Kenji Arai
/
mbed-os_TYBLE16
Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
Dependents: TYBLE16_simple_data_logger TYBLE16_MP3_Air
Embed:
(wiki syntax)
Show/hide line numbers
ssl_ciphersuites.h
Go to the documentation of this file.
00001 /** 00002 * \file ssl_ciphersuites.h 00003 * 00004 * \brief SSL Ciphersuites for mbed TLS 00005 */ 00006 /* 00007 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 00008 * SPDX-License-Identifier: Apache-2.0 00009 * 00010 * Licensed under the Apache License, Version 2.0 (the "License"); you may 00011 * not use this file except in compliance with the License. 00012 * You may obtain a copy of the License at 00013 * 00014 * http://www.apache.org/licenses/LICENSE-2.0 00015 * 00016 * Unless required by applicable law or agreed to in writing, software 00017 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 00018 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 00019 * See the License for the specific language governing permissions and 00020 * limitations under the License. 00021 * 00022 * This file is part of mbed TLS (https://tls.mbed.org) 00023 */ 00024 #ifndef MBEDTLS_SSL_CIPHERSUITES_H 00025 #define MBEDTLS_SSL_CIPHERSUITES_H 00026 00027 #if !defined(MBEDTLS_CONFIG_FILE) 00028 #include "mbedtls/config.h" 00029 #else 00030 #include MBEDTLS_CONFIG_FILE 00031 #endif 00032 00033 #include "mbedtls/pk.h" 00034 #include "mbedtls/cipher.h" 00035 #include "mbedtls/md.h" 00036 00037 #ifdef __cplusplus 00038 extern "C" { 00039 #endif 00040 00041 /* 00042 * Supported ciphersuites (Official IANA names) 00043 */ 00044 #define MBEDTLS_TLS_RSA_WITH_NULL_MD5 0x01 /**< Weak! */ 00045 #define MBEDTLS_TLS_RSA_WITH_NULL_SHA 0x02 /**< Weak! */ 00046 00047 #define MBEDTLS_TLS_RSA_WITH_RC4_128_MD5 0x04 00048 #define MBEDTLS_TLS_RSA_WITH_RC4_128_SHA 0x05 00049 #define MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA 0x09 /**< Weak! Not in TLS 1.2 */ 00050 00051 #define MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA 0x0A 00052 00053 #define MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA 0x15 /**< Weak! Not in TLS 1.2 */ 00054 #define MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 0x16 00055 00056 #define MBEDTLS_TLS_PSK_WITH_NULL_SHA 0x2C /**< Weak! */ 00057 #define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA 0x2D /**< Weak! */ 00058 #define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA 0x2E /**< Weak! */ 00059 #define MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA 0x2F 00060 00061 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA 0x33 00062 #define MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA 0x35 00063 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA 0x39 00064 00065 #define MBEDTLS_TLS_RSA_WITH_NULL_SHA256 0x3B /**< Weak! */ 00066 #define MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 0x3C /**< TLS 1.2 */ 00067 #define MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 0x3D /**< TLS 1.2 */ 00068 00069 #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 0x41 00070 #define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x45 00071 00072 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 0x67 /**< TLS 1.2 */ 00073 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 0x6B /**< TLS 1.2 */ 00074 00075 #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 0x84 00076 #define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x88 00077 00078 #define MBEDTLS_TLS_PSK_WITH_RC4_128_SHA 0x8A 00079 #define MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA 0x8B 00080 #define MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA 0x8C 00081 #define MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA 0x8D 00082 00083 #define MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA 0x8E 00084 #define MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA 0x8F 00085 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA 0x90 00086 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA 0x91 00087 00088 #define MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA 0x92 00089 #define MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA 0x93 00090 #define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA 0x94 00091 #define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA 0x95 00092 00093 #define MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 0x9C /**< TLS 1.2 */ 00094 #define MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 0x9D /**< TLS 1.2 */ 00095 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 0x9E /**< TLS 1.2 */ 00096 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 0x9F /**< TLS 1.2 */ 00097 00098 #define MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 0xA8 /**< TLS 1.2 */ 00099 #define MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 0xA9 /**< TLS 1.2 */ 00100 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 0xAA /**< TLS 1.2 */ 00101 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 0xAB /**< TLS 1.2 */ 00102 #define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 0xAC /**< TLS 1.2 */ 00103 #define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 0xAD /**< TLS 1.2 */ 00104 00105 #define MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 0xAE 00106 #define MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 0xAF 00107 #define MBEDTLS_TLS_PSK_WITH_NULL_SHA256 0xB0 /**< Weak! */ 00108 #define MBEDTLS_TLS_PSK_WITH_NULL_SHA384 0xB1 /**< Weak! */ 00109 00110 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 0xB2 00111 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 0xB3 00112 #define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256 0xB4 /**< Weak! */ 00113 #define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384 0xB5 /**< Weak! */ 00114 00115 #define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 0xB6 00116 #define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 0xB7 00117 #define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256 0xB8 /**< Weak! */ 00118 #define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384 0xB9 /**< Weak! */ 00119 00120 #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBA /**< TLS 1.2 */ 00121 #define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBE /**< TLS 1.2 */ 00122 00123 #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC0 /**< TLS 1.2 */ 00124 #define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC4 /**< TLS 1.2 */ 00125 00126 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA 0xC001 /**< Weak! */ 00127 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA 0xC002 /**< Not in SSL3! */ 00128 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 0xC003 /**< Not in SSL3! */ 00129 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0xC004 /**< Not in SSL3! */ 00130 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0xC005 /**< Not in SSL3! */ 00131 00132 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA 0xC006 /**< Weak! */ 00133 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 0xC007 /**< Not in SSL3! */ 00134 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 0xC008 /**< Not in SSL3! */ 00135 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0xC009 /**< Not in SSL3! */ 00136 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0xC00A /**< Not in SSL3! */ 00137 00138 #define MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA 0xC00B /**< Weak! */ 00139 #define MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA 0xC00C /**< Not in SSL3! */ 00140 #define MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 0xC00D /**< Not in SSL3! */ 00141 #define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 0xC00E /**< Not in SSL3! */ 00142 #define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 0xC00F /**< Not in SSL3! */ 00143 00144 #define MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA 0xC010 /**< Weak! */ 00145 #define MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA 0xC011 /**< Not in SSL3! */ 00146 #define MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 0xC012 /**< Not in SSL3! */ 00147 #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 0xC013 /**< Not in SSL3! */ 00148 #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 0xC014 /**< Not in SSL3! */ 00149 00150 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 0xC023 /**< TLS 1.2 */ 00151 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 0xC024 /**< TLS 1.2 */ 00152 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 0xC025 /**< TLS 1.2 */ 00153 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 0xC026 /**< TLS 1.2 */ 00154 #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 0xC027 /**< TLS 1.2 */ 00155 #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 0xC028 /**< TLS 1.2 */ 00156 #define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 0xC029 /**< TLS 1.2 */ 00157 #define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 0xC02A /**< TLS 1.2 */ 00158 00159 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC02B /**< TLS 1.2 */ 00160 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0xC02C /**< TLS 1.2 */ 00161 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0xC02D /**< TLS 1.2 */ 00162 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 0xC02E /**< TLS 1.2 */ 00163 #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xC02F /**< TLS 1.2 */ 00164 #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0xC030 /**< TLS 1.2 */ 00165 #define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 0xC031 /**< TLS 1.2 */ 00166 #define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 0xC032 /**< TLS 1.2 */ 00167 00168 #define MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA 0xC033 /**< Not in SSL3! */ 00169 #define MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA 0xC034 /**< Not in SSL3! */ 00170 #define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 0xC035 /**< Not in SSL3! */ 00171 #define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 0xC036 /**< Not in SSL3! */ 00172 #define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 0xC037 /**< Not in SSL3! */ 00173 #define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 0xC038 /**< Not in SSL3! */ 00174 #define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA 0xC039 /**< Weak! No SSL3! */ 00175 #define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256 0xC03A /**< Weak! No SSL3! */ 00176 #define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384 0xC03B /**< Weak! No SSL3! */ 00177 00178 #define MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256 0xC03C /**< TLS 1.2 */ 00179 #define MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384 0xC03D /**< TLS 1.2 */ 00180 #define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 0xC044 /**< TLS 1.2 */ 00181 #define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 0xC045 /**< TLS 1.2 */ 00182 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 0xC048 /**< TLS 1.2 */ 00183 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 0xC049 /**< TLS 1.2 */ 00184 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 0xC04A /**< TLS 1.2 */ 00185 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 0xC04B /**< TLS 1.2 */ 00186 #define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 0xC04C /**< TLS 1.2 */ 00187 #define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 0xC04D /**< TLS 1.2 */ 00188 #define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256 0xC04E /**< TLS 1.2 */ 00189 #define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384 0xC04F /**< TLS 1.2 */ 00190 #define MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256 0xC050 /**< TLS 1.2 */ 00191 #define MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384 0xC051 /**< TLS 1.2 */ 00192 #define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 0xC052 /**< TLS 1.2 */ 00193 #define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 0xC053 /**< TLS 1.2 */ 00194 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 0xC05C /**< TLS 1.2 */ 00195 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 0xC05D /**< TLS 1.2 */ 00196 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 0xC05E /**< TLS 1.2 */ 00197 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 0xC05F /**< TLS 1.2 */ 00198 #define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 0xC060 /**< TLS 1.2 */ 00199 #define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 0xC061 /**< TLS 1.2 */ 00200 #define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 0xC062 /**< TLS 1.2 */ 00201 #define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 0xC063 /**< TLS 1.2 */ 00202 #define MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256 0xC064 /**< TLS 1.2 */ 00203 #define MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384 0xC065 /**< TLS 1.2 */ 00204 #define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 0xC066 /**< TLS 1.2 */ 00205 #define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 0xC067 /**< TLS 1.2 */ 00206 #define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 0xC068 /**< TLS 1.2 */ 00207 #define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 0xC069 /**< TLS 1.2 */ 00208 #define MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256 0xC06A /**< TLS 1.2 */ 00209 #define MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384 0xC06B /**< TLS 1.2 */ 00210 #define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 0xC06C /**< TLS 1.2 */ 00211 #define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 0xC06D /**< TLS 1.2 */ 00212 #define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 0xC06E /**< TLS 1.2 */ 00213 #define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 0xC06F /**< TLS 1.2 */ 00214 #define MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 0xC070 /**< TLS 1.2 */ 00215 #define MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 0xC071 /**< TLS 1.2 */ 00216 00217 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC072 /**< Not in SSL3! */ 00218 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC073 /**< Not in SSL3! */ 00219 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC074 /**< Not in SSL3! */ 00220 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC075 /**< Not in SSL3! */ 00221 #define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xC076 /**< Not in SSL3! */ 00222 #define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 0xC077 /**< Not in SSL3! */ 00223 #define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xC078 /**< Not in SSL3! */ 00224 #define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 0xC079 /**< Not in SSL3! */ 00225 00226 #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC07A /**< TLS 1.2 */ 00227 #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC07B /**< TLS 1.2 */ 00228 #define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC07C /**< TLS 1.2 */ 00229 #define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC07D /**< TLS 1.2 */ 00230 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC086 /**< TLS 1.2 */ 00231 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 0xC087 /**< TLS 1.2 */ 00232 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC088 /**< TLS 1.2 */ 00233 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 0xC089 /**< TLS 1.2 */ 00234 #define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC08A /**< TLS 1.2 */ 00235 #define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC08B /**< TLS 1.2 */ 00236 #define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC08C /**< TLS 1.2 */ 00237 #define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC08D /**< TLS 1.2 */ 00238 00239 #define MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC08E /**< TLS 1.2 */ 00240 #define MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC08F /**< TLS 1.2 */ 00241 #define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC090 /**< TLS 1.2 */ 00242 #define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC091 /**< TLS 1.2 */ 00243 #define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC092 /**< TLS 1.2 */ 00244 #define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC093 /**< TLS 1.2 */ 00245 00246 #define MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC094 00247 #define MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC095 00248 #define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC096 00249 #define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC097 00250 #define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC098 00251 #define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC099 00252 #define MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC09A /**< Not in SSL3! */ 00253 #define MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC09B /**< Not in SSL3! */ 00254 00255 #define MBEDTLS_TLS_RSA_WITH_AES_128_CCM 0xC09C /**< TLS 1.2 */ 00256 #define MBEDTLS_TLS_RSA_WITH_AES_256_CCM 0xC09D /**< TLS 1.2 */ 00257 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM 0xC09E /**< TLS 1.2 */ 00258 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM 0xC09F /**< TLS 1.2 */ 00259 #define MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8 0xC0A0 /**< TLS 1.2 */ 00260 #define MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8 0xC0A1 /**< TLS 1.2 */ 00261 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8 0xC0A2 /**< TLS 1.2 */ 00262 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8 0xC0A3 /**< TLS 1.2 */ 00263 #define MBEDTLS_TLS_PSK_WITH_AES_128_CCM 0xC0A4 /**< TLS 1.2 */ 00264 #define MBEDTLS_TLS_PSK_WITH_AES_256_CCM 0xC0A5 /**< TLS 1.2 */ 00265 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM 0xC0A6 /**< TLS 1.2 */ 00266 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM 0xC0A7 /**< TLS 1.2 */ 00267 #define MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8 0xC0A8 /**< TLS 1.2 */ 00268 #define MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8 0xC0A9 /**< TLS 1.2 */ 00269 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8 0xC0AA /**< TLS 1.2 */ 00270 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8 0xC0AB /**< TLS 1.2 */ 00271 /* The last two are named with PSK_DHE in the RFC, which looks like a typo */ 00272 00273 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM 0xC0AC /**< TLS 1.2 */ 00274 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM 0xC0AD /**< TLS 1.2 */ 00275 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 0xC0AE /**< TLS 1.2 */ 00276 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 0xC0AF /**< TLS 1.2 */ 00277 00278 #define MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 0xC0FF /**< experimental */ 00279 00280 /* RFC 7905 */ 00281 #define MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xCCA8 /**< TLS 1.2 */ 00282 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 0xCCA9 /**< TLS 1.2 */ 00283 #define MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xCCAA /**< TLS 1.2 */ 00284 #define MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAB /**< TLS 1.2 */ 00285 #define MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAC /**< TLS 1.2 */ 00286 #define MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAD /**< TLS 1.2 */ 00287 #define MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAE /**< TLS 1.2 */ 00288 00289 /* Reminder: update mbedtls_ssl_premaster_secret when adding a new key exchange. 00290 * Reminder: update MBEDTLS_KEY_EXCHANGE__xxx below 00291 */ 00292 typedef enum { 00293 MBEDTLS_KEY_EXCHANGE_NONE = 0, 00294 MBEDTLS_KEY_EXCHANGE_RSA, 00295 MBEDTLS_KEY_EXCHANGE_DHE_RSA, 00296 MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 00297 MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 00298 MBEDTLS_KEY_EXCHANGE_PSK, 00299 MBEDTLS_KEY_EXCHANGE_DHE_PSK, 00300 MBEDTLS_KEY_EXCHANGE_RSA_PSK, 00301 MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, 00302 MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 00303 MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 00304 MBEDTLS_KEY_EXCHANGE_ECJPAKE, 00305 } mbedtls_key_exchange_type_t; 00306 00307 /* Key exchanges using a certificate */ 00308 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \ 00309 defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ 00310 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ 00311 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ 00312 defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \ 00313 defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ 00314 defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) 00315 #define MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED 00316 #endif 00317 00318 /* Key exchanges allowing client certificate requests */ 00319 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \ 00320 defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ 00321 defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ 00322 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ 00323 defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) || \ 00324 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) 00325 #define MBEDTLS_KEY_EXCHANGE__CERT_REQ_ALLOWED__ENABLED 00326 #endif 00327 00328 /* Key exchanges involving server signature in ServerKeyExchange */ 00329 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ 00330 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ 00331 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) 00332 #define MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED 00333 #endif 00334 00335 /* Key exchanges using ECDH */ 00336 #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ 00337 defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) 00338 #define MBEDTLS_KEY_EXCHANGE__SOME__ECDH_ENABLED 00339 #endif 00340 00341 /* Key exchanges that don't involve ephemeral keys */ 00342 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \ 00343 defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \ 00344 defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \ 00345 defined(MBEDTLS_KEY_EXCHANGE__SOME__ECDH_ENABLED) 00346 #define MBEDTLS_KEY_EXCHANGE__SOME_NON_PFS__ENABLED 00347 #endif 00348 00349 /* Key exchanges that involve ephemeral keys */ 00350 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ 00351 defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \ 00352 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ 00353 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \ 00354 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ 00355 defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) 00356 #define MBEDTLS_KEY_EXCHANGE__SOME_PFS__ENABLED 00357 #endif 00358 00359 /* Key exchanges using a PSK */ 00360 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \ 00361 defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \ 00362 defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \ 00363 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) 00364 #define MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED 00365 #endif 00366 00367 /* Key exchanges using DHE */ 00368 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ 00369 defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) 00370 #define MBEDTLS_KEY_EXCHANGE__SOME__DHE_ENABLED 00371 #endif 00372 00373 /* Key exchanges using ECDHE */ 00374 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ 00375 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ 00376 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) 00377 #define MBEDTLS_KEY_EXCHANGE__SOME__ECDHE_ENABLED 00378 #endif 00379 00380 typedef struct mbedtls_ssl_ciphersuite_t mbedtls_ssl_ciphersuite_t; 00381 00382 #define MBEDTLS_CIPHERSUITE_WEAK 0x01 /**< Weak ciphersuite flag */ 00383 #define MBEDTLS_CIPHERSUITE_SHORT_TAG 0x02 /**< Short authentication tag, 00384 eg for CCM_8 */ 00385 #define MBEDTLS_CIPHERSUITE_NODTLS 0x04 /**< Can't be used with DTLS */ 00386 00387 /** 00388 * \brief This structure is used for storing ciphersuite information 00389 */ 00390 struct mbedtls_ssl_ciphersuite_t 00391 { 00392 int id; 00393 const char * name; 00394 00395 mbedtls_cipher_type_t cipher; 00396 mbedtls_md_type_t mac; 00397 mbedtls_key_exchange_type_t key_exchange; 00398 00399 int min_major_ver; 00400 int min_minor_ver; 00401 int max_major_ver; 00402 int max_minor_ver; 00403 00404 unsigned char flags; 00405 }; 00406 00407 const int *mbedtls_ssl_list_ciphersuites( void ); 00408 00409 const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_string( const char *ciphersuite_name ); 00410 const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_id( int ciphersuite_id ); 00411 00412 #if defined(MBEDTLS_PK_C) 00413 mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg( const mbedtls_ssl_ciphersuite_t *info ); 00414 mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg( const mbedtls_ssl_ciphersuite_t *info ); 00415 #endif 00416 00417 int mbedtls_ssl_ciphersuite_uses_ec( const mbedtls_ssl_ciphersuite_t *info ); 00418 int mbedtls_ssl_ciphersuite_uses_psk( const mbedtls_ssl_ciphersuite_t *info ); 00419 00420 #if defined(MBEDTLS_KEY_EXCHANGE__SOME_PFS__ENABLED) 00421 static inline int mbedtls_ssl_ciphersuite_has_pfs( const mbedtls_ssl_ciphersuite_t *info ) 00422 { 00423 switch( info->key_exchange ) 00424 { 00425 case MBEDTLS_KEY_EXCHANGE_DHE_RSA: 00426 case MBEDTLS_KEY_EXCHANGE_DHE_PSK: 00427 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: 00428 case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: 00429 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: 00430 case MBEDTLS_KEY_EXCHANGE_ECJPAKE: 00431 return( 1 ); 00432 00433 default: 00434 return( 0 ); 00435 } 00436 } 00437 #endif /* MBEDTLS_KEY_EXCHANGE__SOME_PFS__ENABLED */ 00438 00439 #if defined(MBEDTLS_KEY_EXCHANGE__SOME_NON_PFS__ENABLED) 00440 static inline int mbedtls_ssl_ciphersuite_no_pfs( const mbedtls_ssl_ciphersuite_t *info ) 00441 { 00442 switch( info->key_exchange ) 00443 { 00444 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: 00445 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: 00446 case MBEDTLS_KEY_EXCHANGE_RSA: 00447 case MBEDTLS_KEY_EXCHANGE_PSK: 00448 case MBEDTLS_KEY_EXCHANGE_RSA_PSK: 00449 return( 1 ); 00450 00451 default: 00452 return( 0 ); 00453 } 00454 } 00455 #endif /* MBEDTLS_KEY_EXCHANGE__SOME_NON_PFS__ENABLED */ 00456 00457 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__ECDH_ENABLED) 00458 static inline int mbedtls_ssl_ciphersuite_uses_ecdh( const mbedtls_ssl_ciphersuite_t *info ) 00459 { 00460 switch( info->key_exchange ) 00461 { 00462 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: 00463 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: 00464 return( 1 ); 00465 00466 default: 00467 return( 0 ); 00468 } 00469 } 00470 #endif /* MBEDTLS_KEY_EXCHANGE__SOME__ECDH_ENABLED */ 00471 00472 static inline int mbedtls_ssl_ciphersuite_cert_req_allowed( const mbedtls_ssl_ciphersuite_t *info ) 00473 { 00474 switch( info->key_exchange ) 00475 { 00476 case MBEDTLS_KEY_EXCHANGE_RSA: 00477 case MBEDTLS_KEY_EXCHANGE_DHE_RSA: 00478 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: 00479 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: 00480 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: 00481 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: 00482 return( 1 ); 00483 00484 default: 00485 return( 0 ); 00486 } 00487 } 00488 00489 static inline int mbedtls_ssl_ciphersuite_uses_srv_cert( const mbedtls_ssl_ciphersuite_t *info ) 00490 { 00491 switch( info->key_exchange ) 00492 { 00493 case MBEDTLS_KEY_EXCHANGE_RSA: 00494 case MBEDTLS_KEY_EXCHANGE_RSA_PSK: 00495 case MBEDTLS_KEY_EXCHANGE_DHE_RSA: 00496 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: 00497 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: 00498 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: 00499 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: 00500 return( 1 ); 00501 00502 default: 00503 return( 0 ); 00504 } 00505 } 00506 00507 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__DHE_ENABLED) 00508 static inline int mbedtls_ssl_ciphersuite_uses_dhe( const mbedtls_ssl_ciphersuite_t *info ) 00509 { 00510 switch( info->key_exchange ) 00511 { 00512 case MBEDTLS_KEY_EXCHANGE_DHE_RSA: 00513 case MBEDTLS_KEY_EXCHANGE_DHE_PSK: 00514 return( 1 ); 00515 00516 default: 00517 return( 0 ); 00518 } 00519 } 00520 #endif /* MBEDTLS_KEY_EXCHANGE__SOME__DHE_ENABLED) */ 00521 00522 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__ECDHE_ENABLED) 00523 static inline int mbedtls_ssl_ciphersuite_uses_ecdhe( const mbedtls_ssl_ciphersuite_t *info ) 00524 { 00525 switch( info->key_exchange ) 00526 { 00527 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: 00528 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: 00529 case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: 00530 return( 1 ); 00531 00532 default: 00533 return( 0 ); 00534 } 00535 } 00536 #endif /* MBEDTLS_KEY_EXCHANGE__SOME__ECDHE_ENABLED) */ 00537 00538 #if defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED) 00539 static inline int mbedtls_ssl_ciphersuite_uses_server_signature( const mbedtls_ssl_ciphersuite_t *info ) 00540 { 00541 switch( info->key_exchange ) 00542 { 00543 case MBEDTLS_KEY_EXCHANGE_DHE_RSA: 00544 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: 00545 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: 00546 return( 1 ); 00547 00548 default: 00549 return( 0 ); 00550 } 00551 } 00552 #endif /* MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED */ 00553 00554 #ifdef __cplusplus 00555 } 00556 #endif 00557 00558 #endif /* ssl_ciphersuites.h */
Generated on Tue Jul 12 2022 13:54:52 by
1.7.2