Doug Anson / mbedTLSLibrary

mbed TLS library

Dependents:   HTTPClient-SSL WS_SERVER

include/polarssl/ssl_ciphersuites.h@0:137634ff4186, 2015-06-11 (annotated)

Committer:
ansond
Date:
Thu Jun 11 03:27:03 2015 +0000
Revision:
0:137634ff4186
initial commit

Who changed what in which revision?

UserRevisionLine numberNew contents of line
ansond 0:137634ff4186 1 /**
ansond 0:137634ff4186 2 * \file ssl_ciphersuites.h
ansond 0:137634ff4186 3 *
ansond 0:137634ff4186 4 * \brief SSL Ciphersuites for mbed TLS
ansond 0:137634ff4186 5 *
ansond 0:137634ff4186 6 * Copyright (C) 2006-2013, ARM Limited, All Rights Reserved
ansond 0:137634ff4186 7 *
ansond 0:137634ff4186 8 * This file is part of mbed TLS (https://tls.mbed.org)
ansond 0:137634ff4186 9 *
ansond 0:137634ff4186 10 * This program is free software; you can redistribute it and/or modify
ansond 0:137634ff4186 11 * it under the terms of the GNU General Public License as published by
ansond 0:137634ff4186 12 * the Free Software Foundation; either version 2 of the License, or
ansond 0:137634ff4186 13 * (at your option) any later version.
ansond 0:137634ff4186 14 *
ansond 0:137634ff4186 15 * This program is distributed in the hope that it will be useful,
ansond 0:137634ff4186 16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
ansond 0:137634ff4186 17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
ansond 0:137634ff4186 18 * GNU General Public License for more details.
ansond 0:137634ff4186 19 *
ansond 0:137634ff4186 20 * You should have received a copy of the GNU General Public License along
ansond 0:137634ff4186 21 * with this program; if not, write to the Free Software Foundation, Inc.,
ansond 0:137634ff4186 22 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
ansond 0:137634ff4186 23 */
ansond 0:137634ff4186 24 #ifndef POLARSSL_SSL_CIPHERSUITES_H
ansond 0:137634ff4186 25 #define POLARSSL_SSL_CIPHERSUITES_H
ansond 0:137634ff4186 26
ansond 0:137634ff4186 27 #include "pk.h"
ansond 0:137634ff4186 28 #include "cipher.h"
ansond 0:137634ff4186 29 #include "md.h"
ansond 0:137634ff4186 30
ansond 0:137634ff4186 31 #ifdef __cplusplus
ansond 0:137634ff4186 32 extern "C" {
ansond 0:137634ff4186 33 #endif
ansond 0:137634ff4186 34
ansond 0:137634ff4186 35 /*
ansond 0:137634ff4186 36 * Supported ciphersuites (Official IANA names)
ansond 0:137634ff4186 37 */
ansond 0:137634ff4186 38 #define TLS_RSA_WITH_NULL_MD5 0x01 /**< Weak! */
ansond 0:137634ff4186 39 #define TLS_RSA_WITH_NULL_SHA 0x02 /**< Weak! */
ansond 0:137634ff4186 40
ansond 0:137634ff4186 41 #define TLS_RSA_WITH_RC4_128_MD5 0x04
ansond 0:137634ff4186 42 #define TLS_RSA_WITH_RC4_128_SHA 0x05
ansond 0:137634ff4186 43 #define TLS_RSA_WITH_DES_CBC_SHA 0x09 /**< Weak! Not in TLS 1.2 */
ansond 0:137634ff4186 44
ansond 0:137634ff4186 45 #define TLS_RSA_WITH_3DES_EDE_CBC_SHA 0x0A
ansond 0:137634ff4186 46
ansond 0:137634ff4186 47 #define TLS_DHE_RSA_WITH_DES_CBC_SHA 0x15 /**< Weak! Not in TLS 1.2 */
ansond 0:137634ff4186 48 #define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 0x16
ansond 0:137634ff4186 49
ansond 0:137634ff4186 50 #define TLS_PSK_WITH_NULL_SHA 0x2C /**< Weak! */
ansond 0:137634ff4186 51 #define TLS_DHE_PSK_WITH_NULL_SHA 0x2D /**< Weak! */
ansond 0:137634ff4186 52 #define TLS_RSA_PSK_WITH_NULL_SHA 0x2E /**< Weak! */
ansond 0:137634ff4186 53 #define TLS_RSA_WITH_AES_128_CBC_SHA 0x2F
ansond 0:137634ff4186 54
ansond 0:137634ff4186 55 #define TLS_DHE_RSA_WITH_AES_128_CBC_SHA 0x33
ansond 0:137634ff4186 56 #define TLS_RSA_WITH_AES_256_CBC_SHA 0x35
ansond 0:137634ff4186 57 #define TLS_DHE_RSA_WITH_AES_256_CBC_SHA 0x39
ansond 0:137634ff4186 58
ansond 0:137634ff4186 59 #define TLS_RSA_WITH_NULL_SHA256 0x3B /**< Weak! */
ansond 0:137634ff4186 60 #define TLS_RSA_WITH_AES_128_CBC_SHA256 0x3C /**< TLS 1.2 */
ansond 0:137634ff4186 61 #define TLS_RSA_WITH_AES_256_CBC_SHA256 0x3D /**< TLS 1.2 */
ansond 0:137634ff4186 62
ansond 0:137634ff4186 63 #define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 0x41
ansond 0:137634ff4186 64 #define TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x45
ansond 0:137634ff4186 65
ansond 0:137634ff4186 66 #define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 0x67 /**< TLS 1.2 */
ansond 0:137634ff4186 67 #define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 0x6B /**< TLS 1.2 */
ansond 0:137634ff4186 68
ansond 0:137634ff4186 69 #define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 0x84
ansond 0:137634ff4186 70 #define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x88
ansond 0:137634ff4186 71
ansond 0:137634ff4186 72 #define TLS_PSK_WITH_RC4_128_SHA 0x8A
ansond 0:137634ff4186 73 #define TLS_PSK_WITH_3DES_EDE_CBC_SHA 0x8B
ansond 0:137634ff4186 74 #define TLS_PSK_WITH_AES_128_CBC_SHA 0x8C
ansond 0:137634ff4186 75 #define TLS_PSK_WITH_AES_256_CBC_SHA 0x8D
ansond 0:137634ff4186 76
ansond 0:137634ff4186 77 #define TLS_DHE_PSK_WITH_RC4_128_SHA 0x8E
ansond 0:137634ff4186 78 #define TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA 0x8F
ansond 0:137634ff4186 79 #define TLS_DHE_PSK_WITH_AES_128_CBC_SHA 0x90
ansond 0:137634ff4186 80 #define TLS_DHE_PSK_WITH_AES_256_CBC_SHA 0x91
ansond 0:137634ff4186 81
ansond 0:137634ff4186 82 #define TLS_RSA_PSK_WITH_RC4_128_SHA 0x92
ansond 0:137634ff4186 83 #define TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA 0x93
ansond 0:137634ff4186 84 #define TLS_RSA_PSK_WITH_AES_128_CBC_SHA 0x94
ansond 0:137634ff4186 85 #define TLS_RSA_PSK_WITH_AES_256_CBC_SHA 0x95
ansond 0:137634ff4186 86
ansond 0:137634ff4186 87 #define TLS_RSA_WITH_AES_128_GCM_SHA256 0x9C /**< TLS 1.2 */
ansond 0:137634ff4186 88 #define TLS_RSA_WITH_AES_256_GCM_SHA384 0x9D /**< TLS 1.2 */
ansond 0:137634ff4186 89 #define TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 0x9E /**< TLS 1.2 */
ansond 0:137634ff4186 90 #define TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 0x9F /**< TLS 1.2 */
ansond 0:137634ff4186 91
ansond 0:137634ff4186 92 #define TLS_PSK_WITH_AES_128_GCM_SHA256 0xA8 /**< TLS 1.2 */
ansond 0:137634ff4186 93 #define TLS_PSK_WITH_AES_256_GCM_SHA384 0xA9 /**< TLS 1.2 */
ansond 0:137634ff4186 94 #define TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 0xAA /**< TLS 1.2 */
ansond 0:137634ff4186 95 #define TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 0xAB /**< TLS 1.2 */
ansond 0:137634ff4186 96 #define TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 0xAC /**< TLS 1.2 */
ansond 0:137634ff4186 97 #define TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 0xAD /**< TLS 1.2 */
ansond 0:137634ff4186 98
ansond 0:137634ff4186 99 #define TLS_PSK_WITH_AES_128_CBC_SHA256 0xAE
ansond 0:137634ff4186 100 #define TLS_PSK_WITH_AES_256_CBC_SHA384 0xAF
ansond 0:137634ff4186 101 #define TLS_PSK_WITH_NULL_SHA256 0xB0 /**< Weak! */
ansond 0:137634ff4186 102 #define TLS_PSK_WITH_NULL_SHA384 0xB1 /**< Weak! */
ansond 0:137634ff4186 103
ansond 0:137634ff4186 104 #define TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 0xB2
ansond 0:137634ff4186 105 #define TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 0xB3
ansond 0:137634ff4186 106 #define TLS_DHE_PSK_WITH_NULL_SHA256 0xB4 /**< Weak! */
ansond 0:137634ff4186 107 #define TLS_DHE_PSK_WITH_NULL_SHA384 0xB5 /**< Weak! */
ansond 0:137634ff4186 108
ansond 0:137634ff4186 109 #define TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 0xB6
ansond 0:137634ff4186 110 #define TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 0xB7
ansond 0:137634ff4186 111 #define TLS_RSA_PSK_WITH_NULL_SHA256 0xB8 /**< Weak! */
ansond 0:137634ff4186 112 #define TLS_RSA_PSK_WITH_NULL_SHA384 0xB9 /**< Weak! */
ansond 0:137634ff4186 113
ansond 0:137634ff4186 114 #define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBA /**< TLS 1.2 */
ansond 0:137634ff4186 115 #define TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBE /**< TLS 1.2 */
ansond 0:137634ff4186 116
ansond 0:137634ff4186 117 #define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC0 /**< TLS 1.2 */
ansond 0:137634ff4186 118 #define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC4 /**< TLS 1.2 */
ansond 0:137634ff4186 119
ansond 0:137634ff4186 120 #define TLS_ECDH_ECDSA_WITH_NULL_SHA 0xC001 /**< Weak! */
ansond 0:137634ff4186 121 #define TLS_ECDH_ECDSA_WITH_RC4_128_SHA 0xC002 /**< Not in SSL3! */
ansond 0:137634ff4186 122 #define TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 0xC003 /**< Not in SSL3! */
ansond 0:137634ff4186 123 #define TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0xC004 /**< Not in SSL3! */
ansond 0:137634ff4186 124 #define TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0xC005 /**< Not in SSL3! */
ansond 0:137634ff4186 125
ansond 0:137634ff4186 126 #define TLS_ECDHE_ECDSA_WITH_NULL_SHA 0xC006 /**< Weak! */
ansond 0:137634ff4186 127 #define TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 0xC007 /**< Not in SSL3! */
ansond 0:137634ff4186 128 #define TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 0xC008 /**< Not in SSL3! */
ansond 0:137634ff4186 129 #define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0xC009 /**< Not in SSL3! */
ansond 0:137634ff4186 130 #define TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0xC00A /**< Not in SSL3! */
ansond 0:137634ff4186 131
ansond 0:137634ff4186 132 #define TLS_ECDH_RSA_WITH_NULL_SHA 0xC00B /**< Weak! */
ansond 0:137634ff4186 133 #define TLS_ECDH_RSA_WITH_RC4_128_SHA 0xC00C /**< Not in SSL3! */
ansond 0:137634ff4186 134 #define TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 0xC00D /**< Not in SSL3! */
ansond 0:137634ff4186 135 #define TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 0xC00E /**< Not in SSL3! */
ansond 0:137634ff4186 136 #define TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 0xC00F /**< Not in SSL3! */
ansond 0:137634ff4186 137
ansond 0:137634ff4186 138 #define TLS_ECDHE_RSA_WITH_NULL_SHA 0xC010 /**< Weak! */
ansond 0:137634ff4186 139 #define TLS_ECDHE_RSA_WITH_RC4_128_SHA 0xC011 /**< Not in SSL3! */
ansond 0:137634ff4186 140 #define TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 0xC012 /**< Not in SSL3! */
ansond 0:137634ff4186 141 #define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 0xC013 /**< Not in SSL3! */
ansond 0:137634ff4186 142 #define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 0xC014 /**< Not in SSL3! */
ansond 0:137634ff4186 143
ansond 0:137634ff4186 144 #define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 0xC023 /**< TLS 1.2 */
ansond 0:137634ff4186 145 #define TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 0xC024 /**< TLS 1.2 */
ansond 0:137634ff4186 146 #define TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 0xC025 /**< TLS 1.2 */
ansond 0:137634ff4186 147 #define TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 0xC026 /**< TLS 1.2 */
ansond 0:137634ff4186 148 #define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 0xC027 /**< TLS 1.2 */
ansond 0:137634ff4186 149 #define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 0xC028 /**< TLS 1.2 */
ansond 0:137634ff4186 150 #define TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 0xC029 /**< TLS 1.2 */
ansond 0:137634ff4186 151 #define TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 0xC02A /**< TLS 1.2 */
ansond 0:137634ff4186 152
ansond 0:137634ff4186 153 #define TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC02B /**< TLS 1.2 */
ansond 0:137634ff4186 154 #define TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0xC02C /**< TLS 1.2 */
ansond 0:137634ff4186 155 #define TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0xC02D /**< TLS 1.2 */
ansond 0:137634ff4186 156 #define TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 0xC02E /**< TLS 1.2 */
ansond 0:137634ff4186 157 #define TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xC02F /**< TLS 1.2 */
ansond 0:137634ff4186 158 #define TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0xC030 /**< TLS 1.2 */
ansond 0:137634ff4186 159 #define TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 0xC031 /**< TLS 1.2 */
ansond 0:137634ff4186 160 #define TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 0xC032 /**< TLS 1.2 */
ansond 0:137634ff4186 161
ansond 0:137634ff4186 162 #define TLS_ECDHE_PSK_WITH_RC4_128_SHA 0xC033 /**< Not in SSL3! */
ansond 0:137634ff4186 163 #define TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA 0xC034 /**< Not in SSL3! */
ansond 0:137634ff4186 164 #define TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 0xC035 /**< Not in SSL3! */
ansond 0:137634ff4186 165 #define TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 0xC036 /**< Not in SSL3! */
ansond 0:137634ff4186 166 #define TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 0xC037 /**< Not in SSL3! */
ansond 0:137634ff4186 167 #define TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 0xC038 /**< Not in SSL3! */
ansond 0:137634ff4186 168 #define TLS_ECDHE_PSK_WITH_NULL_SHA 0xC039 /**< Weak! No SSL3! */
ansond 0:137634ff4186 169 #define TLS_ECDHE_PSK_WITH_NULL_SHA256 0xC03A /**< Weak! No SSL3! */
ansond 0:137634ff4186 170 #define TLS_ECDHE_PSK_WITH_NULL_SHA384 0xC03B /**< Weak! No SSL3! */
ansond 0:137634ff4186 171
ansond 0:137634ff4186 172 #define TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC072 /**< Not in SSL3! */
ansond 0:137634ff4186 173 #define TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC073 /**< Not in SSL3! */
ansond 0:137634ff4186 174 #define TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC074 /**< Not in SSL3! */
ansond 0:137634ff4186 175 #define TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC075 /**< Not in SSL3! */
ansond 0:137634ff4186 176 #define TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xC076 /**< Not in SSL3! */
ansond 0:137634ff4186 177 #define TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 0xC077 /**< Not in SSL3! */
ansond 0:137634ff4186 178 #define TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xC078 /**< Not in SSL3! */
ansond 0:137634ff4186 179 #define TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 0xC079 /**< Not in SSL3! */
ansond 0:137634ff4186 180
ansond 0:137634ff4186 181 #define TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC07A /**< TLS 1.2 */
ansond 0:137634ff4186 182 #define TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC07B /**< TLS 1.2 */
ansond 0:137634ff4186 183 #define TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC07C /**< TLS 1.2 */
ansond 0:137634ff4186 184 #define TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC07D /**< TLS 1.2 */
ansond 0:137634ff4186 185 #define TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC086 /**< TLS 1.2 */
ansond 0:137634ff4186 186 #define TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 0xC087 /**< TLS 1.2 */
ansond 0:137634ff4186 187 #define TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC088 /**< TLS 1.2 */
ansond 0:137634ff4186 188 #define TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 0xC089 /**< TLS 1.2 */
ansond 0:137634ff4186 189 #define TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC08A /**< TLS 1.2 */
ansond 0:137634ff4186 190 #define TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC08B /**< TLS 1.2 */
ansond 0:137634ff4186 191 #define TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC08C /**< TLS 1.2 */
ansond 0:137634ff4186 192 #define TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC08D /**< TLS 1.2 */
ansond 0:137634ff4186 193
ansond 0:137634ff4186 194 #define TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC08E /**< TLS 1.2 */
ansond 0:137634ff4186 195 #define TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC08F /**< TLS 1.2 */
ansond 0:137634ff4186 196 #define TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC090 /**< TLS 1.2 */
ansond 0:137634ff4186 197 #define TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC091 /**< TLS 1.2 */
ansond 0:137634ff4186 198 #define TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC092 /**< TLS 1.2 */
ansond 0:137634ff4186 199 #define TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC093 /**< TLS 1.2 */
ansond 0:137634ff4186 200
ansond 0:137634ff4186 201 #define TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC094
ansond 0:137634ff4186 202 #define TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC095
ansond 0:137634ff4186 203 #define TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC096
ansond 0:137634ff4186 204 #define TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC097
ansond 0:137634ff4186 205 #define TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC098
ansond 0:137634ff4186 206 #define TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC099
ansond 0:137634ff4186 207 #define TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC09A /**< Not in SSL3! */
ansond 0:137634ff4186 208 #define TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC09B /**< Not in SSL3! */
ansond 0:137634ff4186 209
ansond 0:137634ff4186 210 #define TLS_RSA_WITH_AES_128_CCM 0xC09C /**< TLS 1.2 */
ansond 0:137634ff4186 211 #define TLS_RSA_WITH_AES_256_CCM 0xC09D /**< TLS 1.2 */
ansond 0:137634ff4186 212 #define TLS_DHE_RSA_WITH_AES_128_CCM 0xC09E /**< TLS 1.2 */
ansond 0:137634ff4186 213 #define TLS_DHE_RSA_WITH_AES_256_CCM 0xC09F /**< TLS 1.2 */
ansond 0:137634ff4186 214 #define TLS_RSA_WITH_AES_128_CCM_8 0xC0A0 /**< TLS 1.2 */
ansond 0:137634ff4186 215 #define TLS_RSA_WITH_AES_256_CCM_8 0xC0A1 /**< TLS 1.2 */
ansond 0:137634ff4186 216 #define TLS_DHE_RSA_WITH_AES_128_CCM_8 0xC0A2 /**< TLS 1.2 */
ansond 0:137634ff4186 217 #define TLS_DHE_RSA_WITH_AES_256_CCM_8 0xC0A3 /**< TLS 1.2 */
ansond 0:137634ff4186 218 #define TLS_PSK_WITH_AES_128_CCM 0xC0A4 /**< TLS 1.2 */
ansond 0:137634ff4186 219 #define TLS_PSK_WITH_AES_256_CCM 0xC0A5 /**< TLS 1.2 */
ansond 0:137634ff4186 220 #define TLS_DHE_PSK_WITH_AES_128_CCM 0xC0A6 /**< TLS 1.2 */
ansond 0:137634ff4186 221 #define TLS_DHE_PSK_WITH_AES_256_CCM 0xC0A7 /**< TLS 1.2 */
ansond 0:137634ff4186 222 #define TLS_PSK_WITH_AES_128_CCM_8 0xC0A8 /**< TLS 1.2 */
ansond 0:137634ff4186 223 #define TLS_PSK_WITH_AES_256_CCM_8 0xC0A9 /**< TLS 1.2 */
ansond 0:137634ff4186 224 #define TLS_DHE_PSK_WITH_AES_128_CCM_8 0xC0AA /**< TLS 1.2 */
ansond 0:137634ff4186 225 #define TLS_DHE_PSK_WITH_AES_256_CCM_8 0xC0AB /**< TLS 1.2 */
ansond 0:137634ff4186 226 /* The last two are named with PSK_DHE in the RFC, which looks like a typo */
ansond 0:137634ff4186 227
ansond 0:137634ff4186 228 #define TLS_ECDHE_ECDSA_WITH_AES_128_CCM 0xC0AC /**< TLS 1.2 */
ansond 0:137634ff4186 229 #define TLS_ECDHE_ECDSA_WITH_AES_256_CCM 0xC0AD /**< TLS 1.2 */
ansond 0:137634ff4186 230 #define TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 0xC0AE /**< TLS 1.2 */
ansond 0:137634ff4186 231 #define TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 0xC0AF /**< TLS 1.2 */
ansond 0:137634ff4186 232
ansond 0:137634ff4186 233 /* Reminder: update _ssl_premaster_secret when adding a new key exchange.
ansond 0:137634ff4186 234 * Reminder: update POLARSSL_KEY_EXCHANGE__WITH_CERT__ENABLED below.
ansond 0:137634ff4186 235 */
ansond 0:137634ff4186 236 typedef enum {
ansond 0:137634ff4186 237 POLARSSL_KEY_EXCHANGE_NONE = 0,
ansond 0:137634ff4186 238 POLARSSL_KEY_EXCHANGE_RSA,
ansond 0:137634ff4186 239 POLARSSL_KEY_EXCHANGE_DHE_RSA,
ansond 0:137634ff4186 240 POLARSSL_KEY_EXCHANGE_ECDHE_RSA,
ansond 0:137634ff4186 241 POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
ansond 0:137634ff4186 242 POLARSSL_KEY_EXCHANGE_PSK,
ansond 0:137634ff4186 243 POLARSSL_KEY_EXCHANGE_DHE_PSK,
ansond 0:137634ff4186 244 POLARSSL_KEY_EXCHANGE_RSA_PSK,
ansond 0:137634ff4186 245 POLARSSL_KEY_EXCHANGE_ECDHE_PSK,
ansond 0:137634ff4186 246 POLARSSL_KEY_EXCHANGE_ECDH_RSA,
ansond 0:137634ff4186 247 POLARSSL_KEY_EXCHANGE_ECDH_ECDSA,
ansond 0:137634ff4186 248 } key_exchange_type_t;
ansond 0:137634ff4186 249
ansond 0:137634ff4186 250 #if defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED) || \
ansond 0:137634ff4186 251 defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
ansond 0:137634ff4186 252 defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
ansond 0:137634ff4186 253 defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
ansond 0:137634ff4186 254 defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
ansond 0:137634ff4186 255 defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
ansond 0:137634ff4186 256 defined(POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
ansond 0:137634ff4186 257 defined(POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
ansond 0:137634ff4186 258 #define POLARSSL_KEY_EXCHANGE__WITH_CERT__ENABLED
ansond 0:137634ff4186 259 #endif
ansond 0:137634ff4186 260
ansond 0:137634ff4186 261 typedef struct _ssl_ciphersuite_t ssl_ciphersuite_t;
ansond 0:137634ff4186 262
ansond 0:137634ff4186 263 #define POLARSSL_CIPHERSUITE_WEAK 0x01 /**< Weak ciphersuite flag */
ansond 0:137634ff4186 264 #define POLARSSL_CIPHERSUITE_SHORT_TAG 0x02 /**< Short authentication tag,
ansond 0:137634ff4186 265 eg for CCM_8 */
ansond 0:137634ff4186 266
ansond 0:137634ff4186 267 /**
ansond 0:137634ff4186 268 * \brief This structure is used for storing ciphersuite information
ansond 0:137634ff4186 269 */
ansond 0:137634ff4186 270 struct _ssl_ciphersuite_t
ansond 0:137634ff4186 271 {
ansond 0:137634ff4186 272 int id;
ansond 0:137634ff4186 273 const char * name;
ansond 0:137634ff4186 274
ansond 0:137634ff4186 275 cipher_type_t cipher;
ansond 0:137634ff4186 276 md_type_t mac;
ansond 0:137634ff4186 277 key_exchange_type_t key_exchange;
ansond 0:137634ff4186 278
ansond 0:137634ff4186 279 int min_major_ver;
ansond 0:137634ff4186 280 int min_minor_ver;
ansond 0:137634ff4186 281 int max_major_ver;
ansond 0:137634ff4186 282 int max_minor_ver;
ansond 0:137634ff4186 283
ansond 0:137634ff4186 284 unsigned char flags;
ansond 0:137634ff4186 285 };
ansond 0:137634ff4186 286
ansond 0:137634ff4186 287 const int *ssl_list_ciphersuites( void );
ansond 0:137634ff4186 288
ansond 0:137634ff4186 289 const ssl_ciphersuite_t *ssl_ciphersuite_from_string( const char *ciphersuite_name );
ansond 0:137634ff4186 290 const ssl_ciphersuite_t *ssl_ciphersuite_from_id( int ciphersuite_id );
ansond 0:137634ff4186 291
ansond 0:137634ff4186 292 #if defined(POLARSSL_PK_C)
ansond 0:137634ff4186 293 pk_type_t ssl_get_ciphersuite_sig_pk_alg( const ssl_ciphersuite_t *info );
ansond 0:137634ff4186 294 #endif
ansond 0:137634ff4186 295
ansond 0:137634ff4186 296 int ssl_ciphersuite_uses_ec( const ssl_ciphersuite_t *info );
ansond 0:137634ff4186 297 int ssl_ciphersuite_uses_psk( const ssl_ciphersuite_t *info );
ansond 0:137634ff4186 298
ansond 0:137634ff4186 299 #ifdef __cplusplus
ansond 0:137634ff4186 300 }
ansond 0:137634ff4186 301 #endif
ansond 0:137634ff4186 302
ansond 0:137634ff4186 303 #endif /* ssl_ciphersuites.h */
ansond 0:137634ff4186 304