Add CipherSuites and InsecureCipherSuites

As part of Go 1.14 the CipherSuites and InsecureCipherSuites functions got added to the TLS package, returning a slice of *tls.CipherSuite. Relates to #148
pion · Feb 8, 2020 · 5e7a822 · 5e7a822
1 parent 7c422c6
commit 5e7a822
Show file tree

Hide file tree

Showing 3 changed files with 98 additions and 0 deletions.
diff --git a/cipher_suite.go b/cipher_suite.go
@@ -121,6 +121,20 @@ func defaultCipherSuites() []cipherSuite {
 	}
 }
 
+func allCipherSuites() []cipherSuite {
+	return []cipherSuite{
+		newCipherSuiteTLSEcdheEcdsaWithAes128Ccm(),
+		newCipherSuiteTLSEcdheEcdsaWithAes128Ccm8(),
+		&cipherSuiteTLSEcdheEcdsaWithAes128GcmSha256{},
+		&cipherSuiteTLSEcdheRsaWithAes128GcmSha256{},
+		&cipherSuiteTLSEcdheEcdsaWithAes256CbcSha{},
+		&cipherSuiteTLSEcdheRsaWithAes256CbcSha{},
+		newCipherSuiteTLSPskWithAes128Ccm(),
+		newCipherSuiteTLSPskWithAes128Ccm8(),
+		&cipherSuiteTLSPskWithAes128GcmSha256{},
+	}
+}
+
 func decodeCipherSuites(buf []byte) ([]cipherSuite, error) {
 	if len(buf) < 2 {
 		return nil, errDTLSPacketInvalidLength

diff --git a/cipher_suite_go114.go b/cipher_suite_go114.go
@@ -0,0 +1,35 @@
+// +build go1.14
+
+package dtls
+
+import (
+	"crypto/tls"
+)
+
+// Convert from our cipherSuite interface to a tls.CipherSuite struct
+func toTLSCipherSuite(c cipherSuite) *tls.CipherSuite {
+	return &tls.CipherSuite{
+		ID:                uint16(c.ID()),
+		Name:              c.String(),
+		SupportedVersions: []uint16{0xfefd},
+		Insecure:          false,
+	}
+}
+
+// CipherSuites returns a list of cipher suites currently implemented by this
+// package, excluding those with security issues, which are returned by
+// InsecureCipherSuites.
+func CipherSuites() []*tls.CipherSuite {
+	var res []*tls.CipherSuite
+	for _, c := range allCipherSuites() {
+		res = append(res, toTLSCipherSuite(c))
+	}
+	return res
+}
+
+// InsecureCipherSuites returns a list of cipher suites currently implemented by
+// this package and which have security issues.
+func InsecureCipherSuites() []*tls.CipherSuite {
+	var res []*tls.CipherSuite
+	return res
+}
diff --git a/cipher_suite_go114_test.go b/cipher_suite_go114_test.go
@@ -0,0 +1,49 @@
+// +build go1.14
+
+package dtls
+
+import (
+	"testing"
+)
+
+func TestInsecureCipherSuites(t *testing.T) {
+	r := InsecureCipherSuites()
+
+	if len(r) != 0 {
+		t.Fatalf("Expected no insecure ciphersuites, got %d", len(r))
+	}
+}
+
+func TestCipherSuites(t *testing.T) {
+	ours := allCipherSuites()
+	theirs := CipherSuites()
+
+	if len(ours) != len(theirs) {
+		t.Fatalf("Expected %d CipherSuites, got %d", len(ours), len(theirs))
+	}
+
+	for i, s := range ours {
+		t.Run(s.String(), func(t *testing.T) {
+			c := theirs[i]
+			if c.ID != uint16(s.ID()) {
+				t.Fatalf("Expected ID: 0x%04X, got 0x%04X", s.ID(), c.ID)
+			}
+
+			if c.Name != s.String() {
+				t.Fatalf("Expected Name: %s, got %s", s.String(), c.Name)
+			}
+
+			if len(c.SupportedVersions) != 1 {
+				t.Fatalf("Expected %d SupportedVersion, got %d", 1, len(c.SupportedVersions))
+			}
+
+			if c.SupportedVersions[0] != 0xfefd {
+				t.Fatalf("Expected SupportedVersions 0x%04X, got 0x%04X", 0xfefd, c.SupportedVersions[0])
+			}
+
+			if c.Insecure {
+				t.Fatalf("Expected Insecure %t, got %t", false, c.Insecure)
+			}
+		})
+	}
+}