net/ssl/ssl_cipher_suite_names.h

   1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef NET_SSL_SSL_CIPHER_SUITE_NAMES_H_
   6 #define NET_SSL_SSL_CIPHER_SUITE_NAMES_H_
   7
   8 #include <string>
   9
  10 #include "base/basictypes.h"
  11 #include "net/base/net_export.h"
  12
  13 namespace net {
  14
  15 // SSLCipherSuiteToStrings returns three strings for a given cipher suite
  16 // number, the name of the key exchange algorithm, the name of the cipher and
  17 // the name of the MAC. The cipher suite number is the number as sent on the
  18 // wire and recorded at
  19 // http://www.iana.org/assignments/tls-parameters/tls-parameters.xml
  20 // If the cipher suite is unknown, the strings are set to "???".
  21 // In the case of an AEAD cipher suite, *mac_str is NULL and *is_aead is true.
  22 NET_EXPORT void SSLCipherSuiteToStrings(const char** key_exchange_str,
  23                                         const char** cipher_str,
  24                                         const char** mac_str,
  25                                         bool* is_aead,
  26                                         uint16 cipher_suite);
  27
  28 // SSLVersionToString returns the name of the SSL protocol version
  29 // specified by |ssl_version|, which is defined in
  30 // net/ssl/ssl_connection_status_flags.h.
  31 // If the version is unknown, |name| is set to "???".
  32 NET_EXPORT void SSLVersionToString(const char** name, int ssl_version);
  33
  34 // Parses a string literal that represents a SSL/TLS cipher suite.
  35 //
  36 // Supported literal forms:
  37 //   0xAABB, where AA is cipher_suite[0] and BB is cipher_suite[1], as
  38 //     defined in RFC 2246, Section 7.4.1.2. Unrecognized but parsable cipher
  39 //     suites in this form will not return an error.
  40 //
  41 // Returns true if the cipher suite was successfully parsed, storing the
  42 // result in |cipher_suite|.
  43 //
  44 // TODO(rsleevi): Support the full strings defined in the IANA TLS parameters
  45 // list.
  46 NET_EXPORT bool ParseSSLCipherString(const std::string& cipher_string,
  47                                      uint16* cipher_suite);
  48
  49 // |cipher_suite| is the IANA id for the cipher suite. What a "secure"
  50 // cipher suite is arbitrarily determined here. The intent is to indicate what
  51 // cipher suites meet modern security standards when backwards compatibility can
  52 // be ignored. Notably, HTTP/2 requires/encourages this sort of validation of
  53 // cipher suites: https://http2.github.io/http2-spec/#TLSUsage.
  54 //
  55 // Currently, this function follows these criteria:
  56 // 1) Only uses forward secure key exchanges
  57 // 2) Only uses AEADs
  58 NET_EXPORT bool IsSecureTLSCipherSuite(uint16 cipher_suite);
  59
  60 }  // namespace net
  61
  62 #endif  // NET_SSL_SSL_CIPHER_SUITE_NAMES_H_