aboutsummaryrefslogtreecommitdiffstats
path: root/src/tls/tls_ciphersuite.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'src/tls/tls_ciphersuite.cpp')
-rw-r--r--src/tls/tls_ciphersuite.cpp272
1 files changed, 15 insertions, 257 deletions
diff --git a/src/tls/tls_ciphersuite.cpp b/src/tls/tls_ciphersuite.cpp
index 89daaf679..798df0186 100644
--- a/src/tls/tls_ciphersuite.cpp
+++ b/src/tls/tls_ciphersuite.cpp
@@ -1,12 +1,11 @@
/*
-* TLS Cipher Suites
+* TLS Cipher Suite
* (C) 2004-2010,2012 Jack Lloyd
*
* Released under the terms of the Botan license
*/
#include <botan/tls_ciphersuite.h>
-#include <botan/tls_magic.h>
#include <botan/parsing.h>
#include <sstream>
#include <stdexcept>
@@ -15,246 +14,6 @@ namespace Botan {
namespace TLS {
-/**
-* Convert an SSL/TLS ciphersuite to algorithm fields
-*/
-Ciphersuite Ciphersuite::by_id(u16bit suite)
- {
- switch(static_cast<Ciphersuite_Code>(suite))
- {
- // RSA ciphersuites
-
- case TLS_RSA_WITH_AES_128_CBC_SHA:
- return Ciphersuite("RSA", "RSA", "SHA-1", "AES-128", 16);
-
- case TLS_RSA_WITH_AES_256_CBC_SHA:
- return Ciphersuite("RSA", "RSA", "SHA-1", "AES-256", 32);
-
- case TLS_RSA_WITH_AES_128_CBC_SHA256:
- return Ciphersuite("RSA", "RSA", "SHA-256", "AES-128", 16);
-
- case TLS_RSA_WITH_AES_256_CBC_SHA256:
- return Ciphersuite("RSA", "RSA", "SHA-256", "AES-256", 32);
-
- case TLS_RSA_WITH_3DES_EDE_CBC_SHA:
- return Ciphersuite("RSA", "RSA", "SHA-1", "3DES", 24);
-
- case TLS_RSA_WITH_RC4_128_SHA:
- return Ciphersuite("RSA", "RSA", "SHA-1", "ARC4", 16);
-
- case TLS_RSA_WITH_RC4_128_MD5:
- return Ciphersuite("RSA", "RSA", "MD5", "ARC4", 16);
-
- case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA:
- return Ciphersuite("RSA", "RSA", "SHA-1", "Camellia", 16);
-
- case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA:
- return Ciphersuite("RSA", "RSA", "SHA-1", "Camellia", 32);
-
- case TLS_RSA_WITH_SEED_CBC_SHA:
- return Ciphersuite("RSA", "RSA", "SHA-1", "SEED", 16);
-
-#if defined(BOTAN_HAS_IDEA)
- case TLS_RSA_WITH_IDEA_CBC_SHA:
- return Ciphersuite("RSA", "RSA", "SHA-1", "IDEA", 16);
-#endif
-
- // DH/DSS ciphersuites
-
- case TLS_DHE_DSS_WITH_AES_128_CBC_SHA:
- return Ciphersuite("DSA", "DH", "SHA-1", "AES-128", 16);
-
- case TLS_DHE_DSS_WITH_AES_256_CBC_SHA:
- return Ciphersuite("DSA", "DH", "SHA-1", "AES-256", 32);
-
- case TLS_DHE_DSS_WITH_AES_128_CBC_SHA256:
- return Ciphersuite("DSA", "DH", "SHA-256", "AES-128", 16);
-
- case TLS_DHE_DSS_WITH_AES_256_CBC_SHA256:
- return Ciphersuite("DSA", "DH", "SHA-256", "AES-256", 32);
-
- case TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA:
- return Ciphersuite("DSA", "DH", "SHA-1", "3DES", 24);
-
- case TLS_DHE_DSS_WITH_RC4_128_SHA:
- return Ciphersuite("DSA", "DH", "SHA-1", "ARC4", 16);
-
- case TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA:
- return Ciphersuite("DSA", "DH", "SHA-1", "Camellia", 16);
-
- case TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA:
- return Ciphersuite("DSA", "DH", "SHA-1", "Camellia", 32);
-
- case TLS_DHE_DSS_WITH_SEED_CBC_SHA:
- return Ciphersuite("DSA", "DH", "SHA-1", "SEED", 16);
-
- // DH/RSA ciphersuites
-
- case TLS_DHE_RSA_WITH_AES_128_CBC_SHA:
- return Ciphersuite("RSA", "DH", "SHA-1", "AES-128", 16);
-
- case TLS_DHE_RSA_WITH_AES_256_CBC_SHA:
- return Ciphersuite("RSA", "DH", "SHA-1", "AES-256", 32);
-
- case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:
- return Ciphersuite("RSA", "DH", "SHA-256", "AES-128", 16);
-
- case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
- return Ciphersuite("RSA", "DH", "SHA-256", "AES-256", 32);
-
- case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
- return Ciphersuite("RSA", "DH", "SHA-1", "3DES", 24);
-
- case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA:
- return Ciphersuite("RSA", "DH", "SHA-1", "Camellia", 16);
-
- case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA:
- return Ciphersuite("RSA", "DH", "SHA-1", "Camellia", 32);
-
- case TLS_DHE_RSA_WITH_SEED_CBC_SHA:
- return Ciphersuite("RSA", "DH", "SHA-1", "SEED", 16);
-
- // ECDH/RSA ciphersuites
- case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
- return Ciphersuite("RSA", "ECDH", "SHA-1", "AES-128", 16);
-
- case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
- return Ciphersuite("RSA", "ECDH", "SHA-1", "AES-256", 32);
-
- case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
- return Ciphersuite("RSA", "ECDH", "SHA-256", "AES-128", 16);
-
- case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:
- return Ciphersuite("RSA", "ECDH", "SHA-384", "AES-256", 32);
-
- case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:
- return Ciphersuite("RSA", "ECDH", "SHA-1", "3DES", 24);
-
- case TLS_ECDHE_RSA_WITH_RC4_128_SHA:
- return Ciphersuite("RSA", "ECDH", "SHA-1", "ARC4", 16);
-
- // ECDH/ECDSA ciphersuites
-
- case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:
- return Ciphersuite("ECDSA", "ECDH", "SHA-1", "AES-128", 16);
-
- case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
- return Ciphersuite("ECDSA", "ECDH", "SHA-1", "AES-256", 32);
-
- case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
- return Ciphersuite("ECDSA", "ECDH", "SHA-256", "AES-128", 16);
-
- case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384:
- return Ciphersuite("ECDSA", "ECDH", "SHA-384", "AES-256", 32);
-
- case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA:
- return Ciphersuite("ECDSA", "ECDH", "SHA-1", "ARC4", 16);
-
- case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA:
- return Ciphersuite("ECDSA", "ECDH", "SHA-1", "3DES", 24);
-
- // PSK ciphersuites
-
- case TLS_PSK_WITH_RC4_128_SHA:
- return Ciphersuite("", "PSK", "SHA-1", "ARC4", 16);
-
- case TLS_PSK_WITH_3DES_EDE_CBC_SHA:
- return Ciphersuite("", "PSK", "SHA-1", "3DES", 24);
-
- case TLS_PSK_WITH_AES_128_CBC_SHA:
- return Ciphersuite("", "PSK", "SHA-1", "AES-128", 16);
-
- case TLS_PSK_WITH_AES_128_CBC_SHA256:
- return Ciphersuite("", "PSK", "SHA-256", "AES-128", 16);
-
- case TLS_PSK_WITH_AES_256_CBC_SHA:
- return Ciphersuite("", "PSK", "SHA-1", "AES-256", 32);
-
- case TLS_PSK_WITH_AES_256_CBC_SHA384:
- return Ciphersuite("", "PSK", "SHA-384", "AES-256", 32);
-
- // PSK+DH ciphersuites
-
- case TLS_DHE_PSK_WITH_RC4_128_SHA:
- return Ciphersuite("", "DHE_PSK", "SHA-1", "ARC4", 16);
-
- case TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA:
- return Ciphersuite("", "DHE_PSK", "SHA-1", "3DES", 24);
-
- case TLS_DHE_PSK_WITH_AES_128_CBC_SHA:
- return Ciphersuite("", "DHE_PSK", "SHA-1", "AES-128", 16);
-
- case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256:
- return Ciphersuite("", "DHE_PSK", "SHA-256", "AES-128", 16);
-
- case TLS_DHE_PSK_WITH_AES_256_CBC_SHA:
- return Ciphersuite("", "DHE_PSK", "SHA-1", "AES-256", 32);
-
- case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384:
- return Ciphersuite("", "DHE_PSK", "SHA-384", "AES-256", 32);
-
- // PSK+ECDH ciphersuites
-
- case TLS_ECDHE_PSK_WITH_RC4_128_SHA:
- return Ciphersuite("", "ECDHE_PSK", "SHA-1", "ARC4", 16);
-
- case TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA:
- return Ciphersuite("", "ECDHE_PSK", "SHA-1", "3DES", 24);
-
- case TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA:
- return Ciphersuite("", "ECDHE_PSK", "SHA-1", "AES-128", 16);
-
- case TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256:
- return Ciphersuite("", "ECDHE_PSK", "SHA-256", "AES-128", 16);
-
- case TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA:
- return Ciphersuite("", "ECDHE_PSK", "SHA-1", "AES-256", 32);
-
- case TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384:
- return Ciphersuite("", "ECDHE_PSK", "SHA-384", "AES-256", 32);
-
- // SRP ciphersuites
-
- case TLS_SRP_SHA_WITH_AES_128_CBC_SHA:
- return Ciphersuite("", "SRP", "SHA-1", "AES-128", 16);
-
- case TLS_SRP_SHA_WITH_AES_256_CBC_SHA:
- return Ciphersuite("", "SRP", "SHA-1", "AES-256", 32);
-
- case TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA:
- return Ciphersuite("", "SRP", "SHA-1", "3DES", 24);
-
- // SRP/RSA ciphersuites
-
- case TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA:
- return Ciphersuite("RSA", "SRP", "SHA-1", "AES-128", 16);
-
- case TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA:
- return Ciphersuite("RSA", "SRP", "SHA-1", "AES-256", 32);
-
- case TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA:
- return Ciphersuite("RSA", "SRP", "SHA-1", "3DES", 24);
-
- // SRP/DSA ciphersuites
-
- case TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA:
- return Ciphersuite("DSA", "SRP", "SHA-1", "AES-128", 16);
-
- case TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA:
- return Ciphersuite("DSA", "SRP", "SHA-1", "AES-256", 32);
-
- case TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA:
- return Ciphersuite("DSA", "SRP", "SHA-1", "3DES", 24);
-
- // Signaling ciphersuite values
-
- case TLS_EMPTY_RENEGOTIATION_INFO_SCSV:
- return Ciphersuite();
- }
-
- return Ciphersuite(); // some unknown ciphersuite
- }
-
Ciphersuite Ciphersuite::by_name(const std::string& name)
{
for(size_t i = 0; i != 65536; ++i)
@@ -271,6 +30,18 @@ Ciphersuite Ciphersuite::by_name(const std::string& name)
return Ciphersuite(); // some unknown ciphersuite
}
+bool Ciphersuite::psk_ciphersuite() const
+ {
+ return (kex_algo() == "PSK" ||
+ kex_algo() == "DHE_PSK" ||
+ kex_algo() == "ECDHE_PSK");
+ }
+
+bool Ciphersuite::ecc_ciphersuite() const
+ {
+ return (kex_algo() == "ECDH" || sig_algo() == "ECDSA");
+ }
+
std::string Ciphersuite::to_string() const
{
if(m_cipher_keylen == 0)
@@ -286,8 +57,6 @@ std::string Ciphersuite::to_string() const
out << "DHE";
else if(kex_algo() == "ECDH")
out << "ECDHE";
- else if(kex_algo() == "SRP")
- out << "SRP_SHA";
else
out << kex_algo();
@@ -310,7 +79,7 @@ std::string Ciphersuite::to_string() const
if(cipher_algo() == "3DES")
out << "3DES_EDE";
else if(cipher_algo() == "Camellia")
- out << "CAMELLIA_" << std::to_string(8*cipher_keylen());
+ out << "CAMELLIA_" << Botan::to_string(8*cipher_keylen());
else
out << replace_char(cipher_algo(), '-', '_');
@@ -329,18 +98,7 @@ std::string Ciphersuite::to_string() const
return out.str();
}
-Ciphersuite::Ciphersuite(const std::string& sig_algo,
- const std::string& kex_algo,
- const std::string& mac_algo,
- const std::string& cipher_algo,
- size_t cipher_algo_keylen) :
- m_sig_algo(sig_algo),
- m_kex_algo(kex_algo),
- m_mac_algo(mac_algo),
- m_cipher_algo(cipher_algo),
- m_cipher_keylen(cipher_algo_keylen)
- {
- }
+}
}
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-14 19:49:13 +0000