1 /*
2 * Copyright (C) 2011-2012 Free Software Foundation, Inc.
3 * Copyright (C) 2017 Red Hat, Inc.
4 *
5 * Author: Nikos Mavrogiannopoulos
6 *
7 * This file is part of GnuTLS.
8 *
9 * The GnuTLS is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public License
11 * as published by the Free Software Foundation; either version 2.1 of
12 * the License, or (at your option) any later version.
13 *
14 * This library is distributed in the hope that it will be useful, but
15 * WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
18 *
19 * You should have received a copy of the GNU Lesser General Public License
20 * along with this program. If not, see <https://www.gnu.org/licenses/>
21 *
22 */
23
24 #include "gnutls_int.h"
25 #include <algorithms.h>
26 #include "errors.h"
27 #include <dh.h>
28 #include <state.h>
29 #include <x509/common.h>
30 #include <auth/cert.h>
31 #include <auth/anon.h>
32 #include <auth/psk.h>
33 #include <ext/safe_renegotiation.h>
34
35 #ifndef ENABLE_SSL3
36 # define GNUTLS_SSL3 GNUTLS_TLS1
37 #endif
38
39 /* Cipher SUITES */
40 #define ENTRY( name, block_algorithm, kx_algorithm, mac_algorithm, min_version, dtls_version ) \
41 { #name, name, block_algorithm, kx_algorithm, mac_algorithm, min_version, GNUTLS_TLS1_2, dtls_version, GNUTLS_DTLS1_2, GNUTLS_MAC_SHA256}
42 #define ENTRY_PRF( name, block_algorithm, kx_algorithm, mac_algorithm, min_version, dtls_version, prf ) \
43 { #name, name, block_algorithm, kx_algorithm, mac_algorithm, min_version, GNUTLS_TLS1_2, dtls_version, GNUTLS_DTLS1_2, prf}
44 #define ENTRY_TLS13( name, block_algorithm, min_version, prf ) \
45 { #name, name, block_algorithm, 0, GNUTLS_MAC_AEAD, min_version, GNUTLS_TLS1_3, GNUTLS_VERSION_UNKNOWN, GNUTLS_VERSION_UNKNOWN, prf}
46
47 /* TLS 1.3 ciphersuites */
48 #define GNUTLS_AES_128_GCM_SHA256 { 0x13, 0x01 }
49 #define GNUTLS_AES_256_GCM_SHA384 { 0x13, 0x02 }
50 #define GNUTLS_CHACHA20_POLY1305_SHA256 { 0x13, 0x03 }
51 #define GNUTLS_AES_128_CCM_SHA256 { 0x13, 0x04 }
52 #define GNUTLS_AES_128_CCM_8_SHA256 { 0x13,0x05 }
53
54 /* RSA with NULL cipher and MD5 MAC
55 * for test purposes.
56 */
57 #define GNUTLS_RSA_NULL_MD5 { 0x00, 0x01 }
58 #define GNUTLS_RSA_NULL_SHA1 { 0x00, 0x02 }
59 #define GNUTLS_RSA_NULL_SHA256 { 0x00, 0x3B }
60
61 /* ANONymous cipher suites.
62 */
63
64 #define GNUTLS_DH_ANON_3DES_EDE_CBC_SHA1 { 0x00, 0x1B }
65 #define GNUTLS_DH_ANON_ARCFOUR_128_MD5 { 0x00, 0x18 }
66
67 /* rfc3268: */
68 #define GNUTLS_DH_ANON_AES_128_CBC_SHA1 { 0x00, 0x34 }
69 #define GNUTLS_DH_ANON_AES_256_CBC_SHA1 { 0x00, 0x3A }
70
71 /* rfc4132 */
72 #define GNUTLS_DH_ANON_CAMELLIA_128_CBC_SHA1 { 0x00,0x46 }
73 #define GNUTLS_DH_ANON_CAMELLIA_256_CBC_SHA1 { 0x00,0x89 }
74
75 /* rfc5932 */
76 #define GNUTLS_RSA_CAMELLIA_128_CBC_SHA256 { 0x00,0xBA }
77 #define GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA256 { 0x00,0xBD }
78 #define GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA256 { 0x00,0xBE }
79 #define GNUTLS_DH_ANON_CAMELLIA_128_CBC_SHA256 { 0x00,0xBF }
80 #define GNUTLS_RSA_CAMELLIA_256_CBC_SHA256 { 0x00,0xC0 }
81 #define GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA256 { 0x00,0xC3 }
82 #define GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA256 { 0x00,0xC4 }
83 #define GNUTLS_DH_ANON_CAMELLIA_256_CBC_SHA256 { 0x00,0xC5 }
84
85 /* rfc6367 */
86 #define GNUTLS_ECDHE_ECDSA_CAMELLIA_128_CBC_SHA256 { 0xC0,0x72 }
87 #define GNUTLS_ECDHE_ECDSA_CAMELLIA_256_CBC_SHA384 { 0xC0,0x73 }
88 #define GNUTLS_ECDHE_RSA_CAMELLIA_128_CBC_SHA256 { 0xC0,0x76 }
89 #define GNUTLS_ECDHE_RSA_CAMELLIA_256_CBC_SHA384 { 0xC0,0x77 }
90 #define GNUTLS_PSK_CAMELLIA_128_CBC_SHA256 { 0xC0,0x94 }
91 #define GNUTLS_PSK_CAMELLIA_256_CBC_SHA384 { 0xC0,0x95 }
92 #define GNUTLS_DHE_PSK_CAMELLIA_128_CBC_SHA256 { 0xC0,0x96 }
93 #define GNUTLS_DHE_PSK_CAMELLIA_256_CBC_SHA384 { 0xC0,0x97 }
94 #define GNUTLS_RSA_PSK_CAMELLIA_128_CBC_SHA256 { 0xC0,0x98 }
95 #define GNUTLS_RSA_PSK_CAMELLIA_256_CBC_SHA384 { 0xC0,0x99 }
96 #define GNUTLS_ECDHE_PSK_CAMELLIA_128_CBC_SHA256 { 0xC0,0x9A }
97 #define GNUTLS_ECDHE_PSK_CAMELLIA_256_CBC_SHA384 { 0xC0,0x9B }
98
99 #define GNUTLS_RSA_CAMELLIA_128_GCM_SHA256 { 0xC0, 0x7A }
100 #define GNUTLS_RSA_CAMELLIA_256_GCM_SHA384 { 0xC0,0x7B }
101 #define GNUTLS_DHE_RSA_CAMELLIA_128_GCM_SHA256 { 0xC0,0x7C }
102 #define GNUTLS_DHE_RSA_CAMELLIA_256_GCM_SHA384 { 0xC0,0x7D }
103 #define GNUTLS_DHE_DSS_CAMELLIA_128_GCM_SHA256 { 0xC0,0x80 }
104 #define GNUTLS_DHE_DSS_CAMELLIA_256_GCM_SHA384 { 0xC0,0x81 }
105 #define GNUTLS_DH_ANON_CAMELLIA_128_GCM_SHA256 { 0xC0,0x84 }
106 #define GNUTLS_DH_ANON_CAMELLIA_256_GCM_SHA384 { 0xC0,0x85 }
107 #define GNUTLS_ECDHE_ECDSA_CAMELLIA_128_GCM_SHA256 { 0xC0,0x86 }
108 #define GNUTLS_ECDHE_ECDSA_CAMELLIA_256_GCM_SHA384 { 0xC0,0x87 }
109 #define GNUTLS_ECDHE_RSA_CAMELLIA_128_GCM_SHA256 { 0xC0,0x8A }
110 #define GNUTLS_ECDHE_RSA_CAMELLIA_256_GCM_SHA384 { 0xC0,0x8B }
111 #define GNUTLS_PSK_CAMELLIA_128_GCM_SHA256 { 0xC0,0x8E }
112 #define GNUTLS_PSK_CAMELLIA_256_GCM_SHA384 { 0xC0,0x8F }
113 #define GNUTLS_DHE_PSK_CAMELLIA_128_GCM_SHA256 { 0xC0,0x90 }
114 #define GNUTLS_DHE_PSK_CAMELLIA_256_GCM_SHA384 { 0xC0,0x91 }
115 #define GNUTLS_RSA_PSK_CAMELLIA_128_GCM_SHA256 { 0xC0,0x92 }
116 #define GNUTLS_RSA_PSK_CAMELLIA_256_GCM_SHA384 { 0xC0,0x93 }
117
118 #define GNUTLS_DH_ANON_AES_128_CBC_SHA256 { 0x00, 0x6C }
119 #define GNUTLS_DH_ANON_AES_256_CBC_SHA256 { 0x00, 0x6D }
120
121 /* draft-ietf-tls-chacha20-poly1305-02 */
122 #define GNUTLS_ECDHE_RSA_CHACHA20_POLY1305 { 0xCC, 0xA8 }
123 #define GNUTLS_ECDHE_ECDSA_CHACHA20_POLY1305 { 0xCC, 0xA9 }
124 #define GNUTLS_DHE_RSA_CHACHA20_POLY1305 { 0xCC, 0xAA }
125
126 #define GNUTLS_PSK_CHACHA20_POLY1305 { 0xCC, 0xAB }
127 #define GNUTLS_ECDHE_PSK_CHACHA20_POLY1305 { 0xCC, 0xAC }
128 #define GNUTLS_DHE_PSK_CHACHA20_POLY1305 { 0xCC, 0xAD }
129 #define GNUTLS_RSA_PSK_CHACHA20_POLY1305 { 0xCC, 0xAE }
130
131 /* PSK (not in TLS 1.0)
132 * draft-ietf-tls-psk:
133 */
134 #define GNUTLS_PSK_ARCFOUR_128_SHA1 { 0x00, 0x8A }
135 #define GNUTLS_PSK_3DES_EDE_CBC_SHA1 { 0x00, 0x8B }
136 #define GNUTLS_PSK_AES_128_CBC_SHA1 { 0x00, 0x8C }
137 #define GNUTLS_PSK_AES_256_CBC_SHA1 { 0x00, 0x8D }
138
139 #define GNUTLS_DHE_PSK_ARCFOUR_128_SHA1 { 0x00, 0x8E }
140 #define GNUTLS_DHE_PSK_3DES_EDE_CBC_SHA1 { 0x00, 0x8F }
141 #define GNUTLS_DHE_PSK_AES_128_CBC_SHA1 { 0x00, 0x90 }
142 #define GNUTLS_DHE_PSK_AES_256_CBC_SHA1 { 0x00, 0x91 }
143
144 #define GNUTLS_RSA_PSK_ARCFOUR_128_SHA1 { 0x00, 0x92 }
145 #define GNUTLS_RSA_PSK_3DES_EDE_CBC_SHA1 { 0x00, 0x93 }
146 #define GNUTLS_RSA_PSK_AES_128_CBC_SHA1 { 0x00, 0x94 }
147 #define GNUTLS_RSA_PSK_AES_256_CBC_SHA1 { 0x00, 0x95 }
148
149 /* SRP (rfc5054)
150 */
151 #define GNUTLS_SRP_SHA_3DES_EDE_CBC_SHA1 { 0xC0, 0x1A }
152 #define GNUTLS_SRP_SHA_RSA_3DES_EDE_CBC_SHA1 { 0xC0, 0x1B }
153 #define GNUTLS_SRP_SHA_DSS_3DES_EDE_CBC_SHA1 { 0xC0, 0x1C }
154
155 #define GNUTLS_SRP_SHA_AES_128_CBC_SHA1 { 0xC0, 0x1D }
156 #define GNUTLS_SRP_SHA_RSA_AES_128_CBC_SHA1 { 0xC0, 0x1E }
157 #define GNUTLS_SRP_SHA_DSS_AES_128_CBC_SHA1 { 0xC0, 0x1F }
158
159 #define GNUTLS_SRP_SHA_AES_256_CBC_SHA1 { 0xC0, 0x20 }
160 #define GNUTLS_SRP_SHA_RSA_AES_256_CBC_SHA1 { 0xC0, 0x21 }
161 #define GNUTLS_SRP_SHA_DSS_AES_256_CBC_SHA1 { 0xC0, 0x22 }
162
163 /* RSA
164 */
165 #define GNUTLS_RSA_ARCFOUR_128_SHA1 { 0x00, 0x05 }
166 #define GNUTLS_RSA_ARCFOUR_128_MD5 { 0x00, 0x04 }
167 #define GNUTLS_RSA_3DES_EDE_CBC_SHA1 { 0x00, 0x0A }
168
169 /* rfc3268:
170 */
171 #define GNUTLS_RSA_AES_128_CBC_SHA1 { 0x00, 0x2F }
172 #define GNUTLS_RSA_AES_256_CBC_SHA1 { 0x00, 0x35 }
173
174 /* rfc4132 */
175 #define GNUTLS_RSA_CAMELLIA_128_CBC_SHA1 { 0x00,0x41 }
176 #define GNUTLS_RSA_CAMELLIA_256_CBC_SHA1 { 0x00,0x84 }
177
178 #define GNUTLS_RSA_AES_128_CBC_SHA256 { 0x00, 0x3C }
179 #define GNUTLS_RSA_AES_256_CBC_SHA256 { 0x00, 0x3D }
180
181 /* DHE DSS
182 */
183 #define GNUTLS_DHE_DSS_3DES_EDE_CBC_SHA1 { 0x00, 0x13 }
184
185
186 /* draft-ietf-tls-56-bit-ciphersuites-01:
187 */
188 #define GNUTLS_DHE_DSS_ARCFOUR_128_SHA1 { 0x00, 0x66 }
189
190
191 /* rfc3268:
192 */
193 #define GNUTLS_DHE_DSS_AES_256_CBC_SHA1 { 0x00, 0x38 }
194 #define GNUTLS_DHE_DSS_AES_128_CBC_SHA1 { 0x00, 0x32 }
195
196 /* rfc4132 */
197 #define GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA1 { 0x00,0x44 }
198 #define GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA1 { 0x00,0x87 }
199
200 #define GNUTLS_DHE_DSS_AES_128_CBC_SHA256 { 0x00, 0x40 }
201 #define GNUTLS_DHE_DSS_AES_256_CBC_SHA256 { 0x00, 0x6A }
202
203 /* DHE RSA
204 */
205 #define GNUTLS_DHE_RSA_3DES_EDE_CBC_SHA1 { 0x00, 0x16 }
206
207 /* rfc3268:
208 */
209 #define GNUTLS_DHE_RSA_AES_128_CBC_SHA1 { 0x00, 0x33 }
210 #define GNUTLS_DHE_RSA_AES_256_CBC_SHA1 { 0x00, 0x39 }
211
212 /* rfc4132 */
213 #define GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA1 { 0x00,0x45 }
214 #define GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA1 { 0x00,0x88 }
215
216 #define GNUTLS_DHE_RSA_AES_128_CBC_SHA256 { 0x00, 0x67 }
217 #define GNUTLS_DHE_RSA_AES_256_CBC_SHA256 { 0x00, 0x6B }
218
219 /* GCM: RFC5288 */
220 #define GNUTLS_RSA_AES_128_GCM_SHA256 { 0x00, 0x9C }
221 #define GNUTLS_DHE_RSA_AES_128_GCM_SHA256 {0x00,0x9E}
222 #define GNUTLS_DHE_DSS_AES_128_GCM_SHA256 {0x00,0xA2}
223 #define GNUTLS_DH_ANON_AES_128_GCM_SHA256 {0x00,0xA6}
224 #define GNUTLS_RSA_AES_256_GCM_SHA384 { 0x00, 0x9D }
225 #define GNUTLS_DHE_RSA_AES_256_GCM_SHA384 {0x00,0x9F}
226 #define GNUTLS_DHE_DSS_AES_256_GCM_SHA384 {0x00,0xA3}
227 #define GNUTLS_DH_ANON_AES_256_GCM_SHA384 {0x00,0xA7}
228
229 /* CCM: RFC6655/7251 */
230 #define GNUTLS_RSA_AES_128_CCM { 0xC0, 0x9C }
231 #define GNUTLS_RSA_AES_256_CCM { 0xC0, 0x9D }
232 #define GNUTLS_DHE_RSA_AES_128_CCM {0xC0,0x9E}
233 #define GNUTLS_DHE_RSA_AES_256_CCM {0xC0,0x9F}
234
235 #define GNUTLS_ECDHE_ECDSA_AES_128_CCM {0xC0,0xAC}
236 #define GNUTLS_ECDHE_ECDSA_AES_256_CCM {0xC0,0xAD}
237
238 #define GNUTLS_PSK_AES_128_CCM { 0xC0, 0xA4 }
239 #define GNUTLS_PSK_AES_256_CCM { 0xC0, 0xA5 }
240 #define GNUTLS_DHE_PSK_AES_128_CCM {0xC0,0xA6}
241 #define GNUTLS_DHE_PSK_AES_256_CCM {0xC0,0xA7}
242
243 /* CCM-8: RFC6655/7251 */
244 #define GNUTLS_RSA_AES_128_CCM_8 { 0xC0, 0xA0 }
245 #define GNUTLS_RSA_AES_256_CCM_8 { 0xC0, 0xA1 }
246 #define GNUTLS_DHE_RSA_AES_128_CCM_8 {0xC0,0xA2}
247 #define GNUTLS_DHE_RSA_AES_256_CCM_8 {0xC0,0xA3}
248
249 #define GNUTLS_ECDHE_ECDSA_AES_128_CCM_8 {0xC0,0xAE}
250 #define GNUTLS_ECDHE_ECDSA_AES_256_CCM_8 {0xC0,0xAF}
251
252 #define GNUTLS_PSK_AES_128_CCM_8 { 0xC0, 0xA8 }
253 #define GNUTLS_PSK_AES_256_CCM_8 { 0xC0, 0xA9 }
254 #define GNUTLS_DHE_PSK_AES_128_CCM_8 {0xC0,0xAA}
255 #define GNUTLS_DHE_PSK_AES_256_CCM_8 {0xC0,0xAB}
256
257
258 /* RFC 5487 */
259 /* GCM-PSK */
260 #define GNUTLS_PSK_AES_128_GCM_SHA256 { 0x00, 0xA8 }
261 #define GNUTLS_DHE_PSK_AES_128_GCM_SHA256 { 0x00, 0xAA }
262 #define GNUTLS_PSK_AES_256_GCM_SHA384 { 0x00, 0xA9 }
263 #define GNUTLS_DHE_PSK_AES_256_GCM_SHA384 { 0x00, 0xAB }
264
265 #define GNUTLS_PSK_AES_256_CBC_SHA384 { 0x00,0xAF }
266 #define GNUTLS_PSK_NULL_SHA384 { 0x00,0xB1 }
267 #define GNUTLS_DHE_PSK_AES_256_CBC_SHA384 { 0x00,0xB3 }
268 #define GNUTLS_DHE_PSK_NULL_SHA384 { 0x00,0xB5 }
269
270 #define GNUTLS_PSK_NULL_SHA1 { 0x00,0x2C }
271 #define GNUTLS_DHE_PSK_NULL_SHA1 { 0x00,0x2D }
272 #define GNUTLS_RSA_PSK_NULL_SHA1 { 0x00,0x2E }
273 #define GNUTLS_ECDHE_PSK_NULL_SHA1 { 0xC0,0x39 }
274
275 #define GNUTLS_RSA_PSK_AES_128_GCM_SHA256 { 0x00,0xAC }
276 #define GNUTLS_RSA_PSK_AES_256_GCM_SHA384 { 0x00,0xAD }
277 #define GNUTLS_RSA_PSK_AES_128_CBC_SHA256 { 0x00,0xB6 }
278 #define GNUTLS_RSA_PSK_AES_256_CBC_SHA384 { 0x00,0xB7 }
279 #define GNUTLS_RSA_PSK_NULL_SHA256 { 0x00,0xB8 }
280 #define GNUTLS_RSA_PSK_NULL_SHA384 { 0x00,0xB9 }
281
282
283 /* PSK - SHA256 HMAC */
284 #define GNUTLS_PSK_AES_128_CBC_SHA256 { 0x00, 0xAE }
285 #define GNUTLS_DHE_PSK_AES_128_CBC_SHA256 { 0x00, 0xB2 }
286
287 #define GNUTLS_PSK_NULL_SHA256 { 0x00, 0xB0 }
288 #define GNUTLS_DHE_PSK_NULL_SHA256 { 0x00, 0xB4 }
289
290 /* ECC */
291 #define GNUTLS_ECDH_ANON_NULL_SHA1 { 0xC0, 0x15 }
292 #define GNUTLS_ECDH_ANON_3DES_EDE_CBC_SHA1 { 0xC0, 0x17 }
293 #define GNUTLS_ECDH_ANON_AES_128_CBC_SHA1 { 0xC0, 0x18 }
294 #define GNUTLS_ECDH_ANON_AES_256_CBC_SHA1 { 0xC0, 0x19 }
295 #define GNUTLS_ECDH_ANON_ARCFOUR_128_SHA1 { 0xC0, 0x16 }
296
297 /* ECC-RSA */
298 #define GNUTLS_ECDHE_RSA_NULL_SHA1 { 0xC0, 0x10 }
299 #define GNUTLS_ECDHE_RSA_3DES_EDE_CBC_SHA1 { 0xC0, 0x12 }
300 #define GNUTLS_ECDHE_RSA_AES_128_CBC_SHA1 { 0xC0, 0x13 }
301 #define GNUTLS_ECDHE_RSA_AES_256_CBC_SHA1 { 0xC0, 0x14 }
302 #define GNUTLS_ECDHE_RSA_ARCFOUR_128_SHA1 { 0xC0, 0x11 }
303
304 /* ECC-ECDSA */
305 #define GNUTLS_ECDHE_ECDSA_NULL_SHA1 { 0xC0, 0x06 }
306 #define GNUTLS_ECDHE_ECDSA_3DES_EDE_CBC_SHA1 { 0xC0, 0x08 }
307 #define GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA1 { 0xC0, 0x09 }
308 #define GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA1 { 0xC0, 0x0A }
309 #define GNUTLS_ECDHE_ECDSA_ARCFOUR_128_SHA1 { 0xC0, 0x07 }
310
311 /* RFC5289 */
312 /* ECC with SHA2 */
313 #define GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA256 {0xC0,0x23}
314 #define GNUTLS_ECDHE_RSA_AES_128_CBC_SHA256 {0xC0,0x27}
315 #define GNUTLS_ECDHE_RSA_AES_256_CBC_SHA384 { 0xC0,0x28 }
316
317 /* ECC with AES-GCM */
318 #define GNUTLS_ECDHE_ECDSA_AES_128_GCM_SHA256 {0xC0,0x2B}
319 #define GNUTLS_ECDHE_RSA_AES_128_GCM_SHA256 {0xC0,0x2F}
320 #define GNUTLS_ECDHE_RSA_AES_256_GCM_SHA384 {0xC0,0x30}
321
322 /* SuiteB */
323 #define GNUTLS_ECDHE_ECDSA_AES_256_GCM_SHA384 {0xC0,0x2C}
324 #define GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA384 {0xC0,0x24}
325
326
327 /* ECC with PSK */
328 #define GNUTLS_ECDHE_PSK_3DES_EDE_CBC_SHA1 { 0xC0, 0x34 }
329 #define GNUTLS_ECDHE_PSK_AES_128_CBC_SHA1 { 0xC0, 0x35 }
330 #define GNUTLS_ECDHE_PSK_AES_256_CBC_SHA1 { 0xC0, 0x36 }
331 #define GNUTLS_ECDHE_PSK_AES_128_CBC_SHA256 { 0xC0, 0x37 }
332 #define GNUTLS_ECDHE_PSK_AES_256_CBC_SHA384 { 0xC0, 0x38 }
333 #define GNUTLS_ECDHE_PSK_ARCFOUR_128_SHA1 { 0xC0, 0x33 }
334 #define GNUTLS_ECDHE_PSK_NULL_SHA256 { 0xC0, 0x3A }
335 #define GNUTLS_ECDHE_PSK_NULL_SHA384 { 0xC0, 0x3B }
336
337 /* draft-smyshlyaev-tls12-gost-suites */
338 #ifdef ENABLE_GOST
339 #define GNUTLS_GOSTR341112_256_28147_CNT_IMIT { 0xc1, 0x02 }
340 #endif
341
342 #define CIPHER_SUITES_COUNT (sizeof(cs_algorithms)/sizeof(gnutls_cipher_suite_entry_st)-1)
343
344 /* The following is a potential list of ciphersuites. For the options to be
345 * available, the ciphers and MACs must be available to gnutls as well.
346 */
347 static const gnutls_cipher_suite_entry_st cs_algorithms[] = {
348 /* TLS 1.3 */
349 ENTRY_TLS13(GNUTLS_AES_128_GCM_SHA256,
350 GNUTLS_CIPHER_AES_128_GCM,
351 GNUTLS_TLS1_3,
352 GNUTLS_MAC_SHA256),
353
354 ENTRY_TLS13(GNUTLS_AES_256_GCM_SHA384,
355 GNUTLS_CIPHER_AES_256_GCM,
356 GNUTLS_TLS1_3,
357 GNUTLS_MAC_SHA384),
358
359 ENTRY_TLS13(GNUTLS_CHACHA20_POLY1305_SHA256,
360 GNUTLS_CIPHER_CHACHA20_POLY1305,
361 GNUTLS_TLS1_3,
362 GNUTLS_MAC_SHA256),
363
364 ENTRY_TLS13(GNUTLS_AES_128_CCM_SHA256,
365 GNUTLS_CIPHER_AES_128_CCM,
366 GNUTLS_TLS1_3,
367 GNUTLS_MAC_SHA256),
368
369 ENTRY_TLS13(GNUTLS_AES_128_CCM_8_SHA256,
370 GNUTLS_CIPHER_AES_128_CCM_8,
371 GNUTLS_TLS1_3,
372 GNUTLS_MAC_SHA256),
373
374 /* RSA-NULL */
375 ENTRY(GNUTLS_RSA_NULL_MD5,
376 GNUTLS_CIPHER_NULL,
377 GNUTLS_KX_RSA, GNUTLS_MAC_MD5, GNUTLS_SSL3,
378 GNUTLS_DTLS_VERSION_MIN),
379 ENTRY(GNUTLS_RSA_NULL_SHA1,
380 GNUTLS_CIPHER_NULL,
381 GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3,
382 GNUTLS_DTLS_VERSION_MIN),
383 ENTRY(GNUTLS_RSA_NULL_SHA256,
384 GNUTLS_CIPHER_NULL,
385 GNUTLS_KX_RSA, GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
386 GNUTLS_DTLS1_2),
387
388 /* RSA */
389 ENTRY(GNUTLS_RSA_ARCFOUR_128_SHA1,
390 GNUTLS_CIPHER_ARCFOUR_128,
391 GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3,
392 GNUTLS_VERSION_UNKNOWN),
393 ENTRY(GNUTLS_RSA_ARCFOUR_128_MD5,
394 GNUTLS_CIPHER_ARCFOUR_128,
395 GNUTLS_KX_RSA, GNUTLS_MAC_MD5, GNUTLS_SSL3,
396 GNUTLS_VERSION_UNKNOWN),
397 ENTRY(GNUTLS_RSA_3DES_EDE_CBC_SHA1,
398 GNUTLS_CIPHER_3DES_CBC,
399 GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3,
400 GNUTLS_DTLS_VERSION_MIN),
401 ENTRY(GNUTLS_RSA_AES_128_CBC_SHA1,
402 GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA,
403 GNUTLS_MAC_SHA1, GNUTLS_SSL3,
404 GNUTLS_DTLS_VERSION_MIN),
405 ENTRY(GNUTLS_RSA_AES_256_CBC_SHA1,
406 GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA,
407 GNUTLS_MAC_SHA1, GNUTLS_SSL3,
408 GNUTLS_DTLS_VERSION_MIN),
409
410 ENTRY(GNUTLS_RSA_CAMELLIA_128_CBC_SHA256,
411 GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_RSA,
412 GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
413 GNUTLS_DTLS1_2),
414 ENTRY(GNUTLS_RSA_CAMELLIA_256_CBC_SHA256,
415 GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_RSA,
416 GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
417 GNUTLS_DTLS1_2),
418 ENTRY(GNUTLS_RSA_CAMELLIA_128_CBC_SHA1,
419 GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_RSA,
420 GNUTLS_MAC_SHA1, GNUTLS_SSL3,
421 GNUTLS_DTLS_VERSION_MIN),
422 ENTRY(GNUTLS_RSA_CAMELLIA_256_CBC_SHA1,
423 GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_RSA,
424 GNUTLS_MAC_SHA1, GNUTLS_SSL3,
425 GNUTLS_DTLS_VERSION_MIN),
426 ENTRY(GNUTLS_RSA_AES_128_CBC_SHA256,
427 GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA,
428 GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
429 GNUTLS_DTLS1_2),
430 ENTRY(GNUTLS_RSA_AES_256_CBC_SHA256,
431 GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA,
432 GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
433 GNUTLS_DTLS1_2),
434
435
436 /* GCM */
437 ENTRY(GNUTLS_RSA_AES_128_GCM_SHA256,
438 GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_RSA,
439 GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
440 GNUTLS_DTLS1_2),
441 ENTRY_PRF(GNUTLS_RSA_AES_256_GCM_SHA384,
442 GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_RSA,
443 GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
444 GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
445 ENTRY(GNUTLS_RSA_CAMELLIA_128_GCM_SHA256,
446 GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_RSA,
447 GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
448 GNUTLS_DTLS1_2),
449 ENTRY_PRF(GNUTLS_RSA_CAMELLIA_256_GCM_SHA384,
450 GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_RSA,
451 GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
452 GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
453
454 /* CCM */
455 ENTRY(GNUTLS_RSA_AES_128_CCM,
456 GNUTLS_CIPHER_AES_128_CCM, GNUTLS_KX_RSA,
457 GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
458 GNUTLS_DTLS1_2),
459 ENTRY(GNUTLS_RSA_AES_256_CCM,
460 GNUTLS_CIPHER_AES_256_CCM, GNUTLS_KX_RSA,
461 GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
462 GNUTLS_DTLS1_2),
463
464
465 /* CCM_8 */
466 ENTRY(GNUTLS_RSA_AES_128_CCM_8,
467 GNUTLS_CIPHER_AES_128_CCM_8, GNUTLS_KX_RSA,
468 GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
469 GNUTLS_DTLS1_2),
470 ENTRY(GNUTLS_RSA_AES_256_CCM_8,
471 GNUTLS_CIPHER_AES_256_CCM_8, GNUTLS_KX_RSA,
472 GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
473 GNUTLS_DTLS1_2),
474
475
476 /* DHE_DSS */
477 #ifdef ENABLE_DHE
478 ENTRY(GNUTLS_DHE_DSS_ARCFOUR_128_SHA1,
479 GNUTLS_CIPHER_ARCFOUR_128, GNUTLS_KX_DHE_DSS,
480 GNUTLS_MAC_SHA1, GNUTLS_SSL3,
481 GNUTLS_VERSION_UNKNOWN),
482 ENTRY(GNUTLS_DHE_DSS_3DES_EDE_CBC_SHA1,
483 GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_DSS,
484 GNUTLS_MAC_SHA1, GNUTLS_SSL3,
485 GNUTLS_DTLS_VERSION_MIN),
486 ENTRY(GNUTLS_DHE_DSS_AES_128_CBC_SHA1,
487 GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_DSS,
488 GNUTLS_MAC_SHA1, GNUTLS_SSL3,
489 GNUTLS_DTLS_VERSION_MIN),
490 ENTRY(GNUTLS_DHE_DSS_AES_256_CBC_SHA1,
491 GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_DSS,
492 GNUTLS_MAC_SHA1, GNUTLS_SSL3,
493 GNUTLS_DTLS_VERSION_MIN),
494 ENTRY(GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA256,
495 GNUTLS_CIPHER_CAMELLIA_128_CBC,
496 GNUTLS_KX_DHE_DSS,
497 GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
498 GNUTLS_DTLS1_2),
499 ENTRY(GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA256,
500 GNUTLS_CIPHER_CAMELLIA_256_CBC,
501 GNUTLS_KX_DHE_DSS,
502 GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
503 GNUTLS_DTLS1_2),
504
505 ENTRY(GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA1,
506 GNUTLS_CIPHER_CAMELLIA_128_CBC,
507 GNUTLS_KX_DHE_DSS,
508 GNUTLS_MAC_SHA1, GNUTLS_SSL3,
509 GNUTLS_DTLS_VERSION_MIN),
510 ENTRY(GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA1,
511 GNUTLS_CIPHER_CAMELLIA_256_CBC,
512 GNUTLS_KX_DHE_DSS,
513 GNUTLS_MAC_SHA1, GNUTLS_SSL3,
514 GNUTLS_DTLS_VERSION_MIN),
515 ENTRY(GNUTLS_DHE_DSS_AES_128_CBC_SHA256,
516 GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_DSS,
517 GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
518 GNUTLS_DTLS1_2),
519 ENTRY(GNUTLS_DHE_DSS_AES_256_CBC_SHA256,
520 GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_DSS,
521 GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
522 GNUTLS_DTLS1_2),
523 /* GCM */
524 ENTRY(GNUTLS_DHE_DSS_AES_128_GCM_SHA256,
525 GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_DHE_DSS,
526 GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
527 GNUTLS_DTLS1_2),
528 ENTRY_PRF(GNUTLS_DHE_DSS_AES_256_GCM_SHA384,
529 GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_DHE_DSS,
530 GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
531 GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
532 ENTRY(GNUTLS_DHE_DSS_CAMELLIA_128_GCM_SHA256,
533 GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_DHE_DSS,
534 GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
535 GNUTLS_DTLS1_2),
536 ENTRY_PRF(GNUTLS_DHE_DSS_CAMELLIA_256_GCM_SHA384,
537 GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_DHE_DSS,
538 GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
539 GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
540
541 /* DHE_RSA */
542 ENTRY(GNUTLS_DHE_RSA_3DES_EDE_CBC_SHA1,
543 GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_RSA,
544 GNUTLS_MAC_SHA1, GNUTLS_SSL3,
545 GNUTLS_DTLS_VERSION_MIN),
546 ENTRY(GNUTLS_DHE_RSA_AES_128_CBC_SHA1,
547 GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_RSA,
548 GNUTLS_MAC_SHA1, GNUTLS_SSL3,
549 GNUTLS_DTLS_VERSION_MIN),
550 ENTRY(GNUTLS_DHE_RSA_AES_256_CBC_SHA1,
551 GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_RSA,
552 GNUTLS_MAC_SHA1, GNUTLS_SSL3,
553 GNUTLS_DTLS_VERSION_MIN),
554 ENTRY(GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA256,
555 GNUTLS_CIPHER_CAMELLIA_128_CBC,
556 GNUTLS_KX_DHE_RSA,
557 GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
558 GNUTLS_DTLS1_2),
559 ENTRY(GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA256,
560 GNUTLS_CIPHER_CAMELLIA_256_CBC,
561 GNUTLS_KX_DHE_RSA,
562 GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
563 GNUTLS_DTLS1_2),
564 ENTRY(GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA1,
565 GNUTLS_CIPHER_CAMELLIA_128_CBC,
566 GNUTLS_KX_DHE_RSA,
567 GNUTLS_MAC_SHA1, GNUTLS_SSL3,
568 GNUTLS_DTLS_VERSION_MIN),
569 ENTRY(GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA1,
570 GNUTLS_CIPHER_CAMELLIA_256_CBC,
571 GNUTLS_KX_DHE_RSA,
572 GNUTLS_MAC_SHA1, GNUTLS_SSL3,
573 GNUTLS_DTLS_VERSION_MIN),
574 ENTRY(GNUTLS_DHE_RSA_AES_128_CBC_SHA256,
575 GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_RSA,
576 GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
577 GNUTLS_DTLS1_2),
578 ENTRY(GNUTLS_DHE_RSA_AES_256_CBC_SHA256,
579 GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_RSA,
580 GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
581 GNUTLS_DTLS1_2),
582 /* GCM */
583 ENTRY(GNUTLS_DHE_RSA_AES_128_GCM_SHA256,
584 GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_DHE_RSA,
585 GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
586 GNUTLS_DTLS1_2),
587 ENTRY_PRF(GNUTLS_DHE_RSA_AES_256_GCM_SHA384,
588 GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_DHE_RSA,
589 GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
590 GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
591 ENTRY(GNUTLS_DHE_RSA_CAMELLIA_128_GCM_SHA256,
592 GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_DHE_RSA,
593 GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
594 GNUTLS_DTLS1_2),
595 ENTRY_PRF(GNUTLS_DHE_RSA_CAMELLIA_256_GCM_SHA384,
596 GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_DHE_RSA,
597 GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
598 GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
599
600 ENTRY(GNUTLS_DHE_RSA_CHACHA20_POLY1305,
601 GNUTLS_CIPHER_CHACHA20_POLY1305, GNUTLS_KX_DHE_RSA,
602 GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2),
603
604 /* CCM */
605 ENTRY(GNUTLS_DHE_RSA_AES_128_CCM,
606 GNUTLS_CIPHER_AES_128_CCM, GNUTLS_KX_DHE_RSA,
607 GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
608 GNUTLS_DTLS1_2),
609 ENTRY(GNUTLS_DHE_RSA_AES_256_CCM,
610 GNUTLS_CIPHER_AES_256_CCM, GNUTLS_KX_DHE_RSA,
611 GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
612 GNUTLS_DTLS1_2),
613 ENTRY(GNUTLS_DHE_RSA_AES_128_CCM_8,
614 GNUTLS_CIPHER_AES_128_CCM_8, GNUTLS_KX_DHE_RSA,
615 GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
616 GNUTLS_DTLS1_2),
617 ENTRY(GNUTLS_DHE_RSA_AES_256_CCM_8,
618 GNUTLS_CIPHER_AES_256_CCM_8, GNUTLS_KX_DHE_RSA,
619 GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
620 GNUTLS_DTLS1_2),
621
622 #endif /* DHE */
623 #ifdef ENABLE_ECDHE
624 /* ECC-RSA */
625 ENTRY(GNUTLS_ECDHE_RSA_NULL_SHA1,
626 GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_RSA,
627 GNUTLS_MAC_SHA1, GNUTLS_SSL3,
628 GNUTLS_DTLS_VERSION_MIN),
629 ENTRY(GNUTLS_ECDHE_RSA_3DES_EDE_CBC_SHA1,
630 GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ECDHE_RSA,
631 GNUTLS_MAC_SHA1, GNUTLS_SSL3,
632 GNUTLS_DTLS_VERSION_MIN),
633 ENTRY(GNUTLS_ECDHE_RSA_AES_128_CBC_SHA1,
634 GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_RSA,
635 GNUTLS_MAC_SHA1, GNUTLS_SSL3,
636 GNUTLS_DTLS_VERSION_MIN),
637 ENTRY(GNUTLS_ECDHE_RSA_AES_256_CBC_SHA1,
638 GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_RSA,
639 GNUTLS_MAC_SHA1, GNUTLS_SSL3,
640 GNUTLS_DTLS_VERSION_MIN),
641 ENTRY_PRF(GNUTLS_ECDHE_RSA_AES_256_CBC_SHA384,
642 GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_RSA,
643 GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
644 GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
645 ENTRY(GNUTLS_ECDHE_RSA_ARCFOUR_128_SHA1,
646 GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_ECDHE_RSA,
647 GNUTLS_MAC_SHA1, GNUTLS_SSL3,
648 GNUTLS_VERSION_UNKNOWN),
649 ENTRY(GNUTLS_ECDHE_RSA_CAMELLIA_128_CBC_SHA256,
650 GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_ECDHE_RSA,
651 GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
652 GNUTLS_DTLS1_2),
653 ENTRY_PRF(GNUTLS_ECDHE_RSA_CAMELLIA_256_CBC_SHA384,
654 GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_ECDHE_RSA,
655 GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
656 GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
657
658 /* ECDHE-ECDSA */
659 ENTRY(GNUTLS_ECDHE_ECDSA_NULL_SHA1,
660 GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_ECDSA,
661 GNUTLS_MAC_SHA1, GNUTLS_SSL3,
662 GNUTLS_DTLS_VERSION_MIN),
663 ENTRY(GNUTLS_ECDHE_ECDSA_3DES_EDE_CBC_SHA1,
664 GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ECDHE_ECDSA,
665 GNUTLS_MAC_SHA1, GNUTLS_SSL3,
666 GNUTLS_DTLS_VERSION_MIN),
667 ENTRY(GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA1,
668 GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_ECDSA,
669 GNUTLS_MAC_SHA1, GNUTLS_SSL3,
670 GNUTLS_DTLS_VERSION_MIN),
671 ENTRY(GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA1,
672 GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_ECDSA,
673 GNUTLS_MAC_SHA1, GNUTLS_SSL3,
674 GNUTLS_DTLS_VERSION_MIN),
675 ENTRY(GNUTLS_ECDHE_ECDSA_ARCFOUR_128_SHA1,
676 GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_ECDHE_ECDSA,
677 GNUTLS_MAC_SHA1, GNUTLS_SSL3,
678 GNUTLS_VERSION_UNKNOWN),
679 ENTRY(GNUTLS_ECDHE_ECDSA_CAMELLIA_128_CBC_SHA256,
680 GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_ECDHE_ECDSA,
681 GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
682 GNUTLS_DTLS1_2),
683 ENTRY_PRF(GNUTLS_ECDHE_ECDSA_CAMELLIA_256_CBC_SHA384,
684 GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_ECDHE_ECDSA,
685 GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
686 GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
687
688 /* More ECC */
689
690 ENTRY(GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA256,
691 GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_ECDSA,
692 GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
693 GNUTLS_DTLS1_2),
694 ENTRY(GNUTLS_ECDHE_RSA_AES_128_CBC_SHA256,
695 GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_RSA,
696 GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
697 GNUTLS_DTLS1_2),
698 ENTRY(GNUTLS_ECDHE_ECDSA_CAMELLIA_128_GCM_SHA256,
699 GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_ECDHE_ECDSA,
700 GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
701 GNUTLS_DTLS1_2),
702 ENTRY_PRF(GNUTLS_ECDHE_ECDSA_CAMELLIA_256_GCM_SHA384,
703 GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_ECDHE_ECDSA,
704 GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
705 GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
706 ENTRY(GNUTLS_ECDHE_ECDSA_AES_128_GCM_SHA256,
707 GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_ECDHE_ECDSA,
708 GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
709 GNUTLS_DTLS1_2),
710 ENTRY_PRF(GNUTLS_ECDHE_ECDSA_AES_256_GCM_SHA384,
711 GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_ECDHE_ECDSA,
712 GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
713 GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
714 ENTRY(GNUTLS_ECDHE_RSA_AES_128_GCM_SHA256,
715 GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_ECDHE_RSA,
716 GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
717 GNUTLS_DTLS1_2),
718 ENTRY_PRF(GNUTLS_ECDHE_RSA_AES_256_GCM_SHA384,
719 GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_ECDHE_RSA,
720 GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
721 GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
722 ENTRY_PRF(GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA384,
723 GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_ECDSA,
724 GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
725 GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
726
727 ENTRY(GNUTLS_ECDHE_RSA_CAMELLIA_128_GCM_SHA256,
728 GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_ECDHE_RSA,
729 GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
730 GNUTLS_DTLS1_2),
731 ENTRY_PRF(GNUTLS_ECDHE_RSA_CAMELLIA_256_GCM_SHA384,
732 GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_ECDHE_RSA,
733 GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
734 GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
735
736 ENTRY(GNUTLS_ECDHE_RSA_CHACHA20_POLY1305,
737 GNUTLS_CIPHER_CHACHA20_POLY1305, GNUTLS_KX_ECDHE_RSA,
738 GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
739 GNUTLS_DTLS1_2),
740
741 ENTRY(GNUTLS_ECDHE_ECDSA_CHACHA20_POLY1305,
742 GNUTLS_CIPHER_CHACHA20_POLY1305, GNUTLS_KX_ECDHE_ECDSA,
743 GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
744 GNUTLS_DTLS1_2),
745
746 ENTRY(GNUTLS_ECDHE_ECDSA_AES_128_CCM,
747 GNUTLS_CIPHER_AES_128_CCM, GNUTLS_KX_ECDHE_ECDSA,
748 GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
749 GNUTLS_DTLS1_2),
750 ENTRY(GNUTLS_ECDHE_ECDSA_AES_256_CCM,
751 GNUTLS_CIPHER_AES_256_CCM, GNUTLS_KX_ECDHE_ECDSA,
752 GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
753 GNUTLS_DTLS1_2),
754 ENTRY(GNUTLS_ECDHE_ECDSA_AES_128_CCM_8,
755 GNUTLS_CIPHER_AES_128_CCM_8, GNUTLS_KX_ECDHE_ECDSA,
756 GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
757 GNUTLS_DTLS1_2),
758 ENTRY(GNUTLS_ECDHE_ECDSA_AES_256_CCM_8,
759 GNUTLS_CIPHER_AES_256_CCM_8, GNUTLS_KX_ECDHE_ECDSA,
760 GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
761 GNUTLS_DTLS1_2),
762 #endif
763 #ifdef ENABLE_PSK
764 /* ECC - PSK */
765 ENTRY(GNUTLS_ECDHE_PSK_3DES_EDE_CBC_SHA1,
766 GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ECDHE_PSK,
767 GNUTLS_MAC_SHA1, GNUTLS_SSL3,
768 GNUTLS_DTLS_VERSION_MIN),
769 ENTRY(GNUTLS_ECDHE_PSK_AES_128_CBC_SHA1,
770 GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_PSK,
771 GNUTLS_MAC_SHA1, GNUTLS_SSL3,
772 GNUTLS_DTLS_VERSION_MIN),
773 ENTRY(GNUTLS_ECDHE_PSK_AES_256_CBC_SHA1,
774 GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_PSK,
775 GNUTLS_MAC_SHA1, GNUTLS_SSL3,
776 GNUTLS_DTLS_VERSION_MIN),
777 ENTRY(GNUTLS_ECDHE_PSK_AES_128_CBC_SHA256,
778 GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_PSK,
779 GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
780 GNUTLS_DTLS1_2),
781 ENTRY_PRF(GNUTLS_ECDHE_PSK_AES_256_CBC_SHA384,
782 GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_PSK,
783 GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
784 GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
785 ENTRY(GNUTLS_ECDHE_PSK_ARCFOUR_128_SHA1,
786 GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_ECDHE_PSK,
787 GNUTLS_MAC_SHA1, GNUTLS_SSL3,
788 GNUTLS_VERSION_UNKNOWN),
789 ENTRY(GNUTLS_ECDHE_PSK_NULL_SHA1,
790 GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_PSK,
791 GNUTLS_MAC_SHA1, GNUTLS_SSL3,
792 GNUTLS_DTLS_VERSION_MIN),
793 ENTRY(GNUTLS_ECDHE_PSK_NULL_SHA256,
794 GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_PSK,
795 GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
796 GNUTLS_DTLS1_2),
797 ENTRY_PRF(GNUTLS_ECDHE_PSK_NULL_SHA384,
798 GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_PSK,
799 GNUTLS_MAC_SHA384, GNUTLS_TLS1,
800 GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
801 ENTRY(GNUTLS_ECDHE_PSK_CAMELLIA_128_CBC_SHA256,
802 GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_ECDHE_PSK,
803 GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
804 GNUTLS_DTLS1_2),
805 ENTRY_PRF(GNUTLS_ECDHE_PSK_CAMELLIA_256_CBC_SHA384,
806 GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_ECDHE_PSK,
807 GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
808 GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
809
810 /* PSK */
811 ENTRY(GNUTLS_PSK_ARCFOUR_128_SHA1,
812 GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_PSK,
813 GNUTLS_MAC_SHA1, GNUTLS_SSL3,
814 GNUTLS_VERSION_UNKNOWN),
815 ENTRY(GNUTLS_PSK_3DES_EDE_CBC_SHA1,
816 GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_PSK,
817 GNUTLS_MAC_SHA1, GNUTLS_SSL3,
818 GNUTLS_DTLS_VERSION_MIN),
819 ENTRY(GNUTLS_PSK_AES_128_CBC_SHA1,
820 GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_PSK,
821 GNUTLS_MAC_SHA1, GNUTLS_SSL3,
822 GNUTLS_DTLS_VERSION_MIN),
823 ENTRY(GNUTLS_PSK_AES_256_CBC_SHA1,
824 GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_PSK,
825 GNUTLS_MAC_SHA1, GNUTLS_SSL3,
826 GNUTLS_DTLS_VERSION_MIN),
827 ENTRY(GNUTLS_PSK_AES_128_CBC_SHA256,
828 GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_PSK,
829 GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
830 GNUTLS_DTLS1_2),
831 ENTRY_PRF(GNUTLS_PSK_AES_256_GCM_SHA384,
832 GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_PSK,
833 GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
834 GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
835 ENTRY(GNUTLS_PSK_CAMELLIA_128_GCM_SHA256,
836 GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_PSK,
837 GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
838 GNUTLS_DTLS1_2),
839 ENTRY_PRF(GNUTLS_PSK_CAMELLIA_256_GCM_SHA384,
840 GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_PSK,
841 GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
842 GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
843
844
845 ENTRY(GNUTLS_PSK_AES_128_GCM_SHA256,
846 GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_PSK,
847 GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
848 GNUTLS_DTLS1_2),
849 ENTRY(GNUTLS_PSK_NULL_SHA1,
850 GNUTLS_CIPHER_NULL, GNUTLS_KX_PSK,
851 GNUTLS_MAC_SHA1, GNUTLS_SSL3,
852 GNUTLS_DTLS_VERSION_MIN),
853 ENTRY(GNUTLS_PSK_NULL_SHA256,
854 GNUTLS_CIPHER_NULL, GNUTLS_KX_PSK,
855 GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
856 GNUTLS_DTLS1_2),
857 ENTRY(GNUTLS_PSK_CAMELLIA_128_CBC_SHA256,
858 GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_PSK,
859 GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
860 GNUTLS_DTLS1_2),
861 ENTRY_PRF(GNUTLS_PSK_CAMELLIA_256_CBC_SHA384,
862 GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_PSK,
863 GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
864 GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
865
866 ENTRY_PRF(GNUTLS_PSK_AES_256_CBC_SHA384,
867 GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_PSK,
868 GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
869 GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
870 ENTRY_PRF(GNUTLS_PSK_NULL_SHA384,
871 GNUTLS_CIPHER_NULL, GNUTLS_KX_PSK,
872 GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
873 GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
874
875 /* RSA-PSK */
876 ENTRY(GNUTLS_RSA_PSK_ARCFOUR_128_SHA1,
877 GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_RSA_PSK,
878 GNUTLS_MAC_SHA1, GNUTLS_TLS1,
879 GNUTLS_VERSION_UNKNOWN),
880 ENTRY(GNUTLS_RSA_PSK_3DES_EDE_CBC_SHA1,
881 GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_RSA_PSK,
882 GNUTLS_MAC_SHA1, GNUTLS_TLS1,
883 GNUTLS_DTLS_VERSION_MIN),
884 ENTRY(GNUTLS_RSA_PSK_AES_128_CBC_SHA1,
885 GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA_PSK,
886 GNUTLS_MAC_SHA1, GNUTLS_TLS1,
887 GNUTLS_DTLS_VERSION_MIN),
888 ENTRY(GNUTLS_RSA_PSK_AES_256_CBC_SHA1,
889 GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA_PSK,
890 GNUTLS_MAC_SHA1, GNUTLS_TLS1,
891 GNUTLS_DTLS_VERSION_MIN),
892 ENTRY(GNUTLS_RSA_PSK_CAMELLIA_128_GCM_SHA256,
893 GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_RSA_PSK,
894 GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
895 GNUTLS_DTLS1_2),
896 ENTRY_PRF(GNUTLS_RSA_PSK_CAMELLIA_256_GCM_SHA384,
897 GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_RSA_PSK,
898 GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
899 GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
900
901
902 ENTRY(GNUTLS_RSA_PSK_AES_128_GCM_SHA256,
903 GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_RSA_PSK,
904 GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
905 GNUTLS_DTLS1_2),
906 ENTRY(GNUTLS_RSA_PSK_AES_128_CBC_SHA256,
907 GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA_PSK,
908 GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
909 GNUTLS_DTLS1_2),
910 ENTRY(GNUTLS_RSA_PSK_NULL_SHA1,
911 GNUTLS_CIPHER_NULL, GNUTLS_KX_RSA_PSK,
912 GNUTLS_MAC_SHA1, GNUTLS_TLS1,
913 GNUTLS_DTLS_VERSION_MIN),
914 ENTRY(GNUTLS_RSA_PSK_NULL_SHA256,
915 GNUTLS_CIPHER_NULL, GNUTLS_KX_RSA_PSK,
916 GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
917 GNUTLS_DTLS1_2),
918 ENTRY_PRF(GNUTLS_RSA_PSK_AES_256_GCM_SHA384,
919 GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_RSA_PSK,
920 GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
921 GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
922 ENTRY_PRF(GNUTLS_RSA_PSK_AES_256_CBC_SHA384,
923 GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA_PSK,
924 GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
925 GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
926 ENTRY_PRF(GNUTLS_RSA_PSK_NULL_SHA384,
927 GNUTLS_CIPHER_NULL, GNUTLS_KX_RSA_PSK,
928 GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
929 GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
930 ENTRY(GNUTLS_RSA_PSK_CAMELLIA_128_CBC_SHA256,
931 GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_RSA_PSK,
932 GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
933 GNUTLS_DTLS1_2),
934 ENTRY_PRF(GNUTLS_RSA_PSK_CAMELLIA_256_CBC_SHA384,
935 GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_RSA_PSK,
936 GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
937 GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
938
939
940 /* DHE-PSK */
941 ENTRY(GNUTLS_DHE_PSK_ARCFOUR_128_SHA1,
942 GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_DHE_PSK,
943 GNUTLS_MAC_SHA1, GNUTLS_SSL3,
944 GNUTLS_VERSION_UNKNOWN),
945 ENTRY(GNUTLS_DHE_PSK_3DES_EDE_CBC_SHA1,
946 GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_PSK,
947 GNUTLS_MAC_SHA1, GNUTLS_SSL3,
948 GNUTLS_DTLS_VERSION_MIN),
949 ENTRY(GNUTLS_DHE_PSK_AES_128_CBC_SHA1,
950 GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_PSK,
951 GNUTLS_MAC_SHA1, GNUTLS_SSL3,
952 GNUTLS_DTLS_VERSION_MIN),
953 ENTRY(GNUTLS_DHE_PSK_AES_256_CBC_SHA1,
954 GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_PSK,
955 GNUTLS_MAC_SHA1, GNUTLS_SSL3,
956 GNUTLS_DTLS_VERSION_MIN),
957 ENTRY(GNUTLS_DHE_PSK_AES_128_CBC_SHA256,
958 GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_PSK,
959 GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
960 GNUTLS_DTLS1_2),
961 ENTRY(GNUTLS_DHE_PSK_AES_128_GCM_SHA256,
962 GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_DHE_PSK,
963 GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
964 GNUTLS_DTLS1_2),
965 ENTRY(GNUTLS_DHE_PSK_NULL_SHA1,
966 GNUTLS_CIPHER_NULL, GNUTLS_KX_DHE_PSK,
967 GNUTLS_MAC_SHA1, GNUTLS_SSL3,
968 GNUTLS_DTLS_VERSION_MIN),
969 ENTRY(GNUTLS_DHE_PSK_NULL_SHA256,
970 GNUTLS_CIPHER_NULL, GNUTLS_KX_DHE_PSK,
971 GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
972 GNUTLS_DTLS1_2),
973 ENTRY_PRF(GNUTLS_DHE_PSK_NULL_SHA384,
974 GNUTLS_CIPHER_NULL, GNUTLS_KX_DHE_PSK,
975 GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
976 GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
977 ENTRY_PRF(GNUTLS_DHE_PSK_AES_256_CBC_SHA384,
978 GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_PSK,
979 GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
980 GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
981 ENTRY_PRF(GNUTLS_DHE_PSK_AES_256_GCM_SHA384,
982 GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_DHE_PSK,
983 GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
984 GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
985 ENTRY(GNUTLS_DHE_PSK_CAMELLIA_128_CBC_SHA256,
986 GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_DHE_PSK,
987 GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
988 GNUTLS_DTLS1_2),
989 ENTRY_PRF(GNUTLS_DHE_PSK_CAMELLIA_256_CBC_SHA384,
990 GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_DHE_PSK,
991 GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
992 GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
993 ENTRY(GNUTLS_DHE_PSK_CAMELLIA_128_GCM_SHA256,
994 GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_DHE_PSK,
995 GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
996 GNUTLS_DTLS1_2),
997 ENTRY_PRF(GNUTLS_DHE_PSK_CAMELLIA_256_GCM_SHA384,
998 GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_DHE_PSK,
999 GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
1000 GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
1001
1002 ENTRY(GNUTLS_PSK_AES_128_CCM,
1003 GNUTLS_CIPHER_AES_128_CCM, GNUTLS_KX_PSK,
1004 GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
1005 GNUTLS_DTLS1_2),
1006 ENTRY(GNUTLS_PSK_AES_256_CCM,
1007 GNUTLS_CIPHER_AES_256_CCM, GNUTLS_KX_PSK,
1008 GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
1009 GNUTLS_DTLS1_2),
1010 ENTRY(GNUTLS_DHE_PSK_AES_128_CCM,
1011 GNUTLS_CIPHER_AES_128_CCM, GNUTLS_KX_DHE_PSK,
1012 GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
1013 GNUTLS_DTLS1_2),
1014 ENTRY(GNUTLS_DHE_PSK_AES_256_CCM,
1015 GNUTLS_CIPHER_AES_256_CCM, GNUTLS_KX_DHE_PSK,
1016 GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
1017 GNUTLS_DTLS1_2),
1018 ENTRY(GNUTLS_PSK_AES_128_CCM_8,
1019 GNUTLS_CIPHER_AES_128_CCM_8, GNUTLS_KX_PSK,
1020 GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
1021 GNUTLS_DTLS1_2),
1022 ENTRY(GNUTLS_PSK_AES_256_CCM_8,
1023 GNUTLS_CIPHER_AES_256_CCM_8, GNUTLS_KX_PSK,
1024 GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
1025 GNUTLS_DTLS1_2),
1026 ENTRY(GNUTLS_DHE_PSK_AES_128_CCM_8,
1027 GNUTLS_CIPHER_AES_128_CCM_8, GNUTLS_KX_DHE_PSK,
1028 GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
1029 GNUTLS_DTLS1_2),
1030 ENTRY(GNUTLS_DHE_PSK_AES_256_CCM_8,
1031 GNUTLS_CIPHER_AES_256_CCM_8, GNUTLS_KX_DHE_PSK,
1032 GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
1033 GNUTLS_DTLS1_2),
1034 ENTRY(GNUTLS_DHE_PSK_CHACHA20_POLY1305,
1035 GNUTLS_CIPHER_CHACHA20_POLY1305, GNUTLS_KX_DHE_PSK,
1036 GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2),
1037 ENTRY(GNUTLS_ECDHE_PSK_CHACHA20_POLY1305,
1038 GNUTLS_CIPHER_CHACHA20_POLY1305, GNUTLS_KX_ECDHE_PSK,
1039 GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2),
1040
1041 ENTRY(GNUTLS_RSA_PSK_CHACHA20_POLY1305,
1042 GNUTLS_CIPHER_CHACHA20_POLY1305, GNUTLS_KX_RSA_PSK,
1043 GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2),
1044
1045 ENTRY(GNUTLS_PSK_CHACHA20_POLY1305,
1046 GNUTLS_CIPHER_CHACHA20_POLY1305, GNUTLS_KX_PSK,
1047 GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2),
1048
1049 #endif
1050 #ifdef ENABLE_ANON
1051 /* DH_ANON */
1052 ENTRY(GNUTLS_DH_ANON_ARCFOUR_128_MD5,
1053 GNUTLS_CIPHER_ARCFOUR_128,
1054 GNUTLS_KX_ANON_DH, GNUTLS_MAC_MD5,
1055 GNUTLS_SSL3, GNUTLS_VERSION_UNKNOWN),
1056 ENTRY(GNUTLS_DH_ANON_3DES_EDE_CBC_SHA1,
1057 GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ANON_DH,
1058 GNUTLS_MAC_SHA1, GNUTLS_SSL3,
1059 GNUTLS_DTLS_VERSION_MIN),
1060 ENTRY(GNUTLS_DH_ANON_AES_128_CBC_SHA1,
1061 GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_DH,
1062 GNUTLS_MAC_SHA1, GNUTLS_SSL3,
1063 GNUTLS_DTLS_VERSION_MIN),
1064 ENTRY(GNUTLS_DH_ANON_AES_256_CBC_SHA1,
1065 GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_DH,
1066 GNUTLS_MAC_SHA1, GNUTLS_SSL3,
1067 GNUTLS_DTLS_VERSION_MIN),
1068 ENTRY(GNUTLS_DH_ANON_CAMELLIA_128_CBC_SHA256,
1069 GNUTLS_CIPHER_CAMELLIA_128_CBC,
1070 GNUTLS_KX_ANON_DH,
1071 GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
1072 GNUTLS_DTLS1_2),
1073 ENTRY(GNUTLS_DH_ANON_CAMELLIA_256_CBC_SHA256,
1074 GNUTLS_CIPHER_CAMELLIA_256_CBC,
1075 GNUTLS_KX_ANON_DH,
1076 GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
1077 GNUTLS_DTLS1_2),
1078 ENTRY(GNUTLS_DH_ANON_CAMELLIA_128_CBC_SHA1,
1079 GNUTLS_CIPHER_CAMELLIA_128_CBC,
1080 GNUTLS_KX_ANON_DH,
1081 GNUTLS_MAC_SHA1, GNUTLS_SSL3,
1082 GNUTLS_DTLS_VERSION_MIN),
1083 ENTRY(GNUTLS_DH_ANON_CAMELLIA_256_CBC_SHA1,
1084 GNUTLS_CIPHER_CAMELLIA_256_CBC,
1085 GNUTLS_KX_ANON_DH,
1086 GNUTLS_MAC_SHA1, GNUTLS_SSL3,
1087 GNUTLS_DTLS_VERSION_MIN),
1088 ENTRY(GNUTLS_DH_ANON_AES_128_CBC_SHA256,
1089 GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_DH,
1090 GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
1091 GNUTLS_DTLS1_2),
1092 ENTRY(GNUTLS_DH_ANON_AES_256_CBC_SHA256,
1093 GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_DH,
1094 GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
1095 GNUTLS_DTLS1_2),
1096 ENTRY(GNUTLS_DH_ANON_AES_128_GCM_SHA256,
1097 GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_ANON_DH,
1098 GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
1099 GNUTLS_DTLS1_2),
1100 ENTRY_PRF(GNUTLS_DH_ANON_AES_256_GCM_SHA384,
1101 GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_ANON_DH,
1102 GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
1103 GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
1104 ENTRY(GNUTLS_DH_ANON_CAMELLIA_128_GCM_SHA256,
1105 GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_ANON_DH,
1106 GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
1107 GNUTLS_DTLS1_2),
1108 ENTRY_PRF(GNUTLS_DH_ANON_CAMELLIA_256_GCM_SHA384,
1109 GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_ANON_DH,
1110 GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
1111 GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
1112
1113 /* ECC-ANON */
1114 ENTRY(GNUTLS_ECDH_ANON_NULL_SHA1,
1115 GNUTLS_CIPHER_NULL, GNUTLS_KX_ANON_ECDH,
1116 GNUTLS_MAC_SHA1, GNUTLS_SSL3,
1117 GNUTLS_DTLS_VERSION_MIN),
1118 ENTRY(GNUTLS_ECDH_ANON_3DES_EDE_CBC_SHA1,
1119 GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ANON_ECDH,
1120 GNUTLS_MAC_SHA1, GNUTLS_SSL3,
1121 GNUTLS_DTLS_VERSION_MIN),
1122 ENTRY(GNUTLS_ECDH_ANON_AES_128_CBC_SHA1,
1123 GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_ECDH,
1124 GNUTLS_MAC_SHA1, GNUTLS_SSL3,
1125 GNUTLS_DTLS_VERSION_MIN),
1126 ENTRY(GNUTLS_ECDH_ANON_AES_256_CBC_SHA1,
1127 GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_ECDH,
1128 GNUTLS_MAC_SHA1, GNUTLS_SSL3,
1129 GNUTLS_DTLS_VERSION_MIN),
1130 ENTRY(GNUTLS_ECDH_ANON_ARCFOUR_128_SHA1,
1131 GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_ANON_ECDH,
1132 GNUTLS_MAC_SHA1, GNUTLS_SSL3,
1133 GNUTLS_VERSION_UNKNOWN),
1134 #endif
1135 #ifdef ENABLE_SRP
1136 /* SRP */
1137 ENTRY(GNUTLS_SRP_SHA_3DES_EDE_CBC_SHA1,
1138 GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP,
1139 GNUTLS_MAC_SHA1, GNUTLS_SSL3,
1140 GNUTLS_DTLS_VERSION_MIN),
1141 ENTRY(GNUTLS_SRP_SHA_AES_128_CBC_SHA1,
1142 GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP,
1143 GNUTLS_MAC_SHA1, GNUTLS_SSL3,
1144 GNUTLS_DTLS_VERSION_MIN),
1145 ENTRY(GNUTLS_SRP_SHA_AES_256_CBC_SHA1,
1146 GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP,
1147 GNUTLS_MAC_SHA1, GNUTLS_SSL3,
1148 GNUTLS_DTLS_VERSION_MIN),
1149
1150 ENTRY(GNUTLS_SRP_SHA_DSS_3DES_EDE_CBC_SHA1,
1151 GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP_DSS,
1152 GNUTLS_MAC_SHA1, GNUTLS_SSL3,
1153 GNUTLS_DTLS_VERSION_MIN),
1154
1155 ENTRY(GNUTLS_SRP_SHA_RSA_3DES_EDE_CBC_SHA1,
1156 GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP_RSA,
1157 GNUTLS_MAC_SHA1, GNUTLS_SSL3,
1158 GNUTLS_DTLS_VERSION_MIN),
1159
1160 ENTRY(GNUTLS_SRP_SHA_DSS_AES_128_CBC_SHA1,
1161 GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP_DSS,
1162 GNUTLS_MAC_SHA1, GNUTLS_SSL3,
1163 GNUTLS_DTLS_VERSION_MIN),
1164
1165 ENTRY(GNUTLS_SRP_SHA_RSA_AES_128_CBC_SHA1,
1166 GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP_RSA,
1167 GNUTLS_MAC_SHA1, GNUTLS_SSL3,
1168 GNUTLS_DTLS_VERSION_MIN),
1169
1170 ENTRY(GNUTLS_SRP_SHA_DSS_AES_256_CBC_SHA1,
1171 GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP_DSS,
1172 GNUTLS_MAC_SHA1, GNUTLS_SSL3,
1173 GNUTLS_DTLS_VERSION_MIN),
1174
1175 ENTRY(GNUTLS_SRP_SHA_RSA_AES_256_CBC_SHA1,
1176 GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP_RSA,
1177 GNUTLS_MAC_SHA1, GNUTLS_SSL3,
1178 GNUTLS_DTLS_VERSION_MIN),
1179 #endif
1180
1181 #ifdef ENABLE_GOST
1182 ENTRY_PRF(GNUTLS_GOSTR341112_256_28147_CNT_IMIT,
1183 GNUTLS_CIPHER_GOST28147_TC26Z_CNT, GNUTLS_KX_VKO_GOST_12,
1184 GNUTLS_MAC_GOST28147_TC26Z_IMIT, GNUTLS_TLS1_2,
1185 GNUTLS_VERSION_UNKNOWN, GNUTLS_MAC_STREEBOG_256),
1186 #endif
1187
1188 {0, {0, 0}, 0, 0, 0, 0, 0, 0}
1189 };
1190
1191 #define CIPHER_SUITE_LOOP(b) { \
1192 const gnutls_cipher_suite_entry_st *p; \
1193 for(p = cs_algorithms; p->name != NULL; p++) { b ; } }
1194
1195 #define CIPHER_SUITE_ALG_LOOP(a, suite) \
1196 CIPHER_SUITE_LOOP( if( (p->id[0] == suite[0]) && (p->id[1] == suite[1])) { a; break; } )
1197
1198
1199 /* Cipher Suite's functions */
ciphersuite_to_entry(const uint8_t suite[2])1200 const gnutls_cipher_suite_entry_st *ciphersuite_to_entry(const uint8_t suite[2])
1201 {
1202 CIPHER_SUITE_ALG_LOOP(return p, suite);
1203 return NULL;
1204 }
1205
1206 gnutls_kx_algorithm_t
_gnutls_cipher_suite_get_kx_algo(const uint8_t suite[2])1207 _gnutls_cipher_suite_get_kx_algo(const uint8_t suite[2])
1208 {
1209 gnutls_kx_algorithm_t ret = GNUTLS_KX_UNKNOWN;
1210
1211 CIPHER_SUITE_ALG_LOOP(ret = p->kx_algorithm, suite);
1212 return ret;
1213
1214 }
1215
_gnutls_cipher_suite_get_name(const uint8_t suite[2])1216 const char *_gnutls_cipher_suite_get_name(const uint8_t suite[2])
1217 {
1218 const char *ret = NULL;
1219
1220 /* avoid prefix */
1221 CIPHER_SUITE_ALG_LOOP(ret = p->name + sizeof("GNUTLS_") - 1, suite);
1222
1223 return ret;
1224 }
1225
1226
1227 const gnutls_cipher_suite_entry_st
cipher_suite_get(gnutls_kx_algorithm_t kx_algorithm,gnutls_cipher_algorithm_t cipher_algorithm,gnutls_mac_algorithm_t mac_algorithm)1228 *cipher_suite_get(gnutls_kx_algorithm_t kx_algorithm,
1229 gnutls_cipher_algorithm_t cipher_algorithm,
1230 gnutls_mac_algorithm_t mac_algorithm)
1231 {
1232 const gnutls_cipher_suite_entry_st *ret = NULL;
1233
1234 CIPHER_SUITE_LOOP(
1235 if (kx_algorithm == p->kx_algorithm &&
1236 cipher_algorithm == p->block_algorithm
1237 && mac_algorithm == p->mac_algorithm) {
1238 ret = p;
1239 break;
1240 }
1241 );
1242
1243 return ret;
1244 }
1245
1246 /* Returns 0 if the given KX has not the corresponding parameters
1247 * (DH or RSA) set up. Otherwise returns 1.
1248 */
1249 static unsigned
check_server_dh_params(gnutls_session_t session,unsigned cred_type,gnutls_kx_algorithm_t kx)1250 check_server_dh_params(gnutls_session_t session,
1251 unsigned cred_type,
1252 gnutls_kx_algorithm_t kx)
1253 {
1254 unsigned have_dh_params = 0;
1255
1256 if (!_gnutls_kx_needs_dh_params(kx)) {
1257 return 1;
1258 }
1259
1260 if (session->internals.hsk_flags & HSK_HAVE_FFDHE) {
1261 /* if the client has advertized FFDHE then it doesn't matter
1262 * whether we have server DH parameters. They are no good. */
1263 gnutls_assert();
1264 return 0;
1265 }
1266
1267 /* Read the Diffie-Hellman parameters, if any.
1268 */
1269 if (cred_type == GNUTLS_CRD_CERTIFICATE) {
1270 gnutls_certificate_credentials_t x509_cred =
1271 (gnutls_certificate_credentials_t)
1272 _gnutls_get_cred(session, cred_type);
1273
1274 if (x509_cred != NULL && (x509_cred->dh_params || x509_cred->params_func || x509_cred->dh_sec_param)) {
1275 have_dh_params = 1;
1276 }
1277
1278 #ifdef ENABLE_ANON
1279 } else if (cred_type == GNUTLS_CRD_ANON) {
1280 gnutls_anon_server_credentials_t anon_cred =
1281 (gnutls_anon_server_credentials_t)
1282 _gnutls_get_cred(session, cred_type);
1283
1284 if (anon_cred != NULL && (anon_cred->dh_params || anon_cred->params_func || anon_cred->dh_sec_param)) {
1285 have_dh_params = 1;
1286 }
1287 #endif
1288 #ifdef ENABLE_PSK
1289 } else if (cred_type == GNUTLS_CRD_PSK) {
1290 gnutls_psk_server_credentials_t psk_cred =
1291 (gnutls_psk_server_credentials_t)
1292 _gnutls_get_cred(session, cred_type);
1293
1294 if (psk_cred != NULL && (psk_cred->dh_params || psk_cred->params_func || psk_cred->dh_sec_param)) {
1295 have_dh_params = 1;
1296 }
1297 #endif
1298 } else {
1299 return 1; /* no need for params */
1300 }
1301
1302 return have_dh_params;
1303 }
1304
1305 /**
1306 * gnutls_cipher_suite_get_name:
1307 * @kx_algorithm: is a Key exchange algorithm
1308 * @cipher_algorithm: is a cipher algorithm
1309 * @mac_algorithm: is a MAC algorithm
1310 *
1311 * This function returns the ciphersuite name under TLS1.2 or earlier
1312 * versions when provided with individual algorithms. The full cipher suite
1313 * name must be prepended by TLS or SSL depending of the protocol in use.
1314 *
1315 * To get a description of the current ciphersuite across versions, it
1316 * is recommended to use gnutls_session_get_desc().
1317 *
1318 * Returns: a string that contains the name of a TLS cipher suite,
1319 * specified by the given algorithms, or %NULL.
1320 **/
gnutls_cipher_suite_get_name(gnutls_kx_algorithm_t kx_algorithm,gnutls_cipher_algorithm_t cipher_algorithm,gnutls_mac_algorithm_t mac_algorithm)1321 const char *gnutls_cipher_suite_get_name(gnutls_kx_algorithm_t
1322 kx_algorithm,
1323 gnutls_cipher_algorithm_t
1324 cipher_algorithm,
1325 gnutls_mac_algorithm_t
1326 mac_algorithm)
1327 {
1328 const gnutls_cipher_suite_entry_st *ce;
1329
1330 ce = cipher_suite_get(kx_algorithm, cipher_algorithm,
1331 mac_algorithm);
1332 if (ce == NULL)
1333 return NULL;
1334 else
1335 return ce->name + sizeof("GNUTLS_") - 1;
1336 }
1337
1338 /*-
1339 * _gnutls_cipher_suite_get_id:
1340 * @kx_algorithm: is a Key exchange algorithm
1341 * @cipher_algorithm: is a cipher algorithm
1342 * @mac_algorithm: is a MAC algorithm
1343 * @suite: The id to be returned
1344 *
1345 * This function returns the ciphersuite ID in @suite, under TLS1.2 or earlier
1346 * versions when provided with individual algorithms.
1347 *
1348 * Returns: 0 on success or a negative error code otherwise.
1349 -*/
1350 int
_gnutls_cipher_suite_get_id(gnutls_kx_algorithm_t kx_algorithm,gnutls_cipher_algorithm_t cipher_algorithm,gnutls_mac_algorithm_t mac_algorithm,uint8_t suite[2])1351 _gnutls_cipher_suite_get_id(gnutls_kx_algorithm_t kx_algorithm,
1352 gnutls_cipher_algorithm_t cipher_algorithm,
1353 gnutls_mac_algorithm_t mac_algorithm,
1354 uint8_t suite[2])
1355 {
1356 const gnutls_cipher_suite_entry_st *ce;
1357
1358 ce = cipher_suite_get(kx_algorithm, cipher_algorithm,
1359 mac_algorithm);
1360 if (ce == NULL)
1361 return GNUTLS_E_INVALID_REQUEST;
1362 else {
1363 suite[0] = ce->id[0];
1364 suite[1] = ce->id[1];
1365 }
1366 return 0;
1367 }
1368
1369 /**
1370 * gnutls_cipher_suite_info:
1371 * @idx: index of cipher suite to get information about, starts on 0.
1372 * @cs_id: output buffer with room for 2 bytes, indicating cipher suite value
1373 * @kx: output variable indicating key exchange algorithm, or %NULL.
1374 * @cipher: output variable indicating cipher, or %NULL.
1375 * @mac: output variable indicating MAC algorithm, or %NULL.
1376 * @min_version: output variable indicating TLS protocol version, or %NULL.
1377 *
1378 * Get information about supported cipher suites. Use the function
1379 * iteratively to get information about all supported cipher suites.
1380 * Call with idx=0 to get information about first cipher suite, then
1381 * idx=1 and so on until the function returns NULL.
1382 *
1383 * Returns: the name of @idx cipher suite, and set the information
1384 * about the cipher suite in the output variables. If @idx is out of
1385 * bounds, %NULL is returned.
1386 **/
gnutls_cipher_suite_info(size_t idx,unsigned char * cs_id,gnutls_kx_algorithm_t * kx,gnutls_cipher_algorithm_t * cipher,gnutls_mac_algorithm_t * mac,gnutls_protocol_t * min_version)1387 const char *gnutls_cipher_suite_info(size_t idx,
1388 unsigned char *cs_id,
1389 gnutls_kx_algorithm_t * kx,
1390 gnutls_cipher_algorithm_t * cipher,
1391 gnutls_mac_algorithm_t * mac,
1392 gnutls_protocol_t * min_version)
1393 {
1394 if (idx >= CIPHER_SUITES_COUNT)
1395 return NULL;
1396
1397 if (cs_id)
1398 memcpy(cs_id, cs_algorithms[idx].id, 2);
1399 if (kx)
1400 *kx = cs_algorithms[idx].kx_algorithm;
1401 if (cipher)
1402 *cipher = cs_algorithms[idx].block_algorithm;
1403 if (mac)
1404 *mac = cs_algorithms[idx].mac_algorithm;
1405 if (min_version)
1406 *min_version = cs_algorithms[idx].min_version;
1407
1408 return cs_algorithms[idx].name + sizeof("GNU") - 1;
1409 }
1410
1411 #define VERSION_CHECK(entry) \
1412 if (is_dtls) { \
1413 if (entry->min_dtls_version == GNUTLS_VERSION_UNKNOWN || \
1414 version->id < entry->min_dtls_version || \
1415 version->id > entry->max_dtls_version) \
1416 continue; \
1417 } else { \
1418 if (entry->min_version == GNUTLS_VERSION_UNKNOWN || \
1419 version->id < entry->min_version || \
1420 version->id > entry->max_version) \
1421 continue; \
1422 }
1423
1424 #define CIPHER_CHECK(algo) \
1425 if (session->internals.priorities->force_etm && !have_etm) { \
1426 const cipher_entry_st *_cipher; \
1427 _cipher = cipher_to_entry(algo); \
1428 if (_cipher == NULL || _gnutls_cipher_type(_cipher) == CIPHER_BLOCK) \
1429 continue; \
1430 }
1431
1432 #define KX_SRP_CHECKS(kx, action) \
1433 if (kx == GNUTLS_KX_SRP_RSA || kx == GNUTLS_KX_SRP_DSS) { \
1434 if (!_gnutls_get_cred(session, GNUTLS_CRD_SRP)) { \
1435 action; \
1436 } \
1437 }
1438
kx_is_ok(gnutls_session_t session,gnutls_kx_algorithm_t kx,unsigned cred_type,const gnutls_group_entry_st ** sgroup)1439 static unsigned kx_is_ok(gnutls_session_t session, gnutls_kx_algorithm_t kx, unsigned cred_type,
1440 const gnutls_group_entry_st **sgroup)
1441 {
1442 if (_gnutls_kx_is_ecc(kx)) {
1443 if (session->internals.cand_ec_group == NULL) {
1444 return 0;
1445 } else {
1446 *sgroup = session->internals.cand_ec_group;
1447 }
1448 } else if (_gnutls_kx_is_dhe(kx)) {
1449 if (session->internals.cand_dh_group == NULL) {
1450 if (!check_server_dh_params(session, cred_type, kx)) {
1451 return 0;
1452 }
1453 } else {
1454 *sgroup = session->internals.cand_dh_group;
1455 }
1456 }
1457 KX_SRP_CHECKS(kx, return 0);
1458
1459 return 1;
1460 }
1461
1462 /* Called on server-side only */
1463 int
_gnutls_figure_common_ciphersuite(gnutls_session_t session,const ciphersuite_list_st * peer_clist,const gnutls_cipher_suite_entry_st ** ce)1464 _gnutls_figure_common_ciphersuite(gnutls_session_t session,
1465 const ciphersuite_list_st *peer_clist,
1466 const gnutls_cipher_suite_entry_st **ce)
1467 {
1468
1469 unsigned int i, j;
1470 int ret;
1471 const version_entry_st *version = get_version(session);
1472 unsigned int is_dtls = IS_DTLS(session);
1473 gnutls_kx_algorithm_t kx;
1474 gnutls_credentials_type_t cred_type = GNUTLS_CRD_CERTIFICATE; /* default for TLS1.3 */
1475 const gnutls_group_entry_st *sgroup = NULL;
1476 gnutls_ext_priv_data_t epriv;
1477 unsigned have_etm = 0;
1478
1479 if (version == NULL) {
1480 return gnutls_assert_val(GNUTLS_E_NO_CIPHER_SUITES);
1481 }
1482
1483 /* we figure whether etm is negotiated by checking the raw extension data
1484 * because we only set (security_params) EtM to true only after the ciphersuite is
1485 * negotiated. */
1486 ret = _gnutls_hello_ext_get_priv(session, GNUTLS_EXTENSION_ETM, &epriv);
1487 if (ret >= 0 && ((intptr_t)epriv) != 0)
1488 have_etm = 1;
1489
1490 /* If we didn't receive the supported_groups extension, then
1491 * we should assume that SECP256R1 is supported; that is required
1492 * by RFC4492, probably to allow SSLv2 hellos negotiate elliptic curve
1493 * ciphersuites */
1494 if (!version->tls13_sem && session->internals.cand_ec_group == NULL &&
1495 !_gnutls_hello_ext_is_present(session, GNUTLS_EXTENSION_SUPPORTED_GROUPS)) {
1496 session->internals.cand_ec_group = _gnutls_id_to_group(DEFAULT_EC_GROUP);
1497 }
1498
1499 if (session->internals.priorities->server_precedence == 0) {
1500 for (i = 0; i < peer_clist->size; i++) {
1501 _gnutls_debug_log("checking %.2x.%.2x (%s) for compatibility\n",
1502 (unsigned)peer_clist->entry[i]->id[0],
1503 (unsigned)peer_clist->entry[i]->id[1],
1504 peer_clist->entry[i]->name);
1505 VERSION_CHECK(peer_clist->entry[i]);
1506
1507 kx = peer_clist->entry[i]->kx_algorithm;
1508
1509 CIPHER_CHECK(peer_clist->entry[i]->block_algorithm);
1510
1511 if (!version->tls13_sem)
1512 cred_type = _gnutls_map_kx_get_cred(kx, 1);
1513
1514 for (j = 0; j < session->internals.priorities->cs.size; j++) {
1515 if (session->internals.priorities->cs.entry[j] == peer_clist->entry[i]) {
1516 sgroup = NULL;
1517 if (!kx_is_ok(session, kx, cred_type, &sgroup))
1518 continue;
1519
1520 /* if we have selected PSK, we need a ciphersuites which matches
1521 * the selected binder */
1522 if (session->internals.hsk_flags & HSK_PSK_SELECTED) {
1523 if (session->key.binders[0].prf->id != session->internals.priorities->cs.entry[j]->prf)
1524 continue;
1525 } else if (cred_type == GNUTLS_CRD_CERTIFICATE) {
1526 ret = _gnutls_select_server_cert(session, peer_clist->entry[i]);
1527 if (ret < 0) {
1528 /* couldn't select cert with this ciphersuite */
1529 gnutls_assert();
1530 break;
1531 }
1532 }
1533
1534 /* select the group based on the selected ciphersuite */
1535 if (sgroup)
1536 _gnutls_session_group_set(session, sgroup);
1537 *ce = peer_clist->entry[i];
1538 return 0;
1539 }
1540 }
1541 }
1542 } else {
1543 for (j = 0; j < session->internals.priorities->cs.size; j++) {
1544 VERSION_CHECK(session->internals.priorities->cs.entry[j]);
1545
1546 CIPHER_CHECK(session->internals.priorities->cs.entry[j]->block_algorithm);
1547
1548 for (i = 0; i < peer_clist->size; i++) {
1549 _gnutls_debug_log("checking %.2x.%.2x (%s) for compatibility\n",
1550 (unsigned)peer_clist->entry[i]->id[0],
1551 (unsigned)peer_clist->entry[i]->id[1],
1552 peer_clist->entry[i]->name);
1553
1554 if (session->internals.priorities->cs.entry[j] == peer_clist->entry[i]) {
1555 sgroup = NULL;
1556 kx = peer_clist->entry[i]->kx_algorithm;
1557
1558 if (!version->tls13_sem)
1559 cred_type = _gnutls_map_kx_get_cred(kx, 1);
1560
1561 if (!kx_is_ok(session, kx, cred_type, &sgroup))
1562 break;
1563
1564 /* if we have selected PSK, we need a ciphersuites which matches
1565 * the selected binder */
1566 if (session->internals.hsk_flags & HSK_PSK_SELECTED) {
1567 if (session->key.binders[0].prf->id != session->internals.priorities->cs.entry[j]->prf)
1568 break;
1569 } else if (cred_type == GNUTLS_CRD_CERTIFICATE) {
1570 ret = _gnutls_select_server_cert(session, peer_clist->entry[i]);
1571 if (ret < 0) {
1572 /* couldn't select cert with this ciphersuite */
1573 gnutls_assert();
1574 break;
1575 }
1576 }
1577
1578 /* select the group based on the selected ciphersuite */
1579 if (sgroup)
1580 _gnutls_session_group_set(session, sgroup);
1581 *ce = peer_clist->entry[i];
1582 return 0;
1583 }
1584 }
1585 }
1586
1587 }
1588
1589 /* nothing in common */
1590
1591 return gnutls_assert_val(GNUTLS_E_NO_CIPHER_SUITES);
1592 }
1593
1594 #define CLIENT_VERSION_CHECK(minver, maxver, e) \
1595 if (is_dtls) { \
1596 if (e->min_dtls_version > maxver->id) \
1597 continue; \
1598 } else { \
1599 if (e->min_version > maxver->id) \
1600 continue; \
1601 }
1602
1603 #define RESERVED_CIPHERSUITES 4
1604 int
_gnutls_get_client_ciphersuites(gnutls_session_t session,gnutls_buffer_st * cdata,const version_entry_st * vmin,unsigned add_scsv)1605 _gnutls_get_client_ciphersuites(gnutls_session_t session,
1606 gnutls_buffer_st * cdata,
1607 const version_entry_st *vmin,
1608 unsigned add_scsv)
1609 {
1610
1611 unsigned int j;
1612 int ret;
1613 unsigned int is_dtls = IS_DTLS(session);
1614 gnutls_kx_algorithm_t kx;
1615 gnutls_credentials_type_t cred_type;
1616 uint8_t cipher_suites[MAX_CIPHERSUITE_SIZE*2 + RESERVED_CIPHERSUITES];
1617 unsigned cipher_suites_size = 0;
1618 size_t init_length = cdata->length;
1619 const version_entry_st *vmax;
1620
1621 vmax = _gnutls_version_max(session);
1622 if (vmax == NULL)
1623 return gnutls_assert_val(GNUTLS_E_NO_PRIORITIES_WERE_SET);
1624
1625 for (j = 0; j < session->internals.priorities->cs.size; j++) {
1626 CLIENT_VERSION_CHECK(vmin, vmax, session->internals.priorities->cs.entry[j]);
1627
1628 kx = session->internals.priorities->cs.entry[j]->kx_algorithm;
1629 if (kx != GNUTLS_KX_UNKNOWN) { /* In TLS 1.3 ciphersuites don't map to credentials */
1630 cred_type = _gnutls_map_kx_get_cred(kx, 0);
1631
1632 if (!session->internals.premaster_set && _gnutls_get_cred(session, cred_type) == NULL)
1633 continue;
1634
1635 KX_SRP_CHECKS(kx, continue);
1636 }
1637
1638 _gnutls_debug_log("Keeping ciphersuite %.2x.%.2x (%s)\n",
1639 (unsigned)session->internals.priorities->cs.entry[j]->id[0],
1640 (unsigned)session->internals.priorities->cs.entry[j]->id[1],
1641 session->internals.priorities->cs.entry[j]->name);
1642 cipher_suites[cipher_suites_size] = session->internals.priorities->cs.entry[j]->id[0];
1643 cipher_suites[cipher_suites_size + 1] = session->internals.priorities->cs.entry[j]->id[1];
1644 cipher_suites_size += 2;
1645
1646 if (cipher_suites_size >= MAX_CIPHERSUITE_SIZE*2)
1647 break;
1648 }
1649 #ifdef ENABLE_SSL3
1650 if (add_scsv) {
1651 cipher_suites[cipher_suites_size] = 0x00;
1652 cipher_suites[cipher_suites_size + 1] = 0xff;
1653 cipher_suites_size += 2;
1654
1655 ret = _gnutls_ext_sr_send_cs(session);
1656 if (ret < 0)
1657 return gnutls_assert_val(ret);
1658
1659 _gnutls_hello_ext_save_sr(session);
1660 }
1661 #endif
1662
1663 if (session->internals.priorities->fallback) {
1664 cipher_suites[cipher_suites_size] = GNUTLS_FALLBACK_SCSV_MAJOR;
1665 cipher_suites[cipher_suites_size + 1] = GNUTLS_FALLBACK_SCSV_MINOR;
1666 cipher_suites_size += 2;
1667 }
1668
1669 ret = _gnutls_buffer_append_data_prefix(cdata, 16, cipher_suites, cipher_suites_size);
1670 if (ret < 0)
1671 return gnutls_assert_val(ret);
1672
1673 return cdata->length - init_length;
1674 }
1675
1676 /**
1677 * gnutls_priority_get_cipher_suite_index:
1678 * @pcache: is a #gnutls_prioritity_t type.
1679 * @idx: is an index number.
1680 * @sidx: internal index of cipher suite to get information about.
1681 *
1682 * Provides the internal ciphersuite index to be used with
1683 * gnutls_cipher_suite_info(). The index @idx provided is an
1684 * index kept at the priorities structure. It might be that a valid
1685 * priorities index does not correspond to a ciphersuite and in
1686 * that case %GNUTLS_E_UNKNOWN_CIPHER_SUITE will be returned.
1687 * Once the last available index is crossed then
1688 * %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned.
1689 *
1690 * Returns: On success it returns %GNUTLS_E_SUCCESS (0), or a negative error value otherwise.
1691 *
1692 * Since: 3.0.9
1693 **/
1694 int
gnutls_priority_get_cipher_suite_index(gnutls_priority_t pcache,unsigned int idx,unsigned int * sidx)1695 gnutls_priority_get_cipher_suite_index(gnutls_priority_t pcache,
1696 unsigned int idx,
1697 unsigned int *sidx)
1698 {
1699 unsigned int i, j;
1700 unsigned max_tls = 0;
1701 unsigned max_dtls = 0;
1702
1703 if (idx >= pcache->cs.size)
1704 return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
1705
1706 /* find max_tls and max_dtls */
1707 for (j=0;j<pcache->protocol.num_priorities;j++) {
1708 if (pcache->protocol.priorities[j] <= GNUTLS_TLS_VERSION_MAX &&
1709 pcache->protocol.priorities[j] >= max_tls) {
1710 max_tls = pcache->protocol.priorities[j];
1711 } else if (pcache->protocol.priorities[j] <= GNUTLS_DTLS_VERSION_MAX &&
1712 pcache->protocol.priorities[j] >= max_dtls) {
1713 max_dtls = pcache->protocol.priorities[j];
1714 }
1715 }
1716
1717 for (i = 0; i < CIPHER_SUITES_COUNT; i++) {
1718 if (pcache->cs.entry[idx] != &cs_algorithms[i])
1719 continue;
1720
1721 *sidx = i;
1722 if (_gnutls_cipher_exists(cs_algorithms[i].block_algorithm) &&
1723 _gnutls_mac_exists(cs_algorithms[i].mac_algorithm)) {
1724 if (max_tls >= cs_algorithms[i].min_version) {
1725 return 0;
1726 } else if (max_dtls >= cs_algorithms[i].min_dtls_version) {
1727 return 0;
1728 }
1729 } else
1730 break;
1731 }
1732
1733 return GNUTLS_E_UNKNOWN_CIPHER_SUITE;
1734 }
1735