TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / d4a56ec6bf9bb0e7c7f3179aa7fa6ea0b99aa9ed / . / library / ssl_ciphersuites.c
blob: 99629658d0836918c9d057726ad237525121bd37 [file] [log] [blame]
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1/**
2 * \file ssl_ciphersuites.c
3 *
4 * \brief SSL ciphersuites for PolarSSL
5 *
6 * Copyright (C) 2006-2013, Brainspark B.V.
7 *
8 * This file is part of PolarSSL (http://www.polarssl.org)
9 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
10 *
11 * All rights reserved.
12 *
13 * This program is free software; you can redistribute it and/or modify
14 * it under the terms of the GNU General Public License as published by
15 * the Free Software Foundation; either version 2 of the License, or
16 * (at your option) any later version.
17 *
18 * This program is distributed in the hope that it will be useful,
19 * but WITHOUT ANY WARRANTY; without even the implied warranty of
20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 * GNU General Public License for more details.
22 *
23 * You should have received a copy of the GNU General Public License along
24 * with this program; if not, write to the Free Software Foundation, Inc.,
25 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
26 */
27
28#include "polarssl/config.h"
29
30#if defined(POLARSSL_SSL_TLS_C)
31
32#include "polarssl/ssl_ciphersuites.h"
33#include "polarssl/ssl.h"
34
35#include <stdlib.h>
36
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]37/*
38 * Ordered from most preferred to least preferred in terms of security.
39 */
40static const int ciphersuite_preference[] =
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]41{
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]42 /* All AES-256 ephemeral suites */
Paul Bakkera54e4932013-03-20 15:31:54 +0100[diff] [blame]43 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]44 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
Paul Bakkera54e4932013-03-20 15:31:54 +0100[diff] [blame]45 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]46 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]47 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]48 TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]49
50 /* All CAMELLIA-256 ephemeral suites */
51 TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]52 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]53 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]54
55 /* All AES-128 ephemeral suites */
Paul Bakkera54e4932013-03-20 15:31:54 +0100[diff] [blame]56 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]57 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
Paul Bakkera54e4932013-03-20 15:31:54 +0100[diff] [blame]58 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]59 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
60 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
61 TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]62
63 /* All CAMELLIA-128 ephemeral suites */
64 TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]65 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]66 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]67
68 /* All remaining > 128-bit ephemeral suites */
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]69 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]70 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]71 TLS_ECDHE_RSA_WITH_RC4_128_SHA,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]72
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame^]73 /* The PSK ephemeral suites */
74 TLS_DHE_PSK_WITH_AES_256_CBC_SHA,
75 TLS_DHE_PSK_WITH_AES_128_CBC_SHA,
76 TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
77 TLS_DHE_PSK_WITH_RC4_128_SHA,
78
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]79 /* All AES-256 suites */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]80 TLS_RSA_WITH_AES_256_CBC_SHA256,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]81 TLS_RSA_WITH_AES_256_GCM_SHA384,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]82 TLS_RSA_WITH_AES_256_CBC_SHA,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]83
84 /* All CAMELLIA-256 suites */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]85 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]86 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]87
88 /* All AES-128 suites */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]89 TLS_RSA_WITH_AES_128_CBC_SHA256,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]90 TLS_RSA_WITH_AES_128_GCM_SHA256,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]91 TLS_RSA_WITH_AES_128_CBC_SHA,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]92
93 /* All CAMELLIA-128 suites */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]94 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]95 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]96
97 /* All remaining > 128-bit suites */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]98 TLS_RSA_WITH_3DES_EDE_CBC_SHA,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]99 TLS_RSA_WITH_RC4_128_SHA,
100 TLS_RSA_WITH_RC4_128_MD5,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]101
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame^]102 /* The RSA PSK suites */
103 TLS_RSA_PSK_WITH_AES_256_CBC_SHA,
104 TLS_RSA_PSK_WITH_AES_128_CBC_SHA,
105 TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
106 TLS_RSA_PSK_WITH_RC4_128_SHA,
107
108 /* The PSK suites */
109 TLS_PSK_WITH_AES_256_CBC_SHA,
110 TLS_PSK_WITH_AES_128_CBC_SHA,
111 TLS_PSK_WITH_3DES_EDE_CBC_SHA,
112 TLS_PSK_WITH_RC4_128_SHA,
113
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]114 /* Weak or NULL suites */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]115 TLS_DHE_RSA_WITH_DES_CBC_SHA,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]116 TLS_RSA_WITH_DES_CBC_SHA,
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]117 TLS_ECDHE_RSA_WITH_NULL_SHA,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]118 TLS_RSA_WITH_NULL_SHA256,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]119 TLS_RSA_WITH_NULL_SHA,
120 TLS_RSA_WITH_NULL_MD5,
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]121
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]122 0
123};
124
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]125#define MAX_CIPHERSUITES 60
126static int supported_ciphersuites[MAX_CIPHERSUITES];
127static int supported_init = 0;
128
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]129static const ssl_ciphersuite_t ciphersuite_definitions[] =
130{
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]131#if defined(POLARSSL_ECDH_C)
132#if defined(POLARSSL_AES_C)
133 { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA",
134 POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
135 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
136 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
137 POLARSSL_CIPHERSUITE_EC },
138 { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA",
139 POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
140 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
141 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
142 POLARSSL_CIPHERSUITE_EC },
Paul Bakkera54e4932013-03-20 15:31:54 +0100[diff] [blame]143#if defined(POLARSSL_SHA2_C)
144 { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256",
145 POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
146 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
147 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
148 POLARSSL_CIPHERSUITE_EC },
149#if defined(POLARSSL_GCM_C)
150 { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256",
151 POLARSSL_CIPHER_AES_128_GCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
152 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
153 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
154 POLARSSL_CIPHERSUITE_EC },
155#endif /* POLARSSL_GCM_C */
156#endif /* POLARSSL_SHA2_C */
157#if defined(POLARSSL_SHA4_C)
158 { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384",
159 POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
160 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
161 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
162 POLARSSL_CIPHERSUITE_EC },
163#if defined(POLARSSL_GCM_C)
164 { TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384",
165 POLARSSL_CIPHER_AES_256_GCM, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
166 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
167 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
168 POLARSSL_CIPHERSUITE_EC },
169#endif /* POLARSSL_GCM_C */
170#endif /* POLARSSL_SHA4_C */
171#endif /* POLARSSL_AES_C */
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]172
173#if defined(POLARSSL_CAMELLIA_C)
174#if defined(POLARSSL_SHA2_C)
175 { TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
176 POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
177 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
178 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
179 POLARSSL_CIPHERSUITE_EC },
180#endif /* POLARSSL_SHA2_C */
181#if defined(POLARSSL_SHA4_C)
182 { TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384",
183 POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
184 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
185 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
186 POLARSSL_CIPHERSUITE_EC },
187#endif /* POLARSSL_SHA4_C */
188#endif /* POLARSSL_CAMELLIA_C */
189
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]190#if defined(POLARSSL_DES_C)
191 { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA",
192 POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
193 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
194 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
195 POLARSSL_CIPHERSUITE_EC },
196#endif /* POLARSSL_DES_C */
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]197
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]198#if defined(POLARSSL_ARC4_C)
199 { TLS_ECDHE_RSA_WITH_RC4_128_SHA, "TLS-ECDHE-RSA-WITH-RC4-128-SHA",
200 POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
201 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
202 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
203 POLARSSL_CIPHERSUITE_EC },
204#endif
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]205
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]206#if defined(POLARSSL_CIPHER_NULL_CIPHER)
207 { TLS_ECDHE_RSA_WITH_NULL_SHA, "TLS-ECDHE-RSA-WITH-NULL-SHA",
208 POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
209 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
210 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
211 POLARSSL_CIPHERSUITE_EC | POLARSSL_CIPHERSUITE_WEAK },
212#endif
213#endif
214
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]215#if defined(POLARSSL_ARC4_C)
216 { TLS_RSA_WITH_RC4_128_MD5, "TLS-RSA-WITH-RC4-128-MD5",
217 POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_MD5, POLARSSL_KEY_EXCHANGE_RSA,
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]218 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]219 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
220 0 },
221
222 { TLS_RSA_WITH_RC4_128_SHA, "TLS-RSA-WITH-RC4-128-SHA",
223 POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]224 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]225 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
226 0 },
227#endif /* POLARSSL_ARC4_C */
228
229#if defined(POLARSSL_DHM_C)
230#if defined(POLARSSL_AES_C)
231#if defined(POLARSSL_SHA4_C) && defined(POLARSSL_GCM_C)
232 { TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384",
233 POLARSSL_CIPHER_AES_256_GCM, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_DHE_RSA,
234 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
235 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
236 0 },
237#endif /* POLARSSL_SHA4_C && POLARSSL_GCM_C */
238
239#if defined(POLARSSL_SHA2_C)
240#if defined(POLARSSL_GCM_C)
241 { TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256",
242 POLARSSL_CIPHER_AES_128_GCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_RSA,
243 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
244 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
245 0 },
246#endif /* POLARSSL_GCM_C */
247
248 { TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256",
249 POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_RSA,
250 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
251 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
252 0 },
253
254 { TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256",
255 POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_RSA,
256 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
257 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
258 0 },
259#endif /* POLARSSL_SHA2_C */
260
261 { TLS_DHE_RSA_WITH_AES_128_CBC_SHA, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA",
262 POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA,
263 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
264 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
265 0 },
266
267 { TLS_DHE_RSA_WITH_AES_256_CBC_SHA, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA",
268 POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA,
269 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
270 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
271 0 },
272#endif /* POLARSSL_AES_C */
273
274#if defined(POLARSSL_CAMELLIA_C)
275#if defined(POLARSSL_SHA2_C)
276 { TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
277 POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_RSA,
278 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
279 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
280 0 },
281
282 { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256",
283 POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_RSA,
284 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
285 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
286 0 },
287#endif /* POLARSSL_SHA2_C */
288
289 { TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA",
290 POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA,
291 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
292 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
293 0 },
294
295 { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA",
296 POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA,
297 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
298 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
299 0 },
300#endif /* POLARSSL_CAMELLIA_C */
301
302#if defined(POLARSSL_DES_C)
303 { TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA",
304 POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA,
305 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
306 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
307 0 },
308#endif /* POLARSSL_DES_C */
309#endif /* POLARSSL_DHM_C */
310
311#if defined(POLARSSL_AES_C)
312#if defined(POLARSSL_SHA4_C) && defined(POLARSSL_GCM_C)
313 { TLS_RSA_WITH_AES_256_GCM_SHA384, "TLS-RSA-WITH-AES-256-GCM-SHA384",
314 POLARSSL_CIPHER_AES_256_GCM, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_RSA,
315 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
316 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
317 0 },
318#endif /* POLARSSL_SHA4_C && POLARSSL_GCM_C */
319
320#if defined(POLARSSL_SHA2_C)
321#if defined(POLARSSL_GCM_C)
322 { TLS_RSA_WITH_AES_128_GCM_SHA256, "TLS-RSA-WITH-AES-128-GCM-SHA256",
323 POLARSSL_CIPHER_AES_128_GCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA,
324 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
325 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
326 0 },
327#endif /* POLARSSL_GCM_C */
328
329 { TLS_RSA_WITH_AES_128_CBC_SHA256, "TLS-RSA-WITH-AES-128-CBC-SHA256",
330 POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA,
331 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
332 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
333 0 },
334
335 { TLS_RSA_WITH_AES_256_CBC_SHA256, "TLS-RSA-WITH-AES-256-CBC-SHA256",
336 POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA,
337 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
338 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
339 0 },
340#endif /* POLARSSL_SHA2_C */
341
342 { TLS_RSA_WITH_AES_128_CBC_SHA, "TLS-RSA-WITH-AES-128-CBC-SHA",
343 POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
344 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
345 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
346 0 },
347
348 { TLS_RSA_WITH_AES_256_CBC_SHA, "TLS-RSA-WITH-AES-256-CBC-SHA",
349 POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
350 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
351 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
352 0 },
353#endif /* POLARSSL_AES_C */
354
355#if defined(POLARSSL_CAMELLIA_C)
356#if defined(POLARSSL_SHA2_C)
357 { TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256",
358 POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA,
359 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
360 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
361 0 },
362
363 { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256",
364 POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA,
365 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
366 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
367 0 },
368#endif /* POLARSSL_SHA2_C */
369
370 { TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA",
371 POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
372 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
373 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
374 0 },
375
376 { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA",
377 POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
378 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
379 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
380 0 },
381#endif /* POLARSSL_CAMELLIA_C */
382
383#if defined(POLARSSL_DES_C)
384 { TLS_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-RSA-WITH-3DES-EDE-CBC-SHA",
385 POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
386 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
387 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
388 0 },
389#endif /* POLARSSL_DES_C */
390
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame^]391#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
392#if defined(POLARSSL_AES_C)
393 { TLS_PSK_WITH_AES_128_CBC_SHA, "TLS-PSK-WITH-AES-128-CBC-SHA",
394 POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_PSK,
395 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
396 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
397 0 },
398
399 { TLS_PSK_WITH_AES_256_CBC_SHA, "TLS-PSK-WITH-AES-256-CBC-SHA",
400 POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_PSK,
401 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
402 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
403 0 },
404#endif /* POLARSSL_AES_C */
405
406#if defined(POLARSSL_DES_C)
407 { TLS_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-PSK-WITH-3DES-EDE-CBC-SHA",
408 POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_PSK,
409 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
410 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
411 0 },
412#endif /* POLARSSL_DES_C */
413
414#if defined(POLARSSL_ARC4_C)
415 { TLS_PSK_WITH_RC4_128_SHA, "TLS-PSK-WITH-RC4-128-SHA",
416 POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_PSK,
417 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
418 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
419 0 },
420#endif /* POLARSSL_ARC4_C */
421
422#if defined(POLARSSL_DHM_C)
423#if defined(POLARSSL_AES_C)
424 { TLS_DHE_PSK_WITH_AES_128_CBC_SHA, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA",
425 POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_PSK,
426 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
427 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
428 0 },
429
430 { TLS_DHE_PSK_WITH_AES_256_CBC_SHA, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA",
431 POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_PSK,
432 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
433 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
434 0 },
435#endif /* POLARSSL_AES_C */
436
437#if defined(POLARSSL_DES_C)
438 { TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA",
439 POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_PSK,
440 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
441 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
442 0 },
443#endif /* POLARSSL_DES_C */
444
445#if defined(POLARSSL_ARC4_C)
446 { TLS_DHE_PSK_WITH_RC4_128_SHA, "TLS-DHE-PSK-WITH-RC4-128-SHA",
447 POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_PSK,
448 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
449 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
450 0 },
451#endif /* POLARSSL_ARC4_C */
452#endif /* POLARSSL_DHM_C */
453
454#if defined(POLARSSL_AES_C)
455 { TLS_RSA_PSK_WITH_AES_128_CBC_SHA, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA",
456 POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA_PSK,
457 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
458 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
459 0 },
460
461 { TLS_RSA_PSK_WITH_AES_256_CBC_SHA, "TLS-RSA-PSK-WITH-AES-256-CBC-SHA",
462 POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA_PSK,
463 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
464 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
465 0 },
466#endif /* POLARSSL_AES_C */
467
468#if defined(POLARSSL_DES_C)
469 { TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA",
470 POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA_PSK,
471 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
472 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
473 0 },
474#endif /* POLARSSL_DES_C */
475
476#if defined(POLARSSL_ARC4_C)
477 { TLS_RSA_PSK_WITH_RC4_128_SHA, "TLS-RSA-PSK-WITH-RC4-128-SHA",
478 POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA_PSK,
479 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
480 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
481 0 },
482#endif /* POLARSSL_ARC4_C */
483#endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED */
484
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]485#if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES)
486#if defined(POLARSSL_CIPHER_NULL_CIPHER)
487 { TLS_RSA_WITH_NULL_MD5, "TLS-RSA-WITH-NULL-MD5",
488 POLARSSL_CIPHER_NULL, POLARSSL_MD_MD5, POLARSSL_KEY_EXCHANGE_RSA,
489 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
490 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
491 POLARSSL_CIPHERSUITE_WEAK },
492
493 { TLS_RSA_WITH_NULL_SHA, "TLS-RSA-WITH-NULL-SHA",
494 POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
495 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
496 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
497 POLARSSL_CIPHERSUITE_WEAK },
498
499 { TLS_RSA_WITH_NULL_SHA256, "TLS-RSA-WITH-NULL-SHA256",
500 POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA,
501 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
502 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
503 POLARSSL_CIPHERSUITE_WEAK },
504#endif /* POLARSSL_CIPHER_NULL_CIPHER */
505
506#if defined(POLARSSL_DES_C)
507#if defined(POLARSSL_DHM_C)
508 { TLS_DHE_RSA_WITH_DES_CBC_SHA, "TLS-DHE-RSA-WITH-DES-CBC-SHA",
509 POLARSSL_CIPHER_DES_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA,
510 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
511 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
512 POLARSSL_CIPHERSUITE_WEAK },
513#endif /* POLARSSL_DHM_C */
514
515 { TLS_RSA_WITH_DES_CBC_SHA, "TLS-RSA-WITH-DES-CBC-SHA",
516 POLARSSL_CIPHER_DES_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
517 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
518 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
519 POLARSSL_CIPHERSUITE_WEAK },
520#endif /* POLARSSL_DES_C */
521
522#endif /* POLARSSL_ENABLE_WEAK_CIPHERSUITES */
523
524 { 0, "", 0, 0, 0, 0, 0, 0, 0, 0 }
525};
526
527const int *ssl_list_ciphersuites( void )
528{
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]529 /*
530 * On initial call filter out all ciphersuites not supported by current
531 * build based on presence in the ciphersuite_definitions.
532 */
533 if( supported_init == 0 )
534 {
535 const int *p = ciphersuite_preference;
536 int *q = supported_ciphersuites;
537
538 memset( supported_ciphersuites, 0x00, sizeof(supported_ciphersuites) );
539
540 while( *p != 0 )
541 {
542 if( ssl_ciphersuite_from_id( *p ) != NULL )
543 *(q++) = *p;
544
545 p++;
546 }
547 supported_init = 1;
548 }
549
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]550 return supported_ciphersuites;
551};
552
553const ssl_ciphersuite_t *ssl_ciphersuite_from_string( const char *ciphersuite_name )
554{
555 const ssl_ciphersuite_t *cur = ciphersuite_definitions;
556
557 if( NULL == ciphersuite_name )
558 return( NULL );
559
560 while( cur->id != 0 )
561 {
562 if( 0 == strcasecmp( cur->name, ciphersuite_name ) )
563 return( cur );
564
565 cur++;
566 }
567
568 return( NULL );
569}
570
571const ssl_ciphersuite_t *ssl_ciphersuite_from_id( int ciphersuite )
572{
573 const ssl_ciphersuite_t *cur = ciphersuite_definitions;
574
575 while( cur->id != 0 )
576 {
577 if( cur->id == ciphersuite )
578 return( cur );
579
580 cur++;
581 }
582
583 return( NULL );
584}
585
586const char *ssl_get_ciphersuite_name( const int ciphersuite_id )
587{
588 const ssl_ciphersuite_t *cur;
589
590 cur = ssl_ciphersuite_from_id( ciphersuite_id );
591
592 if( cur == NULL )
593 return( "unknown" );
594
595 return( cur->name );
596}
597
598int ssl_get_ciphersuite_id( const char *ciphersuite_name )
599{
600 const ssl_ciphersuite_t *cur;
601
602 cur = ssl_ciphersuite_from_string( ciphersuite_name );
603
604 if( cur == NULL )
605 return( 0 );
606
607 return( cur->id );
608}
609
610#endif