diff options
-rw-r--r-- | src/ssl/c_kex.cpp | 4 | ||||
-rw-r--r-- | src/ssl/tls_client.cpp | 19 | ||||
-rw-r--r-- | src/ssl/tls_magic.h | 75 | ||||
-rw-r--r-- | src/ssl/tls_policy.cpp | 26 | ||||
-rw-r--r-- | src/ssl/tls_server.cpp | 8 | ||||
-rw-r--r-- | src/ssl/tls_suites.cpp | 216 | ||||
-rw-r--r-- | src/ssl/tls_suites.h | 16 |
7 files changed, 273 insertions, 91 deletions
diff --git a/src/ssl/c_kex.cpp b/src/ssl/c_kex.cpp index e09e18ce1..db2198627 100644 --- a/src/ssl/c_kex.cpp +++ b/src/ssl/c_kex.cpp @@ -67,9 +67,7 @@ Client_Key_Exchange::Client_Key_Exchange(const MemoryRegion<byte>& contents, { include_length = true; - if(using_version == SSL_V3 && - (suite.kex_type() == CipherSuite::NO_KEX || - suite.kex_type() == CipherSuite::RSA_KEX)) + if(using_version == SSL_V3 && (suite.kex_type() == TLS_ALGO_KEYEXCH_RSA)) include_length = false; deserialize(contents); diff --git a/src/ssl/tls_client.cpp b/src/ssl/tls_client.cpp index fbad1f838..f12dccd69 100644 --- a/src/ssl/tls_client.cpp +++ b/src/ssl/tls_client.cpp @@ -123,6 +123,7 @@ TLS_Client::~TLS_Client() */ void TLS_Client::initialize() { + std::string error_str; Alert_Type error_type = NO_ALERT_TYPE; try { @@ -133,10 +134,12 @@ void TLS_Client::initialize() } catch(TLS_Exception& e) { + error_str = e.what(); error_type = e.type(); } catch(std::exception& e) { + error_str = e.what(); error_type = HANDSHAKE_FAILURE; } @@ -157,7 +160,7 @@ void TLS_Client::initialize() state = 0; } - throw Stream_IO_Error("TLS_Client: Handshake failed"); + throw Stream_IO_Error("TLS_Client: Handshake failed: " + error_str); } } @@ -419,7 +422,7 @@ void TLS_Client::process_handshake_msg(Handshake_Type type, { client_check_state(type, state); - if(state->suite.sig_type() == CipherSuite::NO_SIG) + if(state->suite.sig_type() == TLS_ALGO_SIGNER_ANON) throw Unexpected_Message("Recived certificate from anonymous server"); state->server_certs = new Certificate(contents); @@ -445,8 +448,8 @@ void TLS_Client::process_handshake_msg(Handshake_Type type, throw TLS_Exception(UNSUPPORTED_CERTIFICATE, "Unknown key type recieved in server kex"); - if((is_dsa && state->suite.sig_type() != CipherSuite::DSA_SIG) || - (is_rsa && state->suite.sig_type() != CipherSuite::RSA_SIG)) + if((is_dsa && state->suite.sig_type() != TLS_ALGO_SIGNER_DSA) || + (is_rsa && state->suite.sig_type() != TLS_ALGO_SIGNER_RSA)) throw TLS_Exception(ILLEGAL_PARAMETER, "Certificate key type did not match ciphersuite"); } @@ -454,7 +457,7 @@ void TLS_Client::process_handshake_msg(Handshake_Type type, { client_check_state(type, state); - if(state->suite.kex_type() == CipherSuite::NO_KEX) + if(state->suite.kex_type() == TLS_ALGO_KEYEXCH_NOKEX) throw Unexpected_Message("Unexpected key exchange from server"); state->server_kex = new Server_Key_Exchange(contents); @@ -474,12 +477,12 @@ void TLS_Client::process_handshake_msg(Handshake_Type type, throw TLS_Exception(HANDSHAKE_FAILURE, "Unknown key type recieved in server kex"); - if((is_dh && state->suite.kex_type() != CipherSuite::DH_KEX) || - (is_rsa && state->suite.kex_type() != CipherSuite::RSA_KEX)) + if((is_dh && state->suite.kex_type() != TLS_ALGO_KEYEXCH_DH) || + (is_rsa && state->suite.kex_type() != TLS_ALGO_KEYEXCH_RSA)) throw TLS_Exception(ILLEGAL_PARAMETER, "Certificate key type did not match ciphersuite"); - if(state->suite.sig_type() != CipherSuite::NO_SIG) + if(state->suite.sig_type() != TLS_ALGO_SIGNER_ANON) { if(!state->server_kex->verify(peer_certs[0], state->client_hello->random(), diff --git a/src/ssl/tls_magic.h b/src/ssl/tls_magic.h index a6ca1f8d6..35a9fc925 100644 --- a/src/ssl/tls_magic.h +++ b/src/ssl/tls_magic.h @@ -1,6 +1,6 @@ /** -* SSL/TLS Protocol Constants -* (C) 2004-2006 Jack Lloyd +* SSL/TLS Protocol Constants +* (C) 2004-2010 Jack Lloyd * * Released under the terms of the Botan license */ @@ -96,19 +96,64 @@ enum Certificate_Type { }; enum Ciphersuite_Code { - RSA_RC4_MD5 = 0x0004, - RSA_RC4_SHA = 0x0005, - RSA_3DES_SHA = 0x000A, - RSA_AES128_SHA = 0x002F, - RSA_AES256_SHA = 0x0035, - - DHE_RSA_3DES_SHA = 0x0016, - DHE_RSA_AES128_SHA = 0x0033, - DHE_RSA_AES256_SHA = 0x0039, - - DHE_DSS_3DES_SHA = 0x0013, - DHE_DSS_AES128_SHA = 0x0032, - DHE_DSS_AES256_SHA = 0x0038 + TLS_RSA_WITH_RC4_128_MD5 = 0x0004, + TLS_RSA_WITH_RC4_128_SHA = 0x0005, + + TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x000A, + + TLS_RSA_WITH_AES_128_CBC_SHA = 0x002F, + TLS_RSA_WITH_AES_256_CBC_SHA = 0x0035, + TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x003C, + TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x003D, + + TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA = 0x0013, + TLS_DHE_DSS_WITH_AES_128_CBC_SHA = 0x0032, + TLS_DHE_DSS_WITH_AES_256_CBC_SHA = 0x0038, + TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 = 0x0040, + TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 = 0x006A, + + TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x0016, + TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x0033, + TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x0039, + TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x0067, + TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x006B, + + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0xC023, + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 0xC024, + + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0xC027, + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = 0xC028 +}; + +/* +* Form of the ciphersuites broken down by field instead of +* being randomly assigned codepoints. +*/ +enum TLS_Ciphersuite_Algos { + TLS_ALGO_SIGNER_MASK = 0xFF000000, + TLS_ALGO_SIGNER_ANON = 0x01000000, + TLS_ALGO_SIGNER_RSA = 0x02000000, + TLS_ALGO_SIGNER_DSA = 0x03000000, + TLS_ALGO_SIGNER_ECDSA = 0x04000000, + + TLS_ALGO_KEYEXCH_MASK = 0x00FF0000, + TLS_ALGO_KEYEXCH_NOKEX = 0x00010000, + TLS_ALGO_KEYEXCH_RSA = 0x00020000, + TLS_ALGO_KEYEXCH_DH = 0x00030000, + TLS_ALGO_KEYEXCH_ECDH = 0x00040000, + + TLS_ALGO_MAC_MASK = 0x0000FF00, + TLS_ALGO_MAC_MD5 = 0x00000100, + TLS_ALGO_MAC_SHA1 = 0x00000200, + TLS_ALGO_MAC_SHA256 = 0x00000300, + TLS_ALGO_MAC_SHA384 = 0x00000400, + + TLS_ALGO_CIPHER_MASK = 0x000000FF, + TLS_ALGO_CIPHER_RC4_128 = 0x00000001, + TLS_ALGO_CIPHER_3DES_CBC = 0x00000002, + TLS_ALGO_CIPHER_AES128_CBC = 0x00000003, + TLS_ALGO_CIPHER_AES256_CBC = 0x00000004, + TLS_ALGO_CIPHER_SEED_CBC = 0x00000005 }; enum Compression_Algo { diff --git a/src/ssl/tls_policy.cpp b/src/ssl/tls_policy.cpp index 6138ae193..594f20ebb 100644 --- a/src/ssl/tls_policy.cpp +++ b/src/ssl/tls_policy.cpp @@ -1,6 +1,6 @@ /** -* Policies -* (C) 2004-2006 Jack Lloyd +* Policies for TLS +* (C) 2004-2010 Jack Lloyd * * Released under the terms of the Botan license */ @@ -29,25 +29,25 @@ std::vector<u16bit> TLS_Policy::suite_list(bool use_rsa, if(use_edh_dsa) { - suites.push_back(DHE_DSS_AES256_SHA); - suites.push_back(DHE_DSS_AES128_SHA); - suites.push_back(DHE_DSS_3DES_SHA); + suites.push_back(TLS_DHE_DSS_WITH_AES_256_CBC_SHA); + suites.push_back(TLS_DHE_DSS_WITH_AES_128_CBC_SHA); + suites.push_back(TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA); } if(use_edh_rsa) { - suites.push_back(DHE_RSA_AES256_SHA); - suites.push_back(DHE_RSA_AES128_SHA); - suites.push_back(DHE_RSA_3DES_SHA); + suites.push_back(TLS_DHE_RSA_WITH_AES_256_CBC_SHA); + suites.push_back(TLS_DHE_RSA_WITH_AES_128_CBC_SHA); + suites.push_back(TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA); } if(use_rsa) { - suites.push_back(RSA_AES256_SHA); - suites.push_back(RSA_AES128_SHA); - suites.push_back(RSA_3DES_SHA); - suites.push_back(RSA_RC4_SHA); - suites.push_back(RSA_RC4_MD5); + suites.push_back(TLS_RSA_WITH_AES_256_CBC_SHA); + suites.push_back(TLS_RSA_WITH_AES_128_CBC_SHA); + suites.push_back(TLS_RSA_WITH_3DES_EDE_CBC_SHA); + suites.push_back(TLS_RSA_WITH_RC4_128_SHA); + suites.push_back(TLS_RSA_WITH_RC4_128_MD5); } if(suites.size() == 0) diff --git a/src/ssl/tls_server.cpp b/src/ssl/tls_server.cpp index 47902a71c..4e9c3583f 100644 --- a/src/ssl/tls_server.cpp +++ b/src/ssl/tls_server.cpp @@ -358,7 +358,7 @@ void TLS_Server::process_handshake_msg(Handshake_Type type, state->suite = CipherSuite(state->server_hello->ciphersuite()); - if(state->suite.sig_type() != CipherSuite::NO_SIG) + if(state->suite.sig_type() != TLS_ALGO_SIGNER_ANON) { // FIXME: should choose certs based on sig type state->server_certs = new Certificate(writer, cert_chain, @@ -366,14 +366,14 @@ void TLS_Server::process_handshake_msg(Handshake_Type type, } state->kex_priv = PKCS8::copy_key(*private_key, rng); - if(state->suite.kex_type() != CipherSuite::NO_KEX) + if(state->suite.kex_type() != TLS_ALGO_KEYEXCH_NOKEX) { - if(state->suite.kex_type() == CipherSuite::RSA_KEX) + if(state->suite.kex_type() == TLS_ALGO_KEYEXCH_RSA) { state->kex_priv = new RSA_PrivateKey(rng, policy->rsa_export_keysize()); } - else if(state->suite.kex_type() == CipherSuite::DH_KEX) + else if(state->suite.kex_type() == TLS_ALGO_KEYEXCH_DH) { state->kex_priv = new DH_PrivateKey(rng, policy->dh_group()); } diff --git a/src/ssl/tls_suites.cpp b/src/ssl/tls_suites.cpp index 26fa75428..cf6bd45e5 100644 --- a/src/ssl/tls_suites.cpp +++ b/src/ssl/tls_suites.cpp @@ -1,40 +1,188 @@ /** -* TLS Cipher Suites -* (C) 2004-2006 Jack Lloyd +* TLS Cipher Suites +* (C) 2004-2010 Jack Lloyd * * Released under the terms of the Botan license */ #include <botan/tls_suites.h> #include <botan/tls_exceptn.h> -#include <botan/parsing.h> -#include <vector> -#include <string> namespace Botan { namespace { /** -* Convert an SSL/TLS ciphersuite to a string +* Convert an SSL/TLS ciphersuite to algorithm fields */ -std::string lookup_ciphersuite(u16bit suite) +TLS_Ciphersuite_Algos lookup_ciphersuite(u16bit suite) { - if(suite == RSA_RC4_MD5) return "RSA/NONE/ARC4/16/MD5"; - if(suite == RSA_RC4_SHA) return "RSA/NONE/ARC4/16/SHA1"; - if(suite == RSA_3DES_SHA) return "RSA/NONE/3DES/24/SHA1"; - if(suite == RSA_AES128_SHA) return "RSA/NONE/AES/16/SHA1"; - if(suite == RSA_AES256_SHA) return "RSA/NONE/AES/32/SHA1"; + if(suite == TLS_RSA_WITH_RC4_128_MD5) + return TLS_Ciphersuite_Algos(TLS_ALGO_SIGNER_RSA | + TLS_ALGO_KEYEXCH_NOKEX | + TLS_ALGO_MAC_MD5 | + TLS_ALGO_CIPHER_RC4_128); + + if(suite == TLS_RSA_WITH_RC4_128_SHA) + return TLS_Ciphersuite_Algos(TLS_ALGO_SIGNER_RSA | + TLS_ALGO_KEYEXCH_NOKEX | + TLS_ALGO_MAC_SHA1 | + TLS_ALGO_CIPHER_RC4_128); + + if(suite == TLS_RSA_WITH_3DES_EDE_CBC_SHA) + return TLS_Ciphersuite_Algos(TLS_ALGO_SIGNER_RSA | + TLS_ALGO_KEYEXCH_NOKEX | + TLS_ALGO_MAC_SHA1 | + TLS_ALGO_CIPHER_3DES_CBC); + + if(suite == TLS_RSA_WITH_AES_128_CBC_SHA) + return TLS_Ciphersuite_Algos(TLS_ALGO_SIGNER_RSA | + TLS_ALGO_KEYEXCH_NOKEX | + TLS_ALGO_MAC_SHA1 | + TLS_ALGO_CIPHER_AES128_CBC); + + if(suite == TLS_RSA_WITH_AES_256_CBC_SHA) + return TLS_Ciphersuite_Algos(TLS_ALGO_SIGNER_RSA | + TLS_ALGO_KEYEXCH_NOKEX | + TLS_ALGO_MAC_SHA1 | + TLS_ALGO_CIPHER_AES256_CBC); + + if(suite == TLS_RSA_WITH_AES_128_CBC_SHA256) + return TLS_Ciphersuite_Algos(TLS_ALGO_SIGNER_RSA | + TLS_ALGO_KEYEXCH_NOKEX | + TLS_ALGO_MAC_SHA256 | + TLS_ALGO_CIPHER_AES128_CBC); + + if(suite == TLS_RSA_WITH_AES_256_CBC_SHA256) + return TLS_Ciphersuite_Algos(TLS_ALGO_SIGNER_RSA | + TLS_ALGO_KEYEXCH_NOKEX | + TLS_ALGO_MAC_SHA256 | + TLS_ALGO_CIPHER_AES256_CBC); + + if(suite == TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA) + return TLS_Ciphersuite_Algos(TLS_ALGO_SIGNER_DSA | + TLS_ALGO_KEYEXCH_DH | + TLS_ALGO_MAC_SHA1 | + TLS_ALGO_CIPHER_3DES_CBC); + + if(suite == TLS_DHE_DSS_WITH_AES_128_CBC_SHA) + return TLS_Ciphersuite_Algos(TLS_ALGO_SIGNER_DSA | + TLS_ALGO_KEYEXCH_DH | + TLS_ALGO_MAC_SHA1 | + TLS_ALGO_CIPHER_AES128_CBC); + + if(suite == TLS_DHE_DSS_WITH_AES_256_CBC_SHA) + return TLS_Ciphersuite_Algos(TLS_ALGO_SIGNER_DSA | + TLS_ALGO_KEYEXCH_DH | + TLS_ALGO_MAC_SHA1 | + TLS_ALGO_CIPHER_AES256_CBC); + + if(suite == TLS_DHE_DSS_WITH_AES_128_CBC_SHA256) + return TLS_Ciphersuite_Algos(TLS_ALGO_SIGNER_DSA | + TLS_ALGO_KEYEXCH_DH | + TLS_ALGO_MAC_SHA256 | + TLS_ALGO_CIPHER_AES128_CBC); + + if(suite == TLS_DHE_DSS_WITH_AES_256_CBC_SHA256) + return TLS_Ciphersuite_Algos(TLS_ALGO_SIGNER_DSA | + TLS_ALGO_KEYEXCH_DH | + TLS_ALGO_MAC_SHA256 | + TLS_ALGO_CIPHER_AES256_CBC); + + if(suite == TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA) + return TLS_Ciphersuite_Algos(TLS_ALGO_SIGNER_RSA | + TLS_ALGO_KEYEXCH_DH | + TLS_ALGO_MAC_SHA1 | + TLS_ALGO_CIPHER_3DES_CBC); + + if(suite == TLS_DHE_RSA_WITH_AES_128_CBC_SHA) + return TLS_Ciphersuite_Algos(TLS_ALGO_SIGNER_RSA | + TLS_ALGO_KEYEXCH_DH | + TLS_ALGO_MAC_SHA1 | + TLS_ALGO_CIPHER_AES128_CBC); + + if(suite == TLS_DHE_RSA_WITH_AES_256_CBC_SHA) + return TLS_Ciphersuite_Algos(TLS_ALGO_SIGNER_RSA | + TLS_ALGO_KEYEXCH_DH | + TLS_ALGO_MAC_SHA1 | + TLS_ALGO_CIPHER_AES256_CBC); + + if(suite == TLS_DHE_RSA_WITH_AES_128_CBC_SHA256) + return TLS_Ciphersuite_Algos(TLS_ALGO_SIGNER_RSA | + TLS_ALGO_KEYEXCH_DH | + TLS_ALGO_MAC_SHA256 | + TLS_ALGO_CIPHER_AES128_CBC); + + if(suite == TLS_DHE_RSA_WITH_AES_256_CBC_SHA256) + return TLS_Ciphersuite_Algos(TLS_ALGO_SIGNER_RSA | + TLS_ALGO_KEYEXCH_DH | + TLS_ALGO_MAC_SHA256 | + TLS_ALGO_CIPHER_AES256_CBC); + + if(suite == TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256) + return TLS_Ciphersuite_Algos(TLS_ALGO_SIGNER_ECDSA | + TLS_ALGO_KEYEXCH_ECDH | + TLS_ALGO_MAC_SHA256 | + TLS_ALGO_CIPHER_AES128_CBC); + + if(suite == TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384) + return TLS_Ciphersuite_Algos(TLS_ALGO_SIGNER_ECDSA | + TLS_ALGO_KEYEXCH_ECDH | + TLS_ALGO_MAC_SHA384 | + TLS_ALGO_CIPHER_AES256_CBC); + + if(suite == TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) + return TLS_Ciphersuite_Algos(TLS_ALGO_SIGNER_ECDSA | + TLS_ALGO_KEYEXCH_ECDH | + TLS_ALGO_MAC_SHA256 | + TLS_ALGO_CIPHER_AES128_CBC); + + if(suite == TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) + return TLS_Ciphersuite_Algos(TLS_ALGO_SIGNER_ECDSA | + TLS_ALGO_KEYEXCH_ECDH | + TLS_ALGO_MAC_SHA384 | + TLS_ALGO_CIPHER_AES256_CBC); + + return TLS_Ciphersuite_Algos(0); + } + +std::pair<std::string, u32bit> cipher_code_to_name(TLS_Ciphersuite_Algos algo) + { + if((algo & TLS_ALGO_CIPHER_MASK) == TLS_ALGO_CIPHER_RC4_128) + return std::make_pair("RC4", 128); + + if((algo & TLS_ALGO_CIPHER_MASK) == TLS_ALGO_CIPHER_3DES_CBC) + return std::make_pair("3DES", 24); - if(suite == DHE_RSA_3DES_SHA) return "RSA/DH/3DES/24/SHA1"; - if(suite == DHE_RSA_AES128_SHA) return "RSA/DH/AES/16/SHA1"; - if(suite == DHE_RSA_AES256_SHA) return "RSA/DH/AES/32/SHA1"; + if((algo & TLS_ALGO_CIPHER_MASK) == TLS_ALGO_CIPHER_AES128_CBC) + return std::make_pair("AES-128", 16); - if(suite == DHE_DSS_3DES_SHA) return "DSA/DH/3DES/24/SHA1"; - if(suite == DHE_DSS_AES128_SHA) return "DSA/DH/AES/16/SHA1"; - if(suite == DHE_DSS_AES256_SHA) return "DSA/DH/AES/32/SHA1"; + if((algo & TLS_ALGO_CIPHER_MASK) == TLS_ALGO_CIPHER_AES256_CBC) + return std::make_pair("AES-256", 32); - return ""; + if((algo & TLS_ALGO_CIPHER_MASK) == TLS_ALGO_CIPHER_SEED_CBC) + return std::make_pair("SEED", 16); + + throw TLS_Exception(INTERNAL_ERROR, + "CipherSuite: Unknown cipher type " + to_string(algo)); + } + +std::string mac_code_to_name(TLS_Ciphersuite_Algos algo) + { + if((algo & TLS_ALGO_MAC_MASK) == TLS_ALGO_MAC_MD5) + return "MD5"; + + if((algo & TLS_ALGO_MAC_MASK) == TLS_ALGO_MAC_SHA1) + return "SHA-1"; + + if((algo & TLS_ALGO_MAC_MASK) == TLS_ALGO_MAC_SHA256) + return "SHA-256"; + + if((algo & TLS_ALGO_MAC_MASK) == TLS_ALGO_MAC_SHA384) + return "SHA-384"; + + throw TLS_Exception(INTERNAL_ERROR, + "CipherSuite: Unknown MAC type " + to_string(algo)); } } @@ -47,31 +195,21 @@ CipherSuite::CipherSuite(u16bit suite_code) if(suite_code == 0) return; - std::string suite_string = lookup_ciphersuite(suite_code); + TLS_Ciphersuite_Algos algos = lookup_ciphersuite(suite_code); + + if(algos == 0) + throw Invalid_Argument("Unknown ciphersuite: " + to_string(suite_code)); - if(suite_string == "") - throw Invalid_Argument("Unknown ciphersuite: " + - to_string(suite_code)); + sig_algo = TLS_Ciphersuite_Algos(algos & TLS_ALGO_SIGNER_MASK); - std::vector<std::string> suite_info = split_on(suite_string, '/'); + kex_algo = TLS_Ciphersuite_Algos(algos & TLS_ALGO_KEYEXCH_MASK); - if(suite_info[0] == "RSA") sig_algo = RSA_SIG; - else if(suite_info[0] == "DSA") sig_algo = DSA_SIG; - else if(suite_info[0] == "NONE") sig_algo = NO_SIG; - else - throw TLS_Exception(INTERNAL_ERROR, - "CipherSuite: Unknown sig type " + suite_info[0]); + std::pair<std::string, u32bit> cipher_info = cipher_code_to_name(algos); - if(suite_info[1] == "DH") kex_algo = DH_KEX; - else if(suite_info[1] == "RSA") kex_algo = RSA_KEX; - else if(suite_info[1] == "NONE") kex_algo = NO_KEX; - else - throw TLS_Exception(INTERNAL_ERROR, - "CipherSuite: Unknown kex type " + suite_info[1]); + cipher = cipher_info.first; + cipher_key_length = cipher_info.second; - cipher = suite_info[2]; - cipher_key_length = to_u32bit(suite_info[3]); - mac = suite_info[4]; + mac = mac_code_to_name(algos); } } diff --git a/src/ssl/tls_suites.h b/src/ssl/tls_suites.h index b7008e8db..837d76422 100644 --- a/src/ssl/tls_suites.h +++ b/src/ssl/tls_suites.h @@ -1,6 +1,6 @@ /** -* Cipher Suites -* (C) 2004-2006 Jack Lloyd +* Cipher Suites +* (C) 2004-2010 Jack Lloyd * * Released under the terms of the Botan license */ @@ -9,6 +9,7 @@ #define BOTAN_TLS_CIPHERSUITES_H__ #include <botan/types.h> +#include <botan/tls_magic.h> #include <string> namespace Botan { @@ -19,20 +20,17 @@ namespace Botan { class BOTAN_DLL CipherSuite { public: - enum Kex_Type { NO_KEX, RSA_KEX, DH_KEX }; - enum Sig_Type { NO_SIG, RSA_SIG, DSA_SIG }; - std::string cipher_algo() const { return cipher; } std::string mac_algo() const { return mac; } u32bit cipher_keylen() const { return cipher_key_length; } - Kex_Type kex_type() const { return kex_algo; } - Sig_Type sig_type() const { return sig_algo; } + + TLS_Ciphersuite_Algos kex_type() const { return kex_algo; } + TLS_Ciphersuite_Algos sig_type() const { return sig_algo; } CipherSuite(u16bit = 0); private: - Kex_Type kex_algo; - Sig_Type sig_algo; + TLS_Ciphersuite_Algos kex_algo, sig_algo; std::string cipher, mac; u32bit cipher_key_length; }; |