-- |
-- Module      : Network.TLS.Extra.Cipher
-- License     : BSD-style
-- Maintainer  : Vincent Hanquez <vincent@snarc.org>
-- Stability   : experimental
-- Portability : unknown
--
module Network.TLS.Extra.Cipher
    (
    -- * cipher suite
      ciphersuite_default
    , ciphersuite_default_det
    , ciphersuite_all
    , ciphersuite_all_det
    , ciphersuite_medium
    , ciphersuite_strong
    , ciphersuite_strong_det
    , ciphersuite_unencrypted
    , ciphersuite_dhe_rsa
    , ciphersuite_dhe_dss
    -- * individual ciphers
    , cipher_null_SHA1
    , cipher_AES128_SHA1
    , cipher_AES256_SHA1
    , cipher_AES128_SHA256
    , cipher_AES256_SHA256
    , cipher_AES128CCM_SHA256
    , cipher_AES128CCM8_SHA256
    , cipher_AES128GCM_SHA256
    , cipher_AES256CCM_SHA256
    , cipher_AES256CCM8_SHA256
    , cipher_AES256GCM_SHA384
    , cipher_DHE_RSA_AES128_SHA1
    , cipher_DHE_RSA_AES256_SHA1
    , cipher_DHE_RSA_AES128_SHA256
    , cipher_DHE_RSA_AES256_SHA256
    , cipher_DHE_DSS_AES128_SHA1
    , cipher_DHE_DSS_AES256_SHA1
    , cipher_DHE_RSA_AES128CCM_SHA256
    , cipher_DHE_RSA_AES128CCM8_SHA256
    , cipher_DHE_RSA_AES128GCM_SHA256
    , cipher_DHE_RSA_AES256CCM_SHA256
    , cipher_DHE_RSA_AES256CCM8_SHA256
    , cipher_DHE_RSA_AES256GCM_SHA384
    , cipher_DHE_RSA_CHACHA20POLY1305_SHA256
    , cipher_ECDHE_RSA_AES128GCM_SHA256
    , cipher_ECDHE_RSA_AES256GCM_SHA384
    , cipher_ECDHE_RSA_AES128CBC_SHA256
    , cipher_ECDHE_RSA_AES128CBC_SHA
    , cipher_ECDHE_RSA_AES256CBC_SHA
    , cipher_ECDHE_RSA_AES256CBC_SHA384
    , cipher_ECDHE_RSA_CHACHA20POLY1305_SHA256
    , cipher_ECDHE_ECDSA_AES128CBC_SHA
    , cipher_ECDHE_ECDSA_AES256CBC_SHA
    , cipher_ECDHE_ECDSA_AES128CBC_SHA256
    , cipher_ECDHE_ECDSA_AES256CBC_SHA384
    , cipher_ECDHE_ECDSA_AES128CCM_SHA256
    , cipher_ECDHE_ECDSA_AES128CCM8_SHA256
    , cipher_ECDHE_ECDSA_AES128GCM_SHA256
    , cipher_ECDHE_ECDSA_AES256CCM_SHA256
    , cipher_ECDHE_ECDSA_AES256CCM8_SHA256
    , cipher_ECDHE_ECDSA_AES256GCM_SHA384
    , cipher_ECDHE_ECDSA_CHACHA20POLY1305_SHA256
    -- TLS 1.3
    , cipher_TLS13_AES128GCM_SHA256
    , cipher_TLS13_AES256GCM_SHA384
    , cipher_TLS13_CHACHA20POLY1305_SHA256
    , cipher_TLS13_AES128CCM_SHA256
    , cipher_TLS13_AES128CCM8_SHA256
    -- * obsolete and non-standard ciphers
    , cipher_RSA_3DES_EDE_CBC_SHA1
    , cipher_RC4_128_MD5
    , cipher_RC4_128_SHA1
    , cipher_null_MD5
    , cipher_DHE_DSS_RC4_SHA1
    ) where

import qualified Data.ByteString as B

import Network.TLS.Types (Version(..))
import Network.TLS.Cipher
import Network.TLS.Imports
import Data.Tuple (swap)

import Crypto.Cipher.AES
import qualified Crypto.Cipher.ChaChaPoly1305 as ChaChaPoly1305
import qualified Crypto.Cipher.RC4 as RC4
import Crypto.Cipher.TripleDES
import Crypto.Cipher.Types hiding (Cipher, cipherName)
import Crypto.Error
import qualified Crypto.MAC.Poly1305 as Poly1305
import Crypto.System.CPU

takelast :: Int -> B.ByteString -> B.ByteString
takelast :: Int -> BulkKey -> BulkKey
takelast Int
i BulkKey
b = Int -> BulkKey -> BulkKey
B.drop (BulkKey -> Int
B.length BulkKey
b Int -> Int -> Int
forall a. Num a => a -> a -> a
- Int
i) BulkKey
b

aes128cbc :: BulkDirection -> BulkKey -> BulkBlock
aes128cbc :: BulkDirection -> BulkKey -> BulkBlock
aes128cbc BulkDirection
BulkEncrypt BulkKey
key =
    let ctx :: AES128
ctx = CryptoFailable AES128 -> AES128
forall a. CryptoFailable a -> a
noFail (BulkKey -> CryptoFailable AES128
forall cipher key.
(Cipher cipher, ByteArray key) =>
key -> CryptoFailable cipher
forall key. ByteArray key => key -> CryptoFailable AES128
cipherInit BulkKey
key) :: AES128
     in (\BulkKey
iv BulkKey
input -> let output :: BulkKey
output = AES128 -> IV AES128 -> BulkKey -> BulkKey
forall cipher ba.
(BlockCipher cipher, ByteArray ba) =>
cipher -> IV cipher -> ba -> ba
forall ba. ByteArray ba => AES128 -> IV AES128 -> ba -> ba
cbcEncrypt AES128
ctx (BulkKey -> IV AES128
forall a. BlockCipher a => BulkKey -> IV a
makeIV_ BulkKey
iv) BulkKey
input in (BulkKey
output, Int -> BulkKey -> BulkKey
takelast Int
16 BulkKey
output))
aes128cbc BulkDirection
BulkDecrypt BulkKey
key =
    let ctx :: AES128
ctx = CryptoFailable AES128 -> AES128
forall a. CryptoFailable a -> a
noFail (BulkKey -> CryptoFailable AES128
forall cipher key.
(Cipher cipher, ByteArray key) =>
key -> CryptoFailable cipher
forall key. ByteArray key => key -> CryptoFailable AES128
cipherInit BulkKey
key) :: AES128
     in (\BulkKey
iv BulkKey
input -> let output :: BulkKey
output = AES128 -> IV AES128 -> BulkKey -> BulkKey
forall cipher ba.
(BlockCipher cipher, ByteArray ba) =>
cipher -> IV cipher -> ba -> ba
forall ba. ByteArray ba => AES128 -> IV AES128 -> ba -> ba
cbcDecrypt AES128
ctx (BulkKey -> IV AES128
forall a. BlockCipher a => BulkKey -> IV a
makeIV_ BulkKey
iv) BulkKey
input in (BulkKey
output, Int -> BulkKey -> BulkKey
takelast Int
16 BulkKey
input))

aes256cbc :: BulkDirection -> BulkKey -> BulkBlock
aes256cbc :: BulkDirection -> BulkKey -> BulkBlock
aes256cbc BulkDirection
BulkEncrypt BulkKey
key =
    let ctx :: AES256
ctx = CryptoFailable AES256 -> AES256
forall a. CryptoFailable a -> a
noFail (BulkKey -> CryptoFailable AES256
forall cipher key.
(Cipher cipher, ByteArray key) =>
key -> CryptoFailable cipher
forall key. ByteArray key => key -> CryptoFailable AES256
cipherInit BulkKey
key) :: AES256
     in (\BulkKey
iv BulkKey
input -> let output :: BulkKey
output = AES256 -> IV AES256 -> BulkKey -> BulkKey
forall cipher ba.
(BlockCipher cipher, ByteArray ba) =>
cipher -> IV cipher -> ba -> ba
forall ba. ByteArray ba => AES256 -> IV AES256 -> ba -> ba
cbcEncrypt AES256
ctx (BulkKey -> IV AES256
forall a. BlockCipher a => BulkKey -> IV a
makeIV_ BulkKey
iv) BulkKey
input in (BulkKey
output, Int -> BulkKey -> BulkKey
takelast Int
16 BulkKey
output))
aes256cbc BulkDirection
BulkDecrypt BulkKey
key =
    let ctx :: AES256
ctx = CryptoFailable AES256 -> AES256
forall a. CryptoFailable a -> a
noFail (BulkKey -> CryptoFailable AES256
forall cipher key.
(Cipher cipher, ByteArray key) =>
key -> CryptoFailable cipher
forall key. ByteArray key => key -> CryptoFailable AES256
cipherInit BulkKey
key) :: AES256
     in (\BulkKey
iv BulkKey
input -> let output :: BulkKey
output = AES256 -> IV AES256 -> BulkKey -> BulkKey
forall cipher ba.
(BlockCipher cipher, ByteArray ba) =>
cipher -> IV cipher -> ba -> ba
forall ba. ByteArray ba => AES256 -> IV AES256 -> ba -> ba
cbcDecrypt AES256
ctx (BulkKey -> IV AES256
forall a. BlockCipher a => BulkKey -> IV a
makeIV_ BulkKey
iv) BulkKey
input in (BulkKey
output, Int -> BulkKey -> BulkKey
takelast Int
16 BulkKey
input))

aes128ccm :: BulkDirection -> BulkKey -> BulkAEAD
aes128ccm :: BulkDirection -> BulkKey -> BulkAEAD
aes128ccm BulkDirection
BulkEncrypt BulkKey
key =
    let ctx :: AES128
ctx = CryptoFailable AES128 -> AES128
forall a. CryptoFailable a -> a
noFail (BulkKey -> CryptoFailable AES128
forall cipher key.
(Cipher cipher, ByteArray key) =>
key -> CryptoFailable cipher
forall key. ByteArray key => key -> CryptoFailable AES128
cipherInit BulkKey
key) :: AES128
     in (\BulkKey
nonce BulkKey
d BulkKey
ad ->
            let mode :: AEADMode
mode = Int -> CCM_M -> CCM_L -> AEADMode
AEAD_CCM (BulkKey -> Int
B.length BulkKey
d) CCM_M
CCM_M16 CCM_L
CCM_L3
                aeadIni :: AEAD AES128
aeadIni = CryptoFailable (AEAD AES128) -> AEAD AES128
forall a. CryptoFailable a -> a
noFail (AEADMode -> AES128 -> BulkKey -> CryptoFailable (AEAD AES128)
forall cipher iv.
(BlockCipher cipher, ByteArrayAccess iv) =>
AEADMode -> cipher -> iv -> CryptoFailable (AEAD cipher)
forall iv.
ByteArrayAccess iv =>
AEADMode -> AES128 -> iv -> CryptoFailable (AEAD AES128)
aeadInit AEADMode
mode AES128
ctx BulkKey
nonce)
             in (AuthTag, BulkKey) -> (BulkKey, AuthTag)
forall a b. (a, b) -> (b, a)
swap ((AuthTag, BulkKey) -> (BulkKey, AuthTag))
-> (AuthTag, BulkKey) -> (BulkKey, AuthTag)
forall a b. (a -> b) -> a -> b
$ AEAD AES128 -> BulkKey -> BulkKey -> Int -> (AuthTag, BulkKey)
forall aad ba a.
(ByteArrayAccess aad, ByteArray ba) =>
AEAD a -> aad -> ba -> Int -> (AuthTag, ba)
aeadSimpleEncrypt AEAD AES128
aeadIni BulkKey
ad BulkKey
d Int
16)
aes128ccm BulkDirection
BulkDecrypt BulkKey
key =
    let ctx :: AES128
ctx = CryptoFailable AES128 -> AES128
forall a. CryptoFailable a -> a
noFail (BulkKey -> CryptoFailable AES128
forall cipher key.
(Cipher cipher, ByteArray key) =>
key -> CryptoFailable cipher
forall key. ByteArray key => key -> CryptoFailable AES128
cipherInit BulkKey
key) :: AES128
     in (\BulkKey
nonce BulkKey
d BulkKey
ad ->
            let mode :: AEADMode
mode = Int -> CCM_M -> CCM_L -> AEADMode
AEAD_CCM (BulkKey -> Int
B.length BulkKey
d) CCM_M
CCM_M16 CCM_L
CCM_L3
                aeadIni :: AEAD AES128
aeadIni = CryptoFailable (AEAD AES128) -> AEAD AES128
forall a. CryptoFailable a -> a
noFail (AEADMode -> AES128 -> BulkKey -> CryptoFailable (AEAD AES128)
forall cipher iv.
(BlockCipher cipher, ByteArrayAccess iv) =>
AEADMode -> cipher -> iv -> CryptoFailable (AEAD cipher)
forall iv.
ByteArrayAccess iv =>
AEADMode -> AES128 -> iv -> CryptoFailable (AEAD AES128)
aeadInit AEADMode
mode AES128
ctx BulkKey
nonce)
             in AEAD AES128 -> BulkKey -> BulkKey -> Int -> (BulkKey, AuthTag)
forall cipher.
AEAD cipher -> BulkKey -> BulkKey -> Int -> (BulkKey, AuthTag)
simpleDecrypt AEAD AES128
aeadIni BulkKey
ad BulkKey
d Int
16)

aes128ccm8 :: BulkDirection -> BulkKey -> BulkAEAD
aes128ccm8 :: BulkDirection -> BulkKey -> BulkAEAD
aes128ccm8 BulkDirection
BulkEncrypt BulkKey
key =
    let ctx :: AES128
ctx = CryptoFailable AES128 -> AES128
forall a. CryptoFailable a -> a
noFail (BulkKey -> CryptoFailable AES128
forall cipher key.
(Cipher cipher, ByteArray key) =>
key -> CryptoFailable cipher
forall key. ByteArray key => key -> CryptoFailable AES128
cipherInit BulkKey
key) :: AES128
     in (\BulkKey
nonce BulkKey
d BulkKey
ad ->
            let mode :: AEADMode
mode = Int -> CCM_M -> CCM_L -> AEADMode
AEAD_CCM (BulkKey -> Int
B.length BulkKey
d) CCM_M
CCM_M8 CCM_L
CCM_L3
                aeadIni :: AEAD AES128
aeadIni = CryptoFailable (AEAD AES128) -> AEAD AES128
forall a. CryptoFailable a -> a
noFail (AEADMode -> AES128 -> BulkKey -> CryptoFailable (AEAD AES128)
forall cipher iv.
(BlockCipher cipher, ByteArrayAccess iv) =>
AEADMode -> cipher -> iv -> CryptoFailable (AEAD cipher)
forall iv.
ByteArrayAccess iv =>
AEADMode -> AES128 -> iv -> CryptoFailable (AEAD AES128)
aeadInit AEADMode
mode AES128
ctx BulkKey
nonce)
             in (AuthTag, BulkKey) -> (BulkKey, AuthTag)
forall a b. (a, b) -> (b, a)
swap ((AuthTag, BulkKey) -> (BulkKey, AuthTag))
-> (AuthTag, BulkKey) -> (BulkKey, AuthTag)
forall a b. (a -> b) -> a -> b
$ AEAD AES128 -> BulkKey -> BulkKey -> Int -> (AuthTag, BulkKey)
forall aad ba a.
(ByteArrayAccess aad, ByteArray ba) =>
AEAD a -> aad -> ba -> Int -> (AuthTag, ba)
aeadSimpleEncrypt AEAD AES128
aeadIni BulkKey
ad BulkKey
d Int
8)
aes128ccm8 BulkDirection
BulkDecrypt BulkKey
key =
    let ctx :: AES128
ctx = CryptoFailable AES128 -> AES128
forall a. CryptoFailable a -> a
noFail (BulkKey -> CryptoFailable AES128
forall cipher key.
(Cipher cipher, ByteArray key) =>
key -> CryptoFailable cipher
forall key. ByteArray key => key -> CryptoFailable AES128
cipherInit BulkKey
key) :: AES128
     in (\BulkKey
nonce BulkKey
d BulkKey
ad ->
            let mode :: AEADMode
mode = Int -> CCM_M -> CCM_L -> AEADMode
AEAD_CCM (BulkKey -> Int
B.length BulkKey
d) CCM_M
CCM_M8 CCM_L
CCM_L3
                aeadIni :: AEAD AES128
aeadIni = CryptoFailable (AEAD AES128) -> AEAD AES128
forall a. CryptoFailable a -> a
noFail (AEADMode -> AES128 -> BulkKey -> CryptoFailable (AEAD AES128)
forall cipher iv.
(BlockCipher cipher, ByteArrayAccess iv) =>
AEADMode -> cipher -> iv -> CryptoFailable (AEAD cipher)
forall iv.
ByteArrayAccess iv =>
AEADMode -> AES128 -> iv -> CryptoFailable (AEAD AES128)
aeadInit AEADMode
mode AES128
ctx BulkKey
nonce)
             in AEAD AES128 -> BulkKey -> BulkKey -> Int -> (BulkKey, AuthTag)
forall cipher.
AEAD cipher -> BulkKey -> BulkKey -> Int -> (BulkKey, AuthTag)
simpleDecrypt AEAD AES128
aeadIni BulkKey
ad BulkKey
d Int
8)

aes128gcm :: BulkDirection -> BulkKey -> BulkAEAD
aes128gcm :: BulkDirection -> BulkKey -> BulkAEAD
aes128gcm BulkDirection
BulkEncrypt BulkKey
key =
    let ctx :: AES128
ctx = CryptoFailable AES128 -> AES128
forall a. CryptoFailable a -> a
noFail (BulkKey -> CryptoFailable AES128
forall cipher key.
(Cipher cipher, ByteArray key) =>
key -> CryptoFailable cipher
forall key. ByteArray key => key -> CryptoFailable AES128
cipherInit BulkKey
key) :: AES128
     in (\BulkKey
nonce BulkKey
d BulkKey
ad ->
            let aeadIni :: AEAD AES128
aeadIni = CryptoFailable (AEAD AES128) -> AEAD AES128
forall a. CryptoFailable a -> a
noFail (AEADMode -> AES128 -> BulkKey -> CryptoFailable (AEAD AES128)
forall cipher iv.
(BlockCipher cipher, ByteArrayAccess iv) =>
AEADMode -> cipher -> iv -> CryptoFailable (AEAD cipher)
forall iv.
ByteArrayAccess iv =>
AEADMode -> AES128 -> iv -> CryptoFailable (AEAD AES128)
aeadInit AEADMode
AEAD_GCM AES128
ctx BulkKey
nonce)
             in (AuthTag, BulkKey) -> (BulkKey, AuthTag)
forall a b. (a, b) -> (b, a)
swap ((AuthTag, BulkKey) -> (BulkKey, AuthTag))
-> (AuthTag, BulkKey) -> (BulkKey, AuthTag)
forall a b. (a -> b) -> a -> b
$ AEAD AES128 -> BulkKey -> BulkKey -> Int -> (AuthTag, BulkKey)
forall aad ba a.
(ByteArrayAccess aad, ByteArray ba) =>
AEAD a -> aad -> ba -> Int -> (AuthTag, ba)
aeadSimpleEncrypt AEAD AES128
aeadIni BulkKey
ad BulkKey
d Int
16)
aes128gcm BulkDirection
BulkDecrypt BulkKey
key =
    let ctx :: AES128
ctx = CryptoFailable AES128 -> AES128
forall a. CryptoFailable a -> a
noFail (BulkKey -> CryptoFailable AES128
forall cipher key.
(Cipher cipher, ByteArray key) =>
key -> CryptoFailable cipher
forall key. ByteArray key => key -> CryptoFailable AES128
cipherInit BulkKey
key) :: AES128
     in (\BulkKey
nonce BulkKey
d BulkKey
ad ->
            let aeadIni :: AEAD AES128
aeadIni = CryptoFailable (AEAD AES128) -> AEAD AES128
forall a. CryptoFailable a -> a
noFail (AEADMode -> AES128 -> BulkKey -> CryptoFailable (AEAD AES128)
forall cipher iv.
(BlockCipher cipher, ByteArrayAccess iv) =>
AEADMode -> cipher -> iv -> CryptoFailable (AEAD cipher)
forall iv.
ByteArrayAccess iv =>
AEADMode -> AES128 -> iv -> CryptoFailable (AEAD AES128)
aeadInit AEADMode
AEAD_GCM AES128
ctx BulkKey
nonce)
             in AEAD AES128 -> BulkKey -> BulkKey -> Int -> (BulkKey, AuthTag)
forall cipher.
AEAD cipher -> BulkKey -> BulkKey -> Int -> (BulkKey, AuthTag)
simpleDecrypt AEAD AES128
aeadIni BulkKey
ad BulkKey
d Int
16)

aes256ccm :: BulkDirection -> BulkKey -> BulkAEAD
aes256ccm :: BulkDirection -> BulkKey -> BulkAEAD
aes256ccm BulkDirection
BulkEncrypt BulkKey
key =
    let ctx :: AES256
ctx = CryptoFailable AES256 -> AES256
forall a. CryptoFailable a -> a
noFail (BulkKey -> CryptoFailable AES256
forall cipher key.
(Cipher cipher, ByteArray key) =>
key -> CryptoFailable cipher
forall key. ByteArray key => key -> CryptoFailable AES256
cipherInit BulkKey
key) :: AES256
     in (\BulkKey
nonce BulkKey
d BulkKey
ad ->
            let mode :: AEADMode
mode = Int -> CCM_M -> CCM_L -> AEADMode
AEAD_CCM (BulkKey -> Int
B.length BulkKey
d) CCM_M
CCM_M16 CCM_L
CCM_L3
                aeadIni :: AEAD AES256
aeadIni = CryptoFailable (AEAD AES256) -> AEAD AES256
forall a. CryptoFailable a -> a
noFail (AEADMode -> AES256 -> BulkKey -> CryptoFailable (AEAD AES256)
forall cipher iv.
(BlockCipher cipher, ByteArrayAccess iv) =>
AEADMode -> cipher -> iv -> CryptoFailable (AEAD cipher)
forall iv.
ByteArrayAccess iv =>
AEADMode -> AES256 -> iv -> CryptoFailable (AEAD AES256)
aeadInit AEADMode
mode AES256
ctx BulkKey
nonce)
             in (AuthTag, BulkKey) -> (BulkKey, AuthTag)
forall a b. (a, b) -> (b, a)
swap ((AuthTag, BulkKey) -> (BulkKey, AuthTag))
-> (AuthTag, BulkKey) -> (BulkKey, AuthTag)
forall a b. (a -> b) -> a -> b
$ AEAD AES256 -> BulkKey -> BulkKey -> Int -> (AuthTag, BulkKey)
forall aad ba a.
(ByteArrayAccess aad, ByteArray ba) =>
AEAD a -> aad -> ba -> Int -> (AuthTag, ba)
aeadSimpleEncrypt AEAD AES256
aeadIni BulkKey
ad BulkKey
d Int
16)
aes256ccm BulkDirection
BulkDecrypt BulkKey
key =
    let ctx :: AES256
ctx = CryptoFailable AES256 -> AES256
forall a. CryptoFailable a -> a
noFail (BulkKey -> CryptoFailable AES256
forall cipher key.
(Cipher cipher, ByteArray key) =>
key -> CryptoFailable cipher
forall key. ByteArray key => key -> CryptoFailable AES256
cipherInit BulkKey
key) :: AES256
     in (\BulkKey
nonce BulkKey
d BulkKey
ad ->
            let mode :: AEADMode
mode = Int -> CCM_M -> CCM_L -> AEADMode
AEAD_CCM (BulkKey -> Int
B.length BulkKey
d) CCM_M
CCM_M16 CCM_L
CCM_L3
                aeadIni :: AEAD AES256
aeadIni = CryptoFailable (AEAD AES256) -> AEAD AES256
forall a. CryptoFailable a -> a
noFail (AEADMode -> AES256 -> BulkKey -> CryptoFailable (AEAD AES256)
forall cipher iv.
(BlockCipher cipher, ByteArrayAccess iv) =>
AEADMode -> cipher -> iv -> CryptoFailable (AEAD cipher)
forall iv.
ByteArrayAccess iv =>
AEADMode -> AES256 -> iv -> CryptoFailable (AEAD AES256)
aeadInit AEADMode
mode AES256
ctx BulkKey
nonce)
             in AEAD AES256 -> BulkKey -> BulkKey -> Int -> (BulkKey, AuthTag)
forall cipher.
AEAD cipher -> BulkKey -> BulkKey -> Int -> (BulkKey, AuthTag)
simpleDecrypt AEAD AES256
aeadIni BulkKey
ad BulkKey
d Int
16)

aes256ccm8 :: BulkDirection -> BulkKey -> BulkAEAD
aes256ccm8 :: BulkDirection -> BulkKey -> BulkAEAD
aes256ccm8 BulkDirection
BulkEncrypt BulkKey
key =
    let ctx :: AES256
ctx = CryptoFailable AES256 -> AES256
forall a. CryptoFailable a -> a
noFail (BulkKey -> CryptoFailable AES256
forall cipher key.
(Cipher cipher, ByteArray key) =>
key -> CryptoFailable cipher
forall key. ByteArray key => key -> CryptoFailable AES256
cipherInit BulkKey
key) :: AES256
     in (\BulkKey
nonce BulkKey
d BulkKey
ad ->
            let mode :: AEADMode
mode = Int -> CCM_M -> CCM_L -> AEADMode
AEAD_CCM (BulkKey -> Int
B.length BulkKey
d) CCM_M
CCM_M8 CCM_L
CCM_L3
                aeadIni :: AEAD AES256
aeadIni = CryptoFailable (AEAD AES256) -> AEAD AES256
forall a. CryptoFailable a -> a
noFail (AEADMode -> AES256 -> BulkKey -> CryptoFailable (AEAD AES256)
forall cipher iv.
(BlockCipher cipher, ByteArrayAccess iv) =>
AEADMode -> cipher -> iv -> CryptoFailable (AEAD cipher)
forall iv.
ByteArrayAccess iv =>
AEADMode -> AES256 -> iv -> CryptoFailable (AEAD AES256)
aeadInit AEADMode
mode AES256
ctx BulkKey
nonce)
             in (AuthTag, BulkKey) -> (BulkKey, AuthTag)
forall a b. (a, b) -> (b, a)
swap ((AuthTag, BulkKey) -> (BulkKey, AuthTag))
-> (AuthTag, BulkKey) -> (BulkKey, AuthTag)
forall a b. (a -> b) -> a -> b
$ AEAD AES256 -> BulkKey -> BulkKey -> Int -> (AuthTag, BulkKey)
forall aad ba a.
(ByteArrayAccess aad, ByteArray ba) =>
AEAD a -> aad -> ba -> Int -> (AuthTag, ba)
aeadSimpleEncrypt AEAD AES256
aeadIni BulkKey
ad BulkKey
d Int
8)
aes256ccm8 BulkDirection
BulkDecrypt BulkKey
key =
    let ctx :: AES256
ctx = CryptoFailable AES256 -> AES256
forall a. CryptoFailable a -> a
noFail (BulkKey -> CryptoFailable AES256
forall cipher key.
(Cipher cipher, ByteArray key) =>
key -> CryptoFailable cipher
forall key. ByteArray key => key -> CryptoFailable AES256
cipherInit BulkKey
key) :: AES256
     in (\BulkKey
nonce BulkKey
d BulkKey
ad ->
            let mode :: AEADMode
mode = Int -> CCM_M -> CCM_L -> AEADMode
AEAD_CCM (BulkKey -> Int
B.length BulkKey
d) CCM_M
CCM_M8 CCM_L
CCM_L3
                aeadIni :: AEAD AES256
aeadIni = CryptoFailable (AEAD AES256) -> AEAD AES256
forall a. CryptoFailable a -> a
noFail (AEADMode -> AES256 -> BulkKey -> CryptoFailable (AEAD AES256)
forall cipher iv.
(BlockCipher cipher, ByteArrayAccess iv) =>
AEADMode -> cipher -> iv -> CryptoFailable (AEAD cipher)
forall iv.
ByteArrayAccess iv =>
AEADMode -> AES256 -> iv -> CryptoFailable (AEAD AES256)
aeadInit AEADMode
mode AES256
ctx BulkKey
nonce)
             in AEAD AES256 -> BulkKey -> BulkKey -> Int -> (BulkKey, AuthTag)
forall cipher.
AEAD cipher -> BulkKey -> BulkKey -> Int -> (BulkKey, AuthTag)
simpleDecrypt AEAD AES256
aeadIni BulkKey
ad BulkKey
d Int
8)

aes256gcm :: BulkDirection -> BulkKey -> BulkAEAD
aes256gcm :: BulkDirection -> BulkKey -> BulkAEAD
aes256gcm BulkDirection
BulkEncrypt BulkKey
key =
    let ctx :: AES256
ctx = CryptoFailable AES256 -> AES256
forall a. CryptoFailable a -> a
noFail (BulkKey -> CryptoFailable AES256
forall cipher key.
(Cipher cipher, ByteArray key) =>
key -> CryptoFailable cipher
forall key. ByteArray key => key -> CryptoFailable AES256
cipherInit BulkKey
key) :: AES256
     in (\BulkKey
nonce BulkKey
d BulkKey
ad ->
            let aeadIni :: AEAD AES256
aeadIni = CryptoFailable (AEAD AES256) -> AEAD AES256
forall a. CryptoFailable a -> a
noFail (AEADMode -> AES256 -> BulkKey -> CryptoFailable (AEAD AES256)
forall cipher iv.
(BlockCipher cipher, ByteArrayAccess iv) =>
AEADMode -> cipher -> iv -> CryptoFailable (AEAD cipher)
forall iv.
ByteArrayAccess iv =>
AEADMode -> AES256 -> iv -> CryptoFailable (AEAD AES256)
aeadInit AEADMode
AEAD_GCM AES256
ctx BulkKey
nonce)
             in (AuthTag, BulkKey) -> (BulkKey, AuthTag)
forall a b. (a, b) -> (b, a)
swap ((AuthTag, BulkKey) -> (BulkKey, AuthTag))
-> (AuthTag, BulkKey) -> (BulkKey, AuthTag)
forall a b. (a -> b) -> a -> b
$ AEAD AES256 -> BulkKey -> BulkKey -> Int -> (AuthTag, BulkKey)
forall aad ba a.
(ByteArrayAccess aad, ByteArray ba) =>
AEAD a -> aad -> ba -> Int -> (AuthTag, ba)
aeadSimpleEncrypt AEAD AES256
aeadIni BulkKey
ad BulkKey
d Int
16)
aes256gcm BulkDirection
BulkDecrypt BulkKey
key =
    let ctx :: AES256
ctx = CryptoFailable AES256 -> AES256
forall a. CryptoFailable a -> a
noFail (BulkKey -> CryptoFailable AES256
forall cipher key.
(Cipher cipher, ByteArray key) =>
key -> CryptoFailable cipher
forall key. ByteArray key => key -> CryptoFailable AES256
cipherInit BulkKey
key) :: AES256
     in (\BulkKey
nonce BulkKey
d BulkKey
ad ->
            let aeadIni :: AEAD AES256
aeadIni = CryptoFailable (AEAD AES256) -> AEAD AES256
forall a. CryptoFailable a -> a
noFail (AEADMode -> AES256 -> BulkKey -> CryptoFailable (AEAD AES256)
forall cipher iv.
(BlockCipher cipher, ByteArrayAccess iv) =>
AEADMode -> cipher -> iv -> CryptoFailable (AEAD cipher)
forall iv.
ByteArrayAccess iv =>
AEADMode -> AES256 -> iv -> CryptoFailable (AEAD AES256)
aeadInit AEADMode
AEAD_GCM AES256
ctx BulkKey
nonce)
             in AEAD AES256 -> BulkKey -> BulkKey -> Int -> (BulkKey, AuthTag)
forall cipher.
AEAD cipher -> BulkKey -> BulkKey -> Int -> (BulkKey, AuthTag)
simpleDecrypt AEAD AES256
aeadIni BulkKey
ad BulkKey
d Int
16)

simpleDecrypt :: AEAD cipher -> B.ByteString -> B.ByteString -> Int -> (B.ByteString, AuthTag)
simpleDecrypt :: forall cipher.
AEAD cipher -> BulkKey -> BulkKey -> Int -> (BulkKey, AuthTag)
simpleDecrypt AEAD cipher
aeadIni BulkKey
header BulkKey
input Int
taglen = (BulkKey
output, AuthTag
tag)
  where
        aead :: AEAD cipher
aead                = AEAD cipher -> BulkKey -> AEAD cipher
forall aad cipher.
ByteArrayAccess aad =>
AEAD cipher -> aad -> AEAD cipher
aeadAppendHeader AEAD cipher
aeadIni BulkKey
header
        (BulkKey
output, AEAD cipher
aeadFinal) = AEAD cipher -> BulkKey -> (BulkKey, AEAD cipher)
forall ba cipher.
ByteArray ba =>
AEAD cipher -> ba -> (ba, AEAD cipher)
aeadDecrypt AEAD cipher
aead BulkKey
input
        tag :: AuthTag
tag                 = AEAD cipher -> Int -> AuthTag
forall cipher. AEAD cipher -> Int -> AuthTag
aeadFinalize AEAD cipher
aeadFinal Int
taglen

noFail :: CryptoFailable a -> a
noFail :: forall a. CryptoFailable a -> a
noFail = CryptoFailable a -> a
forall a. CryptoFailable a -> a
throwCryptoError

makeIV_ :: BlockCipher a => B.ByteString -> IV a
makeIV_ :: forall a. BlockCipher a => BulkKey -> IV a
makeIV_ = IV a -> Maybe (IV a) -> IV a
forall a. a -> Maybe a -> a
fromMaybe ([Char] -> IV a
forall a. HasCallStack => [Char] -> a
error [Char]
"makeIV_") (Maybe (IV a) -> IV a)
-> (BulkKey -> Maybe (IV a)) -> BulkKey -> IV a
forall b c a. (b -> c) -> (a -> b) -> a -> c
. BulkKey -> Maybe (IV a)
forall b c. (ByteArrayAccess b, BlockCipher c) => b -> Maybe (IV c)
makeIV

tripledes_ede :: BulkDirection -> BulkKey -> BulkBlock
tripledes_ede :: BulkDirection -> BulkKey -> BulkBlock
tripledes_ede BulkDirection
BulkEncrypt BulkKey
key =
    let ctx :: DES_EDE3
ctx = CryptoFailable DES_EDE3 -> DES_EDE3
forall a. CryptoFailable a -> a
noFail (CryptoFailable DES_EDE3 -> DES_EDE3)
-> CryptoFailable DES_EDE3 -> DES_EDE3
forall a b. (a -> b) -> a -> b
$ BulkKey -> CryptoFailable DES_EDE3
forall cipher key.
(Cipher cipher, ByteArray key) =>
key -> CryptoFailable cipher
forall key. ByteArray key => key -> CryptoFailable DES_EDE3
cipherInit BulkKey
key
     in (\BulkKey
iv BulkKey
input -> let output :: BulkKey
output = DES_EDE3 -> IV DES_EDE3 -> BulkKey -> BulkKey
forall cipher ba.
(BlockCipher cipher, ByteArray ba) =>
cipher -> IV cipher -> ba -> ba
forall ba. ByteArray ba => DES_EDE3 -> IV DES_EDE3 -> ba -> ba
cbcEncrypt DES_EDE3
ctx (BulkKey -> IV DES_EDE3
tripledes_iv BulkKey
iv) BulkKey
input in (BulkKey
output, Int -> BulkKey -> BulkKey
takelast Int
8 BulkKey
output))
tripledes_ede BulkDirection
BulkDecrypt BulkKey
key =
    let ctx :: DES_EDE3
ctx = CryptoFailable DES_EDE3 -> DES_EDE3
forall a. CryptoFailable a -> a
noFail (CryptoFailable DES_EDE3 -> DES_EDE3)
-> CryptoFailable DES_EDE3 -> DES_EDE3
forall a b. (a -> b) -> a -> b
$ BulkKey -> CryptoFailable DES_EDE3
forall cipher key.
(Cipher cipher, ByteArray key) =>
key -> CryptoFailable cipher
forall key. ByteArray key => key -> CryptoFailable DES_EDE3
cipherInit BulkKey
key
     in (\BulkKey
iv BulkKey
input -> let output :: BulkKey
output = DES_EDE3 -> IV DES_EDE3 -> BulkKey -> BulkKey
forall cipher ba.
(BlockCipher cipher, ByteArray ba) =>
cipher -> IV cipher -> ba -> ba
forall ba. ByteArray ba => DES_EDE3 -> IV DES_EDE3 -> ba -> ba
cbcDecrypt DES_EDE3
ctx (BulkKey -> IV DES_EDE3
tripledes_iv BulkKey
iv) BulkKey
input in (BulkKey
output, Int -> BulkKey -> BulkKey
takelast Int
8 BulkKey
input))

tripledes_iv :: BulkIV -> IV DES_EDE3
tripledes_iv :: BulkKey -> IV DES_EDE3
tripledes_iv BulkKey
iv = IV DES_EDE3 -> Maybe (IV DES_EDE3) -> IV DES_EDE3
forall a. a -> Maybe a -> a
fromMaybe ([Char] -> IV DES_EDE3
forall a. HasCallStack => [Char] -> a
error [Char]
"tripledes cipher iv internal error") (Maybe (IV DES_EDE3) -> IV DES_EDE3)
-> Maybe (IV DES_EDE3) -> IV DES_EDE3
forall a b. (a -> b) -> a -> b
$ BulkKey -> Maybe (IV DES_EDE3)
forall b c. (ByteArrayAccess b, BlockCipher c) => b -> Maybe (IV c)
makeIV BulkKey
iv

rc4 :: BulkDirection -> BulkKey -> BulkStream
rc4 :: BulkDirection -> BulkKey -> BulkStream
rc4 BulkDirection
_ BulkKey
bulkKey = (BulkKey -> (BulkKey, BulkStream)) -> BulkStream
BulkStream (State -> BulkKey -> (BulkKey, BulkStream)
combineRC4 (State -> BulkKey -> (BulkKey, BulkStream))
-> State -> BulkKey -> (BulkKey, BulkStream)
forall a b. (a -> b) -> a -> b
$ BulkKey -> State
forall key. ByteArrayAccess key => key -> State
RC4.initialize BulkKey
bulkKey)
  where
    combineRC4 :: State -> BulkKey -> (BulkKey, BulkStream)
combineRC4 State
ctx BulkKey
input =
        let (State
ctx', BulkKey
output) = State -> BulkKey -> (State, BulkKey)
forall ba. ByteArray ba => State -> ba -> (State, ba)
RC4.combine State
ctx BulkKey
input
         in (BulkKey
output, (BulkKey -> (BulkKey, BulkStream)) -> BulkStream
BulkStream (State -> BulkKey -> (BulkKey, BulkStream)
combineRC4 State
ctx'))

chacha20poly1305 :: BulkDirection -> BulkKey -> BulkAEAD
chacha20poly1305 :: BulkDirection -> BulkKey -> BulkAEAD
chacha20poly1305 BulkDirection
BulkEncrypt BulkKey
key BulkKey
nonce =
    let st :: State
st = CryptoFailable State -> State
forall a. CryptoFailable a -> a
noFail (BulkKey -> CryptoFailable Nonce
forall iv. ByteArrayAccess iv => iv -> CryptoFailable Nonce
ChaChaPoly1305.nonce12 BulkKey
nonce CryptoFailable Nonce
-> (Nonce -> CryptoFailable State) -> CryptoFailable State
forall a b.
CryptoFailable a -> (a -> CryptoFailable b) -> CryptoFailable b
forall (m :: * -> *) a b. Monad m => m a -> (a -> m b) -> m b
>>= BulkKey -> Nonce -> CryptoFailable State
forall key.
ByteArrayAccess key =>
key -> Nonce -> CryptoFailable State
ChaChaPoly1305.initialize BulkKey
key)
     in (\BulkKey
input BulkKey
ad ->
            let st2 :: State
st2 = State -> State
ChaChaPoly1305.finalizeAAD (BulkKey -> State -> State
forall ba. ByteArrayAccess ba => ba -> State -> State
ChaChaPoly1305.appendAAD BulkKey
ad State
st)
                (BulkKey
output, State
st3) = BulkKey -> State -> (BulkKey, State)
forall ba. ByteArray ba => ba -> State -> (ba, State)
ChaChaPoly1305.encrypt BulkKey
input State
st2
                Poly1305.Auth Bytes
tag = State -> Auth
ChaChaPoly1305.finalize State
st3
            in (BulkKey
output, Bytes -> AuthTag
AuthTag Bytes
tag))
chacha20poly1305 BulkDirection
BulkDecrypt BulkKey
key BulkKey
nonce =
    let st :: State
st = CryptoFailable State -> State
forall a. CryptoFailable a -> a
noFail (BulkKey -> CryptoFailable Nonce
forall iv. ByteArrayAccess iv => iv -> CryptoFailable Nonce
ChaChaPoly1305.nonce12 BulkKey
nonce CryptoFailable Nonce
-> (Nonce -> CryptoFailable State) -> CryptoFailable State
forall a b.
CryptoFailable a -> (a -> CryptoFailable b) -> CryptoFailable b
forall (m :: * -> *) a b. Monad m => m a -> (a -> m b) -> m b
>>= BulkKey -> Nonce -> CryptoFailable State
forall key.
ByteArrayAccess key =>
key -> Nonce -> CryptoFailable State
ChaChaPoly1305.initialize BulkKey
key)
     in (\BulkKey
input BulkKey
ad ->
            let st2 :: State
st2 = State -> State
ChaChaPoly1305.finalizeAAD (BulkKey -> State -> State
forall ba. ByteArrayAccess ba => ba -> State -> State
ChaChaPoly1305.appendAAD BulkKey
ad State
st)
                (BulkKey
output, State
st3) = BulkKey -> State -> (BulkKey, State)
forall ba. ByteArray ba => ba -> State -> (ba, State)
ChaChaPoly1305.decrypt BulkKey
input State
st2
                Poly1305.Auth Bytes
tag = State -> Auth
ChaChaPoly1305.finalize State
st3
            in (BulkKey
output, Bytes -> AuthTag
AuthTag Bytes
tag))

data CipherSet
    = SetAead [Cipher] [Cipher] [Cipher]  -- gcm, chacha, ccm
    | SetOther [Cipher]

-- Preference between AEAD ciphers having equivalent properties is based on
-- hardware-acceleration support in the crypton implementation.
sortOptimized :: [CipherSet] -> [Cipher]
sortOptimized :: [CipherSet] -> [Cipher]
sortOptimized = (CipherSet -> [Cipher]) -> [CipherSet] -> [Cipher]
forall (t :: * -> *) a b. Foldable t => (a -> [b]) -> t a -> [b]
concatMap CipherSet -> [Cipher]
f
  where
    f :: CipherSet -> [Cipher]
f (SetAead [Cipher]
gcm [Cipher]
chacha [Cipher]
ccm)
        | ProcessorOption
AESNI  ProcessorOption -> [ProcessorOption] -> Bool
forall (t :: * -> *) a. (Foldable t, Eq a) => a -> t a -> Bool
`notElem` [ProcessorOption]
processorOptions = [Cipher]
chacha [Cipher] -> [Cipher] -> [Cipher]
forall a. [a] -> [a] -> [a]
++ [Cipher]
gcm [Cipher] -> [Cipher] -> [Cipher]
forall a. [a] -> [a] -> [a]
++ [Cipher]
ccm
        | ProcessorOption
PCLMUL ProcessorOption -> [ProcessorOption] -> Bool
forall (t :: * -> *) a. (Foldable t, Eq a) => a -> t a -> Bool
`notElem` [ProcessorOption]
processorOptions = [Cipher]
ccm [Cipher] -> [Cipher] -> [Cipher]
forall a. [a] -> [a] -> [a]
++ [Cipher]
chacha [Cipher] -> [Cipher] -> [Cipher]
forall a. [a] -> [a] -> [a]
++ [Cipher]
gcm
        | Bool
otherwise                         = [Cipher]
gcm [Cipher] -> [Cipher] -> [Cipher]
forall a. [a] -> [a] -> [a]
++ [Cipher]
ccm [Cipher] -> [Cipher] -> [Cipher]
forall a. [a] -> [a] -> [a]
++ [Cipher]
chacha
    f (SetOther [Cipher]
ciphers) = [Cipher]
ciphers

-- Order which is deterministic but not optimized for the CPU.
sortDeterministic :: [CipherSet] -> [Cipher]
sortDeterministic :: [CipherSet] -> [Cipher]
sortDeterministic = (CipherSet -> [Cipher]) -> [CipherSet] -> [Cipher]
forall (t :: * -> *) a b. Foldable t => (a -> [b]) -> t a -> [b]
concatMap CipherSet -> [Cipher]
f
  where
    f :: CipherSet -> [Cipher]
f (SetAead [Cipher]
gcm [Cipher]
chacha [Cipher]
ccm) = [Cipher]
gcm [Cipher] -> [Cipher] -> [Cipher]
forall a. [a] -> [a] -> [a]
++ [Cipher]
chacha [Cipher] -> [Cipher] -> [Cipher]
forall a. [a] -> [a] -> [a]
++ [Cipher]
ccm
    f (SetOther [Cipher]
ciphers) = [Cipher]
ciphers

-- | All AES and ChaCha20-Poly1305 ciphers supported ordered from strong to
-- weak.  This choice of ciphersuites should satisfy most normal needs.  For
-- otherwise strong ciphers we make little distinction between AES128 and
-- AES256, and list each but the weakest of the AES128 ciphers ahead of the
-- corresponding AES256 ciphers.
--
-- AEAD ciphers with equivalent security properties are ordered based on CPU
-- hardware-acceleration support.  If this dynamic runtime behavior is not
-- desired, use 'ciphersuite_default_det' instead.
ciphersuite_default :: [Cipher]
ciphersuite_default :: [Cipher]
ciphersuite_default = [CipherSet] -> [Cipher]
sortOptimized [CipherSet]
sets_default

-- | Same as 'ciphersuite_default', but using deterministic preference not
-- influenced by the CPU.
ciphersuite_default_det :: [Cipher]
ciphersuite_default_det :: [Cipher]
ciphersuite_default_det = [CipherSet] -> [Cipher]
sortDeterministic [CipherSet]
sets_default

sets_default :: [CipherSet]
sets_default :: [CipherSet]
sets_default =
    [        -- First the PFS + GCM + SHA2 ciphers
      [Cipher] -> [Cipher] -> [Cipher] -> CipherSet
SetAead
        [ Cipher
cipher_ECDHE_ECDSA_AES128GCM_SHA256, Cipher
cipher_ECDHE_ECDSA_AES256GCM_SHA384 ]
        [ Cipher
cipher_ECDHE_ECDSA_CHACHA20POLY1305_SHA256 ]
        [ Cipher
cipher_ECDHE_ECDSA_AES128CCM_SHA256, Cipher
cipher_ECDHE_ECDSA_AES256CCM_SHA256 ]
    , [Cipher] -> [Cipher] -> [Cipher] -> CipherSet
SetAead
        [ Cipher
cipher_ECDHE_RSA_AES128GCM_SHA256, Cipher
cipher_ECDHE_RSA_AES256GCM_SHA384 ]
        [ Cipher
cipher_ECDHE_RSA_CHACHA20POLY1305_SHA256 ]
        []
    , [Cipher] -> [Cipher] -> [Cipher] -> CipherSet
SetAead
        [ Cipher
cipher_DHE_RSA_AES128GCM_SHA256, Cipher
cipher_DHE_RSA_AES256GCM_SHA384 ]
        [ Cipher
cipher_DHE_RSA_CHACHA20POLY1305_SHA256 ]
        [ Cipher
cipher_DHE_RSA_AES128CCM_SHA256, Cipher
cipher_DHE_RSA_AES256CCM_SHA256 ]
             -- Next the PFS + CBC + SHA2 ciphers
    , [Cipher] -> CipherSet
SetOther
          [ Cipher
cipher_ECDHE_ECDSA_AES128CBC_SHA256, Cipher
cipher_ECDHE_ECDSA_AES256CBC_SHA384
          , Cipher
cipher_ECDHE_RSA_AES128CBC_SHA256, Cipher
cipher_ECDHE_RSA_AES256CBC_SHA384
          , Cipher
cipher_DHE_RSA_AES128_SHA256, Cipher
cipher_DHE_RSA_AES256_SHA256
          ]
             -- Next the PFS + CBC + SHA1 ciphers
    , [Cipher] -> CipherSet
SetOther
          [ Cipher
cipher_ECDHE_ECDSA_AES128CBC_SHA, Cipher
cipher_ECDHE_ECDSA_AES256CBC_SHA
          , Cipher
cipher_ECDHE_RSA_AES128CBC_SHA, Cipher
cipher_ECDHE_RSA_AES256CBC_SHA
          , Cipher
cipher_DHE_RSA_AES128_SHA1, Cipher
cipher_DHE_RSA_AES256_SHA1
          ]
             -- Next the non-PFS + AEAD + SHA2 ciphers
    , [Cipher] -> [Cipher] -> [Cipher] -> CipherSet
SetAead
        [ Cipher
cipher_AES128GCM_SHA256, Cipher
cipher_AES256GCM_SHA384 ]
        []
        [ Cipher
cipher_AES128CCM_SHA256, Cipher
cipher_AES256CCM_SHA256 ]
             -- Next the non-PFS + CBC + SHA2 ciphers
    , [Cipher] -> CipherSet
SetOther [ Cipher
cipher_AES256_SHA256, Cipher
cipher_AES128_SHA256 ]
             -- Next the non-PFS + CBC + SHA1 ciphers
    , [Cipher] -> CipherSet
SetOther [ Cipher
cipher_AES256_SHA1, Cipher
cipher_AES128_SHA1 ]
             -- Nobody uses or should use DSS, RC4,  3DES or MD5
--  , SetOther
--      [ cipher_DHE_DSS_AES256_SHA1, cipher_DHE_DSS_AES128_SHA1
--      , cipher_DHE_DSS_RC4_SHA1, cipher_RC4_128_SHA1, cipher_RC4_128_MD5
--      , cipher_RSA_3DES_EDE_CBC_SHA1
--      ]
             -- TLS13 (listed at the end but version is negotiated first)
    , [Cipher] -> [Cipher] -> [Cipher] -> CipherSet
SetAead
        [ Cipher
cipher_TLS13_AES128GCM_SHA256, Cipher
cipher_TLS13_AES256GCM_SHA384 ]
        [ Cipher
cipher_TLS13_CHACHA20POLY1305_SHA256 ]
        [ Cipher
cipher_TLS13_AES128CCM_SHA256 ]
    ]

{-# WARNING ciphersuite_all "This ciphersuite list contains RC4. Use ciphersuite_strong or ciphersuite_default instead." #-}
-- | The default ciphersuites + some not recommended last resort ciphers.
--
-- AEAD ciphers with equivalent security properties are ordered based on CPU
-- hardware-acceleration support.  If this dynamic runtime behavior is not
-- desired, use 'ciphersuite_all_det' instead.
ciphersuite_all :: [Cipher]
ciphersuite_all :: [Cipher]
ciphersuite_all = [Cipher]
ciphersuite_default [Cipher] -> [Cipher] -> [Cipher]
forall a. [a] -> [a] -> [a]
++ [Cipher]
complement_all

{-# WARNING ciphersuite_all_det "This ciphersuite list contains RC4. Use ciphersuite_strong_det or ciphersuite_default_det instead." #-}
-- | Same as 'ciphersuite_all', but using deterministic preference not
-- influenced by the CPU.
ciphersuite_all_det :: [Cipher]
ciphersuite_all_det :: [Cipher]
ciphersuite_all_det = [Cipher]
ciphersuite_default_det [Cipher] -> [Cipher] -> [Cipher]
forall a. [a] -> [a] -> [a]
++ [Cipher]
complement_all

complement_all :: [Cipher]
complement_all :: [Cipher]
complement_all =
    [ Cipher
cipher_ECDHE_ECDSA_AES128CCM8_SHA256, Cipher
cipher_ECDHE_ECDSA_AES256CCM8_SHA256
    , Cipher
cipher_DHE_RSA_AES128CCM8_SHA256, Cipher
cipher_DHE_RSA_AES256CCM8_SHA256
    , Cipher
cipher_DHE_DSS_AES256_SHA1, Cipher
cipher_DHE_DSS_AES128_SHA1
    , Cipher
cipher_AES128CCM8_SHA256, Cipher
cipher_AES256CCM8_SHA256
    , Cipher
cipher_RSA_3DES_EDE_CBC_SHA1
    , Cipher
cipher_RC4_128_SHA1
    , Cipher
cipher_TLS13_AES128CCM8_SHA256
    ]

{-# DEPRECATED ciphersuite_medium "Use ciphersuite_strong or ciphersuite_default instead." #-}
-- | list of medium ciphers.
ciphersuite_medium :: [Cipher]
ciphersuite_medium :: [Cipher]
ciphersuite_medium = [ Cipher
cipher_RC4_128_SHA1
                     , Cipher
cipher_AES128_SHA1
                     ]

-- | The strongest ciphers supported.  For ciphers with PFS, AEAD and SHA2, we
-- list each AES128 variant after the corresponding AES256 and ChaCha20-Poly1305
-- variants.  For weaker constructs, we use just the AES256 form.
--
-- AEAD ciphers with equivalent security properties are ordered based on CPU
-- hardware-acceleration support.  If this dynamic runtime behavior is not
-- desired, use 'ciphersuite_strong_det' instead.
ciphersuite_strong :: [Cipher]
ciphersuite_strong :: [Cipher]
ciphersuite_strong = [CipherSet] -> [Cipher]
sortOptimized [CipherSet]
sets_strong

-- | Same as 'ciphersuite_strong', but using deterministic preference not
-- influenced by the CPU.
ciphersuite_strong_det :: [Cipher]
ciphersuite_strong_det :: [Cipher]
ciphersuite_strong_det = [CipherSet] -> [Cipher]
sortDeterministic [CipherSet]
sets_strong

sets_strong :: [CipherSet]
sets_strong :: [CipherSet]
sets_strong =
    [        -- If we have PFS + AEAD + SHA2, then allow AES128, else just 256
      [Cipher] -> [Cipher] -> [Cipher] -> CipherSet
SetAead [ Cipher
cipher_ECDHE_ECDSA_AES256GCM_SHA384 ]
              [ Cipher
cipher_ECDHE_ECDSA_CHACHA20POLY1305_SHA256 ]
              [ Cipher
cipher_ECDHE_ECDSA_AES256CCM_SHA256 ]
    , [Cipher] -> [Cipher] -> [Cipher] -> CipherSet
SetAead [ Cipher
cipher_ECDHE_ECDSA_AES128GCM_SHA256 ]
              []
              [ Cipher
cipher_ECDHE_ECDSA_AES128CCM_SHA256 ]
    , [Cipher] -> [Cipher] -> [Cipher] -> CipherSet
SetAead [ Cipher
cipher_ECDHE_RSA_AES256GCM_SHA384 ]
              [ Cipher
cipher_ECDHE_RSA_CHACHA20POLY1305_SHA256 ]
              []
    , [Cipher] -> [Cipher] -> [Cipher] -> CipherSet
SetAead [ Cipher
cipher_ECDHE_RSA_AES128GCM_SHA256 ]
              []
              []
    , [Cipher] -> [Cipher] -> [Cipher] -> CipherSet
SetAead [ Cipher
cipher_DHE_RSA_AES256GCM_SHA384 ]
              [ Cipher
cipher_DHE_RSA_CHACHA20POLY1305_SHA256 ]
              [ Cipher
cipher_DHE_RSA_AES256CCM_SHA256 ]
    , [Cipher] -> [Cipher] -> [Cipher] -> CipherSet
SetAead [ Cipher
cipher_DHE_RSA_AES128GCM_SHA256 ]
              []
              [ Cipher
cipher_DHE_RSA_AES128CCM_SHA256 ]
             -- No AEAD
    , [Cipher] -> CipherSet
SetOther
        [ Cipher
cipher_ECDHE_ECDSA_AES256CBC_SHA384
        , Cipher
cipher_ECDHE_RSA_AES256CBC_SHA384
        , Cipher
cipher_DHE_RSA_AES256_SHA256
        ]
             -- No SHA2
    , [Cipher] -> CipherSet
SetOther
        [ Cipher
cipher_ECDHE_ECDSA_AES256CBC_SHA
        , Cipher
cipher_ECDHE_RSA_AES256CBC_SHA
        , Cipher
cipher_DHE_RSA_AES256_SHA1
        ]
             -- No PFS
    , [Cipher] -> [Cipher] -> [Cipher] -> CipherSet
SetAead [ Cipher
cipher_AES256GCM_SHA384 ]
              []
              [ Cipher
cipher_AES256CCM_SHA256 ]
             -- Neither PFS nor AEAD, just SHA2
    , [Cipher] -> CipherSet
SetOther [ Cipher
cipher_AES256_SHA256 ]
             -- Last resort no PFS, AEAD or SHA2
    , [Cipher] -> CipherSet
SetOther [ Cipher
cipher_AES256_SHA1 ]
             -- TLS13 (listed at the end but version is negotiated first)
    , [Cipher] -> [Cipher] -> [Cipher] -> CipherSet
SetAead [ Cipher
cipher_TLS13_AES256GCM_SHA384 ]
              [ Cipher
cipher_TLS13_CHACHA20POLY1305_SHA256 ]
              []
    , [Cipher] -> [Cipher] -> [Cipher] -> CipherSet
SetAead [ Cipher
cipher_TLS13_AES128GCM_SHA256 ]
              []
              [ Cipher
cipher_TLS13_AES128CCM_SHA256 ]
    ]

-- | DHE-RSA cipher suite.  This only includes ciphers bound specifically to
-- DHE-RSA so TLS 1.3 ciphers must be added separately.
ciphersuite_dhe_rsa :: [Cipher]
ciphersuite_dhe_rsa :: [Cipher]
ciphersuite_dhe_rsa = [ Cipher
cipher_DHE_RSA_AES256GCM_SHA384, Cipher
cipher_DHE_RSA_AES256CCM_SHA256
                      , Cipher
cipher_DHE_RSA_CHACHA20POLY1305_SHA256
                      , Cipher
cipher_DHE_RSA_AES128GCM_SHA256, Cipher
cipher_DHE_RSA_AES128CCM_SHA256
                      , Cipher
cipher_DHE_RSA_AES256_SHA256, Cipher
cipher_DHE_RSA_AES128_SHA256
                      , Cipher
cipher_DHE_RSA_AES256_SHA1, Cipher
cipher_DHE_RSA_AES128_SHA1
                      ]

ciphersuite_dhe_dss :: [Cipher]
ciphersuite_dhe_dss :: [Cipher]
ciphersuite_dhe_dss = [Cipher
cipher_DHE_DSS_AES256_SHA1, Cipher
cipher_DHE_DSS_AES128_SHA1, Cipher
cipher_DHE_DSS_RC4_SHA1]

-- | all unencrypted ciphers, do not use on insecure network.
ciphersuite_unencrypted :: [Cipher]
ciphersuite_unencrypted :: [Cipher]
ciphersuite_unencrypted = [Cipher
cipher_null_MD5, Cipher
cipher_null_SHA1]

bulk_null, bulk_rc4, bulk_aes128, bulk_aes256, bulk_tripledes_ede, bulk_aes128gcm, bulk_aes256gcm :: Bulk
bulk_aes128ccm, bulk_aes128ccm8, bulk_aes256ccm, bulk_aes256ccm8, bulk_chacha20poly1305 :: Bulk
bulk_null :: Bulk
bulk_null = Bulk
    { bulkName :: [Char]
bulkName         = [Char]
"null"
    , bulkKeySize :: Int
bulkKeySize      = Int
0
    , bulkIVSize :: Int
bulkIVSize       = Int
0
    , bulkExplicitIV :: Int
bulkExplicitIV   = Int
0
    , bulkAuthTagLen :: Int
bulkAuthTagLen   = Int
0
    , bulkBlockSize :: Int
bulkBlockSize    = Int
0
    , bulkF :: BulkFunctions
bulkF            = (BulkDirection -> BulkKey -> BulkStream) -> BulkFunctions
BulkStreamF BulkDirection -> BulkKey -> BulkStream
forall {p} {p}. p -> p -> BulkStream
passThrough
    }
  where
    passThrough :: p -> p -> BulkStream
passThrough p
_ p
_ = (BulkKey -> (BulkKey, BulkStream)) -> BulkStream
BulkStream BulkKey -> (BulkKey, BulkStream)
go where go :: BulkKey -> (BulkKey, BulkStream)
go BulkKey
inp = (BulkKey
inp, (BulkKey -> (BulkKey, BulkStream)) -> BulkStream
BulkStream BulkKey -> (BulkKey, BulkStream)
go)

bulk_rc4 :: Bulk
bulk_rc4 = Bulk
    { bulkName :: [Char]
bulkName         = [Char]
"RC4-128"
    , bulkKeySize :: Int
bulkKeySize      = Int
16
    , bulkIVSize :: Int
bulkIVSize       = Int
0
    , bulkExplicitIV :: Int
bulkExplicitIV   = Int
0
    , bulkAuthTagLen :: Int
bulkAuthTagLen   = Int
0
    , bulkBlockSize :: Int
bulkBlockSize    = Int
0
    , bulkF :: BulkFunctions
bulkF            = (BulkDirection -> BulkKey -> BulkStream) -> BulkFunctions
BulkStreamF BulkDirection -> BulkKey -> BulkStream
rc4
    }

bulk_aes128 :: Bulk
bulk_aes128 = Bulk
    { bulkName :: [Char]
bulkName         = [Char]
"AES128"
    , bulkKeySize :: Int
bulkKeySize      = Int
16
    , bulkIVSize :: Int
bulkIVSize       = Int
16
    , bulkExplicitIV :: Int
bulkExplicitIV   = Int
0
    , bulkAuthTagLen :: Int
bulkAuthTagLen   = Int
0
    , bulkBlockSize :: Int
bulkBlockSize    = Int
16
    , bulkF :: BulkFunctions
bulkF            = (BulkDirection -> BulkKey -> BulkBlock) -> BulkFunctions
BulkBlockF BulkDirection -> BulkKey -> BulkBlock
aes128cbc
    }

bulk_aes128ccm :: Bulk
bulk_aes128ccm = Bulk
    { bulkName :: [Char]
bulkName         = [Char]
"AES128CCM"
    , bulkKeySize :: Int
bulkKeySize      = Int
16 -- RFC 5116 Sec 5.1: K_LEN
    , bulkIVSize :: Int
bulkIVSize       = Int
4  -- RFC 6655 CCMNonce.salt, fixed_iv_length
    , bulkExplicitIV :: Int
bulkExplicitIV   = Int
8
    , bulkAuthTagLen :: Int
bulkAuthTagLen   = Int
16
    , bulkBlockSize :: Int
bulkBlockSize    = Int
0  -- dummy, not used
    , bulkF :: BulkFunctions
bulkF            = (BulkDirection -> BulkKey -> BulkAEAD) -> BulkFunctions
BulkAeadF BulkDirection -> BulkKey -> BulkAEAD
aes128ccm
    }

bulk_aes128ccm8 :: Bulk
bulk_aes128ccm8 = Bulk
    { bulkName :: [Char]
bulkName         = [Char]
"AES128CCM8"
    , bulkKeySize :: Int
bulkKeySize      = Int
16 -- RFC 5116 Sec 5.1: K_LEN
    , bulkIVSize :: Int
bulkIVSize       = Int
4  -- RFC 6655 CCMNonce.salt, fixed_iv_length
    , bulkExplicitIV :: Int
bulkExplicitIV   = Int
8
    , bulkAuthTagLen :: Int
bulkAuthTagLen   = Int
8
    , bulkBlockSize :: Int
bulkBlockSize    = Int
0  -- dummy, not used
    , bulkF :: BulkFunctions
bulkF            = (BulkDirection -> BulkKey -> BulkAEAD) -> BulkFunctions
BulkAeadF BulkDirection -> BulkKey -> BulkAEAD
aes128ccm8
    }

bulk_aes128gcm :: Bulk
bulk_aes128gcm = Bulk
    { bulkName :: [Char]
bulkName         = [Char]
"AES128GCM"
    , bulkKeySize :: Int
bulkKeySize      = Int
16 -- RFC 5116 Sec 5.1: K_LEN
    , bulkIVSize :: Int
bulkIVSize       = Int
4  -- RFC 5288 GCMNonce.salt, fixed_iv_length
    , bulkExplicitIV :: Int
bulkExplicitIV   = Int
8
    , bulkAuthTagLen :: Int
bulkAuthTagLen   = Int
16
    , bulkBlockSize :: Int
bulkBlockSize    = Int
0  -- dummy, not used
    , bulkF :: BulkFunctions
bulkF            = (BulkDirection -> BulkKey -> BulkAEAD) -> BulkFunctions
BulkAeadF BulkDirection -> BulkKey -> BulkAEAD
aes128gcm
    }

bulk_aes256ccm :: Bulk
bulk_aes256ccm = Bulk
    { bulkName :: [Char]
bulkName         = [Char]
"AES256CCM"
    , bulkKeySize :: Int
bulkKeySize      = Int
32 -- RFC 5116 Sec 5.1: K_LEN
    , bulkIVSize :: Int
bulkIVSize       = Int
4  -- RFC 6655 CCMNonce.salt, fixed_iv_length
    , bulkExplicitIV :: Int
bulkExplicitIV   = Int
8
    , bulkAuthTagLen :: Int
bulkAuthTagLen   = Int
16
    , bulkBlockSize :: Int
bulkBlockSize    = Int
0  -- dummy, not used
    , bulkF :: BulkFunctions
bulkF            = (BulkDirection -> BulkKey -> BulkAEAD) -> BulkFunctions
BulkAeadF BulkDirection -> BulkKey -> BulkAEAD
aes256ccm
    }

bulk_aes256ccm8 :: Bulk
bulk_aes256ccm8 = Bulk
    { bulkName :: [Char]
bulkName         = [Char]
"AES256CCM8"
    , bulkKeySize :: Int
bulkKeySize      = Int
32 -- RFC 5116 Sec 5.1: K_LEN
    , bulkIVSize :: Int
bulkIVSize       = Int
4  -- RFC 6655 CCMNonce.salt, fixed_iv_length
    , bulkExplicitIV :: Int
bulkExplicitIV   = Int
8
    , bulkAuthTagLen :: Int
bulkAuthTagLen   = Int
8
    , bulkBlockSize :: Int
bulkBlockSize    = Int
0  -- dummy, not used
    , bulkF :: BulkFunctions
bulkF            = (BulkDirection -> BulkKey -> BulkAEAD) -> BulkFunctions
BulkAeadF BulkDirection -> BulkKey -> BulkAEAD
aes256ccm8
    }

bulk_aes256gcm :: Bulk
bulk_aes256gcm = Bulk
    { bulkName :: [Char]
bulkName         = [Char]
"AES256GCM"
    , bulkKeySize :: Int
bulkKeySize      = Int
32 -- RFC 5116 Sec 5.1: K_LEN
    , bulkIVSize :: Int
bulkIVSize       = Int
4  -- RFC 5288 GCMNonce.salt, fixed_iv_length
    , bulkExplicitIV :: Int
bulkExplicitIV   = Int
8
    , bulkAuthTagLen :: Int
bulkAuthTagLen   = Int
16
    , bulkBlockSize :: Int
bulkBlockSize    = Int
0  -- dummy, not used
    , bulkF :: BulkFunctions
bulkF            = (BulkDirection -> BulkKey -> BulkAEAD) -> BulkFunctions
BulkAeadF BulkDirection -> BulkKey -> BulkAEAD
aes256gcm
    }

bulk_aes256 :: Bulk
bulk_aes256 = Bulk
    { bulkName :: [Char]
bulkName         = [Char]
"AES256"
    , bulkKeySize :: Int
bulkKeySize      = Int
32
    , bulkIVSize :: Int
bulkIVSize       = Int
16
    , bulkExplicitIV :: Int
bulkExplicitIV   = Int
0
    , bulkAuthTagLen :: Int
bulkAuthTagLen   = Int
0
    , bulkBlockSize :: Int
bulkBlockSize    = Int
16
    , bulkF :: BulkFunctions
bulkF            = (BulkDirection -> BulkKey -> BulkBlock) -> BulkFunctions
BulkBlockF BulkDirection -> BulkKey -> BulkBlock
aes256cbc
    }

bulk_tripledes_ede :: Bulk
bulk_tripledes_ede = Bulk
    { bulkName :: [Char]
bulkName      = [Char]
"3DES-EDE-CBC"
    , bulkKeySize :: Int
bulkKeySize   = Int
24
    , bulkIVSize :: Int
bulkIVSize    = Int
8
    , bulkExplicitIV :: Int
bulkExplicitIV = Int
0
    , bulkAuthTagLen :: Int
bulkAuthTagLen = Int
0
    , bulkBlockSize :: Int
bulkBlockSize = Int
8
    , bulkF :: BulkFunctions
bulkF         = (BulkDirection -> BulkKey -> BulkBlock) -> BulkFunctions
BulkBlockF BulkDirection -> BulkKey -> BulkBlock
tripledes_ede
    }

bulk_chacha20poly1305 :: Bulk
bulk_chacha20poly1305 = Bulk
    { bulkName :: [Char]
bulkName         = [Char]
"CHACHA20POLY1305"
    , bulkKeySize :: Int
bulkKeySize      = Int
32
    , bulkIVSize :: Int
bulkIVSize       = Int
12 -- RFC 7905 section 2, fixed_iv_length
    , bulkExplicitIV :: Int
bulkExplicitIV   = Int
0
    , bulkAuthTagLen :: Int
bulkAuthTagLen   = Int
16
    , bulkBlockSize :: Int
bulkBlockSize    = Int
0  -- dummy, not used
    , bulkF :: BulkFunctions
bulkF            = (BulkDirection -> BulkKey -> BulkAEAD) -> BulkFunctions
BulkAeadF BulkDirection -> BulkKey -> BulkAEAD
chacha20poly1305
    }

-- TLS13 bulks are same as TLS12 except they never have explicit IV
bulk_aes128gcm_13, bulk_aes256gcm_13, bulk_aes128ccm_13, bulk_aes128ccm8_13 :: Bulk
bulk_aes128gcm_13 :: Bulk
bulk_aes128gcm_13  = Bulk
bulk_aes128gcm  { bulkIVSize = 12, bulkExplicitIV = 0 }
bulk_aes256gcm_13 :: Bulk
bulk_aes256gcm_13  = Bulk
bulk_aes256gcm  { bulkIVSize = 12, bulkExplicitIV = 0 }
bulk_aes128ccm_13 :: Bulk
bulk_aes128ccm_13  = Bulk
bulk_aes128ccm  { bulkIVSize = 12, bulkExplicitIV = 0 }
bulk_aes128ccm8_13 :: Bulk
bulk_aes128ccm8_13 = Bulk
bulk_aes128ccm8 { bulkIVSize = 12, bulkExplicitIV = 0 }

-- | unencrypted cipher using RSA for key exchange and MD5 for digest
cipher_null_MD5 :: Cipher
cipher_null_MD5 :: Cipher
cipher_null_MD5 = Cipher
    { cipherID :: CipherID
cipherID           = CipherID
0x0001
    , cipherName :: [Char]
cipherName         = [Char]
"RSA-null-MD5"
    , cipherBulk :: Bulk
cipherBulk         = Bulk
bulk_null
    , cipherHash :: Hash
cipherHash         = Hash
MD5
    , cipherPRFHash :: Maybe Hash
cipherPRFHash      = Maybe Hash
forall a. Maybe a
Nothing
    , cipherKeyExchange :: CipherKeyExchangeType
cipherKeyExchange  = CipherKeyExchangeType
CipherKeyExchange_RSA
    , cipherMinVer :: Maybe Version
cipherMinVer       = Maybe Version
forall a. Maybe a
Nothing
    }

-- | unencrypted cipher using RSA for key exchange and SHA1 for digest
cipher_null_SHA1 :: Cipher
cipher_null_SHA1 :: Cipher
cipher_null_SHA1 = Cipher
    { cipherID :: CipherID
cipherID           = CipherID
0x0002
    , cipherName :: [Char]
cipherName         = [Char]
"RSA-null-SHA1"
    , cipherBulk :: Bulk
cipherBulk         = Bulk
bulk_null
    , cipherHash :: Hash
cipherHash         = Hash
SHA1
    , cipherPRFHash :: Maybe Hash
cipherPRFHash      = Maybe Hash
forall a. Maybe a
Nothing
    , cipherKeyExchange :: CipherKeyExchangeType
cipherKeyExchange  = CipherKeyExchangeType
CipherKeyExchange_RSA
    , cipherMinVer :: Maybe Version
cipherMinVer       = Maybe Version
forall a. Maybe a
Nothing
    }

-- | RC4 cipher, RSA key exchange and MD5 for digest
cipher_RC4_128_MD5 :: Cipher
cipher_RC4_128_MD5 :: Cipher
cipher_RC4_128_MD5 = Cipher
    { cipherID :: CipherID
cipherID           = CipherID
0x0004
    , cipherName :: [Char]
cipherName         = [Char]
"RSA-rc4-128-md5"
    , cipherBulk :: Bulk
cipherBulk         = Bulk
bulk_rc4
    , cipherHash :: Hash
cipherHash         = Hash
MD5
    , cipherPRFHash :: Maybe Hash
cipherPRFHash      = Maybe Hash
forall a. Maybe a
Nothing
    , cipherKeyExchange :: CipherKeyExchangeType
cipherKeyExchange  = CipherKeyExchangeType
CipherKeyExchange_RSA
    , cipherMinVer :: Maybe Version
cipherMinVer       = Maybe Version
forall a. Maybe a
Nothing
    }

-- | RC4 cipher, RSA key exchange and SHA1 for digest
cipher_RC4_128_SHA1 :: Cipher
cipher_RC4_128_SHA1 :: Cipher
cipher_RC4_128_SHA1 = Cipher
    { cipherID :: CipherID
cipherID           = CipherID
0x0005
    , cipherName :: [Char]
cipherName         = [Char]
"RSA-rc4-128-sha1"
    , cipherBulk :: Bulk
cipherBulk         = Bulk
bulk_rc4
    , cipherHash :: Hash
cipherHash         = Hash
SHA1
    , cipherPRFHash :: Maybe Hash
cipherPRFHash      = Maybe Hash
forall a. Maybe a
Nothing
    , cipherKeyExchange :: CipherKeyExchangeType
cipherKeyExchange  = CipherKeyExchangeType
CipherKeyExchange_RSA
    , cipherMinVer :: Maybe Version
cipherMinVer       = Maybe Version
forall a. Maybe a
Nothing
    }

-- | 3DES cipher (168 bit key), RSA key exchange and SHA1 for digest
cipher_RSA_3DES_EDE_CBC_SHA1 :: Cipher
cipher_RSA_3DES_EDE_CBC_SHA1 :: Cipher
cipher_RSA_3DES_EDE_CBC_SHA1 = Cipher
    { cipherID :: CipherID
cipherID           = CipherID
0x000A
    , cipherName :: [Char]
cipherName         = [Char]
"RSA-3DES-EDE-CBC-SHA1"
    , cipherBulk :: Bulk
cipherBulk         = Bulk
bulk_tripledes_ede
    , cipherHash :: Hash
cipherHash         = Hash
SHA1
    , cipherPRFHash :: Maybe Hash
cipherPRFHash      = Maybe Hash
forall a. Maybe a
Nothing
    , cipherKeyExchange :: CipherKeyExchangeType
cipherKeyExchange  = CipherKeyExchangeType
CipherKeyExchange_RSA
    , cipherMinVer :: Maybe Version
cipherMinVer       = Maybe Version
forall a. Maybe a
Nothing
    }

-- | AES cipher (128 bit key), RSA key exchange and SHA1 for digest
cipher_AES128_SHA1 :: Cipher
cipher_AES128_SHA1 :: Cipher
cipher_AES128_SHA1 = Cipher
    { cipherID :: CipherID
cipherID           = CipherID
0x002F
    , cipherName :: [Char]
cipherName         = [Char]
"RSA-AES128-SHA1"
    , cipherBulk :: Bulk
cipherBulk         = Bulk
bulk_aes128
    , cipherHash :: Hash
cipherHash         = Hash
SHA1
    , cipherPRFHash :: Maybe Hash
cipherPRFHash      = Maybe Hash
forall a. Maybe a
Nothing
    , cipherKeyExchange :: CipherKeyExchangeType
cipherKeyExchange  = CipherKeyExchangeType
CipherKeyExchange_RSA
    , cipherMinVer :: Maybe Version
cipherMinVer       = Version -> Maybe Version
forall a. a -> Maybe a
Just Version
SSL3
    }

-- | AES cipher (128 bit key), DHE key exchanged signed by DSA and SHA1 for digest
cipher_DHE_DSS_AES128_SHA1 :: Cipher
cipher_DHE_DSS_AES128_SHA1 :: Cipher
cipher_DHE_DSS_AES128_SHA1 = Cipher
    { cipherID :: CipherID
cipherID           = CipherID
0x0032
    , cipherName :: [Char]
cipherName         = [Char]
"DHE-DSA-AES128-SHA1"
    , cipherBulk :: Bulk
cipherBulk         = Bulk
bulk_aes128
    , cipherHash :: Hash
cipherHash         = Hash
SHA1
    , cipherPRFHash :: Maybe Hash
cipherPRFHash      = Maybe Hash
forall a. Maybe a
Nothing
    , cipherKeyExchange :: CipherKeyExchangeType
cipherKeyExchange  = CipherKeyExchangeType
CipherKeyExchange_DHE_DSS
    , cipherMinVer :: Maybe Version
cipherMinVer       = Maybe Version
forall a. Maybe a
Nothing
    }

-- | AES cipher (128 bit key), DHE key exchanged signed by RSA and SHA1 for digest
cipher_DHE_RSA_AES128_SHA1 :: Cipher
cipher_DHE_RSA_AES128_SHA1 :: Cipher
cipher_DHE_RSA_AES128_SHA1 = Cipher
    { cipherID :: CipherID
cipherID           = CipherID
0x0033
    , cipherName :: [Char]
cipherName         = [Char]
"DHE-RSA-AES128-SHA1"
    , cipherBulk :: Bulk
cipherBulk         = Bulk
bulk_aes128
    , cipherHash :: Hash
cipherHash         = Hash
SHA1
    , cipherPRFHash :: Maybe Hash
cipherPRFHash      = Maybe Hash
forall a. Maybe a
Nothing
    , cipherKeyExchange :: CipherKeyExchangeType
cipherKeyExchange  = CipherKeyExchangeType
CipherKeyExchange_DHE_RSA
    , cipherMinVer :: Maybe Version
cipherMinVer       = Maybe Version
forall a. Maybe a
Nothing
    }

-- | AES cipher (256 bit key), RSA key exchange and SHA1 for digest
cipher_AES256_SHA1 :: Cipher
cipher_AES256_SHA1 :: Cipher
cipher_AES256_SHA1 = Cipher
    { cipherID :: CipherID
cipherID           = CipherID
0x0035
    , cipherName :: [Char]
cipherName         = [Char]
"RSA-AES256-SHA1"
    , cipherBulk :: Bulk
cipherBulk         = Bulk
bulk_aes256
    , cipherHash :: Hash
cipherHash         = Hash
SHA1
    , cipherPRFHash :: Maybe Hash
cipherPRFHash      = Maybe Hash
forall a. Maybe a
Nothing
    , cipherKeyExchange :: CipherKeyExchangeType
cipherKeyExchange  = CipherKeyExchangeType
CipherKeyExchange_RSA
    , cipherMinVer :: Maybe Version
cipherMinVer       = Version -> Maybe Version
forall a. a -> Maybe a
Just Version
SSL3
    }

-- | AES cipher (256 bit key), DHE key exchanged signed by DSA and SHA1 for digest
cipher_DHE_DSS_AES256_SHA1 :: Cipher
cipher_DHE_DSS_AES256_SHA1 :: Cipher
cipher_DHE_DSS_AES256_SHA1 = Cipher
cipher_DHE_DSS_AES128_SHA1
    { cipherID           = 0x0038
    , cipherName         = "DHE-DSA-AES256-SHA1"
    , cipherBulk         = bulk_aes256
    }

-- | AES cipher (256 bit key), DHE key exchanged signed by RSA and SHA1 for digest
cipher_DHE_RSA_AES256_SHA1 :: Cipher
cipher_DHE_RSA_AES256_SHA1 :: Cipher
cipher_DHE_RSA_AES256_SHA1 = Cipher
cipher_DHE_RSA_AES128_SHA1
    { cipherID           = 0x0039
    , cipherName         = "DHE-RSA-AES256-SHA1"
    , cipherBulk         = bulk_aes256
    }

-- | AES cipher (128 bit key), RSA key exchange and SHA256 for digest
cipher_AES128_SHA256 :: Cipher
cipher_AES128_SHA256 :: Cipher
cipher_AES128_SHA256 = Cipher
    { cipherID :: CipherID
cipherID           = CipherID
0x003C
    , cipherName :: [Char]
cipherName         = [Char]
"RSA-AES128-SHA256"
    , cipherBulk :: Bulk
cipherBulk         = Bulk
bulk_aes128
    , cipherHash :: Hash
cipherHash         = Hash
SHA256
    , cipherPRFHash :: Maybe Hash
cipherPRFHash      = Hash -> Maybe Hash
forall a. a -> Maybe a
Just Hash
SHA256
    , cipherKeyExchange :: CipherKeyExchangeType
cipherKeyExchange  = CipherKeyExchangeType
CipherKeyExchange_RSA
    , cipherMinVer :: Maybe Version
cipherMinVer       = Version -> Maybe Version
forall a. a -> Maybe a
Just Version
TLS12
    }

-- | AES cipher (256 bit key), RSA key exchange and SHA256 for digest
cipher_AES256_SHA256 :: Cipher
cipher_AES256_SHA256 :: Cipher
cipher_AES256_SHA256 = Cipher
    { cipherID :: CipherID
cipherID           = CipherID
0x003D
    , cipherName :: [Char]
cipherName         = [Char]
"RSA-AES256-SHA256"
    , cipherBulk :: Bulk
cipherBulk         = Bulk
bulk_aes256
    , cipherHash :: Hash
cipherHash         = Hash
SHA256
    , cipherPRFHash :: Maybe Hash
cipherPRFHash      = Hash -> Maybe Hash
forall a. a -> Maybe a
Just Hash
SHA256
    , cipherKeyExchange :: CipherKeyExchangeType
cipherKeyExchange  = CipherKeyExchangeType
CipherKeyExchange_RSA
    , cipherMinVer :: Maybe Version
cipherMinVer       = Version -> Maybe Version
forall a. a -> Maybe a
Just Version
TLS12
    }

-- This is not registered in IANA.
-- So, this will be removed in the next major release.
cipher_DHE_DSS_RC4_SHA1 :: Cipher
cipher_DHE_DSS_RC4_SHA1 :: Cipher
cipher_DHE_DSS_RC4_SHA1 = Cipher
cipher_DHE_DSS_AES128_SHA1
    { cipherID           = 0x0066
    , cipherName         = "DHE-DSA-RC4-SHA1"
    , cipherBulk         = bulk_rc4
    }

cipher_DHE_RSA_AES128_SHA256 :: Cipher
cipher_DHE_RSA_AES128_SHA256 :: Cipher
cipher_DHE_RSA_AES128_SHA256 = Cipher
cipher_DHE_RSA_AES128_SHA1
    { cipherID           = 0x0067
    , cipherName         = "DHE-RSA-AES128-SHA256"
    , cipherHash         = SHA256
    , cipherPRFHash      = Just SHA256
    , cipherMinVer       = Just TLS12
    }

cipher_DHE_RSA_AES256_SHA256 :: Cipher
cipher_DHE_RSA_AES256_SHA256 :: Cipher
cipher_DHE_RSA_AES256_SHA256 = Cipher
cipher_DHE_RSA_AES128_SHA256
    { cipherID           = 0x006B
    , cipherName         = "DHE-RSA-AES256-SHA256"
    , cipherBulk         = bulk_aes256
    }

-- | AESCCM cipher (128 bit key), RSA key exchange.
-- The SHA256 digest is used as a PRF, not as a MAC.
cipher_AES128CCM_SHA256 :: Cipher
cipher_AES128CCM_SHA256 :: Cipher
cipher_AES128CCM_SHA256 = Cipher
    { cipherID :: CipherID
cipherID           = CipherID
0xc09c
    , cipherName :: [Char]
cipherName         = [Char]
"RSA-AES128CCM-SHA256"
    , cipherBulk :: Bulk
cipherBulk         = Bulk
bulk_aes128ccm
    , cipherHash :: Hash
cipherHash         = Hash
SHA256
    , cipherPRFHash :: Maybe Hash
cipherPRFHash      = Hash -> Maybe Hash
forall a. a -> Maybe a
Just Hash
SHA256
    , cipherKeyExchange :: CipherKeyExchangeType
cipherKeyExchange  = CipherKeyExchangeType
CipherKeyExchange_RSA
    , cipherMinVer :: Maybe Version
cipherMinVer       = Version -> Maybe Version
forall a. a -> Maybe a
Just Version
TLS12 -- RFC 6655 Sec 3
    }

-- | AESCCM8 cipher (128 bit key), RSA key exchange.
-- The SHA256 digest is used as a PRF, not as a MAC.
cipher_AES128CCM8_SHA256 :: Cipher
cipher_AES128CCM8_SHA256 :: Cipher
cipher_AES128CCM8_SHA256 = Cipher
    { cipherID :: CipherID
cipherID           = CipherID
0xc0a0
    , cipherName :: [Char]
cipherName         = [Char]
"RSA-AES128CCM8-SHA256"
    , cipherBulk :: Bulk
cipherBulk         = Bulk
bulk_aes128ccm8
    , cipherHash :: Hash
cipherHash         = Hash
SHA256
    , cipherPRFHash :: Maybe Hash
cipherPRFHash      = Hash -> Maybe Hash
forall a. a -> Maybe a
Just Hash
SHA256
    , cipherKeyExchange :: CipherKeyExchangeType
cipherKeyExchange  = CipherKeyExchangeType
CipherKeyExchange_RSA
    , cipherMinVer :: Maybe Version
cipherMinVer       = Version -> Maybe Version
forall a. a -> Maybe a
Just Version
TLS12 -- RFC 6655 Sec 3
    }

-- | AESGCM cipher (128 bit key), RSA key exchange.
-- The SHA256 digest is used as a PRF, not as a MAC.
cipher_AES128GCM_SHA256 :: Cipher
cipher_AES128GCM_SHA256 :: Cipher
cipher_AES128GCM_SHA256 = Cipher
    { cipherID :: CipherID
cipherID           = CipherID
0x009C
    , cipherName :: [Char]
cipherName         = [Char]
"RSA-AES128GCM-SHA256"
    , cipherBulk :: Bulk
cipherBulk         = Bulk
bulk_aes128gcm
    , cipherHash :: Hash
cipherHash         = Hash
SHA256
    , cipherPRFHash :: Maybe Hash
cipherPRFHash      = Hash -> Maybe Hash
forall a. a -> Maybe a
Just Hash
SHA256
    , cipherKeyExchange :: CipherKeyExchangeType
cipherKeyExchange  = CipherKeyExchangeType
CipherKeyExchange_RSA
    , cipherMinVer :: Maybe Version
cipherMinVer       = Version -> Maybe Version
forall a. a -> Maybe a
Just Version
TLS12
    }

-- | AESCCM cipher (256 bit key), RSA key exchange.
-- The SHA256 digest is used as a PRF, not as a MAC.
cipher_AES256CCM_SHA256 :: Cipher
cipher_AES256CCM_SHA256 :: Cipher
cipher_AES256CCM_SHA256 = Cipher
    { cipherID :: CipherID
cipherID           = CipherID
0xc09d
    , cipherName :: [Char]
cipherName         = [Char]
"RSA-AES256CCM-SHA256"
    , cipherBulk :: Bulk
cipherBulk         = Bulk
bulk_aes256ccm
    , cipherHash :: Hash
cipherHash         = Hash
SHA256
    , cipherPRFHash :: Maybe Hash
cipherPRFHash      = Hash -> Maybe Hash
forall a. a -> Maybe a
Just Hash
SHA256
    , cipherKeyExchange :: CipherKeyExchangeType
cipherKeyExchange  = CipherKeyExchangeType
CipherKeyExchange_RSA
    , cipherMinVer :: Maybe Version
cipherMinVer       = Version -> Maybe Version
forall a. a -> Maybe a
Just Version
TLS12 -- RFC 6655 Sec 3
    }

-- | AESCCM8 cipher (256 bit key), RSA key exchange.
-- The SHA256 digest is used as a PRF, not as a MAC.
cipher_AES256CCM8_SHA256 :: Cipher
cipher_AES256CCM8_SHA256 :: Cipher
cipher_AES256CCM8_SHA256 = Cipher
    { cipherID :: CipherID
cipherID           = CipherID
0xc0a1
    , cipherName :: [Char]
cipherName         = [Char]
"RSA-AES256CCM8-SHA256"
    , cipherBulk :: Bulk
cipherBulk         = Bulk
bulk_aes256ccm8
    , cipherHash :: Hash
cipherHash         = Hash
SHA256
    , cipherPRFHash :: Maybe Hash
cipherPRFHash      = Hash -> Maybe Hash
forall a. a -> Maybe a
Just Hash
SHA256
    , cipherKeyExchange :: CipherKeyExchangeType
cipherKeyExchange  = CipherKeyExchangeType
CipherKeyExchange_RSA
    , cipherMinVer :: Maybe Version
cipherMinVer       = Version -> Maybe Version
forall a. a -> Maybe a
Just Version
TLS12 -- RFC 6655 Sec 3
    }

-- | AESGCM cipher (256 bit key), RSA key exchange.
-- The SHA384 digest is used as a PRF, not as a MAC.
cipher_AES256GCM_SHA384 :: Cipher
cipher_AES256GCM_SHA384 :: Cipher
cipher_AES256GCM_SHA384 = Cipher
    { cipherID :: CipherID
cipherID           = CipherID
0x009D
    , cipherName :: [Char]
cipherName         = [Char]
"RSA-AES256GCM-SHA384"
    , cipherBulk :: Bulk
cipherBulk         = Bulk
bulk_aes256gcm
    , cipherHash :: Hash
cipherHash         = Hash
SHA384
    , cipherPRFHash :: Maybe Hash
cipherPRFHash      = Hash -> Maybe Hash
forall a. a -> Maybe a
Just Hash
SHA384
    , cipherKeyExchange :: CipherKeyExchangeType
cipherKeyExchange  = CipherKeyExchangeType
CipherKeyExchange_RSA
    , cipherMinVer :: Maybe Version
cipherMinVer       = Version -> Maybe Version
forall a. a -> Maybe a
Just Version
TLS12
    }

cipher_DHE_RSA_AES128CCM_SHA256 :: Cipher
cipher_DHE_RSA_AES128CCM_SHA256 :: Cipher
cipher_DHE_RSA_AES128CCM_SHA256 = Cipher
    { cipherID :: CipherID
cipherID           = CipherID
0xc09e
    , cipherName :: [Char]
cipherName         = [Char]
"DHE-RSA-AES128CCM-SHA256"
    , cipherBulk :: Bulk
cipherBulk         = Bulk
bulk_aes128ccm
    , cipherHash :: Hash
cipherHash         = Hash
SHA256
    , cipherPRFHash :: Maybe Hash
cipherPRFHash      = Hash -> Maybe Hash
forall a. a -> Maybe a
Just Hash
SHA256
    , cipherKeyExchange :: CipherKeyExchangeType
cipherKeyExchange  = CipherKeyExchangeType
CipherKeyExchange_DHE_RSA
    , cipherMinVer :: Maybe Version
cipherMinVer       = Version -> Maybe Version
forall a. a -> Maybe a
Just Version
TLS12 -- RFC 6655 Sec 3
    }

cipher_DHE_RSA_AES128CCM8_SHA256 :: Cipher
cipher_DHE_RSA_AES128CCM8_SHA256 :: Cipher
cipher_DHE_RSA_AES128CCM8_SHA256 = Cipher
    { cipherID :: CipherID
cipherID           = CipherID
0xc0a2
    , cipherName :: [Char]
cipherName         = [Char]
"DHE-RSA-AES128CCM8-SHA256"
    , cipherBulk :: Bulk
cipherBulk         = Bulk
bulk_aes128ccm8
    , cipherHash :: Hash
cipherHash         = Hash
SHA256
    , cipherPRFHash :: Maybe Hash
cipherPRFHash      = Hash -> Maybe Hash
forall a. a -> Maybe a
Just Hash
SHA256
    , cipherKeyExchange :: CipherKeyExchangeType
cipherKeyExchange  = CipherKeyExchangeType
CipherKeyExchange_DHE_RSA
    , cipherMinVer :: Maybe Version
cipherMinVer       = Version -> Maybe Version
forall a. a -> Maybe a
Just Version
TLS12 -- RFC 6655 Sec 3
    }

cipher_DHE_RSA_AES128GCM_SHA256 :: Cipher
cipher_DHE_RSA_AES128GCM_SHA256 :: Cipher
cipher_DHE_RSA_AES128GCM_SHA256 = Cipher
    { cipherID :: CipherID
cipherID           = CipherID
0x009E
    , cipherName :: [Char]
cipherName         = [Char]
"DHE-RSA-AES128GCM-SHA256"
    , cipherBulk :: Bulk
cipherBulk         = Bulk
bulk_aes128gcm
    , cipherHash :: Hash
cipherHash         = Hash
SHA256
    , cipherPRFHash :: Maybe Hash
cipherPRFHash      = Hash -> Maybe Hash
forall a. a -> Maybe a
Just Hash
SHA256
    , cipherKeyExchange :: CipherKeyExchangeType
cipherKeyExchange  = CipherKeyExchangeType
CipherKeyExchange_DHE_RSA
    , cipherMinVer :: Maybe Version
cipherMinVer       = Version -> Maybe Version
forall a. a -> Maybe a
Just Version
TLS12 -- RFC 5288 Sec 4
    }

cipher_DHE_RSA_AES256CCM_SHA256 :: Cipher
cipher_DHE_RSA_AES256CCM_SHA256 :: Cipher
cipher_DHE_RSA_AES256CCM_SHA256 = Cipher
    { cipherID :: CipherID
cipherID           = CipherID
0xc09f
    , cipherName :: [Char]
cipherName         = [Char]
"DHE-RSA-AES256CCM-SHA256"
    , cipherBulk :: Bulk
cipherBulk         = Bulk
bulk_aes256ccm
    , cipherHash :: Hash
cipherHash         = Hash
SHA256
    , cipherPRFHash :: Maybe Hash
cipherPRFHash      = Hash -> Maybe Hash
forall a. a -> Maybe a
Just Hash
SHA256
    , cipherKeyExchange :: CipherKeyExchangeType
cipherKeyExchange  = CipherKeyExchangeType
CipherKeyExchange_DHE_RSA
    , cipherMinVer :: Maybe Version
cipherMinVer       = Version -> Maybe Version
forall a. a -> Maybe a
Just Version
TLS12 -- RFC 6655 Sec 3
    }

cipher_DHE_RSA_AES256CCM8_SHA256 :: Cipher
cipher_DHE_RSA_AES256CCM8_SHA256 :: Cipher
cipher_DHE_RSA_AES256CCM8_SHA256 = Cipher
    { cipherID :: CipherID
cipherID           = CipherID
0xc0a3
    , cipherName :: [Char]
cipherName         = [Char]
"DHE-RSA-AES256CCM8-SHA256"
    , cipherBulk :: Bulk
cipherBulk         = Bulk
bulk_aes256ccm8
    , cipherHash :: Hash
cipherHash         = Hash
SHA256
    , cipherPRFHash :: Maybe Hash
cipherPRFHash      = Hash -> Maybe Hash
forall a. a -> Maybe a
Just Hash
SHA256
    , cipherKeyExchange :: CipherKeyExchangeType
cipherKeyExchange  = CipherKeyExchangeType
CipherKeyExchange_DHE_RSA
    , cipherMinVer :: Maybe Version
cipherMinVer       = Version -> Maybe Version
forall a. a -> Maybe a
Just Version
TLS12 -- RFC 6655 Sec 3
    }

cipher_DHE_RSA_AES256GCM_SHA384 :: Cipher
cipher_DHE_RSA_AES256GCM_SHA384 :: Cipher
cipher_DHE_RSA_AES256GCM_SHA384 = Cipher
    { cipherID :: CipherID
cipherID           = CipherID
0x009F
    , cipherName :: [Char]
cipherName         = [Char]
"DHE-RSA-AES256GCM-SHA384"
    , cipherBulk :: Bulk
cipherBulk         = Bulk
bulk_aes256gcm
    , cipherHash :: Hash
cipherHash         = Hash
SHA384
    , cipherPRFHash :: Maybe Hash
cipherPRFHash      = Hash -> Maybe Hash
forall a. a -> Maybe a
Just Hash
SHA384
    , cipherKeyExchange :: CipherKeyExchangeType
cipherKeyExchange  = CipherKeyExchangeType
CipherKeyExchange_DHE_RSA
    , cipherMinVer :: Maybe Version
cipherMinVer       = Version -> Maybe Version
forall a. a -> Maybe a
Just Version
TLS12
    }

cipher_ECDHE_RSA_CHACHA20POLY1305_SHA256 :: Cipher
cipher_ECDHE_RSA_CHACHA20POLY1305_SHA256 :: Cipher
cipher_ECDHE_RSA_CHACHA20POLY1305_SHA256 = Cipher
    { cipherID :: CipherID
cipherID           = CipherID
0xCCA8
    , cipherName :: [Char]
cipherName         = [Char]
"ECDHE-RSA-CHACHA20POLY1305-SHA256"
    , cipherBulk :: Bulk
cipherBulk         = Bulk
bulk_chacha20poly1305
    , cipherHash :: Hash
cipherHash         = Hash
SHA256
    , cipherPRFHash :: Maybe Hash
cipherPRFHash      = Hash -> Maybe Hash
forall a. a -> Maybe a
Just Hash
SHA256
    , cipherKeyExchange :: CipherKeyExchangeType
cipherKeyExchange  = CipherKeyExchangeType
CipherKeyExchange_ECDHE_RSA
    , cipherMinVer :: Maybe Version
cipherMinVer       = Version -> Maybe Version
forall a. a -> Maybe a
Just Version
TLS12
    }

cipher_ECDHE_ECDSA_CHACHA20POLY1305_SHA256 :: Cipher
cipher_ECDHE_ECDSA_CHACHA20POLY1305_SHA256 :: Cipher
cipher_ECDHE_ECDSA_CHACHA20POLY1305_SHA256 = Cipher
    { cipherID :: CipherID
cipherID           = CipherID
0xCCA9
    , cipherName :: [Char]
cipherName         = [Char]
"ECDHE-ECDSA-CHACHA20POLY1305-SHA256"
    , cipherBulk :: Bulk
cipherBulk         = Bulk
bulk_chacha20poly1305
    , cipherHash :: Hash
cipherHash         = Hash
SHA256
    , cipherPRFHash :: Maybe Hash
cipherPRFHash      = Hash -> Maybe Hash
forall a. a -> Maybe a
Just Hash
SHA256
    , cipherKeyExchange :: CipherKeyExchangeType
cipherKeyExchange  = CipherKeyExchangeType
CipherKeyExchange_ECDHE_ECDSA
    , cipherMinVer :: Maybe Version
cipherMinVer       = Version -> Maybe Version
forall a. a -> Maybe a
Just Version
TLS12
    }

cipher_DHE_RSA_CHACHA20POLY1305_SHA256 :: Cipher
cipher_DHE_RSA_CHACHA20POLY1305_SHA256 :: Cipher
cipher_DHE_RSA_CHACHA20POLY1305_SHA256 = Cipher
    { cipherID :: CipherID
cipherID           = CipherID
0xCCAA
    , cipherName :: [Char]
cipherName         = [Char]
"DHE-RSA-CHACHA20POLY1305-SHA256"
    , cipherBulk :: Bulk
cipherBulk         = Bulk
bulk_chacha20poly1305
    , cipherHash :: Hash
cipherHash         = Hash
SHA256
    , cipherPRFHash :: Maybe Hash
cipherPRFHash      = Hash -> Maybe Hash
forall a. a -> Maybe a
Just Hash
SHA256
    , cipherKeyExchange :: CipherKeyExchangeType
cipherKeyExchange  = CipherKeyExchangeType
CipherKeyExchange_DHE_RSA
    , cipherMinVer :: Maybe Version
cipherMinVer       = Version -> Maybe Version
forall a. a -> Maybe a
Just Version
TLS12
    }

cipher_TLS13_AES128GCM_SHA256 :: Cipher
cipher_TLS13_AES128GCM_SHA256 :: Cipher
cipher_TLS13_AES128GCM_SHA256 = Cipher
    { cipherID :: CipherID
cipherID           = CipherID
0x1301
    , cipherName :: [Char]
cipherName         = [Char]
"AES128GCM-SHA256"
    , cipherBulk :: Bulk
cipherBulk         = Bulk
bulk_aes128gcm_13
    , cipherHash :: Hash
cipherHash         = Hash
SHA256
    , cipherPRFHash :: Maybe Hash
cipherPRFHash      = Maybe Hash
forall a. Maybe a
Nothing
    , cipherKeyExchange :: CipherKeyExchangeType
cipherKeyExchange  = CipherKeyExchangeType
CipherKeyExchange_TLS13
    , cipherMinVer :: Maybe Version
cipherMinVer       = Version -> Maybe Version
forall a. a -> Maybe a
Just Version
TLS13
    }

cipher_TLS13_AES256GCM_SHA384 :: Cipher
cipher_TLS13_AES256GCM_SHA384 :: Cipher
cipher_TLS13_AES256GCM_SHA384 = Cipher
    { cipherID :: CipherID
cipherID           = CipherID
0x1302
    , cipherName :: [Char]
cipherName         = [Char]
"AES256GCM-SHA384"
    , cipherBulk :: Bulk
cipherBulk         = Bulk
bulk_aes256gcm_13
    , cipherHash :: Hash
cipherHash         = Hash
SHA384
    , cipherPRFHash :: Maybe Hash
cipherPRFHash      = Maybe Hash
forall a. Maybe a
Nothing
    , cipherKeyExchange :: CipherKeyExchangeType
cipherKeyExchange  = CipherKeyExchangeType
CipherKeyExchange_TLS13
    , cipherMinVer :: Maybe Version
cipherMinVer       = Version -> Maybe Version
forall a. a -> Maybe a
Just Version
TLS13
    }

cipher_TLS13_CHACHA20POLY1305_SHA256 :: Cipher
cipher_TLS13_CHACHA20POLY1305_SHA256 :: Cipher
cipher_TLS13_CHACHA20POLY1305_SHA256 = Cipher
    { cipherID :: CipherID
cipherID           = CipherID
0x1303
    , cipherName :: [Char]
cipherName         = [Char]
"CHACHA20POLY1305-SHA256"
    , cipherBulk :: Bulk
cipherBulk         = Bulk
bulk_chacha20poly1305
    , cipherHash :: Hash
cipherHash         = Hash
SHA256
    , cipherPRFHash :: Maybe Hash
cipherPRFHash      = Maybe Hash
forall a. Maybe a
Nothing
    , cipherKeyExchange :: CipherKeyExchangeType
cipherKeyExchange  = CipherKeyExchangeType
CipherKeyExchange_TLS13
    , cipherMinVer :: Maybe Version
cipherMinVer       = Version -> Maybe Version
forall a. a -> Maybe a
Just Version
TLS13
    }

cipher_TLS13_AES128CCM_SHA256 :: Cipher
cipher_TLS13_AES128CCM_SHA256 :: Cipher
cipher_TLS13_AES128CCM_SHA256 = Cipher
    { cipherID :: CipherID
cipherID           = CipherID
0x1304
    , cipherName :: [Char]
cipherName         = [Char]
"AES128CCM-SHA256"
    , cipherBulk :: Bulk
cipherBulk         = Bulk
bulk_aes128ccm_13
    , cipherHash :: Hash
cipherHash         = Hash
SHA256
    , cipherPRFHash :: Maybe Hash
cipherPRFHash      = Maybe Hash
forall a. Maybe a
Nothing
    , cipherKeyExchange :: CipherKeyExchangeType
cipherKeyExchange  = CipherKeyExchangeType
CipherKeyExchange_TLS13
    , cipherMinVer :: Maybe Version
cipherMinVer       = Version -> Maybe Version
forall a. a -> Maybe a
Just Version
TLS13
    }

cipher_TLS13_AES128CCM8_SHA256 :: Cipher
cipher_TLS13_AES128CCM8_SHA256 :: Cipher
cipher_TLS13_AES128CCM8_SHA256 = Cipher
    { cipherID :: CipherID
cipherID           = CipherID
0x1305
    , cipherName :: [Char]
cipherName         = [Char]
"AES128CCM8-SHA256"
    , cipherBulk :: Bulk
cipherBulk         = Bulk
bulk_aes128ccm8_13
    , cipherHash :: Hash
cipherHash         = Hash
SHA256
    , cipherPRFHash :: Maybe Hash
cipherPRFHash      = Maybe Hash
forall a. Maybe a
Nothing
    , cipherKeyExchange :: CipherKeyExchangeType
cipherKeyExchange  = CipherKeyExchangeType
CipherKeyExchange_TLS13
    , cipherMinVer :: Maybe Version
cipherMinVer       = Version -> Maybe Version
forall a. a -> Maybe a
Just Version
TLS13
    }

cipher_ECDHE_ECDSA_AES128CBC_SHA :: Cipher
cipher_ECDHE_ECDSA_AES128CBC_SHA :: Cipher
cipher_ECDHE_ECDSA_AES128CBC_SHA = Cipher
    { cipherID :: CipherID
cipherID           = CipherID
0xC009
    , cipherName :: [Char]
cipherName         = [Char]
"ECDHE-ECDSA-AES128CBC-SHA"
    , cipherBulk :: Bulk
cipherBulk         = Bulk
bulk_aes128
    , cipherHash :: Hash
cipherHash         = Hash
SHA1
    , cipherPRFHash :: Maybe Hash
cipherPRFHash      = Maybe Hash
forall a. Maybe a
Nothing
    , cipherKeyExchange :: CipherKeyExchangeType
cipherKeyExchange  = CipherKeyExchangeType
CipherKeyExchange_ECDHE_ECDSA
    , cipherMinVer :: Maybe Version
cipherMinVer       = Version -> Maybe Version
forall a. a -> Maybe a
Just Version
TLS10
    }

cipher_ECDHE_ECDSA_AES256CBC_SHA :: Cipher
cipher_ECDHE_ECDSA_AES256CBC_SHA :: Cipher
cipher_ECDHE_ECDSA_AES256CBC_SHA = Cipher
    { cipherID :: CipherID
cipherID           = CipherID
0xC00A
    , cipherName :: [Char]
cipherName         = [Char]
"ECDHE-ECDSA-AES256CBC-SHA"
    , cipherBulk :: Bulk
cipherBulk         = Bulk
bulk_aes256
    , cipherHash :: Hash
cipherHash         = Hash
SHA1
    , cipherPRFHash :: Maybe Hash
cipherPRFHash      = Maybe Hash
forall a. Maybe a
Nothing
    , cipherKeyExchange :: CipherKeyExchangeType
cipherKeyExchange  = CipherKeyExchangeType
CipherKeyExchange_ECDHE_ECDSA
    , cipherMinVer :: Maybe Version
cipherMinVer       = Version -> Maybe Version
forall a. a -> Maybe a
Just Version
TLS10
    }

cipher_ECDHE_RSA_AES128CBC_SHA :: Cipher
cipher_ECDHE_RSA_AES128CBC_SHA :: Cipher
cipher_ECDHE_RSA_AES128CBC_SHA = Cipher
    { cipherID :: CipherID
cipherID           = CipherID
0xC013
    , cipherName :: [Char]
cipherName         = [Char]
"ECDHE-RSA-AES128CBC-SHA"
    , cipherBulk :: Bulk
cipherBulk         = Bulk
bulk_aes128
    , cipherHash :: Hash
cipherHash         = Hash
SHA1
    , cipherPRFHash :: Maybe Hash
cipherPRFHash      = Maybe Hash
forall a. Maybe a
Nothing
    , cipherKeyExchange :: CipherKeyExchangeType
cipherKeyExchange  = CipherKeyExchangeType
CipherKeyExchange_ECDHE_RSA
    , cipherMinVer :: Maybe Version
cipherMinVer       = Version -> Maybe Version
forall a. a -> Maybe a
Just Version
TLS10
    }

cipher_ECDHE_RSA_AES256CBC_SHA :: Cipher
cipher_ECDHE_RSA_AES256CBC_SHA :: Cipher
cipher_ECDHE_RSA_AES256CBC_SHA = Cipher
    { cipherID :: CipherID
cipherID           = CipherID
0xC014
    , cipherName :: [Char]
cipherName         = [Char]
"ECDHE-RSA-AES256CBC-SHA"
    , cipherBulk :: Bulk
cipherBulk         = Bulk
bulk_aes256
    , cipherHash :: Hash
cipherHash         = Hash
SHA1
    , cipherPRFHash :: Maybe Hash
cipherPRFHash      = Maybe Hash
forall a. Maybe a
Nothing
    , cipherKeyExchange :: CipherKeyExchangeType
cipherKeyExchange  = CipherKeyExchangeType
CipherKeyExchange_ECDHE_RSA
    , cipherMinVer :: Maybe Version
cipherMinVer       = Version -> Maybe Version
forall a. a -> Maybe a
Just Version
TLS10
    }

cipher_ECDHE_RSA_AES128CBC_SHA256 :: Cipher
cipher_ECDHE_RSA_AES128CBC_SHA256 :: Cipher
cipher_ECDHE_RSA_AES128CBC_SHA256 = Cipher
    { cipherID :: CipherID
cipherID           = CipherID
0xC027
    , cipherName :: [Char]
cipherName         = [Char]
"ECDHE-RSA-AES128CBC-SHA256"
    , cipherBulk :: Bulk
cipherBulk         = Bulk
bulk_aes128
    , cipherHash :: Hash
cipherHash         = Hash
SHA256
    , cipherPRFHash :: Maybe Hash
cipherPRFHash      = Hash -> Maybe Hash
forall a. a -> Maybe a
Just Hash
SHA256
    , cipherKeyExchange :: CipherKeyExchangeType
cipherKeyExchange  = CipherKeyExchangeType
CipherKeyExchange_ECDHE_RSA
    , cipherMinVer :: Maybe Version
cipherMinVer       = Version -> Maybe Version
forall a. a -> Maybe a
Just Version
TLS12 -- RFC 5288 Sec 4
    }

cipher_ECDHE_RSA_AES256CBC_SHA384 :: Cipher
cipher_ECDHE_RSA_AES256CBC_SHA384 :: Cipher
cipher_ECDHE_RSA_AES256CBC_SHA384 = Cipher
    { cipherID :: CipherID
cipherID           = CipherID
0xC028
    , cipherName :: [Char]
cipherName         = [Char]
"ECDHE-RSA-AES256CBC-SHA384"
    , cipherBulk :: Bulk
cipherBulk         = Bulk
bulk_aes256
    , cipherHash :: Hash
cipherHash         = Hash
SHA384
    , cipherPRFHash :: Maybe Hash
cipherPRFHash      = Hash -> Maybe Hash
forall a. a -> Maybe a
Just Hash
SHA384
    , cipherKeyExchange :: CipherKeyExchangeType
cipherKeyExchange  = CipherKeyExchangeType
CipherKeyExchange_ECDHE_RSA
    , cipherMinVer :: Maybe Version
cipherMinVer       = Version -> Maybe Version
forall a. a -> Maybe a
Just Version
TLS12 -- RFC 5288 Sec 4
    }

cipher_ECDHE_ECDSA_AES128CBC_SHA256 :: Cipher
cipher_ECDHE_ECDSA_AES128CBC_SHA256 :: Cipher
cipher_ECDHE_ECDSA_AES128CBC_SHA256 = Cipher
    { cipherID :: CipherID
cipherID           = CipherID
0xc023
    , cipherName :: [Char]
cipherName         = [Char]
"ECDHE-ECDSA-AES128CBC-SHA256"
    , cipherBulk :: Bulk
cipherBulk         = Bulk
bulk_aes128
    , cipherHash :: Hash
cipherHash         = Hash
SHA256
    , cipherPRFHash :: Maybe Hash
cipherPRFHash      = Hash -> Maybe Hash
forall a. a -> Maybe a
Just Hash
SHA256
    , cipherKeyExchange :: CipherKeyExchangeType
cipherKeyExchange  = CipherKeyExchangeType
CipherKeyExchange_ECDHE_ECDSA
    , cipherMinVer :: Maybe Version
cipherMinVer       = Version -> Maybe Version
forall a. a -> Maybe a
Just Version
TLS12 -- RFC 5289
    }

cipher_ECDHE_ECDSA_AES256CBC_SHA384 :: Cipher
cipher_ECDHE_ECDSA_AES256CBC_SHA384 :: Cipher
cipher_ECDHE_ECDSA_AES256CBC_SHA384 = Cipher
    { cipherID :: CipherID
cipherID           = CipherID
0xC024
    , cipherName :: [Char]
cipherName         = [Char]
"ECDHE-ECDSA-AES256CBC-SHA384"
    , cipherBulk :: Bulk
cipherBulk         = Bulk
bulk_aes256
    , cipherHash :: Hash
cipherHash         = Hash
SHA384
    , cipherPRFHash :: Maybe Hash
cipherPRFHash      = Hash -> Maybe Hash
forall a. a -> Maybe a
Just Hash
SHA384
    , cipherKeyExchange :: CipherKeyExchangeType
cipherKeyExchange  = CipherKeyExchangeType
CipherKeyExchange_ECDHE_ECDSA
    , cipherMinVer :: Maybe Version
cipherMinVer       = Version -> Maybe Version
forall a. a -> Maybe a
Just Version
TLS12 -- RFC 5289
    }

cipher_ECDHE_ECDSA_AES128CCM_SHA256 :: Cipher
cipher_ECDHE_ECDSA_AES128CCM_SHA256 :: Cipher
cipher_ECDHE_ECDSA_AES128CCM_SHA256 = Cipher
    { cipherID :: CipherID
cipherID           = CipherID
0xc0ac
    , cipherName :: [Char]
cipherName         = [Char]
"ECDHE-ECDSA-AES128CCM-SHA256"
    , cipherBulk :: Bulk
cipherBulk         = Bulk
bulk_aes128ccm
    , cipherHash :: Hash
cipherHash         = Hash
SHA256
    , cipherPRFHash :: Maybe Hash
cipherPRFHash      = Hash -> Maybe Hash
forall a. a -> Maybe a
Just Hash
SHA256
    , cipherKeyExchange :: CipherKeyExchangeType
cipherKeyExchange  = CipherKeyExchangeType
CipherKeyExchange_ECDHE_ECDSA
    , cipherMinVer :: Maybe Version
cipherMinVer       = Version -> Maybe Version
forall a. a -> Maybe a
Just Version
TLS12 -- RFC 7251
    }

cipher_ECDHE_ECDSA_AES128CCM8_SHA256 :: Cipher
cipher_ECDHE_ECDSA_AES128CCM8_SHA256 :: Cipher
cipher_ECDHE_ECDSA_AES128CCM8_SHA256 = Cipher
    { cipherID :: CipherID
cipherID           = CipherID
0xc0ae
    , cipherName :: [Char]
cipherName         = [Char]
"ECDHE-ECDSA-AES128CCM8-SHA256"
    , cipherBulk :: Bulk
cipherBulk         = Bulk
bulk_aes128ccm8
    , cipherHash :: Hash
cipherHash         = Hash
SHA256
    , cipherPRFHash :: Maybe Hash
cipherPRFHash      = Hash -> Maybe Hash
forall a. a -> Maybe a
Just Hash
SHA256
    , cipherKeyExchange :: CipherKeyExchangeType
cipherKeyExchange  = CipherKeyExchangeType
CipherKeyExchange_ECDHE_ECDSA
    , cipherMinVer :: Maybe Version
cipherMinVer       = Version -> Maybe Version
forall a. a -> Maybe a
Just Version
TLS12 -- RFC 7251
    }

cipher_ECDHE_ECDSA_AES128GCM_SHA256 :: Cipher
cipher_ECDHE_ECDSA_AES128GCM_SHA256 :: Cipher
cipher_ECDHE_ECDSA_AES128GCM_SHA256 = Cipher
    { cipherID :: CipherID
cipherID           = CipherID
0xC02B
    , cipherName :: [Char]
cipherName         = [Char]
"ECDHE-ECDSA-AES128GCM-SHA256"
    , cipherBulk :: Bulk
cipherBulk         = Bulk
bulk_aes128gcm
    , cipherHash :: Hash
cipherHash         = Hash
SHA256
    , cipherPRFHash :: Maybe Hash
cipherPRFHash      = Hash -> Maybe Hash
forall a. a -> Maybe a
Just Hash
SHA256
    , cipherKeyExchange :: CipherKeyExchangeType
cipherKeyExchange  = CipherKeyExchangeType
CipherKeyExchange_ECDHE_ECDSA
    , cipherMinVer :: Maybe Version
cipherMinVer       = Version -> Maybe Version
forall a. a -> Maybe a
Just Version
TLS12 -- RFC 5289
    }

cipher_ECDHE_ECDSA_AES256CCM_SHA256 :: Cipher
cipher_ECDHE_ECDSA_AES256CCM_SHA256 :: Cipher
cipher_ECDHE_ECDSA_AES256CCM_SHA256 = Cipher
    { cipherID :: CipherID
cipherID           = CipherID
0xc0ad
    , cipherName :: [Char]
cipherName         = [Char]
"ECDHE-ECDSA-AES256CCM-SHA256"
    , cipherBulk :: Bulk
cipherBulk         = Bulk
bulk_aes256ccm
    , cipherHash :: Hash
cipherHash         = Hash
SHA256
    , cipherPRFHash :: Maybe Hash
cipherPRFHash      = Hash -> Maybe Hash
forall a. a -> Maybe a
Just Hash
SHA256
    , cipherKeyExchange :: CipherKeyExchangeType
cipherKeyExchange  = CipherKeyExchangeType
CipherKeyExchange_ECDHE_ECDSA
    , cipherMinVer :: Maybe Version
cipherMinVer       = Version -> Maybe Version
forall a. a -> Maybe a
Just Version
TLS12 -- RFC 7251
    }

cipher_ECDHE_ECDSA_AES256CCM8_SHA256 :: Cipher
cipher_ECDHE_ECDSA_AES256CCM8_SHA256 :: Cipher
cipher_ECDHE_ECDSA_AES256CCM8_SHA256 = Cipher
    { cipherID :: CipherID
cipherID           = CipherID
0xc0af
    , cipherName :: [Char]
cipherName         = [Char]
"ECDHE-ECDSA-AES256CCM8-SHA256"
    , cipherBulk :: Bulk
cipherBulk         = Bulk
bulk_aes256ccm8
    , cipherHash :: Hash
cipherHash         = Hash
SHA256
    , cipherPRFHash :: Maybe Hash
cipherPRFHash      = Hash -> Maybe Hash
forall a. a -> Maybe a
Just Hash
SHA256
    , cipherKeyExchange :: CipherKeyExchangeType
cipherKeyExchange  = CipherKeyExchangeType
CipherKeyExchange_ECDHE_ECDSA
    , cipherMinVer :: Maybe Version
cipherMinVer       = Version -> Maybe Version
forall a. a -> Maybe a
Just Version
TLS12 -- RFC 7251
    }

cipher_ECDHE_ECDSA_AES256GCM_SHA384 :: Cipher
cipher_ECDHE_ECDSA_AES256GCM_SHA384 :: Cipher
cipher_ECDHE_ECDSA_AES256GCM_SHA384 = Cipher
    { cipherID :: CipherID
cipherID           = CipherID
0xC02C
    , cipherName :: [Char]
cipherName         = [Char]
"ECDHE-ECDSA-AES256GCM-SHA384"
    , cipherBulk :: Bulk
cipherBulk         = Bulk
bulk_aes256gcm
    , cipherHash :: Hash
cipherHash         = Hash
SHA384
    , cipherPRFHash :: Maybe Hash
cipherPRFHash      = Hash -> Maybe Hash
forall a. a -> Maybe a
Just Hash
SHA384
    , cipherKeyExchange :: CipherKeyExchangeType
cipherKeyExchange  = CipherKeyExchangeType
CipherKeyExchange_ECDHE_ECDSA
    , cipherMinVer :: Maybe Version
cipherMinVer       = Version -> Maybe Version
forall a. a -> Maybe a
Just Version
TLS12 -- RFC 5289
    }

cipher_ECDHE_RSA_AES128GCM_SHA256 :: Cipher
cipher_ECDHE_RSA_AES128GCM_SHA256 :: Cipher
cipher_ECDHE_RSA_AES128GCM_SHA256 = Cipher
    { cipherID :: CipherID
cipherID           = CipherID
0xC02F
    , cipherName :: [Char]
cipherName         = [Char]
"ECDHE-RSA-AES128GCM-SHA256"
    , cipherBulk :: Bulk
cipherBulk         = Bulk
bulk_aes128gcm
    , cipherHash :: Hash
cipherHash         = Hash
SHA256
    , cipherPRFHash :: Maybe Hash
cipherPRFHash      = Hash -> Maybe Hash
forall a. a -> Maybe a
Just Hash
SHA256
    , cipherKeyExchange :: CipherKeyExchangeType
cipherKeyExchange  = CipherKeyExchangeType
CipherKeyExchange_ECDHE_RSA
    , cipherMinVer :: Maybe Version
cipherMinVer       = Version -> Maybe Version
forall a. a -> Maybe a
Just Version
TLS12 -- RFC 5288 Sec 4
    }

cipher_ECDHE_RSA_AES256GCM_SHA384 :: Cipher
cipher_ECDHE_RSA_AES256GCM_SHA384 :: Cipher
cipher_ECDHE_RSA_AES256GCM_SHA384 = Cipher
    { cipherID :: CipherID
cipherID           = CipherID
0xC030
    , cipherName :: [Char]
cipherName         = [Char]
"ECDHE-RSA-AES256GCM-SHA384"
    , cipherBulk :: Bulk
cipherBulk         = Bulk
bulk_aes256gcm
    , cipherHash :: Hash
cipherHash         = Hash
SHA384
    , cipherPRFHash :: Maybe Hash
cipherPRFHash      = Hash -> Maybe Hash
forall a. a -> Maybe a
Just Hash
SHA384
    , cipherKeyExchange :: CipherKeyExchangeType
cipherKeyExchange  = CipherKeyExchangeType
CipherKeyExchange_ECDHE_RSA
    , cipherMinVer :: Maybe Version
cipherMinVer       = Version -> Maybe Version
forall a. a -> Maybe a
Just Version
TLS12 -- RFC 5289
    }

-- A list of cipher suite is found from:
-- https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4