From a96b04ffcf8fd7375dc3c0f90602bf679f5a9791 Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Wed, 12 Jan 2022 10:37:53 +0100 Subject: [PATCH] gnutls_ciphersuite_get: new function to get unique ciphersuite name The existing method to obtain the name of the currently negotiated TLS ciphersuite is as follows: - call gnutls_cipher_get, gnutls_mac_get, gnutls_kx_get - call gnutls_cipher_suite_get_name with the value from the above functions This process is cumbersome and only works with TLS 1.2 or earlier; moreover the returned names are GnuTLS specific. This change adds a new function gnutls_ciphersuite_get to eliminate those limitations. It returns the "canonical" name of the ciphersuite, which is mostly identical to the ones registered in IANA, with an exception for compatibility. Signed-off-by: Daiki Ueno --- .gitignore | 1 + devel/gen-ciphersuite-names.py | 67 ++++++ devel/libgnutls.abignore | 2 + devel/symbols.last | 2 + doc/Makefile.am | 2 + doc/manpages/Makefile.am | 1 + lib/algorithms/ciphersuites.c | 388 ++++++++++++++++---------------- lib/gnutls_int.h | 1 + lib/includes/gnutls/gnutls.h.in | 3 + lib/libgnutls.map | 8 + lib/state.c | 29 +++ tests/Makefile.am | 2 +- tests/ciphersuite-name.c | 121 ++++++++++ 13 files changed, 432 insertions(+), 195 deletions(-) create mode 100644 devel/gen-ciphersuite-names.py create mode 100644 tests/ciphersuite-name.c diff --git a/.gitignore b/.gitignore index 2465946e72..e6f08947ca 100644 --- a/.gitignore +++ b/.gitignore @@ -357,6 +357,7 @@ tests/chainverify tests/chainverify-unsorted tests/cipher-alignment tests/cipher-test +tests/ciphersuite-name tests/client tests/client-fastopen tests/client-sign-md5-rep diff --git a/devel/gen-ciphersuite-names.py b/devel/gen-ciphersuite-names.py new file mode 100644 index 0000000000..2f7de717a4 --- /dev/null +++ b/devel/gen-ciphersuite-names.py @@ -0,0 +1,67 @@ +#!/usr/bin/python + +# This script outputs the mapping from GnuTLS ciphersuite names to +# IANA ciphersuite names. It can be invoked as: +# +# $ wget https://www.iana.org/assignments/tls-parameters/tls-parameters-4.csv +# $ python devel/gen-ciphersuite-names.py \ +# lib/algorithms/ciphersuites.c tls-parameters-4.csv + +from typing import Mapping, TextIO, Tuple +import csv +import re + + +def read_c(io: TextIO) -> Mapping[Tuple[int, int], str]: + result = dict() + for line in io: + m = re.match((r'#define\s+(GNUTLS_\S*)\s+\{\s*' + r'0x([0-9a-fA-F]{2})\s*,\s*' + r'0x([0-9a-fA-F]{2})\s*\}'), + line) + if m: + result[(int(m.group(2), 16), + int(m.group(3), 16))] = m.group(1) + return result + + +def read_csv(io: TextIO) -> Mapping[Tuple[int, int], str]: + result = dict() + for row in csv.reader(io): + m = re.match((r'\s*0x([0-9a-fA-F]{2})\s*,' + r'\s*0x([0-9a-fA-F]{2})' + r'(?:-([0-9a-fA-F]{2}))?\s*'), row[0]) + if m: + first = int(m.group(1), 16) + second = list() + second.append(int(m.group(2), 16)) + if m.lastindex == 3: + second = list(range(second[-1], int(m.group(3), 16)+1)) + for c in second: + result[(first, c)] = re.sub(r'\s+', ' ', row[1]) + return result + + +UNASSIGNED = { + (0x00, 0x66): 'TLS_DHE_DSS_RC4_128_SHA' +} + + +if __name__ == '__main__': + import argparse + + parser = argparse.ArgumentParser() + parser.add_argument('c', type=argparse.FileType('r')) + parser.add_argument('csv', type=argparse.FileType('r')) + + args = parser.parse_args() + + g = read_c(args.c) + i = read_csv(args.csv) + + for (k, v) in g.items(): + if i[k].startswith('TLS_'): + canonical_name = i[k] + else: + canonical_name = UNASSIGNED[k] + print(f'{v}\t{canonical_name}') diff --git a/devel/libgnutls.abignore b/devel/libgnutls.abignore index c19dce38e1..15e6827f05 100644 --- a/devel/libgnutls.abignore +++ b/devel/libgnutls.abignore @@ -70,3 +70,5 @@ name = drbg_aes_reseed # The following should be removed in the new release, after updating the # abi-dump repository: +[suppress_function] +name = gnutls_ciphersuite_get diff --git a/devel/symbols.last b/devel/symbols.last index 7535696f83..84018a07e8 100644 --- a/devel/symbols.last +++ b/devel/symbols.last @@ -14,6 +14,7 @@ GNUTLS_3_6_9@GNUTLS_3_6_9 GNUTLS_3_7_0@GNUTLS_3_7_0 GNUTLS_3_7_2@GNUTLS_3_7_2 GNUTLS_3_7_3@GNUTLS_3_7_3 +GNUTLS_3_7_4@GNUTLS_3_7_4 _gnutls_global_init_skip@GNUTLS_3_4 gnutls_aead_cipher_decrypt@GNUTLS_3_4 gnutls_aead_cipher_decryptv2@GNUTLS_3_6_10 @@ -148,6 +149,7 @@ gnutls_cipher_set_iv@GNUTLS_3_4 gnutls_cipher_suite_get_name@GNUTLS_3_4 gnutls_cipher_suite_info@GNUTLS_3_4 gnutls_cipher_tag@GNUTLS_3_4 +gnutls_ciphersuite_get@GNUTLS_3_7_4 gnutls_compression_get@GNUTLS_3_4 gnutls_compression_get_id@GNUTLS_3_4 gnutls_compression_get_name@GNUTLS_3_4 diff --git a/doc/Makefile.am b/doc/Makefile.am index 9d54110ac9..51b0256ec7 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -888,6 +888,8 @@ FUNCS += functions/gnutls_cipher_list FUNCS += functions/gnutls_cipher_list.short FUNCS += functions/gnutls_cipher_set_iv FUNCS += functions/gnutls_cipher_set_iv.short +FUNCS += functions/gnutls_ciphersuite_get +FUNCS += functions/gnutls_ciphersuite_get.short FUNCS += functions/gnutls_cipher_suite_get_name FUNCS += functions/gnutls_cipher_suite_get_name.short FUNCS += functions/gnutls_cipher_suite_info diff --git a/doc/manpages/Makefile.am b/doc/manpages/Makefile.am index 2037bf91a9..a964259790 100644 --- a/doc/manpages/Makefile.am +++ b/doc/manpages/Makefile.am @@ -284,6 +284,7 @@ APIMANS += gnutls_cipher_get_tag_size.3 APIMANS += gnutls_cipher_init.3 APIMANS += gnutls_cipher_list.3 APIMANS += gnutls_cipher_set_iv.3 +APIMANS += gnutls_ciphersuite_get.3 APIMANS += gnutls_cipher_suite_get_name.3 APIMANS += gnutls_cipher_suite_info.3 APIMANS += gnutls_cipher_tag.3 diff --git a/lib/algorithms/ciphersuites.c b/lib/algorithms/ciphersuites.c index 9408397610..c7ce245056 100644 --- a/lib/algorithms/ciphersuites.c +++ b/lib/algorithms/ciphersuites.c @@ -37,12 +37,12 @@ #endif /* Cipher SUITES */ -#define ENTRY( name, block_algorithm, kx_algorithm, mac_algorithm, min_version, dtls_version ) \ - { #name, name, block_algorithm, kx_algorithm, mac_algorithm, min_version, GNUTLS_TLS1_2, dtls_version, GNUTLS_DTLS1_2, GNUTLS_MAC_SHA256} -#define ENTRY_PRF( name, block_algorithm, kx_algorithm, mac_algorithm, min_version, dtls_version, prf ) \ - { #name, name, block_algorithm, kx_algorithm, mac_algorithm, min_version, GNUTLS_TLS1_2, dtls_version, GNUTLS_DTLS1_2, prf} -#define ENTRY_TLS13( name, block_algorithm, min_version, prf ) \ - { #name, name, block_algorithm, 0, GNUTLS_MAC_AEAD, min_version, GNUTLS_TLS1_3, GNUTLS_VERSION_UNKNOWN, GNUTLS_VERSION_UNKNOWN, prf} +#define ENTRY( name, canonical_name, block_algorithm, kx_algorithm, mac_algorithm, min_version, dtls_version ) \ + { #name, name, canonical_name, block_algorithm, kx_algorithm, mac_algorithm, min_version, GNUTLS_TLS1_2, dtls_version, GNUTLS_DTLS1_2, GNUTLS_MAC_SHA256} +#define ENTRY_PRF( name, canonical_name, block_algorithm, kx_algorithm, mac_algorithm, min_version, dtls_version, prf ) \ + { #name, name, canonical_name, block_algorithm, kx_algorithm, mac_algorithm, min_version, GNUTLS_TLS1_2, dtls_version, GNUTLS_DTLS1_2, prf} +#define ENTRY_TLS13( name, canonical_name, block_algorithm, min_version, prf ) \ + { #name, name, canonical_name, block_algorithm, 0, GNUTLS_MAC_AEAD, min_version, GNUTLS_TLS1_3, GNUTLS_VERSION_UNKNOWN, GNUTLS_VERSION_UNKNOWN, prf} /* TLS 1.3 ciphersuites */ #define GNUTLS_AES_128_GCM_SHA256 { 0x13, 0x01 } @@ -346,128 +346,128 @@ */ static const gnutls_cipher_suite_entry_st cs_algorithms[] = { /* TLS 1.3 */ - ENTRY_TLS13(GNUTLS_AES_128_GCM_SHA256, + ENTRY_TLS13(GNUTLS_AES_128_GCM_SHA256, "TLS_AES_128_GCM_SHA256", GNUTLS_CIPHER_AES_128_GCM, GNUTLS_TLS1_3, GNUTLS_MAC_SHA256), - ENTRY_TLS13(GNUTLS_AES_256_GCM_SHA384, + ENTRY_TLS13(GNUTLS_AES_256_GCM_SHA384, "TLS_AES_256_GCM_SHA384", GNUTLS_CIPHER_AES_256_GCM, GNUTLS_TLS1_3, GNUTLS_MAC_SHA384), - ENTRY_TLS13(GNUTLS_CHACHA20_POLY1305_SHA256, + ENTRY_TLS13(GNUTLS_CHACHA20_POLY1305_SHA256, "TLS_CHACHA20_POLY1305_SHA256", GNUTLS_CIPHER_CHACHA20_POLY1305, GNUTLS_TLS1_3, GNUTLS_MAC_SHA256), - ENTRY_TLS13(GNUTLS_AES_128_CCM_SHA256, + ENTRY_TLS13(GNUTLS_AES_128_CCM_SHA256, "TLS_AES_128_CCM_SHA256", GNUTLS_CIPHER_AES_128_CCM, GNUTLS_TLS1_3, GNUTLS_MAC_SHA256), - ENTRY_TLS13(GNUTLS_AES_128_CCM_8_SHA256, + ENTRY_TLS13(GNUTLS_AES_128_CCM_8_SHA256, "TLS_AES_128_CCM_8_SHA256", GNUTLS_CIPHER_AES_128_CCM_8, GNUTLS_TLS1_3, GNUTLS_MAC_SHA256), /* RSA-NULL */ - ENTRY(GNUTLS_RSA_NULL_MD5, + ENTRY(GNUTLS_RSA_NULL_MD5, "TLS_RSA_WITH_NULL_MD5", GNUTLS_CIPHER_NULL, GNUTLS_KX_RSA, GNUTLS_MAC_MD5, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), - ENTRY(GNUTLS_RSA_NULL_SHA1, + ENTRY(GNUTLS_RSA_NULL_SHA1, "TLS_RSA_WITH_NULL_SHA", GNUTLS_CIPHER_NULL, GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), - ENTRY(GNUTLS_RSA_NULL_SHA256, + ENTRY(GNUTLS_RSA_NULL_SHA256, "TLS_RSA_WITH_NULL_SHA256", GNUTLS_CIPHER_NULL, GNUTLS_KX_RSA, GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), /* RSA */ - ENTRY(GNUTLS_RSA_ARCFOUR_128_SHA1, + ENTRY(GNUTLS_RSA_ARCFOUR_128_SHA1, "TLS_RSA_WITH_RC4_128_SHA", GNUTLS_CIPHER_ARCFOUR_128, GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_VERSION_UNKNOWN), - ENTRY(GNUTLS_RSA_ARCFOUR_128_MD5, + ENTRY(GNUTLS_RSA_ARCFOUR_128_MD5, "TLS_RSA_WITH_RC4_128_MD5", GNUTLS_CIPHER_ARCFOUR_128, GNUTLS_KX_RSA, GNUTLS_MAC_MD5, GNUTLS_SSL3, GNUTLS_VERSION_UNKNOWN), - ENTRY(GNUTLS_RSA_3DES_EDE_CBC_SHA1, + ENTRY(GNUTLS_RSA_3DES_EDE_CBC_SHA1, "TLS_RSA_WITH_3DES_EDE_CBC_SHA", GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), - ENTRY(GNUTLS_RSA_AES_128_CBC_SHA1, + ENTRY(GNUTLS_RSA_AES_128_CBC_SHA1, "TLS_RSA_WITH_AES_128_CBC_SHA", GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), - ENTRY(GNUTLS_RSA_AES_256_CBC_SHA1, + ENTRY(GNUTLS_RSA_AES_256_CBC_SHA1, "TLS_RSA_WITH_AES_256_CBC_SHA", GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), - ENTRY(GNUTLS_RSA_CAMELLIA_128_CBC_SHA256, + ENTRY(GNUTLS_RSA_CAMELLIA_128_CBC_SHA256, "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256", GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_RSA, GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), - ENTRY(GNUTLS_RSA_CAMELLIA_256_CBC_SHA256, + ENTRY(GNUTLS_RSA_CAMELLIA_256_CBC_SHA256, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256", GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_RSA, GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), - ENTRY(GNUTLS_RSA_CAMELLIA_128_CBC_SHA1, + ENTRY(GNUTLS_RSA_CAMELLIA_128_CBC_SHA1, "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA", GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), - ENTRY(GNUTLS_RSA_CAMELLIA_256_CBC_SHA1, + ENTRY(GNUTLS_RSA_CAMELLIA_256_CBC_SHA1, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA", GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), - ENTRY(GNUTLS_RSA_AES_128_CBC_SHA256, + ENTRY(GNUTLS_RSA_AES_128_CBC_SHA256, "TLS_RSA_WITH_AES_128_CBC_SHA256", GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA, GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), - ENTRY(GNUTLS_RSA_AES_256_CBC_SHA256, + ENTRY(GNUTLS_RSA_AES_256_CBC_SHA256, "TLS_RSA_WITH_AES_256_CBC_SHA256", GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA, GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), /* GCM */ - ENTRY(GNUTLS_RSA_AES_128_GCM_SHA256, + ENTRY(GNUTLS_RSA_AES_128_GCM_SHA256, "TLS_RSA_WITH_AES_128_GCM_SHA256", GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_RSA, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), - ENTRY_PRF(GNUTLS_RSA_AES_256_GCM_SHA384, + ENTRY_PRF(GNUTLS_RSA_AES_256_GCM_SHA384, "TLS_RSA_WITH_AES_256_GCM_SHA384", GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_RSA, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384), - ENTRY(GNUTLS_RSA_CAMELLIA_128_GCM_SHA256, + ENTRY(GNUTLS_RSA_CAMELLIA_128_GCM_SHA256, "TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256", GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_RSA, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), - ENTRY_PRF(GNUTLS_RSA_CAMELLIA_256_GCM_SHA384, + ENTRY_PRF(GNUTLS_RSA_CAMELLIA_256_GCM_SHA384, "TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384", GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_RSA, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384), /* CCM */ - ENTRY(GNUTLS_RSA_AES_128_CCM, + ENTRY(GNUTLS_RSA_AES_128_CCM, "TLS_RSA_WITH_AES_128_CCM", GNUTLS_CIPHER_AES_128_CCM, GNUTLS_KX_RSA, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), - ENTRY(GNUTLS_RSA_AES_256_CCM, + ENTRY(GNUTLS_RSA_AES_256_CCM, "TLS_RSA_WITH_AES_256_CCM", GNUTLS_CIPHER_AES_256_CCM, GNUTLS_KX_RSA, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), /* CCM_8 */ - ENTRY(GNUTLS_RSA_AES_128_CCM_8, + ENTRY(GNUTLS_RSA_AES_128_CCM_8, "TLS_RSA_WITH_AES_128_CCM_8", GNUTLS_CIPHER_AES_128_CCM_8, GNUTLS_KX_RSA, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), - ENTRY(GNUTLS_RSA_AES_256_CCM_8, + ENTRY(GNUTLS_RSA_AES_256_CCM_8, "TLS_RSA_WITH_AES_256_CCM_8", GNUTLS_CIPHER_AES_256_CCM_8, GNUTLS_KX_RSA, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), @@ -475,146 +475,146 @@ static const gnutls_cipher_suite_entry_st cs_algorithms[] = { /* DHE_DSS */ #ifdef ENABLE_DHE - ENTRY(GNUTLS_DHE_DSS_ARCFOUR_128_SHA1, + ENTRY(GNUTLS_DHE_DSS_ARCFOUR_128_SHA1, "TLS_DHE_DSS_RC4_128_SHA", GNUTLS_CIPHER_ARCFOUR_128, GNUTLS_KX_DHE_DSS, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_VERSION_UNKNOWN), - ENTRY(GNUTLS_DHE_DSS_3DES_EDE_CBC_SHA1, + ENTRY(GNUTLS_DHE_DSS_3DES_EDE_CBC_SHA1, "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA", GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_DSS, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), - ENTRY(GNUTLS_DHE_DSS_AES_128_CBC_SHA1, + ENTRY(GNUTLS_DHE_DSS_AES_128_CBC_SHA1, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_DSS, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), - ENTRY(GNUTLS_DHE_DSS_AES_256_CBC_SHA1, + ENTRY(GNUTLS_DHE_DSS_AES_256_CBC_SHA1, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_DSS, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), - ENTRY(GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA256, + ENTRY(GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA256, "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256", GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_DHE_DSS, GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), - ENTRY(GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA256, + ENTRY(GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA256, "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256", GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_DHE_DSS, GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), - ENTRY(GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA1, + ENTRY(GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA1, "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA", GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_DHE_DSS, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), - ENTRY(GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA1, + ENTRY(GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA1, "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA", GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_DHE_DSS, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), - ENTRY(GNUTLS_DHE_DSS_AES_128_CBC_SHA256, + ENTRY(GNUTLS_DHE_DSS_AES_128_CBC_SHA256, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_DSS, GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), - ENTRY(GNUTLS_DHE_DSS_AES_256_CBC_SHA256, + ENTRY(GNUTLS_DHE_DSS_AES_256_CBC_SHA256, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256", GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_DSS, GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), /* GCM */ - ENTRY(GNUTLS_DHE_DSS_AES_128_GCM_SHA256, + ENTRY(GNUTLS_DHE_DSS_AES_128_GCM_SHA256, "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256", GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_DHE_DSS, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), - ENTRY_PRF(GNUTLS_DHE_DSS_AES_256_GCM_SHA384, + ENTRY_PRF(GNUTLS_DHE_DSS_AES_256_GCM_SHA384, "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384", GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_DHE_DSS, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384), - ENTRY(GNUTLS_DHE_DSS_CAMELLIA_128_GCM_SHA256, + ENTRY(GNUTLS_DHE_DSS_CAMELLIA_128_GCM_SHA256, "TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256", GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_DHE_DSS, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), - ENTRY_PRF(GNUTLS_DHE_DSS_CAMELLIA_256_GCM_SHA384, + ENTRY_PRF(GNUTLS_DHE_DSS_CAMELLIA_256_GCM_SHA384, "TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384", GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_DHE_DSS, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384), /* DHE_RSA */ - ENTRY(GNUTLS_DHE_RSA_3DES_EDE_CBC_SHA1, + ENTRY(GNUTLS_DHE_RSA_3DES_EDE_CBC_SHA1, "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA", GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), - ENTRY(GNUTLS_DHE_RSA_AES_128_CBC_SHA1, + ENTRY(GNUTLS_DHE_RSA_AES_128_CBC_SHA1, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), - ENTRY(GNUTLS_DHE_RSA_AES_256_CBC_SHA1, + ENTRY(GNUTLS_DHE_RSA_AES_256_CBC_SHA1, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), - ENTRY(GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA256, + ENTRY(GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA256, "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256", GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_DHE_RSA, GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), - ENTRY(GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA256, + ENTRY(GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA256, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256", GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_DHE_RSA, GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), - ENTRY(GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA1, + ENTRY(GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA1, "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA", GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_DHE_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), - ENTRY(GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA1, + ENTRY(GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA1, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA", GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_DHE_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), - ENTRY(GNUTLS_DHE_RSA_AES_128_CBC_SHA256, + ENTRY(GNUTLS_DHE_RSA_AES_128_CBC_SHA256, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_RSA, GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), - ENTRY(GNUTLS_DHE_RSA_AES_256_CBC_SHA256, + ENTRY(GNUTLS_DHE_RSA_AES_256_CBC_SHA256, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_RSA, GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), /* GCM */ - ENTRY(GNUTLS_DHE_RSA_AES_128_GCM_SHA256, + ENTRY(GNUTLS_DHE_RSA_AES_128_GCM_SHA256, "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_DHE_RSA, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), - ENTRY_PRF(GNUTLS_DHE_RSA_AES_256_GCM_SHA384, + ENTRY_PRF(GNUTLS_DHE_RSA_AES_256_GCM_SHA384, "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_DHE_RSA, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384), - ENTRY(GNUTLS_DHE_RSA_CAMELLIA_128_GCM_SHA256, + ENTRY(GNUTLS_DHE_RSA_CAMELLIA_128_GCM_SHA256, "TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256", GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_DHE_RSA, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), - ENTRY_PRF(GNUTLS_DHE_RSA_CAMELLIA_256_GCM_SHA384, + ENTRY_PRF(GNUTLS_DHE_RSA_CAMELLIA_256_GCM_SHA384, "TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384", GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_DHE_RSA, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384), - ENTRY(GNUTLS_DHE_RSA_CHACHA20_POLY1305, + ENTRY(GNUTLS_DHE_RSA_CHACHA20_POLY1305, "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256", GNUTLS_CIPHER_CHACHA20_POLY1305, GNUTLS_KX_DHE_RSA, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), /* CCM */ - ENTRY(GNUTLS_DHE_RSA_AES_128_CCM, + ENTRY(GNUTLS_DHE_RSA_AES_128_CCM, "TLS_DHE_RSA_WITH_AES_128_CCM", GNUTLS_CIPHER_AES_128_CCM, GNUTLS_KX_DHE_RSA, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), - ENTRY(GNUTLS_DHE_RSA_AES_256_CCM, + ENTRY(GNUTLS_DHE_RSA_AES_256_CCM, "TLS_DHE_RSA_WITH_AES_256_CCM", GNUTLS_CIPHER_AES_256_CCM, GNUTLS_KX_DHE_RSA, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), - ENTRY(GNUTLS_DHE_RSA_AES_128_CCM_8, + ENTRY(GNUTLS_DHE_RSA_AES_128_CCM_8, "TLS_DHE_RSA_WITH_AES_128_CCM_8", GNUTLS_CIPHER_AES_128_CCM_8, GNUTLS_KX_DHE_RSA, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), - ENTRY(GNUTLS_DHE_RSA_AES_256_CCM_8, + ENTRY(GNUTLS_DHE_RSA_AES_256_CCM_8, "TLS_DHE_RSA_WITH_AES_256_CCM_8", GNUTLS_CIPHER_AES_256_CCM_8, GNUTLS_KX_DHE_RSA, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), @@ -622,564 +622,564 @@ static const gnutls_cipher_suite_entry_st cs_algorithms[] = { #endif /* DHE */ #ifdef ENABLE_ECDHE /* ECC-RSA */ - ENTRY(GNUTLS_ECDHE_RSA_NULL_SHA1, + ENTRY(GNUTLS_ECDHE_RSA_NULL_SHA1, "TLS_ECDHE_RSA_WITH_NULL_SHA", GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), - ENTRY(GNUTLS_ECDHE_RSA_3DES_EDE_CBC_SHA1, + ENTRY(GNUTLS_ECDHE_RSA_3DES_EDE_CBC_SHA1, "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ECDHE_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), - ENTRY(GNUTLS_ECDHE_RSA_AES_128_CBC_SHA1, + ENTRY(GNUTLS_ECDHE_RSA_AES_128_CBC_SHA1, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), - ENTRY(GNUTLS_ECDHE_RSA_AES_256_CBC_SHA1, + ENTRY(GNUTLS_ECDHE_RSA_AES_256_CBC_SHA1, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), - ENTRY_PRF(GNUTLS_ECDHE_RSA_AES_256_CBC_SHA384, + ENTRY_PRF(GNUTLS_ECDHE_RSA_AES_256_CBC_SHA384, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_RSA, GNUTLS_MAC_SHA384, GNUTLS_TLS1_2, GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384), - ENTRY(GNUTLS_ECDHE_RSA_ARCFOUR_128_SHA1, + ENTRY(GNUTLS_ECDHE_RSA_ARCFOUR_128_SHA1, "TLS_ECDHE_RSA_WITH_RC4_128_SHA", GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_ECDHE_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_VERSION_UNKNOWN), - ENTRY(GNUTLS_ECDHE_RSA_CAMELLIA_128_CBC_SHA256, + ENTRY(GNUTLS_ECDHE_RSA_CAMELLIA_128_CBC_SHA256, "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256", GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_ECDHE_RSA, GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), - ENTRY_PRF(GNUTLS_ECDHE_RSA_CAMELLIA_256_CBC_SHA384, + ENTRY_PRF(GNUTLS_ECDHE_RSA_CAMELLIA_256_CBC_SHA384, "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384", GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_ECDHE_RSA, GNUTLS_MAC_SHA384, GNUTLS_TLS1_2, GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384), /* ECDHE-ECDSA */ - ENTRY(GNUTLS_ECDHE_ECDSA_NULL_SHA1, + ENTRY(GNUTLS_ECDHE_ECDSA_NULL_SHA1, "TLS_ECDHE_ECDSA_WITH_NULL_SHA", GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_ECDSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), - ENTRY(GNUTLS_ECDHE_ECDSA_3DES_EDE_CBC_SHA1, + ENTRY(GNUTLS_ECDHE_ECDSA_3DES_EDE_CBC_SHA1, "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ECDHE_ECDSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), - ENTRY(GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA1, + ENTRY(GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA1, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_ECDSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), - ENTRY(GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA1, + ENTRY(GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA1, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_ECDSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), - ENTRY(GNUTLS_ECDHE_ECDSA_ARCFOUR_128_SHA1, + ENTRY(GNUTLS_ECDHE_ECDSA_ARCFOUR_128_SHA1, "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_ECDHE_ECDSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_VERSION_UNKNOWN), - ENTRY(GNUTLS_ECDHE_ECDSA_CAMELLIA_128_CBC_SHA256, + ENTRY(GNUTLS_ECDHE_ECDSA_CAMELLIA_128_CBC_SHA256, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256", GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_ECDHE_ECDSA, GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), - ENTRY_PRF(GNUTLS_ECDHE_ECDSA_CAMELLIA_256_CBC_SHA384, + ENTRY_PRF(GNUTLS_ECDHE_ECDSA_CAMELLIA_256_CBC_SHA384, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384", GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_ECDHE_ECDSA, GNUTLS_MAC_SHA384, GNUTLS_TLS1_2, GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384), /* More ECC */ - ENTRY(GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA256, + ENTRY(GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA256, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_ECDSA, GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), - ENTRY(GNUTLS_ECDHE_RSA_AES_128_CBC_SHA256, + ENTRY(GNUTLS_ECDHE_RSA_AES_128_CBC_SHA256, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_RSA, GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), - ENTRY(GNUTLS_ECDHE_ECDSA_CAMELLIA_128_GCM_SHA256, + ENTRY(GNUTLS_ECDHE_ECDSA_CAMELLIA_128_GCM_SHA256, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256", GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_ECDHE_ECDSA, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), - ENTRY_PRF(GNUTLS_ECDHE_ECDSA_CAMELLIA_256_GCM_SHA384, + ENTRY_PRF(GNUTLS_ECDHE_ECDSA_CAMELLIA_256_GCM_SHA384, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384", GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_ECDHE_ECDSA, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384), - ENTRY(GNUTLS_ECDHE_ECDSA_AES_128_GCM_SHA256, + ENTRY(GNUTLS_ECDHE_ECDSA_AES_128_GCM_SHA256, "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_ECDHE_ECDSA, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), - ENTRY_PRF(GNUTLS_ECDHE_ECDSA_AES_256_GCM_SHA384, + ENTRY_PRF(GNUTLS_ECDHE_ECDSA_AES_256_GCM_SHA384, "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_ECDHE_ECDSA, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384), - ENTRY(GNUTLS_ECDHE_RSA_AES_128_GCM_SHA256, + ENTRY(GNUTLS_ECDHE_RSA_AES_128_GCM_SHA256, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_ECDHE_RSA, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), - ENTRY_PRF(GNUTLS_ECDHE_RSA_AES_256_GCM_SHA384, + ENTRY_PRF(GNUTLS_ECDHE_RSA_AES_256_GCM_SHA384, "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_ECDHE_RSA, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384), - ENTRY_PRF(GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA384, + ENTRY_PRF(GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA384, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_ECDSA, GNUTLS_MAC_SHA384, GNUTLS_TLS1_2, GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384), - ENTRY(GNUTLS_ECDHE_RSA_CAMELLIA_128_GCM_SHA256, + ENTRY(GNUTLS_ECDHE_RSA_CAMELLIA_128_GCM_SHA256, "TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256", GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_ECDHE_RSA, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), - ENTRY_PRF(GNUTLS_ECDHE_RSA_CAMELLIA_256_GCM_SHA384, + ENTRY_PRF(GNUTLS_ECDHE_RSA_CAMELLIA_256_GCM_SHA384, "TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384", GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_ECDHE_RSA, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384), - ENTRY(GNUTLS_ECDHE_RSA_CHACHA20_POLY1305, + ENTRY(GNUTLS_ECDHE_RSA_CHACHA20_POLY1305, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", GNUTLS_CIPHER_CHACHA20_POLY1305, GNUTLS_KX_ECDHE_RSA, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), - ENTRY(GNUTLS_ECDHE_ECDSA_CHACHA20_POLY1305, + ENTRY(GNUTLS_ECDHE_ECDSA_CHACHA20_POLY1305, "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", GNUTLS_CIPHER_CHACHA20_POLY1305, GNUTLS_KX_ECDHE_ECDSA, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), - ENTRY(GNUTLS_ECDHE_ECDSA_AES_128_CCM, + ENTRY(GNUTLS_ECDHE_ECDSA_AES_128_CCM, "TLS_ECDHE_ECDSA_WITH_AES_128_CCM", GNUTLS_CIPHER_AES_128_CCM, GNUTLS_KX_ECDHE_ECDSA, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), - ENTRY(GNUTLS_ECDHE_ECDSA_AES_256_CCM, + ENTRY(GNUTLS_ECDHE_ECDSA_AES_256_CCM, "TLS_ECDHE_ECDSA_WITH_AES_256_CCM", GNUTLS_CIPHER_AES_256_CCM, GNUTLS_KX_ECDHE_ECDSA, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), - ENTRY(GNUTLS_ECDHE_ECDSA_AES_128_CCM_8, + ENTRY(GNUTLS_ECDHE_ECDSA_AES_128_CCM_8, "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8", GNUTLS_CIPHER_AES_128_CCM_8, GNUTLS_KX_ECDHE_ECDSA, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), - ENTRY(GNUTLS_ECDHE_ECDSA_AES_256_CCM_8, + ENTRY(GNUTLS_ECDHE_ECDSA_AES_256_CCM_8, "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8", GNUTLS_CIPHER_AES_256_CCM_8, GNUTLS_KX_ECDHE_ECDSA, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), #endif #ifdef ENABLE_PSK /* ECC - PSK */ - ENTRY(GNUTLS_ECDHE_PSK_3DES_EDE_CBC_SHA1, + ENTRY(GNUTLS_ECDHE_PSK_3DES_EDE_CBC_SHA1, "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA", GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ECDHE_PSK, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), - ENTRY(GNUTLS_ECDHE_PSK_AES_128_CBC_SHA1, + ENTRY(GNUTLS_ECDHE_PSK_AES_128_CBC_SHA1, "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA", GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_PSK, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), - ENTRY(GNUTLS_ECDHE_PSK_AES_256_CBC_SHA1, + ENTRY(GNUTLS_ECDHE_PSK_AES_256_CBC_SHA1, "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA", GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_PSK, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), - ENTRY(GNUTLS_ECDHE_PSK_AES_128_CBC_SHA256, + ENTRY(GNUTLS_ECDHE_PSK_AES_128_CBC_SHA256, "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256", GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_PSK, GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), - ENTRY_PRF(GNUTLS_ECDHE_PSK_AES_256_CBC_SHA384, + ENTRY_PRF(GNUTLS_ECDHE_PSK_AES_256_CBC_SHA384, "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384", GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_PSK, GNUTLS_MAC_SHA384, GNUTLS_TLS1_2, GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384), - ENTRY(GNUTLS_ECDHE_PSK_ARCFOUR_128_SHA1, + ENTRY(GNUTLS_ECDHE_PSK_ARCFOUR_128_SHA1, "TLS_ECDHE_PSK_WITH_RC4_128_SHA", GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_ECDHE_PSK, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_VERSION_UNKNOWN), - ENTRY(GNUTLS_ECDHE_PSK_NULL_SHA1, + ENTRY(GNUTLS_ECDHE_PSK_NULL_SHA1, "TLS_ECDHE_PSK_WITH_NULL_SHA", GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_PSK, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), - ENTRY(GNUTLS_ECDHE_PSK_NULL_SHA256, + ENTRY(GNUTLS_ECDHE_PSK_NULL_SHA256, "TLS_ECDHE_PSK_WITH_NULL_SHA256", GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_PSK, GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), - ENTRY_PRF(GNUTLS_ECDHE_PSK_NULL_SHA384, + ENTRY_PRF(GNUTLS_ECDHE_PSK_NULL_SHA384, "TLS_ECDHE_PSK_WITH_NULL_SHA384", GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_PSK, GNUTLS_MAC_SHA384, GNUTLS_TLS1, GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384), - ENTRY(GNUTLS_ECDHE_PSK_CAMELLIA_128_CBC_SHA256, + ENTRY(GNUTLS_ECDHE_PSK_CAMELLIA_128_CBC_SHA256, "TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256", GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_ECDHE_PSK, GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), - ENTRY_PRF(GNUTLS_ECDHE_PSK_CAMELLIA_256_CBC_SHA384, + ENTRY_PRF(GNUTLS_ECDHE_PSK_CAMELLIA_256_CBC_SHA384, "TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384", GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_ECDHE_PSK, GNUTLS_MAC_SHA384, GNUTLS_TLS1_2, GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384), /* PSK */ - ENTRY(GNUTLS_PSK_ARCFOUR_128_SHA1, + ENTRY(GNUTLS_PSK_ARCFOUR_128_SHA1, "TLS_PSK_WITH_RC4_128_SHA", GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_PSK, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_VERSION_UNKNOWN), - ENTRY(GNUTLS_PSK_3DES_EDE_CBC_SHA1, + ENTRY(GNUTLS_PSK_3DES_EDE_CBC_SHA1, "TLS_PSK_WITH_3DES_EDE_CBC_SHA", GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_PSK, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), - ENTRY(GNUTLS_PSK_AES_128_CBC_SHA1, + ENTRY(GNUTLS_PSK_AES_128_CBC_SHA1, "TLS_PSK_WITH_AES_128_CBC_SHA", GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_PSK, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), - ENTRY(GNUTLS_PSK_AES_256_CBC_SHA1, + ENTRY(GNUTLS_PSK_AES_256_CBC_SHA1, "TLS_PSK_WITH_AES_256_CBC_SHA", GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_PSK, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), - ENTRY(GNUTLS_PSK_AES_128_CBC_SHA256, + ENTRY(GNUTLS_PSK_AES_128_CBC_SHA256, "TLS_PSK_WITH_AES_128_CBC_SHA256", GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_PSK, GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), - ENTRY_PRF(GNUTLS_PSK_AES_256_GCM_SHA384, + ENTRY_PRF(GNUTLS_PSK_AES_256_GCM_SHA384, "TLS_PSK_WITH_AES_256_GCM_SHA384", GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_PSK, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384), - ENTRY(GNUTLS_PSK_CAMELLIA_128_GCM_SHA256, + ENTRY(GNUTLS_PSK_CAMELLIA_128_GCM_SHA256, "TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256", GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_PSK, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), - ENTRY_PRF(GNUTLS_PSK_CAMELLIA_256_GCM_SHA384, + ENTRY_PRF(GNUTLS_PSK_CAMELLIA_256_GCM_SHA384, "TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384", GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_PSK, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384), - ENTRY(GNUTLS_PSK_AES_128_GCM_SHA256, + ENTRY(GNUTLS_PSK_AES_128_GCM_SHA256, "TLS_PSK_WITH_AES_128_GCM_SHA256", GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_PSK, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), - ENTRY(GNUTLS_PSK_NULL_SHA1, + ENTRY(GNUTLS_PSK_NULL_SHA1, "TLS_PSK_WITH_NULL_SHA", GNUTLS_CIPHER_NULL, GNUTLS_KX_PSK, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), - ENTRY(GNUTLS_PSK_NULL_SHA256, + ENTRY(GNUTLS_PSK_NULL_SHA256, "TLS_PSK_WITH_NULL_SHA256", GNUTLS_CIPHER_NULL, GNUTLS_KX_PSK, GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), - ENTRY(GNUTLS_PSK_CAMELLIA_128_CBC_SHA256, + ENTRY(GNUTLS_PSK_CAMELLIA_128_CBC_SHA256, "TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256", GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_PSK, GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), - ENTRY_PRF(GNUTLS_PSK_CAMELLIA_256_CBC_SHA384, + ENTRY_PRF(GNUTLS_PSK_CAMELLIA_256_CBC_SHA384, "TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384", GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_PSK, GNUTLS_MAC_SHA384, GNUTLS_TLS1_2, GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384), - ENTRY_PRF(GNUTLS_PSK_AES_256_CBC_SHA384, + ENTRY_PRF(GNUTLS_PSK_AES_256_CBC_SHA384, "TLS_PSK_WITH_AES_256_CBC_SHA384", GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_PSK, GNUTLS_MAC_SHA384, GNUTLS_TLS1_2, GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384), - ENTRY_PRF(GNUTLS_PSK_NULL_SHA384, + ENTRY_PRF(GNUTLS_PSK_NULL_SHA384, "TLS_PSK_WITH_NULL_SHA384", GNUTLS_CIPHER_NULL, GNUTLS_KX_PSK, GNUTLS_MAC_SHA384, GNUTLS_TLS1_2, GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384), /* RSA-PSK */ - ENTRY(GNUTLS_RSA_PSK_ARCFOUR_128_SHA1, + ENTRY(GNUTLS_RSA_PSK_ARCFOUR_128_SHA1, "TLS_RSA_PSK_WITH_RC4_128_SHA", GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_RSA_PSK, GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_VERSION_UNKNOWN), - ENTRY(GNUTLS_RSA_PSK_3DES_EDE_CBC_SHA1, + ENTRY(GNUTLS_RSA_PSK_3DES_EDE_CBC_SHA1, "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA", GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_RSA_PSK, GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_DTLS_VERSION_MIN), - ENTRY(GNUTLS_RSA_PSK_AES_128_CBC_SHA1, + ENTRY(GNUTLS_RSA_PSK_AES_128_CBC_SHA1, "TLS_RSA_PSK_WITH_AES_128_CBC_SHA", GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA_PSK, GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_DTLS_VERSION_MIN), - ENTRY(GNUTLS_RSA_PSK_AES_256_CBC_SHA1, + ENTRY(GNUTLS_RSA_PSK_AES_256_CBC_SHA1, "TLS_RSA_PSK_WITH_AES_256_CBC_SHA", GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA_PSK, GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_DTLS_VERSION_MIN), - ENTRY(GNUTLS_RSA_PSK_CAMELLIA_128_GCM_SHA256, + ENTRY(GNUTLS_RSA_PSK_CAMELLIA_128_GCM_SHA256, "TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256", GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_RSA_PSK, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), - ENTRY_PRF(GNUTLS_RSA_PSK_CAMELLIA_256_GCM_SHA384, + ENTRY_PRF(GNUTLS_RSA_PSK_CAMELLIA_256_GCM_SHA384, "TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384", GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_RSA_PSK, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384), - ENTRY(GNUTLS_RSA_PSK_AES_128_GCM_SHA256, + ENTRY(GNUTLS_RSA_PSK_AES_128_GCM_SHA256, "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256", GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_RSA_PSK, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), - ENTRY(GNUTLS_RSA_PSK_AES_128_CBC_SHA256, + ENTRY(GNUTLS_RSA_PSK_AES_128_CBC_SHA256, "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256", GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA_PSK, GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), - ENTRY(GNUTLS_RSA_PSK_NULL_SHA1, + ENTRY(GNUTLS_RSA_PSK_NULL_SHA1, "TLS_RSA_PSK_WITH_NULL_SHA", GNUTLS_CIPHER_NULL, GNUTLS_KX_RSA_PSK, GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_DTLS_VERSION_MIN), - ENTRY(GNUTLS_RSA_PSK_NULL_SHA256, + ENTRY(GNUTLS_RSA_PSK_NULL_SHA256, "TLS_RSA_PSK_WITH_NULL_SHA256", GNUTLS_CIPHER_NULL, GNUTLS_KX_RSA_PSK, GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), - ENTRY_PRF(GNUTLS_RSA_PSK_AES_256_GCM_SHA384, + ENTRY_PRF(GNUTLS_RSA_PSK_AES_256_GCM_SHA384, "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384", GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_RSA_PSK, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384), - ENTRY_PRF(GNUTLS_RSA_PSK_AES_256_CBC_SHA384, + ENTRY_PRF(GNUTLS_RSA_PSK_AES_256_CBC_SHA384, "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384", GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA_PSK, GNUTLS_MAC_SHA384, GNUTLS_TLS1_2, GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384), - ENTRY_PRF(GNUTLS_RSA_PSK_NULL_SHA384, + ENTRY_PRF(GNUTLS_RSA_PSK_NULL_SHA384, "TLS_RSA_PSK_WITH_NULL_SHA384", GNUTLS_CIPHER_NULL, GNUTLS_KX_RSA_PSK, GNUTLS_MAC_SHA384, GNUTLS_TLS1_2, GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384), - ENTRY(GNUTLS_RSA_PSK_CAMELLIA_128_CBC_SHA256, + ENTRY(GNUTLS_RSA_PSK_CAMELLIA_128_CBC_SHA256, "TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256", GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_RSA_PSK, GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), - ENTRY_PRF(GNUTLS_RSA_PSK_CAMELLIA_256_CBC_SHA384, + ENTRY_PRF(GNUTLS_RSA_PSK_CAMELLIA_256_CBC_SHA384, "TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384", GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_RSA_PSK, GNUTLS_MAC_SHA384, GNUTLS_TLS1_2, GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384), /* DHE-PSK */ - ENTRY(GNUTLS_DHE_PSK_ARCFOUR_128_SHA1, + ENTRY(GNUTLS_DHE_PSK_ARCFOUR_128_SHA1, "TLS_DHE_PSK_WITH_RC4_128_SHA", GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_DHE_PSK, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_VERSION_UNKNOWN), - ENTRY(GNUTLS_DHE_PSK_3DES_EDE_CBC_SHA1, + ENTRY(GNUTLS_DHE_PSK_3DES_EDE_CBC_SHA1, "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA", GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_PSK, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), - ENTRY(GNUTLS_DHE_PSK_AES_128_CBC_SHA1, + ENTRY(GNUTLS_DHE_PSK_AES_128_CBC_SHA1, "TLS_DHE_PSK_WITH_AES_128_CBC_SHA", GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_PSK, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), - ENTRY(GNUTLS_DHE_PSK_AES_256_CBC_SHA1, + ENTRY(GNUTLS_DHE_PSK_AES_256_CBC_SHA1, "TLS_DHE_PSK_WITH_AES_256_CBC_SHA", GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_PSK, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), - ENTRY(GNUTLS_DHE_PSK_AES_128_CBC_SHA256, + ENTRY(GNUTLS_DHE_PSK_AES_128_CBC_SHA256, "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256", GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_PSK, GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), - ENTRY(GNUTLS_DHE_PSK_AES_128_GCM_SHA256, + ENTRY(GNUTLS_DHE_PSK_AES_128_GCM_SHA256, "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256", GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_DHE_PSK, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), - ENTRY(GNUTLS_DHE_PSK_NULL_SHA1, + ENTRY(GNUTLS_DHE_PSK_NULL_SHA1, "TLS_DHE_PSK_WITH_NULL_SHA", GNUTLS_CIPHER_NULL, GNUTLS_KX_DHE_PSK, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), - ENTRY(GNUTLS_DHE_PSK_NULL_SHA256, + ENTRY(GNUTLS_DHE_PSK_NULL_SHA256, "TLS_DHE_PSK_WITH_NULL_SHA256", GNUTLS_CIPHER_NULL, GNUTLS_KX_DHE_PSK, GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), - ENTRY_PRF(GNUTLS_DHE_PSK_NULL_SHA384, + ENTRY_PRF(GNUTLS_DHE_PSK_NULL_SHA384, "TLS_DHE_PSK_WITH_NULL_SHA384", GNUTLS_CIPHER_NULL, GNUTLS_KX_DHE_PSK, GNUTLS_MAC_SHA384, GNUTLS_TLS1_2, GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384), - ENTRY_PRF(GNUTLS_DHE_PSK_AES_256_CBC_SHA384, + ENTRY_PRF(GNUTLS_DHE_PSK_AES_256_CBC_SHA384, "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384", GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_PSK, GNUTLS_MAC_SHA384, GNUTLS_TLS1_2, GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384), - ENTRY_PRF(GNUTLS_DHE_PSK_AES_256_GCM_SHA384, + ENTRY_PRF(GNUTLS_DHE_PSK_AES_256_GCM_SHA384, "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384", GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_DHE_PSK, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384), - ENTRY(GNUTLS_DHE_PSK_CAMELLIA_128_CBC_SHA256, + ENTRY(GNUTLS_DHE_PSK_CAMELLIA_128_CBC_SHA256, "TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256", GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_DHE_PSK, GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), - ENTRY_PRF(GNUTLS_DHE_PSK_CAMELLIA_256_CBC_SHA384, + ENTRY_PRF(GNUTLS_DHE_PSK_CAMELLIA_256_CBC_SHA384, "TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384", GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_DHE_PSK, GNUTLS_MAC_SHA384, GNUTLS_TLS1_2, GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384), - ENTRY(GNUTLS_DHE_PSK_CAMELLIA_128_GCM_SHA256, + ENTRY(GNUTLS_DHE_PSK_CAMELLIA_128_GCM_SHA256, "TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256", GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_DHE_PSK, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), - ENTRY_PRF(GNUTLS_DHE_PSK_CAMELLIA_256_GCM_SHA384, + ENTRY_PRF(GNUTLS_DHE_PSK_CAMELLIA_256_GCM_SHA384, "TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384", GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_DHE_PSK, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384), - ENTRY(GNUTLS_PSK_AES_128_CCM, + ENTRY(GNUTLS_PSK_AES_128_CCM, "TLS_PSK_WITH_AES_128_CCM", GNUTLS_CIPHER_AES_128_CCM, GNUTLS_KX_PSK, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), - ENTRY(GNUTLS_PSK_AES_256_CCM, + ENTRY(GNUTLS_PSK_AES_256_CCM, "TLS_PSK_WITH_AES_256_CCM", GNUTLS_CIPHER_AES_256_CCM, GNUTLS_KX_PSK, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), - ENTRY(GNUTLS_DHE_PSK_AES_128_CCM, + ENTRY(GNUTLS_DHE_PSK_AES_128_CCM, "TLS_DHE_PSK_WITH_AES_128_CCM", GNUTLS_CIPHER_AES_128_CCM, GNUTLS_KX_DHE_PSK, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), - ENTRY(GNUTLS_DHE_PSK_AES_256_CCM, + ENTRY(GNUTLS_DHE_PSK_AES_256_CCM, "TLS_DHE_PSK_WITH_AES_256_CCM", GNUTLS_CIPHER_AES_256_CCM, GNUTLS_KX_DHE_PSK, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), - ENTRY(GNUTLS_PSK_AES_128_CCM_8, + ENTRY(GNUTLS_PSK_AES_128_CCM_8, "TLS_PSK_WITH_AES_128_CCM_8", GNUTLS_CIPHER_AES_128_CCM_8, GNUTLS_KX_PSK, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), - ENTRY(GNUTLS_PSK_AES_256_CCM_8, + ENTRY(GNUTLS_PSK_AES_256_CCM_8, "TLS_PSK_WITH_AES_256_CCM_8", GNUTLS_CIPHER_AES_256_CCM_8, GNUTLS_KX_PSK, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), - ENTRY(GNUTLS_DHE_PSK_AES_128_CCM_8, + ENTRY(GNUTLS_DHE_PSK_AES_128_CCM_8, "TLS_PSK_DHE_WITH_AES_128_CCM_8", GNUTLS_CIPHER_AES_128_CCM_8, GNUTLS_KX_DHE_PSK, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), - ENTRY(GNUTLS_DHE_PSK_AES_256_CCM_8, + ENTRY(GNUTLS_DHE_PSK_AES_256_CCM_8, "TLS_PSK_DHE_WITH_AES_256_CCM_8", GNUTLS_CIPHER_AES_256_CCM_8, GNUTLS_KX_DHE_PSK, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), - ENTRY(GNUTLS_DHE_PSK_CHACHA20_POLY1305, + ENTRY(GNUTLS_DHE_PSK_CHACHA20_POLY1305, "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256", GNUTLS_CIPHER_CHACHA20_POLY1305, GNUTLS_KX_DHE_PSK, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), - ENTRY(GNUTLS_ECDHE_PSK_CHACHA20_POLY1305, + ENTRY(GNUTLS_ECDHE_PSK_CHACHA20_POLY1305, "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256", GNUTLS_CIPHER_CHACHA20_POLY1305, GNUTLS_KX_ECDHE_PSK, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), - ENTRY(GNUTLS_RSA_PSK_CHACHA20_POLY1305, + ENTRY(GNUTLS_RSA_PSK_CHACHA20_POLY1305, "TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256", GNUTLS_CIPHER_CHACHA20_POLY1305, GNUTLS_KX_RSA_PSK, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), - ENTRY(GNUTLS_PSK_CHACHA20_POLY1305, + ENTRY(GNUTLS_PSK_CHACHA20_POLY1305, "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256", GNUTLS_CIPHER_CHACHA20_POLY1305, GNUTLS_KX_PSK, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), #endif #ifdef ENABLE_ANON /* DH_ANON */ - ENTRY(GNUTLS_DH_ANON_ARCFOUR_128_MD5, + ENTRY(GNUTLS_DH_ANON_ARCFOUR_128_MD5, "TLS_DH_anon_WITH_RC4_128_MD5", GNUTLS_CIPHER_ARCFOUR_128, GNUTLS_KX_ANON_DH, GNUTLS_MAC_MD5, GNUTLS_SSL3, GNUTLS_VERSION_UNKNOWN), - ENTRY(GNUTLS_DH_ANON_3DES_EDE_CBC_SHA1, + ENTRY(GNUTLS_DH_ANON_3DES_EDE_CBC_SHA1, "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA", GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ANON_DH, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), - ENTRY(GNUTLS_DH_ANON_AES_128_CBC_SHA1, + ENTRY(GNUTLS_DH_ANON_AES_128_CBC_SHA1, "TLS_DH_anon_WITH_AES_128_CBC_SHA", GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_DH, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), - ENTRY(GNUTLS_DH_ANON_AES_256_CBC_SHA1, + ENTRY(GNUTLS_DH_ANON_AES_256_CBC_SHA1, "TLS_DH_anon_WITH_AES_256_CBC_SHA", GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_DH, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), - ENTRY(GNUTLS_DH_ANON_CAMELLIA_128_CBC_SHA256, + ENTRY(GNUTLS_DH_ANON_CAMELLIA_128_CBC_SHA256, "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256", GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_ANON_DH, GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), - ENTRY(GNUTLS_DH_ANON_CAMELLIA_256_CBC_SHA256, + ENTRY(GNUTLS_DH_ANON_CAMELLIA_256_CBC_SHA256, "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256", GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_ANON_DH, GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), - ENTRY(GNUTLS_DH_ANON_CAMELLIA_128_CBC_SHA1, + ENTRY(GNUTLS_DH_ANON_CAMELLIA_128_CBC_SHA1, "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA", GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_ANON_DH, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), - ENTRY(GNUTLS_DH_ANON_CAMELLIA_256_CBC_SHA1, + ENTRY(GNUTLS_DH_ANON_CAMELLIA_256_CBC_SHA1, "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA", GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_ANON_DH, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), - ENTRY(GNUTLS_DH_ANON_AES_128_CBC_SHA256, + ENTRY(GNUTLS_DH_ANON_AES_128_CBC_SHA256, "TLS_DH_anon_WITH_AES_128_CBC_SHA256", GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_DH, GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), - ENTRY(GNUTLS_DH_ANON_AES_256_CBC_SHA256, + ENTRY(GNUTLS_DH_ANON_AES_256_CBC_SHA256, "TLS_DH_anon_WITH_AES_256_CBC_SHA256", GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_DH, GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), - ENTRY(GNUTLS_DH_ANON_AES_128_GCM_SHA256, + ENTRY(GNUTLS_DH_ANON_AES_128_GCM_SHA256, "TLS_DH_anon_WITH_AES_128_GCM_SHA256", GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_ANON_DH, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), - ENTRY_PRF(GNUTLS_DH_ANON_AES_256_GCM_SHA384, + ENTRY_PRF(GNUTLS_DH_ANON_AES_256_GCM_SHA384, "TLS_DH_anon_WITH_AES_256_GCM_SHA384", GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_ANON_DH, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384), - ENTRY(GNUTLS_DH_ANON_CAMELLIA_128_GCM_SHA256, + ENTRY(GNUTLS_DH_ANON_CAMELLIA_128_GCM_SHA256, "TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256", GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_ANON_DH, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2), - ENTRY_PRF(GNUTLS_DH_ANON_CAMELLIA_256_GCM_SHA384, + ENTRY_PRF(GNUTLS_DH_ANON_CAMELLIA_256_GCM_SHA384, "TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384", GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_ANON_DH, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384), /* ECC-ANON */ - ENTRY(GNUTLS_ECDH_ANON_NULL_SHA1, + ENTRY(GNUTLS_ECDH_ANON_NULL_SHA1, "TLS_ECDH_anon_WITH_NULL_SHA", GNUTLS_CIPHER_NULL, GNUTLS_KX_ANON_ECDH, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), - ENTRY(GNUTLS_ECDH_ANON_3DES_EDE_CBC_SHA1, + ENTRY(GNUTLS_ECDH_ANON_3DES_EDE_CBC_SHA1, "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ANON_ECDH, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), - ENTRY(GNUTLS_ECDH_ANON_AES_128_CBC_SHA1, + ENTRY(GNUTLS_ECDH_ANON_AES_128_CBC_SHA1, "TLS_ECDH_anon_WITH_AES_128_CBC_SHA", GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_ECDH, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), - ENTRY(GNUTLS_ECDH_ANON_AES_256_CBC_SHA1, + ENTRY(GNUTLS_ECDH_ANON_AES_256_CBC_SHA1, "TLS_ECDH_anon_WITH_AES_256_CBC_SHA", GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_ECDH, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), - ENTRY(GNUTLS_ECDH_ANON_ARCFOUR_128_SHA1, + ENTRY(GNUTLS_ECDH_ANON_ARCFOUR_128_SHA1, "TLS_ECDH_anon_WITH_RC4_128_SHA", GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_ANON_ECDH, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_VERSION_UNKNOWN), #endif #ifdef ENABLE_SRP /* SRP */ - ENTRY(GNUTLS_SRP_SHA_3DES_EDE_CBC_SHA1, + ENTRY(GNUTLS_SRP_SHA_3DES_EDE_CBC_SHA1, "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA", GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), - ENTRY(GNUTLS_SRP_SHA_AES_128_CBC_SHA1, + ENTRY(GNUTLS_SRP_SHA_AES_128_CBC_SHA1, "TLS_SRP_SHA_WITH_AES_128_CBC_SHA", GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), - ENTRY(GNUTLS_SRP_SHA_AES_256_CBC_SHA1, + ENTRY(GNUTLS_SRP_SHA_AES_256_CBC_SHA1, "TLS_SRP_SHA_WITH_AES_256_CBC_SHA", GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), - ENTRY(GNUTLS_SRP_SHA_DSS_3DES_EDE_CBC_SHA1, + ENTRY(GNUTLS_SRP_SHA_DSS_3DES_EDE_CBC_SHA1, "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA", GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP_DSS, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), - ENTRY(GNUTLS_SRP_SHA_RSA_3DES_EDE_CBC_SHA1, + ENTRY(GNUTLS_SRP_SHA_RSA_3DES_EDE_CBC_SHA1, "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA", GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), - ENTRY(GNUTLS_SRP_SHA_DSS_AES_128_CBC_SHA1, + ENTRY(GNUTLS_SRP_SHA_DSS_AES_128_CBC_SHA1, "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA", GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP_DSS, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), - ENTRY(GNUTLS_SRP_SHA_RSA_AES_128_CBC_SHA1, + ENTRY(GNUTLS_SRP_SHA_RSA_AES_128_CBC_SHA1, "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA", GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), - ENTRY(GNUTLS_SRP_SHA_DSS_AES_256_CBC_SHA1, + ENTRY(GNUTLS_SRP_SHA_DSS_AES_256_CBC_SHA1, "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA", GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP_DSS, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), - ENTRY(GNUTLS_SRP_SHA_RSA_AES_256_CBC_SHA1, + ENTRY(GNUTLS_SRP_SHA_RSA_AES_256_CBC_SHA1, "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA", GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), #endif #ifdef ENABLE_GOST - ENTRY_PRF(GNUTLS_GOSTR341112_256_28147_CNT_IMIT, + ENTRY_PRF(GNUTLS_GOSTR341112_256_28147_CNT_IMIT, "TLS_GOSTR341112_256_WITH_28147_CNT_IMIT", GNUTLS_CIPHER_GOST28147_TC26Z_CNT, GNUTLS_KX_VKO_GOST_12, GNUTLS_MAC_GOST28147_TC26Z_IMIT, GNUTLS_TLS1_2, GNUTLS_VERSION_UNKNOWN, GNUTLS_MAC_STREEBOG_256), diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index a660828a57..c8d52475c7 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -636,6 +636,7 @@ typedef struct cipher_entry_st { typedef struct gnutls_cipher_suite_entry_st { const char *name; const uint8_t id[2]; + const char *canonical_name; gnutls_cipher_algorithm_t block_algorithm; gnutls_kx_algorithm_t kx_algorithm; gnutls_mac_algorithm_t mac_algorithm; diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in index 6359a0edb6..482e9653c8 100644 --- a/lib/includes/gnutls/gnutls.h.in +++ b/lib/includes/gnutls/gnutls.h.in @@ -1809,6 +1809,9 @@ const char * gnutls_cipher_algorithm_t cipher_algorithm, gnutls_mac_algorithm_t mac_algorithm) __GNUTLS_CONST__; +const char * +gnutls_ciphersuite_get(gnutls_session_t session) __GNUTLS_CONST__; + /* get the currently used protocol version */ gnutls_protocol_t gnutls_protocol_get_version(gnutls_session_t session); diff --git a/lib/libgnutls.map b/lib/libgnutls.map index 30e96abafe..5a2e8ce947 100644 --- a/lib/libgnutls.map +++ b/lib/libgnutls.map @@ -1380,6 +1380,14 @@ GNUTLS_3_7_3 *; } GNUTLS_3_7_2; +GNUTLS_3_7_4 +{ + global: + gnutls_ciphersuite_get; + local: + *; +} GNUTLS_3_7_3; + GNUTLS_FIPS140_3_4 { global: gnutls_cipher_self_test; diff --git a/lib/state.c b/lib/state.c index 94a15e2d4b..f7a379fde2 100644 --- a/lib/state.c +++ b/lib/state.c @@ -323,6 +323,35 @@ gnutls_early_prf_hash_get(const gnutls_session_t session) resumed_security_parameters.prf->id; } +/** + * gnutls_ciphersuite_get: + * @session: is a #gnutls_session_t type. + * + * Get the canonical name of negotiated TLS ciphersuite. The names + * returned by this function match the IANA registry, with one + * exception: + * + * TLS_DHE_DSS_RC4_128_SHA { 0x00, 0x66 } + * + * which is reserved for compatibility. + * + * To get a detailed description of the current ciphersuite, it is + * recommended to use gnutls_session_get_desc(). + * + * Returns: a string that contains the canonical name of a TLS ciphersuite, + * or %NULL if the handshake is not completed. + * + * Since: 3.7.4 + **/ +const char * +gnutls_ciphersuite_get(gnutls_session_t session) +{ + if (unlikely(session->internals.handshake_in_progress)) { + return NULL; + } + return session->security_parameters.cs->canonical_name; +} + void reset_binders(gnutls_session_t session) { _gnutls_free_temp_key_datum(&session->key.binders[0].psk); diff --git a/tests/Makefile.am b/tests/Makefile.am index 3f9f4bcd56..529f1cc077 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -229,7 +229,7 @@ ctests += mini-record-2 simple gnutls_hmac_fast set_pkcs12_cred cert certuniquei sign-verify-newapi sign-verify-deterministic iov aead-cipher-vec \ tls13-without-timeout-func buffer status-request-revoked \ set_x509_ocsp_multi_cli kdf-api keylog-func handshake-write \ - x509cert-dntypes id-on-xmppAddr tls13-compat-mode + x509cert-dntypes id-on-xmppAddr tls13-compat-mode ciphersuite-name ctests += tls-channel-binding diff --git a/tests/ciphersuite-name.c b/tests/ciphersuite-name.c new file mode 100644 index 0000000000..b7fd4de3a8 --- /dev/null +++ b/tests/ciphersuite-name.c @@ -0,0 +1,121 @@ +/* + * Copyright (C) 2022 Red Hat, Inc. + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +/* This tests gnutls_cipher_suite_get() and + * gnutls_cipher_suite_get_canonical_name() + */ + +#include "config.h" + +#include + +#include +#include "cert-common.h" +#include "eagain-common.h" +#include "utils.h" + +const char *side = ""; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +static void +start(const char *test_name, const char *prio, const char *expected_name) +{ + int sret, cret; + gnutls_certificate_credentials_t scred, ccred; + gnutls_session_t server, client; + const char *name; + + success("%s\n", test_name); + + global_init(); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(9); + + /* Init server */ + assert(gnutls_certificate_allocate_credentials(&scred) >= 0); + assert(gnutls_certificate_set_x509_key_mem(scred, + &server_cert, + &server_key, + GNUTLS_X509_FMT_PEM) >= 0); + + gnutls_init(&server, GNUTLS_SERVER); + + gnutls_priority_set_direct(server, prio, NULL); + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, scred); + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + + /* Init client */ + gnutls_certificate_allocate_credentials(&ccred); + assert(gnutls_certificate_set_x509_trust_mem + (ccred, &ca3_cert, GNUTLS_X509_FMT_PEM) >= 0); + + gnutls_init(&client, GNUTLS_CLIENT); + + gnutls_priority_set_direct(client, prio, NULL); + gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, ccred); + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + + HANDSHAKE(client, server); + if (debug) + success("Handshake established\n"); + + name = gnutls_ciphersuite_get(server); + if (!name || strcmp(name, expected_name) != 0) { + fail("server: gnutls_ciphersuite_get returned %s while %s is expected\n", + name, expected_name); + } + + name = gnutls_ciphersuite_get(client); + if (!name || strcmp(name, expected_name) != 0) { + fail("client: gnutls_ciphersuite_get returned %s while %s is expected\n", + name, expected_name); + } + + gnutls_bye(client, GNUTLS_SHUT_WR); + gnutls_bye(server, GNUTLS_SHUT_WR); + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_certificate_free_credentials(scred); + gnutls_certificate_free_credentials(ccred); + + gnutls_global_deinit(); + reset_buffers(); +} + +void doit(void) +{ + start("TLS 1.3 name", + "NONE:+VERS-TLS1.3:+AES-256-GCM:+AEAD:+SIGN-ALL:+GROUP-ALL", + "TLS_AES_256_GCM_SHA384"); + + start("TLS 1.2 name", + "NONE:+VERS-TLS1.2:+AES-128-GCM:+MAC-ALL:+SIGN-ALL:+RSA", + "TLS_RSA_WITH_AES_128_GCM_SHA256"); +} -- 2.47.3