tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

sslenum.c (6109B)

      1 /*
      2 * Table enumerating all implemented cipher suites
      3 * Part of public API.
      4 *
      5 * This Source Code Form is subject to the terms of the Mozilla Public
      6 * License, v. 2.0. If a copy of the MPL was not distributed with this
      7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
      8 
      9 #include "ssl.h"
     10 #include "sslproto.h"
     11 
     12 /*
     13 * The ordering of cipher suites in this table must match the ordering in
     14 * the cipherSuites table in ssl3con.c.
     15 *
     16 * If new ECC cipher suites are added, also update the ssl3CipherSuite arrays
     17 * in ssl3ecc.c.
     18 *
     19 * Finally, update the ssl_V3_SUITES_IMPLEMENTED macro in sslimpl.h.
     20 *
     21 * The ordering is as follows:
     22 *    * No-encryption cipher suites last
     23 *    * Export/weak/obsolete cipher suites before no-encryption cipher suites
     24 *    * Order by key exchange algorithm: ECDHE, then DHE, then ECDH, RSA.
     25 *    * Within key agreement sections, prefer AEAD over non-AEAD cipher suites.
     26 *    * Within AEAD sections, order by symmetric encryption algorithm which
     27 *      integrates message authentication algorithm: AES-128-GCM, then
     28 *      ChaCha20-Poly1305, then AES-256-GCM,
     29 *    * Within non-AEAD sections, order by symmetric encryption algorithm:
     30 *      AES-128, then Camellia-128, then AES-256, then Camellia-256, then SEED,
     31 *      then FIPS-3DES, then 3DES, then RC4. AES is commonly accepted as a
     32 *      strong cipher internationally, and is often hardware-accelerated.
     33 *      Camellia also has wide international support across standards
     34 *      organizations. SEED is only recommended by the Korean government. 3DES
     35 *      only provides 112 bits of security. RC4 is now deprecated or forbidden
     36 *      by many standards organizations.
     37 *    * Within non-AEAD symmetric algorithm sections, order by message
     38 *      authentication algorithm: HMAC-SHA256, then HMAC-SHA384, then HMAC-SHA1,
     39 *      then HMAC-MD5.
     40 *    * Within symmetric algorithm sections, order by message authentication
     41 *      algorithm: GCM, then HMAC-SHA1, then HMAC-SHA256, then HMAC-MD5.
     42 *    * Within message authentication algorithm sections, order by asymmetric
     43 *      signature algorithm: ECDSA, then RSA, then DSS.
     44 *    * As a special case, the PSK ciphers, which are only enabled when
     45 *      TLS 1.3 PSK-resumption is in use, come first.
     46 *
     47 * Exception: Because some servers ignore the high-order byte of the cipher
     48 * suite ID, we must be careful about adding cipher suites with IDs larger
     49 * than 0x00ff; see bug 946147. For these broken servers, the first three
     50 * cipher suites, with the MSB zeroed, look like:
     51 *      TLS_RSA_WITH_AES_128_CBC_SHA { 0x00,0x2F }
     52 *      TLS_RSA_WITH_3DES_EDE_CBC_SHA { 0x00,0x0A }
     53 *      TLS_RSA_WITH_DES_CBC_SHA { 0x00,0x09 }
     54 * The broken server only supports the third and fourth ones and will select
     55 * the third one.
     56 */
     57 const PRUint16 SSL_ImplementedCiphers[] = {
     58    TLS_AES_128_GCM_SHA256,
     59    TLS_CHACHA20_POLY1305_SHA256,
     60    TLS_AES_256_GCM_SHA384,
     61 
     62    TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
     63    TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
     64    TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
     65    TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
     66    TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
     67    TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
     68    /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA must appear before
     69     * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA to work around bug 946147.
     70     */
     71    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
     72    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
     73    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
     74    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
     75    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
     76    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
     77    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
     78    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
     79    TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
     80    TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
     81    TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
     82    TLS_ECDHE_RSA_WITH_RC4_128_SHA,
     83 
     84    TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
     85    TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
     86    TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,
     87    TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
     88    TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,
     89    TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
     90    TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
     91    TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
     92    TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
     93    TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
     94    TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
     95    TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
     96    TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
     97    TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
     98    TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,
     99    TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
    100    TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
    101    TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
    102    TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
    103    TLS_DHE_DSS_WITH_RC4_128_SHA,
    104 
    105    TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
    106    TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
    107    TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
    108    TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
    109    TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
    110    TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
    111    TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
    112    TLS_ECDH_RSA_WITH_RC4_128_SHA,
    113 
    114    TLS_RSA_WITH_AES_128_GCM_SHA256,
    115    TLS_RSA_WITH_AES_256_GCM_SHA384,
    116    TLS_RSA_WITH_AES_128_CBC_SHA,
    117    TLS_RSA_WITH_AES_128_CBC_SHA256,
    118    TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
    119    TLS_RSA_WITH_AES_256_CBC_SHA,
    120    TLS_RSA_WITH_AES_256_CBC_SHA256,
    121    TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
    122    TLS_RSA_WITH_SEED_CBC_SHA,
    123    TLS_RSA_WITH_3DES_EDE_CBC_SHA,
    124    TLS_RSA_WITH_RC4_128_SHA,
    125    TLS_RSA_WITH_RC4_128_MD5,
    126 
    127    /* 56-bit DES "domestic" cipher suites */
    128    TLS_DHE_RSA_WITH_DES_CBC_SHA,
    129    TLS_DHE_DSS_WITH_DES_CBC_SHA,
    130    TLS_RSA_WITH_DES_CBC_SHA,
    131 
    132    /* ciphersuites with no encryption */
    133    TLS_ECDHE_ECDSA_WITH_NULL_SHA,
    134    TLS_ECDHE_RSA_WITH_NULL_SHA,
    135    TLS_ECDH_RSA_WITH_NULL_SHA,
    136    TLS_ECDH_ECDSA_WITH_NULL_SHA,
    137    TLS_RSA_WITH_NULL_SHA,
    138    TLS_RSA_WITH_NULL_SHA256,
    139    TLS_RSA_WITH_NULL_MD5,
    140 
    141    0
    142 };
    143 
    144 const PRUint16 SSL_NumImplementedCiphers =
    145    (sizeof SSL_ImplementedCiphers) / (sizeof SSL_ImplementedCiphers[0]) - 1;
    146 
    147 const PRUint16*
    148 SSL_GetImplementedCiphers(void)
    149 {
    150    return SSL_ImplementedCiphers;
    151 }
    152 
    153 PRUint16
    154 SSL_GetNumImplementedCiphers(void)
    155 {
    156    return SSL_NumImplementedCiphers;
    157 }