]> git.saurik.com Git - apple/security.git/blob - libsecurity_ssl/lib/cipherSpecs.c
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-55471.14.tar.gz
[apple/security.git] / libsecurity_ssl / lib / cipherSpecs.c
1 /*
2 * Copyright (c) 1999-2001,2005-2012 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 /*
25 * cipherSpecs.c - SSLCipherSpec declarations
26 */
27
28 /* THIS FILE CONTAINS KERNEL CODE */
29
30 #include "CipherSuite.h"
31 #include "cipherSpecs.h"
32 #include "sslTypes.h"
33
34 /*
35
36 cipher spec preferences from openssl. first column includes the dh anon
37 cipher suites. second column is more interesting: default.
38
39 seems to be:
40 Asymmetric: DHE-RSA > DHE-DSS > RSA
41 Symmetric : AES-256 > 3DES > AES-128 > RC4-128 > DES > DES40 > RC2-40 > RC4-40
42
43 DH_anon w/ AES are preferred over DHE_RSA when enabled, all others at the bottom.
44
45 3a TLS_DH_anon_WITH_AES_256_CBC_SHA
46 39 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 1
47 38 TLS_DHE_DSS_WITH_AES_256_CBC_SHA 2
48 35 TLS_RSA_WITH_AES_256_CBC_SHA 3
49 34 TLS_DH_anon_WITH_AES_128_CBC_SHA
50 33 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 7
51 32 TLS_DHE_DSS_WITH_AES_128_CBC_SHA 8
52 2f TLS_RSA_WITH_AES_128_CBC_SHA 9
53 16 SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA 4
54 15 SSL_DHE_RSA_WITH_DES_CBC_SHA 12
55 14 SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA 15
56 13 SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA 5
57 12 SSL_DHE_DSS_WITH_DES_CBC_SHA 13
58 11 SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA 16
59 0a SSL_RSA_WITH_3DES_EDE_CBC_SHA 6
60 09 SSL_RSA_WITH_DES_CBC_SHA 14
61 08 SSL_RSA_EXPORT_WITH_DES40_CBC_SHA 17
62 06 SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 18
63 05 SSL_RSA_WITH_RC4_128_SHA 10
64 04 SSL_RSA_WITH_RC4_128_MD5 11
65 03 SSL_RSA_EXPORT_WITH_RC4_40_MD5 19
66 1b SSL_DH_anon_WITH_3DES_EDE_CBC_SHA
67 1a SSL_DH_anon_WITH_DES_CBC_SHA
68 19 SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA
69 18 SSL_DH_anon_WITH_RC4_128_MD5
70 17 SSL_DH_anon_EXPORT_WITH_RC4_40_MD5
71
72 */
73
74 KeyExchangeMethod sslCipherSuiteGetKeyExchangeMethod(SSLCipherSuite cipherSuite)
75 {
76 switch (cipherSuite) {
77 case TLS_NULL_WITH_NULL_NULL:
78 return SSL_NULL_auth;
79
80 case SSL_RSA_WITH_RC2_CBC_MD5:
81 case SSL_RSA_WITH_DES_CBC_MD5:
82 case SSL_RSA_WITH_3DES_EDE_CBC_MD5:
83 case TLS_RSA_WITH_NULL_MD5:
84 case TLS_RSA_WITH_NULL_SHA:
85 case TLS_RSA_WITH_RC4_128_MD5:
86 case TLS_RSA_WITH_RC4_128_SHA:
87 case SSL_RSA_WITH_IDEA_CBC_SHA:
88 case SSL_RSA_WITH_DES_CBC_SHA:
89 case TLS_RSA_WITH_3DES_EDE_CBC_SHA:
90 case TLS_RSA_WITH_AES_128_CBC_SHA:
91 case TLS_RSA_WITH_AES_256_CBC_SHA:
92 case TLS_RSA_WITH_NULL_SHA256:
93 case TLS_RSA_WITH_AES_128_CBC_SHA256:
94 case TLS_RSA_WITH_AES_256_CBC_SHA256:
95 case TLS_RSA_WITH_AES_128_GCM_SHA256:
96 case TLS_RSA_WITH_AES_256_GCM_SHA384:
97 return SSL_RSA;
98
99 case SSL_RSA_EXPORT_WITH_RC4_40_MD5:
100 case SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5:
101 case SSL_RSA_EXPORT_WITH_DES40_CBC_SHA:
102 return SSL_RSA_EXPORT;
103
104 case SSL_DH_DSS_WITH_DES_CBC_SHA:
105 case TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA:
106 case TLS_DH_DSS_WITH_AES_128_CBC_SHA:
107 case TLS_DH_DSS_WITH_AES_256_CBC_SHA:
108 case TLS_DH_DSS_WITH_AES_128_CBC_SHA256:
109 case TLS_DH_DSS_WITH_AES_256_CBC_SHA256:
110 case TLS_DH_DSS_WITH_AES_128_GCM_SHA256:
111 case TLS_DH_DSS_WITH_AES_256_GCM_SHA384:
112 return SSL_DH_DSS;
113
114 case SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA:
115 return SSL_DH_DSS_EXPORT;
116
117 case SSL_DH_RSA_WITH_DES_CBC_SHA:
118 case TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA:
119 case TLS_DH_RSA_WITH_AES_128_CBC_SHA:
120 case TLS_DH_RSA_WITH_AES_256_CBC_SHA:
121 case TLS_DH_RSA_WITH_AES_128_CBC_SHA256:
122 case TLS_DH_RSA_WITH_AES_256_CBC_SHA256:
123 case TLS_DH_RSA_WITH_AES_128_GCM_SHA256:
124 case TLS_DH_RSA_WITH_AES_256_GCM_SHA384:
125 return SSL_DH_RSA;
126
127 case SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA:
128 return SSL_DH_RSA_EXPORT;
129
130 case SSL_DHE_DSS_WITH_DES_CBC_SHA:
131 case TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA:
132 case TLS_DHE_DSS_WITH_AES_128_CBC_SHA:
133 case TLS_DHE_DSS_WITH_AES_256_CBC_SHA:
134 case TLS_DHE_DSS_WITH_AES_128_CBC_SHA256:
135 case TLS_DHE_DSS_WITH_AES_256_CBC_SHA256:
136 case TLS_DHE_DSS_WITH_AES_128_GCM_SHA256:
137 case TLS_DHE_DSS_WITH_AES_256_GCM_SHA384:
138 return SSL_DHE_DSS;
139
140 case SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA:
141 return SSL_DHE_DSS_EXPORT;
142
143 case SSL_DHE_RSA_WITH_DES_CBC_SHA:
144 case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
145 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA:
146 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA:
147 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:
148 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
149 case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
150 case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:
151 return SSL_DHE_RSA;
152
153 case SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA:
154 return SSL_DHE_RSA_EXPORT;
155
156 case SSL_DH_anon_WITH_DES_CBC_SHA:
157 case TLS_DH_anon_WITH_RC4_128_MD5:
158 case TLS_DH_anon_WITH_3DES_EDE_CBC_SHA:
159 case TLS_DH_anon_WITH_AES_128_CBC_SHA:
160 case TLS_DH_anon_WITH_AES_256_CBC_SHA:
161 case TLS_DH_anon_WITH_AES_128_CBC_SHA256:
162 case TLS_DH_anon_WITH_AES_256_CBC_SHA256:
163 case TLS_DH_anon_WITH_AES_128_GCM_SHA256:
164 case TLS_DH_anon_WITH_AES_256_GCM_SHA384:
165 return SSL_DH_anon;
166
167 case SSL_DH_anon_EXPORT_WITH_RC4_40_MD5:
168 case SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA:
169 return SSL_DH_anon_EXPORT;
170
171 case SSL_FORTEZZA_DMS_WITH_NULL_SHA:
172 case SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA:
173 return SSL_Fortezza;
174
175 case TLS_ECDHE_ECDSA_WITH_NULL_SHA:
176 case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA:
177 case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA:
178 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:
179 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
180 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
181 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384:
182 case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
183 case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
184 return SSL_ECDHE_ECDSA;
185
186 case TLS_ECDH_ECDSA_WITH_NULL_SHA:
187 case TLS_ECDH_ECDSA_WITH_RC4_128_SHA:
188 case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA:
189 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA:
190 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA:
191 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256:
192 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384:
193 case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256:
194 case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384:
195 return SSL_ECDH_ECDSA;
196
197 case TLS_ECDHE_RSA_WITH_NULL_SHA:
198 case TLS_ECDHE_RSA_WITH_RC4_128_SHA:
199 case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:
200 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
201 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
202 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
203 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:
204 case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
205 case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
206 return SSL_ECDHE_RSA;
207
208 case TLS_ECDH_RSA_WITH_NULL_SHA:
209 case TLS_ECDH_RSA_WITH_RC4_128_SHA:
210 case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA:
211 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA:
212 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA:
213 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256:
214 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384:
215 case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256:
216 case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384:
217 return SSL_ECDH_RSA;
218
219 case TLS_ECDH_anon_WITH_NULL_SHA:
220 case TLS_ECDH_anon_WITH_RC4_128_SHA:
221 case TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA:
222 case TLS_ECDH_anon_WITH_AES_128_CBC_SHA:
223 case TLS_ECDH_anon_WITH_AES_256_CBC_SHA:
224 return SSL_ECDH_anon;
225
226 case TLS_PSK_WITH_NULL_SHA:
227 case TLS_PSK_WITH_RC4_128_SHA:
228 case TLS_PSK_WITH_3DES_EDE_CBC_SHA:
229 case TLS_PSK_WITH_AES_128_CBC_SHA:
230 case TLS_PSK_WITH_AES_256_CBC_SHA:
231 case TLS_PSK_WITH_AES_128_GCM_SHA256:
232 case TLS_PSK_WITH_AES_256_GCM_SHA384:
233 case TLS_PSK_WITH_AES_128_CBC_SHA256:
234 case TLS_PSK_WITH_AES_256_CBC_SHA384:
235 case TLS_PSK_WITH_NULL_SHA256:
236 case TLS_PSK_WITH_NULL_SHA384:
237 return TLS_PSK;
238
239 case TLS_DHE_PSK_WITH_NULL_SHA:
240 case TLS_DHE_PSK_WITH_RC4_128_SHA:
241 case TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA:
242 case TLS_DHE_PSK_WITH_AES_128_CBC_SHA:
243 case TLS_DHE_PSK_WITH_AES_256_CBC_SHA:
244 case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256:
245 case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384:
246 case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256:
247 case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384:
248 case TLS_DHE_PSK_WITH_NULL_SHA256:
249 case TLS_DHE_PSK_WITH_NULL_SHA384:
250 return TLS_DHE_PSK;
251
252 case TLS_RSA_PSK_WITH_NULL_SHA:
253 case TLS_RSA_PSK_WITH_RC4_128_SHA:
254 case TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA:
255 case TLS_RSA_PSK_WITH_AES_128_CBC_SHA:
256 case TLS_RSA_PSK_WITH_AES_256_CBC_SHA:
257 case TLS_RSA_PSK_WITH_AES_128_GCM_SHA256:
258 case TLS_RSA_PSK_WITH_AES_256_GCM_SHA384:
259 case TLS_RSA_PSK_WITH_AES_128_CBC_SHA256:
260 case TLS_RSA_PSK_WITH_AES_256_CBC_SHA384:
261 case TLS_RSA_PSK_WITH_NULL_SHA256:
262 case TLS_RSA_PSK_WITH_NULL_SHA384:
263 return TLS_RSA_PSK;
264
265 default:
266 return SSL_NULL_auth;
267 }
268 }
269
270 #if 0
271 static SSL_SignatureAlgorithm sslCipherSuiteGetSignatureAlgorithm(SSLCipherSuite cipherSuite) {
272 switch (sslCipherSuiteGetKeyExchangeMethod(cipherSuite)) {
273 case SSL_NULL_auth:
274 return SSL_SignatureAlgorithmAnonymous;
275 case SSL_RSA:
276 case SSL_RSA_EXPORT:
277 case SSL_DH_RSA:
278 case SSL_DH_RSA_EXPORT:
279 case SSL_DHE_RSA:
280 case SSL_DHE_RSA_EXPORT:
281 case SSL_ECDHE_RSA:
282 case SSL_ECDH_RSA:
283 return SSL_SignatureAlgorithmRSA;
284 case SSL_DH_DSS:
285 case SSL_DH_DSS_EXPORT:
286 case SSL_DHE_DSS:
287 case SSL_DHE_DSS_EXPORT:
288 return SSL_SignatureAlgorithmDSA;
289 case SSL_DH_anon:
290 case SSL_DH_anon_EXPORT:
291 return SSL_SignatureAlgorithmAnonymous;
292 case SSL_ECDHE_ECDSA:
293 case SSL_ECDH_ECDSA:
294 return SSL_SignatureAlgorithmECDSA;
295 default:
296 return SSL_SignatureAlgorithmAnonymous;
297 }
298 }
299 #endif
300
301 #if 0
302 static SSLProtocolVersion sslCipherSuiteGetMinSupportedTLSVersion(SSLCipherSuite cipherSuite) {
303 switch (cipherSuite) {
304 case SSL_RSA_EXPORT_WITH_RC4_40_MD5:
305 case SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5:
306 case SSL_RSA_WITH_IDEA_CBC_SHA:
307 case SSL_RSA_EXPORT_WITH_DES40_CBC_SHA:
308 case SSL_RSA_WITH_DES_CBC_SHA:
309 case SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA:
310 case SSL_DH_DSS_WITH_DES_CBC_SHA:
311 case SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA:
312 case SSL_DH_RSA_WITH_DES_CBC_SHA:
313 case SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA:
314 case SSL_DHE_DSS_WITH_DES_CBC_SHA:
315 case SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA:
316 case SSL_DHE_RSA_WITH_DES_CBC_SHA:
317 case SSL_DH_anon_EXPORT_WITH_RC4_40_MD5:
318 case SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA:
319 case SSL_DH_anon_WITH_DES_CBC_SHA:
320 case SSL_FORTEZZA_DMS_WITH_NULL_SHA:
321 case SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA:
322 case TLS_NULL_WITH_NULL_NULL:
323 case TLS_RSA_WITH_NULL_MD5:
324 case TLS_RSA_WITH_NULL_SHA:
325 case TLS_RSA_WITH_RC4_128_MD5:
326 case TLS_RSA_WITH_RC4_128_SHA:
327 case TLS_RSA_WITH_3DES_EDE_CBC_SHA:
328 case TLS_RSA_WITH_AES_128_CBC_SHA:
329 case TLS_RSA_WITH_AES_256_CBC_SHA:
330 case TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA:
331 case TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA:
332 case TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA:
333 case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
334 case TLS_DH_DSS_WITH_AES_128_CBC_SHA:
335 case TLS_DH_RSA_WITH_AES_128_CBC_SHA:
336 case TLS_DHE_DSS_WITH_AES_128_CBC_SHA:
337 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA:
338 case TLS_DH_DSS_WITH_AES_256_CBC_SHA:
339 case TLS_DH_RSA_WITH_AES_256_CBC_SHA:
340 case TLS_DHE_DSS_WITH_AES_256_CBC_SHA:
341 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA:
342 case TLS_DH_anon_WITH_RC4_128_MD5:
343 case TLS_DH_anon_WITH_3DES_EDE_CBC_SHA:
344 case TLS_DH_anon_WITH_AES_128_CBC_SHA:
345 case TLS_DH_anon_WITH_AES_256_CBC_SHA:
346 return SSL_Version_3_0;
347
348 case TLS_ECDH_ECDSA_WITH_NULL_SHA:
349 case TLS_ECDH_ECDSA_WITH_RC4_128_SHA:
350 case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA:
351 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA:
352 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA:
353 case TLS_ECDHE_ECDSA_WITH_NULL_SHA:
354 case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA:
355 case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA:
356 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:
357 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
358 case TLS_ECDH_RSA_WITH_NULL_SHA:
359 case TLS_ECDH_RSA_WITH_RC4_128_SHA:
360 case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA:
361 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA:
362 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA:
363 case TLS_ECDHE_RSA_WITH_NULL_SHA:
364 case TLS_ECDHE_RSA_WITH_RC4_128_SHA:
365 case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:
366 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
367 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
368 case TLS_ECDH_anon_WITH_NULL_SHA:
369 case TLS_ECDH_anon_WITH_RC4_128_SHA:
370 case TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA:
371 case TLS_ECDH_anon_WITH_AES_128_CBC_SHA:
372 case TLS_ECDH_anon_WITH_AES_256_CBC_SHA:
373 return TLS_Version_1_0;
374
375 case TLS_RSA_WITH_NULL_SHA256:
376 case TLS_RSA_WITH_AES_128_CBC_SHA256:
377 case TLS_RSA_WITH_AES_256_CBC_SHA256:
378 case TLS_DH_DSS_WITH_AES_128_CBC_SHA256:
379 case TLS_DH_RSA_WITH_AES_128_CBC_SHA256:
380 case TLS_DHE_DSS_WITH_AES_128_CBC_SHA256:
381 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:
382 case TLS_DH_DSS_WITH_AES_256_CBC_SHA256:
383 case TLS_DH_RSA_WITH_AES_256_CBC_SHA256:
384 case TLS_DHE_DSS_WITH_AES_256_CBC_SHA256:
385 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
386 case TLS_DH_anon_WITH_AES_128_CBC_SHA256:
387 case TLS_DH_anon_WITH_AES_256_CBC_SHA256:
388 case TLS_RSA_WITH_AES_128_GCM_SHA256:
389 case TLS_RSA_WITH_AES_256_GCM_SHA384:
390 case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
391 case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:
392 case TLS_DH_RSA_WITH_AES_128_GCM_SHA256:
393 case TLS_DH_RSA_WITH_AES_256_GCM_SHA384:
394 case TLS_DHE_DSS_WITH_AES_128_GCM_SHA256:
395 case TLS_DHE_DSS_WITH_AES_256_GCM_SHA384:
396 case TLS_DH_DSS_WITH_AES_128_GCM_SHA256:
397 case TLS_DH_DSS_WITH_AES_256_GCM_SHA384:
398 case TLS_DH_anon_WITH_AES_128_GCM_SHA256:
399 case TLS_DH_anon_WITH_AES_256_GCM_SHA384:
400 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
401 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384:
402 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256:
403 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384:
404 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
405 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:
406 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256:
407 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384:
408 case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
409 case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
410 case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256:
411 case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384:
412 case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
413 case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
414 case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256:
415 case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384:
416 return TLS_Version_1_2;
417 default:
418 return TLS_Version_1_2;
419 }
420 }
421 #endif
422
423 HMAC_Algs sslCipherSuiteGetMacAlgorithm(SSLCipherSuite cipherSuite) {
424 switch (cipherSuite) {
425 case TLS_NULL_WITH_NULL_NULL:
426 return HA_Null;
427 case SSL_RSA_WITH_RC2_CBC_MD5:
428 case SSL_RSA_WITH_DES_CBC_MD5:
429 case SSL_RSA_WITH_3DES_EDE_CBC_MD5:
430 case TLS_RSA_WITH_NULL_MD5:
431 case SSL_RSA_EXPORT_WITH_RC4_40_MD5:
432 case SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5:
433 case TLS_RSA_WITH_RC4_128_MD5:
434 case SSL_DH_anon_EXPORT_WITH_RC4_40_MD5:
435 case TLS_DH_anon_WITH_RC4_128_MD5:
436 return HA_MD5;
437 case TLS_RSA_WITH_NULL_SHA:
438 case SSL_RSA_WITH_IDEA_CBC_SHA:
439 case SSL_RSA_EXPORT_WITH_DES40_CBC_SHA:
440 case SSL_RSA_WITH_DES_CBC_SHA:
441 case SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA:
442 case SSL_DH_DSS_WITH_DES_CBC_SHA:
443 case SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA:
444 case SSL_DH_RSA_WITH_DES_CBC_SHA:
445 case SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA:
446 case SSL_DHE_DSS_WITH_DES_CBC_SHA:
447 case SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA:
448 case SSL_DHE_RSA_WITH_DES_CBC_SHA:
449 case SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA:
450 case SSL_DH_anon_WITH_DES_CBC_SHA:
451 case SSL_FORTEZZA_DMS_WITH_NULL_SHA:
452 case SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA:
453 case TLS_RSA_WITH_RC4_128_SHA:
454 case TLS_RSA_WITH_3DES_EDE_CBC_SHA:
455 case TLS_RSA_WITH_AES_128_CBC_SHA:
456 case TLS_RSA_WITH_AES_256_CBC_SHA:
457 case TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA:
458 case TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA:
459 case TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA:
460 case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
461 case TLS_DH_DSS_WITH_AES_128_CBC_SHA:
462 case TLS_DH_RSA_WITH_AES_128_CBC_SHA:
463 case TLS_DHE_DSS_WITH_AES_128_CBC_SHA:
464 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA:
465 case TLS_DH_DSS_WITH_AES_256_CBC_SHA:
466 case TLS_DH_RSA_WITH_AES_256_CBC_SHA:
467 case TLS_DHE_DSS_WITH_AES_256_CBC_SHA:
468 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA:
469 case TLS_DH_anon_WITH_3DES_EDE_CBC_SHA:
470 case TLS_DH_anon_WITH_AES_128_CBC_SHA:
471 case TLS_DH_anon_WITH_AES_256_CBC_SHA:
472 case TLS_ECDH_ECDSA_WITH_NULL_SHA:
473 case TLS_ECDH_ECDSA_WITH_RC4_128_SHA:
474 case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA:
475 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA:
476 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA:
477 case TLS_ECDHE_ECDSA_WITH_NULL_SHA:
478 case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA:
479 case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA:
480 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:
481 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
482 case TLS_ECDH_RSA_WITH_NULL_SHA:
483 case TLS_ECDH_RSA_WITH_RC4_128_SHA:
484 case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA:
485 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA:
486 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA:
487 case TLS_ECDHE_RSA_WITH_NULL_SHA:
488 case TLS_ECDHE_RSA_WITH_RC4_128_SHA:
489 case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:
490 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
491 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
492 case TLS_ECDH_anon_WITH_NULL_SHA:
493 case TLS_ECDH_anon_WITH_RC4_128_SHA:
494 case TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA:
495 case TLS_ECDH_anon_WITH_AES_128_CBC_SHA:
496 case TLS_ECDH_anon_WITH_AES_256_CBC_SHA:
497 case TLS_PSK_WITH_NULL_SHA:
498 case TLS_PSK_WITH_RC4_128_SHA:
499 case TLS_PSK_WITH_3DES_EDE_CBC_SHA:
500 case TLS_PSK_WITH_AES_128_CBC_SHA:
501 case TLS_PSK_WITH_AES_256_CBC_SHA:
502 case TLS_DHE_PSK_WITH_NULL_SHA:
503 case TLS_DHE_PSK_WITH_RC4_128_SHA:
504 case TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA:
505 case TLS_DHE_PSK_WITH_AES_128_CBC_SHA:
506 case TLS_DHE_PSK_WITH_AES_256_CBC_SHA:
507 case TLS_RSA_PSK_WITH_NULL_SHA:
508 case TLS_RSA_PSK_WITH_RC4_128_SHA:
509 case TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA:
510 case TLS_RSA_PSK_WITH_AES_128_CBC_SHA:
511 case TLS_RSA_PSK_WITH_AES_256_CBC_SHA:
512 return HA_SHA1;
513 case TLS_RSA_WITH_NULL_SHA256:
514 case TLS_RSA_WITH_AES_128_CBC_SHA256:
515 case TLS_RSA_WITH_AES_256_CBC_SHA256:
516 case TLS_DH_DSS_WITH_AES_128_CBC_SHA256:
517 case TLS_DH_RSA_WITH_AES_128_CBC_SHA256:
518 case TLS_DHE_DSS_WITH_AES_128_CBC_SHA256:
519 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:
520 case TLS_DH_DSS_WITH_AES_256_CBC_SHA256:
521 case TLS_DH_RSA_WITH_AES_256_CBC_SHA256:
522 case TLS_DHE_DSS_WITH_AES_256_CBC_SHA256:
523 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
524 case TLS_DH_anon_WITH_AES_128_CBC_SHA256:
525 case TLS_DH_anon_WITH_AES_256_CBC_SHA256:
526 case TLS_RSA_WITH_AES_128_GCM_SHA256:
527 case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
528 case TLS_DH_RSA_WITH_AES_128_GCM_SHA256:
529 case TLS_DHE_DSS_WITH_AES_128_GCM_SHA256:
530 case TLS_DH_DSS_WITH_AES_128_GCM_SHA256:
531 case TLS_DH_anon_WITH_AES_128_GCM_SHA256:
532 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
533 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256:
534 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
535 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256:
536 case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
537 case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256:
538 case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
539 case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256:
540 case TLS_PSK_WITH_AES_128_GCM_SHA256:
541 case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256:
542 case TLS_RSA_PSK_WITH_AES_128_GCM_SHA256:
543 case TLS_PSK_WITH_AES_128_CBC_SHA256:
544 case TLS_PSK_WITH_NULL_SHA256:
545 case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256:
546 case TLS_DHE_PSK_WITH_NULL_SHA256:
547 case TLS_RSA_PSK_WITH_AES_128_CBC_SHA256:
548 case TLS_RSA_PSK_WITH_NULL_SHA256:
549 return HA_SHA256;
550 case TLS_RSA_WITH_AES_256_GCM_SHA384:
551 case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:
552 case TLS_DH_RSA_WITH_AES_256_GCM_SHA384:
553 case TLS_DHE_DSS_WITH_AES_256_GCM_SHA384:
554 case TLS_DH_DSS_WITH_AES_256_GCM_SHA384:
555 case TLS_DH_anon_WITH_AES_256_GCM_SHA384:
556 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384:
557 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384:
558 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:
559 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384:
560 case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
561 case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384:
562 case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
563 case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384:
564 case TLS_PSK_WITH_AES_256_GCM_SHA384:
565 case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384:
566 case TLS_RSA_PSK_WITH_AES_256_GCM_SHA384:
567 case TLS_PSK_WITH_AES_256_CBC_SHA384:
568 case TLS_PSK_WITH_NULL_SHA384:
569 case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384:
570 case TLS_DHE_PSK_WITH_NULL_SHA384:
571 case TLS_RSA_PSK_WITH_AES_256_CBC_SHA384:
572 case TLS_RSA_PSK_WITH_NULL_SHA384:
573 return HA_SHA384;
574 default:
575 return HA_Null;
576 }
577 }
578
579 uint8_t sslCipherSuiteGetMacSize(SSLCipherSuite cipherSuite) {
580 switch (sslCipherSuiteGetMacAlgorithm(cipherSuite)) {
581 case HA_Null:
582 return 0;
583 case HA_MD5:
584 return 16;
585 case HA_SHA1:
586 return 20;
587 case HA_SHA256:
588 return 32;
589 case HA_SHA384:
590 return 48;
591 default:
592 return 0;
593 }
594 }
595
596 SSL_CipherAlgorithm sslCipherSuiteGetSymmetricCipherAlgorithm(SSLCipherSuite cipherSuite) {
597 switch (cipherSuite) {
598 case TLS_NULL_WITH_NULL_NULL:
599 case TLS_RSA_WITH_NULL_MD5:
600 case TLS_RSA_WITH_NULL_SHA:
601 case TLS_RSA_WITH_NULL_SHA256:
602 case SSL_FORTEZZA_DMS_WITH_NULL_SHA:
603 case TLS_ECDH_ECDSA_WITH_NULL_SHA:
604 case TLS_ECDHE_ECDSA_WITH_NULL_SHA:
605 case TLS_ECDH_RSA_WITH_NULL_SHA:
606 case TLS_ECDHE_RSA_WITH_NULL_SHA:
607 case TLS_ECDH_anon_WITH_NULL_SHA:
608 case TLS_PSK_WITH_NULL_SHA:
609 case TLS_DHE_PSK_WITH_NULL_SHA:
610 case TLS_RSA_PSK_WITH_NULL_SHA:
611 case TLS_PSK_WITH_NULL_SHA256:
612 case TLS_PSK_WITH_NULL_SHA384:
613 case TLS_DHE_PSK_WITH_NULL_SHA256:
614 case TLS_DHE_PSK_WITH_NULL_SHA384:
615 case TLS_RSA_PSK_WITH_NULL_SHA256:
616 case TLS_RSA_PSK_WITH_NULL_SHA384:
617 return SSL_CipherAlgorithmNull;
618 case SSL_RSA_WITH_RC2_CBC_MD5:
619 return SSL_CipherAlgorithmRC2_128;
620 case SSL_RSA_WITH_DES_CBC_MD5:
621 case SSL_RSA_WITH_DES_CBC_SHA:
622 case SSL_DH_DSS_WITH_DES_CBC_SHA:
623 case SSL_DH_RSA_WITH_DES_CBC_SHA:
624 case SSL_DHE_DSS_WITH_DES_CBC_SHA:
625 case SSL_DHE_RSA_WITH_DES_CBC_SHA:
626 case SSL_DH_anon_WITH_DES_CBC_SHA:
627 return SSL_CipherAlgorithmDES_CBC;
628 case TLS_RSA_WITH_RC4_128_MD5:
629 case TLS_RSA_WITH_RC4_128_SHA:
630 case TLS_DH_anon_WITH_RC4_128_MD5:
631 case TLS_ECDH_ECDSA_WITH_RC4_128_SHA:
632 case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA:
633 case TLS_ECDH_RSA_WITH_RC4_128_SHA:
634 case TLS_ECDHE_RSA_WITH_RC4_128_SHA:
635 case TLS_ECDH_anon_WITH_RC4_128_SHA:
636 case TLS_PSK_WITH_RC4_128_SHA:
637 case TLS_DHE_PSK_WITH_RC4_128_SHA:
638 case TLS_RSA_PSK_WITH_RC4_128_SHA:
639 return SSL_CipherAlgorithmRC4_128;
640 case SSL_RSA_WITH_3DES_EDE_CBC_MD5:
641 case TLS_RSA_WITH_3DES_EDE_CBC_SHA:
642 case TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA:
643 case TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA:
644 case TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA:
645 case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
646 case TLS_DH_anon_WITH_3DES_EDE_CBC_SHA:
647 case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA:
648 case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA:
649 case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA:
650 case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:
651 case TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA:
652 case TLS_PSK_WITH_3DES_EDE_CBC_SHA:
653 case TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA:
654 case TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA:
655 return SSL_CipherAlgorithm3DES_CBC;
656 case TLS_RSA_WITH_AES_128_CBC_SHA:
657 case TLS_RSA_WITH_AES_128_CBC_SHA256:
658 case TLS_DH_DSS_WITH_AES_128_CBC_SHA:
659 case TLS_DH_RSA_WITH_AES_128_CBC_SHA:
660 case TLS_DHE_DSS_WITH_AES_128_CBC_SHA:
661 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA:
662 case TLS_DH_DSS_WITH_AES_128_CBC_SHA256:
663 case TLS_DH_RSA_WITH_AES_128_CBC_SHA256:
664 case TLS_DHE_DSS_WITH_AES_128_CBC_SHA256:
665 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:
666 case TLS_DH_anon_WITH_AES_128_CBC_SHA:
667 case TLS_DH_anon_WITH_AES_128_CBC_SHA256:
668 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA:
669 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:
670 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA:
671 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
672 case TLS_ECDH_anon_WITH_AES_128_CBC_SHA:
673 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256:
674 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
675 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256:
676 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
677 case TLS_PSK_WITH_AES_128_CBC_SHA:
678 case TLS_DHE_PSK_WITH_AES_128_CBC_SHA:
679 case TLS_RSA_PSK_WITH_AES_128_CBC_SHA:
680 case TLS_PSK_WITH_AES_128_CBC_SHA256:
681 case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256:
682 case TLS_RSA_PSK_WITH_AES_128_CBC_SHA256:
683 return SSL_CipherAlgorithmAES_128_CBC;
684 case TLS_RSA_WITH_AES_256_CBC_SHA:
685 case TLS_RSA_WITH_AES_256_CBC_SHA256:
686 case TLS_DH_DSS_WITH_AES_256_CBC_SHA:
687 case TLS_DH_RSA_WITH_AES_256_CBC_SHA:
688 case TLS_DHE_DSS_WITH_AES_256_CBC_SHA:
689 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA:
690 case TLS_DH_DSS_WITH_AES_256_CBC_SHA256:
691 case TLS_DH_RSA_WITH_AES_256_CBC_SHA256:
692 case TLS_DHE_DSS_WITH_AES_256_CBC_SHA256:
693 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
694 case TLS_DH_anon_WITH_AES_256_CBC_SHA:
695 case TLS_DH_anon_WITH_AES_256_CBC_SHA256:
696 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA:
697 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
698 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA:
699 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
700 case TLS_ECDH_anon_WITH_AES_256_CBC_SHA:
701 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384:
702 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384:
703 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:
704 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384:
705 case TLS_PSK_WITH_AES_256_CBC_SHA:
706 case TLS_DHE_PSK_WITH_AES_256_CBC_SHA:
707 case TLS_RSA_PSK_WITH_AES_256_CBC_SHA:
708 case TLS_PSK_WITH_AES_256_CBC_SHA384:
709 case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384:
710 case TLS_RSA_PSK_WITH_AES_256_CBC_SHA384:
711 return SSL_CipherAlgorithmAES_256_CBC;
712 case TLS_RSA_WITH_AES_128_GCM_SHA256:
713 case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
714 case TLS_DH_RSA_WITH_AES_128_GCM_SHA256:
715 case TLS_DHE_DSS_WITH_AES_128_GCM_SHA256:
716 case TLS_DH_DSS_WITH_AES_128_GCM_SHA256:
717 case TLS_DH_anon_WITH_AES_128_GCM_SHA256:
718 case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
719 case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256:
720 case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
721 case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256:
722 case TLS_PSK_WITH_AES_128_GCM_SHA256:
723 case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256:
724 case TLS_RSA_PSK_WITH_AES_128_GCM_SHA256:
725 return SSL_CipherAlgorithmAES_128_GCM;
726 case TLS_RSA_WITH_AES_256_GCM_SHA384:
727 case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:
728 case TLS_DH_RSA_WITH_AES_256_GCM_SHA384:
729 case TLS_DHE_DSS_WITH_AES_256_GCM_SHA384:
730 case TLS_DH_DSS_WITH_AES_256_GCM_SHA384:
731 case TLS_DH_anon_WITH_AES_256_GCM_SHA384:
732 case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
733 case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384:
734 case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
735 case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384:
736 case TLS_PSK_WITH_AES_256_GCM_SHA384:
737 case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384:
738 case TLS_RSA_PSK_WITH_AES_256_GCM_SHA384:
739 return SSL_CipherAlgorithmAES_256_GCM;
740 default:
741 return SSL_CipherAlgorithmNull;
742 }
743 }
744
745 uint8_t sslCipherSuiteGetSymmetricCipherKeySize(SSLCipherSuite cipherSuite) {
746 SSL_CipherAlgorithm alg = sslCipherSuiteGetSymmetricCipherAlgorithm(cipherSuite);
747
748 switch (alg) {
749 case SSL_CipherAlgorithmNull:
750 return 0;
751 case SSL_CipherAlgorithmDES_CBC:
752 return 8;
753 case SSL_CipherAlgorithmRC2_128:
754 case SSL_CipherAlgorithmRC4_128:
755 case SSL_CipherAlgorithmAES_128_CBC:
756 case SSL_CipherAlgorithmAES_128_GCM:
757 return 16;
758 case SSL_CipherAlgorithm3DES_CBC:
759 return 24;
760 case SSL_CipherAlgorithmAES_256_CBC:
761 case SSL_CipherAlgorithmAES_256_GCM:
762 return 32;
763 default:
764 return 0;
765 }
766 }
767
768
769 /* Same function for block and iv size */
770 uint8_t sslCipherSuiteGetSymmetricCipherBlockIvSize(SSLCipherSuite cipherSuite) {
771 SSL_CipherAlgorithm alg = sslCipherSuiteGetSymmetricCipherAlgorithm(cipherSuite);
772
773 switch (alg) {
774 case SSL_CipherAlgorithmNull:
775 case SSL_CipherAlgorithmRC4_128:
776 return 0;
777 case SSL_CipherAlgorithmDES_CBC:
778 case SSL_CipherAlgorithm3DES_CBC:
779 case SSL_CipherAlgorithmRC2_128:
780 return 8;
781 case SSL_CipherAlgorithmAES_128_CBC:
782 case SSL_CipherAlgorithmAES_128_GCM:
783 case SSL_CipherAlgorithmAES_256_CBC:
784 case SSL_CipherAlgorithmAES_256_GCM:
785 return 16;
786 default:
787 return 0;
788 }
789 }
790
mirror of Security