# Copyright 2012 Google Inc. All rights reserved.
"""
Nicely formatted cipher suite definitions for TLS
A list of cipher suites in the form of CipherSuite objects.
These are supposed to be immutable; don't mess with them.
"""
class CipherSuite(object):
"""
Encapsulates a cipher suite.
Members/args:
* code: two-byte ID code, as int
* name: as in 'TLS_RSA_WITH_RC4_40_MD5'
* kx: key exchange algorithm, string
* auth: authentication algorithm, string
* encoding: encoding algorithm
* mac: message authentication code algorithm
"""
def __init__(self, code, name, kx, auth, encoding, mac):
self.code = code
self.name = name
self.kx = kx
self.auth = auth
self.encoding = encoding
self.mac = mac
def __repr__(self):
return 'CipherSuite(%s)' % self.name
MAC_SIZES = {
'MD5': 16,
'SHA': 20,
'SHA256': 32, # I guess
}
BLOCK_SIZES = {
'AES_256_CBC': 16,
}
@property
def mac_size(self):
"""In bytes. Default to 0."""
return self.MAC_SIZES.get(self.mac, 0)
@property
def block_size(self):
"""In bytes. Default to 1."""
return self.BLOCK_SIZES.get(self.encoding, 1)
# master list of CipherSuite Objects
CIPHERSUITES = [
# not a real cipher suite, can be ignored, see RFC5746
CipherSuite(0xff, 'TLS_EMPTY_RENEGOTIATION_INFO',
'NULL', 'NULL', 'NULL', 'NULL'),
CipherSuite(0x00, 'TLS_NULL_WITH_NULL_NULL',
'NULL', 'NULL', 'NULL', 'NULL'),
CipherSuite(0x01, 'TLS_RSA_WITH_NULL_MD5', 'RSA', 'RSA', 'NULL', 'MD5'),
CipherSuite(0x02, 'TLS_RSA_WITH_NULL_SHA', 'RSA', 'RSA', 'NULL', 'SHA'),
CipherSuite(0x0039, 'TLS_DHE_RSA_WITH_AES_256_CBC_SHA',
'DHE', 'RSA', 'AES_256_CBC', 'SHA'), # not sure I got the kx/auth thing right.
CipherSuite(0xffff, 'UNKNOWN_CIPHER', '', '', '', '')
]
BY_CODE = dict(
(cipher.code, cipher) for cipher in CIPHERSUITES)
BY_NAME = dict(
(suite.name, suite) for suite in CIPHERSUITES)
NULL_SUITE = BY_CODE[0x00]