Index: net/ssl/ssl_cipher_suite_names.cc |
diff --git a/net/ssl/ssl_cipher_suite_names.cc b/net/ssl/ssl_cipher_suite_names.cc |
index 56d75214e94a9dfbca8720896d7771a945f6c1f2..de3cff2987b70b3c4e51bf272bee29955353f860 100644 |
--- a/net/ssl/ssl_cipher_suite_names.cc |
+++ b/net/ssl/ssl_cipher_suite_names.cc |
@@ -25,13 +25,11 @@ |
// The following tables were generated by ssl_cipher_suite_names_generate.go, |
// found in the same directory as this file. |
-namespace { |
- |
struct CipherSuite { |
uint16 cipher_suite, encoded; |
}; |
-const struct CipherSuite kCipherSuites[] = { |
+static const struct CipherSuite kCipherSuites[] = { |
{0x0, 0x0}, // TLS_NULL_WITH_NULL_NULL |
{0x1, 0x101}, // TLS_RSA_WITH_NULL_MD5 |
{0x2, 0x102}, // TLS_RSA_WITH_NULL_SHA |
@@ -201,7 +199,7 @@ |
{0xcc15, 0x0a8f}, // TLS_DHE_RSA_WITH_CHACHA20_POLY1305 |
}; |
-const struct { |
+static const struct { |
char name[15]; |
} kKeyExchangeNames[18] = { |
{"NULL"}, // 0 |
@@ -224,7 +222,7 @@ |
{"ECDH_anon"}, // 17 |
}; |
-const struct { |
+static const struct { |
char name[18]; |
} kCipherNames[18] = { |
{"NULL"}, // 0 |
@@ -247,7 +245,7 @@ |
{"CHACHA20_POLY1305"}, // 17 |
}; |
-const struct { |
+static const struct { |
char name[7]; |
} kMacNames[5] = { |
{"NULL"}, // 0 |
@@ -258,9 +256,11 @@ |
// 7 is reserved to indicate an AEAD cipher suite. |
}; |
-const int kAEADMACValue = 7; |
- |
-int CipherSuiteCmp(const void* ia, const void* ib) { |
+static const int kAEADMACValue = 7; |
+ |
+namespace net { |
+ |
+static int CipherSuiteCmp(const void* ia, const void* ib) { |
const CipherSuite* a = static_cast<const CipherSuite*>(ia); |
const CipherSuite* b = static_cast<const CipherSuite*>(ib); |
@@ -272,29 +272,6 @@ |
return 1; |
} |
} |
- |
-bool GetCipherProperties(uint16 cipher_suite, |
- int* out_key_exchange, |
- int* out_cipher, |
- int* out_mac) { |
- CipherSuite desired = {0}; |
- desired.cipher_suite = cipher_suite; |
- void* r = bsearch(&desired, kCipherSuites, arraysize(kCipherSuites), |
- sizeof(kCipherSuites[0]), CipherSuiteCmp); |
- |
- if (!r) |
- return false; |
- |
- const CipherSuite* cs = static_cast<const CipherSuite*>(r); |
- *out_key_exchange = cs->encoded >> 8; |
- *out_cipher = (cs->encoded >> 3) & 0x1f; |
- *out_mac = cs->encoded & 0x7; |
- return true; |
-} |
- |
-} // namespace |
- |
-namespace net { |
void SSLCipherSuiteToStrings(const char** key_exchange_str, |
const char** cipher_str, |
@@ -304,9 +281,21 @@ |
*key_exchange_str = *cipher_str = *mac_str = "???"; |
*is_aead = false; |
- int key_exchange, cipher, mac; |
- if (!GetCipherProperties(cipher_suite, &key_exchange, &cipher, &mac)) |
+ struct CipherSuite desired = {0}; |
+ desired.cipher_suite = cipher_suite; |
+ |
+ void* r = bsearch(&desired, kCipherSuites, |
+ arraysize(kCipherSuites), sizeof(kCipherSuites[0]), |
+ CipherSuiteCmp); |
+ |
+ if (!r) |
return; |
+ |
+ const CipherSuite* cs = static_cast<CipherSuite*>(r); |
+ |
+ const int key_exchange = cs->encoded >> 8; |
+ const int cipher = (cs->encoded >> 3) & 0x1f; |
+ const int mac = cs->encoded & 0x7; |
*key_exchange_str = kKeyExchangeNames[key_exchange].name; |
*cipher_str = kCipherNames[cipher].name; |
@@ -358,9 +347,23 @@ |
} |
bool IsSecureTLSCipherSuite(uint16 cipher_suite) { |
- int key_exchange, cipher, mac; |
- if (!GetCipherProperties(cipher_suite, &key_exchange, &cipher, &mac)) |
+ CipherSuite desired = {0}; |
+ desired.cipher_suite = cipher_suite; |
+ |
+ void* r = bsearch(&desired, |
+ kCipherSuites, |
+ arraysize(kCipherSuites), |
+ sizeof(kCipherSuites[0]), |
+ CipherSuiteCmp); |
+ |
+ if (!r) |
return false; |
+ |
+ const CipherSuite* cs = static_cast<const CipherSuite*>(r); |
+ |
+ const int key_exchange = cs->encoded >> 8; |
+ const int cipher = (cs->encoded >> 3) & 0x1f; |
+ const int mac = cs->encoded & 0x7; |
// Only allow forward secure key exchanges. |
switch (key_exchange) { |
@@ -388,34 +391,4 @@ |
return true; |
} |
-bool IsFalseStartableTLSCipherSuite(uint16 cipher_suite) { |
- int key_exchange, cipher, mac; |
- if (!GetCipherProperties(cipher_suite, &key_exchange, &cipher, &mac)) |
- return false; |
- |
- // Only allow ECDHE key exchanges. |
- switch (key_exchange) { |
- case 14: // ECDHE_ECDSA |
- case 16: // ECDHE_RSA |
- break; |
- default: |
- return false; |
- } |
- |
- switch (cipher) { |
- case 13: // AES_128_GCM |
- case 14: // AES_256_GCM |
- case 17: // CHACHA20_POLY1305 |
- break; |
- default: |
- return false; |
- } |
- |
- // Only AEADs allowed. |
- if (mac != kAEADMACValue) |
- return false; |
- |
- return true; |
-} |
- |
} // namespace net |