ssl_cipher_suite_names.h revision cedac228d2dd51db4b79ea1e72c7f249408ee061
1// Copyright (c) 2011 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#ifndef NET_SSL_SSL_CIPHER_SUITE_NAMES_H_ 6#define NET_SSL_SSL_CIPHER_SUITE_NAMES_H_ 7 8#include <string> 9 10#include "base/basictypes.h" 11#include "net/base/net_export.h" 12 13namespace net { 14 15// SSLCipherSuiteToStrings returns three strings for a given cipher suite 16// number, the name of the key exchange algorithm, the name of the cipher and 17// the name of the MAC. The cipher suite number is the number as sent on the 18// wire and recorded at 19// http://www.iana.org/assignments/tls-parameters/tls-parameters.xml 20// If the cipher suite is unknown, the strings are set to "???". 21// In the case of an AEAD cipher suite, *mac_str is NULL and *is_aead is true. 22NET_EXPORT void SSLCipherSuiteToStrings(const char** key_exchange_str, 23 const char** cipher_str, 24 const char** mac_str, 25 bool* is_aead, 26 uint16 cipher_suite); 27 28// SSLVersionToString returns the name of the SSL protocol version 29// specified by |ssl_version|, which is defined in 30// net/ssl/ssl_connection_status_flags.h. 31// If the version is unknown, |name| is set to "???". 32NET_EXPORT void SSLVersionToString(const char** name, int ssl_version); 33 34// Parses a string literal that represents a SSL/TLS cipher suite. 35// 36// Supported literal forms: 37// 0xAABB, where AA is cipher_suite[0] and BB is cipher_suite[1], as 38// defined in RFC 2246, Section 7.4.1.2. Unrecognized but parsable cipher 39// suites in this form will not return an error. 40// 41// Returns true if the cipher suite was successfully parsed, storing the 42// result in |cipher_suite|. 43// 44// TODO(rsleevi): Support the full strings defined in the IANA TLS parameters 45// list. 46NET_EXPORT bool ParseSSLCipherString(const std::string& cipher_string, 47 uint16* cipher_suite); 48 49// |cipher_suite| is the IANA id for the cipher suite. What a "secure" 50// cipher suite is arbitrarily determined here. The intent is to indicate what 51// cipher suites meet modern security standards when backwards compatibility can 52// be ignored. Notably, HTTP/2 requires/encourages this sort of validation of 53// cipher suites: https://http2.github.io/http2-spec/#TLSUsage. 54// 55// Currently, this function follows these criteria: 56// 1) Only uses forward secure key exchanges 57// 2) Only uses AEADs 58NET_EXPORT_PRIVATE bool IsSecureTLSCipherSuite(uint16 cipher_suite); 59 60} // namespace net 61 62#endif // NET_SSL_SSL_CIPHER_SUITE_NAMES_H_ 63