summaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authoragl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2013-06-12 17:26:57 +0000
committeragl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2013-06-12 17:26:57 +0000
commitb6c1d9e8c516896e616e8f1924c1a237175ddd59 (patch)
treebb89897c3f5a4e83bc5b09fd49308b809bd0784c /net
parenta3ba79d325a69f9844f456a311447af90629b6a0 (diff)
downloadchromium_src-b6c1d9e8c516896e616e8f1924c1a237175ddd59.zip
chromium_src-b6c1d9e8c516896e616e8f1924c1a237175ddd59.tar.gz
chromium_src-b6c1d9e8c516896e616e8f1924c1a237175ddd59.tar.bz2
net: add a new message for AEAD ciphers.
Currently we display GCM ciphersuites as "CTR" mode for the encryption with a MAC of "GHASH". This change adds a new template for AEAD modes that lets us express that both encryption and authentication are provided by the same primitive. BUG=none Review URL: https://chromiumcodereview.appspot.com/15714010 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@205848 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net')
-rw-r--r--net/ssl/ssl_cipher_suite_names.cc126
-rw-r--r--net/ssl/ssl_cipher_suite_names.h2
-rw-r--r--net/ssl/ssl_cipher_suite_names_unittest.cc15
3 files changed, 80 insertions, 63 deletions
diff --git a/net/ssl/ssl_cipher_suite_names.cc b/net/ssl/ssl_cipher_suite_names.cc
index ef28d47..f12d017 100644
--- a/net/ssl/ssl_cipher_suite_names.cc
+++ b/net/ssl/ssl_cipher_suite_names.cc
@@ -101,18 +101,18 @@ static const struct CipherSuite kCipherSuites[] = {
{0x99, 0x862}, // TLS_DHE_DSS_WITH_SEED_CBC_SHA
{0x9a, 0xa62}, // TLS_DHE_RSA_WITH_SEED_CBC_SHA
{0x9b, 0xc62}, // TLS_DH_anon_WITH_SEED_CBC_SHA
- {0x9c, 0x16c}, // TLS_RSA_WITH_AES_128_GCM_SHA256
- {0x9d, 0x174}, // TLS_RSA_WITH_AES_256_GCM_SHA384
- {0x9e, 0xa6c}, // TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
- {0x9f, 0xa74}, // TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
- {0xa0, 0x66c}, // TLS_DH_RSA_WITH_AES_128_GCM_SHA256
- {0xa1, 0x674}, // TLS_DH_RSA_WITH_AES_256_GCM_SHA384
- {0xa2, 0x86c}, // TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
- {0xa3, 0x874}, // TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
- {0xa4, 0x46c}, // TLS_DH_DSS_WITH_AES_128_GCM_SHA256
- {0xa5, 0x474}, // TLS_DH_DSS_WITH_AES_256_GCM_SHA384
- {0xa6, 0xc6c}, // TLS_DH_anon_WITH_AES_128_GCM_SHA256
- {0xa7, 0xc74}, // TLS_DH_anon_WITH_AES_256_GCM_SHA384
+ {0x9c, 0x16f}, // TLS_RSA_WITH_AES_128_GCM_SHA256
+ {0x9d, 0x177}, // TLS_RSA_WITH_AES_256_GCM_SHA384
+ {0x9e, 0xa6f}, // TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
+ {0x9f, 0xa77}, // TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
+ {0xa0, 0x66f}, // TLS_DH_RSA_WITH_AES_128_GCM_SHA256
+ {0xa1, 0x677}, // TLS_DH_RSA_WITH_AES_256_GCM_SHA384
+ {0xa2, 0x86f}, // TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
+ {0xa3, 0x877}, // TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
+ {0xa4, 0x46f}, // TLS_DH_DSS_WITH_AES_128_GCM_SHA256
+ {0xa5, 0x477}, // TLS_DH_DSS_WITH_AES_256_GCM_SHA384
+ {0xa6, 0xc6f}, // TLS_DH_anon_WITH_AES_128_GCM_SHA256
+ {0xa7, 0xc77}, // TLS_DH_anon_WITH_AES_256_GCM_SHA384
{0xba, 0x153}, // TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
{0xbb, 0x453}, // TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256
{0xbc, 0x653}, // TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256
@@ -151,49 +151,49 @@ static const struct CipherSuite kCipherSuites[] = {
{0xc018, 0x1142}, // TLS_ECDH_anon_WITH_AES_128_CBC_SHA
{0xc019, 0x114a}, // TLS_ECDH_anon_WITH_AES_256_CBC_SHA
{0xc023, 0xe43}, // TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
- {0xc024, 0xe4d}, // TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
+ {0xc024, 0xe4c}, // TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
{0xc025, 0xd43}, // TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
- {0xc026, 0xd4d}, // TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
+ {0xc026, 0xd4c}, // TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
{0xc027, 0x1043}, // TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
- {0xc028, 0x104d}, // TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
+ {0xc028, 0x104c}, // TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
{0xc029, 0xf43}, // TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
- {0xc02a, 0xf4d}, // TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
- {0xc02b, 0xe6c}, // TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- {0xc02c, 0xe74}, // TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- {0xc02d, 0xd6c}, // TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
- {0xc02e, 0xd74}, // TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
- {0xc02f, 0x106c}, // TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- {0xc030, 0x1074}, // TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- {0xc031, 0xf6c}, // TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
- {0xc032, 0xf74}, // TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
+ {0xc02a, 0xf4c}, // TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
+ {0xc02b, 0xe6f}, // TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+ {0xc02c, 0xe77}, // TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+ {0xc02d, 0xd6f}, // TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
+ {0xc02e, 0xd77}, // TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
+ {0xc02f, 0x106f}, // TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+ {0xc030, 0x1077}, // TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+ {0xc031, 0xf6f}, // TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
+ {0xc032, 0xf77}, // TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
{0xc072, 0xe53}, // TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
- {0xc073, 0xe5d}, // TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
+ {0xc073, 0xe5c}, // TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
{0xc074, 0xd53}, // TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
- {0xc075, 0xd5d}, // TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
+ {0xc075, 0xd5c}, // TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
{0xc076, 0x1053}, // TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
- {0xc077, 0x105d}, // TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
+ {0xc077, 0x105c}, // TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
{0xc078, 0xf53}, // TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
- {0xc079, 0xf5d}, // TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
- {0xc07a, 0x17c}, // TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
- {0xc07b, 0x184}, // TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
- {0xc07c, 0xa7c}, // TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
- {0xc07d, 0xa84}, // TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
- {0xc07e, 0x67c}, // TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256
- {0xc07f, 0x684}, // TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384
- {0xc080, 0x87c}, // TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256
- {0xc081, 0x884}, // TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384
- {0xc082, 0x47c}, // TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256
- {0xc083, 0x484}, // TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384
- {0xc084, 0xc7c}, // TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256
- {0xc085, 0xc84}, // TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384
- {0xc086, 0xe7c}, // TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
- {0xc087, 0xe84}, // TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
- {0xc088, 0xd7c}, // TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
- {0xc089, 0xd84}, // TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
- {0xc08a, 0x107c}, // TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
- {0xc08b, 0x1084}, // TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
- {0xc08c, 0xf7c}, // TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
- {0xc08d, 0xf84}, // TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ {0xc079, 0xf5c}, // TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
+ {0xc07a, 0x17f}, // TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ {0xc07b, 0x187}, // TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ {0xc07c, 0xa7f}, // TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ {0xc07d, 0xa87}, // TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ {0xc07e, 0x67f}, // TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ {0xc07f, 0x687}, // TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ {0xc080, 0x87f}, // TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256
+ {0xc081, 0x887}, // TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384
+ {0xc082, 0x47f}, // TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256
+ {0xc083, 0x487}, // TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384
+ {0xc084, 0xc7f}, // TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256
+ {0xc085, 0xc87}, // TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384
+ {0xc086, 0xe7f}, // TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
+ {0xc087, 0xe87}, // TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
+ {0xc088, 0xd7f}, // TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
+ {0xc089, 0xd87}, // TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
+ {0xc08a, 0x107f}, // TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ {0xc08b, 0x1087}, // TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ {0xc08c, 0xf7f}, // TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ {0xc08d, 0xf87}, // TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
};
static const struct {
@@ -235,23 +235,25 @@ static const struct {
{"CAMELLIA_128_CBC"}, // 10
{"CAMELLIA_256_CBC"}, // 11
{"SEED_CBC"}, // 12
- {"AES_128_CTR"}, // 13
- {"AES_256_CTR"}, // 14
- {"CAMELLIA_128_CTR"}, // 15
- {"CAMELLIA_256_CTR"}, // 16
+ {"AES_128_GCM"}, // 13
+ {"AES_256_GCM"}, // 14
+ {"CAMELLIA_128_GCM"}, // 15
+ {"CAMELLIA_256_GCM"}, // 16
};
static const struct {
- char name[10];
-} kMacNames[6] = {
+ char name[7];
+} kMacNames[5] = {
{"NULL"}, // 0
{"MD5"}, // 1
{"SHA1"}, // 2
{"SHA256"}, // 3
- {"GHASH_128"}, // 4
- {"SHA384"}, // 5
+ {"SHA384"}, // 4
+ // 7 is reserved to indicate an AEAD cipher suite.
};
+static const int kAEADMACValue = 7;
+
namespace net {
static int CipherSuiteCmp(const void* ia, const void* ib) {
@@ -269,8 +271,11 @@ static int CipherSuiteCmp(const void* ia, const void* ib) {
void SSLCipherSuiteToStrings(const char** key_exchange_str,
const char** cipher_str,
- const char** mac_str, uint16 cipher_suite) {
+ const char** mac_str,
+ bool *is_aead,
+ uint16 cipher_suite) {
*key_exchange_str = *cipher_str = *mac_str = "???";
+ *is_aead = false;
struct CipherSuite desired = {0};
desired.cipher_suite = cipher_suite;
@@ -290,7 +295,12 @@ void SSLCipherSuiteToStrings(const char** key_exchange_str,
*key_exchange_str = kKeyExchangeNames[key_exchange].name;
*cipher_str = kCipherNames[cipher].name;
- *mac_str = kMacNames[mac].name;
+ if (mac == kAEADMACValue) {
+ *is_aead = true;
+ *mac_str = NULL;
+ } else {
+ *mac_str = kMacNames[mac].name;
+ }
}
void SSLVersionToString(const char** name, int ssl_version) {
diff --git a/net/ssl/ssl_cipher_suite_names.h b/net/ssl/ssl_cipher_suite_names.h
index cef10b2..5145fb2 100644
--- a/net/ssl/ssl_cipher_suite_names.h
+++ b/net/ssl/ssl_cipher_suite_names.h
@@ -18,9 +18,11 @@ namespace net {
// wire and recorded at
// http://www.iana.org/assignments/tls-parameters/tls-parameters.xml
// If the cipher suite is unknown, the strings are set to "???".
+// In the case of an AEAD cipher suite, *mac_str is NULL and *is_aead is true.
NET_EXPORT void SSLCipherSuiteToStrings(const char** key_exchange_str,
const char** cipher_str,
const char** mac_str,
+ bool* is_aead,
uint16 cipher_suite);
// SSLVersionToString returns the name of the SSL protocol version
diff --git a/net/ssl/ssl_cipher_suite_names_unittest.cc b/net/ssl/ssl_cipher_suite_names_unittest.cc
index ede412d..a9133fb 100644
--- a/net/ssl/ssl_cipher_suite_names_unittest.cc
+++ b/net/ssl/ssl_cipher_suite_names_unittest.cc
@@ -13,20 +13,25 @@ namespace {
TEST(CipherSuiteNamesTest, Basic) {
const char *key_exchange, *cipher, *mac;
- SSLCipherSuiteToStrings(&key_exchange, &cipher, &mac, 0xc001);
+ bool is_aead;
+
+ SSLCipherSuiteToStrings(&key_exchange, &cipher, &mac, &is_aead, 0xc001);
EXPECT_STREQ("ECDH_ECDSA", key_exchange);
EXPECT_STREQ("NULL", cipher);
EXPECT_STREQ("SHA1", mac);
+ EXPECT_FALSE(is_aead);
- SSLCipherSuiteToStrings(&key_exchange, &cipher, &mac, 0x009f);
+ SSLCipherSuiteToStrings(&key_exchange, &cipher, &mac, &is_aead, 0x009f);
EXPECT_STREQ("DHE_RSA", key_exchange);
- EXPECT_STREQ("AES_256_CTR", cipher);
- EXPECT_STREQ("GHASH_128", mac);
+ EXPECT_STREQ("AES_256_GCM", cipher);
+ EXPECT_TRUE(is_aead);
+ EXPECT_EQ(NULL, mac);
- SSLCipherSuiteToStrings(&key_exchange, &cipher, &mac, 0xff31);
+ SSLCipherSuiteToStrings(&key_exchange, &cipher, &mac, &is_aead, 0xff31);
EXPECT_STREQ("???", key_exchange);
EXPECT_STREQ("???", cipher);
EXPECT_STREQ("???", mac);
+ EXPECT_FALSE(is_aead);
}
TEST(CipherSuiteNamesTest, ParseSSLCipherString) {
generated by cgit v1.1 at 2025-02-10 01:46:32 +0000