TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 09edda888e448b8a3012bd01dbfcde57813d5431 / . / library / ssl_ciphersuites.c
blob: 759845ee9996797f1fb7f6540582f05d0f4addea [file] [log] [blame]
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1/**
2 * \file ssl_ciphersuites.c
3 *
4 * \brief SSL ciphersuites for PolarSSL
5 *
6 * Copyright (C) 2006-2013, Brainspark B.V.
7 *
8 * This file is part of PolarSSL (http://www.polarssl.org)
9 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
10 *
11 * All rights reserved.
12 *
13 * This program is free software; you can redistribute it and/or modify
14 * it under the terms of the GNU General Public License as published by
15 * the Free Software Foundation; either version 2 of the License, or
16 * (at your option) any later version.
17 *
18 * This program is distributed in the hope that it will be useful,
19 * but WITHOUT ANY WARRANTY; without even the implied warranty of
20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 * GNU General Public License for more details.
22 *
23 * You should have received a copy of the GNU General Public License along
24 * with this program; if not, write to the Free Software Foundation, Inc.,
25 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
26 */
27
28#include "polarssl/config.h"
29
30#if defined(POLARSSL_SSL_TLS_C)
31
32#include "polarssl/ssl_ciphersuites.h"
33#include "polarssl/ssl.h"
34
35#include <stdlib.h>
36
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]37/*
38 * Ordered from most preferred to least preferred in terms of security.
39 */
40static const int ciphersuite_preference[] =
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]41{
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]42 /* All AES-256 ephemeral suites */
Manuel Pégourié-Gonnard32ea60a2013-08-17 17:39:04 +0200[diff] [blame]43 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
Paul Bakkera54e4932013-03-20 15:31:54 +0100[diff] [blame]44 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]45 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
Manuel Pégourié-Gonnard32ea60a2013-08-17 17:39:04 +0200[diff] [blame]46 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
Paul Bakkera54e4932013-03-20 15:31:54 +0100[diff] [blame]47 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]48 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
Manuel Pégourié-Gonnard32ea60a2013-08-17 17:39:04 +0200[diff] [blame]49 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]50 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]51 TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]52
53 /* All CAMELLIA-256 ephemeral suites */
Manuel Pégourié-Gonnard32ea60a2013-08-17 17:39:04 +0200[diff] [blame]54 TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]55 TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]56 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]57 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]58
59 /* All AES-128 ephemeral suites */
Manuel Pégourié-Gonnard32ea60a2013-08-17 17:39:04 +0200[diff] [blame]60 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
Paul Bakkera54e4932013-03-20 15:31:54 +0100[diff] [blame]61 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]62 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
Manuel Pégourié-Gonnard32ea60a2013-08-17 17:39:04 +0200[diff] [blame]63 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
Paul Bakkera54e4932013-03-20 15:31:54 +0100[diff] [blame]64 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]65 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
Manuel Pégourié-Gonnard32ea60a2013-08-17 17:39:04 +0200[diff] [blame]66 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]67 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
68 TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]69
70 /* All CAMELLIA-128 ephemeral suites */
Manuel Pégourié-Gonnard32ea60a2013-08-17 17:39:04 +0200[diff] [blame]71 TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]72 TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]73 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]74 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]75
76 /* All remaining > 128-bit ephemeral suites */
Manuel Pégourié-Gonnard32ea60a2013-08-17 17:39:04 +0200[diff] [blame]77 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]78 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]79 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
Manuel Pégourié-Gonnard32ea60a2013-08-17 17:39:04 +0200[diff] [blame]80 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]81 TLS_ECDHE_RSA_WITH_RC4_128_SHA,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]82
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]83 /* The PSK ephemeral suites */
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]84 TLS_DHE_PSK_WITH_AES_256_CBC_SHA384,
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]85 TLS_DHE_PSK_WITH_AES_256_CBC_SHA,
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]86 TLS_DHE_PSK_WITH_AES_256_GCM_SHA384,
Paul Bakker0f2f0bf2013-07-26 15:03:31 +0200[diff] [blame]87 TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]88 TLS_DHE_PSK_WITH_AES_128_CBC_SHA256,
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]89 TLS_DHE_PSK_WITH_AES_128_CBC_SHA,
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]90 TLS_DHE_PSK_WITH_AES_128_GCM_SHA256,
Paul Bakker0f2f0bf2013-07-26 15:03:31 +0200[diff] [blame]91 TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]92 TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
93 TLS_DHE_PSK_WITH_RC4_128_SHA,
94
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]95 /* All AES-256 suites */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]96 TLS_RSA_WITH_AES_256_CBC_SHA256,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]97 TLS_RSA_WITH_AES_256_GCM_SHA384,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]98 TLS_RSA_WITH_AES_256_CBC_SHA,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]99
100 /* All CAMELLIA-256 suites */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]101 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]102 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]103
104 /* All AES-128 suites */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]105 TLS_RSA_WITH_AES_128_CBC_SHA256,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]106 TLS_RSA_WITH_AES_128_GCM_SHA256,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]107 TLS_RSA_WITH_AES_128_CBC_SHA,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]108
109 /* All CAMELLIA-128 suites */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]110 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]111 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]112
113 /* All remaining > 128-bit suites */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]114 TLS_RSA_WITH_3DES_EDE_CBC_SHA,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]115 TLS_RSA_WITH_RC4_128_SHA,
116 TLS_RSA_WITH_RC4_128_MD5,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]117
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]118 /* The RSA PSK suites */
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]119 TLS_RSA_PSK_WITH_AES_256_CBC_SHA384,
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]120 TLS_RSA_PSK_WITH_AES_256_CBC_SHA,
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]121 TLS_RSA_PSK_WITH_AES_256_GCM_SHA384,
Paul Bakker0f2f0bf2013-07-26 15:03:31 +0200[diff] [blame]122 TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]123 TLS_RSA_PSK_WITH_AES_128_CBC_SHA256,
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]124 TLS_RSA_PSK_WITH_AES_128_CBC_SHA,
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]125 TLS_RSA_PSK_WITH_AES_128_GCM_SHA256,
Paul Bakker0f2f0bf2013-07-26 15:03:31 +0200[diff] [blame]126 TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]127 TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
128 TLS_RSA_PSK_WITH_RC4_128_SHA,
129
130 /* The PSK suites */
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]131 TLS_PSK_WITH_AES_256_CBC_SHA384,
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]132 TLS_PSK_WITH_AES_256_CBC_SHA,
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]133 TLS_PSK_WITH_AES_256_GCM_SHA384,
Paul Bakker0f2f0bf2013-07-26 15:03:31 +0200[diff] [blame]134 TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384,
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]135 TLS_PSK_WITH_AES_128_CBC_SHA256,
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]136 TLS_PSK_WITH_AES_128_CBC_SHA,
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]137 TLS_PSK_WITH_AES_128_GCM_SHA256,
Paul Bakker0f2f0bf2013-07-26 15:03:31 +0200[diff] [blame]138 TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256,
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]139 TLS_PSK_WITH_3DES_EDE_CBC_SHA,
140 TLS_PSK_WITH_RC4_128_SHA,
141
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]142 /* Weak or NULL suites */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]143 TLS_DHE_RSA_WITH_DES_CBC_SHA,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]144 TLS_RSA_WITH_DES_CBC_SHA,
Manuel Pégourié-Gonnard32ea60a2013-08-17 17:39:04 +0200[diff] [blame]145 TLS_ECDHE_ECDSA_WITH_NULL_SHA,
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]146 TLS_ECDHE_RSA_WITH_NULL_SHA,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]147 TLS_RSA_WITH_NULL_SHA256,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]148 TLS_RSA_WITH_NULL_SHA,
149 TLS_RSA_WITH_NULL_MD5,
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]150 TLS_PSK_WITH_NULL_SHA384,
151 TLS_PSK_WITH_NULL_SHA256,
Paul Bakkera1bf92d2013-04-19 19:48:45 +0200[diff] [blame]152 TLS_PSK_WITH_NULL_SHA,
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]153 TLS_DHE_PSK_WITH_NULL_SHA384,
154 TLS_DHE_PSK_WITH_NULL_SHA256,
Paul Bakkera1bf92d2013-04-19 19:48:45 +0200[diff] [blame]155 TLS_DHE_PSK_WITH_NULL_SHA,
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]156 TLS_RSA_PSK_WITH_NULL_SHA384,
157 TLS_RSA_PSK_WITH_NULL_SHA256,
Paul Bakkera1bf92d2013-04-19 19:48:45 +0200[diff] [blame]158 TLS_RSA_PSK_WITH_NULL_SHA,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]159
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]160 0
161};
162
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]163#define MAX_CIPHERSUITES 60
164static int supported_ciphersuites[MAX_CIPHERSUITES];
165static int supported_init = 0;
166
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]167static const ssl_ciphersuite_t ciphersuite_definitions[] =
168{
Manuel Pégourié-Gonnard32ea60a2013-08-17 17:39:04 +0200[diff] [blame]169#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
170#if defined(POLARSSL_AES_C)
171 { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA",
172 POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
173 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
174 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
175 POLARSSL_CIPHERSUITE_EC },
176 { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA",
177 POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
178 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
179 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
180 POLARSSL_CIPHERSUITE_EC },
181#if defined(POLARSSL_SHA256_C)
182 { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256",
183 POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
184 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
185 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
186 POLARSSL_CIPHERSUITE_EC },
187#if defined(POLARSSL_GCM_C)
188 { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256",
189 POLARSSL_CIPHER_AES_128_GCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
190 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
191 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
192 POLARSSL_CIPHERSUITE_EC },
193#endif /* POLARSSL_GCM_C */
194#endif /* POLARSSL_SHA256_C */
195#if defined(POLARSSL_SHA512_C)
196 { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384",
197 POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
198 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
199 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
200 POLARSSL_CIPHERSUITE_EC },
201#if defined(POLARSSL_GCM_C)
202 { TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384",
203 POLARSSL_CIPHER_AES_256_GCM, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
204 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
205 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
206 POLARSSL_CIPHERSUITE_EC },
207#endif /* POLARSSL_GCM_C */
208#endif /* POLARSSL_SHA512_C */
209#endif /* POLARSSL_AES_C */
210
211#if defined(POLARSSL_CAMELLIA_C)
212#if defined(POLARSSL_SHA256_C)
213 { TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
214 POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
215 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
216 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
217 POLARSSL_CIPHERSUITE_EC },
218#endif /* POLARSSL_SHA256_C */
219#if defined(POLARSSL_SHA512_C)
220 { TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
221 POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
222 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
223 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
224 POLARSSL_CIPHERSUITE_EC },
225#endif /* POLARSSL_SHA512_C */
226#endif /* POLARSSL_CAMELLIA_C */
227
228#if defined(POLARSSL_DES_C)
229 { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA",
230 POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
231 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
232 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
233 POLARSSL_CIPHERSUITE_EC },
234#endif /* POLARSSL_DES_C */
235
236#if defined(POLARSSL_ARC4_C)
237 { TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, "TLS-ECDHE-ECDSA-WITH-RC4-128-SHA",
238 POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
239 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
240 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
241 POLARSSL_CIPHERSUITE_EC },
242#endif /* POLARSSL_ARC4_C */
243
244#if defined(POLARSSL_CIPHER_NULL_CIPHER)
245 { TLS_ECDHE_ECDSA_WITH_NULL_SHA, "TLS-ECDHE-ECDSA-WITH-NULL-SHA",
246 POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
247 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
248 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
249 POLARSSL_CIPHERSUITE_EC | POLARSSL_CIPHERSUITE_WEAK },
250#endif /* POLARSSL_CIPHER_NULL_CIPHER */
251#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
252
Paul Bakkere07f41d2013-04-19 09:08:57 +0200[diff] [blame]253#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]254#if defined(POLARSSL_AES_C)
255 { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA",
256 POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
257 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
258 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
259 POLARSSL_CIPHERSUITE_EC },
260 { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA",
261 POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
262 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
263 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
264 POLARSSL_CIPHERSUITE_EC },
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]265#if defined(POLARSSL_SHA256_C)
Paul Bakkera54e4932013-03-20 15:31:54 +0100[diff] [blame]266 { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256",
267 POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
268 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
269 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
270 POLARSSL_CIPHERSUITE_EC },
271#if defined(POLARSSL_GCM_C)
272 { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256",
273 POLARSSL_CIPHER_AES_128_GCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
274 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
275 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
276 POLARSSL_CIPHERSUITE_EC },
277#endif /* POLARSSL_GCM_C */
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]278#endif /* POLARSSL_SHA256_C */
279#if defined(POLARSSL_SHA512_C)
Paul Bakkera54e4932013-03-20 15:31:54 +0100[diff] [blame]280 { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384",
281 POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
282 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
283 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
284 POLARSSL_CIPHERSUITE_EC },
285#if defined(POLARSSL_GCM_C)
286 { TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384",
287 POLARSSL_CIPHER_AES_256_GCM, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
288 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
289 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
290 POLARSSL_CIPHERSUITE_EC },
291#endif /* POLARSSL_GCM_C */
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]292#endif /* POLARSSL_SHA512_C */
Paul Bakkera54e4932013-03-20 15:31:54 +0100[diff] [blame]293#endif /* POLARSSL_AES_C */
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]294
295#if defined(POLARSSL_CAMELLIA_C)
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]296#if defined(POLARSSL_SHA256_C)
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]297 { TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
298 POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
299 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
300 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
301 POLARSSL_CIPHERSUITE_EC },
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]302#endif /* POLARSSL_SHA256_C */
303#if defined(POLARSSL_SHA512_C)
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]304 { TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384",
305 POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
306 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
307 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
308 POLARSSL_CIPHERSUITE_EC },
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]309#endif /* POLARSSL_SHA512_C */
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]310#endif /* POLARSSL_CAMELLIA_C */
311
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]312#if defined(POLARSSL_DES_C)
313 { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA",
314 POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
315 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
316 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
317 POLARSSL_CIPHERSUITE_EC },
318#endif /* POLARSSL_DES_C */
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]319
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]320#if defined(POLARSSL_ARC4_C)
321 { TLS_ECDHE_RSA_WITH_RC4_128_SHA, "TLS-ECDHE-RSA-WITH-RC4-128-SHA",
322 POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
323 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
324 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
325 POLARSSL_CIPHERSUITE_EC },
Paul Bakkered27a042013-04-18 22:46:23 +0200[diff] [blame]326#endif /* POLARSSL_ARC4_C */
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]327
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]328#if defined(POLARSSL_CIPHER_NULL_CIPHER)
329 { TLS_ECDHE_RSA_WITH_NULL_SHA, "TLS-ECDHE-RSA-WITH-NULL-SHA",
330 POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
331 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
332 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
333 POLARSSL_CIPHERSUITE_EC | POLARSSL_CIPHERSUITE_WEAK },
Paul Bakkered27a042013-04-18 22:46:23 +0200[diff] [blame]334#endif /* POLARSSL_CIPHER_NULL_CIPHER */
Paul Bakkere07f41d2013-04-19 09:08:57 +0200[diff] [blame]335#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]336
Paul Bakkere07f41d2013-04-19 09:08:57 +0200[diff] [blame]337#if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED)
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]338#if defined(POLARSSL_AES_C)
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]339#if defined(POLARSSL_SHA512_C) && defined(POLARSSL_GCM_C)
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]340 { TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384",
341 POLARSSL_CIPHER_AES_256_GCM, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_DHE_RSA,
342 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
343 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
344 0 },
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]345#endif /* POLARSSL_SHA512_C && POLARSSL_GCM_C */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]346
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]347#if defined(POLARSSL_SHA256_C)
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]348#if defined(POLARSSL_GCM_C)
349 { TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256",
350 POLARSSL_CIPHER_AES_128_GCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_RSA,
351 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
352 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
353 0 },
354#endif /* POLARSSL_GCM_C */
355
356 { TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256",
357 POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_RSA,
358 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
359 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
360 0 },
361
362 { TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256",
363 POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_RSA,
364 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
365 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
366 0 },
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]367#endif /* POLARSSL_SHA256_C */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]368
369 { TLS_DHE_RSA_WITH_AES_128_CBC_SHA, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA",
370 POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA,
371 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
372 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
373 0 },
374
375 { TLS_DHE_RSA_WITH_AES_256_CBC_SHA, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA",
376 POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA,
377 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
378 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
379 0 },
380#endif /* POLARSSL_AES_C */
381
382#if defined(POLARSSL_CAMELLIA_C)
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]383#if defined(POLARSSL_SHA256_C)
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]384 { TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
385 POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_RSA,
386 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
387 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
388 0 },
389
390 { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256",
391 POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_RSA,
392 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
393 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
394 0 },
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]395#endif /* POLARSSL_SHA256_C */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]396
397 { TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA",
398 POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA,
399 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
400 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
401 0 },
402
403 { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA",
404 POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA,
405 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
406 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
407 0 },
408#endif /* POLARSSL_CAMELLIA_C */
409
410#if defined(POLARSSL_DES_C)
411 { TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA",
412 POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA,
413 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
414 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
415 0 },
416#endif /* POLARSSL_DES_C */
Paul Bakkere07f41d2013-04-19 09:08:57 +0200[diff] [blame]417#endif /* POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]418
Paul Bakkere07f41d2013-04-19 09:08:57 +0200[diff] [blame]419#if defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED)
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]420#if defined(POLARSSL_AES_C)
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]421#if defined(POLARSSL_SHA512_C) && defined(POLARSSL_GCM_C)
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]422 { TLS_RSA_WITH_AES_256_GCM_SHA384, "TLS-RSA-WITH-AES-256-GCM-SHA384",
423 POLARSSL_CIPHER_AES_256_GCM, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_RSA,
424 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
425 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
426 0 },
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]427#endif /* POLARSSL_SHA512_C && POLARSSL_GCM_C */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]428
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]429#if defined(POLARSSL_SHA256_C)
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]430#if defined(POLARSSL_GCM_C)
431 { TLS_RSA_WITH_AES_128_GCM_SHA256, "TLS-RSA-WITH-AES-128-GCM-SHA256",
432 POLARSSL_CIPHER_AES_128_GCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA,
433 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
434 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
435 0 },
436#endif /* POLARSSL_GCM_C */
437
438 { TLS_RSA_WITH_AES_128_CBC_SHA256, "TLS-RSA-WITH-AES-128-CBC-SHA256",
439 POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA,
440 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
441 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
442 0 },
443
444 { TLS_RSA_WITH_AES_256_CBC_SHA256, "TLS-RSA-WITH-AES-256-CBC-SHA256",
445 POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA,
446 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
447 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
448 0 },
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]449#endif /* POLARSSL_SHA256_C */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]450
451 { TLS_RSA_WITH_AES_128_CBC_SHA, "TLS-RSA-WITH-AES-128-CBC-SHA",
452 POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
453 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
454 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
455 0 },
456
457 { TLS_RSA_WITH_AES_256_CBC_SHA, "TLS-RSA-WITH-AES-256-CBC-SHA",
458 POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
459 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
460 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
461 0 },
462#endif /* POLARSSL_AES_C */
463
464#if defined(POLARSSL_CAMELLIA_C)
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]465#if defined(POLARSSL_SHA256_C)
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]466 { TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256",
467 POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA,
468 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
469 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
470 0 },
471
472 { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256",
473 POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA,
474 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
475 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
476 0 },
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]477#endif /* POLARSSL_SHA256_C */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]478
479 { TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA",
480 POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
481 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
482 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
483 0 },
484
485 { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA",
486 POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
487 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
488 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
489 0 },
490#endif /* POLARSSL_CAMELLIA_C */
491
492#if defined(POLARSSL_DES_C)
493 { TLS_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-RSA-WITH-3DES-EDE-CBC-SHA",
494 POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
495 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
496 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
497 0 },
498#endif /* POLARSSL_DES_C */
Paul Bakkere07f41d2013-04-19 09:08:57 +0200[diff] [blame]499
500#if defined(POLARSSL_ARC4_C)
501 { TLS_RSA_WITH_RC4_128_MD5, "TLS-RSA-WITH-RC4-128-MD5",
502 POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_MD5, POLARSSL_KEY_EXCHANGE_RSA,
503 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
504 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
505 0 },
506
507 { TLS_RSA_WITH_RC4_128_SHA, "TLS-RSA-WITH-RC4-128-SHA",
508 POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
509 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
510 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
511 0 },
512#endif /* POLARSSL_ARC4_C */
513#endif /* POLARSSL_KEY_EXCHANGE_RSA_ENABLED */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]514
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]515#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
516#if defined(POLARSSL_AES_C)
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]517#if defined(POLARSSL_GCM_C)
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]518#if defined(POLARSSL_SHA256_C)
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]519 { TLS_PSK_WITH_AES_128_GCM_SHA256, "TLS-PSK-WITH-AES-128-GCM-SHA256",
520 POLARSSL_CIPHER_AES_128_GCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_PSK,
521 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
522 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
523 0 },
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]524#endif /* POLARSSL_SHA256_C */
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]525
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]526#if defined(POLARSSL_SHA512_C)
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]527 { TLS_PSK_WITH_AES_256_GCM_SHA384, "TLS-PSK-WITH-AES-256-GCM-SHA384",
528 POLARSSL_CIPHER_AES_256_GCM, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_PSK,
529 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
530 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
531 0 },
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]532#endif /* POLARSSL_SHA512_C */
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]533#endif /* POLARSSL_GCM_C */
534
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]535#if defined(POLARSSL_SHA256_C)
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]536 { TLS_PSK_WITH_AES_128_CBC_SHA256, "TLS-PSK-WITH-AES-128-CBC-SHA256",
537 POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_PSK,
538 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
539 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
540 0 },
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]541#endif /* POLARSSL_SHA256_C */
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]542
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]543#if defined(POLARSSL_SHA512_C)
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]544 { TLS_PSK_WITH_AES_256_CBC_SHA384, "TLS-PSK-WITH-AES-256-CBC-SHA384",
545 POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_PSK,
546 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
547 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
548 0 },
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]549#endif /* POLARSSL_SHA512_C */
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]550
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]551 { TLS_PSK_WITH_AES_128_CBC_SHA, "TLS-PSK-WITH-AES-128-CBC-SHA",
552 POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_PSK,
553 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
554 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
555 0 },
556
557 { TLS_PSK_WITH_AES_256_CBC_SHA, "TLS-PSK-WITH-AES-256-CBC-SHA",
558 POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_PSK,
559 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
560 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
561 0 },
562#endif /* POLARSSL_AES_C */
563
Paul Bakker0f2f0bf2013-07-26 15:03:31 +0200[diff] [blame]564#if defined(POLARSSL_CAMELLIA_C)
565#if defined(POLARSSL_SHA256_C)
566 { TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256",
567 POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_PSK,
568 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
569 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
570 0 },
571#endif /* POLARSSL_SHA256_C */
572
573#if defined(POLARSSL_SHA512_C)
574 { TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384",
575 POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_PSK,
576 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
577 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
578 0 },
579#endif /* POLARSSL_SHA512_C */
580#endif /* POLARSSL_CAMELLIA_C */
581
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]582#if defined(POLARSSL_DES_C)
583 { TLS_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-PSK-WITH-3DES-EDE-CBC-SHA",
584 POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_PSK,
585 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
586 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
587 0 },
588#endif /* POLARSSL_DES_C */
589
590#if defined(POLARSSL_ARC4_C)
591 { TLS_PSK_WITH_RC4_128_SHA, "TLS-PSK-WITH-RC4-128-SHA",
592 POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_PSK,
593 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
594 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
595 0 },
596#endif /* POLARSSL_ARC4_C */
Paul Bakkere07f41d2013-04-19 09:08:57 +0200[diff] [blame]597#endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED */
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]598
Paul Bakkere07f41d2013-04-19 09:08:57 +0200[diff] [blame]599#if defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED)
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]600#if defined(POLARSSL_AES_C)
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]601#if defined(POLARSSL_GCM_C)
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]602#if defined(POLARSSL_SHA256_C)
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]603 { TLS_DHE_PSK_WITH_AES_128_GCM_SHA256, "TLS-DHE-PSK-WITH-AES-128-GCM-SHA256",
604 POLARSSL_CIPHER_AES_128_GCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_PSK,
605 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
606 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
607 0 },
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]608#endif /* POLARSSL_SHA256_C */
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]609
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]610#if defined(POLARSSL_SHA512_C)
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]611 { TLS_DHE_PSK_WITH_AES_256_GCM_SHA384, "TLS-DHE-PSK-WITH-AES-256-GCM-SHA384",
612 POLARSSL_CIPHER_AES_256_GCM, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_DHE_PSK,
613 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
614 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
615 0 },
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]616#endif /* POLARSSL_SHA512_C */
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]617#endif /* POLARSSL_GCM_C */
618
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]619#if defined(POLARSSL_SHA256_C)
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]620 { TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA256",
621 POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_PSK,
622 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
623 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
624 0 },
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]625#endif /* POLARSSL_SHA256_C */
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]626
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]627#if defined(POLARSSL_SHA512_C)
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]628 { TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA384",
629 POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_DHE_PSK,
630 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
631 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
632 0 },
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]633#endif /* POLARSSL_SHA512_C */
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]634
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]635 { TLS_DHE_PSK_WITH_AES_128_CBC_SHA, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA",
636 POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_PSK,
637 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
638 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
639 0 },
640
641 { TLS_DHE_PSK_WITH_AES_256_CBC_SHA, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA",
642 POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_PSK,
643 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
644 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
645 0 },
646#endif /* POLARSSL_AES_C */
647
Paul Bakker0f2f0bf2013-07-26 15:03:31 +0200[diff] [blame]648#if defined(POLARSSL_CAMELLIA_C)
649#if defined(POLARSSL_SHA256_C)
650 { TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
651 POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_PSK,
652 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
653 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
654 0 },
655#endif /* POLARSSL_SHA256_C */
656
657#if defined(POLARSSL_SHA512_C)
658 { TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
659 POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_DHE_PSK,
660 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
661 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
662 0 },
663#endif /* POLARSSL_SHA512_C */
664#endif /* POLARSSL_CAMELLIA_C */
665
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]666#if defined(POLARSSL_DES_C)
667 { TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA",
668 POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_PSK,
669 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
670 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
671 0 },
672#endif /* POLARSSL_DES_C */
673
674#if defined(POLARSSL_ARC4_C)
675 { TLS_DHE_PSK_WITH_RC4_128_SHA, "TLS-DHE-PSK-WITH-RC4-128-SHA",
676 POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_PSK,
677 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
678 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
679 0 },
680#endif /* POLARSSL_ARC4_C */
Paul Bakkere07f41d2013-04-19 09:08:57 +0200[diff] [blame]681#endif /* POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED */
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]682
Paul Bakkere07f41d2013-04-19 09:08:57 +0200[diff] [blame]683#if defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED)
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]684#if defined(POLARSSL_AES_C)
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]685#if defined(POLARSSL_GCM_C)
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]686#if defined(POLARSSL_SHA256_C)
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]687 { TLS_RSA_PSK_WITH_AES_128_GCM_SHA256, "TLS-RSA-PSK-WITH-AES-128-GCM-SHA256",
688 POLARSSL_CIPHER_AES_128_GCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA_PSK,
689 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
690 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
691 0 },
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]692#endif /* POLARSSL_SHA256_C */
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]693
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]694#if defined(POLARSSL_SHA512_C)
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]695 { TLS_RSA_PSK_WITH_AES_256_GCM_SHA384, "TLS-RSA-PSK-WITH-AES-256-GCM-SHA384",
696 POLARSSL_CIPHER_AES_256_GCM, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_RSA_PSK,
697 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
698 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
699 0 },
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]700#endif /* POLARSSL_SHA512_C */
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]701#endif /* POLARSSL_GCM_C */
702
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]703#if defined(POLARSSL_SHA256_C)
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]704 { TLS_RSA_PSK_WITH_AES_128_CBC_SHA256, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA256",
705 POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA_PSK,
706 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
707 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
708 0 },
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]709#endif /* POLARSSL_SHA256_C */
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]710
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]711#if defined(POLARSSL_SHA512_C)
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]712 { TLS_RSA_PSK_WITH_AES_256_CBC_SHA384, "TLS-RSA-PSK-WITH-AES-256-CBC-SHA384",
713 POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_RSA_PSK,
714 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
715 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
716 0 },
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]717#endif /* POLARSSL_SHA512_C */
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]718
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]719 { TLS_RSA_PSK_WITH_AES_128_CBC_SHA, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA",
720 POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA_PSK,
721 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
722 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
723 0 },
724
725 { TLS_RSA_PSK_WITH_AES_256_CBC_SHA, "TLS-RSA-PSK-WITH-AES-256-CBC-SHA",
726 POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA_PSK,
727 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
728 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
729 0 },
730#endif /* POLARSSL_AES_C */
731
Paul Bakker0f2f0bf2013-07-26 15:03:31 +0200[diff] [blame]732#if defined(POLARSSL_CAMELLIA_C)
733#if defined(POLARSSL_SHA256_C)
734 { TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256",
735 POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA_PSK,
736 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
737 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
738 0 },
739#endif /* POLARSSL_SHA256_C */
740
741#if defined(POLARSSL_SHA512_C)
742 { TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384",
743 POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_RSA_PSK,
744 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
745 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
746 0 },
747#endif /* POLARSSL_SHA512_C */
748#endif /* POLARSSL_CAMELLIA_C */
749
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]750#if defined(POLARSSL_DES_C)
751 { TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA",
752 POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA_PSK,
753 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
754 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
755 0 },
756#endif /* POLARSSL_DES_C */
757
758#if defined(POLARSSL_ARC4_C)
759 { TLS_RSA_PSK_WITH_RC4_128_SHA, "TLS-RSA-PSK-WITH-RC4-128-SHA",
760 POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA_PSK,
761 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
762 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
763 0 },
764#endif /* POLARSSL_ARC4_C */
Paul Bakkere07f41d2013-04-19 09:08:57 +0200[diff] [blame]765#endif /* POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED */
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]766
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]767#if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES)
768#if defined(POLARSSL_CIPHER_NULL_CIPHER)
Paul Bakkera1bf92d2013-04-19 19:48:45 +0200[diff] [blame]769#if defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED)
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]770 { TLS_RSA_WITH_NULL_MD5, "TLS-RSA-WITH-NULL-MD5",
771 POLARSSL_CIPHER_NULL, POLARSSL_MD_MD5, POLARSSL_KEY_EXCHANGE_RSA,
772 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
773 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
774 POLARSSL_CIPHERSUITE_WEAK },
775
776 { TLS_RSA_WITH_NULL_SHA, "TLS-RSA-WITH-NULL-SHA",
777 POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
778 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
779 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
780 POLARSSL_CIPHERSUITE_WEAK },
781
782 { TLS_RSA_WITH_NULL_SHA256, "TLS-RSA-WITH-NULL-SHA256",
783 POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA,
784 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
785 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
786 POLARSSL_CIPHERSUITE_WEAK },
Paul Bakkere07f41d2013-04-19 09:08:57 +0200[diff] [blame]787#endif /* POLARSSL_KEY_EXCHANGE_RSA_ENABLED */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]788
Paul Bakkera1bf92d2013-04-19 19:48:45 +0200[diff] [blame]789#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
790 { TLS_PSK_WITH_NULL_SHA, "TLS-PSK-WITH-NULL-SHA",
791 POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_PSK,
792 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
793 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
794 POLARSSL_CIPHERSUITE_WEAK },
795#endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED */
796
797#if defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED)
798 { TLS_DHE_PSK_WITH_NULL_SHA, "TLS-DHE-PSK-WITH-NULL-SHA",
799 POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_PSK,
800 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
801 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
802 POLARSSL_CIPHERSUITE_WEAK },
803#endif /* POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED */
804
805#if defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED)
806 { TLS_RSA_PSK_WITH_NULL_SHA, "TLS-RSA-PSK-WITH-NULL-SHA",
807 POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA_PSK,
808 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
809 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
810 POLARSSL_CIPHERSUITE_WEAK },
811#endif /* POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED */
812#endif /* POLARSSL_CIPHER_NULL_CIPHER */
813
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]814#if defined(POLARSSL_DES_C)
Paul Bakkere07f41d2013-04-19 09:08:57 +0200[diff] [blame]815#if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED)
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]816 { TLS_DHE_RSA_WITH_DES_CBC_SHA, "TLS-DHE-RSA-WITH-DES-CBC-SHA",
817 POLARSSL_CIPHER_DES_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA,
818 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
819 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
820 POLARSSL_CIPHERSUITE_WEAK },
Paul Bakkere07f41d2013-04-19 09:08:57 +0200[diff] [blame]821#endif /* POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]822
823 { TLS_RSA_WITH_DES_CBC_SHA, "TLS-RSA-WITH-DES-CBC-SHA",
824 POLARSSL_CIPHER_DES_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
825 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
826 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
827 POLARSSL_CIPHERSUITE_WEAK },
828#endif /* POLARSSL_DES_C */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]829#endif /* POLARSSL_ENABLE_WEAK_CIPHERSUITES */
830
831 { 0, "", 0, 0, 0, 0, 0, 0, 0, 0 }
832};
833
834const int *ssl_list_ciphersuites( void )
835{
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]836 /*
837 * On initial call filter out all ciphersuites not supported by current
838 * build based on presence in the ciphersuite_definitions.
839 */
840 if( supported_init == 0 )
841 {
842 const int *p = ciphersuite_preference;
843 int *q = supported_ciphersuites;
Manuel Pégourié-Gonnard32ea60a2013-08-17 17:39:04 +0200[diff] [blame]844 size_t i;
845 size_t max = sizeof(supported_ciphersuites) / sizeof(int);
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]846
847 memset( supported_ciphersuites, 0x00, sizeof(supported_ciphersuites) );
848
Manuel Pégourié-Gonnard32ea60a2013-08-17 17:39:04 +0200[diff] [blame]849 /* Leave room for a final 0 */
850 for( i = 0; i < max - 1 && p[i] != 0; i++ )
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]851 {
Manuel Pégourié-Gonnard32ea60a2013-08-17 17:39:04 +0200[diff] [blame]852 if( ssl_ciphersuite_from_id( p[i] ) != NULL )
853 *(q++) = p[i];
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]854 }
Manuel Pégourié-Gonnard32ea60a2013-08-17 17:39:04 +0200[diff] [blame]855
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]856 supported_init = 1;
857 }
858
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]859 return supported_ciphersuites;
860};
861
862const ssl_ciphersuite_t *ssl_ciphersuite_from_string( const char *ciphersuite_name )
863{
864 const ssl_ciphersuite_t *cur = ciphersuite_definitions;
865
866 if( NULL == ciphersuite_name )
867 return( NULL );
868
869 while( cur->id != 0 )
870 {
871 if( 0 == strcasecmp( cur->name, ciphersuite_name ) )
872 return( cur );
873
874 cur++;
875 }
876
877 return( NULL );
878}
879
880const ssl_ciphersuite_t *ssl_ciphersuite_from_id( int ciphersuite )
881{
882 const ssl_ciphersuite_t *cur = ciphersuite_definitions;
883
884 while( cur->id != 0 )
885 {
886 if( cur->id == ciphersuite )
887 return( cur );
888
889 cur++;
890 }
891
892 return( NULL );
893}
894
895const char *ssl_get_ciphersuite_name( const int ciphersuite_id )
896{
897 const ssl_ciphersuite_t *cur;
898
899 cur = ssl_ciphersuite_from_id( ciphersuite_id );
900
901 if( cur == NULL )
902 return( "unknown" );
903
904 return( cur->name );
905}
906
907int ssl_get_ciphersuite_id( const char *ciphersuite_name )
908{
909 const ssl_ciphersuite_t *cur;
910
911 cur = ssl_ciphersuite_from_string( ciphersuite_name );
912
913 if( cur == NULL )
914 return( 0 );
915
916 return( cur->id );
917}
918
Manuel Pégourié-Gonnard09edda82013-08-19 13:50:33 +0200[diff] [blame^]919pk_type_t ssl_get_ciphersuite_sig_pk_alg( const ssl_ciphersuite_t *info )
920{
921 switch( info->key_exchange )
922 {
923 case POLARSSL_KEY_EXCHANGE_DHE_RSA:
924 case POLARSSL_KEY_EXCHANGE_ECDHE_RSA:
925 return( POLARSSL_PK_RSA );
926
927 case POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA:
928 return( POLARSSL_PK_ECDSA );
929
930 default:
931 return( POLARSSL_PK_NONE );
932 }
933}
934
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]935#endif