]> git.saurik.com Git - apple/security.git/blob - libsecurity_ssl/lib/cipherSpecs.c
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-55178.0.1.tar.gz
[apple/security.git] / libsecurity_ssl / lib / cipherSpecs.c
1 /*
2 * Copyright (c) 1999-2001,2005-2012 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 /*
25 * cipherSpecs.c - SSLCipherSpec declarations
26 */
27
28 #include "ssl.h"
29 #include "CipherSuite.h"
30 #include "sslContext.h"
31 #include "cryptType.h"
32 #include "symCipher.h"
33 #include "cipherSpecs.h"
34 #include "sslDebug.h"
35 #include "sslMemory.h"
36 #include "sslDebug.h"
37 #include "sslUtils.h"
38 #include "sslPriv.h"
39 #include "sslCrypto.h"
40
41 #include <string.h>
42 #include <TargetConditionals.h>
43
44 #define ENABLE_RSA_DES_SHA_NONEXPORT ENABLE_DES
45 #define ENABLE_RSA_DES_MD5_NONEXPORT ENABLE_DES
46 #define ENABLE_RSA_DES_SHA_EXPORT ENABLE_DES
47 #define ENABLE_RSA_RC4_MD5_EXPORT ENABLE_RC4 /* the most common one */
48 #define ENABLE_RSA_RC4_MD5_NONEXPORT ENABLE_RC4
49 #define ENABLE_RSA_RC4_SHA_NONEXPORT ENABLE_RC4
50 #define ENABLE_RSA_RC2_MD5_EXPORT ENABLE_RC2
51 #define ENABLE_RSA_RC2_MD5_NONEXPORT ENABLE_RC2
52 #define ENABLE_RSA_3DES_SHA ENABLE_3DES
53 #define ENABLE_RSA_3DES_MD5 ENABLE_3DES
54
55 #define ENABLE_ECDH 1
56
57 #define ENABLE_AES_GCM 0
58
59 #if APPLE_DH
60 #define ENABLE_DH_ANON 1
61 #define ENABLE_DH_EPHEM_RSA 1
62 #if USE_CDSA_CRYPTO
63 #define ENABLE_DH_EPHEM_DSA 1
64 #else
65 #define ENABLE_DH_EPHEM_DSA 0
66 #endif
67 #else
68 #define ENABLE_DH_ANON 0
69 #define ENABLE_DH_EPHEM_RSA 0
70 #define ENABLE_DH_EPHEM_DSA 0
71 #endif /* APPLE_DH */
72
73 extern const SSLSymmetricCipher SSLCipherNull; /* in sslNullCipher.c */
74
75 /*
76 * The symmetric ciphers currently supported (in addition to the
77 * NULL cipher in nullciph.c).
78 */
79 #if ENABLE_DES
80 static const SSLSymmetricCipher SSLCipherDES_CBC = {
81 kCCKeySizeDES, /* Key size in bytes */
82 kCCKeySizeDES, /* Secret key size = 64 bits */
83 kCCBlockSizeDES, /* IV size */
84 kCCBlockSizeDES, /* Block size */
85 kCCAlgorithmDES,
86 CCSymmInit,
87 CCSymmEncryptDecrypt,
88 CCSymmEncryptDecrypt,
89 CCSymmFinish
90 };
91
92 static const SSLSymmetricCipher SSLCipherDES40_CBC = {
93 kCCKeySizeDES, /* Key size in bytes */
94 5, /* Secret key size = 40 bits */
95 kCCBlockSizeDES, /* IV size */
96 kCCBlockSizeDES, /* Block size */
97 kCCAlgorithmDES,
98 CCSymmInit,
99 CCSymmEncryptDecrypt,
100 CCSymmEncryptDecrypt,
101 CCSymmFinish
102 };
103 #endif /* ENABLE_DES */
104
105 #if ENABLE_3DES
106 static const SSLSymmetricCipher SSLCipher3DES_CBC = {
107 kCCKeySize3DES, /* Key size in bytes */
108 kCCKeySize3DES, /* Secret key size = 192 bits */
109 kCCBlockSize3DES, /* IV size */
110 kCCBlockSize3DES, /* Block size */
111 kCCAlgorithm3DES,
112 CCSymmInit,
113 CCSymmEncryptDecrypt,
114 CCSymmEncryptDecrypt,
115 CCSymmFinish
116 };
117 #endif /* ENABLE_3DES */
118
119 #if ENABLE_RC4
120 static const SSLSymmetricCipher SSLCipherRC4_40 = {
121 16, /* Key size in bytes */
122 5, /* Secret key size = 40 bits */
123 0, /* IV size */
124 0, /* Block size */
125 kCCAlgorithmRC4,
126 CCSymmInit,
127 CCSymmEncryptDecrypt,
128 CCSymmEncryptDecrypt,
129 CCSymmFinish
130 };
131
132 static const SSLSymmetricCipher SSLCipherRC4_128 = {
133 16, /* Key size in bytes */
134 16, /* Secret key size = 128 bits */
135 0, /* IV size */
136 0, /* Block size */
137 kCCAlgorithmRC4,
138 CCSymmInit,
139 CCSymmEncryptDecrypt,
140 CCSymmEncryptDecrypt,
141 CCSymmFinish
142 };
143 #endif /* ENABLE_RC4 */
144
145 #if ENABLE_RC2
146 static const SSLSymmetricCipher SSLCipherRC2_40 = {
147 kCCKeySizeMaxRC2, /* Key size in bytes */
148 5, /* Secret key size = 40 bits */
149 kCCBlockSizeRC2, /* IV size */
150 kCCBlockSizeRC2, /* Block size */
151 kCCAlgorithmRC2,
152 CCSymmInit,
153 CCSymmEncryptDecrypt,
154 CCSymmEncryptDecrypt,
155 CCSymmFinish
156 };
157
158 static const SSLSymmetricCipher SSLCipherRC2_128 = {
159 kCCKeySizeMaxRC2, /* Key size in bytes */
160 kCCKeySizeMaxRC2, /* Secret key size = 128 bits */
161 kCCBlockSizeRC2, /* IV size */
162 kCCBlockSizeRC2, /* Block size */
163 kCCAlgorithmRC2,
164 CCSymmInit,
165 CCSymmEncryptDecrypt,
166 CCSymmEncryptDecrypt,
167 CCSymmFinish
168 };
169 #endif /* ENABLE_RC2*/
170
171 #if ENABLE_AES
172 static const SSLSymmetricCipher SSLCipherAES_128_CBC = {
173 kCCKeySizeAES128, /* Key size in bytes */
174 kCCKeySizeAES128, /* Secret key size */
175 kCCBlockSizeAES128, /* IV size */
176 kCCBlockSizeAES128, /* Block size */
177 kCCAlgorithmAES128,
178 CCSymmInit,
179 CCSymmEncryptDecrypt,
180 CCSymmEncryptDecrypt,
181 CCSymmFinish
182 };
183 #endif /* ENABLE_AES */
184
185 #if ENABLE_AES256
186 static const SSLSymmetricCipher SSLCipherAES_256_CBC = {
187 kCCKeySizeAES256, /* Key size in bytes */
188 kCCKeySizeAES256, /* Secret key size */
189 kCCBlockSizeAES128, /* IV size - still 128 bits */
190 kCCBlockSizeAES128, /* Block size - still 128 bits */
191 kCCAlgorithmAES128,
192 CCSymmInit,
193 CCSymmEncryptDecrypt,
194 CCSymmEncryptDecrypt,
195 CCSymmFinish
196 };
197 #endif /* ENABLE_AES256 */
198
199 #if ENABLE_AES
200 static const SSLSymmetricCipher SSLCipherAES_128_GCM = {
201 kCCKeySizeAES128, /* Key size in bytes */
202 kCCKeySizeAES128, /* Secret key size */
203 kCCBlockSizeAES128, /* IV size */
204 kCCBlockSizeAES128, /* Block size */
205 kCCAlgorithmAES128,
206 CCSymmInit,
207 CCSymmEncryptDecrypt,
208 CCSymmEncryptDecrypt,
209 CCSymmFinish
210 };
211 #endif /* ENABLE_AES_GCM */
212
213 #if ENABLE_AES256
214 static const SSLSymmetricCipher SSLCipherAES_256_GCM = {
215 kCCKeySizeAES256, /* Key size in bytes */
216 kCCKeySizeAES256, /* Secret key size */
217 kCCBlockSizeAES128, /* IV size - still 128 bits */
218 kCCBlockSizeAES128, /* Block size - still 128 bits */
219 kCCAlgorithmAES128,
220 CCSymmInit,
221 CCSymmEncryptDecrypt,
222 CCSymmEncryptDecrypt,
223 CCSymmFinish
224 };
225 #endif /* ENABLE_AES256_GCM */
226
227 /*
228
229 cipher spec preferences from openssl. first column includes the dh anon
230 cipher suites. second column is more interesting: default.
231
232 seems to be:
233 Asymmetric: DHE-RSA > DHE-DSS > RSA
234 Symmetric : AES-256 > 3DES > AES-128 > RC4-128 > DES > DES40 > RC2-40 > RC4-40
235
236 DH_anon w/ AES are preferred over DHE_RSA when enabled, all others at the bottom.
237
238 3a TLS_DH_anon_WITH_AES_256_CBC_SHA
239 39 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 1
240 38 TLS_DHE_DSS_WITH_AES_256_CBC_SHA 2
241 35 TLS_RSA_WITH_AES_256_CBC_SHA 3
242 34 TLS_DH_anon_WITH_AES_128_CBC_SHA
243 33 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 7
244 32 TLS_DHE_DSS_WITH_AES_128_CBC_SHA 8
245 2f TLS_RSA_WITH_AES_128_CBC_SHA 9
246 16 SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA 4
247 15 SSL_DHE_RSA_WITH_DES_CBC_SHA 12
248 14 SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA 15
249 13 SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA 5
250 12 SSL_DHE_DSS_WITH_DES_CBC_SHA 13
251 11 SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA 16
252 0a SSL_RSA_WITH_3DES_EDE_CBC_SHA 6
253 09 SSL_RSA_WITH_DES_CBC_SHA 14
254 08 SSL_RSA_EXPORT_WITH_DES40_CBC_SHA 17
255 06 SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 18
256 05 SSL_RSA_WITH_RC4_128_SHA 10
257 04 SSL_RSA_WITH_RC4_128_MD5 11
258 03 SSL_RSA_EXPORT_WITH_RC4_40_MD5 19
259 1b SSL_DH_anon_WITH_3DES_EDE_CBC_SHA
260 1a SSL_DH_anon_WITH_DES_CBC_SHA
261 19 SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA
262 18 SSL_DH_anon_WITH_RC4_128_MD5
263 17 SSL_DH_anon_EXPORT_WITH_RC4_40_MD5
264
265 */
266
267 /*
268 * List of all CipherSpecs we implement. Depending on a context's
269 * exportable flag, not all of these might be available for use.
270 *
271 * FIXME - I'm not sure the distinction between e.g. SSL_RSA and SSL_RSA_EXPORT
272 * makes any sense here. See comments for the definition of
273 * KeyExchangeMethod in cryptType.h.
274 */
275 /* Order by preference, domestic first */
276 static const SSLCipherSuite KnownCipherSuites[] = {
277 #if ENABLE_AES_GCM
278 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
279 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
280 #endif
281 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
282 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
283 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
284 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
285 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
286 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
287 #if ENABLE_AES_GCM
288 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
289 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
290 #endif
291 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
292 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
293 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
294 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
295 TLS_ECDHE_RSA_WITH_RC4_128_SHA,
296 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
297 #if ENABLE_ECDH
298 #if ENABLE_AES_GCM
299 TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
300 TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
301 #endif
302 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
303 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
304 #if ENABLE_AES_GCM
305 TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,
306 TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
307 #endif
308 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
309 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
310 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
311 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
312 TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
313 TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
314 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
315 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
316 TLS_ECDH_RSA_WITH_RC4_128_SHA,
317 TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
318 #endif
319 #if ENABLE_AES_GCM
320 TLS_RSA_WITH_AES_256_GCM_SHA384,
321 TLS_RSA_WITH_AES_128_GCM_SHA256,
322 #endif
323 TLS_RSA_WITH_AES_256_CBC_SHA256,
324 TLS_RSA_WITH_AES_128_CBC_SHA256,
325 TLS_RSA_WITH_AES_128_CBC_SHA,
326 SSL_RSA_WITH_RC4_128_SHA,
327 SSL_RSA_WITH_RC4_128_MD5,
328 TLS_RSA_WITH_AES_256_CBC_SHA,
329 SSL_RSA_WITH_3DES_EDE_CBC_SHA,
330 #if ENABLE_SSLV2
331 SSL_RSA_WITH_3DES_EDE_CBC_MD5,
332 #endif
333 #if ENABLE_DES
334 SSL_RSA_WITH_DES_CBC_SHA,
335 #endif
336 #if ENABLE_SSLV2
337 SSL_RSA_WITH_DES_CBC_MD5,
338 #endif
339 SSL_RSA_EXPORT_WITH_RC4_40_MD5,
340 #if ENABLE_DES
341 SSL_RSA_EXPORT_WITH_DES40_CBC_SHA,
342 #endif
343 #if ENABLE_RC2
344 SSL_RSA_WITH_RC2_CBC_MD5,
345 SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
346 #endif
347 #if ENABLE_AES_GCM
348 # if ENABLE_DH_EPHEM_DSA
349 TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,
350 # endif // ENABLE_DH_EPHEM_DSA
351 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
352 # if ENABLE_DH_EPHEM_DSA
353 TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,
354 # endif // ENABLE_DH_EPHEM_DSA
355 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
356 #endif // ENABLE_AES_GCM
357 #if ENABLE_DH_EPHEM_DSA
358 TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
359 #endif
360 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
361 #if ENABLE_DH_EPHEM_DSA
362 TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,
363 #endif
364 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
365 #if ENABLE_DH_EPHEM_DSA
366 TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
367 #endif
368 TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
369 #if ENABLE_DH_EPHEM_DSA
370 TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
371 #endif
372 TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
373 SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
374 #if ENABLE_DES
375 SSL_DHE_RSA_WITH_DES_CBC_SHA,
376 SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
377 #endif
378 #if ENABLE_DH_EPHEM_DSA
379 SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
380 #if ENABLE_DES
381 SSL_DHE_DSS_WITH_DES_CBC_SHA,
382 #endif
383 SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,
384 #endif
385 TLS_DH_anon_WITH_AES_256_GCM_SHA384,
386 TLS_DH_anon_WITH_AES_128_GCM_SHA256,
387 TLS_DH_anon_WITH_AES_128_CBC_SHA256,
388 TLS_DH_anon_WITH_AES_256_CBC_SHA256,
389 TLS_DH_anon_WITH_AES_128_CBC_SHA,
390 TLS_DH_anon_WITH_AES_256_CBC_SHA,
391 SSL_DH_anon_WITH_RC4_128_MD5,
392 SSL_DH_anon_WITH_3DES_EDE_CBC_SHA,
393 #if ENABLE_DES
394 SSL_DH_anon_WITH_DES_CBC_SHA,
395 #endif
396 SSL_DH_anon_EXPORT_WITH_RC4_40_MD5,
397 #if ENABLE_DES
398 SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA,
399 #endif
400 TLS_ECDHE_ECDSA_WITH_NULL_SHA,
401 TLS_ECDHE_RSA_WITH_NULL_SHA,
402 #if ENABLE_ECDH
403 TLS_ECDH_ECDSA_WITH_NULL_SHA,
404 TLS_ECDH_RSA_WITH_NULL_SHA,
405 #endif
406 TLS_RSA_WITH_NULL_SHA256,
407 SSL_RSA_WITH_NULL_SHA,
408 SSL_RSA_WITH_NULL_MD5
409
410 #if 0
411 /* We don't support these yet. */
412 TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
413 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
414 TLS_RSA_WITH_RC4_128_SHA,
415 TLS_RSA_WITH_3DES_EDE_CBC_SHA,
416 TLS_RSA_WITH_RC4_128_MD5,
417 TLS_DH_DSS_WITH_AES_256_GCM_SHA384,
418 TLS_DH_DSS_WITH_AES_128_GCM_SHA256,
419 TLS_DH_RSA_WITH_AES_256_GCM_SHA384,
420 TLS_DH_RSA_WITH_AES_128_GCM_SHA256,
421 TLS_DH_DSS_WITH_AES_256_CBC_SHA256,
422 TLS_DH_RSA_WITH_AES_256_CBC_SHA256,
423 TLS_DH_DSS_WITH_AES_128_CBC_SHA256,
424 TLS_DH_RSA_WITH_AES_128_CBC_SHA256,
425 TLS_DH_DSS_WITH_AES_256_CBC_SHA,
426 TLS_DH_RSA_WITH_AES_256_CBC_SHA,
427 TLS_DH_DSS_WITH_AES_128_CBC_SHA,
428 TLS_DH_RSA_WITH_AES_128_CBC_SHA,
429 TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA,
430 TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA,
431 TLS_ECDH_anon_WITH_AES_256_CBC_SHA,
432 TLS_ECDH_anon_WITH_AES_128_CBC_SHA,
433 TLS_ECDH_anon_WITH_RC4_128_SHA,
434 TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA,
435 TLS_ECDH_anon_WITH_NULL_SHA,
436 #endif
437 };
438
439 static const unsigned CipherSuiteCount = sizeof(KnownCipherSuites) / sizeof(*KnownCipherSuites);
440
441 static KeyExchangeMethod sslCipherSuiteGetKeyExchangeMethod(SSLCipherSuite cipherSuite) {
442 switch (cipherSuite) {
443 case TLS_NULL_WITH_NULL_NULL:
444 return SSL_NULL_auth;
445
446 case SSL_RSA_WITH_RC2_CBC_MD5:
447 case SSL_RSA_WITH_DES_CBC_MD5:
448 case SSL_RSA_WITH_3DES_EDE_CBC_MD5:
449 case TLS_RSA_WITH_NULL_MD5:
450 case TLS_RSA_WITH_NULL_SHA:
451 case TLS_RSA_WITH_RC4_128_MD5:
452 case TLS_RSA_WITH_RC4_128_SHA:
453 case SSL_RSA_WITH_IDEA_CBC_SHA:
454 case SSL_RSA_WITH_DES_CBC_SHA:
455 case TLS_RSA_WITH_3DES_EDE_CBC_SHA:
456 case TLS_RSA_WITH_AES_128_CBC_SHA:
457 case TLS_RSA_WITH_AES_256_CBC_SHA:
458 case TLS_RSA_WITH_NULL_SHA256:
459 case TLS_RSA_WITH_AES_128_CBC_SHA256:
460 case TLS_RSA_WITH_AES_256_CBC_SHA256:
461 case TLS_RSA_WITH_AES_128_GCM_SHA256:
462 case TLS_RSA_WITH_AES_256_GCM_SHA384:
463 return SSL_RSA;
464
465 case SSL_RSA_EXPORT_WITH_RC4_40_MD5:
466 case SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5:
467 case SSL_RSA_EXPORT_WITH_DES40_CBC_SHA:
468 return SSL_RSA_EXPORT;
469
470 case SSL_DH_DSS_WITH_DES_CBC_SHA:
471 case TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA:
472 case TLS_DH_DSS_WITH_AES_128_CBC_SHA:
473 case TLS_DH_DSS_WITH_AES_256_CBC_SHA:
474 case TLS_DH_DSS_WITH_AES_128_CBC_SHA256:
475 case TLS_DH_DSS_WITH_AES_256_CBC_SHA256:
476 case TLS_DH_DSS_WITH_AES_128_GCM_SHA256:
477 case TLS_DH_DSS_WITH_AES_256_GCM_SHA384:
478 return SSL_DH_DSS;
479
480 case SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA:
481 return SSL_DH_DSS_EXPORT;
482
483 case SSL_DH_RSA_WITH_DES_CBC_SHA:
484 case TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA:
485 case TLS_DH_RSA_WITH_AES_128_CBC_SHA:
486 case TLS_DH_RSA_WITH_AES_256_CBC_SHA:
487 case TLS_DH_RSA_WITH_AES_128_CBC_SHA256:
488 case TLS_DH_RSA_WITH_AES_256_CBC_SHA256:
489 case TLS_DH_RSA_WITH_AES_128_GCM_SHA256:
490 case TLS_DH_RSA_WITH_AES_256_GCM_SHA384:
491 return SSL_DH_RSA;
492
493 case SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA:
494 return SSL_DH_RSA_EXPORT;
495
496 case SSL_DHE_DSS_WITH_DES_CBC_SHA:
497 case TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA:
498 case TLS_DHE_DSS_WITH_AES_128_CBC_SHA:
499 case TLS_DHE_DSS_WITH_AES_256_CBC_SHA:
500 case TLS_DHE_DSS_WITH_AES_128_CBC_SHA256:
501 case TLS_DHE_DSS_WITH_AES_256_CBC_SHA256:
502 case TLS_DHE_DSS_WITH_AES_128_GCM_SHA256:
503 case TLS_DHE_DSS_WITH_AES_256_GCM_SHA384:
504 return SSL_DHE_DSS;
505
506 case SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA:
507 return SSL_DHE_DSS_EXPORT;
508
509 case SSL_DHE_RSA_WITH_DES_CBC_SHA:
510 case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
511 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA:
512 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA:
513 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:
514 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
515 case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
516 case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:
517 return SSL_DHE_RSA;
518
519 case SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA:
520 return SSL_DHE_RSA_EXPORT;
521
522 case SSL_DH_anon_WITH_DES_CBC_SHA:
523 case TLS_DH_anon_WITH_RC4_128_MD5:
524 case TLS_DH_anon_WITH_3DES_EDE_CBC_SHA:
525 case TLS_DH_anon_WITH_AES_128_CBC_SHA:
526 case TLS_DH_anon_WITH_AES_256_CBC_SHA:
527 case TLS_DH_anon_WITH_AES_128_CBC_SHA256:
528 case TLS_DH_anon_WITH_AES_256_CBC_SHA256:
529 case TLS_DH_anon_WITH_AES_128_GCM_SHA256:
530 case TLS_DH_anon_WITH_AES_256_GCM_SHA384:
531 return SSL_DH_anon;
532
533 case SSL_DH_anon_EXPORT_WITH_RC4_40_MD5:
534 case SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA:
535 return SSL_DH_anon_EXPORT;
536
537 case SSL_FORTEZZA_DMS_WITH_NULL_SHA:
538 case SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA:
539 return SSL_Fortezza;
540
541 case TLS_ECDHE_ECDSA_WITH_NULL_SHA:
542 case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA:
543 case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA:
544 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:
545 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
546 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
547 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384:
548 case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
549 case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
550 return SSL_ECDHE_ECDSA;
551
552 case TLS_ECDH_ECDSA_WITH_NULL_SHA:
553 case TLS_ECDH_ECDSA_WITH_RC4_128_SHA:
554 case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA:
555 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA:
556 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA:
557 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256:
558 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384:
559 case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256:
560 case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384:
561 return SSL_ECDH_ECDSA;
562
563 case TLS_ECDHE_RSA_WITH_NULL_SHA:
564 case TLS_ECDHE_RSA_WITH_RC4_128_SHA:
565 case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:
566 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
567 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
568 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
569 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:
570 case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
571 case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
572 return SSL_ECDHE_RSA;
573
574 case TLS_ECDH_RSA_WITH_NULL_SHA:
575 case TLS_ECDH_RSA_WITH_RC4_128_SHA:
576 case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA:
577 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA:
578 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA:
579 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256:
580 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384:
581 case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256:
582 case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384:
583 return SSL_ECDH_RSA;
584
585 case TLS_ECDH_anon_WITH_NULL_SHA:
586 case TLS_ECDH_anon_WITH_RC4_128_SHA:
587 case TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA:
588 case TLS_ECDH_anon_WITH_AES_128_CBC_SHA:
589 case TLS_ECDH_anon_WITH_AES_256_CBC_SHA:
590 return SSL_ECDH_anon;
591
592 default:
593 sslErrorLog("Invalid cipherSuite %02hX", cipherSuite);
594 assert(0);
595 return SSL_NULL_auth;
596 }
597 }
598
599 #if 0
600 static SSL_SignatureAlgorithm sslCipherSuiteGetSignatureAlgorithm(SSLCipherSuite cipherSuite) {
601 switch (sslCipherSuiteGetKeyExchangeMethod(cipherSuite)) {
602 case SSL_NULL_auth:
603 return SSL_SignatureAlgorithmAnonymous;
604 case SSL_RSA:
605 case SSL_RSA_EXPORT:
606 case SSL_DH_RSA:
607 case SSL_DH_RSA_EXPORT:
608 case SSL_DHE_RSA:
609 case SSL_DHE_RSA_EXPORT:
610 case SSL_ECDHE_RSA:
611 case SSL_ECDH_RSA:
612 return SSL_SignatureAlgorithmRSA;
613 case SSL_DH_DSS:
614 case SSL_DH_DSS_EXPORT:
615 case SSL_DHE_DSS:
616 case SSL_DHE_DSS_EXPORT:
617 return SSL_SignatureAlgorithmDSA;
618 case SSL_DH_anon:
619 case SSL_DH_anon_EXPORT:
620 return SSL_SignatureAlgorithmAnonymous;
621 case SSL_ECDHE_ECDSA:
622 case SSL_ECDH_ECDSA:
623 return SSL_SignatureAlgorithmECDSA;
624 default:
625 sslErrorLog("Invalid cipherSuite %02hX", cipherSuite);
626 assert(0);
627 return SSL_SignatureAlgorithmAnonymous;
628 }
629 }
630 #endif
631
632 static SSLProtocolVersion sslCipherSuiteGetMinSupportedTLSVersion(SSLCipherSuite cipherSuite) {
633 switch (cipherSuite) {
634 case SSL_RSA_EXPORT_WITH_RC4_40_MD5:
635 case SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5:
636 case SSL_RSA_WITH_IDEA_CBC_SHA:
637 case SSL_RSA_EXPORT_WITH_DES40_CBC_SHA:
638 case SSL_RSA_WITH_DES_CBC_SHA:
639 case SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA:
640 case SSL_DH_DSS_WITH_DES_CBC_SHA:
641 case SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA:
642 case SSL_DH_RSA_WITH_DES_CBC_SHA:
643 case SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA:
644 case SSL_DHE_DSS_WITH_DES_CBC_SHA:
645 case SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA:
646 case SSL_DHE_RSA_WITH_DES_CBC_SHA:
647 case SSL_DH_anon_EXPORT_WITH_RC4_40_MD5:
648 case SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA:
649 case SSL_DH_anon_WITH_DES_CBC_SHA:
650 case SSL_FORTEZZA_DMS_WITH_NULL_SHA:
651 case SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA:
652 case TLS_NULL_WITH_NULL_NULL:
653 case TLS_RSA_WITH_NULL_MD5:
654 case TLS_RSA_WITH_NULL_SHA:
655 case TLS_RSA_WITH_RC4_128_MD5:
656 case TLS_RSA_WITH_RC4_128_SHA:
657 case TLS_RSA_WITH_3DES_EDE_CBC_SHA:
658 case TLS_RSA_WITH_AES_128_CBC_SHA:
659 case TLS_RSA_WITH_AES_256_CBC_SHA:
660 case TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA:
661 case TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA:
662 case TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA:
663 case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
664 case TLS_DH_DSS_WITH_AES_128_CBC_SHA:
665 case TLS_DH_RSA_WITH_AES_128_CBC_SHA:
666 case TLS_DHE_DSS_WITH_AES_128_CBC_SHA:
667 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA:
668 case TLS_DH_DSS_WITH_AES_256_CBC_SHA:
669 case TLS_DH_RSA_WITH_AES_256_CBC_SHA:
670 case TLS_DHE_DSS_WITH_AES_256_CBC_SHA:
671 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA:
672 case TLS_DH_anon_WITH_RC4_128_MD5:
673 case TLS_DH_anon_WITH_3DES_EDE_CBC_SHA:
674 case TLS_DH_anon_WITH_AES_128_CBC_SHA:
675 case TLS_DH_anon_WITH_AES_256_CBC_SHA:
676 return SSL_Version_3_0;
677
678 case TLS_ECDH_ECDSA_WITH_NULL_SHA:
679 case TLS_ECDH_ECDSA_WITH_RC4_128_SHA:
680 case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA:
681 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA:
682 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA:
683 case TLS_ECDHE_ECDSA_WITH_NULL_SHA:
684 case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA:
685 case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA:
686 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:
687 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
688 case TLS_ECDH_RSA_WITH_NULL_SHA:
689 case TLS_ECDH_RSA_WITH_RC4_128_SHA:
690 case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA:
691 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA:
692 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA:
693 case TLS_ECDHE_RSA_WITH_NULL_SHA:
694 case TLS_ECDHE_RSA_WITH_RC4_128_SHA:
695 case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:
696 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
697 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
698 case TLS_ECDH_anon_WITH_NULL_SHA:
699 case TLS_ECDH_anon_WITH_RC4_128_SHA:
700 case TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA:
701 case TLS_ECDH_anon_WITH_AES_128_CBC_SHA:
702 case TLS_ECDH_anon_WITH_AES_256_CBC_SHA:
703 return TLS_Version_1_0;
704
705 case TLS_RSA_WITH_NULL_SHA256:
706 case TLS_RSA_WITH_AES_128_CBC_SHA256:
707 case TLS_RSA_WITH_AES_256_CBC_SHA256:
708 case TLS_DH_DSS_WITH_AES_128_CBC_SHA256:
709 case TLS_DH_RSA_WITH_AES_128_CBC_SHA256:
710 case TLS_DHE_DSS_WITH_AES_128_CBC_SHA256:
711 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:
712 case TLS_DH_DSS_WITH_AES_256_CBC_SHA256:
713 case TLS_DH_RSA_WITH_AES_256_CBC_SHA256:
714 case TLS_DHE_DSS_WITH_AES_256_CBC_SHA256:
715 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
716 case TLS_DH_anon_WITH_AES_128_CBC_SHA256:
717 case TLS_DH_anon_WITH_AES_256_CBC_SHA256:
718 case TLS_RSA_WITH_AES_128_GCM_SHA256:
719 case TLS_RSA_WITH_AES_256_GCM_SHA384:
720 case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
721 case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:
722 case TLS_DH_RSA_WITH_AES_128_GCM_SHA256:
723 case TLS_DH_RSA_WITH_AES_256_GCM_SHA384:
724 case TLS_DHE_DSS_WITH_AES_128_GCM_SHA256:
725 case TLS_DHE_DSS_WITH_AES_256_GCM_SHA384:
726 case TLS_DH_DSS_WITH_AES_128_GCM_SHA256:
727 case TLS_DH_DSS_WITH_AES_256_GCM_SHA384:
728 case TLS_DH_anon_WITH_AES_128_GCM_SHA256:
729 case TLS_DH_anon_WITH_AES_256_GCM_SHA384:
730 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
731 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384:
732 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256:
733 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384:
734 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
735 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:
736 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256:
737 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384:
738 case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
739 case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
740 case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256:
741 case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384:
742 case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
743 case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
744 case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256:
745 case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384:
746 return TLS_Version_1_2;
747 default:
748 sslErrorLog("Invalid cipherSuite %02hX", cipherSuite);
749 assert(0);
750 return TLS_Version_1_2;
751 }
752 }
753
754 static SSL_HashAlgorithm sslCipherSuiteGetHashAlgorithm(SSLCipherSuite cipherSuite) {
755 switch (cipherSuite) {
756 case TLS_NULL_WITH_NULL_NULL:
757 return SSL_HashAlgorithmNone;
758 case SSL_RSA_WITH_RC2_CBC_MD5:
759 case SSL_RSA_WITH_DES_CBC_MD5:
760 case SSL_RSA_WITH_3DES_EDE_CBC_MD5:
761 case TLS_RSA_WITH_NULL_MD5:
762 case SSL_RSA_EXPORT_WITH_RC4_40_MD5:
763 case SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5:
764 case TLS_RSA_WITH_RC4_128_MD5:
765 case SSL_DH_anon_EXPORT_WITH_RC4_40_MD5:
766 case TLS_DH_anon_WITH_RC4_128_MD5:
767 return SSL_HashAlgorithmMD5;
768 case TLS_RSA_WITH_NULL_SHA:
769 case SSL_RSA_WITH_IDEA_CBC_SHA:
770 case SSL_RSA_EXPORT_WITH_DES40_CBC_SHA:
771 case SSL_RSA_WITH_DES_CBC_SHA:
772 case SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA:
773 case SSL_DH_DSS_WITH_DES_CBC_SHA:
774 case SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA:
775 case SSL_DH_RSA_WITH_DES_CBC_SHA:
776 case SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA:
777 case SSL_DHE_DSS_WITH_DES_CBC_SHA:
778 case SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA:
779 case SSL_DHE_RSA_WITH_DES_CBC_SHA:
780 case SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA:
781 case SSL_DH_anon_WITH_DES_CBC_SHA:
782 case SSL_FORTEZZA_DMS_WITH_NULL_SHA:
783 case SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA:
784 case TLS_RSA_WITH_RC4_128_SHA:
785 case TLS_RSA_WITH_3DES_EDE_CBC_SHA:
786 case TLS_RSA_WITH_AES_128_CBC_SHA:
787 case TLS_RSA_WITH_AES_256_CBC_SHA:
788 case TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA:
789 case TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA:
790 case TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA:
791 case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
792 case TLS_DH_DSS_WITH_AES_128_CBC_SHA:
793 case TLS_DH_RSA_WITH_AES_128_CBC_SHA:
794 case TLS_DHE_DSS_WITH_AES_128_CBC_SHA:
795 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA:
796 case TLS_DH_DSS_WITH_AES_256_CBC_SHA:
797 case TLS_DH_RSA_WITH_AES_256_CBC_SHA:
798 case TLS_DHE_DSS_WITH_AES_256_CBC_SHA:
799 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA:
800 case TLS_DH_anon_WITH_3DES_EDE_CBC_SHA:
801 case TLS_DH_anon_WITH_AES_128_CBC_SHA:
802 case TLS_DH_anon_WITH_AES_256_CBC_SHA:
803 case TLS_ECDH_ECDSA_WITH_NULL_SHA:
804 case TLS_ECDH_ECDSA_WITH_RC4_128_SHA:
805 case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA:
806 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA:
807 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA:
808 case TLS_ECDHE_ECDSA_WITH_NULL_SHA:
809 case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA:
810 case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA:
811 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:
812 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
813 case TLS_ECDH_RSA_WITH_NULL_SHA:
814 case TLS_ECDH_RSA_WITH_RC4_128_SHA:
815 case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA:
816 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA:
817 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA:
818 case TLS_ECDHE_RSA_WITH_NULL_SHA:
819 case TLS_ECDHE_RSA_WITH_RC4_128_SHA:
820 case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:
821 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
822 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
823 case TLS_ECDH_anon_WITH_NULL_SHA:
824 case TLS_ECDH_anon_WITH_RC4_128_SHA:
825 case TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA:
826 case TLS_ECDH_anon_WITH_AES_128_CBC_SHA:
827 case TLS_ECDH_anon_WITH_AES_256_CBC_SHA:
828 return SSL_HashAlgorithmSHA1;
829 case TLS_RSA_WITH_NULL_SHA256:
830 case TLS_RSA_WITH_AES_128_CBC_SHA256:
831 case TLS_RSA_WITH_AES_256_CBC_SHA256:
832 case TLS_DH_DSS_WITH_AES_128_CBC_SHA256:
833 case TLS_DH_RSA_WITH_AES_128_CBC_SHA256:
834 case TLS_DHE_DSS_WITH_AES_128_CBC_SHA256:
835 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:
836 case TLS_DH_DSS_WITH_AES_256_CBC_SHA256:
837 case TLS_DH_RSA_WITH_AES_256_CBC_SHA256:
838 case TLS_DHE_DSS_WITH_AES_256_CBC_SHA256:
839 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
840 case TLS_DH_anon_WITH_AES_128_CBC_SHA256:
841 case TLS_DH_anon_WITH_AES_256_CBC_SHA256:
842 case TLS_RSA_WITH_AES_128_GCM_SHA256:
843 case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
844 case TLS_DH_RSA_WITH_AES_128_GCM_SHA256:
845 case TLS_DHE_DSS_WITH_AES_128_GCM_SHA256:
846 case TLS_DH_DSS_WITH_AES_128_GCM_SHA256:
847 case TLS_DH_anon_WITH_AES_128_GCM_SHA256:
848 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
849 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256:
850 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
851 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256:
852 case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
853 case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256:
854 case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
855 case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256:
856 return SSL_HashAlgorithmSHA256;
857 case TLS_RSA_WITH_AES_256_GCM_SHA384:
858 case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:
859 case TLS_DH_RSA_WITH_AES_256_GCM_SHA384:
860 case TLS_DHE_DSS_WITH_AES_256_GCM_SHA384:
861 case TLS_DH_DSS_WITH_AES_256_GCM_SHA384:
862 case TLS_DH_anon_WITH_AES_256_GCM_SHA384:
863 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384:
864 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384:
865 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:
866 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384:
867 case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
868 case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384:
869 case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
870 case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384:
871 return SSL_HashAlgorithmSHA384;
872 default:
873 sslErrorLog("Invalid cipherSuite %02hX", cipherSuite);
874 assert(0);
875 return SSL_HashAlgorithmNone;
876 }
877 }
878
879 static const HashHmacReference* sslCipherSuiteGetHashHmacReference(SSLCipherSuite cipherSuite) {
880 switch (sslCipherSuiteGetHashAlgorithm(cipherSuite)) {
881 case SSL_HashAlgorithmNone:
882 return &HashHmacNull;
883 case SSL_HashAlgorithmMD5:
884 return &HashHmacMD5;
885 case SSL_HashAlgorithmSHA1:
886 return &HashHmacSHA1;
887 case SSL_HashAlgorithmSHA256:
888 return &HashHmacSHA256;
889 case SSL_HashAlgorithmSHA384:
890 return &HashHmacSHA384;
891 default:
892 sslErrorLog("Invalid hashAlgorithm %02hX", cipherSuite);
893 assert(0);
894 return &HashHmacNull;
895 }
896 }
897
898 static const SSLSymmetricCipher *sslCipherSuiteGetSymmetricCipher(SSLCipherSuite cipherSuite) {
899 switch (cipherSuite) {
900 case TLS_NULL_WITH_NULL_NULL:
901 case TLS_RSA_WITH_NULL_MD5:
902 case TLS_RSA_WITH_NULL_SHA:
903 case TLS_RSA_WITH_NULL_SHA256:
904 case SSL_FORTEZZA_DMS_WITH_NULL_SHA:
905 case TLS_ECDH_ECDSA_WITH_NULL_SHA:
906 case TLS_ECDHE_ECDSA_WITH_NULL_SHA:
907 case TLS_ECDH_RSA_WITH_NULL_SHA:
908 case TLS_ECDHE_RSA_WITH_NULL_SHA:
909 case TLS_ECDH_anon_WITH_NULL_SHA:
910 return &SSLCipherNull;
911 #if ENABLE_RC4
912 case SSL_RSA_EXPORT_WITH_RC4_40_MD5:
913 case SSL_DH_anon_EXPORT_WITH_RC4_40_MD5:
914 return &SSLCipherRC4_40;
915 #endif
916 #if ENABLE_RC2
917 case SSL_RSA_WITH_RC2_CBC_MD5:
918 case SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5:
919 return &SSLCipherRC2_40;
920 #endif
921 #if ENABLE_IDEA
922 case SSL_RSA_WITH_IDEA_CBC_SHA:
923 return &SSLCipherIDEA_CBC;
924 #endif
925 #if ENABLE_DES
926 case SSL_RSA_EXPORT_WITH_DES40_CBC_SHA:
927 case SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA:
928 case SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA:
929 case SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA:
930 case SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA:
931 case SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA:
932 return &SSLCipherDES40_CBC;
933 case SSL_RSA_WITH_DES_CBC_MD5:
934 case SSL_RSA_WITH_DES_CBC_SHA:
935 case SSL_DH_DSS_WITH_DES_CBC_SHA:
936 case SSL_DH_RSA_WITH_DES_CBC_SHA:
937 case SSL_DHE_DSS_WITH_DES_CBC_SHA:
938 case SSL_DHE_RSA_WITH_DES_CBC_SHA:
939 case SSL_DH_anon_WITH_DES_CBC_SHA:
940 return &SSLCipherDES_CBC;
941 #endif
942 #if ENABLE_FORTEZZA
943 case SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA:
944 return &SSLCipherFORTEZZA_CBC;
945 #endif
946 #if ENABLE_RC4
947 case TLS_RSA_WITH_RC4_128_MD5:
948 case TLS_RSA_WITH_RC4_128_SHA:
949 case TLS_DH_anon_WITH_RC4_128_MD5:
950 case TLS_ECDH_ECDSA_WITH_RC4_128_SHA:
951 case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA:
952 case TLS_ECDH_RSA_WITH_RC4_128_SHA:
953 case TLS_ECDHE_RSA_WITH_RC4_128_SHA:
954 case TLS_ECDH_anon_WITH_RC4_128_SHA:
955 return &SSLCipherRC4_128;
956 #endif
957 case SSL_RSA_WITH_3DES_EDE_CBC_MD5:
958 case TLS_RSA_WITH_3DES_EDE_CBC_SHA:
959 case TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA:
960 case TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA:
961 case TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA:
962 case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
963 case TLS_DH_anon_WITH_3DES_EDE_CBC_SHA:
964 case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA:
965 case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA:
966 case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA:
967 case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:
968 case TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA:
969 return &SSLCipher3DES_CBC;
970 case TLS_RSA_WITH_AES_128_CBC_SHA:
971 case TLS_RSA_WITH_AES_128_CBC_SHA256:
972 case TLS_DH_DSS_WITH_AES_128_CBC_SHA:
973 case TLS_DH_RSA_WITH_AES_128_CBC_SHA:
974 case TLS_DHE_DSS_WITH_AES_128_CBC_SHA:
975 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA:
976 case TLS_DH_DSS_WITH_AES_128_CBC_SHA256:
977 case TLS_DH_RSA_WITH_AES_128_CBC_SHA256:
978 case TLS_DHE_DSS_WITH_AES_128_CBC_SHA256:
979 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:
980 case TLS_DH_anon_WITH_AES_128_CBC_SHA:
981 case TLS_DH_anon_WITH_AES_128_CBC_SHA256:
982 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA:
983 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:
984 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA:
985 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
986 case TLS_ECDH_anon_WITH_AES_128_CBC_SHA:
987 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256:
988 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
989 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256:
990 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
991 return &SSLCipherAES_128_CBC;
992 case TLS_RSA_WITH_AES_256_CBC_SHA:
993 case TLS_RSA_WITH_AES_256_CBC_SHA256:
994 case TLS_DH_DSS_WITH_AES_256_CBC_SHA:
995 case TLS_DH_RSA_WITH_AES_256_CBC_SHA:
996 case TLS_DHE_DSS_WITH_AES_256_CBC_SHA:
997 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA:
998 case TLS_DH_DSS_WITH_AES_256_CBC_SHA256:
999 case TLS_DH_RSA_WITH_AES_256_CBC_SHA256:
1000 case TLS_DHE_DSS_WITH_AES_256_CBC_SHA256:
1001 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
1002 case TLS_DH_anon_WITH_AES_256_CBC_SHA:
1003 case TLS_DH_anon_WITH_AES_256_CBC_SHA256:
1004 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA:
1005 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
1006 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA:
1007 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
1008 case TLS_ECDH_anon_WITH_AES_256_CBC_SHA:
1009 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384:
1010 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384:
1011 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:
1012 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384:
1013 return &SSLCipherAES_256_CBC;
1014 case TLS_RSA_WITH_AES_128_GCM_SHA256:
1015 case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
1016 case TLS_DH_RSA_WITH_AES_128_GCM_SHA256:
1017 case TLS_DHE_DSS_WITH_AES_128_GCM_SHA256:
1018 case TLS_DH_DSS_WITH_AES_128_GCM_SHA256:
1019 case TLS_DH_anon_WITH_AES_128_GCM_SHA256:
1020 case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
1021 case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256:
1022 case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
1023 case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256:
1024 return &SSLCipherAES_128_GCM;
1025 case TLS_RSA_WITH_AES_256_GCM_SHA384:
1026 case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:
1027 case TLS_DH_RSA_WITH_AES_256_GCM_SHA384:
1028 case TLS_DHE_DSS_WITH_AES_256_GCM_SHA384:
1029 case TLS_DH_DSS_WITH_AES_256_GCM_SHA384:
1030 case TLS_DH_anon_WITH_AES_256_GCM_SHA384:
1031 case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
1032 case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384:
1033 case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
1034 case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384:
1035 return &SSLCipherAES_256_GCM;
1036 default:
1037 sslErrorLog("Invalid cipherSuite %02hX", cipherSuite);
1038 assert(0);
1039 return &SSLCipherNull;
1040 }
1041 }
1042
1043 SSL_CipherAlgorithm sslCipherSuiteGetSymmetricCipherAlgorithm(SSLCipherSuite cipherSuite) {
1044 switch (cipherSuite) {
1045 case TLS_NULL_WITH_NULL_NULL:
1046 case TLS_RSA_WITH_NULL_MD5:
1047 case TLS_RSA_WITH_NULL_SHA:
1048 case TLS_RSA_WITH_NULL_SHA256:
1049 case SSL_FORTEZZA_DMS_WITH_NULL_SHA:
1050 case TLS_ECDH_ECDSA_WITH_NULL_SHA:
1051 case TLS_ECDHE_ECDSA_WITH_NULL_SHA:
1052 case TLS_ECDH_RSA_WITH_NULL_SHA:
1053 case TLS_ECDHE_RSA_WITH_NULL_SHA:
1054 case TLS_ECDH_anon_WITH_NULL_SHA:
1055 return SSL_CipherAlgorithmNull;
1056 case SSL_RSA_WITH_RC2_CBC_MD5:
1057 return SSL_CipherAlgorithmRC2_128;
1058 case SSL_RSA_WITH_DES_CBC_MD5:
1059 case SSL_RSA_WITH_DES_CBC_SHA:
1060 case SSL_DH_DSS_WITH_DES_CBC_SHA:
1061 case SSL_DH_RSA_WITH_DES_CBC_SHA:
1062 case SSL_DHE_DSS_WITH_DES_CBC_SHA:
1063 case SSL_DHE_RSA_WITH_DES_CBC_SHA:
1064 case SSL_DH_anon_WITH_DES_CBC_SHA:
1065 return SSL_CipherAlgorithmDES_CBC;
1066 case TLS_RSA_WITH_RC4_128_MD5:
1067 case TLS_RSA_WITH_RC4_128_SHA:
1068 case TLS_DH_anon_WITH_RC4_128_MD5:
1069 case TLS_ECDH_ECDSA_WITH_RC4_128_SHA:
1070 case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA:
1071 case TLS_ECDH_RSA_WITH_RC4_128_SHA:
1072 case TLS_ECDHE_RSA_WITH_RC4_128_SHA:
1073 case TLS_ECDH_anon_WITH_RC4_128_SHA:
1074 return SSL_CipherAlgorithmRC4_128;
1075 case SSL_RSA_WITH_3DES_EDE_CBC_MD5:
1076 case TLS_RSA_WITH_3DES_EDE_CBC_SHA:
1077 case TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA:
1078 case TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA:
1079 case TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA:
1080 case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
1081 case TLS_DH_anon_WITH_3DES_EDE_CBC_SHA:
1082 case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA:
1083 case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA:
1084 case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA:
1085 case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:
1086 case TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA:
1087 return SSL_CipherAlgorithm3DES_CBC;
1088 case TLS_RSA_WITH_AES_128_CBC_SHA:
1089 case TLS_RSA_WITH_AES_128_CBC_SHA256:
1090 case TLS_DH_DSS_WITH_AES_128_CBC_SHA:
1091 case TLS_DH_RSA_WITH_AES_128_CBC_SHA:
1092 case TLS_DHE_DSS_WITH_AES_128_CBC_SHA:
1093 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA:
1094 case TLS_DH_DSS_WITH_AES_128_CBC_SHA256:
1095 case TLS_DH_RSA_WITH_AES_128_CBC_SHA256:
1096 case TLS_DHE_DSS_WITH_AES_128_CBC_SHA256:
1097 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:
1098 case TLS_DH_anon_WITH_AES_128_CBC_SHA:
1099 case TLS_DH_anon_WITH_AES_128_CBC_SHA256:
1100 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA:
1101 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:
1102 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA:
1103 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
1104 case TLS_ECDH_anon_WITH_AES_128_CBC_SHA:
1105 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256:
1106 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
1107 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256:
1108 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
1109 return SSL_CipherAlgorithmAES_128_CBC;
1110 case TLS_RSA_WITH_AES_256_CBC_SHA:
1111 case TLS_RSA_WITH_AES_256_CBC_SHA256:
1112 case TLS_DH_DSS_WITH_AES_256_CBC_SHA:
1113 case TLS_DH_RSA_WITH_AES_256_CBC_SHA:
1114 case TLS_DHE_DSS_WITH_AES_256_CBC_SHA:
1115 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA:
1116 case TLS_DH_DSS_WITH_AES_256_CBC_SHA256:
1117 case TLS_DH_RSA_WITH_AES_256_CBC_SHA256:
1118 case TLS_DHE_DSS_WITH_AES_256_CBC_SHA256:
1119 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
1120 case TLS_DH_anon_WITH_AES_256_CBC_SHA:
1121 case TLS_DH_anon_WITH_AES_256_CBC_SHA256:
1122 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA:
1123 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
1124 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA:
1125 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
1126 case TLS_ECDH_anon_WITH_AES_256_CBC_SHA:
1127 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384:
1128 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384:
1129 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:
1130 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384:
1131 return SSL_CipherAlgorithmAES_256_CBC;
1132 case TLS_RSA_WITH_AES_128_GCM_SHA256:
1133 case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
1134 case TLS_DH_RSA_WITH_AES_128_GCM_SHA256:
1135 case TLS_DHE_DSS_WITH_AES_128_GCM_SHA256:
1136 case TLS_DH_DSS_WITH_AES_128_GCM_SHA256:
1137 case TLS_DH_anon_WITH_AES_128_GCM_SHA256:
1138 case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
1139 case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256:
1140 case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
1141 case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256:
1142 return SSL_CipherAlgorithmAES_128_GCM;
1143 case TLS_RSA_WITH_AES_256_GCM_SHA384:
1144 case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:
1145 case TLS_DH_RSA_WITH_AES_256_GCM_SHA384:
1146 case TLS_DHE_DSS_WITH_AES_256_GCM_SHA384:
1147 case TLS_DH_DSS_WITH_AES_256_GCM_SHA384:
1148 case TLS_DH_anon_WITH_AES_256_GCM_SHA384:
1149 case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
1150 case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384:
1151 case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
1152 case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384:
1153 return SSL_CipherAlgorithmAES_256_GCM;
1154 default:
1155 return SSL_CipherAlgorithmNull;
1156 }
1157 }
1158
1159 /*
1160 * Given a valid ctx->validCipherSpecs array, calculate how many of those
1161 * cipherSpecs are *not* SSLv2 only, storing result in
1162 * ctx->numValidNonSSLv2Specs. ClientHello routines need this to set
1163 * up outgoing cipherSpecs arrays correctly.
1164 *
1165 * Also determines if any ECDSA/ECDH ciphers are enabled; we need to know
1166 * that when creating a hello message.
1167 */
1168 static void sslAnalyzeCipherSpecs(SSLContext *ctx)
1169 {
1170 unsigned dex;
1171 const SSLCipherSuite *cipherSuite;
1172
1173 #if ENABLE_SSLV2
1174 ctx->numValidNonSSLv2Suites = 0;
1175 #endif
1176 cipherSuite = &ctx->validCipherSuites[0];
1177 ctx->ecdsaEnable = false;
1178 for(dex=0; dex<ctx->numValidCipherSuites; dex++, cipherSuite++) {
1179 #if ENABLE_SSLV2
1180 if(!CIPHER_SPEC_IS_SSLv2(*cipherSuite)) {
1181 ctx->numValidNonSSLv2Suites++;
1182 }
1183 #endif
1184 switch(sslCipherSuiteGetKeyExchangeMethod(*cipherSuite)) {
1185 case SSL_ECDH_ECDSA:
1186 case SSL_ECDHE_ECDSA:
1187 case SSL_ECDH_RSA:
1188 case SSL_ECDHE_RSA:
1189 case SSL_ECDH_anon:
1190 ctx->ecdsaEnable = true;
1191 break;
1192 default:
1193 break;
1194 }
1195 }
1196 }
1197
1198 /*
1199 * Build ctx->validCipherSpecs as a copy of KnownCipherSpecs, assuming that
1200 * validCipherSpecs is currently not valid (i.e., SSLSetEnabledCiphers() has
1201 * not been called).
1202 */
1203 OSStatus sslBuildCipherSuiteArray(SSLContext *ctx)
1204 {
1205 size_t size;
1206 unsigned dex;
1207
1208 assert(ctx != NULL);
1209 assert(ctx->validCipherSuites == NULL);
1210
1211 ctx->numValidCipherSuites = CipherSuiteCount;
1212 size = CipherSuiteCount * sizeof(SSLCipherSpec);
1213 ctx->validCipherSuites = (SSLCipherSuite *)sslMalloc(size);
1214 if(ctx->validCipherSuites == NULL) {
1215 ctx->numValidCipherSuites = 0;
1216 return memFullErr;
1217 }
1218
1219 /*
1220 * Trim out inappropriate ciphers:
1221 * -- trim anonymous ciphers if !ctx->anonCipherEnable (default)
1222 * -- trim ECDSA ciphers for server side if appropriate
1223 * -- trim ECDSA ciphers if TLSv1 disable or SSLv2 enabled (since
1224 * we MUST do the Client Hello extensions to make these ciphers
1225 * work reliably)
1226 * -- trim 40 and 56-bit ciphers if !ctx->weakCipherEnable (default)
1227 * -- trim ciphers incompatible with our private key in server mode
1228 * -- trim RC4 ciphers if DTLSv1 enable
1229 */
1230 SSLCipherSuite *dst = ctx->validCipherSuites;
1231 const SSLCipherSuite *src = KnownCipherSuites;
1232
1233 bool trimECDSA = false;
1234 if((ctx->protocolSide == kSSLServerSide) && !SSL_ECDSA_SERVER) {
1235 trimECDSA = true;
1236 }
1237 if(ctx->minProtocolVersion == SSL_Version_2_0
1238 || ctx->maxProtocolVersion == SSL_Version_3_0) {
1239 /* We trim ECDSA cipher suites if SSL2 is enabled or
1240 The maximum allowed protocol is SSL3. Note that this
1241 won't trim ECDSA cipherspecs for DTLS which should be
1242 the right thing to do here. */
1243 trimECDSA = true;
1244 }
1245
1246 bool trimRC4 = ctx->isDTLS;
1247
1248 bool trimDHE = (ctx->protocolSide == kSSLServerSide) &&
1249 !ctx->dhParamsEncoded.length;
1250
1251 for(dex=0; dex<CipherSuiteCount; dex++) {
1252 KeyExchangeMethod kem = sslCipherSuiteGetKeyExchangeMethod(*src);
1253 const SSLSymmetricCipher *cipher = sslCipherSuiteGetSymmetricCipher(*src);
1254 SSLProtocolVersion minVersion = sslCipherSuiteGetMinSupportedTLSVersion(*src);
1255
1256 /* Trim according to supported versions */
1257 if(((ctx->isDTLS) && (minVersion>TLS_Version_1_1)) || /* DTLS is like TLS.1.1 */
1258 (minVersion > ctx->maxProtocolVersion))
1259 {
1260 ctx->numValidCipherSuites--;
1261 src++;
1262 continue;
1263 }
1264
1265 /* First skip ECDSA ciphers as appropriate */
1266 switch(kem) {
1267 case SSL_ECDH_ECDSA:
1268 case SSL_ECDHE_ECDSA:
1269 case SSL_ECDH_RSA:
1270 case SSL_ECDHE_RSA:
1271 case SSL_ECDH_anon:
1272 if(trimECDSA) {
1273 /* Skip this one */
1274 ctx->numValidCipherSuites--;
1275 src++;
1276 continue;
1277 }
1278 else {
1279 break;
1280 }
1281 default:
1282 break;
1283 }
1284
1285 if(!ctx->anonCipherEnable) {
1286 /* trim out the anonymous (and null-cipher) ciphers */
1287 if(cipher == &SSLCipherNull) {
1288 /* skip this one */
1289 ctx->numValidCipherSuites--;
1290 src++;
1291 continue;
1292 }
1293 switch(kem) {
1294 case SSL_DH_anon:
1295 case SSL_DH_anon_EXPORT:
1296 case SSL_ECDH_anon:
1297 /* skip this one */
1298 ctx->numValidCipherSuites--;
1299 src++;
1300 continue;
1301 default:
1302 break;
1303 }
1304 }
1305
1306 if (false
1307 /* trim out 40 and 56 bit ciphers (considered unsafe to use) */
1308 #if ENABLE_RC4
1309 || (cipher == &SSLCipherRC4_40)
1310 #endif
1311 #if ENABLE_RC2
1312 || (cipher == &SSLCipherRC2_40)
1313 #endif
1314 #if ENABLE_DES
1315 || (cipher == &SSLCipherDES_CBC)
1316 || (cipher == &SSLCipherDES40_CBC)
1317 #endif
1318 ) {
1319 /* skip this one */
1320 ctx->numValidCipherSuites--;
1321 src++;
1322 continue;
1323 }
1324
1325 if(ctx->protocolSide == kSSLServerSide && ctx->signingPrivKeyRef != NULL) {
1326 /* in server mode, trim out ciphers incompatible with our private key */
1327 SSLCipherSpec testCipherSpec = {
1328 .cipherSpec = *src,
1329 .keyExchangeMethod = kem,
1330 .cipher = cipher
1331 };
1332 if(sslVerifySelectedCipher(ctx, &testCipherSpec) != noErr) {
1333 /* skip this one */
1334 ctx->numValidCipherSuites--;
1335 src++;
1336 continue;
1337 }
1338 }
1339
1340 if (trimDHE) {
1341 switch(kem) {
1342 case SSL_DHE_DSS:
1343 case SSL_DHE_DSS_EXPORT:
1344 case SSL_DHE_RSA:
1345 case SSL_DHE_RSA_EXPORT:
1346 /* skip this one */
1347 ctx->numValidCipherSuites--;
1348 src++;
1349 continue;
1350 default:
1351 break;
1352 }
1353 }
1354
1355 if (trimRC4 && cipher && (cipher->keyAlg == kCCAlgorithmRC4)) {
1356 ctx->numValidCipherSuites--;
1357 src++;
1358 continue;
1359 }
1360
1361 /* This one is good to go */
1362 *dst++ = *src++;
1363 }
1364 sslAnalyzeCipherSpecs(ctx);
1365 return noErr;
1366 }
1367
1368 /*
1369 * Convert an array of SSLCipherSuites (which is always KnownCipherSpecs)
1370 * to an array of SSLCipherSuites.
1371 */
1372 static OSStatus
1373 cipherSuitesToCipherSuites(
1374 size_t numCipherSuites,
1375 const SSLCipherSuite *cipherSuites,
1376 SSLCipherSuite *ciphers, /* RETURNED */
1377 size_t *numCiphers) /* IN/OUT */
1378 {
1379 if(*numCiphers < numCipherSuites) {
1380 return errSSLBufferOverflow;
1381 }
1382 memcpy(ciphers, cipherSuites, numCipherSuites * sizeof(SSLCipherSuite));
1383 *numCiphers = numCipherSuites;
1384 return noErr;
1385 }
1386
1387 /***
1388 *** Publicly exported functions declared in SecureTransport.h
1389 ***/
1390
1391 /*
1392 * Determine number and values of all of the SSLCipherSuites we support.
1393 * Caller allocates output buffer for SSLGetSupportedCiphers() and passes in
1394 * its size in *numCiphers. If supplied buffer is too small, errSSLBufferOverflow
1395 * will be returned.
1396 */
1397 OSStatus
1398 SSLGetNumberSupportedCiphers (SSLContextRef ctx,
1399 size_t *numCiphers)
1400 {
1401 if((ctx == NULL) || (numCiphers == NULL)) {
1402 return paramErr;
1403 }
1404 *numCiphers = CipherSuiteCount;
1405 return noErr;
1406 }
1407
1408 OSStatus
1409 SSLGetSupportedCiphers (SSLContextRef ctx,
1410 SSLCipherSuite *ciphers, /* RETURNED */
1411 size_t *numCiphers) /* IN/OUT */
1412 {
1413 if((ctx == NULL) || (ciphers == NULL) || (numCiphers == NULL)) {
1414 return paramErr;
1415 }
1416 return cipherSuitesToCipherSuites(CipherSuiteCount,
1417 KnownCipherSuites,
1418 ciphers,
1419 numCiphers);
1420 }
1421
1422 /*
1423 * Specify a (typically) restricted set of SSLCipherSuites to be enabled by
1424 * the current SSLContext. Can only be called when no session is active. Default
1425 * set of enabled SSLCipherSuites is the same as the complete set of supported
1426 * SSLCipherSuites as obtained by SSLGetSupportedCiphers().
1427 */
1428 OSStatus
1429 SSLSetEnabledCiphers (SSLContextRef ctx,
1430 const SSLCipherSuite *ciphers,
1431 size_t numCiphers)
1432 {
1433 size_t size;
1434 unsigned callerDex;
1435 unsigned validDex;
1436 unsigned tableDex;
1437
1438 if((ctx == NULL) || (ciphers == NULL) || (numCiphers == 0)) {
1439 return paramErr;
1440 }
1441 if(sslIsSessionActive(ctx)) {
1442 /* can't do this with an active session */
1443 return badReqErr;
1444 }
1445 ctx->numValidCipherSuites = 0;
1446 size = numCiphers * sizeof(SSLCipherSuite);
1447 ctx->validCipherSuites = (SSLCipherSuite *)sslMalloc(size);
1448 if(ctx->validCipherSuites == NULL) {
1449 return memFullErr;
1450 }
1451
1452 /*
1453 * Run thru caller's specs, finding a matching SSLCipherSpec for each one.
1454 * If caller specifies one we don't know about, skip it.
1455 */
1456 for(callerDex=0, validDex=0; callerDex<numCiphers; callerDex++) {
1457 /* find matching CipherSpec in our known table */
1458 int foundOne = 0;
1459 for(tableDex=0; tableDex<CipherSuiteCount; tableDex++) {
1460 if(ciphers[callerDex] == KnownCipherSuites[tableDex]) {
1461 ctx->validCipherSuites[validDex++] = KnownCipherSuites[tableDex];
1462 ctx->numValidCipherSuites++;
1463 foundOne = 1;
1464 break;
1465 }
1466 }
1467 if(!foundOne) {
1468 /* caller specified one we don't implement */
1469 sslErrorLog("SSLSetEnabledCiphers: invalid cipher suite %04hX",
1470 ciphers[callerDex]);
1471 #if 0
1472 sslFree(ctx->validCipherSuites);
1473 ctx->validCipherSuites = NULL;
1474 ctx->numValidCipherSuites = 0;
1475 return errSSLBadCipherSuite;
1476 #endif
1477 }
1478 }
1479
1480 /* success */
1481 sslAnalyzeCipherSpecs(ctx);
1482 return noErr;
1483 }
1484
1485 /*
1486 * Determine number and values of all of the SSLCipherSuites currently enabled.
1487 * Caller allocates output buffer for SSLGetEnabledCiphers() and passes in
1488 * its size in *numCiphers. If supplied buffer is too small, errSSLBufferOverflow
1489 * will be returned.
1490 */
1491 OSStatus
1492 SSLGetNumberEnabledCiphers (SSLContextRef ctx,
1493 size_t *numCiphers)
1494 {
1495 if((ctx == NULL) || (numCiphers == NULL)) {
1496 return paramErr;
1497 }
1498 if(ctx->validCipherSuites == NULL) {
1499 /* hasn't been set; build default array temporarily */
1500 OSStatus status = sslBuildCipherSuiteArray(ctx);
1501 if(!status) {
1502 *numCiphers = ctx->numValidCipherSuites;
1503 /* put things back as we found them */
1504 sslFree(ctx->validCipherSuites);
1505 ctx->validCipherSuites = NULL;
1506 ctx->numValidCipherSuites = 0;
1507 } else {
1508 /* unable to build default array; use known cipher count */
1509 *numCiphers = CipherSuiteCount;
1510 }
1511 }
1512 else {
1513 /* caller set via SSLSetEnabledCiphers */
1514 *numCiphers = ctx->numValidCipherSuites;
1515 }
1516 return noErr;
1517 }
1518
1519 OSStatus
1520 SSLGetEnabledCiphers (SSLContextRef ctx,
1521 SSLCipherSuite *ciphers, /* RETURNED */
1522 size_t *numCiphers) /* IN/OUT */
1523 {
1524 if((ctx == NULL) || (ciphers == NULL) || (numCiphers == NULL)) {
1525 return paramErr;
1526 }
1527 if(ctx->validCipherSuites == NULL) {
1528 /* hasn't been set; build default array temporarily */
1529 OSStatus status = sslBuildCipherSuiteArray(ctx);
1530 if(!status) {
1531 status = cipherSuitesToCipherSuites(ctx->numValidCipherSuites,
1532 ctx->validCipherSuites,
1533 ciphers,
1534 numCiphers);
1535 /* put things back as we found them */
1536 sslFree(ctx->validCipherSuites);
1537 ctx->validCipherSuites = NULL;
1538 ctx->numValidCipherSuites = 0;
1539 } else {
1540 /* unable to build default array; use known cipher suite array */
1541 status = cipherSuitesToCipherSuites(CipherSuiteCount,
1542 KnownCipherSuites,
1543 ciphers,
1544 numCiphers);
1545 }
1546 return status;
1547 }
1548 else {
1549 /* use the ones specified in SSLSetEnabledCiphers() */
1550 return cipherSuitesToCipherSuites(ctx->numValidCipherSuites,
1551 ctx->validCipherSuites,
1552 ciphers,
1553 numCiphers);
1554 }
1555 }
1556
1557 /***
1558 *** End of publically exported functions declared in SecureTransport.h
1559 ***/
1560
1561 void InitCipherSpec(SSLContext *ctx)
1562 {
1563 SSLCipherSpec *dst = &ctx->selectedCipherSpec;
1564 dst->cipherSpec = ctx->selectedCipher;
1565 dst->cipher = sslCipherSuiteGetSymmetricCipher(ctx->selectedCipher);
1566 dst->isExportable = dst->cipher->secretKeySize < 6 ? Exportable : NotExportable;
1567 dst->keyExchangeMethod = sslCipherSuiteGetKeyExchangeMethod(ctx->selectedCipher);
1568 dst->macAlgorithm = sslCipherSuiteGetHashHmacReference(ctx->selectedCipher);
1569 };
1570
1571 OSStatus
1572 FindCipherSpec(SSLContext *ctx)
1573 {
1574 unsigned i;
1575
1576 assert(ctx != NULL);
1577 assert(ctx->validCipherSuites != NULL);
1578
1579 for (i=0; i<ctx->numValidCipherSuites; i++)
1580 {
1581 if (ctx->validCipherSuites[i] == ctx->selectedCipher) {
1582 InitCipherSpec(ctx);
1583 /* make sure we're configured to handle this one */
1584 return sslVerifySelectedCipher(ctx, &ctx->selectedCipherSpec);
1585 }
1586 }
1587 /* Not found */
1588 return errSSLNegotiation;
1589 }
mirror of Security