PolarSSL v1.3.8
ssl_ciphersuites.c
Go to the documentation of this file.
1 
28 #if !defined(POLARSSL_CONFIG_FILE)
29 #include "polarssl/config.h"
30 #else
31 #include POLARSSL_CONFIG_FILE
32 #endif
33 
34 #if defined(POLARSSL_SSL_TLS_C)
35 
37 #include "polarssl/ssl.h"
38 
39 #include <stdlib.h>
40 
41 #if defined(_MSC_VER) && !defined strcasecmp && !defined(EFIX64) && \
42  !defined(EFI32)
43 #define strcasecmp _stricmp
44 #endif
45 
46 /*
47  * Ordered from most preferred to least preferred in terms of security.
48  *
49  * Current rule (except rc4, weak and null which come last):
50  * 1. By key exchange:
51  * Forward-secure non-PSK > forward-secure PSK > other non-PSK > other PSK
52  * 2. By key length and cipher:
53  * AES-256 > Camellia-256 > AES-128 > Camellia-128 > 3DES
54  * 3. By cipher mode when relevant GCM > CCM > CBC > CCM_8
55  * 4. By hash function used when relevant
56  * 5. By key exchange/auth again: EC > non-EC
57  */
58 static const int ciphersuite_preference[] =
59 {
60 #if defined(SSL_CIPHERSUITES)
62 #else
63  /* All AES-256 ephemeral suites */
77 
78  /* All CAMELLIA-256 ephemeral suites */
86 
87  /* All AES-128 ephemeral suites */
101 
102  /* All CAMELLIA-128 ephemeral suites */
110 
111  /* All remaining >= 128-bit ephemeral suites */
115 
116  /* The PSK ephemeral suites */
127 
138 
141 
142  /* All AES-256 suites */
154 
155  /* All CAMELLIA-256 suites */
163 
164  /* All AES-128 suites */
176 
177  /* All CAMELLIA-128 suites */
185 
186  /* All remaining >= 128-bit suites */
190 
191  /* The RSA PSK suites */
197 
203 
205 
206  /* The PSK suites */
214 
222 
224 
225  /* RC4 suites */
236 
237  /* Weak suites */
240 
241  /* NULL suites */
250 
262 
263 #endif
264  0
265 };
266 
267 static const ssl_ciphersuite_t ciphersuite_definitions[] =
268 {
269 #if defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
270 #if defined(POLARSSL_AES_C)
271 #if defined(POLARSSL_SHA1_C)
272 #if defined(POLARSSL_CIPHER_MODE_CBC)
273  { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA",
277  0 },
278  { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA",
282  0 },
283 #endif /* POLARSSL_CIPHER_MODE_CBC */
284 #endif /* POLARSSL_SHA1_C */
285 #if defined(POLARSSL_SHA256_C)
286 #if defined(POLARSSL_CIPHER_MODE_CBC)
287  { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256",
291  0 },
292 #endif /* POLARSSL_CIPHER_MODE_CBC */
293 #if defined(POLARSSL_GCM_C)
294  { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256",
298  0 },
299 #endif /* POLARSSL_GCM_C */
300 #endif /* POLARSSL_SHA256_C */
301 #if defined(POLARSSL_SHA512_C)
302 #if defined(POLARSSL_CIPHER_MODE_CBC)
303  { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384",
307  0 },
308 #endif /* POLARSSL_CIPHER_MODE_CBC */
309 #if defined(POLARSSL_GCM_C)
310  { TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384",
314  0 },
315 #endif /* POLARSSL_GCM_C */
316 #endif /* POLARSSL_SHA512_C */
317 #if defined(POLARSSL_CCM_C)
318  { TLS_ECDHE_ECDSA_WITH_AES_256_CCM, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM",
322  0 },
323  { TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8",
328  { TLS_ECDHE_ECDSA_WITH_AES_128_CCM, "TLS-ECDHE-ECDSA-WITH-AES-128-CCM",
332  0 },
333  { TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, "TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8",
338 #endif /* POLARSSL_CCM_C */
339 #endif /* POLARSSL_AES_C */
340 
341 #if defined(POLARSSL_CAMELLIA_C)
342 #if defined(POLARSSL_CIPHER_MODE_CBC)
343 #if defined(POLARSSL_SHA256_C)
344  { TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
348  0 },
349 #endif /* POLARSSL_SHA256_C */
350 #if defined(POLARSSL_SHA512_C)
351  { TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
355  0 },
356 #endif /* POLARSSL_SHA512_C */
357 #endif /* POLARSSL_CIPHER_MODE_CBC */
358 
359 #if defined(POLARSSL_GCM_C)
360 #if defined(POLARSSL_SHA256_C)
361  { TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256",
365  0 },
366 #endif /* POLARSSL_SHA256_C */
367 #if defined(POLARSSL_SHA512_C)
368  { TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384",
372  0 },
373 #endif /* POLARSSL_SHA512_C */
374 #endif /* POLARSSL_GCM_C */
375 #endif /* POLARSSL_CAMELLIA_C */
376 
377 #if defined(POLARSSL_DES_C)
378 #if defined(POLARSSL_CIPHER_MODE_CBC)
379 #if defined(POLARSSL_SHA1_C)
380  { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA",
384  0 },
385 #endif /* POLARSSL_SHA1_C */
386 #endif /* POLARSSL_CIPHER_MODE_CBC */
387 #endif /* POLARSSL_DES_C */
388 
389 #if defined(POLARSSL_ARC4_C)
390 #if defined(POLARSSL_SHA1_C)
391  { TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, "TLS-ECDHE-ECDSA-WITH-RC4-128-SHA",
395  0 },
396 #endif /* POLARSSL_SHA1_C */
397 #endif /* POLARSSL_ARC4_C */
398 
399 #if defined(POLARSSL_CIPHER_NULL_CIPHER)
400 #if defined(POLARSSL_SHA1_C)
401  { TLS_ECDHE_ECDSA_WITH_NULL_SHA, "TLS-ECDHE-ECDSA-WITH-NULL-SHA",
406 #endif /* POLARSSL_SHA1_C */
407 #endif /* POLARSSL_CIPHER_NULL_CIPHER */
408 #endif /* POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
409 
410 #if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
411 #if defined(POLARSSL_AES_C)
412 #if defined(POLARSSL_SHA1_C)
413 #if defined(POLARSSL_CIPHER_MODE_CBC)
414  { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA",
418  0 },
419  { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA",
423  0 },
424 #endif /* POLARSSL_CIPHER_MODE_CBC */
425 #endif /* POLARSSL_SHA1_C */
426 #if defined(POLARSSL_SHA256_C)
427 #if defined(POLARSSL_CIPHER_MODE_CBC)
428  { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256",
432  0 },
433 #endif /* POLARSSL_CIPHER_MODE_CBC */
434 #if defined(POLARSSL_GCM_C)
435  { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256",
439  0 },
440 #endif /* POLARSSL_GCM_C */
441 #endif /* POLARSSL_SHA256_C */
442 #if defined(POLARSSL_SHA512_C)
443 #if defined(POLARSSL_CIPHER_MODE_CBC)
444  { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384",
448  0 },
449 #endif /* POLARSSL_CIPHER_MODE_CBC */
450 #if defined(POLARSSL_GCM_C)
451  { TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384",
455  0 },
456 #endif /* POLARSSL_GCM_C */
457 #endif /* POLARSSL_SHA512_C */
458 #endif /* POLARSSL_AES_C */
459 
460 #if defined(POLARSSL_CAMELLIA_C)
461 #if defined(POLARSSL_CIPHER_MODE_CBC)
462 #if defined(POLARSSL_SHA256_C)
463  { TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
467  0 },
468 #endif /* POLARSSL_SHA256_C */
469 #if defined(POLARSSL_SHA512_C)
470  { TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384",
474  0 },
475 #endif /* POLARSSL_SHA512_C */
476 #endif /* POLARSSL_CIPHER_MODE_CBC */
477 
478 #if defined(POLARSSL_GCM_C)
479 #if defined(POLARSSL_SHA256_C)
480  { TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
484  0 },
485 #endif /* POLARSSL_SHA256_C */
486 #if defined(POLARSSL_SHA512_C)
487  { TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
491  0 },
492 #endif /* POLARSSL_SHA512_C */
493 #endif /* POLARSSL_GCM_C */
494 #endif /* POLARSSL_CAMELLIA_C */
495 
496 #if defined(POLARSSL_DES_C)
497 #if defined(POLARSSL_CIPHER_MODE_CBC)
498 #if defined(POLARSSL_SHA1_C)
499  { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA",
503  0 },
504 #endif /* POLARSSL_SHA1_C */
505 #endif /* POLARSSL_CIPHER_MODE_CBC */
506 #endif /* POLARSSL_DES_C */
507 
508 #if defined(POLARSSL_ARC4_C)
509 #if defined(POLARSSL_SHA1_C)
510  { TLS_ECDHE_RSA_WITH_RC4_128_SHA, "TLS-ECDHE-RSA-WITH-RC4-128-SHA",
514  0 },
515 #endif /* POLARSSL_SHA1_C */
516 #endif /* POLARSSL_ARC4_C */
517 
518 #if defined(POLARSSL_CIPHER_NULL_CIPHER)
519 #if defined(POLARSSL_SHA1_C)
520  { TLS_ECDHE_RSA_WITH_NULL_SHA, "TLS-ECDHE-RSA-WITH-NULL-SHA",
525 #endif /* POLARSSL_SHA1_C */
526 #endif /* POLARSSL_CIPHER_NULL_CIPHER */
527 #endif /* POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
528 
529 #if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED)
530 #if defined(POLARSSL_AES_C)
531 #if defined(POLARSSL_SHA512_C) && defined(POLARSSL_GCM_C)
532  { TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384",
536  0 },
537 #endif /* POLARSSL_SHA512_C && POLARSSL_GCM_C */
538 
539 #if defined(POLARSSL_SHA256_C)
540 #if defined(POLARSSL_GCM_C)
541  { TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256",
545  0 },
546 #endif /* POLARSSL_GCM_C */
547 
548 #if defined(POLARSSL_CIPHER_MODE_CBC)
549  { TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256",
553  0 },
554 
555  { TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256",
559  0 },
560 #endif /* POLARSSL_CIPHER_MODE_CBC */
561 #endif /* POLARSSL_SHA256_C */
562 
563 #if defined(POLARSSL_CIPHER_MODE_CBC)
564 #if defined(POLARSSL_SHA1_C)
565  { TLS_DHE_RSA_WITH_AES_128_CBC_SHA, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA",
569  0 },
570 
571  { TLS_DHE_RSA_WITH_AES_256_CBC_SHA, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA",
575  0 },
576 #endif /* POLARSSL_SHA1_C */
577 #endif /* POLARSSL_CIPHER_MODE_CBC */
578 #if defined(POLARSSL_CCM_C)
579  { TLS_DHE_RSA_WITH_AES_256_CCM, "TLS-DHE-RSA-WITH-AES-256-CCM",
583  0 },
584  { TLS_DHE_RSA_WITH_AES_256_CCM_8, "TLS-DHE-RSA-WITH-AES-256-CCM-8",
589  { TLS_DHE_RSA_WITH_AES_128_CCM, "TLS-DHE-RSA-WITH-AES-128-CCM",
593  0 },
594  { TLS_DHE_RSA_WITH_AES_128_CCM_8, "TLS-DHE-RSA-WITH-AES-128-CCM-8",
599 #endif /* POLARSSL_CCM_C */
600 #endif /* POLARSSL_AES_C */
601 
602 #if defined(POLARSSL_CAMELLIA_C)
603 #if defined(POLARSSL_CIPHER_MODE_CBC)
604 #if defined(POLARSSL_SHA256_C)
605  { TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
609  0 },
610 
611  { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256",
615  0 },
616 #endif /* POLARSSL_SHA256_C */
617 
618 #if defined(POLARSSL_SHA1_C)
619  { TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA",
623  0 },
624 
625  { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA",
629  0 },
630 #endif /* POLARSSL_SHA1_C */
631 #endif /* POLARSSL_CIPHER_MODE_CBC */
632 #if defined(POLARSSL_GCM_C)
633 #if defined(POLARSSL_SHA256_C)
634  { TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
638  0 },
639 #endif /* POLARSSL_SHA256_C */
640 
641 #if defined(POLARSSL_SHA512_C)
642  { TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
646  0 },
647 #endif /* POLARSSL_SHA512_C */
648 #endif /* POLARSSL_GCM_C */
649 #endif /* POLARSSL_CAMELLIA_C */
650 
651 #if defined(POLARSSL_DES_C)
652 #if defined(POLARSSL_CIPHER_MODE_CBC)
653 #if defined(POLARSSL_SHA1_C)
654  { TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA",
658  0 },
659 #endif /* POLARSSL_SHA1_C */
660 #endif /* POLARSSL_CIPHER_MODE_CBC */
661 #endif /* POLARSSL_DES_C */
662 #endif /* POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED */
663 
664 #if defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED)
665 #if defined(POLARSSL_AES_C)
666 #if defined(POLARSSL_SHA512_C) && defined(POLARSSL_GCM_C)
667  { TLS_RSA_WITH_AES_256_GCM_SHA384, "TLS-RSA-WITH-AES-256-GCM-SHA384",
671  0 },
672 #endif /* POLARSSL_SHA512_C && POLARSSL_GCM_C */
673 
674 #if defined(POLARSSL_SHA256_C)
675 #if defined(POLARSSL_GCM_C)
676  { TLS_RSA_WITH_AES_128_GCM_SHA256, "TLS-RSA-WITH-AES-128-GCM-SHA256",
680  0 },
681 #endif /* POLARSSL_GCM_C */
682 
683 #if defined(POLARSSL_CIPHER_MODE_CBC)
684  { TLS_RSA_WITH_AES_128_CBC_SHA256, "TLS-RSA-WITH-AES-128-CBC-SHA256",
688  0 },
689 
690  { TLS_RSA_WITH_AES_256_CBC_SHA256, "TLS-RSA-WITH-AES-256-CBC-SHA256",
694  0 },
695 #endif /* POLARSSL_CIPHER_MODE_CBC */
696 #endif /* POLARSSL_SHA256_C */
697 
698 #if defined(POLARSSL_SHA1_C)
699 #if defined(POLARSSL_CIPHER_MODE_CBC)
700  { TLS_RSA_WITH_AES_128_CBC_SHA, "TLS-RSA-WITH-AES-128-CBC-SHA",
704  0 },
705 
706  { TLS_RSA_WITH_AES_256_CBC_SHA, "TLS-RSA-WITH-AES-256-CBC-SHA",
710  0 },
711 #endif /* POLARSSL_CIPHER_MODE_CBC */
712 #endif /* POLARSSL_SHA1_C */
713 #if defined(POLARSSL_CCM_C)
714  { TLS_RSA_WITH_AES_256_CCM, "TLS-RSA-WITH-AES-256-CCM",
718  0 },
719  { TLS_RSA_WITH_AES_256_CCM_8, "TLS-RSA-WITH-AES-256-CCM-8",
724  { TLS_RSA_WITH_AES_128_CCM, "TLS-RSA-WITH-AES-128-CCM",
728  0 },
729  { TLS_RSA_WITH_AES_128_CCM_8, "TLS-RSA-WITH-AES-128-CCM-8",
734 #endif /* POLARSSL_CCM_C */
735 #endif /* POLARSSL_AES_C */
736 
737 #if defined(POLARSSL_CAMELLIA_C)
738 #if defined(POLARSSL_CIPHER_MODE_CBC)
739 #if defined(POLARSSL_SHA256_C)
740  { TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256",
744  0 },
745 
746  { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256",
750  0 },
751 #endif /* POLARSSL_SHA256_C */
752 
753 #if defined(POLARSSL_SHA1_C)
754  { TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA",
758  0 },
759 
760  { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA",
764  0 },
765 #endif /* POLARSSL_SHA1_C */
766 #endif /* POLARSSL_CIPHER_MODE_CBC */
767 
768 #if defined(POLARSSL_GCM_C)
769 #if defined(POLARSSL_SHA256_C)
770  { TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256",
774  0 },
775 #endif /* POLARSSL_SHA256_C */
776 
777 #if defined(POLARSSL_SHA1_C)
778  { TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384",
782  0 },
783 #endif /* POLARSSL_SHA1_C */
784 #endif /* POLARSSL_GCM_C */
785 #endif /* POLARSSL_CAMELLIA_C */
786 
787 #if defined(POLARSSL_DES_C)
788 #if defined(POLARSSL_CIPHER_MODE_CBC)
789 #if defined(POLARSSL_SHA1_C)
790  { TLS_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-RSA-WITH-3DES-EDE-CBC-SHA",
794  0 },
795 #endif /* POLARSSL_SHA1_C */
796 #endif /* POLARSSL_CIPHER_MODE_CBC */
797 #endif /* POLARSSL_DES_C */
798 
799 #if defined(POLARSSL_ARC4_C)
800 #if defined(POLARSSL_MD5_C)
801  { TLS_RSA_WITH_RC4_128_MD5, "TLS-RSA-WITH-RC4-128-MD5",
805  0 },
806 #endif
807 
808 #if defined(POLARSSL_SHA1_C)
809  { TLS_RSA_WITH_RC4_128_SHA, "TLS-RSA-WITH-RC4-128-SHA",
813  0 },
814 #endif
815 #endif /* POLARSSL_ARC4_C */
816 #endif /* POLARSSL_KEY_EXCHANGE_RSA_ENABLED */
817 
818 #if defined(POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED)
819 #if defined(POLARSSL_AES_C)
820 #if defined(POLARSSL_SHA1_C)
821 #if defined(POLARSSL_CIPHER_MODE_CBC)
822  { TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA",
826  0 },
827  { TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA",
831  0 },
832 #endif /* POLARSSL_CIPHER_MODE_CBC */
833 #endif /* POLARSSL_SHA1_C */
834 #if defined(POLARSSL_SHA256_C)
835 #if defined(POLARSSL_CIPHER_MODE_CBC)
836  { TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA256",
840  0 },
841 #endif /* POLARSSL_CIPHER_MODE_CBC */
842 #if defined(POLARSSL_GCM_C)
843  { TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-RSA-WITH-AES-128-GCM-SHA256",
847  0 },
848 #endif /* POLARSSL_GCM_C */
849 #endif /* POLARSSL_SHA256_C */
850 #if defined(POLARSSL_SHA512_C)
851 #if defined(POLARSSL_CIPHER_MODE_CBC)
852  { TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384",
856  0 },
857 #endif /* POLARSSL_CIPHER_MODE_CBC */
858 #if defined(POLARSSL_GCM_C)
859  { TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-RSA-WITH-AES-256-GCM-SHA384",
863  0 },
864 #endif /* POLARSSL_GCM_C */
865 #endif /* POLARSSL_SHA512_C */
866 #endif /* POLARSSL_AES_C */
867 
868 #if defined(POLARSSL_CAMELLIA_C)
869 #if defined(POLARSSL_CIPHER_MODE_CBC)
870 #if defined(POLARSSL_SHA256_C)
871  { TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDH-RSA-WITH-CAMELLIA-128-CBC-SHA256",
875  0 },
876 #endif /* POLARSSL_SHA256_C */
877 #if defined(POLARSSL_SHA512_C)
878  { TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDH-RSA-WITH-CAMELLIA-256-CBC-SHA384",
882  0 },
883 #endif /* POLARSSL_SHA512_C */
884 #endif /* POLARSSL_CIPHER_MODE_CBC */
885 
886 #if defined(POLARSSL_GCM_C)
887 #if defined(POLARSSL_SHA256_C)
888  { TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ECDH-RSA-WITH-CAMELLIA-128-GCM-SHA256",
892  0 },
893 #endif /* POLARSSL_SHA256_C */
894 #if defined(POLARSSL_SHA512_C)
895  { TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-ECDH-RSA-WITH-CAMELLIA-256-GCM-SHA384",
899  0 },
900 #endif /* POLARSSL_SHA512_C */
901 #endif /* POLARSSL_GCM_C */
902 #endif /* POLARSSL_CAMELLIA_C */
903 
904 #if defined(POLARSSL_DES_C)
905 #if defined(POLARSSL_CIPHER_MODE_CBC)
906 #if defined(POLARSSL_SHA1_C)
907  { TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDH-RSA-WITH-3DES-EDE-CBC-SHA",
911  0 },
912 #endif /* POLARSSL_SHA1_C */
913 #endif /* POLARSSL_CIPHER_MODE_CBC */
914 #endif /* POLARSSL_DES_C */
915 
916 #if defined(POLARSSL_ARC4_C)
917 #if defined(POLARSSL_SHA1_C)
918  { TLS_ECDH_RSA_WITH_RC4_128_SHA, "TLS-ECDH-RSA-WITH-RC4-128-SHA",
922  0 },
923 #endif /* POLARSSL_SHA1_C */
924 #endif /* POLARSSL_ARC4_C */
925 
926 #if defined(POLARSSL_CIPHER_NULL_CIPHER)
927 #if defined(POLARSSL_SHA1_C)
928  { TLS_ECDH_RSA_WITH_NULL_SHA, "TLS-ECDH-RSA-WITH-NULL-SHA",
933 #endif /* POLARSSL_SHA1_C */
934 #endif /* POLARSSL_CIPHER_NULL_CIPHER */
935 #endif /* POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED */
936 
937 #if defined(POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
938 #if defined(POLARSSL_AES_C)
939 #if defined(POLARSSL_SHA1_C)
940 #if defined(POLARSSL_CIPHER_MODE_CBC)
941  { TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA",
945  0 },
946  { TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA",
950  0 },
951 #endif /* POLARSSL_CIPHER_MODE_CBC */
952 #endif /* POLARSSL_SHA1_C */
953 #if defined(POLARSSL_SHA256_C)
954 #if defined(POLARSSL_CIPHER_MODE_CBC)
955  { TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256",
959  0 },
960 #endif /* POLARSSL_CIPHER_MODE_CBC */
961 #if defined(POLARSSL_GCM_C)
962  { TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256",
966  0 },
967 #endif /* POLARSSL_GCM_C */
968 #endif /* POLARSSL_SHA256_C */
969 #if defined(POLARSSL_SHA512_C)
970 #if defined(POLARSSL_CIPHER_MODE_CBC)
971  { TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384",
975  0 },
976 #endif /* POLARSSL_CIPHER_MODE_CBC */
977 #if defined(POLARSSL_GCM_C)
978  { TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384",
982  0 },
983 #endif /* POLARSSL_GCM_C */
984 #endif /* POLARSSL_SHA512_C */
985 #endif /* POLARSSL_AES_C */
986 
987 #if defined(POLARSSL_CAMELLIA_C)
988 #if defined(POLARSSL_CIPHER_MODE_CBC)
989 #if defined(POLARSSL_SHA256_C)
990  { TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
994  0 },
995 #endif /* POLARSSL_SHA256_C */
996 #if defined(POLARSSL_SHA512_C)
997  { TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
1001  0 },
1002 #endif /* POLARSSL_SHA512_C */
1003 #endif /* POLARSSL_CIPHER_MODE_CBC */
1004 
1005 #if defined(POLARSSL_GCM_C)
1006 #if defined(POLARSSL_SHA256_C)
1007  { TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256",
1011  0 },
1012 #endif /* POLARSSL_SHA256_C */
1013 #if defined(POLARSSL_SHA512_C)
1014  { TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384",
1018  0 },
1019 #endif /* POLARSSL_SHA512_C */
1020 #endif /* POLARSSL_GCM_C */
1021 #endif /* POLARSSL_CAMELLIA_C */
1022 
1023 #if defined(POLARSSL_DES_C)
1024 #if defined(POLARSSL_CIPHER_MODE_CBC)
1025 #if defined(POLARSSL_SHA1_C)
1026  { TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA",
1030  0 },
1031 #endif /* POLARSSL_SHA1_C */
1032 #endif /* POLARSSL_CIPHER_MODE_CBC */
1033 #endif /* POLARSSL_DES_C */
1034 
1035 #if defined(POLARSSL_ARC4_C)
1036 #if defined(POLARSSL_SHA1_C)
1037  { TLS_ECDH_ECDSA_WITH_RC4_128_SHA, "TLS-ECDH-ECDSA-WITH-RC4-128-SHA",
1041  0 },
1042 #endif /* POLARSSL_SHA1_C */
1043 #endif /* POLARSSL_ARC4_C */
1044 
1045 #if defined(POLARSSL_CIPHER_NULL_CIPHER)
1046 #if defined(POLARSSL_SHA1_C)
1047  { TLS_ECDH_ECDSA_WITH_NULL_SHA, "TLS-ECDH-ECDSA-WITH-NULL-SHA",
1052 #endif /* POLARSSL_SHA1_C */
1053 #endif /* POLARSSL_CIPHER_NULL_CIPHER */
1054 #endif /* POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
1055 
1056 #if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
1057 #if defined(POLARSSL_AES_C)
1058 #if defined(POLARSSL_GCM_C)
1059 #if defined(POLARSSL_SHA256_C)
1060  { TLS_PSK_WITH_AES_128_GCM_SHA256, "TLS-PSK-WITH-AES-128-GCM-SHA256",
1064  0 },
1065 #endif /* POLARSSL_SHA256_C */
1066 
1067 #if defined(POLARSSL_SHA512_C)
1068  { TLS_PSK_WITH_AES_256_GCM_SHA384, "TLS-PSK-WITH-AES-256-GCM-SHA384",
1072  0 },
1073 #endif /* POLARSSL_SHA512_C */
1074 #endif /* POLARSSL_GCM_C */
1075 
1076 #if defined(POLARSSL_CIPHER_MODE_CBC)
1077 #if defined(POLARSSL_SHA256_C)
1078  { TLS_PSK_WITH_AES_128_CBC_SHA256, "TLS-PSK-WITH-AES-128-CBC-SHA256",
1082  0 },
1083 #endif /* POLARSSL_SHA256_C */
1084 
1085 #if defined(POLARSSL_SHA512_C)
1086  { TLS_PSK_WITH_AES_256_CBC_SHA384, "TLS-PSK-WITH-AES-256-CBC-SHA384",
1090  0 },
1091 #endif /* POLARSSL_SHA512_C */
1092 
1093 #if defined(POLARSSL_SHA1_C)
1094  { TLS_PSK_WITH_AES_128_CBC_SHA, "TLS-PSK-WITH-AES-128-CBC-SHA",
1098  0 },
1099 
1100  { TLS_PSK_WITH_AES_256_CBC_SHA, "TLS-PSK-WITH-AES-256-CBC-SHA",
1104  0 },
1105 #endif /* POLARSSL_SHA1_C */
1106 #endif /* POLARSSL_CIPHER_MODE_CBC */
1107 #if defined(POLARSSL_CCM_C)
1108  { TLS_PSK_WITH_AES_256_CCM, "TLS-PSK-WITH-AES-256-CCM",
1112  0 },
1113  { TLS_PSK_WITH_AES_256_CCM_8, "TLS-PSK-WITH-AES-256-CCM-8",
1118  { TLS_PSK_WITH_AES_128_CCM, "TLS-PSK-WITH-AES-128-CCM",
1122  0 },
1123  { TLS_PSK_WITH_AES_128_CCM_8, "TLS-PSK-WITH-AES-128-CCM-8",
1128 #endif /* POLARSSL_CCM_C */
1129 #endif /* POLARSSL_AES_C */
1130 
1131 #if defined(POLARSSL_CAMELLIA_C)
1132 #if defined(POLARSSL_CIPHER_MODE_CBC)
1133 #if defined(POLARSSL_SHA256_C)
1134  { TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256",
1138  0 },
1139 #endif /* POLARSSL_SHA256_C */
1140 
1141 #if defined(POLARSSL_SHA512_C)
1142  { TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384",
1146  0 },
1147 #endif /* POLARSSL_SHA512_C */
1148 #endif /* POLARSSL_CIPHER_MODE_CBC */
1149 
1150 #if defined(POLARSSL_GCM_C)
1151 #if defined(POLARSSL_SHA256_C)
1152  { TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256",
1156  0 },
1157 #endif /* POLARSSL_SHA256_C */
1158 
1159 #if defined(POLARSSL_SHA512_C)
1160  { TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384",
1164  0 },
1165 #endif /* POLARSSL_SHA512_C */
1166 #endif /* POLARSSL_GCM_C */
1167 #endif /* POLARSSL_CAMELLIA_C */
1168 
1169 #if defined(POLARSSL_DES_C)
1170 #if defined(POLARSSL_CIPHER_MODE_CBC)
1171 #if defined(POLARSSL_SHA1_C)
1172  { TLS_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-PSK-WITH-3DES-EDE-CBC-SHA",
1176  0 },
1177 #endif /* POLARSSL_SHA1_C */
1178 #endif /* POLARSSL_CIPHER_MODE_CBC */
1179 #endif /* POLARSSL_DES_C */
1180 
1181 #if defined(POLARSSL_ARC4_C)
1182 #if defined(POLARSSL_SHA1_C)
1183  { TLS_PSK_WITH_RC4_128_SHA, "TLS-PSK-WITH-RC4-128-SHA",
1187  0 },
1188 #endif /* POLARSSL_SHA1_C */
1189 #endif /* POLARSSL_ARC4_C */
1190 #endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED */
1191 
1192 #if defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED)
1193 #if defined(POLARSSL_AES_C)
1194 #if defined(POLARSSL_GCM_C)
1195 #if defined(POLARSSL_SHA256_C)
1196  { TLS_DHE_PSK_WITH_AES_128_GCM_SHA256, "TLS-DHE-PSK-WITH-AES-128-GCM-SHA256",
1200  0 },
1201 #endif /* POLARSSL_SHA256_C */
1202 
1203 #if defined(POLARSSL_SHA512_C)
1204  { TLS_DHE_PSK_WITH_AES_256_GCM_SHA384, "TLS-DHE-PSK-WITH-AES-256-GCM-SHA384",
1208  0 },
1209 #endif /* POLARSSL_SHA512_C */
1210 #endif /* POLARSSL_GCM_C */
1211 
1212 #if defined(POLARSSL_CIPHER_MODE_CBC)
1213 #if defined(POLARSSL_SHA256_C)
1214  { TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA256",
1218  0 },
1219 #endif /* POLARSSL_SHA256_C */
1220 
1221 #if defined(POLARSSL_SHA512_C)
1222  { TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA384",
1226  0 },
1227 #endif /* POLARSSL_SHA512_C */
1228 
1229 #if defined(POLARSSL_SHA1_C)
1230  { TLS_DHE_PSK_WITH_AES_128_CBC_SHA, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA",
1234  0 },
1235 
1236  { TLS_DHE_PSK_WITH_AES_256_CBC_SHA, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA",
1240  0 },
1241 #endif /* POLARSSL_SHA1_C */
1242 #endif /* POLARSSL_CIPHER_MODE_CBC */
1243 #if defined(POLARSSL_CCM_C)
1244  { TLS_DHE_PSK_WITH_AES_256_CCM, "TLS-DHE-PSK-WITH-AES-256-CCM",
1248  0 },
1249  { TLS_DHE_PSK_WITH_AES_256_CCM_8, "TLS-DHE-PSK-WITH-AES-256-CCM-8",
1254  { TLS_DHE_PSK_WITH_AES_128_CCM, "TLS-DHE-PSK-WITH-AES-128-CCM",
1258  0 },
1259  { TLS_DHE_PSK_WITH_AES_128_CCM_8, "TLS-DHE-PSK-WITH-AES-128-CCM-8",
1264 #endif /* POLARSSL_CCM_C */
1265 #endif /* POLARSSL_AES_C */
1266 
1267 #if defined(POLARSSL_CAMELLIA_C)
1268 #if defined(POLARSSL_CIPHER_MODE_CBC)
1269 #if defined(POLARSSL_SHA256_C)
1270  { TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
1274  0 },
1275 #endif /* POLARSSL_SHA256_C */
1276 
1277 #if defined(POLARSSL_SHA512_C)
1278  { TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
1282  0 },
1283 #endif /* POLARSSL_SHA512_C */
1284 #endif /* POLARSSL_CIPHER_MODE_CBC */
1285 
1286 #if defined(POLARSSL_GCM_C)
1287 #if defined(POLARSSL_SHA256_C)
1288  { TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256",
1292  0 },
1293 #endif /* POLARSSL_SHA256_C */
1294 
1295 #if defined(POLARSSL_SHA512_C)
1296  { TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384",
1300  0 },
1301 #endif /* POLARSSL_SHA512_C */
1302 #endif /* POLARSSL_GCM_C */
1303 #endif /* POLARSSL_CAMELLIA_C */
1304 
1305 #if defined(POLARSSL_DES_C)
1306 #if defined(POLARSSL_CIPHER_MODE_CBC)
1307 #if defined(POLARSSL_SHA1_C)
1308  { TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA",
1312  0 },
1313 #endif /* POLARSSL_SHA1_C */
1314 #endif /* POLARSSL_CIPHER_MODE_CBC */
1315 #endif /* POLARSSL_DES_C */
1316 
1317 #if defined(POLARSSL_ARC4_C)
1318 #if defined(POLARSSL_SHA1_C)
1319  { TLS_DHE_PSK_WITH_RC4_128_SHA, "TLS-DHE-PSK-WITH-RC4-128-SHA",
1323  0 },
1324 #endif /* POLARSSL_SHA1_C */
1325 #endif /* POLARSSL_ARC4_C */
1326 #endif /* POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED */
1327 
1328 #if defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
1329 #if defined(POLARSSL_AES_C)
1330 
1331 #if defined(POLARSSL_CIPHER_MODE_CBC)
1332 #if defined(POLARSSL_SHA256_C)
1333  { TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256",
1337  0 },
1338 #endif /* POLARSSL_SHA256_C */
1339 
1340 #if defined(POLARSSL_SHA512_C)
1341  { TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384",
1345  0 },
1346 #endif /* POLARSSL_SHA512_C */
1347 
1348 #if defined(POLARSSL_SHA1_C)
1349  { TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA",
1353  0 },
1354 
1355  { TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA, "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA",
1359  0 },
1360 #endif /* POLARSSL_SHA1_C */
1361 #endif /* POLARSSL_CIPHER_MODE_CBC */
1362 #endif /* POLARSSL_AES_C */
1363 
1364 #if defined(POLARSSL_CAMELLIA_C)
1365 #if defined(POLARSSL_CIPHER_MODE_CBC)
1366 #if defined(POLARSSL_SHA256_C)
1367  { TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
1371  0 },
1372 #endif /* POLARSSL_SHA256_C */
1373 
1374 #if defined(POLARSSL_SHA512_C)
1375  { TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
1379  0 },
1380 #endif /* POLARSSL_SHA512_C */
1381 #endif /* POLARSSL_CIPHER_MODE_CBC */
1382 #endif /* POLARSSL_CAMELLIA_C */
1383 
1384 #if defined(POLARSSL_DES_C)
1385 #if defined(POLARSSL_CIPHER_MODE_CBC)
1386 #if defined(POLARSSL_SHA1_C)
1387  { TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA",
1391  0 },
1392 #endif /* POLARSSL_SHA1_C */
1393 #endif /* POLARSSL_CIPHER_MODE_CBC */
1394 #endif /* POLARSSL_DES_C */
1395 
1396 #if defined(POLARSSL_ARC4_C)
1397 #if defined(POLARSSL_SHA1_C)
1398  { TLS_ECDHE_PSK_WITH_RC4_128_SHA, "TLS-ECDHE-PSK-WITH-RC4-128-SHA",
1402  0 },
1403 #endif /* POLARSSL_SHA1_C */
1404 #endif /* POLARSSL_ARC4_C */
1405 #endif /* POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
1406 
1407 #if defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED)
1408 #if defined(POLARSSL_AES_C)
1409 #if defined(POLARSSL_GCM_C)
1410 #if defined(POLARSSL_SHA256_C)
1411  { TLS_RSA_PSK_WITH_AES_128_GCM_SHA256, "TLS-RSA-PSK-WITH-AES-128-GCM-SHA256",
1415  0 },
1416 #endif /* POLARSSL_SHA256_C */
1417 
1418 #if defined(POLARSSL_SHA512_C)
1419  { TLS_RSA_PSK_WITH_AES_256_GCM_SHA384, "TLS-RSA-PSK-WITH-AES-256-GCM-SHA384",
1423  0 },
1424 #endif /* POLARSSL_SHA512_C */
1425 #endif /* POLARSSL_GCM_C */
1426 
1427 #if defined(POLARSSL_CIPHER_MODE_CBC)
1428 #if defined(POLARSSL_SHA256_C)
1429  { TLS_RSA_PSK_WITH_AES_128_CBC_SHA256, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA256",
1433  0 },
1434 #endif /* POLARSSL_SHA256_C */
1435 
1436 #if defined(POLARSSL_SHA512_C)
1437  { TLS_RSA_PSK_WITH_AES_256_CBC_SHA384, "TLS-RSA-PSK-WITH-AES-256-CBC-SHA384",
1441  0 },
1442 #endif /* POLARSSL_SHA512_C */
1443 
1444 #if defined(POLARSSL_SHA1_C)
1445  { TLS_RSA_PSK_WITH_AES_128_CBC_SHA, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA",
1449  0 },
1450 
1451  { TLS_RSA_PSK_WITH_AES_256_CBC_SHA, "TLS-RSA-PSK-WITH-AES-256-CBC-SHA",
1455  0 },
1456 #endif /* POLARSSL_SHA1_C */
1457 #endif /* POLARSSL_CIPHER_MODE_CBC */
1458 #endif /* POLARSSL_AES_C */
1459 
1460 #if defined(POLARSSL_CAMELLIA_C)
1461 #if defined(POLARSSL_CIPHER_MODE_CBC)
1462 #if defined(POLARSSL_SHA256_C)
1463  { TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256",
1467  0 },
1468 #endif /* POLARSSL_SHA256_C */
1469 
1470 #if defined(POLARSSL_SHA512_C)
1471  { TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384",
1475  0 },
1476 #endif /* POLARSSL_SHA512_C */
1477 #endif /* POLARSSL_CIPHER_MODE_CBC */
1478 
1479 #if defined(POLARSSL_GCM_C)
1480 #if defined(POLARSSL_SHA256_C)
1481  { TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256",
1485  0 },
1486 #endif /* POLARSSL_SHA256_C */
1487 
1488 #if defined(POLARSSL_SHA512_C)
1489  { TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384",
1493  0 },
1494 #endif /* POLARSSL_SHA512_C */
1495 #endif /* POLARSSL_GCM_C */
1496 #endif /* POLARSSL_CAMELLIA_C */
1497 
1498 #if defined(POLARSSL_DES_C)
1499 #if defined(POLARSSL_CIPHER_MODE_CBC)
1500 #if defined(POLARSSL_SHA1_C)
1501  { TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA",
1505  0 },
1506 #endif /* POLARSSL_SHA1_C */
1507 #endif /* POLARSSL_CIPHER_MODE_CBC */
1508 #endif /* POLARSSL_DES_C */
1509 
1510 #if defined(POLARSSL_ARC4_C)
1511 #if defined(POLARSSL_SHA1_C)
1512  { TLS_RSA_PSK_WITH_RC4_128_SHA, "TLS-RSA-PSK-WITH-RC4-128-SHA",
1516  0 },
1517 #endif /* POLARSSL_SHA1_C */
1518 #endif /* POLARSSL_ARC4_C */
1519 #endif /* POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED */
1520 
1521 #if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES)
1522 #if defined(POLARSSL_CIPHER_NULL_CIPHER)
1523 #if defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED)
1524 #if defined(POLARSSL_MD5_C)
1525  { TLS_RSA_WITH_NULL_MD5, "TLS-RSA-WITH-NULL-MD5",
1530 #endif
1531 
1532 #if defined(POLARSSL_SHA1_C)
1533  { TLS_RSA_WITH_NULL_SHA, "TLS-RSA-WITH-NULL-SHA",
1538 #endif
1539 
1540 #if defined(POLARSSL_SHA256_C)
1541  { TLS_RSA_WITH_NULL_SHA256, "TLS-RSA-WITH-NULL-SHA256",
1546 #endif
1547 #endif /* POLARSSL_KEY_EXCHANGE_RSA_ENABLED */
1548 
1549 #if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
1550 #if defined(POLARSSL_SHA1_C)
1551  { TLS_PSK_WITH_NULL_SHA, "TLS-PSK-WITH-NULL-SHA",
1556 #endif /* POLARSSL_SHA1_C */
1557 
1558 #if defined(POLARSSL_SHA256_C)
1559  { TLS_PSK_WITH_NULL_SHA256, "TLS-PSK-WITH-NULL-SHA256",
1564 #endif
1565 
1566 #if defined(POLARSSL_SHA512_C)
1567  { TLS_PSK_WITH_NULL_SHA384, "TLS-PSK-WITH-NULL-SHA384",
1572 #endif
1573 #endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED */
1574 
1575 #if defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED)
1576 #if defined(POLARSSL_SHA1_C)
1577  { TLS_DHE_PSK_WITH_NULL_SHA, "TLS-DHE-PSK-WITH-NULL-SHA",
1582 #endif /* POLARSSL_SHA1_C */
1583 
1584 #if defined(POLARSSL_SHA256_C)
1585  { TLS_DHE_PSK_WITH_NULL_SHA256, "TLS-DHE-PSK-WITH-NULL-SHA256",
1590 #endif
1591 
1592 #if defined(POLARSSL_SHA512_C)
1593  { TLS_DHE_PSK_WITH_NULL_SHA384, "TLS-DHE-PSK-WITH-NULL-SHA384",
1598 #endif
1599 #endif /* POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED */
1600 
1601 #if defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
1602 #if defined(POLARSSL_SHA1_C)
1603  { TLS_ECDHE_PSK_WITH_NULL_SHA, "TLS-ECDHE-PSK-WITH-NULL-SHA",
1608 #endif /* POLARSSL_SHA1_C */
1609 
1610 #if defined(POLARSSL_SHA256_C)
1611  { TLS_ECDHE_PSK_WITH_NULL_SHA256, "TLS-ECDHE-PSK-WITH-NULL-SHA256",
1616 #endif
1617 
1618 #if defined(POLARSSL_SHA512_C)
1619  { TLS_ECDHE_PSK_WITH_NULL_SHA384, "TLS-ECDHE-PSK-WITH-NULL-SHA384",
1624 #endif
1625 #endif /* POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
1626 
1627 #if defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED)
1628 #if defined(POLARSSL_SHA1_C)
1629  { TLS_RSA_PSK_WITH_NULL_SHA, "TLS-RSA-PSK-WITH-NULL-SHA",
1634 #endif /* POLARSSL_SHA1_C */
1635 
1636 #if defined(POLARSSL_SHA256_C)
1637  { TLS_RSA_PSK_WITH_NULL_SHA256, "TLS-RSA-PSK-WITH-NULL-SHA256",
1642 #endif
1643 
1644 #if defined(POLARSSL_SHA512_C)
1645  { TLS_RSA_PSK_WITH_NULL_SHA384, "TLS-RSA-PSK-WITH-NULL-SHA384",
1650 #endif
1651 #endif /* POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED */
1652 #endif /* POLARSSL_CIPHER_NULL_CIPHER */
1653 
1654 #if defined(POLARSSL_DES_C)
1655 #if defined(POLARSSL_CIPHER_MODE_CBC)
1656 #if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED)
1657 #if defined(POLARSSL_SHA1_C)
1658  { TLS_DHE_RSA_WITH_DES_CBC_SHA, "TLS-DHE-RSA-WITH-DES-CBC-SHA",
1663 #endif /* POLARSSL_SHA1_C */
1664 #endif /* POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED */
1665 
1666 #if defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED)
1667 #if defined(POLARSSL_SHA1_C)
1668  { TLS_RSA_WITH_DES_CBC_SHA, "TLS-RSA-WITH-DES-CBC-SHA",
1673 #endif /* POLARSSL_SHA1_C */
1674 #endif /* POLARSSL_KEY_EXCHANGE_RSA_ENABLED */
1675 #endif /* POLARSSL_CIPHER_MODE_CBC */
1676 #endif /* POLARSSL_DES_C */
1677 #endif /* POLARSSL_ENABLE_WEAK_CIPHERSUITES */
1678 
1679  { 0, "", 0, 0, 0, 0, 0, 0, 0, 0 }
1680 };
1681 
1682 #if defined(SSL_CIPHERSUITES)
1683 const int *ssl_list_ciphersuites( void )
1684 {
1685  return( ciphersuite_preference );
1686 }
1687 #else
1688 #define MAX_CIPHERSUITES sizeof( ciphersuite_definitions ) / \
1689  sizeof( ciphersuite_definitions[0] )
1690 static int supported_ciphersuites[MAX_CIPHERSUITES];
1691 static int supported_init = 0;
1692 
1693 const int *ssl_list_ciphersuites( void )
1694 {
1695  /*
1696  * On initial call filter out all ciphersuites not supported by current
1697  * build based on presence in the ciphersuite_definitions.
1698  */
1699  if( supported_init == 0 )
1700  {
1701  const int *p;
1702  int *q;
1703 
1704  for( p = ciphersuite_preference, q = supported_ciphersuites;
1705  *p != 0 && q < supported_ciphersuites + MAX_CIPHERSUITES - 1;
1706  p++ )
1707  {
1708 #if defined(POLARSSL_REMOVE_ARC4_CIPHERSUITES)
1709  const ssl_ciphersuite_t *cs_info;
1710  if( ( cs_info = ssl_ciphersuite_from_id( *p ) ) != NULL &&
1711  cs_info->cipher != POLARSSL_CIPHER_ARC4_128 )
1712 #else
1713  if( ssl_ciphersuite_from_id( *p ) != NULL )
1714 #endif
1715  *(q++) = *p;
1716  }
1717  *q = 0;
1718 
1719  supported_init = 1;
1720  }
1721 
1722  return( supported_ciphersuites );
1723 };
1724 #endif /* SSL_CIPHERSUITES */
1725 
1727  const char *ciphersuite_name )
1728 {
1729  const ssl_ciphersuite_t *cur = ciphersuite_definitions;
1730 
1731  if( NULL == ciphersuite_name )
1732  return( NULL );
1733 
1734  while( cur->id != 0 )
1735  {
1736  if( 0 == strcasecmp( cur->name, ciphersuite_name ) )
1737  return( cur );
1738 
1739  cur++;
1740  }
1741 
1742  return( NULL );
1743 }
1744 
1745 const ssl_ciphersuite_t *ssl_ciphersuite_from_id( int ciphersuite )
1746 {
1747  const ssl_ciphersuite_t *cur = ciphersuite_definitions;
1748 
1749  while( cur->id != 0 )
1750  {
1751  if( cur->id == ciphersuite )
1752  return( cur );
1753 
1754  cur++;
1755  }
1756 
1757  return( NULL );
1758 }
1759 
1760 const char *ssl_get_ciphersuite_name( const int ciphersuite_id )
1761 {
1762  const ssl_ciphersuite_t *cur;
1763 
1764  cur = ssl_ciphersuite_from_id( ciphersuite_id );
1765 
1766  if( cur == NULL )
1767  return( "unknown" );
1768 
1769  return( cur->name );
1770 }
1771 
1772 int ssl_get_ciphersuite_id( const char *ciphersuite_name )
1773 {
1774  const ssl_ciphersuite_t *cur;
1775 
1776  cur = ssl_ciphersuite_from_string( ciphersuite_name );
1777 
1778  if( cur == NULL )
1779  return( 0 );
1780 
1781  return( cur->id );
1782 }
1783 
1784 #if defined(POLARSSL_PK_C)
1786 {
1787  switch( info->key_exchange )
1788  {
1793  return( POLARSSL_PK_RSA );
1794 
1796  return( POLARSSL_PK_ECDSA );
1797 
1800  return( POLARSSL_PK_ECKEY );
1801 
1802  default:
1803  return( POLARSSL_PK_NONE );
1804  }
1805 }
1806 #endif /* POLARSSL_PK_C */
1807 
1808 #if defined(POLARSSL_ECDH_C) || defined(POLARSSL_ECDSA_C)
1809 int ssl_ciphersuite_uses_ec( const ssl_ciphersuite_t *info )
1810 {
1811  switch( info->key_exchange )
1812  {
1818  return( 1 );
1819 
1820  default:
1821  return( 0 );
1822  }
1823 }
1824 #endif /* POLARSSL_ECDH_C || POLARSSL_ECDSA_C */
1825 
1826 #if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
1828 {
1829  switch( info->key_exchange )
1830  {
1835  return( 1 );
1836 
1837  default:
1838  return( 0 );
1839  }
1840 }
1841 #endif /* POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED */
1842 
1843 #endif /* POLARSSL_SSL_TLS_C */