This repository was archived by the owner on Jun 16, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathcipher_suites.go
114 lines (98 loc) · 2.68 KB
/
cipher_suites.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
// Copyright 2010 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package dtls
import (
"bytes"
"crypto/aes"
"crypto/cipher"
"crypto/hmac"
"crypto/sha1"
"crypto/sha256"
"encoding/binary"
"errors"
"hash"
)
// A cipherSuite is a specific combination of key agreement, cipher and MAC
// function. All cipher suites currently assume RSA key agreement.
type cipherSuite struct {
id cipherSuiteId
// the lengths, in bytes, of the key material needed for each component.
keyLen int
macLen int
ivLen int
KeyAgreement func() keyAgreement
// If elliptic is set, a server will only consider this ciphersuite if
// the ClientHello indicated that the client supports an elliptic curve
// and point format that we can handle.
elliptic bool
cipher func(key []byte) cipher.Block
mac func(macKey []byte) macFunction
}
var cipherSuites = []*cipherSuite{
{TLS_DH_anon_WITH_AES_128_CBC_SHA, 16, 20, 16, dheKA, false, cipherAES, macSHA1},
{TLS_DH_anon_WITH_AES_256_CBC_SHA256, 32, 32, 16, dheKA, false, cipherAES, macSHA256},
}
func (cs cipherSuite) Bytes() []byte {
b := make([]byte, 2)
binary.BigEndian.PutUint16(b, uint16(cs.id))
return b
}
func (cs cipherSuite) String() string {
switch cs.id {
case TLS_NULL_WITH_NULL_NULL:
return "TLS_NULL_WITH_NULL_NULL"
case TLS_DH_anon_WITH_AES_128_CBC_SHA:
return "TLS_DH_anon_WITH_AES_128_CBC_SHA"
case TLS_DH_anon_WITH_AES_256_CBC_SHA256:
return "TLS_DH_anon_WITH_AES_256_CBC_SHA256"
default:
return "UNKNOWN_CIPHER_SUITE"
}
}
func readCipherSuite(buffer *bytes.Buffer) (*cipherSuite, error) {
id := binary.BigEndian.Uint16(buffer.Next(2))
for _, cs := range cipherSuites {
if uint16(cs.id) == id {
return cs, nil
}
}
return &cipherSuite{}, InvalidCipherSuite
}
var InvalidCipherSuite = errors.New("Invalid cipher suite")
func dheKA() keyAgreement {
return new(dheKeyAgreement)
}
func cipherAES(key []byte) cipher.Block {
block, err := aes.NewCipher(key)
if err != nil {
panic(err)
}
return block
}
func macSHA1(key []byte) macFunction {
return tls10MAC{hmac.New(sha1.New, key)}
}
func macSHA256(key []byte) macFunction {
return tls10MAC{hmac.New(sha256.New, key)}
}
type macFunction interface {
Size() int
MAC(seq, typ, version, length, data []byte) []byte
}
// tls10MAC implements the TLS 1.0 MAC function. RFC 2246, section 6.2.3.
type tls10MAC struct {
h hash.Hash
}
func (s tls10MAC) Size() int {
return s.h.Size()
}
func (s tls10MAC) MAC(seq, typ, version, length, record []byte) []byte {
s.h.Reset()
s.h.Write(seq)
s.h.Write(typ)
s.h.Write(version)
s.h.Write(length)
s.h.Write(record)
return s.h.Sum(nil)
}