Botan
1.10.17
src
ssl
tls_suites.cpp
Go to the documentation of this file.
1
/*
2
* TLS Cipher Suites
3
* (C) 2004-2010 Jack Lloyd
4
*
5
* Released under the terms of the Botan license
6
*/
7
8
#include <botan/tls_suites.h>
9
#include <botan/tls_exceptn.h>
10
11
namespace
Botan
{
12
13
/**
14
* Convert an SSL/TLS ciphersuite to algorithm fields
15
*/
16
TLS_Ciphersuite_Algos
CipherSuite::lookup_ciphersuite
(
u16bit
suite)
17
{
18
if
(suite ==
TLS_RSA_WITH_RC4_128_MD5
)
19
return
TLS_Ciphersuite_Algos
(
TLS_ALGO_SIGNER_RSA
|
20
TLS_ALGO_KEYEXCH_NOKEX
|
21
TLS_ALGO_MAC_MD5
|
22
TLS_ALGO_CIPHER_RC4_128
);
23
24
if
(suite ==
TLS_RSA_WITH_RC4_128_SHA
)
25
return
TLS_Ciphersuite_Algos
(
TLS_ALGO_SIGNER_RSA
|
26
TLS_ALGO_KEYEXCH_NOKEX
|
27
TLS_ALGO_MAC_SHA1
|
28
TLS_ALGO_CIPHER_RC4_128
);
29
30
if
(suite ==
TLS_RSA_WITH_3DES_EDE_CBC_SHA
)
31
return
TLS_Ciphersuite_Algos
(
TLS_ALGO_SIGNER_RSA
|
32
TLS_ALGO_KEYEXCH_NOKEX
|
33
TLS_ALGO_MAC_SHA1
|
34
TLS_ALGO_CIPHER_3DES_CBC
);
35
36
if
(suite ==
TLS_RSA_WITH_AES_128_CBC_SHA
)
37
return
TLS_Ciphersuite_Algos
(
TLS_ALGO_SIGNER_RSA
|
38
TLS_ALGO_KEYEXCH_NOKEX
|
39
TLS_ALGO_MAC_SHA1
|
40
TLS_ALGO_CIPHER_AES128_CBC
);
41
42
if
(suite ==
TLS_RSA_WITH_AES_256_CBC_SHA
)
43
return
TLS_Ciphersuite_Algos
(
TLS_ALGO_SIGNER_RSA
|
44
TLS_ALGO_KEYEXCH_NOKEX
|
45
TLS_ALGO_MAC_SHA1
|
46
TLS_ALGO_CIPHER_AES256_CBC
);
47
48
if
(suite ==
TLS_RSA_WITH_SEED_CBC_SHA
)
49
return
TLS_Ciphersuite_Algos
(
TLS_ALGO_SIGNER_RSA
|
50
TLS_ALGO_KEYEXCH_NOKEX
|
51
TLS_ALGO_MAC_SHA1
|
52
TLS_ALGO_CIPHER_SEED_CBC
);
53
54
if
(suite ==
TLS_RSA_WITH_AES_128_CBC_SHA256
)
55
return
TLS_Ciphersuite_Algos
(
TLS_ALGO_SIGNER_RSA
|
56
TLS_ALGO_KEYEXCH_NOKEX
|
57
TLS_ALGO_MAC_SHA256
|
58
TLS_ALGO_CIPHER_AES128_CBC
);
59
60
if
(suite ==
TLS_RSA_WITH_AES_256_CBC_SHA256
)
61
return
TLS_Ciphersuite_Algos
(
TLS_ALGO_SIGNER_RSA
|
62
TLS_ALGO_KEYEXCH_NOKEX
|
63
TLS_ALGO_MAC_SHA256
|
64
TLS_ALGO_CIPHER_AES256_CBC
);
65
66
if
(suite ==
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
)
67
return
TLS_Ciphersuite_Algos
(
TLS_ALGO_SIGNER_DSA
|
68
TLS_ALGO_KEYEXCH_DH
|
69
TLS_ALGO_MAC_SHA1
|
70
TLS_ALGO_CIPHER_3DES_CBC
);
71
72
if
(suite ==
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
)
73
return
TLS_Ciphersuite_Algos
(
TLS_ALGO_SIGNER_DSA
|
74
TLS_ALGO_KEYEXCH_DH
|
75
TLS_ALGO_MAC_SHA1
|
76
TLS_ALGO_CIPHER_AES128_CBC
);
77
78
if
(suite ==
TLS_DHE_DSS_WITH_SEED_CBC_SHA
)
79
return
TLS_Ciphersuite_Algos
(
TLS_ALGO_SIGNER_DSA
|
80
TLS_ALGO_KEYEXCH_DH
|
81
TLS_ALGO_MAC_SHA1
|
82
TLS_ALGO_CIPHER_SEED_CBC
);
83
84
if
(suite ==
TLS_DHE_DSS_WITH_AES_256_CBC_SHA
)
85
return
TLS_Ciphersuite_Algos
(
TLS_ALGO_SIGNER_DSA
|
86
TLS_ALGO_KEYEXCH_DH
|
87
TLS_ALGO_MAC_SHA1
|
88
TLS_ALGO_CIPHER_AES256_CBC
);
89
90
if
(suite ==
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
)
91
return
TLS_Ciphersuite_Algos
(
TLS_ALGO_SIGNER_DSA
|
92
TLS_ALGO_KEYEXCH_DH
|
93
TLS_ALGO_MAC_SHA256
|
94
TLS_ALGO_CIPHER_AES128_CBC
);
95
96
if
(suite ==
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
)
97
return
TLS_Ciphersuite_Algos
(
TLS_ALGO_SIGNER_DSA
|
98
TLS_ALGO_KEYEXCH_DH
|
99
TLS_ALGO_MAC_SHA256
|
100
TLS_ALGO_CIPHER_AES256_CBC
);
101
102
if
(suite ==
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
)
103
return
TLS_Ciphersuite_Algos
(
TLS_ALGO_SIGNER_RSA
|
104
TLS_ALGO_KEYEXCH_DH
|
105
TLS_ALGO_MAC_SHA1
|
106
TLS_ALGO_CIPHER_3DES_CBC
);
107
108
if
(suite ==
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
)
109
return
TLS_Ciphersuite_Algos
(
TLS_ALGO_SIGNER_RSA
|
110
TLS_ALGO_KEYEXCH_DH
|
111
TLS_ALGO_MAC_SHA1
|
112
TLS_ALGO_CIPHER_AES128_CBC
);
113
114
if
(suite ==
TLS_DHE_DSS_WITH_SEED_CBC_SHA
)
115
return
TLS_Ciphersuite_Algos
(
TLS_ALGO_SIGNER_RSA
|
116
TLS_ALGO_KEYEXCH_DH
|
117
TLS_ALGO_MAC_SHA1
|
118
TLS_ALGO_CIPHER_SEED_CBC
);
119
120
if
(suite ==
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
)
121
return
TLS_Ciphersuite_Algos
(
TLS_ALGO_SIGNER_RSA
|
122
TLS_ALGO_KEYEXCH_DH
|
123
TLS_ALGO_MAC_SHA1
|
124
TLS_ALGO_CIPHER_AES256_CBC
);
125
126
if
(suite ==
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
)
127
return
TLS_Ciphersuite_Algos
(
TLS_ALGO_SIGNER_RSA
|
128
TLS_ALGO_KEYEXCH_DH
|
129
TLS_ALGO_MAC_SHA256
|
130
TLS_ALGO_CIPHER_AES128_CBC
);
131
132
if
(suite ==
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
)
133
return
TLS_Ciphersuite_Algos
(
TLS_ALGO_SIGNER_RSA
|
134
TLS_ALGO_KEYEXCH_DH
|
135
TLS_ALGO_MAC_SHA256
|
136
TLS_ALGO_CIPHER_AES256_CBC
);
137
138
if
(suite ==
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
)
139
return
TLS_Ciphersuite_Algos
(
TLS_ALGO_SIGNER_ECDSA
|
140
TLS_ALGO_KEYEXCH_ECDH
|
141
TLS_ALGO_MAC_SHA1
|
142
TLS_ALGO_CIPHER_RC4_128
);
143
144
if
(suite ==
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
)
145
return
TLS_Ciphersuite_Algos
(
TLS_ALGO_SIGNER_ECDSA
|
146
TLS_ALGO_KEYEXCH_ECDH
|
147
TLS_ALGO_MAC_SHA1
|
148
TLS_ALGO_CIPHER_3DES_CBC
);
149
150
if
(suite ==
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
)
151
return
TLS_Ciphersuite_Algos
(
TLS_ALGO_SIGNER_ECDSA
|
152
TLS_ALGO_KEYEXCH_ECDH
|
153
TLS_ALGO_MAC_SHA1
|
154
TLS_ALGO_CIPHER_AES128_CBC
);
155
156
if
(suite ==
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
)
157
return
TLS_Ciphersuite_Algos
(
TLS_ALGO_SIGNER_ECDSA
|
158
TLS_ALGO_KEYEXCH_ECDH
|
159
TLS_ALGO_MAC_SHA1
|
160
TLS_ALGO_CIPHER_AES256_CBC
);
161
162
if
(suite ==
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
)
163
return
TLS_Ciphersuite_Algos
(
TLS_ALGO_SIGNER_ECDSA
|
164
TLS_ALGO_KEYEXCH_ECDH
|
165
TLS_ALGO_MAC_SHA256
|
166
TLS_ALGO_CIPHER_AES128_CBC
);
167
168
if
(suite ==
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
)
169
return
TLS_Ciphersuite_Algos
(
TLS_ALGO_SIGNER_ECDSA
|
170
TLS_ALGO_KEYEXCH_ECDH
|
171
TLS_ALGO_MAC_SHA384
|
172
TLS_ALGO_CIPHER_AES256_CBC
);
173
174
if
(suite ==
TLS_ECDHE_RSA_WITH_RC4_128_SHA
)
175
return
TLS_Ciphersuite_Algos
(
TLS_ALGO_SIGNER_RSA
|
176
TLS_ALGO_KEYEXCH_ECDH
|
177
TLS_ALGO_MAC_SHA1
|
178
TLS_ALGO_CIPHER_RC4_128
);
179
180
if
(suite ==
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
)
181
return
TLS_Ciphersuite_Algos
(
TLS_ALGO_SIGNER_RSA
|
182
TLS_ALGO_KEYEXCH_ECDH
|
183
TLS_ALGO_MAC_SHA1
|
184
TLS_ALGO_CIPHER_3DES_CBC
);
185
186
if
(suite ==
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
)
187
return
TLS_Ciphersuite_Algos
(
TLS_ALGO_SIGNER_RSA
|
188
TLS_ALGO_KEYEXCH_ECDH
|
189
TLS_ALGO_MAC_SHA1
|
190
TLS_ALGO_CIPHER_AES128_CBC
);
191
192
if
(suite ==
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
)
193
return
TLS_Ciphersuite_Algos
(
TLS_ALGO_SIGNER_RSA
|
194
TLS_ALGO_KEYEXCH_ECDH
|
195
TLS_ALGO_MAC_SHA1
|
196
TLS_ALGO_CIPHER_AES256_CBC
);
197
198
if
(suite ==
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
)
199
return
TLS_Ciphersuite_Algos
(
TLS_ALGO_SIGNER_ECDSA
|
200
TLS_ALGO_KEYEXCH_ECDH
|
201
TLS_ALGO_MAC_SHA256
|
202
TLS_ALGO_CIPHER_AES128_CBC
);
203
204
if
(suite ==
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
)
205
return
TLS_Ciphersuite_Algos
(
TLS_ALGO_SIGNER_ECDSA
|
206
TLS_ALGO_KEYEXCH_ECDH
|
207
TLS_ALGO_MAC_SHA384
|
208
TLS_ALGO_CIPHER_AES256_CBC
);
209
210
return
TLS_Ciphersuite_Algos
(0);
211
}
212
213
namespace
{
214
215
std::pair<std::string, size_t> cipher_code_to_name(
TLS_Ciphersuite_Algos
algo)
216
{
217
if
((algo &
TLS_ALGO_CIPHER_MASK
) ==
TLS_ALGO_CIPHER_RC4_128
)
218
return
std::make_pair(
"ARC4"
, 16);
219
220
if
((algo &
TLS_ALGO_CIPHER_MASK
) ==
TLS_ALGO_CIPHER_3DES_CBC
)
221
return
std::make_pair(
"3DES"
, 24);
222
223
if
((algo &
TLS_ALGO_CIPHER_MASK
) ==
TLS_ALGO_CIPHER_AES128_CBC
)
224
return
std::make_pair(
"AES-128"
, 16);
225
226
if
((algo &
TLS_ALGO_CIPHER_MASK
) ==
TLS_ALGO_CIPHER_AES256_CBC
)
227
return
std::make_pair(
"AES-256"
, 32);
228
229
if
((algo &
TLS_ALGO_CIPHER_MASK
) ==
TLS_ALGO_CIPHER_SEED_CBC
)
230
return
std::make_pair(
"SEED"
, 16);
231
232
throw
TLS_Exception
(
INTERNAL_ERROR
,
233
"CipherSuite: Unknown cipher type "
+
to_string
(algo));
234
}
235
236
std::string mac_code_to_name(
TLS_Ciphersuite_Algos
algo)
237
{
238
if
((algo &
TLS_ALGO_MAC_MASK
) ==
TLS_ALGO_MAC_MD5
)
239
return
"MD5"
;
240
241
if
((algo &
TLS_ALGO_MAC_MASK
) ==
TLS_ALGO_MAC_SHA1
)
242
return
"SHA-1"
;
243
244
if
((algo &
TLS_ALGO_MAC_MASK
) ==
TLS_ALGO_MAC_SHA256
)
245
return
"SHA-256"
;
246
247
if
((algo &
TLS_ALGO_MAC_MASK
) ==
TLS_ALGO_MAC_SHA384
)
248
return
"SHA-384"
;
249
250
throw
TLS_Exception(
INTERNAL_ERROR
,
251
"CipherSuite: Unknown MAC type "
+
to_string
(algo));
252
}
253
254
}
255
256
/**
257
* CipherSuite Constructor
258
*/
259
CipherSuite::CipherSuite
(
u16bit
suite_code)
260
{
261
if
(suite_code == 0)
262
return
;
263
264
TLS_Ciphersuite_Algos
algos =
lookup_ciphersuite
(suite_code);
265
266
if
(algos == 0)
267
throw
Invalid_Argument
(
"Unknown ciphersuite: "
+
to_string
(suite_code));
268
269
sig_algo =
TLS_Ciphersuite_Algos
(algos &
TLS_ALGO_SIGNER_MASK
);
270
271
kex_algo =
TLS_Ciphersuite_Algos
(algos &
TLS_ALGO_KEYEXCH_MASK
);
272
273
std::pair<std::string, size_t> cipher_info = cipher_code_to_name(algos);
274
275
cipher = cipher_info.first;
276
cipher_key_length = cipher_info.second;
277
278
mac = mac_code_to_name(algos);
279
}
280
281
}
Botan::TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Definition:
tls_magic.h:114
Botan::TLS_ALGO_CIPHER_SEED_CBC
Definition:
tls_magic.h:169
Botan::TLS_RSA_WITH_SEED_CBC_SHA
Definition:
tls_magic.h:108
Botan::TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Definition:
tls_magic.h:136
Botan::TLS_RSA_WITH_AES_256_CBC_SHA
Definition:
tls_magic.h:105
Botan::TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Definition:
tls_magic.h:112
Botan::TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
Definition:
tls_magic.h:126
Botan::TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
Definition:
tls_magic.h:125
Botan::TLS_ALGO_SIGNER_DSA
Definition:
tls_magic.h:149
Botan::TLS_DHE_DSS_WITH_AES_128_CBC_SHA
Definition:
tls_magic.h:111
Botan::CipherSuite::lookup_ciphersuite
static TLS_Ciphersuite_Algos lookup_ciphersuite(u16bit suite)
Definition:
tls_suites.cpp:16
Botan::TLS_ALGO_CIPHER_AES256_CBC
Definition:
tls_magic.h:168
Botan::TLS_ALGO_KEYEXCH_NOKEX
Definition:
tls_magic.h:153
Botan::TLS_ALGO_SIGNER_ECDSA
Definition:
tls_magic.h:150
Botan::TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
Definition:
tls_magic.h:110
Botan::TLS_RSA_WITH_AES_128_CBC_SHA
Definition:
tls_magic.h:104
Botan::TLS_ECDHE_RSA_WITH_RC4_128_SHA
Definition:
tls_magic.h:131
Botan::Invalid_Argument
std::invalid_argument Invalid_Argument
Definition:
exceptn.h:20
Botan::TLS_RSA_WITH_AES_256_CBC_SHA256
Definition:
tls_magic.h:107
Botan::TLS_Exception
Definition:
tls_exceptn.h:19
Botan::TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Definition:
tls_magic.h:129
Botan::TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Definition:
tls_magic.h:120
Botan::TLS_DHE_DSS_WITH_SEED_CBC_SHA
Definition:
tls_magic.h:115
Botan::TLS_RSA_WITH_AES_128_CBC_SHA256
Definition:
tls_magic.h:106
Botan::TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Definition:
tls_magic.h:128
Botan::TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
Definition:
tls_magic.h:113
Botan::TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
Definition:
tls_magic.h:124
Botan::TLS_ALGO_MAC_SHA384
Definition:
tls_magic.h:162
Botan::TLS_RSA_WITH_RC4_128_MD5
Definition:
tls_magic.h:100
Botan::TLS_RSA_WITH_3DES_EDE_CBC_SHA
Definition:
tls_magic.h:103
Botan::TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Definition:
tls_magic.h:119
Botan::TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
Definition:
tls_magic.h:133
Botan::u16bit
unsigned short u16bit
Definition:
types.h:27
Botan::TLS_ALGO_MAC_MASK
Definition:
tls_magic.h:158
Botan
Definition:
algo_base.h:14
Botan::TLS_ALGO_CIPHER_3DES_CBC
Definition:
tls_magic.h:166
Botan::TLS_ALGO_MAC_MD5
Definition:
tls_magic.h:159
Botan::TLS_ALGO_CIPHER_AES128_CBC
Definition:
tls_magic.h:167
Botan::TLS_ALGO_MAC_SHA256
Definition:
tls_magic.h:161
Botan::TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Definition:
tls_magic.h:135
Botan::TLS_ALGO_KEYEXCH_DH
Definition:
tls_magic.h:155
Botan::TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Definition:
tls_magic.h:121
Botan::TLS_DHE_RSA_WITH_AES_128_CBC_SHA
Definition:
tls_magic.h:118
Botan::TLS_ALGO_MAC_SHA1
Definition:
tls_magic.h:160
Botan::TLS_RSA_WITH_RC4_128_SHA
Definition:
tls_magic.h:101
Botan::INTERNAL_ERROR
Definition:
tls_magic.h:83
Botan::TLS_ALGO_CIPHER_MASK
Definition:
tls_magic.h:164
Botan::TLS_ALGO_KEYEXCH_ECDH
Definition:
tls_magic.h:156
Botan::to_string
std::string to_string(u64bit n, size_t min_len)
Definition:
parsing.cpp:42
Botan::TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Definition:
tls_magic.h:134
Botan::TLS_ALGO_CIPHER_RC4_128
Definition:
tls_magic.h:165
Botan::TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
Definition:
tls_magic.h:132
Botan::TLS_Ciphersuite_Algos
TLS_Ciphersuite_Algos
Definition:
tls_magic.h:145
Botan::TLS_ALGO_SIGNER_RSA
Definition:
tls_magic.h:148
Botan::TLS_ALGO_KEYEXCH_MASK
Definition:
tls_magic.h:152
Botan::TLS_ALGO_SIGNER_MASK
Definition:
tls_magic.h:146
Botan::TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Definition:
tls_magic.h:127
Botan::TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
Definition:
tls_magic.h:117
Botan::CipherSuite::CipherSuite
CipherSuite(u16bit=0)
Definition:
tls_suites.cpp:259
Generated by
1.8.14