1 /***************************************************************************
2 * _ _ ____ _
3 * Project ___| | | | _ \| |
4 * / __| | | | |_) | |
5 * | (__| |_| | _ <| |___
6 * \___|\___/|_| \_\_____|
7 *
8 * Copyright (C) Jan Venekamp, <jan@venekamp.net>
9 *
10 * This software is licensed as described in the file COPYING, which
11 * you should have received as part of this distribution. The terms
12 * are also available at https://curl.se/docs/copyright.html.
13 *
14 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15 * copies of the Software, and permit persons to whom the Software is
16 * furnished to do so, under the terms of the COPYING file.
17 *
18 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19 * KIND, either express or implied.
20 *
21 * SPDX-License-Identifier: curl
22 *
23 ***************************************************************************/
24 #include "curlcheck.h"
25
26 #include "vtls/cipher_suite.h"
27
unit_setup(void)28 static CURLcode unit_setup(void)
29 {
30 return CURLE_OK;
31 }
32
unit_stop(void)33 static void unit_stop(void)
34 {
35 }
36
37 #if defined(USE_MBEDTLS) || defined(USE_BEARSSL)
38
39 struct test_cs_entry {
40 uint16_t id;
41 const char *rfc;
42 const char *openssl;
43 };
44 static const struct test_cs_entry test_cs_list[] = {
45 { 0x002F, "TLS_RSA_WITH_AES_128_CBC_SHA",
46 "AES128-SHA" },
47 { 0x0035, "TLS_RSA_WITH_AES_256_CBC_SHA",
48 "AES256-SHA" },
49 { 0x003C, "TLS_RSA_WITH_AES_128_CBC_SHA256",
50 "AES128-SHA256" },
51 { 0x003D, "TLS_RSA_WITH_AES_256_CBC_SHA256",
52 "AES256-SHA256" },
53 { 0x009C, "TLS_RSA_WITH_AES_128_GCM_SHA256",
54 "AES128-GCM-SHA256" },
55 { 0x009D, "TLS_RSA_WITH_AES_256_GCM_SHA384",
56 "AES256-GCM-SHA384" },
57 { 0xC004, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",
58 "ECDH-ECDSA-AES128-SHA" },
59 { 0xC005, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA",
60 "ECDH-ECDSA-AES256-SHA" },
61 { 0xC009, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
62 "ECDHE-ECDSA-AES128-SHA" },
63 { 0xC00A, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
64 "ECDHE-ECDSA-AES256-SHA" },
65 { 0xC00E, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",
66 "ECDH-RSA-AES128-SHA" },
67 { 0xC00F, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA",
68 "ECDH-RSA-AES256-SHA" },
69 { 0xC013, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
70 "ECDHE-RSA-AES128-SHA" },
71 { 0xC014, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
72 "ECDHE-RSA-AES256-SHA" },
73 { 0xC023, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
74 "ECDHE-ECDSA-AES128-SHA256" },
75 { 0xC024, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
76 "ECDHE-ECDSA-AES256-SHA384" },
77 { 0xC025, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256",
78 "ECDH-ECDSA-AES128-SHA256" },
79 { 0xC026, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384",
80 "ECDH-ECDSA-AES256-SHA384" },
81 { 0xC027, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
82 "ECDHE-RSA-AES128-SHA256" },
83 { 0xC028, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
84 "ECDHE-RSA-AES256-SHA384" },
85 { 0xC029, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256",
86 "ECDH-RSA-AES128-SHA256" },
87 { 0xC02A, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384",
88 "ECDH-RSA-AES256-SHA384" },
89 { 0xC02B, "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
90 "ECDHE-ECDSA-AES128-GCM-SHA256" },
91 { 0xC02C, "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
92 "ECDHE-ECDSA-AES256-GCM-SHA384" },
93 { 0xC02D, "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256",
94 "ECDH-ECDSA-AES128-GCM-SHA256" },
95 { 0xC02E, "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384",
96 "ECDH-ECDSA-AES256-GCM-SHA384" },
97 { 0xC02F, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
98 "ECDHE-RSA-AES128-GCM-SHA256" },
99 { 0xC030, "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
100 "ECDHE-RSA-AES256-GCM-SHA384" },
101 { 0xC031, "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256",
102 "ECDH-RSA-AES128-GCM-SHA256" },
103 { 0xC032, "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384",
104 "ECDH-RSA-AES256-GCM-SHA384" },
105 { 0xCCA8, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
106 "ECDHE-RSA-CHACHA20-POLY1305" },
107 { 0xCCA9, "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
108 "ECDHE-ECDSA-CHACHA20-POLY1305" },
109 #if defined(USE_MBEDTLS)
110 { 0x0001, "TLS_RSA_WITH_NULL_MD5",
111 "NULL-MD5" },
112 { 0x0002, "TLS_RSA_WITH_NULL_SHA",
113 "NULL-SHA" },
114 { 0x002C, "TLS_PSK_WITH_NULL_SHA",
115 "PSK-NULL-SHA" },
116 { 0x002D, "TLS_DHE_PSK_WITH_NULL_SHA",
117 "DHE-PSK-NULL-SHA" },
118 { 0x002E, "TLS_RSA_PSK_WITH_NULL_SHA",
119 "RSA-PSK-NULL-SHA" },
120 { 0x0033, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
121 "DHE-RSA-AES128-SHA" },
122 { 0x0039, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
123 "DHE-RSA-AES256-SHA" },
124 { 0x003B, "TLS_RSA_WITH_NULL_SHA256",
125 "NULL-SHA256" },
126 { 0x0067, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",
127 "DHE-RSA-AES128-SHA256" },
128 { 0x006B, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",
129 "DHE-RSA-AES256-SHA256" },
130 { 0x008C, "TLS_PSK_WITH_AES_128_CBC_SHA",
131 "PSK-AES128-CBC-SHA" },
132 { 0x008D, "TLS_PSK_WITH_AES_256_CBC_SHA",
133 "PSK-AES256-CBC-SHA" },
134 { 0x0090, "TLS_DHE_PSK_WITH_AES_128_CBC_SHA",
135 "DHE-PSK-AES128-CBC-SHA" },
136 { 0x0091, "TLS_DHE_PSK_WITH_AES_256_CBC_SHA",
137 "DHE-PSK-AES256-CBC-SHA" },
138 { 0x0094, "TLS_RSA_PSK_WITH_AES_128_CBC_SHA",
139 "RSA-PSK-AES128-CBC-SHA" },
140 { 0x0095, "TLS_RSA_PSK_WITH_AES_256_CBC_SHA",
141 "RSA-PSK-AES256-CBC-SHA" },
142 { 0x009E, "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
143 "DHE-RSA-AES128-GCM-SHA256" },
144 { 0x009F, "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
145 "DHE-RSA-AES256-GCM-SHA384" },
146 { 0x00A8, "TLS_PSK_WITH_AES_128_GCM_SHA256",
147 "PSK-AES128-GCM-SHA256" },
148 { 0x00A9, "TLS_PSK_WITH_AES_256_GCM_SHA384",
149 "PSK-AES256-GCM-SHA384" },
150 { 0x00AA, "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256",
151 "DHE-PSK-AES128-GCM-SHA256" },
152 { 0x00AB, "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384",
153 "DHE-PSK-AES256-GCM-SHA384" },
154 { 0x00AC, "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256",
155 "RSA-PSK-AES128-GCM-SHA256" },
156 { 0x00AD, "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384",
157 "RSA-PSK-AES256-GCM-SHA384" },
158 { 0x00AE, "TLS_PSK_WITH_AES_128_CBC_SHA256",
159 "PSK-AES128-CBC-SHA256" },
160 { 0x00AF, "TLS_PSK_WITH_AES_256_CBC_SHA384",
161 "PSK-AES256-CBC-SHA384" },
162 { 0x00B0, "TLS_PSK_WITH_NULL_SHA256",
163 "PSK-NULL-SHA256" },
164 { 0x00B1, "TLS_PSK_WITH_NULL_SHA384",
165 "PSK-NULL-SHA384" },
166 { 0x00B2, "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256",
167 "DHE-PSK-AES128-CBC-SHA256" },
168 { 0x00B3, "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384",
169 "DHE-PSK-AES256-CBC-SHA384" },
170 { 0x00B4, "TLS_DHE_PSK_WITH_NULL_SHA256",
171 "DHE-PSK-NULL-SHA256" },
172 { 0x00B5, "TLS_DHE_PSK_WITH_NULL_SHA384",
173 "DHE-PSK-NULL-SHA384" },
174 { 0x00B6, "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256",
175 "RSA-PSK-AES128-CBC-SHA256" },
176 { 0x00B7, "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384",
177 "RSA-PSK-AES256-CBC-SHA384" },
178 { 0x00B8, "TLS_RSA_PSK_WITH_NULL_SHA256",
179 "RSA-PSK-NULL-SHA256" },
180 { 0x00B9, "TLS_RSA_PSK_WITH_NULL_SHA384",
181 "RSA-PSK-NULL-SHA384" },
182 { 0x1301, "TLS_AES_128_GCM_SHA256",
183 NULL },
184 { 0x1302, "TLS_AES_256_GCM_SHA384",
185 NULL },
186 { 0x1303, "TLS_CHACHA20_POLY1305_SHA256",
187 NULL },
188 { 0x1304, "TLS_AES_128_CCM_SHA256",
189 NULL },
190 { 0x1305, "TLS_AES_128_CCM_8_SHA256",
191 NULL },
192 { 0xC001, "TLS_ECDH_ECDSA_WITH_NULL_SHA",
193 "ECDH-ECDSA-NULL-SHA" },
194 { 0xC006, "TLS_ECDHE_ECDSA_WITH_NULL_SHA",
195 "ECDHE-ECDSA-NULL-SHA" },
196 { 0xC00B, "TLS_ECDH_RSA_WITH_NULL_SHA",
197 "ECDH-RSA-NULL-SHA" },
198 { 0xC010, "TLS_ECDHE_RSA_WITH_NULL_SHA",
199 "ECDHE-RSA-NULL-SHA" },
200 { 0xC035, "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA",
201 "ECDHE-PSK-AES128-CBC-SHA" },
202 { 0xC036, "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA",
203 "ECDHE-PSK-AES256-CBC-SHA" },
204 { 0xCCAB, "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256",
205 "PSK-CHACHA20-POLY1305" },
206 #endif
207 #if defined(USE_BEARSSL)
208 { 0x000A, "TLS_RSA_WITH_3DES_EDE_CBC_SHA",
209 "DES-CBC3-SHA" },
210 { 0xC003, "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA",
211 "ECDH-ECDSA-DES-CBC3-SHA" },
212 { 0xC008, "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
213 "ECDHE-ECDSA-DES-CBC3-SHA" },
214 { 0xC00D, "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA",
215 "ECDH-RSA-DES-CBC3-SHA" },
216 { 0xC012, "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
217 "ECDHE-RSA-DES-CBC3-SHA" },
218 #endif
219 { 0xC09C, "TLS_RSA_WITH_AES_128_CCM",
220 "AES128-CCM" },
221 { 0xC09D, "TLS_RSA_WITH_AES_256_CCM",
222 "AES256-CCM" },
223 { 0xC0A0, "TLS_RSA_WITH_AES_128_CCM_8",
224 "AES128-CCM8" },
225 { 0xC0A1, "TLS_RSA_WITH_AES_256_CCM_8",
226 "AES256-CCM8" },
227 { 0xC0AC, "TLS_ECDHE_ECDSA_WITH_AES_128_CCM",
228 "ECDHE-ECDSA-AES128-CCM" },
229 { 0xC0AD, "TLS_ECDHE_ECDSA_WITH_AES_256_CCM",
230 "ECDHE-ECDSA-AES256-CCM" },
231 { 0xC0AE, "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8",
232 "ECDHE-ECDSA-AES128-CCM8" },
233 { 0xC0AF, "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8",
234 "ECDHE-ECDSA-AES256-CCM8" },
235 #if defined(USE_MBEDTLS)
236 /* entries marked ns are non-"standard", they are not in openssl */
237 { 0x0041, "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA",
238 "CAMELLIA128-SHA" },
239 { 0x0045, "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA",
240 "DHE-RSA-CAMELLIA128-SHA" },
241 { 0x0084, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA",
242 "CAMELLIA256-SHA" },
243 { 0x0088, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA",
244 "DHE-RSA-CAMELLIA256-SHA" },
245 { 0x00BA, "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256",
246 "CAMELLIA128-SHA256" },
247 { 0x00BE, "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256",
248 "DHE-RSA-CAMELLIA128-SHA256" },
249 { 0x00C0, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256",
250 "CAMELLIA256-SHA256" },
251 { 0x00C4, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256",
252 "DHE-RSA-CAMELLIA256-SHA256" },
253 { 0xC037, "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256",
254 "ECDHE-PSK-AES128-CBC-SHA256" },
255 { 0xC038, "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384",
256 "ECDHE-PSK-AES256-CBC-SHA384" },
257 { 0xC039, "TLS_ECDHE_PSK_WITH_NULL_SHA",
258 "ECDHE-PSK-NULL-SHA" },
259 { 0xC03A, "TLS_ECDHE_PSK_WITH_NULL_SHA256",
260 "ECDHE-PSK-NULL-SHA256" },
261 { 0xC03B, "TLS_ECDHE_PSK_WITH_NULL_SHA384",
262 "ECDHE-PSK-NULL-SHA384" },
263 { 0xC03C, "TLS_RSA_WITH_ARIA_128_CBC_SHA256",
264 "ARIA128-SHA256" /* ns */ },
265 { 0xC03D, "TLS_RSA_WITH_ARIA_256_CBC_SHA384",
266 "ARIA256-SHA384" /* ns */ },
267 { 0xC044, "TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256",
268 "DHE-RSA-ARIA128-SHA256" /* ns */ },
269 { 0xC045, "TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384",
270 "DHE-RSA-ARIA256-SHA384" /* ns */ },
271 { 0xC048, "TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256",
272 "ECDHE-ECDSA-ARIA128-SHA256" /* ns */ },
273 { 0xC049, "TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384",
274 "ECDHE-ECDSA-ARIA256-SHA384" /* ns */ },
275 { 0xC04A, "TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256",
276 "ECDH-ECDSA-ARIA128-SHA256" /* ns */ },
277 { 0xC04B, "TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384",
278 "ECDH-ECDSA-ARIA256-SHA384" /* ns */ },
279 { 0xC04C, "TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256",
280 "ECDHE-ARIA128-SHA256" /* ns */ },
281 { 0xC04D, "TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384",
282 "ECDHE-ARIA256-SHA384" /* ns */ },
283 { 0xC04E, "TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256",
284 "ECDH-ARIA128-SHA256" /* ns */ },
285 { 0xC04F, "TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384",
286 "ECDH-ARIA256-SHA384" /* ns */ },
287 { 0xC050, "TLS_RSA_WITH_ARIA_128_GCM_SHA256",
288 "ARIA128-GCM-SHA256" },
289 { 0xC051, "TLS_RSA_WITH_ARIA_256_GCM_SHA384",
290 "ARIA256-GCM-SHA384" },
291 { 0xC052, "TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256",
292 "DHE-RSA-ARIA128-GCM-SHA256" },
293 { 0xC053, "TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384",
294 "DHE-RSA-ARIA256-GCM-SHA384" },
295 { 0xC05C, "TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256",
296 "ECDHE-ECDSA-ARIA128-GCM-SHA256" },
297 { 0xC05D, "TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384",
298 "ECDHE-ECDSA-ARIA256-GCM-SHA384" },
299 { 0xC05E, "TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256",
300 "ECDH-ECDSA-ARIA128-GCM-SHA256" /* ns */ },
301 { 0xC05F, "TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384",
302 "ECDH-ECDSA-ARIA256-GCM-SHA384" /* ns */ },
303 { 0xC060, "TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256",
304 "ECDHE-ARIA128-GCM-SHA256" },
305 { 0xC061, "TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384",
306 "ECDHE-ARIA256-GCM-SHA384" },
307 { 0xC062, "TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256",
308 "ECDH-ARIA128-GCM-SHA256" /* ns */ },
309 { 0xC063, "TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384",
310 "ECDH-ARIA256-GCM-SHA384" /* ns */ },
311 { 0xC064, "TLS_PSK_WITH_ARIA_128_CBC_SHA256",
312 "PSK-ARIA128-SHA256" /* ns */ },
313 { 0xC065, "TLS_PSK_WITH_ARIA_256_CBC_SHA384",
314 "PSK-ARIA256-SHA384" /* ns */ },
315 { 0xC066, "TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256",
316 "DHE-PSK-ARIA128-SHA256" /* ns */ },
317 { 0xC067, "TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384",
318 "DHE-PSK-ARIA256-SHA384" /* ns */ },
319 { 0xC068, "TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256",
320 "RSA-PSK-ARIA128-SHA256" /* ns */ },
321 { 0xC069, "TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384",
322 "RSA-PSK-ARIA256-SHA384" /* ns */ },
323 { 0xC06A, "TLS_PSK_WITH_ARIA_128_GCM_SHA256",
324 "PSK-ARIA128-GCM-SHA256" },
325 { 0xC06B, "TLS_PSK_WITH_ARIA_256_GCM_SHA384",
326 "PSK-ARIA256-GCM-SHA384" },
327 { 0xC06C, "TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256",
328 "DHE-PSK-ARIA128-GCM-SHA256" },
329 { 0xC06D, "TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384",
330 "DHE-PSK-ARIA256-GCM-SHA384" },
331 { 0xC06E, "TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256",
332 "RSA-PSK-ARIA128-GCM-SHA256" },
333 { 0xC06F, "TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384",
334 "RSA-PSK-ARIA256-GCM-SHA384" },
335 { 0xC070, "TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256",
336 "ECDHE-PSK-ARIA128-SHA256" /* ns */ },
337 { 0xC071, "TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384",
338 "ECDHE-PSK-ARIA256-SHA384" /* ns */ },
339 { 0xC072, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256",
340 "ECDHE-ECDSA-CAMELLIA128-SHA256" },
341 { 0xC073, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384",
342 "ECDHE-ECDSA-CAMELLIA256-SHA384" },
343 { 0xC074, "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256",
344 "ECDH-ECDSA-CAMELLIA128-SHA256" /* ns */ },
345 { 0xC075, "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384",
346 "ECDH-ECDSA-CAMELLIA256-SHA384" /* ns */ },
347 { 0xC076, "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256",
348 "ECDHE-RSA-CAMELLIA128-SHA256" },
349 { 0xC077, "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384",
350 "ECDHE-RSA-CAMELLIA256-SHA384" },
351 { 0xC078, "TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256",
352 "ECDH-CAMELLIA128-SHA256" /* ns */ },
353 { 0xC079, "TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384",
354 "ECDH-CAMELLIA256-SHA384" /* ns */ },
355 { 0xC07A, "TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256",
356 "CAMELLIA128-GCM-SHA256" /* ns */ },
357 { 0xC07B, "TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384",
358 "CAMELLIA256-GCM-SHA384" /* ns */ },
359 { 0xC07C, "TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256",
360 "DHE-RSA-CAMELLIA128-GCM-SHA256" /* ns */ },
361 { 0xC07D, "TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384",
362 "DHE-RSA-CAMELLIA256-GCM-SHA384" /* ns */ },
363 { 0xC086, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256",
364 "ECDHE-ECDSA-CAMELLIA128-GCM-SHA256" /* ns */ },
365 { 0xC087, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384",
366 "ECDHE-ECDSA-CAMELLIA256-GCM-SHA384" /* ns */ },
367 { 0xC088, "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256",
368 "ECDH-ECDSA-CAMELLIA128-GCM-SHA256" /* ns */ },
369 { 0xC089, "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384",
370 "ECDH-ECDSA-CAMELLIA256-GCM-SHA384" /* ns */ },
371 { 0xC08A, "TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256",
372 "ECDHE-CAMELLIA128-GCM-SHA256" /* ns */ },
373 { 0xC08B, "TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384",
374 "ECDHE-CAMELLIA256-GCM-SHA384" /* ns */ },
375 { 0xC08C, "TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256",
376 "ECDH-CAMELLIA128-GCM-SHA256" /* ns */ },
377 { 0xC08D, "TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384",
378 "ECDH-CAMELLIA256-GCM-SHA384" /* ns */ },
379 { 0xC08E, "TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256",
380 "PSK-CAMELLIA128-GCM-SHA256" /* ns */ },
381 { 0xC08F, "TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384",
382 "PSK-CAMELLIA256-GCM-SHA384" /* ns */ },
383 { 0xC090, "TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256",
384 "DHE-PSK-CAMELLIA128-GCM-SHA256" /* ns */ },
385 { 0xC091, "TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384",
386 "DHE-PSK-CAMELLIA256-GCM-SHA384" /* ns */ },
387 { 0xC092, "TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256",
388 "RSA-PSK-CAMELLIA128-GCM-SHA256" /* ns */ },
389 { 0xC093, "TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384",
390 "RSA-PSK-CAMELLIA256-GCM-SHA384" /* ns */ },
391 { 0xC094, "TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256",
392 "PSK-CAMELLIA128-SHA256" },
393 { 0xC095, "TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384",
394 "PSK-CAMELLIA256-SHA384" },
395 { 0xC096, "TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256",
396 "DHE-PSK-CAMELLIA128-SHA256" },
397 { 0xC097, "TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384",
398 "DHE-PSK-CAMELLIA256-SHA384" },
399 { 0xC098, "TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256",
400 "RSA-PSK-CAMELLIA128-SHA256" },
401 { 0xC099, "TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384",
402 "RSA-PSK-CAMELLIA256-SHA384" },
403 { 0xC09A, "TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256",
404 "ECDHE-PSK-CAMELLIA128-SHA256" },
405 { 0xC09B, "TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384",
406 "ECDHE-PSK-CAMELLIA256-SHA384" },
407 { 0xC09E, "TLS_DHE_RSA_WITH_AES_128_CCM",
408 "DHE-RSA-AES128-CCM" },
409 { 0xC09F, "TLS_DHE_RSA_WITH_AES_256_CCM",
410 "DHE-RSA-AES256-CCM" },
411 { 0xC0A2, "TLS_DHE_RSA_WITH_AES_128_CCM_8",
412 "DHE-RSA-AES128-CCM8" },
413 { 0xC0A3, "TLS_DHE_RSA_WITH_AES_256_CCM_8",
414 "DHE-RSA-AES256-CCM8" },
415 { 0xC0A4, "TLS_PSK_WITH_AES_128_CCM",
416 "PSK-AES128-CCM" },
417 { 0xC0A5, "TLS_PSK_WITH_AES_256_CCM",
418 "PSK-AES256-CCM" },
419 { 0xC0A6, "TLS_DHE_PSK_WITH_AES_128_CCM",
420 "DHE-PSK-AES128-CCM" },
421 { 0xC0A7, "TLS_DHE_PSK_WITH_AES_256_CCM",
422 "DHE-PSK-AES256-CCM" },
423 { 0xC0A8, "TLS_PSK_WITH_AES_128_CCM_8",
424 "PSK-AES128-CCM8" },
425 { 0xC0A9, "TLS_PSK_WITH_AES_256_CCM_8",
426 "PSK-AES256-CCM8" },
427 { 0xC0AA, "TLS_PSK_DHE_WITH_AES_128_CCM_8",
428 "DHE-PSK-AES128-CCM8" },
429 { 0xC0AB, "TLS_PSK_DHE_WITH_AES_256_CCM_8",
430 "DHE-PSK-AES256-CCM8" },
431 { 0xCCAA, "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
432 "DHE-RSA-CHACHA20-POLY1305" },
433 { 0xCCAC, "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256",
434 "ECDHE-PSK-CHACHA20-POLY1305" },
435 { 0xCCAD, "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256",
436 "DHE-PSK-CHACHA20-POLY1305" },
437 { 0xCCAE, "TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256",
438 "RSA-PSK-CHACHA20-POLY1305" },
439 #endif
440 };
441 #define TEST_CS_LIST_LEN (sizeof(test_cs_list) / sizeof(test_cs_list[0]))
442
443 static const char *cs_test_string =
444 "TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:"
445 "TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:"
446 "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:"
447 "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:"
448 "ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:"
449 "DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:"
450 "ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:"
451 "ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:"
452 "ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:"
453 "DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:"
454 "AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:"
455 "DES-CBC3-SHA:"
456 ":: GIBBERISH ::"
457 ;
458
459 struct test_str_entry {
460 uint16_t id;
461 const char *str;
462 };
463 static const struct test_str_entry test_str_list[] = {
464 #if defined(USE_MBEDTLS)
465 { 0x1301, "TLS_AES_128_GCM_SHA256"},
466 { 0x1302, "TLS_AES_256_GCM_SHA384"},
467 { 0x1303, "TLS_CHACHA20_POLY1305_SHA256"},
468 #else
469 { 0x0000, "TLS_AES_128_GCM_SHA256"},
470 { 0x0000, "TLS_AES_256_GCM_SHA384"},
471 { 0x0000, "TLS_CHACHA20_POLY1305_SHA256"},
472 #endif
473 { 0xC02B, "ECDHE-ECDSA-AES128-GCM-SHA256"},
474 { 0xC02F, "ECDHE-RSA-AES128-GCM-SHA256"},
475 { 0xC02C, "ECDHE-ECDSA-AES256-GCM-SHA384"},
476 { 0xC030, "ECDHE-RSA-AES256-GCM-SHA384"},
477 { 0xCCA9, "ECDHE-ECDSA-CHACHA20-POLY1305"},
478 { 0xCCA8, "ECDHE-RSA-CHACHA20-POLY1305"},
479 #if defined(USE_MBEDTLS)
480 { 0x009E, "DHE-RSA-AES128-GCM-SHA256"},
481 { 0x009F, "DHE-RSA-AES256-GCM-SHA384"},
482 { 0xCCAA, "DHE-RSA-CHACHA20-POLY1305"},
483 #else
484 { 0x0000, "DHE-RSA-AES128-GCM-SHA256"},
485 { 0x0000, "DHE-RSA-AES256-GCM-SHA384"},
486 { 0x0000, "DHE-RSA-CHACHA20-POLY1305"},
487 #endif
488 { 0xC023, "ECDHE-ECDSA-AES128-SHA256" },
489 { 0xC027, "ECDHE-RSA-AES128-SHA256" },
490 { 0xC009, "ECDHE-ECDSA-AES128-SHA" },
491 { 0xC013, "ECDHE-RSA-AES128-SHA" },
492 { 0xC024, "ECDHE-ECDSA-AES256-SHA384" },
493 { 0xC028, "ECDHE-RSA-AES256-SHA384" },
494 { 0xC00A, "ECDHE-ECDSA-AES256-SHA" },
495 { 0xC014, "ECDHE-RSA-AES256-SHA" },
496 #if defined(USE_MBEDTLS)
497 { 0x0067, "DHE-RSA-AES128-SHA256" },
498 { 0x006B, "DHE-RSA-AES256-SHA256" },
499 #else
500 { 0x0000, "DHE-RSA-AES128-SHA256" },
501 { 0x0000, "DHE-RSA-AES256-SHA256" },
502 #endif
503 { 0x009C, "AES128-GCM-SHA256" },
504 { 0x009D, "AES256-GCM-SHA384" },
505 { 0x003C, "AES128-SHA256" },
506 { 0x003D, "AES256-SHA256" },
507 { 0x002F, "AES128-SHA" },
508 { 0x0035, "AES256-SHA" },
509 #if defined(USE_BEARSSL)
510 { 0x000A, "DES-CBC3-SHA" },
511 #else
512 { 0x0000, "DES-CBC3-SHA" },
513 #endif
514 { 0x0000, "GIBBERISH" },
515 { 0x0000, "" },
516 };
517 #define TEST_STR_LIST_LEN (sizeof(test_str_list) / sizeof(test_str_list[0]))
518
519 UNITTEST_START
520 {
521 for(size_t i = 0; i < TEST_CS_LIST_LEN; i++) {
522 const struct test_cs_entry *test = &test_cs_list[i];
523 const char *expect;
524 char buf[64] = "";
525 uint16_t id;
526
527 /* test Curl_cipher_suite_lookup_id() for rfc name */
528 if(test->rfc) {
529 id = Curl_cipher_suite_lookup_id(test->rfc, strlen(test->rfc));
530 if(id != test->id) {
531 fprintf(stderr, "Curl_cipher_suite_lookup_id FAILED for \"%s\", "
532 "result = 0x%04x, expected = 0x%04x\n",
533 test->rfc, id, test->id);
534 unitfail++;
535 }
536 }
537
538 /* test Curl_cipher_suite_lookup_id() for openssl name */
539 if(test->openssl) {
540 id = Curl_cipher_suite_lookup_id(test->openssl, strlen(test->openssl));
541 if(id != test->id) {
542 fprintf(stderr, "Curl_cipher_suite_lookup_id FAILED for \"%s\", "
543 "result = 0x%04x, expected = 0x%04x\n",
544 test->openssl, id, test->id);
545 unitfail++;
546 }
547 }
548
549 /* test Curl_cipher_suite_get_str() prefer rfc name */
550 buf[0] = '\0';
551 expect = test->rfc ? test->rfc : test->openssl;
552
553 Curl_cipher_suite_get_str(test->id, buf, sizeof(buf), true);
554
555 if(strcmp(buf, expect) != 0) {
556 fprintf(stderr, "Curl_cipher_suite_get_str FAILED for 0x%04x, "
557 "result = \"%s\", expected = \"%s\"\n",
558 test->id, buf, expect);
559 unitfail++;
560 }
561
562 /* test Curl_cipher_suite_get_str() prefer openssl name */
563 buf[0] = '\0';
564 expect = test->openssl ? test->openssl : test->rfc;
565
566 Curl_cipher_suite_get_str(test->id, buf, sizeof(buf), false);
567
568 if(strcmp(buf, expect) != 0) {
569 fprintf(stderr, "Curl_cipher_suite_get_str FAILED for 0x%04x, "
570 "result = \"%s\", expected = \"%s\"\n",
571 test->id, buf, expect);
572 unitfail++;
573 }
574 }
575
576 /* test Curl_cipher_suite_walk_str() */
577 {
578 const char *ptr, *end = cs_test_string;
579 int i = 0;
580 uint16_t id;
581 size_t len;
582
583 for(ptr = cs_test_string; ptr[0] != '\0'; ptr = end) {
584 const struct test_str_entry *test = &test_str_list[i];
585 abort_if(i == TEST_STR_LIST_LEN, "should have been done");
586
587 id = Curl_cipher_suite_walk_str(&ptr, &end);
588 len = end - ptr;
589
590 if(id != test->id) {
591 fprintf(stderr, "Curl_cipher_suite_walk_str FAILED for \"%s\" "
592 "unexpected cipher, "
593 "result = 0x%04x, expected = 0x%04x\n",
594 test->str, id, test->id);
595 unitfail++;
596 }
597 if(len > 64 || strncmp(ptr, test->str, len) != 0) {
598 fprintf(stderr, "Curl_cipher_suite_walk_str ABORT for \"%s\" "
599 "unexpected pointers\n",
600 test->str);
601 unitfail++;
602 goto unit_test_abort;
603 }
604 i++;
605 }
606 }
607 }
608 UNITTEST_STOP
609
610 #else /* defined(USE_MBEDTLS) || defined(USE_BEARSSL) */
611
612 UNITTEST_START
613 UNITTEST_STOP
614
615 #endif /* defined(USE_MBEDTLS) || defined(USE_BEARSSL) */
616