TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 41c83d3f6733b6044a232c8afa30cc1221ec95f6 / . / library / ssl_ciphersuites.c
blob: b9b041a61cf9bf1fd726ebd909c4e49dcc208aff [file] [log] [blame]
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1/**
2 * \file ssl_ciphersuites.c
3 *
4 * \brief SSL ciphersuites for PolarSSL
5 *
6 * Copyright (C) 2006-2013, Brainspark B.V.
7 *
8 * This file is part of PolarSSL (http://www.polarssl.org)
9 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
10 *
11 * All rights reserved.
12 *
13 * This program is free software; you can redistribute it and/or modify
14 * it under the terms of the GNU General Public License as published by
15 * the Free Software Foundation; either version 2 of the License, or
16 * (at your option) any later version.
17 *
18 * This program is distributed in the hope that it will be useful,
19 * but WITHOUT ANY WARRANTY; without even the implied warranty of
20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 * GNU General Public License for more details.
22 *
23 * You should have received a copy of the GNU General Public License along
24 * with this program; if not, write to the Free Software Foundation, Inc.,
25 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
26 */
27
28#include "polarssl/config.h"
29
30#if defined(POLARSSL_SSL_TLS_C)
31
32#include "polarssl/ssl_ciphersuites.h"
33#include "polarssl/ssl.h"
34
35#include <stdlib.h>
36
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame^]37/*
38 * Ordered from most preferred to least preferred in terms of security.
39 */
40static const int ciphersuite_preference[] =
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]41{
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]42 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]43 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame^]44 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]45 TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]46 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]47 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame^]48 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
49 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
50 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
51 TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]52 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]53 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame^]54 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]55 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame^]56 TLS_ECDHE_RSA_WITH_RC4_128_SHA,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]57 TLS_RSA_WITH_AES_256_CBC_SHA256,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]58 TLS_RSA_WITH_AES_256_GCM_SHA384,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]59 TLS_RSA_WITH_AES_256_CBC_SHA,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]60 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]61 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]62 TLS_RSA_WITH_AES_128_CBC_SHA256,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]63 TLS_RSA_WITH_AES_128_GCM_SHA256,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]64 TLS_RSA_WITH_AES_128_CBC_SHA,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]65 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]66 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]67 TLS_RSA_WITH_3DES_EDE_CBC_SHA,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]68 TLS_RSA_WITH_RC4_128_SHA,
69 TLS_RSA_WITH_RC4_128_MD5,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]70 TLS_DHE_RSA_WITH_DES_CBC_SHA,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]71 TLS_RSA_WITH_DES_CBC_SHA,
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame^]72 TLS_ECDHE_RSA_WITH_NULL_SHA,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]73 TLS_RSA_WITH_NULL_SHA256,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]74 TLS_RSA_WITH_NULL_SHA,
75 TLS_RSA_WITH_NULL_MD5,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]76 0
77};
78
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame^]79#define MAX_CIPHERSUITES 60
80static int supported_ciphersuites[MAX_CIPHERSUITES];
81static int supported_init = 0;
82
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]83static const ssl_ciphersuite_t ciphersuite_definitions[] =
84{
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame^]85#if defined(POLARSSL_ECDH_C)
86#if defined(POLARSSL_AES_C)
87 { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA",
88 POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
89 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
90 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
91 POLARSSL_CIPHERSUITE_EC },
92 { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA",
93 POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
94 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
95 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
96 POLARSSL_CIPHERSUITE_EC },
97#endif
98#if defined(POLARSSL_DES_C)
99 { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA",
100 POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
101 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
102 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
103 POLARSSL_CIPHERSUITE_EC },
104#endif /* POLARSSL_DES_C */
105#if defined(POLARSSL_ARC4_C)
106 { TLS_ECDHE_RSA_WITH_RC4_128_SHA, "TLS-ECDHE-RSA-WITH-RC4-128-SHA",
107 POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
108 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
109 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
110 POLARSSL_CIPHERSUITE_EC },
111#endif
112#if defined(POLARSSL_CIPHER_NULL_CIPHER)
113 { TLS_ECDHE_RSA_WITH_NULL_SHA, "TLS-ECDHE-RSA-WITH-NULL-SHA",
114 POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
115 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
116 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
117 POLARSSL_CIPHERSUITE_EC | POLARSSL_CIPHERSUITE_WEAK },
118#endif
119#endif
120
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]121#if defined(POLARSSL_ARC4_C)
122 { TLS_RSA_WITH_RC4_128_MD5, "TLS-RSA-WITH-RC4-128-MD5",
123 POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_MD5, POLARSSL_KEY_EXCHANGE_RSA,
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame^]124 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]125 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
126 0 },
127
128 { TLS_RSA_WITH_RC4_128_SHA, "TLS-RSA-WITH-RC4-128-SHA",
129 POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame^]130 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]131 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
132 0 },
133#endif /* POLARSSL_ARC4_C */
134
135#if defined(POLARSSL_DHM_C)
136#if defined(POLARSSL_AES_C)
137#if defined(POLARSSL_SHA4_C) && defined(POLARSSL_GCM_C)
138 { TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384",
139 POLARSSL_CIPHER_AES_256_GCM, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_DHE_RSA,
140 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
141 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
142 0 },
143#endif /* POLARSSL_SHA4_C && POLARSSL_GCM_C */
144
145#if defined(POLARSSL_SHA2_C)
146#if defined(POLARSSL_GCM_C)
147 { TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256",
148 POLARSSL_CIPHER_AES_128_GCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_RSA,
149 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
150 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
151 0 },
152#endif /* POLARSSL_GCM_C */
153
154 { TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256",
155 POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_RSA,
156 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
157 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
158 0 },
159
160 { TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256",
161 POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_RSA,
162 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
163 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
164 0 },
165#endif /* POLARSSL_SHA2_C */
166
167 { TLS_DHE_RSA_WITH_AES_128_CBC_SHA, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA",
168 POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA,
169 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
170 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
171 0 },
172
173 { TLS_DHE_RSA_WITH_AES_256_CBC_SHA, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA",
174 POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA,
175 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
176 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
177 0 },
178#endif /* POLARSSL_AES_C */
179
180#if defined(POLARSSL_CAMELLIA_C)
181#if defined(POLARSSL_SHA2_C)
182 { TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
183 POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_RSA,
184 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
185 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
186 0 },
187
188 { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256",
189 POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_RSA,
190 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
191 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
192 0 },
193#endif /* POLARSSL_SHA2_C */
194
195 { TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA",
196 POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA,
197 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
198 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
199 0 },
200
201 { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA",
202 POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA,
203 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
204 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
205 0 },
206#endif /* POLARSSL_CAMELLIA_C */
207
208#if defined(POLARSSL_DES_C)
209 { TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA",
210 POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA,
211 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
212 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
213 0 },
214#endif /* POLARSSL_DES_C */
215#endif /* POLARSSL_DHM_C */
216
217#if defined(POLARSSL_AES_C)
218#if defined(POLARSSL_SHA4_C) && defined(POLARSSL_GCM_C)
219 { TLS_RSA_WITH_AES_256_GCM_SHA384, "TLS-RSA-WITH-AES-256-GCM-SHA384",
220 POLARSSL_CIPHER_AES_256_GCM, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_RSA,
221 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
222 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
223 0 },
224#endif /* POLARSSL_SHA4_C && POLARSSL_GCM_C */
225
226#if defined(POLARSSL_SHA2_C)
227#if defined(POLARSSL_GCM_C)
228 { TLS_RSA_WITH_AES_128_GCM_SHA256, "TLS-RSA-WITH-AES-128-GCM-SHA256",
229 POLARSSL_CIPHER_AES_128_GCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA,
230 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
231 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
232 0 },
233#endif /* POLARSSL_GCM_C */
234
235 { TLS_RSA_WITH_AES_128_CBC_SHA256, "TLS-RSA-WITH-AES-128-CBC-SHA256",
236 POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA,
237 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
238 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
239 0 },
240
241 { TLS_RSA_WITH_AES_256_CBC_SHA256, "TLS-RSA-WITH-AES-256-CBC-SHA256",
242 POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA,
243 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
244 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
245 0 },
246#endif /* POLARSSL_SHA2_C */
247
248 { TLS_RSA_WITH_AES_128_CBC_SHA, "TLS-RSA-WITH-AES-128-CBC-SHA",
249 POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
250 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
251 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
252 0 },
253
254 { TLS_RSA_WITH_AES_256_CBC_SHA, "TLS-RSA-WITH-AES-256-CBC-SHA",
255 POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
256 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
257 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
258 0 },
259#endif /* POLARSSL_AES_C */
260
261#if defined(POLARSSL_CAMELLIA_C)
262#if defined(POLARSSL_SHA2_C)
263 { TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256",
264 POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA,
265 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
266 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
267 0 },
268
269 { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256",
270 POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA,
271 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
272 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
273 0 },
274#endif /* POLARSSL_SHA2_C */
275
276 { TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA",
277 POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
278 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
279 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
280 0 },
281
282 { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA",
283 POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
284 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
285 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
286 0 },
287#endif /* POLARSSL_CAMELLIA_C */
288
289#if defined(POLARSSL_DES_C)
290 { TLS_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-RSA-WITH-3DES-EDE-CBC-SHA",
291 POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
292 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
293 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
294 0 },
295#endif /* POLARSSL_DES_C */
296
297#if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES)
298#if defined(POLARSSL_CIPHER_NULL_CIPHER)
299 { TLS_RSA_WITH_NULL_MD5, "TLS-RSA-WITH-NULL-MD5",
300 POLARSSL_CIPHER_NULL, POLARSSL_MD_MD5, POLARSSL_KEY_EXCHANGE_RSA,
301 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
302 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
303 POLARSSL_CIPHERSUITE_WEAK },
304
305 { TLS_RSA_WITH_NULL_SHA, "TLS-RSA-WITH-NULL-SHA",
306 POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
307 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
308 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
309 POLARSSL_CIPHERSUITE_WEAK },
310
311 { TLS_RSA_WITH_NULL_SHA256, "TLS-RSA-WITH-NULL-SHA256",
312 POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA,
313 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
314 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
315 POLARSSL_CIPHERSUITE_WEAK },
316#endif /* POLARSSL_CIPHER_NULL_CIPHER */
317
318#if defined(POLARSSL_DES_C)
319#if defined(POLARSSL_DHM_C)
320 { TLS_DHE_RSA_WITH_DES_CBC_SHA, "TLS-DHE-RSA-WITH-DES-CBC-SHA",
321 POLARSSL_CIPHER_DES_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA,
322 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
323 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
324 POLARSSL_CIPHERSUITE_WEAK },
325#endif /* POLARSSL_DHM_C */
326
327 { TLS_RSA_WITH_DES_CBC_SHA, "TLS-RSA-WITH-DES-CBC-SHA",
328 POLARSSL_CIPHER_DES_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
329 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
330 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
331 POLARSSL_CIPHERSUITE_WEAK },
332#endif /* POLARSSL_DES_C */
333
334#endif /* POLARSSL_ENABLE_WEAK_CIPHERSUITES */
335
336 { 0, "", 0, 0, 0, 0, 0, 0, 0, 0 }
337};
338
339const int *ssl_list_ciphersuites( void )
340{
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame^]341 /*
342 * On initial call filter out all ciphersuites not supported by current
343 * build based on presence in the ciphersuite_definitions.
344 */
345 if( supported_init == 0 )
346 {
347 const int *p = ciphersuite_preference;
348 int *q = supported_ciphersuites;
349
350 memset( supported_ciphersuites, 0x00, sizeof(supported_ciphersuites) );
351
352 while( *p != 0 )
353 {
354 if( ssl_ciphersuite_from_id( *p ) != NULL )
355 *(q++) = *p;
356
357 p++;
358 }
359 supported_init = 1;
360 }
361
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]362 return supported_ciphersuites;
363};
364
365const ssl_ciphersuite_t *ssl_ciphersuite_from_string( const char *ciphersuite_name )
366{
367 const ssl_ciphersuite_t *cur = ciphersuite_definitions;
368
369 if( NULL == ciphersuite_name )
370 return( NULL );
371
372 while( cur->id != 0 )
373 {
374 if( 0 == strcasecmp( cur->name, ciphersuite_name ) )
375 return( cur );
376
377 cur++;
378 }
379
380 return( NULL );
381}
382
383const ssl_ciphersuite_t *ssl_ciphersuite_from_id( int ciphersuite )
384{
385 const ssl_ciphersuite_t *cur = ciphersuite_definitions;
386
387 while( cur->id != 0 )
388 {
389 if( cur->id == ciphersuite )
390 return( cur );
391
392 cur++;
393 }
394
395 return( NULL );
396}
397
398const char *ssl_get_ciphersuite_name( const int ciphersuite_id )
399{
400 const ssl_ciphersuite_t *cur;
401
402 cur = ssl_ciphersuite_from_id( ciphersuite_id );
403
404 if( cur == NULL )
405 return( "unknown" );
406
407 return( cur->name );
408}
409
410int ssl_get_ciphersuite_id( const char *ciphersuite_name )
411{
412 const ssl_ciphersuite_t *cur;
413
414 cur = ssl_ciphersuite_from_string( ciphersuite_name );
415
416 if( cur == NULL )
417 return( 0 );
418
419 return( cur->id );
420}
421
422#endif