TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 40afb4ba13be5cc8a2970bf421a5c6352bf75ca6 / . / library / ssl_ciphersuites.c
blob: 347fe8085f03b786c4fc4f1fd3e95106b849907b [file] [log] [blame]
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1/**
2 * \file ssl_ciphersuites.c
3 *
4 * \brief SSL ciphersuites for PolarSSL
5 *
6 * Copyright (C) 2006-2013, Brainspark B.V.
7 *
8 * This file is part of PolarSSL (http://www.polarssl.org)
9 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
10 *
11 * All rights reserved.
12 *
13 * This program is free software; you can redistribute it and/or modify
14 * it under the terms of the GNU General Public License as published by
15 * the Free Software Foundation; either version 2 of the License, or
16 * (at your option) any later version.
17 *
18 * This program is distributed in the hope that it will be useful,
19 * but WITHOUT ANY WARRANTY; without even the implied warranty of
20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 * GNU General Public License for more details.
22 *
23 * You should have received a copy of the GNU General Public License along
24 * with this program; if not, write to the Free Software Foundation, Inc.,
25 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
26 */
27
28#include "polarssl/config.h"
29
30#if defined(POLARSSL_SSL_TLS_C)
31
32#include "polarssl/ssl_ciphersuites.h"
33#include "polarssl/ssl.h"
34
35#include <stdlib.h>
36
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]37/*
38 * Ordered from most preferred to least preferred in terms of security.
39 */
40static const int ciphersuite_preference[] =
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]41{
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]42 /* All AES-256 ephemeral suites */
Paul Bakkera54e4932013-03-20 15:31:54 +0100[diff] [blame]43 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]44 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
Paul Bakkera54e4932013-03-20 15:31:54 +0100[diff] [blame]45 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]46 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]47 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]48 TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]49
50 /* All CAMELLIA-256 ephemeral suites */
51 TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]52 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]53 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]54
55 /* All AES-128 ephemeral suites */
Paul Bakkera54e4932013-03-20 15:31:54 +0100[diff] [blame]56 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]57 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
Paul Bakkera54e4932013-03-20 15:31:54 +0100[diff] [blame]58 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]59 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
60 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
61 TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]62
63 /* All CAMELLIA-128 ephemeral suites */
64 TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]65 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]66 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]67
68 /* All remaining > 128-bit ephemeral suites */
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]69 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]70 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]71 TLS_ECDHE_RSA_WITH_RC4_128_SHA,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]72
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]73 /* The PSK ephemeral suites */
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame^]74 TLS_DHE_PSK_WITH_AES_256_CBC_SHA384,
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]75 TLS_DHE_PSK_WITH_AES_256_CBC_SHA,
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame^]76 TLS_DHE_PSK_WITH_AES_256_GCM_SHA384,
77 TLS_DHE_PSK_WITH_AES_128_CBC_SHA256,
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]78 TLS_DHE_PSK_WITH_AES_128_CBC_SHA,
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame^]79 TLS_DHE_PSK_WITH_AES_128_GCM_SHA256,
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]80 TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
81 TLS_DHE_PSK_WITH_RC4_128_SHA,
82
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]83 /* All AES-256 suites */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]84 TLS_RSA_WITH_AES_256_CBC_SHA256,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]85 TLS_RSA_WITH_AES_256_GCM_SHA384,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]86 TLS_RSA_WITH_AES_256_CBC_SHA,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]87
88 /* All CAMELLIA-256 suites */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]89 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]90 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]91
92 /* All AES-128 suites */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]93 TLS_RSA_WITH_AES_128_CBC_SHA256,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]94 TLS_RSA_WITH_AES_128_GCM_SHA256,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]95 TLS_RSA_WITH_AES_128_CBC_SHA,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]96
97 /* All CAMELLIA-128 suites */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]98 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]99 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]100
101 /* All remaining > 128-bit suites */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]102 TLS_RSA_WITH_3DES_EDE_CBC_SHA,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]103 TLS_RSA_WITH_RC4_128_SHA,
104 TLS_RSA_WITH_RC4_128_MD5,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]105
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]106 /* The RSA PSK suites */
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame^]107 TLS_RSA_PSK_WITH_AES_256_CBC_SHA384,
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]108 TLS_RSA_PSK_WITH_AES_256_CBC_SHA,
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame^]109 TLS_RSA_PSK_WITH_AES_256_GCM_SHA384,
110 TLS_RSA_PSK_WITH_AES_128_CBC_SHA256,
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]111 TLS_RSA_PSK_WITH_AES_128_CBC_SHA,
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame^]112 TLS_RSA_PSK_WITH_AES_128_GCM_SHA256,
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]113 TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
114 TLS_RSA_PSK_WITH_RC4_128_SHA,
115
116 /* The PSK suites */
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame^]117 TLS_PSK_WITH_AES_256_CBC_SHA384,
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]118 TLS_PSK_WITH_AES_256_CBC_SHA,
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame^]119 TLS_PSK_WITH_AES_256_GCM_SHA384,
120 TLS_PSK_WITH_AES_128_CBC_SHA256,
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]121 TLS_PSK_WITH_AES_128_CBC_SHA,
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame^]122 TLS_PSK_WITH_AES_128_GCM_SHA256,
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]123 TLS_PSK_WITH_3DES_EDE_CBC_SHA,
124 TLS_PSK_WITH_RC4_128_SHA,
125
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]126 /* Weak or NULL suites */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]127 TLS_DHE_RSA_WITH_DES_CBC_SHA,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]128 TLS_RSA_WITH_DES_CBC_SHA,
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]129 TLS_ECDHE_RSA_WITH_NULL_SHA,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]130 TLS_RSA_WITH_NULL_SHA256,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]131 TLS_RSA_WITH_NULL_SHA,
132 TLS_RSA_WITH_NULL_MD5,
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame^]133 TLS_PSK_WITH_NULL_SHA384,
134 TLS_PSK_WITH_NULL_SHA256,
Paul Bakkera1bf92d2013-04-19 19:48:45 +0200[diff] [blame]135 TLS_PSK_WITH_NULL_SHA,
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame^]136 TLS_DHE_PSK_WITH_NULL_SHA384,
137 TLS_DHE_PSK_WITH_NULL_SHA256,
Paul Bakkera1bf92d2013-04-19 19:48:45 +0200[diff] [blame]138 TLS_DHE_PSK_WITH_NULL_SHA,
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame^]139 TLS_RSA_PSK_WITH_NULL_SHA384,
140 TLS_RSA_PSK_WITH_NULL_SHA256,
Paul Bakkera1bf92d2013-04-19 19:48:45 +0200[diff] [blame]141 TLS_RSA_PSK_WITH_NULL_SHA,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]142
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]143 0
144};
145
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]146#define MAX_CIPHERSUITES 60
147static int supported_ciphersuites[MAX_CIPHERSUITES];
148static int supported_init = 0;
149
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]150static const ssl_ciphersuite_t ciphersuite_definitions[] =
151{
Paul Bakkere07f41d2013-04-19 09:08:57 +0200[diff] [blame]152#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]153#if defined(POLARSSL_AES_C)
154 { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA",
155 POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
156 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
157 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
158 POLARSSL_CIPHERSUITE_EC },
159 { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA",
160 POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
161 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
162 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
163 POLARSSL_CIPHERSUITE_EC },
Paul Bakkera54e4932013-03-20 15:31:54 +0100[diff] [blame]164#if defined(POLARSSL_SHA2_C)
165 { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256",
166 POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
167 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
168 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
169 POLARSSL_CIPHERSUITE_EC },
170#if defined(POLARSSL_GCM_C)
171 { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256",
172 POLARSSL_CIPHER_AES_128_GCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
173 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
174 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
175 POLARSSL_CIPHERSUITE_EC },
176#endif /* POLARSSL_GCM_C */
177#endif /* POLARSSL_SHA2_C */
178#if defined(POLARSSL_SHA4_C)
179 { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384",
180 POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
181 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
182 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
183 POLARSSL_CIPHERSUITE_EC },
184#if defined(POLARSSL_GCM_C)
185 { TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384",
186 POLARSSL_CIPHER_AES_256_GCM, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
187 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
188 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
189 POLARSSL_CIPHERSUITE_EC },
190#endif /* POLARSSL_GCM_C */
191#endif /* POLARSSL_SHA4_C */
192#endif /* POLARSSL_AES_C */
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]193
194#if defined(POLARSSL_CAMELLIA_C)
195#if defined(POLARSSL_SHA2_C)
196 { TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
197 POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
198 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
199 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
200 POLARSSL_CIPHERSUITE_EC },
201#endif /* POLARSSL_SHA2_C */
202#if defined(POLARSSL_SHA4_C)
203 { TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384",
204 POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
205 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
206 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
207 POLARSSL_CIPHERSUITE_EC },
208#endif /* POLARSSL_SHA4_C */
209#endif /* POLARSSL_CAMELLIA_C */
210
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]211#if defined(POLARSSL_DES_C)
212 { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA",
213 POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
214 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
215 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
216 POLARSSL_CIPHERSUITE_EC },
217#endif /* POLARSSL_DES_C */
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]218
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]219#if defined(POLARSSL_ARC4_C)
220 { TLS_ECDHE_RSA_WITH_RC4_128_SHA, "TLS-ECDHE-RSA-WITH-RC4-128-SHA",
221 POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
222 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
223 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
224 POLARSSL_CIPHERSUITE_EC },
Paul Bakkered27a042013-04-18 22:46:23 +0200[diff] [blame]225#endif /* POLARSSL_ARC4_C */
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]226
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]227#if defined(POLARSSL_CIPHER_NULL_CIPHER)
228 { TLS_ECDHE_RSA_WITH_NULL_SHA, "TLS-ECDHE-RSA-WITH-NULL-SHA",
229 POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
230 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
231 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
232 POLARSSL_CIPHERSUITE_EC | POLARSSL_CIPHERSUITE_WEAK },
Paul Bakkered27a042013-04-18 22:46:23 +0200[diff] [blame]233#endif /* POLARSSL_CIPHER_NULL_CIPHER */
Paul Bakkere07f41d2013-04-19 09:08:57 +0200[diff] [blame]234#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]235
Paul Bakkere07f41d2013-04-19 09:08:57 +0200[diff] [blame]236#if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED)
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]237#if defined(POLARSSL_AES_C)
238#if defined(POLARSSL_SHA4_C) && defined(POLARSSL_GCM_C)
239 { TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384",
240 POLARSSL_CIPHER_AES_256_GCM, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_DHE_RSA,
241 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
242 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
243 0 },
244#endif /* POLARSSL_SHA4_C && POLARSSL_GCM_C */
245
246#if defined(POLARSSL_SHA2_C)
247#if defined(POLARSSL_GCM_C)
248 { TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256",
249 POLARSSL_CIPHER_AES_128_GCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_RSA,
250 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
251 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
252 0 },
253#endif /* POLARSSL_GCM_C */
254
255 { TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256",
256 POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_RSA,
257 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
258 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
259 0 },
260
261 { TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256",
262 POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_RSA,
263 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
264 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
265 0 },
266#endif /* POLARSSL_SHA2_C */
267
268 { TLS_DHE_RSA_WITH_AES_128_CBC_SHA, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA",
269 POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA,
270 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
271 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
272 0 },
273
274 { TLS_DHE_RSA_WITH_AES_256_CBC_SHA, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA",
275 POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA,
276 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
277 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
278 0 },
279#endif /* POLARSSL_AES_C */
280
281#if defined(POLARSSL_CAMELLIA_C)
282#if defined(POLARSSL_SHA2_C)
283 { TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
284 POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_RSA,
285 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
286 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
287 0 },
288
289 { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256",
290 POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_RSA,
291 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
292 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
293 0 },
294#endif /* POLARSSL_SHA2_C */
295
296 { TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA",
297 POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA,
298 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
299 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
300 0 },
301
302 { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA",
303 POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA,
304 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
305 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
306 0 },
307#endif /* POLARSSL_CAMELLIA_C */
308
309#if defined(POLARSSL_DES_C)
310 { TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA",
311 POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA,
312 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
313 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
314 0 },
315#endif /* POLARSSL_DES_C */
Paul Bakkere07f41d2013-04-19 09:08:57 +0200[diff] [blame]316#endif /* POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]317
Paul Bakkere07f41d2013-04-19 09:08:57 +0200[diff] [blame]318#if defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED)
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]319#if defined(POLARSSL_AES_C)
320#if defined(POLARSSL_SHA4_C) && defined(POLARSSL_GCM_C)
321 { TLS_RSA_WITH_AES_256_GCM_SHA384, "TLS-RSA-WITH-AES-256-GCM-SHA384",
322 POLARSSL_CIPHER_AES_256_GCM, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_RSA,
323 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
324 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
325 0 },
326#endif /* POLARSSL_SHA4_C && POLARSSL_GCM_C */
327
328#if defined(POLARSSL_SHA2_C)
329#if defined(POLARSSL_GCM_C)
330 { TLS_RSA_WITH_AES_128_GCM_SHA256, "TLS-RSA-WITH-AES-128-GCM-SHA256",
331 POLARSSL_CIPHER_AES_128_GCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA,
332 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
333 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
334 0 },
335#endif /* POLARSSL_GCM_C */
336
337 { TLS_RSA_WITH_AES_128_CBC_SHA256, "TLS-RSA-WITH-AES-128-CBC-SHA256",
338 POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA,
339 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
340 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
341 0 },
342
343 { TLS_RSA_WITH_AES_256_CBC_SHA256, "TLS-RSA-WITH-AES-256-CBC-SHA256",
344 POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA,
345 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
346 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
347 0 },
348#endif /* POLARSSL_SHA2_C */
349
350 { TLS_RSA_WITH_AES_128_CBC_SHA, "TLS-RSA-WITH-AES-128-CBC-SHA",
351 POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
352 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
353 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
354 0 },
355
356 { TLS_RSA_WITH_AES_256_CBC_SHA, "TLS-RSA-WITH-AES-256-CBC-SHA",
357 POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
358 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
359 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
360 0 },
361#endif /* POLARSSL_AES_C */
362
363#if defined(POLARSSL_CAMELLIA_C)
364#if defined(POLARSSL_SHA2_C)
365 { TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256",
366 POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA,
367 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
368 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
369 0 },
370
371 { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256",
372 POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA,
373 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
374 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
375 0 },
376#endif /* POLARSSL_SHA2_C */
377
378 { TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA",
379 POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
380 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
381 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
382 0 },
383
384 { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA",
385 POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
386 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
387 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
388 0 },
389#endif /* POLARSSL_CAMELLIA_C */
390
391#if defined(POLARSSL_DES_C)
392 { TLS_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-RSA-WITH-3DES-EDE-CBC-SHA",
393 POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
394 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
395 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
396 0 },
397#endif /* POLARSSL_DES_C */
Paul Bakkere07f41d2013-04-19 09:08:57 +0200[diff] [blame]398
399#if defined(POLARSSL_ARC4_C)
400 { TLS_RSA_WITH_RC4_128_MD5, "TLS-RSA-WITH-RC4-128-MD5",
401 POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_MD5, POLARSSL_KEY_EXCHANGE_RSA,
402 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
403 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
404 0 },
405
406 { TLS_RSA_WITH_RC4_128_SHA, "TLS-RSA-WITH-RC4-128-SHA",
407 POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
408 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
409 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
410 0 },
411#endif /* POLARSSL_ARC4_C */
412#endif /* POLARSSL_KEY_EXCHANGE_RSA_ENABLED */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]413
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]414#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
415#if defined(POLARSSL_AES_C)
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame^]416#if defined(POLARSSL_GCM_C)
417#if defined(POLARSSL_SHA2_C)
418 { TLS_PSK_WITH_AES_128_GCM_SHA256, "TLS-PSK-WITH-AES-128-GCM-SHA256",
419 POLARSSL_CIPHER_AES_128_GCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_PSK,
420 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
421 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
422 0 },
423#endif /* POLARSSL_SHA2_C */
424
425#if defined(POLARSSL_SHA4_C)
426 { TLS_PSK_WITH_AES_256_GCM_SHA384, "TLS-PSK-WITH-AES-256-GCM-SHA384",
427 POLARSSL_CIPHER_AES_256_GCM, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_PSK,
428 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
429 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
430 0 },
431#endif /* POLARSSL_SHA4_C */
432#endif /* POLARSSL_GCM_C */
433
434#if defined(POLARSSL_SHA2_C)
435 { TLS_PSK_WITH_AES_128_CBC_SHA256, "TLS-PSK-WITH-AES-128-CBC-SHA256",
436 POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_PSK,
437 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
438 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
439 0 },
440#endif /* POLARSSL_SHA2_C */
441
442#if defined(POLARSSL_SHA4_C)
443 { TLS_PSK_WITH_AES_256_CBC_SHA384, "TLS-PSK-WITH-AES-256-CBC-SHA384",
444 POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_PSK,
445 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
446 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
447 0 },
448#endif /* POLARSSL_SHA4_C */
449
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]450 { TLS_PSK_WITH_AES_128_CBC_SHA, "TLS-PSK-WITH-AES-128-CBC-SHA",
451 POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_PSK,
452 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
453 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
454 0 },
455
456 { TLS_PSK_WITH_AES_256_CBC_SHA, "TLS-PSK-WITH-AES-256-CBC-SHA",
457 POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_PSK,
458 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
459 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
460 0 },
461#endif /* POLARSSL_AES_C */
462
463#if defined(POLARSSL_DES_C)
464 { TLS_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-PSK-WITH-3DES-EDE-CBC-SHA",
465 POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_PSK,
466 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
467 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
468 0 },
469#endif /* POLARSSL_DES_C */
470
471#if defined(POLARSSL_ARC4_C)
472 { TLS_PSK_WITH_RC4_128_SHA, "TLS-PSK-WITH-RC4-128-SHA",
473 POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_PSK,
474 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
475 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
476 0 },
477#endif /* POLARSSL_ARC4_C */
Paul Bakkere07f41d2013-04-19 09:08:57 +0200[diff] [blame]478#endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED */
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]479
Paul Bakkere07f41d2013-04-19 09:08:57 +0200[diff] [blame]480#if defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED)
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]481#if defined(POLARSSL_AES_C)
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame^]482#if defined(POLARSSL_GCM_C)
483#if defined(POLARSSL_SHA2_C)
484 { TLS_DHE_PSK_WITH_AES_128_GCM_SHA256, "TLS-DHE-PSK-WITH-AES-128-GCM-SHA256",
485 POLARSSL_CIPHER_AES_128_GCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_PSK,
486 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
487 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
488 0 },
489#endif /* POLARSSL_SHA2_C */
490
491#if defined(POLARSSL_SHA4_C)
492 { TLS_DHE_PSK_WITH_AES_256_GCM_SHA384, "TLS-DHE-PSK-WITH-AES-256-GCM-SHA384",
493 POLARSSL_CIPHER_AES_256_GCM, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_DHE_PSK,
494 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
495 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
496 0 },
497#endif /* POLARSSL_SHA4_C */
498#endif /* POLARSSL_GCM_C */
499
500#if defined(POLARSSL_SHA2_C)
501 { TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA256",
502 POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_PSK,
503 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
504 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
505 0 },
506#endif /* POLARSSL_SHA2_C */
507
508#if defined(POLARSSL_SHA4_C)
509 { TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA384",
510 POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_DHE_PSK,
511 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
512 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
513 0 },
514#endif /* POLARSSL_SHA4_C */
515
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]516 { TLS_DHE_PSK_WITH_AES_128_CBC_SHA, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA",
517 POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_PSK,
518 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
519 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
520 0 },
521
522 { TLS_DHE_PSK_WITH_AES_256_CBC_SHA, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA",
523 POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_PSK,
524 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
525 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
526 0 },
527#endif /* POLARSSL_AES_C */
528
529#if defined(POLARSSL_DES_C)
530 { TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA",
531 POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_PSK,
532 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
533 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
534 0 },
535#endif /* POLARSSL_DES_C */
536
537#if defined(POLARSSL_ARC4_C)
538 { TLS_DHE_PSK_WITH_RC4_128_SHA, "TLS-DHE-PSK-WITH-RC4-128-SHA",
539 POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_PSK,
540 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
541 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
542 0 },
543#endif /* POLARSSL_ARC4_C */
Paul Bakkere07f41d2013-04-19 09:08:57 +0200[diff] [blame]544#endif /* POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED */
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]545
Paul Bakkere07f41d2013-04-19 09:08:57 +0200[diff] [blame]546#if defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED)
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]547#if defined(POLARSSL_AES_C)
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame^]548#if defined(POLARSSL_GCM_C)
549#if defined(POLARSSL_SHA2_C)
550 { TLS_RSA_PSK_WITH_AES_128_GCM_SHA256, "TLS-RSA-PSK-WITH-AES-128-GCM-SHA256",
551 POLARSSL_CIPHER_AES_128_GCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA_PSK,
552 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
553 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
554 0 },
555#endif /* POLARSSL_SHA2_C */
556
557#if defined(POLARSSL_SHA4_C)
558 { TLS_RSA_PSK_WITH_AES_256_GCM_SHA384, "TLS-RSA-PSK-WITH-AES-256-GCM-SHA384",
559 POLARSSL_CIPHER_AES_256_GCM, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_RSA_PSK,
560 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
561 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
562 0 },
563#endif /* POLARSSL_SHA4_C */
564#endif /* POLARSSL_GCM_C */
565
566#if defined(POLARSSL_SHA2_C)
567 { TLS_RSA_PSK_WITH_AES_128_CBC_SHA256, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA256",
568 POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA_PSK,
569 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
570 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
571 0 },
572#endif /* POLARSSL_SHA2_C */
573
574#if defined(POLARSSL_SHA4_C)
575 { TLS_RSA_PSK_WITH_AES_256_CBC_SHA384, "TLS-RSA-PSK-WITH-AES-256-CBC-SHA384",
576 POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_RSA_PSK,
577 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
578 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
579 0 },
580#endif /* POLARSSL_SHA4_C */
581
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]582 { TLS_RSA_PSK_WITH_AES_128_CBC_SHA, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA",
583 POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA_PSK,
584 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
585 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
586 0 },
587
588 { TLS_RSA_PSK_WITH_AES_256_CBC_SHA, "TLS-RSA-PSK-WITH-AES-256-CBC-SHA",
589 POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA_PSK,
590 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
591 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
592 0 },
593#endif /* POLARSSL_AES_C */
594
595#if defined(POLARSSL_DES_C)
596 { TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA",
597 POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA_PSK,
598 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
599 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
600 0 },
601#endif /* POLARSSL_DES_C */
602
603#if defined(POLARSSL_ARC4_C)
604 { TLS_RSA_PSK_WITH_RC4_128_SHA, "TLS-RSA-PSK-WITH-RC4-128-SHA",
605 POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA_PSK,
606 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
607 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
608 0 },
609#endif /* POLARSSL_ARC4_C */
Paul Bakkere07f41d2013-04-19 09:08:57 +0200[diff] [blame]610#endif /* POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED */
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]611
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]612#if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES)
613#if defined(POLARSSL_CIPHER_NULL_CIPHER)
Paul Bakkera1bf92d2013-04-19 19:48:45 +0200[diff] [blame]614#if defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED)
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]615 { TLS_RSA_WITH_NULL_MD5, "TLS-RSA-WITH-NULL-MD5",
616 POLARSSL_CIPHER_NULL, POLARSSL_MD_MD5, POLARSSL_KEY_EXCHANGE_RSA,
617 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
618 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
619 POLARSSL_CIPHERSUITE_WEAK },
620
621 { TLS_RSA_WITH_NULL_SHA, "TLS-RSA-WITH-NULL-SHA",
622 POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
623 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
624 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
625 POLARSSL_CIPHERSUITE_WEAK },
626
627 { TLS_RSA_WITH_NULL_SHA256, "TLS-RSA-WITH-NULL-SHA256",
628 POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA,
629 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
630 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
631 POLARSSL_CIPHERSUITE_WEAK },
Paul Bakkere07f41d2013-04-19 09:08:57 +0200[diff] [blame]632#endif /* POLARSSL_KEY_EXCHANGE_RSA_ENABLED */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]633
Paul Bakkera1bf92d2013-04-19 19:48:45 +0200[diff] [blame]634#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
635 { TLS_PSK_WITH_NULL_SHA, "TLS-PSK-WITH-NULL-SHA",
636 POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_PSK,
637 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
638 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
639 POLARSSL_CIPHERSUITE_WEAK },
640#endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED */
641
642#if defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED)
643 { TLS_DHE_PSK_WITH_NULL_SHA, "TLS-DHE-PSK-WITH-NULL-SHA",
644 POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_PSK,
645 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
646 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
647 POLARSSL_CIPHERSUITE_WEAK },
648#endif /* POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED */
649
650#if defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED)
651 { TLS_RSA_PSK_WITH_NULL_SHA, "TLS-RSA-PSK-WITH-NULL-SHA",
652 POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA_PSK,
653 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
654 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
655 POLARSSL_CIPHERSUITE_WEAK },
656#endif /* POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED */
657#endif /* POLARSSL_CIPHER_NULL_CIPHER */
658
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]659#if defined(POLARSSL_DES_C)
Paul Bakkere07f41d2013-04-19 09:08:57 +0200[diff] [blame]660#if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED)
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]661 { TLS_DHE_RSA_WITH_DES_CBC_SHA, "TLS-DHE-RSA-WITH-DES-CBC-SHA",
662 POLARSSL_CIPHER_DES_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA,
663 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
664 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
665 POLARSSL_CIPHERSUITE_WEAK },
Paul Bakkere07f41d2013-04-19 09:08:57 +0200[diff] [blame]666#endif /* POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]667
668 { TLS_RSA_WITH_DES_CBC_SHA, "TLS-RSA-WITH-DES-CBC-SHA",
669 POLARSSL_CIPHER_DES_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
670 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
671 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
672 POLARSSL_CIPHERSUITE_WEAK },
673#endif /* POLARSSL_DES_C */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]674#endif /* POLARSSL_ENABLE_WEAK_CIPHERSUITES */
675
676 { 0, "", 0, 0, 0, 0, 0, 0, 0, 0 }
677};
678
679const int *ssl_list_ciphersuites( void )
680{
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]681 /*
682 * On initial call filter out all ciphersuites not supported by current
683 * build based on presence in the ciphersuite_definitions.
684 */
685 if( supported_init == 0 )
686 {
687 const int *p = ciphersuite_preference;
688 int *q = supported_ciphersuites;
689
690 memset( supported_ciphersuites, 0x00, sizeof(supported_ciphersuites) );
691
692 while( *p != 0 )
693 {
694 if( ssl_ciphersuite_from_id( *p ) != NULL )
695 *(q++) = *p;
696
697 p++;
698 }
699 supported_init = 1;
700 }
701
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]702 return supported_ciphersuites;
703};
704
705const ssl_ciphersuite_t *ssl_ciphersuite_from_string( const char *ciphersuite_name )
706{
707 const ssl_ciphersuite_t *cur = ciphersuite_definitions;
708
709 if( NULL == ciphersuite_name )
710 return( NULL );
711
712 while( cur->id != 0 )
713 {
714 if( 0 == strcasecmp( cur->name, ciphersuite_name ) )
715 return( cur );
716
717 cur++;
718 }
719
720 return( NULL );
721}
722
723const ssl_ciphersuite_t *ssl_ciphersuite_from_id( int ciphersuite )
724{
725 const ssl_ciphersuite_t *cur = ciphersuite_definitions;
726
727 while( cur->id != 0 )
728 {
729 if( cur->id == ciphersuite )
730 return( cur );
731
732 cur++;
733 }
734
735 return( NULL );
736}
737
738const char *ssl_get_ciphersuite_name( const int ciphersuite_id )
739{
740 const ssl_ciphersuite_t *cur;
741
742 cur = ssl_ciphersuite_from_id( ciphersuite_id );
743
744 if( cur == NULL )
745 return( "unknown" );
746
747 return( cur->name );
748}
749
750int ssl_get_ciphersuite_id( const char *ciphersuite_name )
751{
752 const ssl_ciphersuite_t *cur;
753
754 cur = ssl_ciphersuite_from_string( ciphersuite_name );
755
756 if( cur == NULL )
757 return( 0 );
758
759 return( cur->id );
760}
761
762#endif