Mbed TLS v2.28.9
Loading...
Searching...
No Matches
ssl_ciphersuites.h
Go to the documentation of this file.
1
6/*
7 * Copyright The Mbed TLS Contributors
8 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
9 */
10#ifndef MBEDTLS_SSL_CIPHERSUITES_H
11#define MBEDTLS_SSL_CIPHERSUITES_H
12
13#if !defined(MBEDTLS_CONFIG_FILE)
14#include "mbedtls/config.h"
15#else
16#include MBEDTLS_CONFIG_FILE
17#endif
18
19#include "mbedtls/pk.h"
20#include "mbedtls/cipher.h"
21#include "mbedtls/md.h"
22
23#ifdef __cplusplus
24extern "C" {
25#endif
26
27/*
28 * Supported ciphersuites (Official IANA names)
29 */
30#define MBEDTLS_TLS_RSA_WITH_NULL_MD5 0x01
31#define MBEDTLS_TLS_RSA_WITH_NULL_SHA 0x02
33#define MBEDTLS_TLS_RSA_WITH_RC4_128_MD5 0x04
34#define MBEDTLS_TLS_RSA_WITH_RC4_128_SHA 0x05
35#define MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA 0x09
37#define MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA 0x0A
38
39#define MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA 0x15
40#define MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 0x16
41
42#define MBEDTLS_TLS_PSK_WITH_NULL_SHA 0x2C
43#define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA 0x2D
44#define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA 0x2E
45#define MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA 0x2F
46
47#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA 0x33
48#define MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA 0x35
49#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA 0x39
50
51#define MBEDTLS_TLS_RSA_WITH_NULL_SHA256 0x3B
52#define MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 0x3C
53#define MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 0x3D
55#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 0x41
56#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x45
57
58#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 0x67
59#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 0x6B
61#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 0x84
62#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x88
63
64#define MBEDTLS_TLS_PSK_WITH_RC4_128_SHA 0x8A
65#define MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA 0x8B
66#define MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA 0x8C
67#define MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA 0x8D
68
69#define MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA 0x8E
70#define MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA 0x8F
71#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA 0x90
72#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA 0x91
73
74#define MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA 0x92
75#define MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA 0x93
76#define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA 0x94
77#define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA 0x95
78
79#define MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 0x9C
80#define MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 0x9D
81#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 0x9E
82#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 0x9F
84#define MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 0xA8
85#define MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 0xA9
86#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 0xAA
87#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 0xAB
88#define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 0xAC
89#define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 0xAD
91#define MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 0xAE
92#define MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 0xAF
93#define MBEDTLS_TLS_PSK_WITH_NULL_SHA256 0xB0
94#define MBEDTLS_TLS_PSK_WITH_NULL_SHA384 0xB1
96#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 0xB2
97#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 0xB3
98#define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256 0xB4
99#define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384 0xB5
101#define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 0xB6
102#define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 0xB7
103#define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256 0xB8
104#define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384 0xB9
106#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBA
107#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBE
109#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC0
110#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC4
112#define MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA 0xC001
113#define MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA 0xC002
114#define MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 0xC003
115#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0xC004
116#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0xC005
118#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA 0xC006
119#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 0xC007
120#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 0xC008
121#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0xC009
122#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0xC00A
124#define MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA 0xC00B
125#define MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA 0xC00C
126#define MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 0xC00D
127#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 0xC00E
128#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 0xC00F
130#define MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA 0xC010
131#define MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA 0xC011
132#define MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 0xC012
133#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 0xC013
134#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 0xC014
136#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 0xC023
137#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 0xC024
138#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 0xC025
139#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 0xC026
140#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 0xC027
141#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 0xC028
142#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 0xC029
143#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 0xC02A
145#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC02B
146#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0xC02C
147#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0xC02D
148#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 0xC02E
149#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xC02F
150#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0xC030
151#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 0xC031
152#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 0xC032
154#define MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA 0xC033
155#define MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA 0xC034
156#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 0xC035
157#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 0xC036
158#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 0xC037
159#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 0xC038
160#define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA 0xC039
161#define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256 0xC03A
162#define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384 0xC03B
164#define MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256 0xC03C
165#define MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384 0xC03D
166#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 0xC044
167#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 0xC045
168#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 0xC048
169#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 0xC049
170#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 0xC04A
171#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 0xC04B
172#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 0xC04C
173#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 0xC04D
174#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256 0xC04E
175#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384 0xC04F
176#define MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256 0xC050
177#define MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384 0xC051
178#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 0xC052
179#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 0xC053
180#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 0xC05C
181#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 0xC05D
182#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 0xC05E
183#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 0xC05F
184#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 0xC060
185#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 0xC061
186#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 0xC062
187#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 0xC063
188#define MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256 0xC064
189#define MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384 0xC065
190#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 0xC066
191#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 0xC067
192#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 0xC068
193#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 0xC069
194#define MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256 0xC06A
195#define MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384 0xC06B
196#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 0xC06C
197#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 0xC06D
198#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 0xC06E
199#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 0xC06F
200#define MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 0xC070
201#define MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 0xC071
203#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC072
204#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC073
205#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC074
206#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC075
207#define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xC076
208#define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 0xC077
209#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xC078
210#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 0xC079
212#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC07A
213#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC07B
214#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC07C
215#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC07D
216#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC086
217#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 0xC087
218#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC088
219#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 0xC089
220#define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC08A
221#define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC08B
222#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC08C
223#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC08D
225#define MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC08E
226#define MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC08F
227#define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC090
228#define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC091
229#define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC092
230#define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC093
232#define MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC094
233#define MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC095
234#define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC096
235#define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC097
236#define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC098
237#define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC099
238#define MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC09A
239#define MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC09B
241#define MBEDTLS_TLS_RSA_WITH_AES_128_CCM 0xC09C
242#define MBEDTLS_TLS_RSA_WITH_AES_256_CCM 0xC09D
243#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM 0xC09E
244#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM 0xC09F
245#define MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8 0xC0A0
246#define MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8 0xC0A1
247#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8 0xC0A2
248#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8 0xC0A3
249#define MBEDTLS_TLS_PSK_WITH_AES_128_CCM 0xC0A4
250#define MBEDTLS_TLS_PSK_WITH_AES_256_CCM 0xC0A5
251#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM 0xC0A6
252#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM 0xC0A7
253#define MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8 0xC0A8
254#define MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8 0xC0A9
255#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8 0xC0AA
256#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8 0xC0AB
257/* The last two are named with PSK_DHE in the RFC, which looks like a typo */
258
259#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM 0xC0AC
260#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM 0xC0AD
261#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 0xC0AE
262#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 0xC0AF
264#define MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 0xC0FF
266/* RFC 7905 */
267#define MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xCCA8
268#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 0xCCA9
269#define MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xCCAA
270#define MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAB
271#define MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAC
272#define MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAD
273#define MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAE
275/* Reminder: update mbedtls_ssl_premaster_secret when adding a new key exchange.
276 * Reminder: update MBEDTLS_KEY_EXCHANGE__xxx below
277 */
292
293/* Key exchanges using a certificate */
294#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
295 defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
296 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
297 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
298 defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
299 defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
300 defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
301#define MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED
302#endif
303
304/* Key exchanges allowing client certificate requests */
305#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
306 defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
307 defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
308 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
309 defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) || \
310 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
311#define MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED
312#endif
313
314/* Key exchanges involving server signature in ServerKeyExchange */
315#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
316 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
317 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
318#define MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED
319#endif
320
321/* Key exchanges using ECDH */
322#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
323 defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
324#define MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED
325#endif
326
327/* Key exchanges that don't involve ephemeral keys */
328#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
329 defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \
330 defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
331 defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED)
332#define MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED
333#endif
334
335/* Key exchanges that involve ephemeral keys */
336#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
337 defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
338 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
339 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
340 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
341 defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
342#define MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED
343#endif
344
345/* Key exchanges using a PSK */
346#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \
347 defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
348 defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
349 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
350#define MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED
351#endif
352
353/* Key exchanges using DHE */
354#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
355 defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
356#define MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED
357#endif
358
359/* Key exchanges using ECDHE */
360#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
361 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
362 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
363#define MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED
364#endif
365
367
368#define MBEDTLS_CIPHERSUITE_WEAK 0x01
369#define MBEDTLS_CIPHERSUITE_SHORT_TAG 0x02
371#define MBEDTLS_CIPHERSUITE_NODTLS 0x04
391
393
396
397#if defined(MBEDTLS_PK_C)
400#endif
401
404
405#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED)
407{
408 switch (info->key_exchange) {
415 return 1;
416
417 default:
418 return 0;
419 }
420}
421#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED */
422
423#if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED)
425{
426 switch (info->key_exchange) {
432 return 1;
433
434 default:
435 return 0;
436 }
437}
438#endif /* MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED */
439
440#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED)
442{
443 switch (info->key_exchange) {
446 return 1;
447
448 default:
449 return 0;
450 }
451}
452#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED */
453
455{
456 switch (info->key_exchange) {
463 return 1;
464
465 default:
466 return 0;
467 }
468}
469
471{
472 switch (info->key_exchange) {
480 return 1;
481
482 default:
483 return 0;
484 }
485}
486
487#if defined(MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED)
489{
490 switch (info->key_exchange) {
493 return 1;
494
495 default:
496 return 0;
497 }
498}
499#endif /* MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED) */
500
501#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED)
503{
504 switch (info->key_exchange) {
508 return 1;
509
510 default:
511 return 0;
512 }
513}
514#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) */
515
516#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED)
518 const mbedtls_ssl_ciphersuite_t *info)
519{
520 switch (info->key_exchange) {
524 return 1;
525
526 default:
527 return 0;
528 }
529}
530#endif /* MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED */
531
532#ifdef __cplusplus
533}
534#endif
535
536#endif /* ssl_ciphersuites.h */
This file contains an abstraction interface for use with the cipher primitives provided by the librar...
mbedtls_cipher_type_t
Supported {cipher type, cipher mode} pairs.
Definition cipher.h:98
Configuration options (set of defines)
This file contains the generic message-digest wrapper.
mbedtls_md_type_t
Supported message digests.
Definition md.h:50
Public Key abstraction layer.
mbedtls_pk_type_t
Public key types.
Definition pk.h:83
int mbedtls_ssl_ciphersuite_uses_psk(const mbedtls_ssl_ciphersuite_t *info)
static int mbedtls_ssl_ciphersuite_has_pfs(const mbedtls_ssl_ciphersuite_t *info)
int mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t *info)
const int * mbedtls_ssl_list_ciphersuites(void)
mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t *info)
mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info)
static int mbedtls_ssl_ciphersuite_no_pfs(const mbedtls_ssl_ciphersuite_t *info)
const mbedtls_ssl_ciphersuite_t * mbedtls_ssl_ciphersuite_from_id(int ciphersuite_id)
const mbedtls_ssl_ciphersuite_t * mbedtls_ssl_ciphersuite_from_string(const char *ciphersuite_name)
static int mbedtls_ssl_ciphersuite_cert_req_allowed(const mbedtls_ssl_ciphersuite_t *info)
static int mbedtls_ssl_ciphersuite_uses_ecdhe(const mbedtls_ssl_ciphersuite_t *info)
static int mbedtls_ssl_ciphersuite_uses_dhe(const mbedtls_ssl_ciphersuite_t *info)
static int mbedtls_ssl_ciphersuite_uses_ecdh(const mbedtls_ssl_ciphersuite_t *info)
static int mbedtls_ssl_ciphersuite_uses_server_signature(const mbedtls_ssl_ciphersuite_t *info)
mbedtls_key_exchange_type_t
@ MBEDTLS_KEY_EXCHANGE_PSK
@ MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA
@ MBEDTLS_KEY_EXCHANGE_DHE_PSK
@ MBEDTLS_KEY_EXCHANGE_DHE_RSA
@ MBEDTLS_KEY_EXCHANGE_ECDH_RSA
@ MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
@ MBEDTLS_KEY_EXCHANGE_RSA
@ MBEDTLS_KEY_EXCHANGE_ECJPAKE
@ MBEDTLS_KEY_EXCHANGE_RSA_PSK
@ MBEDTLS_KEY_EXCHANGE_ECDHE_PSK
@ MBEDTLS_KEY_EXCHANGE_ECDHE_RSA
@ MBEDTLS_KEY_EXCHANGE_NONE
static int mbedtls_ssl_ciphersuite_uses_srv_cert(const mbedtls_ssl_ciphersuite_t *info)
This structure is used for storing ciphersuite information.
mbedtls_key_exchange_type_t key_exchange
mbedtls_cipher_type_t cipher