← Back to branch summary

~ubuntu-branches/ubuntu/quantal/gnutls28/quantal

« back to all changes in this revision

Viewing changes to lib/algorithms/ciphersuites.c

  • Committer: Package Import Robot
  • Author(s): Andreas Metzler
  • Date: 2012-01-06 08:52:19 UTC
  • mfrom: (1.1.8)
  • Revision ID: package-import@ubuntu.com-20120106085219-cbuka2rdt46tb4w4
Tags: 3.0.10-1
http://bugs.debian.org/652552
* Drop guile-gnutls.README.Debian - binary guile modules are no longer
  directly installed in $libdir.
* New upstream version.
  + Drop patches/30_correctly-set-the-odd-bits.patch.
  + gnutls_random_art() added. Update copyright, bump shlibs.
  + src/serv.c: Only use configured interfaces. Patch by Pino Toscano.
    Closes: #652552

Show diffs side-by-side

added added

removed removed

Lines of Context:
lib/algorithms/ciphersuites.c
167
167
/* GCM-PSK */
168
168
#define GNUTLS_PSK_AES_128_GCM_SHA256 { 0x00, 0xA8 }
169
169
#define GNUTLS_DHE_PSK_AES_128_GCM_SHA256 { 0x00, 0xAA }
 
170
#define GNUTLS_PSK_WITH_AES_256_GCM_SHA384 { 0x00, 0xA9 }
 
171
#define GNUTLS_DHE_PSK_WITH_AES_256_GCM_SHA384 { 0x00, 0xAB }
170
172
 
171
173
/* PSK - SHA256 HMAC */
172
174
#define GNUTLS_PSK_AES_128_CBC_SHA256 { 0x00, 0xAE }
176
178
#define GNUTLS_DHE_PSK_NULL_SHA256 { 0x00, 0xB4 }
177
179
 
178
180
/* ECC */
179
 
#define GNUTLS_ECDH_ANON_NULL_SHA { 0xC0, 0x15 }
180
 
#define GNUTLS_ECDH_ANON_3DES_EDE_CBC_SHA { 0xC0, 0x17 }
181
 
#define GNUTLS_ECDH_ANON_AES_128_CBC_SHA { 0xC0, 0x18 }
182
 
#define GNUTLS_ECDH_ANON_AES_256_CBC_SHA { 0xC0, 0x19 }
 
181
#define GNUTLS_ECDH_ANON_NULL_SHA1 { 0xC0, 0x15 }
 
182
#define GNUTLS_ECDH_ANON_3DES_EDE_CBC_SHA1 { 0xC0, 0x17 }
 
183
#define GNUTLS_ECDH_ANON_AES_128_CBC_SHA1 { 0xC0, 0x18 }
 
184
#define GNUTLS_ECDH_ANON_AES_256_CBC_SHA1 { 0xC0, 0x19 }
183
185
 
184
186
/* ECC-RSA */
185
 
#define GNUTLS_ECDHE_RSA_NULL_SHA { 0xC0, 0x10 }
186
 
#define GNUTLS_ECDHE_RSA_3DES_EDE_CBC_SHA { 0xC0, 0x12 }
187
 
#define GNUTLS_ECDHE_RSA_AES_128_CBC_SHA { 0xC0, 0x13 }
188
 
#define GNUTLS_ECDHE_RSA_AES_256_CBC_SHA { 0xC0, 0x14 }
 
187
#define GNUTLS_ECDHE_RSA_NULL_SHA1 { 0xC0, 0x10 }
 
188
#define GNUTLS_ECDHE_RSA_3DES_EDE_CBC_SHA1 { 0xC0, 0x12 }
 
189
#define GNUTLS_ECDHE_RSA_AES_128_CBC_SHA1 { 0xC0, 0x13 }
 
190
#define GNUTLS_ECDHE_RSA_AES_256_CBC_SHA1 { 0xC0, 0x14 }
189
191
 
190
192
/* ECC-ECDSA */
191
 
#define GNUTLS_ECDHE_ECDSA_NULL_SHA           { 0xC0, 0x06 }
192
 
#define GNUTLS_ECDHE_ECDSA_3DES_EDE_CBC_SHA   { 0xC0, 0x08 }
193
 
#define GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA    { 0xC0, 0x09 }
194
 
#define GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA    { 0xC0, 0x0A }
 
193
#define GNUTLS_ECDHE_ECDSA_NULL_SHA1           { 0xC0, 0x06 }
 
194
#define GNUTLS_ECDHE_ECDSA_3DES_EDE_CBC_SHA1   { 0xC0, 0x08 }
 
195
#define GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA1    { 0xC0, 0x09 }
 
196
#define GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA1    { 0xC0, 0x0A }
195
197
 
196
198
/* ECC with SHA2 */
197
199
#define GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA256     {0xC0,0x23}
208
210
 
209
211
 
210
212
/* ECC with PSK */
211
 
#define GNUTLS_ECDHE_PSK_3DES_EDE_CBC_SHA { 0xC0, 0x34 }
212
 
#define GNUTLS_ECDHE_PSK_AES_128_CBC_SHA { 0xC0, 0x35 }
213
 
#define GNUTLS_ECDHE_PSK_AES_256_CBC_SHA { 0xC0, 0x36 }
 
213
#define GNUTLS_ECDHE_PSK_3DES_EDE_CBC_SHA1 { 0xC0, 0x34 }
 
214
#define GNUTLS_ECDHE_PSK_AES_128_CBC_SHA1 { 0xC0, 0x35 }
 
215
#define GNUTLS_ECDHE_PSK_AES_256_CBC_SHA1 { 0xC0, 0x36 }
214
216
#define GNUTLS_ECDHE_PSK_AES_128_CBC_SHA256 { 0xC0, 0x37 }
215
217
#define GNUTLS_ECDHE_PSK_AES_256_CBC_SHA384 { 0xC0, 0x38 }
216
218
#define GNUTLS_ECDHE_PSK_NULL_SHA256 { 0xC0, 0x3A }
500
502
                             GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
501
503
                             GNUTLS_VERSION_MAX, 1),
502
504
/* ECC-ANON */
503
 
  ENTRY (GNUTLS_ECDH_ANON_NULL_SHA,
 
505
  ENTRY (GNUTLS_ECDH_ANON_NULL_SHA1,
504
506
                             GNUTLS_CIPHER_NULL, GNUTLS_KX_ANON_ECDH,
505
507
                             GNUTLS_MAC_SHA1, GNUTLS_TLS1_0,
506
508
                             GNUTLS_VERSION_MAX, 1),
507
 
  ENTRY (GNUTLS_ECDH_ANON_3DES_EDE_CBC_SHA,
 
509
  ENTRY (GNUTLS_ECDH_ANON_3DES_EDE_CBC_SHA1,
508
510
                             GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ANON_ECDH,
509
511
                             GNUTLS_MAC_SHA1, GNUTLS_TLS1_0,
510
512
                             GNUTLS_VERSION_MAX, 1),
511
 
  ENTRY (GNUTLS_ECDH_ANON_AES_128_CBC_SHA,
 
513
  ENTRY (GNUTLS_ECDH_ANON_AES_128_CBC_SHA1,
512
514
                             GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_ECDH,
513
515
                             GNUTLS_MAC_SHA1, GNUTLS_TLS1_0,
514
516
                             GNUTLS_VERSION_MAX, 1),
515
 
  ENTRY (GNUTLS_ECDH_ANON_AES_256_CBC_SHA,
 
517
  ENTRY (GNUTLS_ECDH_ANON_AES_256_CBC_SHA1,
516
518
                             GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_ECDH,
517
519
                             GNUTLS_MAC_SHA1, GNUTLS_TLS1_0,
518
520
                             GNUTLS_VERSION_MAX, 1),
519
521
/* ECC-RSA */
520
 
  ENTRY (GNUTLS_ECDHE_RSA_NULL_SHA,
 
522
  ENTRY (GNUTLS_ECDHE_RSA_NULL_SHA1,
521
523
                             GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_RSA,
522
524
                             GNUTLS_MAC_SHA1, GNUTLS_TLS1_0,
523
525
                             GNUTLS_VERSION_MAX, 1),
524
 
  ENTRY (GNUTLS_ECDHE_RSA_3DES_EDE_CBC_SHA,
 
526
  ENTRY (GNUTLS_ECDHE_RSA_3DES_EDE_CBC_SHA1,
525
527
                             GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ECDHE_RSA,
526
528
                             GNUTLS_MAC_SHA1, GNUTLS_TLS1_0,
527
529
                             GNUTLS_VERSION_MAX, 1),
528
 
  ENTRY (GNUTLS_ECDHE_RSA_AES_128_CBC_SHA,
 
530
  ENTRY (GNUTLS_ECDHE_RSA_AES_128_CBC_SHA1,
529
531
                             GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_RSA,
530
532
                             GNUTLS_MAC_SHA1, GNUTLS_TLS1_0,
531
533
                             GNUTLS_VERSION_MAX, 1),
532
 
  ENTRY (GNUTLS_ECDHE_RSA_AES_256_CBC_SHA,
 
534
  ENTRY (GNUTLS_ECDHE_RSA_AES_256_CBC_SHA1,
533
535
                             GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_RSA,
534
536
                             GNUTLS_MAC_SHA1, GNUTLS_TLS1_0,
535
537
                             GNUTLS_VERSION_MAX, 1),
536
538
  /* ECDHE-ECDSA */
537
 
  ENTRY (GNUTLS_ECDHE_ECDSA_NULL_SHA,
 
539
  ENTRY (GNUTLS_ECDHE_ECDSA_NULL_SHA1,
538
540
                             GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_ECDSA,
539
541
                             GNUTLS_MAC_SHA1, GNUTLS_TLS1_0,
540
542
                             GNUTLS_VERSION_MAX, 1),
541
 
  ENTRY (GNUTLS_ECDHE_ECDSA_3DES_EDE_CBC_SHA,
 
543
  ENTRY (GNUTLS_ECDHE_ECDSA_3DES_EDE_CBC_SHA1,
542
544
                             GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ECDHE_ECDSA,
543
545
                             GNUTLS_MAC_SHA1, GNUTLS_TLS1_0,
544
546
                             GNUTLS_VERSION_MAX, 1),
545
 
  ENTRY (GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA,
 
547
  ENTRY (GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA1,
546
548
                             GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_ECDSA,
547
549
                             GNUTLS_MAC_SHA1, GNUTLS_TLS1_0,
548
550
                             GNUTLS_VERSION_MAX, 1),
549
 
  ENTRY (GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA,
 
551
  ENTRY (GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA1,
550
552
                             GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_ECDSA,
551
553
                             GNUTLS_MAC_SHA1, GNUTLS_TLS1_0,
552
554
                             GNUTLS_VERSION_MAX, 1),
569
571
                             GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
570
572
                             GNUTLS_VERSION_MAX, 1),
571
573
  /* ECC - PSK */
572
 
  ENTRY (GNUTLS_ECDHE_PSK_3DES_EDE_CBC_SHA,
 
574
  ENTRY (GNUTLS_ECDHE_PSK_3DES_EDE_CBC_SHA1,
573
575
                             GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ECDHE_PSK,
574
576
                             GNUTLS_MAC_SHA1, GNUTLS_TLS1_0,
575
577
                             GNUTLS_VERSION_MAX, 1),
576
 
  ENTRY (GNUTLS_ECDHE_PSK_AES_128_CBC_SHA,
 
578
  ENTRY (GNUTLS_ECDHE_PSK_AES_128_CBC_SHA1,
577
579
                             GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_PSK,
578
580
                             GNUTLS_MAC_SHA1, GNUTLS_TLS1_0,
579
581
                             GNUTLS_VERSION_MAX, 1),
580
 
  ENTRY (GNUTLS_ECDHE_PSK_AES_256_CBC_SHA,
 
582
  ENTRY (GNUTLS_ECDHE_PSK_AES_256_CBC_SHA1,
581
583
                             GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_PSK,
582
584
                             GNUTLS_MAC_SHA1, GNUTLS_TLS1_0,
583
585
                             GNUTLS_VERSION_MAX, 1),
586
588
                             GNUTLS_MAC_SHA256, GNUTLS_TLS1_0,
587
589
                             GNUTLS_VERSION_MAX, 1),
588
590
  ENTRY_PRF (GNUTLS_ECDHE_PSK_AES_256_CBC_SHA384,
589
 
                             GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_PSK,
 
591
                             GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_PSK,
590
592
                             GNUTLS_MAC_SHA384, GNUTLS_TLS1_0,
591
593
                             GNUTLS_VERSION_MAX, 1, GNUTLS_MAC_SHA384),
592
594
  ENTRY (GNUTLS_ECDHE_PSK_NULL_SHA256,
609
611
                                GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_ECDSA,
610
612
                                GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
611
613
                                GNUTLS_VERSION_MAX, 1, GNUTLS_DIG_SHA384),
612
 
 
 
614
  ENTRY_PRF(GNUTLS_PSK_WITH_AES_256_GCM_SHA384,
 
615
                                GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_PSK,
 
616
                                GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
 
617
                                GNUTLS_VERSION_MAX, 1, GNUTLS_DIG_SHA384),
 
618
  ENTRY_PRF(GNUTLS_DHE_PSK_WITH_AES_256_GCM_SHA384,
 
619
                                GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_DHE_PSK,
 
620
                                GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
 
621
                                GNUTLS_VERSION_MAX, 1, GNUTLS_DIG_SHA384),
613
622
  {0, {0, 0}, 0, 0, 0, 0, 0, 0}
614
623
};
615
624
 
776
785
 
777
786
}
778
787
 
 
788
/*-
 
789
 * _gnutls_supported_ciphersuites: 
 
790
 * @session: a TLS session
 
791
 * @cipher_suites: Where the ciphersuites will be stored (2bytes each)
 
792
 * @max_cipher_suite_size: the maximum size of the @cipher_suites buffer.
 
793
 *
 
794
 * Returns the supported ciphersuites by this session (based on priorities)
 
795
 * sorted by order of preference.
 
796
 *
 
797
 * Returns the size of the @cipher_suites buffer, or a negative value on error.
 
798
 *
 
799
 -*/
779
800
int
780
801
_gnutls_supported_ciphersuites (gnutls_session_t session,
781
802
                                uint8_t *cipher_suites, int max_cipher_suite_size)