aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorlloyd <[email protected]>2012-01-18 17:51:57 +0000
committerlloyd <[email protected]>2012-01-18 17:51:57 +0000
commit8d1787751a15605dfd2729a9ddf67ce826d739f4 (patch)
treef183ae5af46deda0b8e27b29a707b69ebe28908f /src
parent3e2efbde4ef272336c85c5ed880ecf31442d6db8 (diff)
Read only support for signature_algorithms extension used in TLS 1.2
Diffstat (limited to 'src')
-rw-r--r--src/tls/info.txt2
-rw-r--r--src/tls/tls_extensions.cpp139
-rw-r--r--src/tls/tls_extensions.h33
-rw-r--r--src/tls/tls_magic.h27
-rw-r--r--src/tls/tls_suites.cpp92
5 files changed, 239 insertions, 54 deletions
diff --git a/src/tls/info.txt b/src/tls/info.txt
index dae015be3..16d112df2 100644
--- a/src/tls/info.txt
+++ b/src/tls/info.txt
@@ -70,7 +70,9 @@ prf_ssl3
prf_tls
rng
rsa
+seed
sha1
+sha2_32
ssl3mac
x509cert
</requires>
diff --git a/src/tls/tls_extensions.cpp b/src/tls/tls_extensions.cpp
index c57f7cc81..d414a979d 100644
--- a/src/tls/tls_extensions.cpp
+++ b/src/tls/tls_extensions.cpp
@@ -25,6 +25,8 @@ TLS_Extension* make_extension(TLS_Data_Reader& reader,
return new SRP_Identifier(reader, size);
else if(code == TLSEXT_SAFE_RENEGOTIATION)
return new Renegotation_Extension(reader, size);
+ else if(code == TLSEXT_SIGNATURE_ALGORITHMS)
+ return new Signature_Algorithms(reader, size);
else if(code == TLSEXT_NEXT_PROTOCOL)
return new Next_Protocol_Notification(reader, size);
else
@@ -269,4 +271,141 @@ MemoryVector<byte> Next_Protocol_Notification::serialize() const
return buf;
}
+TLS_Ciphersuite_Algos Signature_Algorithms::hash_algo_code(byte code)
+ {
+ switch(code)
+ {
+ case 1:
+ return TLS_ALGO_HASH_MD5;
+ case 2:
+ return TLS_ALGO_HASH_SHA1;
+ case 3:
+ return TLS_ALGO_HASH_SHA224;
+ case 4:
+ return TLS_ALGO_HASH_SHA256;
+ case 5:
+ return TLS_ALGO_HASH_SHA384;
+ case 6:
+ return TLS_ALGO_HASH_SHA512;
+ default:
+ return TLS_ALGO_UNKNOWN;
+ }
+ }
+
+byte Signature_Algorithms::hash_algo_code(TLS_Ciphersuite_Algos code)
+ {
+ switch(code)
+ {
+ case TLS_ALGO_HASH_MD5:
+ return 1;
+ case TLS_ALGO_HASH_SHA1:
+ return 2;
+ case TLS_ALGO_HASH_SHA224:
+ return 3;
+ case TLS_ALGO_HASH_SHA256:
+ return 4;
+ case TLS_ALGO_HASH_SHA384:
+ return 5;
+ case TLS_ALGO_HASH_SHA512:
+ return 6;
+ default:
+ throw Algorithm_Not_Found("Unknown hash ID for signature_algorithms");
+ }
+ }
+
+TLS_Ciphersuite_Algos Signature_Algorithms::sig_algo_code(byte code)
+ {
+ switch(code)
+ {
+ case 1:
+ return TLS_ALGO_SIGNER_RSA;
+ case 2:
+ return TLS_ALGO_SIGNER_DSA;
+ case 3:
+ return TLS_ALGO_SIGNER_ECDSA;
+ default:
+ return TLS_ALGO_UNKNOWN;
+ }
+ }
+
+byte Signature_Algorithms::sig_algo_code(TLS_Ciphersuite_Algos code)
+ {
+ switch(code)
+ {
+ case TLS_ALGO_SIGNER_RSA:
+ return 1;
+ case TLS_ALGO_SIGNER_DSA:
+ return 2;
+ case TLS_ALGO_SIGNER_ECDSA:
+ return 3;
+ default:
+ throw Algorithm_Not_Found("Unknown sig ID for signature_algorithms");
+ }
+ }
+
+MemoryVector<byte> Signature_Algorithms::serialize() const
+ {
+ MemoryVector<byte> buf(2);
+
+ for(size_t i = 0; i != m_supported_algos.size(); ++i)
+ {
+ buf.push_back(hash_algo_code(m_supported_algos[i].first));
+ buf.push_back(sig_algo_code(m_supported_algos[i].second));
+ }
+
+ buf[0] = get_byte<u16bit>(0, buf.size()-2);
+ buf[1] = get_byte<u16bit>(1, buf.size()-2);
+
+ return buf;
+ }
+
+Signature_Algorithms::Signature_Algorithms()
+ {
+ /*
+ Declare we support everything except MD5 for RSA, and SHA-1 with DSA.
+ We prefer hashes strongest (SHA-512) to weakest (SHA-1).
+ */
+
+ m_supported_algos.push_back(std::make_pair(TLS_ALGO_HASH_SHA512,
+ TLS_ALGO_SIGNER_RSA));
+
+ m_supported_algos.push_back(std::make_pair(TLS_ALGO_HASH_SHA384,
+ TLS_ALGO_SIGNER_RSA));
+
+ m_supported_algos.push_back(std::make_pair(TLS_ALGO_HASH_SHA256,
+ TLS_ALGO_SIGNER_RSA));
+
+ m_supported_algos.push_back(std::make_pair(TLS_ALGO_HASH_SHA224,
+ TLS_ALGO_SIGNER_RSA));
+
+ m_supported_algos.push_back(std::make_pair(TLS_ALGO_HASH_SHA1,
+ TLS_ALGO_SIGNER_RSA));
+
+ m_supported_algos.push_back(std::make_pair(TLS_ALGO_HASH_SHA1,
+ TLS_ALGO_SIGNER_DSA));
+ }
+
+Signature_Algorithms::Signature_Algorithms(TLS_Data_Reader& reader,
+ u16bit extension_size)
+ {
+ u16bit len = reader.get_u16bit();
+
+ if(len + 2 != extension_size)
+ throw Decoding_Error("Bad encoding on signature algorithms extension");
+
+ while(len)
+ {
+ TLS_Ciphersuite_Algos hash_code = hash_algo_code(reader.get_byte());
+ TLS_Ciphersuite_Algos sig_code = sig_algo_code(reader.get_byte());
+
+ // If not something we know, ignore completely
+ if(hash_code == TLS_ALGO_UNKNOWN || sig_code == TLS_ALGO_UNKNOWN)
+ continue;
+
+ m_supported_algos.push_back(std::make_pair(hash_code, sig_code));
+
+ len -= 2;
+ }
+ }
+
}
diff --git a/src/tls/tls_extensions.h b/src/tls/tls_extensions.h
index 62f179998..94be97d7f 100644
--- a/src/tls/tls_extensions.h
+++ b/src/tls/tls_extensions.h
@@ -177,6 +177,39 @@ class Next_Protocol_Notification : public TLS_Extension
};
/**
+* Signature Algorithms Extension for TLS 1.2 (RFC 5246)
+*/
+class Signature_Algorithms : public TLS_Extension
+ {
+ public:
+ TLS_Handshake_Extension_Type type() const
+ { return TLSEXT_NEXT_PROTOCOL; }
+
+ std::vector<std::pair<TLS_Ciphersuite_Algos, TLS_Ciphersuite_Algos> >
+ supported_signature_algorthms() const
+ {
+ return m_supported_algos;
+ }
+
+ MemoryVector<byte> serialize() const;
+
+ bool empty() const { return false; }
+
+ Signature_Algorithms();
+
+ Signature_Algorithms(TLS_Data_Reader& reader,
+ u16bit extension_size);
+ private:
+ static TLS_Ciphersuite_Algos hash_algo_code(byte code);
+ static byte hash_algo_code(TLS_Ciphersuite_Algos code);
+
+ static TLS_Ciphersuite_Algos sig_algo_code(byte code);
+ static byte sig_algo_code(TLS_Ciphersuite_Algos code);
+
+ std::vector<std::pair<TLS_Ciphersuite_Algos, TLS_Ciphersuite_Algos> > m_supported_algos;
+ };
+
+/**
* Represents a block of extensions in a hello message
*/
class TLS_Extensions
diff --git a/src/tls/tls_magic.h b/src/tls/tls_magic.h
index 5a35d4c46..51fe91e8b 100644
--- a/src/tls/tls_magic.h
+++ b/src/tls/tls_magic.h
@@ -26,7 +26,8 @@ enum Version_Code {
NO_VERSION_SET = 0x0000,
SSL_V3 = 0x0300,
TLS_V10 = 0x0301,
- TLS_V11 = 0x0302
+ TLS_V11 = 0x0302,
+ TLS_V12 = 0x0303
};
enum Connection_Side { CLIENT = 1, SERVER = 2 };
@@ -162,6 +163,8 @@ enum Ciphersuite_Code {
* being randomly assigned codepoints.
*/
enum TLS_Ciphersuite_Algos {
+ TLS_ALGO_UNKNOWN = 0x00000000,
+
TLS_ALGO_SIGNER_MASK = 0xFF000000,
TLS_ALGO_SIGNER_ANON = 0x01000000,
TLS_ALGO_SIGNER_RSA = 0x02000000,
@@ -169,16 +172,18 @@ enum TLS_Ciphersuite_Algos {
TLS_ALGO_SIGNER_ECDSA = 0x04000000,
TLS_ALGO_KEYEXCH_MASK = 0x00FF0000,
- TLS_ALGO_KEYEXCH_NOKEX = 0x00010000, // exchange via key in server cert
- TLS_ALGO_KEYEXCH_DH = 0x00020000,
- TLS_ALGO_KEYEXCH_ECDH = 0x00030000,
+ TLS_ALGO_KEYEXCH_NOKEX = 0x00010000, // RSA using server cert key
+ TLS_ALGO_KEYEXCH_DH = 0x00020000, // Ephemeral DH
+ TLS_ALGO_KEYEXCH_ECDH = 0x00030000, // Ephemeral ECDH
TLS_ALGO_KEYEXCH_SRP = 0x00040000,
- TLS_ALGO_MAC_MASK = 0x0000FF00,
- TLS_ALGO_MAC_MD5 = 0x00000100,
- TLS_ALGO_MAC_SHA1 = 0x00000200,
- TLS_ALGO_MAC_SHA256 = 0x00000300,
- TLS_ALGO_MAC_SHA384 = 0x00000400,
+ TLS_ALGO_HASH_MASK = 0x0000FF00,
+ TLS_ALGO_HASH_MD5 = 0x00000100,
+ TLS_ALGO_HASH_SHA1 = 0x00000200,
+ TLS_ALGO_HASH_SHA224 = 0x00000300,
+ TLS_ALGO_HASH_SHA256 = 0x00000400,
+ TLS_ALGO_HASH_SHA384 = 0x00000500,
+ TLS_ALGO_HASH_SHA512 = 0x00000600,
TLS_ALGO_CIPHER_MASK = 0x000000FF,
TLS_ALGO_CIPHER_RC4_128 = 0x00000001,
@@ -200,12 +205,12 @@ enum TLS_Handshake_Extension_Type {
TLSEXT_TRUSTED_CA_KEYS = 3,
TLSEXT_TRUNCATED_HMAC = 4,
+ TLSEXT_CERTIFICATE_TYPES = 9,
TLSEXT_USABLE_ELLIPTIC_CURVES = 10,
TLSEXT_EC_POINT_FORMATS = 11,
-
TLSEXT_SRP_IDENTIFIER = 12,
+ TLSEXT_SIGNATURE_ALGORITHMS = 13,
- TLSEXT_CERTIFICATE_TYPES = 9,
TLSEXT_SESSION_TICKET = 35,
TLSEXT_NEXT_PROTOCOL = 13172,
diff --git a/src/tls/tls_suites.cpp b/src/tls/tls_suites.cpp
index aff15d68f..3b715b04c 100644
--- a/src/tls/tls_suites.cpp
+++ b/src/tls/tls_suites.cpp
@@ -18,237 +18,237 @@ TLS_Ciphersuite_Algos TLS_Cipher_Suite::lookup_ciphersuite(u16bit suite)
if(suite == TLS_RSA_WITH_RC4_128_MD5)
return TLS_Ciphersuite_Algos(TLS_ALGO_SIGNER_RSA |
TLS_ALGO_KEYEXCH_NOKEX |
- TLS_ALGO_MAC_MD5 |
+ TLS_ALGO_HASH_MD5 |
TLS_ALGO_CIPHER_RC4_128);
if(suite == TLS_RSA_WITH_RC4_128_SHA)
return TLS_Ciphersuite_Algos(TLS_ALGO_SIGNER_RSA |
TLS_ALGO_KEYEXCH_NOKEX |
- TLS_ALGO_MAC_SHA1 |
+ TLS_ALGO_HASH_SHA1 |
TLS_ALGO_CIPHER_RC4_128);
if(suite == TLS_RSA_WITH_3DES_EDE_CBC_SHA)
return TLS_Ciphersuite_Algos(TLS_ALGO_SIGNER_RSA |
TLS_ALGO_KEYEXCH_NOKEX |
- TLS_ALGO_MAC_SHA1 |
+ TLS_ALGO_HASH_SHA1 |
TLS_ALGO_CIPHER_3DES_CBC);
if(suite == TLS_RSA_WITH_AES_128_CBC_SHA)
return TLS_Ciphersuite_Algos(TLS_ALGO_SIGNER_RSA |
TLS_ALGO_KEYEXCH_NOKEX |
- TLS_ALGO_MAC_SHA1 |
+ TLS_ALGO_HASH_SHA1 |
TLS_ALGO_CIPHER_AES128_CBC);
if(suite == TLS_RSA_WITH_AES_256_CBC_SHA)
return TLS_Ciphersuite_Algos(TLS_ALGO_SIGNER_RSA |
TLS_ALGO_KEYEXCH_NOKEX |
- TLS_ALGO_MAC_SHA1 |
+ TLS_ALGO_HASH_SHA1 |
TLS_ALGO_CIPHER_AES256_CBC);
if(suite == TLS_RSA_WITH_SEED_CBC_SHA)
return TLS_Ciphersuite_Algos(TLS_ALGO_SIGNER_RSA |
TLS_ALGO_KEYEXCH_NOKEX |
- TLS_ALGO_MAC_SHA1 |
+ TLS_ALGO_HASH_SHA1 |
TLS_ALGO_CIPHER_SEED_CBC);
if(suite == TLS_RSA_WITH_AES_128_CBC_SHA256)
return TLS_Ciphersuite_Algos(TLS_ALGO_SIGNER_RSA |
TLS_ALGO_KEYEXCH_NOKEX |
- TLS_ALGO_MAC_SHA256 |
+ TLS_ALGO_HASH_SHA256 |
TLS_ALGO_CIPHER_AES128_CBC);
if(suite == TLS_RSA_WITH_AES_256_CBC_SHA256)
return TLS_Ciphersuite_Algos(TLS_ALGO_SIGNER_RSA |
TLS_ALGO_KEYEXCH_NOKEX |
- TLS_ALGO_MAC_SHA256 |
+ TLS_ALGO_HASH_SHA256 |
TLS_ALGO_CIPHER_AES256_CBC);
if(suite == TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA)
return TLS_Ciphersuite_Algos(TLS_ALGO_SIGNER_DSA |
TLS_ALGO_KEYEXCH_DH |
- TLS_ALGO_MAC_SHA1 |
+ TLS_ALGO_HASH_SHA1 |
TLS_ALGO_CIPHER_3DES_CBC);
if(suite == TLS_DHE_DSS_WITH_AES_128_CBC_SHA)
return TLS_Ciphersuite_Algos(TLS_ALGO_SIGNER_DSA |
TLS_ALGO_KEYEXCH_DH |
- TLS_ALGO_MAC_SHA1 |
+ TLS_ALGO_HASH_SHA1 |
TLS_ALGO_CIPHER_AES128_CBC);
if(suite == TLS_DHE_DSS_WITH_SEED_CBC_SHA)
return TLS_Ciphersuite_Algos(TLS_ALGO_SIGNER_DSA |
TLS_ALGO_KEYEXCH_DH |
- TLS_ALGO_MAC_SHA1 |
+ TLS_ALGO_HASH_SHA1 |
TLS_ALGO_CIPHER_SEED_CBC);
if(suite == TLS_DHE_DSS_WITH_RC4_128_SHA)
return TLS_Ciphersuite_Algos(TLS_ALGO_SIGNER_DSA |
TLS_ALGO_KEYEXCH_DH |
- TLS_ALGO_MAC_SHA1 |
+ TLS_ALGO_HASH_SHA1 |
TLS_ALGO_CIPHER_RC4_128);
if(suite == TLS_DHE_DSS_WITH_AES_256_CBC_SHA)
return TLS_Ciphersuite_Algos(TLS_ALGO_SIGNER_DSA |
TLS_ALGO_KEYEXCH_DH |
- TLS_ALGO_MAC_SHA1 |
+ TLS_ALGO_HASH_SHA1 |
TLS_ALGO_CIPHER_AES256_CBC);
if(suite == TLS_DHE_DSS_WITH_AES_128_CBC_SHA256)
return TLS_Ciphersuite_Algos(TLS_ALGO_SIGNER_DSA |
TLS_ALGO_KEYEXCH_DH |
- TLS_ALGO_MAC_SHA256 |
+ TLS_ALGO_HASH_SHA256 |
TLS_ALGO_CIPHER_AES128_CBC);
if(suite == TLS_DHE_DSS_WITH_AES_256_CBC_SHA256)
return TLS_Ciphersuite_Algos(TLS_ALGO_SIGNER_DSA |
TLS_ALGO_KEYEXCH_DH |
- TLS_ALGO_MAC_SHA256 |
+ TLS_ALGO_HASH_SHA256 |
TLS_ALGO_CIPHER_AES256_CBC);
if(suite == TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA)
return TLS_Ciphersuite_Algos(TLS_ALGO_SIGNER_RSA |
TLS_ALGO_KEYEXCH_DH |
- TLS_ALGO_MAC_SHA1 |
+ TLS_ALGO_HASH_SHA1 |
TLS_ALGO_CIPHER_3DES_CBC);
if(suite == TLS_DHE_RSA_WITH_AES_128_CBC_SHA)
return TLS_Ciphersuite_Algos(TLS_ALGO_SIGNER_RSA |
TLS_ALGO_KEYEXCH_DH |
- TLS_ALGO_MAC_SHA1 |
+ TLS_ALGO_HASH_SHA1 |
TLS_ALGO_CIPHER_AES128_CBC);
if(suite == TLS_DHE_DSS_WITH_SEED_CBC_SHA)
return TLS_Ciphersuite_Algos(TLS_ALGO_SIGNER_RSA |
TLS_ALGO_KEYEXCH_DH |
- TLS_ALGO_MAC_SHA1 |
+ TLS_ALGO_HASH_SHA1 |
TLS_ALGO_CIPHER_SEED_CBC);
if(suite == TLS_DHE_RSA_WITH_AES_256_CBC_SHA)
return TLS_Ciphersuite_Algos(TLS_ALGO_SIGNER_RSA |
TLS_ALGO_KEYEXCH_DH |
- TLS_ALGO_MAC_SHA1 |
+ TLS_ALGO_HASH_SHA1 |
TLS_ALGO_CIPHER_AES256_CBC);
if(suite == TLS_DHE_RSA_WITH_AES_128_CBC_SHA256)
return TLS_Ciphersuite_Algos(TLS_ALGO_SIGNER_RSA |
TLS_ALGO_KEYEXCH_DH |
- TLS_ALGO_MAC_SHA256 |
+ TLS_ALGO_HASH_SHA256 |
TLS_ALGO_CIPHER_AES128_CBC);
if(suite == TLS_DHE_RSA_WITH_AES_256_CBC_SHA256)
return TLS_Ciphersuite_Algos(TLS_ALGO_SIGNER_RSA |
TLS_ALGO_KEYEXCH_DH |
- TLS_ALGO_MAC_SHA256 |
+ TLS_ALGO_HASH_SHA256 |
TLS_ALGO_CIPHER_AES256_CBC);
// SRP ciphersuites
if(suite == TLS_SRP_SHA_RSA_WITH_3DES_EDE_SHA)
return TLS_Ciphersuite_Algos(TLS_ALGO_SIGNER_RSA |
TLS_ALGO_KEYEXCH_SRP |
- TLS_ALGO_MAC_SHA1 |
+ TLS_ALGO_HASH_SHA1 |
TLS_ALGO_CIPHER_3DES_CBC);
if(suite == TLS_SRP_SHA_DSS_WITH_3DES_EDE_SHA)
return TLS_Ciphersuite_Algos(TLS_ALGO_SIGNER_DSA |
TLS_ALGO_KEYEXCH_SRP |
- TLS_ALGO_MAC_SHA1 |
+ TLS_ALGO_HASH_SHA1 |
TLS_ALGO_CIPHER_3DES_CBC);
if(suite == TLS_SRP_SHA_RSA_WITH_AES_128_SHA)
return TLS_Ciphersuite_Algos(TLS_ALGO_SIGNER_RSA |
TLS_ALGO_KEYEXCH_SRP |
- TLS_ALGO_MAC_SHA1 |
+ TLS_ALGO_HASH_SHA1 |
TLS_ALGO_CIPHER_AES128_CBC);
if(suite == TLS_SRP_SHA_DSS_WITH_AES_128_SHA)
return TLS_Ciphersuite_Algos(TLS_ALGO_SIGNER_DSA |
TLS_ALGO_KEYEXCH_SRP |
- TLS_ALGO_MAC_SHA1 |
+ TLS_ALGO_HASH_SHA1 |
TLS_ALGO_CIPHER_AES128_CBC);
if(suite == TLS_SRP_SHA_RSA_WITH_AES_256_SHA)
return TLS_Ciphersuite_Algos(TLS_ALGO_SIGNER_RSA |
TLS_ALGO_KEYEXCH_SRP |
- TLS_ALGO_MAC_SHA1 |
+ TLS_ALGO_HASH_SHA1 |
TLS_ALGO_CIPHER_AES256_CBC);
if(suite == TLS_SRP_SHA_DSS_WITH_AES_256_SHA)
return TLS_Ciphersuite_Algos(TLS_ALGO_SIGNER_DSA |
TLS_ALGO_KEYEXCH_SRP |
- TLS_ALGO_MAC_SHA1 |
+ TLS_ALGO_HASH_SHA1 |
TLS_ALGO_CIPHER_AES256_CBC);
// ECC ciphersuites
if(suite == TLS_ECDHE_ECDSA_WITH_RC4_128_SHA)
return TLS_Ciphersuite_Algos(TLS_ALGO_SIGNER_ECDSA |
TLS_ALGO_KEYEXCH_ECDH |
- TLS_ALGO_MAC_SHA1 |
+ TLS_ALGO_HASH_SHA1 |
TLS_ALGO_CIPHER_RC4_128);
if(suite == TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA)
return TLS_Ciphersuite_Algos(TLS_ALGO_SIGNER_ECDSA |
TLS_ALGO_KEYEXCH_ECDH |
- TLS_ALGO_MAC_SHA1 |
+ TLS_ALGO_HASH_SHA1 |
TLS_ALGO_CIPHER_3DES_CBC);
if(suite == TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA)
return TLS_Ciphersuite_Algos(TLS_ALGO_SIGNER_ECDSA |
TLS_ALGO_KEYEXCH_ECDH |
- TLS_ALGO_MAC_SHA1 |
+ TLS_ALGO_HASH_SHA1 |
TLS_ALGO_CIPHER_AES128_CBC);
if(suite == TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA)
return TLS_Ciphersuite_Algos(TLS_ALGO_SIGNER_ECDSA |
TLS_ALGO_KEYEXCH_ECDH |
- TLS_ALGO_MAC_SHA1 |
+ TLS_ALGO_HASH_SHA1 |
TLS_ALGO_CIPHER_AES256_CBC);
if(suite == TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256)
return TLS_Ciphersuite_Algos(TLS_ALGO_SIGNER_ECDSA |
TLS_ALGO_KEYEXCH_ECDH |
- TLS_ALGO_MAC_SHA256 |
+ TLS_ALGO_HASH_SHA256 |
TLS_ALGO_CIPHER_AES128_CBC);
if(suite == TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384)
return TLS_Ciphersuite_Algos(TLS_ALGO_SIGNER_ECDSA |
TLS_ALGO_KEYEXCH_ECDH |
- TLS_ALGO_MAC_SHA384 |
+ TLS_ALGO_HASH_SHA384 |
TLS_ALGO_CIPHER_AES256_CBC);
if(suite == TLS_ECDHE_RSA_WITH_RC4_128_SHA)
return TLS_Ciphersuite_Algos(TLS_ALGO_SIGNER_RSA |
TLS_ALGO_KEYEXCH_ECDH |
- TLS_ALGO_MAC_SHA1 |
+ TLS_ALGO_HASH_SHA1 |
TLS_ALGO_CIPHER_RC4_128);
if(suite == TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA)
return TLS_Ciphersuite_Algos(TLS_ALGO_SIGNER_RSA |
TLS_ALGO_KEYEXCH_ECDH |
- TLS_ALGO_MAC_SHA1 |
+ TLS_ALGO_HASH_SHA1 |
TLS_ALGO_CIPHER_3DES_CBC);
if(suite == TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA)
return TLS_Ciphersuite_Algos(TLS_ALGO_SIGNER_RSA |
TLS_ALGO_KEYEXCH_ECDH |
- TLS_ALGO_MAC_SHA1 |
+ TLS_ALGO_HASH_SHA1 |
TLS_ALGO_CIPHER_AES128_CBC);
if(suite == TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA)
return TLS_Ciphersuite_Algos(TLS_ALGO_SIGNER_RSA |
TLS_ALGO_KEYEXCH_ECDH |
- TLS_ALGO_MAC_SHA1 |
+ TLS_ALGO_HASH_SHA1 |
TLS_ALGO_CIPHER_AES256_CBC);
if(suite == TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256)
return TLS_Ciphersuite_Algos(TLS_ALGO_SIGNER_ECDSA |
TLS_ALGO_KEYEXCH_ECDH |
- TLS_ALGO_MAC_SHA256 |
+ TLS_ALGO_HASH_SHA256 |
TLS_ALGO_CIPHER_AES128_CBC);
if(suite == TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384)
return TLS_Ciphersuite_Algos(TLS_ALGO_SIGNER_ECDSA |
TLS_ALGO_KEYEXCH_ECDH |
- TLS_ALGO_MAC_SHA384 |
+ TLS_ALGO_HASH_SHA384 |
TLS_ALGO_CIPHER_AES256_CBC);
return TLS_Ciphersuite_Algos(0);
@@ -279,18 +279,24 @@ std::pair<std::string, size_t> cipher_code_to_name(TLS_Ciphersuite_Algos algo)
std::string mac_code_to_name(TLS_Ciphersuite_Algos algo)
{
- if((algo & TLS_ALGO_MAC_MASK) == TLS_ALGO_MAC_MD5)
+ if((algo & TLS_ALGO_HASH_MASK) == TLS_ALGO_HASH_MD5)
return "MD5";
- if((algo & TLS_ALGO_MAC_MASK) == TLS_ALGO_MAC_SHA1)
+ if((algo & TLS_ALGO_HASH_MASK) == TLS_ALGO_HASH_SHA1)
return "SHA-1";
- if((algo & TLS_ALGO_MAC_MASK) == TLS_ALGO_MAC_SHA256)
+ if((algo & TLS_ALGO_HASH_MASK) == TLS_ALGO_HASH_SHA224)
+ return "SHA-224";
+
+ if((algo & TLS_ALGO_HASH_MASK) == TLS_ALGO_HASH_SHA256)
return "SHA-256";
- if((algo & TLS_ALGO_MAC_MASK) == TLS_ALGO_MAC_SHA384)
+ if((algo & TLS_ALGO_HASH_MASK) == TLS_ALGO_HASH_SHA384)
return "SHA-384";
+ if((algo & TLS_ALGO_HASH_MASK) == TLS_ALGO_HASH_SHA512)
+ return "SHA-512";
+
throw TLS_Exception(INTERNAL_ERROR,
"TLS_Cipher_Suite: Unknown MAC type " + to_string(algo));
}