cipher_suite.c (29036B)
1 /*************************************************************************** 2 * _ _ ____ _ 3 * Project ___| | | | _ \| | 4 * / __| | | | |_) | | 5 * | (__| |_| | _ <| |___ 6 * \___|\___/|_| \_\_____| 7 * 8 * Copyright (C) Jan Venekamp, <jan@venekamp.net> 9 * 10 * This software is licensed as described in the file COPYING, which 11 * you should have received as part of this distribution. The terms 12 * are also available at https://curl.se/docs/copyright.html. 13 * 14 * You may opt to use, copy, modify, merge, publish, distribute and/or sell 15 * copies of the Software, and permit persons to whom the Software is 16 * furnished to do so, under the terms of the COPYING file. 17 * 18 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY 19 * KIND, either express or implied. 20 * 21 * SPDX-License-Identifier: curl 22 * 23 ***************************************************************************/ 24 #include "../curl_setup.h" 25 26 #if defined(USE_MBEDTLS) || defined(USE_RUSTLS) 27 #include "cipher_suite.h" 28 #include "../curl_printf.h" 29 #include <string.h> 30 31 /* 32 * To support the CURLOPT_SSL_CIPHER_LIST option on SSL backends 33 * that do not support it natively, but do support setting a list of 34 * IANA ids, we need a list of all supported cipher suite names 35 * (OpenSSL and IANA) to be able to look up the IANA ids. 36 * 37 * To keep the binary size of this list down we compress each entry 38 * down to 2 + 6 bytes using the C preprocessor. 39 */ 40 41 /* 42 * mbedTLS NOTE: mbedTLS has mbedtls_ssl_get_ciphersuite_id() to 43 * convert a string representation to an IANA id, we do not use that 44 * because it does not support "standard" OpenSSL cipher suite 45 * names, nor IANA names. 46 */ 47 48 /* NOTE: also see tests/unit/unit3205.c */ 49 50 /* Text for cipher suite parts (max 64 entries), 51 keep indexes below in sync with this! */ 52 static const char *cs_txt = 53 "\0" 54 "TLS" "\0" 55 "WITH" "\0" 56 "128" "\0" 57 "256" "\0" 58 "3DES" "\0" 59 "8" "\0" 60 "AES" "\0" 61 "AES128" "\0" 62 "AES256" "\0" 63 "CBC" "\0" 64 "CBC3" "\0" 65 "CCM" "\0" 66 "CCM8" "\0" 67 "CHACHA20" "\0" 68 "DES" "\0" 69 "DHE" "\0" 70 "ECDH" "\0" 71 "ECDHE" "\0" 72 "ECDSA" "\0" 73 "EDE" "\0" 74 "GCM" "\0" 75 "MD5" "\0" 76 "NULL" "\0" 77 "POLY1305" "\0" 78 "PSK" "\0" 79 "RSA" "\0" 80 "SHA" "\0" 81 "SHA256" "\0" 82 "SHA384" "\0" 83 #if defined(USE_MBEDTLS) 84 "ARIA" "\0" 85 "ARIA128" "\0" 86 "ARIA256" "\0" 87 "CAMELLIA" "\0" 88 "CAMELLIA128" "\0" 89 "CAMELLIA256" "\0" 90 #endif 91 ; 92 /* Indexes of above cs_txt */ 93 enum { 94 CS_TXT_IDX_, 95 CS_TXT_IDX_TLS, 96 CS_TXT_IDX_WITH, 97 CS_TXT_IDX_128, 98 CS_TXT_IDX_256, 99 CS_TXT_IDX_3DES, 100 CS_TXT_IDX_8, 101 CS_TXT_IDX_AES, 102 CS_TXT_IDX_AES128, 103 CS_TXT_IDX_AES256, 104 CS_TXT_IDX_CBC, 105 CS_TXT_IDX_CBC3, 106 CS_TXT_IDX_CCM, 107 CS_TXT_IDX_CCM8, 108 CS_TXT_IDX_CHACHA20, 109 CS_TXT_IDX_DES, 110 CS_TXT_IDX_DHE, 111 CS_TXT_IDX_ECDH, 112 CS_TXT_IDX_ECDHE, 113 CS_TXT_IDX_ECDSA, 114 CS_TXT_IDX_EDE, 115 CS_TXT_IDX_GCM, 116 CS_TXT_IDX_MD5, 117 CS_TXT_IDX_NULL, 118 CS_TXT_IDX_POLY1305, 119 CS_TXT_IDX_PSK, 120 CS_TXT_IDX_RSA, 121 CS_TXT_IDX_SHA, 122 CS_TXT_IDX_SHA256, 123 CS_TXT_IDX_SHA384, 124 #if defined(USE_MBEDTLS) 125 CS_TXT_IDX_ARIA, 126 CS_TXT_IDX_ARIA128, 127 CS_TXT_IDX_ARIA256, 128 CS_TXT_IDX_CAMELLIA, 129 CS_TXT_IDX_CAMELLIA128, 130 CS_TXT_IDX_CAMELLIA256, 131 #endif 132 CS_TXT_LEN, 133 }; 134 135 #define CS_ZIP_IDX(a, b, c, d, e, f, g, h) \ 136 { \ 137 (uint8_t) ((((a) << 2) & 0xFF) | ((b) & 0x3F) >> 4), \ 138 (uint8_t) ((((b) << 4) & 0xFF) | ((c) & 0x3F) >> 2), \ 139 (uint8_t) ((((c) << 6) & 0xFF) | ((d) & 0x3F)), \ 140 (uint8_t) ((((e) << 2) & 0xFF) | ((f) & 0x3F) >> 4), \ 141 (uint8_t) ((((f) << 4) & 0xFF) | ((g) & 0x3F) >> 2), \ 142 (uint8_t) ((((g) << 6) & 0xFF) | ((h) & 0x3F)) \ 143 } 144 #define CS_ENTRY(id, a, b, c, d, e, f, g, h) \ 145 { \ 146 id, \ 147 CS_ZIP_IDX( \ 148 CS_TXT_IDX_ ## a, CS_TXT_IDX_ ## b, \ 149 CS_TXT_IDX_ ## c, CS_TXT_IDX_ ## d, \ 150 CS_TXT_IDX_ ## e, CS_TXT_IDX_ ## f, \ 151 CS_TXT_IDX_ ## g, CS_TXT_IDX_ ## h \ 152 ) \ 153 } 154 155 struct cs_entry { 156 uint16_t id; 157 uint8_t zip[6]; 158 }; 159 160 /* !checksrc! disable COMMANOSPACE all */ 161 static const struct cs_entry cs_list [] = { 162 /* TLS 1.3 ciphers */ 163 #if defined(USE_MBEDTLS) || defined(USE_RUSTLS) 164 CS_ENTRY(0x1301, TLS,AES,128,GCM,SHA256,,,), 165 CS_ENTRY(0x1302, TLS,AES,256,GCM,SHA384,,,), 166 CS_ENTRY(0x1303, TLS,CHACHA20,POLY1305,SHA256,,,,), 167 CS_ENTRY(0x1304, TLS,AES,128,CCM,SHA256,,,), 168 CS_ENTRY(0x1305, TLS,AES,128,CCM,8,SHA256,,), 169 #endif 170 /* TLS 1.2 ciphers */ 171 CS_ENTRY(0xC02B, TLS,ECDHE,ECDSA,WITH,AES,128,GCM,SHA256), 172 CS_ENTRY(0xC02B, ECDHE,ECDSA,AES128,GCM,SHA256,,,), 173 CS_ENTRY(0xC02C, TLS,ECDHE,ECDSA,WITH,AES,256,GCM,SHA384), 174 CS_ENTRY(0xC02C, ECDHE,ECDSA,AES256,GCM,SHA384,,,), 175 CS_ENTRY(0xC02F, TLS,ECDHE,RSA,WITH,AES,128,GCM,SHA256), 176 CS_ENTRY(0xC02F, ECDHE,RSA,AES128,GCM,SHA256,,,), 177 CS_ENTRY(0xC030, TLS,ECDHE,RSA,WITH,AES,256,GCM,SHA384), 178 CS_ENTRY(0xC030, ECDHE,RSA,AES256,GCM,SHA384,,,), 179 CS_ENTRY(0xCCA8, TLS,ECDHE,RSA,WITH,CHACHA20,POLY1305,SHA256,), 180 CS_ENTRY(0xCCA8, ECDHE,RSA,CHACHA20,POLY1305,,,,), 181 CS_ENTRY(0xCCA9, TLS,ECDHE,ECDSA,WITH,CHACHA20,POLY1305,SHA256,), 182 CS_ENTRY(0xCCA9, ECDHE,ECDSA,CHACHA20,POLY1305,,,,), 183 #if defined(USE_MBEDTLS) 184 CS_ENTRY(0x002F, TLS,RSA,WITH,AES,128,CBC,SHA,), 185 CS_ENTRY(0x002F, AES128,SHA,,,,,,), 186 CS_ENTRY(0x0035, TLS,RSA,WITH,AES,256,CBC,SHA,), 187 CS_ENTRY(0x0035, AES256,SHA,,,,,,), 188 CS_ENTRY(0x003C, TLS,RSA,WITH,AES,128,CBC,SHA256,), 189 CS_ENTRY(0x003C, AES128,SHA256,,,,,,), 190 CS_ENTRY(0x003D, TLS,RSA,WITH,AES,256,CBC,SHA256,), 191 CS_ENTRY(0x003D, AES256,SHA256,,,,,,), 192 CS_ENTRY(0x009C, TLS,RSA,WITH,AES,128,GCM,SHA256,), 193 CS_ENTRY(0x009C, AES128,GCM,SHA256,,,,,), 194 CS_ENTRY(0x009D, TLS,RSA,WITH,AES,256,GCM,SHA384,), 195 CS_ENTRY(0x009D, AES256,GCM,SHA384,,,,,), 196 CS_ENTRY(0xC004, TLS,ECDH,ECDSA,WITH,AES,128,CBC,SHA), 197 CS_ENTRY(0xC004, ECDH,ECDSA,AES128,SHA,,,,), 198 CS_ENTRY(0xC005, TLS,ECDH,ECDSA,WITH,AES,256,CBC,SHA), 199 CS_ENTRY(0xC005, ECDH,ECDSA,AES256,SHA,,,,), 200 CS_ENTRY(0xC009, TLS,ECDHE,ECDSA,WITH,AES,128,CBC,SHA), 201 CS_ENTRY(0xC009, ECDHE,ECDSA,AES128,SHA,,,,), 202 CS_ENTRY(0xC00A, TLS,ECDHE,ECDSA,WITH,AES,256,CBC,SHA), 203 CS_ENTRY(0xC00A, ECDHE,ECDSA,AES256,SHA,,,,), 204 CS_ENTRY(0xC00E, TLS,ECDH,RSA,WITH,AES,128,CBC,SHA), 205 CS_ENTRY(0xC00E, ECDH,RSA,AES128,SHA,,,,), 206 CS_ENTRY(0xC00F, TLS,ECDH,RSA,WITH,AES,256,CBC,SHA), 207 CS_ENTRY(0xC00F, ECDH,RSA,AES256,SHA,,,,), 208 CS_ENTRY(0xC013, TLS,ECDHE,RSA,WITH,AES,128,CBC,SHA), 209 CS_ENTRY(0xC013, ECDHE,RSA,AES128,SHA,,,,), 210 CS_ENTRY(0xC014, TLS,ECDHE,RSA,WITH,AES,256,CBC,SHA), 211 CS_ENTRY(0xC014, ECDHE,RSA,AES256,SHA,,,,), 212 CS_ENTRY(0xC023, TLS,ECDHE,ECDSA,WITH,AES,128,CBC,SHA256), 213 CS_ENTRY(0xC023, ECDHE,ECDSA,AES128,SHA256,,,,), 214 CS_ENTRY(0xC024, TLS,ECDHE,ECDSA,WITH,AES,256,CBC,SHA384), 215 CS_ENTRY(0xC024, ECDHE,ECDSA,AES256,SHA384,,,,), 216 CS_ENTRY(0xC025, TLS,ECDH,ECDSA,WITH,AES,128,CBC,SHA256), 217 CS_ENTRY(0xC025, ECDH,ECDSA,AES128,SHA256,,,,), 218 CS_ENTRY(0xC026, TLS,ECDH,ECDSA,WITH,AES,256,CBC,SHA384), 219 CS_ENTRY(0xC026, ECDH,ECDSA,AES256,SHA384,,,,), 220 CS_ENTRY(0xC027, TLS,ECDHE,RSA,WITH,AES,128,CBC,SHA256), 221 CS_ENTRY(0xC027, ECDHE,RSA,AES128,SHA256,,,,), 222 CS_ENTRY(0xC028, TLS,ECDHE,RSA,WITH,AES,256,CBC,SHA384), 223 CS_ENTRY(0xC028, ECDHE,RSA,AES256,SHA384,,,,), 224 CS_ENTRY(0xC029, TLS,ECDH,RSA,WITH,AES,128,CBC,SHA256), 225 CS_ENTRY(0xC029, ECDH,RSA,AES128,SHA256,,,,), 226 CS_ENTRY(0xC02A, TLS,ECDH,RSA,WITH,AES,256,CBC,SHA384), 227 CS_ENTRY(0xC02A, ECDH,RSA,AES256,SHA384,,,,), 228 CS_ENTRY(0xC02D, TLS,ECDH,ECDSA,WITH,AES,128,GCM,SHA256), 229 CS_ENTRY(0xC02D, ECDH,ECDSA,AES128,GCM,SHA256,,,), 230 CS_ENTRY(0xC02E, TLS,ECDH,ECDSA,WITH,AES,256,GCM,SHA384), 231 CS_ENTRY(0xC02E, ECDH,ECDSA,AES256,GCM,SHA384,,,), 232 CS_ENTRY(0xC031, TLS,ECDH,RSA,WITH,AES,128,GCM,SHA256), 233 CS_ENTRY(0xC031, ECDH,RSA,AES128,GCM,SHA256,,,), 234 CS_ENTRY(0xC032, TLS,ECDH,RSA,WITH,AES,256,GCM,SHA384), 235 CS_ENTRY(0xC032, ECDH,RSA,AES256,GCM,SHA384,,,), 236 #endif 237 #if defined(USE_MBEDTLS) 238 CS_ENTRY(0x0001, TLS,RSA,WITH,NULL,MD5,,,), 239 CS_ENTRY(0x0001, NULL,MD5,,,,,,), 240 CS_ENTRY(0x0002, TLS,RSA,WITH,NULL,SHA,,,), 241 CS_ENTRY(0x0002, NULL,SHA,,,,,,), 242 CS_ENTRY(0x002C, TLS,PSK,WITH,NULL,SHA,,,), 243 CS_ENTRY(0x002C, PSK,NULL,SHA,,,,,), 244 CS_ENTRY(0x002D, TLS,DHE,PSK,WITH,NULL,SHA,,), 245 CS_ENTRY(0x002D, DHE,PSK,NULL,SHA,,,,), 246 CS_ENTRY(0x002E, TLS,RSA,PSK,WITH,NULL,SHA,,), 247 CS_ENTRY(0x002E, RSA,PSK,NULL,SHA,,,,), 248 CS_ENTRY(0x0033, TLS,DHE,RSA,WITH,AES,128,CBC,SHA), 249 CS_ENTRY(0x0033, DHE,RSA,AES128,SHA,,,,), 250 CS_ENTRY(0x0039, TLS,DHE,RSA,WITH,AES,256,CBC,SHA), 251 CS_ENTRY(0x0039, DHE,RSA,AES256,SHA,,,,), 252 CS_ENTRY(0x003B, TLS,RSA,WITH,NULL,SHA256,,,), 253 CS_ENTRY(0x003B, NULL,SHA256,,,,,,), 254 CS_ENTRY(0x0067, TLS,DHE,RSA,WITH,AES,128,CBC,SHA256), 255 CS_ENTRY(0x0067, DHE,RSA,AES128,SHA256,,,,), 256 CS_ENTRY(0x006B, TLS,DHE,RSA,WITH,AES,256,CBC,SHA256), 257 CS_ENTRY(0x006B, DHE,RSA,AES256,SHA256,,,,), 258 CS_ENTRY(0x008C, TLS,PSK,WITH,AES,128,CBC,SHA,), 259 CS_ENTRY(0x008C, PSK,AES128,CBC,SHA,,,,), 260 CS_ENTRY(0x008D, TLS,PSK,WITH,AES,256,CBC,SHA,), 261 CS_ENTRY(0x008D, PSK,AES256,CBC,SHA,,,,), 262 CS_ENTRY(0x0090, TLS,DHE,PSK,WITH,AES,128,CBC,SHA), 263 CS_ENTRY(0x0090, DHE,PSK,AES128,CBC,SHA,,,), 264 CS_ENTRY(0x0091, TLS,DHE,PSK,WITH,AES,256,CBC,SHA), 265 CS_ENTRY(0x0091, DHE,PSK,AES256,CBC,SHA,,,), 266 CS_ENTRY(0x0094, TLS,RSA,PSK,WITH,AES,128,CBC,SHA), 267 CS_ENTRY(0x0094, RSA,PSK,AES128,CBC,SHA,,,), 268 CS_ENTRY(0x0095, TLS,RSA,PSK,WITH,AES,256,CBC,SHA), 269 CS_ENTRY(0x0095, RSA,PSK,AES256,CBC,SHA,,,), 270 CS_ENTRY(0x009E, TLS,DHE,RSA,WITH,AES,128,GCM,SHA256), 271 CS_ENTRY(0x009E, DHE,RSA,AES128,GCM,SHA256,,,), 272 CS_ENTRY(0x009F, TLS,DHE,RSA,WITH,AES,256,GCM,SHA384), 273 CS_ENTRY(0x009F, DHE,RSA,AES256,GCM,SHA384,,,), 274 CS_ENTRY(0x00A8, TLS,PSK,WITH,AES,128,GCM,SHA256,), 275 CS_ENTRY(0x00A8, PSK,AES128,GCM,SHA256,,,,), 276 CS_ENTRY(0x00A9, TLS,PSK,WITH,AES,256,GCM,SHA384,), 277 CS_ENTRY(0x00A9, PSK,AES256,GCM,SHA384,,,,), 278 CS_ENTRY(0x00AA, TLS,DHE,PSK,WITH,AES,128,GCM,SHA256), 279 CS_ENTRY(0x00AA, DHE,PSK,AES128,GCM,SHA256,,,), 280 CS_ENTRY(0x00AB, TLS,DHE,PSK,WITH,AES,256,GCM,SHA384), 281 CS_ENTRY(0x00AB, DHE,PSK,AES256,GCM,SHA384,,,), 282 CS_ENTRY(0x00AC, TLS,RSA,PSK,WITH,AES,128,GCM,SHA256), 283 CS_ENTRY(0x00AC, RSA,PSK,AES128,GCM,SHA256,,,), 284 CS_ENTRY(0x00AD, TLS,RSA,PSK,WITH,AES,256,GCM,SHA384), 285 CS_ENTRY(0x00AD, RSA,PSK,AES256,GCM,SHA384,,,), 286 CS_ENTRY(0x00AE, TLS,PSK,WITH,AES,128,CBC,SHA256,), 287 CS_ENTRY(0x00AE, PSK,AES128,CBC,SHA256,,,,), 288 CS_ENTRY(0x00AF, TLS,PSK,WITH,AES,256,CBC,SHA384,), 289 CS_ENTRY(0x00AF, PSK,AES256,CBC,SHA384,,,,), 290 CS_ENTRY(0x00B0, TLS,PSK,WITH,NULL,SHA256,,,), 291 CS_ENTRY(0x00B0, PSK,NULL,SHA256,,,,,), 292 CS_ENTRY(0x00B1, TLS,PSK,WITH,NULL,SHA384,,,), 293 CS_ENTRY(0x00B1, PSK,NULL,SHA384,,,,,), 294 CS_ENTRY(0x00B2, TLS,DHE,PSK,WITH,AES,128,CBC,SHA256), 295 CS_ENTRY(0x00B2, DHE,PSK,AES128,CBC,SHA256,,,), 296 CS_ENTRY(0x00B3, TLS,DHE,PSK,WITH,AES,256,CBC,SHA384), 297 CS_ENTRY(0x00B3, DHE,PSK,AES256,CBC,SHA384,,,), 298 CS_ENTRY(0x00B4, TLS,DHE,PSK,WITH,NULL,SHA256,,), 299 CS_ENTRY(0x00B4, DHE,PSK,NULL,SHA256,,,,), 300 CS_ENTRY(0x00B5, TLS,DHE,PSK,WITH,NULL,SHA384,,), 301 CS_ENTRY(0x00B5, DHE,PSK,NULL,SHA384,,,,), 302 CS_ENTRY(0x00B6, TLS,RSA,PSK,WITH,AES,128,CBC,SHA256), 303 CS_ENTRY(0x00B6, RSA,PSK,AES128,CBC,SHA256,,,), 304 CS_ENTRY(0x00B7, TLS,RSA,PSK,WITH,AES,256,CBC,SHA384), 305 CS_ENTRY(0x00B7, RSA,PSK,AES256,CBC,SHA384,,,), 306 CS_ENTRY(0x00B8, TLS,RSA,PSK,WITH,NULL,SHA256,,), 307 CS_ENTRY(0x00B8, RSA,PSK,NULL,SHA256,,,,), 308 CS_ENTRY(0x00B9, TLS,RSA,PSK,WITH,NULL,SHA384,,), 309 CS_ENTRY(0x00B9, RSA,PSK,NULL,SHA384,,,,), 310 CS_ENTRY(0xC001, TLS,ECDH,ECDSA,WITH,NULL,SHA,,), 311 CS_ENTRY(0xC001, ECDH,ECDSA,NULL,SHA,,,,), 312 CS_ENTRY(0xC006, TLS,ECDHE,ECDSA,WITH,NULL,SHA,,), 313 CS_ENTRY(0xC006, ECDHE,ECDSA,NULL,SHA,,,,), 314 CS_ENTRY(0xC00B, TLS,ECDH,RSA,WITH,NULL,SHA,,), 315 CS_ENTRY(0xC00B, ECDH,RSA,NULL,SHA,,,,), 316 CS_ENTRY(0xC010, TLS,ECDHE,RSA,WITH,NULL,SHA,,), 317 CS_ENTRY(0xC010, ECDHE,RSA,NULL,SHA,,,,), 318 CS_ENTRY(0xC035, TLS,ECDHE,PSK,WITH,AES,128,CBC,SHA), 319 CS_ENTRY(0xC035, ECDHE,PSK,AES128,CBC,SHA,,,), 320 CS_ENTRY(0xC036, TLS,ECDHE,PSK,WITH,AES,256,CBC,SHA), 321 CS_ENTRY(0xC036, ECDHE,PSK,AES256,CBC,SHA,,,), 322 CS_ENTRY(0xCCAB, TLS,PSK,WITH,CHACHA20,POLY1305,SHA256,,), 323 CS_ENTRY(0xCCAB, PSK,CHACHA20,POLY1305,,,,,), 324 #endif 325 #if defined(USE_MBEDTLS) 326 CS_ENTRY(0xC09C, TLS,RSA,WITH,AES,128,CCM,,), 327 CS_ENTRY(0xC09C, AES128,CCM,,,,,,), 328 CS_ENTRY(0xC09D, TLS,RSA,WITH,AES,256,CCM,,), 329 CS_ENTRY(0xC09D, AES256,CCM,,,,,,), 330 CS_ENTRY(0xC0A0, TLS,RSA,WITH,AES,128,CCM,8,), 331 CS_ENTRY(0xC0A0, AES128,CCM8,,,,,,), 332 CS_ENTRY(0xC0A1, TLS,RSA,WITH,AES,256,CCM,8,), 333 CS_ENTRY(0xC0A1, AES256,CCM8,,,,,,), 334 CS_ENTRY(0xC0AC, TLS,ECDHE,ECDSA,WITH,AES,128,CCM,), 335 CS_ENTRY(0xC0AC, ECDHE,ECDSA,AES128,CCM,,,,), 336 CS_ENTRY(0xC0AD, TLS,ECDHE,ECDSA,WITH,AES,256,CCM,), 337 CS_ENTRY(0xC0AD, ECDHE,ECDSA,AES256,CCM,,,,), 338 CS_ENTRY(0xC0AE, TLS,ECDHE,ECDSA,WITH,AES,128,CCM,8), 339 CS_ENTRY(0xC0AE, ECDHE,ECDSA,AES128,CCM8,,,,), 340 CS_ENTRY(0xC0AF, TLS,ECDHE,ECDSA,WITH,AES,256,CCM,8), 341 CS_ENTRY(0xC0AF, ECDHE,ECDSA,AES256,CCM8,,,,), 342 #endif 343 #if defined(USE_MBEDTLS) 344 /* entries marked ns are "non-standard", they are not in OpenSSL */ 345 CS_ENTRY(0x0041, TLS,RSA,WITH,CAMELLIA,128,CBC,SHA,), 346 CS_ENTRY(0x0041, CAMELLIA128,SHA,,,,,,), 347 CS_ENTRY(0x0045, TLS,DHE,RSA,WITH,CAMELLIA,128,CBC,SHA), 348 CS_ENTRY(0x0045, DHE,RSA,CAMELLIA128,SHA,,,,), 349 CS_ENTRY(0x0084, TLS,RSA,WITH,CAMELLIA,256,CBC,SHA,), 350 CS_ENTRY(0x0084, CAMELLIA256,SHA,,,,,,), 351 CS_ENTRY(0x0088, TLS,DHE,RSA,WITH,CAMELLIA,256,CBC,SHA), 352 CS_ENTRY(0x0088, DHE,RSA,CAMELLIA256,SHA,,,,), 353 CS_ENTRY(0x00BA, TLS,RSA,WITH,CAMELLIA,128,CBC,SHA256,), 354 CS_ENTRY(0x00BA, CAMELLIA128,SHA256,,,,,,), 355 CS_ENTRY(0x00BE, TLS,DHE,RSA,WITH,CAMELLIA,128,CBC,SHA256), 356 CS_ENTRY(0x00BE, DHE,RSA,CAMELLIA128,SHA256,,,,), 357 CS_ENTRY(0x00C0, TLS,RSA,WITH,CAMELLIA,256,CBC,SHA256,), 358 CS_ENTRY(0x00C0, CAMELLIA256,SHA256,,,,,,), 359 CS_ENTRY(0x00C4, TLS,DHE,RSA,WITH,CAMELLIA,256,CBC,SHA256), 360 CS_ENTRY(0x00C4, DHE,RSA,CAMELLIA256,SHA256,,,,), 361 CS_ENTRY(0xC037, TLS,ECDHE,PSK,WITH,AES,128,CBC,SHA256), 362 CS_ENTRY(0xC037, ECDHE,PSK,AES128,CBC,SHA256,,,), 363 CS_ENTRY(0xC038, TLS,ECDHE,PSK,WITH,AES,256,CBC,SHA384), 364 CS_ENTRY(0xC038, ECDHE,PSK,AES256,CBC,SHA384,,,), 365 CS_ENTRY(0xC039, TLS,ECDHE,PSK,WITH,NULL,SHA,,), 366 CS_ENTRY(0xC039, ECDHE,PSK,NULL,SHA,,,,), 367 CS_ENTRY(0xC03A, TLS,ECDHE,PSK,WITH,NULL,SHA256,,), 368 CS_ENTRY(0xC03A, ECDHE,PSK,NULL,SHA256,,,,), 369 CS_ENTRY(0xC03B, TLS,ECDHE,PSK,WITH,NULL,SHA384,,), 370 CS_ENTRY(0xC03B, ECDHE,PSK,NULL,SHA384,,,,), 371 CS_ENTRY(0xC03C, TLS,RSA,WITH,ARIA,128,CBC,SHA256,), 372 CS_ENTRY(0xC03C, ARIA128,SHA256,,,,,,), /* ns */ 373 CS_ENTRY(0xC03D, TLS,RSA,WITH,ARIA,256,CBC,SHA384,), 374 CS_ENTRY(0xC03D, ARIA256,SHA384,,,,,,), /* ns */ 375 CS_ENTRY(0xC044, TLS,DHE,RSA,WITH,ARIA,128,CBC,SHA256), 376 CS_ENTRY(0xC044, DHE,RSA,ARIA128,SHA256,,,,), /* ns */ 377 CS_ENTRY(0xC045, TLS,DHE,RSA,WITH,ARIA,256,CBC,SHA384), 378 CS_ENTRY(0xC045, DHE,RSA,ARIA256,SHA384,,,,), /* ns */ 379 CS_ENTRY(0xC048, TLS,ECDHE,ECDSA,WITH,ARIA,128,CBC,SHA256), 380 CS_ENTRY(0xC048, ECDHE,ECDSA,ARIA128,SHA256,,,,), /* ns */ 381 CS_ENTRY(0xC049, TLS,ECDHE,ECDSA,WITH,ARIA,256,CBC,SHA384), 382 CS_ENTRY(0xC049, ECDHE,ECDSA,ARIA256,SHA384,,,,), /* ns */ 383 CS_ENTRY(0xC04A, TLS,ECDH,ECDSA,WITH,ARIA,128,CBC,SHA256), 384 CS_ENTRY(0xC04A, ECDH,ECDSA,ARIA128,SHA256,,,,), /* ns */ 385 CS_ENTRY(0xC04B, TLS,ECDH,ECDSA,WITH,ARIA,256,CBC,SHA384), 386 CS_ENTRY(0xC04B, ECDH,ECDSA,ARIA256,SHA384,,,,), /* ns */ 387 CS_ENTRY(0xC04C, TLS,ECDHE,RSA,WITH,ARIA,128,CBC,SHA256), 388 CS_ENTRY(0xC04C, ECDHE,ARIA128,SHA256,,,,,), /* ns */ 389 CS_ENTRY(0xC04D, TLS,ECDHE,RSA,WITH,ARIA,256,CBC,SHA384), 390 CS_ENTRY(0xC04D, ECDHE,ARIA256,SHA384,,,,,), /* ns */ 391 CS_ENTRY(0xC04E, TLS,ECDH,RSA,WITH,ARIA,128,CBC,SHA256), 392 CS_ENTRY(0xC04E, ECDH,ARIA128,SHA256,,,,,), /* ns */ 393 CS_ENTRY(0xC04F, TLS,ECDH,RSA,WITH,ARIA,256,CBC,SHA384), 394 CS_ENTRY(0xC04F, ECDH,ARIA256,SHA384,,,,,), /* ns */ 395 CS_ENTRY(0xC050, TLS,RSA,WITH,ARIA,128,GCM,SHA256,), 396 CS_ENTRY(0xC050, ARIA128,GCM,SHA256,,,,,), 397 CS_ENTRY(0xC051, TLS,RSA,WITH,ARIA,256,GCM,SHA384,), 398 CS_ENTRY(0xC051, ARIA256,GCM,SHA384,,,,,), 399 CS_ENTRY(0xC052, TLS,DHE,RSA,WITH,ARIA,128,GCM,SHA256), 400 CS_ENTRY(0xC052, DHE,RSA,ARIA128,GCM,SHA256,,,), 401 CS_ENTRY(0xC053, TLS,DHE,RSA,WITH,ARIA,256,GCM,SHA384), 402 CS_ENTRY(0xC053, DHE,RSA,ARIA256,GCM,SHA384,,,), 403 CS_ENTRY(0xC05C, TLS,ECDHE,ECDSA,WITH,ARIA,128,GCM,SHA256), 404 CS_ENTRY(0xC05C, ECDHE,ECDSA,ARIA128,GCM,SHA256,,,), 405 CS_ENTRY(0xC05D, TLS,ECDHE,ECDSA,WITH,ARIA,256,GCM,SHA384), 406 CS_ENTRY(0xC05D, ECDHE,ECDSA,ARIA256,GCM,SHA384,,,), 407 CS_ENTRY(0xC05E, TLS,ECDH,ECDSA,WITH,ARIA,128,GCM,SHA256), 408 CS_ENTRY(0xC05E, ECDH,ECDSA,ARIA128,GCM,SHA256,,,), /* ns */ 409 CS_ENTRY(0xC05F, TLS,ECDH,ECDSA,WITH,ARIA,256,GCM,SHA384), 410 CS_ENTRY(0xC05F, ECDH,ECDSA,ARIA256,GCM,SHA384,,,), /* ns */ 411 CS_ENTRY(0xC060, TLS,ECDHE,RSA,WITH,ARIA,128,GCM,SHA256), 412 CS_ENTRY(0xC060, ECDHE,ARIA128,GCM,SHA256,,,,), 413 CS_ENTRY(0xC061, TLS,ECDHE,RSA,WITH,ARIA,256,GCM,SHA384), 414 CS_ENTRY(0xC061, ECDHE,ARIA256,GCM,SHA384,,,,), 415 CS_ENTRY(0xC062, TLS,ECDH,RSA,WITH,ARIA,128,GCM,SHA256), 416 CS_ENTRY(0xC062, ECDH,ARIA128,GCM,SHA256,,,,), /* ns */ 417 CS_ENTRY(0xC063, TLS,ECDH,RSA,WITH,ARIA,256,GCM,SHA384), 418 CS_ENTRY(0xC063, ECDH,ARIA256,GCM,SHA384,,,,), /* ns */ 419 CS_ENTRY(0xC064, TLS,PSK,WITH,ARIA,128,CBC,SHA256,), 420 CS_ENTRY(0xC064, PSK,ARIA128,SHA256,,,,,), /* ns */ 421 CS_ENTRY(0xC065, TLS,PSK,WITH,ARIA,256,CBC,SHA384,), 422 CS_ENTRY(0xC065, PSK,ARIA256,SHA384,,,,,), /* ns */ 423 CS_ENTRY(0xC066, TLS,DHE,PSK,WITH,ARIA,128,CBC,SHA256), 424 CS_ENTRY(0xC066, DHE,PSK,ARIA128,SHA256,,,,), /* ns */ 425 CS_ENTRY(0xC067, TLS,DHE,PSK,WITH,ARIA,256,CBC,SHA384), 426 CS_ENTRY(0xC067, DHE,PSK,ARIA256,SHA384,,,,), /* ns */ 427 CS_ENTRY(0xC068, TLS,RSA,PSK,WITH,ARIA,128,CBC,SHA256), 428 CS_ENTRY(0xC068, RSA,PSK,ARIA128,SHA256,,,,), /* ns */ 429 CS_ENTRY(0xC069, TLS,RSA,PSK,WITH,ARIA,256,CBC,SHA384), 430 CS_ENTRY(0xC069, RSA,PSK,ARIA256,SHA384,,,,), /* ns */ 431 CS_ENTRY(0xC06A, TLS,PSK,WITH,ARIA,128,GCM,SHA256,), 432 CS_ENTRY(0xC06A, PSK,ARIA128,GCM,SHA256,,,,), 433 CS_ENTRY(0xC06B, TLS,PSK,WITH,ARIA,256,GCM,SHA384,), 434 CS_ENTRY(0xC06B, PSK,ARIA256,GCM,SHA384,,,,), 435 CS_ENTRY(0xC06C, TLS,DHE,PSK,WITH,ARIA,128,GCM,SHA256), 436 CS_ENTRY(0xC06C, DHE,PSK,ARIA128,GCM,SHA256,,,), 437 CS_ENTRY(0xC06D, TLS,DHE,PSK,WITH,ARIA,256,GCM,SHA384), 438 CS_ENTRY(0xC06D, DHE,PSK,ARIA256,GCM,SHA384,,,), 439 CS_ENTRY(0xC06E, TLS,RSA,PSK,WITH,ARIA,128,GCM,SHA256), 440 CS_ENTRY(0xC06E, RSA,PSK,ARIA128,GCM,SHA256,,,), 441 CS_ENTRY(0xC06F, TLS,RSA,PSK,WITH,ARIA,256,GCM,SHA384), 442 CS_ENTRY(0xC06F, RSA,PSK,ARIA256,GCM,SHA384,,,), 443 CS_ENTRY(0xC070, TLS,ECDHE,PSK,WITH,ARIA,128,CBC,SHA256), 444 CS_ENTRY(0xC070, ECDHE,PSK,ARIA128,SHA256,,,,), /* ns */ 445 CS_ENTRY(0xC071, TLS,ECDHE,PSK,WITH,ARIA,256,CBC,SHA384), 446 CS_ENTRY(0xC071, ECDHE,PSK,ARIA256,SHA384,,,,), /* ns */ 447 CS_ENTRY(0xC072, TLS,ECDHE,ECDSA,WITH,CAMELLIA,128,CBC,SHA256), 448 CS_ENTRY(0xC072, ECDHE,ECDSA,CAMELLIA128,SHA256,,,,), 449 CS_ENTRY(0xC073, TLS,ECDHE,ECDSA,WITH,CAMELLIA,256,CBC,SHA384), 450 CS_ENTRY(0xC073, ECDHE,ECDSA,CAMELLIA256,SHA384,,,,), 451 CS_ENTRY(0xC074, TLS,ECDH,ECDSA,WITH,CAMELLIA,128,CBC,SHA256), 452 CS_ENTRY(0xC074, ECDH,ECDSA,CAMELLIA128,SHA256,,,,), /* ns */ 453 CS_ENTRY(0xC075, TLS,ECDH,ECDSA,WITH,CAMELLIA,256,CBC,SHA384), 454 CS_ENTRY(0xC075, ECDH,ECDSA,CAMELLIA256,SHA384,,,,), /* ns */ 455 CS_ENTRY(0xC076, TLS,ECDHE,RSA,WITH,CAMELLIA,128,CBC,SHA256), 456 CS_ENTRY(0xC076, ECDHE,RSA,CAMELLIA128,SHA256,,,,), 457 CS_ENTRY(0xC077, TLS,ECDHE,RSA,WITH,CAMELLIA,256,CBC,SHA384), 458 CS_ENTRY(0xC077, ECDHE,RSA,CAMELLIA256,SHA384,,,,), 459 CS_ENTRY(0xC078, TLS,ECDH,RSA,WITH,CAMELLIA,128,CBC,SHA256), 460 CS_ENTRY(0xC078, ECDH,CAMELLIA128,SHA256,,,,,), /* ns */ 461 CS_ENTRY(0xC079, TLS,ECDH,RSA,WITH,CAMELLIA,256,CBC,SHA384), 462 CS_ENTRY(0xC079, ECDH,CAMELLIA256,SHA384,,,,,), /* ns */ 463 CS_ENTRY(0xC07A, TLS,RSA,WITH,CAMELLIA,128,GCM,SHA256,), 464 CS_ENTRY(0xC07A, CAMELLIA128,GCM,SHA256,,,,,), /* ns */ 465 CS_ENTRY(0xC07B, TLS,RSA,WITH,CAMELLIA,256,GCM,SHA384,), 466 CS_ENTRY(0xC07B, CAMELLIA256,GCM,SHA384,,,,,), /* ns */ 467 CS_ENTRY(0xC07C, TLS,DHE,RSA,WITH,CAMELLIA,128,GCM,SHA256), 468 CS_ENTRY(0xC07C, DHE,RSA,CAMELLIA128,GCM,SHA256,,,), /* ns */ 469 CS_ENTRY(0xC07D, TLS,DHE,RSA,WITH,CAMELLIA,256,GCM,SHA384), 470 CS_ENTRY(0xC07D, DHE,RSA,CAMELLIA256,GCM,SHA384,,,), /* ns */ 471 CS_ENTRY(0xC086, TLS,ECDHE,ECDSA,WITH,CAMELLIA,128,GCM,SHA256), 472 CS_ENTRY(0xC086, ECDHE,ECDSA,CAMELLIA128,GCM,SHA256,,,), /* ns */ 473 CS_ENTRY(0xC087, TLS,ECDHE,ECDSA,WITH,CAMELLIA,256,GCM,SHA384), 474 CS_ENTRY(0xC087, ECDHE,ECDSA,CAMELLIA256,GCM,SHA384,,,), /* ns */ 475 CS_ENTRY(0xC088, TLS,ECDH,ECDSA,WITH,CAMELLIA,128,GCM,SHA256), 476 CS_ENTRY(0xC088, ECDH,ECDSA,CAMELLIA128,GCM,SHA256,,,), /* ns */ 477 CS_ENTRY(0xC089, TLS,ECDH,ECDSA,WITH,CAMELLIA,256,GCM,SHA384), 478 CS_ENTRY(0xC089, ECDH,ECDSA,CAMELLIA256,GCM,SHA384,,,), /* ns */ 479 CS_ENTRY(0xC08A, TLS,ECDHE,RSA,WITH,CAMELLIA,128,GCM,SHA256), 480 CS_ENTRY(0xC08A, ECDHE,CAMELLIA128,GCM,SHA256,,,,), /* ns */ 481 CS_ENTRY(0xC08B, TLS,ECDHE,RSA,WITH,CAMELLIA,256,GCM,SHA384), 482 CS_ENTRY(0xC08B, ECDHE,CAMELLIA256,GCM,SHA384,,,,), /* ns */ 483 CS_ENTRY(0xC08C, TLS,ECDH,RSA,WITH,CAMELLIA,128,GCM,SHA256), 484 CS_ENTRY(0xC08C, ECDH,CAMELLIA128,GCM,SHA256,,,,), /* ns */ 485 CS_ENTRY(0xC08D, TLS,ECDH,RSA,WITH,CAMELLIA,256,GCM,SHA384), 486 CS_ENTRY(0xC08D, ECDH,CAMELLIA256,GCM,SHA384,,,,), /* ns */ 487 CS_ENTRY(0xC08E, TLS,PSK,WITH,CAMELLIA,128,GCM,SHA256,), 488 CS_ENTRY(0xC08E, PSK,CAMELLIA128,GCM,SHA256,,,,), /* ns */ 489 CS_ENTRY(0xC08F, TLS,PSK,WITH,CAMELLIA,256,GCM,SHA384,), 490 CS_ENTRY(0xC08F, PSK,CAMELLIA256,GCM,SHA384,,,,), /* ns */ 491 CS_ENTRY(0xC090, TLS,DHE,PSK,WITH,CAMELLIA,128,GCM,SHA256), 492 CS_ENTRY(0xC090, DHE,PSK,CAMELLIA128,GCM,SHA256,,,), /* ns */ 493 CS_ENTRY(0xC091, TLS,DHE,PSK,WITH,CAMELLIA,256,GCM,SHA384), 494 CS_ENTRY(0xC091, DHE,PSK,CAMELLIA256,GCM,SHA384,,,), /* ns */ 495 CS_ENTRY(0xC092, TLS,RSA,PSK,WITH,CAMELLIA,128,GCM,SHA256), 496 CS_ENTRY(0xC092, RSA,PSK,CAMELLIA128,GCM,SHA256,,,), /* ns */ 497 CS_ENTRY(0xC093, TLS,RSA,PSK,WITH,CAMELLIA,256,GCM,SHA384), 498 CS_ENTRY(0xC093, RSA,PSK,CAMELLIA256,GCM,SHA384,,,), /* ns */ 499 CS_ENTRY(0xC094, TLS,PSK,WITH,CAMELLIA,128,CBC,SHA256,), 500 CS_ENTRY(0xC094, PSK,CAMELLIA128,SHA256,,,,,), 501 CS_ENTRY(0xC095, TLS,PSK,WITH,CAMELLIA,256,CBC,SHA384,), 502 CS_ENTRY(0xC095, PSK,CAMELLIA256,SHA384,,,,,), 503 CS_ENTRY(0xC096, TLS,DHE,PSK,WITH,CAMELLIA,128,CBC,SHA256), 504 CS_ENTRY(0xC096, DHE,PSK,CAMELLIA128,SHA256,,,,), 505 CS_ENTRY(0xC097, TLS,DHE,PSK,WITH,CAMELLIA,256,CBC,SHA384), 506 CS_ENTRY(0xC097, DHE,PSK,CAMELLIA256,SHA384,,,,), 507 CS_ENTRY(0xC098, TLS,RSA,PSK,WITH,CAMELLIA,128,CBC,SHA256), 508 CS_ENTRY(0xC098, RSA,PSK,CAMELLIA128,SHA256,,,,), 509 CS_ENTRY(0xC099, TLS,RSA,PSK,WITH,CAMELLIA,256,CBC,SHA384), 510 CS_ENTRY(0xC099, RSA,PSK,CAMELLIA256,SHA384,,,,), 511 CS_ENTRY(0xC09A, TLS,ECDHE,PSK,WITH,CAMELLIA,128,CBC,SHA256), 512 CS_ENTRY(0xC09A, ECDHE,PSK,CAMELLIA128,SHA256,,,,), 513 CS_ENTRY(0xC09B, TLS,ECDHE,PSK,WITH,CAMELLIA,256,CBC,SHA384), 514 CS_ENTRY(0xC09B, ECDHE,PSK,CAMELLIA256,SHA384,,,,), 515 CS_ENTRY(0xC09E, TLS,DHE,RSA,WITH,AES,128,CCM,), 516 CS_ENTRY(0xC09E, DHE,RSA,AES128,CCM,,,,), 517 CS_ENTRY(0xC09F, TLS,DHE,RSA,WITH,AES,256,CCM,), 518 CS_ENTRY(0xC09F, DHE,RSA,AES256,CCM,,,,), 519 CS_ENTRY(0xC0A2, TLS,DHE,RSA,WITH,AES,128,CCM,8), 520 CS_ENTRY(0xC0A2, DHE,RSA,AES128,CCM8,,,,), 521 CS_ENTRY(0xC0A3, TLS,DHE,RSA,WITH,AES,256,CCM,8), 522 CS_ENTRY(0xC0A3, DHE,RSA,AES256,CCM8,,,,), 523 CS_ENTRY(0xC0A4, TLS,PSK,WITH,AES,128,CCM,,), 524 CS_ENTRY(0xC0A4, PSK,AES128,CCM,,,,,), 525 CS_ENTRY(0xC0A5, TLS,PSK,WITH,AES,256,CCM,,), 526 CS_ENTRY(0xC0A5, PSK,AES256,CCM,,,,,), 527 CS_ENTRY(0xC0A6, TLS,DHE,PSK,WITH,AES,128,CCM,), 528 CS_ENTRY(0xC0A6, DHE,PSK,AES128,CCM,,,,), 529 CS_ENTRY(0xC0A7, TLS,DHE,PSK,WITH,AES,256,CCM,), 530 CS_ENTRY(0xC0A7, DHE,PSK,AES256,CCM,,,,), 531 CS_ENTRY(0xC0A8, TLS,PSK,WITH,AES,128,CCM,8,), 532 CS_ENTRY(0xC0A8, PSK,AES128,CCM8,,,,,), 533 CS_ENTRY(0xC0A9, TLS,PSK,WITH,AES,256,CCM,8,), 534 CS_ENTRY(0xC0A9, PSK,AES256,CCM8,,,,,), 535 CS_ENTRY(0xC0AA, TLS,PSK,DHE,WITH,AES,128,CCM,8), 536 CS_ENTRY(0xC0AA, DHE,PSK,AES128,CCM8,,,,), 537 CS_ENTRY(0xC0AB, TLS,PSK,DHE,WITH,AES,256,CCM,8), 538 CS_ENTRY(0xC0AB, DHE,PSK,AES256,CCM8,,,,), 539 CS_ENTRY(0xCCAA, TLS,DHE,RSA,WITH,CHACHA20,POLY1305,SHA256,), 540 CS_ENTRY(0xCCAA, DHE,RSA,CHACHA20,POLY1305,,,,), 541 CS_ENTRY(0xCCAC, TLS,ECDHE,PSK,WITH,CHACHA20,POLY1305,SHA256,), 542 CS_ENTRY(0xCCAC, ECDHE,PSK,CHACHA20,POLY1305,,,,), 543 CS_ENTRY(0xCCAD, TLS,DHE,PSK,WITH,CHACHA20,POLY1305,SHA256,), 544 CS_ENTRY(0xCCAD, DHE,PSK,CHACHA20,POLY1305,,,,), 545 CS_ENTRY(0xCCAE, TLS,RSA,PSK,WITH,CHACHA20,POLY1305,SHA256,), 546 CS_ENTRY(0xCCAE, RSA,PSK,CHACHA20,POLY1305,,,,), 547 #endif 548 }; 549 #define CS_LIST_LEN CURL_ARRAYSIZE(cs_list) 550 551 static int cs_str_to_zip(const char *cs_str, size_t cs_len, 552 uint8_t zip[6]) 553 { 554 uint8_t indexes[8] = {0}; 555 const char *entry, *cur; 556 const char *nxt = cs_str; 557 const char *end = cs_str + cs_len; 558 char separator = '-'; 559 int idx, i = 0; 560 size_t len; 561 562 /* split the cipher string by '-' or '_' */ 563 if(curl_strnequal(cs_str, "TLS", 3)) 564 separator = '_'; 565 566 do { 567 if(i == 8) 568 return -1; 569 570 /* determine the length of the part */ 571 cur = nxt; 572 for(; nxt < end && *nxt != '\0' && *nxt != separator; nxt++); 573 len = nxt - cur; 574 575 /* lookup index for the part (skip empty string at 0) */ 576 for(idx = 1, entry = cs_txt + 1; idx < CS_TXT_LEN; idx++) { 577 size_t elen = strlen(entry); 578 if(elen == len && curl_strnequal(entry, cur, len)) 579 break; 580 entry += elen + 1; 581 } 582 if(idx == CS_TXT_LEN) 583 return -1; 584 585 indexes[i++] = (uint8_t) idx; 586 } while(nxt < end && *(nxt++) != '\0'); 587 588 /* zip the 8 indexes into 48 bits */ 589 zip[0] = (uint8_t) (indexes[0] << 2 | (indexes[1] & 0x3F) >> 4); 590 zip[1] = (uint8_t) (indexes[1] << 4 | (indexes[2] & 0x3F) >> 2); 591 zip[2] = (uint8_t) (indexes[2] << 6 | (indexes[3] & 0x3F)); 592 zip[3] = (uint8_t) (indexes[4] << 2 | (indexes[5] & 0x3F) >> 4); 593 zip[4] = (uint8_t) (indexes[5] << 4 | (indexes[6] & 0x3F) >> 2); 594 zip[5] = (uint8_t) (indexes[6] << 6 | (indexes[7] & 0x3F)); 595 596 return 0; 597 } 598 599 static int cs_zip_to_str(const uint8_t zip[6], 600 char *buf, size_t buf_size) 601 { 602 uint8_t indexes[8] = {0}; 603 const char *entry; 604 char separator = '-'; 605 int idx, i, r; 606 size_t len = 0; 607 608 /* unzip the 8 indexes */ 609 indexes[0] = zip[0] >> 2; 610 indexes[1] = (uint8_t)(((zip[0] << 4) & 0x3F) | zip[1] >> 4); 611 indexes[2] = (uint8_t)(((zip[1] << 2) & 0x3F) | zip[2] >> 6); 612 indexes[3] = ((zip[2] << 0) & 0x3F); 613 indexes[4] = zip[3] >> 2; 614 indexes[5] = (uint8_t)(((zip[3] << 4) & 0x3F) | zip[4] >> 4); 615 indexes[6] = (uint8_t)(((zip[4] << 2) & 0x3F) | zip[5] >> 6); 616 indexes[7] = ((zip[5] << 0) & 0x3F); 617 618 if(indexes[0] == CS_TXT_IDX_TLS) 619 separator = '_'; 620 621 for(i = 0; i < 8 && indexes[i] != 0 && len < buf_size; i++) { 622 if(indexes[i] >= CS_TXT_LEN) 623 return -1; 624 625 /* lookup the part string for the index (skip empty string at 0) */ 626 for(idx = 1, entry = cs_txt + 1; idx < indexes[i]; idx++) { 627 size_t elen = strlen(entry); 628 entry += elen + 1; 629 } 630 631 /* append the part string to the buffer */ 632 if(i > 0) 633 r = msnprintf(&buf[len], buf_size - len, "%c%s", separator, entry); 634 else 635 r = msnprintf(&buf[len], buf_size - len, "%s", entry); 636 637 if(r < 0) 638 return -1; 639 len += r; 640 } 641 642 return 0; 643 } 644 645 uint16_t Curl_cipher_suite_lookup_id(const char *cs_str, size_t cs_len) 646 { 647 size_t i; 648 uint8_t zip[6]; 649 650 if(cs_len > 0 && cs_str_to_zip(cs_str, cs_len, zip) == 0) { 651 for(i = 0; i < CS_LIST_LEN; i++) { 652 if(memcmp(cs_list[i].zip, zip, sizeof(zip)) == 0) 653 return cs_list[i].id; 654 } 655 } 656 657 return 0; 658 } 659 660 static bool cs_is_separator(char c) 661 { 662 switch(c) { 663 case ' ': 664 case '\t': 665 case ':': 666 case ',': 667 case ';': 668 return TRUE; 669 default:; 670 } 671 return FALSE; 672 } 673 674 uint16_t Curl_cipher_suite_walk_str(const char **str, const char **end) 675 { 676 /* move string pointer to first non-separator or end of string */ 677 for(; cs_is_separator(*str[0]); (*str)++); 678 679 /* move end pointer to next separator or end of string */ 680 for(*end = *str; *end[0] != '\0' && !cs_is_separator(*end[0]); (*end)++); 681 682 return Curl_cipher_suite_lookup_id(*str, *end - *str); 683 } 684 685 int Curl_cipher_suite_get_str(uint16_t id, char *buf, size_t buf_size, 686 bool prefer_rfc) 687 { 688 size_t i, j = CS_LIST_LEN; 689 int r = -1; 690 691 for(i = 0; i < CS_LIST_LEN; i++) { 692 if(cs_list[i].id != id) 693 continue; 694 if((cs_list[i].zip[0] >> 2 != CS_TXT_IDX_TLS) == !prefer_rfc) { 695 j = i; 696 break; 697 } 698 if(j == CS_LIST_LEN) 699 j = i; 700 } 701 702 if(j < CS_LIST_LEN) 703 r = cs_zip_to_str(cs_list[j].zip, buf, buf_size); 704 705 if(r < 0) 706 msnprintf(buf, buf_size, "TLS_UNKNOWN_0x%04x", id); 707 708 return r; 709 } 710 711 #endif /* defined(USE_MBEDTLS) || defined(USE_RUSTLS) */