aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorlloyd <[email protected]>2013-04-10 22:20:07 +0000
committerlloyd <[email protected]>2013-04-10 22:20:07 +0000
commit3f9d452f604956e92a78f13e068530235519f84e (patch)
treed7a5142a38001127f76ba271e243ad392657b80a
parentbf8e0fc381df4f4c89b5d7bf8f4f6f6038ad287d (diff)
Make the IV length and MAC keylength explicit in the ciphersuite
Add support for alternate PRFs
-rwxr-xr-xsrc/build-data/scripts/tls_suite_info.py23
-rw-r--r--src/tls/msg_finished.cpp2
-rw-r--r--src/tls/tls_ciphersuite.cpp17
-rw-r--r--src/tls/tls_ciphersuite.h42
-rw-r--r--src/tls/tls_handshake_state.cpp6
-rw-r--r--src/tls/tls_session_key.cpp7
-rw-r--r--src/tls/tls_suite_info.cpp195
7 files changed, 164 insertions, 128 deletions
diff --git a/src/build-data/scripts/tls_suite_info.py b/src/build-data/scripts/tls_suite_info.py
index 7e2ec3acb..bacb68bca 100755
--- a/src/build-data/scripts/tls_suite_info.py
+++ b/src/build-data/scripts/tls_suite_info.py
@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/env python2
"""
Used to generate src/tls/tls_suite_info.cpp
@@ -73,6 +73,14 @@ def to_ciphersuite_info(code, name):
'ECDHE_PSK': 'ECDHE_PSK',
}
+ mac_keylen = {
+ 'MD5': 16,
+ 'SHA-1': 20,
+ 'SHA-256': 32,
+ 'SHA-384': 48,
+ 'SHA-512': 64,
+ }
+
mac_algo = tls_to_botan_names[mac_algo]
sig_algo = tls_to_botan_names[sig_algo]
kex_algo = tls_to_botan_names[kex_algo]
@@ -86,16 +94,24 @@ def to_ciphersuite_info(code, name):
cipher_algo += '-%d' % (cipher_keylen*8)
modestr = ''
+ mode = ''
+ ivlen = 0
if cipher_algo != 'ARC4':
mode = cipher[-1]
if mode not in ['CBC', 'GCM', 'CCM']:
print "** Unknown mode %s" % (' '.join(cipher))
+ ivlen = 8 if cipher_algo == '3DES' else 16
+
if mode != 'CBC':
cipher_algo += '/' + mode
- return 'Ciphersuite(0x%s, "%s", "%s", "%s", "%s", %d)' % (
- code, sig_algo, kex_algo, mac_algo, cipher_algo, cipher_keylen)
+ if cipher_algo != 'ARC4' and mode != 'CBC':
+ return 'Ciphersuite(0x%s, "%s", "%s", "%s", %d, %d, "AEAD", %d, "%s")' % (
+ code, sig_algo, kex_algo, cipher_algo, cipher_keylen, 4, 0, mac_algo)
+ else:
+ return 'Ciphersuite(0x%s, "%s", "%s", "%s", %d, %d, "%s", %d)' % (
+ code, sig_algo, kex_algo, cipher_algo, cipher_keylen, ivlen, mac_algo, mac_keylen[mac_algo])
def main(args = None):
if args is None:
@@ -150,7 +166,6 @@ namespace TLS {
Ciphersuite Ciphersuite::by_id(u16bit suite)
{
-
switch(suite)
{
""" % (sys.argv[0])
diff --git a/src/tls/msg_finished.cpp b/src/tls/msg_finished.cpp
index 059ed8363..c018497c8 100644
--- a/src/tls/msg_finished.cpp
+++ b/src/tls/msg_finished.cpp
@@ -55,7 +55,7 @@ std::vector<byte> finished_compute_verify(const Handshake_State& state,
else
input += std::make_pair(TLS_SERVER_LABEL, sizeof(TLS_SERVER_LABEL));
- input += state.hash().final(state.version(), state.ciphersuite().mac_algo());
+ input += state.hash().final(state.version(), state.ciphersuite().prf_algo());
return unlock(prf->derive_key(12, state.session_keys().master_secret(), input));
}
diff --git a/src/tls/tls_ciphersuite.cpp b/src/tls/tls_ciphersuite.cpp
index 3a1a9fefd..1cc8a8f2f 100644
--- a/src/tls/tls_ciphersuite.cpp
+++ b/src/tls/tls_ciphersuite.cpp
@@ -104,22 +104,23 @@ std::string Ciphersuite::to_string() const
{
if(cipher_algo() == "3DES")
out << "3DES_EDE";
- else if(cipher_algo() == "Camellia-128" || cipher_algo() == "Camellia-256")
+ else if(cipher_algo().find("Camellia") == 0)
out << "CAMELLIA_" << std::to_string(8*cipher_keylen());
else
- out << replace_char(cipher_algo(), '-', '_');
+ out << replace_chars(cipher_algo(), {'-', '/'}, '_');
- out << "_CBC_";
+ if(cipher_algo().find("/GCM") != std::string::npos)
+ out << "_";
+ else
+ out << "_CBC_";
}
if(mac_algo() == "SHA-1")
out << "SHA";
- else if(mac_algo() == "SHA-256")
- out << "SHA256";
- else if(mac_algo() == "SHA-384")
- out << "SHA384";
+ else if(mac_algo() == "AEAD")
+ out << erase_chars(prf_algo(), {'-'});
else
- out << mac_algo();
+ out << erase_chars(mac_algo(), {'-'});
return out.str();
}
diff --git a/src/tls/tls_ciphersuite.h b/src/tls/tls_ciphersuite.h
index 74ad57991..73ca5b9e6 100644
--- a/src/tls/tls_ciphersuite.h
+++ b/src/tls/tls_ciphersuite.h
@@ -84,37 +84,61 @@ class BOTAN_DLL Ciphersuite
*/
std::string mac_algo() const { return m_mac_algo; }
+ std::string prf_algo() const
+ {
+ return (m_prf_algo != "") ? m_prf_algo : m_mac_algo;
+ }
+
/**
* @return cipher key length used by this ciphersuite
*/
size_t cipher_keylen() const { return m_cipher_keylen; }
+ size_t cipher_ivlen() const { return m_cipher_ivlen; }
+
+ size_t mac_keylen() const { return m_mac_keylen; }
+
/**
* @return true if this is a valid/known ciphersuite
*/
bool valid() const { return (m_cipher_keylen > 0); }
- Ciphersuite() : m_cipher_keylen(0) {}
+ Ciphersuite() {}
+
+ private:
Ciphersuite(u16bit ciphersuite_code,
const std::string& sig_algo,
const std::string& kex_algo,
- const std::string& mac_algo,
const std::string& cipher_algo,
- size_t cipher_algo_keylen) :
+ size_t cipher_keylen,
+ size_t cipher_ivlen,
+ const std::string& mac_algo,
+ size_t mac_keylen,
+ const std::string& prf_algo = "") :
m_ciphersuite_code(ciphersuite_code),
m_sig_algo(sig_algo),
m_kex_algo(kex_algo),
- m_mac_algo(mac_algo),
m_cipher_algo(cipher_algo),
- m_cipher_keylen(cipher_algo_keylen)
+ m_mac_algo(mac_algo),
+ m_prf_algo(prf_algo),
+ m_cipher_keylen(cipher_keylen),
+ m_cipher_ivlen(cipher_ivlen),
+ m_mac_keylen(mac_keylen)
{
}
- private:
- u16bit m_ciphersuite_code;
- std::string m_sig_algo, m_kex_algo, m_mac_algo, m_cipher_algo;
- size_t m_cipher_keylen;
+ u16bit m_ciphersuite_code = 0;
+
+ std::string m_sig_algo;
+ std::string m_kex_algo;
+ std::string m_cipher_algo;
+ std::string m_mac_algo;
+ std::string m_prf_algo;
+
+ size_t m_cipher_keylen = 0;
+ size_t m_cipher_ivlen = 0;
+ size_t m_mac_keylen = 0;
};
}
diff --git a/src/tls/tls_handshake_state.cpp b/src/tls/tls_handshake_state.cpp
index 57078a6d7..8b5de810f 100644
--- a/src/tls/tls_handshake_state.cpp
+++ b/src/tls/tls_handshake_state.cpp
@@ -265,12 +265,12 @@ KDF* Handshake_State::protocol_specific_prf() const
}
else if(version().supports_ciphersuite_specific_prf())
{
- const std::string mac_algo = ciphersuite().mac_algo();
+ const std::string prf_algo = ciphersuite().prf_algo();
- if(mac_algo == "MD5" || mac_algo == "SHA-1")
+ if(prf_algo == "MD5" || prf_algo == "SHA-1")
return get_kdf("TLS-12-PRF(SHA-256)");
- return get_kdf("TLS-12-PRF(" + mac_algo + ")");
+ return get_kdf("TLS-12-PRF(" + prf_algo + ")");
}
else
{
diff --git a/src/tls/tls_session_key.cpp b/src/tls/tls_session_key.cpp
index 9f06ecdab..06cd1d0a1 100644
--- a/src/tls/tls_session_key.cpp
+++ b/src/tls/tls_session_key.cpp
@@ -22,12 +22,9 @@ Session_Keys::Session_Keys(const Handshake_State* state,
const secure_vector<byte>& pre_master_secret,
bool resuming)
{
- const size_t mac_keylen = output_length_of(state->ciphersuite().mac_algo());
const size_t cipher_keylen = state->ciphersuite().cipher_keylen();
-
- size_t cipher_ivlen = 0;
- if(have_block_cipher(state->ciphersuite().cipher_algo()))
- cipher_ivlen = block_size_of(state->ciphersuite().cipher_algo());
+ const size_t mac_keylen = state->ciphersuite().mac_keylen();
+ const size_t cipher_ivlen = state->ciphersuite().cipher_ivlen();
const size_t prf_gen = 2 * (mac_keylen + cipher_keylen + cipher_ivlen);
diff --git a/src/tls/tls_suite_info.cpp b/src/tls/tls_suite_info.cpp
index 70d938979..10e47d51d 100644
--- a/src/tls/tls_suite_info.cpp
+++ b/src/tls/tls_suite_info.cpp
@@ -15,300 +15,299 @@ namespace TLS {
Ciphersuite Ciphersuite::by_id(u16bit suite)
{
-
switch(suite)
{
case 0x0013: // DHE_DSS_WITH_3DES_EDE_CBC_SHA
- return Ciphersuite(0x0013, "DSA", "DH", "SHA-1", "3DES", 24);
+ return Ciphersuite(0x0013, "DSA", "DH", "3DES", 24, 8, "SHA-1", 20);
case 0x0032: // DHE_DSS_WITH_AES_128_CBC_SHA
- return Ciphersuite(0x0032, "DSA", "DH", "SHA-1", "AES-128", 16);
+ return Ciphersuite(0x0032, "DSA", "DH", "AES-128", 16, 16, "SHA-1", 20);
case 0x0040: // DHE_DSS_WITH_AES_128_CBC_SHA256
- return Ciphersuite(0x0040, "DSA", "DH", "SHA-256", "AES-128", 16);
+ return Ciphersuite(0x0040, "DSA", "DH", "AES-128", 16, 16, "SHA-256", 32);
case 0x0038: // DHE_DSS_WITH_AES_256_CBC_SHA
- return Ciphersuite(0x0038, "DSA", "DH", "SHA-1", "AES-256", 32);
+ return Ciphersuite(0x0038, "DSA", "DH", "AES-256", 32, 16, "SHA-1", 20);
case 0x006A: // DHE_DSS_WITH_AES_256_CBC_SHA256
- return Ciphersuite(0x006A, "DSA", "DH", "SHA-256", "AES-256", 32);
+ return Ciphersuite(0x006A, "DSA", "DH", "AES-256", 32, 16, "SHA-256", 32);
case 0x0044: // DHE_DSS_WITH_CAMELLIA_128_CBC_SHA
- return Ciphersuite(0x0044, "DSA", "DH", "SHA-1", "Camellia-128", 16);
+ return Ciphersuite(0x0044, "DSA", "DH", "Camellia-128", 16, 16, "SHA-1", 20);
case 0x00BD: // DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256
- return Ciphersuite(0x00BD, "DSA", "DH", "SHA-256", "Camellia-128", 16);
+ return Ciphersuite(0x00BD, "DSA", "DH", "Camellia-128", 16, 16, "SHA-256", 32);
case 0x0087: // DHE_DSS_WITH_CAMELLIA_256_CBC_SHA
- return Ciphersuite(0x0087, "DSA", "DH", "SHA-1", "Camellia-256", 32);
+ return Ciphersuite(0x0087, "DSA", "DH", "Camellia-256", 32, 16, "SHA-1", 20);
case 0x00C3: // DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256
- return Ciphersuite(0x00C3, "DSA", "DH", "SHA-256", "Camellia-256", 32);
+ return Ciphersuite(0x00C3, "DSA", "DH", "Camellia-256", 32, 16, "SHA-256", 32);
case 0x0066: // DHE_DSS_WITH_RC4_128_SHA
- return Ciphersuite(0x0066, "DSA", "DH", "SHA-1", "ARC4", 16);
+ return Ciphersuite(0x0066, "DSA", "DH", "ARC4", 16, 0, "SHA-1", 20);
case 0x0099: // DHE_DSS_WITH_SEED_CBC_SHA
- return Ciphersuite(0x0099, "DSA", "DH", "SHA-1", "SEED", 16);
+ return Ciphersuite(0x0099, "DSA", "DH", "SEED", 16, 16, "SHA-1", 20);
case 0x008F: // DHE_PSK_WITH_3DES_EDE_CBC_SHA
- return Ciphersuite(0x008F, "", "DHE_PSK", "SHA-1", "3DES", 24);
+ return Ciphersuite(0x008F, "", "DHE_PSK", "3DES", 24, 8, "SHA-1", 20);
case 0x0090: // DHE_PSK_WITH_AES_128_CBC_SHA
- return Ciphersuite(0x0090, "", "DHE_PSK", "SHA-1", "AES-128", 16);
+ return Ciphersuite(0x0090, "", "DHE_PSK", "AES-128", 16, 16, "SHA-1", 20);
case 0x00B2: // DHE_PSK_WITH_AES_128_CBC_SHA256
- return Ciphersuite(0x00B2, "", "DHE_PSK", "SHA-256", "AES-128", 16);
+ return Ciphersuite(0x00B2, "", "DHE_PSK", "AES-128", 16, 16, "SHA-256", 32);
case 0x0091: // DHE_PSK_WITH_AES_256_CBC_SHA
- return Ciphersuite(0x0091, "", "DHE_PSK", "SHA-1", "AES-256", 32);
+ return Ciphersuite(0x0091, "", "DHE_PSK", "AES-256", 32, 16, "SHA-1", 20);
case 0x00B3: // DHE_PSK_WITH_AES_256_CBC_SHA384
- return Ciphersuite(0x00B3, "", "DHE_PSK", "SHA-384", "AES-256", 32);
+ return Ciphersuite(0x00B3, "", "DHE_PSK", "AES-256", 32, 16, "SHA-384", 48);
case 0xC096: // DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
- return Ciphersuite(0xC096, "", "DHE_PSK", "SHA-256", "Camellia-128", 16);
+ return Ciphersuite(0xC096, "", "DHE_PSK", "Camellia-128", 16, 16, "SHA-256", 32);
case 0xC097: // DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
- return Ciphersuite(0xC097, "", "DHE_PSK", "SHA-384", "Camellia-256", 32);
+ return Ciphersuite(0xC097, "", "DHE_PSK", "Camellia-256", 32, 16, "SHA-384", 48);
case 0x008E: // DHE_PSK_WITH_RC4_128_SHA
- return Ciphersuite(0x008E, "", "DHE_PSK", "SHA-1", "ARC4", 16);
+ return Ciphersuite(0x008E, "", "DHE_PSK", "ARC4", 16, 0, "SHA-1", 20);
case 0x0016: // DHE_RSA_WITH_3DES_EDE_CBC_SHA
- return Ciphersuite(0x0016, "RSA", "DH", "SHA-1", "3DES", 24);
+ return Ciphersuite(0x0016, "RSA", "DH", "3DES", 24, 8, "SHA-1", 20);
case 0x0033: // DHE_RSA_WITH_AES_128_CBC_SHA
- return Ciphersuite(0x0033, "RSA", "DH", "SHA-1", "AES-128", 16);
+ return Ciphersuite(0x0033, "RSA", "DH", "AES-128", 16, 16, "SHA-1", 20);
case 0x0067: // DHE_RSA_WITH_AES_128_CBC_SHA256
- return Ciphersuite(0x0067, "RSA", "DH", "SHA-256", "AES-128", 16);
+ return Ciphersuite(0x0067, "RSA", "DH", "AES-128", 16, 16, "SHA-256", 32);
case 0x0039: // DHE_RSA_WITH_AES_256_CBC_SHA
- return Ciphersuite(0x0039, "RSA", "DH", "SHA-1", "AES-256", 32);
+ return Ciphersuite(0x0039, "RSA", "DH", "AES-256", 32, 16, "SHA-1", 20);
case 0x006B: // DHE_RSA_WITH_AES_256_CBC_SHA256
- return Ciphersuite(0x006B, "RSA", "DH", "SHA-256", "AES-256", 32);
+ return Ciphersuite(0x006B, "RSA", "DH", "AES-256", 32, 16, "SHA-256", 32);
case 0x0045: // DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
- return Ciphersuite(0x0045, "RSA", "DH", "SHA-1", "Camellia-128", 16);
+ return Ciphersuite(0x0045, "RSA", "DH", "Camellia-128", 16, 16, "SHA-1", 20);
case 0x00BE: // DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
- return Ciphersuite(0x00BE, "RSA", "DH", "SHA-256", "Camellia-128", 16);
+ return Ciphersuite(0x00BE, "RSA", "DH", "Camellia-128", 16, 16, "SHA-256", 32);
case 0x0088: // DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
- return Ciphersuite(0x0088, "RSA", "DH", "SHA-1", "Camellia-256", 32);
+ return Ciphersuite(0x0088, "RSA", "DH", "Camellia-256", 32, 16, "SHA-1", 20);
case 0x00C4: // DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
- return Ciphersuite(0x00C4, "RSA", "DH", "SHA-256", "Camellia-256", 32);
+ return Ciphersuite(0x00C4, "RSA", "DH", "Camellia-256", 32, 16, "SHA-256", 32);
case 0x009A: // DHE_RSA_WITH_SEED_CBC_SHA
- return Ciphersuite(0x009A, "RSA", "DH", "SHA-1", "SEED", 16);
+ return Ciphersuite(0x009A, "RSA", "DH", "SEED", 16, 16, "SHA-1", 20);
case 0x001B: // DH_anon_WITH_3DES_EDE_CBC_SHA
- return Ciphersuite(0x001B, "", "DH", "SHA-1", "3DES", 24);
+ return Ciphersuite(0x001B, "", "DH", "3DES", 24, 8, "SHA-1", 20);
case 0x0034: // DH_anon_WITH_AES_128_CBC_SHA
- return Ciphersuite(0x0034, "", "DH", "SHA-1", "AES-128", 16);
+ return Ciphersuite(0x0034, "", "DH", "AES-128", 16, 16, "SHA-1", 20);
case 0x006C: // DH_anon_WITH_AES_128_CBC_SHA256
- return Ciphersuite(0x006C, "", "DH", "SHA-256", "AES-128", 16);
+ return Ciphersuite(0x006C, "", "DH", "AES-128", 16, 16, "SHA-256", 32);
case 0x003A: // DH_anon_WITH_AES_256_CBC_SHA
- return Ciphersuite(0x003A, "", "DH", "SHA-1", "AES-256", 32);
+ return Ciphersuite(0x003A, "", "DH", "AES-256", 32, 16, "SHA-1", 20);
case 0x006D: // DH_anon_WITH_AES_256_CBC_SHA256
- return Ciphersuite(0x006D, "", "DH", "SHA-256", "AES-256", 32);
+ return Ciphersuite(0x006D, "", "DH", "AES-256", 32, 16, "SHA-256", 32);
case 0x0046: // DH_anon_WITH_CAMELLIA_128_CBC_SHA
- return Ciphersuite(0x0046, "", "DH", "SHA-1", "Camellia-128", 16);
+ return Ciphersuite(0x0046, "", "DH", "Camellia-128", 16, 16, "SHA-1", 20);
case 0x00BF: // DH_anon_WITH_CAMELLIA_128_CBC_SHA256
- return Ciphersuite(0x00BF, "", "DH", "SHA-256", "Camellia-128", 16);
+ return Ciphersuite(0x00BF, "", "DH", "Camellia-128", 16, 16, "SHA-256", 32);
case 0x0089: // DH_anon_WITH_CAMELLIA_256_CBC_SHA
- return Ciphersuite(0x0089, "", "DH", "SHA-1", "Camellia-256", 32);
+ return Ciphersuite(0x0089, "", "DH", "Camellia-256", 32, 16, "SHA-1", 20);
case 0x00C5: // DH_anon_WITH_CAMELLIA_256_CBC_SHA256
- return Ciphersuite(0x00C5, "", "DH", "SHA-256", "Camellia-256", 32);
+ return Ciphersuite(0x00C5, "", "DH", "Camellia-256", 32, 16, "SHA-256", 32);
case 0x0018: // DH_anon_WITH_RC4_128_MD5
- return Ciphersuite(0x0018, "", "DH", "MD5", "ARC4", 16);
+ return Ciphersuite(0x0018, "", "DH", "ARC4", 16, 0, "MD5", 16);
case 0x009B: // DH_anon_WITH_SEED_CBC_SHA
- return Ciphersuite(0x009B, "", "DH", "SHA-1", "SEED", 16);
+ return Ciphersuite(0x009B, "", "DH", "SEED", 16, 16, "SHA-1", 20);
case 0xC008: // ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
- return Ciphersuite(0xC008, "ECDSA", "ECDH", "SHA-1", "3DES", 24);
+ return Ciphersuite(0xC008, "ECDSA", "ECDH", "3DES", 24, 8, "SHA-1", 20);
case 0xC009: // ECDHE_ECDSA_WITH_AES_128_CBC_SHA
- return Ciphersuite(0xC009, "ECDSA", "ECDH", "SHA-1", "AES-128", 16);
+ return Ciphersuite(0xC009, "ECDSA", "ECDH", "AES-128", 16, 16, "SHA-1", 20);
case 0xC023: // ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
- return Ciphersuite(0xC023, "ECDSA", "ECDH", "SHA-256", "AES-128", 16);
+ return Ciphersuite(0xC023, "ECDSA", "ECDH", "AES-128", 16, 16, "SHA-256", 32);
case 0xC00A: // ECDHE_ECDSA_WITH_AES_256_CBC_SHA
- return Ciphersuite(0xC00A, "ECDSA", "ECDH", "SHA-1", "AES-256", 32);
+ return Ciphersuite(0xC00A, "ECDSA", "ECDH", "AES-256", 32, 16, "SHA-1", 20);
case 0xC024: // ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
- return Ciphersuite(0xC024, "ECDSA", "ECDH", "SHA-384", "AES-256", 32);
+ return Ciphersuite(0xC024, "ECDSA", "ECDH", "AES-256", 32, 16, "SHA-384", 48);
case 0xC072: // ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
- return Ciphersuite(0xC072, "ECDSA", "ECDH", "SHA-256", "Camellia-128", 16);
+ return Ciphersuite(0xC072, "ECDSA", "ECDH", "Camellia-128", 16, 16, "SHA-256", 32);
case 0xC073: // ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
- return Ciphersuite(0xC073, "ECDSA", "ECDH", "SHA-384", "Camellia-256", 32);
+ return Ciphersuite(0xC073, "ECDSA", "ECDH", "Camellia-256", 32, 16, "SHA-384", 48);
case 0xC007: // ECDHE_ECDSA_WITH_RC4_128_SHA
- return Ciphersuite(0xC007, "ECDSA", "ECDH", "SHA-1", "ARC4", 16);
+ return Ciphersuite(0xC007, "ECDSA", "ECDH", "ARC4", 16, 0, "SHA-1", 20);
case 0xC034: // ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
- return Ciphersuite(0xC034, "", "ECDHE_PSK", "SHA-1", "3DES", 24);
+ return Ciphersuite(0xC034, "", "ECDHE_PSK", "3DES", 24, 8, "SHA-1", 20);
case 0xC035: // ECDHE_PSK_WITH_AES_128_CBC_SHA
- return Ciphersuite(0xC035, "", "ECDHE_PSK", "SHA-1", "AES-128", 16);
+ return Ciphersuite(0xC035, "", "ECDHE_PSK", "AES-128", 16, 16, "SHA-1", 20);
case 0xC037: // ECDHE_PSK_WITH_AES_128_CBC_SHA256
- return Ciphersuite(0xC037, "", "ECDHE_PSK", "SHA-256", "AES-128", 16);
+ return Ciphersuite(0xC037, "", "ECDHE_PSK", "AES-128", 16, 16, "SHA-256", 32);
case 0xC036: // ECDHE_PSK_WITH_AES_256_CBC_SHA
- return Ciphersuite(0xC036, "", "ECDHE_PSK", "SHA-1", "AES-256", 32);
+ return Ciphersuite(0xC036, "", "ECDHE_PSK", "AES-256", 32, 16, "SHA-1", 20);
case 0xC038: // ECDHE_PSK_WITH_AES_256_CBC_SHA384
- return Ciphersuite(0xC038, "", "ECDHE_PSK", "SHA-384", "AES-256", 32);
+ return Ciphersuite(0xC038, "", "ECDHE_PSK", "AES-256", 32, 16, "SHA-384", 48);
case 0xC09A: // ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
- return Ciphersuite(0xC09A, "", "ECDHE_PSK", "SHA-256", "Camellia-128", 16);
+ return Ciphersuite(0xC09A, "", "ECDHE_PSK", "Camellia-128", 16, 16, "SHA-256", 32);
case 0xC09B: // ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
- return Ciphersuite(0xC09B, "", "ECDHE_PSK", "SHA-384", "Camellia-256", 32);
+ return Ciphersuite(0xC09B, "", "ECDHE_PSK", "Camellia-256", 32, 16, "SHA-384", 48);
case 0xC033: // ECDHE_PSK_WITH_RC4_128_SHA
- return Ciphersuite(0xC033, "", "ECDHE_PSK", "SHA-1", "ARC4", 16);
+ return Ciphersuite(0xC033, "", "ECDHE_PSK", "ARC4", 16, 0, "SHA-1", 20);
case 0xC012: // ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
- return Ciphersuite(0xC012, "RSA", "ECDH", "SHA-1", "3DES", 24);
+ return Ciphersuite(0xC012, "RSA", "ECDH", "3DES", 24, 8, "SHA-1", 20);
case 0xC013: // ECDHE_RSA_WITH_AES_128_CBC_SHA
- return Ciphersuite(0xC013, "RSA", "ECDH", "SHA-1", "AES-128", 16);
+ return Ciphersuite(0xC013, "RSA", "ECDH", "AES-128", 16, 16, "SHA-1", 20);
case 0xC027: // ECDHE_RSA_WITH_AES_128_CBC_SHA256
- return Ciphersuite(0xC027, "RSA", "ECDH", "SHA-256", "AES-128", 16);
+ return Ciphersuite(0xC027, "RSA", "ECDH", "AES-128", 16, 16, "SHA-256", 32);
case 0xC014: // ECDHE_RSA_WITH_AES_256_CBC_SHA
- return Ciphersuite(0xC014, "RSA", "ECDH", "SHA-1", "AES-256", 32);
+ return Ciphersuite(0xC014, "RSA", "ECDH", "AES-256", 32, 16, "SHA-1", 20);
case 0xC028: // ECDHE_RSA_WITH_AES_256_CBC_SHA384
- return Ciphersuite(0xC028, "RSA", "ECDH", "SHA-384", "AES-256", 32);
+ return Ciphersuite(0xC028, "RSA", "ECDH", "AES-256", 32, 16, "SHA-384", 48);
case 0xC076: // ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
- return Ciphersuite(0xC076, "RSA", "ECDH", "SHA-256", "Camellia-128", 16);
+ return Ciphersuite(0xC076, "RSA", "ECDH", "Camellia-128", 16, 16, "SHA-256", 32);
case 0xC077: // ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
- return Ciphersuite(0xC077, "RSA", "ECDH", "SHA-384", "Camellia-256", 32);
+ return Ciphersuite(0xC077, "RSA", "ECDH", "Camellia-256", 32, 16, "SHA-384", 48);
case 0xC011: // ECDHE_RSA_WITH_RC4_128_SHA
- return Ciphersuite(0xC011, "RSA", "ECDH", "SHA-1", "ARC4", 16);
+ return Ciphersuite(0xC011, "RSA", "ECDH", "ARC4", 16, 0, "SHA-1", 20);
case 0xC017: // ECDH_anon_WITH_3DES_EDE_CBC_SHA
- return Ciphersuite(0xC017, "", "ECDH", "SHA-1", "3DES", 24);
+ return Ciphersuite(0xC017, "", "ECDH", "3DES", 24, 8, "SHA-1", 20);
case 0xC018: // ECDH_anon_WITH_AES_128_CBC_SHA
- return Ciphersuite(0xC018, "", "ECDH", "SHA-1", "AES-128", 16);
+ return Ciphersuite(0xC018, "", "ECDH", "AES-128", 16, 16, "SHA-1", 20);
case 0xC019: // ECDH_anon_WITH_AES_256_CBC_SHA
- return Ciphersuite(0xC019, "", "ECDH", "SHA-1", "AES-256", 32);
+ return Ciphersuite(0xC019, "", "ECDH", "AES-256", 32, 16, "SHA-1", 20);
case 0xC016: // ECDH_anon_WITH_RC4_128_SHA
- return Ciphersuite(0xC016, "", "ECDH", "SHA-1", "ARC4", 16);
+ return Ciphersuite(0xC016, "", "ECDH", "ARC4", 16, 0, "SHA-1", 20);
case 0x008B: // PSK_WITH_3DES_EDE_CBC_SHA
- return Ciphersuite(0x008B, "", "PSK", "SHA-1", "3DES", 24);
+ return Ciphersuite(0x008B, "", "PSK", "3DES", 24, 8, "SHA-1", 20);
case 0x008C: // PSK_WITH_AES_128_CBC_SHA
- return Ciphersuite(0x008C, "", "PSK", "SHA-1", "AES-128", 16);
+ return Ciphersuite(0x008C, "", "PSK", "AES-128", 16, 16, "SHA-1", 20);
case 0x00AE: // PSK_WITH_AES_128_CBC_SHA256
- return Ciphersuite(0x00AE, "", "PSK", "SHA-256", "AES-128", 16);
+ return Ciphersuite(0x00AE, "", "PSK", "AES-128", 16, 16, "SHA-256", 32);
case 0x008D: // PSK_WITH_AES_256_CBC_SHA
- return Ciphersuite(0x008D, "", "PSK", "SHA-1", "AES-256", 32);
+ return Ciphersuite(0x008D, "", "PSK", "AES-256", 32, 16, "SHA-1", 20);
case 0x00AF: // PSK_WITH_AES_256_CBC_SHA384
- return Ciphersuite(0x00AF, "", "PSK", "SHA-384", "AES-256", 32);
+ return Ciphersuite(0x00AF, "", "PSK", "AES-256", 32, 16, "SHA-384", 48);
case 0xC094: // PSK_WITH_CAMELLIA_128_CBC_SHA256
- return Ciphersuite(0xC094, "", "PSK", "SHA-256", "Camellia-128", 16);
+ return Ciphersuite(0xC094, "", "PSK", "Camellia-128", 16, 16, "SHA-256", 32);
case 0xC095: // PSK_WITH_CAMELLIA_256_CBC_SHA384
- return Ciphersuite(0xC095, "", "PSK", "SHA-384", "Camellia-256", 32);
+ return Ciphersuite(0xC095, "", "PSK", "Camellia-256", 32, 16, "SHA-384", 48);
case 0x008A: // PSK_WITH_RC4_128_SHA
- return Ciphersuite(0x008A, "", "PSK", "SHA-1", "ARC4", 16);
+ return Ciphersuite(0x008A, "", "PSK", "ARC4", 16, 0, "SHA-1", 20);
case 0x000A: // RSA_WITH_3DES_EDE_CBC_SHA
- return Ciphersuite(0x000A, "RSA", "RSA", "SHA-1", "3DES", 24);
+ return Ciphersuite(0x000A, "RSA", "RSA", "3DES", 24, 8, "SHA-1", 20);
case 0x002F: // RSA_WITH_AES_128_CBC_SHA
- return Ciphersuite(0x002F, "RSA", "RSA", "SHA-1", "AES-128", 16);
+ return Ciphersuite(0x002F, "RSA", "RSA", "AES-128", 16, 16, "SHA-1", 20);
case 0x003C: // RSA_WITH_AES_128_CBC_SHA256
- return Ciphersuite(0x003C, "RSA", "RSA", "SHA-256", "AES-128", 16);
+ return Ciphersuite(0x003C, "RSA", "RSA", "AES-128", 16, 16, "SHA-256", 32);
case 0x0035: // RSA_WITH_AES_256_CBC_SHA
- return Ciphersuite(0x0035, "RSA", "RSA", "SHA-1", "AES-256", 32);
+ return Ciphersuite(0x0035, "RSA", "RSA", "AES-256", 32, 16, "SHA-1", 20);
case 0x003D: // RSA_WITH_AES_256_CBC_SHA256
- return Ciphersuite(0x003D, "RSA", "RSA", "SHA-256", "AES-256", 32);
+ return Ciphersuite(0x003D, "RSA", "RSA", "AES-256", 32, 16, "SHA-256", 32);
case 0x0041: // RSA_WITH_CAMELLIA_128_CBC_SHA
- return Ciphersuite(0x0041, "RSA", "RSA", "SHA-1", "Camellia-128", 16);
+ return Ciphersuite(0x0041, "RSA", "RSA", "Camellia-128", 16, 16, "SHA-1", 20);
case 0x00BA: // RSA_WITH_CAMELLIA_128_CBC_SHA256
- return Ciphersuite(0x00BA, "RSA", "RSA", "SHA-256", "Camellia-128", 16);
+ return Ciphersuite(0x00BA, "RSA", "RSA", "Camellia-128", 16, 16, "SHA-256", 32);
case 0x0084: // RSA_WITH_CAMELLIA_256_CBC_SHA
- return Ciphersuite(0x0084, "RSA", "RSA", "SHA-1", "Camellia-256", 32);
+ return Ciphersuite(0x0084, "RSA", "RSA", "Camellia-256", 32, 16, "SHA-1", 20);
case 0x00C0: // RSA_WITH_CAMELLIA_256_CBC_SHA256
- return Ciphersuite(0x00C0, "RSA", "RSA", "SHA-256", "Camellia-256", 32);
+ return Ciphersuite(0x00C0, "RSA", "RSA", "Camellia-256", 32, 16, "SHA-256", 32);
case 0x0004: // RSA_WITH_RC4_128_MD5
- return Ciphersuite(0x0004, "RSA", "RSA", "MD5", "ARC4", 16);
+ return Ciphersuite(0x0004, "RSA", "RSA", "ARC4", 16, 0, "MD5", 16);
case 0x0005: // RSA_WITH_RC4_128_SHA
- return Ciphersuite(0x0005, "RSA", "RSA", "SHA-1", "ARC4", 16);
+ return Ciphersuite(0x0005, "RSA", "RSA", "ARC4", 16, 0, "SHA-1", 20);
case 0x0096: // RSA_WITH_SEED_CBC_SHA
- return Ciphersuite(0x0096, "RSA", "RSA", "SHA-1", "SEED", 16);
+ return Ciphersuite(0x0096, "RSA", "RSA", "SEED", 16, 16, "SHA-1", 20);
case 0xC01C: // SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA
- return Ciphersuite(0xC01C, "DSA", "SRP_SHA", "SHA-1", "3DES", 24);
+ return Ciphersuite(0xC01C, "DSA", "SRP_SHA", "3DES", 24, 8, "SHA-1", 20);
case 0xC01F: // SRP_SHA_DSS_WITH_AES_128_CBC_SHA
- return Ciphersuite(0xC01F, "DSA", "SRP_SHA", "SHA-1", "AES-128", 16);
+ return Ciphersuite(0xC01F, "DSA", "SRP_SHA", "AES-128", 16, 16, "SHA-1", 20);
case 0xC022: // SRP_SHA_DSS_WITH_AES_256_CBC_SHA
- return Ciphersuite(0xC022, "DSA", "SRP_SHA", "SHA-1", "AES-256", 32);
+ return Ciphersuite(0xC022, "DSA", "SRP_SHA", "AES-256", 32, 16, "SHA-1", 20);
case 0xC01B: // SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA
- return Ciphersuite(0xC01B, "RSA", "SRP_SHA", "SHA-1", "3DES", 24);
+ return Ciphersuite(0xC01B, "RSA", "SRP_SHA", "3DES", 24, 8, "SHA-1", 20);
case 0xC01E: // SRP_SHA_RSA_WITH_AES_128_CBC_SHA
- return Ciphersuite(0xC01E, "RSA", "SRP_SHA", "SHA-1", "AES-128", 16);
+ return Ciphersuite(0xC01E, "RSA", "SRP_SHA", "AES-128", 16, 16, "SHA-1", 20);
case 0xC021: // SRP_SHA_RSA_WITH_AES_256_CBC_SHA
- return Ciphersuite(0xC021, "RSA", "SRP_SHA", "SHA-1", "AES-256", 32);
+ return Ciphersuite(0xC021, "RSA", "SRP_SHA", "AES-256", 32, 16, "SHA-1", 20);
case 0xC01A: // SRP_SHA_WITH_3DES_EDE_CBC_SHA
- return Ciphersuite(0xC01A, "", "SRP_SHA", "SHA-1", "3DES", 24);
+ return Ciphersuite(0xC01A, "", "SRP_SHA", "3DES", 24, 8, "SHA-1", 20);
case 0xC01D: // SRP_SHA_WITH_AES_128_CBC_SHA
- return Ciphersuite(0xC01D, "", "SRP_SHA", "SHA-1", "AES-128", 16);
+ return Ciphersuite(0xC01D, "", "SRP_SHA", "AES-128", 16, 16, "SHA-1", 20);
case 0xC020: // SRP_SHA_WITH_AES_256_CBC_SHA
- return Ciphersuite(0xC020, "", "SRP_SHA", "SHA-1", "AES-256", 32);
+ return Ciphersuite(0xC020, "", "SRP_SHA", "AES-256", 32, 16, "SHA-1", 20);
}