Reland 'Require ECDHE for False Start.'

net/ssl/ssl_cipher_suite_names.cc

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/ssl/ssl_cipher_suite_names.h"
 
 #include <stdlib.h>
 
 #include "base/logging.h"
 #include "base/strings/string_number_conversions.h"
 #include "base/strings/string_util.h"
 #include "net/ssl/ssl_connection_status_flags.h"
 
 // Rather than storing the names of all the ciphersuites we eliminate the
 // redundancy and break each cipher suite into a key exchange method, cipher
 // and mac. For all the ciphersuites in the IANA registry, we extract each of
 // those components from the name, number them and pack the result into a
 // 16-bit number thus:
 //   (MSB to LSB)
 //   <3 bits> unused
 //   <5 bits> key exchange
 //   <5 bits> cipher
 //   <3 bits> mac
 
 // The following tables were generated by ssl_cipher_suite_names_generate.go,
 // found in the same directory as this file.
 
+namespace {
+
 struct CipherSuite {
   uint16 cipher_suite, encoded;
 };
 
-static const struct CipherSuite kCipherSuites[] = {
+const struct CipherSuite kCipherSuites[] = {
     {0x0, 0x0},        // TLS_NULL_WITH_NULL_NULL
     {0x1, 0x101},      // TLS_RSA_WITH_NULL_MD5
     {0x2, 0x102},      // TLS_RSA_WITH_NULL_SHA
     {0x3, 0x209},      // TLS_RSA_EXPORT_WITH_RC4_40_MD5
     {0x4, 0x111},      // TLS_RSA_WITH_RC4_128_MD5
     {0x5, 0x112},      // TLS_RSA_WITH_RC4_128_SHA
     {0x6, 0x219},      // TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
     {0x7, 0x122},      // TLS_RSA_WITH_IDEA_CBC_SHA
     {0x8, 0x22a},      // TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
     {0x9, 0x132},      // TLS_RSA_WITH_DES_CBC_SHA
@@ skipping 149 matching lines @@
     {0xc089, 0xd87},   // TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
     {0xc08a, 0x107f},  // TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
     {0xc08b, 0x1087},  // TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
     {0xc08c, 0xf7f},   // TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
     {0xc08d, 0xf87},   // TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
     {0xcc13, 0x108f},  // TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
     {0xcc14, 0x0e8f},  // TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
     {0xcc15, 0x0a8f},  // TLS_DHE_RSA_WITH_CHACHA20_POLY1305
 };
 
-static const struct {
+const struct {
   char name[15];
 } kKeyExchangeNames[18] = {
   {"NULL"},  // 0
   {"RSA"},  // 1
   {"RSA_EXPORT"},  // 2
   {"DH_DSS_EXPORT"},  // 3
   {"DH_DSS"},  // 4
   {"DH_RSA_EXPORT"},  // 5
   {"DH_RSA"},  // 6
   {"DHE_DSS_EXPORT"},  // 7
   {"DHE_DSS"},  // 8
   {"DHE_RSA_EXPORT"},  // 9
   {"DHE_RSA"},  // 10
   {"DH_anon_EXPORT"},  // 11
   {"DH_anon"},  // 12
   {"ECDH_ECDSA"},  // 13
   {"ECDHE_ECDSA"},  // 14
   {"ECDH_RSA"},  // 15
   {"ECDHE_RSA"},  // 16
   {"ECDH_anon"},  // 17
 };
 
-static const struct {
+const struct {
   char name[18];
 } kCipherNames[18] = {
   {"NULL"},  // 0
   {"RC4_40"},  // 1
   {"RC4_128"},  // 2
   {"RC2_CBC_40"},  // 3
   {"IDEA_CBC"},  // 4
   {"DES40_CBC"},  // 5
   {"DES_CBC"},  // 6
   {"3DES_EDE_CBC"},  // 7
   {"AES_128_CBC"},  // 8
   {"AES_256_CBC"},  // 9
   {"CAMELLIA_128_CBC"},  // 10
   {"CAMELLIA_256_CBC"},  // 11
   {"SEED_CBC"},  // 12
   {"AES_128_GCM"},  // 13
   {"AES_256_GCM"},  // 14
   {"CAMELLIA_128_GCM"},  // 15
   {"CAMELLIA_256_GCM"},  // 16
   {"CHACHA20_POLY1305"},  // 17
 };
 
-static const struct {
+const struct {
   char name[7];
 } kMacNames[5] = {
   {"NULL"},  // 0
   {"MD5"},  // 1
   {"SHA1"},  // 2
   {"SHA256"},  // 3
   {"SHA384"},  // 4
   // 7 is reserved to indicate an AEAD cipher suite.
 };
 
-static const int kAEADMACValue = 7;
+const int kAEADMACValue = 7;
 
-namespace net {
-
-static int CipherSuiteCmp(const void* ia, const void* ib) {
+int CipherSuiteCmp(const void* ia, const void* ib) {
   const CipherSuite* a = static_cast<const CipherSuite*>(ia);
   const CipherSuite* b = static_cast<const CipherSuite*>(ib);
 
   if (a->cipher_suite < b->cipher_suite) {
     return -1;
   } else if (a->cipher_suite == b->cipher_suite) {
     return 0;
   } else {
     return 1;
   }
 }
 
+bool GetCipherProperties(uint16 cipher_suite,
+                         int* out_key_exchange,
+                         int* out_cipher,
+                         int* out_mac) {
+  CipherSuite desired = {0};
+  desired.cipher_suite = cipher_suite;
+  void* r = bsearch(&desired, kCipherSuites, arraysize(kCipherSuites),
+                    sizeof(kCipherSuites[0]), CipherSuiteCmp);
+
+  if (!r)
+    return false;
+
+  const CipherSuite* cs = static_cast<const CipherSuite*>(r);
+  *out_key_exchange = cs->encoded >> 8;
+  *out_cipher = (cs->encoded >> 3) & 0x1f;
+  *out_mac = cs->encoded & 0x7;
+  return true;
+}
+
+}  // namespace
+
+namespace net {
+
 void SSLCipherSuiteToStrings(const char** key_exchange_str,
                              const char** cipher_str,
                              const char** mac_str,
                              bool *is_aead,
                              uint16 cipher_suite) {
   *key_exchange_str = *cipher_str = *mac_str = "???";
   *is_aead = false;
 
-  struct CipherSuite desired = {0};
-  desired.cipher_suite = cipher_suite;
-
-  void* r = bsearch(&desired, kCipherSuites,
-                    arraysize(kCipherSuites), sizeof(kCipherSuites[0]),
-                    CipherSuiteCmp);
-
-  if (!r)
+  int key_exchange, cipher, mac;
+  if (!GetCipherProperties(cipher_suite, &key_exchange, &cipher, &mac))
     return;
 
-  const CipherSuite* cs = static_cast<CipherSuite*>(r);
-
-  const int key_exchange = cs->encoded >> 8;
-  const int cipher = (cs->encoded >> 3) & 0x1f;
-  const int mac = cs->encoded & 0x7;
-
   *key_exchange_str = kKeyExchangeNames[key_exchange].name;
   *cipher_str = kCipherNames[cipher].name;
   if (mac == kAEADMACValue) {
     *is_aead = true;
     *mac_str = NULL;
   } else {
     *mac_str = kMacNames[mac].name;
   }
 }
 
@@ skipping 30 matching lines @@
   if (cipher_string.size() == 6 &&
       StartsWithASCII(cipher_string, "0x", false /* case insensitive */) &&
       base::HexStringToInt(cipher_string, &value)) {
     *cipher_suite = static_cast<uint16>(value);
     return true;
   }
   return false;
 }
 
 bool IsSecureTLSCipherSuite(uint16 cipher_suite) {
-  CipherSuite desired = {0};
-  desired.cipher_suite = cipher_suite;
-
-  void* r = bsearch(&desired,
-                    kCipherSuites,
-                    arraysize(kCipherSuites),
-                    sizeof(kCipherSuites[0]),
-                    CipherSuiteCmp);
-
-  if (!r)
+  int key_exchange, cipher, mac;
+  if (!GetCipherProperties(cipher_suite, &key_exchange, &cipher, &mac))
     return false;
 
-  const CipherSuite* cs = static_cast<const CipherSuite*>(r);
-
-  const int key_exchange = cs->encoded >> 8;
-  const int cipher = (cs->encoded >> 3) & 0x1f;
-  const int mac = cs->encoded & 0x7;
-
   // Only allow forward secure key exchanges.
   switch (key_exchange) {
     case 10:  // DHE_RSA
     case 14:  // ECDHE_ECDSA
     case 16:  // ECDHE_RSA
       break;
+    default:
+      return false;
+  }
+
+  switch (cipher) {
+    case 13:  // AES_128_GCM
+    case 14:  // AES_256_GCM
+    case 17:  // CHACHA20_POLY1305
+      break;
+    default:
+      return false;
+  }
+
+  // Only AEADs allowed.
+  if (mac != kAEADMACValue)
+    return false;
+
+  return true;
+}
+
+bool IsFalseStartableTLSCipherSuite(uint16 cipher_suite) {
+  int key_exchange, cipher, mac;
+  if (!GetCipherProperties(cipher_suite, &key_exchange, &cipher, &mac))
+    return false;
+
+  // Only allow ECDHE key exchanges.
+  switch (key_exchange) {
+    case 14:  // ECDHE_ECDSA
+    case 16:  // ECDHE_RSA
+      break;
     default:
       return false;
   }
 
   switch (cipher) {
     case 13:  // AES_128_GCM
     case 14:  // AES_256_GCM
     case 17:  // CHACHA20_POLY1305
       break;
     default:
       return false;
   }
 
   // Only AEADs allowed.
   if (mac != kAEADMACValue)
     return false;
 
   return true;
 }
 
 }  // namespace net