1 /* 2 * Copyright (c) 2002, 2018, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package sun.security.ssl; 27 28 import java.util.ArrayList; 29 import java.util.Arrays; 30 import java.util.Collection; 31 import java.util.Collections; 32 import java.util.LinkedList; 33 import java.util.List; 34 import static sun.security.ssl.CipherSuite.HashAlg.*; 35 import static sun.security.ssl.CipherSuite.KeyExchange.*; 36 import static sun.security.ssl.CipherSuite.MacAlg.*; 37 import static sun.security.ssl.SSLCipher.*; 38 import sun.security.ssl.SupportedGroupsExtension.NamedGroupType; 39 import static sun.security.ssl.SupportedGroupsExtension.NamedGroupType.*; 40 41 /** 42 * Enum for SSL/(D)TLS cipher suites. 43 * 44 * Please refer to the "TLS Cipher Suite Registry" section for more details 45 * about each cipher suite: 46 * https://www.iana.org/assignments/tls-parameters/tls-parameters.xml 47 */ 48 enum CipherSuite { 49 // 50 // in preference order 51 // 52 53 // Definition of the CipherSuites that are enabled by default. 54 // 55 // They are listed in preference order, most preferred first, using 56 // the following criteria: 57 // 1. Prefer Suite B compliant cipher suites, see RFC6460 (To be 58 // changed later, see below). 59 // 2. Prefer the stronger bulk cipher, in the order of AES_256(GCM), 60 // AES_128(GCM), AES_256, AES_128, 3DES-EDE. 61 // 3. Prefer the stronger MAC algorithm, in the order of SHA384, 62 // SHA256, SHA, MD5. 63 // 4. Prefer the better performance of key exchange and digital 64 // signature algorithm, in the order of ECDHE-ECDSA, ECDHE-RSA, 65 // RSA, ECDH-ECDSA, ECDH-RSA, DHE-RSA, DHE-DSS. 66 67 TLS_AES_128_GCM_SHA256( 68 0x1301, true, "TLS_AES_128_GCM_SHA256", 69 ProtocolVersion.PROTOCOLS_OF_13, B_AES_128_GCM_IV, H_SHA256), 70 TLS_AES_256_GCM_SHA384( 71 0x1302, true, "TLS_AES_256_GCM_SHA384", 72 ProtocolVersion.PROTOCOLS_OF_13, B_AES_256_GCM_IV, H_SHA384), 73 TLS_CHACHA20_POLY1305_SHA256( 74 0x1303, true, "TLS_CHACHA20_POLY1305_SHA256", 75 ProtocolVersion.PROTOCOLS_OF_13, B_CC20_P1305, H_SHA256), 76 77 // Suite B compliant cipher suites, see RFC 6460. 78 // 79 // Note that, at present this provider is not Suite B compliant. The 80 // preference order of the GCM cipher suites does not follow the spec 81 // of RFC 6460. In this section, only two cipher suites are listed 82 // so that applications can make use of Suite-B compliant cipher 83 // suite firstly. 84 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384( 85 0xC02C, true, "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "", 86 ProtocolVersion.PROTOCOLS_OF_12, 87 K_ECDHE_ECDSA, B_AES_256_GCM, M_NULL, H_SHA384), 88 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256( 89 0xC02B, true, "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "", 90 ProtocolVersion.PROTOCOLS_OF_12, 91 K_ECDHE_ECDSA, B_AES_128_GCM, M_NULL, H_SHA256), 92 93 // Not suite B, but we want it to position the suite early in the list 94 // of 1.2 suites. 95 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256( 96 0xCCA9, true, "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", "", 97 ProtocolVersion.PROTOCOLS_OF_12, 98 K_ECDHE_ECDSA, B_CC20_P1305, M_NULL, H_SHA256), 99 100 // AES_256(GCM) 101 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384( 102 0xC030, true, "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "", 103 ProtocolVersion.PROTOCOLS_OF_12, 104 K_ECDHE_RSA, B_AES_256_GCM, M_NULL, H_SHA384), 105 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256( 106 0xCCA8, true, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", "", 107 ProtocolVersion.PROTOCOLS_OF_12, 108 K_ECDHE_RSA, B_CC20_P1305, M_NULL, H_SHA256), 109 TLS_RSA_WITH_AES_256_GCM_SHA384( 110 0x009D, true, "TLS_RSA_WITH_AES_256_GCM_SHA384", "", 111 ProtocolVersion.PROTOCOLS_OF_12, 112 K_RSA, B_AES_256_GCM, M_NULL, H_SHA384), 113 TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384( 114 0xC02E, true, "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384", "", 115 ProtocolVersion.PROTOCOLS_OF_12, 116 K_ECDH_ECDSA, B_AES_256_GCM, M_NULL, H_SHA384), 117 TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384( 118 0xC032, true, "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384", "", 119 ProtocolVersion.PROTOCOLS_OF_12, 120 K_ECDH_RSA, B_AES_256_GCM, M_NULL, H_SHA384), 121 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384( 122 0x009F, true, "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", "", 123 ProtocolVersion.PROTOCOLS_OF_12, 124 K_DHE_RSA, B_AES_256_GCM, M_NULL, H_SHA384), 125 TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256( 126 0xCCAA, true, "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256", "", 127 ProtocolVersion.PROTOCOLS_OF_12, 128 K_DHE_RSA, B_CC20_P1305, M_NULL, H_SHA256), 129 TLS_DHE_DSS_WITH_AES_256_GCM_SHA384( 130 0x00A3, true, "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384", "", 131 ProtocolVersion.PROTOCOLS_OF_12, 132 K_DHE_DSS, B_AES_256_GCM, M_NULL, H_SHA384), 133 134 // AES_128(GCM) 135 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256( 136 0xC02F, true, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "", 137 ProtocolVersion.PROTOCOLS_OF_12, 138 K_ECDHE_RSA, B_AES_128_GCM, M_NULL, H_SHA256), 139 TLS_RSA_WITH_AES_128_GCM_SHA256( 140 0x009C, true, "TLS_RSA_WITH_AES_128_GCM_SHA256", "", 141 ProtocolVersion.PROTOCOLS_OF_12, 142 K_RSA, B_AES_128_GCM, M_NULL, H_SHA256), 143 TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256( 144 0xC02D, true, "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256", "", 145 ProtocolVersion.PROTOCOLS_OF_12, 146 K_ECDH_ECDSA, B_AES_128_GCM, M_NULL, H_SHA256), 147 TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256( 148 0xC031, true, "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256", "", 149 ProtocolVersion.PROTOCOLS_OF_12, 150 K_ECDH_RSA, B_AES_128_GCM, M_NULL, H_SHA256), 151 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256( 152 0x009E, true, "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", "", 153 ProtocolVersion.PROTOCOLS_OF_12, 154 K_DHE_RSA, B_AES_128_GCM, M_NULL, H_SHA256), 155 TLS_DHE_DSS_WITH_AES_128_GCM_SHA256( 156 0x00A2, true, "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256", "", 157 ProtocolVersion.PROTOCOLS_OF_12, 158 K_DHE_DSS, B_AES_128_GCM, M_NULL, H_SHA256), 159 160 // AES_256(CBC) 161 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384( 162 0xC024, true, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "", 163 ProtocolVersion.PROTOCOLS_OF_12, 164 K_ECDHE_ECDSA, B_AES_256, M_SHA384, H_SHA384), 165 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384( 166 0xC028, true, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", "", 167 ProtocolVersion.PROTOCOLS_OF_12, 168 K_ECDHE_RSA, B_AES_256, M_SHA384, H_SHA384), 169 TLS_RSA_WITH_AES_256_CBC_SHA256( 170 0x003D, true, "TLS_RSA_WITH_AES_256_CBC_SHA256", "", 171 ProtocolVersion.PROTOCOLS_OF_12, 172 K_RSA, B_AES_256, M_SHA256, H_SHA256), 173 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384( 174 0xC026, true, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384", "", 175 ProtocolVersion.PROTOCOLS_OF_12, 176 K_ECDH_ECDSA, B_AES_256, M_SHA384, H_SHA384), 177 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384( 178 0xC02A, true, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384", "", 179 ProtocolVersion.PROTOCOLS_OF_12, 180 K_ECDH_RSA, B_AES_256, M_SHA384, H_SHA384), 181 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256( 182 0x006B, true, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", "", 183 ProtocolVersion.PROTOCOLS_OF_12, 184 K_DHE_RSA, B_AES_256, M_SHA256, H_SHA256), 185 TLS_DHE_DSS_WITH_AES_256_CBC_SHA256( 186 0x006A, true, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256", "", 187 ProtocolVersion.PROTOCOLS_OF_12, 188 K_DHE_DSS, B_AES_256, M_SHA256, H_SHA256), 189 190 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA( 191 0xC00A, true, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", "", 192 ProtocolVersion.PROTOCOLS_TO_12, 193 K_ECDHE_ECDSA, B_AES_256, M_SHA, H_SHA256), 194 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA( 195 0xC014, true, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", "", 196 ProtocolVersion.PROTOCOLS_TO_12, 197 K_ECDHE_RSA, B_AES_256, M_SHA, H_SHA256), 198 TLS_RSA_WITH_AES_256_CBC_SHA( 199 0x0035, true, "TLS_RSA_WITH_AES_256_CBC_SHA", "", 200 ProtocolVersion.PROTOCOLS_TO_12, 201 K_RSA, B_AES_256, M_SHA, H_SHA256), 202 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA( 203 0xC005, true, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", "", 204 ProtocolVersion.PROTOCOLS_TO_12, 205 K_ECDH_ECDSA, B_AES_256, M_SHA, H_SHA256), 206 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA( 207 0xC00F, true, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", "", 208 ProtocolVersion.PROTOCOLS_TO_12, 209 K_ECDH_RSA, B_AES_256, M_SHA, H_SHA256), 210 TLS_DHE_RSA_WITH_AES_256_CBC_SHA( 211 0x0039, true, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", "", 212 ProtocolVersion.PROTOCOLS_TO_12, 213 K_DHE_RSA, B_AES_256, M_SHA, H_SHA256), 214 TLS_DHE_DSS_WITH_AES_256_CBC_SHA( 215 0x0038, true, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", "", 216 ProtocolVersion.PROTOCOLS_TO_12, 217 K_DHE_DSS, B_AES_256, M_SHA, H_SHA256), 218 219 // AES_128(CBC) 220 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256( 221 0xC023, true, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "", 222 ProtocolVersion.PROTOCOLS_OF_12, 223 K_ECDHE_ECDSA, B_AES_128, M_SHA256, H_SHA256), 224 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256( 225 0xC027, true, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "", 226 ProtocolVersion.PROTOCOLS_OF_12, 227 K_ECDHE_RSA, B_AES_128, M_SHA256, H_SHA256), 228 TLS_RSA_WITH_AES_128_CBC_SHA256( 229 0x003C, true, "TLS_RSA_WITH_AES_128_CBC_SHA256", "", 230 ProtocolVersion.PROTOCOLS_OF_12, 231 K_RSA, B_AES_128, M_SHA256, H_SHA256), 232 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256( 233 0xC025, true, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256", "", 234 ProtocolVersion.PROTOCOLS_OF_12, 235 K_ECDH_ECDSA, B_AES_128, M_SHA256, H_SHA256), 236 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256( 237 0xC029, true, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256", "", 238 ProtocolVersion.PROTOCOLS_OF_12, 239 K_ECDH_RSA, B_AES_128, M_SHA256, H_SHA256), 240 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256( 241 0x0067, true, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", "", 242 ProtocolVersion.PROTOCOLS_OF_12, 243 K_DHE_RSA, B_AES_128, M_SHA256, H_SHA256), 244 TLS_DHE_DSS_WITH_AES_128_CBC_SHA256( 245 0x0040, true, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", "", 246 ProtocolVersion.PROTOCOLS_OF_12, 247 K_DHE_DSS, B_AES_128, M_SHA256, H_SHA256), 248 249 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA( 250 0xC009, true, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", "", 251 ProtocolVersion.PROTOCOLS_TO_12, 252 K_ECDHE_ECDSA, B_AES_128, M_SHA, H_SHA256), 253 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA( 254 0xC013, true, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", "", 255 ProtocolVersion.PROTOCOLS_TO_12, 256 K_ECDHE_RSA, B_AES_128, M_SHA, H_SHA256), 257 TLS_RSA_WITH_AES_128_CBC_SHA( 258 0x002F, true, "TLS_RSA_WITH_AES_128_CBC_SHA", "", 259 ProtocolVersion.PROTOCOLS_TO_12, 260 K_RSA, B_AES_128, M_SHA, H_SHA256), 261 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA( 262 0xC004, true, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", "", 263 ProtocolVersion.PROTOCOLS_TO_12, 264 K_ECDH_ECDSA, B_AES_128, M_SHA, H_SHA256), 265 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA( 266 0xC00E, true, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", "", 267 ProtocolVersion.PROTOCOLS_TO_12, 268 K_ECDH_RSA, B_AES_128, M_SHA, H_SHA256), 269 TLS_DHE_RSA_WITH_AES_128_CBC_SHA( 270 0x0033, true, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", "", 271 ProtocolVersion.PROTOCOLS_TO_12, 272 K_DHE_RSA, B_AES_128, M_SHA, H_SHA256), 273 TLS_DHE_DSS_WITH_AES_128_CBC_SHA( 274 0x0032, true, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", "", 275 ProtocolVersion.PROTOCOLS_TO_12, 276 K_DHE_DSS, B_AES_128, M_SHA, H_SHA256), 277 278 // 3DES_EDE 279 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA( 280 0xC008, true, "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", "", 281 ProtocolVersion.PROTOCOLS_TO_12, 282 K_ECDHE_ECDSA, B_3DES, M_SHA, H_SHA256), 283 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA( 284 0xC012, true, "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", "", 285 ProtocolVersion.PROTOCOLS_TO_12, 286 K_ECDHE_RSA, B_3DES, M_SHA, H_SHA256), 287 SSL_RSA_WITH_3DES_EDE_CBC_SHA( 288 0x000A, true, "SSL_RSA_WITH_3DES_EDE_CBC_SHA", 289 "TLS_RSA_WITH_3DES_EDE_CBC_SHA", 290 ProtocolVersion.PROTOCOLS_TO_12, 291 K_RSA, B_3DES, M_SHA, H_SHA256), 292 TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA( 293 0xC003, true, "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", "", 294 ProtocolVersion.PROTOCOLS_TO_12, 295 K_ECDH_ECDSA, B_3DES, M_SHA, H_SHA256), 296 TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA( 297 0xC00D, true, "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", "", 298 ProtocolVersion.PROTOCOLS_TO_12, 299 K_ECDH_RSA, B_3DES, M_SHA, H_SHA256), 300 SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA( 301 0x0016, true, "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA", 302 "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA", 303 ProtocolVersion.PROTOCOLS_TO_12, 304 K_DHE_RSA, B_3DES, M_SHA, H_SHA256), 305 SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA( 306 0x0013, true, "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA", 307 "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA", 308 ProtocolVersion.PROTOCOLS_TO_12, 309 K_DHE_DSS, B_3DES, M_SHA, H_SHA256), 310 311 // Renegotiation protection request Signalling Cipher Suite Value (SCSV). 312 TLS_EMPTY_RENEGOTIATION_INFO_SCSV( // RFC 5746, TLS 1.2 and prior 313 0x00FF, true, "TLS_EMPTY_RENEGOTIATION_INFO_SCSV", "", 314 ProtocolVersion.PROTOCOLS_TO_12, 315 K_SCSV, B_NULL, M_NULL, H_NONE), 316 317 // Definition of the CipherSuites that are supported but not enabled 318 // by default. 319 // They are listed in preference order, preferred first, using the 320 // following criteria: 321 // 1. If a cipher suite has been obsoleted, we put it at the end of 322 // the list. 323 // 2. Prefer the stronger bulk cipher, in the order of AES_256, 324 // AES_128, 3DES-EDE, RC-4, DES, DES40, RC4_40, NULL. 325 // 3. Prefer the stronger MAC algorithm, in the order of SHA384, 326 // SHA256, SHA, MD5. 327 // 4. Prefer the better performance of key exchange and digital 328 // signature algorithm, in the order of ECDHE-ECDSA, ECDHE-RSA, 329 // RSA, ECDH-ECDSA, ECDH-RSA, DHE-RSA, DHE-DSS, anonymous. 330 TLS_DH_anon_WITH_AES_256_GCM_SHA384( 331 0x00A7, false, "TLS_DH_anon_WITH_AES_256_GCM_SHA384", "", 332 ProtocolVersion.PROTOCOLS_OF_12, 333 K_DH_ANON, B_AES_256_GCM, M_NULL, H_SHA384), 334 TLS_DH_anon_WITH_AES_128_GCM_SHA256( 335 0x00A6, false, "TLS_DH_anon_WITH_AES_128_GCM_SHA256", "", 336 ProtocolVersion.PROTOCOLS_OF_12, 337 K_DH_ANON, B_AES_128_GCM, M_NULL, H_SHA256), 338 TLS_DH_anon_WITH_AES_256_CBC_SHA256( 339 0x006D, false, "TLS_DH_anon_WITH_AES_256_CBC_SHA256", "", 340 ProtocolVersion.PROTOCOLS_OF_12, 341 K_DH_ANON, B_AES_256, M_SHA256, H_SHA256), 342 TLS_ECDH_anon_WITH_AES_256_CBC_SHA( 343 0xC019, false, "TLS_ECDH_anon_WITH_AES_256_CBC_SHA", "", 344 ProtocolVersion.PROTOCOLS_TO_12, 345 K_ECDH_ANON, B_AES_256, M_SHA, H_SHA256), 346 TLS_DH_anon_WITH_AES_256_CBC_SHA( 347 0x003A, false, "TLS_DH_anon_WITH_AES_256_CBC_SHA", "", 348 ProtocolVersion.PROTOCOLS_TO_12, 349 K_DH_ANON, B_AES_256, M_SHA, H_SHA256), 350 TLS_DH_anon_WITH_AES_128_CBC_SHA256( 351 0x006C, false, "TLS_DH_anon_WITH_AES_128_CBC_SHA256", "", 352 ProtocolVersion.PROTOCOLS_OF_12, 353 K_DH_ANON, B_AES_128, M_SHA256, H_SHA256), 354 TLS_ECDH_anon_WITH_AES_128_CBC_SHA( 355 0xC018, false, "TLS_ECDH_anon_WITH_AES_128_CBC_SHA", "", 356 ProtocolVersion.PROTOCOLS_TO_12, 357 K_ECDH_ANON, B_AES_128, M_SHA, H_SHA256), 358 TLS_DH_anon_WITH_AES_128_CBC_SHA( 359 0x0034, false, "TLS_DH_anon_WITH_AES_128_CBC_SHA", "", 360 ProtocolVersion.PROTOCOLS_TO_12, 361 K_DH_ANON, B_AES_128, M_SHA, H_SHA256), 362 TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA( 363 0xC017, false, "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", "", 364 ProtocolVersion.PROTOCOLS_TO_12, 365 K_ECDH_ANON, B_3DES, M_SHA, H_SHA256), 366 SSL_DH_anon_WITH_3DES_EDE_CBC_SHA( 367 0x001B, false, "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA", 368 "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA", 369 ProtocolVersion.PROTOCOLS_TO_12, 370 K_DH_ANON, B_3DES, M_SHA, H_SHA256), 371 372 // RC4 373 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA( 374 0xC007, false, "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", "", 375 ProtocolVersion.PROTOCOLS_TO_TLS12, 376 K_ECDHE_ECDSA, B_RC4_128, M_SHA, H_SHA256), 377 TLS_ECDHE_RSA_WITH_RC4_128_SHA( 378 0xC011, false, "TLS_ECDHE_RSA_WITH_RC4_128_SHA", "", 379 ProtocolVersion.PROTOCOLS_TO_TLS12, 380 K_ECDHE_RSA, B_RC4_128, M_SHA, H_SHA256), 381 SSL_RSA_WITH_RC4_128_SHA( 382 0x0005, false, "SSL_RSA_WITH_RC4_128_SHA", 383 "TLS_RSA_WITH_RC4_128_SHA", 384 ProtocolVersion.PROTOCOLS_TO_TLS12, 385 K_RSA, B_RC4_128, M_SHA, H_SHA256), 386 TLS_ECDH_ECDSA_WITH_RC4_128_SHA( 387 0xC002, false, "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", "", 388 ProtocolVersion.PROTOCOLS_TO_TLS12, 389 K_ECDH_ECDSA, B_RC4_128, M_SHA, H_SHA256), 390 TLS_ECDH_RSA_WITH_RC4_128_SHA( 391 0xC00C, false, "TLS_ECDH_RSA_WITH_RC4_128_SHA", "", 392 ProtocolVersion.PROTOCOLS_TO_TLS12, 393 K_ECDH_RSA, B_RC4_128, M_SHA, H_SHA256), 394 SSL_RSA_WITH_RC4_128_MD5( 395 0x0004, false, "SSL_RSA_WITH_RC4_128_MD5", 396 "TLS_RSA_WITH_RC4_128_MD5", 397 ProtocolVersion.PROTOCOLS_TO_TLS12, 398 K_RSA, B_RC4_128, M_MD5, H_SHA256), 399 TLS_ECDH_anon_WITH_RC4_128_SHA( 400 0xC016, false, "TLS_ECDH_anon_WITH_RC4_128_SHA", "", 401 ProtocolVersion.PROTOCOLS_TO_TLS12, 402 K_ECDH_ANON, B_RC4_128, M_SHA, H_SHA256), 403 SSL_DH_anon_WITH_RC4_128_MD5( 404 0x0018, false, "SSL_DH_anon_WITH_RC4_128_MD5", 405 "TLS_DH_anon_WITH_RC4_128_MD5", 406 ProtocolVersion.PROTOCOLS_TO_TLS12, 407 K_DH_ANON, B_RC4_128, M_MD5, H_SHA256), 408 409 // weak cipher suites obsoleted in TLS 1.2 [RFC 5246] 410 SSL_RSA_WITH_DES_CBC_SHA( 411 0x0009, false, "SSL_RSA_WITH_DES_CBC_SHA", 412 "TLS_RSA_WITH_DES_CBC_SHA", 413 ProtocolVersion.PROTOCOLS_TO_11, 414 K_RSA, B_DES, M_SHA, H_NONE), 415 SSL_DHE_RSA_WITH_DES_CBC_SHA( 416 0x0015, false, "SSL_DHE_RSA_WITH_DES_CBC_SHA", 417 "TLS_DHE_RSA_WITH_DES_CBC_SHA", 418 ProtocolVersion.PROTOCOLS_TO_11, 419 K_DHE_RSA, B_DES, M_SHA, H_NONE), 420 SSL_DHE_DSS_WITH_DES_CBC_SHA( 421 0x0012, false, "SSL_DHE_DSS_WITH_DES_CBC_SHA", 422 "TLS_DHE_DSS_WITH_DES_CBC_SHA", 423 ProtocolVersion.PROTOCOLS_TO_11, 424 K_DHE_DSS, B_DES, M_SHA, H_NONE), 425 SSL_DH_anon_WITH_DES_CBC_SHA( 426 0x001A, false, "SSL_DH_anon_WITH_DES_CBC_SHA", 427 "TLS_DH_anon_WITH_DES_CBC_SHA", 428 ProtocolVersion.PROTOCOLS_TO_11, 429 K_DH_ANON, B_DES, M_SHA, H_NONE), 430 431 // weak cipher suites obsoleted in TLS 1.1 [RFC 4346] 432 SSL_RSA_EXPORT_WITH_DES40_CBC_SHA( 433 0x0008, false, "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", 434 "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA", 435 ProtocolVersion.PROTOCOLS_TO_10, 436 K_RSA_EXPORT, B_DES_40, M_SHA, H_NONE), 437 SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA( 438 0x0014, false, "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", 439 "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", 440 ProtocolVersion.PROTOCOLS_TO_10, 441 K_DHE_RSA_EXPORT, B_DES_40, M_SHA, H_NONE), 442 SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA( 443 0x0011, false, "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", 444 "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", 445 ProtocolVersion.PROTOCOLS_TO_10, 446 K_DHE_DSS_EXPORT, B_DES_40, M_SHA, H_NONE), 447 SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA( 448 0x0019, false, "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA", 449 "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA", 450 ProtocolVersion.PROTOCOLS_TO_10, 451 K_DH_ANON_EXPORT, B_DES_40, M_SHA, H_NONE), 452 SSL_RSA_EXPORT_WITH_RC4_40_MD5( 453 0x0003, false, "SSL_RSA_EXPORT_WITH_RC4_40_MD5", 454 "TLS_RSA_EXPORT_WITH_RC4_40_MD5", 455 ProtocolVersion.PROTOCOLS_TO_10, 456 K_RSA_EXPORT, B_RC4_40, M_MD5, H_NONE), 457 SSL_DH_anon_EXPORT_WITH_RC4_40_MD5( 458 0x0017, false, "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5", 459 "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5", 460 ProtocolVersion.PROTOCOLS_TO_10, 461 K_DH_ANON, B_RC4_40, M_MD5, H_NONE), 462 463 // no traffic encryption cipher suites 464 TLS_RSA_WITH_NULL_SHA256( 465 0x003B, false, "TLS_RSA_WITH_NULL_SHA256", "", 466 ProtocolVersion.PROTOCOLS_OF_12, 467 K_RSA, B_NULL, M_SHA256, H_SHA256), 468 TLS_ECDHE_ECDSA_WITH_NULL_SHA( 469 0xC006, false, "TLS_ECDHE_ECDSA_WITH_NULL_SHA", "", 470 ProtocolVersion.PROTOCOLS_TO_12, 471 K_ECDHE_ECDSA, B_NULL, M_SHA, H_SHA256), 472 TLS_ECDHE_RSA_WITH_NULL_SHA( 473 0xC010, false, "TLS_ECDHE_RSA_WITH_NULL_SHA", "", 474 ProtocolVersion.PROTOCOLS_TO_12, 475 K_ECDHE_RSA, B_NULL, M_SHA, H_SHA256), 476 SSL_RSA_WITH_NULL_SHA( 477 0x0002, false, "SSL_RSA_WITH_NULL_SHA", 478 "TLS_RSA_WITH_NULL_SHA", 479 ProtocolVersion.PROTOCOLS_TO_12, 480 K_RSA, B_NULL, M_SHA, H_SHA256), 481 TLS_ECDH_ECDSA_WITH_NULL_SHA( 482 0xC001, false, "TLS_ECDH_ECDSA_WITH_NULL_SHA", "", 483 ProtocolVersion.PROTOCOLS_TO_12, 484 K_ECDH_ECDSA, B_NULL, M_SHA, H_SHA256), 485 TLS_ECDH_RSA_WITH_NULL_SHA( 486 0xC00B, false, "TLS_ECDH_RSA_WITH_NULL_SHA", "", 487 ProtocolVersion.PROTOCOLS_TO_12, 488 K_ECDH_RSA, B_NULL, M_SHA, H_SHA256), 489 TLS_ECDH_anon_WITH_NULL_SHA( 490 0xC015, false, "TLS_ECDH_anon_WITH_NULL_SHA", "", 491 ProtocolVersion.PROTOCOLS_TO_12, 492 K_ECDH_ANON, B_NULL, M_SHA, H_SHA256), 493 SSL_RSA_WITH_NULL_MD5( 494 0x0001, false, "SSL_RSA_WITH_NULL_MD5", 495 "TLS_RSA_WITH_NULL_MD5", 496 ProtocolVersion.PROTOCOLS_TO_12, 497 K_RSA, B_NULL, M_MD5, H_SHA256), 498 499 // Definition of the CipherSuites that are not supported but the names 500 // are known. 501 TLS_AES_128_CCM_SHA256( // TLS 1.3 502 "TLS_AES_128_CCM_SHA256", 0x1304), 503 TLS_AES_128_CCM_8_SHA256( // TLS 1.3 504 "TLS_AES_128_CCM_8_SHA256", 0x1305), 505 506 // remaining unsupported ciphersuites defined in RFC2246. 507 CS_0006("SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5", 0x0006), 508 CS_0007("SSL_RSA_WITH_IDEA_CBC_SHA", 0x0007), 509 CS_000B("SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA", 0x000b), 510 CS_000C("SSL_DH_DSS_WITH_DES_CBC_SHA", 0x000c), 511 CS_000D("SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA", 0x000d), 512 CS_000E("SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA", 0x000e), 513 CS_000F("SSL_DH_RSA_WITH_DES_CBC_SHA", 0x000f), 514 CS_0010("SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA", 0x0010), 515 516 // SSL 3.0 Fortezza ciphersuites 517 CS_001C("SSL_FORTEZZA_DMS_WITH_NULL_SHA", 0x001c), 518 CS_001D("SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA", 0x001d), 519 520 // 1024/56 bit exportable ciphersuites from expired internet draft 521 CS_0062("SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA", 0x0062), 522 CS_0063("SSL_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA", 0x0063), 523 CS_0064("SSL_RSA_EXPORT1024_WITH_RC4_56_SHA", 0x0064), 524 CS_0065("SSL_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA", 0x0065), 525 CS_0066("SSL_DHE_DSS_WITH_RC4_128_SHA", 0x0066), 526 527 // Netscape old and new SSL 3.0 FIPS ciphersuites 528 // see http://www.mozilla.org/projects/security/pki/nss/ssl/fips-ssl-ciphersuites.html 529 CS_FFE0("NETSCAPE_RSA_FIPS_WITH_3DES_EDE_CBC_SHA", 0xffe0), 530 CS_FFE1("NETSCAPE_RSA_FIPS_WITH_DES_CBC_SHA", 0xffe1), 531 CS_FEFE("SSL_RSA_FIPS_WITH_DES_CBC_SHA", 0xfefe), 532 CS_FEFF("SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA", 0xfeff), 533 534 // Unsupported Kerberos cipher suites from RFC 2712 535 CS_001E("TLS_KRB5_WITH_DES_CBC_SHA", 0x001E), 536 CS_001F("TLS_KRB5_WITH_3DES_EDE_CBC_SHA", 0x001F), 537 CS_0020("TLS_KRB5_WITH_RC4_128_SHA", 0x0020), 538 CS_0021("TLS_KRB5_WITH_IDEA_CBC_SHA", 0x0021), 539 CS_0022("TLS_KRB5_WITH_DES_CBC_MD5", 0x0022), 540 CS_0023("TLS_KRB5_WITH_3DES_EDE_CBC_MD5", 0x0023), 541 CS_0024("TLS_KRB5_WITH_RC4_128_MD5", 0x0024), 542 CS_0025("TLS_KRB5_WITH_IDEA_CBC_MD5", 0x0025), 543 CS_0026("TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA", 0x0026), 544 CS_0027("TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA", 0x0027), 545 CS_0028("TLS_KRB5_EXPORT_WITH_RC4_40_SHA", 0x0028), 546 CS_0029("TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5", 0x0029), 547 CS_002A("TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5", 0x002a), 548 CS_002B("TLS_KRB5_EXPORT_WITH_RC4_40_MD5", 0x002B), 549 550 // Unsupported cipher suites from RFC 4162 551 CS_0096("TLS_RSA_WITH_SEED_CBC_SHA", 0x0096), 552 CS_0097("TLS_DH_DSS_WITH_SEED_CBC_SHA", 0x0097), 553 CS_0098("TLS_DH_RSA_WITH_SEED_CBC_SHA", 0x0098), 554 CS_0099("TLS_DHE_DSS_WITH_SEED_CBC_SHA", 0x0099), 555 CS_009A("TLS_DHE_RSA_WITH_SEED_CBC_SHA", 0x009a), 556 CS_009B("TLS_DH_anon_WITH_SEED_CBC_SHA", 0x009b), 557 558 // Unsupported cipher suites from RFC 4279 559 CS_008A("TLS_PSK_WITH_RC4_128_SHA", 0x008a), 560 CS_008B("TLS_PSK_WITH_3DES_EDE_CBC_SHA", 0x008b), 561 CS_008C("TLS_PSK_WITH_AES_128_CBC_SHA", 0x008c), 562 CS_008D("TLS_PSK_WITH_AES_256_CBC_SHA", 0x008d), 563 CS_008E("TLS_DHE_PSK_WITH_RC4_128_SHA", 0x008e), 564 CS_008F("TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA", 0x008f), 565 CS_0090("TLS_DHE_PSK_WITH_AES_128_CBC_SHA", 0x0090), 566 CS_0091("TLS_DHE_PSK_WITH_AES_256_CBC_SHA", 0x0091), 567 CS_0092("TLS_RSA_PSK_WITH_RC4_128_SHA", 0x0092), 568 CS_0093("TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA", 0x0093), 569 CS_0094("TLS_RSA_PSK_WITH_AES_128_CBC_SHA", 0x0094), 570 CS_0095("TLS_RSA_PSK_WITH_AES_256_CBC_SHA", 0x0095), 571 572 // Unsupported cipher suites from RFC 4785 573 CS_002C("TLS_PSK_WITH_NULL_SHA", 0x002c), 574 CS_002D("TLS_DHE_PSK_WITH_NULL_SHA", 0x002d), 575 CS_002E("TLS_RSA_PSK_WITH_NULL_SHA", 0x002e), 576 577 // Unsupported cipher suites from RFC 5246 578 CS_0030("TLS_DH_DSS_WITH_AES_128_CBC_SHA", 0x0030), 579 CS_0031("TLS_DH_RSA_WITH_AES_128_CBC_SHA", 0x0031), 580 CS_0036("TLS_DH_DSS_WITH_AES_256_CBC_SHA", 0x0036), 581 CS_0037("TLS_DH_RSA_WITH_AES_256_CBC_SHA", 0x0037), 582 CS_003E("TLS_DH_DSS_WITH_AES_128_CBC_SHA256", 0x003e), 583 CS_003F("TLS_DH_RSA_WITH_AES_128_CBC_SHA256", 0x003f), 584 CS_0068("TLS_DH_DSS_WITH_AES_256_CBC_SHA256", 0x0068), 585 CS_0069("TLS_DH_RSA_WITH_AES_256_CBC_SHA256", 0x0069), 586 587 // Unsupported cipher suites from RFC 5288 588 CS_00A0("TLS_DH_RSA_WITH_AES_128_GCM_SHA256", 0x00a0), 589 CS_00A1("TLS_DH_RSA_WITH_AES_256_GCM_SHA384", 0x00a1), 590 CS_00A4("TLS_DH_DSS_WITH_AES_128_GCM_SHA256", 0x00a4), 591 CS_00A5("TLS_DH_DSS_WITH_AES_256_GCM_SHA384", 0x00a5), 592 593 // Unsupported cipher suites from RFC 5487 594 CS_00A8("TLS_PSK_WITH_AES_128_GCM_SHA256", 0x00a8), 595 CS_00A9("TLS_PSK_WITH_AES_256_GCM_SHA384", 0x00a9), 596 CS_00AA("TLS_DHE_PSK_WITH_AES_128_GCM_SHA256", 0x00aa), 597 CS_00AB("TLS_DHE_PSK_WITH_AES_256_GCM_SHA384", 0x00ab), 598 CS_00AC("TLS_RSA_PSK_WITH_AES_128_GCM_SHA256", 0x00ac), 599 CS_00AD("TLS_RSA_PSK_WITH_AES_256_GCM_SHA384", 0x00ad), 600 CS_00AE("TLS_PSK_WITH_AES_128_CBC_SHA256", 0x00ae), 601 CS_00AF("TLS_PSK_WITH_AES_256_CBC_SHA384", 0x00af), 602 CS_00B0("TLS_PSK_WITH_NULL_SHA256", 0x00b0), 603 CS_00B1("TLS_PSK_WITH_NULL_SHA384", 0x00b1), 604 CS_00B2("TLS_DHE_PSK_WITH_AES_128_CBC_SHA256", 0x00b2), 605 CS_00B3("TLS_DHE_PSK_WITH_AES_256_CBC_SHA384", 0x00b3), 606 CS_00B4("TLS_DHE_PSK_WITH_NULL_SHA256", 0x00b4), 607 CS_00B5("TLS_DHE_PSK_WITH_NULL_SHA384", 0x00b5), 608 CS_00B6("TLS_RSA_PSK_WITH_AES_128_CBC_SHA256", 0x00b6), 609 CS_00B7("TLS_RSA_PSK_WITH_AES_256_CBC_SHA384", 0x00b7), 610 CS_00B8("TLS_RSA_PSK_WITH_NULL_SHA256", 0x00b8), 611 CS_00B9("TLS_RSA_PSK_WITH_NULL_SHA384", 0x00b9), 612 613 // Unsupported cipher suites from RFC 5932 614 CS_0041("TLS_RSA_WITH_CAMELLIA_128_CBC_SHA", 0x0041), 615 CS_0042("TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA", 0x0042), 616 CS_0043("TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA", 0x0043), 617 CS_0044("TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA", 0x0044), 618 CS_0045("TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA", 0x0045), 619 CS_0046("TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA", 0x0046), 620 CS_0084("TLS_RSA_WITH_CAMELLIA_256_CBC_SHA", 0x0084), 621 CS_0085("TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA", 0x0085), 622 CS_0086("TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA", 0x0086), 623 CS_0087("TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA", 0x0087), 624 CS_0088("TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA", 0x0088), 625 CS_0089("TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA", 0x0089), 626 CS_00BA("TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256", 0x00ba), 627 CS_00BB("TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256", 0x00bb), 628 CS_00BC("TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256", 0x00bc), 629 CS_00BD("TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256", 0x00bd), 630 CS_00BE("TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256", 0x00be), 631 CS_00BF("TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256", 0x00bf), 632 CS_00C0("TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256", 0x00c0), 633 CS_00C1("TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256", 0x00c1), 634 CS_00C2("TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256", 0x00c2), 635 CS_00C3("TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256", 0x00c3), 636 CS_00C4("TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256", 0x00c4), 637 CS_00C5("TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256", 0x00c5), 638 639 // TLS Fallback Signaling Cipher Suite Value (SCSV) RFC 7507 640 CS_5600("TLS_FALLBACK_SCSV", 0x5600), 641 642 // Unsupported cipher suites from RFC 5054 643 CS_C01A("TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA", 0xc01a), 644 CS_C01B("TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA", 0xc01b), 645 CS_C01C("TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA", 0xc01c), 646 CS_C01D("TLS_SRP_SHA_WITH_AES_128_CBC_SHA", 0xc01d), 647 CS_C01E("TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA", 0xc01e), 648 CS_C01F("TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA", 0xc01f), 649 CS_C020("TLS_SRP_SHA_WITH_AES_256_CBC_SHA", 0xc020), 650 CS_C021("TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA", 0xc021), 651 CS_C022("TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA", 0xc022), 652 653 // Unsupported cipher suites from RFC 5489 654 CS_C033("TLS_ECDHE_PSK_WITH_RC4_128_SHA", 0xc033), 655 CS_C034("TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA", 0xc034), 656 CS_C035("TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA", 0xc035), 657 CS_C036("TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA", 0xc036), 658 CS_C037("TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256", 0xc037), 659 CS_C038("TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384", 0xc038), 660 CS_C039("TLS_ECDHE_PSK_WITH_NULL_SHA", 0xc039), 661 CS_C03A("TLS_ECDHE_PSK_WITH_NULL_SHA256", 0xc03a), 662 CS_C03B("TLS_ECDHE_PSK_WITH_NULL_SHA384", 0xc03b), 663 664 // Unsupported cipher suites from RFC 6209 665 CS_C03C("TLS_RSA_WITH_ARIA_128_CBC_SHA256", 0xc03c), 666 CS_C03D("TLS_RSA_WITH_ARIA_256_CBC_SHA384", 0xc03d), 667 CS_C03E("TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256", 0xc03e), 668 CS_C03F("TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384", 0xc03f), 669 CS_C040("TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256", 0xc040), 670 CS_C041("TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384", 0xc041), 671 CS_C042("TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256", 0xc042), 672 CS_C043("TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384", 0xc043), 673 CS_C044("TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256", 0xc044), 674 CS_C045("TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384", 0xc045), 675 CS_C046("TLS_DH_anon_WITH_ARIA_128_CBC_SHA256", 0xc046), 676 CS_C047("TLS_DH_anon_WITH_ARIA_256_CBC_SHA384", 0xc047), 677 CS_C048("TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256", 0xc048), 678 CS_C049("TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384", 0xc049), 679 CS_C04A("TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256", 0xc04a), 680 CS_C04B("TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384", 0xc04b), 681 CS_C04C("TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256", 0xc04c), 682 CS_C04D("TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384", 0xc04d), 683 CS_C04E("TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256", 0xc04e), 684 CS_C04F("TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384", 0xc04f), 685 CS_C050("TLS_RSA_WITH_ARIA_128_GCM_SHA256", 0xc050), 686 CS_C051("TLS_RSA_WITH_ARIA_256_GCM_SHA384", 0xc051), 687 CS_C052("TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256", 0xc052), 688 CS_C053("TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384", 0xc053), 689 CS_C054("TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256", 0xc054), 690 CS_C055("TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384", 0xc055), 691 CS_C056("TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256", 0xc056), 692 CS_C057("TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384", 0xc057), 693 CS_C058("TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256", 0xc058), 694 CS_C059("TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384", 0xc059), 695 CS_C05A("TLS_DH_anon_WITH_ARIA_128_GCM_SHA256", 0xc05a), 696 CS_C05B("TLS_DH_anon_WITH_ARIA_256_GCM_SHA384", 0xc05b), 697 CS_C05C("TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256", 0xc05c), 698 CS_C05D("TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384", 0xc05d), 699 CS_C05E("TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256", 0xc05e), 700 CS_C05F("TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384", 0xc05f), 701 CS_C060("TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256", 0xc060), 702 CS_C061("TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384", 0xc061), 703 CS_C062("TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256", 0xc062), 704 CS_C063("TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384", 0xc063), 705 CS_C064("TLS_PSK_WITH_ARIA_128_CBC_SHA256", 0xc064), 706 CS_C065("TLS_PSK_WITH_ARIA_256_CBC_SHA384", 0xc065), 707 CS_C066("TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256", 0xc066), 708 CS_C067("TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384", 0xc067), 709 CS_C068("TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256", 0xc068), 710 CS_C069("TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384", 0xc069), 711 CS_C06A("TLS_PSK_WITH_ARIA_128_GCM_SHA256", 0xc06a), 712 CS_C06B("TLS_PSK_WITH_ARIA_256_GCM_SHA384", 0xc06b), 713 CS_C06C("TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256", 0xc06c), 714 CS_C06D("TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384", 0xc06d), 715 CS_C06E("TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256", 0xc06e), 716 CS_C06F("TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384", 0xc06f), 717 CS_C070("TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256", 0xc070), 718 CS_C071("TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384", 0xc071), 719 720 // Unsupported cipher suites from RFC 6367 721 CS_C072("TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256", 0xc072), 722 CS_C073("TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384", 0xc073), 723 CS_C074("TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256", 0xc074), 724 CS_C075("TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384", 0xc075), 725 CS_C076("TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256", 0xc076), 726 CS_C077("TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384", 0xc077), 727 CS_C078("TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256", 0xc078), 728 CS_C079("TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384", 0xc079), 729 CS_C07A("TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc07a), 730 CS_C07B("TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc07b), 731 CS_C07C("TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc07c), 732 CS_C07D("TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc07d), 733 CS_C07E("TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc07e), 734 CS_C07F("TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc07f), 735 CS_C080("TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256", 0xc080), 736 CS_C081("TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384", 0xc081), 737 CS_C082("TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256", 0xc082), 738 CS_C083("TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384", 0xc083), 739 CS_C084("TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256", 0xc084), 740 CS_C085("TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384", 0xc085), 741 CS_C086("TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc086), 742 CS_C087("TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc087), 743 CS_C088("TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc088), 744 CS_C089("TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc089), 745 CS_C08A("TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc08a), 746 CS_C08B("TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc08b), 747 CS_C08C("TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc08c), 748 CS_C08D("TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc08d), 749 CS_C08E("TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256", 0xc08e), 750 CS_C08F("TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384", 0xc08f), 751 CS_C090("TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256", 0xc090), 752 CS_C091("TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384", 0xc091), 753 CS_C092("TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256", 0xc092), 754 CS_C093("TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384", 0xc093), 755 CS_C094("TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256", 0xc094), 756 CS_C095("TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384", 0xc095), 757 CS_C096("TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256", 0xc096), 758 CS_C097("TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384", 0xc097), 759 CS_C098("TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256", 0xc098), 760 CS_C099("TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384", 0xc099), 761 CS_C09A("TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256", 0xc09a), 762 CS_C09B("TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384", 0xc09b), 763 764 // Unsupported cipher suites from RFC 6655 765 CS_C09C("TLS_RSA_WITH_AES_128_CCM", 0xc09c), 766 CS_C09D("TLS_RSA_WITH_AES_256_CCM", 0xc09d), 767 CS_C09E("TLS_DHE_RSA_WITH_AES_128_CCM", 0xc09e), 768 CS_C09F("TLS_DHE_RSA_WITH_AES_256_CCM", 0xc09f), 769 CS_C0A0("TLS_RSA_WITH_AES_128_CCM_8", 0xc0A0), 770 CS_C0A1("TLS_RSA_WITH_AES_256_CCM_8", 0xc0A1), 771 CS_C0A2("TLS_DHE_RSA_WITH_AES_128_CCM_8", 0xc0A2), 772 CS_C0A3("TLS_DHE_RSA_WITH_AES_256_CCM_8", 0xc0A3), 773 CS_C0A4("TLS_PSK_WITH_AES_128_CCM", 0xc0A4), 774 CS_C0A5("TLS_PSK_WITH_AES_256_CCM", 0xc0A5), 775 CS_C0A6("TLS_DHE_PSK_WITH_AES_128_CCM", 0xc0A6), 776 CS_C0A7("TLS_DHE_PSK_WITH_AES_256_CCM", 0xc0A7), 777 CS_C0A8("TLS_PSK_WITH_AES_128_CCM_8", 0xc0A8), 778 CS_C0A9("TLS_PSK_WITH_AES_256_CCM_8", 0xc0A9), 779 CS_C0AA("TLS_PSK_DHE_WITH_AES_128_CCM_8", 0xc0Aa), 780 CS_C0AB("TLS_PSK_DHE_WITH_AES_256_CCM_8", 0xc0Ab), 781 782 // Unsupported cipher suites from RFC 7251 783 CS_C0AC("TLS_ECDHE_ECDSA_WITH_AES_128_CCM", 0xc0Ac), 784 CS_C0AD("TLS_ECDHE_ECDSA_WITH_AES_256_CCM", 0xc0Ad), 785 CS_C0AE("TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8", 0xc0Ae), 786 CS_C0AF("TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8", 0xc0Af), 787 788 C_NULL("SSL_NULL_WITH_NULL_NULL", 0x0000); 789 790 final int id; 791 final boolean isDefaultEnabled; 792 final String name; 793 final List<String> aliases; 794 final List<ProtocolVersion> supportedProtocols; 795 final KeyExchange keyExchange; 796 final SSLCipher bulkCipher; 797 final MacAlg macAlg; 798 final HashAlg hashAlg; 799 800 final boolean exportable; 801 802 // known but unsupported cipher suite CipherSuite(String name, int id)803 private CipherSuite(String name, int id) { 804 this(id, false, name, "", 805 ProtocolVersion.PROTOCOLS_EMPTY, null, null, null, null); 806 } 807 808 // TLS 1.3 cipher suite CipherSuite(int id, boolean isDefaultEnabled, String name, ProtocolVersion[] supportedProtocols, SSLCipher bulkCipher, HashAlg hashAlg)809 private CipherSuite(int id, boolean isDefaultEnabled, 810 String name, ProtocolVersion[] supportedProtocols, 811 SSLCipher bulkCipher, HashAlg hashAlg) { 812 this(id, isDefaultEnabled, name, "", 813 supportedProtocols, null, bulkCipher, M_NULL, hashAlg); 814 } 815 CipherSuite(int id, boolean isDefaultEnabled, String name, String aliases, ProtocolVersion[] supportedProtocols, KeyExchange keyExchange, SSLCipher cipher, MacAlg macAlg, HashAlg hashAlg)816 private CipherSuite(int id, boolean isDefaultEnabled, 817 String name, String aliases, 818 ProtocolVersion[] supportedProtocols, 819 KeyExchange keyExchange, SSLCipher cipher, 820 MacAlg macAlg, HashAlg hashAlg) { 821 this.id = id; 822 this.isDefaultEnabled = isDefaultEnabled; 823 this.name = name; 824 if (!aliases.isEmpty()) { 825 this.aliases = Arrays.asList(aliases.split(",")); 826 } else { 827 this.aliases = Collections.emptyList(); 828 } 829 this.supportedProtocols = Arrays.asList(supportedProtocols); 830 this.keyExchange = keyExchange; 831 this.bulkCipher = cipher; 832 this.macAlg = macAlg; 833 this.hashAlg = hashAlg; 834 835 this.exportable = (cipher == null ? false : cipher.exportable); 836 } 837 nameOf(String ciperSuiteName)838 static CipherSuite nameOf(String ciperSuiteName) { 839 for (CipherSuite cs : CipherSuite.values()) { 840 if (cs.name.equals(ciperSuiteName) || 841 cs.aliases.contains(ciperSuiteName)) { 842 return cs; 843 } 844 } 845 846 return null; 847 } 848 valueOf(int id)849 static CipherSuite valueOf(int id) { 850 for (CipherSuite cs : CipherSuite.values()) { 851 if (cs.id == id) { 852 return cs; 853 } 854 } 855 856 return null; 857 } 858 nameOf(int id)859 static String nameOf(int id) { 860 for (CipherSuite cs : CipherSuite.values()) { 861 if (cs.id == id) { 862 return cs.name; 863 } 864 } 865 866 return "UNKNOWN-CIPHER-SUITE(" + Utilities.byte16HexString(id) + ")"; 867 } 868 allowedCipherSuites()869 static Collection<CipherSuite> allowedCipherSuites() { 870 Collection<CipherSuite> cipherSuites = new LinkedList<>(); 871 for (CipherSuite cs : CipherSuite.values()) { 872 if (!cs.supportedProtocols.isEmpty()) { 873 cipherSuites.add(cs); 874 } else { 875 // values() is ordered, remaining cipher suites are 876 // not supported. 877 break; 878 } 879 } 880 return cipherSuites; 881 } 882 defaultCipherSuites()883 static Collection<CipherSuite> defaultCipherSuites() { 884 Collection<CipherSuite> cipherSuites = new LinkedList<>(); 885 for (CipherSuite cs : CipherSuite.values()) { 886 if (cs.isDefaultEnabled) { 887 cipherSuites.add(cs); 888 } else { 889 // values() is ordered, remaining cipher suites are 890 // not enabled. 891 break; 892 } 893 } 894 return cipherSuites; 895 } 896 897 /** 898 * Validates and converts an array of cipher suite names. 899 * 900 * @throws IllegalArgumentException when one or more of the ciphers named 901 * by the parameter is not supported, or when the parameter is null. 902 */ validValuesOf(String[] names)903 static List<CipherSuite> validValuesOf(String[] names) { 904 if (names == null) { 905 throw new IllegalArgumentException("CipherSuites cannot be null"); 906 } 907 908 List<CipherSuite> cipherSuites = new ArrayList<>(names.length); 909 for (String name : names) { 910 if (name == null || name.isEmpty()) { 911 throw new IllegalArgumentException( 912 "The specified CipherSuites array contains " + 913 "invalid null or empty string elements"); 914 } 915 916 boolean found = false; 917 for (CipherSuite cs : CipherSuite.values()) { 918 if (!cs.supportedProtocols.isEmpty()) { 919 if (cs.name.equals(name) || 920 cs.aliases.contains(name)) { 921 cipherSuites.add(cs); 922 found = true; 923 break; 924 } 925 } else { 926 // values() is ordered, remaining cipher suites are 927 // not supported. 928 break; 929 } 930 } 931 if (!found) { 932 throw new IllegalArgumentException( 933 "Unsupported CipherSuite: " + name); 934 } 935 } 936 937 return Collections.unmodifiableList(cipherSuites); 938 } 939 namesOf(List<CipherSuite> cipherSuites)940 static String[] namesOf(List<CipherSuite> cipherSuites) { 941 String[] names = new String[cipherSuites.size()]; 942 int i = 0; 943 for (CipherSuite cipherSuite : cipherSuites) { 944 names[i++] = cipherSuite.name; 945 } 946 947 return names; 948 } 949 isAvailable()950 boolean isAvailable() { 951 // Note: keyExchange is null for TLS 1.3 CipherSuites. 952 return !supportedProtocols.isEmpty() && 953 (keyExchange == null || keyExchange.isAvailable()) && 954 bulkCipher != null && bulkCipher.isAvailable(); 955 } 956 supports(ProtocolVersion protocolVersion)957 public boolean supports(ProtocolVersion protocolVersion) { 958 return supportedProtocols.contains(protocolVersion); 959 } 960 isNegotiable()961 boolean isNegotiable() { 962 return this != TLS_EMPTY_RENEGOTIATION_INFO_SCSV && isAvailable(); 963 } 964 isAnonymous()965 boolean isAnonymous() { 966 return (keyExchange != null && keyExchange.isAnonymous); 967 } 968 969 // See also SSLWriteCipher.calculatePacketSize(). calculatePacketSize(int fragmentSize, ProtocolVersion protocolVersion, boolean isDTLS)970 int calculatePacketSize(int fragmentSize, 971 ProtocolVersion protocolVersion, boolean isDTLS) { 972 int packetSize = fragmentSize; 973 if (bulkCipher != null && bulkCipher != B_NULL) { 974 int blockSize = bulkCipher.ivSize; 975 switch (bulkCipher.cipherType) { 976 case BLOCK_CIPHER: 977 packetSize += macAlg.size; 978 packetSize += 1; // 1 byte padding length field 979 packetSize += // use the minimal padding 980 (blockSize - (packetSize % blockSize)) % blockSize; 981 if (protocolVersion.useTLS11PlusSpec()) { 982 packetSize += blockSize; // explicit IV 983 } 984 985 break; 986 case AEAD_CIPHER: 987 if (protocolVersion == ProtocolVersion.TLS12 || 988 protocolVersion == ProtocolVersion.DTLS12) { 989 packetSize += 990 bulkCipher.ivSize - bulkCipher.fixedIvSize; 991 } 992 packetSize += bulkCipher.tagSize; 993 994 break; 995 default: // NULL_CIPHER or STREAM_CIPHER 996 packetSize += macAlg.size; 997 } 998 } 999 1000 return packetSize + 1001 (isDTLS ? DTLSRecord.headerSize : SSLRecord.headerSize); 1002 } 1003 1004 // See also CipherBox.calculateFragmentSize(). calculateFragSize(int packetLimit, ProtocolVersion protocolVersion, boolean isDTLS)1005 int calculateFragSize(int packetLimit, 1006 ProtocolVersion protocolVersion, boolean isDTLS) { 1007 int fragSize = packetLimit - 1008 (isDTLS ? DTLSRecord.headerSize : SSLRecord.headerSize); 1009 if (bulkCipher != null && bulkCipher != B_NULL) { 1010 int blockSize = bulkCipher.ivSize; 1011 switch (bulkCipher.cipherType) { 1012 case BLOCK_CIPHER: 1013 if (protocolVersion.useTLS11PlusSpec()) { 1014 fragSize -= blockSize; // explicit IV 1015 } 1016 fragSize -= (fragSize % blockSize); // cannot hold a block 1017 // No padding for a maximum fragment. 1018 fragSize -= 1; // 1 byte padding length field: 0x00 1019 fragSize -= macAlg.size; 1020 1021 break; 1022 case AEAD_CIPHER: 1023 fragSize -= bulkCipher.tagSize; 1024 fragSize -= bulkCipher.ivSize - bulkCipher.fixedIvSize; 1025 1026 break; 1027 default: // NULL_CIPHER or STREAM_CIPHER 1028 fragSize -= macAlg.size; 1029 } 1030 } 1031 1032 return fragSize; 1033 } 1034 1035 /** 1036 * An SSL/TLS key exchange algorithm. 1037 */ 1038 static enum KeyExchange { 1039 K_NULL ("NULL", false, true, NAMED_GROUP_NONE), 1040 K_RSA ("RSA", true, false, NAMED_GROUP_NONE), 1041 K_RSA_EXPORT ("RSA_EXPORT", true, false, NAMED_GROUP_NONE), 1042 K_DH_RSA ("DH_RSA", false, false, NAMED_GROUP_NONE), 1043 K_DH_DSS ("DH_DSS", false, false, NAMED_GROUP_NONE), 1044 K_DHE_DSS ("DHE_DSS", true, false, NAMED_GROUP_FFDHE), 1045 K_DHE_DSS_EXPORT("DHE_DSS_EXPORT", true, false, NAMED_GROUP_NONE), 1046 K_DHE_RSA ("DHE_RSA", true, false, NAMED_GROUP_FFDHE), 1047 K_DHE_RSA_EXPORT("DHE_RSA_EXPORT", true, false, NAMED_GROUP_NONE), 1048 K_DH_ANON ("DH_anon", true, true, NAMED_GROUP_FFDHE), 1049 K_DH_ANON_EXPORT("DH_anon_EXPORT", true, true, NAMED_GROUP_NONE), 1050 1051 K_ECDH_ECDSA ("ECDH_ECDSA", true, false, NAMED_GROUP_ECDHE), 1052 K_ECDH_RSA ("ECDH_RSA", true, false, NAMED_GROUP_ECDHE), 1053 K_ECDHE_ECDSA ("ECDHE_ECDSA", true, false, NAMED_GROUP_ECDHE), 1054 K_ECDHE_RSA ("ECDHE_RSA", true, false, NAMED_GROUP_ECDHE), 1055 K_ECDH_ANON ("ECDH_anon", true, true, NAMED_GROUP_ECDHE), 1056 1057 // renegotiation protection request signaling cipher suite 1058 K_SCSV ("SCSV", true, true, NAMED_GROUP_NONE); 1059 1060 // name of the key exchange algorithm, e.g. DHE_DSS 1061 final String name; 1062 final boolean allowed; 1063 final NamedGroupType groupType; 1064 private final boolean alwaysAvailable; 1065 private final boolean isAnonymous; 1066 KeyExchange(String name, boolean allowed, boolean isAnonymous, NamedGroupType groupType)1067 KeyExchange(String name, boolean allowed, 1068 boolean isAnonymous, NamedGroupType groupType) { 1069 this.name = name; 1070 if (groupType == NAMED_GROUP_ECDHE) { 1071 this.allowed = JsseJce.ALLOW_ECC; 1072 } else { 1073 this.allowed = allowed; 1074 } 1075 this.groupType = groupType; 1076 this.alwaysAvailable = allowed && (!name.startsWith("EC")); 1077 this.isAnonymous = isAnonymous; 1078 } 1079 isAvailable()1080 boolean isAvailable() { 1081 if (alwaysAvailable) { 1082 return true; 1083 } 1084 1085 if (groupType == NAMED_GROUP_ECDHE) { 1086 return (allowed && JsseJce.isEcAvailable()); 1087 } else { 1088 return allowed; 1089 } 1090 } 1091 1092 @Override toString()1093 public String toString() { 1094 return name; 1095 } 1096 } 1097 1098 /** 1099 * An SSL/TLS key MAC algorithm. 1100 * 1101 * Also contains a factory method to obtain an initialized MAC 1102 * for this algorithm. 1103 */ 1104 static enum MacAlg { 1105 M_NULL ("NULL", 0, 0, 0), 1106 M_MD5 ("MD5", 16, 64, 9), 1107 M_SHA ("SHA", 20, 64, 9), 1108 M_SHA256 ("SHA256", 32, 64, 9), 1109 M_SHA384 ("SHA384", 48, 128, 17); 1110 1111 // descriptive name, e.g. MD5 1112 final String name; 1113 1114 // size of the MAC value (and MAC key) in bytes 1115 final int size; 1116 1117 // block size of the underlying hash algorithm 1118 final int hashBlockSize; 1119 1120 // minimal padding size of the underlying hash algorithm 1121 final int minimalPaddingSize; 1122 MacAlg(String name, int size, int hashBlockSize, int minimalPaddingSize)1123 MacAlg(String name, int size, 1124 int hashBlockSize, int minimalPaddingSize) { 1125 this.name = name; 1126 this.size = size; 1127 this.hashBlockSize = hashBlockSize; 1128 this.minimalPaddingSize = minimalPaddingSize; 1129 } 1130 1131 @Override toString()1132 public String toString() { 1133 return name; 1134 } 1135 } 1136 1137 /** 1138 * The hash algorithms used for PRF (PseudoRandom Function) or HKDF. 1139 * 1140 * Note that TLS 1.1- uses a single MD5/SHA1-based PRF algorithm for 1141 * generating the necessary material. 1142 */ 1143 static enum HashAlg { 1144 H_NONE ("NONE", 0, 0), 1145 H_SHA256 ("SHA-256", 32, 64), 1146 H_SHA384 ("SHA-384", 48, 128); 1147 1148 final String name; 1149 final int hashLength; 1150 final int blockSize; 1151 HashAlg(String hashAlg, int hashLength, int blockSize)1152 HashAlg(String hashAlg, int hashLength, int blockSize) { 1153 this.name = hashAlg; 1154 this.hashLength = hashLength; 1155 this.blockSize = blockSize; 1156 } 1157 1158 @Override toString()1159 public String toString() { 1160 return name; 1161 } 1162 } 1163 } 1164