[apple/security.git] / libsecurity_ssl / regressions / ssl-utils.c

//
//  ssl-utils.c
//  libsecurity_ssl
//
//  Created by Fabrice Gautier on 8/7/12.
//
//

#include <Security/Security.h>
#include <AssertMacros.h>

#include "ssl-utils.h"

#if TARGET_OS_IPHONE

#include <Security/SecRSAKey.h>
#include <Security/SecECKey.h>
#include <Security/SecCertificatePriv.h>
#include <Security/SecIdentityPriv.h>

#include "privkey-1.h"
#include "cert-1.h"

static
CFArrayRef chain_from_der(const unsigned char *pkey_der, size_t pkey_der_len, const unsigned char *cert_der, size_t cert_der_len)
{
    SecKeyRef pkey = NULL;
    SecCertificateRef cert = NULL;
    SecIdentityRef ident = NULL;
    CFArrayRef items = NULL;

    require(pkey = SecKeyCreateRSAPrivateKey(kCFAllocatorDefault, pkey_der, pkey_der_len, kSecKeyEncodingPkcs1), errOut);
    require(cert = SecCertificateCreateWithBytes(kCFAllocatorDefault, cert_der, cert_der_len), errOut);
    require(ident = SecIdentityCreate(kCFAllocatorDefault, cert, pkey), errOut);
    require(items = CFArrayCreate(kCFAllocatorDefault, (const void **)&ident, 1, &kCFTypeArrayCallBacks), errOut);

errOut:
    CFReleaseSafe(pkey);
    CFReleaseSafe(cert);
    CFReleaseSafe(ident);
    return items;
}

#else

#include "identity-1.h"
#define P12_PASSWORD "password"

static
CFArrayRef chain_from_p12(const unsigned char *p12_data, size_t p12_len)
{
    char keychain_path[] = "/tmp/keychain.XXXXXX";

    SecKeychainRef keychain = NULL;
    CFArrayRef list;
    CFDataRef data;

    SecExternalFormat format=kSecFormatPKCS12;
    SecExternalItemType type=kSecItemTypeAggregate;
    SecItemImportExportFlags flags=0;
    SecKeyImportExportParameters params = {0,};
    CFArrayRef out = NULL;

    require_noerr(SecKeychainCopyDomainSearchList(kSecPreferencesDomainUser, &list), errOut);
    require(mktemp(keychain_path), errOut);
    require_noerr(SecKeychainCreate (keychain_path, strlen(P12_PASSWORD), P12_PASSWORD,
                                     FALSE, NULL, &keychain), errOut);
    require_noerr(SecKeychainSetDomainSearchList(kSecPreferencesDomainUser, list), errOut);	// restores the previous search list
    require(data = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, p12_data, p12_len, kCFAllocatorNull), errOut);


    params.passphrase=CFSTR("password");
    params.keyAttributes = CSSM_KEYATTR_PERMANENT | CSSM_KEYATTR_SENSITIVE;

    require_noerr(SecKeychainItemImport(data, CFSTR(".p12"), &format, &type, flags,
                                        &params, keychain, &out), errOut);

errOut:
    CFReleaseSafe(keychain);
    CFReleaseSafe(list);

    return out;
}

#endif

CFArrayRef server_chain(void)
{
#if TARGET_OS_IPHONE
    return chain_from_der(privkey_1_der, privkey_1_der_len, cert_1_der, cert_1_der_len);
#else
    return chain_from_p12(identity_1_p12, identity_1_p12_len);
#endif
}

CFArrayRef client_chain(void)
{
#if TARGET_OS_IPHONE
    return chain_from_der(privkey_1_der, privkey_1_der_len, cert_1_der, cert_1_der_len);
#else
    return chain_from_p12(identity_1_p12, identity_1_p12_len);
#endif
}

const char *ciphersuite_name(SSLCipherSuite cs)
{

#define C(x) case x: return #x;
    switch (cs) {

            /* TLS 1.2 addenda, RFC 5246 */

            /* Initial state. */
            C(TLS_NULL_WITH_NULL_NULL)

            /* Server provided RSA certificate for key exchange. */
            C(TLS_RSA_WITH_NULL_MD5)
            C(TLS_RSA_WITH_NULL_SHA)
            C(TLS_RSA_WITH_RC4_128_MD5)
            C(TLS_RSA_WITH_RC4_128_SHA)
            C(TLS_RSA_WITH_3DES_EDE_CBC_SHA)
            C(TLS_RSA_WITH_AES_128_CBC_SHA)
            C(TLS_RSA_WITH_AES_256_CBC_SHA)
            C(TLS_RSA_WITH_NULL_SHA256)
            C(TLS_RSA_WITH_AES_128_CBC_SHA256)
            C(TLS_RSA_WITH_AES_256_CBC_SHA256)

            /* Server-authenticated (and optionally client-authenticated) Diffie-Hellman. */
            C(TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA)
            C(TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA)
            C(TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA)
            C(TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA)
            C(TLS_DH_DSS_WITH_AES_128_CBC_SHA)
            C(TLS_DH_RSA_WITH_AES_128_CBC_SHA)
            C(TLS_DHE_DSS_WITH_AES_128_CBC_SHA)
            C(TLS_DHE_RSA_WITH_AES_128_CBC_SHA)
            C(TLS_DH_DSS_WITH_AES_256_CBC_SHA)
            C(TLS_DH_RSA_WITH_AES_256_CBC_SHA)
            C(TLS_DHE_DSS_WITH_AES_256_CBC_SHA)
            C(TLS_DHE_RSA_WITH_AES_256_CBC_SHA)
            C(TLS_DH_DSS_WITH_AES_128_CBC_SHA256)
            C(TLS_DH_RSA_WITH_AES_128_CBC_SHA256)
            C(TLS_DHE_DSS_WITH_AES_128_CBC_SHA256)
            C(TLS_DHE_RSA_WITH_AES_128_CBC_SHA256)
            C(TLS_DH_DSS_WITH_AES_256_CBC_SHA256)
            C(TLS_DH_RSA_WITH_AES_256_CBC_SHA256)
            C(TLS_DHE_DSS_WITH_AES_256_CBC_SHA256)
            C(TLS_DHE_RSA_WITH_AES_256_CBC_SHA256)

            /* Completely anonymous Diffie-Hellman */
            C(TLS_DH_anon_WITH_RC4_128_MD5)
            C(TLS_DH_anon_WITH_3DES_EDE_CBC_SHA)
            C(TLS_DH_anon_WITH_AES_128_CBC_SHA)
            C(TLS_DH_anon_WITH_AES_256_CBC_SHA)
            C(TLS_DH_anon_WITH_AES_128_CBC_SHA256)
            C(TLS_DH_anon_WITH_AES_256_CBC_SHA256)

            /* Addenda from rfc 5288 AES Galois Counter Mode (GCM) Cipher Suites
             for TLS. */
            C(TLS_RSA_WITH_AES_128_GCM_SHA256)
            C(TLS_RSA_WITH_AES_256_GCM_SHA384)
            C(TLS_DHE_RSA_WITH_AES_128_GCM_SHA256)
            C(TLS_DHE_RSA_WITH_AES_256_GCM_SHA384)
            C(TLS_DH_RSA_WITH_AES_128_GCM_SHA256)
            C(TLS_DH_RSA_WITH_AES_256_GCM_SHA384)
            C(TLS_DHE_DSS_WITH_AES_128_GCM_SHA256)
            C(TLS_DHE_DSS_WITH_AES_256_GCM_SHA384)
            C(TLS_DH_DSS_WITH_AES_128_GCM_SHA256)
            C(TLS_DH_DSS_WITH_AES_256_GCM_SHA384)
            C(TLS_DH_anon_WITH_AES_128_GCM_SHA256)
            C(TLS_DH_anon_WITH_AES_256_GCM_SHA384)

            /* ECDSA addenda, RFC 4492 */
            C(TLS_ECDH_ECDSA_WITH_NULL_SHA)
            C(TLS_ECDH_ECDSA_WITH_RC4_128_SHA)
            C(TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA)
            C(TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA)
            C(TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA)
            C(TLS_ECDHE_ECDSA_WITH_NULL_SHA)
            C(TLS_ECDHE_ECDSA_WITH_RC4_128_SHA)
            C(TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA)
            C(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA)
            C(TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA)
            C(TLS_ECDH_RSA_WITH_NULL_SHA)
            C(TLS_ECDH_RSA_WITH_RC4_128_SHA)
            C(TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA)
            C(TLS_ECDH_RSA_WITH_AES_128_CBC_SHA)
            C(TLS_ECDH_RSA_WITH_AES_256_CBC_SHA)
            C(TLS_ECDHE_RSA_WITH_NULL_SHA)
            C(TLS_ECDHE_RSA_WITH_RC4_128_SHA)
            C(TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA)
            C(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA)
            C(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA)
            C(TLS_ECDH_anon_WITH_NULL_SHA)
            C(TLS_ECDH_anon_WITH_RC4_128_SHA)
            C(TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA)
            C(TLS_ECDH_anon_WITH_AES_128_CBC_SHA)
            C(TLS_ECDH_anon_WITH_AES_256_CBC_SHA)

            /* Addenda from rfc 5289  Elliptic Curve Cipher Suites with
             HMAC SHA-256/384. */
            C(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256)
            C(TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384)
            C(TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256)
            C(TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384)
            C(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256)
            C(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384)
            C(TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256)
            C(TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384)

            /* Addenda from rfc 5289  Elliptic Curve Cipher Suites with
             SHA-256/384 and AES Galois Counter Mode (GCM) */
            C(TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256)
            C(TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384)
            C(TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256)
            C(TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384)
            C(TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256)
            C(TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384)
            C(TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256)
            C(TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384)

            /* RFC 5746 - Secure Renegotiation */
            C(TLS_EMPTY_RENEGOTIATION_INFO_SCSV)

            /*
             * Tags for SSL 2 cipher kinds which are not specified
             * for SSL 3.
             */
            C(SSL_RSA_WITH_RC2_CBC_MD5)
            C(SSL_RSA_WITH_IDEA_CBC_MD5)
            C(SSL_RSA_WITH_DES_CBC_MD5)
            C(SSL_RSA_WITH_3DES_EDE_CBC_MD5)
            C(SSL_NO_SUCH_CIPHERSUITE)

            C(SSL_RSA_EXPORT_WITH_RC4_40_MD5)
            C(SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5)
            C(SSL_RSA_WITH_IDEA_CBC_SHA)
            C(SSL_RSA_EXPORT_WITH_DES40_CBC_SHA)
            C(SSL_RSA_WITH_DES_CBC_SHA)
            C(SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA)
            C(SSL_DH_DSS_WITH_DES_CBC_SHA)
            C(SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA)
            C(SSL_DH_RSA_WITH_DES_CBC_SHA)
            C(SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA)
            C(SSL_DHE_DSS_WITH_DES_CBC_SHA)
            C(SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA)
            C(SSL_DHE_RSA_WITH_DES_CBC_SHA)
            C(SSL_DH_anon_EXPORT_WITH_RC4_40_MD5)
            C(SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA)
            C(SSL_DH_anon_WITH_DES_CBC_SHA)
            C(SSL_FORTEZZA_DMS_WITH_NULL_SHA)
            C(SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA)


        default:
            return "Unknown Ciphersuite";
    }

}
Commit	Line	Data
427c49bc A	1	//
	2	// ssl-utils.c
	3	// libsecurity_ssl
	4	//
	5	// Created by Fabrice Gautier on 8/7/12.
	6	//
	7	//
	8
	9	#include <Security/Security.h>
	10	#include <AssertMacros.h>
	11
	12	#include "ssl-utils.h"
	13
	14	#if TARGET_OS_IPHONE
	15
	16	#include <Security/SecRSAKey.h>
	17	#include <Security/SecECKey.h>
	18	#include <Security/SecCertificatePriv.h>
	19	#include <Security/SecIdentityPriv.h>
	20
	21	#include "privkey-1.h"
	22	#include "cert-1.h"
	23
	24	static
	25	CFArrayRef chain_from_der(const unsigned char pkey_der, size_t pkey_der_len, const unsigned char cert_der, size_t cert_der_len)
	26	{
	27	SecKeyRef pkey = NULL;
	28	SecCertificateRef cert = NULL;
	29	SecIdentityRef ident = NULL;
	30	CFArrayRef items = NULL;
	31
	32	require(pkey = SecKeyCreateRSAPrivateKey(kCFAllocatorDefault, pkey_der, pkey_der_len, kSecKeyEncodingPkcs1), errOut);
	33	require(cert = SecCertificateCreateWithBytes(kCFAllocatorDefault, cert_der, cert_der_len), errOut);
	34	require(ident = SecIdentityCreate(kCFAllocatorDefault, cert, pkey), errOut);
	35	require(items = CFArrayCreate(kCFAllocatorDefault, (const void **)&ident, 1, &kCFTypeArrayCallBacks), errOut);
	36
	37	errOut:
	38	CFReleaseSafe(pkey);
	39	CFReleaseSafe(cert);
	40	CFReleaseSafe(ident);
	41	return items;
	42	}
	43
	44	#else
	45
	46	#include "identity-1.h"
	47	#define P12_PASSWORD "password"
	48
	49	static
	50	CFArrayRef chain_from_p12(const unsigned char *p12_data, size_t p12_len)
	51	{
	52	char keychain_path[] = "/tmp/keychain.XXXXXX";
	53
	54	SecKeychainRef keychain = NULL;
	55	CFArrayRef list;
	56	CFDataRef data;
	57
	58	SecExternalFormat format=kSecFormatPKCS12;
	59	SecExternalItemType type=kSecItemTypeAggregate;
	60	SecItemImportExportFlags flags=0;
	61	SecKeyImportExportParameters params = {0,};
	62	CFArrayRef out = NULL;
	63
	64	require_noerr(SecKeychainCopyDomainSearchList(kSecPreferencesDomainUser, &list), errOut);
65	require(mktemp(keychain_path), errOut);
66	require_noerr(SecKeychainCreate (keychain_path, strlen(P12_PASSWORD), P12_PASSWORD,
67	FALSE, NULL, &keychain), errOut);
68	require_noerr(SecKeychainSetDomainSearchList(kSecPreferencesDomainUser, list), errOut); // restores the previous search list
69	require(data = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, p12_data, p12_len, kCFAllocatorNull), errOut);
70
71
72	params.passphrase=CFSTR("password");
73	params.keyAttributes = CSSM_KEYATTR_PERMANENT \| CSSM_KEYATTR_SENSITIVE;
74
75	require_noerr(SecKeychainItemImport(data, CFSTR(".p12"), &format, &type, flags,
76	&params, keychain, &out), errOut);
77
78	errOut:
79	CFReleaseSafe(keychain);
80	CFReleaseSafe(list);
81
82	return out;
83	}
84
85	#endif
86
87	CFArrayRef server_chain(void)
88	{
89	#if TARGET_OS_IPHONE
90	return chain_from_der(privkey_1_der, privkey_1_der_len, cert_1_der, cert_1_der_len);
91	#else
92	return chain_from_p12(identity_1_p12, identity_1_p12_len);
93	#endif
94	}
95
96	CFArrayRef client_chain(void)
97	{
98	#if TARGET_OS_IPHONE
99	return chain_from_der(privkey_1_der, privkey_1_der_len, cert_1_der, cert_1_der_len);
100	#else
101	return chain_from_p12(identity_1_p12, identity_1_p12_len);
102	#endif
103	}
104
105	const char *ciphersuite_name(SSLCipherSuite cs)
106	{
107
108	#define C(x) case x: return #x;
109	switch (cs) {
110
111	/* TLS 1.2 addenda, RFC 5246 */
112
113	/* Initial state. */
114	C(TLS_NULL_WITH_NULL_NULL)
115
116	/* Server provided RSA certificate for key exchange. */
117	C(TLS_RSA_WITH_NULL_MD5)
118	C(TLS_RSA_WITH_NULL_SHA)
119	C(TLS_RSA_WITH_RC4_128_MD5)
120	C(TLS_RSA_WITH_RC4_128_SHA)
121	C(TLS_RSA_WITH_3DES_EDE_CBC_SHA)
122	C(TLS_RSA_WITH_AES_128_CBC_SHA)
123	C(TLS_RSA_WITH_AES_256_CBC_SHA)
124	C(TLS_RSA_WITH_NULL_SHA256)
125	C(TLS_RSA_WITH_AES_128_CBC_SHA256)
126	C(TLS_RSA_WITH_AES_256_CBC_SHA256)
127
128	/* Server-authenticated (and optionally client-authenticated) Diffie-Hellman. */
129	C(TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA)
130	C(TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA)
131	C(TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA)
132	C(TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA)
133	C(TLS_DH_DSS_WITH_AES_128_CBC_SHA)
134	C(TLS_DH_RSA_WITH_AES_128_CBC_SHA)
135	C(TLS_DHE_DSS_WITH_AES_128_CBC_SHA)
136	C(TLS_DHE_RSA_WITH_AES_128_CBC_SHA)
137	C(TLS_DH_DSS_WITH_AES_256_CBC_SHA)
138	C(TLS_DH_RSA_WITH_AES_256_CBC_SHA)
139	C(TLS_DHE_DSS_WITH_AES_256_CBC_SHA)
140	C(TLS_DHE_RSA_WITH_AES_256_CBC_SHA)
141	C(TLS_DH_DSS_WITH_AES_128_CBC_SHA256)
142	C(TLS_DH_RSA_WITH_AES_128_CBC_SHA256)
143	C(TLS_DHE_DSS_WITH_AES_128_CBC_SHA256)
144	C(TLS_DHE_RSA_WITH_AES_128_CBC_SHA256)
145	C(TLS_DH_DSS_WITH_AES_256_CBC_SHA256)
146	C(TLS_DH_RSA_WITH_AES_256_CBC_SHA256)
147	C(TLS_DHE_DSS_WITH_AES_256_CBC_SHA256)
148	C(TLS_DHE_RSA_WITH_AES_256_CBC_SHA256)
149
150	/* Completely anonymous Diffie-Hellman */
151	C(TLS_DH_anon_WITH_RC4_128_MD5)
152	C(TLS_DH_anon_WITH_3DES_EDE_CBC_SHA)
153	C(TLS_DH_anon_WITH_AES_128_CBC_SHA)
154	C(TLS_DH_anon_WITH_AES_256_CBC_SHA)
155	C(TLS_DH_anon_WITH_AES_128_CBC_SHA256)
156	C(TLS_DH_anon_WITH_AES_256_CBC_SHA256)
157
158	/* Addenda from rfc 5288 AES Galois Counter Mode (GCM) Cipher Suites
159	for TLS. */
160	C(TLS_RSA_WITH_AES_128_GCM_SHA256)
161	C(TLS_RSA_WITH_AES_256_GCM_SHA384)
162	C(TLS_DHE_RSA_WITH_AES_128_GCM_SHA256)
163	C(TLS_DHE_RSA_WITH_AES_256_GCM_SHA384)
164	C(TLS_DH_RSA_WITH_AES_128_GCM_SHA256)
165	C(TLS_DH_RSA_WITH_AES_256_GCM_SHA384)
166	C(TLS_DHE_DSS_WITH_AES_128_GCM_SHA256)
167	C(TLS_DHE_DSS_WITH_AES_256_GCM_SHA384)
168	C(TLS_DH_DSS_WITH_AES_128_GCM_SHA256)
169	C(TLS_DH_DSS_WITH_AES_256_GCM_SHA384)
170	C(TLS_DH_anon_WITH_AES_128_GCM_SHA256)
171	C(TLS_DH_anon_WITH_AES_256_GCM_SHA384)
172
173	/* ECDSA addenda, RFC 4492 */
174	C(TLS_ECDH_ECDSA_WITH_NULL_SHA)
175	C(TLS_ECDH_ECDSA_WITH_RC4_128_SHA)
176	C(TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA)
177	C(TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA)
178	C(TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA)
179	C(TLS_ECDHE_ECDSA_WITH_NULL_SHA)
180	C(TLS_ECDHE_ECDSA_WITH_RC4_128_SHA)
181	C(TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA)
182	C(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA)
183	C(TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA)
184	C(TLS_ECDH_RSA_WITH_NULL_SHA)
185	C(TLS_ECDH_RSA_WITH_RC4_128_SHA)
186	C(TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA)
187	C(TLS_ECDH_RSA_WITH_AES_128_CBC_SHA)
188	C(TLS_ECDH_RSA_WITH_AES_256_CBC_SHA)
189	C(TLS_ECDHE_RSA_WITH_NULL_SHA)
190	C(TLS_ECDHE_RSA_WITH_RC4_128_SHA)
191	C(TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA)
192	C(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA)
193	C(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA)
194	C(TLS_ECDH_anon_WITH_NULL_SHA)
195	C(TLS_ECDH_anon_WITH_RC4_128_SHA)
196	C(TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA)
197	C(TLS_ECDH_anon_WITH_AES_128_CBC_SHA)
198	C(TLS_ECDH_anon_WITH_AES_256_CBC_SHA)
199
200	/* Addenda from rfc 5289 Elliptic Curve Cipher Suites with
201	HMAC SHA-256/384. */
202	C(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256)
203	C(TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384)
204	C(TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256)
205	C(TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384)
206	C(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256)
207	C(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384)
208	C(TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256)
209	C(TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384)
210
211	/* Addenda from rfc 5289 Elliptic Curve Cipher Suites with
212	SHA-256/384 and AES Galois Counter Mode (GCM) */
213	C(TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256)
214	C(TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384)
215	C(TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256)
216	C(TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384)
217	C(TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256)
218	C(TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384)
219	C(TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256)
220	C(TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384)
221
222	/* RFC 5746 - Secure Renegotiation */
223	C(TLS_EMPTY_RENEGOTIATION_INFO_SCSV)
224
225	/*
226	* Tags for SSL 2 cipher kinds which are not specified
227	* for SSL 3.
228	*/
229	C(SSL_RSA_WITH_RC2_CBC_MD5)
230	C(SSL_RSA_WITH_IDEA_CBC_MD5)
231	C(SSL_RSA_WITH_DES_CBC_MD5)
232	C(SSL_RSA_WITH_3DES_EDE_CBC_MD5)
233	C(SSL_NO_SUCH_CIPHERSUITE)
234
235	C(SSL_RSA_EXPORT_WITH_RC4_40_MD5)
236	C(SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5)
237	C(SSL_RSA_WITH_IDEA_CBC_SHA)
238	C(SSL_RSA_EXPORT_WITH_DES40_CBC_SHA)
239	C(SSL_RSA_WITH_DES_CBC_SHA)
240	C(SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA)
241	C(SSL_DH_DSS_WITH_DES_CBC_SHA)
242	C(SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA)
243	C(SSL_DH_RSA_WITH_DES_CBC_SHA)
244	C(SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA)
245	C(SSL_DHE_DSS_WITH_DES_CBC_SHA)
246	C(SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA)
247	C(SSL_DHE_RSA_WITH_DES_CBC_SHA)
248	C(SSL_DH_anon_EXPORT_WITH_RC4_40_MD5)
249	C(SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA)
250	C(SSL_DH_anon_WITH_DES_CBC_SHA)
251	C(SSL_FORTEZZA_DMS_WITH_NULL_SHA)
252	C(SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA)
253
254
255	default:
256	return "Unknown Ciphersuite";
257	}
258
259	}