1- /**
1+ /*
22 * TLS-Attacker - A Modular Penetration Testing Framework for TLS
33 *
4- * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, Hackmanit GmbH
4+ * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH
55 *
66 * Licensed under Apache License, Version 2.0
77 * http://www.apache.org/licenses/LICENSE-2.0.txt
88 */
9-
109package de .rub .nds .tlsattacker .core .constants ;
1110
1211import de .rub .nds .modifiablevariable .util .ArrayConverter ;
2221import java .util .Set ;
2322
2423public enum CipherSuite {
25-
2624 TLS_NULL_WITH_NULL_NULL (0x00 ),
2725 TLS_RSA_WITH_NULL_MD5 (0x01 ),
2826 TLS_RSA_WITH_NULL_SHA (0x02 ),
@@ -511,7 +509,8 @@ public int getValue() {
511509 }
512510
513511 /**
514- * Returns true in case the cipher suite enforces ephemeral keys. This is the case for ECDHE and DHE cipher suites.
512+ * Returns true in case the cipher suite enforces ephemeral keys. This is the case for ECDHE and
513+ * DHE cipher suites.
515514 *
516515 * @return True if the cipher suite is Ephemeral
517516 */
@@ -533,7 +532,6 @@ public boolean isPsk() {
533532
534533 public boolean isSrpSha () {
535534 return this .name ().contains ("SRP_SHA" );
536-
537535 }
538536
539537 public boolean isSrp () {
@@ -549,8 +547,10 @@ public boolean isGrease() {
549547 }
550548
551549 public boolean isExportSymmetricCipher () {
552- return this .name ().contains ("DES40" ) || this .name ().contains ("RC4_40" ) || this .name ().contains ("RC2_CBC_40" )
553- || this .name ().contains ("DES_CBC_40" );
550+ return this .name ().contains ("DES40" )
551+ || this .name ().contains ("RC4_40" )
552+ || this .name ().contains ("RC2_CBC_40" )
553+ || this .name ().contains ("DES_CBC_40" );
554554 }
555555
556556 /**
@@ -585,15 +585,19 @@ public boolean isUsingMac() {
585585 if (cipher .endsWith ("NULL" )) {
586586 return false ;
587587 }
588- String [] hashFunctionNames = { "MD5" , "SHA" , "SHA256" , "SHA384" , "SHA512" , "IMIT" , "GOSTR3411" };
588+ String [] hashFunctionNames = {
589+ "MD5" , "SHA" , "SHA256" , "SHA384" , "SHA512" , "IMIT" , "GOSTR3411"
590+ };
589591 for (String hashFunction : hashFunctionNames ) {
590592 if (cipher .endsWith (hashFunction )) {
591593 return true ;
592594 }
593595 }
594596 return false ;
595597 }
596- return (this .name ().contains ("_CBC" ) || this .name ().contains ("RC4" ) || this .name ().contains ("CNT" ));
598+ return (this .name ().contains ("_CBC" )
599+ || this .name ().contains ("RC4" )
600+ || this .name ().contains ("CNT" ));
597601 }
598602
599603 public boolean isSCSV () {
@@ -645,12 +649,11 @@ public boolean usesDH() {
645649 }
646650
647651 /**
648- * Returns true if the cipher suite is supported by the specified protocol version. TODO: this is still very
649- * imprecise and must be improved with new ciphers.
652+ * Returns true if the cipher suite is supported by the specified protocol version. TODO: this
653+ * is still very imprecise and must be improved with new ciphers.
650654 *
651- * @param version
652- * The ProtocolVersion to check
653- * @return True if the cipher suite is supported in the ProtocolVersion
655+ * @param version The ProtocolVersion to check
656+ * @return True if the cipher suite is supported in the ProtocolVersion
654657 */
655658 public boolean isSupportedInProtocol (ProtocolVersion version ) {
656659 if (version == ProtocolVersion .SSL3 ) {
@@ -661,10 +664,15 @@ public boolean isSupportedInProtocol(ProtocolVersion version) {
661664 return version == ProtocolVersion .TLS13 ;
662665 }
663666
664- if (this .name ().endsWith ("256" ) || this .name ().endsWith ("384" ) || this .isCCM () || this .isCCM_8 ()) {
667+ if (this .name ().endsWith ("256" )
668+ || this .name ().endsWith ("384" )
669+ || this .isCCM ()
670+ || this .isCCM_8 ()) {
665671 return ((version == ProtocolVersion .TLS12 ) || (version == ProtocolVersion .DTLS12 ));
666672 }
667- if (this .name ().contains ("IDEA" ) || this .name ().contains ("_DES" ) || this .isExportSymmetricCipher ()) {
673+ if (this .name ().contains ("IDEA" )
674+ || this .name ().contains ("_DES" )
675+ || this .isExportSymmetricCipher ()) {
668676 return !((version == ProtocolVersion .TLS12 ) || (version == ProtocolVersion .DTLS12 ));
669677 }
670678
@@ -673,17 +681,41 @@ public boolean isSupportedInProtocol(ProtocolVersion version) {
673681
674682 @ SuppressWarnings ("SpellCheckingInspection" )
675683 public static final Set <CipherSuite > SSL3_SUPPORTED_CIPHERSUITES =
676- Collections .unmodifiableSet (new HashSet <>(Arrays .asList (TLS_NULL_WITH_NULL_NULL , TLS_RSA_WITH_NULL_MD5 ,
677- TLS_RSA_WITH_NULL_SHA , TLS_RSA_EXPORT_WITH_RC4_40_MD5 , TLS_RSA_WITH_RC4_128_MD5 , TLS_RSA_WITH_RC4_128_SHA ,
678- TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 , TLS_RSA_WITH_IDEA_CBC_SHA , TLS_RSA_EXPORT_WITH_DES40_CBC_SHA ,
679- TLS_RSA_WITH_DES_CBC_SHA , TLS_RSA_WITH_3DES_EDE_CBC_SHA , TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA ,
680- TLS_DH_DSS_WITH_DES_CBC_SHA , TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA , TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA ,
681- TLS_DH_RSA_WITH_DES_CBC_SHA , TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA , TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA ,
682- TLS_DHE_DSS_WITH_DES_CBC_SHA , TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA , TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA ,
683- TLS_DHE_RSA_WITH_DES_CBC_SHA , TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA , TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 ,
684- TLS_DH_anon_WITH_RC4_128_MD5 , TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA , TLS_DH_anon_WITH_DES_CBC_SHA ,
685- TLS_DH_anon_WITH_3DES_EDE_CBC_SHA , TLS_ECCPWD_WITH_AES_128_CCM_SHA256 , TLS_ECCPWD_WITH_AES_128_GCM_SHA256 ,
686- TLS_ECCPWD_WITH_AES_256_CCM_SHA384 , TLS_ECCPWD_WITH_AES_256_GCM_SHA384 )));
684+ Collections .unmodifiableSet (
685+ new HashSet <>(
686+ Arrays .asList (
687+ TLS_NULL_WITH_NULL_NULL ,
688+ TLS_RSA_WITH_NULL_MD5 ,
689+ TLS_RSA_WITH_NULL_SHA ,
690+ TLS_RSA_EXPORT_WITH_RC4_40_MD5 ,
691+ TLS_RSA_WITH_RC4_128_MD5 ,
692+ TLS_RSA_WITH_RC4_128_SHA ,
693+ TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 ,
694+ TLS_RSA_WITH_IDEA_CBC_SHA ,
695+ TLS_RSA_EXPORT_WITH_DES40_CBC_SHA ,
696+ TLS_RSA_WITH_DES_CBC_SHA ,
697+ TLS_RSA_WITH_3DES_EDE_CBC_SHA ,
698+ TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA ,
699+ TLS_DH_DSS_WITH_DES_CBC_SHA ,
700+ TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA ,
701+ TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA ,
702+ TLS_DH_RSA_WITH_DES_CBC_SHA ,
703+ TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA ,
704+ TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA ,
705+ TLS_DHE_DSS_WITH_DES_CBC_SHA ,
706+ TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA ,
707+ TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA ,
708+ TLS_DHE_RSA_WITH_DES_CBC_SHA ,
709+ TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA ,
710+ TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 ,
711+ TLS_DH_anon_WITH_RC4_128_MD5 ,
712+ TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA ,
713+ TLS_DH_anon_WITH_DES_CBC_SHA ,
714+ TLS_DH_anon_WITH_3DES_EDE_CBC_SHA ,
715+ TLS_ECCPWD_WITH_AES_128_CCM_SHA256 ,
716+ TLS_ECCPWD_WITH_AES_128_GCM_SHA256 ,
717+ TLS_ECCPWD_WITH_AES_256_CCM_SHA384 ,
718+ TLS_ECCPWD_WITH_AES_256_GCM_SHA384 )));
687719
688720 public static List <CipherSuite > getImplemented () {
689721 List <CipherSuite > list = new LinkedList <>();
@@ -1013,6 +1045,11 @@ public static List<CipherSuite> getImplemented() {
10131045 list .add (UNOFFICIAL_TLS_PSK_WITH_CHACHA20_POLY1305_OLD );
10141046 list .add (UNOFFICIAL_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_OLD );
10151047 list .add (UNOFFICIAL_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_OLD );
1048+ list .add (TLS_RSA_EXPORT_WITH_RC4_40_MD5 );
1049+ list .add (TLS_RSA_EXPORT_WITH_DES40_CBC_SHA );
1050+ list .add (TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 );
1051+ list .add (TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA );
1052+ list .add (TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA );
10161053 list .add (TLS_NULL_WITH_NULL_NULL );
10171054 return list ;
10181055 }
0 commit comments