BA
/
SerialCom
Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
Fork of
OmniWheels
by 
Gustav Atmel
Embed:
(wiki syntax)
Show/hide line numbers
ssl_ciphersuites.h
Go to the documentation of this file.
00001 /** 00002 * \file ssl_ciphersuites.h 00003 * 00004 * \brief SSL Ciphersuites for mbed TLS 00005 */ 00006 /* 00007 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 00008 * SPDX-License-Identifier: Apache-2.0 00009 * 00010 * Licensed under the Apache License, Version 2.0 (the "License"); you may 00011 * not use this file except in compliance with the License. 00012 * You may obtain a copy of the License at 00013 * 00014 * http://www.apache.org/licenses/LICENSE-2.0 00015 * 00016 * Unless required by applicable law or agreed to in writing, software 00017 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 00018 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 00019 * See the License for the specific language governing permissions and 00020 * limitations under the License. 00021 * 00022 * This file is part of mbed TLS (https://tls.mbed.org) 00023 */ 00024 #ifndef MBEDTLS_SSL_CIPHERSUITES_H 00025 #define MBEDTLS_SSL_CIPHERSUITES_H 00026 00027 #include "pk.h" 00028 #include "cipher.h" 00029 #include "md.h" 00030 00031 #ifdef __cplusplus 00032 extern "C" { 00033 #endif 00034 00035 /* 00036 * Supported ciphersuites (Official IANA names) 00037 */ 00038 #define MBEDTLS_TLS_RSA_WITH_NULL_MD5 0x01 /**< Weak! */ 00039 #define MBEDTLS_TLS_RSA_WITH_NULL_SHA 0x02 /**< Weak! */ 00040 00041 #define MBEDTLS_TLS_RSA_WITH_RC4_128_MD5 0x04 00042 #define MBEDTLS_TLS_RSA_WITH_RC4_128_SHA 0x05 00043 #define MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA 0x09 /**< Weak! Not in TLS 1.2 */ 00044 00045 #define MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA 0x0A 00046 00047 #define MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA 0x15 /**< Weak! Not in TLS 1.2 */ 00048 #define MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 0x16 00049 00050 #define MBEDTLS_TLS_PSK_WITH_NULL_SHA 0x2C /**< Weak! */ 00051 #define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA 0x2D /**< Weak! */ 00052 #define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA 0x2E /**< Weak! */ 00053 #define MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA 0x2F 00054 00055 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA 0x33 00056 #define MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA 0x35 00057 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA 0x39 00058 00059 #define MBEDTLS_TLS_RSA_WITH_NULL_SHA256 0x3B /**< Weak! */ 00060 #define MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 0x3C /**< TLS 1.2 */ 00061 #define MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 0x3D /**< TLS 1.2 */ 00062 00063 #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 0x41 00064 #define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x45 00065 00066 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 0x67 /**< TLS 1.2 */ 00067 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 0x6B /**< TLS 1.2 */ 00068 00069 #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 0x84 00070 #define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x88 00071 00072 #define MBEDTLS_TLS_PSK_WITH_RC4_128_SHA 0x8A 00073 #define MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA 0x8B 00074 #define MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA 0x8C 00075 #define MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA 0x8D 00076 00077 #define MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA 0x8E 00078 #define MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA 0x8F 00079 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA 0x90 00080 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA 0x91 00081 00082 #define MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA 0x92 00083 #define MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA 0x93 00084 #define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA 0x94 00085 #define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA 0x95 00086 00087 #define MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 0x9C /**< TLS 1.2 */ 00088 #define MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 0x9D /**< TLS 1.2 */ 00089 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 0x9E /**< TLS 1.2 */ 00090 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 0x9F /**< TLS 1.2 */ 00091 00092 #define MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 0xA8 /**< TLS 1.2 */ 00093 #define MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 0xA9 /**< TLS 1.2 */ 00094 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 0xAA /**< TLS 1.2 */ 00095 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 0xAB /**< TLS 1.2 */ 00096 #define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 0xAC /**< TLS 1.2 */ 00097 #define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 0xAD /**< TLS 1.2 */ 00098 00099 #define MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 0xAE 00100 #define MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 0xAF 00101 #define MBEDTLS_TLS_PSK_WITH_NULL_SHA256 0xB0 /**< Weak! */ 00102 #define MBEDTLS_TLS_PSK_WITH_NULL_SHA384 0xB1 /**< Weak! */ 00103 00104 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 0xB2 00105 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 0xB3 00106 #define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256 0xB4 /**< Weak! */ 00107 #define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384 0xB5 /**< Weak! */ 00108 00109 #define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 0xB6 00110 #define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 0xB7 00111 #define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256 0xB8 /**< Weak! */ 00112 #define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384 0xB9 /**< Weak! */ 00113 00114 #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBA /**< TLS 1.2 */ 00115 #define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBE /**< TLS 1.2 */ 00116 00117 #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC0 /**< TLS 1.2 */ 00118 #define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC4 /**< TLS 1.2 */ 00119 00120 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA 0xC001 /**< Weak! */ 00121 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA 0xC002 /**< Not in SSL3! */ 00122 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 0xC003 /**< Not in SSL3! */ 00123 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0xC004 /**< Not in SSL3! */ 00124 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0xC005 /**< Not in SSL3! */ 00125 00126 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA 0xC006 /**< Weak! */ 00127 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 0xC007 /**< Not in SSL3! */ 00128 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 0xC008 /**< Not in SSL3! */ 00129 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0xC009 /**< Not in SSL3! */ 00130 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0xC00A /**< Not in SSL3! */ 00131 00132 #define MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA 0xC00B /**< Weak! */ 00133 #define MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA 0xC00C /**< Not in SSL3! */ 00134 #define MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 0xC00D /**< Not in SSL3! */ 00135 #define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 0xC00E /**< Not in SSL3! */ 00136 #define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 0xC00F /**< Not in SSL3! */ 00137 00138 #define MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA 0xC010 /**< Weak! */ 00139 #define MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA 0xC011 /**< Not in SSL3! */ 00140 #define MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 0xC012 /**< Not in SSL3! */ 00141 #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 0xC013 /**< Not in SSL3! */ 00142 #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 0xC014 /**< Not in SSL3! */ 00143 00144 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 0xC023 /**< TLS 1.2 */ 00145 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 0xC024 /**< TLS 1.2 */ 00146 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 0xC025 /**< TLS 1.2 */ 00147 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 0xC026 /**< TLS 1.2 */ 00148 #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 0xC027 /**< TLS 1.2 */ 00149 #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 0xC028 /**< TLS 1.2 */ 00150 #define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 0xC029 /**< TLS 1.2 */ 00151 #define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 0xC02A /**< TLS 1.2 */ 00152 00153 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC02B /**< TLS 1.2 */ 00154 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0xC02C /**< TLS 1.2 */ 00155 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0xC02D /**< TLS 1.2 */ 00156 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 0xC02E /**< TLS 1.2 */ 00157 #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xC02F /**< TLS 1.2 */ 00158 #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0xC030 /**< TLS 1.2 */ 00159 #define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 0xC031 /**< TLS 1.2 */ 00160 #define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 0xC032 /**< TLS 1.2 */ 00161 00162 #define MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA 0xC033 /**< Not in SSL3! */ 00163 #define MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA 0xC034 /**< Not in SSL3! */ 00164 #define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 0xC035 /**< Not in SSL3! */ 00165 #define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 0xC036 /**< Not in SSL3! */ 00166 #define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 0xC037 /**< Not in SSL3! */ 00167 #define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 0xC038 /**< Not in SSL3! */ 00168 #define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA 0xC039 /**< Weak! No SSL3! */ 00169 #define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256 0xC03A /**< Weak! No SSL3! */ 00170 #define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384 0xC03B /**< Weak! No SSL3! */ 00171 00172 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC072 /**< Not in SSL3! */ 00173 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC073 /**< Not in SSL3! */ 00174 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC074 /**< Not in SSL3! */ 00175 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC075 /**< Not in SSL3! */ 00176 #define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xC076 /**< Not in SSL3! */ 00177 #define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 0xC077 /**< Not in SSL3! */ 00178 #define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xC078 /**< Not in SSL3! */ 00179 #define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 0xC079 /**< Not in SSL3! */ 00180 00181 #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC07A /**< TLS 1.2 */ 00182 #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC07B /**< TLS 1.2 */ 00183 #define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC07C /**< TLS 1.2 */ 00184 #define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC07D /**< TLS 1.2 */ 00185 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC086 /**< TLS 1.2 */ 00186 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 0xC087 /**< TLS 1.2 */ 00187 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC088 /**< TLS 1.2 */ 00188 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 0xC089 /**< TLS 1.2 */ 00189 #define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC08A /**< TLS 1.2 */ 00190 #define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC08B /**< TLS 1.2 */ 00191 #define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC08C /**< TLS 1.2 */ 00192 #define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC08D /**< TLS 1.2 */ 00193 00194 #define MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC08E /**< TLS 1.2 */ 00195 #define MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC08F /**< TLS 1.2 */ 00196 #define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC090 /**< TLS 1.2 */ 00197 #define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC091 /**< TLS 1.2 */ 00198 #define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC092 /**< TLS 1.2 */ 00199 #define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC093 /**< TLS 1.2 */ 00200 00201 #define MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC094 00202 #define MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC095 00203 #define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC096 00204 #define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC097 00205 #define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC098 00206 #define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC099 00207 #define MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC09A /**< Not in SSL3! */ 00208 #define MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC09B /**< Not in SSL3! */ 00209 00210 #define MBEDTLS_TLS_RSA_WITH_AES_128_CCM 0xC09C /**< TLS 1.2 */ 00211 #define MBEDTLS_TLS_RSA_WITH_AES_256_CCM 0xC09D /**< TLS 1.2 */ 00212 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM 0xC09E /**< TLS 1.2 */ 00213 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM 0xC09F /**< TLS 1.2 */ 00214 #define MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8 0xC0A0 /**< TLS 1.2 */ 00215 #define MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8 0xC0A1 /**< TLS 1.2 */ 00216 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8 0xC0A2 /**< TLS 1.2 */ 00217 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8 0xC0A3 /**< TLS 1.2 */ 00218 #define MBEDTLS_TLS_PSK_WITH_AES_128_CCM 0xC0A4 /**< TLS 1.2 */ 00219 #define MBEDTLS_TLS_PSK_WITH_AES_256_CCM 0xC0A5 /**< TLS 1.2 */ 00220 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM 0xC0A6 /**< TLS 1.2 */ 00221 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM 0xC0A7 /**< TLS 1.2 */ 00222 #define MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8 0xC0A8 /**< TLS 1.2 */ 00223 #define MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8 0xC0A9 /**< TLS 1.2 */ 00224 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8 0xC0AA /**< TLS 1.2 */ 00225 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8 0xC0AB /**< TLS 1.2 */ 00226 /* The last two are named with PSK_DHE in the RFC, which looks like a typo */ 00227 00228 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM 0xC0AC /**< TLS 1.2 */ 00229 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM 0xC0AD /**< TLS 1.2 */ 00230 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 0xC0AE /**< TLS 1.2 */ 00231 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 0xC0AF /**< TLS 1.2 */ 00232 00233 #define MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 0xC0FF /**< experimental */ 00234 00235 /* Reminder: update mbedtls_ssl_premaster_secret when adding a new key exchange. 00236 * Reminder: update MBEDTLS_KEY_EXCHANGE__xxx below 00237 */ 00238 typedef enum { 00239 MBEDTLS_KEY_EXCHANGE_NONE = 0, 00240 MBEDTLS_KEY_EXCHANGE_RSA, 00241 MBEDTLS_KEY_EXCHANGE_DHE_RSA, 00242 MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 00243 MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 00244 MBEDTLS_KEY_EXCHANGE_PSK, 00245 MBEDTLS_KEY_EXCHANGE_DHE_PSK, 00246 MBEDTLS_KEY_EXCHANGE_RSA_PSK, 00247 MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, 00248 MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 00249 MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 00250 MBEDTLS_KEY_EXCHANGE_ECJPAKE, 00251 } mbedtls_key_exchange_type_t; 00252 00253 /* Key exchanges using a certificate */ 00254 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \ 00255 defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ 00256 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ 00257 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ 00258 defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \ 00259 defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ 00260 defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) 00261 #define MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED 00262 #endif 00263 00264 /* Key exchanges allowing client certificate requests */ 00265 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \ 00266 defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ 00267 defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ 00268 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ 00269 defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) || \ 00270 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) 00271 #define MBEDTLS_KEY_EXCHANGE__CERT_REQ_ALLOWED__ENABLED 00272 #endif 00273 00274 /* Key exchanges involving server signature in ServerKeyExchange */ 00275 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ 00276 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ 00277 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) 00278 #define MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED 00279 #endif 00280 00281 /* Key exchanges using ECDH */ 00282 #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ 00283 defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) 00284 #define MBEDTLS_KEY_EXCHANGE__SOME__ECDH_ENABLED 00285 #endif 00286 00287 /* Key exchanges that don't involve ephemeral keys */ 00288 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \ 00289 defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \ 00290 defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \ 00291 defined(MBEDTLS_KEY_EXCHANGE__SOME__ECDH_ENABLED) 00292 #define MBEDTLS_KEY_EXCHANGE__SOME_NON_PFS__ENABLED 00293 #endif 00294 00295 /* Key exchanges that involve ephemeral keys */ 00296 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ 00297 defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \ 00298 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ 00299 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \ 00300 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ 00301 defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) 00302 #define MBEDTLS_KEY_EXCHANGE__SOME_PFS__ENABLED 00303 #endif 00304 00305 /* Key exchanges using a PSK */ 00306 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \ 00307 defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \ 00308 defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \ 00309 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) 00310 #define MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED 00311 #endif 00312 00313 /* Key exchanges using DHE */ 00314 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ 00315 defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) 00316 #define MBEDTLS_KEY_EXCHANGE__SOME__DHE_ENABLED 00317 #endif 00318 00319 /* Key exchanges using ECDHE */ 00320 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ 00321 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ 00322 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) 00323 #define MBEDTLS_KEY_EXCHANGE__SOME__ECDHE_ENABLED 00324 #endif 00325 00326 typedef struct mbedtls_ssl_ciphersuite_t mbedtls_ssl_ciphersuite_t; 00327 00328 #define MBEDTLS_CIPHERSUITE_WEAK 0x01 /**< Weak ciphersuite flag */ 00329 #define MBEDTLS_CIPHERSUITE_SHORT_TAG 0x02 /**< Short authentication tag, 00330 eg for CCM_8 */ 00331 #define MBEDTLS_CIPHERSUITE_NODTLS 0x04 /**< Can't be used with DTLS */ 00332 00333 /** 00334 * \brief This structure is used for storing ciphersuite information 00335 */ 00336 struct mbedtls_ssl_ciphersuite_t 00337 { 00338 int id; 00339 const char * name; 00340 00341 mbedtls_cipher_type_t cipher; 00342 mbedtls_md_type_t mac; 00343 mbedtls_key_exchange_type_t key_exchange; 00344 00345 int min_major_ver; 00346 int min_minor_ver; 00347 int max_major_ver; 00348 int max_minor_ver; 00349 00350 unsigned char flags; 00351 }; 00352 00353 const int *mbedtls_ssl_list_ciphersuites( void ); 00354 00355 const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_string( const char *ciphersuite_name ); 00356 const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_id( int ciphersuite_id ); 00357 00358 #if defined(MBEDTLS_PK_C) 00359 mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg( const mbedtls_ssl_ciphersuite_t *info ); 00360 mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg( const mbedtls_ssl_ciphersuite_t *info ); 00361 #endif 00362 00363 int mbedtls_ssl_ciphersuite_uses_ec( const mbedtls_ssl_ciphersuite_t *info ); 00364 int mbedtls_ssl_ciphersuite_uses_psk( const mbedtls_ssl_ciphersuite_t *info ); 00365 00366 #if defined(MBEDTLS_KEY_EXCHANGE__SOME_PFS__ENABLED) 00367 static inline int mbedtls_ssl_ciphersuite_has_pfs( const mbedtls_ssl_ciphersuite_t *info ) 00368 { 00369 switch( info->key_exchange ) 00370 { 00371 case MBEDTLS_KEY_EXCHANGE_DHE_RSA: 00372 case MBEDTLS_KEY_EXCHANGE_DHE_PSK: 00373 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: 00374 case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: 00375 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: 00376 case MBEDTLS_KEY_EXCHANGE_ECJPAKE: 00377 return( 1 ); 00378 00379 default: 00380 return( 0 ); 00381 } 00382 } 00383 #endif /* MBEDTLS_KEY_EXCHANGE__SOME_PFS__ENABLED */ 00384 00385 #if defined(MBEDTLS_KEY_EXCHANGE__SOME_NON_PFS__ENABLED) 00386 static inline int mbedtls_ssl_ciphersuite_no_pfs( const mbedtls_ssl_ciphersuite_t *info ) 00387 { 00388 switch( info->key_exchange ) 00389 { 00390 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: 00391 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: 00392 case MBEDTLS_KEY_EXCHANGE_RSA: 00393 case MBEDTLS_KEY_EXCHANGE_PSK: 00394 case MBEDTLS_KEY_EXCHANGE_RSA_PSK: 00395 return( 1 ); 00396 00397 default: 00398 return( 0 ); 00399 } 00400 } 00401 #endif /* MBEDTLS_KEY_EXCHANGE__SOME_NON_PFS__ENABLED */ 00402 00403 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__ECDH_ENABLED) 00404 static inline int mbedtls_ssl_ciphersuite_uses_ecdh( const mbedtls_ssl_ciphersuite_t *info ) 00405 { 00406 switch( info->key_exchange ) 00407 { 00408 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: 00409 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: 00410 return( 1 ); 00411 00412 default: 00413 return( 0 ); 00414 } 00415 } 00416 #endif /* MBEDTLS_KEY_EXCHANGE__SOME__ECDH_ENABLED */ 00417 00418 static inline int mbedtls_ssl_ciphersuite_cert_req_allowed( const mbedtls_ssl_ciphersuite_t *info ) 00419 { 00420 switch( info->key_exchange ) 00421 { 00422 case MBEDTLS_KEY_EXCHANGE_RSA: 00423 case MBEDTLS_KEY_EXCHANGE_DHE_RSA: 00424 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: 00425 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: 00426 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: 00427 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: 00428 return( 1 ); 00429 00430 default: 00431 return( 0 ); 00432 } 00433 } 00434 00435 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__DHE_ENABLED) 00436 static inline int mbedtls_ssl_ciphersuite_uses_dhe( const mbedtls_ssl_ciphersuite_t *info ) 00437 { 00438 switch( info->key_exchange ) 00439 { 00440 case MBEDTLS_KEY_EXCHANGE_DHE_RSA: 00441 case MBEDTLS_KEY_EXCHANGE_DHE_PSK: 00442 return( 1 ); 00443 00444 default: 00445 return( 0 ); 00446 } 00447 } 00448 #endif /* MBEDTLS_KEY_EXCHANGE__SOME__DHE_ENABLED) */ 00449 00450 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__ECDHE_ENABLED) 00451 static inline int mbedtls_ssl_ciphersuite_uses_ecdhe( const mbedtls_ssl_ciphersuite_t *info ) 00452 { 00453 switch( info->key_exchange ) 00454 { 00455 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: 00456 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: 00457 case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: 00458 return( 1 ); 00459 00460 default: 00461 return( 0 ); 00462 } 00463 } 00464 #endif /* MBEDTLS_KEY_EXCHANGE__SOME__ECDHE_ENABLED) */ 00465 00466 #if defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED) 00467 static inline int mbedtls_ssl_ciphersuite_uses_server_signature( const mbedtls_ssl_ciphersuite_t *info ) 00468 { 00469 switch( info->key_exchange ) 00470 { 00471 case MBEDTLS_KEY_EXCHANGE_DHE_RSA: 00472 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: 00473 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: 00474 return( 1 ); 00475 00476 default: 00477 return( 0 ); 00478 } 00479 } 00480 #endif /* MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED */ 00481 00482 #ifdef __cplusplus 00483 } 00484 #endif 00485 00486 #endif /* ssl_ciphersuites.h */
Generated on Fri Jul 22 2022 04:54:01 by
1.7.2