1 /***************************************************************************
2 * _ _ ____ _
3 * Project ___| | | | _ \| |
4 * / __| | | | |_) | |
5 * | (__| |_| | _ <| |___
6 * \___|\___/|_| \_\_____|
7 *
8 * Copyright (C) Jan Venekamp, <jan@venekamp.net>
9 *
10 * This software is licensed as described in the file COPYING, which
11 * you should have received as part of this distribution. The terms
12 * are also available at https://curl.se/docs/copyright.html.
13 *
14 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15 * copies of the Software, and permit persons to whom the Software is
16 * furnished to do so, under the terms of the COPYING file.
17 *
18 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19 * KIND, either express or implied.
20 *
21 * SPDX-License-Identifier: curl
22 *
23 ***************************************************************************/
24 #include "curl_setup.h"
25
26 #if defined(USE_SECTRANSP) || defined(USE_MBEDTLS) || \
27 defined(USE_BEARSSL) || defined(USE_RUSTLS)
28 #include "cipher_suite.h"
29 #include "curl_printf.h"
30 #include "strcase.h"
31 #include <string.h>
32
33 /*
34 * To support the CURLOPT_SSL_CIPHER_LIST option on SSL backends
35 * that do not support it natively, but do support setting a list of
36 * IANA ids, we need a list of all supported cipher suite names
37 * (OpenSSL and IANA) to be able to look up the IANA ids.
38 *
39 * To keep the binary size of this list down we compress each entry
40 * down to 2 + 6 bytes using the C preprocessor.
41 */
42
43 /*
44 * mbedTLS NOTE: mbedTLS has mbedtls_ssl_get_ciphersuite_id() to
45 * convert a string representation to an IANA id, we do not use that
46 * because it does not support "standard" OpenSSL cipher suite
47 * names, nor IANA names.
48 */
49
50 /* NOTE: also see tests/unit/unit3205.c */
51
52 /* Text for cipher suite parts (max 64 entries),
53 keep indexes below in sync with this! */
54 static const char *cs_txt =
55 "\0"
56 "TLS" "\0"
57 "WITH" "\0"
58 "128" "\0"
59 "256" "\0"
60 "3DES" "\0"
61 "8" "\0"
62 "AES" "\0"
63 "AES128" "\0"
64 "AES256" "\0"
65 "CBC" "\0"
66 "CBC3" "\0"
67 "CCM" "\0"
68 "CCM8" "\0"
69 "CHACHA20" "\0"
70 "DES" "\0"
71 "DHE" "\0"
72 "ECDH" "\0"
73 "ECDHE" "\0"
74 "ECDSA" "\0"
75 "EDE" "\0"
76 "GCM" "\0"
77 "MD5" "\0"
78 "NULL" "\0"
79 "POLY1305" "\0"
80 "PSK" "\0"
81 "RSA" "\0"
82 "SHA" "\0"
83 "SHA256" "\0"
84 "SHA384" "\0"
85 #if defined(USE_MBEDTLS)
86 "ARIA" "\0"
87 "ARIA128" "\0"
88 "ARIA256" "\0"
89 "CAMELLIA" "\0"
90 "CAMELLIA128" "\0"
91 "CAMELLIA256" "\0"
92 #endif
93 #if defined(USE_SECTRANSP)
94 "40" "\0"
95 "ADH" "\0"
96 "AECDH" "\0"
97 "anon" "\0"
98 "DES40" "\0"
99 "DH" "\0"
100 "DSS" "\0"
101 "EDH" "\0"
102 "EXP" "\0"
103 "EXPORT" "\0"
104 "IDEA" "\0"
105 "RC2" "\0"
106 "RC4" "\0"
107 #endif
108 ;
109 /* Indexes of above cs_txt */
110 enum {
111 CS_TXT_IDX_,
112 CS_TXT_IDX_TLS,
113 CS_TXT_IDX_WITH,
114 CS_TXT_IDX_128,
115 CS_TXT_IDX_256,
116 CS_TXT_IDX_3DES,
117 CS_TXT_IDX_8,
118 CS_TXT_IDX_AES,
119 CS_TXT_IDX_AES128,
120 CS_TXT_IDX_AES256,
121 CS_TXT_IDX_CBC,
122 CS_TXT_IDX_CBC3,
123 CS_TXT_IDX_CCM,
124 CS_TXT_IDX_CCM8,
125 CS_TXT_IDX_CHACHA20,
126 CS_TXT_IDX_DES,
127 CS_TXT_IDX_DHE,
128 CS_TXT_IDX_ECDH,
129 CS_TXT_IDX_ECDHE,
130 CS_TXT_IDX_ECDSA,
131 CS_TXT_IDX_EDE,
132 CS_TXT_IDX_GCM,
133 CS_TXT_IDX_MD5,
134 CS_TXT_IDX_NULL,
135 CS_TXT_IDX_POLY1305,
136 CS_TXT_IDX_PSK,
137 CS_TXT_IDX_RSA,
138 CS_TXT_IDX_SHA,
139 CS_TXT_IDX_SHA256,
140 CS_TXT_IDX_SHA384,
141 #if defined(USE_MBEDTLS)
142 CS_TXT_IDX_ARIA,
143 CS_TXT_IDX_ARIA128,
144 CS_TXT_IDX_ARIA256,
145 CS_TXT_IDX_CAMELLIA,
146 CS_TXT_IDX_CAMELLIA128,
147 CS_TXT_IDX_CAMELLIA256,
148 #endif
149 #if defined(USE_SECTRANSP)
150 CS_TXT_IDX_40,
151 CS_TXT_IDX_ADH,
152 CS_TXT_IDX_AECDH,
153 CS_TXT_IDX_anon,
154 CS_TXT_IDX_DES40,
155 CS_TXT_IDX_DH,
156 CS_TXT_IDX_DSS,
157 CS_TXT_IDX_EDH,
158 CS_TXT_IDX_EXP,
159 CS_TXT_IDX_EXPORT,
160 CS_TXT_IDX_IDEA,
161 CS_TXT_IDX_RC2,
162 CS_TXT_IDX_RC4,
163 #endif
164 CS_TXT_LEN,
165 };
166
167 #define CS_ZIP_IDX(a, b, c, d, e, f, g, h) \
168 { \
169 (uint8_t) ((((a) << 2) & 0xFF) | ((b) & 0x3F) >> 4), \
170 (uint8_t) ((((b) << 4) & 0xFF) | ((c) & 0x3F) >> 2), \
171 (uint8_t) ((((c) << 6) & 0xFF) | ((d) & 0x3F)), \
172 (uint8_t) ((((e) << 2) & 0xFF) | ((f) & 0x3F) >> 4), \
173 (uint8_t) ((((f) << 4) & 0xFF) | ((g) & 0x3F) >> 2), \
174 (uint8_t) ((((g) << 6) & 0xFF) | ((h) & 0x3F)) \
175 }
176 #define CS_ENTRY(id, a, b, c, d, e, f, g, h) \
177 { \
178 id, \
179 CS_ZIP_IDX( \
180 CS_TXT_IDX_ ## a, CS_TXT_IDX_ ## b, \
181 CS_TXT_IDX_ ## c, CS_TXT_IDX_ ## d, \
182 CS_TXT_IDX_ ## e, CS_TXT_IDX_ ## f, \
183 CS_TXT_IDX_ ## g, CS_TXT_IDX_ ## h \
184 ) \
185 }
186
187 struct cs_entry {
188 uint16_t id;
189 uint8_t zip[6];
190 };
191
192 /* !checksrc! disable COMMANOSPACE all */
193 static const struct cs_entry cs_list [] = {
194 /* TLS 1.3 ciphers */
195 #if defined(USE_SECTRANSP) || defined(USE_MBEDTLS) || defined(USE_RUSTLS)
196 CS_ENTRY(0x1301, TLS,AES,128,GCM,SHA256,,,),
197 CS_ENTRY(0x1302, TLS,AES,256,GCM,SHA384,,,),
198 CS_ENTRY(0x1303, TLS,CHACHA20,POLY1305,SHA256,,,,),
199 CS_ENTRY(0x1304, TLS,AES,128,CCM,SHA256,,,),
200 CS_ENTRY(0x1305, TLS,AES,128,CCM,8,SHA256,,),
201 #endif
202 /* TLS 1.2 ciphers */
203 CS_ENTRY(0xC02B, TLS,ECDHE,ECDSA,WITH,AES,128,GCM,SHA256),
204 CS_ENTRY(0xC02B, ECDHE,ECDSA,AES128,GCM,SHA256,,,),
205 CS_ENTRY(0xC02C, TLS,ECDHE,ECDSA,WITH,AES,256,GCM,SHA384),
206 CS_ENTRY(0xC02C, ECDHE,ECDSA,AES256,GCM,SHA384,,,),
207 CS_ENTRY(0xC02F, TLS,ECDHE,RSA,WITH,AES,128,GCM,SHA256),
208 CS_ENTRY(0xC02F, ECDHE,RSA,AES128,GCM,SHA256,,,),
209 CS_ENTRY(0xC030, TLS,ECDHE,RSA,WITH,AES,256,GCM,SHA384),
210 CS_ENTRY(0xC030, ECDHE,RSA,AES256,GCM,SHA384,,,),
211 CS_ENTRY(0xCCA8, TLS,ECDHE,RSA,WITH,CHACHA20,POLY1305,SHA256,),
212 CS_ENTRY(0xCCA8, ECDHE,RSA,CHACHA20,POLY1305,,,,),
213 CS_ENTRY(0xCCA9, TLS,ECDHE,ECDSA,WITH,CHACHA20,POLY1305,SHA256,),
214 CS_ENTRY(0xCCA9, ECDHE,ECDSA,CHACHA20,POLY1305,,,,),
215 #if defined(USE_SECTRANSP) || defined(USE_MBEDTLS) || defined(USE_BEARSSL)
216 CS_ENTRY(0x002F, TLS,RSA,WITH,AES,128,CBC,SHA,),
217 CS_ENTRY(0x002F, AES128,SHA,,,,,,),
218 CS_ENTRY(0x0035, TLS,RSA,WITH,AES,256,CBC,SHA,),
219 CS_ENTRY(0x0035, AES256,SHA,,,,,,),
220 CS_ENTRY(0x003C, TLS,RSA,WITH,AES,128,CBC,SHA256,),
221 CS_ENTRY(0x003C, AES128,SHA256,,,,,,),
222 CS_ENTRY(0x003D, TLS,RSA,WITH,AES,256,CBC,SHA256,),
223 CS_ENTRY(0x003D, AES256,SHA256,,,,,,),
224 CS_ENTRY(0x009C, TLS,RSA,WITH,AES,128,GCM,SHA256,),
225 CS_ENTRY(0x009C, AES128,GCM,SHA256,,,,,),
226 CS_ENTRY(0x009D, TLS,RSA,WITH,AES,256,GCM,SHA384,),
227 CS_ENTRY(0x009D, AES256,GCM,SHA384,,,,,),
228 CS_ENTRY(0xC004, TLS,ECDH,ECDSA,WITH,AES,128,CBC,SHA),
229 CS_ENTRY(0xC004, ECDH,ECDSA,AES128,SHA,,,,),
230 CS_ENTRY(0xC005, TLS,ECDH,ECDSA,WITH,AES,256,CBC,SHA),
231 CS_ENTRY(0xC005, ECDH,ECDSA,AES256,SHA,,,,),
232 CS_ENTRY(0xC009, TLS,ECDHE,ECDSA,WITH,AES,128,CBC,SHA),
233 CS_ENTRY(0xC009, ECDHE,ECDSA,AES128,SHA,,,,),
234 CS_ENTRY(0xC00A, TLS,ECDHE,ECDSA,WITH,AES,256,CBC,SHA),
235 CS_ENTRY(0xC00A, ECDHE,ECDSA,AES256,SHA,,,,),
236 CS_ENTRY(0xC00E, TLS,ECDH,RSA,WITH,AES,128,CBC,SHA),
237 CS_ENTRY(0xC00E, ECDH,RSA,AES128,SHA,,,,),
238 CS_ENTRY(0xC00F, TLS,ECDH,RSA,WITH,AES,256,CBC,SHA),
239 CS_ENTRY(0xC00F, ECDH,RSA,AES256,SHA,,,,),
240 CS_ENTRY(0xC013, TLS,ECDHE,RSA,WITH,AES,128,CBC,SHA),
241 CS_ENTRY(0xC013, ECDHE,RSA,AES128,SHA,,,,),
242 CS_ENTRY(0xC014, TLS,ECDHE,RSA,WITH,AES,256,CBC,SHA),
243 CS_ENTRY(0xC014, ECDHE,RSA,AES256,SHA,,,,),
244 CS_ENTRY(0xC023, TLS,ECDHE,ECDSA,WITH,AES,128,CBC,SHA256),
245 CS_ENTRY(0xC023, ECDHE,ECDSA,AES128,SHA256,,,,),
246 CS_ENTRY(0xC024, TLS,ECDHE,ECDSA,WITH,AES,256,CBC,SHA384),
247 CS_ENTRY(0xC024, ECDHE,ECDSA,AES256,SHA384,,,,),
248 CS_ENTRY(0xC025, TLS,ECDH,ECDSA,WITH,AES,128,CBC,SHA256),
249 CS_ENTRY(0xC025, ECDH,ECDSA,AES128,SHA256,,,,),
250 CS_ENTRY(0xC026, TLS,ECDH,ECDSA,WITH,AES,256,CBC,SHA384),
251 CS_ENTRY(0xC026, ECDH,ECDSA,AES256,SHA384,,,,),
252 CS_ENTRY(0xC027, TLS,ECDHE,RSA,WITH,AES,128,CBC,SHA256),
253 CS_ENTRY(0xC027, ECDHE,RSA,AES128,SHA256,,,,),
254 CS_ENTRY(0xC028, TLS,ECDHE,RSA,WITH,AES,256,CBC,SHA384),
255 CS_ENTRY(0xC028, ECDHE,RSA,AES256,SHA384,,,,),
256 CS_ENTRY(0xC029, TLS,ECDH,RSA,WITH,AES,128,CBC,SHA256),
257 CS_ENTRY(0xC029, ECDH,RSA,AES128,SHA256,,,,),
258 CS_ENTRY(0xC02A, TLS,ECDH,RSA,WITH,AES,256,CBC,SHA384),
259 CS_ENTRY(0xC02A, ECDH,RSA,AES256,SHA384,,,,),
260 CS_ENTRY(0xC02D, TLS,ECDH,ECDSA,WITH,AES,128,GCM,SHA256),
261 CS_ENTRY(0xC02D, ECDH,ECDSA,AES128,GCM,SHA256,,,),
262 CS_ENTRY(0xC02E, TLS,ECDH,ECDSA,WITH,AES,256,GCM,SHA384),
263 CS_ENTRY(0xC02E, ECDH,ECDSA,AES256,GCM,SHA384,,,),
264 CS_ENTRY(0xC031, TLS,ECDH,RSA,WITH,AES,128,GCM,SHA256),
265 CS_ENTRY(0xC031, ECDH,RSA,AES128,GCM,SHA256,,,),
266 CS_ENTRY(0xC032, TLS,ECDH,RSA,WITH,AES,256,GCM,SHA384),
267 CS_ENTRY(0xC032, ECDH,RSA,AES256,GCM,SHA384,,,),
268 #endif
269 #if defined(USE_SECTRANSP) || defined(USE_MBEDTLS)
270 CS_ENTRY(0x0001, TLS,RSA,WITH,NULL,MD5,,,),
271 CS_ENTRY(0x0001, NULL,MD5,,,,,,),
272 CS_ENTRY(0x0002, TLS,RSA,WITH,NULL,SHA,,,),
273 CS_ENTRY(0x0002, NULL,SHA,,,,,,),
274 CS_ENTRY(0x002C, TLS,PSK,WITH,NULL,SHA,,,),
275 CS_ENTRY(0x002C, PSK,NULL,SHA,,,,,),
276 CS_ENTRY(0x002D, TLS,DHE,PSK,WITH,NULL,SHA,,),
277 CS_ENTRY(0x002D, DHE,PSK,NULL,SHA,,,,),
278 CS_ENTRY(0x002E, TLS,RSA,PSK,WITH,NULL,SHA,,),
279 CS_ENTRY(0x002E, RSA,PSK,NULL,SHA,,,,),
280 CS_ENTRY(0x0033, TLS,DHE,RSA,WITH,AES,128,CBC,SHA),
281 CS_ENTRY(0x0033, DHE,RSA,AES128,SHA,,,,),
282 CS_ENTRY(0x0039, TLS,DHE,RSA,WITH,AES,256,CBC,SHA),
283 CS_ENTRY(0x0039, DHE,RSA,AES256,SHA,,,,),
284 CS_ENTRY(0x003B, TLS,RSA,WITH,NULL,SHA256,,,),
285 CS_ENTRY(0x003B, NULL,SHA256,,,,,,),
286 CS_ENTRY(0x0067, TLS,DHE,RSA,WITH,AES,128,CBC,SHA256),
287 CS_ENTRY(0x0067, DHE,RSA,AES128,SHA256,,,,),
288 CS_ENTRY(0x006B, TLS,DHE,RSA,WITH,AES,256,CBC,SHA256),
289 CS_ENTRY(0x006B, DHE,RSA,AES256,SHA256,,,,),
290 CS_ENTRY(0x008C, TLS,PSK,WITH,AES,128,CBC,SHA,),
291 CS_ENTRY(0x008C, PSK,AES128,CBC,SHA,,,,),
292 CS_ENTRY(0x008D, TLS,PSK,WITH,AES,256,CBC,SHA,),
293 CS_ENTRY(0x008D, PSK,AES256,CBC,SHA,,,,),
294 CS_ENTRY(0x0090, TLS,DHE,PSK,WITH,AES,128,CBC,SHA),
295 CS_ENTRY(0x0090, DHE,PSK,AES128,CBC,SHA,,,),
296 CS_ENTRY(0x0091, TLS,DHE,PSK,WITH,AES,256,CBC,SHA),
297 CS_ENTRY(0x0091, DHE,PSK,AES256,CBC,SHA,,,),
298 CS_ENTRY(0x0094, TLS,RSA,PSK,WITH,AES,128,CBC,SHA),
299 CS_ENTRY(0x0094, RSA,PSK,AES128,CBC,SHA,,,),
300 CS_ENTRY(0x0095, TLS,RSA,PSK,WITH,AES,256,CBC,SHA),
301 CS_ENTRY(0x0095, RSA,PSK,AES256,CBC,SHA,,,),
302 CS_ENTRY(0x009E, TLS,DHE,RSA,WITH,AES,128,GCM,SHA256),
303 CS_ENTRY(0x009E, DHE,RSA,AES128,GCM,SHA256,,,),
304 CS_ENTRY(0x009F, TLS,DHE,RSA,WITH,AES,256,GCM,SHA384),
305 CS_ENTRY(0x009F, DHE,RSA,AES256,GCM,SHA384,,,),
306 CS_ENTRY(0x00A8, TLS,PSK,WITH,AES,128,GCM,SHA256,),
307 CS_ENTRY(0x00A8, PSK,AES128,GCM,SHA256,,,,),
308 CS_ENTRY(0x00A9, TLS,PSK,WITH,AES,256,GCM,SHA384,),
309 CS_ENTRY(0x00A9, PSK,AES256,GCM,SHA384,,,,),
310 CS_ENTRY(0x00AA, TLS,DHE,PSK,WITH,AES,128,GCM,SHA256),
311 CS_ENTRY(0x00AA, DHE,PSK,AES128,GCM,SHA256,,,),
312 CS_ENTRY(0x00AB, TLS,DHE,PSK,WITH,AES,256,GCM,SHA384),
313 CS_ENTRY(0x00AB, DHE,PSK,AES256,GCM,SHA384,,,),
314 CS_ENTRY(0x00AC, TLS,RSA,PSK,WITH,AES,128,GCM,SHA256),
315 CS_ENTRY(0x00AC, RSA,PSK,AES128,GCM,SHA256,,,),
316 CS_ENTRY(0x00AD, TLS,RSA,PSK,WITH,AES,256,GCM,SHA384),
317 CS_ENTRY(0x00AD, RSA,PSK,AES256,GCM,SHA384,,,),
318 CS_ENTRY(0x00AE, TLS,PSK,WITH,AES,128,CBC,SHA256,),
319 CS_ENTRY(0x00AE, PSK,AES128,CBC,SHA256,,,,),
320 CS_ENTRY(0x00AF, TLS,PSK,WITH,AES,256,CBC,SHA384,),
321 CS_ENTRY(0x00AF, PSK,AES256,CBC,SHA384,,,,),
322 CS_ENTRY(0x00B0, TLS,PSK,WITH,NULL,SHA256,,,),
323 CS_ENTRY(0x00B0, PSK,NULL,SHA256,,,,,),
324 CS_ENTRY(0x00B1, TLS,PSK,WITH,NULL,SHA384,,,),
325 CS_ENTRY(0x00B1, PSK,NULL,SHA384,,,,,),
326 CS_ENTRY(0x00B2, TLS,DHE,PSK,WITH,AES,128,CBC,SHA256),
327 CS_ENTRY(0x00B2, DHE,PSK,AES128,CBC,SHA256,,,),
328 CS_ENTRY(0x00B3, TLS,DHE,PSK,WITH,AES,256,CBC,SHA384),
329 CS_ENTRY(0x00B3, DHE,PSK,AES256,CBC,SHA384,,,),
330 CS_ENTRY(0x00B4, TLS,DHE,PSK,WITH,NULL,SHA256,,),
331 CS_ENTRY(0x00B4, DHE,PSK,NULL,SHA256,,,,),
332 CS_ENTRY(0x00B5, TLS,DHE,PSK,WITH,NULL,SHA384,,),
333 CS_ENTRY(0x00B5, DHE,PSK,NULL,SHA384,,,,),
334 CS_ENTRY(0x00B6, TLS,RSA,PSK,WITH,AES,128,CBC,SHA256),
335 CS_ENTRY(0x00B6, RSA,PSK,AES128,CBC,SHA256,,,),
336 CS_ENTRY(0x00B7, TLS,RSA,PSK,WITH,AES,256,CBC,SHA384),
337 CS_ENTRY(0x00B7, RSA,PSK,AES256,CBC,SHA384,,,),
338 CS_ENTRY(0x00B8, TLS,RSA,PSK,WITH,NULL,SHA256,,),
339 CS_ENTRY(0x00B8, RSA,PSK,NULL,SHA256,,,,),
340 CS_ENTRY(0x00B9, TLS,RSA,PSK,WITH,NULL,SHA384,,),
341 CS_ENTRY(0x00B9, RSA,PSK,NULL,SHA384,,,,),
342 CS_ENTRY(0xC001, TLS,ECDH,ECDSA,WITH,NULL,SHA,,),
343 CS_ENTRY(0xC001, ECDH,ECDSA,NULL,SHA,,,,),
344 CS_ENTRY(0xC006, TLS,ECDHE,ECDSA,WITH,NULL,SHA,,),
345 CS_ENTRY(0xC006, ECDHE,ECDSA,NULL,SHA,,,,),
346 CS_ENTRY(0xC00B, TLS,ECDH,RSA,WITH,NULL,SHA,,),
347 CS_ENTRY(0xC00B, ECDH,RSA,NULL,SHA,,,,),
348 CS_ENTRY(0xC010, TLS,ECDHE,RSA,WITH,NULL,SHA,,),
349 CS_ENTRY(0xC010, ECDHE,RSA,NULL,SHA,,,,),
350 CS_ENTRY(0xC035, TLS,ECDHE,PSK,WITH,AES,128,CBC,SHA),
351 CS_ENTRY(0xC035, ECDHE,PSK,AES128,CBC,SHA,,,),
352 CS_ENTRY(0xC036, TLS,ECDHE,PSK,WITH,AES,256,CBC,SHA),
353 CS_ENTRY(0xC036, ECDHE,PSK,AES256,CBC,SHA,,,),
354 CS_ENTRY(0xCCAB, TLS,PSK,WITH,CHACHA20,POLY1305,SHA256,,),
355 CS_ENTRY(0xCCAB, PSK,CHACHA20,POLY1305,,,,,),
356 #endif
357 #if defined(USE_SECTRANSP) || defined(USE_BEARSSL)
358 CS_ENTRY(0x000A, TLS,RSA,WITH,3DES,EDE,CBC,SHA,),
359 CS_ENTRY(0x000A, DES,CBC3,SHA,,,,,),
360 CS_ENTRY(0xC003, TLS,ECDH,ECDSA,WITH,3DES,EDE,CBC,SHA),
361 CS_ENTRY(0xC003, ECDH,ECDSA,DES,CBC3,SHA,,,),
362 CS_ENTRY(0xC008, TLS,ECDHE,ECDSA,WITH,3DES,EDE,CBC,SHA),
363 CS_ENTRY(0xC008, ECDHE,ECDSA,DES,CBC3,SHA,,,),
364 CS_ENTRY(0xC00D, TLS,ECDH,RSA,WITH,3DES,EDE,CBC,SHA),
365 CS_ENTRY(0xC00D, ECDH,RSA,DES,CBC3,SHA,,,),
366 CS_ENTRY(0xC012, TLS,ECDHE,RSA,WITH,3DES,EDE,CBC,SHA),
367 CS_ENTRY(0xC012, ECDHE,RSA,DES,CBC3,SHA,,,),
368 #endif
369 #if defined(USE_MBEDTLS) || defined(USE_BEARSSL)
370 CS_ENTRY(0xC09C, TLS,RSA,WITH,AES,128,CCM,,),
371 CS_ENTRY(0xC09C, AES128,CCM,,,,,,),
372 CS_ENTRY(0xC09D, TLS,RSA,WITH,AES,256,CCM,,),
373 CS_ENTRY(0xC09D, AES256,CCM,,,,,,),
374 CS_ENTRY(0xC0A0, TLS,RSA,WITH,AES,128,CCM,8,),
375 CS_ENTRY(0xC0A0, AES128,CCM8,,,,,,),
376 CS_ENTRY(0xC0A1, TLS,RSA,WITH,AES,256,CCM,8,),
377 CS_ENTRY(0xC0A1, AES256,CCM8,,,,,,),
378 CS_ENTRY(0xC0AC, TLS,ECDHE,ECDSA,WITH,AES,128,CCM,),
379 CS_ENTRY(0xC0AC, ECDHE,ECDSA,AES128,CCM,,,,),
380 CS_ENTRY(0xC0AD, TLS,ECDHE,ECDSA,WITH,AES,256,CCM,),
381 CS_ENTRY(0xC0AD, ECDHE,ECDSA,AES256,CCM,,,,),
382 CS_ENTRY(0xC0AE, TLS,ECDHE,ECDSA,WITH,AES,128,CCM,8),
383 CS_ENTRY(0xC0AE, ECDHE,ECDSA,AES128,CCM8,,,,),
384 CS_ENTRY(0xC0AF, TLS,ECDHE,ECDSA,WITH,AES,256,CCM,8),
385 CS_ENTRY(0xC0AF, ECDHE,ECDSA,AES256,CCM8,,,,),
386 #endif
387 #if defined(USE_SECTRANSP)
388 /* entries marked bc are backward compatible aliases for old OpenSSL names */
389 CS_ENTRY(0x0003, TLS,RSA,EXPORT,WITH,RC4,40,MD5,),
390 CS_ENTRY(0x0003, EXP,RC4,MD5,,,,,),
391 CS_ENTRY(0x0004, TLS,RSA,WITH,RC4,128,MD5,,),
392 CS_ENTRY(0x0004, RC4,MD5,,,,,,),
393 CS_ENTRY(0x0005, TLS,RSA,WITH,RC4,128,SHA,,),
394 CS_ENTRY(0x0005, RC4,SHA,,,,,,),
395 CS_ENTRY(0x0006, TLS,RSA,EXPORT,WITH,RC2,CBC,40,MD5),
396 CS_ENTRY(0x0006, EXP,RC2,CBC,MD5,,,,),
397 CS_ENTRY(0x0007, TLS,RSA,WITH,IDEA,CBC,SHA,,),
398 CS_ENTRY(0x0007, IDEA,CBC,SHA,,,,,),
399 CS_ENTRY(0x0008, TLS,RSA,EXPORT,WITH,DES40,CBC,SHA,),
400 CS_ENTRY(0x0008, EXP,DES,CBC,SHA,,,,),
401 CS_ENTRY(0x0009, TLS,RSA,WITH,DES,CBC,SHA,,),
402 CS_ENTRY(0x0009, DES,CBC,SHA,,,,,),
403 CS_ENTRY(0x000B, TLS,DH,DSS,EXPORT,WITH,DES40,CBC,SHA),
404 CS_ENTRY(0x000B, EXP,DH,DSS,DES,CBC,SHA,,),
405 CS_ENTRY(0x000C, TLS,DH,DSS,WITH,DES,CBC,SHA,),
406 CS_ENTRY(0x000C, DH,DSS,DES,CBC,SHA,,,),
407 CS_ENTRY(0x000D, TLS,DH,DSS,WITH,3DES,EDE,CBC,SHA),
408 CS_ENTRY(0x000D, DH,DSS,DES,CBC3,SHA,,,),
409 CS_ENTRY(0x000E, TLS,DH,RSA,EXPORT,WITH,DES40,CBC,SHA),
410 CS_ENTRY(0x000E, EXP,DH,RSA,DES,CBC,SHA,,),
411 CS_ENTRY(0x000F, TLS,DH,RSA,WITH,DES,CBC,SHA,),
412 CS_ENTRY(0x000F, DH,RSA,DES,CBC,SHA,,,),
413 CS_ENTRY(0x0010, TLS,DH,RSA,WITH,3DES,EDE,CBC,SHA),
414 CS_ENTRY(0x0010, DH,RSA,DES,CBC3,SHA,,,),
415 CS_ENTRY(0x0011, TLS,DHE,DSS,EXPORT,WITH,DES40,CBC,SHA),
416 CS_ENTRY(0x0011, EXP,DHE,DSS,DES,CBC,SHA,,),
417 CS_ENTRY(0x0011, EXP,EDH,DSS,DES,CBC,SHA,,), /* bc */
418 CS_ENTRY(0x0012, TLS,DHE,DSS,WITH,DES,CBC,SHA,),
419 CS_ENTRY(0x0012, DHE,DSS,DES,CBC,SHA,,,),
420 CS_ENTRY(0x0012, EDH,DSS,DES,CBC,SHA,,,), /* bc */
421 CS_ENTRY(0x0013, TLS,DHE,DSS,WITH,3DES,EDE,CBC,SHA),
422 CS_ENTRY(0x0013, DHE,DSS,DES,CBC3,SHA,,,),
423 CS_ENTRY(0x0013, EDH,DSS,DES,CBC3,SHA,,,), /* bc */
424 CS_ENTRY(0x0014, TLS,DHE,RSA,EXPORT,WITH,DES40,CBC,SHA),
425 CS_ENTRY(0x0014, EXP,DHE,RSA,DES,CBC,SHA,,),
426 CS_ENTRY(0x0014, EXP,EDH,RSA,DES,CBC,SHA,,), /* bc */
427 CS_ENTRY(0x0015, TLS,DHE,RSA,WITH,DES,CBC,SHA,),
428 CS_ENTRY(0x0015, DHE,RSA,DES,CBC,SHA,,,),
429 CS_ENTRY(0x0015, EDH,RSA,DES,CBC,SHA,,,), /* bc */
430 CS_ENTRY(0x0016, TLS,DHE,RSA,WITH,3DES,EDE,CBC,SHA),
431 CS_ENTRY(0x0016, DHE,RSA,DES,CBC3,SHA,,,),
432 CS_ENTRY(0x0016, EDH,RSA,DES,CBC3,SHA,,,), /* bc */
433 CS_ENTRY(0x0017, TLS,DH,anon,EXPORT,WITH,RC4,40,MD5),
434 CS_ENTRY(0x0017, EXP,ADH,RC4,MD5,,,,),
435 CS_ENTRY(0x0018, TLS,DH,anon,WITH,RC4,128,MD5,),
436 CS_ENTRY(0x0018, ADH,RC4,MD5,,,,,),
437 CS_ENTRY(0x0019, TLS,DH,anon,EXPORT,WITH,DES40,CBC,SHA),
438 CS_ENTRY(0x0019, EXP,ADH,DES,CBC,SHA,,,),
439 CS_ENTRY(0x001A, TLS,DH,anon,WITH,DES,CBC,SHA,),
440 CS_ENTRY(0x001A, ADH,DES,CBC,SHA,,,,),
441 CS_ENTRY(0x001B, TLS,DH,anon,WITH,3DES,EDE,CBC,SHA),
442 CS_ENTRY(0x001B, ADH,DES,CBC3,SHA,,,,),
443 CS_ENTRY(0x0030, TLS,DH,DSS,WITH,AES,128,CBC,SHA),
444 CS_ENTRY(0x0030, DH,DSS,AES128,SHA,,,,),
445 CS_ENTRY(0x0031, TLS,DH,RSA,WITH,AES,128,CBC,SHA),
446 CS_ENTRY(0x0031, DH,RSA,AES128,SHA,,,,),
447 CS_ENTRY(0x0032, TLS,DHE,DSS,WITH,AES,128,CBC,SHA),
448 CS_ENTRY(0x0032, DHE,DSS,AES128,SHA,,,,),
449 CS_ENTRY(0x0034, TLS,DH,anon,WITH,AES,128,CBC,SHA),
450 CS_ENTRY(0x0034, ADH,AES128,SHA,,,,,),
451 CS_ENTRY(0x0036, TLS,DH,DSS,WITH,AES,256,CBC,SHA),
452 CS_ENTRY(0x0036, DH,DSS,AES256,SHA,,,,),
453 CS_ENTRY(0x0037, TLS,DH,RSA,WITH,AES,256,CBC,SHA),
454 CS_ENTRY(0x0037, DH,RSA,AES256,SHA,,,,),
455 CS_ENTRY(0x0038, TLS,DHE,DSS,WITH,AES,256,CBC,SHA),
456 CS_ENTRY(0x0038, DHE,DSS,AES256,SHA,,,,),
457 CS_ENTRY(0x003A, TLS,DH,anon,WITH,AES,256,CBC,SHA),
458 CS_ENTRY(0x003A, ADH,AES256,SHA,,,,,),
459 CS_ENTRY(0x003E, TLS,DH,DSS,WITH,AES,128,CBC,SHA256),
460 CS_ENTRY(0x003E, DH,DSS,AES128,SHA256,,,,),
461 CS_ENTRY(0x003F, TLS,DH,RSA,WITH,AES,128,CBC,SHA256),
462 CS_ENTRY(0x003F, DH,RSA,AES128,SHA256,,,,),
463 CS_ENTRY(0x0040, TLS,DHE,DSS,WITH,AES,128,CBC,SHA256),
464 CS_ENTRY(0x0040, DHE,DSS,AES128,SHA256,,,,),
465 CS_ENTRY(0x0068, TLS,DH,DSS,WITH,AES,256,CBC,SHA256),
466 CS_ENTRY(0x0068, DH,DSS,AES256,SHA256,,,,),
467 CS_ENTRY(0x0069, TLS,DH,RSA,WITH,AES,256,CBC,SHA256),
468 CS_ENTRY(0x0069, DH,RSA,AES256,SHA256,,,,),
469 CS_ENTRY(0x006A, TLS,DHE,DSS,WITH,AES,256,CBC,SHA256),
470 CS_ENTRY(0x006A, DHE,DSS,AES256,SHA256,,,,),
471 CS_ENTRY(0x006C, TLS,DH,anon,WITH,AES,128,CBC,SHA256),
472 CS_ENTRY(0x006C, ADH,AES128,SHA256,,,,,),
473 CS_ENTRY(0x006D, TLS,DH,anon,WITH,AES,256,CBC,SHA256),
474 CS_ENTRY(0x006D, ADH,AES256,SHA256,,,,,),
475 CS_ENTRY(0x008A, TLS,PSK,WITH,RC4,128,SHA,,),
476 CS_ENTRY(0x008A, PSK,RC4,SHA,,,,,),
477 CS_ENTRY(0x008B, TLS,PSK,WITH,3DES,EDE,CBC,SHA,),
478 CS_ENTRY(0x008B, PSK,3DES,EDE,CBC,SHA,,,),
479 CS_ENTRY(0x008E, TLS,DHE,PSK,WITH,RC4,128,SHA,),
480 CS_ENTRY(0x008E, DHE,PSK,RC4,SHA,,,,),
481 CS_ENTRY(0x008F, TLS,DHE,PSK,WITH,3DES,EDE,CBC,SHA),
482 CS_ENTRY(0x008F, DHE,PSK,3DES,EDE,CBC,SHA,,),
483 CS_ENTRY(0x0092, TLS,RSA,PSK,WITH,RC4,128,SHA,),
484 CS_ENTRY(0x0092, RSA,PSK,RC4,SHA,,,,),
485 CS_ENTRY(0x0093, TLS,RSA,PSK,WITH,3DES,EDE,CBC,SHA),
486 CS_ENTRY(0x0093, RSA,PSK,3DES,EDE,CBC,SHA,,),
487 CS_ENTRY(0x00A0, TLS,DH,RSA,WITH,AES,128,GCM,SHA256),
488 CS_ENTRY(0x00A0, DH,RSA,AES128,GCM,SHA256,,,),
489 CS_ENTRY(0x00A1, TLS,DH,RSA,WITH,AES,256,GCM,SHA384),
490 CS_ENTRY(0x00A1, DH,RSA,AES256,GCM,SHA384,,,),
491 CS_ENTRY(0x00A2, TLS,DHE,DSS,WITH,AES,128,GCM,SHA256),
492 CS_ENTRY(0x00A2, DHE,DSS,AES128,GCM,SHA256,,,),
493 CS_ENTRY(0x00A3, TLS,DHE,DSS,WITH,AES,256,GCM,SHA384),
494 CS_ENTRY(0x00A3, DHE,DSS,AES256,GCM,SHA384,,,),
495 CS_ENTRY(0x00A4, TLS,DH,DSS,WITH,AES,128,GCM,SHA256),
496 CS_ENTRY(0x00A4, DH,DSS,AES128,GCM,SHA256,,,),
497 CS_ENTRY(0x00A5, TLS,DH,DSS,WITH,AES,256,GCM,SHA384),
498 CS_ENTRY(0x00A5, DH,DSS,AES256,GCM,SHA384,,,),
499 CS_ENTRY(0x00A6, TLS,DH,anon,WITH,AES,128,GCM,SHA256),
500 CS_ENTRY(0x00A6, ADH,AES128,GCM,SHA256,,,,),
501 CS_ENTRY(0x00A7, TLS,DH,anon,WITH,AES,256,GCM,SHA384),
502 CS_ENTRY(0x00A7, ADH,AES256,GCM,SHA384,,,,),
503 CS_ENTRY(0xC002, TLS,ECDH,ECDSA,WITH,RC4,128,SHA,),
504 CS_ENTRY(0xC002, ECDH,ECDSA,RC4,SHA,,,,),
505 CS_ENTRY(0xC007, TLS,ECDHE,ECDSA,WITH,RC4,128,SHA,),
506 CS_ENTRY(0xC007, ECDHE,ECDSA,RC4,SHA,,,,),
507 CS_ENTRY(0xC00C, TLS,ECDH,RSA,WITH,RC4,128,SHA,),
508 CS_ENTRY(0xC00C, ECDH,RSA,RC4,SHA,,,,),
509 CS_ENTRY(0xC011, TLS,ECDHE,RSA,WITH,RC4,128,SHA,),
510 CS_ENTRY(0xC011, ECDHE,RSA,RC4,SHA,,,,),
511 CS_ENTRY(0xC015, TLS,ECDH,anon,WITH,NULL,SHA,,),
512 CS_ENTRY(0xC015, AECDH,NULL,SHA,,,,,),
513 CS_ENTRY(0xC016, TLS,ECDH,anon,WITH,RC4,128,SHA,),
514 CS_ENTRY(0xC016, AECDH,RC4,SHA,,,,,),
515 CS_ENTRY(0xC017, TLS,ECDH,anon,WITH,3DES,EDE,CBC,SHA),
516 CS_ENTRY(0xC017, AECDH,DES,CBC3,SHA,,,,),
517 CS_ENTRY(0xC018, TLS,ECDH,anon,WITH,AES,128,CBC,SHA),
518 CS_ENTRY(0xC018, AECDH,AES128,SHA,,,,,),
519 CS_ENTRY(0xC019, TLS,ECDH,anon,WITH,AES,256,CBC,SHA),
520 CS_ENTRY(0xC019, AECDH,AES256,SHA,,,,,),
521 #endif
522 #if defined(USE_MBEDTLS)
523 /* entries marked ns are "non-standard", they are not in OpenSSL */
524 CS_ENTRY(0x0041, TLS,RSA,WITH,CAMELLIA,128,CBC,SHA,),
525 CS_ENTRY(0x0041, CAMELLIA128,SHA,,,,,,),
526 CS_ENTRY(0x0045, TLS,DHE,RSA,WITH,CAMELLIA,128,CBC,SHA),
527 CS_ENTRY(0x0045, DHE,RSA,CAMELLIA128,SHA,,,,),
528 CS_ENTRY(0x0084, TLS,RSA,WITH,CAMELLIA,256,CBC,SHA,),
529 CS_ENTRY(0x0084, CAMELLIA256,SHA,,,,,,),
530 CS_ENTRY(0x0088, TLS,DHE,RSA,WITH,CAMELLIA,256,CBC,SHA),
531 CS_ENTRY(0x0088, DHE,RSA,CAMELLIA256,SHA,,,,),
532 CS_ENTRY(0x00BA, TLS,RSA,WITH,CAMELLIA,128,CBC,SHA256,),
533 CS_ENTRY(0x00BA, CAMELLIA128,SHA256,,,,,,),
534 CS_ENTRY(0x00BE, TLS,DHE,RSA,WITH,CAMELLIA,128,CBC,SHA256),
535 CS_ENTRY(0x00BE, DHE,RSA,CAMELLIA128,SHA256,,,,),
536 CS_ENTRY(0x00C0, TLS,RSA,WITH,CAMELLIA,256,CBC,SHA256,),
537 CS_ENTRY(0x00C0, CAMELLIA256,SHA256,,,,,,),
538 CS_ENTRY(0x00C4, TLS,DHE,RSA,WITH,CAMELLIA,256,CBC,SHA256),
539 CS_ENTRY(0x00C4, DHE,RSA,CAMELLIA256,SHA256,,,,),
540 CS_ENTRY(0xC037, TLS,ECDHE,PSK,WITH,AES,128,CBC,SHA256),
541 CS_ENTRY(0xC037, ECDHE,PSK,AES128,CBC,SHA256,,,),
542 CS_ENTRY(0xC038, TLS,ECDHE,PSK,WITH,AES,256,CBC,SHA384),
543 CS_ENTRY(0xC038, ECDHE,PSK,AES256,CBC,SHA384,,,),
544 CS_ENTRY(0xC039, TLS,ECDHE,PSK,WITH,NULL,SHA,,),
545 CS_ENTRY(0xC039, ECDHE,PSK,NULL,SHA,,,,),
546 CS_ENTRY(0xC03A, TLS,ECDHE,PSK,WITH,NULL,SHA256,,),
547 CS_ENTRY(0xC03A, ECDHE,PSK,NULL,SHA256,,,,),
548 CS_ENTRY(0xC03B, TLS,ECDHE,PSK,WITH,NULL,SHA384,,),
549 CS_ENTRY(0xC03B, ECDHE,PSK,NULL,SHA384,,,,),
550 CS_ENTRY(0xC03C, TLS,RSA,WITH,ARIA,128,CBC,SHA256,),
551 CS_ENTRY(0xC03C, ARIA128,SHA256,,,,,,), /* ns */
552 CS_ENTRY(0xC03D, TLS,RSA,WITH,ARIA,256,CBC,SHA384,),
553 CS_ENTRY(0xC03D, ARIA256,SHA384,,,,,,), /* ns */
554 CS_ENTRY(0xC044, TLS,DHE,RSA,WITH,ARIA,128,CBC,SHA256),
555 CS_ENTRY(0xC044, DHE,RSA,ARIA128,SHA256,,,,), /* ns */
556 CS_ENTRY(0xC045, TLS,DHE,RSA,WITH,ARIA,256,CBC,SHA384),
557 CS_ENTRY(0xC045, DHE,RSA,ARIA256,SHA384,,,,), /* ns */
558 CS_ENTRY(0xC048, TLS,ECDHE,ECDSA,WITH,ARIA,128,CBC,SHA256),
559 CS_ENTRY(0xC048, ECDHE,ECDSA,ARIA128,SHA256,,,,), /* ns */
560 CS_ENTRY(0xC049, TLS,ECDHE,ECDSA,WITH,ARIA,256,CBC,SHA384),
561 CS_ENTRY(0xC049, ECDHE,ECDSA,ARIA256,SHA384,,,,), /* ns */
562 CS_ENTRY(0xC04A, TLS,ECDH,ECDSA,WITH,ARIA,128,CBC,SHA256),
563 CS_ENTRY(0xC04A, ECDH,ECDSA,ARIA128,SHA256,,,,), /* ns */
564 CS_ENTRY(0xC04B, TLS,ECDH,ECDSA,WITH,ARIA,256,CBC,SHA384),
565 CS_ENTRY(0xC04B, ECDH,ECDSA,ARIA256,SHA384,,,,), /* ns */
566 CS_ENTRY(0xC04C, TLS,ECDHE,RSA,WITH,ARIA,128,CBC,SHA256),
567 CS_ENTRY(0xC04C, ECDHE,ARIA128,SHA256,,,,,), /* ns */
568 CS_ENTRY(0xC04D, TLS,ECDHE,RSA,WITH,ARIA,256,CBC,SHA384),
569 CS_ENTRY(0xC04D, ECDHE,ARIA256,SHA384,,,,,), /* ns */
570 CS_ENTRY(0xC04E, TLS,ECDH,RSA,WITH,ARIA,128,CBC,SHA256),
571 CS_ENTRY(0xC04E, ECDH,ARIA128,SHA256,,,,,), /* ns */
572 CS_ENTRY(0xC04F, TLS,ECDH,RSA,WITH,ARIA,256,CBC,SHA384),
573 CS_ENTRY(0xC04F, ECDH,ARIA256,SHA384,,,,,), /* ns */
574 CS_ENTRY(0xC050, TLS,RSA,WITH,ARIA,128,GCM,SHA256,),
575 CS_ENTRY(0xC050, ARIA128,GCM,SHA256,,,,,),
576 CS_ENTRY(0xC051, TLS,RSA,WITH,ARIA,256,GCM,SHA384,),
577 CS_ENTRY(0xC051, ARIA256,GCM,SHA384,,,,,),
578 CS_ENTRY(0xC052, TLS,DHE,RSA,WITH,ARIA,128,GCM,SHA256),
579 CS_ENTRY(0xC052, DHE,RSA,ARIA128,GCM,SHA256,,,),
580 CS_ENTRY(0xC053, TLS,DHE,RSA,WITH,ARIA,256,GCM,SHA384),
581 CS_ENTRY(0xC053, DHE,RSA,ARIA256,GCM,SHA384,,,),
582 CS_ENTRY(0xC05C, TLS,ECDHE,ECDSA,WITH,ARIA,128,GCM,SHA256),
583 CS_ENTRY(0xC05C, ECDHE,ECDSA,ARIA128,GCM,SHA256,,,),
584 CS_ENTRY(0xC05D, TLS,ECDHE,ECDSA,WITH,ARIA,256,GCM,SHA384),
585 CS_ENTRY(0xC05D, ECDHE,ECDSA,ARIA256,GCM,SHA384,,,),
586 CS_ENTRY(0xC05E, TLS,ECDH,ECDSA,WITH,ARIA,128,GCM,SHA256),
587 CS_ENTRY(0xC05E, ECDH,ECDSA,ARIA128,GCM,SHA256,,,), /* ns */
588 CS_ENTRY(0xC05F, TLS,ECDH,ECDSA,WITH,ARIA,256,GCM,SHA384),
589 CS_ENTRY(0xC05F, ECDH,ECDSA,ARIA256,GCM,SHA384,,,), /* ns */
590 CS_ENTRY(0xC060, TLS,ECDHE,RSA,WITH,ARIA,128,GCM,SHA256),
591 CS_ENTRY(0xC060, ECDHE,ARIA128,GCM,SHA256,,,,),
592 CS_ENTRY(0xC061, TLS,ECDHE,RSA,WITH,ARIA,256,GCM,SHA384),
593 CS_ENTRY(0xC061, ECDHE,ARIA256,GCM,SHA384,,,,),
594 CS_ENTRY(0xC062, TLS,ECDH,RSA,WITH,ARIA,128,GCM,SHA256),
595 CS_ENTRY(0xC062, ECDH,ARIA128,GCM,SHA256,,,,), /* ns */
596 CS_ENTRY(0xC063, TLS,ECDH,RSA,WITH,ARIA,256,GCM,SHA384),
597 CS_ENTRY(0xC063, ECDH,ARIA256,GCM,SHA384,,,,), /* ns */
598 CS_ENTRY(0xC064, TLS,PSK,WITH,ARIA,128,CBC,SHA256,),
599 CS_ENTRY(0xC064, PSK,ARIA128,SHA256,,,,,), /* ns */
600 CS_ENTRY(0xC065, TLS,PSK,WITH,ARIA,256,CBC,SHA384,),
601 CS_ENTRY(0xC065, PSK,ARIA256,SHA384,,,,,), /* ns */
602 CS_ENTRY(0xC066, TLS,DHE,PSK,WITH,ARIA,128,CBC,SHA256),
603 CS_ENTRY(0xC066, DHE,PSK,ARIA128,SHA256,,,,), /* ns */
604 CS_ENTRY(0xC067, TLS,DHE,PSK,WITH,ARIA,256,CBC,SHA384),
605 CS_ENTRY(0xC067, DHE,PSK,ARIA256,SHA384,,,,), /* ns */
606 CS_ENTRY(0xC068, TLS,RSA,PSK,WITH,ARIA,128,CBC,SHA256),
607 CS_ENTRY(0xC068, RSA,PSK,ARIA128,SHA256,,,,), /* ns */
608 CS_ENTRY(0xC069, TLS,RSA,PSK,WITH,ARIA,256,CBC,SHA384),
609 CS_ENTRY(0xC069, RSA,PSK,ARIA256,SHA384,,,,), /* ns */
610 CS_ENTRY(0xC06A, TLS,PSK,WITH,ARIA,128,GCM,SHA256,),
611 CS_ENTRY(0xC06A, PSK,ARIA128,GCM,SHA256,,,,),
612 CS_ENTRY(0xC06B, TLS,PSK,WITH,ARIA,256,GCM,SHA384,),
613 CS_ENTRY(0xC06B, PSK,ARIA256,GCM,SHA384,,,,),
614 CS_ENTRY(0xC06C, TLS,DHE,PSK,WITH,ARIA,128,GCM,SHA256),
615 CS_ENTRY(0xC06C, DHE,PSK,ARIA128,GCM,SHA256,,,),
616 CS_ENTRY(0xC06D, TLS,DHE,PSK,WITH,ARIA,256,GCM,SHA384),
617 CS_ENTRY(0xC06D, DHE,PSK,ARIA256,GCM,SHA384,,,),
618 CS_ENTRY(0xC06E, TLS,RSA,PSK,WITH,ARIA,128,GCM,SHA256),
619 CS_ENTRY(0xC06E, RSA,PSK,ARIA128,GCM,SHA256,,,),
620 CS_ENTRY(0xC06F, TLS,RSA,PSK,WITH,ARIA,256,GCM,SHA384),
621 CS_ENTRY(0xC06F, RSA,PSK,ARIA256,GCM,SHA384,,,),
622 CS_ENTRY(0xC070, TLS,ECDHE,PSK,WITH,ARIA,128,CBC,SHA256),
623 CS_ENTRY(0xC070, ECDHE,PSK,ARIA128,SHA256,,,,), /* ns */
624 CS_ENTRY(0xC071, TLS,ECDHE,PSK,WITH,ARIA,256,CBC,SHA384),
625 CS_ENTRY(0xC071, ECDHE,PSK,ARIA256,SHA384,,,,), /* ns */
626 CS_ENTRY(0xC072, TLS,ECDHE,ECDSA,WITH,CAMELLIA,128,CBC,SHA256),
627 CS_ENTRY(0xC072, ECDHE,ECDSA,CAMELLIA128,SHA256,,,,),
628 CS_ENTRY(0xC073, TLS,ECDHE,ECDSA,WITH,CAMELLIA,256,CBC,SHA384),
629 CS_ENTRY(0xC073, ECDHE,ECDSA,CAMELLIA256,SHA384,,,,),
630 CS_ENTRY(0xC074, TLS,ECDH,ECDSA,WITH,CAMELLIA,128,CBC,SHA256),
631 CS_ENTRY(0xC074, ECDH,ECDSA,CAMELLIA128,SHA256,,,,), /* ns */
632 CS_ENTRY(0xC075, TLS,ECDH,ECDSA,WITH,CAMELLIA,256,CBC,SHA384),
633 CS_ENTRY(0xC075, ECDH,ECDSA,CAMELLIA256,SHA384,,,,), /* ns */
634 CS_ENTRY(0xC076, TLS,ECDHE,RSA,WITH,CAMELLIA,128,CBC,SHA256),
635 CS_ENTRY(0xC076, ECDHE,RSA,CAMELLIA128,SHA256,,,,),
636 CS_ENTRY(0xC077, TLS,ECDHE,RSA,WITH,CAMELLIA,256,CBC,SHA384),
637 CS_ENTRY(0xC077, ECDHE,RSA,CAMELLIA256,SHA384,,,,),
638 CS_ENTRY(0xC078, TLS,ECDH,RSA,WITH,CAMELLIA,128,CBC,SHA256),
639 CS_ENTRY(0xC078, ECDH,CAMELLIA128,SHA256,,,,,), /* ns */
640 CS_ENTRY(0xC079, TLS,ECDH,RSA,WITH,CAMELLIA,256,CBC,SHA384),
641 CS_ENTRY(0xC079, ECDH,CAMELLIA256,SHA384,,,,,), /* ns */
642 CS_ENTRY(0xC07A, TLS,RSA,WITH,CAMELLIA,128,GCM,SHA256,),
643 CS_ENTRY(0xC07A, CAMELLIA128,GCM,SHA256,,,,,), /* ns */
644 CS_ENTRY(0xC07B, TLS,RSA,WITH,CAMELLIA,256,GCM,SHA384,),
645 CS_ENTRY(0xC07B, CAMELLIA256,GCM,SHA384,,,,,), /* ns */
646 CS_ENTRY(0xC07C, TLS,DHE,RSA,WITH,CAMELLIA,128,GCM,SHA256),
647 CS_ENTRY(0xC07C, DHE,RSA,CAMELLIA128,GCM,SHA256,,,), /* ns */
648 CS_ENTRY(0xC07D, TLS,DHE,RSA,WITH,CAMELLIA,256,GCM,SHA384),
649 CS_ENTRY(0xC07D, DHE,RSA,CAMELLIA256,GCM,SHA384,,,), /* ns */
650 CS_ENTRY(0xC086, TLS,ECDHE,ECDSA,WITH,CAMELLIA,128,GCM,SHA256),
651 CS_ENTRY(0xC086, ECDHE,ECDSA,CAMELLIA128,GCM,SHA256,,,), /* ns */
652 CS_ENTRY(0xC087, TLS,ECDHE,ECDSA,WITH,CAMELLIA,256,GCM,SHA384),
653 CS_ENTRY(0xC087, ECDHE,ECDSA,CAMELLIA256,GCM,SHA384,,,), /* ns */
654 CS_ENTRY(0xC088, TLS,ECDH,ECDSA,WITH,CAMELLIA,128,GCM,SHA256),
655 CS_ENTRY(0xC088, ECDH,ECDSA,CAMELLIA128,GCM,SHA256,,,), /* ns */
656 CS_ENTRY(0xC089, TLS,ECDH,ECDSA,WITH,CAMELLIA,256,GCM,SHA384),
657 CS_ENTRY(0xC089, ECDH,ECDSA,CAMELLIA256,GCM,SHA384,,,), /* ns */
658 CS_ENTRY(0xC08A, TLS,ECDHE,RSA,WITH,CAMELLIA,128,GCM,SHA256),
659 CS_ENTRY(0xC08A, ECDHE,CAMELLIA128,GCM,SHA256,,,,), /* ns */
660 CS_ENTRY(0xC08B, TLS,ECDHE,RSA,WITH,CAMELLIA,256,GCM,SHA384),
661 CS_ENTRY(0xC08B, ECDHE,CAMELLIA256,GCM,SHA384,,,,), /* ns */
662 CS_ENTRY(0xC08C, TLS,ECDH,RSA,WITH,CAMELLIA,128,GCM,SHA256),
663 CS_ENTRY(0xC08C, ECDH,CAMELLIA128,GCM,SHA256,,,,), /* ns */
664 CS_ENTRY(0xC08D, TLS,ECDH,RSA,WITH,CAMELLIA,256,GCM,SHA384),
665 CS_ENTRY(0xC08D, ECDH,CAMELLIA256,GCM,SHA384,,,,), /* ns */
666 CS_ENTRY(0xC08E, TLS,PSK,WITH,CAMELLIA,128,GCM,SHA256,),
667 CS_ENTRY(0xC08E, PSK,CAMELLIA128,GCM,SHA256,,,,), /* ns */
668 CS_ENTRY(0xC08F, TLS,PSK,WITH,CAMELLIA,256,GCM,SHA384,),
669 CS_ENTRY(0xC08F, PSK,CAMELLIA256,GCM,SHA384,,,,), /* ns */
670 CS_ENTRY(0xC090, TLS,DHE,PSK,WITH,CAMELLIA,128,GCM,SHA256),
671 CS_ENTRY(0xC090, DHE,PSK,CAMELLIA128,GCM,SHA256,,,), /* ns */
672 CS_ENTRY(0xC091, TLS,DHE,PSK,WITH,CAMELLIA,256,GCM,SHA384),
673 CS_ENTRY(0xC091, DHE,PSK,CAMELLIA256,GCM,SHA384,,,), /* ns */
674 CS_ENTRY(0xC092, TLS,RSA,PSK,WITH,CAMELLIA,128,GCM,SHA256),
675 CS_ENTRY(0xC092, RSA,PSK,CAMELLIA128,GCM,SHA256,,,), /* ns */
676 CS_ENTRY(0xC093, TLS,RSA,PSK,WITH,CAMELLIA,256,GCM,SHA384),
677 CS_ENTRY(0xC093, RSA,PSK,CAMELLIA256,GCM,SHA384,,,), /* ns */
678 CS_ENTRY(0xC094, TLS,PSK,WITH,CAMELLIA,128,CBC,SHA256,),
679 CS_ENTRY(0xC094, PSK,CAMELLIA128,SHA256,,,,,),
680 CS_ENTRY(0xC095, TLS,PSK,WITH,CAMELLIA,256,CBC,SHA384,),
681 CS_ENTRY(0xC095, PSK,CAMELLIA256,SHA384,,,,,),
682 CS_ENTRY(0xC096, TLS,DHE,PSK,WITH,CAMELLIA,128,CBC,SHA256),
683 CS_ENTRY(0xC096, DHE,PSK,CAMELLIA128,SHA256,,,,),
684 CS_ENTRY(0xC097, TLS,DHE,PSK,WITH,CAMELLIA,256,CBC,SHA384),
685 CS_ENTRY(0xC097, DHE,PSK,CAMELLIA256,SHA384,,,,),
686 CS_ENTRY(0xC098, TLS,RSA,PSK,WITH,CAMELLIA,128,CBC,SHA256),
687 CS_ENTRY(0xC098, RSA,PSK,CAMELLIA128,SHA256,,,,),
688 CS_ENTRY(0xC099, TLS,RSA,PSK,WITH,CAMELLIA,256,CBC,SHA384),
689 CS_ENTRY(0xC099, RSA,PSK,CAMELLIA256,SHA384,,,,),
690 CS_ENTRY(0xC09A, TLS,ECDHE,PSK,WITH,CAMELLIA,128,CBC,SHA256),
691 CS_ENTRY(0xC09A, ECDHE,PSK,CAMELLIA128,SHA256,,,,),
692 CS_ENTRY(0xC09B, TLS,ECDHE,PSK,WITH,CAMELLIA,256,CBC,SHA384),
693 CS_ENTRY(0xC09B, ECDHE,PSK,CAMELLIA256,SHA384,,,,),
694 CS_ENTRY(0xC09E, TLS,DHE,RSA,WITH,AES,128,CCM,),
695 CS_ENTRY(0xC09E, DHE,RSA,AES128,CCM,,,,),
696 CS_ENTRY(0xC09F, TLS,DHE,RSA,WITH,AES,256,CCM,),
697 CS_ENTRY(0xC09F, DHE,RSA,AES256,CCM,,,,),
698 CS_ENTRY(0xC0A2, TLS,DHE,RSA,WITH,AES,128,CCM,8),
699 CS_ENTRY(0xC0A2, DHE,RSA,AES128,CCM8,,,,),
700 CS_ENTRY(0xC0A3, TLS,DHE,RSA,WITH,AES,256,CCM,8),
701 CS_ENTRY(0xC0A3, DHE,RSA,AES256,CCM8,,,,),
702 CS_ENTRY(0xC0A4, TLS,PSK,WITH,AES,128,CCM,,),
703 CS_ENTRY(0xC0A4, PSK,AES128,CCM,,,,,),
704 CS_ENTRY(0xC0A5, TLS,PSK,WITH,AES,256,CCM,,),
705 CS_ENTRY(0xC0A5, PSK,AES256,CCM,,,,,),
706 CS_ENTRY(0xC0A6, TLS,DHE,PSK,WITH,AES,128,CCM,),
707 CS_ENTRY(0xC0A6, DHE,PSK,AES128,CCM,,,,),
708 CS_ENTRY(0xC0A7, TLS,DHE,PSK,WITH,AES,256,CCM,),
709 CS_ENTRY(0xC0A7, DHE,PSK,AES256,CCM,,,,),
710 CS_ENTRY(0xC0A8, TLS,PSK,WITH,AES,128,CCM,8,),
711 CS_ENTRY(0xC0A8, PSK,AES128,CCM8,,,,,),
712 CS_ENTRY(0xC0A9, TLS,PSK,WITH,AES,256,CCM,8,),
713 CS_ENTRY(0xC0A9, PSK,AES256,CCM8,,,,,),
714 CS_ENTRY(0xC0AA, TLS,PSK,DHE,WITH,AES,128,CCM,8),
715 CS_ENTRY(0xC0AA, DHE,PSK,AES128,CCM8,,,,),
716 CS_ENTRY(0xC0AB, TLS,PSK,DHE,WITH,AES,256,CCM,8),
717 CS_ENTRY(0xC0AB, DHE,PSK,AES256,CCM8,,,,),
718 CS_ENTRY(0xCCAA, TLS,DHE,RSA,WITH,CHACHA20,POLY1305,SHA256,),
719 CS_ENTRY(0xCCAA, DHE,RSA,CHACHA20,POLY1305,,,,),
720 CS_ENTRY(0xCCAC, TLS,ECDHE,PSK,WITH,CHACHA20,POLY1305,SHA256,),
721 CS_ENTRY(0xCCAC, ECDHE,PSK,CHACHA20,POLY1305,,,,),
722 CS_ENTRY(0xCCAD, TLS,DHE,PSK,WITH,CHACHA20,POLY1305,SHA256,),
723 CS_ENTRY(0xCCAD, DHE,PSK,CHACHA20,POLY1305,,,,),
724 CS_ENTRY(0xCCAE, TLS,RSA,PSK,WITH,CHACHA20,POLY1305,SHA256,),
725 CS_ENTRY(0xCCAE, RSA,PSK,CHACHA20,POLY1305,,,,),
726 #endif
727 };
728 #define CS_LIST_LEN (sizeof(cs_list) / sizeof(cs_list[0]))
729
cs_str_to_zip(const char * cs_str,size_t cs_len,uint8_t zip[6])730 static int cs_str_to_zip(const char *cs_str, size_t cs_len,
731 uint8_t zip[6])
732 {
733 uint8_t indexes[8] = {0};
734 const char *entry, *cur;
735 const char *nxt = cs_str;
736 const char *end = cs_str + cs_len;
737 char separator = '-';
738 int idx, i = 0;
739 size_t len;
740
741 /* split the cipher string by '-' or '_' */
742 if(strncasecompare(cs_str, "TLS", 3))
743 separator = '_';
744
745 do {
746 if(i == 8)
747 return -1;
748
749 /* determine the length of the part */
750 cur = nxt;
751 for(; nxt < end && *nxt != '\0' && *nxt != separator; nxt++);
752 len = nxt - cur;
753
754 /* lookup index for the part (skip empty string at 0) */
755 for(idx = 1, entry = cs_txt + 1; idx < CS_TXT_LEN; idx++) {
756 size_t elen = strlen(entry);
757 if(elen == len && strncasecompare(entry, cur, len))
758 break;
759 entry += elen + 1;
760 }
761 if(idx == CS_TXT_LEN)
762 return -1;
763
764 indexes[i++] = (uint8_t) idx;
765 } while(nxt < end && *(nxt++) != '\0');
766
767 /* zip the 8 indexes into 48 bits */
768 zip[0] = (uint8_t) (indexes[0] << 2 | (indexes[1] & 0x3F) >> 4);
769 zip[1] = (uint8_t) (indexes[1] << 4 | (indexes[2] & 0x3F) >> 2);
770 zip[2] = (uint8_t) (indexes[2] << 6 | (indexes[3] & 0x3F));
771 zip[3] = (uint8_t) (indexes[4] << 2 | (indexes[5] & 0x3F) >> 4);
772 zip[4] = (uint8_t) (indexes[5] << 4 | (indexes[6] & 0x3F) >> 2);
773 zip[5] = (uint8_t) (indexes[6] << 6 | (indexes[7] & 0x3F));
774
775 return 0;
776 }
777
cs_zip_to_str(const uint8_t zip[6],char * buf,size_t buf_size)778 static int cs_zip_to_str(const uint8_t zip[6],
779 char *buf, size_t buf_size)
780 {
781 uint8_t indexes[8] = {0};
782 const char *entry;
783 char separator = '-';
784 int idx, i, r;
785 size_t len = 0;
786
787 /* unzip the 8 indexes */
788 indexes[0] = zip[0] >> 2;
789 indexes[1] = ((zip[0] << 4) & 0x3F) | zip[1] >> 4;
790 indexes[2] = ((zip[1] << 2) & 0x3F) | zip[2] >> 6;
791 indexes[3] = ((zip[2] << 0) & 0x3F);
792 indexes[4] = zip[3] >> 2;
793 indexes[5] = ((zip[3] << 4) & 0x3F) | zip[4] >> 4;
794 indexes[6] = ((zip[4] << 2) & 0x3F) | zip[5] >> 6;
795 indexes[7] = ((zip[5] << 0) & 0x3F);
796
797 if(indexes[0] == CS_TXT_IDX_TLS)
798 separator = '_';
799
800 for(i = 0; i < 8 && indexes[i] != 0 && len < buf_size; i++) {
801 if(indexes[i] >= CS_TXT_LEN)
802 return -1;
803
804 /* lookup the part string for the index (skip empty string at 0) */
805 for(idx = 1, entry = cs_txt + 1; idx < indexes[i]; idx++) {
806 size_t elen = strlen(entry);
807 entry += elen + 1;
808 }
809
810 /* append the part string to the buffer */
811 if(i > 0)
812 r = msnprintf(&buf[len], buf_size - len, "%c%s", separator, entry);
813 else
814 r = msnprintf(&buf[len], buf_size - len, "%s", entry);
815
816 if(r < 0)
817 return -1;
818 len += r;
819 }
820
821 return 0;
822 }
823
Curl_cipher_suite_lookup_id(const char * cs_str,size_t cs_len)824 uint16_t Curl_cipher_suite_lookup_id(const char *cs_str, size_t cs_len)
825 {
826 size_t i;
827 uint8_t zip[6];
828
829 if(cs_len > 0 && cs_str_to_zip(cs_str, cs_len, zip) == 0) {
830 for(i = 0; i < CS_LIST_LEN; i++) {
831 if(memcmp(cs_list[i].zip, zip, sizeof(zip)) == 0)
832 return cs_list[i].id;
833 }
834 }
835
836 return 0;
837 }
838
cs_is_separator(char c)839 static bool cs_is_separator(char c)
840 {
841 switch(c) {
842 case ' ':
843 case '\t':
844 case ':':
845 case ',':
846 case ';':
847 return TRUE;
848 default:;
849 }
850 return FALSE;
851 }
852
Curl_cipher_suite_walk_str(const char ** str,const char ** end)853 uint16_t Curl_cipher_suite_walk_str(const char **str, const char **end)
854 {
855 /* move string pointer to first non-separator or end of string */
856 for(; cs_is_separator(*str[0]); (*str)++);
857
858 /* move end pointer to next separator or end of string */
859 for(*end = *str; *end[0] != '\0' && !cs_is_separator(*end[0]); (*end)++);
860
861 return Curl_cipher_suite_lookup_id(*str, *end - *str);
862 }
863
Curl_cipher_suite_get_str(uint16_t id,char * buf,size_t buf_size,bool prefer_rfc)864 int Curl_cipher_suite_get_str(uint16_t id, char *buf, size_t buf_size,
865 bool prefer_rfc)
866 {
867 size_t i, j = CS_LIST_LEN;
868 int r = -1;
869
870 for(i = 0; i < CS_LIST_LEN; i++) {
871 if(cs_list[i].id != id)
872 continue;
873 if((cs_list[i].zip[0] >> 2 != CS_TXT_IDX_TLS) == !prefer_rfc) {
874 j = i;
875 break;
876 }
877 if(j == CS_LIST_LEN)
878 j = i;
879 }
880
881 if(j < CS_LIST_LEN)
882 r = cs_zip_to_str(cs_list[j].zip, buf, buf_size);
883
884 if(r < 0)
885 msnprintf(buf, buf_size, "TLS_UNKNOWN_0x%04x", id);
886
887 return r;
888 }
889
890 #endif /* defined(USE_SECTRANSP) || defined(USE_MBEDTLS) || \
891 defined(USE_BEARSSL) || defined(USE_RUSTLS) */
892
