| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/ssl/ssl_cipher_suite_names.h" | 5 #include "net/ssl/ssl_cipher_suite_names.h" |
| 6 | 6 |
| 7 #include <stdlib.h> | 7 #include <stdlib.h> |
| 8 | 8 |
| 9 #include <openssl/ssl.h> | 9 #include <openssl/ssl.h> |
| 10 | 10 |
| (...skipping 111 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 122 {0xbc, 0x653}, // TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 | 122 {0xbc, 0x653}, // TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 |
| 123 {0xbd, 0x853}, // TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 | 123 {0xbd, 0x853}, // TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 |
| 124 {0xbe, 0xa53}, // TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 | 124 {0xbe, 0xa53}, // TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 |
| 125 {0xbf, 0xc53}, // TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256 | 125 {0xbf, 0xc53}, // TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256 |
| 126 {0xc0, 0x15b}, // TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 | 126 {0xc0, 0x15b}, // TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 |
| 127 {0xc1, 0x45b}, // TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 | 127 {0xc1, 0x45b}, // TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 |
| 128 {0xc2, 0x65b}, // TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 | 128 {0xc2, 0x65b}, // TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 |
| 129 {0xc3, 0x85b}, // TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 | 129 {0xc3, 0x85b}, // TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 |
| 130 {0xc4, 0xa5b}, // TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 | 130 {0xc4, 0xa5b}, // TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 |
| 131 {0xc5, 0xc5b}, // TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256 | 131 {0xc5, 0xc5b}, // TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256 |
| 132 {0x16b7, 0x128f}, // TLS_CECPQ1_RSA_WITH_CHACHA20_POLY1305_SHA256 (exper) |
| 133 {0x16b8, 0x138f}, // TLS_CECPQ1_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (exper) |
| 134 {0x16b9, 0x1277}, // TLS_CECPQ1_RSA_WITH_AES_256_GCM_SHA384 (exper) |
| 135 {0x16ba, 0x1377}, // TLS_CECPQ1_ECDSA_WITH_AES_256_GCM_SHA384 (exper) |
| 132 {0xc001, 0xd02}, // TLS_ECDH_ECDSA_WITH_NULL_SHA | 136 {0xc001, 0xd02}, // TLS_ECDH_ECDSA_WITH_NULL_SHA |
| 133 {0xc002, 0xd12}, // TLS_ECDH_ECDSA_WITH_RC4_128_SHA | 137 {0xc002, 0xd12}, // TLS_ECDH_ECDSA_WITH_RC4_128_SHA |
| 134 {0xc003, 0xd3a}, // TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA | 138 {0xc003, 0xd3a}, // TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA |
| 135 {0xc004, 0xd42}, // TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA | 139 {0xc004, 0xd42}, // TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA |
| 136 {0xc005, 0xd4a}, // TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA | 140 {0xc005, 0xd4a}, // TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA |
| 137 {0xc006, 0xe02}, // TLS_ECDHE_ECDSA_WITH_NULL_SHA | 141 {0xc006, 0xe02}, // TLS_ECDHE_ECDSA_WITH_NULL_SHA |
| 138 {0xc007, 0xe12}, // TLS_ECDHE_ECDSA_WITH_RC4_128_SHA | 142 {0xc007, 0xe12}, // TLS_ECDHE_ECDSA_WITH_RC4_128_SHA |
| 139 {0xc008, 0xe3a}, // TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA | 143 {0xc008, 0xe3a}, // TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA |
| 140 {0xc009, 0xe42}, // TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA | 144 {0xc009, 0xe42}, // TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA |
| 141 {0xc00a, 0xe4a}, // TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA | 145 {0xc00a, 0xe4a}, // TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA |
| (...skipping 57 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 199 {0xc08c, 0xf7f}, // TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 | 203 {0xc08c, 0xf7f}, // TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 |
| 200 {0xc08d, 0xf87}, // TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 | 204 {0xc08d, 0xf87}, // TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 |
| 201 {0xcc13, 0x108f}, // TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 (non-standard) | 205 {0xcc13, 0x108f}, // TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 (non-standard) |
| 202 {0xcc14, 0x0e8f}, // TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 (non-standard) | 206 {0xcc14, 0x0e8f}, // TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 (non-standard) |
| 203 {0xcca8, 0x108f}, // TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 | 207 {0xcca8, 0x108f}, // TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 |
| 204 {0xcca9, 0x0e8f}, // TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 | 208 {0xcca9, 0x0e8f}, // TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 |
| 205 }; | 209 }; |
| 206 | 210 |
| 207 const struct { | 211 const struct { |
| 208 char name[15]; | 212 char name[15]; |
| 209 } kKeyExchangeNames[18] = { | 213 } kKeyExchangeNames[20] = { |
| 210 {"NULL"}, // 0 | 214 {"NULL"}, // 0 |
| 211 {"RSA"}, // 1 | 215 {"RSA"}, // 1 |
| 212 {"RSA_EXPORT"}, // 2 | 216 {"RSA_EXPORT"}, // 2 |
| 213 {"DH_DSS_EXPORT"}, // 3 | 217 {"DH_DSS_EXPORT"}, // 3 |
| 214 {"DH_DSS"}, // 4 | 218 {"DH_DSS"}, // 4 |
| 215 {"DH_RSA_EXPORT"}, // 5 | 219 {"DH_RSA_EXPORT"}, // 5 |
| 216 {"DH_RSA"}, // 6 | 220 {"DH_RSA"}, // 6 |
| 217 {"DHE_DSS_EXPORT"}, // 7 | 221 {"DHE_DSS_EXPORT"}, // 7 |
| 218 {"DHE_DSS"}, // 8 | 222 {"DHE_DSS"}, // 8 |
| 219 {"DHE_RSA_EXPORT"}, // 9 | 223 {"DHE_RSA_EXPORT"}, // 9 |
| 220 {"DHE_RSA"}, // 10 | 224 {"DHE_RSA"}, // 10 |
| 221 {"DH_anon_EXPORT"}, // 11 | 225 {"DH_anon_EXPORT"}, // 11 |
| 222 {"DH_anon"}, // 12 | 226 {"DH_anon"}, // 12 |
| 223 {"ECDH_ECDSA"}, // 13 | 227 {"ECDH_ECDSA"}, // 13 |
| 224 {"ECDHE_ECDSA"}, // 14 | 228 {"ECDHE_ECDSA"}, // 14 |
| 225 {"ECDH_RSA"}, // 15 | 229 {"ECDH_RSA"}, // 15 |
| 226 {"ECDHE_RSA"}, // 16 | 230 {"ECDHE_RSA"}, // 16 |
| 227 {"ECDH_anon"}, // 17 | 231 {"ECDH_anon"}, // 17 |
| 232 {"CECPQ1_RSA"}, // 18 |
| 233 {"CECPQ1_ECDSA"}, // 19 |
| 228 }; | 234 }; |
| 229 | 235 |
| 230 const struct { | 236 const struct { |
| 231 char name[18]; | 237 char name[18]; |
| 232 } kCipherNames[18] = { | 238 } kCipherNames[18] = { |
| 233 {"NULL"}, // 0 | 239 {"NULL"}, // 0 |
| 234 {"RC4_40"}, // 1 | 240 {"RC4_40"}, // 1 |
| 235 {"RC4_128"}, // 2 | 241 {"RC4_128"}, // 2 |
| 236 {"RC2_CBC_40"}, // 3 | 242 {"RC2_CBC_40"}, // 3 |
| 237 {"IDEA_CBC"}, // 4 | 243 {"IDEA_CBC"}, // 4 |
| (...skipping 125 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 363 | 369 |
| 364 bool IsSecureTLSCipherSuite(uint16_t cipher_suite) { | 370 bool IsSecureTLSCipherSuite(uint16_t cipher_suite) { |
| 365 int key_exchange, cipher, mac; | 371 int key_exchange, cipher, mac; |
| 366 if (!GetCipherProperties(cipher_suite, &key_exchange, &cipher, &mac)) | 372 if (!GetCipherProperties(cipher_suite, &key_exchange, &cipher, &mac)) |
| 367 return false; | 373 return false; |
| 368 | 374 |
| 369 // Only allow ECDHE key exchanges. | 375 // Only allow ECDHE key exchanges. |
| 370 switch (key_exchange) { | 376 switch (key_exchange) { |
| 371 case 14: // ECDHE_ECDSA | 377 case 14: // ECDHE_ECDSA |
| 372 case 16: // ECDHE_RSA | 378 case 16: // ECDHE_RSA |
| 379 case 18: // CECPQ1_RSA |
| 380 case 19: // CECPQ1_ECDSA |
| 373 break; | 381 break; |
| 374 default: | 382 default: |
| 375 return false; | 383 return false; |
| 376 } | 384 } |
| 377 | 385 |
| 378 switch (cipher) { | 386 switch (cipher) { |
| 379 case 13: // AES_128_GCM | 387 case 13: // AES_128_GCM |
| 380 case 14: // AES_256_GCM | 388 case 14: // AES_256_GCM |
| 381 case 17: // CHACHA20_POLY1305 | 389 case 17: // CHACHA20_POLY1305 |
| 382 break; | 390 break; |
| (...skipping 11 matching lines...) Expand all Loading... |
| 394 bool IsTLSCipherSuiteAllowedByHTTP2(uint16_t cipher_suite) { | 402 bool IsTLSCipherSuiteAllowedByHTTP2(uint16_t cipher_suite) { |
| 395 int key_exchange, cipher, mac; | 403 int key_exchange, cipher, mac; |
| 396 if (!GetCipherProperties(cipher_suite, &key_exchange, &cipher, &mac)) | 404 if (!GetCipherProperties(cipher_suite, &key_exchange, &cipher, &mac)) |
| 397 return false; | 405 return false; |
| 398 | 406 |
| 399 // Only allow forward secure key exchanges. | 407 // Only allow forward secure key exchanges. |
| 400 switch (key_exchange) { | 408 switch (key_exchange) { |
| 401 case 10: // DHE_RSA | 409 case 10: // DHE_RSA |
| 402 case 14: // ECDHE_ECDSA | 410 case 14: // ECDHE_ECDSA |
| 403 case 16: // ECDHE_RSA | 411 case 16: // ECDHE_RSA |
| 412 case 18: // CECPQ1_RSA |
| 413 case 19: // CECPQ1_ECDSA |
| 404 break; | 414 break; |
| 405 default: | 415 default: |
| 406 return false; | 416 return false; |
| 407 } | 417 } |
| 408 | 418 |
| 409 switch (cipher) { | 419 switch (cipher) { |
| 410 case 13: // AES_128_GCM | 420 case 13: // AES_128_GCM |
| 411 case 14: // AES_256_GCM | 421 case 14: // AES_256_GCM |
| 412 case 17: // CHACHA20_POLY1305 | 422 case 17: // CHACHA20_POLY1305 |
| 413 break; | 423 break; |
| (...skipping 16 matching lines...) Expand all Loading... |
| 430 case 14: // ECDHE_ECDSA | 440 case 14: // ECDHE_ECDSA |
| 431 case 16: // ECDHE_RSA | 441 case 16: // ECDHE_RSA |
| 432 break; | 442 break; |
| 433 default: | 443 default: |
| 434 return nullptr; | 444 return nullptr; |
| 435 } | 445 } |
| 436 return SSL_get_curve_name(key_exchange_info); | 446 return SSL_get_curve_name(key_exchange_info); |
| 437 } | 447 } |
| 438 | 448 |
| 439 } // namespace net | 449 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2012353002:
Add CECPQ1 ciphers to the cipher suites table. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master