cipher_suite.c@ 108333

最後變更在這個檔案從108333是 108198,由 vboxsync 提交於 5 週前
curl: fixing svn:export jiraref:VBP-1535
檔案大小: 36.1 KB

行
1	/***************************************************************************
2	* _ _ ____ _
3	* Project ___\| \| \| \| _ \\| \|
4	* / __\| \| \| \| \|_) \| \|
5	* \| (__\| \|_\| \| _ <\| \|___
6	* \___\|\___/\|_\| \_\_____\|
7	*
8	* Copyright (C) Jan Venekamp, <[email protected]>
9	*
10	* This software is licensed as described in the file COPYING, which
11	* you should have received as part of this distribution. The terms
12	* are also available at https://curl.se/docs/copyright.html.
13	*
14	* You may opt to use, copy, modify, merge, publish, distribute and/or sell
15	* copies of the Software, and permit persons to whom the Software is
16	* furnished to do so, under the terms of the COPYING file.
17	*
18	* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19	* KIND, either express or implied.
20	*
21	* SPDX-License-Identifier: curl
22	*
23	***************************************************************************/
24	#include "curl_setup.h"
25
26	#if defined(USE_SECTRANSP) \|\| defined(USE_MBEDTLS) \|\| \
27	defined(USE_BEARSSL) \|\| defined(USE_RUSTLS)
28	#include "cipher_suite.h"
29	#include "curl_printf.h"
30	#include "strcase.h"
31	#include <string.h>
32
33	/*
34	* To support the CURLOPT_SSL_CIPHER_LIST option on SSL backends
35	* that do not support it natively, but do support setting a list of
36	* IANA ids, we need a list of all supported cipher suite names
37	* (OpenSSL and IANA) to be able to look up the IANA ids.
38	*
39	* To keep the binary size of this list down we compress each entry
40	* down to 2 + 6 bytes using the C preprocessor.
41	*/
42
43	/*
44	* mbedTLS NOTE: mbedTLS has mbedtls_ssl_get_ciphersuite_id() to
45	* convert a string representation to an IANA id, we do not use that
46	* because it does not support "standard" OpenSSL cipher suite
47	* names, nor IANA names.
48	*/
49
50	/* NOTE: also see tests/unit/unit3205.c */
51
52	/* Text for cipher suite parts (max 64 entries),
53	keep indexes below in sync with this! */
54	static const char *cs_txt =
55	"\0"
56	"TLS" "\0"
57	"WITH" "\0"
58	"128" "\0"
59	"256" "\0"
60	"3DES" "\0"
61	"8" "\0"
62	"AES" "\0"
63	"AES128" "\0"
64	"AES256" "\0"
65	"CBC" "\0"
66	"CBC3" "\0"
67	"CCM" "\0"
68	"CCM8" "\0"
69	"CHACHA20" "\0"
70	"DES" "\0"
71	"DHE" "\0"
72	"ECDH" "\0"
73	"ECDHE" "\0"
74	"ECDSA" "\0"
75	"EDE" "\0"
76	"GCM" "\0"
77	"MD5" "\0"
78	"NULL" "\0"
79	"POLY1305" "\0"
80	"PSK" "\0"
81	"RSA" "\0"
82	"SHA" "\0"
83	"SHA256" "\0"
84	"SHA384" "\0"
85	#if defined(USE_MBEDTLS)
86	"ARIA" "\0"
87	"ARIA128" "\0"
88	"ARIA256" "\0"
89	"CAMELLIA" "\0"
90	"CAMELLIA128" "\0"
91	"CAMELLIA256" "\0"
92	#endif
93	#if defined(USE_SECTRANSP)
94	"40" "\0"
95	"ADH" "\0"
96	"AECDH" "\0"
97	"anon" "\0"
98	"DES40" "\0"
99	"DH" "\0"
100	"DSS" "\0"
101	"EDH" "\0"
102	"EXP" "\0"
103	"EXPORT" "\0"
104	"IDEA" "\0"
105	"RC2" "\0"
106	"RC4" "\0"
107	#endif
108	;
109	/* Indexes of above cs_txt */
110	enum {
111	CS_TXT_IDX_,
112	CS_TXT_IDX_TLS,
113	CS_TXT_IDX_WITH,
114	CS_TXT_IDX_128,
115	CS_TXT_IDX_256,
116	CS_TXT_IDX_3DES,
117	CS_TXT_IDX_8,
118	CS_TXT_IDX_AES,
119	CS_TXT_IDX_AES128,
120	CS_TXT_IDX_AES256,
121	CS_TXT_IDX_CBC,
122	CS_TXT_IDX_CBC3,
123	CS_TXT_IDX_CCM,
124	CS_TXT_IDX_CCM8,
125	CS_TXT_IDX_CHACHA20,
126	CS_TXT_IDX_DES,
127	CS_TXT_IDX_DHE,
128	CS_TXT_IDX_ECDH,
129	CS_TXT_IDX_ECDHE,
130	CS_TXT_IDX_ECDSA,
131	CS_TXT_IDX_EDE,
132	CS_TXT_IDX_GCM,
133	CS_TXT_IDX_MD5,
134	CS_TXT_IDX_NULL,
135	CS_TXT_IDX_POLY1305,
136	CS_TXT_IDX_PSK,
137	CS_TXT_IDX_RSA,
138	CS_TXT_IDX_SHA,
139	CS_TXT_IDX_SHA256,
140	CS_TXT_IDX_SHA384,
141	#if defined(USE_MBEDTLS)
142	CS_TXT_IDX_ARIA,
143	CS_TXT_IDX_ARIA128,
144	CS_TXT_IDX_ARIA256,
145	CS_TXT_IDX_CAMELLIA,
146	CS_TXT_IDX_CAMELLIA128,
147	CS_TXT_IDX_CAMELLIA256,
148	#endif
149	#if defined(USE_SECTRANSP)
150	CS_TXT_IDX_40,
151	CS_TXT_IDX_ADH,
152	CS_TXT_IDX_AECDH,
153	CS_TXT_IDX_anon,
154	CS_TXT_IDX_DES40,
155	CS_TXT_IDX_DH,
156	CS_TXT_IDX_DSS,
157	CS_TXT_IDX_EDH,
158	CS_TXT_IDX_EXP,
159	CS_TXT_IDX_EXPORT,
160	CS_TXT_IDX_IDEA,
161	CS_TXT_IDX_RC2,
162	CS_TXT_IDX_RC4,
163	#endif
164	CS_TXT_LEN,
165	};
166
167	#define CS_ZIP_IDX(a, b, c, d, e, f, g, h) \
168	{ \
169	(uint8_t) ((((a) << 2) & 0xFF) \| ((b) & 0x3F) >> 4), \
170	(uint8_t) ((((b) << 4) & 0xFF) \| ((c) & 0x3F) >> 2), \
171	(uint8_t) ((((c) << 6) & 0xFF) \| ((d) & 0x3F)), \
172	(uint8_t) ((((e) << 2) & 0xFF) \| ((f) & 0x3F) >> 4), \
173	(uint8_t) ((((f) << 4) & 0xFF) \| ((g) & 0x3F) >> 2), \
174	(uint8_t) ((((g) << 6) & 0xFF) \| ((h) & 0x3F)) \
175	}
176	#define CS_ENTRY(id, a, b, c, d, e, f, g, h) \
177	{ \
178	id, \
179	CS_ZIP_IDX( \
180	CS_TXT_IDX_ ## a, CS_TXT_IDX_ ## b, \
181	CS_TXT_IDX_ ## c, CS_TXT_IDX_ ## d, \
182	CS_TXT_IDX_ ## e, CS_TXT_IDX_ ## f, \
183	CS_TXT_IDX_ ## g, CS_TXT_IDX_ ## h \
184	) \
185	}
186
187	struct cs_entry {
188	uint16_t id;
189	uint8_t zip[6];
190	};
191
192	/* !checksrc! disable COMMANOSPACE all */
193	static const struct cs_entry cs_list [] = {
194	/* TLS 1.3 ciphers */
195	#if defined(USE_SECTRANSP) \|\| defined(USE_MBEDTLS) \|\| defined(USE_RUSTLS)
196	CS_ENTRY(0x1301, TLS,AES,128,GCM,SHA256,,,),
197	CS_ENTRY(0x1302, TLS,AES,256,GCM,SHA384,,,),
198	CS_ENTRY(0x1303, TLS,CHACHA20,POLY1305,SHA256,,,,),
199	CS_ENTRY(0x1304, TLS,AES,128,CCM,SHA256,,,),
200	CS_ENTRY(0x1305, TLS,AES,128,CCM,8,SHA256,,),
201	#endif
202	/* TLS 1.2 ciphers */
203	CS_ENTRY(0xC02B, TLS,ECDHE,ECDSA,WITH,AES,128,GCM,SHA256),
204	CS_ENTRY(0xC02B, ECDHE,ECDSA,AES128,GCM,SHA256,,,),
205	CS_ENTRY(0xC02C, TLS,ECDHE,ECDSA,WITH,AES,256,GCM,SHA384),
206	CS_ENTRY(0xC02C, ECDHE,ECDSA,AES256,GCM,SHA384,,,),
207	CS_ENTRY(0xC02F, TLS,ECDHE,RSA,WITH,AES,128,GCM,SHA256),
208	CS_ENTRY(0xC02F, ECDHE,RSA,AES128,GCM,SHA256,,,),
209	CS_ENTRY(0xC030, TLS,ECDHE,RSA,WITH,AES,256,GCM,SHA384),
210	CS_ENTRY(0xC030, ECDHE,RSA,AES256,GCM,SHA384,,,),
211	CS_ENTRY(0xCCA8, TLS,ECDHE,RSA,WITH,CHACHA20,POLY1305,SHA256,),
212	CS_ENTRY(0xCCA8, ECDHE,RSA,CHACHA20,POLY1305,,,,),
213	CS_ENTRY(0xCCA9, TLS,ECDHE,ECDSA,WITH,CHACHA20,POLY1305,SHA256,),
214	CS_ENTRY(0xCCA9, ECDHE,ECDSA,CHACHA20,POLY1305,,,,),
215	#if defined(USE_SECTRANSP) \|\| defined(USE_MBEDTLS) \|\| defined(USE_BEARSSL)
216	CS_ENTRY(0x002F, TLS,RSA,WITH,AES,128,CBC,SHA,),
217	CS_ENTRY(0x002F, AES128,SHA,,,,,,),
218	CS_ENTRY(0x0035, TLS,RSA,WITH,AES,256,CBC,SHA,),
219	CS_ENTRY(0x0035, AES256,SHA,,,,,,),
220	CS_ENTRY(0x003C, TLS,RSA,WITH,AES,128,CBC,SHA256,),
221	CS_ENTRY(0x003C, AES128,SHA256,,,,,,),
222	CS_ENTRY(0x003D, TLS,RSA,WITH,AES,256,CBC,SHA256,),
223	CS_ENTRY(0x003D, AES256,SHA256,,,,,,),
224	CS_ENTRY(0x009C, TLS,RSA,WITH,AES,128,GCM,SHA256,),
225	CS_ENTRY(0x009C, AES128,GCM,SHA256,,,,,),
226	CS_ENTRY(0x009D, TLS,RSA,WITH,AES,256,GCM,SHA384,),
227	CS_ENTRY(0x009D, AES256,GCM,SHA384,,,,,),
228	CS_ENTRY(0xC004, TLS,ECDH,ECDSA,WITH,AES,128,CBC,SHA),
229	CS_ENTRY(0xC004, ECDH,ECDSA,AES128,SHA,,,,),
230	CS_ENTRY(0xC005, TLS,ECDH,ECDSA,WITH,AES,256,CBC,SHA),
231	CS_ENTRY(0xC005, ECDH,ECDSA,AES256,SHA,,,,),
232	CS_ENTRY(0xC009, TLS,ECDHE,ECDSA,WITH,AES,128,CBC,SHA),
233	CS_ENTRY(0xC009, ECDHE,ECDSA,AES128,SHA,,,,),
234	CS_ENTRY(0xC00A, TLS,ECDHE,ECDSA,WITH,AES,256,CBC,SHA),
235	CS_ENTRY(0xC00A, ECDHE,ECDSA,AES256,SHA,,,,),
236	CS_ENTRY(0xC00E, TLS,ECDH,RSA,WITH,AES,128,CBC,SHA),
237	CS_ENTRY(0xC00E, ECDH,RSA,AES128,SHA,,,,),
238	CS_ENTRY(0xC00F, TLS,ECDH,RSA,WITH,AES,256,CBC,SHA),
239	CS_ENTRY(0xC00F, ECDH,RSA,AES256,SHA,,,,),
240	CS_ENTRY(0xC013, TLS,ECDHE,RSA,WITH,AES,128,CBC,SHA),
241	CS_ENTRY(0xC013, ECDHE,RSA,AES128,SHA,,,,),
242	CS_ENTRY(0xC014, TLS,ECDHE,RSA,WITH,AES,256,CBC,SHA),
243	CS_ENTRY(0xC014, ECDHE,RSA,AES256,SHA,,,,),
244	CS_ENTRY(0xC023, TLS,ECDHE,ECDSA,WITH,AES,128,CBC,SHA256),
245	CS_ENTRY(0xC023, ECDHE,ECDSA,AES128,SHA256,,,,),
246	CS_ENTRY(0xC024, TLS,ECDHE,ECDSA,WITH,AES,256,CBC,SHA384),
247	CS_ENTRY(0xC024, ECDHE,ECDSA,AES256,SHA384,,,,),
248	CS_ENTRY(0xC025, TLS,ECDH,ECDSA,WITH,AES,128,CBC,SHA256),
249	CS_ENTRY(0xC025, ECDH,ECDSA,AES128,SHA256,,,,),
250	CS_ENTRY(0xC026, TLS,ECDH,ECDSA,WITH,AES,256,CBC,SHA384),
251	CS_ENTRY(0xC026, ECDH,ECDSA,AES256,SHA384,,,,),
252	CS_ENTRY(0xC027, TLS,ECDHE,RSA,WITH,AES,128,CBC,SHA256),
253	CS_ENTRY(0xC027, ECDHE,RSA,AES128,SHA256,,,,),
254	CS_ENTRY(0xC028, TLS,ECDHE,RSA,WITH,AES,256,CBC,SHA384),
255	CS_ENTRY(0xC028, ECDHE,RSA,AES256,SHA384,,,,),
256	CS_ENTRY(0xC029, TLS,ECDH,RSA,WITH,AES,128,CBC,SHA256),
257	CS_ENTRY(0xC029, ECDH,RSA,AES128,SHA256,,,,),
258	CS_ENTRY(0xC02A, TLS,ECDH,RSA,WITH,AES,256,CBC,SHA384),
259	CS_ENTRY(0xC02A, ECDH,RSA,AES256,SHA384,,,,),
260	CS_ENTRY(0xC02D, TLS,ECDH,ECDSA,WITH,AES,128,GCM,SHA256),
261	CS_ENTRY(0xC02D, ECDH,ECDSA,AES128,GCM,SHA256,,,),
262	CS_ENTRY(0xC02E, TLS,ECDH,ECDSA,WITH,AES,256,GCM,SHA384),
263	CS_ENTRY(0xC02E, ECDH,ECDSA,AES256,GCM,SHA384,,,),
264	CS_ENTRY(0xC031, TLS,ECDH,RSA,WITH,AES,128,GCM,SHA256),
265	CS_ENTRY(0xC031, ECDH,RSA,AES128,GCM,SHA256,,,),
266	CS_ENTRY(0xC032, TLS,ECDH,RSA,WITH,AES,256,GCM,SHA384),
267	CS_ENTRY(0xC032, ECDH,RSA,AES256,GCM,SHA384,,,),
268	#endif
269	#if defined(USE_SECTRANSP) \|\| defined(USE_MBEDTLS)
270	CS_ENTRY(0x0001, TLS,RSA,WITH,NULL,MD5,,,),
271	CS_ENTRY(0x0001, NULL,MD5,,,,,,),
272	CS_ENTRY(0x0002, TLS,RSA,WITH,NULL,SHA,,,),
273	CS_ENTRY(0x0002, NULL,SHA,,,,,,),
274	CS_ENTRY(0x002C, TLS,PSK,WITH,NULL,SHA,,,),
275	CS_ENTRY(0x002C, PSK,NULL,SHA,,,,,),
276	CS_ENTRY(0x002D, TLS,DHE,PSK,WITH,NULL,SHA,,),
277	CS_ENTRY(0x002D, DHE,PSK,NULL,SHA,,,,),
278	CS_ENTRY(0x002E, TLS,RSA,PSK,WITH,NULL,SHA,,),
279	CS_ENTRY(0x002E, RSA,PSK,NULL,SHA,,,,),
280	CS_ENTRY(0x0033, TLS,DHE,RSA,WITH,AES,128,CBC,SHA),
281	CS_ENTRY(0x0033, DHE,RSA,AES128,SHA,,,,),
282	CS_ENTRY(0x0039, TLS,DHE,RSA,WITH,AES,256,CBC,SHA),
283	CS_ENTRY(0x0039, DHE,RSA,AES256,SHA,,,,),
284	CS_ENTRY(0x003B, TLS,RSA,WITH,NULL,SHA256,,,),
285	CS_ENTRY(0x003B, NULL,SHA256,,,,,,),
286	CS_ENTRY(0x0067, TLS,DHE,RSA,WITH,AES,128,CBC,SHA256),
287	CS_ENTRY(0x0067, DHE,RSA,AES128,SHA256,,,,),
288	CS_ENTRY(0x006B, TLS,DHE,RSA,WITH,AES,256,CBC,SHA256),
289	CS_ENTRY(0x006B, DHE,RSA,AES256,SHA256,,,,),
290	CS_ENTRY(0x008C, TLS,PSK,WITH,AES,128,CBC,SHA,),
291	CS_ENTRY(0x008C, PSK,AES128,CBC,SHA,,,,),
292	CS_ENTRY(0x008D, TLS,PSK,WITH,AES,256,CBC,SHA,),
293	CS_ENTRY(0x008D, PSK,AES256,CBC,SHA,,,,),
294	CS_ENTRY(0x0090, TLS,DHE,PSK,WITH,AES,128,CBC,SHA),
295	CS_ENTRY(0x0090, DHE,PSK,AES128,CBC,SHA,,,),
296	CS_ENTRY(0x0091, TLS,DHE,PSK,WITH,AES,256,CBC,SHA),
297	CS_ENTRY(0x0091, DHE,PSK,AES256,CBC,SHA,,,),
298	CS_ENTRY(0x0094, TLS,RSA,PSK,WITH,AES,128,CBC,SHA),
299	CS_ENTRY(0x0094, RSA,PSK,AES128,CBC,SHA,,,),
300	CS_ENTRY(0x0095, TLS,RSA,PSK,WITH,AES,256,CBC,SHA),
301	CS_ENTRY(0x0095, RSA,PSK,AES256,CBC,SHA,,,),
302	CS_ENTRY(0x009E, TLS,DHE,RSA,WITH,AES,128,GCM,SHA256),
303	CS_ENTRY(0x009E, DHE,RSA,AES128,GCM,SHA256,,,),
304	CS_ENTRY(0x009F, TLS,DHE,RSA,WITH,AES,256,GCM,SHA384),
305	CS_ENTRY(0x009F, DHE,RSA,AES256,GCM,SHA384,,,),
306	CS_ENTRY(0x00A8, TLS,PSK,WITH,AES,128,GCM,SHA256,),
307	CS_ENTRY(0x00A8, PSK,AES128,GCM,SHA256,,,,),
308	CS_ENTRY(0x00A9, TLS,PSK,WITH,AES,256,GCM,SHA384,),
309	CS_ENTRY(0x00A9, PSK,AES256,GCM,SHA384,,,,),
310	CS_ENTRY(0x00AA, TLS,DHE,PSK,WITH,AES,128,GCM,SHA256),
311	CS_ENTRY(0x00AA, DHE,PSK,AES128,GCM,SHA256,,,),
312	CS_ENTRY(0x00AB, TLS,DHE,PSK,WITH,AES,256,GCM,SHA384),
313	CS_ENTRY(0x00AB, DHE,PSK,AES256,GCM,SHA384,,,),
314	CS_ENTRY(0x00AC, TLS,RSA,PSK,WITH,AES,128,GCM,SHA256),
315	CS_ENTRY(0x00AC, RSA,PSK,AES128,GCM,SHA256,,,),
316	CS_ENTRY(0x00AD, TLS,RSA,PSK,WITH,AES,256,GCM,SHA384),
317	CS_ENTRY(0x00AD, RSA,PSK,AES256,GCM,SHA384,,,),
318	CS_ENTRY(0x00AE, TLS,PSK,WITH,AES,128,CBC,SHA256,),
319	CS_ENTRY(0x00AE, PSK,AES128,CBC,SHA256,,,,),
320	CS_ENTRY(0x00AF, TLS,PSK,WITH,AES,256,CBC,SHA384,),
321	CS_ENTRY(0x00AF, PSK,AES256,CBC,SHA384,,,,),
322	CS_ENTRY(0x00B0, TLS,PSK,WITH,NULL,SHA256,,,),
323	CS_ENTRY(0x00B0, PSK,NULL,SHA256,,,,,),
324	CS_ENTRY(0x00B1, TLS,PSK,WITH,NULL,SHA384,,,),
325	CS_ENTRY(0x00B1, PSK,NULL,SHA384,,,,,),
326	CS_ENTRY(0x00B2, TLS,DHE,PSK,WITH,AES,128,CBC,SHA256),
327	CS_ENTRY(0x00B2, DHE,PSK,AES128,CBC,SHA256,,,),
328	CS_ENTRY(0x00B3, TLS,DHE,PSK,WITH,AES,256,CBC,SHA384),
329	CS_ENTRY(0x00B3, DHE,PSK,AES256,CBC,SHA384,,,),
330	CS_ENTRY(0x00B4, TLS,DHE,PSK,WITH,NULL,SHA256,,),
331	CS_ENTRY(0x00B4, DHE,PSK,NULL,SHA256,,,,),
332	CS_ENTRY(0x00B5, TLS,DHE,PSK,WITH,NULL,SHA384,,),
333	CS_ENTRY(0x00B5, DHE,PSK,NULL,SHA384,,,,),
334	CS_ENTRY(0x00B6, TLS,RSA,PSK,WITH,AES,128,CBC,SHA256),
335	CS_ENTRY(0x00B6, RSA,PSK,AES128,CBC,SHA256,,,),
336	CS_ENTRY(0x00B7, TLS,RSA,PSK,WITH,AES,256,CBC,SHA384),
337	CS_ENTRY(0x00B7, RSA,PSK,AES256,CBC,SHA384,,,),
338	CS_ENTRY(0x00B8, TLS,RSA,PSK,WITH,NULL,SHA256,,),
339	CS_ENTRY(0x00B8, RSA,PSK,NULL,SHA256,,,,),
340	CS_ENTRY(0x00B9, TLS,RSA,PSK,WITH,NULL,SHA384,,),
341	CS_ENTRY(0x00B9, RSA,PSK,NULL,SHA384,,,,),
342	CS_ENTRY(0xC001, TLS,ECDH,ECDSA,WITH,NULL,SHA,,),
343	CS_ENTRY(0xC001, ECDH,ECDSA,NULL,SHA,,,,),
344	CS_ENTRY(0xC006, TLS,ECDHE,ECDSA,WITH,NULL,SHA,,),
345	CS_ENTRY(0xC006, ECDHE,ECDSA,NULL,SHA,,,,),
346	CS_ENTRY(0xC00B, TLS,ECDH,RSA,WITH,NULL,SHA,,),
347	CS_ENTRY(0xC00B, ECDH,RSA,NULL,SHA,,,,),
348	CS_ENTRY(0xC010, TLS,ECDHE,RSA,WITH,NULL,SHA,,),
349	CS_ENTRY(0xC010, ECDHE,RSA,NULL,SHA,,,,),
350	CS_ENTRY(0xC035, TLS,ECDHE,PSK,WITH,AES,128,CBC,SHA),
351	CS_ENTRY(0xC035, ECDHE,PSK,AES128,CBC,SHA,,,),
352	CS_ENTRY(0xC036, TLS,ECDHE,PSK,WITH,AES,256,CBC,SHA),
353	CS_ENTRY(0xC036, ECDHE,PSK,AES256,CBC,SHA,,,),
354	CS_ENTRY(0xCCAB, TLS,PSK,WITH,CHACHA20,POLY1305,SHA256,,),
355	CS_ENTRY(0xCCAB, PSK,CHACHA20,POLY1305,,,,,),
356	#endif
357	#if defined(USE_SECTRANSP) \|\| defined(USE_BEARSSL)
358	CS_ENTRY(0x000A, TLS,RSA,WITH,3DES,EDE,CBC,SHA,),
359	CS_ENTRY(0x000A, DES,CBC3,SHA,,,,,),
360	CS_ENTRY(0xC003, TLS,ECDH,ECDSA,WITH,3DES,EDE,CBC,SHA),
361	CS_ENTRY(0xC003, ECDH,ECDSA,DES,CBC3,SHA,,,),
362	CS_ENTRY(0xC008, TLS,ECDHE,ECDSA,WITH,3DES,EDE,CBC,SHA),
363	CS_ENTRY(0xC008, ECDHE,ECDSA,DES,CBC3,SHA,,,),
364	CS_ENTRY(0xC00D, TLS,ECDH,RSA,WITH,3DES,EDE,CBC,SHA),
365	CS_ENTRY(0xC00D, ECDH,RSA,DES,CBC3,SHA,,,),
366	CS_ENTRY(0xC012, TLS,ECDHE,RSA,WITH,3DES,EDE,CBC,SHA),
367	CS_ENTRY(0xC012, ECDHE,RSA,DES,CBC3,SHA,,,),
368	#endif
369	#if defined(USE_MBEDTLS) \|\| defined(USE_BEARSSL)
370	CS_ENTRY(0xC09C, TLS,RSA,WITH,AES,128,CCM,,),
371	CS_ENTRY(0xC09C, AES128,CCM,,,,,,),
372	CS_ENTRY(0xC09D, TLS,RSA,WITH,AES,256,CCM,,),
373	CS_ENTRY(0xC09D, AES256,CCM,,,,,,),
374	CS_ENTRY(0xC0A0, TLS,RSA,WITH,AES,128,CCM,8,),
375	CS_ENTRY(0xC0A0, AES128,CCM8,,,,,,),
376	CS_ENTRY(0xC0A1, TLS,RSA,WITH,AES,256,CCM,8,),
377	CS_ENTRY(0xC0A1, AES256,CCM8,,,,,,),
378	CS_ENTRY(0xC0AC, TLS,ECDHE,ECDSA,WITH,AES,128,CCM,),
379	CS_ENTRY(0xC0AC, ECDHE,ECDSA,AES128,CCM,,,,),
380	CS_ENTRY(0xC0AD, TLS,ECDHE,ECDSA,WITH,AES,256,CCM,),
381	CS_ENTRY(0xC0AD, ECDHE,ECDSA,AES256,CCM,,,,),
382	CS_ENTRY(0xC0AE, TLS,ECDHE,ECDSA,WITH,AES,128,CCM,8),
383	CS_ENTRY(0xC0AE, ECDHE,ECDSA,AES128,CCM8,,,,),
384	CS_ENTRY(0xC0AF, TLS,ECDHE,ECDSA,WITH,AES,256,CCM,8),
385	CS_ENTRY(0xC0AF, ECDHE,ECDSA,AES256,CCM8,,,,),
386	#endif
387	#if defined(USE_SECTRANSP)
388	/* entries marked bc are backward compatible aliases for old OpenSSL names */
389	CS_ENTRY(0x0003, TLS,RSA,EXPORT,WITH,RC4,40,MD5,),
390	CS_ENTRY(0x0003, EXP,RC4,MD5,,,,,),
391	CS_ENTRY(0x0004, TLS,RSA,WITH,RC4,128,MD5,,),
392	CS_ENTRY(0x0004, RC4,MD5,,,,,,),
393	CS_ENTRY(0x0005, TLS,RSA,WITH,RC4,128,SHA,,),
394	CS_ENTRY(0x0005, RC4,SHA,,,,,,),
395	CS_ENTRY(0x0006, TLS,RSA,EXPORT,WITH,RC2,CBC,40,MD5),
396	CS_ENTRY(0x0006, EXP,RC2,CBC,MD5,,,,),
397	CS_ENTRY(0x0007, TLS,RSA,WITH,IDEA,CBC,SHA,,),
398	CS_ENTRY(0x0007, IDEA,CBC,SHA,,,,,),
399	CS_ENTRY(0x0008, TLS,RSA,EXPORT,WITH,DES40,CBC,SHA,),
400	CS_ENTRY(0x0008, EXP,DES,CBC,SHA,,,,),
401	CS_ENTRY(0x0009, TLS,RSA,WITH,DES,CBC,SHA,,),
402	CS_ENTRY(0x0009, DES,CBC,SHA,,,,,),
403	CS_ENTRY(0x000B, TLS,DH,DSS,EXPORT,WITH,DES40,CBC,SHA),
404	CS_ENTRY(0x000B, EXP,DH,DSS,DES,CBC,SHA,,),
405	CS_ENTRY(0x000C, TLS,DH,DSS,WITH,DES,CBC,SHA,),
406	CS_ENTRY(0x000C, DH,DSS,DES,CBC,SHA,,,),
407	CS_ENTRY(0x000D, TLS,DH,DSS,WITH,3DES,EDE,CBC,SHA),
408	CS_ENTRY(0x000D, DH,DSS,DES,CBC3,SHA,,,),
409	CS_ENTRY(0x000E, TLS,DH,RSA,EXPORT,WITH,DES40,CBC,SHA),
410	CS_ENTRY(0x000E, EXP,DH,RSA,DES,CBC,SHA,,),
411	CS_ENTRY(0x000F, TLS,DH,RSA,WITH,DES,CBC,SHA,),
412	CS_ENTRY(0x000F, DH,RSA,DES,CBC,SHA,,,),
413	CS_ENTRY(0x0010, TLS,DH,RSA,WITH,3DES,EDE,CBC,SHA),
414	CS_ENTRY(0x0010, DH,RSA,DES,CBC3,SHA,,,),
415	CS_ENTRY(0x0011, TLS,DHE,DSS,EXPORT,WITH,DES40,CBC,SHA),
416	CS_ENTRY(0x0011, EXP,DHE,DSS,DES,CBC,SHA,,),
417	CS_ENTRY(0x0011, EXP,EDH,DSS,DES,CBC,SHA,,), /* bc */
418	CS_ENTRY(0x0012, TLS,DHE,DSS,WITH,DES,CBC,SHA,),
419	CS_ENTRY(0x0012, DHE,DSS,DES,CBC,SHA,,,),
420	CS_ENTRY(0x0012, EDH,DSS,DES,CBC,SHA,,,), /* bc */
421	CS_ENTRY(0x0013, TLS,DHE,DSS,WITH,3DES,EDE,CBC,SHA),
422	CS_ENTRY(0x0013, DHE,DSS,DES,CBC3,SHA,,,),
423	CS_ENTRY(0x0013, EDH,DSS,DES,CBC3,SHA,,,), /* bc */
424	CS_ENTRY(0x0014, TLS,DHE,RSA,EXPORT,WITH,DES40,CBC,SHA),
425	CS_ENTRY(0x0014, EXP,DHE,RSA,DES,CBC,SHA,,),
426	CS_ENTRY(0x0014, EXP,EDH,RSA,DES,CBC,SHA,,), /* bc */
427	CS_ENTRY(0x0015, TLS,DHE,RSA,WITH,DES,CBC,SHA,),
428	CS_ENTRY(0x0015, DHE,RSA,DES,CBC,SHA,,,),
429	CS_ENTRY(0x0015, EDH,RSA,DES,CBC,SHA,,,), /* bc */
430	CS_ENTRY(0x0016, TLS,DHE,RSA,WITH,3DES,EDE,CBC,SHA),
431	CS_ENTRY(0x0016, DHE,RSA,DES,CBC3,SHA,,,),
432	CS_ENTRY(0x0016, EDH,RSA,DES,CBC3,SHA,,,), /* bc */
433	CS_ENTRY(0x0017, TLS,DH,anon,EXPORT,WITH,RC4,40,MD5),
434	CS_ENTRY(0x0017, EXP,ADH,RC4,MD5,,,,),
435	CS_ENTRY(0x0018, TLS,DH,anon,WITH,RC4,128,MD5,),
436	CS_ENTRY(0x0018, ADH,RC4,MD5,,,,,),
437	CS_ENTRY(0x0019, TLS,DH,anon,EXPORT,WITH,DES40,CBC,SHA),
438	CS_ENTRY(0x0019, EXP,ADH,DES,CBC,SHA,,,),
439	CS_ENTRY(0x001A, TLS,DH,anon,WITH,DES,CBC,SHA,),
440	CS_ENTRY(0x001A, ADH,DES,CBC,SHA,,,,),
441	CS_ENTRY(0x001B, TLS,DH,anon,WITH,3DES,EDE,CBC,SHA),
442	CS_ENTRY(0x001B, ADH,DES,CBC3,SHA,,,,),
443	CS_ENTRY(0x0030, TLS,DH,DSS,WITH,AES,128,CBC,SHA),
444	CS_ENTRY(0x0030, DH,DSS,AES128,SHA,,,,),
445	CS_ENTRY(0x0031, TLS,DH,RSA,WITH,AES,128,CBC,SHA),
446	CS_ENTRY(0x0031, DH,RSA,AES128,SHA,,,,),
447	CS_ENTRY(0x0032, TLS,DHE,DSS,WITH,AES,128,CBC,SHA),
448	CS_ENTRY(0x0032, DHE,DSS,AES128,SHA,,,,),
449	CS_ENTRY(0x0034, TLS,DH,anon,WITH,AES,128,CBC,SHA),
450	CS_ENTRY(0x0034, ADH,AES128,SHA,,,,,),
451	CS_ENTRY(0x0036, TLS,DH,DSS,WITH,AES,256,CBC,SHA),
452	CS_ENTRY(0x0036, DH,DSS,AES256,SHA,,,,),
453	CS_ENTRY(0x0037, TLS,DH,RSA,WITH,AES,256,CBC,SHA),
454	CS_ENTRY(0x0037, DH,RSA,AES256,SHA,,,,),
455	CS_ENTRY(0x0038, TLS,DHE,DSS,WITH,AES,256,CBC,SHA),
456	CS_ENTRY(0x0038, DHE,DSS,AES256,SHA,,,,),
457	CS_ENTRY(0x003A, TLS,DH,anon,WITH,AES,256,CBC,SHA),
458	CS_ENTRY(0x003A, ADH,AES256,SHA,,,,,),
459	CS_ENTRY(0x003E, TLS,DH,DSS,WITH,AES,128,CBC,SHA256),
460	CS_ENTRY(0x003E, DH,DSS,AES128,SHA256,,,,),
461	CS_ENTRY(0x003F, TLS,DH,RSA,WITH,AES,128,CBC,SHA256),
462	CS_ENTRY(0x003F, DH,RSA,AES128,SHA256,,,,),
463	CS_ENTRY(0x0040, TLS,DHE,DSS,WITH,AES,128,CBC,SHA256),
464	CS_ENTRY(0x0040, DHE,DSS,AES128,SHA256,,,,),
465	CS_ENTRY(0x0068, TLS,DH,DSS,WITH,AES,256,CBC,SHA256),
466	CS_ENTRY(0x0068, DH,DSS,AES256,SHA256,,,,),
467	CS_ENTRY(0x0069, TLS,DH,RSA,WITH,AES,256,CBC,SHA256),
468	CS_ENTRY(0x0069, DH,RSA,AES256,SHA256,,,,),
469	CS_ENTRY(0x006A, TLS,DHE,DSS,WITH,AES,256,CBC,SHA256),
470	CS_ENTRY(0x006A, DHE,DSS,AES256,SHA256,,,,),
471	CS_ENTRY(0x006C, TLS,DH,anon,WITH,AES,128,CBC,SHA256),
472	CS_ENTRY(0x006C, ADH,AES128,SHA256,,,,,),
473	CS_ENTRY(0x006D, TLS,DH,anon,WITH,AES,256,CBC,SHA256),
474	CS_ENTRY(0x006D, ADH,AES256,SHA256,,,,,),
475	CS_ENTRY(0x008A, TLS,PSK,WITH,RC4,128,SHA,,),
476	CS_ENTRY(0x008A, PSK,RC4,SHA,,,,,),
477	CS_ENTRY(0x008B, TLS,PSK,WITH,3DES,EDE,CBC,SHA,),
478	CS_ENTRY(0x008B, PSK,3DES,EDE,CBC,SHA,,,),
479	CS_ENTRY(0x008E, TLS,DHE,PSK,WITH,RC4,128,SHA,),
480	CS_ENTRY(0x008E, DHE,PSK,RC4,SHA,,,,),
481	CS_ENTRY(0x008F, TLS,DHE,PSK,WITH,3DES,EDE,CBC,SHA),
482	CS_ENTRY(0x008F, DHE,PSK,3DES,EDE,CBC,SHA,,),
483	CS_ENTRY(0x0092, TLS,RSA,PSK,WITH,RC4,128,SHA,),
484	CS_ENTRY(0x0092, RSA,PSK,RC4,SHA,,,,),
485	CS_ENTRY(0x0093, TLS,RSA,PSK,WITH,3DES,EDE,CBC,SHA),
486	CS_ENTRY(0x0093, RSA,PSK,3DES,EDE,CBC,SHA,,),
487	CS_ENTRY(0x00A0, TLS,DH,RSA,WITH,AES,128,GCM,SHA256),
488	CS_ENTRY(0x00A0, DH,RSA,AES128,GCM,SHA256,,,),
489	CS_ENTRY(0x00A1, TLS,DH,RSA,WITH,AES,256,GCM,SHA384),
490	CS_ENTRY(0x00A1, DH,RSA,AES256,GCM,SHA384,,,),
491	CS_ENTRY(0x00A2, TLS,DHE,DSS,WITH,AES,128,GCM,SHA256),
492	CS_ENTRY(0x00A2, DHE,DSS,AES128,GCM,SHA256,,,),
493	CS_ENTRY(0x00A3, TLS,DHE,DSS,WITH,AES,256,GCM,SHA384),
494	CS_ENTRY(0x00A3, DHE,DSS,AES256,GCM,SHA384,,,),
495	CS_ENTRY(0x00A4, TLS,DH,DSS,WITH,AES,128,GCM,SHA256),
496	CS_ENTRY(0x00A4, DH,DSS,AES128,GCM,SHA256,,,),
497	CS_ENTRY(0x00A5, TLS,DH,DSS,WITH,AES,256,GCM,SHA384),
498	CS_ENTRY(0x00A5, DH,DSS,AES256,GCM,SHA384,,,),
499	CS_ENTRY(0x00A6, TLS,DH,anon,WITH,AES,128,GCM,SHA256),
500	CS_ENTRY(0x00A6, ADH,AES128,GCM,SHA256,,,,),
501	CS_ENTRY(0x00A7, TLS,DH,anon,WITH,AES,256,GCM,SHA384),
502	CS_ENTRY(0x00A7, ADH,AES256,GCM,SHA384,,,,),
503	CS_ENTRY(0xC002, TLS,ECDH,ECDSA,WITH,RC4,128,SHA,),
504	CS_ENTRY(0xC002, ECDH,ECDSA,RC4,SHA,,,,),
505	CS_ENTRY(0xC007, TLS,ECDHE,ECDSA,WITH,RC4,128,SHA,),
506	CS_ENTRY(0xC007, ECDHE,ECDSA,RC4,SHA,,,,),
507	CS_ENTRY(0xC00C, TLS,ECDH,RSA,WITH,RC4,128,SHA,),
508	CS_ENTRY(0xC00C, ECDH,RSA,RC4,SHA,,,,),
509	CS_ENTRY(0xC011, TLS,ECDHE,RSA,WITH,RC4,128,SHA,),
510	CS_ENTRY(0xC011, ECDHE,RSA,RC4,SHA,,,,),
511	CS_ENTRY(0xC015, TLS,ECDH,anon,WITH,NULL,SHA,,),
512	CS_ENTRY(0xC015, AECDH,NULL,SHA,,,,,),
513	CS_ENTRY(0xC016, TLS,ECDH,anon,WITH,RC4,128,SHA,),
514	CS_ENTRY(0xC016, AECDH,RC4,SHA,,,,,),
515	CS_ENTRY(0xC017, TLS,ECDH,anon,WITH,3DES,EDE,CBC,SHA),
516	CS_ENTRY(0xC017, AECDH,DES,CBC3,SHA,,,,),
517	CS_ENTRY(0xC018, TLS,ECDH,anon,WITH,AES,128,CBC,SHA),
518	CS_ENTRY(0xC018, AECDH,AES128,SHA,,,,,),
519	CS_ENTRY(0xC019, TLS,ECDH,anon,WITH,AES,256,CBC,SHA),
520	CS_ENTRY(0xC019, AECDH,AES256,SHA,,,,,),
521	#endif
522	#if defined(USE_MBEDTLS)
523	/* entries marked ns are "non-standard", they are not in OpenSSL */
524	CS_ENTRY(0x0041, TLS,RSA,WITH,CAMELLIA,128,CBC,SHA,),
525	CS_ENTRY(0x0041, CAMELLIA128,SHA,,,,,,),
526	CS_ENTRY(0x0045, TLS,DHE,RSA,WITH,CAMELLIA,128,CBC,SHA),
527	CS_ENTRY(0x0045, DHE,RSA,CAMELLIA128,SHA,,,,),
528	CS_ENTRY(0x0084, TLS,RSA,WITH,CAMELLIA,256,CBC,SHA,),
529	CS_ENTRY(0x0084, CAMELLIA256,SHA,,,,,,),
530	CS_ENTRY(0x0088, TLS,DHE,RSA,WITH,CAMELLIA,256,CBC,SHA),
531	CS_ENTRY(0x0088, DHE,RSA,CAMELLIA256,SHA,,,,),
532	CS_ENTRY(0x00BA, TLS,RSA,WITH,CAMELLIA,128,CBC,SHA256,),
533	CS_ENTRY(0x00BA, CAMELLIA128,SHA256,,,,,,),
534	CS_ENTRY(0x00BE, TLS,DHE,RSA,WITH,CAMELLIA,128,CBC,SHA256),
535	CS_ENTRY(0x00BE, DHE,RSA,CAMELLIA128,SHA256,,,,),
536	CS_ENTRY(0x00C0, TLS,RSA,WITH,CAMELLIA,256,CBC,SHA256,),
537	CS_ENTRY(0x00C0, CAMELLIA256,SHA256,,,,,,),
538	CS_ENTRY(0x00C4, TLS,DHE,RSA,WITH,CAMELLIA,256,CBC,SHA256),
539	CS_ENTRY(0x00C4, DHE,RSA,CAMELLIA256,SHA256,,,,),
540	CS_ENTRY(0xC037, TLS,ECDHE,PSK,WITH,AES,128,CBC,SHA256),
541	CS_ENTRY(0xC037, ECDHE,PSK,AES128,CBC,SHA256,,,),
542	CS_ENTRY(0xC038, TLS,ECDHE,PSK,WITH,AES,256,CBC,SHA384),
543	CS_ENTRY(0xC038, ECDHE,PSK,AES256,CBC,SHA384,,,),
544	CS_ENTRY(0xC039, TLS,ECDHE,PSK,WITH,NULL,SHA,,),
545	CS_ENTRY(0xC039, ECDHE,PSK,NULL,SHA,,,,),
546	CS_ENTRY(0xC03A, TLS,ECDHE,PSK,WITH,NULL,SHA256,,),
547	CS_ENTRY(0xC03A, ECDHE,PSK,NULL,SHA256,,,,),
548	CS_ENTRY(0xC03B, TLS,ECDHE,PSK,WITH,NULL,SHA384,,),
549	CS_ENTRY(0xC03B, ECDHE,PSK,NULL,SHA384,,,,),
550	CS_ENTRY(0xC03C, TLS,RSA,WITH,ARIA,128,CBC,SHA256,),
551	CS_ENTRY(0xC03C, ARIA128,SHA256,,,,,,), /* ns */
552	CS_ENTRY(0xC03D, TLS,RSA,WITH,ARIA,256,CBC,SHA384,),
553	CS_ENTRY(0xC03D, ARIA256,SHA384,,,,,,), /* ns */
554	CS_ENTRY(0xC044, TLS,DHE,RSA,WITH,ARIA,128,CBC,SHA256),
555	CS_ENTRY(0xC044, DHE,RSA,ARIA128,SHA256,,,,), /* ns */
556	CS_ENTRY(0xC045, TLS,DHE,RSA,WITH,ARIA,256,CBC,SHA384),
557	CS_ENTRY(0xC045, DHE,RSA,ARIA256,SHA384,,,,), /* ns */
558	CS_ENTRY(0xC048, TLS,ECDHE,ECDSA,WITH,ARIA,128,CBC,SHA256),
559	CS_ENTRY(0xC048, ECDHE,ECDSA,ARIA128,SHA256,,,,), /* ns */
560	CS_ENTRY(0xC049, TLS,ECDHE,ECDSA,WITH,ARIA,256,CBC,SHA384),
561	CS_ENTRY(0xC049, ECDHE,ECDSA,ARIA256,SHA384,,,,), /* ns */
562	CS_ENTRY(0xC04A, TLS,ECDH,ECDSA,WITH,ARIA,128,CBC,SHA256),
563	CS_ENTRY(0xC04A, ECDH,ECDSA,ARIA128,SHA256,,,,), /* ns */
564	CS_ENTRY(0xC04B, TLS,ECDH,ECDSA,WITH,ARIA,256,CBC,SHA384),
565	CS_ENTRY(0xC04B, ECDH,ECDSA,ARIA256,SHA384,,,,), /* ns */
566	CS_ENTRY(0xC04C, TLS,ECDHE,RSA,WITH,ARIA,128,CBC,SHA256),
567	CS_ENTRY(0xC04C, ECDHE,ARIA128,SHA256,,,,,), /* ns */
568	CS_ENTRY(0xC04D, TLS,ECDHE,RSA,WITH,ARIA,256,CBC,SHA384),
569	CS_ENTRY(0xC04D, ECDHE,ARIA256,SHA384,,,,,), /* ns */
570	CS_ENTRY(0xC04E, TLS,ECDH,RSA,WITH,ARIA,128,CBC,SHA256),
571	CS_ENTRY(0xC04E, ECDH,ARIA128,SHA256,,,,,), /* ns */
572	CS_ENTRY(0xC04F, TLS,ECDH,RSA,WITH,ARIA,256,CBC,SHA384),
573	CS_ENTRY(0xC04F, ECDH,ARIA256,SHA384,,,,,), /* ns */
574	CS_ENTRY(0xC050, TLS,RSA,WITH,ARIA,128,GCM,SHA256,),
575	CS_ENTRY(0xC050, ARIA128,GCM,SHA256,,,,,),
576	CS_ENTRY(0xC051, TLS,RSA,WITH,ARIA,256,GCM,SHA384,),
577	CS_ENTRY(0xC051, ARIA256,GCM,SHA384,,,,,),
578	CS_ENTRY(0xC052, TLS,DHE,RSA,WITH,ARIA,128,GCM,SHA256),
579	CS_ENTRY(0xC052, DHE,RSA,ARIA128,GCM,SHA256,,,),
580	CS_ENTRY(0xC053, TLS,DHE,RSA,WITH,ARIA,256,GCM,SHA384),
581	CS_ENTRY(0xC053, DHE,RSA,ARIA256,GCM,SHA384,,,),
582	CS_ENTRY(0xC05C, TLS,ECDHE,ECDSA,WITH,ARIA,128,GCM,SHA256),
583	CS_ENTRY(0xC05C, ECDHE,ECDSA,ARIA128,GCM,SHA256,,,),
584	CS_ENTRY(0xC05D, TLS,ECDHE,ECDSA,WITH,ARIA,256,GCM,SHA384),
585	CS_ENTRY(0xC05D, ECDHE,ECDSA,ARIA256,GCM,SHA384,,,),
586	CS_ENTRY(0xC05E, TLS,ECDH,ECDSA,WITH,ARIA,128,GCM,SHA256),
587	CS_ENTRY(0xC05E, ECDH,ECDSA,ARIA128,GCM,SHA256,,,), /* ns */
588	CS_ENTRY(0xC05F, TLS,ECDH,ECDSA,WITH,ARIA,256,GCM,SHA384),
589	CS_ENTRY(0xC05F, ECDH,ECDSA,ARIA256,GCM,SHA384,,,), /* ns */
590	CS_ENTRY(0xC060, TLS,ECDHE,RSA,WITH,ARIA,128,GCM,SHA256),
591	CS_ENTRY(0xC060, ECDHE,ARIA128,GCM,SHA256,,,,),
592	CS_ENTRY(0xC061, TLS,ECDHE,RSA,WITH,ARIA,256,GCM,SHA384),
593	CS_ENTRY(0xC061, ECDHE,ARIA256,GCM,SHA384,,,,),
594	CS_ENTRY(0xC062, TLS,ECDH,RSA,WITH,ARIA,128,GCM,SHA256),
595	CS_ENTRY(0xC062, ECDH,ARIA128,GCM,SHA256,,,,), /* ns */
596	CS_ENTRY(0xC063, TLS,ECDH,RSA,WITH,ARIA,256,GCM,SHA384),
597	CS_ENTRY(0xC063, ECDH,ARIA256,GCM,SHA384,,,,), /* ns */
598	CS_ENTRY(0xC064, TLS,PSK,WITH,ARIA,128,CBC,SHA256,),
599	CS_ENTRY(0xC064, PSK,ARIA128,SHA256,,,,,), /* ns */
600	CS_ENTRY(0xC065, TLS,PSK,WITH,ARIA,256,CBC,SHA384,),
601	CS_ENTRY(0xC065, PSK,ARIA256,SHA384,,,,,), /* ns */
602	CS_ENTRY(0xC066, TLS,DHE,PSK,WITH,ARIA,128,CBC,SHA256),
603	CS_ENTRY(0xC066, DHE,PSK,ARIA128,SHA256,,,,), /* ns */
604	CS_ENTRY(0xC067, TLS,DHE,PSK,WITH,ARIA,256,CBC,SHA384),
605	CS_ENTRY(0xC067, DHE,PSK,ARIA256,SHA384,,,,), /* ns */
606	CS_ENTRY(0xC068, TLS,RSA,PSK,WITH,ARIA,128,CBC,SHA256),
607	CS_ENTRY(0xC068, RSA,PSK,ARIA128,SHA256,,,,), /* ns */
608	CS_ENTRY(0xC069, TLS,RSA,PSK,WITH,ARIA,256,CBC,SHA384),
609	CS_ENTRY(0xC069, RSA,PSK,ARIA256,SHA384,,,,), /* ns */
610	CS_ENTRY(0xC06A, TLS,PSK,WITH,ARIA,128,GCM,SHA256,),
611	CS_ENTRY(0xC06A, PSK,ARIA128,GCM,SHA256,,,,),
612	CS_ENTRY(0xC06B, TLS,PSK,WITH,ARIA,256,GCM,SHA384,),
613	CS_ENTRY(0xC06B, PSK,ARIA256,GCM,SHA384,,,,),
614	CS_ENTRY(0xC06C, TLS,DHE,PSK,WITH,ARIA,128,GCM,SHA256),
615	CS_ENTRY(0xC06C, DHE,PSK,ARIA128,GCM,SHA256,,,),
616	CS_ENTRY(0xC06D, TLS,DHE,PSK,WITH,ARIA,256,GCM,SHA384),
617	CS_ENTRY(0xC06D, DHE,PSK,ARIA256,GCM,SHA384,,,),
618	CS_ENTRY(0xC06E, TLS,RSA,PSK,WITH,ARIA,128,GCM,SHA256),
619	CS_ENTRY(0xC06E, RSA,PSK,ARIA128,GCM,SHA256,,,),
620	CS_ENTRY(0xC06F, TLS,RSA,PSK,WITH,ARIA,256,GCM,SHA384),
621	CS_ENTRY(0xC06F, RSA,PSK,ARIA256,GCM,SHA384,,,),
622	CS_ENTRY(0xC070, TLS,ECDHE,PSK,WITH,ARIA,128,CBC,SHA256),
623	CS_ENTRY(0xC070, ECDHE,PSK,ARIA128,SHA256,,,,), /* ns */
624	CS_ENTRY(0xC071, TLS,ECDHE,PSK,WITH,ARIA,256,CBC,SHA384),
625	CS_ENTRY(0xC071, ECDHE,PSK,ARIA256,SHA384,,,,), /* ns */
626	CS_ENTRY(0xC072, TLS,ECDHE,ECDSA,WITH,CAMELLIA,128,CBC,SHA256),
627	CS_ENTRY(0xC072, ECDHE,ECDSA,CAMELLIA128,SHA256,,,,),
628	CS_ENTRY(0xC073, TLS,ECDHE,ECDSA,WITH,CAMELLIA,256,CBC,SHA384),
629	CS_ENTRY(0xC073, ECDHE,ECDSA,CAMELLIA256,SHA384,,,,),
630	CS_ENTRY(0xC074, TLS,ECDH,ECDSA,WITH,CAMELLIA,128,CBC,SHA256),
631	CS_ENTRY(0xC074, ECDH,ECDSA,CAMELLIA128,SHA256,,,,), /* ns */
632	CS_ENTRY(0xC075, TLS,ECDH,ECDSA,WITH,CAMELLIA,256,CBC,SHA384),
633	CS_ENTRY(0xC075, ECDH,ECDSA,CAMELLIA256,SHA384,,,,), /* ns */
634	CS_ENTRY(0xC076, TLS,ECDHE,RSA,WITH,CAMELLIA,128,CBC,SHA256),
635	CS_ENTRY(0xC076, ECDHE,RSA,CAMELLIA128,SHA256,,,,),
636	CS_ENTRY(0xC077, TLS,ECDHE,RSA,WITH,CAMELLIA,256,CBC,SHA384),
637	CS_ENTRY(0xC077, ECDHE,RSA,CAMELLIA256,SHA384,,,,),
638	CS_ENTRY(0xC078, TLS,ECDH,RSA,WITH,CAMELLIA,128,CBC,SHA256),
639	CS_ENTRY(0xC078, ECDH,CAMELLIA128,SHA256,,,,,), /* ns */
640	CS_ENTRY(0xC079, TLS,ECDH,RSA,WITH,CAMELLIA,256,CBC,SHA384),
641	CS_ENTRY(0xC079, ECDH,CAMELLIA256,SHA384,,,,,), /* ns */
642	CS_ENTRY(0xC07A, TLS,RSA,WITH,CAMELLIA,128,GCM,SHA256,),
643	CS_ENTRY(0xC07A, CAMELLIA128,GCM,SHA256,,,,,), /* ns */
644	CS_ENTRY(0xC07B, TLS,RSA,WITH,CAMELLIA,256,GCM,SHA384,),
645	CS_ENTRY(0xC07B, CAMELLIA256,GCM,SHA384,,,,,), /* ns */
646	CS_ENTRY(0xC07C, TLS,DHE,RSA,WITH,CAMELLIA,128,GCM,SHA256),
647	CS_ENTRY(0xC07C, DHE,RSA,CAMELLIA128,GCM,SHA256,,,), /* ns */
648	CS_ENTRY(0xC07D, TLS,DHE,RSA,WITH,CAMELLIA,256,GCM,SHA384),
649	CS_ENTRY(0xC07D, DHE,RSA,CAMELLIA256,GCM,SHA384,,,), /* ns */
650	CS_ENTRY(0xC086, TLS,ECDHE,ECDSA,WITH,CAMELLIA,128,GCM,SHA256),
651	CS_ENTRY(0xC086, ECDHE,ECDSA,CAMELLIA128,GCM,SHA256,,,), /* ns */
652	CS_ENTRY(0xC087, TLS,ECDHE,ECDSA,WITH,CAMELLIA,256,GCM,SHA384),
653	CS_ENTRY(0xC087, ECDHE,ECDSA,CAMELLIA256,GCM,SHA384,,,), /* ns */
654	CS_ENTRY(0xC088, TLS,ECDH,ECDSA,WITH,CAMELLIA,128,GCM,SHA256),
655	CS_ENTRY(0xC088, ECDH,ECDSA,CAMELLIA128,GCM,SHA256,,,), /* ns */
656	CS_ENTRY(0xC089, TLS,ECDH,ECDSA,WITH,CAMELLIA,256,GCM,SHA384),
657	CS_ENTRY(0xC089, ECDH,ECDSA,CAMELLIA256,GCM,SHA384,,,), /* ns */
658	CS_ENTRY(0xC08A, TLS,ECDHE,RSA,WITH,CAMELLIA,128,GCM,SHA256),
659	CS_ENTRY(0xC08A, ECDHE,CAMELLIA128,GCM,SHA256,,,,), /* ns */
660	CS_ENTRY(0xC08B, TLS,ECDHE,RSA,WITH,CAMELLIA,256,GCM,SHA384),
661	CS_ENTRY(0xC08B, ECDHE,CAMELLIA256,GCM,SHA384,,,,), /* ns */
662	CS_ENTRY(0xC08C, TLS,ECDH,RSA,WITH,CAMELLIA,128,GCM,SHA256),
663	CS_ENTRY(0xC08C, ECDH,CAMELLIA128,GCM,SHA256,,,,), /* ns */
664	CS_ENTRY(0xC08D, TLS,ECDH,RSA,WITH,CAMELLIA,256,GCM,SHA384),
665	CS_ENTRY(0xC08D, ECDH,CAMELLIA256,GCM,SHA384,,,,), /* ns */
666	CS_ENTRY(0xC08E, TLS,PSK,WITH,CAMELLIA,128,GCM,SHA256,),
667	CS_ENTRY(0xC08E, PSK,CAMELLIA128,GCM,SHA256,,,,), /* ns */
668	CS_ENTRY(0xC08F, TLS,PSK,WITH,CAMELLIA,256,GCM,SHA384,),
669	CS_ENTRY(0xC08F, PSK,CAMELLIA256,GCM,SHA384,,,,), /* ns */
670	CS_ENTRY(0xC090, TLS,DHE,PSK,WITH,CAMELLIA,128,GCM,SHA256),
671	CS_ENTRY(0xC090, DHE,PSK,CAMELLIA128,GCM,SHA256,,,), /* ns */
672	CS_ENTRY(0xC091, TLS,DHE,PSK,WITH,CAMELLIA,256,GCM,SHA384),
673	CS_ENTRY(0xC091, DHE,PSK,CAMELLIA256,GCM,SHA384,,,), /* ns */
674	CS_ENTRY(0xC092, TLS,RSA,PSK,WITH,CAMELLIA,128,GCM,SHA256),
675	CS_ENTRY(0xC092, RSA,PSK,CAMELLIA128,GCM,SHA256,,,), /* ns */
676	CS_ENTRY(0xC093, TLS,RSA,PSK,WITH,CAMELLIA,256,GCM,SHA384),
677	CS_ENTRY(0xC093, RSA,PSK,CAMELLIA256,GCM,SHA384,,,), /* ns */
678	CS_ENTRY(0xC094, TLS,PSK,WITH,CAMELLIA,128,CBC,SHA256,),
679	CS_ENTRY(0xC094, PSK,CAMELLIA128,SHA256,,,,,),
680	CS_ENTRY(0xC095, TLS,PSK,WITH,CAMELLIA,256,CBC,SHA384,),
681	CS_ENTRY(0xC095, PSK,CAMELLIA256,SHA384,,,,,),
682	CS_ENTRY(0xC096, TLS,DHE,PSK,WITH,CAMELLIA,128,CBC,SHA256),
683	CS_ENTRY(0xC096, DHE,PSK,CAMELLIA128,SHA256,,,,),
684	CS_ENTRY(0xC097, TLS,DHE,PSK,WITH,CAMELLIA,256,CBC,SHA384),
685	CS_ENTRY(0xC097, DHE,PSK,CAMELLIA256,SHA384,,,,),
686	CS_ENTRY(0xC098, TLS,RSA,PSK,WITH,CAMELLIA,128,CBC,SHA256),
687	CS_ENTRY(0xC098, RSA,PSK,CAMELLIA128,SHA256,,,,),
688	CS_ENTRY(0xC099, TLS,RSA,PSK,WITH,CAMELLIA,256,CBC,SHA384),
689	CS_ENTRY(0xC099, RSA,PSK,CAMELLIA256,SHA384,,,,),
690	CS_ENTRY(0xC09A, TLS,ECDHE,PSK,WITH,CAMELLIA,128,CBC,SHA256),
691	CS_ENTRY(0xC09A, ECDHE,PSK,CAMELLIA128,SHA256,,,,),
692	CS_ENTRY(0xC09B, TLS,ECDHE,PSK,WITH,CAMELLIA,256,CBC,SHA384),
693	CS_ENTRY(0xC09B, ECDHE,PSK,CAMELLIA256,SHA384,,,,),
694	CS_ENTRY(0xC09E, TLS,DHE,RSA,WITH,AES,128,CCM,),
695	CS_ENTRY(0xC09E, DHE,RSA,AES128,CCM,,,,),
696	CS_ENTRY(0xC09F, TLS,DHE,RSA,WITH,AES,256,CCM,),
697	CS_ENTRY(0xC09F, DHE,RSA,AES256,CCM,,,,),
698	CS_ENTRY(0xC0A2, TLS,DHE,RSA,WITH,AES,128,CCM,8),
699	CS_ENTRY(0xC0A2, DHE,RSA,AES128,CCM8,,,,),
700	CS_ENTRY(0xC0A3, TLS,DHE,RSA,WITH,AES,256,CCM,8),
701	CS_ENTRY(0xC0A3, DHE,RSA,AES256,CCM8,,,,),
702	CS_ENTRY(0xC0A4, TLS,PSK,WITH,AES,128,CCM,,),
703	CS_ENTRY(0xC0A4, PSK,AES128,CCM,,,,,),
704	CS_ENTRY(0xC0A5, TLS,PSK,WITH,AES,256,CCM,,),
705	CS_ENTRY(0xC0A5, PSK,AES256,CCM,,,,,),
706	CS_ENTRY(0xC0A6, TLS,DHE,PSK,WITH,AES,128,CCM,),
707	CS_ENTRY(0xC0A6, DHE,PSK,AES128,CCM,,,,),
708	CS_ENTRY(0xC0A7, TLS,DHE,PSK,WITH,AES,256,CCM,),
709	CS_ENTRY(0xC0A7, DHE,PSK,AES256,CCM,,,,),
710	CS_ENTRY(0xC0A8, TLS,PSK,WITH,AES,128,CCM,8,),
711	CS_ENTRY(0xC0A8, PSK,AES128,CCM8,,,,,),
712	CS_ENTRY(0xC0A9, TLS,PSK,WITH,AES,256,CCM,8,),
713	CS_ENTRY(0xC0A9, PSK,AES256,CCM8,,,,,),
714	CS_ENTRY(0xC0AA, TLS,PSK,DHE,WITH,AES,128,CCM,8),
715	CS_ENTRY(0xC0AA, DHE,PSK,AES128,CCM8,,,,),
716	CS_ENTRY(0xC0AB, TLS,PSK,DHE,WITH,AES,256,CCM,8),
717	CS_ENTRY(0xC0AB, DHE,PSK,AES256,CCM8,,,,),
718	CS_ENTRY(0xCCAA, TLS,DHE,RSA,WITH,CHACHA20,POLY1305,SHA256,),
719	CS_ENTRY(0xCCAA, DHE,RSA,CHACHA20,POLY1305,,,,),
720	CS_ENTRY(0xCCAC, TLS,ECDHE,PSK,WITH,CHACHA20,POLY1305,SHA256,),
721	CS_ENTRY(0xCCAC, ECDHE,PSK,CHACHA20,POLY1305,,,,),
722	CS_ENTRY(0xCCAD, TLS,DHE,PSK,WITH,CHACHA20,POLY1305,SHA256,),
723	CS_ENTRY(0xCCAD, DHE,PSK,CHACHA20,POLY1305,,,,),
724	CS_ENTRY(0xCCAE, TLS,RSA,PSK,WITH,CHACHA20,POLY1305,SHA256,),
725	CS_ENTRY(0xCCAE, RSA,PSK,CHACHA20,POLY1305,,,,),
726	#endif
727	};
728	#define CS_LIST_LEN (sizeof(cs_list) / sizeof(cs_list[0]))
729
730	static int cs_str_to_zip(const char *cs_str, size_t cs_len,
731	uint8_t zip[6])
732	{
733	uint8_t indexes[8] = {0};
734	const char entry, cur;
735	const char *nxt = cs_str;
736	const char *end = cs_str + cs_len;
737	char separator = '-';
738	int idx, i = 0;
739	size_t len;
740
741	/* split the cipher string by '-' or '_' */
742	if(strncasecompare(cs_str, "TLS", 3))
743	separator = '_';
744
745	do {
746	if(i == 8)
747	return -1;
748
749	/* determine the length of the part */
750	cur = nxt;
751	for(; nxt < end && nxt != '\0' && nxt != separator; nxt++);
752	len = nxt - cur;
753
754	/* lookup index for the part (skip empty string at 0) */
755	for(idx = 1, entry = cs_txt + 1; idx < CS_TXT_LEN; idx++) {
756	size_t elen = strlen(entry);
757	if(elen == len && strncasecompare(entry, cur, len))
758	break;
759	entry += elen + 1;
760	}
761	if(idx == CS_TXT_LEN)
762	return -1;
763
764	indexes[i++] = (uint8_t) idx;
765	} while(nxt < end && *(nxt++) != '\0');
766
767	/* zip the 8 indexes into 48 bits */
768	zip[0] = (uint8_t) (indexes[0] << 2 \| (indexes[1] & 0x3F) >> 4);
769	zip[1] = (uint8_t) (indexes[1] << 4 \| (indexes[2] & 0x3F) >> 2);
770	zip[2] = (uint8_t) (indexes[2] << 6 \| (indexes[3] & 0x3F));
771	zip[3] = (uint8_t) (indexes[4] << 2 \| (indexes[5] & 0x3F) >> 4);
772	zip[4] = (uint8_t) (indexes[5] << 4 \| (indexes[6] & 0x3F) >> 2);
773	zip[5] = (uint8_t) (indexes[6] << 6 \| (indexes[7] & 0x3F));
774
775	return 0;
776	}
777
778	static int cs_zip_to_str(const uint8_t zip[6],
779	char *buf, size_t buf_size)
780	{
781	uint8_t indexes[8] = {0};
782	const char *entry;
783	char separator = '-';
784	int idx, i, r;
785	size_t len = 0;
786
787	/* unzip the 8 indexes */
788	indexes[0] = zip[0] >> 2;
789	indexes[1] = ((zip[0] << 4) & 0x3F) \| zip[1] >> 4;
790	indexes[2] = ((zip[1] << 2) & 0x3F) \| zip[2] >> 6;
791	indexes[3] = ((zip[2] << 0) & 0x3F);
792	indexes[4] = zip[3] >> 2;
793	indexes[5] = ((zip[3] << 4) & 0x3F) \| zip[4] >> 4;
794	indexes[6] = ((zip[4] << 2) & 0x3F) \| zip[5] >> 6;
795	indexes[7] = ((zip[5] << 0) & 0x3F);
796
797	if(indexes[0] == CS_TXT_IDX_TLS)
798	separator = '_';
799
800	for(i = 0; i < 8 && indexes[i] != 0 && len < buf_size; i++) {
801	if(indexes[i] >= CS_TXT_LEN)
802	return -1;
803
804	/* lookup the part string for the index (skip empty string at 0) */
805	for(idx = 1, entry = cs_txt + 1; idx < indexes[i]; idx++) {
806	size_t elen = strlen(entry);
807	entry += elen + 1;
808	}
809
810	/* append the part string to the buffer */
811	if(i > 0)
812	r = msnprintf(&buf[len], buf_size - len, "%c%s", separator, entry);
813	else
814	r = msnprintf(&buf[len], buf_size - len, "%s", entry);
815
816	if(r < 0)
817	return -1;
818	len += r;
819	}
820
821	return 0;
822	}
823
824	uint16_t Curl_cipher_suite_lookup_id(const char *cs_str, size_t cs_len)
825	{
826	size_t i;
827	uint8_t zip[6];
828
829	if(cs_len > 0 && cs_str_to_zip(cs_str, cs_len, zip) == 0) {
830	for(i = 0; i < CS_LIST_LEN; i++) {
831	if(memcmp(cs_list[i].zip, zip, sizeof(zip)) == 0)
832	return cs_list[i].id;
833	}
834	}
835
836	return 0;
837	}
838
839	static bool cs_is_separator(char c)
840	{
841	switch(c) {
842	case ' ':
843	case '\t':
844	case ':':
845	case ',':
846	case ';':
847	return TRUE;
848	default:;
849	}
850	return FALSE;
851	}
852
853	uint16_t Curl_cipher_suite_walk_str(const char str, const char end)
854	{
855	/* move string pointer to first non-separator or end of string */
856	for(; cs_is_separator(str[0]); (str)++);
857
858	/* move end pointer to next separator or end of string */
859	for(end = str; end[0] != '\0' && !cs_is_separator(end[0]); (*end)++);
860
861	return Curl_cipher_suite_lookup_id(str, end - *str);
862	}
863
864	int Curl_cipher_suite_get_str(uint16_t id, char *buf, size_t buf_size,
865	bool prefer_rfc)
866	{
867	size_t i, j = CS_LIST_LEN;
868	int r = -1;
869
870	for(i = 0; i < CS_LIST_LEN; i++) {
871	if(cs_list[i].id != id)
872	continue;
873	if((cs_list[i].zip[0] >> 2 != CS_TXT_IDX_TLS) == !prefer_rfc) {
874	j = i;
875	break;
876	}
877	if(j == CS_LIST_LEN)
878	j = i;
879	}
880
881	if(j < CS_LIST_LEN)
882	r = cs_zip_to_str(cs_list[j].zip, buf, buf_size);
883
884	if(r < 0)
885	msnprintf(buf, buf_size, "TLS_UNKNOWN_0x%04x", id);
886
887	return r;
888	}
889
890	#endif /* defined(USE_SECTRANSP) \|\| defined(USE_MBEDTLS) \|\| \
891	defined(USE_BEARSSL) \|\| defined(USE_RUSTLS) */

注意: 瀏覽 TracBrowser 來幫助您使用儲存庫瀏覽器

source: vbox/trunk/src/libs/curl-8.11.1/lib/vtls/cipher_suite.c@ 108333

以其他格式下載: