TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / a54e493bc0926ad58c9bf937d0b00d39461c7e26 / . / library / ssl_ciphersuites.c
blob: a65d3ad3d22c74dee8ae5335d32cf066082616c7 [file] [log] [blame]
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1/**
2 * \file ssl_ciphersuites.c
3 *
4 * \brief SSL ciphersuites for PolarSSL
5 *
6 * Copyright (C) 2006-2013, Brainspark B.V.
7 *
8 * This file is part of PolarSSL (http://www.polarssl.org)
9 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
10 *
11 * All rights reserved.
12 *
13 * This program is free software; you can redistribute it and/or modify
14 * it under the terms of the GNU General Public License as published by
15 * the Free Software Foundation; either version 2 of the License, or
16 * (at your option) any later version.
17 *
18 * This program is distributed in the hope that it will be useful,
19 * but WITHOUT ANY WARRANTY; without even the implied warranty of
20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 * GNU General Public License for more details.
22 *
23 * You should have received a copy of the GNU General Public License along
24 * with this program; if not, write to the Free Software Foundation, Inc.,
25 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
26 */
27
28#include "polarssl/config.h"
29
30#if defined(POLARSSL_SSL_TLS_C)
31
32#include "polarssl/ssl_ciphersuites.h"
33#include "polarssl/ssl.h"
34
35#include <stdlib.h>
36
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]37/*
38 * Ordered from most preferred to least preferred in terms of security.
39 */
40static const int ciphersuite_preference[] =
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]41{
Paul Bakkera54e4932013-03-20 15:31:54 +0100[diff] [blame^]42 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]43 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
Paul Bakkera54e4932013-03-20 15:31:54 +0100[diff] [blame^]44 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]45 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]46 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]47 TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]48 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]49 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
Paul Bakkera54e4932013-03-20 15:31:54 +0100[diff] [blame^]50 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]51 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
Paul Bakkera54e4932013-03-20 15:31:54 +0100[diff] [blame^]52 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]53 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
54 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
55 TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]56 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]57 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]58 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]59 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]60 TLS_ECDHE_RSA_WITH_RC4_128_SHA,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]61 TLS_RSA_WITH_AES_256_CBC_SHA256,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]62 TLS_RSA_WITH_AES_256_GCM_SHA384,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]63 TLS_RSA_WITH_AES_256_CBC_SHA,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]64 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]65 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]66 TLS_RSA_WITH_AES_128_CBC_SHA256,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]67 TLS_RSA_WITH_AES_128_GCM_SHA256,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]68 TLS_RSA_WITH_AES_128_CBC_SHA,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]69 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]70 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]71 TLS_RSA_WITH_3DES_EDE_CBC_SHA,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]72 TLS_RSA_WITH_RC4_128_SHA,
73 TLS_RSA_WITH_RC4_128_MD5,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]74 TLS_DHE_RSA_WITH_DES_CBC_SHA,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]75 TLS_RSA_WITH_DES_CBC_SHA,
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]76 TLS_ECDHE_RSA_WITH_NULL_SHA,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]77 TLS_RSA_WITH_NULL_SHA256,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]78 TLS_RSA_WITH_NULL_SHA,
79 TLS_RSA_WITH_NULL_MD5,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]80 0
81};
82
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]83#define MAX_CIPHERSUITES 60
84static int supported_ciphersuites[MAX_CIPHERSUITES];
85static int supported_init = 0;
86
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]87static const ssl_ciphersuite_t ciphersuite_definitions[] =
88{
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]89#if defined(POLARSSL_ECDH_C)
90#if defined(POLARSSL_AES_C)
91 { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA",
92 POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
93 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
94 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
95 POLARSSL_CIPHERSUITE_EC },
96 { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA",
97 POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
98 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
99 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
100 POLARSSL_CIPHERSUITE_EC },
Paul Bakkera54e4932013-03-20 15:31:54 +0100[diff] [blame^]101#if defined(POLARSSL_SHA2_C)
102 { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256",
103 POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
104 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
105 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
106 POLARSSL_CIPHERSUITE_EC },
107#if defined(POLARSSL_GCM_C)
108 { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256",
109 POLARSSL_CIPHER_AES_128_GCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
110 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
111 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
112 POLARSSL_CIPHERSUITE_EC },
113#endif /* POLARSSL_GCM_C */
114#endif /* POLARSSL_SHA2_C */
115#if defined(POLARSSL_SHA4_C)
116 { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384",
117 POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
118 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
119 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
120 POLARSSL_CIPHERSUITE_EC },
121#if defined(POLARSSL_GCM_C)
122 { TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384",
123 POLARSSL_CIPHER_AES_256_GCM, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
124 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
125 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
126 POLARSSL_CIPHERSUITE_EC },
127#endif /* POLARSSL_GCM_C */
128#endif /* POLARSSL_SHA4_C */
129#endif /* POLARSSL_AES_C */
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]130#if defined(POLARSSL_DES_C)
131 { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA",
132 POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
133 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
134 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
135 POLARSSL_CIPHERSUITE_EC },
136#endif /* POLARSSL_DES_C */
137#if defined(POLARSSL_ARC4_C)
138 { TLS_ECDHE_RSA_WITH_RC4_128_SHA, "TLS-ECDHE-RSA-WITH-RC4-128-SHA",
139 POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
140 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
141 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
142 POLARSSL_CIPHERSUITE_EC },
143#endif
144#if defined(POLARSSL_CIPHER_NULL_CIPHER)
145 { TLS_ECDHE_RSA_WITH_NULL_SHA, "TLS-ECDHE-RSA-WITH-NULL-SHA",
146 POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
147 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
148 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
149 POLARSSL_CIPHERSUITE_EC | POLARSSL_CIPHERSUITE_WEAK },
150#endif
151#endif
152
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]153#if defined(POLARSSL_ARC4_C)
154 { TLS_RSA_WITH_RC4_128_MD5, "TLS-RSA-WITH-RC4-128-MD5",
155 POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_MD5, POLARSSL_KEY_EXCHANGE_RSA,
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]156 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]157 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
158 0 },
159
160 { TLS_RSA_WITH_RC4_128_SHA, "TLS-RSA-WITH-RC4-128-SHA",
161 POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]162 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]163 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
164 0 },
165#endif /* POLARSSL_ARC4_C */
166
167#if defined(POLARSSL_DHM_C)
168#if defined(POLARSSL_AES_C)
169#if defined(POLARSSL_SHA4_C) && defined(POLARSSL_GCM_C)
170 { TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384",
171 POLARSSL_CIPHER_AES_256_GCM, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_DHE_RSA,
172 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
173 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
174 0 },
175#endif /* POLARSSL_SHA4_C && POLARSSL_GCM_C */
176
177#if defined(POLARSSL_SHA2_C)
178#if defined(POLARSSL_GCM_C)
179 { TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256",
180 POLARSSL_CIPHER_AES_128_GCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_RSA,
181 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
182 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
183 0 },
184#endif /* POLARSSL_GCM_C */
185
186 { TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256",
187 POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_RSA,
188 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
189 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
190 0 },
191
192 { TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256",
193 POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_RSA,
194 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
195 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
196 0 },
197#endif /* POLARSSL_SHA2_C */
198
199 { TLS_DHE_RSA_WITH_AES_128_CBC_SHA, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA",
200 POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA,
201 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
202 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
203 0 },
204
205 { TLS_DHE_RSA_WITH_AES_256_CBC_SHA, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA",
206 POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA,
207 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
208 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
209 0 },
210#endif /* POLARSSL_AES_C */
211
212#if defined(POLARSSL_CAMELLIA_C)
213#if defined(POLARSSL_SHA2_C)
214 { TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
215 POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_RSA,
216 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
217 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
218 0 },
219
220 { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256",
221 POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_RSA,
222 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
223 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
224 0 },
225#endif /* POLARSSL_SHA2_C */
226
227 { TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA",
228 POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA,
229 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
230 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
231 0 },
232
233 { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA",
234 POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA,
235 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
236 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
237 0 },
238#endif /* POLARSSL_CAMELLIA_C */
239
240#if defined(POLARSSL_DES_C)
241 { TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA",
242 POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA,
243 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
244 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
245 0 },
246#endif /* POLARSSL_DES_C */
247#endif /* POLARSSL_DHM_C */
248
249#if defined(POLARSSL_AES_C)
250#if defined(POLARSSL_SHA4_C) && defined(POLARSSL_GCM_C)
251 { TLS_RSA_WITH_AES_256_GCM_SHA384, "TLS-RSA-WITH-AES-256-GCM-SHA384",
252 POLARSSL_CIPHER_AES_256_GCM, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_RSA,
253 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
254 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
255 0 },
256#endif /* POLARSSL_SHA4_C && POLARSSL_GCM_C */
257
258#if defined(POLARSSL_SHA2_C)
259#if defined(POLARSSL_GCM_C)
260 { TLS_RSA_WITH_AES_128_GCM_SHA256, "TLS-RSA-WITH-AES-128-GCM-SHA256",
261 POLARSSL_CIPHER_AES_128_GCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA,
262 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
263 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
264 0 },
265#endif /* POLARSSL_GCM_C */
266
267 { TLS_RSA_WITH_AES_128_CBC_SHA256, "TLS-RSA-WITH-AES-128-CBC-SHA256",
268 POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA,
269 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
270 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
271 0 },
272
273 { TLS_RSA_WITH_AES_256_CBC_SHA256, "TLS-RSA-WITH-AES-256-CBC-SHA256",
274 POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA,
275 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
276 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
277 0 },
278#endif /* POLARSSL_SHA2_C */
279
280 { TLS_RSA_WITH_AES_128_CBC_SHA, "TLS-RSA-WITH-AES-128-CBC-SHA",
281 POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
282 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
283 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
284 0 },
285
286 { TLS_RSA_WITH_AES_256_CBC_SHA, "TLS-RSA-WITH-AES-256-CBC-SHA",
287 POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
288 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
289 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
290 0 },
291#endif /* POLARSSL_AES_C */
292
293#if defined(POLARSSL_CAMELLIA_C)
294#if defined(POLARSSL_SHA2_C)
295 { TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256",
296 POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA,
297 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
298 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
299 0 },
300
301 { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256",
302 POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA,
303 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
304 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
305 0 },
306#endif /* POLARSSL_SHA2_C */
307
308 { TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA",
309 POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
310 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
311 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
312 0 },
313
314 { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA",
315 POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
316 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
317 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
318 0 },
319#endif /* POLARSSL_CAMELLIA_C */
320
321#if defined(POLARSSL_DES_C)
322 { TLS_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-RSA-WITH-3DES-EDE-CBC-SHA",
323 POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
324 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
325 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
326 0 },
327#endif /* POLARSSL_DES_C */
328
329#if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES)
330#if defined(POLARSSL_CIPHER_NULL_CIPHER)
331 { TLS_RSA_WITH_NULL_MD5, "TLS-RSA-WITH-NULL-MD5",
332 POLARSSL_CIPHER_NULL, POLARSSL_MD_MD5, POLARSSL_KEY_EXCHANGE_RSA,
333 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
334 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
335 POLARSSL_CIPHERSUITE_WEAK },
336
337 { TLS_RSA_WITH_NULL_SHA, "TLS-RSA-WITH-NULL-SHA",
338 POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
339 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
340 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
341 POLARSSL_CIPHERSUITE_WEAK },
342
343 { TLS_RSA_WITH_NULL_SHA256, "TLS-RSA-WITH-NULL-SHA256",
344 POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA,
345 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
346 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
347 POLARSSL_CIPHERSUITE_WEAK },
348#endif /* POLARSSL_CIPHER_NULL_CIPHER */
349
350#if defined(POLARSSL_DES_C)
351#if defined(POLARSSL_DHM_C)
352 { TLS_DHE_RSA_WITH_DES_CBC_SHA, "TLS-DHE-RSA-WITH-DES-CBC-SHA",
353 POLARSSL_CIPHER_DES_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_DHE_RSA,
354 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
355 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
356 POLARSSL_CIPHERSUITE_WEAK },
357#endif /* POLARSSL_DHM_C */
358
359 { TLS_RSA_WITH_DES_CBC_SHA, "TLS-RSA-WITH-DES-CBC-SHA",
360 POLARSSL_CIPHER_DES_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA,
361 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
362 SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
363 POLARSSL_CIPHERSUITE_WEAK },
364#endif /* POLARSSL_DES_C */
365
366#endif /* POLARSSL_ENABLE_WEAK_CIPHERSUITES */
367
368 { 0, "", 0, 0, 0, 0, 0, 0, 0, 0 }
369};
370
371const int *ssl_list_ciphersuites( void )
372{
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]373 /*
374 * On initial call filter out all ciphersuites not supported by current
375 * build based on presence in the ciphersuite_definitions.
376 */
377 if( supported_init == 0 )
378 {
379 const int *p = ciphersuite_preference;
380 int *q = supported_ciphersuites;
381
382 memset( supported_ciphersuites, 0x00, sizeof(supported_ciphersuites) );
383
384 while( *p != 0 )
385 {
386 if( ssl_ciphersuite_from_id( *p ) != NULL )
387 *(q++) = *p;
388
389 p++;
390 }
391 supported_init = 1;
392 }
393
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]394 return supported_ciphersuites;
395};
396
397const ssl_ciphersuite_t *ssl_ciphersuite_from_string( const char *ciphersuite_name )
398{
399 const ssl_ciphersuite_t *cur = ciphersuite_definitions;
400
401 if( NULL == ciphersuite_name )
402 return( NULL );
403
404 while( cur->id != 0 )
405 {
406 if( 0 == strcasecmp( cur->name, ciphersuite_name ) )
407 return( cur );
408
409 cur++;
410 }
411
412 return( NULL );
413}
414
415const ssl_ciphersuite_t *ssl_ciphersuite_from_id( int ciphersuite )
416{
417 const ssl_ciphersuite_t *cur = ciphersuite_definitions;
418
419 while( cur->id != 0 )
420 {
421 if( cur->id == ciphersuite )
422 return( cur );
423
424 cur++;
425 }
426
427 return( NULL );
428}
429
430const char *ssl_get_ciphersuite_name( const int ciphersuite_id )
431{
432 const ssl_ciphersuite_t *cur;
433
434 cur = ssl_ciphersuite_from_id( ciphersuite_id );
435
436 if( cur == NULL )
437 return( "unknown" );
438
439 return( cur->name );
440}
441
442int ssl_get_ciphersuite_id( const char *ciphersuite_name )
443{
444 const ssl_ciphersuite_t *cur;
445
446 cur = ssl_ciphersuite_from_string( ciphersuite_name );
447
448 if( cur == NULL )
449 return( 0 );
450
451 return( cur->id );
452}
453
454#endif