From 72f6266f0222def2756b2965edb3c51a0c903192 Mon Sep 17 00:00:00 2001
From: Paul Bakker <p.j.bakker@polarssl.org>
Date: Sun, 16 Jan 2011 21:27:44 +0000
Subject: [PATCH]  - Improved information provided about current Hashing,
 Cipher and Suite capabilities

---
 ChangeLog                 | 11 +++---
 include/polarssl/cipher.h |  8 +++++
 include/polarssl/md.h     |  8 +++++
 include/polarssl/ssl.h    | 20 +++++++++++
 library/cipher.c          | 28 +++++++++++++++
 library/md.c              | 36 +++++++++++++++++++
 library/ssl_tls.c         | 74 +++++++++++++++++++++++++++++++--------
 7 files changed, 167 insertions(+), 18 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 364f2a522..86dd340cf 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -4,16 +4,19 @@ PolarSSL ChangeLog
 Features
 Note: Most of these features have been donated by Fox-IT
    * Added Doxygen source code documentation parts
-   * Added generic message digest and cipher wrapper
-     for integration with OpenVPN
    * Added reading of DHM context from memory and file
-   * Added verification callback on certificate chain
-     verification to allow external blacklisting
    * Improved X509 certificate parsing to include extended
      certificate fields, including Key Usage
    * Improved certificate verification and verification
      against the available CRLs
    * Detection for DES weak keys and parity bits added
+   * Improvements to support integration in other
+     applications:
+       + Added generic message digest and cipher wrapper
+       + Improved information about current capabilities,
+         status, objects and configuration
+       + Added verification callback on certificate chain
+         verification to allow external blacklisting
 
 = Version 0.14.0 released on 2010-08-16
 Features
diff --git a/include/polarssl/cipher.h b/include/polarssl/cipher.h
index b8587f430..2e19eae8c 100644
--- a/include/polarssl/cipher.h
+++ b/include/polarssl/cipher.h
@@ -151,6 +151,14 @@ typedef struct {
 extern "C" {
 #endif
 
+/**
+ * \brief Returns the list of ciphers supported by the generic cipher module.
+ *
+ * \return              a statically allocated array of ciphers, the last entry
+ *                      is 0.
+ */
+const int *cipher_list( void );
+
 /**
  * \brief               Returns the cipher information structure associated
  *                      with the given cipher name.
diff --git a/include/polarssl/md.h b/include/polarssl/md.h
index 13250dd8f..05f6eb063 100644
--- a/include/polarssl/md.h
+++ b/include/polarssl/md.h
@@ -118,6 +118,14 @@ typedef struct {
 extern "C" {
 #endif
 
+/**
+ * \brief Returns the list of digests supported by the generic digest module.
+ *
+ * \return          a statically allocated array of digests, the last entry
+ *                  is 0.
+ */
+const int *md_list( void );
+
 /**
  * \brief           Returns the message digest information associated with the
  *                  given digest name.
diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h
index 6d7b4952d..7ddf7b1ff 100644
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@@ -319,6 +319,26 @@ extern "C" {
 
 extern int ssl_default_ciphers[];
 
+/**
+ * \brief Returns the list of ciphers supported by the SSL/TLS module.
+ *
+ * \return              a statically allocated array of ciphers, the last entry
+ *                      is 0.
+ */
+static inline const int *ssl_list_ciphers( void )
+{
+    return ssl_default_ciphers;
+}
+
+/**
+ * \brief          Return the name of the cipher associated with the given ID
+ *
+ * \param cipher_id     SSL cipher ID
+ *
+ * \return              a string containing the cipher name
+ */
+const char *ssl_get_cipher_name( const int cipher_id );
+
 /**
  * \brief          Initialize an SSL context
  *
diff --git a/library/cipher.c b/library/cipher.c
index 5e995ed7c..545b2dac0 100644
--- a/library/cipher.c
+++ b/library/cipher.c
@@ -37,6 +37,34 @@
 #include <string.h>
 #include <stdlib.h>
 
+static const int supported_ciphers[] = {
+
+#if defined(POLARSSL_AES_C)
+        POLARSSL_CIPHER_AES_128_CBC,
+        POLARSSL_CIPHER_AES_192_CBC,
+        POLARSSL_CIPHER_AES_256_CBC,
+#endif /* defined(POLARSSL_AES_C) */
+
+#if defined(POLARSSL_CAMELLIA_C)
+        POLARSSL_CIPHER_CAMELLIA_128_CBC,
+        POLARSSL_CIPHER_CAMELLIA_192_CBC,
+        POLARSSL_CIPHER_CAMELLIA_256_CBC,
+#endif /* defined(POLARSSL_CAMELLIA_C) */
+
+#if defined(POLARSSL_DES_C)
+        POLARSSL_CIPHER_DES_CBC,
+        POLARSSL_CIPHER_DES_EDE_CBC,
+        POLARSSL_CIPHER_DES_EDE3_CBC,
+#endif /* defined(POLARSSL_DES_C) */
+
+        0
+};
+
+const int *cipher_list( void )
+{
+    return supported_ciphers;
+}
+
 const cipher_info_t *cipher_info_from_type( cipher_type_t cipher_type )
 {
     /* Find static cipher information */
diff --git a/library/md.c b/library/md.c
index c36cd4e8f..9aa7b386c 100644
--- a/library/md.c
+++ b/library/md.c
@@ -37,6 +37,42 @@
 #include <string.h>
 #include <stdlib.h>
 
+static const int supported_digests[] = {
+
+#if defined(POLARSSL_MD2_C)
+        POLARSSL_MD_MD2,
+#endif
+
+#if defined(POLARSSL_MD4_C)
+        POLARSSL_MD_MD4,
+#endif
+
+#if defined(POLARSSL_MD5_C)
+        POLARSSL_MD_MD5,
+#endif
+
+#if defined(POLARSSL_SHA1_C)
+        POLARSSL_MD_SHA1,
+#endif
+
+#if defined(POLARSSL_SHA2_C)
+        POLARSSL_MD_SHA224,
+        POLARSSL_MD_SHA256,
+#endif
+
+#if defined(POLARSSL_SHA4_C)
+        POLARSSL_MD_SHA384,
+        POLARSSL_MD_SHA512,
+#endif
+
+        0
+};
+
+const int *md_list( void )
+{
+    return supported_digests;
+}
+
 const md_info_t *md_info_from_string( const char *md_name )
 {
     if( NULL == md_name )
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 74e51a3a5..4eb0b682c 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1863,52 +1863,52 @@ int ssl_get_verify_result( const ssl_context *ssl )
     return( ssl->verify_result );
 }
 
-const char *ssl_get_cipher( const ssl_context *ssl )
+const char *ssl_get_cipher_name( const int cipher_id )
 {
-    switch( ssl->session->cipher )
+    switch( cipher_id )
     {
 #if defined(POLARSSL_ARC4_C)
         case SSL_RSA_RC4_128_MD5:
-            return( "SSL_RSA_RC4_128_MD5" );
+            return( "SSL-RSA-RC4-128-MD5" );
 
         case SSL_RSA_RC4_128_SHA:
-            return( "SSL_RSA_RC4_128_SHA" );
+            return( "SSL-RSA-RC4-128-SHA" );
 #endif
 
 #if defined(POLARSSL_DES_C)
         case SSL_RSA_DES_168_SHA:
-            return( "SSL_RSA_DES_168_SHA" );
+            return( "SSL-RSA-DES-168-SHA" );
 
         case SSL_EDH_RSA_DES_168_SHA:
-            return( "SSL_EDH_RSA_DES_168_SHA" );
+            return( "SSL-EDH-RSA-DES-168-SHA" );
 #endif
 
 #if defined(POLARSSL_AES_C)
         case SSL_RSA_AES_128_SHA:
-            return( "SSL_RSA_AES_128_SHA" );
+            return( "SSL-RSA-AES-128-SHA" );
 
         case SSL_EDH_RSA_AES_128_SHA:
-            return( "SSL_EDH_RSA_AES_128_SHA" );
+            return( "SSL-EDH-RSA-AES-128-SHA" );
 
         case SSL_RSA_AES_256_SHA:
-            return( "SSL_RSA_AES_256_SHA" );
+            return( "SSL-RSA-AES-256-SHA" );
 
         case SSL_EDH_RSA_AES_256_SHA:
-            return( "SSL_EDH_RSA_AES_256_SHA" );
+            return( "SSL-EDH-RSA-AES-256-SHA" );
 #endif
 
 #if defined(POLARSSL_CAMELLIA_C)
         case SSL_RSA_CAMELLIA_128_SHA:
-            return( "SSL_RSA_CAMELLIA_128_SHA" );
+            return( "SSL-RSA-CAMELLIA-128-SHA" );
 
         case SSL_EDH_RSA_CAMELLIA_128_SHA:
-            return( "SSL_EDH_RSA_CAMELLIA_128_SHA" );
+            return( "SSL-EDH-RSA-CAMELLIA-128-SHA" );
 
         case SSL_RSA_CAMELLIA_256_SHA:
-            return( "SSL_RSA_CAMELLIA_256_SHA" );
+            return( "SSL-RSA-CAMELLIA-256-SHA" );
 
         case SSL_EDH_RSA_CAMELLIA_256_SHA:
-            return( "SSL_EDH_RSA_CAMELLIA_256_SHA" );
+            return( "SSL-EDH-RSA-CAMELLIA-256-SHA" );
 #endif
 
     default:
@@ -1918,6 +1918,52 @@ const char *ssl_get_cipher( const ssl_context *ssl )
     return( "unknown" );
 }
 
+int ssl_get_cipher_id( const char *cipher_name )
+{
+#if defined(POLARSSL_ARC4_C)
+    if (0 == strcasecmp(cipher_name, "SSL-RSA-RC4-128-MD5"))
+        return( SSL_RSA_RC4_128_MD5 );
+    if (0 == strcasecmp(cipher_name, "SSL-RSA-RC4-128-SHA"))
+        return( SSL_RSA_RC4_128_SHA );
+#endif
+
+#if defined(POLARSSL_DES_C)
+    if (0 == strcasecmp(cipher_name, "SSL-RSA-DES-168-SHA"))
+        return( SSL_RSA_DES_168_SHA );
+    if (0 == strcasecmp(cipher_name, "SSL-EDH-RSA-DES-168-SHA"))
+        return( SSL_EDH_RSA_DES_168_SHA );
+#endif
+
+#if defined(POLARSSL_AES_C)
+    if (0 == strcasecmp(cipher_name, "SSL-RSA-AES-128-SHA"))
+        return( SSL_RSA_AES_128_SHA );
+    if (0 == strcasecmp(cipher_name, "SSL-EDH-RSA-AES-128-SHA"))
+        return( SSL_EDH_RSA_AES_128_SHA );
+    if (0 == strcasecmp(cipher_name, "SSL-RSA-AES-256-SHA"))
+        return( SSL_RSA_AES_256_SHA );
+    if (0 == strcasecmp(cipher_name, "SSL-EDH-RSA-AES-256-SHA"))
+        return( SSL_EDH_RSA_AES_256_SHA );
+#endif
+
+#if defined(POLARSSL_CAMELLIA_C)
+    if (0 == strcasecmp(cipher_name, "SSL-RSA-CAMELLIA-128-SHA"))
+        return( SSL_RSA_CAMELLIA_128_SHA );
+    if (0 == strcasecmp(cipher_name, "SSL-EDH-RSA-CAMELLIA-128-SHA"))
+        return( SSL_EDH_RSA_CAMELLIA_128_SHA );
+    if (0 == strcasecmp(cipher_name, "SSL-RSA-CAMELLIA-256-SHA"))
+        return( SSL_RSA_CAMELLIA_256_SHA );
+    if (0 == strcasecmp(cipher_name, "SSL-EDH-RSA-CAMELLIA-256-SHA"))
+        return( SSL_EDH_RSA_CAMELLIA_256_SHA );
+#endif
+
+    return( 0 );
+}
+
+const char *ssl_get_cipher( const ssl_context *ssl )
+{
+    return ssl_get_cipher_name( ssl->session->cipher );
+}
+
 const char *ssl_get_version( const ssl_context *ssl )
 {
     switch( ssl->minor_ver )