OLD | NEW |
---|---|
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/ssl/ssl_cipher_suite_names.h" | 5 #include "net/ssl/ssl_cipher_suite_names.h" |
6 | 6 |
7 #include <stdlib.h> | 7 #include <stdlib.h> |
8 | 8 |
9 #include "base/logging.h" | 9 #include "base/logging.h" |
10 #include "base/strings/string_number_conversions.h" | 10 #include "base/strings/string_number_conversions.h" |
(...skipping 327 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
338 int value = 0; | 338 int value = 0; |
339 if (cipher_string.size() == 6 && | 339 if (cipher_string.size() == 6 && |
340 StartsWithASCII(cipher_string, "0x", false /* case insensitive */) && | 340 StartsWithASCII(cipher_string, "0x", false /* case insensitive */) && |
341 base::HexStringToInt(cipher_string, &value)) { | 341 base::HexStringToInt(cipher_string, &value)) { |
342 *cipher_suite = static_cast<uint16>(value); | 342 *cipher_suite = static_cast<uint16>(value); |
343 return true; | 343 return true; |
344 } | 344 } |
345 return false; | 345 return false; |
346 } | 346 } |
347 | 347 |
348 bool IsModernTLSCipherSuite(uint16 cipher_suite) { | |
349 struct CipherSuite desired = {0}; | |
wtc
2014/05/21 21:51:10
Nit: I know you copied this from existing code, bu
willchan no longer on Chromium
2014/05/21 22:55:22
Done.
| |
350 desired.cipher_suite = cipher_suite; | |
351 | |
352 void* r = bsearch(&desired, | |
353 kCipherSuites, | |
354 arraysize(kCipherSuites), | |
355 sizeof(kCipherSuites[0]), | |
356 CipherSuiteCmp); | |
wtc
2014/05/21 21:51:10
Nit: just wondering why this is formatted in a dif
willchan no longer on Chromium
2014/05/21 22:55:22
Yes.
| |
357 | |
358 if (!r) | |
359 return false; | |
360 | |
361 const CipherSuite* cs = static_cast<const CipherSuite*>(r); | |
362 | |
363 const int key_exchange = cs->encoded >> 8; | |
364 const int cipher = (cs->encoded >> 3) & 0x1f; | |
365 const int mac = cs->encoded & 0x7; | |
366 | |
367 // Only allow forward secure key exchanges. | |
368 switch (key_exchange) { | |
369 case 10: // DHE_RSA | |
wtc
2014/05/21 21:51:10
Why do you not allow 8 (DHE_DSS)?
willchan no longer on Chromium
2014/05/21 22:55:22
agl@ tells me no one uses DSS.
| |
370 case 14: // ECDHE_ECDSA | |
371 case 16: // ECDHE_RSA | |
372 break; | |
373 default: | |
374 return false; | |
375 } | |
376 | |
377 switch (cipher) { | |
378 case 13: // AES_128_GCM | |
379 case 14: // AES_256_GCM | |
380 case 17: // CHACHA20_POLY1305 | |
381 break; | |
382 default: | |
383 return false; | |
384 } | |
385 | |
386 // Only AEADs allowed. | |
387 if (mac != kAEADMACValue) | |
388 return false; | |
389 | |
390 return true; | |
391 } | |
392 | |
348 } // namespace net | 393 } // namespace net |
OLD | NEW |