Home | History | Annotate | Download | only in ssl 
      1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef NET_SSL_SSL_CIPHER_SUITE_NAMES_H_
      6 #define NET_SSL_SSL_CIPHER_SUITE_NAMES_H_
      7 
      8 #include <string>
      9 
     10 #include "base/basictypes.h"
     11 #include "net/base/net_export.h"
     12 
     13 namespace net {
     14 
     15 // SSLCipherSuiteToStrings returns three strings for a given cipher suite
     16 // number, the name of the key exchange algorithm, the name of the cipher and
     17 // the name of the MAC. The cipher suite number is the number as sent on the
     18 // wire and recorded at
     19 // http://www.iana.org/assignments/tls-parameters/tls-parameters.xml
     20 // If the cipher suite is unknown, the strings are set to "???".
     21 // In the case of an AEAD cipher suite, *mac_str is NULL and *is_aead is true.
     22 NET_EXPORT void SSLCipherSuiteToStrings(const char** key_exchange_str,
     23                                         const char** cipher_str,
     24                                         const char** mac_str,
     25                                         bool* is_aead,
     26                                         uint16 cipher_suite);
     27 
     28 // SSLVersionToString returns the name of the SSL protocol version
     29 // specified by |ssl_version|, which is defined in
     30 // net/ssl/ssl_connection_status_flags.h.
     31 // If the version is unknown, |name| is set to "???".
     32 NET_EXPORT void SSLVersionToString(const char** name, int ssl_version);
     33 
     34 // Parses a string literal that represents a SSL/TLS cipher suite.
     35 //
     36 // Supported literal forms:
     37 //   0xAABB, where AA is cipher_suite[0] and BB is cipher_suite[1], as
     38 //     defined in RFC 2246, Section 7.4.1.2. Unrecognized but parsable cipher
     39 //     suites in this form will not return an error.
     40 //
     41 // Returns true if the cipher suite was successfully parsed, storing the
     42 // result in |cipher_suite|.
     43 //
     44 // TODO(rsleevi): Support the full strings defined in the IANA TLS parameters
     45 // list.
     46 NET_EXPORT bool ParseSSLCipherString(const std::string& cipher_string,
     47                                      uint16* cipher_suite);
     48 
     49 // |cipher_suite| is the IANA id for the cipher suite. What a "secure"
     50 // cipher suite is arbitrarily determined here. The intent is to indicate what
     51 // cipher suites meet modern security standards when backwards compatibility can
     52 // be ignored. Notably, HTTP/2 requires/encourages this sort of validation of
     53 // cipher suites: https://http2.github.io/http2-spec/#TLSUsage.
     54 //
     55 // Currently, this function follows these criteria:
     56 // 1) Only uses forward secure key exchanges
     57 // 2) Only uses AEADs
     58 NET_EXPORT_PRIVATE bool IsSecureTLSCipherSuite(uint16 cipher_suite);
     59 
     60 }  // namespace net
     61 
     62 #endif  // NET_SSL_SSL_CIPHER_SUITE_NAMES_H_
     63