diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2013-03-11 20:15:07 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2013-03-12 00:20:31 +0100 |
commit | ba1a0fae3371baccaa24aed1f5fcdc12f6df82e1 (patch) | |
tree | 560f35017d91b2c56dc9ff6b709cfeb675f0f9b6 /lib/algorithms/ciphersuites.c | |
parent | 161905abf20fb502c70b610f45789a917f3ed695 (diff) | |
download | gnutls-ba1a0fae3371baccaa24aed1f5fcdc12f6df82e1.tar.gz |
Added options to disable more key exchange mechanisms.
In that DHE was separated from ECDHE.
Diffstat (limited to 'lib/algorithms/ciphersuites.c')
-rw-r--r-- | lib/algorithms/ciphersuites.c | 447 |
1 files changed, 229 insertions, 218 deletions
diff --git a/lib/algorithms/ciphersuites.c b/lib/algorithms/ciphersuites.c index e5fdc3ac54..817f07b659 100644 --- a/lib/algorithms/ciphersuites.c +++ b/lib/algorithms/ciphersuites.c @@ -221,147 +221,65 @@ typedef struct #define CIPHER_SUITES_COUNT (sizeof(cs_algorithms)/sizeof(gnutls_cipher_suite_entry)-1) static const gnutls_cipher_suite_entry cs_algorithms[] = { - /* DH_ANON */ - ENTRY (GNUTLS_DH_ANON_ARCFOUR_MD5, - GNUTLS_CIPHER_ARCFOUR_128, - GNUTLS_KX_ANON_DH, GNUTLS_MAC_MD5, - GNUTLS_SSL3, GNUTLS_VERSION_MAX, 0), - ENTRY (GNUTLS_DH_ANON_3DES_EDE_CBC_SHA1, - GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ANON_DH, - GNUTLS_MAC_SHA1, GNUTLS_SSL3, - GNUTLS_VERSION_MAX, 1), - ENTRY (GNUTLS_DH_ANON_AES_128_CBC_SHA1, - GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_DH, - GNUTLS_MAC_SHA1, GNUTLS_SSL3, - GNUTLS_VERSION_MAX, 1), - ENTRY (GNUTLS_DH_ANON_AES_256_CBC_SHA1, - GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_DH, - GNUTLS_MAC_SHA1, GNUTLS_SSL3, - GNUTLS_VERSION_MAX, 1), - ENTRY (GNUTLS_DH_ANON_CAMELLIA_128_CBC_SHA1, - GNUTLS_CIPHER_CAMELLIA_128_CBC, - GNUTLS_KX_ANON_DH, - GNUTLS_MAC_SHA1, GNUTLS_TLS1, - GNUTLS_VERSION_MAX, 1), - ENTRY (GNUTLS_DH_ANON_CAMELLIA_256_CBC_SHA1, - GNUTLS_CIPHER_CAMELLIA_256_CBC, - GNUTLS_KX_ANON_DH, - GNUTLS_MAC_SHA1, GNUTLS_TLS1, + /* RSA-NULL */ + ENTRY (GNUTLS_RSA_NULL_MD5, + GNUTLS_CIPHER_NULL, + GNUTLS_KX_RSA, GNUTLS_MAC_MD5, GNUTLS_SSL3, GNUTLS_VERSION_MAX, 1), - ENTRY (GNUTLS_DH_ANON_AES_128_CBC_SHA256, - GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_DH, - GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, + ENTRY (GNUTLS_RSA_NULL_SHA1, + GNUTLS_CIPHER_NULL, + GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_VERSION_MAX, 1), - ENTRY (GNUTLS_DH_ANON_AES_256_CBC_SHA256, - GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_DH, - GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, + ENTRY (GNUTLS_RSA_NULL_SHA256, + GNUTLS_CIPHER_NULL, + GNUTLS_KX_RSA, GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, GNUTLS_VERSION_MAX, 1), - /* PSK */ - ENTRY (GNUTLS_PSK_SHA_ARCFOUR_SHA1, - GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_PSK, - GNUTLS_MAC_SHA1, GNUTLS_TLS1, + /* RSA */ + ENTRY (GNUTLS_RSA_ARCFOUR_SHA1, + GNUTLS_CIPHER_ARCFOUR_128, + GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_VERSION_MAX, 0), - ENTRY (GNUTLS_PSK_SHA_3DES_EDE_CBC_SHA1, - GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_PSK, - GNUTLS_MAC_SHA1, GNUTLS_TLS1, - GNUTLS_VERSION_MAX, 1), - ENTRY (GNUTLS_PSK_SHA_AES_128_CBC_SHA1, - GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_PSK, - GNUTLS_MAC_SHA1, GNUTLS_TLS1, - GNUTLS_VERSION_MAX, 1), - ENTRY (GNUTLS_PSK_SHA_AES_256_CBC_SHA1, - GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_PSK, - GNUTLS_MAC_SHA1, GNUTLS_TLS1, - GNUTLS_VERSION_MAX, 1), - ENTRY (GNUTLS_PSK_AES_128_CBC_SHA256, - GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_PSK, - GNUTLS_MAC_SHA256, GNUTLS_TLS1, - GNUTLS_VERSION_MAX, 1), - ENTRY (GNUTLS_PSK_AES_128_GCM_SHA256, - GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_PSK, - GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, - GNUTLS_VERSION_MAX, 1), - ENTRY (GNUTLS_PSK_NULL_SHA256, - GNUTLS_CIPHER_NULL, GNUTLS_KX_PSK, - GNUTLS_MAC_SHA256, GNUTLS_TLS1, - GNUTLS_VERSION_MAX, 1), - - /* DHE-PSK */ - ENTRY (GNUTLS_DHE_PSK_SHA_ARCFOUR_SHA1, - GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_DHE_PSK, - GNUTLS_MAC_SHA1, GNUTLS_TLS1, + ENTRY (GNUTLS_RSA_ARCFOUR_MD5, + GNUTLS_CIPHER_ARCFOUR_128, + GNUTLS_KX_RSA, GNUTLS_MAC_MD5, GNUTLS_SSL3, GNUTLS_VERSION_MAX, 0), - ENTRY (GNUTLS_DHE_PSK_SHA_3DES_EDE_CBC_SHA1, - GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_PSK, - GNUTLS_MAC_SHA1, GNUTLS_TLS1, - GNUTLS_VERSION_MAX, 1), - ENTRY (GNUTLS_DHE_PSK_SHA_AES_128_CBC_SHA1, - GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_PSK, - GNUTLS_MAC_SHA1, GNUTLS_TLS1, - GNUTLS_VERSION_MAX, 1), - ENTRY (GNUTLS_DHE_PSK_SHA_AES_256_CBC_SHA1, - GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_PSK, - GNUTLS_MAC_SHA1, GNUTLS_TLS1, - GNUTLS_VERSION_MAX, 1), - ENTRY (GNUTLS_DHE_PSK_AES_128_CBC_SHA256, - GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_PSK, - GNUTLS_MAC_SHA256, GNUTLS_TLS1, - GNUTLS_VERSION_MAX, 1), - ENTRY (GNUTLS_DHE_PSK_AES_128_GCM_SHA256, - GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_DHE_PSK, - GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, - GNUTLS_VERSION_MAX, 1), - ENTRY (GNUTLS_DHE_PSK_NULL_SHA256, - GNUTLS_CIPHER_NULL, GNUTLS_KX_DHE_PSK, - GNUTLS_MAC_SHA256, GNUTLS_TLS1, - GNUTLS_VERSION_MAX, 1), - - /* SRP */ - ENTRY (GNUTLS_SRP_SHA_3DES_EDE_CBC_SHA1, - GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP, - GNUTLS_MAC_SHA1, GNUTLS_TLS1, - GNUTLS_VERSION_MAX, 1), - ENTRY (GNUTLS_SRP_SHA_AES_128_CBC_SHA1, - GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP, - GNUTLS_MAC_SHA1, GNUTLS_TLS1, + ENTRY (GNUTLS_RSA_3DES_EDE_CBC_SHA1, + GNUTLS_CIPHER_3DES_CBC, + GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_VERSION_MAX, 1), - ENTRY (GNUTLS_SRP_SHA_AES_256_CBC_SHA1, - GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP, - GNUTLS_MAC_SHA1, GNUTLS_TLS1, + ENTRY (GNUTLS_RSA_AES_128_CBC_SHA1, + GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_VERSION_MAX, 1), - - ENTRY (GNUTLS_SRP_SHA_DSS_3DES_EDE_CBC_SHA1, - GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP_DSS, - GNUTLS_MAC_SHA1, GNUTLS_TLS1, + ENTRY (GNUTLS_RSA_AES_256_CBC_SHA1, + GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_VERSION_MAX, 1), - - ENTRY (GNUTLS_SRP_SHA_RSA_3DES_EDE_CBC_SHA1, - GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP_RSA, + ENTRY (GNUTLS_RSA_CAMELLIA_128_CBC_SHA1, + GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_VERSION_MAX, 1), - - ENTRY (GNUTLS_SRP_SHA_DSS_AES_128_CBC_SHA1, - GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP_DSS, + ENTRY (GNUTLS_RSA_CAMELLIA_256_CBC_SHA1, + GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_VERSION_MAX, 1), - - ENTRY (GNUTLS_SRP_SHA_RSA_AES_128_CBC_SHA1, - GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP_RSA, - GNUTLS_MAC_SHA1, GNUTLS_TLS1, + ENTRY (GNUTLS_RSA_AES_128_CBC_SHA256, + GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA, + GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, GNUTLS_VERSION_MAX, 1), - - ENTRY (GNUTLS_SRP_SHA_DSS_AES_256_CBC_SHA1, - GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP_DSS, - GNUTLS_MAC_SHA1, GNUTLS_TLS1, + ENTRY (GNUTLS_RSA_AES_256_CBC_SHA256, + GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA, + GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, GNUTLS_VERSION_MAX, 1), - - ENTRY (GNUTLS_SRP_SHA_RSA_AES_256_CBC_SHA1, - GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP_RSA, - GNUTLS_MAC_SHA1, GNUTLS_TLS1, +/* GCM */ + ENTRY (GNUTLS_RSA_AES_128_GCM_SHA256, + GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_RSA, + GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_VERSION_MAX, 1), /* DHE_DSS */ +#ifdef ENABLE_DHE ENTRY (GNUTLS_DHE_DSS_ARCFOUR_SHA1, GNUTLS_CIPHER_ARCFOUR_128, GNUTLS_KX_DHE_DSS, GNUTLS_MAC_SHA1, GNUTLS_TLS1, @@ -427,68 +345,6 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_RSA, GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, GNUTLS_VERSION_MAX, 1), - /* RSA-NULL */ - ENTRY (GNUTLS_RSA_NULL_MD5, - GNUTLS_CIPHER_NULL, - GNUTLS_KX_RSA, GNUTLS_MAC_MD5, GNUTLS_SSL3, - GNUTLS_VERSION_MAX, 1), - ENTRY (GNUTLS_RSA_NULL_SHA1, - GNUTLS_CIPHER_NULL, - GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3, - GNUTLS_VERSION_MAX, 1), - ENTRY (GNUTLS_RSA_NULL_SHA256, - GNUTLS_CIPHER_NULL, - GNUTLS_KX_RSA, GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, - GNUTLS_VERSION_MAX, 1), - - /* RSA-EXPORT */ - ENTRY (GNUTLS_RSA_EXPORT_ARCFOUR_40_MD5, - GNUTLS_CIPHER_ARCFOUR_40, - GNUTLS_KX_RSA_EXPORT, GNUTLS_MAC_MD5, - GNUTLS_SSL3, GNUTLS_TLS1_0, 0), - - /* RSA */ - ENTRY (GNUTLS_RSA_ARCFOUR_SHA1, - GNUTLS_CIPHER_ARCFOUR_128, - GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3, - GNUTLS_VERSION_MAX, 0), - ENTRY (GNUTLS_RSA_ARCFOUR_MD5, - GNUTLS_CIPHER_ARCFOUR_128, - GNUTLS_KX_RSA, GNUTLS_MAC_MD5, GNUTLS_SSL3, - GNUTLS_VERSION_MAX, 0), - ENTRY (GNUTLS_RSA_3DES_EDE_CBC_SHA1, - GNUTLS_CIPHER_3DES_CBC, - GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3, - GNUTLS_VERSION_MAX, 1), - ENTRY (GNUTLS_RSA_AES_128_CBC_SHA1, - GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA, - GNUTLS_MAC_SHA1, GNUTLS_SSL3, - GNUTLS_VERSION_MAX, 1), - ENTRY (GNUTLS_RSA_AES_256_CBC_SHA1, - GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA, - GNUTLS_MAC_SHA1, GNUTLS_SSL3, - GNUTLS_VERSION_MAX, 1), - ENTRY (GNUTLS_RSA_CAMELLIA_128_CBC_SHA1, - GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_RSA, - GNUTLS_MAC_SHA1, GNUTLS_TLS1, - GNUTLS_VERSION_MAX, 1), - ENTRY (GNUTLS_RSA_CAMELLIA_256_CBC_SHA1, - GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_RSA, - GNUTLS_MAC_SHA1, GNUTLS_TLS1, - GNUTLS_VERSION_MAX, 1), - ENTRY (GNUTLS_RSA_AES_128_CBC_SHA256, - GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA, - GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, - GNUTLS_VERSION_MAX, 1), - ENTRY (GNUTLS_RSA_AES_256_CBC_SHA256, - GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA, - GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, - GNUTLS_VERSION_MAX, 1), -/* GCM */ - ENTRY (GNUTLS_RSA_AES_128_GCM_SHA256, - GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_RSA, - GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, - GNUTLS_VERSION_MAX, 1), ENTRY (GNUTLS_DHE_RSA_AES_128_GCM_SHA256, GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_DHE_RSA, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, @@ -497,27 +353,8 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_DHE_DSS, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_VERSION_MAX, 1), - ENTRY (GNUTLS_DH_ANON_AES_128_GCM_SHA256, - GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_ANON_DH, - GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, - GNUTLS_VERSION_MAX, 1), -/* ECC-ANON */ - ENTRY (GNUTLS_ECDH_ANON_NULL_SHA1, - GNUTLS_CIPHER_NULL, GNUTLS_KX_ANON_ECDH, - GNUTLS_MAC_SHA1, GNUTLS_TLS1_0, - GNUTLS_VERSION_MAX, 1), - ENTRY (GNUTLS_ECDH_ANON_3DES_EDE_CBC_SHA1, - GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ANON_ECDH, - GNUTLS_MAC_SHA1, GNUTLS_TLS1_0, - GNUTLS_VERSION_MAX, 1), - ENTRY (GNUTLS_ECDH_ANON_AES_128_CBC_SHA1, - GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_ECDH, - GNUTLS_MAC_SHA1, GNUTLS_TLS1_0, - GNUTLS_VERSION_MAX, 1), - ENTRY (GNUTLS_ECDH_ANON_AES_256_CBC_SHA1, - GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_ECDH, - GNUTLS_MAC_SHA1, GNUTLS_TLS1_0, - GNUTLS_VERSION_MAX, 1), +#endif /* DHE */ +#ifdef ENABLE_ECDHE /* ECC-RSA */ ENTRY (GNUTLS_ECDHE_RSA_NULL_SHA1, GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_RSA, @@ -570,6 +407,20 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_ECDHE_RSA, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_VERSION_MAX, 1), + ENTRY_PRF(GNUTLS_ECDHE_ECDSA_AES_256_GCM_SHA384, + GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_ECDHE_ECDSA, + GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, + GNUTLS_VERSION_MAX, 1, GNUTLS_DIG_SHA384), + ENTRY_PRF(GNUTLS_ECDHE_RSA_AES_256_GCM_SHA384, + GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_ECDHE_RSA, + GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, + GNUTLS_VERSION_MAX, 1, GNUTLS_DIG_SHA384), + ENTRY_PRF(GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA384, + GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_ECDSA, + GNUTLS_MAC_SHA384, GNUTLS_TLS1_2, + GNUTLS_VERSION_MAX, 1, GNUTLS_DIG_SHA384), +#endif +#ifdef ENABLE_PSK /* ECC - PSK */ ENTRY (GNUTLS_ECDHE_PSK_3DES_EDE_CBC_SHA1, GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ECDHE_PSK, @@ -599,18 +450,67 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_PSK, GNUTLS_MAC_SHA384, GNUTLS_TLS1_0, GNUTLS_VERSION_MAX, 1, GNUTLS_MAC_SHA384), - ENTRY_PRF(GNUTLS_ECDHE_ECDSA_AES_256_GCM_SHA384, - GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_ECDHE_ECDSA, - GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, - GNUTLS_VERSION_MAX, 1, GNUTLS_DIG_SHA384), - ENTRY_PRF(GNUTLS_ECDHE_RSA_AES_256_GCM_SHA384, - GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_ECDHE_RSA, - GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, - GNUTLS_VERSION_MAX, 1, GNUTLS_DIG_SHA384), - ENTRY_PRF(GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA384, - GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_ECDSA, - GNUTLS_MAC_SHA384, GNUTLS_TLS1_2, - GNUTLS_VERSION_MAX, 1, GNUTLS_DIG_SHA384), + + /* PSK */ + ENTRY (GNUTLS_PSK_SHA_ARCFOUR_SHA1, + GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_PSK, + GNUTLS_MAC_SHA1, GNUTLS_TLS1, + GNUTLS_VERSION_MAX, 0), + ENTRY (GNUTLS_PSK_SHA_3DES_EDE_CBC_SHA1, + GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_PSK, + GNUTLS_MAC_SHA1, GNUTLS_TLS1, + GNUTLS_VERSION_MAX, 1), + ENTRY (GNUTLS_PSK_SHA_AES_128_CBC_SHA1, + GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_PSK, + GNUTLS_MAC_SHA1, GNUTLS_TLS1, + GNUTLS_VERSION_MAX, 1), + ENTRY (GNUTLS_PSK_SHA_AES_256_CBC_SHA1, + GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_PSK, + GNUTLS_MAC_SHA1, GNUTLS_TLS1, + GNUTLS_VERSION_MAX, 1), + ENTRY (GNUTLS_PSK_AES_128_CBC_SHA256, + GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_PSK, + GNUTLS_MAC_SHA256, GNUTLS_TLS1, + GNUTLS_VERSION_MAX, 1), + ENTRY (GNUTLS_PSK_AES_128_GCM_SHA256, + GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_PSK, + GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, + GNUTLS_VERSION_MAX, 1), + ENTRY (GNUTLS_PSK_NULL_SHA256, + GNUTLS_CIPHER_NULL, GNUTLS_KX_PSK, + GNUTLS_MAC_SHA256, GNUTLS_TLS1, + GNUTLS_VERSION_MAX, 1), + + /* DHE-PSK */ + ENTRY (GNUTLS_DHE_PSK_SHA_ARCFOUR_SHA1, + GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_DHE_PSK, + GNUTLS_MAC_SHA1, GNUTLS_TLS1, + GNUTLS_VERSION_MAX, 0), + ENTRY (GNUTLS_DHE_PSK_SHA_3DES_EDE_CBC_SHA1, + GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_PSK, + GNUTLS_MAC_SHA1, GNUTLS_TLS1, + GNUTLS_VERSION_MAX, 1), + ENTRY (GNUTLS_DHE_PSK_SHA_AES_128_CBC_SHA1, + GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_PSK, + GNUTLS_MAC_SHA1, GNUTLS_TLS1, + GNUTLS_VERSION_MAX, 1), + ENTRY (GNUTLS_DHE_PSK_SHA_AES_256_CBC_SHA1, + GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_PSK, + GNUTLS_MAC_SHA1, GNUTLS_TLS1, + GNUTLS_VERSION_MAX, 1), + ENTRY (GNUTLS_DHE_PSK_AES_128_CBC_SHA256, + GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_PSK, + GNUTLS_MAC_SHA256, GNUTLS_TLS1, + GNUTLS_VERSION_MAX, 1), + ENTRY (GNUTLS_DHE_PSK_AES_128_GCM_SHA256, + GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_DHE_PSK, + GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, + GNUTLS_VERSION_MAX, 1), + ENTRY (GNUTLS_DHE_PSK_NULL_SHA256, + GNUTLS_CIPHER_NULL, GNUTLS_KX_DHE_PSK, + GNUTLS_MAC_SHA256, GNUTLS_TLS1, + GNUTLS_VERSION_MAX, 1), + ENTRY_PRF(GNUTLS_PSK_WITH_AES_256_GCM_SHA384, GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_PSK, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, @@ -619,6 +519,117 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_DHE_PSK, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_VERSION_MAX, 1, GNUTLS_DIG_SHA384), +#endif +#ifdef ENABLE_ANON + /* DH_ANON */ + ENTRY (GNUTLS_DH_ANON_ARCFOUR_MD5, + GNUTLS_CIPHER_ARCFOUR_128, + GNUTLS_KX_ANON_DH, GNUTLS_MAC_MD5, + GNUTLS_SSL3, GNUTLS_VERSION_MAX, 0), + ENTRY (GNUTLS_DH_ANON_3DES_EDE_CBC_SHA1, + GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ANON_DH, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, + GNUTLS_VERSION_MAX, 1), + ENTRY (GNUTLS_DH_ANON_AES_128_CBC_SHA1, + GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_DH, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, + GNUTLS_VERSION_MAX, 1), + ENTRY (GNUTLS_DH_ANON_AES_256_CBC_SHA1, + GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_DH, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, + GNUTLS_VERSION_MAX, 1), + ENTRY (GNUTLS_DH_ANON_CAMELLIA_128_CBC_SHA1, + GNUTLS_CIPHER_CAMELLIA_128_CBC, + GNUTLS_KX_ANON_DH, + GNUTLS_MAC_SHA1, GNUTLS_TLS1, + GNUTLS_VERSION_MAX, 1), + ENTRY (GNUTLS_DH_ANON_CAMELLIA_256_CBC_SHA1, + GNUTLS_CIPHER_CAMELLIA_256_CBC, + GNUTLS_KX_ANON_DH, + GNUTLS_MAC_SHA1, GNUTLS_TLS1, + GNUTLS_VERSION_MAX, 1), + ENTRY (GNUTLS_DH_ANON_AES_128_CBC_SHA256, + GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_DH, + GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, + GNUTLS_VERSION_MAX, 1), + ENTRY (GNUTLS_DH_ANON_AES_256_CBC_SHA256, + GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_DH, + GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, + GNUTLS_VERSION_MAX, 1), + ENTRY (GNUTLS_DH_ANON_AES_128_GCM_SHA256, + GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_ANON_DH, + GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, + GNUTLS_VERSION_MAX, 1), +/* ECC-ANON */ + ENTRY (GNUTLS_ECDH_ANON_NULL_SHA1, + GNUTLS_CIPHER_NULL, GNUTLS_KX_ANON_ECDH, + GNUTLS_MAC_SHA1, GNUTLS_TLS1_0, + GNUTLS_VERSION_MAX, 1), + ENTRY (GNUTLS_ECDH_ANON_3DES_EDE_CBC_SHA1, + GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ANON_ECDH, + GNUTLS_MAC_SHA1, GNUTLS_TLS1_0, + GNUTLS_VERSION_MAX, 1), + ENTRY (GNUTLS_ECDH_ANON_AES_128_CBC_SHA1, + GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_ECDH, + GNUTLS_MAC_SHA1, GNUTLS_TLS1_0, + GNUTLS_VERSION_MAX, 1), + ENTRY (GNUTLS_ECDH_ANON_AES_256_CBC_SHA1, + GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_ECDH, + GNUTLS_MAC_SHA1, GNUTLS_TLS1_0, + GNUTLS_VERSION_MAX, 1), +#endif +#ifdef ENABLE_SRP + /* SRP */ + ENTRY (GNUTLS_SRP_SHA_3DES_EDE_CBC_SHA1, + GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP, + GNUTLS_MAC_SHA1, GNUTLS_TLS1, + GNUTLS_VERSION_MAX, 1), + ENTRY (GNUTLS_SRP_SHA_AES_128_CBC_SHA1, + GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP, + GNUTLS_MAC_SHA1, GNUTLS_TLS1, + GNUTLS_VERSION_MAX, 1), + ENTRY (GNUTLS_SRP_SHA_AES_256_CBC_SHA1, + GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP, + GNUTLS_MAC_SHA1, GNUTLS_TLS1, + GNUTLS_VERSION_MAX, 1), + + ENTRY (GNUTLS_SRP_SHA_DSS_3DES_EDE_CBC_SHA1, + GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP_DSS, + GNUTLS_MAC_SHA1, GNUTLS_TLS1, + GNUTLS_VERSION_MAX, 1), + + ENTRY (GNUTLS_SRP_SHA_RSA_3DES_EDE_CBC_SHA1, + GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP_RSA, + GNUTLS_MAC_SHA1, GNUTLS_TLS1, + GNUTLS_VERSION_MAX, 1), + + ENTRY (GNUTLS_SRP_SHA_DSS_AES_128_CBC_SHA1, + GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP_DSS, + GNUTLS_MAC_SHA1, GNUTLS_TLS1, + GNUTLS_VERSION_MAX, 1), + + ENTRY (GNUTLS_SRP_SHA_RSA_AES_128_CBC_SHA1, + GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP_RSA, + GNUTLS_MAC_SHA1, GNUTLS_TLS1, + GNUTLS_VERSION_MAX, 1), + + ENTRY (GNUTLS_SRP_SHA_DSS_AES_256_CBC_SHA1, + GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP_DSS, + GNUTLS_MAC_SHA1, GNUTLS_TLS1, + GNUTLS_VERSION_MAX, 1), + + ENTRY (GNUTLS_SRP_SHA_RSA_AES_256_CBC_SHA1, + GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP_RSA, + GNUTLS_MAC_SHA1, GNUTLS_TLS1, + GNUTLS_VERSION_MAX, 1), +#endif +#ifdef ENABLE_RSA_EXPORT + /* RSA-EXPORT */ + ENTRY (GNUTLS_RSA_EXPORT_ARCFOUR_40_MD5, + GNUTLS_CIPHER_ARCFOUR_40, + GNUTLS_KX_RSA_EXPORT, GNUTLS_MAC_MD5, + GNUTLS_SSL3, GNUTLS_TLS1_0, 0), +#endif {0, {0, 0}, 0, 0, 0, 0, 0, 0} }; |