net/ssl/ssl_cipher_suite_names.cc - Issue 291093002: Fail the SPDY transaction if it does not meet TLS base requirements.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/ssl/ssl_cipher_suite_names.cc

Issue 291093002: Fail the SPDY transaction if it does not meet TLS base requirements. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Rebase Created 6 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/ssl/ssl_cipher_suite_names.cc

diff --git a/net/ssl/ssl_cipher_suite_names.cc b/net/ssl/ssl_cipher_suite_names.cc

index f018857d25005fb21363f5b5e3a77f84832d768b..dccec6072a9a46e2a8a289b1f75ad44626dad3bd 100644

--- a/net/ssl/ssl_cipher_suite_names.cc

+++ b/net/ssl/ssl_cipher_suite_names.cc

@@ -345,4 +345,49 @@ bool ParseSSLCipherString(const std::string& cipher_string,

return false;

}

+bool IsModernTLSCipherSuite(uint16 cipher_suite) {

+ struct CipherSuite desired = {0};

wtc 2014/05/21 21:51:10 Nit: I know you copied this from existing code, bu

willchan no longer on Chromium 2014/05/21 22:55:22 Done.

+ desired.cipher_suite = cipher_suite;

+ void* r = bsearch(&desired,

+ kCipherSuites,

+ arraysize(kCipherSuites),

+ sizeof(kCipherSuites[0]),

+ CipherSuiteCmp);

wtc 2014/05/21 21:51:10 Nit: just wondering why this is formatted in a dif

willchan no longer on Chromium 2014/05/21 22:55:22 Yes.

+ if (!r)

+ return false;

+ const CipherSuite* cs = static_cast<const CipherSuite*>(r);

+ const int key_exchange = cs->encoded >> 8;

+ const int cipher = (cs->encoded >> 3) & 0x1f;

+ const int mac = cs->encoded & 0x7;

+ // Only allow forward secure key exchanges.

+ switch (key_exchange) {

+ case 10: // DHE_RSA

wtc 2014/05/21 21:51:10 Why do you not allow 8 (DHE_DSS)?

willchan no longer on Chromium 2014/05/21 22:55:22 agl@ tells me no one uses DSS.

+ case 14: // ECDHE_ECDSA

+ case 16: // ECDHE_RSA

+ break;

+ default:

+ return false;

+ }

+ switch (cipher) {

+ case 13: // AES_128_GCM

+ case 14: // AES_256_GCM

+ case 17: // CHACHA20_POLY1305

+ break;

+ default:

+ return false;

+ }

+ // Only AEADs allowed.

+ if (mac != kAEADMACValue)

+ return false;

+ return true;

} // namespace net

« net/ssl/ssl_cipher_suite_names.h ('K') | « net/ssl/ssl_cipher_suite_names.h ('k') | net/ssl/ssl_cipher_suite_names_unittest.cc » ('j') | net/ssl/ssl_connection_status_flags.h » ('J')