PolarSSL is now part of ARM Official announcement and rebranded as mbed TLS.

API Documentation (Doxygen generated)

These pages are generated with doxygen directly from the source code!

ssl_ciphersuites.h
Go to the documentation of this file.
1 
6 /*
7  * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
8  * SPDX-License-Identifier: Apache-2.0
9  *
10  * Licensed under the Apache License, Version 2.0 (the "License"); you may
11  * not use this file except in compliance with the License.
12  * You may obtain a copy of the License at
13  *
14  * http://www.apache.org/licenses/LICENSE-2.0
15  *
16  * Unless required by applicable law or agreed to in writing, software
17  * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
18  * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
19  * See the License for the specific language governing permissions and
20  * limitations under the License.
21  *
22  * This file is part of mbed TLS (https://tls.mbed.org)
23  */
24 #ifndef MBEDTLS_SSL_CIPHERSUITES_H
25 #define MBEDTLS_SSL_CIPHERSUITES_H
26 
27 #if !defined(MBEDTLS_CONFIG_FILE)
28 #include "config.h"
29 #else
30 #include MBEDTLS_CONFIG_FILE
31 #endif
32 
33 #include "pk.h"
34 #include "cipher.h"
35 #include "md.h"
36 
37 #ifdef __cplusplus
38 extern "C" {
39 #endif
40 
41 /*
42  * Supported ciphersuites (Official IANA names)
43  */
44 #define MBEDTLS_TLS_RSA_WITH_NULL_MD5 0x01
45 #define MBEDTLS_TLS_RSA_WITH_NULL_SHA 0x02
47 #define MBEDTLS_TLS_RSA_WITH_RC4_128_MD5 0x04
48 #define MBEDTLS_TLS_RSA_WITH_RC4_128_SHA 0x05
49 #define MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA 0x09
51 #define MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA 0x0A
52 
53 #define MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA 0x15
54 #define MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 0x16
55 
56 #define MBEDTLS_TLS_PSK_WITH_NULL_SHA 0x2C
57 #define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA 0x2D
58 #define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA 0x2E
59 #define MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA 0x2F
60 
61 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA 0x33
62 #define MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA 0x35
63 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA 0x39
64 
65 #define MBEDTLS_TLS_RSA_WITH_NULL_SHA256 0x3B
66 #define MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 0x3C
67 #define MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 0x3D
69 #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 0x41
70 #define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x45
71 
72 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 0x67
73 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 0x6B
75 #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 0x84
76 #define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x88
77 
78 #define MBEDTLS_TLS_PSK_WITH_RC4_128_SHA 0x8A
79 #define MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA 0x8B
80 #define MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA 0x8C
81 #define MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA 0x8D
82 
83 #define MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA 0x8E
84 #define MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA 0x8F
85 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA 0x90
86 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA 0x91
87 
88 #define MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA 0x92
89 #define MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA 0x93
90 #define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA 0x94
91 #define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA 0x95
92 
93 #define MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 0x9C
94 #define MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 0x9D
95 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 0x9E
96 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 0x9F
98 #define MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 0xA8
99 #define MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 0xA9
100 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 0xAA
101 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 0xAB
102 #define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 0xAC
103 #define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 0xAD
105 #define MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 0xAE
106 #define MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 0xAF
107 #define MBEDTLS_TLS_PSK_WITH_NULL_SHA256 0xB0
108 #define MBEDTLS_TLS_PSK_WITH_NULL_SHA384 0xB1
110 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 0xB2
111 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 0xB3
112 #define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256 0xB4
113 #define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384 0xB5
115 #define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 0xB6
116 #define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 0xB7
117 #define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256 0xB8
118 #define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384 0xB9
120 #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBA
121 #define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBE
123 #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC0
124 #define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC4
126 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA 0xC001
127 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA 0xC002
128 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 0xC003
129 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0xC004
130 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0xC005
132 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA 0xC006
133 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 0xC007
134 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 0xC008
135 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0xC009
136 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0xC00A
138 #define MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA 0xC00B
139 #define MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA 0xC00C
140 #define MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 0xC00D
141 #define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 0xC00E
142 #define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 0xC00F
144 #define MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA 0xC010
145 #define MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA 0xC011
146 #define MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 0xC012
147 #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 0xC013
148 #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 0xC014
150 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 0xC023
151 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 0xC024
152 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 0xC025
153 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 0xC026
154 #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 0xC027
155 #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 0xC028
156 #define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 0xC029
157 #define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 0xC02A
159 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC02B
160 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0xC02C
161 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0xC02D
162 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 0xC02E
163 #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xC02F
164 #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0xC030
165 #define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 0xC031
166 #define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 0xC032
168 #define MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA 0xC033
169 #define MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA 0xC034
170 #define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 0xC035
171 #define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 0xC036
172 #define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 0xC037
173 #define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 0xC038
174 #define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA 0xC039
175 #define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256 0xC03A
176 #define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384 0xC03B
178 #define MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256 0xC03C
179 #define MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384 0xC03D
180 #define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 0xC044
181 #define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 0xC045
182 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 0xC048
183 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 0xC049
184 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 0xC04A
185 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 0xC04B
186 #define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 0xC04C
187 #define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 0xC04D
188 #define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256 0xC04E
189 #define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384 0xC04F
190 #define MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256 0xC050
191 #define MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384 0xC051
192 #define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 0xC052
193 #define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 0xC053
194 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 0xC05C
195 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 0xC05D
196 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 0xC05E
197 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 0xC05F
198 #define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 0xC060
199 #define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 0xC061
200 #define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 0xC062
201 #define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 0xC063
202 #define MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256 0xC064
203 #define MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384 0xC065
204 #define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 0xC066
205 #define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 0xC067
206 #define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 0xC068
207 #define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 0xC069
208 #define MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256 0xC06A
209 #define MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384 0xC06B
210 #define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 0xC06C
211 #define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 0xC06D
212 #define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 0xC06E
213 #define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 0xC06F
214 #define MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 0xC070
215 #define MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 0xC071
217 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC072
218 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC073
219 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC074
220 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC075
221 #define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xC076
222 #define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 0xC077
223 #define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xC078
224 #define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 0xC079
226 #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC07A
227 #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC07B
228 #define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC07C
229 #define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC07D
230 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC086
231 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 0xC087
232 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC088
233 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 0xC089
234 #define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC08A
235 #define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC08B
236 #define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC08C
237 #define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC08D
239 #define MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC08E
240 #define MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC08F
241 #define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC090
242 #define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC091
243 #define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC092
244 #define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC093
246 #define MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC094
247 #define MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC095
248 #define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC096
249 #define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC097
250 #define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC098
251 #define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC099
252 #define MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC09A
253 #define MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC09B
255 #define MBEDTLS_TLS_RSA_WITH_AES_128_CCM 0xC09C
256 #define MBEDTLS_TLS_RSA_WITH_AES_256_CCM 0xC09D
257 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM 0xC09E
258 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM 0xC09F
259 #define MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8 0xC0A0
260 #define MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8 0xC0A1
261 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8 0xC0A2
262 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8 0xC0A3
263 #define MBEDTLS_TLS_PSK_WITH_AES_128_CCM 0xC0A4
264 #define MBEDTLS_TLS_PSK_WITH_AES_256_CCM 0xC0A5
265 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM 0xC0A6
266 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM 0xC0A7
267 #define MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8 0xC0A8
268 #define MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8 0xC0A9
269 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8 0xC0AA
270 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8 0xC0AB
271 /* The last two are named with PSK_DHE in the RFC, which looks like a typo */
272 
273 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM 0xC0AC
274 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM 0xC0AD
275 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 0xC0AE
276 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 0xC0AF
278 #define MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 0xC0FF
280 /* RFC 7905 */
281 #define MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xCCA8
282 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 0xCCA9
283 #define MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xCCAA
284 #define MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAB
285 #define MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAC
286 #define MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAD
287 #define MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAE
289 /* Reminder: update mbedtls_ssl_premaster_secret when adding a new key exchange.
290  * Reminder: update MBEDTLS_KEY_EXCHANGE__xxx below
291  */
292 typedef enum {
306 
307 /* Key exchanges using a certificate */
308 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
309  defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
310  defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
311  defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
312  defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
313  defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
314  defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
315 #define MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED
316 #endif
317 
318 /* Key exchanges allowing client certificate requests */
319 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
320  defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
321  defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
322  defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
323  defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) || \
324  defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
325 #define MBEDTLS_KEY_EXCHANGE__CERT_REQ_ALLOWED__ENABLED
326 #endif
327 
328 /* Key exchanges involving server signature in ServerKeyExchange */
329 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
330  defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
331  defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
332 #define MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED
333 #endif
334 
335 /* Key exchanges using ECDH */
336 #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
337  defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
338 #define MBEDTLS_KEY_EXCHANGE__SOME__ECDH_ENABLED
339 #endif
340 
341 /* Key exchanges that don't involve ephemeral keys */
342 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
343  defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \
344  defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
345  defined(MBEDTLS_KEY_EXCHANGE__SOME__ECDH_ENABLED)
346 #define MBEDTLS_KEY_EXCHANGE__SOME_NON_PFS__ENABLED
347 #endif
348 
349 /* Key exchanges that involve ephemeral keys */
350 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
351  defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
352  defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
353  defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
354  defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
355  defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
356 #define MBEDTLS_KEY_EXCHANGE__SOME_PFS__ENABLED
357 #endif
358 
359 /* Key exchanges using a PSK */
360 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \
361  defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
362  defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
363  defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
364 #define MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED
365 #endif
366 
367 /* Key exchanges using DHE */
368 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
369  defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
370 #define MBEDTLS_KEY_EXCHANGE__SOME__DHE_ENABLED
371 #endif
372 
373 /* Key exchanges using ECDHE */
374 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
375  defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
376  defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
377 #define MBEDTLS_KEY_EXCHANGE__SOME__ECDHE_ENABLED
378 #endif
379 
381 
382 #define MBEDTLS_CIPHERSUITE_WEAK 0x01
383 #define MBEDTLS_CIPHERSUITE_SHORT_TAG 0x02
385 #define MBEDTLS_CIPHERSUITE_NODTLS 0x04
390 struct mbedtls_ssl_ciphersuite_t
391 {
392  int id;
393  const char * name;
399  int min_major_ver;
404  unsigned char flags;
405 };
406 
407 const int *mbedtls_ssl_list_ciphersuites( void );
408 
409 const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_string( const char *ciphersuite_name );
411 
412 #if defined(MBEDTLS_PK_C)
415 #endif
416 
419 
420 #if defined(MBEDTLS_KEY_EXCHANGE__SOME_PFS__ENABLED)
421 static inline int mbedtls_ssl_ciphersuite_has_pfs( const mbedtls_ssl_ciphersuite_t *info )
422 {
423  switch( info->key_exchange )
424  {
431  return( 1 );
432 
433  default:
434  return( 0 );
435  }
436 }
437 #endif /* MBEDTLS_KEY_EXCHANGE__SOME_PFS__ENABLED */
438 
439 #if defined(MBEDTLS_KEY_EXCHANGE__SOME_NON_PFS__ENABLED)
440 static inline int mbedtls_ssl_ciphersuite_no_pfs( const mbedtls_ssl_ciphersuite_t *info )
441 {
442  switch( info->key_exchange )
443  {
449  return( 1 );
450 
451  default:
452  return( 0 );
453  }
454 }
455 #endif /* MBEDTLS_KEY_EXCHANGE__SOME_NON_PFS__ENABLED */
456 
457 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__ECDH_ENABLED)
458 static inline int mbedtls_ssl_ciphersuite_uses_ecdh( const mbedtls_ssl_ciphersuite_t *info )
459 {
460  switch( info->key_exchange )
461  {
464  return( 1 );
465 
466  default:
467  return( 0 );
468  }
469 }
470 #endif /* MBEDTLS_KEY_EXCHANGE__SOME__ECDH_ENABLED */
471 
473 {
474  switch( info->key_exchange )
475  {
482  return( 1 );
483 
484  default:
485  return( 0 );
486  }
487 }
488 
489 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__DHE_ENABLED)
490 static inline int mbedtls_ssl_ciphersuite_uses_dhe( const mbedtls_ssl_ciphersuite_t *info )
491 {
492  switch( info->key_exchange )
493  {
496  return( 1 );
497 
498  default:
499  return( 0 );
500  }
501 }
502 #endif /* MBEDTLS_KEY_EXCHANGE__SOME__DHE_ENABLED) */
503 
504 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__ECDHE_ENABLED)
505 static inline int mbedtls_ssl_ciphersuite_uses_ecdhe( const mbedtls_ssl_ciphersuite_t *info )
506 {
507  switch( info->key_exchange )
508  {
512  return( 1 );
513 
514  default:
515  return( 0 );
516  }
517 }
518 #endif /* MBEDTLS_KEY_EXCHANGE__SOME__ECDHE_ENABLED) */
519 
520 #if defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED)
522 {
523  switch( info->key_exchange )
524  {
528  return( 1 );
529 
530  default:
531  return( 0 );
532  }
533 }
534 #endif /* MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED */
535 
536 #ifdef __cplusplus
537 }
538 #endif
539 
540 #endif /* ssl_ciphersuites.h */
const mbedtls_ssl_ciphersuite_t * mbedtls_ssl_ciphersuite_from_id(int ciphersuite_id)
int mbedtls_ssl_ciphersuite_uses_psk(const mbedtls_ssl_ciphersuite_t *info)
mbedtls_pk_type_t
Public key types.
Definition: pk.h:78
Configuration options (set of defines)
static int mbedtls_ssl_ciphersuite_uses_ecdhe(const mbedtls_ssl_ciphersuite_t *info)
static int mbedtls_ssl_ciphersuite_uses_server_signature(const mbedtls_ssl_ciphersuite_t *info)
mbedtls_cipher_type_t
Supported {cipher type, cipher mode} pairs.
Definition: cipher.h:104
const int * mbedtls_ssl_list_ciphersuites(void)
Public Key abstraction layer.
mbedtls_cipher_type_t cipher
mbedtls_key_exchange_type_t key_exchange
static int mbedtls_ssl_ciphersuite_cert_req_allowed(const mbedtls_ssl_ciphersuite_t *info)
static int mbedtls_ssl_ciphersuite_uses_dhe(const mbedtls_ssl_ciphersuite_t *info)
mbedtls_key_exchange_type_t
This file contains an abstraction interface for use with the cipher primitives provided by the librar...
This structure is used for storing ciphersuite information.
This file contains the generic message-digest wrapper.
static int mbedtls_ssl_ciphersuite_has_pfs(const mbedtls_ssl_ciphersuite_t *info)
static int mbedtls_ssl_ciphersuite_no_pfs(const mbedtls_ssl_ciphersuite_t *info)
int mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t *info)
mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t *info)
mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info)
const mbedtls_ssl_ciphersuite_t * mbedtls_ssl_ciphersuite_from_string(const char *ciphersuite_name)
mbedtls_md_type_t
Supported message digests.
Definition: md.h:58
static int mbedtls_ssl_ciphersuite_uses_ecdh(const mbedtls_ssl_ciphersuite_t *info)