| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/ssl/ssl_cipher_suite_names.h" | 5 #include "net/ssl/ssl_cipher_suite_names.h" |
| 6 | 6 |
| 7 #if defined(USE_OPENSSL) | 7 #if defined(USE_OPENSSL) |
| 8 #include <openssl/ssl.h> | 8 #include <openssl/ssl.h> |
| 9 #endif | 9 #endif |
| 10 #include <stdlib.h> | 10 #include <stdlib.h> |
| (...skipping 13 matching lines...) Expand all Loading... |
| 24 // <5 bits> key exchange | 24 // <5 bits> key exchange |
| 25 // <5 bits> cipher | 25 // <5 bits> cipher |
| 26 // <3 bits> mac | 26 // <3 bits> mac |
| 27 | 27 |
| 28 // The following tables were generated by ssl_cipher_suite_names_generate.go, | 28 // The following tables were generated by ssl_cipher_suite_names_generate.go, |
| 29 // found in the same directory as this file. | 29 // found in the same directory as this file. |
| 30 | 30 |
| 31 namespace { | 31 namespace { |
| 32 | 32 |
| 33 struct CipherSuite { | 33 struct CipherSuite { |
| 34 uint16 cipher_suite, encoded; | 34 uint16_t cipher_suite, encoded; |
| 35 }; | 35 }; |
| 36 | 36 |
| 37 const struct CipherSuite kCipherSuites[] = { | 37 const struct CipherSuite kCipherSuites[] = { |
| 38 {0x0, 0x0}, // TLS_NULL_WITH_NULL_NULL | 38 {0x0, 0x0}, // TLS_NULL_WITH_NULL_NULL |
| 39 {0x1, 0x101}, // TLS_RSA_WITH_NULL_MD5 | 39 {0x1, 0x101}, // TLS_RSA_WITH_NULL_MD5 |
| 40 {0x2, 0x102}, // TLS_RSA_WITH_NULL_SHA | 40 {0x2, 0x102}, // TLS_RSA_WITH_NULL_SHA |
| 41 {0x3, 0x209}, // TLS_RSA_EXPORT_WITH_RC4_40_MD5 | 41 {0x3, 0x209}, // TLS_RSA_EXPORT_WITH_RC4_40_MD5 |
| 42 {0x4, 0x111}, // TLS_RSA_WITH_RC4_128_MD5 | 42 {0x4, 0x111}, // TLS_RSA_WITH_RC4_128_MD5 |
| 43 {0x5, 0x112}, // TLS_RSA_WITH_RC4_128_SHA | 43 {0x5, 0x112}, // TLS_RSA_WITH_RC4_128_SHA |
| 44 {0x6, 0x219}, // TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 | 44 {0x6, 0x219}, // TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 |
| (...skipping 225 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 270 | 270 |
| 271 if (a->cipher_suite < b->cipher_suite) { | 271 if (a->cipher_suite < b->cipher_suite) { |
| 272 return -1; | 272 return -1; |
| 273 } else if (a->cipher_suite == b->cipher_suite) { | 273 } else if (a->cipher_suite == b->cipher_suite) { |
| 274 return 0; | 274 return 0; |
| 275 } else { | 275 } else { |
| 276 return 1; | 276 return 1; |
| 277 } | 277 } |
| 278 } | 278 } |
| 279 | 279 |
| 280 bool GetCipherProperties(uint16 cipher_suite, | 280 bool GetCipherProperties(uint16_t cipher_suite, |
| 281 int* out_key_exchange, | 281 int* out_key_exchange, |
| 282 int* out_cipher, | 282 int* out_cipher, |
| 283 int* out_mac) { | 283 int* out_mac) { |
| 284 CipherSuite desired = {0}; | 284 CipherSuite desired = {0}; |
| 285 desired.cipher_suite = cipher_suite; | 285 desired.cipher_suite = cipher_suite; |
| 286 void* r = bsearch(&desired, kCipherSuites, arraysize(kCipherSuites), | 286 void* r = bsearch(&desired, kCipherSuites, arraysize(kCipherSuites), |
| 287 sizeof(kCipherSuites[0]), CipherSuiteCmp); | 287 sizeof(kCipherSuites[0]), CipherSuiteCmp); |
| 288 | 288 |
| 289 if (!r) | 289 if (!r) |
| 290 return false; | 290 return false; |
| 291 | 291 |
| 292 const CipherSuite* cs = static_cast<const CipherSuite*>(r); | 292 const CipherSuite* cs = static_cast<const CipherSuite*>(r); |
| 293 *out_key_exchange = cs->encoded >> 8; | 293 *out_key_exchange = cs->encoded >> 8; |
| 294 *out_cipher = (cs->encoded >> 3) & 0x1f; | 294 *out_cipher = (cs->encoded >> 3) & 0x1f; |
| 295 *out_mac = cs->encoded & 0x7; | 295 *out_mac = cs->encoded & 0x7; |
| 296 return true; | 296 return true; |
| 297 } | 297 } |
| 298 | 298 |
| 299 } // namespace | 299 } // namespace |
| 300 | 300 |
| 301 namespace net { | 301 namespace net { |
| 302 | 302 |
| 303 void SSLCipherSuiteToStrings(const char** key_exchange_str, | 303 void SSLCipherSuiteToStrings(const char** key_exchange_str, |
| 304 const char** cipher_str, | 304 const char** cipher_str, |
| 305 const char** mac_str, | 305 const char** mac_str, |
| 306 bool *is_aead, | 306 bool* is_aead, |
| 307 uint16 cipher_suite) { | 307 uint16_t cipher_suite) { |
| 308 *key_exchange_str = *cipher_str = *mac_str = "???"; | 308 *key_exchange_str = *cipher_str = *mac_str = "???"; |
| 309 *is_aead = false; | 309 *is_aead = false; |
| 310 | 310 |
| 311 int key_exchange, cipher, mac; | 311 int key_exchange, cipher, mac; |
| 312 if (!GetCipherProperties(cipher_suite, &key_exchange, &cipher, &mac)) | 312 if (!GetCipherProperties(cipher_suite, &key_exchange, &cipher, &mac)) |
| 313 return; | 313 return; |
| 314 | 314 |
| 315 *key_exchange_str = kKeyExchangeNames[key_exchange].name; | 315 *key_exchange_str = kKeyExchangeNames[key_exchange].name; |
| 316 *cipher_str = kCipherNames[cipher].name; | 316 *cipher_str = kCipherNames[cipher].name; |
| 317 if (mac == kAEADMACValue) { | 317 if (mac == kAEADMACValue) { |
| (...skipping 25 matching lines...) Expand all Loading... |
| 343 *name = "QUIC"; | 343 *name = "QUIC"; |
| 344 break; | 344 break; |
| 345 default: | 345 default: |
| 346 NOTREACHED() << ssl_version; | 346 NOTREACHED() << ssl_version; |
| 347 *name = "???"; | 347 *name = "???"; |
| 348 break; | 348 break; |
| 349 } | 349 } |
| 350 } | 350 } |
| 351 | 351 |
| 352 bool ParseSSLCipherString(const std::string& cipher_string, | 352 bool ParseSSLCipherString(const std::string& cipher_string, |
| 353 uint16* cipher_suite) { | 353 uint16_t* cipher_suite) { |
| 354 int value = 0; | 354 int value = 0; |
| 355 if (cipher_string.size() == 6 && | 355 if (cipher_string.size() == 6 && |
| 356 base::StartsWith(cipher_string, "0x", | 356 base::StartsWith(cipher_string, "0x", |
| 357 base::CompareCase::INSENSITIVE_ASCII) && | 357 base::CompareCase::INSENSITIVE_ASCII) && |
| 358 base::HexStringToInt(cipher_string, &value)) { | 358 base::HexStringToInt(cipher_string, &value)) { |
| 359 *cipher_suite = static_cast<uint16>(value); | 359 *cipher_suite = static_cast<uint16_t>(value); |
| 360 return true; | 360 return true; |
| 361 } | 361 } |
| 362 return false; | 362 return false; |
| 363 } | 363 } |
| 364 | 364 |
| 365 bool IsSecureTLSCipherSuite(uint16 cipher_suite) { | 365 bool IsSecureTLSCipherSuite(uint16_t cipher_suite) { |
| 366 int key_exchange, cipher, mac; | 366 int key_exchange, cipher, mac; |
| 367 if (!GetCipherProperties(cipher_suite, &key_exchange, &cipher, &mac)) | 367 if (!GetCipherProperties(cipher_suite, &key_exchange, &cipher, &mac)) |
| 368 return false; | 368 return false; |
| 369 | 369 |
| 370 // Only allow ECDHE key exchanges. | 370 // Only allow ECDHE key exchanges. |
| 371 switch (key_exchange) { | 371 switch (key_exchange) { |
| 372 case 14: // ECDHE_ECDSA | 372 case 14: // ECDHE_ECDSA |
| 373 case 16: // ECDHE_RSA | 373 case 16: // ECDHE_RSA |
| 374 break; | 374 break; |
| 375 default: | 375 default: |
| 376 return false; | 376 return false; |
| 377 } | 377 } |
| 378 | 378 |
| 379 switch (cipher) { | 379 switch (cipher) { |
| 380 case 13: // AES_128_GCM | 380 case 13: // AES_128_GCM |
| 381 case 14: // AES_256_GCM | 381 case 14: // AES_256_GCM |
| 382 case 17: // CHACHA20_POLY1305 | 382 case 17: // CHACHA20_POLY1305 |
| 383 break; | 383 break; |
| 384 default: | 384 default: |
| 385 return false; | 385 return false; |
| 386 } | 386 } |
| 387 | 387 |
| 388 // Only AEADs allowed. | 388 // Only AEADs allowed. |
| 389 if (mac != kAEADMACValue) | 389 if (mac != kAEADMACValue) |
| 390 return false; | 390 return false; |
| 391 | 391 |
| 392 return true; | 392 return true; |
| 393 } | 393 } |
| 394 | 394 |
| 395 bool IsTLSCipherSuiteAllowedByHTTP2(uint16 cipher_suite) { | 395 bool IsTLSCipherSuiteAllowedByHTTP2(uint16_t cipher_suite) { |
| 396 int key_exchange, cipher, mac; | 396 int key_exchange, cipher, mac; |
| 397 if (!GetCipherProperties(cipher_suite, &key_exchange, &cipher, &mac)) | 397 if (!GetCipherProperties(cipher_suite, &key_exchange, &cipher, &mac)) |
| 398 return false; | 398 return false; |
| 399 | 399 |
| 400 // Only allow forward secure key exchanges. | 400 // Only allow forward secure key exchanges. |
| 401 switch (key_exchange) { | 401 switch (key_exchange) { |
| 402 case 10: // DHE_RSA | 402 case 10: // DHE_RSA |
| 403 case 14: // ECDHE_ECDSA | 403 case 14: // ECDHE_ECDSA |
| 404 case 16: // ECDHE_RSA | 404 case 16: // ECDHE_RSA |
| 405 break; | 405 break; |
| (...skipping 10 matching lines...) Expand all Loading... |
| 416 return false; | 416 return false; |
| 417 } | 417 } |
| 418 | 418 |
| 419 // Only AEADs allowed. | 419 // Only AEADs allowed. |
| 420 if (mac != kAEADMACValue) | 420 if (mac != kAEADMACValue) |
| 421 return false; | 421 return false; |
| 422 | 422 |
| 423 return true; | 423 return true; |
| 424 } | 424 } |
| 425 | 425 |
| 426 const char* ECCurveName(uint16 cipher_suite, int key_exchange_info) { | 426 const char* ECCurveName(uint16_t cipher_suite, int key_exchange_info) { |
| 427 #if defined(USE_OPENSSL) | 427 #if defined(USE_OPENSSL) |
| 428 int key_exchange, cipher, mac; | 428 int key_exchange, cipher, mac; |
| 429 if (!GetCipherProperties(cipher_suite, &key_exchange, &cipher, &mac)) | 429 if (!GetCipherProperties(cipher_suite, &key_exchange, &cipher, &mac)) |
| 430 return nullptr; | 430 return nullptr; |
| 431 switch (key_exchange) { | 431 switch (key_exchange) { |
| 432 case 14: // ECDHE_ECDSA | 432 case 14: // ECDHE_ECDSA |
| 433 case 16: // ECDHE_RSA | 433 case 16: // ECDHE_RSA |
| 434 break; | 434 break; |
| 435 default: | 435 default: |
| 436 return nullptr; | 436 return nullptr; |
| 437 } | 437 } |
| 438 return SSL_get_curve_name(key_exchange_info); | 438 return SSL_get_curve_name(key_exchange_info); |
| 439 #else | 439 #else |
| 440 return nullptr; | 440 return nullptr; |
| 441 #endif | 441 #endif |
| 442 } | 442 } |
| 443 | 443 |
| 444 } // namespace net | 444 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1535363003:
Switch to standard integer types in net/. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master