1 ## This file is part of Scapy 2 ## Copyright (C) 2007, 2008, 2009 Arnaud Ebalard 3 ## 2015, 2016, 2017 Maxence Tury 4 ## This program is published under a GPLv2 license 5 6 """ 7 TLS cipher suites. 8 9 A comprehensive list of specified cipher suites can be consulted at: 10 https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml 11 """ 12 13 from __future__ import absolute_import 14 from scapy.layers.tls.crypto.kx_algs import _tls_kx_algs 15 from scapy.layers.tls.crypto.hash import _tls_hash_algs 16 from scapy.layers.tls.crypto.h_mac import _tls_hmac_algs 17 from scapy.layers.tls.crypto.ciphers import _tls_cipher_algs 18 import scapy.modules.six as six 19 20 21 def get_algs_from_ciphersuite_name(ciphersuite_name): 22 """ 23 Return the 3-tuple made of the Key Exchange Algorithm class, the Cipher 24 class and the HMAC class, through the parsing of the ciphersuite name. 25 """ 26 tls1_3 = False 27 if ciphersuite_name.startswith("TLS"): 28 s = ciphersuite_name[4:] 29 30 if s.endswith("CCM") or s.endswith("CCM_8"): 31 kx_name, s = s.split("_WITH_") 32 kx_alg = _tls_kx_algs.get(kx_name) 33 hash_alg = _tls_hash_algs.get("SHA256") 34 cipher_alg = _tls_cipher_algs.get(s) 35 hmac_alg = None 36 37 else: 38 if "WITH" in s: 39 kx_name, s = s.split("_WITH_") 40 kx_alg = _tls_kx_algs.get(kx_name) 41 else: 42 tls1_3 = True 43 kx_alg = _tls_kx_algs.get("TLS13") 44 45 hash_name = s.split('_')[-1] 46 hash_alg = _tls_hash_algs.get(hash_name) 47 48 cipher_name = s[:-(len(hash_name) + 1)] 49 if tls1_3: 50 cipher_name += "_TLS13" 51 cipher_alg = _tls_cipher_algs.get(cipher_name) 52 53 hmac_alg = None 54 if cipher_alg is not None and cipher_alg.type != "aead": 55 hmac_name = "HMAC-%s" % hash_name 56 hmac_alg = _tls_hmac_algs.get(hmac_name) 57 58 elif ciphersuite_name.startswith("SSL"): 59 s = ciphersuite_name[7:] 60 kx_alg = _tls_kx_algs.get("SSLv2") 61 cipher_name, hash_name = s.split("_WITH_") 62 cipher_alg = _tls_cipher_algs.get(cipher_name.rstrip("_EXPORT40")) 63 kx_alg.export = cipher_name.endswith("_EXPORT40") 64 hmac_alg = _tls_hmac_algs.get("HMAC-NULL") 65 hash_alg = _tls_hash_algs.get(hash_name) 66 67 return kx_alg, cipher_alg, hmac_alg, hash_alg, tls1_3 68 69 70 _tls_cipher_suites = {} 71 _tls_cipher_suites_cls = {} 72 73 class _GenericCipherSuiteMetaclass(type): 74 """ 75 Cipher suite classes are automatically registered through this metaclass. 76 Their name attribute equates their respective class name. 77 78 We also pre-compute every expected length of the key block to be generated, 79 which may vary according to the current tls_version. The default is set to 80 the TLS 1.2 length, and the value should be set at class instantiation. 81 82 Regarding the AEAD cipher suites, note that the 'hmac_alg' attribute will 83 be set to None. Yet, we always need a 'hash_alg' for the PRF. 84 """ 85 def __new__(cls, cs_name, bases, dct): 86 cs_val = dct.get("val") 87 88 if cs_name != "_GenericCipherSuite": 89 kx, c, hm, h, tls1_3 = get_algs_from_ciphersuite_name(cs_name) 90 91 if c is None or h is None or (kx is None and not tls1_3): 92 dct["usable"] = False 93 else: 94 dct["usable"] = True 95 dct["name"] = cs_name 96 dct["kx_alg"] = kx 97 dct["cipher_alg"] = c 98 dct["hmac_alg"] = hm 99 dct["hash_alg"] = h 100 101 if not tls1_3: 102 kb_len = 2*c.key_len 103 104 if c.type == "stream" or c.type == "block": 105 kb_len += 2*hm.key_len 106 107 kb_len_v1_0 = kb_len 108 if c.type == "block": 109 kb_len_v1_0 += 2*c.block_size 110 # no explicit IVs added for TLS 1.1+ 111 elif c.type == "aead": 112 kb_len_v1_0 += 2*c.fixed_iv_len 113 kb_len += 2*c.fixed_iv_len 114 115 dct["_key_block_len_v1_0"] = kb_len_v1_0 116 dct["key_block_len"] = kb_len 117 118 _tls_cipher_suites[cs_val] = cs_name 119 the_class = super(_GenericCipherSuiteMetaclass, cls).__new__(cls, 120 cs_name, 121 bases, 122 dct) 123 if cs_name != "_GenericCipherSuite": 124 _tls_cipher_suites_cls[cs_val] = the_class 125 return the_class 126 127 128 class _GenericCipherSuite(six.with_metaclass(_GenericCipherSuiteMetaclass, object)): 129 def __init__(self, tls_version=0x0303): 130 """ 131 Most of the attributes are fixed and have already been set by the 132 metaclass, but we still have to provide tls_version differentiation. 133 134 For now, the key_block_len remains the only application if this. 135 Indeed for TLS 1.1+, when using a block cipher, there are no implicit 136 IVs derived from the master secret. Note that an overlong key_block_len 137 would not affect the secret generation (the trailing bytes would 138 simply be discarded), but we still provide this for completeness. 139 """ 140 super(_GenericCipherSuite, self).__init__() 141 if tls_version <= 0x301: 142 self.key_block_len = self._key_block_len_v1_0 143 144 145 class TLS_NULL_WITH_NULL_NULL(_GenericCipherSuite): 146 val = 0x0000 147 148 class TLS_RSA_WITH_NULL_MD5(_GenericCipherSuite): 149 val = 0x0001 150 151 class TLS_RSA_WITH_NULL_SHA(_GenericCipherSuite): 152 val = 0x0002 153 154 class TLS_RSA_EXPORT_WITH_RC4_40_MD5(_GenericCipherSuite): 155 val = 0x0003 156 157 class TLS_RSA_WITH_RC4_128_MD5(_GenericCipherSuite): 158 val = 0x0004 159 160 class TLS_RSA_WITH_RC4_128_SHA(_GenericCipherSuite): 161 val = 0x0005 162 163 class TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5(_GenericCipherSuite): 164 val = 0x0006 165 166 class TLS_RSA_WITH_IDEA_CBC_SHA(_GenericCipherSuite): 167 val = 0x0007 168 169 class TLS_RSA_EXPORT_WITH_DES40_CBC_SHA(_GenericCipherSuite): 170 val = 0x0008 171 172 class TLS_RSA_WITH_DES_CBC_SHA(_GenericCipherSuite): 173 val = 0x0009 174 175 class TLS_RSA_WITH_3DES_EDE_CBC_SHA(_GenericCipherSuite): 176 val = 0x000A 177 178 class TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA(_GenericCipherSuite): 179 val = 0x000B 180 181 class TLS_DH_DSS_WITH_DES_CBC_SHA(_GenericCipherSuite): 182 val = 0x000C 183 184 class TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA(_GenericCipherSuite): 185 val = 0x000D 186 187 class TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA(_GenericCipherSuite): 188 val = 0x000E 189 190 class TLS_DH_RSA_WITH_DES_CBC_SHA(_GenericCipherSuite): 191 val = 0x000F 192 193 class TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA(_GenericCipherSuite): 194 val = 0x0010 195 196 class TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA(_GenericCipherSuite): 197 val = 0x0011 198 199 class TLS_DHE_DSS_WITH_DES_CBC_SHA(_GenericCipherSuite): 200 val = 0x0012 201 202 class TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA(_GenericCipherSuite): 203 val = 0x0013 204 205 class TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA(_GenericCipherSuite): 206 val = 0x0014 207 208 class TLS_DHE_RSA_WITH_DES_CBC_SHA(_GenericCipherSuite): 209 val = 0x0015 210 211 class TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA(_GenericCipherSuite): 212 val = 0x0016 213 214 class TLS_DH_anon_EXPORT_WITH_RC4_40_MD5(_GenericCipherSuite): 215 val = 0x0017 216 217 class TLS_DH_anon_WITH_RC4_128_MD5(_GenericCipherSuite): 218 val = 0x0018 219 220 class TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA(_GenericCipherSuite): 221 val = 0x0019 222 223 class TLS_DH_anon_WITH_DES_CBC_SHA(_GenericCipherSuite): 224 val = 0x001A 225 226 class TLS_DH_anon_WITH_3DES_EDE_CBC_SHA(_GenericCipherSuite): 227 val = 0x001B 228 229 class TLS_KRB5_WITH_DES_CBC_SHA(_GenericCipherSuite): 230 val = 0x001E 231 232 class TLS_KRB5_WITH_3DES_EDE_CBC_SHA(_GenericCipherSuite): 233 val = 0x001F 234 235 class TLS_KRB5_WITH_RC4_128_SHA(_GenericCipherSuite): 236 val = 0x0020 237 238 class TLS_KRB5_WITH_IDEA_CBC_SHA(_GenericCipherSuite): 239 val = 0x0021 240 241 class TLS_KRB5_WITH_DES_CBC_MD5(_GenericCipherSuite): 242 val = 0x0022 243 244 class TLS_KRB5_WITH_3DES_EDE_CBC_MD5(_GenericCipherSuite): 245 val = 0x0023 246 247 class TLS_KRB5_WITH_RC4_128_MD5(_GenericCipherSuite): 248 val = 0x0024 249 250 class TLS_KRB5_WITH_IDEA_CBC_MD5(_GenericCipherSuite): 251 val = 0x0025 252 253 class TLS_KRB5_EXPORT_WITH_DES40_CBC_SHA(_GenericCipherSuite): 254 val = 0x0026 255 256 class TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA(_GenericCipherSuite): 257 val = 0x0027 258 259 class TLS_KRB5_EXPORT_WITH_RC4_40_SHA(_GenericCipherSuite): 260 val = 0x0028 261 262 class TLS_KRB5_EXPORT_WITH_DES40_CBC_MD5(_GenericCipherSuite): 263 val = 0x0029 264 265 class TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5(_GenericCipherSuite): 266 val = 0x002A 267 268 class TLS_KRB5_EXPORT_WITH_RC4_40_MD5(_GenericCipherSuite): 269 val = 0x002B 270 271 class TLS_PSK_WITH_NULL_SHA(_GenericCipherSuite): 272 val = 0x002C 273 274 class TLS_DHE_PSK_WITH_NULL_SHA(_GenericCipherSuite): 275 val = 0x002D 276 277 class TLS_RSA_PSK_WITH_NULL_SHA(_GenericCipherSuite): 278 val = 0x002E 279 280 class TLS_RSA_WITH_AES_128_CBC_SHA(_GenericCipherSuite): 281 val = 0x002F 282 283 class TLS_DH_DSS_WITH_AES_128_CBC_SHA(_GenericCipherSuite): 284 val = 0x0030 285 286 class TLS_DH_RSA_WITH_AES_128_CBC_SHA(_GenericCipherSuite): 287 val = 0x0031 288 289 class TLS_DHE_DSS_WITH_AES_128_CBC_SHA(_GenericCipherSuite): 290 val = 0x0032 291 292 class TLS_DHE_RSA_WITH_AES_128_CBC_SHA(_GenericCipherSuite): 293 val = 0x0033 294 295 class TLS_DH_anon_WITH_AES_128_CBC_SHA(_GenericCipherSuite): 296 val = 0x0034 297 298 class TLS_RSA_WITH_AES_256_CBC_SHA(_GenericCipherSuite): 299 val = 0x0035 300 301 class TLS_DH_DSS_WITH_AES_256_CBC_SHA(_GenericCipherSuite): 302 val = 0x0036 303 304 class TLS_DH_RSA_WITH_AES_256_CBC_SHA(_GenericCipherSuite): 305 val = 0x0037 306 307 class TLS_DHE_DSS_WITH_AES_256_CBC_SHA(_GenericCipherSuite): 308 val = 0x0038 309 310 class TLS_DHE_RSA_WITH_AES_256_CBC_SHA(_GenericCipherSuite): 311 val = 0x0039 312 313 class TLS_DH_anon_WITH_AES_256_CBC_SHA(_GenericCipherSuite): 314 val = 0x003A 315 316 class TLS_RSA_WITH_NULL_SHA256(_GenericCipherSuite): 317 val = 0x003B 318 319 class TLS_RSA_WITH_AES_128_CBC_SHA256(_GenericCipherSuite): 320 val = 0x003C 321 322 class TLS_RSA_WITH_AES_256_CBC_SHA256(_GenericCipherSuite): 323 val = 0x003D 324 325 class TLS_DH_DSS_WITH_AES_128_CBC_SHA256(_GenericCipherSuite): 326 val = 0x003E 327 328 class TLS_DH_RSA_WITH_AES_128_CBC_SHA256(_GenericCipherSuite): 329 val = 0x003F 330 331 class TLS_DHE_DSS_WITH_AES_128_CBC_SHA256(_GenericCipherSuite): 332 val = 0x0040 333 334 class TLS_RSA_WITH_CAMELLIA_128_CBC_SHA(_GenericCipherSuite): 335 val = 0x0041 336 337 class TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA(_GenericCipherSuite): 338 val = 0x0042 339 340 class TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA(_GenericCipherSuite): 341 val = 0x0043 342 343 class TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA(_GenericCipherSuite): 344 val = 0x0044 345 346 class TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA(_GenericCipherSuite): 347 val = 0x0045 348 349 class TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA(_GenericCipherSuite): 350 val = 0x0046 351 352 class TLS_DHE_RSA_WITH_AES_128_CBC_SHA256(_GenericCipherSuite): 353 val = 0x0067 354 355 class TLS_DH_DSS_WITH_AES_256_CBC_SHA256(_GenericCipherSuite): 356 val = 0x0068 357 358 class TLS_DH_RSA_WITH_AES_256_CBC_SHA256(_GenericCipherSuite): 359 val = 0x0069 360 361 class TLS_DHE_DSS_WITH_AES_256_CBC_SHA256(_GenericCipherSuite): 362 val = 0x006A 363 364 class TLS_DHE_RSA_WITH_AES_256_CBC_SHA256(_GenericCipherSuite): 365 val = 0x006B 366 367 class TLS_DH_anon_WITH_AES_128_CBC_SHA256(_GenericCipherSuite): 368 val = 0x006C 369 370 class TLS_DH_anon_WITH_AES_256_CBC_SHA256(_GenericCipherSuite): 371 val = 0x006D 372 373 class TLS_RSA_WITH_CAMELLIA_256_CBC_SHA(_GenericCipherSuite): 374 val = 0x0084 375 376 class TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA(_GenericCipherSuite): 377 val = 0x0085 378 379 class TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA(_GenericCipherSuite): 380 val = 0x0086 381 382 class TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA(_GenericCipherSuite): 383 val = 0x0087 384 385 class TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA(_GenericCipherSuite): 386 val = 0x0088 387 388 class TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA(_GenericCipherSuite): 389 val = 0x0089 390 391 class TLS_PSK_WITH_RC4_128_SHA(_GenericCipherSuite): 392 val = 0x008A 393 394 class TLS_PSK_WITH_3DES_EDE_CBC_SHA(_GenericCipherSuite): 395 val = 0x008B 396 397 class TLS_PSK_WITH_AES_128_CBC_SHA(_GenericCipherSuite): 398 val = 0x008C 399 400 class TLS_PSK_WITH_AES_256_CBC_SHA(_GenericCipherSuite): 401 val = 0x008D 402 403 class TLS_DHE_PSK_WITH_RC4_128_SHA(_GenericCipherSuite): 404 val = 0x008E 405 406 class TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA(_GenericCipherSuite): 407 val = 0x008F 408 409 class TLS_DHE_PSK_WITH_AES_128_CBC_SHA(_GenericCipherSuite): 410 val = 0x0090 411 412 class TLS_DHE_PSK_WITH_AES_256_CBC_SHA(_GenericCipherSuite): 413 val = 0x0091 414 415 class TLS_RSA_PSK_WITH_RC4_128_SHA(_GenericCipherSuite): 416 val = 0x0092 417 418 class TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA(_GenericCipherSuite): 419 val = 0x0093 420 421 class TLS_RSA_PSK_WITH_AES_128_CBC_SHA(_GenericCipherSuite): 422 val = 0x0094 423 424 class TLS_RSA_PSK_WITH_AES_256_CBC_SHA(_GenericCipherSuite): 425 val = 0x0095 426 427 class TLS_RSA_WITH_SEED_CBC_SHA(_GenericCipherSuite): 428 val = 0x0096 429 430 class TLS_DH_DSS_WITH_SEED_CBC_SHA(_GenericCipherSuite): 431 val = 0x0097 432 433 class TLS_DH_RSA_WITH_SEED_CBC_SHA(_GenericCipherSuite): 434 val = 0x0098 435 436 class TLS_DHE_DSS_WITH_SEED_CBC_SHA(_GenericCipherSuite): 437 val = 0x0099 438 439 class TLS_DHE_RSA_WITH_SEED_CBC_SHA(_GenericCipherSuite): 440 val = 0x009A 441 442 class TLS_DH_anon_WITH_SEED_CBC_SHA(_GenericCipherSuite): 443 val = 0x009B 444 445 class TLS_RSA_WITH_AES_128_GCM_SHA256(_GenericCipherSuite): 446 val = 0x009C 447 448 class TLS_RSA_WITH_AES_256_GCM_SHA384(_GenericCipherSuite): 449 val = 0x009D 450 451 class TLS_DHE_RSA_WITH_AES_128_GCM_SHA256(_GenericCipherSuite): 452 val = 0x009E 453 454 class TLS_DHE_RSA_WITH_AES_256_GCM_SHA384(_GenericCipherSuite): 455 val = 0x009F 456 457 class TLS_DH_RSA_WITH_AES_128_GCM_SHA256(_GenericCipherSuite): 458 val = 0x00A0 459 460 class TLS_DH_RSA_WITH_AES_256_GCM_SHA384(_GenericCipherSuite): 461 val = 0x00A1 462 463 class TLS_DHE_DSS_WITH_AES_128_GCM_SHA256(_GenericCipherSuite): 464 val = 0x00A2 465 466 class TLS_DHE_DSS_WITH_AES_256_GCM_SHA384(_GenericCipherSuite): 467 val = 0x00A3 468 469 class TLS_DH_DSS_WITH_AES_128_GCM_SHA256(_GenericCipherSuite): 470 val = 0x00A4 471 472 class TLS_DH_DSS_WITH_AES_256_GCM_SHA384(_GenericCipherSuite): 473 val = 0x00A5 474 475 class TLS_DH_anon_WITH_AES_128_GCM_SHA256(_GenericCipherSuite): 476 val = 0x00A6 477 478 class TLS_DH_anon_WITH_AES_256_GCM_SHA384(_GenericCipherSuite): 479 val = 0x00A7 480 481 class TLS_PSK_WITH_AES_128_GCM_SHA256(_GenericCipherSuite): 482 val = 0x00A8 483 484 class TLS_PSK_WITH_AES_256_GCM_SHA384(_GenericCipherSuite): 485 val = 0x00A9 486 487 class TLS_DHE_PSK_WITH_AES_128_GCM_SHA256(_GenericCipherSuite): 488 val = 0x00AA 489 490 class TLS_DHE_PSK_WITH_AES_256_GCM_SHA384(_GenericCipherSuite): 491 val = 0x00AB 492 493 class TLS_RSA_PSK_WITH_AES_128_GCM_SHA256(_GenericCipherSuite): 494 val = 0x00AC 495 496 class TLS_RSA_PSK_WITH_AES_256_GCM_SHA384(_GenericCipherSuite): 497 val = 0x00AD 498 499 class TLS_PSK_WITH_AES_128_CBC_SHA256(_GenericCipherSuite): 500 val = 0x00AE 501 502 class TLS_PSK_WITH_AES_256_CBC_SHA384(_GenericCipherSuite): 503 val = 0x00AF 504 505 class TLS_PSK_WITH_NULL_SHA256(_GenericCipherSuite): 506 val = 0x00B0 507 508 class TLS_PSK_WITH_NULL_SHA384(_GenericCipherSuite): 509 val = 0x00B1 510 511 class TLS_DHE_PSK_WITH_AES_128_CBC_SHA256(_GenericCipherSuite): 512 val = 0x00B2 513 514 class TLS_DHE_PSK_WITH_AES_256_CBC_SHA384(_GenericCipherSuite): 515 val = 0x00B3 516 517 class TLS_DHE_PSK_WITH_NULL_SHA256(_GenericCipherSuite): 518 val = 0x00B4 519 520 class TLS_DHE_PSK_WITH_NULL_SHA384(_GenericCipherSuite): 521 val = 0x00B5 522 523 class TLS_RSA_PSK_WITH_AES_128_CBC_SHA256(_GenericCipherSuite): 524 val = 0x00B6 525 526 class TLS_RSA_PSK_WITH_AES_256_CBC_SHA384(_GenericCipherSuite): 527 val = 0x00B7 528 529 class TLS_RSA_PSK_WITH_NULL_SHA256(_GenericCipherSuite): 530 val = 0x00B8 531 532 class TLS_RSA_PSK_WITH_NULL_SHA384(_GenericCipherSuite): 533 val = 0x00B9 534 535 class TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256(_GenericCipherSuite): 536 val = 0x00BA 537 538 class TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256(_GenericCipherSuite): 539 val = 0x00BB 540 541 class TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256(_GenericCipherSuite): 542 val = 0x00BC 543 544 class TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256(_GenericCipherSuite): 545 val = 0x00BD 546 547 class TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256(_GenericCipherSuite): 548 val = 0x00BE 549 550 class TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256(_GenericCipherSuite): 551 val = 0x00BF 552 553 class TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256(_GenericCipherSuite): 554 val = 0x00C0 555 556 class TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256(_GenericCipherSuite): 557 val = 0x00C1 558 559 class TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256(_GenericCipherSuite): 560 val = 0x00C2 561 562 class TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256(_GenericCipherSuite): 563 val = 0x00C3 564 565 class TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256(_GenericCipherSuite): 566 val = 0x00C4 567 568 class TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256(_GenericCipherSuite): 569 val = 0x00C5 570 571 #class TLS_EMPTY_RENEGOTIATION_INFO_CSV(_GenericCipherSuite): 572 # val = 0x00FF 573 574 #class TLS_FALLBACK_SCSV(_GenericCipherSuite): 575 # val = 0x5600 576 577 class TLS_ECDH_ECDSA_WITH_NULL_SHA(_GenericCipherSuite): 578 val = 0xC001 579 580 class TLS_ECDH_ECDSA_WITH_RC4_128_SHA(_GenericCipherSuite): 581 val = 0xC002 582 583 class TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA(_GenericCipherSuite): 584 val = 0xC003 585 586 class TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA(_GenericCipherSuite): 587 val = 0xC004 588 589 class TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA(_GenericCipherSuite): 590 val = 0xC005 591 592 class TLS_ECDHE_ECDSA_WITH_NULL_SHA(_GenericCipherSuite): 593 val = 0xC006 594 595 class TLS_ECDHE_ECDSA_WITH_RC4_128_SHA(_GenericCipherSuite): 596 val = 0xC007 597 598 class TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA(_GenericCipherSuite): 599 val = 0xC008 600 601 class TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA(_GenericCipherSuite): 602 val = 0xC009 603 604 class TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA(_GenericCipherSuite): 605 val = 0xC00A 606 607 class TLS_ECDH_RSA_WITH_NULL_SHA(_GenericCipherSuite): 608 val = 0xC00B 609 610 class TLS_ECDH_RSA_WITH_RC4_128_SHA(_GenericCipherSuite): 611 val = 0xC00C 612 613 class TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA(_GenericCipherSuite): 614 val = 0xC00D 615 616 class TLS_ECDH_RSA_WITH_AES_128_CBC_SHA(_GenericCipherSuite): 617 val = 0xC00E 618 619 class TLS_ECDH_RSA_WITH_AES_256_CBC_SHA(_GenericCipherSuite): 620 val = 0xC00F 621 622 class TLS_ECDHE_RSA_WITH_NULL_SHA(_GenericCipherSuite): 623 val = 0xC010 624 625 class TLS_ECDHE_RSA_WITH_RC4_128_SHA(_GenericCipherSuite): 626 val = 0xC011 627 628 class TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA(_GenericCipherSuite): 629 val = 0xC012 630 631 class TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(_GenericCipherSuite): 632 val = 0xC013 633 634 class TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(_GenericCipherSuite): 635 val = 0xC014 636 637 class TLS_ECDH_anon_WITH_NULL_SHA(_GenericCipherSuite): 638 val = 0xC015 639 640 class TLS_ECDH_anon_WITH_RC4_128_SHA(_GenericCipherSuite): 641 val = 0xC016 642 643 class TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA(_GenericCipherSuite): 644 val = 0xC017 645 646 class TLS_ECDH_anon_WITH_AES_128_CBC_SHA(_GenericCipherSuite): 647 val = 0xC018 648 649 class TLS_ECDH_anon_WITH_AES_256_CBC_SHA(_GenericCipherSuite): 650 val = 0xC019 651 652 class TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA(_GenericCipherSuite): 653 val = 0xC01A 654 655 class TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA(_GenericCipherSuite): 656 val = 0xC01B 657 658 class TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA(_GenericCipherSuite): 659 val = 0xC01C 660 661 class TLS_SRP_SHA_WITH_AES_128_CBC_SHA(_GenericCipherSuite): 662 val = 0xC01D 663 664 class TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA(_GenericCipherSuite): 665 val = 0xC01E 666 667 class TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA(_GenericCipherSuite): 668 val = 0xC01F 669 670 class TLS_SRP_SHA_WITH_AES_256_CBC_SHA(_GenericCipherSuite): 671 val = 0xC020 672 673 class TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA(_GenericCipherSuite): 674 val = 0xC021 675 676 class TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA(_GenericCipherSuite): 677 val = 0xC022 678 679 class TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256(_GenericCipherSuite): 680 val = 0xC023 681 682 class TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384(_GenericCipherSuite): 683 val = 0xC024 684 685 class TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256(_GenericCipherSuite): 686 val = 0xC025 687 688 class TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384(_GenericCipherSuite): 689 val = 0xC026 690 691 class TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256(_GenericCipherSuite): 692 val = 0xC027 693 694 class TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384(_GenericCipherSuite): 695 val = 0xC028 696 697 class TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256(_GenericCipherSuite): 698 val = 0xC029 699 700 class TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384(_GenericCipherSuite): 701 val = 0xC02A 702 703 class TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(_GenericCipherSuite): 704 val = 0xC02B 705 706 class TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384(_GenericCipherSuite): 707 val = 0xC02C 708 709 class TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256(_GenericCipherSuite): 710 val = 0xC02D 711 712 class TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384(_GenericCipherSuite): 713 val = 0xC02E 714 715 class TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(_GenericCipherSuite): 716 val = 0xC02F 717 718 class TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(_GenericCipherSuite): 719 val = 0xC030 720 721 class TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256(_GenericCipherSuite): 722 val = 0xC031 723 724 class TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384(_GenericCipherSuite): 725 val = 0xC032 726 727 class TLS_ECDHE_PSK_WITH_RC4_128_SHA(_GenericCipherSuite): 728 val = 0xC033 729 730 class TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA(_GenericCipherSuite): 731 val = 0xC034 732 733 class TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA(_GenericCipherSuite): 734 val = 0xC035 735 736 class TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA(_GenericCipherSuite): 737 val = 0xC036 738 739 class TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256(_GenericCipherSuite): 740 val = 0xC037 741 742 class TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384(_GenericCipherSuite): 743 val = 0xC038 744 745 class TLS_ECDHE_PSK_WITH_NULL_SHA(_GenericCipherSuite): 746 val = 0xC039 747 748 class TLS_ECDHE_PSK_WITH_NULL_SHA256(_GenericCipherSuite): 749 val = 0xC03A 750 751 class TLS_ECDHE_PSK_WITH_NULL_SHA384(_GenericCipherSuite): 752 val = 0xC03B 753 754 # suites 0xC03C-C071 use ARIA 755 756 class TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256(_GenericCipherSuite): 757 val = 0xC072 758 759 class TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384(_GenericCipherSuite): 760 val = 0xC073 761 762 class TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256(_GenericCipherSuite): 763 val = 0xC074 764 765 class TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384(_GenericCipherSuite): 766 val = 0xC075 767 768 class TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256(_GenericCipherSuite): 769 val = 0xC076 770 771 class TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384(_GenericCipherSuite): 772 val = 0xC077 773 774 class TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256(_GenericCipherSuite): 775 val = 0xC078 776 777 class TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384(_GenericCipherSuite): 778 val = 0xC079 779 780 class TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256(_GenericCipherSuite): 781 val = 0xC07A 782 783 class TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384(_GenericCipherSuite): 784 val = 0xC07B 785 786 class TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256(_GenericCipherSuite): 787 val = 0xC07C 788 789 class TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384(_GenericCipherSuite): 790 val = 0xC07D 791 792 class TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256(_GenericCipherSuite): 793 val = 0xC07E 794 795 class TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384(_GenericCipherSuite): 796 val = 0xC07F 797 798 class TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256(_GenericCipherSuite): 799 val = 0xC080 800 801 class TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384(_GenericCipherSuite): 802 val = 0xC081 803 804 class TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256(_GenericCipherSuite): 805 val = 0xC082 806 807 class TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384(_GenericCipherSuite): 808 val = 0xC083 809 810 class TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256(_GenericCipherSuite): 811 val = 0xC084 812 813 class TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384(_GenericCipherSuite): 814 val = 0xC085 815 816 class TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256(_GenericCipherSuite): 817 val = 0xC086 818 819 class TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384(_GenericCipherSuite): 820 val = 0xC087 821 822 class TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256(_GenericCipherSuite): 823 val = 0xC088 824 825 class TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384(_GenericCipherSuite): 826 val = 0xC089 827 828 class TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256(_GenericCipherSuite): 829 val = 0xC08A 830 831 class TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384(_GenericCipherSuite): 832 val = 0xC08B 833 834 class TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256(_GenericCipherSuite): 835 val = 0xC08C 836 837 class TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384(_GenericCipherSuite): 838 val = 0xC08D 839 840 class TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256(_GenericCipherSuite): 841 val = 0xC08E 842 843 class TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384(_GenericCipherSuite): 844 val = 0xC08F 845 846 class TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256(_GenericCipherSuite): 847 val = 0xC090 848 849 class TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384(_GenericCipherSuite): 850 val = 0xC091 851 852 class TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256(_GenericCipherSuite): 853 val = 0xC092 854 855 class TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384(_GenericCipherSuite): 856 val = 0xC093 857 858 class TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256(_GenericCipherSuite): 859 val = 0xC094 860 861 class TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384(_GenericCipherSuite): 862 val = 0xC095 863 864 class TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256(_GenericCipherSuite): 865 val = 0xC096 866 867 class TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384(_GenericCipherSuite): 868 val = 0xC097 869 870 class TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256(_GenericCipherSuite): 871 val = 0xC098 872 873 class TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384(_GenericCipherSuite): 874 val = 0xC099 875 876 class TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256(_GenericCipherSuite): 877 val = 0xC09A 878 879 class TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384(_GenericCipherSuite): 880 val = 0xC09B 881 882 class TLS_RSA_WITH_AES_128_CCM(_GenericCipherSuite): 883 val = 0xC09C 884 885 class TLS_RSA_WITH_AES_256_CCM(_GenericCipherSuite): 886 val = 0xC09D 887 888 class TLS_DHE_RSA_WITH_AES_128_CCM(_GenericCipherSuite): 889 val = 0xC09E 890 891 class TLS_DHE_RSA_WITH_AES_256_CCM(_GenericCipherSuite): 892 val = 0xC09F 893 894 class TLS_RSA_WITH_AES_128_CCM_8(_GenericCipherSuite): 895 val = 0xC0A0 896 897 class TLS_RSA_WITH_AES_256_CCM_8(_GenericCipherSuite): 898 val = 0xC0A1 899 900 class TLS_DHE_RSA_WITH_AES_128_CCM_8(_GenericCipherSuite): 901 val = 0xC0A2 902 903 class TLS_DHE_RSA_WITH_AES_256_CCM_8(_GenericCipherSuite): 904 val = 0xC0A3 905 906 class TLS_PSK_WITH_AES_128_CCM(_GenericCipherSuite): 907 val = 0xC0A4 908 909 class TLS_PSK_WITH_AES_256_CCM(_GenericCipherSuite): 910 val = 0xC0A5 911 912 class TLS_DHE_PSK_WITH_AES_128_CCM(_GenericCipherSuite): 913 val = 0xC0A6 914 915 class TLS_DHE_PSK_WITH_AES_256_CCM(_GenericCipherSuite): 916 val = 0xC0A7 917 918 class TLS_PSK_WITH_AES_128_CCM_8(_GenericCipherSuite): 919 val = 0xC0A8 920 921 class TLS_PSK_WITH_AES_256_CCM_8(_GenericCipherSuite): 922 val = 0xC0A9 923 924 class TLS_DHE_PSK_WITH_AES_128_CCM_8(_GenericCipherSuite): 925 val = 0xC0AA 926 927 class TLS_DHE_PSK_WITH_AES_256_CCM_8(_GenericCipherSuite): 928 val = 0xC0AB 929 930 class TLS_ECDHE_ECDSA_WITH_AES_128_CCM(_GenericCipherSuite): 931 val = 0xC0AC 932 933 class TLS_ECDHE_ECDSA_WITH_AES_256_CCM(_GenericCipherSuite): 934 val = 0xC0AD 935 936 class TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8(_GenericCipherSuite): 937 val = 0xC0AE 938 939 class TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8(_GenericCipherSuite): 940 val = 0xC0AF 941 942 # the next 3 suites are from draft-agl-tls-chacha20poly1305-04 943 class TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD(_GenericCipherSuite): 944 val = 0xCC13 945 946 class TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256_OLD(_GenericCipherSuite): 947 val = 0xCC14 948 949 class TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD(_GenericCipherSuite): 950 val = 0xCC15 951 952 class TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256(_GenericCipherSuite): 953 val = 0xCCA8 954 955 class TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256(_GenericCipherSuite): 956 val = 0xCCA9 957 958 class TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256(_GenericCipherSuite): 959 val = 0xCCAA 960 961 class TLS_PSK_WITH_CHACHA20_POLY1305_SHA256(_GenericCipherSuite): 962 val = 0xCCAB 963 964 class TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256(_GenericCipherSuite): 965 val = 0xCCAC 966 967 class TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256(_GenericCipherSuite): 968 val = 0xCCAD 969 970 class TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256(_GenericCipherSuite): 971 val = 0xCCAE 972 973 974 class TLS_AES_128_GCM_SHA256(_GenericCipherSuite): 975 val = 0x1301 976 977 class TLS_AES_256_GCM_SHA384(_GenericCipherSuite): 978 val = 0x1302 979 980 class TLS_CHACHA20_POLY1305_SHA256(_GenericCipherSuite): 981 val = 0x1303 982 983 class TLS_AES_128_CCM_SHA256(_GenericCipherSuite): 984 val = 0x1304 985 986 class TLS_AES_128_CCM_8_SHA256(_GenericCipherSuite): 987 val = 0x1305 988 989 990 class SSL_CK_RC4_128_WITH_MD5(_GenericCipherSuite): 991 val = 0x010080 992 993 class SSL_CK_RC4_128_EXPORT40_WITH_MD5(_GenericCipherSuite): 994 val = 0x020080 995 996 class SSL_CK_RC2_128_CBC_WITH_MD5(_GenericCipherSuite): 997 val = 0x030080 998 999 class SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5(_GenericCipherSuite): 1000 val = 0x040080 1001 1002 class SSL_CK_IDEA_128_CBC_WITH_MD5(_GenericCipherSuite): 1003 val = 0x050080 1004 1005 class SSL_CK_DES_64_CBC_WITH_MD5(_GenericCipherSuite): 1006 val = 0x060040 1007 1008 class SSL_CK_DES_192_EDE3_CBC_WITH_MD5(_GenericCipherSuite): 1009 val = 0x0700C0 1010 1011 1012 _tls_cipher_suites[0x00ff] = "TLS_EMPTY_RENEGOTIATION_INFO_SCSV" 1013 _tls_cipher_suites[0x5600] = "TLS_FALLBACK_SCSV" 1014 1015 1016 1017 def get_usable_ciphersuites(l, kx): 1018 """ 1019 From a list of proposed ciphersuites, this function returns a list of 1020 usable cipher suites, i.e. for which key exchange, cipher and hash 1021 algorithms are known to be implemented and usable in current version of the 1022 TLS extension. The order of the cipher suites in the list returned by the 1023 function matches the one of the proposal. 1024 """ 1025 res = [] 1026 for c in l: 1027 if c in _tls_cipher_suites_cls: 1028 ciph = _tls_cipher_suites_cls[c] 1029 if ciph.usable: 1030 #XXX select among RSA and ECDSA cipher suites 1031 # according to the key(s) the server was given 1032 if ciph.kx_alg.anonymous or kx in ciph.kx_alg.name: 1033 res.append(c) 1034 return res 1035 1036
