OLD | NEW |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/ssl/ssl_cipher_suite_names.h" | 5 #include "net/ssl/ssl_cipher_suite_names.h" |
6 | 6 |
7 #include <stdlib.h> | 7 #include <stdlib.h> |
8 | 8 |
9 #include <openssl/ssl.h> | 9 #include <openssl/ssl.h> |
10 | 10 |
(...skipping 111 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
122 {0xbc, 0x653}, // TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 | 122 {0xbc, 0x653}, // TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 |
123 {0xbd, 0x853}, // TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 | 123 {0xbd, 0x853}, // TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 |
124 {0xbe, 0xa53}, // TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 | 124 {0xbe, 0xa53}, // TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 |
125 {0xbf, 0xc53}, // TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256 | 125 {0xbf, 0xc53}, // TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256 |
126 {0xc0, 0x15b}, // TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 | 126 {0xc0, 0x15b}, // TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 |
127 {0xc1, 0x45b}, // TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 | 127 {0xc1, 0x45b}, // TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 |
128 {0xc2, 0x65b}, // TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 | 128 {0xc2, 0x65b}, // TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 |
129 {0xc3, 0x85b}, // TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 | 129 {0xc3, 0x85b}, // TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 |
130 {0xc4, 0xa5b}, // TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 | 130 {0xc4, 0xa5b}, // TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 |
131 {0xc5, 0xc5b}, // TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256 | 131 {0xc5, 0xc5b}, // TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256 |
| 132 {0x16b7, 0x128f}, // TLS_CECPQ1_RSA_WITH_CHACHA20_POLY1305_SHA256 (exper) |
| 133 {0x16b8, 0x138f}, // TLS_CECPQ1_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (exper) |
| 134 {0x16b9, 0x1277}, // TLS_CECPQ1_RSA_WITH_AES_256_GCM_SHA384 (exper) |
| 135 {0x16ba, 0x1377}, // TLS_CECPQ1_ECDSA_WITH_AES_256_GCM_SHA384 (exper) |
132 {0xc001, 0xd02}, // TLS_ECDH_ECDSA_WITH_NULL_SHA | 136 {0xc001, 0xd02}, // TLS_ECDH_ECDSA_WITH_NULL_SHA |
133 {0xc002, 0xd12}, // TLS_ECDH_ECDSA_WITH_RC4_128_SHA | 137 {0xc002, 0xd12}, // TLS_ECDH_ECDSA_WITH_RC4_128_SHA |
134 {0xc003, 0xd3a}, // TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA | 138 {0xc003, 0xd3a}, // TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA |
135 {0xc004, 0xd42}, // TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA | 139 {0xc004, 0xd42}, // TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA |
136 {0xc005, 0xd4a}, // TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA | 140 {0xc005, 0xd4a}, // TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA |
137 {0xc006, 0xe02}, // TLS_ECDHE_ECDSA_WITH_NULL_SHA | 141 {0xc006, 0xe02}, // TLS_ECDHE_ECDSA_WITH_NULL_SHA |
138 {0xc007, 0xe12}, // TLS_ECDHE_ECDSA_WITH_RC4_128_SHA | 142 {0xc007, 0xe12}, // TLS_ECDHE_ECDSA_WITH_RC4_128_SHA |
139 {0xc008, 0xe3a}, // TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA | 143 {0xc008, 0xe3a}, // TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA |
140 {0xc009, 0xe42}, // TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA | 144 {0xc009, 0xe42}, // TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA |
141 {0xc00a, 0xe4a}, // TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA | 145 {0xc00a, 0xe4a}, // TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA |
(...skipping 57 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
199 {0xc08c, 0xf7f}, // TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 | 203 {0xc08c, 0xf7f}, // TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 |
200 {0xc08d, 0xf87}, // TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 | 204 {0xc08d, 0xf87}, // TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 |
201 {0xcc13, 0x108f}, // TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 (non-standard) | 205 {0xcc13, 0x108f}, // TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 (non-standard) |
202 {0xcc14, 0x0e8f}, // TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 (non-standard) | 206 {0xcc14, 0x0e8f}, // TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 (non-standard) |
203 {0xcca8, 0x108f}, // TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 | 207 {0xcca8, 0x108f}, // TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 |
204 {0xcca9, 0x0e8f}, // TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 | 208 {0xcca9, 0x0e8f}, // TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 |
205 }; | 209 }; |
206 | 210 |
207 const struct { | 211 const struct { |
208 char name[15]; | 212 char name[15]; |
209 } kKeyExchangeNames[18] = { | 213 } kKeyExchangeNames[20] = { |
210 {"NULL"}, // 0 | 214 {"NULL"}, // 0 |
211 {"RSA"}, // 1 | 215 {"RSA"}, // 1 |
212 {"RSA_EXPORT"}, // 2 | 216 {"RSA_EXPORT"}, // 2 |
213 {"DH_DSS_EXPORT"}, // 3 | 217 {"DH_DSS_EXPORT"}, // 3 |
214 {"DH_DSS"}, // 4 | 218 {"DH_DSS"}, // 4 |
215 {"DH_RSA_EXPORT"}, // 5 | 219 {"DH_RSA_EXPORT"}, // 5 |
216 {"DH_RSA"}, // 6 | 220 {"DH_RSA"}, // 6 |
217 {"DHE_DSS_EXPORT"}, // 7 | 221 {"DHE_DSS_EXPORT"}, // 7 |
218 {"DHE_DSS"}, // 8 | 222 {"DHE_DSS"}, // 8 |
219 {"DHE_RSA_EXPORT"}, // 9 | 223 {"DHE_RSA_EXPORT"}, // 9 |
220 {"DHE_RSA"}, // 10 | 224 {"DHE_RSA"}, // 10 |
221 {"DH_anon_EXPORT"}, // 11 | 225 {"DH_anon_EXPORT"}, // 11 |
222 {"DH_anon"}, // 12 | 226 {"DH_anon"}, // 12 |
223 {"ECDH_ECDSA"}, // 13 | 227 {"ECDH_ECDSA"}, // 13 |
224 {"ECDHE_ECDSA"}, // 14 | 228 {"ECDHE_ECDSA"}, // 14 |
225 {"ECDH_RSA"}, // 15 | 229 {"ECDH_RSA"}, // 15 |
226 {"ECDHE_RSA"}, // 16 | 230 {"ECDHE_RSA"}, // 16 |
227 {"ECDH_anon"}, // 17 | 231 {"ECDH_anon"}, // 17 |
| 232 {"CECPQ1_RSA"}, // 18 |
| 233 {"CECPQ1_ECDSA"}, // 19 |
228 }; | 234 }; |
229 | 235 |
230 const struct { | 236 const struct { |
231 char name[18]; | 237 char name[18]; |
232 } kCipherNames[18] = { | 238 } kCipherNames[18] = { |
233 {"NULL"}, // 0 | 239 {"NULL"}, // 0 |
234 {"RC4_40"}, // 1 | 240 {"RC4_40"}, // 1 |
235 {"RC4_128"}, // 2 | 241 {"RC4_128"}, // 2 |
236 {"RC2_CBC_40"}, // 3 | 242 {"RC2_CBC_40"}, // 3 |
237 {"IDEA_CBC"}, // 4 | 243 {"IDEA_CBC"}, // 4 |
(...skipping 125 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
363 | 369 |
364 bool IsSecureTLSCipherSuite(uint16_t cipher_suite) { | 370 bool IsSecureTLSCipherSuite(uint16_t cipher_suite) { |
365 int key_exchange, cipher, mac; | 371 int key_exchange, cipher, mac; |
366 if (!GetCipherProperties(cipher_suite, &key_exchange, &cipher, &mac)) | 372 if (!GetCipherProperties(cipher_suite, &key_exchange, &cipher, &mac)) |
367 return false; | 373 return false; |
368 | 374 |
369 // Only allow ECDHE key exchanges. | 375 // Only allow ECDHE key exchanges. |
370 switch (key_exchange) { | 376 switch (key_exchange) { |
371 case 14: // ECDHE_ECDSA | 377 case 14: // ECDHE_ECDSA |
372 case 16: // ECDHE_RSA | 378 case 16: // ECDHE_RSA |
| 379 case 18: // CECPQ1_RSA |
| 380 case 19: // CECPQ1_ECDSA |
373 break; | 381 break; |
374 default: | 382 default: |
375 return false; | 383 return false; |
376 } | 384 } |
377 | 385 |
378 switch (cipher) { | 386 switch (cipher) { |
379 case 13: // AES_128_GCM | 387 case 13: // AES_128_GCM |
380 case 14: // AES_256_GCM | 388 case 14: // AES_256_GCM |
381 case 17: // CHACHA20_POLY1305 | 389 case 17: // CHACHA20_POLY1305 |
382 break; | 390 break; |
(...skipping 11 matching lines...) Expand all Loading... |
394 bool IsTLSCipherSuiteAllowedByHTTP2(uint16_t cipher_suite) { | 402 bool IsTLSCipherSuiteAllowedByHTTP2(uint16_t cipher_suite) { |
395 int key_exchange, cipher, mac; | 403 int key_exchange, cipher, mac; |
396 if (!GetCipherProperties(cipher_suite, &key_exchange, &cipher, &mac)) | 404 if (!GetCipherProperties(cipher_suite, &key_exchange, &cipher, &mac)) |
397 return false; | 405 return false; |
398 | 406 |
399 // Only allow forward secure key exchanges. | 407 // Only allow forward secure key exchanges. |
400 switch (key_exchange) { | 408 switch (key_exchange) { |
401 case 10: // DHE_RSA | 409 case 10: // DHE_RSA |
402 case 14: // ECDHE_ECDSA | 410 case 14: // ECDHE_ECDSA |
403 case 16: // ECDHE_RSA | 411 case 16: // ECDHE_RSA |
| 412 case 18: // CECPQ1_RSA |
| 413 case 19: // CECPQ1_ECDSA |
404 break; | 414 break; |
405 default: | 415 default: |
406 return false; | 416 return false; |
407 } | 417 } |
408 | 418 |
409 switch (cipher) { | 419 switch (cipher) { |
410 case 13: // AES_128_GCM | 420 case 13: // AES_128_GCM |
411 case 14: // AES_256_GCM | 421 case 14: // AES_256_GCM |
412 case 17: // CHACHA20_POLY1305 | 422 case 17: // CHACHA20_POLY1305 |
413 break; | 423 break; |
(...skipping 16 matching lines...) Expand all Loading... |
430 case 14: // ECDHE_ECDSA | 440 case 14: // ECDHE_ECDSA |
431 case 16: // ECDHE_RSA | 441 case 16: // ECDHE_RSA |
432 break; | 442 break; |
433 default: | 443 default: |
434 return nullptr; | 444 return nullptr; |
435 } | 445 } |
436 return SSL_get_curve_name(key_exchange_info); | 446 return SSL_get_curve_name(key_exchange_info); |
437 } | 447 } |
438 | 448 |
439 } // namespace net | 449 } // namespace net |
OLD | NEW |