Marco Zecchini
Rtos API example
Embed:
(wiki syntax)
Show/hide line numbers
ssl_ciphersuites.h
Go to the documentation of this file.
00001 /** 00002 * \file ssl_ciphersuites.h 00003 * 00004 * \brief SSL Ciphersuites for mbed TLS 00005 * 00006 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 00007 * SPDX-License-Identifier: Apache-2.0 00008 * 00009 * Licensed under the Apache License, Version 2.0 (the "License"); you may 00010 * not use this file except in compliance with the License. 00011 * You may obtain a copy of the License at 00012 * 00013 * http://www.apache.org/licenses/LICENSE-2.0 00014 * 00015 * Unless required by applicable law or agreed to in writing, software 00016 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 00017 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 00018 * See the License for the specific language governing permissions and 00019 * limitations under the License. 00020 * 00021 * This file is part of mbed TLS (https://tls.mbed.org) 00022 */ 00023 #ifndef MBEDTLS_SSL_CIPHERSUITES_H 00024 #define MBEDTLS_SSL_CIPHERSUITES_H 00025 00026 #include "pk.h" 00027 #include "cipher.h" 00028 #include "md.h" 00029 00030 #ifdef __cplusplus 00031 extern "C" { 00032 #endif 00033 00034 /* 00035 * Supported ciphersuites (Official IANA names) 00036 */ 00037 #define MBEDTLS_TLS_RSA_WITH_NULL_MD5 0x01 /**< Weak! */ 00038 #define MBEDTLS_TLS_RSA_WITH_NULL_SHA 0x02 /**< Weak! */ 00039 00040 #define MBEDTLS_TLS_RSA_WITH_RC4_128_MD5 0x04 00041 #define MBEDTLS_TLS_RSA_WITH_RC4_128_SHA 0x05 00042 #define MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA 0x09 /**< Weak! Not in TLS 1.2 */ 00043 00044 #define MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA 0x0A 00045 00046 #define MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA 0x15 /**< Weak! Not in TLS 1.2 */ 00047 #define MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 0x16 00048 00049 #define MBEDTLS_TLS_PSK_WITH_NULL_SHA 0x2C /**< Weak! */ 00050 #define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA 0x2D /**< Weak! */ 00051 #define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA 0x2E /**< Weak! */ 00052 #define MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA 0x2F 00053 00054 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA 0x33 00055 #define MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA 0x35 00056 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA 0x39 00057 00058 #define MBEDTLS_TLS_RSA_WITH_NULL_SHA256 0x3B /**< Weak! */ 00059 #define MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 0x3C /**< TLS 1.2 */ 00060 #define MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 0x3D /**< TLS 1.2 */ 00061 00062 #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 0x41 00063 #define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x45 00064 00065 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 0x67 /**< TLS 1.2 */ 00066 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 0x6B /**< TLS 1.2 */ 00067 00068 #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 0x84 00069 #define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x88 00070 00071 #define MBEDTLS_TLS_PSK_WITH_RC4_128_SHA 0x8A 00072 #define MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA 0x8B 00073 #define MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA 0x8C 00074 #define MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA 0x8D 00075 00076 #define MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA 0x8E 00077 #define MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA 0x8F 00078 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA 0x90 00079 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA 0x91 00080 00081 #define MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA 0x92 00082 #define MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA 0x93 00083 #define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA 0x94 00084 #define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA 0x95 00085 00086 #define MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 0x9C /**< TLS 1.2 */ 00087 #define MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 0x9D /**< TLS 1.2 */ 00088 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 0x9E /**< TLS 1.2 */ 00089 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 0x9F /**< TLS 1.2 */ 00090 00091 #define MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 0xA8 /**< TLS 1.2 */ 00092 #define MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 0xA9 /**< TLS 1.2 */ 00093 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 0xAA /**< TLS 1.2 */ 00094 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 0xAB /**< TLS 1.2 */ 00095 #define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 0xAC /**< TLS 1.2 */ 00096 #define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 0xAD /**< TLS 1.2 */ 00097 00098 #define MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 0xAE 00099 #define MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 0xAF 00100 #define MBEDTLS_TLS_PSK_WITH_NULL_SHA256 0xB0 /**< Weak! */ 00101 #define MBEDTLS_TLS_PSK_WITH_NULL_SHA384 0xB1 /**< Weak! */ 00102 00103 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 0xB2 00104 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 0xB3 00105 #define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256 0xB4 /**< Weak! */ 00106 #define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384 0xB5 /**< Weak! */ 00107 00108 #define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 0xB6 00109 #define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 0xB7 00110 #define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256 0xB8 /**< Weak! */ 00111 #define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384 0xB9 /**< Weak! */ 00112 00113 #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBA /**< TLS 1.2 */ 00114 #define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBE /**< TLS 1.2 */ 00115 00116 #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC0 /**< TLS 1.2 */ 00117 #define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC4 /**< TLS 1.2 */ 00118 00119 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA 0xC001 /**< Weak! */ 00120 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA 0xC002 /**< Not in SSL3! */ 00121 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 0xC003 /**< Not in SSL3! */ 00122 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0xC004 /**< Not in SSL3! */ 00123 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0xC005 /**< Not in SSL3! */ 00124 00125 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA 0xC006 /**< Weak! */ 00126 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 0xC007 /**< Not in SSL3! */ 00127 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 0xC008 /**< Not in SSL3! */ 00128 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0xC009 /**< Not in SSL3! */ 00129 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0xC00A /**< Not in SSL3! */ 00130 00131 #define MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA 0xC00B /**< Weak! */ 00132 #define MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA 0xC00C /**< Not in SSL3! */ 00133 #define MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 0xC00D /**< Not in SSL3! */ 00134 #define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 0xC00E /**< Not in SSL3! */ 00135 #define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 0xC00F /**< Not in SSL3! */ 00136 00137 #define MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA 0xC010 /**< Weak! */ 00138 #define MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA 0xC011 /**< Not in SSL3! */ 00139 #define MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 0xC012 /**< Not in SSL3! */ 00140 #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 0xC013 /**< Not in SSL3! */ 00141 #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 0xC014 /**< Not in SSL3! */ 00142 00143 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 0xC023 /**< TLS 1.2 */ 00144 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 0xC024 /**< TLS 1.2 */ 00145 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 0xC025 /**< TLS 1.2 */ 00146 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 0xC026 /**< TLS 1.2 */ 00147 #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 0xC027 /**< TLS 1.2 */ 00148 #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 0xC028 /**< TLS 1.2 */ 00149 #define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 0xC029 /**< TLS 1.2 */ 00150 #define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 0xC02A /**< TLS 1.2 */ 00151 00152 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC02B /**< TLS 1.2 */ 00153 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0xC02C /**< TLS 1.2 */ 00154 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0xC02D /**< TLS 1.2 */ 00155 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 0xC02E /**< TLS 1.2 */ 00156 #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xC02F /**< TLS 1.2 */ 00157 #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0xC030 /**< TLS 1.2 */ 00158 #define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 0xC031 /**< TLS 1.2 */ 00159 #define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 0xC032 /**< TLS 1.2 */ 00160 00161 #define MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA 0xC033 /**< Not in SSL3! */ 00162 #define MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA 0xC034 /**< Not in SSL3! */ 00163 #define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 0xC035 /**< Not in SSL3! */ 00164 #define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 0xC036 /**< Not in SSL3! */ 00165 #define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 0xC037 /**< Not in SSL3! */ 00166 #define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 0xC038 /**< Not in SSL3! */ 00167 #define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA 0xC039 /**< Weak! No SSL3! */ 00168 #define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256 0xC03A /**< Weak! No SSL3! */ 00169 #define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384 0xC03B /**< Weak! No SSL3! */ 00170 00171 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC072 /**< Not in SSL3! */ 00172 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC073 /**< Not in SSL3! */ 00173 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC074 /**< Not in SSL3! */ 00174 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC075 /**< Not in SSL3! */ 00175 #define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xC076 /**< Not in SSL3! */ 00176 #define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 0xC077 /**< Not in SSL3! */ 00177 #define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xC078 /**< Not in SSL3! */ 00178 #define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 0xC079 /**< Not in SSL3! */ 00179 00180 #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC07A /**< TLS 1.2 */ 00181 #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC07B /**< TLS 1.2 */ 00182 #define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC07C /**< TLS 1.2 */ 00183 #define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC07D /**< TLS 1.2 */ 00184 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC086 /**< TLS 1.2 */ 00185 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 0xC087 /**< TLS 1.2 */ 00186 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC088 /**< TLS 1.2 */ 00187 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 0xC089 /**< TLS 1.2 */ 00188 #define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC08A /**< TLS 1.2 */ 00189 #define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC08B /**< TLS 1.2 */ 00190 #define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC08C /**< TLS 1.2 */ 00191 #define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC08D /**< TLS 1.2 */ 00192 00193 #define MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC08E /**< TLS 1.2 */ 00194 #define MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC08F /**< TLS 1.2 */ 00195 #define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC090 /**< TLS 1.2 */ 00196 #define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC091 /**< TLS 1.2 */ 00197 #define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC092 /**< TLS 1.2 */ 00198 #define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC093 /**< TLS 1.2 */ 00199 00200 #define MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC094 00201 #define MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC095 00202 #define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC096 00203 #define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC097 00204 #define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC098 00205 #define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC099 00206 #define MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC09A /**< Not in SSL3! */ 00207 #define MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC09B /**< Not in SSL3! */ 00208 00209 #define MBEDTLS_TLS_RSA_WITH_AES_128_CCM 0xC09C /**< TLS 1.2 */ 00210 #define MBEDTLS_TLS_RSA_WITH_AES_256_CCM 0xC09D /**< TLS 1.2 */ 00211 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM 0xC09E /**< TLS 1.2 */ 00212 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM 0xC09F /**< TLS 1.2 */ 00213 #define MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8 0xC0A0 /**< TLS 1.2 */ 00214 #define MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8 0xC0A1 /**< TLS 1.2 */ 00215 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8 0xC0A2 /**< TLS 1.2 */ 00216 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8 0xC0A3 /**< TLS 1.2 */ 00217 #define MBEDTLS_TLS_PSK_WITH_AES_128_CCM 0xC0A4 /**< TLS 1.2 */ 00218 #define MBEDTLS_TLS_PSK_WITH_AES_256_CCM 0xC0A5 /**< TLS 1.2 */ 00219 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM 0xC0A6 /**< TLS 1.2 */ 00220 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM 0xC0A7 /**< TLS 1.2 */ 00221 #define MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8 0xC0A8 /**< TLS 1.2 */ 00222 #define MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8 0xC0A9 /**< TLS 1.2 */ 00223 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8 0xC0AA /**< TLS 1.2 */ 00224 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8 0xC0AB /**< TLS 1.2 */ 00225 /* The last two are named with PSK_DHE in the RFC, which looks like a typo */ 00226 00227 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM 0xC0AC /**< TLS 1.2 */ 00228 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM 0xC0AD /**< TLS 1.2 */ 00229 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 0xC0AE /**< TLS 1.2 */ 00230 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 0xC0AF /**< TLS 1.2 */ 00231 00232 #define MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 0xC0FF /**< experimental */ 00233 00234 /* Reminder: update mbedtls_ssl_premaster_secret when adding a new key exchange. 00235 * Reminder: update MBEDTLS_KEY_EXCHANGE__xxx below 00236 */ 00237 typedef enum { 00238 MBEDTLS_KEY_EXCHANGE_NONE = 0, 00239 MBEDTLS_KEY_EXCHANGE_RSA, 00240 MBEDTLS_KEY_EXCHANGE_DHE_RSA, 00241 MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 00242 MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 00243 MBEDTLS_KEY_EXCHANGE_PSK, 00244 MBEDTLS_KEY_EXCHANGE_DHE_PSK, 00245 MBEDTLS_KEY_EXCHANGE_RSA_PSK, 00246 MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, 00247 MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 00248 MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 00249 MBEDTLS_KEY_EXCHANGE_ECJPAKE, 00250 } mbedtls_key_exchange_type_t; 00251 00252 /* Key exchanges using a certificate */ 00253 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \ 00254 defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ 00255 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ 00256 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ 00257 defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \ 00258 defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ 00259 defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) 00260 #define MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED 00261 #endif 00262 00263 /* Key exchanges allowing client certificate requests */ 00264 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \ 00265 defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ 00266 defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ 00267 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ 00268 defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) || \ 00269 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) 00270 #define MBEDTLS_KEY_EXCHANGE__CERT_REQ_ALLOWED__ENABLED 00271 #endif 00272 00273 /* Key exchanges involving server signature in ServerKeyExchange */ 00274 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ 00275 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ 00276 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) 00277 #define MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED 00278 #endif 00279 00280 /* Key exchanges using ECDH */ 00281 #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ 00282 defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) 00283 #define MBEDTLS_KEY_EXCHANGE__SOME__ECDH_ENABLED 00284 #endif 00285 00286 /* Key exchanges that don't involve ephemeral keys */ 00287 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \ 00288 defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \ 00289 defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \ 00290 defined(MBEDTLS_KEY_EXCHANGE__SOME__ECDH_ENABLED) 00291 #define MBEDTLS_KEY_EXCHANGE__SOME_NON_PFS__ENABLED 00292 #endif 00293 00294 /* Key exchanges that involve ephemeral keys */ 00295 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ 00296 defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \ 00297 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ 00298 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \ 00299 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ 00300 defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) 00301 #define MBEDTLS_KEY_EXCHANGE__SOME_PFS__ENABLED 00302 #endif 00303 00304 /* Key exchanges using a PSK */ 00305 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \ 00306 defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \ 00307 defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \ 00308 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) 00309 #define MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED 00310 #endif 00311 00312 /* Key exchanges using DHE */ 00313 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ 00314 defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) 00315 #define MBEDTLS_KEY_EXCHANGE__SOME__DHE_ENABLED 00316 #endif 00317 00318 /* Key exchanges using ECDHE */ 00319 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ 00320 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ 00321 defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) 00322 #define MBEDTLS_KEY_EXCHANGE__SOME__ECDHE_ENABLED 00323 #endif 00324 00325 typedef struct mbedtls_ssl_ciphersuite_t mbedtls_ssl_ciphersuite_t; 00326 00327 #define MBEDTLS_CIPHERSUITE_WEAK 0x01 /**< Weak ciphersuite flag */ 00328 #define MBEDTLS_CIPHERSUITE_SHORT_TAG 0x02 /**< Short authentication tag, 00329 eg for CCM_8 */ 00330 #define MBEDTLS_CIPHERSUITE_NODTLS 0x04 /**< Can't be used with DTLS */ 00331 00332 /** 00333 * \brief This structure is used for storing ciphersuite information 00334 */ 00335 struct mbedtls_ssl_ciphersuite_t 00336 { 00337 int id; 00338 const char * name; 00339 00340 mbedtls_cipher_type_t cipher; 00341 mbedtls_md_type_t mac; 00342 mbedtls_key_exchange_type_t key_exchange; 00343 00344 int min_major_ver; 00345 int min_minor_ver; 00346 int max_major_ver; 00347 int max_minor_ver; 00348 00349 unsigned char flags; 00350 }; 00351 00352 const int *mbedtls_ssl_list_ciphersuites( void ); 00353 00354 const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_string( const char *ciphersuite_name ); 00355 const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_id( int ciphersuite_id ); 00356 00357 #if defined(MBEDTLS_PK_C) 00358 mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg( const mbedtls_ssl_ciphersuite_t *info ); 00359 mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg( const mbedtls_ssl_ciphersuite_t *info ); 00360 #endif 00361 00362 int mbedtls_ssl_ciphersuite_uses_ec( const mbedtls_ssl_ciphersuite_t *info ); 00363 int mbedtls_ssl_ciphersuite_uses_psk( const mbedtls_ssl_ciphersuite_t *info ); 00364 00365 #if defined(MBEDTLS_KEY_EXCHANGE__SOME_PFS__ENABLED) 00366 static inline int mbedtls_ssl_ciphersuite_has_pfs( const mbedtls_ssl_ciphersuite_t *info ) 00367 { 00368 switch( info->key_exchange ) 00369 { 00370 case MBEDTLS_KEY_EXCHANGE_DHE_RSA: 00371 case MBEDTLS_KEY_EXCHANGE_DHE_PSK: 00372 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: 00373 case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: 00374 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: 00375 case MBEDTLS_KEY_EXCHANGE_ECJPAKE: 00376 return( 1 ); 00377 00378 default: 00379 return( 0 ); 00380 } 00381 } 00382 #endif /* MBEDTLS_KEY_EXCHANGE__SOME_PFS__ENABLED */ 00383 00384 #if defined(MBEDTLS_KEY_EXCHANGE__SOME_NON_PFS__ENABLED) 00385 static inline int mbedtls_ssl_ciphersuite_no_pfs( const mbedtls_ssl_ciphersuite_t *info ) 00386 { 00387 switch( info->key_exchange ) 00388 { 00389 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: 00390 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: 00391 case MBEDTLS_KEY_EXCHANGE_RSA: 00392 case MBEDTLS_KEY_EXCHANGE_PSK: 00393 case MBEDTLS_KEY_EXCHANGE_RSA_PSK: 00394 return( 1 ); 00395 00396 default: 00397 return( 0 ); 00398 } 00399 } 00400 #endif /* MBEDTLS_KEY_EXCHANGE__SOME_NON_PFS__ENABLED */ 00401 00402 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__ECDH_ENABLED) 00403 static inline int mbedtls_ssl_ciphersuite_uses_ecdh( const mbedtls_ssl_ciphersuite_t *info ) 00404 { 00405 switch( info->key_exchange ) 00406 { 00407 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: 00408 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: 00409 return( 1 ); 00410 00411 default: 00412 return( 0 ); 00413 } 00414 } 00415 #endif /* MBEDTLS_KEY_EXCHANGE__SOME__ECDH_ENABLED */ 00416 00417 static inline int mbedtls_ssl_ciphersuite_cert_req_allowed( const mbedtls_ssl_ciphersuite_t *info ) 00418 { 00419 switch( info->key_exchange ) 00420 { 00421 case MBEDTLS_KEY_EXCHANGE_RSA: 00422 case MBEDTLS_KEY_EXCHANGE_DHE_RSA: 00423 case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: 00424 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: 00425 case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: 00426 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: 00427 return( 1 ); 00428 00429 default: 00430 return( 0 ); 00431 } 00432 } 00433 00434 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__DHE_ENABLED) 00435 static inline int mbedtls_ssl_ciphersuite_uses_dhe( const mbedtls_ssl_ciphersuite_t *info ) 00436 { 00437 switch( info->key_exchange ) 00438 { 00439 case MBEDTLS_KEY_EXCHANGE_DHE_RSA: 00440 case MBEDTLS_KEY_EXCHANGE_DHE_PSK: 00441 return( 1 ); 00442 00443 default: 00444 return( 0 ); 00445 } 00446 } 00447 #endif /* MBEDTLS_KEY_EXCHANGE__SOME__DHE_ENABLED) */ 00448 00449 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__ECDHE_ENABLED) 00450 static inline int mbedtls_ssl_ciphersuite_uses_ecdhe( const mbedtls_ssl_ciphersuite_t *info ) 00451 { 00452 switch( info->key_exchange ) 00453 { 00454 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: 00455 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: 00456 case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: 00457 return( 1 ); 00458 00459 default: 00460 return( 0 ); 00461 } 00462 } 00463 #endif /* MBEDTLS_KEY_EXCHANGE__SOME__ECDHE_ENABLED) */ 00464 00465 #if defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED) 00466 static inline int mbedtls_ssl_ciphersuite_uses_server_signature( const mbedtls_ssl_ciphersuite_t *info ) 00467 { 00468 switch( info->key_exchange ) 00469 { 00470 case MBEDTLS_KEY_EXCHANGE_DHE_RSA: 00471 case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: 00472 case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: 00473 return( 1 ); 00474 00475 default: 00476 return( 0 ); 00477 } 00478 } 00479 #endif /* MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED */ 00480 00481 #ifdef __cplusplus 00482 } 00483 #endif 00484 00485 #endif /* ssl_ciphersuites.h */
Generated on Sun Jul 17 2022 08:25:31 by
1.7.2