TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / e02758c9c88d1200bc20f7d9514de3fc18ec8aa6 / . / include / mbedtls / ssl_ciphersuites.h
blob: c8cfacde200242782911c18d6cd140fd5f8d2152 [file] [log] [blame]
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]1/**
2 * \file ssl_ciphersuites.h
3 *
Manuel Pégourié-Gonnardb4fe3cb2015-01-22 16:11:05 +0000[diff] [blame]4 * \brief SSL Ciphersuites for mbed TLS
Darryl Greena40a1012018-01-05 15:33:17 +0000[diff] [blame]5 */
6/*
Manuel Pégourié-Gonnard6fb81872015-07-27 11:11:48 +0200[diff] [blame]7 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
Manuel Pégourié-Gonnard37ff1402015-09-04 14:21:07 +0200[diff] [blame]8 * SPDX-License-Identifier: Apache-2.0
9 *
10 * Licensed under the Apache License, Version 2.0 (the "License"); you may
11 * not use this file except in compliance with the License.
12 * You may obtain a copy of the License at
13 *
14 * http://www.apache.org/licenses/LICENSE-2.0
15 *
16 * Unless required by applicable law or agreed to in writing, software
17 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
18 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
19 * See the License for the specific language governing permissions and
20 * limitations under the License.
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]21 *
Manuel Pégourié-Gonnardfe446432015-03-06 13:17:10 +0000[diff] [blame]22 * This file is part of mbed TLS (https://tls.mbed.org)
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]23 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]24#ifndef MBEDTLS_SSL_CIPHERSUITES_H
25#define MBEDTLS_SSL_CIPHERSUITES_H
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]26
Ron Eldor8b0cf2e2018-02-14 16:02:41 +0200[diff] [blame]27#if !defined(MBEDTLS_CONFIG_FILE)
28#include "config.h"
29#else
30#include MBEDTLS_CONFIG_FILE
31#endif
32
Manuel Pégourié-Gonnard09edda82013-08-19 13:50:33 +0200[diff] [blame]33#include "pk.h"
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]34#include "cipher.h"
35#include "md.h"
Hanno Beckerb09132d2019-06-26 10:53:02 +0100[diff] [blame]36#include "ssl.h"
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]37
38#ifdef __cplusplus
39extern "C" {
40#endif
41
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]42/*
43 * Supported ciphersuites (Official IANA names)
44 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]45#define MBEDTLS_TLS_RSA_WITH_NULL_MD5 0x01 /**< Weak! */
46#define MBEDTLS_TLS_RSA_WITH_NULL_SHA 0x02 /**< Weak! */
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]47
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]48#define MBEDTLS_TLS_RSA_WITH_RC4_128_MD5 0x04
49#define MBEDTLS_TLS_RSA_WITH_RC4_128_SHA 0x05
50#define MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA 0x09 /**< Weak! Not in TLS 1.2 */
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]51
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]52#define MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA 0x0A
Paul Bakker0c5fac22013-04-19 21:10:51 +0200[diff] [blame]53
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]54#define MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA 0x15 /**< Weak! Not in TLS 1.2 */
55#define MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 0x16
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]56
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]57#define MBEDTLS_TLS_PSK_WITH_NULL_SHA 0x2C /**< Weak! */
58#define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA 0x2D /**< Weak! */
59#define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA 0x2E /**< Weak! */
60#define MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA 0x2F
Paul Bakker0c5fac22013-04-19 21:10:51 +0200[diff] [blame]61
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]62#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA 0x33
63#define MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA 0x35
64#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA 0x39
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]65
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]66#define MBEDTLS_TLS_RSA_WITH_NULL_SHA256 0x3B /**< Weak! */
67#define MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 0x3C /**< TLS 1.2 */
68#define MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 0x3D /**< TLS 1.2 */
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]69
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]70#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 0x41
71#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x45
Paul Bakker0c5fac22013-04-19 21:10:51 +0200[diff] [blame]72
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]73#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 0x67 /**< TLS 1.2 */
74#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 0x6B /**< TLS 1.2 */
Paul Bakker0c5fac22013-04-19 21:10:51 +0200[diff] [blame]75
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]76#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 0x84
77#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x88
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]78
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]79#define MBEDTLS_TLS_PSK_WITH_RC4_128_SHA 0x8A
80#define MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA 0x8B
81#define MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA 0x8C
82#define MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA 0x8D
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]83
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]84#define MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA 0x8E
85#define MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA 0x8F
86#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA 0x90
87#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA 0x91
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]88
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]89#define MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA 0x92
90#define MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA 0x93
91#define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA 0x94
92#define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA 0x95
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]93
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]94#define MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 0x9C /**< TLS 1.2 */
95#define MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 0x9D /**< TLS 1.2 */
96#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 0x9E /**< TLS 1.2 */
97#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 0x9F /**< TLS 1.2 */
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]98
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]99#define MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 0xA8 /**< TLS 1.2 */
100#define MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 0xA9 /**< TLS 1.2 */
101#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 0xAA /**< TLS 1.2 */
102#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 0xAB /**< TLS 1.2 */
103#define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 0xAC /**< TLS 1.2 */
104#define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 0xAD /**< TLS 1.2 */
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]105
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]106#define MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 0xAE
107#define MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 0xAF
108#define MBEDTLS_TLS_PSK_WITH_NULL_SHA256 0xB0 /**< Weak! */
109#define MBEDTLS_TLS_PSK_WITH_NULL_SHA384 0xB1 /**< Weak! */
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]110
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]111#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 0xB2
112#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 0xB3
113#define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256 0xB4 /**< Weak! */
114#define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384 0xB5 /**< Weak! */
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]115
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]116#define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 0xB6
117#define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 0xB7
118#define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256 0xB8 /**< Weak! */
119#define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384 0xB9 /**< Weak! */
Paul Bakker40afb4b2013-04-19 22:03:30 +0200[diff] [blame]120
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]121#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBA /**< TLS 1.2 */
122#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBE /**< TLS 1.2 */
Paul Bakker0c5fac22013-04-19 21:10:51 +0200[diff] [blame]123
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]124#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC0 /**< TLS 1.2 */
125#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC4 /**< TLS 1.2 */
Paul Bakker0c5fac22013-04-19 21:10:51 +0200[diff] [blame]126
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]127#define MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA 0xC001 /**< Weak! */
128#define MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA 0xC002 /**< Not in SSL3! */
129#define MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 0xC003 /**< Not in SSL3! */
130#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0xC004 /**< Not in SSL3! */
131#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0xC005 /**< Not in SSL3! */
Manuel Pégourié-Gonnard25781b22013-12-11 16:17:10 +0100[diff] [blame]132
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]133#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA 0xC006 /**< Weak! */
134#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 0xC007 /**< Not in SSL3! */
135#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 0xC008 /**< Not in SSL3! */
136#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0xC009 /**< Not in SSL3! */
137#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0xC00A /**< Not in SSL3! */
Manuel Pégourié-Gonnard32ea60a2013-08-17 17:39:04 +0200[diff] [blame]138
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]139#define MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA 0xC00B /**< Weak! */
140#define MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA 0xC00C /**< Not in SSL3! */
141#define MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 0xC00D /**< Not in SSL3! */
142#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 0xC00E /**< Not in SSL3! */
143#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 0xC00F /**< Not in SSL3! */
Manuel Pégourié-Gonnard25781b22013-12-11 16:17:10 +0100[diff] [blame]144
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]145#define MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA 0xC010 /**< Weak! */
146#define MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA 0xC011 /**< Not in SSL3! */
147#define MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 0xC012 /**< Not in SSL3! */
148#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 0xC013 /**< Not in SSL3! */
149#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 0xC014 /**< Not in SSL3! */
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]150
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]151#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 0xC023 /**< TLS 1.2 */
152#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 0xC024 /**< TLS 1.2 */
153#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 0xC025 /**< TLS 1.2 */
154#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 0xC026 /**< TLS 1.2 */
155#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 0xC027 /**< TLS 1.2 */
156#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 0xC028 /**< TLS 1.2 */
157#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 0xC029 /**< TLS 1.2 */
158#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 0xC02A /**< TLS 1.2 */
Paul Bakker0c5fac22013-04-19 21:10:51 +0200[diff] [blame]159
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]160#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC02B /**< TLS 1.2 */
161#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0xC02C /**< TLS 1.2 */
162#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0xC02D /**< TLS 1.2 */
163#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 0xC02E /**< TLS 1.2 */
164#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xC02F /**< TLS 1.2 */
165#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0xC030 /**< TLS 1.2 */
166#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 0xC031 /**< TLS 1.2 */
167#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 0xC032 /**< TLS 1.2 */
Paul Bakkera54e4932013-03-20 15:31:54 +0100[diff] [blame]168
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]169#define MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA 0xC033 /**< Not in SSL3! */
170#define MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA 0xC034 /**< Not in SSL3! */
171#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 0xC035 /**< Not in SSL3! */
172#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 0xC036 /**< Not in SSL3! */
173#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 0xC037 /**< Not in SSL3! */
174#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 0xC038 /**< Not in SSL3! */
175#define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA 0xC039 /**< Weak! No SSL3! */
176#define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256 0xC03A /**< Weak! No SSL3! */
177#define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384 0xC03B /**< Weak! No SSL3! */
Manuel Pégourié-Gonnard225d6aa2013-10-11 19:07:56 +0200[diff] [blame]178
Manuel Pégourié-Gonnard4231e7f2018-02-28 10:54:31 +0100[diff] [blame]179#define MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256 0xC03C /**< TLS 1.2 */
180#define MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384 0xC03D /**< TLS 1.2 */
181#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 0xC044 /**< TLS 1.2 */
182#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 0xC045 /**< TLS 1.2 */
183#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 0xC048 /**< TLS 1.2 */
184#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 0xC049 /**< TLS 1.2 */
185#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 0xC04A /**< TLS 1.2 */
186#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 0xC04B /**< TLS 1.2 */
187#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 0xC04C /**< TLS 1.2 */
188#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 0xC04D /**< TLS 1.2 */
189#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256 0xC04E /**< TLS 1.2 */
190#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384 0xC04F /**< TLS 1.2 */
191#define MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256 0xC050 /**< TLS 1.2 */
192#define MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384 0xC051 /**< TLS 1.2 */
193#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 0xC052 /**< TLS 1.2 */
194#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 0xC053 /**< TLS 1.2 */
195#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 0xC05C /**< TLS 1.2 */
196#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 0xC05D /**< TLS 1.2 */
197#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 0xC05E /**< TLS 1.2 */
198#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 0xC05F /**< TLS 1.2 */
199#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 0xC060 /**< TLS 1.2 */
200#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 0xC061 /**< TLS 1.2 */
201#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 0xC062 /**< TLS 1.2 */
202#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 0xC063 /**< TLS 1.2 */
203#define MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256 0xC064 /**< TLS 1.2 */
204#define MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384 0xC065 /**< TLS 1.2 */
205#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 0xC066 /**< TLS 1.2 */
206#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 0xC067 /**< TLS 1.2 */
207#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 0xC068 /**< TLS 1.2 */
208#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 0xC069 /**< TLS 1.2 */
209#define MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256 0xC06A /**< TLS 1.2 */
210#define MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384 0xC06B /**< TLS 1.2 */
211#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 0xC06C /**< TLS 1.2 */
212#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 0xC06D /**< TLS 1.2 */
213#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 0xC06E /**< TLS 1.2 */
214#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 0xC06F /**< TLS 1.2 */
215#define MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 0xC070 /**< TLS 1.2 */
216#define MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 0xC071 /**< TLS 1.2 */
Markku-Juhani O. Saarinenc06e1012017-12-07 11:51:13 +0000[diff] [blame]217
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]218#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC072 /**< Not in SSL3! */
219#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC073 /**< Not in SSL3! */
220#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC074 /**< Not in SSL3! */
221#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC075 /**< Not in SSL3! */
222#define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xC076 /**< Not in SSL3! */
223#define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 0xC077 /**< Not in SSL3! */
224#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xC078 /**< Not in SSL3! */
225#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 0xC079 /**< Not in SSL3! */
Paul Bakker27714b12013-04-07 23:07:12 +0200[diff] [blame]226
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]227#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC07A /**< TLS 1.2 */
228#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC07B /**< TLS 1.2 */
229#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC07C /**< TLS 1.2 */
230#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC07D /**< TLS 1.2 */
231#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC086 /**< TLS 1.2 */
232#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 0xC087 /**< TLS 1.2 */
233#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC088 /**< TLS 1.2 */
234#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 0xC089 /**< TLS 1.2 */
235#define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC08A /**< TLS 1.2 */
236#define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC08B /**< TLS 1.2 */
237#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC08C /**< TLS 1.2 */
238#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC08D /**< TLS 1.2 */
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame]239
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]240#define MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC08E /**< TLS 1.2 */
241#define MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC08F /**< TLS 1.2 */
242#define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC090 /**< TLS 1.2 */
243#define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC091 /**< TLS 1.2 */
244#define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC092 /**< TLS 1.2 */
245#define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC093 /**< TLS 1.2 */
Manuel Pégourié-Gonnard8d01eea2013-10-24 19:49:07 +0200[diff] [blame]246
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]247#define MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC094
248#define MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC095
249#define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC096
250#define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC097
251#define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC098
252#define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC099
253#define MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC09A /**< Not in SSL3! */
254#define MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC09B /**< Not in SSL3! */
Paul Bakker0f2f0bf2013-07-26 15:03:31 +0200[diff] [blame]255
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]256#define MBEDTLS_TLS_RSA_WITH_AES_128_CCM 0xC09C /**< TLS 1.2 */
257#define MBEDTLS_TLS_RSA_WITH_AES_256_CCM 0xC09D /**< TLS 1.2 */
258#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM 0xC09E /**< TLS 1.2 */
259#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM 0xC09F /**< TLS 1.2 */
260#define MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8 0xC0A0 /**< TLS 1.2 */
261#define MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8 0xC0A1 /**< TLS 1.2 */
262#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8 0xC0A2 /**< TLS 1.2 */
263#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8 0xC0A3 /**< TLS 1.2 */
264#define MBEDTLS_TLS_PSK_WITH_AES_128_CCM 0xC0A4 /**< TLS 1.2 */
265#define MBEDTLS_TLS_PSK_WITH_AES_256_CCM 0xC0A5 /**< TLS 1.2 */
266#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM 0xC0A6 /**< TLS 1.2 */
267#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM 0xC0A7 /**< TLS 1.2 */
268#define MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8 0xC0A8 /**< TLS 1.2 */
269#define MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8 0xC0A9 /**< TLS 1.2 */
270#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8 0xC0AA /**< TLS 1.2 */
271#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8 0xC0AB /**< TLS 1.2 */
Manuel Pégourié-Gonnard6768da92014-05-14 12:26:51 +0200[diff] [blame]272/* The last two are named with PSK_DHE in the RFC, which looks like a typo */
273
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]274#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM 0xC0AC /**< TLS 1.2 */
275#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM 0xC0AD /**< TLS 1.2 */
276#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 0xC0AE /**< TLS 1.2 */
277#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 0xC0AF /**< TLS 1.2 */
Manuel Pégourié-Gonnard6768da92014-05-14 12:26:51 +0200[diff] [blame]278
Manuel Pégourié-Gonnard538cb7b2015-09-15 18:03:28 +0200[diff] [blame]279#define MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 0xC0FF /**< experimental */
280
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +0200[diff] [blame]281/* RFC 7905 */
282#define MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xCCA8 /**< TLS 1.2 */
283#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 0xCCA9 /**< TLS 1.2 */
284#define MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xCCAA /**< TLS 1.2 */
285#define MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAB /**< TLS 1.2 */
286#define MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAC /**< TLS 1.2 */
287#define MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAD /**< TLS 1.2 */
288#define MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAE /**< TLS 1.2 */
289
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]290/* Reminder: update mbedtls_ssl_premaster_secret when adding a new key exchange.
Manuel Pégourié-Gonnardadeb7d82015-10-09 14:44:47 +0100[diff] [blame]291 * Reminder: update MBEDTLS_KEY_EXCHANGE__xxx below
Manuel Pégourié-Gonnardd9423232014-12-02 11:57:29 +0100[diff] [blame]292 */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]293typedef enum {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]294 MBEDTLS_KEY_EXCHANGE_NONE = 0,
295 MBEDTLS_KEY_EXCHANGE_RSA,
296 MBEDTLS_KEY_EXCHANGE_DHE_RSA,
297 MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
298 MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
299 MBEDTLS_KEY_EXCHANGE_PSK,
300 MBEDTLS_KEY_EXCHANGE_DHE_PSK,
301 MBEDTLS_KEY_EXCHANGE_RSA_PSK,
302 MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
303 MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
304 MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
Manuel Pégourié-Gonnard557535d2015-09-15 17:53:32 +0200[diff] [blame]305 MBEDTLS_KEY_EXCHANGE_ECJPAKE,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]306} mbedtls_key_exchange_type_t;
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]307
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]308typedef struct mbedtls_ssl_ciphersuite_t mbedtls_ssl_ciphersuite_t;
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]309
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]310#define MBEDTLS_CIPHERSUITE_WEAK 0x01 /**< Weak ciphersuite flag */
311#define MBEDTLS_CIPHERSUITE_SHORT_TAG 0x02 /**< Short authentication tag,
Manuel Pégourié-Gonnard6768da92014-05-14 12:26:51 +0200[diff] [blame]312 eg for CCM_8 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]313#define MBEDTLS_CIPHERSUITE_NODTLS 0x04 /**< Can't be used with DTLS */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]314
Hanno Beckerb09132d2019-06-26 10:53:02 +0100[diff] [blame]315/*
316 * Ciphersuite macro definitions
317 *
318 * This is highly incomplete and only contains those ciphersuites for
319 * which we need to be able to build the library with support for that
320 * ciphersuite only (currently MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
321 * as an example).
322 */
323
324#define MBEDTLS_SUITE_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8()
325#define MBEDTLS_SUITE_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_ID MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
326#define MBEDTLS_SUITE_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_NAME "TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8"
327#define MBEDTLS_SUITE_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_CIPHER MBEDTLS_CIPHER_AES_128_CCM
328#define MBEDTLS_SUITE_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_MAC MBEDTLS_MD_SHA256
329#define MBEDTLS_SUITE_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_KEY_EXCHANGE MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
330#define MBEDTLS_SUITE_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_MIN_MAJOR_VER MBEDTLS_SSL_MAJOR_VERSION_3
331#define MBEDTLS_SUITE_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_MIN_MINOR_VER MBEDTLS_SSL_MINOR_VERSION_3
332#define MBEDTLS_SUITE_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_MAX_MAJOR_VER MBEDTLS_SSL_MAJOR_VERSION_3
333#define MBEDTLS_SUITE_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_MAX_MINOR_VER MBEDTLS_SSL_MINOR_VERSION_3
334#define MBEDTLS_SUITE_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_FLAGS MBEDTLS_CIPHERSUITE_SHORT_TAG
335
336/*
337 * Helper macros to extract fields from ciphersuites.
338 */
339
340#define MBEDTLS_SSL_SUITE_ID_T( SUITE ) SUITE ## _ID
341#define MBEDTLS_SSL_SUITE_NAME_T( SUITE ) SUITE ## _NAME
342#define MBEDTLS_SSL_SUITE_CIPHER_T( SUITE ) SUITE ## _CIPHER
343#define MBEDTLS_SSL_SUITE_MAC_T( SUITE ) SUITE ## _MAC
344#define MBEDTLS_SSL_SUITE_KEY_EXCHANGE_T( SUITE ) SUITE ## _KEY_EXCHANGE
345#define MBEDTLS_SSL_SUITE_MIN_MAJOR_VER_T( SUITE ) SUITE ## _MIN_MAJOR_VER
346#define MBEDTLS_SSL_SUITE_MIN_MINOR_VER_T( SUITE ) SUITE ## _MIN_MINOR_VER
347#define MBEDTLS_SSL_SUITE_MAX_MAJOR_VER_T( SUITE ) SUITE ## _MAX_MAJOR_VER
348#define MBEDTLS_SSL_SUITE_MAX_MINOR_VER_T( SUITE ) SUITE ## _MAX_MINOR_VER
349#define MBEDTLS_SSL_SUITE_FLAGS_T( SUITE ) SUITE ## _FLAGS
350
351/* Wrapper around MBEDTLS_SSL_SUITE_XXX_T() which makes sure that
352 * the argument is macro-expanded before concatenated with the
353 * field name. This allows to call these macros as
354 * MBEDTLS_SSL_SUITE_XXX( MBEDTLS_SSL_SINGLE_CIPHERSUITE ),
355 * where MBEDTLS_SSL_SINGLE_CIPHERSUITE expands to MBEDTLS_SSL_SUITE_XXX. */
356#define MBEDTLS_SSL_SUITE_ID( SUITE ) MBEDTLS_SSL_SUITE_ID_T( SUITE )
357#define MBEDTLS_SSL_SUITE_NAME( SUITE ) MBEDTLS_SSL_SUITE_NAME_T( SUITE )
358#define MBEDTLS_SSL_SUITE_CIPHER( SUITE ) MBEDTLS_SSL_SUITE_CIPHER_T( SUITE )
359#define MBEDTLS_SSL_SUITE_MAC( SUITE ) MBEDTLS_SSL_SUITE_MAC_T( SUITE )
360#define MBEDTLS_SSL_SUITE_KEY_EXCHANGE( SUITE ) MBEDTLS_SSL_SUITE_KEY_EXCHANGE_T( SUITE )
361#define MBEDTLS_SSL_SUITE_MIN_MAJOR_VER( SUITE ) MBEDTLS_SSL_SUITE_MIN_MAJOR_VER_T( SUITE )
362#define MBEDTLS_SSL_SUITE_MIN_MINOR_VER( SUITE ) MBEDTLS_SSL_SUITE_MIN_MINOR_VER_T( SUITE )
363#define MBEDTLS_SSL_SUITE_MAX_MAJOR_VER( SUITE ) MBEDTLS_SSL_SUITE_MAX_MAJOR_VER_T( SUITE )
364#define MBEDTLS_SSL_SUITE_MAX_MINOR_VER( SUITE ) MBEDTLS_SSL_SUITE_MAX_MINOR_VER_T( SUITE )
365#define MBEDTLS_SSL_SUITE_FLAGS( SUITE ) MBEDTLS_SSL_SUITE_FLAGS_T( SUITE )
366
Hanno Becker5cce9362019-06-26 11:39:32 +0100[diff] [blame]367#if !defined(MBEDTLS_SSL_SINGLE_CIPHERSUITE)
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]368/**
369 * \brief This structure is used for storing ciphersuite information
370 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]371struct mbedtls_ssl_ciphersuite_t
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]372{
373 int id;
374 const char * name;
375
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]376 mbedtls_cipher_type_t cipher;
377 mbedtls_md_type_t mac;
378 mbedtls_key_exchange_type_t key_exchange;
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]379
380 int min_major_ver;
381 int min_minor_ver;
382 int max_major_ver;
383 int max_minor_ver;
384
385 unsigned char flags;
386};
387
Hanno Becker473f98f2019-06-26 10:27:32 +0100[diff] [blame]388typedef mbedtls_ssl_ciphersuite_t const * mbedtls_ssl_ciphersuite_handle_t;
389#define MBEDTLS_SSL_CIPHERSUITE_INVALID_HANDLE ( (mbedtls_ssl_ciphersuite_handle_t) NULL )
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]390
Hanno Beckerb09132d2019-06-26 10:53:02 +0100[diff] [blame]391/**
392 * \brief This macro builds an instance of ::mbedtls_ssl_ciphersuite_t
393 * from an \c MBEDTLS_SUITE_XXX identifier.
394 */
395#define MBEDTLS_SSL_SUITE_INFO( SUITE ) \
396 { MBEDTLS_SSL_SUITE_ID( SUITE ), \
397 MBEDTLS_SSL_SUITE_NAME( SUITE ), \
398 MBEDTLS_SSL_SUITE_CIPHER( SUITE ), \
399 MBEDTLS_SSL_SUITE_MAC( SUITE ), \
400 MBEDTLS_SSL_SUITE_KEY_EXCHANGE( SUITE ), \
401 MBEDTLS_SSL_SUITE_MIN_MAJOR_VER( SUITE ), \
402 MBEDTLS_SSL_SUITE_MIN_MINOR_VER( SUITE ), \
403 MBEDTLS_SSL_SUITE_MAX_MAJOR_VER( SUITE ), \
404 MBEDTLS_SSL_SUITE_MAX_MINOR_VER( SUITE ), \
405 MBEDTLS_SSL_SUITE_FLAGS( SUITE ) }
Hanno Becker5cce9362019-06-26 11:39:32 +0100[diff] [blame]406
407#else /* !MBEDTLS_SSL_SINGLE_CIPHERSUITE */
408
409typedef unsigned char mbedtls_ssl_ciphersuite_handle_t;
410#define MBEDTLS_SSL_CIPHERSUITE_INVALID_HANDLE ( (mbedtls_ssl_ciphersuite_handle_t) 0 )
411#define MBEDTLS_SSL_CIPHERSUITE_UNIQUE_VALID_HANDLE ( (mbedtls_ssl_ciphersuite_handle_t) 1 )
412
413#endif /* MBEDTLS_SSL_SINGLE_CIPHERSUITE */
414
Hanno Becker473f98f2019-06-26 10:27:32 +0100[diff] [blame]415/*
416 * Getter functions for the extraction of ciphersuite attributes
417 * from a ciphersuite handle.
418 *
419 * These functions have the validity of the handle as a precondition!
420 * Their behaviour is undefined when MBEDTLS_SSL_CIPHERSUITE_INVALID_HANDLE
421 * is passed.
422 */
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]423
Hanno Becker5cce9362019-06-26 11:39:32 +0100[diff] [blame]424#if !defined(MBEDTLS_SSL_SINGLE_CIPHERSUITE)
Hanno Becker473f98f2019-06-26 10:27:32 +0100[diff] [blame]425/*
426 * Implementation of getter functions when the ciphersuite handle
427 * is a pointer to the ciphersuite information structure.
428 *
429 * The precondition that the handle is valid means that
430 * we don't need to check that info != NULL.
431 */
432static inline int mbedtls_ssl_suite_get_id(
433 mbedtls_ssl_ciphersuite_handle_t const info )
Hanno Becker1aa267c2017-04-28 17:08:27 +0100[diff] [blame]434{
Hanno Becker473f98f2019-06-26 10:27:32 +0100[diff] [blame]435 return( info->id );
436}
437static inline const char* mbedtls_ssl_suite_get_name(
438 mbedtls_ssl_ciphersuite_handle_t const info )
439{
440 return( info->name );
441}
442static inline mbedtls_cipher_type_t mbedtls_ssl_suite_get_cipher(
443 mbedtls_ssl_ciphersuite_handle_t const info )
444{
445 return( info->cipher );
446}
447static inline mbedtls_md_type_t mbedtls_ssl_suite_get_mac(
448 mbedtls_ssl_ciphersuite_handle_t const info )
449{
450 return( info->mac );
451}
452static inline mbedtls_key_exchange_type_t mbedtls_ssl_suite_get_key_exchange(
453 mbedtls_ssl_ciphersuite_handle_t const info )
454{
455 return( info->key_exchange );
456}
457static inline int mbedtls_ssl_suite_get_min_major_ver(
458 mbedtls_ssl_ciphersuite_handle_t const info )
459{
460 return( info->min_major_ver );
461}
462static inline int mbedtls_ssl_suite_get_min_minor_ver(
463 mbedtls_ssl_ciphersuite_handle_t const info )
464{
465 return( info->min_minor_ver );
466}
467static inline int mbedtls_ssl_suite_get_max_major_ver(
468 mbedtls_ssl_ciphersuite_handle_t const info )
469{
470 return( info->max_major_ver );
471}
472static inline int mbedtls_ssl_suite_get_max_minor_ver(
473 mbedtls_ssl_ciphersuite_handle_t const info )
474{
475 return( info->max_minor_ver );
476}
477static inline unsigned char mbedtls_ssl_suite_get_flags(
478 mbedtls_ssl_ciphersuite_handle_t const info )
479{
480 return( info->flags );
481}
Hanno Becker5cce9362019-06-26 11:39:32 +0100[diff] [blame]482#else /* !MBEDTLS_SSL_SINGLE_CIPHERSUITE */
483/*
484 * Implementations of getter functions in the case of only
485 * a single possible ciphersuite. In this case, the handle
486 * is logically a boolean (either the invalid handle or the
487 * unique valid handle representing the single enabled
488 * ciphersuite), and the precondition that the handle is valid
489 * means that we can statically return the hardcoded attribute
490 * of the enabled ciphersuite.
491 */
492static inline int mbedtls_ssl_suite_get_id(
493 mbedtls_ssl_ciphersuite_handle_t const info )
494{
495 ((void) info);
496 return( MBEDTLS_SSL_SUITE_ID( MBEDTLS_SSL_SINGLE_CIPHERSUITE ) );
497}
498static inline const char* mbedtls_ssl_suite_get_name(
499 mbedtls_ssl_ciphersuite_handle_t const info )
500{
501 ((void) info);
502 return( MBEDTLS_SSL_SUITE_NAME( MBEDTLS_SSL_SINGLE_CIPHERSUITE ) );
503}
504static inline mbedtls_cipher_type_t mbedtls_ssl_suite_get_cipher(
505 mbedtls_ssl_ciphersuite_handle_t const info )
506{
507 ((void) info);
508 return( MBEDTLS_SSL_SUITE_CIPHER( MBEDTLS_SSL_SINGLE_CIPHERSUITE ) );
509}
510static inline mbedtls_md_type_t mbedtls_ssl_suite_get_mac(
511 mbedtls_ssl_ciphersuite_handle_t const info )
512{
513 ((void) info);
514 return( MBEDTLS_SSL_SUITE_MAC( MBEDTLS_SSL_SINGLE_CIPHERSUITE ) );
515}
516static inline mbedtls_key_exchange_type_t mbedtls_ssl_suite_get_key_exchange(
517 mbedtls_ssl_ciphersuite_handle_t const info )
518{
519 ((void) info);
520 return( MBEDTLS_SSL_SUITE_KEY_EXCHANGE( MBEDTLS_SSL_SINGLE_CIPHERSUITE ) );
521}
522static inline int mbedtls_ssl_suite_get_min_major_ver(
523 mbedtls_ssl_ciphersuite_handle_t const info )
524{
525 ((void) info);
526 return( MBEDTLS_SSL_SUITE_MIN_MAJOR_VER( MBEDTLS_SSL_SINGLE_CIPHERSUITE ) );
527}
528static inline int mbedtls_ssl_suite_get_min_minor_ver(
529 mbedtls_ssl_ciphersuite_handle_t const info )
530{
531 ((void) info);
532 return( MBEDTLS_SSL_SUITE_MIN_MINOR_VER( MBEDTLS_SSL_SINGLE_CIPHERSUITE ) );
533}
534static inline int mbedtls_ssl_suite_get_max_major_ver(
535 mbedtls_ssl_ciphersuite_handle_t const info )
536{
537 ((void) info);
538 return( MBEDTLS_SSL_SUITE_MAX_MAJOR_VER( MBEDTLS_SSL_SINGLE_CIPHERSUITE ) );
539}
540static inline int mbedtls_ssl_suite_get_max_minor_ver(
541 mbedtls_ssl_ciphersuite_handle_t const info )
542{
543 ((void) info);
544 return( MBEDTLS_SSL_SUITE_MAX_MINOR_VER( MBEDTLS_SSL_SINGLE_CIPHERSUITE ) );
545}
546static inline unsigned char mbedtls_ssl_suite_get_flags(
547 mbedtls_ssl_ciphersuite_handle_t const info )
548{
549 ((void) info);
550 return( MBEDTLS_SSL_SUITE_FLAGS( MBEDTLS_SSL_SINGLE_CIPHERSUITE ) );
551}
552#endif /* MBEDTLS_SSL_SINGLE_CIPHERSUITE */
Hanno Becker473f98f2019-06-26 10:27:32 +0100[diff] [blame]553
554static inline int mbedtls_ssl_ciphersuite_has_pfs(
555 mbedtls_ssl_ciphersuite_handle_t info )
556{
557 switch( mbedtls_ssl_suite_get_key_exchange( info ) )
Hanno Becker1aa267c2017-04-28 17:08:27 +0100[diff] [blame]558 {
559 case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
560 case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
561 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
562 case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
563 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
564 case MBEDTLS_KEY_EXCHANGE_ECJPAKE:
565 return( 1 );
566
567 default:
568 return( 0 );
569 }
570}
Hanno Becker1aa267c2017-04-28 17:08:27 +0100[diff] [blame]571
Hanno Becker473f98f2019-06-26 10:27:32 +0100[diff] [blame]572static inline int mbedtls_ssl_ciphersuite_no_pfs(
573 mbedtls_ssl_ciphersuite_handle_t info )
Hanno Becker1aa267c2017-04-28 17:08:27 +0100[diff] [blame]574{
Hanno Becker473f98f2019-06-26 10:27:32 +0100[diff] [blame]575 switch( mbedtls_ssl_suite_get_key_exchange( info ) )
Hanno Becker1aa267c2017-04-28 17:08:27 +0100[diff] [blame]576 {
577 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
578 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
579 case MBEDTLS_KEY_EXCHANGE_RSA:
580 case MBEDTLS_KEY_EXCHANGE_PSK:
581 case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
582 return( 1 );
583
584 default:
585 return( 0 );
586 }
587}
Hanno Becker1aa267c2017-04-28 17:08:27 +0100[diff] [blame]588
Hanno Becker473f98f2019-06-26 10:27:32 +0100[diff] [blame]589static inline int mbedtls_ssl_ciphersuite_uses_ecdh(
590 mbedtls_ssl_ciphersuite_handle_t info )
Hanno Becker1aa267c2017-04-28 17:08:27 +0100[diff] [blame]591{
Hanno Becker473f98f2019-06-26 10:27:32 +0100[diff] [blame]592 switch( mbedtls_ssl_suite_get_key_exchange( info ) )
Hanno Becker1aa267c2017-04-28 17:08:27 +0100[diff] [blame]593 {
594 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
595 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
596 return( 1 );
597
598 default:
599 return( 0 );
600 }
601}
Hanno Becker1aa267c2017-04-28 17:08:27 +0100[diff] [blame]602
Hanno Becker473f98f2019-06-26 10:27:32 +0100[diff] [blame]603static inline int mbedtls_ssl_ciphersuite_cert_req_allowed(
604 mbedtls_ssl_ciphersuite_handle_t info )
Hanno Becker1aa267c2017-04-28 17:08:27 +0100[diff] [blame]605{
Hanno Becker473f98f2019-06-26 10:27:32 +0100[diff] [blame]606 switch( mbedtls_ssl_suite_get_key_exchange( info ) )
Hanno Becker1aa267c2017-04-28 17:08:27 +0100[diff] [blame]607 {
608 case MBEDTLS_KEY_EXCHANGE_RSA:
609 case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
610 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
611 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
612 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
613 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
614 return( 1 );
615
616 default:
617 return( 0 );
618 }
619}
620
Hanno Becker473f98f2019-06-26 10:27:32 +0100[diff] [blame]621static inline int mbedtls_ssl_ciphersuite_uses_srv_cert(
622 mbedtls_ssl_ciphersuite_handle_t info )
Hanno Becker5097cba2019-02-05 13:36:46 +0000[diff] [blame]623{
Hanno Becker473f98f2019-06-26 10:27:32 +0100[diff] [blame]624 switch( mbedtls_ssl_suite_get_key_exchange( info ) )
Hanno Becker5097cba2019-02-05 13:36:46 +0000[diff] [blame]625 {
626 case MBEDTLS_KEY_EXCHANGE_RSA:
627 case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
628 case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
629 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
630 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
631 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
632 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
633 return( 1 );
634
635 default:
636 return( 0 );
637 }
638}
639
Hanno Becker473f98f2019-06-26 10:27:32 +0100[diff] [blame]640static inline int mbedtls_ssl_ciphersuite_uses_dhe(
641 mbedtls_ssl_ciphersuite_handle_t info )
Hanno Becker1aa267c2017-04-28 17:08:27 +0100[diff] [blame]642{
Hanno Becker473f98f2019-06-26 10:27:32 +0100[diff] [blame]643 switch( mbedtls_ssl_suite_get_key_exchange( info ) )
Hanno Becker1aa267c2017-04-28 17:08:27 +0100[diff] [blame]644 {
645 case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
646 case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
647 return( 1 );
648
649 default:
650 return( 0 );
651 }
652}
Hanno Becker1aa267c2017-04-28 17:08:27 +0100[diff] [blame]653
Hanno Becker473f98f2019-06-26 10:27:32 +0100[diff] [blame]654static inline int mbedtls_ssl_ciphersuite_uses_ecdhe(
655 mbedtls_ssl_ciphersuite_handle_t info )
Hanno Becker1aa267c2017-04-28 17:08:27 +0100[diff] [blame]656{
Hanno Becker473f98f2019-06-26 10:27:32 +0100[diff] [blame]657 switch( mbedtls_ssl_suite_get_key_exchange( info ) )
Hanno Becker1aa267c2017-04-28 17:08:27 +0100[diff] [blame]658 {
659 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
660 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
661 case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
662 return( 1 );
663
664 default:
665 return( 0 );
666 }
667}
Hanno Becker1aa267c2017-04-28 17:08:27 +0100[diff] [blame]668
Hanno Becker473f98f2019-06-26 10:27:32 +0100[diff] [blame]669static inline int mbedtls_ssl_ciphersuite_uses_server_signature(
670 mbedtls_ssl_ciphersuite_handle_t info )
Hanno Becker1aa267c2017-04-28 17:08:27 +0100[diff] [blame]671{
Hanno Becker473f98f2019-06-26 10:27:32 +0100[diff] [blame]672 switch( mbedtls_ssl_suite_get_key_exchange( info ) )
Hanno Becker1aa267c2017-04-28 17:08:27 +0100[diff] [blame]673 {
674 case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
675 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
676 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
677 return( 1 );
678
679 default:
680 return( 0 );
681 }
682}
Manuel Pégourié-Gonnard51451f82013-09-17 12:06:25 +0200[diff] [blame]683
Hanno Beckere02758c2019-06-26 15:31:31 +0100[diff] [blame^]684#if !defined(MBEDTLS_SSL_SINGLE_CIPHERSUITE)
685static inline int mbedtls_ssl_session_get_ciphersuite(
686 mbedtls_ssl_session const * session )
687{
688 return( session->ciphersuite );
689}
690#else /* !MBEDTLS_SSL_SINGLE_CIPHERSUITE */
691static inline int mbedtls_ssl_session_get_ciphersuite(
692 mbedtls_ssl_session const * session )
693{
694 ((void) session);
695 return( MBEDTLS_SSL_SUITE_ID( MBEDTLS_SSL_SINGLE_CIPHERSUITE ) );
696}
697#endif /* MBEDTLS_SSL_SINGLE_CIPHERSUITE */
698
Hanno Becker473f98f2019-06-26 10:27:32 +0100[diff] [blame]699const int *mbedtls_ssl_list_ciphersuites( void );
700
701mbedtls_ssl_ciphersuite_handle_t mbedtls_ssl_ciphersuite_from_string( const char *ciphersuite_name );
702mbedtls_ssl_ciphersuite_handle_t mbedtls_ssl_ciphersuite_from_id( int ciphersuite_id );
703
704#if defined(MBEDTLS_PK_C)
705mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg( mbedtls_ssl_ciphersuite_handle_t info );
706mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg( mbedtls_ssl_ciphersuite_handle_t info );
707#endif
708
709int mbedtls_ssl_ciphersuite_uses_ec( mbedtls_ssl_ciphersuite_handle_t info );
710int mbedtls_ssl_ciphersuite_uses_psk( mbedtls_ssl_ciphersuite_handle_t info );
711
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]712#ifdef __cplusplus
713}
714#endif
715
716#endif /* ssl_ciphersuites.h */