log selected TLS version and cipher suite
[strongswan.git] / src / libtls / tls_crypto.c
index 085c11e..a384de4 100644 (file)
 
 #include <debug.h>
 
 
 #include <debug.h>
 
+ENUM_BEGIN(tls_cipher_suite_names, TLS_NULL_WITH_NULL_NULL,
+                                                                  TLS_DH_anon_WITH_3DES_EDE_CBC_SHA,
+       "TLS_NULL_WITH_NULL_NULL",
+       "TLS_RSA_WITH_NULL_MD5",
+       "TLS_RSA_WITH_NULL_SHA",
+       "TLS_RSA_EXPORT_WITH_RC4_40_MD5",
+       "TLS_RSA_WITH_RC4_128_MD5",
+       "TLS_RSA_WITH_RC4_128_SHA",
+       "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5",
+       "TLS_RSA_WITH_IDEA_CBC_SHA",
+       "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA",
+       "TLS_RSA_WITH_DES_CBC_SHA",
+       "TLS_RSA_WITH_3DES_EDE_CBC_SHA",
+       "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA",
+       "TLS_DH_DSS_WITH_DES_CBC_SHA",
+       "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA",
+       "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA",
+       "TLS_DH_RSA_WITH_DES_CBC_SHA",
+       "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA",
+       "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA",
+       "TLS_DHE_DSS_WITH_DES_CBC_SHA", 
+       "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
+       "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
+       "TLS_DHE_RSA_WITH_DES_CBC_SHA",
+       "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
+       "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5",
+       "TLS_DH_anon_WITH_RC4_128_MD5",
+       "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA",
+       "TLS_DH_anon_WITH_DES_CBC_SHA",
+       "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA");
+ENUM_NEXT(tls_cipher_suite_names, TLS_KRB5_WITH_DES_CBC_SHA,
+                                                                 TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA,
+                                                                 TLS_DH_anon_WITH_3DES_EDE_CBC_SHA,
+       "TLS_KRB5_WITH_DES_CBC_SHA",
+       "TLS_KRB5_WITH_3DES_EDE_CBC_SHA",
+       "TLS_KRB5_WITH_RC4_128_SHA",
+       "TLS_KRB5_WITH_IDEA_CBC_SHA",
+       "TLS_KRB5_WITH_DES_CBC_MD5",
+       "TLS_KRB5_WITH_3DES_EDE_CBC_MD5",
+       "TLS_KRB5_WITH_RC4_128_MD5",
+       "TLS_KRB5_WITH_IDEA_CBC_MD5",
+       "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA",
+       "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA",          
+       "TLS_KRB5_EXPORT_WITH_RC4_40_SHA",
+       "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5",
+       "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5",
+       "TLS_KRB5_EXPORT_WITH_RC4_40_MD5",
+       "TLS_PSK_WITH_NULL_SHA",
+       "TLS_DHE_PSK_WITH_NULL_SHA",
+       "TLS_RSA_PSK_WITH_NULL_SHA",
+       "TLS_RSA_WITH_AES_128_CBC_SHA",
+       "TLS_DH_DSS_WITH_AES_128_CBC_SHA",
+       "TLS_DH_RSA_WITH_AES_128_CBC_SHA",
+       "TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
+       "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
+       "TLS_DH_anon_WITH_AES_128_CBC_SHA",
+       "TLS_RSA_WITH_AES_256_CBC_SHA",
+       "TLS_DH_DSS_WITH_AES_256_CBC_SHA",
+       "TLS_DH_RSA_WITH_AES_256_CBC_SHA",
+       "TLS_DHE_DSS_WITH_AES_256_CBC_SHA",
+       "TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
+       "TLS_DH_anon_WITH_AES_256_CBC_SHA",
+       "TLS_RSA_WITH_NULL_SHA256",
+       "TLS_RSA_WITH_AES_128_CBC_SHA256 ",
+       "TLS_RSA_WITH_AES_256_CBC_SHA256",
+       "TLS_DH_DSS_WITH_AES_128_CBC_SHA256",
+       "TLS_DH_RSA_WITH_AES_128_CBC_SHA256",
+       "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256",
+       "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA",
+       "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA",
+       "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA",
+       "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA",
+       "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA",        
+       "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA");
+ENUM_NEXT(tls_cipher_suite_names, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
+                                                                 TLS_DH_anon_WITH_AES_256_CBC_SHA256,
+                                                                 TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA,
+       "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",
+       "TLS_DH_DSS_WITH_AES_256_CBC_SHA256",
+       "TLS_DH_RSA_WITH_AES_256_CBC_SHA256",
+       "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256",
+       "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",
+       "TLS_DH_anon_WITH_AES_128_CBC_SHA256",
+       "TLS_DH_anon_WITH_AES_256_CBC_SHA256");
+ENUM_NEXT(tls_cipher_suite_names, TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
+                                                                 TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256,     
+                                                                 TLS_DH_anon_WITH_AES_256_CBC_SHA256,
+       "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA",
+       "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA",
+       "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA",
+       "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA",
+       "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA",
+       "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA",
+       "TLS_PSK_WITH_RC4_128_SHA",
+       "TLS_PSK_WITH_3DES_EDE_CBC_SHA2",
+       "TLS_PSK_WITH_AES_128_CBC_SHA",
+       "TLS_PSK_WITH_AES_256_CBC_SHA",
+       "TLS_DHE_PSK_WITH_RC4_128_SHA",
+       "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA",
+       "TLS_DHE_PSK_WITH_AES_128_CBC_SHA",
+       "TLS_DHE_PSK_WITH_AES_256_CBC_SHA2",
+       "TLS_RSA_PSK_WITH_RC4_128_SHA",
+       "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA",
+       "TLS_RSA_PSK_WITH_AES_128_CBC_SHA",
+       "TLS_RSA_PSK_WITH_AES_256_CBC_SHA",
+       "TLS_RSA_WITH_SEED_CBC_SHA",
+       "TLS_DH_DSS_WITH_SEED_CBC_SHA",
+       "TLS_DH_RSA_WITH_SEED_CBC_SHA",
+       "TLS_DHE_DSS_WITH_SEED_CBC_SHA",
+       "TLS_DHE_RSA_WITH_SEED_CBC_SHA",
+       "TLS_DH_anon_WITH_SEED_CBC_SHA",
+       "TLS_RSA_WITH_AES_128_GCM_SHA256",
+       "TLS_RSA_WITH_AES_256_GCM_SHA384",
+       "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
+       "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
+       "TLS_DH_RSA_WITH_AES_128_GCM_SHA256",
+       "TLS_DH_RSA_WITH_AES_256_GCM_SHA384",
+       "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256",
+       "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384",
+       "TLS_DH_DSS_WITH_AES_128_GCM_SHA256",
+       "TLS_DH_DSS_WITH_AES_256_GCM_SHA384",
+       "TLS_DH_anon_WITH_AES_128_GCM_SHA256",
+       "TLS_DH_anon_WITH_AES_256_GCM_SHA384",
+       "TLS_PSK_WITH_AES_128_GCM_SHA256",
+       "TLS_PSK_WITH_AES_256_GCM_SHA384",
+       "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256",
+       "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384",
+       "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256",
+       "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384",
+       "TLS_PSK_WITH_AES_128_CBC_SHA256",
+       "TLS_PSK_WITH_AES_256_CBC_SHA384",
+       "TLS_PSK_WITH_NULL_SHA256",
+       "TLS_PSK_WITH_NULL_SHA384",
+       "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256",
+       "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384",
+       "TLS_DHE_PSK_WITH_NULL_SHA256",
+       "TLS_DHE_PSK_WITH_NULL_SHA384",
+       "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256",
+       "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384",
+       "TLS_RSA_PSK_WITH_NULL_SHA256",
+       "TLS_RSA_PSK_WITH_NULL_SHA384",
+       "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256",
+       "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256",
+       "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256",
+       "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256",
+       "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256",
+       "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256",
+       "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256",
+       "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256",
+       "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256",
+       "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256",
+       "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256",
+       "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256");
+ENUM_NEXT(tls_cipher_suite_names, TLS_EMPTY_RENEGOTIATION_INFO_SCSV,
+                                                                 TLS_EMPTY_RENEGOTIATION_INFO_SCSV,    
+                                                                 TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256,
+       "TLS_EMPTY_RENEGOTIATION_INFO_SCSV");
+ENUM_NEXT(tls_cipher_suite_names, TLS_ECDH_ECDSA_WITH_NULL_SHA,
+                                                                 TLS_ECDHE_PSK_WITH_NULL_SHA384,       
+                                                                 TLS_EMPTY_RENEGOTIATION_INFO_SCSV,
+       "TLS_ECDH_ECDSA_WITH_NULL_SHA",
+       "TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
+       "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA",
+       "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",
+       "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA",
+       "TLS_ECDHE_ECDSA_WITH_NULL_SHA",
+       "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
+       "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
+       "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
+       "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
+       "TLS_ECDH_RSA_WITH_NULL_SHA",
+       "TLS_ECDH_RSA_WITH_RC4_128_SHA",
+       "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA",
+       "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",
+       "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA",
+       "TLS_ECDHE_RSA_WITH_NULL_SHA",
+       "TLS_ECDHE_RSA_WITH_RC4_128_SHA",
+       "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
+       "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
+       "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
+       "TLS_ECDH_anon_WITH_NULL_SHA",
+       "TLS_ECDH_anon_WITH_RC4_128_SHA",
+       "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA",
+       "TLS_ECDH_anon_WITH_AES_128_CBC_SHA",
+       "TLS_ECDH_anon_WITH_AES_256_CBC_SHA",
+       "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA",
+       "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA",
+       "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA",
+       "TLS_SRP_SHA_WITH_AES_128_CBC_SHA",
+       "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA",
+       "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA",
+       "TLS_SRP_SHA_WITH_AES_256_CBC_SHA",
+       "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA",
+       "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA",
+       "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
+       "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
+       "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256",
+       "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384",
+       "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
+       "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
+       "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256",
+       "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384",
+       "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
+       "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
+       "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256",
+       "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384",
+       "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
+       "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
+       "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256",
+       "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384",
+       "TLS_ECDHE_PSK_WITH_RC4_128_SHA",
+       "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA",
+       "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA",
+       "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA",
+       "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256",
+       "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384",
+       "TLS_ECDHE_PSK_WITH_NULL_SHA",
+       "TLS_ECDHE_PSK_WITH_NULL_SHA256",
+       "TLS_ECDHE_PSK_WITH_NULL_SHA384");
+ENUM_END(tls_cipher_suite_names, TLS_ECDHE_PSK_WITH_NULL_SHA384);
+
 typedef struct private_tls_crypto_t private_tls_crypto_t;
 
 /**
 typedef struct private_tls_crypto_t private_tls_crypto_t;
 
 /**