aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorlloyd <[email protected]>2014-11-03 23:08:58 +0000
committerlloyd <[email protected]>2014-11-03 23:08:58 +0000
commit85e0f9510fde42905e8d4883614ca1920a914c30 (patch)
treed4abfd9b004870c59330ff7424dabc323d112669
parentbcd83686c3daed38974d1f9b533c07d35c5a7476 (diff)
Cleanup handling of TLS AEAD nonce sizes, push all knowledge of what
the nonce sizes should be down to the ciphersuite generating script.
-rw-r--r--src/lib/tls/tls_ciphersuite.cpp10
-rw-r--r--src/lib/tls/tls_ciphersuite.h24
-rw-r--r--src/lib/tls/tls_record.cpp28
-rw-r--r--src/lib/tls/tls_record.h5
-rw-r--r--src/lib/tls/tls_session_key.cpp10
-rw-r--r--src/lib/tls/tls_suite_info.cpp302
-rwxr-xr-xsrc/scripts/tls_suite_info.py7
7 files changed, 197 insertions, 189 deletions
diff --git a/src/lib/tls/tls_ciphersuite.cpp b/src/lib/tls/tls_ciphersuite.cpp
index 4c9b204a6..e6a69126c 100644
--- a/src/lib/tls/tls_ciphersuite.cpp
+++ b/src/lib/tls/tls_ciphersuite.cpp
@@ -66,18 +66,20 @@ Ciphersuite::Ciphersuite(u16bit ciphersuite_code,
const char* kex_algo,
const char* cipher_algo,
size_t cipher_keylen,
- size_t cipher_ivlen,
+ size_t exp_nonce_bytes,
+ size_t imp_nonce_bytes,
const char* mac_algo,
size_t mac_keylen,
const char* prf_algo) :
m_ciphersuite_code(ciphersuite_code),
m_sig_algo(sig_algo),
m_kex_algo(kex_algo),
- m_cipher_algo(cipher_algo),
- m_mac_algo(mac_algo),
m_prf_algo(prf_algo),
+ m_cipher_algo(cipher_algo),
m_cipher_keylen(cipher_keylen),
- m_cipher_ivlen(cipher_ivlen),
+ m_explicit_nonce_bytes(exp_nonce_bytes),
+ m_implicit_nonce_bytes(imp_nonce_bytes),
+ m_mac_algo(mac_algo),
m_mac_keylen(mac_keylen)
{
}
diff --git a/src/lib/tls/tls_ciphersuite.h b/src/lib/tls/tls_ciphersuite.h
index f6f1f35f8..e92eafd5f 100644
--- a/src/lib/tls/tls_ciphersuite.h
+++ b/src/lib/tls/tls_ciphersuite.h
@@ -72,24 +72,24 @@ class BOTAN_DLL Ciphersuite
/**
* @return key exchange algorithm used by this ciphersuite
*/
- std::string kex_algo() const { return m_kex_algo; }
+ const std::string& kex_algo() const { return m_kex_algo; }
/**
* @return signature algorithm used by this ciphersuite
*/
- std::string sig_algo() const { return m_sig_algo; }
+ const std::string& sig_algo() const { return m_sig_algo; }
/**
* @return symmetric cipher algorithm used by this ciphersuite
*/
- std::string cipher_algo() const { return m_cipher_algo; }
+ const std::string& cipher_algo() const { return m_cipher_algo; }
/**
* @return message authentication algorithm used by this ciphersuite
*/
- std::string mac_algo() const { return m_mac_algo; }
+ const std::string& mac_algo() const { return m_mac_algo; }
- std::string prf_algo() const
+ const std::string& prf_algo() const
{
return (m_prf_algo != "") ? m_prf_algo : m_mac_algo;
}
@@ -99,7 +99,9 @@ class BOTAN_DLL Ciphersuite
*/
size_t cipher_keylen() const { return m_cipher_keylen; }
- size_t cipher_ivlen() const { return m_cipher_ivlen; }
+ size_t explicit_nonce_bytes() const { return m_explicit_nonce_bytes; }
+
+ size_t implicit_nonce_bytes() const { return m_implicit_nonce_bytes; }
size_t mac_keylen() const { return m_mac_keylen; }
@@ -117,7 +119,8 @@ class BOTAN_DLL Ciphersuite
const char* kex_algo,
const char* cipher_algo,
size_t cipher_keylen,
- size_t cipher_ivlen,
+ size_t explicit_nonce_bytes,
+ size_t implicit_nonce_bytes,
const char* mac_algo,
size_t mac_keylen,
const char* prf_algo = "");
@@ -126,12 +129,13 @@ class BOTAN_DLL Ciphersuite
std::string m_sig_algo;
std::string m_kex_algo;
- std::string m_cipher_algo;
- std::string m_mac_algo;
std::string m_prf_algo;
+ std::string m_cipher_algo;
size_t m_cipher_keylen = 0;
- size_t m_cipher_ivlen = 0;
+ size_t m_explicit_nonce_bytes = 0, m_implicit_nonce_bytes = 0;
+
+ std::string m_mac_algo;
size_t m_mac_keylen = 0;
};
diff --git a/src/lib/tls/tls_record.cpp b/src/lib/tls/tls_record.cpp
index be0777573..67bf9933d 100644
--- a/src/lib/tls/tls_record.cpp
+++ b/src/lib/tls/tls_record.cpp
@@ -25,6 +25,8 @@ Connection_Cipher_State::Connection_Cipher_State(Protocol_Version version,
const Ciphersuite& suite,
const Session_Keys& keys) :
m_start_time(std::chrono::system_clock::now()),
+ m_implicit_nonce_size(suite.implicit_nonce_bytes()),
+ m_explicit_nonce_size(suite.explicit_nonce_bytes()),
m_is_ssl3(version == Protocol_Version::SSL_V3)
{
SymmetricKey mac_key, cipher_key;
@@ -51,9 +53,9 @@ Connection_Cipher_State::Connection_Cipher_State(Protocol_Version version,
m_aead.reset(aead);
m_aead->set_key(cipher_key + mac_key);
- BOTAN_ASSERT(iv.length() == 4, "Using 4/8 partial implicit nonce");
+ BOTAN_ASSERT(iv.length() == explicit_nonce_bytes(), "Matching nonce sizes");
m_nonce = iv.bits_of();
- m_nonce.resize(12);
+ m_nonce.resize(implicit_nonce_bytes() + explicit_nonce_bytes());
return;
}
@@ -87,19 +89,15 @@ Connection_Cipher_State::Connection_Cipher_State(Protocol_Version version,
const secure_vector<byte>& Connection_Cipher_State::aead_nonce(u64bit seq)
{
- BOTAN_ASSERT(m_aead, "Using AEAD mode");
- BOTAN_ASSERT(m_nonce.size() == 12, "Expected nonce size");
- store_be(seq, &m_nonce[4]);
+ store_be(seq, &m_nonce[explicit_nonce_bytes()]);
return m_nonce;
}
const secure_vector<byte>&
Connection_Cipher_State::aead_nonce(const byte record[], size_t record_len)
{
- BOTAN_ASSERT(m_aead, "Using AEAD mode");
- BOTAN_ASSERT(m_nonce.size() == 12, "Expected nonce size");
- BOTAN_ASSERT(record_len >= 8, "Record includes nonce");
- copy_mem(&m_nonce[4], record, 8);
+ BOTAN_ASSERT(record_len >= implicit_nonce_bytes(), "Record includes nonce");
+ copy_mem(&m_nonce[explicit_nonce_bytes()], record, implicit_nonce_bytes());
return m_nonce;
}
@@ -160,14 +158,14 @@ void write_record(secure_vector<byte>& output,
const size_t ctext_size = aead->output_length(msg_length);
auto nonce = cipherstate->aead_nonce(msg_sequence);
- const size_t implicit_nonce_bytes = 4; // FIXME, take from ciphersuite
- const size_t explicit_nonce_bytes = 8;
+ const size_t implicit_nonce_bytes = cipherstate->implicit_nonce_bytes();
+ const size_t explicit_nonce_bytes = cipherstate->explicit_nonce_bytes();
BOTAN_ASSERT(nonce.size() == implicit_nonce_bytes + explicit_nonce_bytes,
"Expected nonce size");
// wrong if start_vec returns something
- const size_t rec_size = ctext_size + explicit_nonce_bytes;
+ const size_t rec_size = ctext_size + implicit_nonce_bytes;
BOTAN_ASSERT(rec_size <= 0xFFFF, "Ciphertext length fits in field");
@@ -178,8 +176,8 @@ void write_record(secure_vector<byte>& output,
cipherstate->format_ad(msg_sequence, msg_type, version, msg_length)
);
- output += std::make_pair(&nonce[implicit_nonce_bytes], explicit_nonce_bytes);
- output += aead->start_vec(nonce);
+ output += std::make_pair(&nonce[explicit_nonce_bytes], implicit_nonce_bytes);
+ BOTAN_ASSERT(aead->start_vec(nonce).empty(), "AEAD doesn't return anything from start");
const size_t offset = output.size();
output += std::make_pair(&msg[0], msg_length);
@@ -388,7 +386,7 @@ void decrypt_record(secure_vector<byte>& output,
if(AEAD_Mode* aead = cipherstate.aead())
{
auto nonce = cipherstate.aead_nonce(record_contents, record_len);
- const size_t nonce_length = 8; // fixme, take from ciphersuite
+ const size_t nonce_length = cipherstate.implicit_nonce_bytes();
BOTAN_ASSERT(record_len > nonce_length, "Have data past the nonce");
const byte* msg = &record_contents[nonce_length];
diff --git a/src/lib/tls/tls_record.h b/src/lib/tls/tls_record.h
index fb727753a..8431e68c0 100644
--- a/src/lib/tls/tls_record.h
+++ b/src/lib/tls/tls_record.h
@@ -65,7 +65,9 @@ class Connection_Cipher_State
size_t iv_size() const { return m_iv_size; }
- bool mac_includes_record_version() const { return !m_is_ssl3; }
+ size_t implicit_nonce_bytes() const { return m_implicit_nonce_size; }
+
+ size_t explicit_nonce_bytes() const { return m_explicit_nonce_size; }
bool cipher_padding_single_byte() const { return m_is_ssl3; }
@@ -89,6 +91,7 @@ class Connection_Cipher_State
secure_vector<byte> m_nonce, m_ad;
size_t m_block_size = 0;
+ size_t m_implicit_nonce_size = 0, m_explicit_nonce_size = 0;
size_t m_iv_size = 0;
bool m_is_ssl3 = false;
};
diff --git a/src/lib/tls/tls_session_key.cpp b/src/lib/tls/tls_session_key.cpp
index 8bf0c94c1..4c09b29fd 100644
--- a/src/lib/tls/tls_session_key.cpp
+++ b/src/lib/tls/tls_session_key.cpp
@@ -22,9 +22,9 @@ Session_Keys::Session_Keys(const Handshake_State* state,
{
const size_t cipher_keylen = state->ciphersuite().cipher_keylen();
const size_t mac_keylen = state->ciphersuite().mac_keylen();
- const size_t cipher_ivlen = state->ciphersuite().cipher_ivlen();
+ const size_t cipher_nonce_bytes = state->ciphersuite().explicit_nonce_bytes();
- const size_t prf_gen = 2 * (mac_keylen + cipher_keylen + cipher_ivlen);
+ const size_t prf_gen = 2 * (mac_keylen + cipher_keylen + cipher_nonce_bytes);
const byte MASTER_SECRET_MAGIC[] = {
0x6D, 0x61, 0x73, 0x74, 0x65, 0x72, 0x20, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74 };
@@ -73,10 +73,10 @@ Session_Keys::Session_Keys(const Handshake_State* state,
s_cipher = SymmetricKey(key_data, cipher_keylen);
key_data += cipher_keylen;
- c_iv = InitializationVector(key_data, cipher_ivlen);
- key_data += cipher_ivlen;
+ c_iv = InitializationVector(key_data, cipher_nonce_bytes);
+ key_data += cipher_nonce_bytes;
- s_iv = InitializationVector(key_data, cipher_ivlen);
+ s_iv = InitializationVector(key_data, cipher_nonce_bytes);
}
}
diff --git a/src/lib/tls/tls_suite_info.cpp b/src/lib/tls/tls_suite_info.cpp
index 22f3816c2..b19986dff 100644
--- a/src/lib/tls/tls_suite_info.cpp
+++ b/src/lib/tls/tls_suite_info.cpp
@@ -2,8 +2,8 @@
* TLS cipher suite information
*
* This file was automatically generated from the IANA assignments
-* (tls-parameters.txt hash 1e63beca8c58c58b71b68c5fd47fd6cffd9f2d79)
-* by ./src/scripts/tls_suite_info.py on 2014-04-05
+* (tls-parameters.txt hash 4bc98b6f75ad5b63952b5f457fa7adbfef60f095)
+* by ./src/scripts/tls_suite_info.py on 2014-11-03
*
* Released under the terms of the Botan license
*/
@@ -19,451 +19,451 @@ Ciphersuite Ciphersuite::by_id(u16bit suite)
switch(suite)
{
case 0x0013: // DHE_DSS_WITH_3DES_EDE_CBC_SHA
- return Ciphersuite(0x0013, "DSA", "DH", "3DES", 24, 8, "SHA-1", 20);
+ return Ciphersuite(0x0013, "DSA", "DH", "3DES", 24, 8, 0, "SHA-1", 20);
case 0x0032: // DHE_DSS_WITH_AES_128_CBC_SHA
- return Ciphersuite(0x0032, "DSA", "DH", "AES-128", 16, 16, "SHA-1", 20);
+ return Ciphersuite(0x0032, "DSA", "DH", "AES-128", 16, 16, 0, "SHA-1", 20);
case 0x0040: // DHE_DSS_WITH_AES_128_CBC_SHA256
- return Ciphersuite(0x0040, "DSA", "DH", "AES-128", 16, 16, "SHA-256", 32);
+ return Ciphersuite(0x0040, "DSA", "DH", "AES-128", 16, 16, 0, "SHA-256", 32);
case 0x00A2: // DHE_DSS_WITH_AES_128_GCM_SHA256
- return Ciphersuite(0x00A2, "DSA", "DH", "AES-128/GCM", 16, 4, "AEAD", 0, "SHA-256");
+ return Ciphersuite(0x00A2, "DSA", "DH", "AES-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256");
case 0x0038: // DHE_DSS_WITH_AES_256_CBC_SHA
- return Ciphersuite(0x0038, "DSA", "DH", "AES-256", 32, 16, "SHA-1", 20);
+ return Ciphersuite(0x0038, "DSA", "DH", "AES-256", 32, 16, 0, "SHA-1", 20);
case 0x006A: // DHE_DSS_WITH_AES_256_CBC_SHA256
- return Ciphersuite(0x006A, "DSA", "DH", "AES-256", 32, 16, "SHA-256", 32);
+ return Ciphersuite(0x006A, "DSA", "DH", "AES-256", 32, 16, 0, "SHA-256", 32);
case 0x00A3: // DHE_DSS_WITH_AES_256_GCM_SHA384
- return Ciphersuite(0x00A3, "DSA", "DH", "AES-256/GCM", 32, 4, "AEAD", 0, "SHA-384");
+ return Ciphersuite(0x00A3, "DSA", "DH", "AES-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384");
case 0x0044: // DHE_DSS_WITH_CAMELLIA_128_CBC_SHA
- return Ciphersuite(0x0044, "DSA", "DH", "Camellia-128", 16, 16, "SHA-1", 20);
+ return Ciphersuite(0x0044, "DSA", "DH", "Camellia-128", 16, 16, 0, "SHA-1", 20);
case 0x00BD: // DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256
- return Ciphersuite(0x00BD, "DSA", "DH", "Camellia-128", 16, 16, "SHA-256", 32);
+ return Ciphersuite(0x00BD, "DSA", "DH", "Camellia-128", 16, 16, 0, "SHA-256", 32);
case 0xC080: // DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256
- return Ciphersuite(0xC080, "DSA", "DH", "Camellia-128/GCM", 16, 4, "AEAD", 0, "SHA-256");
+ return Ciphersuite(0xC080, "DSA", "DH", "Camellia-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256");
case 0x0087: // DHE_DSS_WITH_CAMELLIA_256_CBC_SHA
- return Ciphersuite(0x0087, "DSA", "DH", "Camellia-256", 32, 16, "SHA-1", 20);
+ return Ciphersuite(0x0087, "DSA", "DH", "Camellia-256", 32, 16, 0, "SHA-1", 20);
case 0x00C3: // DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256
- return Ciphersuite(0x00C3, "DSA", "DH", "Camellia-256", 32, 16, "SHA-256", 32);
+ return Ciphersuite(0x00C3, "DSA", "DH", "Camellia-256", 32, 16, 0, "SHA-256", 32);
case 0xC081: // DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384
- return Ciphersuite(0xC081, "DSA", "DH", "Camellia-256/GCM", 32, 4, "AEAD", 0, "SHA-384");
+ return Ciphersuite(0xC081, "DSA", "DH", "Camellia-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384");
case 0x0066: // DHE_DSS_WITH_RC4_128_SHA
- return Ciphersuite(0x0066, "DSA", "DH", "RC4", 16, 0, "SHA-1", 20);
+ return Ciphersuite(0x0066, "DSA", "DH", "RC4", 16, 0, 0, "SHA-1", 20);
case 0x0099: // DHE_DSS_WITH_SEED_CBC_SHA
- return Ciphersuite(0x0099, "DSA", "DH", "SEED", 16, 16, "SHA-1", 20);
+ return Ciphersuite(0x0099, "DSA", "DH", "SEED", 16, 16, 0, "SHA-1", 20);
case 0x008F: // DHE_PSK_WITH_3DES_EDE_CBC_SHA
- return Ciphersuite(0x008F, "", "DHE_PSK", "3DES", 24, 8, "SHA-1", 20);
+ return Ciphersuite(0x008F, "", "DHE_PSK", "3DES", 24, 8, 0, "SHA-1", 20);
case 0x0090: // DHE_PSK_WITH_AES_128_CBC_SHA
- return Ciphersuite(0x0090, "", "DHE_PSK", "AES-128", 16, 16, "SHA-1", 20);
+ return Ciphersuite(0x0090, "", "DHE_PSK", "AES-128", 16, 16, 0, "SHA-1", 20);
case 0x00B2: // DHE_PSK_WITH_AES_128_CBC_SHA256
- return Ciphersuite(0x00B2, "", "DHE_PSK", "AES-128", 16, 16, "SHA-256", 32);
+ return Ciphersuite(0x00B2, "", "DHE_PSK", "AES-128", 16, 16, 0, "SHA-256", 32);
case 0xC0A6: // DHE_PSK_WITH_AES_128_CCM
- return Ciphersuite(0xC0A6, "", "DHE_PSK", "AES-128/CCM", 16, 4, "AEAD", 0, "SHA-256");
+ return Ciphersuite(0xC0A6, "", "DHE_PSK", "AES-128/CCM", 16, 4, 8, "AEAD", 0, "SHA-256");
case 0x00AA: // DHE_PSK_WITH_AES_128_GCM_SHA256
- return Ciphersuite(0x00AA, "", "DHE_PSK", "AES-128/GCM", 16, 4, "AEAD", 0, "SHA-256");
+ return Ciphersuite(0x00AA, "", "DHE_PSK", "AES-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256");
case 0x0091: // DHE_PSK_WITH_AES_256_CBC_SHA
- return Ciphersuite(0x0091, "", "DHE_PSK", "AES-256", 32, 16, "SHA-1", 20);
+ return Ciphersuite(0x0091, "", "DHE_PSK", "AES-256", 32, 16, 0, "SHA-1", 20);
case 0x00B3: // DHE_PSK_WITH_AES_256_CBC_SHA384
- return Ciphersuite(0x00B3, "", "DHE_PSK", "AES-256", 32, 16, "SHA-384", 48);
+ return Ciphersuite(0x00B3, "", "DHE_PSK", "AES-256", 32, 16, 0, "SHA-384", 48);
case 0xC0A7: // DHE_PSK_WITH_AES_256_CCM
- return Ciphersuite(0xC0A7, "", "DHE_PSK", "AES-256/CCM", 32, 4, "AEAD", 0, "SHA-256");
+ return Ciphersuite(0xC0A7, "", "DHE_PSK", "AES-256/CCM", 32, 4, 8, "AEAD", 0, "SHA-256");
case 0x00AB: // DHE_PSK_WITH_AES_256_GCM_SHA384
- return Ciphersuite(0x00AB, "", "DHE_PSK", "AES-256/GCM", 32, 4, "AEAD", 0, "SHA-384");
+ return Ciphersuite(0x00AB, "", "DHE_PSK", "AES-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384");
case 0xC096: // DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
- return Ciphersuite(0xC096, "", "DHE_PSK", "Camellia-128", 16, 16, "SHA-256", 32);
+ return Ciphersuite(0xC096, "", "DHE_PSK", "Camellia-128", 16, 16, 0, "SHA-256", 32);
case 0xC090: // DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
- return Ciphersuite(0xC090, "", "DHE_PSK", "Camellia-128/GCM", 16, 4, "AEAD", 0, "SHA-256");
+ return Ciphersuite(0xC090, "", "DHE_PSK", "Camellia-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256");
case 0xC097: // DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
- return Ciphersuite(0xC097, "", "DHE_PSK", "Camellia-256", 32, 16, "SHA-384", 48);
+ return Ciphersuite(0xC097, "", "DHE_PSK", "Camellia-256", 32, 16, 0, "SHA-384", 48);
case 0xC091: // DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
- return Ciphersuite(0xC091, "", "DHE_PSK", "Camellia-256/GCM", 32, 4, "AEAD", 0, "SHA-384");
+ return Ciphersuite(0xC091, "", "DHE_PSK", "Camellia-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384");
case 0x008E: // DHE_PSK_WITH_RC4_128_SHA
- return Ciphersuite(0x008E, "", "DHE_PSK", "RC4", 16, 0, "SHA-1", 20);
+ return Ciphersuite(0x008E, "", "DHE_PSK", "RC4", 16, 0, 0, "SHA-1", 20);
case 0x0016: // DHE_RSA_WITH_3DES_EDE_CBC_SHA
- return Ciphersuite(0x0016, "RSA", "DH", "3DES", 24, 8, "SHA-1", 20);
+ return Ciphersuite(0x0016, "RSA", "DH", "3DES", 24, 8, 0, "SHA-1", 20);
case 0x0033: // DHE_RSA_WITH_AES_128_CBC_SHA
- return Ciphersuite(0x0033, "RSA", "DH", "AES-128", 16, 16, "SHA-1", 20);
+ return Ciphersuite(0x0033, "RSA", "DH", "AES-128", 16, 16, 0, "SHA-1", 20);
case 0x0067: // DHE_RSA_WITH_AES_128_CBC_SHA256
- return Ciphersuite(0x0067, "RSA", "DH", "AES-128", 16, 16, "SHA-256", 32);
+ return Ciphersuite(0x0067, "RSA", "DH", "AES-128", 16, 16, 0, "SHA-256", 32);
case 0xC09E: // DHE_RSA_WITH_AES_128_CCM
- return Ciphersuite(0xC09E, "RSA", "DH", "AES-128/CCM", 16, 4, "AEAD", 0, "SHA-256");
+ return Ciphersuite(0xC09E, "RSA", "DH", "AES-128/CCM", 16, 4, 8, "AEAD", 0, "SHA-256");
case 0xC0A2: // DHE_RSA_WITH_AES_128_CCM_8
- return Ciphersuite(0xC0A2, "RSA", "DH", "AES-128/CCM-8", 16, 4, "AEAD", 0, "SHA-256");
+ return Ciphersuite(0xC0A2, "RSA", "DH", "AES-128/CCM-8", 16, 4, 8, "AEAD", 0, "SHA-256");
case 0x009E: // DHE_RSA_WITH_AES_128_GCM_SHA256
- return Ciphersuite(0x009E, "RSA", "DH", "AES-128/GCM", 16, 4, "AEAD", 0, "SHA-256");
+ return Ciphersuite(0x009E, "RSA", "DH", "AES-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256");
case 0x0039: // DHE_RSA_WITH_AES_256_CBC_SHA
- return Ciphersuite(0x0039, "RSA", "DH", "AES-256", 32, 16, "SHA-1", 20);
+ return Ciphersuite(0x0039, "RSA", "DH", "AES-256", 32, 16, 0, "SHA-1", 20);
case 0x006B: // DHE_RSA_WITH_AES_256_CBC_SHA256
- return Ciphersuite(0x006B, "RSA", "DH", "AES-256", 32, 16, "SHA-256", 32);
+ return Ciphersuite(0x006B, "RSA", "DH", "AES-256", 32, 16, 0, "SHA-256", 32);
case 0xC09F: // DHE_RSA_WITH_AES_256_CCM
- return Ciphersuite(0xC09F, "RSA", "DH", "AES-256/CCM", 32, 4, "AEAD", 0, "SHA-256");
+ return Ciphersuite(0xC09F, "RSA", "DH", "AES-256/CCM", 32, 4, 8, "AEAD", 0, "SHA-256");
case 0xC0A3: // DHE_RSA_WITH_AES_256_CCM_8
- return Ciphersuite(0xC0A3, "RSA", "DH", "AES-256/CCM-8", 32, 4, "AEAD", 0, "SHA-256");
+ return Ciphersuite(0xC0A3, "RSA", "DH", "AES-256/CCM-8", 32, 4, 8, "AEAD", 0, "SHA-256");
case 0x009F: // DHE_RSA_WITH_AES_256_GCM_SHA384
- return Ciphersuite(0x009F, "RSA", "DH", "AES-256/GCM", 32, 4, "AEAD", 0, "SHA-384");
+ return Ciphersuite(0x009F, "RSA", "DH", "AES-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384");
case 0x0045: // DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
- return Ciphersuite(0x0045, "RSA", "DH", "Camellia-128", 16, 16, "SHA-1", 20);
+ return Ciphersuite(0x0045, "RSA", "DH", "Camellia-128", 16, 16, 0, "SHA-1", 20);
case 0x00BE: // DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
- return Ciphersuite(0x00BE, "RSA", "DH", "Camellia-128", 16, 16, "SHA-256", 32);
+ return Ciphersuite(0x00BE, "RSA", "DH", "Camellia-128", 16, 16, 0, "SHA-256", 32);
case 0xC07C: // DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
- return Ciphersuite(0xC07C, "RSA", "DH", "Camellia-128/GCM", 16, 4, "AEAD", 0, "SHA-256");
+ return Ciphersuite(0xC07C, "RSA", "DH", "Camellia-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256");
case 0x0088: // DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
- return Ciphersuite(0x0088, "RSA", "DH", "Camellia-256", 32, 16, "SHA-1", 20);
+ return Ciphersuite(0x0088, "RSA", "DH", "Camellia-256", 32, 16, 0, "SHA-1", 20);
case 0x00C4: // DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
- return Ciphersuite(0x00C4, "RSA", "DH", "Camellia-256", 32, 16, "SHA-256", 32);
+ return Ciphersuite(0x00C4, "RSA", "DH", "Camellia-256", 32, 16, 0, "SHA-256", 32);
case 0xC07D: // DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
- return Ciphersuite(0xC07D, "RSA", "DH", "Camellia-256/GCM", 32, 4, "AEAD", 0, "SHA-384");
+ return Ciphersuite(0xC07D, "RSA", "DH", "Camellia-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384");
case 0x009A: // DHE_RSA_WITH_SEED_CBC_SHA
- return Ciphersuite(0x009A, "RSA", "DH", "SEED", 16, 16, "SHA-1", 20);
+ return Ciphersuite(0x009A, "RSA", "DH", "SEED", 16, 16, 0, "SHA-1", 20);
case 0x001B: // DH_anon_WITH_3DES_EDE_CBC_SHA
- return Ciphersuite(0x001B, "", "DH", "3DES", 24, 8, "SHA-1", 20);
+ return Ciphersuite(0x001B, "", "DH", "3DES", 24, 8, 0, "SHA-1", 20);
case 0x0034: // DH_anon_WITH_AES_128_CBC_SHA
- return Ciphersuite(0x0034, "", "DH", "AES-128", 16, 16, "SHA-1", 20);
+ return Ciphersuite(0x0034, "", "DH", "AES-128", 16, 16, 0, "SHA-1", 20);
case 0x006C: // DH_anon_WITH_AES_128_CBC_SHA256
- return Ciphersuite(0x006C, "", "DH", "AES-128", 16, 16, "SHA-256", 32);
+ return Ciphersuite(0x006C, "", "DH", "AES-128", 16, 16, 0, "SHA-256", 32);
case 0x00A6: // DH_anon_WITH_AES_128_GCM_SHA256
- return Ciphersuite(0x00A6, "", "DH", "AES-128/GCM", 16, 4, "AEAD", 0, "SHA-256");
+ return Ciphersuite(0x00A6, "", "DH", "AES-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256");
case 0x003A: // DH_anon_WITH_AES_256_CBC_SHA
- return Ciphersuite(0x003A, "", "DH", "AES-256", 32, 16, "SHA-1", 20);
+ return Ciphersuite(0x003A, "", "DH", "AES-256", 32, 16, 0, "SHA-1", 20);
case 0x006D: // DH_anon_WITH_AES_256_CBC_SHA256
- return Ciphersuite(0x006D, "", "DH", "AES-256", 32, 16, "SHA-256", 32);
+ return Ciphersuite(0x006D, "", "DH", "AES-256", 32, 16, 0, "SHA-256", 32);
case 0x00A7: // DH_anon_WITH_AES_256_GCM_SHA384
- return Ciphersuite(0x00A7, "", "DH", "AES-256/GCM", 32, 4, "AEAD", 0, "SHA-384");
+ return Ciphersuite(0x00A7, "", "DH", "AES-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384");
case 0x0046: // DH_anon_WITH_CAMELLIA_128_CBC_SHA
- return Ciphersuite(0x0046, "", "DH", "Camellia-128", 16, 16, "SHA-1", 20);
+ return Ciphersuite(0x0046, "", "DH", "Camellia-128", 16, 16, 0, "SHA-1", 20);
case 0x00BF: // DH_anon_WITH_CAMELLIA_128_CBC_SHA256
- return Ciphersuite(0x00BF, "", "DH", "Camellia-128", 16, 16, "SHA-256", 32);
+ return Ciphersuite(0x00BF, "", "DH", "Camellia-128", 16, 16, 0, "SHA-256", 32);
case 0xC084: // DH_anon_WITH_CAMELLIA_128_GCM_SHA256
- return Ciphersuite(0xC084, "", "DH", "Camellia-128/GCM", 16, 4, "AEAD", 0, "SHA-256");
+ return Ciphersuite(0xC084, "", "DH", "Camellia-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256");
case 0x0089: // DH_anon_WITH_CAMELLIA_256_CBC_SHA
- return Ciphersuite(0x0089, "", "DH", "Camellia-256", 32, 16, "SHA-1", 20);
+ return Ciphersuite(0x0089, "", "DH", "Camellia-256", 32, 16, 0, "SHA-1", 20);
case 0x00C5: // DH_anon_WITH_CAMELLIA_256_CBC_SHA256
- return Ciphersuite(0x00C5, "", "DH", "Camellia-256", 32, 16, "SHA-256", 32);
+ return Ciphersuite(0x00C5, "", "DH", "Camellia-256", 32, 16, 0, "SHA-256", 32);
case 0xC085: // DH_anon_WITH_CAMELLIA_256_GCM_SHA384
- return Ciphersuite(0xC085, "", "DH", "Camellia-256/GCM", 32, 4, "AEAD", 0, "SHA-384");
+ return Ciphersuite(0xC085, "", "DH", "Camellia-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384");
case 0x0018: // DH_anon_WITH_RC4_128_MD5
- return Ciphersuite(0x0018, "", "DH", "RC4", 16, 0, "MD5", 16);
+ return Ciphersuite(0x0018, "", "DH", "RC4", 16, 0, 0, "MD5", 16);
case 0x009B: // DH_anon_WITH_SEED_CBC_SHA
- return Ciphersuite(0x009B, "", "DH", "SEED", 16, 16, "SHA-1", 20);
+ return Ciphersuite(0x009B, "", "DH", "SEED", 16, 16, 0, "SHA-1", 20);
case 0xC008: // ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
- return Ciphersuite(0xC008, "ECDSA", "ECDH", "3DES", 24, 8, "SHA-1", 20);
+ return Ciphersuite(0xC008, "ECDSA", "ECDH", "3DES", 24, 8, 0, "SHA-1", 20);
case 0xC009: // ECDHE_ECDSA_WITH_AES_128_CBC_SHA
- return Ciphersuite(0xC009, "ECDSA", "ECDH", "AES-128", 16, 16, "SHA-1", 20);
+ return Ciphersuite(0xC009, "ECDSA", "ECDH", "AES-128", 16, 16, 0, "SHA-1", 20);
case 0xC023: // ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
- return Ciphersuite(0xC023, "ECDSA", "ECDH", "AES-128", 16, 16, "SHA-256", 32);
+ return Ciphersuite(0xC023, "ECDSA", "ECDH", "AES-128", 16, 16, 0, "SHA-256", 32);
case 0xC0AC: // ECDHE_ECDSA_WITH_AES_128_CCM
- return Ciphersuite(0xC0AC, "ECDSA", "ECDH", "AES-128/CCM", 16, 4, "AEAD", 0, "SHA-256");
+ return Ciphersuite(0xC0AC, "ECDSA", "ECDH", "AES-128/CCM", 16, 4, 8, "AEAD", 0, "SHA-256");
case 0xC0AE: // ECDHE_ECDSA_WITH_AES_128_CCM_8
- return Ciphersuite(0xC0AE, "ECDSA", "ECDH", "AES-128/CCM-8", 16, 4, "AEAD", 0, "SHA-256");
+ return Ciphersuite(0xC0AE, "ECDSA", "ECDH", "AES-128/CCM-8", 16, 4, 8, "AEAD", 0, "SHA-256");
case 0xC02B: // ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- return Ciphersuite(0xC02B, "ECDSA", "ECDH", "AES-128/GCM", 16, 4, "AEAD", 0, "SHA-256");
+ return Ciphersuite(0xC02B, "ECDSA", "ECDH", "AES-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256");
case 0xC00A: // ECDHE_ECDSA_WITH_AES_256_CBC_SHA
- return Ciphersuite(0xC00A, "ECDSA", "ECDH", "AES-256", 32, 16, "SHA-1", 20);
+ return Ciphersuite(0xC00A, "ECDSA", "ECDH", "AES-256", 32, 16, 0, "SHA-1", 20);
case 0xC024: // ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
- return Ciphersuite(0xC024, "ECDSA", "ECDH", "AES-256", 32, 16, "SHA-384", 48);
+ return Ciphersuite(0xC024, "ECDSA", "ECDH", "AES-256", 32, 16, 0, "SHA-384", 48);
case 0xC0AD: // ECDHE_ECDSA_WITH_AES_256_CCM
- return Ciphersuite(0xC0AD, "ECDSA", "ECDH", "AES-256/CCM", 32, 4, "AEAD", 0, "SHA-256");
+ return Ciphersuite(0xC0AD, "ECDSA", "ECDH", "AES-256/CCM", 32, 4, 8, "AEAD", 0, "SHA-256");
case 0xC0AF: // ECDHE_ECDSA_WITH_AES_256_CCM_8
- return Ciphersuite(0xC0AF, "ECDSA", "ECDH", "AES-256/CCM-8", 32, 4, "AEAD", 0, "SHA-256");
+ return Ciphersuite(0xC0AF, "ECDSA", "ECDH", "AES-256/CCM-8", 32, 4, 8, "AEAD", 0, "SHA-256");
case 0xC02C: // ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- return Ciphersuite(0xC02C, "ECDSA", "ECDH", "AES-256/GCM", 32, 4, "AEAD", 0, "SHA-384");
+ return Ciphersuite(0xC02C, "ECDSA", "ECDH", "AES-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384");
case 0xC072: // ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
- return Ciphersuite(0xC072, "ECDSA", "ECDH", "Camellia-128", 16, 16, "SHA-256", 32);
+ return Ciphersuite(0xC072, "ECDSA", "ECDH", "Camellia-128", 16, 16, 0, "SHA-256", 32);
case 0xC086: // ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
- return Ciphersuite(0xC086, "ECDSA", "ECDH", "Camellia-128/GCM", 16, 4, "AEAD", 0, "SHA-256");
+ return Ciphersuite(0xC086, "ECDSA", "ECDH", "Camellia-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256");
case 0xC073: // ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
- return Ciphersuite(0xC073, "ECDSA", "ECDH", "Camellia-256", 32, 16, "SHA-384", 48);
+ return Ciphersuite(0xC073, "ECDSA", "ECDH", "Camellia-256", 32, 16, 0, "SHA-384", 48);
case 0xC087: // ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
- return Ciphersuite(0xC087, "ECDSA", "ECDH", "Camellia-256/GCM", 32, 4, "AEAD", 0, "SHA-384");
+ return Ciphersuite(0xC087, "ECDSA", "ECDH", "Camellia-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384");
case 0xC007: // ECDHE_ECDSA_WITH_RC4_128_SHA
- return Ciphersuite(0xC007, "ECDSA", "ECDH", "RC4", 16, 0, "SHA-1", 20);
+ return Ciphersuite(0xC007, "ECDSA", "ECDH", "RC4", 16, 0, 0, "SHA-1", 20);
case 0xC034: // ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
- return Ciphersuite(0xC034, "", "ECDHE_PSK", "3DES", 24, 8, "SHA-1", 20);
+ return Ciphersuite(0xC034, "", "ECDHE_PSK", "3DES", 24, 8, 0, "SHA-1", 20);
case 0xC035: // ECDHE_PSK_WITH_AES_128_CBC_SHA
- return Ciphersuite(0xC035, "", "ECDHE_PSK", "AES-128", 16, 16, "SHA-1", 20);
+ return Ciphersuite(0xC035, "", "ECDHE_PSK", "AES-128", 16, 16, 0, "SHA-1", 20);
case 0xC037: // ECDHE_PSK_WITH_AES_128_CBC_SHA256
- return Ciphersuite(0xC037, "", "ECDHE_PSK", "AES-128", 16, 16, "SHA-256", 32);
+ return Ciphersuite(0xC037, "", "ECDHE_PSK", "AES-128", 16, 16, 0, "SHA-256", 32);
case 0xC036: // ECDHE_PSK_WITH_AES_256_CBC_SHA
- return Ciphersuite(0xC036, "", "ECDHE_PSK", "AES-256", 32, 16, "SHA-1", 20);
+ return Ciphersuite(0xC036, "", "ECDHE_PSK", "AES-256", 32, 16, 0, "SHA-1", 20);
case 0xC038: // ECDHE_PSK_WITH_AES_256_CBC_SHA384
- return Ciphersuite(0xC038, "", "ECDHE_PSK", "AES-256", 32, 16, "SHA-384", 48);
+ return Ciphersuite(0xC038, "", "ECDHE_PSK", "AES-256", 32, 16, 0, "SHA-384", 48);
case 0xC09A: // ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
- return Ciphersuite(0xC09A, "", "ECDHE_PSK", "Camellia-128", 16, 16, "SHA-256", 32);
+ return Ciphersuite(0xC09A, "", "ECDHE_PSK", "Camellia-128", 16, 16, 0, "SHA-256", 32);
case 0xC09B: // ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
- return Ciphersuite(0xC09B, "", "ECDHE_PSK", "Camellia-256", 32, 16, "SHA-384", 48);
+ return Ciphersuite(0xC09B, "", "ECDHE_PSK", "Camellia-256", 32, 16, 0, "SHA-384", 48);
case 0xC033: // ECDHE_PSK_WITH_RC4_128_SHA
- return Ciphersuite(0xC033, "", "ECDHE_PSK", "RC4", 16, 0, "SHA-1", 20);
+ return Ciphersuite(0xC033, "", "ECDHE_PSK", "RC4", 16, 0, 0, "SHA-1", 20);
case 0xC012: // ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
- return Ciphersuite(0xC012, "RSA", "ECDH", "3DES", 24, 8, "SHA-1", 20);
+ return Ciphersuite(0xC012, "RSA", "ECDH", "3DES", 24, 8, 0, "SHA-1", 20);
case 0xC013: // ECDHE_RSA_WITH_AES_128_CBC_SHA
- return Ciphersuite(0xC013, "RSA", "ECDH", "AES-128", 16, 16, "SHA-1", 20);
+ return Ciphersuite(0xC013, "RSA", "ECDH", "AES-128", 16, 16, 0, "SHA-1", 20);
case 0xC027: // ECDHE_RSA_WITH_AES_128_CBC_SHA256
- return Ciphersuite(0xC027, "RSA", "ECDH", "AES-128", 16, 16, "SHA-256", 32);
+ return Ciphersuite(0xC027, "RSA", "ECDH", "AES-128", 16, 16, 0, "SHA-256", 32);
case 0xC02F: // ECDHE_RSA_WITH_AES_128_GCM_SHA256
- return Ciphersuite(0xC02F, "RSA", "ECDH", "AES-128/GCM", 16, 4, "AEAD", 0, "SHA-256");
+ return Ciphersuite(0xC02F, "RSA", "ECDH", "AES-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256");
case 0xC014: // ECDHE_RSA_WITH_AES_256_CBC_SHA
- return Ciphersuite(0xC014, "RSA", "ECDH", "AES-256", 32, 16, "SHA-1", 20);
+ return Ciphersuite(0xC014, "RSA", "ECDH", "AES-256", 32, 16, 0, "SHA-1", 20);
case 0xC028: // ECDHE_RSA_WITH_AES_256_CBC_SHA384
- return Ciphersuite(0xC028, "RSA", "ECDH", "AES-256", 32, 16, "SHA-384", 48);
+ return Ciphersuite(0xC028, "RSA", "ECDH", "AES-256", 32, 16, 0, "SHA-384", 48);
case 0xC030: // ECDHE_RSA_WITH_AES_256_GCM_SHA384
- return Ciphersuite(0xC030, "RSA", "ECDH", "AES-256/GCM", 32, 4, "AEAD", 0, "SHA-384");
+ return Ciphersuite(0xC030, "RSA", "ECDH", "AES-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384");
case 0xC076: // ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
- return Ciphersuite(0xC076, "RSA", "ECDH", "Camellia-128", 16, 16, "SHA-256", 32);
+ return Ciphersuite(0xC076, "RSA", "ECDH", "Camellia-128", 16, 16, 0, "SHA-256", 32);
case 0xC08A: // ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
- return Ciphersuite(0xC08A, "RSA", "ECDH", "Camellia-128/GCM", 16, 4, "AEAD", 0, "SHA-256");
+ return Ciphersuite(0xC08A, "RSA", "ECDH", "Camellia-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256");
case 0xC077: // ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
- return Ciphersuite(0xC077, "RSA", "ECDH", "Camellia-256", 32, 16, "SHA-384", 48);
+ return Ciphersuite(0xC077, "RSA", "ECDH", "Camellia-256", 32, 16, 0, "SHA-384", 48);
case 0xC08B: // ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
- return Ciphersuite(0xC08B, "RSA", "ECDH", "Camellia-256/GCM", 32, 4, "AEAD", 0, "SHA-384");
+ return Ciphersuite(0xC08B, "RSA", "ECDH", "Camellia-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384");
case 0xC011: // ECDHE_RSA_WITH_RC4_128_SHA
- return Ciphersuite(0xC011, "RSA", "ECDH", "RC4", 16, 0, "SHA-1", 20);
+ return Ciphersuite(0xC011, "RSA", "ECDH", "RC4", 16, 0, 0, "SHA-1", 20);
case 0xC017: // ECDH_anon_WITH_3DES_EDE_CBC_SHA
- return Ciphersuite(0xC017, "", "ECDH", "3DES", 24, 8, "SHA-1", 20);
+ return Ciphersuite(0xC017, "", "ECDH", "3DES", 24, 8, 0, "SHA-1", 20);
case 0xC018: // ECDH_anon_WITH_AES_128_CBC_SHA
- return Ciphersuite(0xC018, "", "ECDH", "AES-128", 16, 16, "SHA-1", 20);
+ return Ciphersuite(0xC018, "", "ECDH", "AES-128", 16, 16, 0, "SHA-1", 20);
case 0xC019: // ECDH_anon_WITH_AES_256_CBC_SHA
- return Ciphersuite(0xC019, "", "ECDH", "AES-256", 32, 16, "SHA-1", 20);
+ return Ciphersuite(0xC019, "", "ECDH", "AES-256", 32, 16, 0, "SHA-1", 20);
case 0xC016: // ECDH_anon_WITH_RC4_128_SHA
- return Ciphersuite(0xC016, "", "ECDH", "RC4", 16, 0, "SHA-1", 20);
+ return Ciphersuite(0xC016, "", "ECDH", "RC4", 16, 0, 0, "SHA-1", 20);
case 0xC0AA: // PSK_DHE_WITH_AES_128_CCM_8
- return Ciphersuite(0xC0AA, "", "DHE_PSK", "AES-128/CCM-8", 16, 4, "AEAD", 0, "SHA-256");
+ return Ciphersuite(0xC0AA, "", "DHE_PSK", "AES-128/CCM-8", 16, 4, 8, "AEAD", 0, "SHA-256");
case 0xC0AB: // PSK_DHE_WITH_AES_256_CCM_8
- return Ciphersuite(0xC0AB, "", "DHE_PSK", "AES-256/CCM-8", 32, 4, "AEAD", 0, "SHA-256");
+ return Ciphersuite(0xC0AB, "", "DHE_PSK", "AES-256/CCM-8", 32, 4, 8, "AEAD", 0, "SHA-256");
case 0x008B: // PSK_WITH_3DES_EDE_CBC_SHA
- return Ciphersuite(0x008B, "", "PSK", "3DES", 24, 8, "SHA-1", 20);
+ return Ciphersuite(0x008B, "", "PSK", "3DES", 24, 8, 0, "SHA-1", 20);
case 0x008C: // PSK_WITH_AES_128_CBC_SHA
- return Ciphersuite(0x008C, "", "PSK", "AES-128", 16, 16, "SHA-1", 20);
+ return Ciphersuite(0x008C, "", "PSK", "AES-128", 16, 16, 0, "SHA-1", 20);
case 0x00AE: // PSK_WITH_AES_128_CBC_SHA256
- return Ciphersuite(0x00AE, "", "PSK", "AES-128", 16, 16, "SHA-256", 32);
+ return Ciphersuite(0x00AE, "", "PSK", "AES-128", 16, 16, 0, "SHA-256", 32);
case 0xC0A4: // PSK_WITH_AES_128_CCM
- return Ciphersuite(0xC0A4, "", "PSK", "AES-128/CCM", 16, 4, "AEAD", 0, "SHA-256");
+ return Ciphersuite(0xC0A4, "", "PSK", "AES-128/CCM", 16, 4, 8, "AEAD", 0, "SHA-256");
case 0xC0A8: // PSK_WITH_AES_128_CCM_8
- return Ciphersuite(0xC0A8, "", "PSK", "AES-128/CCM-8", 16, 4, "AEAD", 0, "SHA-256");
+ return Ciphersuite(0xC0A8, "", "PSK", "AES-128/CCM-8", 16, 4, 8, "AEAD", 0, "SHA-256");
case 0x00A8: // PSK_WITH_AES_128_GCM_SHA256
- return Ciphersuite(0x00A8, "", "PSK", "AES-128/GCM", 16, 4, "AEAD", 0, "SHA-256");
+ return Ciphersuite(0x00A8, "", "PSK", "AES-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256");
case 0x008D: // PSK_WITH_AES_256_CBC_SHA
- return Ciphersuite(0x008D, "", "PSK", "AES-256", 32, 16, "SHA-1", 20);
+ return Ciphersuite(0x008D, "", "PSK", "AES-256", 32, 16, 0, "SHA-1", 20);
case 0x00AF: // PSK_WITH_AES_256_CBC_SHA384
- return Ciphersuite(0x00AF, "", "PSK", "AES-256", 32, 16, "SHA-384", 48);
+ return Ciphersuite(0x00AF, "", "PSK", "AES-256", 32, 16, 0, "SHA-384", 48);
case 0xC0A5: // PSK_WITH_AES_256_CCM
- return Ciphersuite(0xC0A5, "", "PSK", "AES-256/CCM", 32, 4, "AEAD", 0, "SHA-256");
+ return Ciphersuite(0xC0A5, "", "PSK", "AES-256/CCM", 32, 4, 8, "AEAD", 0, "SHA-256");
case 0xC0A9: // PSK_WITH_AES_256_CCM_8
- return Ciphersuite(0xC0A9, "", "PSK", "AES-256/CCM-8", 32, 4, "AEAD", 0, "SHA-256");
+ return Ciphersuite(0xC0A9, "", "PSK", "AES-256/CCM-8", 32, 4, 8, "AEAD", 0, "SHA-256");
case 0x00A9: // PSK_WITH_AES_256_GCM_SHA384
- return Ciphersuite(0x00A9, "", "PSK", "AES-256/GCM", 32, 4, "AEAD", 0, "SHA-384");
+ return Ciphersuite(0x00A9, "", "PSK", "AES-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384");
case 0xC094: // PSK_WITH_CAMELLIA_128_CBC_SHA256
- return Ciphersuite(0xC094, "", "PSK", "Camellia-128", 16, 16, "SHA-256", 32);
+ return Ciphersuite(0xC094, "", "PSK", "Camellia-128", 16, 16, 0, "SHA-256", 32);
case 0xC08E: // PSK_WITH_CAMELLIA_128_GCM_SHA256
- return Ciphersuite(0xC08E, "", "PSK", "Camellia-128/GCM", 16, 4, "AEAD", 0, "SHA-256");
+ return Ciphersuite(0xC08E, "", "PSK", "Camellia-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256");
case 0xC095: // PSK_WITH_CAMELLIA_256_CBC_SHA384
- return Ciphersuite(0xC095, "", "PSK", "Camellia-256", 32, 16, "SHA-384", 48);
+ return Ciphersuite(0xC095, "", "PSK", "Camellia-256", 32, 16, 0, "SHA-384", 48);
case 0xC08F: // PSK_WITH_CAMELLIA_256_GCM_SHA384
- return Ciphersuite(0xC08F, "", "PSK", "Camellia-256/GCM", 32, 4, "AEAD", 0, "SHA-384");
+ return Ciphersuite(0xC08F, "", "PSK", "Camellia-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384");
case 0x008A: // PSK_WITH_RC4_128_SHA
- return Ciphersuite(0x008A, "", "PSK", "RC4", 16, 0, "SHA-1", 20);
+ return Ciphersuite(0x008A, "", "PSK", "RC4", 16, 0, 0, "SHA-1", 20);
case 0x000A: // RSA_WITH_3DES_EDE_CBC_SHA
- return Ciphersuite(0x000A, "RSA", "RSA", "3DES", 24, 8, "SHA-1", 20);
+ return Ciphersuite(0x000A, "RSA", "RSA", "3DES", 24, 8, 0, "SHA-1", 20);
case 0x002F: // RSA_WITH_AES_128_CBC_SHA
- return Ciphersuite(0x002F, "RSA", "RSA", "AES-128", 16, 16, "SHA-1", 20);
+ return Ciphersuite(0x002F, "RSA", "RSA", "AES-128", 16, 16, 0, "SHA-1", 20);
case 0x003C: // RSA_WITH_AES_128_CBC_SHA256
- return Ciphersuite(0x003C, "RSA", "RSA", "AES-128", 16, 16, "SHA-256", 32);
+ return Ciphersuite(0x003C, "RSA", "RSA", "AES-128", 16, 16, 0, "SHA-256", 32);
case 0xC09C: // RSA_WITH_AES_128_CCM
- return Ciphersuite(0xC09C, "RSA", "RSA", "AES-128/CCM", 16, 4, "AEAD", 0, "SHA-256");
+ return Ciphersuite(0xC09C, "RSA", "RSA", "AES-128/CCM", 16, 4, 8, "AEAD", 0, "SHA-256");
case 0xC0A0: // RSA_WITH_AES_128_CCM_8
- return Ciphersuite(0xC0A0, "RSA", "RSA", "AES-128/CCM-8", 16, 4, "AEAD", 0, "SHA-256");
+ return Ciphersuite(0xC0A0, "RSA", "RSA", "AES-128/CCM-8", 16, 4, 8, "AEAD", 0, "SHA-256");
case 0x009C: // RSA_WITH_AES_128_GCM_SHA256
- return Ciphersuite(0x009C, "RSA", "RSA", "AES-128/GCM", 16, 4, "AEAD", 0, "SHA-256");
+ return Ciphersuite(0x009C, "RSA", "RSA", "AES-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256");
case 0x0035: // RSA_WITH_AES_256_CBC_SHA
- return Ciphersuite(0x0035, "RSA", "RSA", "AES-256", 32, 16, "SHA-1", 20);
+ return Ciphersuite(0x0035, "RSA", "RSA", "AES-256", 32, 16, 0, "SHA-1", 20);
case 0x003D: // RSA_WITH_AES_256_CBC_SHA256
- return Ciphersuite(0x003D, "RSA", "RSA", "AES-256", 32, 16, "SHA-256", 32);
+ return Ciphersuite(0x003D, "RSA", "RSA", "AES-256", 32, 16, 0, "SHA-256", 32);
case 0xC09D: // RSA_WITH_AES_256_CCM
- return Ciphersuite(0xC09D, "RSA", "RSA", "AES-256/CCM", 32, 4, "AEAD", 0, "SHA-256");
+ return Ciphersuite(0xC09D, "RSA", "RSA", "AES-256/CCM", 32, 4, 8, "AEAD", 0, "SHA-256");
case 0xC0A1: // RSA_WITH_AES_256_CCM_8
- return Ciphersuite(0xC0A1, "RSA", "RSA", "AES-256/CCM-8", 32, 4, "AEAD", 0, "SHA-256");
+ return Ciphersuite(0xC0A1, "RSA", "RSA", "AES-256/CCM-8", 32, 4, 8, "AEAD", 0, "SHA-256");
case 0x009D: // RSA_WITH_AES_256_GCM_SHA384
- return Ciphersuite(0x009D, "RSA", "RSA", "AES-256/GCM", 32, 4, "AEAD", 0, "SHA-384");
+ return Ciphersuite(0x009D, "RSA", "RSA", "AES-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384");
case 0x0041: // RSA_WITH_CAMELLIA_128_CBC_SHA
- return Ciphersuite(0x0041, "RSA", "RSA", "Camellia-128", 16, 16, "SHA-1", 20);
+ return Ciphersuite(0x0041, "RSA", "RSA", "Camellia-128", 16, 16, 0, "SHA-1", 20);
case 0x00BA: // RSA_WITH_CAMELLIA_128_CBC_SHA256
- return Ciphersuite(0x00BA, "RSA", "RSA", "Camellia-128", 16, 16, "SHA-256", 32);
+ return Ciphersuite(0x00BA, "RSA", "RSA", "Camellia-128", 16, 16, 0, "SHA-256", 32);
case 0xC07A: // RSA_WITH_CAMELLIA_128_GCM_SHA256
- return Ciphersuite(0xC07A, "RSA", "RSA", "Camellia-128/GCM", 16, 4, "AEAD", 0, "SHA-256");
+ return Ciphersuite(0xC07A, "RSA", "RSA", "Camellia-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256");
case 0x0084: // RSA_WITH_CAMELLIA_256_CBC_SHA
- return Ciphersuite(0x0084, "RSA", "RSA", "Camellia-256", 32, 16, "SHA-1", 20);
+ return Ciphersuite(0x0084, "RSA", "RSA", "Camellia-256", 32, 16, 0, "SHA-1", 20);
case 0x00C0: // RSA_WITH_CAMELLIA_256_CBC_SHA256
- return Ciphersuite(0x00C0, "RSA", "RSA", "Camellia-256", 32, 16, "SHA-256", 32);
+ return Ciphersuite(0x00C0, "RSA", "RSA", "Camellia-256", 32, 16, 0, "SHA-256", 32);
case 0xC07B: // RSA_WITH_CAMELLIA_256_GCM_SHA384
- return Ciphersuite(0xC07B, "RSA", "RSA", "Camellia-256/GCM", 32, 4, "AEAD", 0, "SHA-384");
+ return Ciphersuite(0xC07B, "RSA", "RSA", "Camellia-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384");
case 0x0004: // RSA_WITH_RC4_128_MD5
- return Ciphersuite(0x0004, "RSA", "RSA", "RC4", 16, 0, "MD5", 16);
+ return Ciphersuite(0x0004, "RSA", "RSA", "RC4", 16, 0, 0, "MD5", 16);
case 0x0005: // RSA_WITH_RC4_128_SHA
- return Ciphersuite(0x0005, "RSA", "RSA", "RC4", 16, 0, "SHA-1", 20);
+ return Ciphersuite(0x0005, "RSA", "RSA", "RC4", 16, 0, 0, "SHA-1", 20);
case 0x0096: // RSA_WITH_SEED_CBC_SHA
- return Ciphersuite(0x0096, "RSA", "RSA", "SEED", 16, 16, "SHA-1", 20);
+ return Ciphersuite(0x0096, "RSA", "RSA", "SEED", 16, 16, 0, "SHA-1", 20);
case 0xC01C: // SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA
- return Ciphersuite(0xC01C, "DSA", "SRP_SHA", "3DES", 24, 8, "SHA-1", 20);
+ return Ciphersuite(0xC01C, "DSA", "SRP_SHA", "3DES", 24, 8, 0, "SHA-1", 20);
case 0xC01F: // SRP_SHA_DSS_WITH_AES_128_CBC_SHA
- return Ciphersuite(0xC01F, "DSA", "SRP_SHA", "AES-128", 16, 16, "SHA-1", 20);
+ return Ciphersuite(0xC01F, "DSA", "SRP_SHA", "AES-128", 16, 16, 0, "SHA-1", 20);
case 0xC022: // SRP_SHA_DSS_WITH_AES_256_CBC_SHA
- return Ciphersuite(0xC022, "DSA", "SRP_SHA", "AES-256", 32, 16, "SHA-1", 20);
+ return Ciphersuite(0xC022, "DSA", "SRP_SHA", "AES-256", 32, 16, 0, "SHA-1", 20);
case 0xC01B: // SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA
- return Ciphersuite(0xC01B, "RSA", "SRP_SHA", "3DES", 24, 8, "SHA-1", 20);
+ return Ciphersuite(0xC01B, "RSA", "SRP_SHA", "3DES", 24, 8, 0, "SHA-1", 20);
case 0xC01E: // SRP_SHA_RSA_WITH_AES_128_CBC_SHA
- return Ciphersuite(0xC01E, "RSA", "SRP_SHA", "AES-128", 16, 16, "SHA-1", 20);
+ return Ciphersuite(0xC01E, "RSA", "SRP_SHA", "AES-128", 16, 16, 0, "SHA-1", 20);
case 0xC021: // SRP_SHA_RSA_WITH_AES_256_CBC_SHA
- return Ciphersuite(0xC021, "RSA", "SRP_SHA", "AES-256", 32, 16, "SHA-1", 20);
+ return Ciphersuite(0xC021, "RSA", "SRP_SHA", "AES-256", 32, 16, 0, "SHA-1", 20);
case 0xC01A: // SRP_SHA_WITH_3DES_EDE_CBC_SHA
- return Ciphersuite(0xC01A, "", "SRP_SHA", "3DES", 24, 8, "SHA-1", 20);
+ return Ciphersuite(0xC01A, "", "SRP_SHA", "3DES", 24, 8, 0, "SHA-1", 20);
case 0xC01D: // SRP_SHA_WITH_AES_128_CBC_SHA
- return Ciphersuite(0xC01D, "", "SRP_SHA", "AES-128", 16, 16, "SHA-1", 20);
+ return Ciphersuite(0xC01D, "", "SRP_SHA", "AES-128", 16, 16, 0, "SHA-1", 20);
case 0xC020: // SRP_SHA_WITH_AES_256_CBC_SHA
- return Ciphersuite(0xC020, "", "SRP_SHA", "AES-256", 32, 16, "SHA-1", 20);
+ return Ciphersuite(0xC020, "", "SRP_SHA", "AES-256", 32, 16, 0, "SHA-1", 20);
}
diff --git a/src/scripts/tls_suite_info.py b/src/scripts/tls_suite_info.py
index 48560f617..31bc70a4f 100755
--- a/src/scripts/tls_suite_info.py
+++ b/src/scripts/tls_suite_info.py
@@ -128,13 +128,14 @@ def to_ciphersuite_info(code, name):
cipher_algo += '/' + mode
if cipher_algo in stream_ciphers or mode == 'CBC':
- return 'Ciphersuite(0x%s, "%s", "%s", "%s", %d, %d, "%s", %d)' % (
+ return 'Ciphersuite(0x%s, "%s", "%s", "%s", %d, %d, 0, "%s", %d)' % (
code, sig_algo, kex_algo, cipher_algo, cipher_keylen, ivlen, mac_algo, mac_keylen[mac_algo])
else:
imp_iv_len = 4
+ exp_iv_len = 8
- return 'Ciphersuite(0x%s, "%s", "%s", "%s", %d, %d, "AEAD", %d, "%s")' % (
- code, sig_algo, kex_algo, cipher_algo, cipher_keylen, imp_iv_len, 0, mac_algo)
+ return 'Ciphersuite(0x%s, "%s", "%s", "%s", %d, %d, %d, "AEAD", %d, "%s")' % (
+ code, sig_algo, kex_algo, cipher_algo, cipher_keylen, imp_iv_len, exp_iv_len, 0, mac_algo)
def open_input(args):
iana_url = 'https://www.iana.org/assignments/tls-parameters/tls-parameters.txt'