4 * An enumeration of cipher-suites available for TLS to use, along with
\r
5 * their properties, and some convenience methods
\r
6 * Copyright (c) 2007 Henri Torgemane
\r
8 * See LICENSE.txt for full license information.
\r
10 package com.hurlant.crypto.tls {
\r
11 import com.hurlant.crypto.hash.MD5;
\r
12 import com.hurlant.crypto.hash.SHA1;
\r
14 public class CipherSuites {
\r
17 // only the lines marked "ok" are currently implemented.
\r
21 public static const TLS_NULL_WITH_NULL_NULL:uint = 0x0000; // ok
\r
22 public static const TLS_RSA_WITH_NULL_MD5:uint = 0x0001; // ok
\r
23 public static const TLS_RSA_WITH_NULL_SHA:uint = 0x0002; // ok
\r
24 public static const TLS_RSA_WITH_RC4_128_MD5:uint = 0x0004; // ok
\r
25 public static const TLS_RSA_WITH_RC4_128_SHA:uint = 0x0005; // ok
\r
26 public static const TLS_RSA_WITH_IDEA_CBC_SHA:uint = 0x0007;
\r
27 public static const TLS_RSA_WITH_DES_CBC_SHA:uint = 0x0009; // ok
\r
28 public static const TLS_RSA_WITH_3DES_EDE_CBC_SHA:uint = 0x000A; // ok
\r
30 public static const TLS_DH_DSS_WITH_DES_CBC_SHA:uint = 0x000C;
\r
31 public static const TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA:uint = 0x000D;
\r
32 public static const TLS_DH_RSA_WITH_DES_CBC_SHA:uint = 0x000F;
\r
33 public static const TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA:uint = 0x0010;
\r
34 public static const TLS_DHE_DSS_WITH_DES_CBC_SHA:uint = 0x0012;
\r
35 public static const TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA:uint = 0x0013;
\r
36 public static const TLS_DHE_RSA_WITH_DES_CBC_SHA:uint = 0x0015;
\r
37 public static const TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:uint = 0x0016;
\r
39 public static const TLS_DH_anon_WITH_RC4_128_MD5:uint = 0x0018;
\r
40 public static const TLS_DH_anon_WITH_DES_CBC_SHA:uint = 0x001A;
\r
41 public static const TLS_DH_anon_WITH_3DES_EDE_CBC_SHA:uint = 0x001B;
\r
45 public static const TLS_RSA_WITH_AES_128_CBC_SHA:uint = 0x002F; // ok
\r
46 public static const TLS_DH_DSS_WITH_AES_128_CBC_SHA:uint = 0x0030;
\r
47 public static const TLS_DH_RSA_WITH_AES_128_CBC_SHA:uint = 0x0031;
\r
48 public static const TLS_DHE_DSS_WITH_AES_128_CBC_SHA:uint = 0x0032;
\r
49 public static const TLS_DHE_RSA_WITH_AES_128_CBC_SHA:uint = 0x0033;
\r
50 public static const TLS_DH_anon_WITH_AES_128_CBC_SHA:uint = 0x0034;
\r
52 public static const TLS_RSA_WITH_AES_256_CBC_SHA:uint = 0x0035; // ok
\r
53 public static const TLS_DH_DSS_WITH_AES_256_CBC_SHA:uint = 0x0036;
\r
54 public static const TLS_DH_RSA_WITH_AES_256_CBC_SHA:uint = 0x0037;
\r
55 public static const TLS_DHE_DSS_WITH_AES_256_CBC_SHA:uint = 0x0038;
\r
56 public static const TLS_DHE_RSA_WITH_AES_256_CBC_SHA:uint = 0x0039;
\r
57 public static const TLS_DH_anon_WITH_AES_256_CBC_SHA:uint = 0x003A;
\r
59 private static var _props:Array;
\r
62 private static function init():void {
\r
64 _props[TLS_NULL_WITH_NULL_NULL] = new CipherSuites(BulkCiphers.NULL, MACs.NULL, KeyExchanges.NULL);
\r
65 _props[TLS_RSA_WITH_NULL_MD5] = new CipherSuites(BulkCiphers.NULL, MACs.MD5, KeyExchanges.RSA);
\r
66 _props[TLS_RSA_WITH_NULL_SHA] = new CipherSuites(BulkCiphers.NULL, MACs.SHA1, KeyExchanges.RSA);
\r
67 _props[TLS_RSA_WITH_RC4_128_MD5] = new CipherSuites(BulkCiphers.RC4_128, MACs.MD5, KeyExchanges.RSA);
\r
68 _props[TLS_RSA_WITH_RC4_128_SHA] = new CipherSuites(BulkCiphers.RC4_128, MACs.SHA1, KeyExchanges.RSA);
\r
69 _props[TLS_RSA_WITH_DES_CBC_SHA] = new CipherSuites(BulkCiphers.DES_CBC, MACs.SHA1, KeyExchanges.RSA);
\r
70 _props[TLS_RSA_WITH_3DES_EDE_CBC_SHA] = new CipherSuites(BulkCiphers.DES3_EDE_CBC, MACs.SHA1, KeyExchanges.RSA);
\r
71 _props[TLS_RSA_WITH_AES_128_CBC_SHA] = new CipherSuites(BulkCiphers.AES_128, MACs.SHA1, KeyExchanges.RSA);
\r
72 _props[TLS_RSA_WITH_AES_256_CBC_SHA] = new CipherSuites(BulkCiphers.AES_256, MACs.SHA1, KeyExchanges.RSA);
\r
78 private static function getProp(cipher:uint):CipherSuites {
\r
79 var p:CipherSuites = _props[cipher];
\r
81 throw new Error("Unknown cipher "+cipher.toString(16));
\r
85 public static function getBulkCipher(cipher:uint):uint {
\r
86 return getProp(cipher).cipher;
\r
88 public static function getMac(cipher:uint):uint {
\r
89 return getProp(cipher).hash;
\r
91 public static function getKeyExchange(cipher:uint):uint {
\r
92 return getProp(cipher).key;
\r
95 public static function getDefaultSuites():Array {
\r
96 // a list of acceptable ciphers, sorted by preference.
\r
98 TLS_RSA_WITH_AES_256_CBC_SHA,
\r
99 TLS_RSA_WITH_3DES_EDE_CBC_SHA,
\r
100 TLS_RSA_WITH_AES_128_CBC_SHA,
\r
101 TLS_RSA_WITH_RC4_128_SHA,
\r
102 TLS_RSA_WITH_RC4_128_MD5,
\r
103 TLS_RSA_WITH_DES_CBC_SHA
\r
107 public var cipher:uint;
\r
108 public var hash:uint;
\r
109 public var key:uint;
\r
111 public function CipherSuites(cipher:uint, hash:uint, key:uint) {
\r
112 this.cipher = cipher;
\r