mbed TLS v2.16.1
ssl_ciphersuites.h
Go to the documentation of this file.
1 
6 /*
7  * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
8  * SPDX-License-Identifier: GPL-2.0
9  *
10  * This program is free software; you can redistribute it and/or modify
11  * it under the terms of the GNU General Public License as published by
12  * the Free Software Foundation; either version 2 of the License, or
13  * (at your option) any later version.
14  *
15  * This program is distributed in the hope that it will be useful,
16  * but WITHOUT ANY WARRANTY; without even the implied warranty of
17  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18  * GNU General Public License for more details.
19  *
20  * You should have received a copy of the GNU General Public License along
21  * with this program; if not, write to the Free Software Foundation, Inc.,
22  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23  *
24  * This file is part of mbed TLS (https://tls.mbed.org)
25  */
26 #ifndef MBEDTLS_SSL_CIPHERSUITES_H
27 #define MBEDTLS_SSL_CIPHERSUITES_H
28 
29 #if !defined(MBEDTLS_CONFIG_FILE)
30 #include "config.h"
31 #else
32 #include MBEDTLS_CONFIG_FILE
33 #endif
34 
35 #include "pk.h"
36 #include "cipher.h"
37 #include "md.h"
38 
39 #ifdef __cplusplus
40 extern "C" {
41 #endif
42 
43 /*
44  * Supported ciphersuites (Official IANA names)
45  */
46 #define MBEDTLS_TLS_RSA_WITH_NULL_MD5 0x01
47 #define MBEDTLS_TLS_RSA_WITH_NULL_SHA 0x02
49 #define MBEDTLS_TLS_RSA_WITH_RC4_128_MD5 0x04
50 #define MBEDTLS_TLS_RSA_WITH_RC4_128_SHA 0x05
51 #define MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA 0x09
53 #define MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA 0x0A
54 
55 #define MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA 0x15
56 #define MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 0x16
57 
58 #define MBEDTLS_TLS_PSK_WITH_NULL_SHA 0x2C
59 #define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA 0x2D
60 #define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA 0x2E
61 #define MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA 0x2F
62 
63 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA 0x33
64 #define MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA 0x35
65 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA 0x39
66 
67 #define MBEDTLS_TLS_RSA_WITH_NULL_SHA256 0x3B
68 #define MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 0x3C
69 #define MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 0x3D
71 #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 0x41
72 #define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x45
73 
74 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 0x67
75 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 0x6B
77 #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 0x84
78 #define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x88
79 
80 #define MBEDTLS_TLS_PSK_WITH_RC4_128_SHA 0x8A
81 #define MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA 0x8B
82 #define MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA 0x8C
83 #define MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA 0x8D
84 
85 #define MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA 0x8E
86 #define MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA 0x8F
87 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA 0x90
88 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA 0x91
89 
90 #define MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA 0x92
91 #define MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA 0x93
92 #define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA 0x94
93 #define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA 0x95
94 
95 #define MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 0x9C
96 #define MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 0x9D
97 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 0x9E
98 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 0x9F
100 #define MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 0xA8
101 #define MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 0xA9
102 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 0xAA
103 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 0xAB
104 #define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 0xAC
105 #define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 0xAD
107 #define MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 0xAE
108 #define MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 0xAF
109 #define MBEDTLS_TLS_PSK_WITH_NULL_SHA256 0xB0
110 #define MBEDTLS_TLS_PSK_WITH_NULL_SHA384 0xB1
112 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 0xB2
113 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 0xB3
114 #define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256 0xB4
115 #define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384 0xB5
117 #define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 0xB6
118 #define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 0xB7
119 #define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256 0xB8
120 #define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384 0xB9
122 #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBA
123 #define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBE
125 #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC0
126 #define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC4
128 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA 0xC001
129 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA 0xC002
130 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 0xC003
131 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0xC004
132 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0xC005
134 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA 0xC006
135 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 0xC007
136 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 0xC008
137 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0xC009
138 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0xC00A
140 #define MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA 0xC00B
141 #define MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA 0xC00C
142 #define MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 0xC00D
143 #define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 0xC00E
144 #define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 0xC00F
146 #define MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA 0xC010
147 #define MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA 0xC011
148 #define MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 0xC012
149 #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 0xC013
150 #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 0xC014
152 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 0xC023
153 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 0xC024
154 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 0xC025
155 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 0xC026
156 #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 0xC027
157 #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 0xC028
158 #define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 0xC029
159 #define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 0xC02A
161 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC02B
162 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0xC02C
163 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0xC02D
164 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 0xC02E
165 #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xC02F
166 #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0xC030
167 #define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 0xC031
168 #define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 0xC032
170 #define MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA 0xC033
171 #define MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA 0xC034
172 #define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 0xC035
173 #define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 0xC036
174 #define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 0xC037
175 #define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 0xC038
176 #define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA 0xC039
177 #define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256 0xC03A
178 #define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384 0xC03B
180 #define MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256 0xC03C
181 #define MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384 0xC03D
182 #define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 0xC044
183 #define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 0xC045
184 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 0xC048
185 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 0xC049
186 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 0xC04A
187 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 0xC04B
188 #define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 0xC04C
189 #define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 0xC04D
190 #define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256 0xC04E
191 #define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384 0xC04F
192 #define MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256 0xC050
193 #define MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384 0xC051
194 #define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 0xC052
195 #define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 0xC053
196 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 0xC05C
197 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 0xC05D
198 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 0xC05E
199 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 0xC05F
200 #define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 0xC060
201 #define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 0xC061
202 #define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 0xC062
203 #define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 0xC063
204 #define MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256 0xC064
205 #define MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384 0xC065
206 #define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 0xC066
207 #define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 0xC067
208 #define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 0xC068
209 #define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 0xC069
210 #define MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256 0xC06A
211 #define MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384 0xC06B
212 #define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 0xC06C
213 #define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 0xC06D
214 #define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 0xC06E
215 #define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 0xC06F
216 #define MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 0xC070
217 #define MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 0xC071
219 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC072
220 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC073
221 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC074
222 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC075
223 #define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xC076
224 #define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 0xC077
225 #define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xC078
226 #define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 0xC079
228 #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC07A
229 #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC07B
230 #define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC07C
231 #define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC07D
232 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC086
233 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 0xC087
234 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC088
235 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 0xC089
236 #define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC08A
237 #define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC08B
238 #define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC08C
239 #define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC08D
241 #define MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC08E
242 #define MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC08F
243 #define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC090
244 #define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC091
245 #define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC092
246 #define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC093
248 #define MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC094
249 #define MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC095
250 #define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC096
251 #define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC097
252 #define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC098
253 #define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC099
254 #define MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC09A
255 #define MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC09B
257 #define MBEDTLS_TLS_RSA_WITH_AES_128_CCM 0xC09C
258 #define MBEDTLS_TLS_RSA_WITH_AES_256_CCM 0xC09D
259 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM 0xC09E
260 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM 0xC09F
261 #define MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8 0xC0A0
262 #define MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8 0xC0A1
263 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8 0xC0A2
264 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8 0xC0A3
265 #define MBEDTLS_TLS_PSK_WITH_AES_128_CCM 0xC0A4
266 #define MBEDTLS_TLS_PSK_WITH_AES_256_CCM 0xC0A5
267 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM 0xC0A6
268 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM 0xC0A7
269 #define MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8 0xC0A8
270 #define MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8 0xC0A9
271 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8 0xC0AA
272 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8 0xC0AB
273 /* The last two are named with PSK_DHE in the RFC, which looks like a typo */
274 
275 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM 0xC0AC
276 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM 0xC0AD
277 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 0xC0AE
278 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 0xC0AF
280 #define MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 0xC0FF
282 /* RFC 7905 */
283 #define MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xCCA8
284 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 0xCCA9
285 #define MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xCCAA
286 #define MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAB
287 #define MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAC
288 #define MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAD
289 #define MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAE
291 /* Reminder: update mbedtls_ssl_premaster_secret when adding a new key exchange.
292  * Reminder: update MBEDTLS_KEY_EXCHANGE__xxx below
293  */
294 typedef enum {
308 
309 /* Key exchanges using a certificate */
310 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
311  defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
312  defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
313  defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
314  defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
315  defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
316  defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
317 #define MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED
318 #endif
319 
320 /* Key exchanges allowing client certificate requests */
321 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
322  defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
323  defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
324  defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
325  defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) || \
326  defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
327 #define MBEDTLS_KEY_EXCHANGE__CERT_REQ_ALLOWED__ENABLED
328 #endif
329 
330 /* Key exchanges involving server signature in ServerKeyExchange */
331 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
332  defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
333  defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
334 #define MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED
335 #endif
336 
337 /* Key exchanges using ECDH */
338 #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
339  defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
340 #define MBEDTLS_KEY_EXCHANGE__SOME__ECDH_ENABLED
341 #endif
342 
343 /* Key exchanges that don't involve ephemeral keys */
344 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
345  defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \
346  defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
347  defined(MBEDTLS_KEY_EXCHANGE__SOME__ECDH_ENABLED)
348 #define MBEDTLS_KEY_EXCHANGE__SOME_NON_PFS__ENABLED
349 #endif
350 
351 /* Key exchanges that involve ephemeral keys */
352 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
353  defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
354  defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
355  defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
356  defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
357  defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
358 #define MBEDTLS_KEY_EXCHANGE__SOME_PFS__ENABLED
359 #endif
360 
361 /* Key exchanges using a PSK */
362 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \
363  defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
364  defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
365  defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
366 #define MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED
367 #endif
368 
369 /* Key exchanges using DHE */
370 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
371  defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
372 #define MBEDTLS_KEY_EXCHANGE__SOME__DHE_ENABLED
373 #endif
374 
375 /* Key exchanges using ECDHE */
376 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
377  defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
378  defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
379 #define MBEDTLS_KEY_EXCHANGE__SOME__ECDHE_ENABLED
380 #endif
381 
383 
384 #define MBEDTLS_CIPHERSUITE_WEAK 0x01
385 #define MBEDTLS_CIPHERSUITE_SHORT_TAG 0x02
387 #define MBEDTLS_CIPHERSUITE_NODTLS 0x04
392 struct mbedtls_ssl_ciphersuite_t
393 {
394  int id;
395  const char * name;
401  int min_major_ver;
406  unsigned char flags;
407 };
408 
409 const int *mbedtls_ssl_list_ciphersuites( void );
410 
411 const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_string( const char *ciphersuite_name );
413 
414 #if defined(MBEDTLS_PK_C)
417 #endif
418 
421 
422 #if defined(MBEDTLS_KEY_EXCHANGE__SOME_PFS__ENABLED)
423 static inline int mbedtls_ssl_ciphersuite_has_pfs( const mbedtls_ssl_ciphersuite_t *info )
424 {
425  switch( info->key_exchange )
426  {
433  return( 1 );
434 
435  default:
436  return( 0 );
437  }
438 }
439 #endif /* MBEDTLS_KEY_EXCHANGE__SOME_PFS__ENABLED */
440 
441 #if defined(MBEDTLS_KEY_EXCHANGE__SOME_NON_PFS__ENABLED)
442 static inline int mbedtls_ssl_ciphersuite_no_pfs( const mbedtls_ssl_ciphersuite_t *info )
443 {
444  switch( info->key_exchange )
445  {
451  return( 1 );
452 
453  default:
454  return( 0 );
455  }
456 }
457 #endif /* MBEDTLS_KEY_EXCHANGE__SOME_NON_PFS__ENABLED */
458 
459 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__ECDH_ENABLED)
460 static inline int mbedtls_ssl_ciphersuite_uses_ecdh( const mbedtls_ssl_ciphersuite_t *info )
461 {
462  switch( info->key_exchange )
463  {
466  return( 1 );
467 
468  default:
469  return( 0 );
470  }
471 }
472 #endif /* MBEDTLS_KEY_EXCHANGE__SOME__ECDH_ENABLED */
473 
475 {
476  switch( info->key_exchange )
477  {
484  return( 1 );
485 
486  default:
487  return( 0 );
488  }
489 }
490 
491 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__DHE_ENABLED)
492 static inline int mbedtls_ssl_ciphersuite_uses_dhe( const mbedtls_ssl_ciphersuite_t *info )
493 {
494  switch( info->key_exchange )
495  {
498  return( 1 );
499 
500  default:
501  return( 0 );
502  }
503 }
504 #endif /* MBEDTLS_KEY_EXCHANGE__SOME__DHE_ENABLED) */
505 
506 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__ECDHE_ENABLED)
507 static inline int mbedtls_ssl_ciphersuite_uses_ecdhe( const mbedtls_ssl_ciphersuite_t *info )
508 {
509  switch( info->key_exchange )
510  {
514  return( 1 );
515 
516  default:
517  return( 0 );
518  }
519 }
520 #endif /* MBEDTLS_KEY_EXCHANGE__SOME__ECDHE_ENABLED) */
521 
522 #if defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED)
524 {
525  switch( info->key_exchange )
526  {
530  return( 1 );
531 
532  default:
533  return( 0 );
534  }
535 }
536 #endif /* MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED */
537 
538 #ifdef __cplusplus
539 }
540 #endif
541 
542 #endif /* ssl_ciphersuites.h */
const mbedtls_ssl_ciphersuite_t * mbedtls_ssl_ciphersuite_from_id(int ciphersuite_id)
int mbedtls_ssl_ciphersuite_uses_psk(const mbedtls_ssl_ciphersuite_t *info)
mbedtls_pk_type_t
Public key types.
Definition: pk.h:80
Configuration options (set of defines)
static int mbedtls_ssl_ciphersuite_uses_ecdhe(const mbedtls_ssl_ciphersuite_t *info)
static int mbedtls_ssl_ciphersuite_uses_server_signature(const mbedtls_ssl_ciphersuite_t *info)
mbedtls_cipher_type_t
Supported {cipher type, cipher mode} pairs.
Definition: cipher.h:106
const int * mbedtls_ssl_list_ciphersuites(void)
Public Key abstraction layer.
mbedtls_cipher_type_t cipher
mbedtls_key_exchange_type_t key_exchange
static int mbedtls_ssl_ciphersuite_cert_req_allowed(const mbedtls_ssl_ciphersuite_t *info)
static int mbedtls_ssl_ciphersuite_uses_dhe(const mbedtls_ssl_ciphersuite_t *info)
mbedtls_key_exchange_type_t
This file contains an abstraction interface for use with the cipher primitives provided by the librar...
This structure is used for storing ciphersuite information.
This file contains the generic message-digest wrapper.
static int mbedtls_ssl_ciphersuite_has_pfs(const mbedtls_ssl_ciphersuite_t *info)
static int mbedtls_ssl_ciphersuite_no_pfs(const mbedtls_ssl_ciphersuite_t *info)
int mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t *info)
mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t *info)
mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info)
const mbedtls_ssl_ciphersuite_t * mbedtls_ssl_ciphersuite_from_string(const char *ciphersuite_name)
mbedtls_md_type_t
Supported message digests.
Definition: md.h:60
static int mbedtls_ssl_ciphersuite_uses_ecdh(const mbedtls_ssl_ciphersuite_t *info)