aboutsummaryrefslogtreecommitdiffstats
path: root/src/tls
diff options
context:
space:
mode:
authorlloyd <[email protected]>2012-03-30 18:35:25 +0000
committerlloyd <[email protected]>2012-03-30 18:35:25 +0000
commit4b4edaa984cb0b26e8246f19e594cb8d173ae833 (patch)
tree6909a725dc913e11cdf6f5fa16d4859830f15235 /src/tls
parent4c12fa5de1b59f2c58f974412231a19c4dc7c10f (diff)
Remove the Ciphersuite_Code enum and move all ciphersuite
integer->info mapping to tls_suite_info.cpp which is mostly autogenerated by a Python script from the IANA parameters file. The SRP method now uses kex "SRP_SHA" which is what the RFC calls it. (And hypothetically, SRP_SHA256 might be defined at some point and we'd need to be able to distinguish them). Remove IDEA ciphersuite; we don't want to require IDEA be available due to the European patent still being valid (IIRC), but I didn't want to have to hand-edit the autogenerated switch with an #if check. Not a huge issue though as most sites don't support it anyway.
Diffstat (limited to 'src/tls')
-rw-r--r--src/tls/c_hello.cpp4
-rw-r--r--src/tls/info.txt7
-rw-r--r--src/tls/tls_ciphersuite.cpp258
-rw-r--r--src/tls/tls_ciphersuite.h13
-rw-r--r--src/tls/tls_magic.h84
-rw-r--r--src/tls/tls_policy.cpp9
-rw-r--r--src/tls/tls_suite_info.cpp274
7 files changed, 298 insertions, 351 deletions
diff --git a/src/tls/c_hello.cpp b/src/tls/c_hello.cpp
index 3428225d0..d51bbac63 100644
--- a/src/tls/c_hello.cpp
+++ b/src/tls/c_hello.cpp
@@ -17,6 +17,10 @@ namespace Botan {
namespace TLS {
+enum {
+ TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0x00FF
+};
+
MemoryVector<byte> make_hello_random(RandomNumberGenerator& rng)
{
MemoryVector<byte> buf(32);
diff --git a/src/tls/info.txt b/src/tls/info.txt
index ff84c3448..21d3d54c1 100644
--- a/src/tls/info.txt
+++ b/src/tls/info.txt
@@ -10,6 +10,7 @@ uses_tr1 yes
<header:public>
tls_alert.h
tls_channel.h
+tls_ciphersuite.h
tls_client.h
tls_exceptn.h
tls_magic.h
@@ -18,7 +19,6 @@ tls_record.h
tls_server.h
tls_session.h
tls_session_manager.h
-tls_ciphersuite.h
tls_version.h
</header:public>
@@ -33,7 +33,6 @@ tls_session_key.h
</header:internal>
<source>
-tls_alert.cpp
c_hello.cpp
c_kex.cpp
cert_req.cpp
@@ -46,7 +45,9 @@ rec_wri.cpp
s_hello.cpp
s_kex.cpp
session_ticket.cpp
+tls_alert.cpp
tls_channel.cpp
+tls_ciphersuite.cpp
tls_client.cpp
tls_extensions.cpp
tls_handshake_hash.cpp
@@ -57,7 +58,7 @@ tls_server.cpp
tls_session.cpp
tls_session_key.cpp
tls_session_manager.cpp
-tls_ciphersuite.cpp
+tls_suite_info.cpp
tls_version.cpp
</source>
diff --git a/src/tls/tls_ciphersuite.cpp b/src/tls/tls_ciphersuite.cpp
index 247948464..d3d8f061b 100644
--- a/src/tls/tls_ciphersuite.cpp
+++ b/src/tls/tls_ciphersuite.cpp
@@ -1,12 +1,11 @@
/*
-* TLS Cipher Suites
+* TLS Cipher Suite
* (C) 2004-2010,2012 Jack Lloyd
*
* Released under the terms of the Botan license
*/
#include <botan/tls_ciphersuite.h>
-#include <botan/tls_magic.h>
#include <botan/parsing.h>
#include <sstream>
#include <stdexcept>
@@ -15,246 +14,6 @@ namespace Botan {
namespace TLS {
-/**
-* Convert an SSL/TLS ciphersuite to algorithm fields
-*/
-Ciphersuite Ciphersuite::by_id(u16bit suite)
- {
- switch(static_cast<Ciphersuite_Code>(suite))
- {
- // RSA ciphersuites
-
- case TLS_RSA_WITH_AES_128_CBC_SHA:
- return Ciphersuite("RSA", "RSA", "SHA-1", "AES-128", 16);
-
- case TLS_RSA_WITH_AES_256_CBC_SHA:
- return Ciphersuite("RSA", "RSA", "SHA-1", "AES-256", 32);
-
- case TLS_RSA_WITH_AES_128_CBC_SHA256:
- return Ciphersuite("RSA", "RSA", "SHA-256", "AES-128", 16);
-
- case TLS_RSA_WITH_AES_256_CBC_SHA256:
- return Ciphersuite("RSA", "RSA", "SHA-256", "AES-256", 32);
-
- case TLS_RSA_WITH_3DES_EDE_CBC_SHA:
- return Ciphersuite("RSA", "RSA", "SHA-1", "3DES", 24);
-
- case TLS_RSA_WITH_RC4_128_SHA:
- return Ciphersuite("RSA", "RSA", "SHA-1", "ARC4", 16);
-
- case TLS_RSA_WITH_RC4_128_MD5:
- return Ciphersuite("RSA", "RSA", "MD5", "ARC4", 16);
-
- case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA:
- return Ciphersuite("RSA", "RSA", "SHA-1", "Camellia", 16);
-
- case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA:
- return Ciphersuite("RSA", "RSA", "SHA-1", "Camellia", 32);
-
- case TLS_RSA_WITH_SEED_CBC_SHA:
- return Ciphersuite("RSA", "RSA", "SHA-1", "SEED", 16);
-
-#if defined(BOTAN_HAS_IDEA)
- case TLS_RSA_WITH_IDEA_CBC_SHA:
- return Ciphersuite("RSA", "RSA", "SHA-1", "IDEA", 16);
-#endif
-
- // DH/DSS ciphersuites
-
- case TLS_DHE_DSS_WITH_AES_128_CBC_SHA:
- return Ciphersuite("DSA", "DH", "SHA-1", "AES-128", 16);
-
- case TLS_DHE_DSS_WITH_AES_256_CBC_SHA:
- return Ciphersuite("DSA", "DH", "SHA-1", "AES-256", 32);
-
- case TLS_DHE_DSS_WITH_AES_128_CBC_SHA256:
- return Ciphersuite("DSA", "DH", "SHA-256", "AES-128", 16);
-
- case TLS_DHE_DSS_WITH_AES_256_CBC_SHA256:
- return Ciphersuite("DSA", "DH", "SHA-256", "AES-256", 32);
-
- case TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA:
- return Ciphersuite("DSA", "DH", "SHA-1", "3DES", 24);
-
- case TLS_DHE_DSS_WITH_RC4_128_SHA:
- return Ciphersuite("DSA", "DH", "SHA-1", "ARC4", 16);
-
- case TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA:
- return Ciphersuite("DSA", "DH", "SHA-1", "Camellia", 16);
-
- case TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA:
- return Ciphersuite("DSA", "DH", "SHA-1", "Camellia", 32);
-
- case TLS_DHE_DSS_WITH_SEED_CBC_SHA:
- return Ciphersuite("DSA", "DH", "SHA-1", "SEED", 16);
-
- // DH/RSA ciphersuites
-
- case TLS_DHE_RSA_WITH_AES_128_CBC_SHA:
- return Ciphersuite("RSA", "DH", "SHA-1", "AES-128", 16);
-
- case TLS_DHE_RSA_WITH_AES_256_CBC_SHA:
- return Ciphersuite("RSA", "DH", "SHA-1", "AES-256", 32);
-
- case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:
- return Ciphersuite("RSA", "DH", "SHA-256", "AES-128", 16);
-
- case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
- return Ciphersuite("RSA", "DH", "SHA-256", "AES-256", 32);
-
- case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
- return Ciphersuite("RSA", "DH", "SHA-1", "3DES", 24);
-
- case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA:
- return Ciphersuite("RSA", "DH", "SHA-1", "Camellia", 16);
-
- case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA:
- return Ciphersuite("RSA", "DH", "SHA-1", "Camellia", 32);
-
- case TLS_DHE_RSA_WITH_SEED_CBC_SHA:
- return Ciphersuite("RSA", "DH", "SHA-1", "SEED", 16);
-
- // ECDH/RSA ciphersuites
- case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
- return Ciphersuite("RSA", "ECDH", "SHA-1", "AES-128", 16);
-
- case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
- return Ciphersuite("RSA", "ECDH", "SHA-1", "AES-256", 32);
-
- case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
- return Ciphersuite("RSA", "ECDH", "SHA-256", "AES-128", 16);
-
- case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:
- return Ciphersuite("RSA", "ECDH", "SHA-384", "AES-256", 32);
-
- case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:
- return Ciphersuite("RSA", "ECDH", "SHA-1", "3DES", 24);
-
- case TLS_ECDHE_RSA_WITH_RC4_128_SHA:
- return Ciphersuite("RSA", "ECDH", "SHA-1", "ARC4", 16);
-
- // ECDH/ECDSA ciphersuites
-
- case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:
- return Ciphersuite("ECDSA", "ECDH", "SHA-1", "AES-128", 16);
-
- case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
- return Ciphersuite("ECDSA", "ECDH", "SHA-1", "AES-256", 32);
-
- case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
- return Ciphersuite("ECDSA", "ECDH", "SHA-256", "AES-128", 16);
-
- case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384:
- return Ciphersuite("ECDSA", "ECDH", "SHA-384", "AES-256", 32);
-
- case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA:
- return Ciphersuite("ECDSA", "ECDH", "SHA-1", "ARC4", 16);
-
- case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA:
- return Ciphersuite("ECDSA", "ECDH", "SHA-1", "3DES", 24);
-
- // PSK ciphersuites
-
- case TLS_PSK_WITH_RC4_128_SHA:
- return Ciphersuite("", "PSK", "SHA-1", "ARC4", 16);
-
- case TLS_PSK_WITH_3DES_EDE_CBC_SHA:
- return Ciphersuite("", "PSK", "SHA-1", "3DES", 24);
-
- case TLS_PSK_WITH_AES_128_CBC_SHA:
- return Ciphersuite("", "PSK", "SHA-1", "AES-128", 16);
-
- case TLS_PSK_WITH_AES_128_CBC_SHA256:
- return Ciphersuite("", "PSK", "SHA-256", "AES-128", 16);
-
- case TLS_PSK_WITH_AES_256_CBC_SHA:
- return Ciphersuite("", "PSK", "SHA-1", "AES-256", 32);
-
- case TLS_PSK_WITH_AES_256_CBC_SHA384:
- return Ciphersuite("", "PSK", "SHA-384", "AES-256", 32);
-
- // PSK+DH ciphersuites
-
- case TLS_DHE_PSK_WITH_RC4_128_SHA:
- return Ciphersuite("", "DHE_PSK", "SHA-1", "ARC4", 16);
-
- case TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA:
- return Ciphersuite("", "DHE_PSK", "SHA-1", "3DES", 24);
-
- case TLS_DHE_PSK_WITH_AES_128_CBC_SHA:
- return Ciphersuite("", "DHE_PSK", "SHA-1", "AES-128", 16);
-
- case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256:
- return Ciphersuite("", "DHE_PSK", "SHA-256", "AES-128", 16);
-
- case TLS_DHE_PSK_WITH_AES_256_CBC_SHA:
- return Ciphersuite("", "DHE_PSK", "SHA-1", "AES-256", 32);
-
- case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384:
- return Ciphersuite("", "DHE_PSK", "SHA-384", "AES-256", 32);
-
- // PSK+ECDH ciphersuites
-
- case TLS_ECDHE_PSK_WITH_RC4_128_SHA:
- return Ciphersuite("", "ECDHE_PSK", "SHA-1", "ARC4", 16);
-
- case TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA:
- return Ciphersuite("", "ECDHE_PSK", "SHA-1", "3DES", 24);
-
- case TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA:
- return Ciphersuite("", "ECDHE_PSK", "SHA-1", "AES-128", 16);
-
- case TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256:
- return Ciphersuite("", "ECDHE_PSK", "SHA-256", "AES-128", 16);
-
- case TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA:
- return Ciphersuite("", "ECDHE_PSK", "SHA-1", "AES-256", 32);
-
- case TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384:
- return Ciphersuite("", "ECDHE_PSK", "SHA-384", "AES-256", 32);
-
- // SRP ciphersuites
-
- case TLS_SRP_SHA_WITH_AES_128_CBC_SHA:
- return Ciphersuite("", "SRP", "SHA-1", "AES-128", 16);
-
- case TLS_SRP_SHA_WITH_AES_256_CBC_SHA:
- return Ciphersuite("", "SRP", "SHA-1", "AES-256", 32);
-
- case TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA:
- return Ciphersuite("", "SRP", "SHA-1", "3DES", 24);
-
- // SRP/RSA ciphersuites
-
- case TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA:
- return Ciphersuite("RSA", "SRP", "SHA-1", "AES-128", 16);
-
- case TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA:
- return Ciphersuite("RSA", "SRP", "SHA-1", "AES-256", 32);
-
- case TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA:
- return Ciphersuite("RSA", "SRP", "SHA-1", "3DES", 24);
-
- // SRP/DSA ciphersuites
-
- case TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA:
- return Ciphersuite("DSA", "SRP", "SHA-1", "AES-128", 16);
-
- case TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA:
- return Ciphersuite("DSA", "SRP", "SHA-1", "AES-256", 32);
-
- case TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA:
- return Ciphersuite("DSA", "SRP", "SHA-1", "3DES", 24);
-
- // Signaling ciphersuite values
-
- case TLS_EMPTY_RENEGOTIATION_INFO_SCSV:
- return Ciphersuite();
- }
-
- return Ciphersuite(); // some unknown ciphersuite
- }
-
Ciphersuite Ciphersuite::by_name(const std::string& name)
{
for(size_t i = 0; i != 65536; ++i)
@@ -286,8 +45,6 @@ std::string Ciphersuite::to_string() const
out << "DHE";
else if(kex_algo() == "ECDH")
out << "ECDHE";
- else if(kex_algo() == "SRP")
- out << "SRP_SHA";
else
out << kex_algo();
@@ -329,19 +86,6 @@ std::string Ciphersuite::to_string() const
return out.str();
}
-Ciphersuite::Ciphersuite(const std::string& sig_algo,
- const std::string& kex_algo,
- const std::string& mac_algo,
- const std::string& cipher_algo,
- size_t cipher_algo_keylen) :
- m_sig_algo(sig_algo),
- m_kex_algo(kex_algo),
- m_mac_algo(mac_algo),
- m_cipher_algo(cipher_algo),
- m_cipher_keylen(cipher_algo_keylen)
- {
- }
-
}
}
diff --git a/src/tls/tls_ciphersuite.h b/src/tls/tls_ciphersuite.h
index e5d8c967b..6081fc9eb 100644
--- a/src/tls/tls_ciphersuite.h
+++ b/src/tls/tls_ciphersuite.h
@@ -21,6 +21,9 @@ namespace TLS {
class BOTAN_DLL Ciphersuite
{
public:
+ /**
+ * Convert an SSL/TLS ciphersuite to algorithm fields
+ */
static Ciphersuite by_id(u16bit suite);
static Ciphersuite by_name(const std::string& name);
@@ -46,7 +49,15 @@ class BOTAN_DLL Ciphersuite
const std::string& kex_algo,
const std::string& mac_algo,
const std::string& cipher_algo,
- size_t cipher_algo_keylen);
+ size_t cipher_algo_keylen) :
+ m_sig_algo(sig_algo),
+ m_kex_algo(kex_algo),
+ m_mac_algo(mac_algo),
+ m_cipher_algo(cipher_algo),
+ m_cipher_keylen(cipher_algo_keylen)
+ {
+ }
+
private:
std::string m_sig_algo, m_kex_algo, m_mac_algo, m_cipher_algo;
size_t m_cipher_keylen;
diff --git a/src/tls/tls_magic.h b/src/tls/tls_magic.h
index 0e45407d3..6dd50ead2 100644
--- a/src/tls/tls_magic.h
+++ b/src/tls/tls_magic.h
@@ -56,90 +56,6 @@ enum Handshake_Type {
HANDSHAKE_NONE = 255 // Null value
};
-enum Ciphersuite_Code {
- TLS_RSA_WITH_RC4_128_MD5 = 0x0004,
- TLS_RSA_WITH_RC4_128_SHA = 0x0005,
-
- TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x000A,
- TLS_RSA_WITH_AES_128_CBC_SHA = 0x002F,
- TLS_RSA_WITH_AES_256_CBC_SHA = 0x0035,
- TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x003C,
- TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x003D,
- TLS_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0041,
- TLS_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0084,
- TLS_RSA_WITH_SEED_CBC_SHA = 0x0096,
- TLS_RSA_WITH_IDEA_CBC_SHA = 0x0007,
-
- TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA = 0x0013,
- TLS_DHE_DSS_WITH_AES_128_CBC_SHA = 0x0032,
- TLS_DHE_DSS_WITH_AES_256_CBC_SHA = 0x0038,
- TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 = 0x0040,
- TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 = 0x006A,
- TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA = 0x0044,
- TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA = 0x0087,
- TLS_DHE_DSS_WITH_SEED_CBC_SHA = 0x0099,
- TLS_DHE_DSS_WITH_RC4_128_SHA = 0x0066,
-
- TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x0016,
- TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x0033,
- TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x0039,
- TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x0067,
- TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x006B,
- TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0045,
- TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0088,
- TLS_DHE_RSA_WITH_SEED_CBC_SHA = 0x009A,
-
- TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = 0xC007,
- TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = 0xC008,
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 0xC009,
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0xC00A,
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0xC023,
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 0xC024,
-
- TLS_ECDHE_RSA_WITH_RC4_128_SHA = 0xC011,
- TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 0xC012,
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0xC013,
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0xC014,
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0xC027,
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = 0xC028,
-
- TLS_PSK_WITH_RC4_128_SHA = 0x008A,
- TLS_PSK_WITH_3DES_EDE_CBC_SHA = 0x008B,
- TLS_PSK_WITH_AES_128_CBC_SHA = 0x008C,
- TLS_PSK_WITH_AES_256_CBC_SHA = 0x008D,
- TLS_PSK_WITH_AES_128_CBC_SHA256 = 0x00AE,
- TLS_PSK_WITH_AES_256_CBC_SHA384 = 0x00AF,
-
- TLS_DHE_PSK_WITH_RC4_128_SHA = 0x008E,
- TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA = 0x008F,
- TLS_DHE_PSK_WITH_AES_128_CBC_SHA = 0x0090,
- TLS_DHE_PSK_WITH_AES_256_CBC_SHA = 0x0091,
- TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 = 0x00B2,
- TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 = 0x00B3,
-
- TLS_ECDHE_PSK_WITH_RC4_128_SHA = 0xC033,
- TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA = 0xC034,
- TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA = 0xC035,
- TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA = 0xC036,
- TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 = 0xC037,
- TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 = 0xC038,
-
- TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA = 0xC01A,
- TLS_SRP_SHA_WITH_AES_128_CBC_SHA = 0xC01D,
- TLS_SRP_SHA_WITH_AES_256_CBC_SHA = 0xC020,
-
- TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA = 0xC01C,
- TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA = 0xC01F,
- TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA = 0xC022,
-
- TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA = 0xC01B,
- TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA = 0xC01E,
- TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA = 0xC021,
-
- /* signalling values that cannot be negotiated */
- TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0x00FF
-};
-
enum Compression_Method {
NO_COMPRESSION = 0x00,
DEFLATE_COMPRESSION = 0x01
diff --git a/src/tls/tls_policy.cpp b/src/tls/tls_policy.cpp
index 1ab55f7c6..59f3ce50c 100644
--- a/src/tls/tls_policy.cpp
+++ b/src/tls/tls_policy.cpp
@@ -11,8 +11,6 @@
#include <botan/tls_exceptn.h>
#include <botan/internal/stl_util.h>
-#include <assert.h>
-
namespace Botan {
namespace TLS {
@@ -25,8 +23,7 @@ std::vector<std::string> Policy::allowed_ciphers() const
allowed.push_back("AES-128");
allowed.push_back("3DES");
allowed.push_back("ARC4");
-
- // Note that Camellia, SEED and IDEA are not included by default
+ // Note that Camellia and SEED are not included by default
return allowed;
}
@@ -49,7 +46,7 @@ std::vector<std::string> Policy::allowed_key_exchange_methods() const
{
std::vector<std::string> allowed;
- //allowed.push_back("SRP");
+ //allowed.push_back("SRP_SHA");
//allowed.push_back("ECDHE_PSK");
//allowed.push_back("DHE_PSK");
//allowed.push_back("PSK");
@@ -183,7 +180,7 @@ std::vector<u16bit> Policy::ciphersuite_list(bool have_srp) const
if(!have_srp)
{
std::vector<std::string>::iterator i =
- std::find(kex.begin(), kex.end(), "SRP");
+ std::find(kex.begin(), kex.end(), "SRP_SHA");
if(i != kex.end())
kex.erase(i);
diff --git a/src/tls/tls_suite_info.cpp b/src/tls/tls_suite_info.cpp
new file mode 100644
index 000000000..12cf818b2
--- /dev/null
+++ b/src/tls/tls_suite_info.cpp
@@ -0,0 +1,274 @@
+/*
+* TLS Cipher Suite
+* (C) 2004-2010,2012 Jack Lloyd
+*
+* Released under the terms of the Botan license
+*/
+
+#include <botan/tls_ciphersuite.h>
+
+namespace Botan {
+
+namespace TLS {
+
+Ciphersuite Ciphersuite::by_id(u16bit suite)
+ {
+ switch(suite)
+ {
+
+ // Automatically generated by a Python script from the IANA values
+
+ case 0x0013: // DHE_DSS_WITH_3DES_EDE_CBC_SHA
+ return Ciphersuite("DSA", "DH", "SHA-1", "TripleDES", 24);
+
+ case 0x0032: // DHE_DSS_WITH_AES_128_CBC_SHA
+ return Ciphersuite("DSA", "DH", "SHA-1", "AES-128", 16);
+
+ case 0x0040: // DHE_DSS_WITH_AES_128_CBC_SHA256
+ return Ciphersuite("DSA", "DH", "SHA-256", "AES-128", 16);
+
+ case 0x0038: // DHE_DSS_WITH_AES_256_CBC_SHA
+ return Ciphersuite("DSA", "DH", "SHA-1", "AES-256", 32);
+
+ case 0x006A: // DHE_DSS_WITH_AES_256_CBC_SHA256
+ return Ciphersuite("DSA", "DH", "SHA-256", "AES-256", 32);
+
+ case 0x0044: // DHE_DSS_WITH_CAMELLIA_128_CBC_SHA
+ return Ciphersuite("DSA", "DH", "SHA-1", "Camellia", 16);
+
+ case 0x00BD: // DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256
+ return Ciphersuite("DSA", "DH", "SHA-256", "Camellia", 16);
+
+ case 0x0087: // DHE_DSS_WITH_CAMELLIA_256_CBC_SHA
+ return Ciphersuite("DSA", "DH", "SHA-1", "Camellia", 32);
+
+ case 0x00C3: // DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256
+ return Ciphersuite("DSA", "DH", "SHA-256", "Camellia", 32);
+
+ case 0x0066: // DHE_DSS_WITH_RC4_128_SHA
+ return Ciphersuite("DSA", "DH", "SHA-1", "ARC4", 16);
+
+ case 0x0099: // DHE_DSS_WITH_SEED_CBC_SHA
+ return Ciphersuite("DSA", "DH", "SHA-1", "SEED", 16);
+
+ case 0x008F: // DHE_PSK_WITH_3DES_EDE_CBC_SHA
+ return Ciphersuite("", "DHE_PSK", "SHA-1", "TripleDES", 24);
+
+ case 0x0090: // DHE_PSK_WITH_AES_128_CBC_SHA
+ return Ciphersuite("", "DHE_PSK", "SHA-1", "AES-128", 16);
+
+ case 0x00B2: // DHE_PSK_WITH_AES_128_CBC_SHA256
+ return Ciphersuite("", "DHE_PSK", "SHA-256", "AES-128", 16);
+
+ case 0x0091: // DHE_PSK_WITH_AES_256_CBC_SHA
+ return Ciphersuite("", "DHE_PSK", "SHA-1", "AES-256", 32);
+
+ case 0x00B3: // DHE_PSK_WITH_AES_256_CBC_SHA384
+ return Ciphersuite("", "DHE_PSK", "SHA-384", "AES-256", 32);
+
+ case 0xC096: // DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ return Ciphersuite("", "DHE_PSK", "SHA-256", "Camellia", 16);
+
+ case 0xC097: // DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ return Ciphersuite("", "DHE_PSK", "SHA-384", "Camellia", 32);
+
+ case 0x008E: // DHE_PSK_WITH_RC4_128_SHA
+ return Ciphersuite("", "DHE_PSK", "SHA-1", "ARC4", 16);
+
+ case 0x0016: // DHE_RSA_WITH_3DES_EDE_CBC_SHA
+ return Ciphersuite("RSA", "DH", "SHA-1", "TripleDES", 24);
+
+ case 0x0033: // DHE_RSA_WITH_AES_128_CBC_SHA
+ return Ciphersuite("RSA", "DH", "SHA-1", "AES-128", 16);
+
+ case 0x0067: // DHE_RSA_WITH_AES_128_CBC_SHA256
+ return Ciphersuite("RSA", "DH", "SHA-256", "AES-128", 16);
+
+ case 0x0039: // DHE_RSA_WITH_AES_256_CBC_SHA
+ return Ciphersuite("RSA", "DH", "SHA-1", "AES-256", 32);
+
+ case 0x006B: // DHE_RSA_WITH_AES_256_CBC_SHA256
+ return Ciphersuite("RSA", "DH", "SHA-256", "AES-256", 32);
+
+ case 0x0045: // DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
+ return Ciphersuite("RSA", "DH", "SHA-1", "Camellia", 16);
+
+ case 0x00BE: // DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ return Ciphersuite("RSA", "DH", "SHA-256", "Camellia", 16);
+
+ case 0x0088: // DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
+ return Ciphersuite("RSA", "DH", "SHA-1", "Camellia", 32);
+
+ case 0x00C4: // DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
+ return Ciphersuite("RSA", "DH", "SHA-256", "Camellia", 32);
+
+ case 0x009A: // DHE_RSA_WITH_SEED_CBC_SHA
+ return Ciphersuite("RSA", "DH", "SHA-1", "SEED", 16);
+
+ case 0xC008: // ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
+ return Ciphersuite("ECDSA", "ECDH", "SHA-1", "TripleDES", 24);
+
+ case 0xC009: // ECDHE_ECDSA_WITH_AES_128_CBC_SHA
+ return Ciphersuite("ECDSA", "ECDH", "SHA-1", "AES-128", 16);
+
+ case 0xC023: // ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
+ return Ciphersuite("ECDSA", "ECDH", "SHA-256", "AES-128", 16);
+
+ case 0xC00A: // ECDHE_ECDSA_WITH_AES_256_CBC_SHA
+ return Ciphersuite("ECDSA", "ECDH", "SHA-1", "AES-256", 32);
+
+ case 0xC024: // ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
+ return Ciphersuite("ECDSA", "ECDH", "SHA-384", "AES-256", 32);
+
+ case 0xC072: // ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
+ return Ciphersuite("ECDSA", "ECDH", "SHA-256", "Camellia", 16);
+
+ case 0xC073: // ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
+ return Ciphersuite("ECDSA", "ECDH", "SHA-384", "Camellia", 32);
+
+ case 0xC007: // ECDHE_ECDSA_WITH_RC4_128_SHA
+ return Ciphersuite("ECDSA", "ECDH", "SHA-1", "ARC4", 16);
+
+ case 0xC034: // ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
+ return Ciphersuite("", "ECDHE_PSK", "SHA-1", "TripleDES", 24);
+
+ case 0xC035: // ECDHE_PSK_WITH_AES_128_CBC_SHA
+ return Ciphersuite("", "ECDHE_PSK", "SHA-1", "AES-128", 16);
+
+ case 0xC037: // ECDHE_PSK_WITH_AES_128_CBC_SHA256
+ return Ciphersuite("", "ECDHE_PSK", "SHA-256", "AES-128", 16);
+
+ case 0xC036: // ECDHE_PSK_WITH_AES_256_CBC_SHA
+ return Ciphersuite("", "ECDHE_PSK", "SHA-1", "AES-256", 32);
+
+ case 0xC038: // ECDHE_PSK_WITH_AES_256_CBC_SHA384
+ return Ciphersuite("", "ECDHE_PSK", "SHA-384", "AES-256", 32);
+
+ case 0xC09A: // ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ return Ciphersuite("", "ECDHE_PSK", "SHA-256", "Camellia", 16);
+
+ case 0xC09B: // ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ return Ciphersuite("", "ECDHE_PSK", "SHA-384", "Camellia", 32);
+
+ case 0xC033: // ECDHE_PSK_WITH_RC4_128_SHA
+ return Ciphersuite("", "ECDHE_PSK", "SHA-1", "ARC4", 16);
+
+ case 0xC012: // ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
+ return Ciphersuite("RSA", "ECDH", "SHA-1", "TripleDES", 24);
+
+ case 0xC013: // ECDHE_RSA_WITH_AES_128_CBC_SHA
+ return Ciphersuite("RSA", "ECDH", "SHA-1", "AES-128", 16);
+
+ case 0xC027: // ECDHE_RSA_WITH_AES_128_CBC_SHA256
+ return Ciphersuite("RSA", "ECDH", "SHA-256", "AES-128", 16);
+
+ case 0xC014: // ECDHE_RSA_WITH_AES_256_CBC_SHA
+ return Ciphersuite("RSA", "ECDH", "SHA-1", "AES-256", 32);
+
+ case 0xC028: // ECDHE_RSA_WITH_AES_256_CBC_SHA384
+ return Ciphersuite("RSA", "ECDH", "SHA-384", "AES-256", 32);
+
+ case 0xC076: // ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ return Ciphersuite("RSA", "ECDH", "SHA-256", "Camellia", 16);
+
+ case 0xC077: // ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
+ return Ciphersuite("RSA", "ECDH", "SHA-384", "Camellia", 32);
+
+ case 0xC011: // ECDHE_RSA_WITH_RC4_128_SHA
+ return Ciphersuite("RSA", "ECDH", "SHA-1", "ARC4", 16);
+
+ case 0x008B: // PSK_WITH_3DES_EDE_CBC_SHA
+ return Ciphersuite("", "PSK", "SHA-1", "TripleDES", 24);
+
+ case 0x008C: // PSK_WITH_AES_128_CBC_SHA
+ return Ciphersuite("", "PSK", "SHA-1", "AES-128", 16);
+
+ case 0x00AE: // PSK_WITH_AES_128_CBC_SHA256
+ return Ciphersuite("", "PSK", "SHA-256", "AES-128", 16);
+
+ case 0x008D: // PSK_WITH_AES_256_CBC_SHA
+ return Ciphersuite("", "PSK", "SHA-1", "AES-256", 32);
+
+ case 0x00AF: // PSK_WITH_AES_256_CBC_SHA384
+ return Ciphersuite("", "PSK", "SHA-384", "AES-256", 32);
+
+ case 0xC094: // PSK_WITH_CAMELLIA_128_CBC_SHA256
+ return Ciphersuite("", "PSK", "SHA-256", "Camellia", 16);
+
+ case 0xC095: // PSK_WITH_CAMELLIA_256_CBC_SHA384
+ return Ciphersuite("", "PSK", "SHA-384", "Camellia", 32);
+
+ case 0x008A: // PSK_WITH_RC4_128_SHA
+ return Ciphersuite("", "PSK", "SHA-1", "ARC4", 16);
+
+ case 0x000A: // RSA_WITH_3DES_EDE_CBC_SHA
+ return Ciphersuite("RSA", "RSA", "SHA-1", "TripleDES", 24);
+
+ case 0x002F: // RSA_WITH_AES_128_CBC_SHA
+ return Ciphersuite("RSA", "RSA", "SHA-1", "AES-128", 16);
+
+ case 0x003C: // RSA_WITH_AES_128_CBC_SHA256
+ return Ciphersuite("RSA", "RSA", "SHA-256", "AES-128", 16);
+
+ case 0x0035: // RSA_WITH_AES_256_CBC_SHA
+ return Ciphersuite("RSA", "RSA", "SHA-1", "AES-256", 32);
+
+ case 0x003D: // RSA_WITH_AES_256_CBC_SHA256
+ return Ciphersuite("RSA", "RSA", "SHA-256", "AES-256", 32);
+
+ case 0x0041: // RSA_WITH_CAMELLIA_128_CBC_SHA
+ return Ciphersuite("RSA", "RSA", "SHA-1", "Camellia", 16);
+
+ case 0x00BA: // RSA_WITH_CAMELLIA_128_CBC_SHA256
+ return Ciphersuite("RSA", "RSA", "SHA-256", "Camellia", 16);
+
+ case 0x0084: // RSA_WITH_CAMELLIA_256_CBC_SHA
+ return Ciphersuite("RSA", "RSA", "SHA-1", "Camellia", 32);
+
+ case 0x00C0: // RSA_WITH_CAMELLIA_256_CBC_SHA256
+ return Ciphersuite("RSA", "RSA", "SHA-256", "Camellia", 32);
+
+ case 0x0004: // RSA_WITH_RC4_128_MD5
+ return Ciphersuite("RSA", "RSA", "MD5", "ARC4", 16);
+
+ case 0x0005: // RSA_WITH_RC4_128_SHA
+ return Ciphersuite("RSA", "RSA", "SHA-1", "ARC4", 16);
+
+ case 0x0096: // RSA_WITH_SEED_CBC_SHA
+ return Ciphersuite("RSA", "RSA", "SHA-1", "SEED", 16);
+
+ case 0xC01C: // SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA
+ return Ciphersuite("DSA", "SRP_SHA", "SHA-1", "TripleDES", 24);
+
+ case 0xC01F: // SRP_SHA_DSS_WITH_AES_128_CBC_SHA
+ return Ciphersuite("DSA", "SRP_SHA", "SHA-1", "AES-128", 16);
+
+ case 0xC022: // SRP_SHA_DSS_WITH_AES_256_CBC_SHA
+ return Ciphersuite("DSA", "SRP_SHA", "SHA-1", "AES-256", 32);
+
+ case 0xC01B: // SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA
+ return Ciphersuite("RSA", "SRP_SHA", "SHA-1", "TripleDES", 24);
+
+ case 0xC01E: // SRP_SHA_RSA_WITH_AES_128_CBC_SHA
+ return Ciphersuite("RSA", "SRP_SHA", "SHA-1", "AES-128", 16);
+
+ case 0xC021: // SRP_SHA_RSA_WITH_AES_256_CBC_SHA
+ return Ciphersuite("RSA", "SRP_SHA", "SHA-1", "AES-256", 32);
+
+ case 0xC01A: // SRP_SHA_WITH_3DES_EDE_CBC_SHA
+ return Ciphersuite("", "SRP_SHA", "SHA-1", "TripleDES", 24);
+
+ case 0xC01D: // SRP_SHA_WITH_AES_128_CBC_SHA
+ return Ciphersuite("", "SRP_SHA", "SHA-1", "AES-128", 16);
+
+ case 0xC020: // SRP_SHA_WITH_AES_256_CBC_SHA
+ return Ciphersuite("", "SRP_SHA", "SHA-1", "AES-256", 32);
+
+ }
+
+ return Ciphersuite(); // some unknown ciphersuite
+ }
+
+}
+
+}