mbed TLS v2.9.0
ssl_ciphersuites.h
Go to the documentation of this file.
1 
6 /*
7  * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
8  * SPDX-License-Identifier: Apache-2.0
9  *
10  * Licensed under the Apache License, Version 2.0 (the "License"); you may
11  * not use this file except in compliance with the License.
12  * You may obtain a copy of the License at
13  *
14  * http://www.apache.org/licenses/LICENSE-2.0
15  *
16  * Unless required by applicable law or agreed to in writing, software
17  * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
18  * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
19  * See the License for the specific language governing permissions and
20  * limitations under the License.
21  *
22  * This file is part of mbed TLS (https://tls.mbed.org)
23  */
24 #ifndef MBEDTLS_SSL_CIPHERSUITES_H
25 #define MBEDTLS_SSL_CIPHERSUITES_H
26 
27 #include "pk.h"
28 #include "cipher.h"
29 #include "md.h"
30 
31 #ifdef __cplusplus
32 extern "C" {
33 #endif
34 
35 /*
36  * Supported ciphersuites (Official IANA names)
37  */
38 #define MBEDTLS_TLS_RSA_WITH_NULL_MD5 0x01
39 #define MBEDTLS_TLS_RSA_WITH_NULL_SHA 0x02
41 #define MBEDTLS_TLS_RSA_WITH_RC4_128_MD5 0x04
42 #define MBEDTLS_TLS_RSA_WITH_RC4_128_SHA 0x05
43 #define MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA 0x09
45 #define MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA 0x0A
46 
47 #define MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA 0x15
48 #define MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 0x16
49 
50 #define MBEDTLS_TLS_PSK_WITH_NULL_SHA 0x2C
51 #define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA 0x2D
52 #define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA 0x2E
53 #define MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA 0x2F
54 
55 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA 0x33
56 #define MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA 0x35
57 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA 0x39
58 
59 #define MBEDTLS_TLS_RSA_WITH_NULL_SHA256 0x3B
60 #define MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 0x3C
61 #define MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 0x3D
63 #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 0x41
64 #define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x45
65 
66 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 0x67
67 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 0x6B
69 #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 0x84
70 #define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x88
71 
72 #define MBEDTLS_TLS_PSK_WITH_RC4_128_SHA 0x8A
73 #define MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA 0x8B
74 #define MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA 0x8C
75 #define MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA 0x8D
76 
77 #define MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA 0x8E
78 #define MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA 0x8F
79 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA 0x90
80 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA 0x91
81 
82 #define MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA 0x92
83 #define MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA 0x93
84 #define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA 0x94
85 #define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA 0x95
86 
87 #define MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 0x9C
88 #define MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 0x9D
89 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 0x9E
90 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 0x9F
92 #define MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 0xA8
93 #define MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 0xA9
94 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 0xAA
95 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 0xAB
96 #define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 0xAC
97 #define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 0xAD
99 #define MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 0xAE
100 #define MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 0xAF
101 #define MBEDTLS_TLS_PSK_WITH_NULL_SHA256 0xB0
102 #define MBEDTLS_TLS_PSK_WITH_NULL_SHA384 0xB1
104 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 0xB2
105 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 0xB3
106 #define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256 0xB4
107 #define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384 0xB5
109 #define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 0xB6
110 #define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 0xB7
111 #define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256 0xB8
112 #define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384 0xB9
114 #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBA
115 #define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBE
117 #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC0
118 #define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC4
120 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA 0xC001
121 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA 0xC002
122 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 0xC003
123 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0xC004
124 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0xC005
126 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA 0xC006
127 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 0xC007
128 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 0xC008
129 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0xC009
130 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0xC00A
132 #define MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA 0xC00B
133 #define MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA 0xC00C
134 #define MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 0xC00D
135 #define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 0xC00E
136 #define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 0xC00F
138 #define MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA 0xC010
139 #define MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA 0xC011
140 #define MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 0xC012
141 #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 0xC013
142 #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 0xC014
144 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 0xC023
145 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 0xC024
146 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 0xC025
147 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 0xC026
148 #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 0xC027
149 #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 0xC028
150 #define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 0xC029
151 #define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 0xC02A
153 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC02B
154 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0xC02C
155 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0xC02D
156 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 0xC02E
157 #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xC02F
158 #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0xC030
159 #define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 0xC031
160 #define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 0xC032
162 #define MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA 0xC033
163 #define MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA 0xC034
164 #define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 0xC035
165 #define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 0xC036
166 #define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 0xC037
167 #define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 0xC038
168 #define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA 0xC039
169 #define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256 0xC03A
170 #define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384 0xC03B
172 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC072
173 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC073
174 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC074
175 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC075
176 #define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xC076
177 #define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 0xC077
178 #define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xC078
179 #define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 0xC079
181 #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC07A
182 #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC07B
183 #define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC07C
184 #define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC07D
185 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC086
186 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 0xC087
187 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC088
188 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 0xC089
189 #define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC08A
190 #define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC08B
191 #define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC08C
192 #define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC08D
194 #define MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC08E
195 #define MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC08F
196 #define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC090
197 #define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC091
198 #define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC092
199 #define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC093
201 #define MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC094
202 #define MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC095
203 #define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC096
204 #define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC097
205 #define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC098
206 #define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC099
207 #define MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC09A
208 #define MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC09B
210 #define MBEDTLS_TLS_RSA_WITH_AES_128_CCM 0xC09C
211 #define MBEDTLS_TLS_RSA_WITH_AES_256_CCM 0xC09D
212 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM 0xC09E
213 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM 0xC09F
214 #define MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8 0xC0A0
215 #define MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8 0xC0A1
216 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8 0xC0A2
217 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8 0xC0A3
218 #define MBEDTLS_TLS_PSK_WITH_AES_128_CCM 0xC0A4
219 #define MBEDTLS_TLS_PSK_WITH_AES_256_CCM 0xC0A5
220 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM 0xC0A6
221 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM 0xC0A7
222 #define MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8 0xC0A8
223 #define MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8 0xC0A9
224 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8 0xC0AA
225 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8 0xC0AB
226 /* The last two are named with PSK_DHE in the RFC, which looks like a typo */
227 
228 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM 0xC0AC
229 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM 0xC0AD
230 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 0xC0AE
231 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 0xC0AF
233 #define MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 0xC0FF
235 /* Reminder: update mbedtls_ssl_premaster_secret when adding a new key exchange.
236  * Reminder: update MBEDTLS_KEY_EXCHANGE__xxx below
237  */
238 typedef enum {
252 
253 /* Key exchanges using a certificate */
254 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
255  defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
256  defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
257  defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
258  defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
259  defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
260  defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
261 #define MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED
262 #endif
263 
264 /* Key exchanges allowing client certificate requests */
265 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
266  defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
267  defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
268  defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
269  defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) || \
270  defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
271 #define MBEDTLS_KEY_EXCHANGE__CERT_REQ_ALLOWED__ENABLED
272 #endif
273 
274 /* Key exchanges involving server signature in ServerKeyExchange */
275 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
276  defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
277  defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
278 #define MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED
279 #endif
280 
281 /* Key exchanges using ECDH */
282 #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
283  defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
284 #define MBEDTLS_KEY_EXCHANGE__SOME__ECDH_ENABLED
285 #endif
286 
287 /* Key exchanges that don't involve ephemeral keys */
288 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
289  defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \
290  defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
291  defined(MBEDTLS_KEY_EXCHANGE__SOME__ECDH_ENABLED)
292 #define MBEDTLS_KEY_EXCHANGE__SOME_NON_PFS__ENABLED
293 #endif
294 
295 /* Key exchanges that involve ephemeral keys */
296 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
297  defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
298  defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
299  defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
300  defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
301  defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
302 #define MBEDTLS_KEY_EXCHANGE__SOME_PFS__ENABLED
303 #endif
304 
305 /* Key exchanges using a PSK */
306 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \
307  defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
308  defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
309  defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
310 #define MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED
311 #endif
312 
313 /* Key exchanges using DHE */
314 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
315  defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
316 #define MBEDTLS_KEY_EXCHANGE__SOME__DHE_ENABLED
317 #endif
318 
319 /* Key exchanges using ECDHE */
320 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
321  defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
322  defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
323 #define MBEDTLS_KEY_EXCHANGE__SOME__ECDHE_ENABLED
324 #endif
325 
327 
328 #define MBEDTLS_CIPHERSUITE_WEAK 0x01
329 #define MBEDTLS_CIPHERSUITE_SHORT_TAG 0x02
331 #define MBEDTLS_CIPHERSUITE_NODTLS 0x04
336 struct mbedtls_ssl_ciphersuite_t
337 {
338  int id;
339  const char * name;
343  mbedtls_key_exchange_type_t key_exchange;
345  int min_major_ver;
350  unsigned char flags;
351 };
352 
353 const int *mbedtls_ssl_list_ciphersuites( void );
354 
355 const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_string( const char *ciphersuite_name );
357 
358 #if defined(MBEDTLS_PK_C)
361 #endif
362 
365 
366 #if defined(MBEDTLS_KEY_EXCHANGE__SOME_PFS__ENABLED)
367 static inline int mbedtls_ssl_ciphersuite_has_pfs( const mbedtls_ssl_ciphersuite_t *info )
368 {
369  switch( info->key_exchange )
370  {
377  return( 1 );
378 
379  default:
380  return( 0 );
381  }
382 }
383 #endif /* MBEDTLS_KEY_EXCHANGE__SOME_PFS__ENABLED */
384 
385 #if defined(MBEDTLS_KEY_EXCHANGE__SOME_NON_PFS__ENABLED)
386 static inline int mbedtls_ssl_ciphersuite_no_pfs( const mbedtls_ssl_ciphersuite_t *info )
387 {
388  switch( info->key_exchange )
389  {
395  return( 1 );
396 
397  default:
398  return( 0 );
399  }
400 }
401 #endif /* MBEDTLS_KEY_EXCHANGE__SOME_NON_PFS__ENABLED */
402 
403 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__ECDH_ENABLED)
404 static inline int mbedtls_ssl_ciphersuite_uses_ecdh( const mbedtls_ssl_ciphersuite_t *info )
405 {
406  switch( info->key_exchange )
407  {
410  return( 1 );
411 
412  default:
413  return( 0 );
414  }
415 }
416 #endif /* MBEDTLS_KEY_EXCHANGE__SOME__ECDH_ENABLED */
417 
419 {
420  switch( info->key_exchange )
421  {
428  return( 1 );
429 
430  default:
431  return( 0 );
432  }
433 }
434 
435 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__DHE_ENABLED)
436 static inline int mbedtls_ssl_ciphersuite_uses_dhe( const mbedtls_ssl_ciphersuite_t *info )
437 {
438  switch( info->key_exchange )
439  {
442  return( 1 );
443 
444  default:
445  return( 0 );
446  }
447 }
448 #endif /* MBEDTLS_KEY_EXCHANGE__SOME__DHE_ENABLED) */
449 
450 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__ECDHE_ENABLED)
451 static inline int mbedtls_ssl_ciphersuite_uses_ecdhe( const mbedtls_ssl_ciphersuite_t *info )
452 {
453  switch( info->key_exchange )
454  {
458  return( 1 );
459 
460  default:
461  return( 0 );
462  }
463 }
464 #endif /* MBEDTLS_KEY_EXCHANGE__SOME__ECDHE_ENABLED) */
465 
466 #if defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED)
468 {
469  switch( info->key_exchange )
470  {
474  return( 1 );
475 
476  default:
477  return( 0 );
478  }
479 }
480 #endif /* MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED */
481 
482 #ifdef __cplusplus
483 }
484 #endif
485 
486 #endif /* ssl_ciphersuites.h */
const mbedtls_ssl_ciphersuite_t * mbedtls_ssl_ciphersuite_from_id(int ciphersuite_id)
int mbedtls_ssl_ciphersuite_uses_psk(const mbedtls_ssl_ciphersuite_t *info)
mbedtls_pk_type_t
Public key types.
Definition: pk.h:76
static int mbedtls_ssl_ciphersuite_uses_ecdhe(const mbedtls_ssl_ciphersuite_t *info)
static int mbedtls_ssl_ciphersuite_uses_server_signature(const mbedtls_ssl_ciphersuite_t *info)
mbedtls_cipher_type_t
Supported {cipher type, cipher mode} pairs.
Definition: cipher.h:98
const int * mbedtls_ssl_list_ciphersuites(void)
Public Key abstraction layer.
mbedtls_cipher_type_t cipher
mbedtls_key_exchange_type_t key_exchange
static int mbedtls_ssl_ciphersuite_cert_req_allowed(const mbedtls_ssl_ciphersuite_t *info)
static int mbedtls_ssl_ciphersuite_uses_dhe(const mbedtls_ssl_ciphersuite_t *info)
mbedtls_key_exchange_type_t
This file contains an abstraction interface for use with the cipher primitives provided by the librar...
This structure is used for storing ciphersuite information.
This file contains the generic message-digest wrapper.
static int mbedtls_ssl_ciphersuite_has_pfs(const mbedtls_ssl_ciphersuite_t *info)
static int mbedtls_ssl_ciphersuite_no_pfs(const mbedtls_ssl_ciphersuite_t *info)
int mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t *info)
mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t *info)
mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info)
const mbedtls_ssl_ciphersuite_t * mbedtls_ssl_ciphersuite_from_string(const char *ciphersuite_name)
mbedtls_md_type_t
Supported message digests.
Definition: md.h:56
static int mbedtls_ssl_ciphersuite_uses_ecdh(const mbedtls_ssl_ciphersuite_t *info)