From dffa53a832ff1e9b2c536d3a04b594fb8e759466 Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Fri, 21 May 2010 13:07:38 +0000 Subject: Decision not to support DH and export cipher suites. --- lib/ssl/src/ssl_cipher.erl | 360 +++++++++------------------------------------ 1 file changed, 72 insertions(+), 288 deletions(-) (limited to 'lib/ssl/src/ssl_cipher.erl') diff --git a/lib/ssl/src/ssl_cipher.erl b/lib/ssl/src/ssl_cipher.erl index ef4b450d68..1818247e59 100644 --- a/lib/ssl/src/ssl_cipher.erl +++ b/lib/ssl/src/ssl_cipher.erl @@ -48,7 +48,7 @@ %% cipher values has been updated according to %%------------------------------------------------------------------- security_parameters(CipherSuite, SecParams) -> - { _, Cipher, Hash, Exportable} = suite_definition(CipherSuite), + { _, Cipher, Hash} = suite_definition(CipherSuite), SecParams#security_parameters{ cipher_suite = CipherSuite, bulk_cipher_algorithm = bulk_cipher_algorithm(Cipher), @@ -58,8 +58,7 @@ security_parameters(CipherSuite, SecParams) -> key_material_length = key_material(Cipher), iv_size = iv_size(Cipher), mac_algorithm = mac_algorithm(Hash), - hash_size = hash_size(Hash), - exportable = Exportable}. + hash_size = hash_size(Hash)}. %%-------------------------------------------------------------------- %% Function: cipher(Method, CipherState, Mac, Data) -> @@ -109,10 +108,6 @@ cipher(?AES, CipherState, Mac, Fragment) -> %% block_cipher(fun(Key, IV, T) -> %% crypto:idea_cbc_encrypt(Key, IV, T) %% end, block_size(idea_cbc), CipherState, Mac, Fragment); -%% cipher(?RC2, CipherState, Mac, Fragment) -> -%% block_cipher(fun(Key, IV, T) -> -%% crypto:rc2_40_cbc_encrypt(Key, IV, T) -%% end, block_size(rc2_cbc_40), CipherState, Mac, Fragment). block_cipher(Fun, BlockSz, #cipher_state{key=Key, iv=IV} = CS0, Mac, Fragment) -> @@ -175,10 +170,6 @@ decipher(?AES, HashSz, CipherState, Fragment) -> %% block_decipher(fun(Key, IV, T) -> %% crypto:idea_cbc_decrypt(Key, IV, T) %% end, CipherState, HashSz, Fragment); -%% decipher(?RC2, HashSz, CipherState, Fragment) -> -%% block_decipher(fun(Key, IV, T) -> -%% crypto:rc2_40_cbc_decrypt(Key, IV, T) -%% end, CipherState, HashSz, Fragment). block_decipher(Fun, #cipher_state{key=Key, iv=IV} = CipherState0, HashSz, Fragment) -> @@ -209,289 +200,147 @@ suites({3, N}) when N == 1; N == 2 -> %%-------------------------------------------------------------------- %% Function: suite_definition(CipherSuite) -> -%% {KeyExchange, Cipher, Hash, Exportable} +%% {KeyExchange, Cipher, Hash} %% %% %% CipherSuite - as defined in ssl_cipher.hrl -%% KeyExchange - rsa | dh_dss | dh_rsa | dh_anon | dhe_dss | dhe_rsa -%% krb5 | *_export (old ssl) +%% KeyExchange - rsa | dh_anon | dhe_dss | dhe_rsa | kerb5 +%% %% Cipher - null | rc4_128 | idea_cbc | des_cbc | '3des_ede_cbc' -%% des40_cbc | dh_dss | aes_128_cbc | aes_256_cbc | -%% rc2_cbc_40 | rc4_40 +%% des40_cbc | aes_128_cbc | aes_256_cbc %% Hash - null | md5 | sha -%% Exportable - export | no_export | ignore(?) %% -%% Description: Returns a security parameters record where the +%% Description: Returns a security parameters tuple where the %% cipher values has been updated according to %% Note: Currently not supported suites are commented away. %% They should be supported or removed in the future. %%------------------------------------------------------------------- %% TLS v1.1 suites suite_definition(?TLS_NULL_WITH_NULL_NULL) -> - {null, null, null, ignore}; + {null, null, null}; %% suite_definition(?TLS_RSA_WITH_NULL_MD5) -> -%% {rsa, null, md5, ignore}; +%% {rsa, null, md5}; %% suite_definition(?TLS_RSA_WITH_NULL_SHA) -> -%% {rsa, null, sha, ignore}; +%% {rsa, null, sha}; suite_definition(?TLS_RSA_WITH_RC4_128_MD5) -> - {rsa, rc4_128, md5, no_export}; + {rsa, rc4_128, md5}; suite_definition(?TLS_RSA_WITH_RC4_128_SHA) -> - {rsa, rc4_128, sha, no_export}; + {rsa, rc4_128, sha}; %% suite_definition(?TLS_RSA_WITH_IDEA_CBC_SHA) -> -%% {rsa, idea_cbc, sha, no_export}; +%% {rsa, idea_cbc, sha}; suite_definition(?TLS_RSA_WITH_DES_CBC_SHA) -> - {rsa, des_cbc, sha, no_export}; + {rsa, des_cbc, sha}; suite_definition(?TLS_RSA_WITH_3DES_EDE_CBC_SHA) -> - {rsa, '3des_ede_cbc', sha, no_export}; -%% suite_definition(?TLS_DH_DSS_WITH_DES_CBC_SHA) -> -%% {dh_dss, des_cbc, sha, no_export}; -%% suite_definition(?TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA) -> -%% {dh_dss, '3des_ede_cbc', sha, no_export}; -%% suite_definition(?TLS_DH_RSA_WITH_DES_CBC_SHA) -> -%% {dh_rsa, des_cbc, sha, no_export}; -%% suite_definition(?TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA) -> -%% {dh_rsa, '3des_ede_cbc', sha, no_export}; + {rsa, '3des_ede_cbc', sha}; suite_definition(?TLS_DHE_DSS_WITH_DES_CBC_SHA) -> - {dhe_dss, des_cbc, sha, no_export}; + {dhe_dss, des_cbc, sha}; suite_definition(?TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA) -> - {dhe_dss, '3des_ede_cbc', sha, no_export}; + {dhe_dss, '3des_ede_cbc'}; suite_definition(?TLS_DHE_RSA_WITH_DES_CBC_SHA) -> - {dhe_rsa, des_cbc, sha, no_export}; + {dhe_rsa, des_cbc, sha}; suite_definition(?TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA) -> - {dhe_rsa, '3des_ede_cbc', sha, no_export}; -%% suite_definition(?TLS_DH_anon_WITH_RC4_128_MD5) -> -%% {dh_anon, rc4_128, md5, no_export}; -%% suite_definition(?TLS_DH_anon_WITH_DES_CBC_SHA) -> -%% {dh_anon, des40_cbc, sha, no_export}; -%% suite_definition(?TLS_DH_anon_WITH_3DES_EDE_CBC_SHA) -> -%% {dh_anon, '3des_ede_cbc', sha, no_export}; + {dhe_rsa, '3des_ede_cbc', sha}; %%% TSL V1.1 AES suites suite_definition(?TLS_RSA_WITH_AES_128_CBC_SHA) -> - {rsa, aes_128_cbc, sha, ignore}; -%% suite_definition(?TLS_DH_DSS_WITH_AES_128_CBC_SHA) -> -%% {dh_dss, aes_128_cbc, sha, ignore}; -%% suite_definition(?TLS_DH_RSA_WITH_AES_128_CBC_SHA) -> -%% {dh_rsa, aes_128_cbc, sha, ignore}; + {rsa, aes_128_cbc, sha}; suite_definition(?TLS_DHE_DSS_WITH_AES_128_CBC_SHA) -> - {dhe_dss, aes_128_cbc, sha, ignore}; + {dhe_dss, aes_128_cbc, sha}; suite_definition(?TLS_DHE_RSA_WITH_AES_128_CBC_SHA) -> - {dhe_rsa, aes_128_cbc, sha, ignore}; -%% suite_definition(?TLS_DH_anon_WITH_AES_128_CBC_SHA) -> -%% {dh_anon, aes_128_cbc, sha, ignore}; + {dhe_rsa, aes_128_cbc, sha}; suite_definition(?TLS_RSA_WITH_AES_256_CBC_SHA) -> - {rsa, aes_256_cbc, sha, ignore}; -%% suite_definition(?TLS_DH_DSS_WITH_AES_256_CBC_SHA) -> -%% {dh_dss, aes_256_cbc, sha, ignore}; -%% suite_definition(?TLS_DH_RSA_WITH_AES_256_CBC_SHA) -> -%% {dh_rsa, aes_256_cbc, sha, ignore}; + {rsa, aes_256_cbc, sha}; suite_definition(?TLS_DHE_DSS_WITH_AES_256_CBC_SHA) -> - {dhe_dss, aes_256_cbc, sha, ignore}; + {dhe_dss, aes_256_cbc, sha}; suite_definition(?TLS_DHE_RSA_WITH_AES_256_CBC_SHA) -> - {dhe_rsa, aes_256_cbc, sha, ignore}. -%% suite_definition(?TLS_DH_anon_WITH_AES_256_CBC_SHA) -> -%% {dh_anon, aes_256_cbc, sha, ignore}; + {dhe_rsa, aes_256_cbc, sha}. -%% TSL V1.1 KRB SUITES +%% TODO: support kerbos key exchange? +%% TSL V1.1 KRB SUITES %% suite_definition(?TLS_KRB5_WITH_DES_CBC_SHA) -> -%% {krb5, des_cbc, sha, ignore}; +%% {krb5, des_cbc, sha}; %% suite_definition(?TLS_KRB5_WITH_3DES_EDE_CBC_SHA) -> -%% {krb5, '3des_ede_cbc', sha, ignore}; +%% {krb5, '3des_ede_cbc', sha}; %% suite_definition(?TLS_KRB5_WITH_RC4_128_SHA) -> -%% {krb5, rc4_128, sha, ignore}; +%% {krb5, rc4_128, sha}; %% suite_definition(?TLS_KRB5_WITH_IDEA_CBC_SHA) -> -%% {krb5, idea_cbc, sha, ignore}; +%% {krb5, idea_cbc, sha}; %% suite_definition(?TLS_KRB5_WITH_DES_CBC_MD5) -> -%% {krb5, des_cbc, md5, ignore}; +%% {krb5, des_cbc, md5}; %% suite_definition(?TLS_KRB5_WITH_3DES_EDE_CBC_MD5) -> -%% {krb5, '3des_ede_cbc', md5, ignore}; +%% {krb5, '3des_ede_cbc', md5}; %% suite_definition(?TLS_KRB5_WITH_RC4_128_MD5) -> -%% {krb5, rc4_128, md5, ignore}; +%% {krb5, rc4_128, md5}; %% suite_definition(?TLS_KRB5_WITH_IDEA_CBC_MD5) -> -%% {krb5, idea_cbc, md5, ignore}; - -%% suite_definition(?TLS_RSA_EXPORT1024_WITH_RC4_56_MD5) -> -%% {rsa, rc4_56, md5, export}; -%% suite_definition(?TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5) -> -%% {rsa, rc2_cbc_56, md5, export}; -%% suite_definition(?TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA) -> -%% {rsa, des_cbc, sha, export}; -%% suite_definition(?TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA) -> -%% {dhe_dss, des_cbc, sha, export}; -%% suite_definition(?TLS_RSA_EXPORT1024_WITH_RC4_56_SHA) -> -%% {rsa, rc4_56, sha, export}; -%% suite_definition(?TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA) -> -%% {dhe_dss, rc4_56, sha, export}; -%% suite_definition(?TLS_DHE_DSS_WITH_RC4_128_SHA) -> -%% {dhe_dss, rc4_128, sha, export}; - -%% Export suites TLS 1.0 OR SSLv3-only servers. -%% suite_definition(?TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA) -> -%% {krb5_export, des40_cbc, sha, export}; -%% suite_definition(?TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA) -> -%% {krb5_export, rc2_cbc_40, sha, export}; -%% suite_definition(?TLS_KRB5_EXPORT_WITH_RC4_40_SHA) -> -%% {krb5_export, des40_cbc, sha, export}; -%% suite_definition(?TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5) -> -%% {krb5_export, des40_cbc, md5, export}; -%% suite_definition(?TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5) -> -%% {krb5_export, rc2_cbc_40, md5, export}; -%% suite_definition(?TLS_KRB5_EXPORT_WITH_RC4_40_MD5) -> -%% {krb5_export, rc2_cbc_40, md5, export}; -%% suite_definition(?TLS_RSA_EXPORT_WITH_RC4_40_MD5) -> -%% {rsa, rc4_40, md5, export}; -%% suite_definition(?TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5) -> -%% {rsa, rc2_cbc_40, md5, export}; -%% suite_definition(?TLS_RSA_EXPORT_WITH_DES40_CBC_SHA) -> -%% {rsa, des40_cbc, sha, export}; -%% suite_definition(?TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA) -> -%% {dh_dss, des40_cbc, sha, export}; -%% suite_definition(?TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA) -> -%% {dh_rsa, des40_cbc, sha, export}; -%% suite_definition(?TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA) -> -%% {dhe_dss, des40_cbc, sha, export}; -%% suite_definition(?TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA) -> -%% {dhe_rsa, des40_cbc, sha, export}; -%% suite_definition(?TLS_DH_anon_EXPORT_WITH_RC4_40_MD5) -> -%% {dh_anon, rc4_40, md5, export}; -%% suite_definition(?TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA) -> -%% {dh_anon, des40_cbc, sha, export}. +%% {krb5, idea_cbc, md5}; %% TLS v1.1 suites -suite({rsa, null, md5, ignore}) -> +suite({rsa, null, md5}) -> ?TLS_RSA_WITH_NULL_MD5; -suite({rsa, null, sha, ignore}) -> +suite({rsa, null, sha}) -> ?TLS_RSA_WITH_NULL_SHA; -suite({rsa, rc4_128, md5, no_export}) -> +suite({rsa, rc4_128, md5}) -> ?TLS_RSA_WITH_RC4_128_MD5; -suite({rsa, rc4_128, sha, no_export}) -> +suite({rsa, rc4_128, sha}) -> ?TLS_RSA_WITH_RC4_128_SHA; -%% suite({rsa, idea_cbc, sha, no_export}) -> +%% suite({rsa, idea_cbc, sha}) -> %% ?TLS_RSA_WITH_IDEA_CBC_SHA; -suite({rsa, des_cbc, sha, no_export}) -> +suite({rsa, des_cbc, sha}) -> ?TLS_RSA_WITH_DES_CBC_SHA; -suite({rsa, '3des_ede_cbc', sha, no_export}) -> +suite({rsa, '3des_ede_cbc', sha}) -> ?TLS_RSA_WITH_3DES_EDE_CBC_SHA; -%% suite({dh_dss, des_cbc, sha, no_export}) -> -%% ?TLS_DH_DSS_WITH_DES_CBC_SHA; -%% suite({dh_dss, '3des_ede_cbc', sha, no_export}) -> -%% ?TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA; -%% suite({dh_rsa, des_cbc, sha, no_export}) -> -%% ?TLS_DH_RSA_WITH_DES_CBC_SHA; -%% suite({dh_rsa, '3des_ede_cbc', sha, no_export}) -> -%% ?TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA; -suite({dhe_dss, des_cbc, sha, no_export}) -> +suite({dhe_dss, des_cbc, sha}) -> ?TLS_DHE_DSS_WITH_DES_CBC_SHA; -suite({dhe_dss, '3des_ede_cbc', sha, no_export}) -> +suite({dhe_dss, '3des_ede_cbc', sha}) -> ?TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA; -suite({dhe_rsa, des_cbc, sha, no_export}) -> +suite({dhe_rsa, des_cbc, sha}) -> ?TLS_DHE_RSA_WITH_DES_CBC_SHA; -suite({dhe_rsa, '3des_ede_cbc', sha, no_export}) -> +suite({dhe_rsa, '3des_ede_cbc', sha}) -> ?TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA; -%% suite({dh_anon, rc4_128, md5, no_export}) -> +%% suite({dh_anon, rc4_128, md5}) -> %% ?TLS_DH_anon_WITH_RC4_128_MD5; -%% suite({dh_anon, des40_cbc, sha, no_export}) -> +%% suite({dh_anon, des40_cbc, sha}) -> %% ?TLS_DH_anon_WITH_DES_CBC_SHA; -%% suite({dh_anon, '3des_ede_cbc', sha, no_export}) -> +%% suite({dh_anon, '3des_ede_cbc', sha}) -> %% ?TLS_DH_anon_WITH_3DES_EDE_CBC_SHA; %%% TSL V1.1 AES suites -suite({rsa, aes_128_cbc, sha, ignore}) -> +suite({rsa, aes_128_cbc, sha}) -> ?TLS_RSA_WITH_AES_128_CBC_SHA; -%% suite({dh_dss, aes_128_cbc, sha, ignore}) -> -%% ?TLS_DH_DSS_WITH_AES_128_CBC_SHA; -%% suite({dh_rsa, aes_128_cbc, sha, ignore}) -> -%% ?TLS_DH_RSA_WITH_AES_128_CBC_SHA; -%% suite({dhe_dss, aes_128_cbc, sha, ignore}) -> +%% suite({dhe_dss, aes_128_cbc, sha}) -> %% ?TLS_DHE_DSS_WITH_AES_128_CBC_SHA; -suite({dhe_rsa, aes_128_cbc, sha, ignore}) -> +suite({dhe_rsa, aes_128_cbc, sha}) -> ?TLS_DHE_RSA_WITH_AES_128_CBC_SHA; -%% suite({dh_anon, aes_128_cbc, sha, ignore}) -> +%% suite({dh_anon, aes_128_cbc, sha}) -> %% ?TLS_DH_anon_WITH_AES_128_CBC_SHA; -suite({rsa, aes_256_cbc, sha, ignore}) -> +suite({rsa, aes_256_cbc, sha}) -> ?TLS_RSA_WITH_AES_256_CBC_SHA; -%% suite({dh_dss, aes_256_cbc, sha, ignore}) -> -%% ?TLS_DH_DSS_WITH_AES_256_CBC_SHA; -%% suite({dh_rsa, aes_256_cbc, sha, ignore}) -> -%% ?TLS_DH_RSA_WITH_AES_256_CBC_SHA; -suite({dhe_dss, aes_256_cbc, sha, ignore}) -> +suite({dhe_dss, aes_256_cbc, sha}) -> ?TLS_DHE_DSS_WITH_AES_256_CBC_SHA; -suite({dhe_rsa, aes_256_cbc, sha, ignore}) -> +suite({dhe_rsa, aes_256_cbc, sha}) -> ?TLS_DHE_RSA_WITH_AES_256_CBC_SHA. -%% suite({dh_anon, aes_256_cbc, sha, ignore}) -> +%% suite({dh_anon, aes_256_cbc, sha}) -> %% ?TLS_DH_anon_WITH_AES_256_CBC_SHA. +%% TODO: support kerbos key exchange? %% TSL V1.1 KRB SUITES -%% suite({krb5, des_cbc, sha, ignore}) -> +%% suite({krb5, des_cbc, sha}) -> %% ?TLS_KRB5_WITH_DES_CBC_SHA; -%% suite({krb5_cbc, '3des_ede_cbc', sha, ignore}) -> +%% suite({krb5_cbc, '3des_ede_cbc', sha}) -> %% ?TLS_KRB5_WITH_3DES_EDE_CBC_SHA; -%% suite({krb5, rc4_128, sha, ignore}) -> +%% suite({krb5, rc4_128, sha}) -> %% ?TLS_KRB5_WITH_RC4_128_SHA; -%% suite({krb5_cbc, idea_cbc, sha, ignore}) -> +%% suite({krb5_cbc, idea_cbc, sha}) -> %% ?TLS_KRB5_WITH_IDEA_CBC_SHA; -%% suite({krb5_cbc, md5, ignore}) -> +%% suite({krb5_cbc, md5}) -> %% ?TLS_KRB5_WITH_DES_CBC_MD5; -%% suite({krb5_ede_cbc, des_cbc, md5, ignore}) -> +%% suite({krb5_ede_cbc, des_cbc, md5}) -> %% ?TLS_KRB5_WITH_3DES_EDE_CBC_MD5; -%% suite({krb5_128, rc4_128, md5, ignore}) -> +%% suite({krb5_128, rc4_128, md5}) -> %% ?TLS_KRB5_WITH_RC4_128_MD5; -%% suite({krb5, idea_cbc, md5, ignore}) -> +%% suite({krb5, idea_cbc, md5}) -> %% ?TLS_KRB5_WITH_IDEA_CBC_MD5; -%% Export suites TLS 1.0 OR SSLv3-only servers. -%% suite({rsa, rc4_40, md5, export}) -> -%% ?TLS_RSA_EXPORT_WITH_RC4_40_MD5; -%% suite({rsa, rc2_cbc_40, md5, export}) -> -%% ?TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5; -%% suite({rsa, des40_cbc, sha, export}) -> -%% ?TLS_RSA_EXPORT_WITH_DES40_CBC_SHA; -%% suite({rsa, rc4_56, md5, export}) -> -%% ?TLS_RSA_EXPORT1024_WITH_RC4_56_MD5; -%% suite({rsa, rc2_cbc_56, md5, export}) -> -%% ?TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5; -%% suite({rsa, des_cbc, sha, export}) -> -%% ?TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA; -%% suite({dhe_dss, des_cbc, sha, export}) -> -%% ?TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA; -%% suite({rsa, rc4_56, sha, export}) -> -%% ?TLS_RSA_EXPORT1024_WITH_RC4_56_SHA; -%% suite({dhe_dss, rc4_56, sha, export}) -> -%% ?TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA; -%% suite({dhe_dss, rc4_128, sha, export}) -> -%% ?TLS_DHE_DSS_WITH_RC4_128_SHA; -%% suite({krb5_export, des40_cbc, sha, export}) -> -%% ?TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA; -%% suite({krb5_export, rc2_cbc_40, sha, export}) -> -%% ?TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA; -%% suite({krb5_export, rc4_cbc_40, sha, export}) -> -%% ?TLS_KRB5_EXPORT_WITH_RC4_40_SHA; -%% suite({krb5_export, des40_cbc, md5, export}) -> -%% ?TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5; -%% suite({krb5_export, rc2_cbc_40, md5, export}) -> -%% ?TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5; -%% suite({krb5_export, rc4_cbc_40, md5, export}) -> -%% ?TLS_KRB5_EXPORT_WITH_RC4_40_MD5; -%% suite({rsa_export, rc4_cbc_40, md5, export}) -> -%% ?TLS_RSA_EXPORT_WITH_RC4_40_MD5; -%% suite({rsa_export, rc2_cbc_40, md5, export}) -> -%% ?TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5; -%% suite({rsa_export, des40_cbc, sha, export}) -> -%% ?TLS_RSA_EXPORT_WITH_DES40_CBC_SHA; -%% suite({dh_dss_export, des40_cbc, sha, export}) -> -%% ?TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA; -%% suite({dh_rsa_export, des40_cbc, sha, export}) -> -%% ?TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA; -%% suite({dhe_dss_export, des40_cbc, sha, export}) -> -%% ?TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA; -%% suite({dhe_rsa_export, des40_cbc, sha, export}) -> -%% ?TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA; -%% suite({dh_anon_export, rc4_40, md5, export}) -> -%% ?TLS_DH_anon_EXPORT_WITH_RC4_40_MD5; -%% suite({dh_anon_export, des40_cbc, sha, export}) -> -%% ?TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA. - - %% translate constants <-> openssl-strings %% TODO: Is there a pattern in the nameing %% that is useable to make a nicer function defention? @@ -523,36 +372,12 @@ openssl_suite("RC4-SHA") -> ?TLS_RSA_WITH_RC4_128_SHA; openssl_suite("RC4-MD5") -> ?TLS_RSA_WITH_RC4_128_MD5; -%% TODO: Do we want to support this? -%% openssl_suite("EXP1024-RC4-MD5") -> -%% ?TLS_RSA_EXPORT1024_WITH_RC4_56_MD5; -%% openssl_suite("EXP1024-RC2-CBC-MD5") -> -%% ?TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5; -%% openssl_suite("EXP1024-DES-CBC-SHA") -> -%% ?TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA; -%% openssl_suite("EXP1024-DHE-DSS-DES-CBC-SHA") -> -%% ?TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA; -%% openssl_suite("EXP1024-RC4-SHA") -> -%% ?TLS_RSA_EXPORT1024_WITH_RC4_56_SHA; -%% openssl_suite("EXP1024-DHE-DSS-RC4-SHA") -> -%% ?TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA; %% openssl_suite("DHE-DSS-RC4-SHA") -> %% ?TLS_DHE_DSS_WITH_RC4_128_SHA; - openssl_suite("EDH-RSA-DES-CBC-SHA") -> ?TLS_DHE_RSA_WITH_DES_CBC_SHA; openssl_suite("DES-CBC-SHA") -> ?TLS_RSA_WITH_DES_CBC_SHA. -%% openssl_suite("EXP-EDH-RSA-DES-CBC-SHA") -> -%% ?TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA; -%% openssl_suite("EXP-EDH-DSS-DES-CBC-SHA") -> -%% ?TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA; -%% openssl_suite("EXP-DES-CBC-SHA") -> -%% ?TLS_RSA_EXPORT_WITH_DES40_CBC_SHA; -%% openssl_suite("EXP-RC2-CBC-MD5") -> -%% ?TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5; -%% openssl_suite("EXP-RC4-MD5") -> -%% ?TLS_RSA_EXPORT_WITH_RC4_40_MD5. openssl_suite_name(?TLS_DHE_RSA_WITH_AES_256_CBC_SHA) -> "DHE-RSA-AES256-SHA"; @@ -582,29 +407,7 @@ openssl_suite_name(?TLS_DHE_RSA_WITH_DES_CBC_SHA) -> "EDH-RSA-DES-CBC-SHA"; openssl_suite_name(?TLS_RSA_WITH_DES_CBC_SHA) -> "DES-CBC-SHA"; -%% openssl_suite_name(?TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA) -> -%% "EXP-EDH-RSA-DES-CBC-SHA"; -%% openssl_suite_name(?TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA) -> -%% "EXP-EDH-DSS-DES-CBC-SHA"; -%% openssl_suite_name(?TLS_RSA_EXPORT_WITH_DES40_CBC_SHA) -> -%% "EXP-DES-CBC-SHA"; -%% openssl_suite_name(?TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5) -> -%% "EXP-RC2-CBC-MD5"; -%% openssl_suite_name(?TLS_RSA_EXPORT_WITH_RC4_40_MD5) -> -%% "EXP-RC4-MD5"; - -%% openssl_suite_name(?TLS_RSA_EXPORT1024_WITH_RC4_56_MD5) -> -%% "EXP1024-RC4-MD5"; -%% openssl_suite_name(?TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5) -> -%% "EXP1024-RC2-CBC-MD5"; -%% openssl_suite_name(?TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA) -> -%% "EXP1024-DES-CBC-SHA"; -%% openssl_suite_name(?TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA) -> -%% "EXP1024-DHE-DSS-DES-CBC-SHA"; -%% openssl_suite_name(?TLS_RSA_EXPORT1024_WITH_RC4_56_SHA) -> -%% "EXP1024-RC4-SHA"; -%% openssl_suite_name(?TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA) -> -%% "EXP1024-DHE-DSS-RC4-SHA"; + %% openssl_suite_name(?TLS_DHE_DSS_WITH_RC4_128_SHA) -> %% "DHE-DSS-RC4-SHA"; @@ -621,11 +424,7 @@ bulk_cipher_algorithm(null) -> %% Not supported yet %% bulk_cipher_algorithm(idea_cbc) -> %% ?IDEA; -%% bulk_cipher_algorithm(Cipher) when Cipher == rc2_cbc_40; -%% Cipher == rc2_cbc_56 -> -%% ?RC2; -bulk_cipher_algorithm(Cipher) when Cipher == rc4_40; - Cipher == rc4_56; +bulk_cipher_algorithm(Cipher) when Cipher == rc4_56; Cipher == rc4_128 -> ?RC4; %% bulk_cipher_algorithm(des40_cbc) -> @@ -639,14 +438,11 @@ bulk_cipher_algorithm(Cipher) when Cipher == aes_128_cbc; ?AES. type(Cipher) when Cipher == null; - Cipher == rc4_40; Cipher == rc4_56; Cipher == rc4_128 -> ?STREAM; type(Cipher) when Cipher == idea_cbc; - Cipher == rc2_cbc_40; - Cipher == rc2_cbc_56; Cipher == des40_cbc; Cipher == des_cbc; Cipher == '3des_ede_cbc'; @@ -659,12 +455,9 @@ key_material(null) -> key_material(Cipher) when Cipher == idea_cbc; Cipher == rc4_128 -> 16; -key_material(Cipher) when Cipher == rc2_cbc_56; - Cipher == rc4_56 -> +key_material(rc4_56) -> 7; -key_material(Cipher) when Cipher == rc2_cbc_40; - Cipher == rc4_40; - Cipher == des40_cbc -> +key_material(des40_cbc) -> 5; key_material(des_cbc) -> 8; @@ -678,9 +471,6 @@ key_material(aes_256_cbc) -> expanded_key_material(null) -> 0; expanded_key_material(Cipher) when Cipher == idea_cbc; - Cipher == rc2_cbc_40; - Cipher == rc2_cbc_56; - Cipher == rc4_40; Cipher == rc4_56; Cipher == rc4_128 -> 16; @@ -696,12 +486,9 @@ expanded_key_material(Cipher) when Cipher == aes_128_cbc; effective_key_bits(null) -> 0; -effective_key_bits(Cipher) when Cipher == rc2_cbc_40; - Cipher == rc4_40; - Cipher == des40_cbc -> +effective_key_bits(des40_cbc) -> 40; -effective_key_bits(Cipher) when Cipher == rc2_cbc_56; - Cipher == rc4_56; +effective_key_bits(Cipher) when Cipher == rc4_56; Cipher == des_cbc -> 56; effective_key_bits(Cipher) when Cipher == idea_cbc; @@ -714,7 +501,6 @@ effective_key_bits(aes_256_cbc) -> 256. iv_size(Cipher) when Cipher == null; - Cipher == rc4_40; Cipher == rc4_56; Cipher == rc4_128 -> 0; @@ -722,8 +508,6 @@ iv_size(Cipher) -> block_size(Cipher). block_size(Cipher) when Cipher == idea_cbc; - Cipher == rc2_cbc_40; - Cipher == rc2_cbc_56; Cipher == des40_cbc; Cipher == des_cbc; Cipher == '3des_ede_cbc' -> -- cgit v1.2.3