diff options
author | lloyd <[email protected]> | 2013-04-10 22:20:07 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2013-04-10 22:20:07 +0000 |
commit | 3f9d452f604956e92a78f13e068530235519f84e (patch) | |
tree | d7a5142a38001127f76ba271e243ad392657b80a | |
parent | bf8e0fc381df4f4c89b5d7bf8f4f6f6038ad287d (diff) |
Make the IV length and MAC keylength explicit in the ciphersuite
Add support for alternate PRFs
-rwxr-xr-x | src/build-data/scripts/tls_suite_info.py | 23 | ||||
-rw-r--r-- | src/tls/msg_finished.cpp | 2 | ||||
-rw-r--r-- | src/tls/tls_ciphersuite.cpp | 17 | ||||
-rw-r--r-- | src/tls/tls_ciphersuite.h | 42 | ||||
-rw-r--r-- | src/tls/tls_handshake_state.cpp | 6 | ||||
-rw-r--r-- | src/tls/tls_session_key.cpp | 7 | ||||
-rw-r--r-- | src/tls/tls_suite_info.cpp | 195 |
7 files changed, 164 insertions, 128 deletions
diff --git a/src/build-data/scripts/tls_suite_info.py b/src/build-data/scripts/tls_suite_info.py index 7e2ec3acb..bacb68bca 100755 --- a/src/build-data/scripts/tls_suite_info.py +++ b/src/build-data/scripts/tls_suite_info.py @@ -1,4 +1,4 @@ -#!/usr/bin/python +#!/usr/bin/env python2 """ Used to generate src/tls/tls_suite_info.cpp @@ -73,6 +73,14 @@ def to_ciphersuite_info(code, name): 'ECDHE_PSK': 'ECDHE_PSK', } + mac_keylen = { + 'MD5': 16, + 'SHA-1': 20, + 'SHA-256': 32, + 'SHA-384': 48, + 'SHA-512': 64, + } + mac_algo = tls_to_botan_names[mac_algo] sig_algo = tls_to_botan_names[sig_algo] kex_algo = tls_to_botan_names[kex_algo] @@ -86,16 +94,24 @@ def to_ciphersuite_info(code, name): cipher_algo += '-%d' % (cipher_keylen*8) modestr = '' + mode = '' + ivlen = 0 if cipher_algo != 'ARC4': mode = cipher[-1] if mode not in ['CBC', 'GCM', 'CCM']: print "** Unknown mode %s" % (' '.join(cipher)) + ivlen = 8 if cipher_algo == '3DES' else 16 + if mode != 'CBC': cipher_algo += '/' + mode - return 'Ciphersuite(0x%s, "%s", "%s", "%s", "%s", %d)' % ( - code, sig_algo, kex_algo, mac_algo, cipher_algo, cipher_keylen) + if cipher_algo != 'ARC4' and mode != 'CBC': + return 'Ciphersuite(0x%s, "%s", "%s", "%s", %d, %d, "AEAD", %d, "%s")' % ( + code, sig_algo, kex_algo, cipher_algo, cipher_keylen, 4, 0, mac_algo) + else: + return 'Ciphersuite(0x%s, "%s", "%s", "%s", %d, %d, "%s", %d)' % ( + code, sig_algo, kex_algo, cipher_algo, cipher_keylen, ivlen, mac_algo, mac_keylen[mac_algo]) def main(args = None): if args is None: @@ -150,7 +166,6 @@ namespace TLS { Ciphersuite Ciphersuite::by_id(u16bit suite) { - switch(suite) { """ % (sys.argv[0]) diff --git a/src/tls/msg_finished.cpp b/src/tls/msg_finished.cpp index 059ed8363..c018497c8 100644 --- a/src/tls/msg_finished.cpp +++ b/src/tls/msg_finished.cpp @@ -55,7 +55,7 @@ std::vector<byte> finished_compute_verify(const Handshake_State& state, else input += std::make_pair(TLS_SERVER_LABEL, sizeof(TLS_SERVER_LABEL)); - input += state.hash().final(state.version(), state.ciphersuite().mac_algo()); + input += state.hash().final(state.version(), state.ciphersuite().prf_algo()); return unlock(prf->derive_key(12, state.session_keys().master_secret(), input)); } diff --git a/src/tls/tls_ciphersuite.cpp b/src/tls/tls_ciphersuite.cpp index 3a1a9fefd..1cc8a8f2f 100644 --- a/src/tls/tls_ciphersuite.cpp +++ b/src/tls/tls_ciphersuite.cpp @@ -104,22 +104,23 @@ std::string Ciphersuite::to_string() const { if(cipher_algo() == "3DES") out << "3DES_EDE"; - else if(cipher_algo() == "Camellia-128" || cipher_algo() == "Camellia-256") + else if(cipher_algo().find("Camellia") == 0) out << "CAMELLIA_" << std::to_string(8*cipher_keylen()); else - out << replace_char(cipher_algo(), '-', '_'); + out << replace_chars(cipher_algo(), {'-', '/'}, '_'); - out << "_CBC_"; + if(cipher_algo().find("/GCM") != std::string::npos) + out << "_"; + else + out << "_CBC_"; } if(mac_algo() == "SHA-1") out << "SHA"; - else if(mac_algo() == "SHA-256") - out << "SHA256"; - else if(mac_algo() == "SHA-384") - out << "SHA384"; + else if(mac_algo() == "AEAD") + out << erase_chars(prf_algo(), {'-'}); else - out << mac_algo(); + out << erase_chars(mac_algo(), {'-'}); return out.str(); } diff --git a/src/tls/tls_ciphersuite.h b/src/tls/tls_ciphersuite.h index 74ad57991..73ca5b9e6 100644 --- a/src/tls/tls_ciphersuite.h +++ b/src/tls/tls_ciphersuite.h @@ -84,37 +84,61 @@ class BOTAN_DLL Ciphersuite */ std::string mac_algo() const { return m_mac_algo; } + std::string prf_algo() const + { + return (m_prf_algo != "") ? m_prf_algo : m_mac_algo; + } + /** * @return cipher key length used by this ciphersuite */ size_t cipher_keylen() const { return m_cipher_keylen; } + size_t cipher_ivlen() const { return m_cipher_ivlen; } + + size_t mac_keylen() const { return m_mac_keylen; } + /** * @return true if this is a valid/known ciphersuite */ bool valid() const { return (m_cipher_keylen > 0); } - Ciphersuite() : m_cipher_keylen(0) {} + Ciphersuite() {} + + private: Ciphersuite(u16bit ciphersuite_code, const std::string& sig_algo, const std::string& kex_algo, - const std::string& mac_algo, const std::string& cipher_algo, - size_t cipher_algo_keylen) : + size_t cipher_keylen, + size_t cipher_ivlen, + const std::string& mac_algo, + size_t mac_keylen, + const std::string& prf_algo = "") : m_ciphersuite_code(ciphersuite_code), m_sig_algo(sig_algo), m_kex_algo(kex_algo), - m_mac_algo(mac_algo), m_cipher_algo(cipher_algo), - m_cipher_keylen(cipher_algo_keylen) + m_mac_algo(mac_algo), + m_prf_algo(prf_algo), + m_cipher_keylen(cipher_keylen), + m_cipher_ivlen(cipher_ivlen), + m_mac_keylen(mac_keylen) { } - private: - u16bit m_ciphersuite_code; - std::string m_sig_algo, m_kex_algo, m_mac_algo, m_cipher_algo; - size_t m_cipher_keylen; + u16bit m_ciphersuite_code = 0; + + std::string m_sig_algo; + std::string m_kex_algo; + std::string m_cipher_algo; + std::string m_mac_algo; + std::string m_prf_algo; + + size_t m_cipher_keylen = 0; + size_t m_cipher_ivlen = 0; + size_t m_mac_keylen = 0; }; } diff --git a/src/tls/tls_handshake_state.cpp b/src/tls/tls_handshake_state.cpp index 57078a6d7..8b5de810f 100644 --- a/src/tls/tls_handshake_state.cpp +++ b/src/tls/tls_handshake_state.cpp @@ -265,12 +265,12 @@ KDF* Handshake_State::protocol_specific_prf() const } else if(version().supports_ciphersuite_specific_prf()) { - const std::string mac_algo = ciphersuite().mac_algo(); + const std::string prf_algo = ciphersuite().prf_algo(); - if(mac_algo == "MD5" || mac_algo == "SHA-1") + if(prf_algo == "MD5" || prf_algo == "SHA-1") return get_kdf("TLS-12-PRF(SHA-256)"); - return get_kdf("TLS-12-PRF(" + mac_algo + ")"); + return get_kdf("TLS-12-PRF(" + prf_algo + ")"); } else { diff --git a/src/tls/tls_session_key.cpp b/src/tls/tls_session_key.cpp index 9f06ecdab..06cd1d0a1 100644 --- a/src/tls/tls_session_key.cpp +++ b/src/tls/tls_session_key.cpp @@ -22,12 +22,9 @@ Session_Keys::Session_Keys(const Handshake_State* state, const secure_vector<byte>& pre_master_secret, bool resuming) { - const size_t mac_keylen = output_length_of(state->ciphersuite().mac_algo()); const size_t cipher_keylen = state->ciphersuite().cipher_keylen(); - - size_t cipher_ivlen = 0; - if(have_block_cipher(state->ciphersuite().cipher_algo())) - cipher_ivlen = block_size_of(state->ciphersuite().cipher_algo()); + const size_t mac_keylen = state->ciphersuite().mac_keylen(); + const size_t cipher_ivlen = state->ciphersuite().cipher_ivlen(); const size_t prf_gen = 2 * (mac_keylen + cipher_keylen + cipher_ivlen); diff --git a/src/tls/tls_suite_info.cpp b/src/tls/tls_suite_info.cpp index 70d938979..10e47d51d 100644 --- a/src/tls/tls_suite_info.cpp +++ b/src/tls/tls_suite_info.cpp @@ -15,300 +15,299 @@ namespace TLS { Ciphersuite Ciphersuite::by_id(u16bit suite) { - switch(suite) { case 0x0013: // DHE_DSS_WITH_3DES_EDE_CBC_SHA - return Ciphersuite(0x0013, "DSA", "DH", "SHA-1", "3DES", 24); + return Ciphersuite(0x0013, "DSA", "DH", "3DES", 24, 8, "SHA-1", 20); case 0x0032: // DHE_DSS_WITH_AES_128_CBC_SHA - return Ciphersuite(0x0032, "DSA", "DH", "SHA-1", "AES-128", 16); + return Ciphersuite(0x0032, "DSA", "DH", "AES-128", 16, 16, "SHA-1", 20); case 0x0040: // DHE_DSS_WITH_AES_128_CBC_SHA256 - return Ciphersuite(0x0040, "DSA", "DH", "SHA-256", "AES-128", 16); + return Ciphersuite(0x0040, "DSA", "DH", "AES-128", 16, 16, "SHA-256", 32); case 0x0038: // DHE_DSS_WITH_AES_256_CBC_SHA - return Ciphersuite(0x0038, "DSA", "DH", "SHA-1", "AES-256", 32); + return Ciphersuite(0x0038, "DSA", "DH", "AES-256", 32, 16, "SHA-1", 20); case 0x006A: // DHE_DSS_WITH_AES_256_CBC_SHA256 - return Ciphersuite(0x006A, "DSA", "DH", "SHA-256", "AES-256", 32); + return Ciphersuite(0x006A, "DSA", "DH", "AES-256", 32, 16, "SHA-256", 32); case 0x0044: // DHE_DSS_WITH_CAMELLIA_128_CBC_SHA - return Ciphersuite(0x0044, "DSA", "DH", "SHA-1", "Camellia-128", 16); + return Ciphersuite(0x0044, "DSA", "DH", "Camellia-128", 16, 16, "SHA-1", 20); case 0x00BD: // DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 - return Ciphersuite(0x00BD, "DSA", "DH", "SHA-256", "Camellia-128", 16); + return Ciphersuite(0x00BD, "DSA", "DH", "Camellia-128", 16, 16, "SHA-256", 32); case 0x0087: // DHE_DSS_WITH_CAMELLIA_256_CBC_SHA - return Ciphersuite(0x0087, "DSA", "DH", "SHA-1", "Camellia-256", 32); + return Ciphersuite(0x0087, "DSA", "DH", "Camellia-256", 32, 16, "SHA-1", 20); case 0x00C3: // DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 - return Ciphersuite(0x00C3, "DSA", "DH", "SHA-256", "Camellia-256", 32); + return Ciphersuite(0x00C3, "DSA", "DH", "Camellia-256", 32, 16, "SHA-256", 32); case 0x0066: // DHE_DSS_WITH_RC4_128_SHA - return Ciphersuite(0x0066, "DSA", "DH", "SHA-1", "ARC4", 16); + return Ciphersuite(0x0066, "DSA", "DH", "ARC4", 16, 0, "SHA-1", 20); case 0x0099: // DHE_DSS_WITH_SEED_CBC_SHA - return Ciphersuite(0x0099, "DSA", "DH", "SHA-1", "SEED", 16); + return Ciphersuite(0x0099, "DSA", "DH", "SEED", 16, 16, "SHA-1", 20); case 0x008F: // DHE_PSK_WITH_3DES_EDE_CBC_SHA - return Ciphersuite(0x008F, "", "DHE_PSK", "SHA-1", "3DES", 24); + return Ciphersuite(0x008F, "", "DHE_PSK", "3DES", 24, 8, "SHA-1", 20); case 0x0090: // DHE_PSK_WITH_AES_128_CBC_SHA - return Ciphersuite(0x0090, "", "DHE_PSK", "SHA-1", "AES-128", 16); + return Ciphersuite(0x0090, "", "DHE_PSK", "AES-128", 16, 16, "SHA-1", 20); case 0x00B2: // DHE_PSK_WITH_AES_128_CBC_SHA256 - return Ciphersuite(0x00B2, "", "DHE_PSK", "SHA-256", "AES-128", 16); + return Ciphersuite(0x00B2, "", "DHE_PSK", "AES-128", 16, 16, "SHA-256", 32); case 0x0091: // DHE_PSK_WITH_AES_256_CBC_SHA - return Ciphersuite(0x0091, "", "DHE_PSK", "SHA-1", "AES-256", 32); + return Ciphersuite(0x0091, "", "DHE_PSK", "AES-256", 32, 16, "SHA-1", 20); case 0x00B3: // DHE_PSK_WITH_AES_256_CBC_SHA384 - return Ciphersuite(0x00B3, "", "DHE_PSK", "SHA-384", "AES-256", 32); + return Ciphersuite(0x00B3, "", "DHE_PSK", "AES-256", 32, 16, "SHA-384", 48); case 0xC096: // DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 - return Ciphersuite(0xC096, "", "DHE_PSK", "SHA-256", "Camellia-128", 16); + return Ciphersuite(0xC096, "", "DHE_PSK", "Camellia-128", 16, 16, "SHA-256", 32); case 0xC097: // DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 - return Ciphersuite(0xC097, "", "DHE_PSK", "SHA-384", "Camellia-256", 32); + return Ciphersuite(0xC097, "", "DHE_PSK", "Camellia-256", 32, 16, "SHA-384", 48); case 0x008E: // DHE_PSK_WITH_RC4_128_SHA - return Ciphersuite(0x008E, "", "DHE_PSK", "SHA-1", "ARC4", 16); + return Ciphersuite(0x008E, "", "DHE_PSK", "ARC4", 16, 0, "SHA-1", 20); case 0x0016: // DHE_RSA_WITH_3DES_EDE_CBC_SHA - return Ciphersuite(0x0016, "RSA", "DH", "SHA-1", "3DES", 24); + return Ciphersuite(0x0016, "RSA", "DH", "3DES", 24, 8, "SHA-1", 20); case 0x0033: // DHE_RSA_WITH_AES_128_CBC_SHA - return Ciphersuite(0x0033, "RSA", "DH", "SHA-1", "AES-128", 16); + return Ciphersuite(0x0033, "RSA", "DH", "AES-128", 16, 16, "SHA-1", 20); case 0x0067: // DHE_RSA_WITH_AES_128_CBC_SHA256 - return Ciphersuite(0x0067, "RSA", "DH", "SHA-256", "AES-128", 16); + return Ciphersuite(0x0067, "RSA", "DH", "AES-128", 16, 16, "SHA-256", 32); case 0x0039: // DHE_RSA_WITH_AES_256_CBC_SHA - return Ciphersuite(0x0039, "RSA", "DH", "SHA-1", "AES-256", 32); + return Ciphersuite(0x0039, "RSA", "DH", "AES-256", 32, 16, "SHA-1", 20); case 0x006B: // DHE_RSA_WITH_AES_256_CBC_SHA256 - return Ciphersuite(0x006B, "RSA", "DH", "SHA-256", "AES-256", 32); + return Ciphersuite(0x006B, "RSA", "DH", "AES-256", 32, 16, "SHA-256", 32); case 0x0045: // DHE_RSA_WITH_CAMELLIA_128_CBC_SHA - return Ciphersuite(0x0045, "RSA", "DH", "SHA-1", "Camellia-128", 16); + return Ciphersuite(0x0045, "RSA", "DH", "Camellia-128", 16, 16, "SHA-1", 20); case 0x00BE: // DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 - return Ciphersuite(0x00BE, "RSA", "DH", "SHA-256", "Camellia-128", 16); + return Ciphersuite(0x00BE, "RSA", "DH", "Camellia-128", 16, 16, "SHA-256", 32); case 0x0088: // DHE_RSA_WITH_CAMELLIA_256_CBC_SHA - return Ciphersuite(0x0088, "RSA", "DH", "SHA-1", "Camellia-256", 32); + return Ciphersuite(0x0088, "RSA", "DH", "Camellia-256", 32, 16, "SHA-1", 20); case 0x00C4: // DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 - return Ciphersuite(0x00C4, "RSA", "DH", "SHA-256", "Camellia-256", 32); + return Ciphersuite(0x00C4, "RSA", "DH", "Camellia-256", 32, 16, "SHA-256", 32); case 0x009A: // DHE_RSA_WITH_SEED_CBC_SHA - return Ciphersuite(0x009A, "RSA", "DH", "SHA-1", "SEED", 16); + return Ciphersuite(0x009A, "RSA", "DH", "SEED", 16, 16, "SHA-1", 20); case 0x001B: // DH_anon_WITH_3DES_EDE_CBC_SHA - return Ciphersuite(0x001B, "", "DH", "SHA-1", "3DES", 24); + return Ciphersuite(0x001B, "", "DH", "3DES", 24, 8, "SHA-1", 20); case 0x0034: // DH_anon_WITH_AES_128_CBC_SHA - return Ciphersuite(0x0034, "", "DH", "SHA-1", "AES-128", 16); + return Ciphersuite(0x0034, "", "DH", "AES-128", 16, 16, "SHA-1", 20); case 0x006C: // DH_anon_WITH_AES_128_CBC_SHA256 - return Ciphersuite(0x006C, "", "DH", "SHA-256", "AES-128", 16); + return Ciphersuite(0x006C, "", "DH", "AES-128", 16, 16, "SHA-256", 32); case 0x003A: // DH_anon_WITH_AES_256_CBC_SHA - return Ciphersuite(0x003A, "", "DH", "SHA-1", "AES-256", 32); + return Ciphersuite(0x003A, "", "DH", "AES-256", 32, 16, "SHA-1", 20); case 0x006D: // DH_anon_WITH_AES_256_CBC_SHA256 - return Ciphersuite(0x006D, "", "DH", "SHA-256", "AES-256", 32); + return Ciphersuite(0x006D, "", "DH", "AES-256", 32, 16, "SHA-256", 32); case 0x0046: // DH_anon_WITH_CAMELLIA_128_CBC_SHA - return Ciphersuite(0x0046, "", "DH", "SHA-1", "Camellia-128", 16); + return Ciphersuite(0x0046, "", "DH", "Camellia-128", 16, 16, "SHA-1", 20); case 0x00BF: // DH_anon_WITH_CAMELLIA_128_CBC_SHA256 - return Ciphersuite(0x00BF, "", "DH", "SHA-256", "Camellia-128", 16); + return Ciphersuite(0x00BF, "", "DH", "Camellia-128", 16, 16, "SHA-256", 32); case 0x0089: // DH_anon_WITH_CAMELLIA_256_CBC_SHA - return Ciphersuite(0x0089, "", "DH", "SHA-1", "Camellia-256", 32); + return Ciphersuite(0x0089, "", "DH", "Camellia-256", 32, 16, "SHA-1", 20); case 0x00C5: // DH_anon_WITH_CAMELLIA_256_CBC_SHA256 - return Ciphersuite(0x00C5, "", "DH", "SHA-256", "Camellia-256", 32); + return Ciphersuite(0x00C5, "", "DH", "Camellia-256", 32, 16, "SHA-256", 32); case 0x0018: // DH_anon_WITH_RC4_128_MD5 - return Ciphersuite(0x0018, "", "DH", "MD5", "ARC4", 16); + return Ciphersuite(0x0018, "", "DH", "ARC4", 16, 0, "MD5", 16); case 0x009B: // DH_anon_WITH_SEED_CBC_SHA - return Ciphersuite(0x009B, "", "DH", "SHA-1", "SEED", 16); + return Ciphersuite(0x009B, "", "DH", "SEED", 16, 16, "SHA-1", 20); case 0xC008: // ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA - return Ciphersuite(0xC008, "ECDSA", "ECDH", "SHA-1", "3DES", 24); + return Ciphersuite(0xC008, "ECDSA", "ECDH", "3DES", 24, 8, "SHA-1", 20); case 0xC009: // ECDHE_ECDSA_WITH_AES_128_CBC_SHA - return Ciphersuite(0xC009, "ECDSA", "ECDH", "SHA-1", "AES-128", 16); + return Ciphersuite(0xC009, "ECDSA", "ECDH", "AES-128", 16, 16, "SHA-1", 20); case 0xC023: // ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 - return Ciphersuite(0xC023, "ECDSA", "ECDH", "SHA-256", "AES-128", 16); + return Ciphersuite(0xC023, "ECDSA", "ECDH", "AES-128", 16, 16, "SHA-256", 32); case 0xC00A: // ECDHE_ECDSA_WITH_AES_256_CBC_SHA - return Ciphersuite(0xC00A, "ECDSA", "ECDH", "SHA-1", "AES-256", 32); + return Ciphersuite(0xC00A, "ECDSA", "ECDH", "AES-256", 32, 16, "SHA-1", 20); case 0xC024: // ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 - return Ciphersuite(0xC024, "ECDSA", "ECDH", "SHA-384", "AES-256", 32); + return Ciphersuite(0xC024, "ECDSA", "ECDH", "AES-256", 32, 16, "SHA-384", 48); case 0xC072: // ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 - return Ciphersuite(0xC072, "ECDSA", "ECDH", "SHA-256", "Camellia-128", 16); + return Ciphersuite(0xC072, "ECDSA", "ECDH", "Camellia-128", 16, 16, "SHA-256", 32); case 0xC073: // ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 - return Ciphersuite(0xC073, "ECDSA", "ECDH", "SHA-384", "Camellia-256", 32); + return Ciphersuite(0xC073, "ECDSA", "ECDH", "Camellia-256", 32, 16, "SHA-384", 48); case 0xC007: // ECDHE_ECDSA_WITH_RC4_128_SHA - return Ciphersuite(0xC007, "ECDSA", "ECDH", "SHA-1", "ARC4", 16); + return Ciphersuite(0xC007, "ECDSA", "ECDH", "ARC4", 16, 0, "SHA-1", 20); case 0xC034: // ECDHE_PSK_WITH_3DES_EDE_CBC_SHA - return Ciphersuite(0xC034, "", "ECDHE_PSK", "SHA-1", "3DES", 24); + return Ciphersuite(0xC034, "", "ECDHE_PSK", "3DES", 24, 8, "SHA-1", 20); case 0xC035: // ECDHE_PSK_WITH_AES_128_CBC_SHA - return Ciphersuite(0xC035, "", "ECDHE_PSK", "SHA-1", "AES-128", 16); + return Ciphersuite(0xC035, "", "ECDHE_PSK", "AES-128", 16, 16, "SHA-1", 20); case 0xC037: // ECDHE_PSK_WITH_AES_128_CBC_SHA256 - return Ciphersuite(0xC037, "", "ECDHE_PSK", "SHA-256", "AES-128", 16); + return Ciphersuite(0xC037, "", "ECDHE_PSK", "AES-128", 16, 16, "SHA-256", 32); case 0xC036: // ECDHE_PSK_WITH_AES_256_CBC_SHA - return Ciphersuite(0xC036, "", "ECDHE_PSK", "SHA-1", "AES-256", 32); + return Ciphersuite(0xC036, "", "ECDHE_PSK", "AES-256", 32, 16, "SHA-1", 20); case 0xC038: // ECDHE_PSK_WITH_AES_256_CBC_SHA384 - return Ciphersuite(0xC038, "", "ECDHE_PSK", "SHA-384", "AES-256", 32); + return Ciphersuite(0xC038, "", "ECDHE_PSK", "AES-256", 32, 16, "SHA-384", 48); case 0xC09A: // ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 - return Ciphersuite(0xC09A, "", "ECDHE_PSK", "SHA-256", "Camellia-128", 16); + return Ciphersuite(0xC09A, "", "ECDHE_PSK", "Camellia-128", 16, 16, "SHA-256", 32); case 0xC09B: // ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 - return Ciphersuite(0xC09B, "", "ECDHE_PSK", "SHA-384", "Camellia-256", 32); + return Ciphersuite(0xC09B, "", "ECDHE_PSK", "Camellia-256", 32, 16, "SHA-384", 48); case 0xC033: // ECDHE_PSK_WITH_RC4_128_SHA - return Ciphersuite(0xC033, "", "ECDHE_PSK", "SHA-1", "ARC4", 16); + return Ciphersuite(0xC033, "", "ECDHE_PSK", "ARC4", 16, 0, "SHA-1", 20); case 0xC012: // ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - return Ciphersuite(0xC012, "RSA", "ECDH", "SHA-1", "3DES", 24); + return Ciphersuite(0xC012, "RSA", "ECDH", "3DES", 24, 8, "SHA-1", 20); case 0xC013: // ECDHE_RSA_WITH_AES_128_CBC_SHA - return Ciphersuite(0xC013, "RSA", "ECDH", "SHA-1", "AES-128", 16); + return Ciphersuite(0xC013, "RSA", "ECDH", "AES-128", 16, 16, "SHA-1", 20); case 0xC027: // ECDHE_RSA_WITH_AES_128_CBC_SHA256 - return Ciphersuite(0xC027, "RSA", "ECDH", "SHA-256", "AES-128", 16); + return Ciphersuite(0xC027, "RSA", "ECDH", "AES-128", 16, 16, "SHA-256", 32); case 0xC014: // ECDHE_RSA_WITH_AES_256_CBC_SHA - return Ciphersuite(0xC014, "RSA", "ECDH", "SHA-1", "AES-256", 32); + return Ciphersuite(0xC014, "RSA", "ECDH", "AES-256", 32, 16, "SHA-1", 20); case 0xC028: // ECDHE_RSA_WITH_AES_256_CBC_SHA384 - return Ciphersuite(0xC028, "RSA", "ECDH", "SHA-384", "AES-256", 32); + return Ciphersuite(0xC028, "RSA", "ECDH", "AES-256", 32, 16, "SHA-384", 48); case 0xC076: // ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 - return Ciphersuite(0xC076, "RSA", "ECDH", "SHA-256", "Camellia-128", 16); + return Ciphersuite(0xC076, "RSA", "ECDH", "Camellia-128", 16, 16, "SHA-256", 32); case 0xC077: // ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 - return Ciphersuite(0xC077, "RSA", "ECDH", "SHA-384", "Camellia-256", 32); + return Ciphersuite(0xC077, "RSA", "ECDH", "Camellia-256", 32, 16, "SHA-384", 48); case 0xC011: // ECDHE_RSA_WITH_RC4_128_SHA - return Ciphersuite(0xC011, "RSA", "ECDH", "SHA-1", "ARC4", 16); + return Ciphersuite(0xC011, "RSA", "ECDH", "ARC4", 16, 0, "SHA-1", 20); case 0xC017: // ECDH_anon_WITH_3DES_EDE_CBC_SHA - return Ciphersuite(0xC017, "", "ECDH", "SHA-1", "3DES", 24); + return Ciphersuite(0xC017, "", "ECDH", "3DES", 24, 8, "SHA-1", 20); case 0xC018: // ECDH_anon_WITH_AES_128_CBC_SHA - return Ciphersuite(0xC018, "", "ECDH", "SHA-1", "AES-128", 16); + return Ciphersuite(0xC018, "", "ECDH", "AES-128", 16, 16, "SHA-1", 20); case 0xC019: // ECDH_anon_WITH_AES_256_CBC_SHA - return Ciphersuite(0xC019, "", "ECDH", "SHA-1", "AES-256", 32); + return Ciphersuite(0xC019, "", "ECDH", "AES-256", 32, 16, "SHA-1", 20); case 0xC016: // ECDH_anon_WITH_RC4_128_SHA - return Ciphersuite(0xC016, "", "ECDH", "SHA-1", "ARC4", 16); + return Ciphersuite(0xC016, "", "ECDH", "ARC4", 16, 0, "SHA-1", 20); case 0x008B: // PSK_WITH_3DES_EDE_CBC_SHA - return Ciphersuite(0x008B, "", "PSK", "SHA-1", "3DES", 24); + return Ciphersuite(0x008B, "", "PSK", "3DES", 24, 8, "SHA-1", 20); case 0x008C: // PSK_WITH_AES_128_CBC_SHA - return Ciphersuite(0x008C, "", "PSK", "SHA-1", "AES-128", 16); + return Ciphersuite(0x008C, "", "PSK", "AES-128", 16, 16, "SHA-1", 20); case 0x00AE: // PSK_WITH_AES_128_CBC_SHA256 - return Ciphersuite(0x00AE, "", "PSK", "SHA-256", "AES-128", 16); + return Ciphersuite(0x00AE, "", "PSK", "AES-128", 16, 16, "SHA-256", 32); case 0x008D: // PSK_WITH_AES_256_CBC_SHA - return Ciphersuite(0x008D, "", "PSK", "SHA-1", "AES-256", 32); + return Ciphersuite(0x008D, "", "PSK", "AES-256", 32, 16, "SHA-1", 20); case 0x00AF: // PSK_WITH_AES_256_CBC_SHA384 - return Ciphersuite(0x00AF, "", "PSK", "SHA-384", "AES-256", 32); + return Ciphersuite(0x00AF, "", "PSK", "AES-256", 32, 16, "SHA-384", 48); case 0xC094: // PSK_WITH_CAMELLIA_128_CBC_SHA256 - return Ciphersuite(0xC094, "", "PSK", "SHA-256", "Camellia-128", 16); + return Ciphersuite(0xC094, "", "PSK", "Camellia-128", 16, 16, "SHA-256", 32); case 0xC095: // PSK_WITH_CAMELLIA_256_CBC_SHA384 - return Ciphersuite(0xC095, "", "PSK", "SHA-384", "Camellia-256", 32); + return Ciphersuite(0xC095, "", "PSK", "Camellia-256", 32, 16, "SHA-384", 48); case 0x008A: // PSK_WITH_RC4_128_SHA - return Ciphersuite(0x008A, "", "PSK", "SHA-1", "ARC4", 16); + return Ciphersuite(0x008A, "", "PSK", "ARC4", 16, 0, "SHA-1", 20); case 0x000A: // RSA_WITH_3DES_EDE_CBC_SHA - return Ciphersuite(0x000A, "RSA", "RSA", "SHA-1", "3DES", 24); + return Ciphersuite(0x000A, "RSA", "RSA", "3DES", 24, 8, "SHA-1", 20); case 0x002F: // RSA_WITH_AES_128_CBC_SHA - return Ciphersuite(0x002F, "RSA", "RSA", "SHA-1", "AES-128", 16); + return Ciphersuite(0x002F, "RSA", "RSA", "AES-128", 16, 16, "SHA-1", 20); case 0x003C: // RSA_WITH_AES_128_CBC_SHA256 - return Ciphersuite(0x003C, "RSA", "RSA", "SHA-256", "AES-128", 16); + return Ciphersuite(0x003C, "RSA", "RSA", "AES-128", 16, 16, "SHA-256", 32); case 0x0035: // RSA_WITH_AES_256_CBC_SHA - return Ciphersuite(0x0035, "RSA", "RSA", "SHA-1", "AES-256", 32); + return Ciphersuite(0x0035, "RSA", "RSA", "AES-256", 32, 16, "SHA-1", 20); case 0x003D: // RSA_WITH_AES_256_CBC_SHA256 - return Ciphersuite(0x003D, "RSA", "RSA", "SHA-256", "AES-256", 32); + return Ciphersuite(0x003D, "RSA", "RSA", "AES-256", 32, 16, "SHA-256", 32); case 0x0041: // RSA_WITH_CAMELLIA_128_CBC_SHA - return Ciphersuite(0x0041, "RSA", "RSA", "SHA-1", "Camellia-128", 16); + return Ciphersuite(0x0041, "RSA", "RSA", "Camellia-128", 16, 16, "SHA-1", 20); case 0x00BA: // RSA_WITH_CAMELLIA_128_CBC_SHA256 - return Ciphersuite(0x00BA, "RSA", "RSA", "SHA-256", "Camellia-128", 16); + return Ciphersuite(0x00BA, "RSA", "RSA", "Camellia-128", 16, 16, "SHA-256", 32); case 0x0084: // RSA_WITH_CAMELLIA_256_CBC_SHA - return Ciphersuite(0x0084, "RSA", "RSA", "SHA-1", "Camellia-256", 32); + return Ciphersuite(0x0084, "RSA", "RSA", "Camellia-256", 32, 16, "SHA-1", 20); case 0x00C0: // RSA_WITH_CAMELLIA_256_CBC_SHA256 - return Ciphersuite(0x00C0, "RSA", "RSA", "SHA-256", "Camellia-256", 32); + return Ciphersuite(0x00C0, "RSA", "RSA", "Camellia-256", 32, 16, "SHA-256", 32); case 0x0004: // RSA_WITH_RC4_128_MD5 - return Ciphersuite(0x0004, "RSA", "RSA", "MD5", "ARC4", 16); + return Ciphersuite(0x0004, "RSA", "RSA", "ARC4", 16, 0, "MD5", 16); case 0x0005: // RSA_WITH_RC4_128_SHA - return Ciphersuite(0x0005, "RSA", "RSA", "SHA-1", "ARC4", 16); + return Ciphersuite(0x0005, "RSA", "RSA", "ARC4", 16, 0, "SHA-1", 20); case 0x0096: // RSA_WITH_SEED_CBC_SHA - return Ciphersuite(0x0096, "RSA", "RSA", "SHA-1", "SEED", 16); + return Ciphersuite(0x0096, "RSA", "RSA", "SEED", 16, 16, "SHA-1", 20); case 0xC01C: // SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA - return Ciphersuite(0xC01C, "DSA", "SRP_SHA", "SHA-1", "3DES", 24); + return Ciphersuite(0xC01C, "DSA", "SRP_SHA", "3DES", 24, 8, "SHA-1", 20); case 0xC01F: // SRP_SHA_DSS_WITH_AES_128_CBC_SHA - return Ciphersuite(0xC01F, "DSA", "SRP_SHA", "SHA-1", "AES-128", 16); + return Ciphersuite(0xC01F, "DSA", "SRP_SHA", "AES-128", 16, 16, "SHA-1", 20); case 0xC022: // SRP_SHA_DSS_WITH_AES_256_CBC_SHA - return Ciphersuite(0xC022, "DSA", "SRP_SHA", "SHA-1", "AES-256", 32); + return Ciphersuite(0xC022, "DSA", "SRP_SHA", "AES-256", 32, 16, "SHA-1", 20); case 0xC01B: // SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA - return Ciphersuite(0xC01B, "RSA", "SRP_SHA", "SHA-1", "3DES", 24); + return Ciphersuite(0xC01B, "RSA", "SRP_SHA", "3DES", 24, 8, "SHA-1", 20); case 0xC01E: // SRP_SHA_RSA_WITH_AES_128_CBC_SHA - return Ciphersuite(0xC01E, "RSA", "SRP_SHA", "SHA-1", "AES-128", 16); + return Ciphersuite(0xC01E, "RSA", "SRP_SHA", "AES-128", 16, 16, "SHA-1", 20); case 0xC021: // SRP_SHA_RSA_WITH_AES_256_CBC_SHA - return Ciphersuite(0xC021, "RSA", "SRP_SHA", "SHA-1", "AES-256", 32); + return Ciphersuite(0xC021, "RSA", "SRP_SHA", "AES-256", 32, 16, "SHA-1", 20); case 0xC01A: // SRP_SHA_WITH_3DES_EDE_CBC_SHA - return Ciphersuite(0xC01A, "", "SRP_SHA", "SHA-1", "3DES", 24); + return Ciphersuite(0xC01A, "", "SRP_SHA", "3DES", 24, 8, "SHA-1", 20); case 0xC01D: // SRP_SHA_WITH_AES_128_CBC_SHA - return Ciphersuite(0xC01D, "", "SRP_SHA", "SHA-1", "AES-128", 16); + return Ciphersuite(0xC01D, "", "SRP_SHA", "AES-128", 16, 16, "SHA-1", 20); case 0xC020: // SRP_SHA_WITH_AES_256_CBC_SHA - return Ciphersuite(0xC020, "", "SRP_SHA", "SHA-1", "AES-256", 32); + return Ciphersuite(0xC020, "", "SRP_SHA", "AES-256", 32, 16, "SHA-1", 20); } |