1/* 2 * Copyright (c) 1999-2001,2005-2014 Apple Inc. All Rights Reserved. 3 * 4 * @APPLE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. Please obtain a copy of the License at 10 * http://www.opensource.apple.com/apsl/ and read it before using this 11 * file. 12 * 13 * The Original Code and all software distributed under the License are 14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 18 * Please see the License for the specific language governing rights and 19 * limitations under the License. 20 * 21 * @APPLE_LICENSE_HEADER_END@ 22 */ 23 24/* 25 * cipherSpecs.c - SSLCipherSpec declarations 26 */ 27 28/* THIS FILE CONTAINS KERNEL CODE */ 29 30#include "CipherSuite.h" 31#include "cipherSpecs.h" 32#include "sslTypes.h" 33 34/* 35 36cipher spec preferences from openssl. first column includes the dh anon 37cipher suites. second column is more interesting: default. 38 39seems to be: 40Asymmetric: DHE-RSA > DHE-DSS > RSA 41Symmetric : AES-256 > 3DES > AES-128 > RC4-128 > DES > DES40 > RC2-40 > RC4-40 42 43DH_anon w/ AES are preferred over DHE_RSA when enabled, all others at the bottom. 44 45 3a TLS_DH_anon_WITH_AES_256_CBC_SHA 46 39 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 1 47 38 TLS_DHE_DSS_WITH_AES_256_CBC_SHA 2 48 35 TLS_RSA_WITH_AES_256_CBC_SHA 3 49 34 TLS_DH_anon_WITH_AES_128_CBC_SHA 50 33 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 7 51 32 TLS_DHE_DSS_WITH_AES_128_CBC_SHA 8 52 2f TLS_RSA_WITH_AES_128_CBC_SHA 9 53 16 SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA 4 54 15 SSL_DHE_RSA_WITH_DES_CBC_SHA 12 55 14 SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA 15 56 13 SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA 5 57 12 SSL_DHE_DSS_WITH_DES_CBC_SHA 13 58 11 SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA 16 59 0a SSL_RSA_WITH_3DES_EDE_CBC_SHA 6 60 09 SSL_RSA_WITH_DES_CBC_SHA 14 61 08 SSL_RSA_EXPORT_WITH_DES40_CBC_SHA 17 62 06 SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 18 63 05 SSL_RSA_WITH_RC4_128_SHA 10 64 04 SSL_RSA_WITH_RC4_128_MD5 11 65 03 SSL_RSA_EXPORT_WITH_RC4_40_MD5 19 66 1b SSL_DH_anon_WITH_3DES_EDE_CBC_SHA 67 1a SSL_DH_anon_WITH_DES_CBC_SHA 68 19 SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA 69 18 SSL_DH_anon_WITH_RC4_128_MD5 70 17 SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 71 72 */ 73 74KeyExchangeMethod sslCipherSuiteGetKeyExchangeMethod(SSLCipherSuite cipherSuite) 75{ 76 switch (cipherSuite) { 77 case TLS_NULL_WITH_NULL_NULL: 78 return SSL_NULL_auth; 79 80 case SSL_RSA_WITH_RC2_CBC_MD5: 81 case SSL_RSA_WITH_DES_CBC_MD5: 82 case SSL_RSA_WITH_3DES_EDE_CBC_MD5: 83 case TLS_RSA_WITH_NULL_MD5: 84 case TLS_RSA_WITH_NULL_SHA: 85 case TLS_RSA_WITH_RC4_128_MD5: 86 case TLS_RSA_WITH_RC4_128_SHA: 87 case SSL_RSA_WITH_IDEA_CBC_SHA: 88 case SSL_RSA_WITH_DES_CBC_SHA: 89 case TLS_RSA_WITH_3DES_EDE_CBC_SHA: 90 case TLS_RSA_WITH_AES_128_CBC_SHA: 91 case TLS_RSA_WITH_AES_256_CBC_SHA: 92 case TLS_RSA_WITH_NULL_SHA256: 93 case TLS_RSA_WITH_AES_128_CBC_SHA256: 94 case TLS_RSA_WITH_AES_256_CBC_SHA256: 95 case TLS_RSA_WITH_AES_128_GCM_SHA256: 96 case TLS_RSA_WITH_AES_256_GCM_SHA384: 97 return SSL_RSA; 98 99 case SSL_RSA_EXPORT_WITH_RC4_40_MD5: 100 case SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5: 101 case SSL_RSA_EXPORT_WITH_DES40_CBC_SHA: 102 return SSL_RSA_EXPORT; 103 104 case SSL_DH_DSS_WITH_DES_CBC_SHA: 105 case TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA: 106 case TLS_DH_DSS_WITH_AES_128_CBC_SHA: 107 case TLS_DH_DSS_WITH_AES_256_CBC_SHA: 108 case TLS_DH_DSS_WITH_AES_128_CBC_SHA256: 109 case TLS_DH_DSS_WITH_AES_256_CBC_SHA256: 110 case TLS_DH_DSS_WITH_AES_128_GCM_SHA256: 111 case TLS_DH_DSS_WITH_AES_256_GCM_SHA384: 112 return SSL_DH_DSS; 113 114 case SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA: 115 return SSL_DH_DSS_EXPORT; 116 117 case SSL_DH_RSA_WITH_DES_CBC_SHA: 118 case TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA: 119 case TLS_DH_RSA_WITH_AES_128_CBC_SHA: 120 case TLS_DH_RSA_WITH_AES_256_CBC_SHA: 121 case TLS_DH_RSA_WITH_AES_128_CBC_SHA256: 122 case TLS_DH_RSA_WITH_AES_256_CBC_SHA256: 123 case TLS_DH_RSA_WITH_AES_128_GCM_SHA256: 124 case TLS_DH_RSA_WITH_AES_256_GCM_SHA384: 125 return SSL_DH_RSA; 126 127 case SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA: 128 return SSL_DH_RSA_EXPORT; 129 130 case SSL_DHE_DSS_WITH_DES_CBC_SHA: 131 case TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA: 132 case TLS_DHE_DSS_WITH_AES_128_CBC_SHA: 133 case TLS_DHE_DSS_WITH_AES_256_CBC_SHA: 134 case TLS_DHE_DSS_WITH_AES_128_CBC_SHA256: 135 case TLS_DHE_DSS_WITH_AES_256_CBC_SHA256: 136 case TLS_DHE_DSS_WITH_AES_128_GCM_SHA256: 137 case TLS_DHE_DSS_WITH_AES_256_GCM_SHA384: 138 return SSL_DHE_DSS; 139 140 case SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA: 141 return SSL_DHE_DSS_EXPORT; 142 143 case SSL_DHE_RSA_WITH_DES_CBC_SHA: 144 case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA: 145 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA: 146 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA: 147 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: 148 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: 149 case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: 150 case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: 151 return SSL_DHE_RSA; 152 153 case SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA: 154 return SSL_DHE_RSA_EXPORT; 155 156 case SSL_DH_anon_WITH_DES_CBC_SHA: 157 case TLS_DH_anon_WITH_RC4_128_MD5: 158 case TLS_DH_anon_WITH_3DES_EDE_CBC_SHA: 159 case TLS_DH_anon_WITH_AES_128_CBC_SHA: 160 case TLS_DH_anon_WITH_AES_256_CBC_SHA: 161 case TLS_DH_anon_WITH_AES_128_CBC_SHA256: 162 case TLS_DH_anon_WITH_AES_256_CBC_SHA256: 163 case TLS_DH_anon_WITH_AES_128_GCM_SHA256: 164 case TLS_DH_anon_WITH_AES_256_GCM_SHA384: 165 return SSL_DH_anon; 166 167 case SSL_DH_anon_EXPORT_WITH_RC4_40_MD5: 168 case SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA: 169 return SSL_DH_anon_EXPORT; 170 171 case SSL_FORTEZZA_DMS_WITH_NULL_SHA: 172 case SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA: 173 return SSL_Fortezza; 174 175 case TLS_ECDHE_ECDSA_WITH_NULL_SHA: 176 case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA: 177 case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA: 178 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: 179 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: 180 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: 181 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384: 182 case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: 183 case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: 184 return SSL_ECDHE_ECDSA; 185 186 case TLS_ECDH_ECDSA_WITH_NULL_SHA: 187 case TLS_ECDH_ECDSA_WITH_RC4_128_SHA: 188 case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA: 189 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA: 190 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA: 191 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256: 192 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384: 193 case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256: 194 case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384: 195 return SSL_ECDH_ECDSA; 196 197 case TLS_ECDHE_RSA_WITH_NULL_SHA: 198 case TLS_ECDHE_RSA_WITH_RC4_128_SHA: 199 case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA: 200 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: 201 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: 202 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: 203 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384: 204 case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: 205 case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: 206 return SSL_ECDHE_RSA; 207 208 case TLS_ECDH_RSA_WITH_NULL_SHA: 209 case TLS_ECDH_RSA_WITH_RC4_128_SHA: 210 case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA: 211 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA: 212 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA: 213 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256: 214 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384: 215 case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256: 216 case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384: 217 return SSL_ECDH_RSA; 218 219 case TLS_ECDH_anon_WITH_NULL_SHA: 220 case TLS_ECDH_anon_WITH_RC4_128_SHA: 221 case TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA: 222 case TLS_ECDH_anon_WITH_AES_128_CBC_SHA: 223 case TLS_ECDH_anon_WITH_AES_256_CBC_SHA: 224 return SSL_ECDH_anon; 225 226 case TLS_PSK_WITH_NULL_SHA: 227 case TLS_PSK_WITH_RC4_128_SHA: 228 case TLS_PSK_WITH_3DES_EDE_CBC_SHA: 229 case TLS_PSK_WITH_AES_128_CBC_SHA: 230 case TLS_PSK_WITH_AES_256_CBC_SHA: 231 case TLS_PSK_WITH_AES_128_GCM_SHA256: 232 case TLS_PSK_WITH_AES_256_GCM_SHA384: 233 case TLS_PSK_WITH_AES_128_CBC_SHA256: 234 case TLS_PSK_WITH_AES_256_CBC_SHA384: 235 case TLS_PSK_WITH_NULL_SHA256: 236 case TLS_PSK_WITH_NULL_SHA384: 237 return TLS_PSK; 238 239 case TLS_DHE_PSK_WITH_NULL_SHA: 240 case TLS_DHE_PSK_WITH_RC4_128_SHA: 241 case TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA: 242 case TLS_DHE_PSK_WITH_AES_128_CBC_SHA: 243 case TLS_DHE_PSK_WITH_AES_256_CBC_SHA: 244 case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256: 245 case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384: 246 case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256: 247 case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384: 248 case TLS_DHE_PSK_WITH_NULL_SHA256: 249 case TLS_DHE_PSK_WITH_NULL_SHA384: 250 return TLS_DHE_PSK; 251 252 case TLS_RSA_PSK_WITH_NULL_SHA: 253 case TLS_RSA_PSK_WITH_RC4_128_SHA: 254 case TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA: 255 case TLS_RSA_PSK_WITH_AES_128_CBC_SHA: 256 case TLS_RSA_PSK_WITH_AES_256_CBC_SHA: 257 case TLS_RSA_PSK_WITH_AES_128_GCM_SHA256: 258 case TLS_RSA_PSK_WITH_AES_256_GCM_SHA384: 259 case TLS_RSA_PSK_WITH_AES_128_CBC_SHA256: 260 case TLS_RSA_PSK_WITH_AES_256_CBC_SHA384: 261 case TLS_RSA_PSK_WITH_NULL_SHA256: 262 case TLS_RSA_PSK_WITH_NULL_SHA384: 263 return TLS_RSA_PSK; 264 265 default: 266 return SSL_NULL_auth; 267 } 268} 269 270#if 0 271static SSL_SignatureAlgorithm sslCipherSuiteGetSignatureAlgorithm(SSLCipherSuite cipherSuite) { 272 switch (sslCipherSuiteGetKeyExchangeMethod(cipherSuite)) { 273 case SSL_NULL_auth: 274 return SSL_SignatureAlgorithmAnonymous; 275 case SSL_RSA: 276 case SSL_RSA_EXPORT: 277 case SSL_DH_RSA: 278 case SSL_DH_RSA_EXPORT: 279 case SSL_DHE_RSA: 280 case SSL_DHE_RSA_EXPORT: 281 case SSL_ECDHE_RSA: 282 case SSL_ECDH_RSA: 283 return SSL_SignatureAlgorithmRSA; 284 case SSL_DH_DSS: 285 case SSL_DH_DSS_EXPORT: 286 case SSL_DHE_DSS: 287 case SSL_DHE_DSS_EXPORT: 288 return SSL_SignatureAlgorithmDSA; 289 case SSL_DH_anon: 290 case SSL_DH_anon_EXPORT: 291 return SSL_SignatureAlgorithmAnonymous; 292 case SSL_ECDHE_ECDSA: 293 case SSL_ECDH_ECDSA: 294 return SSL_SignatureAlgorithmECDSA; 295 default: 296 return SSL_SignatureAlgorithmAnonymous; 297 } 298} 299#endif 300 301#if 0 302static SSLProtocolVersion sslCipherSuiteGetMinSupportedTLSVersion(SSLCipherSuite cipherSuite) { 303 switch (cipherSuite) { 304 case SSL_RSA_EXPORT_WITH_RC4_40_MD5: 305 case SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5: 306 case SSL_RSA_WITH_IDEA_CBC_SHA: 307 case SSL_RSA_EXPORT_WITH_DES40_CBC_SHA: 308 case SSL_RSA_WITH_DES_CBC_SHA: 309 case SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA: 310 case SSL_DH_DSS_WITH_DES_CBC_SHA: 311 case SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA: 312 case SSL_DH_RSA_WITH_DES_CBC_SHA: 313 case SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA: 314 case SSL_DHE_DSS_WITH_DES_CBC_SHA: 315 case SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA: 316 case SSL_DHE_RSA_WITH_DES_CBC_SHA: 317 case SSL_DH_anon_EXPORT_WITH_RC4_40_MD5: 318 case SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA: 319 case SSL_DH_anon_WITH_DES_CBC_SHA: 320 case SSL_FORTEZZA_DMS_WITH_NULL_SHA: 321 case SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA: 322 case TLS_NULL_WITH_NULL_NULL: 323 case TLS_RSA_WITH_NULL_MD5: 324 case TLS_RSA_WITH_NULL_SHA: 325 case TLS_RSA_WITH_RC4_128_MD5: 326 case TLS_RSA_WITH_RC4_128_SHA: 327 case TLS_RSA_WITH_3DES_EDE_CBC_SHA: 328 case TLS_RSA_WITH_AES_128_CBC_SHA: 329 case TLS_RSA_WITH_AES_256_CBC_SHA: 330 case TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA: 331 case TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA: 332 case TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA: 333 case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA: 334 case TLS_DH_DSS_WITH_AES_128_CBC_SHA: 335 case TLS_DH_RSA_WITH_AES_128_CBC_SHA: 336 case TLS_DHE_DSS_WITH_AES_128_CBC_SHA: 337 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA: 338 case TLS_DH_DSS_WITH_AES_256_CBC_SHA: 339 case TLS_DH_RSA_WITH_AES_256_CBC_SHA: 340 case TLS_DHE_DSS_WITH_AES_256_CBC_SHA: 341 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA: 342 case TLS_DH_anon_WITH_RC4_128_MD5: 343 case TLS_DH_anon_WITH_3DES_EDE_CBC_SHA: 344 case TLS_DH_anon_WITH_AES_128_CBC_SHA: 345 case TLS_DH_anon_WITH_AES_256_CBC_SHA: 346 return SSL_Version_3_0; 347 348 case TLS_ECDH_ECDSA_WITH_NULL_SHA: 349 case TLS_ECDH_ECDSA_WITH_RC4_128_SHA: 350 case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA: 351 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA: 352 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA: 353 case TLS_ECDHE_ECDSA_WITH_NULL_SHA: 354 case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA: 355 case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA: 356 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: 357 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: 358 case TLS_ECDH_RSA_WITH_NULL_SHA: 359 case TLS_ECDH_RSA_WITH_RC4_128_SHA: 360 case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA: 361 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA: 362 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA: 363 case TLS_ECDHE_RSA_WITH_NULL_SHA: 364 case TLS_ECDHE_RSA_WITH_RC4_128_SHA: 365 case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA: 366 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: 367 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: 368 case TLS_ECDH_anon_WITH_NULL_SHA: 369 case TLS_ECDH_anon_WITH_RC4_128_SHA: 370 case TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA: 371 case TLS_ECDH_anon_WITH_AES_128_CBC_SHA: 372 case TLS_ECDH_anon_WITH_AES_256_CBC_SHA: 373 return TLS_Version_1_0; 374 375 case TLS_RSA_WITH_NULL_SHA256: 376 case TLS_RSA_WITH_AES_128_CBC_SHA256: 377 case TLS_RSA_WITH_AES_256_CBC_SHA256: 378 case TLS_DH_DSS_WITH_AES_128_CBC_SHA256: 379 case TLS_DH_RSA_WITH_AES_128_CBC_SHA256: 380 case TLS_DHE_DSS_WITH_AES_128_CBC_SHA256: 381 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: 382 case TLS_DH_DSS_WITH_AES_256_CBC_SHA256: 383 case TLS_DH_RSA_WITH_AES_256_CBC_SHA256: 384 case TLS_DHE_DSS_WITH_AES_256_CBC_SHA256: 385 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: 386 case TLS_DH_anon_WITH_AES_128_CBC_SHA256: 387 case TLS_DH_anon_WITH_AES_256_CBC_SHA256: 388 case TLS_RSA_WITH_AES_128_GCM_SHA256: 389 case TLS_RSA_WITH_AES_256_GCM_SHA384: 390 case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: 391 case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: 392 case TLS_DH_RSA_WITH_AES_128_GCM_SHA256: 393 case TLS_DH_RSA_WITH_AES_256_GCM_SHA384: 394 case TLS_DHE_DSS_WITH_AES_128_GCM_SHA256: 395 case TLS_DHE_DSS_WITH_AES_256_GCM_SHA384: 396 case TLS_DH_DSS_WITH_AES_128_GCM_SHA256: 397 case TLS_DH_DSS_WITH_AES_256_GCM_SHA384: 398 case TLS_DH_anon_WITH_AES_128_GCM_SHA256: 399 case TLS_DH_anon_WITH_AES_256_GCM_SHA384: 400 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: 401 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384: 402 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256: 403 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384: 404 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: 405 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384: 406 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256: 407 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384: 408 case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: 409 case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: 410 case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256: 411 case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384: 412 case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: 413 case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: 414 case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256: 415 case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384: 416 return TLS_Version_1_2; 417 default: 418 return TLS_Version_1_2; 419 } 420} 421#endif 422 423HMAC_Algs sslCipherSuiteGetMacAlgorithm(SSLCipherSuite cipherSuite) { 424 switch (cipherSuite) { 425 case TLS_NULL_WITH_NULL_NULL: 426 return HA_Null; 427 case SSL_RSA_WITH_RC2_CBC_MD5: 428 case SSL_RSA_WITH_DES_CBC_MD5: 429 case SSL_RSA_WITH_3DES_EDE_CBC_MD5: 430 case TLS_RSA_WITH_NULL_MD5: 431 case SSL_RSA_EXPORT_WITH_RC4_40_MD5: 432 case SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5: 433 case TLS_RSA_WITH_RC4_128_MD5: 434 case SSL_DH_anon_EXPORT_WITH_RC4_40_MD5: 435 case TLS_DH_anon_WITH_RC4_128_MD5: 436 return HA_MD5; 437 case TLS_RSA_WITH_NULL_SHA: 438 case SSL_RSA_WITH_IDEA_CBC_SHA: 439 case SSL_RSA_EXPORT_WITH_DES40_CBC_SHA: 440 case SSL_RSA_WITH_DES_CBC_SHA: 441 case SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA: 442 case SSL_DH_DSS_WITH_DES_CBC_SHA: 443 case SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA: 444 case SSL_DH_RSA_WITH_DES_CBC_SHA: 445 case SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA: 446 case SSL_DHE_DSS_WITH_DES_CBC_SHA: 447 case SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA: 448 case SSL_DHE_RSA_WITH_DES_CBC_SHA: 449 case SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA: 450 case SSL_DH_anon_WITH_DES_CBC_SHA: 451 case SSL_FORTEZZA_DMS_WITH_NULL_SHA: 452 case SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA: 453 case TLS_RSA_WITH_RC4_128_SHA: 454 case TLS_RSA_WITH_3DES_EDE_CBC_SHA: 455 case TLS_RSA_WITH_AES_128_CBC_SHA: 456 case TLS_RSA_WITH_AES_256_CBC_SHA: 457 case TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA: 458 case TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA: 459 case TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA: 460 case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA: 461 case TLS_DH_DSS_WITH_AES_128_CBC_SHA: 462 case TLS_DH_RSA_WITH_AES_128_CBC_SHA: 463 case TLS_DHE_DSS_WITH_AES_128_CBC_SHA: 464 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA: 465 case TLS_DH_DSS_WITH_AES_256_CBC_SHA: 466 case TLS_DH_RSA_WITH_AES_256_CBC_SHA: 467 case TLS_DHE_DSS_WITH_AES_256_CBC_SHA: 468 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA: 469 case TLS_DH_anon_WITH_3DES_EDE_CBC_SHA: 470 case TLS_DH_anon_WITH_AES_128_CBC_SHA: 471 case TLS_DH_anon_WITH_AES_256_CBC_SHA: 472 case TLS_ECDH_ECDSA_WITH_NULL_SHA: 473 case TLS_ECDH_ECDSA_WITH_RC4_128_SHA: 474 case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA: 475 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA: 476 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA: 477 case TLS_ECDHE_ECDSA_WITH_NULL_SHA: 478 case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA: 479 case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA: 480 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: 481 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: 482 case TLS_ECDH_RSA_WITH_NULL_SHA: 483 case TLS_ECDH_RSA_WITH_RC4_128_SHA: 484 case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA: 485 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA: 486 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA: 487 case TLS_ECDHE_RSA_WITH_NULL_SHA: 488 case TLS_ECDHE_RSA_WITH_RC4_128_SHA: 489 case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA: 490 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: 491 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: 492 case TLS_ECDH_anon_WITH_NULL_SHA: 493 case TLS_ECDH_anon_WITH_RC4_128_SHA: 494 case TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA: 495 case TLS_ECDH_anon_WITH_AES_128_CBC_SHA: 496 case TLS_ECDH_anon_WITH_AES_256_CBC_SHA: 497 case TLS_PSK_WITH_NULL_SHA: 498 case TLS_PSK_WITH_RC4_128_SHA: 499 case TLS_PSK_WITH_3DES_EDE_CBC_SHA: 500 case TLS_PSK_WITH_AES_128_CBC_SHA: 501 case TLS_PSK_WITH_AES_256_CBC_SHA: 502 case TLS_DHE_PSK_WITH_NULL_SHA: 503 case TLS_DHE_PSK_WITH_RC4_128_SHA: 504 case TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA: 505 case TLS_DHE_PSK_WITH_AES_128_CBC_SHA: 506 case TLS_DHE_PSK_WITH_AES_256_CBC_SHA: 507 case TLS_RSA_PSK_WITH_NULL_SHA: 508 case TLS_RSA_PSK_WITH_RC4_128_SHA: 509 case TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA: 510 case TLS_RSA_PSK_WITH_AES_128_CBC_SHA: 511 case TLS_RSA_PSK_WITH_AES_256_CBC_SHA: 512 return HA_SHA1; 513 case TLS_RSA_WITH_NULL_SHA256: 514 case TLS_RSA_WITH_AES_128_CBC_SHA256: 515 case TLS_RSA_WITH_AES_256_CBC_SHA256: 516 case TLS_DH_DSS_WITH_AES_128_CBC_SHA256: 517 case TLS_DH_RSA_WITH_AES_128_CBC_SHA256: 518 case TLS_DHE_DSS_WITH_AES_128_CBC_SHA256: 519 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: 520 case TLS_DH_DSS_WITH_AES_256_CBC_SHA256: 521 case TLS_DH_RSA_WITH_AES_256_CBC_SHA256: 522 case TLS_DHE_DSS_WITH_AES_256_CBC_SHA256: 523 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: 524 case TLS_DH_anon_WITH_AES_128_CBC_SHA256: 525 case TLS_DH_anon_WITH_AES_256_CBC_SHA256: 526 case TLS_RSA_WITH_AES_128_GCM_SHA256: 527 case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: 528 case TLS_DH_RSA_WITH_AES_128_GCM_SHA256: 529 case TLS_DHE_DSS_WITH_AES_128_GCM_SHA256: 530 case TLS_DH_DSS_WITH_AES_128_GCM_SHA256: 531 case TLS_DH_anon_WITH_AES_128_GCM_SHA256: 532 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: 533 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256: 534 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: 535 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256: 536 case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: 537 case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256: 538 case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: 539 case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256: 540 case TLS_PSK_WITH_AES_128_GCM_SHA256: 541 case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256: 542 case TLS_RSA_PSK_WITH_AES_128_GCM_SHA256: 543 case TLS_PSK_WITH_AES_128_CBC_SHA256: 544 case TLS_PSK_WITH_NULL_SHA256: 545 case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256: 546 case TLS_DHE_PSK_WITH_NULL_SHA256: 547 case TLS_RSA_PSK_WITH_AES_128_CBC_SHA256: 548 case TLS_RSA_PSK_WITH_NULL_SHA256: 549 return HA_SHA256; 550 case TLS_RSA_WITH_AES_256_GCM_SHA384: 551 case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: 552 case TLS_DH_RSA_WITH_AES_256_GCM_SHA384: 553 case TLS_DHE_DSS_WITH_AES_256_GCM_SHA384: 554 case TLS_DH_DSS_WITH_AES_256_GCM_SHA384: 555 case TLS_DH_anon_WITH_AES_256_GCM_SHA384: 556 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384: 557 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384: 558 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384: 559 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384: 560 case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: 561 case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384: 562 case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: 563 case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384: 564 case TLS_PSK_WITH_AES_256_GCM_SHA384: 565 case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384: 566 case TLS_RSA_PSK_WITH_AES_256_GCM_SHA384: 567 case TLS_PSK_WITH_AES_256_CBC_SHA384: 568 case TLS_PSK_WITH_NULL_SHA384: 569 case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384: 570 case TLS_DHE_PSK_WITH_NULL_SHA384: 571 case TLS_RSA_PSK_WITH_AES_256_CBC_SHA384: 572 case TLS_RSA_PSK_WITH_NULL_SHA384: 573 return HA_SHA384; 574 default: 575 return HA_Null; 576 } 577} 578 579uint8_t sslCipherSuiteGetMacSize(SSLCipherSuite cipherSuite) { 580 switch (sslCipherSuiteGetMacAlgorithm(cipherSuite)) { 581 case HA_Null: 582 return 0; 583 case HA_MD5: 584 return 16; 585 case HA_SHA1: 586 return 20; 587 case HA_SHA256: 588 return 32; 589 case HA_SHA384: 590 return 48; 591 default: 592 return 0; 593 } 594} 595 596SSL_CipherAlgorithm sslCipherSuiteGetSymmetricCipherAlgorithm(SSLCipherSuite cipherSuite) { 597 switch (cipherSuite) { 598 case TLS_NULL_WITH_NULL_NULL: 599 case TLS_RSA_WITH_NULL_MD5: 600 case TLS_RSA_WITH_NULL_SHA: 601 case TLS_RSA_WITH_NULL_SHA256: 602 case SSL_FORTEZZA_DMS_WITH_NULL_SHA: 603 case TLS_ECDH_ECDSA_WITH_NULL_SHA: 604 case TLS_ECDHE_ECDSA_WITH_NULL_SHA: 605 case TLS_ECDH_RSA_WITH_NULL_SHA: 606 case TLS_ECDHE_RSA_WITH_NULL_SHA: 607 case TLS_ECDH_anon_WITH_NULL_SHA: 608 case TLS_PSK_WITH_NULL_SHA: 609 case TLS_DHE_PSK_WITH_NULL_SHA: 610 case TLS_RSA_PSK_WITH_NULL_SHA: 611 case TLS_PSK_WITH_NULL_SHA256: 612 case TLS_PSK_WITH_NULL_SHA384: 613 case TLS_DHE_PSK_WITH_NULL_SHA256: 614 case TLS_DHE_PSK_WITH_NULL_SHA384: 615 case TLS_RSA_PSK_WITH_NULL_SHA256: 616 case TLS_RSA_PSK_WITH_NULL_SHA384: 617 return SSL_CipherAlgorithmNull; 618 case SSL_RSA_WITH_RC2_CBC_MD5: 619 return SSL_CipherAlgorithmRC2_128; 620 case SSL_RSA_WITH_DES_CBC_MD5: 621 case SSL_RSA_WITH_DES_CBC_SHA: 622 case SSL_DH_DSS_WITH_DES_CBC_SHA: 623 case SSL_DH_RSA_WITH_DES_CBC_SHA: 624 case SSL_DHE_DSS_WITH_DES_CBC_SHA: 625 case SSL_DHE_RSA_WITH_DES_CBC_SHA: 626 case SSL_DH_anon_WITH_DES_CBC_SHA: 627 return SSL_CipherAlgorithmDES_CBC; 628 case TLS_RSA_WITH_RC4_128_MD5: 629 case TLS_RSA_WITH_RC4_128_SHA: 630 case TLS_DH_anon_WITH_RC4_128_MD5: 631 case TLS_ECDH_ECDSA_WITH_RC4_128_SHA: 632 case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA: 633 case TLS_ECDH_RSA_WITH_RC4_128_SHA: 634 case TLS_ECDHE_RSA_WITH_RC4_128_SHA: 635 case TLS_ECDH_anon_WITH_RC4_128_SHA: 636 case TLS_PSK_WITH_RC4_128_SHA: 637 case TLS_DHE_PSK_WITH_RC4_128_SHA: 638 case TLS_RSA_PSK_WITH_RC4_128_SHA: 639 return SSL_CipherAlgorithmRC4_128; 640 case SSL_RSA_WITH_3DES_EDE_CBC_MD5: 641 case TLS_RSA_WITH_3DES_EDE_CBC_SHA: 642 case TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA: 643 case TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA: 644 case TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA: 645 case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA: 646 case TLS_DH_anon_WITH_3DES_EDE_CBC_SHA: 647 case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA: 648 case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA: 649 case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA: 650 case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA: 651 case TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA: 652 case TLS_PSK_WITH_3DES_EDE_CBC_SHA: 653 case TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA: 654 case TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA: 655 return SSL_CipherAlgorithm3DES_CBC; 656 case TLS_RSA_WITH_AES_128_CBC_SHA: 657 case TLS_RSA_WITH_AES_128_CBC_SHA256: 658 case TLS_DH_DSS_WITH_AES_128_CBC_SHA: 659 case TLS_DH_RSA_WITH_AES_128_CBC_SHA: 660 case TLS_DHE_DSS_WITH_AES_128_CBC_SHA: 661 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA: 662 case TLS_DH_DSS_WITH_AES_128_CBC_SHA256: 663 case TLS_DH_RSA_WITH_AES_128_CBC_SHA256: 664 case TLS_DHE_DSS_WITH_AES_128_CBC_SHA256: 665 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: 666 case TLS_DH_anon_WITH_AES_128_CBC_SHA: 667 case TLS_DH_anon_WITH_AES_128_CBC_SHA256: 668 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA: 669 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: 670 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA: 671 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: 672 case TLS_ECDH_anon_WITH_AES_128_CBC_SHA: 673 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256: 674 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: 675 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256: 676 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: 677 case TLS_PSK_WITH_AES_128_CBC_SHA: 678 case TLS_DHE_PSK_WITH_AES_128_CBC_SHA: 679 case TLS_RSA_PSK_WITH_AES_128_CBC_SHA: 680 case TLS_PSK_WITH_AES_128_CBC_SHA256: 681 case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256: 682 case TLS_RSA_PSK_WITH_AES_128_CBC_SHA256: 683 return SSL_CipherAlgorithmAES_128_CBC; 684 case TLS_RSA_WITH_AES_256_CBC_SHA: 685 case TLS_RSA_WITH_AES_256_CBC_SHA256: 686 case TLS_DH_DSS_WITH_AES_256_CBC_SHA: 687 case TLS_DH_RSA_WITH_AES_256_CBC_SHA: 688 case TLS_DHE_DSS_WITH_AES_256_CBC_SHA: 689 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA: 690 case TLS_DH_DSS_WITH_AES_256_CBC_SHA256: 691 case TLS_DH_RSA_WITH_AES_256_CBC_SHA256: 692 case TLS_DHE_DSS_WITH_AES_256_CBC_SHA256: 693 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: 694 case TLS_DH_anon_WITH_AES_256_CBC_SHA: 695 case TLS_DH_anon_WITH_AES_256_CBC_SHA256: 696 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA: 697 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: 698 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA: 699 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: 700 case TLS_ECDH_anon_WITH_AES_256_CBC_SHA: 701 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384: 702 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384: 703 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384: 704 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384: 705 case TLS_PSK_WITH_AES_256_CBC_SHA: 706 case TLS_DHE_PSK_WITH_AES_256_CBC_SHA: 707 case TLS_RSA_PSK_WITH_AES_256_CBC_SHA: 708 case TLS_PSK_WITH_AES_256_CBC_SHA384: 709 case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384: 710 case TLS_RSA_PSK_WITH_AES_256_CBC_SHA384: 711 return SSL_CipherAlgorithmAES_256_CBC; 712 case TLS_RSA_WITH_AES_128_GCM_SHA256: 713 case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: 714 case TLS_DH_RSA_WITH_AES_128_GCM_SHA256: 715 case TLS_DHE_DSS_WITH_AES_128_GCM_SHA256: 716 case TLS_DH_DSS_WITH_AES_128_GCM_SHA256: 717 case TLS_DH_anon_WITH_AES_128_GCM_SHA256: 718 case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: 719 case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256: 720 case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: 721 case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256: 722 case TLS_PSK_WITH_AES_128_GCM_SHA256: 723 case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256: 724 case TLS_RSA_PSK_WITH_AES_128_GCM_SHA256: 725 return SSL_CipherAlgorithmAES_128_GCM; 726 case TLS_RSA_WITH_AES_256_GCM_SHA384: 727 case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: 728 case TLS_DH_RSA_WITH_AES_256_GCM_SHA384: 729 case TLS_DHE_DSS_WITH_AES_256_GCM_SHA384: 730 case TLS_DH_DSS_WITH_AES_256_GCM_SHA384: 731 case TLS_DH_anon_WITH_AES_256_GCM_SHA384: 732 case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: 733 case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384: 734 case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: 735 case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384: 736 case TLS_PSK_WITH_AES_256_GCM_SHA384: 737 case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384: 738 case TLS_RSA_PSK_WITH_AES_256_GCM_SHA384: 739 return SSL_CipherAlgorithmAES_256_GCM; 740 default: 741 return SSL_CipherAlgorithmNull; 742 } 743} 744 745uint8_t sslCipherSuiteGetSymmetricCipherKeySize(SSLCipherSuite cipherSuite) { 746 SSL_CipherAlgorithm alg = sslCipherSuiteGetSymmetricCipherAlgorithm(cipherSuite); 747 748 switch (alg) { 749 case SSL_CipherAlgorithmNull: 750 return 0; 751 case SSL_CipherAlgorithmDES_CBC: 752 return 8; 753 case SSL_CipherAlgorithmRC2_128: 754 case SSL_CipherAlgorithmRC4_128: 755 case SSL_CipherAlgorithmAES_128_CBC: 756 case SSL_CipherAlgorithmAES_128_GCM: 757 return 16; 758 case SSL_CipherAlgorithm3DES_CBC: 759 return 24; 760 case SSL_CipherAlgorithmAES_256_CBC: 761 case SSL_CipherAlgorithmAES_256_GCM: 762 return 32; 763 default: 764 return 0; 765 } 766} 767 768 769/* Same function for block and iv size */ 770uint8_t sslCipherSuiteGetSymmetricCipherBlockIvSize(SSLCipherSuite cipherSuite) { 771 SSL_CipherAlgorithm alg = sslCipherSuiteGetSymmetricCipherAlgorithm(cipherSuite); 772 773 switch (alg) { 774 case SSL_CipherAlgorithmNull: 775 case SSL_CipherAlgorithmRC4_128: 776 return 0; 777 case SSL_CipherAlgorithmDES_CBC: 778 case SSL_CipherAlgorithm3DES_CBC: 779 case SSL_CipherAlgorithmRC2_128: 780 return 8; 781 case SSL_CipherAlgorithmAES_128_CBC: 782 case SSL_CipherAlgorithmAES_128_GCM: 783 case SSL_CipherAlgorithmAES_256_CBC: 784 case SSL_CipherAlgorithmAES_256_GCM: 785 return 16; 786 default: 787 return 0; 788 } 789} 790 791