Other projects are starting to use them. Having two APIs for the same thing is silly, so deprecate all our old ones. Change-Id: Iaf6b6995bc9e4b624140d5c645000fbf2cb08162 Reviewed-on: https://boringssl-review.googlesource.com/19064 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>kris/onging/CECPQ3_patch15
@@ -57,7 +57,7 @@ | |||
/* This file is generated by crypto/obj/objects.go. */ | |||
#define NUM_NID 950 | |||
#define NUM_NID 959 | |||
static const uint8_t kObjectData[] = { | |||
/* NID_rsadsi */ | |||
@@ -3444,6 +3444,16 @@ static const ASN1_OBJECT kObjects[NUM_NID] = { | |||
{"dh-cofactor-kdf", "dh-cofactor-kdf", NID_dh_cofactor_kdf, 0, NULL, 0}, | |||
{"X25519", "X25519", NID_X25519, 0, NULL, 0}, | |||
{"ED25519", "ED25519", NID_ED25519, 3, &kObjectData[6175], 0}, | |||
{"ChaCha20-Poly1305", "chacha20-poly1305", NID_chacha20_poly1305, 0, NULL, | |||
0}, | |||
{"KxRSA", "kx-rsa", NID_kx_rsa, 0, NULL, 0}, | |||
{"KxECDHE", "kx-ecdhe", NID_kx_ecdhe, 0, NULL, 0}, | |||
{"KxPSK", "kx-psk", NID_kx_psk, 0, NULL, 0}, | |||
{"AuthRSA", "auth-rsa", NID_auth_rsa, 0, NULL, 0}, | |||
{"AuthECDSA", "auth-ecdsa", NID_auth_ecdsa, 0, NULL, 0}, | |||
{"AuthPSK", "auth-psk", NID_auth_psk, 0, NULL, 0}, | |||
{"KxANY", "kx-any", NID_kx_any, 0, NULL, 0}, | |||
{"AuthANY", "auth-any", NID_auth_any, 0, NULL, 0}, | |||
}; | |||
static const unsigned kNIDsInShortNameOrder[] = { | |||
@@ -3474,6 +3484,10 @@ static const unsigned kNIDsInShortNameOrder[] = { | |||
426 /* AES-256-ECB */, | |||
428 /* AES-256-OFB */, | |||
914 /* AES-256-XTS */, | |||
958 /* AuthANY */, | |||
955 /* AuthECDSA */, | |||
956 /* AuthPSK */, | |||
954 /* AuthRSA */, | |||
91 /* BF-CBC */, | |||
93 /* BF-CFB */, | |||
92 /* BF-ECB */, | |||
@@ -3505,6 +3519,7 @@ static const unsigned kNIDsInShortNameOrder[] = { | |||
13 /* CN */, | |||
141 /* CRLReason */, | |||
417 /* CSPName */, | |||
950 /* ChaCha20-Poly1305 */, | |||
367 /* CrlID */, | |||
391 /* DC */, | |||
31 /* DES-CBC */, | |||
@@ -3547,6 +3562,10 @@ static const unsigned kNIDsInShortNameOrder[] = { | |||
645 /* ITU-T */, | |||
646 /* JOINT-ISO-ITU-T */, | |||
773 /* KISA */, | |||
957 /* KxANY */, | |||
952 /* KxECDHE */, | |||
953 /* KxPSK */, | |||
951 /* KxRSA */, | |||
15 /* L */, | |||
856 /* LocalKeySet */, | |||
3 /* MD2 */, | |||
@@ -4570,6 +4589,10 @@ static const unsigned kNIDsInLongNameOrder[] = { | |||
484 /* associatedDomain */, | |||
485 /* associatedName */, | |||
501 /* audio */, | |||
958 /* auth-any */, | |||
955 /* auth-ecdsa */, | |||
956 /* auth-psk */, | |||
954 /* auth-rsa */, | |||
882 /* authorityRevocationList */, | |||
91 /* bf-cbc */, | |||
93 /* bf-cfb */, | |||
@@ -4640,6 +4663,7 @@ static const unsigned kNIDsInLongNameOrder[] = { | |||
677 /* certicom-arc */, | |||
517 /* certificate extensions */, | |||
883 /* certificateRevocationList */, | |||
950 /* chacha20-poly1305 */, | |||
54 /* challengePassword */, | |||
407 /* characteristic-two-field */, | |||
395 /* clearance */, | |||
@@ -4982,6 +5006,10 @@ static const unsigned kNIDsInLongNameOrder[] = { | |||
646 /* joint-iso-itu-t */, | |||
150 /* keyBag */, | |||
773 /* kisa */, | |||
957 /* kx-any */, | |||
952 /* kx-ecdhe */, | |||
953 /* kx-psk */, | |||
951 /* kx-rsa */, | |||
477 /* lastModifiedBy */, | |||
476 /* lastModifiedTime */, | |||
157 /* localKeyID */, | |||
@@ -938,3 +938,12 @@ dh_std_kdf 946 | |||
dh_cofactor_kdf 947 | |||
X25519 948 | |||
ED25519 949 | |||
chacha20_poly1305 950 | |||
kx_rsa 951 | |||
kx_ecdhe 952 | |||
kx_psk 953 | |||
auth_rsa 954 | |||
auth_ecdsa 955 | |||
auth_psk 956 | |||
kx_any 957 | |||
auth_any 958 |
@@ -1336,3 +1336,19 @@ secg-scheme 14 3 : dhSinglePass-cofactorDH-sha512kdf-scheme | |||
# See draft-ietf-curdle-pkix-04. | |||
1 3 101 112 : ED25519 | |||
: ChaCha20-Poly1305 : chacha20-poly1305 | |||
# NIDs for TLS 1.2 cipher suite key exchanges. | |||
: KxRSA : kx-rsa | |||
: KxECDHE : kx-ecdhe | |||
: KxPSK : kx-psk | |||
# NIDs for TLS 1.2 cipher suite authentication types. | |||
: AuthRSA : auth-rsa | |||
: AuthECDSA : auth-ecdsa | |||
: AuthPSK : auth-psk | |||
# TLS 1.3 cipher suites do not specify key exchange or authentication. | |||
: KxANY : kx-any | |||
: AuthANY : auth-any |
@@ -4198,6 +4198,42 @@ extern "C" { | |||
#define NID_ED25519 949 | |||
#define OBJ_ED25519 1L, 3L, 101L, 112L | |||
#define SN_chacha20_poly1305 "ChaCha20-Poly1305" | |||
#define LN_chacha20_poly1305 "chacha20-poly1305" | |||
#define NID_chacha20_poly1305 950 | |||
#define SN_kx_rsa "KxRSA" | |||
#define LN_kx_rsa "kx-rsa" | |||
#define NID_kx_rsa 951 | |||
#define SN_kx_ecdhe "KxECDHE" | |||
#define LN_kx_ecdhe "kx-ecdhe" | |||
#define NID_kx_ecdhe 952 | |||
#define SN_kx_psk "KxPSK" | |||
#define LN_kx_psk "kx-psk" | |||
#define NID_kx_psk 953 | |||
#define SN_auth_rsa "AuthRSA" | |||
#define LN_auth_rsa "auth-rsa" | |||
#define NID_auth_rsa 954 | |||
#define SN_auth_ecdsa "AuthECDSA" | |||
#define LN_auth_ecdsa "auth-ecdsa" | |||
#define NID_auth_ecdsa 955 | |||
#define SN_auth_psk "AuthPSK" | |||
#define LN_auth_psk "auth-psk" | |||
#define NID_auth_psk 956 | |||
#define SN_kx_any "KxANY" | |||
#define LN_kx_any "kx-any" | |||
#define NID_kx_any 957 | |||
#define SN_auth_any "AuthANY" | |||
#define LN_auth_any "auth-any" | |||
#define NID_auth_any 958 | |||
#if defined(__cplusplus) | |||
} /* extern C */ | |||
@@ -1200,56 +1200,36 @@ OPENSSL_EXPORT const SSL_CIPHER *SSL_get_cipher_by_value(uint16_t value); | |||
* get the cipher suite value. */ | |||
OPENSSL_EXPORT uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *cipher); | |||
/* SSL_CIPHER_is_AES returns one if |cipher| uses AES (either GCM or CBC | |||
* mode). */ | |||
OPENSSL_EXPORT int SSL_CIPHER_is_AES(const SSL_CIPHER *cipher); | |||
/* SSL_CIPHER_has_SHA1_HMAC returns one if |cipher| uses HMAC-SHA1. */ | |||
OPENSSL_EXPORT int SSL_CIPHER_has_SHA1_HMAC(const SSL_CIPHER *cipher); | |||
/* SSL_CIPHER_has_SHA256_HMAC returns one if |cipher| uses HMAC-SHA256. */ | |||
OPENSSL_EXPORT int SSL_CIPHER_has_SHA256_HMAC(const SSL_CIPHER *cipher); | |||
/* SSL_CIPHER_has_SHA384_HMAC returns one if |cipher| uses HMAC-SHA384. */ | |||
OPENSSL_EXPORT int SSL_CIPHER_has_SHA384_HMAC(const SSL_CIPHER *cipher); | |||
/* SSL_CIPHER_is_AEAD returns one if |cipher| uses an AEAD cipher. */ | |||
OPENSSL_EXPORT int SSL_CIPHER_is_AEAD(const SSL_CIPHER *cipher); | |||
/* SSL_CIPHER_is_AESGCM returns one if |cipher| uses AES-GCM. */ | |||
OPENSSL_EXPORT int SSL_CIPHER_is_AESGCM(const SSL_CIPHER *cipher); | |||
/* SSL_CIPHER_is_AES128GCM returns one if |cipher| uses 128-bit AES-GCM. */ | |||
OPENSSL_EXPORT int SSL_CIPHER_is_AES128GCM(const SSL_CIPHER *cipher); | |||
/* SSL_CIPHER_is_AES128CBC returns one if |cipher| uses 128-bit AES in CBC | |||
* mode. */ | |||
OPENSSL_EXPORT int SSL_CIPHER_is_AES128CBC(const SSL_CIPHER *cipher); | |||
/* SSL_CIPHER_is_AES256CBC returns one if |cipher| uses 256-bit AES in CBC | |||
* mode. */ | |||
OPENSSL_EXPORT int SSL_CIPHER_is_AES256CBC(const SSL_CIPHER *cipher); | |||
/* SSL_CIPHER_is_CHACHA20POLY1305 returns one if |cipher| uses | |||
* CHACHA20_POLY1305. Note this includes both the RFC 7905 and | |||
* draft-agl-tls-chacha20poly1305-04 versions. */ | |||
OPENSSL_EXPORT int SSL_CIPHER_is_CHACHA20POLY1305(const SSL_CIPHER *cipher); | |||
/* SSL_CIPHER_is_NULL returns one if |cipher| does not encrypt. */ | |||
OPENSSL_EXPORT int SSL_CIPHER_is_NULL(const SSL_CIPHER *cipher); | |||
/* SSL_CIPHER_is_aead returns one if |cipher| uses an AEAD cipher. */ | |||
OPENSSL_EXPORT int SSL_CIPHER_is_aead(const SSL_CIPHER *cipher); | |||
/* SSL_CIPHER_is_block_cipher returns one if |cipher| is a block cipher. */ | |||
OPENSSL_EXPORT int SSL_CIPHER_is_block_cipher(const SSL_CIPHER *cipher); | |||
/* SSL_CIPHER_is_ECDSA returns one if |cipher| uses ECDSA. */ | |||
OPENSSL_EXPORT int SSL_CIPHER_is_ECDSA(const SSL_CIPHER *cipher); | |||
/* SSL_CIPHER_get_cipher_nid returns the NID for |cipher|'s bulk | |||
* cipher. Possible values are |NID_aes_128_gcm|, |NID_aes_256_gcm|, | |||
* |NID_chacha20_poly1305|, |NID_aes_128_cbc|, |NID_aes_256_cbc|, and | |||
* |NID_des_ede3_cbc|. */ | |||
OPENSSL_EXPORT int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *cipher); | |||
/* SSL_CIPHER_is_ECDHE returns one if |cipher| uses ECDHE. */ | |||
OPENSSL_EXPORT int SSL_CIPHER_is_ECDHE(const SSL_CIPHER *cipher); | |||
/* SSL_CIPHER_get_digest_nid returns the NID for |cipher|'s HMAC if it is a | |||
* legacy cipher suite. For modern AEAD-based ciphers (see | |||
* |SSL_CIPHER_is_aead|), it returns |NID_undef|. | |||
* | |||
* Note this function only returns the legacy HMAC digest, not the PRF hash. */ | |||
OPENSSL_EXPORT int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *cipher); | |||
/* SSL_CIPHER_is_static_RSA returns one if |cipher| uses the static RSA key | |||
* exchange. */ | |||
OPENSSL_EXPORT int SSL_CIPHER_is_static_RSA(const SSL_CIPHER *cipher); | |||
/* SSL_CIPHER_get_kx_nid returns the NID for |cipher|'s key exchange. This may | |||
* be |NID_kx_rsa|, |NID_kx_ecdhe|, or |NID_kx_psk| for TLS 1.2. In TLS 1.3, | |||
* cipher suites do not specify the key exchange, so this function returns | |||
* |NID_kx_any|. */ | |||
OPENSSL_EXPORT int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *cipher); | |||
/* SSL_CIPHER_get_auth_nid returns the NID for |cipher|'s authentication | |||
* type. This may be |NID_auth_rsa|, |NID_auth_ecdsa|, or |NID_auth_psk| for TLS | |||
* 1.2. In TLS 1.3, cipher suites do not specify authentication, so this | |||
* function returns |NID_auth_any|. */ | |||
OPENSSL_EXPORT int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *cipher); | |||
/* SSL_CIPHER_get_min_version returns the minimum protocol version required | |||
* for |cipher|. */ | |||
@@ -3983,6 +3963,64 @@ OPENSSL_EXPORT SSL_SESSION *SSL_get_session(const SSL *ssl); | |||
* the session. */ | |||
OPENSSL_EXPORT SSL_SESSION *SSL_get1_session(SSL *ssl); | |||
/* TODO(davidben): Convert all the callers of these old |SSL_CIPHER| functions | |||
* and remove them. */ | |||
/* SSL_CIPHER_is_AEAD calls |SSL_CIPHER_is_aead|. */ | |||
OPENSSL_EXPORT int SSL_CIPHER_is_AEAD(const SSL_CIPHER *cipher); | |||
/* SSL_CIPHER_is_AES returns one if |cipher| uses AES (either GCM or CBC | |||
* mode). Use |SSL_CIPHER_get_cipher_nid| instead. */ | |||
OPENSSL_EXPORT int SSL_CIPHER_is_AES(const SSL_CIPHER *cipher); | |||
/* SSL_CIPHER_has_SHA1_HMAC returns one if |cipher| uses HMAC-SHA1. Use | |||
* |SSL_CIPHER_get_digest_nid| instead. */ | |||
OPENSSL_EXPORT int SSL_CIPHER_has_SHA1_HMAC(const SSL_CIPHER *cipher); | |||
/* SSL_CIPHER_has_SHA256_HMAC returns one if |cipher| uses HMAC-SHA256. Use | |||
* |SSL_CIPHER_get_digest_nid| instead. */ | |||
OPENSSL_EXPORT int SSL_CIPHER_has_SHA256_HMAC(const SSL_CIPHER *cipher); | |||
/* SSL_CIPHER_has_SHA384_HMAC returns one if |cipher| uses HMAC-SHA384. Use | |||
* |SSL_CIPHER_get_digest_nid| instead. */ | |||
OPENSSL_EXPORT int SSL_CIPHER_has_SHA384_HMAC(const SSL_CIPHER *cipher); | |||
/* SSL_CIPHER_is_AESGCM returns one if |cipher| uses AES-GCM. Use | |||
* |SSL_CIPHER_get_cipher_nid| instead. */ | |||
OPENSSL_EXPORT int SSL_CIPHER_is_AESGCM(const SSL_CIPHER *cipher); | |||
/* SSL_CIPHER_is_AES128GCM returns one if |cipher| uses 128-bit AES-GCM. Use | |||
* |SSL_CIPHER_get_cipher_nid| instead. */ | |||
OPENSSL_EXPORT int SSL_CIPHER_is_AES128GCM(const SSL_CIPHER *cipher); | |||
/* SSL_CIPHER_is_AES128CBC returns one if |cipher| uses 128-bit AES in CBC | |||
* mode. Use |SSL_CIPHER_get_cipher_nid| instead. */ | |||
OPENSSL_EXPORT int SSL_CIPHER_is_AES128CBC(const SSL_CIPHER *cipher); | |||
/* SSL_CIPHER_is_AES256CBC returns one if |cipher| uses 256-bit AES in CBC | |||
* mode. Use |SSL_CIPHER_get_cipher_nid| instead. */ | |||
OPENSSL_EXPORT int SSL_CIPHER_is_AES256CBC(const SSL_CIPHER *cipher); | |||
/* SSL_CIPHER_is_CHACHA20POLY1305 returns one if |cipher| uses | |||
* CHACHA20_POLY1305. Use |SSL_CIPHER_get_cipher_nid| instead. */ | |||
OPENSSL_EXPORT int SSL_CIPHER_is_CHACHA20POLY1305(const SSL_CIPHER *cipher); | |||
/* SSL_CIPHER_is_NULL returns one if |cipher| does not encrypt. Use | |||
* |SSL_CIPHER_get_cipher_nid| instead. */ | |||
OPENSSL_EXPORT int SSL_CIPHER_is_NULL(const SSL_CIPHER *cipher); | |||
/* SSL_CIPHER_is_ECDSA returns one if |cipher| uses ECDSA. Use | |||
* |SSL_CIPHER_get_auth_nid| instead. */ | |||
OPENSSL_EXPORT int SSL_CIPHER_is_ECDSA(const SSL_CIPHER *cipher); | |||
/* SSL_CIPHER_is_ECDHE returns one if |cipher| uses ECDHE. Use | |||
* |SSL_CIPHER_get_kx_nid| instead. */ | |||
OPENSSL_EXPORT int SSL_CIPHER_is_ECDHE(const SSL_CIPHER *cipher); | |||
/* SSL_CIPHER_is_static_RSA returns one if |cipher| uses the static RSA key | |||
* exchange. Use |SSL_CIPHER_get_kx_nid| instead. */ | |||
OPENSSL_EXPORT int SSL_CIPHER_is_static_RSA(const SSL_CIPHER *cipher); | |||
/* Private structures. | |||
* | |||
@@ -1455,10 +1455,80 @@ int SSL_CIPHER_has_SHA384_HMAC(const SSL_CIPHER *cipher) { | |||
return (cipher->algorithm_mac & SSL_SHA384) != 0; | |||
} | |||
int SSL_CIPHER_is_AEAD(const SSL_CIPHER *cipher) { | |||
int SSL_CIPHER_is_aead(const SSL_CIPHER *cipher) { | |||
return (cipher->algorithm_mac & SSL_AEAD) != 0; | |||
} | |||
int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *cipher) { | |||
switch (cipher->algorithm_enc) { | |||
case SSL_eNULL: | |||
return NID_undef; | |||
case SSL_3DES: | |||
return NID_des_ede3_cbc; | |||
case SSL_AES128: | |||
return NID_aes_128_cbc; | |||
case SSL_AES256: | |||
return NID_aes_256_cbc; | |||
case SSL_AES128GCM: | |||
return NID_aes_128_gcm; | |||
case SSL_AES256GCM: | |||
return NID_aes_256_gcm; | |||
case SSL_CHACHA20POLY1305: | |||
return NID_chacha20_poly1305; | |||
} | |||
assert(0); | |||
return NID_undef; | |||
} | |||
int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *cipher) { | |||
switch (cipher->algorithm_mac) { | |||
case SSL_AEAD: | |||
return NID_undef; | |||
case SSL_SHA1: | |||
return NID_sha1; | |||
case SSL_SHA256: | |||
return NID_sha256; | |||
case SSL_SHA384: | |||
return NID_sha384; | |||
} | |||
assert(0); | |||
return NID_undef; | |||
} | |||
int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *cipher) { | |||
switch (cipher->algorithm_mkey) { | |||
case SSL_kRSA: | |||
return NID_kx_rsa; | |||
case SSL_kECDHE: | |||
return NID_kx_ecdhe; | |||
case SSL_kPSK: | |||
return NID_kx_psk; | |||
case SSL_kGENERIC: | |||
return NID_kx_any; | |||
} | |||
assert(0); | |||
return NID_undef; | |||
} | |||
int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *cipher) { | |||
switch (cipher->algorithm_auth) { | |||
case SSL_aRSA: | |||
return NID_auth_rsa; | |||
case SSL_aECDSA: | |||
return NID_auth_ecdsa; | |||
case SSL_aPSK: | |||
return NID_auth_psk; | |||
case SSL_aGENERIC: | |||
return NID_auth_any; | |||
} | |||
assert(0); | |||
return NID_undef; | |||
} | |||
int SSL_CIPHER_is_AEAD(const SSL_CIPHER *cipher) { | |||
return SSL_CIPHER_is_aead(cipher); | |||
} | |||
int SSL_CIPHER_is_AESGCM(const SSL_CIPHER *cipher) { | |||
return (cipher->algorithm_enc & (SSL_AES128GCM | SSL_AES256GCM)) != 0; | |||
} | |||
@@ -786,30 +786,119 @@ TEST(SSLTest, DefaultVersion) { | |||
ExpectDefaultVersion(TLS1_2_VERSION, TLS1_2_VERSION, &DTLSv1_2_method); | |||
} | |||
TEST(SSLTest, CipherGetStandardName) { | |||
TEST(SSLTest, CipherProperties) { | |||
static const struct { | |||
int id; | |||
const char *standard_name; | |||
int cipher_nid; | |||
int digest_nid; | |||
int kx_nid; | |||
int auth_nid; | |||
} kTests[] = { | |||
{SSL3_CK_RSA_DES_192_CBC3_SHA, "TLS_RSA_WITH_3DES_EDE_CBC_SHA"}, | |||
{TLS1_CK_RSA_WITH_AES_128_SHA, "TLS_RSA_WITH_AES_128_CBC_SHA"}, | |||
{TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256, | |||
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"}, | |||
{TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384, | |||
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"}, | |||
{TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, | |||
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}, | |||
{TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, | |||
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"}, | |||
{TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, | |||
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"}, | |||
{TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA, | |||
"TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA"}, | |||
{TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, | |||
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"}, | |||
{TLS1_CK_AES_256_GCM_SHA384, "TLS_AES_256_GCM_SHA384"}, | |||
{TLS1_CK_AES_128_GCM_SHA256, "TLS_AES_128_GCM_SHA256"}, | |||
{TLS1_CK_CHACHA20_POLY1305_SHA256, "TLS_CHACHA20_POLY1305_SHA256"}, | |||
{ | |||
SSL3_CK_RSA_DES_192_CBC3_SHA, | |||
"TLS_RSA_WITH_3DES_EDE_CBC_SHA", | |||
NID_des_ede3_cbc, | |||
NID_sha1, | |||
NID_kx_rsa, | |||
NID_auth_rsa, | |||
}, | |||
{ | |||
TLS1_CK_RSA_WITH_AES_128_SHA, | |||
"TLS_RSA_WITH_AES_128_CBC_SHA", | |||
NID_aes_128_cbc, | |||
NID_sha1, | |||
NID_kx_rsa, | |||
NID_auth_rsa, | |||
}, | |||
{ | |||
TLS1_CK_PSK_WITH_AES_256_CBC_SHA, | |||
"TLS_PSK_WITH_AES_256_CBC_SHA", | |||
NID_aes_256_cbc, | |||
NID_sha1, | |||
NID_kx_psk, | |||
NID_auth_psk, | |||
}, | |||
{ | |||
TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256, | |||
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", | |||
NID_aes_128_cbc, | |||
NID_sha256, | |||
NID_kx_ecdhe, | |||
NID_auth_rsa, | |||
}, | |||
{ | |||
TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384, | |||
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", | |||
NID_aes_256_cbc, | |||
NID_sha384, | |||
NID_kx_ecdhe, | |||
NID_auth_rsa, | |||
}, | |||
{ | |||
TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, | |||
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", | |||
NID_aes_128_gcm, | |||
NID_undef, | |||
NID_kx_ecdhe, | |||
NID_auth_rsa, | |||
}, | |||
{ | |||
TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, | |||
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", | |||
NID_aes_128_gcm, | |||
NID_undef, | |||
NID_kx_ecdhe, | |||
NID_auth_ecdsa, | |||
}, | |||
{ | |||
TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, | |||
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", | |||
NID_aes_256_gcm, | |||
NID_undef, | |||
NID_kx_ecdhe, | |||
NID_auth_ecdsa, | |||
}, | |||
{ | |||
TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA, | |||
"TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA", | |||
NID_aes_128_cbc, | |||
NID_sha1, | |||
NID_kx_ecdhe, | |||
NID_auth_psk, | |||
}, | |||
{ | |||
TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, | |||
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", | |||
NID_chacha20_poly1305, | |||
NID_undef, | |||
NID_kx_ecdhe, | |||
NID_auth_rsa, | |||
}, | |||
{ | |||
TLS1_CK_AES_256_GCM_SHA384, | |||
"TLS_AES_256_GCM_SHA384", | |||
NID_aes_256_gcm, | |||
NID_undef, | |||
NID_kx_any, | |||
NID_auth_any, | |||
}, | |||
{ | |||
TLS1_CK_AES_128_GCM_SHA256, | |||
"TLS_AES_128_GCM_SHA256", | |||
NID_aes_128_gcm, | |||
NID_undef, | |||
NID_kx_any, | |||
NID_auth_any, | |||
}, | |||
{ | |||
TLS1_CK_CHACHA20_POLY1305_SHA256, | |||
"TLS_CHACHA20_POLY1305_SHA256", | |||
NID_chacha20_poly1305, | |||
NID_undef, | |||
NID_kx_any, | |||
NID_auth_any, | |||
}, | |||
}; | |||
for (const auto &t : kTests) { | |||
@@ -822,6 +911,11 @@ TEST(SSLTest, CipherGetStandardName) { | |||
bssl::UniquePtr<char> rfc_name(SSL_CIPHER_get_rfc_name(cipher)); | |||
ASSERT_TRUE(rfc_name); | |||
EXPECT_STREQ(t.standard_name, rfc_name.get()); | |||
EXPECT_EQ(t.cipher_nid, SSL_CIPHER_get_cipher_nid(cipher)); | |||
EXPECT_EQ(t.digest_nid, SSL_CIPHER_get_digest_nid(cipher)); | |||
EXPECT_EQ(t.kx_nid, SSL_CIPHER_get_kx_nid(cipher)); | |||
EXPECT_EQ(t.auth_nid, SSL_CIPHER_get_auth_nid(cipher)); | |||
} | |||
} | |||