search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Roll src/third_party/WebKit eac3800:0237a66 (svn 202606:202607)
[chromium-blink-merge.git] / net / ssl / ssl_cipher_suite_names.cc
blob0b21edb521778994056e70e9ddf83db3913c0627
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/ssl/ssl_cipher_suite_names.h"
6
7 #if defined(USE_OPENSSL)
8 #include <openssl/ssl.h>
9 #endif
10 #include <stdlib.h>
11
12 #include "base/logging.h"
13 #include "base/strings/string_number_conversions.h"
14 #include "base/strings/string_util.h"
15 #include "net/ssl/ssl_connection_status_flags.h"
16
17 // Rather than storing the names of all the ciphersuites we eliminate the
18 // redundancy and break each cipher suite into a key exchange method, cipher
19 // and mac. For all the ciphersuites in the IANA registry, we extract each of
20 // those components from the name, number them and pack the result into a
21 // 16-bit number thus:
22 // (MSB to LSB)
23 // <3 bits> unused
24 // <5 bits> key exchange
25 // <5 bits> cipher
26 // <3 bits> mac
27
28 // The following tables were generated by ssl_cipher_suite_names_generate.go,
29 // found in the same directory as this file.
30
31 namespace {
32
33 struct CipherSuite {
34 uint16 cipher_suite, encoded;
35 };
36
37 const struct CipherSuite kCipherSuites[] = {
38 {0x0, 0x0}, // TLS_NULL_WITH_NULL_NULL
39 {0x1, 0x101}, // TLS_RSA_WITH_NULL_MD5
40 {0x2, 0x102}, // TLS_RSA_WITH_NULL_SHA
41 {0x3, 0x209}, // TLS_RSA_EXPORT_WITH_RC4_40_MD5
42 {0x4, 0x111}, // TLS_RSA_WITH_RC4_128_MD5
43 {0x5, 0x112}, // TLS_RSA_WITH_RC4_128_SHA
44 {0x6, 0x219}, // TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
45 {0x7, 0x122}, // TLS_RSA_WITH_IDEA_CBC_SHA
46 {0x8, 0x22a}, // TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
47 {0x9, 0x132}, // TLS_RSA_WITH_DES_CBC_SHA
48 {0xa, 0x13a}, // TLS_RSA_WITH_3DES_EDE_CBC_SHA
49 {0xb, 0x32a}, // TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA
50 {0xc, 0x432}, // TLS_DH_DSS_WITH_DES_CBC_SHA
51 {0xd, 0x43a}, // TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA
52 {0xe, 0x52a}, // TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA
53 {0xf, 0x632}, // TLS_DH_RSA_WITH_DES_CBC_SHA
54 {0x10, 0x63a}, // TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA
55 {0x11, 0x72a}, // TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
56 {0x12, 0x832}, // TLS_DHE_DSS_WITH_DES_CBC_SHA
57 {0x13, 0x83a}, // TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
58 {0x14, 0x92a}, // TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
59 {0x15, 0xa32}, // TLS_DHE_RSA_WITH_DES_CBC_SHA
60 {0x16, 0xa3a}, // TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
61 {0x17, 0xb09}, // TLS_DH_anon_EXPORT_WITH_RC4_40_MD5
62 {0x18, 0xc11}, // TLS_DH_anon_WITH_RC4_128_MD5
63 {0x19, 0xb2a}, // TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA
64 {0x1a, 0xc32}, // TLS_DH_anon_WITH_DES_CBC_SHA
65 {0x1b, 0xc3a}, // TLS_DH_anon_WITH_3DES_EDE_CBC_SHA
66 {0x2f, 0x142}, // TLS_RSA_WITH_AES_128_CBC_SHA
67 {0x30, 0x442}, // TLS_DH_DSS_WITH_AES_128_CBC_SHA
68 {0x31, 0x642}, // TLS_DH_RSA_WITH_AES_128_CBC_SHA
69 {0x32, 0x842}, // TLS_DHE_DSS_WITH_AES_128_CBC_SHA
70 {0x33, 0xa42}, // TLS_DHE_RSA_WITH_AES_128_CBC_SHA
71 {0x34, 0xc42}, // TLS_DH_anon_WITH_AES_128_CBC_SHA
72 {0x35, 0x14a}, // TLS_RSA_WITH_AES_256_CBC_SHA
73 {0x36, 0x44a}, // TLS_DH_DSS_WITH_AES_256_CBC_SHA
74 {0x37, 0x64a}, // TLS_DH_RSA_WITH_AES_256_CBC_SHA
75 {0x38, 0x84a}, // TLS_DHE_DSS_WITH_AES_256_CBC_SHA
76 {0x39, 0xa4a}, // TLS_DHE_RSA_WITH_AES_256_CBC_SHA
77 {0x3a, 0xc4a}, // TLS_DH_anon_WITH_AES_256_CBC_SHA
78 {0x3b, 0x103}, // TLS_RSA_WITH_NULL_SHA256
79 {0x3c, 0x143}, // TLS_RSA_WITH_AES_128_CBC_SHA256
80 {0x3d, 0x14b}, // TLS_RSA_WITH_AES_256_CBC_SHA256
81 {0x3e, 0x443}, // TLS_DH_DSS_WITH_AES_128_CBC_SHA256
82 {0x3f, 0x643}, // TLS_DH_RSA_WITH_AES_128_CBC_SHA256
83 {0x40, 0x843}, // TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
84 {0x41, 0x152}, // TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
85 {0x42, 0x452}, // TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA
86 {0x43, 0x652}, // TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA
87 {0x44, 0x852}, // TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA
88 {0x45, 0xa52}, // TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
89 {0x46, 0xc52}, // TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA
90 {0x67, 0xa43}, // TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
91 {0x68, 0x44b}, // TLS_DH_DSS_WITH_AES_256_CBC_SHA256
92 {0x69, 0x64b}, // TLS_DH_RSA_WITH_AES_256_CBC_SHA256
93 {0x6a, 0x84b}, // TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
94 {0x6b, 0xa4b}, // TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
95 {0x6c, 0xc43}, // TLS_DH_anon_WITH_AES_128_CBC_SHA256
96 {0x6d, 0xc4b}, // TLS_DH_anon_WITH_AES_256_CBC_SHA256
97 {0x84, 0x15a}, // TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
98 {0x85, 0x45a}, // TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA
99 {0x86, 0x65a}, // TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA
100 {0x87, 0x85a}, // TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA
101 {0x88, 0xa5a}, // TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
102 {0x89, 0xc5a}, // TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA
103 {0x96, 0x162}, // TLS_RSA_WITH_SEED_CBC_SHA
104 {0x97, 0x462}, // TLS_DH_DSS_WITH_SEED_CBC_SHA
105 {0x98, 0x662}, // TLS_DH_RSA_WITH_SEED_CBC_SHA
106 {0x99, 0x862}, // TLS_DHE_DSS_WITH_SEED_CBC_SHA
107 {0x9a, 0xa62}, // TLS_DHE_RSA_WITH_SEED_CBC_SHA
108 {0x9b, 0xc62}, // TLS_DH_anon_WITH_SEED_CBC_SHA
109 {0x9c, 0x16f}, // TLS_RSA_WITH_AES_128_GCM_SHA256
110 {0x9d, 0x177}, // TLS_RSA_WITH_AES_256_GCM_SHA384
111 {0x9e, 0xa6f}, // TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
112 {0x9f, 0xa77}, // TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
113 {0xa0, 0x66f}, // TLS_DH_RSA_WITH_AES_128_GCM_SHA256
114 {0xa1, 0x677}, // TLS_DH_RSA_WITH_AES_256_GCM_SHA384
115 {0xa2, 0x86f}, // TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
116 {0xa3, 0x877}, // TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
117 {0xa4, 0x46f}, // TLS_DH_DSS_WITH_AES_128_GCM_SHA256
118 {0xa5, 0x477}, // TLS_DH_DSS_WITH_AES_256_GCM_SHA384
119 {0xa6, 0xc6f}, // TLS_DH_anon_WITH_AES_128_GCM_SHA256
120 {0xa7, 0xc77}, // TLS_DH_anon_WITH_AES_256_GCM_SHA384
121 {0xba, 0x153}, // TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
122 {0xbb, 0x453}, // TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256
123 {0xbc, 0x653}, // TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256
124 {0xbd, 0x853}, // TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256
125 {0xbe, 0xa53}, // TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
126 {0xbf, 0xc53}, // TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256
127 {0xc0, 0x15b}, // TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
128 {0xc1, 0x45b}, // TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256
129 {0xc2, 0x65b}, // TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256
130 {0xc3, 0x85b}, // TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256
131 {0xc4, 0xa5b}, // TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
132 {0xc5, 0xc5b}, // TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256
133 {0xc001, 0xd02}, // TLS_ECDH_ECDSA_WITH_NULL_SHA
134 {0xc002, 0xd12}, // TLS_ECDH_ECDSA_WITH_RC4_128_SHA
135 {0xc003, 0xd3a}, // TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
136 {0xc004, 0xd42}, // TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
137 {0xc005, 0xd4a}, // TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
138 {0xc006, 0xe02}, // TLS_ECDHE_ECDSA_WITH_NULL_SHA
139 {0xc007, 0xe12}, // TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
140 {0xc008, 0xe3a}, // TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
141 {0xc009, 0xe42}, // TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
142 {0xc00a, 0xe4a}, // TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
143 {0xc00b, 0xf02}, // TLS_ECDH_RSA_WITH_NULL_SHA
144 {0xc00c, 0xf12}, // TLS_ECDH_RSA_WITH_RC4_128_SHA
145 {0xc00d, 0xf3a}, // TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
146 {0xc00e, 0xf42}, // TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
147 {0xc00f, 0xf4a}, // TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
148 {0xc010, 0x1002}, // TLS_ECDHE_RSA_WITH_NULL_SHA
149 {0xc011, 0x1012}, // TLS_ECDHE_RSA_WITH_RC4_128_SHA
150 {0xc012, 0x103a}, // TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
151 {0xc013, 0x1042}, // TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
152 {0xc014, 0x104a}, // TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
153 {0xc015, 0x1102}, // TLS_ECDH_anon_WITH_NULL_SHA
154 {0xc016, 0x1112}, // TLS_ECDH_anon_WITH_RC4_128_SHA
155 {0xc017, 0x113a}, // TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA
156 {0xc018, 0x1142}, // TLS_ECDH_anon_WITH_AES_128_CBC_SHA
157 {0xc019, 0x114a}, // TLS_ECDH_anon_WITH_AES_256_CBC_SHA
158 {0xc023, 0xe43}, // TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
159 {0xc024, 0xe4c}, // TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
160 {0xc025, 0xd43}, // TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
161 {0xc026, 0xd4c}, // TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
162 {0xc027, 0x1043}, // TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
163 {0xc028, 0x104c}, // TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
164 {0xc029, 0xf43}, // TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
165 {0xc02a, 0xf4c}, // TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
166 {0xc02b, 0xe6f}, // TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
167 {0xc02c, 0xe77}, // TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
168 {0xc02d, 0xd6f}, // TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
169 {0xc02e, 0xd77}, // TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
170 {0xc02f, 0x106f}, // TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
171 {0xc030, 0x1077}, // TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
172 {0xc031, 0xf6f}, // TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
173 {0xc032, 0xf77}, // TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
174 {0xc072, 0xe53}, // TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
175 {0xc073, 0xe5c}, // TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
176 {0xc074, 0xd53}, // TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
177 {0xc075, 0xd5c}, // TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
178 {0xc076, 0x1053}, // TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
179 {0xc077, 0x105c}, // TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
180 {0xc078, 0xf53}, // TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
181 {0xc079, 0xf5c}, // TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
182 {0xc07a, 0x17f}, // TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
183 {0xc07b, 0x187}, // TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
184 {0xc07c, 0xa7f}, // TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
185 {0xc07d, 0xa87}, // TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
186 {0xc07e, 0x67f}, // TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256
187 {0xc07f, 0x687}, // TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384
188 {0xc080, 0x87f}, // TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256
189 {0xc081, 0x887}, // TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384
190 {0xc082, 0x47f}, // TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256
191 {0xc083, 0x487}, // TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384
192 {0xc084, 0xc7f}, // TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256
193 {0xc085, 0xc87}, // TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384
194 {0xc086, 0xe7f}, // TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
195 {0xc087, 0xe87}, // TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
196 {0xc088, 0xd7f}, // TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
197 {0xc089, 0xd87}, // TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
198 {0xc08a, 0x107f}, // TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
199 {0xc08b, 0x1087}, // TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
200 {0xc08c, 0xf7f}, // TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
201 {0xc08d, 0xf87}, // TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
202 {0xcc13, 0x108f}, // TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
203 {0xcc14, 0x0e8f}, // TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
204 {0xcc15, 0x0a8f}, // TLS_DHE_RSA_WITH_CHACHA20_POLY1305
205 };
206
207 const struct {
208 char name[15];
209 } kKeyExchangeNames[18] = {
210 {"NULL"}, // 0
211 {"RSA"}, // 1
212 {"RSA_EXPORT"}, // 2
213 {"DH_DSS_EXPORT"}, // 3
214 {"DH_DSS"}, // 4
215 {"DH_RSA_EXPORT"}, // 5
216 {"DH_RSA"}, // 6
217 {"DHE_DSS_EXPORT"}, // 7
218 {"DHE_DSS"}, // 8
219 {"DHE_RSA_EXPORT"}, // 9
220 {"DHE_RSA"}, // 10
221 {"DH_anon_EXPORT"}, // 11
222 {"DH_anon"}, // 12
223 {"ECDH_ECDSA"}, // 13
224 {"ECDHE_ECDSA"}, // 14
225 {"ECDH_RSA"}, // 15
226 {"ECDHE_RSA"}, // 16
227 {"ECDH_anon"}, // 17
228 };
229
230 const struct {
231 char name[18];
232 } kCipherNames[18] = {
233 {"NULL"}, // 0
234 {"RC4_40"}, // 1
235 {"RC4_128"}, // 2
236 {"RC2_CBC_40"}, // 3
237 {"IDEA_CBC"}, // 4
238 {"DES40_CBC"}, // 5
239 {"DES_CBC"}, // 6
240 {"3DES_EDE_CBC"}, // 7
241 {"AES_128_CBC"}, // 8
242 {"AES_256_CBC"}, // 9
243 {"CAMELLIA_128_CBC"}, // 10
244 {"CAMELLIA_256_CBC"}, // 11
245 {"SEED_CBC"}, // 12
246 {"AES_128_GCM"}, // 13
247 {"AES_256_GCM"}, // 14
248 {"CAMELLIA_128_GCM"}, // 15
249 {"CAMELLIA_256_GCM"}, // 16
250 {"CHACHA20_POLY1305"}, // 17
251 };
252
253 const struct {
254 char name[12];
255 } kMacNames[5] = {
256 {"NULL"}, // 0
257 {"HMAC-MD5"}, // 1
258 {"HMAC-SHA1"}, // 2
259 {"HMAC-SHA256"}, // 3
260 {"HMAC-SHA384"}, // 4
261 // 7 is reserved to indicate an AEAD cipher suite.
262 };
263
264 const int kAEADMACValue = 7;
265
266 int CipherSuiteCmp(const void* ia, const void* ib) {
267 const CipherSuite* a = static_cast<const CipherSuite*>(ia);
268 const CipherSuite* b = static_cast<const CipherSuite*>(ib);
269
270 if (a->cipher_suite < b->cipher_suite) {
271 return -1;
272 } else if (a->cipher_suite == b->cipher_suite) {
273 return 0;
274 } else {
275 return 1;
276 }
277 }
278
279 bool GetCipherProperties(uint16 cipher_suite,
280 int* out_key_exchange,
281 int* out_cipher,
282 int* out_mac) {
283 CipherSuite desired = {0};
284 desired.cipher_suite = cipher_suite;
285 void* r = bsearch(&desired, kCipherSuites, arraysize(kCipherSuites),
286 sizeof(kCipherSuites[0]), CipherSuiteCmp);
287
288 if (!r)
289 return false;
290
291 const CipherSuite* cs = static_cast<const CipherSuite*>(r);
292 *out_key_exchange = cs->encoded >> 8;
293 *out_cipher = (cs->encoded >> 3) & 0x1f;
294 *out_mac = cs->encoded & 0x7;
295 return true;
296 }
297
298 } // namespace
299
300 namespace net {
301
302 void SSLCipherSuiteToStrings(const char** key_exchange_str,
303 const char** cipher_str,
304 const char** mac_str,
305 bool *is_aead,
306 uint16 cipher_suite) {
307 *key_exchange_str = *cipher_str = *mac_str = "???";
308 *is_aead = false;
309
310 int key_exchange, cipher, mac;
311 if (!GetCipherProperties(cipher_suite, &key_exchange, &cipher, &mac))
312 return;
313
314 *key_exchange_str = kKeyExchangeNames[key_exchange].name;
315 *cipher_str = kCipherNames[cipher].name;
316 if (mac == kAEADMACValue) {
317 *is_aead = true;
318 *mac_str = NULL;
319 } else {
320 *mac_str = kMacNames[mac].name;
321 }
322 }
323
324 void SSLVersionToString(const char** name, int ssl_version) {
325 switch (ssl_version) {
326 case SSL_CONNECTION_VERSION_SSL2:
327 *name = "SSL 2.0";
328 break;
329 case SSL_CONNECTION_VERSION_SSL3:
330 *name = "SSL 3.0";
331 break;
332 case SSL_CONNECTION_VERSION_TLS1:
333 *name = "TLS 1.0";
334 break;
335 case SSL_CONNECTION_VERSION_TLS1_1:
336 *name = "TLS 1.1";
337 break;
338 case SSL_CONNECTION_VERSION_TLS1_2:
339 *name = "TLS 1.2";
340 break;
341 case SSL_CONNECTION_VERSION_QUIC:
342 *name = "QUIC";
343 break;
344 default:
345 NOTREACHED() << ssl_version;
346 *name = "???";
347 break;
348 }
349 }
350
351 bool ParseSSLCipherString(const std::string& cipher_string,
352 uint16* cipher_suite) {
353 int value = 0;
354 if (cipher_string.size() == 6 &&
355 base::StartsWith(cipher_string, "0x",
356 base::CompareCase::INSENSITIVE_ASCII) &&
357 base::HexStringToInt(cipher_string, &value)) {
358 *cipher_suite = static_cast<uint16>(value);
359 return true;
360 }
361 return false;
362 }
363
364 bool IsSecureTLSCipherSuite(uint16 cipher_suite) {
365 int key_exchange, cipher, mac;
366 if (!GetCipherProperties(cipher_suite, &key_exchange, &cipher, &mac))
367 return false;
368
369 // Only allow forward secure key exchanges.
370 switch (key_exchange) {
371 case 10: // DHE_RSA
372 case 14: // ECDHE_ECDSA
373 case 16: // ECDHE_RSA
374 break;
375 default:
376 return false;
377 }
378
379 switch (cipher) {
380 case 13: // AES_128_GCM
381 case 14: // AES_256_GCM
382 case 17: // CHACHA20_POLY1305
383 break;
384 default:
385 return false;
386 }
387
388 // Only AEADs allowed.
389 if (mac != kAEADMACValue)
390 return false;
391
392 return true;
393 }
394
395 bool IsFalseStartableTLSCipherSuite(uint16 cipher_suite) {
396 int key_exchange, cipher, mac;
397 if (!GetCipherProperties(cipher_suite, &key_exchange, &cipher, &mac))
398 return false;
399
400 // Only allow ECDHE key exchanges.
401 switch (key_exchange) {
402 case 14: // ECDHE_ECDSA
403 case 16: // ECDHE_RSA
404 break;
405 default:
406 return false;
407 }
408
409 switch (cipher) {
410 case 13: // AES_128_GCM
411 case 14: // AES_256_GCM
412 case 17: // CHACHA20_POLY1305
413 break;
414 default:
415 return false;
416 }
417
418 // Only AEADs allowed.
419 if (mac != kAEADMACValue)
420 return false;
421
422 return true;
423 }
424
425 const char* ECCurveName(uint16 cipher_suite, int key_exchange_info) {
426 #if defined(USE_OPENSSL)
427 int key_exchange, cipher, mac;
428 if (!GetCipherProperties(cipher_suite, &key_exchange, &cipher, &mac))
429 return nullptr;
430 switch (key_exchange) {
431 case 14: // ECDHE_ECDSA
432 case 16: // ECDHE_RSA
433 break;
434 default:
435 return nullptr;
436 }
437 return SSL_get_curve_name(key_exchange_info);
438 #else
439 return nullptr;
440 #endif
441 }
442
443 } // namespace net