OLD | NEW |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_SSL_SSL_CIPHER_SUITE_NAMES_H_ | 5 #ifndef NET_SSL_SSL_CIPHER_SUITE_NAMES_H_ |
6 #define NET_SSL_SSL_CIPHER_SUITE_NAMES_H_ | 6 #define NET_SSL_SSL_CIPHER_SUITE_NAMES_H_ |
7 | 7 |
| 8 #include <stdint.h> |
| 9 |
8 #include <string> | 10 #include <string> |
9 | 11 |
10 #include "base/basictypes.h" | |
11 #include "net/base/net_export.h" | 12 #include "net/base/net_export.h" |
12 | 13 |
13 namespace net { | 14 namespace net { |
14 | 15 |
15 // SSLCipherSuiteToStrings returns three strings for a given cipher suite | 16 // SSLCipherSuiteToStrings returns three strings for a given cipher suite |
16 // number, the name of the key exchange algorithm, the name of the cipher and | 17 // number, the name of the key exchange algorithm, the name of the cipher and |
17 // the name of the MAC. The cipher suite number is the number as sent on the | 18 // the name of the MAC. The cipher suite number is the number as sent on the |
18 // wire and recorded at | 19 // wire and recorded at |
19 // http://www.iana.org/assignments/tls-parameters/tls-parameters.xml | 20 // http://www.iana.org/assignments/tls-parameters/tls-parameters.xml |
20 // If the cipher suite is unknown, the strings are set to "???". | 21 // If the cipher suite is unknown, the strings are set to "???". |
21 // In the case of an AEAD cipher suite, *mac_str is NULL and *is_aead is true. | 22 // In the case of an AEAD cipher suite, *mac_str is NULL and *is_aead is true. |
22 NET_EXPORT void SSLCipherSuiteToStrings(const char** key_exchange_str, | 23 NET_EXPORT void SSLCipherSuiteToStrings(const char** key_exchange_str, |
23 const char** cipher_str, | 24 const char** cipher_str, |
24 const char** mac_str, | 25 const char** mac_str, |
25 bool* is_aead, | 26 bool* is_aead, |
26 uint16 cipher_suite); | 27 uint16_t cipher_suite); |
27 | 28 |
28 // SSLVersionToString returns the name of the SSL protocol version | 29 // SSLVersionToString returns the name of the SSL protocol version |
29 // specified by |ssl_version|, which is defined in | 30 // specified by |ssl_version|, which is defined in |
30 // net/ssl/ssl_connection_status_flags.h. | 31 // net/ssl/ssl_connection_status_flags.h. |
31 // If the version is unknown, |name| is set to "???". | 32 // If the version is unknown, |name| is set to "???". |
32 NET_EXPORT void SSLVersionToString(const char** name, int ssl_version); | 33 NET_EXPORT void SSLVersionToString(const char** name, int ssl_version); |
33 | 34 |
34 // Parses a string literal that represents a SSL/TLS cipher suite. | 35 // Parses a string literal that represents a SSL/TLS cipher suite. |
35 // | 36 // |
36 // Supported literal forms: | 37 // Supported literal forms: |
37 // 0xAABB, where AA is cipher_suite[0] and BB is cipher_suite[1], as | 38 // 0xAABB, where AA is cipher_suite[0] and BB is cipher_suite[1], as |
38 // defined in RFC 2246, Section 7.4.1.2. Unrecognized but parsable cipher | 39 // defined in RFC 2246, Section 7.4.1.2. Unrecognized but parsable cipher |
39 // suites in this form will not return an error. | 40 // suites in this form will not return an error. |
40 // | 41 // |
41 // Returns true if the cipher suite was successfully parsed, storing the | 42 // Returns true if the cipher suite was successfully parsed, storing the |
42 // result in |cipher_suite|. | 43 // result in |cipher_suite|. |
43 // | 44 // |
44 // TODO(rsleevi): Support the full strings defined in the IANA TLS parameters | 45 // TODO(rsleevi): Support the full strings defined in the IANA TLS parameters |
45 // list. | 46 // list. |
46 NET_EXPORT bool ParseSSLCipherString(const std::string& cipher_string, | 47 NET_EXPORT bool ParseSSLCipherString(const std::string& cipher_string, |
47 uint16* cipher_suite); | 48 uint16_t* cipher_suite); |
48 | 49 |
49 // |cipher_suite| is the IANA id for the cipher suite. What a "secure" | 50 // |cipher_suite| is the IANA id for the cipher suite. What a "secure" |
50 // cipher suite is arbitrarily determined here. The intent is to indicate what | 51 // cipher suite is arbitrarily determined here. The intent is to indicate what |
51 // cipher suites meet modern security standards when backwards compatibility can | 52 // cipher suites meet modern security standards when backwards compatibility can |
52 // be ignored. | 53 // be ignored. |
53 // | 54 // |
54 // Currently, this function follows these criteria: | 55 // Currently, this function follows these criteria: |
55 // 1) Only uses ECDHE-based key exchanges authenticated by a certificate | 56 // 1) Only uses ECDHE-based key exchanges authenticated by a certificate |
56 // 2) Only uses AEADs | 57 // 2) Only uses AEADs |
57 NET_EXPORT bool IsSecureTLSCipherSuite(uint16 cipher_suite); | 58 NET_EXPORT bool IsSecureTLSCipherSuite(uint16_t cipher_suite); |
58 | 59 |
59 // Returns true if |cipher_suite| is suitable for use with HTTP/2. See | 60 // Returns true if |cipher_suite| is suitable for use with HTTP/2. See |
60 // https://http2.github.io/http2-spec/#rfc.section.9.2.2. | 61 // https://http2.github.io/http2-spec/#rfc.section.9.2.2. |
61 NET_EXPORT bool IsTLSCipherSuiteAllowedByHTTP2(uint16 cipher_suite); | 62 NET_EXPORT bool IsTLSCipherSuiteAllowedByHTTP2(uint16_t cipher_suite); |
62 | 63 |
63 // Returns the static curve name of |key_exchange_info| if the |cipher_suite| | 64 // Returns the static curve name of |key_exchange_info| if the |cipher_suite| |
64 // is an elliptic curve, and a name is known. Returns nullptr otherwise. | 65 // is an elliptic curve, and a name is known. Returns nullptr otherwise. |
65 // Only defined for OpenSSL, returns nullptr otherwise. | 66 // Only defined for OpenSSL, returns nullptr otherwise. |
66 NET_EXPORT const char* ECCurveName(uint16 cipher_suite, int key_exchange_info); | 67 NET_EXPORT const char* ECCurveName(uint16_t cipher_suite, |
| 68 int key_exchange_info); |
67 | 69 |
68 } // namespace net | 70 } // namespace net |
69 | 71 |
70 #endif // NET_SSL_SSL_CIPHER_SUITE_NAMES_H_ | 72 #endif // NET_SSL_SSL_CIPHER_SUITE_NAMES_H_ |
OLD | NEW |