TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 71fcb1c64b55ac8d78bcf0bcc4c39fbd16a7e9a2 / . / library / ssl_ciphersuites_internal.h
blob: d1db2dba46b293cf3b299f937aa76bfa20c791c6 [file] [log] [blame]
Valerio Settid9291062024-01-17 09:48:06 +0100[diff] [blame]1/**
2 * \file ssl_ciphersuites_internal.h
3 *
4 * \brief Internal part of the public "ssl_ciphersuites.h".
5 */
6/*
7 * Copyright The Mbed TLS Contributors
8 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
9 */
10#ifndef MBEDTLS_SSL_CIPHERSUITES_INTERNAL_H
11#define MBEDTLS_SSL_CIPHERSUITES_INTERNAL_H
12
13#include "mbedtls/pk.h"
Ben Taylor1030f802025-07-15 14:55:41 +0100[diff] [blame]14#if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER)
15#include <mbedtls/private/pk_private.h>
16#endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */
Valerio Settid9291062024-01-17 09:48:06 +0100[diff] [blame]17
18#if defined(MBEDTLS_PK_C)
19mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info);
Valerio Settid9291062024-01-17 09:48:06 +0100[diff] [blame]20psa_algorithm_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(const mbedtls_ssl_ciphersuite_t *info);
21psa_key_usage_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_usage(const mbedtls_ssl_ciphersuite_t *info);
Valerio Settid9291062024-01-17 09:48:06 +0100[diff] [blame]22mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t *info);
23#endif /* MBEDTLS_PK_C */
24
25int mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t *info);
26int mbedtls_ssl_ciphersuite_uses_psk(const mbedtls_ssl_ciphersuite_t *info);
27
28#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED)
29static inline int mbedtls_ssl_ciphersuite_has_pfs(const mbedtls_ssl_ciphersuite_t *info)
30{
31 switch (info->MBEDTLS_PRIVATE(key_exchange)) {
Valerio Settid9291062024-01-17 09:48:06 +0100[diff] [blame]32 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
33 case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
34 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
35 case MBEDTLS_KEY_EXCHANGE_ECJPAKE:
36 return 1;
37
38 default:
39 return 0;
40 }
41}
42#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED */
43
44#if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED)
45static inline int mbedtls_ssl_ciphersuite_no_pfs(const mbedtls_ssl_ciphersuite_t *info)
46{
47 switch (info->MBEDTLS_PRIVATE(key_exchange)) {
48 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
49 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
Valerio Settid9291062024-01-17 09:48:06 +0100[diff] [blame]50 case MBEDTLS_KEY_EXCHANGE_PSK:
Valerio Settid9291062024-01-17 09:48:06 +0100[diff] [blame]51 return 1;
52
53 default:
54 return 0;
55 }
56}
57#endif /* MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED */
58
59#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED)
60static inline int mbedtls_ssl_ciphersuite_uses_ecdh(const mbedtls_ssl_ciphersuite_t *info)
61{
62 switch (info->MBEDTLS_PRIVATE(key_exchange)) {
63 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
64 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
65 return 1;
66
67 default:
68 return 0;
69 }
70}
71#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED */
72
73static inline int mbedtls_ssl_ciphersuite_cert_req_allowed(const mbedtls_ssl_ciphersuite_t *info)
74{
75 switch (info->MBEDTLS_PRIVATE(key_exchange)) {
Valerio Settid9291062024-01-17 09:48:06 +0100[diff] [blame]76 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
77 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
78 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
79 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
80 return 1;
81
82 default:
83 return 0;
84 }
85}
86
87static inline int mbedtls_ssl_ciphersuite_uses_srv_cert(const mbedtls_ssl_ciphersuite_t *info)
88{
89 switch (info->MBEDTLS_PRIVATE(key_exchange)) {
Valerio Settid9291062024-01-17 09:48:06 +0100[diff] [blame]90 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
91 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
92 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
93 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
94 return 1;
95
96 default:
97 return 0;
98 }
99}
100
Valerio Settid9291062024-01-17 09:48:06 +0100[diff] [blame]101#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED)
102static inline int mbedtls_ssl_ciphersuite_uses_ecdhe(const mbedtls_ssl_ciphersuite_t *info)
103{
104 switch (info->MBEDTLS_PRIVATE(key_exchange)) {
105 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
106 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
107 case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
108 return 1;
109
110 default:
111 return 0;
112 }
113}
114#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) */
115
116#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED)
117static inline int mbedtls_ssl_ciphersuite_uses_server_signature(
118 const mbedtls_ssl_ciphersuite_t *info)
119{
120 switch (info->MBEDTLS_PRIVATE(key_exchange)) {
Valerio Settid9291062024-01-17 09:48:06 +0100[diff] [blame]121 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
122 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
123 return 1;
124
125 default:
126 return 0;
127 }
128}
129#endif /* MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED */
130
131#endif /* MBEDTLS_SSL_CIPHERSUITES_INTERNAL_H */