TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 27714b1aa1bbe2c401e5bbf60efe23ca96f30d94 / . / library / ssl_ciphersuites.c
blob: 6e1a4f840d74c968887f8838049a32a687b67420 [file] [log] [blame]
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1/**
2 * \file ssl_ciphersuites.c
3 *
4 * \brief SSL ciphersuites for PolarSSL
5 *
6 * Copyright (C) 2006-2013, Brainspark B.V.
7 *
8 * This file is part of PolarSSL (http://www.polarssl.org)
9 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
10 *
11 * All rights reserved.
12 *
13 * This program is free software; you can redistribute it and/or modify
14 * it under the terms of the GNU General Public License as published by
15 * the Free Software Foundation; either version 2 of the License, or
16 * (at your option) any later version.
17 *
18 * This program is distributed in the hope that it will be useful,
19 * but WITHOUT ANY WARRANTY; without even the implied warranty of
20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 * GNU General Public License for more details.
22 *
23 * You should have received a copy of the GNU General Public License along
24 * with this program; if not, write to the Free Software Foundation, Inc.,
25 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
26 */
27
28#include "polarssl/config.h"
29
30#if defined(POLARSSL_SSL_TLS_C)
31
32#include "polarssl/ssl_ciphersuites.h"
33#include "polarssl/ssl.h"
34
35#include <stdlib.h>
36
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]37/*
38 * Ordered from most preferred to least preferred in terms of security.
39 */
40static const int ciphersuite_preference[] =
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]41{
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame^]42 /* All AES-256 ephemeral suites */
Paul Bakkera54e4932013-03-20 15:31:54 +0100[diff] [blame]43 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]44 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
Paul Bakkera54e4932013-03-20 15:31:54 +0100[diff] [blame]45 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]46 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]47 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]48 TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame^]49
50 /* All CAMELLIA-256 ephemeral suites */
51 TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]52 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]53 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame^]54
55 /* All AES-128 ephemeral suites */
Paul Bakkera54e4932013-03-20 15:31:54 +0100[diff] [blame]56 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]57 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
Paul Bakkera54e4932013-03-20 15:31:54 +0100[diff] [blame]58 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]59 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
60 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
61 TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame^]62
63 /* All CAMELLIA-128 ephemeral suites */
64 TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]65 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]66 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame^]67
68 /* All remaining > 128-bit ephemeral suites */
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]69 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]70 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]71 TLS_ECDHE_RSA_WITH_RC4_128_SHA,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame^]72
73 /* All AES-256 suites */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]74 TLS_RSA_WITH_AES_256_CBC_SHA256,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]75 TLS_RSA_WITH_AES_256_GCM_SHA384,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]76 TLS_RSA_WITH_AES_256_CBC_SHA,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame^]77
78 /* All CAMELLIA-256 suites */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]79 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]80 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame^]81
82 /* All AES-128 suites */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]83 TLS_RSA_WITH_AES_128_CBC_SHA256,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]84 TLS_RSA_WITH_AES_128_GCM_SHA256,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]85 TLS_RSA_WITH_AES_128_CBC_SHA,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame^]86
87 /* All CAMELLIA-128 suites */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]88 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]89 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame^]90
91 /* All remaining > 128-bit suites */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]92 TLS_RSA_WITH_3DES_EDE_CBC_SHA,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]93 TLS_RSA_WITH_RC4_128_SHA,
94 TLS_RSA_WITH_RC4_128_MD5,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame^]95
96 /* Weak or NULL suites */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]97 TLS_DHE_RSA_WITH_DES_CBC_SHA,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]98 TLS_RSA_WITH_DES_CBC_SHA,
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]99 TLS_ECDHE_RSA_WITH_NULL_SHA,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]100 TLS_RSA_WITH_NULL_SHA256,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]101 TLS_RSA_WITH_NULL_SHA,
102 TLS_RSA_WITH_NULL_MD5,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame^]103
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]104 0
105};
106
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]107#define MAX_CIPHERSUITES 60
108static int supported_ciphersuites[MAX_CIPHERSUITES];
109static int supported_init = 0;
110
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]111static const ssl_ciphersuite_t ciphersuite_definitions[] =
112{
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]113#if defined(POLARSSL_ECDH_C)
114#if defined(POLARSSL_AES_C)
115 { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA",
116 POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
117 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
118 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
119 POLARSSL_CIPHERSUITE_EC },
120 { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA",
121 POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
122 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
123 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
124 POLARSSL_CIPHERSUITE_EC },
Paul Bakkera54e4932013-03-20 15:31:54 +0100[diff] [blame]125#if defined(POLARSSL_SHA2_C)
126 { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256",
127 POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
128 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
129 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
130 POLARSSL_CIPHERSUITE_EC },
131#if defined(POLARSSL_GCM_C)
132 { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256",
133 POLARSSL_CIPHER_AES_128_GCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
134 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
135 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
136 POLARSSL_CIPHERSUITE_EC },
137#endif /* POLARSSL_GCM_C */
138#endif /* POLARSSL_SHA2_C */
139#if defined(POLARSSL_SHA4_C)
140 { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384",
141 POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
142 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
143 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
144 POLARSSL_CIPHERSUITE_EC },
145#if defined(POLARSSL_GCM_C)
146 { TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384",
147 POLARSSL_CIPHER_AES_256_GCM, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
148 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
149 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
150 POLARSSL_CIPHERSUITE_EC },
151#endif /* POLARSSL_GCM_C */
152#endif /* POLARSSL_SHA4_C */
153#endif /* POLARSSL_AES_C */
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame^]154
155#if defined(POLARSSL_CAMELLIA_C)
156#if defined(POLARSSL_SHA2_C)
157 { TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
158 POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
159 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
160 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
161 POLARSSL_CIPHERSUITE_EC },
162#endif /* POLARSSL_SHA2_C */
163#if defined(POLARSSL_SHA4_C)
164 { TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384",
165 POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
166 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
167 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
168 POLARSSL_CIPHERSUITE_EC },
169#endif /* POLARSSL_SHA4_C */
170#endif /* POLARSSL_CAMELLIA_C */
171
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]172#if defined(POLARSSL_DES_C)
173 { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA",
174 POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
175 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
176 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
177 POLARSSL_CIPHERSUITE_EC },
178#endif /* POLARSSL_DES_C */
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame^]179
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]180#if defined(POLARSSL_ARC4_C)
181 { TLS_ECDHE_RSA_WITH_RC4_128_SHA, "TLS-ECDHE-RSA-WITH-RC4-128-SHA",
182 POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
183 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
184 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
185 POLARSSL_CIPHERSUITE_EC },
186#endif
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame^]187
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]188#if defined(POLARSSL_CIPHER_NULL_CIPHER)
189 { TLS_ECDHE_RSA_WITH_NULL_SHA, "TLS-ECDHE-RSA-WITH-NULL-SHA",
190 POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
191 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
192 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
193 POLARSSL_CIPHERSUITE_EC | POLARSSL_CIPHERSUITE_WEAK },
194#endif
195#endif
196
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]197#if defined(POLARSSL_ARC4_C)
198 { TLS_RSA_WITH_RC4_128_MD5, "TLS-RSA-WITH-RC4-128-MD5",
199 POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_MD5, POLARSSL_KEY_EXCHANGE_RSA,
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]200 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]201 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
202 0 },
203
204 { TLS_RSA_WITH_RC4_128_SHA, "TLS-RSA-WITH-RC4-128-SHA",
205 POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]206 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]207 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
208 0 },
209#endif /* POLARSSL_ARC4_C */
210
211#if defined(POLARSSL_DHM_C)
212#if defined(POLARSSL_AES_C)
213#if defined(POLARSSL_SHA4_C) && defined(POLARSSL_GCM_C)
214 { TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384",
215 POLARSSL_CIPHER_AES_256_GCM, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_DHE_RSA,
216 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
217 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
218 0 },
219#endif /* POLARSSL_SHA4_C && POLARSSL_GCM_C */
220
221#if defined(POLARSSL_SHA2_C)
222#if defined(POLARSSL_GCM_C)
223 { TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256",
224 POLARSSL_CIPHER_AES_128_GCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_RSA,
225 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
226 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
227 0 },
228#endif /* POLARSSL_GCM_C */
229
230 { TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256",
231 POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_RSA,
232 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
233 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
234 0 },
235
236 { TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256",
237 POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_RSA,
238 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
239 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
240 0 },
241#endif /* POLARSSL_SHA2_C */
242
243 { TLS_DHE_RSA_WITH_AES_128_CBC_SHA, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA",
244 POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA,
245 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
246 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
247 0 },
248
249 { TLS_DHE_RSA_WITH_AES_256_CBC_SHA, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA",
250 POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA,
251 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
252 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
253 0 },
254#endif /* POLARSSL_AES_C */
255
256#if defined(POLARSSL_CAMELLIA_C)
257#if defined(POLARSSL_SHA2_C)
258 { TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
259 POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_RSA,
260 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
261 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
262 0 },
263
264 { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256",
265 POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_RSA,
266 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
267 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
268 0 },
269#endif /* POLARSSL_SHA2_C */
270
271 { TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA",
272 POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA,
273 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
274 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
275 0 },
276
277 { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA",
278 POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA,
279 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
280 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
281 0 },
282#endif /* POLARSSL_CAMELLIA_C */
283
284#if defined(POLARSSL_DES_C)
285 { TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA",
286 POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA,
287 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
288 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
289 0 },
290#endif /* POLARSSL_DES_C */
291#endif /* POLARSSL_DHM_C */
292
293#if defined(POLARSSL_AES_C)
294#if defined(POLARSSL_SHA4_C) && defined(POLARSSL_GCM_C)
295 { TLS_RSA_WITH_AES_256_GCM_SHA384, "TLS-RSA-WITH-AES-256-GCM-SHA384",
296 POLARSSL_CIPHER_AES_256_GCM, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_RSA,
297 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
298 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
299 0 },
300#endif /* POLARSSL_SHA4_C && POLARSSL_GCM_C */
301
302#if defined(POLARSSL_SHA2_C)
303#if defined(POLARSSL_GCM_C)
304 { TLS_RSA_WITH_AES_128_GCM_SHA256, "TLS-RSA-WITH-AES-128-GCM-SHA256",
305 POLARSSL_CIPHER_AES_128_GCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA,
306 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
307 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
308 0 },
309#endif /* POLARSSL_GCM_C */
310
311 { TLS_RSA_WITH_AES_128_CBC_SHA256, "TLS-RSA-WITH-AES-128-CBC-SHA256",
312 POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA,
313 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
314 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
315 0 },
316
317 { TLS_RSA_WITH_AES_256_CBC_SHA256, "TLS-RSA-WITH-AES-256-CBC-SHA256",
318 POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA,
319 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
320 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
321 0 },
322#endif /* POLARSSL_SHA2_C */
323
324 { TLS_RSA_WITH_AES_128_CBC_SHA, "TLS-RSA-WITH-AES-128-CBC-SHA",
325 POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
326 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
327 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
328 0 },
329
330 { TLS_RSA_WITH_AES_256_CBC_SHA, "TLS-RSA-WITH-AES-256-CBC-SHA",
331 POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
332 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
333 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
334 0 },
335#endif /* POLARSSL_AES_C */
336
337#if defined(POLARSSL_CAMELLIA_C)
338#if defined(POLARSSL_SHA2_C)
339 { TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256",
340 POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA,
341 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
342 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
343 0 },
344
345 { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256",
346 POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA,
347 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
348 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
349 0 },
350#endif /* POLARSSL_SHA2_C */
351
352 { TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA",
353 POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
354 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
355 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
356 0 },
357
358 { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA",
359 POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
360 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
361 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
362 0 },
363#endif /* POLARSSL_CAMELLIA_C */
364
365#if defined(POLARSSL_DES_C)
366 { TLS_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-RSA-WITH-3DES-EDE-CBC-SHA",
367 POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
368 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
369 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
370 0 },
371#endif /* POLARSSL_DES_C */
372
373#if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES)
374#if defined(POLARSSL_CIPHER_NULL_CIPHER)
375 { TLS_RSA_WITH_NULL_MD5, "TLS-RSA-WITH-NULL-MD5",
376 POLARSSL_CIPHER_NULL, POLARSSL_MD_MD5, POLARSSL_KEY_EXCHANGE_RSA,
377 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
378 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
379 POLARSSL_CIPHERSUITE_WEAK },
380
381 { TLS_RSA_WITH_NULL_SHA, "TLS-RSA-WITH-NULL-SHA",
382 POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
383 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
384 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
385 POLARSSL_CIPHERSUITE_WEAK },
386
387 { TLS_RSA_WITH_NULL_SHA256, "TLS-RSA-WITH-NULL-SHA256",
388 POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA,
389 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
390 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
391 POLARSSL_CIPHERSUITE_WEAK },
392#endif /* POLARSSL_CIPHER_NULL_CIPHER */
393
394#if defined(POLARSSL_DES_C)
395#if defined(POLARSSL_DHM_C)
396 { TLS_DHE_RSA_WITH_DES_CBC_SHA, "TLS-DHE-RSA-WITH-DES-CBC-SHA",
397 POLARSSL_CIPHER_DES_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA,
398 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
399 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
400 POLARSSL_CIPHERSUITE_WEAK },
401#endif /* POLARSSL_DHM_C */
402
403 { TLS_RSA_WITH_DES_CBC_SHA, "TLS-RSA-WITH-DES-CBC-SHA",
404 POLARSSL_CIPHER_DES_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
405 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
406 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
407 POLARSSL_CIPHERSUITE_WEAK },
408#endif /* POLARSSL_DES_C */
409
410#endif /* POLARSSL_ENABLE_WEAK_CIPHERSUITES */
411
412 { 0, "", 0, 0, 0, 0, 0, 0, 0, 0 }
413};
414
415const int *ssl_list_ciphersuites( void )
416{
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]417 /*
418 * On initial call filter out all ciphersuites not supported by current
419 * build based on presence in the ciphersuite_definitions.
420 */
421 if( supported_init == 0 )
422 {
423 const int *p = ciphersuite_preference;
424 int *q = supported_ciphersuites;
425
426 memset( supported_ciphersuites, 0x00, sizeof(supported_ciphersuites) );
427
428 while( *p != 0 )
429 {
430 if( ssl_ciphersuite_from_id( *p ) != NULL )
431 *(q++) = *p;
432
433 p++;
434 }
435 supported_init = 1;
436 }
437
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]438 return supported_ciphersuites;
439};
440
441const ssl_ciphersuite_t *ssl_ciphersuite_from_string( const char *ciphersuite_name )
442{
443 const ssl_ciphersuite_t *cur = ciphersuite_definitions;
444
445 if( NULL == ciphersuite_name )
446 return( NULL );
447
448 while( cur->id != 0 )
449 {
450 if( 0 == strcasecmp( cur->name, ciphersuite_name ) )
451 return( cur );
452
453 cur++;
454 }
455
456 return( NULL );
457}
458
459const ssl_ciphersuite_t *ssl_ciphersuite_from_id( int ciphersuite )
460{
461 const ssl_ciphersuite_t *cur = ciphersuite_definitions;
462
463 while( cur->id != 0 )
464 {
465 if( cur->id == ciphersuite )
466 return( cur );
467
468 cur++;
469 }
470
471 return( NULL );
472}
473
474const char *ssl_get_ciphersuite_name( const int ciphersuite_id )
475{
476 const ssl_ciphersuite_t *cur;
477
478 cur = ssl_ciphersuite_from_id( ciphersuite_id );
479
480 if( cur == NULL )
481 return( "unknown" );
482
483 return( cur->name );
484}
485
486int ssl_get_ciphersuite_id( const char *ciphersuite_name )
487{
488 const ssl_ciphersuite_t *cur;
489
490 cur = ssl_ciphersuite_from_string( ciphersuite_name );
491
492 if( cur == NULL )
493 return( 0 );
494
495 return( cur->id );
496}
497
498#endif