Line data Source code
1 : /*
2 : * Copyright (C) 2011-2012 Free Software Foundation, Inc.
3 : * Copyright (C) 2017 Red Hat, Inc.
4 : *
5 : * Author: Nikos Mavrogiannopoulos
6 : *
7 : * This file is part of GnuTLS.
8 : *
9 : * The GnuTLS is free software; you can redistribute it and/or
10 : * modify it under the terms of the GNU Lesser General Public License
11 : * as published by the Free Software Foundation; either version 2.1 of
12 : * the License, or (at your option) any later version.
13 : *
14 : * This library is distributed in the hope that it will be useful, but
15 : * WITHOUT ANY WARRANTY; without even the implied warranty of
16 : * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 : * Lesser General Public License for more details.
18 : *
19 : * You should have received a copy of the GNU Lesser General Public License
20 : * along with this program. If not, see <https://www.gnu.org/licenses/>
21 : *
22 : */
23 :
24 : #include "gnutls_int.h"
25 : #include <algorithms.h>
26 : #include "errors.h"
27 : #include <dh.h>
28 : #include <state.h>
29 : #include <x509/common.h>
30 : #include <auth/cert.h>
31 : #include <auth/anon.h>
32 : #include <auth/psk.h>
33 : #include <ext/safe_renegotiation.h>
34 :
35 : #ifndef ENABLE_SSL3
36 : # define GNUTLS_SSL3 GNUTLS_TLS1
37 : #endif
38 :
39 : /* Cipher SUITES */
40 : #define ENTRY( name, block_algorithm, kx_algorithm, mac_algorithm, min_version, dtls_version ) \
41 : { #name, name, block_algorithm, kx_algorithm, mac_algorithm, min_version, GNUTLS_TLS1_2, dtls_version, GNUTLS_DTLS1_2, GNUTLS_MAC_SHA256}
42 : #define ENTRY_PRF( name, block_algorithm, kx_algorithm, mac_algorithm, min_version, dtls_version, prf ) \
43 : { #name, name, block_algorithm, kx_algorithm, mac_algorithm, min_version, GNUTLS_TLS1_2, dtls_version, GNUTLS_DTLS1_2, prf}
44 : #define ENTRY_TLS13( name, block_algorithm, min_version, prf ) \
45 : { #name, name, block_algorithm, 0, GNUTLS_MAC_AEAD, min_version, GNUTLS_TLS1_3, GNUTLS_VERSION_UNKNOWN, GNUTLS_VERSION_UNKNOWN, prf}
46 :
47 : /* TLS 1.3 ciphersuites */
48 : #define GNUTLS_AES_128_GCM_SHA256 { 0x13, 0x01 }
49 : #define GNUTLS_AES_256_GCM_SHA384 { 0x13, 0x02 }
50 : #define GNUTLS_CHACHA20_POLY1305_SHA256 { 0x13, 0x03 }
51 : #define GNUTLS_AES_128_CCM_SHA256 { 0x13, 0x04 }
52 : #define GNUTLS_AES_128_CCM_8_SHA256 { 0x13,0x05 }
53 :
54 : /* RSA with NULL cipher and MD5 MAC
55 : * for test purposes.
56 : */
57 : #define GNUTLS_RSA_NULL_MD5 { 0x00, 0x01 }
58 : #define GNUTLS_RSA_NULL_SHA1 { 0x00, 0x02 }
59 : #define GNUTLS_RSA_NULL_SHA256 { 0x00, 0x3B }
60 :
61 : /* ANONymous cipher suites.
62 : */
63 :
64 : #define GNUTLS_DH_ANON_3DES_EDE_CBC_SHA1 { 0x00, 0x1B }
65 : #define GNUTLS_DH_ANON_ARCFOUR_128_MD5 { 0x00, 0x18 }
66 :
67 : /* rfc3268: */
68 : #define GNUTLS_DH_ANON_AES_128_CBC_SHA1 { 0x00, 0x34 }
69 : #define GNUTLS_DH_ANON_AES_256_CBC_SHA1 { 0x00, 0x3A }
70 :
71 : /* rfc4132 */
72 : #define GNUTLS_DH_ANON_CAMELLIA_128_CBC_SHA1 { 0x00,0x46 }
73 : #define GNUTLS_DH_ANON_CAMELLIA_256_CBC_SHA1 { 0x00,0x89 }
74 :
75 : /* rfc5932 */
76 : #define GNUTLS_RSA_CAMELLIA_128_CBC_SHA256 { 0x00,0xBA }
77 : #define GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA256 { 0x00,0xBD }
78 : #define GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA256 { 0x00,0xBE }
79 : #define GNUTLS_DH_ANON_CAMELLIA_128_CBC_SHA256 { 0x00,0xBF }
80 : #define GNUTLS_RSA_CAMELLIA_256_CBC_SHA256 { 0x00,0xC0 }
81 : #define GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA256 { 0x00,0xC3 }
82 : #define GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA256 { 0x00,0xC4 }
83 : #define GNUTLS_DH_ANON_CAMELLIA_256_CBC_SHA256 { 0x00,0xC5 }
84 :
85 : /* rfc6367 */
86 : #define GNUTLS_ECDHE_ECDSA_CAMELLIA_128_CBC_SHA256 { 0xC0,0x72 }
87 : #define GNUTLS_ECDHE_ECDSA_CAMELLIA_256_CBC_SHA384 { 0xC0,0x73 }
88 : #define GNUTLS_ECDHE_RSA_CAMELLIA_128_CBC_SHA256 { 0xC0,0x76 }
89 : #define GNUTLS_ECDHE_RSA_CAMELLIA_256_CBC_SHA384 { 0xC0,0x77 }
90 : #define GNUTLS_PSK_CAMELLIA_128_CBC_SHA256 { 0xC0,0x94 }
91 : #define GNUTLS_PSK_CAMELLIA_256_CBC_SHA384 { 0xC0,0x95 }
92 : #define GNUTLS_DHE_PSK_CAMELLIA_128_CBC_SHA256 { 0xC0,0x96 }
93 : #define GNUTLS_DHE_PSK_CAMELLIA_256_CBC_SHA384 { 0xC0,0x97 }
94 : #define GNUTLS_RSA_PSK_CAMELLIA_128_CBC_SHA256 { 0xC0,0x98 }
95 : #define GNUTLS_RSA_PSK_CAMELLIA_256_CBC_SHA384 { 0xC0,0x99 }
96 : #define GNUTLS_ECDHE_PSK_CAMELLIA_128_CBC_SHA256 { 0xC0,0x9A }
97 : #define GNUTLS_ECDHE_PSK_CAMELLIA_256_CBC_SHA384 { 0xC0,0x9B }
98 :
99 : #define GNUTLS_RSA_CAMELLIA_128_GCM_SHA256 { 0xC0, 0x7A }
100 : #define GNUTLS_RSA_CAMELLIA_256_GCM_SHA384 { 0xC0,0x7B }
101 : #define GNUTLS_DHE_RSA_CAMELLIA_128_GCM_SHA256 { 0xC0,0x7C }
102 : #define GNUTLS_DHE_RSA_CAMELLIA_256_GCM_SHA384 { 0xC0,0x7D }
103 : #define GNUTLS_DHE_DSS_CAMELLIA_128_GCM_SHA256 { 0xC0,0x80 }
104 : #define GNUTLS_DHE_DSS_CAMELLIA_256_GCM_SHA384 { 0xC0,0x81 }
105 : #define GNUTLS_DH_ANON_CAMELLIA_128_GCM_SHA256 { 0xC0,0x84 }
106 : #define GNUTLS_DH_ANON_CAMELLIA_256_GCM_SHA384 { 0xC0,0x85 }
107 : #define GNUTLS_ECDHE_ECDSA_CAMELLIA_128_GCM_SHA256 { 0xC0,0x86 }
108 : #define GNUTLS_ECDHE_ECDSA_CAMELLIA_256_GCM_SHA384 { 0xC0,0x87 }
109 : #define GNUTLS_ECDHE_RSA_CAMELLIA_128_GCM_SHA256 { 0xC0,0x8A }
110 : #define GNUTLS_ECDHE_RSA_CAMELLIA_256_GCM_SHA384 { 0xC0,0x8B }
111 : #define GNUTLS_PSK_CAMELLIA_128_GCM_SHA256 { 0xC0,0x8E }
112 : #define GNUTLS_PSK_CAMELLIA_256_GCM_SHA384 { 0xC0,0x8F }
113 : #define GNUTLS_DHE_PSK_CAMELLIA_128_GCM_SHA256 { 0xC0,0x90 }
114 : #define GNUTLS_DHE_PSK_CAMELLIA_256_GCM_SHA384 { 0xC0,0x91 }
115 : #define GNUTLS_RSA_PSK_CAMELLIA_128_GCM_SHA256 { 0xC0,0x92 }
116 : #define GNUTLS_RSA_PSK_CAMELLIA_256_GCM_SHA384 { 0xC0,0x93 }
117 :
118 : #define GNUTLS_DH_ANON_AES_128_CBC_SHA256 { 0x00, 0x6C }
119 : #define GNUTLS_DH_ANON_AES_256_CBC_SHA256 { 0x00, 0x6D }
120 :
121 : /* draft-ietf-tls-chacha20-poly1305-02 */
122 : #define GNUTLS_ECDHE_RSA_CHACHA20_POLY1305 { 0xCC, 0xA8 }
123 : #define GNUTLS_ECDHE_ECDSA_CHACHA20_POLY1305 { 0xCC, 0xA9 }
124 : #define GNUTLS_DHE_RSA_CHACHA20_POLY1305 { 0xCC, 0xAA }
125 :
126 : #define GNUTLS_PSK_CHACHA20_POLY1305 { 0xCC, 0xAB }
127 : #define GNUTLS_ECDHE_PSK_CHACHA20_POLY1305 { 0xCC, 0xAC }
128 : #define GNUTLS_DHE_PSK_CHACHA20_POLY1305 { 0xCC, 0xAD }
129 : #define GNUTLS_RSA_PSK_CHACHA20_POLY1305 { 0xCC, 0xAE }
130 :
131 : /* PSK (not in TLS 1.0)
132 : * draft-ietf-tls-psk:
133 : */
134 : #define GNUTLS_PSK_ARCFOUR_128_SHA1 { 0x00, 0x8A }
135 : #define GNUTLS_PSK_3DES_EDE_CBC_SHA1 { 0x00, 0x8B }
136 : #define GNUTLS_PSK_AES_128_CBC_SHA1 { 0x00, 0x8C }
137 : #define GNUTLS_PSK_AES_256_CBC_SHA1 { 0x00, 0x8D }
138 :
139 : #define GNUTLS_DHE_PSK_ARCFOUR_128_SHA1 { 0x00, 0x8E }
140 : #define GNUTLS_DHE_PSK_3DES_EDE_CBC_SHA1 { 0x00, 0x8F }
141 : #define GNUTLS_DHE_PSK_AES_128_CBC_SHA1 { 0x00, 0x90 }
142 : #define GNUTLS_DHE_PSK_AES_256_CBC_SHA1 { 0x00, 0x91 }
143 :
144 : #define GNUTLS_RSA_PSK_ARCFOUR_128_SHA1 { 0x00, 0x92 }
145 : #define GNUTLS_RSA_PSK_3DES_EDE_CBC_SHA1 { 0x00, 0x93 }
146 : #define GNUTLS_RSA_PSK_AES_128_CBC_SHA1 { 0x00, 0x94 }
147 : #define GNUTLS_RSA_PSK_AES_256_CBC_SHA1 { 0x00, 0x95 }
148 :
149 : /* SRP (rfc5054)
150 : */
151 : #define GNUTLS_SRP_SHA_3DES_EDE_CBC_SHA1 { 0xC0, 0x1A }
152 : #define GNUTLS_SRP_SHA_RSA_3DES_EDE_CBC_SHA1 { 0xC0, 0x1B }
153 : #define GNUTLS_SRP_SHA_DSS_3DES_EDE_CBC_SHA1 { 0xC0, 0x1C }
154 :
155 : #define GNUTLS_SRP_SHA_AES_128_CBC_SHA1 { 0xC0, 0x1D }
156 : #define GNUTLS_SRP_SHA_RSA_AES_128_CBC_SHA1 { 0xC0, 0x1E }
157 : #define GNUTLS_SRP_SHA_DSS_AES_128_CBC_SHA1 { 0xC0, 0x1F }
158 :
159 : #define GNUTLS_SRP_SHA_AES_256_CBC_SHA1 { 0xC0, 0x20 }
160 : #define GNUTLS_SRP_SHA_RSA_AES_256_CBC_SHA1 { 0xC0, 0x21 }
161 : #define GNUTLS_SRP_SHA_DSS_AES_256_CBC_SHA1 { 0xC0, 0x22 }
162 :
163 : /* RSA
164 : */
165 : #define GNUTLS_RSA_ARCFOUR_128_SHA1 { 0x00, 0x05 }
166 : #define GNUTLS_RSA_ARCFOUR_128_MD5 { 0x00, 0x04 }
167 : #define GNUTLS_RSA_3DES_EDE_CBC_SHA1 { 0x00, 0x0A }
168 :
169 : /* rfc3268:
170 : */
171 : #define GNUTLS_RSA_AES_128_CBC_SHA1 { 0x00, 0x2F }
172 : #define GNUTLS_RSA_AES_256_CBC_SHA1 { 0x00, 0x35 }
173 :
174 : /* rfc4132 */
175 : #define GNUTLS_RSA_CAMELLIA_128_CBC_SHA1 { 0x00,0x41 }
176 : #define GNUTLS_RSA_CAMELLIA_256_CBC_SHA1 { 0x00,0x84 }
177 :
178 : #define GNUTLS_RSA_AES_128_CBC_SHA256 { 0x00, 0x3C }
179 : #define GNUTLS_RSA_AES_256_CBC_SHA256 { 0x00, 0x3D }
180 :
181 : /* DHE DSS
182 : */
183 : #define GNUTLS_DHE_DSS_3DES_EDE_CBC_SHA1 { 0x00, 0x13 }
184 :
185 :
186 : /* draft-ietf-tls-56-bit-ciphersuites-01:
187 : */
188 : #define GNUTLS_DHE_DSS_ARCFOUR_128_SHA1 { 0x00, 0x66 }
189 :
190 :
191 : /* rfc3268:
192 : */
193 : #define GNUTLS_DHE_DSS_AES_256_CBC_SHA1 { 0x00, 0x38 }
194 : #define GNUTLS_DHE_DSS_AES_128_CBC_SHA1 { 0x00, 0x32 }
195 :
196 : /* rfc4132 */
197 : #define GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA1 { 0x00,0x44 }
198 : #define GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA1 { 0x00,0x87 }
199 :
200 : #define GNUTLS_DHE_DSS_AES_128_CBC_SHA256 { 0x00, 0x40 }
201 : #define GNUTLS_DHE_DSS_AES_256_CBC_SHA256 { 0x00, 0x6A }
202 :
203 : /* DHE RSA
204 : */
205 : #define GNUTLS_DHE_RSA_3DES_EDE_CBC_SHA1 { 0x00, 0x16 }
206 :
207 : /* rfc3268:
208 : */
209 : #define GNUTLS_DHE_RSA_AES_128_CBC_SHA1 { 0x00, 0x33 }
210 : #define GNUTLS_DHE_RSA_AES_256_CBC_SHA1 { 0x00, 0x39 }
211 :
212 : /* rfc4132 */
213 : #define GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA1 { 0x00,0x45 }
214 : #define GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA1 { 0x00,0x88 }
215 :
216 : #define GNUTLS_DHE_RSA_AES_128_CBC_SHA256 { 0x00, 0x67 }
217 : #define GNUTLS_DHE_RSA_AES_256_CBC_SHA256 { 0x00, 0x6B }
218 :
219 : /* GCM: RFC5288 */
220 : #define GNUTLS_RSA_AES_128_GCM_SHA256 { 0x00, 0x9C }
221 : #define GNUTLS_DHE_RSA_AES_128_GCM_SHA256 {0x00,0x9E}
222 : #define GNUTLS_DHE_DSS_AES_128_GCM_SHA256 {0x00,0xA2}
223 : #define GNUTLS_DH_ANON_AES_128_GCM_SHA256 {0x00,0xA6}
224 : #define GNUTLS_RSA_AES_256_GCM_SHA384 { 0x00, 0x9D }
225 : #define GNUTLS_DHE_RSA_AES_256_GCM_SHA384 {0x00,0x9F}
226 : #define GNUTLS_DHE_DSS_AES_256_GCM_SHA384 {0x00,0xA3}
227 : #define GNUTLS_DH_ANON_AES_256_GCM_SHA384 {0x00,0xA7}
228 :
229 : /* CCM: RFC6655/7251 */
230 : #define GNUTLS_RSA_AES_128_CCM { 0xC0, 0x9C }
231 : #define GNUTLS_RSA_AES_256_CCM { 0xC0, 0x9D }
232 : #define GNUTLS_DHE_RSA_AES_128_CCM {0xC0,0x9E}
233 : #define GNUTLS_DHE_RSA_AES_256_CCM {0xC0,0x9F}
234 :
235 : #define GNUTLS_ECDHE_ECDSA_AES_128_CCM {0xC0,0xAC}
236 : #define GNUTLS_ECDHE_ECDSA_AES_256_CCM {0xC0,0xAD}
237 :
238 : #define GNUTLS_PSK_AES_128_CCM { 0xC0, 0xA4 }
239 : #define GNUTLS_PSK_AES_256_CCM { 0xC0, 0xA5 }
240 : #define GNUTLS_DHE_PSK_AES_128_CCM {0xC0,0xA6}
241 : #define GNUTLS_DHE_PSK_AES_256_CCM {0xC0,0xA7}
242 :
243 : /* CCM-8: RFC6655/7251 */
244 : #define GNUTLS_RSA_AES_128_CCM_8 { 0xC0, 0xA0 }
245 : #define GNUTLS_RSA_AES_256_CCM_8 { 0xC0, 0xA1 }
246 : #define GNUTLS_DHE_RSA_AES_128_CCM_8 {0xC0,0xA2}
247 : #define GNUTLS_DHE_RSA_AES_256_CCM_8 {0xC0,0xA3}
248 :
249 : #define GNUTLS_ECDHE_ECDSA_AES_128_CCM_8 {0xC0,0xAE}
250 : #define GNUTLS_ECDHE_ECDSA_AES_256_CCM_8 {0xC0,0xAF}
251 :
252 : #define GNUTLS_PSK_AES_128_CCM_8 { 0xC0, 0xA8 }
253 : #define GNUTLS_PSK_AES_256_CCM_8 { 0xC0, 0xA9 }
254 : #define GNUTLS_DHE_PSK_AES_128_CCM_8 {0xC0,0xAA}
255 : #define GNUTLS_DHE_PSK_AES_256_CCM_8 {0xC0,0xAB}
256 :
257 :
258 : /* RFC 5487 */
259 : /* GCM-PSK */
260 : #define GNUTLS_PSK_AES_128_GCM_SHA256 { 0x00, 0xA8 }
261 : #define GNUTLS_DHE_PSK_AES_128_GCM_SHA256 { 0x00, 0xAA }
262 : #define GNUTLS_PSK_AES_256_GCM_SHA384 { 0x00, 0xA9 }
263 : #define GNUTLS_DHE_PSK_AES_256_GCM_SHA384 { 0x00, 0xAB }
264 :
265 : #define GNUTLS_PSK_AES_256_CBC_SHA384 { 0x00,0xAF }
266 : #define GNUTLS_PSK_NULL_SHA384 { 0x00,0xB1 }
267 : #define GNUTLS_DHE_PSK_AES_256_CBC_SHA384 { 0x00,0xB3 }
268 : #define GNUTLS_DHE_PSK_NULL_SHA384 { 0x00,0xB5 }
269 :
270 : #define GNUTLS_PSK_NULL_SHA1 { 0x00,0x2C }
271 : #define GNUTLS_DHE_PSK_NULL_SHA1 { 0x00,0x2D }
272 : #define GNUTLS_RSA_PSK_NULL_SHA1 { 0x00,0x2E }
273 : #define GNUTLS_ECDHE_PSK_NULL_SHA1 { 0xC0,0x39 }
274 :
275 : #define GNUTLS_RSA_PSK_AES_128_GCM_SHA256 { 0x00,0xAC }
276 : #define GNUTLS_RSA_PSK_AES_256_GCM_SHA384 { 0x00,0xAD }
277 : #define GNUTLS_RSA_PSK_AES_128_CBC_SHA256 { 0x00,0xB6 }
278 : #define GNUTLS_RSA_PSK_AES_256_CBC_SHA384 { 0x00,0xB7 }
279 : #define GNUTLS_RSA_PSK_NULL_SHA256 { 0x00,0xB8 }
280 : #define GNUTLS_RSA_PSK_NULL_SHA384 { 0x00,0xB9 }
281 :
282 :
283 : /* PSK - SHA256 HMAC */
284 : #define GNUTLS_PSK_AES_128_CBC_SHA256 { 0x00, 0xAE }
285 : #define GNUTLS_DHE_PSK_AES_128_CBC_SHA256 { 0x00, 0xB2 }
286 :
287 : #define GNUTLS_PSK_NULL_SHA256 { 0x00, 0xB0 }
288 : #define GNUTLS_DHE_PSK_NULL_SHA256 { 0x00, 0xB4 }
289 :
290 : /* ECC */
291 : #define GNUTLS_ECDH_ANON_NULL_SHA1 { 0xC0, 0x15 }
292 : #define GNUTLS_ECDH_ANON_3DES_EDE_CBC_SHA1 { 0xC0, 0x17 }
293 : #define GNUTLS_ECDH_ANON_AES_128_CBC_SHA1 { 0xC0, 0x18 }
294 : #define GNUTLS_ECDH_ANON_AES_256_CBC_SHA1 { 0xC0, 0x19 }
295 : #define GNUTLS_ECDH_ANON_ARCFOUR_128_SHA1 { 0xC0, 0x16 }
296 :
297 : /* ECC-RSA */
298 : #define GNUTLS_ECDHE_RSA_NULL_SHA1 { 0xC0, 0x10 }
299 : #define GNUTLS_ECDHE_RSA_3DES_EDE_CBC_SHA1 { 0xC0, 0x12 }
300 : #define GNUTLS_ECDHE_RSA_AES_128_CBC_SHA1 { 0xC0, 0x13 }
301 : #define GNUTLS_ECDHE_RSA_AES_256_CBC_SHA1 { 0xC0, 0x14 }
302 : #define GNUTLS_ECDHE_RSA_ARCFOUR_128_SHA1 { 0xC0, 0x11 }
303 :
304 : /* ECC-ECDSA */
305 : #define GNUTLS_ECDHE_ECDSA_NULL_SHA1 { 0xC0, 0x06 }
306 : #define GNUTLS_ECDHE_ECDSA_3DES_EDE_CBC_SHA1 { 0xC0, 0x08 }
307 : #define GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA1 { 0xC0, 0x09 }
308 : #define GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA1 { 0xC0, 0x0A }
309 : #define GNUTLS_ECDHE_ECDSA_ARCFOUR_128_SHA1 { 0xC0, 0x07 }
310 :
311 : /* RFC5289 */
312 : /* ECC with SHA2 */
313 : #define GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA256 {0xC0,0x23}
314 : #define GNUTLS_ECDHE_RSA_AES_128_CBC_SHA256 {0xC0,0x27}
315 : #define GNUTLS_ECDHE_RSA_AES_256_CBC_SHA384 { 0xC0,0x28 }
316 :
317 : /* ECC with AES-GCM */
318 : #define GNUTLS_ECDHE_ECDSA_AES_128_GCM_SHA256 {0xC0,0x2B}
319 : #define GNUTLS_ECDHE_RSA_AES_128_GCM_SHA256 {0xC0,0x2F}
320 : #define GNUTLS_ECDHE_RSA_AES_256_GCM_SHA384 {0xC0,0x30}
321 :
322 : /* SuiteB */
323 : #define GNUTLS_ECDHE_ECDSA_AES_256_GCM_SHA384 {0xC0,0x2C}
324 : #define GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA384 {0xC0,0x24}
325 :
326 :
327 : /* ECC with PSK */
328 : #define GNUTLS_ECDHE_PSK_3DES_EDE_CBC_SHA1 { 0xC0, 0x34 }
329 : #define GNUTLS_ECDHE_PSK_AES_128_CBC_SHA1 { 0xC0, 0x35 }
330 : #define GNUTLS_ECDHE_PSK_AES_256_CBC_SHA1 { 0xC0, 0x36 }
331 : #define GNUTLS_ECDHE_PSK_AES_128_CBC_SHA256 { 0xC0, 0x37 }
332 : #define GNUTLS_ECDHE_PSK_AES_256_CBC_SHA384 { 0xC0, 0x38 }
333 : #define GNUTLS_ECDHE_PSK_ARCFOUR_128_SHA1 { 0xC0, 0x33 }
334 : #define GNUTLS_ECDHE_PSK_NULL_SHA256 { 0xC0, 0x3A }
335 : #define GNUTLS_ECDHE_PSK_NULL_SHA384 { 0xC0, 0x3B }
336 :
337 : /* draft-smyshlyaev-tls12-gost-suites */
338 : #ifdef ENABLE_GOST
339 : #define GNUTLS_GOSTR341112_256_28147_CNT_IMIT { 0xc1, 0x02 }
340 : #endif
341 :
342 : #define CIPHER_SUITES_COUNT (sizeof(cs_algorithms)/sizeof(gnutls_cipher_suite_entry_st)-1)
343 :
344 : /* The following is a potential list of ciphersuites. For the options to be
345 : * available, the ciphers and MACs must be available to gnutls as well.
346 : */
347 : static const gnutls_cipher_suite_entry_st cs_algorithms[] = {
348 : /* TLS 1.3 */
349 : ENTRY_TLS13(GNUTLS_AES_128_GCM_SHA256,
350 : GNUTLS_CIPHER_AES_128_GCM,
351 : GNUTLS_TLS1_3,
352 : GNUTLS_MAC_SHA256),
353 :
354 : ENTRY_TLS13(GNUTLS_AES_256_GCM_SHA384,
355 : GNUTLS_CIPHER_AES_256_GCM,
356 : GNUTLS_TLS1_3,
357 : GNUTLS_MAC_SHA384),
358 :
359 : ENTRY_TLS13(GNUTLS_CHACHA20_POLY1305_SHA256,
360 : GNUTLS_CIPHER_CHACHA20_POLY1305,
361 : GNUTLS_TLS1_3,
362 : GNUTLS_MAC_SHA256),
363 :
364 : ENTRY_TLS13(GNUTLS_AES_128_CCM_SHA256,
365 : GNUTLS_CIPHER_AES_128_CCM,
366 : GNUTLS_TLS1_3,
367 : GNUTLS_MAC_SHA256),
368 :
369 : ENTRY_TLS13(GNUTLS_AES_128_CCM_8_SHA256,
370 : GNUTLS_CIPHER_AES_128_CCM_8,
371 : GNUTLS_TLS1_3,
372 : GNUTLS_MAC_SHA256),
373 :
374 : /* RSA-NULL */
375 : ENTRY(GNUTLS_RSA_NULL_MD5,
376 : GNUTLS_CIPHER_NULL,
377 : GNUTLS_KX_RSA, GNUTLS_MAC_MD5, GNUTLS_SSL3,
378 : GNUTLS_DTLS_VERSION_MIN),
379 : ENTRY(GNUTLS_RSA_NULL_SHA1,
380 : GNUTLS_CIPHER_NULL,
381 : GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3,
382 : GNUTLS_DTLS_VERSION_MIN),
383 : ENTRY(GNUTLS_RSA_NULL_SHA256,
384 : GNUTLS_CIPHER_NULL,
385 : GNUTLS_KX_RSA, GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
386 : GNUTLS_DTLS1_2),
387 :
388 : /* RSA */
389 : ENTRY(GNUTLS_RSA_ARCFOUR_128_SHA1,
390 : GNUTLS_CIPHER_ARCFOUR_128,
391 : GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3,
392 : GNUTLS_VERSION_UNKNOWN),
393 : ENTRY(GNUTLS_RSA_ARCFOUR_128_MD5,
394 : GNUTLS_CIPHER_ARCFOUR_128,
395 : GNUTLS_KX_RSA, GNUTLS_MAC_MD5, GNUTLS_SSL3,
396 : GNUTLS_VERSION_UNKNOWN),
397 : ENTRY(GNUTLS_RSA_3DES_EDE_CBC_SHA1,
398 : GNUTLS_CIPHER_3DES_CBC,
399 : GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3,
400 : GNUTLS_DTLS_VERSION_MIN),
401 : ENTRY(GNUTLS_RSA_AES_128_CBC_SHA1,
402 : GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA,
403 : GNUTLS_MAC_SHA1, GNUTLS_SSL3,
404 : GNUTLS_DTLS_VERSION_MIN),
405 : ENTRY(GNUTLS_RSA_AES_256_CBC_SHA1,
406 : GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA,
407 : GNUTLS_MAC_SHA1, GNUTLS_SSL3,
408 : GNUTLS_DTLS_VERSION_MIN),
409 :
410 : ENTRY(GNUTLS_RSA_CAMELLIA_128_CBC_SHA256,
411 : GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_RSA,
412 : GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
413 : GNUTLS_DTLS1_2),
414 : ENTRY(GNUTLS_RSA_CAMELLIA_256_CBC_SHA256,
415 : GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_RSA,
416 : GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
417 : GNUTLS_DTLS1_2),
418 : ENTRY(GNUTLS_RSA_CAMELLIA_128_CBC_SHA1,
419 : GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_RSA,
420 : GNUTLS_MAC_SHA1, GNUTLS_SSL3,
421 : GNUTLS_DTLS_VERSION_MIN),
422 : ENTRY(GNUTLS_RSA_CAMELLIA_256_CBC_SHA1,
423 : GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_RSA,
424 : GNUTLS_MAC_SHA1, GNUTLS_SSL3,
425 : GNUTLS_DTLS_VERSION_MIN),
426 : ENTRY(GNUTLS_RSA_AES_128_CBC_SHA256,
427 : GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA,
428 : GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
429 : GNUTLS_DTLS1_2),
430 : ENTRY(GNUTLS_RSA_AES_256_CBC_SHA256,
431 : GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA,
432 : GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
433 : GNUTLS_DTLS1_2),
434 :
435 :
436 : /* GCM */
437 : ENTRY(GNUTLS_RSA_AES_128_GCM_SHA256,
438 : GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_RSA,
439 : GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
440 : GNUTLS_DTLS1_2),
441 : ENTRY_PRF(GNUTLS_RSA_AES_256_GCM_SHA384,
442 : GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_RSA,
443 : GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
444 : GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
445 : ENTRY(GNUTLS_RSA_CAMELLIA_128_GCM_SHA256,
446 : GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_RSA,
447 : GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
448 : GNUTLS_DTLS1_2),
449 : ENTRY_PRF(GNUTLS_RSA_CAMELLIA_256_GCM_SHA384,
450 : GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_RSA,
451 : GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
452 : GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
453 :
454 : /* CCM */
455 : ENTRY(GNUTLS_RSA_AES_128_CCM,
456 : GNUTLS_CIPHER_AES_128_CCM, GNUTLS_KX_RSA,
457 : GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
458 : GNUTLS_DTLS1_2),
459 : ENTRY(GNUTLS_RSA_AES_256_CCM,
460 : GNUTLS_CIPHER_AES_256_CCM, GNUTLS_KX_RSA,
461 : GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
462 : GNUTLS_DTLS1_2),
463 :
464 :
465 : /* CCM_8 */
466 : ENTRY(GNUTLS_RSA_AES_128_CCM_8,
467 : GNUTLS_CIPHER_AES_128_CCM_8, GNUTLS_KX_RSA,
468 : GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
469 : GNUTLS_DTLS1_2),
470 : ENTRY(GNUTLS_RSA_AES_256_CCM_8,
471 : GNUTLS_CIPHER_AES_256_CCM_8, GNUTLS_KX_RSA,
472 : GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
473 : GNUTLS_DTLS1_2),
474 :
475 :
476 : /* DHE_DSS */
477 : #ifdef ENABLE_DHE
478 : ENTRY(GNUTLS_DHE_DSS_ARCFOUR_128_SHA1,
479 : GNUTLS_CIPHER_ARCFOUR_128, GNUTLS_KX_DHE_DSS,
480 : GNUTLS_MAC_SHA1, GNUTLS_SSL3,
481 : GNUTLS_VERSION_UNKNOWN),
482 : ENTRY(GNUTLS_DHE_DSS_3DES_EDE_CBC_SHA1,
483 : GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_DSS,
484 : GNUTLS_MAC_SHA1, GNUTLS_SSL3,
485 : GNUTLS_DTLS_VERSION_MIN),
486 : ENTRY(GNUTLS_DHE_DSS_AES_128_CBC_SHA1,
487 : GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_DSS,
488 : GNUTLS_MAC_SHA1, GNUTLS_SSL3,
489 : GNUTLS_DTLS_VERSION_MIN),
490 : ENTRY(GNUTLS_DHE_DSS_AES_256_CBC_SHA1,
491 : GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_DSS,
492 : GNUTLS_MAC_SHA1, GNUTLS_SSL3,
493 : GNUTLS_DTLS_VERSION_MIN),
494 : ENTRY(GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA256,
495 : GNUTLS_CIPHER_CAMELLIA_128_CBC,
496 : GNUTLS_KX_DHE_DSS,
497 : GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
498 : GNUTLS_DTLS1_2),
499 : ENTRY(GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA256,
500 : GNUTLS_CIPHER_CAMELLIA_256_CBC,
501 : GNUTLS_KX_DHE_DSS,
502 : GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
503 : GNUTLS_DTLS1_2),
504 :
505 : ENTRY(GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA1,
506 : GNUTLS_CIPHER_CAMELLIA_128_CBC,
507 : GNUTLS_KX_DHE_DSS,
508 : GNUTLS_MAC_SHA1, GNUTLS_SSL3,
509 : GNUTLS_DTLS_VERSION_MIN),
510 : ENTRY(GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA1,
511 : GNUTLS_CIPHER_CAMELLIA_256_CBC,
512 : GNUTLS_KX_DHE_DSS,
513 : GNUTLS_MAC_SHA1, GNUTLS_SSL3,
514 : GNUTLS_DTLS_VERSION_MIN),
515 : ENTRY(GNUTLS_DHE_DSS_AES_128_CBC_SHA256,
516 : GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_DSS,
517 : GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
518 : GNUTLS_DTLS1_2),
519 : ENTRY(GNUTLS_DHE_DSS_AES_256_CBC_SHA256,
520 : GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_DSS,
521 : GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
522 : GNUTLS_DTLS1_2),
523 : /* GCM */
524 : ENTRY(GNUTLS_DHE_DSS_AES_128_GCM_SHA256,
525 : GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_DHE_DSS,
526 : GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
527 : GNUTLS_DTLS1_2),
528 : ENTRY_PRF(GNUTLS_DHE_DSS_AES_256_GCM_SHA384,
529 : GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_DHE_DSS,
530 : GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
531 : GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
532 : ENTRY(GNUTLS_DHE_DSS_CAMELLIA_128_GCM_SHA256,
533 : GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_DHE_DSS,
534 : GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
535 : GNUTLS_DTLS1_2),
536 : ENTRY_PRF(GNUTLS_DHE_DSS_CAMELLIA_256_GCM_SHA384,
537 : GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_DHE_DSS,
538 : GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
539 : GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
540 :
541 : /* DHE_RSA */
542 : ENTRY(GNUTLS_DHE_RSA_3DES_EDE_CBC_SHA1,
543 : GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_RSA,
544 : GNUTLS_MAC_SHA1, GNUTLS_SSL3,
545 : GNUTLS_DTLS_VERSION_MIN),
546 : ENTRY(GNUTLS_DHE_RSA_AES_128_CBC_SHA1,
547 : GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_RSA,
548 : GNUTLS_MAC_SHA1, GNUTLS_SSL3,
549 : GNUTLS_DTLS_VERSION_MIN),
550 : ENTRY(GNUTLS_DHE_RSA_AES_256_CBC_SHA1,
551 : GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_RSA,
552 : GNUTLS_MAC_SHA1, GNUTLS_SSL3,
553 : GNUTLS_DTLS_VERSION_MIN),
554 : ENTRY(GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA256,
555 : GNUTLS_CIPHER_CAMELLIA_128_CBC,
556 : GNUTLS_KX_DHE_RSA,
557 : GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
558 : GNUTLS_DTLS1_2),
559 : ENTRY(GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA256,
560 : GNUTLS_CIPHER_CAMELLIA_256_CBC,
561 : GNUTLS_KX_DHE_RSA,
562 : GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
563 : GNUTLS_DTLS1_2),
564 : ENTRY(GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA1,
565 : GNUTLS_CIPHER_CAMELLIA_128_CBC,
566 : GNUTLS_KX_DHE_RSA,
567 : GNUTLS_MAC_SHA1, GNUTLS_SSL3,
568 : GNUTLS_DTLS_VERSION_MIN),
569 : ENTRY(GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA1,
570 : GNUTLS_CIPHER_CAMELLIA_256_CBC,
571 : GNUTLS_KX_DHE_RSA,
572 : GNUTLS_MAC_SHA1, GNUTLS_SSL3,
573 : GNUTLS_DTLS_VERSION_MIN),
574 : ENTRY(GNUTLS_DHE_RSA_AES_128_CBC_SHA256,
575 : GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_RSA,
576 : GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
577 : GNUTLS_DTLS1_2),
578 : ENTRY(GNUTLS_DHE_RSA_AES_256_CBC_SHA256,
579 : GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_RSA,
580 : GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
581 : GNUTLS_DTLS1_2),
582 : /* GCM */
583 : ENTRY(GNUTLS_DHE_RSA_AES_128_GCM_SHA256,
584 : GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_DHE_RSA,
585 : GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
586 : GNUTLS_DTLS1_2),
587 : ENTRY_PRF(GNUTLS_DHE_RSA_AES_256_GCM_SHA384,
588 : GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_DHE_RSA,
589 : GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
590 : GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
591 : ENTRY(GNUTLS_DHE_RSA_CAMELLIA_128_GCM_SHA256,
592 : GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_DHE_RSA,
593 : GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
594 : GNUTLS_DTLS1_2),
595 : ENTRY_PRF(GNUTLS_DHE_RSA_CAMELLIA_256_GCM_SHA384,
596 : GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_DHE_RSA,
597 : GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
598 : GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
599 :
600 : ENTRY(GNUTLS_DHE_RSA_CHACHA20_POLY1305,
601 : GNUTLS_CIPHER_CHACHA20_POLY1305, GNUTLS_KX_DHE_RSA,
602 : GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2),
603 :
604 : /* CCM */
605 : ENTRY(GNUTLS_DHE_RSA_AES_128_CCM,
606 : GNUTLS_CIPHER_AES_128_CCM, GNUTLS_KX_DHE_RSA,
607 : GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
608 : GNUTLS_DTLS1_2),
609 : ENTRY(GNUTLS_DHE_RSA_AES_256_CCM,
610 : GNUTLS_CIPHER_AES_256_CCM, GNUTLS_KX_DHE_RSA,
611 : GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
612 : GNUTLS_DTLS1_2),
613 : ENTRY(GNUTLS_DHE_RSA_AES_128_CCM_8,
614 : GNUTLS_CIPHER_AES_128_CCM_8, GNUTLS_KX_DHE_RSA,
615 : GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
616 : GNUTLS_DTLS1_2),
617 : ENTRY(GNUTLS_DHE_RSA_AES_256_CCM_8,
618 : GNUTLS_CIPHER_AES_256_CCM_8, GNUTLS_KX_DHE_RSA,
619 : GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
620 : GNUTLS_DTLS1_2),
621 :
622 : #endif /* DHE */
623 : #ifdef ENABLE_ECDHE
624 : /* ECC-RSA */
625 : ENTRY(GNUTLS_ECDHE_RSA_NULL_SHA1,
626 : GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_RSA,
627 : GNUTLS_MAC_SHA1, GNUTLS_SSL3,
628 : GNUTLS_DTLS_VERSION_MIN),
629 : ENTRY(GNUTLS_ECDHE_RSA_3DES_EDE_CBC_SHA1,
630 : GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ECDHE_RSA,
631 : GNUTLS_MAC_SHA1, GNUTLS_SSL3,
632 : GNUTLS_DTLS_VERSION_MIN),
633 : ENTRY(GNUTLS_ECDHE_RSA_AES_128_CBC_SHA1,
634 : GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_RSA,
635 : GNUTLS_MAC_SHA1, GNUTLS_SSL3,
636 : GNUTLS_DTLS_VERSION_MIN),
637 : ENTRY(GNUTLS_ECDHE_RSA_AES_256_CBC_SHA1,
638 : GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_RSA,
639 : GNUTLS_MAC_SHA1, GNUTLS_SSL3,
640 : GNUTLS_DTLS_VERSION_MIN),
641 : ENTRY_PRF(GNUTLS_ECDHE_RSA_AES_256_CBC_SHA384,
642 : GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_RSA,
643 : GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
644 : GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
645 : ENTRY(GNUTLS_ECDHE_RSA_ARCFOUR_128_SHA1,
646 : GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_ECDHE_RSA,
647 : GNUTLS_MAC_SHA1, GNUTLS_SSL3,
648 : GNUTLS_VERSION_UNKNOWN),
649 : ENTRY(GNUTLS_ECDHE_RSA_CAMELLIA_128_CBC_SHA256,
650 : GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_ECDHE_RSA,
651 : GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
652 : GNUTLS_DTLS1_2),
653 : ENTRY_PRF(GNUTLS_ECDHE_RSA_CAMELLIA_256_CBC_SHA384,
654 : GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_ECDHE_RSA,
655 : GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
656 : GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
657 :
658 : /* ECDHE-ECDSA */
659 : ENTRY(GNUTLS_ECDHE_ECDSA_NULL_SHA1,
660 : GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_ECDSA,
661 : GNUTLS_MAC_SHA1, GNUTLS_SSL3,
662 : GNUTLS_DTLS_VERSION_MIN),
663 : ENTRY(GNUTLS_ECDHE_ECDSA_3DES_EDE_CBC_SHA1,
664 : GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ECDHE_ECDSA,
665 : GNUTLS_MAC_SHA1, GNUTLS_SSL3,
666 : GNUTLS_DTLS_VERSION_MIN),
667 : ENTRY(GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA1,
668 : GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_ECDSA,
669 : GNUTLS_MAC_SHA1, GNUTLS_SSL3,
670 : GNUTLS_DTLS_VERSION_MIN),
671 : ENTRY(GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA1,
672 : GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_ECDSA,
673 : GNUTLS_MAC_SHA1, GNUTLS_SSL3,
674 : GNUTLS_DTLS_VERSION_MIN),
675 : ENTRY(GNUTLS_ECDHE_ECDSA_ARCFOUR_128_SHA1,
676 : GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_ECDHE_ECDSA,
677 : GNUTLS_MAC_SHA1, GNUTLS_SSL3,
678 : GNUTLS_VERSION_UNKNOWN),
679 : ENTRY(GNUTLS_ECDHE_ECDSA_CAMELLIA_128_CBC_SHA256,
680 : GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_ECDHE_ECDSA,
681 : GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
682 : GNUTLS_DTLS1_2),
683 : ENTRY_PRF(GNUTLS_ECDHE_ECDSA_CAMELLIA_256_CBC_SHA384,
684 : GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_ECDHE_ECDSA,
685 : GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
686 : GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
687 :
688 : /* More ECC */
689 :
690 : ENTRY(GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA256,
691 : GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_ECDSA,
692 : GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
693 : GNUTLS_DTLS1_2),
694 : ENTRY(GNUTLS_ECDHE_RSA_AES_128_CBC_SHA256,
695 : GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_RSA,
696 : GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
697 : GNUTLS_DTLS1_2),
698 : ENTRY(GNUTLS_ECDHE_ECDSA_CAMELLIA_128_GCM_SHA256,
699 : GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_ECDHE_ECDSA,
700 : GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
701 : GNUTLS_DTLS1_2),
702 : ENTRY_PRF(GNUTLS_ECDHE_ECDSA_CAMELLIA_256_GCM_SHA384,
703 : GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_ECDHE_ECDSA,
704 : GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
705 : GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
706 : ENTRY(GNUTLS_ECDHE_ECDSA_AES_128_GCM_SHA256,
707 : GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_ECDHE_ECDSA,
708 : GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
709 : GNUTLS_DTLS1_2),
710 : ENTRY_PRF(GNUTLS_ECDHE_ECDSA_AES_256_GCM_SHA384,
711 : GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_ECDHE_ECDSA,
712 : GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
713 : GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
714 : ENTRY(GNUTLS_ECDHE_RSA_AES_128_GCM_SHA256,
715 : GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_ECDHE_RSA,
716 : GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
717 : GNUTLS_DTLS1_2),
718 : ENTRY_PRF(GNUTLS_ECDHE_RSA_AES_256_GCM_SHA384,
719 : GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_ECDHE_RSA,
720 : GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
721 : GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
722 : ENTRY_PRF(GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA384,
723 : GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_ECDSA,
724 : GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
725 : GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
726 :
727 : ENTRY(GNUTLS_ECDHE_RSA_CAMELLIA_128_GCM_SHA256,
728 : GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_ECDHE_RSA,
729 : GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
730 : GNUTLS_DTLS1_2),
731 : ENTRY_PRF(GNUTLS_ECDHE_RSA_CAMELLIA_256_GCM_SHA384,
732 : GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_ECDHE_RSA,
733 : GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
734 : GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
735 :
736 : ENTRY(GNUTLS_ECDHE_RSA_CHACHA20_POLY1305,
737 : GNUTLS_CIPHER_CHACHA20_POLY1305, GNUTLS_KX_ECDHE_RSA,
738 : GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
739 : GNUTLS_DTLS1_2),
740 :
741 : ENTRY(GNUTLS_ECDHE_ECDSA_CHACHA20_POLY1305,
742 : GNUTLS_CIPHER_CHACHA20_POLY1305, GNUTLS_KX_ECDHE_ECDSA,
743 : GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
744 : GNUTLS_DTLS1_2),
745 :
746 : ENTRY(GNUTLS_ECDHE_ECDSA_AES_128_CCM,
747 : GNUTLS_CIPHER_AES_128_CCM, GNUTLS_KX_ECDHE_ECDSA,
748 : GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
749 : GNUTLS_DTLS1_2),
750 : ENTRY(GNUTLS_ECDHE_ECDSA_AES_256_CCM,
751 : GNUTLS_CIPHER_AES_256_CCM, GNUTLS_KX_ECDHE_ECDSA,
752 : GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
753 : GNUTLS_DTLS1_2),
754 : ENTRY(GNUTLS_ECDHE_ECDSA_AES_128_CCM_8,
755 : GNUTLS_CIPHER_AES_128_CCM_8, GNUTLS_KX_ECDHE_ECDSA,
756 : GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
757 : GNUTLS_DTLS1_2),
758 : ENTRY(GNUTLS_ECDHE_ECDSA_AES_256_CCM_8,
759 : GNUTLS_CIPHER_AES_256_CCM_8, GNUTLS_KX_ECDHE_ECDSA,
760 : GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
761 : GNUTLS_DTLS1_2),
762 : #endif
763 : #ifdef ENABLE_PSK
764 : /* ECC - PSK */
765 : ENTRY(GNUTLS_ECDHE_PSK_3DES_EDE_CBC_SHA1,
766 : GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ECDHE_PSK,
767 : GNUTLS_MAC_SHA1, GNUTLS_SSL3,
768 : GNUTLS_DTLS_VERSION_MIN),
769 : ENTRY(GNUTLS_ECDHE_PSK_AES_128_CBC_SHA1,
770 : GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_PSK,
771 : GNUTLS_MAC_SHA1, GNUTLS_SSL3,
772 : GNUTLS_DTLS_VERSION_MIN),
773 : ENTRY(GNUTLS_ECDHE_PSK_AES_256_CBC_SHA1,
774 : GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_PSK,
775 : GNUTLS_MAC_SHA1, GNUTLS_SSL3,
776 : GNUTLS_DTLS_VERSION_MIN),
777 : ENTRY(GNUTLS_ECDHE_PSK_AES_128_CBC_SHA256,
778 : GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_PSK,
779 : GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
780 : GNUTLS_DTLS1_2),
781 : ENTRY_PRF(GNUTLS_ECDHE_PSK_AES_256_CBC_SHA384,
782 : GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_PSK,
783 : GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
784 : GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
785 : ENTRY(GNUTLS_ECDHE_PSK_ARCFOUR_128_SHA1,
786 : GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_ECDHE_PSK,
787 : GNUTLS_MAC_SHA1, GNUTLS_SSL3,
788 : GNUTLS_VERSION_UNKNOWN),
789 : ENTRY(GNUTLS_ECDHE_PSK_NULL_SHA1,
790 : GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_PSK,
791 : GNUTLS_MAC_SHA1, GNUTLS_SSL3,
792 : GNUTLS_DTLS_VERSION_MIN),
793 : ENTRY(GNUTLS_ECDHE_PSK_NULL_SHA256,
794 : GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_PSK,
795 : GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
796 : GNUTLS_DTLS1_2),
797 : ENTRY_PRF(GNUTLS_ECDHE_PSK_NULL_SHA384,
798 : GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_PSK,
799 : GNUTLS_MAC_SHA384, GNUTLS_TLS1,
800 : GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
801 : ENTRY(GNUTLS_ECDHE_PSK_CAMELLIA_128_CBC_SHA256,
802 : GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_ECDHE_PSK,
803 : GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
804 : GNUTLS_DTLS1_2),
805 : ENTRY_PRF(GNUTLS_ECDHE_PSK_CAMELLIA_256_CBC_SHA384,
806 : GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_ECDHE_PSK,
807 : GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
808 : GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
809 :
810 : /* PSK */
811 : ENTRY(GNUTLS_PSK_ARCFOUR_128_SHA1,
812 : GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_PSK,
813 : GNUTLS_MAC_SHA1, GNUTLS_SSL3,
814 : GNUTLS_VERSION_UNKNOWN),
815 : ENTRY(GNUTLS_PSK_3DES_EDE_CBC_SHA1,
816 : GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_PSK,
817 : GNUTLS_MAC_SHA1, GNUTLS_SSL3,
818 : GNUTLS_DTLS_VERSION_MIN),
819 : ENTRY(GNUTLS_PSK_AES_128_CBC_SHA1,
820 : GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_PSK,
821 : GNUTLS_MAC_SHA1, GNUTLS_SSL3,
822 : GNUTLS_DTLS_VERSION_MIN),
823 : ENTRY(GNUTLS_PSK_AES_256_CBC_SHA1,
824 : GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_PSK,
825 : GNUTLS_MAC_SHA1, GNUTLS_SSL3,
826 : GNUTLS_DTLS_VERSION_MIN),
827 : ENTRY(GNUTLS_PSK_AES_128_CBC_SHA256,
828 : GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_PSK,
829 : GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
830 : GNUTLS_DTLS1_2),
831 : ENTRY_PRF(GNUTLS_PSK_AES_256_GCM_SHA384,
832 : GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_PSK,
833 : GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
834 : GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
835 : ENTRY(GNUTLS_PSK_CAMELLIA_128_GCM_SHA256,
836 : GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_PSK,
837 : GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
838 : GNUTLS_DTLS1_2),
839 : ENTRY_PRF(GNUTLS_PSK_CAMELLIA_256_GCM_SHA384,
840 : GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_PSK,
841 : GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
842 : GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
843 :
844 :
845 : ENTRY(GNUTLS_PSK_AES_128_GCM_SHA256,
846 : GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_PSK,
847 : GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
848 : GNUTLS_DTLS1_2),
849 : ENTRY(GNUTLS_PSK_NULL_SHA1,
850 : GNUTLS_CIPHER_NULL, GNUTLS_KX_PSK,
851 : GNUTLS_MAC_SHA1, GNUTLS_SSL3,
852 : GNUTLS_DTLS_VERSION_MIN),
853 : ENTRY(GNUTLS_PSK_NULL_SHA256,
854 : GNUTLS_CIPHER_NULL, GNUTLS_KX_PSK,
855 : GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
856 : GNUTLS_DTLS1_2),
857 : ENTRY(GNUTLS_PSK_CAMELLIA_128_CBC_SHA256,
858 : GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_PSK,
859 : GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
860 : GNUTLS_DTLS1_2),
861 : ENTRY_PRF(GNUTLS_PSK_CAMELLIA_256_CBC_SHA384,
862 : GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_PSK,
863 : GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
864 : GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
865 :
866 : ENTRY_PRF(GNUTLS_PSK_AES_256_CBC_SHA384,
867 : GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_PSK,
868 : GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
869 : GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
870 : ENTRY_PRF(GNUTLS_PSK_NULL_SHA384,
871 : GNUTLS_CIPHER_NULL, GNUTLS_KX_PSK,
872 : GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
873 : GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
874 :
875 : /* RSA-PSK */
876 : ENTRY(GNUTLS_RSA_PSK_ARCFOUR_128_SHA1,
877 : GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_RSA_PSK,
878 : GNUTLS_MAC_SHA1, GNUTLS_TLS1,
879 : GNUTLS_VERSION_UNKNOWN),
880 : ENTRY(GNUTLS_RSA_PSK_3DES_EDE_CBC_SHA1,
881 : GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_RSA_PSK,
882 : GNUTLS_MAC_SHA1, GNUTLS_TLS1,
883 : GNUTLS_DTLS_VERSION_MIN),
884 : ENTRY(GNUTLS_RSA_PSK_AES_128_CBC_SHA1,
885 : GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA_PSK,
886 : GNUTLS_MAC_SHA1, GNUTLS_TLS1,
887 : GNUTLS_DTLS_VERSION_MIN),
888 : ENTRY(GNUTLS_RSA_PSK_AES_256_CBC_SHA1,
889 : GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA_PSK,
890 : GNUTLS_MAC_SHA1, GNUTLS_TLS1,
891 : GNUTLS_DTLS_VERSION_MIN),
892 : ENTRY(GNUTLS_RSA_PSK_CAMELLIA_128_GCM_SHA256,
893 : GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_RSA_PSK,
894 : GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
895 : GNUTLS_DTLS1_2),
896 : ENTRY_PRF(GNUTLS_RSA_PSK_CAMELLIA_256_GCM_SHA384,
897 : GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_RSA_PSK,
898 : GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
899 : GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
900 :
901 :
902 : ENTRY(GNUTLS_RSA_PSK_AES_128_GCM_SHA256,
903 : GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_RSA_PSK,
904 : GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
905 : GNUTLS_DTLS1_2),
906 : ENTRY(GNUTLS_RSA_PSK_AES_128_CBC_SHA256,
907 : GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA_PSK,
908 : GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
909 : GNUTLS_DTLS1_2),
910 : ENTRY(GNUTLS_RSA_PSK_NULL_SHA1,
911 : GNUTLS_CIPHER_NULL, GNUTLS_KX_RSA_PSK,
912 : GNUTLS_MAC_SHA1, GNUTLS_TLS1,
913 : GNUTLS_DTLS_VERSION_MIN),
914 : ENTRY(GNUTLS_RSA_PSK_NULL_SHA256,
915 : GNUTLS_CIPHER_NULL, GNUTLS_KX_RSA_PSK,
916 : GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
917 : GNUTLS_DTLS1_2),
918 : ENTRY_PRF(GNUTLS_RSA_PSK_AES_256_GCM_SHA384,
919 : GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_RSA_PSK,
920 : GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
921 : GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
922 : ENTRY_PRF(GNUTLS_RSA_PSK_AES_256_CBC_SHA384,
923 : GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA_PSK,
924 : GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
925 : GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
926 : ENTRY_PRF(GNUTLS_RSA_PSK_NULL_SHA384,
927 : GNUTLS_CIPHER_NULL, GNUTLS_KX_RSA_PSK,
928 : GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
929 : GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
930 : ENTRY(GNUTLS_RSA_PSK_CAMELLIA_128_CBC_SHA256,
931 : GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_RSA_PSK,
932 : GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
933 : GNUTLS_DTLS1_2),
934 : ENTRY_PRF(GNUTLS_RSA_PSK_CAMELLIA_256_CBC_SHA384,
935 : GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_RSA_PSK,
936 : GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
937 : GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
938 :
939 :
940 : /* DHE-PSK */
941 : ENTRY(GNUTLS_DHE_PSK_ARCFOUR_128_SHA1,
942 : GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_DHE_PSK,
943 : GNUTLS_MAC_SHA1, GNUTLS_SSL3,
944 : GNUTLS_VERSION_UNKNOWN),
945 : ENTRY(GNUTLS_DHE_PSK_3DES_EDE_CBC_SHA1,
946 : GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_PSK,
947 : GNUTLS_MAC_SHA1, GNUTLS_SSL3,
948 : GNUTLS_DTLS_VERSION_MIN),
949 : ENTRY(GNUTLS_DHE_PSK_AES_128_CBC_SHA1,
950 : GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_PSK,
951 : GNUTLS_MAC_SHA1, GNUTLS_SSL3,
952 : GNUTLS_DTLS_VERSION_MIN),
953 : ENTRY(GNUTLS_DHE_PSK_AES_256_CBC_SHA1,
954 : GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_PSK,
955 : GNUTLS_MAC_SHA1, GNUTLS_SSL3,
956 : GNUTLS_DTLS_VERSION_MIN),
957 : ENTRY(GNUTLS_DHE_PSK_AES_128_CBC_SHA256,
958 : GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_PSK,
959 : GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
960 : GNUTLS_DTLS1_2),
961 : ENTRY(GNUTLS_DHE_PSK_AES_128_GCM_SHA256,
962 : GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_DHE_PSK,
963 : GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
964 : GNUTLS_DTLS1_2),
965 : ENTRY(GNUTLS_DHE_PSK_NULL_SHA1,
966 : GNUTLS_CIPHER_NULL, GNUTLS_KX_DHE_PSK,
967 : GNUTLS_MAC_SHA1, GNUTLS_SSL3,
968 : GNUTLS_DTLS_VERSION_MIN),
969 : ENTRY(GNUTLS_DHE_PSK_NULL_SHA256,
970 : GNUTLS_CIPHER_NULL, GNUTLS_KX_DHE_PSK,
971 : GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
972 : GNUTLS_DTLS1_2),
973 : ENTRY_PRF(GNUTLS_DHE_PSK_NULL_SHA384,
974 : GNUTLS_CIPHER_NULL, GNUTLS_KX_DHE_PSK,
975 : GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
976 : GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
977 : ENTRY_PRF(GNUTLS_DHE_PSK_AES_256_CBC_SHA384,
978 : GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_PSK,
979 : GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
980 : GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
981 : ENTRY_PRF(GNUTLS_DHE_PSK_AES_256_GCM_SHA384,
982 : GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_DHE_PSK,
983 : GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
984 : GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
985 : ENTRY(GNUTLS_DHE_PSK_CAMELLIA_128_CBC_SHA256,
986 : GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_DHE_PSK,
987 : GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
988 : GNUTLS_DTLS1_2),
989 : ENTRY_PRF(GNUTLS_DHE_PSK_CAMELLIA_256_CBC_SHA384,
990 : GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_DHE_PSK,
991 : GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
992 : GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
993 : ENTRY(GNUTLS_DHE_PSK_CAMELLIA_128_GCM_SHA256,
994 : GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_DHE_PSK,
995 : GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
996 : GNUTLS_DTLS1_2),
997 : ENTRY_PRF(GNUTLS_DHE_PSK_CAMELLIA_256_GCM_SHA384,
998 : GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_DHE_PSK,
999 : GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
1000 : GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
1001 :
1002 : ENTRY(GNUTLS_PSK_AES_128_CCM,
1003 : GNUTLS_CIPHER_AES_128_CCM, GNUTLS_KX_PSK,
1004 : GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
1005 : GNUTLS_DTLS1_2),
1006 : ENTRY(GNUTLS_PSK_AES_256_CCM,
1007 : GNUTLS_CIPHER_AES_256_CCM, GNUTLS_KX_PSK,
1008 : GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
1009 : GNUTLS_DTLS1_2),
1010 : ENTRY(GNUTLS_DHE_PSK_AES_128_CCM,
1011 : GNUTLS_CIPHER_AES_128_CCM, GNUTLS_KX_DHE_PSK,
1012 : GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
1013 : GNUTLS_DTLS1_2),
1014 : ENTRY(GNUTLS_DHE_PSK_AES_256_CCM,
1015 : GNUTLS_CIPHER_AES_256_CCM, GNUTLS_KX_DHE_PSK,
1016 : GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
1017 : GNUTLS_DTLS1_2),
1018 : ENTRY(GNUTLS_PSK_AES_128_CCM_8,
1019 : GNUTLS_CIPHER_AES_128_CCM_8, GNUTLS_KX_PSK,
1020 : GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
1021 : GNUTLS_DTLS1_2),
1022 : ENTRY(GNUTLS_PSK_AES_256_CCM_8,
1023 : GNUTLS_CIPHER_AES_256_CCM_8, GNUTLS_KX_PSK,
1024 : GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
1025 : GNUTLS_DTLS1_2),
1026 : ENTRY(GNUTLS_DHE_PSK_AES_128_CCM_8,
1027 : GNUTLS_CIPHER_AES_128_CCM_8, GNUTLS_KX_DHE_PSK,
1028 : GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
1029 : GNUTLS_DTLS1_2),
1030 : ENTRY(GNUTLS_DHE_PSK_AES_256_CCM_8,
1031 : GNUTLS_CIPHER_AES_256_CCM_8, GNUTLS_KX_DHE_PSK,
1032 : GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
1033 : GNUTLS_DTLS1_2),
1034 : ENTRY(GNUTLS_DHE_PSK_CHACHA20_POLY1305,
1035 : GNUTLS_CIPHER_CHACHA20_POLY1305, GNUTLS_KX_DHE_PSK,
1036 : GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2),
1037 : ENTRY(GNUTLS_ECDHE_PSK_CHACHA20_POLY1305,
1038 : GNUTLS_CIPHER_CHACHA20_POLY1305, GNUTLS_KX_ECDHE_PSK,
1039 : GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2),
1040 :
1041 : ENTRY(GNUTLS_RSA_PSK_CHACHA20_POLY1305,
1042 : GNUTLS_CIPHER_CHACHA20_POLY1305, GNUTLS_KX_RSA_PSK,
1043 : GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2),
1044 :
1045 : ENTRY(GNUTLS_PSK_CHACHA20_POLY1305,
1046 : GNUTLS_CIPHER_CHACHA20_POLY1305, GNUTLS_KX_PSK,
1047 : GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2),
1048 :
1049 : #endif
1050 : #ifdef ENABLE_ANON
1051 : /* DH_ANON */
1052 : ENTRY(GNUTLS_DH_ANON_ARCFOUR_128_MD5,
1053 : GNUTLS_CIPHER_ARCFOUR_128,
1054 : GNUTLS_KX_ANON_DH, GNUTLS_MAC_MD5,
1055 : GNUTLS_SSL3, GNUTLS_VERSION_UNKNOWN),
1056 : ENTRY(GNUTLS_DH_ANON_3DES_EDE_CBC_SHA1,
1057 : GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ANON_DH,
1058 : GNUTLS_MAC_SHA1, GNUTLS_SSL3,
1059 : GNUTLS_DTLS_VERSION_MIN),
1060 : ENTRY(GNUTLS_DH_ANON_AES_128_CBC_SHA1,
1061 : GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_DH,
1062 : GNUTLS_MAC_SHA1, GNUTLS_SSL3,
1063 : GNUTLS_DTLS_VERSION_MIN),
1064 : ENTRY(GNUTLS_DH_ANON_AES_256_CBC_SHA1,
1065 : GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_DH,
1066 : GNUTLS_MAC_SHA1, GNUTLS_SSL3,
1067 : GNUTLS_DTLS_VERSION_MIN),
1068 : ENTRY(GNUTLS_DH_ANON_CAMELLIA_128_CBC_SHA256,
1069 : GNUTLS_CIPHER_CAMELLIA_128_CBC,
1070 : GNUTLS_KX_ANON_DH,
1071 : GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
1072 : GNUTLS_DTLS1_2),
1073 : ENTRY(GNUTLS_DH_ANON_CAMELLIA_256_CBC_SHA256,
1074 : GNUTLS_CIPHER_CAMELLIA_256_CBC,
1075 : GNUTLS_KX_ANON_DH,
1076 : GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
1077 : GNUTLS_DTLS1_2),
1078 : ENTRY(GNUTLS_DH_ANON_CAMELLIA_128_CBC_SHA1,
1079 : GNUTLS_CIPHER_CAMELLIA_128_CBC,
1080 : GNUTLS_KX_ANON_DH,
1081 : GNUTLS_MAC_SHA1, GNUTLS_SSL3,
1082 : GNUTLS_DTLS_VERSION_MIN),
1083 : ENTRY(GNUTLS_DH_ANON_CAMELLIA_256_CBC_SHA1,
1084 : GNUTLS_CIPHER_CAMELLIA_256_CBC,
1085 : GNUTLS_KX_ANON_DH,
1086 : GNUTLS_MAC_SHA1, GNUTLS_SSL3,
1087 : GNUTLS_DTLS_VERSION_MIN),
1088 : ENTRY(GNUTLS_DH_ANON_AES_128_CBC_SHA256,
1089 : GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_DH,
1090 : GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
1091 : GNUTLS_DTLS1_2),
1092 : ENTRY(GNUTLS_DH_ANON_AES_256_CBC_SHA256,
1093 : GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_DH,
1094 : GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
1095 : GNUTLS_DTLS1_2),
1096 : ENTRY(GNUTLS_DH_ANON_AES_128_GCM_SHA256,
1097 : GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_ANON_DH,
1098 : GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
1099 : GNUTLS_DTLS1_2),
1100 : ENTRY_PRF(GNUTLS_DH_ANON_AES_256_GCM_SHA384,
1101 : GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_ANON_DH,
1102 : GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
1103 : GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
1104 : ENTRY(GNUTLS_DH_ANON_CAMELLIA_128_GCM_SHA256,
1105 : GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_ANON_DH,
1106 : GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
1107 : GNUTLS_DTLS1_2),
1108 : ENTRY_PRF(GNUTLS_DH_ANON_CAMELLIA_256_GCM_SHA384,
1109 : GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_ANON_DH,
1110 : GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
1111 : GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
1112 :
1113 : /* ECC-ANON */
1114 : ENTRY(GNUTLS_ECDH_ANON_NULL_SHA1,
1115 : GNUTLS_CIPHER_NULL, GNUTLS_KX_ANON_ECDH,
1116 : GNUTLS_MAC_SHA1, GNUTLS_SSL3,
1117 : GNUTLS_DTLS_VERSION_MIN),
1118 : ENTRY(GNUTLS_ECDH_ANON_3DES_EDE_CBC_SHA1,
1119 : GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ANON_ECDH,
1120 : GNUTLS_MAC_SHA1, GNUTLS_SSL3,
1121 : GNUTLS_DTLS_VERSION_MIN),
1122 : ENTRY(GNUTLS_ECDH_ANON_AES_128_CBC_SHA1,
1123 : GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_ECDH,
1124 : GNUTLS_MAC_SHA1, GNUTLS_SSL3,
1125 : GNUTLS_DTLS_VERSION_MIN),
1126 : ENTRY(GNUTLS_ECDH_ANON_AES_256_CBC_SHA1,
1127 : GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_ECDH,
1128 : GNUTLS_MAC_SHA1, GNUTLS_SSL3,
1129 : GNUTLS_DTLS_VERSION_MIN),
1130 : ENTRY(GNUTLS_ECDH_ANON_ARCFOUR_128_SHA1,
1131 : GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_ANON_ECDH,
1132 : GNUTLS_MAC_SHA1, GNUTLS_SSL3,
1133 : GNUTLS_VERSION_UNKNOWN),
1134 : #endif
1135 : #ifdef ENABLE_SRP
1136 : /* SRP */
1137 : ENTRY(GNUTLS_SRP_SHA_3DES_EDE_CBC_SHA1,
1138 : GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP,
1139 : GNUTLS_MAC_SHA1, GNUTLS_SSL3,
1140 : GNUTLS_DTLS_VERSION_MIN),
1141 : ENTRY(GNUTLS_SRP_SHA_AES_128_CBC_SHA1,
1142 : GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP,
1143 : GNUTLS_MAC_SHA1, GNUTLS_SSL3,
1144 : GNUTLS_DTLS_VERSION_MIN),
1145 : ENTRY(GNUTLS_SRP_SHA_AES_256_CBC_SHA1,
1146 : GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP,
1147 : GNUTLS_MAC_SHA1, GNUTLS_SSL3,
1148 : GNUTLS_DTLS_VERSION_MIN),
1149 :
1150 : ENTRY(GNUTLS_SRP_SHA_DSS_3DES_EDE_CBC_SHA1,
1151 : GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP_DSS,
1152 : GNUTLS_MAC_SHA1, GNUTLS_SSL3,
1153 : GNUTLS_DTLS_VERSION_MIN),
1154 :
1155 : ENTRY(GNUTLS_SRP_SHA_RSA_3DES_EDE_CBC_SHA1,
1156 : GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP_RSA,
1157 : GNUTLS_MAC_SHA1, GNUTLS_SSL3,
1158 : GNUTLS_DTLS_VERSION_MIN),
1159 :
1160 : ENTRY(GNUTLS_SRP_SHA_DSS_AES_128_CBC_SHA1,
1161 : GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP_DSS,
1162 : GNUTLS_MAC_SHA1, GNUTLS_SSL3,
1163 : GNUTLS_DTLS_VERSION_MIN),
1164 :
1165 : ENTRY(GNUTLS_SRP_SHA_RSA_AES_128_CBC_SHA1,
1166 : GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP_RSA,
1167 : GNUTLS_MAC_SHA1, GNUTLS_SSL3,
1168 : GNUTLS_DTLS_VERSION_MIN),
1169 :
1170 : ENTRY(GNUTLS_SRP_SHA_DSS_AES_256_CBC_SHA1,
1171 : GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP_DSS,
1172 : GNUTLS_MAC_SHA1, GNUTLS_SSL3,
1173 : GNUTLS_DTLS_VERSION_MIN),
1174 :
1175 : ENTRY(GNUTLS_SRP_SHA_RSA_AES_256_CBC_SHA1,
1176 : GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP_RSA,
1177 : GNUTLS_MAC_SHA1, GNUTLS_SSL3,
1178 : GNUTLS_DTLS_VERSION_MIN),
1179 : #endif
1180 :
1181 : #ifdef ENABLE_GOST
1182 : ENTRY_PRF(GNUTLS_GOSTR341112_256_28147_CNT_IMIT,
1183 : GNUTLS_CIPHER_GOST28147_TC26Z_CNT, GNUTLS_KX_VKO_GOST_12,
1184 : GNUTLS_MAC_GOST28147_TC26Z_IMIT, GNUTLS_TLS1_2,
1185 : GNUTLS_VERSION_UNKNOWN, GNUTLS_MAC_STREEBOG_256),
1186 : #endif
1187 :
1188 : {0, {0, 0}, 0, 0, 0, 0, 0, 0}
1189 : };
1190 :
1191 : #define CIPHER_SUITE_LOOP(b) { \
1192 : const gnutls_cipher_suite_entry_st *p; \
1193 : for(p = cs_algorithms; p->name != NULL; p++) { b ; } }
1194 :
1195 : #define CIPHER_SUITE_ALG_LOOP(a, suite) \
1196 : CIPHER_SUITE_LOOP( if( (p->id[0] == suite[0]) && (p->id[1] == suite[1])) { a; break; } )
1197 :
1198 :
1199 : /* Cipher Suite's functions */
1200 206473 : const gnutls_cipher_suite_entry_st *ciphersuite_to_entry(const uint8_t suite[2])
1201 : {
1202 27118700 : CIPHER_SUITE_ALG_LOOP(return p, suite);
1203 : return NULL;
1204 : }
1205 :
1206 : gnutls_kx_algorithm_t
1207 0 : _gnutls_cipher_suite_get_kx_algo(const uint8_t suite[2])
1208 : {
1209 0 : gnutls_kx_algorithm_t ret = GNUTLS_KX_UNKNOWN;
1210 :
1211 0 : CIPHER_SUITE_ALG_LOOP(ret = p->kx_algorithm, suite);
1212 0 : return ret;
1213 :
1214 : }
1215 :
1216 0 : const char *_gnutls_cipher_suite_get_name(const uint8_t suite[2])
1217 : {
1218 0 : const char *ret = NULL;
1219 :
1220 : /* avoid prefix */
1221 0 : CIPHER_SUITE_ALG_LOOP(ret = p->name + sizeof("GNUTLS_") - 1, suite);
1222 :
1223 0 : return ret;
1224 : }
1225 :
1226 :
1227 : const gnutls_cipher_suite_entry_st
1228 2220520 : *cipher_suite_get(gnutls_kx_algorithm_t kx_algorithm,
1229 : gnutls_cipher_algorithm_t cipher_algorithm,
1230 : gnutls_mac_algorithm_t mac_algorithm)
1231 : {
1232 2220520 : const gnutls_cipher_suite_entry_st *ret = NULL;
1233 :
1234 327335000 : CIPHER_SUITE_LOOP(
1235 : if (kx_algorithm == p->kx_algorithm &&
1236 : cipher_algorithm == p->block_algorithm
1237 : && mac_algorithm == p->mac_algorithm) {
1238 : ret = p;
1239 : break;
1240 : }
1241 2220520 : );
1242 :
1243 2220520 : return ret;
1244 : }
1245 :
1246 : /* Returns 0 if the given KX has not the corresponding parameters
1247 : * (DH or RSA) set up. Otherwise returns 1.
1248 : */
1249 : static unsigned
1250 1828 : check_server_dh_params(gnutls_session_t session,
1251 : unsigned cred_type,
1252 : gnutls_kx_algorithm_t kx)
1253 : {
1254 1828 : unsigned have_dh_params = 0;
1255 :
1256 1828 : if (!_gnutls_kx_needs_dh_params(kx)) {
1257 : return 1;
1258 : }
1259 :
1260 1828 : if (session->internals.hsk_flags & HSK_HAVE_FFDHE) {
1261 : /* if the client has advertized FFDHE then it doesn't matter
1262 : * whether we have server DH parameters. They are no good. */
1263 93 : gnutls_assert();
1264 93 : return 0;
1265 : }
1266 :
1267 : /* Read the Diffie-Hellman parameters, if any.
1268 : */
1269 1735 : if (cred_type == GNUTLS_CRD_CERTIFICATE) {
1270 1639 : gnutls_certificate_credentials_t x509_cred =
1271 : (gnutls_certificate_credentials_t)
1272 1639 : _gnutls_get_cred(session, cred_type);
1273 :
1274 1639 : if (x509_cred != NULL && (x509_cred->dh_params || x509_cred->params_func || x509_cred->dh_sec_param)) {
1275 1638 : have_dh_params = 1;
1276 : }
1277 :
1278 : #ifdef ENABLE_ANON
1279 96 : } else if (cred_type == GNUTLS_CRD_ANON) {
1280 17 : gnutls_anon_server_credentials_t anon_cred =
1281 : (gnutls_anon_server_credentials_t)
1282 17 : _gnutls_get_cred(session, cred_type);
1283 :
1284 17 : if (anon_cred != NULL && (anon_cred->dh_params || anon_cred->params_func || anon_cred->dh_sec_param)) {
1285 17 : have_dh_params = 1;
1286 : }
1287 : #endif
1288 : #ifdef ENABLE_PSK
1289 79 : } else if (cred_type == GNUTLS_CRD_PSK) {
1290 79 : gnutls_psk_server_credentials_t psk_cred =
1291 : (gnutls_psk_server_credentials_t)
1292 79 : _gnutls_get_cred(session, cred_type);
1293 :
1294 79 : if (psk_cred != NULL && (psk_cred->dh_params || psk_cred->params_func || psk_cred->dh_sec_param)) {
1295 79 : have_dh_params = 1;
1296 : }
1297 : #endif
1298 : } else {
1299 : return 1; /* no need for params */
1300 : }
1301 :
1302 : return have_dh_params;
1303 : }
1304 :
1305 : /**
1306 : * gnutls_cipher_suite_get_name:
1307 : * @kx_algorithm: is a Key exchange algorithm
1308 : * @cipher_algorithm: is a cipher algorithm
1309 : * @mac_algorithm: is a MAC algorithm
1310 : *
1311 : * This function returns the ciphersuite name under TLS1.2 or earlier
1312 : * versions when provided with individual algorithms. The full cipher suite
1313 : * name must be prepended by TLS or SSL depending of the protocol in use.
1314 : *
1315 : * To get a description of the current ciphersuite across versions, it
1316 : * is recommended to use gnutls_session_get_desc().
1317 : *
1318 : * Returns: a string that contains the name of a TLS cipher suite,
1319 : * specified by the given algorithms, or %NULL.
1320 : **/
1321 39 : const char *gnutls_cipher_suite_get_name(gnutls_kx_algorithm_t
1322 : kx_algorithm,
1323 : gnutls_cipher_algorithm_t
1324 : cipher_algorithm,
1325 : gnutls_mac_algorithm_t
1326 : mac_algorithm)
1327 : {
1328 39 : const gnutls_cipher_suite_entry_st *ce;
1329 :
1330 39 : ce = cipher_suite_get(kx_algorithm, cipher_algorithm,
1331 : mac_algorithm);
1332 39 : if (ce == NULL)
1333 : return NULL;
1334 : else
1335 39 : return ce->name + sizeof("GNUTLS_") - 1;
1336 : }
1337 :
1338 : /*-
1339 : * _gnutls_cipher_suite_get_id:
1340 : * @kx_algorithm: is a Key exchange algorithm
1341 : * @cipher_algorithm: is a cipher algorithm
1342 : * @mac_algorithm: is a MAC algorithm
1343 : * @suite: The id to be returned
1344 : *
1345 : * This function returns the ciphersuite ID in @suite, under TLS1.2 or earlier
1346 : * versions when provided with individual algorithms.
1347 : *
1348 : * Returns: 0 on success or a negative error code otherwise.
1349 : -*/
1350 : int
1351 21 : _gnutls_cipher_suite_get_id(gnutls_kx_algorithm_t kx_algorithm,
1352 : gnutls_cipher_algorithm_t cipher_algorithm,
1353 : gnutls_mac_algorithm_t mac_algorithm,
1354 : uint8_t suite[2])
1355 : {
1356 21 : const gnutls_cipher_suite_entry_st *ce;
1357 :
1358 21 : ce = cipher_suite_get(kx_algorithm, cipher_algorithm,
1359 : mac_algorithm);
1360 21 : if (ce == NULL)
1361 : return GNUTLS_E_INVALID_REQUEST;
1362 : else {
1363 21 : suite[0] = ce->id[0];
1364 21 : suite[1] = ce->id[1];
1365 : }
1366 21 : return 0;
1367 : }
1368 :
1369 : /**
1370 : * gnutls_cipher_suite_info:
1371 : * @idx: index of cipher suite to get information about, starts on 0.
1372 : * @cs_id: output buffer with room for 2 bytes, indicating cipher suite value
1373 : * @kx: output variable indicating key exchange algorithm, or %NULL.
1374 : * @cipher: output variable indicating cipher, or %NULL.
1375 : * @mac: output variable indicating MAC algorithm, or %NULL.
1376 : * @min_version: output variable indicating TLS protocol version, or %NULL.
1377 : *
1378 : * Get information about supported cipher suites. Use the function
1379 : * iteratively to get information about all supported cipher suites.
1380 : * Call with idx=0 to get information about first cipher suite, then
1381 : * idx=1 and so on until the function returns NULL.
1382 : *
1383 : * Returns: the name of @idx cipher suite, and set the information
1384 : * about the cipher suite in the output variables. If @idx is out of
1385 : * bounds, %NULL is returned.
1386 : **/
1387 468 : const char *gnutls_cipher_suite_info(size_t idx,
1388 : unsigned char *cs_id,
1389 : gnutls_kx_algorithm_t * kx,
1390 : gnutls_cipher_algorithm_t * cipher,
1391 : gnutls_mac_algorithm_t * mac,
1392 : gnutls_protocol_t * min_version)
1393 : {
1394 468 : if (idx >= CIPHER_SUITES_COUNT)
1395 : return NULL;
1396 :
1397 466 : if (cs_id)
1398 466 : memcpy(cs_id, cs_algorithms[idx].id, 2);
1399 466 : if (kx)
1400 376 : *kx = cs_algorithms[idx].kx_algorithm;
1401 466 : if (cipher)
1402 376 : *cipher = cs_algorithms[idx].block_algorithm;
1403 466 : if (mac)
1404 376 : *mac = cs_algorithms[idx].mac_algorithm;
1405 466 : if (min_version)
1406 466 : *min_version = cs_algorithms[idx].min_version;
1407 :
1408 466 : return cs_algorithms[idx].name + sizeof("GNU") - 1;
1409 : }
1410 :
1411 : #define VERSION_CHECK(entry) \
1412 : if (is_dtls) { \
1413 : if (entry->min_dtls_version == GNUTLS_VERSION_UNKNOWN || \
1414 : version->id < entry->min_dtls_version || \
1415 : version->id > entry->max_dtls_version) \
1416 : continue; \
1417 : } else { \
1418 : if (entry->min_version == GNUTLS_VERSION_UNKNOWN || \
1419 : version->id < entry->min_version || \
1420 : version->id > entry->max_version) \
1421 : continue; \
1422 : }
1423 :
1424 : #define CIPHER_CHECK(algo) \
1425 : if (session->internals.priorities->force_etm && !have_etm) { \
1426 : const cipher_entry_st *_cipher; \
1427 : _cipher = cipher_to_entry(algo); \
1428 : if (_cipher == NULL || _gnutls_cipher_type(_cipher) == CIPHER_BLOCK) \
1429 : continue; \
1430 : }
1431 :
1432 : #define KX_SRP_CHECKS(kx, action) \
1433 : if (kx == GNUTLS_KX_SRP_RSA || kx == GNUTLS_KX_SRP_DSS) { \
1434 : if (!_gnutls_get_cred(session, GNUTLS_CRD_SRP)) { \
1435 : action; \
1436 : } \
1437 : }
1438 :
1439 23202 : static unsigned kx_is_ok(gnutls_session_t session, gnutls_kx_algorithm_t kx, unsigned cred_type,
1440 : const gnutls_group_entry_st **sgroup)
1441 : {
1442 23202 : if (_gnutls_kx_is_ecc(kx)) {
1443 7469 : if (session->internals.cand_ec_group == NULL) {
1444 : return 0;
1445 : } else {
1446 6966 : *sgroup = session->internals.cand_ec_group;
1447 : }
1448 15733 : } else if (_gnutls_kx_is_dhe(kx)) {
1449 2779 : if (session->internals.cand_dh_group == NULL) {
1450 1828 : if (!check_server_dh_params(session, cred_type, kx)) {
1451 : return 0;
1452 : }
1453 : } else {
1454 951 : *sgroup = session->internals.cand_dh_group;
1455 : }
1456 : }
1457 22605 : KX_SRP_CHECKS(kx, return 0);
1458 :
1459 : return 1;
1460 : }
1461 :
1462 : /* Called on server-side only */
1463 : int
1464 16701 : _gnutls_figure_common_ciphersuite(gnutls_session_t session,
1465 : const ciphersuite_list_st *peer_clist,
1466 : const gnutls_cipher_suite_entry_st **ce)
1467 : {
1468 :
1469 16701 : unsigned int i, j;
1470 16701 : int ret;
1471 16701 : const version_entry_st *version = get_version(session);
1472 16701 : unsigned int is_dtls = IS_DTLS(session);
1473 16701 : gnutls_kx_algorithm_t kx;
1474 16701 : gnutls_credentials_type_t cred_type = GNUTLS_CRD_CERTIFICATE; /* default for TLS1.3 */
1475 16701 : const gnutls_group_entry_st *sgroup = NULL;
1476 16701 : gnutls_ext_priv_data_t epriv;
1477 16701 : unsigned have_etm = 0;
1478 :
1479 16701 : if (version == NULL) {
1480 0 : return gnutls_assert_val(GNUTLS_E_NO_CIPHER_SUITES);
1481 : }
1482 :
1483 : /* we figure whether etm is negotiated by checking the raw extension data
1484 : * because we only set (security_params) EtM to true only after the ciphersuite is
1485 : * negotiated. */
1486 16701 : ret = _gnutls_hello_ext_get_priv(session, GNUTLS_EXTENSION_ETM, &epriv);
1487 16701 : if (ret >= 0 && ((intptr_t)epriv) != 0)
1488 5513 : have_etm = 1;
1489 :
1490 : /* If we didn't receive the supported_groups extension, then
1491 : * we should assume that SECP256R1 is supported; that is required
1492 : * by RFC4492, probably to allow SSLv2 hellos negotiate elliptic curve
1493 : * ciphersuites */
1494 16701 : if (!version->tls13_sem && session->internals.cand_ec_group == NULL &&
1495 23507 : !_gnutls_hello_ext_is_present(session, GNUTLS_EXTENSION_SUPPORTED_GROUPS)) {
1496 6806 : session->internals.cand_ec_group = _gnutls_id_to_group(DEFAULT_EC_GROUP);
1497 : }
1498 :
1499 16701 : if (session->internals.priorities->server_precedence == 0) {
1500 37730 : for (i = 0; i < peer_clist->size; i++) {
1501 36817 : _gnutls_debug_log("checking %.2x.%.2x (%s) for compatibility\n",
1502 : (unsigned)peer_clist->entry[i]->id[0],
1503 : (unsigned)peer_clist->entry[i]->id[1],
1504 : peer_clist->entry[i]->name);
1505 36817 : VERSION_CHECK(peer_clist->entry[i]);
1506 :
1507 33718 : kx = peer_clist->entry[i]->kx_algorithm;
1508 :
1509 33718 : CIPHER_CHECK(peer_clist->entry[i]->block_algorithm);
1510 :
1511 33712 : if (!version->tls13_sem)
1512 26972 : cred_type = _gnutls_map_kx_get_cred(kx, 1);
1513 :
1514 544898 : for (j = 0; j < session->internals.priorities->cs.size; j++) {
1515 532410 : if (session->internals.priorities->cs.entry[j] == peer_clist->entry[i]) {
1516 23036 : sgroup = NULL;
1517 23036 : if (!kx_is_ok(session, kx, cred_type, &sgroup))
1518 605 : continue;
1519 :
1520 : /* if we have selected PSK, we need a ciphersuites which matches
1521 : * the selected binder */
1522 22431 : if (session->internals.hsk_flags & HSK_PSK_SELECTED) {
1523 2722 : if (session->key.binders[0].prf->id != session->internals.priorities->cs.entry[j]->prf)
1524 1207 : continue;
1525 19709 : } else if (cred_type == GNUTLS_CRD_CERTIFICATE) {
1526 16945 : ret = _gnutls_select_server_cert(session, peer_clist->entry[i]);
1527 16945 : if (ret < 0) {
1528 : /* couldn't select cert with this ciphersuite */
1529 5602 : gnutls_assert();
1530 : break;
1531 : }
1532 : }
1533 :
1534 : /* select the group based on the selected ciphersuite */
1535 15622 : if (sgroup)
1536 3353 : _gnutls_session_group_set(session, sgroup);
1537 15622 : *ce = peer_clist->entry[i];
1538 15622 : return 0;
1539 : }
1540 : }
1541 : }
1542 : } else {
1543 270 : for (j = 0; j < session->internals.priorities->cs.size; j++) {
1544 270 : VERSION_CHECK(session->internals.priorities->cs.entry[j]);
1545 :
1546 166 : CIPHER_CHECK(session->internals.priorities->cs.entry[j]->block_algorithm);
1547 :
1548 438 : for (i = 0; i < peer_clist->size; i++) {
1549 438 : _gnutls_debug_log("checking %.2x.%.2x (%s) for compatibility\n",
1550 : (unsigned)peer_clist->entry[i]->id[0],
1551 : (unsigned)peer_clist->entry[i]->id[1],
1552 : peer_clist->entry[i]->name);
1553 :
1554 438 : if (session->internals.priorities->cs.entry[j] == peer_clist->entry[i]) {
1555 166 : sgroup = NULL;
1556 166 : kx = peer_clist->entry[i]->kx_algorithm;
1557 :
1558 166 : if (!version->tls13_sem)
1559 26 : cred_type = _gnutls_map_kx_get_cred(kx, 1);
1560 :
1561 166 : if (!kx_is_ok(session, kx, cred_type, &sgroup))
1562 : break;
1563 :
1564 : /* if we have selected PSK, we need a ciphersuites which matches
1565 : * the selected binder */
1566 166 : if (session->internals.hsk_flags & HSK_PSK_SELECTED) {
1567 130 : if (session->key.binders[0].prf->id != session->internals.priorities->cs.entry[j]->prf)
1568 : break;
1569 36 : } else if (cred_type == GNUTLS_CRD_CERTIFICATE) {
1570 36 : ret = _gnutls_select_server_cert(session, peer_clist->entry[i]);
1571 36 : if (ret < 0) {
1572 : /* couldn't select cert with this ciphersuite */
1573 0 : gnutls_assert();
1574 : break;
1575 : }
1576 : }
1577 :
1578 : /* select the group based on the selected ciphersuite */
1579 166 : if (sgroup)
1580 26 : _gnutls_session_group_set(session, sgroup);
1581 166 : *ce = peer_clist->entry[i];
1582 166 : return 0;
1583 : }
1584 : }
1585 : }
1586 :
1587 : }
1588 :
1589 : /* nothing in common */
1590 :
1591 913 : return gnutls_assert_val(GNUTLS_E_NO_CIPHER_SUITES);
1592 : }
1593 :
1594 : #define CLIENT_VERSION_CHECK(minver, maxver, e) \
1595 : if (is_dtls) { \
1596 : if (e->min_dtls_version > maxver->id) \
1597 : continue; \
1598 : } else { \
1599 : if (e->min_version > maxver->id) \
1600 : continue; \
1601 : }
1602 :
1603 : #define RESERVED_CIPHERSUITES 4
1604 : int
1605 3794 : _gnutls_get_client_ciphersuites(gnutls_session_t session,
1606 : gnutls_buffer_st * cdata,
1607 : const version_entry_st *vmin,
1608 : unsigned add_scsv)
1609 : {
1610 :
1611 3794 : unsigned int j;
1612 3794 : int ret;
1613 3794 : unsigned int is_dtls = IS_DTLS(session);
1614 3794 : gnutls_kx_algorithm_t kx;
1615 3794 : gnutls_credentials_type_t cred_type;
1616 3794 : uint8_t cipher_suites[MAX_CIPHERSUITE_SIZE*2 + RESERVED_CIPHERSUITES];
1617 3794 : unsigned cipher_suites_size = 0;
1618 3794 : size_t init_length = cdata->length;
1619 3794 : const version_entry_st *vmax;
1620 :
1621 3794 : vmax = _gnutls_version_max(session);
1622 3794 : if (vmax == NULL)
1623 0 : return gnutls_assert_val(GNUTLS_E_NO_PRIORITIES_WERE_SET);
1624 :
1625 78862 : for (j = 0; j < session->internals.priorities->cs.size; j++) {
1626 75068 : CLIENT_VERSION_CHECK(vmin, vmax, session->internals.priorities->cs.entry[j]);
1627 :
1628 66738 : kx = session->internals.priorities->cs.entry[j]->kx_algorithm;
1629 66738 : if (kx != GNUTLS_KX_UNKNOWN) { /* In TLS 1.3 ciphersuites don't map to credentials */
1630 59278 : cred_type = _gnutls_map_kx_get_cred(kx, 0);
1631 :
1632 59278 : if (!session->internals.premaster_set && _gnutls_get_cred(session, cred_type) == NULL)
1633 3720 : continue;
1634 :
1635 55558 : KX_SRP_CHECKS(kx, continue);
1636 : }
1637 :
1638 63018 : _gnutls_debug_log("Keeping ciphersuite %.2x.%.2x (%s)\n",
1639 : (unsigned)session->internals.priorities->cs.entry[j]->id[0],
1640 : (unsigned)session->internals.priorities->cs.entry[j]->id[1],
1641 : session->internals.priorities->cs.entry[j]->name);
1642 63018 : cipher_suites[cipher_suites_size] = session->internals.priorities->cs.entry[j]->id[0];
1643 63018 : cipher_suites[cipher_suites_size + 1] = session->internals.priorities->cs.entry[j]->id[1];
1644 63018 : cipher_suites_size += 2;
1645 :
1646 63018 : if (cipher_suites_size >= MAX_CIPHERSUITE_SIZE*2)
1647 : break;
1648 : }
1649 : #ifdef ENABLE_SSL3
1650 : if (add_scsv) {
1651 : cipher_suites[cipher_suites_size] = 0x00;
1652 : cipher_suites[cipher_suites_size + 1] = 0xff;
1653 : cipher_suites_size += 2;
1654 :
1655 : ret = _gnutls_ext_sr_send_cs(session);
1656 : if (ret < 0)
1657 : return gnutls_assert_val(ret);
1658 :
1659 : _gnutls_hello_ext_save_sr(session);
1660 : }
1661 : #endif
1662 :
1663 3794 : if (session->internals.priorities->fallback) {
1664 7 : cipher_suites[cipher_suites_size] = GNUTLS_FALLBACK_SCSV_MAJOR;
1665 7 : cipher_suites[cipher_suites_size + 1] = GNUTLS_FALLBACK_SCSV_MINOR;
1666 7 : cipher_suites_size += 2;
1667 : }
1668 :
1669 3794 : ret = _gnutls_buffer_append_data_prefix(cdata, 16, cipher_suites, cipher_suites_size);
1670 3794 : if (ret < 0)
1671 0 : return gnutls_assert_val(ret);
1672 :
1673 3794 : return cdata->length - init_length;
1674 : }
1675 :
1676 : /**
1677 : * gnutls_priority_get_cipher_suite_index:
1678 : * @pcache: is a #gnutls_prioritity_t type.
1679 : * @idx: is an index number.
1680 : * @sidx: internal index of cipher suite to get information about.
1681 : *
1682 : * Provides the internal ciphersuite index to be used with
1683 : * gnutls_cipher_suite_info(). The index @idx provided is an
1684 : * index kept at the priorities structure. It might be that a valid
1685 : * priorities index does not correspond to a ciphersuite and in
1686 : * that case %GNUTLS_E_UNKNOWN_CIPHER_SUITE will be returned.
1687 : * Once the last available index is crossed then
1688 : * %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned.
1689 : *
1690 : * Returns: On success it returns %GNUTLS_E_SUCCESS (0), or a negative error value otherwise.
1691 : *
1692 : * Since: 3.0.9
1693 : **/
1694 : int
1695 518 : gnutls_priority_get_cipher_suite_index(gnutls_priority_t pcache,
1696 : unsigned int idx,
1697 : unsigned int *sidx)
1698 : {
1699 518 : unsigned int i, j;
1700 518 : unsigned max_tls = 0;
1701 518 : unsigned max_dtls = 0;
1702 :
1703 518 : if (idx >= pcache->cs.size)
1704 : return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
1705 :
1706 : /* find max_tls and max_dtls */
1707 2750 : for (j=0;j<pcache->protocol.num_priorities;j++) {
1708 2258 : if (pcache->protocol.priorities[j] <= GNUTLS_TLS_VERSION_MAX &&
1709 : pcache->protocol.priorities[j] >= max_tls) {
1710 : max_tls = pcache->protocol.priorities[j];
1711 1766 : } else if (pcache->protocol.priorities[j] <= GNUTLS_DTLS_VERSION_MAX &&
1712 : pcache->protocol.priorities[j] >= max_dtls) {
1713 762 : max_dtls = pcache->protocol.priorities[j];
1714 : }
1715 : }
1716 :
1717 38185 : for (i = 0; i < CIPHER_SUITES_COUNT; i++) {
1718 38089 : if (pcache->cs.entry[idx] != &cs_algorithms[i])
1719 37597 : continue;
1720 :
1721 492 : *sidx = i;
1722 984 : if (_gnutls_cipher_exists(cs_algorithms[i].block_algorithm) &&
1723 492 : _gnutls_mac_exists(cs_algorithms[i].mac_algorithm)) {
1724 492 : if (max_tls >= cs_algorithms[i].min_version) {
1725 : return 0;
1726 121 : } else if (max_dtls >= cs_algorithms[i].min_dtls_version) {
1727 : return 0;
1728 : }
1729 : } else
1730 : break;
1731 : }
1732 :
1733 : return GNUTLS_E_UNKNOWN_CIPHER_SUITE;
1734 : }
|