- Improved information provided about current Hashing, Cipher and Suite capabilities

This commit is contained in:
Paul Bakker 2011-01-16 21:27:44 +00:00
parent 76fd75a3de
commit 72f6266f02
7 changed files with 167 additions and 18 deletions

View File

@ -4,16 +4,19 @@ PolarSSL ChangeLog
Features Features
Note: Most of these features have been donated by Fox-IT Note: Most of these features have been donated by Fox-IT
* Added Doxygen source code documentation parts * Added Doxygen source code documentation parts
* Added generic message digest and cipher wrapper
for integration with OpenVPN
* Added reading of DHM context from memory and file * Added reading of DHM context from memory and file
* Added verification callback on certificate chain
verification to allow external blacklisting
* Improved X509 certificate parsing to include extended * Improved X509 certificate parsing to include extended
certificate fields, including Key Usage certificate fields, including Key Usage
* Improved certificate verification and verification * Improved certificate verification and verification
against the available CRLs against the available CRLs
* Detection for DES weak keys and parity bits added * Detection for DES weak keys and parity bits added
* Improvements to support integration in other
applications:
+ Added generic message digest and cipher wrapper
+ Improved information about current capabilities,
status, objects and configuration
+ Added verification callback on certificate chain
verification to allow external blacklisting
= Version 0.14.0 released on 2010-08-16 = Version 0.14.0 released on 2010-08-16
Features Features

View File

@ -151,6 +151,14 @@ typedef struct {
extern "C" { extern "C" {
#endif #endif
/**
* \brief Returns the list of ciphers supported by the generic cipher module.
*
* \return a statically allocated array of ciphers, the last entry
* is 0.
*/
const int *cipher_list( void );
/** /**
* \brief Returns the cipher information structure associated * \brief Returns the cipher information structure associated
* with the given cipher name. * with the given cipher name.

View File

@ -118,6 +118,14 @@ typedef struct {
extern "C" { extern "C" {
#endif #endif
/**
* \brief Returns the list of digests supported by the generic digest module.
*
* \return a statically allocated array of digests, the last entry
* is 0.
*/
const int *md_list( void );
/** /**
* \brief Returns the message digest information associated with the * \brief Returns the message digest information associated with the
* given digest name. * given digest name.

View File

@ -319,6 +319,26 @@ extern "C" {
extern int ssl_default_ciphers[]; extern int ssl_default_ciphers[];
/**
* \brief Returns the list of ciphers supported by the SSL/TLS module.
*
* \return a statically allocated array of ciphers, the last entry
* is 0.
*/
static inline const int *ssl_list_ciphers( void )
{
return ssl_default_ciphers;
}
/**
* \brief Return the name of the cipher associated with the given ID
*
* \param cipher_id SSL cipher ID
*
* \return a string containing the cipher name
*/
const char *ssl_get_cipher_name( const int cipher_id );
/** /**
* \brief Initialize an SSL context * \brief Initialize an SSL context
* *

View File

@ -37,6 +37,34 @@
#include <string.h> #include <string.h>
#include <stdlib.h> #include <stdlib.h>
static const int supported_ciphers[] = {
#if defined(POLARSSL_AES_C)
POLARSSL_CIPHER_AES_128_CBC,
POLARSSL_CIPHER_AES_192_CBC,
POLARSSL_CIPHER_AES_256_CBC,
#endif /* defined(POLARSSL_AES_C) */
#if defined(POLARSSL_CAMELLIA_C)
POLARSSL_CIPHER_CAMELLIA_128_CBC,
POLARSSL_CIPHER_CAMELLIA_192_CBC,
POLARSSL_CIPHER_CAMELLIA_256_CBC,
#endif /* defined(POLARSSL_CAMELLIA_C) */
#if defined(POLARSSL_DES_C)
POLARSSL_CIPHER_DES_CBC,
POLARSSL_CIPHER_DES_EDE_CBC,
POLARSSL_CIPHER_DES_EDE3_CBC,
#endif /* defined(POLARSSL_DES_C) */
0
};
const int *cipher_list( void )
{
return supported_ciphers;
}
const cipher_info_t *cipher_info_from_type( cipher_type_t cipher_type ) const cipher_info_t *cipher_info_from_type( cipher_type_t cipher_type )
{ {
/* Find static cipher information */ /* Find static cipher information */

View File

@ -37,6 +37,42 @@
#include <string.h> #include <string.h>
#include <stdlib.h> #include <stdlib.h>
static const int supported_digests[] = {
#if defined(POLARSSL_MD2_C)
POLARSSL_MD_MD2,
#endif
#if defined(POLARSSL_MD4_C)
POLARSSL_MD_MD4,
#endif
#if defined(POLARSSL_MD5_C)
POLARSSL_MD_MD5,
#endif
#if defined(POLARSSL_SHA1_C)
POLARSSL_MD_SHA1,
#endif
#if defined(POLARSSL_SHA2_C)
POLARSSL_MD_SHA224,
POLARSSL_MD_SHA256,
#endif
#if defined(POLARSSL_SHA4_C)
POLARSSL_MD_SHA384,
POLARSSL_MD_SHA512,
#endif
0
};
const int *md_list( void )
{
return supported_digests;
}
const md_info_t *md_info_from_string( const char *md_name ) const md_info_t *md_info_from_string( const char *md_name )
{ {
if( NULL == md_name ) if( NULL == md_name )

View File

@ -1863,52 +1863,52 @@ int ssl_get_verify_result( const ssl_context *ssl )
return( ssl->verify_result ); return( ssl->verify_result );
} }
const char *ssl_get_cipher( const ssl_context *ssl ) const char *ssl_get_cipher_name( const int cipher_id )
{ {
switch( ssl->session->cipher ) switch( cipher_id )
{ {
#if defined(POLARSSL_ARC4_C) #if defined(POLARSSL_ARC4_C)
case SSL_RSA_RC4_128_MD5: case SSL_RSA_RC4_128_MD5:
return( "SSL_RSA_RC4_128_MD5" ); return( "SSL-RSA-RC4-128-MD5" );
case SSL_RSA_RC4_128_SHA: case SSL_RSA_RC4_128_SHA:
return( "SSL_RSA_RC4_128_SHA" ); return( "SSL-RSA-RC4-128-SHA" );
#endif #endif
#if defined(POLARSSL_DES_C) #if defined(POLARSSL_DES_C)
case SSL_RSA_DES_168_SHA: case SSL_RSA_DES_168_SHA:
return( "SSL_RSA_DES_168_SHA" ); return( "SSL-RSA-DES-168-SHA" );
case SSL_EDH_RSA_DES_168_SHA: case SSL_EDH_RSA_DES_168_SHA:
return( "SSL_EDH_RSA_DES_168_SHA" ); return( "SSL-EDH-RSA-DES-168-SHA" );
#endif #endif
#if defined(POLARSSL_AES_C) #if defined(POLARSSL_AES_C)
case SSL_RSA_AES_128_SHA: case SSL_RSA_AES_128_SHA:
return( "SSL_RSA_AES_128_SHA" ); return( "SSL-RSA-AES-128-SHA" );
case SSL_EDH_RSA_AES_128_SHA: case SSL_EDH_RSA_AES_128_SHA:
return( "SSL_EDH_RSA_AES_128_SHA" ); return( "SSL-EDH-RSA-AES-128-SHA" );
case SSL_RSA_AES_256_SHA: case SSL_RSA_AES_256_SHA:
return( "SSL_RSA_AES_256_SHA" ); return( "SSL-RSA-AES-256-SHA" );
case SSL_EDH_RSA_AES_256_SHA: case SSL_EDH_RSA_AES_256_SHA:
return( "SSL_EDH_RSA_AES_256_SHA" ); return( "SSL-EDH-RSA-AES-256-SHA" );
#endif #endif
#if defined(POLARSSL_CAMELLIA_C) #if defined(POLARSSL_CAMELLIA_C)
case SSL_RSA_CAMELLIA_128_SHA: case SSL_RSA_CAMELLIA_128_SHA:
return( "SSL_RSA_CAMELLIA_128_SHA" ); return( "SSL-RSA-CAMELLIA-128-SHA" );
case SSL_EDH_RSA_CAMELLIA_128_SHA: case SSL_EDH_RSA_CAMELLIA_128_SHA:
return( "SSL_EDH_RSA_CAMELLIA_128_SHA" ); return( "SSL-EDH-RSA-CAMELLIA-128-SHA" );
case SSL_RSA_CAMELLIA_256_SHA: case SSL_RSA_CAMELLIA_256_SHA:
return( "SSL_RSA_CAMELLIA_256_SHA" ); return( "SSL-RSA-CAMELLIA-256-SHA" );
case SSL_EDH_RSA_CAMELLIA_256_SHA: case SSL_EDH_RSA_CAMELLIA_256_SHA:
return( "SSL_EDH_RSA_CAMELLIA_256_SHA" ); return( "SSL-EDH-RSA-CAMELLIA-256-SHA" );
#endif #endif
default: default:
@ -1918,6 +1918,52 @@ const char *ssl_get_cipher( const ssl_context *ssl )
return( "unknown" ); return( "unknown" );
} }
int ssl_get_cipher_id( const char *cipher_name )
{
#if defined(POLARSSL_ARC4_C)
if (0 == strcasecmp(cipher_name, "SSL-RSA-RC4-128-MD5"))
return( SSL_RSA_RC4_128_MD5 );
if (0 == strcasecmp(cipher_name, "SSL-RSA-RC4-128-SHA"))
return( SSL_RSA_RC4_128_SHA );
#endif
#if defined(POLARSSL_DES_C)
if (0 == strcasecmp(cipher_name, "SSL-RSA-DES-168-SHA"))
return( SSL_RSA_DES_168_SHA );
if (0 == strcasecmp(cipher_name, "SSL-EDH-RSA-DES-168-SHA"))
return( SSL_EDH_RSA_DES_168_SHA );
#endif
#if defined(POLARSSL_AES_C)
if (0 == strcasecmp(cipher_name, "SSL-RSA-AES-128-SHA"))
return( SSL_RSA_AES_128_SHA );
if (0 == strcasecmp(cipher_name, "SSL-EDH-RSA-AES-128-SHA"))
return( SSL_EDH_RSA_AES_128_SHA );
if (0 == strcasecmp(cipher_name, "SSL-RSA-AES-256-SHA"))
return( SSL_RSA_AES_256_SHA );
if (0 == strcasecmp(cipher_name, "SSL-EDH-RSA-AES-256-SHA"))
return( SSL_EDH_RSA_AES_256_SHA );
#endif
#if defined(POLARSSL_CAMELLIA_C)
if (0 == strcasecmp(cipher_name, "SSL-RSA-CAMELLIA-128-SHA"))
return( SSL_RSA_CAMELLIA_128_SHA );
if (0 == strcasecmp(cipher_name, "SSL-EDH-RSA-CAMELLIA-128-SHA"))
return( SSL_EDH_RSA_CAMELLIA_128_SHA );
if (0 == strcasecmp(cipher_name, "SSL-RSA-CAMELLIA-256-SHA"))
return( SSL_RSA_CAMELLIA_256_SHA );
if (0 == strcasecmp(cipher_name, "SSL-EDH-RSA-CAMELLIA-256-SHA"))
return( SSL_EDH_RSA_CAMELLIA_256_SHA );
#endif
return( 0 );
}
const char *ssl_get_cipher( const ssl_context *ssl )
{
return ssl_get_cipher_name( ssl->session->cipher );
}
const char *ssl_get_version( const ssl_context *ssl ) const char *ssl_get_version( const ssl_context *ssl )
{ {
switch( ssl->minor_ver ) switch( ssl->minor_ver )