sha512} MACAlgorithm;

enum { null(0), (255) } CompressionMethod;

struct {
    ConnectionEnd          entity;
    PRFAlgorithm           prf_algorithm;
    BulkCipherAlgorithm    bulk_cipher_algorithm;
    CipherType             cipher_type;
    uint8                  enc_key_length;
    uint8                  block_length;
    uint8                  fixed_iv_length;
    uint8                  record_iv_length;
    MACAlgorithm           mac_algorithm;
    uint8                  mac_length;
    uint8                  mac_key_length;
    CompressionMethod      compression_algorithm;
    opaque                 master_secret[48];
    opaque                 client_random[32];
    opaque                 server_random[32];
} SecurityParameters;

注意: 完整的数据结构定义和详细说明, 请参考RFC 5246附录A的完整文本.