github.com/hellobchain/newcryptosm@v0.0.0-20221019060107-edb949a317e9/tls/cipher_suites.go (about) 1 /* 2 Copyright Suzhou Tongji Fintech Research Institute 2017 All Rights Reserved. 3 Licensed under the Apache License, Version 2.0 (the "License"); 4 you may not use this file except in compliance with the License. 5 You may obtain a copy of the License at 6 7 http://www.apache.org/licenses/LICENSE-2.0 8 9 Unless required by applicable law or agreed to in writing, software 10 distributed under the License is distributed on an "AS IS" BASIS, 11 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 See the License for the specific language governing permissions and 13 limitations under the License. 14 */ 15 16 package tls 17 18 import ( 19 "crypto/aes" 20 "crypto/cipher" 21 "crypto/des" 22 "crypto/hmac" 23 "crypto/rc4" 24 "crypto/sha1" 25 "crypto/sha256" 26 "fmt" 27 "github.com/hellobchain/newcryptosm/sm3" 28 "github.com/hellobchain/newcryptosm/sm4" 29 "github.com/hellobchain/newcryptosm/x509" 30 "hash" 31 32 "golang.org/x/crypto/chacha20poly1305" 33 ) 34 35 // a keyAgreement implements the client and server side of a TLS key agreement 36 // protocol by generating and processing key exchange messages. 37 type keyAgreement interface { 38 // On the server side, the first two methods are called in order. 39 40 // In the case that the key agreement protocol doesn't use a 41 // ServerKeyExchange message, generateServerKeyExchange can return nil, 42 // nil. 43 generateServerKeyExchange(*Config, *Certificate, *clientHelloMsg, *serverHelloMsg) (*serverKeyExchangeMsg, error) 44 processClientKeyExchange(*Config, *Certificate, *clientKeyExchangeMsg, uint16) ([]byte, error) 45 46 // On the client side, the next two methods are called in order. 47 48 // This method may not be called if the server doesn't send a 49 // ServerKeyExchange message. 50 processServerKeyExchange(*Config, *clientHelloMsg, *serverHelloMsg, *x509.Certificate, *serverKeyExchangeMsg) error 51 generateClientKeyExchange(*Config, *clientHelloMsg, *x509.Certificate) ([]byte, *clientKeyExchangeMsg, error) 52 } 53 54 // wsw add sm2 55 const ( 56 // suiteECDH indicates that the cipher suite involves elliptic curve 57 // Diffie-Hellman. This means that it should only be selected when the 58 // client indicates that it supports ECC with a curve and point format 59 // that we're happy with. 60 suiteECDHE = 1 << iota 61 // suiteSM2E indicates that the cipher suite involves elliptic curve 62 // Diffie-Hellman. This means that it should only be selected when the 63 // client indicates that it supports SM2 with a curve and point format 64 // that we're happy with. 65 suiteSM2E 66 // suiteECDSA indicates that the cipher suite involves an ECDSA 67 // signature and therefore may only be selected when the server's 68 // certificate is ECDSA. If this is not set then the cipher suite is 69 // RSA based. 70 suiteECDSA 71 // suiteSM2 indicates that the cipher suite involves an SM2 72 // signature and therefore may only be selected when the server's 73 // certificate is SM2. 74 suiteSM2 75 // suiteTLS12 indicates that the cipher suite should only be advertised 76 // and accepted when using TLS 1.2. 77 suiteTLS12 78 // suiteSHA384 indicates that the cipher suite uses SHA384 as the 79 // handshake hash. 80 suiteSHA384 81 // suiteDefaultOff indicates that this cipher suite is not included by 82 // default. 83 suiteDefaultOff 84 ) 85 86 var mapFlags = map[int]string{ 87 suiteECDHE: "suiteECDHE", 88 suiteSM2E: "suiteSM2E", 89 suiteECDSA: "suiteECDSA", 90 suiteSM2: "suiteSM2", 91 suiteTLS12: "suiteTLS12", 92 suiteSHA384: "suiteSHA384", 93 suiteDefaultOff: "suiteDefaultOff", 94 } 95 96 // A cipherSuite is a specific combination of key agreement, cipher and MAC 97 // function. All cipher suites currently assume RSA key agreement. 98 type cipherSuite struct { 99 id uint16 100 // the lengths, in bytes, of the key material needed for each component. 101 keyLen int 102 macLen int 103 ivLen int 104 ka func(version uint16) keyAgreement 105 // flags is a bitmask of the suite* values, above. 106 flags int 107 cipher func(key, iv []byte, isRead bool) interface{} 108 mac func(version uint16, macKey []byte) macFunction 109 aead func(key, fixedNonce []byte) cipher.AEAD 110 } 111 112 func (c *cipherSuite) String() string { 113 var flagsStr string 114 var flags = []int{suiteECDHE, suiteSM2E, suiteECDSA, suiteSM2, suiteTLS12, suiteSHA384, suiteDefaultOff} 115 for _, flag := range flags { 116 if c.flags&flag != 0 { 117 flagsStr = fmt.Sprintf("%s|%v", flagsStr, mapFlags[flag]) 118 } 119 } 120 return fmt.Sprintf("id:%v\nkeyLen:%v\nmacLen:%v\nivLen:%v\nflags:%v\n", 121 mapId[c.id], c.keyLen, c.macLen, c.ivLen, flagsStr) 122 } 123 124 var cipherSuites = []*cipherSuite{ 125 // Ciphersuite order is chosen so that ECDHE comes before plain RSA and 126 // AEADs are the top preference. 127 {TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, 32, 0, 12, ecdheRSAKA, suiteECDHE | suiteTLS12, nil, nil, aeadChaCha20Poly1305}, 128 {TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, 32, 0, 12, ecdheECDSAKA, suiteECDHE | suiteECDSA | suiteTLS12, nil, nil, aeadChaCha20Poly1305}, 129 {TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 16, 0, 4, ecdheRSAKA, suiteECDHE | suiteTLS12, nil, nil, aeadAESGCM}, 130 {TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 16, 0, 4, ecdheECDSAKA, suiteECDHE | suiteECDSA | suiteTLS12, nil, nil, aeadAESGCM}, 131 {TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 32, 0, 4, ecdheRSAKA, suiteECDHE | suiteTLS12 | suiteSHA384, nil, nil, aeadAESGCM}, 132 {TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 32, 0, 4, ecdheECDSAKA, suiteECDHE | suiteECDSA | suiteTLS12 | suiteSHA384, nil, nil, aeadAESGCM}, 133 {TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, 16, 32, 16, ecdheRSAKA, suiteECDHE | suiteTLS12 | suiteDefaultOff, cipherAES, macSHA256, nil}, 134 {TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, 16, 20, 16, ecdheRSAKA, suiteECDHE, cipherAES, macSHA1, nil}, 135 {TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, 16, 32, 16, ecdheECDSAKA, suiteECDHE | suiteECDSA | suiteTLS12 | suiteDefaultOff, cipherAES, macSHA256, nil}, 136 {TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 16, 20, 16, ecdheECDSAKA, suiteECDHE | suiteECDSA, cipherAES, macSHA1, nil}, 137 {TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, 32, 20, 16, ecdheRSAKA, suiteECDHE, cipherAES, macSHA1, nil}, 138 {TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 32, 20, 16, ecdheECDSAKA, suiteECDHE | suiteECDSA, cipherAES, macSHA1, nil}, 139 {TLS_RSA_WITH_AES_128_GCM_SHA256, 16, 0, 4, rsaKA, suiteTLS12, nil, nil, aeadAESGCM}, 140 {TLS_RSA_WITH_AES_256_GCM_SHA384, 32, 0, 4, rsaKA, suiteTLS12 | suiteSHA384, nil, nil, aeadAESGCM}, 141 {TLS_RSA_WITH_AES_128_CBC_SHA256, 16, 32, 16, rsaKA, suiteTLS12 | suiteDefaultOff, cipherAES, macSHA256, nil}, 142 {TLS_RSA_WITH_AES_128_CBC_SHA, 16, 20, 16, rsaKA, 0, cipherAES, macSHA1, nil}, 143 {TLS_RSA_WITH_AES_256_CBC_SHA, 32, 20, 16, rsaKA, 0, cipherAES, macSHA1, nil}, 144 {TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, 24, 20, 8, ecdheRSAKA, suiteECDHE, cipher3DES, macSHA1, nil}, 145 {TLS_RSA_WITH_3DES_EDE_CBC_SHA, 24, 20, 8, rsaKA, 0, cipher3DES, macSHA1, nil}, 146 {TLS_ECDHE_SM2_WITH_SM4_SM3, 16, 20, 16, ecdheSM2KA, suiteECDHE | suiteSM2 | suiteTLS12, cipherSM4, macSM3, nil}, 147 {TLS_SM2_WITH_SM4_SM3, 16, 20, 16, sm2KA, suiteSM2E | suiteSM2 | suiteTLS12, cipherSM4, macSM3, nil}, 148 {TLS_SM4_GCM_SM3, 16, 0, 4, sm2KA, suiteSM2E | suiteSM2 | suiteTLS12, nil, nil, aeadSM4GCM}, 149 {TLS_SM4_CCM_SM3, 16, 0, 4, sm2KA, suiteSM2E | suiteSM2 | suiteTLS12, nil, nil, aeadSM4GCM}, 150 // RC4-based cipher suites are disabled by default. 151 {TLS_RSA_WITH_RC4_128_SHA, 16, 20, 0, rsaKA, suiteDefaultOff, cipherRC4, macSHA1, nil}, 152 {TLS_ECDHE_RSA_WITH_RC4_128_SHA, 16, 20, 0, ecdheRSAKA, suiteECDHE | suiteDefaultOff, cipherRC4, macSHA1, nil}, 153 {TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, 16, 20, 0, ecdheECDSAKA, suiteECDHE | suiteECDSA | suiteDefaultOff, cipherRC4, macSHA1, nil}, 154 } 155 156 func cipherRC4(key, iv []byte, isRead bool) interface{} { 157 cipher, _ := rc4.NewCipher(key) 158 return cipher 159 } 160 161 func cipher3DES(key, iv []byte, isRead bool) interface{} { 162 block, _ := des.NewTripleDESCipher(key) 163 if isRead { 164 return cipher.NewCBCDecrypter(block, iv) 165 } 166 return cipher.NewCBCEncrypter(block, iv) 167 } 168 169 func cipherAES(key, iv []byte, isRead bool) interface{} { 170 block, _ := aes.NewCipher(key) 171 if isRead { 172 return cipher.NewCBCDecrypter(block, iv) 173 } 174 return cipher.NewCBCEncrypter(block, iv) 175 } 176 177 func cipherSM4(key, iv []byte, isRead bool) interface{} { 178 block, _ := sm4.NewCipher(key) 179 if isRead { 180 return cipher.NewCBCDecrypter(block, iv) 181 } 182 return cipher.NewCBCEncrypter(block, iv) 183 } 184 185 // macSHA1 returns a macFunction for the given protocol version. 186 func macSHA1(version uint16, key []byte) macFunction { 187 if version == VersionSSL30 { 188 mac := ssl30MAC{ 189 h: sha1.New(), 190 key: make([]byte, len(key)), 191 } 192 copy(mac.key, key) 193 return mac 194 } 195 return tls10MAC{hmac.New(newConstantTimeHash(sha1.New), key)} 196 } 197 198 // macSHA256 returns a SHA-256 based MAC. These are only supported in TLS 1.2 199 // so the given version is ignored. 200 func macSHA256(version uint16, key []byte) macFunction { 201 return tls10MAC{hmac.New(sha256.New, key)} 202 } 203 204 // macSM3 returns a SM3 based MAC. These are only supported in TLS 1.2 205 // so the given version is ignored. 206 func macSM3(version uint16, key []byte) macFunction { 207 return tls10MAC{hmac.New(sm3.New, key)} 208 } 209 210 type macFunction interface { 211 Size() int 212 MAC(digestBuf, seq, header, data, extra []byte) []byte 213 } 214 215 type aead interface { 216 cipher.AEAD 217 218 // explicitIVLen returns the number of bytes used by the explicit nonce 219 // that is included in the record. This is eight for older AEADs and 220 // zero for modern ones. 221 explicitNonceLen() int 222 } 223 224 // fixedNonceAEAD wraps an AEAD and prefixes a fixed portion of the nonce to 225 // each call. 226 type fixedNonceAEAD struct { 227 // nonce contains the fixed part of the nonce in the first four bytes. 228 nonce [12]byte 229 aead cipher.AEAD 230 } 231 232 func (f *fixedNonceAEAD) NonceSize() int { return 8 } 233 func (f *fixedNonceAEAD) Overhead() int { return f.aead.Overhead() } 234 func (f *fixedNonceAEAD) explicitNonceLen() int { return 8 } 235 236 func (f *fixedNonceAEAD) Seal(out, nonce, plaintext, additionalData []byte) []byte { 237 copy(f.nonce[4:], nonce) 238 return f.aead.Seal(out, f.nonce[:], plaintext, additionalData) 239 } 240 241 func (f *fixedNonceAEAD) Open(out, nonce, plaintext, additionalData []byte) ([]byte, error) { 242 copy(f.nonce[4:], nonce) 243 return f.aead.Open(out, f.nonce[:], plaintext, additionalData) 244 } 245 246 // xoredNonceAEAD wraps an AEAD by XORing in a fixed pattern to the nonce 247 // before each call. 248 type xorNonceAEAD struct { 249 nonceMask [12]byte 250 aead cipher.AEAD 251 } 252 253 func (f *xorNonceAEAD) NonceSize() int { return 8 } 254 func (f *xorNonceAEAD) Overhead() int { return f.aead.Overhead() } 255 func (f *xorNonceAEAD) explicitNonceLen() int { return 0 } 256 257 func (f *xorNonceAEAD) Seal(out, nonce, plaintext, additionalData []byte) []byte { 258 for i, b := range nonce { 259 f.nonceMask[4+i] ^= b 260 } 261 result := f.aead.Seal(out, f.nonceMask[:], plaintext, additionalData) 262 for i, b := range nonce { 263 f.nonceMask[4+i] ^= b 264 } 265 266 return result 267 } 268 269 func (f *xorNonceAEAD) Open(out, nonce, plaintext, additionalData []byte) ([]byte, error) { 270 for i, b := range nonce { 271 f.nonceMask[4+i] ^= b 272 } 273 result, err := f.aead.Open(out, f.nonceMask[:], plaintext, additionalData) 274 for i, b := range nonce { 275 f.nonceMask[4+i] ^= b 276 } 277 278 return result, err 279 } 280 281 func aeadAESGCM(key, fixedNonce []byte) cipher.AEAD { 282 aes, err := aes.NewCipher(key) 283 if err != nil { 284 panic(err) 285 } 286 aead, err := cipher.NewGCM(aes) 287 if err != nil { 288 panic(err) 289 } 290 291 ret := &fixedNonceAEAD{aead: aead} 292 copy(ret.nonce[:], fixedNonce) 293 return ret 294 } 295 296 func aeadSM4GCM(key, fixedNonce []byte) cipher.AEAD { 297 sm4, err := sm4.NewCipher(key) 298 if err != nil { 299 panic(err) 300 } 301 aead, err := cipher.NewGCM(sm4) 302 if err != nil { 303 panic(err) 304 } 305 306 ret := &fixedNonceAEAD{aead: aead} 307 copy(ret.nonce[:], fixedNonce) 308 return ret 309 } 310 311 func aeadChaCha20Poly1305(key, fixedNonce []byte) cipher.AEAD { 312 aead, err := chacha20poly1305.New(key) 313 if err != nil { 314 panic(err) 315 } 316 317 ret := &xorNonceAEAD{aead: aead} 318 copy(ret.nonceMask[:], fixedNonce) 319 return ret 320 } 321 322 // ssl30MAC implements the SSLv3 MAC function, as defined in 323 // www.mozilla.org/projects/security/pki/nss/ssl/draft302.txt section 5.2.3.1 324 type ssl30MAC struct { 325 h hash.Hash 326 key []byte 327 } 328 329 func (s ssl30MAC) Size() int { 330 return s.h.Size() 331 } 332 333 var ssl30Pad1 = [48]byte{0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36} 334 335 var ssl30Pad2 = [48]byte{0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c} 336 337 // MAC does not offer constant timing guarantees for SSL v3.0, since it's deemed 338 // useless considering the similar, protocol-level POODLE vulnerability. 339 func (s ssl30MAC) MAC(digestBuf, seq, header, data, extra []byte) []byte { 340 padLength := 48 341 if s.h.Size() == 20 { 342 padLength = 40 343 } 344 345 s.h.Reset() 346 s.h.Write(s.key) 347 s.h.Write(ssl30Pad1[:padLength]) 348 s.h.Write(seq) 349 s.h.Write(header[:1]) 350 s.h.Write(header[3:5]) 351 s.h.Write(data) 352 digestBuf = s.h.Sum(digestBuf[:0]) 353 354 s.h.Reset() 355 s.h.Write(s.key) 356 s.h.Write(ssl30Pad2[:padLength]) 357 s.h.Write(digestBuf) 358 return s.h.Sum(digestBuf[:0]) 359 } 360 361 type constantTimeHash interface { 362 hash.Hash 363 ConstantTimeSum(b []byte) []byte 364 } 365 366 // cthWrapper wraps any hash.Hash that implements ConstantTimeSum, and replaces 367 // with that all calls to Sum. It's used to obtain a ConstantTimeSum-based HMAC. 368 type cthWrapper struct { 369 h constantTimeHash 370 } 371 372 func (c *cthWrapper) Size() int { return c.h.Size() } 373 func (c *cthWrapper) BlockSize() int { return c.h.BlockSize() } 374 func (c *cthWrapper) Reset() { c.h.Reset() } 375 func (c *cthWrapper) Write(p []byte) (int, error) { return c.h.Write(p) } 376 func (c *cthWrapper) Sum(b []byte) []byte { return c.h.ConstantTimeSum(b) } 377 378 func newConstantTimeHash(h func() hash.Hash) func() hash.Hash { 379 return func() hash.Hash { 380 return &cthWrapper{h().(constantTimeHash)} 381 } 382 } 383 384 // tls10MAC implements the TLS 1.0 MAC function. RFC 2246, section 6.2.3. 385 type tls10MAC struct { 386 h hash.Hash 387 } 388 389 func (s tls10MAC) Size() int { 390 return s.h.Size() 391 } 392 393 // MAC is guaranteed to take constant time, as long as 394 // len(seq)+len(header)+len(data)+len(extra) is constant. extra is not fed into 395 // the MAC, but is only provided to make the timing profile constant. 396 func (s tls10MAC) MAC(digestBuf, seq, header, data, extra []byte) []byte { 397 s.h.Reset() 398 s.h.Write(seq) 399 s.h.Write(header) 400 s.h.Write(data) 401 res := s.h.Sum(digestBuf[:0]) 402 if extra != nil { 403 s.h.Write(extra) 404 } 405 return res 406 } 407 408 func rsaKA(version uint16) keyAgreement { 409 return rsaKeyAgreement{} 410 } 411 412 func ecdheECDSAKA(version uint16) keyAgreement { 413 return &ecdheKeyAgreement{ 414 sigType: signatureECDSA, 415 version: version, 416 } 417 } 418 419 func ecdheSM2KA(version uint16) keyAgreement { 420 return &ecdheKeyAgreement{ 421 sigType: signatureSM2, 422 version: version, 423 } 424 } 425 426 func ecdheRSAKA(version uint16) keyAgreement { 427 return &ecdheKeyAgreement{ 428 sigType: signatureRSA, 429 version: version, 430 } 431 } 432 433 func sm2KA(version uint16) keyAgreement { 434 return &sm2KeyAgreement{ 435 sigType: signatureSM2, 436 version: version, 437 } 438 } 439 440 // mutualCipherSuite returns a cipherSuite given a list of supported 441 // ciphersuites and the id requested by the peer. 442 func mutualCipherSuite(have []uint16, want uint16) *cipherSuite { 443 for _, id := range have { 444 if id == want { 445 for _, suite := range cipherSuites { 446 if suite.id == want { 447 return suite 448 } 449 } 450 return nil 451 } 452 } 453 return nil 454 } 455 456 // A list of cipher suite IDs that are, or have been, implemented by this 457 // package. 458 // 459 // Taken from http://www.iana.org/assignments/tls-parameters/tls-parameters.xml 460 const ( 461 TLS_RSA_WITH_RC4_128_SHA uint16 = 0x0005 462 TLS_RSA_WITH_3DES_EDE_CBC_SHA uint16 = 0x000a 463 TLS_RSA_WITH_AES_128_CBC_SHA uint16 = 0x002f 464 TLS_RSA_WITH_AES_256_CBC_SHA uint16 = 0x0035 465 TLS_RSA_WITH_AES_128_CBC_SHA256 uint16 = 0x003c 466 TLS_RSA_WITH_AES_128_GCM_SHA256 uint16 = 0x009c 467 TLS_RSA_WITH_AES_256_GCM_SHA384 uint16 = 0x009d 468 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA uint16 = 0xc007 469 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA uint16 = 0xc009 470 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA uint16 = 0xc00a 471 TLS_ECDHE_RSA_WITH_RC4_128_SHA uint16 = 0xc011 472 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA uint16 = 0xc012 473 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA uint16 = 0xc013 474 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA uint16 = 0xc014 475 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 uint16 = 0xc023 476 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 uint16 = 0xc027 477 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 uint16 = 0xc02f 478 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 uint16 = 0xc02b 479 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 uint16 = 0xc030 480 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 uint16 = 0xc02c 481 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 uint16 = 0xcca8 482 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 uint16 = 0xcca9 483 TLS_ECDHE_SM2_WITH_SM4_SM3 uint16 = 0xe031 // wsw add 484 TLS_SM2_WITH_SM4_SM3 uint16 = 0xe033 // wsw add 485 TLS_SM4_GCM_SM3 uint16 = 0x00c6 // wsw add 486 TLS_SM4_CCM_SM3 uint16 = 0x00c7 // wsw add 487 // TLS_FALLBACK_SCSV isn't a standard cipher suite but an indicator 488 // that the client is doing version fallback. See 489 // https://tools.ietf.org/html/rfc7507. 490 TLS_FALLBACK_SCSV uint16 = 0x5600 491 ) 492 493 var mapId = map[uint16]string{ 494 TLS_RSA_WITH_RC4_128_SHA: "TLS_RSA_WITH_RC4_128_SHA", 495 TLS_RSA_WITH_3DES_EDE_CBC_SHA: "TLS_RSA_WITH_3DES_EDE_CBC_SHA", 496 TLS_RSA_WITH_AES_128_CBC_SHA: "TLS_RSA_WITH_AES_128_CBC_SHA", 497 TLS_RSA_WITH_AES_256_CBC_SHA: "TLS_RSA_WITH_AES_256_CBC_SHA", 498 TLS_RSA_WITH_AES_128_CBC_SHA256: "TLS_RSA_WITH_AES_128_CBC_SHA256", 499 TLS_RSA_WITH_AES_128_GCM_SHA256: "TLS_RSA_WITH_AES_128_GCM_SHA256", 500 TLS_RSA_WITH_AES_256_GCM_SHA384: "TLS_RSA_WITH_AES_256_GCM_SHA384", 501 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA: "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", 502 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", 503 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", 504 TLS_ECDHE_RSA_WITH_RC4_128_SHA: "TLS_ECDHE_RSA_WITH_RC4_128_SHA", 505 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA: "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", 506 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", 507 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", 508 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", 509 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", 510 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", 511 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", 512 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", 513 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", 514 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305: "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305", 515 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305: "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305", 516 TLS_ECDHE_SM2_WITH_SM4_SM3: "TLS_ECDHE_SM2_WITH_SM4_SM3", // wsw add 517 TLS_SM2_WITH_SM4_SM3: "TLS_SM2_WITH_SM4_SM3", // wsw add 518 TLS_SM4_GCM_SM3: "TLS_SM4_GCM_SM3", // wsw add 519 TLS_SM4_CCM_SM3: "TLS_SM4_CCM_SM3", // wsw add 520 // TLS_FALLBACK_SCSV isn't a standard cipher suite but an indicator 521 // that the client is doing version fallback. See 522 // https://tools.ietf.org/html/rfc7507. 523 TLS_FALLBACK_SCSV: "TLS_FALLBACK_SCSV", 524 }