// OpenSSL-used Cipher Suite String\r
//\r
CONST CHAR8 *OpensslCipher;\r
-} TLS_CIPHER_PAIR;\r
+ //\r
+ // Length of OpensslCipher\r
+ //\r
+ UINTN OpensslCipherLength;\r
+} TLS_CIPHER_MAPPING;\r
+\r
+//\r
+// Create a TLS_CIPHER_MAPPING initializer from IanaCipher and OpensslCipher so\r
+// that OpensslCipherLength is filled in automatically. IanaCipher must be an\r
+// integer constant expression, and OpensslCipher must be a string literal.\r
+//\r
+#define MAP(IanaCipher, OpensslCipher) \\r
+ { (IanaCipher), (OpensslCipher), sizeof (OpensslCipher) - 1 }\r
\r
//\r
// The mapping table between IANA/IETF Cipher Suite definitions and\r
// OpenSSL-used Cipher Suite name.\r
//\r
-STATIC CONST TLS_CIPHER_PAIR TlsCipherMappingTable[] = {\r
- { 0x0001, "NULL-MD5" }, /// TLS_RSA_WITH_NULL_MD5\r
- { 0x0002, "NULL-SHA" }, /// TLS_RSA_WITH_NULL_SHA\r
- { 0x0004, "RC4-MD5" }, /// TLS_RSA_WITH_RC4_128_MD5\r
- { 0x0005, "RC4-SHA" }, /// TLS_RSA_WITH_RC4_128_SHA\r
- { 0x000A, "DES-CBC3-SHA" }, /// TLS_RSA_WITH_3DES_EDE_CBC_SHA, mandatory TLS 1.1\r
- { 0x0016, "DHE-RSA-DES-CBC3-SHA" }, /// TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA\r
- { 0x002F, "AES128-SHA" }, /// TLS_RSA_WITH_AES_128_CBC_SHA, mandatory TLS 1.2\r
- { 0x0030, "DH-DSS-AES128-SHA" }, /// TLS_DH_DSS_WITH_AES_128_CBC_SHA\r
- { 0x0031, "DH-RSA-AES128-SHA" }, /// TLS_DH_RSA_WITH_AES_128_CBC_SHA\r
- { 0x0033, "DHE-RSA-AES128-SHA" }, /// TLS_DHE_RSA_WITH_AES_128_CBC_SHA\r
- { 0x0035, "AES256-SHA" }, /// TLS_RSA_WITH_AES_256_CBC_SHA\r
- { 0x0036, "DH-DSS-AES256-SHA" }, /// TLS_DH_DSS_WITH_AES_256_CBC_SHA\r
- { 0x0037, "DH-RSA-AES256-SHA" }, /// TLS_DH_RSA_WITH_AES_256_CBC_SHA\r
- { 0x0039, "DHE-RSA-AES256-SHA" }, /// TLS_DHE_RSA_WITH_AES_256_CBC_SHA\r
- { 0x003B, "NULL-SHA256" }, /// TLS_RSA_WITH_NULL_SHA256\r
- { 0x003C, "AES128-SHA256" }, /// TLS_RSA_WITH_AES_128_CBC_SHA256\r
- { 0x003D, "AES256-SHA256" }, /// TLS_RSA_WITH_AES_256_CBC_SHA256\r
- { 0x003E, "DH-DSS-AES128-SHA256" }, /// TLS_DH_DSS_WITH_AES_128_CBC_SHA256\r
- { 0x003F, "DH-RSA-AES128-SHA256" }, /// TLS_DH_RSA_WITH_AES_128_CBC_SHA256\r
- { 0x0067, "DHE-RSA-AES128-SHA256" }, /// TLS_DHE_RSA_WITH_AES_128_CBC_SHA256\r
- { 0x0068, "DH-DSS-AES256-SHA256" }, /// TLS_DH_DSS_WITH_AES_256_CBC_SHA256\r
- { 0x0069, "DH-RSA-AES256-SHA256" }, /// TLS_DH_RSA_WITH_AES_256_CBC_SHA256\r
- { 0x006B, "DHE-RSA-AES256-SHA256" } /// TLS_DHE_RSA_WITH_AES_256_CBC_SHA256\r
+// Keep the table uniquely sorted by the IanaCipher field, in increasing order.\r
+//\r
+STATIC CONST TLS_CIPHER_MAPPING TlsCipherMappingTable[] = {\r
+ MAP ( 0x0001, "NULL-MD5" ), /// TLS_RSA_WITH_NULL_MD5\r
+ MAP ( 0x0002, "NULL-SHA" ), /// TLS_RSA_WITH_NULL_SHA\r
+ MAP ( 0x0004, "RC4-MD5" ), /// TLS_RSA_WITH_RC4_128_MD5\r
+ MAP ( 0x0005, "RC4-SHA" ), /// TLS_RSA_WITH_RC4_128_SHA\r
+ MAP ( 0x000A, "DES-CBC3-SHA" ), /// TLS_RSA_WITH_3DES_EDE_CBC_SHA, mandatory TLS 1.1\r
+ MAP ( 0x0016, "DHE-RSA-DES-CBC3-SHA" ), /// TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA\r
+ MAP ( 0x002F, "AES128-SHA" ), /// TLS_RSA_WITH_AES_128_CBC_SHA, mandatory TLS 1.2\r
+ MAP ( 0x0030, "DH-DSS-AES128-SHA" ), /// TLS_DH_DSS_WITH_AES_128_CBC_SHA\r
+ MAP ( 0x0031, "DH-RSA-AES128-SHA" ), /// TLS_DH_RSA_WITH_AES_128_CBC_SHA\r
+ MAP ( 0x0033, "DHE-RSA-AES128-SHA" ), /// TLS_DHE_RSA_WITH_AES_128_CBC_SHA\r
+ MAP ( 0x0035, "AES256-SHA" ), /// TLS_RSA_WITH_AES_256_CBC_SHA\r
+ MAP ( 0x0036, "DH-DSS-AES256-SHA" ), /// TLS_DH_DSS_WITH_AES_256_CBC_SHA\r
+ MAP ( 0x0037, "DH-RSA-AES256-SHA" ), /// TLS_DH_RSA_WITH_AES_256_CBC_SHA\r
+ MAP ( 0x0039, "DHE-RSA-AES256-SHA" ), /// TLS_DHE_RSA_WITH_AES_256_CBC_SHA\r
+ MAP ( 0x003B, "NULL-SHA256" ), /// TLS_RSA_WITH_NULL_SHA256\r
+ MAP ( 0x003C, "AES128-SHA256" ), /// TLS_RSA_WITH_AES_128_CBC_SHA256\r
+ MAP ( 0x003D, "AES256-SHA256" ), /// TLS_RSA_WITH_AES_256_CBC_SHA256\r
+ MAP ( 0x003E, "DH-DSS-AES128-SHA256" ), /// TLS_DH_DSS_WITH_AES_128_CBC_SHA256\r
+ MAP ( 0x003F, "DH-RSA-AES128-SHA256" ), /// TLS_DH_RSA_WITH_AES_128_CBC_SHA256\r
+ MAP ( 0x0067, "DHE-RSA-AES128-SHA256" ), /// TLS_DHE_RSA_WITH_AES_128_CBC_SHA256\r
+ MAP ( 0x0068, "DH-DSS-AES256-SHA256" ), /// TLS_DH_DSS_WITH_AES_256_CBC_SHA256\r
+ MAP ( 0x0069, "DH-RSA-AES256-SHA256" ), /// TLS_DH_RSA_WITH_AES_256_CBC_SHA256\r
+ MAP ( 0x006B, "DHE-RSA-AES256-SHA256" ), /// TLS_DHE_RSA_WITH_AES_256_CBC_SHA256\r
};\r
\r
/**\r
- Gets the OpenSSL cipher suite string for the supplied IANA TLS cipher suite.\r
+ Gets the OpenSSL cipher suite mapping for the supplied IANA TLS cipher suite.\r
\r
@param[in] CipherId The supplied IANA TLS cipher suite ID.\r
\r
- @return The corresponding OpenSSL cipher suite string if found,\r
+ @return The corresponding OpenSSL cipher suite mapping if found,\r
NULL otherwise.\r
\r
**/\r
STATIC\r
-CONST CHAR8 *\r
-TlsGetCipherString (\r
+CONST TLS_CIPHER_MAPPING *\r
+TlsGetCipherMapping (\r
IN UINT16 CipherId\r
)\r
{\r
- CONST TLS_CIPHER_PAIR *CipherEntry;\r
- UINTN TableSize;\r
- UINTN Index;\r
-\r
- CipherEntry = TlsCipherMappingTable;\r
- TableSize = sizeof (TlsCipherMappingTable) / sizeof (TLS_CIPHER_PAIR);\r
+ INTN Left;\r
+ INTN Right;\r
+ INTN Middle;\r
\r
//\r
- // Search Cipher Mapping Table for IANA-OpenSSL Cipher Translation\r
+ // Binary Search Cipher Mapping Table for IANA-OpenSSL Cipher Translation\r
//\r
- for (Index = 0; Index < TableSize; Index++, CipherEntry++) {\r
- //\r
- // Translate IANA cipher suite name to OpenSSL name.\r
- //\r
- if (CipherEntry->IanaCipher == CipherId) {\r
- return CipherEntry->OpensslCipher;\r
+ Left = 0;\r
+ Right = ARRAY_SIZE (TlsCipherMappingTable) - 1;\r
+\r
+ while (Right >= Left) {\r
+ Middle = (Left + Right) / 2;\r
+\r
+ if (CipherId == TlsCipherMappingTable[Middle].IanaCipher) {\r
+ //\r
+ // Translate IANA cipher suite ID to OpenSSL name.\r
+ //\r
+ return &TlsCipherMappingTable[Middle];\r
+ }\r
+\r
+ if (CipherId < TlsCipherMappingTable[Middle].IanaCipher) {\r
+ Right = Middle - 1;\r
+ } else {\r
+ Left = Middle + 1;\r
}\r
}\r
\r
IN UINTN CipherNum\r
)\r
{\r
- TLS_CONNECTION *TlsConn;\r
- UINTN Index;\r
- CONST CHAR8 *MappingName;\r
- CHAR8 CipherString[500];\r
+ TLS_CONNECTION *TlsConn;\r
+ UINTN Index;\r
+ CONST TLS_CIPHER_MAPPING *Mapping;\r
+ CONST CHAR8 *MappingName;\r
+ CHAR8 CipherString[500];\r
\r
TlsConn = (TLS_CONNECTION *) Tls;\r
if (TlsConn == NULL || TlsConn->Ssl == NULL || CipherId == NULL) {\r
return EFI_INVALID_PARAMETER;\r
}\r
\r
+ Mapping = NULL;\r
MappingName = NULL;\r
\r
memset (CipherString, 0, sizeof (CipherString));\r
//\r
// Handling OpenSSL / RFC Cipher name mapping.\r
//\r
- MappingName = TlsGetCipherString (*(CipherId + Index));\r
- if (MappingName == NULL) {\r
+ Mapping = TlsGetCipherMapping (*(CipherId + Index));\r
+ if (Mapping == NULL) {\r
return EFI_UNSUPPORTED;\r
}\r
+ MappingName = Mapping->OpensslCipher;\r
\r
if (Index != 0) {\r
//\r