103 |
103 |
104 } |
104 } |
105 |
105 |
106 public static class TestParameters { |
106 public static class TestParameters { |
107 |
107 |
108 String cipherSuite; |
108 CipherSuite cipherSuite; |
109 String protocol; |
109 Protocol protocol; |
110 String clientAuth; |
110 String clientAuth; |
111 |
111 |
112 TestParameters(String cipherSuite, String protocol, |
112 TestParameters(CipherSuite cipherSuite, Protocol protocol, |
113 String clientAuth) { |
113 String clientAuth) { |
114 this.cipherSuite = cipherSuite; |
114 this.cipherSuite = cipherSuite; |
115 this.protocol = protocol; |
115 this.protocol = protocol; |
116 this.clientAuth = clientAuth; |
116 this.clientAuth = clientAuth; |
117 } |
117 } |
118 |
118 |
119 boolean isEnabled() { |
119 boolean isEnabled() { |
120 return TLSCipherStatus.isEnabled(cipherSuite, protocol); |
120 return cipherSuite.supportedByProtocol(protocol); |
121 } |
121 } |
122 |
122 |
123 @Override |
123 @Override |
124 public String toString() { |
124 public String toString() { |
125 String s = cipherSuite + " in " + protocol + " mode"; |
125 String s = cipherSuite + " in " + protocol + " mode"; |
126 if (clientAuth != null) { |
126 if (clientAuth != null) { |
127 s += " with " + clientAuth + " client authentication"; |
127 s += " with " + clientAuth + " client authentication"; |
128 } |
128 } |
129 return s; |
129 return s; |
130 } |
|
131 |
|
132 static enum TLSCipherStatus { |
|
133 // cipher suites supported since TLS 1.2 |
|
134 CS_01("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", 0x0303, 0xFFFF), |
|
135 CS_02("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", 0x0303, 0xFFFF), |
|
136 CS_03("TLS_RSA_WITH_AES_256_CBC_SHA256", 0x0303, 0xFFFF), |
|
137 CS_04("TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384", 0x0303, 0xFFFF), |
|
138 CS_05("TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384", 0x0303, 0xFFFF), |
|
139 CS_06("TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", 0x0303, 0xFFFF), |
|
140 CS_07("TLS_DHE_DSS_WITH_AES_256_CBC_SHA256", 0x0303, 0xFFFF), |
|
141 |
|
142 CS_08("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", 0x0303, 0xFFFF), |
|
143 CS_09("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", 0x0303, 0xFFFF), |
|
144 CS_10("TLS_RSA_WITH_AES_128_CBC_SHA256", 0x0303, 0xFFFF), |
|
145 CS_11("TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256", 0x0303, 0xFFFF), |
|
146 CS_12("TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256", 0x0303, 0xFFFF), |
|
147 CS_13("TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", 0x0303, 0xFFFF), |
|
148 CS_14("TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", 0x0303, 0xFFFF), |
|
149 |
|
150 CS_15("TLS_DH_anon_WITH_AES_256_CBC_SHA256", 0x0303, 0xFFFF), |
|
151 CS_16("TLS_DH_anon_WITH_AES_128_CBC_SHA256", 0x0303, 0xFFFF), |
|
152 CS_17("TLS_RSA_WITH_NULL_SHA256", 0x0303, 0xFFFF), |
|
153 |
|
154 CS_20("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", 0x0303, 0xFFFF), |
|
155 CS_21("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", 0x0303, 0xFFFF), |
|
156 CS_22("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", 0x0303, 0xFFFF), |
|
157 CS_23("TLS_RSA_WITH_AES_256_GCM_SHA384", 0x0303, 0xFFFF), |
|
158 CS_24("TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384", 0x0303, 0xFFFF), |
|
159 CS_25("TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384", 0x0303, 0xFFFF), |
|
160 CS_26("TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", 0x0303, 0xFFFF), |
|
161 CS_27("TLS_DHE_DSS_WITH_AES_256_GCM_SHA384", 0x0303, 0xFFFF), |
|
162 |
|
163 CS_28("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", 0x0303, 0xFFFF), |
|
164 CS_29("TLS_RSA_WITH_AES_128_GCM_SHA256", 0x0303, 0xFFFF), |
|
165 CS_30("TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256", 0x0303, 0xFFFF), |
|
166 CS_31("TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256", 0x0303, 0xFFFF), |
|
167 CS_32("TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", 0x0303, 0xFFFF), |
|
168 CS_33("TLS_DHE_DSS_WITH_AES_128_GCM_SHA256", 0x0303, 0xFFFF), |
|
169 |
|
170 CS_34("TLS_DH_anon_WITH_AES_256_GCM_SHA384", 0x0303, 0xFFFF), |
|
171 CS_35("TLS_DH_anon_WITH_AES_128_GCM_SHA256", 0x0303, 0xFFFF), |
|
172 |
|
173 // cipher suites obsoleted since TLS 1.2 |
|
174 CS_50("SSL_RSA_WITH_DES_CBC_SHA", 0x0000, 0x0303), |
|
175 CS_51("SSL_DHE_RSA_WITH_DES_CBC_SHA", 0x0000, 0x0303), |
|
176 CS_52("SSL_DHE_DSS_WITH_DES_CBC_SHA", 0x0000, 0x0303), |
|
177 CS_53("SSL_DH_anon_WITH_DES_CBC_SHA", 0x0000, 0x0303), |
|
178 CS_54("TLS_KRB5_WITH_DES_CBC_SHA", 0x0000, 0x0303), |
|
179 CS_55("TLS_KRB5_WITH_DES_CBC_MD5", 0x0000, 0x0303), |
|
180 |
|
181 // cipher suites obsoleted since TLS 1.1 |
|
182 CS_60("SSL_RSA_EXPORT_WITH_RC4_40_MD5", 0x0000, 0x0302), |
|
183 CS_61("SSL_DH_anon_EXPORT_WITH_RC4_40_MD5", 0x0000, 0x0302), |
|
184 CS_62("SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", 0x0000, 0x0302), |
|
185 CS_63("SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", 0x0000, 0x0302), |
|
186 CS_64("SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", 0x0000, 0x0302), |
|
187 CS_65("SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA", 0x0000, 0x0302), |
|
188 CS_66("TLS_KRB5_EXPORT_WITH_RC4_40_SHA", 0x0000, 0x0302), |
|
189 CS_67("TLS_KRB5_EXPORT_WITH_RC4_40_MD5", 0x0000, 0x0302), |
|
190 CS_68("TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA", 0x0000, 0x0302), |
|
191 CS_69("TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5", 0x0000, 0x0302), |
|
192 |
|
193 // ignore TLS_EMPTY_RENEGOTIATION_INFO_SCSV always |
|
194 CS_99("TLS_EMPTY_RENEGOTIATION_INFO_SCSV", 0xFFFF, 0x0000); |
|
195 |
|
196 // the cipher suite name |
|
197 final String cipherSuite; |
|
198 |
|
199 // supported since protocol version |
|
200 final int supportedSince; |
|
201 |
|
202 // obsoleted since protocol version |
|
203 final int obsoletedSince; |
|
204 |
|
205 TLSCipherStatus(String cipherSuite, |
|
206 int supportedSince, int obsoletedSince) { |
|
207 this.cipherSuite = cipherSuite; |
|
208 this.supportedSince = supportedSince; |
|
209 this.obsoletedSince = obsoletedSince; |
|
210 } |
|
211 |
|
212 static boolean isEnabled(String cipherSuite, String protocol) { |
|
213 int versionNumber = toVersionNumber(protocol); |
|
214 |
|
215 if (versionNumber < 0) { |
|
216 return true; // unlikely to happen |
|
217 } |
|
218 |
|
219 for (TLSCipherStatus status : TLSCipherStatus.values()) { |
|
220 if (cipherSuite.equals(status.cipherSuite)) { |
|
221 if ((versionNumber < status.supportedSince) || |
|
222 (versionNumber >= status.obsoletedSince)) { |
|
223 return false; |
|
224 } |
|
225 |
|
226 return true; |
|
227 } |
|
228 } |
|
229 |
|
230 return true; |
|
231 } |
|
232 |
|
233 private static int toVersionNumber(String protocol) { |
|
234 int versionNumber = -1; |
|
235 |
|
236 switch (protocol) { |
|
237 case "SSLv2Hello": |
|
238 versionNumber = 0x0002; |
|
239 break; |
|
240 case "SSLv3": |
|
241 versionNumber = 0x0300; |
|
242 break; |
|
243 case "TLSv1": |
|
244 versionNumber = 0x0301; |
|
245 break; |
|
246 case "TLSv1.1": |
|
247 versionNumber = 0x0302; |
|
248 break; |
|
249 case "TLSv1.2": |
|
250 versionNumber = 0x0303; |
|
251 break; |
|
252 default: |
|
253 // unlikely to happen |
|
254 } |
|
255 |
|
256 return versionNumber; |
|
257 } |
|
258 } |
130 } |
259 } |
131 } |
260 |
132 |
261 private List<TestParameters> tests; |
133 private List<TestParameters> tests; |
262 private Iterator<TestParameters> testIterator; |
134 private Iterator<TestParameters> testIterator; |