TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls.git / 15f1d7f812520c76a7b4ed59b6557a51377b351f / . / library / ssl_ciphersuites_internal.h
blob: 54199dba8a51073dc6e848148ba1b3c471c11be0 [file] [log] [blame]
Valerio Settid9291062024-01-17 09:48:06 +0100[diff] [blame]1/**
2 * \file ssl_ciphersuites_internal.h
3 *
4 * \brief Internal part of the public "ssl_ciphersuites.h".
5 */
6/*
7 * Copyright The Mbed TLS Contributors
8 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
9 */
10#ifndef MBEDTLS_SSL_CIPHERSUITES_INTERNAL_H
11#define MBEDTLS_SSL_CIPHERSUITES_INTERNAL_H
12
13#include "mbedtls/pk.h"
Ben Taylor1030f802025-07-15 14:55:41 +0100[diff] [blame]14#if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER)
15#include <mbedtls/private/pk_private.h>
16#endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */
Valerio Settid9291062024-01-17 09:48:06 +0100[diff] [blame]17
18#if defined(MBEDTLS_PK_C)
19mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info);
Valerio Settid9291062024-01-17 09:48:06 +0100[diff] [blame]20psa_algorithm_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(const mbedtls_ssl_ciphersuite_t *info);
21psa_key_usage_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_usage(const mbedtls_ssl_ciphersuite_t *info);
Valerio Settid9291062024-01-17 09:48:06 +0100[diff] [blame]22mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t *info);
23#endif /* MBEDTLS_PK_C */
24
25int mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t *info);
26int mbedtls_ssl_ciphersuite_uses_psk(const mbedtls_ssl_ciphersuite_t *info);
27
28#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED)
29static inline int mbedtls_ssl_ciphersuite_has_pfs(const mbedtls_ssl_ciphersuite_t *info)
30{
31 switch (info->MBEDTLS_PRIVATE(key_exchange)) {
Valerio Settid9291062024-01-17 09:48:06 +0100[diff] [blame]32 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
33 case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
34 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
35 case MBEDTLS_KEY_EXCHANGE_ECJPAKE:
36 return 1;
37
38 default:
39 return 0;
40 }
41}
42#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED */
43
44#if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED)
45static inline int mbedtls_ssl_ciphersuite_no_pfs(const mbedtls_ssl_ciphersuite_t *info)
46{
47 switch (info->MBEDTLS_PRIVATE(key_exchange)) {
Valerio Settid9291062024-01-17 09:48:06 +0100[diff] [blame]48 case MBEDTLS_KEY_EXCHANGE_PSK:
Valerio Settid9291062024-01-17 09:48:06 +0100[diff] [blame]49 return 1;
50
51 default:
52 return 0;
53 }
54}
55#endif /* MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED */
56
57#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED)
58static inline int mbedtls_ssl_ciphersuite_uses_ecdh(const mbedtls_ssl_ciphersuite_t *info)
59{
60 switch (info->MBEDTLS_PRIVATE(key_exchange)) {
Ben Taylor15f1d7f2025-07-10 09:41:09 +0100[diff] [blame^]61 return 1;
Valerio Settid9291062024-01-17 09:48:06 +0100[diff] [blame]62
63 default:
64 return 0;
65 }
66}
67#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED */
68
69static inline int mbedtls_ssl_ciphersuite_cert_req_allowed(const mbedtls_ssl_ciphersuite_t *info)
70{
71 switch (info->MBEDTLS_PRIVATE(key_exchange)) {
Valerio Settid9291062024-01-17 09:48:06 +0100[diff] [blame]72 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
Valerio Settid9291062024-01-17 09:48:06 +0100[diff] [blame]73 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
74 return 1;
75
76 default:
77 return 0;
78 }
79}
80
81static inline int mbedtls_ssl_ciphersuite_uses_srv_cert(const mbedtls_ssl_ciphersuite_t *info)
82{
83 switch (info->MBEDTLS_PRIVATE(key_exchange)) {
Valerio Settid9291062024-01-17 09:48:06 +0100[diff] [blame]84 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
Valerio Settid9291062024-01-17 09:48:06 +0100[diff] [blame]85 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
86 return 1;
87
88 default:
89 return 0;
90 }
91}
92
Valerio Settid9291062024-01-17 09:48:06 +0100[diff] [blame]93#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED)
94static inline int mbedtls_ssl_ciphersuite_uses_ecdhe(const mbedtls_ssl_ciphersuite_t *info)
95{
96 switch (info->MBEDTLS_PRIVATE(key_exchange)) {
97 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
98 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
99 case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
100 return 1;
101
102 default:
103 return 0;
104 }
105}
106#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) */
107
108#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED)
109static inline int mbedtls_ssl_ciphersuite_uses_server_signature(
110 const mbedtls_ssl_ciphersuite_t *info)
111{
112 switch (info->MBEDTLS_PRIVATE(key_exchange)) {
Valerio Settid9291062024-01-17 09:48:06 +0100[diff] [blame]113 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
114 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
115 return 1;
116
117 default:
118 return 0;
119 }
120}
121#endif /* MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED */
122
123#endif /* MBEDTLS_SSL_CIPHERSUITES_INTERNAL_H */