/* * TLS Cipher Suites * (C) 2004-2010 Jack Lloyd * * Released under the terms of the Botan license */ #include #include namespace Botan { /** * Convert an SSL/TLS ciphersuite to algorithm fields */ TLS_Ciphersuite TLS_Ciphersuite::lookup_ciphersuite(u16bit suite) { switch(suite) { // RSA ciphersuites case TLS_RSA_WITH_RC4_128_MD5: return TLS_Ciphersuite("RSA", "", "MD5", "ARC4", 16); case TLS_RSA_WITH_RC4_128_SHA: return TLS_Ciphersuite("RSA", "", "SHA-1", "ARC4", 16); case TLS_RSA_WITH_3DES_EDE_CBC_SHA: return TLS_Ciphersuite("RSA", "", "SHA-1", "TripleDES", 24); case TLS_RSA_WITH_AES_128_CBC_SHA: return TLS_Ciphersuite("RSA", "", "SHA-1", "AES-128", 16); case TLS_RSA_WITH_AES_256_CBC_SHA: return TLS_Ciphersuite("RSA", "", "SHA-1", "AES-256", 32); case TLS_RSA_WITH_SEED_CBC_SHA: return TLS_Ciphersuite("RSA", "", "SHA-1", "SEED", 16); case TLS_RSA_WITH_AES_128_CBC_SHA256: return TLS_Ciphersuite("RSA", "", "SHA-256", "AES-128", 16); case TLS_RSA_WITH_AES_256_CBC_SHA256: return TLS_Ciphersuite("RSA", "", "SHA-256", "AES-256", 32); // DH/DSS ciphersuites case TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA: return TLS_Ciphersuite("DSA", "DH", "SHA-1", "TripleDES", 24); case TLS_DHE_DSS_WITH_AES_128_CBC_SHA: return TLS_Ciphersuite("DSA", "DH", "SHA-1", "AES-128", 16); case TLS_DHE_DSS_WITH_SEED_CBC_SHA: return TLS_Ciphersuite("DSA", "DH", "SHA-1", "SEED", 16); case TLS_DHE_DSS_WITH_RC4_128_SHA: return TLS_Ciphersuite("DSA", "DH", "SHA-1", "ARC4", 16); case TLS_DHE_DSS_WITH_AES_256_CBC_SHA: return TLS_Ciphersuite("DSA", "DH", "SHA-1", "AES-256", 32); case TLS_DHE_DSS_WITH_AES_128_CBC_SHA256: return TLS_Ciphersuite("DSA", "DH", "SHA-256", "AES-128", 16); case TLS_DHE_DSS_WITH_AES_256_CBC_SHA256: return TLS_Ciphersuite("DSA", "DH", "SHA-256", "AES-256", 32); // DH/RSA ciphersuites case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA: return TLS_Ciphersuite("RSA", "DH", "SHA-1", "TripleDES", 24); case TLS_DHE_RSA_WITH_AES_128_CBC_SHA: return TLS_Ciphersuite("RSA", "DH", "SHA-1", "AES-128", 16); case TLS_DHE_RSA_WITH_SEED_CBC_SHA: return TLS_Ciphersuite("RSA", "DH", "SHA-1", "SEED", 16); case TLS_DHE_RSA_WITH_AES_256_CBC_SHA: return TLS_Ciphersuite("RSA", "DH", "SHA-1", "AES-256", 32); case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: return TLS_Ciphersuite("RSA", "DH", "SHA-256", "AES-128", 16); case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: return TLS_Ciphersuite("RSA", "DH", "SHA-256", "AES-256", 32); // ECDH/RSA ciphersuites case TLS_ECDHE_RSA_WITH_RC4_128_SHA: return TLS_Ciphersuite("RSA", "ECDH", "SHA-1", "ARC4", 16); case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA: return TLS_Ciphersuite("RSA", "ECDH", "SHA-1", "TripleDES", 24); case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: return TLS_Ciphersuite("RSA", "ECDH", "SHA-1", "AES-128", 16); case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: return TLS_Ciphersuite("RSA", "ECDH", "SHA-1", "AES-256", 32); // SRP ciphersuites case TLS_SRP_SHA_RSA_WITH_3DES_EDE_SHA: return TLS_Ciphersuite("RSA", "SRP", "SHA-1", "TripleDES", 24); case TLS_SRP_SHA_DSS_WITH_3DES_EDE_SHA: return TLS_Ciphersuite("DSA", "SRP", "SHA-1", "TripleDES", 24); case TLS_SRP_SHA_RSA_WITH_AES_128_SHA: return TLS_Ciphersuite("RSA", "SRP", "SHA-1", "AES-128", 16); case TLS_SRP_SHA_DSS_WITH_AES_128_SHA: return TLS_Ciphersuite("DSA", "SRP", "SHA-1", "AES-128", 16); case TLS_SRP_SHA_RSA_WITH_AES_256_SHA: return TLS_Ciphersuite("RSA", "SRP", "SHA-1", "AES-256", 32); case TLS_SRP_SHA_DSS_WITH_AES_256_SHA: return TLS_Ciphersuite("DSA", "SRP", "SHA-1", "AES-256", 32); // ECDH/ECDSA ciphersuites case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA: return TLS_Ciphersuite("ECDSA", "ECDH", "SHA-1", "ARC4", 16); case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA: return TLS_Ciphersuite("ECDSA", "ECDH", "SHA-1", "TripleDES", 24); case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: return TLS_Ciphersuite("ECDSA", "ECDH", "SHA-1", "AES-128", 16); case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: return TLS_Ciphersuite("ECDSA", "ECDH", "SHA-1", "AES-256", 32); case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: return TLS_Ciphersuite("ECDSA", "ECDH", "SHA-256", "AES-128", 16); case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384: return TLS_Ciphersuite("ECDSA", "ECDH", "SHA-384", "AES-256", 32); case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: return TLS_Ciphersuite("ECDSA", "ECDH", "SHA-256", "AES-128", 16); case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384: return TLS_Ciphersuite("ECDSA", "ECDH", "SHA-384", "AES-256", 32); default: return TLS_Ciphersuite(); // some unknown ciphersuite } } TLS_Ciphersuite::TLS_Ciphersuite(const std::string& sig_algo, const std::string& kex_algo, const std::string& mac_algo, const std::string& cipher_algo, size_t cipher_algo_keylen) : m_sig_algo(sig_algo), m_kex_algo(kex_algo), m_mac_algo(mac_algo), m_cipher_algo(cipher_algo), m_cipher_keylen(cipher_algo_keylen) { } }