OLD | NEW |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/ssl/ssl_cipher_suite_names.h" | 5 #include "net/ssl/ssl_cipher_suite_names.h" |
6 | 6 |
7 #if defined(USE_OPENSSL) | 7 #if defined(USE_OPENSSL) |
8 #include <openssl/ssl.h> | 8 #include <openssl/ssl.h> |
9 #endif | 9 #endif |
10 #include <stdlib.h> | 10 #include <stdlib.h> |
(...skipping 348 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
359 return true; | 359 return true; |
360 } | 360 } |
361 return false; | 361 return false; |
362 } | 362 } |
363 | 363 |
364 bool IsSecureTLSCipherSuite(uint16 cipher_suite) { | 364 bool IsSecureTLSCipherSuite(uint16 cipher_suite) { |
365 int key_exchange, cipher, mac; | 365 int key_exchange, cipher, mac; |
366 if (!GetCipherProperties(cipher_suite, &key_exchange, &cipher, &mac)) | 366 if (!GetCipherProperties(cipher_suite, &key_exchange, &cipher, &mac)) |
367 return false; | 367 return false; |
368 | 368 |
369 // Only allow forward secure key exchanges. | 369 // Only allow ECDHE key exchanges. |
370 switch (key_exchange) { | 370 switch (key_exchange) { |
371 case 10: // DHE_RSA | |
372 case 14: // ECDHE_ECDSA | 371 case 14: // ECDHE_ECDSA |
373 case 16: // ECDHE_RSA | 372 case 16: // ECDHE_RSA |
374 break; | 373 break; |
375 default: | 374 default: |
376 return false; | 375 return false; |
377 } | 376 } |
378 | 377 |
379 switch (cipher) { | 378 switch (cipher) { |
380 case 13: // AES_128_GCM | 379 case 13: // AES_128_GCM |
381 case 14: // AES_256_GCM | 380 case 14: // AES_256_GCM |
382 case 17: // CHACHA20_POLY1305 | 381 case 17: // CHACHA20_POLY1305 |
383 break; | 382 break; |
384 default: | 383 default: |
385 return false; | 384 return false; |
386 } | 385 } |
387 | 386 |
388 // Only AEADs allowed. | 387 // Only AEADs allowed. |
389 if (mac != kAEADMACValue) | 388 if (mac != kAEADMACValue) |
390 return false; | 389 return false; |
391 | 390 |
392 return true; | 391 return true; |
393 } | 392 } |
394 | 393 |
395 bool IsFalseStartableTLSCipherSuite(uint16 cipher_suite) { | 394 bool IsTLSCipherSuiteAllowedByHTTP2(uint16 cipher_suite) { |
396 int key_exchange, cipher, mac; | 395 int key_exchange, cipher, mac; |
397 if (!GetCipherProperties(cipher_suite, &key_exchange, &cipher, &mac)) | 396 if (!GetCipherProperties(cipher_suite, &key_exchange, &cipher, &mac)) |
398 return false; | 397 return false; |
399 | 398 |
400 // Only allow ECDHE key exchanges. | 399 // Only allow forward secure key exchanges. |
401 switch (key_exchange) { | 400 switch (key_exchange) { |
| 401 case 10: // DHE_RSA |
402 case 14: // ECDHE_ECDSA | 402 case 14: // ECDHE_ECDSA |
403 case 16: // ECDHE_RSA | 403 case 16: // ECDHE_RSA |
404 break; | 404 break; |
405 default: | 405 default: |
406 return false; | 406 return false; |
407 } | 407 } |
408 | 408 |
409 switch (cipher) { | 409 switch (cipher) { |
410 case 13: // AES_128_GCM | 410 case 13: // AES_128_GCM |
411 case 14: // AES_256_GCM | 411 case 14: // AES_256_GCM |
(...skipping 22 matching lines...) Expand all Loading... |
434 default: | 434 default: |
435 return nullptr; | 435 return nullptr; |
436 } | 436 } |
437 return SSL_get_curve_name(key_exchange_info); | 437 return SSL_get_curve_name(key_exchange_info); |
438 #else | 438 #else |
439 return nullptr; | 439 return nullptr; |
440 #endif | 440 #endif |
441 } | 441 } |
442 | 442 |
443 } // namespace net | 443 } // namespace net |
OLD | NEW |