diff options
-rwxr-xr-x | vchat-tls.c | 287 |
1 files changed, 280 insertions, 7 deletions
diff --git a/vchat-tls.c b/vchat-tls.c index ad66334..d4ab554 100755 --- a/vchat-tls.c +++ b/vchat-tls.c | |||
@@ -404,7 +404,7 @@ void vc_tls_cleanup() { | |||
404 | #include <sys/socket.h> | 404 | #include <sys/socket.h> |
405 | 405 | ||
406 | const char *DRBG_PERS = "mbed TLS vchat client"; | 406 | const char *DRBG_PERS = "mbed TLS vchat client"; |
407 | 407 | #define MAX_SUITES 512 | |
408 | typedef struct { | 408 | typedef struct { |
409 | mbedtls_entropy_context _entropy; | 409 | mbedtls_entropy_context _entropy; |
410 | mbedtls_ctr_drbg_context _ctr_drbg; | 410 | mbedtls_ctr_drbg_context _ctr_drbg; |
@@ -413,6 +413,7 @@ typedef struct { | |||
413 | mbedtls_pk_context _key; | 413 | mbedtls_pk_context _key; |
414 | mbedtls_ssl_context _ssl; | 414 | mbedtls_ssl_context _ssl; |
415 | mbedtls_ssl_config _conf; | 415 | mbedtls_ssl_config _conf; |
416 | int ciphersuits[MAX_SUITES]; | ||
416 | } mbedstate; | 417 | } mbedstate; |
417 | static mbedstate _mbedtls_state; | 418 | static mbedstate _mbedtls_state; |
418 | 419 | ||
@@ -428,7 +429,7 @@ static int static_tcp_recv(void *ctx, unsigned char *buf, size_t len ) { | |||
428 | static int static_tcp_send(void *ctx, const unsigned char *buf, size_t len ) { | 429 | static int static_tcp_send(void *ctx, const unsigned char *buf, size_t len ) { |
429 | return send((int)(intptr_t)ctx, buf, len, 0); | 430 | return send((int)(intptr_t)ctx, buf, len, 0); |
430 | } | 431 | } |
431 | 432 | static int map_openssl_suite(char *openssl_name); | |
432 | void vc_init_x509store(vc_x509store_t *store) | 433 | void vc_init_x509store(vc_x509store_t *store) |
433 | { | 434 | { |
434 | static int sslinit; | 435 | static int sslinit; |
@@ -457,7 +458,8 @@ int vc_tls_connect( int serverfd, vc_x509store_t *vc_store ) | |||
457 | mbedstate *s = &_mbedtls_state; | 458 | mbedstate *s = &_mbedtls_state; |
458 | mbedtls_ssl_config *conf = &_mbedtls_state._conf; | 459 | mbedtls_ssl_config *conf = &_mbedtls_state._conf; |
459 | mbedtls_ssl_context *ssl = &_mbedtls_state._ssl; | 460 | mbedtls_ssl_context *ssl = &_mbedtls_state._ssl; |
460 | int ret; | 461 | int ret, suitecount = 0; |
462 | char *token; | ||
461 | 463 | ||
462 | mbedtls_x509_crt_init(&s->_cacert); | 464 | mbedtls_x509_crt_init(&s->_cacert); |
463 | mbedtls_x509_crt_init(&s->_cert); | 465 | mbedtls_x509_crt_init(&s->_cert); |
@@ -474,7 +476,21 @@ int vc_tls_connect( int serverfd, vc_x509store_t *vc_store ) | |||
474 | mbedtls_ssl_conf_authmode(conf, getintoption(CF_IGNSSL) ? MBEDTLS_SSL_VERIFY_OPTIONAL : MBEDTLS_SSL_VERIFY_REQUIRED); | 476 | mbedtls_ssl_conf_authmode(conf, getintoption(CF_IGNSSL) ? MBEDTLS_SSL_VERIFY_OPTIONAL : MBEDTLS_SSL_VERIFY_REQUIRED); |
475 | mbedtls_ssl_conf_rng(conf, mbedtls_ctr_drbg_random, &s->_ctr_drbg); | 477 | mbedtls_ssl_conf_rng(conf, mbedtls_ctr_drbg_random, &s->_ctr_drbg); |
476 | 478 | ||
477 | /* mbedtls_ssl_conf_ciphersuites( */ | 479 | char *ciphers = getstroption(CF_CIPHERSUITE); |
480 | if (!ciphers) | ||
481 | ciphers = "ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA"; | ||
482 | ciphers = strdup(ciphers); | ||
483 | for (token = strtok(ciphers, ":"); token && suitecount < MAX_SUITES - 1; token = strtok(NULL, ":")) { | ||
484 | int suite = mbedtls_ssl_get_ciphersuite_id(token); | ||
485 | if (!suite) | ||
486 | suite = map_openssl_suite(token); | ||
487 | if (suite) | ||
488 | s->ciphersuits[suitecount++] = suite; | ||
489 | } | ||
490 | s->ciphersuits[suitecount++] = 0; | ||
491 | free(ciphers); | ||
492 | |||
493 | mbedtls_ssl_conf_ciphersuites(conf, s->ciphersuits); | ||
478 | 494 | ||
479 | if (vc_store->cafile) { | 495 | if (vc_store->cafile) { |
480 | mbedtls_x509_crt_parse_file(&s->_cacert, vc_store->cafile); | 496 | mbedtls_x509_crt_parse_file(&s->_cacert, vc_store->cafile); |
@@ -533,10 +549,9 @@ int vc_tls_connect( int serverfd, vc_x509store_t *vc_store ) | |||
533 | 549 | ||
534 | const mbedtls_x509_crt* peer_cert = mbedtls_ssl_get_peer_cert(ssl); | 550 | const mbedtls_x509_crt* peer_cert = mbedtls_ssl_get_peer_cert(ssl); |
535 | mbedtls_x509_crt_info(tmpstr, sizeof(tmpstr), "[SSL PEER INFO ] ", peer_cert); | 551 | mbedtls_x509_crt_info(tmpstr, sizeof(tmpstr), "[SSL PEER INFO ] ", peer_cert); |
536 | char *token = strtok(tmpstr, "\n"); | 552 | |
537 | do { | 553 | for (token = strtok(tmpstr, "\n"); token; token = strtok(NULL, "\n")) |
538 | writecf(FS_SERV, token); | 554 | writecf(FS_SERV, token); |
539 | } while ((token = strtok(NULL, "\n"))); | ||
540 | 555 | ||
541 | mbedtls_ssl_get_verify_result(ssl); | 556 | mbedtls_ssl_get_verify_result(ssl); |
542 | 557 | ||
@@ -573,4 +588,262 @@ void vc_tls_cleanup() { | |||
573 | mbedtls_ctr_drbg_free(&_mbedtls_state._ctr_drbg ); | 588 | mbedtls_ctr_drbg_free(&_mbedtls_state._ctr_drbg ); |
574 | } | 589 | } |
575 | 590 | ||
591 | /* Taken from https://testssl.sh/openssl-iana.mapping.html */ | ||
592 | static const char * xlate_openssl[] = { | ||
593 | "NULL-MD5", "TLS-RSA-WITH-NULL-MD5", | ||
594 | "NULL-SHA", "TLS-RSA-WITH-NULL-SHA", | ||
595 | "EXP-RC4-MD5", "TLS-RSA-EXPORT-WITH-RC4-40-MD5", | ||
596 | "RC4-MD5", "TLS-RSA-WITH-RC4-128-MD5", | ||
597 | "RC4-SHA", "TLS-RSA-WITH-RC4-128-SHA", | ||
598 | "EXP-RC2-CBC-MD5", "TLS-RSA-EXPORT-WITH-RC2-CBC-40-MD5", | ||
599 | "IDEA-CBC-SHA", "TLS-RSA-WITH-IDEA-CBC-SHA", | ||
600 | "EXP-DES-CBC-SHA", "TLS-RSA-EXPORT-WITH-DES40-CBC-SHA", | ||
601 | "DES-CBC-SHA", "TLS-RSA-WITH-DES-CBC-SHA", | ||
602 | "DES-CBC3-SHA", "TLS-RSA-WITH-3DES-EDE-CBC-SHA", | ||
603 | "EXP-DH-DSS-DES-CBC-SHA", "TLS-DH-DSS-EXPORT-WITH-DES40-CBC-SHA", | ||
604 | "DH-DSS-DES-CBC-SHA", "TLS-DH-DSS-WITH-DES-CBC-SHA", | ||
605 | "DH-DSS-DES-CBC3-SHA", "TLS-DH-DSS-WITH-3DES-EDE-CBC-SHA", | ||
606 | "EXP-DH-RSA-DES-CBC-SHA", "TLS-DH-RSA-EXPORT-WITH-DES40-CBC-SHA", | ||
607 | "DH-RSA-DES-CBC-SHA", "TLS-DH-RSA-WITH-DES-CBC-SHA", | ||
608 | "DH-RSA-DES-CBC3-SHA", "TLS-DH-RSA-WITH-3DES-EDE-CBC-SHA", | ||
609 | "EXP-EDH-DSS-DES-CBC-SHA", "TLS-DHE-DSS-EXPORT-WITH-DES40-CBC-SHA", | ||
610 | "EDH-DSS-DES-CBC-SHA", "TLS-DHE-DSS-WITH-DES-CBC-SHA", | ||
611 | "EDH-DSS-DES-CBC3-SHA", "TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA", | ||
612 | "EXP-EDH-RSA-DES-CBC-SHA", "TLS-DHE-RSA-EXPORT-WITH-DES40-CBC-SHA", | ||
613 | "EDH-RSA-DES-CBC-SHA", "TLS-DHE-RSA-WITH-DES-CBC-SHA", | ||
614 | "EDH-RSA-DES-CBC3-SHA", "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA", | ||
615 | "EXP-ADH-RC4-MD5", "TLS-DH-anon-EXPORT-WITH-RC4-40-MD5", | ||
616 | "ADH-RC4-MD5", "TLS-DH-anon-WITH-RC4-128-MD5", | ||
617 | "EXP-ADH-DES-CBC-SHA", "TLS-DH-anon-EXPORT-WITH-DES40-CBC-SHA", | ||
618 | "ADH-DES-CBC-SHA", "TLS-DH-anon-WITH-DES-CBC-SHA", | ||
619 | "ADH-DES-CBC3-SHA", "TLS-DH-anon-WITH-3DES-EDE-CBC-SHA", | ||
620 | "KRB5-DES-CBC-SHA", "TLS-KRB5-WITH-DES-CBC-SHA", | ||
621 | "KRB5-DES-CBC3-SHA", "TLS-KRB5-WITH-3DES-EDE-CBC-SHA", | ||
622 | "KRB5-RC4-SHA", "TLS-KRB5-WITH-RC4-128-SHA", | ||
623 | "KRB5-IDEA-CBC-SHA", "TLS-KRB5-WITH-IDEA-CBC-SHA", | ||
624 | "KRB5-DES-CBC-MD5", "TLS-KRB5-WITH-DES-CBC-MD5", | ||
625 | "KRB5-DES-CBC3-MD5", "TLS-KRB5-WITH-3DES-EDE-CBC-MD5", | ||
626 | "KRB5-RC4-MD5", "TLS-KRB5-WITH-RC4-128-MD5", | ||
627 | "KRB5-IDEA-CBC-MD5", "TLS-KRB5-WITH-IDEA-CBC-MD5", | ||
628 | "EXP-KRB5-DES-CBC-SHA", "TLS-KRB5-EXPORT-WITH-DES-CBC-40-SHA", | ||
629 | "EXP-KRB5-RC2-CBC-SHA", "TLS-KRB5-EXPORT-WITH-RC2-CBC-40-SHA", | ||
630 | "EXP-KRB5-RC4-SHA", "TLS-KRB5-EXPORT-WITH-RC4-40-SHA", | ||
631 | "EXP-KRB5-DES-CBC-MD5", "TLS-KRB5-EXPORT-WITH-DES-CBC-40-MD5", | ||
632 | "EXP-KRB5-RC2-CBC-MD5", "TLS-KRB5-EXPORT-WITH-RC2-CBC-40-MD5", | ||
633 | "EXP-KRB5-RC4-MD5", "TLS-KRB5-EXPORT-WITH-RC4-40-MD5", | ||
634 | "PSK-NULL-SHA", "TLS-PSK-WITH-NULL-SHA", | ||
635 | "DHE-PSK-NULL-SHA", "TLS-DHE-PSK-WITH-NULL-SHA", | ||
636 | "RSA-PSK-NULL-SHA", "TLS-RSA-PSK-WITH-NULL-SHA", | ||
637 | "AES128-SHA", "TLS-RSA-WITH-AES-128-CBC-SHA", | ||
638 | "DH-DSS-AES128-SHA", "TLS-DH-DSS-WITH-AES-128-CBC-SHA", | ||
639 | "DH-RSA-AES128-SHA", "TLS-DH-RSA-WITH-AES-128-CBC-SHA", | ||
640 | "DHE-DSS-AES128-SHA", "TLS-DHE-DSS-WITH-AES-128-CBC-SHA", | ||
641 | "DHE-RSA-AES128-SHA", "TLS-DHE-RSA-WITH-AES-128-CBC-SHA", | ||
642 | "ADH-AES128-SHA", "TLS-DH-anon-WITH-AES-128-CBC-SHA", | ||
643 | "AES256-SHA", "TLS-RSA-WITH-AES-256-CBC-SHA", | ||
644 | "DH-DSS-AES256-SHA", "TLS-DH-DSS-WITH-AES-256-CBC-SHA", | ||
645 | "DH-RSA-AES256-SHA", "TLS-DH-RSA-WITH-AES-256-CBC-SHA", | ||
646 | "DHE-DSS-AES256-SHA", "TLS-DHE-DSS-WITH-AES-256-CBC-SHA", | ||
647 | "DHE-RSA-AES256-SHA", "TLS-DHE-RSA-WITH-AES-256-CBC-SHA", | ||
648 | "ADH-AES256-SHA", "TLS-DH-anon-WITH-AES-256-CBC-SHA", | ||
649 | "NULL-SHA256", "TLS-RSA-WITH-NULL-SHA256", | ||
650 | "AES128-SHA256", "TLS-RSA-WITH-AES-128-CBC-SHA256", | ||
651 | "AES256-SHA256", "TLS-RSA-WITH-AES-256-CBC-SHA256", | ||
652 | "DH-DSS-AES128-SHA256", "TLS-DH-DSS-WITH-AES-128-CBC-SHA256", | ||
653 | "DH-RSA-AES128-SHA256", "TLS-DH-RSA-WITH-AES-128-CBC-SHA256", | ||
654 | "DHE-DSS-AES128-SHA256", "TLS-DHE-DSS-WITH-AES-128-CBC-SHA256", | ||
655 | "CAMELLIA128-SHA", "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA", | ||
656 | "DH-DSS-CAMELLIA128-SHA", "TLS-DH-DSS-WITH-CAMELLIA-128-CBC-SHA", | ||
657 | "DH-RSA-CAMELLIA128-SHA", "TLS-DH-RSA-WITH-CAMELLIA-128-CBC-SHA", | ||
658 | "DHE-DSS-CAMELLIA128-SHA", "TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA", | ||
659 | "DHE-RSA-CAMELLIA128-SHA", "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA", | ||
660 | "ADH-CAMELLIA128-SHA", "TLS-DH-anon-WITH-CAMELLIA-128-CBC-SHA", | ||
661 | "EXP1024-RC4-MD5", "TLS-RSA-EXPORT1024-WITH-RC4-56-MD5", | ||
662 | "EXP1024-RC2-CBC-MD5", "TLS-RSA-EXPORT1024-WITH-RC2-CBC-56-MD5", | ||
663 | "EXP1024-DES-CBC-SHA", "TLS-RSA-EXPORT1024-WITH-DES-CBC-SHA", | ||
664 | "EXP1024-DHE-DSS-DES-CBC-SHA", "TLS-DHE-DSS-EXPORT1024-WITH-DES-CBC-SHA", | ||
665 | "EXP1024-RC4-SHA", "TLS-RSA-EXPORT1024-WITH-RC4-56-SHA", | ||
666 | "EXP1024-DHE-DSS-RC4-SHA", "TLS-DHE-DSS-EXPORT1024-WITH-RC4-56-SHA", | ||
667 | "DHE-DSS-RC4-SHA", "TLS-DHE-DSS-WITH-RC4-128-SHA", | ||
668 | "DHE-RSA-AES128-SHA256", "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256", | ||
669 | "DH-DSS-AES256-SHA256", "TLS-DH-DSS-WITH-AES-256-CBC-SHA256", | ||
670 | "DH-RSA-AES256-SHA256", "TLS-DH-RSA-WITH-AES-256-CBC-SHA256", | ||
671 | "DHE-DSS-AES256-SHA256", "TLS-DHE-DSS-WITH-AES-256-CBC-SHA256", | ||
672 | "DHE-RSA-AES256-SHA256", "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256", | ||
673 | "ADH-AES128-SHA256", "TLS-DH-anon-WITH-AES-128-CBC-SHA256", | ||
674 | "ADH-AES256-SHA256", "TLS-DH-anon-WITH-AES-256-CBC-SHA256", | ||
675 | "GOST94-GOST89-GOST89", "TLS-GOSTR341094-WITH-28147-CNT-IMIT", | ||
676 | "GOST2001-GOST89-GOST89", "TLS-GOSTR341001-WITH-28147-CNT-IMIT", | ||
677 | "GOST94-NULL-GOST94", "TLS-GOSTR341001-WITH-NULL-GOSTR3411", | ||
678 | "GOST2001-GOST89-GOST89", "TLS-GOSTR341094-WITH-NULL-GOSTR3411", | ||
679 | "CAMELLIA256-SHA", "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA", | ||
680 | "DH-DSS-CAMELLIA256-SHA", "TLS-DH-DSS-WITH-CAMELLIA-256-CBC-SHA", | ||
681 | "DH-RSA-CAMELLIA256-SHA", "TLS-DH-RSA-WITH-CAMELLIA-256-CBC-SHA", | ||
682 | "DHE-DSS-CAMELLIA256-SHA", "TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA", | ||
683 | "DHE-RSA-CAMELLIA256-SHA", "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA", | ||
684 | "ADH-CAMELLIA256-SHA", "TLS-DH-anon-WITH-CAMELLIA-256-CBC-SHA", | ||
685 | "PSK-RC4-SHA", "TLS-PSK-WITH-RC4-128-SHA", | ||
686 | "PSK-3DES-EDE-CBC-SHA", "TLS-PSK-WITH-3DES-EDE-CBC-SHA", | ||
687 | "PSK-AES128-CBC-SHA", "TLS-PSK-WITH-AES-128-CBC-SHA", | ||
688 | "PSK-AES256-CBC-SHA", "TLS-PSK-WITH-AES-256-CBC-SHA", | ||
689 | "SEED-SHA", "TLS-RSA-WITH-SEED-CBC-SHA", | ||
690 | "DH-DSS-SEED-SHA", "TLS-DH-DSS-WITH-SEED-CBC-SHA", | ||
691 | "DH-RSA-SEED-SHA", "TLS-DH-RSA-WITH-SEED-CBC-SHA", | ||
692 | "DHE-DSS-SEED-SHA", "TLS-DHE-DSS-WITH-SEED-CBC-SHA", | ||
693 | "DHE-RSA-SEED-SHA", "TLS-DHE-RSA-WITH-SEED-CBC-SHA", | ||
694 | "ADH-SEED-SHA", "TLS-DH-anon-WITH-SEED-CBC-SHA", | ||
695 | "AES128-GCM-SHA256", "TLS-RSA-WITH-AES-128-GCM-SHA256", | ||
696 | "AES256-GCM-SHA384", "TLS-RSA-WITH-AES-256-GCM-SHA384", | ||
697 | "DHE-RSA-AES128-GCM-SHA256", "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256", | ||
698 | "DHE-RSA-AES256-GCM-SHA384", "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384", | ||
699 | "DH-RSA-AES128-GCM-SHA256", "TLS-DH-RSA-WITH-AES-128-GCM-SHA256", | ||
700 | "DH-RSA-AES256-GCM-SHA384", "TLS-DH-RSA-WITH-AES-256-GCM-SHA384", | ||
701 | "DHE-DSS-AES128-GCM-SHA256", "TLS-DHE-DSS-WITH-AES-128-GCM-SHA256", | ||
702 | "DHE-DSS-AES256-GCM-SHA384", "TLS-DHE-DSS-WITH-AES-256-GCM-SHA384", | ||
703 | "DH-DSS-AES128-GCM-SHA256", "TLS-DH-DSS-WITH-AES-128-GCM-SHA256", | ||
704 | "DH-DSS-AES256-GCM-SHA384", "TLS-DH-DSS-WITH-AES-256-GCM-SHA384", | ||
705 | "ADH-AES128-GCM-SHA256", "TLS-DH-anon-WITH-AES-128-GCM-SHA256", | ||
706 | "ADH-AES256-GCM-SHA384", "TLS-DH-anon-WITH-AES-256-GCM-SHA384", | ||
707 | "CAMELLIA128-SHA256", "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256", | ||
708 | "DH-DSS-CAMELLIA128-SHA256", "TLS-DH-DSS-WITH-CAMELLIA-128-CBC-SHA256", | ||
709 | "DH-RSA-CAMELLIA128-SHA256", "TLS-DH-RSA-WITH-CAMELLIA-128-CBC-SHA256", | ||
710 | "DHE-DSS-CAMELLIA128-SHA256", "TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256", | ||
711 | "DHE-RSA-CAMELLIA128-SHA256", "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256", | ||
712 | "ADH-CAMELLIA128-SHA256", "TLS-DH-anon-WITH-CAMELLIA-128-CBC-SHA256", | ||
713 | "TLS-FALLBACK-SCSV", "TLS-EMPTY-RENEGOTIATION-INFO-SCSV", | ||
714 | "TLS-AES-128-GCM-SHA256", "TLS-AES-128-GCM-SHA256", | ||
715 | "TLS-AES-256-GCM-SHA384", "TLS-AES-256-GCM-SHA384", | ||
716 | "TLS-CHACHA20-POLY1305-SHA256", "TLS-CHACHA20-POLY1305-SHA256", | ||
717 | "TLS-AES-128-CCM-SHA256", "TLS-AES-128-CCM-SHA256", | ||
718 | "TLS-AES-128-CCM-8-SHA256", "TLS-AES-128-CCM-8-SHA256", | ||
719 | "ECDH-ECDSA-NULL-SHA", "TLS-ECDH-ECDSA-WITH-NULL-SHA", | ||
720 | "ECDH-ECDSA-RC4-SHA", "TLS-ECDH-ECDSA-WITH-RC4-128-SHA", | ||
721 | "ECDH-ECDSA-DES-CBC3-SHA", "TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA", | ||
722 | "ECDH-ECDSA-AES128-SHA", "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA", | ||
723 | "ECDH-ECDSA-AES256-SHA", "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA", | ||
724 | "ECDHE-ECDSA-NULL-SHA", "TLS-ECDHE-ECDSA-WITH-NULL-SHA", | ||
725 | "ECDHE-ECDSA-RC4-SHA", "TLS-ECDHE-ECDSA-WITH-RC4-128-SHA", | ||
726 | "ECDHE-ECDSA-DES-CBC3-SHA", "TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA", | ||
727 | "ECDHE-ECDSA-AES128-SHA", "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA", | ||
728 | "ECDHE-ECDSA-AES256-SHA", "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA", | ||
729 | "ECDH-RSA-NULL-SHA", "TLS-ECDH-RSA-WITH-NULL-SHA", | ||
730 | "ECDH-RSA-RC4-SHA", "TLS-ECDH-RSA-WITH-RC4-128-SHA", | ||
731 | "ECDH-RSA-DES-CBC3-SHA", "TLS-ECDH-RSA-WITH-3DES-EDE-CBC-SHA", | ||
732 | "ECDH-RSA-AES128-SHA", "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA", | ||
733 | "ECDH-RSA-AES256-SHA", "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA", | ||
734 | "ECDHE-RSA-NULL-SHA", "TLS-ECDHE-RSA-WITH-NULL-SHA", | ||
735 | "ECDHE-RSA-RC4-SHA", "TLS-ECDHE-RSA-WITH-RC4-128-SHA", | ||
736 | "ECDHE-RSA-DES-CBC3-SHA", "TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA", | ||
737 | "ECDHE-RSA-AES128-SHA", "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA", | ||
738 | "ECDHE-RSA-AES256-SHA", "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA", | ||
739 | "AECDH-NULL-SHA", "TLS-ECDH-anon-WITH-NULL-SHA", | ||
740 | "AECDH-RC4-SHA", "TLS-ECDH-anon-WITH-RC4-128-SHA", | ||
741 | "AECDH-DES-CBC3-SHA", "TLS-ECDH-anon-WITH-3DES-EDE-CBC-SHA", | ||
742 | "AECDH-AES128-SHA", "TLS-ECDH-anon-WITH-AES-128-CBC-SHA", | ||
743 | "AECDH-AES256-SHA", "TLS-ECDH-anon-WITH-AES-256-CBC-SHA", | ||
744 | "SRP-3DES-EDE-CBC-SHA", "TLS-SRP-SHA-WITH-3DES-EDE-CBC-SHA", | ||
745 | "SRP-RSA-3DES-EDE-CBC-SHA", "TLS-SRP-SHA-RSA-WITH-3DES-EDE-CBC-SHA", | ||
746 | "SRP-DSS-3DES-EDE-CBC-SHA", "TLS-SRP-SHA-DSS-WITH-3DES-EDE-CBC-SHA", | ||
747 | "SRP-AES-128-CBC-SHA", "TLS-SRP-SHA-WITH-AES-128-CBC-SHA", | ||
748 | "SRP-RSA-AES-128-CBC-SHA", "TLS-SRP-SHA-RSA-WITH-AES-128-CBC-SHA", | ||
749 | "SRP-DSS-AES-128-CBC-SHA", "TLS-SRP-SHA-DSS-WITH-AES-128-CBC-SHA", | ||
750 | "SRP-AES-256-CBC-SHA", "TLS-SRP-SHA-WITH-AES-256-CBC-SHA", | ||
751 | "SRP-RSA-AES-256-CBC-SHA", "TLS-SRP-SHA-RSA-WITH-AES-256-CBC-SHA", | ||
752 | "SRP-DSS-AES-256-CBC-SHA", "TLS-SRP-SHA-DSS-WITH-AES-256-CBC-SHA", | ||
753 | "ECDHE-ECDSA-AES128-SHA256", "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256", | ||
754 | "ECDHE-ECDSA-AES256-SHA384", "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384", | ||
755 | "ECDH-ECDSA-AES128-SHA256", "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256", | ||
756 | "ECDH-ECDSA-AES256-SHA384", "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384", | ||
757 | "ECDHE-RSA-AES128-SHA256", "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256", | ||
758 | "ECDHE-RSA-AES256-SHA384", "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384", | ||
759 | "ECDH-RSA-AES128-SHA256", "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA256", | ||
760 | "ECDH-RSA-AES256-SHA384", "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384", | ||
761 | "ECDHE-ECDSA-AES128-GCM-SHA256", "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256", | ||
762 | "ECDHE-ECDSA-AES256-GCM-SHA384", "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384", | ||
763 | "ECDH-ECDSA-AES128-GCM-SHA256", "TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256", | ||
764 | "ECDH-ECDSA-AES256-GCM-SHA384", "TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384", | ||
765 | "ECDHE-RSA-AES128-GCM-SHA256", "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256", | ||
766 | "ECDHE-RSA-AES256-GCM-SHA384", "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384", | ||
767 | "ECDH-RSA-AES128-GCM-SHA256", "TLS-ECDH-RSA-WITH-AES-128-GCM-SHA256", | ||
768 | "ECDH-RSA-AES256-GCM-SHA384", "TLS-ECDH-RSA-WITH-AES-256-GCM-SHA384", | ||
769 | "ECDHE-PSK-RC4-SHA", "TLS-ECDHE-PSK-WITH-RC4-128-SHA", | ||
770 | "ECDHE-PSK-3DES-EDE-CBC-SHA", "TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA", | ||
771 | "ECDHE-PSK-AES128-CBC-SHA", "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA", | ||
772 | "ECDHE-PSK-AES256-CBC-SHA", "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA", | ||
773 | "ECDHE-PSK-AES128-CBC-SHA256", "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256", | ||
774 | "ECDHE-PSK-AES256-CBC-SHA384", "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384", | ||
775 | "ECDHE-PSK-NULL-SHA", "TLS-ECDHE-PSK-WITH-NULL-SHA", | ||
776 | "ECDHE-PSK-NULL-SHA256", "TLS-ECDHE-PSK-WITH-NULL-SHA256", | ||
777 | "ECDHE-PSK-NULL-SHA384", "TLS-ECDHE-PSK-WITH-NULL-SHA384", | ||
778 | "ECDHE-ECDSA-CAMELLIA128-SHA256", "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256", | ||
779 | "ECDHE-ECDSA-CAMELLIA256-SHA38", "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384", | ||
780 | "ECDH-ECDSA-CAMELLIA128-SHA256", "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256", | ||
781 | "ECDH-ECDSA-CAMELLIA256-SHA384", "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384", | ||
782 | "ECDHE-RSA-CAMELLIA128-SHA256", "TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256", | ||
783 | "ECDHE-RSA-CAMELLIA256-SHA384", "TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384", | ||
784 | "ECDH-RSA-CAMELLIA128-SHA256", "TLS-ECDH-RSA-WITH-CAMELLIA-128-CBC-SHA256", | ||
785 | "ECDH-RSA-CAMELLIA256-SHA384", "TLS-ECDH-RSA-WITH-CAMELLIA-256-CBC-SHA384", | ||
786 | "PSK-CAMELLIA128-SHA256", "TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256", | ||
787 | "PSK-CAMELLIA256-SHA384", "TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384", | ||
788 | "DHE-PSK-CAMELLIA128-SHA256", "TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256", | ||
789 | "DHE-PSK-CAMELLIA256-SHA384", "TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384", | ||
790 | "RSA-PSK-CAMELLIA128-SHA256", "TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256", | ||
791 | "RSA-PSK-CAMELLIA256-SHA384", "TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384", | ||
792 | "ECDHE-PSK-CAMELLIA128-SHA256", "TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256", | ||
793 | "ECDHE-PSK-CAMELLIA256-SHA384", "TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384", | ||
794 | "AES128-CCM", "TLS-RSA-WITH-AES-128-CCM", | ||
795 | "AES256-CCM", "TLS-RSA-WITH-AES-256-CCM", | ||
796 | "DHE-RSA-AES128-CCM", "TLS-DHE-RSA-WITH-AES-128-CCM", | ||
797 | "DHE-RSA-AES256-CCM", "TLS-DHE-RSA-WITH-AES-256-CCM", | ||
798 | "AES128-CCM8", "TLS-RSA-WITH-AES-128-CCM-8", | ||
799 | "AES256-CCM8", "TLS-RSA-WITH-AES-256-CCM-8", | ||
800 | "DHE-RSA-AES128-CCM8", "TLS-DHE-RSA-WITH-AES-128-CCM-8", | ||
801 | "DHE-RSA-AES256-CCM8", "TLS-DHE-RSA-WITH-AES-256-CCM-8", | ||
802 | "PSK-AES128-CCM", "TLS-PSK-WITH-AES-128-CCM", | ||
803 | "PSK-AES256-CCM", "TLS-PSK-WITH-AES-256-CCM", | ||
804 | "DHE-PSK-AES128-CCM", "TLS-DHE-PSK-WITH-AES-128-CCM", | ||
805 | "DHE-PSK-AES256-CCM", "TLS-DHE-PSK-WITH-AES-256-CCM", | ||
806 | "PSK-AES128-CCM8", "TLS-PSK-WITH-AES-128-CCM-8", | ||
807 | "PSK-AES256-CCM8", "TLS-PSK-WITH-AES-256-CCM-8", | ||
808 | "DHE-PSK-AES128-CCM8", "TLS-PSK-DHE-WITH-AES-128-CCM-8", | ||
809 | "DHE-PSK-AES256-CCM8", "TLS-PSK-DHE-WITH-AES-256-CCM-8", | ||
810 | "ECDHE-ECDSA-AES128-CCM", "TLS-ECDHE-ECDSA-WITH-AES-128-CCM", | ||
811 | "ECDHE-ECDSA-AES256-CCM", "TLS-ECDHE-ECDSA-WITH-AES-256-CCM", | ||
812 | "ECDHE-ECDSA-AES128-CCM8", "TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8", | ||
813 | "ECDHE-ECDSA-AES256-CCM8", "TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8", | ||
814 | "ECDHE-RSA-CHACHA20-POLY1305-OLD", "TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256-OLD", | ||
815 | "ECDHE-ECDSA-CHACHA20-POLY1305-OLD", "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256-OLD", | ||
816 | "DHE-RSA-CHACHA20-POLY1305-OLD", "TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256-OLD", | ||
817 | "ECDHE-RSA-CHACHA20-POLY1305", "TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256", | ||
818 | "ECDHE-ECDSA-CHACHA20-POLY1305", "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256", | ||
819 | "DHE-RSA-CHACHA20-POLY1305", "TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256", | ||
820 | "PSK-CHACHA20-POLY1305", "TLS-PSK-WITH-CHACHA20-POLY1305-SHA256", | ||
821 | "ECDHE-PSK-CHACHA20-POLY1305", "TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256", | ||
822 | "DHE-PSK-CHACHA20-POLY1305", "TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256", | ||
823 | "RSA-PSK-CHACHA20-POLY1305", "TLS-RSA-PSK-WITH-CHACHA20-POLY1305-SHA256", | ||
824 | "GOST-MD5", "TLS-GOSTR341094-RSA-WITH-28147-CNT-MD5", | ||
825 | "GOST-GOST94", "TLS-RSA-WITH-28147-CNT-GOST94", | ||
826 | "RC4-MD5", "SSL-CK-RC4-128-WITH-MD5", | ||
827 | "EXP-RC4-MD5", "SSL-CK-RC4-128-EXPORT40-WITH-MD5", | ||
828 | "RC2-CBC-MD5", "SSL-CK-RC2-128-CBC-WITH-MD5", | ||
829 | "EXP-RC2-CBC-MD5", "SSL-CK-RC2-128-CBC-EXPORT40-WITH-MD5", | ||
830 | "IDEA-CBC-MD5", "SSL-CK-IDEA-128-CBC-WITH-MD5", | ||
831 | "DES-CBC-MD5", "SSL-CK-DES-64-CBC-WITH-MD5", | ||
832 | "DES-CBC-SHA", "SSL-CK-DES-64-CBC-WITH-SHA", | ||
833 | "DES-CBC3-MD5", "SSL-CK-DES-192-EDE3-CBC-WITH-MD5", | ||
834 | "DES-CBC3-SHA", "SSL-CK-DES-192-EDE3-CBC-WITH-SHA", | ||
835 | "RC4-64-MD5", "SSL-CK-RC4-64-WITH-MD5", | ||
836 | "DES-CFB-M1", "SSL-CK-DES-64-CFB64-WITH-MD5-1", | ||
837 | NULL | ||
838 | }; | ||
839 | // fprintf(stderr, "SUCCESS: %s => %s => %d\n\n", xlate_openssl[i], xlate_openssl[i+1], mbedtls_ssl_get_ciphersuite_id(xlate_openssl[i+1])); | ||
840 | static int map_openssl_suite(char *openssl_name) { | ||
841 | int i; | ||
842 | for (i=0; xlate_openssl[i]; i+=2) { | ||
843 | if (!strcmp(xlate_openssl[i], openssl_name)) | ||
844 | return mbedtls_ssl_get_ciphersuite_id(xlate_openssl[i+1]); | ||
845 | } | ||
846 | return 0; | ||
847 | } | ||
848 | |||
576 | #endif | 849 | #endif |