OLD | NEW |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/ssl/ssl_cipher_suite_names.h" | 5 #include "net/ssl/ssl_cipher_suite_names.h" |
6 | 6 |
7 #if defined(USE_OPENSSL) | 7 #if defined(USE_OPENSSL) |
8 #include <openssl/ssl.h> | 8 #include <openssl/ssl.h> |
9 #endif | 9 #endif |
10 #include <stdlib.h> | 10 #include <stdlib.h> |
(...skipping 13 matching lines...) Expand all Loading... |
24 // <5 bits> key exchange | 24 // <5 bits> key exchange |
25 // <5 bits> cipher | 25 // <5 bits> cipher |
26 // <3 bits> mac | 26 // <3 bits> mac |
27 | 27 |
28 // The following tables were generated by ssl_cipher_suite_names_generate.go, | 28 // The following tables were generated by ssl_cipher_suite_names_generate.go, |
29 // found in the same directory as this file. | 29 // found in the same directory as this file. |
30 | 30 |
31 namespace { | 31 namespace { |
32 | 32 |
33 struct CipherSuite { | 33 struct CipherSuite { |
34 uint16 cipher_suite, encoded; | 34 uint16_t cipher_suite, encoded; |
35 }; | 35 }; |
36 | 36 |
37 const struct CipherSuite kCipherSuites[] = { | 37 const struct CipherSuite kCipherSuites[] = { |
38 {0x0, 0x0}, // TLS_NULL_WITH_NULL_NULL | 38 {0x0, 0x0}, // TLS_NULL_WITH_NULL_NULL |
39 {0x1, 0x101}, // TLS_RSA_WITH_NULL_MD5 | 39 {0x1, 0x101}, // TLS_RSA_WITH_NULL_MD5 |
40 {0x2, 0x102}, // TLS_RSA_WITH_NULL_SHA | 40 {0x2, 0x102}, // TLS_RSA_WITH_NULL_SHA |
41 {0x3, 0x209}, // TLS_RSA_EXPORT_WITH_RC4_40_MD5 | 41 {0x3, 0x209}, // TLS_RSA_EXPORT_WITH_RC4_40_MD5 |
42 {0x4, 0x111}, // TLS_RSA_WITH_RC4_128_MD5 | 42 {0x4, 0x111}, // TLS_RSA_WITH_RC4_128_MD5 |
43 {0x5, 0x112}, // TLS_RSA_WITH_RC4_128_SHA | 43 {0x5, 0x112}, // TLS_RSA_WITH_RC4_128_SHA |
44 {0x6, 0x219}, // TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 | 44 {0x6, 0x219}, // TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 |
(...skipping 225 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
270 | 270 |
271 if (a->cipher_suite < b->cipher_suite) { | 271 if (a->cipher_suite < b->cipher_suite) { |
272 return -1; | 272 return -1; |
273 } else if (a->cipher_suite == b->cipher_suite) { | 273 } else if (a->cipher_suite == b->cipher_suite) { |
274 return 0; | 274 return 0; |
275 } else { | 275 } else { |
276 return 1; | 276 return 1; |
277 } | 277 } |
278 } | 278 } |
279 | 279 |
280 bool GetCipherProperties(uint16 cipher_suite, | 280 bool GetCipherProperties(uint16_t cipher_suite, |
281 int* out_key_exchange, | 281 int* out_key_exchange, |
282 int* out_cipher, | 282 int* out_cipher, |
283 int* out_mac) { | 283 int* out_mac) { |
284 CipherSuite desired = {0}; | 284 CipherSuite desired = {0}; |
285 desired.cipher_suite = cipher_suite; | 285 desired.cipher_suite = cipher_suite; |
286 void* r = bsearch(&desired, kCipherSuites, arraysize(kCipherSuites), | 286 void* r = bsearch(&desired, kCipherSuites, arraysize(kCipherSuites), |
287 sizeof(kCipherSuites[0]), CipherSuiteCmp); | 287 sizeof(kCipherSuites[0]), CipherSuiteCmp); |
288 | 288 |
289 if (!r) | 289 if (!r) |
290 return false; | 290 return false; |
291 | 291 |
292 const CipherSuite* cs = static_cast<const CipherSuite*>(r); | 292 const CipherSuite* cs = static_cast<const CipherSuite*>(r); |
293 *out_key_exchange = cs->encoded >> 8; | 293 *out_key_exchange = cs->encoded >> 8; |
294 *out_cipher = (cs->encoded >> 3) & 0x1f; | 294 *out_cipher = (cs->encoded >> 3) & 0x1f; |
295 *out_mac = cs->encoded & 0x7; | 295 *out_mac = cs->encoded & 0x7; |
296 return true; | 296 return true; |
297 } | 297 } |
298 | 298 |
299 } // namespace | 299 } // namespace |
300 | 300 |
301 namespace net { | 301 namespace net { |
302 | 302 |
303 void SSLCipherSuiteToStrings(const char** key_exchange_str, | 303 void SSLCipherSuiteToStrings(const char** key_exchange_str, |
304 const char** cipher_str, | 304 const char** cipher_str, |
305 const char** mac_str, | 305 const char** mac_str, |
306 bool *is_aead, | 306 bool* is_aead, |
307 uint16 cipher_suite) { | 307 uint16_t cipher_suite) { |
308 *key_exchange_str = *cipher_str = *mac_str = "???"; | 308 *key_exchange_str = *cipher_str = *mac_str = "???"; |
309 *is_aead = false; | 309 *is_aead = false; |
310 | 310 |
311 int key_exchange, cipher, mac; | 311 int key_exchange, cipher, mac; |
312 if (!GetCipherProperties(cipher_suite, &key_exchange, &cipher, &mac)) | 312 if (!GetCipherProperties(cipher_suite, &key_exchange, &cipher, &mac)) |
313 return; | 313 return; |
314 | 314 |
315 *key_exchange_str = kKeyExchangeNames[key_exchange].name; | 315 *key_exchange_str = kKeyExchangeNames[key_exchange].name; |
316 *cipher_str = kCipherNames[cipher].name; | 316 *cipher_str = kCipherNames[cipher].name; |
317 if (mac == kAEADMACValue) { | 317 if (mac == kAEADMACValue) { |
(...skipping 25 matching lines...) Expand all Loading... |
343 *name = "QUIC"; | 343 *name = "QUIC"; |
344 break; | 344 break; |
345 default: | 345 default: |
346 NOTREACHED() << ssl_version; | 346 NOTREACHED() << ssl_version; |
347 *name = "???"; | 347 *name = "???"; |
348 break; | 348 break; |
349 } | 349 } |
350 } | 350 } |
351 | 351 |
352 bool ParseSSLCipherString(const std::string& cipher_string, | 352 bool ParseSSLCipherString(const std::string& cipher_string, |
353 uint16* cipher_suite) { | 353 uint16_t* cipher_suite) { |
354 int value = 0; | 354 int value = 0; |
355 if (cipher_string.size() == 6 && | 355 if (cipher_string.size() == 6 && |
356 base::StartsWith(cipher_string, "0x", | 356 base::StartsWith(cipher_string, "0x", |
357 base::CompareCase::INSENSITIVE_ASCII) && | 357 base::CompareCase::INSENSITIVE_ASCII) && |
358 base::HexStringToInt(cipher_string, &value)) { | 358 base::HexStringToInt(cipher_string, &value)) { |
359 *cipher_suite = static_cast<uint16>(value); | 359 *cipher_suite = static_cast<uint16_t>(value); |
360 return true; | 360 return true; |
361 } | 361 } |
362 return false; | 362 return false; |
363 } | 363 } |
364 | 364 |
365 bool IsSecureTLSCipherSuite(uint16 cipher_suite) { | 365 bool IsSecureTLSCipherSuite(uint16_t cipher_suite) { |
366 int key_exchange, cipher, mac; | 366 int key_exchange, cipher, mac; |
367 if (!GetCipherProperties(cipher_suite, &key_exchange, &cipher, &mac)) | 367 if (!GetCipherProperties(cipher_suite, &key_exchange, &cipher, &mac)) |
368 return false; | 368 return false; |
369 | 369 |
370 // Only allow ECDHE key exchanges. | 370 // Only allow ECDHE key exchanges. |
371 switch (key_exchange) { | 371 switch (key_exchange) { |
372 case 14: // ECDHE_ECDSA | 372 case 14: // ECDHE_ECDSA |
373 case 16: // ECDHE_RSA | 373 case 16: // ECDHE_RSA |
374 break; | 374 break; |
375 default: | 375 default: |
376 return false; | 376 return false; |
377 } | 377 } |
378 | 378 |
379 switch (cipher) { | 379 switch (cipher) { |
380 case 13: // AES_128_GCM | 380 case 13: // AES_128_GCM |
381 case 14: // AES_256_GCM | 381 case 14: // AES_256_GCM |
382 case 17: // CHACHA20_POLY1305 | 382 case 17: // CHACHA20_POLY1305 |
383 break; | 383 break; |
384 default: | 384 default: |
385 return false; | 385 return false; |
386 } | 386 } |
387 | 387 |
388 // Only AEADs allowed. | 388 // Only AEADs allowed. |
389 if (mac != kAEADMACValue) | 389 if (mac != kAEADMACValue) |
390 return false; | 390 return false; |
391 | 391 |
392 return true; | 392 return true; |
393 } | 393 } |
394 | 394 |
395 bool IsTLSCipherSuiteAllowedByHTTP2(uint16 cipher_suite) { | 395 bool IsTLSCipherSuiteAllowedByHTTP2(uint16_t cipher_suite) { |
396 int key_exchange, cipher, mac; | 396 int key_exchange, cipher, mac; |
397 if (!GetCipherProperties(cipher_suite, &key_exchange, &cipher, &mac)) | 397 if (!GetCipherProperties(cipher_suite, &key_exchange, &cipher, &mac)) |
398 return false; | 398 return false; |
399 | 399 |
400 // Only allow forward secure key exchanges. | 400 // Only allow forward secure key exchanges. |
401 switch (key_exchange) { | 401 switch (key_exchange) { |
402 case 10: // DHE_RSA | 402 case 10: // DHE_RSA |
403 case 14: // ECDHE_ECDSA | 403 case 14: // ECDHE_ECDSA |
404 case 16: // ECDHE_RSA | 404 case 16: // ECDHE_RSA |
405 break; | 405 break; |
(...skipping 10 matching lines...) Expand all Loading... |
416 return false; | 416 return false; |
417 } | 417 } |
418 | 418 |
419 // Only AEADs allowed. | 419 // Only AEADs allowed. |
420 if (mac != kAEADMACValue) | 420 if (mac != kAEADMACValue) |
421 return false; | 421 return false; |
422 | 422 |
423 return true; | 423 return true; |
424 } | 424 } |
425 | 425 |
426 const char* ECCurveName(uint16 cipher_suite, int key_exchange_info) { | 426 const char* ECCurveName(uint16_t cipher_suite, int key_exchange_info) { |
427 #if defined(USE_OPENSSL) | 427 #if defined(USE_OPENSSL) |
428 int key_exchange, cipher, mac; | 428 int key_exchange, cipher, mac; |
429 if (!GetCipherProperties(cipher_suite, &key_exchange, &cipher, &mac)) | 429 if (!GetCipherProperties(cipher_suite, &key_exchange, &cipher, &mac)) |
430 return nullptr; | 430 return nullptr; |
431 switch (key_exchange) { | 431 switch (key_exchange) { |
432 case 14: // ECDHE_ECDSA | 432 case 14: // ECDHE_ECDSA |
433 case 16: // ECDHE_RSA | 433 case 16: // ECDHE_RSA |
434 break; | 434 break; |
435 default: | 435 default: |
436 return nullptr; | 436 return nullptr; |
437 } | 437 } |
438 return SSL_get_curve_name(key_exchange_info); | 438 return SSL_get_curve_name(key_exchange_info); |
439 #else | 439 #else |
440 return nullptr; | 440 return nullptr; |
441 #endif | 441 #endif |
442 } | 442 } |
443 | 443 |
444 } // namespace net | 444 } // namespace net |
OLD | NEW |