/src/gnutls/lib/algorithms/ciphersuites.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Copyright (C) 2011-2012 Free Software Foundation, Inc. |
3 | | * Copyright (C) 2017 Red Hat, Inc. |
4 | | * |
5 | | * Author: Nikos Mavrogiannopoulos |
6 | | * |
7 | | * This file is part of GnuTLS. |
8 | | * |
9 | | * The GnuTLS is free software; you can redistribute it and/or |
10 | | * modify it under the terms of the GNU Lesser General Public License |
11 | | * as published by the Free Software Foundation; either version 2.1 of |
12 | | * the License, or (at your option) any later version. |
13 | | * |
14 | | * This library is distributed in the hope that it will be useful, but |
15 | | * WITHOUT ANY WARRANTY; without even the implied warranty of |
16 | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
17 | | * Lesser General Public License for more details. |
18 | | * |
19 | | * You should have received a copy of the GNU Lesser General Public License |
20 | | * along with this program. If not, see <https://www.gnu.org/licenses/> |
21 | | * |
22 | | */ |
23 | | |
24 | | #include "gnutls_int.h" |
25 | | #include "algorithms.h" |
26 | | #include "errors.h" |
27 | | #include "dh.h" |
28 | | #include "state.h" |
29 | | #include "x509/common.h" |
30 | | #include "auth/cert.h" |
31 | | #include "auth/anon.h" |
32 | | #include "auth/psk.h" |
33 | | #include "ext/safe_renegotiation.h" |
34 | | |
35 | | #ifndef ENABLE_SSL3 |
36 | | #define GNUTLS_SSL3 GNUTLS_TLS1 |
37 | | #endif |
38 | | |
39 | | /* Cipher SUITES */ |
40 | | #define ENTRY(name, canonical_name, block_algorithm, kx_algorithm, \ |
41 | | mac_algorithm, min_version, dtls_version) \ |
42 | | { #name, name, canonical_name, block_algorithm, \ |
43 | | kx_algorithm, mac_algorithm, min_version, GNUTLS_TLS1_2, \ |
44 | | dtls_version, GNUTLS_DTLS1_2, GNUTLS_MAC_SHA256 } |
45 | | #define ENTRY_PRF(name, canonical_name, block_algorithm, kx_algorithm, \ |
46 | | mac_algorithm, min_version, dtls_version, prf) \ |
47 | | { #name, \ |
48 | | name, \ |
49 | | canonical_name, \ |
50 | | block_algorithm, \ |
51 | | kx_algorithm, \ |
52 | | mac_algorithm, \ |
53 | | min_version, \ |
54 | | GNUTLS_TLS1_2, \ |
55 | | dtls_version, \ |
56 | | GNUTLS_DTLS1_2, \ |
57 | | prf } |
58 | | #define ENTRY_TLS13(name, canonical_name, block_algorithm, min_version, prf) \ |
59 | | { #name, \ |
60 | | name, \ |
61 | | canonical_name, \ |
62 | | block_algorithm, \ |
63 | | 0, \ |
64 | | GNUTLS_MAC_AEAD, \ |
65 | | min_version, \ |
66 | | GNUTLS_TLS1_3, \ |
67 | | GNUTLS_VERSION_UNKNOWN, \ |
68 | | GNUTLS_VERSION_UNKNOWN, \ |
69 | | prf } |
70 | | |
71 | | /* TLS 1.3 ciphersuites */ |
72 | | #define GNUTLS_AES_128_GCM_SHA256 { 0x13, 0x01 } |
73 | | #define GNUTLS_AES_256_GCM_SHA384 { 0x13, 0x02 } |
74 | | #define GNUTLS_CHACHA20_POLY1305_SHA256 { 0x13, 0x03 } |
75 | | #define GNUTLS_AES_128_CCM_SHA256 { 0x13, 0x04 } |
76 | | #define GNUTLS_AES_128_CCM_8_SHA256 { 0x13, 0x05 } |
77 | | |
78 | | /* RSA with NULL cipher and MD5 MAC |
79 | | * for test purposes. |
80 | | */ |
81 | | #define GNUTLS_RSA_NULL_MD5 { 0x00, 0x01 } |
82 | | #define GNUTLS_RSA_NULL_SHA1 { 0x00, 0x02 } |
83 | | #define GNUTLS_RSA_NULL_SHA256 { 0x00, 0x3B } |
84 | | |
85 | | /* ANONymous cipher suites. |
86 | | */ |
87 | | |
88 | | #define GNUTLS_DH_ANON_3DES_EDE_CBC_SHA1 { 0x00, 0x1B } |
89 | | #define GNUTLS_DH_ANON_ARCFOUR_128_MD5 { 0x00, 0x18 } |
90 | | |
91 | | /* rfc3268: */ |
92 | | #define GNUTLS_DH_ANON_AES_128_CBC_SHA1 { 0x00, 0x34 } |
93 | | #define GNUTLS_DH_ANON_AES_256_CBC_SHA1 { 0x00, 0x3A } |
94 | | |
95 | | /* rfc4132 */ |
96 | | #define GNUTLS_DH_ANON_CAMELLIA_128_CBC_SHA1 { 0x00, 0x46 } |
97 | | #define GNUTLS_DH_ANON_CAMELLIA_256_CBC_SHA1 { 0x00, 0x89 } |
98 | | |
99 | | /* rfc5932 */ |
100 | | #define GNUTLS_RSA_CAMELLIA_128_CBC_SHA256 { 0x00, 0xBA } |
101 | | #define GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA256 { 0x00, 0xBD } |
102 | | #define GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA256 { 0x00, 0xBE } |
103 | | #define GNUTLS_DH_ANON_CAMELLIA_128_CBC_SHA256 { 0x00, 0xBF } |
104 | | #define GNUTLS_RSA_CAMELLIA_256_CBC_SHA256 { 0x00, 0xC0 } |
105 | | #define GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA256 { 0x00, 0xC3 } |
106 | | #define GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA256 { 0x00, 0xC4 } |
107 | | #define GNUTLS_DH_ANON_CAMELLIA_256_CBC_SHA256 { 0x00, 0xC5 } |
108 | | |
109 | | /* rfc6367 */ |
110 | | #define GNUTLS_ECDHE_ECDSA_CAMELLIA_128_CBC_SHA256 { 0xC0, 0x72 } |
111 | | #define GNUTLS_ECDHE_ECDSA_CAMELLIA_256_CBC_SHA384 { 0xC0, 0x73 } |
112 | | #define GNUTLS_ECDHE_RSA_CAMELLIA_128_CBC_SHA256 { 0xC0, 0x76 } |
113 | | #define GNUTLS_ECDHE_RSA_CAMELLIA_256_CBC_SHA384 { 0xC0, 0x77 } |
114 | | #define GNUTLS_PSK_CAMELLIA_128_CBC_SHA256 { 0xC0, 0x94 } |
115 | | #define GNUTLS_PSK_CAMELLIA_256_CBC_SHA384 { 0xC0, 0x95 } |
116 | | #define GNUTLS_DHE_PSK_CAMELLIA_128_CBC_SHA256 { 0xC0, 0x96 } |
117 | | #define GNUTLS_DHE_PSK_CAMELLIA_256_CBC_SHA384 { 0xC0, 0x97 } |
118 | | #define GNUTLS_RSA_PSK_CAMELLIA_128_CBC_SHA256 { 0xC0, 0x98 } |
119 | | #define GNUTLS_RSA_PSK_CAMELLIA_256_CBC_SHA384 { 0xC0, 0x99 } |
120 | | #define GNUTLS_ECDHE_PSK_CAMELLIA_128_CBC_SHA256 { 0xC0, 0x9A } |
121 | | #define GNUTLS_ECDHE_PSK_CAMELLIA_256_CBC_SHA384 { 0xC0, 0x9B } |
122 | | |
123 | | #define GNUTLS_RSA_CAMELLIA_128_GCM_SHA256 { 0xC0, 0x7A } |
124 | | #define GNUTLS_RSA_CAMELLIA_256_GCM_SHA384 { 0xC0, 0x7B } |
125 | | #define GNUTLS_DHE_RSA_CAMELLIA_128_GCM_SHA256 { 0xC0, 0x7C } |
126 | | #define GNUTLS_DHE_RSA_CAMELLIA_256_GCM_SHA384 { 0xC0, 0x7D } |
127 | | #define GNUTLS_DHE_DSS_CAMELLIA_128_GCM_SHA256 { 0xC0, 0x80 } |
128 | | #define GNUTLS_DHE_DSS_CAMELLIA_256_GCM_SHA384 { 0xC0, 0x81 } |
129 | | #define GNUTLS_DH_ANON_CAMELLIA_128_GCM_SHA256 { 0xC0, 0x84 } |
130 | | #define GNUTLS_DH_ANON_CAMELLIA_256_GCM_SHA384 { 0xC0, 0x85 } |
131 | | #define GNUTLS_ECDHE_ECDSA_CAMELLIA_128_GCM_SHA256 { 0xC0, 0x86 } |
132 | | #define GNUTLS_ECDHE_ECDSA_CAMELLIA_256_GCM_SHA384 { 0xC0, 0x87 } |
133 | | #define GNUTLS_ECDHE_RSA_CAMELLIA_128_GCM_SHA256 { 0xC0, 0x8A } |
134 | | #define GNUTLS_ECDHE_RSA_CAMELLIA_256_GCM_SHA384 { 0xC0, 0x8B } |
135 | | #define GNUTLS_PSK_CAMELLIA_128_GCM_SHA256 { 0xC0, 0x8E } |
136 | | #define GNUTLS_PSK_CAMELLIA_256_GCM_SHA384 { 0xC0, 0x8F } |
137 | | #define GNUTLS_DHE_PSK_CAMELLIA_128_GCM_SHA256 { 0xC0, 0x90 } |
138 | | #define GNUTLS_DHE_PSK_CAMELLIA_256_GCM_SHA384 { 0xC0, 0x91 } |
139 | | #define GNUTLS_RSA_PSK_CAMELLIA_128_GCM_SHA256 { 0xC0, 0x92 } |
140 | | #define GNUTLS_RSA_PSK_CAMELLIA_256_GCM_SHA384 { 0xC0, 0x93 } |
141 | | |
142 | | #define GNUTLS_DH_ANON_AES_128_CBC_SHA256 { 0x00, 0x6C } |
143 | | #define GNUTLS_DH_ANON_AES_256_CBC_SHA256 { 0x00, 0x6D } |
144 | | |
145 | | /* draft-ietf-tls-chacha20-poly1305-02 */ |
146 | | #define GNUTLS_ECDHE_RSA_CHACHA20_POLY1305 { 0xCC, 0xA8 } |
147 | | #define GNUTLS_ECDHE_ECDSA_CHACHA20_POLY1305 { 0xCC, 0xA9 } |
148 | | #define GNUTLS_DHE_RSA_CHACHA20_POLY1305 { 0xCC, 0xAA } |
149 | | |
150 | | #define GNUTLS_PSK_CHACHA20_POLY1305 { 0xCC, 0xAB } |
151 | | #define GNUTLS_ECDHE_PSK_CHACHA20_POLY1305 { 0xCC, 0xAC } |
152 | | #define GNUTLS_DHE_PSK_CHACHA20_POLY1305 { 0xCC, 0xAD } |
153 | | #define GNUTLS_RSA_PSK_CHACHA20_POLY1305 { 0xCC, 0xAE } |
154 | | |
155 | | /* PSK (not in TLS 1.0) |
156 | | * draft-ietf-tls-psk: |
157 | | */ |
158 | | #define GNUTLS_PSK_ARCFOUR_128_SHA1 { 0x00, 0x8A } |
159 | | #define GNUTLS_PSK_3DES_EDE_CBC_SHA1 { 0x00, 0x8B } |
160 | | #define GNUTLS_PSK_AES_128_CBC_SHA1 { 0x00, 0x8C } |
161 | | #define GNUTLS_PSK_AES_256_CBC_SHA1 { 0x00, 0x8D } |
162 | | |
163 | | #define GNUTLS_DHE_PSK_ARCFOUR_128_SHA1 { 0x00, 0x8E } |
164 | | #define GNUTLS_DHE_PSK_3DES_EDE_CBC_SHA1 { 0x00, 0x8F } |
165 | | #define GNUTLS_DHE_PSK_AES_128_CBC_SHA1 { 0x00, 0x90 } |
166 | | #define GNUTLS_DHE_PSK_AES_256_CBC_SHA1 { 0x00, 0x91 } |
167 | | |
168 | | #define GNUTLS_RSA_PSK_ARCFOUR_128_SHA1 { 0x00, 0x92 } |
169 | | #define GNUTLS_RSA_PSK_3DES_EDE_CBC_SHA1 { 0x00, 0x93 } |
170 | | #define GNUTLS_RSA_PSK_AES_128_CBC_SHA1 { 0x00, 0x94 } |
171 | | #define GNUTLS_RSA_PSK_AES_256_CBC_SHA1 { 0x00, 0x95 } |
172 | | |
173 | | #ifdef ENABLE_SRP |
174 | | /* SRP (rfc5054) |
175 | | */ |
176 | | #define GNUTLS_SRP_SHA_3DES_EDE_CBC_SHA1 { 0xC0, 0x1A } |
177 | | #define GNUTLS_SRP_SHA_RSA_3DES_EDE_CBC_SHA1 { 0xC0, 0x1B } |
178 | | #define GNUTLS_SRP_SHA_DSS_3DES_EDE_CBC_SHA1 { 0xC0, 0x1C } |
179 | | |
180 | | #define GNUTLS_SRP_SHA_AES_128_CBC_SHA1 { 0xC0, 0x1D } |
181 | | #define GNUTLS_SRP_SHA_RSA_AES_128_CBC_SHA1 { 0xC0, 0x1E } |
182 | | #define GNUTLS_SRP_SHA_DSS_AES_128_CBC_SHA1 { 0xC0, 0x1F } |
183 | | |
184 | | #define GNUTLS_SRP_SHA_AES_256_CBC_SHA1 { 0xC0, 0x20 } |
185 | | #define GNUTLS_SRP_SHA_RSA_AES_256_CBC_SHA1 { 0xC0, 0x21 } |
186 | | #define GNUTLS_SRP_SHA_DSS_AES_256_CBC_SHA1 { 0xC0, 0x22 } |
187 | | #endif |
188 | | |
189 | | /* RSA |
190 | | */ |
191 | | #define GNUTLS_RSA_ARCFOUR_128_SHA1 { 0x00, 0x05 } |
192 | | #define GNUTLS_RSA_ARCFOUR_128_MD5 { 0x00, 0x04 } |
193 | | #define GNUTLS_RSA_3DES_EDE_CBC_SHA1 { 0x00, 0x0A } |
194 | | |
195 | | /* rfc3268: |
196 | | */ |
197 | | #define GNUTLS_RSA_AES_128_CBC_SHA1 { 0x00, 0x2F } |
198 | | #define GNUTLS_RSA_AES_256_CBC_SHA1 { 0x00, 0x35 } |
199 | | |
200 | | /* rfc4132 */ |
201 | | #define GNUTLS_RSA_CAMELLIA_128_CBC_SHA1 { 0x00, 0x41 } |
202 | | #define GNUTLS_RSA_CAMELLIA_256_CBC_SHA1 { 0x00, 0x84 } |
203 | | |
204 | | #define GNUTLS_RSA_AES_128_CBC_SHA256 { 0x00, 0x3C } |
205 | | #define GNUTLS_RSA_AES_256_CBC_SHA256 { 0x00, 0x3D } |
206 | | |
207 | | /* DHE DSS |
208 | | */ |
209 | | #define GNUTLS_DHE_DSS_3DES_EDE_CBC_SHA1 { 0x00, 0x13 } |
210 | | |
211 | | /* draft-ietf-tls-56-bit-ciphersuites-01: |
212 | | */ |
213 | | #define GNUTLS_DHE_DSS_ARCFOUR_128_SHA1 { 0x00, 0x66 } |
214 | | |
215 | | /* rfc3268: |
216 | | */ |
217 | | #define GNUTLS_DHE_DSS_AES_256_CBC_SHA1 { 0x00, 0x38 } |
218 | | #define GNUTLS_DHE_DSS_AES_128_CBC_SHA1 { 0x00, 0x32 } |
219 | | |
220 | | /* rfc4132 */ |
221 | | #define GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA1 { 0x00, 0x44 } |
222 | | #define GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA1 { 0x00, 0x87 } |
223 | | |
224 | | #define GNUTLS_DHE_DSS_AES_128_CBC_SHA256 { 0x00, 0x40 } |
225 | | #define GNUTLS_DHE_DSS_AES_256_CBC_SHA256 { 0x00, 0x6A } |
226 | | |
227 | | /* DHE RSA |
228 | | */ |
229 | | #define GNUTLS_DHE_RSA_3DES_EDE_CBC_SHA1 { 0x00, 0x16 } |
230 | | |
231 | | /* rfc3268: |
232 | | */ |
233 | | #define GNUTLS_DHE_RSA_AES_128_CBC_SHA1 { 0x00, 0x33 } |
234 | | #define GNUTLS_DHE_RSA_AES_256_CBC_SHA1 { 0x00, 0x39 } |
235 | | |
236 | | /* rfc4132 */ |
237 | | #define GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA1 { 0x00, 0x45 } |
238 | | #define GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA1 { 0x00, 0x88 } |
239 | | |
240 | | #define GNUTLS_DHE_RSA_AES_128_CBC_SHA256 { 0x00, 0x67 } |
241 | | #define GNUTLS_DHE_RSA_AES_256_CBC_SHA256 { 0x00, 0x6B } |
242 | | |
243 | | /* GCM: RFC5288 */ |
244 | | #define GNUTLS_RSA_AES_128_GCM_SHA256 { 0x00, 0x9C } |
245 | | #define GNUTLS_DHE_RSA_AES_128_GCM_SHA256 { 0x00, 0x9E } |
246 | | #define GNUTLS_DHE_DSS_AES_128_GCM_SHA256 { 0x00, 0xA2 } |
247 | | #define GNUTLS_DH_ANON_AES_128_GCM_SHA256 { 0x00, 0xA6 } |
248 | | #define GNUTLS_RSA_AES_256_GCM_SHA384 { 0x00, 0x9D } |
249 | | #define GNUTLS_DHE_RSA_AES_256_GCM_SHA384 { 0x00, 0x9F } |
250 | | #define GNUTLS_DHE_DSS_AES_256_GCM_SHA384 { 0x00, 0xA3 } |
251 | | #define GNUTLS_DH_ANON_AES_256_GCM_SHA384 { 0x00, 0xA7 } |
252 | | |
253 | | /* CCM: RFC6655/7251 */ |
254 | | #define GNUTLS_RSA_AES_128_CCM { 0xC0, 0x9C } |
255 | | #define GNUTLS_RSA_AES_256_CCM { 0xC0, 0x9D } |
256 | | #define GNUTLS_DHE_RSA_AES_128_CCM { 0xC0, 0x9E } |
257 | | #define GNUTLS_DHE_RSA_AES_256_CCM { 0xC0, 0x9F } |
258 | | |
259 | | #define GNUTLS_ECDHE_ECDSA_AES_128_CCM { 0xC0, 0xAC } |
260 | | #define GNUTLS_ECDHE_ECDSA_AES_256_CCM { 0xC0, 0xAD } |
261 | | |
262 | | #define GNUTLS_PSK_AES_128_CCM { 0xC0, 0xA4 } |
263 | | #define GNUTLS_PSK_AES_256_CCM { 0xC0, 0xA5 } |
264 | | #define GNUTLS_DHE_PSK_AES_128_CCM { 0xC0, 0xA6 } |
265 | | #define GNUTLS_DHE_PSK_AES_256_CCM { 0xC0, 0xA7 } |
266 | | |
267 | | /* CCM-8: RFC6655/7251 */ |
268 | | #define GNUTLS_RSA_AES_128_CCM_8 { 0xC0, 0xA0 } |
269 | | #define GNUTLS_RSA_AES_256_CCM_8 { 0xC0, 0xA1 } |
270 | | #define GNUTLS_DHE_RSA_AES_128_CCM_8 { 0xC0, 0xA2 } |
271 | | #define GNUTLS_DHE_RSA_AES_256_CCM_8 { 0xC0, 0xA3 } |
272 | | |
273 | | #define GNUTLS_ECDHE_ECDSA_AES_128_CCM_8 { 0xC0, 0xAE } |
274 | | #define GNUTLS_ECDHE_ECDSA_AES_256_CCM_8 { 0xC0, 0xAF } |
275 | | |
276 | | #define GNUTLS_PSK_AES_128_CCM_8 { 0xC0, 0xA8 } |
277 | | #define GNUTLS_PSK_AES_256_CCM_8 { 0xC0, 0xA9 } |
278 | | #define GNUTLS_DHE_PSK_AES_128_CCM_8 { 0xC0, 0xAA } |
279 | | #define GNUTLS_DHE_PSK_AES_256_CCM_8 { 0xC0, 0xAB } |
280 | | |
281 | | /* RFC 5487 */ |
282 | | /* GCM-PSK */ |
283 | | #define GNUTLS_PSK_AES_128_GCM_SHA256 { 0x00, 0xA8 } |
284 | | #define GNUTLS_DHE_PSK_AES_128_GCM_SHA256 { 0x00, 0xAA } |
285 | | #define GNUTLS_PSK_AES_256_GCM_SHA384 { 0x00, 0xA9 } |
286 | | #define GNUTLS_DHE_PSK_AES_256_GCM_SHA384 { 0x00, 0xAB } |
287 | | |
288 | | #define GNUTLS_PSK_AES_256_CBC_SHA384 { 0x00, 0xAF } |
289 | | #define GNUTLS_PSK_NULL_SHA384 { 0x00, 0xB1 } |
290 | | #define GNUTLS_DHE_PSK_AES_256_CBC_SHA384 { 0x00, 0xB3 } |
291 | | #define GNUTLS_DHE_PSK_NULL_SHA384 { 0x00, 0xB5 } |
292 | | |
293 | | #define GNUTLS_PSK_NULL_SHA1 { 0x00, 0x2C } |
294 | | #define GNUTLS_DHE_PSK_NULL_SHA1 { 0x00, 0x2D } |
295 | | #define GNUTLS_RSA_PSK_NULL_SHA1 { 0x00, 0x2E } |
296 | | #define GNUTLS_ECDHE_PSK_NULL_SHA1 { 0xC0, 0x39 } |
297 | | |
298 | | #define GNUTLS_RSA_PSK_AES_128_GCM_SHA256 { 0x00, 0xAC } |
299 | | #define GNUTLS_RSA_PSK_AES_256_GCM_SHA384 { 0x00, 0xAD } |
300 | | #define GNUTLS_RSA_PSK_AES_128_CBC_SHA256 { 0x00, 0xB6 } |
301 | | #define GNUTLS_RSA_PSK_AES_256_CBC_SHA384 { 0x00, 0xB7 } |
302 | | #define GNUTLS_RSA_PSK_NULL_SHA256 { 0x00, 0xB8 } |
303 | | #define GNUTLS_RSA_PSK_NULL_SHA384 { 0x00, 0xB9 } |
304 | | |
305 | | /* PSK - SHA256 HMAC */ |
306 | | #define GNUTLS_PSK_AES_128_CBC_SHA256 { 0x00, 0xAE } |
307 | | #define GNUTLS_DHE_PSK_AES_128_CBC_SHA256 { 0x00, 0xB2 } |
308 | | |
309 | | #define GNUTLS_PSK_NULL_SHA256 { 0x00, 0xB0 } |
310 | | #define GNUTLS_DHE_PSK_NULL_SHA256 { 0x00, 0xB4 } |
311 | | |
312 | | /* ECC */ |
313 | | #define GNUTLS_ECDH_ANON_NULL_SHA1 { 0xC0, 0x15 } |
314 | | #define GNUTLS_ECDH_ANON_3DES_EDE_CBC_SHA1 { 0xC0, 0x17 } |
315 | | #define GNUTLS_ECDH_ANON_AES_128_CBC_SHA1 { 0xC0, 0x18 } |
316 | | #define GNUTLS_ECDH_ANON_AES_256_CBC_SHA1 { 0xC0, 0x19 } |
317 | | #define GNUTLS_ECDH_ANON_ARCFOUR_128_SHA1 { 0xC0, 0x16 } |
318 | | |
319 | | /* ECC-RSA */ |
320 | | #define GNUTLS_ECDHE_RSA_NULL_SHA1 { 0xC0, 0x10 } |
321 | | #define GNUTLS_ECDHE_RSA_3DES_EDE_CBC_SHA1 { 0xC0, 0x12 } |
322 | | #define GNUTLS_ECDHE_RSA_AES_128_CBC_SHA1 { 0xC0, 0x13 } |
323 | | #define GNUTLS_ECDHE_RSA_AES_256_CBC_SHA1 { 0xC0, 0x14 } |
324 | | #define GNUTLS_ECDHE_RSA_ARCFOUR_128_SHA1 { 0xC0, 0x11 } |
325 | | |
326 | | /* ECC-ECDSA */ |
327 | | #define GNUTLS_ECDHE_ECDSA_NULL_SHA1 { 0xC0, 0x06 } |
328 | | #define GNUTLS_ECDHE_ECDSA_3DES_EDE_CBC_SHA1 { 0xC0, 0x08 } |
329 | | #define GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA1 { 0xC0, 0x09 } |
330 | | #define GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA1 { 0xC0, 0x0A } |
331 | | #define GNUTLS_ECDHE_ECDSA_ARCFOUR_128_SHA1 { 0xC0, 0x07 } |
332 | | |
333 | | /* RFC5289 */ |
334 | | /* ECC with SHA2 */ |
335 | | #define GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA256 { 0xC0, 0x23 } |
336 | | #define GNUTLS_ECDHE_RSA_AES_128_CBC_SHA256 { 0xC0, 0x27 } |
337 | | #define GNUTLS_ECDHE_RSA_AES_256_CBC_SHA384 { 0xC0, 0x28 } |
338 | | |
339 | | /* ECC with AES-GCM */ |
340 | | #define GNUTLS_ECDHE_ECDSA_AES_128_GCM_SHA256 { 0xC0, 0x2B } |
341 | | #define GNUTLS_ECDHE_RSA_AES_128_GCM_SHA256 { 0xC0, 0x2F } |
342 | | #define GNUTLS_ECDHE_RSA_AES_256_GCM_SHA384 { 0xC0, 0x30 } |
343 | | |
344 | | /* SuiteB */ |
345 | | #define GNUTLS_ECDHE_ECDSA_AES_256_GCM_SHA384 { 0xC0, 0x2C } |
346 | | #define GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA384 { 0xC0, 0x24 } |
347 | | |
348 | | /* ECC with PSK */ |
349 | | #define GNUTLS_ECDHE_PSK_3DES_EDE_CBC_SHA1 { 0xC0, 0x34 } |
350 | | #define GNUTLS_ECDHE_PSK_AES_128_CBC_SHA1 { 0xC0, 0x35 } |
351 | | #define GNUTLS_ECDHE_PSK_AES_256_CBC_SHA1 { 0xC0, 0x36 } |
352 | | #define GNUTLS_ECDHE_PSK_AES_128_CBC_SHA256 { 0xC0, 0x37 } |
353 | | #define GNUTLS_ECDHE_PSK_AES_256_CBC_SHA384 { 0xC0, 0x38 } |
354 | | #define GNUTLS_ECDHE_PSK_ARCFOUR_128_SHA1 { 0xC0, 0x33 } |
355 | | #define GNUTLS_ECDHE_PSK_NULL_SHA256 { 0xC0, 0x3A } |
356 | | #define GNUTLS_ECDHE_PSK_NULL_SHA384 { 0xC0, 0x3B } |
357 | | |
358 | | /* draft-smyshlyaev-tls12-gost-suites */ |
359 | | #ifdef ENABLE_GOST |
360 | | #define GNUTLS_GOSTR341112_256_28147_CNT_IMIT { 0xc1, 0x02 } |
361 | | #endif |
362 | | |
363 | | #define CIPHER_SUITES_COUNT \ |
364 | 0 | (sizeof(cs_algorithms) / sizeof(gnutls_cipher_suite_entry_st) - 1) |
365 | | |
366 | | /* The following is a potential list of ciphersuites. For the options to be |
367 | | * available, the ciphers and MACs must be available to gnutls as well. |
368 | | */ |
369 | | static const gnutls_cipher_suite_entry_st cs_algorithms[] = { |
370 | | /* TLS 1.3 */ |
371 | | ENTRY_TLS13(GNUTLS_AES_128_GCM_SHA256, "TLS_AES_128_GCM_SHA256", |
372 | | GNUTLS_CIPHER_AES_128_GCM, GNUTLS_TLS1_3, |
373 | | GNUTLS_MAC_SHA256), |
374 | | |
375 | | ENTRY_TLS13(GNUTLS_AES_256_GCM_SHA384, "TLS_AES_256_GCM_SHA384", |
376 | | GNUTLS_CIPHER_AES_256_GCM, GNUTLS_TLS1_3, |
377 | | GNUTLS_MAC_SHA384), |
378 | | |
379 | | ENTRY_TLS13(GNUTLS_CHACHA20_POLY1305_SHA256, |
380 | | "TLS_CHACHA20_POLY1305_SHA256", |
381 | | GNUTLS_CIPHER_CHACHA20_POLY1305, GNUTLS_TLS1_3, |
382 | | GNUTLS_MAC_SHA256), |
383 | | |
384 | | ENTRY_TLS13(GNUTLS_AES_128_CCM_SHA256, "TLS_AES_128_CCM_SHA256", |
385 | | GNUTLS_CIPHER_AES_128_CCM, GNUTLS_TLS1_3, |
386 | | GNUTLS_MAC_SHA256), |
387 | | |
388 | | ENTRY_TLS13(GNUTLS_AES_128_CCM_8_SHA256, "TLS_AES_128_CCM_8_SHA256", |
389 | | GNUTLS_CIPHER_AES_128_CCM_8, GNUTLS_TLS1_3, |
390 | | GNUTLS_MAC_SHA256), |
391 | | |
392 | | /* RSA-NULL */ |
393 | | ENTRY(GNUTLS_RSA_NULL_MD5, "TLS_RSA_WITH_NULL_MD5", GNUTLS_CIPHER_NULL, |
394 | | GNUTLS_KX_RSA, GNUTLS_MAC_MD5, GNUTLS_SSL3, |
395 | | GNUTLS_DTLS_VERSION_MIN), |
396 | | ENTRY(GNUTLS_RSA_NULL_SHA1, "TLS_RSA_WITH_NULL_SHA", GNUTLS_CIPHER_NULL, |
397 | | GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3, |
398 | | GNUTLS_DTLS_VERSION_MIN), |
399 | | ENTRY(GNUTLS_RSA_NULL_SHA256, "TLS_RSA_WITH_NULL_SHA256", |
400 | | GNUTLS_CIPHER_NULL, GNUTLS_KX_RSA, GNUTLS_MAC_SHA256, |
401 | | GNUTLS_TLS1_2, GNUTLS_DTLS1_2), |
402 | | |
403 | | /* RSA */ |
404 | | ENTRY(GNUTLS_RSA_ARCFOUR_128_SHA1, "TLS_RSA_WITH_RC4_128_SHA", |
405 | | GNUTLS_CIPHER_ARCFOUR_128, GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, |
406 | | GNUTLS_SSL3, GNUTLS_VERSION_UNKNOWN), |
407 | | ENTRY(GNUTLS_RSA_ARCFOUR_128_MD5, "TLS_RSA_WITH_RC4_128_MD5", |
408 | | GNUTLS_CIPHER_ARCFOUR_128, GNUTLS_KX_RSA, GNUTLS_MAC_MD5, |
409 | | GNUTLS_SSL3, GNUTLS_VERSION_UNKNOWN), |
410 | | ENTRY(GNUTLS_RSA_3DES_EDE_CBC_SHA1, "TLS_RSA_WITH_3DES_EDE_CBC_SHA", |
411 | | GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, |
412 | | GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), |
413 | | ENTRY(GNUTLS_RSA_AES_128_CBC_SHA1, "TLS_RSA_WITH_AES_128_CBC_SHA", |
414 | | GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, |
415 | | GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), |
416 | | ENTRY(GNUTLS_RSA_AES_256_CBC_SHA1, "TLS_RSA_WITH_AES_256_CBC_SHA", |
417 | | GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, |
418 | | GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), |
419 | | |
420 | | ENTRY(GNUTLS_RSA_CAMELLIA_128_CBC_SHA256, |
421 | | "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256", |
422 | | GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_RSA, GNUTLS_MAC_SHA256, |
423 | | GNUTLS_TLS1_2, GNUTLS_DTLS1_2), |
424 | | ENTRY(GNUTLS_RSA_CAMELLIA_256_CBC_SHA256, |
425 | | "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256", |
426 | | GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_RSA, GNUTLS_MAC_SHA256, |
427 | | GNUTLS_TLS1_2, GNUTLS_DTLS1_2), |
428 | | ENTRY(GNUTLS_RSA_CAMELLIA_128_CBC_SHA1, |
429 | | "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA", |
430 | | GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, |
431 | | GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), |
432 | | ENTRY(GNUTLS_RSA_CAMELLIA_256_CBC_SHA1, |
433 | | "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA", |
434 | | GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, |
435 | | GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), |
436 | | ENTRY(GNUTLS_RSA_AES_128_CBC_SHA256, "TLS_RSA_WITH_AES_128_CBC_SHA256", |
437 | | GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA, GNUTLS_MAC_SHA256, |
438 | | GNUTLS_TLS1_2, GNUTLS_DTLS1_2), |
439 | | ENTRY(GNUTLS_RSA_AES_256_CBC_SHA256, "TLS_RSA_WITH_AES_256_CBC_SHA256", |
440 | | GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA, GNUTLS_MAC_SHA256, |
441 | | GNUTLS_TLS1_2, GNUTLS_DTLS1_2), |
442 | | |
443 | | /* GCM */ |
444 | | ENTRY(GNUTLS_RSA_AES_128_GCM_SHA256, "TLS_RSA_WITH_AES_128_GCM_SHA256", |
445 | | GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_RSA, GNUTLS_MAC_AEAD, |
446 | | GNUTLS_TLS1_2, GNUTLS_DTLS1_2), |
447 | | ENTRY_PRF(GNUTLS_RSA_AES_256_GCM_SHA384, |
448 | | "TLS_RSA_WITH_AES_256_GCM_SHA384", GNUTLS_CIPHER_AES_256_GCM, |
449 | | GNUTLS_KX_RSA, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2, |
450 | | GNUTLS_MAC_SHA384), |
451 | | ENTRY(GNUTLS_RSA_CAMELLIA_128_GCM_SHA256, |
452 | | "TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256", |
453 | | GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_RSA, GNUTLS_MAC_AEAD, |
454 | | GNUTLS_TLS1_2, GNUTLS_DTLS1_2), |
455 | | ENTRY_PRF(GNUTLS_RSA_CAMELLIA_256_GCM_SHA384, |
456 | | "TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384", |
457 | | GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_RSA, |
458 | | GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2, |
459 | | GNUTLS_MAC_SHA384), |
460 | | |
461 | | /* CCM */ |
462 | | ENTRY(GNUTLS_RSA_AES_128_CCM, "TLS_RSA_WITH_AES_128_CCM", |
463 | | GNUTLS_CIPHER_AES_128_CCM, GNUTLS_KX_RSA, GNUTLS_MAC_AEAD, |
464 | | GNUTLS_TLS1_2, GNUTLS_DTLS1_2), |
465 | | ENTRY(GNUTLS_RSA_AES_256_CCM, "TLS_RSA_WITH_AES_256_CCM", |
466 | | GNUTLS_CIPHER_AES_256_CCM, GNUTLS_KX_RSA, GNUTLS_MAC_AEAD, |
467 | | GNUTLS_TLS1_2, GNUTLS_DTLS1_2), |
468 | | |
469 | | /* CCM_8 */ |
470 | | ENTRY(GNUTLS_RSA_AES_128_CCM_8, "TLS_RSA_WITH_AES_128_CCM_8", |
471 | | GNUTLS_CIPHER_AES_128_CCM_8, GNUTLS_KX_RSA, GNUTLS_MAC_AEAD, |
472 | | GNUTLS_TLS1_2, GNUTLS_DTLS1_2), |
473 | | ENTRY(GNUTLS_RSA_AES_256_CCM_8, "TLS_RSA_WITH_AES_256_CCM_8", |
474 | | GNUTLS_CIPHER_AES_256_CCM_8, GNUTLS_KX_RSA, GNUTLS_MAC_AEAD, |
475 | | GNUTLS_TLS1_2, GNUTLS_DTLS1_2), |
476 | | |
477 | | /* DHE_DSS */ |
478 | | #ifdef ENABLE_DHE |
479 | | ENTRY(GNUTLS_DHE_DSS_ARCFOUR_128_SHA1, "TLS_DHE_DSS_RC4_128_SHA", |
480 | | GNUTLS_CIPHER_ARCFOUR_128, GNUTLS_KX_DHE_DSS, GNUTLS_MAC_SHA1, |
481 | | GNUTLS_SSL3, GNUTLS_VERSION_UNKNOWN), |
482 | | ENTRY(GNUTLS_DHE_DSS_3DES_EDE_CBC_SHA1, |
483 | | "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA", GNUTLS_CIPHER_3DES_CBC, |
484 | | GNUTLS_KX_DHE_DSS, GNUTLS_MAC_SHA1, GNUTLS_SSL3, |
485 | | GNUTLS_DTLS_VERSION_MIN), |
486 | | ENTRY(GNUTLS_DHE_DSS_AES_128_CBC_SHA1, |
487 | | "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", GNUTLS_CIPHER_AES_128_CBC, |
488 | | GNUTLS_KX_DHE_DSS, GNUTLS_MAC_SHA1, GNUTLS_SSL3, |
489 | | GNUTLS_DTLS_VERSION_MIN), |
490 | | ENTRY(GNUTLS_DHE_DSS_AES_256_CBC_SHA1, |
491 | | "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", GNUTLS_CIPHER_AES_256_CBC, |
492 | | GNUTLS_KX_DHE_DSS, GNUTLS_MAC_SHA1, GNUTLS_SSL3, |
493 | | GNUTLS_DTLS_VERSION_MIN), |
494 | | ENTRY(GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA256, |
495 | | "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256", |
496 | | GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_DHE_DSS, |
497 | | GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), |
498 | | ENTRY(GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA256, |
499 | | "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256", |
500 | | GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_DHE_DSS, |
501 | | GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), |
502 | | |
503 | | ENTRY(GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA1, |
504 | | "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA", |
505 | | GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_DHE_DSS, |
506 | | GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), |
507 | | ENTRY(GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA1, |
508 | | "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA", |
509 | | GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_DHE_DSS, |
510 | | GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), |
511 | | ENTRY(GNUTLS_DHE_DSS_AES_128_CBC_SHA256, |
512 | | "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", GNUTLS_CIPHER_AES_128_CBC, |
513 | | GNUTLS_KX_DHE_DSS, GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, |
514 | | GNUTLS_DTLS1_2), |
515 | | ENTRY(GNUTLS_DHE_DSS_AES_256_CBC_SHA256, |
516 | | "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256", GNUTLS_CIPHER_AES_256_CBC, |
517 | | GNUTLS_KX_DHE_DSS, GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, |
518 | | GNUTLS_DTLS1_2), |
519 | | /* GCM */ |
520 | | ENTRY(GNUTLS_DHE_DSS_AES_128_GCM_SHA256, |
521 | | "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256", GNUTLS_CIPHER_AES_128_GCM, |
522 | | GNUTLS_KX_DHE_DSS, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, |
523 | | GNUTLS_DTLS1_2), |
524 | | ENTRY_PRF(GNUTLS_DHE_DSS_AES_256_GCM_SHA384, |
525 | | "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384", |
526 | | GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_DHE_DSS, GNUTLS_MAC_AEAD, |
527 | | GNUTLS_TLS1_2, GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384), |
528 | | ENTRY(GNUTLS_DHE_DSS_CAMELLIA_128_GCM_SHA256, |
529 | | "TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256", |
530 | | GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_DHE_DSS, |
531 | | GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), |
532 | | ENTRY_PRF(GNUTLS_DHE_DSS_CAMELLIA_256_GCM_SHA384, |
533 | | "TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384", |
534 | | GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_DHE_DSS, |
535 | | GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2, |
536 | | GNUTLS_MAC_SHA384), |
537 | | |
538 | | /* DHE_RSA */ |
539 | | ENTRY(GNUTLS_DHE_RSA_3DES_EDE_CBC_SHA1, |
540 | | "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA", GNUTLS_CIPHER_3DES_CBC, |
541 | | GNUTLS_KX_DHE_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3, |
542 | | GNUTLS_DTLS_VERSION_MIN), |
543 | | ENTRY(GNUTLS_DHE_RSA_AES_128_CBC_SHA1, |
544 | | "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", GNUTLS_CIPHER_AES_128_CBC, |
545 | | GNUTLS_KX_DHE_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3, |
546 | | GNUTLS_DTLS_VERSION_MIN), |
547 | | ENTRY(GNUTLS_DHE_RSA_AES_256_CBC_SHA1, |
548 | | "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", GNUTLS_CIPHER_AES_256_CBC, |
549 | | GNUTLS_KX_DHE_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3, |
550 | | GNUTLS_DTLS_VERSION_MIN), |
551 | | ENTRY(GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA256, |
552 | | "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256", |
553 | | GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_DHE_RSA, |
554 | | GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), |
555 | | ENTRY(GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA256, |
556 | | "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256", |
557 | | GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_DHE_RSA, |
558 | | GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), |
559 | | ENTRY(GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA1, |
560 | | "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA", |
561 | | GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_DHE_RSA, |
562 | | GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), |
563 | | ENTRY(GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA1, |
564 | | "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA", |
565 | | GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_DHE_RSA, |
566 | | GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), |
567 | | ENTRY(GNUTLS_DHE_RSA_AES_128_CBC_SHA256, |
568 | | "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", GNUTLS_CIPHER_AES_128_CBC, |
569 | | GNUTLS_KX_DHE_RSA, GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, |
570 | | GNUTLS_DTLS1_2), |
571 | | ENTRY(GNUTLS_DHE_RSA_AES_256_CBC_SHA256, |
572 | | "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", GNUTLS_CIPHER_AES_256_CBC, |
573 | | GNUTLS_KX_DHE_RSA, GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, |
574 | | GNUTLS_DTLS1_2), |
575 | | /* GCM */ |
576 | | ENTRY(GNUTLS_DHE_RSA_AES_128_GCM_SHA256, |
577 | | "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", GNUTLS_CIPHER_AES_128_GCM, |
578 | | GNUTLS_KX_DHE_RSA, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, |
579 | | GNUTLS_DTLS1_2), |
580 | | ENTRY_PRF(GNUTLS_DHE_RSA_AES_256_GCM_SHA384, |
581 | | "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", |
582 | | GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_DHE_RSA, GNUTLS_MAC_AEAD, |
583 | | GNUTLS_TLS1_2, GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384), |
584 | | ENTRY(GNUTLS_DHE_RSA_CAMELLIA_128_GCM_SHA256, |
585 | | "TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256", |
586 | | GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_DHE_RSA, |
587 | | GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), |
588 | | ENTRY_PRF(GNUTLS_DHE_RSA_CAMELLIA_256_GCM_SHA384, |
589 | | "TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384", |
590 | | GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_DHE_RSA, |
591 | | GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2, |
592 | | GNUTLS_MAC_SHA384), |
593 | | |
594 | | ENTRY(GNUTLS_DHE_RSA_CHACHA20_POLY1305, |
595 | | "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256", |
596 | | GNUTLS_CIPHER_CHACHA20_POLY1305, GNUTLS_KX_DHE_RSA, |
597 | | GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), |
598 | | |
599 | | /* CCM */ |
600 | | ENTRY(GNUTLS_DHE_RSA_AES_128_CCM, "TLS_DHE_RSA_WITH_AES_128_CCM", |
601 | | GNUTLS_CIPHER_AES_128_CCM, GNUTLS_KX_DHE_RSA, GNUTLS_MAC_AEAD, |
602 | | GNUTLS_TLS1_2, GNUTLS_DTLS1_2), |
603 | | ENTRY(GNUTLS_DHE_RSA_AES_256_CCM, "TLS_DHE_RSA_WITH_AES_256_CCM", |
604 | | GNUTLS_CIPHER_AES_256_CCM, GNUTLS_KX_DHE_RSA, GNUTLS_MAC_AEAD, |
605 | | GNUTLS_TLS1_2, GNUTLS_DTLS1_2), |
606 | | ENTRY(GNUTLS_DHE_RSA_AES_128_CCM_8, "TLS_DHE_RSA_WITH_AES_128_CCM_8", |
607 | | GNUTLS_CIPHER_AES_128_CCM_8, GNUTLS_KX_DHE_RSA, GNUTLS_MAC_AEAD, |
608 | | GNUTLS_TLS1_2, GNUTLS_DTLS1_2), |
609 | | ENTRY(GNUTLS_DHE_RSA_AES_256_CCM_8, "TLS_DHE_RSA_WITH_AES_256_CCM_8", |
610 | | GNUTLS_CIPHER_AES_256_CCM_8, GNUTLS_KX_DHE_RSA, GNUTLS_MAC_AEAD, |
611 | | GNUTLS_TLS1_2, GNUTLS_DTLS1_2), |
612 | | |
613 | | #endif /* DHE */ |
614 | | #ifdef ENABLE_ECDHE |
615 | | /* ECC-RSA */ |
616 | | ENTRY(GNUTLS_ECDHE_RSA_NULL_SHA1, "TLS_ECDHE_RSA_WITH_NULL_SHA", |
617 | | GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_RSA, GNUTLS_MAC_SHA1, |
618 | | GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), |
619 | | ENTRY(GNUTLS_ECDHE_RSA_3DES_EDE_CBC_SHA1, |
620 | | "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", GNUTLS_CIPHER_3DES_CBC, |
621 | | GNUTLS_KX_ECDHE_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3, |
622 | | GNUTLS_DTLS_VERSION_MIN), |
623 | | ENTRY(GNUTLS_ECDHE_RSA_AES_128_CBC_SHA1, |
624 | | "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", GNUTLS_CIPHER_AES_128_CBC, |
625 | | GNUTLS_KX_ECDHE_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3, |
626 | | GNUTLS_DTLS_VERSION_MIN), |
627 | | ENTRY(GNUTLS_ECDHE_RSA_AES_256_CBC_SHA1, |
628 | | "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", GNUTLS_CIPHER_AES_256_CBC, |
629 | | GNUTLS_KX_ECDHE_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3, |
630 | | GNUTLS_DTLS_VERSION_MIN), |
631 | | ENTRY_PRF(GNUTLS_ECDHE_RSA_AES_256_CBC_SHA384, |
632 | | "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", |
633 | | GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_RSA, |
634 | | GNUTLS_MAC_SHA384, GNUTLS_TLS1_2, GNUTLS_DTLS1_2, |
635 | | GNUTLS_MAC_SHA384), |
636 | | ENTRY(GNUTLS_ECDHE_RSA_ARCFOUR_128_SHA1, |
637 | | "TLS_ECDHE_RSA_WITH_RC4_128_SHA", GNUTLS_CIPHER_ARCFOUR, |
638 | | GNUTLS_KX_ECDHE_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3, |
639 | | GNUTLS_VERSION_UNKNOWN), |
640 | | ENTRY(GNUTLS_ECDHE_RSA_CAMELLIA_128_CBC_SHA256, |
641 | | "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256", |
642 | | GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_ECDHE_RSA, |
643 | | GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), |
644 | | ENTRY_PRF(GNUTLS_ECDHE_RSA_CAMELLIA_256_CBC_SHA384, |
645 | | "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384", |
646 | | GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_ECDHE_RSA, |
647 | | GNUTLS_MAC_SHA384, GNUTLS_TLS1_2, GNUTLS_DTLS1_2, |
648 | | GNUTLS_MAC_SHA384), |
649 | | |
650 | | /* ECDHE-ECDSA */ |
651 | | ENTRY(GNUTLS_ECDHE_ECDSA_NULL_SHA1, "TLS_ECDHE_ECDSA_WITH_NULL_SHA", |
652 | | GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_ECDSA, GNUTLS_MAC_SHA1, |
653 | | GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), |
654 | | ENTRY(GNUTLS_ECDHE_ECDSA_3DES_EDE_CBC_SHA1, |
655 | | "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", GNUTLS_CIPHER_3DES_CBC, |
656 | | GNUTLS_KX_ECDHE_ECDSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3, |
657 | | GNUTLS_DTLS_VERSION_MIN), |
658 | | ENTRY(GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA1, |
659 | | "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", GNUTLS_CIPHER_AES_128_CBC, |
660 | | GNUTLS_KX_ECDHE_ECDSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3, |
661 | | GNUTLS_DTLS_VERSION_MIN), |
662 | | ENTRY(GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA1, |
663 | | "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", GNUTLS_CIPHER_AES_256_CBC, |
664 | | GNUTLS_KX_ECDHE_ECDSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3, |
665 | | GNUTLS_DTLS_VERSION_MIN), |
666 | | ENTRY(GNUTLS_ECDHE_ECDSA_ARCFOUR_128_SHA1, |
667 | | "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", GNUTLS_CIPHER_ARCFOUR, |
668 | | GNUTLS_KX_ECDHE_ECDSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3, |
669 | | GNUTLS_VERSION_UNKNOWN), |
670 | | ENTRY(GNUTLS_ECDHE_ECDSA_CAMELLIA_128_CBC_SHA256, |
671 | | "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256", |
672 | | GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_ECDHE_ECDSA, |
673 | | GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), |
674 | | ENTRY_PRF(GNUTLS_ECDHE_ECDSA_CAMELLIA_256_CBC_SHA384, |
675 | | "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384", |
676 | | GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_ECDHE_ECDSA, |
677 | | GNUTLS_MAC_SHA384, GNUTLS_TLS1_2, GNUTLS_DTLS1_2, |
678 | | GNUTLS_MAC_SHA384), |
679 | | |
680 | | /* More ECC */ |
681 | | |
682 | | ENTRY(GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA256, |
683 | | "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", |
684 | | GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_ECDSA, |
685 | | GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), |
686 | | ENTRY(GNUTLS_ECDHE_RSA_AES_128_CBC_SHA256, |
687 | | "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", |
688 | | GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_RSA, GNUTLS_MAC_SHA256, |
689 | | GNUTLS_TLS1_2, GNUTLS_DTLS1_2), |
690 | | ENTRY(GNUTLS_ECDHE_ECDSA_CAMELLIA_128_GCM_SHA256, |
691 | | "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256", |
692 | | GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_ECDHE_ECDSA, |
693 | | GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), |
694 | | ENTRY_PRF(GNUTLS_ECDHE_ECDSA_CAMELLIA_256_GCM_SHA384, |
695 | | "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384", |
696 | | GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_ECDHE_ECDSA, |
697 | | GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2, |
698 | | GNUTLS_MAC_SHA384), |
699 | | ENTRY(GNUTLS_ECDHE_ECDSA_AES_128_GCM_SHA256, |
700 | | "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", |
701 | | GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_ECDHE_ECDSA, GNUTLS_MAC_AEAD, |
702 | | GNUTLS_TLS1_2, GNUTLS_DTLS1_2), |
703 | | ENTRY_PRF(GNUTLS_ECDHE_ECDSA_AES_256_GCM_SHA384, |
704 | | "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", |
705 | | GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_ECDHE_ECDSA, |
706 | | GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2, |
707 | | GNUTLS_MAC_SHA384), |
708 | | ENTRY(GNUTLS_ECDHE_RSA_AES_128_GCM_SHA256, |
709 | | "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", |
710 | | GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_ECDHE_RSA, GNUTLS_MAC_AEAD, |
711 | | GNUTLS_TLS1_2, GNUTLS_DTLS1_2), |
712 | | ENTRY_PRF(GNUTLS_ECDHE_RSA_AES_256_GCM_SHA384, |
713 | | "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", |
714 | | GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_ECDHE_RSA, |
715 | | GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2, |
716 | | GNUTLS_MAC_SHA384), |
717 | | ENTRY_PRF(GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA384, |
718 | | "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", |
719 | | GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_ECDSA, |
720 | | GNUTLS_MAC_SHA384, GNUTLS_TLS1_2, GNUTLS_DTLS1_2, |
721 | | GNUTLS_MAC_SHA384), |
722 | | |
723 | | ENTRY(GNUTLS_ECDHE_RSA_CAMELLIA_128_GCM_SHA256, |
724 | | "TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256", |
725 | | GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_ECDHE_RSA, |
726 | | GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), |
727 | | ENTRY_PRF(GNUTLS_ECDHE_RSA_CAMELLIA_256_GCM_SHA384, |
728 | | "TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384", |
729 | | GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_ECDHE_RSA, |
730 | | GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2, |
731 | | GNUTLS_MAC_SHA384), |
732 | | |
733 | | ENTRY(GNUTLS_ECDHE_RSA_CHACHA20_POLY1305, |
734 | | "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", |
735 | | GNUTLS_CIPHER_CHACHA20_POLY1305, GNUTLS_KX_ECDHE_RSA, |
736 | | GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), |
737 | | |
738 | | ENTRY(GNUTLS_ECDHE_ECDSA_CHACHA20_POLY1305, |
739 | | "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", |
740 | | GNUTLS_CIPHER_CHACHA20_POLY1305, GNUTLS_KX_ECDHE_ECDSA, |
741 | | GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), |
742 | | |
743 | | ENTRY(GNUTLS_ECDHE_ECDSA_AES_128_CCM, |
744 | | "TLS_ECDHE_ECDSA_WITH_AES_128_CCM", GNUTLS_CIPHER_AES_128_CCM, |
745 | | GNUTLS_KX_ECDHE_ECDSA, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, |
746 | | GNUTLS_DTLS1_2), |
747 | | ENTRY(GNUTLS_ECDHE_ECDSA_AES_256_CCM, |
748 | | "TLS_ECDHE_ECDSA_WITH_AES_256_CCM", GNUTLS_CIPHER_AES_256_CCM, |
749 | | GNUTLS_KX_ECDHE_ECDSA, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, |
750 | | GNUTLS_DTLS1_2), |
751 | | ENTRY(GNUTLS_ECDHE_ECDSA_AES_128_CCM_8, |
752 | | "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8", GNUTLS_CIPHER_AES_128_CCM_8, |
753 | | GNUTLS_KX_ECDHE_ECDSA, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, |
754 | | GNUTLS_DTLS1_2), |
755 | | ENTRY(GNUTLS_ECDHE_ECDSA_AES_256_CCM_8, |
756 | | "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8", GNUTLS_CIPHER_AES_256_CCM_8, |
757 | | GNUTLS_KX_ECDHE_ECDSA, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, |
758 | | GNUTLS_DTLS1_2), |
759 | | #endif |
760 | | #ifdef ENABLE_PSK |
761 | | /* ECC - PSK */ |
762 | | ENTRY(GNUTLS_ECDHE_PSK_3DES_EDE_CBC_SHA1, |
763 | | "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA", GNUTLS_CIPHER_3DES_CBC, |
764 | | GNUTLS_KX_ECDHE_PSK, GNUTLS_MAC_SHA1, GNUTLS_SSL3, |
765 | | GNUTLS_DTLS_VERSION_MIN), |
766 | | ENTRY(GNUTLS_ECDHE_PSK_AES_128_CBC_SHA1, |
767 | | "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA", GNUTLS_CIPHER_AES_128_CBC, |
768 | | GNUTLS_KX_ECDHE_PSK, GNUTLS_MAC_SHA1, GNUTLS_SSL3, |
769 | | GNUTLS_DTLS_VERSION_MIN), |
770 | | ENTRY(GNUTLS_ECDHE_PSK_AES_256_CBC_SHA1, |
771 | | "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA", GNUTLS_CIPHER_AES_256_CBC, |
772 | | GNUTLS_KX_ECDHE_PSK, GNUTLS_MAC_SHA1, GNUTLS_SSL3, |
773 | | GNUTLS_DTLS_VERSION_MIN), |
774 | | ENTRY(GNUTLS_ECDHE_PSK_AES_128_CBC_SHA256, |
775 | | "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256", |
776 | | GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_PSK, GNUTLS_MAC_SHA256, |
777 | | GNUTLS_TLS1_2, GNUTLS_DTLS1_2), |
778 | | ENTRY_PRF(GNUTLS_ECDHE_PSK_AES_256_CBC_SHA384, |
779 | | "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384", |
780 | | GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_PSK, |
781 | | GNUTLS_MAC_SHA384, GNUTLS_TLS1_2, GNUTLS_DTLS1_2, |
782 | | GNUTLS_MAC_SHA384), |
783 | | ENTRY(GNUTLS_ECDHE_PSK_ARCFOUR_128_SHA1, |
784 | | "TLS_ECDHE_PSK_WITH_RC4_128_SHA", GNUTLS_CIPHER_ARCFOUR, |
785 | | GNUTLS_KX_ECDHE_PSK, GNUTLS_MAC_SHA1, GNUTLS_SSL3, |
786 | | GNUTLS_VERSION_UNKNOWN), |
787 | | ENTRY(GNUTLS_ECDHE_PSK_NULL_SHA1, "TLS_ECDHE_PSK_WITH_NULL_SHA", |
788 | | GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_PSK, GNUTLS_MAC_SHA1, |
789 | | GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), |
790 | | ENTRY(GNUTLS_ECDHE_PSK_NULL_SHA256, "TLS_ECDHE_PSK_WITH_NULL_SHA256", |
791 | | GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_PSK, GNUTLS_MAC_SHA256, |
792 | | GNUTLS_TLS1_2, GNUTLS_DTLS1_2), |
793 | | ENTRY_PRF(GNUTLS_ECDHE_PSK_NULL_SHA384, |
794 | | "TLS_ECDHE_PSK_WITH_NULL_SHA384", GNUTLS_CIPHER_NULL, |
795 | | GNUTLS_KX_ECDHE_PSK, GNUTLS_MAC_SHA384, GNUTLS_TLS1, |
796 | | GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384), |
797 | | ENTRY(GNUTLS_ECDHE_PSK_CAMELLIA_128_CBC_SHA256, |
798 | | "TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256", |
799 | | GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_ECDHE_PSK, |
800 | | GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), |
801 | | ENTRY_PRF(GNUTLS_ECDHE_PSK_CAMELLIA_256_CBC_SHA384, |
802 | | "TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384", |
803 | | GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_ECDHE_PSK, |
804 | | GNUTLS_MAC_SHA384, GNUTLS_TLS1_2, GNUTLS_DTLS1_2, |
805 | | GNUTLS_MAC_SHA384), |
806 | | |
807 | | /* PSK */ |
808 | | ENTRY(GNUTLS_PSK_ARCFOUR_128_SHA1, "TLS_PSK_WITH_RC4_128_SHA", |
809 | | GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_PSK, GNUTLS_MAC_SHA1, |
810 | | GNUTLS_SSL3, GNUTLS_VERSION_UNKNOWN), |
811 | | ENTRY(GNUTLS_PSK_3DES_EDE_CBC_SHA1, "TLS_PSK_WITH_3DES_EDE_CBC_SHA", |
812 | | GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_PSK, GNUTLS_MAC_SHA1, |
813 | | GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), |
814 | | ENTRY(GNUTLS_PSK_AES_128_CBC_SHA1, "TLS_PSK_WITH_AES_128_CBC_SHA", |
815 | | GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_PSK, GNUTLS_MAC_SHA1, |
816 | | GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), |
817 | | ENTRY(GNUTLS_PSK_AES_256_CBC_SHA1, "TLS_PSK_WITH_AES_256_CBC_SHA", |
818 | | GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_PSK, GNUTLS_MAC_SHA1, |
819 | | GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), |
820 | | ENTRY(GNUTLS_PSK_AES_128_CBC_SHA256, "TLS_PSK_WITH_AES_128_CBC_SHA256", |
821 | | GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_PSK, GNUTLS_MAC_SHA256, |
822 | | GNUTLS_TLS1_2, GNUTLS_DTLS1_2), |
823 | | ENTRY_PRF(GNUTLS_PSK_AES_256_GCM_SHA384, |
824 | | "TLS_PSK_WITH_AES_256_GCM_SHA384", GNUTLS_CIPHER_AES_256_GCM, |
825 | | GNUTLS_KX_PSK, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2, |
826 | | GNUTLS_MAC_SHA384), |
827 | | ENTRY(GNUTLS_PSK_CAMELLIA_128_GCM_SHA256, |
828 | | "TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256", |
829 | | GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_PSK, GNUTLS_MAC_AEAD, |
830 | | GNUTLS_TLS1_2, GNUTLS_DTLS1_2), |
831 | | ENTRY_PRF(GNUTLS_PSK_CAMELLIA_256_GCM_SHA384, |
832 | | "TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384", |
833 | | GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_PSK, |
834 | | GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2, |
835 | | GNUTLS_MAC_SHA384), |
836 | | |
837 | | ENTRY(GNUTLS_PSK_AES_128_GCM_SHA256, "TLS_PSK_WITH_AES_128_GCM_SHA256", |
838 | | GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_PSK, GNUTLS_MAC_AEAD, |
839 | | GNUTLS_TLS1_2, GNUTLS_DTLS1_2), |
840 | | ENTRY(GNUTLS_PSK_NULL_SHA1, "TLS_PSK_WITH_NULL_SHA", GNUTLS_CIPHER_NULL, |
841 | | GNUTLS_KX_PSK, GNUTLS_MAC_SHA1, GNUTLS_SSL3, |
842 | | GNUTLS_DTLS_VERSION_MIN), |
843 | | ENTRY(GNUTLS_PSK_NULL_SHA256, "TLS_PSK_WITH_NULL_SHA256", |
844 | | GNUTLS_CIPHER_NULL, GNUTLS_KX_PSK, GNUTLS_MAC_SHA256, |
845 | | GNUTLS_TLS1_2, GNUTLS_DTLS1_2), |
846 | | ENTRY(GNUTLS_PSK_CAMELLIA_128_CBC_SHA256, |
847 | | "TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256", |
848 | | GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_PSK, GNUTLS_MAC_SHA256, |
849 | | GNUTLS_TLS1_2, GNUTLS_DTLS1_2), |
850 | | ENTRY_PRF(GNUTLS_PSK_CAMELLIA_256_CBC_SHA384, |
851 | | "TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384", |
852 | | GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_PSK, |
853 | | GNUTLS_MAC_SHA384, GNUTLS_TLS1_2, GNUTLS_DTLS1_2, |
854 | | GNUTLS_MAC_SHA384), |
855 | | |
856 | | ENTRY_PRF(GNUTLS_PSK_AES_256_CBC_SHA384, |
857 | | "TLS_PSK_WITH_AES_256_CBC_SHA384", GNUTLS_CIPHER_AES_256_CBC, |
858 | | GNUTLS_KX_PSK, GNUTLS_MAC_SHA384, GNUTLS_TLS1_2, |
859 | | GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384), |
860 | | ENTRY_PRF(GNUTLS_PSK_NULL_SHA384, "TLS_PSK_WITH_NULL_SHA384", |
861 | | GNUTLS_CIPHER_NULL, GNUTLS_KX_PSK, GNUTLS_MAC_SHA384, |
862 | | GNUTLS_TLS1_2, GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384), |
863 | | |
864 | | /* RSA-PSK */ |
865 | | ENTRY(GNUTLS_RSA_PSK_ARCFOUR_128_SHA1, "TLS_RSA_PSK_WITH_RC4_128_SHA", |
866 | | GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_RSA_PSK, GNUTLS_MAC_SHA1, |
867 | | GNUTLS_TLS1, GNUTLS_VERSION_UNKNOWN), |
868 | | ENTRY(GNUTLS_RSA_PSK_3DES_EDE_CBC_SHA1, |
869 | | "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA", GNUTLS_CIPHER_3DES_CBC, |
870 | | GNUTLS_KX_RSA_PSK, GNUTLS_MAC_SHA1, GNUTLS_TLS1, |
871 | | GNUTLS_DTLS_VERSION_MIN), |
872 | | ENTRY(GNUTLS_RSA_PSK_AES_128_CBC_SHA1, |
873 | | "TLS_RSA_PSK_WITH_AES_128_CBC_SHA", GNUTLS_CIPHER_AES_128_CBC, |
874 | | GNUTLS_KX_RSA_PSK, GNUTLS_MAC_SHA1, GNUTLS_TLS1, |
875 | | GNUTLS_DTLS_VERSION_MIN), |
876 | | ENTRY(GNUTLS_RSA_PSK_AES_256_CBC_SHA1, |
877 | | "TLS_RSA_PSK_WITH_AES_256_CBC_SHA", GNUTLS_CIPHER_AES_256_CBC, |
878 | | GNUTLS_KX_RSA_PSK, GNUTLS_MAC_SHA1, GNUTLS_TLS1, |
879 | | GNUTLS_DTLS_VERSION_MIN), |
880 | | ENTRY(GNUTLS_RSA_PSK_CAMELLIA_128_GCM_SHA256, |
881 | | "TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256", |
882 | | GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_RSA_PSK, |
883 | | GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), |
884 | | ENTRY_PRF(GNUTLS_RSA_PSK_CAMELLIA_256_GCM_SHA384, |
885 | | "TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384", |
886 | | GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_RSA_PSK, |
887 | | GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2, |
888 | | GNUTLS_MAC_SHA384), |
889 | | |
890 | | ENTRY(GNUTLS_RSA_PSK_AES_128_GCM_SHA256, |
891 | | "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256", GNUTLS_CIPHER_AES_128_GCM, |
892 | | GNUTLS_KX_RSA_PSK, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, |
893 | | GNUTLS_DTLS1_2), |
894 | | ENTRY(GNUTLS_RSA_PSK_AES_128_CBC_SHA256, |
895 | | "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256", GNUTLS_CIPHER_AES_128_CBC, |
896 | | GNUTLS_KX_RSA_PSK, GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, |
897 | | GNUTLS_DTLS1_2), |
898 | | ENTRY(GNUTLS_RSA_PSK_NULL_SHA1, "TLS_RSA_PSK_WITH_NULL_SHA", |
899 | | GNUTLS_CIPHER_NULL, GNUTLS_KX_RSA_PSK, GNUTLS_MAC_SHA1, |
900 | | GNUTLS_TLS1, GNUTLS_DTLS_VERSION_MIN), |
901 | | ENTRY(GNUTLS_RSA_PSK_NULL_SHA256, "TLS_RSA_PSK_WITH_NULL_SHA256", |
902 | | GNUTLS_CIPHER_NULL, GNUTLS_KX_RSA_PSK, GNUTLS_MAC_SHA256, |
903 | | GNUTLS_TLS1_2, GNUTLS_DTLS1_2), |
904 | | ENTRY_PRF(GNUTLS_RSA_PSK_AES_256_GCM_SHA384, |
905 | | "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384", |
906 | | GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_RSA_PSK, GNUTLS_MAC_AEAD, |
907 | | GNUTLS_TLS1_2, GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384), |
908 | | ENTRY_PRF(GNUTLS_RSA_PSK_AES_256_CBC_SHA384, |
909 | | "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384", |
910 | | GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA_PSK, |
911 | | GNUTLS_MAC_SHA384, GNUTLS_TLS1_2, GNUTLS_DTLS1_2, |
912 | | GNUTLS_MAC_SHA384), |
913 | | ENTRY_PRF(GNUTLS_RSA_PSK_NULL_SHA384, "TLS_RSA_PSK_WITH_NULL_SHA384", |
914 | | GNUTLS_CIPHER_NULL, GNUTLS_KX_RSA_PSK, GNUTLS_MAC_SHA384, |
915 | | GNUTLS_TLS1_2, GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384), |
916 | | ENTRY(GNUTLS_RSA_PSK_CAMELLIA_128_CBC_SHA256, |
917 | | "TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256", |
918 | | GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_RSA_PSK, |
919 | | GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), |
920 | | ENTRY_PRF(GNUTLS_RSA_PSK_CAMELLIA_256_CBC_SHA384, |
921 | | "TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384", |
922 | | GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_RSA_PSK, |
923 | | GNUTLS_MAC_SHA384, GNUTLS_TLS1_2, GNUTLS_DTLS1_2, |
924 | | GNUTLS_MAC_SHA384), |
925 | | |
926 | | /* DHE-PSK */ |
927 | | ENTRY(GNUTLS_DHE_PSK_ARCFOUR_128_SHA1, "TLS_DHE_PSK_WITH_RC4_128_SHA", |
928 | | GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_DHE_PSK, GNUTLS_MAC_SHA1, |
929 | | GNUTLS_SSL3, GNUTLS_VERSION_UNKNOWN), |
930 | | ENTRY(GNUTLS_DHE_PSK_3DES_EDE_CBC_SHA1, |
931 | | "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA", GNUTLS_CIPHER_3DES_CBC, |
932 | | GNUTLS_KX_DHE_PSK, GNUTLS_MAC_SHA1, GNUTLS_SSL3, |
933 | | GNUTLS_DTLS_VERSION_MIN), |
934 | | ENTRY(GNUTLS_DHE_PSK_AES_128_CBC_SHA1, |
935 | | "TLS_DHE_PSK_WITH_AES_128_CBC_SHA", GNUTLS_CIPHER_AES_128_CBC, |
936 | | GNUTLS_KX_DHE_PSK, GNUTLS_MAC_SHA1, GNUTLS_SSL3, |
937 | | GNUTLS_DTLS_VERSION_MIN), |
938 | | ENTRY(GNUTLS_DHE_PSK_AES_256_CBC_SHA1, |
939 | | "TLS_DHE_PSK_WITH_AES_256_CBC_SHA", GNUTLS_CIPHER_AES_256_CBC, |
940 | | GNUTLS_KX_DHE_PSK, GNUTLS_MAC_SHA1, GNUTLS_SSL3, |
941 | | GNUTLS_DTLS_VERSION_MIN), |
942 | | ENTRY(GNUTLS_DHE_PSK_AES_128_CBC_SHA256, |
943 | | "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256", GNUTLS_CIPHER_AES_128_CBC, |
944 | | GNUTLS_KX_DHE_PSK, GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, |
945 | | GNUTLS_DTLS1_2), |
946 | | ENTRY(GNUTLS_DHE_PSK_AES_128_GCM_SHA256, |
947 | | "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256", GNUTLS_CIPHER_AES_128_GCM, |
948 | | GNUTLS_KX_DHE_PSK, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, |
949 | | GNUTLS_DTLS1_2), |
950 | | ENTRY(GNUTLS_DHE_PSK_NULL_SHA1, "TLS_DHE_PSK_WITH_NULL_SHA", |
951 | | GNUTLS_CIPHER_NULL, GNUTLS_KX_DHE_PSK, GNUTLS_MAC_SHA1, |
952 | | GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), |
953 | | ENTRY(GNUTLS_DHE_PSK_NULL_SHA256, "TLS_DHE_PSK_WITH_NULL_SHA256", |
954 | | GNUTLS_CIPHER_NULL, GNUTLS_KX_DHE_PSK, GNUTLS_MAC_SHA256, |
955 | | GNUTLS_TLS1_2, GNUTLS_DTLS1_2), |
956 | | ENTRY_PRF(GNUTLS_DHE_PSK_NULL_SHA384, "TLS_DHE_PSK_WITH_NULL_SHA384", |
957 | | GNUTLS_CIPHER_NULL, GNUTLS_KX_DHE_PSK, GNUTLS_MAC_SHA384, |
958 | | GNUTLS_TLS1_2, GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384), |
959 | | ENTRY_PRF(GNUTLS_DHE_PSK_AES_256_CBC_SHA384, |
960 | | "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384", |
961 | | GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_PSK, |
962 | | GNUTLS_MAC_SHA384, GNUTLS_TLS1_2, GNUTLS_DTLS1_2, |
963 | | GNUTLS_MAC_SHA384), |
964 | | ENTRY_PRF(GNUTLS_DHE_PSK_AES_256_GCM_SHA384, |
965 | | "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384", |
966 | | GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_DHE_PSK, GNUTLS_MAC_AEAD, |
967 | | GNUTLS_TLS1_2, GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384), |
968 | | ENTRY(GNUTLS_DHE_PSK_CAMELLIA_128_CBC_SHA256, |
969 | | "TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256", |
970 | | GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_DHE_PSK, |
971 | | GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), |
972 | | ENTRY_PRF(GNUTLS_DHE_PSK_CAMELLIA_256_CBC_SHA384, |
973 | | "TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384", |
974 | | GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_DHE_PSK, |
975 | | GNUTLS_MAC_SHA384, GNUTLS_TLS1_2, GNUTLS_DTLS1_2, |
976 | | GNUTLS_MAC_SHA384), |
977 | | ENTRY(GNUTLS_DHE_PSK_CAMELLIA_128_GCM_SHA256, |
978 | | "TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256", |
979 | | GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_DHE_PSK, |
980 | | GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), |
981 | | ENTRY_PRF(GNUTLS_DHE_PSK_CAMELLIA_256_GCM_SHA384, |
982 | | "TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384", |
983 | | GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_DHE_PSK, |
984 | | GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2, |
985 | | GNUTLS_MAC_SHA384), |
986 | | |
987 | | ENTRY(GNUTLS_PSK_AES_128_CCM, "TLS_PSK_WITH_AES_128_CCM", |
988 | | GNUTLS_CIPHER_AES_128_CCM, GNUTLS_KX_PSK, GNUTLS_MAC_AEAD, |
989 | | GNUTLS_TLS1_2, GNUTLS_DTLS1_2), |
990 | | ENTRY(GNUTLS_PSK_AES_256_CCM, "TLS_PSK_WITH_AES_256_CCM", |
991 | | GNUTLS_CIPHER_AES_256_CCM, GNUTLS_KX_PSK, GNUTLS_MAC_AEAD, |
992 | | GNUTLS_TLS1_2, GNUTLS_DTLS1_2), |
993 | | ENTRY(GNUTLS_DHE_PSK_AES_128_CCM, "TLS_DHE_PSK_WITH_AES_128_CCM", |
994 | | GNUTLS_CIPHER_AES_128_CCM, GNUTLS_KX_DHE_PSK, GNUTLS_MAC_AEAD, |
995 | | GNUTLS_TLS1_2, GNUTLS_DTLS1_2), |
996 | | ENTRY(GNUTLS_DHE_PSK_AES_256_CCM, "TLS_DHE_PSK_WITH_AES_256_CCM", |
997 | | GNUTLS_CIPHER_AES_256_CCM, GNUTLS_KX_DHE_PSK, GNUTLS_MAC_AEAD, |
998 | | GNUTLS_TLS1_2, GNUTLS_DTLS1_2), |
999 | | ENTRY(GNUTLS_PSK_AES_128_CCM_8, "TLS_PSK_WITH_AES_128_CCM_8", |
1000 | | GNUTLS_CIPHER_AES_128_CCM_8, GNUTLS_KX_PSK, GNUTLS_MAC_AEAD, |
1001 | | GNUTLS_TLS1_2, GNUTLS_DTLS1_2), |
1002 | | ENTRY(GNUTLS_PSK_AES_256_CCM_8, "TLS_PSK_WITH_AES_256_CCM_8", |
1003 | | GNUTLS_CIPHER_AES_256_CCM_8, GNUTLS_KX_PSK, GNUTLS_MAC_AEAD, |
1004 | | GNUTLS_TLS1_2, GNUTLS_DTLS1_2), |
1005 | | ENTRY(GNUTLS_DHE_PSK_AES_128_CCM_8, "TLS_PSK_DHE_WITH_AES_128_CCM_8", |
1006 | | GNUTLS_CIPHER_AES_128_CCM_8, GNUTLS_KX_DHE_PSK, GNUTLS_MAC_AEAD, |
1007 | | GNUTLS_TLS1_2, GNUTLS_DTLS1_2), |
1008 | | ENTRY(GNUTLS_DHE_PSK_AES_256_CCM_8, "TLS_PSK_DHE_WITH_AES_256_CCM_8", |
1009 | | GNUTLS_CIPHER_AES_256_CCM_8, GNUTLS_KX_DHE_PSK, GNUTLS_MAC_AEAD, |
1010 | | GNUTLS_TLS1_2, GNUTLS_DTLS1_2), |
1011 | | ENTRY(GNUTLS_DHE_PSK_CHACHA20_POLY1305, |
1012 | | "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256", |
1013 | | GNUTLS_CIPHER_CHACHA20_POLY1305, GNUTLS_KX_DHE_PSK, |
1014 | | GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), |
1015 | | ENTRY(GNUTLS_ECDHE_PSK_CHACHA20_POLY1305, |
1016 | | "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256", |
1017 | | GNUTLS_CIPHER_CHACHA20_POLY1305, GNUTLS_KX_ECDHE_PSK, |
1018 | | GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), |
1019 | | |
1020 | | ENTRY(GNUTLS_RSA_PSK_CHACHA20_POLY1305, |
1021 | | "TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256", |
1022 | | GNUTLS_CIPHER_CHACHA20_POLY1305, GNUTLS_KX_RSA_PSK, |
1023 | | GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), |
1024 | | |
1025 | | ENTRY(GNUTLS_PSK_CHACHA20_POLY1305, |
1026 | | "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256", |
1027 | | GNUTLS_CIPHER_CHACHA20_POLY1305, GNUTLS_KX_PSK, GNUTLS_MAC_AEAD, |
1028 | | GNUTLS_TLS1_2, GNUTLS_DTLS1_2), |
1029 | | |
1030 | | #endif |
1031 | | #ifdef ENABLE_ANON |
1032 | | /* DH_ANON */ |
1033 | | ENTRY(GNUTLS_DH_ANON_ARCFOUR_128_MD5, "TLS_DH_anon_WITH_RC4_128_MD5", |
1034 | | GNUTLS_CIPHER_ARCFOUR_128, GNUTLS_KX_ANON_DH, GNUTLS_MAC_MD5, |
1035 | | GNUTLS_SSL3, GNUTLS_VERSION_UNKNOWN), |
1036 | | ENTRY(GNUTLS_DH_ANON_3DES_EDE_CBC_SHA1, |
1037 | | "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA", GNUTLS_CIPHER_3DES_CBC, |
1038 | | GNUTLS_KX_ANON_DH, GNUTLS_MAC_SHA1, GNUTLS_SSL3, |
1039 | | GNUTLS_DTLS_VERSION_MIN), |
1040 | | ENTRY(GNUTLS_DH_ANON_AES_128_CBC_SHA1, |
1041 | | "TLS_DH_anon_WITH_AES_128_CBC_SHA", GNUTLS_CIPHER_AES_128_CBC, |
1042 | | GNUTLS_KX_ANON_DH, GNUTLS_MAC_SHA1, GNUTLS_SSL3, |
1043 | | GNUTLS_DTLS_VERSION_MIN), |
1044 | | ENTRY(GNUTLS_DH_ANON_AES_256_CBC_SHA1, |
1045 | | "TLS_DH_anon_WITH_AES_256_CBC_SHA", GNUTLS_CIPHER_AES_256_CBC, |
1046 | | GNUTLS_KX_ANON_DH, GNUTLS_MAC_SHA1, GNUTLS_SSL3, |
1047 | | GNUTLS_DTLS_VERSION_MIN), |
1048 | | ENTRY(GNUTLS_DH_ANON_CAMELLIA_128_CBC_SHA256, |
1049 | | "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256", |
1050 | | GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_ANON_DH, |
1051 | | GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), |
1052 | | ENTRY(GNUTLS_DH_ANON_CAMELLIA_256_CBC_SHA256, |
1053 | | "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256", |
1054 | | GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_ANON_DH, |
1055 | | GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), |
1056 | | ENTRY(GNUTLS_DH_ANON_CAMELLIA_128_CBC_SHA1, |
1057 | | "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA", |
1058 | | GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_ANON_DH, |
1059 | | GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), |
1060 | | ENTRY(GNUTLS_DH_ANON_CAMELLIA_256_CBC_SHA1, |
1061 | | "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA", |
1062 | | GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_ANON_DH, |
1063 | | GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), |
1064 | | ENTRY(GNUTLS_DH_ANON_AES_128_CBC_SHA256, |
1065 | | "TLS_DH_anon_WITH_AES_128_CBC_SHA256", GNUTLS_CIPHER_AES_128_CBC, |
1066 | | GNUTLS_KX_ANON_DH, GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, |
1067 | | GNUTLS_DTLS1_2), |
1068 | | ENTRY(GNUTLS_DH_ANON_AES_256_CBC_SHA256, |
1069 | | "TLS_DH_anon_WITH_AES_256_CBC_SHA256", GNUTLS_CIPHER_AES_256_CBC, |
1070 | | GNUTLS_KX_ANON_DH, GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, |
1071 | | GNUTLS_DTLS1_2), |
1072 | | ENTRY(GNUTLS_DH_ANON_AES_128_GCM_SHA256, |
1073 | | "TLS_DH_anon_WITH_AES_128_GCM_SHA256", GNUTLS_CIPHER_AES_128_GCM, |
1074 | | GNUTLS_KX_ANON_DH, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, |
1075 | | GNUTLS_DTLS1_2), |
1076 | | ENTRY_PRF(GNUTLS_DH_ANON_AES_256_GCM_SHA384, |
1077 | | "TLS_DH_anon_WITH_AES_256_GCM_SHA384", |
1078 | | GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_ANON_DH, GNUTLS_MAC_AEAD, |
1079 | | GNUTLS_TLS1_2, GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384), |
1080 | | ENTRY(GNUTLS_DH_ANON_CAMELLIA_128_GCM_SHA256, |
1081 | | "TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256", |
1082 | | GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_ANON_DH, |
1083 | | GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), |
1084 | | ENTRY_PRF(GNUTLS_DH_ANON_CAMELLIA_256_GCM_SHA384, |
1085 | | "TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384", |
1086 | | GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_ANON_DH, |
1087 | | GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2, |
1088 | | GNUTLS_MAC_SHA384), |
1089 | | |
1090 | | /* ECC-ANON */ |
1091 | | ENTRY(GNUTLS_ECDH_ANON_NULL_SHA1, "TLS_ECDH_anon_WITH_NULL_SHA", |
1092 | | GNUTLS_CIPHER_NULL, GNUTLS_KX_ANON_ECDH, GNUTLS_MAC_SHA1, |
1093 | | GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), |
1094 | | ENTRY(GNUTLS_ECDH_ANON_3DES_EDE_CBC_SHA1, |
1095 | | "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", GNUTLS_CIPHER_3DES_CBC, |
1096 | | GNUTLS_KX_ANON_ECDH, GNUTLS_MAC_SHA1, GNUTLS_SSL3, |
1097 | | GNUTLS_DTLS_VERSION_MIN), |
1098 | | ENTRY(GNUTLS_ECDH_ANON_AES_128_CBC_SHA1, |
1099 | | "TLS_ECDH_anon_WITH_AES_128_CBC_SHA", GNUTLS_CIPHER_AES_128_CBC, |
1100 | | GNUTLS_KX_ANON_ECDH, GNUTLS_MAC_SHA1, GNUTLS_SSL3, |
1101 | | GNUTLS_DTLS_VERSION_MIN), |
1102 | | ENTRY(GNUTLS_ECDH_ANON_AES_256_CBC_SHA1, |
1103 | | "TLS_ECDH_anon_WITH_AES_256_CBC_SHA", GNUTLS_CIPHER_AES_256_CBC, |
1104 | | GNUTLS_KX_ANON_ECDH, GNUTLS_MAC_SHA1, GNUTLS_SSL3, |
1105 | | GNUTLS_DTLS_VERSION_MIN), |
1106 | | ENTRY(GNUTLS_ECDH_ANON_ARCFOUR_128_SHA1, |
1107 | | "TLS_ECDH_anon_WITH_RC4_128_SHA", GNUTLS_CIPHER_ARCFOUR, |
1108 | | GNUTLS_KX_ANON_ECDH, GNUTLS_MAC_SHA1, GNUTLS_SSL3, |
1109 | | GNUTLS_VERSION_UNKNOWN), |
1110 | | #endif |
1111 | | #ifdef ENABLE_SRP |
1112 | | /* SRP */ |
1113 | | ENTRY(GNUTLS_SRP_SHA_3DES_EDE_CBC_SHA1, |
1114 | | "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA", GNUTLS_CIPHER_3DES_CBC, |
1115 | | GNUTLS_KX_SRP, GNUTLS_MAC_SHA1, GNUTLS_SSL3, |
1116 | | GNUTLS_DTLS_VERSION_MIN), |
1117 | | ENTRY(GNUTLS_SRP_SHA_AES_128_CBC_SHA1, |
1118 | | "TLS_SRP_SHA_WITH_AES_128_CBC_SHA", GNUTLS_CIPHER_AES_128_CBC, |
1119 | | GNUTLS_KX_SRP, GNUTLS_MAC_SHA1, GNUTLS_SSL3, |
1120 | | GNUTLS_DTLS_VERSION_MIN), |
1121 | | ENTRY(GNUTLS_SRP_SHA_AES_256_CBC_SHA1, |
1122 | | "TLS_SRP_SHA_WITH_AES_256_CBC_SHA", GNUTLS_CIPHER_AES_256_CBC, |
1123 | | GNUTLS_KX_SRP, GNUTLS_MAC_SHA1, GNUTLS_SSL3, |
1124 | | GNUTLS_DTLS_VERSION_MIN), |
1125 | | |
1126 | | ENTRY(GNUTLS_SRP_SHA_DSS_3DES_EDE_CBC_SHA1, |
1127 | | "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA", GNUTLS_CIPHER_3DES_CBC, |
1128 | | GNUTLS_KX_SRP_DSS, GNUTLS_MAC_SHA1, GNUTLS_SSL3, |
1129 | | GNUTLS_DTLS_VERSION_MIN), |
1130 | | |
1131 | | ENTRY(GNUTLS_SRP_SHA_RSA_3DES_EDE_CBC_SHA1, |
1132 | | "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA", GNUTLS_CIPHER_3DES_CBC, |
1133 | | GNUTLS_KX_SRP_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3, |
1134 | | GNUTLS_DTLS_VERSION_MIN), |
1135 | | |
1136 | | ENTRY(GNUTLS_SRP_SHA_DSS_AES_128_CBC_SHA1, |
1137 | | "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA", GNUTLS_CIPHER_AES_128_CBC, |
1138 | | GNUTLS_KX_SRP_DSS, GNUTLS_MAC_SHA1, GNUTLS_SSL3, |
1139 | | GNUTLS_DTLS_VERSION_MIN), |
1140 | | |
1141 | | ENTRY(GNUTLS_SRP_SHA_RSA_AES_128_CBC_SHA1, |
1142 | | "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA", GNUTLS_CIPHER_AES_128_CBC, |
1143 | | GNUTLS_KX_SRP_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3, |
1144 | | GNUTLS_DTLS_VERSION_MIN), |
1145 | | |
1146 | | ENTRY(GNUTLS_SRP_SHA_DSS_AES_256_CBC_SHA1, |
1147 | | "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA", GNUTLS_CIPHER_AES_256_CBC, |
1148 | | GNUTLS_KX_SRP_DSS, GNUTLS_MAC_SHA1, GNUTLS_SSL3, |
1149 | | GNUTLS_DTLS_VERSION_MIN), |
1150 | | |
1151 | | ENTRY(GNUTLS_SRP_SHA_RSA_AES_256_CBC_SHA1, |
1152 | | "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA", GNUTLS_CIPHER_AES_256_CBC, |
1153 | | GNUTLS_KX_SRP_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3, |
1154 | | GNUTLS_DTLS_VERSION_MIN), |
1155 | | #endif |
1156 | | |
1157 | | #ifdef ENABLE_GOST |
1158 | | ENTRY_PRF(GNUTLS_GOSTR341112_256_28147_CNT_IMIT, |
1159 | | "TLS_GOSTR341112_256_WITH_28147_CNT_IMIT", |
1160 | | GNUTLS_CIPHER_GOST28147_TC26Z_CNT, GNUTLS_KX_VKO_GOST_12, |
1161 | | GNUTLS_MAC_GOST28147_TC26Z_IMIT, GNUTLS_TLS1_2, |
1162 | | GNUTLS_VERSION_UNKNOWN, GNUTLS_MAC_STREEBOG_256), |
1163 | | #endif |
1164 | | |
1165 | | { 0, { 0, 0 }, 0, 0, 0, 0, 0, 0 } |
1166 | | }; |
1167 | | |
1168 | | #define CIPHER_SUITE_LOOP(b) \ |
1169 | 0 | { \ |
1170 | 0 | const gnutls_cipher_suite_entry_st *p; \ |
1171 | 0 | for (p = cs_algorithms; p->name != NULL; p++) { \ |
1172 | 0 | b; \ |
1173 | 0 | } \ |
1174 | 0 | } |
1175 | | |
1176 | | #define CIPHER_SUITE_ALG_LOOP(a, suite) \ |
1177 | 0 | CIPHER_SUITE_LOOP( \ |
1178 | 0 | if ((p->id[0] == suite[0]) && (p->id[1] == suite[1])) { \ |
1179 | 0 | a; \ |
1180 | 0 | break; \ |
1181 | 0 | }) |
1182 | | |
1183 | | /* Cipher Suite's functions */ |
1184 | | const gnutls_cipher_suite_entry_st *ciphersuite_to_entry(const uint8_t suite[2]) |
1185 | 0 | { |
1186 | 0 | CIPHER_SUITE_ALG_LOOP(return p, suite); |
1187 | 0 | return NULL; |
1188 | 0 | } |
1189 | | |
1190 | | gnutls_kx_algorithm_t _gnutls_cipher_suite_get_kx_algo(const uint8_t suite[2]) |
1191 | 0 | { |
1192 | 0 | gnutls_kx_algorithm_t ret = GNUTLS_KX_UNKNOWN; |
1193 | |
|
1194 | 0 | CIPHER_SUITE_ALG_LOOP(ret = p->kx_algorithm, suite); |
1195 | 0 | return ret; |
1196 | 0 | } |
1197 | | |
1198 | | const char *_gnutls_cipher_suite_get_name(const uint8_t suite[2]) |
1199 | 0 | { |
1200 | 0 | const char *ret = NULL; |
1201 | | |
1202 | | /* avoid prefix */ |
1203 | 0 | CIPHER_SUITE_ALG_LOOP(ret = p->name + sizeof("GNUTLS_") - 1, suite); |
1204 | |
|
1205 | 0 | return ret; |
1206 | 0 | } |
1207 | | |
1208 | | const gnutls_cipher_suite_entry_st * |
1209 | | cipher_suite_get(gnutls_kx_algorithm_t kx_algorithm, |
1210 | | gnutls_cipher_algorithm_t cipher_algorithm, |
1211 | | gnutls_mac_algorithm_t mac_algorithm) |
1212 | 0 | { |
1213 | 0 | const gnutls_cipher_suite_entry_st *ret = NULL; |
1214 | |
|
1215 | 0 | CIPHER_SUITE_LOOP(if (kx_algorithm == p->kx_algorithm && |
1216 | 0 | cipher_algorithm == p->block_algorithm && |
1217 | 0 | mac_algorithm == p->mac_algorithm) { |
1218 | 0 | ret = p; |
1219 | 0 | break; |
1220 | 0 | }); |
1221 | |
|
1222 | 0 | return ret; |
1223 | 0 | } |
1224 | | |
1225 | | /* Returns 0 if the given KX has not the corresponding parameters |
1226 | | * (DH or RSA) set up. Otherwise returns 1. |
1227 | | */ |
1228 | | static unsigned check_server_dh_params(gnutls_session_t session, |
1229 | | unsigned cred_type, |
1230 | | gnutls_kx_algorithm_t kx) |
1231 | 0 | { |
1232 | 0 | unsigned have_dh_params = 0; |
1233 | |
|
1234 | 0 | if (!_gnutls_kx_needs_dh_params(kx)) { |
1235 | 0 | return 1; |
1236 | 0 | } |
1237 | | |
1238 | 0 | if (session->internals.hsk_flags & HSK_HAVE_FFDHE) { |
1239 | | /* if the client has advertised FFDHE then it doesn't matter |
1240 | | * whether we have server DH parameters. They are no good. */ |
1241 | 0 | gnutls_assert(); |
1242 | 0 | return 0; |
1243 | 0 | } |
1244 | | |
1245 | | /* Read the Diffie-Hellman parameters, if any. |
1246 | | */ |
1247 | 0 | if (cred_type == GNUTLS_CRD_CERTIFICATE) { |
1248 | 0 | gnutls_certificate_credentials_t x509_cred = |
1249 | 0 | (gnutls_certificate_credentials_t)_gnutls_get_cred( |
1250 | 0 | session, cred_type); |
1251 | |
|
1252 | 0 | if (x509_cred != NULL && |
1253 | 0 | (x509_cred->dh_params || x509_cred->params_func || |
1254 | 0 | x509_cred->dh_sec_param)) { |
1255 | 0 | have_dh_params = 1; |
1256 | 0 | } |
1257 | |
|
1258 | 0 | #ifdef ENABLE_ANON |
1259 | 0 | } else if (cred_type == GNUTLS_CRD_ANON) { |
1260 | 0 | gnutls_anon_server_credentials_t anon_cred = |
1261 | 0 | (gnutls_anon_server_credentials_t)_gnutls_get_cred( |
1262 | 0 | session, cred_type); |
1263 | |
|
1264 | 0 | if (anon_cred != NULL && |
1265 | 0 | (anon_cred->dh_params || anon_cred->params_func || |
1266 | 0 | anon_cred->dh_sec_param)) { |
1267 | 0 | have_dh_params = 1; |
1268 | 0 | } |
1269 | 0 | #endif |
1270 | 0 | #ifdef ENABLE_PSK |
1271 | 0 | } else if (cred_type == GNUTLS_CRD_PSK) { |
1272 | 0 | gnutls_psk_server_credentials_t psk_cred = |
1273 | 0 | (gnutls_psk_server_credentials_t)_gnutls_get_cred( |
1274 | 0 | session, cred_type); |
1275 | |
|
1276 | 0 | if (psk_cred != NULL && |
1277 | 0 | (psk_cred->dh_params || psk_cred->params_func || |
1278 | 0 | psk_cred->dh_sec_param)) { |
1279 | 0 | have_dh_params = 1; |
1280 | 0 | } |
1281 | 0 | #endif |
1282 | 0 | } else { |
1283 | 0 | return 1; /* no need for params */ |
1284 | 0 | } |
1285 | | |
1286 | 0 | return have_dh_params; |
1287 | 0 | } |
1288 | | |
1289 | | /** |
1290 | | * gnutls_cipher_suite_get_name: |
1291 | | * @kx_algorithm: is a Key exchange algorithm |
1292 | | * @cipher_algorithm: is a cipher algorithm |
1293 | | * @mac_algorithm: is a MAC algorithm |
1294 | | * |
1295 | | * This function returns the ciphersuite name under TLS1.2 or earlier |
1296 | | * versions when provided with individual algorithms. The full cipher suite |
1297 | | * name must be prepended by TLS or SSL depending of the protocol in use. |
1298 | | * |
1299 | | * To get a description of the current ciphersuite across versions, it |
1300 | | * is recommended to use gnutls_session_get_desc(). |
1301 | | * |
1302 | | * Returns: a string that contains the name of a TLS cipher suite, |
1303 | | * specified by the given algorithms, or %NULL. |
1304 | | **/ |
1305 | | const char * |
1306 | | gnutls_cipher_suite_get_name(gnutls_kx_algorithm_t kx_algorithm, |
1307 | | gnutls_cipher_algorithm_t cipher_algorithm, |
1308 | | gnutls_mac_algorithm_t mac_algorithm) |
1309 | 0 | { |
1310 | 0 | const gnutls_cipher_suite_entry_st *ce; |
1311 | |
|
1312 | 0 | ce = cipher_suite_get(kx_algorithm, cipher_algorithm, mac_algorithm); |
1313 | 0 | if (ce == NULL) |
1314 | 0 | return NULL; |
1315 | 0 | else |
1316 | 0 | return ce->name + sizeof("GNUTLS_") - 1; |
1317 | 0 | } |
1318 | | |
1319 | | /*- |
1320 | | * _gnutls_cipher_suite_get_id: |
1321 | | * @kx_algorithm: is a Key exchange algorithm |
1322 | | * @cipher_algorithm: is a cipher algorithm |
1323 | | * @mac_algorithm: is a MAC algorithm |
1324 | | * @suite: The id to be returned |
1325 | | * |
1326 | | * This function returns the ciphersuite ID in @suite, under TLS1.2 or earlier |
1327 | | * versions when provided with individual algorithms. |
1328 | | * |
1329 | | * Returns: 0 on success or a negative error code otherwise. |
1330 | | -*/ |
1331 | | int _gnutls_cipher_suite_get_id(gnutls_kx_algorithm_t kx_algorithm, |
1332 | | gnutls_cipher_algorithm_t cipher_algorithm, |
1333 | | gnutls_mac_algorithm_t mac_algorithm, |
1334 | | uint8_t suite[2]) |
1335 | 0 | { |
1336 | 0 | const gnutls_cipher_suite_entry_st *ce; |
1337 | |
|
1338 | 0 | ce = cipher_suite_get(kx_algorithm, cipher_algorithm, mac_algorithm); |
1339 | 0 | if (ce == NULL) |
1340 | 0 | return GNUTLS_E_INVALID_REQUEST; |
1341 | 0 | else { |
1342 | 0 | suite[0] = ce->id[0]; |
1343 | 0 | suite[1] = ce->id[1]; |
1344 | 0 | } |
1345 | 0 | return 0; |
1346 | 0 | } |
1347 | | |
1348 | | /** |
1349 | | * gnutls_cipher_suite_info: |
1350 | | * @idx: index of cipher suite to get information about, starts on 0. |
1351 | | * @cs_id: output buffer with room for 2 bytes, indicating cipher suite value |
1352 | | * @kx: output variable indicating key exchange algorithm, or %NULL. |
1353 | | * @cipher: output variable indicating cipher, or %NULL. |
1354 | | * @mac: output variable indicating MAC algorithm, or %NULL. |
1355 | | * @min_version: output variable indicating TLS protocol version, or %NULL. |
1356 | | * |
1357 | | * Get information about supported cipher suites. Use the function |
1358 | | * iteratively to get information about all supported cipher suites. |
1359 | | * Call with idx=0 to get information about first cipher suite, then |
1360 | | * idx=1 and so on until the function returns NULL. |
1361 | | * |
1362 | | * Returns: the name of @idx cipher suite, and set the information |
1363 | | * about the cipher suite in the output variables. If @idx is out of |
1364 | | * bounds, %NULL is returned. |
1365 | | **/ |
1366 | | const char *gnutls_cipher_suite_info(size_t idx, unsigned char *cs_id, |
1367 | | gnutls_kx_algorithm_t *kx, |
1368 | | gnutls_cipher_algorithm_t *cipher, |
1369 | | gnutls_mac_algorithm_t *mac, |
1370 | | gnutls_protocol_t *min_version) |
1371 | 0 | { |
1372 | 0 | if (idx >= CIPHER_SUITES_COUNT) |
1373 | 0 | return NULL; |
1374 | | |
1375 | 0 | if (cs_id) |
1376 | 0 | memcpy(cs_id, cs_algorithms[idx].id, 2); |
1377 | 0 | if (kx) |
1378 | 0 | *kx = cs_algorithms[idx].kx_algorithm; |
1379 | 0 | if (cipher) |
1380 | 0 | *cipher = cs_algorithms[idx].block_algorithm; |
1381 | 0 | if (mac) |
1382 | 0 | *mac = cs_algorithms[idx].mac_algorithm; |
1383 | 0 | if (min_version) |
1384 | 0 | *min_version = cs_algorithms[idx].min_version; |
1385 | |
|
1386 | 0 | return cs_algorithms[idx].name + sizeof("GNU") - 1; |
1387 | 0 | } |
1388 | | |
1389 | | #define VERSION_CHECK(entry) \ |
1390 | 0 | if (is_dtls) { \ |
1391 | 0 | if (entry->min_dtls_version == GNUTLS_VERSION_UNKNOWN || \ |
1392 | 0 | version->id < entry->min_dtls_version || \ |
1393 | 0 | version->id > entry->max_dtls_version) \ |
1394 | 0 | continue; \ |
1395 | 0 | } else { \ |
1396 | 0 | if (entry->min_version == GNUTLS_VERSION_UNKNOWN || \ |
1397 | 0 | version->id < entry->min_version || \ |
1398 | 0 | version->id > entry->max_version) \ |
1399 | 0 | continue; \ |
1400 | 0 | } |
1401 | | |
1402 | | #define CIPHER_CHECK(algo) \ |
1403 | 0 | if (session->internals.priorities->force_etm && !have_etm) { \ |
1404 | 0 | const cipher_entry_st *_cipher; \ |
1405 | 0 | _cipher = cipher_to_entry(algo); \ |
1406 | 0 | if (_cipher == NULL || \ |
1407 | 0 | _gnutls_cipher_type(_cipher) == CIPHER_BLOCK) \ |
1408 | 0 | continue; \ |
1409 | 0 | } |
1410 | | |
1411 | | #define KX_SRP_CHECKS(kx, action) \ |
1412 | 0 | if (kx == GNUTLS_KX_SRP_RSA || kx == GNUTLS_KX_SRP_DSS) { \ |
1413 | 0 | if (!_gnutls_get_cred(session, GNUTLS_CRD_SRP)) { \ |
1414 | 0 | action; \ |
1415 | 0 | } \ |
1416 | 0 | } |
1417 | | |
1418 | | static unsigned kx_is_ok(gnutls_session_t session, gnutls_kx_algorithm_t kx, |
1419 | | unsigned cred_type, |
1420 | | const gnutls_group_entry_st **sgroup) |
1421 | 0 | { |
1422 | 0 | if (_gnutls_kx_is_ecc(kx)) { |
1423 | 0 | if (session->internals.cand_ec_group == NULL) { |
1424 | 0 | return 0; |
1425 | 0 | } else { |
1426 | 0 | *sgroup = session->internals.cand_ec_group; |
1427 | 0 | } |
1428 | 0 | } else if (_gnutls_kx_is_dhe(kx)) { |
1429 | 0 | if (session->internals.cand_dh_group == NULL) { |
1430 | 0 | if (!check_server_dh_params(session, cred_type, kx)) { |
1431 | 0 | return 0; |
1432 | 0 | } |
1433 | 0 | } else { |
1434 | 0 | *sgroup = session->internals.cand_dh_group; |
1435 | 0 | } |
1436 | 0 | } |
1437 | 0 | KX_SRP_CHECKS(kx, return 0); |
1438 | |
|
1439 | 0 | return 1; |
1440 | 0 | } |
1441 | | |
1442 | | /* Called on server-side only */ |
1443 | | int _gnutls_figure_common_ciphersuite(gnutls_session_t session, |
1444 | | const ciphersuite_list_st *peer_clist, |
1445 | | const gnutls_cipher_suite_entry_st **ce) |
1446 | 0 | { |
1447 | 0 | unsigned int i, j; |
1448 | 0 | int ret; |
1449 | 0 | const version_entry_st *version = get_version(session); |
1450 | 0 | unsigned int is_dtls = IS_DTLS(session); |
1451 | 0 | gnutls_kx_algorithm_t kx; |
1452 | 0 | gnutls_credentials_type_t cred_type = |
1453 | 0 | GNUTLS_CRD_CERTIFICATE; /* default for TLS1.3 */ |
1454 | 0 | const gnutls_group_entry_st *sgroup = NULL; |
1455 | 0 | gnutls_ext_priv_data_t epriv; |
1456 | 0 | unsigned have_etm = 0; |
1457 | |
|
1458 | 0 | if (version == NULL) { |
1459 | 0 | return gnutls_assert_val(GNUTLS_E_NO_CIPHER_SUITES); |
1460 | 0 | } |
1461 | | |
1462 | | /* we figure whether etm is negotiated by checking the raw extension data |
1463 | | * because we only set (security_params) EtM to true only after the ciphersuite is |
1464 | | * negotiated. */ |
1465 | 0 | ret = _gnutls_hello_ext_get_priv(session, GNUTLS_EXTENSION_ETM, &epriv); |
1466 | 0 | if (ret >= 0 && ((intptr_t)epriv) != 0) |
1467 | 0 | have_etm = 1; |
1468 | | |
1469 | | /* If we didn't receive the supported_groups extension, then |
1470 | | * we should assume that SECP256R1 is supported; that is required |
1471 | | * by RFC4492, probably to allow SSLv2 hellos negotiate elliptic curve |
1472 | | * ciphersuites */ |
1473 | 0 | if (!version->tls13_sem && session->internals.cand_ec_group == NULL && |
1474 | 0 | !_gnutls_hello_ext_is_present(session, |
1475 | 0 | GNUTLS_EXTENSION_SUPPORTED_GROUPS)) { |
1476 | 0 | session->internals.cand_ec_group = |
1477 | 0 | _gnutls_id_to_group(DEFAULT_EC_GROUP); |
1478 | 0 | } |
1479 | |
|
1480 | 0 | if (session->internals.priorities->server_precedence == 0) { |
1481 | 0 | for (i = 0; i < peer_clist->size; i++) { |
1482 | 0 | _gnutls_debug_log( |
1483 | 0 | "checking %.2x.%.2x (%s) for compatibility\n", |
1484 | 0 | (unsigned)peer_clist->entry[i]->id[0], |
1485 | 0 | (unsigned)peer_clist->entry[i]->id[1], |
1486 | 0 | peer_clist->entry[i]->name); |
1487 | 0 | VERSION_CHECK(peer_clist->entry[i]); |
1488 | |
|
1489 | 0 | kx = peer_clist->entry[i]->kx_algorithm; |
1490 | |
|
1491 | 0 | CIPHER_CHECK(peer_clist->entry[i]->block_algorithm); |
1492 | |
|
1493 | 0 | if (!version->tls13_sem) |
1494 | 0 | cred_type = _gnutls_map_kx_get_cred(kx, 1); |
1495 | |
|
1496 | 0 | for (j = 0; j < session->internals.priorities->cs.size; |
1497 | 0 | j++) { |
1498 | 0 | if (session->internals.priorities->cs.entry[j] == |
1499 | 0 | peer_clist->entry[i]) { |
1500 | 0 | sgroup = NULL; |
1501 | 0 | if (!kx_is_ok(session, kx, cred_type, |
1502 | 0 | &sgroup)) |
1503 | 0 | continue; |
1504 | | |
1505 | | /* if we have selected PSK, we need a ciphersuites which matches |
1506 | | * the selected binder */ |
1507 | 0 | if (session->internals.hsk_flags & |
1508 | 0 | HSK_PSK_SELECTED) { |
1509 | 0 | if (session->key.binders[0] |
1510 | 0 | .prf->id != |
1511 | 0 | session->internals |
1512 | 0 | .priorities->cs |
1513 | 0 | .entry[j] |
1514 | 0 | ->prf) |
1515 | 0 | continue; |
1516 | 0 | } else if (cred_type == |
1517 | 0 | GNUTLS_CRD_CERTIFICATE) { |
1518 | 0 | ret = _gnutls_select_server_cert( |
1519 | 0 | session, |
1520 | 0 | peer_clist->entry[i]); |
1521 | 0 | if (ret < 0) { |
1522 | | /* couldn't select cert with this ciphersuite */ |
1523 | 0 | gnutls_assert(); |
1524 | 0 | break; |
1525 | 0 | } |
1526 | 0 | } |
1527 | | |
1528 | | /* select the group based on the selected ciphersuite */ |
1529 | 0 | if (sgroup) |
1530 | 0 | _gnutls_session_group_set( |
1531 | 0 | session, sgroup); |
1532 | 0 | *ce = peer_clist->entry[i]; |
1533 | 0 | return 0; |
1534 | 0 | } |
1535 | 0 | } |
1536 | 0 | } |
1537 | 0 | } else { |
1538 | 0 | for (j = 0; j < session->internals.priorities->cs.size; j++) { |
1539 | 0 | VERSION_CHECK( |
1540 | 0 | session->internals.priorities->cs.entry[j]); |
1541 | |
|
1542 | 0 | CIPHER_CHECK(session->internals.priorities->cs.entry[j] |
1543 | 0 | ->block_algorithm); |
1544 | |
|
1545 | 0 | for (i = 0; i < peer_clist->size; i++) { |
1546 | 0 | _gnutls_debug_log( |
1547 | 0 | "checking %.2x.%.2x (%s) for compatibility\n", |
1548 | 0 | (unsigned)peer_clist->entry[i]->id[0], |
1549 | 0 | (unsigned)peer_clist->entry[i]->id[1], |
1550 | 0 | peer_clist->entry[i]->name); |
1551 | |
|
1552 | 0 | if (session->internals.priorities->cs.entry[j] == |
1553 | 0 | peer_clist->entry[i]) { |
1554 | 0 | sgroup = NULL; |
1555 | 0 | kx = peer_clist->entry[i]->kx_algorithm; |
1556 | |
|
1557 | 0 | if (!version->tls13_sem) |
1558 | 0 | cred_type = |
1559 | 0 | _gnutls_map_kx_get_cred( |
1560 | 0 | kx, 1); |
1561 | |
|
1562 | 0 | if (!kx_is_ok(session, kx, cred_type, |
1563 | 0 | &sgroup)) |
1564 | 0 | break; |
1565 | | |
1566 | | /* if we have selected PSK, we need a ciphersuites which matches |
1567 | | * the selected binder */ |
1568 | 0 | if (session->internals.hsk_flags & |
1569 | 0 | HSK_PSK_SELECTED) { |
1570 | 0 | if (session->key.binders[0] |
1571 | 0 | .prf->id != |
1572 | 0 | session->internals |
1573 | 0 | .priorities->cs |
1574 | 0 | .entry[j] |
1575 | 0 | ->prf) |
1576 | 0 | break; |
1577 | 0 | } else if (cred_type == |
1578 | 0 | GNUTLS_CRD_CERTIFICATE) { |
1579 | 0 | ret = _gnutls_select_server_cert( |
1580 | 0 | session, |
1581 | 0 | peer_clist->entry[i]); |
1582 | 0 | if (ret < 0) { |
1583 | | /* couldn't select cert with this ciphersuite */ |
1584 | 0 | gnutls_assert(); |
1585 | 0 | break; |
1586 | 0 | } |
1587 | 0 | } |
1588 | | |
1589 | | /* select the group based on the selected ciphersuite */ |
1590 | 0 | if (sgroup) |
1591 | 0 | _gnutls_session_group_set( |
1592 | 0 | session, sgroup); |
1593 | 0 | *ce = peer_clist->entry[i]; |
1594 | 0 | return 0; |
1595 | 0 | } |
1596 | 0 | } |
1597 | 0 | } |
1598 | 0 | } |
1599 | | |
1600 | | /* nothing in common */ |
1601 | | |
1602 | 0 | return gnutls_assert_val(GNUTLS_E_NO_CIPHER_SUITES); |
1603 | 0 | } |
1604 | | |
1605 | | #define CLIENT_VERSION_CHECK(minver, maxver, e) \ |
1606 | 0 | if (is_dtls) { \ |
1607 | 0 | if (e->min_dtls_version > maxver->id) \ |
1608 | 0 | continue; \ |
1609 | 0 | } else { \ |
1610 | 0 | if (e->min_version > maxver->id) \ |
1611 | 0 | continue; \ |
1612 | 0 | } |
1613 | | |
1614 | | #define RESERVED_CIPHERSUITES 4 |
1615 | | int _gnutls_get_client_ciphersuites(gnutls_session_t session, |
1616 | | gnutls_buffer_st *cdata, |
1617 | | const version_entry_st *vmin, |
1618 | | unsigned add_scsv) |
1619 | 0 | { |
1620 | 0 | unsigned int j; |
1621 | 0 | int ret; |
1622 | 0 | unsigned int is_dtls = IS_DTLS(session); |
1623 | 0 | gnutls_kx_algorithm_t kx; |
1624 | 0 | gnutls_credentials_type_t cred_type; |
1625 | 0 | uint8_t cipher_suites[MAX_CIPHERSUITE_SIZE * 2 + RESERVED_CIPHERSUITES]; |
1626 | 0 | unsigned cipher_suites_size = 0; |
1627 | 0 | size_t init_length = cdata->length; |
1628 | 0 | const version_entry_st *vmax; |
1629 | |
|
1630 | 0 | vmax = _gnutls_version_max(session); |
1631 | 0 | if (vmax == NULL) |
1632 | 0 | return gnutls_assert_val(GNUTLS_E_NO_PRIORITIES_WERE_SET); |
1633 | | |
1634 | 0 | for (j = 0; j < session->internals.priorities->cs.size; j++) { |
1635 | 0 | CLIENT_VERSION_CHECK( |
1636 | 0 | vmin, vmax, session->internals.priorities->cs.entry[j]); |
1637 | |
|
1638 | 0 | kx = session->internals.priorities->cs.entry[j]->kx_algorithm; |
1639 | 0 | if (kx != |
1640 | 0 | GNUTLS_KX_UNKNOWN) { /* In TLS 1.3 ciphersuites don't map to credentials */ |
1641 | 0 | cred_type = _gnutls_map_kx_get_cred(kx, 0); |
1642 | |
|
1643 | 0 | if (!session->internals.premaster_set && |
1644 | 0 | _gnutls_get_cred(session, cred_type) == NULL) |
1645 | 0 | continue; |
1646 | | |
1647 | 0 | KX_SRP_CHECKS(kx, continue); |
1648 | 0 | } |
1649 | | |
1650 | 0 | _gnutls_debug_log( |
1651 | 0 | "Keeping ciphersuite %.2x.%.2x (%s)\n", |
1652 | 0 | (unsigned)session->internals.priorities->cs.entry[j] |
1653 | 0 | ->id[0], |
1654 | 0 | (unsigned)session->internals.priorities->cs.entry[j] |
1655 | 0 | ->id[1], |
1656 | 0 | session->internals.priorities->cs.entry[j]->name); |
1657 | 0 | cipher_suites[cipher_suites_size] = |
1658 | 0 | session->internals.priorities->cs.entry[j]->id[0]; |
1659 | 0 | cipher_suites[cipher_suites_size + 1] = |
1660 | 0 | session->internals.priorities->cs.entry[j]->id[1]; |
1661 | 0 | cipher_suites_size += 2; |
1662 | |
|
1663 | 0 | if (cipher_suites_size >= MAX_CIPHERSUITE_SIZE * 2) |
1664 | 0 | break; |
1665 | 0 | } |
1666 | | #ifdef ENABLE_SSL3 |
1667 | | if (add_scsv) { |
1668 | | cipher_suites[cipher_suites_size] = 0x00; |
1669 | | cipher_suites[cipher_suites_size + 1] = 0xff; |
1670 | | cipher_suites_size += 2; |
1671 | | |
1672 | | ret = _gnutls_ext_sr_send_cs(session); |
1673 | | if (ret < 0) |
1674 | | return gnutls_assert_val(ret); |
1675 | | |
1676 | | _gnutls_hello_ext_save_sr(session); |
1677 | | } |
1678 | | #endif |
1679 | |
|
1680 | 0 | if (session->internals.priorities->fallback) { |
1681 | 0 | cipher_suites[cipher_suites_size] = GNUTLS_FALLBACK_SCSV_MAJOR; |
1682 | 0 | cipher_suites[cipher_suites_size + 1] = |
1683 | 0 | GNUTLS_FALLBACK_SCSV_MINOR; |
1684 | 0 | cipher_suites_size += 2; |
1685 | 0 | } |
1686 | |
|
1687 | 0 | ret = _gnutls_buffer_append_data_prefix(cdata, 16, cipher_suites, |
1688 | 0 | cipher_suites_size); |
1689 | 0 | if (ret < 0) |
1690 | 0 | return gnutls_assert_val(ret); |
1691 | | |
1692 | 0 | return cdata->length - init_length; |
1693 | 0 | } |
1694 | | |
1695 | | /** |
1696 | | * gnutls_priority_get_cipher_suite_index: |
1697 | | * @pcache: is a #gnutls_priority_t type. |
1698 | | * @idx: is an index number. |
1699 | | * @sidx: internal index of cipher suite to get information about. |
1700 | | * |
1701 | | * Provides the internal ciphersuite index to be used with |
1702 | | * gnutls_cipher_suite_info(). The index @idx provided is an |
1703 | | * index kept at the priorities structure. It might be that a valid |
1704 | | * priorities index does not correspond to a ciphersuite and in |
1705 | | * that case %GNUTLS_E_UNKNOWN_CIPHER_SUITE will be returned. |
1706 | | * Once the last available index is crossed then |
1707 | | * %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned. |
1708 | | * |
1709 | | * Returns: On success it returns %GNUTLS_E_SUCCESS (0), or a negative error value otherwise. |
1710 | | * |
1711 | | * Since: 3.0.9 |
1712 | | **/ |
1713 | | int gnutls_priority_get_cipher_suite_index(gnutls_priority_t pcache, |
1714 | | unsigned int idx, unsigned int *sidx) |
1715 | 0 | { |
1716 | 0 | unsigned int i, j; |
1717 | 0 | unsigned max_tls = 0; |
1718 | 0 | unsigned max_dtls = 0; |
1719 | |
|
1720 | 0 | if (idx >= pcache->cs.size) |
1721 | 0 | return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; |
1722 | | |
1723 | | /* find max_tls and max_dtls */ |
1724 | 0 | for (j = 0; j < pcache->protocol.num_priorities; j++) { |
1725 | 0 | if (pcache->protocol.priorities[j] <= GNUTLS_TLS_VERSION_MAX && |
1726 | 0 | pcache->protocol.priorities[j] >= max_tls) { |
1727 | 0 | max_tls = pcache->protocol.priorities[j]; |
1728 | 0 | } else if (pcache->protocol.priorities[j] <= |
1729 | 0 | GNUTLS_DTLS_VERSION_MAX && |
1730 | 0 | pcache->protocol.priorities[j] >= max_dtls) { |
1731 | 0 | max_dtls = pcache->protocol.priorities[j]; |
1732 | 0 | } |
1733 | 0 | } |
1734 | |
|
1735 | 0 | for (i = 0; i < CIPHER_SUITES_COUNT; i++) { |
1736 | 0 | if (pcache->cs.entry[idx] != &cs_algorithms[i]) |
1737 | 0 | continue; |
1738 | | |
1739 | 0 | *sidx = i; |
1740 | 0 | if (_gnutls_cipher_exists(cs_algorithms[i].block_algorithm) && |
1741 | 0 | _gnutls_mac_exists(cs_algorithms[i].mac_algorithm)) { |
1742 | 0 | if (max_tls >= cs_algorithms[i].min_version) { |
1743 | 0 | return 0; |
1744 | 0 | } else if (max_dtls >= |
1745 | 0 | cs_algorithms[i].min_dtls_version) { |
1746 | 0 | return 0; |
1747 | 0 | } |
1748 | 0 | } else |
1749 | 0 | break; |
1750 | 0 | } |
1751 | | |
1752 | 0 | return GNUTLS_E_UNKNOWN_CIPHER_SUITE; |
1753 | 0 | } |