1# SPDX-License-Identifier: GPL-2.0-only 2# This file is part of Scapy 3# See https://scapy.net/ for more information 4# Copyright (C) 2007, 2008, 2009 Arnaud Ebalard 5# 2015, 2016, 2017 Maxence Tury 6 7""" 8TLS cipher suites. 9 10A comprehensive list of specified cipher suites can be consulted at: 11https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml 12""" 13 14from scapy.layers.tls.crypto.kx_algs import _tls_kx_algs 15from scapy.layers.tls.crypto.hash import _tls_hash_algs 16from scapy.layers.tls.crypto.h_mac import _tls_hmac_algs 17from scapy.layers.tls.crypto.ciphers import _tls_cipher_algs 18 19 20def get_algs_from_ciphersuite_name(ciphersuite_name): 21 """ 22 Return the 3-tuple made of the Key Exchange Algorithm class, the Cipher 23 class and the HMAC class, through the parsing of the ciphersuite name. 24 """ 25 tls1_3 = False 26 if ciphersuite_name.startswith("TLS"): 27 s = ciphersuite_name[4:] 28 29 if s.endswith("CCM") or s.endswith("CCM_8"): 30 kx_name, s = s.split("_WITH_") 31 kx_alg = _tls_kx_algs.get(kx_name) 32 hash_alg = _tls_hash_algs.get("SHA256") 33 cipher_alg = _tls_cipher_algs.get(s) 34 hmac_alg = None 35 36 else: 37 if "WITH" in s: 38 kx_name, s = s.split("_WITH_") 39 kx_alg = _tls_kx_algs.get(kx_name) 40 else: 41 tls1_3 = True 42 kx_alg = _tls_kx_algs.get("TLS13") 43 44 hash_name = s.split('_')[-1] 45 hash_alg = _tls_hash_algs.get(hash_name) 46 47 cipher_name = s[:-(len(hash_name) + 1)] 48 if tls1_3: 49 cipher_name += "_TLS13" 50 cipher_alg = _tls_cipher_algs.get(cipher_name) 51 52 hmac_alg = None 53 if cipher_alg is not None and cipher_alg.type != "aead": 54 hmac_name = "HMAC-%s" % hash_name 55 hmac_alg = _tls_hmac_algs.get(hmac_name) 56 57 elif ciphersuite_name.startswith("SSL"): 58 s = ciphersuite_name[7:] 59 kx_alg = _tls_kx_algs.get("SSLv2") 60 cipher_name, hash_name = s.split("_WITH_") 61 cipher_alg = _tls_cipher_algs.get(cipher_name.rstrip("_EXPORT40")) 62 kx_alg.export = cipher_name.endswith("_EXPORT40") 63 hmac_alg = _tls_hmac_algs.get("HMAC-NULL") 64 hash_alg = _tls_hash_algs.get(hash_name) 65 66 return kx_alg, cipher_alg, hmac_alg, hash_alg, tls1_3 67 68 69_tls_cipher_suites = {} 70_tls_cipher_suites_cls = {} 71 72 73class _GenericCipherSuiteMetaclass(type): 74 """ 75 Cipher suite classes are automatically registered through this metaclass. 76 Their name attribute equates their respective class name. 77 78 We also pre-compute every expected length of the key block to be generated, 79 which may vary according to the current tls_version. The default is set to 80 the TLS 1.2 length, and the value should be set at class instantiation. 81 82 Regarding the AEAD cipher suites, note that the 'hmac_alg' attribute will 83 be set to None. Yet, we always need a 'hash_alg' for the PRF. 84 """ 85 def __new__(cls, cs_name, bases, dct): 86 cs_val = dct.get("val") 87 88 if cs_name != "_GenericCipherSuite": 89 kx, c, hm, h, tls1_3 = get_algs_from_ciphersuite_name(cs_name) 90 91 if c is None or h is None or (kx is None and not tls1_3): 92 dct["usable"] = False 93 else: 94 dct["usable"] = True 95 dct["name"] = cs_name 96 dct["kx_alg"] = kx 97 dct["cipher_alg"] = c 98 dct["hmac_alg"] = hm 99 dct["hash_alg"] = h 100 101 if not tls1_3: 102 kb_len = 2 * c.key_len 103 104 if c.type == "stream" or c.type == "block": 105 kb_len += 2 * hm.key_len 106 107 kb_len_v1_0 = kb_len 108 if c.type == "block": 109 kb_len_v1_0 += 2 * c.block_size 110 # no explicit IVs added for TLS 1.1+ 111 elif c.type == "aead": 112 kb_len_v1_0 += 2 * c.fixed_iv_len 113 kb_len += 2 * c.fixed_iv_len 114 115 dct["_key_block_len_v1_0"] = kb_len_v1_0 116 dct["key_block_len"] = kb_len 117 118 _tls_cipher_suites[cs_val] = cs_name 119 the_class = super(_GenericCipherSuiteMetaclass, cls).__new__(cls, 120 cs_name, 121 bases, 122 dct) 123 if cs_name != "_GenericCipherSuite": 124 _tls_cipher_suites_cls[cs_val] = the_class 125 return the_class 126 127 128class _GenericCipherSuite(metaclass=_GenericCipherSuiteMetaclass): 129 def __init__(self, tls_version=0x0303): 130 """ 131 Most of the attributes are fixed and have already been set by the 132 metaclass, but we still have to provide tls_version differentiation. 133 134 For now, the key_block_len remains the only application if this. 135 Indeed for TLS 1.1+, when using a block cipher, there are no implicit 136 IVs derived from the master secret. Note that an overlong key_block_len 137 would not affect the secret generation (the trailing bytes would 138 simply be discarded), but we still provide this for completeness. 139 """ 140 super(_GenericCipherSuite, self).__init__() 141 if tls_version <= 0x301: 142 self.key_block_len = self._key_block_len_v1_0 143 144 145class TLS_NULL_WITH_NULL_NULL(_GenericCipherSuite): 146 val = 0x0000 147 148 149class TLS_RSA_WITH_NULL_MD5(_GenericCipherSuite): 150 val = 0x0001 151 152 153class TLS_RSA_WITH_NULL_SHA(_GenericCipherSuite): 154 val = 0x0002 155 156 157class TLS_RSA_EXPORT_WITH_RC4_40_MD5(_GenericCipherSuite): 158 val = 0x0003 159 160 161class TLS_RSA_WITH_RC4_128_MD5(_GenericCipherSuite): 162 val = 0x0004 163 164 165class TLS_RSA_WITH_RC4_128_SHA(_GenericCipherSuite): 166 val = 0x0005 167 168 169class TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5(_GenericCipherSuite): 170 val = 0x0006 171 172 173class TLS_RSA_WITH_IDEA_CBC_SHA(_GenericCipherSuite): 174 val = 0x0007 175 176 177class TLS_RSA_EXPORT_WITH_DES40_CBC_SHA(_GenericCipherSuite): 178 val = 0x0008 179 180 181class TLS_RSA_WITH_DES_CBC_SHA(_GenericCipherSuite): 182 val = 0x0009 183 184 185class TLS_RSA_WITH_3DES_EDE_CBC_SHA(_GenericCipherSuite): 186 val = 0x000A 187 188 189class TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA(_GenericCipherSuite): 190 val = 0x000B 191 192 193class TLS_DH_DSS_WITH_DES_CBC_SHA(_GenericCipherSuite): 194 val = 0x000C 195 196 197class TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA(_GenericCipherSuite): 198 val = 0x000D 199 200 201class TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA(_GenericCipherSuite): 202 val = 0x000E 203 204 205class TLS_DH_RSA_WITH_DES_CBC_SHA(_GenericCipherSuite): 206 val = 0x000F 207 208 209class TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA(_GenericCipherSuite): 210 val = 0x0010 211 212 213class TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA(_GenericCipherSuite): 214 val = 0x0011 215 216 217class TLS_DHE_DSS_WITH_DES_CBC_SHA(_GenericCipherSuite): 218 val = 0x0012 219 220 221class TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA(_GenericCipherSuite): 222 val = 0x0013 223 224 225class TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA(_GenericCipherSuite): 226 val = 0x0014 227 228 229class TLS_DHE_RSA_WITH_DES_CBC_SHA(_GenericCipherSuite): 230 val = 0x0015 231 232 233class TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA(_GenericCipherSuite): 234 val = 0x0016 235 236 237class TLS_DH_anon_EXPORT_WITH_RC4_40_MD5(_GenericCipherSuite): 238 val = 0x0017 239 240 241class TLS_DH_anon_WITH_RC4_128_MD5(_GenericCipherSuite): 242 val = 0x0018 243 244 245class TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA(_GenericCipherSuite): 246 val = 0x0019 247 248 249class TLS_DH_anon_WITH_DES_CBC_SHA(_GenericCipherSuite): 250 val = 0x001A 251 252 253class TLS_DH_anon_WITH_3DES_EDE_CBC_SHA(_GenericCipherSuite): 254 val = 0x001B 255 256 257class TLS_KRB5_WITH_DES_CBC_SHA(_GenericCipherSuite): 258 val = 0x001E 259 260 261class TLS_KRB5_WITH_3DES_EDE_CBC_SHA(_GenericCipherSuite): 262 val = 0x001F 263 264 265class TLS_KRB5_WITH_RC4_128_SHA(_GenericCipherSuite): 266 val = 0x0020 267 268 269class TLS_KRB5_WITH_IDEA_CBC_SHA(_GenericCipherSuite): 270 val = 0x0021 271 272 273class TLS_KRB5_WITH_DES_CBC_MD5(_GenericCipherSuite): 274 val = 0x0022 275 276 277class TLS_KRB5_WITH_3DES_EDE_CBC_MD5(_GenericCipherSuite): 278 val = 0x0023 279 280 281class TLS_KRB5_WITH_RC4_128_MD5(_GenericCipherSuite): 282 val = 0x0024 283 284 285class TLS_KRB5_WITH_IDEA_CBC_MD5(_GenericCipherSuite): 286 val = 0x0025 287 288 289class TLS_KRB5_EXPORT_WITH_DES40_CBC_SHA(_GenericCipherSuite): 290 val = 0x0026 291 292 293class TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA(_GenericCipherSuite): 294 val = 0x0027 295 296 297class TLS_KRB5_EXPORT_WITH_RC4_40_SHA(_GenericCipherSuite): 298 val = 0x0028 299 300 301class TLS_KRB5_EXPORT_WITH_DES40_CBC_MD5(_GenericCipherSuite): 302 val = 0x0029 303 304 305class TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5(_GenericCipherSuite): 306 val = 0x002A 307 308 309class TLS_KRB5_EXPORT_WITH_RC4_40_MD5(_GenericCipherSuite): 310 val = 0x002B 311 312 313class TLS_PSK_WITH_NULL_SHA(_GenericCipherSuite): 314 val = 0x002C 315 316 317class TLS_DHE_PSK_WITH_NULL_SHA(_GenericCipherSuite): 318 val = 0x002D 319 320 321class TLS_RSA_PSK_WITH_NULL_SHA(_GenericCipherSuite): 322 val = 0x002E 323 324 325class TLS_RSA_WITH_AES_128_CBC_SHA(_GenericCipherSuite): 326 val = 0x002F 327 328 329class TLS_DH_DSS_WITH_AES_128_CBC_SHA(_GenericCipherSuite): 330 val = 0x0030 331 332 333class TLS_DH_RSA_WITH_AES_128_CBC_SHA(_GenericCipherSuite): 334 val = 0x0031 335 336 337class TLS_DHE_DSS_WITH_AES_128_CBC_SHA(_GenericCipherSuite): 338 val = 0x0032 339 340 341class TLS_DHE_RSA_WITH_AES_128_CBC_SHA(_GenericCipherSuite): 342 val = 0x0033 343 344 345class TLS_DH_anon_WITH_AES_128_CBC_SHA(_GenericCipherSuite): 346 val = 0x0034 347 348 349class TLS_RSA_WITH_AES_256_CBC_SHA(_GenericCipherSuite): 350 val = 0x0035 351 352 353class TLS_DH_DSS_WITH_AES_256_CBC_SHA(_GenericCipherSuite): 354 val = 0x0036 355 356 357class TLS_DH_RSA_WITH_AES_256_CBC_SHA(_GenericCipherSuite): 358 val = 0x0037 359 360 361class TLS_DHE_DSS_WITH_AES_256_CBC_SHA(_GenericCipherSuite): 362 val = 0x0038 363 364 365class TLS_DHE_RSA_WITH_AES_256_CBC_SHA(_GenericCipherSuite): 366 val = 0x0039 367 368 369class TLS_DH_anon_WITH_AES_256_CBC_SHA(_GenericCipherSuite): 370 val = 0x003A 371 372 373class TLS_RSA_WITH_NULL_SHA256(_GenericCipherSuite): 374 val = 0x003B 375 376 377class TLS_RSA_WITH_AES_128_CBC_SHA256(_GenericCipherSuite): 378 val = 0x003C 379 380 381class TLS_RSA_WITH_AES_256_CBC_SHA256(_GenericCipherSuite): 382 val = 0x003D 383 384 385class TLS_DH_DSS_WITH_AES_128_CBC_SHA256(_GenericCipherSuite): 386 val = 0x003E 387 388 389class TLS_DH_RSA_WITH_AES_128_CBC_SHA256(_GenericCipherSuite): 390 val = 0x003F 391 392 393class TLS_DHE_DSS_WITH_AES_128_CBC_SHA256(_GenericCipherSuite): 394 val = 0x0040 395 396 397class TLS_RSA_WITH_CAMELLIA_128_CBC_SHA(_GenericCipherSuite): 398 val = 0x0041 399 400 401class TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA(_GenericCipherSuite): 402 val = 0x0042 403 404 405class TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA(_GenericCipherSuite): 406 val = 0x0043 407 408 409class TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA(_GenericCipherSuite): 410 val = 0x0044 411 412 413class TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA(_GenericCipherSuite): 414 val = 0x0045 415 416 417class TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA(_GenericCipherSuite): 418 val = 0x0046 419 420 421class TLS_DHE_RSA_WITH_AES_128_CBC_SHA256(_GenericCipherSuite): 422 val = 0x0067 423 424 425class TLS_DH_DSS_WITH_AES_256_CBC_SHA256(_GenericCipherSuite): 426 val = 0x0068 427 428 429class TLS_DH_RSA_WITH_AES_256_CBC_SHA256(_GenericCipherSuite): 430 val = 0x0069 431 432 433class TLS_DHE_DSS_WITH_AES_256_CBC_SHA256(_GenericCipherSuite): 434 val = 0x006A 435 436 437class TLS_DHE_RSA_WITH_AES_256_CBC_SHA256(_GenericCipherSuite): 438 val = 0x006B 439 440 441class TLS_DH_anon_WITH_AES_128_CBC_SHA256(_GenericCipherSuite): 442 val = 0x006C 443 444 445class TLS_DH_anon_WITH_AES_256_CBC_SHA256(_GenericCipherSuite): 446 val = 0x006D 447 448 449class TLS_RSA_WITH_CAMELLIA_256_CBC_SHA(_GenericCipherSuite): 450 val = 0x0084 451 452 453class TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA(_GenericCipherSuite): 454 val = 0x0085 455 456 457class TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA(_GenericCipherSuite): 458 val = 0x0086 459 460 461class TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA(_GenericCipherSuite): 462 val = 0x0087 463 464 465class TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA(_GenericCipherSuite): 466 val = 0x0088 467 468 469class TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA(_GenericCipherSuite): 470 val = 0x0089 471 472 473class TLS_PSK_WITH_RC4_128_SHA(_GenericCipherSuite): 474 val = 0x008A 475 476 477class TLS_PSK_WITH_3DES_EDE_CBC_SHA(_GenericCipherSuite): 478 val = 0x008B 479 480 481class TLS_PSK_WITH_AES_128_CBC_SHA(_GenericCipherSuite): 482 val = 0x008C 483 484 485class TLS_PSK_WITH_AES_256_CBC_SHA(_GenericCipherSuite): 486 val = 0x008D 487 488 489class TLS_DHE_PSK_WITH_RC4_128_SHA(_GenericCipherSuite): 490 val = 0x008E 491 492 493class TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA(_GenericCipherSuite): 494 val = 0x008F 495 496 497class TLS_DHE_PSK_WITH_AES_128_CBC_SHA(_GenericCipherSuite): 498 val = 0x0090 499 500 501class TLS_DHE_PSK_WITH_AES_256_CBC_SHA(_GenericCipherSuite): 502 val = 0x0091 503 504 505class TLS_RSA_PSK_WITH_RC4_128_SHA(_GenericCipherSuite): 506 val = 0x0092 507 508 509class TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA(_GenericCipherSuite): 510 val = 0x0093 511 512 513class TLS_RSA_PSK_WITH_AES_128_CBC_SHA(_GenericCipherSuite): 514 val = 0x0094 515 516 517class TLS_RSA_PSK_WITH_AES_256_CBC_SHA(_GenericCipherSuite): 518 val = 0x0095 519 520 521class TLS_RSA_WITH_SEED_CBC_SHA(_GenericCipherSuite): 522 val = 0x0096 523 524 525class TLS_DH_DSS_WITH_SEED_CBC_SHA(_GenericCipherSuite): 526 val = 0x0097 527 528 529class TLS_DH_RSA_WITH_SEED_CBC_SHA(_GenericCipherSuite): 530 val = 0x0098 531 532 533class TLS_DHE_DSS_WITH_SEED_CBC_SHA(_GenericCipherSuite): 534 val = 0x0099 535 536 537class TLS_DHE_RSA_WITH_SEED_CBC_SHA(_GenericCipherSuite): 538 val = 0x009A 539 540 541class TLS_DH_anon_WITH_SEED_CBC_SHA(_GenericCipherSuite): 542 val = 0x009B 543 544 545class TLS_RSA_WITH_AES_128_GCM_SHA256(_GenericCipherSuite): 546 val = 0x009C 547 548 549class TLS_RSA_WITH_AES_256_GCM_SHA384(_GenericCipherSuite): 550 val = 0x009D 551 552 553class TLS_DHE_RSA_WITH_AES_128_GCM_SHA256(_GenericCipherSuite): 554 val = 0x009E 555 556 557class TLS_DHE_RSA_WITH_AES_256_GCM_SHA384(_GenericCipherSuite): 558 val = 0x009F 559 560 561class TLS_DH_RSA_WITH_AES_128_GCM_SHA256(_GenericCipherSuite): 562 val = 0x00A0 563 564 565class TLS_DH_RSA_WITH_AES_256_GCM_SHA384(_GenericCipherSuite): 566 val = 0x00A1 567 568 569class TLS_DHE_DSS_WITH_AES_128_GCM_SHA256(_GenericCipherSuite): 570 val = 0x00A2 571 572 573class TLS_DHE_DSS_WITH_AES_256_GCM_SHA384(_GenericCipherSuite): 574 val = 0x00A3 575 576 577class TLS_DH_DSS_WITH_AES_128_GCM_SHA256(_GenericCipherSuite): 578 val = 0x00A4 579 580 581class TLS_DH_DSS_WITH_AES_256_GCM_SHA384(_GenericCipherSuite): 582 val = 0x00A5 583 584 585class TLS_DH_anon_WITH_AES_128_GCM_SHA256(_GenericCipherSuite): 586 val = 0x00A6 587 588 589class TLS_DH_anon_WITH_AES_256_GCM_SHA384(_GenericCipherSuite): 590 val = 0x00A7 591 592 593class TLS_PSK_WITH_AES_128_GCM_SHA256(_GenericCipherSuite): 594 val = 0x00A8 595 596 597class TLS_PSK_WITH_AES_256_GCM_SHA384(_GenericCipherSuite): 598 val = 0x00A9 599 600 601class TLS_DHE_PSK_WITH_AES_128_GCM_SHA256(_GenericCipherSuite): 602 val = 0x00AA 603 604 605class TLS_DHE_PSK_WITH_AES_256_GCM_SHA384(_GenericCipherSuite): 606 val = 0x00AB 607 608 609class TLS_RSA_PSK_WITH_AES_128_GCM_SHA256(_GenericCipherSuite): 610 val = 0x00AC 611 612 613class TLS_RSA_PSK_WITH_AES_256_GCM_SHA384(_GenericCipherSuite): 614 val = 0x00AD 615 616 617class TLS_PSK_WITH_AES_128_CBC_SHA256(_GenericCipherSuite): 618 val = 0x00AE 619 620 621class TLS_PSK_WITH_AES_256_CBC_SHA384(_GenericCipherSuite): 622 val = 0x00AF 623 624 625class TLS_PSK_WITH_NULL_SHA256(_GenericCipherSuite): 626 val = 0x00B0 627 628 629class TLS_PSK_WITH_NULL_SHA384(_GenericCipherSuite): 630 val = 0x00B1 631 632 633class TLS_DHE_PSK_WITH_AES_128_CBC_SHA256(_GenericCipherSuite): 634 val = 0x00B2 635 636 637class TLS_DHE_PSK_WITH_AES_256_CBC_SHA384(_GenericCipherSuite): 638 val = 0x00B3 639 640 641class TLS_DHE_PSK_WITH_NULL_SHA256(_GenericCipherSuite): 642 val = 0x00B4 643 644 645class TLS_DHE_PSK_WITH_NULL_SHA384(_GenericCipherSuite): 646 val = 0x00B5 647 648 649class TLS_RSA_PSK_WITH_AES_128_CBC_SHA256(_GenericCipherSuite): 650 val = 0x00B6 651 652 653class TLS_RSA_PSK_WITH_AES_256_CBC_SHA384(_GenericCipherSuite): 654 val = 0x00B7 655 656 657class TLS_RSA_PSK_WITH_NULL_SHA256(_GenericCipherSuite): 658 val = 0x00B8 659 660 661class TLS_RSA_PSK_WITH_NULL_SHA384(_GenericCipherSuite): 662 val = 0x00B9 663 664 665class TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256(_GenericCipherSuite): 666 val = 0x00BA 667 668 669class TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256(_GenericCipherSuite): 670 val = 0x00BB 671 672 673class TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256(_GenericCipherSuite): 674 val = 0x00BC 675 676 677class TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256(_GenericCipherSuite): 678 val = 0x00BD 679 680 681class TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256(_GenericCipherSuite): 682 val = 0x00BE 683 684 685class TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256(_GenericCipherSuite): 686 val = 0x00BF 687 688 689class TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256(_GenericCipherSuite): 690 val = 0x00C0 691 692 693class TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256(_GenericCipherSuite): 694 val = 0x00C1 695 696 697class TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256(_GenericCipherSuite): 698 val = 0x00C2 699 700 701class TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256(_GenericCipherSuite): 702 val = 0x00C3 703 704 705class TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256(_GenericCipherSuite): 706 val = 0x00C4 707 708 709class TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256(_GenericCipherSuite): 710 val = 0x00C5 711 712# class TLS_EMPTY_RENEGOTIATION_INFO_CSV(_GenericCipherSuite): 713# val = 0x00FF 714 715# class TLS_FALLBACK_SCSV(_GenericCipherSuite): 716# val = 0x5600 717 718 719class TLS_ECDH_ECDSA_WITH_NULL_SHA(_GenericCipherSuite): 720 val = 0xC001 721 722 723class TLS_ECDH_ECDSA_WITH_RC4_128_SHA(_GenericCipherSuite): 724 val = 0xC002 725 726 727class TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA(_GenericCipherSuite): 728 val = 0xC003 729 730 731class TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA(_GenericCipherSuite): 732 val = 0xC004 733 734 735class TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA(_GenericCipherSuite): 736 val = 0xC005 737 738 739class TLS_ECDHE_ECDSA_WITH_NULL_SHA(_GenericCipherSuite): 740 val = 0xC006 741 742 743class TLS_ECDHE_ECDSA_WITH_RC4_128_SHA(_GenericCipherSuite): 744 val = 0xC007 745 746 747class TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA(_GenericCipherSuite): 748 val = 0xC008 749 750 751class TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA(_GenericCipherSuite): 752 val = 0xC009 753 754 755class TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA(_GenericCipherSuite): 756 val = 0xC00A 757 758 759class TLS_ECDH_RSA_WITH_NULL_SHA(_GenericCipherSuite): 760 val = 0xC00B 761 762 763class TLS_ECDH_RSA_WITH_RC4_128_SHA(_GenericCipherSuite): 764 val = 0xC00C 765 766 767class TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA(_GenericCipherSuite): 768 val = 0xC00D 769 770 771class TLS_ECDH_RSA_WITH_AES_128_CBC_SHA(_GenericCipherSuite): 772 val = 0xC00E 773 774 775class TLS_ECDH_RSA_WITH_AES_256_CBC_SHA(_GenericCipherSuite): 776 val = 0xC00F 777 778 779class TLS_ECDHE_RSA_WITH_NULL_SHA(_GenericCipherSuite): 780 val = 0xC010 781 782 783class TLS_ECDHE_RSA_WITH_RC4_128_SHA(_GenericCipherSuite): 784 val = 0xC011 785 786 787class TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA(_GenericCipherSuite): 788 val = 0xC012 789 790 791class TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(_GenericCipherSuite): 792 val = 0xC013 793 794 795class TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(_GenericCipherSuite): 796 val = 0xC014 797 798 799class TLS_ECDH_anon_WITH_NULL_SHA(_GenericCipherSuite): 800 val = 0xC015 801 802 803class TLS_ECDH_anon_WITH_RC4_128_SHA(_GenericCipherSuite): 804 val = 0xC016 805 806 807class TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA(_GenericCipherSuite): 808 val = 0xC017 809 810 811class TLS_ECDH_anon_WITH_AES_128_CBC_SHA(_GenericCipherSuite): 812 val = 0xC018 813 814 815class TLS_ECDH_anon_WITH_AES_256_CBC_SHA(_GenericCipherSuite): 816 val = 0xC019 817 818 819class TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA(_GenericCipherSuite): 820 val = 0xC01A 821 822 823class TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA(_GenericCipherSuite): 824 val = 0xC01B 825 826 827class TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA(_GenericCipherSuite): 828 val = 0xC01C 829 830 831class TLS_SRP_SHA_WITH_AES_128_CBC_SHA(_GenericCipherSuite): 832 val = 0xC01D 833 834 835class TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA(_GenericCipherSuite): 836 val = 0xC01E 837 838 839class TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA(_GenericCipherSuite): 840 val = 0xC01F 841 842 843class TLS_SRP_SHA_WITH_AES_256_CBC_SHA(_GenericCipherSuite): 844 val = 0xC020 845 846 847class TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA(_GenericCipherSuite): 848 val = 0xC021 849 850 851class TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA(_GenericCipherSuite): 852 val = 0xC022 853 854 855class TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256(_GenericCipherSuite): 856 val = 0xC023 857 858 859class TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384(_GenericCipherSuite): 860 val = 0xC024 861 862 863class TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256(_GenericCipherSuite): 864 val = 0xC025 865 866 867class TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384(_GenericCipherSuite): 868 val = 0xC026 869 870 871class TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256(_GenericCipherSuite): 872 val = 0xC027 873 874 875class TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384(_GenericCipherSuite): 876 val = 0xC028 877 878 879class TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256(_GenericCipherSuite): 880 val = 0xC029 881 882 883class TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384(_GenericCipherSuite): 884 val = 0xC02A 885 886 887class TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(_GenericCipherSuite): 888 val = 0xC02B 889 890 891class TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384(_GenericCipherSuite): 892 val = 0xC02C 893 894 895class TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256(_GenericCipherSuite): 896 val = 0xC02D 897 898 899class TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384(_GenericCipherSuite): 900 val = 0xC02E 901 902 903class TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(_GenericCipherSuite): 904 val = 0xC02F 905 906 907class TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(_GenericCipherSuite): 908 val = 0xC030 909 910 911class TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256(_GenericCipherSuite): 912 val = 0xC031 913 914 915class TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384(_GenericCipherSuite): 916 val = 0xC032 917 918 919class TLS_ECDHE_PSK_WITH_RC4_128_SHA(_GenericCipherSuite): 920 val = 0xC033 921 922 923class TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA(_GenericCipherSuite): 924 val = 0xC034 925 926 927class TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA(_GenericCipherSuite): 928 val = 0xC035 929 930 931class TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA(_GenericCipherSuite): 932 val = 0xC036 933 934 935class TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256(_GenericCipherSuite): 936 val = 0xC037 937 938 939class TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384(_GenericCipherSuite): 940 val = 0xC038 941 942 943class TLS_ECDHE_PSK_WITH_NULL_SHA(_GenericCipherSuite): 944 val = 0xC039 945 946 947class TLS_ECDHE_PSK_WITH_NULL_SHA256(_GenericCipherSuite): 948 val = 0xC03A 949 950 951class TLS_ECDHE_PSK_WITH_NULL_SHA384(_GenericCipherSuite): 952 val = 0xC03B 953 954# suites 0xC03C-C071 use ARIA 955 956 957class TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256(_GenericCipherSuite): 958 val = 0xC072 959 960 961class TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384(_GenericCipherSuite): 962 val = 0xC073 963 964 965class TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256(_GenericCipherSuite): 966 val = 0xC074 967 968 969class TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384(_GenericCipherSuite): 970 val = 0xC075 971 972 973class TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256(_GenericCipherSuite): 974 val = 0xC076 975 976 977class TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384(_GenericCipherSuite): 978 val = 0xC077 979 980 981class TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256(_GenericCipherSuite): 982 val = 0xC078 983 984 985class TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384(_GenericCipherSuite): 986 val = 0xC079 987 988 989class TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256(_GenericCipherSuite): 990 val = 0xC07A 991 992 993class TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384(_GenericCipherSuite): 994 val = 0xC07B 995 996 997class TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256(_GenericCipherSuite): 998 val = 0xC07C 999 1000 1001class TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384(_GenericCipherSuite): 1002 val = 0xC07D 1003 1004 1005class TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256(_GenericCipherSuite): 1006 val = 0xC07E 1007 1008 1009class TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384(_GenericCipherSuite): 1010 val = 0xC07F 1011 1012 1013class TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256(_GenericCipherSuite): 1014 val = 0xC080 1015 1016 1017class TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384(_GenericCipherSuite): 1018 val = 0xC081 1019 1020 1021class TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256(_GenericCipherSuite): 1022 val = 0xC082 1023 1024 1025class TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384(_GenericCipherSuite): 1026 val = 0xC083 1027 1028 1029class TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256(_GenericCipherSuite): 1030 val = 0xC084 1031 1032 1033class TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384(_GenericCipherSuite): 1034 val = 0xC085 1035 1036 1037class TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256(_GenericCipherSuite): 1038 val = 0xC086 1039 1040 1041class TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384(_GenericCipherSuite): 1042 val = 0xC087 1043 1044 1045class TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256(_GenericCipherSuite): 1046 val = 0xC088 1047 1048 1049class TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384(_GenericCipherSuite): 1050 val = 0xC089 1051 1052 1053class TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256(_GenericCipherSuite): 1054 val = 0xC08A 1055 1056 1057class TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384(_GenericCipherSuite): 1058 val = 0xC08B 1059 1060 1061class TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256(_GenericCipherSuite): 1062 val = 0xC08C 1063 1064 1065class TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384(_GenericCipherSuite): 1066 val = 0xC08D 1067 1068 1069class TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256(_GenericCipherSuite): 1070 val = 0xC08E 1071 1072 1073class TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384(_GenericCipherSuite): 1074 val = 0xC08F 1075 1076 1077class TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256(_GenericCipherSuite): 1078 val = 0xC090 1079 1080 1081class TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384(_GenericCipherSuite): 1082 val = 0xC091 1083 1084 1085class TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256(_GenericCipherSuite): 1086 val = 0xC092 1087 1088 1089class TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384(_GenericCipherSuite): 1090 val = 0xC093 1091 1092 1093class TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256(_GenericCipherSuite): 1094 val = 0xC094 1095 1096 1097class TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384(_GenericCipherSuite): 1098 val = 0xC095 1099 1100 1101class TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256(_GenericCipherSuite): 1102 val = 0xC096 1103 1104 1105class TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384(_GenericCipherSuite): 1106 val = 0xC097 1107 1108 1109class TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256(_GenericCipherSuite): 1110 val = 0xC098 1111 1112 1113class TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384(_GenericCipherSuite): 1114 val = 0xC099 1115 1116 1117class TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256(_GenericCipherSuite): 1118 val = 0xC09A 1119 1120 1121class TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384(_GenericCipherSuite): 1122 val = 0xC09B 1123 1124 1125class TLS_RSA_WITH_AES_128_CCM(_GenericCipherSuite): 1126 val = 0xC09C 1127 1128 1129class TLS_RSA_WITH_AES_256_CCM(_GenericCipherSuite): 1130 val = 0xC09D 1131 1132 1133class TLS_DHE_RSA_WITH_AES_128_CCM(_GenericCipherSuite): 1134 val = 0xC09E 1135 1136 1137class TLS_DHE_RSA_WITH_AES_256_CCM(_GenericCipherSuite): 1138 val = 0xC09F 1139 1140 1141class TLS_RSA_WITH_AES_128_CCM_8(_GenericCipherSuite): 1142 val = 0xC0A0 1143 1144 1145class TLS_RSA_WITH_AES_256_CCM_8(_GenericCipherSuite): 1146 val = 0xC0A1 1147 1148 1149class TLS_DHE_RSA_WITH_AES_128_CCM_8(_GenericCipherSuite): 1150 val = 0xC0A2 1151 1152 1153class TLS_DHE_RSA_WITH_AES_256_CCM_8(_GenericCipherSuite): 1154 val = 0xC0A3 1155 1156 1157class TLS_PSK_WITH_AES_128_CCM(_GenericCipherSuite): 1158 val = 0xC0A4 1159 1160 1161class TLS_PSK_WITH_AES_256_CCM(_GenericCipherSuite): 1162 val = 0xC0A5 1163 1164 1165class TLS_DHE_PSK_WITH_AES_128_CCM(_GenericCipherSuite): 1166 val = 0xC0A6 1167 1168 1169class TLS_DHE_PSK_WITH_AES_256_CCM(_GenericCipherSuite): 1170 val = 0xC0A7 1171 1172 1173class TLS_PSK_WITH_AES_128_CCM_8(_GenericCipherSuite): 1174 val = 0xC0A8 1175 1176 1177class TLS_PSK_WITH_AES_256_CCM_8(_GenericCipherSuite): 1178 val = 0xC0A9 1179 1180 1181class TLS_DHE_PSK_WITH_AES_128_CCM_8(_GenericCipherSuite): 1182 val = 0xC0AA 1183 1184 1185class TLS_DHE_PSK_WITH_AES_256_CCM_8(_GenericCipherSuite): 1186 val = 0xC0AB 1187 1188 1189class TLS_ECDHE_ECDSA_WITH_AES_128_CCM(_GenericCipherSuite): 1190 val = 0xC0AC 1191 1192 1193class TLS_ECDHE_ECDSA_WITH_AES_256_CCM(_GenericCipherSuite): 1194 val = 0xC0AD 1195 1196 1197class TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8(_GenericCipherSuite): 1198 val = 0xC0AE 1199 1200 1201class TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8(_GenericCipherSuite): 1202 val = 0xC0AF 1203 1204# the next 3 suites are from draft-agl-tls-chacha20poly1305-04 1205 1206 1207class TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD(_GenericCipherSuite): 1208 val = 0xCC13 1209 1210 1211class TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256_OLD(_GenericCipherSuite): 1212 val = 0xCC14 1213 1214 1215class TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD(_GenericCipherSuite): 1216 val = 0xCC15 1217 1218 1219class TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256(_GenericCipherSuite): 1220 val = 0xCCA8 1221 1222 1223class TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256(_GenericCipherSuite): 1224 val = 0xCCA9 1225 1226 1227class TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256(_GenericCipherSuite): 1228 val = 0xCCAA 1229 1230 1231class TLS_PSK_WITH_CHACHA20_POLY1305_SHA256(_GenericCipherSuite): 1232 val = 0xCCAB 1233 1234 1235class TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256(_GenericCipherSuite): 1236 val = 0xCCAC 1237 1238 1239class TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256(_GenericCipherSuite): 1240 val = 0xCCAD 1241 1242 1243class TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256(_GenericCipherSuite): 1244 val = 0xCCAE 1245 1246 1247class TLS_AES_128_GCM_SHA256(_GenericCipherSuite): 1248 val = 0x1301 1249 1250 1251class TLS_AES_256_GCM_SHA384(_GenericCipherSuite): 1252 val = 0x1302 1253 1254 1255class TLS_CHACHA20_POLY1305_SHA256(_GenericCipherSuite): 1256 val = 0x1303 1257 1258 1259class TLS_AES_128_CCM_SHA256(_GenericCipherSuite): 1260 val = 0x1304 1261 1262 1263class TLS_AES_128_CCM_8_SHA256(_GenericCipherSuite): 1264 val = 0x1305 1265 1266 1267class SSL_CK_RC4_128_WITH_MD5(_GenericCipherSuite): 1268 val = 0x010080 1269 1270 1271class SSL_CK_RC4_128_EXPORT40_WITH_MD5(_GenericCipherSuite): 1272 val = 0x020080 1273 1274 1275class SSL_CK_RC2_128_CBC_WITH_MD5(_GenericCipherSuite): 1276 val = 0x030080 1277 1278 1279class SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5(_GenericCipherSuite): 1280 val = 0x040080 1281 1282 1283class SSL_CK_IDEA_128_CBC_WITH_MD5(_GenericCipherSuite): 1284 val = 0x050080 1285 1286 1287class SSL_CK_DES_64_CBC_WITH_MD5(_GenericCipherSuite): 1288 val = 0x060040 1289 1290 1291class SSL_CK_DES_192_EDE3_CBC_WITH_MD5(_GenericCipherSuite): 1292 val = 0x0700C0 1293 1294 1295_tls_cipher_suites[0x00ff] = "TLS_EMPTY_RENEGOTIATION_INFO_SCSV" 1296_tls_cipher_suites[0x5600] = "TLS_FALLBACK_SCSV" 1297 1298 1299def get_usable_ciphersuites(li, kx): 1300 """ 1301 From a list of proposed ciphersuites, this function returns a list of 1302 usable cipher suites, i.e. for which key exchange, cipher and hash 1303 algorithms are known to be implemented and usable in current version of the 1304 TLS extension. The order of the cipher suites in the list returned by the 1305 function matches the one of the proposal. 1306 """ 1307 res = [] 1308 for c in li: 1309 if c in _tls_cipher_suites_cls: 1310 cipher = _tls_cipher_suites_cls[c] 1311 if cipher.usable: 1312 # XXX select among RSA and ECDSA cipher suites 1313 # according to the key(s) the server was given 1314 if (cipher.kx_alg.anonymous or 1315 kx in cipher.kx_alg.name or 1316 cipher.kx_alg.name == "TLS13"): 1317 res.append(c) 1318 return res 1319