TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / a1bf92ddb45d89f85b0e01b0159dd16c2bdf5169 / . / library / ssl_ciphersuites.c
blob: 6f5bfff0b1eb2e5302cb7b37ee4d30fedc6fbe66 [file] [log] [blame]
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1/**
2 * \file ssl_ciphersuites.c
3 *
4 * \brief SSL ciphersuites for PolarSSL
5 *
6 * Copyright (C) 2006-2013, Brainspark B.V.
7 *
8 * This file is part of PolarSSL (http://www.polarssl.org)
9 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
10 *
11 * All rights reserved.
12 *
13 * This program is free software; you can redistribute it and/or modify
14 * it under the terms of the GNU General Public License as published by
15 * the Free Software Foundation; either version 2 of the License, or
16 * (at your option) any later version.
17 *
18 * This program is distributed in the hope that it will be useful,
19 * but WITHOUT ANY WARRANTY; without even the implied warranty of
20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 * GNU General Public License for more details.
22 *
23 * You should have received a copy of the GNU General Public License along
24 * with this program; if not, write to the Free Software Foundation, Inc.,
25 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
26 */
27
28#include "polarssl/config.h"
29
30#if defined(POLARSSL_SSL_TLS_C)
31
32#include "polarssl/ssl_ciphersuites.h"
33#include "polarssl/ssl.h"
34
35#include <stdlib.h>
36
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]37/*
38 * Ordered from most preferred to least preferred in terms of security.
39 */
40static const int ciphersuite_preference[] =
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]41{
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]42 /* All AES-256 ephemeral suites */
Paul Bakkera54e4932013-03-20 15:31:54 +0100[diff] [blame]43 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]44 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
Paul Bakkera54e4932013-03-20 15:31:54 +0100[diff] [blame]45 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]46 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]47 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]48 TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]49
50 /* All CAMELLIA-256 ephemeral suites */
51 TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]52 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]53 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]54
55 /* All AES-128 ephemeral suites */
Paul Bakkera54e4932013-03-20 15:31:54 +0100[diff] [blame]56 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]57 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
Paul Bakkera54e4932013-03-20 15:31:54 +0100[diff] [blame]58 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]59 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
60 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
61 TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]62
63 /* All CAMELLIA-128 ephemeral suites */
64 TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]65 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]66 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]67
68 /* All remaining > 128-bit ephemeral suites */
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]69 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]70 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]71 TLS_ECDHE_RSA_WITH_RC4_128_SHA,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]72
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]73 /* The PSK ephemeral suites */
74 TLS_DHE_PSK_WITH_AES_256_CBC_SHA,
75 TLS_DHE_PSK_WITH_AES_128_CBC_SHA,
76 TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
77 TLS_DHE_PSK_WITH_RC4_128_SHA,
78
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]79 /* All AES-256 suites */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]80 TLS_RSA_WITH_AES_256_CBC_SHA256,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]81 TLS_RSA_WITH_AES_256_GCM_SHA384,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]82 TLS_RSA_WITH_AES_256_CBC_SHA,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]83
84 /* All CAMELLIA-256 suites */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]85 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]86 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]87
88 /* All AES-128 suites */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]89 TLS_RSA_WITH_AES_128_CBC_SHA256,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]90 TLS_RSA_WITH_AES_128_GCM_SHA256,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]91 TLS_RSA_WITH_AES_128_CBC_SHA,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]92
93 /* All CAMELLIA-128 suites */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]94 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]95 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]96
97 /* All remaining > 128-bit suites */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]98 TLS_RSA_WITH_3DES_EDE_CBC_SHA,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]99 TLS_RSA_WITH_RC4_128_SHA,
100 TLS_RSA_WITH_RC4_128_MD5,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]101
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]102 /* The RSA PSK suites */
103 TLS_RSA_PSK_WITH_AES_256_CBC_SHA,
104 TLS_RSA_PSK_WITH_AES_128_CBC_SHA,
105 TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
106 TLS_RSA_PSK_WITH_RC4_128_SHA,
107
108 /* The PSK suites */
109 TLS_PSK_WITH_AES_256_CBC_SHA,
110 TLS_PSK_WITH_AES_128_CBC_SHA,
111 TLS_PSK_WITH_3DES_EDE_CBC_SHA,
112 TLS_PSK_WITH_RC4_128_SHA,
113
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]114 /* Weak or NULL suites */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]115 TLS_DHE_RSA_WITH_DES_CBC_SHA,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]116 TLS_RSA_WITH_DES_CBC_SHA,
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]117 TLS_ECDHE_RSA_WITH_NULL_SHA,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]118 TLS_RSA_WITH_NULL_SHA256,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]119 TLS_RSA_WITH_NULL_SHA,
120 TLS_RSA_WITH_NULL_MD5,
Paul Bakkera1bf92d2013-04-19 19:48:45 +0200[diff] [blame^]121 TLS_PSK_WITH_NULL_SHA,
122 TLS_DHE_PSK_WITH_NULL_SHA,
123 TLS_RSA_PSK_WITH_NULL_SHA,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]124
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]125 0
126};
127
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]128#define MAX_CIPHERSUITES 60
129static int supported_ciphersuites[MAX_CIPHERSUITES];
130static int supported_init = 0;
131
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]132static const ssl_ciphersuite_t ciphersuite_definitions[] =
133{
Paul Bakkere07f41d2013-04-19 09:08:57 +0200[diff] [blame]134#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]135#if defined(POLARSSL_AES_C)
136 { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA",
137 POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
138 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
139 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
140 POLARSSL_CIPHERSUITE_EC },
141 { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA",
142 POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
143 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
144 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
145 POLARSSL_CIPHERSUITE_EC },
Paul Bakkera54e4932013-03-20 15:31:54 +0100[diff] [blame]146#if defined(POLARSSL_SHA2_C)
147 { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256",
148 POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
149 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
150 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
151 POLARSSL_CIPHERSUITE_EC },
152#if defined(POLARSSL_GCM_C)
153 { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256",
154 POLARSSL_CIPHER_AES_128_GCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
155 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
156 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
157 POLARSSL_CIPHERSUITE_EC },
158#endif /* POLARSSL_GCM_C */
159#endif /* POLARSSL_SHA2_C */
160#if defined(POLARSSL_SHA4_C)
161 { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384",
162 POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
163 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
164 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
165 POLARSSL_CIPHERSUITE_EC },
166#if defined(POLARSSL_GCM_C)
167 { TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384",
168 POLARSSL_CIPHER_AES_256_GCM, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
169 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
170 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
171 POLARSSL_CIPHERSUITE_EC },
172#endif /* POLARSSL_GCM_C */
173#endif /* POLARSSL_SHA4_C */
174#endif /* POLARSSL_AES_C */
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]175
176#if defined(POLARSSL_CAMELLIA_C)
177#if defined(POLARSSL_SHA2_C)
178 { TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
179 POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
180 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
181 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
182 POLARSSL_CIPHERSUITE_EC },
183#endif /* POLARSSL_SHA2_C */
184#if defined(POLARSSL_SHA4_C)
185 { TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384",
186 POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
187 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
188 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
189 POLARSSL_CIPHERSUITE_EC },
190#endif /* POLARSSL_SHA4_C */
191#endif /* POLARSSL_CAMELLIA_C */
192
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]193#if defined(POLARSSL_DES_C)
194 { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA",
195 POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
196 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
197 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
198 POLARSSL_CIPHERSUITE_EC },
199#endif /* POLARSSL_DES_C */
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]200
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]201#if defined(POLARSSL_ARC4_C)
202 { TLS_ECDHE_RSA_WITH_RC4_128_SHA, "TLS-ECDHE-RSA-WITH-RC4-128-SHA",
203 POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
204 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
205 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
206 POLARSSL_CIPHERSUITE_EC },
Paul Bakkered27a042013-04-18 22:46:23 +0200[diff] [blame]207#endif /* POLARSSL_ARC4_C */
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]208
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]209#if defined(POLARSSL_CIPHER_NULL_CIPHER)
210 { TLS_ECDHE_RSA_WITH_NULL_SHA, "TLS-ECDHE-RSA-WITH-NULL-SHA",
211 POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
212 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
213 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
214 POLARSSL_CIPHERSUITE_EC | POLARSSL_CIPHERSUITE_WEAK },
Paul Bakkered27a042013-04-18 22:46:23 +0200[diff] [blame]215#endif /* POLARSSL_CIPHER_NULL_CIPHER */
Paul Bakkere07f41d2013-04-19 09:08:57 +0200[diff] [blame]216#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]217
Paul Bakkere07f41d2013-04-19 09:08:57 +0200[diff] [blame]218#if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED)
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]219#if defined(POLARSSL_AES_C)
220#if defined(POLARSSL_SHA4_C) && defined(POLARSSL_GCM_C)
221 { TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384",
222 POLARSSL_CIPHER_AES_256_GCM, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_DHE_RSA,
223 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
224 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
225 0 },
226#endif /* POLARSSL_SHA4_C && POLARSSL_GCM_C */
227
228#if defined(POLARSSL_SHA2_C)
229#if defined(POLARSSL_GCM_C)
230 { TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256",
231 POLARSSL_CIPHER_AES_128_GCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_RSA,
232 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
233 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
234 0 },
235#endif /* POLARSSL_GCM_C */
236
237 { TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256",
238 POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_RSA,
239 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
240 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
241 0 },
242
243 { TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256",
244 POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_RSA,
245 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
246 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
247 0 },
248#endif /* POLARSSL_SHA2_C */
249
250 { TLS_DHE_RSA_WITH_AES_128_CBC_SHA, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA",
251 POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA,
252 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
253 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
254 0 },
255
256 { TLS_DHE_RSA_WITH_AES_256_CBC_SHA, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA",
257 POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA,
258 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
259 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
260 0 },
261#endif /* POLARSSL_AES_C */
262
263#if defined(POLARSSL_CAMELLIA_C)
264#if defined(POLARSSL_SHA2_C)
265 { TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
266 POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_RSA,
267 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
268 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
269 0 },
270
271 { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256",
272 POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_RSA,
273 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
274 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
275 0 },
276#endif /* POLARSSL_SHA2_C */
277
278 { TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA",
279 POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA,
280 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
281 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
282 0 },
283
284 { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA",
285 POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA,
286 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
287 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
288 0 },
289#endif /* POLARSSL_CAMELLIA_C */
290
291#if defined(POLARSSL_DES_C)
292 { TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA",
293 POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA,
294 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
295 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
296 0 },
297#endif /* POLARSSL_DES_C */
Paul Bakkere07f41d2013-04-19 09:08:57 +0200[diff] [blame]298#endif /* POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]299
Paul Bakkere07f41d2013-04-19 09:08:57 +0200[diff] [blame]300#if defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED)
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]301#if defined(POLARSSL_AES_C)
302#if defined(POLARSSL_SHA4_C) && defined(POLARSSL_GCM_C)
303 { TLS_RSA_WITH_AES_256_GCM_SHA384, "TLS-RSA-WITH-AES-256-GCM-SHA384",
304 POLARSSL_CIPHER_AES_256_GCM, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_RSA,
305 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
306 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
307 0 },
308#endif /* POLARSSL_SHA4_C && POLARSSL_GCM_C */
309
310#if defined(POLARSSL_SHA2_C)
311#if defined(POLARSSL_GCM_C)
312 { TLS_RSA_WITH_AES_128_GCM_SHA256, "TLS-RSA-WITH-AES-128-GCM-SHA256",
313 POLARSSL_CIPHER_AES_128_GCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA,
314 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
315 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
316 0 },
317#endif /* POLARSSL_GCM_C */
318
319 { TLS_RSA_WITH_AES_128_CBC_SHA256, "TLS-RSA-WITH-AES-128-CBC-SHA256",
320 POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA,
321 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
322 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
323 0 },
324
325 { TLS_RSA_WITH_AES_256_CBC_SHA256, "TLS-RSA-WITH-AES-256-CBC-SHA256",
326 POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA,
327 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
328 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
329 0 },
330#endif /* POLARSSL_SHA2_C */
331
332 { TLS_RSA_WITH_AES_128_CBC_SHA, "TLS-RSA-WITH-AES-128-CBC-SHA",
333 POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
334 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
335 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
336 0 },
337
338 { TLS_RSA_WITH_AES_256_CBC_SHA, "TLS-RSA-WITH-AES-256-CBC-SHA",
339 POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
340 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
341 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
342 0 },
343#endif /* POLARSSL_AES_C */
344
345#if defined(POLARSSL_CAMELLIA_C)
346#if defined(POLARSSL_SHA2_C)
347 { TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256",
348 POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA,
349 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
350 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
351 0 },
352
353 { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256",
354 POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA,
355 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
356 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
357 0 },
358#endif /* POLARSSL_SHA2_C */
359
360 { TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA",
361 POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
362 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
363 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
364 0 },
365
366 { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA",
367 POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
368 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
369 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
370 0 },
371#endif /* POLARSSL_CAMELLIA_C */
372
373#if defined(POLARSSL_DES_C)
374 { TLS_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-RSA-WITH-3DES-EDE-CBC-SHA",
375 POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
376 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
377 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
378 0 },
379#endif /* POLARSSL_DES_C */
Paul Bakkere07f41d2013-04-19 09:08:57 +0200[diff] [blame]380
381#if defined(POLARSSL_ARC4_C)
382 { TLS_RSA_WITH_RC4_128_MD5, "TLS-RSA-WITH-RC4-128-MD5",
383 POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_MD5, POLARSSL_KEY_EXCHANGE_RSA,
384 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
385 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
386 0 },
387
388 { TLS_RSA_WITH_RC4_128_SHA, "TLS-RSA-WITH-RC4-128-SHA",
389 POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
390 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
391 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
392 0 },
393#endif /* POLARSSL_ARC4_C */
394#endif /* POLARSSL_KEY_EXCHANGE_RSA_ENABLED */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]395
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]396#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
397#if defined(POLARSSL_AES_C)
398 { TLS_PSK_WITH_AES_128_CBC_SHA, "TLS-PSK-WITH-AES-128-CBC-SHA",
399 POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_PSK,
400 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
401 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
402 0 },
403
404 { TLS_PSK_WITH_AES_256_CBC_SHA, "TLS-PSK-WITH-AES-256-CBC-SHA",
405 POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_PSK,
406 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
407 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
408 0 },
409#endif /* POLARSSL_AES_C */
410
411#if defined(POLARSSL_DES_C)
412 { TLS_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-PSK-WITH-3DES-EDE-CBC-SHA",
413 POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_PSK,
414 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
415 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
416 0 },
417#endif /* POLARSSL_DES_C */
418
419#if defined(POLARSSL_ARC4_C)
420 { TLS_PSK_WITH_RC4_128_SHA, "TLS-PSK-WITH-RC4-128-SHA",
421 POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_PSK,
422 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
423 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
424 0 },
425#endif /* POLARSSL_ARC4_C */
Paul Bakkere07f41d2013-04-19 09:08:57 +0200[diff] [blame]426#endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED */
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]427
Paul Bakkere07f41d2013-04-19 09:08:57 +0200[diff] [blame]428#if defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED)
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]429#if defined(POLARSSL_AES_C)
430 { TLS_DHE_PSK_WITH_AES_128_CBC_SHA, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA",
431 POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_PSK,
432 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
433 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
434 0 },
435
436 { TLS_DHE_PSK_WITH_AES_256_CBC_SHA, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA",
437 POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_PSK,
438 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
439 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
440 0 },
441#endif /* POLARSSL_AES_C */
442
443#if defined(POLARSSL_DES_C)
444 { TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA",
445 POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_PSK,
446 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
447 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
448 0 },
449#endif /* POLARSSL_DES_C */
450
451#if defined(POLARSSL_ARC4_C)
452 { TLS_DHE_PSK_WITH_RC4_128_SHA, "TLS-DHE-PSK-WITH-RC4-128-SHA",
453 POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_PSK,
454 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
455 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
456 0 },
457#endif /* POLARSSL_ARC4_C */
Paul Bakkere07f41d2013-04-19 09:08:57 +0200[diff] [blame]458#endif /* POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED */
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]459
Paul Bakkere07f41d2013-04-19 09:08:57 +0200[diff] [blame]460#if defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED)
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]461#if defined(POLARSSL_AES_C)
462 { TLS_RSA_PSK_WITH_AES_128_CBC_SHA, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA",
463 POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA_PSK,
464 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
465 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
466 0 },
467
468 { TLS_RSA_PSK_WITH_AES_256_CBC_SHA, "TLS-RSA-PSK-WITH-AES-256-CBC-SHA",
469 POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA_PSK,
470 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
471 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
472 0 },
473#endif /* POLARSSL_AES_C */
474
475#if defined(POLARSSL_DES_C)
476 { TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA",
477 POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA_PSK,
478 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
479 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
480 0 },
481#endif /* POLARSSL_DES_C */
482
483#if defined(POLARSSL_ARC4_C)
484 { TLS_RSA_PSK_WITH_RC4_128_SHA, "TLS-RSA-PSK-WITH-RC4-128-SHA",
485 POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA_PSK,
486 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
487 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
488 0 },
489#endif /* POLARSSL_ARC4_C */
Paul Bakkere07f41d2013-04-19 09:08:57 +0200[diff] [blame]490#endif /* POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED */
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]491
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]492#if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES)
493#if defined(POLARSSL_CIPHER_NULL_CIPHER)
Paul Bakkera1bf92d2013-04-19 19:48:45 +0200[diff] [blame^]494#if defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED)
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]495 { TLS_RSA_WITH_NULL_MD5, "TLS-RSA-WITH-NULL-MD5",
496 POLARSSL_CIPHER_NULL, POLARSSL_MD_MD5, POLARSSL_KEY_EXCHANGE_RSA,
497 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
498 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
499 POLARSSL_CIPHERSUITE_WEAK },
500
501 { TLS_RSA_WITH_NULL_SHA, "TLS-RSA-WITH-NULL-SHA",
502 POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
503 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
504 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
505 POLARSSL_CIPHERSUITE_WEAK },
506
507 { TLS_RSA_WITH_NULL_SHA256, "TLS-RSA-WITH-NULL-SHA256",
508 POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA,
509 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
510 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
511 POLARSSL_CIPHERSUITE_WEAK },
Paul Bakkere07f41d2013-04-19 09:08:57 +0200[diff] [blame]512#endif /* POLARSSL_KEY_EXCHANGE_RSA_ENABLED */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]513
Paul Bakkera1bf92d2013-04-19 19:48:45 +0200[diff] [blame^]514#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
515 { TLS_PSK_WITH_NULL_SHA, "TLS-PSK-WITH-NULL-SHA",
516 POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_PSK,
517 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
518 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
519 POLARSSL_CIPHERSUITE_WEAK },
520#endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED */
521
522#if defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED)
523 { TLS_DHE_PSK_WITH_NULL_SHA, "TLS-DHE-PSK-WITH-NULL-SHA",
524 POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_PSK,
525 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
526 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
527 POLARSSL_CIPHERSUITE_WEAK },
528#endif /* POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED */
529
530#if defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED)
531 { TLS_RSA_PSK_WITH_NULL_SHA, "TLS-RSA-PSK-WITH-NULL-SHA",
532 POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA_PSK,
533 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
534 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
535 POLARSSL_CIPHERSUITE_WEAK },
536#endif /* POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED */
537#endif /* POLARSSL_CIPHER_NULL_CIPHER */
538
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]539#if defined(POLARSSL_DES_C)
Paul Bakkere07f41d2013-04-19 09:08:57 +0200[diff] [blame]540#if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED)
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]541 { TLS_DHE_RSA_WITH_DES_CBC_SHA, "TLS-DHE-RSA-WITH-DES-CBC-SHA",
542 POLARSSL_CIPHER_DES_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA,
543 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
544 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
545 POLARSSL_CIPHERSUITE_WEAK },
Paul Bakkere07f41d2013-04-19 09:08:57 +0200[diff] [blame]546#endif /* POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]547
548 { TLS_RSA_WITH_DES_CBC_SHA, "TLS-RSA-WITH-DES-CBC-SHA",
549 POLARSSL_CIPHER_DES_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
550 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
551 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
552 POLARSSL_CIPHERSUITE_WEAK },
553#endif /* POLARSSL_DES_C */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]554#endif /* POLARSSL_ENABLE_WEAK_CIPHERSUITES */
555
556 { 0, "", 0, 0, 0, 0, 0, 0, 0, 0 }
557};
558
559const int *ssl_list_ciphersuites( void )
560{
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]561 /*
562 * On initial call filter out all ciphersuites not supported by current
563 * build based on presence in the ciphersuite_definitions.
564 */
565 if( supported_init == 0 )
566 {
567 const int *p = ciphersuite_preference;
568 int *q = supported_ciphersuites;
569
570 memset( supported_ciphersuites, 0x00, sizeof(supported_ciphersuites) );
571
572 while( *p != 0 )
573 {
574 if( ssl_ciphersuite_from_id( *p ) != NULL )
575 *(q++) = *p;
576
577 p++;
578 }
579 supported_init = 1;
580 }
581
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]582 return supported_ciphersuites;
583};
584
585const ssl_ciphersuite_t *ssl_ciphersuite_from_string( const char *ciphersuite_name )
586{
587 const ssl_ciphersuite_t *cur = ciphersuite_definitions;
588
589 if( NULL == ciphersuite_name )
590 return( NULL );
591
592 while( cur->id != 0 )
593 {
594 if( 0 == strcasecmp( cur->name, ciphersuite_name ) )
595 return( cur );
596
597 cur++;
598 }
599
600 return( NULL );
601}
602
603const ssl_ciphersuite_t *ssl_ciphersuite_from_id( int ciphersuite )
604{
605 const ssl_ciphersuite_t *cur = ciphersuite_definitions;
606
607 while( cur->id != 0 )
608 {
609 if( cur->id == ciphersuite )
610 return( cur );
611
612 cur++;
613 }
614
615 return( NULL );
616}
617
618const char *ssl_get_ciphersuite_name( const int ciphersuite_id )
619{
620 const ssl_ciphersuite_t *cur;
621
622 cur = ssl_ciphersuite_from_id( ciphersuite_id );
623
624 if( cur == NULL )
625 return( "unknown" );
626
627 return( cur->name );
628}
629
630int ssl_get_ciphersuite_id( const char *ciphersuite_name )
631{
632 const ssl_ciphersuite_t *cur;
633
634 cur = ssl_ciphersuite_from_string( ciphersuite_name );
635
636 if( cur == NULL )
637 return( 0 );
638
639 return( cur->id );
640}
641
642#endif