+++ /dev/null
-/*
- * Copyright (c) 1999-2001,2005-2012 Apple Inc. All Rights Reserved.
- *
- * @APPLE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this
- * file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_LICENSE_HEADER_END@
- */
-
-/*
- * cipherSpecs.c - SSLCipherSpec declarations
- */
-
-/* THIS FILE CONTAINS KERNEL CODE */
-
-#include "CipherSuite.h"
-#include "cipherSpecs.h"
-#include "sslTypes.h"
-
-/*
-
-cipher spec preferences from openssl. first column includes the dh anon
-cipher suites. second column is more interesting: default.
-
-seems to be:
-Asymmetric: DHE-RSA > DHE-DSS > RSA
-Symmetric : AES-256 > 3DES > AES-128 > RC4-128 > DES > DES40 > RC2-40 > RC4-40
-
-DH_anon w/ AES are preferred over DHE_RSA when enabled, all others at the bottom.
-
- 3a TLS_DH_anon_WITH_AES_256_CBC_SHA
- 39 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 1
- 38 TLS_DHE_DSS_WITH_AES_256_CBC_SHA 2
- 35 TLS_RSA_WITH_AES_256_CBC_SHA 3
- 34 TLS_DH_anon_WITH_AES_128_CBC_SHA
- 33 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 7
- 32 TLS_DHE_DSS_WITH_AES_128_CBC_SHA 8
- 2f TLS_RSA_WITH_AES_128_CBC_SHA 9
- 16 SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA 4
- 15 SSL_DHE_RSA_WITH_DES_CBC_SHA 12
- 14 SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA 15
- 13 SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA 5
- 12 SSL_DHE_DSS_WITH_DES_CBC_SHA 13
- 11 SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA 16
- 0a SSL_RSA_WITH_3DES_EDE_CBC_SHA 6
- 09 SSL_RSA_WITH_DES_CBC_SHA 14
- 08 SSL_RSA_EXPORT_WITH_DES40_CBC_SHA 17
- 06 SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 18
- 05 SSL_RSA_WITH_RC4_128_SHA 10
- 04 SSL_RSA_WITH_RC4_128_MD5 11
- 03 SSL_RSA_EXPORT_WITH_RC4_40_MD5 19
- 1b SSL_DH_anon_WITH_3DES_EDE_CBC_SHA
- 1a SSL_DH_anon_WITH_DES_CBC_SHA
- 19 SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA
- 18 SSL_DH_anon_WITH_RC4_128_MD5
- 17 SSL_DH_anon_EXPORT_WITH_RC4_40_MD5
-
- */
-
-KeyExchangeMethod sslCipherSuiteGetKeyExchangeMethod(SSLCipherSuite cipherSuite)
-{
- switch (cipherSuite) {
- case TLS_NULL_WITH_NULL_NULL:
- return SSL_NULL_auth;
-
- case SSL_RSA_WITH_RC2_CBC_MD5:
- case SSL_RSA_WITH_DES_CBC_MD5:
- case SSL_RSA_WITH_3DES_EDE_CBC_MD5:
- case TLS_RSA_WITH_NULL_MD5:
- case TLS_RSA_WITH_NULL_SHA:
- case TLS_RSA_WITH_RC4_128_MD5:
- case TLS_RSA_WITH_RC4_128_SHA:
- case SSL_RSA_WITH_IDEA_CBC_SHA:
- case SSL_RSA_WITH_DES_CBC_SHA:
- case TLS_RSA_WITH_3DES_EDE_CBC_SHA:
- case TLS_RSA_WITH_AES_128_CBC_SHA:
- case TLS_RSA_WITH_AES_256_CBC_SHA:
- case TLS_RSA_WITH_NULL_SHA256:
- case TLS_RSA_WITH_AES_128_CBC_SHA256:
- case TLS_RSA_WITH_AES_256_CBC_SHA256:
- case TLS_RSA_WITH_AES_128_GCM_SHA256:
- case TLS_RSA_WITH_AES_256_GCM_SHA384:
- return SSL_RSA;
-
- case SSL_RSA_EXPORT_WITH_RC4_40_MD5:
- case SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5:
- case SSL_RSA_EXPORT_WITH_DES40_CBC_SHA:
- return SSL_RSA_EXPORT;
-
- case SSL_DH_DSS_WITH_DES_CBC_SHA:
- case TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA:
- case TLS_DH_DSS_WITH_AES_128_CBC_SHA:
- case TLS_DH_DSS_WITH_AES_256_CBC_SHA:
- case TLS_DH_DSS_WITH_AES_128_CBC_SHA256:
- case TLS_DH_DSS_WITH_AES_256_CBC_SHA256:
- case TLS_DH_DSS_WITH_AES_128_GCM_SHA256:
- case TLS_DH_DSS_WITH_AES_256_GCM_SHA384:
- return SSL_DH_DSS;
-
- case SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA:
- return SSL_DH_DSS_EXPORT;
-
- case SSL_DH_RSA_WITH_DES_CBC_SHA:
- case TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA:
- case TLS_DH_RSA_WITH_AES_128_CBC_SHA:
- case TLS_DH_RSA_WITH_AES_256_CBC_SHA:
- case TLS_DH_RSA_WITH_AES_128_CBC_SHA256:
- case TLS_DH_RSA_WITH_AES_256_CBC_SHA256:
- case TLS_DH_RSA_WITH_AES_128_GCM_SHA256:
- case TLS_DH_RSA_WITH_AES_256_GCM_SHA384:
- return SSL_DH_RSA;
-
- case SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA:
- return SSL_DH_RSA_EXPORT;
-
- case SSL_DHE_DSS_WITH_DES_CBC_SHA:
- case TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA:
- case TLS_DHE_DSS_WITH_AES_128_CBC_SHA:
- case TLS_DHE_DSS_WITH_AES_256_CBC_SHA:
- case TLS_DHE_DSS_WITH_AES_128_CBC_SHA256:
- case TLS_DHE_DSS_WITH_AES_256_CBC_SHA256:
- case TLS_DHE_DSS_WITH_AES_128_GCM_SHA256:
- case TLS_DHE_DSS_WITH_AES_256_GCM_SHA384:
- return SSL_DHE_DSS;
-
- case SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA:
- return SSL_DHE_DSS_EXPORT;
-
- case SSL_DHE_RSA_WITH_DES_CBC_SHA:
- case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
- case TLS_DHE_RSA_WITH_AES_128_CBC_SHA:
- case TLS_DHE_RSA_WITH_AES_256_CBC_SHA:
- case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:
- case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
- case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
- case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:
- return SSL_DHE_RSA;
-
- case SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA:
- return SSL_DHE_RSA_EXPORT;
-
- case SSL_DH_anon_WITH_DES_CBC_SHA:
- case TLS_DH_anon_WITH_RC4_128_MD5:
- case TLS_DH_anon_WITH_3DES_EDE_CBC_SHA:
- case TLS_DH_anon_WITH_AES_128_CBC_SHA:
- case TLS_DH_anon_WITH_AES_256_CBC_SHA:
- case TLS_DH_anon_WITH_AES_128_CBC_SHA256:
- case TLS_DH_anon_WITH_AES_256_CBC_SHA256:
- case TLS_DH_anon_WITH_AES_128_GCM_SHA256:
- case TLS_DH_anon_WITH_AES_256_GCM_SHA384:
- return SSL_DH_anon;
-
- case SSL_DH_anon_EXPORT_WITH_RC4_40_MD5:
- case SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA:
- return SSL_DH_anon_EXPORT;
-
- case SSL_FORTEZZA_DMS_WITH_NULL_SHA:
- case SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA:
- return SSL_Fortezza;
-
- case TLS_ECDHE_ECDSA_WITH_NULL_SHA:
- case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA:
- case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA:
- case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:
- case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
- case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
- case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384:
- case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
- case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
- return SSL_ECDHE_ECDSA;
-
- case TLS_ECDH_ECDSA_WITH_NULL_SHA:
- case TLS_ECDH_ECDSA_WITH_RC4_128_SHA:
- case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA:
- case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA:
- case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA:
- case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256:
- case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384:
- case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256:
- case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384:
- return SSL_ECDH_ECDSA;
-
- case TLS_ECDHE_RSA_WITH_NULL_SHA:
- case TLS_ECDHE_RSA_WITH_RC4_128_SHA:
- case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:
- case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
- case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
- case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
- case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:
- case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
- case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
- return SSL_ECDHE_RSA;
-
- case TLS_ECDH_RSA_WITH_NULL_SHA:
- case TLS_ECDH_RSA_WITH_RC4_128_SHA:
- case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA:
- case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA:
- case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA:
- case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256:
- case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384:
- case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256:
- case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384:
- return SSL_ECDH_RSA;
-
- case TLS_ECDH_anon_WITH_NULL_SHA:
- case TLS_ECDH_anon_WITH_RC4_128_SHA:
- case TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA:
- case TLS_ECDH_anon_WITH_AES_128_CBC_SHA:
- case TLS_ECDH_anon_WITH_AES_256_CBC_SHA:
- return SSL_ECDH_anon;
-
- case TLS_PSK_WITH_NULL_SHA:
- case TLS_PSK_WITH_RC4_128_SHA:
- case TLS_PSK_WITH_3DES_EDE_CBC_SHA:
- case TLS_PSK_WITH_AES_128_CBC_SHA:
- case TLS_PSK_WITH_AES_256_CBC_SHA:
- case TLS_PSK_WITH_AES_128_GCM_SHA256:
- case TLS_PSK_WITH_AES_256_GCM_SHA384:
- case TLS_PSK_WITH_AES_128_CBC_SHA256:
- case TLS_PSK_WITH_AES_256_CBC_SHA384:
- case TLS_PSK_WITH_NULL_SHA256:
- case TLS_PSK_WITH_NULL_SHA384:
- return TLS_PSK;
-
- case TLS_DHE_PSK_WITH_NULL_SHA:
- case TLS_DHE_PSK_WITH_RC4_128_SHA:
- case TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA:
- case TLS_DHE_PSK_WITH_AES_128_CBC_SHA:
- case TLS_DHE_PSK_WITH_AES_256_CBC_SHA:
- case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256:
- case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384:
- case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256:
- case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384:
- case TLS_DHE_PSK_WITH_NULL_SHA256:
- case TLS_DHE_PSK_WITH_NULL_SHA384:
- return TLS_DHE_PSK;
-
- case TLS_RSA_PSK_WITH_NULL_SHA:
- case TLS_RSA_PSK_WITH_RC4_128_SHA:
- case TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA:
- case TLS_RSA_PSK_WITH_AES_128_CBC_SHA:
- case TLS_RSA_PSK_WITH_AES_256_CBC_SHA:
- case TLS_RSA_PSK_WITH_AES_128_GCM_SHA256:
- case TLS_RSA_PSK_WITH_AES_256_GCM_SHA384:
- case TLS_RSA_PSK_WITH_AES_128_CBC_SHA256:
- case TLS_RSA_PSK_WITH_AES_256_CBC_SHA384:
- case TLS_RSA_PSK_WITH_NULL_SHA256:
- case TLS_RSA_PSK_WITH_NULL_SHA384:
- return TLS_RSA_PSK;
-
- default:
- return SSL_NULL_auth;
- }
-}
-
-#if 0
-static SSL_SignatureAlgorithm sslCipherSuiteGetSignatureAlgorithm(SSLCipherSuite cipherSuite) {
- switch (sslCipherSuiteGetKeyExchangeMethod(cipherSuite)) {
- case SSL_NULL_auth:
- return SSL_SignatureAlgorithmAnonymous;
- case SSL_RSA:
- case SSL_RSA_EXPORT:
- case SSL_DH_RSA:
- case SSL_DH_RSA_EXPORT:
- case SSL_DHE_RSA:
- case SSL_DHE_RSA_EXPORT:
- case SSL_ECDHE_RSA:
- case SSL_ECDH_RSA:
- return SSL_SignatureAlgorithmRSA;
- case SSL_DH_DSS:
- case SSL_DH_DSS_EXPORT:
- case SSL_DHE_DSS:
- case SSL_DHE_DSS_EXPORT:
- return SSL_SignatureAlgorithmDSA;
- case SSL_DH_anon:
- case SSL_DH_anon_EXPORT:
- return SSL_SignatureAlgorithmAnonymous;
- case SSL_ECDHE_ECDSA:
- case SSL_ECDH_ECDSA:
- return SSL_SignatureAlgorithmECDSA;
- default:
- return SSL_SignatureAlgorithmAnonymous;
- }
-}
-#endif
-
-#if 0
-static SSLProtocolVersion sslCipherSuiteGetMinSupportedTLSVersion(SSLCipherSuite cipherSuite) {
- switch (cipherSuite) {
- case SSL_RSA_EXPORT_WITH_RC4_40_MD5:
- case SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5:
- case SSL_RSA_WITH_IDEA_CBC_SHA:
- case SSL_RSA_EXPORT_WITH_DES40_CBC_SHA:
- case SSL_RSA_WITH_DES_CBC_SHA:
- case SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA:
- case SSL_DH_DSS_WITH_DES_CBC_SHA:
- case SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA:
- case SSL_DH_RSA_WITH_DES_CBC_SHA:
- case SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA:
- case SSL_DHE_DSS_WITH_DES_CBC_SHA:
- case SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA:
- case SSL_DHE_RSA_WITH_DES_CBC_SHA:
- case SSL_DH_anon_EXPORT_WITH_RC4_40_MD5:
- case SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA:
- case SSL_DH_anon_WITH_DES_CBC_SHA:
- case SSL_FORTEZZA_DMS_WITH_NULL_SHA:
- case SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA:
- case TLS_NULL_WITH_NULL_NULL:
- case TLS_RSA_WITH_NULL_MD5:
- case TLS_RSA_WITH_NULL_SHA:
- case TLS_RSA_WITH_RC4_128_MD5:
- case TLS_RSA_WITH_RC4_128_SHA:
- case TLS_RSA_WITH_3DES_EDE_CBC_SHA:
- case TLS_RSA_WITH_AES_128_CBC_SHA:
- case TLS_RSA_WITH_AES_256_CBC_SHA:
- case TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA:
- case TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA:
- case TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA:
- case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
- case TLS_DH_DSS_WITH_AES_128_CBC_SHA:
- case TLS_DH_RSA_WITH_AES_128_CBC_SHA:
- case TLS_DHE_DSS_WITH_AES_128_CBC_SHA:
- case TLS_DHE_RSA_WITH_AES_128_CBC_SHA:
- case TLS_DH_DSS_WITH_AES_256_CBC_SHA:
- case TLS_DH_RSA_WITH_AES_256_CBC_SHA:
- case TLS_DHE_DSS_WITH_AES_256_CBC_SHA:
- case TLS_DHE_RSA_WITH_AES_256_CBC_SHA:
- case TLS_DH_anon_WITH_RC4_128_MD5:
- case TLS_DH_anon_WITH_3DES_EDE_CBC_SHA:
- case TLS_DH_anon_WITH_AES_128_CBC_SHA:
- case TLS_DH_anon_WITH_AES_256_CBC_SHA:
- return SSL_Version_3_0;
-
- case TLS_ECDH_ECDSA_WITH_NULL_SHA:
- case TLS_ECDH_ECDSA_WITH_RC4_128_SHA:
- case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA:
- case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA:
- case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA:
- case TLS_ECDHE_ECDSA_WITH_NULL_SHA:
- case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA:
- case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA:
- case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:
- case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
- case TLS_ECDH_RSA_WITH_NULL_SHA:
- case TLS_ECDH_RSA_WITH_RC4_128_SHA:
- case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA:
- case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA:
- case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA:
- case TLS_ECDHE_RSA_WITH_NULL_SHA:
- case TLS_ECDHE_RSA_WITH_RC4_128_SHA:
- case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:
- case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
- case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
- case TLS_ECDH_anon_WITH_NULL_SHA:
- case TLS_ECDH_anon_WITH_RC4_128_SHA:
- case TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA:
- case TLS_ECDH_anon_WITH_AES_128_CBC_SHA:
- case TLS_ECDH_anon_WITH_AES_256_CBC_SHA:
- return TLS_Version_1_0;
-
- case TLS_RSA_WITH_NULL_SHA256:
- case TLS_RSA_WITH_AES_128_CBC_SHA256:
- case TLS_RSA_WITH_AES_256_CBC_SHA256:
- case TLS_DH_DSS_WITH_AES_128_CBC_SHA256:
- case TLS_DH_RSA_WITH_AES_128_CBC_SHA256:
- case TLS_DHE_DSS_WITH_AES_128_CBC_SHA256:
- case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:
- case TLS_DH_DSS_WITH_AES_256_CBC_SHA256:
- case TLS_DH_RSA_WITH_AES_256_CBC_SHA256:
- case TLS_DHE_DSS_WITH_AES_256_CBC_SHA256:
- case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
- case TLS_DH_anon_WITH_AES_128_CBC_SHA256:
- case TLS_DH_anon_WITH_AES_256_CBC_SHA256:
- case TLS_RSA_WITH_AES_128_GCM_SHA256:
- case TLS_RSA_WITH_AES_256_GCM_SHA384:
- case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
- case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:
- case TLS_DH_RSA_WITH_AES_128_GCM_SHA256:
- case TLS_DH_RSA_WITH_AES_256_GCM_SHA384:
- case TLS_DHE_DSS_WITH_AES_128_GCM_SHA256:
- case TLS_DHE_DSS_WITH_AES_256_GCM_SHA384:
- case TLS_DH_DSS_WITH_AES_128_GCM_SHA256:
- case TLS_DH_DSS_WITH_AES_256_GCM_SHA384:
- case TLS_DH_anon_WITH_AES_128_GCM_SHA256:
- case TLS_DH_anon_WITH_AES_256_GCM_SHA384:
- case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
- case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384:
- case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256:
- case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384:
- case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
- case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:
- case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256:
- case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384:
- case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
- case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
- case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256:
- case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384:
- case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
- case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
- case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256:
- case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384:
- return TLS_Version_1_2;
- default:
- return TLS_Version_1_2;
- }
-}
-#endif
-
-HMAC_Algs sslCipherSuiteGetMacAlgorithm(SSLCipherSuite cipherSuite) {
- switch (cipherSuite) {
- case TLS_NULL_WITH_NULL_NULL:
- return HA_Null;
- case SSL_RSA_WITH_RC2_CBC_MD5:
- case SSL_RSA_WITH_DES_CBC_MD5:
- case SSL_RSA_WITH_3DES_EDE_CBC_MD5:
- case TLS_RSA_WITH_NULL_MD5:
- case SSL_RSA_EXPORT_WITH_RC4_40_MD5:
- case SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5:
- case TLS_RSA_WITH_RC4_128_MD5:
- case SSL_DH_anon_EXPORT_WITH_RC4_40_MD5:
- case TLS_DH_anon_WITH_RC4_128_MD5:
- return HA_MD5;
- case TLS_RSA_WITH_NULL_SHA:
- case SSL_RSA_WITH_IDEA_CBC_SHA:
- case SSL_RSA_EXPORT_WITH_DES40_CBC_SHA:
- case SSL_RSA_WITH_DES_CBC_SHA:
- case SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA:
- case SSL_DH_DSS_WITH_DES_CBC_SHA:
- case SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA:
- case SSL_DH_RSA_WITH_DES_CBC_SHA:
- case SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA:
- case SSL_DHE_DSS_WITH_DES_CBC_SHA:
- case SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA:
- case SSL_DHE_RSA_WITH_DES_CBC_SHA:
- case SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA:
- case SSL_DH_anon_WITH_DES_CBC_SHA:
- case SSL_FORTEZZA_DMS_WITH_NULL_SHA:
- case SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA:
- case TLS_RSA_WITH_RC4_128_SHA:
- case TLS_RSA_WITH_3DES_EDE_CBC_SHA:
- case TLS_RSA_WITH_AES_128_CBC_SHA:
- case TLS_RSA_WITH_AES_256_CBC_SHA:
- case TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA:
- case TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA:
- case TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA:
- case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
- case TLS_DH_DSS_WITH_AES_128_CBC_SHA:
- case TLS_DH_RSA_WITH_AES_128_CBC_SHA:
- case TLS_DHE_DSS_WITH_AES_128_CBC_SHA:
- case TLS_DHE_RSA_WITH_AES_128_CBC_SHA:
- case TLS_DH_DSS_WITH_AES_256_CBC_SHA:
- case TLS_DH_RSA_WITH_AES_256_CBC_SHA:
- case TLS_DHE_DSS_WITH_AES_256_CBC_SHA:
- case TLS_DHE_RSA_WITH_AES_256_CBC_SHA:
- case TLS_DH_anon_WITH_3DES_EDE_CBC_SHA:
- case TLS_DH_anon_WITH_AES_128_CBC_SHA:
- case TLS_DH_anon_WITH_AES_256_CBC_SHA:
- case TLS_ECDH_ECDSA_WITH_NULL_SHA:
- case TLS_ECDH_ECDSA_WITH_RC4_128_SHA:
- case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA:
- case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA:
- case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA:
- case TLS_ECDHE_ECDSA_WITH_NULL_SHA:
- case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA:
- case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA:
- case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:
- case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
- case TLS_ECDH_RSA_WITH_NULL_SHA:
- case TLS_ECDH_RSA_WITH_RC4_128_SHA:
- case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA:
- case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA:
- case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA:
- case TLS_ECDHE_RSA_WITH_NULL_SHA:
- case TLS_ECDHE_RSA_WITH_RC4_128_SHA:
- case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:
- case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
- case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
- case TLS_ECDH_anon_WITH_NULL_SHA:
- case TLS_ECDH_anon_WITH_RC4_128_SHA:
- case TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA:
- case TLS_ECDH_anon_WITH_AES_128_CBC_SHA:
- case TLS_ECDH_anon_WITH_AES_256_CBC_SHA:
- case TLS_PSK_WITH_NULL_SHA:
- case TLS_PSK_WITH_RC4_128_SHA:
- case TLS_PSK_WITH_3DES_EDE_CBC_SHA:
- case TLS_PSK_WITH_AES_128_CBC_SHA:
- case TLS_PSK_WITH_AES_256_CBC_SHA:
- case TLS_DHE_PSK_WITH_NULL_SHA:
- case TLS_DHE_PSK_WITH_RC4_128_SHA:
- case TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA:
- case TLS_DHE_PSK_WITH_AES_128_CBC_SHA:
- case TLS_DHE_PSK_WITH_AES_256_CBC_SHA:
- case TLS_RSA_PSK_WITH_NULL_SHA:
- case TLS_RSA_PSK_WITH_RC4_128_SHA:
- case TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA:
- case TLS_RSA_PSK_WITH_AES_128_CBC_SHA:
- case TLS_RSA_PSK_WITH_AES_256_CBC_SHA:
- return HA_SHA1;
- case TLS_RSA_WITH_NULL_SHA256:
- case TLS_RSA_WITH_AES_128_CBC_SHA256:
- case TLS_RSA_WITH_AES_256_CBC_SHA256:
- case TLS_DH_DSS_WITH_AES_128_CBC_SHA256:
- case TLS_DH_RSA_WITH_AES_128_CBC_SHA256:
- case TLS_DHE_DSS_WITH_AES_128_CBC_SHA256:
- case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:
- case TLS_DH_DSS_WITH_AES_256_CBC_SHA256:
- case TLS_DH_RSA_WITH_AES_256_CBC_SHA256:
- case TLS_DHE_DSS_WITH_AES_256_CBC_SHA256:
- case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
- case TLS_DH_anon_WITH_AES_128_CBC_SHA256:
- case TLS_DH_anon_WITH_AES_256_CBC_SHA256:
- case TLS_RSA_WITH_AES_128_GCM_SHA256:
- case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
- case TLS_DH_RSA_WITH_AES_128_GCM_SHA256:
- case TLS_DHE_DSS_WITH_AES_128_GCM_SHA256:
- case TLS_DH_DSS_WITH_AES_128_GCM_SHA256:
- case TLS_DH_anon_WITH_AES_128_GCM_SHA256:
- case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
- case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256:
- case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
- case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256:
- case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
- case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256:
- case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
- case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256:
- case TLS_PSK_WITH_AES_128_GCM_SHA256:
- case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256:
- case TLS_RSA_PSK_WITH_AES_128_GCM_SHA256:
- case TLS_PSK_WITH_AES_128_CBC_SHA256:
- case TLS_PSK_WITH_NULL_SHA256:
- case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256:
- case TLS_DHE_PSK_WITH_NULL_SHA256:
- case TLS_RSA_PSK_WITH_AES_128_CBC_SHA256:
- case TLS_RSA_PSK_WITH_NULL_SHA256:
- return HA_SHA256;
- case TLS_RSA_WITH_AES_256_GCM_SHA384:
- case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:
- case TLS_DH_RSA_WITH_AES_256_GCM_SHA384:
- case TLS_DHE_DSS_WITH_AES_256_GCM_SHA384:
- case TLS_DH_DSS_WITH_AES_256_GCM_SHA384:
- case TLS_DH_anon_WITH_AES_256_GCM_SHA384:
- case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384:
- case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384:
- case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:
- case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384:
- case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
- case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384:
- case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
- case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384:
- case TLS_PSK_WITH_AES_256_GCM_SHA384:
- case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384:
- case TLS_RSA_PSK_WITH_AES_256_GCM_SHA384:
- case TLS_PSK_WITH_AES_256_CBC_SHA384:
- case TLS_PSK_WITH_NULL_SHA384:
- case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384:
- case TLS_DHE_PSK_WITH_NULL_SHA384:
- case TLS_RSA_PSK_WITH_AES_256_CBC_SHA384:
- case TLS_RSA_PSK_WITH_NULL_SHA384:
- return HA_SHA384;
- default:
- return HA_Null;
- }
-}
-
-uint8_t sslCipherSuiteGetMacSize(SSLCipherSuite cipherSuite) {
- switch (sslCipherSuiteGetMacAlgorithm(cipherSuite)) {
- case HA_Null:
- return 0;
- case HA_MD5:
- return 16;
- case HA_SHA1:
- return 20;
- case HA_SHA256:
- return 32;
- case HA_SHA384:
- return 48;
- default:
- return 0;
- }
-}
-
-SSL_CipherAlgorithm sslCipherSuiteGetSymmetricCipherAlgorithm(SSLCipherSuite cipherSuite) {
- switch (cipherSuite) {
- case TLS_NULL_WITH_NULL_NULL:
- case TLS_RSA_WITH_NULL_MD5:
- case TLS_RSA_WITH_NULL_SHA:
- case TLS_RSA_WITH_NULL_SHA256:
- case SSL_FORTEZZA_DMS_WITH_NULL_SHA:
- case TLS_ECDH_ECDSA_WITH_NULL_SHA:
- case TLS_ECDHE_ECDSA_WITH_NULL_SHA:
- case TLS_ECDH_RSA_WITH_NULL_SHA:
- case TLS_ECDHE_RSA_WITH_NULL_SHA:
- case TLS_ECDH_anon_WITH_NULL_SHA:
- case TLS_PSK_WITH_NULL_SHA:
- case TLS_DHE_PSK_WITH_NULL_SHA:
- case TLS_RSA_PSK_WITH_NULL_SHA:
- case TLS_PSK_WITH_NULL_SHA256:
- case TLS_PSK_WITH_NULL_SHA384:
- case TLS_DHE_PSK_WITH_NULL_SHA256:
- case TLS_DHE_PSK_WITH_NULL_SHA384:
- case TLS_RSA_PSK_WITH_NULL_SHA256:
- case TLS_RSA_PSK_WITH_NULL_SHA384:
- return SSL_CipherAlgorithmNull;
- case SSL_RSA_WITH_RC2_CBC_MD5:
- return SSL_CipherAlgorithmRC2_128;
- case SSL_RSA_WITH_DES_CBC_MD5:
- case SSL_RSA_WITH_DES_CBC_SHA:
- case SSL_DH_DSS_WITH_DES_CBC_SHA:
- case SSL_DH_RSA_WITH_DES_CBC_SHA:
- case SSL_DHE_DSS_WITH_DES_CBC_SHA:
- case SSL_DHE_RSA_WITH_DES_CBC_SHA:
- case SSL_DH_anon_WITH_DES_CBC_SHA:
- return SSL_CipherAlgorithmDES_CBC;
- case TLS_RSA_WITH_RC4_128_MD5:
- case TLS_RSA_WITH_RC4_128_SHA:
- case TLS_DH_anon_WITH_RC4_128_MD5:
- case TLS_ECDH_ECDSA_WITH_RC4_128_SHA:
- case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA:
- case TLS_ECDH_RSA_WITH_RC4_128_SHA:
- case TLS_ECDHE_RSA_WITH_RC4_128_SHA:
- case TLS_ECDH_anon_WITH_RC4_128_SHA:
- case TLS_PSK_WITH_RC4_128_SHA:
- case TLS_DHE_PSK_WITH_RC4_128_SHA:
- case TLS_RSA_PSK_WITH_RC4_128_SHA:
- return SSL_CipherAlgorithmRC4_128;
- case SSL_RSA_WITH_3DES_EDE_CBC_MD5:
- case TLS_RSA_WITH_3DES_EDE_CBC_SHA:
- case TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA:
- case TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA:
- case TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA:
- case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
- case TLS_DH_anon_WITH_3DES_EDE_CBC_SHA:
- case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA:
- case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA:
- case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA:
- case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:
- case TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA:
- case TLS_PSK_WITH_3DES_EDE_CBC_SHA:
- case TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA:
- case TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA:
- return SSL_CipherAlgorithm3DES_CBC;
- case TLS_RSA_WITH_AES_128_CBC_SHA:
- case TLS_RSA_WITH_AES_128_CBC_SHA256:
- case TLS_DH_DSS_WITH_AES_128_CBC_SHA:
- case TLS_DH_RSA_WITH_AES_128_CBC_SHA:
- case TLS_DHE_DSS_WITH_AES_128_CBC_SHA:
- case TLS_DHE_RSA_WITH_AES_128_CBC_SHA:
- case TLS_DH_DSS_WITH_AES_128_CBC_SHA256:
- case TLS_DH_RSA_WITH_AES_128_CBC_SHA256:
- case TLS_DHE_DSS_WITH_AES_128_CBC_SHA256:
- case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:
- case TLS_DH_anon_WITH_AES_128_CBC_SHA:
- case TLS_DH_anon_WITH_AES_128_CBC_SHA256:
- case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA:
- case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:
- case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA:
- case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
- case TLS_ECDH_anon_WITH_AES_128_CBC_SHA:
- case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256:
- case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
- case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256:
- case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
- case TLS_PSK_WITH_AES_128_CBC_SHA:
- case TLS_DHE_PSK_WITH_AES_128_CBC_SHA:
- case TLS_RSA_PSK_WITH_AES_128_CBC_SHA:
- case TLS_PSK_WITH_AES_128_CBC_SHA256:
- case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256:
- case TLS_RSA_PSK_WITH_AES_128_CBC_SHA256:
- return SSL_CipherAlgorithmAES_128_CBC;
- case TLS_RSA_WITH_AES_256_CBC_SHA:
- case TLS_RSA_WITH_AES_256_CBC_SHA256:
- case TLS_DH_DSS_WITH_AES_256_CBC_SHA:
- case TLS_DH_RSA_WITH_AES_256_CBC_SHA:
- case TLS_DHE_DSS_WITH_AES_256_CBC_SHA:
- case TLS_DHE_RSA_WITH_AES_256_CBC_SHA:
- case TLS_DH_DSS_WITH_AES_256_CBC_SHA256:
- case TLS_DH_RSA_WITH_AES_256_CBC_SHA256:
- case TLS_DHE_DSS_WITH_AES_256_CBC_SHA256:
- case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
- case TLS_DH_anon_WITH_AES_256_CBC_SHA:
- case TLS_DH_anon_WITH_AES_256_CBC_SHA256:
- case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA:
- case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
- case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA:
- case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
- case TLS_ECDH_anon_WITH_AES_256_CBC_SHA:
- case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384:
- case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384:
- case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:
- case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384:
- case TLS_PSK_WITH_AES_256_CBC_SHA:
- case TLS_DHE_PSK_WITH_AES_256_CBC_SHA:
- case TLS_RSA_PSK_WITH_AES_256_CBC_SHA:
- case TLS_PSK_WITH_AES_256_CBC_SHA384:
- case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384:
- case TLS_RSA_PSK_WITH_AES_256_CBC_SHA384:
- return SSL_CipherAlgorithmAES_256_CBC;
- case TLS_RSA_WITH_AES_128_GCM_SHA256:
- case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
- case TLS_DH_RSA_WITH_AES_128_GCM_SHA256:
- case TLS_DHE_DSS_WITH_AES_128_GCM_SHA256:
- case TLS_DH_DSS_WITH_AES_128_GCM_SHA256:
- case TLS_DH_anon_WITH_AES_128_GCM_SHA256:
- case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
- case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256:
- case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
- case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256:
- case TLS_PSK_WITH_AES_128_GCM_SHA256:
- case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256:
- case TLS_RSA_PSK_WITH_AES_128_GCM_SHA256:
- return SSL_CipherAlgorithmAES_128_GCM;
- case TLS_RSA_WITH_AES_256_GCM_SHA384:
- case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:
- case TLS_DH_RSA_WITH_AES_256_GCM_SHA384:
- case TLS_DHE_DSS_WITH_AES_256_GCM_SHA384:
- case TLS_DH_DSS_WITH_AES_256_GCM_SHA384:
- case TLS_DH_anon_WITH_AES_256_GCM_SHA384:
- case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
- case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384:
- case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
- case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384:
- case TLS_PSK_WITH_AES_256_GCM_SHA384:
- case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384:
- case TLS_RSA_PSK_WITH_AES_256_GCM_SHA384:
- return SSL_CipherAlgorithmAES_256_GCM;
- default:
- return SSL_CipherAlgorithmNull;
- }
-}
-
-uint8_t sslCipherSuiteGetSymmetricCipherKeySize(SSLCipherSuite cipherSuite) {
- SSL_CipherAlgorithm alg = sslCipherSuiteGetSymmetricCipherAlgorithm(cipherSuite);
-
- switch (alg) {
- case SSL_CipherAlgorithmNull:
- return 0;
- case SSL_CipherAlgorithmDES_CBC:
- return 8;
- case SSL_CipherAlgorithmRC2_128:
- case SSL_CipherAlgorithmRC4_128:
- case SSL_CipherAlgorithmAES_128_CBC:
- case SSL_CipherAlgorithmAES_128_GCM:
- return 16;
- case SSL_CipherAlgorithm3DES_CBC:
- return 24;
- case SSL_CipherAlgorithmAES_256_CBC:
- case SSL_CipherAlgorithmAES_256_GCM:
- return 32;
- default:
- return 0;
- }
-}
-
-
-/* Same function for block and iv size */
-uint8_t sslCipherSuiteGetSymmetricCipherBlockIvSize(SSLCipherSuite cipherSuite) {
- SSL_CipherAlgorithm alg = sslCipherSuiteGetSymmetricCipherAlgorithm(cipherSuite);
-
- switch (alg) {
- case SSL_CipherAlgorithmNull:
- case SSL_CipherAlgorithmRC4_128:
- return 0;
- case SSL_CipherAlgorithmDES_CBC:
- case SSL_CipherAlgorithm3DES_CBC:
- case SSL_CipherAlgorithmRC2_128:
- return 8;
- case SSL_CipherAlgorithmAES_128_CBC:
- case SSL_CipherAlgorithmAES_128_GCM:
- case SSL_CipherAlgorithmAES_256_CBC:
- case SSL_CipherAlgorithmAES_256_GCM:
- return 16;
- default:
- return 0;
- }
-}
-
projects / apple / security.git / blobdiff