OLD | NEW |
---|---|
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/ssl/ssl_cipher_suite_names.h" | 5 #include "net/ssl/ssl_cipher_suite_names.h" |
6 | 6 |
7 #include <stdlib.h> | 7 #include <stdlib.h> |
8 | 8 |
9 #include "base/logging.h" | 9 #include "base/logging.h" |
10 #include "base/strings/string_number_conversions.h" | 10 #include "base/strings/string_number_conversions.h" |
11 #include "base/strings/string_util.h" | 11 #include "base/strings/string_util.h" |
12 #include "base/strings/stringprintf.h" | |
12 #include "net/ssl/ssl_connection_status_flags.h" | 13 #include "net/ssl/ssl_connection_status_flags.h" |
13 #include "third_party/boringssl/src/include/openssl/ssl.h" | 14 #include "third_party/boringssl/src/include/openssl/ssl.h" |
14 | 15 |
15 // Rather than storing the names of all the ciphersuites we eliminate the | 16 // Rather than storing the names of all the ciphersuites we eliminate the |
16 // redundancy and break each cipher suite into a key exchange method, cipher | 17 // redundancy and break each cipher suite into a key exchange method, cipher |
17 // and mac. For all the ciphersuites in the IANA registry, we extract each of | 18 // and mac. For all the ciphersuites in the IANA registry, we extract each of |
18 // those components from the name, number them and pack the result into a | 19 // those components from the name, number them and pack the result into a |
19 // 16-bit number thus: | 20 // 16-bit number thus: |
20 // (MSB to LSB) | 21 // (MSB to LSB) |
21 // <3 bits> unused | 22 // <3 bits> unused |
(...skipping 355 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
377 } | 378 } |
378 *cipher_str = kCipherNames[cipher].name; | 379 *cipher_str = kCipherNames[cipher].name; |
379 if (mac == kAEADMACValue) { | 380 if (mac == kAEADMACValue) { |
380 *is_aead = true; | 381 *is_aead = true; |
381 *mac_str = nullptr; | 382 *mac_str = nullptr; |
382 } else { | 383 } else { |
383 *mac_str = kMacNames[mac].name; | 384 *mac_str = kMacNames[mac].name; |
384 } | 385 } |
385 } | 386 } |
386 | 387 |
388 std::string SSLCipherSuiteToComposedString(uint16_t cipher_suite) { | |
389 int key_exchange, cipher, mac; | |
390 if (!GetCipherProperties(cipher_suite, &key_exchange, &cipher, &mac)) | |
391 return "UNKNOWN"; | |
392 | |
393 const char* prf; | |
394 switch (mac) { | |
395 case 1: | |
396 prf = "MD5"; | |
397 break; | |
398 case 2: | |
399 prf = "SHA"; | |
400 break; | |
401 case 3: | |
402 prf = "SHA256"; | |
403 break; | |
404 case 4: | |
405 prf = "SHA384"; | |
406 break; | |
407 case 7: // kAEADMACValue | |
408 if (cipher == 14 || cipher == 9) { // AES_256_GCM or AES_256_CBC | |
409 prf = "SHA384"; | |
410 break; | |
411 } | |
412 prf = "SHA256"; | |
413 break; | |
414 default: | |
415 NOTREACHED() << mac; | |
416 prf = "???"; | |
417 break; | |
418 } | |
419 | |
420 std::string composed = "TLS"; | |
421 if (key_exchange != kTLS13KeyExchangeValue) | |
422 composed += | |
423 base::StringPrintf("_%s_WITH", kKeyExchangeNames[key_exchange].name); | |
424 composed += base::StringPrintf("_%s_%s", kCipherNames[cipher].name, prf); | |
425 | |
426 return composed; | |
427 } | |
davidben
2016/12/07 15:31:45
I haven't looked at the rest yet, but the whole po
| |
428 | |
387 void SSLVersionToString(const char** name, int ssl_version) { | 429 void SSLVersionToString(const char** name, int ssl_version) { |
388 switch (ssl_version) { | 430 switch (ssl_version) { |
389 case SSL_CONNECTION_VERSION_SSL2: | 431 case SSL_CONNECTION_VERSION_SSL2: |
390 *name = "SSL 2.0"; | 432 *name = "SSL 2.0"; |
391 break; | 433 break; |
392 case SSL_CONNECTION_VERSION_SSL3: | 434 case SSL_CONNECTION_VERSION_SSL3: |
393 *name = "SSL 3.0"; | 435 *name = "SSL 3.0"; |
394 break; | 436 break; |
395 case SSL_CONNECTION_VERSION_TLS1: | 437 case SSL_CONNECTION_VERSION_TLS1: |
396 *name = "TLS 1.0"; | 438 *name = "TLS 1.0"; |
(...skipping 70 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
467 } | 509 } |
468 | 510 |
469 // Only AEADs allowed. | 511 // Only AEADs allowed. |
470 if (mac != kAEADMACValue) | 512 if (mac != kAEADMACValue) |
471 return false; | 513 return false; |
472 | 514 |
473 return true; | 515 return true; |
474 } | 516 } |
475 | 517 |
476 } // namespace net | 518 } // namespace net |
OLD | NEW |