diff options
author | lloyd <[email protected]> | 2014-11-03 23:08:58 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2014-11-03 23:08:58 +0000 |
commit | 85e0f9510fde42905e8d4883614ca1920a914c30 (patch) | |
tree | d4abfd9b004870c59330ff7424dabc323d112669 | |
parent | bcd83686c3daed38974d1f9b533c07d35c5a7476 (diff) |
Cleanup handling of TLS AEAD nonce sizes, push all knowledge of what
the nonce sizes should be down to the ciphersuite generating script.
-rw-r--r-- | src/lib/tls/tls_ciphersuite.cpp | 10 | ||||
-rw-r--r-- | src/lib/tls/tls_ciphersuite.h | 24 | ||||
-rw-r--r-- | src/lib/tls/tls_record.cpp | 28 | ||||
-rw-r--r-- | src/lib/tls/tls_record.h | 5 | ||||
-rw-r--r-- | src/lib/tls/tls_session_key.cpp | 10 | ||||
-rw-r--r-- | src/lib/tls/tls_suite_info.cpp | 302 | ||||
-rwxr-xr-x | src/scripts/tls_suite_info.py | 7 |
7 files changed, 197 insertions, 189 deletions
diff --git a/src/lib/tls/tls_ciphersuite.cpp b/src/lib/tls/tls_ciphersuite.cpp index 4c9b204a6..e6a69126c 100644 --- a/src/lib/tls/tls_ciphersuite.cpp +++ b/src/lib/tls/tls_ciphersuite.cpp @@ -66,18 +66,20 @@ Ciphersuite::Ciphersuite(u16bit ciphersuite_code, const char* kex_algo, const char* cipher_algo, size_t cipher_keylen, - size_t cipher_ivlen, + size_t exp_nonce_bytes, + size_t imp_nonce_bytes, const char* mac_algo, size_t mac_keylen, const char* prf_algo) : m_ciphersuite_code(ciphersuite_code), m_sig_algo(sig_algo), m_kex_algo(kex_algo), - m_cipher_algo(cipher_algo), - m_mac_algo(mac_algo), m_prf_algo(prf_algo), + m_cipher_algo(cipher_algo), m_cipher_keylen(cipher_keylen), - m_cipher_ivlen(cipher_ivlen), + m_explicit_nonce_bytes(exp_nonce_bytes), + m_implicit_nonce_bytes(imp_nonce_bytes), + m_mac_algo(mac_algo), m_mac_keylen(mac_keylen) { } diff --git a/src/lib/tls/tls_ciphersuite.h b/src/lib/tls/tls_ciphersuite.h index f6f1f35f8..e92eafd5f 100644 --- a/src/lib/tls/tls_ciphersuite.h +++ b/src/lib/tls/tls_ciphersuite.h @@ -72,24 +72,24 @@ class BOTAN_DLL Ciphersuite /** * @return key exchange algorithm used by this ciphersuite */ - std::string kex_algo() const { return m_kex_algo; } + const std::string& kex_algo() const { return m_kex_algo; } /** * @return signature algorithm used by this ciphersuite */ - std::string sig_algo() const { return m_sig_algo; } + const std::string& sig_algo() const { return m_sig_algo; } /** * @return symmetric cipher algorithm used by this ciphersuite */ - std::string cipher_algo() const { return m_cipher_algo; } + const std::string& cipher_algo() const { return m_cipher_algo; } /** * @return message authentication algorithm used by this ciphersuite */ - std::string mac_algo() const { return m_mac_algo; } + const std::string& mac_algo() const { return m_mac_algo; } - std::string prf_algo() const + const std::string& prf_algo() const { return (m_prf_algo != "") ? m_prf_algo : m_mac_algo; } @@ -99,7 +99,9 @@ class BOTAN_DLL Ciphersuite */ size_t cipher_keylen() const { return m_cipher_keylen; } - size_t cipher_ivlen() const { return m_cipher_ivlen; } + size_t explicit_nonce_bytes() const { return m_explicit_nonce_bytes; } + + size_t implicit_nonce_bytes() const { return m_implicit_nonce_bytes; } size_t mac_keylen() const { return m_mac_keylen; } @@ -117,7 +119,8 @@ class BOTAN_DLL Ciphersuite const char* kex_algo, const char* cipher_algo, size_t cipher_keylen, - size_t cipher_ivlen, + size_t explicit_nonce_bytes, + size_t implicit_nonce_bytes, const char* mac_algo, size_t mac_keylen, const char* prf_algo = ""); @@ -126,12 +129,13 @@ class BOTAN_DLL Ciphersuite std::string m_sig_algo; std::string m_kex_algo; - std::string m_cipher_algo; - std::string m_mac_algo; std::string m_prf_algo; + std::string m_cipher_algo; size_t m_cipher_keylen = 0; - size_t m_cipher_ivlen = 0; + size_t m_explicit_nonce_bytes = 0, m_implicit_nonce_bytes = 0; + + std::string m_mac_algo; size_t m_mac_keylen = 0; }; diff --git a/src/lib/tls/tls_record.cpp b/src/lib/tls/tls_record.cpp index be0777573..67bf9933d 100644 --- a/src/lib/tls/tls_record.cpp +++ b/src/lib/tls/tls_record.cpp @@ -25,6 +25,8 @@ Connection_Cipher_State::Connection_Cipher_State(Protocol_Version version, const Ciphersuite& suite, const Session_Keys& keys) : m_start_time(std::chrono::system_clock::now()), + m_implicit_nonce_size(suite.implicit_nonce_bytes()), + m_explicit_nonce_size(suite.explicit_nonce_bytes()), m_is_ssl3(version == Protocol_Version::SSL_V3) { SymmetricKey mac_key, cipher_key; @@ -51,9 +53,9 @@ Connection_Cipher_State::Connection_Cipher_State(Protocol_Version version, m_aead.reset(aead); m_aead->set_key(cipher_key + mac_key); - BOTAN_ASSERT(iv.length() == 4, "Using 4/8 partial implicit nonce"); + BOTAN_ASSERT(iv.length() == explicit_nonce_bytes(), "Matching nonce sizes"); m_nonce = iv.bits_of(); - m_nonce.resize(12); + m_nonce.resize(implicit_nonce_bytes() + explicit_nonce_bytes()); return; } @@ -87,19 +89,15 @@ Connection_Cipher_State::Connection_Cipher_State(Protocol_Version version, const secure_vector<byte>& Connection_Cipher_State::aead_nonce(u64bit seq) { - BOTAN_ASSERT(m_aead, "Using AEAD mode"); - BOTAN_ASSERT(m_nonce.size() == 12, "Expected nonce size"); - store_be(seq, &m_nonce[4]); + store_be(seq, &m_nonce[explicit_nonce_bytes()]); return m_nonce; } const secure_vector<byte>& Connection_Cipher_State::aead_nonce(const byte record[], size_t record_len) { - BOTAN_ASSERT(m_aead, "Using AEAD mode"); - BOTAN_ASSERT(m_nonce.size() == 12, "Expected nonce size"); - BOTAN_ASSERT(record_len >= 8, "Record includes nonce"); - copy_mem(&m_nonce[4], record, 8); + BOTAN_ASSERT(record_len >= implicit_nonce_bytes(), "Record includes nonce"); + copy_mem(&m_nonce[explicit_nonce_bytes()], record, implicit_nonce_bytes()); return m_nonce; } @@ -160,14 +158,14 @@ void write_record(secure_vector<byte>& output, const size_t ctext_size = aead->output_length(msg_length); auto nonce = cipherstate->aead_nonce(msg_sequence); - const size_t implicit_nonce_bytes = 4; // FIXME, take from ciphersuite - const size_t explicit_nonce_bytes = 8; + const size_t implicit_nonce_bytes = cipherstate->implicit_nonce_bytes(); + const size_t explicit_nonce_bytes = cipherstate->explicit_nonce_bytes(); BOTAN_ASSERT(nonce.size() == implicit_nonce_bytes + explicit_nonce_bytes, "Expected nonce size"); // wrong if start_vec returns something - const size_t rec_size = ctext_size + explicit_nonce_bytes; + const size_t rec_size = ctext_size + implicit_nonce_bytes; BOTAN_ASSERT(rec_size <= 0xFFFF, "Ciphertext length fits in field"); @@ -178,8 +176,8 @@ void write_record(secure_vector<byte>& output, cipherstate->format_ad(msg_sequence, msg_type, version, msg_length) ); - output += std::make_pair(&nonce[implicit_nonce_bytes], explicit_nonce_bytes); - output += aead->start_vec(nonce); + output += std::make_pair(&nonce[explicit_nonce_bytes], implicit_nonce_bytes); + BOTAN_ASSERT(aead->start_vec(nonce).empty(), "AEAD doesn't return anything from start"); const size_t offset = output.size(); output += std::make_pair(&msg[0], msg_length); @@ -388,7 +386,7 @@ void decrypt_record(secure_vector<byte>& output, if(AEAD_Mode* aead = cipherstate.aead()) { auto nonce = cipherstate.aead_nonce(record_contents, record_len); - const size_t nonce_length = 8; // fixme, take from ciphersuite + const size_t nonce_length = cipherstate.implicit_nonce_bytes(); BOTAN_ASSERT(record_len > nonce_length, "Have data past the nonce"); const byte* msg = &record_contents[nonce_length]; diff --git a/src/lib/tls/tls_record.h b/src/lib/tls/tls_record.h index fb727753a..8431e68c0 100644 --- a/src/lib/tls/tls_record.h +++ b/src/lib/tls/tls_record.h @@ -65,7 +65,9 @@ class Connection_Cipher_State size_t iv_size() const { return m_iv_size; } - bool mac_includes_record_version() const { return !m_is_ssl3; } + size_t implicit_nonce_bytes() const { return m_implicit_nonce_size; } + + size_t explicit_nonce_bytes() const { return m_explicit_nonce_size; } bool cipher_padding_single_byte() const { return m_is_ssl3; } @@ -89,6 +91,7 @@ class Connection_Cipher_State secure_vector<byte> m_nonce, m_ad; size_t m_block_size = 0; + size_t m_implicit_nonce_size = 0, m_explicit_nonce_size = 0; size_t m_iv_size = 0; bool m_is_ssl3 = false; }; diff --git a/src/lib/tls/tls_session_key.cpp b/src/lib/tls/tls_session_key.cpp index 8bf0c94c1..4c09b29fd 100644 --- a/src/lib/tls/tls_session_key.cpp +++ b/src/lib/tls/tls_session_key.cpp @@ -22,9 +22,9 @@ Session_Keys::Session_Keys(const Handshake_State* state, { const size_t cipher_keylen = state->ciphersuite().cipher_keylen(); const size_t mac_keylen = state->ciphersuite().mac_keylen(); - const size_t cipher_ivlen = state->ciphersuite().cipher_ivlen(); + const size_t cipher_nonce_bytes = state->ciphersuite().explicit_nonce_bytes(); - const size_t prf_gen = 2 * (mac_keylen + cipher_keylen + cipher_ivlen); + const size_t prf_gen = 2 * (mac_keylen + cipher_keylen + cipher_nonce_bytes); const byte MASTER_SECRET_MAGIC[] = { 0x6D, 0x61, 0x73, 0x74, 0x65, 0x72, 0x20, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74 }; @@ -73,10 +73,10 @@ Session_Keys::Session_Keys(const Handshake_State* state, s_cipher = SymmetricKey(key_data, cipher_keylen); key_data += cipher_keylen; - c_iv = InitializationVector(key_data, cipher_ivlen); - key_data += cipher_ivlen; + c_iv = InitializationVector(key_data, cipher_nonce_bytes); + key_data += cipher_nonce_bytes; - s_iv = InitializationVector(key_data, cipher_ivlen); + s_iv = InitializationVector(key_data, cipher_nonce_bytes); } } diff --git a/src/lib/tls/tls_suite_info.cpp b/src/lib/tls/tls_suite_info.cpp index 22f3816c2..b19986dff 100644 --- a/src/lib/tls/tls_suite_info.cpp +++ b/src/lib/tls/tls_suite_info.cpp @@ -2,8 +2,8 @@ * TLS cipher suite information * * This file was automatically generated from the IANA assignments -* (tls-parameters.txt hash 1e63beca8c58c58b71b68c5fd47fd6cffd9f2d79) -* by ./src/scripts/tls_suite_info.py on 2014-04-05 +* (tls-parameters.txt hash 4bc98b6f75ad5b63952b5f457fa7adbfef60f095) +* by ./src/scripts/tls_suite_info.py on 2014-11-03 * * Released under the terms of the Botan license */ @@ -19,451 +19,451 @@ Ciphersuite Ciphersuite::by_id(u16bit suite) switch(suite) { case 0x0013: // DHE_DSS_WITH_3DES_EDE_CBC_SHA - return Ciphersuite(0x0013, "DSA", "DH", "3DES", 24, 8, "SHA-1", 20); + return Ciphersuite(0x0013, "DSA", "DH", "3DES", 24, 8, 0, "SHA-1", 20); case 0x0032: // DHE_DSS_WITH_AES_128_CBC_SHA - return Ciphersuite(0x0032, "DSA", "DH", "AES-128", 16, 16, "SHA-1", 20); + return Ciphersuite(0x0032, "DSA", "DH", "AES-128", 16, 16, 0, "SHA-1", 20); case 0x0040: // DHE_DSS_WITH_AES_128_CBC_SHA256 - return Ciphersuite(0x0040, "DSA", "DH", "AES-128", 16, 16, "SHA-256", 32); + return Ciphersuite(0x0040, "DSA", "DH", "AES-128", 16, 16, 0, "SHA-256", 32); case 0x00A2: // DHE_DSS_WITH_AES_128_GCM_SHA256 - return Ciphersuite(0x00A2, "DSA", "DH", "AES-128/GCM", 16, 4, "AEAD", 0, "SHA-256"); + return Ciphersuite(0x00A2, "DSA", "DH", "AES-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"); case 0x0038: // DHE_DSS_WITH_AES_256_CBC_SHA - return Ciphersuite(0x0038, "DSA", "DH", "AES-256", 32, 16, "SHA-1", 20); + return Ciphersuite(0x0038, "DSA", "DH", "AES-256", 32, 16, 0, "SHA-1", 20); case 0x006A: // DHE_DSS_WITH_AES_256_CBC_SHA256 - return Ciphersuite(0x006A, "DSA", "DH", "AES-256", 32, 16, "SHA-256", 32); + return Ciphersuite(0x006A, "DSA", "DH", "AES-256", 32, 16, 0, "SHA-256", 32); case 0x00A3: // DHE_DSS_WITH_AES_256_GCM_SHA384 - return Ciphersuite(0x00A3, "DSA", "DH", "AES-256/GCM", 32, 4, "AEAD", 0, "SHA-384"); + return Ciphersuite(0x00A3, "DSA", "DH", "AES-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"); case 0x0044: // DHE_DSS_WITH_CAMELLIA_128_CBC_SHA - return Ciphersuite(0x0044, "DSA", "DH", "Camellia-128", 16, 16, "SHA-1", 20); + return Ciphersuite(0x0044, "DSA", "DH", "Camellia-128", 16, 16, 0, "SHA-1", 20); case 0x00BD: // DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 - return Ciphersuite(0x00BD, "DSA", "DH", "Camellia-128", 16, 16, "SHA-256", 32); + return Ciphersuite(0x00BD, "DSA", "DH", "Camellia-128", 16, 16, 0, "SHA-256", 32); case 0xC080: // DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256 - return Ciphersuite(0xC080, "DSA", "DH", "Camellia-128/GCM", 16, 4, "AEAD", 0, "SHA-256"); + return Ciphersuite(0xC080, "DSA", "DH", "Camellia-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"); case 0x0087: // DHE_DSS_WITH_CAMELLIA_256_CBC_SHA - return Ciphersuite(0x0087, "DSA", "DH", "Camellia-256", 32, 16, "SHA-1", 20); + return Ciphersuite(0x0087, "DSA", "DH", "Camellia-256", 32, 16, 0, "SHA-1", 20); case 0x00C3: // DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 - return Ciphersuite(0x00C3, "DSA", "DH", "Camellia-256", 32, 16, "SHA-256", 32); + return Ciphersuite(0x00C3, "DSA", "DH", "Camellia-256", 32, 16, 0, "SHA-256", 32); case 0xC081: // DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384 - return Ciphersuite(0xC081, "DSA", "DH", "Camellia-256/GCM", 32, 4, "AEAD", 0, "SHA-384"); + return Ciphersuite(0xC081, "DSA", "DH", "Camellia-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"); case 0x0066: // DHE_DSS_WITH_RC4_128_SHA - return Ciphersuite(0x0066, "DSA", "DH", "RC4", 16, 0, "SHA-1", 20); + return Ciphersuite(0x0066, "DSA", "DH", "RC4", 16, 0, 0, "SHA-1", 20); case 0x0099: // DHE_DSS_WITH_SEED_CBC_SHA - return Ciphersuite(0x0099, "DSA", "DH", "SEED", 16, 16, "SHA-1", 20); + return Ciphersuite(0x0099, "DSA", "DH", "SEED", 16, 16, 0, "SHA-1", 20); case 0x008F: // DHE_PSK_WITH_3DES_EDE_CBC_SHA - return Ciphersuite(0x008F, "", "DHE_PSK", "3DES", 24, 8, "SHA-1", 20); + return Ciphersuite(0x008F, "", "DHE_PSK", "3DES", 24, 8, 0, "SHA-1", 20); case 0x0090: // DHE_PSK_WITH_AES_128_CBC_SHA - return Ciphersuite(0x0090, "", "DHE_PSK", "AES-128", 16, 16, "SHA-1", 20); + return Ciphersuite(0x0090, "", "DHE_PSK", "AES-128", 16, 16, 0, "SHA-1", 20); case 0x00B2: // DHE_PSK_WITH_AES_128_CBC_SHA256 - return Ciphersuite(0x00B2, "", "DHE_PSK", "AES-128", 16, 16, "SHA-256", 32); + return Ciphersuite(0x00B2, "", "DHE_PSK", "AES-128", 16, 16, 0, "SHA-256", 32); case 0xC0A6: // DHE_PSK_WITH_AES_128_CCM - return Ciphersuite(0xC0A6, "", "DHE_PSK", "AES-128/CCM", 16, 4, "AEAD", 0, "SHA-256"); + return Ciphersuite(0xC0A6, "", "DHE_PSK", "AES-128/CCM", 16, 4, 8, "AEAD", 0, "SHA-256"); case 0x00AA: // DHE_PSK_WITH_AES_128_GCM_SHA256 - return Ciphersuite(0x00AA, "", "DHE_PSK", "AES-128/GCM", 16, 4, "AEAD", 0, "SHA-256"); + return Ciphersuite(0x00AA, "", "DHE_PSK", "AES-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"); case 0x0091: // DHE_PSK_WITH_AES_256_CBC_SHA - return Ciphersuite(0x0091, "", "DHE_PSK", "AES-256", 32, 16, "SHA-1", 20); + return Ciphersuite(0x0091, "", "DHE_PSK", "AES-256", 32, 16, 0, "SHA-1", 20); case 0x00B3: // DHE_PSK_WITH_AES_256_CBC_SHA384 - return Ciphersuite(0x00B3, "", "DHE_PSK", "AES-256", 32, 16, "SHA-384", 48); + return Ciphersuite(0x00B3, "", "DHE_PSK", "AES-256", 32, 16, 0, "SHA-384", 48); case 0xC0A7: // DHE_PSK_WITH_AES_256_CCM - return Ciphersuite(0xC0A7, "", "DHE_PSK", "AES-256/CCM", 32, 4, "AEAD", 0, "SHA-256"); + return Ciphersuite(0xC0A7, "", "DHE_PSK", "AES-256/CCM", 32, 4, 8, "AEAD", 0, "SHA-256"); case 0x00AB: // DHE_PSK_WITH_AES_256_GCM_SHA384 - return Ciphersuite(0x00AB, "", "DHE_PSK", "AES-256/GCM", 32, 4, "AEAD", 0, "SHA-384"); + return Ciphersuite(0x00AB, "", "DHE_PSK", "AES-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"); case 0xC096: // DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 - return Ciphersuite(0xC096, "", "DHE_PSK", "Camellia-128", 16, 16, "SHA-256", 32); + return Ciphersuite(0xC096, "", "DHE_PSK", "Camellia-128", 16, 16, 0, "SHA-256", 32); case 0xC090: // DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 - return Ciphersuite(0xC090, "", "DHE_PSK", "Camellia-128/GCM", 16, 4, "AEAD", 0, "SHA-256"); + return Ciphersuite(0xC090, "", "DHE_PSK", "Camellia-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"); case 0xC097: // DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 - return Ciphersuite(0xC097, "", "DHE_PSK", "Camellia-256", 32, 16, "SHA-384", 48); + return Ciphersuite(0xC097, "", "DHE_PSK", "Camellia-256", 32, 16, 0, "SHA-384", 48); case 0xC091: // DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 - return Ciphersuite(0xC091, "", "DHE_PSK", "Camellia-256/GCM", 32, 4, "AEAD", 0, "SHA-384"); + return Ciphersuite(0xC091, "", "DHE_PSK", "Camellia-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"); case 0x008E: // DHE_PSK_WITH_RC4_128_SHA - return Ciphersuite(0x008E, "", "DHE_PSK", "RC4", 16, 0, "SHA-1", 20); + return Ciphersuite(0x008E, "", "DHE_PSK", "RC4", 16, 0, 0, "SHA-1", 20); case 0x0016: // DHE_RSA_WITH_3DES_EDE_CBC_SHA - return Ciphersuite(0x0016, "RSA", "DH", "3DES", 24, 8, "SHA-1", 20); + return Ciphersuite(0x0016, "RSA", "DH", "3DES", 24, 8, 0, "SHA-1", 20); case 0x0033: // DHE_RSA_WITH_AES_128_CBC_SHA - return Ciphersuite(0x0033, "RSA", "DH", "AES-128", 16, 16, "SHA-1", 20); + return Ciphersuite(0x0033, "RSA", "DH", "AES-128", 16, 16, 0, "SHA-1", 20); case 0x0067: // DHE_RSA_WITH_AES_128_CBC_SHA256 - return Ciphersuite(0x0067, "RSA", "DH", "AES-128", 16, 16, "SHA-256", 32); + return Ciphersuite(0x0067, "RSA", "DH", "AES-128", 16, 16, 0, "SHA-256", 32); case 0xC09E: // DHE_RSA_WITH_AES_128_CCM - return Ciphersuite(0xC09E, "RSA", "DH", "AES-128/CCM", 16, 4, "AEAD", 0, "SHA-256"); + return Ciphersuite(0xC09E, "RSA", "DH", "AES-128/CCM", 16, 4, 8, "AEAD", 0, "SHA-256"); case 0xC0A2: // DHE_RSA_WITH_AES_128_CCM_8 - return Ciphersuite(0xC0A2, "RSA", "DH", "AES-128/CCM-8", 16, 4, "AEAD", 0, "SHA-256"); + return Ciphersuite(0xC0A2, "RSA", "DH", "AES-128/CCM-8", 16, 4, 8, "AEAD", 0, "SHA-256"); case 0x009E: // DHE_RSA_WITH_AES_128_GCM_SHA256 - return Ciphersuite(0x009E, "RSA", "DH", "AES-128/GCM", 16, 4, "AEAD", 0, "SHA-256"); + return Ciphersuite(0x009E, "RSA", "DH", "AES-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"); case 0x0039: // DHE_RSA_WITH_AES_256_CBC_SHA - return Ciphersuite(0x0039, "RSA", "DH", "AES-256", 32, 16, "SHA-1", 20); + return Ciphersuite(0x0039, "RSA", "DH", "AES-256", 32, 16, 0, "SHA-1", 20); case 0x006B: // DHE_RSA_WITH_AES_256_CBC_SHA256 - return Ciphersuite(0x006B, "RSA", "DH", "AES-256", 32, 16, "SHA-256", 32); + return Ciphersuite(0x006B, "RSA", "DH", "AES-256", 32, 16, 0, "SHA-256", 32); case 0xC09F: // DHE_RSA_WITH_AES_256_CCM - return Ciphersuite(0xC09F, "RSA", "DH", "AES-256/CCM", 32, 4, "AEAD", 0, "SHA-256"); + return Ciphersuite(0xC09F, "RSA", "DH", "AES-256/CCM", 32, 4, 8, "AEAD", 0, "SHA-256"); case 0xC0A3: // DHE_RSA_WITH_AES_256_CCM_8 - return Ciphersuite(0xC0A3, "RSA", "DH", "AES-256/CCM-8", 32, 4, "AEAD", 0, "SHA-256"); + return Ciphersuite(0xC0A3, "RSA", "DH", "AES-256/CCM-8", 32, 4, 8, "AEAD", 0, "SHA-256"); case 0x009F: // DHE_RSA_WITH_AES_256_GCM_SHA384 - return Ciphersuite(0x009F, "RSA", "DH", "AES-256/GCM", 32, 4, "AEAD", 0, "SHA-384"); + return Ciphersuite(0x009F, "RSA", "DH", "AES-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"); case 0x0045: // DHE_RSA_WITH_CAMELLIA_128_CBC_SHA - return Ciphersuite(0x0045, "RSA", "DH", "Camellia-128", 16, 16, "SHA-1", 20); + return Ciphersuite(0x0045, "RSA", "DH", "Camellia-128", 16, 16, 0, "SHA-1", 20); case 0x00BE: // DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 - return Ciphersuite(0x00BE, "RSA", "DH", "Camellia-128", 16, 16, "SHA-256", 32); + return Ciphersuite(0x00BE, "RSA", "DH", "Camellia-128", 16, 16, 0, "SHA-256", 32); case 0xC07C: // DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 - return Ciphersuite(0xC07C, "RSA", "DH", "Camellia-128/GCM", 16, 4, "AEAD", 0, "SHA-256"); + return Ciphersuite(0xC07C, "RSA", "DH", "Camellia-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"); case 0x0088: // DHE_RSA_WITH_CAMELLIA_256_CBC_SHA - return Ciphersuite(0x0088, "RSA", "DH", "Camellia-256", 32, 16, "SHA-1", 20); + return Ciphersuite(0x0088, "RSA", "DH", "Camellia-256", 32, 16, 0, "SHA-1", 20); case 0x00C4: // DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 - return Ciphersuite(0x00C4, "RSA", "DH", "Camellia-256", 32, 16, "SHA-256", 32); + return Ciphersuite(0x00C4, "RSA", "DH", "Camellia-256", 32, 16, 0, "SHA-256", 32); case 0xC07D: // DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 - return Ciphersuite(0xC07D, "RSA", "DH", "Camellia-256/GCM", 32, 4, "AEAD", 0, "SHA-384"); + return Ciphersuite(0xC07D, "RSA", "DH", "Camellia-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"); case 0x009A: // DHE_RSA_WITH_SEED_CBC_SHA - return Ciphersuite(0x009A, "RSA", "DH", "SEED", 16, 16, "SHA-1", 20); + return Ciphersuite(0x009A, "RSA", "DH", "SEED", 16, 16, 0, "SHA-1", 20); case 0x001B: // DH_anon_WITH_3DES_EDE_CBC_SHA - return Ciphersuite(0x001B, "", "DH", "3DES", 24, 8, "SHA-1", 20); + return Ciphersuite(0x001B, "", "DH", "3DES", 24, 8, 0, "SHA-1", 20); case 0x0034: // DH_anon_WITH_AES_128_CBC_SHA - return Ciphersuite(0x0034, "", "DH", "AES-128", 16, 16, "SHA-1", 20); + return Ciphersuite(0x0034, "", "DH", "AES-128", 16, 16, 0, "SHA-1", 20); case 0x006C: // DH_anon_WITH_AES_128_CBC_SHA256 - return Ciphersuite(0x006C, "", "DH", "AES-128", 16, 16, "SHA-256", 32); + return Ciphersuite(0x006C, "", "DH", "AES-128", 16, 16, 0, "SHA-256", 32); case 0x00A6: // DH_anon_WITH_AES_128_GCM_SHA256 - return Ciphersuite(0x00A6, "", "DH", "AES-128/GCM", 16, 4, "AEAD", 0, "SHA-256"); + return Ciphersuite(0x00A6, "", "DH", "AES-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"); case 0x003A: // DH_anon_WITH_AES_256_CBC_SHA - return Ciphersuite(0x003A, "", "DH", "AES-256", 32, 16, "SHA-1", 20); + return Ciphersuite(0x003A, "", "DH", "AES-256", 32, 16, 0, "SHA-1", 20); case 0x006D: // DH_anon_WITH_AES_256_CBC_SHA256 - return Ciphersuite(0x006D, "", "DH", "AES-256", 32, 16, "SHA-256", 32); + return Ciphersuite(0x006D, "", "DH", "AES-256", 32, 16, 0, "SHA-256", 32); case 0x00A7: // DH_anon_WITH_AES_256_GCM_SHA384 - return Ciphersuite(0x00A7, "", "DH", "AES-256/GCM", 32, 4, "AEAD", 0, "SHA-384"); + return Ciphersuite(0x00A7, "", "DH", "AES-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"); case 0x0046: // DH_anon_WITH_CAMELLIA_128_CBC_SHA - return Ciphersuite(0x0046, "", "DH", "Camellia-128", 16, 16, "SHA-1", 20); + return Ciphersuite(0x0046, "", "DH", "Camellia-128", 16, 16, 0, "SHA-1", 20); case 0x00BF: // DH_anon_WITH_CAMELLIA_128_CBC_SHA256 - return Ciphersuite(0x00BF, "", "DH", "Camellia-128", 16, 16, "SHA-256", 32); + return Ciphersuite(0x00BF, "", "DH", "Camellia-128", 16, 16, 0, "SHA-256", 32); case 0xC084: // DH_anon_WITH_CAMELLIA_128_GCM_SHA256 - return Ciphersuite(0xC084, "", "DH", "Camellia-128/GCM", 16, 4, "AEAD", 0, "SHA-256"); + return Ciphersuite(0xC084, "", "DH", "Camellia-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"); case 0x0089: // DH_anon_WITH_CAMELLIA_256_CBC_SHA - return Ciphersuite(0x0089, "", "DH", "Camellia-256", 32, 16, "SHA-1", 20); + return Ciphersuite(0x0089, "", "DH", "Camellia-256", 32, 16, 0, "SHA-1", 20); case 0x00C5: // DH_anon_WITH_CAMELLIA_256_CBC_SHA256 - return Ciphersuite(0x00C5, "", "DH", "Camellia-256", 32, 16, "SHA-256", 32); + return Ciphersuite(0x00C5, "", "DH", "Camellia-256", 32, 16, 0, "SHA-256", 32); case 0xC085: // DH_anon_WITH_CAMELLIA_256_GCM_SHA384 - return Ciphersuite(0xC085, "", "DH", "Camellia-256/GCM", 32, 4, "AEAD", 0, "SHA-384"); + return Ciphersuite(0xC085, "", "DH", "Camellia-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"); case 0x0018: // DH_anon_WITH_RC4_128_MD5 - return Ciphersuite(0x0018, "", "DH", "RC4", 16, 0, "MD5", 16); + return Ciphersuite(0x0018, "", "DH", "RC4", 16, 0, 0, "MD5", 16); case 0x009B: // DH_anon_WITH_SEED_CBC_SHA - return Ciphersuite(0x009B, "", "DH", "SEED", 16, 16, "SHA-1", 20); + return Ciphersuite(0x009B, "", "DH", "SEED", 16, 16, 0, "SHA-1", 20); case 0xC008: // ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA - return Ciphersuite(0xC008, "ECDSA", "ECDH", "3DES", 24, 8, "SHA-1", 20); + return Ciphersuite(0xC008, "ECDSA", "ECDH", "3DES", 24, 8, 0, "SHA-1", 20); case 0xC009: // ECDHE_ECDSA_WITH_AES_128_CBC_SHA - return Ciphersuite(0xC009, "ECDSA", "ECDH", "AES-128", 16, 16, "SHA-1", 20); + return Ciphersuite(0xC009, "ECDSA", "ECDH", "AES-128", 16, 16, 0, "SHA-1", 20); case 0xC023: // ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 - return Ciphersuite(0xC023, "ECDSA", "ECDH", "AES-128", 16, 16, "SHA-256", 32); + return Ciphersuite(0xC023, "ECDSA", "ECDH", "AES-128", 16, 16, 0, "SHA-256", 32); case 0xC0AC: // ECDHE_ECDSA_WITH_AES_128_CCM - return Ciphersuite(0xC0AC, "ECDSA", "ECDH", "AES-128/CCM", 16, 4, "AEAD", 0, "SHA-256"); + return Ciphersuite(0xC0AC, "ECDSA", "ECDH", "AES-128/CCM", 16, 4, 8, "AEAD", 0, "SHA-256"); case 0xC0AE: // ECDHE_ECDSA_WITH_AES_128_CCM_8 - return Ciphersuite(0xC0AE, "ECDSA", "ECDH", "AES-128/CCM-8", 16, 4, "AEAD", 0, "SHA-256"); + return Ciphersuite(0xC0AE, "ECDSA", "ECDH", "AES-128/CCM-8", 16, 4, 8, "AEAD", 0, "SHA-256"); case 0xC02B: // ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - return Ciphersuite(0xC02B, "ECDSA", "ECDH", "AES-128/GCM", 16, 4, "AEAD", 0, "SHA-256"); + return Ciphersuite(0xC02B, "ECDSA", "ECDH", "AES-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"); case 0xC00A: // ECDHE_ECDSA_WITH_AES_256_CBC_SHA - return Ciphersuite(0xC00A, "ECDSA", "ECDH", "AES-256", 32, 16, "SHA-1", 20); + return Ciphersuite(0xC00A, "ECDSA", "ECDH", "AES-256", 32, 16, 0, "SHA-1", 20); case 0xC024: // ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 - return Ciphersuite(0xC024, "ECDSA", "ECDH", "AES-256", 32, 16, "SHA-384", 48); + return Ciphersuite(0xC024, "ECDSA", "ECDH", "AES-256", 32, 16, 0, "SHA-384", 48); case 0xC0AD: // ECDHE_ECDSA_WITH_AES_256_CCM - return Ciphersuite(0xC0AD, "ECDSA", "ECDH", "AES-256/CCM", 32, 4, "AEAD", 0, "SHA-256"); + return Ciphersuite(0xC0AD, "ECDSA", "ECDH", "AES-256/CCM", 32, 4, 8, "AEAD", 0, "SHA-256"); case 0xC0AF: // ECDHE_ECDSA_WITH_AES_256_CCM_8 - return Ciphersuite(0xC0AF, "ECDSA", "ECDH", "AES-256/CCM-8", 32, 4, "AEAD", 0, "SHA-256"); + return Ciphersuite(0xC0AF, "ECDSA", "ECDH", "AES-256/CCM-8", 32, 4, 8, "AEAD", 0, "SHA-256"); case 0xC02C: // ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - return Ciphersuite(0xC02C, "ECDSA", "ECDH", "AES-256/GCM", 32, 4, "AEAD", 0, "SHA-384"); + return Ciphersuite(0xC02C, "ECDSA", "ECDH", "AES-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"); case 0xC072: // ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 - return Ciphersuite(0xC072, "ECDSA", "ECDH", "Camellia-128", 16, 16, "SHA-256", 32); + return Ciphersuite(0xC072, "ECDSA", "ECDH", "Camellia-128", 16, 16, 0, "SHA-256", 32); case 0xC086: // ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 - return Ciphersuite(0xC086, "ECDSA", "ECDH", "Camellia-128/GCM", 16, 4, "AEAD", 0, "SHA-256"); + return Ciphersuite(0xC086, "ECDSA", "ECDH", "Camellia-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"); case 0xC073: // ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 - return Ciphersuite(0xC073, "ECDSA", "ECDH", "Camellia-256", 32, 16, "SHA-384", 48); + return Ciphersuite(0xC073, "ECDSA", "ECDH", "Camellia-256", 32, 16, 0, "SHA-384", 48); case 0xC087: // ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 - return Ciphersuite(0xC087, "ECDSA", "ECDH", "Camellia-256/GCM", 32, 4, "AEAD", 0, "SHA-384"); + return Ciphersuite(0xC087, "ECDSA", "ECDH", "Camellia-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"); case 0xC007: // ECDHE_ECDSA_WITH_RC4_128_SHA - return Ciphersuite(0xC007, "ECDSA", "ECDH", "RC4", 16, 0, "SHA-1", 20); + return Ciphersuite(0xC007, "ECDSA", "ECDH", "RC4", 16, 0, 0, "SHA-1", 20); case 0xC034: // ECDHE_PSK_WITH_3DES_EDE_CBC_SHA - return Ciphersuite(0xC034, "", "ECDHE_PSK", "3DES", 24, 8, "SHA-1", 20); + return Ciphersuite(0xC034, "", "ECDHE_PSK", "3DES", 24, 8, 0, "SHA-1", 20); case 0xC035: // ECDHE_PSK_WITH_AES_128_CBC_SHA - return Ciphersuite(0xC035, "", "ECDHE_PSK", "AES-128", 16, 16, "SHA-1", 20); + return Ciphersuite(0xC035, "", "ECDHE_PSK", "AES-128", 16, 16, 0, "SHA-1", 20); case 0xC037: // ECDHE_PSK_WITH_AES_128_CBC_SHA256 - return Ciphersuite(0xC037, "", "ECDHE_PSK", "AES-128", 16, 16, "SHA-256", 32); + return Ciphersuite(0xC037, "", "ECDHE_PSK", "AES-128", 16, 16, 0, "SHA-256", 32); case 0xC036: // ECDHE_PSK_WITH_AES_256_CBC_SHA - return Ciphersuite(0xC036, "", "ECDHE_PSK", "AES-256", 32, 16, "SHA-1", 20); + return Ciphersuite(0xC036, "", "ECDHE_PSK", "AES-256", 32, 16, 0, "SHA-1", 20); case 0xC038: // ECDHE_PSK_WITH_AES_256_CBC_SHA384 - return Ciphersuite(0xC038, "", "ECDHE_PSK", "AES-256", 32, 16, "SHA-384", 48); + return Ciphersuite(0xC038, "", "ECDHE_PSK", "AES-256", 32, 16, 0, "SHA-384", 48); case 0xC09A: // ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 - return Ciphersuite(0xC09A, "", "ECDHE_PSK", "Camellia-128", 16, 16, "SHA-256", 32); + return Ciphersuite(0xC09A, "", "ECDHE_PSK", "Camellia-128", 16, 16, 0, "SHA-256", 32); case 0xC09B: // ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 - return Ciphersuite(0xC09B, "", "ECDHE_PSK", "Camellia-256", 32, 16, "SHA-384", 48); + return Ciphersuite(0xC09B, "", "ECDHE_PSK", "Camellia-256", 32, 16, 0, "SHA-384", 48); case 0xC033: // ECDHE_PSK_WITH_RC4_128_SHA - return Ciphersuite(0xC033, "", "ECDHE_PSK", "RC4", 16, 0, "SHA-1", 20); + return Ciphersuite(0xC033, "", "ECDHE_PSK", "RC4", 16, 0, 0, "SHA-1", 20); case 0xC012: // ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - return Ciphersuite(0xC012, "RSA", "ECDH", "3DES", 24, 8, "SHA-1", 20); + return Ciphersuite(0xC012, "RSA", "ECDH", "3DES", 24, 8, 0, "SHA-1", 20); case 0xC013: // ECDHE_RSA_WITH_AES_128_CBC_SHA - return Ciphersuite(0xC013, "RSA", "ECDH", "AES-128", 16, 16, "SHA-1", 20); + return Ciphersuite(0xC013, "RSA", "ECDH", "AES-128", 16, 16, 0, "SHA-1", 20); case 0xC027: // ECDHE_RSA_WITH_AES_128_CBC_SHA256 - return Ciphersuite(0xC027, "RSA", "ECDH", "AES-128", 16, 16, "SHA-256", 32); + return Ciphersuite(0xC027, "RSA", "ECDH", "AES-128", 16, 16, 0, "SHA-256", 32); case 0xC02F: // ECDHE_RSA_WITH_AES_128_GCM_SHA256 - return Ciphersuite(0xC02F, "RSA", "ECDH", "AES-128/GCM", 16, 4, "AEAD", 0, "SHA-256"); + return Ciphersuite(0xC02F, "RSA", "ECDH", "AES-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"); case 0xC014: // ECDHE_RSA_WITH_AES_256_CBC_SHA - return Ciphersuite(0xC014, "RSA", "ECDH", "AES-256", 32, 16, "SHA-1", 20); + return Ciphersuite(0xC014, "RSA", "ECDH", "AES-256", 32, 16, 0, "SHA-1", 20); case 0xC028: // ECDHE_RSA_WITH_AES_256_CBC_SHA384 - return Ciphersuite(0xC028, "RSA", "ECDH", "AES-256", 32, 16, "SHA-384", 48); + return Ciphersuite(0xC028, "RSA", "ECDH", "AES-256", 32, 16, 0, "SHA-384", 48); case 0xC030: // ECDHE_RSA_WITH_AES_256_GCM_SHA384 - return Ciphersuite(0xC030, "RSA", "ECDH", "AES-256/GCM", 32, 4, "AEAD", 0, "SHA-384"); + return Ciphersuite(0xC030, "RSA", "ECDH", "AES-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"); case 0xC076: // ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 - return Ciphersuite(0xC076, "RSA", "ECDH", "Camellia-128", 16, 16, "SHA-256", 32); + return Ciphersuite(0xC076, "RSA", "ECDH", "Camellia-128", 16, 16, 0, "SHA-256", 32); case 0xC08A: // ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 - return Ciphersuite(0xC08A, "RSA", "ECDH", "Camellia-128/GCM", 16, 4, "AEAD", 0, "SHA-256"); + return Ciphersuite(0xC08A, "RSA", "ECDH", "Camellia-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"); case 0xC077: // ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 - return Ciphersuite(0xC077, "RSA", "ECDH", "Camellia-256", 32, 16, "SHA-384", 48); + return Ciphersuite(0xC077, "RSA", "ECDH", "Camellia-256", 32, 16, 0, "SHA-384", 48); case 0xC08B: // ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 - return Ciphersuite(0xC08B, "RSA", "ECDH", "Camellia-256/GCM", 32, 4, "AEAD", 0, "SHA-384"); + return Ciphersuite(0xC08B, "RSA", "ECDH", "Camellia-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"); case 0xC011: // ECDHE_RSA_WITH_RC4_128_SHA - return Ciphersuite(0xC011, "RSA", "ECDH", "RC4", 16, 0, "SHA-1", 20); + return Ciphersuite(0xC011, "RSA", "ECDH", "RC4", 16, 0, 0, "SHA-1", 20); case 0xC017: // ECDH_anon_WITH_3DES_EDE_CBC_SHA - return Ciphersuite(0xC017, "", "ECDH", "3DES", 24, 8, "SHA-1", 20); + return Ciphersuite(0xC017, "", "ECDH", "3DES", 24, 8, 0, "SHA-1", 20); case 0xC018: // ECDH_anon_WITH_AES_128_CBC_SHA - return Ciphersuite(0xC018, "", "ECDH", "AES-128", 16, 16, "SHA-1", 20); + return Ciphersuite(0xC018, "", "ECDH", "AES-128", 16, 16, 0, "SHA-1", 20); case 0xC019: // ECDH_anon_WITH_AES_256_CBC_SHA - return Ciphersuite(0xC019, "", "ECDH", "AES-256", 32, 16, "SHA-1", 20); + return Ciphersuite(0xC019, "", "ECDH", "AES-256", 32, 16, 0, "SHA-1", 20); case 0xC016: // ECDH_anon_WITH_RC4_128_SHA - return Ciphersuite(0xC016, "", "ECDH", "RC4", 16, 0, "SHA-1", 20); + return Ciphersuite(0xC016, "", "ECDH", "RC4", 16, 0, 0, "SHA-1", 20); case 0xC0AA: // PSK_DHE_WITH_AES_128_CCM_8 - return Ciphersuite(0xC0AA, "", "DHE_PSK", "AES-128/CCM-8", 16, 4, "AEAD", 0, "SHA-256"); + return Ciphersuite(0xC0AA, "", "DHE_PSK", "AES-128/CCM-8", 16, 4, 8, "AEAD", 0, "SHA-256"); case 0xC0AB: // PSK_DHE_WITH_AES_256_CCM_8 - return Ciphersuite(0xC0AB, "", "DHE_PSK", "AES-256/CCM-8", 32, 4, "AEAD", 0, "SHA-256"); + return Ciphersuite(0xC0AB, "", "DHE_PSK", "AES-256/CCM-8", 32, 4, 8, "AEAD", 0, "SHA-256"); case 0x008B: // PSK_WITH_3DES_EDE_CBC_SHA - return Ciphersuite(0x008B, "", "PSK", "3DES", 24, 8, "SHA-1", 20); + return Ciphersuite(0x008B, "", "PSK", "3DES", 24, 8, 0, "SHA-1", 20); case 0x008C: // PSK_WITH_AES_128_CBC_SHA - return Ciphersuite(0x008C, "", "PSK", "AES-128", 16, 16, "SHA-1", 20); + return Ciphersuite(0x008C, "", "PSK", "AES-128", 16, 16, 0, "SHA-1", 20); case 0x00AE: // PSK_WITH_AES_128_CBC_SHA256 - return Ciphersuite(0x00AE, "", "PSK", "AES-128", 16, 16, "SHA-256", 32); + return Ciphersuite(0x00AE, "", "PSK", "AES-128", 16, 16, 0, "SHA-256", 32); case 0xC0A4: // PSK_WITH_AES_128_CCM - return Ciphersuite(0xC0A4, "", "PSK", "AES-128/CCM", 16, 4, "AEAD", 0, "SHA-256"); + return Ciphersuite(0xC0A4, "", "PSK", "AES-128/CCM", 16, 4, 8, "AEAD", 0, "SHA-256"); case 0xC0A8: // PSK_WITH_AES_128_CCM_8 - return Ciphersuite(0xC0A8, "", "PSK", "AES-128/CCM-8", 16, 4, "AEAD", 0, "SHA-256"); + return Ciphersuite(0xC0A8, "", "PSK", "AES-128/CCM-8", 16, 4, 8, "AEAD", 0, "SHA-256"); case 0x00A8: // PSK_WITH_AES_128_GCM_SHA256 - return Ciphersuite(0x00A8, "", "PSK", "AES-128/GCM", 16, 4, "AEAD", 0, "SHA-256"); + return Ciphersuite(0x00A8, "", "PSK", "AES-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"); case 0x008D: // PSK_WITH_AES_256_CBC_SHA - return Ciphersuite(0x008D, "", "PSK", "AES-256", 32, 16, "SHA-1", 20); + return Ciphersuite(0x008D, "", "PSK", "AES-256", 32, 16, 0, "SHA-1", 20); case 0x00AF: // PSK_WITH_AES_256_CBC_SHA384 - return Ciphersuite(0x00AF, "", "PSK", "AES-256", 32, 16, "SHA-384", 48); + return Ciphersuite(0x00AF, "", "PSK", "AES-256", 32, 16, 0, "SHA-384", 48); case 0xC0A5: // PSK_WITH_AES_256_CCM - return Ciphersuite(0xC0A5, "", "PSK", "AES-256/CCM", 32, 4, "AEAD", 0, "SHA-256"); + return Ciphersuite(0xC0A5, "", "PSK", "AES-256/CCM", 32, 4, 8, "AEAD", 0, "SHA-256"); case 0xC0A9: // PSK_WITH_AES_256_CCM_8 - return Ciphersuite(0xC0A9, "", "PSK", "AES-256/CCM-8", 32, 4, "AEAD", 0, "SHA-256"); + return Ciphersuite(0xC0A9, "", "PSK", "AES-256/CCM-8", 32, 4, 8, "AEAD", 0, "SHA-256"); case 0x00A9: // PSK_WITH_AES_256_GCM_SHA384 - return Ciphersuite(0x00A9, "", "PSK", "AES-256/GCM", 32, 4, "AEAD", 0, "SHA-384"); + return Ciphersuite(0x00A9, "", "PSK", "AES-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"); case 0xC094: // PSK_WITH_CAMELLIA_128_CBC_SHA256 - return Ciphersuite(0xC094, "", "PSK", "Camellia-128", 16, 16, "SHA-256", 32); + return Ciphersuite(0xC094, "", "PSK", "Camellia-128", 16, 16, 0, "SHA-256", 32); case 0xC08E: // PSK_WITH_CAMELLIA_128_GCM_SHA256 - return Ciphersuite(0xC08E, "", "PSK", "Camellia-128/GCM", 16, 4, "AEAD", 0, "SHA-256"); + return Ciphersuite(0xC08E, "", "PSK", "Camellia-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"); case 0xC095: // PSK_WITH_CAMELLIA_256_CBC_SHA384 - return Ciphersuite(0xC095, "", "PSK", "Camellia-256", 32, 16, "SHA-384", 48); + return Ciphersuite(0xC095, "", "PSK", "Camellia-256", 32, 16, 0, "SHA-384", 48); case 0xC08F: // PSK_WITH_CAMELLIA_256_GCM_SHA384 - return Ciphersuite(0xC08F, "", "PSK", "Camellia-256/GCM", 32, 4, "AEAD", 0, "SHA-384"); + return Ciphersuite(0xC08F, "", "PSK", "Camellia-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"); case 0x008A: // PSK_WITH_RC4_128_SHA - return Ciphersuite(0x008A, "", "PSK", "RC4", 16, 0, "SHA-1", 20); + return Ciphersuite(0x008A, "", "PSK", "RC4", 16, 0, 0, "SHA-1", 20); case 0x000A: // RSA_WITH_3DES_EDE_CBC_SHA - return Ciphersuite(0x000A, "RSA", "RSA", "3DES", 24, 8, "SHA-1", 20); + return Ciphersuite(0x000A, "RSA", "RSA", "3DES", 24, 8, 0, "SHA-1", 20); case 0x002F: // RSA_WITH_AES_128_CBC_SHA - return Ciphersuite(0x002F, "RSA", "RSA", "AES-128", 16, 16, "SHA-1", 20); + return Ciphersuite(0x002F, "RSA", "RSA", "AES-128", 16, 16, 0, "SHA-1", 20); case 0x003C: // RSA_WITH_AES_128_CBC_SHA256 - return Ciphersuite(0x003C, "RSA", "RSA", "AES-128", 16, 16, "SHA-256", 32); + return Ciphersuite(0x003C, "RSA", "RSA", "AES-128", 16, 16, 0, "SHA-256", 32); case 0xC09C: // RSA_WITH_AES_128_CCM - return Ciphersuite(0xC09C, "RSA", "RSA", "AES-128/CCM", 16, 4, "AEAD", 0, "SHA-256"); + return Ciphersuite(0xC09C, "RSA", "RSA", "AES-128/CCM", 16, 4, 8, "AEAD", 0, "SHA-256"); case 0xC0A0: // RSA_WITH_AES_128_CCM_8 - return Ciphersuite(0xC0A0, "RSA", "RSA", "AES-128/CCM-8", 16, 4, "AEAD", 0, "SHA-256"); + return Ciphersuite(0xC0A0, "RSA", "RSA", "AES-128/CCM-8", 16, 4, 8, "AEAD", 0, "SHA-256"); case 0x009C: // RSA_WITH_AES_128_GCM_SHA256 - return Ciphersuite(0x009C, "RSA", "RSA", "AES-128/GCM", 16, 4, "AEAD", 0, "SHA-256"); + return Ciphersuite(0x009C, "RSA", "RSA", "AES-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"); case 0x0035: // RSA_WITH_AES_256_CBC_SHA - return Ciphersuite(0x0035, "RSA", "RSA", "AES-256", 32, 16, "SHA-1", 20); + return Ciphersuite(0x0035, "RSA", "RSA", "AES-256", 32, 16, 0, "SHA-1", 20); case 0x003D: // RSA_WITH_AES_256_CBC_SHA256 - return Ciphersuite(0x003D, "RSA", "RSA", "AES-256", 32, 16, "SHA-256", 32); + return Ciphersuite(0x003D, "RSA", "RSA", "AES-256", 32, 16, 0, "SHA-256", 32); case 0xC09D: // RSA_WITH_AES_256_CCM - return Ciphersuite(0xC09D, "RSA", "RSA", "AES-256/CCM", 32, 4, "AEAD", 0, "SHA-256"); + return Ciphersuite(0xC09D, "RSA", "RSA", "AES-256/CCM", 32, 4, 8, "AEAD", 0, "SHA-256"); case 0xC0A1: // RSA_WITH_AES_256_CCM_8 - return Ciphersuite(0xC0A1, "RSA", "RSA", "AES-256/CCM-8", 32, 4, "AEAD", 0, "SHA-256"); + return Ciphersuite(0xC0A1, "RSA", "RSA", "AES-256/CCM-8", 32, 4, 8, "AEAD", 0, "SHA-256"); case 0x009D: // RSA_WITH_AES_256_GCM_SHA384 - return Ciphersuite(0x009D, "RSA", "RSA", "AES-256/GCM", 32, 4, "AEAD", 0, "SHA-384"); + return Ciphersuite(0x009D, "RSA", "RSA", "AES-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"); case 0x0041: // RSA_WITH_CAMELLIA_128_CBC_SHA - return Ciphersuite(0x0041, "RSA", "RSA", "Camellia-128", 16, 16, "SHA-1", 20); + return Ciphersuite(0x0041, "RSA", "RSA", "Camellia-128", 16, 16, 0, "SHA-1", 20); case 0x00BA: // RSA_WITH_CAMELLIA_128_CBC_SHA256 - return Ciphersuite(0x00BA, "RSA", "RSA", "Camellia-128", 16, 16, "SHA-256", 32); + return Ciphersuite(0x00BA, "RSA", "RSA", "Camellia-128", 16, 16, 0, "SHA-256", 32); case 0xC07A: // RSA_WITH_CAMELLIA_128_GCM_SHA256 - return Ciphersuite(0xC07A, "RSA", "RSA", "Camellia-128/GCM", 16, 4, "AEAD", 0, "SHA-256"); + return Ciphersuite(0xC07A, "RSA", "RSA", "Camellia-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"); case 0x0084: // RSA_WITH_CAMELLIA_256_CBC_SHA - return Ciphersuite(0x0084, "RSA", "RSA", "Camellia-256", 32, 16, "SHA-1", 20); + return Ciphersuite(0x0084, "RSA", "RSA", "Camellia-256", 32, 16, 0, "SHA-1", 20); case 0x00C0: // RSA_WITH_CAMELLIA_256_CBC_SHA256 - return Ciphersuite(0x00C0, "RSA", "RSA", "Camellia-256", 32, 16, "SHA-256", 32); + return Ciphersuite(0x00C0, "RSA", "RSA", "Camellia-256", 32, 16, 0, "SHA-256", 32); case 0xC07B: // RSA_WITH_CAMELLIA_256_GCM_SHA384 - return Ciphersuite(0xC07B, "RSA", "RSA", "Camellia-256/GCM", 32, 4, "AEAD", 0, "SHA-384"); + return Ciphersuite(0xC07B, "RSA", "RSA", "Camellia-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"); case 0x0004: // RSA_WITH_RC4_128_MD5 - return Ciphersuite(0x0004, "RSA", "RSA", "RC4", 16, 0, "MD5", 16); + return Ciphersuite(0x0004, "RSA", "RSA", "RC4", 16, 0, 0, "MD5", 16); case 0x0005: // RSA_WITH_RC4_128_SHA - return Ciphersuite(0x0005, "RSA", "RSA", "RC4", 16, 0, "SHA-1", 20); + return Ciphersuite(0x0005, "RSA", "RSA", "RC4", 16, 0, 0, "SHA-1", 20); case 0x0096: // RSA_WITH_SEED_CBC_SHA - return Ciphersuite(0x0096, "RSA", "RSA", "SEED", 16, 16, "SHA-1", 20); + return Ciphersuite(0x0096, "RSA", "RSA", "SEED", 16, 16, 0, "SHA-1", 20); case 0xC01C: // SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA - return Ciphersuite(0xC01C, "DSA", "SRP_SHA", "3DES", 24, 8, "SHA-1", 20); + return Ciphersuite(0xC01C, "DSA", "SRP_SHA", "3DES", 24, 8, 0, "SHA-1", 20); case 0xC01F: // SRP_SHA_DSS_WITH_AES_128_CBC_SHA - return Ciphersuite(0xC01F, "DSA", "SRP_SHA", "AES-128", 16, 16, "SHA-1", 20); + return Ciphersuite(0xC01F, "DSA", "SRP_SHA", "AES-128", 16, 16, 0, "SHA-1", 20); case 0xC022: // SRP_SHA_DSS_WITH_AES_256_CBC_SHA - return Ciphersuite(0xC022, "DSA", "SRP_SHA", "AES-256", 32, 16, "SHA-1", 20); + return Ciphersuite(0xC022, "DSA", "SRP_SHA", "AES-256", 32, 16, 0, "SHA-1", 20); case 0xC01B: // SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA - return Ciphersuite(0xC01B, "RSA", "SRP_SHA", "3DES", 24, 8, "SHA-1", 20); + return Ciphersuite(0xC01B, "RSA", "SRP_SHA", "3DES", 24, 8, 0, "SHA-1", 20); case 0xC01E: // SRP_SHA_RSA_WITH_AES_128_CBC_SHA - return Ciphersuite(0xC01E, "RSA", "SRP_SHA", "AES-128", 16, 16, "SHA-1", 20); + return Ciphersuite(0xC01E, "RSA", "SRP_SHA", "AES-128", 16, 16, 0, "SHA-1", 20); case 0xC021: // SRP_SHA_RSA_WITH_AES_256_CBC_SHA - return Ciphersuite(0xC021, "RSA", "SRP_SHA", "AES-256", 32, 16, "SHA-1", 20); + return Ciphersuite(0xC021, "RSA", "SRP_SHA", "AES-256", 32, 16, 0, "SHA-1", 20); case 0xC01A: // SRP_SHA_WITH_3DES_EDE_CBC_SHA - return Ciphersuite(0xC01A, "", "SRP_SHA", "3DES", 24, 8, "SHA-1", 20); + return Ciphersuite(0xC01A, "", "SRP_SHA", "3DES", 24, 8, 0, "SHA-1", 20); case 0xC01D: // SRP_SHA_WITH_AES_128_CBC_SHA - return Ciphersuite(0xC01D, "", "SRP_SHA", "AES-128", 16, 16, "SHA-1", 20); + return Ciphersuite(0xC01D, "", "SRP_SHA", "AES-128", 16, 16, 0, "SHA-1", 20); case 0xC020: // SRP_SHA_WITH_AES_256_CBC_SHA - return Ciphersuite(0xC020, "", "SRP_SHA", "AES-256", 32, 16, "SHA-1", 20); + return Ciphersuite(0xC020, "", "SRP_SHA", "AES-256", 32, 16, 0, "SHA-1", 20); } diff --git a/src/scripts/tls_suite_info.py b/src/scripts/tls_suite_info.py index 48560f617..31bc70a4f 100755 --- a/src/scripts/tls_suite_info.py +++ b/src/scripts/tls_suite_info.py @@ -128,13 +128,14 @@ def to_ciphersuite_info(code, name): cipher_algo += '/' + mode if cipher_algo in stream_ciphers or mode == 'CBC': - return 'Ciphersuite(0x%s, "%s", "%s", "%s", %d, %d, "%s", %d)' % ( + return 'Ciphersuite(0x%s, "%s", "%s", "%s", %d, %d, 0, "%s", %d)' % ( code, sig_algo, kex_algo, cipher_algo, cipher_keylen, ivlen, mac_algo, mac_keylen[mac_algo]) else: imp_iv_len = 4 + exp_iv_len = 8 - return 'Ciphersuite(0x%s, "%s", "%s", "%s", %d, %d, "AEAD", %d, "%s")' % ( - code, sig_algo, kex_algo, cipher_algo, cipher_keylen, imp_iv_len, 0, mac_algo) + return 'Ciphersuite(0x%s, "%s", "%s", "%s", %d, %d, %d, "AEAD", %d, "%s")' % ( + code, sig_algo, kex_algo, cipher_algo, cipher_keylen, imp_iv_len, exp_iv_len, 0, mac_algo) def open_input(args): iana_url = 'https://www.iana.org/assignments/tls-parameters/tls-parameters.txt' |