1 /*
2 * Copyright (c) 2002, 2020, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package sun.security.ssl;
27
28 import java.util.ArrayList;
29 import java.util.Arrays;
30 import java.util.Collection;
31 import java.util.Collections;
32 import java.util.LinkedList;
33 import java.util.List;
34 import static sun.security.ssl.CipherSuite.HashAlg.*;
35 import static sun.security.ssl.CipherSuite.KeyExchange.*;
36 import static sun.security.ssl.CipherSuite.MacAlg.*;
37 import static sun.security.ssl.SSLCipher.*;
38 import sun.security.ssl.SupportedGroupsExtension.NamedGroupType;
39 import static sun.security.ssl.SupportedGroupsExtension.NamedGroupType.*;
40
41 /**
42 * Enum for SSL/TLS cipher suites.
43 *
44 * Please refer to the "TLS Cipher Suite Registry" section for more details
45 * about each cipher suite:
46 * https://www.iana.org/assignments/tls-parameters/tls-parameters.xml
47 */
48 enum CipherSuite {
49 //
50 // in preference order
51 //
52
53 // Definition of the CipherSuites that are enabled by default.
54 //
55 // They are listed in preference order, most preferred first, using
56 // the following criteria:
57 // 1. Prefer Suite B compliant cipher suites, see RFC6460 (To be
58 // changed later, see below).
59 // 2. Prefer the stronger bulk cipher, in the order of AES_256(GCM),
60 // AES_128(GCM), AES_256, AES_128, 3DES-EDE.
61 // 3. Prefer the stronger MAC algorithm, in the order of SHA384,
62 // SHA256, SHA, MD5.
63 // 4. Prefer the better performance of key exchange and digital
64 // signature algorithm, in the order of ECDHE-ECDSA, ECDHE-RSA,
65 // RSA, ECDH-ECDSA, ECDH-RSA, DHE-RSA, DHE-DSS.
66
67 TLS_AES_128_GCM_SHA256(
68 0x1301, true, "TLS_AES_128_GCM_SHA256",
69 ProtocolVersion.PROTOCOLS_OF_13, B_AES_128_GCM_IV, H_SHA256),
70 TLS_AES_256_GCM_SHA384(
71 0x1302, true, "TLS_AES_256_GCM_SHA384",
72 ProtocolVersion.PROTOCOLS_OF_13, B_AES_256_GCM_IV, H_SHA384),
73
74 // Suite B compliant cipher suites, see RFC 6460.
75 //
76 // Note that, at present this provider is not Suite B compliant. The
77 // preference order of the GCM cipher suites does not follow the spec
78 // of RFC 6460. In this section, only two cipher suites are listed
79 // so that applications can make use of Suite-B compliant cipher
80 // suite firstly.
81 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384(
82 0xC02C, true, "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "",
83 ProtocolVersion.PROTOCOLS_OF_12,
84 K_ECDHE_ECDSA, B_AES_256_GCM, M_NULL, H_SHA384),
85 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(
86 0xC02B, true, "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "",
87 ProtocolVersion.PROTOCOLS_OF_12,
88 K_ECDHE_ECDSA, B_AES_128_GCM, M_NULL, H_SHA256),
89
90 // AES_256(GCM)
91 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(
92 0xC030, true, "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "",
93 ProtocolVersion.PROTOCOLS_OF_12,
94 K_ECDHE_RSA, B_AES_256_GCM, M_NULL, H_SHA384),
95 TLS_RSA_WITH_AES_256_GCM_SHA384(
96 0x009D, true, "TLS_RSA_WITH_AES_256_GCM_SHA384", "",
97 ProtocolVersion.PROTOCOLS_OF_12,
98 K_RSA, B_AES_256_GCM, M_NULL, H_SHA384),
99 TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384(
100 0xC02E, true, "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384", "",
101 ProtocolVersion.PROTOCOLS_OF_12,
102 K_ECDH_ECDSA, B_AES_256_GCM, M_NULL, H_SHA384),
103 TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384(
104 0xC032, true, "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384", "",
105 ProtocolVersion.PROTOCOLS_OF_12,
106 K_ECDH_RSA, B_AES_256_GCM, M_NULL, H_SHA384),
107 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384(
108 0x009F, true, "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", "",
109 ProtocolVersion.PROTOCOLS_OF_12,
110 K_DHE_RSA, B_AES_256_GCM, M_NULL, H_SHA384),
111 TLS_DHE_DSS_WITH_AES_256_GCM_SHA384(
112 0x00A3, true, "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384", "",
113 ProtocolVersion.PROTOCOLS_OF_12,
114 K_DHE_DSS, B_AES_256_GCM, M_NULL, H_SHA384),
115
116 // AES_128(GCM)
117 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(
118 0xC02F, true, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "",
119 ProtocolVersion.PROTOCOLS_OF_12,
120 K_ECDHE_RSA, B_AES_128_GCM, M_NULL, H_SHA256),
121 TLS_RSA_WITH_AES_128_GCM_SHA256(
122 0x009C, true, "TLS_RSA_WITH_AES_128_GCM_SHA256", "",
123 ProtocolVersion.PROTOCOLS_OF_12,
124 K_RSA, B_AES_128_GCM, M_NULL, H_SHA256),
125 TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256(
126 0xC02D, true, "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256", "",
127 ProtocolVersion.PROTOCOLS_OF_12,
128 K_ECDH_ECDSA, B_AES_128_GCM, M_NULL, H_SHA256),
129 TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256(
130 0xC031, true, "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256", "",
131 ProtocolVersion.PROTOCOLS_OF_12,
132 K_ECDH_RSA, B_AES_128_GCM, M_NULL, H_SHA256),
133 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256(
134 0x009E, true, "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", "",
135 ProtocolVersion.PROTOCOLS_OF_12,
136 K_DHE_RSA, B_AES_128_GCM, M_NULL, H_SHA256),
137 TLS_DHE_DSS_WITH_AES_128_GCM_SHA256(
138 0x00A2, true, "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256", "",
139 ProtocolVersion.PROTOCOLS_OF_12,
140 K_DHE_DSS, B_AES_128_GCM, M_NULL, H_SHA256),
141
142 // AES_256(CBC)
143 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384(
144 0xC024, true, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "",
145 ProtocolVersion.PROTOCOLS_OF_12,
146 K_ECDHE_ECDSA, B_AES_256, M_SHA384, H_SHA384),
147 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384(
148 0xC028, true, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", "",
149 ProtocolVersion.PROTOCOLS_OF_12,
150 K_ECDHE_RSA, B_AES_256, M_SHA384, H_SHA384),
151 TLS_RSA_WITH_AES_256_CBC_SHA256(
152 0x003D, true, "TLS_RSA_WITH_AES_256_CBC_SHA256", "",
153 ProtocolVersion.PROTOCOLS_OF_12,
154 K_RSA, B_AES_256, M_SHA256, H_SHA256),
155 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384(
156 0xC026, true, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384", "",
157 ProtocolVersion.PROTOCOLS_OF_12,
158 K_ECDH_ECDSA, B_AES_256, M_SHA384, H_SHA384),
159 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384(
160 0xC02A, true, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384", "",
161 ProtocolVersion.PROTOCOLS_OF_12,
162 K_ECDH_RSA, B_AES_256, M_SHA384, H_SHA384),
163 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256(
164 0x006B, true, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", "",
165 ProtocolVersion.PROTOCOLS_OF_12,
166 K_DHE_RSA, B_AES_256, M_SHA256, H_SHA256),
167 TLS_DHE_DSS_WITH_AES_256_CBC_SHA256(
168 0x006A, true, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256", "",
169 ProtocolVersion.PROTOCOLS_OF_12,
170 K_DHE_DSS, B_AES_256, M_SHA256, H_SHA256),
171
172 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA(
173 0xC00A, true, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", "",
174 ProtocolVersion.PROTOCOLS_TO_12,
175 K_ECDHE_ECDSA, B_AES_256, M_SHA, H_SHA256),
176 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(
177 0xC014, true, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", "",
178 ProtocolVersion.PROTOCOLS_TO_12,
179 K_ECDHE_RSA, B_AES_256, M_SHA, H_SHA256),
180 TLS_RSA_WITH_AES_256_CBC_SHA(
181 0x0035, true, "TLS_RSA_WITH_AES_256_CBC_SHA", "",
182 ProtocolVersion.PROTOCOLS_TO_12,
183 K_RSA, B_AES_256, M_SHA, H_SHA256),
184 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA(
185 0xC005, true, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", "",
186 ProtocolVersion.PROTOCOLS_TO_12,
187 K_ECDH_ECDSA, B_AES_256, M_SHA, H_SHA256),
188 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA(
189 0xC00F, true, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", "",
190 ProtocolVersion.PROTOCOLS_TO_12,
191 K_ECDH_RSA, B_AES_256, M_SHA, H_SHA256),
192 TLS_DHE_RSA_WITH_AES_256_CBC_SHA(
193 0x0039, true, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", "",
194 ProtocolVersion.PROTOCOLS_TO_12,
195 K_DHE_RSA, B_AES_256, M_SHA, H_SHA256),
196 TLS_DHE_DSS_WITH_AES_256_CBC_SHA(
197 0x0038, true, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", "",
198 ProtocolVersion.PROTOCOLS_TO_12,
199 K_DHE_DSS, B_AES_256, M_SHA, H_SHA256),
200
201 // AES_128(CBC)
202 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256(
203 0xC023, true, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "",
204 ProtocolVersion.PROTOCOLS_OF_12,
205 K_ECDHE_ECDSA, B_AES_128, M_SHA256, H_SHA256),
206 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256(
207 0xC027, true, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "",
208 ProtocolVersion.PROTOCOLS_OF_12,
209 K_ECDHE_RSA, B_AES_128, M_SHA256, H_SHA256),
210 TLS_RSA_WITH_AES_128_CBC_SHA256(
211 0x003C, true, "TLS_RSA_WITH_AES_128_CBC_SHA256", "",
212 ProtocolVersion.PROTOCOLS_OF_12,
213 K_RSA, B_AES_128, M_SHA256, H_SHA256),
214 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256(
215 0xC025, true, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256", "",
216 ProtocolVersion.PROTOCOLS_OF_12,
217 K_ECDH_ECDSA, B_AES_128, M_SHA256, H_SHA256),
218 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256(
219 0xC029, true, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256", "",
220 ProtocolVersion.PROTOCOLS_OF_12,
221 K_ECDH_RSA, B_AES_128, M_SHA256, H_SHA256),
222 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256(
223 0x0067, true, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", "",
224 ProtocolVersion.PROTOCOLS_OF_12,
225 K_DHE_RSA, B_AES_128, M_SHA256, H_SHA256),
226 TLS_DHE_DSS_WITH_AES_128_CBC_SHA256(
227 0x0040, true, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", "",
228 ProtocolVersion.PROTOCOLS_OF_12,
229 K_DHE_DSS, B_AES_128, M_SHA256, H_SHA256),
230
231 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA(
232 0xC009, true, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", "",
233 ProtocolVersion.PROTOCOLS_TO_12,
234 K_ECDHE_ECDSA, B_AES_128, M_SHA, H_SHA256),
235 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(
236 0xC013, true, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", "",
237 ProtocolVersion.PROTOCOLS_TO_12,
238 K_ECDHE_RSA, B_AES_128, M_SHA, H_SHA256),
239 TLS_RSA_WITH_AES_128_CBC_SHA(
240 0x002F, true, "TLS_RSA_WITH_AES_128_CBC_SHA", "",
241 ProtocolVersion.PROTOCOLS_TO_12,
242 K_RSA, B_AES_128, M_SHA, H_SHA256),
243 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA(
244 0xC004, true, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", "",
245 ProtocolVersion.PROTOCOLS_TO_12,
246 K_ECDH_ECDSA, B_AES_128, M_SHA, H_SHA256),
247 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA(
248 0xC00E, true, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", "",
249 ProtocolVersion.PROTOCOLS_TO_12,
250 K_ECDH_RSA, B_AES_128, M_SHA, H_SHA256),
251 TLS_DHE_RSA_WITH_AES_128_CBC_SHA(
252 0x0033, true, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", "",
253 ProtocolVersion.PROTOCOLS_TO_12,
254 K_DHE_RSA, B_AES_128, M_SHA, H_SHA256),
255 TLS_DHE_DSS_WITH_AES_128_CBC_SHA(
256 0x0032, true, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", "",
257 ProtocolVersion.PROTOCOLS_TO_12,
258 K_DHE_DSS, B_AES_128, M_SHA, H_SHA256),
259
260 // 3DES_EDE
261 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA(
262 0xC008, true, "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", "",
263 ProtocolVersion.PROTOCOLS_TO_12,
264 K_ECDHE_ECDSA, B_3DES, M_SHA, H_SHA256),
265 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA(
266 0xC012, true, "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", "",
267 ProtocolVersion.PROTOCOLS_TO_12,
268 K_ECDHE_RSA, B_3DES, M_SHA, H_SHA256),
269 SSL_RSA_WITH_3DES_EDE_CBC_SHA(
270 0x000A, true, "SSL_RSA_WITH_3DES_EDE_CBC_SHA",
271 "TLS_RSA_WITH_3DES_EDE_CBC_SHA",
272 ProtocolVersion.PROTOCOLS_TO_12,
273 K_RSA, B_3DES, M_SHA, H_SHA256),
274 TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA(
275 0xC003, true, "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", "",
276 ProtocolVersion.PROTOCOLS_TO_12,
277 K_ECDH_ECDSA, B_3DES, M_SHA, H_SHA256),
278 TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA(
279 0xC00D, true, "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", "",
280 ProtocolVersion.PROTOCOLS_TO_12,
281 K_ECDH_RSA, B_3DES, M_SHA, H_SHA256),
282 SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA(
283 0x0016, true, "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
284 "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
285 ProtocolVersion.PROTOCOLS_TO_12,
286 K_DHE_RSA, B_3DES, M_SHA, H_SHA256),
287 SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA(
288 0x0013, true, "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
289 "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
290 ProtocolVersion.PROTOCOLS_TO_12,
291 K_DHE_DSS, B_3DES, M_SHA, H_SHA256),
292
293 // Renegotiation protection request Signalling Cipher Suite Value (SCSV).
294 TLS_EMPTY_RENEGOTIATION_INFO_SCSV( // RFC 5746, TLS 1.2 and prior
295 0x00FF, true, "TLS_EMPTY_RENEGOTIATION_INFO_SCSV", "",
296 ProtocolVersion.PROTOCOLS_TO_12,
297 K_SCSV, B_NULL, M_NULL, H_NONE),
298
299 // Definition of the CipherSuites that are supported but not enabled
300 // by default.
301 // They are listed in preference order, preferred first, using the
302 // following criteria:
303 // 1. If a cipher suite has been obsoleted, we put it at the end of
304 // the list.
305 // 2. Prefer the stronger bulk cipher, in the order of AES_256,
306 // AES_128, 3DES-EDE, RC-4, DES, DES40, RC4_40, NULL.
307 // 3. Prefer the stronger MAC algorithm, in the order of SHA384,
308 // SHA256, SHA, MD5.
309 // 4. Prefer the better performance of key exchange and digital
310 // signature algorithm, in the order of ECDHE-ECDSA, ECDHE-RSA,
311 // RSA, ECDH-ECDSA, ECDH-RSA, DHE-RSA, DHE-DSS, anonymous.
312 TLS_DH_anon_WITH_AES_256_GCM_SHA384(
313 0x00A7, false, "TLS_DH_anon_WITH_AES_256_GCM_SHA384", "",
314 ProtocolVersion.PROTOCOLS_OF_12,
315 K_DH_ANON, B_AES_256_GCM, M_NULL, H_SHA384),
316 TLS_DH_anon_WITH_AES_128_GCM_SHA256(
317 0x00A6, false, "TLS_DH_anon_WITH_AES_128_GCM_SHA256", "",
318 ProtocolVersion.PROTOCOLS_OF_12,
319 K_DH_ANON, B_AES_128_GCM, M_NULL, H_SHA256),
320 TLS_DH_anon_WITH_AES_256_CBC_SHA256(
321 0x006D, false, "TLS_DH_anon_WITH_AES_256_CBC_SHA256", "",
322 ProtocolVersion.PROTOCOLS_OF_12,
323 K_DH_ANON, B_AES_256, M_SHA256, H_SHA256),
324 TLS_ECDH_anon_WITH_AES_256_CBC_SHA(
325 0xC019, false, "TLS_ECDH_anon_WITH_AES_256_CBC_SHA", "",
326 ProtocolVersion.PROTOCOLS_TO_12,
327 K_ECDH_ANON, B_AES_256, M_SHA, H_SHA256),
328 TLS_DH_anon_WITH_AES_256_CBC_SHA(
329 0x003A, false, "TLS_DH_anon_WITH_AES_256_CBC_SHA", "",
330 ProtocolVersion.PROTOCOLS_TO_12,
331 K_DH_ANON, B_AES_256, M_SHA, H_SHA256),
332 TLS_DH_anon_WITH_AES_128_CBC_SHA256(
333 0x006C, false, "TLS_DH_anon_WITH_AES_128_CBC_SHA256", "",
334 ProtocolVersion.PROTOCOLS_OF_12,
335 K_DH_ANON, B_AES_128, M_SHA256, H_SHA256),
336 TLS_ECDH_anon_WITH_AES_128_CBC_SHA(
337 0xC018, false, "TLS_ECDH_anon_WITH_AES_128_CBC_SHA", "",
338 ProtocolVersion.PROTOCOLS_TO_12,
339 K_ECDH_ANON, B_AES_128, M_SHA, H_SHA256),
340 TLS_DH_anon_WITH_AES_128_CBC_SHA(
341 0x0034, false, "TLS_DH_anon_WITH_AES_128_CBC_SHA", "",
342 ProtocolVersion.PROTOCOLS_TO_12,
343 K_DH_ANON, B_AES_128, M_SHA, H_SHA256),
344 TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA(
345 0xC017, false, "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", "",
346 ProtocolVersion.PROTOCOLS_TO_12,
347 K_ECDH_ANON, B_3DES, M_SHA, H_SHA256),
348 SSL_DH_anon_WITH_3DES_EDE_CBC_SHA(
349 0x001B, false, "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA",
350 "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA",
351 ProtocolVersion.PROTOCOLS_TO_12,
352 K_DH_ANON, B_3DES, M_SHA, H_SHA256),
353
354 // RC4
355 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA(
356 0xC007, false, "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", "",
357 ProtocolVersion.PROTOCOLS_TO_TLS12,
358 K_ECDHE_ECDSA, B_RC4_128, M_SHA, H_SHA256),
359 TLS_ECDHE_RSA_WITH_RC4_128_SHA(
360 0xC011, false, "TLS_ECDHE_RSA_WITH_RC4_128_SHA", "",
361 ProtocolVersion.PROTOCOLS_TO_TLS12,
362 K_ECDHE_RSA, B_RC4_128, M_SHA, H_SHA256),
363 SSL_RSA_WITH_RC4_128_SHA(
364 0x0005, false, "SSL_RSA_WITH_RC4_128_SHA",
365 "TLS_RSA_WITH_RC4_128_SHA",
366 ProtocolVersion.PROTOCOLS_TO_TLS12,
367 K_RSA, B_RC4_128, M_SHA, H_SHA256),
368 TLS_ECDH_ECDSA_WITH_RC4_128_SHA(
369 0xC002, false, "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", "",
370 ProtocolVersion.PROTOCOLS_TO_TLS12,
371 K_ECDH_ECDSA, B_RC4_128, M_SHA, H_SHA256),
372 TLS_ECDH_RSA_WITH_RC4_128_SHA(
373 0xC00C, false, "TLS_ECDH_RSA_WITH_RC4_128_SHA", "",
374 ProtocolVersion.PROTOCOLS_TO_TLS12,
375 K_ECDH_RSA, B_RC4_128, M_SHA, H_SHA256),
376 SSL_RSA_WITH_RC4_128_MD5(
377 0x0004, false, "SSL_RSA_WITH_RC4_128_MD5",
378 "TLS_RSA_WITH_RC4_128_MD5",
379 ProtocolVersion.PROTOCOLS_TO_TLS12,
380 K_RSA, B_RC4_128, M_MD5, H_SHA256),
381 TLS_ECDH_anon_WITH_RC4_128_SHA(
382 0xC016, false, "TLS_ECDH_anon_WITH_RC4_128_SHA", "",
383 ProtocolVersion.PROTOCOLS_TO_TLS12,
384 K_ECDH_ANON, B_RC4_128, M_SHA, H_SHA256),
385 SSL_DH_anon_WITH_RC4_128_MD5(
386 0x0018, false, "SSL_DH_anon_WITH_RC4_128_MD5",
387 "TLS_DH_anon_WITH_RC4_128_MD5",
388 ProtocolVersion.PROTOCOLS_TO_TLS12,
389 K_DH_ANON, B_RC4_128, M_MD5, H_SHA256),
390
391 // weak cipher suites obsoleted in TLS 1.2 [RFC 5246]
392 SSL_RSA_WITH_DES_CBC_SHA(
393 0x0009, false, "SSL_RSA_WITH_DES_CBC_SHA",
394 "TLS_RSA_WITH_DES_CBC_SHA",
395 ProtocolVersion.PROTOCOLS_TO_11,
396 K_RSA, B_DES, M_SHA, H_NONE),
397 SSL_DHE_RSA_WITH_DES_CBC_SHA(
398 0x0015, false, "SSL_DHE_RSA_WITH_DES_CBC_SHA",
399 "TLS_DHE_RSA_WITH_DES_CBC_SHA",
400 ProtocolVersion.PROTOCOLS_TO_11,
401 K_DHE_RSA, B_DES, M_SHA, H_NONE),
402 SSL_DHE_DSS_WITH_DES_CBC_SHA(
403 0x0012, false, "SSL_DHE_DSS_WITH_DES_CBC_SHA",
404 "TLS_DHE_DSS_WITH_DES_CBC_SHA",
405 ProtocolVersion.PROTOCOLS_TO_11,
406 K_DHE_DSS, B_DES, M_SHA, H_NONE),
407 SSL_DH_anon_WITH_DES_CBC_SHA(
408 0x001A, false, "SSL_DH_anon_WITH_DES_CBC_SHA",
409 "TLS_DH_anon_WITH_DES_CBC_SHA",
410 ProtocolVersion.PROTOCOLS_TO_11,
411 K_DH_ANON, B_DES, M_SHA, H_NONE),
412
413 // weak cipher suites obsoleted in TLS 1.1 [RFC 4346]
414 SSL_RSA_EXPORT_WITH_DES40_CBC_SHA(
415 0x0008, false, "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA",
416 "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA",
417 ProtocolVersion.PROTOCOLS_TO_10,
418 K_RSA_EXPORT, B_DES_40, M_SHA, H_NONE),
419 SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA(
420 0x0014, false, "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
421 "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
422 ProtocolVersion.PROTOCOLS_TO_10,
423 K_DHE_RSA_EXPORT, B_DES_40, M_SHA, H_NONE),
424 SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA(
425 0x0011, false, "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA",
426 "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA",
427 ProtocolVersion.PROTOCOLS_TO_10,
428 K_DHE_DSS_EXPORT, B_DES_40, M_SHA, H_NONE),
429 SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA(
430 0x0019, false, "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA",
431 "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA",
432 ProtocolVersion.PROTOCOLS_TO_10,
433 K_DH_ANON_EXPORT, B_DES_40, M_SHA, H_NONE),
434 SSL_RSA_EXPORT_WITH_RC4_40_MD5(
435 0x0003, false, "SSL_RSA_EXPORT_WITH_RC4_40_MD5",
436 "TLS_RSA_EXPORT_WITH_RC4_40_MD5",
437 ProtocolVersion.PROTOCOLS_TO_10,
438 K_RSA_EXPORT, B_RC4_40, M_MD5, H_NONE),
439 SSL_DH_anon_EXPORT_WITH_RC4_40_MD5(
440 0x0017, false, "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5",
441 "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5",
442 ProtocolVersion.PROTOCOLS_TO_10,
443 K_DH_ANON, B_RC4_40, M_MD5, H_NONE),
444
445 // no traffic encryption cipher suites
446 TLS_RSA_WITH_NULL_SHA256(
447 0x003B, false, "TLS_RSA_WITH_NULL_SHA256", "",
448 ProtocolVersion.PROTOCOLS_OF_12,
449 K_RSA, B_NULL, M_SHA256, H_SHA256),
450 TLS_ECDHE_ECDSA_WITH_NULL_SHA(
451 0xC006, false, "TLS_ECDHE_ECDSA_WITH_NULL_SHA", "",
452 ProtocolVersion.PROTOCOLS_TO_12,
453 K_ECDHE_ECDSA, B_NULL, M_SHA, H_SHA256),
454 TLS_ECDHE_RSA_WITH_NULL_SHA(
455 0xC010, false, "TLS_ECDHE_RSA_WITH_NULL_SHA", "",
456 ProtocolVersion.PROTOCOLS_TO_12,
457 K_ECDHE_RSA, B_NULL, M_SHA, H_SHA256),
458 SSL_RSA_WITH_NULL_SHA(
459 0x0002, false, "SSL_RSA_WITH_NULL_SHA",
460 "TLS_RSA_WITH_NULL_SHA",
461 ProtocolVersion.PROTOCOLS_TO_12,
462 K_RSA, B_NULL, M_SHA, H_SHA256),
463 TLS_ECDH_ECDSA_WITH_NULL_SHA(
464 0xC001, false, "TLS_ECDH_ECDSA_WITH_NULL_SHA", "",
465 ProtocolVersion.PROTOCOLS_TO_12,
466 K_ECDH_ECDSA, B_NULL, M_SHA, H_SHA256),
467 TLS_ECDH_RSA_WITH_NULL_SHA(
468 0xC00B, false, "TLS_ECDH_RSA_WITH_NULL_SHA", "",
469 ProtocolVersion.PROTOCOLS_TO_12,
470 K_ECDH_RSA, B_NULL, M_SHA, H_SHA256),
471 TLS_ECDH_anon_WITH_NULL_SHA(
472 0xC015, false, "TLS_ECDH_anon_WITH_NULL_SHA", "",
473 ProtocolVersion.PROTOCOLS_TO_12,
474 K_ECDH_ANON, B_NULL, M_SHA, H_SHA256),
475 SSL_RSA_WITH_NULL_MD5(
476 0x0001, false, "SSL_RSA_WITH_NULL_MD5",
477 "TLS_RSA_WITH_NULL_MD5",
478 ProtocolVersion.PROTOCOLS_TO_12,
479 K_RSA, B_NULL, M_MD5, H_SHA256),
480
481
482 // Supported Kerberos ciphersuites from RFC2712
483 TLS_KRB5_WITH_3DES_EDE_CBC_SHA(
484 0x001f, false, "TLS_KRB5_WITH_3DES_EDE_CBC_SHA", "",
485 ProtocolVersion.PROTOCOLS_TO_12,
486 K_KRB5, B_3DES, M_SHA, H_SHA256),
487 TLS_KRB5_WITH_3DES_EDE_CBC_MD5(
488 0x0023, false, "TLS_KRB5_WITH_3DES_EDE_CBC_MD5", "",
489 ProtocolVersion.PROTOCOLS_TO_12,
490 K_KRB5, B_3DES, M_MD5, H_SHA256),
491 TLS_KRB5_WITH_RC4_128_SHA(
492 0x0020, false, "TLS_KRB5_WITH_RC4_128_SHA", "",
493 ProtocolVersion.PROTOCOLS_TO_12,
494 K_KRB5, B_RC4_128, M_SHA, H_SHA256),
495 TLS_KRB5_WITH_RC4_128_MD5(
496 0x0024, false, "TLS_KRB5_WITH_RC4_128_MD5", "",
497 ProtocolVersion.PROTOCOLS_TO_12,
498 K_KRB5, B_RC4_128, M_MD5, H_SHA256),
499 TLS_KRB5_WITH_DES_CBC_SHA(
500 0x001e, false, "TLS_KRB5_WITH_DES_CBC_SHA", "",
501 ProtocolVersion.PROTOCOLS_TO_11,
502 K_KRB5, B_DES, M_SHA, H_SHA256),
503 TLS_KRB5_WITH_DES_CBC_MD5(
504 0x0022, false, "TLS_KRB5_WITH_DES_CBC_MD5", "",
505 ProtocolVersion.PROTOCOLS_TO_11,
506 K_KRB5, B_DES, M_MD5, H_SHA256),
507 TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA(
508 0x0026, false, "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA", "",
509 ProtocolVersion.PROTOCOLS_TO_10,
510 K_KRB5_EXPORT, B_DES_40, M_SHA, H_SHA256),
511 TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5(
512 0x0029, false, "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5", "",
513 ProtocolVersion.PROTOCOLS_TO_10,
514 K_KRB5_EXPORT, B_DES_40, M_MD5, H_SHA256),
515 TLS_KRB5_EXPORT_WITH_RC4_40_SHA(
516 0x0028, false, "TLS_KRB5_EXPORT_WITH_RC4_40_SHA", "",
517 ProtocolVersion.PROTOCOLS_TO_10,
518 K_KRB5_EXPORT, B_RC4_40, M_SHA, H_SHA256),
519 TLS_KRB5_EXPORT_WITH_RC4_40_MD5(
520 0x002B, false, "TLS_KRB5_EXPORT_WITH_RC4_40_MD5", "",
521 ProtocolVersion.PROTOCOLS_TO_10,
522 K_KRB5_EXPORT, B_RC4_40, M_MD5, H_SHA256),
523
524 // Definition of the CipherSuites that are not supported but the names
525 // are known.
526 TLS_CHACHA20_POLY1305_SHA256( // TLS 1.3
527 "TLS_CHACHA20_POLY1305_SHA256", 0x1303),
528 TLS_AES_128_CCM_SHA256( // TLS 1.3
529 "TLS_AES_128_CCM_SHA256", 0x1304),
530 TLS_AES_128_CCM_8_SHA256( // TLS 1.3
531 "TLS_AES_128_CCM_8_SHA256", 0x1305),
532
533 // remaining unsupported ciphersuites defined in RFC2246.
534 CS_0006("SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5", 0x0006),
535 CS_0007("SSL_RSA_WITH_IDEA_CBC_SHA", 0x0007),
536 CS_000B("SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA", 0x000b),
537 CS_000C("SSL_DH_DSS_WITH_DES_CBC_SHA", 0x000c),
538 CS_000D("SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA", 0x000d),
539 CS_000E("SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA", 0x000e),
540 CS_000F("SSL_DH_RSA_WITH_DES_CBC_SHA", 0x000f),
541 CS_0010("SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA", 0x0010),
542
543 // SSL 3.0 Fortezza ciphersuites
544 CS_001C("SSL_FORTEZZA_DMS_WITH_NULL_SHA", 0x001c),
545 CS_001D("SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA", 0x001d),
546
547 // 1024/56 bit exportable ciphersuites from expired internet draft
548 CS_0062("SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA", 0x0062),
549 CS_0063("SSL_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA", 0x0063),
550 CS_0064("SSL_RSA_EXPORT1024_WITH_RC4_56_SHA", 0x0064),
551 CS_0065("SSL_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA", 0x0065),
552 CS_0066("SSL_DHE_DSS_WITH_RC4_128_SHA", 0x0066),
553
554 // Netscape old and new SSL 3.0 FIPS ciphersuites
555 // see http://www.mozilla.org/projects/security/pki/nss/ssl/fips-ssl-ciphersuites.html
556 CS_FFE0("NETSCAPE_RSA_FIPS_WITH_3DES_EDE_CBC_SHA", 0xffe0),
557 CS_FFE1("NETSCAPE_RSA_FIPS_WITH_DES_CBC_SHA", 0xffe1),
558 CS_FEFE("SSL_RSA_FIPS_WITH_DES_CBC_SHA", 0xfefe),
559 CS_FEFF("SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA", 0xfeff),
560
561 // Unsupported Kerberos cipher suites from RFC 2712
562 CS_0021("TLS_KRB5_WITH_IDEA_CBC_SHA", 0x0021),
563 CS_0025("TLS_KRB5_WITH_IDEA_CBC_MD5", 0x0025),
564 CS_0027("TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA", 0x0027),
565 CS_002A("TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5", 0x002a),
566
567 // Unsupported cipher suites from RFC 4162
568 CS_0096("TLS_RSA_WITH_SEED_CBC_SHA", 0x0096),
569 CS_0097("TLS_DH_DSS_WITH_SEED_CBC_SHA", 0x0097),
570 CS_0098("TLS_DH_RSA_WITH_SEED_CBC_SHA", 0x0098),
571 CS_0099("TLS_DHE_DSS_WITH_SEED_CBC_SHA", 0x0099),
572 CS_009A("TLS_DHE_RSA_WITH_SEED_CBC_SHA", 0x009a),
573 CS_009B("TLS_DH_anon_WITH_SEED_CBC_SHA", 0x009b),
574
575 // Unsupported cipher suites from RFC 4279
576 CS_008A("TLS_PSK_WITH_RC4_128_SHA", 0x008a),
577 CS_008B("TLS_PSK_WITH_3DES_EDE_CBC_SHA", 0x008b),
578 CS_008C("TLS_PSK_WITH_AES_128_CBC_SHA", 0x008c),
579 CS_008D("TLS_PSK_WITH_AES_256_CBC_SHA", 0x008d),
580 CS_008E("TLS_DHE_PSK_WITH_RC4_128_SHA", 0x008e),
581 CS_008F("TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA", 0x008f),
582 CS_0090("TLS_DHE_PSK_WITH_AES_128_CBC_SHA", 0x0090),
583 CS_0091("TLS_DHE_PSK_WITH_AES_256_CBC_SHA", 0x0091),
584 CS_0092("TLS_RSA_PSK_WITH_RC4_128_SHA", 0x0092),
585 CS_0093("TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA", 0x0093),
586 CS_0094("TLS_RSA_PSK_WITH_AES_128_CBC_SHA", 0x0094),
587 CS_0095("TLS_RSA_PSK_WITH_AES_256_CBC_SHA", 0x0095),
588
589 // Unsupported cipher suites from RFC 4785
590 CS_002C("TLS_PSK_WITH_NULL_SHA", 0x002c),
591 CS_002D("TLS_DHE_PSK_WITH_NULL_SHA", 0x002d),
592 CS_002E("TLS_RSA_PSK_WITH_NULL_SHA", 0x002e),
593
594 // Unsupported cipher suites from RFC 5246
595 CS_0030("TLS_DH_DSS_WITH_AES_128_CBC_SHA", 0x0030),
596 CS_0031("TLS_DH_RSA_WITH_AES_128_CBC_SHA", 0x0031),
597 CS_0036("TLS_DH_DSS_WITH_AES_256_CBC_SHA", 0x0036),
598 CS_0037("TLS_DH_RSA_WITH_AES_256_CBC_SHA", 0x0037),
599 CS_003E("TLS_DH_DSS_WITH_AES_128_CBC_SHA256", 0x003e),
600 CS_003F("TLS_DH_RSA_WITH_AES_128_CBC_SHA256", 0x003f),
601 CS_0068("TLS_DH_DSS_WITH_AES_256_CBC_SHA256", 0x0068),
602 CS_0069("TLS_DH_RSA_WITH_AES_256_CBC_SHA256", 0x0069),
603
604 // Unsupported cipher suites from RFC 5288
605 CS_00A0("TLS_DH_RSA_WITH_AES_128_GCM_SHA256", 0x00a0),
606 CS_00A1("TLS_DH_RSA_WITH_AES_256_GCM_SHA384", 0x00a1),
607 CS_00A4("TLS_DH_DSS_WITH_AES_128_GCM_SHA256", 0x00a4),
608 CS_00A5("TLS_DH_DSS_WITH_AES_256_GCM_SHA384", 0x00a5),
609
610 // Unsupported cipher suites from RFC 5487
611 CS_00A8("TLS_PSK_WITH_AES_128_GCM_SHA256", 0x00a8),
612 CS_00A9("TLS_PSK_WITH_AES_256_GCM_SHA384", 0x00a9),
613 CS_00AA("TLS_DHE_PSK_WITH_AES_128_GCM_SHA256", 0x00aa),
614 CS_00AB("TLS_DHE_PSK_WITH_AES_256_GCM_SHA384", 0x00ab),
615 CS_00AC("TLS_RSA_PSK_WITH_AES_128_GCM_SHA256", 0x00ac),
616 CS_00AD("TLS_RSA_PSK_WITH_AES_256_GCM_SHA384", 0x00ad),
617 CS_00AE("TLS_PSK_WITH_AES_128_CBC_SHA256", 0x00ae),
618 CS_00AF("TLS_PSK_WITH_AES_256_CBC_SHA384", 0x00af),
619 CS_00B0("TLS_PSK_WITH_NULL_SHA256", 0x00b0),
620 CS_00B1("TLS_PSK_WITH_NULL_SHA384", 0x00b1),
621 CS_00B2("TLS_DHE_PSK_WITH_AES_128_CBC_SHA256", 0x00b2),
622 CS_00B3("TLS_DHE_PSK_WITH_AES_256_CBC_SHA384", 0x00b3),
623 CS_00B4("TLS_DHE_PSK_WITH_NULL_SHA256", 0x00b4),
624 CS_00B5("TLS_DHE_PSK_WITH_NULL_SHA384", 0x00b5),
625 CS_00B6("TLS_RSA_PSK_WITH_AES_128_CBC_SHA256", 0x00b6),
626 CS_00B7("TLS_RSA_PSK_WITH_AES_256_CBC_SHA384", 0x00b7),
627 CS_00B8("TLS_RSA_PSK_WITH_NULL_SHA256", 0x00b8),
628 CS_00B9("TLS_RSA_PSK_WITH_NULL_SHA384", 0x00b9),
629
630 // Unsupported cipher suites from RFC 5932
631 CS_0041("TLS_RSA_WITH_CAMELLIA_128_CBC_SHA", 0x0041),
632 CS_0042("TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA", 0x0042),
633 CS_0043("TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA", 0x0043),
634 CS_0044("TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA", 0x0044),
635 CS_0045("TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA", 0x0045),
636 CS_0046("TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA", 0x0046),
637 CS_0084("TLS_RSA_WITH_CAMELLIA_256_CBC_SHA", 0x0084),
638 CS_0085("TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA", 0x0085),
639 CS_0086("TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA", 0x0086),
640 CS_0087("TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA", 0x0087),
641 CS_0088("TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA", 0x0088),
642 CS_0089("TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA", 0x0089),
643 CS_00BA("TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256", 0x00ba),
644 CS_00BB("TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256", 0x00bb),
645 CS_00BC("TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256", 0x00bc),
646 CS_00BD("TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256", 0x00bd),
647 CS_00BE("TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256", 0x00be),
648 CS_00BF("TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256", 0x00bf),
649 CS_00C0("TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256", 0x00c0),
650 CS_00C1("TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256", 0x00c1),
651 CS_00C2("TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256", 0x00c2),
652 CS_00C3("TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256", 0x00c3),
653 CS_00C4("TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256", 0x00c4),
654 CS_00C5("TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256", 0x00c5),
655
656 // TLS Fallback Signaling Cipher Suite Value (SCSV) RFC 7507
657 CS_5600("TLS_FALLBACK_SCSV", 0x5600),
658
659 // Unsupported cipher suites from RFC 5054
660 CS_C01A("TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA", 0xc01a),
661 CS_C01B("TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA", 0xc01b),
662 CS_C01C("TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA", 0xc01c),
663 CS_C01D("TLS_SRP_SHA_WITH_AES_128_CBC_SHA", 0xc01d),
664 CS_C01E("TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA", 0xc01e),
665 CS_C01F("TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA", 0xc01f),
666 CS_C020("TLS_SRP_SHA_WITH_AES_256_CBC_SHA", 0xc020),
667 CS_C021("TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA", 0xc021),
668 CS_C022("TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA", 0xc022),
669
670 // Unsupported cipher suites from RFC 5489
671 CS_C033("TLS_ECDHE_PSK_WITH_RC4_128_SHA", 0xc033),
672 CS_C034("TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA", 0xc034),
673 CS_C035("TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA", 0xc035),
674 CS_C036("TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA", 0xc036),
675 CS_C037("TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256", 0xc037),
676 CS_C038("TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384", 0xc038),
677 CS_C039("TLS_ECDHE_PSK_WITH_NULL_SHA", 0xc039),
678 CS_C03A("TLS_ECDHE_PSK_WITH_NULL_SHA256", 0xc03a),
679 CS_C03B("TLS_ECDHE_PSK_WITH_NULL_SHA384", 0xc03b),
680
681 // Unsupported cipher suites from RFC 6209
682 CS_C03C("TLS_RSA_WITH_ARIA_128_CBC_SHA256", 0xc03c),
683 CS_C03D("TLS_RSA_WITH_ARIA_256_CBC_SHA384", 0xc03d),
684 CS_C03E("TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256", 0xc03e),
685 CS_C03F("TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384", 0xc03f),
686 CS_C040("TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256", 0xc040),
687 CS_C041("TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384", 0xc041),
688 CS_C042("TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256", 0xc042),
689 CS_C043("TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384", 0xc043),
690 CS_C044("TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256", 0xc044),
691 CS_C045("TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384", 0xc045),
692 CS_C046("TLS_DH_anon_WITH_ARIA_128_CBC_SHA256", 0xc046),
693 CS_C047("TLS_DH_anon_WITH_ARIA_256_CBC_SHA384", 0xc047),
694 CS_C048("TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256", 0xc048),
695 CS_C049("TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384", 0xc049),
696 CS_C04A("TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256", 0xc04a),
697 CS_C04B("TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384", 0xc04b),
698 CS_C04C("TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256", 0xc04c),
699 CS_C04D("TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384", 0xc04d),
700 CS_C04E("TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256", 0xc04e),
701 CS_C04F("TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384", 0xc04f),
702 CS_C050("TLS_RSA_WITH_ARIA_128_GCM_SHA256", 0xc050),
703 CS_C051("TLS_RSA_WITH_ARIA_256_GCM_SHA384", 0xc051),
704 CS_C052("TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256", 0xc052),
705 CS_C053("TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384", 0xc053),
706 CS_C054("TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256", 0xc054),
707 CS_C055("TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384", 0xc055),
708 CS_C056("TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256", 0xc056),
709 CS_C057("TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384", 0xc057),
710 CS_C058("TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256", 0xc058),
711 CS_C059("TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384", 0xc059),
712 CS_C05A("TLS_DH_anon_WITH_ARIA_128_GCM_SHA256", 0xc05a),
713 CS_C05B("TLS_DH_anon_WITH_ARIA_256_GCM_SHA384", 0xc05b),
714 CS_C05C("TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256", 0xc05c),
715 CS_C05D("TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384", 0xc05d),
716 CS_C05E("TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256", 0xc05e),
717 CS_C05F("TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384", 0xc05f),
718 CS_C060("TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256", 0xc060),
719 CS_C061("TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384", 0xc061),
720 CS_C062("TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256", 0xc062),
721 CS_C063("TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384", 0xc063),
722 CS_C064("TLS_PSK_WITH_ARIA_128_CBC_SHA256", 0xc064),
723 CS_C065("TLS_PSK_WITH_ARIA_256_CBC_SHA384", 0xc065),
724 CS_C066("TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256", 0xc066),
725 CS_C067("TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384", 0xc067),
726 CS_C068("TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256", 0xc068),
727 CS_C069("TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384", 0xc069),
728 CS_C06A("TLS_PSK_WITH_ARIA_128_GCM_SHA256", 0xc06a),
729 CS_C06B("TLS_PSK_WITH_ARIA_256_GCM_SHA384", 0xc06b),
730 CS_C06C("TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256", 0xc06c),
731 CS_C06D("TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384", 0xc06d),
732 CS_C06E("TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256", 0xc06e),
733 CS_C06F("TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384", 0xc06f),
734 CS_C070("TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256", 0xc070),
735 CS_C071("TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384", 0xc071),
736
737 // Unsupported cipher suites from RFC 6367
738 CS_C072("TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256", 0xc072),
739 CS_C073("TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384", 0xc073),
740 CS_C074("TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256", 0xc074),
741 CS_C075("TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384", 0xc075),
742 CS_C076("TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256", 0xc076),
743 CS_C077("TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384", 0xc077),
744 CS_C078("TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256", 0xc078),
745 CS_C079("TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384", 0xc079),
746 CS_C07A("TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc07a),
747 CS_C07B("TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc07b),
748 CS_C07C("TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc07c),
749 CS_C07D("TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc07d),
750 CS_C07E("TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc07e),
751 CS_C07F("TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc07f),
752 CS_C080("TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256", 0xc080),
753 CS_C081("TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384", 0xc081),
754 CS_C082("TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256", 0xc082),
755 CS_C083("TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384", 0xc083),
756 CS_C084("TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256", 0xc084),
757 CS_C085("TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384", 0xc085),
758 CS_C086("TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc086),
759 CS_C087("TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc087),
760 CS_C088("TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc088),
761 CS_C089("TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc089),
762 CS_C08A("TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc08a),
763 CS_C08B("TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc08b),
764 CS_C08C("TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc08c),
765 CS_C08D("TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc08d),
766 CS_C08E("TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256", 0xc08e),
767 CS_C08F("TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384", 0xc08f),
768 CS_C090("TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256", 0xc090),
769 CS_C091("TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384", 0xc091),
770 CS_C092("TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256", 0xc092),
771 CS_C093("TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384", 0xc093),
772 CS_C094("TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256", 0xc094),
773 CS_C095("TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384", 0xc095),
774 CS_C096("TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256", 0xc096),
775 CS_C097("TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384", 0xc097),
776 CS_C098("TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256", 0xc098),
777 CS_C099("TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384", 0xc099),
778 CS_C09A("TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256", 0xc09a),
779 CS_C09B("TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384", 0xc09b),
780
781 // Unsupported cipher suites from RFC 6655
782 CS_C09C("TLS_RSA_WITH_AES_128_CCM", 0xc09c),
783 CS_C09D("TLS_RSA_WITH_AES_256_CCM", 0xc09d),
784 CS_C09E("TLS_DHE_RSA_WITH_AES_128_CCM", 0xc09e),
785 CS_C09F("TLS_DHE_RSA_WITH_AES_256_CCM", 0xc09f),
786 CS_C0A0("TLS_RSA_WITH_AES_128_CCM_8", 0xc0A0),
787 CS_C0A1("TLS_RSA_WITH_AES_256_CCM_8", 0xc0A1),
788 CS_C0A2("TLS_DHE_RSA_WITH_AES_128_CCM_8", 0xc0A2),
789 CS_C0A3("TLS_DHE_RSA_WITH_AES_256_CCM_8", 0xc0A3),
790 CS_C0A4("TLS_PSK_WITH_AES_128_CCM", 0xc0A4),
791 CS_C0A5("TLS_PSK_WITH_AES_256_CCM", 0xc0A5),
792 CS_C0A6("TLS_DHE_PSK_WITH_AES_128_CCM", 0xc0A6),
793 CS_C0A7("TLS_DHE_PSK_WITH_AES_256_CCM", 0xc0A7),
794 CS_C0A8("TLS_PSK_WITH_AES_128_CCM_8", 0xc0A8),
795 CS_C0A9("TLS_PSK_WITH_AES_256_CCM_8", 0xc0A9),
796 CS_C0AA("TLS_PSK_DHE_WITH_AES_128_CCM_8", 0xc0Aa),
797 CS_C0AB("TLS_PSK_DHE_WITH_AES_256_CCM_8", 0xc0Ab),
798
799 // Unsupported cipher suites from RFC 7251
800 CS_C0AC("TLS_ECDHE_ECDSA_WITH_AES_128_CCM", 0xc0Ac),
801 CS_C0AD("TLS_ECDHE_ECDSA_WITH_AES_256_CCM", 0xc0Ad),
802 CS_C0AE("TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8", 0xc0Ae),
803 CS_C0AF("TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8", 0xc0Af),
804
805 C_NULL("SSL_NULL_WITH_NULL_NULL", 0x0000);
806
807 final int id;
808 final boolean isDefaultEnabled;
809 final String name;
810 final List<String> aliases;
811 final List<ProtocolVersion> supportedProtocols;
812 final KeyExchange keyExchange;
813 final SSLCipher bulkCipher;
814 final MacAlg macAlg;
815 final HashAlg hashAlg;
816
817 final boolean exportable;
818
819 // known but unsupported cipher suite
820 private CipherSuite(String name, int id) {
821 this(id, false, name, "",
822 ProtocolVersion.PROTOCOLS_EMPTY, null, null, null, null);
823 }
824
825 // TLS 1.3 cipher suite
826 private CipherSuite(int id, boolean isDefaultEnabled,
827 String name, ProtocolVersion[] supportedProtocols,
828 SSLCipher bulkCipher, HashAlg hashAlg) {
829 this(id, isDefaultEnabled, name, "",
830 supportedProtocols, null, bulkCipher, M_NULL, hashAlg);
831 }
832
833 private CipherSuite(int id, boolean isDefaultEnabled,
834 String name, String aliases,
835 ProtocolVersion[] supportedProtocols,
836 KeyExchange keyExchange, SSLCipher cipher,
837 MacAlg macAlg, HashAlg hashAlg) {
838 this.id = id;
839 this.isDefaultEnabled = isDefaultEnabled;
840 this.name = name;
841 if (!aliases.isEmpty()) {
842 this.aliases = Arrays.asList(aliases.split(","));
843 } else {
844 this.aliases = Collections.emptyList();
845 }
846 this.supportedProtocols = Arrays.asList(supportedProtocols);
847 this.keyExchange = keyExchange;
848 this.bulkCipher = cipher;
849 this.macAlg = macAlg;
850 this.hashAlg = hashAlg;
851
852 this.exportable = (cipher == null ? false : cipher.exportable);
853 }
854
855 static CipherSuite nameOf(String ciperSuiteName) {
856 for (CipherSuite cs : CipherSuite.values()) {
857 if (cs.name.equals(ciperSuiteName) ||
858 cs.aliases.contains(ciperSuiteName)) {
859 return cs;
860 }
861 }
862
863 return null;
864 }
865
866 static CipherSuite valueOf(int id) {
867 for (CipherSuite cs : CipherSuite.values()) {
868 if (cs.id == id) {
869 return cs;
870 }
871 }
872
873 return null;
874 }
875
876 static String nameOf(int id) {
877 for (CipherSuite cs : CipherSuite.values()) {
878 if (cs.id == id) {
879 return cs.name;
880 }
881 }
882
883 return "UNKNOWN-CIPHER-SUITE(" + Utilities.byte16HexString(id) + ")";
884 }
885
886 static Collection<CipherSuite> allowedCipherSuites() {
887 Collection<CipherSuite> cipherSuites = new LinkedList<>();
888 for (CipherSuite cs : CipherSuite.values()) {
889 if (!cs.supportedProtocols.isEmpty()) {
890 cipherSuites.add(cs);
891 } else {
892 // values() is ordered, remaining cipher suites are
893 // not supported.
894 break;
895 }
896 }
897 return cipherSuites;
898 }
899
900 static Collection<CipherSuite> defaultCipherSuites() {
901 Collection<CipherSuite> cipherSuites = new LinkedList<>();
902 for (CipherSuite cs : CipherSuite.values()) {
903 if (cs.isDefaultEnabled) {
904 cipherSuites.add(cs);
905 } else {
906 // values() is ordered, remaining cipher suites are
907 // not enabled.
908 break;
909 }
910 }
911 return cipherSuites;
912 }
913
914 /**
915 * Validates and converts an array of cipher suite names.
916 *
917 * @throws IllegalArgumentException when one or more of the ciphers named
918 * by the parameter is not supported, or when the parameter is null.
919 */
920 static List<CipherSuite> validValuesOf(String[] names) {
921 if (names == null) {
922 throw new IllegalArgumentException("CipherSuites cannot be null");
923 }
924
925 List<CipherSuite> cipherSuites = new ArrayList<>(names.length);
926 for (String name : names) {
927 if (name == null || name.isEmpty()) {
928 throw new IllegalArgumentException(
929 "The specified CipherSuites array contains " +
930 "invalid null or empty string elements");
931 }
932
933 boolean found = false;
934 for (CipherSuite cs : CipherSuite.values()) {
935 if (!cs.supportedProtocols.isEmpty()) {
936 if (cs.name.equals(name) ||
937 cs.aliases.contains(name)) {
938 cipherSuites.add(cs);
939 found = true;
940 break;
941 }
942 } else {
943 // values() is ordered, remaining cipher suites are
944 // not supported.
945 break;
946 }
947 }
948 if (!found) {
949 throw new IllegalArgumentException(
950 "Unsupported CipherSuite: " + name);
951 }
952 }
953
954 return Collections.unmodifiableList(cipherSuites);
955 }
956
957 static String[] namesOf(List<CipherSuite> cipherSuites) {
958 String[] names = new String[cipherSuites.size()];
959 int i = 0;
960 for (CipherSuite cipherSuite : cipherSuites) {
961 names[i++] = cipherSuite.name;
962 }
963
964 return names;
965 }
966
967 boolean isAvailable() {
968 // Note: keyExchange is null for TLS 1.3 CipherSuites.
969 return !supportedProtocols.isEmpty() &&
970 (keyExchange == null || keyExchange.isAvailable()) &&
971 bulkCipher != null && bulkCipher.isAvailable();
972 }
973
974 public boolean supports(ProtocolVersion protocolVersion) {
975 return supportedProtocols.contains(protocolVersion);
976 }
977
978 boolean isNegotiable() {
979 return this != TLS_EMPTY_RENEGOTIATION_INFO_SCSV && isAvailable();
980 }
981
982 boolean isAnonymous() {
983 return (keyExchange != null && keyExchange.isAnonymous);
984 }
985
986 // See also SSLWriteCipher.calculatePacketSize().
987 int calculatePacketSize(int fragmentSize,
988 ProtocolVersion protocolVersion) {
989 int packetSize = fragmentSize;
990 if (bulkCipher != null && bulkCipher != B_NULL) {
991 int blockSize = bulkCipher.ivSize;
992 switch (bulkCipher.cipherType) {
993 case BLOCK_CIPHER:
994 packetSize += macAlg.size;
995 packetSize += 1; // 1 byte padding length field
996 packetSize += // use the minimal padding
997 (blockSize - (packetSize % blockSize)) % blockSize;
998 if (protocolVersion.useTLS11PlusSpec()) {
999 packetSize += blockSize; // explicit IV
1000 }
1001
1002 break;
1003 case AEAD_CIPHER:
1004 if (protocolVersion == ProtocolVersion.TLS12) {
1005 packetSize +=
1006 bulkCipher.ivSize - bulkCipher.fixedIvSize;
1007 }
1008 packetSize += bulkCipher.tagSize;
1009
1010 break;
1011 default: // NULL_CIPHER or STREAM_CIPHER
1012 packetSize += macAlg.size;
1013 }
1014 }
1015
1016 return packetSize + SSLRecord.headerSize;
1017 }
1018
1019 // See also CipherBox.calculateFragmentSize().
1020 int calculateFragSize(int packetLimit,
1021 ProtocolVersion protocolVersion) {
1022 int fragSize = packetLimit - SSLRecord.headerSize;
1023 if (bulkCipher != null && bulkCipher != B_NULL) {
1024 int blockSize = bulkCipher.ivSize;
1025 switch (bulkCipher.cipherType) {
1026 case BLOCK_CIPHER:
1027 if (protocolVersion.useTLS11PlusSpec()) {
1028 fragSize -= blockSize; // explicit IV
1029 }
1030 fragSize -= (fragSize % blockSize); // cannot hold a block
1031 // No padding for a maximum fragment.
1032 fragSize -= 1; // 1 byte padding length field: 0x00
1033 fragSize -= macAlg.size;
1034
1035 break;
1036 case AEAD_CIPHER:
1037 fragSize -= bulkCipher.tagSize;
1038 fragSize -= bulkCipher.ivSize - bulkCipher.fixedIvSize;
1039
1040 break;
1041 default: // NULL_CIPHER or STREAM_CIPHER
1042 fragSize -= macAlg.size;
1043 }
1044 }
1045
1046 return fragSize;
1047 }
1048
1049 /**
1050 * An SSL/TLS key exchange algorithm.
1051 */
1052 static enum KeyExchange {
1053 K_NULL ("NULL", false, true, NAMED_GROUP_NONE),
1054 K_RSA ("RSA", true, false, NAMED_GROUP_NONE),
1055 K_RSA_EXPORT ("RSA_EXPORT", true, false, NAMED_GROUP_NONE),
1056 K_DH_RSA ("DH_RSA", false, false, NAMED_GROUP_NONE),
1057 K_DH_DSS ("DH_DSS", false, false, NAMED_GROUP_NONE),
1058 K_DHE_DSS ("DHE_DSS", true, false, NAMED_GROUP_FFDHE),
1059 K_DHE_DSS_EXPORT("DHE_DSS_EXPORT", true, false, NAMED_GROUP_NONE),
1060 K_DHE_RSA ("DHE_RSA", true, false, NAMED_GROUP_FFDHE),
1061 K_DHE_RSA_EXPORT("DHE_RSA_EXPORT", true, false, NAMED_GROUP_NONE),
1062 K_DH_ANON ("DH_anon", true, true, NAMED_GROUP_FFDHE),
1063 K_DH_ANON_EXPORT("DH_anon_EXPORT", true, true, NAMED_GROUP_NONE),
1064
1065 K_ECDH_ECDSA ("ECDH_ECDSA", true, false, NAMED_GROUP_ECDHE),
1066 K_ECDH_RSA ("ECDH_RSA", true, false, NAMED_GROUP_ECDHE),
1067 K_ECDHE_ECDSA ("ECDHE_ECDSA", true, false, NAMED_GROUP_ECDHE),
1068 K_ECDHE_RSA ("ECDHE_RSA", true, false, NAMED_GROUP_ECDHE),
1069 K_ECDH_ANON ("ECDH_anon", true, true, NAMED_GROUP_ECDHE),
1070
1071 // Kerberos cipher suites
1072 K_KRB5 ("KRB5", true, false, NAMED_GROUP_NONE),
1073 K_KRB5_EXPORT ("KRB5_EXPORT", true, false, NAMED_GROUP_NONE),
1074
1075 // renegotiation protection request signaling cipher suite
1076 K_SCSV ("SCSV", true, true, NAMED_GROUP_NONE);
1077
1078 // name of the key exchange algorithm, e.g. DHE_DSS
1079 final String name;
1080 final boolean allowed;
1081 final NamedGroupType groupType;
1082 private final boolean alwaysAvailable;
1083 private final boolean isAnonymous;
1084
1085 KeyExchange(String name, boolean allowed,
1086 boolean isAnonymous, NamedGroupType groupType) {
1087 this.name = name;
1088 if (groupType == NAMED_GROUP_ECDHE) {
1089 this.allowed = JsseJce.ALLOW_ECC;
1090 } else {
1091 this.allowed = allowed;
1092 }
1093 this.groupType = groupType;
1094 this.alwaysAvailable = allowed && (!name.startsWith("EC"));
1095 this.isAnonymous = isAnonymous;
1096 }
1097
1098 boolean isAvailable() {
1099 if (alwaysAvailable) {
1100 return true;
1101 }
1102
1103 if (groupType == NAMED_GROUP_ECDHE) {
1104 return (allowed && JsseJce.isEcAvailable());
1105 } else if (name.startsWith("KRB")) {
1106 return (allowed && JsseJce.isKerberosAvailable());
1107 } else {
1108 return allowed;
1109 }
1110 }
1111
1112 @Override
1113 public String toString() {
1114 return name;
1115 }
1116 }
1117
1118 /**
1119 * An SSL/TLS key MAC algorithm.
1120 *
1121 * Also contains a factory method to obtain an initialized MAC
1122 * for this algorithm.
1123 */
1124 static enum MacAlg {
1125 M_NULL ("NULL", 0, 0, 0),
1126 M_MD5 ("MD5", 16, 64, 9),
1127 M_SHA ("SHA", 20, 64, 9),
1128 M_SHA256 ("SHA256", 32, 64, 9),
1129 M_SHA384 ("SHA384", 48, 128, 17);
1130
1131 // descriptive name, e.g. MD5
1132 final String name;
1133
1134 // size of the MAC value (and MAC key) in bytes
1135 final int size;
1136
1137 // block size of the underlying hash algorithm
1138 final int hashBlockSize;
1139
1140 // minimal padding size of the underlying hash algorithm
1141 final int minimalPaddingSize;
1142
1143 MacAlg(String name, int size,
1144 int hashBlockSize, int minimalPaddingSize) {
1145 this.name = name;
1146 this.size = size;
1147 this.hashBlockSize = hashBlockSize;
1148 this.minimalPaddingSize = minimalPaddingSize;
1149 }
1150
1151 @Override
1152 public String toString() {
1153 return name;
1154 }
1155 }
1156
1157 /**
1158 * The hash algorithms used for PRF (PseudoRandom Function) or HKDF.
1159 *
1160 * Note that TLS 1.1- uses a single MD5/SHA1-based PRF algorithm for
1161 * generating the necessary material.
1162 */
1163 static enum HashAlg {
1164 H_NONE ("NONE", 0, 0),
1165 H_SHA256 ("SHA-256", 32, 64),
1166 H_SHA384 ("SHA-384", 48, 128);
1167
1168 final String name;
1169 final int hashLength;
1170 final int blockSize;
1171
1172 HashAlg(String hashAlg, int hashLength, int blockSize) {
1173 this.name = hashAlg;
1174 this.hashLength = hashLength;
1175 this.blockSize = blockSize;
1176 }
1177
1178 @Override
1179 public String toString() {
1180 return name;
1181 }
1182 }
1183 }