1 /*
2  * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4  *
5  * This code is free software; you can redistribute it and/or modify it
6  * under the terms of the GNU General Public License version 2 only, as
7  * published by the Free Software Foundation.
8  *
9  * This code is distributed in the hope that it will be useful, but WITHOUT
10  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
12  * version 2 for more details (a copy is included in the LICENSE file that
13  * accompanied this code).
14  *
15  * You should have received a copy of the GNU General Public License version
16  * 2 along with this work; if not, write to the Free Software Foundation,
17  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18  *
19  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20  * or visit www.oracle.com if you need additional information or have any
21  * questions.
22  */
23 
24 /*
25  * SSL/TLS cipher suites.
26  */
27 public enum CipherSuite {
28 
29     TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256(
30             0xCCAA, KeyExAlgorithm.DHE_RSA, Protocol.TLSV1_2, Protocol.TLSV1_2),
31     TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256(
32             0xCCA9, KeyExAlgorithm.ECDHE_ECDSA, Protocol.TLSV1_2, Protocol.TLSV1_2),
33     TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256(
34             0xCCA8, KeyExAlgorithm.ECDHE_RSA, Protocol.TLSV1_2, Protocol.TLSV1_2),
35     TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384(
36             0xC032, KeyExAlgorithm.ECDH_RSA, Protocol.TLSV1_2, Protocol.TLSV1_2),
37     TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256(
38             0xC031, KeyExAlgorithm.ECDH_RSA, Protocol.TLSV1_2, Protocol.TLSV1_2),
39     TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(
40             0xC030, KeyExAlgorithm.ECDHE_RSA, Protocol.TLSV1_2, Protocol.TLSV1_2),
41     TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(
42             0xC02F, KeyExAlgorithm.ECDHE_RSA, Protocol.TLSV1_2, Protocol.TLSV1_2),
43     TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384(
44             0xC02E, KeyExAlgorithm.ECDH_ECDSA, Protocol.TLSV1_2, Protocol.TLSV1_2),
45     TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256(
46             0xC02D, KeyExAlgorithm.ECDH_ECDSA, Protocol.TLSV1_2, Protocol.TLSV1_2),
47     TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384(
48             0xC02C, KeyExAlgorithm.ECDHE_ECDSA, Protocol.TLSV1_2, Protocol.TLSV1_2),
49     TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(
50             0xC02B, KeyExAlgorithm.ECDHE_ECDSA, Protocol.TLSV1_2, Protocol.TLSV1_2),
51     TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384(
52             0xC02A, KeyExAlgorithm.ECDH_RSA, Protocol.TLSV1_2, Protocol.TLSV1_2),
53     TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256(
54             0xC029, KeyExAlgorithm.ECDH_RSA, Protocol.TLSV1_2, Protocol.TLSV1_2),
55     TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384(
56             0xC028, KeyExAlgorithm.ECDHE_RSA, Protocol.TLSV1_2, Protocol.TLSV1_2),
57     TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256(
58             0xC027, KeyExAlgorithm.ECDHE_RSA, Protocol.TLSV1_2, Protocol.TLSV1_2),
59     TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384(
60             0xC026, KeyExAlgorithm.ECDH_ECDSA, Protocol.TLSV1_2, Protocol.TLSV1_2),
61     TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA(
62             0xC025, KeyExAlgorithm.ECDH_ECDSA, Protocol.SSLV3, Protocol.TLSV1_2),
63     TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256(
64             0xC025, KeyExAlgorithm.ECDH_ECDSA, Protocol.TLSV1_2, Protocol.TLSV1_2),
65     TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384(
66             0xC024, KeyExAlgorithm.ECDHE_ECDSA, Protocol.TLSV1_2, Protocol.TLSV1_2),
67     TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256(
68             0xC023, KeyExAlgorithm.ECDHE_ECDSA, Protocol.TLSV1_2, Protocol.TLSV1_2),
69     TLS_ECDH_anon_WITH_AES_256_CBC_SHA(
70             0xC019, KeyExAlgorithm.ECDH_ANON, Protocol.SSLV3, Protocol.TLSV1_2),
71     TLS_ECDH_anon_WITH_AES_128_CBC_SHA(
72             0xC018, KeyExAlgorithm.ECDH_ANON, Protocol.SSLV3, Protocol.TLSV1_2),
73     TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA(
74             0xC017, KeyExAlgorithm.ECDH_ANON, Protocol.SSLV3, Protocol.TLSV1_2),
75     TLS_ECDH_anon_WITH_RC4_128_SHA(
76             0xC016, KeyExAlgorithm.ECDH_ANON, Protocol.SSLV3, Protocol.TLSV1_2),
77     TLS_ECDH_anon_WITH_NULL_SHA(
78             0xC015, KeyExAlgorithm.ECDH_ANON, Protocol.SSLV3, Protocol.TLSV1_2),
79     TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(
80             0xC014, KeyExAlgorithm.ECDHE_RSA, Protocol.SSLV3, Protocol.TLSV1_2),
81     TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(
82             0xC013, KeyExAlgorithm.ECDHE_RSA, Protocol.SSLV3, Protocol.TLSV1_2),
83     TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA(
84             0xC012, KeyExAlgorithm.ECDHE_RSA, Protocol.SSLV3, Protocol.TLSV1_2),
85     TLS_ECDHE_RSA_WITH_RC4_128_SHA(
86             0xC011, KeyExAlgorithm.ECDHE_RSA, Protocol.SSLV3, Protocol.TLSV1_2),
87     TLS_ECDHE_RSA_WITH_NULL_SHA(
88             0xC010, KeyExAlgorithm.ECDHE_RSA, Protocol.SSLV3, Protocol.TLSV1_2),
89     TLS_ECDH_RSA_WITH_AES_256_CBC_SHA(
90             0xC00F, KeyExAlgorithm.ECDH_RSA, Protocol.SSLV3, Protocol.TLSV1_2),
91     TLS_ECDH_RSA_WITH_AES_128_CBC_SHA(
92             0xC00E, KeyExAlgorithm.ECDH_RSA, Protocol.SSLV3, Protocol.TLSV1_2),
93     TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA(
94             0xC00D, KeyExAlgorithm.ECDH_RSA, Protocol.SSLV3, Protocol.TLSV1_2),
95     TLS_ECDH_RSA_WITH_RC4_128_SHA(
96             0xC00C, KeyExAlgorithm.ECDH_RSA, Protocol.SSLV3, Protocol.TLSV1_2),
97     TLS_ECDH_RSA_WITH_NULL_SHA(
98             0xC00B, KeyExAlgorithm.ECDH_RSA, Protocol.SSLV3, Protocol.TLSV1_2),
99     TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA(
100             0xC00A, KeyExAlgorithm.ECDHE_ECDSA, Protocol.SSLV3, Protocol.TLSV1_2),
101     TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA(
102             0xC009, KeyExAlgorithm.ECDHE_ECDSA, Protocol.SSLV3, Protocol.TLSV1_2),
103     TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA(
104             0xC008, KeyExAlgorithm.ECDHE_ECDSA, Protocol.SSLV3, Protocol.TLSV1_2),
105     TLS_ECDHE_ECDSA_WITH_RC4_128_SHA(
106             0xC007, KeyExAlgorithm.ECDHE_ECDSA, Protocol.SSLV3, Protocol.TLSV1_2),
107     TLS_ECDHE_ECDSA_WITH_NULL_SHA(
108             0xC006, KeyExAlgorithm.ECDHE_ECDSA, Protocol.SSLV3, Protocol.TLSV1_2),
109     TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA(
110             0xC003, KeyExAlgorithm.ECDH_ECDSA, Protocol.SSLV3, Protocol.TLSV1_2),
111     TLS_ECDH_ECDSA_WITH_RC4_128_SHA(
112             0xC002, KeyExAlgorithm.ECDH_ECDSA, Protocol.SSLV3, Protocol.TLSV1_2),
113     TLS_ECDH_ECDSA_WITH_NULL_SHA(
114             0xC001, KeyExAlgorithm.ECDH_ECDSA, Protocol.SSLV3, Protocol.TLSV1_2),
115     TLS_EMPTY_RENEGOTIATION_INFO_SCSV(
116             0x00FF, KeyExAlgorithm.SCSV, Protocol.SSLV3, Protocol.TLSV1_2),
117     TLS_AES_256_GCM_SHA384(
118             0x1302, null, Protocol.TLSV1_3, Protocol.TLSV1_3),
119     TLS_AES_128_GCM_SHA256(
120             0x1301, null, Protocol.TLSV1_3, Protocol.TLSV1_3),
121     TLS_CHACHA20_POLY1305_SHA256(
122             0x1303, null, Protocol.TLSV1_3, Protocol.TLSV1_3),
123     TLS_DH_anon_WITH_AES_256_GCM_SHA384(
124             0x00A7, KeyExAlgorithm.DH_ANON, Protocol.TLSV1_2, Protocol.TLSV1_2),
125     TLS_DH_anon_WITH_AES_128_GCM_SHA256(
126             0x00A6, KeyExAlgorithm.DH_ANON, Protocol.TLSV1_2, Protocol.TLSV1_2),
127     TLS_DHE_DSS_WITH_AES_256_GCM_SHA384(
128             0x00A3, KeyExAlgorithm.DHE_DSS, Protocol.TLSV1_2, Protocol.TLSV1_2),
129     TLS_DHE_DSS_WITH_AES_128_GCM_SHA256(
130             0x00A2, KeyExAlgorithm.DHE_DSS, Protocol.TLSV1_2, Protocol.TLSV1_2),
131     TLS_DHE_RSA_WITH_AES_256_GCM_SHA384(
132             0x009F, KeyExAlgorithm.DHE_RSA, Protocol.TLSV1_2, Protocol.TLSV1_2),
133     TLS_DHE_RSA_WITH_AES_128_GCM_SHA256(
134             0x009E, KeyExAlgorithm.DHE_RSA, Protocol.TLSV1_2, Protocol.TLSV1_2),
135     TLS_RSA_WITH_AES_256_GCM_SHA384(
136             0x009D, KeyExAlgorithm.RSA, Protocol.TLSV1_2, Protocol.TLSV1_2),
137     TLS_RSA_WITH_AES_128_GCM_SHA256(
138             0x009C, KeyExAlgorithm.RSA, Protocol.TLSV1_2, Protocol.TLSV1_2),
139     TLS_DH_anon_WITH_AES_256_CBC_SHA256(
140             0x006D, KeyExAlgorithm.DH_ANON, Protocol.TLSV1_2, Protocol.TLSV1_2),
141     TLS_DH_anon_WITH_AES_128_CBC_SHA256(
142             0x006C, KeyExAlgorithm.DH_ANON, Protocol.TLSV1_2, Protocol.TLSV1_2),
143     TLS_DHE_RSA_WITH_AES_256_CBC_SHA256(
144             0x006B, KeyExAlgorithm.DHE_RSA, Protocol.TLSV1_2, Protocol.TLSV1_2),
145     TLS_DHE_DSS_WITH_AES_256_CBC_SHA256(
146             0x006A, KeyExAlgorithm.DHE_DSS, Protocol.TLSV1_2, Protocol.TLSV1_2),
147     TLS_DHE_RSA_WITH_AES_128_CBC_SHA256(
148             0x0067, KeyExAlgorithm.DHE_RSA, Protocol.TLSV1_2, Protocol.TLSV1_2),
149     TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA(
150             0x004C, KeyExAlgorithm.ECDH_ECDSA, Protocol.TLSV1, Protocol.TLSV1_2),
151     TLS_DHE_DSS_WITH_AES_128_CBC_SHA256(
152             0x0040, KeyExAlgorithm.DHE_DSS, Protocol.TLSV1_2, Protocol.TLSV1_2),
153     TLS_RSA_WITH_AES_256_CBC_SHA256(
154             0x003D, KeyExAlgorithm.RSA, Protocol.TLSV1_2, Protocol.TLSV1_2),
155     TLS_RSA_WITH_AES_128_CBC_SHA256(
156             0x003C, KeyExAlgorithm.RSA, Protocol.TLSV1_2, Protocol.TLSV1_2),
157     TLS_RSA_WITH_NULL_SHA256(
158             0x003B, KeyExAlgorithm.RSA, Protocol.TLSV1_2, Protocol.TLSV1_2),
159     TLS_DH_anon_WITH_AES_256_CBC_SHA(
160             0x003A, KeyExAlgorithm.DH_ANON, Protocol.SSLV3, Protocol.TLSV1_2),
161     TLS_DHE_RSA_WITH_AES_256_CBC_SHA(
162             0x0039, KeyExAlgorithm.DHE_RSA, Protocol.TLSV1, Protocol.TLSV1_2),
163     TLS_DHE_DSS_WITH_AES_256_CBC_SHA(
164             0x0038, KeyExAlgorithm.DHE_DSS, Protocol.TLSV1_2, Protocol.TLSV1_2),
165     TLS_RSA_WITH_AES_256_CBC_SHA(
166             0x0035, KeyExAlgorithm.RSA, Protocol.SSLV3, Protocol.TLSV1_2),
167     TLS_DH_anon_WITH_AES_128_CBC_SHA(
168             0x0034, KeyExAlgorithm.DH_ANON, Protocol.SSLV3, Protocol.TLSV1_2),
169     TLS_DHE_RSA_WITH_AES_128_CBC_SHA(
170             0x0033, KeyExAlgorithm.DHE_RSA, Protocol.SSLV3, Protocol.TLSV1_2),
171     TLS_DHE_DSS_WITH_AES_128_CBC_SHA(
172             0x0032, KeyExAlgorithm.DHE_DSS, Protocol.TLSV1_2, Protocol.TLSV1_2),
173     TLS_RSA_WITH_AES_128_CBC_SHA(
174             0x002F, KeyExAlgorithm.RSA, Protocol.SSLV3, Protocol.TLSV1_2),
175     TLS_KRB5_WITH_3DES_EDE_CBC_MD5(
176             0x0023, KeyExAlgorithm.KRB5, Protocol.SSLV3, Protocol.TLSV1_2),
177     TLS_KRB5_WITH_DES_CBC_MD5(
178             0x0022,KeyExAlgorithm.KRB5,  Protocol.SSLV3, Protocol.TLSV1_1),
179     TLS_KRB5_WITH_3DES_EDE_CBC_SHA(
180             0x001F, KeyExAlgorithm.KRB5, Protocol.SSLV3, Protocol.TLSV1_2),
181     TLS_KRB5_WITH_DES_CBC_SHA(
182             0x001E, KeyExAlgorithm.KRB5, Protocol.SSLV3, Protocol.TLSV1_2),
183     SSL_DH_anon_WITH_3DES_EDE_CBC_SHA(
184             0x001B, KeyExAlgorithm.DH_ANON, Protocol.SSLV3, Protocol.TLSV1_2),
185     SSL_DH_anon_WITH_DES_CBC_SHA(
186             0x001A, KeyExAlgorithm.DH_ANON, Protocol.SSLV3, Protocol.TLSV1_1),
187     SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA(
188             0x0019, KeyExAlgorithm.DH_ANON_EXPORT, Protocol.SSLV3, Protocol.TLSV1),
189     SSL_DH_anon_WITH_RC4_128_MD5(
190             0x0018, KeyExAlgorithm.DH_ANON, Protocol.SSLV3, Protocol.TLSV1_2),
191     SSL_DH_anon_EXPORT_WITH_RC4_40_MD5(
192             0x0017, KeyExAlgorithm.DH_ANON_EXPORT, Protocol.SSLV3, Protocol.TLSV1),
193     SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA(
194             0x0016, KeyExAlgorithm.DHE_RSA, Protocol.SSLV3, Protocol.TLSV1_2),
195     SSL_DHE_RSA_WITH_DES_CBC_SHA(
196             0x0015, KeyExAlgorithm.DHE_RSA, Protocol.SSLV3, Protocol.TLSV1_1),
197     SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA(
198             0x0014, KeyExAlgorithm.DHE_RSA_EXPORT, Protocol.SSLV3, Protocol.TLSV1),
199     SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA(
200             0x0013, KeyExAlgorithm.DHE_DSS, Protocol.SSLV3, Protocol.TLSV1_2),
201     SSL_DHE_DSS_WITH_DES_CBC_SHA(
202             0x0012, KeyExAlgorithm.DHE_DSS, Protocol.SSLV3, Protocol.TLSV1_1),
203     SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA(
204             0x0011, KeyExAlgorithm.DHE_DSS_EXPORT, Protocol.SSLV3, Protocol.TLSV1),
205     SSL_RSA_WITH_3DES_EDE_CBC_SHA(
206             0x000A, KeyExAlgorithm.RSA, Protocol.SSLV3, Protocol.TLSV1_2),
207     SSL_RSA_WITH_DES_CBC_SHA(
208             0x0009, KeyExAlgorithm.RSA, Protocol.SSLV3, Protocol.TLSV1_1),
209     SSL_RSA_EXPORT_WITH_DES40_CBC_SHA(
210             0x0008, KeyExAlgorithm.RSA_EXPORT, Protocol.SSLV3, Protocol.TLSV1),
211     SSL_RSA_WITH_RC4_128_SHA(
212             0x0005, KeyExAlgorithm.RSA, Protocol.SSLV3, Protocol.TLSV1_2),
213     SSL_RSA_WITH_RC4_128_MD5(
214             0x0004, KeyExAlgorithm.RSA, Protocol.SSLV3, Protocol.TLSV1_2),
215     SSL_RSA_EXPORT_WITH_RC4_40_MD5(
216             0x0003, KeyExAlgorithm.RSA_EXPORT, Protocol.SSLV3, Protocol.TLSV1),
217     SSL_RSA_WITH_NULL_SHA(
218             0x0002, KeyExAlgorithm.RSA, Protocol.SSLV3, Protocol.TLSV1_2),
219     SSL_RSA_WITH_NULL_MD5(
220             0x0001, KeyExAlgorithm.RSA, Protocol.SSLV3, Protocol.TLSV1_2);
221 
222     public final int id;
223     public final KeyExAlgorithm keyExAlgorithm;
224     public final Protocol startProtocol;
225     public final Protocol endProtocol;
226 
CipherSuite( int id, KeyExAlgorithm keyExAlgorithm, Protocol startProtocol, Protocol endProtocol)227     private CipherSuite(
228             int id,
229             KeyExAlgorithm keyExAlgorithm,
230             Protocol startProtocol,
231             Protocol endProtocol) {
232         this.id = id;
233         this.keyExAlgorithm = keyExAlgorithm;
234         this.startProtocol = startProtocol;
235         this.endProtocol = endProtocol;
236     }
237 
supportedByProtocol(Protocol protocol)238     public boolean supportedByProtocol(Protocol protocol) {
239         return startProtocol.id <= protocol.id
240                 && protocol.id <= endProtocol.id;
241     }
242 
cipherSuite(String name)243     public static CipherSuite cipherSuite(String name) {
244         return CipherSuite.valueOf(CipherSuite.class, name);
245     }
246 }
247