1 /*
2 * Copyright (c) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "http_tls_config.h"
17
18 namespace OHOS::NetStack::Http {
19 struct CipherSuiteConvertor {
20 CipherSuite cipherSuite = CipherSuite::INVALID;
21 const char *innerName = nullptr;
22 const char *standardName = nullptr;
23 };
24
25 static constexpr const CipherSuiteConvertor CIPHER_SUITE_CONVERTOR[] = {
26 {
27 .cipherSuite = CipherSuite::TLS_AES_128_GCM_SHA256,
28 .innerName = "TLS_AES_128_GCM_SHA256",
29 .standardName = "TLS_AES_128_GCM_SHA256",
30 },
31 {
32 .cipherSuite = CipherSuite::TLS_AES_256_GCM_SHA384,
33 .innerName = "TLS_AES_256_GCM_SHA384",
34 .standardName = "TLS_AES_256_GCM_SHA384",
35 },
36 {
37 .cipherSuite = CipherSuite::TLS_CHACHA20_POLY1305_SHA256,
38 .innerName = "TLS_CHACHA20_POLY1305_SHA256",
39 .standardName = "TLS_CHACHA20_POLY1305_SHA256",
40 },
41 {
42 .cipherSuite = CipherSuite::TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
43 .innerName = "ECDHE-ECDSA-AES128-GCM-SHA256",
44 .standardName = "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
45 },
46 {
47 .cipherSuite = CipherSuite::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
48 .innerName = "ECDHE-RSA-AES128-GCM-SHA256",
49 .standardName = "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
50 },
51 {
52 .cipherSuite = CipherSuite::TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
53 .innerName = "ECDHE-ECDSA-AES256-GCM-SHA384",
54 .standardName = "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
55 },
56 {
57 .cipherSuite = CipherSuite::TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
58 .innerName = "ECDHE-RSA-AES256-GCM-SHA384",
59 .standardName = "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
60 },
61 {
62 .cipherSuite = CipherSuite::TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
63 .innerName = "ECDHE-ECDSA-CHACHA20-POLY1305",
64 .standardName = "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
65 },
66 {
67 .cipherSuite = CipherSuite::TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
68 .innerName = "ECDHE-RSA-CHACHA20-POLY1305",
69 .standardName = "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
70 },
71 {
72 .cipherSuite = CipherSuite::TLS_RSA_WITH_AES_128_GCM_SHA256,
73 .innerName = "AES128-GCM-SHA256",
74 .standardName = "TLS_RSA_WITH_AES_128_GCM_SHA256",
75 },
76 {
77 .cipherSuite = CipherSuite::TLS_RSA_WITH_AES_256_GCM_SHA384,
78 .innerName = "AES256-GCM-SHA384",
79 .standardName = "TLS_RSA_WITH_AES_256_GCM_SHA384",
80 },
81 {
82 .cipherSuite = CipherSuite::TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
83 .innerName = "ECDHE-ECDSA-AES128-SHA",
84 .standardName = "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
85 },
86 {
87 .cipherSuite = CipherSuite::TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
88 .innerName = "ECDHE-RSA-AES128-SHA",
89 .standardName = "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
90 },
91 {
92 .cipherSuite = CipherSuite::TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
93 .innerName = "ECDHE-ECDSA-AES256-SHA",
94 .standardName = "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
95 },
96 {
97 .cipherSuite = CipherSuite::TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
98 .innerName = "ECDHE-RSA-AES256-SHA",
99 .standardName = "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
100 },
101 {
102 .cipherSuite = CipherSuite::TLS_RSA_WITH_AES_128_CBC_SHA,
103 .innerName = "AES128-SHA",
104 .standardName = "TLS_RSA_WITH_AES_128_CBC_SHA",
105 },
106 {
107 .cipherSuite = CipherSuite::TLS_RSA_WITH_AES_256_CBC_SHA,
108 .innerName = "AES256-SHA",
109 .standardName = "TLS_RSA_WITH_AES_256_CBC_SHA",
110 },
111 {
112 .cipherSuite = CipherSuite::TLS_RSA_WITH_3DES_EDE_CBC_SHA,
113 .innerName = "DES-CBC3-SHA",
114 .standardName = "TLS_RSA_WITH_3DES_EDE_CBC_SHA",
115 },
116 };
117
GetTlsCipherSuiteFromStandardName(const std::string & standardName)118 CipherSuite GetTlsCipherSuiteFromStandardName(const std::string &standardName)
119 {
120 for (const auto &suite : CIPHER_SUITE_CONVERTOR) {
121 if (suite.standardName == standardName) {
122 return suite.cipherSuite;
123 }
124 }
125 return CipherSuite::INVALID;
126 }
127
GetInnerNameFromCipherSuite(CipherSuite cipherSuite)128 std::string GetInnerNameFromCipherSuite(CipherSuite cipherSuite)
129 {
130 for (const auto &suite : CIPHER_SUITE_CONVERTOR) {
131 if (suite.cipherSuite == cipherSuite) {
132 return suite.innerName;
133 }
134 }
135 return {};
136 }
137
IsTlsV13Cipher(const std::string & innerName)138 static bool IsTlsV13Cipher(const std::string &innerName)
139 {
140 return innerName == "TLS_AES_128_GCM_SHA256" || innerName == "TLS_AES_256_GCM_SHA384" ||
141 innerName == "TLS_CHACHA20_POLY1305_SHA256";
142 }
143
ConvertCipherSuiteToCipherString(const std::unordered_set<CipherSuite> & cipherSuite)144 TlsCipherString ConvertCipherSuiteToCipherString(const std::unordered_set<CipherSuite> &cipherSuite)
145 {
146 TlsCipherString cipherString;
147 for (const auto &cipher : cipherSuite) {
148 auto innerName = GetInnerNameFromCipherSuite(cipher);
149 if (innerName.empty()) {
150 continue;
151 }
152 if (IsTlsV13Cipher(innerName)) {
153 cipherString.tlsV13CiperSuiteString.append(innerName).append(":");
154 } else {
155 cipherString.ciperSuiteString.append(innerName).append(":");
156 }
157 }
158 if (!cipherString.tlsV13CiperSuiteString.empty()) {
159 cipherString.tlsV13CiperSuiteString.pop_back();
160 }
161 if (!cipherString.ciperSuiteString.empty()) {
162 cipherString.ciperSuiteString.pop_back();
163 }
164 return cipherString;
165 }
166
167 } // namespace OHOS::NetStack::Http