summaryrefslogtreecommitdiffstats
path: root/src/network
diff options
context:
space:
mode:
authorTimur Pocheptsov <Timur.Pocheptsov@qt.io>2015-10-22 12:06:59 +0200
committerLiang Qi <liang.qi@qt.io>2017-03-16 08:50:12 +0000
commit3e3defb5c37cca715a441895d7df0f06f0c2cd89 (patch)
tree4625f1bd1e2281ad588fc2fed017773c9baa288a /src/network
parentfb061e586d9a9b1122a4db5f3d4c12d3c55435a1 (diff)
Secure Transport - add a missing cipher
Secure Transport supports more ciphers then we can convert into QSslCipher. This results in our tests failing, since after the successful SSL handshake sessionCipher is 'unknown'. This patch adds missing AES256-GCM-SHA384 and also, to make new cipher addition easier in future, sorts cipher suites as it's done in CipherSuite.h (ST framework's header) - grouped by RFC they were introduced in + sorted within their group. As a bonus (thanks to Eddy for spotting this problem) - some copy & paste (?) typos were fixed (mismatched names). Task-number: QTBUG-59480 Change-Id: I61e984da8b37f1c0787305a26fc289e2e7c2b4ad Reviewed-by: Edward Welbourne <edward.welbourne@qt.io> Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Diffstat (limited to 'src/network')
-rw-r--r--src/network/ssl/qsslsocket_mac.cpp137
1 files changed, 79 insertions, 58 deletions
diff --git a/src/network/ssl/qsslsocket_mac.cpp b/src/network/ssl/qsslsocket_mac.cpp
index 752640bd46..3e56eac803 100644
--- a/src/network/ssl/qsslsocket_mac.cpp
+++ b/src/network/ssl/qsslsocket_mac.cpp
@@ -476,6 +476,7 @@ QSslCipher QSslSocketBackendPrivate::QSslCipher_from_SSLCipherSuite(SSLCipherSui
{
QSslCipher ciph;
switch (cipher) {
+ // Sorted as in CipherSuite.h (and groupped by their RFC)
case SSL_RSA_WITH_NULL_MD5:
ciph.d->name = QLatin1String("NULL-MD5");
ciph.d->protocol = QSsl::SslV3;
@@ -493,38 +494,21 @@ QSslCipher QSslSocketBackendPrivate::QSslCipher_from_SSLCipherSuite(SSLCipherSui
ciph.d->protocol = QSsl::SslV3;
break;
- case TLS_RSA_WITH_3DES_EDE_CBC_SHA:
- ciph.d->name = QLatin1String("DES-CBC3-SHA");
- break;
+ // TLS addenda using AES, per RFC 3268
case TLS_RSA_WITH_AES_128_CBC_SHA:
ciph.d->name = QLatin1String("AES128-SHA");
break;
- case TLS_RSA_WITH_AES_128_CBC_SHA256:
- ciph.d->name = QLatin1String("AES128-SHA256");
- break;
- case TLS_RSA_WITH_AES_256_CBC_SHA:
- ciph.d->name = QLatin1String("AES256-SHA");
- break;
- case TLS_RSA_WITH_AES_256_CBC_SHA256:
- ciph.d->name = QLatin1String("AES256-SHA256");
- break;
-
- case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
- ciph.d->name = QLatin1String("DHE-RSA-DES-CBC3-SHA");
- break;
case TLS_DHE_RSA_WITH_AES_128_CBC_SHA:
ciph.d->name = QLatin1String("DHE-RSA-AES128-SHA");
break;
- case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:
- ciph.d->name = QLatin1String("DHE-RSA-AES128-SHA256");
+ case TLS_RSA_WITH_AES_256_CBC_SHA:
+ ciph.d->name = QLatin1String("AES256-SHA");
break;
case TLS_DHE_RSA_WITH_AES_256_CBC_SHA:
ciph.d->name = QLatin1String("DHE-RSA-AES256-SHA");
break;
- case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
- ciph.d->name = QLatin1String("DHE-RSA-AES256-SHA256");
- break;
+ // ECDSA addenda, RFC 4492
case TLS_ECDH_ECDSA_WITH_NULL_SHA:
ciph.d->name = QLatin1String("ECDH-ECDSA-NULL-SHA");
break;
@@ -537,21 +521,29 @@ QSslCipher QSslSocketBackendPrivate::QSslCipher_from_SSLCipherSuite(SSLCipherSui
case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA:
ciph.d->name = QLatin1String("ECDH-ECDSA-AES128-SHA");
break;
- case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256:
- ciph.d->name = QLatin1String("ECDH-ECDSA-AES128-SHA256");
- break;
case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA:
ciph.d->name = QLatin1String("ECDH-ECDSA-AES256-SHA");
break;
- case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384:
- ciph.d->name = QLatin1String("ECDH-ECDSA-AES256-SHA384");
+ case TLS_ECDHE_ECDSA_WITH_NULL_SHA:
+ ciph.d->name = QLatin1String("ECDHE-ECDSA-NULL-SHA");
+ break;
+ case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA:
+ ciph.d->name = QLatin1String("ECDHE-ECDSA-RC4-SHA");
+ break;
+ case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA:
+ ciph.d->name = QLatin1String("ECDHE-ECDSA-DES-CBC3-SHA");
+ break;
+ case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:
+ ciph.d->name = QLatin1String("ECDHE-ECDSA-AES128-SHA");
+ break;
+ case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
+ ciph.d->name = QLatin1String("ECDHE-ECDSA-AES256-SHA");
break;
-
case TLS_ECDH_RSA_WITH_NULL_SHA:
ciph.d->name = QLatin1String("ECDH-RSA-NULL-SHA");
break;
case TLS_ECDH_RSA_WITH_RC4_128_SHA:
- ciph.d->name = QLatin1String("ECDH-RSA-AES256-SHA");
+ ciph.d->name = QLatin1String("ECDH-RSA-RC4-SHA");
break;
case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA:
ciph.d->name = QLatin1String("ECDH-RSA-DES-CBC3-SHA");
@@ -559,62 +551,91 @@ QSslCipher QSslSocketBackendPrivate::QSslCipher_from_SSLCipherSuite(SSLCipherSui
case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA:
ciph.d->name = QLatin1String("ECDH-RSA-AES128-SHA");
break;
- case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256:
- ciph.d->name = QLatin1String("ECDH-RSA-AES128-SHA256");
- break;
case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA:
ciph.d->name = QLatin1String("ECDH-RSA-AES256-SHA");
break;
- case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384:
- ciph.d->name = QLatin1String("ECDH-RSA-AES256-SHA384");
+ case TLS_ECDHE_RSA_WITH_NULL_SHA:
+ ciph.d->name = QLatin1String("ECDHE-RSA-NULL-SHA");
+ break;
+ case TLS_ECDHE_RSA_WITH_RC4_128_SHA:
+ ciph.d->name = QLatin1String("ECDHE-RSA-RC4-SHA");
+ break;
+ case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:
+ ciph.d->name = QLatin1String("ECDHE-RSA-DES-CBC3-SHA");
+ break;
+ case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
+ ciph.d->name = QLatin1String("ECDHE-RSA-AES128-SHA");
+ break;
+ case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
+ ciph.d->name = QLatin1String("ECDHE-RSA-AES256-SHA");
break;
- case TLS_ECDHE_ECDSA_WITH_NULL_SHA:
- ciph.d->name = QLatin1String("ECDHE-ECDSA-NULL-SHA");
+ // TLS 1.2 addenda, RFC 5246
+ case TLS_RSA_WITH_3DES_EDE_CBC_SHA:
+ ciph.d->name = QLatin1String("DES-CBC3-SHA");
break;
- case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA:
- ciph.d->name = QLatin1String("ECDHE-ECDSA-RC4-SHA");
+ case TLS_RSA_WITH_AES_128_CBC_SHA256:
+ ciph.d->name = QLatin1String("AES128-SHA256");
break;
- case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA:
- ciph.d->name = QLatin1String("ECDHE-ECDSA-DES-CBC3-SHA");
+ case TLS_RSA_WITH_AES_256_CBC_SHA256:
+ ciph.d->name = QLatin1String("AES256-SHA256");
break;
- case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:
- ciph.d->name = QLatin1String("ECDHE-ECDSA-AES128-SHA");
+ case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
+ ciph.d->name = QLatin1String("DHE-RSA-DES-CBC3-SHA");
break;
- case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
- ciph.d->name = QLatin1String("ECDHE-ECDSA-AES128-SHA256");
+ case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:
+ ciph.d->name = QLatin1String("DHE-RSA-AES128-SHA256");
break;
- case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
- ciph.d->name = QLatin1String("ECDHE-ECDSA-AES256-SHA");
+ case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
+ ciph.d->name = QLatin1String("DHE-RSA-AES256-SHA256");
break;
- case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384:
- ciph.d->name = QLatin1String("ECDHE-ECDSA-AES256-SHA384");
+
+ // Addendum from RFC 4279, TLS PSK
+ // all missing atm.
+
+ // RFC 4785 - Pre-Shared Key (PSK) Ciphersuites with NULL Encryption
+ // all missing atm.
+
+ // Addenda from rfc 5288 AES Galois Counter Mode (CGM) Cipher Suites for TLS
+ case TLS_RSA_WITH_AES_256_GCM_SHA384:
+ ciph.d->name = QLatin1String("AES256-GCM-SHA384");
break;
- case TLS_ECDHE_RSA_WITH_NULL_SHA:
- ciph.d->name = QLatin1String("ECDHE-RSA-NULL-SHA");
+ // RFC 5487 - PSK with SHA-256/384 and AES GCM
+ // all missing atm.
+
+ // Addenda from rfc 5289 Elliptic Curve Cipher Suites with HMAC SHA-256/384
+ case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
+ ciph.d->name = QLatin1String("ECDHE-ECDSA-AES128-SHA256");
break;
- case TLS_ECDHE_RSA_WITH_RC4_128_SHA:
- ciph.d->name = QLatin1String("ECDHE-RSA-AES256-SHA");
+ case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384:
+ ciph.d->name = QLatin1String("ECDHE-ECDSA-AES256-SHA384");
break;
- case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:
- ciph.d->name = QLatin1String("ECDHE-RSA-DES-CBC3-SHA");
+ case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256:
+ ciph.d->name = QLatin1String("ECDH-ECDSA-AES128-SHA256");
break;
- case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
- ciph.d->name = QLatin1String("ECDHE-RSA-AES128-SHA");
+ case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384:
+ ciph.d->name = QLatin1String("ECDH-ECDSA-AES256-SHA384");
break;
case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
ciph.d->name = QLatin1String("ECDHE-RSA-AES128-SHA256");
break;
- case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
- ciph.d->name = QLatin1String("ECDHE-RSA-AES256-SHA");
- break;
case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:
ciph.d->name = QLatin1String("ECDHE-RSA-AES256-SHA384");
break;
+ case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256:
+ ciph.d->name = QLatin1String("ECDH-RSA-AES128-SHA256");
+ break;
+ case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384:
+ ciph.d->name = QLatin1String("ECDH-RSA-AES256-SHA384");
+ break;
+
+ // Addenda from rfc 5289 Elliptic Curve Cipher Suites
+ // with SHA-256/384 and AES Galois Counter Mode (GCM)
case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
ciph.d->name = QLatin1String("ECDHE-RSA-AES256-GCM-SHA384");
break;
+
default:
return ciph;
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-30 22:40:14 +0000