## This file is part of Scapy ## Copyright (C) 2007, 2008, 2009 Arnaud Ebalard ## 2015, 2016, 2017 Maxence Tury ## This program is published under a GPLv2 license """ TLS cipher suites. A comprehensive list of specified cipher suites can be consulted at: https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml """ from __future__ import absolute_import from scapy.layers.tls.crypto.kx_algs import _tls_kx_algs from scapy.layers.tls.crypto.hash import _tls_hash_algs from scapy.layers.tls.crypto.h_mac import _tls_hmac_algs from scapy.layers.tls.crypto.ciphers import _tls_cipher_algs import scapy.modules.six as six def get_algs_from_ciphersuite_name(ciphersuite_name): """ Return the 3-tuple made of the Key Exchange Algorithm class, the Cipher class and the HMAC class, through the parsing of the ciphersuite name. """ tls1_3 = False if ciphersuite_name.startswith("TLS"): s = ciphersuite_name[4:] if s.endswith("CCM") or s.endswith("CCM_8"): kx_name, s = s.split("_WITH_") kx_alg = _tls_kx_algs.get(kx_name) hash_alg = _tls_hash_algs.get("SHA256") cipher_alg = _tls_cipher_algs.get(s) hmac_alg = None else: if "WITH" in s: kx_name, s = s.split("_WITH_") kx_alg = _tls_kx_algs.get(kx_name) else: tls1_3 = True kx_alg = _tls_kx_algs.get("TLS13") hash_name = s.split('_')[-1] hash_alg = _tls_hash_algs.get(hash_name) cipher_name = s[:-(len(hash_name) + 1)] if tls1_3: cipher_name += "_TLS13" cipher_alg = _tls_cipher_algs.get(cipher_name) hmac_alg = None if cipher_alg is not None and cipher_alg.type != "aead": hmac_name = "HMAC-%s" % hash_name hmac_alg = _tls_hmac_algs.get(hmac_name) elif ciphersuite_name.startswith("SSL"): s = ciphersuite_name[7:] kx_alg = _tls_kx_algs.get("SSLv2") cipher_name, hash_name = s.split("_WITH_") cipher_alg = _tls_cipher_algs.get(cipher_name.rstrip("_EXPORT40")) kx_alg.export = cipher_name.endswith("_EXPORT40") hmac_alg = _tls_hmac_algs.get("HMAC-NULL") hash_alg = _tls_hash_algs.get(hash_name) return kx_alg, cipher_alg, hmac_alg, hash_alg, tls1_3 _tls_cipher_suites = {} _tls_cipher_suites_cls = {} class _GenericCipherSuiteMetaclass(type): """ Cipher suite classes are automatically registered through this metaclass. Their name attribute equates their respective class name. We also pre-compute every expected length of the key block to be generated, which may vary according to the current tls_version. The default is set to the TLS 1.2 length, and the value should be set at class instantiation. Regarding the AEAD cipher suites, note that the 'hmac_alg' attribute will be set to None. Yet, we always need a 'hash_alg' for the PRF. """ def __new__(cls, cs_name, bases, dct): cs_val = dct.get("val") if cs_name != "_GenericCipherSuite": kx, c, hm, h, tls1_3 = get_algs_from_ciphersuite_name(cs_name) if c is None or h is None or (kx is None and not tls1_3): dct["usable"] = False else: dct["usable"] = True dct["name"] = cs_name dct["kx_alg"] = kx dct["cipher_alg"] = c dct["hmac_alg"] = hm dct["hash_alg"] = h if not tls1_3: kb_len = 2*c.key_len if c.type == "stream" or c.type == "block": kb_len += 2*hm.key_len kb_len_v1_0 = kb_len if c.type == "block": kb_len_v1_0 += 2*c.block_size # no explicit IVs added for TLS 1.1+ elif c.type == "aead": kb_len_v1_0 += 2*c.fixed_iv_len kb_len += 2*c.fixed_iv_len dct["_key_block_len_v1_0"] = kb_len_v1_0 dct["key_block_len"] = kb_len _tls_cipher_suites[cs_val] = cs_name the_class = super(_GenericCipherSuiteMetaclass, cls).__new__(cls, cs_name, bases, dct) if cs_name != "_GenericCipherSuite": _tls_cipher_suites_cls[cs_val] = the_class return the_class class _GenericCipherSuite(six.with_metaclass(_GenericCipherSuiteMetaclass, object)): def __init__(self, tls_version=0x0303): """ Most of the attributes are fixed and have already been set by the metaclass, but we still have to provide tls_version differentiation. For now, the key_block_len remains the only application if this. Indeed for TLS 1.1+, when using a block cipher, there are no implicit IVs derived from the master secret. Note that an overlong key_block_len would not affect the secret generation (the trailing bytes would simply be discarded), but we still provide this for completeness. """ super(_GenericCipherSuite, self).__init__() if tls_version <= 0x301: self.key_block_len = self._key_block_len_v1_0 class TLS_NULL_WITH_NULL_NULL(_GenericCipherSuite): val = 0x0000 class TLS_RSA_WITH_NULL_MD5(_GenericCipherSuite): val = 0x0001 class TLS_RSA_WITH_NULL_SHA(_GenericCipherSuite): val = 0x0002 class TLS_RSA_EXPORT_WITH_RC4_40_MD5(_GenericCipherSuite): val = 0x0003 class TLS_RSA_WITH_RC4_128_MD5(_GenericCipherSuite): val = 0x0004 class TLS_RSA_WITH_RC4_128_SHA(_GenericCipherSuite): val = 0x0005 class TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5(_GenericCipherSuite): val = 0x0006 class TLS_RSA_WITH_IDEA_CBC_SHA(_GenericCipherSuite): val = 0x0007 class TLS_RSA_EXPORT_WITH_DES40_CBC_SHA(_GenericCipherSuite): val = 0x0008 class TLS_RSA_WITH_DES_CBC_SHA(_GenericCipherSuite): val = 0x0009 class TLS_RSA_WITH_3DES_EDE_CBC_SHA(_GenericCipherSuite): val = 0x000A class TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA(_GenericCipherSuite): val = 0x000B class TLS_DH_DSS_WITH_DES_CBC_SHA(_GenericCipherSuite): val = 0x000C class TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA(_GenericCipherSuite): val = 0x000D class TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA(_GenericCipherSuite): val = 0x000E class TLS_DH_RSA_WITH_DES_CBC_SHA(_GenericCipherSuite): val = 0x000F class TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA(_GenericCipherSuite): val = 0x0010 class TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA(_GenericCipherSuite): val = 0x0011 class TLS_DHE_DSS_WITH_DES_CBC_SHA(_GenericCipherSuite): val = 0x0012 class TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA(_GenericCipherSuite): val = 0x0013 class TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA(_GenericCipherSuite): val = 0x0014 class TLS_DHE_RSA_WITH_DES_CBC_SHA(_GenericCipherSuite): val = 0x0015 class TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA(_GenericCipherSuite): val = 0x0016 class TLS_DH_anon_EXPORT_WITH_RC4_40_MD5(_GenericCipherSuite): val = 0x0017 class TLS_DH_anon_WITH_RC4_128_MD5(_GenericCipherSuite): val = 0x0018 class TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA(_GenericCipherSuite): val = 0x0019 class TLS_DH_anon_WITH_DES_CBC_SHA(_GenericCipherSuite): val = 0x001A class TLS_DH_anon_WITH_3DES_EDE_CBC_SHA(_GenericCipherSuite): val = 0x001B class TLS_KRB5_WITH_DES_CBC_SHA(_GenericCipherSuite): val = 0x001E class TLS_KRB5_WITH_3DES_EDE_CBC_SHA(_GenericCipherSuite): val = 0x001F class TLS_KRB5_WITH_RC4_128_SHA(_GenericCipherSuite): val = 0x0020 class TLS_KRB5_WITH_IDEA_CBC_SHA(_GenericCipherSuite): val = 0x0021 class TLS_KRB5_WITH_DES_CBC_MD5(_GenericCipherSuite): val = 0x0022 class TLS_KRB5_WITH_3DES_EDE_CBC_MD5(_GenericCipherSuite): val = 0x0023 class TLS_KRB5_WITH_RC4_128_MD5(_GenericCipherSuite): val = 0x0024 class TLS_KRB5_WITH_IDEA_CBC_MD5(_GenericCipherSuite): val = 0x0025 class TLS_KRB5_EXPORT_WITH_DES40_CBC_SHA(_GenericCipherSuite): val = 0x0026 class TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA(_GenericCipherSuite): val = 0x0027 class TLS_KRB5_EXPORT_WITH_RC4_40_SHA(_GenericCipherSuite): val = 0x0028 class TLS_KRB5_EXPORT_WITH_DES40_CBC_MD5(_GenericCipherSuite): val = 0x0029 class TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5(_GenericCipherSuite): val = 0x002A class TLS_KRB5_EXPORT_WITH_RC4_40_MD5(_GenericCipherSuite): val = 0x002B class TLS_PSK_WITH_NULL_SHA(_GenericCipherSuite): val = 0x002C class TLS_DHE_PSK_WITH_NULL_SHA(_GenericCipherSuite): val = 0x002D class TLS_RSA_PSK_WITH_NULL_SHA(_GenericCipherSuite): val = 0x002E class TLS_RSA_WITH_AES_128_CBC_SHA(_GenericCipherSuite): val = 0x002F class TLS_DH_DSS_WITH_AES_128_CBC_SHA(_GenericCipherSuite): val = 0x0030 class TLS_DH_RSA_WITH_AES_128_CBC_SHA(_GenericCipherSuite): val = 0x0031 class TLS_DHE_DSS_WITH_AES_128_CBC_SHA(_GenericCipherSuite): val = 0x0032 class TLS_DHE_RSA_WITH_AES_128_CBC_SHA(_GenericCipherSuite): val = 0x0033 class TLS_DH_anon_WITH_AES_128_CBC_SHA(_GenericCipherSuite): val = 0x0034 class TLS_RSA_WITH_AES_256_CBC_SHA(_GenericCipherSuite): val = 0x0035 class TLS_DH_DSS_WITH_AES_256_CBC_SHA(_GenericCipherSuite): val = 0x0036 class TLS_DH_RSA_WITH_AES_256_CBC_SHA(_GenericCipherSuite): val = 0x0037 class TLS_DHE_DSS_WITH_AES_256_CBC_SHA(_GenericCipherSuite): val = 0x0038 class TLS_DHE_RSA_WITH_AES_256_CBC_SHA(_GenericCipherSuite): val = 0x0039 class TLS_DH_anon_WITH_AES_256_CBC_SHA(_GenericCipherSuite): val = 0x003A class TLS_RSA_WITH_NULL_SHA256(_GenericCipherSuite): val = 0x003B class TLS_RSA_WITH_AES_128_CBC_SHA256(_GenericCipherSuite): val = 0x003C class TLS_RSA_WITH_AES_256_CBC_SHA256(_GenericCipherSuite): val = 0x003D class TLS_DH_DSS_WITH_AES_128_CBC_SHA256(_GenericCipherSuite): val = 0x003E class TLS_DH_RSA_WITH_AES_128_CBC_SHA256(_GenericCipherSuite): val = 0x003F class TLS_DHE_DSS_WITH_AES_128_CBC_SHA256(_GenericCipherSuite): val = 0x0040 class TLS_RSA_WITH_CAMELLIA_128_CBC_SHA(_GenericCipherSuite): val = 0x0041 class TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA(_GenericCipherSuite): val = 0x0042 class TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA(_GenericCipherSuite): val = 0x0043 class TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA(_GenericCipherSuite): val = 0x0044 class TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA(_GenericCipherSuite): val = 0x0045 class TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA(_GenericCipherSuite): val = 0x0046 class TLS_DHE_RSA_WITH_AES_128_CBC_SHA256(_GenericCipherSuite): val = 0x0067 class TLS_DH_DSS_WITH_AES_256_CBC_SHA256(_GenericCipherSuite): val = 0x0068 class TLS_DH_RSA_WITH_AES_256_CBC_SHA256(_GenericCipherSuite): val = 0x0069 class TLS_DHE_DSS_WITH_AES_256_CBC_SHA256(_GenericCipherSuite): val = 0x006A class TLS_DHE_RSA_WITH_AES_256_CBC_SHA256(_GenericCipherSuite): val = 0x006B class TLS_DH_anon_WITH_AES_128_CBC_SHA256(_GenericCipherSuite): val = 0x006C class TLS_DH_anon_WITH_AES_256_CBC_SHA256(_GenericCipherSuite): val = 0x006D class TLS_RSA_WITH_CAMELLIA_256_CBC_SHA(_GenericCipherSuite): val = 0x0084 class TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA(_GenericCipherSuite): val = 0x0085 class TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA(_GenericCipherSuite): val = 0x0086 class TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA(_GenericCipherSuite): val = 0x0087 class TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA(_GenericCipherSuite): val = 0x0088 class TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA(_GenericCipherSuite): val = 0x0089 class TLS_PSK_WITH_RC4_128_SHA(_GenericCipherSuite): val = 0x008A class TLS_PSK_WITH_3DES_EDE_CBC_SHA(_GenericCipherSuite): val = 0x008B class TLS_PSK_WITH_AES_128_CBC_SHA(_GenericCipherSuite): val = 0x008C class TLS_PSK_WITH_AES_256_CBC_SHA(_GenericCipherSuite): val = 0x008D class TLS_DHE_PSK_WITH_RC4_128_SHA(_GenericCipherSuite): val = 0x008E class TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA(_GenericCipherSuite): val = 0x008F class TLS_DHE_PSK_WITH_AES_128_CBC_SHA(_GenericCipherSuite): val = 0x0090 class TLS_DHE_PSK_WITH_AES_256_CBC_SHA(_GenericCipherSuite): val = 0x0091 class TLS_RSA_PSK_WITH_RC4_128_SHA(_GenericCipherSuite): val = 0x0092 class TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA(_GenericCipherSuite): val = 0x0093 class TLS_RSA_PSK_WITH_AES_128_CBC_SHA(_GenericCipherSuite): val = 0x0094 class TLS_RSA_PSK_WITH_AES_256_CBC_SHA(_GenericCipherSuite): val = 0x0095 class TLS_RSA_WITH_SEED_CBC_SHA(_GenericCipherSuite): val = 0x0096 class TLS_DH_DSS_WITH_SEED_CBC_SHA(_GenericCipherSuite): val = 0x0097 class TLS_DH_RSA_WITH_SEED_CBC_SHA(_GenericCipherSuite): val = 0x0098 class TLS_DHE_DSS_WITH_SEED_CBC_SHA(_GenericCipherSuite): val = 0x0099 class TLS_DHE_RSA_WITH_SEED_CBC_SHA(_GenericCipherSuite): val = 0x009A class TLS_DH_anon_WITH_SEED_CBC_SHA(_GenericCipherSuite): val = 0x009B class TLS_RSA_WITH_AES_128_GCM_SHA256(_GenericCipherSuite): val = 0x009C class TLS_RSA_WITH_AES_256_GCM_SHA384(_GenericCipherSuite): val = 0x009D class TLS_DHE_RSA_WITH_AES_128_GCM_SHA256(_GenericCipherSuite): val = 0x009E class TLS_DHE_RSA_WITH_AES_256_GCM_SHA384(_GenericCipherSuite): val = 0x009F class TLS_DH_RSA_WITH_AES_128_GCM_SHA256(_GenericCipherSuite): val = 0x00A0 class TLS_DH_RSA_WITH_AES_256_GCM_SHA384(_GenericCipherSuite): val = 0x00A1 class TLS_DHE_DSS_WITH_AES_128_GCM_SHA256(_GenericCipherSuite): val = 0x00A2 class TLS_DHE_DSS_WITH_AES_256_GCM_SHA384(_GenericCipherSuite): val = 0x00A3 class TLS_DH_DSS_WITH_AES_128_GCM_SHA256(_GenericCipherSuite): val = 0x00A4 class TLS_DH_DSS_WITH_AES_256_GCM_SHA384(_GenericCipherSuite): val = 0x00A5 class TLS_DH_anon_WITH_AES_128_GCM_SHA256(_GenericCipherSuite): val = 0x00A6 class TLS_DH_anon_WITH_AES_256_GCM_SHA384(_GenericCipherSuite): val = 0x00A7 class TLS_PSK_WITH_AES_128_GCM_SHA256(_GenericCipherSuite): val = 0x00A8 class TLS_PSK_WITH_AES_256_GCM_SHA384(_GenericCipherSuite): val = 0x00A9 class TLS_DHE_PSK_WITH_AES_128_GCM_SHA256(_GenericCipherSuite): val = 0x00AA class TLS_DHE_PSK_WITH_AES_256_GCM_SHA384(_GenericCipherSuite): val = 0x00AB class TLS_RSA_PSK_WITH_AES_128_GCM_SHA256(_GenericCipherSuite): val = 0x00AC class TLS_RSA_PSK_WITH_AES_256_GCM_SHA384(_GenericCipherSuite): val = 0x00AD class TLS_PSK_WITH_AES_128_CBC_SHA256(_GenericCipherSuite): val = 0x00AE class TLS_PSK_WITH_AES_256_CBC_SHA384(_GenericCipherSuite): val = 0x00AF class TLS_PSK_WITH_NULL_SHA256(_GenericCipherSuite): val = 0x00B0 class TLS_PSK_WITH_NULL_SHA384(_GenericCipherSuite): val = 0x00B1 class TLS_DHE_PSK_WITH_AES_128_CBC_SHA256(_GenericCipherSuite): val = 0x00B2 class TLS_DHE_PSK_WITH_AES_256_CBC_SHA384(_GenericCipherSuite): val = 0x00B3 class TLS_DHE_PSK_WITH_NULL_SHA256(_GenericCipherSuite): val = 0x00B4 class TLS_DHE_PSK_WITH_NULL_SHA384(_GenericCipherSuite): val = 0x00B5 class TLS_RSA_PSK_WITH_AES_128_CBC_SHA256(_GenericCipherSuite): val = 0x00B6 class TLS_RSA_PSK_WITH_AES_256_CBC_SHA384(_GenericCipherSuite): val = 0x00B7 class TLS_RSA_PSK_WITH_NULL_SHA256(_GenericCipherSuite): val = 0x00B8 class TLS_RSA_PSK_WITH_NULL_SHA384(_GenericCipherSuite): val = 0x00B9 class TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256(_GenericCipherSuite): val = 0x00BA class TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256(_GenericCipherSuite): val = 0x00BB class TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256(_GenericCipherSuite): val = 0x00BC class TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256(_GenericCipherSuite): val = 0x00BD class TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256(_GenericCipherSuite): val = 0x00BE class TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256(_GenericCipherSuite): val = 0x00BF class TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256(_GenericCipherSuite): val = 0x00C0 class TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256(_GenericCipherSuite): val = 0x00C1 class TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256(_GenericCipherSuite): val = 0x00C2 class TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256(_GenericCipherSuite): val = 0x00C3 class TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256(_GenericCipherSuite): val = 0x00C4 class TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256(_GenericCipherSuite): val = 0x00C5 #class TLS_EMPTY_RENEGOTIATION_INFO_CSV(_GenericCipherSuite): # val = 0x00FF #class TLS_FALLBACK_SCSV(_GenericCipherSuite): # val = 0x5600 class TLS_ECDH_ECDSA_WITH_NULL_SHA(_GenericCipherSuite): val = 0xC001 class TLS_ECDH_ECDSA_WITH_RC4_128_SHA(_GenericCipherSuite): val = 0xC002 class TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA(_GenericCipherSuite): val = 0xC003 class TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA(_GenericCipherSuite): val = 0xC004 class TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA(_GenericCipherSuite): val = 0xC005 class TLS_ECDHE_ECDSA_WITH_NULL_SHA(_GenericCipherSuite): val = 0xC006 class TLS_ECDHE_ECDSA_WITH_RC4_128_SHA(_GenericCipherSuite): val = 0xC007 class TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA(_GenericCipherSuite): val = 0xC008 class TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA(_GenericCipherSuite): val = 0xC009 class TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA(_GenericCipherSuite): val = 0xC00A class TLS_ECDH_RSA_WITH_NULL_SHA(_GenericCipherSuite): val = 0xC00B class TLS_ECDH_RSA_WITH_RC4_128_SHA(_GenericCipherSuite): val = 0xC00C class TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA(_GenericCipherSuite): val = 0xC00D class TLS_ECDH_RSA_WITH_AES_128_CBC_SHA(_GenericCipherSuite): val = 0xC00E class TLS_ECDH_RSA_WITH_AES_256_CBC_SHA(_GenericCipherSuite): val = 0xC00F class TLS_ECDHE_RSA_WITH_NULL_SHA(_GenericCipherSuite): val = 0xC010 class TLS_ECDHE_RSA_WITH_RC4_128_SHA(_GenericCipherSuite): val = 0xC011 class TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA(_GenericCipherSuite): val = 0xC012 class TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(_GenericCipherSuite): val = 0xC013 class TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(_GenericCipherSuite): val = 0xC014 class TLS_ECDH_anon_WITH_NULL_SHA(_GenericCipherSuite): val = 0xC015 class TLS_ECDH_anon_WITH_RC4_128_SHA(_GenericCipherSuite): val = 0xC016 class TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA(_GenericCipherSuite): val = 0xC017 class TLS_ECDH_anon_WITH_AES_128_CBC_SHA(_GenericCipherSuite): val = 0xC018 class TLS_ECDH_anon_WITH_AES_256_CBC_SHA(_GenericCipherSuite): val = 0xC019 class TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA(_GenericCipherSuite): val = 0xC01A class TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA(_GenericCipherSuite): val = 0xC01B class TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA(_GenericCipherSuite): val = 0xC01C class TLS_SRP_SHA_WITH_AES_128_CBC_SHA(_GenericCipherSuite): val = 0xC01D class TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA(_GenericCipherSuite): val = 0xC01E class TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA(_GenericCipherSuite): val = 0xC01F class TLS_SRP_SHA_WITH_AES_256_CBC_SHA(_GenericCipherSuite): val = 0xC020 class TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA(_GenericCipherSuite): val = 0xC021 class TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA(_GenericCipherSuite): val = 0xC022 class TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256(_GenericCipherSuite): val = 0xC023 class TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384(_GenericCipherSuite): val = 0xC024 class TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256(_GenericCipherSuite): val = 0xC025 class TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384(_GenericCipherSuite): val = 0xC026 class TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256(_GenericCipherSuite): val = 0xC027 class TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384(_GenericCipherSuite): val = 0xC028 class TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256(_GenericCipherSuite): val = 0xC029 class TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384(_GenericCipherSuite): val = 0xC02A class TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(_GenericCipherSuite): val = 0xC02B class TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384(_GenericCipherSuite): val = 0xC02C class TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256(_GenericCipherSuite): val = 0xC02D class TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384(_GenericCipherSuite): val = 0xC02E class TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(_GenericCipherSuite): val = 0xC02F class TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(_GenericCipherSuite): val = 0xC030 class TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256(_GenericCipherSuite): val = 0xC031 class TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384(_GenericCipherSuite): val = 0xC032 class TLS_ECDHE_PSK_WITH_RC4_128_SHA(_GenericCipherSuite): val = 0xC033 class TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA(_GenericCipherSuite): val = 0xC034 class TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA(_GenericCipherSuite): val = 0xC035 class TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA(_GenericCipherSuite): val = 0xC036 class TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256(_GenericCipherSuite): val = 0xC037 class TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384(_GenericCipherSuite): val = 0xC038 class TLS_ECDHE_PSK_WITH_NULL_SHA(_GenericCipherSuite): val = 0xC039 class TLS_ECDHE_PSK_WITH_NULL_SHA256(_GenericCipherSuite): val = 0xC03A class TLS_ECDHE_PSK_WITH_NULL_SHA384(_GenericCipherSuite): val = 0xC03B # suites 0xC03C-C071 use ARIA class TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256(_GenericCipherSuite): val = 0xC072 class TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384(_GenericCipherSuite): val = 0xC073 class TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256(_GenericCipherSuite): val = 0xC074 class TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384(_GenericCipherSuite): val = 0xC075 class TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256(_GenericCipherSuite): val = 0xC076 class TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384(_GenericCipherSuite): val = 0xC077 class TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256(_GenericCipherSuite): val = 0xC078 class TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384(_GenericCipherSuite): val = 0xC079 class TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256(_GenericCipherSuite): val = 0xC07A class TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384(_GenericCipherSuite): val = 0xC07B class TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256(_GenericCipherSuite): val = 0xC07C class TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384(_GenericCipherSuite): val = 0xC07D class TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256(_GenericCipherSuite): val = 0xC07E class TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384(_GenericCipherSuite): val = 0xC07F class TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256(_GenericCipherSuite): val = 0xC080 class TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384(_GenericCipherSuite): val = 0xC081 class TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256(_GenericCipherSuite): val = 0xC082 class TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384(_GenericCipherSuite): val = 0xC083 class TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256(_GenericCipherSuite): val = 0xC084 class TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384(_GenericCipherSuite): val = 0xC085 class TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256(_GenericCipherSuite): val = 0xC086 class TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384(_GenericCipherSuite): val = 0xC087 class TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256(_GenericCipherSuite): val = 0xC088 class TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384(_GenericCipherSuite): val = 0xC089 class TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256(_GenericCipherSuite): val = 0xC08A class TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384(_GenericCipherSuite): val = 0xC08B class TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256(_GenericCipherSuite): val = 0xC08C class TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384(_GenericCipherSuite): val = 0xC08D class TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256(_GenericCipherSuite): val = 0xC08E class TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384(_GenericCipherSuite): val = 0xC08F class TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256(_GenericCipherSuite): val = 0xC090 class TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384(_GenericCipherSuite): val = 0xC091 class TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256(_GenericCipherSuite): val = 0xC092 class TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384(_GenericCipherSuite): val = 0xC093 class TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256(_GenericCipherSuite): val = 0xC094 class TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384(_GenericCipherSuite): val = 0xC095 class TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256(_GenericCipherSuite): val = 0xC096 class TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384(_GenericCipherSuite): val = 0xC097 class TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256(_GenericCipherSuite): val = 0xC098 class TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384(_GenericCipherSuite): val = 0xC099 class TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256(_GenericCipherSuite): val = 0xC09A class TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384(_GenericCipherSuite): val = 0xC09B class TLS_RSA_WITH_AES_128_CCM(_GenericCipherSuite): val = 0xC09C class TLS_RSA_WITH_AES_256_CCM(_GenericCipherSuite): val = 0xC09D class TLS_DHE_RSA_WITH_AES_128_CCM(_GenericCipherSuite): val = 0xC09E class TLS_DHE_RSA_WITH_AES_256_CCM(_GenericCipherSuite): val = 0xC09F class TLS_RSA_WITH_AES_128_CCM_8(_GenericCipherSuite): val = 0xC0A0 class TLS_RSA_WITH_AES_256_CCM_8(_GenericCipherSuite): val = 0xC0A1 class TLS_DHE_RSA_WITH_AES_128_CCM_8(_GenericCipherSuite): val = 0xC0A2 class TLS_DHE_RSA_WITH_AES_256_CCM_8(_GenericCipherSuite): val = 0xC0A3 class TLS_PSK_WITH_AES_128_CCM(_GenericCipherSuite): val = 0xC0A4 class TLS_PSK_WITH_AES_256_CCM(_GenericCipherSuite): val = 0xC0A5 class TLS_DHE_PSK_WITH_AES_128_CCM(_GenericCipherSuite): val = 0xC0A6 class TLS_DHE_PSK_WITH_AES_256_CCM(_GenericCipherSuite): val = 0xC0A7 class TLS_PSK_WITH_AES_128_CCM_8(_GenericCipherSuite): val = 0xC0A8 class TLS_PSK_WITH_AES_256_CCM_8(_GenericCipherSuite): val = 0xC0A9 class TLS_DHE_PSK_WITH_AES_128_CCM_8(_GenericCipherSuite): val = 0xC0AA class TLS_DHE_PSK_WITH_AES_256_CCM_8(_GenericCipherSuite): val = 0xC0AB class TLS_ECDHE_ECDSA_WITH_AES_128_CCM(_GenericCipherSuite): val = 0xC0AC class TLS_ECDHE_ECDSA_WITH_AES_256_CCM(_GenericCipherSuite): val = 0xC0AD class TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8(_GenericCipherSuite): val = 0xC0AE class TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8(_GenericCipherSuite): val = 0xC0AF # the next 3 suites are from draft-agl-tls-chacha20poly1305-04 class TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD(_GenericCipherSuite): val = 0xCC13 class TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256_OLD(_GenericCipherSuite): val = 0xCC14 class TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD(_GenericCipherSuite): val = 0xCC15 class TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256(_GenericCipherSuite): val = 0xCCA8 class TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256(_GenericCipherSuite): val = 0xCCA9 class TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256(_GenericCipherSuite): val = 0xCCAA class TLS_PSK_WITH_CHACHA20_POLY1305_SHA256(_GenericCipherSuite): val = 0xCCAB class TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256(_GenericCipherSuite): val = 0xCCAC class TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256(_GenericCipherSuite): val = 0xCCAD class TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256(_GenericCipherSuite): val = 0xCCAE class TLS_AES_128_GCM_SHA256(_GenericCipherSuite): val = 0x1301 class TLS_AES_256_GCM_SHA384(_GenericCipherSuite): val = 0x1302 class TLS_CHACHA20_POLY1305_SHA256(_GenericCipherSuite): val = 0x1303 class TLS_AES_128_CCM_SHA256(_GenericCipherSuite): val = 0x1304 class TLS_AES_128_CCM_8_SHA256(_GenericCipherSuite): val = 0x1305 class SSL_CK_RC4_128_WITH_MD5(_GenericCipherSuite): val = 0x010080 class SSL_CK_RC4_128_EXPORT40_WITH_MD5(_GenericCipherSuite): val = 0x020080 class SSL_CK_RC2_128_CBC_WITH_MD5(_GenericCipherSuite): val = 0x030080 class SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5(_GenericCipherSuite): val = 0x040080 class SSL_CK_IDEA_128_CBC_WITH_MD5(_GenericCipherSuite): val = 0x050080 class SSL_CK_DES_64_CBC_WITH_MD5(_GenericCipherSuite): val = 0x060040 class SSL_CK_DES_192_EDE3_CBC_WITH_MD5(_GenericCipherSuite): val = 0x0700C0 _tls_cipher_suites[0x00ff] = "TLS_EMPTY_RENEGOTIATION_INFO_SCSV" _tls_cipher_suites[0x5600] = "TLS_FALLBACK_SCSV" def get_usable_ciphersuites(l, kx): """ From a list of proposed ciphersuites, this function returns a list of usable cipher suites, i.e. for which key exchange, cipher and hash algorithms are known to be implemented and usable in current version of the TLS extension. The order of the cipher suites in the list returned by the function matches the one of the proposal. """ res = [] for c in l: if c in _tls_cipher_suites_cls: ciph = _tls_cipher_suites_cls[c] if ciph.usable: #XXX select among RSA and ECDSA cipher suites # according to the key(s) the server was given if ciph.kx_alg.anonymous or kx in ciph.kx_alg.name: res.append(c) return res