ssl-utils: Fix parsing pre-master-secrets in keylog-file
[metze/wireshark/wip.git] / epan / dissectors / packet-ssl-utils.c
1 /* packet-ssl-utils.c
2  * ssl manipulation functions
3  * By Paolo Abeni <paolo.abeni@email.com>
4  *
5  * Copyright (c) 2013, Hauke Mehrtens <hauke@hauke-m.de>
6  * Copyright (c) 2014, Peter Wu <peter@lekensteyn.nl>
7  *
8  * Wireshark - Network traffic analyzer
9  * By Gerald Combs <gerald@wireshark.org>
10  * Copyright 1998 Gerald Combs
11  *
12  * This program is free software; you can redistribute it and/or
13  * modify it under the terms of the GNU General Public License
14  * as published by the Free Software Foundation; either version 2
15  * of the License, or (at your option) any later version.
16  *
17  * This program is distributed in the hope that it will be useful,
18  * but WITHOUT ANY WARRANTY; without even the implied warranty of
19  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
20  * GNU General Public License for more details.
21  *
22  * You should have received a copy of the GNU General Public License
23  * along with this program; if not, write to the Free Software
24  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
25  */
26
27 #include "config.h"
28
29 #ifdef HAVE_LIBZ
30 #include <zlib.h>
31 #endif
32
33 #include <stdlib.h>
34 #include <errno.h>
35
36 #include <epan/packet.h>
37 #include <epan/strutil.h>
38 #include <epan/addr_resolv.h>
39 #include <epan/ipv6-utils.h>
40 #include <epan/expert.h>
41 #include <epan/asn1.h>
42 #include <wsutil/filesystem.h>
43 #include <wsutil/file_util.h>
44 #include <wsutil/str_util.h>
45 #include <wsutil/report_err.h>
46 #include <wsutil/pint.h>
47 #include "packet-x509af.h"
48 #include "packet-x509if.h"
49 #include "packet-ssl-utils.h"
50 #include "packet-ssl.h"
51 #if defined(HAVE_LIBGNUTLS) && defined(HAVE_LIBGCRYPT)
52 #include <gnutls/abstract.h>
53 #endif
54
55 /*
56  * Lookup tables
57  */
58 const value_string ssl_version_short_names[] = {
59     { SSL_VER_UNKNOWN,    "SSL" },
60     { SSL_VER_SSLv2,      "SSLv2" },
61     { SSL_VER_SSLv3,      "SSLv3" },
62     { SSL_VER_TLS,        "TLSv1" },
63     { SSL_VER_TLSv1DOT1,  "TLSv1.1" },
64     { SSL_VER_DTLS,       "DTLSv1.0" },
65     { SSL_VER_DTLS1DOT2,  "DTLSv1.2" },
66     { SSL_VER_DTLS_OPENSSL, "DTLS 1.0 (OpenSSL pre 0.9.8f)" },
67     { SSL_VER_PCT,        "PCT" },
68     { SSL_VER_TLSv1DOT2,  "TLSv1.2" },
69     { 0x00, NULL }
70 };
71
72 const value_string ssl_20_msg_types[] = {
73     { SSL2_HND_ERROR,               "Error" },
74     { SSL2_HND_CLIENT_HELLO,        "Client Hello" },
75     { SSL2_HND_CLIENT_MASTER_KEY,   "Client Master Key" },
76     { SSL2_HND_CLIENT_FINISHED,     "Client Finished" },
77     { SSL2_HND_SERVER_HELLO,        "Server Hello" },
78     { SSL2_HND_SERVER_VERIFY,       "Server Verify" },
79     { SSL2_HND_SERVER_FINISHED,     "Server Finished" },
80     { SSL2_HND_REQUEST_CERTIFICATE, "Request Certificate" },
81     { SSL2_HND_CLIENT_CERTIFICATE,  "Client Certificate" },
82     { 0x00, NULL }
83 };
84 /* http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml */
85 /* Note: sorted by ascending value so value_string-ext can do a binary search */
86 static const value_string ssl_20_cipher_suites[] = {
87     { 0x000000, "TLS_NULL_WITH_NULL_NULL" },
88     { 0x000001, "TLS_RSA_WITH_NULL_MD5" },
89     { 0x000002, "TLS_RSA_WITH_NULL_SHA" },
90     { 0x000003, "TLS_RSA_EXPORT_WITH_RC4_40_MD5" },
91     { 0x000004, "TLS_RSA_WITH_RC4_128_MD5" },
92     { 0x000005, "TLS_RSA_WITH_RC4_128_SHA" },
93     { 0x000006, "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5" },
94     { 0x000007, "TLS_RSA_WITH_IDEA_CBC_SHA" },
95     { 0x000008, "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA" },
96     { 0x000009, "TLS_RSA_WITH_DES_CBC_SHA" },
97     { 0x00000a, "TLS_RSA_WITH_3DES_EDE_CBC_SHA" },
98     { 0x00000b, "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA" },
99     { 0x00000c, "TLS_DH_DSS_WITH_DES_CBC_SHA" },
100     { 0x00000d, "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA" },
101     { 0x00000e, "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA" },
102     { 0x00000f, "TLS_DH_RSA_WITH_DES_CBC_SHA" },
103     { 0x000010, "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA" },
104     { 0x000011, "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA" },
105     { 0x000012, "TLS_DHE_DSS_WITH_DES_CBC_SHA" },
106     { 0x000013, "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA" },
107     { 0x000014, "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA" },
108     { 0x000015, "TLS_DHE_RSA_WITH_DES_CBC_SHA" },
109     { 0x000016, "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA" },
110     { 0x000017, "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5" },
111     { 0x000018, "TLS_DH_anon_WITH_RC4_128_MD5" },
112     { 0x000019, "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA" },
113     { 0x00001a, "TLS_DH_anon_WITH_DES_CBC_SHA" },
114     { 0x00001b, "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA" },
115     { 0x00001c, "SSL_FORTEZZA_KEA_WITH_NULL_SHA" },
116     { 0x00001d, "SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA" },
117 #if 0
118     { 0x00001e, "SSL_FORTEZZA_KEA_WITH_RC4_128_SHA" },
119 #endif
120     /* RFC 2712 */
121     { 0x00001E, "TLS_KRB5_WITH_DES_CBC_SHA" },
122     { 0x00001F, "TLS_KRB5_WITH_3DES_EDE_CBC_SHA" },
123     { 0x000020, "TLS_KRB5_WITH_RC4_128_SHA" },
124     { 0x000021, "TLS_KRB5_WITH_IDEA_CBC_SHA" },
125     { 0x000022, "TLS_KRB5_WITH_DES_CBC_MD5" },
126     { 0x000023, "TLS_KRB5_WITH_3DES_EDE_CBC_MD5" },
127     { 0x000024, "TLS_KRB5_WITH_RC4_128_MD5" },
128     { 0x000025, "TLS_KRB5_WITH_IDEA_CBC_MD5" },
129     { 0x000026, "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA" },
130     { 0x000027, "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA" },
131     { 0x000028, "TLS_KRB5_EXPORT_WITH_RC4_40_SHA" },
132     { 0x000029, "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5" },
133     { 0x00002A, "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5" },
134     { 0x00002B, "TLS_KRB5_EXPORT_WITH_RC4_40_MD5" },
135     /* RFC 4785 */
136     { 0x00002C, "TLS_PSK_WITH_NULL_SHA" },
137     { 0x00002D, "TLS_DHE_PSK_WITH_NULL_SHA" },
138     { 0x00002E, "TLS_RSA_PSK_WITH_NULL_SHA" },
139     /* RFC 5246 */
140     { 0x00002f, "TLS_RSA_WITH_AES_128_CBC_SHA" },
141     { 0x000030, "TLS_DH_DSS_WITH_AES_128_CBC_SHA" },
142     { 0x000031, "TLS_DH_RSA_WITH_AES_128_CBC_SHA" },
143     { 0x000032, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA" },
144     { 0x000033, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" },
145     { 0x000034, "TLS_DH_anon_WITH_AES_128_CBC_SHA" },
146     { 0x000035, "TLS_RSA_WITH_AES_256_CBC_SHA" },
147     { 0x000036, "TLS_DH_DSS_WITH_AES_256_CBC_SHA" },
148     { 0x000037, "TLS_DH_RSA_WITH_AES_256_CBC_SHA" },
149     { 0x000038, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA" },
150     { 0x000039, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA" },
151     { 0x00003A, "TLS_DH_anon_WITH_AES_256_CBC_SHA" },
152     { 0x00003B, "TLS_RSA_WITH_NULL_SHA256" },
153     { 0x00003C, "TLS_RSA_WITH_AES_128_CBC_SHA256" },
154     { 0x00003D, "TLS_RSA_WITH_AES_256_CBC_SHA256" },
155     { 0x00003E, "TLS_DH_DSS_WITH_AES_128_CBC_SHA256" },
156     { 0x00003F, "TLS_DH_RSA_WITH_AES_128_CBC_SHA256" },
157     { 0x000040, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256" },
158     { 0x000041, "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA" },
159     { 0x000042, "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA" },
160     { 0x000043, "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA" },
161     { 0x000044, "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA" },
162     { 0x000045, "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA" },
163     { 0x000046, "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA" },
164     { 0x000047, "TLS_ECDH_ECDSA_WITH_NULL_SHA" },
165     { 0x000048, "TLS_ECDH_ECDSA_WITH_RC4_128_SHA" },
166     { 0x000049, "TLS_ECDH_ECDSA_WITH_DES_CBC_SHA" },
167     { 0x00004A, "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA" },
168     { 0x00004B, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA" },
169     { 0x00004C, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA" },
170     { 0x000060, "TLS_RSA_EXPORT1024_WITH_RC4_56_MD5" },
171     { 0x000061, "TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5" },
172     { 0x000062, "TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA" },
173     { 0x000063, "TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA" },
174     { 0x000064, "TLS_RSA_EXPORT1024_WITH_RC4_56_SHA" },
175     { 0x000065, "TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA" },
176     { 0x000066, "TLS_DHE_DSS_WITH_RC4_128_SHA" },
177     { 0x000067, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" },
178     { 0x000068, "TLS_DH_DSS_WITH_AES_256_CBC_SHA256" },
179     { 0x000069, "TLS_DH_RSA_WITH_AES_256_CBC_SHA256" },
180     { 0x00006A, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256" },
181     { 0x00006B, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" },
182     { 0x00006C, "TLS_DH_anon_WITH_AES_128_CBC_SHA256" },
183     { 0x00006D, "TLS_DH_anon_WITH_AES_256_CBC_SHA256" },
184     /* 0x00,0x6E-83 Unassigned  */
185     { 0x000084, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA" },
186     { 0x000085, "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA" },
187     { 0x000086, "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA" },
188     { 0x000087, "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA" },
189     { 0x000088, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA" },
190     { 0x000089, "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA" },
191     /* RFC 4279 */
192     { 0x00008A, "TLS_PSK_WITH_RC4_128_SHA" },
193     { 0x00008B, "TLS_PSK_WITH_3DES_EDE_CBC_SHA" },
194     { 0x00008C, "TLS_PSK_WITH_AES_128_CBC_SHA" },
195     { 0x00008D, "TLS_PSK_WITH_AES_256_CBC_SHA" },
196     { 0x00008E, "TLS_DHE_PSK_WITH_RC4_128_SHA" },
197     { 0x00008F, "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA" },
198     { 0x000090, "TLS_DHE_PSK_WITH_AES_128_CBC_SHA" },
199     { 0x000091, "TLS_DHE_PSK_WITH_AES_256_CBC_SHA" },
200     { 0x000092, "TLS_RSA_PSK_WITH_RC4_128_SHA" },
201     { 0x000093, "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA" },
202     { 0x000094, "TLS_RSA_PSK_WITH_AES_128_CBC_SHA" },
203     { 0x000095, "TLS_RSA_PSK_WITH_AES_256_CBC_SHA" },
204     /* RFC 4162 */
205     { 0x000096, "TLS_RSA_WITH_SEED_CBC_SHA" },
206     { 0x000097, "TLS_DH_DSS_WITH_SEED_CBC_SHA" },
207     { 0x000098, "TLS_DH_RSA_WITH_SEED_CBC_SHA" },
208     { 0x000099, "TLS_DHE_DSS_WITH_SEED_CBC_SHA" },
209     { 0x00009A, "TLS_DHE_RSA_WITH_SEED_CBC_SHA" },
210     { 0x00009B, "TLS_DH_anon_WITH_SEED_CBC_SHA" },
211     /* RFC 5288 */
212     { 0x00009C, "TLS_RSA_WITH_AES_128_GCM_SHA256" },
213     { 0x00009D, "TLS_RSA_WITH_AES_256_GCM_SHA384" },
214     { 0x00009E, "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" },
215     { 0x00009F, "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384" },
216     { 0x0000A0, "TLS_DH_RSA_WITH_AES_128_GCM_SHA256" },
217     { 0x0000A1, "TLS_DH_RSA_WITH_AES_256_GCM_SHA384" },
218     { 0x0000A2, "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256" },
219     { 0x0000A3, "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384" },
220     { 0x0000A4, "TLS_DH_DSS_WITH_AES_128_GCM_SHA256" },
221     { 0x0000A5, "TLS_DH_DSS_WITH_AES_256_GCM_SHA384" },
222     { 0x0000A6, "TLS_DH_anon_WITH_AES_128_GCM_SHA256" },
223     { 0x0000A7, "TLS_DH_anon_WITH_AES_256_GCM_SHA384" },
224     /* RFC 5487 */
225     { 0x0000A8, "TLS_PSK_WITH_AES_128_GCM_SHA256" },
226     { 0x0000A9, "TLS_PSK_WITH_AES_256_GCM_SHA384" },
227     { 0x0000AA, "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256" },
228     { 0x0000AB, "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384" },
229     { 0x0000AC, "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256" },
230     { 0x0000AD, "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384" },
231     { 0x0000AE, "TLS_PSK_WITH_AES_128_CBC_SHA256" },
232     { 0x0000AF, "TLS_PSK_WITH_AES_256_CBC_SHA384" },
233     { 0x0000B0, "TLS_PSK_WITH_NULL_SHA256" },
234     { 0x0000B1, "TLS_PSK_WITH_NULL_SHA384" },
235     { 0x0000B2, "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256" },
236     { 0x0000B3, "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384" },
237     { 0x0000B4, "TLS_DHE_PSK_WITH_NULL_SHA256" },
238     { 0x0000B5, "TLS_DHE_PSK_WITH_NULL_SHA384" },
239     { 0x0000B6, "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256" },
240     { 0x0000B7, "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384" },
241     { 0x0000B8, "TLS_RSA_PSK_WITH_NULL_SHA256" },
242     { 0x0000B9, "TLS_RSA_PSK_WITH_NULL_SHA384" },
243     /* From RFC 5932 */
244     { 0x0000BA, "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256" },
245     { 0x0000BB, "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256" },
246     { 0x0000BC, "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256" },
247     { 0x0000BD, "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256" },
248     { 0x0000BE, "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256" },
249     { 0x0000BF, "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256" },
250     { 0x0000C0, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256" },
251     { 0x0000C1, "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256" },
252     { 0x0000C2, "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256" },
253     { 0x0000C3, "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256" },
254     { 0x0000C4, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256" },
255     { 0x0000C5, "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256" },
256     /* 0x00,0xC6-FE Unassigned  */
257     { 0x0000FF, "TLS_EMPTY_RENEGOTIATION_INFO_SCSV" },
258     /* 0x01-BF,* Unassigned  */
259     /* From RFC 4492 */
260     { 0x00c001, "TLS_ECDH_ECDSA_WITH_NULL_SHA" },
261     { 0x00c002, "TLS_ECDH_ECDSA_WITH_RC4_128_SHA" },
262     { 0x00c003, "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA" },
263     { 0x00c004, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA" },
264     { 0x00c005, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA" },
265     { 0x00c006, "TLS_ECDHE_ECDSA_WITH_NULL_SHA" },
266     { 0x00c007, "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA" },
267     { 0x00c008, "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA" },
268     { 0x00c009, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA" },
269     { 0x00c00a, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA" },
270     { 0x00c00b, "TLS_ECDH_RSA_WITH_NULL_SHA" },
271     { 0x00c00c, "TLS_ECDH_RSA_WITH_RC4_128_SHA" },
272     { 0x00c00d, "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA" },
273     { 0x00c00e, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA" },
274     { 0x00c00f, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA" },
275     { 0x00c010, "TLS_ECDHE_RSA_WITH_NULL_SHA" },
276     { 0x00c011, "TLS_ECDHE_RSA_WITH_RC4_128_SHA" },
277     { 0x00c012, "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA" },
278     { 0x00c013, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA" },
279     { 0x00c014, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA" },
280     { 0x00c015, "TLS_ECDH_anon_WITH_NULL_SHA" },
281     { 0x00c016, "TLS_ECDH_anon_WITH_RC4_128_SHA" },
282     { 0x00c017, "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA" },
283     { 0x00c018, "TLS_ECDH_anon_WITH_AES_128_CBC_SHA" },
284     { 0x00c019, "TLS_ECDH_anon_WITH_AES_256_CBC_SHA" },
285     /* RFC 5054 */
286     { 0x00C01A, "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA" },
287     { 0x00C01B, "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA" },
288     { 0x00C01C, "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA" },
289     { 0x00C01D, "TLS_SRP_SHA_WITH_AES_128_CBC_SHA" },
290     { 0x00C01E, "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA" },
291     { 0x00C01F, "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA" },
292     { 0x00C020, "TLS_SRP_SHA_WITH_AES_256_CBC_SHA" },
293     { 0x00C021, "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA" },
294     { 0x00C022, "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA" },
295     /* RFC 5589 */
296     { 0x00C023, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256" },
297     { 0x00C024, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384" },
298     { 0x00C025, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256" },
299     { 0x00C026, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384" },
300     { 0x00C027, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" },
301     { 0x00C028, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" },
302     { 0x00C029, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256" },
303     { 0x00C02A, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384" },
304     { 0x00C02B, "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" },
305     { 0x00C02C, "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" },
306     { 0x00C02D, "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256" },
307     { 0x00C02E, "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384" },
308     { 0x00C02F, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" },
309     { 0x00C030, "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" },
310     { 0x00C031, "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256" },
311     { 0x00C032, "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384" },
312     /* RFC 5489 */
313     { 0x00C033, "TLS_ECDHE_PSK_WITH_RC4_128_SHA" },
314     { 0x00C034, "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA" },
315     { 0x00C035, "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA" },
316     { 0x00C036, "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA" },
317     { 0x00C037, "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256" },
318     { 0x00C038, "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384" },
319     { 0x00C039, "TLS_ECDHE_PSK_WITH_NULL_SHA" },
320     { 0x00C03A, "TLS_ECDHE_PSK_WITH_NULL_SHA256" },
321     { 0x00C03B, "TLS_ECDHE_PSK_WITH_NULL_SHA384" },
322     /* 0xC0,0x3C-FF Unassigned
323             0xC1-FD,* Unassigned
324             0xFE,0x00-FD Unassigned
325             0xFE,0xFE-FF Reserved to avoid conflicts with widely deployed implementations [Pasi_Eronen]
326             0xFF,0x00-FF Reserved for Private Use [RFC5246]
327             */
328
329     /* http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305 */
330     { 0x00CC13, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256" },
331     { 0x00CC14, "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256" },
332     { 0x00CC15, "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256" },
333
334     /* http://tools.ietf.org/html/draft-josefsson-salsa20-tls */
335     { 0x00E410, "TLS_RSA_WITH_ESTREAM_SALSA20_SHA1" },
336     { 0x00E411, "TLS_RSA_WITH_SALSA20_SHA1" },
337     { 0x00E412, "TLS_ECDHE_RSA_WITH_ESTREAM_SALSA20_SHA1" },
338     { 0x00E413, "TLS_ECDHE_RSA_WITH_SALSA20_SHA1" },
339     { 0x00E414, "TLS_ECDHE_ECDSA_WITH_ESTREAM_SALSA20_SHA1" },
340     { 0x00E415, "TLS_ECDHE_ECDSA_WITH_SALSA20_SHA1" },
341     { 0x00E416, "TLS_PSK_WITH_ESTREAM_SALSA20_SHA1" },
342     { 0x00E417, "TLS_PSK_WITH_SALSA20_SHA1" },
343     { 0x00E418, "TLS_ECDHE_PSK_WITH_ESTREAM_SALSA20_SHA1" },
344     { 0x00E419, "TLS_ECDHE_PSK_WITH_SALSA20_SHA1" },
345     { 0x00E41A, "TLS_RSA_PSK_WITH_ESTREAM_SALSA20_SHA1" },
346     { 0x00E41B, "TLS_RSA_PSK_WITH_SALSA20_SHA1" },
347     { 0x00E41C, "TLS_DHE_PSK_WITH_ESTREAM_SALSA20_SHA1" },
348     { 0x00E41D, "TLS_DHE_PSK_WITH_SALSA20_SHA1" },
349     { 0x00E41E, "TLS_DHE_RSA_WITH_ESTREAM_SALSA20_SHA1" },
350     { 0x00E41F, "TLS_DHE_RSA_WITH_SALSA20_SHA1" },
351
352     /* these from http://www.mozilla.org/projects/
353          security/pki/nss/ssl/fips-ssl-ciphersuites.html */
354     { 0x00fefe, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"},
355     { 0x00feff, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA" },
356     { 0x00ffe0, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA" },
357     { 0x00ffe1, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"},
358     /* note that ciphersuites of {0x00????} are TLS cipher suites in
359      * a sslv2 client hello message; the ???? above is the two-byte
360      * tls cipher suite id
361      */
362
363     { 0x010080, "SSL2_RC4_128_WITH_MD5" },
364     { 0x020080, "SSL2_RC4_128_EXPORT40_WITH_MD5" },
365     { 0x030080, "SSL2_RC2_CBC_128_CBC_WITH_MD5" },
366     { 0x040080, "SSL2_RC2_CBC_128_CBC_WITH_MD5" },
367     { 0x050080, "SSL2_IDEA_128_CBC_WITH_MD5" },
368     { 0x060040, "SSL2_DES_64_CBC_WITH_MD5" },
369     { 0x0700c0, "SSL2_DES_192_EDE3_CBC_WITH_MD5" },
370     { 0x080080, "SSL2_RC4_64_WITH_MD5" },
371
372     /* Microsoft's old PCT protocol. These are from Eric Rescorla's
373        book "SSL and TLS" */
374     { 0x800001, "PCT_SSL_CERT_TYPE | PCT1_CERT_X509" },
375     { 0x800003, "PCT_SSL_CERT_TYPE | PCT1_CERT_X509_CHAIN" },
376     { 0x810001, "PCT_SSL_HASH_TYPE | PCT1_HASH_MD5" },
377     { 0x810003, "PCT_SSL_HASH_TYPE | PCT1_HASH_SHA" },
378     { 0x820001, "PCT_SSL_EXCH_TYPE | PCT1_EXCH_RSA_PKCS1" },
379     { 0x830004, "PCT_SSL_CIPHER_TYPE_1ST_HALF | PCT1_CIPHER_RC4" },
380     { 0x842840, "PCT_SSL_CIPHER_TYPE_2ND_HALF | PCT1_ENC_BITS_40 | PCT1_MAC_BITS_128" },
381     { 0x848040, "PCT_SSL_CIPHER_TYPE_2ND_HALF | PCT1_ENC_BITS_128 | PCT1_MAC_BITS_128" },
382     { 0x8f8001, "PCT_SSL_COMPAT | PCT_VERSION_1" },
383     { 0x00, NULL }
384 };
385
386 value_string_ext ssl_20_cipher_suites_ext = VALUE_STRING_EXT_INIT(ssl_20_cipher_suites);
387
388
389 const value_string ssl_extension_curves[] = {
390     {  1, "sect163k1" },
391     {  2, "sect163r1" },
392     {  3, "sect163r2" },
393     {  4, "sect193r1" },
394     {  5, "sect193r2" },
395     {  6, "sect233k1" },
396     {  7, "sect233r1" },
397     {  8, "sect239k1" },
398     {  9, "sect283k1" },
399     { 10, "sect283r1" },
400     { 11, "sect409k1" },
401     { 12, "sect409r1" },
402     { 13, "sect571k1" },
403     { 14, "sect571r1" },
404     { 15, "secp160k1" },
405     { 16, "secp160r1" },
406     { 17, "secp160r2" },
407     { 18, "secp192k1" },
408     { 19, "secp192r1" },
409     { 20, "secp224k1" },
410     { 21, "secp224r1" },
411     { 22, "secp256k1" },
412     { 23, "secp256r1" },
413     { 24, "secp384r1" },
414     { 25, "secp521r1" },
415     { 26, "brainpoolP256r1" }, /* RFC 7027 */
416     { 27, "brainpoolP384r1" }, /* RFC 7027 */
417     { 28, "brainpoolP512r1" }, /* RFC 7027 */
418     { 0xFF01, "arbitrary_explicit_prime_curves" },
419     { 0xFF02, "arbitrary_explicit_char2_curves" },
420     { 0x00, NULL }
421 };
422
423 const value_string ssl_curve_types[] = {
424     { 1, "explicit_prime" },
425     { 2, "explicit_char2" },
426     { 3, "named_curve" },
427     { 0x00, NULL }
428 };
429
430 const value_string ssl_extension_ec_point_formats[] = {
431     { 0, "uncompressed" },
432     { 1, "ansiX962_compressed_prime" },
433     { 2, "ansiX962_compressed_char2" },
434     { 0x00, NULL }
435 };
436
437 const value_string ssl_20_certificate_type[] = {
438     { 0x00, "N/A" },
439     { 0x01, "X.509 Certificate" },
440     { 0x00, NULL }
441 };
442
443 const value_string ssl_31_content_type[] = {
444     { 20, "Change Cipher Spec" },
445     { 21, "Alert" },
446     { 22, "Handshake" },
447     { 23, "Application Data" },
448     { 24, "Heartbeat" },
449     { 0x00, NULL }
450 };
451
452 const value_string ssl_versions[] = {
453     { 0xfefd, "DTLS 1.2" },
454     { 0xfeff, "DTLS 1.0" },
455     { 0x0100, "DTLS 1.0 (OpenSSL pre 0.9.8f)" },
456     { 0x0303, "TLS 1.2" },
457     { 0x0302, "TLS 1.1" },
458     { 0x0301, "TLS 1.0" },
459     { 0x0300, "SSL 3.0" },
460     { 0x0002, "SSL 2.0" },
461     { 0x00, NULL }
462 };
463
464 #if 0
465 /* XXX - would be used if we dissected the body of a Change Cipher Spec
466    message. */
467 const value_string ssl_31_change_cipher_spec[] = {
468     { 1, "Change Cipher Spec" },
469     { 0x00, NULL }
470 };
471 #endif
472
473 const value_string ssl_31_alert_level[] = {
474     { 1, "Warning" },
475     { 2, "Fatal" },
476     { 0x00, NULL }
477 };
478
479 const value_string ssl_31_alert_description[] = {
480     {   0,  "Close Notify" },
481     {  10,  "Unexpected Message" },
482     {  20,  "Bad Record MAC" },
483     {  21,  "Decryption Failed" },
484     {  22,  "Record Overflow" },
485     {  30,  "Decompression Failure" },
486     {  40,  "Handshake Failure" },
487     {  41,  "No Certificate" },
488     {  42,  "Bad Certificate" },
489     {  43,  "Unsupported Certificate" },
490     {  44,  "Certificate Revoked" },
491     {  45,  "Certificate Expired" },
492     {  46,  "Certificate Unknown" },
493     {  47,  "Illegal Parameter" },
494     {  48,  "Unknown CA" },
495     {  49,  "Access Denied" },
496     {  50,  "Decode Error" },
497     {  51,  "Decrypt Error" },
498     {  60,  "Export Restriction" },
499     {  70,  "Protocol Version" },
500     {  71,  "Insufficient Security" },
501     {  80,  "Internal Error" },
502     {  86,  "Inappropriate Fallback" },
503     {  90,  "User Canceled" },
504     { 100, "No Renegotiation" },
505     { 110, "Unsupported Extension" },
506     { 111, "Certificate Unobtainable" },
507     { 112, "Unrecognized Name" },
508     { 113, "Bad Certificate Status Response" },
509     { 114, "Bad Certificate Hash Value" },
510     { 115, "Unknown PSK Identity" },
511     { 120, "No application Protocol" },
512     { 0x00, NULL }
513 };
514
515 const value_string ssl_31_handshake_type[] = {
516     { SSL_HND_HELLO_REQUEST,     "Hello Request" },
517     { SSL_HND_CLIENT_HELLO,      "Client Hello" },
518     { SSL_HND_SERVER_HELLO,      "Server Hello" },
519     { SSL_HND_HELLO_VERIFY_REQUEST, "Hello Verify Request"},
520     { SSL_HND_NEWSESSION_TICKET, "New Session Ticket" },
521     { SSL_HND_CERTIFICATE,       "Certificate" },
522     { SSL_HND_SERVER_KEY_EXCHG,  "Server Key Exchange" },
523     { SSL_HND_CERT_REQUEST,      "Certificate Request" },
524     { SSL_HND_SVR_HELLO_DONE,    "Server Hello Done" },
525     { SSL_HND_CERT_VERIFY,       "Certificate Verify" },
526     { SSL_HND_CLIENT_KEY_EXCHG,  "Client Key Exchange" },
527     { SSL_HND_FINISHED,          "Finished" },
528     { SSL_HND_CERT_URL,          "Client Certificate URL" },
529     { SSL_HND_CERT_STATUS,       "Certificate Status" },
530     { SSL_HND_SUPPLEMENTAL_DATA, "Supplemental Data" },
531     { SSL_HND_ENCRYPTED_EXTS,    "Encrypted Extensions" },
532     { 0x00, NULL }
533 };
534
535 const value_string tls_heartbeat_type[] = {
536     { 1, "Request" },
537     { 2, "Response" },
538     { 0x00, NULL }
539 };
540
541 const value_string tls_heartbeat_mode[] = {
542     { 1, "Peer allowed to send requests" },
543     { 2, "Peer not allowed to send requests" },
544     { 0x00, NULL }
545 };
546
547 const value_string ssl_31_compression_method[] = {
548     {  0, "null" },
549     {  1, "DEFLATE" },
550     { 64, "LZS" },
551     { 0x00, NULL }
552 };
553
554 #if 0
555 /* XXX - would be used if we dissected a Signature, as would be
556    seen in a server key exchange or certificate verify message. */
557 const value_string ssl_31_key_exchange_algorithm[] = {
558     { 0, "RSA" },
559     { 1, "Diffie Hellman" },
560     { 0x00, NULL }
561 };
562
563 const value_string ssl_31_signature_algorithm[] = {
564     { 0, "Anonymous" },
565     { 1, "RSA" },
566     { 2, "DSA" },
567     { 0x00, NULL }
568 };
569 #endif
570
571 const value_string ssl_31_client_certificate_type[] = {
572     { 1, "RSA Sign" },
573     { 2, "DSS Sign" },
574     { 3, "RSA Fixed DH" },
575     { 4, "DSS Fixed DH" },
576     /* GOST certificate types */
577     /* Section 3.5 of draft-chudov-cryptopro-cptls-04 */
578     { 21, "GOST R 34.10-94" },
579     { 22, "GOST R 34.10-2001" },
580     /* END GOST certificate types */
581     { 64, "ECDSA Sign" },
582     { 65, "RSA Fixed ECDH" },
583     { 66, "ECDSA Fixed ECDH" },
584     { 0x00, NULL }
585 };
586
587 #if 0
588 /* XXX - would be used if we dissected exchange keys, as would be
589    seen in a client key exchange message. */
590 const value_string ssl_31_public_value_encoding[] = {
591     { 0, "Implicit" },
592     { 1, "Explicit" },
593     { 0x00, NULL }
594 };
595 #endif
596
597 /* http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml */
598 /* Note: sorted by ascending value so value_string_ext fcns can do a binary search */
599 static const value_string ssl_31_ciphersuite[] = {
600     /* RFC 2246, RFC 4346, RFC 5246 */
601     { 0x0000, "TLS_NULL_WITH_NULL_NULL" },
602     { 0x0001, "TLS_RSA_WITH_NULL_MD5" },
603     { 0x0002, "TLS_RSA_WITH_NULL_SHA" },
604     { 0x0003, "TLS_RSA_EXPORT_WITH_RC4_40_MD5" },
605     { 0x0004, "TLS_RSA_WITH_RC4_128_MD5" },
606     { 0x0005, "TLS_RSA_WITH_RC4_128_SHA" },
607     { 0x0006, "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5" },
608     { 0x0007, "TLS_RSA_WITH_IDEA_CBC_SHA" },
609     { 0x0008, "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA" },
610     { 0x0009, "TLS_RSA_WITH_DES_CBC_SHA" },
611     { 0x000a, "TLS_RSA_WITH_3DES_EDE_CBC_SHA" },
612     { 0x000b, "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA" },
613     { 0x000c, "TLS_DH_DSS_WITH_DES_CBC_SHA" },
614     { 0x000d, "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA" },
615     { 0x000e, "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA" },
616     { 0x000f, "TLS_DH_RSA_WITH_DES_CBC_SHA" },
617     { 0x0010, "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA" },
618     { 0x0011, "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA" },
619     { 0x0012, "TLS_DHE_DSS_WITH_DES_CBC_SHA" },
620     { 0x0013, "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA" },
621     { 0x0014, "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA" },
622     { 0x0015, "TLS_DHE_RSA_WITH_DES_CBC_SHA" },
623     { 0x0016, "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA" },
624     { 0x0017, "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5" },
625     { 0x0018, "TLS_DH_anon_WITH_RC4_128_MD5" },
626     { 0x0019, "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA" },
627     { 0x001a, "TLS_DH_anon_WITH_DES_CBC_SHA" },
628     { 0x001b, "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA" },
629
630     { 0x001c, "SSL_FORTEZZA_KEA_WITH_NULL_SHA" },
631     { 0x001d, "SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA" },
632 #if 0 /* Because it clashes with KRB5, is never used any more, and is safe
633          to remove according to David Hopwood <david.hopwood@zetnet.co.uk>
634          of the ietf-tls list */
635     { 0x001e, "SSL_FORTEZZA_KEA_WITH_RC4_128_SHA" },
636 #endif
637
638     /* RFC 2712 */
639     { 0x001E, "TLS_KRB5_WITH_DES_CBC_SHA" },
640     { 0x001F, "TLS_KRB5_WITH_3DES_EDE_CBC_SHA" },
641     { 0x0020, "TLS_KRB5_WITH_RC4_128_SHA" },
642     { 0x0021, "TLS_KRB5_WITH_IDEA_CBC_SHA" },
643     { 0x0022, "TLS_KRB5_WITH_DES_CBC_MD5" },
644     { 0x0023, "TLS_KRB5_WITH_3DES_EDE_CBC_MD5" },
645     { 0x0024, "TLS_KRB5_WITH_RC4_128_MD5" },
646     { 0x0025, "TLS_KRB5_WITH_IDEA_CBC_MD5" },
647     { 0x0026, "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA" },
648     { 0x0027, "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA" },
649     { 0x0028, "TLS_KRB5_EXPORT_WITH_RC4_40_SHA" },
650     { 0x0029, "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5" },
651     { 0x002A, "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5" },
652     { 0x002B, "TLS_KRB5_EXPORT_WITH_RC4_40_MD5" },
653
654     /* RFC 4785 */
655     { 0x002C, "TLS_PSK_WITH_NULL_SHA" },
656     { 0x002D, "TLS_DHE_PSK_WITH_NULL_SHA" },
657     { 0x002E, "TLS_RSA_PSK_WITH_NULL_SHA" },
658
659     /* RFC 5246 */
660     { 0x002F, "TLS_RSA_WITH_AES_128_CBC_SHA" },
661     { 0x0030, "TLS_DH_DSS_WITH_AES_128_CBC_SHA" },
662     { 0x0031, "TLS_DH_RSA_WITH_AES_128_CBC_SHA" },
663     { 0x0032, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA" },
664     { 0x0033, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" },
665     { 0x0034, "TLS_DH_anon_WITH_AES_128_CBC_SHA" },
666     { 0x0035, "TLS_RSA_WITH_AES_256_CBC_SHA" },
667     { 0x0036, "TLS_DH_DSS_WITH_AES_256_CBC_SHA" },
668     { 0x0037, "TLS_DH_RSA_WITH_AES_256_CBC_SHA" },
669     { 0x0038, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA" },
670     { 0x0039, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA" },
671     { 0x003A, "TLS_DH_anon_WITH_AES_256_CBC_SHA" },
672     { 0x003B, "TLS_RSA_WITH_NULL_SHA256" },
673     { 0x003C, "TLS_RSA_WITH_AES_128_CBC_SHA256" },
674     { 0x003D, "TLS_RSA_WITH_AES_256_CBC_SHA256" },
675     { 0x003E, "TLS_DH_DSS_WITH_AES_128_CBC_SHA256" },
676     { 0x003F, "TLS_DH_RSA_WITH_AES_128_CBC_SHA256" },
677     { 0x0040, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256" },
678
679     /* RFC 4132 */
680     { 0x0041, "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA" },
681     { 0x0042, "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA" },
682     { 0x0043, "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA" },
683     { 0x0044, "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA" },
684     { 0x0045, "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA" },
685     { 0x0046, "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA" },
686
687     /* 0x00,0x60-66 Reserved to avoid conflicts with widely deployed implementations  */
688     /* --- ??? --- */
689     { 0x0060, "TLS_RSA_EXPORT1024_WITH_RC4_56_MD5" },
690     { 0x0061, "TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5" },
691     /* draft-ietf-tls-56-bit-ciphersuites-01.txt */
692     { 0x0062, "TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA" },
693     { 0x0063, "TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA" },
694     { 0x0064, "TLS_RSA_EXPORT1024_WITH_RC4_56_SHA" },
695     { 0x0065, "TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA" },
696     { 0x0066, "TLS_DHE_DSS_WITH_RC4_128_SHA" },
697     /* --- ??? ---*/
698
699     { 0x0067, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" },
700     { 0x0068, "TLS_DH_DSS_WITH_AES_256_CBC_SHA256" },
701     { 0x0069, "TLS_DH_RSA_WITH_AES_256_CBC_SHA256" },
702     { 0x006A, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256" },
703     { 0x006B, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" },
704     { 0x006C, "TLS_DH_anon_WITH_AES_128_CBC_SHA256" },
705     { 0x006D, "TLS_DH_anon_WITH_AES_256_CBC_SHA256" },
706
707     /* draft-chudov-cryptopro-cptls-04.txt */
708     { 0x0080,  "TLS_GOSTR341094_WITH_28147_CNT_IMIT" },
709     { 0x0081,  "TLS_GOSTR341001_WITH_28147_CNT_IMIT" },
710     { 0x0082,  "TLS_GOSTR341094_WITH_NULL_GOSTR3411" },
711     { 0x0083,  "TLS_GOSTR341001_WITH_NULL_GOSTR3411" },
712
713     /* RFC 4132 */
714     { 0x0084, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA" },
715     { 0x0085, "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA" },
716     { 0x0086, "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA" },
717     { 0x0087, "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA" },
718     { 0x0088, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA" },
719     { 0x0089, "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA" },
720
721     /* RFC 4279 */
722     { 0x008A, "TLS_PSK_WITH_RC4_128_SHA" },
723     { 0x008B, "TLS_PSK_WITH_3DES_EDE_CBC_SHA" },
724     { 0x008C, "TLS_PSK_WITH_AES_128_CBC_SHA" },
725     { 0x008D, "TLS_PSK_WITH_AES_256_CBC_SHA" },
726     { 0x008E, "TLS_DHE_PSK_WITH_RC4_128_SHA" },
727     { 0x008F, "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA" },
728     { 0x0090, "TLS_DHE_PSK_WITH_AES_128_CBC_SHA" },
729     { 0x0091, "TLS_DHE_PSK_WITH_AES_256_CBC_SHA" },
730     { 0x0092, "TLS_RSA_PSK_WITH_RC4_128_SHA" },
731     { 0x0093, "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA" },
732     { 0x0094, "TLS_RSA_PSK_WITH_AES_128_CBC_SHA" },
733     { 0x0095, "TLS_RSA_PSK_WITH_AES_256_CBC_SHA" },
734
735     /* RFC 4162 */
736     { 0x0096, "TLS_RSA_WITH_SEED_CBC_SHA" },
737     { 0x0097, "TLS_DH_DSS_WITH_SEED_CBC_SHA" },
738     { 0x0098, "TLS_DH_RSA_WITH_SEED_CBC_SHA" },
739     { 0x0099, "TLS_DHE_DSS_WITH_SEED_CBC_SHA" },
740     { 0x009A, "TLS_DHE_RSA_WITH_SEED_CBC_SHA" },
741     { 0x009B, "TLS_DH_anon_WITH_SEED_CBC_SHA" },
742
743     /* RFC 5288 */
744     { 0x009C, "TLS_RSA_WITH_AES_128_GCM_SHA256" },
745     { 0x009D, "TLS_RSA_WITH_AES_256_GCM_SHA384" },
746     { 0x009E, "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" },
747     { 0x009F, "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384" },
748     { 0x00A0, "TLS_DH_RSA_WITH_AES_128_GCM_SHA256" },
749     { 0x00A1, "TLS_DH_RSA_WITH_AES_256_GCM_SHA384" },
750     { 0x00A2, "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256" },
751     { 0x00A3, "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384" },
752     { 0x00A4, "TLS_DH_DSS_WITH_AES_128_GCM_SHA256" },
753     { 0x00A5, "TLS_DH_DSS_WITH_AES_256_GCM_SHA384" },
754     { 0x00A6, "TLS_DH_anon_WITH_AES_128_GCM_SHA256" },
755     { 0x00A7, "TLS_DH_anon_WITH_AES_256_GCM_SHA384" },
756
757     /* RFC 5487 */
758     { 0x00A8, "TLS_PSK_WITH_AES_128_GCM_SHA256" },
759     { 0x00A9, "TLS_PSK_WITH_AES_256_GCM_SHA384" },
760     { 0x00AA, "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256" },
761     { 0x00AB, "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384" },
762     { 0x00AC, "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256" },
763     { 0x00AD, "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384" },
764     { 0x00AE, "TLS_PSK_WITH_AES_128_CBC_SHA256" },
765     { 0x00AF, "TLS_PSK_WITH_AES_256_CBC_SHA384" },
766     { 0x00B0, "TLS_PSK_WITH_NULL_SHA256" },
767     { 0x00B1, "TLS_PSK_WITH_NULL_SHA384" },
768     { 0x00B2, "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256" },
769     { 0x00B3, "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384" },
770     { 0x00B4, "TLS_DHE_PSK_WITH_NULL_SHA256" },
771     { 0x00B5, "TLS_DHE_PSK_WITH_NULL_SHA384" },
772     { 0x00B6, "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256" },
773     { 0x00B7, "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384" },
774     { 0x00B8, "TLS_RSA_PSK_WITH_NULL_SHA256" },
775     { 0x00B9, "TLS_RSA_PSK_WITH_NULL_SHA384" },
776
777     /* From RFC 5932 */
778     { 0x00BA, "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256" },
779     { 0x00BB, "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256" },
780     { 0x00BC, "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256" },
781     { 0x00BD, "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256" },
782     { 0x00BE, "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256" },
783     { 0x00BF, "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256" },
784     { 0x00C0, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256" },
785     { 0x00C1, "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256" },
786     { 0x00C2, "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256" },
787     { 0x00C3, "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256" },
788     { 0x00C4, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256" },
789     { 0x00C5, "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256" },
790     /* 0x00,0xC6-FE Unassigned  */
791     /* From RFC 5746 */
792     { 0x00FF, "TLS_EMPTY_RENEGOTIATION_INFO_SCSV" },
793     /* From RFC 7507 */
794     { 0x5600, "TLS_FALLBACK_SCSV" },
795     /* From RFC 4492 */
796     { 0xc001, "TLS_ECDH_ECDSA_WITH_NULL_SHA" },
797     { 0xc002, "TLS_ECDH_ECDSA_WITH_RC4_128_SHA" },
798     { 0xc003, "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA" },
799     { 0xc004, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA" },
800     { 0xc005, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA" },
801     { 0xc006, "TLS_ECDHE_ECDSA_WITH_NULL_SHA" },
802     { 0xc007, "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA" },
803     { 0xc008, "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA" },
804     { 0xc009, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA" },
805     { 0xc00a, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA" },
806     { 0xc00b, "TLS_ECDH_RSA_WITH_NULL_SHA" },
807     { 0xc00c, "TLS_ECDH_RSA_WITH_RC4_128_SHA" },
808     { 0xc00d, "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA" },
809     { 0xc00e, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA" },
810     { 0xc00f, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA" },
811     { 0xc010, "TLS_ECDHE_RSA_WITH_NULL_SHA" },
812     { 0xc011, "TLS_ECDHE_RSA_WITH_RC4_128_SHA" },
813     { 0xc012, "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA" },
814     { 0xc013, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA" },
815     { 0xc014, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA" },
816     { 0xc015, "TLS_ECDH_anon_WITH_NULL_SHA" },
817     { 0xc016, "TLS_ECDH_anon_WITH_RC4_128_SHA" },
818     { 0xc017, "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA" },
819     { 0xc018, "TLS_ECDH_anon_WITH_AES_128_CBC_SHA" },
820     { 0xc019, "TLS_ECDH_anon_WITH_AES_256_CBC_SHA" },
821
822     /* RFC 5054 */
823     { 0xC01A, "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA" },
824     { 0xC01B, "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA" },
825     { 0xC01C, "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA" },
826     { 0xC01D, "TLS_SRP_SHA_WITH_AES_128_CBC_SHA" },
827     { 0xC01E, "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA" },
828     { 0xC01F, "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA" },
829     { 0xC020, "TLS_SRP_SHA_WITH_AES_256_CBC_SHA" },
830     { 0xC021, "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA" },
831     { 0xC022, "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA" },
832
833     /* RFC 5589 */
834     { 0xC023, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256" },
835     { 0xC024, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384" },
836     { 0xC025, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256" },
837     { 0xC026, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384" },
838     { 0xC027, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" },
839     { 0xC028, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" },
840     { 0xC029, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256" },
841     { 0xC02A, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384" },
842     { 0xC02B, "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" },
843     { 0xC02C, "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" },
844     { 0xC02D, "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256" },
845     { 0xC02E, "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384" },
846     { 0xC02F, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" },
847     { 0xC030, "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" },
848     { 0xC031, "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256" },
849     { 0xC032, "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384" },
850
851     /* RFC 5489 */
852     { 0xC033, "TLS_ECDHE_PSK_WITH_RC4_128_SHA" },
853     { 0xC034, "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA" },
854     { 0xC035, "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA" },
855     { 0xC036, "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA" },
856     { 0xC037, "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256" },
857     { 0xC038, "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384" },
858     { 0xC039, "TLS_ECDHE_PSK_WITH_NULL_SHA" },
859     { 0xC03A, "TLS_ECDHE_PSK_WITH_NULL_SHA256" },
860     { 0xC03B, "TLS_ECDHE_PSK_WITH_NULL_SHA384" },
861
862     /* RFC 6209 */
863     { 0xC03C, "TLS_RSA_WITH_ARIA_128_CBC_SHA256" },
864     { 0xC03D, "TLS_RSA_WITH_ARIA_256_CBC_SHA384" },
865     { 0xC03E, "TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256" },
866     { 0xC03F, "TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384" },
867     { 0xC040, "TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256" },
868     { 0xC041, "TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384" },
869     { 0xC042, "TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256" },
870     { 0xC043, "TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384" },
871     { 0xC044, "TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256" },
872     { 0xC045, "TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384" },
873     { 0xC046, "TLS_DH_anon_WITH_ARIA_128_CBC_SHA256" },
874     { 0xC047, "TLS_DH_anon_WITH_ARIA_256_CBC_SHA384" },
875     { 0xC048, "TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256" },
876     { 0xC049, "TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384" },
877     { 0xC04A, "TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256" },
878     { 0xC04B, "TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384" },
879     { 0xC04C, "TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256" },
880     { 0xC04D, "TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384" },
881     { 0xC04E, "TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256" },
882     { 0xC04F, "TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384" },
883     { 0xC050, "TLS_RSA_WITH_ARIA_128_GCM_SHA256" },
884     { 0xC051, "TLS_RSA_WITH_ARIA_256_GCM_SHA384" },
885     { 0xC052, "TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256" },
886     { 0xC053, "TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384" },
887     { 0xC054, "TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256" },
888     { 0xC055, "TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384" },
889     { 0xC056, "TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256" },
890     { 0xC057, "TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384" },
891     { 0xC058, "TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256" },
892     { 0xC059, "TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384" },
893     { 0xC05A, "TLS_DH_anon_WITH_ARIA_128_GCM_SHA256" },
894     { 0xC05B, "TLS_DH_anon_WITH_ARIA_256_GCM_SHA384" },
895     { 0xC05C, "TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256" },
896     { 0xC05D, "TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384" },
897     { 0xC05E, "TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256" },
898     { 0xC05F, "TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384" },
899     { 0xC060, "TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256" },
900     { 0xC061, "TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384" },
901     { 0xC062, "TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256" },
902     { 0xC063, "TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384" },
903     { 0xC064, "TLS_PSK_WITH_ARIA_128_CBC_SHA256" },
904     { 0xC065, "TLS_PSK_WITH_ARIA_256_CBC_SHA384" },
905     { 0xC066, "TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256" },
906     { 0xC067, "TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384" },
907     { 0xC068, "TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256" },
908     { 0xC069, "TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384" },
909     { 0xC06A, "TLS_PSK_WITH_ARIA_128_GCM_SHA256" },
910     { 0xC06B, "TLS_PSK_WITH_ARIA_256_GCM_SHA384" },
911     { 0xC06C, "TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256" },
912     { 0xC06D, "TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384" },
913     { 0xC06E, "TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256" },
914     { 0xC06F, "TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384" },
915     { 0xC070, "TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256" },
916     { 0xC071, "TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384" },
917
918     /* RFC 6367 */
919     { 0xC072, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256" },
920     { 0xC073, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384" },
921     { 0xC074, "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256" },
922     { 0xC075, "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384" },
923     { 0xC076, "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256" },
924     { 0xC077, "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384" },
925     { 0xC078, "TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256" },
926     { 0xC079, "TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384" },
927     { 0xC07A, "TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256" },
928     { 0xC07B, "TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384" },
929     { 0xC07C, "TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256" },
930     { 0xC07D, "TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384" },
931     { 0xC07E, "TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256" },
932     { 0xC07F, "TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384" },
933     { 0xC080, "TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256" },
934     { 0xC081, "TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384" },
935     { 0xC082, "TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256" },
936     { 0xC083, "TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384" },
937     { 0xC084, "TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256" },
938     { 0xC085, "TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384" },
939     { 0xC086, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256" },
940     { 0xC087, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384" },
941     { 0xC088, "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256" },
942     { 0xC089, "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384" },
943     { 0xC08A, "TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256" },
944     { 0xC08B, "TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384" },
945     { 0xC08C, "TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256" },
946     { 0xC08D, "TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384" },
947     { 0xC08E, "TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256" },
948     { 0xC08F, "TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384" },
949     { 0xC090, "TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256" },
950     { 0xC091, "TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384" },
951     { 0xC092, "TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256" },
952     { 0xC093, "TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384" },
953     { 0xC094, "TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256" },
954     { 0xC095, "TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384" },
955     { 0xC096, "TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256" },
956     { 0xC097, "TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384" },
957     { 0xC098, "TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256" },
958     { 0xC099, "TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384" },
959     { 0xC09A, "TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256" },
960     { 0xC09B, "TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384" },
961
962     /* RFC 6655 */
963     { 0xC09C, "TLS_RSA_WITH_AES_128_CCM" },
964     { 0xC09D, "TLS_RSA_WITH_AES_256_CCM" },
965     { 0xC09E, "TLS_DHE_RSA_WITH_AES_128_CCM" },
966     { 0xC09F, "TLS_DHE_RSA_WITH_AES_256_CCM" },
967     { 0xC0A0, "TLS_RSA_WITH_AES_128_CCM_8" },
968     { 0xC0A1, "TLS_RSA_WITH_AES_256_CCM_8" },
969     { 0xC0A2, "TLS_DHE_RSA_WITH_AES_128_CCM_8" },
970     { 0xC0A3, "TLS_DHE_RSA_WITH_AES_256_CCM_8" },
971     { 0xC0A4, "TLS_PSK_WITH_AES_128_CCM" },
972     { 0xC0A5, "TLS_PSK_WITH_AES_256_CCM" },
973     { 0xC0A6, "TLS_DHE_PSK_WITH_AES_128_CCM" },
974     { 0xC0A7, "TLS_DHE_PSK_WITH_AES_256_CCM" },
975     { 0xC0A8, "TLS_PSK_WITH_AES_128_CCM_8" },
976     { 0xC0A9, "TLS_PSK_WITH_AES_256_CCM_8" },
977     { 0xC0AA, "TLS_PSK_DHE_WITH_AES_128_CCM_8" },
978     { 0xC0AB, "TLS_PSK_DHE_WITH_AES_256_CCM_8" },
979
980     /* RFC 7251 */
981     { 0xC0AC, "TLS_ECDHE_ECDSA_WITH_AES_128_CCM" },
982     { 0xC0AD, "TLS_ECDHE_ECDSA_WITH_AES_256_CCM" },
983     { 0xC0AE, "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8" },
984     { 0xC0AF, "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8" },
985 /*
986 0xC0,0xAB-FF Unassigned
987 0xC1-FD,* Unassigned
988 0xFE,0x00-FD Unassigned
989 0xFE,0xFE-FF Reserved to avoid conflicts with widely deployed implementations [Pasi_Eronen]
990 0xFF,0x00-FF Reserved for Private Use [RFC5246]
991 */
992
993     /* http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305 */
994     { 0xCC13, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256" },
995     { 0xCC14, "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256" },
996     { 0xCC15, "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256" },
997
998     /* http://tools.ietf.org/html/draft-josefsson-salsa20-tls */
999     { 0xE410, "TLS_RSA_WITH_ESTREAM_SALSA20_SHA1" },
1000     { 0xE411, "TLS_RSA_WITH_SALSA20_SHA1" },
1001     { 0xE412, "TLS_ECDHE_RSA_WITH_ESTREAM_SALSA20_SHA1" },
1002     { 0xE413, "TLS_ECDHE_RSA_WITH_SALSA20_SHA1" },
1003     { 0xE414, "TLS_ECDHE_ECDSA_WITH_ESTREAM_SALSA20_SHA1" },
1004     { 0xE415, "TLS_ECDHE_ECDSA_WITH_SALSA20_SHA1" },
1005     { 0xE416, "TLS_PSK_WITH_ESTREAM_SALSA20_SHA1" },
1006     { 0xE417, "TLS_PSK_WITH_SALSA20_SHA1" },
1007     { 0xE418, "TLS_ECDHE_PSK_WITH_ESTREAM_SALSA20_SHA1" },
1008     { 0xE419, "TLS_ECDHE_PSK_WITH_SALSA20_SHA1" },
1009     { 0xE41A, "TLS_RSA_PSK_WITH_ESTREAM_SALSA20_SHA1" },
1010     { 0xE41B, "TLS_RSA_PSK_WITH_SALSA20_SHA1" },
1011     { 0xE41C, "TLS_DHE_PSK_WITH_ESTREAM_SALSA20_SHA1" },
1012     { 0xE41D, "TLS_DHE_PSK_WITH_SALSA20_SHA1" },
1013     { 0xE41E, "TLS_DHE_RSA_WITH_ESTREAM_SALSA20_SHA1" },
1014     { 0xE41F, "TLS_DHE_RSA_WITH_SALSA20_SHA1" },
1015
1016     /* these from http://www.mozilla.org/projects/
1017          security/pki/nss/ssl/fips-ssl-ciphersuites.html */
1018     { 0xfefe, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"},
1019     { 0xfeff, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA" },
1020     { 0xffe0, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA" },
1021     { 0xffe1, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"},
1022     /* note that ciphersuites 0xff00 - 0xffff are private */
1023     { 0x00, NULL }
1024 };
1025
1026 value_string_ext ssl_31_ciphersuite_ext = VALUE_STRING_EXT_INIT(ssl_31_ciphersuite);
1027
1028
1029 const value_string pct_msg_types[] = {
1030     { PCT_MSG_CLIENT_HELLO,         "Client Hello" },
1031     { PCT_MSG_SERVER_HELLO,         "Server Hello" },
1032     { PCT_MSG_CLIENT_MASTER_KEY,    "Client Master Key" },
1033     { PCT_MSG_SERVER_VERIFY,        "Server Verify" },
1034     { PCT_MSG_ERROR,                "Error" },
1035     { 0x00, NULL }
1036 };
1037
1038 const value_string pct_cipher_type[] = {
1039     { PCT_CIPHER_DES, "DES" },
1040     { PCT_CIPHER_IDEA, "IDEA" },
1041     { PCT_CIPHER_RC2, "RC2" },
1042     { PCT_CIPHER_RC4, "RC4" },
1043     { PCT_CIPHER_DES_112, "DES 112 bit" },
1044     { PCT_CIPHER_DES_168, "DES 168 bit" },
1045     { 0x00, NULL }
1046 };
1047
1048 const value_string pct_hash_type[] = {
1049     { PCT_HASH_MD5, "MD5" },
1050     { PCT_HASH_MD5_TRUNC_64, "MD5_TRUNC_64"},
1051     { PCT_HASH_SHA, "SHA"},
1052     { PCT_HASH_SHA_TRUNC_80, "SHA_TRUNC_80"},
1053     { PCT_HASH_DES_DM, "DES_DM"},
1054     { 0x00, NULL }
1055 };
1056
1057 const value_string pct_cert_type[] = {
1058     { PCT_CERT_NONE, "None" },
1059     { PCT_CERT_X509, "X.509" },
1060     { PCT_CERT_PKCS7, "PKCS #7" },
1061     { 0x00, NULL }
1062 };
1063 const value_string pct_sig_type[] = {
1064     { PCT_SIG_NONE, "None" },
1065     { PCT_SIG_RSA_MD5, "MD5" },
1066     { PCT_SIG_RSA_SHA, "RSA SHA" },
1067     { PCT_SIG_DSA_SHA, "DSA SHA" },
1068     { 0x00, NULL }
1069 };
1070
1071 const value_string pct_exch_type[] = {
1072     { PCT_EXCH_RSA_PKCS1, "RSA PKCS#1" },
1073     { PCT_EXCH_RSA_PKCS1_TOKEN_DES, "RSA PKCS#1 Token DES" },
1074     { PCT_EXCH_RSA_PKCS1_TOKEN_DES3, "RSA PKCS#1 Token 3DES" },
1075     { PCT_EXCH_RSA_PKCS1_TOKEN_RC2, "RSA PKCS#1 Token RC-2" },
1076     { PCT_EXCH_RSA_PKCS1_TOKEN_RC4, "RSA PKCS#1 Token RC-4" },
1077     { PCT_EXCH_DH_PKCS3, "DH PKCS#3" },
1078     { PCT_EXCH_DH_PKCS3_TOKEN_DES, "DH PKCS#3 Token DES" },
1079     { PCT_EXCH_DH_PKCS3_TOKEN_DES3, "DH PKCS#3 Token 3DES" },
1080     { PCT_EXCH_FORTEZZA_TOKEN, "Fortezza" },
1081     { 0x00, NULL }
1082 };
1083
1084 const value_string pct_error_code[] = {
1085     { PCT_ERR_BAD_CERTIFICATE, "PCT_ERR_BAD_CERTIFICATE" },
1086     { PCT_ERR_CLIENT_AUTH_FAILED, "PCT_ERR_CLIENT_AUTH_FAILE" },
1087     { PCT_ERR_ILLEGAL_MESSAGE, "PCT_ERR_ILLEGAL_MESSAGE" },
1088     { PCT_ERR_INTEGRITY_CHECK_FAILED, "PCT_ERR_INTEGRITY_CHECK_FAILED" },
1089     { PCT_ERR_SERVER_AUTH_FAILED, "PCT_ERR_SERVER_AUTH_FAILED" },
1090     { PCT_ERR_SPECS_MISMATCH, "PCT_ERR_SPECS_MISMATCH" },
1091     { 0x00, NULL }
1092 };
1093
1094 /* http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#tls-extensiontype-values-1 */
1095 const value_string tls_hello_extension_types[] = {
1096     { SSL_HND_HELLO_EXT_SERVER_NAME, "server_name" }, /* RFC 3546 */
1097     { 1, "max_fragment_length" },
1098     { 2, "client_certificate_url" },
1099     { 3, "trusted_ca_keys" },
1100     { 4, "truncated_hmac" },
1101     { SSL_HND_HELLO_EXT_STATUS_REQUEST, "status_request" }, /* RFC 6066 */
1102     { 6, "user_mapping" },  /* RFC 4681 */
1103     { 7, "client_authz" },
1104     { 8, "server_authz" },
1105     { SSL_HND_HELLO_EXT_CERT_TYPE, "cert_type" },  /* RFC 5081 */
1106     { SSL_HND_HELLO_EXT_ELLIPTIC_CURVES, "elliptic_curves" },  /* RFC 4492 */
1107     { SSL_HND_HELLO_EXT_EC_POINT_FORMATS, "ec_point_formats" },  /* RFC 4492 */
1108     { 12, "srp" },  /* RFC 5054 */
1109     { 13, "signature_algorithms" },  /* RFC 5246 */
1110     { 14, "use_srtp" },
1111     { SSL_HND_HELLO_EXT_HEARTBEAT, "Heartbeat" },  /* RFC 6520 */
1112     { SSL_HND_HELLO_EXT_ALPN, "Application Layer Protocol Negotiation" }, /* RFC 7301 */
1113     { SSL_HND_HELLO_EXT_STATUS_REQUEST_V2, "status_request_v2" }, /* RFC 6961 */
1114     { 18, "signed_certificate_timestamp" }, /* RFC 6962 */
1115     { SSL_HND_HELLO_EXT_CLIENT_CERT_TYPE, "client_certificate_type" }, /* RFC 7250 */
1116     { SSL_HND_HELLO_EXT_SERVER_CERT_TYPE, "server_certificate_type" }, /* RFC 7250 */
1117     { SSL_HND_HELLO_EXT_PADDING, "Padding" }, /* http://tools.ietf.org/html/draft-agl-tls-padding */
1118     { SSL_HND_HELLO_EXT_EXTENDED_MASTER_SECRET_TYPE, "Extended Master Secret" }, /* https://tools.ietf.org/html/draft-ietf-tls-session-hash-01 */
1119     { SSL_HND_HELLO_EXT_SESSION_TICKET, "SessionTicket TLS" },  /* RFC 4507 */
1120     { SSL_HND_HELLO_EXT_NPN, "next_protocol_negotiation"}, /* http://technotes.googlecode.com/git/nextprotoneg.html */
1121     { SSL_HND_HELLO_EXT_RENEG_INFO, "renegotiation_info" }, /* RFC 5746 */
1122     /* http://tools.ietf.org/html/draft-balfanz-tls-channelid-00
1123        https://twitter.com/ericlaw/status/274237352531083264 */
1124     { SSL_HND_HELLO_EXT_CHANNEL_ID_OLD, "channel_id_old" },
1125     /* http://tools.ietf.org/html/draft-balfanz-tls-channelid-01
1126        https://code.google.com/p/chromium/codesearch#chromium/src/net/third_party/nss/ssl/sslt.h&l=209 */
1127     { SSL_HND_HELLO_EXT_CHANNEL_ID, "channel_id" },
1128     { 0, NULL }
1129 };
1130
1131 const value_string tls_hello_ext_server_name_type_vs[] = {
1132     { 0, "host_name" },
1133     { 0, NULL }
1134 };
1135
1136 /* RFC 5246 7.4.1.4.1 */
1137 const value_string tls_hash_algorithm[] = {
1138     { 0, "None" },
1139     { 1, "MD5" },
1140     { 2, "SHA1" },
1141     { 3, "SHA224" },
1142     { 4, "SHA256" },
1143     { 5, "SHA384" },
1144     { 6, "SHA512" },
1145     { 0, NULL }
1146 };
1147
1148 const value_string tls_signature_algorithm[] = {
1149     { 0, "Anonymous" },
1150     { 1, "RSA" },
1151     { 2, "DSA" },
1152     { 3, "ECDSA" },
1153     { 0, NULL }
1154 };
1155
1156 /* RFC 6091 3.1 */
1157 const value_string tls_certificate_type[] = {
1158     { 0, "X.509" },
1159     { 1, "OpenPGP" },
1160     { SSL_HND_CERT_TYPE_RAW_PUBLIC_KEY, "Raw Public Key" }, /* RFC 7250 */
1161     { 0, NULL }
1162 };
1163
1164 const value_string tls_cert_chain_type[] = {
1165     { SSL_HND_CERT_URL_TYPE_INDIVIDUAL_CERT,    "Individual Certificates" },
1166     { SSL_HND_CERT_URL_TYPE_PKIPATH,            "PKI Path" },
1167     { 0, NULL }
1168 };
1169
1170 const value_string tls_cert_status_type[] = {
1171     { SSL_HND_CERT_STATUS_TYPE_OCSP,            "OCSP" },
1172     { SSL_HND_CERT_STATUS_TYPE_OCSP_MULTI,      "OCSP Multi" },
1173     { 0, NULL }
1174 };
1175
1176 /* string_string is inappropriate as it compares strings while
1177  * "byte strings MUST NOT be truncated" (RFC 7301) */
1178 typedef struct ssl_alpn_protocol {
1179     const guint8    *proto_name;
1180     size_t           proto_name_len;
1181     const char      *dissector_name;
1182 } ssl_alpn_protocol_t;
1183 /* http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids */
1184 static const ssl_alpn_protocol_t ssl_alpn_protocols[] = {
1185     { "http/1.1",   sizeof("http/1.1"),     "http" },
1186     /* SPDY moves so fast, just 1, 2 and 3 are registered with IANA but there
1187      * already exists 3.1 as of this writing... match the prefix. */
1188     { "spdy/",      sizeof("spdy/") - 1,    "spdy" },
1189     { "stun.turn",  sizeof("stun.turn"),    "turnchannel" },
1190     { "stun.nat-discovery", sizeof("stun.nat-discovery"), "stun" },
1191     /* draft-ietf-httpbis-http2-16 */
1192     { "h2-",         sizeof("h2-") - 1,     "http2" }, /* draft versions */
1193     { "h2",          sizeof("h2"),          "http2" }, /* final version */
1194 };
1195
1196 /* we keep this internal to packet-ssl-utils, as there should be
1197    no need to access it any other way.
1198
1199    This also allows us to hide the dependency on zlib.
1200 */
1201 struct _SslDecompress {
1202     gint compression;
1203 #ifdef HAVE_LIBZ
1204     z_stream istream;
1205 #endif
1206 };
1207
1208 /* To assist in parsing client/server key exchange messages
1209    0 indicates unknown */
1210 gint ssl_get_keyex_alg(gint cipher)
1211 {
1212     switch(cipher) {
1213     case 0x0017:
1214     case 0x0018:
1215     case 0x0019:
1216     case 0x001a:
1217     case 0x001b:
1218     case 0x0034:
1219     case 0x003a:
1220     case 0x0046:
1221     case 0x006c:
1222     case 0x006d:
1223     case 0x0089:
1224     case 0x009b:
1225     case 0x00a6:
1226     case 0x00a7:
1227     case 0x00bf:
1228     case 0x00c5:
1229     case 0xc084:
1230     case 0xc085:
1231         return KEX_DH_ANON;
1232     case 0x000b:
1233     case 0x000c:
1234     case 0x000d:
1235     case 0x0030:
1236     case 0x0036:
1237     case 0x003e:
1238     case 0x0042:
1239     case 0x0068:
1240     case 0x0085:
1241     case 0x0097:
1242     case 0x00a4:
1243     case 0x00a5:
1244     case 0x00bb:
1245     case 0x00c1:
1246     case 0xc082:
1247     case 0xc083:
1248         return KEX_DH_DSS;
1249     case 0x000e:
1250     case 0x000f:
1251     case 0x0010:
1252     case 0x0031:
1253     case 0x0037:
1254     case 0x003f:
1255     case 0x0043:
1256     case 0x0069:
1257     case 0x0086:
1258     case 0x0098:
1259     case 0x00a0:
1260     case 0x00a1:
1261     case 0x00bc:
1262     case 0x00c2:
1263     case 0xc07e:
1264     case 0xc07f:
1265         return KEX_DH_RSA;
1266     case 0x0011:
1267     case 0x0012:
1268     case 0x0013:
1269     case 0x0032:
1270     case 0x0038:
1271     case 0x0040:
1272     case 0x0044:
1273     case 0x0063:
1274     case 0x0065:
1275     case 0x0066:
1276     case 0x006a:
1277     case 0x0087:
1278     case 0x0099:
1279     case 0x00a2:
1280     case 0x00a3:
1281     case 0x00bd:
1282     case 0x00c3:
1283     case 0xc080:
1284     case 0xc081:
1285         return KEX_DHE_DSS;
1286     case 0x002d:
1287     case 0x008e:
1288     case 0x008f:
1289     case 0x0090:
1290     case 0x0091:
1291     case 0x00aa:
1292     case 0x00ab:
1293     case 0x00b2:
1294     case 0x00b3:
1295     case 0x00b4:
1296     case 0x00b5:
1297     case 0xc090:
1298     case 0xc091:
1299     case 0xc096:
1300     case 0xc097:
1301     case 0xc0a6:
1302     case 0xc0a7:
1303     case 0xc0aa:
1304     case 0xc0ab:
1305     case 0xe41c:
1306     case 0xe41d:
1307         return KEX_DHE_PSK;
1308     case 0x0014:
1309     case 0x0015:
1310     case 0x0016:
1311     case 0x0033:
1312     case 0x0039:
1313     case 0x0045:
1314     case 0x0067:
1315     case 0x006b:
1316     case 0x0088:
1317     case 0x009a:
1318     case 0x009e:
1319     case 0x009f:
1320     case 0x00be:
1321     case 0x00c4:
1322     case 0xc07c:
1323     case 0xc07d:
1324     case 0xc09e:
1325     case 0xc09f:
1326     case 0xc0a2:
1327     case 0xc0a3:
1328     case 0xe41e:
1329     case 0xe41f:
1330         return KEX_DHE_RSA;
1331     case 0xc015:
1332     case 0xc016:
1333     case 0xc017:
1334     case 0xc018:
1335     case 0xc019:
1336         return KEX_ECDH_ANON;
1337     case 0xc001:
1338     case 0xc002:
1339     case 0xc003:
1340     case 0xc004:
1341     case 0xc005:
1342     case 0xc025:
1343     case 0xc026:
1344     case 0xc02d:
1345     case 0xc02e:
1346     case 0xc074:
1347     case 0xc075:
1348     case 0xc088:
1349     case 0xc089:
1350         return KEX_ECDH_ECDSA;
1351     case 0xc00b:
1352     case 0xc00c:
1353     case 0xc00d:
1354     case 0xc00e:
1355     case 0xc00f:
1356     case 0xc029:
1357     case 0xc02a:
1358     case 0xc031:
1359     case 0xc032:
1360     case 0xc078:
1361     case 0xc079:
1362     case 0xc08c:
1363     case 0xc08d:
1364         return KEX_ECDH_RSA;
1365     case 0xc006:
1366     case 0xc007:
1367     case 0xc008:
1368     case 0xc009:
1369     case 0xc00a:
1370     case 0xc023:
1371     case 0xc024:
1372     case 0xc02b:
1373     case 0xc02c:
1374     case 0xc072:
1375     case 0xc073:
1376     case 0xc086:
1377     case 0xc087:
1378     case 0xc0ac:
1379     case 0xc0ad:
1380     case 0xc0ae:
1381     case 0xc0af:
1382     case 0xe414:
1383     case 0xe415:
1384         return KEX_ECDHE_ECDSA;
1385     case 0xc033:
1386     case 0xc034:
1387     case 0xc035:
1388     case 0xc036:
1389     case 0xc037:
1390     case 0xc038:
1391     case 0xc039:
1392     case 0xc03a:
1393     case 0xc03b:
1394     case 0xc09a:
1395     case 0xc09b:
1396     case 0xe418:
1397     case 0xe419:
1398         return KEX_ECDHE_PSK;
1399     case 0xc010:
1400     case 0xc011:
1401     case 0xc012:
1402     case 0xc013:
1403     case 0xc014:
1404     case 0xc027:
1405     case 0xc028:
1406     case 0xc02f:
1407     case 0xc030:
1408     case 0xc076:
1409     case 0xc077:
1410     case 0xc08a:
1411     case 0xc08b:
1412     case 0xe412:
1413     case 0xe413:
1414         return KEX_ECDHE_RSA;
1415     case 0x001e:
1416     case 0x001f:
1417     case 0x0020:
1418     case 0x0021:
1419     case 0x0022:
1420     case 0x0023:
1421     case 0x0024:
1422     case 0x0025:
1423     case 0x0026:
1424     case 0x0027:
1425     case 0x0028:
1426     case 0x0029:
1427     case 0x002a:
1428     case 0x002b:
1429         return KEX_KRB5;
1430     case 0x002c:
1431     case 0x008a:
1432     case 0x008b:
1433     case 0x008c:
1434     case 0x008d:
1435     case 0x00a8:
1436     case 0x00a9:
1437     case 0x00ae:
1438     case 0x00af:
1439     case 0x00b0:
1440     case 0x00b1:
1441     case 0xc064:
1442     case 0xc065:
1443     case 0xc08e:
1444     case 0xc08f:
1445     case 0xc094:
1446     case 0xc095:
1447     case 0xc0a4:
1448     case 0xc0a5:
1449     case 0xc0a8:
1450     case 0xc0a9:
1451     case 0xe416:
1452     case 0xe417:
1453         return KEX_PSK;
1454     case 0x0001:
1455     case 0x0002:
1456     case 0x0003:
1457     case 0x0004:
1458     case 0x0005:
1459     case 0x0006:
1460     case 0x0007:
1461     case 0x0008:
1462     case 0x0009:
1463     case 0x000a:
1464     case 0x002f:
1465     case 0x0035:
1466     case 0x003b:
1467     case 0x003c:
1468     case 0x003d:
1469     case 0x0041:
1470     case 0x0060:
1471     case 0x0061:
1472     case 0x0062:
1473     case 0x0064:
1474     case 0x0084:
1475     case 0x0096:
1476     case 0x009c:
1477     case 0x009d:
1478     case 0x00ba:
1479     case 0x00c0:
1480     case 0xc07a:
1481     case 0xc07b:
1482     case 0xc09c:
1483     case 0xc09d:
1484     case 0xc0a0:
1485     case 0xc0a1:
1486     case 0xe410:
1487     case 0xe411:
1488     case 0xfefe:
1489     case 0xfeff:
1490     case 0xffe0:
1491     case 0xffe1:
1492         return KEX_RSA;
1493     case 0x002e:
1494     case 0x0092:
1495     case 0x0093:
1496     case 0x0094:
1497     case 0x0095:
1498     case 0x00ac:
1499     case 0x00ad:
1500     case 0x00b6:
1501     case 0x00b7:
1502     case 0x00b8:
1503     case 0x00b9:
1504     case 0xc092:
1505     case 0xc093:
1506     case 0xc098:
1507     case 0xc099:
1508     case 0xe41a:
1509     case 0xe41b:
1510         return KEX_RSA_PSK;
1511     case 0xc01a:
1512     case 0xc01d:
1513     case 0xc020:
1514         return KEX_SRP_SHA;
1515     case 0xc01c:
1516     case 0xc01f:
1517     case 0xc022:
1518         return KEX_SRP_SHA_DSS;
1519     case 0xc01b:
1520     case 0xc01e:
1521     case 0xc021:
1522         return KEX_SRP_SHA_RSA;
1523     default:
1524         break;
1525     }
1526
1527     return 0;
1528 }
1529
1530
1531
1532
1533 static gint
1534 ssl_data_alloc(StringInfo* str, size_t len)
1535 {
1536     str->data = (guchar *)g_malloc(len);
1537     /* the allocator can return a null pointer for a size equal to 0,
1538      * and that must be allowed */
1539     if (len > 0 && !str->data)
1540         return -1;
1541     str->data_len = (guint) len;
1542     return 0;
1543 }
1544
1545 void
1546 ssl_data_set(StringInfo* str, const guchar* data, guint len)
1547 {
1548     DISSECTOR_ASSERT(data);
1549     memcpy(str->data, data, len);
1550     str->data_len = len;
1551 }
1552
1553 static StringInfo *
1554 ssl_data_clone(StringInfo *str)
1555 {
1556     StringInfo *cloned_str;
1557     cloned_str = (StringInfo *) wmem_alloc0(wmem_file_scope(),
1558             sizeof(StringInfo) + str->data_len);
1559     cloned_str->data = (guchar *) (cloned_str + 1);
1560     ssl_data_set(cloned_str, str->data, str->data_len);
1561     return cloned_str;
1562 }
1563
1564 /* from_hex converts |hex_len| bytes of hex data from |in| and sets |*out| to
1565  * the result. |out->data| will be allocated using wmem_file_scope. Returns TRUE on
1566  * success. */
1567 static gboolean from_hex(StringInfo* out, const char* in, gsize hex_len) {
1568     gsize i;
1569
1570     if (hex_len & 1)
1571         return FALSE;
1572
1573     out->data = (guchar *)wmem_alloc(wmem_file_scope(), hex_len / 2);
1574     for (i = 0; i < hex_len / 2; i++) {
1575         int a = ws_xton(in[i*2]);
1576         int b = ws_xton(in[i*2 + 1]);
1577         if (a == -1 || b == -1)
1578             return FALSE;
1579         out->data[i] = a << 4 | b;
1580     }
1581     out->data_len = (guint)hex_len / 2;
1582     return TRUE;
1583 }
1584
1585
1586 #if defined(HAVE_LIBGNUTLS) && defined(HAVE_LIBGCRYPT)
1587
1588 /* hmac abstraction layer */
1589 #define SSL_HMAC gcry_md_hd_t
1590
1591 static inline gint
1592 ssl_hmac_init(SSL_HMAC* md, const void * key, gint len, gint algo)
1593 {
1594     gcry_error_t  err;
1595     const char   *err_str, *err_src;
1596
1597     err = gcry_md_open(md,algo, GCRY_MD_FLAG_HMAC);
1598     if (err != 0) {
1599         err_str = gcry_strerror(err);
1600         err_src = gcry_strsource(err);
1601         ssl_debug_printf("ssl_hmac_init(): gcry_md_open failed %s/%s", err_str, err_src);
1602         return -1;
1603     }
1604     gcry_md_setkey (*(md), key, len);
1605     return 0;
1606 }
1607 static inline void
1608 ssl_hmac_update(SSL_HMAC* md, const void* data, gint len)
1609 {
1610     gcry_md_write(*(md), data, len);
1611 }
1612 static inline void
1613 ssl_hmac_final(SSL_HMAC* md, guchar* data, guint* datalen)
1614 {
1615     gint  algo;
1616     guint len;
1617
1618     algo = gcry_md_get_algo (*(md));
1619     len  = gcry_md_get_algo_dlen(algo);
1620     DISSECTOR_ASSERT(len <= *datalen);
1621     memcpy(data, gcry_md_read(*(md), algo), len);
1622     *datalen = len;
1623 }
1624 static inline void
1625 ssl_hmac_cleanup(SSL_HMAC* md)
1626 {
1627     gcry_md_close(*(md));
1628 }
1629
1630 /* memory digest abstraction layer*/
1631 #define SSL_MD gcry_md_hd_t
1632
1633 static inline gint
1634 ssl_md_init(SSL_MD* md, gint algo)
1635 {
1636     gcry_error_t  err;
1637     const char   *err_str, *err_src;
1638     err = gcry_md_open(md,algo, 0);
1639     if (err != 0) {
1640         err_str = gcry_strerror(err);
1641         err_src = gcry_strsource(err);
1642         ssl_debug_printf("ssl_md_init(): gcry_md_open failed %s/%s", err_str, err_src);
1643         return -1;
1644     }
1645     return 0;
1646 }
1647 static inline void
1648 ssl_md_update(SSL_MD* md, guchar* data, gint len)
1649 {
1650     gcry_md_write(*(md), data, len);
1651 }
1652 static inline void
1653 ssl_md_final(SSL_MD* md, guchar* data, guint* datalen)
1654 {
1655     gint algo;
1656     gint len;
1657     algo = gcry_md_get_algo (*(md));
1658     len = gcry_md_get_algo_dlen (algo);
1659     memcpy(data, gcry_md_read(*(md),  algo), len);
1660     *datalen = len;
1661 }
1662 static inline void
1663 ssl_md_cleanup(SSL_MD* md)
1664 {
1665     gcry_md_close(*(md));
1666 }
1667
1668 /* md5 /sha abstraction layer */
1669 #define SSL_SHA_CTX gcry_md_hd_t
1670 #define SSL_MD5_CTX gcry_md_hd_t
1671
1672 static inline void
1673 ssl_sha_init(SSL_SHA_CTX* md)
1674 {
1675     gcry_md_open(md,GCRY_MD_SHA1, 0);
1676 }
1677 static inline void
1678 ssl_sha_update(SSL_SHA_CTX* md, guchar* data, gint len)
1679 {
1680     gcry_md_write(*(md), data, len);
1681 }
1682 static inline void
1683 ssl_sha_final(guchar* buf, SSL_SHA_CTX* md)
1684 {
1685     memcpy(buf, gcry_md_read(*(md),  GCRY_MD_SHA1),
1686            gcry_md_get_algo_dlen(GCRY_MD_SHA1));
1687 }
1688 static inline void
1689 ssl_sha_cleanup(SSL_SHA_CTX* md)
1690 {
1691     gcry_md_close(*(md));
1692 }
1693
1694 static inline gint
1695 ssl_md5_init(SSL_MD5_CTX* md)
1696 {
1697     return gcry_md_open(md,GCRY_MD_MD5, 0);
1698 }
1699 static inline void
1700 ssl_md5_update(SSL_MD5_CTX* md, guchar* data, gint len)
1701 {
1702     gcry_md_write(*(md), data, len);
1703 }
1704 static inline void
1705 ssl_md5_final(guchar* buf, SSL_MD5_CTX* md)
1706 {
1707     memcpy(buf, gcry_md_read(*(md),  GCRY_MD_MD5),
1708            gcry_md_get_algo_dlen(GCRY_MD_MD5));
1709 }
1710 static inline void
1711 ssl_md5_cleanup(SSL_MD5_CTX* md)
1712 {
1713     gcry_md_close(*(md));
1714 }
1715
1716 gint
1717 ssl_cipher_setiv(SSL_CIPHER_CTX *cipher, guchar* iv, gint iv_len)
1718 {
1719     gint ret;
1720 #if 0
1721     guchar *ivp;
1722     gint i;
1723     gcry_cipher_hd_t c;
1724     c=(gcry_cipher_hd_t)*cipher;
1725 #endif
1726     ssl_debug_printf("--------------------------------------------------------------------");
1727 #if 0
1728     for(ivp=c->iv,i=0; i < iv_len; i++ )
1729         {
1730         ssl_debug_printf("%d ",ivp[i]);
1731         i++;
1732         }
1733 #endif
1734     ssl_debug_printf("--------------------------------------------------------------------");
1735     ret = gcry_cipher_setiv(*(cipher), iv, iv_len);
1736 #if 0
1737     for(ivp=c->iv,i=0; i < iv_len; i++ )
1738         {
1739         ssl_debug_printf("%d ",ivp[i]);
1740         i++;
1741         }
1742 #endif
1743     ssl_debug_printf("--------------------------------------------------------------------");
1744     return ret;
1745 }
1746 /* stream cipher abstraction layer*/
1747 static gint
1748 ssl_cipher_init(gcry_cipher_hd_t *cipher, gint algo, guchar* sk,
1749         guchar* iv, gint mode)
1750 {
1751     gint gcry_modes[]={GCRY_CIPHER_MODE_STREAM,GCRY_CIPHER_MODE_CBC,GCRY_CIPHER_MODE_CTR,GCRY_CIPHER_MODE_CTR,GCRY_CIPHER_MODE_CTR};
1752     gint err;
1753     if (algo == -1) {
1754         /* NULL mode */
1755         *(cipher) = (gcry_cipher_hd_t)-1;
1756         return 0;
1757     }
1758     err = gcry_cipher_open(cipher, algo, gcry_modes[mode], 0);
1759     if (err !=0)
1760         return  -1;
1761     err = gcry_cipher_setkey(*(cipher), sk, gcry_cipher_get_algo_keylen (algo));
1762     if (err != 0)
1763         return -1;
1764     err = gcry_cipher_setiv(*(cipher), iv, gcry_cipher_get_algo_blklen (algo));
1765     if (err != 0)
1766         return -1;
1767     return 0;
1768 }
1769 static inline gint
1770 ssl_cipher_decrypt(gcry_cipher_hd_t *cipher, guchar * out, gint outl,
1771                    const guchar * in, gint inl)
1772 {
1773     if ((*cipher) == (gcry_cipher_hd_t)-1)
1774     {
1775         if (in && inl)
1776             memcpy(out, in, outl < inl ? outl : inl);
1777         return 0;
1778     }
1779     return gcry_cipher_decrypt ( *(cipher), out, outl, in, inl);
1780 }
1781 static inline gint
1782 ssl_get_digest_by_name(const gchar*name)
1783 {
1784     return gcry_md_map_name(name);
1785 }
1786 static inline gint
1787 ssl_get_cipher_by_name(const gchar* name)
1788 {
1789     return gcry_cipher_map_name(name);
1790 }
1791
1792 static inline void
1793 ssl_cipher_cleanup(gcry_cipher_hd_t *cipher)
1794 {
1795     if ((*cipher) != (gcry_cipher_hd_t)-1)
1796         gcry_cipher_close(*cipher);
1797     *cipher = NULL;
1798 }
1799
1800 gcry_err_code_t
1801 _gcry_rsa_decrypt (int algo, gcry_mpi_t *result, gcry_mpi_t *data,
1802                    gcry_mpi_t *skey, gint flags);
1803
1804 /* decrypt data with private key. Store decrypted data directly into input
1805  * buffer */
1806 static int
1807 ssl_private_decrypt(const guint len, guchar* data, gcry_sexp_t pk)
1808 {
1809     gint        rc = 0;
1810     size_t      decr_len = 0, i = 0;
1811     gcry_sexp_t s_data = NULL, s_plain = NULL;
1812     gcry_mpi_t  encr_mpi = NULL, text = NULL;
1813
1814     /* create mpi representation of encrypted data */
1815     rc = gcry_mpi_scan(&encr_mpi, GCRYMPI_FMT_USG, data, len, NULL);
1816     if (rc != 0 ) {
1817         ssl_debug_printf("pcry_private_decrypt: can't convert data to mpi (size %d):%s\n",
1818             len, gcry_strerror(rc));
1819         return 0;
1820     }
1821
1822     /* put the data into a simple list */
1823     rc = gcry_sexp_build(&s_data, NULL, "(enc-val(rsa(a%m)))", encr_mpi);
1824     if (rc != 0) {
1825         ssl_debug_printf("pcry_private_decrypt: can't build encr_sexp:%s\n",
1826              gcry_strerror(rc));
1827         decr_len = 0;
1828         goto out;
1829     }
1830
1831     /* pass it to libgcrypt */
1832     rc = gcry_pk_decrypt(&s_plain, s_data, pk);
1833     if (rc != 0)
1834     {
1835         ssl_debug_printf("pcry_private_decrypt: can't decrypt key:%s\n",
1836             gcry_strerror(rc));
1837         decr_len = 0;
1838         goto out;
1839     }
1840
1841     /* convert plain text sexp to mpi format */
1842     text = gcry_sexp_nth_mpi(s_plain, 0, 0);
1843     if (! text) {
1844         ssl_debug_printf("pcry_private_decrypt: can't convert sexp to mpi\n");
1845         decr_len = 0;
1846         goto out;
1847     }
1848
1849     /* compute size requested for plaintext buffer */
1850     rc = gcry_mpi_print(GCRYMPI_FMT_USG, NULL, 0, &decr_len, text);
1851     if (rc != 0) {
1852         ssl_debug_printf("pcry_private_decrypt: can't compute decr size:%s\n",
1853             gcry_strerror(rc));
1854         decr_len = 0;
1855         goto out;
1856     }
1857
1858     /* sanity check on out buffer */
1859     if (decr_len > len) {
1860         ssl_debug_printf("pcry_private_decrypt: decrypted data is too long ?!? (%" G_GSIZE_MODIFIER "u max %d)\n", decr_len, len);
1861         decr_len = 0;
1862         goto out;
1863     }
1864
1865     /* write plain text to newly allocated buffer */
1866     rc = gcry_mpi_print(GCRYMPI_FMT_USG, data, len, &decr_len, text);
1867     if (rc != 0) {
1868         ssl_debug_printf("pcry_private_decrypt: can't print decr data to mpi (size %" G_GSIZE_MODIFIER "u):%s\n", decr_len, gcry_strerror(rc));
1869         decr_len = 0;
1870         goto out;
1871     }
1872
1873     ssl_print_data("decrypted_unstrip_pre_master", data, decr_len);
1874
1875     /* strip the padding*/
1876     rc = 0;
1877     for (i = 1; i < decr_len; i++) {
1878         if (data[i] == 0) {
1879             rc = (gint) i+1;
1880             break;
1881         }
1882     }
1883
1884     ssl_debug_printf("pcry_private_decrypt: stripping %d bytes, decr_len %" G_GSIZE_MODIFIER "u\n", rc, decr_len);
1885     decr_len -= rc;
1886     memmove(data, data+rc, decr_len);
1887
1888 out:
1889     gcry_sexp_release(s_data);
1890     gcry_sexp_release(s_plain);
1891     gcry_mpi_release(encr_mpi);
1892     gcry_mpi_release(text);
1893     return (int) decr_len;
1894 }
1895
1896 /* stringinfo interface */
1897 static gint
1898 ssl_data_realloc(StringInfo* str, guint len)
1899 {
1900     str->data = (guchar *)g_realloc(str->data, len);
1901     if (!str->data)
1902         return -1;
1903     str->data_len = len;
1904     return 0;
1905 }
1906
1907 static gint
1908 ssl_data_copy(StringInfo* dst, StringInfo* src)
1909 {
1910     if (dst->data_len < src->data_len) {
1911       if (ssl_data_realloc(dst, src->data_len))
1912         return -1;
1913     }
1914     memcpy(dst->data, src->data, src->data_len);
1915     dst->data_len = src->data_len;
1916     return 0;
1917 }
1918
1919 static const SslDigestAlgo digests[]={
1920     {"MD5",     16},
1921     {"SHA1",    20},
1922     {"SHA256",  32},
1923     {"SHA384",  48},
1924     {"Not Applicable",  0},
1925 };
1926
1927 #define DIGEST_MAX_SIZE 48
1928
1929 /* get index digest index */
1930 static const SslDigestAlgo *
1931 ssl_cipher_suite_dig(SslCipherSuite *cs) {
1932     return &digests[cs->dig - DIG_MD5];
1933 }
1934
1935 static const gchar *ciphers[]={
1936     "DES",
1937     "3DES",
1938     "ARCFOUR", /* libgcrypt does not support rc4, but this should be 100% compatible*/
1939     "RFC2268_128", /* libgcrypt name for RC2 with a 128-bit key */
1940     "IDEA",
1941     "AES",
1942     "AES256",
1943     "CAMELLIA128",
1944     "CAMELLIA256",
1945     "SEED",
1946     "*UNKNOWN*"
1947 };
1948
1949 static SslCipherSuite cipher_suites[]={
1950     {0x0001,KEX_RSA,         ENC_NULL,        1,  0,  0,DIG_MD5,    MODE_STREAM},   /* TLS_RSA_WITH_NULL_MD5 */
1951     {0x0002,KEX_RSA,         ENC_NULL,        1,  0,  0,DIG_SHA,    MODE_STREAM},   /* TLS_RSA_WITH_NULL_SHA */
1952     {0x0003,KEX_RSA,         ENC_RC4,         1,128, 40,DIG_MD5,    MODE_STREAM},   /* TLS_RSA_EXPORT_WITH_RC4_40_MD5 */
1953     {0x0004,KEX_RSA,         ENC_RC4,         1,128,128,DIG_MD5,    MODE_STREAM},   /* TLS_RSA_WITH_RC4_128_MD5 */
1954     {0x0005,KEX_RSA,         ENC_RC4,         1,128,128,DIG_SHA,    MODE_STREAM},   /* TLS_RSA_WITH_RC4_128_SHA */
1955     {0x0006,KEX_RSA,         ENC_RC2,         8,128, 40,DIG_MD5,    MODE_CBC   },   /* TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 */
1956     {0x0007,KEX_RSA,         ENC_IDEA,        8,128,128,DIG_SHA,    MODE_CBC   },   /* TLS_RSA_WITH_IDEA_CBC_SHA */
1957     {0x0008,KEX_RSA,         ENC_DES,         8, 64, 40,DIG_SHA,    MODE_CBC   },   /* TLS_RSA_EXPORT_WITH_DES40_CBC_SHA */
1958     {0x0009,KEX_RSA,         ENC_DES,         8, 64, 64,DIG_SHA,    MODE_CBC   },   /* TLS_RSA_WITH_DES_CBC_SHA */
1959     {0x000A,KEX_RSA,         ENC_3DES,        8,192,192,DIG_SHA,    MODE_CBC   },   /* TLS_RSA_WITH_3DES_EDE_CBC_SHA */
1960     {0x000B,KEX_DH_DSS,      ENC_DES,         8, 64, 40,DIG_SHA,    MODE_CBC   },   /* TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA */
1961     {0x000C,KEX_DH_DSS,      ENC_DES,         8, 64, 64,DIG_SHA,    MODE_CBC   },   /* TLS_DH_DSS_WITH_DES_CBC_SHA */
1962     {0x000D,KEX_DH_DSS,      ENC_3DES,        8,192,192,DIG_SHA,    MODE_CBC   },   /* TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA */
1963     {0x000E,KEX_DH_RSA,      ENC_DES,         8, 64, 40,DIG_SHA,    MODE_CBC   },   /* TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA */
1964     {0x000F,KEX_DH_RSA,      ENC_DES,         8, 64, 64,DIG_SHA,    MODE_CBC   },   /* TLS_DH_RSA_WITH_DES_CBC_SHA */
1965     {0x0010,KEX_DH_RSA,      ENC_3DES,        8,192,192,DIG_SHA,    MODE_CBC   },   /* TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA */
1966     {0x0011,KEX_DHE_DSS,     ENC_DES,         8, 64, 40,DIG_SHA,    MODE_CBC   },   /* TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA */
1967     {0x0012,KEX_DHE_DSS,     ENC_DES,         8, 64, 64,DIG_SHA,    MODE_CBC   },   /* TLS_DHE_DSS_WITH_DES_CBC_SHA */
1968     {0x0013,KEX_DHE_DSS,     ENC_3DES,        8,192,192,DIG_SHA,    MODE_CBC   },   /* TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA */
1969     {0x0014,KEX_DHE_RSA,     ENC_DES,         8, 64, 40,DIG_SHA,    MODE_CBC   },   /* TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA */
1970     {0x0015,KEX_DHE_RSA,     ENC_DES,         8, 64, 64,DIG_SHA,    MODE_CBC   },   /* TLS_DHE_RSA_WITH_DES_CBC_SHA */
1971     {0x0016,KEX_DHE_RSA,     ENC_3DES,        8,192,192,DIG_SHA,    MODE_CBC   },   /* TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA */
1972     {0x0017,KEX_DH_ANON,     ENC_RC4,         1,128, 40,DIG_MD5,    MODE_STREAM},   /* TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 */
1973     {0x0018,KEX_DH_ANON,     ENC_RC4,         1,128,128,DIG_MD5,    MODE_STREAM},   /* TLS_DH_anon_WITH_RC4_128_MD5 */
1974     {0x0019,KEX_DH_ANON,     ENC_DES,         8, 64, 40,DIG_SHA,    MODE_CBC   },   /* TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA */
1975     {0x001A,KEX_DH_ANON,     ENC_DES,         8, 64, 64,DIG_SHA,    MODE_CBC   },   /* TLS_DH_anon_WITH_DES_CBC_SHA */
1976     {0x001B,KEX_DH_ANON,     ENC_3DES,        8,192,192,DIG_SHA,    MODE_CBC   },   /* TLS_DH_anon_WITH_3DES_EDE_CBC_SHA */
1977     {0x002C,KEX_PSK,         ENC_NULL,        1,  0,  0,DIG_SHA,    MODE_STREAM},   /* TLS_PSK_WITH_NULL_SHA */
1978     {0x002D,KEX_DHE_PSK,     ENC_NULL,        1,  0,  0,DIG_SHA,    MODE_STREAM},   /* TLS_DHE_PSK_WITH_NULL_SHA */
1979     {0x002E,KEX_RSA_PSK,     ENC_NULL,        1,  0,  0,DIG_SHA,    MODE_STREAM},   /* TLS_RSA_PSK_WITH_NULL_SHA */
1980     {0x002F,KEX_RSA,         ENC_AES,        16,128,128,DIG_SHA,    MODE_CBC   },   /* TLS_RSA_WITH_AES_128_CBC_SHA */
1981     {0x0030,KEX_DH_DSS,      ENC_AES,        16,128,128,DIG_SHA,    MODE_CBC   },   /* TLS_DH_DSS_WITH_AES_128_CBC_SHA */
1982     {0x0031,KEX_DH_RSA,      ENC_AES,        16,128,128,DIG_SHA,    MODE_CBC   },   /* TLS_DH_RSA_WITH_AES_128_CBC_SHA */
1983     {0x0032,KEX_DHE_DSS,     ENC_AES,        16,128,128,DIG_SHA,    MODE_CBC   },   /* TLS_DHE_DSS_WITH_AES_128_CBC_SHA */
1984     {0x0033,KEX_DHE_RSA,     ENC_AES,        16,128,128,DIG_SHA,    MODE_CBC   },   /* TLS_DHE_RSA_WITH_AES_128_CBC_SHA */
1985     {0x0034,KEX_DH_ANON,     ENC_AES,        16,128,128,DIG_SHA,    MODE_CBC   },   /* TLS_DH_anon_WITH_AES_128_CBC_SHA */
1986     {0x0035,KEX_RSA,         ENC_AES256,     16,256,256,DIG_SHA,    MODE_CBC   },   /* TLS_RSA_WITH_AES_256_CBC_SHA */
1987     {0x0036,KEX_DH_DSS,      ENC_AES256,     16,256,256,DIG_SHA,    MODE_CBC   },   /* TLS_DH_DSS_WITH_AES_256_CBC_SHA */
1988     {0x0037,KEX_DH_RSA,      ENC_AES256,     16,256,256,DIG_SHA,    MODE_CBC   },   /* TLS_DH_RSA_WITH_AES_256_CBC_SHA */
1989     {0x0038,KEX_DHE_DSS,     ENC_AES256,     16,256,256,DIG_SHA,    MODE_CBC   },   /* TLS_DHE_DSS_WITH_AES_256_CBC_SHA */
1990     {0x0039,KEX_DHE_RSA,     ENC_AES256,     16,256,256,DIG_SHA,    MODE_CBC   },   /* TLS_DHE_RSA_WITH_AES_256_CBC_SHA */
1991     {0x003A,KEX_DH_ANON,     ENC_AES256,     16,256,256,DIG_SHA,    MODE_CBC   },   /* TLS_DH_anon_WITH_AES_256_CBC_SHA */
1992     {0x003B,KEX_RSA,         ENC_NULL,        1,  0,  0,DIG_SHA256, MODE_STREAM},   /* TLS_RSA_WITH_NULL_SHA256 */
1993     {0x003C,KEX_RSA,         ENC_AES,        16,128,128,DIG_SHA256, MODE_CBC   },   /* TLS_RSA_WITH_AES_128_CBC_SHA256 */
1994     {0x003D,KEX_RSA,         ENC_AES256,     16,256,256,DIG_SHA256, MODE_CBC   },   /* TLS_RSA_WITH_AES_256_CBC_SHA256 */
1995     {0x003E,KEX_DH_DSS,      ENC_AES,        16,128,128,DIG_SHA256, MODE_CBC   },   /* TLS_DH_DSS_WITH_AES_128_CBC_SHA256 */
1996     {0x003F,KEX_DH_RSA,      ENC_AES,        16,128,128,DIG_SHA256, MODE_CBC   },   /* TLS_DH_RSA_WITH_AES_128_CBC_SHA256 */
1997     {0x0040,KEX_DHE_DSS,     ENC_AES,        16,128,128,DIG_SHA256, MODE_CBC   },   /* TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 */
1998     {0x0041,KEX_RSA,         ENC_CAMELLIA128,16,128,128,DIG_SHA,    MODE_CBC   },   /* TLS_RSA_WITH_CAMELLIA_128_CBC_SHA */
1999     {0x0042,KEX_DH_DSS,      ENC_CAMELLIA128,16,128,128,DIG_SHA,    MODE_CBC   },   /* TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA */
2000     {0x0043,KEX_DH_RSA,      ENC_CAMELLIA128,16,128,128,DIG_SHA,    MODE_CBC   },   /* TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA */
2001     {0x0044,KEX_DHE_DSS,     ENC_CAMELLIA128,16,128,128,DIG_SHA,    MODE_CBC   },   /* TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA */
2002     {0x0045,KEX_DHE_RSA,     ENC_CAMELLIA128,16,128,128,DIG_SHA,    MODE_CBC   },   /* TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA */
2003     {0x0046,KEX_DH_ANON,     ENC_CAMELLIA128,16,128,128,DIG_SHA,    MODE_CBC   },   /* TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA */
2004     {0x0060,KEX_RSA,         ENC_RC4,         1,128, 56,DIG_MD5,    MODE_STREAM},   /* TLS_RSA_EXPORT1024_WITH_RC4_56_MD5 */
2005     {0x0061,KEX_RSA,         ENC_RC2,         1,128, 56,DIG_MD5,    MODE_STREAM},   /* TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 */
2006     {0x0062,KEX_RSA,         ENC_DES,         8, 64, 56,DIG_SHA,    MODE_CBC   },   /* TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA */
2007     {0x0063,KEX_DHE_DSS,     ENC_DES,         8, 64, 56,DIG_SHA,    MODE_CBC   },   /* TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA */
2008     {0x0064,KEX_RSA,         ENC_RC4,         1,128, 56,DIG_SHA,    MODE_STREAM},   /* TLS_RSA_EXPORT1024_WITH_RC4_56_SHA */
2009     {0x0065,KEX_DHE_DSS,     ENC_RC4,         1,128, 56,DIG_SHA,    MODE_STREAM},   /* TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA */
2010     {0x0066,KEX_DHE_DSS,     ENC_RC4,         1,128,128,DIG_SHA,    MODE_STREAM},   /* TLS_DHE_DSS_WITH_RC4_128_SHA */
2011     {0x0067,KEX_DHE_RSA,     ENC_AES,        16,128,128,DIG_SHA256, MODE_CBC   },   /* TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 */
2012     {0x0068,KEX_DH_DSS,      ENC_AES256,     16,256,256,DIG_SHA256, MODE_CBC   },   /* TLS_DH_DSS_WITH_AES_256_CBC_SHA256 */
2013     {0x0069,KEX_DH_RSA,      ENC_AES256,     16,256,256,DIG_SHA256, MODE_CBC   },   /* TLS_DH_RSA_WITH_AES_256_CBC_SHA256 */
2014     {0x006A,KEX_DHE_DSS,     ENC_AES256,     16,256,256,DIG_SHA256, MODE_CBC   },   /* TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 */
2015     {0x006B,KEX_DHE_RSA,     ENC_AES256,     16,256,256,DIG_SHA256, MODE_CBC   },   /* TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 */
2016     {0x006C,KEX_DH_ANON,     ENC_AES,        16,128,128,DIG_SHA256, MODE_CBC   },   /* TLS_DH_anon_WITH_AES_128_CBC_SHA256 */
2017     {0x006D,KEX_DH_ANON,     ENC_AES256,     16,256,256,DIG_SHA256, MODE_CBC   },   /* TLS_DH_anon_WITH_AES_256_CBC_SHA256 */
2018     {0x0084,KEX_RSA,         ENC_CAMELLIA256,16,256,256,DIG_SHA,    MODE_CBC   },   /* TLS_RSA_WITH_CAMELLIA_256_CBC_SHA */
2019     {0x0085,KEX_DH_DSS,      ENC_CAMELLIA256,16,256,256,DIG_SHA,    MODE_CBC   },   /* TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA */
2020     {0x0086,KEX_DH_RSA,      ENC_CAMELLIA256,16,256,256,DIG_SHA,    MODE_CBC   },   /* TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA */
2021     {0x0087,KEX_DHE_DSS,     ENC_CAMELLIA256,16,256,256,DIG_SHA,    MODE_CBC   },   /* TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA */
2022     {0x0088,KEX_DHE_RSA,     ENC_CAMELLIA256,16,256,256,DIG_SHA,    MODE_CBC   },   /* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA */
2023     {0x0089,KEX_DH_ANON,     ENC_CAMELLIA256,16,256,256,DIG_SHA,    MODE_CBC   },   /* TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA */
2024     {0x008A,KEX_PSK,         ENC_RC4,         1,128,128,DIG_SHA,    MODE_STREAM},   /* TLS_PSK_WITH_RC4_128_SHA */
2025     {0x008B,KEX_PSK,         ENC_3DES,        8,192,192,DIG_SHA,    MODE_CBC   },   /* TLS_PSK_WITH_3DES_EDE_CBC_SHA */
2026     {0x008C,KEX_PSK,         ENC_AES,        16,128,128,DIG_SHA,    MODE_CBC   },   /* TLS_PSK_WITH_AES_128_CBC_SHA */
2027     {0x008D,KEX_PSK,         ENC_AES256,     16,256,256,DIG_SHA,    MODE_CBC   },   /* TLS_PSK_WITH_AES_256_CBC_SHA */
2028     {0x008E,KEX_DHE_PSK,     ENC_RC4,         1,128,128,DIG_SHA,    MODE_STREAM},   /* TLS_DHE_PSK_WITH_RC4_128_SHA */
2029     {0x008F,KEX_DHE_PSK,     ENC_3DES,        8,192,192,DIG_SHA,    MODE_CBC   },   /* TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA */
2030     {0x0090,KEX_DHE_PSK,     ENC_AES,        16,128,128,DIG_SHA,    MODE_CBC   },   /* TLS_DHE_PSK_WITH_AES_128_CBC_SHA */
2031     {0x0091,KEX_DHE_PSK,     ENC_AES256,     16,256,256,DIG_SHA,    MODE_CBC   },   /* TLS_DHE_PSK_WITH_AES_256_CBC_SHA */
2032     {0x0092,KEX_RSA_PSK,     ENC_RC4,         1,128,128,DIG_SHA,    MODE_STREAM},   /* TLS_RSA_PSK_WITH_RC4_128_SHA */
2033     {0x0093,KEX_RSA_PSK,     ENC_3DES,        8,192,192,DIG_SHA,    MODE_CBC   },   /* TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA */
2034     {0x0094,KEX_RSA_PSK,     ENC_AES,        16,128,128,DIG_SHA,    MODE_CBC   },   /* TLS_RSA_PSK_WITH_AES_128_CBC_SHA */
2035     {0x0095,KEX_RSA_PSK,     ENC_AES256,     16,256,256,DIG_SHA,    MODE_CBC   },   /* TLS_RSA_PSK_WITH_AES_256_CBC_SHA */
2036     {0x0096,KEX_RSA,         ENC_SEED,       16,128,128,DIG_SHA,    MODE_CBC   },   /* TLS_RSA_WITH_SEED_CBC_SHA */
2037     {0x0097,KEX_DH_DSS,      ENC_SEED,       16,128,128,DIG_SHA,    MODE_CBC   },   /* TLS_DH_DSS_WITH_SEED_CBC_SHA */
2038     {0x0098,KEX_DH_RSA,      ENC_SEED,       16,128,128,DIG_SHA,    MODE_CBC   },   /* TLS_DH_RSA_WITH_SEED_CBC_SHA */
2039     {0x0099,KEX_DHE_DSS,     ENC_SEED,       16,128,128,DIG_SHA,    MODE_CBC   },   /* TLS_DHE_DSS_WITH_SEED_CBC_SHA */
2040     {0x009A,KEX_DHE_RSA,     ENC_SEED,       16,128,128,DIG_SHA,    MODE_CBC   },   /* TLS_DHE_RSA_WITH_SEED_CBC_SHA */
2041     {0x009B,KEX_DH_ANON,     ENC_SEED,       16,128,128,DIG_SHA,    MODE_CBC   },   /* TLS_DH_anon_WITH_SEED_CBC_SHA */
2042     {0x009C,KEX_RSA,         ENC_AES,         4,128,128,DIG_SHA256, MODE_GCM   },   /* TLS_RSA_WITH_AES_128_GCM_SHA256 */
2043     {0x009D,KEX_RSA,         ENC_AES256,      4,256,256,DIG_SHA384, MODE_GCM   },   /* TLS_RSA_WITH_AES_256_GCM_SHA384 */
2044     {0x009E,KEX_DHE_RSA,     ENC_AES,         4,128,128,DIG_SHA256, MODE_GCM   },   /* TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 */
2045     {0x009F,KEX_DHE_RSA,     ENC_AES256,      4,256,256,DIG_SHA384, MODE_GCM   },   /* TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 */
2046     {0x00A0,KEX_DH_RSA,      ENC_AES,         4,128,128,DIG_SHA256, MODE_GCM   },   /* TLS_DH_RSA_WITH_AES_128_GCM_SHA256 */
2047     {0x00A1,KEX_DH_RSA,      ENC_AES256,      4,256,256,DIG_SHA384, MODE_GCM   },   /* TLS_DH_RSA_WITH_AES_256_GCM_SHA384 */
2048     {0x00A2,KEX_DHE_DSS,     ENC_AES,         4,128,128,DIG_SHA256, MODE_GCM   },   /* TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 */
2049     {0x00A3,KEX_DHE_DSS,     ENC_AES256,      4,256,256,DIG_SHA384, MODE_GCM   },   /* TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 */
2050     {0x00A4,KEX_DH_DSS,      ENC_AES,         4,128,128,DIG_SHA256, MODE_GCM   },   /* TLS_DH_DSS_WITH_AES_128_GCM_SHA256 */
2051     {0x00A5,KEX_DH_DSS,      ENC_AES256,      4,256,256,DIG_SHA384, MODE_GCM   },   /* TLS_DH_DSS_WITH_AES_256_GCM_SHA384 */
2052     {0x00A6,KEX_DH_ANON,     ENC_AES,         4,128,128,DIG_SHA256, MODE_GCM   },   /* TLS_DH_anon_WITH_AES_128_GCM_SHA256 */
2053     {0x00A7,KEX_DH_ANON,     ENC_AES256,      4,256,256,DIG_SHA384, MODE_GCM   },   /* TLS_DH_anon_WITH_AES_256_GCM_SHA384 */
2054     {0x00A8,KEX_PSK,         ENC_AES,         4,128,128,DIG_SHA256, MODE_GCM   },   /* TLS_PSK_WITH_AES_128_GCM_SHA256 */
2055     {0x00A9,KEX_PSK,         ENC_AES256,      4,256,256,DIG_SHA384, MODE_GCM   },   /* TLS_PSK_WITH_AES_256_GCM_SHA384 */
2056     {0x00AA,KEX_DHE_PSK,     ENC_AES,         4,128,128,DIG_SHA256, MODE_GCM   },   /* TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 */
2057     {0x00AB,KEX_DHE_PSK,     ENC_AES256,      4,256,256,DIG_SHA384, MODE_GCM   },   /* TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 */
2058     {0x00AC,KEX_RSA_PSK,     ENC_AES,         4,128,128,DIG_SHA256, MODE_GCM   },   /* TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 */
2059     {0x00AD,KEX_RSA_PSK,     ENC_AES256,      4,256,256,DIG_SHA384, MODE_GCM   },   /* TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 */
2060     {0x00AE,KEX_PSK,         ENC_AES,        16,128,128,DIG_SHA256, MODE_CBC   },   /* TLS_PSK_WITH_AES_128_CBC_SHA256 */
2061     {0x00AF,KEX_PSK,         ENC_AES256,     16,256,256,DIG_SHA384, MODE_CBC   },   /* TLS_PSK_WITH_AES_256_CBC_SHA384 */
2062     {0x00B0,KEX_PSK,         ENC_NULL,        1,  0,  0,DIG_SHA256, MODE_STREAM},   /* TLS_PSK_WITH_NULL_SHA256 */
2063     {0x00B1,KEX_PSK,         ENC_NULL,        1,  0,  0,DIG_SHA384, MODE_STREAM},   /* TLS_PSK_WITH_NULL_SHA384 */
2064     {0x00B2,KEX_DHE_PSK,     ENC_AES,        16,128,128,DIG_SHA256, MODE_CBC   },   /* TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 */
2065     {0x00B3,KEX_DHE_PSK,     ENC_AES256,     16,256,256,DIG_SHA384, MODE_CBC   },   /* TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 */
2066     {0x00B4,KEX_DHE_PSK,     ENC_NULL,        1,  0,  0,DIG_SHA256, MODE_STREAM},   /* TLS_DHE_PSK_WITH_NULL_SHA256 */
2067     {0x00B5,KEX_DHE_PSK,     ENC_NULL,        1,  0,  0,DIG_SHA384, MODE_STREAM},   /* TLS_DHE_PSK_WITH_NULL_SHA384 */
2068     {0x00B6,KEX_RSA_PSK,     ENC_AES,        16,128,128,DIG_SHA256, MODE_CBC   },   /* TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 */
2069     {0x00B7,KEX_RSA_PSK,     ENC_AES256,     16,256,256,DIG_SHA384, MODE_CBC   },   /* TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 */
2070     {0x00B8,KEX_RSA_PSK,     ENC_NULL,        1,  0,  0,DIG_SHA256, MODE_STREAM},   /* TLS_RSA_PSK_WITH_NULL_SHA256 */
2071     {0x00B9,KEX_RSA_PSK,     ENC_NULL,        1,  0,  0,DIG_SHA384, MODE_STREAM},   /* TLS_RSA_PSK_WITH_NULL_SHA384 */
2072     {0x00BA,KEX_RSA,         ENC_CAMELLIA128,16,128,128,DIG_SHA256, MODE_CBC   },   /* TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 */
2073     {0x00BB,KEX_DH_DSS,      ENC_CAMELLIA128,16,128,128,DIG_SHA256, MODE_CBC   },   /* TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 */
2074     {0x00BC,KEX_DH_RSA,      ENC_CAMELLIA128,16,128,128,DIG_SHA256, MODE_CBC   },   /* TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 */
2075     {0x00BD,KEX_DHE_DSS,     ENC_CAMELLIA128,16,128,128,DIG_SHA256, MODE_CBC   },   /* TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 */
2076     {0x00BE,KEX_DHE_RSA,     ENC_CAMELLIA128,16,128,128,DIG_SHA256, MODE_CBC   },   /* TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 */
2077     {0x00BF,KEX_DH_ANON,     ENC_CAMELLIA128,16,128,128,DIG_SHA256, MODE_CBC   },   /* TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256 */
2078     {0x00C0,KEX_RSA,         ENC_CAMELLIA256,16,256,256,DIG_SHA256, MODE_CBC   },   /* TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 */
2079     {0x00C1,KEX_DH_DSS,      ENC_CAMELLIA256,16,256,256,DIG_SHA256, MODE_CBC   },   /* TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 */
2080     {0x00C2,KEX_DH_RSA,      ENC_CAMELLIA256,16,256,256,DIG_SHA256, MODE_CBC   },   /* TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 */
2081     {0x00C3,KEX_DHE_DSS,     ENC_CAMELLIA256,16,256,256,DIG_SHA256, MODE_CBC   },   /* TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 */
2082     {0x00C4,KEX_DHE_RSA,     ENC_CAMELLIA256,16,256,256,DIG_SHA256, MODE_CBC   },   /* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 */
2083     {0x00C5,KEX_DH_ANON,     ENC_CAMELLIA256,16,256,256,DIG_SHA256, MODE_CBC   },   /* TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256 */
2084     {0xC001,KEX_ECDH_ECDSA,  ENC_NULL,        1,  0,  0,DIG_SHA,    MODE_STREAM},   /* TLS_ECDH_ECDSA_WITH_NULL_SHA */
2085     {0xC002,KEX_ECDH_ECDSA,  ENC_RC4,         1,128,128,DIG_SHA,    MODE_STREAM},   /* TLS_ECDH_ECDSA_WITH_RC4_128_SHA */
2086     {0xC003,KEX_ECDH_ECDSA,  ENC_3DES,        8,192,192,DIG_SHA,    MODE_CBC   },   /* TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA */
2087     {0xC004,KEX_ECDH_ECDSA,  ENC_AES,        16,128,128,DIG_SHA,    MODE_CBC   },   /* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA */
2088     {0xC005,KEX_ECDH_ECDSA,  ENC_AES256,     16,256,256,DIG_SHA,    MODE_CBC   },   /* TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA */
2089     {0xC006,KEX_ECDHE_ECDSA, ENC_NULL,        1,  0,  0,DIG_SHA,    MODE_STREAM},   /* TLS_ECDHE_ECDSA_WITH_NULL_SHA */
2090     {0xC007,KEX_ECDHE_ECDSA, ENC_RC4,         1,128,128,DIG_SHA,    MODE_STREAM},   /* TLS_ECDHE_ECDSA_WITH_RC4_128_SHA */
2091     {0xC008,KEX_ECDHE_ECDSA, ENC_3DES,        8,192,192,DIG_SHA,    MODE_CBC   },   /* TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA */
2092     {0xC009,KEX_ECDHE_ECDSA, ENC_AES,        16,128,128,DIG_SHA,    MODE_CBC   },   /* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA */
2093     {0xC00A,KEX_ECDHE_ECDSA, ENC_AES256,     16,256,256,DIG_SHA,    MODE_CBC   },   /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA */
2094     {0xC00B,KEX_ECDH_RSA,    ENC_NULL,        1,  0,  0,DIG_SHA,    MODE_STREAM},   /* TLS_ECDH_RSA_WITH_NULL_SHA */
2095     {0xC00C,KEX_ECDH_RSA,    ENC_RC4,         1,128,128,DIG_SHA,    MODE_STREAM},   /* TLS_ECDH_RSA_WITH_RC4_128_SHA */
2096     {0xC00D,KEX_ECDH_RSA,    ENC_3DES,        8,192,192,DIG_SHA,    MODE_CBC   },   /* TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA */
2097     {0xC00E,KEX_ECDH_RSA,    ENC_AES,        16,128,128,DIG_SHA,    MODE_CBC   },   /* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA */
2098     {0xC00F,KEX_ECDH_RSA,    ENC_AES256,     16,256,256,DIG_SHA,    MODE_CBC   },   /* TLS_ECDH_RSA_WITH_AES_256_CBC_SHA */
2099     {0xC010,KEX_ECDHE_RSA,   ENC_NULL,        1,  0,  0,DIG_SHA,    MODE_STREAM},   /* TLS_ECDHE_RSA_WITH_NULL_SHA */
2100     {0xC011,KEX_ECDHE_RSA,   ENC_RC4,         1,128,128,DIG_SHA,    MODE_STREAM},   /* TLS_ECDHE_RSA_WITH_RC4_128_SHA */
2101     {0xC012,KEX_ECDHE_RSA,   ENC_3DES,        8,192,192,DIG_SHA,    MODE_CBC   },   /* TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA */
2102     {0xC013,KEX_ECDHE_RSA,   ENC_AES,        16,128,128,DIG_SHA,    MODE_CBC   },   /* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA */
2103     {0xC014,KEX_ECDHE_RSA,   ENC_AES256,     16,256,256,DIG_SHA,    MODE_CBC   },   /* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA */
2104     {0xC015,KEX_ECDH_ANON,   ENC_NULL,        1,  0,  0,DIG_SHA,    MODE_STREAM},   /* TLS_ECDH_anon_WITH_NULL_SHA */
2105     {0xC016,KEX_ECDH_ANON,   ENC_RC4,         1,128,128,DIG_SHA,    MODE_STREAM},   /* TLS_ECDH_anon_WITH_RC4_128_SHA */
2106     {0xC017,KEX_ECDH_ANON,   ENC_3DES,        8,192,192,DIG_SHA,    MODE_CBC   },   /* TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA */
2107     {0xC018,KEX_ECDH_ANON,   ENC_AES,        16,128,128,DIG_SHA,    MODE_CBC   },   /* TLS_ECDH_anon_WITH_AES_128_CBC_SHA */
2108     {0xC019,KEX_ECDH_ANON,   ENC_AES256,     16,256,256,DIG_SHA,    MODE_CBC   },   /* TLS_ECDH_anon_WITH_AES_256_CBC_SHA */
2109     {0xC023,KEX_ECDHE_ECDSA, ENC_AES,        16,128,128,DIG_SHA256, MODE_CBC   },   /* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 */
2110     {0xC024,KEX_ECDHE_ECDSA, ENC_AES256,     16,256,256,DIG_SHA384, MODE_CBC   },   /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 */
2111     {0xC025,KEX_ECDH_ECDSA,  ENC_AES,        16,128,128,DIG_SHA256, MODE_CBC   },   /* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 */
2112     {0xC026,KEX_ECDH_ECDSA,  ENC_AES256,     16,256,256,DIG_SHA384, MODE_CBC   },   /* TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 */
2113     {0xC027,KEX_ECDHE_RSA,   ENC_AES,        16,128,128,DIG_SHA256, MODE_CBC   },   /* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 */
2114     {0xC028,KEX_ECDHE_RSA,   ENC_AES256,     16,256,256,DIG_SHA384, MODE_CBC   },   /* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 */
2115     {0xC029,KEX_ECDH_RSA,    ENC_AES,        16,128,128,DIG_SHA256, MODE_CBC   },   /* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 */
2116     {0xC02A,KEX_ECDH_RSA,    ENC_AES256,     16,256,256,DIG_SHA384, MODE_CBC   },   /* TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 */
2117     {0xC02B,KEX_ECDHE_ECDSA, ENC_AES,         4,128,128,DIG_SHA256, MODE_GCM   },   /* TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 */
2118     {0xC02C,KEX_ECDHE_ECDSA, ENC_AES256,      4,256,256,DIG_SHA384, MODE_GCM   },   /* TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 */
2119     {0xC02D,KEX_ECDH_ECDSA,  ENC_AES,         4,128,128,DIG_SHA256, MODE_GCM   },   /* TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 */
2120     {0xC02E,KEX_ECDH_ECDSA,  ENC_AES256,      4,256,256,DIG_SHA384, MODE_GCM   },   /* TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 */
2121     {0xC02F,KEX_ECDHE_RSA,   ENC_AES,         4,128,128,DIG_SHA256, MODE_GCM   },   /* TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 */
2122     {0xC030,KEX_ECDHE_RSA,   ENC_AES256,      4,256,256,DIG_SHA384, MODE_GCM   },   /* TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 */
2123     {0xC031,KEX_ECDH_RSA,    ENC_AES,         4,128,128,DIG_SHA256, MODE_GCM   },   /* TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 */
2124     {0xC032,KEX_ECDH_RSA,    ENC_AES256,      4,256,256,DIG_SHA384, MODE_GCM   },   /* TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 */
2125     {0xC033,KEX_ECDHE_PSK,   ENC_RC4,         1,128,128,DIG_SHA,    MODE_STREAM},   /* TLS_ECDHE_PSK_WITH_RC4_128_SHA */
2126     {0xC034,KEX_ECDHE_PSK,   ENC_3DES,        8,192,192,DIG_SHA,    MODE_CBC   },   /* TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA */
2127     {0xC035,KEX_ECDHE_PSK,   ENC_AES,        16,128,128,DIG_SHA,    MODE_CBC   },   /* TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA */
2128     {0xC036,KEX_ECDHE_PSK,   ENC_AES256,     16,256,256,DIG_SHA,    MODE_CBC   },   /* TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA */
2129     {0xC037,KEX_ECDHE_PSK,   ENC_AES,        16,128,128,DIG_SHA256, MODE_CBC   },   /* TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 */
2130     {0xC038,KEX_ECDHE_PSK,   ENC_AES256,     16,256,256,DIG_SHA384, MODE_CBC   },   /* TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 */
2131     {0xC039,KEX_ECDHE_PSK,   ENC_NULL,        1,  0,  0,DIG_SHA,    MODE_STREAM},   /* TLS_ECDHE_PSK_WITH_NULL_SHA */
2132     {0xC03A,KEX_ECDHE_PSK,   ENC_NULL,        1,  0,  0,DIG_SHA256, MODE_STREAM},   /* TLS_ECDHE_PSK_WITH_NULL_SHA256 */
2133     {0xC03B,KEX_ECDHE_PSK,   ENC_NULL,        1,  0,  0,DIG_SHA384, MODE_STREAM},   /* TLS_ECDHE_PSK_WITH_NULL_SHA384 */
2134     {0xC072,KEX_ECDHE_ECDSA, ENC_CAMELLIA128,16,128,128,DIG_SHA256, MODE_CBC   },   /* TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 */
2135     {0xC073,KEX_ECDHE_ECDSA, ENC_CAMELLIA256,16,256,256,DIG_SHA384, MODE_CBC   },   /* TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 */
2136     {0xC074,KEX_ECDH_ECDSA,  ENC_CAMELLIA128,16,128,128,DIG_SHA256, MODE_CBC   },   /* TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 */
2137     {0xC075,KEX_ECDH_ECDSA,  ENC_CAMELLIA256,16,256,256,DIG_SHA384, MODE_CBC   },   /* TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 */
2138     {0xC076,KEX_ECDHE_RSA,   ENC_CAMELLIA128,16,128,128,DIG_SHA256, MODE_CBC   },   /* TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 */
2139     {0xC077,KEX_ECDHE_RSA,   ENC_CAMELLIA256,16,256,256,DIG_SHA384, MODE_CBC   },   /* TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 */
2140     {0xC078,KEX_ECDH_RSA,    ENC_CAMELLIA128,16,128,128,DIG_SHA256, MODE_CBC   },   /* TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 */
2141     {0xC079,KEX_ECDH_RSA,    ENC_CAMELLIA256,16,256,256,DIG_SHA384, MODE_CBC   },   /* TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 */
2142     {0xC07A,KEX_RSA,         ENC_CAMELLIA128, 4,128,128,DIG_SHA256, MODE_GCM   },   /* TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 */
2143     {0xC07B,KEX_RSA,         ENC_CAMELLIA256, 4,256,256,DIG_SHA384, MODE_GCM   },   /* TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 */
2144     {0xC07C,KEX_DHE_RSA,     ENC_CAMELLIA128, 4,128,128,DIG_SHA256, MODE_GCM   },   /* TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 */
2145     {0xC07D,KEX_DHE_RSA,     ENC_CAMELLIA256, 4,256,256,DIG_SHA384, MODE_GCM   },   /* TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 */
2146     {0xC07E,KEX_DH_RSA,      ENC_CAMELLIA128, 4,128,128,DIG_SHA256, MODE_GCM   },   /* TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256 */
2147     {0xC07F,KEX_DH_RSA,      ENC_CAMELLIA256, 4,256,256,DIG_SHA384, MODE_GCM   },   /* TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384 */
2148     {0xC080,KEX_DHE_DSS,     ENC_CAMELLIA128, 4,128,128,DIG_SHA256, MODE_GCM   },   /* TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256 */
2149     {0xC081,KEX_DHE_DSS,     ENC_CAMELLIA256, 4,256,256,DIG_SHA384, MODE_GCM   },   /* TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384 */
2150     {0xC082,KEX_DH_DSS,      ENC_CAMELLIA128, 4,128,128,DIG_SHA256, MODE_GCM   },   /* TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256 */
2151     {0xC083,KEX_DH_DSS,      ENC_CAMELLIA256, 4,256,256,DIG_SHA384, MODE_GCM   },   /* TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384 */
2152     {0xC084,KEX_DH_ANON,     ENC_CAMELLIA128, 4,128,128,DIG_SHA256, MODE_GCM   },   /* TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256 */
2153     {0xC085,KEX_DH_ANON,     ENC_CAMELLIA256, 4,256,256,DIG_SHA384, MODE_GCM   },   /* TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384 */
2154     {0xC086,KEX_ECDHE_ECDSA, ENC_CAMELLIA128, 4,128,128,DIG_SHA256, MODE_GCM   },   /* TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 */
2155     {0xC087,KEX_ECDHE_ECDSA, ENC_CAMELLIA256, 4,256,256,DIG_SHA384, MODE_GCM   },   /* TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 */
2156     {0xC088,KEX_ECDH_ECDSA,  ENC_CAMELLIA128, 4,128,128,DIG_SHA256, MODE_GCM   },   /* TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 */
2157     {0xC089,KEX_ECDH_ECDSA,  ENC_CAMELLIA256, 4,256,256,DIG_SHA384, MODE_GCM   },   /* TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 */
2158     {0xC08A,KEX_ECDHE_RSA,   ENC_CAMELLIA128, 4,128,128,DIG_SHA256, MODE_GCM   },   /* TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 */
2159     {0xC08B,KEX_ECDHE_RSA,   ENC_CAMELLIA256, 4,256,256,DIG_SHA384, MODE_GCM   },   /* TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 */
2160     {0xC08C,KEX_ECDH_RSA,    ENC_CAMELLIA128, 4,128,128,DIG_SHA256, MODE_GCM   },   /* TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 */
2161     {0xC08D,KEX_ECDH_RSA,    ENC_CAMELLIA256, 4,256,256,DIG_SHA384, MODE_GCM   },   /* TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 */
2162     {0xC08E,KEX_PSK,         ENC_CAMELLIA128, 4,128,128,DIG_SHA256, MODE_GCM   },   /* TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 */
2163     {0xC08F,KEX_PSK,         ENC_CAMELLIA256, 4,256,256,DIG_SHA384, MODE_GCM   },   /* TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 */
2164     {0xC090,KEX_DHE_PSK,     ENC_CAMELLIA128, 4,128,128,DIG_SHA256, MODE_GCM   },   /* TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 */
2165     {0xC091,KEX_DHE_PSK,     ENC_CAMELLIA256, 4,256,256,DIG_SHA384, MODE_GCM   },   /* TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 */
2166     {0xC092,KEX_RSA_PSK,     ENC_CAMELLIA128, 4,128,128,DIG_SHA256, MODE_GCM   },   /* TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 */
2167     {0xC093,KEX_RSA_PSK,     ENC_CAMELLIA256, 4,256,256,DIG_SHA384, MODE_GCM   },   /* TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 */
2168     {0xC094,KEX_PSK,         ENC_CAMELLIA128,16,128,128,DIG_SHA256, MODE_CBC   },   /* TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 */
2169     {0xC095,KEX_PSK,         ENC_CAMELLIA256,16,256,256,DIG_SHA384, MODE_CBC   },   /* TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 */
2170     {0xC096,KEX_DHE_PSK,     ENC_CAMELLIA128,16,128,128,DIG_SHA256, MODE_CBC   },   /* TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 */
2171     {0xC097,KEX_DHE_PSK,     ENC_CAMELLIA256,16,256,256,DIG_SHA384, MODE_CBC   },   /* TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 */
2172     {0xC098,KEX_RSA_PSK,     ENC_CAMELLIA128,16,128,128,DIG_SHA256, MODE_CBC   },   /* TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 */
2173     {0xC099,KEX_RSA_PSK,     ENC_CAMELLIA256,16,256,256,DIG_SHA384, MODE_CBC   },   /* TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 */
2174     {0xC09A,KEX_ECDHE_PSK,   ENC_CAMELLIA128,16,128,128,DIG_SHA256, MODE_CBC   },   /* TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 */
2175     {0xC09B,KEX_ECDHE_PSK,   ENC_CAMELLIA256,16,256,256,DIG_SHA384, MODE_CBC   },   /* TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 */
2176     {0xC09C,KEX_RSA,         ENC_AES,         4,128,128,DIG_NA,     MODE_CCM   },   /* TLS_RSA_WITH_AES_128_CCM */
2177     {0xC09D,KEX_RSA,         ENC_AES256,      4,256,256,DIG_NA,     MODE_CCM   },   /* TLS_RSA_WITH_AES_256_CCM */
2178     {0xC09E,KEX_DHE_RSA,     ENC_AES,         4,128,128,DIG_NA,     MODE_CCM   },   /* TLS_DHE_RSA_WITH_AES_128_CCM */
2179     {0xC09F,KEX_DHE_RSA,     ENC_AES256,      4,256,256,DIG_NA,     MODE_CCM   },   /* TLS_DHE_RSA_WITH_AES_256_CCM */
2180     {0xC0A0,KEX_RSA,         ENC_AES,         4,128,128,DIG_NA,     MODE_CCM_8 },   /* TLS_RSA_WITH_AES_128_CCM_8 */
2181     {0xC0A1,KEX_RSA,         ENC_AES256,      4,256,256,DIG_NA,     MODE_CCM_8 },   /* TLS_RSA_WITH_AES_256_CCM_8 */
2182     {0xC0A2,KEX_DHE_RSA,     ENC_AES,         4,128,128,DIG_NA,     MODE_CCM_8 },   /* TLS_DHE_RSA_WITH_AES_128_CCM_8 */
2183     {0xC0A3,KEX_DHE_RSA,     ENC_AES256,      4,256,256,DIG_NA,     MODE_CCM_8 },   /* TLS_DHE_RSA_WITH_AES_256_CCM_8 */
2184     {0xC0A4,KEX_PSK,         ENC_AES,         4,128,128,DIG_NA,     MODE_CCM   },   /* TLS_PSK_WITH_AES_128_CCM */
2185     {0xC0A5,KEX_PSK,         ENC_AES256,      4,256,256,DIG_NA,     MODE_CCM   },   /* TLS_PSK_WITH_AES_256_CCM */
2186     {0xC0A6,KEX_DHE_PSK,     ENC_AES,         4,128,128,DIG_NA,     MODE_CCM   },   /* TLS_DHE_PSK_WITH_AES_128_CCM */
2187     {0xC0A7,KEX_DHE_PSK,     ENC_AES256,      4,256,256,DIG_NA,     MODE_CCM   },   /* TLS_DHE_PSK_WITH_AES_256_CCM */
2188     {0xC0A8,KEX_PSK,         ENC_AES,         4,128,128,DIG_NA,     MODE_CCM_8 },   /* TLS_PSK_WITH_AES_128_CCM_8 */
2189     {0xC0A9,KEX_PSK,         ENC_AES256,      4,256,256,DIG_NA,     MODE_CCM_8 },   /* TLS_PSK_WITH_AES_256_CCM_8 */
2190     {0xC0AA,KEX_DHE_PSK,     ENC_AES,         4,128,128,DIG_NA,     MODE_CCM_8 },   /* TLS_PSK_DHE_WITH_AES_128_CCM_8 */
2191     {0xC0AB,KEX_DHE_PSK,     ENC_AES256,      4,256,256,DIG_NA,     MODE_CCM_8 },   /* TLS_PSK_DHE_WITH_AES_256_CCM_8 */
2192     {0xC0AC,KEX_ECDHE_ECDSA, ENC_AES,         4,128,128,DIG_NA,     MODE_CCM   },   /* TLS_ECDHE_ECDSA_WITH_AES_128_CCM */
2193     {0xC0AD,KEX_ECDHE_ECDSA, ENC_AES256,      4,256,256,DIG_NA,     MODE_CCM   },   /* TLS_ECDHE_ECDSA_WITH_AES_256_CCM */
2194     {0xC0AE,KEX_ECDHE_ECDSA, ENC_AES,         4,128,128,DIG_NA,     MODE_CCM_8 },   /* TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 */
2195     {0xC0AF,KEX_ECDHE_ECDSA, ENC_AES256,      4,256,256,DIG_NA,     MODE_CCM_8 },   /* TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 */
2196     {-1,    0,          0,               0,  0,  0,0,          MODE_STREAM}
2197 };
2198
2199 #define MAX_BLOCK_SIZE 16
2200 #define MAX_KEY_SIZE 32
2201
2202 int
2203 ssl_find_cipher(int num,SslCipherSuite* cs)
2204 {
2205     SslCipherSuite *c;
2206
2207     for(c=cipher_suites;c->number!=-1;c++){
2208         if(c->number==num){
2209             *cs=*c;
2210             return 0;
2211         }
2212     }
2213
2214     return -1;
2215 }
2216
2217 static void
2218 tls_hash(StringInfo *secret, StringInfo *seed, gint md,
2219          StringInfo *out, guint out_len)
2220 {
2221     /* RFC 2246 5. HMAC and the pseudorandom function
2222      * '+' denotes concatenation.
2223      * P_hash(secret, seed) = HMAC_hash(secret, A(1) + seed) +
2224      *                        HMAC_hash(secret, A(2) + seed) + ...
2225      * A(0) = seed
2226      * A(i) = HMAC_hash(secret, A(i - 1))
2227      */
2228     guint8   *ptr;
2229     guint     left, tocpy;
2230     guint8   *A;
2231     guint8    _A[DIGEST_MAX_SIZE], tmp[DIGEST_MAX_SIZE];
2232     guint     A_l, tmp_l;
2233     SSL_HMAC  hm;
2234
2235     ptr  = out->data;
2236     left = out_len;
2237
2238     ssl_print_string("tls_hash: hash secret", secret);
2239     ssl_print_string("tls_hash: hash seed", seed);
2240     /* A(0) = seed */
2241     A = seed->data;
2242     A_l = seed->data_len;
2243
2244     while (left) {
2245         /* A(i) = HMAC_hash(secret, A(i-1)) */
2246         ssl_hmac_init(&hm, secret->data, secret->data_len, md);
2247         ssl_hmac_update(&hm, A, A_l);
2248         A_l = sizeof(_A); /* upper bound len for hash output */
2249         ssl_hmac_final(&hm, _A, &A_l);
2250         ssl_hmac_cleanup(&hm);
2251         A = _A;
2252
2253         /* HMAC_hash(secret, A(i) + seed) */
2254         ssl_hmac_init(&hm, secret->data, secret->data_len, md);
2255         ssl_hmac_update(&hm, A, A_l);
2256         ssl_hmac_update(&hm, seed->data, seed->data_len);
2257         tmp_l = sizeof(tmp); /* upper bound len for hash output */
2258         ssl_hmac_final(&hm, tmp, &tmp_l);
2259         ssl_hmac_cleanup(&hm);
2260
2261         /* ssl_hmac_final puts the actual digest output size in tmp_l */
2262         tocpy = MIN(left, tmp_l);
2263         memcpy(ptr, tmp, tocpy);
2264         ptr += tocpy;
2265         left -= tocpy;
2266     }
2267     out->data_len = out_len;
2268
2269     ssl_print_string("hash out", out);
2270 }
2271
2272 static gboolean
2273 tls_prf(StringInfo* secret, const gchar *usage,
2274         StringInfo* rnd1, StringInfo* rnd2, StringInfo* out, guint out_len)
2275 {
2276     StringInfo  seed, sha_out, md5_out;
2277     guint8     *ptr;
2278     StringInfo  s1, s2;
2279     guint       i,s_l;
2280     size_t      usage_len, rnd2_len;
2281     gboolean    success = FALSE;
2282     usage_len = strlen(usage);
2283     rnd2_len = rnd2 ? rnd2->data_len : 0;
2284
2285     /* initalize buffer for sha, md5 random seed*/
2286     if (ssl_data_alloc(&sha_out, MAX(out_len, 20)) < 0) {
2287         ssl_debug_printf("tls_prf: can't allocate sha out\n");
2288         return FALSE;
2289     }
2290     if (ssl_data_alloc(&md5_out, MAX(out_len, 16)) < 0) {
2291         ssl_debug_printf("tls_prf: can't allocate md5 out\n");
2292         goto free_sha;
2293     }
2294     if (ssl_data_alloc(&seed, usage_len+rnd1->data_len+rnd2_len) < 0) {
2295         ssl_debug_printf("tls_prf: can't allocate rnd %d\n",
2296                          (int) (usage_len+rnd1->data_len+rnd2_len));
2297         goto free_md5;
2298     }
2299
2300     ptr=seed.data;
2301     memcpy(ptr,usage,usage_len);
2302     ptr+=usage_len;
2303     memcpy(ptr,rnd1->data,rnd1->data_len);
2304     if (rnd2_len > 0) {
2305         ptr+=rnd1->data_len;
2306         memcpy(ptr,rnd2->data,rnd2->data_len);
2307         /*ptr+=rnd2->data_len;*/
2308     }
2309
2310     /* initalize buffer for client/server seeds*/
2311     s_l=secret->data_len/2 + secret->data_len%2;
2312     if (ssl_data_alloc(&s1, s_l) < 0) {
2313         ssl_debug_printf("tls_prf: can't allocate secret %d\n", s_l);
2314         goto free_seed;
2315     }
2316     if (ssl_data_alloc(&s2, s_l) < 0) {
2317         ssl_debug_printf("tls_prf: can't allocate secret(2) %d\n", s_l);
2318         goto free_s1;
2319     }
2320
2321     memcpy(s1.data,secret->data,s_l);
2322     memcpy(s2.data,secret->data + (secret->data_len - s_l),s_l);
2323
2324     ssl_debug_printf("tls_prf: tls_hash(md5 secret_len %d seed_len %d )\n", s1.data_len, seed.data_len);
2325     tls_hash(&s1, &seed, ssl_get_digest_by_name("MD5"), &md5_out, out_len);
2326     ssl_debug_printf("tls_prf: tls_hash(sha)\n");
2327     tls_hash(&s2, &seed, ssl_get_digest_by_name("SHA1"), &sha_out, out_len);
2328
2329     for (i = 0; i < out_len; i++)
2330         out->data[i] = md5_out.data[i] ^ sha_out.data[i];
2331     /* success, now store the new meaningful data length */
2332     out->data_len = out_len;
2333     success = TRUE;
2334
2335     ssl_print_string("PRF out",out);
2336     g_free(s2.data);
2337 free_s1:
2338     g_free(s1.data);
2339 free_seed:
2340     g_free(seed.data);
2341 free_md5:
2342     g_free(md5_out.data);
2343 free_sha:
2344     g_free(sha_out.data);
2345     return success;
2346 }
2347
2348 static gboolean
2349 tls12_prf(gint md, StringInfo* secret, const gchar* usage,
2350           StringInfo* rnd1, StringInfo* rnd2, StringInfo* out, guint out_len)
2351 {
2352     StringInfo label_seed;
2353     size_t     usage_len, rnd2_len;
2354     rnd2_len = rnd2 ? rnd2->data_len : 0;
2355
2356     usage_len = strlen(usage);
2357     if (ssl_data_alloc(&label_seed, usage_len+rnd1->data_len+rnd2_len) < 0) {
2358         ssl_debug_printf("tls12_prf: can't allocate label_seed\n");
2359         return FALSE;
2360     }
2361     memcpy(label_seed.data, usage, usage_len);
2362     memcpy(label_seed.data+usage_len, rnd1->data, rnd1->data_len);
2363     if (rnd2_len > 0)
2364         memcpy(label_seed.data+usage_len+rnd1->data_len, rnd2->data, rnd2->data_len);
2365
2366     ssl_debug_printf("tls12_prf: tls_hash(hash_alg %s secret_len %d seed_len %d )\n", gcry_md_algo_name(md), secret->data_len, label_seed.data_len);
2367     tls_hash(secret, &label_seed, md, out, out_len);
2368     g_free(label_seed.data);
2369     ssl_print_string("PRF out", out);
2370     return TRUE;
2371 }
2372
2373 static void
2374 ssl3_generate_export_iv(StringInfo *r1, StringInfo *r2,
2375                         StringInfo *out, guint out_len)
2376 {
2377     SSL_MD5_CTX md5;
2378     guint8      tmp[16];
2379
2380     ssl_md5_init(&md5);
2381     ssl_md5_update(&md5,r1->data,r1->data_len);
2382     ssl_md5_update(&md5,r2->data,r2->data_len);
2383     ssl_md5_final(tmp,&md5);
2384     ssl_md5_cleanup(&md5);
2385
2386     DISSECTOR_ASSERT(out_len <= sizeof(tmp));
2387     ssl_data_set(out, tmp, out_len);
2388     ssl_print_string("export iv", out);
2389 }
2390
2391 static gboolean
2392 ssl3_prf(StringInfo* secret, const gchar* usage,
2393          StringInfo* rnd1, StringInfo* rnd2, StringInfo* out, guint out_len)
2394 {
2395     SSL_MD5_CTX  md5;
2396     SSL_SHA_CTX  sha;
2397     guint        off;
2398     gint         i = 0,j;
2399     guint8       buf[20];
2400
2401     for (off = 0; off < out_len; off += 16) {
2402         guchar outbuf[16];
2403         i++;
2404
2405         ssl_debug_printf("ssl3_prf: sha1_hash(%d)\n",i);
2406         /* A, BB, CCC,  ... */
2407         for(j=0;j<i;j++){
2408             buf[j]=64+i;
2409         }
2410
2411         ssl_sha_init(&sha);
2412         ssl_sha_update(&sha,buf,i);
2413         ssl_sha_update(&sha,secret->data,secret->data_len);
2414
2415         if(!strcmp(usage,"client write key") || !strcmp(usage,"server write key")){
2416             if (rnd2)
2417                 ssl_sha_update(&sha,rnd2->data,rnd2->data_len);
2418             ssl_sha_update(&sha,rnd1->data,rnd1->data_len);
2419         }
2420         else{
2421             ssl_sha_update(&sha,rnd1->data,rnd1->data_len);
2422             if (rnd2)
2423                 ssl_sha_update(&sha,rnd2->data,rnd2->data_len);
2424         }
2425
2426         ssl_sha_final(buf,&sha);
2427         ssl_sha_cleanup(&sha);
2428
2429         ssl_debug_printf("ssl3_prf: md5_hash(%d) datalen %d\n",i,
2430             secret->data_len);
2431         ssl_md5_init(&md5);
2432         ssl_md5_update(&md5,secret->data,secret->data_len);
2433         ssl_md5_update(&md5,buf,20);
2434         ssl_md5_final(outbuf,&md5);
2435         ssl_md5_cleanup(&md5);
2436
2437         memcpy(out->data + off, outbuf, MIN(out_len - off, 16));
2438     }
2439     out->data_len = out_len;
2440
2441     return TRUE;
2442 }
2443
2444 /* out_len is the wanted output length for the pseudorandom function */
2445 static gboolean
2446 prf(SslDecryptSession *ssl, StringInfo *secret, const gchar *usage,
2447     StringInfo *rnd1, StringInfo *rnd2, StringInfo *out, guint out_len)
2448 {
2449     switch (ssl->version_netorder) {
2450     case SSLV3_VERSION:
2451         return ssl3_prf(secret, usage, rnd1, rnd2, out, out_len);
2452
2453     case TLSV1_VERSION:
2454     case TLSV1DOT1_VERSION:
2455     case DTLSV1DOT0_VERSION:
2456     case DTLSV1DOT0_VERSION_NOT:
2457         return tls_prf(secret, usage, rnd1, rnd2, out, out_len);
2458
2459     default: /* TLSv1.2 */
2460         switch (ssl->cipher_suite.dig) {
2461         case DIG_SHA384:
2462             return tls12_prf(GCRY_MD_SHA384, secret, usage, rnd1, rnd2,
2463                              out, out_len);
2464         default:
2465             return tls12_prf(GCRY_MD_SHA256, secret, usage, rnd1, rnd2,
2466                              out, out_len);
2467         }
2468     }
2469 }
2470
2471 static gint tls_handshake_hash(SslDecryptSession* ssl, StringInfo* out)
2472 {
2473     SSL_MD5_CTX  md5;
2474     SSL_SHA_CTX  sha;
2475
2476     if (ssl_data_alloc(out, 36) < 0)
2477         return -1;
2478
2479     ssl_md5_init(&md5);
2480     ssl_md5_update(&md5,ssl->handshake_data.data,ssl->handshake_data.data_len);
2481     ssl_md5_final(out->data,&md5);
2482     ssl_md5_cleanup(&md5);
2483
2484     ssl_sha_init(&sha);
2485     ssl_sha_update(&sha,ssl->handshake_data.data,ssl->handshake_data.data_len);
2486     ssl_sha_final(out->data+16,&sha);
2487     ssl_sha_cleanup(&sha);
2488     return 0;
2489 }
2490
2491 static gint tls12_handshake_hash(SslDecryptSession* ssl, gint md, StringInfo* out)
2492 {
2493     SSL_MD  mc;
2494     guint8 tmp[48];
2495     guint  len;
2496
2497     ssl_md_init(&mc, md);
2498     ssl_md_update(&mc,ssl->handshake_data.data,ssl->handshake_data.data_len);
2499     ssl_md_final(&mc, tmp, &len);
2500     ssl_md_cleanup(&mc);
2501
2502     if (ssl_data_alloc(out, len) < 0)
2503         return -1;
2504     memcpy(out->data, tmp, len);
2505     return 0;
2506 }
2507
2508 static SslFlow*
2509 ssl_create_flow(void)
2510 {
2511   SslFlow *flow;
2512
2513   flow = (SslFlow *)wmem_alloc(wmem_file_scope(), sizeof(SslFlow));
2514   flow->byte_seq = 0;
2515   flow->flags = 0;
2516   flow->multisegment_pdus = wmem_tree_new(wmem_file_scope());
2517   return flow;
2518 }
2519
2520 #ifdef HAVE_LIBZ
2521 /* memory allocation functions for zlib initialization */
2522 static void* ssl_zalloc(void* opaque _U_, unsigned int no, unsigned int size)
2523 {
2524     return g_malloc0(no*size);
2525 }
2526 static void ssl_zfree(void* opaque _U_, void* addr)
2527 {
2528     g_free(addr);
2529 }
2530 #endif
2531
2532 static SslDecompress*
2533 ssl_create_decompressor(gint compression)
2534 {
2535     SslDecompress *decomp;
2536 #ifdef HAVE_LIBZ
2537     int err;
2538 #endif
2539
2540     if (compression == 0) return NULL;
2541     ssl_debug_printf("ssl_create_decompressor: compression method %d\n", compression);
2542     decomp = (SslDecompress *)wmem_alloc(wmem_file_scope(), sizeof(SslDecompress));
2543     decomp->compression = compression;
2544     switch (decomp->compression) {
2545 #ifdef HAVE_LIBZ
2546         case 1:  /* DEFLATE */
2547             decomp->istream.zalloc = ssl_zalloc;
2548             decomp->istream.zfree = ssl_zfree;
2549             decomp->istream.opaque = Z_NULL;
2550             decomp->istream.next_in = Z_NULL;
2551             decomp->istream.next_out = Z_NULL;
2552             decomp->istream.avail_in = 0;
2553             decomp->istream.avail_out = 0;
2554             err = inflateInit_(&decomp->istream, ZLIB_VERSION, sizeof(z_stream));
2555             if (err != Z_OK) {
2556                 ssl_debug_printf("ssl_create_decompressor: inflateInit_() failed - %d\n", err);
2557                 return NULL;
2558             }
2559             break;
2560 #endif
2561         default:
2562             ssl_debug_printf("ssl_create_decompressor: unsupported compression method %d\n", decomp->compression);
2563             return NULL;
2564     }
2565     return decomp;
2566 }
2567
2568 static SslDecoder*
2569 ssl_create_decoder(SslCipherSuite *cipher_suite, gint compression,
2570         guint8 *mk, guint8 *sk, guint8 *iv)
2571 {
2572     SslDecoder *dec;
2573     gint        ciph;
2574
2575     dec = (SslDecoder *)wmem_alloc0(wmem_file_scope(), sizeof(SslDecoder));
2576     /* Find the SSLeay cipher */
2577     if(cipher_suite->enc!=ENC_NULL) {
2578         ssl_debug_printf("ssl_create_decoder CIPHER: %s\n", ciphers[cipher_suite->enc-0x30]);
2579         ciph=ssl_get_cipher_by_name(ciphers[cipher_suite->enc-0x30]);
2580     } else {
2581         ssl_debug_printf("ssl_create_decoder CIPHER: %s\n", "NULL");
2582         ciph = -1;
2583     }
2584     if (ciph == 0) {
2585         ssl_debug_printf("ssl_create_decoder can't find cipher %s\n",
2586             ciphers[cipher_suite->enc > ENC_NULL ? ENC_NULL-0x30 : (cipher_suite->enc-0x30)]);
2587         return NULL;
2588     }
2589
2590     /* init mac buffer: mac storage is embedded into decoder struct to save a
2591      memory allocation and waste samo more memory*/
2592     dec->cipher_suite=cipher_suite;
2593     dec->compression = compression;
2594     /* AEED ciphers don't have a MAC but need to keep the write IV instead */
2595     if (mk == NULL) {
2596         dec->write_iv.data = dec->_mac_key_or_write_iv;
2597         ssl_data_set(&dec->write_iv, iv, cipher_suite->block);
2598     } else {
2599         dec->mac_key.data = dec->_mac_key_or_write_iv;
2600         ssl_data_set(&dec->mac_key, mk, ssl_cipher_suite_dig(cipher_suite)->len);
2601     }
2602     dec->seq = 0;
2603     dec->decomp = ssl_create_decompressor(compression);
2604     dec->flow = ssl_create_flow();
2605
2606     if (dec->evp)
2607         ssl_cipher_cleanup(&dec->evp);
2608
2609     if (ssl_cipher_init(&dec->evp,ciph,sk,iv,cipher_suite->mode) < 0) {
2610         ssl_debug_printf("ssl_create_decoder: can't create cipher id:%d mode:%d\n",
2611             ciph, cipher_suite->mode);
2612         return NULL;
2613     }
2614
2615     ssl_debug_printf("decoder initialized (digest len %d)\n", ssl_cipher_suite_dig(cipher_suite)->len);
2616     return dec;
2617 }
2618
2619 static int
2620 ssl_decrypt_pre_master_secret(SslDecryptSession *ssl_session,
2621                               StringInfo *encrypted_pre_master,
2622                               gcry_sexp_t pk);
2623 static gboolean
2624 ssl_restore_master_key(SslDecryptSession *ssl, const char *label,
2625                        gboolean is_pre_master, GHashTable *ht, StringInfo *key);
2626
2627 gboolean
2628 ssl_generate_pre_master_secret(SslDecryptSession *ssl_session,
2629                                guint32 length, tvbuff_t *tvb, guint32 offset,
2630                                const gchar *ssl_psk,
2631                                const ssl_master_key_map_t *mk_map)
2632 {
2633     /* check for required session data */
2634     ssl_debug_printf("%s: found SSL_HND_CLIENT_KEY_EXCHG, state %X\n",
2635                      G_STRFUNC, ssl_session->state);
2636     if ((ssl_session->state & (SSL_CIPHER|SSL_CLIENT_RANDOM|SSL_SERVER_RANDOM|SSL_VERSION)) !=
2637         (SSL_CIPHER|SSL_CLIENT_RANDOM|SSL_SERVER_RANDOM|SSL_VERSION)) {
2638         ssl_debug_printf("%s: not enough data to generate key (required state %X)\n", G_STRFUNC,
2639                          (SSL_CIPHER|SSL_CLIENT_RANDOM|SSL_SERVER_RANDOM|SSL_VERSION));
2640         return FALSE;
2641     }
2642
2643     /* check to see if the PMS was provided to us*/
2644     if (ssl_restore_master_key(ssl_session, "Unencrypted pre-master secret", TRUE,
2645            mk_map->pms, &ssl_session->client_random)) {
2646         return TRUE;
2647     }
2648
2649     if (ssl_session->cipher_suite.kex == KEX_PSK)
2650     {
2651         /* calculate pre master secret*/
2652         StringInfo pre_master_secret;
2653         guint psk_len, pre_master_len;
2654
2655         if (!ssl_psk || (ssl_psk[0] == 0)) {
2656             ssl_debug_printf("%s: can't find pre-shared-key\n", G_STRFUNC);
2657             return FALSE;
2658         }
2659
2660         /* convert hex string into char*/
2661         if (!from_hex(&ssl_session->psk, ssl_psk, strlen(ssl_psk))) {
2662             ssl_debug_printf("%s: ssl.psk/dtls.psk contains invalid hex\n",
2663                              G_STRFUNC);
2664             return FALSE;
2665         }
2666
2667         psk_len = ssl_session->psk.data_len;
2668         if (psk_len >= (2 << 15)) {
2669             ssl_debug_printf("%s: ssl.psk/dtls.psk must not be larger than 2^15 - 1\n",
2670                              G_STRFUNC);
2671             return FALSE;
2672         }
2673
2674
2675         pre_master_len = psk_len * 2 + 4;
2676
2677         pre_master_secret.data = (guchar *)wmem_alloc(wmem_file_scope(), pre_master_len);
2678         pre_master_secret.data_len = pre_master_len;
2679         /* 2 bytes psk_len*/
2680         pre_master_secret.data[0] = psk_len >> 8;
2681         pre_master_secret.data[1] = psk_len & 0xFF;
2682         /* psk_len bytes times 0*/
2683         memset(&pre_master_secret.data[2], 0, psk_len);
2684         /* 2 bytes psk_len*/
2685         pre_master_secret.data[psk_len + 2] = psk_len >> 8;
2686         pre_master_secret.data[psk_len + 3] = psk_len & 0xFF;
2687         /* psk*/
2688         memcpy(&pre_master_secret.data[psk_len + 4], ssl_session->psk.data, psk_len);
2689
2690         ssl_session->pre_master_secret.data = pre_master_secret.data;
2691         ssl_session->pre_master_secret.data_len = pre_master_len;
2692         /*ssl_debug_printf("pre master secret",&ssl->pre_master_secret);*/
2693
2694         /* Remove the master secret if it was there.
2695            This forces keying material regeneration in
2696            case we're renegotiating */
2697         ssl_session->state &= ~(SSL_MASTER_SECRET|SSL_HAVE_SESSION_KEY);
2698         ssl_session->state |= SSL_PRE_MASTER_SECRET;
2699         return TRUE;
2700     }
2701     else
2702     {
2703         StringInfo encrypted_pre_master;
2704         guint encrlen, skip;
2705         encrlen = length;
2706         skip = 0;
2707
2708         /* get encrypted data, on tls1 we have to skip two bytes
2709          * (it's the encrypted len and should be equal to record len - 2)
2710          * in case of rsa1024 that would be 128 + 2 = 130; for psk not necessary
2711          */
2712         if (ssl_session->cipher_suite.kex == KEX_RSA &&
2713            (ssl_session->session.version == SSL_VER_TLS || ssl_session->session.version == SSL_VER_TLSv1DOT1 ||
2714             ssl_session->session.version == SSL_VER_TLSv1DOT2 || ssl_session->session.version == SSL_VER_DTLS ||
2715             ssl_session->session.version == SSL_VER_DTLS1DOT2))
2716         {
2717             encrlen  = tvb_get_ntohs(tvb, offset);
2718             skip = 2;
2719             if (encrlen > length - 2)
2720             {
2721                 ssl_debug_printf("%s: wrong encrypted length (%d max %d)\n",
2722                                  G_STRFUNC, encrlen, length);
2723                 return FALSE;
2724             }
2725         }
2726         /* the valid lower bound is higher than 8, but it is sufficient for the
2727          * ssl keylog file below */
2728         if (encrlen < 8) {
2729             ssl_debug_printf("%s: invalid encrypted pre-master key length %d\n",
2730                              G_STRFUNC, encrlen);
2731             return FALSE;
2732         }
2733
2734         encrypted_pre_master.data = (guchar *)wmem_alloc(wmem_file_scope(), encrlen);
2735         encrypted_pre_master.data_len = encrlen;
2736         tvb_memcpy(tvb, encrypted_pre_master.data, offset+skip, encrlen);
2737
2738         if (ssl_session->private_key) {
2739             /* try to decrypt encrypted pre-master with RSA key */
2740             if (ssl_decrypt_pre_master_secret(ssl_session,
2741                 &encrypted_pre_master, ssl_session->private_key))
2742                 return TRUE;
2743
2744             ssl_debug_printf("%s: can't decrypt pre-master secret\n",
2745                              G_STRFUNC);
2746         }
2747
2748         /* try to find the pre-master secret from the encrypted one. The
2749          * ssl key logfile stores only the first 8 bytes, so truncate it */
2750         encrypted_pre_master.data_len = 8;
2751         if (ssl_restore_master_key(ssl_session, "Encrypted pre-master secret",
2752             TRUE, mk_map->pre_master, &encrypted_pre_master))
2753             return TRUE;
2754     }
2755     return FALSE;
2756 }
2757
2758 int
2759 ssl_generate_keyring_material(SslDecryptSession*ssl_session)
2760 {
2761     StringInfo  key_block;
2762     guint8      _iv_c[MAX_BLOCK_SIZE],_iv_s[MAX_BLOCK_SIZE];
2763     guint8      _key_c[MAX_KEY_SIZE],_key_s[MAX_KEY_SIZE];
2764     gint        needed;
2765     guint8     *ptr,*c_wk,*s_wk,*c_mk,*s_mk,*c_iv = _iv_c,*s_iv = _iv_s;
2766
2767     /* check for enough info to proced */
2768     guint need_all = SSL_CIPHER|SSL_CLIENT_RANDOM|SSL_SERVER_RANDOM|SSL_VERSION;
2769     guint need_any = SSL_MASTER_SECRET | SSL_PRE_MASTER_SECRET;
2770     if (((ssl_session->state & need_all) != need_all) || ((ssl_session->state & need_any) == 0)) {
2771         ssl_debug_printf("ssl_generate_keyring_material not enough data to generate key "
2772                          "(0x%02X required 0x%02X or 0x%02X)\n", ssl_session->state,
2773                          need_all|SSL_MASTER_SECRET, need_all|SSL_PRE_MASTER_SECRET);
2774         return -1;
2775     }
2776
2777     /* if master key is not available, generate is from the pre-master secret */
2778     if (!(ssl_session->state & SSL_MASTER_SECRET)) {
2779         if ((ssl_session->state & SSL_EXTENDED_MASTER_SECRET_MASK) == SSL_EXTENDED_MASTER_SECRET_MASK) {
2780             StringInfo handshake_hashed_data;
2781             gint ret;
2782
2783             handshake_hashed_data.data = NULL;
2784             handshake_hashed_data.data_len = 0;
2785
2786             ssl_debug_printf("%s:PRF(pre_master_secret_extended)\n", G_STRFUNC);
2787             ssl_print_string("pre master secret",&ssl_session->pre_master_secret);
2788             DISSECTOR_ASSERT(ssl_session->handshake_data.data_len > 0);
2789
2790             switch(ssl_session->version_netorder) {
2791             case TLSV1_VERSION:
2792             case TLSV1DOT1_VERSION:
2793             case DTLSV1DOT0_VERSION:
2794             case DTLSV1DOT0_VERSION_NOT:
2795                 ret = tls_handshake_hash(ssl_session, &handshake_hashed_data);
2796                 break;
2797             default:
2798                 switch (ssl_session->cipher_suite.dig) {
2799                 case DIG_SHA384:
2800                     ret = tls12_handshake_hash(ssl_session, GCRY_MD_SHA384, &handshake_hashed_data);
2801                     break;
2802                 default:
2803                     ret = tls12_handshake_hash(ssl_session, GCRY_MD_SHA256, &handshake_hashed_data);
2804                     break;
2805                 }
2806                 break;
2807             }
2808             if (ret) {
2809                 ssl_debug_printf("%s can't generate handshake hash\n", G_STRFUNC);
2810                 return -1;
2811             }
2812
2813             wmem_free(wmem_file_scope(), ssl_session->handshake_data.data);
2814             ssl_session->handshake_data.data = NULL;
2815             ssl_session->handshake_data.data_len = 0;
2816
2817             if (!prf(ssl_session, &ssl_session->pre_master_secret, "extended master secret",
2818                      &handshake_hashed_data,
2819                      NULL, &ssl_session->master_secret,
2820                      SSL_MASTER_SECRET_LENGTH)) {
2821                 ssl_debug_printf("%s can't generate master_secret\n", G_STRFUNC);
2822                 g_free(handshake_hashed_data.data);
2823                 return -1;
2824             }
2825             g_free(handshake_hashed_data.data);
2826         } else {
2827             ssl_debug_printf("%s:PRF(pre_master_secret)\n", G_STRFUNC);
2828             ssl_print_string("pre master secret",&ssl_session->pre_master_secret);
2829             ssl_print_string("client random",&ssl_session->client_random);
2830             ssl_print_string("server random",&ssl_session->server_random);
2831             if (!prf(ssl_session, &ssl_session->pre_master_secret, "master secret",
2832                      &ssl_session->client_random,
2833                      &ssl_session->server_random, &ssl_session->master_secret,
2834                      SSL_MASTER_SECRET_LENGTH)) {
2835                 ssl_debug_printf("%s can't generate master_secret\n", G_STRFUNC);
2836                 return -1;
2837             }
2838         }
2839         ssl_print_string("master secret",&ssl_session->master_secret);
2840
2841         /* the pre-master secret has been 'consumend' so we must clear it now */
2842         ssl_session->state &= ~SSL_PRE_MASTER_SECRET;
2843         ssl_session->state |= SSL_MASTER_SECRET;
2844     }
2845
2846     /* Compute the key block. First figure out how much data we need*/
2847     needed=ssl_cipher_suite_dig(&ssl_session->cipher_suite)->len*2;
2848     needed+=ssl_session->cipher_suite.bits / 4;
2849     if(ssl_session->cipher_suite.block>1)
2850         needed+=ssl_session->cipher_suite.block*2;
2851
2852     key_block.data = (guchar *)g_malloc(needed);
2853     ssl_debug_printf("%s sess key generation\n", G_STRFUNC);
2854     if (!prf(ssl_session, &ssl_session->master_secret, "key expansion",
2855             &ssl_session->server_random,&ssl_session->client_random,
2856             &key_block, needed)) {
2857         ssl_debug_printf("%s can't generate key_block\n", G_STRFUNC);
2858         goto fail;
2859     }
2860     ssl_print_string("key expansion", &key_block);
2861
2862     ptr=key_block.data;
2863     /* AEAD ciphers do not have a separate MAC */
2864     if (ssl_session->cipher_suite.mode == MODE_GCM ||
2865         ssl_session->cipher_suite.mode == MODE_CCM ||
2866         ssl_session->cipher_suite.mode == MODE_CCM_8) {
2867         c_mk = s_mk = NULL;
2868     } else {
2869         c_mk=ptr; ptr+=ssl_cipher_suite_dig(&ssl_session->cipher_suite)->len;
2870         s_mk=ptr; ptr+=ssl_cipher_suite_dig(&ssl_session->cipher_suite)->len;
2871     }
2872
2873     c_wk=ptr; ptr+=ssl_session->cipher_suite.eff_bits/8;
2874     s_wk=ptr; ptr+=ssl_session->cipher_suite.eff_bits/8;
2875
2876     if(ssl_session->cipher_suite.block>1){
2877         c_iv=ptr; ptr+=ssl_session->cipher_suite.block;
2878         s_iv=ptr; /*ptr+=ssl_session->cipher_suite.block;*/
2879     }
2880
2881     /* export ciphers work with a smaller key length */
2882     if (ssl_session->cipher_suite.eff_bits < ssl_session->cipher_suite.bits) {
2883         if(ssl_session->cipher_suite.block>1){
2884
2885             /* We only have room for MAX_BLOCK_SIZE bytes IVs, but that's
2886              all we should need. This is a sanity check */
2887             if(ssl_session->cipher_suite.block>MAX_BLOCK_SIZE) {
2888                 ssl_debug_printf("%s cipher suite block must be at most %d nut is %d\n",
2889                 G_STRFUNC, MAX_BLOCK_SIZE, ssl_session->cipher_suite.block);
2890                 goto fail;
2891             }
2892
2893             if(ssl_session->version_netorder==SSLV3_VERSION){
2894                 /* The length of these fields are ignored by this caller */
2895                 StringInfo iv_c, iv_s;
2896                 iv_c.data = _iv_c;
2897                 iv_s.data = _iv_s;
2898
2899                 ssl_debug_printf("%s ssl3_generate_export_iv\n", G_STRFUNC);
2900                 ssl3_generate_export_iv(&ssl_session->client_random,
2901                         &ssl_session->server_random, &iv_c,
2902                         ssl_session->cipher_suite.block);
2903                 ssl_debug_printf("%s ssl3_generate_export_iv(2)\n", G_STRFUNC);
2904                 ssl3_generate_export_iv(&ssl_session->server_random,
2905                         &ssl_session->client_random, &iv_s,
2906                         ssl_session->cipher_suite.block);
2907             }
2908             else{
2909                 guint8 _iv_block[MAX_BLOCK_SIZE * 2];
2910                 StringInfo iv_block;
2911                 StringInfo key_null;
2912                 guint8 _key_null;
2913
2914                 key_null.data = &_key_null;
2915                 key_null.data_len = 0;
2916
2917                 iv_block.data = _iv_block;
2918
2919                 ssl_debug_printf("%s prf(iv_block)\n", G_STRFUNC);
2920                 if (!prf(ssl_session, &key_null, "IV block",
2921                         &ssl_session->client_random,
2922                         &ssl_session->server_random, &iv_block,
2923                         ssl_session->cipher_suite.block * 2)) {
2924                     ssl_debug_printf("%s can't generate tls31 iv block\n", G_STRFUNC);
2925                     goto fail;
2926                 }
2927
2928                 memcpy(_iv_c,iv_block.data,ssl_session->cipher_suite.block);
2929                 memcpy(_iv_s,iv_block.data+ssl_session->cipher_suite.block,
2930                     ssl_session->cipher_suite.block);
2931             }
2932
2933             c_iv=_iv_c;
2934             s_iv=_iv_s;
2935         }
2936
2937         if (ssl_session->version_netorder==SSLV3_VERSION){
2938
2939             SSL_MD5_CTX md5;
2940             ssl_debug_printf("%s MD5(client_random)\n", G_STRFUNC);
2941
2942             ssl_md5_init(&md5);
2943             ssl_md5_update(&md5,c_wk,ssl_session->cipher_suite.eff_bits/8);
2944             ssl_md5_update(&md5,ssl_session->client_random.data,
2945                 ssl_session->client_random.data_len);
2946             ssl_md5_update(&md5,ssl_session->server_random.data,
2947                 ssl_session->server_random.data_len);
2948             ssl_md5_final(_key_c,&md5);
2949             ssl_md5_cleanup(&md5);
2950             c_wk=_key_c;
2951
2952             ssl_md5_init(&md5);
2953             ssl_debug_printf("%s MD5(server_random)\n", G_STRFUNC);
2954             ssl_md5_update(&md5,s_wk,ssl_session->cipher_suite.eff_bits/8);
2955             ssl_md5_update(&md5,ssl_session->server_random.data,
2956                 ssl_session->server_random.data_len);
2957             ssl_md5_update(&md5,ssl_session->client_random.data,
2958                 ssl_session->client_random.data_len);
2959             ssl_md5_final(_key_s,&md5);
2960             ssl_md5_cleanup(&md5);
2961             s_wk=_key_s;
2962         }
2963         else{
2964             StringInfo key_c, key_s, k;
2965             key_c.data = _key_c;
2966             key_s.data = _key_s;
2967
2968             k.data = c_wk;
2969             k.data_len = ssl_session->cipher_suite.eff_bits/8;
2970             ssl_debug_printf("%s PRF(key_c)\n", G_STRFUNC);
2971             if (!prf(ssl_session, &k, "client write key",
2972                     &ssl_session->client_random,
2973                     &ssl_session->server_random, &key_c, sizeof(_key_c))) {
2974                 ssl_debug_printf("%s can't generate tll31 server key \n", G_STRFUNC);
2975                 goto fail;
2976             }
2977             c_wk=_key_c;
2978
2979             k.data = s_wk;
2980             k.data_len = ssl_session->cipher_suite.eff_bits/8;
2981             ssl_debug_printf("%s PRF(key_s)\n", G_STRFUNC);
2982             if (!prf(ssl_session, &k, "server write key",
2983                     &ssl_session->client_random,
2984                     &ssl_session->server_random, &key_s, sizeof(_key_s))) {
2985                 ssl_debug_printf("%s can't generate tll31 client key \n", G_STRFUNC);
2986                 goto fail;
2987             }
2988             s_wk=_key_s;
2989         }
2990     }
2991
2992     /* show key material info */
2993     if (c_mk != NULL) {
2994         ssl_print_data("Client MAC key",c_mk,ssl_cipher_suite_dig(&ssl_session->cipher_suite)->len);
2995         ssl_print_data("Server MAC key",s_mk,ssl_cipher_suite_dig(&ssl_session->cipher_suite)->len);
2996     }
2997     ssl_print_data("Client Write key",c_wk,ssl_session->cipher_suite.bits/8);
2998     ssl_print_data("Server Write key",s_wk,ssl_session->cipher_suite.bits/8);
2999
3000     if(ssl_session->cipher_suite.block>1) {
3001         ssl_print_data("Client Write IV",c_iv,ssl_session->cipher_suite.block);
3002         ssl_print_data("Server Write IV",s_iv,ssl_session->cipher_suite.block);
3003     }
3004     else {
3005         ssl_print_data("Client Write IV",c_iv,8);
3006         ssl_print_data("Server Write IV",s_iv,8);
3007     }
3008
3009     /* create both client and server ciphers*/
3010     ssl_debug_printf("%s ssl_create_decoder(client)\n", G_STRFUNC);
3011     ssl_session->client_new = ssl_create_decoder(&ssl_session->cipher_suite, ssl_session->session.compression, c_mk, c_wk, c_iv);
3012     if (!ssl_session->client_new) {
3013         ssl_debug_printf("%s can't init client decoder\n", G_STRFUNC);
3014         goto fail;
3015     }
3016     ssl_debug_printf("%s ssl_create_decoder(server)\n", G_STRFUNC);
3017     ssl_session->server_new = ssl_create_decoder(&ssl_session->cipher_suite, ssl_session->session.compression, s_mk, s_wk, s_iv);
3018     if (!ssl_session->server_new) {
3019         ssl_debug_printf("%s can't init client decoder\n", G_STRFUNC);
3020         goto fail;
3021     }
3022
3023     ssl_debug_printf("%s: client seq %d, server seq %d\n",
3024         G_STRFUNC, ssl_session->client_new->seq, ssl_session->server_new->seq);
3025     g_free(key_block.data);
3026     ssl_session->state |= SSL_HAVE_SESSION_KEY;
3027     return 0;
3028
3029 fail:
3030     g_free(key_block.data);
3031     return -1;
3032 }
3033
3034 void
3035 ssl_change_cipher(SslDecryptSession *ssl_session, gboolean server)
3036 {
3037     ssl_debug_printf("ssl_change_cipher %s\n", (server)?"SERVER":"CLIENT");
3038     if (server) {
3039         ssl_session->server = ssl_session->server_new;
3040         ssl_session->server_new = NULL;
3041     } else {
3042         ssl_session->client = ssl_session->client_new;
3043         ssl_session->client_new = NULL;
3044     }
3045 }
3046
3047 static gboolean
3048 ssl_decrypt_pre_master_secret(SslDecryptSession*ssl_session,
3049     StringInfo* encrypted_pre_master, gcry_sexp_t pk)
3050 {
3051     gint i;
3052
3053     if (!encrypted_pre_master)
3054         return FALSE;
3055     if(ssl_session->cipher_suite.kex == KEX_DHE_DSS ||
3056             ssl_session->cipher_suite.kex == KEX_DHE_PSK ||
3057             ssl_session->cipher_suite.kex == KEX_DHE_RSA ||
3058             ssl_session->cipher_suite.kex == KEX_DH_ANON ||
3059             ssl_session->cipher_suite.kex == KEX_DH_DSS ||
3060             ssl_session->cipher_suite.kex == KEX_DH_RSA) {
3061         ssl_debug_printf("%s: session uses DH (%d) key exchange, which is "
3062                          "impossible to decrypt\n", G_STRFUNC, ssl_session->cipher_suite.kex);
3063         return FALSE;
3064     } else if(ssl_session->cipher_suite.kex != KEX_RSA) {
3065          ssl_debug_printf("%s key exchange %d different from KEX_RSA (%d)\n",
3066                           G_STRFUNC, ssl_session->cipher_suite.kex, KEX_RSA);
3067         return FALSE;
3068     }
3069
3070     /* with tls key loading will fail if not rsa type, so no need to check*/
3071     ssl_print_string("pre master encrypted",encrypted_pre_master);
3072     ssl_debug_printf("%s: RSA_private_decrypt\n", G_STRFUNC);
3073     i=ssl_private_decrypt(encrypted_pre_master->data_len,
3074         encrypted_pre_master->data, pk);
3075
3076     if (i!=48) {
3077         ssl_debug_printf("%s wrong pre_master_secret length (%d, expected "
3078                          "%d)\n", G_STRFUNC, i, 48);
3079         return FALSE;
3080     }
3081
3082     /* the decrypted data has been written into the pre_master key buffer */
3083     ssl_session->pre_master_secret.data = encrypted_pre_master->data;
3084     ssl_session->pre_master_secret.data_len=48;
3085     ssl_print_string("pre master secret",&ssl_session->pre_master_secret);
3086
3087     /* Remove the master secret if it was there.
3088        This forces keying material regeneration in
3089        case we're renegotiating */
3090     ssl_session->state &= ~(SSL_MASTER_SECRET|SSL_HAVE_SESSION_KEY);
3091     ssl_session->state |= SSL_PRE_MASTER_SECRET;
3092     return TRUE;
3093 }
3094
3095 /* convert network byte order 32 byte number to right-aligned host byte order *
3096  * 8 bytes buffer */
3097 static gint fmt_seq(guint32 num, guint8* buf)
3098 {
3099     guint32 netnum;
3100
3101     memset(buf,0,8);
3102     netnum=g_htonl(num);
3103     memcpy(buf+4,&netnum,4);
3104
3105     return(0);
3106 }
3107
3108 static gint
3109 tls_check_mac(SslDecoder*decoder, gint ct, gint ver, guint8* data,
3110         guint32 datalen, guint8* mac)
3111 {
3112     SSL_HMAC hm;
3113     gint     md;
3114     guint32  len;
3115     guint8   buf[DIGEST_MAX_SIZE];
3116     gint16   temp;
3117
3118     md=ssl_get_digest_by_name(ssl_cipher_suite_dig(decoder->cipher_suite)->name);
3119     ssl_debug_printf("tls_check_mac mac type:%s md %d\n",
3120         ssl_cipher_suite_dig(decoder->cipher_suite)->name, md);
3121
3122     if (ssl_hmac_init(&hm,decoder->mac_key.data,decoder->mac_key.data_len,md) != 0)
3123         return -1;
3124
3125     /* hash sequence number */
3126     fmt_seq(decoder->seq,buf);
3127
3128     decoder->seq++;
3129
3130     ssl_hmac_update(&hm,buf,8);
3131
3132     /* hash content type */
3133     buf[0]=ct;
3134     ssl_hmac_update(&hm,buf,1);
3135
3136     /* hash version,data length and data*/
3137     /* *((gint16*)buf) = g_htons(ver); */
3138     temp = g_htons(ver);
3139     memcpy(buf, &temp, 2);
3140     ssl_hmac_update(&hm,buf,2);
3141
3142     /* *((gint16*)buf) = g_htons(datalen); */
3143     temp = g_htons(datalen);
3144     memcpy(buf, &temp, 2);
3145     ssl_hmac_update(&hm,buf,2);
3146     ssl_hmac_update(&hm,data,datalen);
3147
3148     /* get digest and digest len*/
3149     len = sizeof(buf);
3150     ssl_hmac_final(&hm,buf,&len);
3151     ssl_hmac_cleanup(&hm);
3152     ssl_print_data("Mac", buf, len);
3153     if(memcmp(mac,buf,len))
3154         return -1;
3155
3156     return 0;
3157 }
3158
3159 static int
3160 ssl3_check_mac(SslDecoder*decoder,int ct,guint8* data,
3161         guint32 datalen, guint8* mac)
3162 {
3163     SSL_MD  mc;
3164     gint    md;
3165     guint32 len;
3166     guint8  buf[64],dgst[20];
3167     gint    pad_ct;
3168     gint16  temp;
3169
3170     pad_ct=(decoder->cipher_suite->dig==DIG_SHA)?40:48;
3171
3172     /* get cipher used for digest comptuation */
3173     md=ssl_get_digest_by_name(ssl_cipher_suite_dig(decoder->cipher_suite)->name);
3174     if (ssl_md_init(&mc,md) !=0)
3175         return -1;
3176
3177     /* do hash computation on data && padding */
3178     ssl_md_update(&mc,decoder->mac_key.data,decoder->mac_key.data_len);
3179
3180     /* hash padding*/
3181     memset(buf,0x36,pad_ct);
3182     ssl_md_update(&mc,buf,pad_ct);
3183
3184     /* hash sequence number */
3185     fmt_seq(decoder->seq,buf);
3186     decoder->seq++;
3187     ssl_md_update(&mc,buf,8);
3188
3189     /* hash content type */
3190     buf[0]=ct;
3191     ssl_md_update(&mc,buf,1);
3192
3193     /* hash data length in network byte order and data*/
3194     /* *((gint16* )buf) = g_htons(datalen); */
3195     temp = g_htons(datalen);
3196     memcpy(buf, &temp, 2);
3197     ssl_md_update(&mc,buf,2);
3198     ssl_md_update(&mc,data,datalen);
3199
3200     /* get partial digest */
3201     ssl_md_final(&mc,dgst,&len);
3202     ssl_md_cleanup(&mc);
3203
3204     ssl_md_init(&mc,md);
3205
3206     /* hash mac key */
3207     ssl_md_update(&mc,decoder->mac_key.data,decoder->mac_key.data_len);
3208
3209     /* hash padding and partial digest*/
3210     memset(buf,0x5c,pad_ct);
3211     ssl_md_update(&mc,buf,pad_ct);
3212     ssl_md_update(&mc,dgst,len);
3213
3214     ssl_md_final(&mc,dgst,&len);
3215     ssl_md_cleanup(&mc);
3216
3217     if(memcmp(mac,dgst,len))
3218         return -1;
3219
3220     return(0);
3221 }
3222
3223 static gint
3224 dtls_check_mac(SslDecoder*decoder, gint ct,int ver, guint8* data,
3225         guint32 datalen, guint8* mac)
3226 {
3227     SSL_HMAC hm;
3228     gint     md;
3229     guint32  len;
3230     guint8   buf[DIGEST_MAX_SIZE];
3231     gint16   temp;
3232
3233     md=ssl_get_digest_by_name(ssl_cipher_suite_dig(decoder->cipher_suite)->name);
3234     ssl_debug_printf("dtls_check_mac mac type:%s md %d\n",
3235         ssl_cipher_suite_dig(decoder->cipher_suite)->name, md);
3236
3237     if (ssl_hmac_init(&hm,decoder->mac_key.data,decoder->mac_key.data_len,md) != 0)
3238         return -1;
3239     ssl_debug_printf("dtls_check_mac seq: %d epoch: %d\n",decoder->seq,decoder->epoch);
3240     /* hash sequence number */
3241     fmt_seq(decoder->seq,buf);
3242     buf[0]=decoder->epoch>>8;
3243     buf[1]=(guint8)decoder->epoch;
3244
3245     ssl_hmac_update(&hm,buf,8);
3246
3247     /* hash content type */
3248     buf[0]=ct;
3249     ssl_hmac_update(&hm,buf,1);
3250
3251     /* hash version,data length and data */
3252     temp = g_htons(ver);
3253     memcpy(buf, &temp, 2);
3254     ssl_hmac_update(&hm,buf,2);
3255
3256     temp = g_htons(datalen);
3257     memcpy(buf, &temp, 2);
3258     ssl_hmac_update(&hm,buf,2);
3259     ssl_hmac_update(&hm,data,datalen);
3260     /* get digest and digest len */
3261     len = sizeof(buf);
3262     ssl_hmac_final(&hm,buf,&len);
3263     ssl_hmac_cleanup(&hm);
3264     ssl_print_data("Mac", buf, len);
3265     if(memcmp(mac,buf,len))
3266         return -1;
3267
3268     return(0);
3269 }
3270
3271 #ifdef HAVE_LIBZ