diff options
author | lloyd <[email protected]> | 2012-03-30 18:35:25 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2012-03-30 18:35:25 +0000 |
commit | 4b4edaa984cb0b26e8246f19e594cb8d173ae833 (patch) | |
tree | 6909a725dc913e11cdf6f5fa16d4859830f15235 /src/tls | |
parent | 4c12fa5de1b59f2c58f974412231a19c4dc7c10f (diff) |
Remove the Ciphersuite_Code enum and move all ciphersuite
integer->info mapping to tls_suite_info.cpp which is mostly
autogenerated by a Python script from the IANA parameters file.
The SRP method now uses kex "SRP_SHA" which is what the RFC calls it.
(And hypothetically, SRP_SHA256 might be defined at some point and
we'd need to be able to distinguish them).
Remove IDEA ciphersuite; we don't want to require IDEA be available
due to the European patent still being valid (IIRC), but I didn't want
to have to hand-edit the autogenerated switch with an #if check. Not a
huge issue though as most sites don't support it anyway.
Diffstat (limited to 'src/tls')
-rw-r--r-- | src/tls/c_hello.cpp | 4 | ||||
-rw-r--r-- | src/tls/info.txt | 7 | ||||
-rw-r--r-- | src/tls/tls_ciphersuite.cpp | 258 | ||||
-rw-r--r-- | src/tls/tls_ciphersuite.h | 13 | ||||
-rw-r--r-- | src/tls/tls_magic.h | 84 | ||||
-rw-r--r-- | src/tls/tls_policy.cpp | 9 | ||||
-rw-r--r-- | src/tls/tls_suite_info.cpp | 274 |
7 files changed, 298 insertions, 351 deletions
diff --git a/src/tls/c_hello.cpp b/src/tls/c_hello.cpp index 3428225d0..d51bbac63 100644 --- a/src/tls/c_hello.cpp +++ b/src/tls/c_hello.cpp @@ -17,6 +17,10 @@ namespace Botan { namespace TLS { +enum { + TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0x00FF +}; + MemoryVector<byte> make_hello_random(RandomNumberGenerator& rng) { MemoryVector<byte> buf(32); diff --git a/src/tls/info.txt b/src/tls/info.txt index ff84c3448..21d3d54c1 100644 --- a/src/tls/info.txt +++ b/src/tls/info.txt @@ -10,6 +10,7 @@ uses_tr1 yes <header:public> tls_alert.h tls_channel.h +tls_ciphersuite.h tls_client.h tls_exceptn.h tls_magic.h @@ -18,7 +19,6 @@ tls_record.h tls_server.h tls_session.h tls_session_manager.h -tls_ciphersuite.h tls_version.h </header:public> @@ -33,7 +33,6 @@ tls_session_key.h </header:internal> <source> -tls_alert.cpp c_hello.cpp c_kex.cpp cert_req.cpp @@ -46,7 +45,9 @@ rec_wri.cpp s_hello.cpp s_kex.cpp session_ticket.cpp +tls_alert.cpp tls_channel.cpp +tls_ciphersuite.cpp tls_client.cpp tls_extensions.cpp tls_handshake_hash.cpp @@ -57,7 +58,7 @@ tls_server.cpp tls_session.cpp tls_session_key.cpp tls_session_manager.cpp -tls_ciphersuite.cpp +tls_suite_info.cpp tls_version.cpp </source> diff --git a/src/tls/tls_ciphersuite.cpp b/src/tls/tls_ciphersuite.cpp index 247948464..d3d8f061b 100644 --- a/src/tls/tls_ciphersuite.cpp +++ b/src/tls/tls_ciphersuite.cpp @@ -1,12 +1,11 @@ /* -* TLS Cipher Suites +* TLS Cipher Suite * (C) 2004-2010,2012 Jack Lloyd * * Released under the terms of the Botan license */ #include <botan/tls_ciphersuite.h> -#include <botan/tls_magic.h> #include <botan/parsing.h> #include <sstream> #include <stdexcept> @@ -15,246 +14,6 @@ namespace Botan { namespace TLS { -/** -* Convert an SSL/TLS ciphersuite to algorithm fields -*/ -Ciphersuite Ciphersuite::by_id(u16bit suite) - { - switch(static_cast<Ciphersuite_Code>(suite)) - { - // RSA ciphersuites - - case TLS_RSA_WITH_AES_128_CBC_SHA: - return Ciphersuite("RSA", "RSA", "SHA-1", "AES-128", 16); - - case TLS_RSA_WITH_AES_256_CBC_SHA: - return Ciphersuite("RSA", "RSA", "SHA-1", "AES-256", 32); - - case TLS_RSA_WITH_AES_128_CBC_SHA256: - return Ciphersuite("RSA", "RSA", "SHA-256", "AES-128", 16); - - case TLS_RSA_WITH_AES_256_CBC_SHA256: - return Ciphersuite("RSA", "RSA", "SHA-256", "AES-256", 32); - - case TLS_RSA_WITH_3DES_EDE_CBC_SHA: - return Ciphersuite("RSA", "RSA", "SHA-1", "3DES", 24); - - case TLS_RSA_WITH_RC4_128_SHA: - return Ciphersuite("RSA", "RSA", "SHA-1", "ARC4", 16); - - case TLS_RSA_WITH_RC4_128_MD5: - return Ciphersuite("RSA", "RSA", "MD5", "ARC4", 16); - - case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA: - return Ciphersuite("RSA", "RSA", "SHA-1", "Camellia", 16); - - case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA: - return Ciphersuite("RSA", "RSA", "SHA-1", "Camellia", 32); - - case TLS_RSA_WITH_SEED_CBC_SHA: - return Ciphersuite("RSA", "RSA", "SHA-1", "SEED", 16); - -#if defined(BOTAN_HAS_IDEA) - case TLS_RSA_WITH_IDEA_CBC_SHA: - return Ciphersuite("RSA", "RSA", "SHA-1", "IDEA", 16); -#endif - - // DH/DSS ciphersuites - - case TLS_DHE_DSS_WITH_AES_128_CBC_SHA: - return Ciphersuite("DSA", "DH", "SHA-1", "AES-128", 16); - - case TLS_DHE_DSS_WITH_AES_256_CBC_SHA: - return Ciphersuite("DSA", "DH", "SHA-1", "AES-256", 32); - - case TLS_DHE_DSS_WITH_AES_128_CBC_SHA256: - return Ciphersuite("DSA", "DH", "SHA-256", "AES-128", 16); - - case TLS_DHE_DSS_WITH_AES_256_CBC_SHA256: - return Ciphersuite("DSA", "DH", "SHA-256", "AES-256", 32); - - case TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA: - return Ciphersuite("DSA", "DH", "SHA-1", "3DES", 24); - - case TLS_DHE_DSS_WITH_RC4_128_SHA: - return Ciphersuite("DSA", "DH", "SHA-1", "ARC4", 16); - - case TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA: - return Ciphersuite("DSA", "DH", "SHA-1", "Camellia", 16); - - case TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA: - return Ciphersuite("DSA", "DH", "SHA-1", "Camellia", 32); - - case TLS_DHE_DSS_WITH_SEED_CBC_SHA: - return Ciphersuite("DSA", "DH", "SHA-1", "SEED", 16); - - // DH/RSA ciphersuites - - case TLS_DHE_RSA_WITH_AES_128_CBC_SHA: - return Ciphersuite("RSA", "DH", "SHA-1", "AES-128", 16); - - case TLS_DHE_RSA_WITH_AES_256_CBC_SHA: - return Ciphersuite("RSA", "DH", "SHA-1", "AES-256", 32); - - case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: - return Ciphersuite("RSA", "DH", "SHA-256", "AES-128", 16); - - case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: - return Ciphersuite("RSA", "DH", "SHA-256", "AES-256", 32); - - case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA: - return Ciphersuite("RSA", "DH", "SHA-1", "3DES", 24); - - case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA: - return Ciphersuite("RSA", "DH", "SHA-1", "Camellia", 16); - - case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA: - return Ciphersuite("RSA", "DH", "SHA-1", "Camellia", 32); - - case TLS_DHE_RSA_WITH_SEED_CBC_SHA: - return Ciphersuite("RSA", "DH", "SHA-1", "SEED", 16); - - // ECDH/RSA ciphersuites - case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: - return Ciphersuite("RSA", "ECDH", "SHA-1", "AES-128", 16); - - case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: - return Ciphersuite("RSA", "ECDH", "SHA-1", "AES-256", 32); - - case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: - return Ciphersuite("RSA", "ECDH", "SHA-256", "AES-128", 16); - - case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384: - return Ciphersuite("RSA", "ECDH", "SHA-384", "AES-256", 32); - - case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA: - return Ciphersuite("RSA", "ECDH", "SHA-1", "3DES", 24); - - case TLS_ECDHE_RSA_WITH_RC4_128_SHA: - return Ciphersuite("RSA", "ECDH", "SHA-1", "ARC4", 16); - - // ECDH/ECDSA ciphersuites - - case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: - return Ciphersuite("ECDSA", "ECDH", "SHA-1", "AES-128", 16); - - case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: - return Ciphersuite("ECDSA", "ECDH", "SHA-1", "AES-256", 32); - - case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: - return Ciphersuite("ECDSA", "ECDH", "SHA-256", "AES-128", 16); - - case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384: - return Ciphersuite("ECDSA", "ECDH", "SHA-384", "AES-256", 32); - - case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA: - return Ciphersuite("ECDSA", "ECDH", "SHA-1", "ARC4", 16); - - case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA: - return Ciphersuite("ECDSA", "ECDH", "SHA-1", "3DES", 24); - - // PSK ciphersuites - - case TLS_PSK_WITH_RC4_128_SHA: - return Ciphersuite("", "PSK", "SHA-1", "ARC4", 16); - - case TLS_PSK_WITH_3DES_EDE_CBC_SHA: - return Ciphersuite("", "PSK", "SHA-1", "3DES", 24); - - case TLS_PSK_WITH_AES_128_CBC_SHA: - return Ciphersuite("", "PSK", "SHA-1", "AES-128", 16); - - case TLS_PSK_WITH_AES_128_CBC_SHA256: - return Ciphersuite("", "PSK", "SHA-256", "AES-128", 16); - - case TLS_PSK_WITH_AES_256_CBC_SHA: - return Ciphersuite("", "PSK", "SHA-1", "AES-256", 32); - - case TLS_PSK_WITH_AES_256_CBC_SHA384: - return Ciphersuite("", "PSK", "SHA-384", "AES-256", 32); - - // PSK+DH ciphersuites - - case TLS_DHE_PSK_WITH_RC4_128_SHA: - return Ciphersuite("", "DHE_PSK", "SHA-1", "ARC4", 16); - - case TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA: - return Ciphersuite("", "DHE_PSK", "SHA-1", "3DES", 24); - - case TLS_DHE_PSK_WITH_AES_128_CBC_SHA: - return Ciphersuite("", "DHE_PSK", "SHA-1", "AES-128", 16); - - case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256: - return Ciphersuite("", "DHE_PSK", "SHA-256", "AES-128", 16); - - case TLS_DHE_PSK_WITH_AES_256_CBC_SHA: - return Ciphersuite("", "DHE_PSK", "SHA-1", "AES-256", 32); - - case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384: - return Ciphersuite("", "DHE_PSK", "SHA-384", "AES-256", 32); - - // PSK+ECDH ciphersuites - - case TLS_ECDHE_PSK_WITH_RC4_128_SHA: - return Ciphersuite("", "ECDHE_PSK", "SHA-1", "ARC4", 16); - - case TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA: - return Ciphersuite("", "ECDHE_PSK", "SHA-1", "3DES", 24); - - case TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA: - return Ciphersuite("", "ECDHE_PSK", "SHA-1", "AES-128", 16); - - case TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256: - return Ciphersuite("", "ECDHE_PSK", "SHA-256", "AES-128", 16); - - case TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA: - return Ciphersuite("", "ECDHE_PSK", "SHA-1", "AES-256", 32); - - case TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384: - return Ciphersuite("", "ECDHE_PSK", "SHA-384", "AES-256", 32); - - // SRP ciphersuites - - case TLS_SRP_SHA_WITH_AES_128_CBC_SHA: - return Ciphersuite("", "SRP", "SHA-1", "AES-128", 16); - - case TLS_SRP_SHA_WITH_AES_256_CBC_SHA: - return Ciphersuite("", "SRP", "SHA-1", "AES-256", 32); - - case TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA: - return Ciphersuite("", "SRP", "SHA-1", "3DES", 24); - - // SRP/RSA ciphersuites - - case TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA: - return Ciphersuite("RSA", "SRP", "SHA-1", "AES-128", 16); - - case TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA: - return Ciphersuite("RSA", "SRP", "SHA-1", "AES-256", 32); - - case TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA: - return Ciphersuite("RSA", "SRP", "SHA-1", "3DES", 24); - - // SRP/DSA ciphersuites - - case TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA: - return Ciphersuite("DSA", "SRP", "SHA-1", "AES-128", 16); - - case TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA: - return Ciphersuite("DSA", "SRP", "SHA-1", "AES-256", 32); - - case TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA: - return Ciphersuite("DSA", "SRP", "SHA-1", "3DES", 24); - - // Signaling ciphersuite values - - case TLS_EMPTY_RENEGOTIATION_INFO_SCSV: - return Ciphersuite(); - } - - return Ciphersuite(); // some unknown ciphersuite - } - Ciphersuite Ciphersuite::by_name(const std::string& name) { for(size_t i = 0; i != 65536; ++i) @@ -286,8 +45,6 @@ std::string Ciphersuite::to_string() const out << "DHE"; else if(kex_algo() == "ECDH") out << "ECDHE"; - else if(kex_algo() == "SRP") - out << "SRP_SHA"; else out << kex_algo(); @@ -329,19 +86,6 @@ std::string Ciphersuite::to_string() const return out.str(); } -Ciphersuite::Ciphersuite(const std::string& sig_algo, - const std::string& kex_algo, - const std::string& mac_algo, - const std::string& cipher_algo, - size_t cipher_algo_keylen) : - m_sig_algo(sig_algo), - m_kex_algo(kex_algo), - m_mac_algo(mac_algo), - m_cipher_algo(cipher_algo), - m_cipher_keylen(cipher_algo_keylen) - { - } - } } diff --git a/src/tls/tls_ciphersuite.h b/src/tls/tls_ciphersuite.h index e5d8c967b..6081fc9eb 100644 --- a/src/tls/tls_ciphersuite.h +++ b/src/tls/tls_ciphersuite.h @@ -21,6 +21,9 @@ namespace TLS { class BOTAN_DLL Ciphersuite { public: + /** + * Convert an SSL/TLS ciphersuite to algorithm fields + */ static Ciphersuite by_id(u16bit suite); static Ciphersuite by_name(const std::string& name); @@ -46,7 +49,15 @@ class BOTAN_DLL Ciphersuite const std::string& kex_algo, const std::string& mac_algo, const std::string& cipher_algo, - size_t cipher_algo_keylen); + size_t cipher_algo_keylen) : + m_sig_algo(sig_algo), + m_kex_algo(kex_algo), + m_mac_algo(mac_algo), + m_cipher_algo(cipher_algo), + m_cipher_keylen(cipher_algo_keylen) + { + } + private: std::string m_sig_algo, m_kex_algo, m_mac_algo, m_cipher_algo; size_t m_cipher_keylen; diff --git a/src/tls/tls_magic.h b/src/tls/tls_magic.h index 0e45407d3..6dd50ead2 100644 --- a/src/tls/tls_magic.h +++ b/src/tls/tls_magic.h @@ -56,90 +56,6 @@ enum Handshake_Type { HANDSHAKE_NONE = 255 // Null value }; -enum Ciphersuite_Code { - TLS_RSA_WITH_RC4_128_MD5 = 0x0004, - TLS_RSA_WITH_RC4_128_SHA = 0x0005, - - TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x000A, - TLS_RSA_WITH_AES_128_CBC_SHA = 0x002F, - TLS_RSA_WITH_AES_256_CBC_SHA = 0x0035, - TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x003C, - TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x003D, - TLS_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0041, - TLS_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0084, - TLS_RSA_WITH_SEED_CBC_SHA = 0x0096, - TLS_RSA_WITH_IDEA_CBC_SHA = 0x0007, - - TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA = 0x0013, - TLS_DHE_DSS_WITH_AES_128_CBC_SHA = 0x0032, - TLS_DHE_DSS_WITH_AES_256_CBC_SHA = 0x0038, - TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 = 0x0040, - TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 = 0x006A, - TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA = 0x0044, - TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA = 0x0087, - TLS_DHE_DSS_WITH_SEED_CBC_SHA = 0x0099, - TLS_DHE_DSS_WITH_RC4_128_SHA = 0x0066, - - TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x0016, - TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x0033, - TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x0039, - TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x0067, - TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x006B, - TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0045, - TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0088, - TLS_DHE_RSA_WITH_SEED_CBC_SHA = 0x009A, - - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = 0xC007, - TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = 0xC008, - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 0xC009, - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0xC00A, - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0xC023, - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 0xC024, - - TLS_ECDHE_RSA_WITH_RC4_128_SHA = 0xC011, - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 0xC012, - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0xC013, - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0xC014, - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0xC027, - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = 0xC028, - - TLS_PSK_WITH_RC4_128_SHA = 0x008A, - TLS_PSK_WITH_3DES_EDE_CBC_SHA = 0x008B, - TLS_PSK_WITH_AES_128_CBC_SHA = 0x008C, - TLS_PSK_WITH_AES_256_CBC_SHA = 0x008D, - TLS_PSK_WITH_AES_128_CBC_SHA256 = 0x00AE, - TLS_PSK_WITH_AES_256_CBC_SHA384 = 0x00AF, - - TLS_DHE_PSK_WITH_RC4_128_SHA = 0x008E, - TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA = 0x008F, - TLS_DHE_PSK_WITH_AES_128_CBC_SHA = 0x0090, - TLS_DHE_PSK_WITH_AES_256_CBC_SHA = 0x0091, - TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 = 0x00B2, - TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 = 0x00B3, - - TLS_ECDHE_PSK_WITH_RC4_128_SHA = 0xC033, - TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA = 0xC034, - TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA = 0xC035, - TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA = 0xC036, - TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 = 0xC037, - TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 = 0xC038, - - TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA = 0xC01A, - TLS_SRP_SHA_WITH_AES_128_CBC_SHA = 0xC01D, - TLS_SRP_SHA_WITH_AES_256_CBC_SHA = 0xC020, - - TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA = 0xC01C, - TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA = 0xC01F, - TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA = 0xC022, - - TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA = 0xC01B, - TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA = 0xC01E, - TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA = 0xC021, - - /* signalling values that cannot be negotiated */ - TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0x00FF -}; - enum Compression_Method { NO_COMPRESSION = 0x00, DEFLATE_COMPRESSION = 0x01 diff --git a/src/tls/tls_policy.cpp b/src/tls/tls_policy.cpp index 1ab55f7c6..59f3ce50c 100644 --- a/src/tls/tls_policy.cpp +++ b/src/tls/tls_policy.cpp @@ -11,8 +11,6 @@ #include <botan/tls_exceptn.h> #include <botan/internal/stl_util.h> -#include <assert.h> - namespace Botan { namespace TLS { @@ -25,8 +23,7 @@ std::vector<std::string> Policy::allowed_ciphers() const allowed.push_back("AES-128"); allowed.push_back("3DES"); allowed.push_back("ARC4"); - - // Note that Camellia, SEED and IDEA are not included by default + // Note that Camellia and SEED are not included by default return allowed; } @@ -49,7 +46,7 @@ std::vector<std::string> Policy::allowed_key_exchange_methods() const { std::vector<std::string> allowed; - //allowed.push_back("SRP"); + //allowed.push_back("SRP_SHA"); //allowed.push_back("ECDHE_PSK"); //allowed.push_back("DHE_PSK"); //allowed.push_back("PSK"); @@ -183,7 +180,7 @@ std::vector<u16bit> Policy::ciphersuite_list(bool have_srp) const if(!have_srp) { std::vector<std::string>::iterator i = - std::find(kex.begin(), kex.end(), "SRP"); + std::find(kex.begin(), kex.end(), "SRP_SHA"); if(i != kex.end()) kex.erase(i); diff --git a/src/tls/tls_suite_info.cpp b/src/tls/tls_suite_info.cpp new file mode 100644 index 000000000..12cf818b2 --- /dev/null +++ b/src/tls/tls_suite_info.cpp @@ -0,0 +1,274 @@ +/* +* TLS Cipher Suite +* (C) 2004-2010,2012 Jack Lloyd +* +* Released under the terms of the Botan license +*/ + +#include <botan/tls_ciphersuite.h> + +namespace Botan { + +namespace TLS { + +Ciphersuite Ciphersuite::by_id(u16bit suite) + { + switch(suite) + { + + // Automatically generated by a Python script from the IANA values + + case 0x0013: // DHE_DSS_WITH_3DES_EDE_CBC_SHA + return Ciphersuite("DSA", "DH", "SHA-1", "TripleDES", 24); + + case 0x0032: // DHE_DSS_WITH_AES_128_CBC_SHA + return Ciphersuite("DSA", "DH", "SHA-1", "AES-128", 16); + + case 0x0040: // DHE_DSS_WITH_AES_128_CBC_SHA256 + return Ciphersuite("DSA", "DH", "SHA-256", "AES-128", 16); + + case 0x0038: // DHE_DSS_WITH_AES_256_CBC_SHA + return Ciphersuite("DSA", "DH", "SHA-1", "AES-256", 32); + + case 0x006A: // DHE_DSS_WITH_AES_256_CBC_SHA256 + return Ciphersuite("DSA", "DH", "SHA-256", "AES-256", 32); + + case 0x0044: // DHE_DSS_WITH_CAMELLIA_128_CBC_SHA + return Ciphersuite("DSA", "DH", "SHA-1", "Camellia", 16); + + case 0x00BD: // DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 + return Ciphersuite("DSA", "DH", "SHA-256", "Camellia", 16); + + case 0x0087: // DHE_DSS_WITH_CAMELLIA_256_CBC_SHA + return Ciphersuite("DSA", "DH", "SHA-1", "Camellia", 32); + + case 0x00C3: // DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 + return Ciphersuite("DSA", "DH", "SHA-256", "Camellia", 32); + + case 0x0066: // DHE_DSS_WITH_RC4_128_SHA + return Ciphersuite("DSA", "DH", "SHA-1", "ARC4", 16); + + case 0x0099: // DHE_DSS_WITH_SEED_CBC_SHA + return Ciphersuite("DSA", "DH", "SHA-1", "SEED", 16); + + case 0x008F: // DHE_PSK_WITH_3DES_EDE_CBC_SHA + return Ciphersuite("", "DHE_PSK", "SHA-1", "TripleDES", 24); + + case 0x0090: // DHE_PSK_WITH_AES_128_CBC_SHA + return Ciphersuite("", "DHE_PSK", "SHA-1", "AES-128", 16); + + case 0x00B2: // DHE_PSK_WITH_AES_128_CBC_SHA256 + return Ciphersuite("", "DHE_PSK", "SHA-256", "AES-128", 16); + + case 0x0091: // DHE_PSK_WITH_AES_256_CBC_SHA + return Ciphersuite("", "DHE_PSK", "SHA-1", "AES-256", 32); + + case 0x00B3: // DHE_PSK_WITH_AES_256_CBC_SHA384 + return Ciphersuite("", "DHE_PSK", "SHA-384", "AES-256", 32); + + case 0xC096: // DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 + return Ciphersuite("", "DHE_PSK", "SHA-256", "Camellia", 16); + + case 0xC097: // DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 + return Ciphersuite("", "DHE_PSK", "SHA-384", "Camellia", 32); + + case 0x008E: // DHE_PSK_WITH_RC4_128_SHA + return Ciphersuite("", "DHE_PSK", "SHA-1", "ARC4", 16); + + case 0x0016: // DHE_RSA_WITH_3DES_EDE_CBC_SHA + return Ciphersuite("RSA", "DH", "SHA-1", "TripleDES", 24); + + case 0x0033: // DHE_RSA_WITH_AES_128_CBC_SHA + return Ciphersuite("RSA", "DH", "SHA-1", "AES-128", 16); + + case 0x0067: // DHE_RSA_WITH_AES_128_CBC_SHA256 + return Ciphersuite("RSA", "DH", "SHA-256", "AES-128", 16); + + case 0x0039: // DHE_RSA_WITH_AES_256_CBC_SHA + return Ciphersuite("RSA", "DH", "SHA-1", "AES-256", 32); + + case 0x006B: // DHE_RSA_WITH_AES_256_CBC_SHA256 + return Ciphersuite("RSA", "DH", "SHA-256", "AES-256", 32); + + case 0x0045: // DHE_RSA_WITH_CAMELLIA_128_CBC_SHA + return Ciphersuite("RSA", "DH", "SHA-1", "Camellia", 16); + + case 0x00BE: // DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 + return Ciphersuite("RSA", "DH", "SHA-256", "Camellia", 16); + + case 0x0088: // DHE_RSA_WITH_CAMELLIA_256_CBC_SHA + return Ciphersuite("RSA", "DH", "SHA-1", "Camellia", 32); + + case 0x00C4: // DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 + return Ciphersuite("RSA", "DH", "SHA-256", "Camellia", 32); + + case 0x009A: // DHE_RSA_WITH_SEED_CBC_SHA + return Ciphersuite("RSA", "DH", "SHA-1", "SEED", 16); + + case 0xC008: // ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA + return Ciphersuite("ECDSA", "ECDH", "SHA-1", "TripleDES", 24); + + case 0xC009: // ECDHE_ECDSA_WITH_AES_128_CBC_SHA + return Ciphersuite("ECDSA", "ECDH", "SHA-1", "AES-128", 16); + + case 0xC023: // ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 + return Ciphersuite("ECDSA", "ECDH", "SHA-256", "AES-128", 16); + + case 0xC00A: // ECDHE_ECDSA_WITH_AES_256_CBC_SHA + return Ciphersuite("ECDSA", "ECDH", "SHA-1", "AES-256", 32); + + case 0xC024: // ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 + return Ciphersuite("ECDSA", "ECDH", "SHA-384", "AES-256", 32); + + case 0xC072: // ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 + return Ciphersuite("ECDSA", "ECDH", "SHA-256", "Camellia", 16); + + case 0xC073: // ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 + return Ciphersuite("ECDSA", "ECDH", "SHA-384", "Camellia", 32); + + case 0xC007: // ECDHE_ECDSA_WITH_RC4_128_SHA + return Ciphersuite("ECDSA", "ECDH", "SHA-1", "ARC4", 16); + + case 0xC034: // ECDHE_PSK_WITH_3DES_EDE_CBC_SHA + return Ciphersuite("", "ECDHE_PSK", "SHA-1", "TripleDES", 24); + + case 0xC035: // ECDHE_PSK_WITH_AES_128_CBC_SHA + return Ciphersuite("", "ECDHE_PSK", "SHA-1", "AES-128", 16); + + case 0xC037: // ECDHE_PSK_WITH_AES_128_CBC_SHA256 + return Ciphersuite("", "ECDHE_PSK", "SHA-256", "AES-128", 16); + + case 0xC036: // ECDHE_PSK_WITH_AES_256_CBC_SHA + return Ciphersuite("", "ECDHE_PSK", "SHA-1", "AES-256", 32); + + case 0xC038: // ECDHE_PSK_WITH_AES_256_CBC_SHA384 + return Ciphersuite("", "ECDHE_PSK", "SHA-384", "AES-256", 32); + + case 0xC09A: // ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 + return Ciphersuite("", "ECDHE_PSK", "SHA-256", "Camellia", 16); + + case 0xC09B: // ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 + return Ciphersuite("", "ECDHE_PSK", "SHA-384", "Camellia", 32); + + case 0xC033: // ECDHE_PSK_WITH_RC4_128_SHA + return Ciphersuite("", "ECDHE_PSK", "SHA-1", "ARC4", 16); + + case 0xC012: // ECDHE_RSA_WITH_3DES_EDE_CBC_SHA + return Ciphersuite("RSA", "ECDH", "SHA-1", "TripleDES", 24); + + case 0xC013: // ECDHE_RSA_WITH_AES_128_CBC_SHA + return Ciphersuite("RSA", "ECDH", "SHA-1", "AES-128", 16); + + case 0xC027: // ECDHE_RSA_WITH_AES_128_CBC_SHA256 + return Ciphersuite("RSA", "ECDH", "SHA-256", "AES-128", 16); + + case 0xC014: // ECDHE_RSA_WITH_AES_256_CBC_SHA + return Ciphersuite("RSA", "ECDH", "SHA-1", "AES-256", 32); + + case 0xC028: // ECDHE_RSA_WITH_AES_256_CBC_SHA384 + return Ciphersuite("RSA", "ECDH", "SHA-384", "AES-256", 32); + + case 0xC076: // ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 + return Ciphersuite("RSA", "ECDH", "SHA-256", "Camellia", 16); + + case 0xC077: // ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 + return Ciphersuite("RSA", "ECDH", "SHA-384", "Camellia", 32); + + case 0xC011: // ECDHE_RSA_WITH_RC4_128_SHA + return Ciphersuite("RSA", "ECDH", "SHA-1", "ARC4", 16); + + case 0x008B: // PSK_WITH_3DES_EDE_CBC_SHA + return Ciphersuite("", "PSK", "SHA-1", "TripleDES", 24); + + case 0x008C: // PSK_WITH_AES_128_CBC_SHA + return Ciphersuite("", "PSK", "SHA-1", "AES-128", 16); + + case 0x00AE: // PSK_WITH_AES_128_CBC_SHA256 + return Ciphersuite("", "PSK", "SHA-256", "AES-128", 16); + + case 0x008D: // PSK_WITH_AES_256_CBC_SHA + return Ciphersuite("", "PSK", "SHA-1", "AES-256", 32); + + case 0x00AF: // PSK_WITH_AES_256_CBC_SHA384 + return Ciphersuite("", "PSK", "SHA-384", "AES-256", 32); + + case 0xC094: // PSK_WITH_CAMELLIA_128_CBC_SHA256 + return Ciphersuite("", "PSK", "SHA-256", "Camellia", 16); + + case 0xC095: // PSK_WITH_CAMELLIA_256_CBC_SHA384 + return Ciphersuite("", "PSK", "SHA-384", "Camellia", 32); + + case 0x008A: // PSK_WITH_RC4_128_SHA + return Ciphersuite("", "PSK", "SHA-1", "ARC4", 16); + + case 0x000A: // RSA_WITH_3DES_EDE_CBC_SHA + return Ciphersuite("RSA", "RSA", "SHA-1", "TripleDES", 24); + + case 0x002F: // RSA_WITH_AES_128_CBC_SHA + return Ciphersuite("RSA", "RSA", "SHA-1", "AES-128", 16); + + case 0x003C: // RSA_WITH_AES_128_CBC_SHA256 + return Ciphersuite("RSA", "RSA", "SHA-256", "AES-128", 16); + + case 0x0035: // RSA_WITH_AES_256_CBC_SHA + return Ciphersuite("RSA", "RSA", "SHA-1", "AES-256", 32); + + case 0x003D: // RSA_WITH_AES_256_CBC_SHA256 + return Ciphersuite("RSA", "RSA", "SHA-256", "AES-256", 32); + + case 0x0041: // RSA_WITH_CAMELLIA_128_CBC_SHA + return Ciphersuite("RSA", "RSA", "SHA-1", "Camellia", 16); + + case 0x00BA: // RSA_WITH_CAMELLIA_128_CBC_SHA256 + return Ciphersuite("RSA", "RSA", "SHA-256", "Camellia", 16); + + case 0x0084: // RSA_WITH_CAMELLIA_256_CBC_SHA + return Ciphersuite("RSA", "RSA", "SHA-1", "Camellia", 32); + + case 0x00C0: // RSA_WITH_CAMELLIA_256_CBC_SHA256 + return Ciphersuite("RSA", "RSA", "SHA-256", "Camellia", 32); + + case 0x0004: // RSA_WITH_RC4_128_MD5 + return Ciphersuite("RSA", "RSA", "MD5", "ARC4", 16); + + case 0x0005: // RSA_WITH_RC4_128_SHA + return Ciphersuite("RSA", "RSA", "SHA-1", "ARC4", 16); + + case 0x0096: // RSA_WITH_SEED_CBC_SHA + return Ciphersuite("RSA", "RSA", "SHA-1", "SEED", 16); + + case 0xC01C: // SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA + return Ciphersuite("DSA", "SRP_SHA", "SHA-1", "TripleDES", 24); + + case 0xC01F: // SRP_SHA_DSS_WITH_AES_128_CBC_SHA + return Ciphersuite("DSA", "SRP_SHA", "SHA-1", "AES-128", 16); + + case 0xC022: // SRP_SHA_DSS_WITH_AES_256_CBC_SHA + return Ciphersuite("DSA", "SRP_SHA", "SHA-1", "AES-256", 32); + + case 0xC01B: // SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA + return Ciphersuite("RSA", "SRP_SHA", "SHA-1", "TripleDES", 24); + + case 0xC01E: // SRP_SHA_RSA_WITH_AES_128_CBC_SHA + return Ciphersuite("RSA", "SRP_SHA", "SHA-1", "AES-128", 16); + + case 0xC021: // SRP_SHA_RSA_WITH_AES_256_CBC_SHA + return Ciphersuite("RSA", "SRP_SHA", "SHA-1", "AES-256", 32); + + case 0xC01A: // SRP_SHA_WITH_3DES_EDE_CBC_SHA + return Ciphersuite("", "SRP_SHA", "SHA-1", "TripleDES", 24); + + case 0xC01D: // SRP_SHA_WITH_AES_128_CBC_SHA + return Ciphersuite("", "SRP_SHA", "SHA-1", "AES-128", 16); + + case 0xC020: // SRP_SHA_WITH_AES_256_CBC_SHA + return Ciphersuite("", "SRP_SHA", "SHA-1", "AES-256", 32); + + } + + return Ciphersuite(); // some unknown ciphersuite + } + +} + +} |