mbed TLS v2.16.7
ssl_ciphersuites.h
Go to the documentation of this file.
1 
6 /*
7  * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
8  * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
9  *
10  * This file is provided under the Apache License 2.0, or the
11  * GNU General Public License v2.0 or later.
12  *
13  * **********
14  * Apache License 2.0:
15  *
16  * Licensed under the Apache License, Version 2.0 (the "License"); you may
17  * not use this file except in compliance with the License.
18  * You may obtain a copy of the License at
19  *
20  * http://www.apache.org/licenses/LICENSE-2.0
21  *
22  * Unless required by applicable law or agreed to in writing, software
23  * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
24  * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
25  * See the License for the specific language governing permissions and
26  * limitations under the License.
27  *
28  * **********
29  *
30  * **********
31  * GNU General Public License v2.0 or later:
32  *
33  * This program is free software; you can redistribute it and/or modify
34  * it under the terms of the GNU General Public License as published by
35  * the Free Software Foundation; either version 2 of the License, or
36  * (at your option) any later version.
37  *
38  * This program is distributed in the hope that it will be useful,
39  * but WITHOUT ANY WARRANTY; without even the implied warranty of
40  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
41  * GNU General Public License for more details.
42  *
43  * You should have received a copy of the GNU General Public License along
44  * with this program; if not, write to the Free Software Foundation, Inc.,
45  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
46  *
47  * **********
48  *
49  * This file is part of mbed TLS (https://tls.mbed.org)
50  */
51 #ifndef MBEDTLS_SSL_CIPHERSUITES_H
52 #define MBEDTLS_SSL_CIPHERSUITES_H
53 
54 #if !defined(MBEDTLS_CONFIG_FILE)
55 #include "config.h"
56 #else
57 #include MBEDTLS_CONFIG_FILE
58 #endif
59 
60 #include "pk.h"
61 #include "cipher.h"
62 #include "md.h"
63 
64 #ifdef __cplusplus
65 extern "C" {
66 #endif
67 
68 /*
69  * Supported ciphersuites (Official IANA names)
70  */
71 #define MBEDTLS_TLS_RSA_WITH_NULL_MD5 0x01
72 #define MBEDTLS_TLS_RSA_WITH_NULL_SHA 0x02
74 #define MBEDTLS_TLS_RSA_WITH_RC4_128_MD5 0x04
75 #define MBEDTLS_TLS_RSA_WITH_RC4_128_SHA 0x05
76 #define MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA 0x09
78 #define MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA 0x0A
79 
80 #define MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA 0x15
81 #define MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 0x16
82 
83 #define MBEDTLS_TLS_PSK_WITH_NULL_SHA 0x2C
84 #define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA 0x2D
85 #define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA 0x2E
86 #define MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA 0x2F
87 
88 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA 0x33
89 #define MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA 0x35
90 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA 0x39
91 
92 #define MBEDTLS_TLS_RSA_WITH_NULL_SHA256 0x3B
93 #define MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 0x3C
94 #define MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 0x3D
96 #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 0x41
97 #define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x45
98 
99 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 0x67
100 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 0x6B
102 #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 0x84
103 #define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x88
104 
105 #define MBEDTLS_TLS_PSK_WITH_RC4_128_SHA 0x8A
106 #define MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA 0x8B
107 #define MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA 0x8C
108 #define MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA 0x8D
109 
110 #define MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA 0x8E
111 #define MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA 0x8F
112 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA 0x90
113 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA 0x91
114 
115 #define MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA 0x92
116 #define MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA 0x93
117 #define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA 0x94
118 #define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA 0x95
119 
120 #define MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 0x9C
121 #define MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 0x9D
122 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 0x9E
123 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 0x9F
125 #define MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 0xA8
126 #define MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 0xA9
127 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 0xAA
128 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 0xAB
129 #define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 0xAC
130 #define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 0xAD
132 #define MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 0xAE
133 #define MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 0xAF
134 #define MBEDTLS_TLS_PSK_WITH_NULL_SHA256 0xB0
135 #define MBEDTLS_TLS_PSK_WITH_NULL_SHA384 0xB1
137 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 0xB2
138 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 0xB3
139 #define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256 0xB4
140 #define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384 0xB5
142 #define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 0xB6
143 #define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 0xB7
144 #define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256 0xB8
145 #define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384 0xB9
147 #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBA
148 #define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBE
150 #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC0
151 #define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC4
153 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA 0xC001
154 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA 0xC002
155 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 0xC003
156 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0xC004
157 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0xC005
159 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA 0xC006
160 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 0xC007
161 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 0xC008
162 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0xC009
163 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0xC00A
165 #define MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA 0xC00B
166 #define MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA 0xC00C
167 #define MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 0xC00D
168 #define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 0xC00E
169 #define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 0xC00F
171 #define MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA 0xC010
172 #define MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA 0xC011
173 #define MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 0xC012
174 #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 0xC013
175 #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 0xC014
177 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 0xC023
178 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 0xC024
179 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 0xC025
180 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 0xC026
181 #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 0xC027
182 #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 0xC028
183 #define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 0xC029
184 #define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 0xC02A
186 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC02B
187 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0xC02C
188 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0xC02D
189 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 0xC02E
190 #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xC02F
191 #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0xC030
192 #define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 0xC031
193 #define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 0xC032
195 #define MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA 0xC033
196 #define MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA 0xC034
197 #define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 0xC035
198 #define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 0xC036
199 #define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 0xC037
200 #define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 0xC038
201 #define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA 0xC039
202 #define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256 0xC03A
203 #define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384 0xC03B
205 #define MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256 0xC03C
206 #define MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384 0xC03D
207 #define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 0xC044
208 #define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 0xC045
209 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 0xC048
210 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 0xC049
211 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 0xC04A
212 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 0xC04B
213 #define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 0xC04C
214 #define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 0xC04D
215 #define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256 0xC04E
216 #define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384 0xC04F
217 #define MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256 0xC050
218 #define MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384 0xC051
219 #define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 0xC052
220 #define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 0xC053
221 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 0xC05C
222 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 0xC05D
223 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 0xC05E
224 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 0xC05F
225 #define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 0xC060
226 #define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 0xC061
227 #define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 0xC062
228 #define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 0xC063
229 #define MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256 0xC064
230 #define MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384 0xC065
231 #define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 0xC066
232 #define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 0xC067
233 #define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 0xC068
234 #define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 0xC069
235 #define MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256 0xC06A
236 #define MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384 0xC06B
237 #define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 0xC06C
238 #define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 0xC06D
239 #define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 0xC06E
240 #define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 0xC06F
241 #define MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 0xC070
242 #define MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 0xC071
244 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC072
245 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC073
246 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC074
247 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC075
248 #define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xC076
249 #define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 0xC077
250 #define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xC078
251 #define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 0xC079
253 #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC07A
254 #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC07B
255 #define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC07C
256 #define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC07D
257 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC086
258 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 0xC087
259 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC088
260 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 0xC089
261 #define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC08A
262 #define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC08B
263 #define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC08C
264 #define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC08D
266 #define MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC08E
267 #define MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC08F
268 #define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC090
269 #define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC091
270 #define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC092
271 #define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC093
273 #define MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC094
274 #define MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC095
275 #define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC096
276 #define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC097
277 #define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC098
278 #define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC099
279 #define MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC09A
280 #define MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC09B
282 #define MBEDTLS_TLS_RSA_WITH_AES_128_CCM 0xC09C
283 #define MBEDTLS_TLS_RSA_WITH_AES_256_CCM 0xC09D
284 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM 0xC09E
285 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM 0xC09F
286 #define MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8 0xC0A0
287 #define MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8 0xC0A1
288 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8 0xC0A2
289 #define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8 0xC0A3
290 #define MBEDTLS_TLS_PSK_WITH_AES_128_CCM 0xC0A4
291 #define MBEDTLS_TLS_PSK_WITH_AES_256_CCM 0xC0A5
292 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM 0xC0A6
293 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM 0xC0A7
294 #define MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8 0xC0A8
295 #define MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8 0xC0A9
296 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8 0xC0AA
297 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8 0xC0AB
298 /* The last two are named with PSK_DHE in the RFC, which looks like a typo */
299 
300 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM 0xC0AC
301 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM 0xC0AD
302 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 0xC0AE
303 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 0xC0AF
305 #define MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 0xC0FF
307 /* RFC 7905 */
308 #define MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xCCA8
309 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 0xCCA9
310 #define MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xCCAA
311 #define MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAB
312 #define MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAC
313 #define MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAD
314 #define MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAE
316 /* Reminder: update mbedtls_ssl_premaster_secret when adding a new key exchange.
317  * Reminder: update MBEDTLS_KEY_EXCHANGE__xxx below
318  */
319 typedef enum {
333 
334 /* Key exchanges using a certificate */
335 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
336  defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
337  defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
338  defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
339  defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
340  defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
341  defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
342 #define MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED
343 #endif
344 
345 /* Key exchanges allowing client certificate requests */
346 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
347  defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
348  defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
349  defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
350  defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) || \
351  defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
352 #define MBEDTLS_KEY_EXCHANGE__CERT_REQ_ALLOWED__ENABLED
353 #endif
354 
355 /* Key exchanges involving server signature in ServerKeyExchange */
356 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
357  defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
358  defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
359 #define MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED
360 #endif
361 
362 /* Key exchanges using ECDH */
363 #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
364  defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
365 #define MBEDTLS_KEY_EXCHANGE__SOME__ECDH_ENABLED
366 #endif
367 
368 /* Key exchanges that don't involve ephemeral keys */
369 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
370  defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \
371  defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
372  defined(MBEDTLS_KEY_EXCHANGE__SOME__ECDH_ENABLED)
373 #define MBEDTLS_KEY_EXCHANGE__SOME_NON_PFS__ENABLED
374 #endif
375 
376 /* Key exchanges that involve ephemeral keys */
377 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
378  defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
379  defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
380  defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
381  defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
382  defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
383 #define MBEDTLS_KEY_EXCHANGE__SOME_PFS__ENABLED
384 #endif
385 
386 /* Key exchanges using a PSK */
387 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \
388  defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
389  defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
390  defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
391 #define MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED
392 #endif
393 
394 /* Key exchanges using DHE */
395 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
396  defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
397 #define MBEDTLS_KEY_EXCHANGE__SOME__DHE_ENABLED
398 #endif
399 
400 /* Key exchanges using ECDHE */
401 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
402  defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
403  defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
404 #define MBEDTLS_KEY_EXCHANGE__SOME__ECDHE_ENABLED
405 #endif
406 
408 
409 #define MBEDTLS_CIPHERSUITE_WEAK 0x01
410 #define MBEDTLS_CIPHERSUITE_SHORT_TAG 0x02
412 #define MBEDTLS_CIPHERSUITE_NODTLS 0x04
417 struct mbedtls_ssl_ciphersuite_t
418 {
419  int id;
420  const char * name;
426  int min_major_ver;
431  unsigned char flags;
432 };
433 
434 const int *mbedtls_ssl_list_ciphersuites( void );
435 
436 const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_string( const char *ciphersuite_name );
438 
439 #if defined(MBEDTLS_PK_C)
442 #endif
443 
446 
447 #if defined(MBEDTLS_KEY_EXCHANGE__SOME_PFS__ENABLED)
448 static inline int mbedtls_ssl_ciphersuite_has_pfs( const mbedtls_ssl_ciphersuite_t *info )
449 {
450  switch( info->key_exchange )
451  {
458  return( 1 );
459 
460  default:
461  return( 0 );
462  }
463 }
464 #endif /* MBEDTLS_KEY_EXCHANGE__SOME_PFS__ENABLED */
465 
466 #if defined(MBEDTLS_KEY_EXCHANGE__SOME_NON_PFS__ENABLED)
467 static inline int mbedtls_ssl_ciphersuite_no_pfs( const mbedtls_ssl_ciphersuite_t *info )
468 {
469  switch( info->key_exchange )
470  {
476  return( 1 );
477 
478  default:
479  return( 0 );
480  }
481 }
482 #endif /* MBEDTLS_KEY_EXCHANGE__SOME_NON_PFS__ENABLED */
483 
484 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__ECDH_ENABLED)
485 static inline int mbedtls_ssl_ciphersuite_uses_ecdh( const mbedtls_ssl_ciphersuite_t *info )
486 {
487  switch( info->key_exchange )
488  {
491  return( 1 );
492 
493  default:
494  return( 0 );
495  }
496 }
497 #endif /* MBEDTLS_KEY_EXCHANGE__SOME__ECDH_ENABLED */
498 
500 {
501  switch( info->key_exchange )
502  {
509  return( 1 );
510 
511  default:
512  return( 0 );
513  }
514 }
515 
516 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__DHE_ENABLED)
517 static inline int mbedtls_ssl_ciphersuite_uses_dhe( const mbedtls_ssl_ciphersuite_t *info )
518 {
519  switch( info->key_exchange )
520  {
523  return( 1 );
524 
525  default:
526  return( 0 );
527  }
528 }
529 #endif /* MBEDTLS_KEY_EXCHANGE__SOME__DHE_ENABLED) */
530 
531 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__ECDHE_ENABLED)
532 static inline int mbedtls_ssl_ciphersuite_uses_ecdhe( const mbedtls_ssl_ciphersuite_t *info )
533 {
534  switch( info->key_exchange )
535  {
539  return( 1 );
540 
541  default:
542  return( 0 );
543  }
544 }
545 #endif /* MBEDTLS_KEY_EXCHANGE__SOME__ECDHE_ENABLED) */
546 
547 #if defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED)
549 {
550  switch( info->key_exchange )
551  {
555  return( 1 );
556 
557  default:
558  return( 0 );
559  }
560 }
561 #endif /* MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED */
562 
563 #ifdef __cplusplus
564 }
565 #endif
566 
567 #endif /* ssl_ciphersuites.h */
const mbedtls_ssl_ciphersuite_t * mbedtls_ssl_ciphersuite_from_id(int ciphersuite_id)
int mbedtls_ssl_ciphersuite_uses_psk(const mbedtls_ssl_ciphersuite_t *info)
mbedtls_pk_type_t
Public key types.
Definition: pk.h:105
Configuration options (set of defines)
static int mbedtls_ssl_ciphersuite_uses_ecdhe(const mbedtls_ssl_ciphersuite_t *info)
static int mbedtls_ssl_ciphersuite_uses_server_signature(const mbedtls_ssl_ciphersuite_t *info)
mbedtls_cipher_type_t
Supported {cipher type, cipher mode} pairs.
Definition: cipher.h:131
const int * mbedtls_ssl_list_ciphersuites(void)
Public Key abstraction layer.
mbedtls_cipher_type_t cipher
mbedtls_key_exchange_type_t key_exchange
static int mbedtls_ssl_ciphersuite_cert_req_allowed(const mbedtls_ssl_ciphersuite_t *info)
static int mbedtls_ssl_ciphersuite_uses_dhe(const mbedtls_ssl_ciphersuite_t *info)
mbedtls_key_exchange_type_t
This file contains an abstraction interface for use with the cipher primitives provided by the librar...
This structure is used for storing ciphersuite information.
This file contains the generic message-digest wrapper.
static int mbedtls_ssl_ciphersuite_has_pfs(const mbedtls_ssl_ciphersuite_t *info)
static int mbedtls_ssl_ciphersuite_no_pfs(const mbedtls_ssl_ciphersuite_t *info)
int mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t *info)
mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t *info)
mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info)
const mbedtls_ssl_ciphersuite_t * mbedtls_ssl_ciphersuite_from_string(const char *ciphersuite_name)
mbedtls_md_type_t
Supported message digests.
Definition: md.h:85
static int mbedtls_ssl_ciphersuite_uses_ecdh(const mbedtls_ssl_ciphersuite_t *info)