diff options
author | lloyd <[email protected]> | 2012-04-25 13:48:08 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2012-04-25 13:48:08 +0000 |
commit | b72a44475d06263e1492f8913310b5f29515cba6 (patch) | |
tree | 680752dbd43999cea16851b9c196046d9e5fbd7f /src/tls/tls_ciphersuite.cpp | |
parent | edca5f211722ea6b9d99b8b5fce4603a1b9b422d (diff) | |
parent | f14a9fdee7902ba1a4c962cfbabe29d5146e7c55 (diff) |
propagate from branch 'net.randombit.botan.tls-state-machine' (head a4741cd07f50a9e1b29b0dd97c6fb8697c038ade)
to branch 'net.randombit.botan.cxx11' (head 116e5ff139c07000be431e07d3472cc8f3919b91)
Diffstat (limited to 'src/tls/tls_ciphersuite.cpp')
-rw-r--r-- | src/tls/tls_ciphersuite.cpp | 272 |
1 files changed, 15 insertions, 257 deletions
diff --git a/src/tls/tls_ciphersuite.cpp b/src/tls/tls_ciphersuite.cpp index 89daaf679..798df0186 100644 --- a/src/tls/tls_ciphersuite.cpp +++ b/src/tls/tls_ciphersuite.cpp @@ -1,12 +1,11 @@ /* -* TLS Cipher Suites +* TLS Cipher Suite * (C) 2004-2010,2012 Jack Lloyd * * Released under the terms of the Botan license */ #include <botan/tls_ciphersuite.h> -#include <botan/tls_magic.h> #include <botan/parsing.h> #include <sstream> #include <stdexcept> @@ -15,246 +14,6 @@ namespace Botan { namespace TLS { -/** -* Convert an SSL/TLS ciphersuite to algorithm fields -*/ -Ciphersuite Ciphersuite::by_id(u16bit suite) - { - switch(static_cast<Ciphersuite_Code>(suite)) - { - // RSA ciphersuites - - case TLS_RSA_WITH_AES_128_CBC_SHA: - return Ciphersuite("RSA", "RSA", "SHA-1", "AES-128", 16); - - case TLS_RSA_WITH_AES_256_CBC_SHA: - return Ciphersuite("RSA", "RSA", "SHA-1", "AES-256", 32); - - case TLS_RSA_WITH_AES_128_CBC_SHA256: - return Ciphersuite("RSA", "RSA", "SHA-256", "AES-128", 16); - - case TLS_RSA_WITH_AES_256_CBC_SHA256: - return Ciphersuite("RSA", "RSA", "SHA-256", "AES-256", 32); - - case TLS_RSA_WITH_3DES_EDE_CBC_SHA: - return Ciphersuite("RSA", "RSA", "SHA-1", "3DES", 24); - - case TLS_RSA_WITH_RC4_128_SHA: - return Ciphersuite("RSA", "RSA", "SHA-1", "ARC4", 16); - - case TLS_RSA_WITH_RC4_128_MD5: - return Ciphersuite("RSA", "RSA", "MD5", "ARC4", 16); - - case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA: - return Ciphersuite("RSA", "RSA", "SHA-1", "Camellia", 16); - - case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA: - return Ciphersuite("RSA", "RSA", "SHA-1", "Camellia", 32); - - case TLS_RSA_WITH_SEED_CBC_SHA: - return Ciphersuite("RSA", "RSA", "SHA-1", "SEED", 16); - -#if defined(BOTAN_HAS_IDEA) - case TLS_RSA_WITH_IDEA_CBC_SHA: - return Ciphersuite("RSA", "RSA", "SHA-1", "IDEA", 16); -#endif - - // DH/DSS ciphersuites - - case TLS_DHE_DSS_WITH_AES_128_CBC_SHA: - return Ciphersuite("DSA", "DH", "SHA-1", "AES-128", 16); - - case TLS_DHE_DSS_WITH_AES_256_CBC_SHA: - return Ciphersuite("DSA", "DH", "SHA-1", "AES-256", 32); - - case TLS_DHE_DSS_WITH_AES_128_CBC_SHA256: - return Ciphersuite("DSA", "DH", "SHA-256", "AES-128", 16); - - case TLS_DHE_DSS_WITH_AES_256_CBC_SHA256: - return Ciphersuite("DSA", "DH", "SHA-256", "AES-256", 32); - - case TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA: - return Ciphersuite("DSA", "DH", "SHA-1", "3DES", 24); - - case TLS_DHE_DSS_WITH_RC4_128_SHA: - return Ciphersuite("DSA", "DH", "SHA-1", "ARC4", 16); - - case TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA: - return Ciphersuite("DSA", "DH", "SHA-1", "Camellia", 16); - - case TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA: - return Ciphersuite("DSA", "DH", "SHA-1", "Camellia", 32); - - case TLS_DHE_DSS_WITH_SEED_CBC_SHA: - return Ciphersuite("DSA", "DH", "SHA-1", "SEED", 16); - - // DH/RSA ciphersuites - - case TLS_DHE_RSA_WITH_AES_128_CBC_SHA: - return Ciphersuite("RSA", "DH", "SHA-1", "AES-128", 16); - - case TLS_DHE_RSA_WITH_AES_256_CBC_SHA: - return Ciphersuite("RSA", "DH", "SHA-1", "AES-256", 32); - - case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: - return Ciphersuite("RSA", "DH", "SHA-256", "AES-128", 16); - - case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: - return Ciphersuite("RSA", "DH", "SHA-256", "AES-256", 32); - - case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA: - return Ciphersuite("RSA", "DH", "SHA-1", "3DES", 24); - - case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA: - return Ciphersuite("RSA", "DH", "SHA-1", "Camellia", 16); - - case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA: - return Ciphersuite("RSA", "DH", "SHA-1", "Camellia", 32); - - case TLS_DHE_RSA_WITH_SEED_CBC_SHA: - return Ciphersuite("RSA", "DH", "SHA-1", "SEED", 16); - - // ECDH/RSA ciphersuites - case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: - return Ciphersuite("RSA", "ECDH", "SHA-1", "AES-128", 16); - - case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: - return Ciphersuite("RSA", "ECDH", "SHA-1", "AES-256", 32); - - case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: - return Ciphersuite("RSA", "ECDH", "SHA-256", "AES-128", 16); - - case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384: - return Ciphersuite("RSA", "ECDH", "SHA-384", "AES-256", 32); - - case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA: - return Ciphersuite("RSA", "ECDH", "SHA-1", "3DES", 24); - - case TLS_ECDHE_RSA_WITH_RC4_128_SHA: - return Ciphersuite("RSA", "ECDH", "SHA-1", "ARC4", 16); - - // ECDH/ECDSA ciphersuites - - case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: - return Ciphersuite("ECDSA", "ECDH", "SHA-1", "AES-128", 16); - - case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: - return Ciphersuite("ECDSA", "ECDH", "SHA-1", "AES-256", 32); - - case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: - return Ciphersuite("ECDSA", "ECDH", "SHA-256", "AES-128", 16); - - case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384: - return Ciphersuite("ECDSA", "ECDH", "SHA-384", "AES-256", 32); - - case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA: - return Ciphersuite("ECDSA", "ECDH", "SHA-1", "ARC4", 16); - - case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA: - return Ciphersuite("ECDSA", "ECDH", "SHA-1", "3DES", 24); - - // PSK ciphersuites - - case TLS_PSK_WITH_RC4_128_SHA: - return Ciphersuite("", "PSK", "SHA-1", "ARC4", 16); - - case TLS_PSK_WITH_3DES_EDE_CBC_SHA: - return Ciphersuite("", "PSK", "SHA-1", "3DES", 24); - - case TLS_PSK_WITH_AES_128_CBC_SHA: - return Ciphersuite("", "PSK", "SHA-1", "AES-128", 16); - - case TLS_PSK_WITH_AES_128_CBC_SHA256: - return Ciphersuite("", "PSK", "SHA-256", "AES-128", 16); - - case TLS_PSK_WITH_AES_256_CBC_SHA: - return Ciphersuite("", "PSK", "SHA-1", "AES-256", 32); - - case TLS_PSK_WITH_AES_256_CBC_SHA384: - return Ciphersuite("", "PSK", "SHA-384", "AES-256", 32); - - // PSK+DH ciphersuites - - case TLS_DHE_PSK_WITH_RC4_128_SHA: - return Ciphersuite("", "DHE_PSK", "SHA-1", "ARC4", 16); - - case TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA: - return Ciphersuite("", "DHE_PSK", "SHA-1", "3DES", 24); - - case TLS_DHE_PSK_WITH_AES_128_CBC_SHA: - return Ciphersuite("", "DHE_PSK", "SHA-1", "AES-128", 16); - - case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256: - return Ciphersuite("", "DHE_PSK", "SHA-256", "AES-128", 16); - - case TLS_DHE_PSK_WITH_AES_256_CBC_SHA: - return Ciphersuite("", "DHE_PSK", "SHA-1", "AES-256", 32); - - case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384: - return Ciphersuite("", "DHE_PSK", "SHA-384", "AES-256", 32); - - // PSK+ECDH ciphersuites - - case TLS_ECDHE_PSK_WITH_RC4_128_SHA: - return Ciphersuite("", "ECDHE_PSK", "SHA-1", "ARC4", 16); - - case TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA: - return Ciphersuite("", "ECDHE_PSK", "SHA-1", "3DES", 24); - - case TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA: - return Ciphersuite("", "ECDHE_PSK", "SHA-1", "AES-128", 16); - - case TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256: - return Ciphersuite("", "ECDHE_PSK", "SHA-256", "AES-128", 16); - - case TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA: - return Ciphersuite("", "ECDHE_PSK", "SHA-1", "AES-256", 32); - - case TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384: - return Ciphersuite("", "ECDHE_PSK", "SHA-384", "AES-256", 32); - - // SRP ciphersuites - - case TLS_SRP_SHA_WITH_AES_128_CBC_SHA: - return Ciphersuite("", "SRP", "SHA-1", "AES-128", 16); - - case TLS_SRP_SHA_WITH_AES_256_CBC_SHA: - return Ciphersuite("", "SRP", "SHA-1", "AES-256", 32); - - case TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA: - return Ciphersuite("", "SRP", "SHA-1", "3DES", 24); - - // SRP/RSA ciphersuites - - case TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA: - return Ciphersuite("RSA", "SRP", "SHA-1", "AES-128", 16); - - case TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA: - return Ciphersuite("RSA", "SRP", "SHA-1", "AES-256", 32); - - case TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA: - return Ciphersuite("RSA", "SRP", "SHA-1", "3DES", 24); - - // SRP/DSA ciphersuites - - case TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA: - return Ciphersuite("DSA", "SRP", "SHA-1", "AES-128", 16); - - case TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA: - return Ciphersuite("DSA", "SRP", "SHA-1", "AES-256", 32); - - case TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA: - return Ciphersuite("DSA", "SRP", "SHA-1", "3DES", 24); - - // Signaling ciphersuite values - - case TLS_EMPTY_RENEGOTIATION_INFO_SCSV: - return Ciphersuite(); - } - - return Ciphersuite(); // some unknown ciphersuite - } - Ciphersuite Ciphersuite::by_name(const std::string& name) { for(size_t i = 0; i != 65536; ++i) @@ -271,6 +30,18 @@ Ciphersuite Ciphersuite::by_name(const std::string& name) return Ciphersuite(); // some unknown ciphersuite } +bool Ciphersuite::psk_ciphersuite() const + { + return (kex_algo() == "PSK" || + kex_algo() == "DHE_PSK" || + kex_algo() == "ECDHE_PSK"); + } + +bool Ciphersuite::ecc_ciphersuite() const + { + return (kex_algo() == "ECDH" || sig_algo() == "ECDSA"); + } + std::string Ciphersuite::to_string() const { if(m_cipher_keylen == 0) @@ -286,8 +57,6 @@ std::string Ciphersuite::to_string() const out << "DHE"; else if(kex_algo() == "ECDH") out << "ECDHE"; - else if(kex_algo() == "SRP") - out << "SRP_SHA"; else out << kex_algo(); @@ -310,7 +79,7 @@ std::string Ciphersuite::to_string() const if(cipher_algo() == "3DES") out << "3DES_EDE"; else if(cipher_algo() == "Camellia") - out << "CAMELLIA_" << std::to_string(8*cipher_keylen()); + out << "CAMELLIA_" << Botan::to_string(8*cipher_keylen()); else out << replace_char(cipher_algo(), '-', '_'); @@ -329,18 +98,7 @@ std::string Ciphersuite::to_string() const return out.str(); } -Ciphersuite::Ciphersuite(const std::string& sig_algo, - const std::string& kex_algo, - const std::string& mac_algo, - const std::string& cipher_algo, - size_t cipher_algo_keylen) : - m_sig_algo(sig_algo), - m_kex_algo(kex_algo), - m_mac_algo(mac_algo), - m_cipher_algo(cipher_algo), - m_cipher_keylen(cipher_algo_keylen) - { - } +} } |